forked from pool/libgcrypt
Accepting request 420659 from security:privacy
libgcrypt 1.7.3 OBS-URL: https://build.opensuse.org/request/show/420659 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=87
This commit is contained in:
parent
3cd014e39c
commit
b75d794f38
@ -1,23 +0,0 @@
|
||||
From fe272496f0f9e6e12bfa35f6f1c9d05af9feca2c Mon Sep 17 00:00:00 2001
|
||||
From: Stephan Mueller <smueller@chronox.de>
|
||||
Date: Sat, 8 Mar 2014 23:13:33 +0100
|
||||
Subject: [PATCH v3 2/7] Compile DRBG
|
||||
To: gcrypt-devel@gnupg.org
|
||||
Cc: jeremy.wayne.powell@gmail.com
|
||||
|
||||
Add the drbg.c file to the Makefile.
|
||||
|
||||
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
||||
---
|
||||
diff --git a/random/Makefile.am b/random/Makefile.am
|
||||
index c9d587a..e073fa4 100644
|
||||
--- a/random/Makefile.am
|
||||
+++ b/random/Makefile.am
|
||||
@@ -35,6 +35,7 @@ random.c random.h \
|
||||
rand-internal.h \
|
||||
random-csprng.c \
|
||||
random-fips.c \
|
||||
+drbg.c \
|
||||
random-system.c \
|
||||
rndhw.c
|
||||
|
@ -1,32 +0,0 @@
|
||||
From bb91250be3eeb2309285fa9865166cb381104c81 Mon Sep 17 00:00:00 2001
|
||||
From: Stephan Mueller <smueller@chronox.de>
|
||||
Date: Sat, 8 Mar 2014 23:14:16 +0100
|
||||
Subject: [PATCH v3 3/7] Function definitions of interfaces for random.c
|
||||
To: gcrypt-devel@gnupg.org
|
||||
Cc: jeremy.wayne.powell@gmail.com
|
||||
|
||||
Specify the function definitions to be integrated into the common
|
||||
libgcrypt RNG code.
|
||||
|
||||
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
||||
---
|
||||
diff --git a/random/rand-internal.h b/random/rand-internal.h
|
||||
index 79b23ac..a169a4b 100644
|
||||
--- a/random/rand-internal.h
|
||||
+++ b/random/rand-internal.h
|
||||
@@ -88,6 +88,15 @@ gcry_err_code_t _gcry_rngfips_run_external_test (void *context,
|
||||
char *buffer, size_t buflen);
|
||||
void _gcry_rngfips_deinit_external_test (void *context);
|
||||
|
||||
+/* drbg-gcry.h */
|
||||
+void _gcry_drbg_init(int full);
|
||||
+void _gcry_drbg_close_fds(void);
|
||||
+void _gcry_drbg_dump_stats(void);
|
||||
+int _gcry_drbg_is_faked (void);
|
||||
+gcry_error_t _gcry_drng_add_bytes (const void *buf, size_t buflen, int quality);
|
||||
+void _gcry_drbg_randomize (void *buffer, size_t length,
|
||||
+ enum gcry_random_level level);
|
||||
+gcry_error_t _gcry_drbg_selftest (selftest_report_func_t report);
|
||||
|
||||
/*-- random-system.c --*/
|
||||
void _gcry_rngsystem_initialize (int full);
|
@ -1,132 +0,0 @@
|
||||
From 6aa1bc1df0dbbf5b4cb06b86f949aa9d80f68700 Mon Sep 17 00:00:00 2001
|
||||
From: Stephan Mueller <smueller@chronox.de>
|
||||
Date: Sat, 8 Mar 2014 23:14:58 +0100
|
||||
Subject: [PATCH v3 4/7] Invoke DRBG from common libgcrypt RNG code
|
||||
To: gcrypt-devel@gnupg.org
|
||||
Cc: jeremy.wayne.powell@gmail.com
|
||||
|
||||
Integrate the DRBG invocation with the common libgcrypt RNG code. This
|
||||
integration replaces the old ANSI X9.31 RNG invocation. As the ANSI
|
||||
X9.31 shall only be invoked in FIPS mode and it is sunset at the end of
|
||||
2014 for FIPS purposes, a complete replacement with the DRBG is
|
||||
considered appropriate. The DRBG is FIPS approved deterministic random
|
||||
number generator for the forseeable future.
|
||||
|
||||
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
||||
---
|
||||
Index: libgcrypt-1.6.1/random/random.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.6.1.orig/random/random.c 2014-01-29 10:48:38.000000000 +0100
|
||||
+++ libgcrypt-1.6.1/random/random.c 2014-05-06 14:51:42.350644283 +0200
|
||||
@@ -153,11 +153,13 @@ _gcry_random_initialize (int full)
|
||||
}
|
||||
|
||||
if (fips_mode ())
|
||||
- _gcry_rngfips_initialize (full);
|
||||
+ //_gcry_rngfips_initialize (full);
|
||||
+ _gcry_drbg_init(full);
|
||||
else if (rng_types.standard)
|
||||
_gcry_rngcsprng_initialize (full);
|
||||
else if (rng_types.fips)
|
||||
- _gcry_rngfips_initialize (full);
|
||||
+ _gcry_drbg_init(full);
|
||||
+ //_gcry_rngfips_initialize (full);
|
||||
else if (rng_types.system)
|
||||
_gcry_rngsystem_initialize (full);
|
||||
else
|
||||
@@ -174,11 +176,13 @@ _gcry_random_close_fds (void)
|
||||
the entropy gatherer. */
|
||||
|
||||
if (fips_mode ())
|
||||
- _gcry_rngfips_close_fds ();
|
||||
+ //_gcry_rngfips_close_fds ();
|
||||
+ _gcry_drbg_close_fds ();
|
||||
else if (rng_types.standard)
|
||||
_gcry_rngcsprng_close_fds ();
|
||||
else if (rng_types.fips)
|
||||
- _gcry_rngfips_close_fds ();
|
||||
+ //_gcry_rngfips_close_fds ();
|
||||
+ _gcry_drbg_close_fds ();
|
||||
else if (rng_types.system)
|
||||
_gcry_rngsystem_close_fds ();
|
||||
else
|
||||
@@ -212,7 +216,8 @@ void
|
||||
_gcry_random_dump_stats (void)
|
||||
{
|
||||
if (fips_mode ())
|
||||
- _gcry_rngfips_dump_stats ();
|
||||
+ //_gcry_rngfips_dump_stats ();
|
||||
+ _gcry_drbg_dump_stats ();
|
||||
else
|
||||
_gcry_rngcsprng_dump_stats ();
|
||||
}
|
||||
@@ -271,7 +276,8 @@ int
|
||||
_gcry_random_is_faked (void)
|
||||
{
|
||||
if (fips_mode ())
|
||||
- return _gcry_rngfips_is_faked ();
|
||||
+ //return _gcry_rngfips_is_faked ();
|
||||
+ return _gcry_drbg_is_faked ();
|
||||
else
|
||||
return _gcry_rngcsprng_is_faked ();
|
||||
}
|
||||
@@ -301,11 +307,13 @@ static void
|
||||
do_randomize (void *buffer, size_t length, enum gcry_random_level level)
|
||||
{
|
||||
if (fips_mode ())
|
||||
- _gcry_rngfips_randomize (buffer, length, level);
|
||||
+ //_gcry_rngfips_randomize (buffer, length, level);
|
||||
+ _gcry_drbg_randomize (buffer, length, level);
|
||||
else if (rng_types.standard)
|
||||
_gcry_rngcsprng_randomize (buffer, length, level);
|
||||
else if (rng_types.fips)
|
||||
- _gcry_rngfips_randomize (buffer, length, level);
|
||||
+ //_gcry_rngfips_randomize (buffer, length, level);
|
||||
+ _gcry_drbg_randomize (buffer, length, level);
|
||||
else if (rng_types.system)
|
||||
_gcry_rngsystem_randomize (buffer, length, level);
|
||||
else /* default */
|
||||
@@ -437,7 +445,8 @@ _gcry_create_nonce (void *buffer, size_t
|
||||
nonce generator which is seeded by the RNG actual in use. */
|
||||
if (fips_mode ())
|
||||
{
|
||||
- _gcry_rngfips_create_nonce (buffer, length);
|
||||
+ //_gcry_rngfips_create_nonce (buffer, length);
|
||||
+ _gcry_drbg_randomize (buffer, length, GCRY_WEAK_RANDOM);
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -514,7 +523,8 @@ gpg_error_t
|
||||
_gcry_random_selftest (selftest_report_func_t report)
|
||||
{
|
||||
if (fips_mode ())
|
||||
- return _gcry_rngfips_selftest (report);
|
||||
+ //return _gcry_rngfips_selftest (report);
|
||||
+ return _gcry_drbg_selftest (report);
|
||||
else
|
||||
return 0; /* No selftests yet. */
|
||||
}
|
||||
@@ -530,6 +540,7 @@ _gcry_random_init_external_test (void **
|
||||
const void *seed, size_t seedlen,
|
||||
const void *dt, size_t dtlen)
|
||||
{
|
||||
+ return GPG_ERR_NOT_SUPPORTED;
|
||||
(void)flags;
|
||||
if (fips_mode ())
|
||||
return _gcry_rngfips_init_external_test (r_context, flags, key, keylen,
|
||||
@@ -544,6 +555,7 @@ _gcry_random_init_external_test (void **
|
||||
gcry_err_code_t
|
||||
_gcry_random_run_external_test (void *context, char *buffer, size_t buflen)
|
||||
{
|
||||
+ return GPG_ERR_NOT_SUPPORTED;
|
||||
if (fips_mode ())
|
||||
return _gcry_rngfips_run_external_test (context, buffer, buflen);
|
||||
else
|
||||
@@ -554,6 +566,7 @@ _gcry_random_run_external_test (void *co
|
||||
void
|
||||
_gcry_random_deinit_external_test (void *context)
|
||||
{
|
||||
+ return;
|
||||
if (fips_mode ())
|
||||
_gcry_rngfips_deinit_external_test (context);
|
||||
}
|
@ -1,31 +0,0 @@
|
||||
From 67106d6e63ae5aff91e8fc7072def4c027546d39 Mon Sep 17 00:00:00 2001
|
||||
From: Stephan Mueller <smueller@chronox.de>
|
||||
Date: Sat, 8 Mar 2014 23:15:43 +0100
|
||||
Subject: [PATCH v3 5/7] Function definitions for gcry_control callbacks
|
||||
To: gcrypt-devel@gnupg.org
|
||||
Cc: jeremy.wayne.powell@gmail.com
|
||||
|
||||
The function definitions implemented in drbg.c which are used for
|
||||
gcry_control.
|
||||
|
||||
Changes v3:
|
||||
|
||||
* Remove of set_entropy function call
|
||||
|
||||
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
||||
---
|
||||
diff --git a/random/random.h b/random/random.h
|
||||
index 2bc8cab..343b149 100644
|
||||
--- a/random/random.h
|
||||
+++ b/random/random.h
|
||||
@@ -54,7 +54,9 @@ gcry_err_code_t _gcry_random_run_external_test (void *context,
|
||||
char *buffer, size_t buflen);
|
||||
void _gcry_random_deinit_external_test (void *context);
|
||||
|
||||
-
|
||||
+/*-- drbg.c --*/
|
||||
+gpg_err_code_t _gcry_drbg_reinit (u_int32_t flags, struct drbg_string *pers,
|
||||
+ struct drbg_test_data *test_data);
|
||||
/*-- rndegd.c --*/
|
||||
gpg_error_t _gcry_rndegd_set_socket_name (const char *name);
|
||||
|
@ -1,63 +0,0 @@
|
||||
From bac07e2002f1de9b9ffad477135a67b1bdcf5d85 Mon Sep 17 00:00:00 2001
|
||||
From: Stephan Mueller <smueller@chronox.de>
|
||||
Date: Sat, 8 Mar 2014 23:16:24 +0100
|
||||
Subject: [PATCH v3 6/7] DRBG specific gcry_control requests
|
||||
To: gcrypt-devel@gnupg.org
|
||||
Cc: jeremy.wayne.powell@gmail.com
|
||||
|
||||
gcry_control GCRYCTL_DRBG_REINIT
|
||||
================================
|
||||
This control request re-initializes the DRBG completely, i.e. the entire
|
||||
state of the DRBG is zeroized (with two exceptions listed in
|
||||
GCRYCTL_DRBG_SET_ENTROPY).
|
||||
|
||||
The control request takes the following values which influences how
|
||||
the DRBG is re-initialized:
|
||||
* __u32 flags: This variable specifies the DRBG type to be used for the
|
||||
next initialization. If set to 0, the previous DRBG type is
|
||||
used for the initialization. The DRBG type is an OR of the
|
||||
mandatory flags of the requested DRBG strength and DRBG
|
||||
cipher type. Optionally, the prediction resistance flag
|
||||
can be ORed into the flags variable. For example:
|
||||
- CTR-DRBG with AES-128 without prediction
|
||||
resistance:
|
||||
DRBG_CTRAES128
|
||||
- HMAC-DRBG with SHA-512 with prediction resistance:
|
||||
DRBG_HMACSHA512 | DRBG_PREDICTION_RESIST
|
||||
* struct drbg_string *pers: personalization string to be used for
|
||||
initialization.
|
||||
* struct drbg_test_data *test: TEST parameter only -- should be NULL in
|
||||
normal use -- parameter sets predefined
|
||||
"entropy"
|
||||
The variable of flags is independent from the pers/perslen variables. If
|
||||
flags is set to 0 and perslen is set to 0, the current DRBG type is
|
||||
completely reset without using a personalization string.
|
||||
|
||||
Changes v3:
|
||||
|
||||
* addition of struct drbg_test_data *test to reinit call
|
||||
* change personalization string invocation to struct drbg_string
|
||||
* remove set_entropy call
|
||||
|
||||
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
||||
---
|
||||
diff --git a/src/global.c b/src/global.c
|
||||
index 4e8df86..5c19cca 100644
|
||||
--- a/src/global.c
|
||||
+++ b/src/global.c
|
||||
@@ -671,6 +671,15 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
|
||||
rc = GPG_ERR_NOT_IMPLEMENTED;
|
||||
break;
|
||||
|
||||
+ case GCRYCTL_DRBG_REINIT:
|
||||
+ {
|
||||
+ u_int32_t flags = va_arg (arg_ptr, u_int32_t);
|
||||
+ struct drbg_string *pers = va_arg (arg_ptr, struct drbg_string *);
|
||||
+ struct drbg_test_data *test_data = va_arg (arg_ptr, struct drbg_test_data *);
|
||||
+ rc = _gcry_drbg_reinit(flags, pers, test_data);
|
||||
+ }
|
||||
+ break;
|
||||
+
|
||||
default:
|
||||
_gcry_set_preferred_rng_type (0);
|
||||
rc = GPG_ERR_INV_OP;
|
299
drbg_test.patch
299
drbg_test.patch
@ -1,9 +1,9 @@
|
||||
Index: libgcrypt-1.6.1/tests/drbg_test.c
|
||||
Index: libgcrypt-1.7.2/tests/drbg_test.c
|
||||
===================================================================
|
||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
||||
+++ libgcrypt-1.6.1/tests/drbg_test.c 2014-09-02 16:49:42.279449470 +0200
|
||||
@@ -0,0 +1,1279 @@
|
||||
+/* DRBG test for libgcryt
|
||||
+++ libgcrypt-1.7.2/tests/drbg_test.c 2016-08-16 16:04:52.289060124 +0200
|
||||
@@ -0,0 +1,1332 @@
|
||||
+/* DRBG test for libgcrypt
|
||||
+ Copyright (C) 2014 Stephan Mueller <smueller@chronox.de>
|
||||
+
|
||||
+ Compile:
|
||||
@ -17,69 +17,155 @@ Index: libgcrypt-1.6.1/tests/drbg_test.c
|
||||
+#include <config.h>
|
||||
+#endif
|
||||
+#include <getopt.h>
|
||||
+#include <stdint.h>
|
||||
+#include <stdio.h>
|
||||
+#include <stdlib.h>
|
||||
+#include <asm/types.h>
|
||||
+#include <types.h>
|
||||
+#include <unistd.h>
|
||||
+#include "gcrypt.h"
|
||||
+
|
||||
+/* The following definitions are taken verbatim from random/random-drbg.c.
