3
0
forked from pool/libgcrypt

Accepting request 250747 from home:vitezslav_cizek:branches:devel:libraries:c_c++

- disabled curve P-192 in FIPS mode (bnc#896202)
  * added libgcrypt-fips_ecdsa.patch
- don't use SHA-1 for ECDSA in FIPS mode
- also run the fips self tests only in FIPS mode

- run the fips self tests at the constructor code
  * added libgcrypt-fips_run_selftest_at_constructor.patch

- rewrite the DSA-2 code to be FIPS 186-4 compliant (bnc#894216)
  * added libgcrypt-fips-dsa.patch
  * install fips186_dsa
- use 2048 bit keys in selftests_dsa

OBS-URL: https://build.opensuse.org/request/show/250747
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=63
This commit is contained in:
Ismail Dönmez 2014-09-22 20:11:21 +00:00 committed by Git OBS Bridge
parent 1521b4e1a9
commit c1ef8148bf
5 changed files with 272 additions and 6 deletions

182
libgcrypt-fips-dsa.patch Normal file
View File

@ -0,0 +1,182 @@
Index: libgcrypt-1.6.1/cipher/dsa.c
===================================================================
--- libgcrypt-1.6.1.orig/cipher/dsa.c 2014-01-24 10:45:35.000000000 +0100
+++ libgcrypt-1.6.1/cipher/dsa.c 2014-09-17 14:16:40.827152998 +0200
@@ -67,7 +67,7 @@ static const char *dsa_names[] =
/* A sample 1024 bit DSA key used for the selftests. */
-static const char sample_secret_key[] =
+static const char sample_secret_key_1024[] =
"(private-key"
" (dsa"
" (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB"
@@ -85,7 +85,7 @@ static const char sample_secret_key[] =
" 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)"
" (x #11D54E4ADBD3034160F2CED4B7CD292A4EBF3EC0#)))";
/* A sample 1024 bit DSA key used for the selftests (public only). */
-static const char sample_public_key[] =
+static const char sample_public_key_1024[] =
"(public-key"
" (dsa"
" (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB"
@@ -102,6 +102,23 @@ static const char sample_public_key[] =
" 6E45831AB811EEE848EBB24D9F5F2883B6E5DDC4C659DEF944DCFD80BF4D0A20"
" 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)))";
+/* 2048 DSA key from RFC 6979 A.2.2 */
+static const char sample_public_key_2048[] =
+"(public-key"
+" (dsa"
+" (p #a85378d8fd3f8d72ec7418080da21317e43ec4b62ba8c8623b7e4d04441dd1a0658662596493ca8e9e8fbb7e34aaddb62e5d67b6d09a6e61b769e7c352aa2b10e20ca0636963b5523e86470decbbeda027e797e7b67635d4d49c30700e74af8a0ff156a801af57a26e7078f1d82f74908ecb6d07e70b3503eed94fa32cf17a7fc3d6cf40dc7b00830e6a2566dc073e343312517c6aa5152b4bfecd2e551fee346318a153423c996b0d5dcb9102aedd38798616f1f1e0d6c403525b1f9b3d4dc766de2dfc4a56d7b8ba5963d60f3e16318870ad436952e55765374eab85e8ec17d6b9a4547b9b5f2752f3105be809b23a2c8d7469db02e24d592394a7dba069e9#)"
+" (q #d277044e50f5a4e3f510a50a0b84fdffbca047ed276020567441a0a5#)"
+" (g #13d754e21fd241655da891c522a65a72a89bdc64ec9b54a821ed4a898b490e0c4fcb72192a4a20f541f3f2925399f0baecf929aafbf79dfe4332393b32cd2e2fcf272f32a627434a0df242b75b414df372121e53a553f222f836b000f016485b6bd0898451801dcd8de64cd5365696ffc532d528c506620a942a0305046d8f1876341f1e570bc3974ba6b9a438e9702302a2e6e67bfd06d32bc679962271d7b40cd72f386e64e0d7ef86ca8ca5d14228dc2a4f16e3189886b5990674f4200f3a4cf65a3f0ddba1fa672dff2f5e143d10e4e97ae84f6da09535d5b9df259181a79b63b069e949972b02ba36b3586aab7e45f322f82e4e85ca3ab85591b3c2a966#)"
