mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-04-02 07:20:26 +00:00
Avoid in-out length in dhm_calc_secret()
This commit is contained in:
Manuel Pégourié-Gonnard
parent
f79b425226
commit
3335205a21
@ -241,8 +241,8 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
|
|||||||
*
|
*
|
||||||
* \param ctx DHM context
|
* \param ctx DHM context
|
||||||
* \param output destination buffer
|
* \param output destination buffer
|
||||||
* \param olen on entry, must hold the size of the destination buffer
|
* \param output_size size of the destination buffer
|
||||||
* on exit, holds the actual number of bytes written
|
* \param olen on exit, holds the actual number of bytes written
|
||||||
* \param f_rng RNG function, for blinding purposes
|
* \param f_rng RNG function, for blinding purposes
|
||||||
* \param p_rng RNG parameter
|
* \param p_rng RNG parameter
|
||||||
*
|
*
|
||||||
@ -255,7 +255,7 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
|
|||||||
* to always pass a non-NULL f_rng argument.
|
* to always pass a non-NULL f_rng argument.
|
||||||
*/
|
*/
|
||||||
int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
|
int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
|
||||||
unsigned char *output, size_t *olen,
|
unsigned char *output, size_t output_size, size_t *olen,
|
||||||
int (*f_rng)(void *, unsigned char *, size_t),
|
int (*f_rng)(void *, unsigned char *, size_t),
|
||||||
void *p_rng );
|
void *p_rng );
|
||||||
|
|
||||||
|
|||||||
@ -344,14 +344,14 @@ cleanup:
|
|||||||
* Derive and export the shared secret (G^Y)^X mod P
|
* Derive and export the shared secret (G^Y)^X mod P
|
||||||
*/
|
*/
|
||||||
int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
|
int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
|
||||||
unsigned char *output, size_t *olen,
|
unsigned char *output, size_t output_size, size_t *olen,
|
||||||
int (*f_rng)(void *, unsigned char *, size_t),
|
int (*f_rng)(void *, unsigned char *, size_t),
|
||||||
void *p_rng )
|
void *p_rng )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
mbedtls_mpi GYb;
|
mbedtls_mpi GYb;
|
||||||
|
|
||||||
if( ctx == NULL || *olen < ctx->len )
|
if( ctx == NULL || output_size < ctx->len )
|
||||||
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
|
||||||
|
|
||||||
if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
|
if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
|
||||||
|
|||||||
@ -2477,10 +2477,9 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||||||
MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->handshake->dhm_ctx.X );
|
MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->handshake->dhm_ctx.X );
|
||||||
MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX );
|
MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX );
|
||||||
|
|
||||||
ssl->handshake->pmslen = MBEDTLS_PREMASTER_SIZE;
|
|
||||||
|
|
||||||
if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
|
if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
|
||||||
ssl->handshake->premaster,
|
ssl->handshake->premaster,
|
||||||
|
MBEDTLS_PREMASTER_SIZE,
|
||||||
&ssl->handshake->pmslen,
|
&ssl->handshake->pmslen,
|
||||||
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
|
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
|
||||||
{
|
{
|
||||||
|
|||||||
@ -3145,10 +3145,9 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
|
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl->handshake->pmslen = MBEDTLS_PREMASTER_SIZE;
|
|
||||||
|
|
||||||
if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
|
if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
|
||||||
ssl->handshake->premaster,
|
ssl->handshake->premaster,
|
||||||
|
MBEDTLS_PREMASTER_SIZE,
|
||||||
&ssl->handshake->pmslen,
|
&ssl->handshake->pmslen,
|
