3
0
forked from pool/libgcrypt

Accepting request 807298 from home:pmonrealgonzalez:branches:devel:libraries:c_c++

- FIPS: RSA/DSA/ECC test_keys() print out debug messages [bsc#1171872]
  * Print the debug messages in test_keys() only in debug mode.
- Update patches: libgcrypt-PCT-RSA.patch libgcrypt-PCT-DSA.patch
  libgcrypt-PCT-ECC.patch

OBS-URL: https://build.opensuse.org/request/show/807298
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=135
This commit is contained in:
Vítězslav Čížek 2020-05-19 12:29:20 +00:00 committed by Git OBS Bridge
parent 9a7cde5372
commit b626ac7062
4 changed files with 103 additions and 37 deletions

View File

@ -2,7 +2,7 @@ Index: libgcrypt-1.8.2/cipher/dsa.c
===================================================================
--- libgcrypt-1.8.2.orig/cipher/dsa.c
+++ libgcrypt-1.8.2/cipher/dsa.c
@@ -181,24 +181,91 @@ test_keys (DSA_secret_key *sk, unsigned
@@ -181,24 +181,101 @@ test_keys (DSA_secret_key *sk, unsigned
/* Create a random plaintext. */
_gcry_mpi_randomize (data, qbits, GCRY_WEAK_RANDOM);
@ -23,7 +23,8 @@ Index: libgcrypt-1.8.2/cipher/dsa.c
+
+ if (_gcry_md_open (&hd, GCRY_MD_SHA256, 0))
+ {
+ log_debug ("gcry_pk_sign failed\n");
+ if (DBG_CIPHER)
+ log_debug ("gcry_pk_sign/open failed\n");
+ goto leave;
+ }
+
@ -31,6 +32,7 @@ Index: libgcrypt-1.8.2/cipher/dsa.c
+ _gcry_md_write (hd, buf, buflen);
+
+ xfree (buf);
+ buf = NULL;
+
+ /* build DSA private key sexp in s_skey */
+ sexp_build (&s_skey, NULL, "(private-key (dsa(p %m)(q %m)(g %m)(y %m)(x %m)))",
@ -38,20 +40,23 @@ Index: libgcrypt-1.8.2/cipher/dsa.c
+ sexp_build (&s_hash, NULL, "(data (flags pkcs1)(hash-algo sha256))");
+ if (_gcry_pk_sign_md (&r_sig, hd, s_hash, s_skey))
+ {
+ log_debug ("gcry_pk_sign failed\n");
+ if (DBG_CIPHER)
+ log_debug ("gcry_pk_sign failed\n");
+ goto leave;
+ }
+
+ /* Check that the signature and the original plaintext differ. */
+ if (_gcry_sexp_extract_param (r_sig, NULL, "rs", &r_sig_mpi, &s_sig_mpi, NULL))
+ {
+ log_debug ("extracting signature data failed\n");
+ if (DBG_CIPHER)
+ log_debug ("extracting signature data failed\n");
+ goto leave;
+ }
+
+ if ( !verify (r_sig_mpi, s_sig_mpi, data, &pk))
+ {
+ log_debug ("Signature failed\n");
+ if (DBG_CIPHER)
+ log_debug ("Signature failed\n");
+ goto leave; /* Signature matches but should not. */
+ }
+
@ -64,17 +69,22 @@ Index: libgcrypt-1.8.2/cipher/dsa.c
+ sexp_build (&s_hash, NULL, "(data (flags pkcs1)(hash-algo sha256))");
+
+ if (_gcry_md_open (&hd, GCRY_MD_SHA256, 0))
+ log_debug ("gcry_md_open failed\n");
+ {
+ if (DBG_CIPHER)
+ log_debug ("gcry_md_open failed\n");
+ }
+
+ _gcry_mpi_aprint (GCRYMPI_FMT_STD, &buf, &buflen, data);
+ _gcry_md_write (hd, buf, buflen);
+
+ xfree (buf);
+ buf = NULL;
+
+ /* verify the signature */
+ if (_gcry_pk_verify_md (r_sig, hd, s_hash, s_pkey))
+ {
+ log_debug ("gcry_pk_verify failed\n");
+ if (DBG_CIPHER)
+ log_debug ("gcry_pk_verify failed\n");
+ goto leave; /* Signature does not match. */
+ }