|
||||
+ * libgcrypt upstream removed the public apis from gcrypt.h in
|
||||
+ * http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=fd13372fa9069d3a72947ea59c57e33637c936bf
|
||||
+ */
|
||||
+/******************************************************************
|
||||
+ * Constants
|
||||
+ ******************************************************************/
|
||||
+
|
||||
+/*
|
||||
+ * DRBG flags bitmasks
|
||||
+ *
|
||||
+ * 31 (B) 28 19 (A) 0
|
||||
+ * +-+-+-+--------+---+-----------+-----+
|
||||
+ * |~|~|u|~~~~~~~~| 3 | 2 | 1 |
|
||||
+ * +-+-+-+--------+- -+-----------+-----+
|
||||
+ * ctl flg| |drbg use selection flags
|
||||
+ *
|
||||
+ */
|
||||
+
|
||||
+/* Internal state control flags (B) */
|
||||
+#define DRBG_PREDICTION_RESIST ((u32)1<<28)
|
||||
+
|
||||
+/* CTR type modifiers (A.1)*/
|
||||
+#define DRBG_CTRAES ((u32)1<<0)
|
||||
+#define DRBG_CTRSERPENT ((u32)1<<1)
|
||||
+#define DRBG_CTRTWOFISH ((u32)1<<2)
|
||||
+#define DRBG_CTR_MASK (DRBG_CTRAES | DRBG_CTRSERPENT \
|
||||
+ | DRBG_CTRTWOFISH)
|
||||
+
|
||||
+/* HASH type modifiers (A.2)*/
|
||||
+#define DRBG_HASHSHA1 ((u32)1<<4)
|
||||
+#define DRBG_HASHSHA224 ((u32)1<<5)
|
||||
+#define DRBG_HASHSHA256 ((u32)1<<6)
|
||||
+#define DRBG_HASHSHA384 ((u32)1<<7)
|
||||
+#define DRBG_HASHSHA512 ((u32)1<<8)
|
||||
+#define DRBG_HASH_MASK (DRBG_HASHSHA1 | DRBG_HASHSHA224 \
|
||||
+ | DRBG_HASHSHA256 | DRBG_HASHSHA384 \
|
||||
+ | DRBG_HASHSHA512)
|
||||
+/* type modifiers (A.3)*/
|
||||
+#define DRBG_HMAC ((u32)1<<12)
|
||||
+#define DRBG_SYM128 ((u32)1<<13)
|
||||
+#define DRBG_SYM192 ((u32)1<<14)
|
||||
+#define DRBG_SYM256 ((u32)1<<15)
|
||||
+#define DRBG_TYPE_MASK (DRBG_HMAC | DRBG_SYM128 | DRBG_SYM192 \
|
||||
+ | DRBG_SYM256)
|
||||
+#define DRBG_CIPHER_MASK (DRBG_CTR_MASK | DRBG_HASH_MASK \
|
||||
+ | DRBG_TYPE_MASK)
|
||||
+
|
||||
+#define DRBG_PR_CTRAES128 (DRBG_PREDICTION_RESIST | DRBG_CTRAES | DRBG_SYM128)
|
||||
+#define DRBG_PR_CTRAES192 (DRBG_PREDICTION_RESIST | DRBG_CTRAES | DRBG_SYM192)
|
||||
+#define DRBG_PR_CTRAES256 (DRBG_PREDICTION_RESIST | DRBG_CTRAES | DRBG_SYM256)
|
||||
+#define DRBG_NOPR_CTRAES128 (DRBG_CTRAES | DRBG_SYM128)
|
||||
+#define DRBG_NOPR_CTRAES192 (DRBG_CTRAES | DRBG_SYM192)
|
||||
+#define DRBG_NOPR_CTRAES256 (DRBG_CTRAES | DRBG_SYM256)
|
||||
+#define DRBG_PR_HASHSHA1 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA1)
|
||||
+#define DRBG_PR_HASHSHA256 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA256)
|
||||
+#define DRBG_PR_HASHSHA384 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA384)
|
||||
+#define DRBG_PR_HASHSHA512 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA512)
|
||||
+#define DRBG_NOPR_HASHSHA1 (DRBG_HASHSHA1)
|
||||
+#define DRBG_NOPR_HASHSHA256 (DRBG_HASHSHA256)
|
||||
+#define DRBG_NOPR_HASHSHA384 (DRBG_HASHSHA384)
|
||||
+#define DRBG_NOPR_HASHSHA512 (DRBG_HASHSHA512)
|
||||
+#define DRBG_PR_HMACSHA1 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA1 \
|
||||
+ | DRBG_HMAC)
|
||||
+#define DRBG_PR_HMACSHA256 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA256 \
|
||||
+ | DRBG_HMAC)
|
||||
+#define DRBG_PR_HMACSHA384 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA384 \
|
||||
+ | DRBG_HMAC)
|
||||
+#define DRBG_PR_HMACSHA512 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA512 \
|
||||
+ | DRBG_HMAC)
|
||||
+#define DRBG_NOPR_HMACSHA1 (DRBG_HASHSHA1 | DRBG_HMAC)
|
||||
+#define DRBG_NOPR_HMACSHA256 (DRBG_HASHSHA256 | DRBG_HMAC)
|
||||
+#define DRBG_NOPR_HMACSHA384 (DRBG_HASHSHA384 | DRBG_HMAC)
|
||||
+#define DRBG_NOPR_HMACSHA512 (DRBG_HASHSHA512 | DRBG_HMAC)
|
||||
+
|
||||
+
|
||||
+/* The default DRGB type. */
|
||||
+#define DRBG_DEFAULT_TYPE DRBG_NOPR_HMACSHA256
|
||||
+
|
||||
+#define ARRAY_SIZE(a) (sizeof(a) / sizeof((a)[0]))
|
||||
+
|
||||
+/* bin/hex conversion stolen from OpenSSL */
|
||||
+static int bin2hex(const unsigned char *in,int len,char *out)
|
||||
+static char hex_char_map_l[] = { '0', '1', '2', '3', '4', '5', '6', '7',
|
||||
+ '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
|
||||
+static char hex_char_map_u[] = { '0', '1', '2', '3', '4', '5', '6', '7',
|
||||
+ '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' };
|
||||
+static char hex_char(unsigned int bin, int u)
|
||||
+{
|
||||
+ int n1, n2;
|
||||
+ unsigned char ch;
|
||||
+
|
||||
+ for (n1=0,n2=0 ; n1 < len ; ++n1)
|
||||
+ {
|
||||
+ ch=in[n1] >> 4;
|
||||
+ if (ch <= 0x09)
|
||||
+ out[n2++]=ch+'0';
|
||||
+ else
|
||||
+ out[n2++]=ch-10+'a';
|
||||
+ ch=in[n1] & 0x0f;
|
||||
+ if(ch <= 0x09)
|
||||
+ out[n2++]=ch+'0';
|
||||
+ else
|
||||
+ out[n2++]=ch-10+'a';
|
||||
+ }
|
||||
+ out[n2]='\0';
|
||||
+ return n2;
|
||||
+ if (bin < sizeof(hex_char_map_l))
|
||||
+ return (u) ? hex_char_map_u[bin] : hex_char_map_l[bin];
|
||||
+ return 'X';
|
||||
+}
|
||||
+
|
||||
+int hex2bin(const char *in, unsigned char *out)
|
||||
+/*
|
||||
+ * Convert binary string into hex representation
|
||||
+ * @bin input buffer with binary data
|
||||
+ * @binlen length of bin
|
||||
+ * @hex output buffer to store hex data
|
||||
+ * @hexlen length of already allocated hex buffer (should be at least
|
||||
+ * twice binlen -- if not, only a fraction of binlen is converted)
|
||||
+ * @u case of hex characters (0=>lower case, 1=>upper case)
|
||||
+ */
|
||||
+static void bin2hex(const unsigned char *bin, size_t binlen,
|
||||
+ char *hex, size_t hexlen, int u)
|
||||
+{
|
||||
+ int n1, n2;
|
||||
+ unsigned char ch;
|
||||
+ size_t i = 0;
|
||||
+ size_t chars = (binlen > (hexlen / 2)) ? (hexlen / 2) : binlen;
|
||||
+
|
||||
+ for (n1=0,n2=0 ; in[n1] && in[n1] != '\n' ; )
|
||||
+ { /* first byte */
|
||||
+ if ((in[n1] >= '0') && (in[n1] <= '9'))
|
||||
+ ch = in[n1++] - '0';
|
||||
+ else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
|
||||
+ ch = in[n1++] - 'A' + 10;
|
||||
+ else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
|
||||
+ ch = in[n1++] - 'a' + 10;
|
||||
+ else
|
||||
+ return -1;
|
||||
+ if(!in[n1])
|
||||
+ {
|
||||
+ out[n2++]=ch;
|
||||
+ break;
|
||||
+ }
|
||||
+ out[n2] = ch << 4;
|
||||
+ /* second byte */
|
||||
+ if ((in[n1] >= '0') && (in[n1] <= '9'))
|
||||
+ ch = in[n1++] - '0';
|
||||
+ else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
|
||||
+ ch = in[n1++] - 'A' + 10;
|
||||
+ else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
|
||||
+ ch = in[n1++] - 'a' + 10;
|
||||
+ else
|
||||
+ return -1;
|
||||
+ out[n2++] |= ch;
|
||||
+ for (i = 0; i < chars; i++) {
|
||||
+ hex[(i*2)] = hex_char((bin[i] >> 4), u);
|
||||
+ hex[((i*2)+1)] = hex_char((bin[i] & 0x0f), u);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+static int bin_char(unsigned char hex)
|
||||
+{
|
||||
+ if (48 <= hex && 57 >= hex)
|
||||
+ return (hex - 48);
|
||||
+ if (65 <= hex && 70 >= hex)
|
||||
+ return (hex - 55);
|
||||
+ if (97 <= hex && 102 >= hex)
|
||||
+ return (hex - 87);
|
||||
+ return 0;
|
||||
+}
|
||||
+/*
|
||||
+ * Convert hex representation into binary string
|
||||
+ * @hex input buffer with hex representation
|
||||
+ * @hexlen length of hex
|
||||
+ * @bin output buffer with binary data
|
||||
+ * @binlen length of already allocated bin buffer (should be at least
|
||||
+ * half of hexlen -- if not, only a fraction of hexlen is converted)
|
||||
+ */
|
||||
+static void hex2bin(const unsigned char *hex, size_t hexlen,
|
||||
+ unsigned char *bin, size_t binlen)
|
||||
+{
|
||||
+ size_t i = 0;
|
||||
+ size_t chars = (binlen > (hexlen / 2)) ? (hexlen / 2) : binlen;
|
||||
+
|
||||
+ for (i = 0; i < chars; i++) {
|
||||
+ bin[i] = bin_char(hex[(i*2)]) << 4;
|
||||
+ bin[i] |= bin_char(hex[((i*2)+1)]);
|
||||
+ }
|
||||
+ return n2;
|
||||
+}
|
||||
+
|
||||
+/* Print a error message and exit the process with an error code. */
|
||||
@ -95,7 +181,7 @@ Index: libgcrypt-1.6.1/tests/drbg_test.c
|
||||
+}
|
||||
+
|
||||
+
|
||||
+struct drbg_test_vector
|
||||
+struct gcry_drbg_test_vector
|
||||
+{
|
||||
+ u_int32_t flags; /* flags selecting the DRBG type */
|
||||
+ unsigned char *entropy; /* entropy string for initialization -- this
|
||||
@ -120,7 +206,7 @@ Index: libgcrypt-1.6.1/tests/drbg_test.c
|
||||
+ size_t expectedlen; /* length of expected random value */
|
||||
+};
|
||||
+
|
||||
+struct drbg_test_vector drbg_test_pr[] = {
|
||||
+struct gcry_drbg_test_vector drbg_test_pr[] = {
|
||||
+ {
|
||||
+ .flags = (DRBG_PR_HASHSHA256),
|
||||
+ .entropy = (unsigned char *)
|
||||
@ -549,7 +635,7 @@ Index: libgcrypt-1.6.1/tests/drbg_test.c
|
||||
+ },
|
||||
+};
|
||||
+
|
||||
+struct drbg_test_vector drbg_test_nopr[] = {
|
||||
+struct gcry_drbg_test_vector drbg_test_nopr[] = {
|
||||
+ {
|
||||
+ .flags = DRBG_NOPR_HASHSHA256,
|
||||
+ .entropy = (unsigned char *)
|
||||
@ -927,57 +1013,22 @@ Index: libgcrypt-1.6.1/tests/drbg_test.c
|
||||
+ },
|
||||
+};
|
||||
+
|
||||
+
|
||||
+/*
|
||||
+ * CAVS Test driver
|
||||
+ *
|
||||
+ * @test: one test vector
|
||||
+ * @pr: true/false for enabling or disabling prediction resistance
|
||||
+ */
|
||||
+int drbg_cavs_test(struct drbg_test_vector *test, unsigned char *buf,
|
||||
+ size_t buflen)
|
||||
+{
|
||||
+ int ret = -1;
|
||||
+ struct drbg_test_data test_data;
|
||||
+ struct drbg_string addtl, pers, testentropy;
|
||||
+
|
||||
+ test_data.testentropy = &testentropy;
|
||||
+ drbg_string_fill(&testentropy, test->entropy, test->entropylen);
|
||||
+ drbg_string_fill(&pers, test->pers, test->perslen);
|
||||
+ ret = gcry_control(GCRYCTL_DRBG_REINIT, test->flags, &pers, &test_data);
|
||||
+ if(ret)
|
||||
+ {
|
||||
+ printf("Test FAIL: re-init DRBG with test entropy\n");
|
||||
+ return ret;
|
||||
+ }
|
||||
+
|
||||
+ drbg_string_fill(&addtl, test->addtla, test->addtllen);
|
||||
+ if(test->entpra)
|
||||
+ drbg_string_fill(&testentropy, test->entpra, test->entprlen);
|
||||
+ gcry_randomize_drbg_test(buf, buflen, GCRY_STRONG_RANDOM, &addtl,
|
||||
+ &test_data);
|
||||
+
|
||||
+ drbg_string_fill(&addtl, test->addtlb, test->addtllen);
|
||||
+ if(test->entpra)
|
||||
+ drbg_string_fill(&testentropy, test->entprb, test->entprlen);
|
||||
+
|
||||
+ gcry_randomize_drbg_test(buf, buflen, GCRY_STRONG_RANDOM, &addtl,
|
||||
+ &test_data);
|
||||
