forked from pool/libica
Accepting request 835924 from devel:openSUSE:Factory
OBS-URL: https://build.opensuse.org/request/show/835924 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libica?expand=0&rev=20
This commit is contained in:
commit
d3aee5742a
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:7762e86d288f66f4ab7a4b020b8e82d52506fff6860b4506e3774d70d2ef3a64
|
||||
size 538264
|
3
libica-3.7.0.tar.gz
Normal file
3
libica-3.7.0.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:a08fe8a3a5cb1fe75f2488d47f4785e92966c43bf8405f638fa1b2990823a505
|
||||
size 542422
|
@ -1,26 +0,0 @@
|
||||
From 64ff9599a7d17a5edc534a750777536b43e9c386 Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
Date: Mon, 9 Sep 2019 14:30:42 +0200
|
||||
Subject: [PATCH] Build with -pthread flag
|
||||
|
||||
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
---
|
||||
src/Makefile.am | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/Makefile.am b/src/Makefile.am
|
||||
index ff6bb49..5e75074 100644
|
||||
--- a/src/Makefile.am
|
||||
+++ b/src/Makefile.am
|
||||
@@ -7,7 +7,7 @@ AM_CFLAGS = @FLAGS@
|
||||
lib_LTLIBRARIES = libica.la
|
||||
|
||||
libica_la_CFLAGS = ${AM_CFLAGS} -I${srcdir}/include -I${srcdir}/../include \
|
||||
- -fvisibility=hidden
|
||||
+ -fvisibility=hidden -pthread
|
||||
libica_la_CCASFLAGS = ${AM_CFLAGS}
|
||||
libica_la_LIBADD = @LIBS@ -lrt -lcrypto
|
||||
libica_la_LDFLAGS = -Wl,--version-script=${srcdir}/../libica.map \
|
||||
--
|
||||
2.26.2
|
||||
|
@ -1,48 +0,0 @@
|
||||
From 422913a4834a6bc35270d5d890cb43c84779f18d Mon Sep 17 00:00:00 2001
|
||||
From: Joerg Schmidbauer <jschmidb@de.ibm.com>
|
||||
Date: Wed, 6 May 2020 09:50:20 +0200
|
||||
Subject: [PATCH] FIPS: HMAC based library integrity check addon
|
||||
|
||||
Initialize path variable with nulls by using calloc instead of
|
||||
malloc, improve checking of hmac length.
|
||||
|
||||
Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
|
||||
---
|
||||
src/fips.c | 7 +++++--
|
||||
1 file changed, 5 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/fips.c b/src/fips.c
|
||||
index bab00db..a1c6f5f 100644
|
||||
--- a/src/fips.c
|
||||
+++ b/src/fips.c
|
||||
@@ -154,7 +154,7 @@ static char *make_hmac_path(const char *origpath)
|
||||
char *path;
|
||||
const char *fn;
|
||||
|
||||
- path = malloc(sizeof(HMAC_PREFIX) + sizeof(HMAC_SUFFIX) + strlen(origpath) + 1);
|
||||
+ path = calloc(1, sizeof(HMAC_PREFIX) + sizeof(HMAC_SUFFIX) + strlen(origpath) + 1);
|
||||
if (path == NULL)
|
||||
return NULL;
|
||||
|
||||
@@ -184,6 +184,9 @@ static int compute_file_hmac(const char *path, void **buf, size_t *hmaclen)
|
||||
size_t hlen, len;
|
||||
long keylen;
|
||||
|
||||
+ *buf = NULL;
|
||||
+ *hmaclen = 0;
|
||||
+
|
||||
keybuf = OPENSSL_hexstr2buf(hmackey, &keylen);
|
||||
pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, keybuf, (int)keylen);
|
||||
if (!pkey)
|
||||
@@ -270,7 +273,7 @@ static int FIPSCHECK_verify(const char *path)
|
||||
if (compute_file_hmac(path, &buf, &buflen) != 0)
|
||||
goto end;
|
||||
|
||||
- if (memcmp(buf, hmac_buf, hmaclen) != 0)
|
||||
+ if (memcmp(buf, hmac_buf, buflen) != 0)
|
||||
goto end;
|
||||
|
||||
rc = 1;
|
||||
--
|
||||
2.26.2
|
||||
|
@ -1,74 +0,0 @@
|
||||
From 2078b62947d2e0f2641b48975786e839d6396be8 Mon Sep 17 00:00:00 2001
|
||||
From: Joerg Schmidbauer <jschmidb@de.ibm.com>
|
||||
Date: Wed, 6 May 2020 09:52:36 +0200
|
||||
Subject: [PATCH] FIPS: HMAC based library integrity check, rename variables
|
||||
|
||||
Rename variables to more speaking names, no logic change.
