FIPS KAS requires use of ECC CDH.
The EC 'B' and 'K' curves have a cofactor that is not 1, and this
MUST be multiplied by the private key when deriving the shared secret.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25139)
OPT_SSKDF_KEY_CHECK,
OPT_X963KDF_KEY_CHECK,
OPT_NO_PBKDF2_LOWER_BOUND_CHECK,
+ OPT_ECDH_COFACTOR_CHECK,
OPT_SELF_TEST_ONLOAD, OPT_SELF_TEST_ONINSTALL
} OPTION_CHOICE;
"Enable key check for X963KDF"},
{"no_pbkdf2_lower_bound_check", OPT_NO_PBKDF2_LOWER_BOUND_CHECK, '-',
"Disable lower bound check for PBKDF2"},
+ {"ecdh_cofactor_check", OPT_ECDH_COFACTOR_CHECK, '-',
+ "Enable Cofactor check for ECDH"},
OPT_SECTION("Input"),
{"in", OPT_IN, '<', "Input config file, used when verifying"},
unsigned int sskdf_key_check : 1;
unsigned int x963kdf_key_check : 1;
unsigned int pbkdf2_lower_bound_check : 1;
+ unsigned int ecdh_cofactor_check : 1;
} FIPS_OPTS;
/* Pedantic FIPS compliance */
1, /* sskdf_key_check */
1, /* x963kdf_key_check */
1, /* pbkdf2_lower_bound_check */
+ 1, /* ecdh_cofactor_check */
};
/* Default FIPS settings for backward compatibility */
0, /* sskdf_key_check */
0, /* x963kdf_key_check */
1, /* pbkdf2_lower_bound_check */
+ 0, /* ecdh_cofactor_check */
};
static int check_non_pedantic_fips(int pedantic, const char *name)
|| BIO_printf(out, "%s = %s\n",
OSSL_PROV_FIPS_PARAM_PBKDF2_LOWER_BOUND_CHECK,
opts->pbkdf2_lower_bound_check ? "1" : "0") <= 0
+ || BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_ECDH_COFACTOR_CHECK,
+ opts->ecdh_cofactor_check ? "1": "0") <= 0
|| !print_mac(out, OSSL_PROV_FIPS_PARAM_MODULE_MAC, module_mac,
module_mac_len))
goto end;
goto end;
fips_opts.pbkdf2_lower_bound_check = 0;
break;
+ case OPT_ECDH_COFACTOR_CHECK:
+ fips_opts.ecdh_cofactor_check = 1;
+ break;
case OPT_QUIET:
quiet = 1;
/* FALLTHROUGH */
PROV_R_BAD_TLS_CLIENT_VERSION:161:bad tls client version
PROV_R_BN_ERROR:160:bn error
PROV_R_CIPHER_OPERATION_FAILED:102:cipher operation failed
+PROV_R_COFACTOR_REQUIRED:236:cofactor required
PROV_R_DERIVATION_FUNCTION_INIT_FAILED:205:derivation function init failed
PROV_R_DIGEST_NOT_ALLOWED:174:digest not allowed
PROV_R_EMS_NOT_ENABLED:233:ems not enabled
[B<-sshkdf_key_check>]
[B<-sskdf_key_check>]
[B<-x963kdf_key_check>]
+[B<-ecdh_cofactor_check>]
[B<-self_test_onload>]
[B<-self_test_oninstall>]
[B<-corrupt_desc> I<selftest_description>]
Configure the module to not perform run-time lower bound check for PBKDF2.
See NIST SP 800-132 for details.
+=item B<-ecdh_cofactor_check>
+
+Configure the module to enable a run-time check that ECDH uses the EC curves
+cofactor value when deriving a key. This only affects the 'B' and 'K' curves.
+See SP 800-56A r3 Section 5.7.1.2 for details.
+
=item B<-self_test_onload>
Do not write the two fields related to the "test status indicator" and
See L<provider-keyexch(7)/Common Key Exchange parameters>.