+
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+struct drbg_flags
|
||||
+{
|
||||
+ u_int32_t flags;
|
||||
+};
|
||||
+
|
||||
+gpg_err_code_t
|
||||
+gcry_drbg_cavs_test (struct gcry_drbg_test_vector *test, unsigned char *buf);
|
||||
+extern gpg_err_code_t
|
||||
+gcry_drbg_healthcheck_one (struct gcry_drbg_test_vector *test);
|
||||
+
|
||||
+void builtin_test(void)
|
||||
+{
|
||||
+ /* this must be larger than 128 as otherwise there is a crash */
|
||||
+#define OUTLEN 150
|
||||
+ char rndbuf[OUTLEN];
|
||||
+ char out[200];
|
||||
+ char out[(OUTLEN * 2 + 1)];
|
||||
+ int i = 0;
|
||||
+ int ret = 0;
|
||||
+ int result = 0;
|
||||
@ -1013,8 +1064,10 @@ Index: libgcrypt-1.6.1/tests/drbg_test.c
|
||||
+ if(0 == ret)
|
||||
+ {
|
||||
+ printf("Test PASS: enabling DRBG %d\n", i);
|
||||
+ memset(rndbuf, 0, OUTLEN);
|
||||
+ gcry_randomize(&rndbuf, OUTLEN, GCRY_STRONG_RANDOM);
|
||||
+ bin2hex(rndbuf, OUTLEN, out);
|
||||
+ memset(out, 0, sizeof(out));
|
||||
+ bin2hex(rndbuf, OUTLEN, out, sizeof(out), 0);
|
||||
+ printf("Test PASS: gcry_randomize generated strong random bytes for DRBG %d: %s\n", i, out);
|
||||
+ }
|
||||
+ else
|
||||
@ -1033,8 +1086,7 @@ Index: libgcrypt-1.6.1/tests/drbg_test.c
|
||||
+ for(i = 0; ARRAY_SIZE(drbg_test_nopr) > i; i++)
|
||||
+ {
|
||||
+ memset(rndbuf, 0, drbg_test_nopr[i].expectedlen);
|
||||
+ drbg_cavs_test(&drbg_test_nopr[i], rndbuf, drbg_test_nopr[i].expectedlen);
|
||||
+ ret = memcmp(drbg_test_nopr[i].expected, rndbuf, drbg_test_nopr[i].expectedlen);
|
||||
+ ret = gcry_control(75, &drbg_test_nopr[i], NULL);
|
||||
+ if(ret)
|
||||
+ printf("CAVS test (nopr) FAILED %d, testdef %d\n", ret, i);
|
||||
+ else
|
||||
@ -1045,8 +1097,7 @@ Index: libgcrypt-1.6.1/tests/drbg_test.c
|
||||
+ for(i = 0; ARRAY_SIZE(drbg_test_pr) > i; i++)
|
||||
+ {
|
||||
+ memset(rndbuf, 0, drbg_test_pr[i].expectedlen);
|
||||
+ drbg_cavs_test(&drbg_test_pr[i], rndbuf, drbg_test_pr[i].expectedlen);
|
||||
+ ret = memcmp(drbg_test_pr[i].expected, rndbuf, drbg_test_pr[i].expectedlen);
|
||||
+ ret = gcry_control(75, &drbg_test_pr[i], NULL);
|
||||
+ if(ret)
|
||||
+ printf("CAVS test (pr) FAILED %d, testdef %d\n", ret, i);
|
||||
+ else
|
||||
@ -1076,7 +1127,7 @@ Index: libgcrypt-1.6.1/tests/drbg_test.c
|
||||
+
|
||||
+}
|
||||
+
|
||||
+static void generate_test(struct drbg_test_vector *test)
|
||||
+static void generate_test(struct gcry_drbg_test_vector *test)
|
||||
+{
|
||||
+ unsigned char *buf;
|
||||
+#define DATALEN 10
|
||||
@ -1090,7 +1141,7 @@ Index: libgcrypt-1.6.1/tests/drbg_test.c
|
||||
+
|
||||
+ if (test && test->flags)
|
||||
+ {
|
||||
+ if (gcry_control(GCRYCTL_DRBG_REINIT, test->flags, NULL, NULL))
|
||||
+ if (gcry_control(GCRYCTL_DRBG_REINIT, test->flags, NULL))
|
||||
+ {
|
||||
+ printf("Test FAIL: re-init DRBG with test entropy\n");
|
||||
+ return;
|
||||
@ -1108,6 +1159,7 @@ Index: libgcrypt-1.6.1/tests/drbg_test.c
|
||||
+ }
|
||||
+
|
||||
+ gcry_randomize(buf, len, GCRY_STRONG_RANDOM);
|
||||
+ write(1, buf, len);
|
||||
+ free (buf);
|
||||
+ }
|
||||
+}
|
||||
@ -1140,7 +1192,7 @@ Index: libgcrypt-1.6.1/tests/drbg_test.c
|
||||
+ }
|
||||
+
|
||||
+ tmp = drbg_malloc(tmplen);
|
||||
+ hex2bin(in, tmp);
|
||||
+ hex2bin(in, strlen(in), tmp, tmplen);
|
||||
+ *out = tmp;
|
||||
+ *len = tmplen;
|
||||
+}
|
||||
@ -1167,13 +1219,12 @@ Index: libgcrypt-1.6.1/tests/drbg_test.c
|
||||
+main (int argc, char **argv)
|
||||
+{
|
||||
+ int c = 0;
|
||||
+ long len = 0;
|
||||
+ unsigned char *buf;
|
||||
+ unsigned char *outbuf;
|
||||
+ struct drbg_test_vector exttest;
|
||||
+ struct gcry_drbg_test_vector exttest;
|
||||
+#define MAXDATA 256
|
||||
+
|
||||
+ memset(&exttest, 0, sizeof(struct drbg_test_vector));
|
||||
+ memset(&exttest, 0, sizeof(struct gcry_drbg_test_vector));
|
||||
+ gcry_control (GCRYCTL_SET_VERBOSITY, 2);
|
||||
+ gcry_control (GCRYCTL_FORCE_FIPS_MODE, 0);
|
||||
+ if (!gcry_check_version ("1.5.0"))
|
||||
@ -1233,32 +1284,34 @@ Index: libgcrypt-1.6.1/tests/drbg_test.c
|
||||
+ hex2bin_m(optarg, &exttest.pers, &exttest.perslen);
|
||||
+ break;
|
||||
+ case 'l':
|
||||
+ len = atol(optarg);
|
||||
+ exttest.expectedlen = atoi(optarg);
|
||||
+ break;
|
||||
+ default:
|
||||
+ usage();
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (0 >= len)
|
||||
+ if (0 >= exttest.expectedlen)
|
||||
+ usage();
|
||||
+
|
||||
+ buf = malloc(len);
|
||||
+ buf = malloc(exttest.expectedlen);
|
||||
+ if(!buf) {
|
||||
+ fprintf(stderr, "Cannot allocate %li bytes\n", len);
|
||||
+ fprintf(stderr, "Cannot allocate %li bytes\n", exttest.expectedlen);
|
||||
+ return -1;
|
||||
+ }
|
||||
+ outbuf = malloc(len * 2 + 1);
|
||||
+ outbuf = malloc(exttest.expectedlen * 2 + 1);
|
||||
+ if(!outbuf) {
|
||||
+ fprintf(stderr, "Cannot allocate %li bytes\n", (len*2+1));
|
||||
+ fprintf(stderr, "Cannot allocate %li bytes\n",
|
||||
+ (exttest.expectedlen*2+1));
|
||||
+ return -1;
|
||||
+ }
|
||||
+ memset(outbuf, 0, len * 2 + 1);
|
||||
+ memset(outbuf, 0, exttest.expectedlen * 2 + 1);
|
||||
+ if (exttest.entropy)
|
||||
+ drbg_cavs_test(&exttest, buf, len);
|
||||
+ gcry_control(75, &exttest, buf);
|
||||
+ else
|
||||
+ gcry_randomize(buf, len, GCRY_STRONG_RANDOM);
|
||||
+ bin2hex(buf, len, outbuf);
|
||||
+ gcry_randomize(buf, exttest.expectedlen, GCRY_STRONG_RANDOM);
|
||||
+ bin2hex(buf, exttest.expectedlen,
|
||||
+ outbuf, exttest.expectedlen * 2 + 1, 0);
|
||||
+
|
||||
+ printf("%s\n", outbuf);
|
||||
+
|
||||
@ -1282,11 +1335,11 @@ Index: libgcrypt-1.6.1/tests/drbg_test.c
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
Index: libgcrypt-1.6.1/Makefile.am
|
||||
Index: libgcrypt-1.7.2/Makefile.am
|
||||
===================================================================
|
||||
--- libgcrypt-1.6.1.orig/Makefile.am 2014-01-12 12:19:50.000000000 +0100
|
||||
+++ libgcrypt-1.6.1/Makefile.am 2014-09-02 16:51:10.315504510 +0200
|
||||
@@ -36,6 +36,14 @@ EXTRA_DIST = autogen.sh autogen.rc READM
|
||||
--- libgcrypt-1.7.2.orig/Makefile.am 2016-08-16 15:57:43.397736723 +0200
|
||||
+++ libgcrypt-1.7.2/Makefile.am 2016-08-16 15:57:44.341752563 +0200
|
||||
@@ -42,6 +42,14 @@ EXTRA_DIST = autogen.sh autogen.rc READM
|
||||
|
||||
DISTCLEANFILES =
|
||||
|
||||
|
@ -1,6 +1,7 @@
|
||||
diff -up libgcrypt-1.6.1/tests/cavs_driver.pl.cavs libgcrypt-1.6.1/tests/cavs_driver.pl
|
||||
--- libgcrypt-1.6.1/tests/cavs_driver.pl.cavs 2013-03-15 20:25:38.000000000 +0100
|
||||
+++ libgcrypt-1.6.1/tests/cavs_driver.pl 2014-02-28 14:46:16.436544639 +0100
|
||||
Index: libgcrypt-1.7.2/tests/cavs_driver.pl
|
||||
===================================================================
|
||||
--- libgcrypt-1.7.2.orig/tests/cavs_driver.pl
|
||||
+++ libgcrypt-1.7.2/tests/cavs_driver.pl
|
||||
@@ -1,9 +1,11 @@
|
||||
#!/usr/bin/env perl
|
||||
#
|
||||
@ -674,9 +675,10 @@ diff -up libgcrypt-1.6.1/tests/cavs_driver.pl.cavs libgcrypt-1.6.1/tests/cavs_dr
|
||||
$dsa_sign = \&libgcrypt_dsa_sign;
|
||||
$dsa_verify = \&libgcrypt_dsa_verify;
|
||||
$dsa_genpubkey = \&libgcrypt_dsa_genpubkey;
|
||||
diff -up libgcrypt-1.6.1/tests/cavs_tests.sh.cavs libgcrypt-1.6.1/tests/cavs_tests.sh
|
||||
--- libgcrypt-1.6.1/tests/cavs_tests.sh.cavs 2013-03-15 20:25:38.000000000 +0100
|
||||
+++ libgcrypt-1.6.1/tests/cavs_tests.sh 2014-02-28 14:46:16.437544662 +0100
|
||||
Index: libgcrypt-1.7.2/tests/cavs_tests.sh
|
||||
===================================================================
|
||||
--- libgcrypt-1.7.2.orig/tests/cavs_tests.sh
|
||||
+++ libgcrypt-1.7.2/tests/cavs_tests.sh
|
||||
@@ -55,7 +55,7 @@ function run_one_test () {
|
||||
[ -d "$respdir" ] || mkdir "$respdir"
|
||||
[ -f "$rspfile" ] && rm "$rspfile"
|
||||
@ -686,10 +688,11 @@ diff -up libgcrypt-1.6.1/tests/cavs_tests.sh.cavs libgcrypt-1.6.1/tests/cavs_tes
|
||||
dflag="-D"
|
||||
fi
|
||||
|
||||
diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
|
||||
--- libgcrypt-1.6.1/tests/fipsdrv.c.cavs 2013-12-16 18:44:32.000000000 +0100
|
||||
+++ libgcrypt-1.6.1/tests/fipsdrv.c 2014-02-28 14:46:16.437544662 +0100
|
||||
@@ -893,6 +893,9 @@ print_mpi_line (gcry_mpi_t a, int no_lz)
|
||||
Index: libgcrypt-1.7.2/tests/fipsdrv.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.7.2.orig/tests/fipsdrv.c
|
||||
+++ libgcrypt-1.7.2/tests/fipsdrv.c
|
||||
@@ -892,6 +892,9 @@ print_mpi_line (gcry_mpi_t a, int no_lz)
|
||||
die ("gcry_mpi_aprint failed: %s\n", gpg_strerror (err));
|
||||
|
||||
p = buf;
|
||||
@ -699,7 +702,7 @@ diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
|
||||
if (no_lz && p[0] == '0' && p[1] == '0' && p[2])
|
||||
p += 2;
|
||||
|
||||
@@ -1675,14 +1678,14 @@ run_rsa_verify (const void *data, size_t
|
||||
@@ -1765,14 +1768,14 @@ run_rsa_verify (const void *data, size_t
|
||||
/* Generate a DSA key of size KEYSIZE and return the complete
|
||||
S-expression. */
|
||||
static gcry_sexp_t
|
||||
@ -717,7 +720,7 @@ diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
|
||||
if (err)
|
||||
die ("gcry_sexp_build failed for DSA key generation: %s\n",
|
||||
gpg_strerror (err));
|
||||
@@ -1700,7 +1703,7 @@ dsa_gen (int keysize)
|
||||
@@ -1790,7 +1793,7 @@ dsa_gen (int keysize)
|
||||
/* Generate a DSA key of size KEYSIZE and return the complete
|
||||
S-expression. */
|
||||
static gcry_sexp_t
|
||||
@ -726,7 +729,7 @@ diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
|
||||
{
|
||||
gpg_error_t err;
|
||||
gcry_sexp_t keyspec, key;
|
||||
@@ -1709,10 +1712,11 @@ dsa_gen_with_seed (int keysize, const vo
|
||||
@@ -1799,10 +1802,11 @@ dsa_gen_with_seed (int keysize, const vo
|
||||
"(genkey"
|
||||
" (dsa"
|
||||
" (nbits %d)"
|
||||
@ -740,7 +743,7 @@ diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
|
||||
if (err)
|
||||
die ("gcry_sexp_build failed for DSA key generation: %s\n",
|
||||
gpg_strerror (err));
|
||||
@@ -1720,6 +1724,37 @@ dsa_gen_with_seed (int keysize, const vo
|
||||
@@ -1810,6 +1814,37 @@ dsa_gen_with_seed (int keysize, const vo
|
||||
err = gcry_pk_genkey (&key, keyspec);
|
||||
if (err)
|
||||
die ("gcry_pk_genkey failed for DSA: %s\n", gpg_strerror (err));
|
||||
@ -778,7 +781,7 @@ diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
|
||||
|
||||
gcry_sexp_release (keyspec);