|
||||
|
||||
Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
|
||||
---
|
||||
src/fips.c | 24 ++++++++++++------------
|
||||
1 file changed, 12 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/src/fips.c b/src/fips.c
|
||||
index a1c6f5f..07310c3 100644
|
||||
--- a/src/fips.c
|
||||
+++ b/src/fips.c
|
||||
@@ -245,12 +245,12 @@ static int FIPSCHECK_verify(const char *path)
|
||||
{
|
||||
int rc = 0;
|
||||
FILE *fp;
|
||||
- unsigned char *hmac_buf = NULL;
|
||||
+ unsigned char *known_hmac = NULL;
|
||||
long hmaclen;
|
||||
char *hmacpath, *p;
|
||||
- char *hmac_str = NULL;
|
||||
- size_t n, buflen;
|
||||
- void *buf = NULL;
|
||||
+ char *known_hmac_str = NULL;
|
||||
+ size_t n, computed_hmac_len;
|
||||
+ void *computed_hmac = NULL;
|
||||
|
||||
hmacpath = make_hmac_path(path);
|
||||
if (hmacpath == NULL)
|
||||
@@ -262,29 +262,29 @@ static int FIPSCHECK_verify(const char *path)
|
||||
goto end;
|
||||
}
|
||||
|
||||
- if (getline(&hmac_str, &n, fp) <= 0)
|
||||
+ if (getline(&known_hmac_str, &n, fp) <= 0)
|
||||
goto end;
|
||||
|
||||
- if ((p = strchr(hmac_str, '\n')) != NULL)
|
||||
+ if ((p = strchr(known_hmac_str, '\n')) != NULL)
|
||||
*p = '\0';
|
||||
|
||||
- hmac_buf = OPENSSL_hexstr2buf(hmac_str, &hmaclen);
|
||||
+ known_hmac = OPENSSL_hexstr2buf(known_hmac_str, &hmaclen);
|
||||
|
||||
- if (compute_file_hmac(path, &buf, &buflen) != 0)
|
||||
+ if (compute_file_hmac(path, &computed_hmac, &computed_hmac_len) != 0)
|
||||
goto end;
|
||||
|
||||
- if (memcmp(buf, hmac_buf, buflen) != 0)
|
||||
+ if (memcmp(computed_hmac, known_hmac, computed_hmac_len) != 0)
|
||||
goto end;
|
||||
|
||||
rc = 1;
|
||||
|
||||
end:
|
||||
|
||||
- free(buf);
|
||||
- free(hmac_str);
|
||||
+ free(computed_hmac);
|
||||
+ free(known_hmac_str);
|
||||
free(hmacpath);
|
||||
|
||||
- OPENSSL_free(hmac_buf);
|
||||
+ OPENSSL_free(known_hmac);
|
||||
|
||||
if (fp)
|
||||
fclose(fp);
|
||||
--
|
||||
2.26.2
|
||||
|
@ -1,354 +0,0 @@
|
||||
From 231bba3b32bd246d8286f1c7dc231d836ea92bd9 Mon Sep 17 00:00:00 2001
|
||||
From: Joerg Schmidbauer <jschmidb@de.ibm.com>
|
||||
Date: Mon, 27 Apr 2020 11:18:26 +0200
|
||||
Subject: [PATCH] FIPS: introduce HMAC based library integrity check
|
||||
|
||||
When in FIPS mode, perform an integrity check on libica.so by calculating
|
||||
an HMAC from the file contents using a static HMAC key, and comparing it
|
||||
to a pre-calculated HMAC in a separate file. The HMAC key and HMAC file
|
||||
may be provided by a Distributor when building the packet. The test
|
||||
succeeds if the HMAC file is not present.
|
||||
|
||||
Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
|
||||
---
|
||||
include/ica_api.h | 2 +-
|
||||
src/Makefile.am | 4 +-
|
||||
src/fips.c | 224 ++++++++++++++++++++++++++++++++++++++++++++-
|
||||
src/include/fips.h | 4 +-
|
||||
test/fips_test.c | 4 +
|
||||
5 files changed, 232 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/include/ica_api.h b/include/ica_api.h
|
||||
index 91bf0be..8221f55 100644
|
||||
--- a/include/ica_api.h
|
||||
+++ b/include/ica_api.h
|
||||
@@ -216,7 +216,7 @@ typedef ica_adapter_handle_t ICA_ADAPTER_HANDLE;
|
||||
*/
|
||||
/* Cryptographic algorithm test (KAT or pair-wise consistency test) */
|
||||
#define ICA_FIPS_CRYPTOALG 2
|
||||
-/* Software/Firmware integrity test (not implemented yet) */
|
||||
+/* Software/Firmware integrity test */
|
||||
#define ICA_FIPS_INTEGRITY 4
|
||||
/* Critical functions test (N/A) */
|
||||
#define ICA_FIPS_CRITICALFUNC 8
|
||||
diff --git a/src/Makefile.am b/src/Makefile.am
|
||||
index 65f471f..9e4ef52 100644
