From: slontis Date: Thu, 8 Aug 2024 06:56:22 +0000 (+1000) Subject: Add FIPS Indicator for ECDH cofactor. X-Git-Tag: openssl-3.4.0-alpha1~132 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=05681e0e3e47e0abc5ec3a4c12ddb0afcd66db37;p=thirdparty%2Fopenssl.git Add FIPS Indicator for ECDH cofactor. FIPS KAS requires use of ECC CDH. The EC 'B' and 'K' curves have a cofactor that is not 1, and this MUST be multiplied by the private key when deriving the shared secret. Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/25139) --- diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c index 09c08f3da1e..f217a811213 100644 --- a/apps/fipsinstall.c +++ b/apps/fipsinstall.c @@ -59,6 +59,7 @@ typedef enum OPTION_choice { OPT_SSKDF_KEY_CHECK, OPT_X963KDF_KEY_CHECK, OPT_NO_PBKDF2_LOWER_BOUND_CHECK, + OPT_ECDH_COFACTOR_CHECK, OPT_SELF_TEST_ONLOAD, OPT_SELF_TEST_ONINSTALL } OPTION_CHOICE; @@ -128,6 +129,8 @@ const OPTIONS fipsinstall_options[] = { "Enable key check for X963KDF"}, {"no_pbkdf2_lower_bound_check", OPT_NO_PBKDF2_LOWER_BOUND_CHECK, '-', "Disable lower bound check for PBKDF2"}, + {"ecdh_cofactor_check", OPT_ECDH_COFACTOR_CHECK, '-', + "Enable Cofactor check for ECDH"}, OPT_SECTION("Input"), {"in", OPT_IN, '<', "Input config file, used when verifying"}, @@ -172,6 +175,7 @@ typedef struct { unsigned int sskdf_key_check : 1; unsigned int x963kdf_key_check : 1; unsigned int pbkdf2_lower_bound_check : 1; + unsigned int ecdh_cofactor_check : 1; } FIPS_OPTS; /* Pedantic FIPS compliance */ @@ -203,6 +207,7 @@ static const FIPS_OPTS pedantic_opts = { 1, /* sskdf_key_check */ 1, /* x963kdf_key_check */ 1, /* pbkdf2_lower_bound_check */ + 1, /* ecdh_cofactor_check */ }; /* Default FIPS settings for backward compatibility */ @@ -234,6 +239,7 @@ static FIPS_OPTS fips_opts = { 0, /* sskdf_key_check */ 0, /* x963kdf_key_check */ 1, /* pbkdf2_lower_bound_check */ + 0, /* ecdh_cofactor_check */ }; static int check_non_pedantic_fips(int pedantic, const char *name) @@ -410,6 +416,8 @@ static int write_config_fips_section(BIO *out, const char *section, || BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_PBKDF2_LOWER_BOUND_CHECK, opts->pbkdf2_lower_bound_check ? "1" : "0") <= 0 + || BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_ECDH_COFACTOR_CHECK, + opts->ecdh_cofactor_check ? "1": "0") <= 0 || !print_mac(out, OSSL_PROV_FIPS_PARAM_MODULE_MAC, module_mac, module_mac_len)) goto end; @@ -664,6 +672,9 @@ int fipsinstall_main(int argc, char **argv) goto end; fips_opts.pbkdf2_lower_bound_check = 0; break; + case OPT_ECDH_COFACTOR_CHECK: + fips_opts.ecdh_cofactor_check = 1; + break; case OPT_QUIET: quiet = 1; /* FALLTHROUGH */ diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index e4892c7ff98..a6f1d9b2e77 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -1030,6 +1030,7 @@ PROV_R_BAD_LENGTH:142:bad length PROV_R_BAD_TLS_CLIENT_VERSION:161:bad tls client version PROV_R_BN_ERROR:160:bn error PROV_R_CIPHER_OPERATION_FAILED:102:cipher operation failed +PROV_R_COFACTOR_REQUIRED:236:cofactor required PROV_R_DERIVATION_FUNCTION_INIT_FAILED:205:derivation function init failed PROV_R_DIGEST_NOT_ALLOWED:174:digest not allowed PROV_R_EMS_NOT_ENABLED:233:ems not enabled diff --git