+" (y #2452f3ccbe9ed5ca7dc74c602b99226e8f2fab38e7d7ddfb75539b17155e9fcfd1aba564eb8535d812c9c2dcf97284441bc482243624c7f457580c1c38a57c46c457392470edb52cb5a6e03fe6287bb6f49a42a2065a054f030839df1fd3149c4ca0531dd8ca8aaa9cc7337193387348336118224545e88c80ffd8765d74360333ccab9972779b6525a65bdd0d10c675c109bbd3e5be4d72ef6eba6e438d5226237db888379c5fcc47a3847ff63711baed6d03afe81e694a413b680bd38ab4903f8370a707ef551d4941026d9579d691de8edaa16105eb9dba3c2f4c1bec508275aa0207e251b5eccb286a4b01d449d30acb673717a0d2fb3b50c893f7dab14f#)))";
+
+static const char sample_secret_key_2048[] =
+"(private-key"
+" (dsa"
+" (p #a85378d8fd3f8d72ec7418080da21317e43ec4b62ba8c8623b7e4d04441dd1a0658662596493ca8e9e8fbb7e34aaddb62e5d67b6d09a6e61b769e7c352aa2b10e20ca0636963b5523e86470decbbeda027e797e7b67635d4d49c30700e74af8a0ff156a801af57a26e7078f1d82f74908ecb6d07e70b3503eed94fa32cf17a7fc3d6cf40dc7b00830e6a2566dc073e343312517c6aa5152b4bfecd2e551fee346318a153423c996b0d5dcb9102aedd38798616f1f1e0d6c403525b1f9b3d4dc766de2dfc4a56d7b8ba5963d60f3e16318870ad436952e55765374eab85e8ec17d6b9a4547b9b5f2752f3105be809b23a2c8d7469db02e24d592394a7dba069e9#)"
+" (q #d277044e50f5a4e3f510a50a0b84fdffbca047ed276020567441a0a5#)"
+" (g #13d754e21fd241655da891c522a65a72a89bdc64ec9b54a821ed4a898b490e0c4fcb72192a4a20f541f3f2925399f0baecf929aafbf79dfe4332393b32cd2e2fcf272f32a627434a0df242b75b414df372121e53a553f222f836b000f016485b6bd0898451801dcd8de64cd5365696ffc532d528c506620a942a0305046d8f1876341f1e570bc3974ba6b9a438e9702302a2e6e67bfd06d32bc679962271d7b40cd72f386e64e0d7ef86ca8ca5d14228dc2a4f16e3189886b5990674f4200f3a4cf65a3f0ddba1fa672dff2f5e143d10e4e97ae84f6da09535d5b9df259181a79b63b069e949972b02ba36b3586aab7e45f322f82e4e85ca3ab85591b3c2a966#)"
+" (y #2452f3ccbe9ed5ca7dc74c602b99226e8f2fab38e7d7ddfb75539b17155e9fcfd1aba564eb8535d812c9c2dcf97284441bc482243624c7f457580c1c38a57c46c457392470edb52cb5a6e03fe6287bb6f49a42a2065a054f030839df1fd3149c4ca0531dd8ca8aaa9cc7337193387348336118224545e88c80ffd8765d74360333ccab9972779b6525a65bdd0d10c675c109bbd3e5be4d72ef6eba6e438d5226237db888379c5fcc47a3847ff63711baed6d03afe81e694a413b680bd38ab4903f8370a707ef551d4941026d9579d691de8edaa16105eb9dba3c2f4c1bec508275aa0207e251b5eccb286a4b01d449d30acb673717a0d2fb3b50c893f7dab14f#)"
+" (x #0c4b3089d1b862cb3c436491f0915470c52796e3acbee800ec55f6cc#)))";
@@ -369,6 +386,8 @@ generate_fips186 (DSA_secret_key *sk, un
gcry_mpi_t value_x = NULL; /* The secret exponent. */
gcry_mpi_t value_h = NULL; /* Helper. */
gcry_mpi_t value_e = NULL; /* Helper. */
+ gcry_mpi_t value_c = NULL; /* helper for x */
+ gcry_mpi_t value_qm2 = NULL; /* q - 2 */
/* Preset return values. */
*r_counter = 0;
@@ -389,9 +408,7 @@ generate_fips186 (DSA_secret_key *sk, un
/* Check that QBITS and NBITS match the standard. Note that FIPS
186-3 uses N for QBITS and L for NBITS. */
- if (nbits == 1024 && qbits == 160)
- ;
- else if (nbits == 2048 && qbits == 224)
+ if (nbits == 2048 && qbits == 224)
;
else if (nbits == 2048 && qbits == 256)
;
@@ -426,19 +443,18 @@ generate_fips186 (DSA_secret_key *sk, un
/* Fixme: Enable 186-3 after it has been approved and after fixing
the generation function. */
- /* if (use_fips186_2) */
- (void)use_fips186_2;
- ec = _gcry_generate_fips186_2_prime (nbits, qbits,
+ if (use_fips186_2)
+ ec = _gcry_generate_fips186_2_prime (nbits, qbits,
initial_seed.seed,
initial_seed.seedlen,
&prime_q, &prime_p,
r_counter,
r_seed, r_seedlen);
- /* else */
- /* ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0, */
- /* &prime_q, &prime_p, */
- /* r_counter, */
- /* r_seed, r_seedlen, NULL); */
+ else
+ ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0,
