new upstream version 1.7.3
This commit is contained in:
parent
055651971a
commit
2c8c02279a
1
.gitignore
vendored
1
.gitignore
vendored
@ -10,3 +10,4 @@ libgcrypt-1.4.5-hobbled.tar.bz2
|
||||
/libgcrypt-1.6.4-hobbled.tar.xz
|
||||
/libgcrypt-1.6.5-hobbled.tar.xz
|
||||
/libgcrypt-1.6.6-hobbled.tar.xz
|
||||
/libgcrypt-1.7.3-hobbled.tar.xz
|
||||
|
3
curves.c
3
curves.c
@ -29,7 +29,7 @@
|
||||
#include "../src/gcrypt-int.h"
|
||||
|
||||
/* Number of curves defined in ../cipger/ecc.c */
|
||||
#define N_CURVES 4
|
||||
#define N_CURVES 7
|
||||
|
||||
/* A real world sample public key. */
|
||||
static char const sample_key_1[] =
|
||||
@ -41,6 +41,7 @@ static char const sample_key_1[] =
|
||||
" (g #046B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"
|
||||
"4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5#)\n"
|
||||
" (n #00FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551#)\n"
|
||||
" (h #000000000000000000000000000000000000000000000000000000000000000001#)\n"
|
||||
" (q #0442B927242237639A36CE9221B340DB1A9AB76DF2FE3E171277F6A4023DED146EE"
|
||||
"86525E38CCECFF3FB8D152CC6334F70D23A525175C1BCBDDE6E023B2228770E#)\n"
|
||||
" ))";
|
||||
|
151
ecc-curves.c
151
ecc-curves.c
@ -40,9 +40,13 @@ static const struct
|
||||
const char *other; /* Other name. */
|
||||
} curve_aliases[] =
|
||||
{
|
||||
/*{ "Curve25519", "1.3.6.1.4.1.3029.1.5.1" },*/
|
||||
{ "Curve25519", "1.3.6.1.4.1.3029.1.5.1" },
|
||||
{ "Ed25519", "1.3.6.1.4.1.11591.15.1" },
|
||||
|
||||
{ "NIST P-224", "secp224r1" },
|
||||
{ "NIST P-224", "1.3.132.0.33" }, /* SECP OID. */
|
||||
{ "NIST P-224", "nistp224" }, /* rfc5656. */
|
||||
|
||||
{ "NIST P-256", "1.2.840.10045.3.1.7" }, /* From NIST SP 800-78-1. */
|
||||
{ "NIST P-256", "prime256v1" },
|
||||
{ "NIST P-256", "secp256r1" },
|
||||
@ -56,6 +60,8 @@ static const struct
|
||||
{ "NIST P-521", "1.3.132.0.35" },
|
||||
{ "NIST P-521", "nistp521" }, /* rfc5656. */
|
||||
|
||||
{ "secp256k1", "1.3.132.0.10" },
|
||||
|
||||
{ NULL, NULL}
|
||||
};
|
||||
|
||||
@ -76,9 +82,11 @@ typedef struct
|
||||
|
||||
const char *p; /* The prime defining the field. */
|
||||
const char *a, *b; /* The coefficients. For Twisted Edwards
|
||||
Curves b is used for d. */
|
||||
Curves b is used for d. For Montgomery
|
||||
Curves (a,b) has ((A-2)/4,B^-1). */
|
||||
const char *n; /* The order of the base point. */
|
||||
const char *g_x, *g_y; /* Base point. */
|
||||
const char *h; /* Cofactor. */
|
||||
} ecc_domain_parms_t;
|
||||
|
||||
|
||||
@ -88,13 +96,38 @@ static const ecc_domain_parms_t domain_parms[] =
|
||||
{
|
||||
/* (-x^2 + y^2 = 1 + dx^2y^2) */
|
||||
"Ed25519", 256, 0,
|
||||
MPI_EC_TWISTEDEDWARDS, ECC_DIALECT_ED25519,
|
||||
MPI_EC_EDWARDS, ECC_DIALECT_ED25519,
|
||||
"0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED",
|
||||
"-0x01",
|
||||
"-0x2DFC9311D490018C7338BF8688861767FF8FF5B2BEBE27548A14B235ECA6874A",
|
||||
"0x1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED",
|
||||
"0x216936D3CD6E53FEC0A4E231FDD6DC5C692CC7609525A7B2C9562D608F25D51A",
|
||||
"0x6666666666666666666666666666666666666666666666666666666666666658"
|
||||
"0x6666666666666666666666666666666666666666666666666666666666666658",
|
||||
"0x08"
|
||||
},
|
||||
{
|
||||
/* (y^2 = x^3 + 486662*x^2 + x) */
|
||||
"Curve25519", 256, 0,
|
||||
MPI_EC_MONTGOMERY, ECC_DIALECT_STANDARD,
|
||||
"0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED",
|
||||
"0x01DB41",
|
||||
"0x01",
|
||||
"0x1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED",
|
||||
"0x0000000000000000000000000000000000000000000000000000000000000009",
|
||||
"0x20AE19A1B8A086B4E01EDD2C7748D14C923D4D7E6D7C61B229E9C5A27ECED3D9",
|
||||
"0x08"
|
||||
},
|
||||
{
|
||||
"NIST P-224", 224, 1,
|
||||
MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
|
||||
"0xffffffffffffffffffffffffffffffff000000000000000000000001",
|
||||
"0xfffffffffffffffffffffffffffffffefffffffffffffffffffffffe",
|
||||
"0xb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4",
|
||||
"0xffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d" ,
|
||||
|
||||
"0xb70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21",
|
||||
"0xbd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34",
|
||||
"0x01"
|
||||
},
|
||||
{
|
||||
"NIST P-256", 256, 1,
|
||||
@ -105,7 +138,8 @@ static const ecc_domain_parms_t domain_parms[] =
|
||||
"0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551",
|
||||
|
||||
"0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
|
||||
"0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5"
|
||||
"0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5",
|
||||
"0x01"
|
||||
},
|
||||
{
|
||||
"NIST P-384", 384, 1,
|
||||
@ -122,7 +156,8 @@ static const ecc_domain_parms_t domain_parms[] =
|
||||
"0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a38"
|
||||
"5502f25dbf55296c3a545e3872760ab7",
|
||||
"0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c0"
|
||||
"0a60b1ce1d7e819d7a431d7c90ea0e5f"
|
||||
"0a60b1ce1d7e819d7a431d7c90ea0e5f",
|
||||
"0x01"
|
||||
},
|
||||
{
|
||||
"NIST P-521", 521, 1,
|
||||
@ -139,10 +174,23 @@ static const ecc_domain_parms_t domain_parms[] =
|
||||
"0x00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d"
|
||||
"3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66",
|
||||
"0x011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e"
|
||||
"662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650"
|
||||
"662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650",
|
||||
"0x01"
|
||||
},
|
||||
|
||||
{ NULL, 0, 0, 0, 0, NULL, NULL, NULL, NULL }
|
||||
{
|
||||
"secp256k1", 256, 0,
|
||||
MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
|
||||
"0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F",
|
||||
"0x0000000000000000000000000000000000000000000000000000000000000000",
|
||||
"0x0000000000000000000000000000000000000000000000000000000000000007",
|
||||
"0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",
|
||||
"0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",
|
||||
"0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8",
|
||||
"0x01"
|
||||
},
|
||||
|
||||
{ NULL, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL }
|
||||
};
|
||||
|
||||
|
||||
@ -249,10 +297,9 @@ _gcry_ecc_fill_in_curve (unsigned int nbits, const char *name,
|
||||
switch (domain_parms[idx].model)
|
||||
{
|
||||
case MPI_EC_WEIERSTRASS:
|
||||
case MPI_EC_TWISTEDEDWARDS:
|
||||
break;
|
||||
case MPI_EC_EDWARDS:
|
||||
case MPI_EC_MONTGOMERY:
|
||||
return GPG_ERR_NOT_SUPPORTED;
|
||||
break;
|
||||
default:
|
||||
return GPG_ERR_BUG;
|
||||
}
|
||||
@ -268,11 +315,21 @@ _gcry_ecc_fill_in_curve (unsigned int nbits, const char *name,
|
||||
if (!curve->p)
|
||||
curve->p = scanval (domain_parms[idx].p);
|
||||
if (!curve->a)
|
||||
curve->a = scanval (domain_parms[idx].a);
|
||||
{
|
||||
curve->a = scanval (domain_parms[idx].a);
|
||||
if (curve->a->sign)
|
||||
mpi_add (curve->a, curve->p, curve->a);
|
||||
}
|
||||
if (!curve->b)
|
||||
curve->b = scanval (domain_parms[idx].b);
|
||||
{
|
||||
curve->b = scanval (domain_parms[idx].b);
|
||||
if (curve->b->sign)
|
||||
mpi_add (curve->b, curve->p, curve->b);
|
||||
}
|
||||
if (!curve->n)
|
||||
curve->n = scanval (domain_parms[idx].n);
|
||||
if (!curve->h)
|
||||
curve->h = scanval (domain_parms[idx].h);
|
||||
if (!curve->G.x)
|
||||
curve->G.x = scanval (domain_parms[idx].g_x);
|
||||
if (!curve->G.y)
|
||||
@ -288,7 +345,7 @@ _gcry_ecc_fill_in_curve (unsigned int nbits, const char *name,
|
||||
|
||||
|
||||
/* Give the name of the curve NAME, store the curve parameters into P,
|
||||
A, B, G, and N if they point to NULL value. Note that G is returned
|
||||
A, B, G, N, and H if they point to NULL value. Note that G is returned
|
||||
in standard uncompressed format. Also update MODEL and DIALECT if
|
||||
they are not NULL. */
|
||||
gpg_err_code_t
|
||||
@ -296,7 +353,7 @@ _gcry_ecc_update_curve_param (const char *name,
|
||||
enum gcry_mpi_ec_models *model,
|
||||
enum ecc_dialects *dialect,
|
||||
gcry_mpi_t *p, gcry_mpi_t *a, gcry_mpi_t *b,
|
||||
gcry_mpi_t *g, gcry_mpi_t *n)
|
||||
gcry_mpi_t *g, gcry_mpi_t *n, gcry_mpi_t *h)
|
||||
{
|
||||
int idx;
|
||||
|
||||
@ -346,6 +403,11 @@ _gcry_ecc_update_curve_param (const char *name,
|
||||
_gcry_mpi_release (*n);
|
||||
*n = scanval (domain_parms[idx].n);
|
||||
}
|
||||
if (h)
|
||||
{
|
||||
_gcry_mpi_release (*h);
|
||||
*h = scanval (domain_parms[idx].h);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -383,8 +445,8 @@ _gcry_ecc_get_curve (gcry_sexp_t keyparms, int iterator, unsigned int *r_nbits)
|
||||
/*
|
||||
* Extract the curve parameters..
|
||||
*/
|
||||
rc = gpg_err_code (sexp_extract_param (keyparms, NULL, "-pabgn",
|
||||
&E.p, &E.a, &E.b, &mpi_g, &E.n,
|
||||
rc = gpg_err_code (sexp_extract_param (keyparms, NULL, "-pabgnh",
|
||||
&E.p, &E.a, &E.b, &mpi_g, &E.n, &E.h,
|
||||
NULL));
|
||||
if (rc == GPG_ERR_NO_OBJ)
|
||||
{
|
||||
@ -442,17 +504,22 @@ _gcry_ecc_get_curve (gcry_sexp_t keyparms, int iterator, unsigned int *r_nbits)
|
||||
if (!mpi_cmp (tmp, E.n))
|
||||
{
|
||||
mpi_free (tmp);
|
||||
tmp = scanval (domain_parms[idx].g_x);
|
||||
if (!mpi_cmp (tmp, E.G.x))
|
||||
tmp = scanval (domain_parms[idx].h);
|
||||
if (!mpi_cmp (tmp, E.h))
|
||||
{
|
||||
mpi_free (tmp);
|
||||
tmp = scanval (domain_parms[idx].g_y);
|
||||
if (!mpi_cmp (tmp, E.G.y))
|
||||
tmp = scanval (domain_parms[idx].g_x);
|
||||
if (!mpi_cmp (tmp, E.G.x))
|
||||
{
|
||||
result = domain_parms[idx].desc;
|
||||
if (r_nbits)
|
||||
*r_nbits = domain_parms[idx].nbits;
|
||||
goto leave;
|
||||
mpi_free (tmp);
|
||||
tmp = scanval (domain_parms[idx].g_y);
|
||||
if (!mpi_cmp (tmp, E.G.y))
|
||||
{
|
||||
result = domain_parms[idx].desc;
|
||||
if (r_nbits)
|
||||
*r_nbits = domain_parms[idx].nbits;
|
||||
goto leave;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -469,6 +536,7 @@ _gcry_ecc_get_curve (gcry_sexp_t keyparms, int iterator, unsigned int *r_nbits)
|
||||
_gcry_mpi_release (mpi_g);
|
||||
_gcry_mpi_point_free_parts (&E.G);
|
||||
_gcry_mpi_release (E.n);
|
||||
_gcry_mpi_release (E.h);
|
||||
return result;
|
||||
}
|
||||
|
||||
@ -600,6 +668,7 @@ _gcry_mpi_ec_new (gcry_ctx_t *r_ctx,
|
||||
gcry_mpi_t b = NULL;
|
||||
gcry_mpi_point_t G = NULL;
|
||||
gcry_mpi_t n = NULL;
|
||||
gcry_mpi_t h = NULL;
|
||||
gcry_mpi_point_t Q = NULL;
|
||||
gcry_mpi_t d = NULL;
|
||||
int flags = 0;
|
||||
@ -642,6 +711,9 @@ _gcry_mpi_ec_new (gcry_ctx_t *r_ctx,
|
||||
errc = mpi_from_keyparam (&n, keyparam, "n");
|
||||
if (errc)
|
||||
goto leave;
|
||||
errc = mpi_from_keyparam (&h, keyparam, "h");
|
||||
if (errc)
|
||||
goto leave;
|
||||
}
|
||||
}
|
||||
else
|
||||
@ -715,6 +787,11 @@ _gcry_mpi_ec_new (gcry_ctx_t *r_ctx,
|
||||
n = E->n;
|
||||
E->n = NULL;
|
||||
}
|
||||
if (!h)
|
||||
{
|
||||
h = E->h;
|
||||
E->h = NULL;
|
||||
}
|
||||
_gcry_ecc_curve_free (E);
|
||||
xfree (E);
|
||||
}
|
||||
@ -741,6 +818,11 @@ _gcry_mpi_ec_new (gcry_ctx_t *r_ctx,
|
||||
ec->n = n;
|
||||
n = NULL;
|
||||
}
|
||||
if (h)
|
||||
{
|
||||
ec->h = h;
|
||||
h = NULL;
|
||||
}
|
||||
|
||||
/* Now that we know the curve name we can look for the public key
|
||||
Q. point_from_keyparam needs to know the curve parameters so
|
||||
@ -779,6 +861,7 @@ _gcry_mpi_ec_new (gcry_ctx_t *r_ctx,
|
||||
mpi_free (b);
|
||||
_gcry_mpi_point_release (G);
|
||||
mpi_free (n);
|
||||
mpi_free (h);
|
||||
_gcry_mpi_point_release (Q);
|
||||
mpi_free (d);
|
||||
return errc;
|
||||
@ -793,7 +876,7 @@ _gcry_ecc_get_param_sexp (const char *name)
|
||||
elliptic_curve_t E;
|
||||
mpi_ec_t ctx;
|
||||
gcry_mpi_t g_x, g_y;
|
||||
gcry_mpi_t pkey[6];
|
||||
gcry_mpi_t pkey[7];
|
||||
gcry_sexp_t result;
|
||||
int i;
|
||||
|
||||
@ -817,14 +900,15 @@ _gcry_ecc_get_param_sexp (const char *name)
|
||||
pkey[2] = E.b;
|
||||
pkey[3] = _gcry_ecc_ec2os (g_x, g_y, E.p);
|
||||
pkey[4] = E.n;
|
||||
pkey[5] = NULL;
|
||||
pkey[5] = E.h;
|
||||
pkey[6] = NULL;
|
||||
|
||||
mpi_free (g_x);
|
||||
mpi_free (g_y);
|
||||
|
||||
if (sexp_build (&result, NULL,
|
||||
"(public-key(ecc(p%m)(a%m)(b%m)(g%m)(n%m)))",
|
||||
pkey[0], pkey[1], pkey[2], pkey[3], pkey[4]))
|
||||
"(public-key(ecc(p%m)(a%m)(b%m)(g%m)(n%m)(h%m)))",
|
||||
pkey[0], pkey[1], pkey[2], pkey[3], pkey[4], pkey[5]))
|
||||
result = NULL;
|
||||
|
||||
for (i=0; pkey[i]; i++)
|
||||
@ -851,6 +935,8 @@ _gcry_ecc_get_mpi (const char *name, mpi_ec_t ec, int copy)
|
||||
return mpi_is_const (ec->b) && !copy? ec->b : mpi_copy (ec->b);
|
||||
if (!strcmp (name, "n") && ec->n)
|
||||
return mpi_is_const (ec->n) && !copy? ec->n : mpi_copy (ec->n);
|
||||
if (!strcmp (name, "h") && ec->h)
|
||||
return mpi_is_const (ec->h) && !copy? ec->h : mpi_copy (ec->h);
|
||||
if (!strcmp (name, "d") && ec->d)
|
||||
return mpi_is_const (ec->d) && !copy? ec->d : mpi_copy (ec->d);
|
||||
|
||||
@ -884,7 +970,7 @@ _gcry_ecc_get_mpi (const char *name, mpi_ec_t ec, int copy)
|
||||
if (name[1] != '@')
|
||||
return _gcry_mpi_ec_ec2os (ec->Q, ec);
|
||||
|
||||
if (!strcmp (name+2, "eddsa") && ec->model == MPI_EC_TWISTEDEDWARDS)
|
||||
if (!strcmp (name+2, "eddsa") && ec->model == MPI_EC_EDWARDS)
|
||||
{
|
||||
unsigned char *encpk;
|
||||
unsigned int encpklen;
|
||||
@ -949,6 +1035,11 @@ _gcry_ecc_set_mpi (const char *name, gcry_mpi_t newvalue, mpi_ec_t ec)
|
||||
mpi_free (ec->n);
|
||||
ec->n = mpi_copy (newvalue);
|
||||
}
|
||||
else if (!strcmp (name, "h"))
|
||||
{
|
||||
mpi_free (ec->h);
|
||||
ec->h = mpi_copy (newvalue);
|
||||
}
|
||||
else if (*name == 'q' && (!name[1] || name[1] == '@'))
|
||||
{
|
||||
if (newvalue)
|
||||
|
56
ecc-gost.c
Normal file
56
ecc-gost.c
Normal file
@ -0,0 +1,56 @@
|
||||
/* ecc-gots.c - Elliptic Curve GOST signatures
|
||||
* Copyright (C) 2007, 2008, 2010, 2011 Free Software Foundation, Inc.
|
||||
* Copyright (C) 2013 Dmitry Eremin-Solenikov
|
||||
*
|
||||
* This file is part of Libgcrypt.
|
||||
*
|
||||
* Libgcrypt is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Lesser General Public License as
|
||||
* published by the Free Software Foundation; either version 2.1 of
|
||||
* the License, or (at your option) any later version.
|
||||
*
|
||||
* Libgcrypt is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public
|
||||
* License along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
#include <config.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
|
||||
#include "g10lib.h"
|
||||
#include "mpi.h"
|
||||
#include "cipher.h"
|
||||
#include "context.h"
|
||||
#include "ec-context.h"
|
||||
#include "ecc-common.h"
|
||||
#include "pubkey-internal.h"
|
||||
|
||||
|
||||
/* Compute an GOST R 34.10-01/-12 signature.
|
||||
* Return the signature struct (r,s) from the message hash. The caller
|
||||
* must have allocated R and S.
|
||||
*/
|
||||
gpg_err_code_t
|
||||
_gcry_ecc_gost_sign (gcry_mpi_t input, ECC_secret_key *skey,
|
||||
gcry_mpi_t r, gcry_mpi_t s)
|
||||
{
|
||||
return GPG_ERR_UNSUPPORTED_ALGORITHM;
|
||||
}
|
||||
|
||||
|
||||
/* Verify a GOST R 34.10-01/-12 signature.
|
||||
* Check if R and S verifies INPUT.
