diff --git a/libica-3.6.0.tar.gz b/libica-3.6.0.tar.gz deleted file mode 100644 index cff0b44..0000000 --- a/libica-3.6.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7762e86d288f66f4ab7a4b020b8e82d52506fff6860b4506e3774d70d2ef3a64 -size 538264 diff --git a/libica-3.7.0.tar.gz b/libica-3.7.0.tar.gz new file mode 100644 index 0000000..6a52926 --- /dev/null +++ b/libica-3.7.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a08fe8a3a5cb1fe75f2488d47f4785e92966c43bf8405f638fa1b2990823a505 +size 542422 diff --git a/libica-sles15sp2-Build-with-pthread-flag.patch b/libica-sles15sp2-Build-with-pthread-flag.patch deleted file mode 100644 index 834eb8d..0000000 --- a/libica-sles15sp2-Build-with-pthread-flag.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 64ff9599a7d17a5edc534a750777536b43e9c386 Mon Sep 17 00:00:00 2001 -From: Patrick Steuer -Date: Mon, 9 Sep 2019 14:30:42 +0200 -Subject: [PATCH] Build with -pthread flag - -Signed-off-by: Patrick Steuer ---- - src/Makefile.am | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/Makefile.am b/src/Makefile.am -index ff6bb49..5e75074 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -7,7 +7,7 @@ AM_CFLAGS = @FLAGS@ - lib_LTLIBRARIES = libica.la - - libica_la_CFLAGS = ${AM_CFLAGS} -I${srcdir}/include -I${srcdir}/../include \ -- -fvisibility=hidden -+ -fvisibility=hidden -pthread - libica_la_CCASFLAGS = ${AM_CFLAGS} - libica_la_LIBADD = @LIBS@ -lrt -lcrypto - libica_la_LDFLAGS = -Wl,--version-script=${srcdir}/../libica.map \ --- -2.26.2 - diff --git a/libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-addon.patch b/libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-addon.patch deleted file mode 100644 index fb10b28..0000000 --- a/libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-addon.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 422913a4834a6bc35270d5d890cb43c84779f18d Mon Sep 17 00:00:00 2001 -From: Joerg Schmidbauer -Date: Wed, 6 May 2020 09:50:20 +0200 -Subject: [PATCH] FIPS: HMAC based library integrity check addon - -Initialize path variable with nulls by using calloc instead of -malloc, improve checking of hmac length. - -Signed-off-by: Joerg Schmidbauer ---- - src/fips.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/src/fips.c b/src/fips.c -index bab00db..a1c6f5f 100644 ---- a/src/fips.c -+++ b/src/fips.c -@@ -154,7 +154,7 @@ static char *make_hmac_path(const char *origpath) - char *path; - const char *fn; - -- path = malloc(sizeof(HMAC_PREFIX) + sizeof(HMAC_SUFFIX) + strlen(origpath) + 1); -+ path = calloc(1, sizeof(HMAC_PREFIX) + sizeof(HMAC_SUFFIX) + strlen(origpath) + 1); - if (path == NULL) - return NULL; - -@@ -184,6 +184,9 @@ static int compute_file_hmac(const char *path, void **buf, size_t *hmaclen) - size_t hlen, len; - long keylen; - -+ *buf = NULL; -+ *hmaclen = 0; -+ - keybuf = OPENSSL_hexstr2buf(hmackey, &keylen); - pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, keybuf, (int)keylen); - if (!pkey) -@@ -270,7 +273,7 @@ static int FIPSCHECK_verify(const char *path) - if (compute_file_hmac(path, &buf, &buflen) != 0) - goto end; - -- if (memcmp(buf, hmac_buf, hmaclen) != 0) -+ if (memcmp(buf, hmac_buf, buflen) != 0) - goto end; - - rc = 1; --- -2.26.2 - diff --git a/libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-rename-variables.patch b/libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-rename-variables.patch deleted file mode 100644 index 5768e02..0000000 --- a/libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-rename-variables.