|
||||
|
||||
@@ -1732,7 +1767,7 @@ dsa_gen_with_seed (int keysize, const vo
|
||||
@@ -1849,7 +1884,7 @@ ecdsa_gen_key (const char *curve)
|
||||
with one parameter per line in hex format using this order: p, q,
|
||||
g, seed, counter, h. */
|
||||
static void
|
||||
@ -787,7 +790,7 @@ diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
|
||||
{
|
||||
gcry_sexp_t l1, l2;
|
||||
gcry_mpi_t mpi;
|
||||
@@ -1768,6 +1803,9 @@ print_dsa_domain_parameters (gcry_sexp_t
|
||||
@@ -1885,6 +1920,9 @@ print_dsa_domain_parameters (gcry_sexp_t
|
||||
}
|
||||
gcry_sexp_release (l1);
|
||||
|
||||
@ -797,7 +800,7 @@ diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
|
||||
/* Extract the seed values. */
|
||||
l1 = gcry_sexp_find_token (key, "misc-key-info", 0);
|
||||
if (!l1)
|
||||
@@ -1819,38 +1857,106 @@ print_dsa_domain_parameters (gcry_sexp_t
|
||||
@@ -1976,38 +2014,106 @@ print_ecdsa_dq (gcry_sexp_t key)
|
||||
}
|
||||
|
||||
|
||||
@ -914,7 +917,7 @@ diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
|
||||
|
||||
fp = fopen (filename, "wb");
|
||||
if (!fp)
|
||||
@@ -1863,6 +1969,53 @@ run_dsa_gen (int keysize, const char *fi
|
||||
@@ -2020,6 +2126,53 @@ run_dsa_gen (int keysize, const char *fi
|
||||
}
|
||||
|
||||
|
||||
@ -968,7 +971,7 @@ diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
|
||||
|
||||
/* Sign DATA of length DATALEN using the key taken from the S-expression
|
||||
encoded KEYFILE. */
|
||||
@@ -1872,11 +2025,16 @@ run_dsa_sign (const void *data, size_t d
|
||||
@@ -2029,11 +2182,16 @@ run_dsa_sign (const void *data, size_t d
|
||||
{
|
||||
gpg_error_t err;
|
||||
gcry_sexp_t s_data, s_key, s_sig, s_tmp, s_tmp2;
|
||||
@ -988,7 +991,7 @@ diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
|
||||
if (!err)
|
||||
{
|
||||
err = gcry_sexp_build (&s_data, NULL,
|
||||
@@ -1887,8 +2045,6 @@ run_dsa_sign (const void *data, size_t d
|
||||
@@ -2044,8 +2202,6 @@ run_dsa_sign (const void *data, size_t d
|
||||
die ("gcry_sexp_build failed for DSA data input: %s\n",
|
||||
gpg_strerror (err));
|
||||
|
||||
@ -997,7 +1000,7 @@ diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
|
||||
err = gcry_pk_sign (&s_sig, s_data, s_key);
|
||||
if (err)
|
||||
{
|
||||
@@ -1964,13 +2120,18 @@ run_dsa_verify (const void *data, size_t
|
||||
@@ -2121,13 +2277,18 @@ run_dsa_verify (const void *data, size_t
|
||||
{
|
||||
gpg_error_t err;
|
||||
gcry_sexp_t s_data, s_key, s_sig;
|
||||
@ -1005,11 +1008,11 @@ diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
|
||||
+ char hash[128];
|
||||
gcry_mpi_t tmpmpi;
|
||||
+ int algo;
|
||||
+
|
||||
+ s_key = read_sexp_from_file (keyfile);
|
||||
+ algo = dsa_hash_from_key(s_key);
|
||||
|
||||
- gcry_md_hash_buffer (GCRY_MD_SHA1, hash, data, datalen);
|
||||
+ s_key = read_sexp_from_file (keyfile);
|
||||
+ algo = dsa_hash_from_key(s_key);
|
||||
+
|
||||
+ gcry_md_hash_buffer (algo, hash, data, datalen);
|
||||
/* Note that we can't simply use %b with HASH to build the
|
||||
S-expression, because that might yield a negative value. */
|
||||
@ -1019,7 +1022,7 @@ diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
|
||||
if (!err)
|
||||
{
|
||||
err = gcry_sexp_build (&s_data, NULL,
|
||||
@@ -1981,7 +2142,6 @@ run_dsa_verify (const void *data, size_t
|
||||
@@ -2138,7 +2299,6 @@ run_dsa_verify (const void *data, size_t
|
||||
die ("gcry_sexp_build failed for DSA data input: %s\n",
|
||||
gpg_strerror (err));
|
||||
|
||||
@ -1027,24 +1030,24 @@ diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
|
||||
s_sig = read_sexp_from_file (sigfile);
|
||||
|
||||
err = gcry_pk_verify (s_sig, s_data, s_key);
|
||||
@@ -2014,7 +2174,7 @@ usage (int show_help)
|
||||
"Run a crypto operation using hex encoded input and output.\n"
|
||||
@@ -2304,7 +2464,7 @@ usage (int show_help)
|
||||
"MODE:\n"
|
||||
" encrypt, decrypt, digest, random, hmac-sha,\n"
|
||||
- " rsa-{derive,gen,sign,verify}, dsa-{pqg-gen,gen,sign,verify}\n"
|
||||
+ " rsa-{derive,gen,sign,verify}, dsa-{pq-gen,g-gen,gen,sign,verify}\n"
|
||||
" rsa-{derive,gen,sign,verify},\n"
|
||||
- " dsa-{pqg-gen,gen,sign,verify}, ecdsa-{gen-key,sign,verify}\n"
|
||||
+ " dsa-{pq-gen,g-gen,gen,sign,verify}, ecdsa-{gen-key,sign,verify}\n"
|
||||
"OPTIONS:\n"
|
||||
" --verbose Print additional information\n"
|
||||
" --binary Input and output is in binary form\n"
|
||||
@@ -2024,6 +2184,7 @@ usage (int show_help)
|
||||
" --dt DT Use the hex encoded DT for the RNG\n"
|
||||
@@ -2315,6 +2475,7 @@ usage (int show_help)
|
||||
" --algo NAME Use algorithm NAME\n"
|
||||
" --curve NAME Select ECC curve spec NAME\n"
|
||||
" --keysize N Use a keysize of N bits\n"
|
||||
+ " --qize N Use a DSA q parameter size of N bits\n"
|
||||
" --signature NAME Take signature from file NAME\n"
|
||||
" --chunk N Read in chunks of N bytes (implies --binary)\n"
|
||||
" --pkcs1 Use PKCS#1 encoding\n"
|
||||
@@ -2050,6 +2211,7 @@ main (int argc, char **argv)
|
||||
@@ -2344,6 +2505,7 @@ main (int argc, char **argv)
|
||||
const char *dt_string = NULL;
|
||||
const char *algo_string = NULL;
|
||||
const char *keysize_string = NULL;
|
||||
@ -1052,7 +1055,7 @@ diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
|
||||
const char *signature_string = NULL;
|
||||
FILE *input;
|
||||
void *data;
|
||||
@@ -2143,6 +2305,14 @@ main (int argc, char **argv)
|
||||
@@ -2437,6 +2599,14 @@ main (int argc, char **argv)
|
||||
keysize_string = *argv;
|
||||
argc--; argv++;
|
||||
}
|
||||
@ -1067,17 +1070,16 @@ diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
|
||||
else if (!strcmp (*argv, "--signature"))
|
||||
{
|
||||
argc--; argv++;
|
||||
@@ -2463,23 +2633,49 @@ main (int argc, char **argv)
|
||||
@@ -2792,23 +2962,49 @@ main (int argc, char **argv)
|
||||
}
|
||||
else if (!strcmp (mode_string, "dsa-pqg-gen"))
|
||||
{
|
||||
- int keysize;
|
||||
+ int keysize, qsize;
|
||||
|
||||
keysize = keysize_string? atoi (keysize_string) : 0;
|
||||
if (keysize < 1024 || keysize > 3072)
|
||||
die ("invalid keysize specified; needs to be 1024 .. 3072\n");
|
||||
- run_dsa_pqg_gen (keysize, datalen? data:NULL, datalen);
|
||||
+
|
||||
+ keysize = keysize_string? atoi (keysize_string) : 0;
|
||||
+ if (keysize < 1024 || keysize > 3072)
|
||||
+ die ("invalid keysize specified; needs to be 1024 .. 3072\n");
|
||||
+ qsize = qsize_string? atoi (qsize_string) : 0;
|
||||
+ if (qsize < 160 || qsize > 256)
|
||||
+ die ("invalid qsize specified; needs to be 160 .. 256\n");
|
||||
@ -1086,10 +1088,11 @@ diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
|
||||
+ else if (!strcmp (mode_string, "dsa-g-gen"))
|
||||
+ {
|
||||
+ int keysize, qsize;
|
||||
+
|
||||
+ keysize = keysize_string? atoi (keysize_string) : 0;
|
||||
+ if (keysize < 1024 || keysize > 3072)
|
||||
+ die ("invalid keysize specified; needs to be 1024 .. 3072\n");
|
||||
|
||||
keysize = keysize_string? atoi (keysize_string) : 0;
|
||||
if (keysize < 1024 || keysize > 3072)
|
||||
die ("invalid keysize specified; needs to be 1024 .. 3072\n");
|
||||
- run_dsa_pqg_gen (keysize, datalen? data:NULL, datalen);
|
||||
+ qsize = qsize_string? atoi (qsize_string) : 0;
|
||||
+ if (qsize < 160 || qsize > 256)
|
||||
+ die ("invalid qsize specified; needs to be 160 .. 256\n");
|
||||
|
@ -1,55 +1,8 @@
|
||||
Index: libgcrypt-1.6.1/random/random-fips.c
|
||||
Index: libgcrypt-1.7.2/random/rndlinux.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.6.1.orig/random/random-fips.c
|
||||
+++ libgcrypt-1.6.1/random/random-fips.c
|
||||
@@ -27,10 +27,10 @@
|
||||
There are 3 random context which map to the different levels of
|
||||
random quality:
|
||||
|
||||
- Generator Seed and Key Kernel entropy (init/reseed)
|
||||
- ------------------------------------------------------------
|
||||
- GCRY_VERY_STRONG_RANDOM /dev/random 256/128 bits
|
||||
- GCRY_STRONG_RANDOM /dev/random 256/128 bits
|
||||
+ Generator Seed and Key Kernel entropy (init/reseed)
|
||||
+ ---------------------------------------------------------------------------------------
|
||||
+ GCRY_VERY_STRONG_RANDOM /etc/gcrypt/rngseed+/dev/urandom 256/128 bits
|
||||
+ GCRY_STRONG_RANDOM /etc/gcrypt/rngseed+/dev/urandom 256/128 bits
|
||||
gcry_create_nonce GCRY_STRONG_RANDOM n/a
|
||||
|
||||
All random generators return their data in 128 bit blocks. If the
|
||||
@@ -40,8 +40,10 @@
|
||||
(SEED_TTL) output blocks; the re-seeding is disabled in test mode.
|
||||
|
||||
The GCRY_VERY_STRONG_RANDOM and GCRY_STRONG_RANDOM generators are
|
||||
- keyed and seeded from the /dev/random device. Thus these
|
||||
- generators may block until the kernel has collected enough entropy.
|
||||
+ keyed and seeded with data that is loaded from the /etc/gcrypt/rngseed
|
||||
+ if the device or symlink to device exists xored with the data
|
||||
+ from the /dev/urandom device. This allows the system administrator
|
||||
+ to always seed the RNGs from /dev/random if it is required.
|
||||
|
||||
The gcry_create_nonce generator is keyed and seeded from the
|
||||
GCRY_STRONG_RANDOM generator. It may also block if the
|
||||
@@ -560,9 +562,13 @@ get_entropy (size_t nbytes)
|
||||
entropy_collect_buffer_len = 0;
|
||||
|
||||
#if USE_RNDLINUX
|
||||
+ _gcry_rndlinux_gather_random (entropy_collect_cb, 0,
|
||||
+ X931_AES_KEYLEN,
|
||||
+ -1);
|
||||
+ entropy_collect_buffer_len = 0;
|
||||
rc = _gcry_rndlinux_gather_random (entropy_collect_cb, 0,
|
||||
X931_AES_KEYLEN,
|
||||
- GCRY_VERY_STRONG_RANDOM);
|
||||
+ GCRY_STRONG_RANDOM);
|
||||
#elif USE_RNDW32
|
||||
do
|
||||
{
|
||||
Index: libgcrypt-1.6.1/random/rndlinux.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.6.1.orig/random/rndlinux.c
|
||||
+++ libgcrypt-1.6.1/random/rndlinux.c
|
||||
@@ -36,7 +36,9 @@
|
||||
--- libgcrypt-1.7.2.orig/random/rndlinux.c
|
||||
+++ libgcrypt-1.7.2/random/rndlinux.c
|
||||
@@ -40,7 +40,9 @@
|
||||
#include "g10lib.h"
|
||||
#include "rand-internal.h"
|
||||
|
||||
@ -60,7 +13,7 @@ Index: libgcrypt-1.6.1/random/rndlinux.c
|
||||
|
||||
|
||||
static int
|
||||
@@ -59,7 +61,7 @@ set_cloexec_flag (int fd)
|
||||
@@ -63,7 +65,7 @@ set_cloexec_flag (int fd)
|
||||
* a fatal error but retries until it is able to reopen the device.