|
||||
--- a/src/Makefile.am
|
||||
+++ b/src/Makefile.am
|
||||
@@ -9,7 +9,7 @@ lib_LTLIBRARIES = libica.la
|
||||
libica_la_CFLAGS = ${AM_CFLAGS} -I${srcdir}/include -I${srcdir}/../include \
|
||||
-fvisibility=hidden -pthread
|
||||
libica_la_CCASFLAGS = ${AM_CFLAGS}
|
||||
-libica_la_LIBADD = @LIBS@ -lrt -lcrypto
|
||||
+libica_la_LIBADD = @LIBS@ -lrt -lcrypto -ldl
|
||||
libica_la_LDFLAGS = -Wl,--version-script=${srcdir}/../libica.map \
|
||||
-version-number ${VERSION}
|
||||
libica_la_SOURCES = ica_api.c init.c icastats_shared.c s390_rsa.c \
|
||||
@@ -53,7 +53,7 @@ internal_tests_ec_internal_test_CFLAGS = ${AM_CFLAGS} -I${srcdir}/include \
|
||||
-DICA_INTERNAL_TEST \
|
||||
-DICA_INTERNAL_TEST_EC
|
||||
internal_tests_ec_internal_test_CCASFLAGS = ${AM_CFLAGS}
|
||||
-internal_tests_ec_internal_test_LDADD = @LIBS@ -lrt -lcrypto -lpthread
|
||||
+internal_tests_ec_internal_test_LDADD = @LIBS@ -lrt -lcrypto -lpthread -ldl
|
||||
internal_tests_ec_internal_test_SOURCES = \
|
||||
ica_api.c init.c icastats_shared.c s390_rsa.c \
|
||||
s390_crypto.c s390_ecc.c s390_prng.c s390_sha.c \
|
||||
diff --git a/src/fips.c b/src/fips.c
|
||||
index d09a553..bab00db 100644
|
||||
--- a/src/fips.c
|
||||
+++ b/src/fips.c
|
||||
@@ -13,11 +13,13 @@
|
||||
|
||||
#include <errno.h>
|
||||
#include <openssl/crypto.h>
|
||||
+#include <openssl/evp.h>
|
||||
#include <stdint.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <syslog.h>
|
||||
+#include <dlfcn.h>
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
#ifdef OPENSSL_FIPS
|
||||
@@ -28,6 +30,24 @@
|
||||
#include "ica_api.h"
|
||||
#include "test_vec.h"
|
||||
|
||||
+#ifndef PATH_MAX
|
||||
+#define PATH_MAX 4096
|
||||
+#endif
|
||||
+
|
||||
+#define HMAC_PREFIX "."
|
||||
+#define HMAC_SUFFIX ".hmac"
|
||||
+#define READ_BUFFER_LENGTH 16384
|
||||
+
|
||||
+/*
|
||||
+ * The hard-coded HMAC key to be optionally provided for the library
|
||||
+ * integrity test. The recommended key size for HMAC-SHA256 is 64 bytes.
|
||||
+ * The known HMAC is supposed to be provided as hex string in a file
|
||||
+ * libica.so.MAJOR.hmac in the same directory as the .so module.
|
||||
+ */
|
||||
+static const char hmackey[] =
|
||||
+ "0000000000000000000000000000000000000000000000000000000000000000"
|
||||
+ "0000000000000000000000000000000000000000000000000000000000000000";
|
||||
+
|
||||
int fips;
|
||||
|
||||
static int aes_ecb_kat(void);
|
||||
@@ -101,6 +121,206 @@ fips_init(void)
|
||||
FIPS_mode_set(1);
|
||||
}
|
||||
}
|
||||
+static int get_library_path(const char *libname, const char *symbolname,
|
||||
+ char *path, size_t pathlen)
|
||||
+{
|
||||
+ Dl_info info;
|
||||
+ void *dl, *sym;
|
||||
+ int rc = -1;
|
||||
+
|
||||
+ dl = dlopen(libname, RTLD_LAZY);
|
||||
+ if (dl == NULL)
|
||||
+ goto done;
|
||||
+
|
||||
+ sym = dlsym(dl, symbolname);
|
||||
+ if (sym != NULL && dladdr(sym, &info)) {
|
||||
+ if (strlen(info.dli_fname) < pathlen)
|
||||
+ strcpy(path, info.dli_fname);
|
||||
+ else
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ rc = 0;
|
||||
+
|
||||
+done:
|
||||
+ if (dl != NULL)
|
||||
+ dlclose(dl);
|
||||
+
|
||||
+ return rc;
|
||||
+}
|
||||
+
|
||||
+static char *make_hmac_path(const char *origpath)
|
||||
+{
|
||||
+ char *path;
|
||||
+ const char *fn;
|
||||
+
|
||||
+ path = malloc(sizeof(HMAC_PREFIX) + sizeof(HMAC_SUFFIX) + strlen(origpath) + 1);
|
||||
+ if (path == NULL)
|
||||
+ return NULL;
|
||||
+
|
||||
+ fn = strrchr(origpath, '/');
|
||||
+ if (fn == NULL) {
|
||||
+ fn = origpath;
|
||||
+ } else {
|
||||
+ ++fn;
|
||||
+ }
|
||||
+
|
||||
