mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 19:04:19 +01:00
Implement parameter validation in ECJPAKE module
This commit is contained in:
parent
c4e5aa5746
commit
71c8e1b8d8
@ -33,11 +33,18 @@
|
|||||||
#if defined(MBEDTLS_ECJPAKE_C)
|
#if defined(MBEDTLS_ECJPAKE_C)
|
||||||
|
|
||||||
#include "mbedtls/ecjpake.h"
|
#include "mbedtls/ecjpake.h"
|
||||||
|
#include "mbedtls/platform_util.h"
|
||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
#if !defined(MBEDTLS_ECJPAKE_ALT)
|
#if !defined(MBEDTLS_ECJPAKE_ALT)
|
||||||
|
|
||||||
|
/* Parameter validation macros based on platform_util.h */
|
||||||
|
#define ECJPAKE_VALIDATE_RET( cond ) \
|
||||||
|
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
|
||||||
|
#define ECJPAKE_VALIDATE( cond ) \
|
||||||
|
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Convert a mbedtls_ecjpake_role to identifier string
|
* Convert a mbedtls_ecjpake_role to identifier string
|
||||||
*/
|
*/
|
||||||
@ -54,8 +61,7 @@ static const char * const ecjpake_id[] = {
|
|||||||
*/
|
*/
|
||||||
void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx )
|
void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx )
|
||||||
{
|
{
|
||||||
if( ctx == NULL )
|
ECJPAKE_VALIDATE( ctx != NULL );
|
||||||
return;
|
|
||||||
|
|
||||||
ctx->md_info = NULL;
|
ctx->md_info = NULL;
|
||||||
mbedtls_ecp_group_init( &ctx->grp );
|
mbedtls_ecp_group_init( &ctx->grp );
|
||||||
@ -105,6 +111,10 @@ int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx,
|
|||||||
size_t len )
|
size_t len )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
ECJPAKE_VALIDATE_RET( ctx != NULL );
|
||||||
|
ECJPAKE_VALIDATE_RET( role == MBEDTLS_ECJPAKE_CLIENT ||
|
||||||
|
role == MBEDTLS_ECJPAKE_SERVER );
|
||||||
|
ECJPAKE_VALIDATE_RET( secret != NULL || len == 0 );
|
||||||
|
|
||||||
ctx->role = role;
|
ctx->role = role;
|
||||||
|
|
||||||
@ -127,6 +137,8 @@ cleanup:
|
|||||||
*/
|
*/
|
||||||
int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx )
|
int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx )
|
||||||
{
|
{
|
||||||
|
ECJPAKE_VALIDATE_RET( ctx != NULL );
|
||||||
|
|
||||||
if( ctx->md_info == NULL ||
|
if( ctx->md_info == NULL ||
|
||||||
ctx->grp.id == MBEDTLS_ECP_DP_NONE ||
|
ctx->grp.id == MBEDTLS_ECP_DP_NONE ||
|
||||||
ctx->s.p == NULL )
|
ctx->s.p == NULL )
|
||||||
@ -504,6 +516,9 @@ int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx,
|
|||||||
const unsigned char *buf,
|
const unsigned char *buf,
|
||||||
size_t len )
|
size_t len )
|
||||||
{
|
{
|
||||||
|
ECJPAKE_VALIDATE_RET( ctx != NULL );
|
||||||
|
ECJPAKE_VALIDATE_RET( buf != NULL );
|
||||||
|
|
||||||
return( ecjpake_kkpp_read( ctx->md_info, &ctx->grp, ctx->point_format,
|
return( ecjpake_kkpp_read( ctx->md_info, &ctx->grp, ctx->point_format,
