diff options
| author | Jason A. Donenfeld <Jason@zx2c4.com> | 2023-02-16 15:51:30 +0100 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2023-02-16 16:33:14 +0100 |
| commit | c7b76d3d9ecdc2ffde80decadda88c0c7cdfeedf (patch) | |
| tree | 801fe59cc2d9c203de1dd69bf5cf15bf5d097186 /device/noise-helpers.go | |
| parent | 1e2c3e5a3c1463cb8c7ec92d74aa739587b6642f (diff) | |
device: uniformly check ECDH output for zeros
For some reason, this was omitted for response messages.
Reported-by: z <dzm@unexpl0.red>
Fixes: 8c34c4c ("First set of code review patches")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'device/noise-helpers.go')
| -rw-r--r-- | device/noise-helpers.go | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/device/noise-helpers.go b/device/noise-helpers.go index 729f8b0..c2f356b 100644 --- a/device/noise-helpers.go +++ b/device/noise-helpers.go @@ -9,6 +9,7 @@ import ( "crypto/hmac" "crypto/rand" "crypto/subtle" + "errors" "hash" "golang.org/x/crypto/blake2s" @@ -94,9 +95,14 @@ func (sk *NoisePrivateKey) publicKey() (pk NoisePublicKey) { return } -func (sk *NoisePrivateKey) sharedSecret(pk NoisePublicKey) (ss [NoisePublicKeySize]byte) { +var errInvalidPublicKey = errors.New("invalid public key") + +func (sk *NoisePrivateKey) sharedSecret(pk NoisePublicKey) (ss [NoisePublicKeySize]byte, err error) { apk := (*[NoisePublicKeySize]byte)(&pk) ask := (*[NoisePrivateKeySize]byte)(sk) curve25519.ScalarMult(&ss, ask, apk) - return ss + if isZero(ss[:]) { + return ss, errInvalidPublicKey + } + return ss, nil } |