From 82e2a44d81012701786800c79e0171a50c3c2d31 Mon Sep 17 00:00:00 2001
From: Daniel Neus <d.neus@sirrix.com>
Date: Tue, 26 Jul 2016 11:18:56 +0200
Subject: fix: load_check() was called instead of gen_check() during DH private
 key generation

---
 src/lib/pubkey/dh/dh.cpp | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/lib/pubkey/dh/dh.cpp b/src/lib/pubkey/dh/dh.cpp
index 9eb4e5cd0..8ed79aa3d 100644
--- a/src/lib/pubkey/dh/dh.cpp
+++ b/src/lib/pubkey/dh/dh.cpp
@@ -37,6 +37,7 @@ DH_PrivateKey::DH_PrivateKey(RandomNumberGenerator& rng,
                              const DL_Group& grp,
                              const BigInt& x_arg)
    {
+   const bool generate = (x_arg == 0) ? true : false;
    m_group = grp;
    m_x = x_arg;
 
@@ -47,12 +48,18 @@ DH_PrivateKey::DH_PrivateKey(RandomNumberGenerator& rng,
       }
 
    if(m_y == 0)
+      {
       m_y = power_mod(group_g(), m_x, group_p());
+      }
 
-   if(m_x == 0)
+   if(generate)
+      {
       gen_check(rng);
+      }
    else
+      {
       load_check(rng);
+      }
    }
 
 /*
-- 
cgit v1.2.3


From 923be75ef7ba4c21968291333402a7bc6eafedfd Mon Sep 17 00:00:00 2001
From: Daniel Neus <d.neus@sirrix.com>
Date: Tue, 26 Jul 2016 11:21:06 +0200
Subject: Add negative tests with invalid inputs for the DH key agreement
 operation

---
 src/tests/test_dh.cpp | 34 +++++++++++++++++++++++++++++++++-
 1 file changed, 33 insertions(+), 1 deletion(-)

diff --git a/src/tests/test_dh.cpp b/src/tests/test_dh.cpp
index 4414d2c75..e82ce522a 100644
--- a/src/tests/test_dh.cpp
+++ b/src/tests/test_dh.cpp
@@ -52,8 +52,41 @@ class Diffie_Hellman_KAT_Tests : public PK_Key_Agreement_Test
          Botan::DH_PublicKey key(grp, y);
          return key.public_value();
          }
+
+      std::vector<Test::Result> run_final_tests() override
+         {
+         using namespace Botan;
+
+         Test::Result result("DH negative tests");
+
+         const BigInt g("2");
+         const BigInt p("58458002095536094658683755258523362961421200751439456159756164191494576279467");
+         const DL_Group grp(p, g);
+
+         const Botan::BigInt x("46205663093589612668746163860870963912226379131190812163519349848291472898748");
+         std::unique_ptr<Private_Key> privkey(new DH_PrivateKey(Test::rng(), grp, x));
+
+         std::unique_ptr<PK_Key_Agreement> kas(new PK_Key_Agreement(*privkey, "Raw"));
+
+         result.test_throws("agreement input too big", [&kas]()
+            {
+            const BigInt too_big("584580020955360946586837552585233629614212007514394561597561641914945762794672");
+            kas->derive_key(16, BigInt::encode(too_big));
+            });
+
+         result.test_throws("agreement input too small", [&kas]()
+            {
+            const BigInt too_small("1");
+            kas->derive_key(16, BigInt::encode(too_small));
+            });
+
+         return{result};
+         }
+
    };
 
+BOTAN_REGISTER_TEST("dh_kat", Diffie_Hellman_KAT_Tests);
+
 class Diffie_Hellman_Keygen_Tests : public PK_Key_Generation_Test
    {
    public:
@@ -69,7 +102,6 @@ class Diffie_Hellman_Keygen_Tests : public PK_Key_Generation_Test
    };
 
 
-BOTAN_REGISTER_TEST("dh_kat", Diffie_Hellman_KAT_Tests);
 BOTAN_REGISTER_TEST("dh_keygen", Diffie_Hellman_Keygen_Tests);
 
 #endif
-- 
cgit v1.2.3