EAP-pwd server: Verify received scalar and element

author Mathy Vanhoef <mathy.vanhoef@nyu.edu>

Sun, 31 Mar 2019 15:13:06 +0000 (17:13 +0200)

committer Jouni Malinen <j@w1.fi>

Tue, 9 Apr 2019 14:11:15 +0000 (17:11 +0300)
author Mathy Vanhoef <mathy.vanhoef@nyu.edu>
Sun, 31 Mar 2019 15:13:06 +0000 (17:13 +0200)
committer Jouni Malinen <j@w1.fi>
Tue, 9 Apr 2019 14:11:15 +0000 (17:11 +0300)
diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c

index d0fa54a3aba7db411def7e720a3a83dbb542aaf4..74979da6ee5f8d7bf24a6c97c4952245da9f3816 100644 (file)
--- a/src/eap_server/eap_server_pwd.c
+++ b/src/eap_server/eap_server_pwd.c
@@ -718,6 +718,26 @@ eap_pwd_process_commit_resp(struct eap_sm *sm, struct eap_pwd_data *data,
                 goto fin;
         }
  
+       /* verify received scalar */
+       if (crypto_bignum_is_zero(data->peer_scalar) ||
+           crypto_bignum_is_one(data->peer_scalar) ||
+           crypto_bignum_cmp(data->peer_scalar,
+                             crypto_ec_get_order(data->grp->group)) >= 0) {
+               wpa_printf(MSG_INFO,
+                          "EAP-PWD (server): received scalar is invalid");
+               goto fin;
+       }
+
+       /* verify received element */
+       if (!crypto_ec_point_is_on_curve(data->grp->group,
+                                        data->peer_element) ||
+           crypto_ec_point_is_at_infinity(data->grp->group,
+                                          data->peer_element)) {
+               wpa_printf(MSG_INFO,
+                          "EAP-PWD (server): received element is invalid");
+               goto fin;
+       }
+
         /* check to ensure peer's element is not in a small sub-group */
         if (!crypto_bignum_is_one(cofactor)) {
                 if (crypto_ec_point_mul(data->grp->group, data->peer_element,
author	Mathy Vanhoef <mathy.vanhoef@nyu.edu>
	Sun, 31 Mar 2019 15:13:06 +0000 (17:13 +0200)
committer	Jouni Malinen <j@w1.fi>
	Tue, 9 Apr 2019 14:11:15 +0000 (17:11 +0300)