|
||||
*/
|
||||
gpg_err_code_t
|
||||
_gcry_ecc_gost_verify (gcry_mpi_t input, ECC_public_key *pkey,
|
||||
gcry_mpi_t r, gcry_mpi_t s)
|
||||
{
|
||||
return GPG_ERR_UNSUPPORTED_ALGORITHM;
|
||||
}
|
@ -7,5 +7,6 @@ set -e -x
|
||||
# EC: ????????? ??/??/2015
|
||||
|
||||
rm -f cipher/ecc-curves.c
|
||||
rm -f cipher/ecc-gost.c
|
||||
rm -f tests/curves.c
|
||||
rm -f tests/t-mpi-point.c
|
||||
|
@ -1,214 +0,0 @@
|
||||
diff -up libgcrypt-1.6.1/tests/benchmark.c.eccfix libgcrypt-1.6.1/tests/benchmark.c
|
||||
--- libgcrypt-1.6.1/tests/benchmark.c.eccfix 2014-01-27 14:36:43.000000000 +0100
|
||||
+++ libgcrypt-1.6.1/tests/benchmark.c 2014-02-28 16:14:13.042505538 +0100
|
||||
@@ -1087,8 +1087,7 @@ ecc_bench (int iterations, int print_hea
|
||||
{
|
||||
#if USE_ECC
|
||||
gpg_error_t err;
|
||||
- const char *p_sizes[] = { "192", "224", "256", "384", "521", "Ed25519",
|
||||
- "gost256", "gost512" };
|
||||
+ const char *p_sizes[] = { "256", "384", "521", "Ed25519" };
|
||||
int testno;
|
||||
|
||||
if (print_header)
|
||||
diff -up libgcrypt-1.6.1/tests/dsa-rfc6979.c.eccfix libgcrypt-1.6.1/tests/dsa-rfc6979.c
|
||||
--- libgcrypt-1.6.1/tests/dsa-rfc6979.c.eccfix 2013-12-16 18:44:32.000000000 +0100
|
||||
+++ libgcrypt-1.6.1/tests/dsa-rfc6979.c 2014-02-28 16:18:44.138771523 +0100
|
||||
@@ -210,27 +210,6 @@ check_dsa_rfc6979 (void)
|
||||
" ))"
|
||||
},
|
||||
{
|
||||
- "ECDSA, 192 bits (prime field)",
|
||||
- "(private-key"
|
||||
- " (ecdsa"
|
||||
- " (curve \"NIST P-192\")"
|
||||
- " (q #04AC2C77F529F91689FEA0EA5EFEC7F210D8EEA0B9E047ED56"
|
||||
- " 3BC723E57670BD4887EBC732C523063D0A7C957BC97C1C43#)"
|
||||
- " (d #6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4#)"
|
||||
- " ))"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 224 bits (prime field)",
|
||||
- "(private-key"
|
||||
- " (ecdsa"
|
||||
- " (curve \"NIST P-224\")"
|
||||
- " (q #04"
|
||||
- " 00CF08DA5AD719E42707FA431292DEA11244D64FC51610D94B130D6C"
|
||||
- " EEAB6F3DEBE455E3DBF85416F7030CBD94F34F2D6F232C69F3C1385A#)"
|
||||
- " (d #F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1#)"
|
||||
- " ))"
|
||||
- },
|
||||
- {
|
||||
"ECDSA, 256 bits (prime field)",
|
||||
"(private-key"
|
||||
" (ecdsa"
|
||||
@@ -443,169 +422,6 @@ check_dsa_rfc6979 (void)
|
||||
"C9F0BDABCC0D880BB137A994CC7F3980CE91CC10FAF529FC46565B15CEA854E1"
|
||||
},
|
||||
{
|
||||
- "ECDSA, 192 bits (prime field)",
|
||||
- "With SHA-1, message = \"sample\"",
|
||||
- "sha1", "sample",
|
||||
- "37D7CA00D2C7B0E5E412AC03BD44BA837FDD5B28CD3B0021",
|
||||
- "98C6BD12B23EAF5E2A2045132086BE3EB8EBD62ABF6698FF",
|
||||
- "57A22B07DEA9530F8DE9471B1DC6624472E8E2844BC25B64"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 192 bits (prime field)",
|
||||
- "With SHA-224, message = \"sample\"",
|
||||
- "sha224", "sample",
|
||||
- "4381526B3FC1E7128F202E194505592F01D5FF4C5AF015D8",
|
||||
- "A1F00DAD97AEEC91C95585F36200C65F3C01812AA60378F5",
|
||||
- "E07EC1304C7C6C9DEBBE980B9692668F81D4DE7922A0F97A"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 192 bits (prime field)",
|
||||
- "With SHA-256, message = \"sample\"",
|
||||
- "sha256", "sample",
|
||||
- "32B1B6D7D42A05CB449065727A84804FB1A3E34D8F261496",
|
||||
- "4B0B8CE98A92866A2820E20AA6B75B56382E0F9BFD5ECB55",
|
||||
- "CCDB006926EA9565CBADC840829D8C384E06DE1F1E381B85"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 192 bits (prime field)",
|
||||
- "With SHA-384, message = \"sample\"",
|
||||
- "sha384", "sample",
|
||||
- "4730005C4FCB01834C063A7B6760096DBE284B8252EF4311",
|
||||
- "DA63BF0B9ABCF948FBB1E9167F136145F7A20426DCC287D5",
|
||||
- "C3AA2C960972BD7A2003A57E1C4C77F0578F8AE95E31EC5E"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 192 bits (prime field)",
|
||||
- "With SHA-512, message = \"sample\"",
|
||||
- "sha512", "sample",
|
||||
- "A2AC7AB055E4F20692D49209544C203A7D1F2C0BFBC75DB1",
|
||||
- "4D60C5AB1996BD848343B31C00850205E2EA6922DAC2E4B8",
|
||||
- "3F6E837448F027A1BF4B34E796E32A811CBB4050908D8F67"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 192 bits (prime field)",
|
||||
- "With SHA-1, message = \"test\"",
|
||||
- "sha1", "test",
|
||||
- "D9CF9C3D3297D3260773A1DA7418DB5537AB8DD93DE7FA25",
|
||||
- "0F2141A0EBBC44D2E1AF90A50EBCFCE5E197B3B7D4DE036D",
|
||||
- "EB18BC9E1F3D7387500CB99CF5F7C157070A8961E38700B7"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 192 bits (prime field)",
|
||||
- "With SHA-224, message = \"test\"",
|
||||
- "sha224", "test",
|
||||
- "F5DC805F76EF851800700CCE82E7B98D8911B7D510059FBE",
|
||||
- "6945A1C1D1B2206B8145548F633BB61CEF04891BAF26ED34",
|
||||
- "B7FB7FDFC339C0B9BD61A9F5A8EAF9BE58FC5CBA2CB15293"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 192 bits (prime field)",
|
||||
- "With SHA-256, message = \"test\"",
|
||||
- "sha256", "test",
|
||||
- "5C4CE89CF56D9E7C77C8585339B006B97B5F0680B4306C6C",
|
||||
- "3A718BD8B4926C3B52EE6BBE67EF79B18CB6EB62B1AD97AE",
|
||||
- "5662E6848A4A19B1F1AE2F72ACD4B8BBE50F1EAC65D9124F"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 192 bits (prime field)",
|
||||
- "With SHA-384, message = \"test\"",
|
||||
- "sha384", "test",
|
||||
- "5AFEFB5D3393261B828DB6C91FBC68C230727B030C975693",
|
||||
- "B234B60B4DB75A733E19280A7A6034BD6B1EE88AF5332367",
|
||||
- "7994090B2D59BB782BE57E74A44C9A1C700413F8ABEFE77A"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 192 bits (prime field)",
|
||||
- "With SHA-512, message = \"test\"",
|
||||
- "sha512", "test",
|
||||
- "0758753A5254759C7CFBAD2E2D9B0792EEE44136C9480527",
|
||||
- "FE4F4AE86A58B6507946715934FE2D8FF9D95B6B098FE739",
|
||||
- "74CF5605C98FBA0E1EF34D4B5A1577A7DCF59457CAE52290"
|
||||
- },
|
||||
-
|
||||
-
|
||||
-
|
||||
- {
|
||||
- "ECDSA, 224 bits (prime field)",
|
||||
- "With SHA-1, message = \"sample\"",
|
||||
- "sha1", "sample",
|
||||
- "7EEFADD91110D8DE6C2C470831387C50D3357F7F4D477054B8B426BC",
|
||||
- "22226F9D40A96E19C4A301CE5B74B115303C0F3A4FD30FC257FB57AC",
|
||||
- "66D1CDD83E3AF75605DD6E2FEFF196D30AA7ED7A2EDF7AF475403D69"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 224 bits (prime field)",
|
||||
- "With SHA-224, message = \"sample\"",
|
||||
- "sha224", "sample",
|
||||
- "C1D1F2F10881088301880506805FEB4825FE09ACB6816C36991AA06D",
|
||||
- "1CDFE6662DDE1E4A1EC4CDEDF6A1F5A2FB7FBD9145C12113E6ABFD3E",
|
||||
- "A6694FD7718A21053F225D3F46197CA699D45006C06F871808F43EBC"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 224 bits (prime field)",
|
||||
- "With SHA-256, message = \"sample\"",
|
||||
- "sha256", "sample",
|
||||
- "AD3029E0278F80643DE33917CE6908C70A8FF50A411F06E41DEDFCDC",
|
||||
- "61AA3DA010E8E8406C656BC477A7A7189895E7E840CDFE8FF42307BA",
|
||||
- "BC814050DAB5D23770879494F9E0A680DC1AF7161991BDE692B10101"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 224 bits (prime field)",
|
||||
- "With SHA-384, message = \"sample\"",
|
||||
- "sha384", "sample",
|
||||
- "52B40F5A9D3D13040F494E83D3906C6079F29981035C7BD51E5CAC40",
|
||||
- "0B115E5E36F0F9EC81F1325A5952878D745E19D7BB3EABFABA77E953",
|
||||
- "830F34CCDFE826CCFDC81EB4129772E20E122348A2BBD889A1B1AF1D"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 224 bits (prime field)",
|
||||
- "With SHA-512, message = \"sample\"",
|
||||
- "sha512", "sample",
|
||||
- "9DB103FFEDEDF9CFDBA05184F925400C1653B8501BAB89CEA0FBEC14",
|
||||
- "074BD1D979D5F32BF958DDC61E4FB4872ADCAFEB2256497CDAC30397",
|
||||
- "A4CECA196C3D5A1FF31027B33185DC8EE43F288B21AB342E5D8EB084"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 224 bits (prime field)",
|
||||
- "With SHA-1, message = \"test\"",
|
||||
- "sha1", "test",
|
||||
- "2519178F82C3F0E4F87ED5883A4E114E5B7A6E374043D8EFD329C253",
|
||||
- "DEAA646EC2AF2EA8AD53ED66B2E2DDAA49A12EFD8356561451F3E21C",
|
||||
- "95987796F6CF2062AB8135271DE56AE55366C045F6D9593F53787BD2"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 224 bits (prime field)",
|
||||
- "With SHA-224, message = \"test\"",
|
||||
- "sha224", "test",
|
||||
- "DF8B38D40DCA3E077D0AC520BF56B6D565134D9B5F2EAE0D34900524",
|
||||
- "C441CE8E261DED634E4CF84910E4C5D1D22C5CF3B732BB204DBEF019",
|
||||
- "902F42847A63BDC5F6046ADA114953120F99442D76510150F372A3F4"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 224 bits (prime field)",
|
||||
- "With SHA-256, message = \"test\"",
|
||||
- "sha256", "test",
|
||||
- "FF86F57924DA248D6E44E8154EB69F0AE2AEBAEE9931D0B5A969F904",
|
||||
- "AD04DDE87B84747A243A631EA47A1BA6D1FAA059149AD2440DE6FBA6",
|
||||
- "178D49B1AE90E3D8B629BE3DB5683915F4E8C99FDF6E666CF37ADCFD"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 224 bits (prime field)",
|
||||
- "With SHA-384, message = \"test\"",
|
||||
- "sha384", "test",
|
||||
- "7046742B839478C1B5BD31DB2E862AD868E1A45C863585B5F22BDC2D",
|
||||
- "389B92682E399B26518A95506B52C03BC9379A9DADF3391A21FB0EA4",
|
||||
- "414A718ED3249FF6DBC5B50C27F71F01F070944DA22AB1F78F559AAB"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 224 bits (prime field)",
|
||||
- "With SHA-512, message = \"test\"",
|
||||
- "sha512", "test",
|
||||
- "E39C2AA4EA6BE2306C72126D40ED77BF9739BB4D6EF2BBB1DCB6169D",
|
||||
- "049F050477C5ADD858CAC56208394B5A55BAEBBE887FDF765047C17C",
|
||||
- "077EB13E7005929CEFA3CD0403C7CDCC077ADF4E44F3C41B2F60ECFF"
|
||||
- },
|
||||
- {
|
||||
"ECDSA, 256 bits (prime field)",
|
||||
"With SHA-1, message = \"sample\"",
|
||||
"sha1", "sample",
|
@ -1,141 +0,0 @@
|
||||
diff -up libgcrypt-1.6.1/random/random-fips.c.cfgrandom libgcrypt-1.6.1/random/random-fips.c
|
||||
--- libgcrypt-1.6.1/random/random-fips.c.cfgrandom 2014-02-28 16:06:20.026572478 +0100
|
||||
+++ libgcrypt-1.6.1/random/random-fips.c 2014-02-28 16:06:34.851915121 +0100
|
||||
@@ -27,10 +27,10 @@
|
||||
There are 3 random context which map to the different levels of
|
||||
random quality:
|
||||
|
||||
- Generator Seed and Key Kernel entropy (init/reseed)
|
||||
- ------------------------------------------------------------
|
||||
- GCRY_VERY_STRONG_RANDOM /dev/random 256/128 bits
|
||||
- GCRY_STRONG_RANDOM /dev/random 256/128 bits
|
||||
+ Generator Seed and Key Kernel entropy (init/reseed)
|
||||
+ ---------------------------------------------------------------------------------------
|
||||
+ GCRY_VERY_STRONG_RANDOM /etc/gcrypt/rngseed+/dev/urandom 256/128 bits
|
||||
+ GCRY_STRONG_RANDOM /etc/gcrypt/rngseed+/dev/urandom 256/128 bits
|
||||
gcry_create_nonce GCRY_STRONG_RANDOM n/a
|
||||
|
||||
All random generators return their data in 128 bit blocks. If the
|
||||
@@ -40,8 +40,10 @@
|
||||
(SEED_TTL) output blocks; the re-seeding is disabled in test mode.
|
||||
|
||||
The GCRY_VERY_STRONG_RANDOM and GCRY_STRONG_RANDOM generators are
|
||||
- keyed and seeded from the /dev/random device. Thus these
|
||||
- generators may block until the kernel has collected enough entropy.
|
||||
+ keyed and seeded with data that is loaded from the /etc/gcrypt/rngseed
|
||||
+ if the device or symlink to device exists xored with the data
|
||||
+ from the /dev/urandom device. This allows the system administrator
|
||||
+ to always seed the RNGs from /dev/random if it is required.
|
||||
|
||||
The gcry_create_nonce generator is keyed and seeded from the
|
||||
GCRY_STRONG_RANDOM generator. It may also block if the
|
||||
@@ -560,9 +562,13 @@ get_entropy (size_t nbytes)
|
||||
entropy_collect_buffer_len = 0;
|
||||
|
||||
#if USE_RNDLINUX
|
||||
+ _gcry_rndlinux_gather_random (entropy_collect_cb, 0,
|
||||
+ X931_AES_KEYLEN,
|
||||
+ -1);
|
||||
+ entropy_collect_buffer_len = 0;
|
||||
rc = _gcry_rndlinux_gather_random (entropy_collect_cb, 0,
|
||||
X931_AES_KEYLEN,
|
||||
- GCRY_VERY_STRONG_RANDOM);
|
||||
+ GCRY_STRONG_RANDOM);
|
||||
#elif USE_RNDW32
|
||||
do
|
||||
{
|
||||
@@ -713,7 +719,7 @@ get_random (void *buffer, size_t length,
|
||||
|| rng_ctx->seed_init_pid != getpid ())
|
||||
{
|
||||
/* Just reinitialize the key & seed. */
|
||||
- gcry_cipher_close(rng_ctx->cipher_hd);
|
||||
+ _gcry_cipher_close(rng_ctx->cipher_hd);
|
||||
rng_ctx->cipher_hd = NULL;
|
||||
rng_ctx->is_seeded = 0;
|
||||
goto reinitialize;
|
||||
diff -up libgcrypt-1.6.1/random/rndlinux.c.cfgrandom libgcrypt-1.6.1/random/rndlinux.c
|
||||
--- libgcrypt-1.6.1/random/rndlinux.c.cfgrandom 2013-12-16 18:44:32.000000000 +0100
|
||||
+++ libgcrypt-1.6.1/random/rndlinux.c 2014-02-28 16:06:20.027572501 +0100
|
||||
@@ -36,7 +36,9 @@
|
||||
#include "g10lib.h"
|
||||
#include "rand-internal.h"
|
||||
|
||||
-static int open_device (const char *name, int retry);
|
||||
+#define NAME_OF_CFG_RNGSEED "/etc/gcrypt/rngseed"
|
||||
+
|
||||
+static int open_device (const char *name, int retry, int fatal);
|
||||
|
||||
|
||||
static int
|
||||
@@ -59,7 +61,7 @@ set_cloexec_flag (int fd)
|
||||
* a fatal error but retries until it is able to reopen the device.