+ strncpy(path, origpath, fn - origpath);
|
||||
+ strcat(path, HMAC_PREFIX);
|
||||
+ strcat(path, fn);
|
||||
+ strcat(path, HMAC_SUFFIX);
|
||||
+
|
||||
+ return path;
|
||||
+}
|
||||
+
|
||||
+static int compute_file_hmac(const char *path, void **buf, size_t *hmaclen)
|
||||
+{
|
||||
+ FILE *fp = NULL;
|
||||
+ int rc = -1;
|
||||
+ unsigned char rbuf[READ_BUFFER_LENGTH];
|
||||
+ unsigned char *keybuf;
|
||||
+ EVP_MD_CTX *mdctx = NULL;
|
||||
+ EVP_PKEY *pkey = NULL;
|
||||
+ size_t hlen, len;
|
||||
+ long keylen;
|
||||
+
|
||||
+ keybuf = OPENSSL_hexstr2buf(hmackey, &keylen);
|
||||
+ pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, keybuf, (int)keylen);
|
||||
+ if (!pkey)
|
||||
+ goto end;
|
||||
+
|
||||
+ mdctx = EVP_MD_CTX_create();
|
||||
+ if (!mdctx)
|
||||
+ goto end;
|
||||
+
|
||||
+ fp = fopen(path, "r");
|
||||
+ if (fp == NULL)
|
||||
+ goto end;
|
||||
+
|
||||
+ if (EVP_DigestSignInit(mdctx, NULL, EVP_sha256(), NULL, pkey) <= 0)
|
||||
+ goto end;
|
||||
+
|
||||
+ while ((len = fread(rbuf, 1, sizeof(rbuf), fp)) != 0) {
|
||||
+ if (EVP_DigestSignUpdate(mdctx, rbuf, len) <= 0) {
|
||||
+ goto end;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (EVP_DigestSignFinal(mdctx, rbuf, &hlen) <= 0)
|
||||
+ goto end;
|
||||
+
|
||||
+ *buf = malloc(hlen);
|
||||
+ if (*buf == NULL)
|
||||
+ goto end;
|
||||
+
|
||||
+ *hmaclen = hlen;
|
||||
+
|
||||
+ memcpy(*buf, rbuf, hlen);
|
||||
+
|
||||
+ rc = 0;
|
||||
+
|
||||
+end:
|
||||
+
|
||||
+ if (pkey != NULL)
|
||||
+ EVP_PKEY_free(pkey);
|
||||
+
|
||||
+ free(keybuf);
|
||||
+ EVP_MD_CTX_destroy(mdctx);
|
||||
+ if (fp)
|
||||
+ fclose(fp);
|
||||
+
|
||||
+ return rc;
|
||||
+}
|
||||
+
|
||||
+/**
|
||||
+ * Performs the FIPS check.
|
||||
+ *
|
||||
+ * @return 1 if check succeeded
|
||||
+ * 0 otherwise
|
||||
+ */
|
||||
+static int FIPSCHECK_verify(const char *path)
|
||||
+{
|
||||
+ int rc = 0;
|
||||
+ FILE *fp;
|
||||
+ unsigned char *hmac_buf = NULL;
|
||||
+ long hmaclen;
|
||||
+ char *hmacpath, *p;
|
||||
+ char *hmac_str = NULL;
|
||||
+ size_t n, buflen;
|
||||
+ void *buf = NULL;
|
||||
+
|
||||
+ hmacpath = make_hmac_path(path);
|
||||
+ if (hmacpath == NULL)
|
||||
+ return 0;
|
||||
+
|
||||
+ fp = fopen(hmacpath, "r");
|
||||
+ if (fp == NULL) {
|
||||
+ rc = 1;
|
||||
+ goto end;
|
||||
+ }
|
||||
+
|
||||
+ if (getline(&hmac_str, &n, fp) <= 0)
|
||||
+ goto end;
|
||||
+
|
||||
+ if ((p = strchr(hmac_str, '\n')) != NULL)
|
||||
+ *p = '\0';
|
||||
+
|
||||
+ hmac_buf = OPENSSL_hexstr2buf(hmac_str, &hmaclen);
|
||||
+
|
||||
+ if (compute_file_hmac(path, &buf, &buflen) != 0)
|
||||
+ goto end;
|
||||
+
|
||||
+ if (memcmp(buf, hmac_buf, hmaclen) != 0)
|
||||
+ goto end;
|
||||
+
|
||||
+ rc = 1;
|
||||
+
|
||||
+end:
|
||||
+
|
||||
+ free(buf);
|
||||
+ free(hmac_str);
|
||||
+ free(hmacpath);
|
||||
+
|
||||
+ OPENSSL_free(hmac_buf);
|
||||
+
|
||||
+ if (fp)
|
||||
+ fclose(fp);
|
||||
+
|
||||
+ return rc;
|
||||
+}
|
||||
+
|
||||
+static const char msg1[] = "Libica FIPS library integrity check failed. Cannot determine library path.\n";
|
||||
+static const char msg2[] = "Libica FIPS library integrity check failed. Module %s probably corrupted.\n";
|
||||
+static const char msg3[] = "Libica FIPS library integrity check passed.\n";
|
||||
+
|
||||
+/*
|
||||
+ * Perform an integrity check on libica.so by calculating an HMAC from
|
||||
+ * the file contents using a static HMAC key, and comparing it to a
|
||||
+ * pre-calculated HMAC in a separate file. The HMAC key and HMAC file
|
||||
+ * may be provided by a Distributor when building the packet.
