mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-30 18:57:27 +02:00
Disable the FIPS consistency checks in ECC and DH for key generation by default.
This commit is contained in:
David Garske
@ -30938,7 +30938,7 @@ static void test_wolfSSL_private_keys(void)
|
|||||||
WOLFSSL_FILETYPE_PEM));
|
WOLFSSL_FILETYPE_PEM));
|
||||||
AssertNotNull(ssl = SSL_new(ctx));
|
AssertNotNull(ssl = SSL_new(ctx));
|
||||||
|
|
||||||
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
|
#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
|
||||||
AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
|
AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|||||||
@ -63,7 +63,8 @@ Possible DH enable options:
|
|||||||
directly effect this file, but it does speed up DH
|
directly effect this file, but it does speed up DH
|
||||||
removing the testing. It is not recommended to
|
removing the testing. It is not recommended to
|
||||||
disable the prime checking. default: off
|
disable the prime checking. default: off
|
||||||
|
* WOLFSSL_VALIDATE_DH_KEYGEN: Enable DH key gen consistency checking
|
||||||
|
* (on for FIPS 140-3 or later) default: off
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
|
||||||
@ -995,8 +996,10 @@ int wc_FreeDhKey(DhKey* key)
|
|||||||
|
|
||||||
static int _ffc_validate_public_key(DhKey* key, const byte* pub, word32 pubSz,
|
static int _ffc_validate_public_key(DhKey* key, const byte* pub, word32 pubSz,
|
||||||
const byte* prime, word32 primeSz, int partial);
|
const byte* prime, word32 primeSz, int partial);
|
||||||
|
#if FIPS_VERSION_GE(5,0) || defined(WOLFSSL_VALIDATE_DH_KEYGEN)
|
||||||
static int _ffc_pairwise_consistency_test(DhKey* key,
|
static int _ffc_pairwise_consistency_test(DhKey* key,
|
||||||
const byte* pub, word32 pubSz, const byte* priv, word32 privSz);
|
const byte* pub, word32 pubSz, const byte* priv, word32 privSz);
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifndef WOLFSSL_KCAPI_DH
|
#ifndef WOLFSSL_KCAPI_DH
|
||||||
|
|
||||||
@ -1364,12 +1367,13 @@ static int wc_DhGenerateKeyPair_Sync(DhKey* key, WC_RNG* rng,
|
|||||||
|
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
ret = GeneratePublicDh(key, priv, *privSz, pub, pubSz);
|
ret = GeneratePublicDh(key, priv, *privSz, pub, pubSz);
|
||||||
#if defined(WOLFSSL_SP_MATH) || defined(HAVE_FFDHE)
|
#if FIPS_VERSION_GE(5,0) || defined(WOLFSSL_VALIDATE_DH_KEYGEN)
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
ret = _ffc_validate_public_key(key, pub, *pubSz, NULL, 0, 0);
|
ret = _ffc_validate_public_key(key, pub, *pubSz, NULL, 0, 0);
|
||||||
#endif
|
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
ret = _ffc_pairwise_consistency_test(key, pub, *pubSz, priv, *privSz);
|
ret = _ffc_pairwise_consistency_test(key, pub, *pubSz, priv, *privSz);
|
||||||
|
#endif /* FIPS V5 or later || WOLFSSL_VALIDATE_DH_KEYGEN */
|
||||||
|
|
||||||
|
|
||||||
RESTORE_VECTOR_REGISTERS();
|
RESTORE_VECTOR_REGISTERS();
|
||||||
|
|
||||||
|
|||||||
@ -1242,14 +1242,15 @@ static int wc_ecc_export_x963_compressed(ecc_key*, byte* out, word32* outLen);
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
#if (defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || !defined(WOLFSSL_SP_MATH)) && \
|
|
||||||
|
#if !defined(WOLFSSL_SP_MATH) && \
|
||||||
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