|
||||
*/
|
||||
static int
|
||||
-open_device (const char *name, int retry)
|
||||
+open_device (const char *name, int retry, int fatal)
|
||||
{
|
||||
int fd;
|
||||
|
||||
@@ -67,6 +69,8 @@ open_device (const char *name, int retry
|
||||
_gcry_random_progress ("open_dev_random", 'X', 1, 0);
|
||||
again:
|
||||
fd = open (name, O_RDONLY);
|
||||
+ if (fd == -1 && !fatal)
|
||||
+ return fd;
|
||||
if (fd == -1 && retry)
|
||||
{
|
||||
struct timeval tv;
|
||||
@@ -111,6 +115,7 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
{
|
||||
static int fd_urandom = -1;
|
||||
static int fd_random = -1;
|
||||
+ static int fd_configured = -1;
|
||||
static unsigned char ever_opened;
|
||||
int fd;
|
||||
int n;
|
||||
@@ -134,6 +139,11 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
close (fd_urandom);
|
||||
fd_urandom = -1;
|
||||
}
|
||||
+ if (fd_configured != -1)
|
||||
+ {
|
||||
+ close (fd_configured);
|
||||
+ fd_configured = -1;
|
||||
+ }
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -153,20 +163,30 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
that we always require the device to be existent but want a more
|
||||
graceful behaviour if the rarely needed close operation has been
|
||||
used and the device needs to be re-opened later. */
|
||||
+
|
||||
+ if (level == -1)
|
||||
+ {
|
||||
+ if (fd_configured == -1)
|
||||
+ fd_configured = open_device ( NAME_OF_CFG_RNGSEED, 0, 0 );
|
||||
+ fd = fd_configured;
|
||||
+ if (fd == -1)
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
if (level >= 2)
|
||||
{
|
||||
if (fd_random == -1)
|
||||
{
|
||||
- fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1));
|
||||
+ fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1), 1);
|
||||
ever_opened |= 1;
|
||||
}
|
||||
fd = fd_random;
|
||||
}
|
||||
- else
|
||||
+ else if (level != -1)
|
||||
{
|
||||
if (fd_urandom == -1)
|
||||
{
|
||||
- fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2));
|
||||
+ fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2), 1);
|
||||
ever_opened |= 2;
|
||||
}
|
||||
fd = fd_urandom;
|
@ -1,198 +0,0 @@
|
||||
diff -up libgcrypt-1.6.1/cipher/dsa.c.tests libgcrypt-1.6.1/cipher/dsa.c
|
||||
--- libgcrypt-1.6.1/cipher/dsa.c.tests 2014-02-28 13:39:01.727288335 +0100
|
||||
+++ libgcrypt-1.6.1/cipher/dsa.c 2014-02-28 13:46:21.727458285 +0100
|
||||
@@ -423,22 +423,29 @@ generate_fips186 (DSA_secret_key *sk, un
|
||||
initial_seed.seed = sexp_nth_data (initial_seed.sexp, 1,
|
||||
&initial_seed.seedlen);
|
||||
}
|
||||
-
|
||||
- /* Fixme: Enable 186-3 after it has been approved and after fixing
|
||||
- the generation function. */
|
||||
- /* if (use_fips186_2) */
|
||||
- (void)use_fips186_2;
|
||||
- ec = _gcry_generate_fips186_2_prime (nbits, qbits,
|
||||
+ if (use_fips186_2)
|
||||
+ ec = _gcry_generate_fips186_2_prime (nbits, qbits,
|
||||
initial_seed.seed,
|
||||
initial_seed.seedlen,
|
||||
&prime_q, &prime_p,
|
||||
r_counter,
|
||||
r_seed, r_seedlen);
|
||||
- /* else */
|
||||
- /* ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0, */
|
||||
- /* &prime_q, &prime_p, */
|
||||
- /* r_counter, */
|
||||
- /* r_seed, r_seedlen, NULL); */
|
||||
+ else if (!domain->p || !domain->q)
|
||||
+ ec = _gcry_generate_fips186_3_prime (nbits, qbits,
|
||||
+ initial_seed.seed,
|
||||
+ initial_seed.seedlen,
|
||||
+ &prime_q, &prime_p,
|
||||
+ r_counter,
|
||||
+ r_seed, r_seedlen, NULL);
|
||||
+ else
|
||||
+ {
|
||||
+ /* Domain parameters p and q are given; use them. */
|
||||
+ prime_p = mpi_copy (domain->p);
|
||||
+ prime_q = mpi_copy (domain->q);
|
||||
+ gcry_assert (mpi_get_nbits (prime_p) == nbits);
|
||||
+ gcry_assert (mpi_get_nbits (prime_q) == qbits);
|
||||
+ ec = 0;
|
||||
+ }
|
||||
sexp_release (initial_seed.sexp);
|
||||
if (ec)
|
||||
goto leave;
|
||||
@@ -829,13 +829,12 @@ dsa_generate (const gcry_sexp_t genparms
|
||||
sexp_release (l1);
|
||||
sexp_release (domainsexp);
|
||||
|
||||
- /* Check that all domain parameters are available. */
|
||||
- if (!domain.p || !domain.q || !domain.g)
|
||||
+ /* Check that p and q domain parameters are available. */
|
||||
+ if (!domain.p || !domain.q || (!domain.g && !(flags & PUBKEY_FLAG_USE_FIPS186)))
|
||||
{
|
||||
_gcry_mpi_release (domain.p);
|
||||
_gcry_mpi_release (domain.q);
|
||||
_gcry_mpi_release (domain.g);
|
||||
- sexp_release (deriveparms);
|
||||
return GPG_ERR_MISSING_VALUE;
|
||||
}
|
||||
|
||||
diff -up libgcrypt-1.6.1/cipher/primegen.c.tests libgcrypt-1.6.1/cipher/primegen.c
|
||||
--- libgcrypt-1.6.1/cipher/primegen.c.tests 2014-01-29 10:48:38.000000000 +0100
|
||||
+++ libgcrypt-1.6.1/cipher/primegen.c 2014-02-28 13:49:52.291325147 +0100
|
||||
@@ -1649,7 +1649,7 @@ _gcry_generate_fips186_3_prime (unsigned
|
||||
gpg_err_code_t ec;
|
||||
unsigned char seed_help_buffer[256/8]; /* Used to hold a generated SEED. */
|
||||
unsigned char *seed_plus; /* Malloced buffer to hold SEED+x. */
|
||||
- unsigned char digest[256/8]; /* Helper buffer for SHA-1 digest. */
|
||||
+ unsigned char digest[256/8]; /* Helper buffer for SHA-x digest. */
|
||||
gcry_mpi_t val_2 = NULL; /* Helper for the prime test. */
|
||||
gcry_mpi_t tmpval = NULL; /* Helper variable. */
|
||||
int hashalgo; /* The id of the Approved Hash Function. */
|
||||
@@ -1739,7 +1739,7 @@ _gcry_generate_fips186_3_prime (unsigned
|
||||
}
|
||||
_gcry_mpi_release (prime_q); prime_q = NULL;
|
||||
ec = _gcry_mpi_scan (&prime_q, GCRYMPI_FMT_USG,
|
||||
- value_u, sizeof value_u, NULL);
|
||||
+ value_u, qbits/8, NULL);
|
||||
if (ec)
|
||||
goto leave;
|
||||
mpi_set_highbit (prime_q, qbits-1 );
|
||||
@@ -1784,11 +1784,11 @@ _gcry_generate_fips186_3_prime (unsigned
|
||||
if (seed_plus[i])
|
||||
break;
|
||||
}
|
||||
- _gcry_md_hash_buffer (GCRY_MD_SHA1, digest, seed_plus, seedlen);
|
||||
+ _gcry_md_hash_buffer (hashalgo, digest, seed_plus, seedlen);
|
||||
|
||||
_gcry_mpi_release (tmpval); tmpval = NULL;
|
||||
ec = _gcry_mpi_scan (&tmpval, GCRYMPI_FMT_USG,
|
||||
- digest, sizeof digest, NULL);
|
||||
+ digest, qbits/8, NULL);
|
||||
if (ec)
|
||||
goto leave;
|
||||
if (value_j == value_n)
|
||||
@@ -1824,11 +1824,11 @@ _gcry_generate_fips186_3_prime (unsigned
|
||||
}
|
||||
|
||||
/* Step 12: Save p, q, counter and seed. */
|
||||
- log_debug ("fips186-3 pbits p=%u q=%u counter=%d\n",
|
||||
+ /* log_debug ("fips186-3 pbits p=%u q=%u counter=%d\n",
|
||||
mpi_get_nbits (prime_p), mpi_get_nbits (prime_q), counter);
|
||||
log_printhex ("fips186-3 seed", seed, seedlen);
|
||||
log_printmpi ("fips186-3 p", prime_p);
|
||||
- log_printmpi ("fips186-3 q", prime_q);
|
||||
+ log_printmpi ("fips186-3 q", prime_q); */
|
||||
if (r_q)
|
||||
{
|
||||
*r_q = prime_q;
|
||||
diff -up libgcrypt-1.6.1/cipher/rsa.c.tests libgcrypt-1.6.1/cipher/rsa.c
|
||||
--- libgcrypt-1.6.1/cipher/rsa.c.tests 2014-01-29 08:49:49.000000000 +0100
|
||||
+++ libgcrypt-1.6.1/cipher/rsa.c 2014-02-28 13:39:01.727288335 +0100
|
||||
@@ -399,7 +399,7 @@ generate_x931 (RSA_secret_key *sk, unsig
|
||||
|
||||
*swapped = 0;
|
||||
|
||||
- if (e_value == 1) /* Alias for a secure value. */
|
||||
+ if (e_value == 1 || e_value == 0) /* Alias for a secure value. */
|
||||
e_value = 65537;
|
||||
|
||||
/* Point 1 of section 4.1: k = 1024 + 256s with S >= 0 */
|
||||
diff -up libgcrypt-1.6.1/random/random-fips.c.tests libgcrypt-1.6.1/random/random-fips.c
|
||||
--- libgcrypt-1.6.1/random/random-fips.c.tests 2014-01-29 10:48:38.000000000 +0100
|
||||
+++ libgcrypt-1.6.1/random/random-fips.c 2014-02-28 13:39:01.727288335 +0100
|
||||
@@ -692,6 +692,7 @@ get_random (void *buffer, size_t length,
|
||||
|
||||
check_guards (rng_ctx);
|
||||
|
||||
+ reinitialize:
|
||||
/* Initialize the cipher handle and thus setup the key if needed. */
|
||||
if (!rng_ctx->cipher_hd)
|
||||
{
|
||||
@@ -711,13 +712,11 @@ get_random (void *buffer, size_t length,
|
||||
if (rng_ctx->key_init_pid != getpid ()
|
||||
|| rng_ctx->seed_init_pid != getpid ())
|
||||
{
|
||||
- /* We are in a child of us. Because we have no way yet to do
|
||||
- proper re-initialization (including self-checks etc), the
|
||||
- only chance we have is to bail out. Obviusly a fork/exec
|
||||
- won't harm because the exec overwrites the old image. */
|
||||
- fips_signal_error ("fork without proper re-initialization "
|
||||
- "detected in RNG");
|
||||
- goto bailout;
|
||||
+ /* Just reinitialize the key & seed. */
|
||||
+ gcry_cipher_close(rng_ctx->cipher_hd);
|
||||
+ rng_ctx->cipher_hd = NULL;
|
||||
+ rng_ctx->is_seeded = 0;
|
||||
+ goto reinitialize;
|
||||
}
|
||||
|
||||
if (x931_aes_driver (buffer, length, rng_ctx))
|
||||
diff -up libgcrypt-1.6.1/tests/keygen.c.tests libgcrypt-1.6.1/tests/keygen.c
|
||||
--- libgcrypt-1.6.1/tests/keygen.c.tests 2014-02-28 13:39:01.728288358 +0100
|
||||
+++ libgcrypt-1.6.1/tests/keygen.c 2014-02-28 13:42:18.288831563 +0100
|
||||
@@ -215,11 +215,11 @@ check_rsa_keys (void)
|
||||
|
||||
|
||||
if (verbose)
|
||||
- show ("creating 512 bit RSA key with e=257\n");
|
||||
+ show ("creating 1024 bit RSA key with e=257\n");
|
||||
rc = gcry_sexp_new (&keyparm,
|
||||
"(genkey\n"
|
||||
" (rsa\n"
|
||||
- " (nbits 3:512)\n"
|
||||
+ " (nbits 4:1024)\n"
|
||||
" (rsa-use-e 3:257)\n"
|
||||
" ))", 0, 1);
|
||||
if (rc)
|
||||
@@ -233,11 +233,11 @@ check_rsa_keys (void)
|
||||
gcry_sexp_release (key);
|
||||
|
||||
if (verbose)
|
||||
- show ("creating 512 bit RSA key with default e\n");
|
||||
+ show ("creating 1024 bit RSA key with default e\n");
|
||||
rc = gcry_sexp_new (&keyparm,
|
||||
"(genkey\n"
|
||||
" (rsa\n"
|
||||
- " (nbits 3:512)\n"
|
||||
+ " (nbits 4:1024)\n"
|
||||
" (rsa-use-e 1:0)\n"
|
||||
" ))", 0, 1);
|
||||
if (rc)
|
||||
@@ -307,12 +307,12 @@ check_dsa_keys (void)
|
||||
}
|
||||
|
||||
if (verbose)
|
||||
- show ("creating 1536 bit DSA key\n");
|
||||
+ show ("creating 2048 bit DSA key\n");
|
||||
rc = gcry_sexp_new (&keyparm,
|
||||
"(genkey\n"
|
||||
" (dsa\n"
|
||||
- " (nbits 4:1536)\n"
|
||||
- " (qbits 3:224)\n"
|
||||
+ " (nbits 4:2048)\n"
|
||||
+ " (qbits 3:256)\n"
|
||||
" ))", 0, 1);
|
||||
if (rc)
|
||||
die ("error creating S-expression: %s\n", gpg_strerror (rc));
|
File diff suppressed because it is too large
Load Diff
@ -1,345 +0,0 @@
|
||||
diff -up libgcrypt-1.6.2/cipher/dsa.c.fips-reqs libgcrypt-1.6.2/cipher/dsa.c
|
||||
--- libgcrypt-1.6.2/cipher/dsa.c.fips-reqs 2014-12-08 17:15:07.198102721 +0100
|
||||
+++ libgcrypt-1.6.2/cipher/dsa.c 2014-12-08 17:16:59.636645610 +0100
|
||||
@@ -66,42 +66,86 @@ static const char *dsa_names[] =
|
||||
};
|
||||
|
||||
|
||||
-/* A sample 1024 bit DSA key used for the selftests. */
|
||||
+/* A sample 2048 bit DSA key used for the selftests. */
|
||||
static const char sample_secret_key[] =
|
||||
"(private-key"
|
||||
" (dsa"
|
||||
-" (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB"
|
||||
-" 96273899DD8B2BB46CD6ECA263FAF04A28903503D59062A8865D2AE8ADFB5191"
|
||||
-" CF36FFB562D0E2F5809801A1F675DAE59698A9E01EFE8D7DCFCA084F4C6F5A44"
|
||||
-" 44D499A06FFAEA5E8EF5E01F2FD20A7B7EF3F6968AFBA1FB8D91F1559D52D8777B#)"
|
||||
-" (q #00EB7B5751D25EBBB7BD59D920315FD840E19AEBF9#)"
|
||||
-" (g #1574363387FDFD1DDF38F4FBE135BB20C7EE4772FB94C337AF86EA8E49666503"
|
||||
-" AE04B6BE81A2F8DD095311E0217ACA698A11E6C5D33CCDAE71498ED35D13991E"
|
||||
-" B02F09AB40BD8F4C5ED8C75DA779D0AE104BC34C960B002377068AB4B5A1F984"
|
||||
-" 3FBA91F537F1B7CAC4D8DD6D89B0D863AF7025D549F9C765D2FC07EE208F8D15#)"
|
||||
-" (y #64B11EF8871BE4AB572AA810D5D3CA11A6CDBC637A8014602C72960DB135BF46"
|
||||
-" A1816A724C34F87330FC9E187C5D66897A04535CC2AC9164A7150ABFA8179827"
|
||||
-" 6E45831AB811EEE848EBB24D9F5F2883B6E5DDC4C659DEF944DCFD80BF4D0A20"
|
||||
-" 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)"
|
||||
-" (x #11D54E4ADBD3034160F2CED4B7CD292A4EBF3EC0#)))";
|
||||
-/* A sample 1024 bit DSA key used for the selftests (public only). */
|
||||
+" (p #a85378d8fd3f8d72ec7418080da21317e43ec4b62ba8c862"
|
||||
+" 3b7e4d04441dd1a0658662596493ca8e9e8fbb7e34aaddb6"
|
||||
+" 2e5d67b6d09a6e61b769e7c352aa2b10e20ca0636963b552"
|
||||
+" 3e86470decbbeda027e797e7b67635d4d49c30700e74af8a"
|
||||
+" 0ff156a801af57a26e7078f1d82f74908ecb6d07e70b3503"
|
||||
+" eed94fa32cf17a7fc3d6cf40dc7b00830e6a2566dc073e34"
|
||||
+" 3312517c6aa5152b4bfecd2e551fee346318a153423c996b"
|
||||
+" 0d5dcb9102aedd38798616f1f1e0d6c403525b1f9b3d4dc7"
|
||||
+" 66de2dfc4a56d7b8ba5963d60f3e16318870ad436952e557"
|
||||
+" 65374eab85e8ec17d6b9a4547b9b5f2752f3105be809b23a"
|
||||
+" 2c8d7469db02e24d592394a7dba069e9#)"
|
||||
+" (q #d277044e50f5a4e3f510a50a0b84fdffbca047ed27602056"
|
||||
+" 7441a0a5#)"
|
||||
+" (g #13d754e21fd241655da891c522a65a72a89bdc64ec9b54a8"
|
||||
+" 21ed4a898b490e0c4fcb72192a4a20f541f3f2925399f0ba"
|
||||
+" ecf929aafbf79dfe4332393b32cd2e2fcf272f32a627434a"
|
||||
+" 0df242b75b414df372121e53a553f222f836b000f016485b"
|
||||
+" 6bd0898451801dcd8de64cd5365696ffc532d528c506620a"
|
||||
+" 942a0305046d8f1876341f1e570bc3974ba6b9a438e97023"
|
||||
+" 02a2e6e67bfd06d32bc679962271d7b40cd72f386e64e0d7"
|
||||
+" ef86ca8ca5d14228dc2a4f16e3189886b5990674f4200f3a"
|
||||
+" 4cf65a3f0ddba1fa672dff2f5e143d10e4e97ae84f6da095"
|
||||
+" 35d5b9df259181a79b63b069e949972b02ba36b3586aab7e"
|
||||
+" 45f322f82e4e85ca3ab85591b3c2a966#)"
|
||||
+" (y #2452f3ccbe9ed5ca7dc74c602b99226e8f2fab38e7d7ddfb"
|
||||
+" 75539b17155e9fcfd1aba564eb8535d812c9c2dcf9728444"
|
||||
+" 1bc482243624c7f457580c1c38a57c46c457392470edb52c"
|
||||
+" b5a6e03fe6287bb6f49a42a2065a054f030839df1fd3149c"
|
||||
+" 4ca0531dd8ca8aaa9cc7337193387348336118224545e88c"
|
||||
+" 80ffd8765d74360333ccab9972779b6525a65bdd0d10c675"
|
||||
+" c109bbd3e5be4d72ef6eba6e438d5226237db888379c5fcc"
|
||||
+" 47a3847ff63711baed6d03afe81e694a413b680bd38ab490"
|
||||
+" 3f8370a707ef551d4941026d9579d691de8edaa16105eb9d"
|
||||
+" ba3c2f4c1bec508275aa0207e251b5eccb286a4b01d449d3"
|
||||
+" 0acb673717a0d2fb3b50c893f7dab14f#)"
|
||||
+" (x #0c4b3089d1b862cb3c436491f0915470c52796e3acbee800"
|
||||
+" ec55f6cc#)))";
|
||||
+/* A sample 2048 bit DSA key used for the selftests (public only). */
|
||||
static const char sample_public_key[] =
|
||||
"(public-key"
|
||||
" (dsa"
|
||||
-" (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB"
|
||||
-" 96273899DD8B2BB46CD6ECA263FAF04A28903503D59062A8865D2AE8ADFB5191"
|
||||
-" CF36FFB562D0E2F5809801A1F675DAE59698A9E01EFE8D7DCFCA084F4C6F5A44"
|
||||
-" 44D499A06FFAEA5E8EF5E01F2FD20A7B7EF3F6968AFBA1FB8D91F1559D52D8777B#)"
|
||||
-" (q #00EB7B5751D25EBBB7BD59D920315FD840E19AEBF9#)"
|
||||
-" (g #1574363387FDFD1DDF38F4FBE135BB20C7EE4772FB94C337AF86EA8E49666503"
|
||||
-" AE04B6BE81A2F8DD095311E0217ACA698A11E6C5D33CCDAE71498ED35D13991E"
|
||||
-" B02F09AB40BD8F4C5ED8C75DA779D0AE104BC34C960B002377068AB4B5A1F984"
|
||||
-" 3FBA91F537F1B7CAC4D8DD6D89B0D863AF7025D549F9C765D2FC07EE208F8D15#)"
|
||||
-" (y #64B11EF8871BE4AB572AA810D5D3CA11A6CDBC637A8014602C72960DB135BF46"
|
||||
-" A1816A724C34F87330FC9E187C5D66897A04535CC2AC9164A7150ABFA8179827"
|
||||
-" 6E45831AB811EEE848EBB24D9F5F2883B6E5DDC4C659DEF944DCFD80BF4D0A20"
|
||||
-" 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)))";
|
||||
-
|
||||
+" (p #a85378d8fd3f8d72ec7418080da21317e43ec4b62ba8c862"
|
||||
+" 3b7e4d04441dd1a0658662596493ca8e9e8fbb7e34aaddb6"
|
||||
+" 2e5d67b6d09a6e61b769e7c352aa2b10e20ca0636963b552"
|
||||
+" 3e86470decbbeda027e797e7b67635d4d49c30700e74af8a"
|
||||
+" 0ff156a801af57a26e7078f1d82f74908ecb6d07e70b3503"
|
||||
+" eed94fa32cf17a7fc3d6cf40dc7b00830e6a2566dc073e34"
|
||||
+" 3312517c6aa5152b4bfecd2e551fee346318a153423c996b"
|
||||
+" 0d5dcb9102aedd38798616f1f1e0d6c403525b1f9b3d4dc7"
|
||||
+" 66de2dfc4a56d7b8ba5963d60f3e16318870ad436952e557"
|
||||
+" 65374eab85e8ec17d6b9a4547b9b5f2752f3105be809b23a"
|
||||
+" 2c8d7469db02e24d592394a7dba069e9#)"
|
||||
+" (q #d277044e50f5a4e3f510a50a0b84fdffbca047ed27602056"
|
||||
+" 7441a0a5#)"
|
||||
+" (g #13d754e21fd241655da891c522a65a72a89bdc64ec9b54a8"
|
||||
+" 21ed4a898b490e0c4fcb72192a4a20f541f3f2925399f0ba"
|
||||
+" ecf929aafbf79dfe4332393b32cd2e2fcf272f32a627434a"
|
||||
+" 0df242b75b414df372121e53a553f222f836b000f016485b"
|
||||
+" 6bd0898451801dcd8de64cd5365696ffc532d528c506620a"
|
||||
+" 942a0305046d8f1876341f1e570bc3974ba6b9a438e97023"
|
||||
+" 02a2e6e67bfd06d32bc679962271d7b40cd72f386e64e0d7"
|
||||
+" ef86ca8ca5d14228dc2a4f16e3189886b5990674f4200f3a"
|
||||
+" 4cf65a3f0ddba1fa672dff2f5e143d10e4e97ae84f6da095"
|
||||
+" 35d5b9df259181a79b63b069e949972b02ba36b3586aab7e"
|
||||
+" 45f322f82e4e85ca3ab85591b3c2a966#)"
|
||||
+" (y #2452f3ccbe9ed5ca7dc74c602b99226e8f2fab38e7d7ddfb"
|
||||
+" 75539b17155e9fcfd1aba564eb8535d812c9c2dcf9728444"
|
||||
+" 1bc482243624c7f457580c1c38a57c46c457392470edb52c"
|
||||
+" b5a6e03fe6287bb6f49a42a2065a054f030839df1fd3149c"
|
||||
+" 4ca0531dd8ca8aaa9cc7337193387348336118224545e88c"
|
||||
+" 80ffd8765d74360333ccab9972779b6525a65bdd0d10c675"
|
||||
+" c109bbd3e5be4d72ef6eba6e438d5226237db888379c5fcc"
|
||||
+" 47a3847ff63711baed6d03afe81e694a413b680bd38ab490"
|
||||
+" 3f8370a707ef551d4941026d9579d691de8edaa16105eb9d"
|
||||
+" ba3c2f4c1bec508275aa0207e251b5eccb286a4b01d449d3"
|
||||
+" 0acb673717a0d2fb3b50c893f7dab14f#)))";
|
||||
|
||||
|
||||
|
||||
@@ -1164,14 +1208,14 @@ dsa_get_nbits (gcry_sexp_t parms)
|
||||
*/
|
||||
|
||||
static const char *
|
||||
-selftest_sign_1024 (gcry_sexp_t pkey, gcry_sexp_t skey)
|
||||
+selftest_sign (gcry_sexp_t pkey, gcry_sexp_t skey)