|
||||
+ */
|
||||
+static void fips_lib_integrity_check(void)
|
||||
+{
|
||||
+ int rc;
|
||||
+ char path[PATH_MAX];
|
||||
+ const char *libname = "libica.so";
|
||||
+ const char *symbolname = "ica_sha256";
|
||||
+
|
||||
+ rc = get_library_path(libname, symbolname, path, sizeof(path));
|
||||
+ if (rc != 0) {
|
||||
+ syslog(LOG_ERR, msg1);
|
||||
+ fips |= ICA_FIPS_INTEGRITY;
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ if (!FIPSCHECK_verify(path)) {
|
||||
+ syslog(LOG_ERR, msg2, path);
|
||||
+ fips |= ICA_FIPS_INTEGRITY;
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ syslog(LOG_INFO, msg3);
|
||||
+}
|
||||
|
||||
void
|
||||
fips_powerup_tests(void)
|
||||
@@ -117,6 +337,9 @@ fips_powerup_tests(void)
|
||||
fips |= ICA_FIPS_CRYPTOALG;
|
||||
return;
|
||||
}
|
||||
+
|
||||
+ /* Library integrity test */
|
||||
+ fips_lib_integrity_check();
|
||||
}
|
||||
|
||||
static int
|
||||
@@ -933,5 +1156,4 @@ _err_:
|
||||
syslog(LOG_ERR, "Libica RSA test failed.");
|
||||
return 1;
|
||||
}
|
||||
-
|
||||
#endif /* FIPS_H */
|
||||
diff --git a/src/include/fips.h b/src/include/fips.h
|
||||
index 421be4c..0ffdef6 100644
|
||||
--- a/src/include/fips.h
|
||||
+++ b/src/include/fips.h
|
||||
@@ -27,8 +27,8 @@ extern int fips; /* module status */
|
||||
void fips_init(void);
|
||||
|
||||
/*
|
||||
- * Powerup tests: crypto algorithm test, SW/FW integrity test (not implemented
|
||||
- * yet), critical function test (no critical functions). The tests set the
|
||||
+ * Powerup tests: crypto algorithm test, SW/FW integrity test, critical
|
||||
+ * function test (no critical functions). The tests set the
|
||||
* corresponding status flags.
|
||||
*/
|
||||
void fips_powerup_tests(void);
|
||||
diff --git a/test/fips_test.c b/test/fips_test.c
|
||||
index 06563e3..0f1940d 100644
|
||||
--- a/test/fips_test.c
|
||||
+++ b/test/fips_test.c
|
||||
@@ -57,6 +57,10 @@ main(void)
|
||||
printf("Libica FIPS powerup test failed.\n");
|
||||
rv = EXIT_FAILURE;
|
||||
}
|
||||
+ if (fips & ICA_FIPS_INTEGRITY) {
|
||||
+ printf("Libica FIPS integrity check failed.\n");
|
||||
+ rv = EXIT_FAILURE;
|
||||
+ }
|
||||
#endif /* ICA_FIPS */
|
||||
|
||||
printf("OpenSSL version is '%s'.\n", OPENSSL_VERSION_TEXT);
|
||||
--
|
||||
2.26.2
|
||||
|
@ -1,41 +0,0 @@
|
||||
From b687f1514b3d371cdc44b5b3b02d5ddd9ac4eb54 Mon Sep 17 00:00:00 2001
|
||||
From: Joerg Schmidbauer <jschmidb@de.ibm.com>
|
||||
Date: Wed, 25 Mar 2020 10:07:10 +0100
|
||||
Subject: [PATCH] FIPS: provide output iv as required by FIPS tests
|
||||
|
||||
This fix is introduced to satisfy FIPS tests. They require the
|
||||
output iv to be the iv resulting from decrypting the last block
|
||||
with a zero iv as input. But note that this is not described
|
||||
in the NIST standard for CBC-CS. According to the standard,
|
||||
the output iv is simply undefined.
|
||||
|
||||
Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
|
||||
---
|
||||
src/include/s390_cbccs.h | 11 +++++++++++
|
||||
1 file changed, 11 insertions(+)
|
||||
|
||||
diff --git a/src/include/s390_cbccs.h b/src/include/s390_cbccs.h
|
||||
index aa29bff..f6626dc 100644
|
||||
--- a/src/include/s390_cbccs.h
|
||||
+++ b/src/include/s390_cbccs.h
|
||||
@@ -287,6 +287,17 @@ s390_aes_cbccs_dec(unsigned int fc, const unsigned char *in_data,
|
||||
block_xor(out_data + tmp_data_length + AES_BLOCK_SIZE,
|
||||
tmp_in_data, tmp_out_data, rest_data_length);
|
||||
|
||||
+ /*
|
||||
+ * This fix was introduced to satisfy FIPS tests. They require the
|
||||
+ * output iv to be the iv resulting from decrypting the last block
|
||||
+ * with a zero iv as input, which is tmp_iv here. But note that this
|
||||
+ * is not described in the NIST standard for CBC-CS. According to the
|
||||
+ * standard, the output iv is simply undefined.
|
||||
+ */
|
||||
+#ifdef ICA_FIPS
|
||||
+ memcpy(iv, tmp_iv, AES_BLOCK_SIZE);
|
||||
+#endif /* ICA_FIPS */
|
||||
+
|
||||
return 0;
|
||||
}
|
||||
|
||||
--
|
||||
2.16.4
|
||||
|
@ -1,43 +0,0 @@
|
||||
From db1ad6f64d96c6dba2be5af5a4ecd7ceb8f92cf2 Mon Sep 17 00:00:00 2001
|
||||
From: Joerg Schmidbauer <jschmidb@de.ibm.com>
|
||||
Date: Wed, 18 Mar 2020 16:48:43 +0100
|
||||
Subject: [PATCH] Fix DES and TDES key length.
