diff options
-rw-r--r-- | lib/gnutls_mpi.h | 2 | ||||
-rw-r--r-- | libextra/auth_srp.c | 81 |
2 files changed, 62 insertions, 21 deletions
diff --git a/lib/gnutls_mpi.h b/lib/gnutls_mpi.h index 2ac9eae663..048a10458b 100644 --- a/lib/gnutls_mpi.h +++ b/lib/gnutls_mpi.h @@ -6,6 +6,7 @@ #define GNUTLS_MPI gcry_mpi_t +#define _gnutls_mpi_cmp gcry_mpi_cmp #define _gnutls_mpi_cmp_ui gcry_mpi_cmp_ui #define _gnutls_mpi_mod gcry_mpi_mod #define _gnutls_mpi_new gcry_mpi_new @@ -19,6 +20,7 @@ #define _gnutls_mpi_invm gcry_mpi_invm #define _gnutls_mpi_addm gcry_mpi_addm #define _gnutls_mpi_subm gcry_mpi_subm +#define _gnutls_mpi_sub_ui gcry_mpi_sub_ui #define _gnutls_mpi_mulm gcry_mpi_mulm #define _gnutls_mpi_mul gcry_mpi_mul #define _gnutls_mpi_add gcry_mpi_add diff --git a/libextra/auth_srp.c b/libextra/auth_srp.c index d0e55d668a..169949b270 100644 --- a/libextra/auth_srp.c +++ b/libextra/auth_srp.c @@ -67,6 +67,58 @@ const MOD_AUTH_STRUCT srp_auth_struct = { #define V session->key->x #define S session->key->KEY +/* Checks if b%n==0 which is a fatal srp error. + * Returns a proper error code in that case, and 0 when + * all are ok. + */ +inline +static int check_b_mod_n( GNUTLS_MPI b, GNUTLS_MPI n) +{ +int ret; +GNUTLS_MPI r = _gnutls_mpi_alloc_like(b); + + _gnutls_mpi_mod( r, b, n); + ret = _gnutls_mpi_cmp_ui(r, 0); + + _gnutls_mpi_release( &r); + + if (ret == 0) { + gnutls_assert(); + return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; + } + + return 0; +} + +/* Checks if a%n==0,+1,-1%n which is a fatal srp error. + * Returns a proper error code in that case, and 0 when + * all are ok. + */ +inline +static int check_a_mod_n( GNUTLS_MPI a, GNUTLS_MPI n) +{ +int ret; +GNUTLS_MPI r = _gnutls_mpi_alloc_like(a); + + _gnutls_mpi_mod( r, a, n); + ret = _gnutls_mpi_cmp_ui(r, 0); + if (ret != 0) ret = _gnutls_mpi_cmp_ui(r, 1); + if (ret != 0) { + _gnutls_mpi_sub_ui( r, n, 1); + ret = _gnutls_mpi_cmp(a, r); + } + + _gnutls_mpi_release( &r); + + if (ret == 0) { + gnutls_assert(); + return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; + } + + return 0; +} + + /* Send the first key exchange message ( g, n, s) and append the verifier algorithm number * Data is allocated by the caller, and should have data_size size. */ @@ -298,6 +350,14 @@ int _gnutls_proc_srp_client_kx(gnutls_session session, opaque * data, size_t _da _gnutls_dump_mpi( "SRP A: ", A); _gnutls_dump_mpi( "SRP B: ", B); + /* Checks if A % n == 0 or + * A % n == +-1. + */ + if ( (ret = check_a_mod_n( A, N)) < 0) { + gnutls_assert(); + return ret; + } + /* Start the SRP calculations. * - Calculate u */ @@ -337,27 +397,6 @@ int _gnutls_proc_srp_client_kx(gnutls_session session, opaque * data, size_t _da } -/* Checks if b%n==0 which is a fatal srp error. - * Returns a proper error code in that case, and 0 when - * all are ok. - */ -static int check_b_mod_n( GNUTLS_MPI b, GNUTLS_MPI n) -{ -int ret; -GNUTLS_MPI r = _gnutls_mpi_alloc_like(b); - - _gnutls_mpi_mod( r, b, n); - ret = _gnutls_mpi_cmp_ui(r, 0); - - _gnutls_mpi_release( &r); - - if (ret == 0) { - gnutls_assert(); - return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; - } - - return 0; -} /* Static parameters according to draft-ietf-tls-srp-05 */ |