comparison common-kex.c @ 1175:1b8afc698e39

check for zero K value from curve25519
author Matt Johnston <matt@ucc.asn.au>
date Wed, 25 Nov 2015 22:15:59 +0800
parents a9e074b78cd5
children 82e2037d34ea 2bb4c662d1c2
comparison
equal deleted inserted replaced
1174:80cacacfec23 1175:1b8afc698e39
758 void kexcurve25519_comb_key(struct kex_curve25519_param *param, buffer *buf_pub_them, 758 void kexcurve25519_comb_key(struct kex_curve25519_param *param, buffer *buf_pub_them,
759 sign_key *hostkey) { 759 sign_key *hostkey) {
760 unsigned char out[CURVE25519_LEN]; 760 unsigned char out[CURVE25519_LEN];
761 const unsigned char* Q_C = NULL; 761 const unsigned char* Q_C = NULL;
762 const unsigned char* Q_S = NULL; 762 const unsigned char* Q_S = NULL;
763 char zeroes[CURVE25519_LEN] = {0};
763 764
764 if (buf_pub_them->len != CURVE25519_LEN) 765 if (buf_pub_them->len != CURVE25519_LEN)
765 { 766 {
766 dropbear_exit("Bad curve25519"); 767 dropbear_exit("Bad curve25519");
767 } 768 }
768 769
769 curve25519_donna(out, param->priv, buf_pub_them->data); 770 curve25519_donna(out, param->priv, buf_pub_them->data);
771
772 if (constant_time_memcmp(zeroes, out, CURVE25519_LEN) == 0) {
773 dropbear_exit("Bad curve25519");
774 }
775
770 m_mp_alloc_init_multi(&ses.dh_K, NULL); 776 m_mp_alloc_init_multi(&ses.dh_K, NULL);
771 bytes_to_mp(ses.dh_K, out, CURVE25519_LEN); 777 bytes_to_mp(ses.dh_K, out, CURVE25519_LEN);
772 m_burn(out, sizeof(out)); 778 m_burn(out, sizeof(out));
773 779
774 /* Create the remainder of the hash buffer, to generate the exchange hash. 780 /* Create the remainder of the hash buffer, to generate the exchange hash.