46 lines
1.9 KiB
Diff
46 lines
1.9 KiB
Diff
|
diff --git a/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c b/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c
|
||
|
index 7f91e4b230..848ca2055e 100644
|
||
|
--- a/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c
|
||
|
+++ b/src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c
|
||
|
@@ -373,11 +373,26 @@ int process_peer_commit (pwd_session_t *session, uint8_t *in, size_t in_len, BN_
|
||
|
data_len = BN_num_bytes(session->order);
|
||
|
BN_bin2bn(ptr, data_len, session->peer_scalar);
|
||
|
|
||
|
+ /* validate received scalar */
|
||
|
+ if (BN_is_zero(session->peer_scalar) ||
|
||
|
+ BN_is_one(session->peer_scalar) ||
|
||
|
+ BN_cmp(session->peer_scalar, session->order) >= 0) {
|
||
|
+ ERROR("Peer's scalar is not within the allowed range");
|
||
|
+ goto finish;
|
||
|
+ }
|
||
|
+
|
||
|
if (!EC_POINT_set_affine_coordinates_GFp(session->group, session->peer_element, x, y, bnctx)) {
|
||
|
DEBUG2("pwd: unable to get coordinates of peer's element");
|
||
|
goto finish;
|
||
|
}
|
||
|
|
||
|
+ /* validate received element */
|
||
|
+ if (!EC_POINT_is_on_curve(session->group, session->peer_element, bnctx) ||
|
||
|
+ EC_POINT_is_at_infinity(session->group, session->peer_element)) {
|
||
|
+ ERROR("Peer's element is not a point on the elliptic curve");
|
||
|
+ goto finish;
|
||
|
+ }
|
||
|
+
|
||
|
/* check to ensure peer's element is not in a small sub-group */
|
||
|
if (BN_cmp(cofactor, BN_value_one())) {
|
||
|
if (!EC_POINT_mul(session->group, point, NULL, session->peer_element, cofactor, NULL)) {
|
||
|
@@ -391,6 +406,13 @@ int process_peer_commit (pwd_session_t *session, uint8_t *in, size_t in_len, BN_
|
||
|
}
|
||
|
}
|
||
|
|
||
|
+ /* detect reflection attacks */
|
||
|
+ if (BN_cmp(session->peer_scalar, session->my_scalar) == 0 ||
|
||
|
+ EC_POINT_cmp(session->group, session->peer_element, session->my_element, bnctx) == 0) {
|
||
|
+ ERROR("Reflection attack detected");
|
||
|
+ goto finish;
|
||
|
+ }
|
||
|
+
|
||
|
/* compute the shared key, k */
|
||
|
if ((!EC_POINT_mul(session->group, K, NULL, session->pwe, session->peer_scalar, bnctx)) ||
|
||
|
(!EC_POINT_add(session->group, K, K, session->peer_element, bnctx)) ||
|