+=item "ecdh-cofactor-check" (B<OSSL_EXCHANGE_PARAM_FIPS_ECDH_COFACTOR_CHECK>) <integer>
+
+If required this parameter should before OSSL_FUNC_keyexch_derive().
+The default value of 1 causes an error during the OSSL_FUNC_keyexch_derive if
+the EC curve has a cofactor that is not 1, and the cofactor is not used.
+Setting this to 0 will ignore the error and set the approved "fips-indicator" to
+0. This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance
+if set to 0.
+
=back
=head1 EXAMPLES
*/
# define OSSL_PROV_FIPS_PARAM_PBKDF2_LOWER_BOUND_CHECK "pbkdf2-lower-bound-check"
+/*
+ * A boolean that determines if the runtime cofactor check for ECDH is
+ * performed.
+ * This is disabled by default.
+ * Type: OSSL_PARAM_UTF8_STRING
+ */
+# define OSSL_PROV_FIPS_PARAM_ECDH_COFACTOR_CHECK "ecdh-cofactor-check"
+
# ifdef __cplusplus
}
# endif
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
# define PROV_R_BAD_TLS_CLIENT_VERSION 161
# define PROV_R_BN_ERROR 160
# define PROV_R_CIPHER_OPERATION_FAILED 102
+# define PROV_R_COFACTOR_REQUIRED 236
# define PROV_R_DERIVATION_FUNCTION_INIT_FAILED 205
# define PROV_R_DIGEST_NOT_ALLOWED 174
# define PROV_R_EMS_NOT_ENABLED 233
int FIPS_sskdf_key_check(OSSL_LIB_CTX *libctx);
int FIPS_x963kdf_key_check(OSSL_LIB_CTX *libctx);
int FIPS_pbkdf2_lower_bound_check(OSSL_LIB_CTX *libctx);
-
+int FIPS_ecdh_cofactor_check(OSSL_LIB_CTX *libctx);
#endif
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_BN_ERROR), "bn error"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_CIPHER_OPERATION_FAILED),
"cipher operation failed"},
+ {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_COFACTOR_REQUIRED), "cofactor required"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_DERIVATION_FUNCTION_INIT_FAILED),
"derivation function init failed"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_DIGEST_NOT_ALLOWED),
FIPS_OPTION fips_sskdf_key_check;
FIPS_OPTION fips_x963kdf_key_check;
FIPS_OPTION fips_pbkdf2_lower_bound_check;
+ FIPS_OPTION fips_ecdh_cofactor_check;
} FIPS_GLOBAL;
static void init_fips_option(FIPS_OPTION *opt, int enabled)
init_fips_option(&fgbl->fips_sskdf_key_check, 0);
init_fips_option(&fgbl->fips_x963kdf_key_check, 0);
init_fips_option(&fgbl->fips_pbkdf2_lower_bound_check, 1);
+ init_fips_option(&fgbl->fips_ecdh_cofactor_check, 0);
return fgbl;
}
0),
OSSL_PARAM_DEFN(OSSL_PROV_PARAM_PBKDF2_LOWER_BOUND_CHECK,
OSSL_PARAM_INTEGER, NULL, 0),
+ OSSL_PARAM_DEFN(OSSL_PROV_PARAM_ECDH_COFACTOR_CHECK, OSSL_PARAM_INTEGER,
+ NULL, 0),
OSSL_PARAM_END
};
* OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS and
* OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK are not self test parameters.
