crypto: dh - SP800-56A rev 3 local public key validation

After the generation of a local public key, SP800-56A rev 3 section 5.6.2.1.3 mandates a validation of that key with a full validation compliant to section 5.6.2.3.1. Only if the full validation passes, the key is allowed to be used. Signed-off-by: Stephan Mueller <[email protected]> Signed-off-by: Herbert Xu <[email protected]>
josf · Jul 31, 2020 · 2ed5ba6 · 2ed5ba6
1 parent 90fa9ae
commit 2ed5ba6
Showing 1 changed file with 34 additions and 25 deletions.
diff --git a/crypto/dh.c b/crypto/dh.c
@@ -180,32 +180,41 @@ static int dh_compute_value(struct kpp_request *req)
 	if (ret)
 		goto err_free_base;
 
-	/* SP800-56A rev3 5.7.1.1 check: Validation of shared secret */
-	if (fips_enabled && req->src) {
-		MPI pone;
-
-		/* z <= 1 */
-		if (mpi_cmp_ui(val, 1) < 1) {
-			ret = -EBADMSG;
-			goto err_free_base;
-		}
-
-		/* z == p - 1 */
-		pone = mpi_alloc(0);
-
-		if (!pone) {
-			ret = -ENOMEM;
-			goto err_free_base;
+	if (fips_enabled) {
+		/* SP800-56A rev3 5.7.1.1 check: Validation of shared secret */
+		if (req->src) {
+			MPI pone;
+
+			/* z <= 1 */
+			if (mpi_cmp_ui(val, 1) < 1) {
+				ret = -EBADMSG;
+				goto err_free_base;
+			}
+
+			/* z == p - 1 */
+			pone = mpi_alloc(0);
+
+			if (!pone) {
+				ret = -ENOMEM;
+				goto err_free_base;
+			}
+
+			ret = mpi_sub_ui(pone, ctx->p, 1);
+			if (!ret && !mpi_cmp(pone, val))
+				ret = -EBADMSG;
+
+			mpi_free(pone);
+
+			if (ret)
+				goto err_free_base;
+
+		/* SP800-56A rev 3 5.6.2.1.3 key check */
+		} else {
+			if (dh_is_pubkey_valid(ctx, val)) {
+				ret = -EAGAIN;
+				goto err_free_val;
+			}
 		}
-
-		ret = mpi_sub_ui(pone, ctx->p, 1);
-		if (!ret && !mpi_cmp(pone, val))
-			ret = -EBADMSG;
-
-		mpi_free(pone);
-
-		if (ret)
-			goto err_free_base;
 	}
 
 	ret = mpi_write_to_sgl(val, req->dst, req->dst_len, &sign);