[gnutls-devel] GnuTLS | nettle: check validity of (EC)DH shared secret before export (!1299)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Sat Jul 18 09:14:48 CEST 2020
Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1299#note_381661234
In summary:
> - Shared secret generation: section 5.7.1.1 (FFC) and 5.7.1.2 (ECC) - this patch covers this check
Done in bea53f1b46a64d6dcf5bbe4794740c4d4459f9bf (FFC) and 13202600d3e42258d8758b05ff45a3e3d0f07e4e (ECC).
> - receipt of remote public key following section 5.6.2.2.2:
>
> * FFC:
>
> . if PQG are RFC3526 / RFC7919 primes, then apply (at least) the partial validation from section 5.6.2.3.2
>
> . otherwise perform the full validation compliant to section 5.6.2.3.1
I believe this is already done in `lib/nettle/pk.c:_wrap_nettle_pk_derive`. The relevant code is around:
- https://gitlab.com/gnutls/gnutls/-/blob/master/lib/nettle/pk.c#L312
- https://gitlab.com/gnutls/gnutls/-/blob/master/lib/nettle/pk.c#L322
> * ECC: perform partial validation compliant to 5.6.2.3.4
This is also done through `_wrap_nettle_pk_derive` already:
- `_wrap_nettle_pk_derive` calls `_ecc_params_to_pubkey`: https://gitlab.com/gnutls/gnutls/-/blob/master/lib/nettle/pk.c#L397
- `_ecc_params_to_pubkey` uses nettle's `ecc_point_set`: https://gitlab.com/gnutls/gnutls/-/blob/master/lib/nettle/pk.c#L397
- `ecc_point_set` has all the necessary checks: https://gitlab.com/gnutls/nettle/-/blob/master/ecc-point.c#L64 (step 1 and 2) and https://gitlab.com/gnutls/nettle/-/blob/master/ecc-point.c#L64 (step 3)
>
> - generation of local key pair following section 5.6.2.1.3:
>
> * FFC:
>
> . perform the full validation compliant to section 5.6.2.3.1
Done in 8b575625614fbe5a22b68dc8d1877efb1d44dd37.
> * ECC:
>
> . perform a full validation compliant to section 5.6.2.3.3
Done in db001209da553a7eeaa68fd06d2d64a22ef42bde.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1299#note_381661234
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200718/544cbbb5/attachment-0001.html>
More information about the Gnutls-devel
mailing list