cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-10-30 19:20:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

Implement parameter validation in ECDH module

Browse Source
This commit is contained in:
Hanno Becker 2018-12-17 18:10:51 +00:00
parent e77ef2ad33
commit 91796d7471
1 changed files with 43 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
library/ecdh.c
View File

@ -35,9 +35,16 @@
#if defined(MBEDTLS_ECDH_C) #if defined(MBEDTLS_ECDH_C)
#include "mbedtls/ecdh.h" #include "mbedtls/ecdh.h"
#include "mbedtls/platform_util.h"
#include <string.h> #include <string.h>
/* Parameter validation macros based on platform_util.h */
#define ECDH_VALIDATE_RET( cond ) \
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
#define ECDH_VALIDATE( cond ) \
MBEDTLS_INTERNAL_VALIDATE( cond )
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
typedef mbedtls_ecdh_context mbedtls_ecdh_context_mbed; typedef mbedtls_ecdh_context mbedtls_ecdh_context_mbed;
#endif #endif
@ -57,6 +64,10 @@ static int ecdh_gen_public_restartable( mbedtls_ecp_group *grp,
mbedtls_ecp_restart_ctx *rs_ctx ) mbedtls_ecp_restart_ctx *rs_ctx )
{ {
int ret; int ret;
ECDH_VALIDATE_RET( grp != NULL );
ECDH_VALIDATE_RET( d != NULL );
ECDH_VALIDATE_RET( Q != NULL );
ECDH_VALIDATE_RET( f_rng != NULL );
/* If multiplication is in progress, we already generated a privkey */ /* If multiplication is in progress, we already generated a privkey */
#if defined(MBEDTLS_ECP_RESTARTABLE) #if defined(MBEDTLS_ECP_RESTARTABLE)
@ -78,6 +89,10 @@ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng ) void *p_rng )
{ {
ECDH_VALIDATE_RET( grp != NULL );
ECDH_VALIDATE_RET( d != NULL );
ECDH_VALIDATE_RET( Q != NULL );
ECDH_VALIDATE_RET( f_rng != NULL );
return( ecdh_gen_public_restartable( grp, d, Q, f_rng, p_rng, NULL ) ); return( ecdh_gen_public_restartable( grp, d, Q, f_rng, p_rng, NULL ) );
} }
#endif /* !MBEDTLS_ECDH_GEN_PUBLIC_ALT */ #endif /* !MBEDTLS_ECDH_GEN_PUBLIC_ALT */
@ -123,6 +138,10 @@ int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng ) void *p_rng )
{ {
ECDH_VALIDATE_RET( grp != NULL );
ECDH_VALIDATE_RET( Q != NULL );
ECDH_VALIDATE_RET( d != NULL );
ECDH_VALIDATE_RET( z != NULL );
return( ecdh_compute_shared_restartable( grp, z, Q, d, return( ecdh_compute_shared_restartable( grp, z, Q, d,
f_rng, p_rng, NULL ) ); f_rng, p_rng, NULL ) );
} }
@ -146,6 +165,8 @@ static void ecdh_init_internal( mbedtls_ecdh_context_mbed *ctx )
*/ */
void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx ) void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx )
{ {
ECDH_VALIDATE( ctx != NULL );
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
ecdh_init_internal( ctx ); ecdh_init_internal( ctx );
mbedtls_ecp_point_init( &ctx->Vi ); mbedtls_ecp_point_init( &ctx->Vi );
@ -181,8 +202,7 @@ static int ecdh_setup_internal( mbedtls_ecdh_context_mbed *ctx,
*/ */
int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id ) int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id )
{ {
if( ctx == NULL ) ECDH_VALIDATE_RET( ctx != NULL );
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return( ecdh_setup_internal( ctx, grp_id ) ); return( ecdh_setup_internal( ctx, grp_id ) );
@ -218,8 +238,7 @@ static void ecdh_free_internal( mbedtls_ecdh_context_mbed *ctx )
*/ */
