forked from pool/libgcrypt
Pedro Monreal Gonzalez
b5b243be7f
* Add --enable-marvin-workaround to spec to enable workaround * Fix timing based side-channel in RSA implementation ( Marvin attack ) * Add libgcrypt-CVE-2024-2236.patch OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=193
95 lines
3.5 KiB
Diff
95 lines
3.5 KiB
Diff
From be57179f42f8a7cb64f72f73ccea753400573b4f Mon Sep 17 00:00:00 2001
|
|
From: Lucas Mulling via Gcrypt-devel <gcrypt-devel@gnupg.org>
|
|
Date: Wed, 26 Feb 2025 12:29:53 -0300
|
|
Subject: [PATCH 02/14] cipher: Add KAT for non-rfc6979 ECDSA with fixed k
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
* cipher/ecc.c (run_selftests): Implement KAT for non-deterministic
|
|
ECDSA.
|
|
* cipher/ecc. (rfc6979_ecdsa_sample_data, rfc6979_ecdsa_sample_data_bad,
|
|
rfc6979_ecdsa_data_tmpl): New.
|
|
|
|
Signed-off-by: Lucas Mulling <lucas.mulling@suse.com>
|
|
Signed-off-by: Lucas Mülling <lucas.mulling@suse.com>
|
|
---
|
|
cipher/ecc.c | 40 +++++++++++++++++++++++++++++++++++++---
|
|
1 file changed, 37 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/cipher/ecc.c b/cipher/ecc.c
|
|
index 525523ed..d331a014 100644
|
|
--- a/cipher/ecc.c
|
|
+++ b/cipher/ecc.c
|
|
@@ -93,23 +93,47 @@ static const char ecdsa_sample_secret_key_secp256[] =
|
|
/**/ "7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299#)))";
|
|
|
|
/* Sample data from RFC 6979 section A.2.5, hash is of message "sample" */
|
|
-static const char ecdsa_sample_data[] =
|
|
+static const char rfc6979_ecdsa_sample_data[] =
|
|
"(data (flags rfc6979 prehash)"
|
|
" (hash-algo sha256)"
|
|
" (value 6:sample))";
|
|
|
|
-static const char ecdsa_sample_data_bad[] =
|
|
+static const char rfc6979_ecdsa_sample_data_bad[] =
|
|
"(data (flags rfc6979)"
|
|
" (hash sha256 #bf2bdbe1aa9b6ec1e2ade1d694f41fc71a831d0268e98915"
|
|
/**/ "62113d8a62add1bf#))";
|
|
|
|
+static const char *rfc6979_ecdsa_data_tmpl =
|
|
+ "(data (flags rfc6979)"
|
|
+ " (hash %s %b))";
|
|
+
|
|
+/*
|
|
+ * Sample data from RFC 6979 section A.2.5, with fixed k,
|
|
+ * hash is of message "sample".
|
|
+ */
|
|
+static const char ecdsa_sample_data[] =
|
|
+ "(data (flags raw prehash)"
|
|
+ " (label #A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60#)"
|
|
+ " (hash-algo sha256)"
|
|
+ " (value 6:sample))";
|
|
+
|
|
+static const char ecdsa_sample_data_bad[] =
|
|
+ "(data (flags raw)"
|
|
+ " (label #A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60#)"
|
|
+ " (hash sha256 #bf2bdbe1aa9b6ec1e2ade1d694f41fc71a831d0268e98915"
|
|
+ /**/ "62113d8a62add1bf#))";
|
|
+
|
|
+static const char *ecdsa_data_tmpl =
|
|
+ "(data (flags raw)"
|
|
+ " (label #A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60#)"
|
|
+ " (hash %s %b))";
|
|
+
|
|
static const char ecdsa_signature_r[] =
|
|
"efd48b2aacb6a8fd1140dd9cd45e81d69d2c877b56aaf991c34d0ea84eaf3716";
|
|
|
|
static const char ecdsa_signature_s[] =
|
|
"f7cb1c942d657c41d436c7a1b6e29f65f3e900dbb9aff4064dc4ab2f843acda8";
|
|
|
|
-static const char *ecdsa_data_tmpl = "(data (flags rfc6979) (hash %s %b))";
|
|
/* Sample data from RFC 6979 section A.2.5, hash is of message "sample" */
|
|
static const char ecdsa_sample_data_string[] = "sample";
|
|
static const char ecdsa_sample_data_bad_string[] = "sbmple";
|
|
@@ -2409,6 +2433,16 @@ run_selftests (int algo, int extended, selftest_report_func_t report)
|
|
if (r)
|
|
return r;
|
|
|
|
+ r = selftests_ecc (report, extended, 0,
|
|
+ ecdsa_sample_secret_key_secp256,
|
|
+ ecdsa_sample_public_key_secp256,
|
|
+ rfc6979_ecdsa_sample_data, rfc6979_ecdsa_sample_data_bad,
|
|
+ rfc6979_ecdsa_data_tmpl,
|
|
+ ecdsa_sample_data_string, ecdsa_sample_data_bad_string,
|
|
+ ecdsa_signature_r, ecdsa_signature_s);
|
|
+ if (r)
|
|
+ return r;
|
|
+
|
|
r = selftests_ecc (report, extended, 1,
|
|
ed25519_sample_secret_key,
|
|
ed25519_sample_public_key,
|
|
--
|
|
2.49.0
|
|
|