Accepting request 807319 from devel:libraries:c_c++

- FIPS: RSA/DSA/ECC test_keys() print out debug messages [bsc#1171872]
  * Print the debug messages in test_keys() only in debug mode.
- Update patches: libgcrypt-PCT-RSA.patch libgcrypt-PCT-DSA.patch
  libgcrypt-PCT-ECC.patch

OBS-URL: https://build.opensuse.org/request/show/807319
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=81
This commit is contained in:
Yuchen Lin 2020-05-23 15:19:49 +00:00 committed by Git OBS Bridge
commit f20d49ff1e
4 changed files with 103 additions and 37 deletions

View File

@ -2,7 +2,7 @@ Index: libgcrypt-1.8.2/cipher/dsa.c
=================================================================== ===================================================================
--- libgcrypt-1.8.2.orig/cipher/dsa.c --- libgcrypt-1.8.2.orig/cipher/dsa.c
+++ libgcrypt-1.8.2/cipher/dsa.c +++ libgcrypt-1.8.2/cipher/dsa.c
@@ -181,24 +181,91 @@ test_keys (DSA_secret_key *sk, unsigned @@ -181,24 +181,101 @@ test_keys (DSA_secret_key *sk, unsigned
/* Create a random plaintext. */ /* Create a random plaintext. */
_gcry_mpi_randomize (data, qbits, GCRY_WEAK_RANDOM); _gcry_mpi_randomize (data, qbits, GCRY_WEAK_RANDOM);
@ -23,7 +23,8 @@ Index: libgcrypt-1.8.2/cipher/dsa.c
+ +
+ if (_gcry_md_open (&hd, GCRY_MD_SHA256, 0)) + if (_gcry_md_open (&hd, GCRY_MD_SHA256, 0))
+ { + {
+ log_debug ("gcry_pk_sign failed\n"); + if (DBG_CIPHER)
+ log_debug ("gcry_pk_sign/open failed\n");
+ goto leave; + goto leave;
+ } + }
+ +
@ -31,6 +32,7 @@ Index: libgcrypt-1.8.2/cipher/dsa.c
+ _gcry_md_write (hd, buf, buflen); + _gcry_md_write (hd, buf, buflen);
+ +
+ xfree (buf); + xfree (buf);
+ buf = NULL;
+ +
+ /* build DSA private key sexp in s_skey */ + /* build DSA private key sexp in s_skey */
+ sexp_build (&s_skey, NULL, "(private-key (dsa(p %m)(q %m)(g %m)(y %m)(x %m)))", + sexp_build (&s_skey, NULL, "(private-key (dsa(p %m)(q %m)(g %m)(y %m)(x %m)))",
@ -38,20 +40,23 @@ Index: libgcrypt-1.8.2/cipher/dsa.c
+ sexp_build (&s_hash, NULL, "(data (flags pkcs1)(hash-algo sha256))"); + sexp_build (&s_hash, NULL, "(data (flags pkcs1)(hash-algo sha256))");
+ if (_gcry_pk_sign_md (&r_sig, hd, s_hash, s_skey)) + if (_gcry_pk_sign_md (&r_sig, hd, s_hash, s_skey))
+ { + {
+ log_debug ("gcry_pk_sign failed\n"); + if (DBG_CIPHER)
+ log_debug ("gcry_pk_sign failed\n");
+ goto leave; + goto leave;
+ } + }
+ +
+ /* Check that the signature and the original plaintext differ. */ + /* Check that the signature and the original plaintext differ. */
+ if (_gcry_sexp_extract_param (r_sig, NULL, "rs", &r_sig_mpi, &s_sig_mpi, NULL)) + if (_gcry_sexp_extract_param (r_sig, NULL, "rs", &r_sig_mpi, &s_sig_mpi, NULL))
+ { + {
+ log_debug ("extracting signature data failed\n"); + if (DBG_CIPHER)
