diff --git a/consts/src/lib.rs b/consts/src/lib.rs index 3eb85b28..4ac04a3c 100644 --- a/consts/src/lib.rs +++ b/consts/src/lib.rs @@ -96,10 +96,11 @@ mod structs { MacVerificationFailed = 2, UnsupportedMethod = 3, UnsupportedCipherSuite = 4, - ParsingError = 5, - WrongState = 6, - EADError = 7, - UnknownError = 8, + InvalidPublicKey = 5, + ParsingError = 6, + WrongState = 7, + EADError = 8, + UnknownError = 9, } #[repr(C)] diff --git a/crypto/edhoc-crypto-cryptocell310-sys/src/lib.rs b/crypto/edhoc-crypto-cryptocell310-sys/src/lib.rs index be73d460..0caffaf9 100644 --- a/crypto/edhoc-crypto-cryptocell310-sys/src/lib.rs +++ b/crypto/edhoc-crypto-cryptocell310-sys/src/lib.rs @@ -293,3 +293,7 @@ pub fn p256_generate_key_pair() -> (BytesP256ElemLen, BytesP256ElemLen) { (private_key, public_key) } + +pub fn p256_validate_compact_public_key(public_key: &BytesP256ElemLen) -> bool { + true +} diff --git a/crypto/edhoc-crypto-hacspec/src/lib.rs b/crypto/edhoc-crypto-hacspec/src/lib.rs index 350fe741..5e2c842e 100644 --- a/crypto/edhoc-crypto-hacspec/src/lib.rs +++ b/crypto/edhoc-crypto-hacspec/src/lib.rs @@ -209,6 +209,16 @@ pub fn p256_generate_key_pair() -> (BytesP256ElemLen, BytesP256ElemLen) { (private_key.to_public_array(), public_key.to_public_array()) } +pub fn p256_validate_compact_public_key(public_key: &BytesP256ElemLen) -> bool { + let public_key = BytesP256ElemLenHacspec::from_public_slice(public_key); + let point = ( + P256FieldElement::from_byte_seq_be(&public_key), + p256_calculate_w(P256FieldElement::from_byte_seq_be(&public_key)), + ); + + p256_validate_public_key(point) +} + #[cfg(test)] mod tests { use super::*; diff --git a/crypto/edhoc-crypto-psa/src/lib.rs b/crypto/edhoc-crypto-psa/src/lib.rs index 938ba1dc..d491b449 100644 --- a/crypto/edhoc-crypto-psa/src/lib.rs +++ b/crypto/edhoc-crypto-psa/src/lib.rs @@ -273,6 +273,10 @@ pub fn p256_generate_key_pair() -> (BytesP256ElemLen, BytesP256ElemLen) { (private_key, public_key) } +pub fn p256_validate_compact_public_key(public_key: &BytesP256ElemLen) -> bool { + true +} + #[cfg(test)] mod tests { use super::*; diff --git a/lib/src/edhoc.rs b/lib/src/edhoc.rs index e8a1c5e8..e00dcded 100644 --- a/lib/src/edhoc.rs +++ b/lib/src/edhoc.rs @@ -120,36 +120,40 @@ pub fn r_process_message_1( if method == EDHOC_METHOD { // Step 2: verify that the selected cipher suite is supported if suites_i[suites_i_len - 1] == EDHOC_SUPPORTED_SUITES[0] { - // Step 3: If EAD is present make it available to the application - let ead_success = if let Some(ead_1) = ead_1 { - r_process_ead_1(ead_1).is_ok() - } else { - true - }; - if ead_success { - // hash message_1 and save the hash to the state to avoid saving the whole message - let mut message_1_buf: BytesMaxBuffer = [0x00; MAX_BUFFER_LEN]; - message_1_buf[..message_1.len] - .copy_from_slice(&message_1.content[..message_1.len]); - h_message_1 = sha256_digest(&message_1_buf, message_1.len); + if p256_validate_compact_public_key(&g_x) { + // Step 3: If EAD is present make it available to the application + let ead_success = if let Some(ead_1) = ead_1 { + r_process_ead_1(ead_1).is_ok() + } else { + true + }; + if ead_success { + // hash message_1 and save the hash to the state to avoid saving the whole message + let mut message_1_buf: BytesMaxBuffer = [0x00; MAX_BUFFER_LEN]; + message_1_buf[..message_1.len] + .copy_from_slice(&message_1.content[..message_1.len]); + h_message_1 = sha256_digest(&message_1_buf, message_1.len); - error = EDHOCError::Success; - current_state = EDHOCState::ProcessedMessage1; - - state = construct_state( - current_state, - _y, - c_i, - g_x, - _prk_3e2m, - _prk_4e3m, - _prk_out, - _prk_exporter, - h_message_1, - _th_3, - ); + error = EDHOCError::Success; + current_state = EDHOCState::ProcessedMessage1; + + state = construct_state( + current_state, + _y, + c_i, + g_x, + _prk_3e2m, + _prk_4e3m, + _prk_out, + _prk_exporter, + h_message_1, + _th_3, + ); + } else { + error = EDHOCError::EADError; + } } else { - error = EDHOCError::EADError; + error = EDHOCError::InvalidPublicKey; } } else { error = EDHOCError::UnsupportedCipherSuite; diff --git a/lib/src/lib.rs b/lib/src/lib.rs index 2d98c958..27252a26 100644 --- a/lib/src/lib.rs +++ b/lib/src/lib.rs @@ -362,6 +362,10 @@ mod test { const MESSAGE_1_TV: &str = "0382060258208af6f430ebe18d34184017a9a11bf511c8dff8f834730b96c1b7c8dbca2fc3b637"; + // invalid test vectors, crypto-related + const MESSAGE_1_INVALID_G_X_NOT_ON_P256_CURVE_TV: &str = + "03025820a04e73601df544a70ba7ea1e57030f7d4b4eb7f673924e58d54ca77a5e7d4d4a0e"; + #[test] fn test_new_initiator() { let state: EdhocState = Default::default(); @@ -403,6 +407,23 @@ mod test { assert!(error.is_ok()); } + #[test] + fn test_process_message_1_invalid_traces_crypto() { + let message_1_tv = EdhocMessageBuffer::from_hex(MESSAGE_1_INVALID_G_X_NOT_ON_P256_CURVE_TV); + let mut responder = EdhocResponder::new( + Default::default(), + R, + G_I, + ID_CRED_I, + CRED_I, + ID_CRED_R, + CRED_R, + ); + let error = responder.process_message_1(&message_1_tv); + assert!(error.is_err()); + assert_eq!(error.unwrap_err(), EDHOCError::InvalidPublicKey); + } + #[test] fn test_generate_connection_identifier() { let conn_id = generate_connection_identifier();