[gnutls-help] ECDH internal functions and FIPS140-2 mode
Nicolas Mora
nicolas at babelouest.org
Wed Feb 24 18:03:17 CET 2021
Hello Daiki and Stephan, thanks for your feedback!
I'll describe my context to explain my needs with ECDH.
I'm the author of a library called Rhonabwy [1], this library implements
JOSE standards [2], in C, using GnuTLS to implement all cryptographic
routines.
This library is used in my SSO Server glewlwyd [3] to implement signed
and/or encrypted requests and response between parties.
In my prototype, the ECDH-ES key management works using
_gnutls_ecdh_compute_key (I only need this function).
There are 2 feedbacks though:
1- I have a memory leak in the _gnutls_ecdh_compute_key function
I've attached a sample code to reproduce the problem and the valgrind output
2- The input paramters for the _gnutls_ecdh_compute_key functions are
gnutls_datum_t of exported values from the ECC keys. I think a public
function would rather have gnutls_privkey_t, gnutls_pubkey_t and the
gnutls_datum_t *Z output
Le 2021-02-22 à 10 h 32, Stephan Mueller a écrit :
> The impact on FIPS is as follows:
>
> - If the newly conceived ECDH API only available in non-FIPS mode, we have no
> impact.
>
> - If the newly conceived ECDH API is only meant to be an "internal" API that
> is not supposed to be used by normal users, we are fine.
>
> - If the newly conceived API is to be used as a truly normal API that offers
> generic (EC)DH operation, the following recently added checks must be invoked
> by this API:
>
> * the received remote public key must be validated
>
> * during local key pair generation, the key pair must be validated
>
> * after generating the shared secret, it must be validated
>
In my opinion, I'd rather have an official API that offers (EC)DH
operation as described in my point 2- above, with of course, added
checks to make sure the call is valid
I'm very willing to help with that with test cases and help with the
code if required.
/Nicolas
[1] https://github.com/babelouest/rhonabwy
[2] https://jose.readthedocs.io/en/latest/
[3] https://github.com/babelouest/glewlwyd
-------------- next part --------------
A non-text attachment was scrubbed...
Name: test_ecdh.c
Type: text/x-csrc
Size: 1982 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20210224/f081ce78/attachment-0001.c>
-------------- next part --------------
==9445== Memcheck, a memory error detector
==9445== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==9445== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info
==9445== Command: ./test_ecdh
==9445==
==9445==
==9445== HEAP SUMMARY:
==9445== in use at exit: 240 bytes in 10 blocks
==9445== total heap usage: 1,317 allocs, 1,307 frees, 108,091 bytes allocated
==9445==
==9445== 32 bytes in 1 blocks are indirectly lost in loss record 1 of 10
==9445== at 0x483877F: malloc (vg_replace_malloc.c:307)
==9445== by 0x4FA99A9: __gmp_default_allocate (in /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1)
==9445== by 0x4FC03D3: __gmpz_realloc (in /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1)
==9445== by 0x4FB9A98: __gmpz_import (in /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1)
==9445== by 0x4F5F929: nettle_mpz_set_str_256_u (in /usr/lib/x86_64-linux-gnu/libhogweed.so.6.1)
