Fix FIPS RSA PCT
Resolves: rhbz#2128455
This commit is contained in:
parent
bc7ebe1048
commit
cbe7d48792
@ -921,3 +921,206 @@ index 78c26f2f..9d14a474 100644
|
|||||||
|
|
||||||
--
|
--
|
||||||
2.37.1
|
2.37.1
|
||||||
|
|
||||||
|
--
|
||||||
|
|
||||||
|
ACVP testing uses the test-parms option to specify p and q to be checked
|
||||||
|
for primality. When test-parms is specified, generate_fips() always
|
||||||
|
returns keys with p=q=0. These keys then fail the pairwise consistency
|
||||||
|
test, because they cannot be used to successfully sign a message and
|
||||||
|
verify the signature.
|
||||||
|
|
||||||
|
Skip the PCT when test-parms is specified.
|
||||||
|
|
||||||
|
Add a regression test to check that this functionality continues to work
|
||||||
|
in the future.
|
||||||
|
|
||||||
|
Signed-off-by: Clemens Lang <cllang at redhat.com>
|
||||||
|
---
|
||||||
|
cipher/rsa.c | 5 +-
|
||||||
|
tests/Makefile.am | 2 +-
|
||||||
|
tests/t-rsa-testparm.c | 130 +++++++++++++++++++++++++++++++++++++++++
|
||||||
|
3 files changed, 135 insertions(+), 2 deletions(-)
|
||||||
|
create mode 100644 tests/t-rsa-testparm.c
|
||||||
|
|
||||||
|
diff --git a/cipher/rsa.c b/cipher/rsa.c
|
||||||
|
index 87f57b55..1a935d80 100644
|
||||||
|
--- a/cipher/rsa.c
|
||||||
|
+++ b/cipher/rsa.c
|
||||||
|
@@ -1218,6 +1218,7 @@ rsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
|
||||||
|
int flags = 0;
|
||||||
|
gcry_sexp_t l1;
|
||||||
|
gcry_sexp_t swap_info = NULL;
|
||||||
|
+ int testparms = 0;
|
||||||
|
|
||||||
|
memset (&sk, 0, sizeof sk);
|
||||||
|
|
||||||
|
@@ -1274,6 +1275,8 @@ rsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
|
||||||
|
}
|
||||||
|
deriveparms = (genparms? sexp_find_token (genparms, "test-parms", 0)
|
||||||
|
/**/ : NULL);
|
||||||
|
+ if (deriveparms)
|
||||||
|
+ testparms = 1;
|
||||||
|
|
||||||
|
/* Generate. */
|
||||||
|
if (deriveparms || fips_mode ())
|
||||||
|
@@ -1311,7 +1314,7 @@ rsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
|
||||||
|
mpi_free (sk.u);
|
||||||
|
sexp_release (swap_info);
|
||||||
|
|
||||||
|
- if (!ec && fips_mode () && test_keys_fips (*r_skey))
|
||||||
|
+ if (!ec && !testparms && fips_mode () && test_keys_fips (*r_skey))
|
||||||
|
{
|
||||||
|
sexp_release (*r_skey); *r_skey = NULL;
|
||||||
|
fips_signal_error ("self-test after key generation failed");
|
||||||
|
diff --git a/tests/Makefile.am b/tests/Makefile.am
|
||||||
|
index f65725bc..302d923b 100644
|
||||||
|
--- a/tests/Makefile.am
|
||||||
|
+++ b/tests/Makefile.am
|
||||||
|
@@ -28,7 +28,7 @@ tests_bin = \
|
||||||
|
t-mpi-bit t-mpi-point curves t-lock \
|
||||||
|
prime basic keygen pubkey hmac hashtest t-kdf keygrip \
|
||||||
|
fips186-dsa aeswrap pkcs1v2 random dsa-rfc6979 \
|
||||||
|
- t-dsa t-ecdsa t-rsa-pss t-rsa-15 \
|
||||||
|
+ t-dsa t-ecdsa t-rsa-pss t-rsa-15 t-rsa-testparm \
|
||||||
|
t-ed25519 t-cv25519 t-x448 t-ed448
|
||||||
|
|
||||||
|
tests_bin_last = benchmark bench-slope
|
||||||
|
diff --git a/tests/t-rsa-testparm.c b/tests/t-rsa-testparm.c
|
||||||
|
new file mode 100644
|
||||||
|
index 00000000..65617855
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/t-rsa-testparm.c
|
||||||
|
@@ -0,0 +1,130 @@
|
||||||
|
+/* t-rsa-testparm.c - Check the RSA Key Generation test-parm parameter
|
||||||
|
+ * Copyright (C) 2022 g10 Code GmbH
|
||||||
|
+ *
|
||||||
|
+ * This file is part of Libgcrypt.
