среда, 31 августа 2016 г.

bugs in mbedtls DH client/server

1) altough always used constant MBEDTLS_MD_SHA256 parameters are signed with sha1 and then we have MBEDTLS_ERR_RSA_VERIFY_FAILED in library\rsa.c on line 1435
2) in dh_server.c when receiving client's public value length of buffer must be dhm.len

Nice cryptolibrary, totally ready to work in kernel mode I think
patch:


diff -up D:\work\src\crypto\mbedtls-2.3.0\programs\pkey/dh_client.c D:\work\src\mbedtls-2.3.0\programs\pkey/dh_client.c
*** D:\work\src\crypto\mbedtls-2.3.0\programs\pkey/dh_client.c    Mon Jun 27 21:50:36 2016
--- D:\work\src\mbedtls-2.3.0\programs\pkey/dh_client.c    Wed Aug 31 17:58:33 2016
***************
*** 41,47 ****
  #include "mbedtls/aes.h"
  #include "mbedtls/dhm.h"
  #include "mbedtls/rsa.h"
! #include "mbedtls/sha1.h"
  #include "mbedtls/entropy.h"
  #include "mbedtls/ctr_drbg.h"
 
--- 41,47 ----
  #include "mbedtls/aes.h"
  #include "mbedtls/dhm.h"
  #include "mbedtls/rsa.h"
! #include "mbedtls/sha256.h"
  #include "mbedtls/entropy.h"
  #include "mbedtls/ctr_drbg.h"
 
*************** int main( void )
*** 210,216 ****
          goto exit;
      }
 
!     mbedtls_sha1( buf, (int)( p - 2 - buf ), hash );
 
      if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC,
                                    MBEDTLS_MD_SHA256, 0, hash, p ) ) != 0 )
--- 210,216 ----
          goto exit;
      }
 
!     mbedtls_sha256( buf, (int)( p - 2 - buf ), hash, 0 );
 
      if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC,
                                    MBEDTLS_MD_SHA256, 0, hash, p ) ) != 0 )
diff -up D:\work\src\crypto\mbedtls-2.3.0\programs\pkey/dh_server.c D:\work\src\mbedtls-2.3.0\programs\pkey/dh_server.c
*** D:\work\src\crypto\mbedtls-2.3.0\programs\pkey/dh_server.c    Mon Jun 27 21:50:36 2016
--- D:\work\src\mbedtls-2.3.0\programs\pkey/dh_server.c    Wed Aug 31 18:12:33 2016
***************
*** 41,47 ****
  #include "mbedtls/aes.h"
  #include "mbedtls/dhm.h"
  #include "mbedtls/rsa.h"
! #include "mbedtls/sha1.h"
  #include "mbedtls/entropy.h"
  #include "mbedtls/ctr_drbg.h"
 
--- 41,47 ----
  #include "mbedtls/aes.h"
  #include "mbedtls/dhm.h"
  #include "mbedtls/rsa.h"
! #include "mbedtls/sha256.h"
  #include "mbedtls/entropy.h"
  #include "mbedtls/ctr_drbg.h"
 
*************** int main( void )
*** 201,207 ****
      /*
       * 5. Sign the parameters and send them
       */
!     mbedtls_sha1( buf, n, hash );
 
      buf[n    ] = (unsigned char)( rsa.len >> 8 );
      buf[n + 1] = (unsigned char)( rsa.len      );
--- 201,207 ----
      /*
       * 5. Sign the parameters and send them
       */
!     mbedtls_sha256( buf, n, hash, 0 );
 
      buf[n    ] = (unsigned char)( rsa.len >> 8 );
      buf[n + 1] = (unsigned char)( rsa.len      );
*************** int main( void )
*** 232,238 ****
 
      memset( buf, 0, sizeof( buf ) );
 
!     if( ( ret = mbedtls_net_recv( &client_fd, buf, n ) ) != (int) n )
      {
          mbedtls_printf( " failed\n  ! mbedtls_net_recv returned %d\n\n", ret );
          goto exit;
--- 232,238 ----
 
      memset( buf, 0, sizeof( buf ) );
 
!     if( ( ret = mbedtls_net_recv( &client_fd, buf, dhm.len ) ) != (int)dhm.len )
      {
          mbedtls_printf( " failed\n  ! mbedtls_net_recv returned %d\n\n", ret );
          goto exit;

Комментариев нет:

Отправить комментарий