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 2078b62947d2e0f2641b48975786e839d6396be8 Mon Sep 17 00:00:00 2001 -From: Joerg Schmidbauer -Date: Wed, 6 May 2020 09:52:36 +0200 -Subject: [PATCH] FIPS: HMAC based library integrity check, rename variables - -Rename variables to more speaking names, no logic change. - -Signed-off-by: Joerg Schmidbauer ---- - src/fips.c | 24 ++++++++++++------------ - 1 file changed, 12 insertions(+), 12 deletions(-) - -diff --git a/src/fips.c b/src/fips.c -index a1c6f5f..07310c3 100644 ---- a/src/fips.c -+++ b/src/fips.c -@@ -245,12 +245,12 @@ static int FIPSCHECK_verify(const char *path) - { - int rc = 0; - FILE *fp; -- unsigned char *hmac_buf = NULL; -+ unsigned char *known_hmac = NULL; - long hmaclen; - char *hmacpath, *p; -- char *hmac_str = NULL; -- size_t n, buflen; -- void *buf = NULL; -+ char *known_hmac_str = NULL; -+ size_t n, computed_hmac_len; -+ void *computed_hmac = NULL; - - hmacpath = make_hmac_path(path); - if (hmacpath == NULL) -@@ -262,29 +262,29 @@ static int FIPSCHECK_verify(const char *path) - goto end; - } - -- if (getline(&hmac_str, &n, fp) <= 0) -+ if (getline(&known_hmac_str, &n, fp) <= 0) - goto end; - -- if ((p = strchr(hmac_str, '\n')) != NULL) -+ if ((p = strchr(known_hmac_str, '\n')) != NULL) - *p = '\0'; - -- hmac_buf = OPENSSL_hexstr2buf(hmac_str, &hmaclen); -+ known_hmac = OPENSSL_hexstr2buf(known_hmac_str, &hmaclen); - -- if (compute_file_hmac(path, &buf, &buflen) != 0) -+ if (compute_file_hmac(path, &computed_hmac, &computed_hmac_len) != 0) - goto end; - -- if (memcmp(buf, hmac_buf, buflen) != 0) -+ if (memcmp(computed_hmac, known_hmac, computed_hmac_len) != 0) - goto end; - - rc = 1; - - end: - -- free(buf); -- free(hmac_str); -+ free(computed_hmac); -+ free(known_hmac_str); - free(hmacpath); - -- OPENSSL_free(hmac_buf); -+ OPENSSL_free(known_hmac); - - if (fp) - fclose(fp); --- -2.26.2 - diff --git a/libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch b/libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch deleted file mode 100644 index 30a28a9..0000000 --- a/libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch +++ /dev/null @@ -1,354 +0,0 @@ -From 231bba3b32bd246d8286f1c7dc231d836ea92bd9 Mon Sep 17 00:00:00 2001 -From: Joerg Schmidbauer -Date: Mon, 27 Apr 2020 11:18:26 +0200 -Subject: [PATCH] FIPS: introduce HMAC based library integrity check - -When in FIPS mode, perform an integrity check on libica.so by calculating -an HMAC from the file contents using a static HMAC key, and comparing it -to a pre-calculated HMAC in a separate file. The HMAC key and HMAC file -may be provided by a Distributor when building the packet. The test -succeeds if the HMAC file is not present. - -Signed-off-by: Joerg Schmidbauer ---- - include/ica_api.h | 2 +- - src/Makefile.am | 4 +- - src/fips.c | 224 ++++++++++++++++++++++++++++++++++++++++++++- - src/include/fips.h | 4 +- - test/fips_test.c | 4 + - 5 files changed, 232 insertions(+), 6 deletions(-) - -diff --git a/include/ica_api.h b/include/ica_api.h -index 91bf0be..8221f55 100644 ---- a/include/ica_api.h -+++ b/include/ica_api.h -@@ -216,7 +216,7 @@ typedef ica_adapter_handle_t ICA_ADAPTER_HANDLE; - */ - /* Cryptographic algorithm test (KAT or pair-wise consistency test) */ - #define ICA_FIPS_CRYPTOALG 2 --/* Software/Firmware integrity test (not implemented yet) */ -+/* Software/Firmware integrity test */ - #define ICA_FIPS_INTEGRITY 4 - /* Critical functions test (N/A) */ - #define ICA_FIPS_CRITICALFUNC 8 -diff --git a/src/Makefile.am b/src/Makefile.am -index 65f471f..9e4ef52 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -9,7 +9,7 @@ lib_LTLIBRARIES = libica.la - libica_la_CFLAGS = ${AM_CFLAGS} -I${srcdir}/include -I${srcdir}/../include \ - -fvisibility=hidden -pthread - libica_la_CCASFLAGS = ${AM_CFLAGS} --libica_la_LIBADD = @LIBS@ -lrt -lcrypto -+libica_la_LIBADD = @LIBS@ -lrt -lcrypto -ldl - libica_la_LDFLAGS = -Wl,--version-script=${srcdir}/../libica.map \ - -version-number ${VERSION} - libica_la_SOURCES = ica_api.c init.c icastats_shared.c s390_rsa.c \ -@@ -53,7 +53,7 @@ internal_tests_ec_internal_test_CFLAGS = ${AM_CFLAGS} -I${srcdir}/include \ - -DICA_INTERNAL_TEST \ - -DICA_INTERNAL_TEST_EC - internal_tests_ec_internal_test_CCASFLAGS = ${AM_CFLAGS} --internal_tests_ec_internal_test_LDADD = @LIBS@ -lrt -lcrypto -lpthread -+internal_tests_ec_internal_test_LDADD = @LIBS@ -lrt -lcrypto -lpthread -ldl - internal_tests_ec_internal_test_SOURCES = \ - ica_api.c init.c icastats_shared.c s390_rsa.c \ - s390_crypto.c s390_ecc.c s390_prng.c s390_sha.c \ -diff --git a/src/fips.c b/src/fips.c -index d09a553..bab00db 100644 ---- a/src/fips.c -+++ b/src/fips.c -@@ -13,11 +13,13 @@ - - #include - #include -+#include - #include - #include - #include - #include - #include -+#include - - #include - #ifdef OPENSSL_FIPS -@@ -28,6 +30,24 @@ - #include "ica_api.h" - #include "test_vec.h" - -+#ifndef PATH_MAX -+#define PATH_MAX 4096 -+#endif -+ -+#define HMAC_PREFIX "." -+#define HMAC_SUFFIX ".hmac" -+#define READ_BUFFER_LENGTH 16384 -+ -+/* -+ * The hard-coded HMAC key to be optionally provided for the library -+ * integrity test. The recommended key size for HMAC-SHA256 is 64 bytes. -+ * The known HMAC is supposed to be provided as hex string in a file -+ * libica.so.MAJOR.hmac in the same directory as the .so module. -+ */ -+static const char hmackey[] = -+ "0000000000000000000000000000000000000000000000000000000000000000" -+ "0000000000000000000000000000000000000000000000000000000000000000"; -+ - int fips; - - static int aes_ecb_kat(void); -@@ -101,6 +121,206 @@ fips_init(void) - FIPS_mode_set(1); - } - } -+static int get_library_path(const char *libname, const char *symbolname, -+ char *path, size_t pathlen) -+{ -+ Dl_info info; -+ void *dl, *sym; -+ int rc = -1; -+ -+ dl = dlopen(libname, RTLD_LAZY); -+ if (dl == NULL) -+ goto done; -+ -+ sym = dlsym(dl, symbolname); -+ if (sym != NULL && dladdr(sym, &info)) { -+ if (strlen(info.dli_fname) < pathlen) -+ strcpy(path, info.dli_fname); -+ else -+ goto done; -+ } -+ -+ rc = 0; -+ -+done: -+ if (dl != NULL) -+ dlclose(dl); -+ -+ return rc; -+} -+ -+static char *make_hmac_path(const char *origpath) -+{ -+ char *path; -+ const char *fn; -+ -+ path = malloc(sizeof(HMAC_PREFIX) + sizeof(HMAC_SUFFIX) + strlen(origpath) + 1); -+ if (path == NULL) -+ return NULL; -+ -+ fn = strrchr(origpath, '/'); -+ if (fn == NULL) { -+ fn = origpath; -+ } else { -+ ++fn; -+ } -+ -+ strncpy(path, origpath, fn - origpath); -+ strcat(path, HMAC_PREFIX); -+ strcat(path, fn); -+ strcat(path, HMAC_SUFFIX); -+ -+ return path; -+} -+ -+static int compute_file_hmac(const char *path, void **buf, size_t *hmaclen) -+{ -+ FILE *fp = NULL; -+ int rc = -1; -+ unsigned char rbuf[READ_BUFFER_LENGTH]; -+ unsigned char *keybuf; -+ EVP_MD_CTX *mdctx = NULL; -+ EVP_PKEY *pkey = NULL; -+ size_t hlen, len; -+ long keylen; -+ -+ keybuf = OPENSSL_hexstr2buf(hmackey, &keylen); -+ pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, keybuf, (int)keylen); -+ if (!pkey) -+ goto end; -+ -+ mdctx = EVP_MD_CTX_create(); -+ if (!mdctx) -+ goto end; -+ -+ fp = fopen(path, "r"); -+ if (fp == NULL) -+ goto end; -+ -+ if (EVP_DigestSignInit(mdctx, NULL, EVP_sha256(), NULL, pkey) <= 0) -+ goto end; -+ -+ while ((len = fread(rbuf, 1, sizeof(rbuf), fp)) != 0) { -+ if (EVP_DigestSignUpdate(mdctx, rbuf, len) <= 0) { -+ goto end; -+ } -+ } -+ -+ if (EVP_DigestSignFinal(mdctx, rbuf, &hlen) <= 0) -+ goto end; -+ -+ *buf = malloc(hlen); -+ if (*buf == NULL) -+ goto end; -+ -+ *hmaclen = hlen; -+ -+ memcpy(*buf, rbuf, hlen); -+ -+ rc = 0; -+ -+end: -+ -+ if (pkey != NULL) -+ EVP_PKEY_free(pkey); -+ -+ free(keybuf); -+ EVP_MD_CTX_destroy(mdctx); -+ if (fp) -+ fclose(fp); -+ -+ return rc; -+} -+ -+/** -+ * Performs the FIPS check. -+ * -+ * @return 1 if check succeeded -+ * 0 otherwise -+ */ -+static int FIPSCHECK_verify(const char *path) -+{ -+ int rc = 0; -+ FILE *fp; -+ unsigned char *hmac_buf = NULL; -+ long hmaclen; -+ char *hmacpath, *p; -+ char *hmac_str = NULL; -+ size_t n, buflen; -+ void *buf = NULL; -+ -+ hmacpath = make_hmac_path(path); -+ if (hmacpath == NULL) -+ return 0; -+ -+ fp = fopen(hmacpath, "r"); -+ if (fp == NULL) { -+ rc = 1; -+ goto end; -+ } -+ -+ if (getline(&hmac_str, &n, fp) <= 0) -+ goto end; -+ -+ if ((p = strchr(hmac_str, '\n')) != NULL) -+ *p = '\0'; -+ -+ hmac_buf = OPENSSL_hexstr2buf(hmac_str, &hmaclen); -+ -+ if (compute_file_hmac(path, &buf, &buflen) != 0) -+ goto end; -+ -+ if (memcmp(buf, hmac_buf, hmaclen) != 0) -+ goto end; -+ -+ rc = 1; -+ -+end: -+ -+ free(buf); -+ free(hmac_str); -+ free(hmacpath); -+ -+ OPENSSL_free(hmac_buf); -+ -+ if (fp) -+ fclose(fp); -+ -+ return rc; -+} -+ -+static const char msg1[] = "Libica FIPS library integrity check failed. Cannot determine library path.\n"; -+static const char msg2[] = "Libica FIPS library integrity check failed. Module %s probably corrupted.\n"; -+static const char msg3[] = "Libica FIPS library integrity check passed.\n"; -+ -+/* -+ * Perform an integrity check on libica.so by calculating an HMAC from -+ * the file contents using a static HMAC key, and comparing it to a -+ * pre-calculated HMAC in a separate file. The HMAC key and HMAC file -+ * may be provided by a Distributor when building the packet. -+ */ -+static void fips_lib_integrity_check(void) -+{ -+ int rc; -+ char path[PATH_MAX]; -+ const char *libname = "libica.so"; -+ const char *symbolname = "ica_sha256"; -+ -+ rc = get_library_path(libname, symbolname, path, sizeof(path)); -+ if (rc != 0) { -+ syslog(LOG_ERR, msg1); -+ fips |= ICA_FIPS_INTEGRITY; -+ return; -+ } -+ -+ if (!FIPSCHECK_verify(path)) { -+ syslog(LOG_ERR, msg2, path); -+ fips |= ICA_FIPS_INTEGRITY; -+ return; -+ } -+ -+ syslog(LOG_INFO, msg3); -+} - - void - fips_powerup_tests(void) -@@ -117,6 +337,9 @@ fips_powerup_tests(void) - fips |= ICA_FIPS_CRYPTOALG; - return; - } -+ -+ /* Library integrity test */ -+ fips_lib_integrity_check(); - } - - static int -@@ -933,5 +1156,4 @@ _err_: - syslog(LOG_ERR, "Libica RSA test failed."); - return 1; - } -- - #endif /* FIPS_H */ -diff --git a/src/include/fips.h b/src/include/fips.h -index 421be4c..0ffdef6 100644 ---- a/src/include/fips.h -+++ b/src/include/fips.h -@@ -27,8 +27,8 @@ extern int fips; /* module status */ - void fips_init(void); - - /* -- * Powerup tests: crypto algorithm test, SW/FW integrity test (not implemented -- * yet), critical function test (no critical functions). The tests set the -+ * Powerup tests: crypto algorithm test, SW/FW integrity test, critical -+ * function test (no critical functions). The tests set the - * corresponding status flags. - */ - void fips_powerup_tests(void); -diff --git a/test/fips_test.c b/test/fips_test.c -index 06563e3..0f1940d 100644 ---- a/test/fips_test.c -+++ b/test/fips_test.c -@@ -57,6 +57,10 @@ main(void) - printf("Libica FIPS powerup test failed.\n"); - rv = EXIT_FAILURE; - } -+ if (fips & ICA_FIPS_INTEGRITY) { -+ printf("Libica FIPS integrity check failed.\n"); -+ rv = EXIT_FAILURE; -+ } - #endif /* ICA_FIPS */ - - printf("OpenSSL version is '%s'.\n", OPENSSL_VERSION_TEXT); --- -2.26.2 - diff --git a/libica-sles15sp2-FIPS-provide-output-iv-as-required-by-FIPS-tests.patch b/libica-sles15sp2-FIPS-provide-output-iv-as-required-by-FIPS-tests.patch deleted file mode 100644 index 317baca..0000000 --- a/libica-sles15sp2-FIPS-provide-output-iv-as-required-by-FIPS-tests.patch +++ /dev/null @@ -1,41 +0,0 @@ -From b687f1514b3d371cdc44b5b3b02d5ddd9ac4eb54 Mon Sep 17 00:00:00 2001 -From: Joerg Schmidbauer -Date: Wed, 25 Mar 2020 10:07:10 +0100 -Subject: [PATCH] FIPS: provide output iv as required by FIPS tests - -This fix is introduced to satisfy FIPS tests. They require the -output iv to be the iv resulting from decrypting the last block -with a zero iv as input. But note that this is not described -in the NIST standard for CBC-CS. According to the standard, -the output iv is simply undefined. - -Signed-off-by: Joerg Schmidbauer ---- - src/include/s390_cbccs.h | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/src/include/s390_cbccs.h b/src/include/s390_cbccs.h -index aa29bff..f6626dc 100644 ---- a/src/include/s390_cbccs.h -+++ b/src/include/s390_cbccs.h -@@ -287,6 +287,17 @@ s390_aes_cbccs_dec(unsigned int fc, const unsigned char *in_data, - block_xor(out_data + tmp_data_length + AES_BLOCK_SIZE, - tmp_in_data, tmp_out_data, rest_data_length); - -+ /* -+ * This fix was introduced to satisfy FIPS tests. They require the -+ * output iv to be the iv resulting from decrypting the last block -+ * with a zero iv as input, which is tmp_iv here. But note that this -+ * is not described in the NIST standard for CBC-CS. According to the -+ * standard, the output iv is simply undefined. -+ */ -+#ifdef ICA_FIPS -+ memcpy(iv, tmp_iv, AES_BLOCK_SIZE); -+#endif /* ICA_FIPS */ -+ - return 0; - } - --- -2.16.4 - diff --git a/libica-sles15sp2-Fix-DES-and-TDES-key-length.patch b/libica-sles15sp2-Fix-DES-and-TDES-key-length.patch deleted file mode 100644 index adc42eb..0000000 --- a/libica-sles15sp2-Fix-DES-and-TDES-key-length.patch +++ /dev/null @@ -1,43 +0,0 @@ -From