check for zero K value from curve25519

author: Matt Johnston <matt@ucc.asn.au> 2015-11-25 22:15:59 +0800
committer: Matt Johnston <matt@ucc.asn.au> 2015-11-25 22:15:59 +0800
commit: 2293e3d105806657e3b93416e266d87951481a64 (patch)
tree: b3c667dafb518efbc7befc7ef74e826e278a4cc0 /common-kex.c
parent: 550b3056fddb03bc6ac68dcc4ac4159c986d321d (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/common-kex.c b/common-kex.c
index e2b4f8e..b233819 100644
--- a/common-kex.c
+++ b/common-kex.c
@@ -760,6 +760,7 @@ void kexcurve25519_comb_key(struct kex_curve25519_param *param, buffer *buf_pub_
 	unsigned char out[CURVE25519_LEN];
 	const unsigned char* Q_C = NULL;
 	const unsigned char* Q_S = NULL;
+	char zeroes[CURVE25519_LEN] = {0};
 
 	if (buf_pub_them->len != CURVE25519_LEN)
 	{
@@ -767,6 +768,11 @@ void kexcurve25519_comb_key(struct kex_curve25519_param *param, buffer *buf_pub_
 	}
 
 	curve25519_donna(out, param->priv, buf_pub_them->data);
+
+	if (constant_time_memcmp(zeroes, out, CURVE25519_LEN) == 0) {
+		dropbear_exit("Bad curve25519");
+	}
+
 	m_mp_alloc_init_multi(&ses.dh_K, NULL);
 	bytes_to_mp(ses.dh_K, out, CURVE25519_LEN);
 	m_burn(out, sizeof(out));
author	Matt Johnston <matt@ucc.asn.au>	2015-11-25 22:15:59 +0800
committer	Matt Johnston <matt@ucc.asn.au>	2015-11-25 22:15:59 +0800
commit	2293e3d105806657e3b93416e266d87951481a64 (patch)
tree	b3c667dafb518efbc7befc7ef74e826e278a4cc0 /common-kex.c
parent	550b3056fddb03bc6ac68dcc4ac4159c986d321d (diff)