+ log_debug ("extracting signature data failed\n");
+ goto leave; + goto leave;
+ } + }
+ +
+ if ( !verify (r_sig_mpi, s_sig_mpi, data, &pk)) + if ( !verify (r_sig_mpi, s_sig_mpi, data, &pk))
+ { + {
+ log_debug ("Signature failed\n"); + if (DBG_CIPHER)
+ log_debug ("Signature failed\n");
+ goto leave; /* Signature matches but should not. */ + goto leave; /* Signature matches but should not. */
+ } + }
+ +
@ -64,17 +69,22 @@ Index: libgcrypt-1.8.2/cipher/dsa.c
+ sexp_build (&s_hash, NULL, "(data (flags pkcs1)(hash-algo sha256))"); + sexp_build (&s_hash, NULL, "(data (flags pkcs1)(hash-algo sha256))");
+ +
+ if (_gcry_md_open (&hd, GCRY_MD_SHA256, 0)) + if (_gcry_md_open (&hd, GCRY_MD_SHA256, 0))
+ log_debug ("gcry_md_open failed\n"); + {
+ if (DBG_CIPHER)
+ log_debug ("gcry_md_open failed\n");
+ }
+ +
+ _gcry_mpi_aprint (GCRYMPI_FMT_STD, &buf, &buflen, data); + _gcry_mpi_aprint (GCRYMPI_FMT_STD, &buf, &buflen, data);
+ _gcry_md_write (hd, buf, buflen); + _gcry_md_write (hd, buf, buflen);
+ +
+ xfree (buf); + xfree (buf);
+ buf = NULL;
+ +
+ /* verify the signature */ + /* verify the signature */
+ if (_gcry_pk_verify_md (r_sig, hd, s_hash, s_pkey)) + if (_gcry_pk_verify_md (r_sig, hd, s_hash, s_pkey))
+ { + {
+ log_debug ("gcry_pk_verify failed\n"); + if (DBG_CIPHER)
+ log_debug ("gcry_pk_verify failed\n");
+ goto leave; /* Signature does not match. */ + goto leave; /* Signature does not match. */
+ } + }

View File

@ -70,7 +70,7 @@ Index: libgcrypt-1.8.2/cipher/ecc.c
ECC_public_key pk; ECC_public_key pk;
gcry_mpi_t test = mpi_new (nbits); gcry_mpi_t test = mpi_new (nbits);
mpi_point_struct R_; mpi_point_struct R_;
@@ -297,17 +310,161 @@ test_keys (ECC_secret_key *sk, unsigned @@ -297,17 +310,190 @@ test_keys (ECC_secret_key *sk, unsigned
_gcry_mpi_randomize (test, nbits, GCRY_WEAK_RANDOM); _gcry_mpi_randomize (test, nbits, GCRY_WEAK_RANDOM);
@ -91,13 +91,18 @@ Index: libgcrypt-1.8.2/cipher/ecc.c
+ int flags = 0; + int flags = 0;
+ +
+ if (_gcry_md_open (&hd, GCRY_MD_SHA256, 0)) + if (_gcry_md_open (&hd, GCRY_MD_SHA256, 0))
+ log_debug ("gcry_pk_sign failed: _gcry_md_open\n"); + {
+ if (DBG_CIPHER)
+ log_debug ("gcry_pk_sign failed: _gcry_md_open\n");
+ }
+ +
+ _gcry_mpi_aprint (GCRYMPI_FMT_STD, &buf, &buflen, test); + _gcry_mpi_aprint (GCRYMPI_FMT_STD, &buf, &buflen, test);
+ _gcry_md_write (hd, buf, buflen); + _gcry_md_write (hd, buf, buflen);
+ +
+ xfree (buf); + xfree (buf);
+ + buf = NULL;
- if (_gcry_ecc_ecdsa_verify (test, &pk, r, s))
+ sexp_build (&s_hash, NULL, "(data (flags rfc6979)(hash-algo sha256))"); + sexp_build (&s_hash, NULL, "(data (flags rfc6979)(hash-algo sha256))");
+ +
+ /* Assemble the point Q from affine coordinates by simple + /* Assemble the point Q from affine coordinates by simple