View File

@ -70,7 +70,7 @@ Index: libgcrypt-1.8.2/cipher/ecc.c
ECC_public_key pk;
gcry_mpi_t test = mpi_new (nbits);
mpi_point_struct R_;
@@ -297,17 +310,161 @@ test_keys (ECC_secret_key *sk, unsigned
@@ -297,17 +310,190 @@ test_keys (ECC_secret_key *sk, unsigned
_gcry_mpi_randomize (test, nbits, GCRY_WEAK_RANDOM);
@ -91,13 +91,18 @@ Index: libgcrypt-1.8.2/cipher/ecc.c
+ int flags = 0;
+
+ if (_gcry_md_open (&hd, GCRY_MD_SHA256, 0))
+ log_debug ("gcry_pk_sign failed: _gcry_md_open\n");
+ {
+ if (DBG_CIPHER)
+ log_debug ("gcry_pk_sign failed: _gcry_md_open\n");
+ }
+
+ _gcry_mpi_aprint (GCRYMPI_FMT_STD, &buf, &buflen, test);
+ _gcry_md_write (hd, buf, buflen);
+
+ xfree (buf);
+
+ buf = NULL;
- if (_gcry_ecc_ecdsa_verify (test, &pk, r, s))
+ sexp_build (&s_hash, NULL, "(data (flags rfc6979)(hash-algo sha256))");
+
+ /* Assemble the point Q from affine coordinates by simple
@ -109,7 +114,11 @@ Index: libgcrypt-1.8.2/cipher/ecc.c
+ ctx = _gcry_mpi_ec_p_internal_new (sk->E.model, sk->E.dialect, flags,
+ sk->E.p, sk->E.a, sk->E.b);
+ if (_gcry_mpi_ec_get_affine (Qx, Qy, &(sk->Q), ctx))
+ log_debug ("ecdh: Failed to get affine coordinates for Q\n");
{
- log_fatal ("ECDSA operation: sign, verify failed\n");
+ if (DBG_CIPHER)
+ log_debug ("ecdh: Failed to get affine coordinates for Q\n");
+ }
+
+ unsigned char *rawqx, *rawqy;
+ unsigned int rawqxlen, rawqylen;
@ -118,7 +127,6 @@ Index: libgcrypt-1.8.2/cipher/ecc.c
+
+ if (rawqxlen != rawqylen)
+ {
+ // log_debug ("qx and qy size differ: %d != %d\n", rawqxlen, rawqylen);
+ if (rawqxlen < rawqylen)
+ {
+ size_t diff = rawqylen - rawqxlen;
@ -153,16 +161,17 @@ Index: libgcrypt-1.8.2/cipher/ecc.c
+ _gcry_mpi_release (Qy);
+ xfree (rawqx);
+ xfree (rawqy);
- if (_gcry_ecc_ecdsa_verify (test, &pk, r, s))
+
+ /* build ECC private key sexp in s_skey */
+ if (sk->E.name)
{
- log_fatal ("ECDSA operation: sign, verify failed\n");
+ {
+ if (sexp_build (&s_skey, NULL,
+ "(private-key (ecc (curve %s)(d %m)(q %b)))",
+ sk->E.name, sk->d, qlen, q))
+ log_debug ("ecc: Failed to build sexp for private key.\n");
+ {
+ if (DBG_CIPHER)
+ log_debug ("ecc: Failed to build sexp for private key.\n");
+ }
+ }
+ else
+ {
@ -171,25 +180,31 @@ Index: libgcrypt-1.8.2/cipher/ecc.c
+ " (ecc (curve %s)(d %m)(p %m)(a %m)(b %m)(n %m)(h %m)(q %b)))",
+ "NIST P-512", sk->d, sk->E.p, sk->E.a, sk->E.b, sk->E.n, sk->E.h,
+ qlen, q))
+ log_debug ("ecc: Failed to build sexp for private key.\n");
+ {
+ if (DBG_CIPHER)