|
||||
{
|
||||
static const char sample_data[] =
|
||||
"(data (flags raw)"
|
||||
- " (value #a0b1c2d3e4f500102030405060708090a1b2c3d4#))";
|
||||
+ " (value #a0b1c2d3e4f500102030405060708090a1b2c3d4f1e2d3c4b5a6978879605142#))";
|
||||
static const char sample_data_bad[] =
|
||||
"(data (flags raw)"
|
||||
- " (value #a0b1c2d3e4f510102030405060708090a1b2c3d4#))";
|
||||
+ " (value #a0b1c2d3e4f500102030405060708090a1b2c3d401e2d3c4b5a6978879605142#))";
|
||||
|
||||
const char *errtxt = NULL;
|
||||
gcry_error_t err;
|
||||
@@ -1247,7 +1291,7 @@ selftests_dsa (selftest_report_func_t re
|
||||
}
|
||||
|
||||
what = "sign";
|
||||
- errtxt = selftest_sign_1024 (pkey, skey);
|
||||
+ errtxt = selftest_sign (pkey, skey);
|
||||
if (errtxt)
|
||||
goto failed;
|
||||
|
||||
diff -up libgcrypt-1.6.2/cipher/rsa.c.fips-reqs libgcrypt-1.6.2/cipher/rsa.c
|
||||
--- libgcrypt-1.6.2/cipher/rsa.c.fips-reqs 2014-12-08 17:15:07.218103174 +0100
|
||||
+++ libgcrypt-1.6.2/cipher/rsa.c 2014-12-08 17:20:24.666282521 +0100
|
||||
@@ -62,33 +62,57 @@ static const char *rsa_names[] =
|
||||
};
|
||||
|
||||
|
||||
-/* A sample 1024 bit RSA key used for the selftests. */
|
||||
+/* A sample 2048 bit RSA key used for the selftests. */
|
||||
static const char sample_secret_key[] =
|
||||
"(private-key"
|
||||
" (rsa"
|
||||
-" (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa"
|
||||
-" 2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291"
|
||||
-" ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7"
|
||||
-" 891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)"
|
||||
+" (n #00c9d56d9d90db43d602ed9688138ab2bf6ea10610b27837a714a8ffdd00"
|
||||
+" ddb493a045cc9690edada9ddc4d6ca0cf0ed4f725e21499a1812158f905a"
|
||||
+" dbb63399a3e6b4f0c4972126bbe3baf2ffa072da89638e8b3e089d922abe"
|
||||
+" 16e14315fc57c71f0911671ca996d18b3e8093c159d06d39f2ac95cc1075"
|
||||
+" e93124d143af68524be716d749656f26c086adc0070ac1e12f8785863bdc"
|
||||
+" 5a99bee9f9b9e98227510415ab060e765a288d92bdc5b57ba8df4e47a2c1"
|
||||
+" e752bf47f762e03a6f4d6a4d4ed4b95969fab214c1eee62f95cd9472aee4"
|
||||
+" db189ac4cd70bdee3116b74965ac40190eb56d83f136bb082f2e4e9262a4"
|
||||
+" ff50db2045a2eb167af2d528c1fd4e0371#)"
|
||||
" (e #010001#)"
|
||||
-" (d #046129f2489d71579be0a75fe029bd6cdb574ebf57ea8a5b0fda942cab943b11"
|
||||
-" 7d7bb95e5d28875e0f9fc5fcc06a72f6d502464dabded78ef6b716177b83d5bd"
|
||||
-" c543dc5d3fed932e59f5897e92e6f58a0f33424106a3b6fa2cbf877510e4ac21"
|
||||
-" c3ee47851e97d12996222ac3566d4ccb0b83d164074abf7de655fc2446da1781#)"
|
||||
-" (p #00e861b700e17e8afe6837e7512e35b6ca11d0ae47d8b85161c67baf64377213"
|
||||
-" fe52d772f2035b3ca830af41d8a4120e1c1c70d12cc22f00d28d31dd48a8d424f1#)"
|
||||
-" (q #00f7a7ca5367c661f8e62df34f0d05c10c88e5492348dd7bddc942c9a8f369f9"
|
||||
-" 35a07785d2db805215ed786e4285df1658eed3ce84f469b81b50d358407b4ad361#)"
|
||||
-" (u #304559a9ead56d2309d203811a641bb1a09626bc8eb36fffa23c968ec5bd891e"
|
||||
-" ebbafc73ae666e01ba7c8990bae06cc2bbe10b75e69fcacb353a6473079d8e9b#)))";
|
||||
-/* A sample 1024 bit RSA key used for the selftests (public only). */
|
||||
+" (d #03b1e24a94e50ab21f8619701ec97679be2cf8f733c9331d9e2974dba721"
|
||||
+" 27e5def480290e78a769f96b19d28397a284868fb614ca9b1fb3a0d7efed"
|
||||
+" df41451204ce71aceba659f6ed15964ebb317712364e1cfaf2fded77d658"
|
||||
+" 8561acc49c97c2d7efe75f1534b35bd4f6561e1f468b45590db34553d4d0"
|
||||
+" c2cb4d806b74e1b2c52740462538865d9792b0aefbbf7b9827f4b3badcb3"
|
||||
+" 5adab638266a2d2fb8422a7a19142e08848e56af77a66c39b2afafa2e15b"
|
||||
+" 1a7e4ed1f2c7ed350678c0465d86472af97371b13ef5058662f835ef9087"
|
||||
+" f6cca8281bbf1b6b155c737b33d9e443350df85e7cc3b507231fb839f41f"
|
||||
+" 02c654b29017f35d69007c70e13ba0e5#)"
|
||||
+" (p #00ccbe7b096906ee45bf884738a8f817e5b6ba6755e3e8058bb8e253d68e"
|
||||
+" ef2ce74f4af74e268d850b3fecc31cd4ebec6ac8722a257dfda67796f01e"
|
||||
+" cd2857f83730756bbdd47b0c87c56c8740a5bb272c78c9745a545b0b306f"
|
||||
+" 444afa71e4216166f9ee65de7c04d7fda9155b7fe27aba698672a6068d9b"
|
||||
+" 9055609e4c5da9b655#)"
|
||||
+" (q #00fc5c6e16ce1f037bcdf7b372b28f1672b856aef7cd67d84e7d07afd543"
|
||||
+" 26c335be438f4e2f1c434e6bd2b2ec526d97522bcc5c3a6bf414c674da66"
|
||||
+" 381c7a3f842fe3f95ab865694606a33779b2a15b58ed5ea75f8c6566bbd1"
|
||||
+" 2436e637a73d49778a8c34d86929f34d5822b05124b640a886590ab7ba5c"
|
||||
+" 97da57e836da7a9cad#)"
|
||||
+" (u #2396c191175e0a83d2dc7b69b2591d3358523f18c709501cb9a1bb4ca238"
|
||||
+" 404c9a8efe9c9092d0719f899950911f348b745311114a70e2f730d88c80"
|
||||
+" e1cc9ff163171a7d67294ccb4e747be03e9e2ff4678fecb95c001e7ea27b"
|
||||
+" 92c96f4ce40ef94863cd50225dbfb69d01336af450be86984fca3f3afacf"
|
||||
+" 0740c4aaadaebebf#)))";
|
||||
+/* A sample 2048 bit RSA key used for the selftests (public only). */
|
||||
static const char sample_public_key[] =
|
||||
"(public-key"
|
||||
" (rsa"
|
||||
-" (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa"
|
||||
-" 2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291"
|
||||
-" ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7"
|
||||
-" 891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)"
|
||||
+" (n #00c9d56d9d90db43d602ed9688138ab2bf6ea10610b27837a714a8ffdd00"
|
||||
+" ddb493a045cc9690edada9ddc4d6ca0cf0ed4f725e21499a1812158f905a"
|
||||
+" dbb63399a3e6b4f0c4972126bbe3baf2ffa072da89638e8b3e089d922abe"
|
||||
+" 16e14315fc57c71f0911671ca996d18b3e8093c159d06d39f2ac95cc1075"
|
||||
+" e93124d143af68524be716d749656f26c086adc0070ac1e12f8785863bdc"
|
||||
+" 5a99bee9f9b9e98227510415ab060e765a288d92bdc5b57ba8df4e47a2c1"
|
||||
+" e752bf47f762e03a6f4d6a4d4ed4b95969fab214c1eee62f95cd9472aee4"
|
||||
+" db189ac4cd70bdee3116b74965ac40190eb56d83f136bb082f2e4e9262a4"
|
||||
+" ff50db2045a2eb167af2d528c1fd4e0371#)"
|
||||
" (e #010001#)))";
|
||||
|
||||
|
||||
@@ -1610,20 +1634,35 @@ compute_keygrip (gcry_md_hd_t md, gcry_s
|
||||
*/
|
||||
|
||||
static const char *
|
||||
-selftest_sign_1024 (gcry_sexp_t pkey, gcry_sexp_t skey)
|
||||
+selftest_sign (gcry_sexp_t pkey, gcry_sexp_t skey)
|
||||
{
|
||||
static const char sample_data[] =
|
||||
"(data (flags pkcs1)"
|
||||
- " (hash sha1 #11223344556677889900aabbccddeeff10203040#))";
|
||||
+ " (hash sha256 #11223344556677889900aabbccddeeffa0b0c0d0102030405060708090a1b1c1#))";
|
||||
static const char sample_data_bad[] =
|
||||
"(data (flags pkcs1)"
|
||||
- " (hash sha1 #11223344556677889900aabbccddeeff80203040#))";
|
||||
+ " (hash sha256 #11223344556677889900aabbccddeeffa0b0c0d0102030405060708091a1b1c1#))";
|
||||
+ static const char signature_ka[] =
|
||||
+ "(sig-val \n"
|
||||
+ " (rsa \n"
|
||||
+ " (s #0B12D55738B099D401C81BEEDA54E045B4B7D9CDA5A8769E9C484F696A58912A"
|
||||
+ "1E5DE7E5A2D181DA15A5C254D802AB75F1056E27406850AC7BE310BC32D2CED8"
|
||||
+ "6697FE84508F7EFFF4D147C52E955A0873EF2F52ED71F2FC9C3C12D4045CB643"
|
||||
+ "70158378E1494D8FBAD2248B9B64233D2CC2C1932B0531E539DEB07434B76D3B"
|
||||
+ "6959E8A37E33B234C0C8C2C8FB1D00939239C9C491B2EBEED77BF952B597E11B"
|
||||
+ "D4ED0C103D2B88BC78B4E505CF9D8D08B585CE3688D4FBE83ED58D1E1341AC4D"
|
||||
+ "7C5EFF3CBC565CC7AE61C2F568426763A5239D31C1FFFD366984901679A343C4"
|
||||
+ "01BB778BBA5E533B7875BA658A19AA9E56170F4A28E4322BF1621175FB06463E#)\n"
|
||||
+ " )\n"
|
||||
+ " )\n";
|
||||
|
||||
const char *errtxt = NULL;
|
||||
gcry_error_t err;
|
||||
gcry_sexp_t data = NULL;
|
||||
gcry_sexp_t data_bad = NULL;
|
||||
gcry_sexp_t sig = NULL;
|
||||
+ char buf[1024];
|
||||
+ size_t len;
|
||||
|
||||
err = sexp_sscan (&data, NULL, sample_data, strlen (sample_data));
|
||||
if (!err)
|
||||
@@ -1641,6 +1680,12 @@ selftest_sign_1024 (gcry_sexp_t pkey, gc
|
||||
errtxt = "signing failed";
|
||||
goto leave;
|
||||
}
|
||||
+ len = sexp_sprint (sig, GCRYSEXP_FMT_ADVANCED, buf, sizeof(buf));
|
||||
+ if (len != sizeof (signature_ka) - 1 || memcmp (buf, signature_ka, len) != 0)
|
||||
+ {
|
||||
+ errtxt = "signature KAT failed";
|
||||
+ goto leave;
|
||||
+ }
|
||||
err = _gcry_pk_verify (sig, data, pkey);
|
||||
if (err)
|
||||
{
|
||||
@@ -1697,11 +1742,11 @@ extract_a_from_sexp (gcry_sexp_t encr_da
|
||||
|
||||
|
||||
static const char *
|
||||
-selftest_encr_1024 (gcry_sexp_t pkey, gcry_sexp_t skey)
|
||||
+selftest_encr (gcry_sexp_t pkey, gcry_sexp_t skey)
|
||||
{
|
||||
const char *errtxt = NULL;
|
||||
gcry_error_t err;
|
||||
- const unsigned int nbits = 1000; /* Encrypt 1000 random bits. */
|
||||
+ const unsigned int nbits = 2000; /* Encrypt 2000 random bits. */
|
||||
gcry_mpi_t plaintext = NULL;
|
||||
gcry_sexp_t plain = NULL;
|
||||
gcry_sexp_t encr = NULL;
|
||||
@@ -1822,12 +1867,12 @@ selftests_rsa (selftest_report_func_t re
|
||||
}
|
||||
|
||||
what = "sign";
|
||||
- errtxt = selftest_sign_1024 (pkey, skey);
|
||||
+ errtxt = selftest_sign (pkey, skey);
|
||||
if (errtxt)
|
||||
goto failed;
|
||||
|
||||
what = "encrypt";
|
||||
- errtxt = selftest_encr_1024 (pkey, skey);
|
||||
+ errtxt = selftest_encr (pkey, skey);
|
||||
if (errtxt)
|
||||
goto failed;
|
||||
|
||||
diff -up libgcrypt-1.6.2/random/drbg.c.fips-reqs libgcrypt-1.6.2/random/drbg.c
|
||||
diff -up libgcrypt-1.6.2/src/visibility.c.fips-reqs libgcrypt-1.6.2/src/visibility.c
|
||||
--- libgcrypt-1.6.2/src/visibility.c.fips-reqs 2014-08-21 14:50:39.000000000 +0200
|
||||
+++ libgcrypt-1.6.2/src/visibility.c 2014-12-08 17:23:06.530943221 +0100
|
||||
@@ -1259,6 +1259,8 @@ gcry_kdf_derive (const void *passphrase,
|
||||
unsigned long iterations,
|
||||
size_t keysize, void *keybuffer)
|
||||
{
|
||||
+ if (!fips_is_operational ())
|
||||
+ return gpg_error (fips_not_operational ());
|
||||
return gpg_error (_gcry_kdf_derive (passphrase, passphraselen, algo, hashalgo,
|
||||
salt, saltlen, iterations,
|
||||
keysize, keybuffer));
|
||||
@@ -1314,6 +1316,13 @@ void
|
||||
gcry_mpi_randomize (gcry_mpi_t w,
|
||||
unsigned int nbits, enum gcry_random_level level)
|
||||
{
|
||||
+ if (!fips_is_operational ())
|
||||
+ {
|
||||
+ (void)fips_not_operational ();
|
||||
+ fips_signal_fatal_error ("called in non-operational state");
|
||||
+ fips_noreturn ();
|
||||
+ }
|
||||
+
|
||||
_gcry_mpi_randomize (w, nbits, level);
|
||||
}
|
||||
|
||||
@@ -1339,6 +1348,8 @@ gcry_prime_generate (gcry_mpi_t *prime,
|
||||
gcry_random_level_t random_level,
|
||||
unsigned int flags)
|
||||
{
|
||||
+ if (!fips_is_operational ())
|
||||
+ return gpg_error (fips_not_operational ());
|
||||
return gpg_error (_gcry_prime_generate (prime, prime_bits, factor_bits,
|
||||
factors, cb_func, cb_arg,
|
||||
random_level, flags));
|
@ -1,18 +0,0 @@
|
||||
diff -up libgcrypt-1.6.2/tests/basic.c.fips-test libgcrypt-1.6.2/tests/basic.c
|
||||
--- libgcrypt-1.6.2/tests/basic.c.fips-test 2014-08-21 14:50:39.000000000 +0200
|
||||
+++ libgcrypt-1.6.2/tests/basic.c 2014-12-08 16:54:07.767619682 +0100
|
||||
@@ -582,6 +582,14 @@ check_ctr_cipher (void)
|
||||
if (!tv[i].algo)
|
||||
continue;
|
||||
|
||||
+ if (gcry_cipher_test_algo (tv[i].algo) && in_fips_mode)
|
||||
+ {
|
||||
+ if (verbose)
|
||||
+ fprintf (stderr, " algorithm %d not available in fips mode\n",
|
||||
+ tv[i].algo);
|
||||
+ continue;
|
||||
+ }
|
||||
+
|
||||
err = gcry_cipher_open (&hde, tv[i].algo, GCRY_CIPHER_MODE_CTR, 0);
|
||||
if (!err)
|
||||
err = gcry_cipher_open (&hdd, tv[i].algo, GCRY_CIPHER_MODE_CTR, 0);
|
@ -1,177 +0,0 @@
|
||||
diff -up libgcrypt-1.6.3/cipher/bufhelp.h.aliasing libgcrypt-1.6.3/cipher/bufhelp.h
|
||||
--- libgcrypt-1.6.3/cipher/bufhelp.h.aliasing 2015-02-27 10:54:03.000000000 +0100
|
||||
+++ libgcrypt-1.6.3/cipher/bufhelp.h 2015-03-13 15:03:43.301749751 +0100
|
||||
@@ -80,7 +80,7 @@ do_bytes:
|
||||
for (; len; len--)
|
||||
*dst++ = *src++;
|
||||
#endif /*__GNUC__ >= 4 && (__x86_64__ || __i386__)*/
|
||||
-}
|
||||
+} __attribute__ ((optimize("no-strict-aliasing")))
|
||||
|
||||
|
||||
/* Optimized function for buffer xoring */
|
||||
@@ -117,7 +117,7 @@ do_bytes:
|
||||
/* Handle tail. */
|
||||
for (; len; len--)
|
||||
*dst++ = *src1++ ^ *src2++;
|
||||
-}
|
||||
+} __attribute__ ((optimize("no-strict-aliasing")))
|
||||
|
||||
|
||||
/* Optimized function for buffer xoring with two destination buffers. Used
|
||||
@@ -155,7 +155,7 @@ do_bytes:
|
||||
/* Handle tail. */
|
||||
for (; len; len--)
|
||||
*dst1++ = (*dst2++ ^= *src++);
|
||||
-}
|
||||
+} __attribute__ ((optimize("no-strict-aliasing")))
|
||||
|
||||
|
||||
/* Optimized function for combined buffer xoring and copying. Used by mainly
|
||||
@@ -208,7 +208,7 @@ do_bytes:
|
||||
*dst_xor++ = *srcdst_cpy ^ *src_xor++;
|
||||
*srcdst_cpy++ = temp;
|
||||
}
|
||||
-}
|
||||
+} __attribute__ ((optimize("no-strict-aliasing")))
|
||||
|
||||
|
||||
/* Optimized function for combined buffer xoring and copying. Used by mainly
|
||||
@@ -234,7 +234,7 @@ buf_eq_const(const void *_a, const void
|
||||
diff -= !!(a[i] - b[i]);
|
||||
|
||||
return !diff;
|
||||
-}
|
||||
+} __attribute__ ((optimize("no-strict-aliasing")))
|
||||
|
||||
|
||||
#ifndef BUFHELP_FAST_UNALIGNED_ACCESS
|
||||
@@ -246,14 +246,14 @@ static inline u32 buf_get_be32(const voi
|
||||
const byte *in = _buf;
|
||||
return ((u32)in[0] << 24) | ((u32)in[1] << 16) | \
|
||||
((u32)in[2] << 8) | (u32)in[3];
|
||||
-}
|
||||
+} __attribute__ ((optimize("no-strict-aliasing")))
|
||||
|
||||
static inline u32 buf_get_le32(const void *_buf)
|
||||
{
|
||||
const byte *in = _buf;
|
||||
return ((u32)in[3] << 24) | ((u32)in[2] << 16) | \
|
||||
((u32)in[1] << 8) | (u32)in[0];
|
||||
-}
|
||||
+} __attribute__ ((optimize("no-strict-aliasing")))
|
||||
|
||||
static inline void buf_put_be32(void *_buf, u32 val)
|
||||
{
|
||||
@@ -262,7 +262,7 @@ static inline void buf_put_be32(void *_b
|
||||
out[1] = val >> 16;
|
||||
out[2] = val >> 8;
|
||||
out[3] = val;
|
||||
-}
|
||||
+} __attribute__ ((optimize("no-strict-aliasing")))
|
||||
|
||||
static inline void buf_put_le32(void *_buf, u32 val)
|
||||
{
|
||||
@@ -271,7 +271,7 @@ static inline void buf_put_le32(void *_b
|
||||
out[2] = val >> 16;
|
||||
out[1] = val >> 8;
|
||||
out[0] = val;
|
||||
-}
|
||||
+} __attribute__ ((optimize("no-strict-aliasing")))
|
||||
|
||||
#ifdef HAVE_U64_TYPEDEF
|
||||
/* Functions for loading and storing unaligned u64 values of different
|
||||
@@ -283,7 +283,7 @@ static inline u64 buf_get_be64(const voi
|
||||
((u64)in[2] << 40) | ((u64)in[3] << 32) | \
|
||||
((u64)in[4] << 24) | ((u64)in[5] << 16) | \
|
||||
((u64)in[6] << 8) | (u64)in[7];
|
||||
-}
|
||||
+} __attribute__ ((optimize("no-strict-aliasing")))
|
||||
|
||||
static inline u64 buf_get_le64(const void *_buf)
|
||||
{
|
||||
@@ -292,7 +292,7 @@ static inline u64 buf_get_le64(const voi
|
||||
((u64)in[5] << 40) | ((u64)in[4] << 32) | \
|
||||
((u64)in[3] << 24) | ((u64)in[2] << 16) | \
|
||||
((u64)in[1] << 8) | (u64)in[0];
|
||||
-}
|
||||
+} __attribute__ ((optimize("no-strict-aliasing")))
|
||||
|
||||
static inline void buf_put_be64(void *_buf, u64 val)
|
||||
{
|
||||
@@ -305,7 +305,7 @@ static inline void buf_put_be64(void *_b
|
||||
out[5] = val >> 16;
|
||||
out[6] = val >> 8;
|
||||
out[7] = val;
|
||||
-}
|
||||
+} __attribute__ ((optimize("no-strict-aliasing")))
|
||||
|
||||
static inline void buf_put_le64(void *_buf, u64 val)
|
||||
{
|
||||
@@ -318,7 +318,7 @@ static inline void buf_put_le64(void *_b
|
||||
out[2] = val >> 16;
|
||||
out[1] = val >> 8;
|
||||
out[0] = val;
|
||||
-}
|
||||
+} __attribute__ ((optimize("no-strict-aliasing")))
|
||||
#endif /*HAVE_U64_TYPEDEF*/
|
||||
|
||||
#else /*BUFHELP_FAST_UNALIGNED_ACCESS*/
|
||||
@@ -328,24 +328,24 @@ static inline void buf_put_le64(void *_b
|
||||
static inline u32 buf_get_be32(const void *_buf)
|
||||
{
|
||||
return be_bswap32(*(const u32 *)_buf);
|
||||
-}
|
||||
+} __attribute__ ((optimize("no-strict-aliasing")))
|
||||
|
||||
static inline u32 buf_get_le32(const void *_buf)
|
||||
{
|
||||
return le_bswap32(*(const u32 *)_buf);
|
||||
-}
|
||||
+} __attribute__ ((optimize("no-strict-aliasing")))
|
||||
|
||||
static inline void buf_put_be32(void *_buf, u32 val)
|
||||
{
|
||||
u32 *out = _buf;
|
||||
*out = be_bswap32(val);
|
||||
-}
|
||||
+} __attribute__ ((optimize("no-strict-aliasing")))
|
||||
|
||||
static inline void buf_put_le32(void *_buf, u32 val)
|
||||
{
|
||||
u32 *out = _buf;
|
||||
*out = le_bswap32(val);
|
||||
-}
|
||||
+} __attribute__ ((optimize("no-strict-aliasing")))
|
||||
|
||||
#ifdef HAVE_U64_TYPEDEF
|
||||
/* Functions for loading and storing unaligned u64 values of different
|
||||
@@ -353,24 +353,24 @@ static inline void buf_put_le32(void *_b
|
||||
static inline u64 buf_get_be64(const void *_buf)
|
||||
{
|
||||
return be_bswap64(*(const u64 *)_buf);
|
||||
-}
|
||||
+} __attribute__ ((optimize("no-strict-aliasing")))
|
||||
|
||||
static inline u64 buf_get_le64(const void *_buf)
|
||||
{
|
||||
return le_bswap64(*(const u64 *)_buf);
|
||||
-}
|
||||
+} __attribute__ ((optimize("no-strict-aliasing")))
|
||||
|
||||
static inline void buf_put_be64(void *_buf, u64 val)
|
||||
{
|
||||
u64 *out = _buf;
|
||||
*out = be_bswap64(val);
|
||||
-}
|
||||
+} __attribute__ ((optimize("no-strict-aliasing")))
|
||||
|
||||
static inline void buf_put_le64(void *_buf, u64 val)
|
||||
{
|
||||
u64 *out = _buf;
|
||||
*out = le_bswap64(val);
|
||||
-}
|
||||
+} __attribute__ ((optimize("no-strict-aliasing")))
|
||||
#endif /*HAVE_U64_TYPEDEF*/
|
||||
|
||||
#endif /*BUFHELP_FAST_UNALIGNED_ACCESS*/
|
@ -1,382 +0,0 @@
|
||||
Add FIPS 186-4 compliant RSA probable prime key generator.
