140 lines
4.8 KiB
Diff
140 lines
4.8 KiB
Diff
|
From 06ea5b5332ffdb44a0a394d766be8989bcb6a95c Mon Sep 17 00:00:00 2001
|
||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||
|
Date: Tue, 6 Dec 2022 10:03:47 +0900
|
||
|
Subject: [PATCH] fips,rsa: Prevent usage of X9.31 keygen in FIPS mode.
|
||
|
|
||
|
* cipher/rsa.c (rsa_generate): Do not accept use-x931 or derive-parms
|
||
|
in FIPS mode.
|
||
|
* tests/pubkey.c (get_keys_x931_new): Expect failure in FIPS mode.
|
||
|
(check_run): Skip checking X9.31 keys in FIPS mode.
|
||
|
* doc/gcrypt.texi: Document "test-parms" and clarify some cases around
|
||
|
the X9.31 keygen.
|
||
|
|
||
|
--
|
||
|
|
||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||
|
---
|
||
|
cipher/rsa.c | 5 +++++
|
||
|
doc/gcrypt.texi | 41 ++++++++++++++++++++++++++++++++++++-----
|
||
|
tests/pubkey.c | 15 +++++++++++++--
|
||
|
3 files changed, 54 insertions(+), 7 deletions(-)
|
||
|
|
||
|
diff --git a/cipher/rsa.c b/cipher/rsa.c
|
||
|
index df4af94b..45523e6b 100644
|
||
|
--- a/cipher/rsa.c
|
||
|
+++ b/cipher/rsa.c
|
||
|
@@ -1256,6 +1256,11 @@ rsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
|
||
|
if (deriveparms || (flags & PUBKEY_FLAG_USE_X931))
|
||
|
{
|
||
|
int swapped;
|
||
|
+ if (fips_mode ())
|
||
|
+ {
|
||
|
+ sexp_release (deriveparms);
|
||
|
+ return GPG_ERR_INV_SEXP;
|
||
|
+ }
|
||
|
ec = generate_x931 (&sk, nbits, evalue, deriveparms, &swapped);
|
||
|
sexp_release (deriveparms);
|
||
|
if (!ec && swapped)
|
||
|
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
|
||
|
index d0372f3e..e845a4dd 100644
|
||
|
--- a/doc/gcrypt.texi
|
||
|
+++ b/doc/gcrypt.texi
|
||
|
@@ -2699,8 +2699,7 @@ achieve fastest ECC key generation.
|
||
|
Force the use of the ANSI X9.31 key generation algorithm instead of
|
||
|
the default algorithm. This flag is only meaningful for RSA key
|
||
|
generation and usually not required. Note that this algorithm is
|
||
|
-implicitly used if either @code{derive-parms} is given or Libgcrypt is
|
||
|
-in FIPS mode.
|
||
|
+implicitly used if either @code{derive-parms} is given.
|
||
|
|
||
|
@item use-fips186
|
||
|
@cindex FIPS 186
|
||
|
@@ -3310,9 +3309,9 @@ This is currently only implemented for RSA and DSA keys. It is not
|
||
|
allowed to use this together with a @code{domain} specification. If
|
||
|
given, it is used to derive the keys using the given parameters.
|
||
|
|
||
|
-If given for an RSA key the X9.31 key generation algorithm is used
|
||
|
-even if libgcrypt is not in FIPS mode. If given for a DSA key, the
|
||
|
-FIPS 186 algorithm is used even if libgcrypt is not in FIPS mode.
|
||
|
+If given for an RSA key, the X9.31 key generation algorithm is used.
|
||
|
+If given for a DSA key, the FIPS 186 algorithm is used even if
|
||
|
+libgcrypt is not in FIPS mode.
|
||
|
|
||
|
@example
|
||
|
(genkey
|
||
|
@@ -3342,6 +3341,38 @@ FIPS 186 algorithm is used even if libgcrypt is not in FIPS mode.
