wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 12:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

add check dh public key to agree()

Browse Source
This commit is contained in:
toddouska
2017-03-03 11:30:38 -08:00
parent 6800ffe8fa
commit 7bcd26e321
4 changed files with 61 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
wolfcrypt/src/dh.c
View File

@@ -184,6 +184,57 @@ int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng, byte* priv, word32* privSz,
return (ret != 0) ? ret : GeneratePublic(key, priv, *privSz, pub, pubSz); return (ret != 0) ? ret : GeneratePublic(key, priv, *privSz, pub, pubSz);
} }
/* Check DH Public Key for invalid numbers
*
* key DH key group parameters.
* pub Public Key.
* pubSz Public Key size.
*
* returns 0 on success or error code
*/
int wc_DhCheckPubKey(DhKey* key, const byte* pub, word32 pubSz)
{
int ret = 0;
mp_int x;
mp_int y;
if (key == NULL || pub == NULL) {
return BAD_FUNC_ARG;
}
if (mp_init_multi(&x, &y, NULL, NULL, NULL, NULL) != MP_OKAY) {
return MP_INIT_E;
}
if (mp_read_unsigned_bin(&x, pub, pubSz) != MP_OKAY) {
ret = MP_READ_E;
}
/* pub should not be 0 or 1 */
if (ret == 0 && mp_cmp_d(&x, 2) == MP_LT) {
ret = MP_CMP_E;
}
/* pub shouldn't be greater than or equal to p - 1 */
if (ret == 0 && mp_copy(&key->p, &y) != MP_OKAY) {
ret = MP_INIT_E;
}
if (ret == 0 && mp_sub_d(&y, 2, &y) != MP_OKAY) {
ret = MP_SUB_E;
}
if (ret == 0 && mp_cmp(&x, &y) == MP_GT) {
ret = MP_CMP_E;
}
mp_clear(&y);
mp_clear(&x);
return ret;
}
int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv, int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv,
word32 privSz, const byte* otherPub, word32 pubSz) word32 privSz, const byte* otherPub, word32 pubSz)
{ {
@@ -193,6 +244,11 @@ int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv,
mp_int y; mp_int y;
mp_int z; mp_int z;
if (wc_DhCheckPubKey(key, otherPub, pubSz) != 0) {
WOLFSSL_MSG("wc_DhAgree wc_DhCheckPubKey failed");
return DH_CHECK_PUB_E;
}
if (mp_init_multi(&x, &y, &z, 0, 0, 0) != MP_OKAY) if (mp_init_multi(&x, &y, &z, 0, 0, 0) != MP_OKAY)
return MP_INIT_E; return MP_INIT_E;

3
wolfcrypt/src/error.c
View File

@@ -416,6 +416,9 @@ const char* wc_GetErrorString(int error)
case ECC_CDH_KAT_FIPS_E: case ECC_CDH_KAT_FIPS_E:
return "wolfcrypt FIPS ECC CDH Known Answer Test Failure"; return "wolfcrypt FIPS ECC CDH Known Answer Test Failure";
case DH_CHECK_PUB_E:
return "DH Check Public Key failure";
default: default:
return "unknown error number"; return "unknown error number";

1
wolfssl/wolfcrypt/dh.h
View File

@@ -56,6 +56,7 @@ WOLFSSL_API int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g
word32 gSz); word32 gSz);
WOLFSSL_API int wc_DhParamsLoad(const byte* input, word32 inSz, byte* p, WOLFSSL_API int wc_DhParamsLoad(const byte* input, word32 inSz, byte* p,
word32* pInOutSz, byte* g, word32* gInOutSz); word32* pInOutSz, byte* g, word32* gInOutSz);
WOLFSSL_API int wc_DhCheckPubKey(DhKey* key, const byte* pub, word32 pubSz);
#ifdef __cplusplus #ifdef __cplusplus

1
wolfssl/wolfcrypt/error-crypt.h
View File

@@ -183,6 +183,7 @@ enum {
BAD_KEYWRAP_IV_E = -240, /* Decrypted AES key wrap IV incorrect */ BAD_KEYWRAP_IV_E = -240, /* Decrypted AES key wrap IV incorrect */
WC_CLEANUP_E = -241, /* wolfcrypt cleanup failed */ WC_CLEANUP_E = -241, /* wolfcrypt cleanup failed */
ECC_CDH_KAT_FIPS_E = -242, /* ECC CDH Known Answer Test failure */ ECC_CDH_KAT_FIPS_E = -242, /* ECC CDH Known Answer Test failure */
DH_CHECK_PUB_E = -243, /* DH Check Pub Key error */
MIN_CODE_E = -300 /* errors -101 - -299 */ MIN_CODE_E = -300 /* errors -101 - -299 */