Re: [PATCH v2 5/5] crypto: ECDH SP800-56A rev 3 local public key validation

From: Vitaly Chikunov <vt@altlinux.org>
To: Stephan Mueller <smueller@chronox.de>
Cc: herbert@gondor.apana.org.au, linux-crypto@vger.kernel.org,
	Marcelo Cerri <marcelo.cerri@canonical.com>,
	Tianjia Zhang <tianjia.zhang@linux.alibaba.com>,
	ard.biesheuvel@linaro.org, nhorman@redhat.com, simo@redhat.com
Subject: Re: [PATCH v2 5/5] crypto: ECDH SP800-56A rev 3 local public key validation
Date: Mon, 13 Jul 2020 08:59:50 +0300	[thread overview]
Message-ID: <20200713055950.ibvzogkdwhqxcduc@altlinux.org> (raw)
In-Reply-To: <5856902.DvuYhMxLoT@tauon.chronox.de>

On Mon, Jul 13, 2020 at 07:04:39AM +0200, Stephan Mueller wrote:
> Am Sonntag, 12. Juli 2020, 20:06:13 CEST schrieb Vitaly Chikunov:
> 
> Hi Vitaly,
> 
> > Stephan,
> > 
> > On Sun, Jul 12, 2020 at 06:42:14PM +0200, Stephan Müller wrote:
> > > After the generation of a local public key, SP800-56A rev 3 section
> > > 5.6.2.1.3 mandates a validation of that key with a full validation
> > > compliant to section 5.6.2.3.3.
> > > 
> > > Only if the full validation passes, the key is allowed to be used.
> > > 
> > > The patch adds the full key validation compliant to 5.6.2.3.3 and
> > > performs the required check on the generated public key.
> > > 
> > > Signed-off-by: Stephan Mueller <smueller@chronox.de>
> > > ---
> > > 
> > >  crypto/ecc.c | 31 ++++++++++++++++++++++++++++++-
> > >  crypto/ecc.h | 14 ++++++++++++++
> > >  2 files changed, 44 insertions(+), 1 deletion(-)
> > > 
> > > diff --git a/crypto/ecc.c b/crypto/ecc.c
> > > index 52e2d49262f2..7308487e7c55 100644
> > > --- a/crypto/ecc.c
> > > +++ b/crypto/ecc.c
> > > @@ -1404,7 +1404,9 @@ int ecc_make_pub_key(unsigned int curve_id, unsigned
> > > int ndigits,> 
> > >  	}
> > >  	
> > >  	ecc_point_mult(pk, &curve->g, priv, NULL, curve, ndigits);
> > > 
> > > -	if (ecc_point_is_zero(pk)) {
> > > +
> > > +	/* SP800-56A rev 3 5.6.2.1.3 key check */
> > > +	if (ecc_is_pubkey_valid_full(curve, pk)) {
> > > 
> > >  		ret = -EAGAIN;
> > >  		goto err_free_point;
> > >  	
> > >  	}
> > > 
> > > @@ -1452,6 +1454,33 @@ int ecc_is_pubkey_valid_partial(const struct
> > > ecc_curve *curve,> 
> > >  }
> > >  EXPORT_SYMBOL(ecc_is_pubkey_valid_partial);
> > > 
> > > +/* SP800-56A section 5.6.2.3.3 full verification */
> > 
> > Btw, 5.6.2.3.3 is partial validation, 5.6.2.3.2 is full validation
> > routine.
> 
> Looking at SP800-56A revision 3 from April 2018 I see:
> 
> "5.6.2.3.3 ECC Full Public-Key Validation Routine"

You are right. I looked at

  https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar2.pdf

which is Rev 2. And in Rev 3 they inserted `5.6.2.3.2 FFC Partial Public-Key
Validation Routine', so ECC paragraph numbers are shifted up.

Thanks,

> 
> Thanks for the review.
> 
> Ciao
> Stephan
> 