|
||||||
|
+ *
|
||||||
|
+ * Libgcrypt is free software; you can redistribute it and/or modify
|
||||||
|
+ * it under the terms of the GNU Lesser General Public License as
|
||||||
|
+ * published by the Free Software Foundation; either version 2.1 of
|
||||||
|
+ * the License, or (at your option) any later version.
|
||||||
|
+ *
|
||||||
|
+ * Libgcrypt is distributed in the hope that it will be useful,
|
||||||
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
+ * GNU Lesser General Public License for more details.
|
||||||
|
+ *
|
||||||
|
+ * You should have received a copy of the GNU Lesser General Public License
|
||||||
|
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+#ifdef HAVE_CONFIG_H
|
||||||
|
+#include <config.h>
|
||||||
|
+#endif
|
||||||
|
+#include <stdio.h>
|
||||||
|
+#include <stdlib.h>
|
||||||
|
+#include <string.h>
|
||||||
|
+#include <gcrypt.h>
|
||||||
|
+
|
||||||
|
+#include "stopwatch.h"
|
||||||
|
+
|
||||||
|
+#define PGM "t-rsa-testparm"
|
||||||
|
+#include "t-common.h"
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+static void
|
||||||
|
+check_rsa_testparm ()
|
||||||
|
+{
|
||||||
|
+ gpg_error_t err;
|
||||||
|
+ gcry_sexp_t keyspec = NULL;
|
||||||
|
+ gcry_sexp_t key = NULL;
|
||||||
|
+ const char *sexp = "(genkey (rsa (nbits \"2048\") (test-parms "
|
||||||
|
+ "(e \"65537\")"
|
||||||
|
+ "(p #00bbccabcee15d343944a47e492d4b1f4de79633e20cbb46f7d2d6813392a807ad048"
|
||||||
|
+ "cf77528edd19f77e7453f25173b9dcb70423afa2037aae147b81a33d541fc58f875ef"
|
||||||
|
+ "f1e852ab55e2e09a3debfbc151b3b0d17fef6f74d81fca14fbae531418e211ef81859"
|
||||||
|
+ "2af70de5cec3b92795cc3578572bf456099cd8727150e523261#)"
|
||||||
|
+ "(q #00ca87ecf2883f4ed00a9ec65abdeba81d28edbfcc34ecc563d587f166b52d42bfbe2"
|
||||||
|
+ "2bbc095b0b8426a2f8bbc55baaa8859b42cbc376ed3067db3ef7b135b63481322911e"
|
||||||
|
+ "bbd7014db83aa051e0ca2dbf302b75cd37f2ae8df90e134226e92f6353a284b28bb30"
|
||||||
|
+ "af0bbf925b345b955328379866ebac11d55bc80fe84f105d415#)"
|
||||||
|
+ ")))";
|
||||||
|
+
|
||||||
|
+ info ("Checking RSA KeyGen test-parm parameter.\n");
|
||||||
|
+
|
||||||
|
+ err = gcry_sexp_build (&keyspec, NULL, sexp);
|
||||||
|
+ if (err)
|
||||||
|
+ {
|
||||||
|
+ fail ("error building SEXP for test: %s", gpg_strerror (err));
|
||||||
|
+ goto leave;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ err = gcry_pk_genkey (&key, keyspec);
|
||||||
|
+ if (err)
|
||||||
|
+ {
|
||||||
|
+ fail ("gcry_pk_genkey failed for test: %s", gpg_strerror (err));
|
||||||
|
+ goto leave;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+leave:
|
||||||
|
+ if (key)
|
||||||
|
+ gcry_sexp_release (key);
