Add PCT for DH required by SP 800-56Arev3, Section 5.6.2.1.4 to obtain assurance of pairwise consistency.

Requested by lab.

Signed-off-by: Jeremy Allison <jallison@ciq.com>

Author: jallisonciq

crypto/dh.c

@@ -227,10 +227,35 @@ static int dh_compute_value(struct kpp_request *req)
 
 		/* SP800-56A rev 3 5.6.2.1.3 key check */
 		} else {
+			MPI val_pct;
+
 			if (dh_is_pubkey_valid(ctx, val)) {
 				ret = -EAGAIN;
 				goto err_free_val;
 			}
+
+			/*
+			 * SP800-56Arev3, 5.6.2.1.4: ("Owner Assurance
+			 * of Pair-wise Consistency"): recompute the
+			 * public key and check if the results match.
+			 */
+			val_pct = mpi_alloc(0);
+			if (!val_pct) {
+				ret = -ENOMEM;
+				goto err_free_val;
+			}
+
+			ret = _compute_val(ctx, base, val_pct);
+			if (ret) {
+				mpi_free(val_pct);
+				goto err_free_val;
+			}
+
+			if (mpi_cmp(val, val_pct) != 0) {
+				fips_fail_notify();
+				panic("dh: pair-wise consistency test failed\n");
+			}
+			mpi_free(val_pct);
 		}
 	}