crypto: dh - SP800-56A rev 3 local public key validation (2ed5ba61) · Commits · 戴 / test

After the generation of a local public key, SP800-56A rev 3 section 5.6.2.1.3 mandates a validation of that key with a full validation compliant to section 5.6.2.3.1. Only if the full validation passes, the key is allowed to be used. Signed-off-by:

Stephan Mueller <smueller@chronox.de> Signed-off-by:

Herbert Xu <herbert@gondor.apana.org.au>

crypto/dh.c

+34 −25

Original line number	Diff line number	Diff line
		@@ -180,8 +180,9 @@ static int dh_compute_value(struct kpp_request *req)
		if (ret)
		goto err_free_base;

		if (fips_enabled) {
		/* SP800-56A rev3 5.7.1.1 check: Validation of shared secret */
		if (fips_enabled && req->src) {
		if (req->src) {
		MPI pone;

		/* z <= 1 */
		@@ -206,6 +207,14 @@ static int dh_compute_value(struct kpp_request *req)

		if (ret)
		goto err_free_base;

		/* SP800-56A rev 3 5.6.2.1.3 key check */
		} else {
		if (dh_is_pubkey_valid(ctx, val)) {
		ret = -EAGAIN;
		goto err_free_val;
		}
		}
		}

		ret = mpi_write_to_sgl(val, req->dst, req->dst_len, &sign);

Admin message