From: Marcelo Henrique Cerri <marcelo.cerri@canonical.com>
To: "Stephan Müller" <smueller@chronox.de>
Cc: herbert@gondor.apana.org.au, linux-crypto@vger.kernel.org,
Tianjia Zhang <tianjia.zhang@linux.alibaba.com>,
ard.biesheuvel@linaro.org, nhorman@redhat.com, simo@redhat.com
Subject: Re: [PATCH v2 5/5] crypto: ECDH SP800-56A rev 3 local public key validation
Date: Wed, 15 Jul 2020 10:19:12 -0300 [thread overview]
Message-ID: <20200715131912.7enis4arnbs5lewt@valinor> (raw)
In-Reply-To: <3168469.44csPzL39Z@positron.chronox.de>
[-- Attachment #1: Type: text/plain, Size: 3218 bytes --]
Reviewed-by: Marcelo Henrique Cerri <marcelo.cerri@canonical.com>
Tested-by: Marcelo Henrique Cerri <marcelo.cerri@canonical.com>
On Sun, Jul 12, 2020 at 06:42:14PM +0200, Stephan Müller wrote:
> After the generation of a local public key, SP800-56A rev 3 section
> 5.6.2.1.3 mandates a validation of that key with a full validation
> compliant to section 5.6.2.3.3.
>
> Only if the full validation passes, the key is allowed to be used.
>
> The patch adds the full key validation compliant to 5.6.2.3.3 and
> performs the required check on the generated public key.
>
> Signed-off-by: Stephan Mueller <smueller@chronox.de>
> ---
> crypto/ecc.c | 31 ++++++++++++++++++++++++++++++-
> crypto/ecc.h | 14 ++++++++++++++
> 2 files changed, 44 insertions(+), 1 deletion(-)
>
> diff --git a/crypto/ecc.c b/crypto/ecc.c
> index 52e2d49262f2..7308487e7c55 100644
> --- a/crypto/ecc.c
> +++ b/crypto/ecc.c
> @@ -1404,7 +1404,9 @@ int ecc_make_pub_key(unsigned int curve_id, unsigned int ndigits,
> }
>
> ecc_point_mult(pk, &curve->g, priv, NULL, curve, ndigits);
> - if (ecc_point_is_zero(pk)) {
> +
> + /* SP800-56A rev 3 5.6.2.1.3 key check */
> + if (ecc_is_pubkey_valid_full(curve, pk)) {
> ret = -EAGAIN;
> goto err_free_point;
> }
> @@ -1452,6 +1454,33 @@ int ecc_is_pubkey_valid_partial(const struct ecc_curve *curve,
> }
> EXPORT_SYMBOL(ecc_is_pubkey_valid_partial);
>
> +/* SP800-56A section 5.6.2.3.3 full verification */
> +int ecc_is_pubkey_valid_full(const struct ecc_curve *curve,
> + struct ecc_point *pk)
> +{
> + struct ecc_point *nQ;
> +
> + /* Checks 1 through 3 */
> + int ret = ecc_is_pubkey_valid_partial(curve, pk);
> +
> + if (ret)
> + return ret;
> +
> + /* Check 4: Verify that nQ is the zero point. */
> + nQ = ecc_alloc_point(pk->ndigits);
> + if (!nQ)
> + return -ENOMEM;
> +
> + ecc_point_mult(nQ, pk, curve->n, NULL, curve, pk->ndigits);
> + if (!ecc_point_is_zero(nQ))
> + ret = -EINVAL;
> +
> + ecc_free_point(nQ);
> +
> + return ret;
> +}
> +EXPORT_SYMBOL(ecc_is_pubkey_valid_full);
> +
> int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits,
> const u64 *private_key, const u64 *public_key,
> u64 *secret)
> diff --git a/crypto/ecc.h b/crypto/ecc.h
> index ab0eb70b9c09..d4e546b9ad79 100644
> --- a/crypto/ecc.h
> +++ b/crypto/ecc.h
> @@ -147,6 +147,20 @@ int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits,
> int ecc_is_pubkey_valid_partial(const struct ecc_curve *curve,
> struct ecc_point *pk);
>
> +/**
> + * ecc_is_pubkey_valid_full() - Full public key validation
> + *
> + * @curve: elliptic curve domain parameters
> + * @pk: public key as a point
> + *
> + * Valdiate public key according to SP800-56A section 5.6.2.3.3 ECC Full
> + * Public-Key Validation Routine.
