From cdedf8872a4f8e6945bc1ac3de9d3b5d9569a8f1 Mon Sep 17 00:00:00 2001 From: tuxmike Date: Thu, 19 Jul 2018 09:30:48 +0200 Subject: [PATCH 1/2] Add check for Key Degradation Attack --- src/spake2/spake2.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/spake2/spake2.py b/src/spake2/spake2.py index 5071b5e..5758d99 100644 --- a/src/spake2/spake2.py +++ b/src/spake2/spake2.py @@ -25,6 +25,8 @@ class WrongGroupError(SPAKEError): pass class ReflectionThwarted(SPAKEError): """Someone tried to reflect our message back to us.""" +class KeyDegradationThwarted(SPAKEError): + """Someone tried to degrade our key material.""" SideA = b"A" SideB = b"B" @@ -113,6 +115,8 @@ def finish(self, inbound_side_and_message): # ) * self.xy_scalar pw_unblinding = self.my_unblinding().scalarmult(-self.pw_scalar) K_elem = inbound_elem.add(pw_unblinding).scalarmult(self.xy_scalar) + if K_elem is g.Zero: + raise KeyDegradationThwarted K_bytes = K_elem.to_bytes() key = self._finalize(K_bytes) return key From 60b00f41ebea1227d5551835357f292a651c7127 Mon Sep 17 00:00:00 2001 From: tuxmike Date: Thu, 19 Jul 2018 14:53:11 +0200 Subject: [PATCH 2/2] Added Test for KeyDegradation --- src/spake2/test/test_spake2.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/spake2/test/test_spake2.py b/src/spake2/test/test_spake2.py index d0925fb..fc4736a 100644 --- a/src/spake2/test/test_spake2.py +++ b/src/spake2/test/test_spake2.py @@ -58,6 +58,15 @@ def test_reflect(self): reflected = b"B" + m1[1:] self.assertRaises(spake2.ReflectionThwarted, s1.finish, reflected) + def test_keydegradation(self): + pw = b"password" + s1 = SPAKE2_A(pw) + m1 = s1.start() + pw_scalar = s1.params.group.password_to_scalar(pw) + pw_blinding = s1.params.N.scalarmult(pw_scalar) + manipulatedmsg = b"B" + pw_blinding.to_bytes() + self.assertRaises(spake2.KeyDegradationThwarted, s1.finish, manipulatedmsg) + class OtherEntropy(unittest.TestCase): def test_entropy(self):