dh-primes: make the FIPS approved check return Q value

This is necessary for full public key validation in
SP800-56A (revision 3), section 5.6.2.3.1.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c
index 252eea0cb415401457918820aa8a6ff9a15edf21..fcd696d4d66a082268c9c71ac772c33df970764a 100644 (file)
--- a/lib/auth/dh_common.c
+++ b/lib/auth/dh_common.c
@@ -259,7 +259,7 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session,
 
 #ifdef ENABLE_FIPS140
        if (gnutls_fips140_mode_enabled() &&
-           !_gnutls_dh_prime_is_fips_approved(data_p, n_p, data_g, n_g)) {
+           !_gnutls_dh_prime_match_fips_approved(data_p, n_p, data_g, n_g, NULL, NULL)) {
                gnutls_assert();
                return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
        }

diff --git a/lib/dh-primes.c b/lib/dh-primes.c
index a43a8e5dea3347e5f4e7c25404a03140524c5d36..a440b5b98af489f371a2a51b23f751154842cab9 100644 (file)
--- a/lib/dh-primes.c
+++ b/lib/dh-primes.c
@@ -1894,25 +1894,28 @@ const gnutls_datum_t gnutls_modp_8192_group_generator = {
 const unsigned int gnutls_modp_8192_key_bits = 512;
 
 unsigned
-_gnutls_dh_prime_is_fips_approved(const uint8_t *prime,
-                                 size_t prime_size,
-                                 const uint8_t *generator,
-                                 size_t generator_size)
+_gnutls_dh_prime_match_fips_approved(const uint8_t *prime,
+                                    size_t prime_size,
+                                    const uint8_t *generator,
+                                    size_t generator_size,
+                                    uint8_t **q,
+                                    size_t *q_size)
 {
        static const struct {
                const gnutls_datum_t *prime;
                const gnutls_datum_t *generator;
+               const gnutls_datum_t *q;
        } primes[] = {
-               { &gnutls_ffdhe_8192_group_prime, &gnutls_ffdhe_8192_group_generator },
-               { &gnutls_ffdhe_6144_group_prime, &gnutls_ffdhe_6144_group_generator },
-               { &gnutls_ffdhe_4096_group_prime, &gnutls_ffdhe_4096_group_generator },
-               { &gnutls_ffdhe_3072_group_prime, &gnutls_ffdhe_3072_group_generator },
-               { &gnutls_ffdhe_2048_group_prime, &gnutls_ffdhe_2048_group_generator },
-               { &gnutls_modp_8192_group_prime, &gnutls_modp_8192_group_generator },
-               { &gnutls_modp_6144_group_prime, &gnutls_modp_6144_group_generator },
-               { &gnutls_modp_4096_group_prime, &gnutls_modp_4096_group_generator },
-               { &gnutls_modp_3072_group_prime, &gnutls_modp_3072_group_generator },
-               { &gnutls_modp_2048_group_prime, &gnutls_modp_2048_group_generator },
+               { &gnutls_ffdhe_8192_group_prime, &gnutls_ffdhe_8192_group_generator, &gnutls_ffdhe_8192_group_q },
+               { &gnutls_ffdhe_6144_group_prime, &gnutls_ffdhe_6144_group_generator, &gnutls_ffdhe_6144_group_q },
+               { &gnutls_ffdhe_4096_group_prime, &gnutls_ffdhe_4096_group_generator, &gnutls_ffdhe_4096_group_q },
+               { &gnutls_ffdhe_3072_group_prime, &gnutls_ffdhe_3072_group_generator, &gnutls_ffdhe_3072_group_q },
+               { &gnutls_ffdhe_2048_group_prime, &gnutls_ffdhe_2048_group_generator, &gnutls_ffdhe_2048_group_q },
+               { &gnutls_modp_8192_group_prime, &gnutls_modp_8192_group_generator, &gnutls_modp_8192_group_q },
+               { &gnutls_modp_6144_group_prime, &gnutls_modp_6144_group_generator, &gnutls_modp_6144_group_q },
+               { &gnutls_modp_4096_group_prime, &gnutls_modp_4096_group_generator, &gnutls_modp_4096_group_q },
+               { &gnutls_modp_3072_group_prime, &gnutls_modp_3072_group_generator, &gnutls_modp_3072_group_q },
+               { &gnutls_modp_2048_group_prime, &gnutls_modp_2048_group_generator, &gnutls_modp_2048_group_q },
        };
        size_t i;
 
@@ -1920,8 +1923,13 @@ _gnutls_dh_prime_is_fips_approved(const uint8_t *prime,
                if (primes[i].prime->size == prime_size &&
                    memcmp(primes[i].prime->data, prime, primes[i].prime->size) == 0 &&
                    primes[i].generator->size == generator_size &&
-                   memcmp(primes[i].generator->data, generator, primes[i].generator->size) == 0)
+                   memcmp(primes[i].generator->data, generator, primes[i].generator->size) == 0) {
+                       if (q) {
+                               *q = primes[i].q->data;
+                               *q_size = primes[i].q->size;
+                       }
                        return 1;
+               }
        }
 
        return 0;

diff --git a/lib/dh.h b/lib/dh.h
index 6724519479ecee1865e753b88c1faf298e450ba7..f5c2c0924b00518498a3c1de9d744aaf7110febe 100644 (file)
--- a/lib/dh.h
+++ b/lib/dh.h
@@ -61,9 +61,11 @@ extern const gnutls_datum_t gnutls_modp_2048_group_generator;
 extern const unsigned int gnutls_modp_2048_key_bits;
 
 unsigned
-_gnutls_dh_prime_is_fips_approved(const uint8_t *prime,
-                                 size_t prime_size,
-                                 const uint8_t *generator,
-                                 size_t generator_size);
+_gnutls_dh_prime_match_fips_approved(const uint8_t *prime,
+                                    size_t prime_size,
+                                    const uint8_t *generator,
+                                    size_t generator_size,
+                                    uint8_t **q,
+                                    size_t *q_size);
 
 #endif /* GNUTLS_LIB_DH_H */