a/doc/man1/openssl-fipsinstall.pod.in b/doc/man1/openssl-fipsinstall.pod.in index eae0314471d..4a0b046986e 100644 --- a/doc/man1/openssl-fipsinstall.pod.in +++ b/doc/man1/openssl-fipsinstall.pod.in @@ -46,6 +46,7 @@ B [B<-sshkdf_key_check>] [B<-sskdf_key_check>] [B<-x963kdf_key_check>] +[B<-ecdh_cofactor_check>] [B<-self_test_onload>] [B<-self_test_oninstall>] [B<-corrupt_desc> I] @@ -339,6 +340,12 @@ See NIST SP 800-131Ar2 for details. Configure the module to not perform run-time lower bound check for PBKDF2. See NIST SP 800-132 for details. +=item B<-ecdh_cofactor_check> + +Configure the module to enable a run-time check that ECDH uses the EC curves +cofactor value when deriving a key. This only affects the 'B' and 'K' curves. +See SP 800-56A r3 Section 5.7.1.2 for details. + =item B<-self_test_onload> Do not write the two fields related to the "test status indicator" and diff --git a/doc/man7/EVP_KEYEXCH-ECDH.pod b/doc/man7/EVP_KEYEXCH-ECDH.pod index 1d27f552982..9b592c0f99a 100644 --- a/doc/man7/EVP_KEYEXCH-ECDH.pod +++ b/doc/man7/EVP_KEYEXCH-ECDH.pod @@ -49,6 +49,15 @@ per-key basis. See L. +=item "ecdh-cofactor-check" (B) + +If required this parameter should before OSSL_FUNC_keyexch_derive(). +The default value of 1 causes an error during the OSSL_FUNC_keyexch_derive if +the EC curve has a cofactor that is not 1, and the cofactor is not used. +Setting this to 0 will ignore the error and set the approved "fips-indicator" to +0. This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance +if set to 0. + =back =head1 EXAMPLES diff --git a/include/openssl/fips_names.h b/include/openssl/fips_names.h index 7e914e9dd57..dcef85b7b13 100644 --- a/include/openssl/fips_names.h +++ b/include/openssl/fips_names.h @@ -247,6 +247,14 @@ extern "C" { */ # define OSSL_PROV_FIPS_PARAM_PBKDF2_LOWER_BOUND_CHECK "pbkdf2-lower-bound-check" +/* + * A boolean that determines if the runtime cofactor check for ECDH is + * performed. + * This is disabled by default. + * Type: OSSL_PARAM_UTF8_STRING + */ +# define OSSL_PROV_FIPS_PARAM_ECDH_COFACTOR_CHECK "ecdh-cofactor-check" + # ifdef __cplusplus } # endif diff --git a/include/openssl/proverr.h b/include/openssl/proverr.h index d9ef56815cf..f0376512137 100644 --- a/include/openssl/proverr.h +++ b/include/openssl/proverr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -30,6 +30,7 @@ # define PROV_R_BAD_TLS_CLIENT_VERSION 161 # define PROV_R_BN_ERROR 160 # define PROV_R_CIPHER_OPERATION_FAILED 102 +# define PROV_R_COFACTOR_REQUIRED 236 # define PROV_R_DERIVATION_FUNCTION_INIT_FAILED 205 # define PROV_R_DIGEST_NOT_ALLOWED 174 # define PROV_R_EMS_NOT_ENABLED 233 diff --git a/providers/common/include/prov/fipscommon.h b/providers/common/include/prov/fipscommon.h index 077ec1f37d6..7a11854ee6e 100644 --- a/providers/common/include/prov/fipscommon.h +++ b/providers/common/include/prov/fipscommon.h @@ -35,5 +35,5 @@ int FIPS_sshkdf_key_check(OSSL_LIB_CTX *libctx); int FIPS_sskdf_key_check(OSSL_LIB_CTX *libctx); int FIPS_x963kdf_key_check(OSSL_LIB_CTX *libctx); int FIPS_pbkdf2_lower_bound_check(OSSL_LIB_CTX *libctx); - +int FIPS_ecdh_cofactor_check(OSSL_LIB_CTX *libctx); #endif diff --git a/providers/common/include/prov/proverr.h b/providers/common/include/prov/proverr.h