git.samba.org - sfrench/cifs-2.6.git/commit

author	Stephan Mueller <smueller@chronox.de>
	Wed, 27 Jun 2018 06:15:31 +0000 (08:15 +0200)
committer	Herbert Xu <herbert@gondor.apana.org.au>
	Sun, 8 Jul 2018 16:26:22 +0000 (00:26 +0800)
commit	e3fe0ae129622b78e710e75ecbf7aca7af5dda47
tree	f95315c4f57e6a33c98a60dfc3a8566f21509ec4	tree
parent	73463ade0a57d2c7f23e1dfad25d32f18c79db95	commit \| diff

crypto: dh - add public key verification test

According to SP800-56A section 5.6.2.1, the public key to be processed
for the DH operation shall be checked for appropriateness. The check
shall covers the full verification test in case the domain parameter Q
is provided as defined in SP800-56A section 5.6.2.3.1. If Q is not
provided, the partial check according to SP800-56A section 5.6.2.3.2 is
performed.

The full verification test requires the presence of the domain parameter
Q. Thus, the patch adds the support to handle Q. It is permissible to
not provide the Q value as part of the domain parameters. This implies
that the interface is still backwards-compatible where so far only P and
G are to be provided. However, if Q is provided, it is imported.

Without the test, the NIST ACVP testing fails. After adding this check,
the NIST ACVP testing passes. Testing without providing the Q domain
parameter has been performed to verify the interface has not changed.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto/dh.c		diff \| blob \| history
crypto/dh_helper.c		diff \| blob \| history
include/crypto/dh.h		diff \| blob \| history