|
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
|
||||||
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050)
|
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050)
|
||||||
static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a,
|
static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a,
|
||||||
mp_int* prime, mp_int* order);
|
mp_int* prime, mp_int* order);
|
||||||
#endif
|
#endif
|
||||||
static int _ecc_validate_public_key(ecc_key* key, int partial, int priv);
|
static int _ecc_validate_public_key(ecc_key* key, int partial, int priv);
|
||||||
#if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(WOLFSSL_VALIDATE_ECC_IMPORT)
|
#if FIPS_VERSION_GE(5,0) || defined(WOLFSSL_VALIDATE_ECC_KEYGEN)
|
||||||
static int _ecc_pairwise_consistency_test(ecc_key* key, WC_RNG* rng);
|
static int _ecc_pairwise_consistency_test(ecc_key* key, WC_RNG* rng);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -5087,10 +5088,10 @@ int wc_ecc_make_key_ex2(WC_RNG* rng, int keysize, ecc_key* key, int curve_id,
|
|||||||
|
|
||||||
err = _ecc_make_key_ex(rng, keysize, key, curve_id, flags);
|
err = _ecc_make_key_ex(rng, keysize, key, curve_id, flags);
|
||||||
|
|
||||||
|
#if FIPS_VERSION_GE(5,0) || defined(WOLFSSL_VALIDATE_ECC_KEYGEN)
|
||||||
if (err == MP_OKAY) {
|
if (err == MP_OKAY) {
|
||||||
err = _ecc_validate_public_key(key, 0, 0);
|
err = _ecc_validate_public_key(key, 0, 0);
|
||||||
}
|
}
|
||||||
#if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(WOLFSSL_VALIDATE_ECC_IMPORT)
|
|
||||||
if (err == MP_OKAY) {
|
if (err == MP_OKAY) {
|
||||||
err = _ecc_pairwise_consistency_test(key, rng);
|
err = _ecc_pairwise_consistency_test(key, rng);
|
||||||
}
|
}
|
||||||
@ -8381,7 +8382,8 @@ int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime)
|
|||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
#if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_VALIDATE_ECC_IMPORT)
|
#if FIPS_VERSION_GE(5,0) || defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || \
|
||||||
|
(defined(WOLFSSL_VALIDATE_ECC_IMPORT) && !defined(WOLFSSL_SP_MATH))
|
||||||
/* validate privkey * generator == pubkey, 0 on success */
|
/* validate privkey * generator == pubkey, 0 on success */
|
||||||
static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime)
|
static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime)
|
||||||
{
|
{
|
||||||
@ -8508,9 +8510,10 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime)
|
|||||||
|
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
#endif /* !WOLFSSL_SP_MATH || WOLFSSL_VALIDATE_ECC_IMPORT */
|
#endif /* WOLFSSL_VALIDATE_ECC_KEYGEN ||
|
||||||
|
* (!WOLFSSL_SP_MATH && WOLFSSL_VALIDATE_ECC_IMPORT) */
|
||||||
|
|
||||||
#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
|
#if FIPS_VERSION_GE(5,0) || defined(WOLFSSL_VALIDATE_ECC_KEYGEN)
|
||||||
|
|
||||||
/* check privkey generator helper, creates prime needed */
|
/* check privkey generator helper, creates prime needed */
|
||||||
static int ecc_check_privkey_gen_helper(ecc_key* key)
|
static int ecc_check_privkey_gen_helper(ecc_key* key)
|
||||||
@ -8549,18 +8552,16 @@ static int ecc_check_privkey_gen_helper(ecc_key* key)
|
|||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif /* WOLFSSL_VALIDATE_ECC_IMPORT */
|
|
||||||
|
|
||||||
