Skip to content

Commit

Permalink
P-256: DH: Use correct length for pub key vs DH
Browse files Browse the repository at this point in the history
  • Loading branch information
AlfioEmanueleFresta committed Sep 29, 2024
1 parent 8fb05c4 commit d6d7176
Show file tree
Hide file tree
Showing 4 changed files with 28 additions and 18 deletions.
2 changes: 1 addition & 1 deletion src/constants.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ pub const TAGLEN: usize = 16;

pub const MAXHASHLEN: usize = 64;
pub const MAXBLOCKLEN: usize = 128;
pub const MAXDHLEN: usize = 56;
pub const MAXDHLEN: usize = 65;
pub const MAXMSGLEN: usize = 65535;

#[cfg(feature = "hfs")]
Expand Down
35 changes: 18 additions & 17 deletions src/handshakestate.rs
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ impl HandshakeState {
symmetricstate.initialize(&params.name);
symmetricstate.mix_hash(prologue);

let dh_len = s.pub_len();
let pub_len = s.pub_len();
if initiator {
for token in tokens.premsg_pattern_i {
symmetricstate.mix_hash(
Expand All @@ -100,7 +100,7 @@ impl HandshakeState {
_ => unreachable!(),
}
.get()
.ok_or(StateProblem::MissingKeyMaterial)?[..dh_len],
.ok_or(StateProblem::MissingKeyMaterial)?[..pub_len],
);
}
} else {
Expand All @@ -112,7 +112,7 @@ impl HandshakeState {
_ => unreachable!(),
}
.get()
.ok_or(StateProblem::MissingKeyMaterial)?[..dh_len],
.ok_or(StateProblem::MissingKeyMaterial)?[..pub_len],
);
}
for token in tokens.premsg_pattern_r {
Expand Down Expand Up @@ -152,7 +152,7 @@ impl HandshakeState {
}

pub(crate) fn dh_len(&self) -> usize {
self.s.pub_len()
self.s.dh_len()
}

#[cfg(feature = "hfs")]
Expand Down Expand Up @@ -357,38 +357,39 @@ impl HandshakeState {
let last = self.pattern_position == (self.message_patterns.len() - 1);

let dh_len = self.dh_len();
let pub_len = self.e.pub_len();
let mut ptr = message;
for token in &self.message_patterns[self.pattern_position] {
match *token {
Token::E => {
if ptr.len() < dh_len {
if ptr.len() < pub_len {
return Err(Error::Input);
}
self.re[..dh_len].copy_from_slice(&ptr[..dh_len]);
ptr = &ptr[dh_len..];
self.symmetricstate.mix_hash(&self.re[..dh_len]);
self.re[..pub_len].copy_from_slice(&ptr[..pub_len]);
ptr = &ptr[pub_len..];
self.symmetricstate.mix_hash(&self.re[..pub_len]);
if self.params.handshake.is_psk() {
self.symmetricstate.mix_key(&self.re[..dh_len]);
self.symmetricstate.mix_key(&self.re[..pub_len]);
}
self.re.enable();
},
Token::S => {
let data = if self.symmetricstate.has_key() {
if ptr.len() < dh_len + TAGLEN {
if ptr.len() < pub_len + TAGLEN {
return Err(Error::Input);
}
let temp = &ptr[..dh_len + TAGLEN];
ptr = &ptr[dh_len + TAGLEN..];
let temp = &ptr[..pub_len + TAGLEN];
ptr = &ptr[pub_len + TAGLEN..];
temp
} else {
if ptr.len() < dh_len {
if ptr.len() < pub_len {
return Err(Error::Input);
}
let temp = &ptr[..dh_len];
ptr = &ptr[dh_len..];
let temp = &ptr[..pub_len];
ptr = &ptr[pub_len..];
temp
};
self.symmetricstate.decrypt_and_mix_hash(data, &mut self.rs[..dh_len])?;
self.symmetricstate.decrypt_and_mix_hash(data, &mut self.rs[..pub_len])?;
self.rs.enable();
},
Token::Psk(n) => match self.psks[n as usize] {
Expand Down Expand Up @@ -472,7 +473,7 @@ impl HandshakeState {
/// pattern, for example).
#[must_use]
pub fn get_remote_static(&self) -> Option<&[u8]> {
self.rs.get().map(|rs| &rs[..self.dh_len()])
self.rs.get().map(|rs| &rs[..self.s.pub_len()])
}

/// Get the handshake hash.
Expand Down
4 changes: 4 additions & 0 deletions src/resolvers/default.rs
Original file line number Diff line number Diff line change
Expand Up @@ -211,6 +211,10 @@ impl Dh for P256 {
32 // Scalar
}

fn dh_len(&self) -> usize {
32
}

fn set(&mut self, privkey: &[u8]) {
let mut bytes = [0u8; 32];
copy_slices!(privkey, bytes);
Expand Down
5 changes: 5 additions & 0 deletions src/types.rs
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,11 @@ pub trait Dh: Send + Sync {
/// # Errors
/// Returns `Error::Dh` in the event that the Diffie-Hellman failed.
fn dh(&self, pubkey: &[u8], out: &mut [u8]) -> Result<(), Error>;

/// The lenght in bytes of of the DH key exchange. Defaults to the public key.
fn dh_len(&self) -> usize {
self.pub_len()
}
}

/// Cipher operations
Expand Down

0 comments on commit d6d7176

Please sign in to comment.