DH-AES: Minor optimisations and comment cleanups

jillest · Apr 15, 2013 · 019157f · 019157f
1 parent 75e0ddc
commit 019157f
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 14 deletions.
diff --git a/contrib/cap_sasl.pl b/contrib/cap_sasl.pl
@@ -272,7 +272,6 @@ sub cmd_sasl_mechanisms {
 	use Crypt::OpenSSL::Bignum;
 	use Crypt::DH;
 	use Math::BigInt;
-	#use Crypt::OpenSSL::AES;
 	use Crypt::Rijndael;
 	use Crypt::CBC;
 	sub bin2bi { return Crypt::OpenSSL::Bignum->new_from_bin(shift)->to_decimal } # binary to BigInt
@@ -292,14 +291,14 @@ sub cmd_sasl_mechanisms {
 
 		# Padding is different. Multiple of 16 instead of 8
 		# Pad the username too.
+		$u .= "\0";
 		$pass .= "\0";
 		$pass .= chr(rand(256)) while length($pass) % 16;
 
-		my $userpass = $u . "\0" . $pass;
+		my $userpass = $u . $pass; 
 
+		# Hum... this is a CBC mode cipher. We need an IV :P
 		my $iv = Crypt::CBC->random_bytes(16);
-
-		# Hum... this is a CBC mode cipher :P
 		my $cipher = Crypt::CBC->new(
 			-literal_key => 1,
 			-key    => $secret,
@@ -310,6 +309,7 @@ sub cmd_sasl_mechanisms {
 
 		my $crypted = $cipher->encrypt($userpass);
 
+		# Packing is different from DH-BLOWFISH.
 		pack("n/a*a*a*", $pubkey, $iv, $crypted);
 	};
 };

diff --git a/modules/saslserv/dh-aes.c b/modules/saslserv/dh-aes.c
@@ -134,23 +134,30 @@ static int mech_step(sasl_session_t *p, char *message, int len, char **out, int
 	dh = (DH*)p->mechdata;
 
 	/* Their pub_key */
-	if (len < 2)
+	if (len <= 2)
 		goto end;
+
 	size = ntohs(*(unsigned int*)message);
 	message += 2;
 	len -= 2;
-	if (size > len)
+
+	if (size >= len)
 		goto end;
+
 	if ((their_key = BN_bin2bn(message, size, NULL)) == NULL)
 		goto end;
+
 	message += size;
 	len -= size;
 
-	/* Their IV */
-	if (len < sizeof(iv))
+	/* Data must be a multiple of the AES block size. (16)
+	 * Verify we also have an IV and at least one block of data.
+	 * Cap at a rather arbitrary limit of 272 (IV + 16 blocks of 16 each).
+	 */
+	if (len < sizeof(iv) + AES_BLOCK_SIZE || len % AES_BLOCK_SIZE || len > 272)
 		goto end;
 
-	/* IV */
+	/* Extract the IV */
 	memcpy(iv, message, sizeof(iv));
 	message += sizeof(iv);
 	len -= sizeof(iv);
@@ -160,13 +167,9 @@ static int mech_step(sasl_session_t *p, char *message, int len, char **out, int
 	if ((size = DH_compute_key(secret, their_key, dh)) == -1)
 		goto end;
 
-	/* Data must be multiple of the AES block size (16). Cap at 256. */
-	if (len == 0 || len % AES_BLOCK_SIZE || len > 256)
-		goto end;
-
 	/* Decrypt! (AES_set_decrypt_key takes bits not bytes, hence multiply
 	 * by 8) */
-	AES_set_decrypt_key(secret, size*8, &key);
+	AES_set_decrypt_key(secret, size * 8, &key);
 
 	ptr = userpw = malloc(len + 1);
 	userpw[len] = '\0';