|
||||
*/
|
||||
static int
|
||||
@ -69,7 +22,7 @@ Index: libgcrypt-1.6.1/random/rndlinux.c
|
||||
{
|
||||
int fd;
|
||||
|
||||
@@ -67,6 +69,8 @@ open_device (const char *name, int retry
|
||||
@@ -71,6 +73,8 @@ open_device (const char *name, int retry
|
||||
_gcry_random_progress ("open_dev_random", 'X', 1, 0);
|
||||
again:
|
||||
fd = open (name, O_RDONLY);
|
||||
@ -78,7 +31,7 @@ Index: libgcrypt-1.6.1/random/rndlinux.c
|
||||
if (fd == -1 && retry)
|
||||
{
|
||||
struct timeval tv;
|
||||
@@ -111,6 +115,7 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
@@ -115,6 +119,7 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
{
|
||||
static int fd_urandom = -1;
|
||||
static int fd_random = -1;
|
||||
@ -86,7 +39,7 @@ Index: libgcrypt-1.6.1/random/rndlinux.c
|
||||
static unsigned char ever_opened;
|
||||
int fd;
|
||||
int n;
|
||||
@@ -134,6 +139,11 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
@@ -138,6 +143,11 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
close (fd_urandom);
|
||||
fd_urandom = -1;
|
||||
}
|
||||
@ -98,7 +51,7 @@ Index: libgcrypt-1.6.1/random/rndlinux.c
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -153,20 +163,30 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
@@ -165,20 +175,30 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
that we always require the device to be existent but want a more
|
||||
graceful behaviour if the rarely needed close operation has been
|
||||
used and the device needs to be re-opened later. */
|
||||
|
@ -1,7 +1,8 @@
|
||||
diff -up libgcrypt-1.6.3/cipher/bufhelp.h.aliasing libgcrypt-1.6.3/cipher/bufhelp.h
|
||||
--- libgcrypt-1.6.3/cipher/bufhelp.h.aliasing 2015-02-27 10:54:03.000000000 +0100
|
||||
+++ libgcrypt-1.6.3/cipher/bufhelp.h 2015-03-13 15:03:43.301749751 +0100
|
||||
@@ -80,7 +80,7 @@ do_bytes:
|
||||
Index: libgcrypt-1.7.2/cipher/bufhelp.h
|
||||
===================================================================
|
||||
--- libgcrypt-1.7.2.orig/cipher/bufhelp.h
|
||||
+++ libgcrypt-1.7.2/cipher/bufhelp.h
|
||||
@@ -91,7 +91,7 @@ do_bytes:
|
||||
for (; len; len--)
|
||||
*dst++ = *src++;
|
||||
#endif /*__GNUC__ >= 4 && (__x86_64__ || __i386__)*/
|
||||
@ -10,7 +11,7 @@ diff -up libgcrypt-1.6.3/cipher/bufhelp.h.aliasing libgcrypt-1.6.3/cipher/bufhel
|
||||
|
||||
|
||||
/* Optimized function for buffer xoring */
|
||||
@@ -117,7 +117,7 @@ do_bytes:
|
||||
@@ -128,7 +128,7 @@ do_bytes:
|
||||
/* Handle tail. */
|
||||
for (; len; len--)
|
||||
*dst++ = *src1++ ^ *src2++;
|
||||
@ -18,8 +19,8 @@ diff -up libgcrypt-1.6.3/cipher/bufhelp.h.aliasing libgcrypt-1.6.3/cipher/bufhel
|
||||
+} __attribute__ ((optimize("no-strict-aliasing")))
|
||||
|
||||
|
||||
/* Optimized function for buffer xoring with two destination buffers. Used
|
||||
@@ -155,7 +155,7 @@ do_bytes:
|
||||
/* Optimized function for in-place buffer xoring. */
|
||||
@@ -200,7 +200,7 @@ do_bytes:
|
||||
/* Handle tail. */
|
||||
for (; len; len--)
|
||||
*dst1++ = (*dst2++ ^= *src++);
|
||||
@ -28,7 +29,7 @@ diff -up libgcrypt-1.6.3/cipher/bufhelp.h.aliasing libgcrypt-1.6.3/cipher/bufhel
|
||||
|
||||
|
||||
/* Optimized function for combined buffer xoring and copying. Used by mainly
|
||||
@@ -208,7 +208,7 @@ do_bytes:
|
||||
@@ -253,7 +253,7 @@ do_bytes:
|
||||
*dst_xor++ = *srcdst_cpy ^ *src_xor++;
|
||||
*srcdst_cpy++ = temp;
|
||||
}
|
||||
@ -37,7 +38,7 @@ diff -up libgcrypt-1.6.3/cipher/bufhelp.h.aliasing libgcrypt-1.6.3/cipher/bufhel
|
||||
|
||||
|
||||
/* Optimized function for combined buffer xoring and copying. Used by mainly
|
||||
@@ -234,7 +234,7 @@ buf_eq_const(const void *_a, const void
|
||||
@@ -279,7 +279,7 @@ buf_eq_const(const void *_a, const void
|
||||
diff -= !!(a[i] - b[i]);
|
||||
|
||||
return !diff;
|
||||
@ -46,7 +47,7 @@ diff -up libgcrypt-1.6.3/cipher/bufhelp.h.aliasing libgcrypt-1.6.3/cipher/bufhel
|
||||
|
||||
|
||||
#ifndef BUFHELP_FAST_UNALIGNED_ACCESS
|
||||
@@ -246,14 +246,14 @@ static inline u32 buf_get_be32(const voi
|
||||
@@ -291,14 +291,14 @@ static inline u32 buf_get_be32(const voi
|
||||
const byte *in = _buf;
|
||||
return ((u32)in[0] << 24) | ((u32)in[1] << 16) | \
|
||||
((u32)in[2] << 8) | (u32)in[3];
|
||||
@ -63,7 +64,7 @@ diff -up libgcrypt-1.6.3/cipher/bufhelp.h.aliasing libgcrypt-1.6.3/cipher/bufhel
|
||||
|
||||
static inline void buf_put_be32(void *_buf, u32 val)
|
||||
{
|
||||
@@ -262,7 +262,7 @@ static inline void buf_put_be32(void *_b
|
||||
@@ -307,7 +307,7 @@ static inline void buf_put_be32(void *_b
|
||||
out[1] = val >> 16;
|
||||
out[2] = val >> 8;
|
||||
out[3] = val;
|
||||
@ -72,16 +73,16 @@ diff -up libgcrypt-1.6.3/cipher/bufhelp.h.aliasing libgcrypt-1.6.3/cipher/bufhel
|
||||
|
||||
static inline void buf_put_le32(void *_buf, u32 val)
|
||||
{
|
||||
@@ -271,7 +271,7 @@ static inline void buf_put_le32(void *_b
|
||||
@@ -316,7 +316,7 @@ static inline void buf_put_le32(void *_b
|
||||
out[2] = val >> 16;
|
||||
out[1] = val >> 8;
|
||||
out[0] = val;
|
||||
-}
|
||||
+} __attribute__ ((optimize("no-strict-aliasing")))
|
||||
|
||||
#ifdef HAVE_U64_TYPEDEF
|
||||
|
||||
/* Functions for loading and storing unaligned u64 values of different
|
||||
@@ -283,7 +283,7 @@ static inline u64 buf_get_be64(const voi
|
||||
@@ -328,7 +328,7 @@ static inline u64 buf_get_be64(const voi
|
||||
((u64)in[2] << 40) | ((u64)in[3] << 32) | \
|
||||
((u64)in[4] << 24) | ((u64)in[5] << 16) | \
|
||||
((u64)in[6] << 8) | (u64)in[7];
|
||||
@ -90,7 +91,7 @@ diff -up libgcrypt-1.6.3/cipher/bufhelp.h.aliasing libgcrypt-1.6.3/cipher/bufhel
|
||||
|
||||
static inline u64 buf_get_le64(const void *_buf)
|
||||
{
|
||||
@@ -292,7 +292,7 @@ static inline u64 buf_get_le64(const voi
|
||||
@@ -337,7 +337,7 @@ static inline u64 buf_get_le64(const voi
|
||||
((u64)in[5] << 40) | ((u64)in[4] << 32) | \
|
||||
((u64)in[3] << 24) | ((u64)in[2] << 16) | \
|
||||
((u64)in[1] << 8) | (u64)in[0];
|
||||
@ -99,7 +100,7 @@ diff -up libgcrypt-1.6.3/cipher/bufhelp.h.aliasing libgcrypt-1.6.3/cipher/bufhel
|
||||
|
||||
static inline void buf_put_be64(void *_buf, u64 val)
|
||||
{
|
||||
@@ -305,7 +305,7 @@ static inline void buf_put_be64(void *_b
|
||||
@@ -350,7 +350,7 @@ static inline void buf_put_be64(void *_b
|
||||
out[5] = val >> 16;
|
||||
out[6] = val >> 8;
|
||||
out[7] = val;
|
||||
@ -108,70 +109,70 @@ diff -up libgcrypt-1.6.3/cipher/bufhelp.h.aliasing libgcrypt-1.6.3/cipher/bufhel
|
||||
|
||||
static inline void buf_put_le64(void *_buf, u64 val)
|
||||
{
|
||||
@@ -318,7 +318,7 @@ static inline void buf_put_le64(void *_b
|
||||
@@ -363,7 +363,7 @@ static inline void buf_put_le64(void *_b
|
||||
out[2] = val >> 16;
|
||||
out[1] = val >> 8;
|
||||
out[0] = val;
|
||||
-}
|
||||
+} __attribute__ ((optimize("no-strict-aliasing")))
|
||||
#endif /*HAVE_U64_TYPEDEF*/
|
||||
|
||||
#else /*BUFHELP_FAST_UNALIGNED_ACCESS*/
|
||||
@@ -328,24 +328,24 @@ static inline void buf_put_le64(void *_b
|
||||
|
||||
@@ -377,24 +377,24 @@ typedef struct bufhelp_u32_s
|
||||
static inline u32 buf_get_be32(const void *_buf)
|
||||
{
|
||||
return be_bswap32(*(const u32 *)_buf);
|
||||
return be_bswap32(((const bufhelp_u32_t *)_buf)->a);
|
||||
-}
|
||||
+} __attribute__ ((optimize("no-strict-aliasing")))
|
||||
|
||||
static inline u32 buf_get_le32(const void *_buf)
|
||||
{
|
||||
return le_bswap32(*(const u32 *)_buf);
|
||||
return le_bswap32(((const bufhelp_u32_t *)_buf)->a);
|
||||
-}
|
||||
+} __attribute__ ((optimize("no-strict-aliasing")))
|
||||
|
||||
static inline void buf_put_be32(void *_buf, u32 val)
|
||||
{
|
||||
u32 *out = _buf;
|
||||
*out = be_bswap32(val);
|
||||
bufhelp_u32_t *out = _buf;
|
||||
out->a = be_bswap32(val);
|
||||
-}
|
||||
+} __attribute__ ((optimize("no-strict-aliasing")))
|
||||
|
||||
static inline void buf_put_le32(void *_buf, u32 val)
|
||||
{
|
||||
u32 *out = _buf;
|
||||
*out = le_bswap32(val);
|
||||
bufhelp_u32_t *out = _buf;
|
||||
out->a = le_bswap32(val);
|
||||
-}
|
||||
+} __attribute__ ((optimize("no-strict-aliasing")))
|
||||
|
||||
#ifdef HAVE_U64_TYPEDEF
|
||||
/* Functions for loading and storing unaligned u64 values of different
|
||||
@@ -353,24 +353,24 @@ static inline void buf_put_le32(void *_b
|
||||
|
||||
typedef struct bufhelp_u64_s
|
||||
@@ -407,24 +407,24 @@ typedef struct bufhelp_u64_s
|
||||
static inline u64 buf_get_be64(const void *_buf)
|
||||
{
|
||||
return be_bswap64(*(const u64 *)_buf);
|
||||
return be_bswap64(((const bufhelp_u64_t *)_buf)->a);
|
||||
-}
|
||||
+} __attribute__ ((optimize("no-strict-aliasing")))
|
||||
|
||||
static inline u64 buf_get_le64(const void *_buf)
|
||||
{
|
||||
return le_bswap64(*(const u64 *)_buf);
|
||||
return le_bswap64(((const bufhelp_u64_t *)_buf)->a);
|
||||
-}
|
||||
+} __attribute__ ((optimize("no-strict-aliasing")))
|
||||
|
||||
static inline void buf_put_be64(void *_buf, u64 val)
|
||||
{
|
||||
u64 *out = _buf;
|
||||
*out = be_bswap64(val);
|
||||
bufhelp_u64_t *out = _buf;
|
||||
out->a = be_bswap64(val);
|
||||
-}
|
||||
+} __attribute__ ((optimize("no-strict-aliasing")))
|
||||
|
||||
static inline void buf_put_le64(void *_buf, u64 val)
|
||||
{
|
||||
u64 *out = _buf;
|
||||
*out = le_bswap64(val);
|
||||
bufhelp_u64_t *out = _buf;
|
||||
out->a = le_bswap64(val);
|
||||
-}
|
||||
+} __attribute__ ((optimize("no-strict-aliasing")))
|
||||
#endif /*HAVE_U64_TYPEDEF*/
|
||||
|
||||
|
||||
#endif /*BUFHELP_FAST_UNALIGNED_ACCESS*/
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:f9461b4619bb78b273a88d468915750d418e89a3ea3b641bab0563a9af4b04d0
|
||||
size 2480467
|
Binary file not shown.
3
libgcrypt-1.7.3.tar.bz2
Normal file
3
libgcrypt-1.7.3.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:ddac6111077d0a1612247587be238c5294dd0ee4d76dc7ba783cc55fb0337071
|
||||
size 2861294
|
BIN
libgcrypt-1.7.3.tar.bz2.sig
Normal file
BIN
libgcrypt-1.7.3.tar.bz2.sig
Normal file
Binary file not shown.
@ -1,182 +0,0 @@
|
||||
Index: libgcrypt-1.6.1/cipher/dsa.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.6.1.orig/cipher/dsa.c 2014-01-24 10:45:35.000000000 +0100
|
||||
+++ libgcrypt-1.6.1/cipher/dsa.c 2014-09-17 14:16:40.827152998 +0200
|
||||
@@ -67,7 +67,7 @@ static const char *dsa_names[] =
|
||||
|
||||
|
||||
/* A sample 1024 bit DSA key used for the selftests. */
|
||||
-static const char sample_secret_key[] =
|
||||
+static const char sample_secret_key_1024[] =
|
||||
"(private-key"
|
||||
" (dsa"
|
||||
" (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB"
|
||||
@@ -85,7 +85,7 @@ static const char sample_secret_key[] =
|
||||
" 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)"
|
||||
" (x #11D54E4ADBD3034160F2CED4B7CD292A4EBF3EC0#)))";
|
||||
/* A sample 1024 bit DSA key used for the selftests (public only). */
|
||||
-static const char sample_public_key[] =
|
||||
+static const char sample_public_key_1024[] =
|
||||
"(public-key"
|
||||
" (dsa"
|
||||
" (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB"
|
||||
@@ -102,6 +102,23 @@ static const char sample_public_key[] =
|
||||
" 6E45831AB811EEE848EBB24D9F5F2883B6E5DDC4C659DEF944DCFD80BF4D0A20"
|
||||
" 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)))";
|
||||
|
||||
+/* 2048 DSA key from RFC 6979 A.2.2 */
|
||||
+static const char sample_public_key_2048[] =
|
||||
+"(public-key"
|
||||
+" (dsa"
|
||||
+" (p #a85378d8fd3f8d72ec7418080da21317e43ec4b62ba8c8623b7e4d04441dd1a0658662596493ca8e9e8fbb7e34aaddb62e5d67b6d09a6e61b769e7c352aa2b10e20ca0636963b5523e86470decbbeda027e797e7b67635d4d49c30700e74af8a0ff156a801af57a26e7078f1d82f74908ecb6d07e70b3503eed94fa32cf17a7fc3d6cf40dc7b00830e6a2566dc073e343312517c6aa5152b4bfecd2e551fee346318a153423c996b0d5dcb9102aedd38798616f1f1e0d6c403525b1f9b3d4dc766de2dfc4a56d7b8ba5963d60f3e16318870ad436952e55765374eab85e8ec17d6b9a4547b9b5f2752f3105be809b23a2c8d7469db02e24d592394a7dba069e9#)"
|
||||
+" (q #d277044e50f5a4e3f510a50a0b84fdffbca047ed276020567441a0a5#)"
|
||||
+" (g #13d754e21fd241655da891c522a65a72a89bdc64ec9b54a821ed4a898b490e0c4fcb72192a4a20f541f3f2925399f0baecf929aafbf79dfe4332393b32cd2e2fcf272f32a627434a0df242b75b414df372121e53a553f222f836b000f016485b6bd0898451801dcd8de64cd5365696ffc532d528c506620a942a0305046d8f1876341f1e570bc3974ba6b9a438e9702302a2e6e67bfd06d32bc679962271d7b40cd72f386e64e0d7ef86ca8ca5d14228dc2a4f16e3189886b5990674f4200f3a4cf65a3f0ddba1fa672dff2f5e143d10e4e97ae84f6da09535d5b9df259181a79b63b069e949972b02ba36b3586aab7e45f322f82e4e85ca3ab85591b3c2a966#)"
|
||||