db1ad6f64d96c6dba2be5af5a4ecd7ceb8f92cf2 Mon Sep 17 00:00:00 2001 -From: Joerg Schmidbauer -Date: Wed, 18 Mar 2020 16:48:43 +0100 -Subject: [PATCH] Fix DES and TDES key length. - -Although a DES key has only 56 effective bits, all 64 bits must be -considered, because the parity bits are spread over all 8 bytes of -the key. - -Signed-off-by: Joerg Schmidbauer ---- - src/ica_api.c | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/src/ica_api.c b/src/ica_api.c -index b80c6e3..eb6b154 100644 ---- a/src/ica_api.c -+++ b/src/ica_api.c -@@ -48,6 +48,8 @@ - #define DEFAULT2_CRYPT_DEVICE "/dev/z90crypt" - #define DEFAULT3_CRYPT_DEVICE "/dev/zcrypt" - -+#define DES_KEY_LEN64 (64/8) -+ - #define MAX_VERSION_LENGTH 16 - - int ica_fallbacks_enabled = 1; -@@ -125,9 +127,9 @@ static unsigned int check_des_parms(unsigned int mode, - - #ifdef ICA_FIPS - static unsigned int fips_check_3des_key(const ica_des_key_triple_t *key) { -- if (!CRYPTO_memcmp(key->key1, key->key2, DES_KEY_LENGTH) -- | !CRYPTO_memcmp(key->key1, key->key3, DES_KEY_LENGTH) -- | !CRYPTO_memcmp(key->key2, key->key3, DES_KEY_LENGTH)) -+ if (!CRYPTO_memcmp(key->key1, key->key2, DES_KEY_LEN64) -+ | !CRYPTO_memcmp(key->key1, key->key3, DES_KEY_LEN64) -+ | !CRYPTO_memcmp(key->key2, key->key3, DES_KEY_LEN64)) - return EINVAL; - - return 0; --- -2.16.4 - diff --git a/libica-sles15sp2-icainfo-bugfix-for-RSA-and-EC-related-info-for-softw.patch b/libica-sles15sp2-icainfo-bugfix-for-RSA-and-EC-related-info-for-softw.patch deleted file mode 100644 index 9646b11..0000000 --- a/libica-sles15sp2-icainfo-bugfix-for-RSA-and-EC-related-info-for-softw.patch +++ /dev/null @@ -1,48 +0,0 @@ -From a4a9381d1597b78374925385a6d71cf8ccb16c21 Mon Sep 17 00:00:00 2001 -From: Joerg Schmidbauer -Date: Fri, 27 Mar 2020 15:25:33 +0100 -Subject: [PATCH] icainfo: bugfix for RSA and EC related info for software - column. - -The software column did never show 'yes' for RSA ME, RSA CRT, ECDH, -ECDSA sign, ECDSA verify, and ECKGEN, due to the missing ICA_FLAG_SW -flag in the icaList. - -Signed-off-by: Joerg Schmidbauer ---- - src/s390_crypto.c | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/src/s390_crypto.c b/src/s390_crypto.c -index ab7a269..8fb5662 100644 ---- a/src/s390_crypto.c -+++ b/src/s390_crypto.c -@@ -489,10 +489,10 @@ libica_func_list_element_int icaList[] = { - {AES_GCM_KMA, MSA8, AES_128_GCM_ENCRYPT, 0, 0}, - {AES_XTS, MSA4, AES_128_XTS_ENCRYPT, 0, 0}, - {P_RNG, ADAPTER, 0, ICA_FLAG_SHW | ICA_FLAG_SW, 0}, // SHW (CPACF) + SW -- {EC_DH, ADAPTER, 0, 0, 0}, -- {EC_DSA_SIGN, ADAPTER, 0, 0, 0}, -- {EC_DSA_VERIFY, ADAPTER, 0, 0, 0}, -- {EC_KGEN, ADAPTER, 0, 0, 0}, -+ {EC_DH, ADAPTER, 0, ICA_FLAG_SW, 0}, -+ {EC_DSA_SIGN, ADAPTER, 0, ICA_FLAG_SW, 0}, -+ {EC_DSA_VERIFY, ADAPTER, 0, ICA_FLAG_SW, 0}, -+ {EC_KGEN, ADAPTER, 0, ICA_FLAG_SW, 0}, - {ED25519_KEYGEN, MSA9, SCALAR_MULTIPLY_ED25519, 0, 0}, - {ED25519_SIGN, MSA9, EDDSA_SIGN_ED25519, 0, 0}, - {ED25519_VERIFY, MSA9, EDDSA_VERIFY_ED25519, 0, 0}, -@@ -503,8 +503,8 @@ libica_func_list_element_int icaList[] = { - {X25519_DERIVE, MSA9, SCALAR_MULTIPLY_X25519, 0, 0}, - {X448_KEYGEN, MSA9, SCALAR_MULTIPLY_X448, 0, 0}, - {X448_DERIVE, MSA9, SCALAR_MULTIPLY_X448, 0, 0}, -- {RSA_ME, ADAPTER, 0, 0, 0}, -- {RSA_CRT, ADAPTER, 0, 0, 0}, -+ {RSA_ME, ADAPTER, 0, ICA_FLAG_SW, 0}, -+ {RSA_CRT, ADAPTER, 