DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Add explicit checks for peer's DH public key

Browse source 
Pass the group order (if known/specified) to crypto_dh_derive_secret()
(and also to OpenSSL DH_generate_key() in case of Group 5) and verify
that the public key received from the peer meets 1 < pubkey < p and
pubkey^q == 1 mod p conditions.

While all these use cases were using only ephemeral DH keys, it is
better to use more explicit checks while deriving the shared secret to
avoid unexpected behavior.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2019-03-05 17:05:03 +02:00 committed by Jouni Malinen
parent 4a9531a755
commit b11fa98bcb
9 changed files with 190 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/eap_common/eap_eke_common.c
View file

@ -399,7 +399,7 @@ int eap_eke_shared_secret(struct eap_eke_session *sess, const u8 *key,
/* SharedSecret = prf(0+, g ^ (x_s * x_p) (mod p)) */
len = dh->prime_len;
if (crypto_dh_derive_secret(*dh->generator, dh->prime, dh->prime_len,
dhpriv, dh->prime_len, peer_pub,
NULL, 0, dhpriv, dh->prime_len, peer_pub,
dh->prime_len, modexp, &len) < 0)
return -1;
if (len < dh->prime_len) {