|
||||||
|
+ if (keyspec)
|
||||||
|
+ gcry_sexp_release (keyspec);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+int
|
||||||
|
+main (int argc, char **argv)
|
||||||
|
+{
|
||||||
|
+ int last_argc = -1;
|
||||||
|
+
|
||||||
|
+ if (argc)
|
||||||
|
+ { argc--; argv++; }
|
||||||
|
+
|
||||||
|
+ while (argc && last_argc != argc )
|
||||||
|
+ {
|
||||||
|
+ last_argc = argc;
|
||||||
|
+ if (!strcmp (*argv, "--"))
|
||||||
|
+ {
|
||||||
|
+ argc--; argv++;
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ else if (!strcmp (*argv, "--help"))
|
||||||
|
+ {
|
||||||
|
+ fputs ("usage: " PGM " [options]\n"
|
||||||
|
+ "Options:\n"
|
||||||
|
+ " --verbose print timings etc.\n"
|
||||||
|
+ " --debug flyswatter\n",
|
||||||
|
+ stdout);
|
||||||
|
+ exit (0);
|
||||||
|
+ }
|
||||||
|
+ else if (!strcmp (*argv, "--verbose"))
|
||||||
|
+ {
|
||||||
|
+ verbose++;
|
||||||
|
+ argc--; argv++;
|
||||||
|
+ }
|
||||||
|
+ else if (!strcmp (*argv, "--debug"))
|
||||||
|
+ {
|
||||||
|
+ verbose += 2;
|
||||||
|
+ debug++;
|
||||||
|
+ argc--; argv++;
|
||||||
|
+ }
|
||||||
|
+ else if (!strncmp (*argv, "--", 2))
|
||||||
|
+ die ("unknown option '%s'", *argv);
|
||||||
|
+
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ xgcry_control ((GCRYCTL_DISABLE_SECMEM, 0));
|
||||||
|
+ if (!gcry_check_version (GCRYPT_VERSION))
|
||||||
|
+ die ("version mismatch\n");
|
||||||
|
+ if (debug)
|
||||||
|
+ xgcry_control ((GCRYCTL_SET_DEBUG_FLAGS, 0xffffffff, 0));
|
||||||
|
+
|
||||||
|
+ start_timer ();
|
||||||
|
+ check_rsa_testparm ();
|
||||||
|
+ stop_timer ();
|
||||||
|
+
|
||||||
|
+ info ("All tests completed in %s. Errors: %d\n",
|
||||||
|
+ elapsed_time (1), error_count);
|
||||||
|
+ return !!error_count;
|
||||||
|
+}
|
||||||
|
--
|
||||||
|
2.37.3
|
||||||
|
@ -27,6 +27,8 @@ Patch3: libgcrypt-1.10.0-ppc-hwf.patch
|
|||||||
Patch4: libgcrypt-1.10.0-allow-small-RSA-verify.patch
|
Patch4: libgcrypt-1.10.0-allow-small-RSA-verify.patch
|
||||||
Patch5: libgcrypt-1.10.0-allow-short-salt.patch
|
Patch5: libgcrypt-1.10.0-allow-short-salt.patch
|
||||||
Patch6: libgcrypt-1.10.0-fips-getrandom.patch
|
Patch6: libgcrypt-1.10.0-fips-getrandom.patch
|
||||||
|
# https://dev.gnupg.org/T6127
|
||||||
|
# https://lists.gnupg.org/pipermail/gcrypt-devel/2022-September/005379.html
|
||||||
Patch7: libgcrypt-1.10.0-fips-selftest.patch
|
Patch7: libgcrypt-1.10.0-fips-selftest.patch
|
||||||
Patch8: libgcrypt-1.10.0-fips-disable-oaep.patch
|
Patch8: libgcrypt-1.10.0-fips-disable-oaep.patch
|
||||||
# https://dev.gnupg.org/T6217
|
# https://dev.gnupg.org/T6217
|
||||||
|
Loading…
Reference in New Issue
Block a user