|
||||
|
||||
Although a DES key has only 56 effective bits, all 64 bits must be
|
||||
considered, because the parity bits are spread over all 8 bytes of
|
||||
the key.
|
||||
|
||||
Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
|
||||
---
|
||||
src/ica_api.c | 8 +++++---
|
||||
1 file changed, 5 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/ica_api.c b/src/ica_api.c
|
||||
index b80c6e3..eb6b154 100644
|
||||
--- a/src/ica_api.c
|
||||
+++ b/src/ica_api.c
|
||||
@@ -48,6 +48,8 @@
|
||||
#define DEFAULT2_CRYPT_DEVICE "/dev/z90crypt"
|
||||
#define DEFAULT3_CRYPT_DEVICE "/dev/zcrypt"
|
||||
|
||||
+#define DES_KEY_LEN64 (64/8)
|
||||
+
|
||||
#define MAX_VERSION_LENGTH 16
|
||||
|
||||
int ica_fallbacks_enabled = 1;
|
||||
@@ -125,9 +127,9 @@ static unsigned int check_des_parms(unsigned int mode,
|
||||
|
||||
#ifdef ICA_FIPS
|
||||
static unsigned int fips_check_3des_key(const ica_des_key_triple_t *key) {
|
||||
- if (!CRYPTO_memcmp(key->key1, key->key2, DES_KEY_LENGTH)
|
||||
- | !CRYPTO_memcmp(key->key1, key->key3, DES_KEY_LENGTH)
|
||||
- | !CRYPTO_memcmp(key->key2, key->key3, DES_KEY_LENGTH))
|
||||
+ if (!CRYPTO_memcmp(key->key1, key->key2, DES_KEY_LEN64)
|
||||
+ | !CRYPTO_memcmp(key->key1, key->key3, DES_KEY_LEN64)
|
||||
+ | !CRYPTO_memcmp(key->key2, key->key3, DES_KEY_LEN64))
|
||||
return EINVAL;
|
||||
|
||||
return 0;
|
||||
--
|
||||
2.16.4
|
||||
|
@ -1,48 +0,0 @@
|
||||
From a4a9381d1597b78374925385a6d71cf8ccb16c21 Mon Sep 17 00:00:00 2001
|
||||
From: Joerg Schmidbauer <jschmidb@de.ibm.com>
|
||||
Date: Fri, 27 Mar 2020 15:25:33 +0100
|
||||
Subject: [PATCH] icainfo: bugfix for RSA and EC related info for software
|
||||
column.
|
||||
|
||||
The software column did never show 'yes' for RSA ME, RSA CRT, ECDH,
|
||||
ECDSA sign, ECDSA verify, and ECKGEN, due to the missing ICA_FLAG_SW
|
||||
flag in the icaList.
|
||||
|
||||
Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
|
||||
---
|
||||
src/s390_crypto.c | 12 ++++++------
|
||||
1 file changed, 6 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/src/s390_crypto.c b/src/s390_crypto.c
|
||||
index ab7a269..8fb5662 100644
|
||||
--- a/src/s390_crypto.c
|
||||
+++ b/src/s390_crypto.c
|
||||
@@ -489,10 +489,10 @@ libica_func_list_element_int icaList[] = {
|
||||
{AES_GCM_KMA, MSA8, AES_128_GCM_ENCRYPT, 0, 0},
|
||||
{AES_XTS, MSA4, AES_128_XTS_ENCRYPT, 0, 0},
|
||||
{P_RNG, ADAPTER, 0, ICA_FLAG_SHW | ICA_FLAG_SW, 0}, // SHW (CPACF) + SW
|
||||
- {EC_DH, ADAPTER, 0, 0, 0},
|
||||
- {EC_DSA_SIGN, ADAPTER, 0, 0, 0},
|
||||
- {EC_DSA_VERIFY, ADAPTER, 0, 0, 0},
|
||||
- {EC_KGEN, ADAPTER, 0, 0, 0},
|
||||
+ {EC_DH, ADAPTER, 0, ICA_FLAG_SW, 0},
|
||||
+ {EC_DSA_SIGN, ADAPTER, 0, ICA_FLAG_SW, 0},
|
||||
+ {EC_DSA_VERIFY, ADAPTER, 0, ICA_FLAG_SW, 0},
|
||||
+ {EC_KGEN, ADAPTER, 0, ICA_FLAG_SW, 0},
|
||||
{ED25519_KEYGEN, MSA9, SCALAR_MULTIPLY_ED25519, 0, 0},
|
||||
{ED25519_SIGN, MSA9, EDDSA_SIGN_ED25519, 0, 0},
|
||||
{ED25519_VERIFY, MSA9, EDDSA_VERIFY_ED25519, 0, 0},
|
||||
@@ -503,8 +503,8 @@ libica_func_list_element_int icaList[] = {
|
||||
{X25519_DERIVE, MSA9, SCALAR_MULTIPLY_X25519, 0, 0},
|
||||
{X448_KEYGEN, MSA9, SCALAR_MULTIPLY_X448, 0, 0},
|
||||
{X448_DERIVE, MSA9, SCALAR_MULTIPLY_X448, 0, 0},
|
||||
- {RSA_ME, ADAPTER, 0, 0, 0},
|
||||
- {RSA_CRT, ADAPTER, 0, 0, 0},
|
||||
+ {RSA_ME, ADAPTER, 0, ICA_FLAG_SW, 0},
|
||||
+ {RSA_CRT, ADAPTER, 0, ICA_FLAG_SW, 0},
|
||||
{RSA_KEY_GEN_ME, ADAPTER, 0, ICA_FLAG_SW, 0}, // SW (openssl)
|
||||
{RSA_KEY_GEN_CRT, ADAPTER, 0, ICA_FLAG_SW, 0}, // SW (openssl)
|
||||
|
||||
--
|
||||
2.16.4
|
||||
|
@ -1,131 +0,0 @@
|
||||
From a3b36ef136e304a1e2dc12ef7b96686202cbd00d Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
Date: Wed, 13 Nov 2019 17:12:43 +0100
|
||||
Subject: [PATCH] x25519,x448: fix handling of non-canonical values
|
||||
|
||||
Reduce the peer public key's u-coordinate if it is >= p.
