cipher: add restriction on CCM tag length under FIPS mode
Resolves: #2137807 Signed-off-by: Daiki Ueno <dueno@redhat.com>
This commit is contained in:
parent
7dd34fb86b
commit
53a68f179c
331
gnutls-3.7.6-fips-ccm-taglen.patch
Normal file
331
gnutls-3.7.6-fips-ccm-taglen.patch
Normal file
@ -0,0 +1,331 @@
|
|||||||
|
From 26b2caef673aba8bfd10db3b1b8117f941c18e58 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daiki Ueno <ueno@gnu.org>
|
||||||
|
Date: Fri, 21 Oct 2022 15:48:39 +0900
|
||||||
|
Subject: [PATCH] cipher: add restriction on CCM tag length under FIPS mode
|
||||||
|
|
||||||
|
This change prohibits any use of tag length other than 4, 6, 8, 10,
|
||||||
|
12, 14, and 16 bytes in CCM used under FIPS mode, in accordance with
|
||||||
|
SP800-38C A.1. While use of tag lengths smaller than 8 bytes is not
|
||||||
|
recommended, we simply allow 4 and 6 bytes tags for now.
|
||||||
|
|
||||||
|
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||||
|
---
|
||||||
|
lib/accelerated/aarch64/aes-ccm-aarch64.c | 39 ++++++++++
|
||||||
|
lib/accelerated/x86/aes-ccm-x86-aesni.c | 39 ++++++++++
|
||||||
|
lib/nettle/cipher.c | 55 ++++++++++++++
|
||||||
|
tests/fips-test.c | 87 ++++++++++++++++++++++-
|
||||||
|
4 files changed, 218 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/accelerated/aarch64/aes-ccm-aarch64.c b/lib/accelerated/aarch64/aes-ccm-aarch64.c
|
||||||
|
index a2ba259e99..b415d4ddfb 100644
|
||||||
|
--- a/lib/accelerated/aarch64/aes-ccm-aarch64.c
|
||||||
|
+++ b/lib/accelerated/aarch64/aes-ccm-aarch64.c
|
||||||
|
@@ -36,6 +36,7 @@
|
||||||
|
#include <byteswap.h>
|
||||||
|
#include <nettle/ccm.h>
|
||||||
|
#include <aes-aarch64.h>
|
||||||
|
+#include <fips.h>
|
||||||
|
|
||||||
|
typedef struct ccm_aarch64_aes_ctx {
|
||||||
|
AES_KEY key;
|
||||||
|
@@ -103,6 +104,25 @@ aes_ccm_aead_encrypt(void *_ctx,
|
||||||
|
if (unlikely(encr_size < plain_size + tag_size))
|
||||||
|
return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
|
||||||
|
|
||||||
|
+ /* SP800-38C A.1 says Tlen must be a multiple of 16 between 32
|
||||||
|
+ * and 128.
|
||||||
|
+ */
|
||||||
|
+ switch (tag_size) {
|
||||||
|
+ case 4: case 6:
|
||||||
|
+ /* SP800-38C B.2 says Tlen smaller than 64 should not be used
|
||||||
|
+ * under sufficient restriction. We simply allow those for now.
|
||||||
|
+ */
|
||||||
|
+ FALLTHROUGH;
|
||||||
|
+ case 8: case 10: case 12: case 14: case 16:
|
||||||
|
+ break;
|
||||||
|
+ default:
|
||||||
|
+ if (_gnutls_fips_mode_enabled()) {
|
||||||
|
+ _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
|
||||||
|
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
||||||
|
+ }
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
ccm_encrypt_message(&ctx->key, aarch64_aes_encrypt,
|
||||||
|
nonce_size, nonce,
|
||||||
|
auth_size, auth,
|
||||||
|
@@ -129,6 +149,25 @@ aes_ccm_aead_decrypt(void *_ctx,
|
||||||
|
if (unlikely(plain_size < encr_size - tag_size))
|
||||||
|
return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
|
||||||
|
|
||||||
|
+ /* SP800-38C A.1 says Tlen must be a multiple of 16 between 32
|
||||||
|
+ * and 128.
|
||||||
|
+ */
|
||||||
|
+ switch (tag_size) {
|
||||||
|
+ case 4: case 6:
|
||||||
|
+ /* SP800-38C B.2 says Tlen smaller than 64 should not be used
|
||||||
|
+ * under sufficient restriction. We simply allow those for now.
|
||||||
|
+ */
|
||||||
|
+ FALLTHROUGH;
|
||||||
|
+ case 8: case 10: case 12: case 14: case 16:
|
||||||
|
+ break;
|
||||||
|
+ default:
|
||||||
|
+ if (_gnutls_fips_mode_enabled()) {
|
||||||
|
+ _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
|
||||||
|
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
||||||
|
+ }
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
ret = ccm_decrypt_message(&ctx->key, aarch64_aes_encrypt,
|
||||||
|
nonce_size, nonce,
|
||||||
|
auth_size, auth,
|
||||||
|
diff --git a/lib/accelerated/x86/aes-ccm-x86-aesni.c b/lib/accelerated/x86/aes-ccm-x86-aesni.c
|
||||||
|
index 701c0f992a..9ebbdd7b2a 100644
|
||||||
|
--- a/lib/accelerated/x86/aes-ccm-x86-aesni.c
|
||||||
|
+++ b/lib/accelerated/x86/aes-ccm-x86-aesni.c
|
||||||
|
@@ -37,6 +37,7 @@
|
||||||
|
#include <byteswap.h>
|
||||||
|
#include <nettle/ccm.h>
|
||||||
|
#include <aes-x86.h>
|
||||||
|
+#include <fips.h>
|
||||||
|
|
||||||
|
typedef struct ccm_x86_aes_ctx {
|
||||||
|
AES_KEY key;
|
||||||
|
@@ -95,6 +96,25 @@ aes_ccm_aead_encrypt(void *_ctx,
|
||||||
|
if (unlikely(encr_size < plain_size + tag_size))
|
||||||
|
return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
|
||||||
|
|
||||||
|
+ /* SP800-38C A.1 says Tlen must be a multiple of 16 between 32
|
||||||
|
+ * and 128.
