Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp419679ybt; Fri, 10 Jul 2020 03:20:09 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzzceuq6znyxTS34Mxvho2pGmD04ZiL6bclFAdnd144wj0VY+xkJ1vV5ECFm8fyNSzOjDbC X-Received: by 2002:a17:906:199b:: with SMTP id g27mr58354776ejd.297.1594376409201; Fri, 10 Jul 2020 03:20:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594376409; cv=none; d=google.com; s=arc-20160816; b=wFg2Sd7OUBog/RAU8UELnNi/Yd3mGh8XYL853Fl2NWr8TUJLT8CV27wLq6jmBfY5mr 2gqPnFG/y6h2B4AuR47dJINd7n1fnXoAUwzUgQBC7Lj8Ntvjf2vSnNhwwIR/p3IO1NRY 9Pdow3Nx4S9xzaeNGwhZ9oEJFwTSLDsV6MT2xlpmCbckofWNk2hw9P1QhMVET1qRTfEP Fq04q62CWhfhyk4+EK+NRhuN4He+Wz7ekuN03tZv/4A75ZC1PLbtn5SEQ/xTUvH2Skf6 y9UCC+hQORUUT5JA9cZYHPK7tG5WseI/lU14ML4RQ/eDb/8L9Mp9FQ1FP9JvDmV7eKNX yYkQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=fnJrgncP7SIdtJq/7xEi9RklqwzrndPWbsyQ73FueIA=; b=HUhoydq82K7fBnldGrHUpVQD0PUa59ahDc9/us6V9zj9DNC5ZFNAlNAvmO9W0Nmfb/ ZWH3bZ6k0zg65yWkWtgm8KNn/p3kKQchaQgJraOkoGyYUNbQRrJ6tKrrCU7HaxeEL0Nz cl5w1bXIvS0Lp6HWC6PUbj3lh1fHRk4xWYmdBojERWuZXX6FQIR6qoUbIWaWbKrUWHNt bNIjFEvIE6nMmwvo5coRZeWwAwwIfTKPl3WtBMzj5KGmFWNRVXbKTdxP35fq85KtEKh9 GZezDUIzqXrCWHDj+KWgOvEn00qjnXBkL0kC1cSZXYEgocO2EoC2CU2OmEOGaZfp9CXX JwcQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@chronox.de header.s=strato-dkim-0002 header.b=ROWZGay0; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i17si3887630edv.60.2020.07.10.03.19.45; Fri, 10 Jul 2020 03:20:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=fail header.i=@chronox.de header.s=strato-dkim-0002 header.b=ROWZGay0; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726369AbgGJKSu (ORCPT + 99 others); Fri, 10 Jul 2020 06:18:50 -0400 Received: from mo4-p01-ob.smtp.rzone.de ([85.215.255.51]:29402 "EHLO mo4-p01-ob.smtp.rzone.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727871AbgGJKSs (ORCPT ); Fri, 10 Jul 2020 06:18:48 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1594376327; s=strato-dkim-0002; d=chronox.de; h=Message-ID:Date:Subject:Cc:To:From:X-RZG-CLASS-ID:X-RZG-AUTH:From: Subject:Sender; bh=fnJrgncP7SIdtJq/7xEi9RklqwzrndPWbsyQ73FueIA=; b=ROWZGay0KbnTbGxYC/hqD/zUykVQp2vuGQtoFo6uzyCcAPNKWthvtAg99uUvggqGGT E67d7wckpJu++HvVnbFWMcUTRHNt9TId9HwGAId2HU2A1/mgXiIDcwbAQ0QfsH/Z06fs GfpByJ3prJw6ma5uwsfxyKFzOx1LKKhZHb0wMNOIJ1hIVv8wV/InHzfJ26n1vt7HHV8g bS2cc5EvaSs9el/50ACZqM8XSjnJNBgWe5loDUH23dz8JPSXcKPftcZm9ZmYk8P1JeB9 beeLcS8bwVbJeSUEbT2ZTWlGC6nGzeMEZ46fA2ivcpBdbar/0670QCewS4P57Tr1K0uR p9Ng== X-RZG-AUTH: ":P2ERcEykfu11Y98lp/T7+hdri+uKZK8TKWEqNyiHySGSa9k9xmwdNnzGHXPaIvSfHReW" X-RZG-CLASS-ID: mo00 Received: from positron.chronox.de by smtp.strato.de (RZmta 46.10.5 DYNA|AUTH) with ESMTPSA id y0546bw6AAGFZsj (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits)) (Client did not present a certificate); Fri, 10 Jul 2020 12:16:15 +0200 (CEST) From: Stephan =?ISO-8859-1?Q?M=FCller?= To: herbert@gondor.apana.org.au Cc: linux-crypto@vger.kernel.org, Marcelo Cerri , Tianjia Zhang Subject: [PATCH 0/3] DH: SP800-56A rev 3 compliant shared secret Date: Fri, 10 Jul 2020 12:09:18 +0200 Message-ID: <2543601.mvXUDI8C0e@positron.chronox.de> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Hi, The patch set adds the shared secret validation as defined by SP800-56A rev 3. For ECDH this only implies that the validation of the shared secret is moved before the shared secret is returned to the caller. For DH, the validation is required to be performed against the prime of the domain parameter set. This patch adds the MPI library file mpi_sub_ui that is required to calculate P - 1 for the DH check. It would be possible, though to simply set the LSB of the prime to 0 to obtain P - 1 (since P is odd per definition) which implies that mpi_sub_ui would not be needed. However, this would require a copy operation from the existing prime MPI value into a temporary MPI where the modification can be performed. Such copy operation is not available. Therefore, the solution with the addition of mpi_sub_ui was chose. NOTE: The function mpi_sub_ui is also added with the patch set "[PATCH v5 2/8] lib/mpi: Extend the MPI library" currently sent to the linux-crypto mailing list. Marcelo Henrique Cerri (1): lib/mpi: Add mpi_sub_ui() Stephan Mueller (2): crypto: ECDH - check validity of Z before export crypto: DH - check validity of Z before export crypto/dh.c | 29 +++++++++++++++++++++ crypto/ecc.c | 11 +++++--- include/linux/mpi.h | 3 +++ lib/mpi/Makefile | 1 + lib/mpi/mpi-sub-ui.c | 60 ++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 101 insertions(+), 3 deletions(-) create mode 100644 lib/mpi/mpi-sub-ui.c -- 2.26.2