summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/protocol_ec25519_fhmqvc.c27
1 files changed, 21 insertions, 6 deletions
diff --git a/src/protocol_ec25519_fhmqvc.c b/src/protocol_ec25519_fhmqvc.c
index 15d26b7..459c986 100644
--- a/src/protocol_ec25519_fhmqvc.c
+++ b/src/protocol_ec25519_fhmqvc.c
@@ -270,11 +270,16 @@ static void respond_handshake(fastd_context_t *ctx, const fastd_socket_t *sock,
ecc_25519_gf_add(&s, &eb, &handshake_key->secret_key);
ecc_25519_work_t work, workX;
- if (!ecc_25519_load_packed(&work, &peer->config->protocol_config->public_key))
- return;
if (!ecc_25519_load_packed(&workX, peer_handshake_key))
return;
+ ecc_25519_scalarmult(&work, &ecc_25519_gf_order, &workX);
+ if (!ecc_25519_is_identity(&work))
+ return;
+
+ if (!ecc_25519_load_packed(&work, &peer->config->protocol_config->public_key))
+ return;
+
ecc_25519_scalarmult(&work, &d, &work);
ecc_25519_add(&work, &workX, &work);
ecc_25519_scalarmult(&work, &s, &work);
@@ -389,11 +394,16 @@ static void finish_handshake(fastd_context_t *ctx, fastd_socket_t *sock, const f
ecc_25519_gf_add(&s, &da, &handshake_key->secret_key);
ecc_25519_work_t work, workY;
- if (!ecc_25519_load_packed(&work, &peer->config->protocol_config->public_key))
- return;
if (!ecc_25519_load_packed(&workY, peer_handshake_key))
return;
+ ecc_25519_scalarmult(&work, &ecc_25519_gf_order, &workY);
+ if (!ecc_25519_is_identity(&work))
+ return;
+
+ if (!ecc_25519_load_packed(&work, &peer->config->protocol_config->public_key))
+ return;
+
ecc_25519_scalarmult(&work, &e, &work);
ecc_25519_add(&work, &workY, &work);
ecc_25519_scalarmult(&work, &s, &work);
@@ -461,11 +471,16 @@ static void handle_finish_handshake(fastd_context_t *ctx, fastd_socket_t *sock,
ecc_25519_gf_add(&s, &eb, &handshake_key->secret_key);
ecc_25519_work_t work, workX;
- if (!ecc_25519_load_packed(&work, &peer->config->protocol_config->public_key))
- return;
if (!ecc_25519_load_packed(&workX, peer_handshake_key))
return;
+ ecc_25519_scalarmult(&work, &ecc_25519_gf_order, &workX);
+ if (!ecc_25519_is_identity(&work))
+ return;
+
+ if (!ecc_25519_load_packed(&work, &peer->config->protocol_config->public_key))
+ return;
+
ecc_25519_scalarmult(&work, &d, &work);
ecc_25519_add(&work, &workX, &work);
ecc_25519_scalarmult(&work, &s, &work);