|
||||
|
||||
Signed-off-by: Tomáš Mráz <tmraz@redhat.com>
|
||||
|
||||
diff -up libgcrypt-1.6.3/cipher/primegen.c.fips-keygen libgcrypt-1.6.3/cipher/primegen.c
|
||||
--- libgcrypt-1.6.3/cipher/primegen.c.fips-keygen 2015-03-06 16:38:56.698052602 +0100
|
||||
+++ libgcrypt-1.6.3/cipher/primegen.c 2015-03-06 16:45:45.848193024 +0100
|
||||
@@ -1199,6 +1199,25 @@ _gcry_prime_check (gcry_mpi_t x, unsigne
|
||||
return GPG_ERR_NO_PRIME;
|
||||
}
|
||||
|
||||
+/* Check whether the number X is prime according to FIPS 186-4 table C.2. */
|
||||
+gcry_err_code_t
|
||||
+_gcry_fips186_4_prime_check (gcry_mpi_t x, unsigned int bits)
|
||||
+{
|
||||
+ gcry_err_code_t ec = GPG_ERR_NO_ERROR;
|
||||
+
|
||||
+ switch (mpi_cmp_ui (x, 2))
|
||||
+ {
|
||||
+ case 0: return ec; /* 2 is a prime */
|
||||
+ case -1: return GPG_ERR_NO_PRIME; /* Only numbers > 1 are primes. */
|
||||
+ }
|
||||
+
|
||||
+ /* We use 5 or 4 rounds as specified in table C.2 */
|
||||
+ if (! check_prime (x, mpi_const (MPI_C_TWO), bits > 1024 ? 4 : 5, NULL, NULL))
|
||||
+ ec = GPG_ERR_NO_PRIME;
|
||||
+
|
||||
+ return ec;
|
||||
+}
|
||||
+
|
||||
/* Find a generator for PRIME where the factorization of (prime-1) is
|
||||
in the NULL terminated array FACTORS. Return the generator as a
|
||||
newly allocated MPI in R_G. If START_G is not NULL, use this as s
|
||||
diff -up libgcrypt-1.6.3/cipher/rsa.c.fips-keygen libgcrypt-1.6.3/cipher/rsa.c
|
||||
--- libgcrypt-1.6.3/cipher/rsa.c.fips-keygen 2015-03-06 16:38:56.661052411 +0100
|
||||
+++ libgcrypt-1.6.3/cipher/rsa.c 2015-03-06 16:38:56.699052607 +0100
|
||||
@@ -339,6 +339,279 @@ generate_std (RSA_secret_key *sk, unsign
|
||||
}
|
||||
|
||||
|
||||
+/****************
|
||||
+ * Generate a key pair with a key of size NBITS.
|
||||
+ * USE_E = 0 let Libcgrypt decide what exponent to use.
|
||||
+ * = 1 request the use of a "secure" exponent; this is required by some
|
||||
+ * specification to be 65537.
|
||||
+ * > 2 Use this public exponent. If the given exponent
|
||||
+ * is not odd one is internally added to it.
|
||||
+ * TESTPARMS: If set, do not generate but test whether the p,q is probably prime
|
||||
+ * Returns key with zeroes to not break code calling this function.
|
||||
+ * TRANSIENT_KEY: If true, generate the primes using the standard RNG.
|
||||
+ * Returns: 2 structures filled with all needed values
|
||||
+ */
|
||||
+static gpg_err_code_t
|
||||
+generate_fips (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e,
|
||||
+ gcry_sexp_t testparms, int transient_key)
|
||||
+{
|
||||
+ gcry_mpi_t p, q; /* the two primes */
|
||||
+ gcry_mpi_t d; /* the private key */
|
||||
+ gcry_mpi_t u;
|
||||
+ gcry_mpi_t p1, q1;
|
||||
+ gcry_mpi_t n; /* the public key */
|
||||
+ gcry_mpi_t e; /* the exponent */
|
||||
+ gcry_mpi_t g;
|
||||
+ gcry_mpi_t minp;
|
||||
+ gcry_mpi_t diff, mindiff;
|
||||
+ gcry_random_level_t random_level;
|
||||
+ unsigned int pbits = nbits/2;
|
||||
+ unsigned int i;
|
||||
+ int pqswitch;
|
||||
+ gpg_err_code_t ec = GPG_ERR_NO_PRIME;
|
||||
+
|
||||
+ if (nbits < 1024 || (nbits & 0x1FF))
|
||||
+ return GPG_ERR_INV_VALUE;
|
||||
+ if (_gcry_enforced_fips_mode() && nbits != 2048 && nbits != 3072)
|
||||
+ return GPG_ERR_INV_VALUE;
|
||||
+
|
||||
+ /* The random quality depends on the transient_key flag. */
|
||||
+ random_level = transient_key ? GCRY_STRONG_RANDOM : GCRY_VERY_STRONG_RANDOM;
|
||||
+
|
||||
+ if (testparms)
|
||||
+ {
|
||||
+ /* Parameters to derive the key are given. */
|
||||
+ /* Note that we explicitly need to setup the values of tbl
|
||||
+ because some compilers (e.g. OpenWatcom, IRIX) don't allow
|
||||
+ to initialize a structure with automatic variables. */
|
||||
+ struct { const char *name; gcry_mpi_t *value; } tbl[] = {
|
||||
+ { "e" },
|
||||
+ { "p" },
|
||||
+ { "q" },
|
||||
+ { NULL }
|
||||
+ };
|
||||
+ int idx;
|
||||
+ gcry_sexp_t oneparm;
|
||||
+
|
||||
+ tbl[0].value = &e;
|
||||
+ tbl[1].value = &p;
|
||||
+ tbl[2].value = &q;
|
||||
+
|
||||
+ for (idx=0; tbl[idx].name; idx++)
|
||||
+ {
|
||||
+ oneparm = sexp_find_token (testparms, tbl[idx].name, 0);
|
||||
+ if (oneparm)
|
||||
+ {
|
||||
+ *tbl[idx].value = sexp_nth_mpi (oneparm, 1,
|
||||
+ GCRYMPI_FMT_USG);
|
||||
+ sexp_release (oneparm);
|
||||
+ }
|
||||
+ }
|
||||
+ for (idx=0; tbl[idx].name; idx++)
|
||||
+ if (!*tbl[idx].value)
|
||||
+ break;
|
||||
+ if (tbl[idx].name)
|
||||
+ {
|
||||
+ /* At least one parameter is missing. */
|
||||
+ for (idx=0; tbl[idx].name; idx++)
|
||||
+ _gcry_mpi_release (*tbl[idx].value);
|
||||
+ return GPG_ERR_MISSING_VALUE;
|
||||
+ }
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ if (use_e < 65537)
|
||||
+ use_e = 65537; /* This is the smallest value allowed by FIPS */
|
||||
+
|
||||
+ e = mpi_alloc( (32+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB );
|
||||
+
|
||||
+ use_e |= 1; /* make sure this is odd */
|
||||
+ mpi_set_ui (e, use_e);
|
||||
+
|
||||
+ p = mpi_snew (pbits);
|
||||
+ q = mpi_snew (pbits);
|
||||
+ }
|
||||
+
|
||||
+ n = mpi_new (nbits);
|
||||
+ d = mpi_snew (nbits);
|
||||
+ u = mpi_snew (nbits);
|
||||
+
|
||||
+ /* prepare approximate minimum p and q */
|
||||
+ minp = mpi_new (pbits);
|
||||
+ mpi_set_ui (minp, 0xB504F334);
|
||||
+ mpi_lshift (minp, minp, pbits - 32);
|
||||
+
|
||||
+ /* prepare minimum p and q difference */
|
||||
+ diff = mpi_new (pbits);
|
||||
+ mindiff = mpi_new (pbits - 99);
|
||||
+ mpi_set_ui (mindiff, 1);
|
||||
+ mpi_lshift (mindiff, mindiff, pbits - 100);
|
||||
+
|
||||
+ p1 = mpi_snew (pbits);
|
||||
+ q1 = mpi_snew (pbits);
|
||||
+ g = mpi_snew (pbits);
|
||||
+
|
||||
+retry:
|
||||
+ /* generate p and q */
|
||||
+ for (i = 0; i < 5 * pbits; i++)
|
||||
+ {
|
||||
+ ploop:
|
||||
+ if (!testparms)
|
||||
+ {
|
||||
+ _gcry_mpi_randomize (p, pbits, random_level);
|
||||
+ }
|
||||
+ if (mpi_cmp (p, minp) < 0)
|
||||
+ {
|
||||
+ if (testparms) goto err;
|
||||
+ goto ploop;
|
||||
+ }
|
||||
+
|
||||
+ mpi_sub_ui (p1, p, 1);
|
||||
+ if (mpi_gcd (g, p1, e))
|
||||
+ {
|
||||
+ if (_gcry_fips186_4_prime_check (p, pbits) != GPG_ERR_NO_ERROR)
|
||||
+ {
|
||||
+ /* not a prime */
|
||||
+ if (testparms) goto err;
|
||||
+ }
|
||||
+ else
|
||||
+ break;
|
||||
+ }
|
||||
+ else if (testparms) goto err;
|
||||
+ }
|
||||
+ if (i >= 5 * pbits)
|
||||
+ goto err;
|
||||
+
|
||||
+ for (i = 0; i < 5 * pbits; i++)
|
||||
+ {
|
||||
+ qloop:
|
||||
+ if (!testparms)
|
||||
+ {
|
||||
+ _gcry_mpi_randomize (q, pbits, random_level);
|
||||
+ }
|
||||
+ if (mpi_cmp (q, minp) < 0)
|
||||
+ {
|
||||
+ if (testparms) goto err;
|
||||
+ goto qloop;
|
||||
+ }
|
||||
+ if (mpi_cmp (p, q) > 0)
|
||||
+ {
|
||||
+ pqswitch = 1;
|
||||
+ mpi_sub (diff, p, q);
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ pqswitch = 0;
|
||||
+ mpi_sub (diff, q, p);
|
||||
+ }
|
||||
+ if (mpi_cmp (diff, mindiff) < 0)
|
||||
+ {
|
||||
+ if (testparms) goto err;
|
||||
+ goto qloop;
|
||||
+ }
|
||||
+
|
||||
+ mpi_sub_ui (q1, q, 1);
|
||||
+ if (mpi_gcd (g, q1, e))
|
||||
+ {
|
||||
+ if (_gcry_fips186_4_prime_check (q, pbits) != GPG_ERR_NO_ERROR)
|
||||
+ {
|
||||
+ /* not a prime */
|
||||
+ if (testparms) goto err;
|
||||
+ }
|
||||
+ else
|
||||
+ break;
|
||||
+ }
|
||||
+ else if (testparms) goto err;
|
||||
+ }
|
||||
+ if (i >= 5 * pbits)
|
||||
+ goto err;
|
||||
+
|
||||
+ if (testparms)
|
||||
+ {
|
||||
+ mpi_clear (p);
|
||||
+ mpi_clear (q);
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ gcry_mpi_t f;
|
||||
+
|
||||
+ if (pqswitch)
|
||||
+ {
|
||||
+ gcry_mpi_t tmp;
|
||||
+
|
||||
+ tmp = p;
|
||||
+ p = q;
|
||||
+ q = tmp;
|
||||
+ }
|
||||
+
|
||||
+ f = mpi_snew (nbits);
|
||||
+
|
||||
+ /* calculate the modulus */
|
||||
+ mpi_mul(n, p, q);
|
||||
+
|
||||
+ /* calculate the secret key d = e^1 mod phi */
|
||||
+ mpi_gcd (g, p1, q1);
|
||||
+ mpi_fdiv_q (f, p1, g);
|
||||
+ mpi_mul (f, f, q1);
|
||||
+
|
||||
+ mpi_invm (d, e, f);
|
||||
+
|
||||
+ _gcry_mpi_release (f);
|
||||
+
|
||||
+ if (mpi_get_nbits (d) < pbits) goto retry;
|
||||
+
|
||||
+ /* calculate the inverse of p and q (used for chinese remainder theorem)*/
|
||||
+ mpi_invm(u, p, q );
|
||||
+ }
|
||||
+
|
||||
+ ec = 0;
|
||||
+
|
||||
+ if( DBG_CIPHER )
|
||||
+ {
|
||||
+ log_mpidump(" p= ", p );
|
||||
+ log_mpidump(" q= ", q );
|
||||
+ log_mpidump(" n= ", n );
|
||||
+ log_mpidump(" e= ", e );
|
||||
+ log_mpidump(" d= ", d );
|
||||
+ log_mpidump(" u= ", u );
|
||||
+ }
|
||||
+
|
||||
+err:
|
||||
+
|
||||
+ _gcry_mpi_release (p1);
|
||||
+ _gcry_mpi_release (q1);
|
||||
+ _gcry_mpi_release (g);
|
||||
+ _gcry_mpi_release (minp);
|
||||
+ _gcry_mpi_release (mindiff);
|
||||
+ _gcry_mpi_release (diff);
|
||||
+
|
||||
+ sk->n = n;
|
||||
+ sk->e = e;
|
||||
+ sk->p = p;
|
||||
+ sk->q = q;
|
||||
+ sk->d = d;
|
||||
+ sk->u = u;
|
||||
+
|
||||
+ /* Now we can test our keys. */
|
||||
+ if (ec || (!testparms && test_keys (sk, nbits - 64)))
|
||||
+ {
|
||||
+ _gcry_mpi_release (sk->n); sk->n = NULL;
|
||||
+ _gcry_mpi_release (sk->e); sk->e = NULL;
|
||||
+ _gcry_mpi_release (sk->p); sk->p = NULL;
|
||||
+ _gcry_mpi_release (sk->q); sk->q = NULL;
|
||||
+ _gcry_mpi_release (sk->d); sk->d = NULL;
|
||||
+ _gcry_mpi_release (sk->u); sk->u = NULL;
|
||||
+ if (!ec)
|
||||
+ {
|
||||
+ fips_signal_error ("self-test after key generation failed");
|
||||
+ return GPG_ERR_SELFTEST_FAILED;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return ec;
|
||||
+}
|
||||
+
|
||||
+
|
||||
/* Helper for generate_x931. */
|
||||
static gcry_mpi_t
|
||||
gen_x931_parm_xp (unsigned int nbits)
|
||||
@@ -799,7 +1072,7 @@ rsa_generate (const gcry_sexp_t genparms
|
||||
}
|
||||
}
|
||||
|
||||
- if (deriveparms || (flags & PUBKEY_FLAG_USE_X931) || fips_mode ())
|
||||
+ if (deriveparms || (flags & PUBKEY_FLAG_USE_X931))
|
||||
{
|
||||
int swapped;
|
||||
ec = generate_x931 (&sk, nbits, evalue, deriveparms, &swapped);
|
||||
@@ -819,9 +1092,14 @@ rsa_generate (const gcry_sexp_t genparms
|
||||
sexp_release (l1);
|
||||
}
|
||||
}
|
||||
+ deriveparms = (genparms?