*/
- OSSL_PARAM core_params[32], *p = core_params;
+ OSSL_PARAM core_params[33], *p = core_params;
*p++ = OSSL_PARAM_construct_utf8_ptr(
OSSL_PROV_PARAM_CORE_MODULE_FILENAME,
fips_x963kdf_key_check);
FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_PBKDF2_LOWER_BOUND_CHECK,
fips_pbkdf2_lower_bound_check);
+ FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_ECDH_COFACTOR_CHECK,
+ fips_ecdh_cofactor_check);
#undef FIPS_FEATURE_OPTION
*p = OSSL_PARAM_construct_end();
fips_x963kdf_key_check);
FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_PBKDF2_LOWER_BOUND_CHECK,
fips_pbkdf2_lower_bound_check);
+ FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_ECDH_COFACTOR_CHECK,
+ fips_ecdh_cofactor_check);
#undef FIPS_FEATURE_GET
return 1;
}
FIPS_SET_OPTION(fgbl, fips_sskdf_key_check);
FIPS_SET_OPTION(fgbl, fips_x963kdf_key_check);
FIPS_SET_OPTION(fgbl, fips_pbkdf2_lower_bound_check);
+ FIPS_SET_OPTION(fgbl, fips_ecdh_cofactor_check);
#undef FIPS_SET_OPTION
ossl_prov_cache_exported_algorithms(fips_ciphers, exported_fips_ciphers);
FIPS_FEATURE_CHECK(FIPS_sskdf_key_check, fips_sskdf_key_check)
FIPS_FEATURE_CHECK(FIPS_x963kdf_key_check, fips_x963kdf_key_check)
FIPS_FEATURE_CHECK(FIPS_pbkdf2_lower_bound_check, fips_pbkdf2_lower_bound_check)
+FIPS_FEATURE_CHECK(FIPS_ecdh_cofactor_check, fips_ecdh_cofactor_check)
#undef FIPS_FEATURE_CHECK
if (!OSSL_FIPS_IND_SET_CTX_PARAM(pectx, OSSL_FIPS_IND_SETTABLE0, params,
OSSL_EXCHANGE_PARAM_FIPS_KEY_CHECK))
- return 0;
+ return 0;
if (!OSSL_FIPS_IND_SET_CTX_PARAM(pectx, OSSL_FIPS_IND_SETTABLE1, params,
OSSL_EXCHANGE_PARAM_FIPS_DIGEST_CHECK))
- return 0;
+ return 0;
+ if (!OSSL_FIPS_IND_SET_CTX_PARAM(pectx, OSSL_FIPS_IND_SETTABLE2, params,
+ OSSL_EXCHANGE_PARAM_FIPS_ECDH_COFACTOR_CHECK))
+ return 0;
p = OSSL_PARAM_locate_const(params, OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE);
if (p != NULL) {
OSSL_PARAM_octet_string(OSSL_EXCHANGE_PARAM_KDF_UKM, NULL, 0),
OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_EXCHANGE_PARAM_FIPS_KEY_CHECK)
OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_EXCHANGE_PARAM_FIPS_DIGEST_CHECK)
+ OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_EXCHANGE_PARAM_FIPS_ECDH_COFACTOR_CHECK)
OSSL_PARAM_END
};
const EC_GROUP *group;
const BIGNUM *cofactor;
int key_cofactor_mode;
+ int has_cofactor;
+#ifdef FIPS_MODULE
+ int cofactor_approved = 0;
+#endif
if (pecdhctx->k == NULL || pecdhctx->peerk == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY);
|| (cofactor = EC_GROUP_get0_cofactor(group)) == NULL)
return 0;
+ has_cofactor = !BN_is_one(cofactor);
+
/*
* NB: unlike PKCS#3 DH, if outlen is less than maximum size this is not
* an error, the result is truncated.
(EC_KEY_get_flags(pecdhctx->k) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0;
if (pecdhctx->cofactor_mode != -1
&& pecdhctx->cofactor_mode != key_cofactor_mode
- && !BN_is_one(cofactor)) {
+ && has_cofactor) {
if ((privk = EC_KEY_dup(pecdhctx->k)) == NULL)
return 0;
- if (pecdhctx->cofactor_mode == 1)
+ if (pecdhctx->cofactor_mode == 1) {
EC_KEY_set_flags(privk, EC_FLAG_COFACTOR_ECDH);
- else
+#ifdef FIPS_MODULE
+ cofactor_approved = 1;
+#endif
+ } else {
EC_KEY_clear_flags(privk, EC_FLAG_COFACTOR_ECDH);
+ }
} else {
privk = pecdhctx->k;
}
+#ifdef FIPS_MODULE
+ /*
+ * SP800-56A r3 Section 5.7.1.2 requires ECC Cofactor DH to be used.