|
||||||
|
+ */
|
||||||
|
+ switch (tag_size) {
|
||||||
|
+ case 4: case 6:
|
||||||
|
+ /* SP800-38C B.2 says Tlen smaller than 64 should not be used
|
||||||
|
+ * under sufficient restriction. We simply allow those for now.
|
||||||
|
+ */
|
||||||
|
+ FALLTHROUGH;
|
||||||
|
+ case 8: case 10: case 12: case 14: case 16:
|
||||||
|
+ break;
|
||||||
|
+ default:
|
||||||
|
+ if (_gnutls_fips_mode_enabled()) {
|
||||||
|
+ _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
|
||||||
|
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
||||||
|
+ }
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
ccm_encrypt_message(&ctx->key, x86_aes_encrypt,
|
||||||
|
nonce_size, nonce,
|
||||||
|
auth_size, auth,
|
||||||
|
@@ -121,6 +141,25 @@ aes_ccm_aead_decrypt(void *_ctx,
|
||||||
|
if (unlikely(plain_size < encr_size - tag_size))
|
||||||
|
return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
|
||||||
|
|
||||||
|
+ /* SP800-38C A.1 says Tlen must be a multiple of 16 between 32
|
||||||
|
+ * and 128.
|
||||||
|
+ */
|
||||||
|
+ switch (tag_size) {
|
||||||
|
+ case 4: case 6:
|
||||||
|
+ /* SP800-38C B.2 says Tlen smaller than 64 should not be used
|
||||||
|
+ * under sufficient restriction. We simply allow those for now.
|
||||||
|
+ */
|
||||||
|
+ FALLTHROUGH;
|
||||||
|
+ case 8: case 10: case 12: case 14: case 16:
|
||||||
|
+ break;
|
||||||
|
+ default:
|
||||||
|
+ if (_gnutls_fips_mode_enabled()) {
|
||||||
|
+ _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
|
||||||
|
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
||||||
|
+ }
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
ret = ccm_decrypt_message(&ctx->key, x86_aes_encrypt,
|
||||||
|
nonce_size, nonce,
|
||||||
|
auth_size, auth,
|
||||||
|
diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c
|
||||||
|
index 9c2ce19e7e..8c23d11252 100644
|
||||||
|
--- a/lib/nettle/cipher.c
|
||||||
|
+++ b/lib/nettle/cipher.c
|
||||||
|
@@ -1253,6 +1253,34 @@ wrap_nettle_cipher_aead_encrypt(void *_ctx,
|
||||||
|
ctx->cipher->tag(ctx->ctx_ptr, tag_size, ((uint8_t*)encr) + plain_size);
|
||||||
|
} else {
|
||||||
|
/* CCM-style cipher */
|
||||||
|
+
|
||||||
|
+ switch (ctx->cipher->algo) {
|
||||||
|
+ case GNUTLS_CIPHER_AES_128_CCM:
|
||||||
|
+ case GNUTLS_CIPHER_AES_256_CCM:
|
||||||
|
+ /* SP800-38C A.1 says Tlen must be a multiple of 16
|
||||||
|
+ * between 32 and 128.
|
||||||
|
+ */
|
||||||
|
+ switch (tag_size) {
|
||||||
|
+ case 4: case 6:
|
||||||
|
+ /* SP800-38C B.2 says Tlen smaller than 64
|
||||||
|
+ * should not be used under sufficient
|
||||||
|
+ * restriction. We simply allow those for now.
|
||||||
|
+ */
|
||||||
|
+ FALLTHROUGH;
|
||||||
|
+ case 8: case 10: case 12: case 14: case 16:
|
||||||
|
+ break;
|
||||||
|
+ default:
|
||||||
|
+ if (_gnutls_fips_mode_enabled()) {
|
||||||
|
+ _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
|
||||||
|
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
||||||
|
+ }
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ break;
|
||||||
|
+ default:
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
ctx->cipher->aead_encrypt(ctx,
|
||||||
|
nonce_size, nonce,
|
||||||
|
auth_size, auth,
|
||||||
|
@@ -1302,6 +1330,33 @@ wrap_nettle_cipher_aead_decrypt(void *_ctx,
|
||||||
|
if (unlikely(plain_size < encr_size))
|
||||||
|
return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
|
||||||
|
|
||||||
|
+ switch (ctx->cipher->algo) {
|
||||||
|
+ case GNUTLS_CIPHER_AES_128_CCM:
|
||||||
|
+ case GNUTLS_CIPHER_AES_256_CCM:
|
||||||
|
+ /* SP800-38C A.1 says Tlen must be a multiple of 16
|
||||||
|
+ * between 32 and 128.
|
||||||
|
+ */
|
||||||
|
+ switch (tag_size) {
|
||||||
|
+ case 4: case 6:
|
||||||
|
+ /* SP800-38C B.2 says Tlen smaller than 64
|
||||||
|
+ * should not be used under sufficient
|
||||||
|
+ * restriction. We simply allow those for now.
