forked from pool/libgcrypt
Accepting request 950434 from devel:libraries:c_c++
OBS-URL: https://build.opensuse.org/request/show/950434 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libgcrypt?expand=0&rev=90
This commit is contained in:
commit
4021e5fdc1
203
libgcrypt-FIPS-HMAC-short-keylen.patch
Normal file
203
libgcrypt-FIPS-HMAC-short-keylen.patch
Normal file
@ -0,0 +1,203 @@
|
||||
From 76aad97dd312e83f2f9b8d086553f2b72ab6546f Mon Sep 17 00:00:00 2001
|
||||
From: NIIBE Yutaka <gniibe@fsij.org>
|
||||
Date: Wed, 19 Jan 2022 11:41:40 +0900
|
||||
Subject: [PATCH 2/2] fips: Reject shorter key for HMAC in FIPS mode.
|
||||
|
||||
* cipher/md.c (prepare_macpads): Reject < 112-bit key.
|
||||
* cipher/kdf.c (selftest_pbkdf2): Remove selftest cases with shorter
|
||||
key.
|
||||
* cipher/mac-hmac.c (selftests_sha224, selftests_sha256): Likewise.
|
||||
(selftests_sha384, selftests_sha512, selftests_sha3): Likewise.
|
||||
* tests/basic.c (check_one_hmac) Handle an error when shorter key
|
||||
is rejected.
|
||||
(check_one_mac): Likewise.
|
||||
* tests/t-kdf.c (check_pbkdf2, check_scrypt): Likewise.
|
||||
|
||||
--
|
||||
|
||||
GnuPG-bug-id: 5512
|
||||
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
||||
---
|
||||
cipher/kdf.c | 76 ++---------------------------------------------
|
||||
cipher/mac-hmac.c | 67 -----------------------------------------
|
||||
cipher/md.c | 3 ++
|
||||
tests/basic.c | 29 +++++++++++++++---
|
||||
tests/t-kdf.c | 38 ++++++++++++++++++++----
|
||||
5 files changed, 62 insertions(+), 151 deletions(-)
|
||||
|
||||
Index: libgcrypt-1.9.4/cipher/kdf.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.9.4.orig/cipher/kdf.c
|
||||
+++ libgcrypt-1.9.4/cipher/kdf.c
|
||||
@@ -324,6 +324,10 @@ check_one (int algo, int hash_algo,
|
||||
unsigned char key[512]; /* hardcoded to avoid allocation */
|
||||
size_t keysize = expectlen;
|
||||
|
||||
+ /* Skip test with shoter passphrase in FIPS mode. */
|
||||
+ if (fips_mode () && passphraselen < 14)
|
||||
+ return NULL;
|
||||
+
|
||||
if (keysize > sizeof(key))
|
||||
return "invalid tests data";
|
||||
|
||||
Index: libgcrypt-1.9.4/cipher/mac-hmac.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.9.4.orig/cipher/mac-hmac.c
|
||||
+++ libgcrypt-1.9.4/cipher/mac-hmac.c
|
||||
@@ -241,6 +241,11 @@ check_one (int algo,
|
||||
const unsigned char *digest;
|
||||
|
||||
/* printf ("HMAC algo %d\n", algo); */
|
||||
+
|
||||
+ /* Skip test with shoter key in FIPS mode. */
|
||||
+ if (fips_mode () && keylen < 14)
|
||||
+ return NULL;
|
||||
+
|
||||
if (trunc)
|
||||
{
|
||||
if (_gcry_md_get_algo_dlen (algo) < expectlen)
|
||||
Index: libgcrypt-1.9.4/cipher/md.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.9.4.orig/cipher/md.c
|
||||
+++ libgcrypt-1.9.4/cipher/md.c
|
||||
@@ -903,6 +903,9 @@ prepare_macpads (gcry_md_hd_t a, const u
|
||||
{
|
||||
GcryDigestEntry *r;
|
||||
|
||||
+ if (fips_mode () && keylen < 14)
|
||||
+ return GPG_ERR_INV_VALUE;
|
||||
+
|
||||
if (!a->ctx->list)
|
||||
return GPG_ERR_DIGEST_ALGO; /* Might happen if no algo is enabled. */
|
||||
|
||||
Index: libgcrypt-1.9.4/tests/basic.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.9.4.orig/tests/basic.c
|
||||
+++ libgcrypt-1.9.4/tests/basic.c
|
||||
@@ -12016,7 +12016,19 @@ check_one_hmac (int algo, const char *da
|
||||
return;
|
||||
}
|
||||
|
||||
- gcry_md_setkey( hd, key, keylen );
|
||||
+ err = gcry_md_setkey( hd, key, keylen );
|
||||
+ if (err)
|
||||
+ {
|
||||
+ if (in_fips_mode)
|
||||
+ {
|
||||
+ if (verbose)
|
||||
+ fprintf (stderr,
|
||||
+ " shorter key (%d) rejected correctly in fips mode\n",
|
||||
+ keylen);
|
||||
+ }
|
||||
+ gcry_md_close (hd);
|
||||
+ return;
|
||||
+ }
|
||||
|
||||
gcry_md_write (hd, data, datalen);
|
||||
|
||||
@@ -12420,9 +12432,18 @@ check_one_mac (int algo, const char *dat
|
||||
clutter_vector_registers();
|
||||
err = gcry_mac_setkey (hd, key, keylen);
|
||||
if (err)
|
||||
- fail("algo %d, mac gcry_mac_setkey failed: %s\n", algo, gpg_strerror (err));
|
||||
- if (err)
|
||||
- goto out;
|
||||
+ {
|
||||
+ if (in_fips_mode)
|
||||
+ {
|
||||
+ if (verbose)
|
||||
+ fprintf (stderr,
|
||||
+ " shorter key (%d) rejected correctly in fips mode\n",
|
||||
+ keylen);
|
||||
+ }
|
||||
+ else
|
||||
+ fail("algo %d, mac gcry_mac_setkey failed: %s\n", algo, gpg_strerror (err));
|
||||
+ goto out;
|
||||
+ }
|
||||
|
||||
if (ivlen && iv)
|
||||
{
|
||||
Index: libgcrypt-1.9.4/tests/t-kdf.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.9.4.orig/tests/t-kdf.c
|
||||
+++ libgcrypt-1.9.4/tests/t-kdf.c
|
||||
@@ -31,6 +31,8 @@
|
||||
#define PGM "t-kdf"
|
||||
#include "t-common.h"
|
||||
|
||||
+static int in_fips_mode;
|
||||
+
|
||||
|
||||
static void
|
||||
dummy_consumer (volatile char *buffer, size_t buflen)
|
||||
@@ -858,8 +860,7 @@ check_openpgp (void)
|
||||
if (tv[tvidx].disabled)
|
||||
continue;
|
||||
/* MD5 isn't supported in fips mode */
|
||||
- if (gcry_fips_mode_active()
|
||||
- && tv[tvidx].hashalgo == GCRY_MD_MD5)
|
||||
+ if (in_fips_mode && tv[tvidx].hashalgo == GCRY_MD_MD5)
|
||||
continue;
|
||||
if (verbose)
|
||||
fprintf (stderr, "checking S2K test vector %d\n", tvidx);
|
||||
@@ -1104,7 +1105,7 @@ check_pbkdf2 (void)
|
||||
GCRY_KDF_PBKDF2, tv[tvidx].hashalgo,
|
||||
tv[tvidx].salt, tv[tvidx].saltlen,
|
||||
tv[tvidx].c, tv[tvidx].dklen, outbuf);
|
||||
- if (gcry_fips_mode_active() && tvidx > 6)
|
||||
+ if (in_fips_mode && tvidx > 6)
|
||||
{
|
||||
if (!err)
|
||||
fail ("pbkdf2 test %d unexpectedly passed in FIPS mode: %s\n",
|
||||
@@ -1112,7 +1113,17 @@ check_pbkdf2 (void)
|
||||
continue;
|
||||
}
|
||||
if (err)
|
||||
- fail ("pbkdf2 test %d failed: %s\n", tvidx, gpg_strerror (err));
|
||||
+ {
|
||||
+ if (in_fips_mode && tv[tvidx].plen < 14)
|
||||
+ {
|
||||
+ if (verbose)
|
||||
+ fprintf (stderr,
|
||||
+ " shorter key (%u) rejected correctly in fips mode\n",
|
||||
+ (unsigned int)tv[tvidx].plen);
|
||||
+ }
|
||||
+ else
|
||||
+ fail ("pbkdf2 test %d failed: %s\n", tvidx, gpg_strerror (err));
|
||||
+ }
|
||||
else if (memcmp (outbuf, tv[tvidx].dk, tv[tvidx].dklen))
|
||||
{
|
||||
fail ("pbkdf2 test %d failed: mismatch\n", tvidx);
|
||||
@@ -1209,7 +1220,17 @@ check_scrypt (void)
|
||||
tv[tvidx].salt, tv[tvidx].saltlen,
|
||||
tv[tvidx].parm_p, tv[tvidx].dklen, outbuf);
|
||||
if (err)
|
||||
- fail ("scrypt test %d failed: %s\n", tvidx, gpg_strerror (err));
|
||||
+ {
|
||||
+ if (in_fips_mode && tv[tvidx].plen < 14)
|
||||
+ {
|
||||
+ if (verbose)
|
||||
+ fprintf (stderr,
|
||||
+ " shorter key (%u) rejected correctly in fips mode\n",
|
||||
+ (unsigned int)tv[tvidx].plen);
|
||||
+ }
|
||||
+ else
|
||||
+ fail ("scrypt test %d failed: %s\n", tvidx, gpg_strerror (err));
|
||||
+ }
|
||||
else if (memcmp (outbuf, tv[tvidx].dk, tv[tvidx].dklen))
|
||||
{
|
||||
fail ("scrypt test %d failed: mismatch\n", tvidx);
|
||||
@@ -1281,7 +1302,12 @@ main (int argc, char **argv)
|
||||
if (!gcry_check_version (GCRYPT_VERSION))
|
||||
die ("version mismatch\n");
|
||||
|
||||
- xgcry_control ((GCRYCTL_DISABLE_SECMEM, 0));
|
||||
+ if (gcry_fips_mode_active ())
|
||||
+ in_fips_mode = 1;
|
||||
+
|
||||
+ if (!in_fips_mode)
|
||||
+ xgcry_control ((GCRYCTL_DISABLE_SECMEM, 0));
|
||||
+
|
||||
xgcry_control ((GCRYCTL_INITIALIZATION_FINISHED, 0));
|
||||
if (debug)
|
||||
xgcry_control ((GCRYCTL_SET_DEBUG_FLAGS, 1u, 0));
|
585
libgcrypt-FIPS-RSA-keylen-tests.patch
Normal file
585
libgcrypt-FIPS-RSA-keylen-tests.patch
Normal file
@ -0,0 +1,585 @@
|
||||
From cc3571a1f2244bdf829d7d16dd546131711eb8a9 Mon Sep 17 00:00:00 2001
|
||||
From: NIIBE Yutaka <gniibe@fsij.org>
|
||||
Date: Mon, 8 Nov 2021 13:57:18 +0900
|
||||
Subject: tests: Expect errors from algorithms not supported in
|
||||
FIPS mode.
|
||||
|
||||
* tests/basic.c (FLAG_NOFIPS): New.
|
||||
(check_pubkey_sign): Pass and handle NOFIPS flag.
|
||||
(check_pubkey_sign_ecdsa): Likewise.
|
||||
(check_pubkey_crypt): Likewise.
|
||||
(do_check_one_pubkey): Pass flags.
|
||||
(check_pubkey): Mark explicitly algorithms expected not to work in
|
||||
FIPS mode and make sure they fail.