+ * This applies to the 'B' and 'K' curves that have cofactors that are not 1.
+ */
+ if (has_cofactor && !cofactor_approved) {
+ if (!OSSL_FIPS_IND_ON_UNAPPROVED(pecdhctx, OSSL_FIPS_IND_SETTABLE2,
+ pecdhctx->libctx, "ECDH", "Cofactor",
+ FIPS_ecdh_cofactor_check)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_COFACTOR_REQUIRED);
+ return 0;
+ }
+ }
+#endif
+
ppubkey = EC_KEY_get0_public_key(pecdhctx->peerk);
retlen = ECDH_compute_key(secret, size, ppubkey, privk, NULL);
PKEY_DATA *expected = t->data;
unsigned char *got = NULL;
size_t got_len;
+ int ret = 1;
if (!pkey_test_run_init(t))
goto err;
got, got_len))
goto err;
+ if (!pkey_check_fips_approved(dctx, t)) {
+ ret = 0;
+ goto err;
+ }
t->err = NULL;
err:
OPENSSL_free(got);
EVP_PKEY_CTX_free(dctx);
- return 1;
+ return ret;
}
static const EVP_TEST_METHOD pderive_test_method = {
PrivPubKeyPair=BOB_cf_sect233k1:BOB_cf_sect233k1_PUB
# ECDH Alice with Bob peer
+Availablein = default
Derive=ALICE_cf_sect233k1
PeerKey=BOB_cf_sect233k1_PUB
SharedSecret=012145026e8de65973c154e085456fc5539ba9e25663e7f5816abfcab310
# ECDH Bob with Alice peer
+Availablein = default
Derive=BOB_cf_sect233k1
PeerKey=ALICE_cf_sect233k1_PUB
SharedSecret=012145026e8de65973c154e085456fc5539ba9e25663e7f5816abfcab310
PrivPubKeyPair=BOB_cf_sect233r1:BOB_cf_sect233r1_PUB
# ECDH Alice with Bob peer
+Availablein = default
Derive=ALICE_cf_sect233r1
PeerKey=BOB_cf_sect233r1_PUB
SharedSecret=00209d2995a63f1e8b7a5c33dee5abb602e32e1835ae8bb57eb264d8d795
# ECDH Bob with Alice peer
+Availablein = default
Derive=BOB_cf_sect233r1
PeerKey=ALICE_cf_sect233r1_PUB
SharedSecret=00209d2995a63f1e8b7a5c33dee5abb602e32e1835ae8bb57eb264d8d795
PrivPubKeyPair=BOB_cf_sect283k1:BOB_cf_sect283k1_PUB
# ECDH Alice with Bob peer
+Availablein = default
Derive=ALICE_cf_sect283k1
PeerKey=BOB_cf_sect283k1_PUB
SharedSecret=03f67c88bdc230b43773d17fdb4d0a980556d074ceccee726932160e4ed965e3be72803c
# ECDH Bob with Alice peer
+Availablein = default
Derive=BOB_cf_sect283k1
PeerKey=ALICE_cf_sect283k1_PUB
SharedSecret=03f67c88bdc230b43773d17fdb4d0a980556d074ceccee726932160e4ed965e3be72803c
PrivPubKeyPair=BOB_cf_sect283r1:BOB_cf_sect283r1_PUB
# ECDH Alice with Bob peer
+Availablein = default
Derive=ALICE_cf_sect283r1
PeerKey=BOB_cf_sect283r1_PUB
SharedSecret=0424259cf09727574fb863cab7c27d8fe3835e96433110a45a951f94347fc81939ec4773
# ECDH Bob with Alice peer
+Availablein = default
Derive=BOB_cf_sect283r1
PeerKey=ALICE_cf_sect283r1_PUB
SharedSecret=0424259cf09727574fb863cab7c27d8fe3835e96433110a45a951f94347fc81939ec4773
