183 lines
10 KiB
Diff
183 lines
10 KiB
Diff
|
Index: libgcrypt-1.6.1/cipher/dsa.c
|
|||
|
===================================================================
|
|||
|
--- libgcrypt-1.6.1.orig/cipher/dsa.c 2014-01-24 10:45:35.000000000 +0100
|
|||
|
+++ libgcrypt-1.6.1/cipher/dsa.c 2014-09-17 14:16:40.827152998 +0200
|
|||
|
@@ -67,7 +67,7 @@ static const char *dsa_names[] =
|
|||
|
|
|||
|
|
|||
|
/* A sample 1024 bit DSA key used for the selftests. */
|
|||
|
-static const char sample_secret_key[] =
|
|||
|
+static const char sample_secret_key_1024[] =
|
|||
|
"(private-key"
|
|||
|
" (dsa"
|
|||
|
" (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB"
|
|||
|
@@ -85,7 +85,7 @@ static const char sample_secret_key[] =
|
|||
|
" 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)"
|
|||
|
" (x #11D54E4ADBD3034160F2CED4B7CD292A4EBF3EC0#)))";
|
|||
|
/* A sample 1024 bit DSA key used for the selftests (public only). */
|
|||
|
-static const char sample_public_key[] =
|
|||
|
+static const char sample_public_key_1024[] =
|
|||
|
"(public-key"
|
|||
|
" (dsa"
|
|||
|
" (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB"
|
|||
|
@@ -102,6 +102,23 @@ static const char sample_public_key[] =
|
|||
|
" 6E45831AB811EEE848EBB24D9F5F2883B6E5DDC4C659DEF944DCFD80BF4D0A20"
|
|||
|
" 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)))";
|
|||
|
|
|||
|
+/* 2048 DSA key from RFC 6979 A.2.2 */
|
|||
|
+static const char sample_public_key_2048[] =
|
|||
|
+"(public-key"
|
|||
|
+" (dsa"
|
|||
|
+" (p #a85378d8fd3f8d72ec7418080da21317e43ec4b62ba8c8623b7e4d04441dd1a0658662596493ca8e9e8fbb7e34aaddb62e5d67b6d09a6e61b769e7c352aa2b10e20ca0636963b5523e86470decbbeda027e797e7b67635d4d49c30700e74af8a0ff156a801af57a26e7078f1d82f74908ecb6d07e70b3503eed94fa32cf17a7fc3d6cf40dc7b00830e6a2566dc073e343312517c6aa5152b4bfecd2e551fee346318a153423c996b0d5dcb9102aedd38798616f1f1e0d6c403525b1f9b3d4dc766de2dfc4a56d7b8ba5963d60f3e16318870ad436952e55765374eab85e8ec17d6b9a4547b9b5f2752f3105be809b23a2c8d7469db02e24d592394a7dba069e9#)"
|
|||
|
+" (q #d277044e50f5a4e3f510a50a0b84fdffbca047ed276020567441a0a5#)"
|
|||
|
+" (g #13d754e21fd241655da891c522a65a72a89bdc64ec9b54a821ed4a898b490e0c4fcb72192a4a20f541f3f2925399f0baecf929aafbf79dfe4332393b32cd2e2fcf272f32a627434a0df242b75b414df372121e53a553f222f836b000f016485b6bd0898451801dcd8de64cd5365696ffc532d528c506620a942a0305046d8f1876341f1e570bc3974ba6b9a438e9702302a2e6e67bfd06d32bc679962271d7b40cd72f386e64e0d7ef86ca8ca5d14228dc2a4f16e3189886b5990674f4200f3a4cf65a3f0ddba1fa672dff2f5e143d10e4e97ae84f6da09535d5b9df259181a79b63b069e949972b02ba36b3586aab7e45f322f82e4e85ca3ab85591b3c2a966#)"
|
|||
|