|
||||
|
||||
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
||||
---
|
||||
src/s390_ecc.c | 91 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 91 insertions(+)
|
||||
|
||||
diff --git a/src/s390_ecc.c b/src/s390_ecc.c
|
||||
index 7654959..62799ee 100644
|
||||
--- a/src/s390_ecc.c
|
||||
+++ b/src/s390_ecc.c
|
||||
@@ -557,6 +557,91 @@ struct { \
|
||||
return rc;
|
||||
}
|
||||
|
||||
+/*
|
||||
+ * mask must be 0xFF or 0x00.
|
||||
+ * "constant time" is per len.
|
||||
+ *
|
||||
+ * if (mask) {
|
||||
+ * unsigned char tmp[len];
|
||||
+ *
|
||||
+ * memcpy(tmp, a, len);
|
||||
+ * memcpy(a, b);
|
||||
+ * memcpy(b, tmp);
|
||||
+ * }
|
||||
+ */
|
||||
+static inline void constant_time_cond_swap_buff(unsigned char mask,
|
||||
+ unsigned char *a,
|
||||
+ unsigned char *b,
|
||||
+ size_t len)
|
||||
+{
|
||||
+ size_t i;
|
||||
+ unsigned char tmp;
|
||||
+
|
||||
+ for (i = 0; i < len; i++) {
|
||||
+ tmp = a[i] ^ b[i];
|
||||
+ tmp &= mask;
|
||||
+ a[i] ^= tmp;
|
||||
+ b[i] ^= tmp;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+
|
||||
+static void s390_x25519_mod_p(unsigned char u[32])
|
||||
+{
|
||||
+ unsigned char u_red[32];
|
||||
+ unsigned int c = 0;
|
||||
+ int i;
|
||||
+
|
||||
+ memcpy(u_red, u, sizeof(u_red));
|
||||
+
|
||||
+ c += (unsigned int)u_red[31] + 19;
|
||||
+ u_red[31] = (unsigned char)c;
|
||||
+ c >>= 8;
|
||||
+
|
||||
+ for (i = 30; i >= 0; i--) {
|
||||
+ c += (unsigned int)u_red[i];
|
||||
+ u_red[i] = (unsigned char)c;
|
||||
+ c >>= 8;
|
||||
+ }
|
||||
+
|
||||
+ c = (u_red[0] & 0x80) >> 7;
|
||||
+ u_red[0] &= 0x7f;
|
||||
+ constant_time_cond_swap_buff(0 - (unsigned char)c,
|
||||
+ u, u_red, sizeof(u_red));
|
||||
+}
|
||||
+
|
||||
+static void s390_x448_mod_p(unsigned char u[56])
|
||||
+{
|
||||
+ unsigned char u_red[56];
|
||||
+ unsigned int c = 0;
|
||||
+ int i;
|
||||
+
|
||||
+ memcpy(u_red, u, sizeof(u_red));
|
||||
+
|
||||
+ c += (unsigned int)u_red[55] + 1;
|
||||
+ u_red[55] = (unsigned char)c;
|
||||
+ c >>= 8;
|
||||
+
|
||||
+ for (i = 54; i >= 28; i--) {
|
||||
+ c += (unsigned int)u_red[i];
|
||||
+ u_red[i] = (unsigned char)c;
|
||||
+ c >>= 8;
|
||||
+ }
|
||||
+
|
||||
+ c += (unsigned int)u_red[27] + 1;
|
||||
+ u_red[27] = (unsigned char)c;
|
||||
+ c >>= 8;
|
||||
+
|
||||
+ for (i = 26; i >= 0; i--) {
|
||||
+ c += (unsigned int)u_red[i];
|
||||
+ u_red[i] = (unsigned char)c;
|
||||
+ c >>= 8;
|
||||
+ }
|
||||
+
|
||||
+ constant_time_cond_swap_buff(0 - (unsigned char)c,
|
||||
+ u, u_red, sizeof(u_red));
|
||||
+}
|
||||
+
|
||||
int scalar_mulx_cpacf(unsigned char *res_u,
|
||||
const unsigned char *scalar,
|
||||
const unsigned char *u,
|
||||
@@ -598,6 +683,9 @@ struct { \
|
||||
s390_flip_endian_32(param.X25519.u, param.X25519.u);
|
||||
s390_flip_endian_32(param.X25519.scalar, param.X25519.scalar);
|
||||
|
||||
+ /* reduce non-canonical values */
|
||||
+ s390_x25519_mod_p(param.X25519.u);
|
||||
+
|
||||
fc = s390_pcc_functions[SCALAR_MULTIPLY_X25519].hw_fc;
|
||||
rc = s390_pcc(fc, ¶m) ? EIO : 0;
|
||||
|
||||
@@ -619,6 +707,9 @@ struct { \
|
||||
s390_flip_endian_64(param.X448.u, param.X448.u);
|
||||
s390_flip_endian_64(param.X448.scalar, param.X448.scalar);
|
||||
|
||||
+ /* reduce non-canonical values */
|
||||
+ s390_x448_mod_p(param.X448.u + 8);
|
||||
+
|
||||
fc = s390_pcc_functions[SCALAR_MULTIPLY_X448].hw_fc;
|
||||
rc = s390_pcc(fc, ¶m) ? EIO : 0;
|
||||
|
||||
--
|
||||
2.13.7
|
||||
|
@ -1,3 +1,25 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Sep 18 20:59:39 UTC 2020 - Mark Post <mpost@suse.com>
|
||||
|
||||
- Upgraded to version 3.7.0 (jsc#SLE-14466)
|
||||
* Version 3.7.0
|
||||
- [FEATURE] FIPS: Add HMAC based library integrity check
|
||||
- [PATCH] icainfo: bugfix for RSA and EC related info for software column.
