libgcrypt/libgcrypt-cipher-Add-KAT-for-non-rfc6979-ECDSA-with-fixed-k.patch

From be57179f42f8a7cb64f72f73ccea753400573b4f Mon Sep 17 00:00:00 2001
From: Lucas Mulling via Gcrypt-devel <gcrypt-devel@gnupg.org>
Date: Wed, 26 Feb 2025 12:29:53 -0300
Subject: [PATCH 02/14] cipher: Add KAT for non-rfc6979 ECDSA with fixed k
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* cipher/ecc.c (run_selftests): Implement KAT for non-deterministic
ECDSA.
* cipher/ecc. (rfc6979_ecdsa_sample_data, rfc6979_ecdsa_sample_data_bad,
rfc6979_ecdsa_data_tmpl): New.

Signed-off-by: Lucas Mulling <lucas.mulling@suse.com>
Signed-off-by: Lucas Mülling <lucas.mulling@suse.com>
---
 cipher/ecc.c | 40 +++++++++++++++++++++++++++++++++++++---
 1 file changed, 37 insertions(+), 3 deletions(-)

diff --git a/cipher/ecc.c b/cipher/ecc.c
index 525523ed..d331a014 100644
--- a/cipher/ecc.c
+++ b/cipher/ecc.c
@@ -93,23 +93,47 @@ static const char ecdsa_sample_secret_key_secp256[] =
   /**/  "7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299#)))";
 
 /* Sample data from RFC 6979 section A.2.5, hash is of message "sample" */
-static const char ecdsa_sample_data[] =
+static const char rfc6979_ecdsa_sample_data[] =
   "(data (flags rfc6979 prehash)"
   " (hash-algo sha256)"
   " (value 6:sample))";
 
-static const char ecdsa_sample_data_bad[] =
+static const char rfc6979_ecdsa_sample_data_bad[] =
   "(data (flags rfc6979)"
   " (hash sha256 #bf2bdbe1aa9b6ec1e2ade1d694f41fc71a831d0268e98915"
   /**/           "62113d8a62add1bf#))";
 
+static const char *rfc6979_ecdsa_data_tmpl =
+  "(data (flags rfc6979)"
+  " (hash %s %b))";
+
+/*
+ * Sample data from RFC 6979 section A.2.5, with fixed k,
+ * hash is of message "sample".
+ */
+static const char ecdsa_sample_data[] =
+  "(data (flags raw prehash)"
+  " (label #A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60#)"
+  " (hash-algo sha256)"
+  " (value 6:sample))";
+
+static const char ecdsa_sample_data_bad[] =
+  "(data (flags raw)"
+  " (label #A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60#)"
+  " (hash sha256 #bf2bdbe1aa9b6ec1e2ade1d694f41fc71a831d0268e98915"
+  /**/           "62113d8a62add1bf#))";
+
+static const char *ecdsa_data_tmpl =
+  "(data (flags raw)"
+  " (label #A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60#)"
+  " (hash %s %b))";
+
 static const char ecdsa_signature_r[] =
   "efd48b2aacb6a8fd1140dd9cd45e81d69d2c877b56aaf991c34d0ea84eaf3716";
 
 static const char ecdsa_signature_s[] =
   "f7cb1c942d657c41d436c7a1b6e29f65f3e900dbb9aff4064dc4ab2f843acda8";
 
-static const char *ecdsa_data_tmpl = "(data (flags rfc6979) (hash %s %b))";
 /* Sample data from RFC 6979 section A.2.5, hash is of message "sample" */
 static const char ecdsa_sample_data_string[] = "sample";
 static const char ecdsa_sample_data_bad_string[] = "sbmple";
@@ -2409,6 +2433,16 @@ run_selftests (int algo, int extended, selftest_report_func_t report)
   if (r)
     return r;
 
+  r = selftests_ecc (report, extended, 0,
+                     ecdsa_sample_secret_key_secp256,
+                     ecdsa_sample_public_key_secp256,
+                     rfc6979_ecdsa_sample_data, rfc6979_ecdsa_sample_data_bad,
+                     rfc6979_ecdsa_data_tmpl,
+                     ecdsa_sample_data_string, ecdsa_sample_data_bad_string,
+                     ecdsa_signature_r, ecdsa_signature_s);
+  if (r)
+    return r;
+
   r = selftests_ecc (report, extended, 1,
                      ed25519_sample_secret_key,
                      ed25519_sample_public_key,
-- 
2.49.0
- Security fix [bsc#1221107, CVE-2024-2236] * Add --enable-marvin-workaround to spec to enable workaround * Fix timing based side-channel in RSA implementation ( Marvin attack ) * Add libgcrypt-CVE-2024-2236.patch OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=193 2025-06-10 07:06:49 +00:00			`From be57179f42f8a7cb64f72f73ccea753400573b4f Mon Sep 17 00:00:00 2001`
			`From: Lucas Mulling via Gcrypt-devel <gcrypt-devel@gnupg.org>`
			`Date: Wed, 26 Feb 2025 12:29:53 -0300`
			`Subject: [PATCH 02/14] cipher: Add KAT for non-rfc6979 ECDSA with fixed k`
			`MIME-Version: 1.0`
			`Content-Type: text/plain; charset=UTF-8`
			`Content-Transfer-Encoding: 8bit`

