sysadmin/ipxe
1
0
Fork 0
mirror of https://github.com/ipxe/ipxe synced 2026-02-06 05:14:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

[crypto] Check for all-zeros result from X25519 key exchange

Browse Source 
RFC7748 states that it is entirely optional for X25519 Diffie-Hellman
implementations to check whether or not the result is the all-zero
value (indicating that an attacker sent a malicious public key with a
small order).  RFC8422 states that implementations in TLS must abort
the handshake if the all-zero value is obtained.

Return an error if the all-zero value is obtained, so that the TLS
code will not require knowledge specific to the X25519 curve.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
Michael Brown
2024-01-30 13:14:21 +00:00
parent de8a0821c7
commit 27398f1360
4 changed files with 47 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/include/ipxe/errfile.h
View File

@@ -407,6 +407,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
#define ERRFILE_efi_rng ( ERRFILE_OTHER | 0x005c0000 )
#define ERRFILE_efi_shim ( ERRFILE_OTHER | 0x005d0000 )
#define ERRFILE_efi_settings ( ERRFILE_OTHER | 0x005e0000 )
#define ERRFILE_x25519 ( ERRFILE_OTHER | 0x005f0000 )
/** @} */

6
src/include/ipxe/x25519.h
View File

@@ -84,8 +84,8 @@ extern void x25519_multiply ( const union x25519_oct258 *multiplicand,
extern void x25519_invert ( const union x25519_oct258 *invertend,
union x25519_quad257 *result );
extern void x25519_reduce ( union x25519_quad257 *value );
extern void x25519_key ( const struct x25519_value *base,
const struct x25519_value *scalar,
struct x25519_value *result );
extern int x25519_key ( const struct x25519_value *base,
const struct x25519_value *scalar,
struct x25519_value *result );
#endif /* _IPXE_X25519_H */