+ log_debug ("ecc: Failed to build sexp for private key.\n");
+ }
+ }
+
+ if (_gcry_pk_sign_md (&r_sig, hd, s_hash, s_skey))
+ {
+ log_debug ("ecc: gcry_pk_sign failed\n");
+ if (DBG_CIPHER)
+ log_debug ("ecc: gcry_pk_sign failed\n");
+ goto leave;
+ }
+
+ /* Check that the signature and the original test differ. */
+ if (_gcry_sexp_extract_param (r_sig, NULL, "s", &s_sig_mpi, NULL))
+ {
+ log_debug ("extracting signature data failed\n");
+ if (DBG_CIPHER)
+ log_debug ("extracting signature data failed\n");
+ goto leave;
+ }
+
+ if (!mpi_cmp (s_sig_mpi, test))
+ {
+ log_debug ("Signature failed\n");
+ if (DBG_CIPHER)
+ log_debug ("Signature failed\n");
+ goto leave; /* Signature and test match but should not. */
+ }
+
@ -199,7 +214,10 @@ Index: libgcrypt-1.8.2/cipher/ecc.c
+ {
+ if (sexp_build (&s_pkey, NULL,
+ "(public-key (ecc (curve %s)(q %b)))", pk.E.name, qlen, q))
+ log_debug ("ecc: Failed to build sexp for public key.\n");
+ {
+ if (DBG_CIPHER)
+ log_debug ("ecc: Failed to build sexp for public key.\n");
+ }
+ }
+ else
+ {
@ -207,36 +225,48 @@ Index: libgcrypt-1.8.2/cipher/ecc.c
+ "(public-key"
+ " (ecc (curve %s)(p %m)(a %m)(b %m)(n %m)(h %m)(q %b)))",
+ "NIST P-512", pk.E.p, pk.E.a, pk.E.b, pk.E.n, pk.E.h, qlen, q))
+ log_debug ("ecc: Failed to build sexp for private key.\n");
+ {
+ if (DBG_CIPHER)
+ log_debug ("ecc: Failed to build sexp for private key.\n");
+ }
+ }
+
+ _gcry_md_close (hd);
+
+ if (_gcry_md_open (&hd, GCRY_MD_SHA256, 0))
+ log_debug ("gcry_pk_verify failed: _gcry_md_open\n");
+ {
+ if (DBG_CIPHER)
+ log_debug ("gcry_pk_verify failed: _gcry_md_open\n");
+ }
+
+ _gcry_mpi_aprint (GCRYMPI_FMT_STD, &buf, &buflen, test);
+ _gcry_md_write (hd, buf, buflen);
+
+ xfree (buf);
+ buf = NULL;
+
+ /* verify the signature */
+ if (_gcry_pk_verify_md (r_sig, hd, s_hash, s_pkey))
+ {
+ log_debug ("ecc: gcry_pk_verify failed\n");
+ if (DBG_CIPHER)
+ log_debug ("ecc: gcry_pk_verify failed\n");
+ goto leave; /* Signature does not match. */
}
if (DBG_CIPHER)
log_debug ("ECDSA operation: sign, verify ok.\n");
+ result = 0; /* The test succeeded. */
- log_debug ("ECDSA operation: sign, verify ok.\n");
+ {
+ if (DBG_CIPHER)
+ log_debug ("ECDSA operation: sign, verify ok.\n");
+ }
+
+ result = 0; /* The test succeeded. */
+ leave:
point_free (&pk.Q);
_gcry_ecc_curve_free (&pk.E);
@@ -317,6 +474,16 @@ test_keys (ECC_secret_key *sk, unsigned
@@ -317,6 +503,16 @@ test_keys (ECC_secret_key *sk, unsigned
mpi_free (out);
mpi_free (c);
mpi_free (test);