+ &prime_q, &prime_p,
+ r_counter,
+ r_seed, r_seedlen, NULL);
sexp_release (initial_seed.sexp);
if (ec)
goto leave;
@@ -459,17 +475,23 @@ generate_fips186 (DSA_secret_key *sk, un
while (!mpi_cmp_ui (value_g, 1)); /* Continue until g != 1. */
}
-
- /* Select a random number x with: 0 < x < q */
+ value_c = mpi_snew (qbits);
value_x = mpi_snew (qbits);
+ value_qm2 = mpi_snew (qbits);
+ mpi_sub_ui (value_qm2, prime_q, 2);
+
+ /* FIPS 186-4 B.1.2 steps 4-6 */
do
{
if( DBG_CIPHER )
progress('.');
- _gcry_mpi_randomize (value_x, qbits, GCRY_VERY_STRONG_RANDOM);
- mpi_clear_highbit (value_x, qbits+1);
+ _gcry_mpi_randomize (value_c, qbits, GCRY_VERY_STRONG_RANDOM);
+ mpi_clear_highbit (value_c, qbits+1);
}
- while (!(mpi_cmp_ui (value_x, 0) > 0 && mpi_cmp (value_x, prime_q) < 0));
+ while (mpi_cmp (value_c, value_qm2) > 0);
+
+ /* x = c + 1 */
+ mpi_add_ui(value_x, value_c, 1);
/* y = g^x mod p */
value_y = mpi_alloc_like (prime_p);
@@ -502,6 +524,8 @@ generate_fips186 (DSA_secret_key *sk, un
_gcry_mpi_release (value_x);
_gcry_mpi_release (value_h);
_gcry_mpi_release (value_e);
+ _gcry_mpi_release (value_c);
+ _gcry_mpi_release (value_qm2);
/* As a last step test this keys (this should never fail of course). */
if (!ec && test_keys (sk, qbits) )
@@ -1218,10 +1242,10 @@ selftests_dsa (selftest_report_func_t re
/* Convert the S-expressions into the internal representation. */
what = "convert";
- err = sexp_sscan (&skey, NULL, sample_secret_key, strlen (sample_secret_key));
+ err = sexp_sscan (&skey, NULL, sample_secret_key_2048, strlen (sample_secret_key_2048));
if (!err)
err = sexp_sscan (&pkey, NULL,
- sample_public_key, strlen (sample_public_key));
+ sample_public_key_2048, strlen (sample_public_key_2048));
if (err)
{
errtxt = _gcry_strerror (err);
Index: libgcrypt-1.6.1/cipher/primegen.c
===================================================================
--- libgcrypt-1.6.1.orig/cipher/primegen.c 2014-01-29 10:48:38.000000000 +0100
+++ libgcrypt-1.6.1/cipher/primegen.c 2014-09-16 16:42:53.713019269 +0200
@@ -1668,9 +1668,7 @@ _gcry_generate_fips186_3_prime (unsigned
/* Step 1: Check the requested prime lengths. */
/* Note that due to the size of our buffers QBITS is limited to 256. */
- if (pbits == 1024 && qbits == 160)
- hashalgo = GCRY_MD_SHA1;
- else if (pbits == 2048 && qbits == 224)
+ if (pbits == 2048 && qbits == 224)
hashalgo = GCRY_MD_SHA224;
else if (pbits == 2048 && qbits == 256)
hashalgo = GCRY_MD_SHA256;
Index: libgcrypt-1.6.1/Makefile.am
===================================================================
--- libgcrypt-1.6.1.orig/Makefile.am 2014-09-16 16:42:53.707019195 +0200
+++ libgcrypt-1.6.1/Makefile.am 2014-09-16 16:42:53.713019269 +0200
@@ -36,7 +36,7 @@ EXTRA_DIST = autogen.sh autogen.rc READM
DISTCLEANFILES =
-bin_PROGRAMS = fipsdrv drbg_test
+bin_PROGRAMS = fipsdrv fips186_dsa drbg_test
fipsdrv_SOURCES = tests/fipsdrv.c
fipsdrv_LDADD = src/libgcrypt.la $(DL_LIBS) $(GPG_ERROR_LIBS)
@@ -45,6 +45,9 @@ drbg_test_CPPFLAGS = -I../src -I$(top_sr
drbg_test_SOURCES = src/gcrypt.h tests/drbg_test.c
drbg_test_LDADD = src/libgcrypt.la $(DL_LIBS) $(GPG_ERROR_LIBS)
+fips186_dsa_SOURCES = tests/fips186-dsa.c
+fips186_dsa_LDADD = src/libgcrypt.la $(DL_LIBS) $(GPG_ERROR_LIBS)
+
# Add all the files listed in "distfiles" files to the distribution,
# apply version number s to some files and create a VERSION file which
# we need for the Prereq: patch file trick.