PrivPubKeyPair=BOB_cf_sect409k1:BOB_cf_sect409k1_PUB
# ECDH Alice with Bob peer
+Availablein = default
Derive=ALICE_cf_sect409k1
PeerKey=BOB_cf_sect409k1_PUB
SharedSecret=01fbe13188588c9d1ac3a8a2680ea9a009b28e4b7d7fa4efcb1a22553876fb7973616819fd87c75e5b8ce6e3628595e4ce12edb0
# ECDH Bob with Alice peer
+Availablein = default
Derive=BOB_cf_sect409k1
PeerKey=ALICE_cf_sect409k1_PUB
SharedSecret=01fbe13188588c9d1ac3a8a2680ea9a009b28e4b7d7fa4efcb1a22553876fb7973616819fd87c75e5b8ce6e3628595e4ce12edb0
PrivPubKeyPair=BOB_cf_sect409r1:BOB_cf_sect409r1_PUB
# ECDH Alice with Bob peer
+Availablein = default
Derive=ALICE_cf_sect409r1
PeerKey=BOB_cf_sect409r1_PUB
SharedSecret=00a751259cdb3b445ce71a40a01a2189dfce70226111190505fc6eabe4e5a05bff7af55f2015e1ffcab6aea7ea9a6e74905da2a1
# ECDH Bob with Alice peer
+Availablein = default
Derive=BOB_cf_sect409r1
PeerKey=ALICE_cf_sect409r1_PUB
SharedSecret=00a751259cdb3b445ce71a40a01a2189dfce70226111190505fc6eabe4e5a05bff7af55f2015e1ffcab6aea7ea9a6e74905da2a1
PrivPubKeyPair=BOB_cf_sect571k1:BOB_cf_sect571k1_PUB
# ECDH Alice with Bob peer
+Availablein = default
Derive=ALICE_cf_sect571k1
PeerKey=BOB_cf_sect571k1_PUB
SharedSecret=02b79c92cee50dc5b9fdddce36d4fa2e28d7d178cd74e575961f39429496305b38815c840c2e66327435c044ed885ec964068531251a2112717602532e8b6d5411db2fe05c1ac18c
# ECDH Bob with Alice peer
+Availablein = default
Derive=BOB_cf_sect571k1
PeerKey=ALICE_cf_sect571k1_PUB
SharedSecret=02b79c92cee50dc5b9fdddce36d4fa2e28d7d178cd74e575961f39429496305b38815c840c2e66327435c044ed885ec964068531251a2112717602532e8b6d5411db2fe05c1ac18c
PrivPubKeyPair=BOB_cf_sect571r1:BOB_cf_sect571r1_PUB
# ECDH Alice with Bob peer
+Availablein = default
Derive=ALICE_cf_sect571r1
PeerKey=BOB_cf_sect571r1_PUB
SharedSecret=0031f9879fa75b8c67ba81ee861be634e2b53aa79f834e9a8ca4df7f4461bcb02f083d9fa5b4767f881a710caa6524b58eb626623ba394961d46535204c26d165089e7d4f7be1827
# ECDH Bob with Alice peer
+Availablein = default
Derive=BOB_cf_sect571r1
PeerKey=ALICE_cf_sect571r1_PUB
SharedSecret=0031f9879fa75b8c67ba81ee861be634e2b53aa79f834e9a8ca4df7f4461bcb02f083d9fa5b4767f881a710caa6524b58eb626623ba394961d46535204c26d165089e7d4f7be1827
# ECDH Alice with Bob peer
+Availablein = default
Derive=ALICE_sect233k1
PeerKey=BOB_sect233k1_PUB
SharedSecret=00a5e5f2e992f4360d530dd365d14f5c6013212e14f4ea258c91c71f1512
# ECDH Bob with Alice peer
+Availablein = default
Derive=BOB_sect233k1
PeerKey=ALICE_sect233k1_PUB
SharedSecret=00a5e5f2e992f4360d530dd365d14f5c6013212e14f4ea258c91c71f1512
# ECDH Alice with Bob peer
+Availablein = default
