summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthias Schiffer <mschiffer@universe-factory.net>2015-01-09 22:11:36 +0100
committerMatthias Schiffer <mschiffer@universe-factory.net>2015-01-09 22:15:07 +0100
commit7e305519171ad382ff13c231764982a1341fcb76 (patch)
tree18c4ff6dddfeb2c142d9c542f51c14849825c15a
parent68462604fa5441c692f9442f70ea30ac69252ae4 (diff)
downloadfastd-7e305519171ad382ff13c231764982a1341fcb76.tar
fastd-7e305519171ad382ff13c231764982a1341fcb76.zip
ec25519-fhmqvc: don't check group order of peers' public keys
Skipping this check will significantly speed up startup with many peers. As we now do embedded group order verification, an attacker can't gain anything from small-subgroup attacks, so skipping the check isn't a security issue.
-rw-r--r--src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.c16
-rw-r--r--src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.h1
-rw-r--r--src/protocols/ec25519_fhmqvc/handshake.c2
3 files changed, 2 insertions, 17 deletions
diff --git a/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.c b/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.c
index 97cdb3d..2303938 100644
--- a/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.c
+++ b/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.c
@@ -83,7 +83,7 @@ static fastd_protocol_key_t * protocol_read_key(const char *key) {
if (read_key(ret->key.u8, key)) {
if (ecc_25519_load_packed(&ret->unpacked, &ret->key.int256)) {
- if (fastd_protocol_ec25519_fhmqvc_check_key(&ret->unpacked))
+ if (!ecc_25519_is_identity(&ret->unpacked))
return ret;
}
}
@@ -92,20 +92,6 @@ static fastd_protocol_key_t * protocol_read_key(const char *key) {
return NULL;
}
-/** Checks if an ecc25519 work structure represents a valid curve point */
-bool fastd_protocol_ec25519_fhmqvc_check_key(const ecc_25519_work_t *key) {
- ecc_25519_work_t work;
-
- if (ecc_25519_is_identity(key))
- return false;
-
- ecc_25519_scalarmult(&work, &ecc_25519_gf_order, key);
- if (!ecc_25519_is_identity(&work))
- return false;
-
- return true;
-}
-
/** Checks if a peer is configured using our own key */
static bool protocol_check_peer(const fastd_peer_t *peer) {
diff --git a/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.h b/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.h
index e2034bd..b43774d 100644
--- a/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.h
+++ b/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.h
@@ -121,7 +121,6 @@ fastd_peer_t * fastd_protocol_ec25519_fhmqvc_find_peer(const fastd_protocol_key_
void fastd_protocol_ec25519_fhmqvc_generate_key(void);
void fastd_protocol_ec25519_fhmqvc_show_key(void);
-bool fastd_protocol_ec25519_fhmqvc_check_key(const ecc_25519_work_t *key);
void fastd_protocol_ec25519_fhmqvc_set_shell_env(fastd_shell_env_t *env, const fastd_peer_t *peer);
bool fastd_protocol_ec25519_fhmqvc_describe_peer(const fastd_peer_t *peer, char *buf, size_t len);
diff --git a/src/protocols/ec25519_fhmqvc/handshake.c b/src/protocols/ec25519_fhmqvc/handshake.c
index b1c6242..2daa709 100644
--- a/src/protocols/ec25519_fhmqvc/handshake.c
+++ b/src/protocols/ec25519_fhmqvc/handshake.c
@@ -554,7 +554,7 @@ static fastd_peer_t * add_dynamic(fastd_socket_t *sock, const fastd_peer_address
memcpy(&peer_key.key, key, PUBLICKEYBYTES);
if (!ecc_25519_load_packed(&peer_key.unpacked, &peer_key.key.int256)
- || !fastd_protocol_ec25519_fhmqvc_check_key(&peer_key.unpacked)) {
+ || ecc_25519_is_identity(&peer_key.unpacked)) {
pr_debug("ignoring handshake from %I (invalid key)", addr);
return NULL;
}