==9445== by 0x499867A: wrap_nettle_mpi_scan (mpi.c:146)
==9445== by 0x48AAB19: _gnutls_mpi_init_scan (mpi.c:122)
==9445== by 0x48AAE6D: _gnutls_mpi_init_scan_nz (mpi.c:141)
==9445== by 0x4998177: _gnutls_ecdh_compute_key (pk.c:1981)
==9445== by 0x10933D: main (test_ecdh.c:24)
==9445==
==9445== 32 bytes in 1 blocks are indirectly lost in loss record 2 of 10
==9445== at 0x483877F: malloc (vg_replace_malloc.c:307)
==9445== by 0x4FA99A9: __gmp_default_allocate (in /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1)
==9445== by 0x4FC03D3: __gmpz_realloc (in /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1)
==9445== by 0x4FB9A98: __gmpz_import (in /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1)
==9445== by 0x4F5F929: nettle_mpz_set_str_256_u (in /usr/lib/x86_64-linux-gnu/libhogweed.so.6.1)
==9445== by 0x499867A: wrap_nettle_mpi_scan (mpi.c:146)
==9445== by 0x48AAB19: _gnutls_mpi_init_scan (mpi.c:122)
==9445== by 0x48AAE6D: _gnutls_mpi_init_scan_nz (mpi.c:141)
==9445== by 0x4998193: _gnutls_ecdh_compute_key (pk.c:1989)
==9445== by 0x10933D: main (test_ecdh.c:24)
==9445==
==9445== 32 bytes in 1 blocks are indirectly lost in loss record 3 of 10
==9445== at 0x483877F: malloc (vg_replace_malloc.c:307)
==9445== by 0x4FA99A9: __gmp_default_allocate (in /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1)
==9445== by 0x4FC03D3: __gmpz_realloc (in /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1)
==9445== by 0x4FB9A98: __gmpz_import (in /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1)
==9445== by 0x4F5F929: nettle_mpz_set_str_256_u (in /usr/lib/x86_64-linux-gnu/libhogweed.so.6.1)
==9445== by 0x499867A: wrap_nettle_mpi_scan (mpi.c:146)
==9445== by 0x48AAB19: _gnutls_mpi_init_scan (mpi.c:122)
==9445== by 0x48AAE6D: _gnutls_mpi_init_scan_nz (mpi.c:141)
==9445== by 0x49981B9: _gnutls_ecdh_compute_key (pk.c:1999)
==9445== by 0x10933D: main (test_ecdh.c:24)
==9445==
==9445== 32 bytes in 1 blocks are indirectly lost in loss record 4 of 10
==9445== at 0x483877F: malloc (vg_replace_malloc.c:307)
==9445== by 0x4FA99A9: __gmp_default_allocate (in /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1)
==9445== by 0x4FC03D3: __gmpz_realloc (in /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1)
==9445== by 0x4FB9A98: __gmpz_import (in /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1)
==9445== by 0x4F5F929: nettle_mpz_set_str_256_u (in /usr/lib/x86_64-linux-gnu/libhogweed.so.6.1)
==9445== by 0x499867A: wrap_nettle_mpi_scan (mpi.c:146)
==9445== by 0x48AAB19: _gnutls_mpi_init_scan (mpi.c:122)
==9445== by 0x48AAE6D: _gnutls_mpi_init_scan_nz (mpi.c:141)
==9445== by 0x49981D1: _gnutls_ecdh_compute_key (pk.c:2007)
==9445== by 0x10933D: main (test_ecdh.c:24)
==9445==
==9445== 32 bytes in 1 blocks are indirectly lost in loss record 5 of 10
==9445== at 0x483877F: malloc (vg_replace_malloc.c:307)
==9445== by 0x4FA99A9: __gmp_default_allocate (in /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1)
==9445== by 0x4FC03D3: __gmpz_realloc (in /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1)
==9445== by 0x4FB9A98: __gmpz_import (in /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1)
==9445== by 0x4F5F929: nettle_mpz_set_str_256_u (in /usr/lib/x86_64-linux-gnu/libhogweed.so.6.1)
