dsa: Update sanity checks

aumetra · aumetra · commit 6bc6cc184c05 · 2022-05-09T12:24:07.000+02:00
diff --git a/dsa/src/components.rs b/dsa/src/components.rs
@@ -7,6 +7,8 @@ use num_traits::One;
 use pkcs8::der::{self, asn1::UIntRef, DecodeValue, Encode, Header, Reader, Sequence};
 use rand::{CryptoRng, RngCore};
 
+use crate::two;
+
 /// The common components of an DSA keypair
 ///
 /// (the prime p, quotient q and generator g)
@@ -63,11 +65,10 @@ impl Components {
     /// Check whether the components are valid
     #[must_use]
     pub fn is_valid(&self) -> bool {
-        if *self.p() <= BigUint::one() || *self.q() <= BigUint::one() {
-            return false;
-        }
-
-        true
+        *self.p() >= two()
+            && *self.q() >= two()
+            && *self.g() >= BigUint::one()
+            && self.g() < self.p()
     }
 }
 
diff --git a/dsa/src/privatekey.rs b/dsa/src/privatekey.rs
@@ -6,6 +6,7 @@ use crate::{Components, PublicKey, Signature, DSA_OID};
 use core::cmp::min;
 use digest::Digest;
 use num_bigint::BigUint;
+use num_traits::One;
 use pkcs8::{
     der::{asn1::UIntRef, AnyRef, Decode, Encode},
     AlgorithmIdentifier, DecodePrivateKey, EncodePrivateKey, PrivateKeyInfo, SecretDocument,
@@ -61,7 +62,11 @@ impl PrivateKey {
     /// Check whether the private key is valid
     #[must_use]
     pub fn is_valid(&self) -> bool {
-        self.public_key().components().is_valid()
+        if !self.public_key().is_valid() {
+            return false;
+        }
+
+        *self.x() >= BigUint::one() && self.x() < self.public_key().components().q()
     }
 
     /// Sign data with the private key
@@ -120,7 +125,11 @@ impl<'a> TryFrom<PrivateKeyInfo<'a>> for PrivateKey {
         value.algorithm.assert_algorithm_oid(DSA_OID)?;
 
         let parameters = value.algorithm.parameters_any()?;
-        let components = parameters.decode_into()?;
+        let components: Components = parameters.decode_into()?;
+
+        if !components.is_valid() {
+            return Err(pkcs8::Error::KeyMalformed);
+        }
 
         let x = UIntRef::from_der(value.private_key)?;
         let x = BigUint::from_bytes_be(x.as_bytes());
@@ -133,7 +142,13 @@ impl<'a> TryFrom<PrivateKeyInfo<'a>> for PrivateKey {
         };
 
         let public_key = PublicKey::from_components(components, y);
-        Ok(PrivateKey::from_components(public_key, x))
+        let private_key = PrivateKey::from_components(public_key, x);
+
+        if !private_key.is_valid() {
+            return Err(pkcs8::Error::KeyMalformed);
+        }
+
+        Ok(private_key)
     }
 }
 
diff --git a/dsa/src/publickey.rs b/dsa/src/publickey.rs
@@ -2,7 +2,7 @@
 //! Module containing the definition of the public key container
 //!
 
-use crate::{Components, Signature, DSA_OID};
+use crate::{two, Components, Signature, DSA_OID};
 use core::cmp::min;
 use digest::Digest;
 use num_bigint::{BigUint, ModInverse};
@@ -52,7 +52,7 @@ impl PublicKey {
             return false;
         }
 
-        self.y().modpow(components.q(), components.p()) == BigUint::one()
+        *self.y() >= two() && self.y().modpow(components.q(), components.p()) == BigUint::one()
     }
 
     /// Verify if the signature matches the provided hash

Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,7 @@`
`2`	`2`	`//! Module containing the definition of the public key container`
`3`	`3`	`//!`
`4`	`4`
`5`		`-use crate::{Components, Signature, DSA_OID};`
	`5`	`+use crate::{two, Components, Signature, DSA_OID};`
`6`	`6`	`use core::cmp::min;`
`7`	`7`	`use digest::Digest;`
`8`	`8`	`use num_bigint::{BigUint, ModInverse};`
`@@ -52,7 +52,7 @@ impl PublicKey {`
`52`	`52`	`return false;`
`53`	`53`	`}`
`54`	`54`
`55`		`- self.y().modpow(components.q(), components.p()) == BigUint::one()`
	`55`	`+ *self.y() >= two() && self.y().modpow(components.q(), components.p()) == BigUint::one()`
`56`	`56`	`}`
`57`	`57`
`58`	`58`	`/// Verify if the signature matches the provided hash`