@ -109,7 +114,11 @@ Index: libgcrypt-1.8.2/cipher/ecc.c
+ ctx = _gcry_mpi_ec_p_internal_new (sk->E.model, sk->E.dialect, flags, + ctx = _gcry_mpi_ec_p_internal_new (sk->E.model, sk->E.dialect, flags,
+ sk->E.p, sk->E.a, sk->E.b); + sk->E.p, sk->E.a, sk->E.b);
+ if (_gcry_mpi_ec_get_affine (Qx, Qy, &(sk->Q), ctx)) + if (_gcry_mpi_ec_get_affine (Qx, Qy, &(sk->Q), ctx))
+ log_debug ("ecdh: Failed to get affine coordinates for Q\n"); {
- log_fatal ("ECDSA operation: sign, verify failed\n");
+ if (DBG_CIPHER)
+ log_debug ("ecdh: Failed to get affine coordinates for Q\n");
+ }
+ +
+ unsigned char *rawqx, *rawqy; + unsigned char *rawqx, *rawqy;
+ unsigned int rawqxlen, rawqylen; + unsigned int rawqxlen, rawqylen;
@ -118,7 +127,6 @@ Index: libgcrypt-1.8.2/cipher/ecc.c
+ +
+ if (rawqxlen != rawqylen) + if (rawqxlen != rawqylen)
+ { + {
+ // log_debug ("qx and qy size differ: %d != %d\n", rawqxlen, rawqylen);
+ if (rawqxlen < rawqylen) + if (rawqxlen < rawqylen)
+ { + {
+ size_t diff = rawqylen - rawqxlen; + size_t diff = rawqylen - rawqxlen;
@ -153,16 +161,17 @@ Index: libgcrypt-1.8.2/cipher/ecc.c
+ _gcry_mpi_release (Qy); + _gcry_mpi_release (Qy);
+ xfree (rawqx); + xfree (rawqx);
+ xfree (rawqy); + xfree (rawqy);
+
- if (_gcry_ecc_ecdsa_verify (test, &pk, r, s))
+ /* build ECC private key sexp in s_skey */ + /* build ECC private key sexp in s_skey */
+ if (sk->E.name) + if (sk->E.name)
{ + {
- log_fatal ("ECDSA operation: sign, verify failed\n");
+ if (sexp_build (&s_skey, NULL, + if (sexp_build (&s_skey, NULL,
+ "(private-key (ecc (curve %s)(d %m)(q %b)))", + "(private-key (ecc (curve %s)(d %m)(q %b)))",
+ sk->E.name, sk->d, qlen, q)) + sk->E.name, sk->d, qlen, q))
+ log_debug ("ecc: Failed to build sexp for private key.\n"); + {
+ if (DBG_CIPHER)
+ log_debug ("ecc: Failed to build sexp for private key.\n");
+ }
+ } + }
+ else + else
+ { + {
@ -171,25 +180,31 @@ Index: libgcrypt-1.8.2/cipher/ecc.c
+ " (ecc (curve %s)(d %m)(p %m)(a %m)(b %m)(n %m)(h %m)(q %b)))", + " (ecc (curve %s)(d %m)(p %m)(a %m)(b %m)(n %m)(h %m)(q %b)))",
+ "NIST P-512", sk->d, sk->E.p, sk->E.a, sk->E.b, sk->E.n, sk->E.h, + "NIST P-512", sk->d, sk->E.p, sk->E.a, sk->E.b, sk->E.n, sk->E.h,
+ qlen, q)) + qlen, q))
+ log_debug ("ecc: Failed to build sexp for private key.\n"); + {
+ if (DBG_CIPHER)
+ log_debug ("ecc: Failed to build sexp for private key.\n");
+ }
+ } + }
+ +
+ if (_gcry_pk_sign_md (&r_sig, hd, s_hash, s_skey)) + if (_gcry_pk_sign_md (&r_sig, hd, s_hash, s_skey))
+ { + {
+ log_debug ("ecc: gcry_pk_sign failed\n"); + if (DBG_CIPHER)
+ log_debug ("ecc: gcry_pk_sign failed\n");
+ goto leave; + goto leave;
+ } + }
+ +
+ /* Check that the signature and the original test differ. */ + /* Check that the signature and the original test differ. */
