From: Vitaly Chikunov <vt@altlinux.org>
To: "Stephan Müller" <smueller@chronox.de>
Cc: herbert@gondor.apana.org.au, linux-crypto@vger.kernel.org,
Marcelo Cerri <marcelo.cerri@canonical.com>,
Tianjia Zhang <tianjia.zhang@linux.alibaba.com>,
ard.biesheuvel@linaro.org, nhorman@redhat.com, simo@redhat.com
Subject: Re: [PATCH v2 1/5] crypto: ECDH - check validity of Z before export
Date: Sun, 12 Jul 2020 21:02:32 +0300 [thread overview]
Message-ID: <20200712180232.jnvkz6xtx63hisvg@altlinux.org> (raw)
In-Reply-To: <4348752.LvFx2qVVIh@positron.chronox.de>
On Sun, Jul 12, 2020 at 06:39:26PM +0200, Stephan Müller wrote:
> SP800-56A rev3 section 5.7.1.2 step 2 mandates that the validity of the
> calculated shared secret is verified before the data is returned to the
> caller. Thus, the export function and the validity check functions are
> reversed. In addition, the sensitive variables of priv and rand_z are
Reviewed-by: Vitaly Chikunov <vt@altlinux.org>
> zeroized.
>
> Signed-off-by: Stephan Mueller <smueller@chronox.de>
> ---
> crypto/ecc.c | 11 ++++++++---
> 1 file changed, 8 insertions(+), 3 deletions(-)
>
> diff --git a/crypto/ecc.c b/crypto/ecc.c
> index 02d35be7702b..52e2d49262f2 100644
> --- a/crypto/ecc.c
> +++ b/crypto/ecc.c
> @@ -1495,11 +1495,16 @@ int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits,
>
> ecc_point_mult(product, pk, priv, rand_z, curve, ndigits);
>
> - ecc_swap_digits(product->x, secret, ndigits);
> -
> - if (ecc_point_is_zero(product))
> + if (ecc_point_is_zero(product)) {
> ret = -EFAULT;
> + goto err_validity;
> + }
> +
> + ecc_swap_digits(product->x, secret, ndigits);
>
> +err_validity:
> + memzero_explicit(priv, sizeof(priv));
> + memzero_explicit(rand_z, sizeof(rand_z));
> ecc_free_point(product);
> err_alloc_product:
> ecc_free_point(pk);
> --
> 2.26.2
>
>
>
next prev parent reply other threads:[~2020-07-12 18:02 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-10 10:09 [PATCH 0/3] DH: SP800-56A rev 3 compliant shared secret Stephan Müller
2020-07-10 10:10 ` [PATCH 1/3] crypto: ECDH - check validity of Z before export Stephan Müller
2020-07-10 10:10 ` [PATCH 2/3] lib/mpi: Add mpi_sub_ui() Stephan Müller
2020-07-10 14:42 ` Ard Biesheuvel
2020-07-10 15:10 ` Stephan Mueller
2020-07-10 10:15 ` [PATCH 3/3] crypto: DH - check validity of Z before export Stephan Müller
2020-07-12 16:38 ` [PATCH v2 0/5] DH: SP800-56A rev 3 compliant validation checks Stephan Müller
2020-07-12 16:39 ` [PATCH v2 1/5] crypto: ECDH - check validity of Z before export Stephan Müller
2020-07-12 18:02 ` Vitaly Chikunov [this message]
2020-07-15 13:17 ` Marcelo Henrique Cerri
2020-07-12 16:39 ` [PATCH v2 2/5] lib/mpi: Add mpi_sub_ui() Stephan Müller
2020-07-16 7:30 ` Herbert Xu
2020-07-16 8:41 ` Ard Biesheuvel
2020-07-16 12:50 ` Marcelo Henrique Cerri
2020-07-16 13:09 ` Ard Biesheuvel
2020-07-16 13:41 ` Marcelo Henrique Cerri
2020-07-16 13:53 ` Ard Biesheuvel
2020-07-16 14:23 ` Marcelo Henrique Cerri
2020-07-16 14:37 ` Ard Biesheuvel
2020-07-16 14:56 ` Marcelo Henrique Cerri
2020-07-16 15:20 ` Ard Biesheuvel
2020-07-12 16:40 ` [PATCH v2 3/5] crypto: DH - check validity of Z before export Stephan Müller
2020-07-15 13:17 ` Marcelo Henrique Cerri
2020-07-12 16:40 ` [PATCH v2 4/5] crypto: DH SP800-56A rev 3 local public key validation Stephan Müller
2020-07-15 13:18 ` Marcelo Henrique Cerri
2020-07-12 16:42 ` [PATCH v2 5/5] crypto: ECDH " Stephan Müller
2020-07-12 18:06 ` Vitaly Chikunov
2020-07-13 5:04 ` Stephan Mueller
2020-07-13 5:59 ` Vitaly Chikunov
2020-07-13 6:02 ` Stephan Müller
2020-07-15 13:19 ` Marcelo Henrique Cerri
2020-07-20 17:05 ` [PATCH v3 0/5] DH: SP800-56A rev 3 compliant validation checks Stephan Müller
2020-07-20 17:07 ` [PATCH v3 1/5] crypto: ECDH - check validity of Z before export Stephan Müller
2020-07-22 13:11 ` Vitaly Chikunov
2020-07-24 17:47 ` Neil Horman
2020-07-20 17:08 ` [PATCH v3 2/5] lib/mpi: Add mpi_sub_ui() Stephan Müller
2020-07-20 17:08 ` [PATCH v3 3/5] crypto: DH - check validity of Z before export Stephan Müller
2020-07-24 18:02 ` Neil Horman
2020-07-20 17:08 ` [PATCH v3 4/5] crypto: DH SP800-56A rev 3 local public key validation Stephan Müller
2020-07-20 17:09 ` [PATCH v3 5/5] crypto: ECDH " Stephan Müller
2020-07-21 11:35 ` [PATCH v3 0/5] DH: SP800-56A rev 3 compliant validation checks Marcelo Henrique Cerri
2020-07-31 13:29 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200712180232.jnvkz6xtx63hisvg@altlinux.org \
--to=vt@altlinux.org \
--cc=ard.biesheuvel@linaro.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=marcelo.cerri@canonical.com \
--cc=nhorman@redhat.com \
--cc=simo@redhat.com \
--cc=smueller@chronox.de \
--cc=tianjia.zhang@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.