||||||
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
|
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
|
||||||
{
|
{
|
||||||
|
|||||||
@ -1114,11 +1114,11 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
|
|||||||
if( key_ex == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
|
if( key_ex == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
size_t len = end - ( p + 2 );
|
size_t len;
|
||||||
|
|
||||||
/* Write length only when we know the actual value */
|
/* Write length only when we know the actual value */
|
||||||
if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
|
if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
|
||||||
p + 2, &len,
|
p + 2, end - ( p + 2 ), &len,
|
||||||
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
|
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
|
||||||
|
|||||||
@ -243,8 +243,7 @@ int main( void )
|
|||||||
mbedtls_printf( "\n . Shared secret: " );
|
mbedtls_printf( "\n . Shared secret: " );
|
||||||
fflush( stdout );
|
fflush( stdout );
|
||||||
|
|
||||||
n = dhm.len;
|
if( ( ret = mbedtls_dhm_calc_secret( &dhm, buf, sizeof( buf ), &n,
|
||||||
if( ( ret = mbedtls_dhm_calc_secret( &dhm, buf, &n,
|
|
||||||
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
|
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_printf( " failed\n ! mbedtls_dhm_calc_secret returned %d\n\n", ret );
|
mbedtls_printf( " failed\n ! mbedtls_dhm_calc_secret returned %d\n\n", ret );
|
||||||
|
|||||||
@ -228,7 +228,6 @@ int main( void )
|
|||||||
fflush( stdout );
|
fflush( stdout );
|
||||||
|
|
||||||
memset( buf, 0, sizeof( buf ) );
|
memset( buf, 0, sizeof( buf ) );
|
||||||
n = dhm.len;
|
|
||||||
|
|
||||||
if( ( ret = mbedtls_net_recv( &client_fd, buf, n ) ) != (int) n )
|
if( ( ret = mbedtls_net_recv( &client_fd, buf, n ) ) != (int) n )
|
||||||
{
|
{
|
||||||
@ -248,7 +247,7 @@ int main( void )
|
|||||||
mbedtls_printf( "\n . Shared secret: " );
|
mbedtls_printf( "\n . Shared secret: " );
|
||||||
fflush( stdout );
|
fflush( stdout );
|
||||||
|
|
||||||
if( ( ret = mbedtls_dhm_calc_secret( &dhm, buf, &n,
|
if( ( ret = mbedtls_dhm_calc_secret( &dhm, buf, sizeof( buf ), &n,
|
||||||
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
|
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_printf( " failed\n ! mbedtls_dhm_calc_secret returned %d\n\n", ret );
|
mbedtls_printf( " failed\n ! mbedtls_dhm_calc_secret returned %d\n\n", ret );
|
||||||
|
|||||||
@ -646,15 +646,13 @@ int main( int argc, char *argv[] )
|
|||||||
|
|
||||||
mbedtls_snprintf( title, sizeof( title ), "DHE-%d", dhm_sizes[i] );
|
mbedtls_snprintf( title, sizeof( title ), "DHE-%d", dhm_sizes[i] );
|
||||||
TIME_PUBLIC( title, "handshake",
|
TIME_PUBLIC( title, "handshake",
|
||||||
olen = sizeof( buf );
|
|
||||||
ret |= mbedtls_dhm_make_public( &dhm, (int) dhm.len, buf, dhm.len,
|
ret |= mbedtls_dhm_make_public( &dhm, (int) dhm.len, buf, dhm.len,
|
||||||
myrand, NULL );
|
myrand, NULL );
|
||||||
ret |= mbedtls_dhm_calc_secret( &dhm, buf, &olen, myrand, NULL ) );
|
ret |= mbedtls_dhm_calc_secret( &dhm, buf, sizeof( buf ), &olen, myrand, NULL ) );
|
||||||
|
|
||||||
mbedtls_snprintf( title, sizeof( title ), "DH-%d", dhm_sizes[i] );
|
mbedtls_snprintf( title, sizeof( title ), "DH-%d", dhm_sizes[i] );
|
||||||
TIME_PUBLIC( title, "handshake",
|
TIME_PUBLIC( title, "handshake",
|
||||||
olen = sizeof( buf );
|
ret |= mbedtls_dhm_calc_secret( &dhm, buf, sizeof( buf ), &olen, myrand, NULL ) );
|
||||||
ret |= mbedtls_dhm_calc_secret( &dhm, buf, &olen, myrand, NULL ) );
|
|
||||||
|
|
||||||
mbedtls_dhm_free( &dhm );
|
mbedtls_dhm_free( &dhm );
|
||||||
}
|
}
|
||||||
|
|||||||
@ -20,8 +20,8 @@ void dhm_do_dhm( int radix_P, char *input_P,
|
|||||||
unsigned char sec_cli[1000];
|
unsigned char sec_cli[1000];
