c_cpp/libgcrypt
SHA256
8
0
Fork 0
forked from pool/libgcrypt
Code Pull Requests Activity
Files
devel
libgcrypt/libgcrypt-fips-kdf-Implement-new-FIPS-service-indicator-for-gcry_kdf_derive.patch
Pedro Monreal Gonzalez b5b243be7f - Security fix [bsc#1221107, CVE-2024-2236] 
* Add --enable-marvin-workaround to spec to enable workaround
  * Fix  timing based side-channel in RSA implementation ( Marvin attack ) 
  * Add libgcrypt-CVE-2024-2236.patch

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=193
2025-06-10 07:06:49 +00:00

266 lines
8.6 KiB
Diff
Raw Permalink Blame History

From 5cfa1aee5b98baf0d66333344e0fa45b79cca28b Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Thu, 5 Dec 2024 14:52:17 +0900
Subject: [PATCH 3/5] fips,kdf: Implement new FIPS service indicator for
gcry_kdf_derive.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* cipher/kdf.c (_gcry_kdf_derive): Don't reject by GPG_ERR_INV_VALUE
but continue the computation, clearing IS_COMPLIANT. After successful
computation, call fips_service_indicator_mark_success with
IS_COMPLIANT.
* src/visibility.c (gcry_kdf_derive): Call fips_service_indicator_init.
* tests/t-kdf.c (check_fips_gcry_kdf_derive): New.
(main): Call check_fips_gcry_kdf_derive.
--
GnuPG-bug-id: 7338
Co-authored-by: David Sugar <david@atsec.com>
Suggested-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Signed-off-by: Lucas Mülling <lucas.mulling@suse.com>
---
cipher/kdf.c | 33 ++++++-----
src/visibility.c | 1 +
tests/t-kdf.c | 149 ++++++++++++++++++++++++++++++++++++++++++++++-
3 files changed, 169 insertions(+), 14 deletions(-)
diff --git a/cipher/kdf.c b/cipher/kdf.c
index b4c5f83a..52e6a9ba 100644
--- a/cipher/kdf.c
+++ b/cipher/kdf.c
@@ -279,28 +279,35 @@ _gcry_kdf_derive (const void *passphrase, size_t passphraselen,
break;
case GCRY_KDF_PBKDF2:
- if (!saltlen)
+ if (!saltlen || !iterations)
ec = GPG_ERR_INV_VALUE;
else
{
- /* FIPS requires minimum passphrase length, see FIPS 140-3 IG D.N */
- if (fips_mode () && passphraselen < 8)
- return GPG_ERR_INV_VALUE;
+ int is_compliant = 1;
+
+ if (fips_mode ())
+ {
+ /* FIPS requires minimum passphrase length, see FIPS 140-3 IG D.N */
+ if (passphraselen < 8)
+ is_compliant &= 0;
- /* FIPS requires minimum salt length of 128 b (SP 800-132 sec. 5.1, p.6) */
- if (fips_mode () && saltlen < 16)
- return GPG_ERR_INV_VALUE;
+ /* FIPS requires minimum salt length of 128 b (SP 800-132 sec. 5.1, p.6) */
+ if (saltlen < 16)
+ is_compliant &= 0;
- /* FIPS requires minimum iterations bound (SP 800-132 sec 5.2, p.6) */
- if (fips_mode () && iterations < 1000)
- return GPG_ERR_INV_VALUE;