+" (y #2452f3ccbe9ed5ca7dc74c602b99226e8f2fab38e7d7ddfb75539b17155e9fcfd1aba564eb8535d812c9c2dcf97284441bc482243624c7f457580c1c38a57c46c457392470edb52cb5a6e03fe6287bb6f49a42a2065a054f030839df1fd3149c4ca0531dd8ca8aaa9cc7337193387348336118224545e88c80ffd8765d74360333ccab9972779b6525a65bdd0d10c675c109bbd3e5be4d72ef6eba6e438d5226237db888379c5fcc47a3847ff63711baed6d03afe81e694a413b680bd38ab4903f8370a707ef551d4941026d9579d691de8edaa16105eb9dba3c2f4c1bec508275aa0207e251b5eccb286a4b01d449d30acb673717a0d2fb3b50c893f7dab14f#)))";
|
||||
+
|
||||
+static const char sample_secret_key_2048[] =
|
||||
+"(private-key"
|
||||
+" (dsa"
|
||||
+" (p #a85378d8fd3f8d72ec7418080da21317e43ec4b62ba8c8623b7e4d04441dd1a0658662596493ca8e9e8fbb7e34aaddb62e5d67b6d09a6e61b769e7c352aa2b10e20ca0636963b5523e86470decbbeda027e797e7b67635d4d49c30700e74af8a0ff156a801af57a26e7078f1d82f74908ecb6d07e70b3503eed94fa32cf17a7fc3d6cf40dc7b00830e6a2566dc073e343312517c6aa5152b4bfecd2e551fee346318a153423c996b0d5dcb9102aedd38798616f1f1e0d6c403525b1f9b3d4dc766de2dfc4a56d7b8ba5963d60f3e16318870ad436952e55765374eab85e8ec17d6b9a4547b9b5f2752f3105be809b23a2c8d7469db02e24d592394a7dba069e9#)"
|
||||
+" (q #d277044e50f5a4e3f510a50a0b84fdffbca047ed276020567441a0a5#)"
|
||||
+" (g #13d754e21fd241655da891c522a65a72a89bdc64ec9b54a821ed4a898b490e0c4fcb72192a4a20f541f3f2925399f0baecf929aafbf79dfe4332393b32cd2e2fcf272f32a627434a0df242b75b414df372121e53a553f222f836b000f016485b6bd0898451801dcd8de64cd5365696ffc532d528c506620a942a0305046d8f1876341f1e570bc3974ba6b9a438e9702302a2e6e67bfd06d32bc679962271d7b40cd72f386e64e0d7ef86ca8ca5d14228dc2a4f16e3189886b5990674f4200f3a4cf65a3f0ddba1fa672dff2f5e143d10e4e97ae84f6da09535d5b9df259181a79b63b069e949972b02ba36b3586aab7e45f322f82e4e85ca3ab85591b3c2a966#)"
|
||||
+" (y #2452f3ccbe9ed5ca7dc74c602b99226e8f2fab38e7d7ddfb75539b17155e9fcfd1aba564eb8535d812c9c2dcf97284441bc482243624c7f457580c1c38a57c46c457392470edb52cb5a6e03fe6287bb6f49a42a2065a054f030839df1fd3149c4ca0531dd8ca8aaa9cc7337193387348336118224545e88c80ffd8765d74360333ccab9972779b6525a65bdd0d10c675c109bbd3e5be4d72ef6eba6e438d5226237db888379c5fcc47a3847ff63711baed6d03afe81e694a413b680bd38ab4903f8370a707ef551d4941026d9579d691de8edaa16105eb9dba3c2f4c1bec508275aa0207e251b5eccb286a4b01d449d30acb673717a0d2fb3b50c893f7dab14f#)"
|
||||
+" (x #0c4b3089d1b862cb3c436491f0915470c52796e3acbee800ec55f6cc#)))";
|
||||
|
||||
|
||||
|
||||
@@ -369,6 +386,8 @@ generate_fips186 (DSA_secret_key *sk, un
|
||||
gcry_mpi_t value_x = NULL; /* The secret exponent. */
|
||||
gcry_mpi_t value_h = NULL; /* Helper. */
|
||||
gcry_mpi_t value_e = NULL; /* Helper. */
|
||||
+ gcry_mpi_t value_c = NULL; /* helper for x */
|
||||
+ gcry_mpi_t value_qm2 = NULL; /* q - 2 */
|
||||
|
||||
/* Preset return values. */
|
||||
*r_counter = 0;
|
||||
@@ -389,9 +408,7 @@ generate_fips186 (DSA_secret_key *sk, un
|
||||
|
||||
/* Check that QBITS and NBITS match the standard. Note that FIPS
|
||||
186-3 uses N for QBITS and L for NBITS. */
|
||||
- if (nbits == 1024 && qbits == 160)
|
||||
- ;
|
||||
- else if (nbits == 2048 && qbits == 224)
|
||||
+ if (nbits == 2048 && qbits == 224)
|
||||
;
|
||||
else if (nbits == 2048 && qbits == 256)
|
||||
;
|
||||
@@ -426,19 +443,18 @@ generate_fips186 (DSA_secret_key *sk, un
|
||||
|
||||
/* Fixme: Enable 186-3 after it has been approved and after fixing
|
||||
the generation function. */
|
||||
- /* if (use_fips186_2) */
|
||||
- (void)use_fips186_2;
|
||||
- ec = _gcry_generate_fips186_2_prime (nbits, qbits,
|
||||
+ if (use_fips186_2)
|
||||
+ ec = _gcry_generate_fips186_2_prime (nbits, qbits,
|
||||
initial_seed.seed,
|
||||
initial_seed.seedlen,
|
||||
&prime_q, &prime_p,
|
||||
r_counter,
|
||||
r_seed, r_seedlen);
|
||||
- /* else */
|
||||
- /* ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0, */
|
||||
- /* &prime_q, &prime_p, */
|
||||
- /* r_counter, */
|
||||
- /* r_seed, r_seedlen, NULL); */
|
||||
+ else
|
||||
+ ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0,
|
||||
+ &prime_q, &prime_p,
|
||||
+ r_counter,
|
||||
+ r_seed, r_seedlen, NULL);
|
||||
sexp_release (initial_seed.sexp);
|
||||
if (ec)
|
||||
goto leave;
|
||||
@@ -459,17 +475,23 @@ generate_fips186 (DSA_secret_key *sk, un
|
||||
while (!mpi_cmp_ui (value_g, 1)); /* Continue until g != 1. */
|
||||
}
|
||||
|
||||
-
|
||||
- /* Select a random number x with: 0 < x < q */
|
||||
+ value_c = mpi_snew (qbits);
|
||||
value_x = mpi_snew (qbits);
|
||||
+ value_qm2 = mpi_snew (qbits);
|
||||
+ mpi_sub_ui (value_qm2, prime_q, 2);
|
||||
+
|
||||
+ /* FIPS 186-4 B.1.2 steps 4-6 */
|
||||
do
|
||||
{
|
||||
if( DBG_CIPHER )
|
||||
progress('.');
|
||||
- _gcry_mpi_randomize (value_x, qbits, GCRY_VERY_STRONG_RANDOM);
|
||||
- mpi_clear_highbit (value_x, qbits+1);
|
||||
+ _gcry_mpi_randomize (value_c, qbits, GCRY_VERY_STRONG_RANDOM);
|
||||
+ mpi_clear_highbit (value_c, qbits+1);
|
||||
}
|
||||
- while (!(mpi_cmp_ui (value_x, 0) > 0 && mpi_cmp (value_x, prime_q) < 0));
|
||||
+ while (mpi_cmp (value_c, value_qm2) > 0);
|
||||
+
|
||||
+ /* x = c + 1 */
|
||||
+ mpi_add_ui(value_x, value_c, 1);
|
||||
|
||||
/* y = g^x mod p */
|
||||
value_y = mpi_alloc_like (prime_p);
|
||||
@@ -502,6 +524,8 @@ generate_fips186 (DSA_secret_key *sk, un
|
||||
_gcry_mpi_release (value_x);
|
||||
_gcry_mpi_release (value_h);
|
||||
_gcry_mpi_release (value_e);
|
||||
+ _gcry_mpi_release (value_c);
|
||||
+ _gcry_mpi_release (value_qm2);
|
||||
|
||||
/* As a last step test this keys (this should never fail of course). */
|
||||
if (!ec && test_keys (sk, qbits) )
|
||||
@@ -1218,10 +1242,10 @@ selftests_dsa (selftest_report_func_t re
|
||||
|
||||
/* Convert the S-expressions into the internal representation. */
|
||||
what = "convert";
|
||||
- err = sexp_sscan (&skey, NULL, sample_secret_key, strlen (sample_secret_key));
|
||||
+ err = sexp_sscan (&skey, NULL, sample_secret_key_2048, strlen (sample_secret_key_2048));
|
||||
if (!err)
|
||||
err = sexp_sscan (&pkey, NULL,
|
||||
- sample_public_key, strlen (sample_public_key));
|
||||
+ sample_public_key_2048, strlen (sample_public_key_2048));
|
||||
if (err)
|
||||
{
|
||||
errtxt = _gcry_strerror (err);
|
||||
Index: libgcrypt-1.6.1/cipher/primegen.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.6.1.orig/cipher/primegen.c 2014-01-29 10:48:38.000000000 +0100
|
||||
+++ libgcrypt-1.6.1/cipher/primegen.c 2014-09-16 16:42:53.713019269 +0200
|
||||
@@ -1668,9 +1668,7 @@ _gcry_generate_fips186_3_prime (unsigned
|
||||
|
||||
/* Step 1: Check the requested prime lengths. */
|
||||
/* Note that due to the size of our buffers QBITS is limited to 256. */
|
||||
- if (pbits == 1024 && qbits == 160)
|
||||
- hashalgo = GCRY_MD_SHA1;
|
||||
- else if (pbits == 2048 && qbits == 224)
|
||||
+ if (pbits == 2048 && qbits == 224)
|
||||
hashalgo = GCRY_MD_SHA224;
|
||||
else if (pbits == 2048 && qbits == 256)
|
||||
hashalgo = GCRY_MD_SHA256;
|
||||
Index: libgcrypt-1.6.1/Makefile.am
|
||||
===================================================================
|
||||
--- libgcrypt-1.6.1.orig/Makefile.am 2014-09-16 16:42:53.707019195 +0200
|
||||
+++ libgcrypt-1.6.1/Makefile.am 2014-09-16 16:42:53.713019269 +0200
|
||||
@@ -36,7 +36,7 @@ EXTRA_DIST = autogen.sh autogen.rc READM
|
||||
|
||||
DISTCLEANFILES =
|
||||
|
||||
-bin_PROGRAMS = fipsdrv drbg_test
|
||||
+bin_PROGRAMS = fipsdrv fips186_dsa drbg_test
|
||||
|
||||
fipsdrv_SOURCES = tests/fipsdrv.c
|
||||
fipsdrv_LDADD = src/libgcrypt.la $(DL_LIBS) $(GPG_ERROR_LIBS)
|
||||
@@ -45,6 +45,9 @@ drbg_test_CPPFLAGS = -I../src -I$(top_sr
|
||||
drbg_test_SOURCES = src/gcrypt.h tests/drbg_test.c
|
||||
drbg_test_LDADD = src/libgcrypt.la $(DL_LIBS) $(GPG_ERROR_LIBS)
|
||||
|
||||
+fips186_dsa_SOURCES = tests/fips186-dsa.c
|
||||
+fips186_dsa_LDADD = src/libgcrypt.la $(DL_LIBS) $(GPG_ERROR_LIBS)
|
||||
+
|
||||
# Add all the files listed in "distfiles" files to the distribution,
|
||||
# apply version number s to some files and create a VERSION file which
|
||||
# we need for the Prereq: patch file trick.
|
@ -1,30 +0,0 @@
|
||||
Index: libgcrypt-1.6.1/cipher/ecc-curves.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.6.1.orig/cipher/ecc-curves.c 2014-01-29 10:48:38.000000000 +0100
|
||||
+++ libgcrypt-1.6.1/cipher/ecc-curves.c 2014-09-18 17:48:15.645814378 +0200
|
||||
@@ -114,7 +114,7 @@ static const ecc_domain_parms_t domain_p
|
||||
"0x6666666666666666666666666666666666666666666666666666666666666658"
|
||||
},
|
||||
{
|
||||
- "NIST P-192", 192, 1,
|
||||
+ "NIST P-192", 192, 0,
|
||||
MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
|
||||
"0xfffffffffffffffffffffffffffffffeffffffffffffffff",
|
||||
"0xfffffffffffffffffffffffffffffffefffffffffffffffc",
|
||||
Index: libgcrypt-1.6.1/cipher/pubkey-util.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.6.1.orig/cipher/pubkey-util.c 2013-12-16 18:44:32.000000000 +0100
|
||||
+++ libgcrypt-1.6.1/cipher/pubkey-util.c 2014-09-18 18:27:24.928658758 +0200
|
||||
@@ -593,7 +593,11 @@ _gcry_pk_util_init_encoding_ctx (struct
|
||||
ctx->nbits = nbits;
|
||||
ctx->encoding = PUBKEY_ENC_UNKNOWN;
|
||||
ctx->flags = 0;
|
||||
- ctx->hash_algo = GCRY_MD_SHA1;
|
||||
+ if (fips_mode()) {
|
||||
+ ctx->hash_algo = GCRY_MD_SHA256;
|
||||
+ } else {
|
||||
+ ctx->hash_algo = GCRY_MD_SHA1;
|
||||
+ }
|
||||
ctx->label = NULL;
|
||||
ctx->labellen = 0;
|
||||
ctx->saltlen = 20;
|
@ -1,8 +1,8 @@
|
||||
Index: libgcrypt-1.6.1/random/random.c
|
||||
Index: libgcrypt-1.7.2/random/random.c
|
||||
===================================================================
|
||||
--- libgcrypt-1.6.1.orig/random/random.c
|
||||
+++ libgcrypt-1.6.1/random/random.c
|
||||
@@ -440,6 +440,9 @@ _gcry_create_nonce (void *buffer, size_t
|
||||
--- libgcrypt-1.7.2.orig/random/random.c
|
||||
+++ libgcrypt-1.7.2/random/random.c
|
||||
@@ -419,6 +419,9 @@ _gcry_create_nonce (void *buffer, size_t
|
||||
size_t n;
|
||||
int err;
|
||||
|
||||
@ -12,7 +12,7 @@ Index: libgcrypt-1.6.1/random/random.c
|
||||
/* First check whether we shall use the FIPS nonce generator. This
|
||||
is only done in FIPS mode, in all other modes, we use our own
|
||||
nonce generator which is seeded by the RNG actual in use. */
|
||||
@@ -455,9 +458,6 @@ _gcry_create_nonce (void *buffer, size_t
|
||||
@@ -433,9 +436,6 @@ _gcry_create_nonce (void *buffer, size_t
|
||||
FIPS mode (not that this means it is also used if the FIPS RNG
|
||||
has been selected but we are not in fips mode). */
|
||||
|
||||
@ -20,5 +20,5 @@ Index: libgcrypt-1.6.1/random/random.c
|
||||
- _gcry_random_initialize (1);
|
||||
-
|
||||
/* Acquire the nonce buffer lock. */
|
||||
err = ath_mutex_lock (&nonce_buffer_lock);
|
||||
err = gpgrt_lock_lock (&nonce_buffer_lock);
|
||||
if (err)
|
||||
|
@ -8,16 +8,16 @@ by choosing v8-like insns for 32-bit v9 mode too.
|
||||
mpi/longlong.h | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
Index: libgcrypt-1.6.4/mpi/longlong.h
|
||||
Index: libgcrypt-1.7.2/mpi/longlong.h
|
||||
===================================================================
|
||||
--- libgcrypt-1.6.4.orig/mpi/longlong.h 2015-09-07 15:33:48.000000000 +0200
|
||||
+++ libgcrypt-1.6.4/mpi/longlong.h 2015-09-08 10:36:28.124169828 +0200
|
||||
@@ -1287,7 +1287,7 @@ typedef unsigned int UTItype __attribute
|
||||
--- libgcrypt-1.7.2.orig/mpi/longlong.h
|
||||
+++ libgcrypt-1.7.2/mpi/longlong.h
|
||||
@@ -1293,7 +1293,7 @@ typedef unsigned int UTItype __attribute
|
||||
"rJ" ((USItype)(al)), \
|
||||
"rI" ((USItype)(bl)) \
|
||||
__CLOBBER_CC)
|
||||
-#if defined (__sparc_v8__) || defined(__sparcv8)
|
||||
+#if defined (__sparc_v8__) || defined(__sparcv8) || defined(__sparc_v9__)
|
||||
-# if defined (__sparc_v8__) || defined(__sparcv8)
|
||||
+# if defined (__sparc_v8__) || defined(__sparcv8) || defined(__space_v9__)
|
||||
/* Don't match immediate range because, 1) it is not often useful,
|
||||
2) the 'I' flag thinks of the range as a 13 bit signed interval,
|
||||
while we want to match a 13 bit interval, sign extended to 32 bits,
|
||||
|
@ -1,3 +1,147 @@
|
||||
-------------------------------------------------------------------
|
||||
Sat Aug 20 10:38:15 UTC 2016 - mpluskal,vcizek,astieger}@suse.com
|
||||
|
||||
- libgcrypt 1.7.3:
|
||||
* security issue already fixes with 1.6.6
|
||||
* Fix building of some asm modules with older compilers and CPUs.
|
||||
* ARMv8/AArch32 improvements for AES, GCM, SHA-256, and SHA-1.
|
||||
- includes changes from libgcrypt 1.7.2:
|
||||
* Bug fixes:
|
||||
- Fix setting of the ECC cofactor if parameters are specified.
|
||||
- Fix memory leak in the ECC code.
|
||||
- Remove debug message about unsupported getrandom syscall.
|
||||
- Fix build problems related to AVX use.
|
||||
- Fix bus errors on ARM for Poly1305, ChaCha20, AES, and SHA-512.