|
||||||
&ctx->grp.G,
|
&ctx->grp.G,
|
||||||
&ctx->Xp1, &ctx->Xp2, ID_PEER,
|
&ctx->Xp1, &ctx->Xp2, ID_PEER,
|
||||||
@ -518,6 +533,11 @@ int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx,
|
|||||||
int (*f_rng)(void *, unsigned char *, size_t),
|
int (*f_rng)(void *, unsigned char *, size_t),
|
||||||
void *p_rng )
|
void *p_rng )
|
||||||
{
|
{
|
||||||
|
ECJPAKE_VALIDATE_RET( ctx != NULL );
|
||||||
|
ECJPAKE_VALIDATE_RET( buf != NULL );
|
||||||
|
ECJPAKE_VALIDATE_RET( olen != NULL );
|
||||||
|
ECJPAKE_VALIDATE_RET( f_rng != NULL );
|
||||||
|
|
||||||
return( ecjpake_kkpp_write( ctx->md_info, &ctx->grp, ctx->point_format,
|
return( ecjpake_kkpp_write( ctx->md_info, &ctx->grp, ctx->point_format,
|
||||||
&ctx->grp.G,
|
&ctx->grp.G,
|
||||||
&ctx->xm1, &ctx->Xm1, &ctx->xm2, &ctx->Xm2,
|
&ctx->xm1, &ctx->Xm1, &ctx->xm2, &ctx->Xm2,
|
||||||
@ -559,6 +579,8 @@ int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx,
|
|||||||
const unsigned char *end = buf + len;
|
const unsigned char *end = buf + len;
|
||||||
mbedtls_ecp_group grp;
|
mbedtls_ecp_group grp;
|
||||||
mbedtls_ecp_point G; /* C: GB, S: GA */
|
mbedtls_ecp_point G; /* C: GB, S: GA */
|
||||||
|
ECJPAKE_VALIDATE_RET( ctx != NULL );
|
||||||
|
ECJPAKE_VALIDATE_RET( buf != NULL );
|
||||||
|
|
||||||
mbedtls_ecp_group_init( &grp );
|
mbedtls_ecp_group_init( &grp );
|
||||||
mbedtls_ecp_point_init( &G );
|
mbedtls_ecp_point_init( &G );
|
||||||
@ -651,6 +673,10 @@ int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,
|
|||||||
unsigned char *p = buf;
|
unsigned char *p = buf;
|
||||||
const unsigned char *end = buf + len;
|
const unsigned char *end = buf + len;
|
||||||
size_t ec_len;
|
size_t ec_len;
|
||||||
|
ECJPAKE_VALIDATE_RET( ctx != NULL );
|
||||||
|
ECJPAKE_VALIDATE_RET( buf != NULL );
|
||||||
|
ECJPAKE_VALIDATE_RET( olen != NULL );
|
||||||
|
ECJPAKE_VALIDATE_RET( f_rng != NULL );
|
||||||
|
|
||||||
mbedtls_ecp_point_init( &G );
|
mbedtls_ecp_point_init( &G );
|
||||||
mbedtls_ecp_point_init( &Xm );
|
mbedtls_ecp_point_init( &Xm );
|
||||||
@ -726,6 +752,10 @@ int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,
|
|||||||
mbedtls_mpi m_xm2_s, one;
|
mbedtls_mpi m_xm2_s, one;
|
||||||
unsigned char kx[MBEDTLS_ECP_MAX_BYTES];
|
unsigned char kx[MBEDTLS_ECP_MAX_BYTES];
|
||||||
size_t x_bytes;
|
size_t x_bytes;
|
||||||
|
ECJPAKE_VALIDATE_RET( ctx != NULL );
|
||||||
|
ECJPAKE_VALIDATE_RET( buf != NULL );
|
||||||
|
ECJPAKE_VALIDATE_RET( olen != NULL );
|
||||||
|
ECJPAKE_VALIDATE_RET( f_rng != NULL );
|
||||||
|
|
||||||
*olen = mbedtls_md_get_size( ctx->md_info );
|
*olen = mbedtls_md_get_size( ctx->md_info );
|
||||||
if( len < *olen )
|
if( len < *olen )
|
||||||
|
Loading…
Reference in New Issue
Block a user