From 2dafbe0d1ca0d6696cbccbb28773105b5befbb31 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Fri, 16 Jun 2017 22:35:18 +0800 Subject: check p and q lengths --- dss.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'dss.c') diff --git a/dss.c b/dss.c index 8f4f195..a3b4dce 100644 --- a/dss.c +++ b/dss.c @@ -61,8 +61,15 @@ int buf_get_dss_pub_key(buffer* buf, dropbear_dss_key *key) { goto out; } - if (mp_count_bits(key->p) < MIN_DSS_KEYLEN) { - dropbear_log(LOG_WARNING, "DSS key too short"); + if (mp_count_bits(key->p) < DSS_P_BITS) { + dropbear_log(LOG_WARNING, "Bad DSS p"); + TRACE(("leave buf_get_dss_pub_key: short key")) + ret = DROPBEAR_FAILURE; + goto out; + } + + if (mp_count_bits(key->q) < DSS_Q_BITS) { + dropbear_log(LOG_WARNING, "Bad DSS q"); TRACE(("leave buf_get_dss_pub_key: short key")) ret = DROPBEAR_FAILURE; goto out; @@ -94,7 +101,7 @@ int buf_get_dss_priv_key(buffer* buf, dropbear_dss_key *key) { m_mp_alloc_init_multi(&key->x, NULL); ret = buf_getmpint(buf, key->x); if (ret == DROPBEAR_FAILURE) { - m_mp_free_multi(&key->x); + m_mp_free_multi(&key->x, NULL); } return ret; -- cgit v1.2.1 From 4a16a4f72131b7a9f3ee28c5076829fab9fc9d1e Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Tue, 20 Jun 2017 20:07:25 +0800 Subject: verify debug printing --- dss.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'dss.c') diff --git a/dss.c b/dss.c index a3b4dce..91412ae 100644 --- a/dss.c +++ b/dss.c @@ -174,6 +174,13 @@ int buf_dss_verify(buffer* buf, dropbear_dss_key *key, buffer *data_buf) { goto out; } +#if DEBUG_DSS_VERIFY + printmpint("dss verify p", key->p); + printmpint("dss verify q", key->q); + printmpint("dss verify g", key->g); + printmpint("dss verify x", key->x); +#endif + /* hash the data */ sha1_init(&hs); sha1_process(&hs, data_buf->data, data_buf->len); @@ -183,6 +190,9 @@ int buf_dss_verify(buffer* buf, dropbear_dss_key *key, buffer *data_buf) { /* w = (s')-1 mod q */ /* let val1 = s' */ bytes_to_mp(&val1, (const unsigned char*) &string[SHA1_HASH_SIZE], SHA1_HASH_SIZE); +#if DEBUG_DSS_VERIFY + printmpint("dss verify s'", &val1); +#endif if (mp_cmp(&val1, key->q) != MP_LT) { TRACE(("verify failed, s' >= q")) @@ -200,6 +210,9 @@ int buf_dss_verify(buffer* buf, dropbear_dss_key *key, buffer *data_buf) { /* u1 = ((SHA(M')w) mod q */ /* let val1 = SHA(M') = msghash */ bytes_to_mp(&val1, msghash, SHA1_HASH_SIZE); +#if DEBUG_DSS_VERIFY + printmpint("dss verify r'", &val1); +#endif /* let val3 = u1 = ((SHA(M')w) mod q */ if (mp_mulmod(&val1, &val2, key->q, &val3) != MP_OKAY) { -- cgit v1.2.1 From 8b9446c281f167b579a95a4abbcaa84e378518fb Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Sat, 24 Jun 2017 10:34:58 +0800 Subject: fix dss debug printing --- dss.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'dss.c') diff --git a/dss.c b/dss.c index 00899cf..8f80421 100644 --- a/dss.c +++ b/dss.c @@ -176,7 +176,7 @@ int buf_dss_verify(buffer* buf, dropbear_dss_key *key, buffer *data_buf) { printmpint("dss verify p", key->p); printmpint("dss verify q", key->q); printmpint("dss verify g", key->g); - printmpint("dss verify x", key->x); + printmpint("dss verify y", key->y); #endif /* hash the data */ -- cgit v1.2.1 From d6158b1efebbacd769c41fd470a0e27d3974f40e Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Mon, 14 Aug 2017 00:00:10 +0800 Subject: check dss g range --- dss.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'dss.c') diff --git a/dss.c b/dss.c index 8f80421..fc91ff2 100644 --- a/dss.c +++ b/dss.c @@ -73,6 +73,18 @@ int buf_get_dss_pub_key(buffer* buf, dropbear_dss_key *key) { goto out; } + /* test 1 < g < p */ + if (mp_cmp_d(key->g, 1) != MP_GT) { + dropbear_log(LOG_WARNING, "Bad DSS g"); + ret = DROPBEAR_FAILURE; + goto out; + } + if (mp_cmp(key->g, key->p) != MP_LT) { + dropbear_log(LOG_WARNING, "Bad DSS g"); + ret = DROPBEAR_FAILURE; + goto out; + } + ret = DROPBEAR_SUCCESS; TRACE(("leave buf_get_dss_pub_key: success")) out: -- cgit v1.2.1