diff --git a/consts/src/lib.rs b/consts/src/lib.rs index fb48fc74..456959f4 100644 --- a/consts/src/lib.rs +++ b/consts/src/lib.rs @@ -30,10 +30,11 @@ mod common { MacVerificationFailed = 2, UnsupportedMethod = 3, UnsupportedCipherSuite = 4, - ParsingError = 5, - WrongState = 6, - EADError = 7, - UnknownError = 8, + InvalidPublicKey = 5, + ParsingError = 6, + WrongState = 7, + EADError = 8, + UnknownError = 9, } #[repr(C)] diff --git a/crypto/edhoc-crypto-cryptocell310-sys/src/lib.rs b/crypto/edhoc-crypto-cryptocell310-sys/src/lib.rs index 794b9b24..061b116b 100644 --- a/crypto/edhoc-crypto-cryptocell310-sys/src/lib.rs +++ b/crypto/edhoc-crypto-cryptocell310-sys/src/lib.rs @@ -327,6 +327,10 @@ mod hacspec { let result_2 = hmac_sha256(&mut MESSAGE_2, KEY).to_public_array(); assert_eq!(result_2, RESULT_2_TV); } + + pub fn p256_validate_compact_public_key(public_key: &BytesP256ElemLen) -> bool { + true + } } #[cfg(feature = "rust")] @@ -608,4 +612,8 @@ mod rust { (private_key, public_key) } + + pub fn p256_validate_compact_public_key(public_key: &BytesP256ElemLen) -> bool { + true + } } diff --git a/crypto/edhoc-crypto-hacspec/src/lib.rs b/crypto/edhoc-crypto-hacspec/src/lib.rs index 13c312b5..7a846c73 100644 --- a/crypto/edhoc-crypto-hacspec/src/lib.rs +++ b/crypto/edhoc-crypto-hacspec/src/lib.rs @@ -120,6 +120,15 @@ pub fn p256_generate_key_pair() -> (BytesP256ElemLen, BytesP256ElemLen) { (private_key, public_key) } +pub fn p256_validate_compact_public_key(public_key: &BytesP256ElemLen) -> bool { + let point = ( + P256FieldElement::from_byte_seq_be(public_key), + p256_calculate_w(P256FieldElement::from_byte_seq_be(public_key)), + ); + + p256_validate_public_key(point) +} + #[cfg(test)] mod tests { use super::*; diff --git a/crypto/edhoc-crypto-psa/src/lib.rs b/crypto/edhoc-crypto-psa/src/lib.rs index 94b92d30..91b0fe2f 100644 --- a/crypto/edhoc-crypto-psa/src/lib.rs +++ b/crypto/edhoc-crypto-psa/src/lib.rs @@ -301,6 +301,10 @@ mod hacspec { (private_key, public_key) } + + pub fn p256_validate_compact_public_key(public_key: &BytesP256ElemLen) -> bool { + true + } } #[cfg(feature = "rust")] @@ -561,6 +565,10 @@ mod rust { (private_key, public_key) } + + pub fn p256_validate_compact_public_key(public_key: &BytesP256ElemLen) -> bool { + true + } } #[cfg(test)] diff --git a/hacspec/src/lib.rs b/hacspec/src/lib.rs index 7e8f49e3..4bf946fe 100644 --- a/hacspec/src/lib.rs +++ b/hacspec/src/lib.rs @@ -130,36 +130,40 @@ pub fn r_process_message_1( if suites_i[suites_i_len - 1].declassify() == EDHOC_SUPPORTED_SUITES[0u8].declassify() { - // Step 3: If EAD is present make it available to the application - let ead_success = if let Some(ead_1) = ead_1 { - r_process_ead_1(ead_1.to_public_item()).is_ok() - } else { - true - }; - if ead_success { - // hash message_1 and save the hash to the state to avoid saving the whole message - h_message_1 = sha256_digest( - &BytesMaxBuffer::from_slice(&message_1.content, 0, message_1.len), - message_1.len, - ); + if p256_validate_compact_public_key(&g_x) { + // Step 3: If EAD is present make it available to the application + let ead_success = if let Some(ead_1) = ead_1 { + r_process_ead_1(ead_1.to_public_item()).is_ok() + } else { + true + }; + if ead_success { + // hash message_1 and save the hash to the state to avoid saving the whole message + h_message_1 = sha256_digest( + &BytesMaxBuffer::from_slice(&message_1.content, 0, message_1.len), + message_1.len, + ); - error = EDHOCError::Success; - current_state = EDHOCState::ProcessedMessage1; - - state = construct_state( - current_state, - _y, - c_i, - g_x, - _prk_3e2m, - _prk_4e3m, - _prk_out, - _prk_exporter, - h_message_1, - _th_3, - ); + error = EDHOCError::Success; + current_state = EDHOCState::ProcessedMessage1; + + state = construct_state( + current_state, + _y, + c_i, + g_x, + _prk_3e2m, + _prk_4e3m, + _prk_out, + _prk_exporter, + h_message_1, + _th_3, + ); + } else { + error = EDHOCError::EADError; + } } else { - error = EDHOCError::EADError; + error = EDHOCError::InvalidPublicKey; } } else { error = EDHOCError::UnsupportedCipherSuite; diff --git a/lib/src/lib.rs b/lib/src/lib.rs index 95f1b5f8..a667c355 100644 --- a/lib/src/lib.rs +++ b/lib/src/lib.rs @@ -743,6 +743,10 @@ mod test { const MESSAGE_1_TV: &str = "0382060258208af6f430ebe18d34184017a9a11bf511c8dff8f834730b96c1b7c8dbca2fc3b637"; + // invalid test vectors, crypto-related + const MESSAGE_1_INVALID_G_X_NOT_ON_P256_CURVE_TV: &str = + "03025820a04e73601df544a70ba7ea1e57030f7d4b4eb7f673924e58d54ca77a5e7d4d4a0e"; + #[test] fn test_new_initiator() { let state: EdhocState = Default::default(); @@ -783,6 +787,23 @@ mod test { assert!(error.is_ok()); } + #[test] + fn test_process_message_1_invalid_traces_crypto() { + let message_1_tv = EdhocMessageBuffer::from_hex(MESSAGE_1_INVALID_G_X_NOT_ON_P256_CURVE_TV); + let mut responder = EdhocResponder::new( + Default::default(), + R, + G_I, + ID_CRED_I, + CRED_I, + ID_CRED_R, + CRED_R, + ); + let error = responder.process_message_1(&message_1_tv); + assert!(error.is_err()); + assert_eq!(error.unwrap_err(), EDHOCError::InvalidPublicKey); + } + #[test] fn test_generate_connection_identifier() { let conn_id = generate_connection_identifier();