|
||||
* Internal changes:
|
||||
- Improved fatal error message for wrong use of gcry_md_read.
|
||||
- Disallow symmetric encryption/decryption if key is not set.
|
||||
- includes changes from 1.7.1:
|
||||
* Bug fixes:
|
||||
- Fix ecc_verify for cofactor support.
|
||||
- Fix portability bug when using gcc with Solaris 9 SPARC.
|
||||
- Build fix for OpenBSD/amd64
|
||||
- Add OIDs to the Serpent ciphers.
|
||||
* Internal changes:
|
||||
- Use getrandom system call on Linux if available.
|
||||
- Blinding is now also used for RSA signature creation.
|
||||
- Changed names of debug envvars
|
||||
- includes changes from 1.7.0:
|
||||
* New algorithms and modes:
|
||||
- SHA3-224, SHA3-256, SHA3-384, SHA3-512, and MD2 hash algorithms.
|
||||
- SHAKE128 and SHAKE256 extendable-output hash algorithms.
|
||||
- ChaCha20 stream cipher.
|
||||
- Poly1305 message authentication algorithm
|
||||
- ChaCha20-Poly1305 Authenticated Encryption with Associated Data
|
||||
mode.
|
||||
- OCB mode.
|
||||
- HMAC-MD2 for use by legacy applications.
|
||||
* New curves for ECC:
|
||||
- Curve25519.
|
||||
- sec256k1.
|
||||
- GOST R 34.10-2001 and GOST R 34.10-2012.
|
||||
* Performance:
|
||||
- Improved performance of KDF functions.
|
||||
- Assembler optimized implementations of Blowfish and Serpent on
|
||||
ARM.
|
||||
- Assembler optimized implementation of 3DES on x86.
|
||||
- Improved AES using the SSSE3 based vector permutation method by
|
||||
Mike Hamburg.
|
||||
- AVX/BMI is used for SHA-1 and SHA-256 on x86. This is for SHA-1
|
||||
about 20% faster than SSSE3 and more than 100% faster than the
|
||||
generic C implementation.
|
||||
- 40% speedup for SHA-512 and 72% for SHA-1 on ARM Cortex-A8.
|
||||
- 60-90% speedup for Whirlpool on x86.
|
||||
- 300% speedup for RIPE MD-160.
|
||||
- Up to 11 times speedup for CRC functions on x86.
|
||||
* Other features:
|
||||
- Improved ECDSA and FIPS 186-4 compliance.
|
||||
- Support for Montgomery curves.
|
||||
- gcry_cipher_set_sbox to tweak S-boxes of the gost28147 cipher
|
||||
algorithm.
|
||||
- gcry_mpi_ec_sub to subtract two points on a curve.
|
||||
- gcry_mpi_ec_decode_point to decode an MPI into a point object.
|
||||
- Emulation for broken Whirlpool code prior to 1.6.0. [from 1.6.1]
|
||||
- Flag "pkcs1-raw" to enable PCKS#1 padding with a user supplied
|
||||
hash part.
|
||||
- Parameter "saltlen" to set a non-default salt length for RSA PSS.
|
||||
- A SP800-90A conforming DRNG replaces the former X9.31 alternative
|
||||
random number generator.
|
||||
- Map deprecated RSA algo number to the RSA algo number for better
|
||||
backward compatibility. [from 1.6.2]
|
||||
- Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
|
||||
See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
|
||||
[from 1.6.3]
|
||||
- Fixed data-dependent timing variations in modular exponentiation
|
||||
[related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
|
||||
are Practical]. [from 1.6.3]
|
||||
- Flag "no-keytest" for ECC key generation. Due to a bug in
|
||||
the parser that flag will also be accepted but ignored by older
|
||||
version of Libgcrypt. [from 1.6.4]
|
||||
- Speed up the random number generator by requiring less extra
|
||||
seeding. [from 1.6.4]
|
||||
- Always verify a created RSA signature to avoid private key leaks
|
||||
due to hardware failures. [from 1.6.4]
|
||||
- Mitigate side-channel attack on ECDH with Weierstrass curves
|
||||
[CVE-2015-7511]. See http://www.cs.tau.ac.IL/~tromer/ecdh/ for
|
||||
details. [from 1.6.5]
|
||||
* Internal changes:
|
||||
- Moved locking out to libgpg-error.
|
||||
- Support of the SYSROOT envvar in the build system.
|
||||
- Refactor some code.
|
||||
- The availability of a 64 bit integer type is now mandatory.
|
||||
* Bug fixes:
|
||||
- Fixed message digest lookup by OID (regression in 1.6.0).
|
||||
- Fixed a build problem on NetBSD
|
||||
- Fixed some asm build problems and feature detection bugs.
|
||||
* Interface changes relative to the 1.6.0 release:
|
||||
gcry_cipher_final NEW macro.
|
||||
GCRY_CIPHER_MODE_CFB8 NEW constant.
|
||||
GCRY_CIPHER_MODE_OCB NEW.
|
||||
GCRY_CIPHER_MODE_POLY1305 NEW.
|
||||
gcry_cipher_set_sbox NEW macro.
|
||||
gcry_mac_get_algo NEW.
|
||||
GCRY_MAC_HMAC_MD2 NEW.
|
||||
GCRY_MAC_HMAC_SHA3_224 NEW.
|
||||
GCRY_MAC_HMAC_SHA3_256 NEW.
|
||||
GCRY_MAC_HMAC_SHA3_384 NEW.
|
||||
GCRY_MAC_HMAC_SHA3_512 NEW.
|
||||
GCRY_MAC_POLY1305 NEW.
|
||||
GCRY_MAC_POLY1305_AES NEW.
|
||||
GCRY_MAC_POLY1305_CAMELLIA NEW.
|
||||
GCRY_MAC_POLY1305_SEED NEW.
|
||||
GCRY_MAC_POLY1305_SERPENT NEW.
|
||||
GCRY_MAC_POLY1305_TWOFISH NEW.
|
||||
gcry_md_extract NEW.
|
||||
GCRY_MD_FLAG_BUGEMU1 NEW [from 1.6.1].
|
||||
GCRY_MD_GOSTR3411_CP NEW.
|
||||
GCRY_MD_SHA3_224 NEW.
|
||||
GCRY_MD_SHA3_256 NEW.
|
||||
GCRY_MD_SHA3_384 NEW.
|
||||
GCRY_MD_SHA3_512 NEW.
|
||||
GCRY_MD_SHAKE128 NEW.
|
||||
GCRY_MD_SHAKE256 NEW.
|
||||
gcry_mpi_ec_decode_point NEW.
|
||||
gcry_mpi_ec_sub NEW.
|
||||
GCRY_PK_EDDSA NEW constant.
|
||||
GCRYCTL_GET_TAGLEN NEW.
|
||||
GCRYCTL_SET_SBOX NEW.
|
||||
GCRYCTL_SET_TAGLEN NEW.
|
||||
- Apply libgcrypt-1.6.3-aliasing.patch only on big-endian
|
||||
architectures
|
||||
- update drbg_test.patch and install cavs testing directory again
|
||||
- As DRBG is upstream, drop pateches:
|
||||
v9-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch
|
||||
0002-Compile-DRBG.patch
|
||||
0003-Function-definitions-of-interfaces-for-random.c.patch
|
||||
0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch
|
||||
0005-Function-definitions-for-gcry_control-callbacks.patch
|
||||
0006-DRBG-specific-gcry_control-requests.patch
|
||||
v9-0007-User-interface-to-DRBG.patch
|
||||
libgcrypt-fix-rng.patch
|
||||
- drop obsolete:
|
||||
libgcrypt-fips-dsa.patch
|
||||
libgcrypt-fips_ecdsa.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Aug 17 18:21:44 UTC 2016 - astieger@suse.com
|
||||
|
||||
|
@ -19,10 +19,10 @@
|
||||
%define build_hmac256 1
|
||||
%define separate_hmac256_binary 0
|
||||
%define libsoname %{name}20
|
||||
%define sosuffix 20.0.6
|
||||
%define sosuffix 20.1.3
|
||||
%define cavs_dir %{_libexecdir}/%{name}/cavs
|
||||
Name: libgcrypt
|
||||
Version: 1.6.6
|
||||
Version: 1.7.3
|
||||
Release: 0
|
||||
Summary: The GNU Crypto Library
|
||||
License: GPL-2.0+ and LGPL-2.1+ and GPL-3.0+
|
||||
@ -50,28 +50,16 @@ Patch12: libgcrypt-1.6.1-use-fipscheck.patch
|
||||
Patch13: libgcrypt-1.6.1-fips-cavs.patch
|
||||
#PATCH-FIX-SUSE: bnc#724841, fix a random device opening routine
|
||||
Patch14: libgcrypt-1.6.1-fips-cfgrandom.patch
|
||||
# add support for SP800-90A DRBG (fate#316929, bnc#856312)
|
||||
Patch21: v9-0001-SP800-90A-Deterministic-Random-Bit-Generator.patch
|
||||
Patch22: 0002-Compile-DRBG.patch
|
||||
Patch23: 0003-Function-definitions-of-interfaces-for-random.c.patch
|
||||
Patch24: 0004-Invoke-DRBG-from-common-libgcrypt-RNG-code.patch
|
||||
Patch25: 0005-Function-definitions-for-gcry_control-callbacks.patch
|
||||
Patch26: 0006-DRBG-specific-gcry_control-requests.patch
|
||||
Patch27: v9-0007-User-interface-to-DRBG.patch
|
||||
Patch28: libgcrypt-fix-rng.patch
|
||||
Patch29: libgcrypt-init-at-elf-load-fips.patch
|
||||
#PATCH-FIX-SUSE add FIPS CAVS test app for DRBG
|
||||
Patch30: drbg_test.patch
|
||||
#PATCH-FIX-SUSE bnc#894216 make DSA compliant with FIPS 186-4
|
||||
Patch31: libgcrypt-fips-dsa.patch
|
||||
#PATCH-FIX-SUSE run FIPS self-test from constructor
|
||||
Patch32: libgcrypt-fips_run_selftest_at_constructor.patch
|
||||
#PATCH-FIX-SUSE bnc#896202 make ECDSA compliant with FIPS 186-4
|
||||
Patch33: libgcrypt-fips_ecdsa.patch
|
||||
Patch34: libgcrypt-1.6.3-aliasing.patch
|
||||
BuildRequires: automake >= 1.14
|
||||
BuildRequires: fipscheck
|
||||
BuildRequires: libgpg-error-devel >= 1.11
|
||||
BuildRequires: libgpg-error-devel >= 1.13
|
||||
BuildRequires: libtool
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
|
||||
@ -107,7 +95,7 @@ License: GFDL-1.1 and GPL-2.0+ and LGPL-2.1+ and MIT
|
||||
Group: Development/Libraries/C and C++
|
||||
Requires: %{libsoname} = %{version}
|
||||
Requires: glibc-devel
|
||||
Requires: libgpg-error-devel >= 1.8
|
||||
Requires: libgpg-error-devel >= 1.13
|
||||
Requires(post): %{install_info_prereq}
|
||||
|
||||
%description devel
|
||||
@ -155,20 +143,15 @@ understanding of applied cryptography is required to use Libgcrypt.
|
||||
%patch5 -p1
|
||||
%patch7 -p1
|
||||
%patch12 -p1
|
||||
%patch21 -p1
|
||||
%patch22 -p1
|
||||
%patch23 -p1
|
||||
%patch24 -p1
|
||||
%patch25 -p1
|
||||
%patch26 -p1
|
||||
%patch27 -p1
|
||||
%patch28 -p1
|
||||
%patch29 -p1
|
||||
%patch30 -p1
|
||||
%patch31 -p1
|
||||
%patch32 -p1
|
||||
%patch33 -p1
|
||||
# This patch breaks x86_64 builds but is needed for big-endian
|
||||
# architectures
|
||||
%ifarch ppc ppc64 s390 s390x
|
||||
%patch34 -p1
|
||||
%endif
|
||||
%patch13 -p1
|
||||
%patch14 -p1
|
||||
|
||||
@ -176,7 +159,7 @@ understanding of applied cryptography is required to use Libgcrypt.
|
||||
echo building with build_hmac256 set to %{build_hmac256}
|
||||
%{?suse_update_config}
|
||||
autoreconf -fi
|
||||
date=$(date -u +%Y-%m-%dT%H:%M+0000 -r %{SOURCE99})
|
||||
date=$(date -u +%{Y}-%{m}-%{dT}%{H}:%{M}+0000 -r %{SOURCE99})
|
||||
sed -e "s,BUILD_TIMESTAMP=.*,BUILD_TIMESTAMP=$date," -i configure
|
||||
export CFLAGS="%{optflags} $(getconf LFS_CFLAGS)"
|
||||
%configure --with-pic \
|
||||
@ -212,7 +195,7 @@ fipshmac src/.libs/libgcrypt.so.??
|
||||
# make check
|
||||
|
||||
%install
|
||||
make DESTDIR=%{buildroot} install %{?_smp_mflags}
|
||||
make %{?_smp_mflags} DESTDIR=%{buildroot} install
|
||||
rm %{buildroot}%{_libdir}/%{name}.la
|
||||
|
||||
# cavs
|
||||
@ -220,14 +203,11 @@ install -m 0755 -d %{buildroot}%{cavs_dir}
|
||||
install -m 0755 %{SOURCE5} %{buildroot}%{cavs_dir}
|
||||
install -m 0755 %{SOURCE6} %{buildroot}%{cavs_dir}
|
||||
|
||||
mv %{buildroot}%{_bindir}/fips186_dsa %{buildroot}%{cavs_dir}
|
||||
mv %{buildroot}%{_bindir}/fipsdrv %{buildroot}%{cavs_dir}
|
||||
mv %{buildroot}%{_bindir}/drbg_test %{buildroot}%{cavs_dir}
|
||||
|
||||
%post -n %{libsoname} -p /sbin/ldconfig
|
||||
|
||||
%postun -n %{libsoname} -p /sbin/ldconfig
|
||||
|
||||
%post devel
|
||||
%install_info --info-dir=%{_infodir} %{_infodir}/gcrypt.info.gz
|
||||
|
||||
@ -248,7 +228,7 @@ mv %{buildroot}%{_bindir}/drbg_test %{buildroot}%{cavs_dir}
|
||||
%files devel
|
||||
%defattr(-,root,root)
|
||||
%doc AUTHORS COPYING COPYING.LIB ChangeLog NEWS README THANKS TODO
|
||||
%{_infodir}/gcrypt.info.gz
|
||||
%{_infodir}/gcrypt.info%{ext_info}
|
||||
%{_bindir}/dumpsexp
|
||||
%{_bindir}/mpicalc
|
||||
%{_bindir}/%{name}-config
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,309 +0,0 @@
|
||||
From 581c850aa7ac63086a489480efa4cc0bf8cfd510 Mon Sep 17 00:00:00 2001
|
||||
From: Stephan Mueller <smueller@chronox.de>
|
||||
Date: Thu, 21 Aug 2014 21:26:27 +0200
|
||||
Subject: [PATCH v9 7/7] User interface to DRBG
|
||||
|
||||
DRBG Usage
|
||||
==========
|
||||
The SP 800-90A DRBG allows the user to specify a personalization string
|
||||
for initialization as well as an additional information string for each
|
||||
random number request. The following code fragments show how a caller
|
||||
uses the kernel crypto API to use the full functionality of the DRBG.