> + *
> + * Return: 0 if validation is successful, -EINVAL if validation is failed.
> + */
> +int ecc_is_pubkey_valid_full(const struct ecc_curve *curve,
> + struct ecc_point *pk);
> +
> /**
> * vli_is_zero() - Determine is vli is zero
> *
> --
> 2.26.2
>
>
>
>
--
Regards,
Marcelo
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
next prev parent reply other threads:[~2020-07-15 13:19 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-10 10:09 [PATCH 0/3] DH: SP800-56A rev 3 compliant shared secret Stephan Müller
2020-07-10 10:10 ` [PATCH 1/3] crypto: ECDH - check validity of Z before export Stephan Müller
2020-07-10 10:10 ` [PATCH 2/3] lib/mpi: Add mpi_sub_ui() Stephan Müller
2020-07-10 14:42 ` Ard Biesheuvel
2020-07-10 15:10 ` Stephan Mueller
2020-07-10 10:15 ` [PATCH 3/3] crypto: DH - check validity of Z before export Stephan Müller
2020-07-12 16:38 ` [PATCH v2 0/5] DH: SP800-56A rev 3 compliant validation checks Stephan Müller
2020-07-12 16:39 ` [PATCH v2 1/5] crypto: ECDH - check validity of Z before export Stephan Müller
2020-07-12 18:02 ` Vitaly Chikunov
2020-07-15 13:17 ` Marcelo Henrique Cerri
2020-07-12 16:39 ` [PATCH v2 2/5] lib/mpi: Add mpi_sub_ui() Stephan Müller
2020-07-16 7:30 ` Herbert Xu
2020-07-16 8:41 ` Ard Biesheuvel
2020-07-16 12:50 ` Marcelo Henrique Cerri
2020-07-16 13:09 ` Ard Biesheuvel
2020-07-16 13:41 ` Marcelo Henrique Cerri
2020-07-16 13:53 ` Ard Biesheuvel
2020-07-16 14:23 ` Marcelo Henrique Cerri
2020-07-16 14:37 ` Ard Biesheuvel
2020-07-16 14:56 ` Marcelo Henrique Cerri
2020-07-16 15:20 ` Ard Biesheuvel
2020-07-12 16:40 ` [PATCH v2 3/5] crypto: DH - check validity of Z before export Stephan Müller
2020-07-15 13:17 ` Marcelo Henrique Cerri
2020-07-12 16:40 ` [PATCH v2 4/5] crypto: DH SP800-56A rev 3 local public key validation Stephan Müller
2020-07-15 13:18 ` Marcelo Henrique Cerri
2020-07-12 16:42 ` [PATCH v2 5/5] crypto: ECDH " Stephan Müller
2020-07-12 18:06 ` Vitaly Chikunov
2020-07-13 5:04 ` Stephan Mueller
2020-07-13 5:59 ` Vitaly Chikunov
2020-07-13 6:02 ` Stephan Müller
2020-07-15 13:19 ` Marcelo Henrique Cerri [this message]
2020-07-20 17:05 ` [PATCH v3 0/5] DH: SP800-56A rev 3 compliant validation checks Stephan Müller
2020-07-20 17:07 ` [PATCH v3 1/5] crypto: ECDH - check validity of Z before export Stephan Müller
2020-07-22 13:11 ` Vitaly Chikunov
2020-07-24 17:47 ` Neil Horman
2020-07-20 17:08 ` [PATCH v3 2/5] lib/mpi: Add mpi_sub_ui() Stephan Müller
2020-07-20 17:08 ` [PATCH v3 3/5] crypto: DH - check validity of Z before export Stephan Müller
2020-07-24 18:02 ` Neil Horman
2020-07-20 17:08 ` [PATCH v3 4/5] crypto: DH SP800-56A rev 3 local public key validation Stephan Müller
2020-07-20 17:09 ` [PATCH v3 5/5] crypto: ECDH " Stephan Müller
2020-07-21 11:35 ` [PATCH v3 0/5] DH: SP800-56A rev 3 compliant validation checks Marcelo Henrique Cerri
2020-07-31 13:29 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200715131912.7enis4arnbs5lewt@valinor \
--to=marcelo.cerri@canonical.com \
--cc=ard.biesheuvel@linaro.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=nhorman@redhat.com \
--cc=simo@redhat.com \
--cc=smueller@chronox.de \
--cc=tianjia.zhang@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).