+" (y #2452f3ccbe9ed5ca7dc74c602b99226e8f2fab38e7d7ddfb75539b17155e9fcfd1aba564eb8535d812c9c2dcf97284441bc482243624c7f457580c1c38a57c46c457392470edb52cb5a6e03fe6287bb6f49a42a2065a054f030839df1fd3149c4ca0531dd8ca8aaa9cc7337193387348336118224545e88c80ffd8765d74360333ccab9972779b6525a65bdd0d10c675c109bbd3e5be4d72ef6eba6e438d5226237db888379c5fcc47a3847ff63711baed6d03afe81e694a413b680bd38ab4903f8370a707ef551d4941026d9579d691de8edaa16105eb9dba3c2f4c1bec508275aa0207e251b5eccb286a4b01d449d30acb673717a0d2fb3b50c893f7dab14f#)))";
|
|||
|
+
|
|||
|
+static const char sample_secret_key_2048[] =
|
|||
|
+"(private-key"
|
|||
|
+" (dsa"
|
|||
|
+" (p #a85378d8fd3f8d72ec7418080da21317e43ec4b62ba8c8623b7e4d04441dd1a0658662596493ca8e9e8fbb7e34aaddb62e5d67b6d09a6e61b769e7c352aa2b10e20ca0636963b5523e86470decbbeda027e797e7b67635d4d49c30700e74af8a0ff156a801af57a26e7078f1d82f74908ecb6d07e70b3503eed94fa32cf17a7fc3d6cf40dc7b00830e6a2566dc073e343312517c6aa5152b4bfecd2e551fee346318a153423c996b0d5dcb9102aedd38798616f1f1e0d6c403525b1f9b3d4dc766de2dfc4a56d7b8ba5963d60f3e16318870ad436952e55765374eab85e8ec17d6b9a4547b9b5f2752f3105be809b23a2c8d7469db02e24d592394a7dba069e9#)"
|
|||
|
+" (q #d277044e50f5a4e3f510a50a0b84fdffbca047ed276020567441a0a5#)"
|
|||
|
+" (g #13d754e21fd241655da891c522a65a72a89bdc64ec9b54a821ed4a898b490e0c4fcb72192a4a20f541f3f2925399f0baecf929aafbf79dfe4332393b32cd2e2fcf272f32a627434a0df242b75b414df372121e53a553f222f836b000f016485b6bd0898451801dcd8de64cd5365696ffc532d528c506620a942a0305046d8f1876341f1e570bc3974ba6b9a438e9702302a2e6e67bfd06d32bc679962271d7b40cd72f386e64e0d7ef86ca8ca5d14228dc2a4f16e3189886b5990674f4200f3a4cf65a3f0ddba1fa672dff2f5e143d10e4e97ae84f6da09535d5b9df259181a79b63b069e949972b02ba36b3586aab7e45f322f82e4e85ca3ab85591b3c2a966#)"
|
|||
|
+" (y #2452f3ccbe9ed5ca7dc74c602b99226e8f2fab38e7d7ddfb75539b17155e9fcfd1aba564eb8535d812c9c2dcf97284441bc482243624c7f457580c1c38a57c46c457392470edb52cb5a6e03fe6287bb6f49a42a2065a054f030839df1fd3149c4ca0531dd8ca8aaa9cc7337193387348336118224545e88c80ffd8765d74360333ccab9972779b6525a65bdd0d10c675c109bbd3e5be4d72ef6eba6e438d5226237db888379c5fcc47a3847ff63711baed6d03afe81e694a413b680bd38ab4903f8370a707ef551d4941026d9579d691de8edaa16105eb9dba3c2f4c1bec508275aa0207e251b5eccb286a4b01d449d30acb673717a0d2fb3b50c893f7dab14f#)"
|
|||
|
+" (x #0c4b3089d1b862cb3c436491f0915470c52796e3acbee800ec55f6cc#)))";
|
|||
|
|
|||
|
|
|||
|
|
|||
|
@@ -369,6 +386,8 @@ generate_fips186 (DSA_secret_key *sk, un
|
|||
|
gcry_mpi_t value_x = NULL; /* The secret exponent. */
|
|||
|
gcry_mpi_t value_h = NULL; /* Helper. */
|
|||
|
gcry_mpi_t value_e = NULL; /* Helper. */
|
|||
|
+ gcry_mpi_t value_c = NULL; /* helper for x */
|
|||
|
+ gcry_mpi_t value_qm2 = NULL; /* q - 2 */
|
|||
|
|
|||
|
/* Preset return values. */
|
|||
