2023-02-28 02:12:55 +00:00
|
|
|
From 51b721b69fd08ef1c4c4989f5e12b643e170ff56 Mon Sep 17 00:00:00 2001
|
|
|
|
From: Pedro Monreal <pmgdeb@gmail.com>
|
|
|
|
Date: Thu, 16 Feb 2023 17:02:38 +0100
|
2023-02-10 04:31:17 +00:00
|
|
|
Subject: [PATCH] pk: extend pair-wise consistency to cover DH key generation
|
|
|
|
|
|
|
|
Perform SP800 56A (rev 3) 5.6.2.1.4 Owner Assurance of Pair-wise
|
|
|
|
Consistency check, even if we only support ephemeral DH, as it is
|
|
|
|
required by FIPS 140-3 IG 10.3.A.
|
|
|
|
|
2023-02-28 02:12:55 +00:00
|
|
|
Signed-off-by: Pedro Monreal <pmgdeb@gmail.com>
|
|
|
|
Co-authored-by: Daiki Ueno <ueno@gnu.org>
|
2023-02-10 04:31:17 +00:00
|
|
|
---
|
2023-02-28 02:12:55 +00:00
|
|
|
lib/nettle/pk.c | 29 +++++++++++++++++++++++++++++
|
|
|
|
1 file changed, 29 insertions(+)
|
2023-02-10 04:31:17 +00:00
|
|
|
|
|
|
|
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
|
2023-02-28 02:12:55 +00:00
|
|
|
index d30bca594f..bd9c1b4c74 100644
|
2023-02-10 04:31:17 +00:00
|
|
|
--- a/lib/nettle/pk.c
|
|
|
|
+++ b/lib/nettle/pk.c
|
2023-02-28 02:12:55 +00:00
|
|
|
@@ -2642,6 +2642,35 @@ static int pct_test(gnutls_pk_algorithm_t algo,
|
2023-02-10 04:31:17 +00:00
|
|
|
}
|
|
|
|
break;
|
2023-02-28 02:12:55 +00:00
|
|
|
case GNUTLS_PK_DH:
|
|
|
|
+ {
|
|
|
|
+ mpz_t y;
|
2023-02-10 04:31:17 +00:00
|
|
|
+
|
2023-02-28 02:12:55 +00:00
|
|
|
+ /* Perform SP800 56A (rev 3) 5.6.2.1.4 Owner Assurance
|
|
|
|
+ * of Pair-wise Consistency check, even if we only
|
|
|
|
+ * support ephemeral DH, as it is required by FIPS
|
|
|
|
+ * 140-3 IG 10.3.A.
|
|
|
|
+ *
|
|
|
|
+ * Use the private key, x, along with the generator g
|
|
|
|
+ * and prime modulus p included in the domain
|
|
|
|
+ * parameters associated with the key pair to compute
|
|
|
|
+ * g^x mod p. Compare the result to the public key, y.
|
|
|
|
+ */
|
|
|
|
+ mpz_init(y);
|
|
|
|
+ mpz_powm(y,
|
|
|
|
+ TOMPZ(params->params[DSA_G]),
|
|
|
|
+ TOMPZ(params->params[DSA_X]),
|
|
|
|
+ TOMPZ(params->params[DSA_P]));
|
|
|
|
+ if (unlikely
|
|
|
|
+ (mpz_cmp(y, TOMPZ(params->params[DSA_Y])) != 0)) {
|
|
|
|
+ ret =
|
|
|
|
+ gnutls_assert_val
|
|
|
|
+ (GNUTLS_E_PK_GENERATION_ERROR);
|
|
|
|
+ mpz_clear(y);
|
|
|
|
+ goto cleanup;
|
|
|
|
+ }
|
|
|
|
+ mpz_clear(y);
|
|
|
|
+ break;
|
2023-02-10 04:31:17 +00:00
|
|
|
+ }
|
|
|
|
case GNUTLS_PK_ECDH_X25519:
|
|
|
|
case GNUTLS_PK_ECDH_X448:
|
|
|
|
ret = 0;
|
|
|
|
--
|
2023-02-28 02:12:55 +00:00
|
|
|
2.39.2
|
2023-02-10 04:31:17 +00:00
|
|
|
|