|
||||
|
||||
--
|
||||
|
||||
Co-authored-by: NIIBE Yutaka <gniibe@fsij.org>
|
||||
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||
---
|
||||
tests/basic.c | 65 ++++++++++++++++++++++++++++++++++++---------------
|
||||
1 file changed, 46 insertions(+), 19 deletions(-)
|
||||
|
||||
Index: libgcrypt-1.9.4/tests/basic.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.9.4.orig/tests/basic.c
|
||||
+++ libgcrypt-1.9.4/tests/basic.c
|
||||
@@ -55,9 +55,10 @@ typedef struct test_spec_pubkey
|
||||
}
|
||||
test_spec_pubkey_t;
|
||||
|
||||
-#define FLAG_CRYPT (1 << 0)
|
||||
-#define FLAG_SIGN (1 << 1)
|
||||
-#define FLAG_GRIP (1 << 2)
|
||||
+#define FLAG_CRYPT (1 << 0)
|
||||
+#define FLAG_SIGN (1 << 1)
|
||||
+#define FLAG_GRIP (1 << 2)
|
||||
+#define FLAG_NOFIPS (1 << 3)
|
||||
|
||||
static int in_fips_mode;
|
||||
|
||||
@@ -13509,7 +13510,8 @@ verify_one_signature (gcry_sexp_t pkey,
|
||||
/* Test the public key sign function using the private key SKEY. PKEY
|
||||
is used for verification. */
|
||||
static void
|
||||
-check_pubkey_sign (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo)
|
||||
+check_pubkey_sign (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
|
||||
+ int flags)
|
||||
{
|
||||
gcry_error_t rc;
|
||||
gcry_sexp_t sig, badhash, hash;
|
||||
@@ -13588,6 +13590,7 @@ check_pubkey_sign (int n, gcry_sexp_t sk
|
||||
if (rc)
|
||||
die ("converting data failed: %s\n", gpg_strerror (rc));
|
||||
|
||||
+ sig = NULL;
|
||||
for (dataidx = 0; datas[dataidx].data; dataidx++)
|
||||
{
|
||||
if (datas[dataidx].algo && datas[dataidx].algo != algo)
|
||||
@@ -13603,12 +13606,19 @@ check_pubkey_sign (int n, gcry_sexp_t sk
|
||||
die ("converting data failed: %s\n", gpg_strerror (rc));
|
||||
|
||||
rc = gcry_pk_sign (&sig, hash, skey);
|
||||
+ if (in_fips_mode && (flags & FLAG_NOFIPS))
|
||||
+ {
|
||||
+ if (!rc)
|
||||
+ fail ("gcry_pk_sign did not fail as expected in FIPS mode\n");
|
||||
+ goto next;
|
||||
+ }
|
||||
if (gcry_err_code (rc) != datas[dataidx].expected_rc)
|
||||
fail ("gcry_pk_sign failed: %s\n", gpg_strerror (rc));
|
||||
|
||||
if (!rc)
|
||||
verify_one_signature (pkey, hash, badhash, sig);
|
||||
|
||||
+ next:
|
||||
gcry_sexp_release (sig);
|
||||
sig = NULL;
|
||||
gcry_sexp_release (hash);
|
||||
@@ -13622,7 +13632,8 @@ check_pubkey_sign (int n, gcry_sexp_t sk
|
||||
/* Test the public key sign function using the private key SKEY. PKEY
|
||||
is used for verification. This variant is only used for ECDSA. */
|
||||
static void
|
||||
-check_pubkey_sign_ecdsa (int n, gcry_sexp_t skey, gcry_sexp_t pkey)
|
||||
+check_pubkey_sign_ecdsa (int n, gcry_sexp_t skey, gcry_sexp_t pkey,
|
||||
+ int flags)
|
||||
{
|
||||
gcry_error_t rc;
|
||||
gcry_sexp_t sig, badhash, hash;
|
||||
@@ -13704,6 +13715,7 @@ check_pubkey_sign_ecdsa (int n, gcry_sex
|
||||
|
||||
nbits = gcry_pk_get_nbits (skey);
|
||||
|
||||
+ sig = NULL;
|
||||
for (dataidx = 0; datas[dataidx].data; dataidx++)
|
||||
{
|
||||
if (datas[dataidx].nbits != nbits)
|
||||
@@ -13723,6 +13735,12 @@ check_pubkey_sign_ecdsa (int n, gcry_sex
|
||||
die ("converting data failed: %s\n", gpg_strerror (rc));
|
||||
|
||||
rc = gcry_pk_sign (&sig, hash, skey);
|
||||
+ if (in_fips_mode && (flags & FLAG_NOFIPS))
|
||||
+ {
|
||||
+ if (!rc)
|
||||
+ fail ("gcry_pk_sign did not fail as expected in FIPS mode\n");
|
||||
+ goto next;
|
||||
+ }
|
||||
if (gcry_err_code (rc) != datas[dataidx].expected_rc)
|
||||
fail ("gcry_pk_sign failed: %s\n", gpg_strerror (rc));
|
||||
|
||||
@@ -13732,6 +13750,7 @@ check_pubkey_sign_ecdsa (int n, gcry_sex
|
||||
if (!rc)
|
||||
verify_one_signature (pkey, hash, badhash, sig);
|
||||
|
||||
+ next:
|
||||
gcry_sexp_release (sig);
|
||||
sig = NULL;
|
||||
gcry_sexp_release (badhash);
|
||||
@@ -13743,7 +13762,8 @@ check_pubkey_sign_ecdsa (int n, gcry_sex
|
||||
|
||||
|
||||
static void
|
||||
-check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo)
|
||||
+check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
|
||||
+ int flags)
|
||||
{
|
||||
gcry_error_t rc;
|
||||
gcry_sexp_t plain = NULL;
|
||||
@@ -13876,6 +13896,12 @@ check_pubkey_crypt (int n, gcry_sexp_t s
|
||||
die ("converting data failed: %s\n", gpg_strerror (rc));
|
||||
|
||||
rc = gcry_pk_encrypt (&ciph, data, pkey);
|
||||
+ if (in_fips_mode && (flags & FLAG_NOFIPS))
|
||||
+ {
|
||||
+ if (!rc)
|
||||
+ fail ("gcry_pk_encrypt did not fail as expected in FIPS mode\n");
|
||||
+ goto next;
|
||||
+ }
|
||||
if (gcry_err_code (rc) != datas[dataidx].encrypt_expected_rc)
|
||||
fail ("gcry_pk_encrypt failed: %s\n", gpg_strerror (rc));
|
||||
|
||||
@@ -13974,6 +14000,7 @@ check_pubkey_crypt (int n, gcry_sexp_t s
|
||||
}
|
||||
}
|
||||
|
||||
+ next:
|
||||
gcry_sexp_release (plain);
|
||||
plain = NULL;
|
||||
gcry_sexp_release (ciph);
|
||||
@@ -14005,17 +14032,17 @@ static void
|
||||
do_check_one_pubkey (int n, gcry_sexp_t skey, gcry_sexp_t pkey,
|
||||
const unsigned char *grip, int algo, int flags)
|
||||
{
|
||||
- if (flags & FLAG_SIGN)
|
||||
+ if ((flags & FLAG_SIGN))
|
||||
{
|
||||
if (algo == GCRY_PK_ECDSA)
|
||||
- check_pubkey_sign_ecdsa (n, skey, pkey);
|
||||
+ check_pubkey_sign_ecdsa (n, skey, pkey, flags);
|
||||
else
|
||||
- check_pubkey_sign (n, skey, pkey, algo);
|
||||
+ check_pubkey_sign (n, skey, pkey, algo, flags);
|
||||
}
|
||||
- if (flags & FLAG_CRYPT)
|
||||
- check_pubkey_crypt (n, skey, pkey, algo);
|
||||
- if (grip && (flags & FLAG_GRIP))
|
||||
- check_pubkey_grip (n, grip, skey, pkey, algo);
|
||||
+ if ((flags & FLAG_CRYPT))
|
||||
+ check_pubkey_crypt (n, skey, pkey, algo, flags);
|
||||
+ if (grip && (flags & FLAG_GRIP))
|
||||
+ check_pubkey_grip (n, grip, skey, pkey, algo);
|
||||
}
|
||||
|
||||
static void
|
||||
@@ -14089,7 +14116,7 @@ check_pubkey (void)
|
||||
{
|
||||
static const test_spec_pubkey_t pubkeys[] = {
|
||||
{
|
||||
- GCRY_PK_RSA, FLAG_CRYPT | FLAG_SIGN | FLAG_GRIP,
|
||||
+ GCRY_PK_RSA, FLAG_CRYPT | FLAG_SIGN | FLAG_GRIP | FLAG_NOFIPS, /* 1k RSA */
|
||||
{
|
||||
"(private-key\n"
|
||||
" (rsa\n"
|
||||
@@ -14228,7 +14255,7 @@ check_pubkey (void)
|
||||
"\x47\xdd\x69\x55\xdb\x3a\xac\x89\x6e\x40"}
|
||||
},
|
||||
{
|
||||
- GCRY_PK_ELG, FLAG_SIGN | FLAG_CRYPT | FLAG_GRIP,
|
||||
+ GCRY_PK_ELG, FLAG_SIGN | FLAG_CRYPT | FLAG_GRIP | FLAG_NOFIPS,
|
||||
{
|
||||
"(private-key\n"
|
||||
" (ELG\n"
|
||||
@@ -14360,7 +14387,7 @@ check_pubkey (void)
|
||||
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" }
|
||||
},
|
||||
{ /* GOST R 34.10-2001/2012 test 256 bit. */
|
||||
- GCRY_PK_ECDSA, FLAG_SIGN,
|
||||
+ GCRY_PK_ECDSA, FLAG_SIGN | FLAG_NOFIPS,
|
||||
{
|
||||
"(private-key\n"
|
||||
" (ecc\n"
|
||||
@@ -14382,7 +14409,7 @@ check_pubkey (void)
|
||||
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" }
|
||||
},
|
||||
{ /* GOST R 34.10-2012 test 512 bit. */
|
||||
- GCRY_PK_ECDSA, FLAG_SIGN,
|
||||
+ GCRY_PK_ECDSA, FLAG_SIGN | FLAG_NOFIPS,
|
||||
{
|
||||
"(private-key\n"
|
||||
" (ecc\n"
|
||||
@@ -14433,7 +14460,7 @@ check_pubkey (void)
|
||||
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" }
|
||||
},
|
||||
{ /* sm2 test */
|
||||
- GCRY_PK_ECDSA, FLAG_SIGN,
|
||||
+ GCRY_PK_ECDSA, FLAG_SIGN | FLAG_NOFIPS,
|
||||
{
|
||||
"(private-key\n"
|
||||
" (ecc\n"
|
||||
From 66119e0c1a024f7cf059393c3db827eb338339b0 Mon Sep 17 00:00:00 2001
|
||||
From: NIIBE Yutaka <gniibe@fsij.org>
|
||||
Date: Thu, 11 Nov 2021 13:03:58 +0900
|
||||
Subject: tests:pubkey: Replace RSA key to one of 2k.
|
||||
|
||||
* tests/pubkey.c (sample_private_key_1): Use 2k key from basic.c.
|
||||
(sample_private_key_1_1): Likewise.
|
||||
(sample_private_key_1_2): Likewise.
|
||||
|
||||
--
|
||||
|
||||
GnuPG-bug-id: 5512
|
||||
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
||||
---
|
||||
tests/pubkey.c | 126 ++++++++++++++++++++++++++++++++++---------------
|
||||
1 file changed, 88 insertions(+), 38 deletions(-)
|
||||
|
||||
diff --git a/tests/pubkey.c b/tests/pubkey.c
|
||||
index 8a482dc3..51ef0f51 100644
|
||||
--- a/tests/pubkey.c
|
||||
+++ b/tests/pubkey.c
|
||||
@@ -36,21 +36,40 @@ static int in_fips_mode;
|
||||
static const char sample_private_key_1[] =
|
||||
"(private-key\n"
|
||||
" (openpgp-rsa\n"
|
||||
-" (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa"
|
||||
- "2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291"
|
||||
- "ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7"
|
||||
- "891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)\n"
|
||||
+" (n #009F56231A3D82E3E7D613D59D53E9AB921BEF9F08A782AED0B6E46ADBC853EC"
|
||||
+" 7C71C422435A3CD8FA0DB9EFD55CD3295BADC4E8E2E2B94E15AE82866AB8ADE8"
|
||||
+" 7E469FAE76DC3577DE87F1F419C4EB41123DFAF8D16922D5EDBAD6E9076D5A1C"
|
||||
+" 958106F0AE5E2E9193C6B49124C64C2A241C4075D4AF16299EB87A6585BAE917"
|
||||
+" DEF27FCDD165764D069BC18D16527B29DAAB549F7BBED4A7C6A842D203ED6613"
|
||||
+" 6E2411744E432CD26D940132F25874483DCAEECDFD95744819CBCF1EA810681C"
|
||||
+" 42907EBCB1C7EAFBE75C87EC32C5413EA10476545D3FC7B2ADB1B66B7F200918"
|
||||
+" 664B0E5261C2895AA28B0DE321E921B3F877172CCCAB81F43EF98002916156F6"
|
||||
+" CB#)\n"
|
||||
" (e #010001#)\n"
|
||||
-" (d #046129F2489D71579BE0A75FE029BD6CDB574EBF57EA8A5B0FDA942CAB943B11"
|
||||
- "7D7BB95E5D28875E0F9FC5FCC06A72F6D502464DABDED78EF6B716177B83D5BD"
|
||||
- "C543DC5D3FED932E59F5897E92E6F58A0F33424106A3B6FA2CBF877510E4AC21"
|
||||
- "C3EE47851E97D12996222AC3566D4CCB0B83D164074ABF7DE655FC2446DA1781#)\n"
|
||||
-" (p #00e861b700e17e8afe6837e7512e35b6ca11d0ae47d8b85161c67baf64377213"
|
||||
- "fe52d772f2035b3ca830af41d8a4120e1c1c70d12cc22f00d28d31dd48a8d424f1#)\n"
|
||||
-" (q #00f7a7ca5367c661f8e62df34f0d05c10c88e5492348dd7bddc942c9a8f369f9"
|
||||
- "35a07785d2db805215ed786e4285df1658eed3ce84f469b81b50d358407b4ad361#)\n"
|
||||
-" (u #304559a9ead56d2309d203811a641bb1a09626bc8eb36fffa23c968ec5bd891e"
|
||||
- "ebbafc73ae666e01ba7c8990bae06cc2bbe10b75e69fcacb353a6473079d8e9b#)\n"
|
||||
+" (d #07EF82500C403899934FE993AC5A36F14FF2DF38CF1EF315F205EE4C83EDAA19"
|
||||
+" 8890FC23DE9AA933CAFB37B6A8A8DBA675411958337287310D3FF2F1DDC0CB93"
|
||||
+" 7E70F57F75F833C021852B631D2B9A520E4431A03C5C3FCB5742DCD841D9FB12"
|
||||
+" 771AA1620DCEC3F1583426066ED9DC3F7028C5B59202C88FDF20396E2FA0EC4F"
|
||||
+" 5A22D9008F3043673931BC14A5046D6327398327900867E39CC61B2D1AFE2F48"
|
||||
+" EC8E1E3861C68D257D7425F4E6F99ABD77D61F10CA100EFC14389071831B33DD"
|
||||
+" 69CC8EABEF860D1DC2AAA84ABEAE5DFC91BC124DAF0F4C8EF5BBEA436751DE84"
|
||||
+" 3A8063E827A024466F44C28614F93B0732A100D4A0D86D532FE1E22C7725E401"
|
||||
+" #)\n"
|
||||
+" (p #00C29D438F115825779631CD665A5739367F3E128ADC29766483A46CA80897E0"
|
||||
+" 79B32881860B8F9A6A04C2614A904F6F2578DAE13EA67CD60AE3D0AA00A1FF9B"
|
||||
+" 441485E44B2DC3D0B60260FBFE073B5AC72FAF67964DE15C8212C389D20DB9CF"
|
||||
+" 54AF6AEF5C4196EAA56495DD30CF709F499D5AB30CA35E086C2A1589D6283F17"
|
||||
+" 83#)\n"
|
||||
+" (q #00D1984135231CB243FE959C0CBEF551EDD986AD7BEDF71EDF447BE3DA27AF46"
|
||||
+" 79C974A6FA69E4D52FE796650623DE70622862713932AA2FD9F2EC856EAEAA77"
|
||||
+" 88B4EA6084DC81C902F014829B18EA8B2666EC41586818E0589E18876065F97E"
|
||||
+" 8D22CE2DA53A05951EC132DCEF41E70A9C35F4ACC268FFAC2ADF54FA1DA110B9"
|
||||
+" 19#)\n"
|
||||
+" (u #67CF0FD7635205DD80FA814EE9E9C267C17376BF3209FB5D1BC42890D2822A04"
|
||||
+" 479DAF4D5B6ED69D0F8D1AF94164D07F8CD52ECEFE880641FA0F41DDAB1785E4"
|
||||
+" A37A32F997A516480B4CD4F6482B9466A1765093ED95023CA32D5EDC1E34CEE9"
|
||||
+" AF595BC51FE43C4BF810FA225AF697FB473B83815966188A4312C048B885E3F7"
|
||||
+" #)\n"
|
||||
" )\n"
|
||||
")\n";
|
||||
|
||||
@@ -58,15 +77,25 @@ static const char sample_private_key_1[] =
|
||||
static const char sample_private_key_1_1[] =
|
||||
"(private-key\n"
|
||||
" (openpgp-rsa\n"
|
||||
-" (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa"
|
||||
- "2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291"
|
||||
- "ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7"
|
||||
- "891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)\n"
|
||||
+" (n #009F56231A3D82E3E7D613D59D53E9AB921BEF9F08A782AED0B6E46ADBC853EC"
|
||||
+" 7C71C422435A3CD8FA0DB9EFD55CD3295BADC4E8E2E2B94E15AE82866AB8ADE8"
|
||||
+" 7E469FAE76DC3577DE87F1F419C4EB41123DFAF8D16922D5EDBAD6E9076D5A1C"
|
||||
+" 958106F0AE5E2E9193C6B49124C64C2A241C4075D4AF16299EB87A6585BAE917"
|
||||
+" DEF27FCDD165764D069BC18D16527B29DAAB549F7BBED4A7C6A842D203ED6613"
|
||||
+" 6E2411744E432CD26D940132F25874483DCAEECDFD95744819CBCF1EA810681C"
|
||||
+" 42907EBCB1C7EAFBE75C87EC32C5413EA10476545D3FC7B2ADB1B66B7F200918"
|
||||
+" 664B0E5261C2895AA28B0DE321E921B3F877172CCCAB81F43EF98002916156F6"
|
||||
+" CB#)\n"
|
||||
" (e #010001#)\n"
|
||||
-" (d #046129F2489D71579BE0A75FE029BD6CDB574EBF57EA8A5B0FDA942CAB943B11"
|
||||
- "7D7BB95E5D28875E0F9FC5FCC06A72F6D502464DABDED78EF6B716177B83D5BD"
|
||||
- "C543DC5D3FED932E59F5897E92E6F58A0F33424106A3B6FA2CBF877510E4AC21"
|
||||
- "C3EE47851E97D12996222AC3566D4CCB0B83D164074ABF7DE655FC2446DA1781#)\n"
|
||||
+" (d #07EF82500C403899934FE993AC5A36F14FF2DF38CF1EF315F205EE4C83EDAA19"
|
||||
+" 8890FC23DE9AA933CAFB37B6A8A8DBA675411958337287310D3FF2F1DDC0CB93"
|
||||
+" 7E70F57F75F833C021852B631D2B9A520E4431A03C5C3FCB5742DCD841D9FB12"
|
||||
+" 771AA1620DCEC3F1583426066ED9DC3F7028C5B59202C88FDF20396E2FA0EC4F"
|
||||
+" 5A22D9008F3043673931BC14A5046D6327398327900867E39CC61B2D1AFE2F48"
|
||||
+" EC8E1E3861C68D257D7425F4E6F99ABD77D61F10CA100EFC14389071831B33DD"
|
||||
+" 69CC8EABEF860D1DC2AAA84ABEAE5DFC91BC124DAF0F4C8EF5BBEA436751DE84"
|
||||
+" 3A8063E827A024466F44C28614F93B0732A100D4A0D86D532FE1E22C7725E401"
|
||||
+" #)\n"
|
||||
" )\n"
|
||||
")\n";
|
||||
|
||||
@@ -75,29 +104,50 @@ static const char sample_private_key_1_1[] =
|
||||
static const char sample_private_key_1_2[] =
|
||||
"(private-key\n"
|
||||
" (openpgp-rsa\n"
|
||||
-" (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa"
|
||||
- "2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291"
|
||||
- "ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7"
|
||||
- "891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)\n"
|
||||
+" (n #009F56231A3D82E3E7D613D59D53E9AB921BEF9F08A782AED0B6E46ADBC853EC"
|
||||
+" 7C71C422435A3CD8FA0DB9EFD55CD3295BADC4E8E2E2B94E15AE82866AB8ADE8"
|
||||
+" 7E469FAE76DC3577DE87F1F419C4EB41123DFAF8D16922D5EDBAD6E9076D5A1C"
|
||||
+" 958106F0AE5E2E9193C6B49124C64C2A241C4075D4AF16299EB87A6585BAE917"
|
||||
+" DEF27FCDD165764D069BC18D16527B29DAAB549F7BBED4A7C6A842D203ED6613"
|
||||
+" 6E2411744E432CD26D940132F25874483DCAEECDFD95744819CBCF1EA810681C"
|
||||
+" 42907EBCB1C7EAFBE75C87EC32C5413EA10476545D3FC7B2ADB1B66B7F200918"
|
||||
+" 664B0E5261C2895AA28B0DE321E921B3F877172CCCAB81F43EF98002916156F6"
|
||||
+" CB#)\n"
|
||||
" (e #010001#)\n"
|
||||
-" (d #046129F2489D71579BE0A75FE029BD6CDB574EBF57EA8A5B0FDA942CAB943B11"
|
||||
- "7D7BB95E5D28875E0F9FC5FCC06A72F6D502464DABDED78EF6B716177B83D5BD"
|
||||
- "C543DC5D3FED932E59F5897E92E6F58A0F33424106A3B6FA2CBF877510E4AC21"
|
||||
- "C3EE47851E97D12996222AC3566D4CCB0B83D164074ABF7DE655FC2446DA1781#)\n"
|
||||
-" (p #00e861b700e17e8afe6837e7512e35b6ca11d0ae47d8b85161c67baf64377213"
|
||||
- "fe52d772f2035b3ca830af41d8a4120e1c1c70d12cc22f00d28d31dd48a8d424f1#)\n"
|
||||
-" (u #304559a9ead56d2309d203811a641bb1a09626bc8eb36fffa23c968ec5bd891e"
|
||||
- "ebbafc73ae666e01ba7c8990bae06cc2bbe10b75e69fcacb353a6473079d8e9b#)\n"
|
||||
+" (d #07EF82500C403899934FE993AC5A36F14FF2DF38CF1EF315F205EE4C83EDAA19"
|
||||
+" 8890FC23DE9AA933CAFB37B6A8A8DBA675411958337287310D3FF2F1DDC0CB93"
|
||||
+" 7E70F57F75F833C021852B631D2B9A520E4431A03C5C3FCB5742DCD841D9FB12"
|
||||
+" 771AA1620DCEC3F1583426066ED9DC3F7028C5B59202C88FDF20396E2FA0EC4F"
|
||||
+" 5A22D9008F3043673931BC14A5046D6327398327900867E39CC61B2D1AFE2F48"
|
||||
+" EC8E1E3861C68D257D7425F4E6F99ABD77D61F10CA100EFC14389071831B33DD"
|
||||
+" 69CC8EABEF860D1DC2AAA84ABEAE5DFC91BC124DAF0F4C8EF5BBEA436751DE84"
|
||||
+" 3A8063E827A024466F44C28614F93B0732A100D4A0D86D532FE1E22C7725E401"
|
||||
+" #)\n"
|
||||
+" (p #00C29D438F115825779631CD665A5739367F3E128ADC29766483A46CA80897E0"
|
||||
+" 79B32881860B8F9A6A04C2614A904F6F2578DAE13EA67CD60AE3D0AA00A1FF9B"
|
||||
+" 441485E44B2DC3D0B60260FBFE073B5AC72FAF67964DE15C8212C389D20DB9CF"
|
||||
+" 54AF6AEF5C4196EAA56495DD30CF709F499D5AB30CA35E086C2A1589D6283F17"
|
||||
+" 83#)\n"
|
||||
+" (u #67CF0FD7635205DD80FA814EE9E9C267C17376BF3209FB5D1BC42890D2822A04"
|
||||
+" 479DAF4D5B6ED69D0F8D1AF94164D07F8CD52ECEFE880641FA0F41DDAB1785E4"
|
||||
+" A37A32F997A516480B4CD4F6482B9466A1765093ED95023CA32D5EDC1E34CEE9"
|
||||
+" AF595BC51FE43C4BF810FA225AF697FB473B83815966188A4312C048B885E3F7"
|
||||
+" #)\n"
|
||||
" )\n"
|
||||
")\n";
|
||||
|
||||
static const char sample_public_key_1[] =
|
||||
"(public-key\n"
|
||||
" (rsa\n"
|
||||
-" (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa"
|
||||
- "2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291"
|
||||
- "ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7"
|
||||
- "891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)\n"
|
||||
+" (n #009F56231A3D82E3E7D613D59D53E9AB921BEF9F08A782AED0B6E46ADBC853EC"
|
||||
+" 7C71C422435A3CD8FA0DB9EFD55CD3295BADC4E8E2E2B94E15AE82866AB8ADE8"
|
||||
+" 7E469FAE76DC3577DE87F1F419C4EB41123DFAF8D16922D5EDBAD6E9076D5A1C"
|
||||
+" 958106F0AE5E2E9193C6B49124C64C2A241C4075D4AF16299EB87A6585BAE917"
|
||||
+" DEF27FCDD165764D069BC18D16527B29DAAB549F7BBED4A7C6A842D203ED6613"
|
||||
+" 6E2411744E432CD26D940132F25874483DCAEECDFD95744819CBCF1EA810681C"
|
||||
+" 42907EBCB1C7EAFBE75C87EC32C5413EA10476545D3FC7B2ADB1B66B7F200918"
|
||||
+" 664B0E5261C2895AA28B0DE321E921B3F877172CCCAB81F43EF98002916156F6"
|
||||
+" CB#)\n"
|
||||
" (e #010001#)\n"
|
||||
" )\n"
|
||||
")\n";
|
||||
--
|
||||
2.33.1
|
||||
|
||||
From 1481607cb9db977468a75f9f4638dc1cf3ade007 Mon Sep 17 00:00:00 2001
|
||||
From: NIIBE Yutaka <gniibe@fsij.org>
|
||||
Date: Thu, 11 Nov 2021 13:44:40 +0900
|
||||
Subject: tests:pkcs1v2: Skip tests with small keys in FIPS
|
||||
mode.
|
||||
|
||||
* tests/pkcs1v2.c (in_fips_mode): New.
|
||||
(check_oaep): Skip when key size is less than 2048 in FIPS mode.
|
||||
(check_pss, check_v15crypt, check_v15sign): Likewise.
|
||||
|
||||
--
|
||||
|
||||
GnuPG-bug-id: 5512
|
||||
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
||||
---
|
||||
tests/pkcs1v2.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++--
|
||||
1 file changed, 75 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/tests/pkcs1v2.c b/tests/pkcs1v2.c
|
||||
index 968d3fea..f26e779b 100644
|
||||
--- a/tests/pkcs1v2.c
|
||||
+++ b/tests/pkcs1v2.c
|
||||
@@ -36,6 +36,8 @@
|
||||
#include "t-common.h"
|
||||
|
||||
|
||||
+static int in_fips_mode;
|
||||
+
|
||||
static void
|
||||
show_sexp (const char *prefix, gcry_sexp_t a)
|
||||
{
|
||||
@@ -147,6 +149,18 @@ check_oaep (void)
|
||||
gcry_free (rsa_e);
|
||||
gcry_free (rsa_d);
|
||||
|
||||
+ if (in_fips_mode)
|
||||
+ {
|
||||
+ unsigned int nbits = gcry_pk_get_nbits (pub_key);
|
||||
+
|
||||
+ if (nbits < 2048)
|
||||
+ {
|
||||
+ if (verbose > 1)
|
||||
+ info ("... skipped\n");
|
||||
+ goto next;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
for (mno = 0; mno < DIM (tbl[0].m); mno++)
|
||||
{
|
||||
void *mesg, *seed, *encr;
|
||||
@@ -225,6 +239,7 @@ check_oaep (void)
|
||||
ciph = NULL;
|
||||
}
|
||||
|
||||
+ next:
|
||||
gcry_sexp_release (sec_key);
|
||||
gcry_sexp_release (pub_key);
|
||||
}
|
||||
@@ -269,6 +284,18 @@ check_pss (void)
|
||||
gcry_free (rsa_e);
|
||||
gcry_free (rsa_d);
|
||||
|
||||
+ if (in_fips_mode)
|
||||
+ {
|
||||
+ unsigned int nbits = gcry_pk_get_nbits (pub_key);
|
||||
+
|
||||
+ if (nbits < 2048)
|
||||
+ {
|
||||
+ if (verbose > 1)
|
||||
+ info ("... skipped\n");
|
||||
+ goto next;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
for (mno = 0; mno < DIM (tbl[0].m); mno++)
|
||||
{
|
||||
void *mesg, *salt, *sign;
|
||||
@@ -347,6 +374,7 @@ check_pss (void)
|
||||
sigtmpl = NULL;
|
||||
}
|
||||
|
||||
+ next:
|
||||
gcry_sexp_release (sec_key);
|
||||
gcry_sexp_release (pub_key);
|
||||
}
|
||||
@@ -391,6 +419,18 @@ check_v15crypt (void)
|
||||
gcry_free (rsa_e);
|
||||
gcry_free (rsa_d);
|
||||
|
||||
+ if (in_fips_mode)
|
||||
+ {
|
||||
+ unsigned int nbits = gcry_pk_get_nbits (pub_key);
|
||||
+
|
||||
+ if (nbits < 2048)
|
||||
+ {
|
||||
+ if (verbose > 1)
|
||||
+ info ("... skipped\n");
|
||||
+ goto next;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
for (mno = 0; mno < DIM (tbl[0].m); mno++)
|
||||
{
|
||||
void *mesg, *seed, *encr;
|
||||
@@ -469,6 +509,7 @@ check_v15crypt (void)
|
||||
ciph = NULL;
|
||||
}
|
||||
|
||||
+ next:
|
||||
gcry_sexp_release (sec_key);
|
||||
gcry_sexp_release (pub_key);
|
||||
}
|
||||
@@ -513,6 +554,18 @@ check_v15sign (void)
|
||||
gcry_free (rsa_e);
|
||||
gcry_free (rsa_d);
|
||||
|
||||
+ if (in_fips_mode)
|
||||
+ {
|
||||
+ unsigned int nbits = gcry_pk_get_nbits (pub_key);
|
||||
+
|
||||
+ if (nbits < 2048)
|
||||
+ {
|
||||
+ if (verbose > 1)
|
||||
+ info ("... skipped\n");
|
||||
+ goto next;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
for (mno = 0; mno < DIM (tbl[0].m); mno++)
|
||||
{
|
||||
void *mesg, *sign;
|
||||
@@ -583,6 +636,7 @@ check_v15sign (void)
|
||||
sigtmpl = NULL;
|
||||
}
|
||||
|
||||
+ next:
|
||||
gcry_sexp_release (sec_key);
|
||||
gcry_sexp_release (pub_key);
|
||||
}
|
||||
@@ -597,6 +651,7 @@ main (int argc, char **argv)
|
||||
int run_pss = 0;
|
||||
int run_v15c = 0;
|
||||
int run_v15s = 0;
|
||||
+ int use_fips = 0;
|
||||
|
||||
if (argc)
|
||||
{ argc--; argv++; }
|
||||
@@ -625,6 +680,11 @@ main (int argc, char **argv)
|
||||
die_on_error = 1;
|
||||
argc--; argv++;
|
||||
}
|
||||
+ else if (!strcmp (*argv, "--fips"))
|
||||
+ {
|
||||
+ use_fips = 1;
|
||||
+ argc--; argv++;
|
||||
+ }
|
||||
else if (!strcmp (*argv, "--oaep"))
|
||||
{
|
||||
run_oaep = 1;
|
||||
@@ -651,9 +711,21 @@ main (int argc, char **argv)
|
||||
run_oaep = run_pss = run_v15c = run_v15s = 1;
|
||||
|
||||
xgcry_control ((GCRYCTL_SET_VERBOSITY, (int)verbose));
|
||||
- xgcry_control ((GCRYCTL_DISABLE_SECMEM, 0));
|
||||
- if (!gcry_check_version ("1.5.0"))
|
||||
- die ("version mismatch\n");
|
||||
+
|
||||
+ if (use_fips)
|
||||
+ xgcry_control ((GCRYCTL_FORCE_FIPS_MODE, 0));
|
||||
+
|
||||
+ /* Check that we test exactly our version - including the patchlevel. */
|
||||
+ if (strcmp (GCRYPT_VERSION, gcry_check_version (NULL)))
|
||||
+ die ("version mismatch; pgm=%s, library=%s\n",
|
||||
+ GCRYPT_VERSION,gcry_check_version (NULL));
|
||||
+
|
||||
+ if ( gcry_fips_mode_active () )
|
||||
+ in_fips_mode = 1;
|
||||
+
|
||||
+ if (!in_fips_mode)
|
||||
+ xgcry_control ((GCRYCTL_DISABLE_SECMEM, 0));
|
||||
+
|
||||
xgcry_control ((GCRYCTL_INITIALIZATION_FINISHED, 0));
|
||||
if (debug)
|
||||
xgcry_control ((GCRYCTL_SET_DEBUG_FLAGS, 1u, 0));
|
||||
--
|
||||
2.33.1
|
||||
|
250
libgcrypt-FIPS-RSA-keylen.patch
Normal file
250
libgcrypt-FIPS-RSA-keylen.patch
Normal file
@ -0,0 +1,250 @@
|
||||
From 40d63d09b2d06631f4d2c3d1b167a620d50c99f8 Mon Sep 17 00:00:00 2001
|
||||
From: Jakub Jelen <jjelen@redhat.com>
|
||||
Date: Fri, 5 Nov 2021 14:19:23 +0100
|
||||
Subject: [PATCH 198/200] rsa: Check keylen constraints for key operations.
|
||||
|
||||
* cipher/rsa.c (rsa_check_keysize): New.
|
||||
(generate_fips): Factor out the bits check.
|
||||
(rsa_encrypt): Add checking key length.
|
||||
(rsa_decrypt, rsa_sign, rsa_verify): Likewise.
|
||||
--
|
||||
|
||||
GnuPG-bug-id: 5512
|
||||
Co-authored-by: NIIBE Yutaka <gniibe@fsij.org>
|
||||
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||
---
|
||||
cipher/rsa.c | 58 ++++++++++++++++++++++++++++++++++++++--------------
|
||||
1 file changed, 43 insertions(+), 15 deletions(-)
|
||||
|
||||
Index: libgcrypt-1.9.4/cipher/rsa.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.9.4.orig/cipher/rsa.c
|
||||
+++ libgcrypt-1.9.4/cipher/rsa.c
|
||||
@@ -301,14 +301,6 @@ generate_std (RSA_secret_key *sk, unsign
|
||||
gcry_mpi_t f;
|
||||
gcry_random_level_t random_level;
|
||||
|
||||
- if (fips_mode ())
|
||||
- {
|
||||
- if (nbits < 1024)
|
||||
- return GPG_ERR_INV_VALUE;
|
||||
- if (transient_key)
|
||||
- return GPG_ERR_INV_VALUE;
|
||||
- }
|
||||
-
|
||||
/* The random quality depends on the transient_key flag. */
|
||||
random_level = transient_key ? GCRY_STRONG_RANDOM : GCRY_VERY_STRONG_RANDOM;
|
||||
|
||||
@@ -437,6 +429,17 @@ generate_std (RSA_secret_key *sk, unsign
|
||||
}
|
||||
|
||||
|
||||
+/* Check the RSA key length is acceptable for key generation or usage */
|
||||
+static gpg_err_code_t
|
||||
+rsa_check_keysize (unsigned int nbits)
|
||||
+{
|
||||
+ if (fips_mode() && nbits < 2048)
|
||||
+ return GPG_ERR_INV_VALUE;
|
||||
+
|
||||
+ return GPG_ERR_NO_ERROR;
|
||||
+}
|
||||
+
|
||||
+
|
||||
/****************
|
||||
* Generate a key pair with a key of size NBITS.
|
||||
* USE_E = 0 let Libcgrypt decide what exponent to use.
|
||||
@@ -466,12 +469,15 @@ generate_fips (RSA_secret_key *sk, unsig
|
||||
unsigned int pbits = nbits/2;
|
||||
unsigned int i;
|
||||
int pqswitch;
|
||||
- gpg_err_code_t ec = GPG_ERR_NO_PRIME;
|
||||
+ gpg_err_code_t ec;
|
||||
|
||||
if (nbits < 1024 || (nbits & 0x1FF))
|
||||
return GPG_ERR_INV_VALUE;
|
||||
- if (fips_mode() && nbits < 2048)
|
||||
- return GPG_ERR_INV_VALUE;
|
||||
+ ec = rsa_check_keysize (nbits);
|
||||
+ if (ec)
|
||||
+ return ec;
|
||||
+
|
||||
+ ec = GPG_ERR_NO_PRIME;
|
||||
|
||||
/* The random quality depends on the transient_key flag. */
|
||||
random_level = transient_key ? GCRY_STRONG_RANDOM : GCRY_VERY_STRONG_RANDOM;
|
||||
@@ -1360,9 +1366,13 @@ rsa_encrypt (gcry_sexp_t *r_ciph, gcry_s
|
||||
gcry_mpi_t data = NULL;
|
||||
RSA_public_key pk = {NULL, NULL};
|
||||
gcry_mpi_t ciph = NULL;
|
||||
+ unsigned int nbits = rsa_get_nbits (keyparms);
|
||||
+
|
||||
+ rc = rsa_check_keysize (nbits);
|
||||
+ if (rc)
|
||||
+ return rc;
|
||||
|
||||
- _gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_ENCRYPT,
|
||||
- rsa_get_nbits (keyparms));
|
||||
+ _gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_ENCRYPT, nbits);
|
||||
|
||||
/* Extract the data. */
|
||||
rc = _gcry_pk_util_data_to_mpi (s_data, &data, &ctx);
|
||||
@@ -1432,9 +1442,13 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_
|
||||
gcry_mpi_t plain = NULL;
|
||||
unsigned char *unpad = NULL;
|
||||
size_t unpadlen = 0;
|
||||
+ unsigned int nbits = rsa_get_nbits (keyparms);
|
||||
|
||||
- _gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_DECRYPT,
|
||||
- rsa_get_nbits (keyparms));
|
||||
+ rc = rsa_check_keysize (nbits);
|
||||
+ if (rc)
|
||||
+ return rc;
|
||||
+
|
||||
+ _gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_DECRYPT, nbits);
|
||||
|
||||
/* Extract the data. */
|
||||
rc = _gcry_pk_util_preparse_encval (s_data, rsa_names, &l1, &ctx);
|
||||
@@ -1477,7 +1491,7 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_
|
||||
mpi_fdiv_r (data, data, sk.n);
|
||||
|
||||
/* Allocate MPI for the plaintext. */
|
||||
- plain = mpi_snew (ctx.nbits);
|
||||
+ plain = mpi_snew (nbits);
|
||||
|
||||
/* We use blinding by default to mitigate timing attacks which can
|
||||
be practically mounted over the network as shown by Brumley and
|
||||
@@ -1485,7 +1499,7 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_
|
||||
if ((ctx.flags & PUBKEY_FLAG_NO_BLINDING))
|
||||
secret (plain, data, &sk);
|
||||
else
|
||||
- secret_blinded (plain, data, &sk, ctx.nbits);
|
||||
+ secret_blinded (plain, data, &sk, nbits);
|
||||
|
||||
if (DBG_CIPHER)
|
||||
log_printmpi ("rsa_decrypt res", plain);
|
||||
@@ -1494,7 +1508,7 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_
|
||||
switch (ctx.encoding)
|
||||
{
|
||||
case PUBKEY_ENC_PKCS1:
|
||||
- rc = _gcry_rsa_pkcs1_decode_for_enc (&unpad, &unpadlen, ctx.nbits, plain);
|
||||
+ rc = _gcry_rsa_pkcs1_decode_for_enc (&unpad, &unpadlen, nbits, plain);
|
||||
mpi_free (plain);
|
||||
plain = NULL;
|
||||
if (!rc)
|
||||
@@ -1503,7 +1517,7 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_
|
||||
|
||||
case PUBKEY_ENC_OAEP:
|
||||
rc = _gcry_rsa_oaep_decode (&unpad, &unpadlen,
|
||||
- ctx.nbits, ctx.hash_algo,
|
||||
+ nbits, ctx.hash_algo,
|
||||
plain, ctx.label, ctx.labellen);
|
||||
mpi_free (plain);
|
||||
plain = NULL;
|
||||
@@ -1548,9 +1562,13 @@ rsa_sign (gcry_sexp_t *r_sig, gcry_sexp_
|
||||
RSA_public_key pk;
|
||||
gcry_mpi_t sig = NULL;
|
||||
gcry_mpi_t result = NULL;
|
||||
+ unsigned int nbits = rsa_get_nbits (keyparms);
|
||||
+
|
||||
+ rc = rsa_check_keysize (nbits);
|
||||
+ if (rc)
|
||||
+ return rc;
|
||||
|
||||
- _gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_SIGN,
|
||||
- rsa_get_nbits (keyparms));
|
||||
+ _gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_SIGN, nbits);
|
||||
|
||||
/* Extract the data. */
|
||||
rc = _gcry_pk_util_data_to_mpi (s_data, &data, &ctx);
|
||||
@@ -1588,7 +1606,7 @@ rsa_sign (gcry_sexp_t *r_sig, gcry_sexp_
|
||||
if ((ctx.flags & PUBKEY_FLAG_NO_BLINDING))
|
||||
secret (sig, data, &sk);
|
||||
else
|
||||
- secret_blinded (sig, data, &sk, ctx.nbits);
|
||||
+ secret_blinded (sig, data, &sk, nbits);
|
||||
if (DBG_CIPHER)
|
||||
log_printmpi ("rsa_sign res", sig);
|
||||
|
||||
@@ -1650,9 +1668,13 @@ rsa_verify (gcry_sexp_t s_sig, gcry_sexp
|
||||
gcry_mpi_t data = NULL;
|
||||
RSA_public_key pk = { NULL, NULL };
|
||||
gcry_mpi_t result = NULL;
|
||||
+ unsigned int nbits = rsa_get_nbits (keyparms);
|
||||
+
|
||||
+ rc = rsa_check_keysize (nbits);
|
||||
+ if (rc)
|
||||
+ return rc;
|
||||
|
||||
- _gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_VERIFY,
|
||||
- rsa_get_nbits (keyparms));
|
||||
+ _gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_VERIFY, nbits);
|
||||
|
||||
/* Extract the data. */
|
||||
rc = _gcry_pk_util_data_to_mpi (s_data, &data, &ctx);
|
||||
Index: libgcrypt-1.9.4/tests/basic.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.9.4.orig/tests/basic.c
|
||||
+++ libgcrypt-1.9.4/tests/basic.c
|
||||
@@ -14172,6 +14172,62 @@ check_pubkey (void)
|
||||
"\x4a\xa6\xf9\xeb\x23\xbf\xa9\x12\x2d\x5b" }
|
||||
},
|
||||
{
|
||||
+ GCRY_PK_RSA, FLAG_CRYPT | FLAG_SIGN | FLAG_GRIP, /* 2k RSA */
|
||||
+ {
|
||||
+ "(private-key"
|
||||
+ " (rsa"
|
||||
+ " (n #009F56231A3D82E3E7D613D59D53E9AB921BEF9F08A782AED0B6E46ADBC853EC"
|
||||
+ " 7C71C422435A3CD8FA0DB9EFD55CD3295BADC4E8E2E2B94E15AE82866AB8ADE8"
|
||||
+ " 7E469FAE76DC3577DE87F1F419C4EB41123DFAF8D16922D5EDBAD6E9076D5A1C"
|
||||
+ " 958106F0AE5E2E9193C6B49124C64C2A241C4075D4AF16299EB87A6585BAE917"
|
||||
+ " DEF27FCDD165764D069BC18D16527B29DAAB549F7BBED4A7C6A842D203ED6613"
|
||||
+ " 6E2411744E432CD26D940132F25874483DCAEECDFD95744819CBCF1EA810681C"
|
||||
+ " 42907EBCB1C7EAFBE75C87EC32C5413EA10476545D3FC7B2ADB1B66B7F200918"
|
||||
+ " 664B0E5261C2895AA28B0DE321E921B3F877172CCCAB81F43EF98002916156F6"
|
||||
+ " CB#)\n"
|
||||
+ " (e #010001#)\n"
|
||||
+ " (d #07EF82500C403899934FE993AC5A36F14FF2DF38CF1EF315F205EE4C83EDAA19"
|
||||
+ " 8890FC23DE9AA933CAFB37B6A8A8DBA675411958337287310D3FF2F1DDC0CB93"
|
||||
+ " 7E70F57F75F833C021852B631D2B9A520E4431A03C5C3FCB5742DCD841D9FB12"
|
||||
+ " 771AA1620DCEC3F1583426066ED9DC3F7028C5B59202C88FDF20396E2FA0EC4F"
|
||||
+ " 5A22D9008F3043673931BC14A5046D6327398327900867E39CC61B2D1AFE2F48"
|
||||
+ " EC8E1E3861C68D257D7425F4E6F99ABD77D61F10CA100EFC14389071831B33DD"
|
||||
+ " 69CC8EABEF860D1DC2AAA84ABEAE5DFC91BC124DAF0F4C8EF5BBEA436751DE84"
|
||||
+ " 3A8063E827A024466F44C28614F93B0732A100D4A0D86D532FE1E22C7725E401"
|
||||
+ " #)\n"
|
||||
+ " (p #00C29D438F115825779631CD665A5739367F3E128ADC29766483A46CA80897E0"
|
||||
+ " 79B32881860B8F9A6A04C2614A904F6F2578DAE13EA67CD60AE3D0AA00A1FF9B"
|
||||
+ " 441485E44B2DC3D0B60260FBFE073B5AC72FAF67964DE15C8212C389D20DB9CF"
|
||||
+ " 54AF6AEF5C4196EAA56495DD30CF709F499D5AB30CA35E086C2A1589D6283F17"
|
||||
+ " 83#)\n"
|
||||
+ " (q #00D1984135231CB243FE959C0CBEF551EDD986AD7BEDF71EDF447BE3DA27AF46"
|
||||
+ " 79C974A6FA69E4D52FE796650623DE70622862713932AA2FD9F2EC856EAEAA77"
|
||||
+ " 88B4EA6084DC81C902F014829B18EA8B2666EC41586818E0589E18876065F97E"
|
||||
+ " 8D22CE2DA53A05951EC132DCEF41E70A9C35F4ACC268FFAC2ADF54FA1DA110B9"
|
||||
+ " 19#)\n"
|
||||
+ " (u #67CF0FD7635205DD80FA814EE9E9C267C17376BF3209FB5D1BC42890D2822A04"
|
||||
+ " 479DAF4D5B6ED69D0F8D1AF94164D07F8CD52ECEFE880641FA0F41DDAB1785E4"
|
||||
+ " A37A32F997A516480B4CD4F6482B9466A1765093ED95023CA32D5EDC1E34CEE9"
|
||||
+ " AF595BC51FE43C4BF810FA225AF697FB473B83815966188A4312C048B885E3F7"
|
||||
+ " #)))\n",
|
||||
+
|
||||
+ "(public-key\n"
|
||||
+ " (rsa\n"
|
||||
+ " (n #009F56231A3D82E3E7D613D59D53E9AB921BEF9F08A782AED0B6E46ADBC853EC"
|
||||
+ " 7C71C422435A3CD8FA0DB9EFD55CD3295BADC4E8E2E2B94E15AE82866AB8ADE8"
|
||||
+ " 7E469FAE76DC3577DE87F1F419C4EB41123DFAF8D16922D5EDBAD6E9076D5A1C"
|
||||
+ " 958106F0AE5E2E9193C6B49124C64C2A241C4075D4AF16299EB87A6585BAE917"
|
||||
+ " DEF27FCDD165764D069BC18D16527B29DAAB549F7BBED4A7C6A842D203ED6613"
|
||||
+ " 6E2411744E432CD26D940132F25874483DCAEECDFD95744819CBCF1EA810681C"
|
||||
+ " 42907EBCB1C7EAFBE75C87EC32C5413EA10476545D3FC7B2ADB1B66B7F200918"
|
||||
+ " 664B0E5261C2895AA28B0DE321E921B3F877172CCCAB81F43EF98002916156F6"
|
||||
+ " CB#)\n"
|
||||
+ " (e #010001#)))\n",
|
||||
+
|
||||
+ "\xe0\x08\x98\x9b\xb6\x44\xa2\x9a\x83\x37"
|
||||
+ "\x47\xdd\x69\x55\xdb\x3a\xac\x89\x6e\x40"}
|
||||
+ },
|
||||
+ {
|
||||
GCRY_PK_ELG, FLAG_SIGN | FLAG_CRYPT | FLAG_GRIP,
|
||||
{
|
||||
"(private-key\n"
|
52
libgcrypt-FIPS-disable-3DES.patch
Normal file
52
libgcrypt-FIPS-disable-3DES.patch
Normal file
@ -0,0 +1,52 @@
|
||||
Index: libgcrypt-1.9.4/cipher/des.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.9.4.orig/cipher/des.c
|
||||
+++ libgcrypt-1.9.4/cipher/des.c
|
||||
@@ -1498,7 +1498,7 @@ static gcry_cipher_oid_spec_t oids_tripl
|
||||
|
||||
gcry_cipher_spec_t _gcry_cipher_spec_tripledes =
|
||||
{
|
||||
- GCRY_CIPHER_3DES, {0, 1},
|
||||
+ GCRY_CIPHER_3DES, {0, 0},
|
||||
"3DES", NULL, oids_tripledes, 8, 192, sizeof (struct _tripledes_ctx),
|
||||
do_tripledes_setkey, do_tripledes_encrypt, do_tripledes_decrypt,
|
||||
NULL, NULL,
|
||||
Index: libgcrypt-1.9.4/cipher/mac-cmac.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.9.4.orig/cipher/mac-cmac.c
|
||||
+++ libgcrypt-1.9.4/cipher/mac-cmac.c
|
||||
@@ -458,7 +458,7 @@ gcry_mac_spec_t _gcry_mac_type_spec_cmac
|
||||
#endif
|
||||
#if USE_DES
|
||||
gcry_mac_spec_t _gcry_mac_type_spec_cmac_tripledes = {
|
||||
- GCRY_MAC_CMAC_3DES, {0, 1}, "CMAC_3DES",
|
||||
+ GCRY_MAC_CMAC_3DES, {0, 0}, "CMAC_3DES",
|
||||
&cmac_ops
|
||||
};
|
||||
#endif
|
||||
Index: libgcrypt-1.9.4/src/fips.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.9.4.orig/src/fips.c
|
||||
+++ libgcrypt-1.9.4/src/fips.c
|
||||
@@ -493,6 +493,10 @@ run_cipher_selftests (int extended)
|
||||
|
||||
for (idx=0; algos[idx]; idx++)
|
||||
{
|
||||
+ /* Skip non-approved cipher in FIPS mode */
|
||||
+ if (fips_mode() && algos[idx] == GCRY_CIPHER_3DES)
|
||||
+ continue;
|
||||
+
|
||||
err = _gcry_cipher_selftest (algos[idx], extended, reporter);
|
||||
reporter ("cipher", algos[idx], NULL,
|
||||
err? gpg_strerror (err):NULL);
|
||||
@@ -558,6 +562,10 @@ run_mac_selftests (int extended)
|
||||
|
||||
for (idx=0; algos[idx]; idx++)
|
||||
{
|
||||
+ /* Skip non-approved MAC algorithm in FIPS mode */
|
||||
+ if (fips_mode() && algos[idx] == GCRY_MAC_CMAC_3DES)
|
||||
+ continue;
|
||||
+
|
||||
err = _gcry_mac_selftest (algos[idx], extended, reporter);
|
||||
reporter ("mac", algos[idx], NULL,
|
||||
err? gpg_strerror (err):NULL);
|
44
libgcrypt-FIPS-disable-DSA.patch
Normal file
44
libgcrypt-FIPS-disable-DSA.patch
Normal file
@ -0,0 +1,44 @@
|
||||
From ea362090fc11caa28643153fc6444442243c8765 Mon Sep 17 00:00:00 2001
|
||||
From: Jakub Jelen <jjelen@redhat.com>
|
||||
Date: Wed, 8 Dec 2021 09:52:02 +0900
|
||||
Subject: [PATCH 0937/1000] fips: Disable DSA in FIPS mode.
|
||||
|
||||
* cipher/dsa.c (run_selftests): Disable DSA spec in FIPS mode.
|
||||
* src/fips.c (run_pubkey_selftests): Skip DSA power-on selftests.
|
||||
--
|
||||
|
||||
GnuPG-bug-id: 5710
|
||||
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||
---
|
||||
cipher/dsa.c | 2 +-
|
||||
src/fips.c | 1 -
|
||||
2 files changed, 1 insertion(+), 2 deletions(-)
|
||||
|
||||
diff --git a/cipher/dsa.c b/cipher/dsa.c
|
||||
index d5b00912..e559f9f5 100644
|
||||
--- a/cipher/dsa.c
|
||||
+++ b/cipher/dsa.c
|
||||
@@ -1441,7 +1441,7 @@ run_selftests (int algo, int extended, selftest_report_func_t report)
|
||||
|
||||
gcry_pk_spec_t _gcry_pubkey_spec_dsa =
|
||||
{
|
||||
- GCRY_PK_DSA, { 0, 1 },
|
||||
+ GCRY_PK_DSA, { 0, 0 },
|
||||
GCRY_PK_USAGE_SIGN,
|
||||
"DSA", dsa_names,
|
||||
"pqgy", "pqgyx", "", "rs", "pqgy",
|
||||
diff --git a/src/fips.c b/src/fips.c
|
||||
index 0ab7fecc..bcadc5f2 100644
|
||||
--- a/src/fips.c
|
||||
+++ b/src/fips.c
|
||||
@@ -522,7 +522,6 @@ run_pubkey_selftests (int extended)
|
||||
static int algos[] =
|
||||
{
|
||||
GCRY_PK_RSA,
|
||||
- GCRY_PK_DSA,
|
||||
GCRY_PK_ECC,
|
||||
0
|
||||
};
|
||||
--
|
||||
2.34.1
|
||||
|
448
libgcrypt-FIPS-fix-regression-tests.patch
Normal file
448
libgcrypt-FIPS-fix-regression-tests.patch
Normal file
@ -0,0 +1,448 @@
|
||||
Index: libgcrypt-1.9.4/cipher/pubkey.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.9.4.orig/cipher/pubkey.c
|
||||
+++ libgcrypt-1.9.4/cipher/pubkey.c
|
||||
@@ -224,7 +224,7 @@ check_pubkey_algo (int algo, unsigned us
|
||||
gcry_pk_spec_t *spec;
|
||||
|
||||
spec = spec_from_algo (algo);
|
||||
- if (spec)
|
||||
+ if (spec && !spec->flags.disabled)
|
||||
{
|
||||
if (((use & GCRY_PK_USAGE_SIGN)
|
||||
&& (! (spec->use & GCRY_PK_USAGE_SIGN)))
|
||||
From 44c7c41af21c668826280abfee1257853020ba2d Mon Sep 17 00:00:00 2001
|
||||
From: NIIBE Yutaka <gniibe@fsij.org>
|
||||
Date: Mon, 16 Aug 2021 12:41:11 +0900
|
||||
Subject: [PATCH 161/200] tests: Skip tests when FIPS for keygrip computations.
|
||||
|
||||
* tests/keygrip.c (check): Skip non-FIPS curves when FIPS.
|
||||
(main): Check if FIPS is enabled.
|
||||
|
||||
--
|
||||
|
||||
GnuPG-bug-id: 5520
|
||||
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
||||
---
|
||||
tests/keygrip.c | 37 ++++++++++++++++++++++++++++---------
|
||||
1 file changed, 28 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/tests/keygrip.c b/tests/keygrip.c
|
||||
index cfccc06e..49bd71bc 100644
|
||||
--- a/tests/keygrip.c
|
||||
+++ b/tests/keygrip.c
|
||||
@@ -33,6 +33,9 @@
|
||||
|
||||
static int repetitions;
|
||||
|
||||
+/* Whether fips mode was active at startup. */
|
||||
+static int in_fips_mode;
|
||||
+
|
||||
|
||||
|
||||
static void
|
||||
@@ -54,6 +57,7 @@ static struct
|
||||
int algo;
|
||||
const char *key;
|
||||
const unsigned char grip[20];
|
||||
+ int skip_when_fips;
|
||||
} key_grips[] =
|
||||
{
|
||||
{
|
||||
@@ -155,7 +159,8 @@ static struct
|
||||
/* */"436DD11A1756AFE56CD93408410FCDA9"
|
||||
/* */"BA95024EB613BD481A14FCFEC27A448A#)))",
|
||||
"\x52\xBA\xD4\xB4\xA3\x2D\x32\xA1\xDD\x06"
|
||||
- "\x5E\x99\x0B\xF1\xAB\xC1\x13\x3D\x84\xD4"
|
||||
+ "\x5E\x99\x0B\xF1\xAB\xC1\x13\x3D\x84\xD4",
|
||||
+ 1
|
||||
},
|
||||
{ /* Compressed form of above. */
|
||||
GCRY_PK_ECC,
|
||||
@@ -165,7 +170,8 @@ static struct
|
||||
" (q #022ECD8679930BE2DB4AD42B8600BA3F80"
|
||||
/* */"2D4D539BFF2F69B83EC9B7BBAA7F3406#)))",
|
||||
"\x52\xBA\xD4\xB4\xA3\x2D\x32\xA1\xDD\x06"
|
||||
- "\x5E\x99\x0B\xF1\xAB\xC1\x13\x3D\x84\xD4"
|
||||
+ "\x5E\x99\x0B\xF1\xAB\xC1\x13\x3D\x84\xD4",
|
||||
+ 1
|
||||
},
|
||||
{
|
||||
GCRY_PK_ECC,
|
||||
@@ -177,7 +183,8 @@ static struct
|
||||
/* */"9EBBA41915313417BA54218EB0569C59"
|
||||
/* */"0B156C76DBCAB6E84575E6EF68CE7B87#)))",
|
||||
"\x99\x38\x6A\x82\x41\x96\x29\x9C\x89\x74"
|
||||
- "\xD6\xE1\xBF\x43\xAC\x9B\x9A\x12\xE7\x3F"
|
||||
+ "\xD6\xE1\xBF\x43\xAC\x9B\x9A\x12\xE7\x3F",
|
||||
+ 1
|
||||
},
|
||||
{ /* Compressed form of above. */
|
||||
GCRY_PK_ECC,
|
||||
@@ -187,7 +194,8 @@ static struct
|
||||
" (q #035B784CA008EE64AB3D85017EE0D2BE87"
|
||||
/* */"558762C7300E0C8E06B1F9AF7C031458#)))",
|
||||
"\x99\x38\x6A\x82\x41\x96\x29\x9C\x89\x74"
|
||||
- "\xD6\xE1\xBF\x43\xAC\x9B\x9A\x12\xE7\x3F"
|
||||
+ "\xD6\xE1\xBF\x43\xAC\x9B\x9A\x12\xE7\x3F",
|
||||
+ 1
|
||||
},
|
||||
{ /* Ed25519 standard */
|
||||
GCRY_PK_ECC,
|
||||
@@ -199,7 +207,8 @@ static struct
|
||||
" 47BD24842905C049257673B3F5249524E0A41FAA17B25B818D0F97E625F1A1D0#)"
|
||||
" ))",
|
||||
"\x0C\xCA\xB2\xFD\x48\x9A\x33\x40\x2C\xE8"
|
||||
- "\xE0\x4A\x1F\xB2\x45\xEA\x80\x3D\x0A\xF1"
|
||||
+ "\xE0\x4A\x1F\xB2\x45\xEA\x80\x3D\x0A\xF1",
|
||||
+ 1
|
||||
},
|
||||
{ /* Ed25519+EdDSA */
|
||||
GCRY_PK_ECC,
|
||||
@@ -209,7 +218,8 @@ static struct
|
||||
" (q #773E72848C1FD5F9652B29E2E7AF79571A04990E96F2016BF4E0EC1890C2B7DB#)"
|
||||
" ))",
|
||||
"\x9D\xB6\xC6\x4A\x38\x83\x0F\x49\x60\x70"
|
||||
- "\x17\x89\x47\x55\x20\xBE\x8C\x82\x1F\x47"
|
||||
+ "\x17\x89\x47\x55\x20\xBE\x8C\x82\x1F\x47",
|
||||
+ 1
|
||||
},
|
||||
{ /* Ed25519+EdDSA (with compression prefix) */
|
||||
GCRY_PK_ECC,
|
||||
@@ -220,7 +230,8 @@ static struct
|
||||
" 773E72848C1FD5F9652B29E2E7AF79571A04990E96F2016BF4E0EC1890C2B7DB#)"
|
||||
" ))",
|
||||
"\x9D\xB6\xC6\x4A\x38\x83\x0F\x49\x60\x70"
|
||||
- "\x17\x89\x47\x55\x20\xBE\x8C\x82\x1F\x47"
|
||||
+ "\x17\x89\x47\x55\x20\xBE\x8C\x82\x1F\x47",
|
||||
+ 1
|
||||
},
|
||||
{ /* Ed25519+EdDSA (same but uncompressed)*/
|
||||
GCRY_PK_ECC,
|
||||
@@ -232,7 +243,8 @@ static struct
|
||||
" 5bb7c29018ece0f46b01f2960e99041a5779afe7e2292b65f9d51f8c84723e77#)"
|
||||
" ))",
|
||||
"\x9D\xB6\xC6\x4A\x38\x83\x0F\x49\x60\x70"
|
||||
- "\x17\x89\x47\x55\x20\xBE\x8C\x82\x1F\x47"
|
||||
+ "\x17\x89\x47\x55\x20\xBE\x8C\x82\x1F\x47",
|
||||
+ 1
|
||||
},
|
||||
{ /* Cv25519 */
|
||||
GCRY_PK_ECC,
|
||||
@@ -243,7 +255,8 @@ static struct
|
||||
" 918C1733127F6BF2646FAE3D081A18AE77111C903B906310B077505EFFF12740#)"
|
||||
" ))",
|
||||
"\x0F\x89\xA5\x65\xD3\xEA\x18\x7C\xE8\x39"
|
||||
- "\x33\x23\x98\xF5\xD4\x80\x67\x7D\xF4\x9C"
|
||||
+ "\x33\x23\x98\xF5\xD4\x80\x67\x7D\xF4\x9C",
|
||||
+ 1
|
||||
},
|
||||
{ /* Random key */
|
||||
GCRY_PK_RSA,
|
||||
@@ -280,6 +293,9 @@ check (void)
|
||||
|
||||
for (i = 0; i < (sizeof (key_grips) / sizeof (*key_grips)); i++)
|
||||
{
|
||||
+ if (in_fips_mode && key_grips[i].skip_when_fips)
|
||||
+ continue;
|
||||
+
|
||||
if (gcry_pk_test_algo (key_grips[i].algo))
|
||||
{
|
||||
if (verbose)
|
||||
@@ -379,6 +395,9 @@ main (int argc, char **argv)
|
||||
if (debug)
|
||||
xgcry_control ((GCRYCTL_SET_DEBUG_FLAGS, 1u, 0));
|
||||
|
||||
+ if (gcry_fips_mode_active ())
|
||||
+ in_fips_mode = 1;
|
||||
+
|
||||
check ();
|
||||
|
||||
return 0;
|
||||
--
|
||||
2.33.0
|
||||
|
||||
From 3026148331523ec7ca81031339b5629431cafa23 Mon Sep 17 00:00:00 2001
|
||||
From: Jakub Jelen <jjelen@redhat.com>
|
||||
Date: Tue, 13 Jul 2021 09:20:18 +0200
|
||||
Subject: tests: Expect curves 25519/448 to fail in FIPS mode
|
||||
|
||||
* tests/t-cv25519.c (test_cv_hl): Expect the operation to fail in FIPS
|
||||
mode.
|
||||
(test_cv_x25519, test_it): Ditto.
|
||||
(main) Detect FIPS mode.
|
||||
* tests/t-ed25519.c (one_test): Expect the operation to fail in FIPS
|
||||
mode.
|
||||
(main) Detect FIPS mode.
|
||||
* tests/t-ed448.c (one_test): Expect the operation to fail in FIPS
|
||||
mode.
|
||||
(main) Detect FIPS mode.
|
||||
* tests/t-x448.c (test_cv_hl): Expect the operation to fail in FIPS
|
||||
mode.
|
||||
(test_cv_x448, test_cv): Ditto.
|
||||
(main) Detect FIPS mode.
|
||||
--
|
||||
The ed25519, ed448, cv25519 and cv448 curves are not available in FIPS
|
||||
mode. Some of the tests already skipped these, but it is always better
|
||||
to make sure thy are failing, rather than just skipping these.
|
||||
|
||||
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||
---
|
||||
tests/t-cv25519.c | 37 +++++++++++++++++++++++++++++++++++--
|
||||
tests/t-ed25519.c | 18 ++++++++++++++----
|
||||
tests/t-ed448.c | 18 ++++++++++++++----
|
||||
tests/t-x448.c | 41 +++++++++++++++++++++++++++++++++++++----
|
||||
4 files changed, 100 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/tests/t-cv25519.c b/tests/t-cv25519.c
|
||||
index 0de50a02..b4126f4c 100644
|
||||
--- a/tests/t-cv25519.c
|
||||
+++ b/tests/t-cv25519.c
|
||||
@@ -33,6 +33,7 @@
|
||||
#include "t-common.h"
|
||||
#define N_TESTS 18
|
||||
|
||||
+static int in_fips_mode = 0;
|
||||
|
||||
static void
|
||||
print_mpi (const char *text, gcry_mpi_t a)
|
||||
@@ -188,7 +189,17 @@ test_cv_hl (int testno, const char *k_str, const char *u_str,
|
||||
xfree (buffer);
|
||||
buffer = NULL;
|
||||
|
||||
- if ((err = gcry_pk_encrypt (&s_result, s_data, s_pk)))
|
||||
+ err = gcry_pk_encrypt (&s_result, s_data, s_pk);
|
||||
+ if (in_fips_mode)
|
||||
+ {
|
||||
+ if (!err)
|
||||
+ fail ("gcry_pk_encrypt is not expected to work in FIPS mode for test %d",
|
||||
+ testno);
|
||||
+ if (verbose > 1)
|
||||
+ info ("not executed in FIPS mode\n");
|
||||
+ goto leave;
|
||||
+ }
|
||||
+ if (err)
|
||||
fail ("gcry_pk_encrypt failed for test %d: %s", testno,
|
||||
gpg_strerror (err));
|
||||
|
||||
@@ -281,7 +292,17 @@ test_cv_x25519 (int testno, const char *k_str, const char *u_str,
|
||||
goto leave;
|
||||
}
|
||||
|
||||
- if ((err = gcry_ecc_mul_point (algo, result, scalar, point)))
|
||||
+ err = gcry_ecc_mul_point (algo, result, scalar, point);
|
||||
+ if (in_fips_mode)
|
||||
+ {
|
||||
+ if (!err)
|
||||
+ fail ("gcry_ecc_mul_point is not expected to work in FIPS mode for test %d",
|
||||
+ testno);
|
||||
+ if (verbose > 1)
|
||||
+ info ("not executed in FIPS mode\n");
|
||||
+ goto leave;
|
||||
+ }
|
||||
+ if (err)
|
||||
fail ("gcry_ecc_mul_point failed for test %d: %s", testno,
|
||||
gpg_strerror (err));
|
||||
|
||||
@@ -335,6 +356,15 @@ test_it (int testno, const char *k_str, int iter, const char *result_str)
|
||||
info ("Running test %d: iteration=%d\n", testno, iter);
|
||||
|
||||
gcry_mpi_ec_new (&ctx, NULL, "Curve25519");
|
||||
+ if (in_fips_mode)
|
||||
+ {
|
||||
+ if (ctx)
|
||||
+ fail ("gcry_mpi_ec_new should fail in FIPS mode for test %d",
|
||||
+ testno);
|
||||
+ if (verbose > 1)
|
||||
+ info ("not executed in FIPS mode\n");
|
||||
+ return;
|
||||
+ }
|
||||
Q = gcry_mpi_point_new (0);
|
||||
|
||||
if (!(buffer = hex2buffer (k_str, &buflen)) || buflen != 32)
|
||||
@@ -640,6 +670,9 @@ main (int argc, char **argv)
|
||||
xgcry_control ((GCRYCTL_ENABLE_QUICK_RANDOM, 0));
|
||||
xgcry_control ((GCRYCTL_INITIALIZATION_FINISHED, 0));
|
||||
|
||||
+ if (gcry_fips_mode_active ())
|
||||
+ in_fips_mode = 1;
|
||||
+
|
||||
start_timer ();
|
||||
check_cv25519 ();
|
||||
stop_timer ();
|
||||
diff --git a/tests/t-ed25519.c b/tests/t-ed25519.c
|
||||
index a5271c25..567bc797 100644
|
||||
--- a/tests/t-ed25519.c
|
||||
+++ b/tests/t-ed25519.c
|
||||
@@ -36,6 +36,7 @@
|
||||
static int sign_with_pk;
|
||||
static int no_verify;
|
||||
static int custom_data_file;
|
||||
+static int in_fips_mode = 0;
|
||||
|
||||
|
||||
static void
|
||||
@@ -271,7 +272,17 @@ one_test (int testno, const char *sk, const char *pk,
|
||||
goto leave;
|
||||
}
|
||||
|
||||
- if ((err = gcry_pk_sign (&s_sig, s_msg, s_sk)))
|
||||
+ err = gcry_pk_sign (&s_sig, s_msg, s_sk);
|
||||
+ if (in_fips_mode)
|
||||
+ {
|
||||
+ if (!err)
|
||||
+ fail ("gcry_pk_sign is not expected to work in FIPS mode for test %d",
|
||||
+ testno);
|
||||
+ if (verbose > 1)
|
||||
+ info ("not executed in FIPS mode\n");
|
||||
+ goto leave;
|
||||
+ }
|
||||
+ if (err)
|
||||
fail ("gcry_pk_sign failed for test %d: %s", testno, gpg_strerror (err));
|
||||
if (debug)
|
||||
show_sexp ("sig=", s_sig);
|
||||
@@ -481,9 +492,8 @@ main (int argc, char **argv)
|
||||
xgcry_control ((GCRYCTL_ENABLE_QUICK_RANDOM, 0));
|
||||
xgcry_control ((GCRYCTL_INITIALIZATION_FINISHED, 0));
|
||||
|
||||
- /* Ed25519 isn't supported in fips mode */
|
||||
- if (gcry_fips_mode_active())
|
||||
- return 77;
|
||||
+ if (gcry_fips_mode_active ())
|
||||
+ in_fips_mode = 1;
|
||||
|
||||
start_timer ();
|
||||
check_ed25519 (fname);
|
||||
diff --git a/tests/t-ed448.c b/tests/t-ed448.c
|
||||
index 1f445ffc..f38cd10c 100644
|
||||
--- a/tests/t-ed448.c
|
||||
+++ b/tests/t-ed448.c
|
||||
@@ -36,6 +36,7 @@
|
||||
static int sign_with_pk;
|
||||
static int no_verify;
|
||||
static int custom_data_file;
|
||||
+static int in_fips_mode = 0;
|
||||
|
||||
|
||||
static void
|
||||
@@ -302,7 +303,17 @@ one_test (int testno, int ph, const char *sk, const char *pk,
|
||||
}
|
||||
}
|
||||
|
||||
- if ((err = gcry_pk_sign (&s_sig, s_msg, s_sk)))
|
||||
+ err = gcry_pk_sign (&s_sig, s_msg, s_sk);
|
||||
+ if (in_fips_mode)
|
||||
+ {
|
||||
+ if (!err)
|
||||
+ fail ("gcry_pk_sign is not expected to work in FIPS mode for test %d",
|
||||
+ testno);
|
||||
+ if (verbose > 1)
|
||||
+ info ("not executed in FIPS mode\n");
|
||||
+ goto leave;
|
||||
+ }
|
||||
+ if (err)
|
||||
fail ("gcry_pk_sign failed for test %d: %s", testno, gpg_strerror (err));
|
||||
if (debug)
|
||||
show_sexp ("sig=", s_sig);
|
||||
@@ -521,9 +532,8 @@ main (int argc, char **argv)
|
||||
xgcry_control ((GCRYCTL_ENABLE_QUICK_RANDOM, 0));
|
||||
xgcry_control ((GCRYCTL_INITIALIZATION_FINISHED, 0));
|
||||
|
||||
- /* Ed448 isn't supported in fips mode */
|
||||
- if (gcry_fips_mode_active())
|
||||
- return 77;
|
||||
+ if (gcry_fips_mode_active ())
|
||||
+ in_fips_mode = 1;
|
||||
|
||||
start_timer ();
|
||||
check_ed448 (fname);
|
||||
diff --git a/tests/t-x448.c b/tests/t-x448.c
|
||||
index 5c3cbeb9..cc4b10fc 100644
|
||||
--- a/tests/t-x448.c
|
||||
+++ b/tests/t-x448.c
|
||||
@@ -34,6 +34,7 @@
|
||||
#include "t-common.h"
|
||||
#define N_TESTS 9
|
||||
|
||||
+static int in_fips_mode = 0;
|
||||
|
||||
static void
|
||||
print_mpi (const char *text, gcry_mpi_t a)
|
||||
@@ -179,8 +180,18 @@ test_cv_hl (int testno, const char *k_str, const char *u_str,
|
||||
xfree (buffer);
|
||||
buffer = NULL;
|
||||
|
||||
- if ((err = gcry_pk_encrypt (&s_result, s_data, s_pk)))
|
||||
- fail ("gcry_pk_encrypt failed for test %d: %s", testno,
|
||||
+ err = gcry_pk_encrypt (&s_result, s_data, s_pk);
|
||||
+ if (in_fips_mode)
|
||||
+ {
|
||||
+ if (!err)
|
||||
+ fail ("gcry_pk_encrypt is not expected to work in FIPS mode for test %d",
|
||||
+ testno);
|
||||
+ if (verbose > 1)
|
||||
+ info ("not executed in FIPS mode\n");
|
||||
+ goto leave;
|
||||
+ }
|
||||
+ if (err)
|
||||
+ fail ("gcry_pk_encrypt goto leavefailed for test %d: %s", testno,
|
||||
gpg_strerror (err));
|
||||
|
||||
s_tmp = gcry_sexp_find_token (s_result, "s", 0);
|
||||
@@ -257,7 +268,17 @@ test_cv_x448 (int testno, const char *k_str, const char *u_str,
|
||||
goto leave;
|
||||
}
|
||||
|
||||
- if ((err = gcry_ecc_mul_point (GCRY_ECC_CURVE448, result, scalar, point)))
|
||||
+ err = gcry_ecc_mul_point (GCRY_ECC_CURVE448, result, scalar, point);
|
||||
+ if (in_fips_mode)
|
||||
+ {
|
||||
+ if (err != GPG_ERR_NOT_SUPPORTED)
|
||||
+ fail ("gcry_ecc_mul_point is not expected to work in FIPS mode for test %d: %s",
|
||||
+ testno, gpg_strerror (err));
|
||||
+ if (verbose > 1)
|
||||
+ info ("not executed in FIPS mode\n");
|
||||
+ goto leave;
|
||||
+ }
|
||||
+ if (err)
|
||||
fail ("gcry_ecc_mul_point failed for test %d: %s", testno,
|
||||
gpg_strerror (err));
|
||||
|
||||
@@ -296,7 +317,7 @@ test_cv (int testno, const char *k_str, const char *u_str,
|
||||
static void
|
||||
test_it (int testno, const char *k_str, int iter, const char *result_str)
|
||||
{
|
||||
- gcry_ctx_t ctx;
|
||||
+ gcry_ctx_t ctx = NULL;
|
||||
gpg_error_t err;
|
||||
void *buffer = NULL;
|
||||
size_t buflen;
|
||||
@@ -311,6 +332,15 @@ test_it (int testno, const char *k_str, int iter, const char *result_str)
|
||||
info ("Running test %d: iteration=%d\n", testno, iter);
|
||||
|
||||
gcry_mpi_ec_new (&ctx, NULL, "X448");
|
||||
+ if (in_fips_mode)
|
||||
+ {
|
||||
+ if (ctx)
|
||||
+ fail ("gcry_mpi_ec_new should fail in FIPS mode for test %d",
|
||||
+ testno);
|
||||
+ if (verbose > 1)
|
||||
+ info ("not executed in FIPS mode\n");
|
||||
+ return;
|
||||
+ }
|
||||
Q = gcry_mpi_point_new (0);
|
||||
|
||||
if (!(buffer = hex2buffer (k_str, &buflen)) || buflen != 56)
|
||||
@@ -583,6 +613,9 @@ main (int argc, char **argv)
|
||||
xgcry_control ((GCRYCTL_ENABLE_QUICK_RANDOM, 0));
|
||||
xgcry_control ((GCRYCTL_INITIALIZATION_FINISHED, 0));
|
||||
|
||||
+ if (gcry_fips_mode_active ())
|
||||
+ in_fips_mode = 1;
|
||||
+
|
||||
start_timer ();
|
||||
check_x448 ();
|
||||
stop_timer ();
|
||||
--
|
||||
2.33.0
|
||||
|
31
libgcrypt-FIPS-hw-optimizations.patch
Normal file
31
libgcrypt-FIPS-hw-optimizations.patch
Normal file
@ -0,0 +1,31 @@
|
||||
From 70e6cec07d86332f1aaf7a69bec75c7138306f6a Mon Sep 17 00:00:00 2001
|
||||
From: NIIBE Yutaka <gniibe@fsij.org>
|
||||
Date: Thu, 29 Jul 2021 14:20:14 +0900
|
||||
Subject: [PATCH] hwfeatures: Enable hardware support also in FIPS mode.
|
||||
|
||||
* src/hwfeatures.c (_gcry_detect_hw_features): Remove skipping in FIPS
|
||||
mode.
|
||||
|
||||
--
|
||||
|
||||
Reported-by: Jakub Jelen <jjelen@redhat.com>
|
||||
GnuPG-bug-id: 5508
|
||||
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
||||
---
|
||||
src/hwfeatures.c | 3 ---
|
||||
1 file changed, 3 deletions(-)
|
||||
|
||||
Index: libgcrypt-1.9.4/src/hwfeatures.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.9.4.orig/src/hwfeatures.c
|
||||
+++ libgcrypt-1.9.4/src/hwfeatures.c
|
||||
@@ -213,9 +213,6 @@ _gcry_detect_hw_features (void)
|
||||
{
|
||||
hw_features = 0;
|
||||
|
||||
- if (fips_mode ())
|
||||
- return; /* Hardware support is not to be evaluated. */
|
||||
-
|
||||
parse_hwf_deny_file ();
|
||||
|
||||
#if defined (HAVE_CPU_ARCH_X86)
|
89
libgcrypt-FIPS-module-version.patch
Normal file
89
libgcrypt-FIPS-module-version.patch
Normal file
@ -0,0 +1,89 @@
|
||||
From c74fde0c3f6114c594332fb28a09c7b817969231 Mon Sep 17 00:00:00 2001
|
||||
From: Jakub Jelen <jjelen@redhat.com>
|
||||
Date: Fri, 17 Sep 2021 17:11:30 +0200
|
||||
Subject: [PATCH 187/200] Allow passing FIPS module version
|
||||
|
||||
* README: Document new --with-fips-module-version=version switch
|
||||
* configure.ac: Implementation of the --with-fips-module-version
|
||||
* src/global.c (print_config): Print FIPS module version from above
|
||||
--
|
||||
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||
|
||||
Moved the module version to a 3rd field to keep the semantics of that
|
||||
line.
|
||||
|
||||
Signed-off-by: Werner Koch <wk@gnupg.org>
|
||||
GnuPG-bug-id: 1600
|
||||
---
|
||||
README | 4 ++++
|
||||
configure.ac | 7 +++++++
|
||||
src/global.c | 16 +++++++++++++---
|
||||
3 files changed, 24 insertions(+), 3 deletions(-)
|
||||
|
||||
Index: libgcrypt-1.9.4/README
|
||||
===================================================================
|
||||
--- libgcrypt-1.9.4.orig/README
|
||||
+++ libgcrypt-1.9.4/README
|
||||
@@ -165,6 +165,10 @@
|
||||
against a HMAC checksum. This works only in FIPS
|
||||
mode and on systems providing the dladdr function.
|
||||
|
||||
+ --with-fips-module-version=version
|
||||
+ Specify a string used as a module version for FIPS
|
||||
+ certification purposes.
|
||||
+
|
||||
--disable-padlock-support
|
||||
Disable support for the PadLock engine of VIA
|
||||
processors. The default is to use PadLock if
|
||||
Index: libgcrypt-1.9.4/configure.ac
|
||||
===================================================================
|
||||
--- libgcrypt-1.9.4.orig/configure.ac
|
||||
+++ libgcrypt-1.9.4/configure.ac
|
||||
@@ -599,6 +599,12 @@ if test "$use_hmac_binary_check" = yes ;
|
||||
[Define to support an HMAC based integrity check])
|
||||
fi
|
||||
|
||||
+# Implementation of the --with-fips-module-version.
|
||||
+AC_ARG_WITH(fips-module-version,
|
||||
+ [ --with-fips-module-version=VERSION],
|
||||
+ fips_module_version="$withval", fips_module_version="" )
|
||||
+AC_DEFINE_UNQUOTED(FIPS_MODULE_VERSION, "$fips_module_version",
|
||||
+ [Define FIPS module version for certification])
|
||||
|
||||
# Implementation of the --disable-jent-support switch.
|
||||
AC_MSG_CHECKING([whether jitter entropy support is requested])
|
||||
@@ -3266,6 +3272,7 @@ GCRY_MSG_WRAP([Enabled pubkey algorithms
|
||||
GCRY_MSG_SHOW([Random number generator: ],[$random])
|
||||
GCRY_MSG_SHOW([Try using jitter entropy: ],[$jentsupport])
|
||||
GCRY_MSG_SHOW([Using linux capabilities: ],[$use_capabilities])
|
||||
+GCRY_MSG_SHOW([FIPS module version: ],[$fips_module_version])
|
||||
GCRY_MSG_SHOW([Try using Padlock crypto: ],[$padlocksupport])
|
||||
GCRY_MSG_SHOW([Try using AES-NI crypto: ],[$aesnisupport])
|
||||
GCRY_MSG_SHOW([Try using Intel SHAEXT: ],[$shaextsupport])
|
||||
Index: libgcrypt-1.9.4/src/global.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.9.4.orig/src/global.c
|
||||
+++ libgcrypt-1.9.4/src/global.c
|
||||
@@ -379,10 +379,19 @@ print_config (const char *what, gpgrt_st
|
||||
{
|
||||
/* We use y/n instead of 1/0 for the stupid reason that
|
||||
* Emacsen's compile error parser would accidentally flag that
|
||||
- * line when printed during "make check" as an error. */
|
||||
- gpgrt_fprintf (fp, "fips-mode:%c:%c:\n",
|
||||
+ * line when printed during "make check" as an error. The
|
||||
+ * second field is obsolete and thus empty (used to be used for
|
||||
+ * a so-called enforced-fips-mode). The third field has an
|
||||
+ * option static string describing the module versions; this is
|
||||
+ * an optional configure option. */
|
||||
+ gpgrt_fprintf (fp, "fips-mode:%c::%s:\n",
|
||||
fips_mode ()? 'y':'n',
|
||||
- _gcry_enforced_fips_mode ()? 'y':'n' );
|
||||
+#ifdef FIPS_MODULE_VERSION
|
||||
+ fips_mode () ? FIPS_MODULE_VERSION : ""
|
||||
+#else
|
||||
+ ""
|
||||
+#endif /* FIPS_MODULE_VERSION */
|
||||
+ );
|
||||
}
|
||||
|
||||
if (!what || !strcmp (what, "rng-type"))
|
380
libgcrypt-FIPS-service-indicators.patch
Normal file
380
libgcrypt-FIPS-service-indicators.patch
Normal file
@ -0,0 +1,380 @@
|
||||
Index: libgcrypt-1.9.4/src/fips.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.9.4.orig/src/fips.c
|
||||
+++ libgcrypt-1.9.4/src/fips.c
|
||||
@@ -437,6 +437,59 @@ _gcry_fips_test_operational (void)
|
||||
}
|
||||
|
||||
|
||||
+int
|
||||
+_gcry_fips_indicator_cipher (va_list arg_ptr)
|
||||
+{
|
||||
+ enum gcry_cipher_algos alg = va_arg (arg_ptr, enum gcry_cipher_algos);
|
||||
+ enum gcry_cipher_modes mode;
|
||||
+
|
||||
+ switch (alg)
|
||||
+ {
|
||||
+ case GCRY_CIPHER_AES:
|
||||
+ case GCRY_CIPHER_AES192:
|
||||
+ case GCRY_CIPHER_AES256:
|
||||
+ mode = va_arg (arg_ptr, enum gcry_cipher_modes);
|
||||
+ switch (mode)
|
||||
+ case GCRY_CIPHER_AES:
|
||||
+ case GCRY_CIPHER_AES192:
|
||||
+ case GCRY_CIPHER_AES256:
|
||||
+ mode = va_arg (arg_ptr, enum gcry_cipher_modes);
|
||||
+ switch (mode)
|
||||
+ {
|
||||
+ case GCRY_CIPHER_MODE_ECB:
|
||||
+ case GCRY_CIPHER_MODE_CBC:
|
||||
+ case GCRY_CIPHER_MODE_CFB:
|
||||
+ case GCRY_CIPHER_MODE_CFB8:
|
||||
+ case GCRY_CIPHER_MODE_OFB:
|
||||
+ case GCRY_CIPHER_MODE_CTR:
|
||||
+ case GCRY_CIPHER_MODE_CCM:
|
||||
+ case GCRY_CIPHER_MODE_GCM:
|
||||
+ case GCRY_CIPHER_MODE_XTS:
|
||||
+ return GPG_ERR_NO_ERROR;
|
||||
+ default:
|
||||
+ return GPG_ERR_NOT_SUPPORTED;
|
||||
+ }
|
||||
+ default:
|
||||
+ return GPG_ERR_NOT_SUPPORTED;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+
|
||||
+int
|
||||
+_gcry_fips_indicator_kdf (va_list arg_ptr)
|
||||
+{
|
||||
+ enum gcry_kdf_algos alg = va_arg (arg_ptr, enum gcry_kdf_algos);
|
||||
+
|
||||
+ switch (alg)
|
||||
+ {
|
||||
+ case GCRY_KDF_PBKDF2:
|
||||
+ return GPG_ERR_NO_ERROR;
|
||||
+ default:
|
||||
+ return GPG_ERR_NOT_SUPPORTED;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+
|
||||
/* This is a test on whether the library is in the error or
|
||||
operational state. */
|
||||
int
|
||||
Index: libgcrypt-1.9.4/src/g10lib.h
|
||||
===================================================================
|
||||
--- libgcrypt-1.9.4.orig/src/g10lib.h
|
||||
+++ libgcrypt-1.9.4/src/g10lib.h
|
||||
@@ -487,6 +487,9 @@ void _gcry_fips_signal_error (const char
|
||||
_gcry_fips_signal_error (__FILE__, __LINE__, NULL, 1, (a))
|
||||
#endif
|
||||
|
||||
+int _gcry_fips_indicator_cipher (va_list arg_ptr);
|
||||
+int _gcry_fips_indicator_kdf (va_list arg_ptr);
|
||||
+
|
||||
int _gcry_fips_is_operational (void);
|
||||
|
||||
/* Return true if the library is in the operational state. */
|
||||
Index: libgcrypt-1.9.4/src/gcrypt.h.in
|
||||
===================================================================
|
||||
--- libgcrypt-1.9.4.orig/src/gcrypt.h.in
|
||||
+++ libgcrypt-1.9.4/src/gcrypt.h.in
|
||||
@@ -334,7 +334,9 @@ enum gcry_ctl_cmds
|
||||
GCRYCTL_GET_TAGLEN = 76,
|
||||
GCRYCTL_REINIT_SYSCALL_CLAMP = 77,
|
||||
GCRYCTL_AUTO_EXPAND_SECMEM = 78,
|
||||
- GCRYCTL_SET_ALLOW_WEAK_KEY = 79
|
||||
+ GCRYCTL_SET_ALLOW_WEAK_KEY = 79,
|
||||
+ GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER = 81,
|
||||
+ GCRYCTL_FIPS_SERVICE_INDICATOR_KDF = 82
|
||||
};
|
||||
|
||||
/* Perform various operations defined by CMD. */
|
||||
Index: libgcrypt-1.9.4/src/global.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.9.4.orig/src/global.c
|
||||
+++ libgcrypt-1.9.4/src/global.c
|
||||
@@ -755,6 +755,19 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
|
||||
rc = _gcry_fips_run_selftests (1);
|
||||
break;
|
||||
|
||||
+ case GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER:
|
||||
+ /* Get FIPS Service Indicator for a given symmetric algorithm and
|
||||
+ * optional mode. Returns GPG_ERR_NO_ERROR if algorithm is allowed or
|
||||
+ * GPG_ERR_NOT_SUPPORTED otherwise */
|
||||
+ rc = _gcry_fips_indicator_cipher (arg_ptr);
|
||||
+ break;
|
||||
+
|
||||
+ case GCRYCTL_FIPS_SERVICE_INDICATOR_KDF:
|
||||
+ /* Get FIPS Service Indicator for a given KDF. Returns GPG_ERR_NO_ERROR
|
||||
+ * if algorithm is allowed or GPG_ERR_NOT_SUPPORTED otherwise */
|
||||
+ rc = _gcry_fips_indicator_kdf (arg_ptr);
|
||||
+ break;
|
||||
+
|
||||
case PRIV_CTL_INIT_EXTRNG_TEST: /* Init external random test. */
|
||||
rc = GPG_ERR_NOT_SUPPORTED;
|
||||
break;
|
||||
Index: libgcrypt-1.9.4/tests/basic.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.9.4.orig/tests/basic.c
|
||||
+++ libgcrypt-1.9.4/tests/basic.c
|
||||
@@ -6383,6 +6383,16 @@ do_check_ocb_cipher (int inplace)
|
||||
assert (tv[tidx].taglen <= ciphlen);
|
||||
assert (tv[tidx].taglen <= sizeof tag);
|
||||
|
||||
+ /* Verify the FIPS indicator marks this as non-approved */
|
||||
+ if (in_fips_mode)
|
||||
+ {
|
||||
+ err = gcry_control (GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER,
|
||||
+ tv[tidx].algo, GCRY_CIPHER_MODE_OCB);
|
||||
+ if (gpg_err_code (err) != GPG_ERR_NOT_SUPPORTED)
|
||||
+ fail ("cipher-ocb, gcry_control did not fail as expected (tv %d): %s\n",
|
||||
+ tidx, gpg_strerror (err));
|
||||
+ }
|
||||
+
|
||||
err = gcry_cipher_open (&hde, tv[tidx].algo, GCRY_CIPHER_MODE_OCB, 0);
|
||||
if (!err)
|
||||
err = gcry_cipher_open (&hdd, tv[tidx].algo, GCRY_CIPHER_MODE_OCB, 0);
|
||||
@@ -6644,6 +6654,16 @@ check_ocb_cipher_largebuf_split (int alg
|
||||
memcpy(inbuf + i, hash, 16);
|
||||
}
|
||||
|
||||
+ /* Verify the FIPS indicator marks this as non-approved */
|
||||
+ if (in_fips_mode)
|
||||
+ {
|
||||
+ err = gcry_control (GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER,
|
||||
+ algo, GCRY_CIPHER_MODE_OCB);
|
||||
+ if (gpg_err_code (err) != GPG_ERR_NOT_SUPPORTED)
|
||||
+ fail ("cipher-ocb, gcry_control did not fail as expected (large, algo %d): %s\n",
|
||||
+ algo, gpg_strerror (err));
|
||||
+ }
|
||||
+
|
||||
err = gcry_cipher_open (&hde, algo, GCRY_CIPHER_MODE_OCB, 0);
|
||||
if (!err)
|
||||
err = gcry_cipher_open (&hdd, algo, GCRY_CIPHER_MODE_OCB, 0);
|
||||
@@ -6842,7 +6862,17 @@ check_ocb_cipher_checksum (int algo, int
|
||||
blk[byteidx] |= 1 << bitpos;
|
||||
}
|
||||
|
||||
- err = gcry_cipher_open (&hde, algo, GCRY_CIPHER_MODE_OCB, 0);
|
||||
+ /* Verify the FIPS indicator marks this as non-approved */
|
||||
+ if (in_fips_mode)
|
||||
+ {
|
||||
+ err = gcry_control (GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER,
|
||||
+ algo, GCRY_CIPHER_MODE_OCB);
|
||||
+ if (gpg_err_code (err) != GPG_ERR_NOT_SUPPORTED)
|
||||
+ fail ("cipher-ocb, gcry_control did not fail as expected (checksum, algo %d): %s\n",
|
||||
+ algo, gpg_strerror (err));
|
||||
+ }
|
||||
+
|
||||
+ err = gcry_cipher_open (&hde, algo, GCRY_CIPHER_MODE_OCB, 0);
|
||||
if (!err)
|
||||
err = gcry_cipher_open (&hde2, algo, GCRY_CIPHER_MODE_OCB, 0);
|
||||
if (!err)
|
||||
@@ -7110,6 +7140,16 @@ check_ocb_cipher_splitaad (void)
|
||||
aad[2] = tv[tidx].aad2? hex2buffer (tv[tidx].aad2, aadlen+2) : NULL;
|
||||
aad[3] = tv[tidx].aad3? hex2buffer (tv[tidx].aad3, aadlen+3) : NULL;
|
||||
|
||||
+ /* Verify the FIPS indicator marks this as non-approved */
|
||||
+ if (in_fips_mode)
|
||||
+ {
|
||||
+ err = gcry_control (GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER,
|
||||
+ GCRY_CIPHER_AES, GCRY_CIPHER_MODE_OCB);
|
||||
+ if (gpg_err_code (err) != GPG_ERR_NOT_SUPPORTED)
|
||||
+ fail ("cipher-ocb-splitaad, gcry_control did not fail as expected: %s\n",
|
||||
+ gpg_strerror (err));
|
||||
+ }
|
||||
+
|
||||
err = gcry_cipher_open (&hde, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_OCB, 0);
|
||||
if (err)
|
||||
{
|
||||
@@ -9044,6 +9084,17 @@ check_bulk_cipher_modes (void)
|
||||
fprintf (stderr, " checking bulk encryption for %s [%i], mode %d\n",
|
||||
gcry_cipher_algo_name (tv[i].algo),
|
||||
tv[i].algo, tv[i].mode);
|
||||
+
|
||||
+ /* Verify the FIPS indicator marks approved cipher/modes combinations */
|
||||
+ if (in_fips_mode)
|
||||
+ {
|
||||
+ err = gcry_control (GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER,
|
||||
+ tv[i].algo, tv[i].mode);
|
||||
+ if (gpg_err_code (err) != GPG_ERR_NO_ERROR)
|
||||
+ fail ("gcry_control unexpectedly failed for algo = %s, mode = %d : %s\n",
|
||||
+ gcry_cipher_algo_name (tv[i].algo), tv[i].mode, gpg_strerror (err));
|
||||
+ }
|
||||
+
|
||||
err = gcry_cipher_open (&hde, tv[i].algo, tv[i].mode, 0);
|
||||
if (!err)
|
||||
err = gcry_cipher_open (&hdd, tv[i].algo, tv[i].mode, 0);
|
||||
Index: libgcrypt-1.9.4/doc/gcrypt.texi
|
||||
===================================================================
|
||||
--- libgcrypt-1.9.4.orig/doc/gcrypt.texi
|
||||
+++ libgcrypt-1.9.4/doc/gcrypt.texi
|
||||
@@ -961,6 +961,19 @@ been registered with Libgpg-error and ad
|
||||
clamp again. Obviously this control code may only be used before a
|
||||
second thread is started in a process.
|
||||
|
||||
+@item GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER; Arguments: enum gcry_cipher_algos [, enum gcry_cipher_modes]
|
||||
+
|
||||
+Check if the given symmetric cipher and optional cipher mode combination
|
||||
+is approved under the current FIPS 140-3 certification. If the
|
||||
+combination is approved, this function returns @code{GPG_ERR_NO_ERROR}.
|
||||
+Otherwise @code{GPG_ERR_NOT_SUPPORTED} is returned.
|
||||
+
|
||||
+@item GCRYCTL_FIPS_SERVICE_INDICATOR_KDF; Arguments: enum gcry_kdf_algos
|
||||
+
|
||||
+Check if the given KDF is approved under the current FIPS 140-3
|
||||
+certification. If the KDF is approved, this function returns
|
||||
+@code{GPG_ERR_NO_ERROR}. Otherwise @code{GPG_ERR_NOT_SUPPORTED}
|
||||
+is returned.
|
||||
|
||||
@end table
|
||||
|
||||
@@ -980,7 +993,7 @@ descriptive message to the user and canc
|
||||
|
||||
Some error values do not indicate a system error or an error in the
|
||||
operation, but the result of an operation that failed properly. For
|
||||
-example, if you try to decrypt a tempered message, the decryption will
|
||||
+example, if you try to decrypt a tampered message, the decryption will
|
||||
fail. Another error value actually means that the end of a data
|
||||
buffer or list has been reached. The following descriptions explain
|
||||
for many error codes what they mean usually. Some error values have
|
||||
@@ -6320,25 +6333,6 @@ The following symmetric encryption algor
|
||||
power-up:
|
||||
|
||||
@table @asis
|
||||
-@item 3DES
|
||||
-To test the 3DES 3-key EDE encryption in ECB mode these tests are
|
||||
-run:
|
||||
-@enumerate
|
||||
-@item
|
||||
-A known answer test is run on a 64 bit test vector processed by 64
|
||||
-rounds of Single-DES block encryption and decryption using a key
|
||||
-changed with each round.
|
||||
-@item
|
||||
-A known answer test is run on a 64 bit test vector processed by 16
|
||||
-rounds of 2-key and 3-key Triple-DES block encryption and decryptions
|
||||
-using a key changed with each round.
|
||||
-@item
|
||||
-10 known answer tests using 3-key Triple-DES EDE encryption, comparing
|
||||
-the ciphertext to the known value, then running a decryption and
|
||||
-comparing it to the initial plaintext.
|
||||
-@end enumerate
|
||||
-(@code{cipher/des.c:selftest})
|
||||
-
|
||||
@item AES-128
|
||||
A known answer tests is run using one test vector and one test
|
||||
key with AES in ECB mode. (@code{cipher/rijndael.c:selftest_basic_128})
|
||||
@@ -6394,6 +6388,9 @@ A known answer test using 28 byte of dat
|
||||
@item HMAC SHA-512
|
||||
A known answer test using 28 byte of data and a 4 byte key is run.
|
||||
(@code{cipher/hmac-tests.c:selftests_sha512})
|
||||
+@item CMAC AES
|
||||
+A known answer test using 40 byte of data and a 16 byte key is run.
|
||||
+(@code{cipher/mac-cmac.c:selftests_cmac_aes})
|
||||
@end table
|
||||
|
||||
@subsection Random Number Power-Up Test
|
||||
@@ -6416,7 +6413,7 @@ The public key algorithms are tested dur
|
||||
|
||||
@table @asis
|
||||
@item RSA
|
||||
-A pre-defined 1024 bit RSA key is used and these tests are run
|
||||
+A pre-defined 2048 bit RSA key is used and these tests are run
|
||||
in turn:
|
||||
@enumerate
|
||||
@item
|
||||
@@ -6426,14 +6423,14 @@ Conversion of S-expression to internal f
|
||||
Private key consistency check.
|
||||
(@code{cipher/@/rsa.c:@/selftests_rsa})
|
||||
@item
|
||||
-A pre-defined 20 byte value is signed with PKCS#1 padding for SHA-1.
|
||||
+A pre-defined 20 byte value is signed with PKCS#1 padding for SHA-256.
|
||||
The result is verified using the public key against the original data
|
||||
-and against modified data. (@code{cipher/@/rsa.c:@/selftest_sign_1024})
|
||||
+and against modified data. (@code{cipher/@/rsa.c:@/selftest_sign_2048})
|
||||
@item
|
||||
-A 1000 bit random value is encrypted and checked that it does not
|
||||
-match the original random value. The encrypted result is then
|
||||
+A predefined 66 byte value is encrypted and checked that it matches
|
||||
+reference encyrpted message. The encrypted result is then
|
||||
decrypted and checked that it matches the original random value.
|
||||
-(@code{cipher/@/rsa.c:@/selftest_encr_1024})
|
||||
+(@code{cipher/@/rsa.c:@/selftest_encr_2048})
|
||||
@end enumerate
|
||||
|
||||
@item DSA
|
||||
@@ -6463,15 +6461,6 @@ of the same name but with a single dot a
|
||||
@file{.hmac}.
|
||||
|
||||
|
||||
-@subsection Critical Functions Power-Up Tests
|
||||
-
|
||||
-The 3DES weak key detection is tested during power-up by calling the
|
||||
-detection function with keys taken from a table listening all weak
|
||||
-keys. The table itself is protected using a SHA-1 hash.
|
||||
-(@code{cipher/@/des.c:@/selftest})
|
||||
-
|
||||
-
|
||||
-
|
||||
@c --------------------------------
|
||||
@section Conditional Tests
|
||||
|
||||
@@ -6645,8 +6634,6 @@ If Libgcrypt is used in FIPS mode these
|
||||
The cryptographic algorithms are restricted to this list:
|
||||
|
||||
@table @asis
|
||||
-@item GCRY_CIPHER_3DES
|
||||
-3 key EDE Triple-DES symmetric encryption.
|
||||
@item GCRY_CIPHER_AES128
|
||||
AES 128 bit symmetric encryption.
|
||||
@item GCRY_CIPHER_AES192
|
||||
@@ -6673,6 +6660,8 @@ HMAC using a SHA-256 message digest.
|
||||
HMAC using a SHA-384 message digest.
|
||||
@item GCRY_MD_SHA512,GCRY_MD_FLAG_HMAC
|
||||
HMAC using a SHA-512 message digest.
|
||||
+@item GCRY_MAC_CMAC_AES
|
||||
+CMAC using a AES key.
|
||||
@item GCRY_PK_RSA
|
||||
RSA encryption and signing.
|
||||
@item GCRY_PK_DSA
|
||||
@@ -6683,8 +6672,8 @@ Note that the CRC algorithms are not con
|
||||
and thus are in addition available.
|
||||
|
||||
@item
|
||||
-RSA key generation refuses to create a key with a keysize of
|
||||
-less than 1024 bits.
|
||||
+RSA key generation refuses to create and uyse ea key with a keysize of
|
||||
+less than 2048 bits.
|
||||
|
||||
@item
|
||||
DSA key generation refuses to create a key with a keysize other
|
||||
@@ -6697,8 +6686,9 @@ The @code{transient-key} flag for RSA an
|
||||
Support for the VIA Padlock engine is disabled.
|
||||
|
||||
@item
|
||||
-FIPS mode may only be used on systems with a /dev/random device.
|
||||
-Switching into FIPS mode on other systems will fail at runtime.
|
||||
+FIPS mode may only be used on systems with a /dev/random device or
|
||||
+with a getentropy syscall. Switching into FIPS mode on other systems
|
||||
+will fail at runtime.
|
||||
|
||||
@item
|
||||
Saving and loading a random seed file is ignored.
|
||||
@@ -6731,11 +6721,15 @@ disables FIPS mode unless Enforced FIPS
|
||||
Libgcrypt will enter the error state.
|
||||
|
||||
@item
|
||||
+The signatures using SHA-1 digest algorithm may not be used.
|
||||
+
|
||||
+@item
|
||||
In Enforced FIPS mode the command @code{GCRYCTL_DISABLE_SECMEM} is
|
||||
ignored. In standard FIPS mode it disables FIPS mode.
|
||||
|
||||
@item
|
||||
A handler set by @code{gcry_set_outofcore_handler} is ignored.
|
||||
+
|
||||
@item
|
||||
A handler set by @code{gcry_set_fatalerror_handler} is ignored.
|
||||
|
35
libgcrypt-FIPS-verify-unsupported-KDF-test.patch
Normal file
35
libgcrypt-FIPS-verify-unsupported-KDF-test.patch
Normal file
@ -0,0 +1,35 @@
|
||||
From 0ab4e8063729147fb9abd463055785aac831bf5c Mon Sep 17 00:00:00 2001
|
||||
From: Jakub Jelen <jjelen@redhat.com>
|
||||
Date: Tue, 13 Jul 2021 16:58:54 +0200
|
||||
Subject: [PATCH 348/500] tests: Verify unsupported KDF tests fail in FIPS mode
|
||||
|
||||
* tests/t-kdf.c (check_pbkdf2): Verify tests based on algorithms
|
||||
unsupported in FIPS mode fail.
|
||||
--
|
||||
|
||||
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||
---
|
||||
tests/t-kdf.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/tests/t-kdf.c b/tests/t-kdf.c
|
||||
index 7a48e98a..48309b9a 100644
|
||||
--- a/tests/t-kdf.c
|
||||
+++ b/tests/t-kdf.c
|
||||
@@ -1104,6 +1104,13 @@ check_pbkdf2 (void)
|
||||
GCRY_KDF_PBKDF2, tv[tvidx].hashalgo,
|
||||
tv[tvidx].salt, tv[tvidx].saltlen,
|
||||
tv[tvidx].c, tv[tvidx].dklen, outbuf);
|
||||
+ if (gcry_fips_mode_active() && tvidx > 6)
|
||||
+ {
|
||||
+ if (!err)
|
||||
+ fail ("pbkdf2 test %d unexpectedly passed in FIPS mode: %s\n",
|
||||
+ tvidx, gpg_strerror (err));
|
||||
+ continue;
|
||||
+ }
|
||||
if (err)
|
||||
fail ("pbkdf2 test %d failed: %s\n", tvidx, gpg_strerror (err));
|
||||
else if (memcmp (outbuf, tv[tvidx].dk, tv[tvidx].dklen))
|
||||
--
|
||||
2.34.1
|
||||
|
@ -1,3 +1,21 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Feb 1 11:28:51 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
|
||||
|
||||
- FIPS: Disable DSA in FIPS mode [bsc#1195385]
|
||||
* Upstream task: https://dev.gnupg.org/T5710
|
||||
* Add libgcrypt-FIPS-disable-DSA.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 19 08:36:58 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
|
||||
|
||||
- FIPS: Service level indicator [bsc#1190700]
|
||||
* Provide an indicator to check wether the service utilizes an
|
||||
approved cryptographic algorithm or not.
|
||||
* Add patches:
|
||||
- libgcrypt-FIPS-service-indicators.patch
|
||||
- libgcrypt-FIPS-verify-unsupported-KDF-test.patch
|
||||
- libgcrypt-FIPS-HMAC-short-keylen.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Dec 7 09:41:01 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
||||
|
||||
@ -5,6 +23,62 @@ Tue Dec 7 09:41:01 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
||||
* gcry_mpi_sub_ui: fix subtracting from negative value
|
||||
* Add libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 30 09:42:23 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
||||
|
||||
- FIPS: Define an entropy source SP800-90B compliant [bsc#1185140]
|
||||
* Disable jitter entropy by default in random.conf
|
||||
* Disable only-urandom option by default in random.conf
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Nov 26 13:10:29 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
||||
|
||||
- FIPS: RSA KeyGen/SigGen fail with 4096 bit key sizes [bsc#1192240]
|
||||
* rsa: Check RSA keylen constraints for key operations.
|
||||
* rsa: Fix regression in not returning an error for prime generation.
|
||||
* tests: Add 2k RSA key working in FIPS mode.
|
||||
* tests: pubkey: Replace RSA key to one of 2k.
|
||||
* tests: pkcs1v2: Skip tests with small keys in FIPS.
|
||||
* Add patches:
|
||||
- libgcrypt-FIPS-RSA-keylen.patch
|
||||
- libgcrypt-FIPS-RSA-keylen-tests.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Nov 8 10:21:39 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
||||
|
||||
- FIPS: Disable 3DES/Triple-DES in FIPS mode [bsc#1185138]
|
||||
* Add libgcrypt-FIPS-disable-3DES.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 2 11:31:19 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
||||
|
||||
- FIPS: PBKDF requirements [bsc#1185137]
|
||||
* The PBKDF2 selftests were introduced in libgcrypt version
|
||||
1.9.1 in the function selftest_pbkdf2()
|
||||
* Upstream task: https://dev.gnupg.org/T5182
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Oct 28 19:48:06 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
||||
|
||||
- FIPS: Fix regression tests in FIPS mode [bsc#1192131]
|
||||
* Add libgcrypt-FIPS-fix-regression-tests.patch
|
||||
* Upstream task: https://dev.gnupg.org/T5520
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Sep 21 11:25:06 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
||||
|
||||
- FIPS: Provide a module name/identifier and version that can be
|
||||
mapped to the validation records. [bsc#1190706]
|
||||
* Add libgcrypt-FIPS-module-version.patch
|
||||
* Upstream task: https://dev.gnupg.org/T5600
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Sep 21 10:23:44 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
||||
|
||||
- FIPS: Enable hardware support also in FIPS mode [bsc#1187110]
|
||||
* Add libgcrypt-FIPS-hw-optimizations.patch
|
||||
* Upstream task: https://dev.gnupg.org/T5508
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Aug 23 12:08:24 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package libgcrypt
|
||||
#
|
||||
# Copyright (c) 2021 SUSE LLC
|
||||
# Copyright (c) 2022 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -27,7 +27,7 @@ Release: 0
|
||||
Summary: The GNU Crypto Library
|
||||
License: GPL-2.0-or-later AND LGPL-2.1-or-later AND GPL-3.0-or-later
|
||||
Group: Development/Libraries/C and C++
|
||||
URL: https://directory.fsf.org/wiki/Libgcrypt
|
||||
URL: https://gnupg.org/software/libgcrypt
|
||||
Source: https://gnupg.org/ftp/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2
|
||||
Source1: https://gnupg.org/ftp/gcrypt/libgcrypt/%{name}-%{version}.tar.bz2.sig
|
||||
Source2: baselibs.conf
|
||||
@ -77,12 +77,30 @@ Patch28: libgcrypt-PCT-ECC.patch
|
||||
Patch29: libgcrypt-fips_selftest_trigger_file.patch
|
||||
#PATCH-FIX-SUSE bsc#1189745 The t-lock test is not build with phtread in gcc7, works in gcc11
|
||||
Patch30: libgcrypt-pthread-in-t-lock-test.patch
|
||||
#PATCH-FIX-UPSTREAM bsc#1187110 FIPS: Enable hardware support also in FIPS mode
|
||||
Patch31: libgcrypt-FIPS-hw-optimizations.patch
|
||||
#PATCH-FIX-UPSTREAM bsc#1190706 FIPS: Provide module name/identifier and version
|
||||
Patch32: libgcrypt-FIPS-module-version.patch
|
||||
#PATCH-FIX-SUSE bsc#1185138 FIPS: Disable 3DES/Triple-DES in FIPS mode
|
||||
Patch33: libgcrypt-FIPS-disable-3DES.patch
|
||||
#PATCH-FIX-UPSTREAM bsc#1192131 FIPS: Fix regression tests in FIPS mode
|
||||
Patch34: libgcrypt-FIPS-fix-regression-tests.patch
|
||||
#PATCH-FIX-UPSTREAM bsc#1192240 FIPS: RSA KeyGen/SigGen fail with 4096 bit key sizes
|
||||
Patch35: libgcrypt-FIPS-RSA-keylen.patch
|
||||
Patch36: libgcrypt-FIPS-RSA-keylen-tests.patch
|
||||
#PATCH-FIX-UPSTREAM bsc#1193480 FIPS: gcry_mpi_sub_ui: fix subtracting from negative value
|
||||
Patch31: libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch
|
||||
Patch37: libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch
|
||||
#PATCH-FIX-UPSTREAM bsc#1190700 FIPS: Provide a service-level indicator
|
||||
Patch38: libgcrypt-FIPS-verify-unsupported-KDF-test.patch
|
||||
Patch39: libgcrypt-FIPS-HMAC-short-keylen.patch
|
||||
Patch40: libgcrypt-FIPS-service-indicators.patch
|
||||
#PATCH-FIX-UPSTREAM bsc#1195385 FIPS: Disable DSA in FIPS mode
|
||||
Patch41: libgcrypt-FIPS-disable-DSA.patch
|
||||
BuildRequires: automake >= 1.14
|
||||
BuildRequires: fipscheck
|
||||
BuildRequires: libgpg-error-devel >= 1.27
|
||||
BuildRequires: libtool
|
||||
BuildRequires: makeinfo
|
||||
BuildRequires: pkgconfig
|
||||
|
||||
%description
|
||||
@ -165,6 +183,7 @@ date=$(date -u +%{Y}-%{m}-%{dT}%{H}:%{M}+0000 -r %{SOURCE99})
|
||||
sed -e "s,BUILD_TIMESTAMP=.*,BUILD_TIMESTAMP=$date," -i configure
|
||||
export CFLAGS="%{optflags} $(getconf LFS_CFLAGS)"
|
||||
%configure \
|
||||
--with-fips-module-version="Libgcrypt version %{version}-%{release}" \
|
||||
--enable-noexecstack \
|
||||
--disable-static \
|
||||
--enable-m-guard \
|
||||
@ -173,6 +192,7 @@ export CFLAGS="%{optflags} $(getconf LFS_CFLAGS)"
|
||||
%endif
|
||||
--enable-hmac-binary-check \
|
||||
--enable-random=linux
|
||||
|
||||
%make_build
|
||||
|
||||
%if 0%{?build_hmac256}
|
||||
|
@ -3,7 +3,7 @@
|
||||
|
||||
# Always use the non-blocking /dev/urandom or the respective
|
||||
# system call instead of the blocking /dev/random.
|
||||
only-urandom
|
||||
# only-urandom
|
||||
|
||||
# Disable the use of the jitter based entropy generator.
|
||||
#disable-jent
|
||||
disable-jent
|
||||
|
Loading…
Reference in New Issue
Block a user