• Stephan Mueller's avatar
    crypto: dh - add public key verification test · e3fe0ae1
    Stephan Mueller authored
    According to SP800-56A section 5.6.2.1, the public key to be processed
    for the DH operation shall be checked for appropriateness. The check
    shall covers the full verification test in case the domain parameter Q
    is provided as defined in SP800-56A section 5.6.2.3.1. If Q is not
    provided, the partial check according to SP800-56A section 5.6.2.3.2 is
    performed.
    
    The full verification test requires the presence of the domain parameter
    Q. Thus, the patch adds the support to handle Q. It is permissible to
    not provide the Q value as part of the domain parameters. This implies
    that the interface is still backwards-compatible where so far only P and
    G are to be provided. However, if Q is provided, it is imported.
    
    Without the test, the NIST ACVP testing fails. After adding this check,
    the NIST ACVP testing passes. Testing without providing the Q domain
    parameter has been performed to verify the interface has not changed.
    Signed-off-by: default avatarStephan Mueller <smueller@chronox.de>
    Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
    e3fe0ae1
dh_helper.c 3.52 KB