+ /* FIPS requires minimum iterations bound (SP 800-132 sec 5.2, p.6) */
+ if (iterations < 1000)
+ is_compliant &= 0;
- /* Check minimum key size */
- if (fips_mode () && keysize < 14)
- return GPG_ERR_INV_VALUE;
+ /* Check minimum key size */
+ if (keysize < 14)
+ is_compliant &= 0;
+ }
ec = _gcry_kdf_pkdf2 (passphrase, passphraselen, subalgo,
salt, saltlen, iterations, keysize, keybuffer);
+ if (!ec)
+ fips_service_indicator_mark_success (is_compliant);
}
break;
diff --git a/src/visibility.c b/src/visibility.c
index 006e8f80..8f76b854 100644
--- a/src/visibility.c
+++ b/src/visibility.c
@@ -1400,6 +1400,7 @@ gcry_kdf_derive (const void *passphrase, size_t passphraselen,
{
if (!fips_is_operational ())
return gpg_error (fips_not_operational ());
+ fips_service_indicator_init ();
return gpg_error (_gcry_kdf_derive (passphrase, passphraselen, algo, hashalgo,
salt, saltlen, iterations,
keysize, keybuffer));
diff --git a/tests/t-kdf.c b/tests/t-kdf.c
index 10f64a7c..4b92bd30 100644
--- a/tests/t-kdf.c
+++ b/tests/t-kdf.c
@@ -1927,6 +1927,151 @@ check_fips_indicators (void)
}
+static void
+check_fips_gcry_kdf_derive (void)
+{
+ static struct {
+ const char *p; /* Passphrase. */
+ size_t plen; /* Length of P. */
+ int algo;
+ int subalgo;
+ const char *salt;
+ size_t saltlen;
+ unsigned long iterations;
+ int dklen; /* Requested key length. */
+ const char *dk; /* Derived key. */
+ int expect_failure;
+ } tv[] = {
+ {
+ "passwordPASSWORDpassword", 24,
+ GCRY_KDF_PBKDF2, GCRY_MD_SHA1,
+ "saltSALTsaltSALTsaltSALTsaltSALTsalt", 36,
+ 4096,
+ 25,
+ "\x3d\x2e\xec\x4f\xe4\x1c\x84\x9b\x80\xc8"
+ "\xd8\x36\x62\xc0\xe4\x4a\x8b\x29\x1a\x96"
+ "\x4c\xf2\xf0\x70\x38",
+ 0
+ },
+ {
+ "pleaseletmein", 13,
+ GCRY_KDF_SCRYPT, 16384,
+ "SodiumChloride", 14,
+ 1,
+ 64,
+ "\x70\x23\xbd\xcb\x3a\xfd\x73\x48\x46\x1c\x06\xcd\x81\xfd\x38\xeb"
+ "\xfd\xa8\xfb\xba\x90\x4f\x8e\x3e\xa9\xb5\x43\xf6\x54\x5d\xa1\xf2"
+ "\xd5\x43\x29\x55\x61\x3f\x0f\xcf\x62\xd4\x97\x05\x24\x2a\x9a\xf9"
+ "\xe6\x1e\x85\xdc\x0d\x65\x1e\x40\xdf\xcf\x01\x7b\x45\x57\x58\x87",
+ 1 /* not-compliant because unallowed algo */
+ },
+ {
+ "passwor", 7,
+ GCRY_KDF_PBKDF2, GCRY_MD_SHA1,
+ "saltSALTsaltSALTsaltSALTsaltSALTsalt", 36,
+ 4096,
+ 25,
+ "\xf4\x93\xee\x2b\xbf\x44\x0b\x9e\x64\x53"
+ "\xc2\xb3\x87\xdc\x73\xf8\xfd\xe6\x97\xda"
+ "\xb8\x24\xa0\x26\x50",
+ 1 /* not-compliant because passphrase len is too small */
+ },
+ {
+ "passwordPASSWORDpassword", 24,
+ GCRY_KDF_PBKDF2, GCRY_MD_SHA1,
+ "saltSALTsaltSAL", 15,
+ 4096,
+ 25,
+ "\x14\x05\xa4\x2a\xf4\xa8\x12\x14\x7b\x65"
+ "\x8f\xaa\xf0\x7f\x25\xe5\x0f\x0b\x2b\xb7"