|
||||
- [PATCH] FIPS: provide output iv in cbc-cs decrypt as required by FIPS tests
|
||||
- [PATCH] FIPS: Fix DES and TDES key length
|
||||
- [PATCH] icastats: Fix stats counter format
|
||||
* Version 3.6.1
|
||||
- [PATCH] Fix x25519 and x448 handling of non-canonical values
|
||||
- Removed the following obsolete patches
|
||||
* libica-sles15sp2-x25519-x448-fix-handling-of-non-canonical-values.patch
|
||||
* libica-sles15sp2-Fix-DES-and-TDES-key-length.patch
|
||||
* libica-sles15sp2-FIPS-provide-output-iv-as-required-by-FIPS-tests.patch
|
||||
* libica-sles15sp2-icainfo-bugfix-for-RSA-and-EC-related-info-for-softw.patch
|
||||
* libica-sles15sp2-Build-with-pthread-flag.patch
|
||||
* libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch
|
||||
* libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-addon.patch
|
||||
* libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-rename-variables.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 15 21:08:38 UTC 2020 - Mark Post <mpost@suse.com>
|
||||
|
||||
|
20
libica.spec
20
libica.spec
@ -22,7 +22,7 @@
|
||||
%endif
|
||||
|
||||
Name: libica
|
||||
Version: 3.6.0
|
||||
Version: 3.7.0
|
||||
Release: 0
|
||||
Summary: Library interface for the IBM Cryptographic Accelerator device driver
|
||||
License: CPL-1.0
|
||||
@ -37,19 +37,11 @@ Source4: z90crypt
|
||||
Source5: z90crypt.service
|
||||
Source6: baselibs.conf
|
||||
Source7: %{name}-rpmlintrc
|
||||
Patch1: libica-sles15sp2-x25519-x448-fix-handling-of-non-canonical-values.patch
|
||||
Patch2: libica-sles15sp2-Fix-DES-and-TDES-key-length.patch
|
||||
Patch3: libica-sles15sp2-FIPS-provide-output-iv-as-required-by-FIPS-tests.patch
|
||||
Patch4: libica-sles15sp2-icainfo-bugfix-for-RSA-and-EC-related-info-for-softw.patch
|
||||
Patch5: libica-sles15sp2-Build-with-pthread-flag.patch
|
||||
Patch6: libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch
|
||||
Patch7: libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-addon.patch
|
||||
Patch8: libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-rename-variables.patch
|
||||
Patch9: libica-sles15sp2-Zeroize-local-variables.patch
|
||||
Patch10: libica-sles15sp2-FIPS-add-SHA3-KATs-to-fips_powerup_tests.patch
|
||||
Patch11: libica-sles15sp2-FIPS-skip-SHA3-tests-if-running-on-hardware-without-.patch
|
||||
Patch12: libica-sles15sp2-FIPS-use-full-library-version-for-hmac-filename.patch
|
||||
Patch13: libica-sles15sp2-FIPS-fix-inconsistent-error-handling.patch
|
||||
Patch01: libica-sles15sp2-Zeroize-local-variables.patch
|
||||
Patch02: libica-sles15sp2-FIPS-add-SHA3-KATs-to-fips_powerup_tests.patch
|
||||
Patch03: libica-sles15sp2-FIPS-skip-SHA3-tests-if-running-on-hardware-without-.patch
|
||||
Patch04: libica-sles15sp2-FIPS-use-full-library-version-for-hmac-filename.patch
|
||||
Patch05: libica-sles15sp2-FIPS-fix-inconsistent-error-handling.patch
|
||||
Patch99: libica-sles15sp2-FIPS-hmac-key.patch
|
||||
|
||||
BuildRequires: autoconf
|
||||
|
Loading…
Reference in New Issue
Block a user