index 69e14465c75..34247ed2f7e 100644 --- a/providers/common/include/prov/proverr.h +++ b/providers/common/include/prov/proverr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/common/provider_err.c b/providers/common/provider_err.c index 611ec847cb0..ddc428f3d99 100644 --- a/providers/common/provider_err.c +++ b/providers/common/provider_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -29,6 +29,7 @@ static const ERR_STRING_DATA PROV_str_reasons[] = { {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_BN_ERROR), "bn error"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_CIPHER_OPERATION_FAILED), "cipher operation failed"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_COFACTOR_REQUIRED), "cofactor required"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_DERIVATION_FUNCTION_INIT_FAILED), "derivation function init failed"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_DIGEST_NOT_ALLOWED), diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 0394cc4b540..1d607ad4628 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -111,6 +111,7 @@ typedef struct fips_global_st { FIPS_OPTION fips_sskdf_key_check; FIPS_OPTION fips_x963kdf_key_check; FIPS_OPTION fips_pbkdf2_lower_bound_check; + FIPS_OPTION fips_ecdh_cofactor_check; } FIPS_GLOBAL; static void init_fips_option(FIPS_OPTION *opt, int enabled) @@ -150,6 +151,7 @@ void *ossl_fips_prov_ossl_ctx_new(OSSL_LIB_CTX *libctx) init_fips_option(&fgbl->fips_sskdf_key_check, 0); init_fips_option(&fgbl->fips_x963kdf_key_check, 0); init_fips_option(&fgbl->fips_pbkdf2_lower_bound_check, 1); + init_fips_option(&fgbl->fips_ecdh_cofactor_check, 0); return fgbl; } @@ -200,6 +202,8 @@ static const OSSL_PARAM fips_param_types[] = { 0), OSSL_PARAM_DEFN(OSSL_PROV_PARAM_PBKDF2_LOWER_BOUND_CHECK, OSSL_PARAM_INTEGER, NULL, 0), + OSSL_PARAM_DEFN(OSSL_PROV_PARAM_ECDH_COFACTOR_CHECK, OSSL_PARAM_INTEGER, + NULL, 0), OSSL_PARAM_END }; @@ -213,7 +217,7 @@ static int fips_get_params_from_core(FIPS_GLOBAL *fgbl) * OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS and * OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK are not self test parameters. */ - OSSL_PARAM core_params[32], *p = core_params; + OSSL_PARAM core_params[33], *p = core_params; *p++ = OSSL_PARAM_construct_utf8_ptr( OSSL_PROV_PARAM_CORE_MODULE_FILENAME, @@ -296,6 +300,8 @@ static int fips_get_params_from_core(FIPS_GLOBAL *fgbl) fips_x963kdf_key_check); FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_PBKDF2_LOWER_BOUND_CHECK, fips_pbkdf2_lower_bound_check); + FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_ECDH_COFACTOR_CHECK, + fips_ecdh_cofactor_check); #undef FIPS_FEATURE_OPTION *p = OSSL_PARAM_construct_end(); @@ -387,6 +393,8 @@ static int fips_get_params(void *provctx, OSSL_PARAM params[]) fips_x963kdf_key_check); FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_PBKDF2_LOWER_BOUND_CHECK, fips_pbkdf2_lower_bound_check); + FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_ECDH_COFACTOR_CHECK, + fips_ecdh_cofactor_check); #undef FIPS_FEATURE_GET return 1; } @@ -943,6 +951,7 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle, FIPS_SET_OPTION(fgbl, fips_sskdf_key_check); FIPS_SET_OPTION(fgbl, fips_x963kdf_key_check); FIPS_SET_OPTION(fgbl, fips_pbkdf2_lower_bound_check); + FIPS_SET_OPTION(fgbl, fips_ecdh_cofactor_check); #undef