|
||||||
|
+ */
|
||||||
|
+ FALLTHROUGH;
|
||||||
|
+ case 8: case 10: case 12: case 14: case 16:
|
||||||
|
+ break;
|
||||||
|
+ default:
|
||||||
|
+ if (_gnutls_fips_mode_enabled()) {
|
||||||
|
+ _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
|
||||||
|
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
||||||
|
+ }
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ break;
|
||||||
|
+ default:
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
ret = ctx->cipher->aead_decrypt(ctx,
|
||||||
|
nonce_size, nonce,
|
||||||
|
auth_size, auth,
|
||||||
|
diff --git a/tests/fips-test.c b/tests/fips-test.c
|
||||||
|
index f7556d7bbb..c43503fba0 100644
|
||||||
|
--- a/tests/fips-test.c
|
||||||
|
+++ b/tests/fips-test.c
|
||||||
|
@@ -1,4 +1,5 @@
|
||||||
|
#include <config.h>
|
||||||
|
+#include <stdbool.h>
|
||||||
|
#include <stdint.h>
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <string.h>
|
||||||
|
@@ -213,14 +214,96 @@ test_cipher_disallowed(gnutls_cipher_algorithm_t cipher)
|
||||||
|
FIPS_POP_CONTEXT(ERROR);
|
||||||
|
}
|
||||||
|
|
||||||
|
+static void
|
||||||
|
+test_ccm_cipher(gnutls_cipher_algorithm_t cipher, size_t tag_length,
|
||||||
|
+ bool expect_encryption_fail,
|
||||||
|
+ gnutls_fips140_operation_state_t expected_state)
|
||||||
|
+{
|
||||||
|
+ int ret;
|
||||||
|
+ unsigned key_size = gnutls_cipher_get_key_size(cipher);
|
||||||
|
+ gnutls_aead_cipher_hd_t h;
|
||||||
|
+ gnutls_datum_t key = { key_data, key_size };
|
||||||
|
+ unsigned char buffer[256];
|
||||||
|
+ size_t length;
|
||||||
|
+ gnutls_memset(key_data, 0, key_size);
|
||||||
|
+
|
||||||
|
+ FIPS_PUSH_CONTEXT();
|
||||||
|
+ ret = gnutls_aead_cipher_init(&h, cipher, &key);
|
||||||
|
+ if (ret < 0) {
|
||||||
|
+ fail("gnutls_aead_cipher_init failed for %s\n",
|
||||||
|
+ gnutls_cipher_get_name(cipher));
|
||||||
|
+ }
|
||||||
|
+ FIPS_POP_CONTEXT(APPROVED);
|
||||||
|
+
|
||||||
|
+ fips_push_context(fips_context);
|
||||||
|
+ memset(buffer, 0, sizeof(buffer));
|
||||||
|
+ length = sizeof(buffer);
|
||||||
|
+ ret = gnutls_aead_cipher_encrypt(h, iv_data,
|
||||||
|
+ gnutls_cipher_get_iv_size(cipher),
|
||||||
|
+ NULL, 0, tag_length,
|
||||||
|
+ buffer, length - tag_length,
|
||||||
|
+ buffer, &length);
|
||||||
|
+ if (expect_encryption_fail) {
|
||||||
|
+ if (ret != GNUTLS_E_INVALID_REQUEST) {
|
||||||
|
+ fail("gnutls_aead_cipher_encrypt(%s) returned %d "
|
||||||
|
+ "while %d is expected\n",
|
||||||
|
+ gnutls_cipher_get_name(cipher),
|
||||||
|
+ ret, GNUTLS_E_INVALID_REQUEST);
|
||||||
|
+ }
|
||||||
|
+ } else if (ret < 0) {
|
||||||
|
+ fail("gnutls_aead_cipher_encrypt failed for %s\n",
|
||||||
|
+ gnutls_cipher_get_name(cipher));
|
||||||
|
+ }
|
||||||
|
+ fips_pop_context(fips_context, expected_state);
|
||||||
|
+
|
||||||
|
+ fips_push_context(fips_context);
|
||||||
|
+ length = sizeof(buffer);
|
||||||
|
+ ret = gnutls_aead_cipher_decrypt(h, iv_data,
|
||||||
|
+ gnutls_cipher_get_iv_size(cipher),
|
||||||
|
+ NULL, 0, tag_length,
|
||||||
|
+ buffer, length,
|
||||||
|
+ buffer, &length);
|
||||||
|
+ if (expect_encryption_fail) {
|
||||||
|
+ if (ret != GNUTLS_E_INVALID_REQUEST) {
|
||||||
|
+ fail("gnutls_aead_cipher_decrypt(%s) returned %d "
|
||||||
|
+ "while %d is expected\n",
|
||||||
|
+ gnutls_cipher_get_name(cipher),
|
||||||
|
+ ret, GNUTLS_E_INVALID_REQUEST);
|
||||||
|
+ }
|
||||||
|
+ } else if (ret < 0) {
|
||||||
|
+ fail("gnutls_aead_cipher_decrypt failed for %s\n",
|
||||||
|
+ gnutls_cipher_get_name(cipher));
|
||||||
|
+ }
|
||||||
|
+ fips_pop_context(fips_context, expected_state);
|
||||||
|
+
|
||||||
|
+ gnutls_aead_cipher_deinit(h);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static inline void
|
||||||
|
test_ciphers(void)
|
||||||
|
{
|
||||||
|
+ size_t i;
|
||||||
|
+
|
||||||
|
test_cipher_approved(GNUTLS_CIPHER_AES_128_CBC);
|
||||||
|
test_cipher_approved(GNUTLS_CIPHER_AES_192_CBC);
|
||||||
|
test_cipher_approved(GNUTLS_CIPHER_AES_256_CBC);
|
||||||
|
- test_aead_cipher_approved(GNUTLS_CIPHER_AES_128_CCM);
|
||||||
|
- test_aead_cipher_approved(GNUTLS_CIPHER_AES_256_CCM);