View File

@ -0,0 +1,30 @@
Index: libgcrypt-1.6.1/cipher/ecc-curves.c
===================================================================
--- libgcrypt-1.6.1.orig/cipher/ecc-curves.c 2014-01-29 10:48:38.000000000 +0100
+++ libgcrypt-1.6.1/cipher/ecc-curves.c 2014-09-18 17:48:15.645814378 +0200
@@ -114,7 +114,7 @@ static const ecc_domain_parms_t domain_p
"0x6666666666666666666666666666666666666666666666666666666666666658"
},
{
- "NIST P-192", 192, 1,
+ "NIST P-192", 192, 0,
MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
"0xfffffffffffffffffffffffffffffffeffffffffffffffff",
"0xfffffffffffffffffffffffffffffffefffffffffffffffc",
Index: libgcrypt-1.6.1/cipher/pubkey-util.c
===================================================================
--- libgcrypt-1.6.1.orig/cipher/pubkey-util.c 2013-12-16 18:44:32.000000000 +0100
+++ libgcrypt-1.6.1/cipher/pubkey-util.c 2014-09-18 18:27:24.928658758 +0200
@@ -593,7 +593,11 @@ _gcry_pk_util_init_encoding_ctx (struct
ctx->nbits = nbits;
ctx->encoding = PUBKEY_ENC_UNKNOWN;
ctx->flags = 0;
- ctx->hash_algo = GCRY_MD_SHA1;
+ if (fips_mode()) {
+ ctx->hash_algo = GCRY_MD_SHA256;
+ } else {
+ ctx->hash_algo = GCRY_MD_SHA1;
+ }
ctx->label = NULL;
ctx->labellen = 0;
ctx->saltlen = 20;

View File

@ -0,0 +1,17 @@
Index: libgcrypt-1.6.1/src/global.c
===================================================================
--- libgcrypt-1.6.1.orig/src/global.c 2014-09-21 11:41:09.242948783 +0200
+++ libgcrypt-1.6.1/src/global.c 2014-09-21 11:54:49.567586644 +0200
@@ -124,7 +124,11 @@ global_init (void)
err = _gcry_mpi_init ();
if (err)
goto fail;
-
+ if (fips_mode()) {
+ err = _gcry_fips_run_selftests (0);
+ if (err)
+ goto fail;
+ }
return;
fail:

