From: Vitaly Chikunov <vt@altlinux.org>
To: "Stephan Müller" <smueller@chronox.de>
Cc: herbert@gondor.apana.org.au, linux-crypto@vger.kernel.org,
Marcelo Cerri <marcelo.cerri@canonical.com>,
Tianjia Zhang <tianjia.zhang@linux.alibaba.com>,
ard.biesheuvel@linaro.org, nhorman@redhat.com, simo@redhat.com
Subject: Re: [PATCH v2 1/5] crypto: ECDH - check validity of Z before export
Date: Sun, 12 Jul 2020 21:02:32 +0300 [thread overview]
Message-ID: <20200712180232.jnvkz6xtx63hisvg@altlinux.org> (raw)
In-Reply-To: <4348752.LvFx2qVVIh@positron.chronox.de>
On Sun, Jul 12, 2020 at 06:39:26PM +0200, Stephan Müller wrote:
> SP800-56A rev3 section 5.7.1.2 step 2 mandates that the validity of the
> calculated shared secret is verified before the data is returned to the
> caller. Thus, the export function and the validity check functions are
> reversed. In addition, the sensitive variables of priv and rand_z are
Reviewed-by: Vitaly Chikunov <vt@altlinux.org>
> zeroized.
>
> Signed-off-by: Stephan Mueller <smueller@chronox.de>
> ---
> crypto/ecc.c | 11 ++++++++---
> 1 file changed, 8 insertions(+), 3 deletions(-)
>
> diff --git a/crypto/ecc.c b/crypto/ecc.c
> index 02d35be7702b..52e2d49262f2 100644
> --- a/crypto/ecc.c
> +++ b/crypto/ecc.c
> @@ -1495,11 +1495,16 @@ int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits,
>
> ecc_point_mult(product, pk, priv, rand_z, curve, ndigits);
>
> - ecc_swap_digits(product->x, secret, ndigits);
> -
> - if (ecc_point_is_zero(product))
> + if (ecc_point_is_zero(product)) {
> ret = -EFAULT;
> + goto err_validity;
> + }
> +
> + ecc_swap_digits(product->x, secret, ndigits);
>
> +err_validity:
> + memzero_explicit(priv, sizeof(priv));
> + memzero_explicit(rand_z, sizeof(rand_z));
> ecc_free_point(product);
> err_alloc_product:
> ecc_free_point(pk);
> --
> 2.26.2
>
>
>
next prev parent reply other threads:[~2020-07-12 18:02 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-10 10:09 [PATCH 0/3] DH: SP800-56A rev 3 compliant shared secret Stephan Müller
2020-07-10 10:10 ` [PATCH 1/3] crypto: ECDH - check validity of Z before export Stephan Müller
2020-07-10 10:10 ` [PATCH 2/3] lib/mpi: Add mpi_sub_ui() Stephan Müller
2020-07-10 14:42 ` Ard Biesheuvel
2020-07-10 15:10 ` Stephan Mueller
2020-07-10 10:15 ` [PATCH 3/3] crypto: DH - check validity of Z before export Stephan Müller
2020-07-12 16:38 ` [PATCH v2 0/5] DH: SP800-56A rev 3 compliant validation checks Stephan Müller
2020-07-12 16:39 ` [PATCH v2 1/5] crypto: ECDH - check validity of Z before export Stephan Müller
2020-07-12 18:02 ` Vitaly Chikunov [this message]
2020-07-15 13:17 ` Marcelo Henrique Cerri
2020-07-12 16:39 ` [PATCH v2 2/5] lib/mpi: Add mpi_sub_ui() Stephan Müller
2020-07-16 7:30 ` Herbert Xu
2020-07-16 8:41 ` Ard Biesheuvel
2020-07-16 12:50 ` Marcelo Henrique Cerri
2020-07-16 13:09 ` Ard Biesheuvel
2020-07-16 13:41 ` Marcelo Henrique Cerri
2020-07-16 13:53 ` Ard Biesheuvel
2020-07-16 14:23 ` Marcelo Henrique Cerri
2020-07-16 14:37 ` Ard Biesheuvel
2020-07-16 14:56 ` Marcelo Henrique Cerri
2020-07-16 15:20 ` Ard Biesheuvel
2020-07-12 16:40 ` [PATCH v2 3/5] crypto: DH - check validity of Z before export Stephan Müller
2020-07-15 13:17 ` Marcelo Henrique Cerri
2020-07-12 16:40 ` [PATCH v2 4/5] crypto: DH SP800-56A rev 3 local public key validation Stephan Müller
2020-07-15 13:18 ` Marcelo Henrique Cerri
2020-07-12 16:42 ` [PATCH v2 5/5] crypto: ECDH " Stephan Müller
2020-07-12 18:06 ` Vitaly Chikunov
2020-07-13 5:04 ` Stephan Mueller
2020-07-13 5:59 ` Vitaly Chikunov
2020-07-13 6:02 ` Stephan Müller
2020-07-15 13:19 ` Marcelo Henrique Cerri
2020-07-20 17:05 ` [PATCH v3 0/5] DH: SP800-56A rev 3 compliant validation checks Stephan Müller
2020-07-20 17:07 ` [PATCH v3 1/5] crypto: ECDH - check validity of Z before export Stephan Müller
2020-07-22 13:11 ` Vitaly Chikunov
2020-07-24 17:47 ` Neil Horman
2020-07-20 17:08 ` [PATCH v3 2/5] lib/mpi: Add mpi_sub_ui() Stephan Müller
2020-07-20 17:08 ` [PATCH v3 3/5] crypto: DH - check validity of Z before export Stephan Müller
2020-07-24 18:02 ` Neil Horman
2020-07-20 17:08 ` [PATCH v3 4/5] crypto: DH SP800-56A rev 3 local public key validation Stephan Müller
2020-07-20 17:09 ` [PATCH v3 5/5] crypto: ECDH " Stephan Müller
2020-07-21 11:35 ` [PATCH v3 0/5] DH: SP800-56A rev 3 compliant validation checks Marcelo Henrique Cerri
2020-07-31 13:29 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200712180232.jnvkz6xtx63hisvg@altlinux.org \
--to=vt@altlinux.org \
--cc=ard.biesheuvel@linaro.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=marcelo.cerri@canonical.com \
--cc=nhorman@redhat.com \
--cc=simo@redhat.com \
--cc=smueller@chronox.de \
--cc=tianjia.zhang@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).