Added DH public key check y^q mod p = 1 against small-subgroup attacks as described in rfc2785

author: Never <[email protected]> 2016-12-19 13:34:24 +0100
committer: Never <[email protected]> 2016-12-19 13:34:24 +0100
commit: 037f037a10ec12f77600307d7012dcc27d3aa291 (patch)
tree: 6357a8ec9b60ef0ed7bc41af17015f8821e9c7e3 /src/lib/pubkey
parent: cb50b81a3d7098a864b99832354f9e2cdbbca965 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/lib/pubkey/dl_algo/dl_algo.cpp b/src/lib/pubkey/dl_algo/dl_algo.cpp
index 8e885d318..472b979b1 100644
--- a/src/lib/pubkey/dl_algo/dl_algo.cpp
+++ b/src/lib/pubkey/dl_algo/dl_algo.cpp
@@ -67,6 +67,8 @@ bool DL_Scheme_PublicKey::check_key(RandomNumberGenerator& rng,
       return false;
    if(!m_group.verify_group(rng, strong))
       return false;
+   if(power_mod(m_y,group_q(),group_p()) != 1)
+      return false;
    return true;
    }
author	Never <[email protected]>	2016-12-19 13:34:24 +0100
committer	Never <[email protected]>	2016-12-19 13:34:24 +0100
commit	037f037a10ec12f77600307d7012dcc27d3aa291 (patch)
tree	6357a8ec9b60ef0ed7bc41af17015f8821e9c7e3 /src/lib/pubkey
parent	cb50b81a3d7098a864b99832354f9e2cdbbca965 (diff)