|
*r_counter = 0;
|
|||
|
@@ -389,9 +408,7 @@ generate_fips186 (DSA_secret_key *sk, un
|
|||
|
|
|||
|
/* Check that QBITS and NBITS match the standard. Note that FIPS
|
|||
|
186-3 uses N for QBITS and L for NBITS. */
|
|||
|
- if (nbits == 1024 && qbits == 160)
|
|||
|
- ;
|
|||
|
- else if (nbits == 2048 && qbits == 224)
|
|||
|
+ if (nbits == 2048 && qbits == 224)
|
|||
|
;
|
|||
|
else if (nbits == 2048 && qbits == 256)
|
|||
|
;
|
|||
|
@@ -426,19 +443,18 @@ generate_fips186 (DSA_secret_key *sk, un
|
|||
|
|
|||
|
/* Fixme: Enable 186-3 after it has been approved and after fixing
|
|||
|
the generation function. */
|
|||
|
- /* if (use_fips186_2) */
|
|||
|
- (void)use_fips186_2;
|
|||
|
- ec = _gcry_generate_fips186_2_prime (nbits, qbits,
|
|||
|
+ if (use_fips186_2)
|
|||
|
+ ec = _gcry_generate_fips186_2_prime (nbits, qbits,
|
|||
|
initial_seed.seed,
|
|||
|
initial_seed.seedlen,
|
|||
|
&prime_q, &prime_p,
|
|||
|
r_counter,
|
|||
|
r_seed, r_seedlen);
|
|||
|
- /* else */
|
|||
|
- /* ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0, */
|
|||
|
- /* &prime_q, &prime_p, */
|
|||
|
- /* r_counter, */
|
|||
|
- /* r_seed, r_seedlen, NULL); */
|
|||
|
+ else
|
|||
|
+ ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0,
|
|||
|
+ &prime_q, &prime_p,
|
|||
|
+ r_counter,
|
|||
|
+ r_seed, r_seedlen, NULL);
|
|||
|
sexp_release (initial_seed.sexp);
|
|||
|
if (ec)
|
|||
|
goto leave;
|
|||
|
@@ -459,17 +475,23 @@ generate_fips186 (DSA_secret_key *sk, un
|
|||
|
while (!mpi_cmp_ui (value_g, 1)); /* Continue until g != 1. */
|
|||
|
}
|
|||
|
|
|||
|
-
|
|||
|
- /* Select a random number x with: 0 < x < q */
|
|||
|
+ value_c = mpi_snew (qbits);
|
|||
|
value_x = mpi_snew (qbits);
|
|||
|
+ value_qm2 = mpi_snew (qbits);
|
|||
|
+ mpi_sub_ui (value_qm2, prime_q, 2);
|
|||
|
+
|
|||
|
+ /* FIPS 186-4 B.1.2 steps 4-6 */
|
|||
|
do
|
|||
|
{
|
|||
|
if( DBG_CIPHER )
|
|||
|
progress('.');
|
|||
|
- _gcry_mpi_randomize (value_x, qbits, GCRY_VERY_STRONG_RANDOM);
|
|||
|
- mpi_clear_highbit (value_x, qbits+1);
|
|||
|
+ _gcry_mpi_randomize (value_c, qbits, GCRY_VERY_STRONG_RANDOM);
|
|||
|
+ mpi_clear_highbit (value_c, qbits+1);
|
|||
|
}
|
|||
|
- while (!(mpi_cmp_ui (value_x, 0) > 0 && mpi_cmp (value_x, prime_q) < 0));
|
|||
|
+ while (mpi_cmp (value_c, value_qm2) > 0);
|
|||
|
+
|
|||
|
+ /* x = c + 1 */
|
|||
|
+ mpi_add_ui(value_x, value_c, 1);
|
|||
|
|
|||
|
/* y = g^x mod p */
|
|||
|
value_y = mpi_alloc_like (prime_p);
|
|||
|
@@ -502,6 +524,8 @@ generate_fips186 (DSA_secret_key *sk, un
|
|||
|
_gcry_mpi_release (value_x);
|
|||
|
_gcry_mpi_release (value_h);
|
|||
|
_gcry_mpi_release (value_e);
|
|||
|
+ _gcry_mpi_release (value_c);
|
|||
|