|
||||||
|
+
|
||||||
|
+ /* Check for all allowed Tlen */
|
||||||
|
+ for (i = 4; i <= 16; i += 2) {
|
||||||
|
+ test_ccm_cipher(GNUTLS_CIPHER_AES_128_CCM, i,
|
||||||
|
+ false, GNUTLS_FIPS140_OP_APPROVED);
|
||||||
|
+ test_ccm_cipher(GNUTLS_CIPHER_AES_256_CCM, i,
|
||||||
|
+ false, GNUTLS_FIPS140_OP_APPROVED);
|
||||||
|
+ }
|
||||||
|
+ test_ccm_cipher(GNUTLS_CIPHER_AES_128_CCM, 3,
|
||||||
|
+ true, GNUTLS_FIPS140_OP_ERROR);
|
||||||
|
+ test_ccm_cipher(GNUTLS_CIPHER_AES_256_CCM, 3,
|
||||||
|
+ true, GNUTLS_FIPS140_OP_ERROR);
|
||||||
|
+ test_ccm_cipher(GNUTLS_CIPHER_AES_128_CCM, 5,
|
||||||
|
+ true, GNUTLS_FIPS140_OP_ERROR);
|
||||||
|
+ test_ccm_cipher(GNUTLS_CIPHER_AES_256_CCM, 5,
|
||||||
|
+ true, GNUTLS_FIPS140_OP_ERROR);
|
||||||
|
+
|
||||||
|
test_aead_cipher_approved(GNUTLS_CIPHER_AES_128_CCM_8);
|
||||||
|
test_aead_cipher_approved(GNUTLS_CIPHER_AES_256_CCM_8);
|
||||||
|
test_cipher_approved(GNUTLS_CIPHER_AES_128_CFB8);
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
407
gnutls-3.7.6-fips-service-indicator-test-functions.patch
Normal file
407
gnutls-3.7.6-fips-service-indicator-test-functions.patch
Normal file
@ -0,0 +1,407 @@
|
|||||||
|
From e8b35d31817d207d8b4b87ccf104d3b93aa446e0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daiki Ueno <ueno@gnu.org>
|
||||||
|
Date: Mon, 17 Oct 2022 11:11:43 +0900
|
||||||
|
Subject: [PATCH] tests: move FIPS service indicator functions to common file
|
||||||
|
|
||||||
|
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||||
|
---
|
||||||
|
tests/dh-compute.c | 36 +++++---------------------
|
||||||
|
tests/fips-rsa-sizes.c | 24 -----------------
|
||||||
|
tests/fips-test.c | 27 +++-----------------
|
||||||
|
tests/kdf-api.c | 27 +-------------------
|
||||||
|
tests/pkcs12_encode.c | 24 -----------------
|
||||||
|
tests/privkey-keygen.c | 24 -----------------
|
||||||
|
tests/utils.h | 58 ++++++++++++++++++++++++++++++++++++++++++
|
||||||
|
7 files changed, 69 insertions(+), 151 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/tests/dh-compute.c b/tests/dh-compute.c
|
||||||
|
index 828fb05e9c..6c1d5328f6 100644
|
||||||
|
--- a/tests/dh-compute.c
|
||||||
|
+++ b/tests/dh-compute.c
|
||||||
|
@@ -156,34 +156,10 @@ void doit(void)
|
||||||
|
{ NULL }
|
||||||
|
};
|
||||||
|
|
||||||
|
-#define FIPS_PUSH_CONTEXT() do { \
|
||||||
|
- if (gnutls_fips140_mode_enabled()) { \
|
||||||
|
- ret = gnutls_fips140_push_context(fips_context); \
|
||||||
|
- if (ret < 0) { \
|
||||||
|
- fail("gnutls_fips140_push_context failed\n"); \
|
||||||
|
- } \
|
||||||
|
- } \
|
||||||
|
-} while (0)
|
||||||
|
-
|
||||||
|
-#define FIPS_POP_CONTEXT(state) do { \
|
||||||
|
- if (gnutls_fips140_mode_enabled()) { \
|
||||||
|
- ret = gnutls_fips140_pop_context(); \
|
||||||
|
- if (ret < 0) { \
|
||||||
|
- fail("gnutls_fips140_context_pop failed\n"); \
|
||||||
|
- } \
|
||||||
|
- fips_state = gnutls_fips140_get_operation_state(fips_context); \
|
||||||
|
- if (fips_state != state) { \
|
||||||
|
- fail("operation state is not %d (%d)\n", \
|
||||||
|
- state, fips_state); \
|
||||||
|
- } \
|
||||||
|
- } \
|
||||||
|
-} while (0)
|
||||||
|
-
|
||||||
|
for (int i = 0; test_data[i].name != NULL; i++) {
|
||||||
|
gnutls_datum_t priv_key, pub_key;
|
||||||
|
gnutls_dh_params_t dh_params;
|
||||||
|
gnutls_fips140_context_t fips_context;
|
||||||
|
- gnutls_fips140_operation_state_t fips_state;
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
if (gnutls_fips140_mode_enabled()) {
|
||||||
|
@@ -193,24 +169,24 @@ void doit(void)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- FIPS_PUSH_CONTEXT();
|
||||||
|
+ fips_push_context(fips_context);
|
||||||
|
params(&dh_params, &test_data[i].prime, &test_data[i].q,
|
||||||
|
&test_data[i].generator);
|
||||||
|
- FIPS_POP_CONTEXT(GNUTLS_FIPS140_OP_INITIAL);
|
||||||
|
+ fips_pop_context(fips_context, GNUTLS_FIPS140_OP_INITIAL);
|
||||||
|
|
||||||
|
success("%s genkey\n", test_data[i].name);
|
||||||
|
|
||||||
|
- FIPS_PUSH_CONTEXT();
|
||||||
|
+ fips_push_context(fips_context);
|
||||||
|
genkey(dh_params, &priv_key, &pub_key);
