From c5721fd15c45441256487f8d2fc10c1bd25b6562 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Wed, 9 Jan 2013 10:59:45 +0100 Subject: Improve checking of received handshake keys --- src/protocol_ec25519_fhmqvc.c | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/src/protocol_ec25519_fhmqvc.c b/src/protocol_ec25519_fhmqvc.c index 15d26b7..459c986 100644 --- a/src/protocol_ec25519_fhmqvc.c +++ b/src/protocol_ec25519_fhmqvc.c @@ -270,11 +270,16 @@ static void respond_handshake(fastd_context_t *ctx, const fastd_socket_t *sock, ecc_25519_gf_add(&s, &eb, &handshake_key->secret_key); ecc_25519_work_t work, workX; - if (!ecc_25519_load_packed(&work, &peer->config->protocol_config->public_key)) - return; if (!ecc_25519_load_packed(&workX, peer_handshake_key)) return; + ecc_25519_scalarmult(&work, &ecc_25519_gf_order, &workX); + if (!ecc_25519_is_identity(&work)) + return; + + if (!ecc_25519_load_packed(&work, &peer->config->protocol_config->public_key)) + return; + ecc_25519_scalarmult(&work, &d, &work); ecc_25519_add(&work, &workX, &work); ecc_25519_scalarmult(&work, &s, &work); @@ -389,11 +394,16 @@ static void finish_handshake(fastd_context_t *ctx, fastd_socket_t *sock, const f ecc_25519_gf_add(&s, &da, &handshake_key->secret_key); ecc_25519_work_t work, workY; - if (!ecc_25519_load_packed(&work, &peer->config->protocol_config->public_key)) - return; if (!ecc_25519_load_packed(&workY, peer_handshake_key)) return; + ecc_25519_scalarmult(&work, &ecc_25519_gf_order, &workY); + if (!ecc_25519_is_identity(&work)) + return; + + if (!ecc_25519_load_packed(&work, &peer->config->protocol_config->public_key)) + return; + ecc_25519_scalarmult(&work, &e, &work); ecc_25519_add(&work, &workY, &work); ecc_25519_scalarmult(&work, &s, &work); @@ -461,11 +471,16 @@ static void handle_finish_handshake(fastd_context_t *ctx, fastd_socket_t *sock, ecc_25519_gf_add(&s, &eb, &handshake_key->secret_key); ecc_25519_work_t work, workX; - if (!ecc_25519_load_packed(&work, &peer->config->protocol_config->public_key)) - return; if (!ecc_25519_load_packed(&workX, peer_handshake_key)) return; + ecc_25519_scalarmult(&work, &ecc_25519_gf_order, &workX); + if (!ecc_25519_is_identity(&work)) + return; + + if (!ecc_25519_load_packed(&work, &peer->config->protocol_config->public_key)) + return; + ecc_25519_scalarmult(&work, &d, &work); ecc_25519_add(&work, &workX, &work); ecc_25519_scalarmult(&work, &s, &work); -- cgit v1.2.3