+ _gcry_mpi_release (value_qm2);
|
|||
|
|
|||
|
/* As a last step test this keys (this should never fail of course). */
|
|||
|
if (!ec && test_keys (sk, qbits) )
|
|||
|
@@ -1218,10 +1242,10 @@ selftests_dsa (selftest_report_func_t re
|
|||
|
|
|||
|
/* Convert the S-expressions into the internal representation. */
|
|||
|
what = "convert";
|
|||
|
- err = sexp_sscan (&skey, NULL, sample_secret_key, strlen (sample_secret_key));
|
|||
|
+ err = sexp_sscan (&skey, NULL, sample_secret_key_2048, strlen (sample_secret_key_2048));
|
|||
|
if (!err)
|
|||
|
err = sexp_sscan (&pkey, NULL,
|
|||
|
- sample_public_key, strlen (sample_public_key));
|
|||
|
+ sample_public_key_2048, strlen (sample_public_key_2048));
|
|||
|
if (err)
|
|||
|
{
|
|||
|
errtxt = _gcry_strerror (err);
|
|||
|
Index: libgcrypt-1.6.1/cipher/primegen.c
|
|||
|
===================================================================
|
|||
|
--- libgcrypt-1.6.1.orig/cipher/primegen.c 2014-01-29 10:48:38.000000000 +0100
|
|||
|
+++ libgcrypt-1.6.1/cipher/primegen.c 2014-09-16 16:42:53.713019269 +0200
|
|||
|
@@ -1668,9 +1668,7 @@ _gcry_generate_fips186_3_prime (unsigned
|
|||
|
|
|||
|
/* Step 1: Check the requested prime lengths. */
|
|||
|
/* Note that due to the size of our buffers QBITS is limited to 256. */
|
|||
|
- if (pbits == 1024 && qbits == 160)
|
|||
|
- hashalgo = GCRY_MD_SHA1;
|
|||
|
- else if (pbits == 2048 && qbits == 224)
|
|||
|
+ if (pbits == 2048 && qbits == 224)
|
|||
|
hashalgo = GCRY_MD_SHA224;
|
|||
|
else if (pbits == 2048 && qbits == 256)
|
|||
|
hashalgo = GCRY_MD_SHA256;
|
|||
|
Index: libgcrypt-1.6.1/Makefile.am
|
|||
|
===================================================================
|
|||
|
--- libgcrypt-1.6.1.orig/Makefile.am 2014-09-16 16:42:53.707019195 +0200
|
|||
|
+++ libgcrypt-1.6.1/Makefile.am 2014-09-16 16:42:53.713019269 +0200
|
|||
|
@@ -36,7 +36,7 @@ EXTRA_DIST = autogen.sh autogen.rc READM
|
|||
|
|
|||
|
DISTCLEANFILES =
|
|||
|
|
|||
|
-bin_PROGRAMS = fipsdrv drbg_test
|
|||
|
+bin_PROGRAMS = fipsdrv fips186_dsa drbg_test
|
|||
|
|
|||
|
fipsdrv_SOURCES = tests/fipsdrv.c
|
|||
|
fipsdrv_LDADD = src/libgcrypt.la $(DL_LIBS) $(GPG_ERROR_LIBS)
|
|||
|
@@ -45,6 +45,9 @@ drbg_test_CPPFLAGS = -I../src -I$(top_sr
|
|||
|
drbg_test_SOURCES = src/gcrypt.h tests/drbg_test.c
|
|||
|
drbg_test_LDADD = src/libgcrypt.la $(DL_LIBS) $(GPG_ERROR_LIBS)
|
|||
|
|
|||
|
+fips186_dsa_SOURCES = tests/fips186-dsa.c
|
|||
|
+fips186_dsa_LDADD = src/libgcrypt.la $(DL_LIBS) $(GPG_ERROR_LIBS)
|
|||
|
+
|
|||
|
# Add all the files listed in "distfiles" files to the distribution,
|
|||
|
# apply version number s to some files and create a VERSION file which
|
|||
|
# we need for the Prereq: patch file trick.
|