|
||||||
|
- FIPS_POP_CONTEXT(test_data[i].fips_state_genkey);
|
||||||
|
+ fips_pop_context(fips_context, test_data[i].fips_state_genkey);
|
||||||
|
|
||||||
|
success("%s compute_key\n", test_data[i].name);
|
||||||
|
|
||||||
|
- FIPS_PUSH_CONTEXT();
|
||||||
|
+ fips_push_context(fips_context);
|
||||||
|
compute_key(test_data[i].name, dh_params, &priv_key,
|
||||||
|
&pub_key, &test_data[i].peer_key,
|
||||||
|
test_data[i].expected_error, NULL, 0);
|
||||||
|
- FIPS_POP_CONTEXT(test_data[i].fips_state_compute_key);
|
||||||
|
+ fips_pop_context(fips_context, test_data[i].fips_state_compute_key);
|
||||||
|
|
||||||
|
gnutls_dh_params_deinit(dh_params);
|
||||||
|
gnutls_free(priv_key.data);
|
||||||
|
diff --git a/tests/fips-rsa-sizes.c b/tests/fips-rsa-sizes.c
|
||||||
|
index 84b9affabb..5feb284503 100644
|
||||||
|
--- a/tests/fips-rsa-sizes.c
|
||||||
|
+++ b/tests/fips-rsa-sizes.c
|
||||||
|
@@ -27,25 +27,6 @@
|
||||||
|
#include <gnutls/abstract.h>
|
||||||
|
#include <gnutls/x509.h>
|
||||||
|
|
||||||
|
-#define FIPS_PUSH_CONTEXT() do { \
|
||||||
|
- ret = gnutls_fips140_push_context(fips_context); \
|
||||||
|
- if (ret < 0) { \
|
||||||
|
- fail("gnutls_fips140_push_context failed\n"); \
|
||||||
|
- } \
|
||||||
|
-} while (0)
|
||||||
|
-
|
||||||
|
-#define FIPS_POP_CONTEXT(state) do { \
|
||||||
|
- ret = gnutls_fips140_pop_context(); \
|
||||||
|
- if (ret < 0) { \
|
||||||
|
- fail("gnutls_fips140_context_pop failed\n"); \
|
||||||
|
- } \
|
||||||
|
- fips_state = gnutls_fips140_get_operation_state(fips_context); \
|
||||||
|
- if (fips_state != GNUTLS_FIPS140_OP_ ## state) { \
|
||||||
|
- fail("operation state is not " # state " (%d)\n", \
|
||||||
|
- fips_state); \
|
||||||
|
- } \
|
||||||
|
-} while (0)
|
||||||
|
-
|
||||||
|
|
||||||
|
void generate_successfully(gnutls_privkey_t* privkey, gnutls_pubkey_t* pubkey,
|
||||||
|
unsigned int size);
|
||||||
|
@@ -63,7 +44,6 @@ void generate_successfully(gnutls_privkey_t* privkey, gnutls_pubkey_t* pubkey,
|
||||||
|
int ret;
|
||||||
|
gnutls_x509_privkey_t xprivkey;
|
||||||
|
gnutls_fips140_context_t fips_context;
|
||||||
|
- gnutls_fips140_operation_state_t fips_state;
|
||||||
|
assert(gnutls_fips140_context_init(&fips_context) == 0);
|
||||||
|
|
||||||
|
fprintf(stderr, "%d-bit\n", size);
|
||||||
|
@@ -102,7 +82,6 @@ void generate_unsuccessfully(gnutls_privkey_t* privkey, gnutls_pubkey_t* pubkey,
|
||||||
|
int ret;
|
||||||
|
gnutls_x509_privkey_t xprivkey;
|
||||||
|
gnutls_fips140_context_t fips_context;
|
||||||
|
- gnutls_fips140_operation_state_t fips_state;
|
||||||
|
assert(gnutls_fips140_context_init(&fips_context) == 0);
|
||||||
|
|
||||||
|
fprintf(stderr, "%d-bit\n", size);
|
||||||
|
@@ -156,7 +135,6 @@ void generate_unsuccessfully(gnutls_privkey_t* privkey, gnutls_pubkey_t* pubkey,
|
||||||
|
void sign_verify_successfully(gnutls_privkey_t privkey, gnutls_pubkey_t pubkey) {
|
||||||
|
int ret;
|
||||||
|
gnutls_fips140_context_t fips_context;
|
||||||
|
- gnutls_fips140_operation_state_t fips_state;
|
||||||
|
|
||||||
|
gnutls_datum_t signature;
|
||||||
|
gnutls_datum_t plaintext = {
|
||||||
|
@@ -190,7 +168,6 @@ void sign_verify_unsuccessfully(gnutls_privkey_t privkey,
|
||||||
|
gnutls_pubkey_t pubkey) {
|
||||||
|
int ret;
|
||||||
|
gnutls_fips140_context_t fips_context;
|
||||||
|
- gnutls_fips140_operation_state_t fips_state;
|
||||||
|
|
||||||
|
gnutls_datum_t signature;
|
||||||
|
gnutls_datum_t plaintext = {
|
||||||
|
@@ -225,7 +202,6 @@ void sign_verify_unsuccessfully(gnutls_privkey_t privkey,
|
||||||
|
void nosign_verify(gnutls_privkey_t privkey, gnutls_pubkey_t pubkey) {
|
||||||
|
int ret;
|
||||||
|
gnutls_fips140_context_t fips_context;
|
||||||
|
- gnutls_fips140_operation_state_t fips_state;
|
||||||
|
|
||||||
|
gnutls_datum_t signature;
|
||||||
|
gnutls_datum_t plaintext = {
|
||||||
|
diff --git a/tests/fips-test.c b/tests/fips-test.c
|
||||||
|
index f789afb107..b0bae4ef9f 100644
|
||||||
|
--- a/tests/fips-test.c
|
||||||
|
+++ b/tests/fips-test.c
|
||||||
|
@@ -12,25 +12,6 @@
|
||||||
|
/* This does check the FIPS140 support.