|
||||
+ sexp_find_token (genparms, "test-parms", 0) : NULL);
|
||||
/* Generate. */
|
||||
- ec = generate_std (&sk, nbits, evalue,
|
||||
- !!(flags & PUBKEY_FLAG_TRANSIENT_KEY));
|
||||
+ if (deriveparms || fips_mode())
|
||||
+ ec = generate_fips (&sk, nbits, evalue, deriveparms, !!(flags & PUBKEY_FLAG_TRANSIENT_KEY));
|
||||
+ else
|
||||
+ ec = generate_std (&sk, nbits, evalue, !!(flags & PUBKEY_FLAG_TRANSIENT_KEY));
|
||||
+ sexp_release (deriveparms);
|
||||
}
|
||||
|
||||
if (!ec)
|
||||
diff -up libgcrypt-1.6.3/src/g10lib.h.fips-keygen libgcrypt-1.6.3/src/g10lib.h
|
||||
--- libgcrypt-1.6.3/src/g10lib.h.fips-keygen 2015-02-23 11:55:58.000000000 +0100
|
||||
+++ libgcrypt-1.6.3/src/g10lib.h 2015-03-06 16:38:56.699052607 +0100
|
||||
@@ -259,6 +259,9 @@ gpg_err_code_t _gcry_generate_fips186_3_
|
||||
int *r_counter,
|
||||
void **r_seed, size_t *r_seedlen, int *r_hashalgo);
|
||||
|
||||
+gpg_err_code_t _gcry_fips186_4_prime_check
|
||||
+ (const gcry_mpi_t x, unsigned int bits);
|
||||
+
|
||||
|
||||
/* Replacements of missing functions (missing-string.c). */
|
||||
#ifndef HAVE_STPCPY
|
||||
diff -up libgcrypt-1.6.3/tests/keygen.c.fips-keygen libgcrypt-1.6.3/tests/keygen.c
|
||||
--- libgcrypt-1.6.3/tests/keygen.c.fips-keygen 2015-03-06 16:38:56.661052411 +0100
|
||||
+++ libgcrypt-1.6.3/tests/keygen.c 2015-03-06 16:38:56.699052607 +0100
|
||||
@@ -215,12 +215,12 @@ check_rsa_keys (void)
|
||||
|
||||
|
||||
if (verbose)
|
||||
- show ("creating 1024 bit RSA key with e=257\n");
|
||||
+ show ("creating 1024 bit RSA key with e=65539\n");
|
||||
rc = gcry_sexp_new (&keyparm,
|
||||
"(genkey\n"
|
||||
" (rsa\n"
|
||||
" (nbits 4:1024)\n"
|
||||
- " (rsa-use-e 3:257)\n"
|
||||
+ " (rsa-use-e 5:65539)\n"
|
||||
" ))", 0, 1);
|
||||
if (rc)
|
||||
die ("error creating S-expression: %s\n", gpg_strerror (rc));
|
||||
@@ -229,7 +229,7 @@ check_rsa_keys (void)
|
||||
if (rc)
|
||||
die ("error generating RSA key: %s\n", gpg_strerror (rc));
|
||||
|
||||
- check_generated_rsa_key (key, 257);
|
||||
+ check_generated_rsa_key (key, 65539);
|
||||
gcry_sexp_release (key);
|
||||
|
||||
if (verbose)
|
@ -1,27 +0,0 @@
|
||||
diff -up libgcrypt-1.6.5/cipher/primegen.c.leak libgcrypt-1.6.5/cipher/primegen.c
|
||||
--- libgcrypt-1.6.5/cipher/primegen.c.leak 2016-07-21 11:06:32.783421204 +0200
|
||||
+++ libgcrypt-1.6.5/cipher/primegen.c 2016-07-21 11:06:32.789421337 +0200
|
||||
@@ -1208,10 +1208,7 @@ _gcry_prime_group_generator (gcry_mpi_t
|
||||
gcry_mpi_t prime, gcry_mpi_t *factors,
|
||||
gcry_mpi_t start_g)
|
||||
{
|
||||
- gcry_mpi_t tmp = mpi_new (0);
|
||||
- gcry_mpi_t b = mpi_new (0);
|
||||
- gcry_mpi_t pmin1 = mpi_new (0);
|
||||
- gcry_mpi_t g = start_g? mpi_copy (start_g) : mpi_set_ui (NULL, 3);
|
||||
+ gcry_mpi_t tmp, b, pmin1, g;
|
||||
int first = 1;
|
||||
int i, n;
|
||||
|
||||
@@ -1224,6 +1221,11 @@ _gcry_prime_group_generator (gcry_mpi_t
|
||||
if (n < 2)
|
||||
return GPG_ERR_INV_ARG;
|
||||
|
||||
+ tmp = mpi_new (0);
|
||||
+ b = mpi_new (0);
|
||||
+ pmin1 = mpi_new (0);
|
||||
+ g = start_g? mpi_copy (start_g) : mpi_set_ui (NULL, 3);
|
||||
+
|
||||
/* Extra sanity check - usually disabled. */
|
||||
/* mpi_set (tmp, factors[0]); */
|
||||
/* for(i = 1; i < n; i++) */
|
24
libgcrypt-1.7.3-aliasing.patch
Normal file
24
libgcrypt-1.7.3-aliasing.patch
Normal file
@ -0,0 +1,24 @@
|
||||
diff -up libgcrypt-1.7.3/cipher/bufhelp.h.aliasing libgcrypt-1.7.3/cipher/bufhelp.h
|
||||
--- libgcrypt-1.7.3/cipher/bufhelp.h.aliasing 2016-04-07 17:30:08.000000000 +0200
|
||||
+++ libgcrypt-1.7.3/cipher/bufhelp.h 2016-11-22 17:00:13.065692916 +0100
|
||||
@@ -35,6 +35,11 @@
|
||||
# define BUFHELP_FAST_UNALIGNED_ACCESS 1
|
||||
#endif
|
||||
|
||||
+#if _GCRY_GCC_VERSION >= 40400
|
||||
+# pragma GCC push_options
|
||||
+# pragma GCC optimize ("no-strict-aliasing")
|
||||
+#endif
|
||||
+
|
||||
|
||||
#ifdef BUFHELP_FAST_UNALIGNED_ACCESS
|
||||
/* Define type with one-byte alignment on architectures with fast unaligned
|
||||
@@ -429,4 +434,8 @@ static inline void buf_put_le64(void *_b
|
||||
|
||||
#endif /*BUFHELP_FAST_UNALIGNED_ACCESS*/
|
||||
|
||||
+#if _GCRY_GCC_VERSION >= 40400
|
||||
+# pragma GCC pop_options
|
||||
+#endif
|
||||
+
|
||||
#endif /*GCRYPT_BUFHELP_H*/
|
158
libgcrypt-1.7.3-ecc-test-fix.patch
Normal file
158
libgcrypt-1.7.3-ecc-test-fix.patch
Normal file
@ -0,0 +1,158 @@
|
||||
diff -up libgcrypt-1.7.3/tests/basic.c.eccfix libgcrypt-1.7.3/tests/basic.c
|
||||
--- libgcrypt-1.7.3/tests/basic.c.eccfix 2016-04-15 09:42:06.000000000 +0200
|
||||
+++ libgcrypt-1.7.3/tests/basic.c 2016-11-22 18:43:19.732897206 +0100
|
||||
@@ -8506,6 +8506,7 @@ check_pubkey_sign_ecdsa (int n, gcry_sex
|
||||
/* */ "000102030405060708090A0B0C0D0E0F#))",
|
||||
0
|
||||
},
|
||||
+#if 0
|
||||
{ 256,
|
||||
"(data (flags gost)\n"
|
||||
" (value #00112233445566778899AABBCCDDEEFF"
|
||||
@@ -8530,6 +8531,7 @@ check_pubkey_sign_ecdsa (int n, gcry_sex
|
||||
/* */ "000102030405060708090A0B0C0D0E0F#))",
|
||||
0
|
||||
},
|
||||
+#endif
|
||||
{ 0, NULL }
|
||||
};
|
||||
|
||||
@@ -9136,6 +9138,7 @@ check_pubkey (void)
|
||||
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
|
||||
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" }
|
||||
},
|
||||
+#if 0
|
||||
{ /* GOST R 34.10-2001/2012 test 256 bit. */
|
||||
GCRY_PK_ECDSA, FLAG_SIGN,
|
||||
{
|
||||
@@ -9187,6 +9190,7 @@ check_pubkey (void)
|
||||
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
|
||||
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" }
|
||||
},
|
||||
+#endif
|
||||
{ /* secp256k1 test 256 bit. */
|
||||
GCRY_PK_ECDSA, FLAG_SIGN,
|
||||
{
|
||||
diff -up libgcrypt-1.7.3/tests/benchmark.c.eccfix libgcrypt-1.7.3/tests/benchmark.c
|
||||
--- libgcrypt-1.7.3/tests/benchmark.c.eccfix 2016-07-14 11:19:17.000000000 +0200
|
||||
+++ libgcrypt-1.7.3/tests/benchmark.c 2016-11-22 16:21:00.109004197 +0100
|
||||
@@ -1412,8 +1412,7 @@ ecc_bench (int iterations, int print_hea
|
||||
{
|
||||
#if USE_ECC
|
||||
gpg_error_t err;
|
||||
- const char *p_sizes[] = { "192", "224", "256", "384", "521", "Ed25519",
|
||||
- "gost256", "gost512" };
|
||||
+ const char *p_sizes[] = { "224", "256", "384", "521", "Ed25519" };
|
||||
int testno;
|
||||
|
||||
if (print_header)
|
||||
diff -up libgcrypt-1.7.3/tests/dsa-rfc6979.c.eccfix libgcrypt-1.7.3/tests/dsa-rfc6979.c
|
||||
--- libgcrypt-1.7.3/tests/dsa-rfc6979.c.eccfix 2016-02-18 09:38:03.000000000 +0100
|
||||
+++ libgcrypt-1.7.3/tests/dsa-rfc6979.c 2016-11-22 16:22:11.804674008 +0100
|
||||
@@ -210,16 +210,6 @@ check_dsa_rfc6979 (void)
|
||||
" ))"
|
||||
},
|
||||
{
|
||||
- "ECDSA, 192 bits (prime field)",
|
||||
- "(private-key"
|
||||
- " (ecdsa"
|
||||
- " (curve \"NIST P-192\")"
|
||||
- " (q #04AC2C77F529F91689FEA0EA5EFEC7F210D8EEA0B9E047ED56"
|
||||
- " 3BC723E57670BD4887EBC732C523063D0A7C957BC97C1C43#)"
|
||||
- " (d #6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4#)"
|
||||
- " ))"
|
||||
- },
|
||||
- {
|
||||
"ECDSA, 224 bits (prime field)",
|
||||
"(private-key"
|
||||
" (ecdsa"
|
||||
@@ -443,89 +433,6 @@ check_dsa_rfc6979 (void)
|
||||
"C9F0BDABCC0D880BB137A994CC7F3980CE91CC10FAF529FC46565B15CEA854E1"
|
||||
},
|
||||
{
|
||||
- "ECDSA, 192 bits (prime field)",
|
||||
- "With SHA-1, message = \"sample\"",
|
||||
- "sha1", "sample",
|
||||
- "37D7CA00D2C7B0E5E412AC03BD44BA837FDD5B28CD3B0021",
|
||||
- "98C6BD12B23EAF5E2A2045132086BE3EB8EBD62ABF6698FF",
|
||||
- "57A22B07DEA9530F8DE9471B1DC6624472E8E2844BC25B64"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 192 bits (prime field)",
|
||||
- "With SHA-224, message = \"sample\"",
|
||||
- "sha224", "sample",
|
||||
- "4381526B3FC1E7128F202E194505592F01D5FF4C5AF015D8",
|
||||
- "A1F00DAD97AEEC91C95585F36200C65F3C01812AA60378F5",
|
||||
- "E07EC1304C7C6C9DEBBE980B9692668F81D4DE7922A0F97A"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 192 bits (prime field)",
|
||||
- "With SHA-256, message = \"sample\"",
|
||||
- "sha256", "sample",
|
||||
- "32B1B6D7D42A05CB449065727A84804FB1A3E34D8F261496",
|
||||
- "4B0B8CE98A92866A2820E20AA6B75B56382E0F9BFD5ECB55",
|
||||
- "CCDB006926EA9565CBADC840829D8C384E06DE1F1E381B85"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 192 bits (prime field)",
|
||||
- "With SHA-384, message = \"sample\"",
|
||||
- "sha384", "sample",
|
||||
- "4730005C4FCB01834C063A7B6760096DBE284B8252EF4311",
|
||||
- "DA63BF0B9ABCF948FBB1E9167F136145F7A20426DCC287D5",
|
||||
- "C3AA2C960972BD7A2003A57E1C4C77F0578F8AE95E31EC5E"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 192 bits (prime field)",
|
||||
- "With SHA-512, message = \"sample\"",
|
||||
- "sha512", "sample",
|
||||
- "A2AC7AB055E4F20692D49209544C203A7D1F2C0BFBC75DB1",
|
||||
- "4D60C5AB1996BD848343B31C00850205E2EA6922DAC2E4B8",
|
||||
- "3F6E837448F027A1BF4B34E796E32A811CBB4050908D8F67"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 192 bits (prime field)",
|
||||
- "With SHA-1, message = \"test\"",
|
||||
- "sha1", "test",
|
||||
- "D9CF9C3D3297D3260773A1DA7418DB5537AB8DD93DE7FA25",
|
||||
- "0F2141A0EBBC44D2E1AF90A50EBCFCE5E197B3B7D4DE036D",
|
||||
- "EB18BC9E1F3D7387500CB99CF5F7C157070A8961E38700B7"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 192 bits (prime field)",
|
||||
- "With SHA-224, message = \"test\"",
|
||||
- "sha224", "test",
|
||||
- "F5DC805F76EF851800700CCE82E7B98D8911B7D510059FBE",
|
||||
- "6945A1C1D1B2206B8145548F633BB61CEF04891BAF26ED34",
|
||||
- "B7FB7FDFC339C0B9BD61A9F5A8EAF9BE58FC5CBA2CB15293"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 192 bits (prime field)",
|
||||
- "With SHA-256, message = \"test\"",
|
||||
- "sha256", "test",
|
||||
- "5C4CE89CF56D9E7C77C8585339B006B97B5F0680B4306C6C",
|
||||
- "3A718BD8B4926C3B52EE6BBE67EF79B18CB6EB62B1AD97AE",
|
||||
- "5662E6848A4A19B1F1AE2F72ACD4B8BBE50F1EAC65D9124F"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 192 bits (prime field)",
|
||||
- "With SHA-384, message = \"test\"",
|
||||
- "sha384", "test",
|
||||
- "5AFEFB5D3393261B828DB6C91FBC68C230727B030C975693",
|
||||
- "B234B60B4DB75A733E19280A7A6034BD6B1EE88AF5332367",
|
||||
- "7994090B2D59BB782BE57E74A44C9A1C700413F8ABEFE77A"
|
||||
- },
|
||||
- {
|
||||
- "ECDSA, 192 bits (prime field)",
|
||||
- "With SHA-512, message = \"test\"",
|
||||
- "sha512", "test",
|
||||
- "0758753A5254759C7CFBAD2E2D9B0792EEE44136C9480527",
|
||||
- "FE4F4AE86A58B6507946715934FE2D8FF9D95B6B098FE739",
|
||||
- "74CF5605C98FBA0E1EF34D4B5A1577A7DCF59457CAE52290"
|
||||
- },
|
||||
-
|
||||
-
|
||||
-
|
||||
- {
|
||||
"ECDSA, 224 bits (prime field)",
|
||||
"With SHA-1, message = \"sample\"",
|
||||
"sha1", "sample",
|
@ -1,6 +1,6 @@
|
||||
diff -up libgcrypt-1.5.3/tests/cavs_driver.pl.cavs libgcrypt-1.5.3/tests/cavs_driver.pl
|
||||
--- libgcrypt-1.5.3/tests/cavs_driver.pl.cavs 2013-05-22 18:02:55.000000000 +0200
|
||||
+++ libgcrypt-1.5.3/tests/cavs_driver.pl 2014-10-21 09:38:34.250691408 +0200
|
||||
diff -up libgcrypt-1.7.3/tests/cavs_driver.pl.cavs libgcrypt-1.7.3/tests/cavs_driver.pl
|
||||
--- libgcrypt-1.7.3/tests/cavs_driver.pl.cavs 2013-03-15 20:25:38.000000000 +0100
|
||||
+++ libgcrypt-1.7.3/tests/cavs_driver.pl 2016-11-22 17:29:06.067553077 +0100
|
||||
@@ -1,9 +1,11 @@
|
||||
#!/usr/bin/env perl
|
||||
#
|
||||
@ -862,9 +862,9 @@ diff -up libgcrypt-1.5.3/tests/cavs_driver.pl.cavs libgcrypt-1.5.3/tests/cavs_dr
|
||||
} else {
|
||||
die "Invalid interface option given";
|
||||
}
|
||||
diff -up libgcrypt-1.5.3/tests/cavs_tests.sh.cavs libgcrypt-1.5.3/tests/cavs_tests.sh
|
||||
--- libgcrypt-1.5.3/tests/cavs_tests.sh.cavs 2013-05-22 18:02:55.000000000 +0200
|
||||
+++ libgcrypt-1.5.3/tests/cavs_tests.sh 2014-09-26 17:45:38.434674884 +0200
|
||||
diff -up libgcrypt-1.7.3/tests/cavs_tests.sh.cavs libgcrypt-1.7.3/tests/cavs_tests.sh
|
||||
--- libgcrypt-1.7.3/tests/cavs_tests.sh.cavs 2013-03-15 20:25:38.000000000 +0100
|
||||
+++ libgcrypt-1.7.3/tests/cavs_tests.sh 2016-11-22 17:29:06.067553077 +0100
|
||||
@@ -55,7 +55,7 @@ function run_one_test () {
|
||||
[ -d "$respdir" ] || mkdir "$respdir"
|
||||
[ -f "$rspfile" ] && rm "$rspfile"
|
||||
@ -874,10 +874,10 @@ diff -up libgcrypt-1.5.3/tests/cavs_tests.sh.cavs libgcrypt-1.5.3/tests/cavs_tes
|
||||
dflag="-D"
|
||||
fi
|
||||
|
||||
diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c
|
||||
--- libgcrypt-1.5.3/tests/fipsdrv.c.cavs 2013-07-25 11:10:04.000000000 +0200
|
||||
+++ libgcrypt-1.5.3/tests/fipsdrv.c 2014-10-21 09:30:30.796777225 +0200
|
||||
@@ -893,6 +893,9 @@ print_mpi_line (gcry_mpi_t a, int no_lz)
|
||||
diff -up libgcrypt-1.7.3/tests/fipsdrv.c.cavs libgcrypt-1.7.3/tests/fipsdrv.c
|
||||
--- libgcrypt-1.7.3/tests/fipsdrv.c.cavs 2016-07-14 11:19:17.000000000 +0200
|
||||
+++ libgcrypt-1.7.3/tests/fipsdrv.c 2016-11-22 17:33:15.468330859 +0100
|
||||
@@ -892,6 +892,9 @@ print_mpi_line (gcry_mpi_t a, int no_lz)
|
||||
die ("gcry_mpi_aprint failed: %s\n", gpg_strerror (err));
|
||||
|
||||
p = buf;
|
||||
@ -887,77 +887,7 @@ diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c
|
||||
if (no_lz && p[0] == '0' && p[1] == '0' && p[2])
|
||||
p += 2;
|
||||
|
||||
@@ -1346,6 +1349,69 @@ run_rsa_derive (const void *data, size_t
|
||||
}
|
||||
|
||||
|
||||
+/* Generate RSA key using the S-expression in (DATA,DATALEN). This
|
||||
+ S-expression is used directly as input to gcry_pk_genkey. The
|
||||
+ result is printed to stdout with one parameter per line in hex
|
||||
+ format and in this order: e, p, q, n, d. */
|
||||
+static void
|
||||
+run_rsa_keygen (const void *data, size_t datalen, int test)
|
||||
+{
|
||||
+ gpg_error_t err;
|
||||
+ gcry_sexp_t s_keyspec, s_key, s_top, l1;
|
||||
+ gcry_mpi_t mpi;
|
||||
+ const char *parmlist;
|
||||
+ int idx;
|
||||
+
|
||||
+ if (!datalen)
|
||||
+ err = gpg_error (GPG_ERR_NO_DATA);
|
||||
+ else
|
||||
+ err = gcry_sexp_new (&s_keyspec, data, datalen, 1);
|
||||
+ if (err)
|
||||
+ die ("gcry_sexp_new failed for RSA key generation: %s\n",
|
||||
+ gpg_strerror (err));
|
||||
+
|
||||
+ err = gcry_pk_genkey (&s_key, s_keyspec);
|
||||
+
|
||||
+ gcry_sexp_release (s_keyspec);
|
||||
+
|
||||
+ if (test) {
|
||||
+ if (err)
|
||||
+ printf("F\n");
|
||||
+ else {
|
||||
+ gcry_sexp_release (s_key);
|
||||
+ printf("P\n");
|
||||
+ }
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ if (err)
|
||||
+ die ("gcry_pk_genkey failed for RSA: %s\n", gpg_strerror (err));
|
||||
+
|
||||
+ parmlist = "epqnd";
|
||||
+
|
||||
+ /* Parse and print the parameters. */
|
||||
+ l1 = gcry_sexp_find_token (s_key, "private-key", 0);
|
||||
+ s_top = gcry_sexp_find_token (l1, "rsa", 0);
|
||||
+ gcry_sexp_release (l1);
|
||||
+ if (!s_top)
|
||||
+ die ("private-key part not found in result\n");
|
||||
+
|
||||
+ for (idx=0; parmlist[idx]; idx++)
|
||||
+ {
|
||||
+ l1 = gcry_sexp_find_token (s_top, parmlist+idx, 1);
|
||||
+ mpi = gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG);
|
||||
+ gcry_sexp_release (l1);
|
||||
+ if (!mpi)
|
||||
+ die ("parameter %c missing in private-key\n", parmlist[idx]);
|
||||
+ print_mpi_line (mpi, 1);
|
||||
+ gcry_mpi_release (mpi);
|
||||
+ }
|
||||
+
|
||||
+ gcry_sexp_release (s_top);
|
||||
+ gcry_sexp_release (s_key);
|
||||
+}
|
||||
+
|
||||
+
|
||||
|
||||
static size_t
|
||||
compute_tag_length (size_t n)
|
||||
@@ -1675,14 +1741,14 @@ run_rsa_verify (const void *data, size_t
|
||||
@@ -1765,14 +1768,14 @@ run_rsa_verify (const void *data, size_t
|
||||
/* Generate a DSA key of size KEYSIZE and return the complete
|
||||
S-expression. */
|
||||
static gcry_sexp_t
|
||||
@ -975,7 +905,7 @@ diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c
|
||||
if (err)
|
||||
die ("gcry_sexp_build failed for DSA key generation: %s\n",
|
||||
gpg_strerror (err));
|
||||
@@ -1700,7 +1766,7 @@ dsa_gen (int keysize)
|
||||
@@ -1790,7 +1793,7 @@ dsa_gen (int keysize)
|
||||
/* Generate a DSA key of size KEYSIZE and return the complete
|
||||
S-expression. */
|
||||
static gcry_sexp_t
|
||||