FIPS_SET_OPTION ossl_prov_cache_exported_algorithms(fips_ciphers, exported_fips_ciphers); @@ -1168,6 +1177,7 @@ FIPS_FEATURE_CHECK(FIPS_sshkdf_key_check, fips_sshkdf_key_check) FIPS_FEATURE_CHECK(FIPS_sskdf_key_check, fips_sskdf_key_check) FIPS_FEATURE_CHECK(FIPS_x963kdf_key_check, fips_x963kdf_key_check) FIPS_FEATURE_CHECK(FIPS_pbkdf2_lower_bound_check, fips_pbkdf2_lower_bound_check) +FIPS_FEATURE_CHECK(FIPS_ecdh_cofactor_check, fips_ecdh_cofactor_check) #undef FIPS_FEATURE_CHECK diff --git a/providers/implementations/exchange/ecdh_exch.c b/providers/implementations/exchange/ecdh_exch.c index ac1f07fa320..b6ec8d99133 100644 --- a/providers/implementations/exchange/ecdh_exch.c +++ b/providers/implementations/exchange/ecdh_exch.c @@ -259,10 +259,13 @@ int ecdh_set_ctx_params(void *vpecdhctx, const OSSL_PARAM params[]) if (!OSSL_FIPS_IND_SET_CTX_PARAM(pectx, OSSL_FIPS_IND_SETTABLE0, params, OSSL_EXCHANGE_PARAM_FIPS_KEY_CHECK)) - return 0; + return 0; if (!OSSL_FIPS_IND_SET_CTX_PARAM(pectx, OSSL_FIPS_IND_SETTABLE1, params, OSSL_EXCHANGE_PARAM_FIPS_DIGEST_CHECK)) - return 0; + return 0; + if (!OSSL_FIPS_IND_SET_CTX_PARAM(pectx, OSSL_FIPS_IND_SETTABLE2, params, + OSSL_EXCHANGE_PARAM_FIPS_ECDH_COFACTOR_CHECK)) + return 0; p = OSSL_PARAM_locate_const(params, OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE); if (p != NULL) { @@ -361,6 +364,7 @@ static const OSSL_PARAM known_settable_ctx_params[] = { OSSL_PARAM_octet_string(OSSL_EXCHANGE_PARAM_KDF_UKM, NULL, 0), OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_EXCHANGE_PARAM_FIPS_KEY_CHECK) OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_EXCHANGE_PARAM_FIPS_DIGEST_CHECK) + OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_EXCHANGE_PARAM_FIPS_ECDH_COFACTOR_CHECK) OSSL_PARAM_END }; @@ -478,6 +482,10 @@ int ecdh_plain_derive(void *vpecdhctx, unsigned char *secret, const EC_GROUP *group; const BIGNUM *cofactor; int key_cofactor_mode; + int has_cofactor; +#ifdef FIPS_MODULE + int cofactor_approved = 0; +#endif if (pecdhctx->k == NULL || pecdhctx->peerk == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY); @@ -494,6 +502,8 @@ int ecdh_plain_derive(void *vpecdhctx, unsigned char *secret, || (cofactor = EC_GROUP_get0_cofactor(group)) == NULL) return 0; + has_cofactor = !BN_is_one(cofactor); + /* * NB: unlike PKCS#3 DH, if outlen is less than maximum size this is not * an error, the result is truncated. @@ -516,18 +526,37 @@ int ecdh_plain_derive(void *vpecdhctx, unsigned char *secret, (EC_KEY_get_flags(pecdhctx->k) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0; if (pecdhctx->cofactor_mode != -1 && pecdhctx->cofactor_mode != key_cofactor_mode - && !BN_is_one(cofactor)) { + && has_cofactor) { if ((privk = EC_KEY_dup(pecdhctx->k)) == NULL) return 0; - if (pecdhctx->cofactor_mode == 1) + if (pecdhctx->cofactor_mode == 1) { EC_KEY_set_flags(privk, EC_FLAG_COFACTOR_ECDH); - else +#ifdef FIPS_MODULE + cofactor_approved = 1; +#endif + } else { EC_KEY_clear_flags(privk, EC_FLAG_COFACTOR_ECDH); + } } else { privk = pecdhctx->k; } +#ifdef FIPS_MODULE + /* + * SP800-56A r3 Section 5.7.1.2 requires ECC Cofactor DH to be