|
||||||
|
*/
|
||||||
|
|
||||||
|
-#define FIPS_PUSH_CONTEXT() do { \
|
||||||
|
- ret = gnutls_fips140_push_context(fips_context); \
|
||||||
|
- if (ret < 0) { \
|
||||||
|
- fail("gnutls_fips140_push_context failed\n"); \
|
||||||
|
- } \
|
||||||
|
-} while (0)
|
||||||
|
-
|
||||||
|
-#define FIPS_POP_CONTEXT(state) do { \
|
||||||
|
- ret = gnutls_fips140_pop_context(); \
|
||||||
|
- if (ret < 0) { \
|
||||||
|
- fail("gnutls_fips140_context_pop failed\n"); \
|
||||||
|
- } \
|
||||||
|
- fips_state = gnutls_fips140_get_operation_state(fips_context); \
|
||||||
|
- if (fips_state != GNUTLS_FIPS140_OP_ ## state) { \
|
||||||
|
- fail("operation state is not " # state " (%d)\n", \
|
||||||
|
- fips_state); \
|
||||||
|
- } \
|
||||||
|
-} while (0)
|
||||||
|
-
|
||||||
|
void _gnutls_lib_simulate_error(void);
|
||||||
|
|
||||||
|
static void tls_log_func(int level, const char *str)
|
||||||
|
@@ -40,10 +21,9 @@ static void tls_log_func(int level, const char *str)
|
||||||
|
|
||||||
|
static uint8_t key16[16];
|
||||||
|
static uint8_t iv16[16];
|
||||||
|
-uint8_t key_data[64];
|
||||||
|
-uint8_t iv_data[16];
|
||||||
|
-gnutls_fips140_context_t fips_context;
|
||||||
|
-gnutls_fips140_operation_state_t fips_state;
|
||||||
|
+static uint8_t key_data[64];
|
||||||
|
+static uint8_t iv_data[16];
|
||||||
|
+static gnutls_fips140_context_t fips_context;
|
||||||
|
|
||||||
|
static const gnutls_datum_t data = { .data = (unsigned char *)"foo", 3 };
|
||||||
|
static const uint8_t rsa2342_sha1_sig_data[] = {
|
||||||
|
@@ -276,6 +256,7 @@ test_ciphers(void)
|
||||||
|
void doit(void)
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
+ gnutls_fips140_operation_state_t fips_state;
|
||||||
|
unsigned int mode;
|
||||||
|
gnutls_cipher_hd_t ch;
|
||||||
|
gnutls_hmac_hd_t mh;
|
||||||
|
diff --git a/tests/kdf-api.c b/tests/kdf-api.c
|
||||||
|
index 9724502005..a28ce82a62 100644
|
||||||
|
--- a/tests/kdf-api.c
|
||||||
|
+++ b/tests/kdf-api.c
|
||||||
|
@@ -33,30 +33,7 @@
|
||||||
|
#define MAX_BUF 1024
|
||||||
|
|
||||||
|
static gnutls_fips140_context_t fips_context;
|
||||||
|
-static gnutls_fips140_operation_state_t fips_state;
|
||||||
|
-
|
||||||
|
-#define FIPS_PUSH_CONTEXT() do { \
|
||||||
|
- if (gnutls_fips140_mode_enabled()) { \
|
||||||
|
- ret = gnutls_fips140_push_context(fips_context); \
|
||||||
|
- if (ret < 0) { \
|
||||||
|
- fail("gnutls_fips140_push_context failed\n"); \
|
||||||
|
- } \
|
||||||
|
- } \
|
||||||
|
-} while (0)
|
||||||
|
-
|
||||||
|
-#define FIPS_POP_CONTEXT(state) do { \
|
||||||
|
- if (gnutls_fips140_mode_enabled()) { \
|
||||||
|
- ret = gnutls_fips140_pop_context(); \
|
||||||
|
- if (ret < 0) { \
|
||||||
|
- fail("gnutls_fips140_context_pop failed\n"); \
|
||||||
|
- } \
|
||||||
|
- fips_state = gnutls_fips140_get_operation_state(fips_context); \
|
||||||
|
- if (fips_state != GNUTLS_FIPS140_OP_ ## state) { \
|
||||||
|
- fail("operation state is not " # state " (%d)\n", \
|
||||||
|
- fips_state); \
|
||||||
|
- } \
|
||||||
|
- } \
|
||||||
|
-} while (0)
|
||||||
|
+
|
||||||
|
|
||||||
|
static void
|
||||||
|
test_hkdf(gnutls_mac_algorithm_t mac,
|
||||||
|
@@ -74,7 +51,6 @@ test_hkdf(gnutls_mac_algorithm_t mac,
|
||||||
|
gnutls_datum_t prk;
|
||||||
|
gnutls_datum_t okm;
|
||||||
|
uint8_t buf[MAX_BUF];
|
||||||
|
- int ret;
|
||||||
|
|
||||||
|
success("HKDF test with %s\n", gnutls_mac_get_name(mac));
|
||||||
|
|
||||||
|
@@ -144,7 +120,6 @@ test_pbkdf2(gnutls_mac_algorithm_t mac,
|
||||||
|
gnutls_datum_t salt;
|
||||||
|
gnutls_datum_t okm;
|
||||||
|
uint8_t buf[MAX_BUF];
|
||||||
|
- int ret;
