Mercurial > dropbear
comparison common-kex.c @ 1013:a1e79ffa5862
Tighten validation of DH values. Odds of x==0 being generated are
improbable, roughly 2**-1023
Regression in 0.49
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Tue, 10 Feb 2015 21:46:19 +0800 |
| parents | 47643024fc90 |
| children | 4d7b4c5526c5 |
comparison
equal
deleted
inserted
replaced
| 1012:ffd2359564b0 | 1013:a1e79ffa5862 |
|---|---|
| 627 * dh_pub_us is 'e' for the client, 'f' for the server. dh_pub_them is | 627 * dh_pub_us is 'e' for the client, 'f' for the server. dh_pub_them is |
| 628 * vice-versa. dh_priv is the x/y value corresponding to dh_pub_us */ | 628 * vice-versa. dh_priv is the x/y value corresponding to dh_pub_us */ |
| 629 void kexdh_comb_key(struct kex_dh_param *param, mp_int *dh_pub_them, | 629 void kexdh_comb_key(struct kex_dh_param *param, mp_int *dh_pub_them, |
| 630 sign_key *hostkey) { | 630 sign_key *hostkey) { |
| 631 | 631 |
| 632 mp_int dh_p; | 632 DEF_MP_INT(dh_p); |
| 633 DEF_MP_INT(dh_p_min1); | |
| 633 mp_int *dh_e = NULL, *dh_f = NULL; | 634 mp_int *dh_e = NULL, *dh_f = NULL; |
| 634 | 635 |
| 635 /* read the prime and generator*/ | 636 m_mp_init_multi(&dh_p, &dh_p_min1, NULL); |
| 636 m_mp_init(&dh_p); | |
| 637 load_dh_p(&dh_p); | 637 load_dh_p(&dh_p); |
| 638 | 638 |
| 639 /* Check that dh_pub_them (dh_e or dh_f) is in the range [1, p-1] */ | 639 if (mp_sub_d(&dh_p, 1, &dh_p_min1) != MP_OKAY) { |
| 640 if (mp_cmp(dh_pub_them, &dh_p) != MP_LT | 640 dropbear_exit("Diffie-Hellman error"); |
| 641 || mp_cmp_d(dh_pub_them, 0) != MP_GT) { | 641 } |
| 642 | |
| 643 /* Check that dh_pub_them (dh_e or dh_f) is in the range [2, p-2] */ | |
| 644 if (mp_cmp(dh_pub_them, &dh_p_min1) != MP_LT | |
| 645 || mp_cmp_d(dh_pub_them, 1) != MP_GT) { | |
| 642 dropbear_exit("Diffie-Hellman error"); | 646 dropbear_exit("Diffie-Hellman error"); |
| 643 } | 647 } |
| 644 | 648 |
| 645 /* K = e^y mod p = f^x mod p */ | 649 /* K = e^y mod p = f^x mod p */ |
| 646 m_mp_alloc_init_multi(&ses.dh_K, NULL); | 650 m_mp_alloc_init_multi(&ses.dh_K, NULL); |
| 647 if (mp_exptmod(dh_pub_them, ¶m->priv, &dh_p, ses.dh_K) != MP_OKAY) { | 651 if (mp_exptmod(dh_pub_them, ¶m->priv, &dh_p, ses.dh_K) != MP_OKAY) { |
| 648 dropbear_exit("Diffie-Hellman error"); | 652 dropbear_exit("Diffie-Hellman error"); |
| 649 } | 653 } |
| 650 | 654 |
| 651 /* clear no longer needed vars */ | 655 /* clear no longer needed vars */ |
| 652 mp_clear_multi(&dh_p, NULL); | 656 mp_clear_multi(&dh_p, &dh_p_min1, NULL); |
| 653 | 657 |
| 654 /* From here on, the code needs to work with the _same_ vars on each side, | 658 /* From here on, the code needs to work with the _same_ vars on each side, |
| 655 * not vice-versaing for client/server */ | 659 * not vice-versaing for client/server */ |
| 656 if (IS_DROPBEAR_CLIENT) { | 660 if (IS_DROPBEAR_CLIENT) { |
| 657 dh_e = ¶m->pub; | 661 dh_e = ¶m->pub; |