|
||||||
size_t ske_len = 0;
|
size_t ske_len = 0;
|
||||||
size_t pub_cli_len = 0;
|
size_t pub_cli_len = 0;
|
||||||
size_t sec_srv_len = 1000;
|
size_t sec_srv_len;
|
||||||
size_t sec_cli_len = 1000;
|
size_t sec_cli_len;
|
||||||
int x_size, i;
|
int x_size, i;
|
||||||
rnd_pseudo_info rnd_info;
|
rnd_pseudo_info rnd_info;
|
||||||
|
|
||||||
@ -52,8 +52,8 @@ void dhm_do_dhm( int radix_P, char *input_P,
|
|||||||
TEST_ASSERT( mbedtls_dhm_make_public( &ctx_cli, x_size, pub_cli, pub_cli_len, &rnd_pseudo_rand, &rnd_info ) == 0 );
|
TEST_ASSERT( mbedtls_dhm_make_public( &ctx_cli, x_size, pub_cli, pub_cli_len, &rnd_pseudo_rand, &rnd_info ) == 0 );
|
||||||
TEST_ASSERT( mbedtls_dhm_read_public( &ctx_srv, pub_cli, pub_cli_len ) == 0 );
|
TEST_ASSERT( mbedtls_dhm_read_public( &ctx_srv, pub_cli, pub_cli_len ) == 0 );
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, &sec_srv_len, &rnd_pseudo_rand, &rnd_info ) == 0 );
|
TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ), &sec_srv_len, &rnd_pseudo_rand, &rnd_info ) == 0 );
|
||||||
TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_cli, sec_cli, &sec_cli_len, NULL, NULL ) == 0 );
|
TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_cli, sec_cli, sizeof( sec_cli ), &sec_cli_len, NULL, NULL ) == 0 );
|
||||||
|
|
||||||
TEST_ASSERT( sec_srv_len == sec_cli_len );
|
TEST_ASSERT( sec_srv_len == sec_cli_len );
|
||||||
TEST_ASSERT( sec_srv_len != 0 );
|
TEST_ASSERT( sec_srv_len != 0 );
|
||||||
@ -63,7 +63,7 @@ void dhm_do_dhm( int radix_P, char *input_P,
|
|||||||
for( i = 0; i < 3; i++ )
|
for( i = 0; i < 3; i++ )
|
||||||
{
|
{
|
||||||
sec_srv_len = 1000;
|
sec_srv_len = 1000;
|
||||||
TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, &sec_srv_len, &rnd_pseudo_rand, &rnd_info ) == 0 );
|
TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ), &sec_srv_len, &rnd_pseudo_rand, &rnd_info ) == 0 );
|
||||||
|
|
||||||
TEST_ASSERT( sec_srv_len == sec_cli_len );
|
TEST_ASSERT( sec_srv_len == sec_cli_len );
|
||||||
TEST_ASSERT( sec_srv_len != 0 );
|
TEST_ASSERT( sec_srv_len != 0 );
|
||||||
@ -73,8 +73,6 @@ void dhm_do_dhm( int radix_P, char *input_P,
|
|||||||
/*
|
/*
|
||||||
* Second key exchange to test change of blinding values on server
|
* Second key exchange to test change of blinding values on server
|
||||||
*/
|
*/
|
||||||
sec_cli_len = 1000;
|
|
||||||
sec_srv_len = 1000;
|
|
||||||
p = ske;
|
p = ske;
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len, &rnd_pseudo_rand, &rnd_info ) == 0 );
|
TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len, &rnd_pseudo_rand, &rnd_info ) == 0 );
|
||||||
@ -85,8 +83,8 @@ void dhm_do_dhm( int radix_P, char *input_P,
|
|||||||
TEST_ASSERT( mbedtls_dhm_make_public( &ctx_cli, x_size, pub_cli, pub_cli_len, &rnd_pseudo_rand, &rnd_info ) == 0 );
|
TEST_ASSERT( mbedtls_dhm_make_public( &ctx_cli, x_size, pub_cli, pub_cli_len, &rnd_pseudo_rand, &rnd_info ) == 0 );
|
||||||
TEST_ASSERT( mbedtls_dhm_read_public( &ctx_srv, pub_cli, pub_cli_len ) == 0 );
|
TEST_ASSERT( mbedtls_dhm_read_public( &ctx_srv, pub_cli, pub_cli_len ) == 0 );
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, &sec_srv_len, &rnd_pseudo_rand, &rnd_info ) == 0 );
|
TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ), &sec_srv_len, &rnd_pseudo_rand, &rnd_info ) == 0 );
|
||||||
TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_cli, sec_cli, &sec_cli_len, NULL, NULL ) == 0 );
|
TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_cli, sec_cli, sizeof( sec_cli ), &sec_cli_len, NULL, NULL ) == 0 );
|
||||||
|
|
||||||
TEST_ASSERT( sec_srv_len == sec_cli_len );
|
TEST_ASSERT( sec_srv_len == sec_cli_len );
|
||||||
TEST_ASSERT( sec_srv_len != 0 );
|
TEST_ASSERT( sec_srv_len != 0 );
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user