|
|
||||||
#if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(WOLFSSL_VALIDATE_ECC_IMPORT)
|
|
||||||
/* Performs a Pairwise Consistency Test on an ECC key pair. */
|
/* Performs a Pairwise Consistency Test on an ECC key pair. */
|
||||||
static int _ecc_pairwise_consistency_test(ecc_key* key, WC_RNG* rng)
|
static int _ecc_pairwise_consistency_test(ecc_key* key, WC_RNG* rng)
|
||||||
{
|
{
|
||||||
int err = 0;
|
int err = 0;
|
||||||
int flags = key->flags;
|
int flags = key->flags;
|
||||||
|
|
||||||
if ((flags & (WC_ECC_FLAG_COFACTOR | WC_ECC_FLAG_DEC_SIGN)) == 0)
|
/* If flags not set default to cofactor and dec/sign */
|
||||||
|
if ((flags & (WC_ECC_FLAG_COFACTOR | WC_ECC_FLAG_DEC_SIGN)) == 0) {
|
||||||
flags = (WC_ECC_FLAG_COFACTOR | WC_ECC_FLAG_DEC_SIGN);
|
flags = (WC_ECC_FLAG_COFACTOR | WC_ECC_FLAG_DEC_SIGN);
|
||||||
|
}
|
||||||
|
|
||||||
if (flags & WC_ECC_FLAG_COFACTOR) {
|
if (flags & WC_ECC_FLAG_COFACTOR) {
|
||||||
err = ecc_check_privkey_gen_helper(key);
|
err = ecc_check_privkey_gen_helper(key);
|
||||||
@ -8606,16 +8607,16 @@ static int _ecc_pairwise_consistency_test(ecc_key* key, WC_RNG* rng)
|
|||||||
ForceZero(sig, sigLen + digestLen);
|
ForceZero(sig, sigLen + digestLen);
|
||||||
XFREE(sig, NULL, DYNAMIC_TYPE_ECC);
|
XFREE(sig, NULL, DYNAMIC_TYPE_ECC);
|
||||||
}
|
}
|
||||||
|
(void)rng;
|
||||||
|
|
||||||
if (err != 0)
|
if (err != 0)
|
||||||
err = ECC_PCT_E;
|
err = ECC_PCT_E;
|
||||||
|
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
#endif /* WOLFSSL_VALIDATE_ECC_KEYGEN || WOLFSSL_VALIDATE_ECC_IMPORT */
|
#endif /* FIPS v5 or later || WOLFSSL_VALIDATE_ECC_KEYGEN */
|
||||||
|
|
||||||
|
#ifndef WOLFSSL_SP_MATH
|
||||||
#if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || !defined(WOLFSSL_SP_MATH)
|
|
||||||
/* validate order * pubkey = point at infinity, 0 on success */
|
/* validate order * pubkey = point at infinity, 0 on success */
|
||||||
static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a,
|
static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a,
|
||||||
mp_int* prime, mp_int* order)
|
mp_int* prime, mp_int* order)
|
||||||
@ -8668,7 +8669,8 @@ static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a,
|
|||||||
|
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* !WOLFSSL_SP_MATH */
|
||||||
|
|
||||||
#endif /* !WOLFSSL_ATECC508A && !WOLFSSL_CRYPTOCELL*/
|
#endif /* !WOLFSSL_ATECC508A && !WOLFSSL_CRYPTOCELL*/
|
||||||
|
|
||||||
#ifdef OPENSSL_EXTRA
|
#ifdef OPENSSL_EXTRA
|
||||||
@ -8858,10 +8860,12 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv)
|
|||||||
err = ECC_PRIV_KEY_E;
|
err = ECC_PRIV_KEY_E;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
|
||||||
/* SP 800-56Ar3, section 5.6.2.1.4, method (b) for ECC */
|
/* SP 800-56Ar3, section 5.6.2.1.4, method (b) for ECC */
|
||||||
/* private * base generator must equal pubkey */
|
/* private * base generator must equal pubkey */
|
||||||
if (err == MP_OKAY && key->type == ECC_PRIVATEKEY)
|
if (err == MP_OKAY && key->type == ECC_PRIVATEKEY)
|
||||||
err = ecc_check_privkey_gen(key, curve->Af, curve->prime);
|
err = ecc_check_privkey_gen(key, curve->Af, curve->prime);
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
wc_ecc_curve_free(curve);
|
wc_ecc_curve_free(curve);
|
||||||
|
|||||||
Reference in New Issue
Block a user