[gnutls-devel] GnuTLS | nettle: check validity of (EC)DH shared secret before export (!1299)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Sat Jul 18 09:14:48 CEST 2020

Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1299#note_381661234

In summary:

> - Shared secret generation: section (FFC) and (ECC) - this patch covers this check

Done in bea53f1b46a64d6dcf5bbe4794740c4d4459f9bf (FFC) and 13202600d3e42258d8758b05ff45a3e3d0f07e4e (ECC).

> - receipt of remote public key following section
>    * FFC:
>        . if PQG are RFC3526 / RFC7919 primes, then apply (at least) the partial validation from section
>        . otherwise perform the full validation compliant to section

I believe this is already done in `lib/nettle/pk.c:_wrap_nettle_pk_derive`.  The relevant code is around:
- https://gitlab.com/gnutls/gnutls/-/blob/master/lib/nettle/pk.c#L312
- https://gitlab.com/gnutls/gnutls/-/blob/master/lib/nettle/pk.c#L322

>    * ECC: perform partial validation compliant to

This is also done through `_wrap_nettle_pk_derive` already:
- `_wrap_nettle_pk_derive` calls `_ecc_params_to_pubkey`: https://gitlab.com/gnutls/gnutls/-/blob/master/lib/nettle/pk.c#L397
- `_ecc_params_to_pubkey` uses nettle's `ecc_point_set`: https://gitlab.com/gnutls/gnutls/-/blob/master/lib/nettle/pk.c#L397
- `ecc_point_set` has all the necessary checks: https://gitlab.com/gnutls/nettle/-/blob/master/ecc-point.c#L64 (step 1 and 2) and https://gitlab.com/gnutls/nettle/-/blob/master/ecc-point.c#L64 (step 3)

> - generation of local key pair following section
>    * FFC:
>      . perform the full validation compliant to section

Done in 8b575625614fbe5a22b68dc8d1877efb1d44dd37.

>    * ECC:
>      . perform a full validation compliant to section

Done in db001209da553a7eeaa68fd06d2d64a22ef42bde.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1299#note_381661234
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200718/544cbbb5/attachment-0001.html>

More information about the Gnutls-devel mailing list