|
||||||
|
|
||||||
|
success("PBKDF2 test with %s\n", gnutls_mac_get_name(mac));
|
||||||
|
|
||||||
|
diff --git a/tests/pkcs12_encode.c b/tests/pkcs12_encode.c
|
||||||
|
index ea39f3d69e..dc55daccde 100644
|
||||||
|
--- a/tests/pkcs12_encode.c
|
||||||
|
+++ b/tests/pkcs12_encode.c
|
||||||
|
@@ -70,29 +70,6 @@ static void tls_log_func(int level, const char *str)
|
||||||
|
fprintf(stderr, "|<%d>| %s", level, str);
|
||||||
|
}
|
||||||
|
|
||||||
|
-#define FIPS_PUSH_CONTEXT() do { \
|
||||||
|
- if (gnutls_fips140_mode_enabled()) { \
|
||||||
|
- ret = gnutls_fips140_push_context(fips_context); \
|
||||||
|
- if (ret < 0) { \
|
||||||
|
- fail("gnutls_fips140_push_context failed\n"); \
|
||||||
|
- } \
|
||||||
|
- } \
|
||||||
|
-} while (0)
|
||||||
|
-
|
||||||
|
-#define FIPS_POP_CONTEXT(state) do { \
|
||||||
|
- if (gnutls_fips140_mode_enabled()) { \
|
||||||
|
- ret = gnutls_fips140_pop_context(); \
|
||||||
|
- if (ret < 0) { \
|
||||||
|
- fail("gnutls_fips140_context_pop failed\n"); \
|
||||||
|
- } \
|
||||||
|
- fips_state = gnutls_fips140_get_operation_state(fips_context); \
|
||||||
|
- if (fips_state != GNUTLS_FIPS140_OP_ ## state) { \
|
||||||
|
- fail("operation state is not " # state " (%d)\n", \
|
||||||
|
- fips_state); \
|
||||||
|
- } \
|
||||||
|
- } \
|
||||||
|
-} while (0)
|
||||||
|
-
|
||||||
|
void doit(void)
|
||||||
|
{
|
||||||
|
gnutls_pkcs12_t pkcs12;
|
||||||
|
@@ -106,7 +83,6 @@ void doit(void)
|
||||||
|
size_t size;
|
||||||
|
unsigned i;
|
||||||
|
gnutls_fips140_context_t fips_context;
|
||||||
|
- gnutls_fips140_operation_state_t fips_state;
|
||||||
|
size_t n_tests = 0;
|
||||||
|
struct tests {
|
||||||
|
const char *name;
|
||||||
|
diff --git a/tests/privkey-keygen.c b/tests/privkey-keygen.c
|
||||||
|
index 2766afee08..2531906d71 100644
|
||||||
|
--- a/tests/privkey-keygen.c
|
||||||
|
+++ b/tests/privkey-keygen.c
|
||||||
|
@@ -119,30 +119,6 @@ void doit(void)
|
||||||
|
gnutls_x509_privkey_t pkey, dst;
|
||||||
|
int ret, algorithm, i;
|
||||||
|
gnutls_fips140_context_t fips_context;
|
||||||
|
- gnutls_fips140_operation_state_t fips_state;
|
||||||
|
-
|
||||||
|
-#define FIPS_PUSH_CONTEXT() do { \
|
||||||
|
- if (gnutls_fips140_mode_enabled()) { \
|
||||||
|
- ret = gnutls_fips140_push_context(fips_context); \
|
||||||
|
- if (ret < 0) { \
|
||||||
|
- fail("gnutls_fips140_push_context failed\n"); \
|
||||||
|
- } \
|
||||||
|
- } \
|
||||||
|
-} while (0)
|
||||||
|
-
|
||||||
|
-#define FIPS_POP_CONTEXT(state) do { \
|
||||||
|
- if (gnutls_fips140_mode_enabled()) { \
|
||||||
|
- ret = gnutls_fips140_pop_context(); \
|
||||||
|
- if (ret < 0) { \
|
||||||
|
- fail("gnutls_fips140_context_pop failed\n"); \
|
||||||
|
- } \
|
||||||
|
- fips_state = gnutls_fips140_get_operation_state(fips_context); \
|
||||||
|
- if (fips_state != GNUTLS_FIPS140_OP_ ## state) { \
|
||||||
|
- fail("operation state is not " # state " (%d)\n", \
|
||||||
|
- fips_state); \
|
||||||
|
- } \
|
||||||
|
- } \
|
||||||
|
-} while (0)
|
||||||
|
|
||||||
|
ret = global_init();
|
||||||
|
if (ret < 0)
|
||||||
|
diff --git a/tests/utils.h b/tests/utils.h
|
||||||
|
index d3a2ba8d16..4433a07057 100644
|
||||||
|
--- a/tests/utils.h
|
||||||
|
+++ b/tests/utils.h
|
||||||
|
@@ -210,4 +210,62 @@ inline static unsigned int get_dtls_retransmit_timeout(void) {
|
||||||
|
return (unsigned int) ul;
|
||||||
|
}
|
||||||
|
|
||||||
|
+static inline const char *
|
||||||
|
+fips_operation_state_to_string(gnutls_fips140_operation_state_t state)
|
||||||
|
+{
|
||||||
|
+ switch (state) {
|
||||||
|
+ case GNUTLS_FIPS140_OP_INITIAL:
|