Derive=ALICE_sect233r1
PeerKey=BOB_sect233r1_PUB
SharedSecret=01625f3fcd367ee7cd74c67cca02dccfce6c3b19ef07e358ed943d17a8e2
# ECDH Bob with Alice peer
+Availablein = default
Derive=BOB_sect233r1
PeerKey=ALICE_sect233r1_PUB
SharedSecret=01625f3fcd367ee7cd74c67cca02dccfce6c3b19ef07e358ed943d17a8e2
# ECDH Alice with Bob peer
+Availablein = default
Derive=ALICE_sect283k1
PeerKey=BOB_sect283k1_PUB
SharedSecret=02f2e682c2f60d7261624f3661a5e85fca920443b72aa4dd5a540082e65e552302d8f825
# ECDH Bob with Alice peer
+Availablein = default
Derive=BOB_sect283k1
PeerKey=ALICE_sect283k1_PUB
SharedSecret=02f2e682c2f60d7261624f3661a5e85fca920443b72aa4dd5a540082e65e552302d8f825
# ECDH Alice with Bob peer
+Availablein = default
Derive=ALICE_sect283r1
PeerKey=BOB_sect283r1_PUB
SharedSecret=05778bc1afcf38d7dddb2150cacbfe4d38dc588968fd8b2e859c28ae2629d3435f89f6cc
# ECDH Bob with Alice peer
+Availablein = default
Derive=BOB_sect283r1
PeerKey=ALICE_sect283r1_PUB
SharedSecret=05778bc1afcf38d7dddb2150cacbfe4d38dc588968fd8b2e859c28ae2629d3435f89f6cc
# ECDH Alice with Bob peer
+Availablein = default
Derive=ALICE_sect409k1
PeerKey=BOB_sect409k1_PUB
SharedSecret=01523ec40ad40226a57281a4c423801ae9495dcf736eddd667023b1390977d018ce79313fb99c503f39cbee80f5c1968f3bd02e0
# ECDH Bob with Alice peer
+Availablein = default
Derive=BOB_sect409k1
PeerKey=ALICE_sect409k1_PUB
SharedSecret=01523ec40ad40226a57281a4c423801ae9495dcf736eddd667023b1390977d018ce79313fb99c503f39cbee80f5c1968f3bd02e0
# ECDH Alice with Bob peer
+Availablein = default
Derive=ALICE_sect409r1
PeerKey=BOB_sect409r1_PUB
SharedSecret=019dc849870dc6f79978aca8e1fc6aa6836c8fcb25bbfe3d5ab41ea53eae2c7329952280efb30f9097a31a774191e476dbd842d5
# ECDH Bob with Alice peer
+Availablein = default
Derive=BOB_sect409r1
PeerKey=ALICE_sect409r1_PUB
SharedSecret=019dc849870dc6f79978aca8e1fc6aa6836c8fcb25bbfe3d5ab41ea53eae2c7329952280efb30f9097a31a774191e476dbd842d5
# ECDH Alice with Bob peer
+Availablein = default
Derive=ALICE_sect571k1
PeerKey=BOB_sect571k1_PUB
SharedSecret=05a423515fcc91b3171c83edd5c4085ff729a8ff0a3fa1578ebf769523ded0f5c1e387cf63109f2fbd95e117345b788b4577fdc6b6e727230bfc73eae0d4e851cb6f6e616eddb13e
# ECDH Bob with Alice peer
+Availablein = default
Derive=BOB_sect571k1
PeerKey=ALICE_sect571k1_PUB
SharedSecret=05a423515fcc91b3171c83edd5c4085ff729a8ff0a3fa1578ebf769523ded0f5c1e387cf63109f2fbd95e117345b788b4577fdc6b6e727230bfc73eae0d4e851cb6f6e616eddb13e
# ECDH Alice with Bob peer
+Availablein = default
Derive=ALICE_sect571r1
PeerKey=BOB_sect571r1_PUB