View File

@ -1,3 +1,25 @@
-------------------------------------------------------------------
Sun Sep 21 10:08:39 UTC 2014 - vcizek@suse.com
- disabled curve P-192 in FIPS mode (bnc#896202)
* added libgcrypt-fips_ecdsa.patch
- don't use SHA-1 for ECDSA in FIPS mode
- also run the fips self tests only in FIPS mode
-------------------------------------------------------------------
Tue Sep 16 13:56:01 UTC 2014 - vcizek@suse.com
- run the fips self tests at the constructor code
* added libgcrypt-fips_run_selftest_at_constructor.patch
-------------------------------------------------------------------
Tue Sep 16 12:17:17 UTC 2014 - vcizek@suse.com
- rewrite the DSA-2 code to be FIPS 186-4 compliant (bnc#894216)
* added libgcrypt-fips-dsa.patch
* install fips186_dsa
- use 2048 bit keys in selftests_dsa
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Sep 1 10:57:06 UTC 2014 - vcizek@suse.com Mon Sep 1 10:57:06 UTC 2014 - vcizek@suse.com

View File

@ -20,6 +20,7 @@
%define separate_hmac256_binary 0 %define separate_hmac256_binary 0
%define libsoname %{name}20 %define libsoname %{name}20
%define sosuffix 20.0.1 %define sosuffix 20.0.1
%define cavs_dir %{_libexecdir}/%{name}/cavs
Name: libgcrypt Name: libgcrypt
Version: 1.6.1 Version: 1.6.1
Release: 0 Release: 0
@ -61,7 +62,14 @@ Patch26: 0006-DRBG-specific-gcry_control-requests.patch
Patch27: v9-0007-User-interface-to-DRBG.patch Patch27: v9-0007-User-interface-to-DRBG.patch
Patch28: libgcrypt-fix-rng.patch Patch28: libgcrypt-fix-rng.patch
Patch29: libgcrypt-init-at-elf-load-fips.patch Patch29: libgcrypt-init-at-elf-load-fips.patch
#PATCH-FIX-SUSE add FIPS CAVS test app for DRBG
Patch30: drbg_test.patch Patch30: drbg_test.patch
#PATCH-FIX-SUSE bnc#894216 make DSA compliant with FIPS 186-4
Patch31: libgcrypt-fips-dsa.patch
#PATCH-FIX-SUSE run FIPS self-test from constructor
Patch32: libgcrypt-fips_run_selftest_at_constructor.patch
#PATCH-FIX-SUSE bnc#896202 make ECDSA compliant with FIPS 186-4
Patch33: libgcrypt-fips_ecdsa.patch
BuildRequires: automake >= 1.11 BuildRequires: automake >= 1.11
BuildRequires: libgpg-error-devel >= 1.11 BuildRequires: libgpg-error-devel >= 1.11
BuildRequires: libtool BuildRequires: libtool
@ -163,6 +171,9 @@ understanding of applied cryptography is required to use Libgcrypt.
%patch28 -p1 %patch28 -p1
%patch29 -p1 %patch29 -p1
%patch30 -p1 %patch30 -p1
%patch31 -p1
%patch32 -p1
%patch33 -p1
%endif %endif
%patch13 -p1 %patch13 -p1
%patch14 -p1 %patch14 -p1
@ -218,14 +229,18 @@ fipshmac src/.libs/libgcrypt.so.??
%install %install
make DESTDIR=%{buildroot} install %{?_smp_mflags} make DESTDIR=%{buildroot} install %{?_smp_mflags}
rm %{buildroot}%{_libdir}/%{name}.la rm %{buildroot}%{_libdir}/%{name}.la
# cavs # cavs
install -m 0755 -d %{buildroot}/%{_libexecdir}/%{name} install -m 0755 -d %{buildroot}%{cavs_dir}
install -m 0755 %{SOURCE5} %{buildroot}/%{_libexecdir}/%{name} install -m 0755 %{SOURCE5} %{buildroot}%{cavs_dir}
install -m 0755 %{SOURCE6} %{buildroot}/%{_libexecdir}/%{name} install -m 0755 %{SOURCE6} %{buildroot}%{cavs_dir}
mv %{buildroot}%{_bindir}/fipsdrv %{buildroot}/%{_libexecdir}/%{name}
mv %{buildroot}%{_bindir}/drbg_test %{buildroot}/%{_libexecdir}/%{name} %if 0%{?suse_version} > 1310
mv %{buildroot}%{_bindir}/fips186_dsa %{buildroot}%{cavs_dir}
mv %{buildroot}%{_bindir}/fipsdrv %{buildroot}%{cavs_dir}
mv %{buildroot}%{_bindir}/drbg_test %{buildroot}%{cavs_dir}
%endif
%post -n %{libsoname} -p /sbin/ldconfig %post -n %{libsoname} -p /sbin/ldconfig