+ if (_gcry_sexp_extract_param (r_sig, NULL, "s", &s_sig_mpi, NULL)) + if (_gcry_sexp_extract_param (r_sig, NULL, "s", &s_sig_mpi, NULL))
+ { + {
+ log_debug ("extracting signature data failed\n"); + if (DBG_CIPHER)
+ log_debug ("extracting signature data failed\n");
+ goto leave; + goto leave;
+ } + }
+ +
+ if (!mpi_cmp (s_sig_mpi, test)) + if (!mpi_cmp (s_sig_mpi, test))
+ { + {
+ log_debug ("Signature failed\n"); + if (DBG_CIPHER)
+ log_debug ("Signature failed\n");
+ goto leave; /* Signature and test match but should not. */ + goto leave; /* Signature and test match but should not. */
+ } + }
+ +
@ -199,7 +214,10 @@ Index: libgcrypt-1.8.2/cipher/ecc.c
+ { + {
+ if (sexp_build (&s_pkey, NULL, + if (sexp_build (&s_pkey, NULL,
+ "(public-key (ecc (curve %s)(q %b)))", pk.E.name, qlen, q)) + "(public-key (ecc (curve %s)(q %b)))", pk.E.name, qlen, q))
+ log_debug ("ecc: Failed to build sexp for public key.\n"); + {
+ if (DBG_CIPHER)
+ log_debug ("ecc: Failed to build sexp for public key.\n");
+ }
+ } + }
+ else + else
+ { + {
@ -207,36 +225,48 @@ Index: libgcrypt-1.8.2/cipher/ecc.c
+ "(public-key" + "(public-key"
+ " (ecc (curve %s)(p %m)(a %m)(b %m)(n %m)(h %m)(q %b)))", + " (ecc (curve %s)(p %m)(a %m)(b %m)(n %m)(h %m)(q %b)))",
+ "NIST P-512", pk.E.p, pk.E.a, pk.E.b, pk.E.n, pk.E.h, qlen, q)) + "NIST P-512", pk.E.p, pk.E.a, pk.E.b, pk.E.n, pk.E.h, qlen, q))
+ log_debug ("ecc: Failed to build sexp for private key.\n"); + {
+ if (DBG_CIPHER)
+ log_debug ("ecc: Failed to build sexp for private key.\n");
+ }
+ } + }
+ +
+ _gcry_md_close (hd); + _gcry_md_close (hd);
+ +
+ if (_gcry_md_open (&hd, GCRY_MD_SHA256, 0)) + if (_gcry_md_open (&hd, GCRY_MD_SHA256, 0))
+ log_debug ("gcry_pk_verify failed: _gcry_md_open\n"); + {
+ if (DBG_CIPHER)
+ log_debug ("gcry_pk_verify failed: _gcry_md_open\n");
+ }
+ +
+ _gcry_mpi_aprint (GCRYMPI_FMT_STD, &buf, &buflen, test); + _gcry_mpi_aprint (GCRYMPI_FMT_STD, &buf, &buflen, test);
+ _gcry_md_write (hd, buf, buflen); + _gcry_md_write (hd, buf, buflen);
+ +
+ xfree (buf); + xfree (buf);
+ buf = NULL;
+ +
+ /* verify the signature */ + /* verify the signature */
+ if (_gcry_pk_verify_md (r_sig, hd, s_hash, s_pkey)) + if (_gcry_pk_verify_md (r_sig, hd, s_hash, s_pkey))
+ { + {
+ log_debug ("ecc: gcry_pk_verify failed\n"); + if (DBG_CIPHER)
+ log_debug ("ecc: gcry_pk_verify failed\n");
+ goto leave; /* Signature does not match. */ + goto leave; /* Signature does not match. */
} }
if (DBG_CIPHER) if (DBG_CIPHER)
log_debug ("ECDSA operation: sign, verify ok.\n"); - log_debug ("ECDSA operation: sign, verify ok.\n");
+ {
+ result = 0; /* The test succeeded. */ + if (DBG_CIPHER)
+ log_debug ("ECDSA operation: sign, verify ok.\n");
+ }
+ +
+ result = 0; /* The test succeeded. */