|
||
|
(seed @var{seed-mpi}))))
|
||
|
@end example
|
||
|
|
||
|
+@item test-parms @var{list}
|
||
|
+This is currently only implemented for RSA keys. If given, the
|
||
|
+libgcrypt will not generate parameter, but tests whether the p,q is
|
||
|
+probably prime. Returns key with zeroes.
|
||
|
+
|
||
|
+The FIPS key generation algorithm is used even if libgcrypt is not
|
||
|
+in FIPS mode.
|
||
|
+
|
||
|
+@example
|
||
|
+(genkey
|
||
|
+ (rsa
|
||
|
+ (nbits 4:1024)
|
||
|
+ (rsa-use-e 1:3)
|
||
|
+ (test-parms
|
||
|
+ (e "65537")
|
||
|
+ (p #00bbccabcee15d343944a47e492d4b1f4de79633e2
|
||
|
+ 0cbb46f7d2d6813392a807ad048cf77528edd19f77
|
||
|
+ e7453f25173b9dcb70423afa2037aae147b81a33d5
|
||
|
+ 41fc58f875eff1e852ab55e2e09a3debfbc151b3b0
|
||
|
+ d17fef6f74d81fca14fbae531418e211ef818592af
|
||
|
+ 70de5cec3b92795cc3578572bf456099cd8727150e
|
||
|
+ 523261#)
|
||
|
+ (q #00ca87ecf2883f4ed00a9ec65abdeba81d28edbfcc
|
||
|
+ 34ecc563d587f166b52d42bfbe22bbc095b0b8426a
|
||
|
+ 2f8bbc55baaa8859b42cbc376ed3067db3ef7b135b
|
||
|
+ 63481322911ebbd7014db83aa051e0ca2dbf302b75
|
||
|
+ cd37f2ae8df90e134226e92f6353a284b28bb30af0
|
||
|
+ bbf925b345b955328379866ebac11d55bc80fe84f1
|
||
|
+ 05d415#)
|
||
|
+
|
||
|
+@end example
|
||
|
+
|
||
|
|
||
|
@item flags @var{flaglist}
|
||
|
This is preferred way to define flags. @var{flaglist} may contain any
|
||
|
diff --git a/tests/pubkey.c b/tests/pubkey.c
|
||
|
index bc44f3a5..2669b41a 100644
|
||
|
--- a/tests/pubkey.c
|
||
|
+++ b/tests/pubkey.c
|
||
|
@@ -430,7 +430,17 @@ get_keys_x931_new (gcry_sexp_t *pkey, gcry_sexp_t *skey)
|
||
|
rc = gcry_pk_genkey (&key, key_spec);
|
||
|
gcry_sexp_release (key_spec);
|
||
|
if (rc)
|
||
|
- die ("error generating RSA key: %s\n", gcry_strerror (rc));
|
||
|
+ {
|
||
|
+ if (in_fips_mode)
|
||
|
+ {
|
||
|
+ if (verbose)
|
||
|
+ fprintf (stderr, "The X9.31 RSA keygen is not available in FIPS modee.\n");
|
||
|
+ return;
|
||
|
+ }
|
||
|
+ die ("error generating RSA key: %s\n", gcry_strerror (rc));
|
||
|
+ }
|
||
|
+ else if (in_fips_mode)
|
||
|
+ die ("generating X9.31 RSA key unexpected worked in FIPS mode\n");
|
||
|
|
||
|
if (verbose > 1)
|
||
|
show_sexp ("generated RSA (X9.31) key:\n", key);
|
||
|
@@ -777,7 +787,8 @@ check_run (void)
|
||
|
if (verbose)
|
||
|
fprintf (stderr, "Checking generated RSA key (X9.31).\n");
|
||
|
get_keys_x931_new (&pkey, &skey);
|
||
|
- check_keys (pkey, skey, 800, 0);
|
||
|
+ if (!in_fips_mode)
|
||
|
+ check_keys (pkey, skey, 800, 0);
|
||
|
gcry_sexp_release (pkey);
|
||
|
gcry_sexp_release (skey);
|
||
|
pkey = skey = NULL;
|
||
|
--
|
||
|
2.39.0
|
||
|
|