0, ICA_FLAG_SW, 0}, - {RSA_KEY_GEN_ME, ADAPTER, 0, ICA_FLAG_SW, 0}, // SW (openssl) - {RSA_KEY_GEN_CRT, ADAPTER, 0, ICA_FLAG_SW, 0}, // SW (openssl) - --- -2.16.4 - diff --git a/libica-sles15sp2-x25519-x448-fix-handling-of-non-canonical-values.patch b/libica-sles15sp2-x25519-x448-fix-handling-of-non-canonical-values.patch deleted file mode 100644 index 47298b7..0000000 --- a/libica-sles15sp2-x25519-x448-fix-handling-of-non-canonical-values.patch +++ /dev/null @@ -1,131 +0,0 @@ -From a3b36ef136e304a1e2dc12ef7b96686202cbd00d Mon Sep 17 00:00:00 2001 -From: Patrick Steuer -Date: Wed, 13 Nov 2019 17:12:43 +0100 -Subject: [PATCH] x25519,x448: fix handling of non-canonical values - -Reduce the peer public key's u-coordinate if it is >= p. - -Signed-off-by: Patrick Steuer ---- - src/s390_ecc.c | 91 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 91 insertions(+) - -diff --git a/src/s390_ecc.c b/src/s390_ecc.c -index 7654959..62799ee 100644 ---- a/src/s390_ecc.c -+++ b/src/s390_ecc.c -@@ -557,6 +557,91 @@ struct { \ - return rc; - } - -+/* -+ * mask must be 0xFF or 0x00. -+ * "constant time" is per len. -+ * -+ * if (mask) { -+ * unsigned char tmp[len]; -+ * -+ * memcpy(tmp, a, len); -+ * memcpy(a, b); -+ * memcpy(b, tmp); -+ * } -+ */ -+static inline void constant_time_cond_swap_buff(unsigned char mask, -+ unsigned char *a, -+ unsigned char *b, -+ size_t len) -+{ -+ size_t i; -+ unsigned char tmp; -+ -+ for (i = 0; i < len; i++) { -+ tmp = a[i] ^ b[i]; -+ tmp &= mask; -+ a[i] ^= tmp; -+ b[i] ^= tmp; -+ } -+} -+ -+ -+static void s390_x25519_mod_p(unsigned char u[32]) -+{ -+ unsigned char u_red[32]; -+ unsigned int c = 0; -+ int i; -+ -+ memcpy(u_red, u, sizeof(u_red)); -+ -+ c += (unsigned int)u_red[31] + 19; -+ u_red[31] = (unsigned char)c; -+ c >>= 8; -+ -+ for (i = 30; i >= 0; i--) { -+ c += (unsigned int)u_red[i]; -+ u_red[i] = (unsigned char)c; -+ c >>= 8; -+ } -+ -+ c = (u_red[0] & 0x80) >> 7; -+ u_red[0] &= 0x7f; -+ constant_time_cond_swap_buff(0 - (unsigned char)c, -+ u, u_red, sizeof(u_red)); -+} -+ -+static void s390_x448_mod_p(unsigned char u[56]) -+{ -+ unsigned char u_red[56]; -+ unsigned int c = 0; -+ int i; -+ -+ memcpy(u_red, u, sizeof(u_red)); -+ -+ c += (unsigned int)u_red[55] + 1; -+ u_red[55] = (unsigned char)c; -+ c >>= 8; -+ -+ for (i = 54; i >= 28; i--) { -+ c += (unsigned int)u_red[i]; -+ u_red[i] = (unsigned char)c; -+ c >>= 8; -+ } -+ -+ c += (unsigned int)u_red[27] + 1; -+ u_red[27] = (unsigned char)c; -+ c >>= 8; -+ -+ for (i = 26; i >= 0; i--) { -+ c += (unsigned int)u_red[i]; -+ u_red[i] = (unsigned char)c; -+ c >>= 8; -+ } -+ -+ constant_time_cond_swap_buff(0 - (unsigned char)c, -+ u, u_red, sizeof(u_red)); -+} -+ - int scalar_mulx_cpacf(unsigned char *res_u, - const unsigned char *scalar, - const unsigned char *u, -@@ -598,6 +683,9 @@ struct { \ - s390_flip_endian_32(param.X25519.u, param.X25519.u); - s390_flip_endian_32(param.X25519.scalar, param.X25519.scalar); - -+ /* reduce non-canonical values */ -+ s390_x25519_mod_p(param.X25519.u); -+ - fc = s390_pcc_functions[SCALAR_MULTIPLY_X25519].hw_fc; - rc = s390_pcc(fc, ¶m) ? EIO : 0; - -@@ -619,6 +707,9 @@ struct { \ - s390_flip_endian_64(param.X448.u, param.X448.u); - s390_flip_endian_64(param.X448.scalar, param.X448.scalar); - -+ /* reduce non-canonical values */ -+ s390_x448_mod_p(param.X448.u + 8); -+ - fc = s390_pcc_functions[SCALAR_MULTIPLY_X448].hw_fc; - rc = s390_pcc(fc, ¶m) ? EIO : 0; - --- -2.13.7 - diff --git a/libica.changes b/libica.changes index 9b75f65..7d17875 100644 --- a/libica.changes +++ b/libica.changes @@ -1,3 +1,25 @@ +------------------------------------------------------------------- +Fri Sep 18 20:59:39 UTC 2020 - Mark Post + +- Upgraded to version 3.7.0 (jsc#SLE-14466) + * Version 3.7.0 + - [FEATURE] FIPS: Add HMAC based library integrity check + - [PATCH] icainfo: bugfix for RSA and EC related info for software column. + - [PATCH] FIPS: provide output iv in cbc-cs decrypt as required by FIPS tests + - [PATCH] FIPS: Fix DES and TDES key length + - [PATCH] icastats: Fix stats counter format + * Version 3.6.1 + - [PATCH] Fix x25519 and x448 handling of non-canonical values +- Removed the following obsolete patches + * libica-sles15sp2-x25519-x448-fix-handling-of-non-canonical-values.patch + * libica-sles15sp2-Fix-DES-and-TDES-key-length.patch + * libica-sles15sp2-FIPS-provide-output-iv-as-required-by-FIPS-tests.patch + * libica-sles15sp2-icainfo-bugfix-for-RSA-and-EC-related-info-for-softw.patch + * libica-sles15sp2-Build-with-pthread-flag.patch + * libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch + * libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-addon.patch + * libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-rename-variables.patch + ------------------------------------------------------------------- Tue Sep 15 21:08:38 UTC 2020 - Mark Post diff --git a/libica.spec b/libica.spec index e8d0cfb..5f36a72 100644 --- a/libica.spec +++ b/libica.spec @@ -22,7 +22,7 @@ %endif Name: libica -Version: 3.6.0 +Version: 3.7.0 Release: 0 Summary: Library interface for the IBM Cryptographic Accelerator device driver License: CPL-1.0 @@ -37,19 +37,11 @@ Source4: z90crypt Source5: z90crypt.service Source6: baselibs.conf Source7: %{name}-rpmlintrc -Patch1: libica-sles15sp2-x25519-x448-fix-handling-of-non-canonical-values.patch -Patch2: libica-sles15sp2-Fix-DES-and-TDES-key-length.patch -Patch3: libica-sles15sp2-FIPS-provide-output-iv-as-required-by-FIPS-tests.patch -Patch4: libica-sles15sp2-icainfo-bugfix-for-RSA-and-EC-related-info-for-softw.patch -Patch5: libica-sles15sp2-Build-with-pthread-flag.patch -Patch6: libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch -Patch7: libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-addon.patch -Patch8: libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-rename-variables.patch -Patch9: libica-sles15sp2-Zeroize-local-variables.patch -Patch10: libica-sles15sp2-FIPS-add-SHA3-KATs-to-fips_powerup_tests.patch -Patch11: libica-sles15sp2-FIPS-skip-SHA3-tests-if-running-on-hardware-without-.patch -Patch12: libica-sles15sp2-FIPS-use-full-library-version-for-hmac-filename.patch -Patch13: libica-sles15sp2-FIPS-fix-inconsistent-error-handling.patch +Patch01: libica-sles15sp2-Zeroize-local-variables.patch +Patch02: libica-sles15sp2-FIPS-add-SHA3-KATs-to-fips_powerup_tests.patch +Patch03: libica-sles15sp2-FIPS-skip-SHA3-tests-if-running-on-hardware-without-.patch +Patch04: libica-sles15sp2-FIPS-use-full-library-version-for-hmac-filename.patch +Patch05: libica-sles15sp2-FIPS-fix-inconsistent-error-handling.patch Patch99: libica-sles15sp2-FIPS-hmac-key.patch BuildRequires: autoconf