			`* cipher/ecc.c (run_selftests): Implement KAT for non-deterministic`
			`ECDSA.`
			`* cipher/ecc. (rfc6979_ecdsa_sample_data, rfc6979_ecdsa_sample_data_bad,`
			`rfc6979_ecdsa_data_tmpl): New.`

			`Signed-off-by: Lucas Mulling <lucas.mulling@suse.com>`
			`Signed-off-by: Lucas Mülling <lucas.mulling@suse.com>`
			`---`
			`cipher/ecc.c \| 40 +++++++++++++++++++++++++++++++++++++---`
			`1 file changed, 37 insertions(+), 3 deletions(-)`

			`diff --git a/cipher/ecc.c b/cipher/ecc.c`
			`index 525523ed..d331a014 100644`
			`--- a/cipher/ecc.c`
			`+++ b/cipher/ecc.c`
			`@@ -93,23 +93,47 @@ static const char ecdsa_sample_secret_key_secp256[] =`
			`/**/ "7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299#)))";`

			`/* Sample data from RFC 6979 section A.2.5, hash is of message "sample" */`
			`-static const char ecdsa_sample_data[] =`
			`+static const char rfc6979_ecdsa_sample_data[] =`
			`"(data (flags rfc6979 prehash)"`
			`" (hash-algo sha256)"`
			`" (value 6:sample))";`

			`-static const char ecdsa_sample_data_bad[] =`
			`+static const char rfc6979_ecdsa_sample_data_bad[] =`
			`"(data (flags rfc6979)"`
			`" (hash sha256 #bf2bdbe1aa9b6ec1e2ade1d694f41fc71a831d0268e98915"`
			`/**/ "62113d8a62add1bf#))";`

			`+static const char *rfc6979_ecdsa_data_tmpl =`
			`+ "(data (flags rfc6979)"`
			`+ " (hash %s %b))";`
			`+`
			`+/*`
			`+ * Sample data from RFC 6979 section A.2.5, with fixed k,`
			`+ * hash is of message "sample".`
			`+ */`
			`+static const char ecdsa_sample_data[] =`
			`+ "(data (flags raw prehash)"`
			`+ " (label #A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60#)"`
			`+ " (hash-algo sha256)"`
			`+ " (value 6:sample))";`
			`+`
			`+static const char ecdsa_sample_data_bad[] =`
			`+ "(data (flags raw)"`
			`+ " (label #A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60#)"`
			`+ " (hash sha256 #bf2bdbe1aa9b6ec1e2ade1d694f41fc71a831d0268e98915"`
			`+ /**/ "62113d8a62add1bf#))";`
			`+`
			`+static const char *ecdsa_data_tmpl =`
			`+ "(data (flags raw)"`
			`+ " (label #A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60#)"`
			`+ " (hash %s %b))";`
			`+`
			`static const char ecdsa_signature_r[] =`
			`"efd48b2aacb6a8fd1140dd9cd45e81d69d2c877b56aaf991c34d0ea84eaf3716";`

			`static const char ecdsa_signature_s[] =`
			`"f7cb1c942d657c41d436c7a1b6e29f65f3e900dbb9aff4064dc4ab2f843acda8";`

			`-static const char *ecdsa_data_tmpl = "(data (flags rfc6979) (hash %s %b))";`
			`/* Sample data from RFC 6979 section A.2.5, hash is of message "sample" */`
			`static const char ecdsa_sample_data_string[] = "sample";`
			`static const char ecdsa_sample_data_bad_string[] = "sbmple";`
			`@@ -2409,6 +2433,16 @@ run_selftests (int algo, int extended, selftest_report_func_t report)`
			`if (r)`
			`return r;`

			`+ r = selftests_ecc (report, extended, 0,`
			`+ ecdsa_sample_secret_key_secp256,`
			`+ ecdsa_sample_public_key_secp256,`
			`+ rfc6979_ecdsa_sample_data, rfc6979_ecdsa_sample_data_bad,`
			`+ rfc6979_ecdsa_data_tmpl,`
			`+ ecdsa_sample_data_string, ecdsa_sample_data_bad_string,`
			`+ ecdsa_signature_r, ecdsa_signature_s);`
			`+ if (r)`
			`+ return r;`
			`+`
			`r = selftests_ecc (report, extended, 1,`
			`ed25519_sample_secret_key,`
			`ed25519_sample_public_key,`
			`--`
			`2.49.0`