used. + * This applies to the 'B' and 'K' curves that have cofactors that are not 1. + */ + if (has_cofactor && !cofactor_approved) { + if (!OSSL_FIPS_IND_ON_UNAPPROVED(pecdhctx, OSSL_FIPS_IND_SETTABLE2, + pecdhctx->libctx, "ECDH", "Cofactor", + FIPS_ecdh_cofactor_check)) { + ERR_raise(ERR_LIB_PROV, PROV_R_COFACTOR_REQUIRED); + return 0; + } + } +#endif + ppubkey = EC_KEY_get0_public_key(pecdhctx->peerk); retlen = ECDH_compute_key(secret, size, ppubkey, privk, NULL); diff --git a/test/evp_test.c b/test/evp_test.c index 38a401ba231..3b223db2d3d 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -2661,6 +2661,7 @@ static int pderive_test_run(EVP_TEST *t) PKEY_DATA *expected = t->data; unsigned char *got = NULL; size_t got_len; + int ret = 1; if (!pkey_test_run_init(t)) goto err; @@ -2695,11 +2696,15 @@ static int pderive_test_run(EVP_TEST *t) got, got_len)) goto err; + if (!pkey_check_fips_approved(dctx, t)) { + ret = 0; + goto err; + } t->err = NULL; err: OPENSSL_free(got); EVP_PKEY_CTX_free(dctx); - return 1; + return ret; } static const EVP_TEST_METHOD pderive_test_method = { diff --git a/test/recipes/30-test_evp_data/evppkey_ecc.txt b/test/recipes/30-test_evp_data/evppkey_ecc.txt index 8264496a407..dfe6de11edb 100644 --- a/test/recipes/30-test_evp_data/evppkey_ecc.txt +++ b/test/recipes/30-test_evp_data/evppkey_ecc.txt @@ -3966,11 +3966,13 @@ ufNGbdd131KLaKPivB38a6n5Y+2BVSJangow PrivPubKeyPair=BOB_cf_sect233k1:BOB_cf_sect233k1_PUB # ECDH Alice with Bob peer +Availablein = default Derive=ALICE_cf_sect233k1 PeerKey=BOB_cf_sect233k1_PUB SharedSecret=012145026e8de65973c154e085456fc5539ba9e25663e7f5816abfcab310 # ECDH Bob with Alice peer +Availablein = default Derive=BOB_cf_sect233k1 PeerKey=ALICE_cf_sect233k1_PUB SharedSecret=012145026e8de65973c154e085456fc5539ba9e25663e7f5816abfcab310 @@ -4038,11 +4040,13 @@ TzzbBSTp5iqM13mP0/Bo4OO66NS3lA9e/GTO PrivPubKeyPair=BOB_cf_sect233r1:BOB_cf_sect233r1_PUB # ECDH Alice with Bob peer +Availablein = default Derive=ALICE_cf_sect233r1 PeerKey=BOB_cf_sect233r1_PUB SharedSecret=00209d2995a63f1e8b7a5c33dee5abb602e32e1835ae8bb57eb264d8d795 # ECDH Bob with Alice peer +Availablein = default Derive=BOB_cf_sect233r1 PeerKey=ALICE_cf_sect233r1_PUB SharedSecret=00209d2995a63f1e8b7a5c33dee5abb602e32e1835ae8bb57eb264d8d795 @@ -4110,11 +4114,13 @@ QkBYA5BpuG8Knlugq1iB31whPAgRCZfdLKHpHRPJSfXvKyUIdeUm PrivPubKeyPair=BOB_cf_sect283k1:BOB_cf_sect283k1_PUB # ECDH Alice with Bob peer +Availablein = default Derive=ALICE_cf_sect283k1 PeerKey=BOB_cf_sect283k1_PUB SharedSecret=03f67c88bdc230b43773d17fdb4d0a980556d074ceccee726932160e4ed965e3be72803c # ECDH Bob with Alice peer +Availablein = default Derive=BOB_cf_sect283k1 PeerKey=ALICE_cf_sect283k1_PUB SharedSecret=03f67c88bdc230b43773d17fdb4d0a980556d074ceccee726932160e4ed965e3be72803c @@ -4182,11 +4188,13 @@ PKpmAkrAeCMty6mw2mEnOR5HA1d4Ee+z7/NJgJJ80Ra9bFnreOW3 PrivPubKeyPair=BOB_cf_sect283r1:BOB_cf_sect283r1_PUB # ECDH Alice with Bob peer +Availablein = default Derive=ALICE_cf_sect283r1 PeerKey=BOB_cf_sect283r1_PUB SharedSecret=0424259cf09727574fb863cab7c27d8fe3835e96433110a45a951f94347fc81939ec4773 # ECDH Bob with Alice peer +Availablein = default Derive=BOB_cf_sect283r1 PeerKey=ALICE_cf_sect283r1_PUB