Hi, The patch set adds the shared secret validation as defined by SP800-56A rev 3. For ECDH this only implies that the validation of the shared secret is moved before the shared secret is returned to the caller. For DH, the validation is required to be performed against the prime of the domain parameter set. This patch adds the MPI library file mpi_sub_ui that is required to calculate P - 1 for the DH check. It would be possible, though to simply set the LSB of the prime to 0 to obtain P - 1 (since P is odd per definition) which implies that mpi_sub_ui would not be needed. However, this would require a copy operation from the existing prime MPI value into a temporary MPI where the modification can be performed. Such copy operation is not available. Therefore, the solution with the addition of mpi_sub_ui was chose. NOTE: The function mpi_sub_ui is also added with the patch set "[PATCH v5 2/8] lib/mpi: Extend the MPI library" currently sent to the linux-crypto mailing list. Marcelo Henrique Cerri (1): lib/mpi: Add mpi_sub_ui() Stephan Mueller (2): crypto: ECDH - check validity of Z before export crypto: DH - check validity of Z before export crypto/dh.c | 29 +++++++++++++++++++++ crypto/ecc.c | 11 +++++--- include/linux/mpi.h | 3 +++ lib/mpi/Makefile | 1 + lib/mpi/mpi-sub-ui.c | 60 ++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 101 insertions(+), 3 deletions(-) create mode 100644 lib/mpi/mpi-sub-ui.c -- 2.26.2