==9445== by 0x499867A: wrap_nettle_mpi_scan (mpi.c:146)
==9445== by 0x48AAB19: _gnutls_mpi_init_scan (mpi.c:122)
==9445== by 0x48AAE6D: _gnutls_mpi_init_scan_nz (mpi.c:141)
==9445== by 0x49981F1: _gnutls_ecdh_compute_key (pk.c:2015)
==9445== by 0x10933D: main (test_ecdh.c:24)
==9445==
==9445== 48 (16 direct, 32 indirect) bytes in 1 blocks are definitely lost in loss record 6 of 10
==9445== at 0x483877F: malloc (vg_replace_malloc.c:307)
==9445== by 0x4998754: wrap_nettle_mpi_init (mpi.c:79)
==9445== by 0x48AAB02: _gnutls_mpi_init_scan (mpi.c:117)
==9445== by 0x48AAE6D: _gnutls_mpi_init_scan_nz (mpi.c:141)
==9445== by 0x4998177: _gnutls_ecdh_compute_key (pk.c:1981)
==9445== by 0x10933D: main (test_ecdh.c:24)
==9445==
==9445== 48 (16 direct, 32 indirect) bytes in 1 blocks are definitely lost in loss record 7 of 10
==9445== at 0x483877F: malloc (vg_replace_malloc.c:307)
==9445== by 0x4998754: wrap_nettle_mpi_init (mpi.c:79)
==9445== by 0x48AAB02: _gnutls_mpi_init_scan (mpi.c:117)
==9445== by 0x48AAE6D: _gnutls_mpi_init_scan_nz (mpi.c:141)
==9445== by 0x4998193: _gnutls_ecdh_compute_key (pk.c:1989)
==9445== by 0x10933D: main (test_ecdh.c:24)
==9445==
==9445== 48 (16 direct, 32 indirect) bytes in 1 blocks are definitely lost in loss record 8 of 10
==9445== at 0x483877F: malloc (vg_replace_malloc.c:307)
==9445== by 0x4998754: wrap_nettle_mpi_init (mpi.c:79)
==9445== by 0x48AAB02: _gnutls_mpi_init_scan (mpi.c:117)
==9445== by 0x48AAE6D: _gnutls_mpi_init_scan_nz (mpi.c:141)
==9445== by 0x49981B9: _gnutls_ecdh_compute_key (pk.c:1999)
==9445== by 0x10933D: main (test_ecdh.c:24)
==9445==
==9445== 48 (16 direct, 32 indirect) bytes in 1 blocks are definitely lost in loss record 9 of 10
==9445== at 0x483877F: malloc (vg_replace_malloc.c:307)
==9445== by 0x4998754: wrap_nettle_mpi_init (mpi.c:79)
==9445== by 0x48AAB02: _gnutls_mpi_init_scan (mpi.c:117)
==9445== by 0x48AAE6D: _gnutls_mpi_init_scan_nz (mpi.c:141)
==9445== by 0x49981D1: _gnutls_ecdh_compute_key (pk.c:2007)
==9445== by 0x10933D: main (test_ecdh.c:24)
==9445==
==9445== 48 (16 direct, 32 indirect) bytes in 1 blocks are definitely lost in loss record 10 of 10
==9445== at 0x483877F: malloc (vg_replace_malloc.c:307)
==9445== by 0x4998754: wrap_nettle_mpi_init (mpi.c:79)
==9445== by 0x48AAB02: _gnutls_mpi_init_scan (mpi.c:117)
==9445== by 0x48AAE6D: _gnutls_mpi_init_scan_nz (mpi.c:141)
==9445== by 0x49981F1: _gnutls_ecdh_compute_key (pk.c:2015)
==9445== by 0x10933D: main (test_ecdh.c:24)
==9445==
==9445== LEAK SUMMARY:
==9445== definitely lost: 80 bytes in 5 blocks
==9445== indirectly lost: 160 bytes in 5 blocks
==9445== possibly lost: 0 bytes in 0 blocks
==9445== still reachable: 0 bytes in 0 blocks
==9445== suppressed: 0 bytes in 0 blocks
==9445==
==9445== For lists of detected and suppressed errors, rerun with: -s
==9445== ERROR SUMMARY: 5 errors from 5 contexts (suppressed: 0 from 0)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xFE82139440BD22B9.asc
Type: application/pgp-keys
Size: 3066 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20210224/f081ce78/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20210224/f081ce78/attachment-0001.sig>
More information about the Gnutls-help
mailing list