File tree Expand file tree Collapse file tree 1 file changed +31
-0
lines changed Expand file tree Collapse file tree 1 file changed +31
-0
lines changed Original file line number Diff line number Diff line change 1414#include <crypto/kpp.h>
1515#include <crypto/ecdh.h>
1616#include <linux/scatterlist.h>
17+ #include <linux/fips.h>
1718#include "ecc.h"
1819
1920struct ecdh_ctx {
@@ -113,6 +114,36 @@ static int ecdh_compute_value(struct kpp_request *req)
113114 ctx -> private_key , public_key );
114115 buf = public_key ;
115116 nbytes = public_key_sz ;
117+
118+ /*
119+ * SP800-56Arev3, 5.6.2.1.4: ("Owner Assurance of
120+ * Pair-wise Consistency"): recompute the public key
121+ * and check if the results match.
122+ */
123+ if (fips_enabled ) {
124+ u64 * public_key_pct ;
125+
126+ if (ret < 0 )
127+ goto free_all ;
128+
129+ public_key_pct = kmalloc (public_key_sz , GFP_KERNEL );
130+ if (!public_key_pct ) {
131+ ret = - ENOMEM ;
132+ goto free_all ;
133+ }
134+
135+ ret = ecc_make_pub_key (ctx -> curve_id , ctx -> ndigits ,
136+ ctx -> private_key ,
137+ public_key_pct );
138+ if (ret < 0 ) {
139+ kfree (public_key_pct );
140+ goto free_all ;
141+ }
142+
143+ if (memcmp (public_key , public_key_pct , public_key_sz ))
144+ panic ("ECDH PCT failed in FIPS mode" );
145+ kfree (public_key_pct );
146+ }
116147 }
117148
118149 if (ret < 0 )
You can’t perform that action at this time.
0 commit comments