05a708f7e2
If we provide low order element as a public key and the implementation maps the point in infinity to the origin, we can force the common secret to be zero. According to the standard (RFC 7748) this is allowed but in this case the primitive must not be used in a protocol that requires contributory behaviour. Mbed Crypto returns an error when the result is the point in the infinity and does not map it to the origin. This is safe even if used in protocols that require contributory behaviour. This commit adds test cases that verify that Mbed Crypto returns an error when low order public keys are processed. The low order elements in the test cases were taken from this website: https://cr.yp.to/ecdh.html |
||
|---|---|---|
| .. | ||
| .jenkins | ||
| data_files | ||
| git-scripts | ||
| scripts | ||
| suites | ||
| .gitignore | ||
| CMakeLists.txt | ||
| Descriptions.txt | ||
| Makefile | ||