From e67bbf7526127d876f87ef1ad0978e07f1dca12d Mon Sep 17 00:00:00 2001 From: John Safranek Date: Thu, 28 Jan 2021 16:54:41 -0800 Subject: [PATCH] 1. Add flag to DH keys when using safe parameters. 2. The LN check is skipped when using safe parameters. 3. Enable all FFDHE parameter sets when building for FIPS 140-3. --- configure.ac | 6 ++++-- wolfcrypt/src/dh.c | 10 ++++++++-- wolfssl/wolfcrypt/dh.h | 1 + 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac index be7c8accb..46dbeb12d 100644 --- a/configure.ac +++ b/configure.ac @@ -3347,7 +3347,7 @@ fi # FIPS AS_CASE([$FIPS_VERSION], ["v4"], [ # FIPS 140-3 - AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DHAVE_FIPS_VERSION=4 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q" + AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DHAVE_FIPS_VERSION=4 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING" ENABLED_KEYGEN="yes"; ENABLED_SHA224="yes"; ENABLED_DES3="no" # Shake256 is a SHA-3 algorithm not in our FIPS algorithm list AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE256" @@ -3372,7 +3372,9 @@ AS_CASE([$FIPS_VERSION], [ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"]) AS_IF([test "x$ENABLED_AESGCM" = "xno"], [ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"]) - AM_CPPFLAGS="$AM_CPPFLAGS -DUSE_CERT_BUFFERS_3072 -DUSE_CERT_BUFFERS_4096" + AM_CFLAGS="$AM_CFLAGS -DUSE_CERT_BUFFERS_3072 -DUSE_CERT_BUFFERS_4096" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q" + AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_3072 -DHAVE_FFDHE_4096 -DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192 -DFP_MAX_BITS=16384" ], ["v3"],[ # FIPS Ready AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DHAVE_FIPS_VERSION=3 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q" diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index 6f270a245..ac02125d1 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -944,6 +944,9 @@ int wc_InitDhKey_ex(DhKey* key, void* heap, int devId) #else (void)devId; #endif + + key->trustedGroup = 0; + #ifdef WOLFSSL_KCAPI_DH key->handle = NULL; #endif @@ -1073,7 +1076,9 @@ static int GeneratePrivateDh186(DhKey* key, WC_RNG* rng, byte* priv, pSz = mp_unsigned_bin_size(&key->p); /* verify (L,N) pair bit lengths */ - if (CheckDhLN(pSz * WOLFSSL_BIT_SIZE, qSz * WOLFSSL_BIT_SIZE) != 0) { + /* Trusted primes don't need to be checked. */ + if (!key->trustedGroup && + CheckDhLN(pSz * WOLFSSL_BIT_SIZE, qSz * WOLFSSL_BIT_SIZE) != 0) { WOLFSSL_MSG("DH param sizes do not match SP 800-56A requirements"); return BAD_FUNC_ARG; } @@ -2311,6 +2316,8 @@ static int _DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g, if (ret == 0 && q != NULL) { if (mp_read_unsigned_bin(&key->q, q, qSz) != MP_OKAY) ret = MP_INIT_E; + else + key->trustedGroup = trusted; } if (ret != 0 && key != NULL) { @@ -2346,7 +2353,6 @@ int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g, return _DhSetKey(key, p, pSz, g, gSz, NULL, 0, 1, NULL); } - #ifdef WOLFSSL_KEY_GEN /* modulus_size in bits */ diff --git a/wolfssl/wolfcrypt/dh.h b/wolfssl/wolfcrypt/dh.h index fd8aea26b..9b25286ee 100644 --- a/wolfssl/wolfcrypt/dh.h +++ b/wolfssl/wolfcrypt/dh.h @@ -72,6 +72,7 @@ struct DhKey { #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #endif + int trustedGroup; #ifdef WOLFSSL_KCAPI_DH struct kcapi_handle* handle; #endif