View File

@ -2,7 +2,7 @@ Index: libgcrypt-1.8.2/cipher/rsa.c
===================================================================
--- libgcrypt-1.8.2.orig/cipher/rsa.c
+++ libgcrypt-1.8.2/cipher/rsa.c
@@ -159,27 +159,93 @@ test_keys (RSA_secret_key *sk, unsigned
@@ -159,27 +159,103 @@ test_keys (RSA_secret_key *sk, unsigned
/* Create another random plaintext as data for signature checking. */
_gcry_mpi_randomize (plaintext, nbits, GCRY_WEAK_RANDOM);
@ -32,7 +32,8 @@ Index: libgcrypt-1.8.2/cipher/rsa.c
- goto leave; /* Signature matches but should not. */
+ if (_gcry_md_open (&hd, GCRY_MD_SHA256, 0))
+ {
+ log_debug ("gcry_pk_sign failed\n");
+ if (DBG_CIPHER)
+ log_debug ("gcry_pk_sign/open failed\n");
+ goto leave_hash;
+ }
+
@ -40,6 +41,7 @@ Index: libgcrypt-1.8.2/cipher/rsa.c
+ _gcry_md_write (hd, buf, buflen);
+
+ xfree (buf);
+ buf = NULL;
+
+ /* build RSA private key sexp in s_skey */
+ sexp_build (&s_skey, NULL,
@ -50,20 +52,23 @@ Index: libgcrypt-1.8.2/cipher/rsa.c
+
+ if (_gcry_pk_sign_md (&r_sig, hd, s_hash, s_skey))
+ {
+ log_debug ("gcry_pk_sign failed\n");
+ if (DBG_CIPHER)
+ log_debug ("gcry_pk_sign failed\n");
+ goto leave_hash;
+ }
+
+ /* Check that the signature and the original plaintext differ. */
+ if (_gcry_sexp_extract_param (r_sig, "sig-val!rsa", "s", &r_sig_mpi, NULL))
+ {
+ log_debug ("extracting signature data failed\n");
+ if (DBG_CIPHER)
+ log_debug ("extracting signature data failed\n");
+ goto leave_hash;
+ }
+
+ if (!mpi_cmp (r_sig_mpi, plaintext))
+ {
+ log_debug ("Signature failed\n");
+ if (DBG_CIPHER)
+ log_debug ("Signature failed\n");
+ goto leave_hash; /* Signature and plaintext match but should not. */
+ }
+
@ -75,17 +80,22 @@ Index: libgcrypt-1.8.2/cipher/rsa.c
+ sexp_build (&s_hash, NULL, "(data (flags pkcs1)(hash-algo sha256))");
+
+ if (_gcry_md_open (&hd, GCRY_MD_SHA256, 0))
+ log_debug ("gcry_md_open failed\n");
+ {
+ if (DBG_CIPHER)
+ log_debug ("gcry_md_open failed\n");
+ }
+
+ _gcry_mpi_aprint (GCRYMPI_FMT_STD, &buf, &buflen, plaintext);
+ _gcry_md_write (hd, buf, buflen);
+
+ xfree (buf);
+ buf = NULL;
+
+ /* verify the signature */
+ if (_gcry_pk_verify_md (r_sig, hd, s_hash, s_pkey))
+ {
+ log_debug ("gcry_pk_verify failed\n");
+ if (DBG_CIPHER)
+ log_debug ("gcry_pk_verify failed\n");
+ goto leave_hash; /* Signature does not match. */
+ }
@ -108,7 +118,7 @@ Index: libgcrypt-1.8.2/cipher/rsa.c
return result;
}
@@ -1903,7 +1969,7 @@ selftest_encr_2048 (gcry_sexp_t pkey, gc
@@ -1903,7 +1979,7 @@ selftest_encr_2048 (gcry_sexp_t pkey, gc
/* This sexp trickery is to prevent the use of blinding.
* The flag doesn't get inherited by encr, so we have to
* derive a new sexp from the ciphertext */
@ -117,3 +127,11 @@ Index: libgcrypt-1.8.2/cipher/rsa.c
memset(buf, 0, sizeof(buf));
err = _gcry_mpi_print (GCRYMPI_FMT_STD, buf, sizeof buf, NULL, ciphertext);
if (err)
@@ -2012,6 +2088,7 @@ selftests_rsa (selftest_report_func_t re
sexp_release (skey);
if (report)
report ("pubkey", GCRY_PK_RSA, what, errtxt);
+
return GPG_ERR_SELFTEST_FAILED;
}

View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Tue May 19 11:25:37 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- FIPS: RSA/DSA/ECC test_keys() print out debug messages [bsc#1171872]
* Print the debug messages in test_keys() only in debug mode.
- Update patches: libgcrypt-PCT-RSA.patch libgcrypt-PCT-DSA.patch
libgcrypt-PCT-ECC.patch
-------------------------------------------------------------------
Mon Apr 27 08:55:12 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>