||||||
|
+ return "INITIAL";
|
||||||
|
+ case GNUTLS_FIPS140_OP_APPROVED:
|
||||||
|
+ return "APPROVED";
|
||||||
|
+ case GNUTLS_FIPS140_OP_NOT_APPROVED:
|
||||||
|
+ return "NOT_APPROVED";
|
||||||
|
+ case GNUTLS_FIPS140_OP_ERROR:
|
||||||
|
+ return "ERROR";
|
||||||
|
+ default:
|
||||||
|
+ /*NOTREACHED*/
|
||||||
|
+ assert(0);
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static inline void
|
||||||
|
+fips_push_context(gnutls_fips140_context_t context)
|
||||||
|
+{
|
||||||
|
+ if (gnutls_fips140_mode_enabled()) {
|
||||||
|
+ int ret;
|
||||||
|
+
|
||||||
|
+ ret = gnutls_fips140_push_context(context);
|
||||||
|
+ if (ret < 0) {
|
||||||
|
+ fail("gnutls_fips140_push_context failed\n");
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static inline void
|
||||||
|
+fips_pop_context(gnutls_fips140_context_t context,
|
||||||
|
+ gnutls_fips140_operation_state_t expected_state)
|
||||||
|
+{
|
||||||
|
+ gnutls_fips140_operation_state_t state;
|
||||||
|
+
|
||||||
|
+ if (gnutls_fips140_mode_enabled()) {
|
||||||
|
+ int ret;
|
||||||
|
+
|
||||||
|
+ ret = gnutls_fips140_pop_context();
|
||||||
|
+ if (ret < 0) {
|
||||||
|
+ fail("gnutls_fips140_context_pop failed\n");
|
||||||
|
+ }
|
||||||
|
+ state = gnutls_fips140_get_operation_state(context);
|
||||||
|
+ if (state != expected_state) {
|
||||||
|
+ fail("operation state is not %s (%s)\n",
|
||||||
|
+ fips_operation_state_to_string(expected_state),
|
||||||
|
+ fips_operation_state_to_string(state));
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/* To use those convenient macros, define fips_context variable. */
|
||||||
|
+#define FIPS_PUSH_CONTEXT() fips_push_context(fips_context)
|
||||||
|
+#define FIPS_POP_CONTEXT(state) fips_pop_context(fips_context, GNUTLS_FIPS140_OP_ ## state)
|
||||||
|
+
|
||||||
|
#endif /* GNUTLS_TESTS_UTILS_H */
|
||||||
|
--
|
||||||
|
2.38.1
|
||||||
|
|
@ -13,7 +13,7 @@ print(string.sub(hash, 0, 16))
|
|||||||
}
|
}
|
||||||
|
|
||||||
Version: 3.7.6
|
Version: 3.7.6
|
||||||
Release: 13%{?dist}
|
Release: 14%{?dist}
|
||||||
# not upstreamed
|
# not upstreamed
|
||||||
Patch: gnutls-3.6.7-no-now-guile.patch
|
Patch: gnutls-3.6.7-no-now-guile.patch
|
||||||
Patch: gnutls-3.2.7-rpath.patch
|
Patch: gnutls-3.2.7-rpath.patch
|
||||||
@ -34,6 +34,8 @@ Patch: gnutls-3.7.8-xts-key-check.patch
|
|||||||
Patch: gnutls-3.7.8-clear-session-ticket.patch
|
Patch: gnutls-3.7.8-clear-session-ticket.patch
|
||||||
Patch: gnutls-3.7.7-aes-cbc-padding-support.patch
|
Patch: gnutls-3.7.7-aes-cbc-padding-support.patch
|
||||||
Patch: gnutls-3.7.8-integrity-check.patch
|
Patch: gnutls-3.7.8-integrity-check.patch
|
||||||
|
Patch: gnutls-3.7.6-fips-service-indicator-test-functions.patch
|
||||||
|
Patch: gnutls-3.7.6-fips-ccm-taglen.patch
|
||||||
|
|
||||||
# not upstreamed
|
# not upstreamed
|
||||||
Patch: gnutls-3.7.3-disable-config-reload.patch
|
Patch: gnutls-3.7.3-disable-config-reload.patch
|
||||||
@ -398,6 +400,9 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Nov 22 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-14
|
||||||
|
- cipher: add restriction on CCM tag length under FIPS mode (#2137807)
|
||||||
|
|
||||||
* Tue Nov 15 2022 Zoltan Fridrich <zfridric@redhat.com> - 3.7.6-13
|
* Tue Nov 15 2022 Zoltan Fridrich <zfridric@redhat.com> - 3.7.6-13
|
||||||
- fips: make XTS key check failure not fatal (#2130971)
|
- fips: make XTS key check failure not fatal (#2130971)
|
||||||
- enable source archive verification again (#2127094)
|
- enable source archive verification again (#2127094)
|
||||||
|
Loading…
Reference in New Issue
Block a user