|
||||
|
||||
Usage without any additional data
|
||||
---------------------------------
|
||||
gcry_randomize(outbuf, OUTLEN, GCRY_STRONG_RANDOM);
|
||||
|
||||
Usage with personalization string during initialization
|
||||
-------------------------------------------------------
|
||||
struct drbg_string pers;
|
||||
|
||||
drbg_string_fill(&pers, "string", strlen("string"));
|
||||
// The reset completely re-initializes the DRBG with the provided
|
||||
// personalization string without changing the DRBG type
|
||||
ret = gcry_control(GCRYCTL_DRBG_REINIT, 0, &pers, NULL);
|
||||
gcry_randomize(outbuf, OUTLEN, GCRY_STRONG_RANDOM);
|
||||
|
||||
Usage with additional information string during random number request
|
||||
---------------------------------------------------------------------
|
||||
struct drbg_string addtl;
|
||||
|
||||
drbg_string_fill(&addtl, "string", strlen("string"));
|
||||
// The following call is a wrapper to gcry_randomize() and returns
|
||||
// the same error codes.
|
||||
gcry_randomize_drbg(outbuf, OUTLEN, GCRY_STRONG_RANDOM, &addtl);
|
||||
|
||||
Usage with personalization and additional information strings
|
||||
-------------------------------------------------------------
|
||||
Just mix both scenarios above.
|
||||
|
||||
Switch the DRBG type to some other type
|
||||
---------------------------------------
|
||||
// Switch to CTR DRBG AES-128 without prediction resistance
|
||||
ret = gcry_control(GCRYCTL_DRBG_REINIT, DRBG_NOPR_CTRAES128, NULL, NULL);
|
||||
gcry_randomize(outbuf, OUTLEN, GCRY_STRONG_RANDOM);
|
||||
|
||||
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
||||
---
|
||||
src/gcrypt.h.in | 157 +++++++++++++++++++++++++++++++++++++++++++++++++++-----
|
||||
1 file changed, 144 insertions(+), 13 deletions(-)
|
||||
|
||||
Index: libgcrypt-1.6.1/src/gcrypt.h.in
|
||||
===================================================================
|
||||
--- libgcrypt-1.6.1.orig/src/gcrypt.h.in 2014-01-29 10:49:05.000000000 +0100
|
||||
+++ libgcrypt-1.6.1/src/gcrypt.h.in 2014-09-02 13:45:42.439648231 +0200
|
||||
@@ -193,7 +193,7 @@ gcry_error_t gcry_err_make_from_errno (g
|
||||
/* Return an error value with the system error ERR. */
|
||||
gcry_err_code_t gcry_error_from_errno (int err);
|
||||
|
||||
-
|
||||
+
|
||||
/* NOTE: Since Libgcrypt 1.6 the thread callbacks are not anymore
|
||||
used. However we keep it to allow for some source code
|
||||
compatibility if used in the standard way. */
|
||||
@@ -228,7 +228,7 @@ struct gcry_thread_cbs
|
||||
(GCRY_THREAD_OPTION_PTHREAD | (GCRY_THREAD_OPTION_VERSION << 8))}
|
||||
|
||||
|
||||
-
|
||||
+
|
||||
/* A generic context object as used by some functions. */
|
||||
struct gcry_context;
|
||||
typedef struct gcry_context *gcry_ctx_t;
|
||||
@@ -254,7 +254,7 @@ typedef struct
|
||||
} gcry_buffer_t;
|
||||
|
||||
|
||||
-
|
||||
+
|
||||
|
||||
/* Check that the library fulfills the version requirement. */
|
||||
const char *gcry_check_version (const char *req_version);
|
||||
@@ -329,7 +329,8 @@ enum gcry_ctl_cmds
|
||||
GCRYCTL_SET_CCM_LENGTHS = 69,
|
||||
GCRYCTL_CLOSE_RANDOM_DEVICE = 70,
|
||||
GCRYCTL_INACTIVATE_FIPS_FLAG = 71,
|
||||
- GCRYCTL_REACTIVATE_FIPS_FLAG = 72
|
||||
+ GCRYCTL_REACTIVATE_FIPS_FLAG = 72,
|
||||
+ GCRYCTL_DRBG_REINIT = 74,
|
||||
};
|
||||
|
||||
/* Perform various operations defined by CMD. */
|
||||
@@ -477,7 +478,7 @@ gpg_error_t gcry_sexp_extract_param (gcr
|
||||
const char *list,
|
||||
...) _GCRY_GCC_ATTR_SENTINEL(0);
|
||||
|
||||
-
|
||||
+
|
||||
/*******************************************
|
||||
* *
|
||||
* Multi Precision Integer Functions *
|
||||
@@ -833,7 +834,7 @@ gcry_mpi_t _gcry_mpi_get_const (int no);
|
||||
#endif /* GCRYPT_NO_MPI_MACROS */
|
||||
|
||||
|
||||
-
|
||||
+
|
||||
/************************************
|
||||
* *
|
||||
* Symmetric Cipher Functions *
|
||||
@@ -1015,7 +1016,7 @@ size_t gcry_cipher_get_algo_blklen (int
|
||||
#define gcry_cipher_test_algo(a) \
|
||||
gcry_cipher_algo_info( (a), GCRYCTL_TEST_ALGO, NULL, NULL )
|
||||
|
||||
-
|
||||
+
|
||||
/************************************
|
||||
* *
|
||||
* Asymmetric Cipher Functions *
|
||||
@@ -1114,7 +1115,7 @@ gcry_sexp_t gcry_pk_get_param (int algo,
|
||||
gcry_error_t gcry_pubkey_get_sexp (gcry_sexp_t *r_sexp,
|
||||
int mode, gcry_ctx_t ctx);
|
||||
|
||||
-
|
||||
+
|
||||
|
||||
/************************************
|
||||
* *
|
||||
@@ -1291,7 +1292,7 @@ void gcry_md_debug (gcry_md_hd_t hd, con
|
||||
#define gcry_md_get_asnoid(a,b,n) \
|
||||
gcry_md_algo_info((a), GCRYCTL_GET_ASNOID, (b), (n))
|
||||
|
||||
-
|
||||
+
|
||||
|
||||
/**********************************************
|
||||
* *
|
||||
@@ -1407,7 +1408,7 @@ int gcry_mac_map_name (const char *name)
|
||||
#define gcry_mac_test_algo(a) \
|
||||
gcry_mac_algo_info( (a), GCRYCTL_TEST_ALGO, NULL, NULL )
|
||||
|
||||
-
|
||||
+
|
||||
/******************************
|
||||
* *
|
||||
* Key Derivation Functions *
|
||||
@@ -1435,7 +1436,7 @@ gpg_error_t gcry_kdf_derive (const void
|
||||
|
||||
|
||||
|
||||
-
|
||||
+
|
||||
/************************************
|
||||
* *
|
||||
* Random Generating Functions *
|
||||
@@ -1504,7 +1505,7 @@ void gcry_create_nonce (void *buffer, si
|
||||
|
||||
|
||||
|
||||
-
|
||||
+
|
||||
/*******************************/
|
||||
/* */
|
||||
/* Prime Number Functions */
|
||||
@@ -1563,7 +1564,7 @@ void gcry_prime_release_factors (gcry_mp
|
||||
gcry_error_t gcry_prime_check (gcry_mpi_t x, unsigned int flags);
|
||||
|
||||
|
||||
-
|
||||
+
|
||||
/************************************
|
||||
* *
|
||||
* Miscellaneous Stuff *
|
||||
@@ -1668,6 +1669,136 @@ int gcry_is_secure (const void *a) _GCRY
|
||||
/* Return true if Libgcrypt is in FIPS mode. */
|
||||
#define gcry_fips_mode_active() !!gcry_control (GCRYCTL_FIPS_MODE_P, 0)
|
||||
|
||||
+/* DRBG test data */
|
||||
+struct drbg_test_data {
|
||||
+ struct drbg_string *testentropy; /* TEST PARAMETER: test entropy */
|
||||
+ int fail_seed_source:1; /* if set, the seed function will return an
|
||||
+ * error */
|
||||
+};
|
||||
+
|
||||
+/* DRBG input data structure for DRBG generate with additional information
|
||||
+ * string */
|
||||
+struct drbg_gen {
|
||||
+ unsigned char *outbuf; /* output buffer for random numbers */
|
||||
+ unsigned int outlen; /* size of output buffer */
|
||||
+ struct drbg_string *addtl; /* input buffer for
|
||||
+ * additional information string */
|
||||
+ struct drbg_test_data *test_data; /* test data */
|
||||
+};
|
||||
+
|
||||
+/*
|
||||
+ * Concatenation Helper and string operation helper
|
||||
+ *
|
||||
+ * SP800-90A requires the concatenation of different data. To avoid copying
|
||||
+ * buffers around or allocate additional memory, the following data structure
|
||||
+ * is used to point to the original memory with its size. In addition, it
|
||||
+ * is used to build a linked list. The linked list defines the concatenation
|
||||
+ * of individual buffers. The order of memory block referenced in that
|
||||
+ * linked list determines the order of concatenation.
|
||||
+ */
|
||||
+/* DRBG string definition */
|
||||
+struct drbg_string {
|
||||
+ const unsigned char *buf;
|
||||
+ size_t len;
|
||||
+ struct drbg_string *next;
|
||||
+};
|
||||
+
|
||||
+static inline void drbg_string_fill(struct drbg_string *string,
|
||||
+ const unsigned char *buf, size_t len)
|
||||
+{
|
||||
+ string->buf = buf;
|
||||
+ string->len = len;
|
||||
+ string->next = NULL;
|
||||
+}
|
||||
+
|
||||
+/* this is a wrapper function for users of libgcrypt */
|
||||
+static inline void gcry_randomize_drbg(void *outbuf, size_t outlen,
|
||||
+ enum gcry_random_level level,
|
||||
+ struct drbg_string *addtl)
|
||||
+{
|
||||
+ struct drbg_gen genbuf;
|
||||
+ genbuf.outbuf = (unsigned char *)outbuf;
|
||||
+ genbuf.outlen = outlen;
|
||||
+ genbuf.addtl = addtl;
|
||||
+ genbuf.test_data = NULL;
|
||||
+ gcry_randomize(&genbuf, 0, level);
|
||||
+}
|
||||
+
|
||||
+/* this is a wrapper function for users of libgcrypt */
|
||||
+static inline void gcry_randomize_drbg_test(void *outbuf, size_t outlen,
|
||||
+ enum gcry_random_level level,
|
||||
+ struct drbg_string *addtl,
|
||||
+ struct drbg_test_data *test_data)
|
||||
+{
|
||||
+ struct drbg_gen genbuf;
|
||||
+ genbuf.outbuf = (unsigned char *)outbuf;
|
||||
+ genbuf.outlen = outlen;
|
||||
+ genbuf.addtl = addtl;
|
||||
+ genbuf.test_data = test_data;
|
||||
+ gcry_randomize(&genbuf, 0, level);
|
||||
+}
|
||||
+
|
||||
+
|
||||
+/*
|
||||
+ * DRBG flags bitmasks
|
||||
+ *
|
||||
+ * 31 (B) 28 19 (A) 0
|
||||
+ * +-+-+-+--------+---+-----------+-----+
|
||||
+ * |~|~|u|~~~~~~~~| 3 | 2 | 1 |
|
||||
+ * +-+-+-+--------+- -+-----------+-----+
|
||||
+ * ctl flg| |drbg use selection flags
|
||||
+ *
|
||||
+ */
|
||||
+
|
||||
+/* internal state control flags (B) */
|
||||
+#define DRBG_PREDICTION_RESIST ((u_int32_t)1<<28)
|
||||
+
|
||||
+/* CTR type modifiers (A.1)*/
|
||||
+#define DRBG_CTRAES ((u_int32_t)1<<0)
|
||||
+#define DRBG_CTRSERPENT ((u_int32_t)1<<1)
|
||||
+#define DRBG_CTRTWOFISH ((u_int32_t)1<<2)
|
||||
+#define DRBG_CTR_MASK (DRBG_CTRAES | DRBG_CTRSERPENT | DRBG_CTRTWOFISH)
|
||||
+
|
||||
+/* HASH type modifiers (A.2)*/
|
||||
+#define DRBG_HASHSHA1 ((u_int32_t)1<<4)
|
||||
+#define DRBG_HASHSHA224 ((u_int32_t)1<<5)
|
||||
+#define DRBG_HASHSHA256 ((u_int32_t)1<<6)
|
||||
+#define DRBG_HASHSHA384 ((u_int32_t)1<<7)
|
||||
+#define DRBG_HASHSHA512 ((u_int32_t)1<<8)
|
||||
+#define DRBG_HASH_MASK (DRBG_HASHSHA1 | DRBG_HASHSHA224 | \
|
||||
+ DRBG_HASHSHA256 | DRBG_HASHSHA384 | \
|
||||
+ DRBG_HASHSHA512)
|
||||
+/* type modifiers (A.3)*/
|
||||
+#define DRBG_HMAC ((u_int32_t)1<<12)
|
||||
+#define DRBG_SYM128 ((u_int32_t)1<<13)
|
||||
+#define DRBG_SYM192 ((u_int32_t)1<<14)
|
||||
+#define DRBG_SYM256 ((u_int32_t)1<<15)
|
||||
+#define DRBG_TYPE_MASK (DRBG_HMAC | DRBG_SYM128 | DRBG_SYM192 | \
|
||||
+ DRBG_SYM256)
|
||||
+#define DRBG_CIPHER_MASK (DRBG_CTR_MASK | DRBG_HASH_MASK | DRBG_TYPE_MASK)
|
||||
+
|
||||
+#define DRBG_PR_CTRAES128 (DRBG_PREDICTION_RESIST | DRBG_CTRAES | DRBG_SYM128)
|
||||
+#define DRBG_PR_CTRAES192 (DRBG_PREDICTION_RESIST | DRBG_CTRAES | DRBG_SYM192)
|
||||
+#define DRBG_PR_CTRAES256 (DRBG_PREDICTION_RESIST | DRBG_CTRAES | DRBG_SYM256)
|
||||
+#define DRBG_NOPR_CTRAES128 (DRBG_CTRAES | DRBG_SYM128)
|
||||
+#define DRBG_NOPR_CTRAES192 (DRBG_CTRAES | DRBG_SYM192)
|
||||
+#define DRBG_NOPR_CTRAES256 (DRBG_CTRAES | DRBG_SYM256)
|
||||
+#define DRBG_PR_HASHSHA1 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA1)
|
||||
+#define DRBG_PR_HASHSHA256 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA256)
|
||||
+#define DRBG_PR_HASHSHA384 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA384)
|
||||
+#define DRBG_PR_HASHSHA512 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA512)
|
||||
+#define DRBG_NOPR_HASHSHA1 (DRBG_HASHSHA1)
|
||||
+#define DRBG_NOPR_HASHSHA256 (DRBG_HASHSHA256)
|
||||
+#define DRBG_NOPR_HASHSHA384 (DRBG_HASHSHA384)
|
||||
+#define DRBG_NOPR_HASHSHA512 (DRBG_HASHSHA512)
|
||||
+#define DRBG_PR_HMACSHA1 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA1 | DRBG_HMAC)
|
||||
+#define DRBG_PR_HMACSHA256 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA256|DRBG_HMAC)
|
||||
+#define DRBG_PR_HMACSHA384 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA384|DRBG_HMAC)
|
||||
+#define DRBG_PR_HMACSHA512 (DRBG_PREDICTION_RESIST | DRBG_HASHSHA512|DRBG_HMAC)
|
||||
+#define DRBG_NOPR_HMACSHA1 (DRBG_HASHSHA1 | DRBG_HMAC)
|
||||
+#define DRBG_NOPR_HMACSHA256 (DRBG_HASHSHA256 | DRBG_HMAC)
|
||||
+#define DRBG_NOPR_HMACSHA384 (DRBG_HASHSHA384 | DRBG_HMAC)
|
||||
+#define DRBG_NOPR_HMACSHA512 (DRBG_HASHSHA512 | DRBG_HMAC)
|
||||
|
||||
#if 0 /* (Keep Emacsens' auto-indent happy.) */
|
||||
{
|
Loading…
Reference in New Issue
Block a user