+ leave: + leave:
point_free (&pk.Q); point_free (&pk.Q);
_gcry_ecc_curve_free (&pk.E); _gcry_ecc_curve_free (&pk.E);
@@ -317,6 +474,16 @@ test_keys (ECC_secret_key *sk, unsigned @@ -317,6 +503,16 @@ test_keys (ECC_secret_key *sk, unsigned
mpi_free (out); mpi_free (out);
mpi_free (c); mpi_free (c);
mpi_free (test); mpi_free (test);

View File

@ -2,7 +2,7 @@ Index: libgcrypt-1.8.2/cipher/rsa.c
=================================================================== ===================================================================
--- libgcrypt-1.8.2.orig/cipher/rsa.c --- libgcrypt-1.8.2.orig/cipher/rsa.c
+++ libgcrypt-1.8.2/cipher/rsa.c +++ libgcrypt-1.8.2/cipher/rsa.c
@@ -159,27 +159,93 @@ test_keys (RSA_secret_key *sk, unsigned @@ -159,27 +159,103 @@ test_keys (RSA_secret_key *sk, unsigned
/* Create another random plaintext as data for signature checking. */ /* Create another random plaintext as data for signature checking. */
_gcry_mpi_randomize (plaintext, nbits, GCRY_WEAK_RANDOM); _gcry_mpi_randomize (plaintext, nbits, GCRY_WEAK_RANDOM);
@ -32,7 +32,8 @@ Index: libgcrypt-1.8.2/cipher/rsa.c
- goto leave; /* Signature matches but should not. */ - goto leave; /* Signature matches but should not. */
+ if (_gcry_md_open (&hd, GCRY_MD_SHA256, 0)) + if (_gcry_md_open (&hd, GCRY_MD_SHA256, 0))
+ { + {
+ log_debug ("gcry_pk_sign failed\n"); + if (DBG_CIPHER)
+ log_debug ("gcry_pk_sign/open failed\n");
+ goto leave_hash; + goto leave_hash;
+ } + }
+ +
@ -40,6 +41,7 @@ Index: libgcrypt-1.8.2/cipher/rsa.c
+ _gcry_md_write (hd, buf, buflen); + _gcry_md_write (hd, buf, buflen);
+ +
+ xfree (buf); + xfree (buf);
+ buf = NULL;
+ +
+ /* build RSA private key sexp in s_skey */ + /* build RSA private key sexp in s_skey */
+ sexp_build (&s_skey, NULL, + sexp_build (&s_skey, NULL,
@ -50,20 +52,23 @@ Index: libgcrypt-1.8.2/cipher/rsa.c
+ +
+ if (_gcry_pk_sign_md (&r_sig, hd, s_hash, s_skey)) + if (_gcry_pk_sign_md (&r_sig, hd, s_hash, s_skey))
+ { + {
+ log_debug ("gcry_pk_sign failed\n"); + if (DBG_CIPHER)
+ log_debug ("gcry_pk_sign failed\n");
+ goto leave_hash; + goto leave_hash;
+ } + }
+ +
+ /* Check that the signature and the original plaintext differ. */ + /* Check that the signature and the original plaintext differ. */
+ if (_gcry_sexp_extract_param (r_sig, "sig-val!rsa", "s", &r_sig_mpi, NULL)) + if (_gcry_sexp_extract_param (r_sig, "sig-val!rsa", "s", &r_sig_mpi, NULL))
+ { + {
+ log_debug ("extracting signature data failed\n"); + if (DBG_CIPHER)
+ log_debug ("extracting signature data failed\n");
+ goto leave_hash; + goto leave_hash;
+ } + }
+ +
+ if (!mpi_cmp (r_sig_mpi, plaintext)) + if (!mpi_cmp (r_sig_mpi, plaintext))
+ { + {
+ log_debug ("Signature failed\n"); + if (DBG_CIPHER)
