Re: [PATCH v2 4/5] crypto: DH SP800-56A rev 3 local public key validation

Marcelo Henrique Cerri <marcelo.cerri@xxxxxxxxxxxxx> · Wed, 15 Jul 2020 10:18:31 -0300



Reviewed-by: Marcelo Henrique Cerri <marcelo.cerri@xxxxxxxxxxxxx>
Tested-by: Marcelo Henrique Cerri <marcelo.cerri@xxxxxxxxxxxxx>

On Sun, Jul 12, 2020 at 06:40:57PM +0200, Stephan Müller wrote:
> After the generation of a local public key, SP800-56A rev 3 section
> 5.6.2.1.3 mandates a validation of that key with a full validation
> compliant to section 5.6.2.3.1.
> 
> Only if the full validation passes, the key is allowed to be used.
> 
> Signed-off-by: Stephan Mueller <smueller@xxxxxxxxxx>
> ---
>  crypto/dh.c | 59 ++++++++++++++++++++++++++++++-----------------------
>  1 file changed, 34 insertions(+), 25 deletions(-)
> 
> diff --git a/crypto/dh.c b/crypto/dh.c
> index f84fd50ec79b..cd4f32092e5c 100644
> --- a/crypto/dh.c
> +++ b/crypto/dh.c
> @@ -180,32 +180,41 @@ static int dh_compute_value(struct kpp_request *req)
>  	if (ret)
>  		goto err_free_base;
>  
> -	/* SP800-56A rev3 5.7.1.1 check: Validation of shared secret */
> -	if (fips_enabled && req->src) {
> -		MPI pone;
> -
> -		/* z <= 1 */
> -		if (mpi_cmp_ui(val, 1) < 1) {
> -			ret = -EBADMSG;
> -			goto err_free_base;
> -		}
> -
> -		/* z == p - 1 */
> -		pone = mpi_alloc(0);
> -
> -		if (!pone) {
> -			ret = -ENOMEM;
> -			goto err_free_base;
> +	if (fips_enabled) {
> +		/* SP800-56A rev3 5.7.1.1 check: Validation of shared secret */
> +		if (req->src) {
> +			MPI pone;
> +
> +			/* z <= 1 */
> +			if (mpi_cmp_ui(val, 1) < 1) {
> +				ret = -EBADMSG;
> +				goto err_free_base;
> +			}
> +
> +			/* z == p - 1 */
> +			pone = mpi_alloc(0);
> +
> +			if (!pone) {
> +				ret = -ENOMEM;
> +				goto err_free_base;
> +			}
> +
> +			ret = mpi_sub_ui(pone, ctx->p, 1);
> +			if (!ret && !mpi_cmp(pone, val))
> +				ret = -EBADMSG;
> +
> +			mpi_free(pone);
> +
> +			if (ret)
> +				goto err_free_base;
> +
> +		/* SP800-56A rev 3 5.6.2.1.3 key check */
> +		} else {
> +			if (dh_is_pubkey_valid(ctx, val)) {
> +				ret = -EAGAIN;
> +				goto err_free_val;
> +			}
>  		}
> -
> -		ret = mpi_sub_ui(pone, ctx->p, 1);
> -		if (!ret && !mpi_cmp(pone, val))
> -			ret = -EBADMSG;
> -
> -		mpi_free(pone);
> -
> -		if (ret)
> -			goto err_free_base;
>  	}
>  
>  	ret = mpi_write_to_sgl(val, req->dst, req->dst_len, &sign);
> -- 
> 2.26.2
> 
> 
> 
> 

-- 
Regards,
Marcelo

Attachment:
signature.asc

Description: PGP signature