SharedSecret=0424259cf09727574fb863cab7c27d8fe3835e96433110a45a951f94347fc81939ec4773 @@ -4256,11 +4264,13 @@ vuu4aApQiWE3yQd9v/I= PrivPubKeyPair=BOB_cf_sect409k1:BOB_cf_sect409k1_PUB # ECDH Alice with Bob peer +Availablein = default Derive=ALICE_cf_sect409k1 PeerKey=BOB_cf_sect409k1_PUB SharedSecret=01fbe13188588c9d1ac3a8a2680ea9a009b28e4b7d7fa4efcb1a22553876fb7973616819fd87c75e5b8ce6e3628595e4ce12edb0 # ECDH Bob with Alice peer +Availablein = default Derive=BOB_cf_sect409k1 PeerKey=ALICE_cf_sect409k1_PUB SharedSecret=01fbe13188588c9d1ac3a8a2680ea9a009b28e4b7d7fa4efcb1a22553876fb7973616819fd87c75e5b8ce6e3628595e4ce12edb0 @@ -4331,11 +4341,13 @@ sUTYee6cEf71oqJ1sCKPQiYzlwCu/HLQeWPxISE6Uo+53kkeJml2xpMBwoE25Gq/DSS61dR7SRTZ PrivPubKeyPair=BOB_cf_sect409r1:BOB_cf_sect409r1_PUB # ECDH Alice with Bob peer +Availablein = default Derive=ALICE_cf_sect409r1 PeerKey=BOB_cf_sect409r1_PUB SharedSecret=00a751259cdb3b445ce71a40a01a2189dfce70226111190505fc6eabe4e5a05bff7af55f2015e1ffcab6aea7ea9a6e74905da2a1 # ECDH Bob with Alice peer +Availablein = default Derive=BOB_cf_sect409r1 PeerKey=ALICE_cf_sect409r1_PUB SharedSecret=00a751259cdb3b445ce71a40a01a2189dfce70226111190505fc6eabe4e5a05bff7af55f2015e1ffcab6aea7ea9a6e74905da2a1 @@ -4406,11 +4418,13 @@ rKtR8fe+dg2V15FieC3qZe/wCpMtyp79VmEabGi6iGLlAN/rUE81URsA/K7GVpmklslV5gmwryR0 PrivPubKeyPair=BOB_cf_sect571k1:BOB_cf_sect571k1_PUB # ECDH Alice with Bob peer +Availablein = default Derive=ALICE_cf_sect571k1 PeerKey=BOB_cf_sect571k1_PUB SharedSecret=02b79c92cee50dc5b9fdddce36d4fa2e28d7d178cd74e575961f39429496305b38815c840c2e66327435c044ed885ec964068531251a2112717602532e8b6d5411db2fe05c1ac18c # ECDH Bob with Alice peer +Availablein = default Derive=BOB_cf_sect571k1 PeerKey=ALICE_cf_sect571k1_PUB SharedSecret=02b79c92cee50dc5b9fdddce36d4fa2e28d7d178cd74e575961f39429496305b38815c840c2e66327435c044ed885ec964068531251a2112717602532e8b6d5411db2fe05c1ac18c @@ -4481,11 +4495,13 @@ c1rETMV6ZruZinwzEWWWjwJf6612oy2HG3CX3B8Rm+a3sS0q6IzowEwqmDv6v9bMTFk8bsCv0Fk= PrivPubKeyPair=BOB_cf_sect571r1:BOB_cf_sect571r1_PUB # ECDH Alice with Bob peer +Availablein = default Derive=ALICE_cf_sect571r1 PeerKey=BOB_cf_sect571r1_PUB SharedSecret=0031f9879fa75b8c67ba81ee861be634e2b53aa79f834e9a8ca4df7f4461bcb02f083d9fa5b4767f881a710caa6524b58eb626623ba394961d46535204c26d165089e7d4f7be1827 # ECDH Bob with Alice peer +Availablein = default Derive=BOB_cf_sect571r1 PeerKey=ALICE_cf_sect571r1_PUB SharedSecret=0031f9879fa75b8c67ba81ee861be634e2b53aa79f834e9a8ca4df7f4461bcb02f083d9fa5b4767f881a710caa6524b58eb626623ba394961d46535204c26d165089e7d4f7be1827 diff --git a/test/recipes/30-test_evp_data/evppkey_ecdh.txt b/test/recipes/30-test_evp_data/evppkey_ecdh.txt index eae84e4b107..1d3d7617dcc 100644 --- a/test/recipes/30-test_evp_data/evppkey_ecdh.txt +++ b/test/recipes/30-test_evp_data/evppkey_ecdh.txt @@ -2896,12 +2896,14 @@ PrivPubKeyPair = BOB_sect233k1:BOB_sect233k1_PUB # ECDH Alice with Bob peer +Availablein = default Derive=ALICE_sect233k1 PeerKey=BOB_sect233k1_PUB SharedSecret=00a5e5f2e992f4360d530dd365d14f5c6013212e14f4ea258c91c71f1512 # ECDH Bob with Alice peer +Availablein = default Derive=BOB_sect233k1 PeerKey=ALICE_sect233k1_PUB SharedSecret=00a5e5f2e992f4360d530dd365d14f5c6013212e14f4ea258c91c71f1512 @@ -2942,12 +2944,14 @@ PrivPubKeyPair = BOB_sect233r1:BOB_sect233r1_PUB # ECDH Alice with Bob peer +Availablein = default Derive=ALICE_sect233r1 PeerKey=BOB_sect233r1_PUB SharedSecret=01625f3fcd367ee7cd74c67cca02dccfce6c3b19ef07e358ed943d17a8e2 # ECDH Bob with Alice peer +Availablein = default Derive=BOB_sect233r1 PeerKey=ALICE_sect233r1_PUB SharedSecret=01625f3fcd367ee7cd74c67cca02dccfce6c3b19ef07e358ed943d17a8e2 @@ -2990,12 +2994,14 @@ PrivPubKeyPair = BOB_sect283k1:BOB_sect283k1_PUB # ECDH Alice with Bob peer +Availablein = default Derive=ALICE_sect283k1 PeerKey=BOB_sect283k1_PUB SharedSecret=02f2e682c2f60d7261624f3661a5e85fca920443b72aa4dd5a540082e65e552302d8f825 # ECDH Bob with Alice peer +Availablein = default Derive=BOB_sect283k1 PeerKey=ALICE_sect283k1_PUB SharedSecret=02f2e682c2f60d7261624f3661a5e85fca920443b72aa4dd5a540082e65e552302d8f825 @@ -3038,12 +3044,14 @@ PrivPubKeyPair = BOB_sect283r1:BOB_sect283r1_PUB # ECDH Alice with Bob peer +Availablein = default Derive=ALICE_sect283r1 PeerKey=BOB_sect283r1_PUB SharedSecret=05778bc1afcf38d7dddb2150cacbfe4d38dc588968fd8b2e859c28ae2629d3435f89f6cc # ECDH Bob with Alice peer +Availablein = default Derive=BOB_sect283r1 PeerKey=ALICE_sect283r1_PUB SharedSecret=05778bc1afcf38d7dddb2150cacbfe4d38dc588968fd8b2e859c28ae2629d3435f89f6cc @@ -3090,12 +3098,14 @@ PrivPubKeyPair = BOB_sect409k1:BOB_sect409k1_PUB # ECDH Alice with Bob peer +Availablein = default Derive=ALICE_sect409k1 PeerKey=BOB_sect409k1_PUB SharedSecret=01523ec40ad40226a57281a4c423801ae9495dcf736eddd667023b1390977d018ce79313fb99c503f39cbee80f5c1968f3bd02e0 # ECDH Bob with Alice peer +Availablein = default Derive=BOB_sect409k1 PeerKey=ALICE_sect409k1_PUB SharedSecret=01523ec40ad40226a57281a4c423801ae9495dcf736eddd667023b1390977d018ce79313fb99c503f39cbee80f5c1968f3bd02e0 @@ -3142,12 +3152,14 @@ PrivPubKeyPair = BOB_sect409r1:BOB_sect409r1_PUB # ECDH Alice with Bob peer +Availablein = default Derive=ALICE_sect409r1 PeerKey=BOB_sect409r1_PUB SharedSecret=019dc849870dc6f79978aca8e1fc6aa6836c8fcb25bbfe3d5ab41ea53eae2c7329952280efb30f9097a31a774191e476dbd842d5 # ECDH Bob with Alice peer +Availablein = default Derive=BOB_sect409r1 PeerKey=ALICE_sect409r1_PUB SharedSecret=019dc849870dc6f79978aca8e1fc6aa6836c8fcb25bbfe3d5ab41ea53eae2c7329952280efb30f9097a31a774191e476dbd842d5 @@ -3198,12 +3210,14 @@ PrivPubKeyPair = BOB_sect571k1:BOB_sect571k1_PUB # ECDH Alice with Bob peer +Availablein = default Derive=ALICE_sect571k1 PeerKey=BOB_sect571k1_PUB SharedSecret=05a423515fcc91b3171c83edd5c4085ff729a8ff0a3fa1578ebf769523ded0f5c1e387cf63109f2fbd95e117345b788b4577fdc6b6e727230bfc73eae0d4e851cb6f6e616eddb13e # ECDH Bob with Alice peer +Availablein = default Derive=BOB_sect571k1 PeerKey=ALICE_sect571k1_PUB SharedSecret=05a423515fcc91b3171c83edd5c4085ff729a8ff0a3fa1578ebf769523ded0f5c1e387cf63109f2fbd95e117345b788b4577fdc6b6e727230bfc73eae0d4e851cb6f6e616eddb13e @@ -3254,12 +3268,14 @@ PrivPubKeyPair = BOB_sect571r1:BOB_sect571r1_PUB # ECDH Alice with Bob peer +Availablein = default Derive=ALICE_sect571r1 PeerKey=BOB_sect571r1_PUB SharedSecret=004b397e564055e2c7d87648183c948655ccb0ebb20bd441f9b11635cf461cb5815ff060eab33091b9f7aed67bec8ba1bb7b22437ece3c92c7cf76124408fb951595dfb4a512b2ae # ECDH Bob with Alice peer +Availablein = default Derive=BOB_sect571r1 PeerKey=ALICE_sect571r1_PUB SharedSecret=004b397e564055e2c7d87648183c948655ccb0ebb20bd441f9b11635cf461cb5815ff060eab33091b9f7aed67bec8ba1bb7b22437ece3c92c7cf76124408fb951595dfb4a512b2ae diff --git a/test/recipes/30-test_evp_data/evppkey_kas.txt b/test/recipes/30-test_evp_data/evppkey_kas.txt index 8933273a59e..2d45968152e 100644 --- a/test/recipes/30-test_evp_data/evppkey_kas.txt +++ b/test/recipes/30-test_evp_data/evppkey_kas.txt @@ -11660,8 +11660,27 @@ aO8Bay1Nqsqca+2XayBk71Q1KliuNDZ4NaYhDhV4KRwd6NZ8ILw9b/piDIezCYor nzq7jSys1bLuK2g5nqxOj2XOvdZjAP0Em1s= -----END PUBLIC KEY----- - +# Test that using ECC CDH works for all providers (this uses the EC curves cofactor) Derive=KAS-ECC-CDH_B-571_C24 PeerKey=KAS-ECC-CDH_B-571_C24-Peer-PUBLIC Ctrl=ecdh_cofactor_mode:1 SharedSecret=02da266a269bdc8d8b2a0c6bb5762f102fc801c8d5394a9271539136bd81d4b69cfbb7525cd0a983fb7f7e9deec583b8f8e574c6184b2d79831ec770649e484dc006fa35b0bffd0b + +# Test that ECC DH is not approved in FIPS (this uses a cofactor of 1) +Availablein = fips +FIPSversion = >=3.4.0 +Derive=KAS-ECC-CDH_B-571_C24 +PeerKey=KAS-ECC-CDH_B-571_C24-Peer-PUBLIC +Ctrl=ecdh_cofactor_mode:-1 +Result = DERIVE_ERROR +Reason = cofactor required + +# Test the ECC DH FIPS indicator (this uses a cofactor of 1) +Availablein = fips +FIPSversion = >=3.4.0 +Derive = KAS-ECC-CDH_B-571_C24 +Unapproved = 1 +Ctrl = ecdh-cofactor-check:0 +Ctrl = ecdh_cofactor_mode:-1 +PeerKey = KAS-ECC-CDH_B-571_C24-Peer-PUBLIC +SharedSecret=0722353705ad168630247998cfea24e2528622a208d13530b02906f77ca88b6dc3a9d7d44dbe3bf1e0b070d828e1d04349b3bc546664df0849e8f1ddac1b628150f3e1ad36125d9f diff --git a/util/mk-fipsmodule-cnf.pl b/util/mk-fipsmodule-cnf.pl index dea366b7a11..5ff5c2de667 100644 --- a/util/mk-fipsmodule-cnf.pl +++ b/util/mk-fipsmodule-cnf.pl @@ -23,6 +23,7 @@ my $rsa_pss_saltlen_check = 1; my $rsa_sign_x931_pad_disabled = 1; my $kdf_key_check = 1; my $pbkdf2_lower_bound_check = 1; +my $ec_cofactor_check = 1; my $activate = 1; my $version = 1; @@ -80,4 +81,5 @@ sshkdf-key-check = $kdf_key_check sskdf-key-check = $kdf_key_check x963kdf-key-check = $kdf_key_check pbkdf2-lower-bound-check = $pbkdf2_lower_bound_check +ecdh-cofactor-check = $ec_cofactor_check _____ diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm index a41d0f57ef1..76c40e5e81f 100644 --- a/util/perl/OpenSSL/paramnames.pm +++ b/util/perl/OpenSSL/paramnames.pm @@ -52,6 +52,7 @@ my %params = ( 'PROV_PARAM_SSKDF_KEY_CHECK' => "sskdf-key-check", # uint 'PROV_PARAM_X963KDF_KEY_CHECK' => "x963kdf-key-check", # uint 'PROV_PARAM_PBKDF2_LOWER_BOUND_CHECK' => "pbkdf2-lower-bound-check", # uint + 'PROV_PARAM_ECDH_COFACTOR_CHECK' => "ecdh-cofactor-check", # uint # Self test callback parameters 'PROV_PARAM_SELF_TEST_PHASE' => "st-phase",# utf8_string @@ -411,6 +412,7 @@ my %params = ( 'EXCHANGE_PARAM_KDF_UKM' => "kdf-ukm", 'EXCHANGE_PARAM_FIPS_DIGEST_CHECK' => '*PKEY_PARAM_FIPS_DIGEST_CHECK', 'EXCHANGE_PARAM_FIPS_KEY_CHECK' => '*PKEY_PARAM_FIPS_KEY_CHECK', + 'EXCHANGE_PARAM_FIPS_ECDH_COFACTOR_CHECK' => '*PROV_PARAM_ECDH_COFACTOR_CHECK', 'EXCHANGE_PARAM_FIPS_APPROVED_INDICATOR' => '*ALG_PARAM_FIPS_APPROVED_INDICATOR', # Signature parameters