@ -984,7 +914,7 @@ diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c
|
||||
{
|
||||
gpg_error_t err;
|
||||
gcry_sexp_t keyspec, key;
|
||||
@@ -1709,10 +1775,11 @@ dsa_gen_with_seed (int keysize, const vo
|
||||
@@ -1799,10 +1802,11 @@ dsa_gen_with_seed (int keysize, const vo
|
||||
"(genkey"
|
||||
" (dsa"
|
||||
" (nbits %d)"
|
||||
@ -998,7 +928,7 @@ diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c
|
||||
if (err)
|
||||
die ("gcry_sexp_build failed for DSA key generation: %s\n",
|
||||
gpg_strerror (err));
|
||||
@@ -1720,6 +1787,37 @@ dsa_gen_with_seed (int keysize, const vo
|
||||
@@ -1810,6 +1814,37 @@ dsa_gen_with_seed (int keysize, const vo
|
||||
err = gcry_pk_genkey (&key, keyspec);
|
||||
if (err)
|
||||
die ("gcry_pk_genkey failed for DSA: %s\n", gpg_strerror (err));
|
||||
@ -1036,7 +966,7 @@ diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c
|
||||
|
||||
gcry_sexp_release (keyspec);
|
||||
|
||||
@@ -1732,7 +1830,7 @@ dsa_gen_with_seed (int keysize, const vo
|
||||
@@ -1849,7 +1884,7 @@ ecdsa_gen_key (const char *curve)
|
||||
with one parameter per line in hex format using this order: p, q,
|
||||
g, seed, counter, h. */
|
||||
static void
|
||||
@ -1045,7 +975,7 @@ diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c
|
||||
{
|
||||
gcry_sexp_t l1, l2;
|
||||
gcry_mpi_t mpi;
|
||||
@@ -1768,6 +1866,9 @@ print_dsa_domain_parameters (gcry_sexp_t
|
||||
@@ -1885,6 +1920,9 @@ print_dsa_domain_parameters (gcry_sexp_t
|
||||
}
|
||||
gcry_sexp_release (l1);
|
||||
|
||||
@ -1055,7 +985,7 @@ diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c
|
||||
/* Extract the seed values. */
|
||||
l1 = gcry_sexp_find_token (key, "misc-key-info", 0);
|
||||
if (!l1)
|
||||
@@ -1819,38 +1920,106 @@ print_dsa_domain_parameters (gcry_sexp_t
|
||||
@@ -1976,38 +2014,106 @@ print_ecdsa_dq (gcry_sexp_t key)
|
||||
}
|
||||
|
||||
|
||||
@ -1172,7 +1102,7 @@ diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c
|
||||
|
||||
fp = fopen (filename, "wb");
|
||||
if (!fp)
|
||||
@@ -1863,6 +2032,53 @@ run_dsa_gen (int keysize, const char *fi
|
||||
@@ -2020,6 +2126,53 @@ run_dsa_gen (int keysize, const char *fi
|
||||
}
|
||||
|
||||
|
||||
@ -1226,7 +1156,7 @@ diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c
|
||||
|
||||
/* Sign DATA of length DATALEN using the key taken from the S-expression
|
||||
encoded KEYFILE. */
|
||||
@@ -1872,11 +2088,16 @@ run_dsa_sign (const void *data, size_t d
|
||||
@@ -2029,11 +2182,16 @@ run_dsa_sign (const void *data, size_t d
|
||||
{
|
||||
gpg_error_t err;
|
||||
gcry_sexp_t s_data, s_key, s_sig, s_tmp, s_tmp2;
|
||||
@ -1234,19 +1164,19 @@ diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c
|
||||
+ char hash[128];
|
||||
gcry_mpi_t tmpmpi;
|
||||
+ int algo;
|
||||
+
|
||||
+ s_key = read_sexp_from_file (keyfile);
|
||||
+ algo = dsa_hash_from_key(s_key);
|
||||
|
||||
- gcry_md_hash_buffer (GCRY_MD_SHA1, hash, data, datalen);
|
||||
- err = gcry_mpi_scan (&tmpmpi, GCRYMPI_FMT_USG, hash, 20, NULL);
|
||||
+ s_key = read_sexp_from_file (keyfile);
|
||||
+ algo = dsa_hash_from_key(s_key);
|
||||
+
|
||||
+ gcry_md_hash_buffer (algo, hash, data, datalen);
|
||||
+ err = gcry_mpi_scan (&tmpmpi, GCRYMPI_FMT_USG, hash,
|
||||
+ gcry_md_get_algo_dlen(algo), NULL);
|
||||
if (!err)
|
||||
{
|
||||
err = gcry_sexp_build (&s_data, NULL,
|
||||
@@ -1887,8 +2108,6 @@ run_dsa_sign (const void *data, size_t d
|
||||
@@ -2044,8 +2202,6 @@ run_dsa_sign (const void *data, size_t d
|
||||
die ("gcry_sexp_build failed for DSA data input: %s\n",
|
||||
gpg_strerror (err));
|
||||
|
||||
@ -1255,7 +1185,7 @@ diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c
|
||||
err = gcry_pk_sign (&s_sig, s_data, s_key);
|
||||
if (err)
|
||||
{
|
||||
@@ -1964,13 +2183,18 @@ run_dsa_verify (const void *data, size_t
|
||||
@@ -2121,13 +2277,18 @@ run_dsa_verify (const void *data, size_t
|
||||
{
|
||||
gpg_error_t err;
|
||||
gcry_sexp_t s_data, s_key, s_sig;
|
||||
@ -1263,11 +1193,11 @@ diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c
|
||||
+ char hash[128];
|
||||
gcry_mpi_t tmpmpi;
|
||||
+ int algo;
|
||||
+
|
||||
+ s_key = read_sexp_from_file (keyfile);
|
||||
+ algo = dsa_hash_from_key(s_key);
|
||||
|
||||
- gcry_md_hash_buffer (GCRY_MD_SHA1, hash, data, datalen);
|
||||
+ s_key = read_sexp_from_file (keyfile);
|
||||
+ algo = dsa_hash_from_key(s_key);
|
||||
+
|
||||
+ gcry_md_hash_buffer (algo, hash, data, datalen);
|
||||
/* Note that we can't simply use %b with HASH to build the
|
||||
S-expression, because that might yield a negative value. */
|
||||
@ -1277,7 +1207,7 @@ diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c
|
||||
if (!err)
|
||||
{
|
||||
err = gcry_sexp_build (&s_data, NULL,
|
||||
@@ -1981,7 +2205,6 @@ run_dsa_verify (const void *data, size_t
|
||||
@@ -2138,7 +2299,6 @@ run_dsa_verify (const void *data, size_t
|
||||
die ("gcry_sexp_build failed for DSA data input: %s\n",
|
||||
gpg_strerror (err));
|
||||
|
||||
@ -1285,24 +1215,24 @@ diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c
|
||||
s_sig = read_sexp_from_file (sigfile);
|
||||
|
||||
err = gcry_pk_verify (s_sig, s_data, s_key);
|
||||
@@ -2014,7 +2237,7 @@ usage (int show_help)
|
||||
"Run a crypto operation using hex encoded input and output.\n"
|
||||
@@ -2304,7 +2464,7 @@ usage (int show_help)
|
||||
"MODE:\n"
|
||||
" encrypt, decrypt, digest, random, hmac-sha,\n"
|
||||
- " rsa-{derive,gen,sign,verify}, dsa-{pqg-gen,gen,sign,verify}\n"
|
||||
+ " rsa-{derive,gen,sign,verify}, dsa-{pq-gen,g-gen,gen,sign,verify}\n"
|
||||
" rsa-{derive,gen,sign,verify},\n"
|
||||
- " dsa-{pqg-gen,gen,sign,verify}, ecdsa-{gen-key,sign,verify}\n"
|
||||
+ " dsa-{pq-gen,g-gen,gen,sign,verify}, ecdsa-{gen-key,sign,verify}\n"
|
||||
"OPTIONS:\n"
|
||||
" --verbose Print additional information\n"
|
||||
" --binary Input and output is in binary form\n"
|
||||
@@ -2024,6 +2247,7 @@ usage (int show_help)
|
||||
" --dt DT Use the hex encoded DT for the RNG\n"
|
||||
@@ -2315,6 +2475,7 @@ usage (int show_help)
|
||||
" --algo NAME Use algorithm NAME\n"
|
||||
" --curve NAME Select ECC curve spec NAME\n"
|
||||
" --keysize N Use a keysize of N bits\n"
|
||||
+ " --qize N Use a DSA q parameter size of N bits\n"
|
||||
" --signature NAME Take signature from file NAME\n"
|
||||
" --chunk N Read in chunks of N bytes (implies --binary)\n"
|
||||
" --pkcs1 Use PKCS#1 encoding\n"
|
||||
@@ -2050,6 +2274,7 @@ main (int argc, char **argv)
|
||||
@@ -2344,6 +2505,7 @@ main (int argc, char **argv)
|
||||
const char *dt_string = NULL;
|
||||
const char *algo_string = NULL;
|
||||
const char *keysize_string = NULL;
|
||||
@ -1310,7 +1240,7 @@ diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c
|
||||
const char *signature_string = NULL;
|
||||
FILE *input;
|
||||
void *data;
|
||||
@@ -2143,6 +2368,14 @@ main (int argc, char **argv)
|
||||
@@ -2437,6 +2599,14 @@ main (int argc, char **argv)
|
||||
keysize_string = *argv;
|
||||
argc--; argv++;
|
||||
}
|
||||
@ -1325,36 +1255,16 @@ diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c
|
||||
else if (!strcmp (*argv, "--signature"))
|
||||
{
|
||||
argc--; argv++;
|
||||
@@ -2406,6 +2639,18 @@ main (int argc, char **argv)
|
||||
die ("no data available (do not use --chunk)\n");
|
||||
run_rsa_derive (data, datalen);
|
||||
}
|
||||
+ else if (!strcmp (mode_string, "rsa-keygen"))
|
||||
+ {
|
||||
+ if (!data)
|
||||
+ die ("no data available (do not use --chunk)\n");
|
||||
+ run_rsa_keygen (data, datalen, 0);
|
||||
+ }
|
||||
+ else if (!strcmp (mode_string, "rsa-keygen-kat"))
|
||||
+ {
|
||||
+ if (!data)
|
||||
+ die ("no data available (do not use --chunk)\n");
|
||||
+ run_rsa_keygen (data, datalen, 1);
|
||||
+ }
|
||||
else if (!strcmp (mode_string, "rsa-gen"))
|
||||
{
|
||||
int keysize;
|
||||
@@ -2463,23 +2708,49 @@ main (int argc, char **argv)
|
||||
@@ -2792,23 +2962,49 @@ main (int argc, char **argv)
|
||||
}
|
||||
else if (!strcmp (mode_string, "dsa-pqg-gen"))
|
||||
{
|
||||
- int keysize;
|
||||
+ int keysize, qsize;
|
||||
|
||||
keysize = keysize_string? atoi (keysize_string) : 0;
|
||||
if (keysize < 1024 || keysize > 3072)
|
||||
die ("invalid keysize specified; needs to be 1024 .. 3072\n");
|
||||
- run_dsa_pqg_gen (keysize, datalen? data:NULL, datalen);
|
||||
+
|
||||
+ keysize = keysize_string? atoi (keysize_string) : 0;
|
||||
+ if (keysize < 1024 || keysize > 3072)
|
||||
+ die ("invalid keysize specified; needs to be 1024 .. 3072\n");
|
||||
+ qsize = qsize_string? atoi (qsize_string) : 0;
|
||||
+ if (qsize < 160 || qsize > 256)
|
||||
+ die ("invalid qsize specified; needs to be 160 .. 256\n");
|
||||
@ -1363,10 +1273,11 @@ diff -up libgcrypt-1.5.3/tests/fipsdrv.c.cavs libgcrypt-1.5.3/tests/fipsdrv.c
|
||||
+ else if (!strcmp (mode_string, "dsa-g-gen"))
|
||||
+ {
|
||||
+ int keysize, qsize;
|
||||
+
|
||||
+ keysize = keysize_string? atoi (keysize_string) : 0;
|
||||
+ if (keysize < 1024 || keysize > 3072)
|
||||
+ die ("invalid keysize specified; needs to be 1024 .. 3072\n");
|
||||
|
||||
keysize = keysize_string? atoi (keysize_string) : 0;
|
||||
if (keysize < 1024 || keysize > 3072)
|
||||
die ("invalid keysize specified; needs to be 1024 .. 3072\n");
|
||||
- run_dsa_pqg_gen (keysize, datalen? data:NULL, datalen);
|
||||
+ qsize = qsize_string? atoi (qsize_string) : 0;
|
||||
+ if (qsize < 160 || qsize > 256)
|
||||
+ die ("invalid qsize specified; needs to be 160 .. 256\n");
|
104
libgcrypt-1.7.3-fips-cfgrandom.patch
Normal file
104
libgcrypt-1.7.3-fips-cfgrandom.patch
Normal file
@ -0,0 +1,104 @@
|
||||
diff -up libgcrypt-1.7.3/random/random-drbg.c.cfgrandom libgcrypt-1.7.3/random/random-drbg.c
|
||||
--- libgcrypt-1.7.3/random/random-drbg.c.cfgrandom 2016-04-07 17:30:08.000000000 +0200
|
||||
+++ libgcrypt-1.7.3/random/random-drbg.c 2016-11-22 15:54:02.227319203 +0100
|
||||
@@ -627,8 +627,13 @@ drbg_get_entropy (drbg_state_t drbg, uns
|
||||
read_cb_size = len;
|
||||
read_cb_len = 0;
|
||||
#if USE_RNDLINUX
|
||||
+ /* First read from /etc/gcrypt/rngseed if available */
|
||||
+ _gcry_rndlinux_gather_random (drbg_read_cb, 0, len,
|
||||
+ -1);
|
||||
+ read_cb_len = 0;
|
||||
+ /* then use /dev/urandom. */
|
||||
rc = _gcry_rndlinux_gather_random (drbg_read_cb, 0, len,
|
||||
- GCRY_VERY_STRONG_RANDOM);
|
||||
+ GCRY_STRONG_RANDOM);
|
||||
#elif USE_RNDUNIX
|
||||
rc = _gcry_rndunix_gather_random (drbg_read_cb, 0, len,
|
||||
GCRY_VERY_STRONG_RANDOM);
|
||||
diff -up libgcrypt-1.7.3/random/rndlinux.c.cfgrandom libgcrypt-1.7.3/random/rndlinux.c
|
||||
--- libgcrypt-1.7.3/random/rndlinux.c.cfgrandom 2016-07-14 11:19:17.000000000 +0200
|
||||
+++ libgcrypt-1.7.3/random/rndlinux.c 2016-11-22 15:45:19.921141761 +0100
|
||||
@@ -40,7 +40,9 @@
|
||||
#include "g10lib.h"
|
||||
#include "rand-internal.h"
|
||||
|
||||
-static int open_device (const char *name, int retry);
|
||||
+#define NAME_OF_CFG_RNGSEED "/etc/gcrypt/rngseed"
|
||||
+
|
||||
+static int open_device (const char *name, int retry, int fatal);
|
||||
|
||||
|
||||
static int
|
||||
@@ -63,7 +65,7 @@ set_cloexec_flag (int fd)
|
||||
* a fatal error but retries until it is able to reopen the device.
|
||||
*/
|
||||
static int
|
||||
-open_device (const char *name, int retry)
|
||||
+open_device (const char *name, int retry, int fatal)
|
||||
{
|
||||
int fd;
|
||||
|
||||
@@ -71,6 +73,8 @@ open_device (const char *name, int retry
|
||||
_gcry_random_progress ("open_dev_random", 'X', 1, 0);
|
||||
again:
|
||||
fd = open (name, O_RDONLY);
|
||||
+ if (fd == -1 && !fatal)
|
||||
+ return fd;
|
||||
if (fd == -1 && retry)
|
||||
{
|
||||
struct timeval tv;
|
||||
@@ -115,6 +119,7 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
{
|
||||
static int fd_urandom = -1;
|
||||
static int fd_random = -1;
|
||||
+ static int fd_configured = -1;
|
||||
static unsigned char ever_opened;
|
||||
int fd;
|
||||
int n;
|
||||
@@ -138,6 +143,11 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
close (fd_urandom);
|
||||
fd_urandom = -1;
|
||||
}
|
||||
+ if (fd_configured != -1)
|
||||
+ {
|
||||
+ close (fd_configured);
|
||||
+ fd_configured = -1;
|
||||
+ }
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -165,20 +175,30 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
that we always require the device to be existent but want a more
|
||||
graceful behaviour if the rarely needed close operation has been
|
||||
used and the device needs to be re-opened later. */
|
||||
+
|
||||
+ if (level == -1)
|
||||
+ {
|
||||
+ if (fd_configured == -1)
|
||||
+ fd_configured = open_device ( NAME_OF_CFG_RNGSEED, 0, 0 );
|
||||
+ fd = fd_configured;
|
||||
+ if (fd == -1)
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
if (level >= 2)
|
||||
{
|
||||
if (fd_random == -1)
|
||||
{
|
||||
- fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1));
|
||||
+ fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1), 1);
|
||||
ever_opened |= 1;
|
||||
}
|
||||
fd = fd_random;
|
||||
}
|
||||
- else
|
||||
+ else if (level != -1)
|
||||
{
|
||||
if (fd_urandom == -1)
|
||||
{
|
||||
- fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2));
|
||||
+ fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2), 1);
|
||||
ever_opened |= 2;
|
||||
}
|
||||
fd = fd_urandom;
|
35
libgcrypt-1.7.3-fips-reqs.patch
Normal file
35
libgcrypt-1.7.3-fips-reqs.patch
Normal file
@ -0,0 +1,35 @@
|
||||
diff -up libgcrypt-1.7.3/src/visibility.c.fips-reqs libgcrypt-1.7.3/src/visibility.c
|
||||
--- libgcrypt-1.7.3/src/visibility.c.fips-reqs 2016-03-23 12:59:34.000000000 +0100
|
||||
+++ libgcrypt-1.7.3/src/visibility.c 2016-11-22 16:29:36.992042480 +0100
|
||||
@@ -1288,6 +1288,8 @@ gcry_kdf_derive (const void *passphrase,
|
||||
unsigned long iterations,
|
||||
size_t keysize, void *keybuffer)
|
||||
{
|
||||
+ if (!fips_is_operational ())
|
||||
+ return gpg_error (fips_not_operational ());
|
||||
return gpg_error (_gcry_kdf_derive (passphrase, passphraselen, algo, hashalgo,
|
||||
salt, saltlen, iterations,
|
||||
keysize, keybuffer));
|
||||
@@ -1343,6 +1345,13 @@ void
|
||||
gcry_mpi_randomize (gcry_mpi_t w,
|
||||
unsigned int nbits, enum gcry_random_level level)
|
||||
{
|
||||
+ if (!fips_is_operational ())
|
||||
+ {
|
||||
+ (void)fips_not_operational ();
|
||||
+ fips_signal_fatal_error ("called in non-operational state");
|
||||
+ fips_noreturn ();
|
||||
+ }
|
||||
+
|
||||
_gcry_mpi_randomize (w, nbits, level);
|
||||
}
|
||||
|
||||
@@ -1368,6 +1377,8 @@ gcry_prime_generate (gcry_mpi_t *prime,
|
||||
gcry_random_level_t random_level,
|
||||
unsigned int flags)
|
||||
{
|
||||
+ if (!fips_is_operational ())
|
||||
+ return gpg_error (fips_not_operational ());
|
||||
return gpg_error (_gcry_prime_generate (prime, prime_bits, factor_bits,
|
||||
factors, cb_func, cb_arg,
|
||||
random_level, flags));
|
115
libgcrypt-1.7.3-tests.patch
Normal file
115
libgcrypt-1.7.3-tests.patch
Normal file
@ -0,0 +1,115 @@
|
||||
diff -up libgcrypt-1.7.3/cipher/dsa.c.tests libgcrypt-1.7.3/cipher/dsa.c
|
||||
--- libgcrypt-1.7.3/cipher/dsa.c.tests 2016-04-07 17:30:08.000000000 +0200
|
||||
+++ libgcrypt-1.7.3/cipher/dsa.c 2016-11-22 15:33:48.813026002 +0100
|
||||
@@ -457,11 +457,22 @@ generate_fips186 (DSA_secret_key *sk, un
|
||||
&prime_q, &prime_p,
|
||||
r_counter,
|
||||
r_seed, r_seedlen);
|
||||
- else
|
||||
- ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0,
|
||||
+ else if (!domain->p || !domain->q)
|
||||
+ ec = _gcry_generate_fips186_3_prime (nbits, qbits,
|
||||
+ initial_seed.seed,
|
||||
+ initial_seed.seedlen,
|
||||
&prime_q, &prime_p,
|
||||
r_counter,
|
||||
r_seed, r_seedlen, NULL);
|
||||
+ else
|
||||
+ {
|
||||
+ /* Domain parameters p and q are given; use them. */
|
||||
+ prime_p = mpi_copy (domain->p);
|
||||
+ prime_q = mpi_copy (domain->q);
|
||||
+ gcry_assert (mpi_get_nbits (prime_p) == nbits);
|
||||
+ gcry_assert (mpi_get_nbits (prime_q) == qbits);
|
||||
+ ec = 0;
|
||||
+ }
|
||||
sexp_release (initial_seed.sexp);
|
