Re: [PATCH] crypto: rsa - allow only odd e and restrict value in FIPS mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jun 13, 2023 at 04:17:31PM +0000, Mahmoud Adam wrote:
> check if rsa public exponent is odd and check its value is between
> 2^16 < e < 2^256.
> 
> FIPS 186-5 DSS (page 35)[1] specify that:
> 1. The public exponent e shall be selected with the following constraints:
>   (a) The public verification exponent e shall be selected prior to
>   generating the primes, p and q, and the private signature exponent
>   d.
>   (b) The exponent e shall be an odd positive integer such that:
>    2^16 < e < 2^256.
> 
> [1] https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf
> 
> Signed-off-by: Mahmoud Adam <mngyadam@xxxxxxxxxx>
> ---
>  crypto/rsa.c | 36 ++++++++++++++++++++++++++++++++++++
>  1 file changed, 36 insertions(+)
> 
> diff --git a/crypto/rsa.c b/crypto/rsa.c
> index c50f2d2a4d06..c79613cdce6e 100644
> --- a/crypto/rsa.c
> +++ b/crypto/rsa.c
> @@ -205,6 +205,32 @@ static int rsa_check_key_length(unsigned int len)
>  	return -EINVAL;
>  }
>  
> +static int rsa_check_exponent_fips(MPI e)
> +{
> +	MPI e_max = NULL;
> +
> +	/* check if odd */
> +	if (!mpi_test_bit(e, 0)) {
> +		return -EINVAL;
> +	}
> +
> +	/* check if 2^16 < e < 2^256. */
> +	if (mpi_cmp_ui(e, 65536) <= 0) {
> +		return -EINVAL;
> +	}
> +
> +	e_max = mpi_alloc(0);
> +	mpi_set_bit(e_max, 256);
> +
> +	if (mpi_cmp(e, e_max) >= 0) {
> +		mpi_free(e_max);
> +		return -EINVAL;
> +	}
> +
> +	mpi_free(e_max);
> +	return 0;
> +}
> +
>  static int rsa_set_pub_key(struct crypto_akcipher *tfm, const void *key,
>  			   unsigned int keylen)
>  {
> @@ -232,6 +258,11 @@ static int rsa_set_pub_key(struct crypto_akcipher *tfm, const void *key,
>  		return -EINVAL;
>  	}
>  
> +	if (fips_enabled && rsa_check_exponent_fips(mpi_key->e)) {
> +		rsa_free_mpi_key(mpi_key);
> +		return -EINVAL;
> +	}
> +
>  	return 0;
>  
>  err:
> @@ -290,6 +321,11 @@ static int rsa_set_priv_key(struct crypto_akcipher *tfm, const void *key,
>  		return -EINVAL;
>  	}
>  
> +	if (fips_enabled && rsa_check_exponent_fips(mpi_key->e)) {
> +		rsa_free_mpi_key(mpi_key);
> +		return -EINVAL;
> +	}
> +
>  	return 0;
>  
>  err:
> -- 
> 2.40.1

Cc Stephan Mueller
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux