While reviewing FIPS requirements for public key checks in Ephemeral Diffie-Hellman key exchanges it came out that FIPS requires checks that the public key point is not the (0, 0) coordinate and nettle is not doing it (only checks that neither point is negative.
Add this check as we never want to allow this point in any case. Simo. -- Simo Sorce Sr. Principal Software Engineer Red Hat, Inc
From e64d88c0144c22148acb9a24a277c587f084240b Mon Sep 17 00:00:00 2001 From: Simo Sorce <[email protected]> Date: Mon, 6 May 2019 10:47:49 -0400 Subject: [PATCH] Check ECC coordinates are not zero Signed-off-by: Simo Sorce <[email protected]> --- ecc-point.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/ecc-point.c b/ecc-point.c index 31e3115a..5c4b782a 100644 --- a/ecc-point.c +++ b/ecc-point.c @@ -57,12 +57,16 @@ ecc_point_set (struct ecc_point *p, const mpz_t x, const mpz_t y) mp_size_t size; mpz_t lhs, rhs; mpz_t t; + int x_sgn, y_sgn; int res; size = p->ecc->p.size; - - if (mpz_sgn (x) < 0 || mpz_limbs_cmp (x, p->ecc->p.m, size) >= 0 - || mpz_sgn (y) < 0 || mpz_limbs_cmp (y, p->ecc->p.m, size) >= 0) + x_sgn = mpz_sgn (x); + y_sgn = mpz_sgn (y); + + if ((x_sgn == 0 && y_sgn == 0) || + x_sgn < 0 || mpz_limbs_cmp (x, p->ecc->p.m, size) >= 0 + || y_sgn < 0 || mpz_limbs_cmp (y, p->ecc->p.m, size) >= 0) return 0; mpz_init (lhs); -- 2.20.1
_______________________________________________ nettle-bugs mailing list [email protected] http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