+ log_debug ("Signature failed\n");
+ goto leave_hash; /* Signature and plaintext match but should not. */ + goto leave_hash; /* Signature and plaintext match but should not. */
+ } + }
+ +
@ -75,17 +80,22 @@ Index: libgcrypt-1.8.2/cipher/rsa.c
+ sexp_build (&s_hash, NULL, "(data (flags pkcs1)(hash-algo sha256))"); + sexp_build (&s_hash, NULL, "(data (flags pkcs1)(hash-algo sha256))");
+ +
+ if (_gcry_md_open (&hd, GCRY_MD_SHA256, 0)) + if (_gcry_md_open (&hd, GCRY_MD_SHA256, 0))
+ log_debug ("gcry_md_open failed\n"); + {
+ if (DBG_CIPHER)
+ log_debug ("gcry_md_open failed\n");
+ }
+ +
+ _gcry_mpi_aprint (GCRYMPI_FMT_STD, &buf, &buflen, plaintext); + _gcry_mpi_aprint (GCRYMPI_FMT_STD, &buf, &buflen, plaintext);
+ _gcry_md_write (hd, buf, buflen); + _gcry_md_write (hd, buf, buflen);
+ +
+ xfree (buf); + xfree (buf);
+ buf = NULL;
+ +
+ /* verify the signature */ + /* verify the signature */
+ if (_gcry_pk_verify_md (r_sig, hd, s_hash, s_pkey)) + if (_gcry_pk_verify_md (r_sig, hd, s_hash, s_pkey))
+ { + {
+ log_debug ("gcry_pk_verify failed\n"); + if (DBG_CIPHER)
+ log_debug ("gcry_pk_verify failed\n");
+ goto leave_hash; /* Signature does not match. */ + goto leave_hash; /* Signature does not match. */
+ } + }
@ -108,7 +118,7 @@ Index: libgcrypt-1.8.2/cipher/rsa.c
return result; return result;
} }
@@ -1903,7 +1969,7 @@ selftest_encr_2048 (gcry_sexp_t pkey, gc @@ -1903,7 +1979,7 @@ selftest_encr_2048 (gcry_sexp_t pkey, gc
/* This sexp trickery is to prevent the use of blinding. /* This sexp trickery is to prevent the use of blinding.
* The flag doesn't get inherited by encr, so we have to * The flag doesn't get inherited by encr, so we have to
* derive a new sexp from the ciphertext */ * derive a new sexp from the ciphertext */
@ -117,3 +127,11 @@ Index: libgcrypt-1.8.2/cipher/rsa.c
memset(buf, 0, sizeof(buf)); memset(buf, 0, sizeof(buf));
err = _gcry_mpi_print (GCRYMPI_FMT_STD, buf, sizeof buf, NULL, ciphertext); err = _gcry_mpi_print (GCRYMPI_FMT_STD, buf, sizeof buf, NULL, ciphertext);
if (err) if (err)
@@ -2012,6 +2088,7 @@ selftests_rsa (selftest_report_func_t re
sexp_release (skey);
if (report)
report ("pubkey", GCRY_PK_RSA, what, errtxt);
+
return GPG_ERR_SELFTEST_FAILED;
}

View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Tue May 19 11:25:37 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- FIPS: RSA/DSA/ECC test_keys() print out debug messages [bsc#1171872]
* Print the debug messages in test_keys() only in debug mode.
- Update patches: libgcrypt-PCT-RSA.patch libgcrypt-PCT-DSA.patch
libgcrypt-PCT-ECC.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Apr 27 08:55:12 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> Mon Apr 27 08:55:12 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>