Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-15992

NIST SP 800-56Arev3 Section 5.6.2.1 - Missing ECDH Public Key Check [rhel-9.2.0.z]

    • openssl-3.0.7-18.el9_2
    • None
    • None
    • ZStream
    • 1
    • rhel-sst-security-crypto
    • ssg_security
    • 0.2
    • False
    • Hide

      None

      Show
      None
    • None
    • Crypto24Q1
    • None

      This is a clone of issue RHEL-15990 to use for version rhel-9.2.0.z

      Original description:
      From 56Arev3 the owner needs to gain assurance of the public key validity as mentioned in :

      5.6.2.1 Assurances Required by the Key Pair Owner

      Prior to the use of a static or ephemeral key pair in a key-establishment transaction, the keypair owner shall confirm the validity of the key pair by obtaining the following assurances:

      ...

      Assurance of public-key validity – assurance that the public key has the correct
      representation for a non-identity element of the correct cryptographic subgroup, as uniquely determined by the domain parameters (see Section 5.6.2.1.3 for the methods for obtaining this assurance).

      This was further refined in a recent RFG by the CMVP stating that the ECDH key generation service shall include a call to the public key validation.

       

      This is compliant for DH but not for ECDH where ec_generate_key() does not call ossl_ec_key_public_check().

      A possible solution would be to add something like this similar to what was already done for DH in crypto/dh/dh_key.c:

      #ifdef FIPS_MODULE
          if (DH_check_pub_key(dh, pub_key, &validate) <= 0) {
              ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID);
              goto err;
          }
      #endif
      

      Something like this in ec_generate_key() :

      #ifdef FIPS_MODULE
          if (ossl_ec_key_public_check(eckey, ctx) <= 0) {
              ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY);
              goto err;
          }
      #endif
      

       

              hkario@redhat.com Alicja Kario
              watson-automation Watson Automation
              Dmitry Belyavskiy Dmitry Belyavskiy
              Alicja Kario Alicja Kario
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: