SHA256
1
0
forked from pool/libica

Accepting request 801384 from devel:openSUSE:Factory

OBS-URL: https://build.opensuse.org/request/show/801384
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libica?expand=0&rev=18
This commit is contained in:
Dominique Leuenberger 2020-05-08 21:07:32 +00:00 committed by Git OBS Bridge
commit ae8e33e20c
7 changed files with 538 additions and 4 deletions

View File

@ -0,0 +1,12 @@
--- libica-3.6.0/src/fips.c 2020-05-04 17:01:23.238805001 -0400
+++ libica-3.6.0/src/fips.c 2020-05-04 16:58:51.352241763 -0400
@@ -45,8 +45,7 @@
* libica.so.MAJOR.hmac in the same directory as the .so module.
*/
static const char hmackey[] =
- "0000000000000000000000000000000000000000000000000000000000000000"
- "0000000000000000000000000000000000000000000000000000000000000000";
+ "orboDeJITITejsirpADONivirpUkvarP";
int fips;

View File

@ -0,0 +1,354 @@
From 231bba3b32bd246d8286f1c7dc231d836ea92bd9 Mon Sep 17 00:00:00 2001
From: Joerg Schmidbauer <jschmidb@de.ibm.com>
Date: Mon, 27 Apr 2020 11:18:26 +0200
Subject: [PATCH] FIPS: introduce HMAC based library integrity check
When in FIPS mode, perform an integrity check on libica.so by calculating
an HMAC from the file contents using a static HMAC key, and comparing it
to a pre-calculated HMAC in a separate file. The HMAC key and HMAC file
may be provided by a Distributor when building the packet. The test
succeeds if the HMAC file is not present.
Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
---
include/ica_api.h | 2 +-
src/Makefile.am | 4 +-
src/fips.c | 224 ++++++++++++++++++++++++++++++++++++++++++++++++++++-
src/include/fips.h | 4 +-
test/fips_test.c | 4 +
5 files changed, 232 insertions(+), 6 deletions(-)
diff --git a/include/ica_api.h b/include/ica_api.h
index 91bf0be..8221f55 100644
--- a/include/ica_api.h
+++ b/include/ica_api.h
@@ -216,7 +216,7 @@ typedef ica_adapter_handle_t ICA_ADAPTER_HANDLE;
*/
/* Cryptographic algorithm test (KAT or pair-wise consistency test) */
#define ICA_FIPS_CRYPTOALG 2
-/* Software/Firmware integrity test (not implemented yet) */
+/* Software/Firmware integrity test */
#define ICA_FIPS_INTEGRITY 4
/* Critical functions test (N/A) */
#define ICA_FIPS_CRITICALFUNC 8
diff --git a/src/Makefile.am b/src/Makefile.am
index 65f471f..9e4ef52 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -9,7 +9,7 @@
libica_la_CFLAGS = ${AM_CFLAGS} -I${srcdir}/include -I${srcdir}/../include \
-fvisibility=hidden
libica_la_CCASFLAGS = ${AM_CFLAGS}
-libica_la_LIBADD = @LIBS@ -lrt -lcrypto
+libica_la_LIBADD = @LIBS@ -lrt -lcrypto -ldl
libica_la_LDFLAGS = -Wl,--version-script=${srcdir}/../libica.map \
-version-number ${VERSION}
libica_la_SOURCES = ica_api.c init.c icastats_shared.c s390_rsa.c \
@@ -53,7 +53,7 @@
-DICA_INTERNAL_TEST \
-DICA_INTERNAL_TEST_EC
internal_tests_ec_internal_test_CCASFLAGS = ${AM_CFLAGS}
-internal_tests_ec_internal_test_LDADD = @LIBS@ -lrt -lcrypto -lpthread
+internal_tests_ec_internal_test_LDADD = @LIBS@ -lrt -lcrypto -lpthread -ldl
internal_tests_ec_internal_test_SOURCES = \
ica_api.c init.c icastats_shared.c s390_rsa.c \
s390_crypto.c s390_ecc.c s390_prng.c s390_sha.c \
diff --git a/src/fips.c b/src/fips.c
index d09a553..bab00db 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -13,11 +13,13 @@
#include <errno.h>
#include <openssl/crypto.h>
+#include <openssl/evp.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <syslog.h>
+#include <dlfcn.h>
#include <openssl/opensslconf.h>
#ifdef OPENSSL_FIPS
@@ -28,6 +30,24 @@
#include "ica_api.h"
#include "test_vec.h"
+#ifndef PATH_MAX
+#define PATH_MAX 4096
+#endif
+
+#define HMAC_PREFIX "."
+#define HMAC_SUFFIX ".hmac"
+#define READ_BUFFER_LENGTH 16384
+
+/*
+ * The hard-coded HMAC key to be optionally provided for the library
+ * integrity test. The recommended key size for HMAC-SHA256 is 64 bytes.
+ * The known HMAC is supposed to be provided as hex string in a file
+ * libica.so.MAJOR.hmac in the same directory as the .so module.
+ */
+static const char hmackey[] =
+ "0000000000000000000000000000000000000000000000000000000000000000"
+ "0000000000000000000000000000000000000000000000000000000000000000";
+
int fips;
static int aes_ecb_kat(void);
@@ -101,6 +121,206 @@ fips_init(void)
FIPS_mode_set(1);
}
}
+static int get_library_path(const char *libname, const char *symbolname,
+ char *path, size_t pathlen)
+{
+ Dl_info info;
+ void *dl, *sym;
+ int rc = -1;
+
+ dl = dlopen(libname, RTLD_LAZY);
+ if (dl == NULL)
+ goto done;
+
+ sym = dlsym(dl, symbolname);
+ if (sym != NULL && dladdr(sym, &info)) {
+ if (strlen(info.dli_fname) < pathlen)
+ strcpy(path, info.dli_fname);
+ else
+ goto done;
+ }
+
+ rc = 0;
+
+done:
+ if (dl != NULL)
+ dlclose(dl);
+
+ return rc;
+}
+
+static char *make_hmac_path(const char *origpath)
+{
+ char *path;
+ const char *fn;
+
+ path = calloc(1,sizeof(HMAC_PREFIX) + sizeof(HMAC_SUFFIX) + strlen(origpath) + 1);
+ if (path == NULL)
+ return NULL;
+
+ fn = strrchr(origpath, '/');
+ if (fn == NULL) {
+ fn = origpath;
+ } else {
+ ++fn;
+ }
+
+ strncpy(path, origpath, fn - origpath);
+ strcat(path, HMAC_PREFIX);
+ strcat(path, fn);
+ strcat(path, HMAC_SUFFIX);
+
+ return path;
+}
+
+static int compute_file_hmac(const char *path, void **buf, size_t *hmaclen)
+{
+ FILE *fp = NULL;
+ int rc = -1;
+ unsigned char rbuf[READ_BUFFER_LENGTH];
+ unsigned char *keybuf;
+ EVP_MD_CTX *mdctx = NULL;
+ EVP_PKEY *pkey = NULL;
+ size_t hlen, len;
+ long keylen;
+
+ keybuf = OPENSSL_hexstr2buf(hmackey, &keylen);
+ pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, keybuf, (int)keylen);
+ if (!pkey)
+ goto end;
+
+ mdctx = EVP_MD_CTX_create();
+ if (!mdctx)
+ goto end;
+
+ fp = fopen(path, "r");
+ if (fp == NULL)
+ goto end;
+
+ if (EVP_DigestSignInit(mdctx, NULL, EVP_sha256(), NULL, pkey) <= 0)
+ goto end;
+
+ while ((len = fread(rbuf, 1, sizeof(rbuf), fp)) != 0) {
+ if (EVP_DigestSignUpdate(mdctx, rbuf, len) <= 0) {
+ goto end;
+ }
+ }
+
+ if (EVP_DigestSignFinal(mdctx, rbuf, &hlen) <= 0)
+ goto end;
+
+ *buf = malloc(hlen);
+ if (*buf == NULL)
+ goto end;
+
+ *hmaclen = hlen;
+
+ memcpy(*buf, rbuf, hlen);
+
+ rc = 0;
+
+end:
+
+ if (pkey != NULL)
+ EVP_PKEY_free(pkey);
+
+ free(keybuf);
+ EVP_MD_CTX_destroy(mdctx);
+ if (fp)
+ fclose(fp);
+
+ return rc;
+}
+
+/**
+ * Performs the FIPS check.
+ *
+ * @return 1 if check succeeded
+ * 0 otherwise
+ */
+static int FIPSCHECK_verify(const char *path)
+{
+ int rc = 0;
+ FILE *fp;
+ unsigned char *hmac_buf = NULL;
+ long hmaclen;
+ char *hmacpath, *p;
+ char *hmac_str = NULL;
+ size_t n, buflen;
+ void *buf = NULL;
+
+ hmacpath = make_hmac_path(path);
+ if (hmacpath == NULL)
+ return 0;
+
+ fp = fopen(hmacpath, "r");
+ if (fp == NULL) {
+ rc = 1;
+ goto end;
+ }
+
+ if (getline(&hmac_str, &n, fp) <= 0)
+ goto end;
+
+ if ((p = strchr(hmac_str, '\n')) != NULL)
+ *p = '\0';
+
+ hmac_buf = OPENSSL_hexstr2buf(hmac_str, &hmaclen);
+
+ if (compute_file_hmac(path, &buf, &buflen) != 0)
+ goto end;
+
+ if (memcmp(buf, hmac_buf, hmaclen) != 0)
+ goto end;
+
+ rc = 1;
+
+end:
+
+ free(buf);
+ free(hmac_str);
+ free(hmacpath);
+
+ OPENSSL_free(hmac_buf);
+
+ if (fp)
+ fclose(fp);
+
+ return rc;
+}
+
+static const char msg1[] = "Libica FIPS library integrity check failed. Cannot determine library path.\n";
+static const char msg2[] = "Libica FIPS library integrity check failed. Module %s probably corrupted.\n";
+static const char msg3[] = "Libica FIPS library integrity check passed.\n";
+
+/*
+ * Perform an integrity check on libica.so by calculating an HMAC from
+ * the file contents using a static HMAC key, and comparing it to a
+ * pre-calculated HMAC in a separate file. The HMAC key and HMAC file
+ * may be provided by a Distributor when building the packet.
+ */
+static void fips_lib_integrity_check(void)
+{
+ int rc;
+ char path[PATH_MAX];
+ const char *libname = "libica.so";
+ const char *symbolname = "ica_sha256";
+
+ rc = get_library_path(libname, symbolname, path, sizeof(path));
+ if (rc != 0) {
+ syslog(LOG_ERR, msg1);
+ fips |= ICA_FIPS_INTEGRITY;
+ return;
+ }
+
+ if (!FIPSCHECK_verify(path)) {
+ syslog(LOG_ERR, msg2, path);
+ fips |= ICA_FIPS_INTEGRITY;
+ return;
+ }
+
+ syslog(LOG_INFO, msg3);
+}
void
fips_powerup_tests(void)
@@ -117,6 +337,9 @@ fips_powerup_tests(void)
fips |= ICA_FIPS_CRYPTOALG;
return;
}
+
+ /* Library integrity test */
+ fips_lib_integrity_check();
}
static int
@@ -933,5 +1156,4 @@ _err_:
syslog(LOG_ERR, "Libica RSA test failed.");
return 1;
}
-
#endif /* FIPS_H */
diff --git a/src/include/fips.h b/src/include/fips.h
index 421be4c..0ffdef6 100644
--- a/src/include/fips.h
+++ b/src/include/fips.h
@@ -27,8 +27,8 @@ extern int fips; /* module status */
void fips_init(void);
/*
- * Powerup tests: crypto algorithm test, SW/FW integrity test (not implemented
- * yet), critical function test (no critical functions). The tests set the
+ * Powerup tests: crypto algorithm test, SW/FW integrity test, critical
+ * function test (no critical functions). The tests set the
* corresponding status flags.
*/
void fips_powerup_tests(void);
diff --git a/test/fips_test.c b/test/fips_test.c
index 06563e3..0f1940d 100644
--- a/test/fips_test.c
+++ b/test/fips_test.c
@@ -57,6 +57,10 @@ main(void)
printf("Libica FIPS powerup test failed.\n");
rv = EXIT_FAILURE;
}
+ if (fips & ICA_FIPS_INTEGRITY) {
+ printf("Libica FIPS integrity check failed.\n");
+ rv = EXIT_FAILURE;
+ }
#endif /* ICA_FIPS */
printf("OpenSSL version is '%s'.\n", OPENSSL_VERSION_TEXT);
--
2.16.4

View File

@ -0,0 +1,41 @@
From b687f1514b3d371cdc44b5b3b02d5ddd9ac4eb54 Mon Sep 17 00:00:00 2001
From: Joerg Schmidbauer <jschmidb@de.ibm.com>
Date: Wed, 25 Mar 2020 10:07:10 +0100
Subject: [PATCH] FIPS: provide output iv as required by FIPS tests
This fix is introduced to satisfy FIPS tests. They require the
output iv to be the iv resulting from decrypting the last block
with a zero iv as input. But note that this is not described
in the NIST standard for CBC-CS. According to the standard,
the output iv is simply undefined.
Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
---
src/include/s390_cbccs.h | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/src/include/s390_cbccs.h b/src/include/s390_cbccs.h
index aa29bff..f6626dc 100644
--- a/src/include/s390_cbccs.h
+++ b/src/include/s390_cbccs.h
@@ -287,6 +287,17 @@ s390_aes_cbccs_dec(unsigned int fc, const unsigned char *in_data,
block_xor(out_data + tmp_data_length + AES_BLOCK_SIZE,
tmp_in_data, tmp_out_data, rest_data_length);
+ /*
+ * This fix was introduced to satisfy FIPS tests. They require the
+ * output iv to be the iv resulting from decrypting the last block
+ * with a zero iv as input, which is tmp_iv here. But note that this
+ * is not described in the NIST standard for CBC-CS. According to the
+ * standard, the output iv is simply undefined.
+ */
+#ifdef ICA_FIPS
+ memcpy(iv, tmp_iv, AES_BLOCK_SIZE);
+#endif /* ICA_FIPS */
+
return 0;
}
--
2.16.4

View File

@ -0,0 +1,43 @@
From db1ad6f64d96c6dba2be5af5a4ecd7ceb8f92cf2 Mon Sep 17 00:00:00 2001
From: Joerg Schmidbauer <jschmidb@de.ibm.com>
Date: Wed, 18 Mar 2020 16:48:43 +0100
Subject: [PATCH] Fix DES and TDES key length.
Although a DES key has only 56 effective bits, all 64 bits must be
considered, because the parity bits are spread over all 8 bytes of
the key.
Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
---
src/ica_api.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/ica_api.c b/src/ica_api.c
index b80c6e3..eb6b154 100644
--- a/src/ica_api.c
+++ b/src/ica_api.c
@@ -48,6 +48,8 @@
#define DEFAULT2_CRYPT_DEVICE "/dev/z90crypt"
#define DEFAULT3_CRYPT_DEVICE "/dev/zcrypt"
+#define DES_KEY_LEN64 (64/8)
+
#define MAX_VERSION_LENGTH 16
int ica_fallbacks_enabled = 1;
@@ -125,9 +127,9 @@ static unsigned int check_des_parms(unsigned int mode,
#ifdef ICA_FIPS
static unsigned int fips_check_3des_key(const ica_des_key_triple_t *key) {
- if (!CRYPTO_memcmp(key->key1, key->key2, DES_KEY_LENGTH)
- | !CRYPTO_memcmp(key->key1, key->key3, DES_KEY_LENGTH)
- | !CRYPTO_memcmp(key->key2, key->key3, DES_KEY_LENGTH))
+ if (!CRYPTO_memcmp(key->key1, key->key2, DES_KEY_LEN64)
+ | !CRYPTO_memcmp(key->key1, key->key3, DES_KEY_LEN64)
+ | !CRYPTO_memcmp(key->key2, key->key3, DES_KEY_LEN64))
return EINVAL;
return 0;
--
2.16.4

View File

@ -0,0 +1,48 @@
From a4a9381d1597b78374925385a6d71cf8ccb16c21 Mon Sep 17 00:00:00 2001
From: Joerg Schmidbauer <jschmidb@de.ibm.com>
Date: Fri, 27 Mar 2020 15:25:33 +0100
Subject: [PATCH] icainfo: bugfix for RSA and EC related info for software
column.
The software column did never show 'yes' for RSA ME, RSA CRT, ECDH,
ECDSA sign, ECDSA verify, and ECKGEN, due to the missing ICA_FLAG_SW
flag in the icaList.
Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
---
src/s390_crypto.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/s390_crypto.c b/src/s390_crypto.c
index ab7a269..8fb5662 100644
--- a/src/s390_crypto.c
+++ b/src/s390_crypto.c
@@ -489,10 +489,10 @@ libica_func_list_element_int icaList[] = {
{AES_GCM_KMA, MSA8, AES_128_GCM_ENCRYPT, 0, 0},
{AES_XTS, MSA4, AES_128_XTS_ENCRYPT, 0, 0},
{P_RNG, ADAPTER, 0, ICA_FLAG_SHW | ICA_FLAG_SW, 0}, // SHW (CPACF) + SW
- {EC_DH, ADAPTER, 0, 0, 0},
- {EC_DSA_SIGN, ADAPTER, 0, 0, 0},
- {EC_DSA_VERIFY, ADAPTER, 0, 0, 0},
- {EC_KGEN, ADAPTER, 0, 0, 0},
+ {EC_DH, ADAPTER, 0, ICA_FLAG_SW, 0},
+ {EC_DSA_SIGN, ADAPTER, 0, ICA_FLAG_SW, 0},
+ {EC_DSA_VERIFY, ADAPTER, 0, ICA_FLAG_SW, 0},
+ {EC_KGEN, ADAPTER, 0, ICA_FLAG_SW, 0},
{ED25519_KEYGEN, MSA9, SCALAR_MULTIPLY_ED25519, 0, 0},
{ED25519_SIGN, MSA9, EDDSA_SIGN_ED25519, 0, 0},
{ED25519_VERIFY, MSA9, EDDSA_VERIFY_ED25519, 0, 0},
@@ -503,8 +503,8 @@ libica_func_list_element_int icaList[] = {
{X25519_DERIVE, MSA9, SCALAR_MULTIPLY_X25519, 0, 0},
{X448_KEYGEN, MSA9, SCALAR_MULTIPLY_X448, 0, 0},
{X448_DERIVE, MSA9, SCALAR_MULTIPLY_X448, 0, 0},
- {RSA_ME, ADAPTER, 0, 0, 0},
- {RSA_CRT, ADAPTER, 0, 0, 0},
+ {RSA_ME, ADAPTER, 0, ICA_FLAG_SW, 0},
+ {RSA_CRT, ADAPTER, 0, ICA_FLAG_SW, 0},
{RSA_KEY_GEN_ME, ADAPTER, 0, ICA_FLAG_SW, 0}, // SW (openssl)
{RSA_KEY_GEN_CRT, ADAPTER, 0, ICA_FLAG_SW, 0}, // SW (openssl)
--
2.16.4

View File

@ -1,3 +1,29 @@
-------------------------------------------------------------------
Thu May 7 18:01:31 UTC 2020 - Mark Post <mpost@suse.com>
- Added the following patches for FIPS certification (bsc#1162533)
* libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch
* libica-sles15sp2-FIPS-hmac-key.patch
- Added a BuildRequires for the fipscheck package.
- Made a couple of changes to the spec file based upon recommendations
by spec-cleaner.
-------------------------------------------------------------------
Wed Apr 8 18:55:24 UTC 2020 - Mark Post <mpost@suse.com>
- Added the following patches for FIPS certification.
* libica-sles15sp2-Fix-DES-and-TDES-key-length.patch
(bsc#1166071) Although a DES key has only 56 effective bits,
all 64 bits must be considered, because the parity bits are
spread over all 8 bytes of the key.
* libica-sles15sp2-FIPS-provide-output-iv-as-required-by-FIPS-tests.patch
(bsc#1166210) FIPS tests require the output iv to be the iv
resulting from decrypting the last block with a zero iv as input.
* libica-sles15sp2-icainfo-bugfix-for-RSA-and-EC-related-info-for-softw.patch
(bsc#1166224) The output from icainfo never shows 'yes' for
RSA ME, RSA CRT, ECDH, ECDSA sign, ECDSA verify, and ECKGEN,
due to the missing ICA_FLAG_SW flag in the icaList.
-------------------------------------------------------------------
Thu Nov 14 22:45:16 UTC 2019 - Mark Post <mpost@suse.com>

View File

@ -1,7 +1,7 @@
#
# spec file for package libica
#
# Copyright (c) 2018, 2019 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2018-2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -38,8 +38,15 @@ Source5: z90crypt.service
Source6: baselibs.conf
Source7: %{name}-rpmlintrc
Patch1: libica-sles15sp2-x25519-x448-fix-handling-of-non-canonical-values.patch
Patch2: libica-sles15sp2-Fix-DES-and-TDES-key-length.patch
Patch3: libica-sles15sp2-FIPS-provide-output-iv-as-required-by-FIPS-tests.patch
Patch4: libica-sles15sp2-icainfo-bugfix-for-RSA-and-EC-related-info-for-softw.patch
Patch5: libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch
Patch6: libica-sles15sp2-FIPS-hmac-key.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: fipscheck
BuildRequires: gcc-c++
BuildRequires: libtool
BuildRequires: openssl-devel
@ -115,8 +122,10 @@ cp %{SOURCE1} include/linux/
autoreconf --force --install
%configure CPPFLAGS="-Iinclude -fPIC" CFLAGS="%{optflags} -fPIC" \
--enable-fips
make %{?_smp_mflags} clean
make %{?_smp_mflags}
%make_build clean
%make_build
%{expand:%%global __os_install_post {%__os_install_post fipshmac %{buildroot}/%{_libdir}/*.so.?.* }}
%install
%make_install
@ -134,7 +143,7 @@ rm -f %{buildroot}%{_datadir}/doc/libica/*
rmdir %{buildroot}%{_datadir}/doc/libica
%check
make check
%make_build check
%pre tools
%service_add_pre z90crypt.service
@ -155,6 +164,7 @@ make check
%files -n libica3
%defattr(-,root,root)
%{_libdir}/libica.so.3*
%{_libdir}/.libica.so.3*hmac
%files tools
%license LICENSE