SharedSecret=004b397e564055e2c7d87648183c948655ccb0ebb20bd441f9b11635cf461cb5815ff060eab33091b9f7aed67bec8ba1bb7b22437ece3c92c7cf76124408fb951595dfb4a512b2ae
# ECDH Bob with Alice peer
+Availablein = default
Derive=BOB_sect571r1
PeerKey=ALICE_sect571r1_PUB
SharedSecret=004b397e564055e2c7d87648183c948655ccb0ebb20bd441f9b11635cf461cb5815ff060eab33091b9f7aed67bec8ba1bb7b22437ece3c92c7cf76124408fb951595dfb4a512b2ae
nzq7jSys1bLuK2g5nqxOj2XOvdZjAP0Em1s=
-----END PUBLIC KEY-----
-
+# Test that using ECC CDH works for all providers (this uses the EC curves cofactor)
Derive=KAS-ECC-CDH_B-571_C24
PeerKey=KAS-ECC-CDH_B-571_C24-Peer-PUBLIC
Ctrl=ecdh_cofactor_mode:1
SharedSecret=02da266a269bdc8d8b2a0c6bb5762f102fc801c8d5394a9271539136bd81d4b69cfbb7525cd0a983fb7f7e9deec583b8f8e574c6184b2d79831ec770649e484dc006fa35b0bffd0b
+
+# Test that ECC DH is not approved in FIPS (this uses a cofactor of 1)
+Availablein = fips
+FIPSversion = >=3.4.0
+Derive=KAS-ECC-CDH_B-571_C24
+PeerKey=KAS-ECC-CDH_B-571_C24-Peer-PUBLIC
+Ctrl=ecdh_cofactor_mode:-1
+Result = DERIVE_ERROR
+Reason = cofactor required
+
+# Test the ECC DH FIPS indicator (this uses a cofactor of 1)
+Availablein = fips
+FIPSversion = >=3.4.0
+Derive = KAS-ECC-CDH_B-571_C24
+Unapproved = 1
+Ctrl = ecdh-cofactor-check:0
+Ctrl = ecdh_cofactor_mode:-1
+PeerKey = KAS-ECC-CDH_B-571_C24-Peer-PUBLIC
+SharedSecret=0722353705ad168630247998cfea24e2528622a208d13530b02906f77ca88b6dc3a9d7d44dbe3bf1e0b070d828e1d04349b3bc546664df0849e8f1ddac1b628150f3e1ad36125d9f
my $rsa_sign_x931_pad_disabled = 1;
my $kdf_key_check = 1;
my $pbkdf2_lower_bound_check = 1;
+my $ec_cofactor_check = 1;
my $activate = 1;
my $version = 1;
sskdf-key-check = $kdf_key_check
x963kdf-key-check = $kdf_key_check
pbkdf2-lower-bound-check = $pbkdf2_lower_bound_check
+ecdh-cofactor-check = $ec_cofactor_check
_____
'PROV_PARAM_SSKDF_KEY_CHECK' => "sskdf-key-check", # uint
'PROV_PARAM_X963KDF_KEY_CHECK' => "x963kdf-key-check", # uint
'PROV_PARAM_PBKDF2_LOWER_BOUND_CHECK' => "pbkdf2-lower-bound-check", # uint
+ 'PROV_PARAM_ECDH_COFACTOR_CHECK' => "ecdh-cofactor-check", # uint
# Self test callback parameters
'PROV_PARAM_SELF_TEST_PHASE' => "st-phase",# utf8_string
'EXCHANGE_PARAM_KDF_UKM' => "kdf-ukm",
'EXCHANGE_PARAM_FIPS_DIGEST_CHECK' => '*PKEY_PARAM_FIPS_DIGEST_CHECK',
'EXCHANGE_PARAM_FIPS_KEY_CHECK' => '*PKEY_PARAM_FIPS_KEY_CHECK',
+ 'EXCHANGE_PARAM_FIPS_ECDH_COFACTOR_CHECK' => '*PROV_PARAM_ECDH_COFACTOR_CHECK',
'EXCHANGE_PARAM_FIPS_APPROVED_INDICATOR' => '*ALG_PARAM_FIPS_APPROVED_INDICATOR',
# Signature parameters
projects / thirdparty / openssl.git / commitdiff
