On Sat, 2019-05-11 at 10:00 +0200, Niels Möller wrote: > Simo Sorce <[email protected]> writes: > > > While reviewing FIPS requirements for public key checks in Ephemeral > > Diffie-Hellman key exchanges it came out that FIPS requires checks that > > the public key point is not the (0, 0) coordinate and nettle is not > > doing it (only checks that neither point is negative. > > ecc_point_set also checks that the point is on the curve, i.e., > satisfies the curve equation. That should rule out (0, 0), except if we > have some curve with constant term b == 0, which I don't think makes > sense.
Ah you are right the later check would catch it. I was just following the checks FIPS explicitly requires in order and didn't think about that ... > Not sure how FIPS requirements are formulated, but maybe it would be > better to add a test case to check that ecc_point_set rejects (0,0) ? Yes, I will drop my patch and add a test case. Simo. -- Simo Sorce Sr. Principal Software Engineer Red Hat, Inc _______________________________________________ nettle-bugs mailing list [email protected] http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