void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx ) void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx )
{ {
if( ctx == NULL ) ECDH_VALIDATE_RET( ctx != NULL );
return;
ctx->restart_enabled = 1; ctx->restart_enabled = 1;
} }
@ -318,9 +337,10 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
void *p_rng ) void *p_rng )
{ {
int restart_enabled = 0; int restart_enabled = 0;
ECDH_VALIDATE_RET( ctx != NULL );
if( ctx == NULL ) ECDH_VALIDATE_RET( olen != NULL );
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); ECDH_VALIDATE_RET( buf != NULL );
ECDH_VALIDATE_RET( f_rng != NULL );
#if defined(MBEDTLS_ECP_RESTARTABLE) #if defined(MBEDTLS_ECP_RESTARTABLE)
restart_enabled = ctx->restart_enabled; restart_enabled = ctx->restart_enabled;
@ -366,9 +386,10 @@ int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
{ {
int ret; int ret;
mbedtls_ecp_group_id grp_id; mbedtls_ecp_group_id grp_id;
ECDH_VALIDATE_RET( ctx != NULL );
if( ctx == NULL ) ECDH_VALIDATE_RET( buf != NULL );
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); ECDH_VALIDATE_RET( *buf != NULL );
ECDH_VALIDATE_RET( end != NULL );
if( ( ret = mbedtls_ecp_tls_read_group_id( &grp_id, buf, end - *buf ) ) if( ( ret = mbedtls_ecp_tls_read_group_id( &grp_id, buf, end - *buf ) )
!= 0 ) != 0 )
@ -420,9 +441,10 @@ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx,
mbedtls_ecdh_side side ) mbedtls_ecdh_side side )
{ {
int ret; int ret;
ECDH_VALIDATE_RET( ctx != NULL );
if( ctx == NULL ) ECDH_VALIDATE_RET( key != NULL );
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); ECDH_VALIDATE_RET( side == MBEDTLS_ECDH_OURS ||
side == MBEDTLS_ECDH_THEIRS );
if( ( ret = mbedtls_ecdh_setup( ctx, key->grp.id ) ) != 0 ) if( ( ret = mbedtls_ecdh_setup( ctx, key->grp.id ) ) != 0 )
return( ret ); return( ret );
@ -488,9 +510,9 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
void *p_rng ) void *p_rng )
{ {
int restart_enabled = 0; int restart_enabled = 0;
ECDH_VALIDATE_RET( ctx != NULL );
if( ctx == NULL ) ECDH_VALIDATE_RET( olen != NULL );
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); ECDH_VALIDATE_RET( buf != NULL );
#if defined(MBEDTLS_ECP_RESTARTABLE) #if defined(MBEDTLS_ECP_RESTARTABLE)
restart_enabled = ctx->restart_enabled; restart_enabled = ctx->restart_enabled;
@ -535,8 +557,8 @@ static int ecdh_read_public_internal( mbedtls_ecdh_context_mbed *ctx,
int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx, int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
const unsigned char *buf, size_t blen ) const unsigned char *buf, size_t blen )
{ {
if( ctx == NULL ) ECDH_VALIDATE_RET( ctx != NULL );
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); ECDH_VALIDATE_RET( buf != NULL );
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return( ecdh_read_public_internal( ctx, buf, blen ) ); return( ecdh_read_public_internal( ctx, buf, blen ) );
@ -607,9 +629,9 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
void *p_rng ) void *p_rng )
{ {
int restart_enabled = 0; int restart_enabled = 0;
ECDH_VALIDATE_RET( ctx != NULL );
if( ctx == NULL ) ECDH_VALIDATE_RET( olen != NULL );
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); ECDH_VALIDATE_RET( buf != NULL );
#if defined(MBEDTLS_ECP_RESTARTABLE) #if defined(MBEDTLS_ECP_RESTARTABLE)
restart_enabled = ctx->restart_enabled; restart_enabled = ctx->restart_enabled;