+ "\xcf\x8d\x29\x23\x4b",
+ 1 /* not-compliant because salt len is too small */
+ },
+ {
+ "passwordPASSWORDpassword", 24,
+ GCRY_KDF_PBKDF2, GCRY_MD_SHA1,
+ "saltSALTsaltSALTsaltSALTsaltSALTsalt", 36,
+ 999,
+ 25,
+ "\xac\xf8\xb4\x67\x41\xc7\xf3\xd1\xa0\xc0"
+ "\x08\xbe\x9b\x23\x96\x78\xbd\x93\xda\x4a"
+ "\x30\xd4\xfb\xf0\x33",
+ 1 /* not-compliant because too few iterations */
+ },
+ {
+ "passwordPASSWORDpassword", 24,
+ GCRY_KDF_PBKDF2, GCRY_MD_SHA1,
+ "saltSALTsaltSALTsaltSALTsaltSALTsalt", 36,
+ 4096,
+ 13,
+ "\x3d\x2e\xec\x4f\xe4\x1c\x84\x9b\x80\xc8"
+ "\xd8\x36\x62",
+ 1 /* not-compliant because key size too small */
+ },
+ };
+
+ int tvidx;
+ gpg_error_t err;
+ unsigned char outbuf[100];
+ int i;
+
+ for (tvidx=0; tvidx < DIM(tv); tvidx++)
+ {
+ if (verbose)
+ fprintf (stderr, "checking gcry_kdf_derive test vector %d algo %d for FIPS\n",
+ tvidx, tv[tvidx].algo);
+ assert (tv[tvidx].dklen <= sizeof outbuf);
+ err = gcry_kdf_derive (tv[tvidx].p, tv[tvidx].plen,
+ tv[tvidx].algo, tv[tvidx].subalgo,
+ tv[tvidx].salt, tv[tvidx].saltlen,
+ tv[tvidx].iterations, tv[tvidx].dklen, outbuf);
+
+ if (err)
+ {
+ fail ("gcry_kdf_derive test %d unexpectedly returned an error in FIPS mode: %s\n",
+ tvidx, gpg_strerror (err));
+ }
+ else
+ {
+ gpg_err_code_t ec;
+
+ ec = gcry_get_fips_service_indicator ();
+ if (ec == GPG_ERR_INV_OP)
+ {
+ /* libgcrypt is old, no support of the FIPS service indicator. */
+ fail ("gcry_kdf_derive test %d unexpectedly failed to check the FIPS service indicator.\n",
+ tvidx);
+ continue;
+ }
+
+ if (!tv[tvidx].expect_failure && ec)
+ {
+ /* Success with the FIPS service indicator == 0 expected, but != 0. */
+ fail ("gcry_kdf_derive test %d unexpectedly set the indicator in FIPS mode.\n",
+ tvidx);
+ continue;
+ }
+ else if (tv[tvidx].expect_failure && !ec)
+ {
+ /* Success with the FIPS service indicator != 0 expected, but == 0. */
+ fail ("gcry_kdf_derive test %d unexpectedly cleared the indicator in FIPS mode.\n",
+ tvidx);
+ continue;
+ }
+
+ if (memcmp (outbuf, tv[tvidx].dk, tv[tvidx].dklen))
+ {
+ fail ("gcry_kdf_derive test %d failed: mismatch\n", tvidx);
+ fputs ("got:", stderr);
+ for (i=0; i < tv[tvidx].dklen; i++)
+ fprintf (stderr, " %02x", outbuf[i]);
+ putc ('\n', stderr);
+ }
+ }
+ }
+}
+
+
int
main (int argc, char **argv)
{
@@ -2008,7 +2153,9 @@ main (int argc, char **argv)
check_onestep_kdf ();
check_hkdf ();
if (in_fips_mode)
- check_fips_indicators();
+ check_fips_indicators ();
+ if (in_fips_mode)
+ check_fips_gcry_kdf_derive ();
}
return error_count ? 1 : 0;
--
2.49.0
View Git Blame Copy Permalink