||||
if (ec)
|
||||
goto leave;
|
||||
@@ -855,13 +866,12 @@ dsa_generate (const gcry_sexp_t genparms
|
||||
sexp_release (l1);
|
||||
sexp_release (domainsexp);
|
||||
|
||||
- /* Check that all domain parameters are available. */
|
||||
- if (!domain.p || !domain.q || !domain.g)
|
||||
+ /* Check that p and q domain parameters are available. */
|
||||
+ if (!domain.p || !domain.q || (!domain.g && !(flags & PUBKEY_FLAG_USE_FIPS186)))
|
||||
{
|
||||
_gcry_mpi_release (domain.p);
|
||||
_gcry_mpi_release (domain.q);
|
||||
_gcry_mpi_release (domain.g);
|
||||
- sexp_release (deriveparms);
|
||||
return GPG_ERR_MISSING_VALUE;
|
||||
}
|
||||
|
||||
diff -up libgcrypt-1.7.3/cipher/rsa.c.tests libgcrypt-1.7.3/cipher/rsa.c
|
||||
--- libgcrypt-1.7.3/cipher/rsa.c.tests 2016-07-14 11:19:17.000000000 +0200
|
||||
+++ libgcrypt-1.7.3/cipher/rsa.c 2016-11-22 15:25:05.426838229 +0100
|
||||
@@ -696,7 +696,7 @@ generate_x931 (RSA_secret_key *sk, unsig
|
||||
|
||||
*swapped = 0;
|
||||
|
||||
- if (e_value == 1) /* Alias for a secure value. */
|
||||
+ if (e_value == 1 || e_value == 0) /* Alias for a secure value. */
|
||||
e_value = 65537;
|
||||
|
||||
/* Point 1 of section 4.1: k = 1024 + 256s with S >= 0 */
|
||||
diff -up libgcrypt-1.7.3/tests/keygen.c.tests libgcrypt-1.7.3/tests/keygen.c
|
||||
--- libgcrypt-1.7.3/tests/keygen.c.tests 2016-04-07 17:30:08.000000000 +0200
|
||||
+++ libgcrypt-1.7.3/tests/keygen.c 2016-11-22 15:25:33.178484464 +0100
|
||||
@@ -257,11 +257,11 @@ check_rsa_keys (void)
|
||||
|
||||
|
||||
if (verbose)
|
||||
- show ("creating 512 bit RSA key with e=257\n");
|
||||
+ show ("creating 1024 bit RSA key with e=257\n");
|
||||
rc = gcry_sexp_new (&keyparm,
|
||||
"(genkey\n"
|
||||
" (rsa\n"
|
||||
- " (nbits 3:512)\n"
|
||||
+ " (nbits 4:1024)\n"
|
||||
" (rsa-use-e 3:257)\n"
|
||||
" ))", 0, 1);
|
||||
if (rc)
|
||||
@@ -282,11 +282,11 @@ check_rsa_keys (void)
|
||||
gcry_sexp_release (key);
|
||||
|
||||
if (verbose)
|
||||
- show ("creating 512 bit RSA key with default e\n");
|
||||
+ show ("creating 1024 bit RSA key with default e\n");
|
||||
rc = gcry_sexp_new (&keyparm,
|
||||
"(genkey\n"
|
||||
" (rsa\n"
|
||||
- " (nbits 3:512)\n"
|
||||
+ " (nbits 4:1024)\n"
|
||||
" (rsa-use-e 1:0)\n"
|
||||
" ))", 0, 1);
|
||||
if (rc)
|
||||
@@ -366,12 +366,12 @@ check_dsa_keys (void)
|
||||
}
|
||||
|
||||
if (verbose)
|
||||
- show ("creating 1536 bit DSA key\n");
|
||||
+ show ("creating 2048 bit DSA key\n");
|
||||
rc = gcry_sexp_new (&keyparm,
|
||||
"(genkey\n"
|
||||
" (dsa\n"
|
||||
- " (nbits 4:1536)\n"
|
||||
- " (qbits 3:224)\n"
|
||||
+ " (nbits 4:2048)\n"
|
||||
+ " (qbits 3:256)\n"
|
||||
" ))", 0, 1);
|
||||
if (rc)
|
||||
die ("error creating S-expression: %s\n", gpg_strerror (rc));
|
||||
diff -up libgcrypt-1.7.3/tests/pubkey.c.tests libgcrypt-1.7.3/tests/pubkey.c
|
||||
--- libgcrypt-1.7.3/tests/pubkey.c.tests 2016-07-14 11:19:17.000000000 +0200
|
||||
+++ libgcrypt-1.7.3/tests/pubkey.c 2016-11-22 18:40:23.220813982 +0100
|
||||
@@ -651,7 +651,7 @@ get_dsa_key_fips186_with_seed_new (gcry_
|
||||
" (use-fips186)"
|
||||
" (transient-key)"
|
||||
" (derive-parms"
|
||||
- " (seed #0cb1990c1fd3626055d7a0096f8fa99807399871#))))",
|
||||
+ " (seed #8b4c4d671fff82e8ed932260206d0571e3a1c2cee8cd94cb73fe58f9b67488fa#))))",
|
||||
0, 1);
|
||||
if (rc)
|
||||
die ("error creating S-expression: %s\n", gcry_strerror (rc));
|
@ -1,15 +1,15 @@
|
||||
diff -up libgcrypt-1.6.1/random/rndlinux.c.use-poll libgcrypt-1.6.1/random/rndlinux.c
|
||||
--- libgcrypt-1.6.1/random/rndlinux.c.use-poll 2014-02-28 15:17:55.294433915 +0100
|
||||
+++ libgcrypt-1.6.1/random/rndlinux.c 2014-02-28 15:34:52.505945274 +0100
|
||||
diff -up libgcrypt-1.7.3/random/rndlinux.c.use-poll libgcrypt-1.7.3/random/rndlinux.c
|
||||
--- libgcrypt-1.7.3/random/rndlinux.c.use-poll 2016-11-22 16:05:05.114761069 +0100
|
||||
+++ libgcrypt-1.7.3/random/rndlinux.c 2016-11-22 16:16:05.373139721 +0100
|
||||
@@ -32,6 +32,7 @@
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <fcntl.h>
|
||||
+#include <poll.h>
|
||||
#include "types.h"
|
||||
#include "g10lib.h"
|
||||
#include "rand-internal.h"
|
||||
@@ -199,9 +200,11 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
#if defined(__linux__) && defined(HAVE_SYSCALL)
|
||||
# include <sys/syscall.h>
|
||||
#endif
|
||||
@@ -211,9 +212,11 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
return with something we will actually use 100ms. */
|
||||
while (length)
|
||||
{
|
||||
@ -23,7 +23,7 @@ diff -up libgcrypt-1.6.1/random/rndlinux.c.use-poll libgcrypt-1.6.1/random/rndli
|
||||
|
||||
/* If we collected some bytes update the progress indicator. We
|
||||
do this always and not just if the select timed out because
|
||||
@@ -215,33 +218,18 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
@@ -227,33 +230,19 @@ _gcry_rndlinux_gather_random (void (*add
|
||||
any_need_entropy = 1;
|
||||
}
|
||||
|
||||
@ -35,7 +35,14 @@ diff -up libgcrypt-1.6.1/random/rndlinux.c.use-poll libgcrypt-1.6.1/random/rndli
|
||||
-#ifdef FD_SETSIZE
|
||||
- if (fd < FD_SETSIZE)
|
||||
-#endif
|
||||
- {
|
||||
+ if ( !(rc=poll(&pfd, 1, delay)) )
|
||||
+ {
|
||||
+ any_need_entropy = 1;
|
||||
+ delay = 3000; /* Use 3 seconds henceforth. */
|
||||
+ continue;
|
||||
+ }
|
||||
+ else if( rc == -1 )
|
||||
{
|
||||
- FD_ZERO(&rfds);
|
||||
- FD_SET(fd, &rfds);
|
||||
- tv.tv_sec = delay;
|
||||
@ -54,13 +61,6 @@ diff -up libgcrypt-1.6.1/random/rndlinux.c.use-poll libgcrypt-1.6.1/random/rndli
|
||||
- we have ever blocked. */
|
||||
- continue;
|
||||
- }
|
||||
+ if ( !(rc=poll(&pfd, 1, delay)) )
|
||||
+ {
|
||||
+ delay = 3000; /* Use 3 seconds henceforth. */
|
||||
+ continue;
|
||||
+ }
|
||||
+ else if( rc == -1 )
|
||||
+ {
|
||||
+ log_error ("poll() error: %s\n", strerror(errno));
|
||||
+ if (!delay)
|
||||
+ delay = 1000; /* Use 1 second if we encounter an error before
|
||||
@ -68,4 +68,4 @@ diff -up libgcrypt-1.6.1/random/rndlinux.c.use-poll libgcrypt-1.6.1/random/rndli
|
||||
+ continue;
|
||||
}
|
||||
|
||||
do
|
||||
/* If we have a modern Linux kernel and we want to read from the
|
@ -1,5 +1,5 @@
|
||||
Name: libgcrypt
|
||||
Version: 1.6.6
|
||||
Version: 1.7.3
|
||||
Release: 1%{?dist}
|
||||
URL: http://www.gnupg.org/
|
||||
Source0: libgcrypt-%{version}-hobbled.tar.xz
|
||||
@ -15,36 +15,29 @@ Source3: hobble-libgcrypt
|
||||
Source4: ecc-curves.c
|
||||
Source5: curves.c
|
||||
Source6: t-mpi-point.c
|
||||
Source7: ecc-gost.c
|
||||
# make FIPS hmac compatible with fipscheck - non upstreamable
|
||||
# update on soname bump
|
||||
Patch2: libgcrypt-1.6.2-use-fipscheck.patch
|
||||
# fix tests in the FIPS mode, fix the FIPS-186-3 DSA keygen
|
||||
Patch5: libgcrypt-1.6.1-tests.patch
|
||||
# fix tests in the FIPS mode, allow CAVS testing of DSA keygen
|
||||
Patch5: libgcrypt-1.7.3-tests.patch
|
||||
# add configurable source of RNG seed and seed by default
|
||||
# from /dev/urandom in the FIPS mode
|
||||
Patch6: libgcrypt-1.6.1-fips-cfgrandom.patch
|
||||
Patch6: libgcrypt-1.7.3-fips-cfgrandom.patch
|
||||
# update the CAVS tests
|
||||
Patch7: libgcrypt-1.6.2-fips-cavs.patch
|
||||
# fix for memory leaks and other errors found by Coverity scan
|
||||
Patch9: libgcrypt-1.6.5-leak.patch
|
||||
Patch7: libgcrypt-1.7.3-fips-cavs.patch
|
||||
# use poll instead of select when gathering randomness
|
||||
Patch11: libgcrypt-1.6.1-use-poll.patch
|
||||
Patch11: libgcrypt-1.7.3-use-poll.patch
|
||||
# slight optimalization of mpicoder.c to silence Valgrind (#968288)
|
||||
Patch13: libgcrypt-1.6.1-mpicoder-gccopt.patch
|
||||
# fix tests to work with approved ECC
|
||||
Patch14: libgcrypt-1.6.1-ecc-test-fix.patch
|
||||
# Replace the FIPS RNG with DRBG
|
||||
Patch15: libgcrypt-1.6.2-drbg.patch
|
||||
Patch14: libgcrypt-1.7.3-ecc-test-fix.patch
|
||||
# Run the FIPS mode initialization in the shared library constructor
|
||||
Patch18: libgcrypt-1.6.2-fips-ctor.patch
|
||||
# Make it possible to run the test suite in the FIPS mode
|
||||
Patch19: libgcrypt-1.6.2-fips-test.patch
|
||||
# Make the FIPS RSA keygen to be FIPS 186-4 compliant
|
||||
Patch20: libgcrypt-1.6.3-rsa-fips-keygen.patch
|
||||
# update the selftests for new FIPS requirements
|
||||
Patch22: libgcrypt-1.6.2-fips-reqs.patch
|
||||
# Block some operations if in FIPS non-operational state
|
||||
Patch22: libgcrypt-1.7.3-fips-reqs.patch
|
||||
# do not use strict aliasing for bufhelp functions
|
||||
Patch23: libgcrypt-1.6.3-aliasing.patch
|
||||
Patch23: libgcrypt-1.7.3-aliasing.patch
|
||||
# use only urandom if /dev/random cannot be opened
|
||||
Patch24: libgcrypt-1.6.3-urandom-only.patch
|
||||
|
||||
@ -86,19 +79,15 @@ applications using libgcrypt.
|
||||
%patch5 -p1 -b .tests
|
||||
%patch6 -p1 -b .cfgrandom
|
||||
%patch7 -p1 -b .cavs
|
||||
%patch9 -p1 -b .leak
|
||||
%patch11 -p1 -b .use-poll
|
||||
%patch13 -p1 -b .gccopt
|
||||
%patch14 -p1 -b .eccfix
|
||||
%patch15 -p1 -b .drbg
|
||||
%patch18 -p1 -b .fips-ctor
|
||||
%patch19 -p1 -b .fips-test
|
||||
%patch20 -p1 -b .fips-keygen
|
||||
%patch22 -p1 -b .fips-reqs
|
||||
%patch23 -p1 -b .aliasing
|
||||
%patch24 -p1 -b .urandom-only
|
||||
|
||||
cp %{SOURCE4} cipher/
|
||||
cp %{SOURCE4} %{SOURCE7} cipher/
|
||||
cp %{SOURCE5} %{SOURCE6} tests/
|
||||
|
||||
%build
|
||||
@ -208,6 +197,9 @@ exit 0
|
||||
%license COPYING
|
||||
|
||||
%changelog
|
||||
* Wed Nov 23 2016 Tomáš Mráz <tmraz@redhat.com> 1.7.3-1
|
||||
- new upstream version 1.7.3
|
||||
|
||||
* Wed Aug 17 2016 Tomáš Mráz <tmraz@redhat.com> 1.6.6-1
|
||||
- new upstream version with important security fix (CVE-2016-6316)
|
||||
|
||||
|
2
sources
2
sources
@ -1 +1 @@
|
||||
67edcc4715a8c239eac70a931e49660d libgcrypt-1.6.6-hobbled.tar.xz
|
||||
8ed4255c512e382eba465330c2a939dc libgcrypt-1.7.3-hobbled.tar.xz
|
||||
|
@ -57,8 +57,20 @@ static struct
|
||||
const char *a, *b; /* The coefficients. */
|
||||
const char *n; /* The order of the base point. */
|
||||
const char *g_x, *g_y; /* Base point. */
|
||||
const char *h; /* Cofactor. */
|
||||
} test_curve[] =
|
||||
{
|
||||
{
|
||||
"NIST P-224",
|
||||
"0xffffffffffffffffffffffffffffffff000000000000000000000001",
|
||||
"0xfffffffffffffffffffffffffffffffefffffffffffffffffffffffe",
|
||||
"0xb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4",
|
||||
"0xffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d" ,
|
||||
|
||||
"0xb70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21",
|
||||
"0xbd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34",
|
||||
"0x01"
|
||||
},
|
||||
{
|
||||
"NIST P-256",
|
||||
"0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff",
|
||||
@ -67,7 +79,8 @@ static struct
|
||||
"0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551",
|
||||
|
||||
"0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
|
||||
"0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5"
|
||||
"0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5",
|
||||
"0x01"
|
||||
},
|
||||
{
|
||||
"NIST P-384",
|
||||
@ -83,7 +96,8 @@ static struct
|
||||
"0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a38"
|
||||
"5502f25dbf55296c3a545e3872760ab7",
|
||||
"0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c0"
|
||||
"0a60b1ce1d7e819d7a431d7c90ea0e5f"
|
||||
"0a60b1ce1d7e819d7a431d7c90ea0e5f",
|
||||
"0x01"
|
||||
},
|
||||
{
|
||||
"NIST P-521",
|
||||
@ -99,18 +113,20 @@ static struct
|
||||
"0xc6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3d"
|
||||
"baa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66",
|
||||
"0x11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e6"
|
||||
"62c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650"
|
||||
"62c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650",
|
||||
"0x01"
|
||||
},
|
||||
{
|
||||
"Ed25519",
|
||||
"0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED",
|
||||
"-0x01",
|
||||
"-0x2DFC9311D490018C7338BF8688861767FF8FF5B2BEBE27548A14B235ECA6874A",
|
||||
"0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEC",
|
||||
"0x52036CEE2B6FFE738CC740797779E89800700A4D4141D8AB75EB4DCA135978A3",
|
||||
"0x1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED",
|
||||
"0x216936D3CD6E53FEC0A4E231FDD6DC5C692CC7609525A7B2C9562D608F25D51A",
|
||||
"0x6666666666666666666666666666666666666666666666666666666666666658"
|
||||
"0x6666666666666666666666666666666666666666666666666666666666666658",
|
||||
"0x08"
|
||||
},
|
||||
{ NULL, NULL, NULL, NULL, NULL }
|
||||
{ NULL, NULL, NULL, NULL, NULL, NULL }
|
||||
};
|
||||
|
||||
/* A sample public key for NIST P-256. */
|
||||
@ -414,28 +430,18 @@ context_alloc (void)
|
||||
gcry_mpi_release (a);
|
||||
gcry_ctx_release (ctx);
|
||||
|
||||
p = gcry_mpi_set_ui (NULL, 0);
|
||||
p = NULL;
|
||||
a = gcry_mpi_set_ui (NULL, 0);
|
||||
|
||||
err = ec_p_new (&ctx, p, a);
|
||||
if (!err || gpg_err_code (err) != GPG_ERR_EINVAL)
|
||||
fail ("ec_p_new: bad parameter detection failed (1)\n");
|
||||
|
||||
gcry_mpi_set_ui (p, 1);
|
||||
err = ec_p_new (&ctx, p, a);
|
||||
if (!err || gpg_err_code (err) != GPG_ERR_EINVAL)
|
||||
fail ("ec_p_new: bad parameter detection failed (2)\n");
|
||||
|
||||
gcry_mpi_release (p);
|
||||
p = NULL;
|
||||
err = ec_p_new (&ctx, p, a);
|
||||
if (!err || gpg_err_code (err) != GPG_ERR_EINVAL)
|
||||
fail ("ec_p_new: bad parameter detection failed (3)\n");
|
||||
|
||||
gcry_mpi_release (a);
|
||||
a = NULL;
|
||||
err = ec_p_new (&ctx, p, a);
|
||||
if (!err || gpg_err_code (err) != GPG_ERR_EINVAL)
|
||||
fail ("ec_p_new: bad parameter detection failed (4)\n");
|
||||
fail ("ec_p_new: bad parameter detection failed (2)\n");
|
||||
|
||||
}
|
||||
|
||||
@ -523,6 +529,17 @@ context_param (void)
|
||||
show ("checking standard curves\n");
|
||||
for (idx=0; test_curve[idx].desc; idx++)
|
||||
{
|
||||
/* P-192 and Ed25519 are not supported in fips mode */
|
||||
if (gcry_fips_mode_active())
|
||||
{
|
||||
if (!strcmp(test_curve[idx].desc, "NIST P-192")
|
||||
|| !strcmp(test_curve[idx].desc, "Ed25519"))
|
||||
{
|
||||
show("skipping %s in fips mode\n", test_curve[idx].desc );
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
gcry_ctx_release (ctx);
|
||||
err = gcry_mpi_ec_new (&ctx, NULL, test_curve[idx].desc);
|
||||
if (err)
|
||||
@ -546,6 +563,8 @@ context_param (void)
|
||||
if (get_and_cmp_point ("g", test_curve[idx].g_x, test_curve[idx].g_y,
|
||||
test_curve[idx].desc, ctx))
|
||||
continue;
|
||||
if (get_and_cmp_mpi ("h", test_curve[idx].h, test_curve[idx].desc, ctx))
|
||||
continue;
|
||||
|
||||
}
|
||||
|
||||
@ -616,6 +635,10 @@ context_param (void)
|
||||
gcry_sexp_release (sexp);
|
||||
}
|
||||
|
||||
/* Skipping Ed25519 if in FIPS mode (it isn't supported) */
|
||||
if (gcry_fips_mode_active())
|
||||
goto cleanup;
|
||||
|
||||
show ("checking sample public key (Ed25519)\n");
|
||||
q = hex2mpi (sample_ed25519_q);
|
||||
gcry_sexp_release (keyparam);
|
||||
@ -703,6 +726,7 @@ context_param (void)
|
||||
|
||||
}
|
||||
|
||||
cleanup:
|
||||
gcry_ctx_release (ctx);
|
||||
gcry_sexp_release (keyparam);
|
||||
}
|
||||
@ -804,6 +828,14 @@ basic_ec_math (void)
|
||||
}
|
||||
|
||||
|
||||
/* This is the same as basic_ec_math but uses more advanced
|
||||
features. */
|
||||
static void
|
||||
basic_ec_math_simplified (void)
|
||||
{
|
||||
}
|
||||
|
||||
|
||||
/* Check the math used with Twisted Edwards curves. */
|
||||
static void
|
||||
twistededwards_math (void)
|
||||
@ -963,7 +995,14 @@ main (int argc, char **argv)
|
||||
context_alloc ();
|
||||
context_param ();
|
||||
basic_ec_math ();
|
||||
twistededwards_math ();
|
||||
|
||||
/* The tests are for P-192 and ed25519 which are not supported in
|
||||
FIPS mode. */
|
||||
if (!gcry_fips_mode_active())
|
||||
{
|
||||
basic_ec_math_simplified ();
|
||||
twistededwards_math ();
|
||||
}
|
||||
|
||||
show ("All tests completed. Errors: %d\n", error_count);
|
||||
return error_count ? 1 : 0;
|
||||
|
Loading…
Reference in New Issue
Block a user