Commit 2ed5ba61 authored by Stephan Müller's avatar Stephan Müller Committed by Herbert Xu

crypto: dh - SP800-56A rev 3 local public key validation

After the generation of a local public key, SP800-56A rev 3 section
5.6.2.1.3 mandates a validation of that key with a full validation
compliant to section 5.6.2.3.1.

Only if the full validation passes, the key is allowed to be used.
Signed-off-by: default avatarStephan Mueller <smueller@chronox.de>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 90fa9ae5
...@@ -180,8 +180,9 @@ static int dh_compute_value(struct kpp_request *req) ...@@ -180,8 +180,9 @@ static int dh_compute_value(struct kpp_request *req)
if (ret) if (ret)
goto err_free_base; goto err_free_base;
if (fips_enabled) {
/* SP800-56A rev3 5.7.1.1 check: Validation of shared secret */ /* SP800-56A rev3 5.7.1.1 check: Validation of shared secret */
if (fips_enabled && req->src) { if (req->src) {
MPI pone; MPI pone;
/* z <= 1 */ /* z <= 1 */
...@@ -206,6 +207,14 @@ static int dh_compute_value(struct kpp_request *req) ...@@ -206,6 +207,14 @@ static int dh_compute_value(struct kpp_request *req)
if (ret) if (ret)
goto err_free_base; goto err_free_base;
/* SP800-56A rev 3 5.6.2.1.3 key check */
} else {
if (dh_is_pubkey_valid(ctx, val)) {
ret = -EAGAIN;
goto err_free_val;
}
}
} }
ret = mpi_write_to_sgl(val, req->dst, req->dst_len, &sign); ret = mpi_write_to_sgl(val, req->dst, req->dst_len, &sign);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment