libgcrypt/libgcrypt-1.7.3-fips-cavs.patch

1312 lines
39 KiB
Diff
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

diff -up libgcrypt-1.7.3/tests/cavs_driver.pl.cavs libgcrypt-1.7.3/tests/cavs_driver.pl
--- libgcrypt-1.7.3/tests/cavs_driver.pl.cavs 2013-03-15 20:25:38.000000000 +0100
+++ libgcrypt-1.7.3/tests/cavs_driver.pl 2016-11-22 17:29:06.067553077 +0100
@@ -1,9 +1,11 @@
#!/usr/bin/env perl
#
-# $Id: cavs_driver.pl 1497 2009-01-22 14:01:29Z smueller $
+# $Id: cavs_driver.pl 2124 2010-12-20 07:56:30Z smueller $
#
# CAVS test driver (based on the OpenSSL driver)
# Written by: Stephan Müller <sm@atsec.com>
+# Werner Koch <wk@g10code.com> (libgcrypt interface)
+# Tomas Mraz <tmraz@redhat.com> (addition of DSA2)
# Copyright (c) atsec information security corporation
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -85,13 +87,16 @@
# T[CBC|CFB??|ECB|OFB]varkey
# T[CBC|CFB??|ECB|OFB]invperm
# T[CBC|CFB??|ECB|OFB]vartext
+# WARNING: TDES in CFB and OFB mode problems see below
#
# ANSI X9.31 RNG
# ANSI931_AES128MCT
# ANSI931_AES128VST
#
-# DSA
+# DSA2
# PQGGen
+# PQGVer
+# KeyPair
# SigGen
# SigVer
#
@@ -101,6 +106,36 @@
# RC4PltBD
# RC4REGT
#
+#
+# TDES MCT for CFB and OFB:
+# -------------------------
+# The inner loop cannot be handled by this script. If you want to have tests
+# for these cipher types, implement your own inner loop and add it to
+# crypto_mct.
+#
+# the value $next_source in crypto_mct is NOT set by the standard implementation
+# of this script. It would need to be set as follows for these two (code take
+# from fipsdrv.c from libgcrypt - the value input at the end will contain the
+# the value for $next_source:
+#
+# ... inner loop ...
+# ...
+# get_current_iv (hd, last_iv, blocklen);
+# ... encrypt / decrypt (input is the data to be en/decrypted and output is the
+# result of operation) ...
+# if (encrypt_mode && (cipher_mode == GCRY_CIPHER_MODE_CFB))
+# memcpy (input, last_iv, blocklen);
+# else if (cipher_mode == GCRY_CIPHER_MODE_OFB)
+# memcpy (input, last_iv, blocklen);
+# else if (!encrypt_mode && cipher_mode == GCRY_CIPHER_MODE_CFB)
+# {
+# /* Reconstruct the output vector. */
+# int i;
+# for (i=0; i < blocklen; i++)
+# input[i] ^= output[i];
+# }
+# ... inner loop ends ...
+# ==> now, the value of input is to be put into $next_source
use strict;
use warnings;
@@ -226,6 +261,8 @@ my $hmac;
# Generate the P, Q, G, Seed, counter, h (value used to generate g) values
# for DSA
# $1: modulus size
+# $2: q size
+# $3: seed (might be empty string)
# return: string with the calculated values in hex format, where each value
# is separated from the previous with a \n in the following order:
# P\n
@@ -236,6 +273,19 @@ my $hmac;
# h
my $dsa_pqggen;
+# Generate the G value from P and Q
+# for DSA
+# $1: modulus size
+# $2: q size
+# $3: P in hex form
+# $4: Q in hex form
+# return: string with the calculated values in hex format, where each value
+# is separated from the previous with a \n in the following order:
+# P\n
+# Q\n
+# G\n
+my $dsa_ggen;
+
#
# Generate an DSA public key from the provided parameters:
# $1: Name of file to create
@@ -255,16 +305,30 @@ my $dsa_verify;
# generate a new DSA key with the following properties:
# PEM format
-# $1 keyfile name
-# return: file created, hash with keys of P, Q, G in hex format
+# $1: modulus size
+# $2: q size
+# $3 keyfile name
+# return: file created with key, string with values of P, Q, G in hex format
my $gen_dsakey;
+# generate a new DSA private key XY parameters in domain:
+# PEM format
+# $1: P in hex form
+# $2: Q in hex form
+# $3: G in hex form
+# return: string with values of X, Y in hex format
+my $gen_dsakey_domain;
+
# Sign a message with DSA
# $1: data to be signed in hex form
# $2: Key file in PEM format with the private key
# return: hash of digest information in hex format with Y, R, S as keys
my $dsa_sign;
+my $rsa_keygen;
+
+my $rsa_keygen_kat;
+
################################################################
##### OpenSSL interface functions
################################################################
@@ -404,6 +468,35 @@ sub libgcrypt_rsa_derive($$$$$$$$) {
}
+sub libgcrypt_rsa_keygen($) {
+ my $n = shift;
+ my $sexp;
+
+ $n = sprintf ("%u", $n);
+ $sexp = "(genkey(rsa(nbits " . sprintf ("%u:%s", length($n), $n) . ")))\n";
+
+ return pipe_through_program($sexp, "fipsdrv rsa-keygen");
+}
+
+
+sub libgcrypt_rsa_keygen_kat($$$$) {
+ my $n = shift;
+ my $e = shift;
+ my $p = shift;
+ my $q = shift;
+ my $sexp;
+
+ $n = sprintf ("%u", $n);
+ $sexp = "(genkey(rsa(nbits " . sprintf ("%u:%s", length($n), $n) . ")"
+ . "(test-parms"
+ . "(e #$e#)"
+ . "(p #$p#)"
+ . "(q #$q#))))\n";
+
+ return pipe_through_program($sexp, "fipsdrv rsa-keygen-kat");
+}
+
+
sub libgcrypt_rsa_sign($$$) {
my $data = shift;
my $hashalgo = shift;
@@ -500,17 +593,32 @@ sub libgcrypt_hmac($$$$) {
return pipe_through_program($msg, $program);
}
-sub libgcrypt_dsa_pqggen($) {
+sub libgcrypt_dsa_pqggen($$$) {
+ my $mod = shift;
+ my $qsize = shift;
+ my $seed = shift;
+
+ my $program = "fipsdrv --keysize $mod --qsize $qsize dsa-pqg-gen";
+ return pipe_through_program($seed, $program);
+}
+
+sub libgcrypt_dsa_ggen($$$$) {
my $mod = shift;
+ my $qsize = shift;
+ my $p = shift;
+ my $q = shift;
+ my $domain = "(domain (p #$p#)(q #$q#))";
- my $program = "fipsdrv --keysize $mod dsa-pqg-gen";
+ my $program = "fipsdrv --keysize $mod --qsize $qsize --key \'$domain\' dsa-g-gen";
return pipe_through_program("", $program);
}
-sub libgcrypt_gen_dsakey($) {
+sub libgcrypt_gen_dsakey($$$) {
+ my $mod = shift;
+ my $qsize = shift;
my $file = shift;
- my $program = "fipsdrv --keysize 1024 --key $file dsa-gen";
+ my $program = "fipsdrv --keysize $mod --qsize $qsize --key $file dsa-gen";
my $tmp;
my %ret;
@@ -519,10 +627,21 @@ sub libgcrypt_gen_dsakey($) {
$tmp = pipe_through_program("", $program);
die "dsa key gen failed: file $file not created" if (! -f $file);
- @ret{'P', 'Q', 'G', 'Seed', 'c', 'H'} = split(/\n/, $tmp);
+ @ret{'P', 'Q', 'G'} = split(/\n/, $tmp);
return %ret;
}
+sub libgcrypt_gen_dsakey_domain($$$) {
+ my $p = shift;
+ my $q = shift;
+ my $g = shift;
+ my $domain = "(domain (p #$p#)(q #$q#)(g #$g#))";
+
+ my $program = "fipsdrv --key '$domain' dsa-gen-key";
+
+ return pipe_through_program("", $program);
+}
+
sub libgcrypt_dsa_genpubkey($$$$$) {
my $filename = shift;
my $p = shift;
@@ -1139,7 +1258,7 @@ sub hmac_kat($$$$) {
$out .= "Tlen = $tlen\n";
$out .= "Key = $key\n";
$out .= "Msg = $msg\n";
- $out .= "Mac = " . &$hmac($key, $tlen, $msg, $hashtype{$tlen}) . "\n";
+ $out .= "Mac = " . lc(&$hmac($key, $tlen, $msg, $hashtype{$tlen})) . "\n";
return $out;
}
@@ -1205,7 +1324,7 @@ sub crypto_mct($$$$$$$$) {
}
my ($CO, $CI);
my $cipher_imp = &$state_cipher($cipher, $enc, $bufsize, $key1, $iv);
- $cipher_imp = &$state_cipher_des($cipher, $enc, $bufsize, $key1, $iv) if($cipher =~ /des/);
+ $cipher_imp = &$state_cipher_des($cipher, $enc, $bufsize, $key1, $iv) if($cipher =~ /des/ && defined($state_cipher_des));
my $pid = open2($CO, $CI, $cipher_imp);
my $calc_data = $iv; # CT[j]
@@ -1213,8 +1332,8 @@ sub crypto_mct($$$$$$$$) {
my $old_old_calc_data; # CT[j-2]
my $next_source;
- # TDES inner loop implements logic within driver
- if ($cipher =~ /des/) {
+ # TDES inner loop implements logic within driver of libgcrypt
+ if ($cipher =~ /des/ && $opt{'I'} && $opt{'I'} eq 'libgcrypt' ) {
# Need to provide a dummy IV in case of ECB mode.
my $iv_arg = (defined($iv) && $iv ne "")
? bin2hex($iv)
@@ -1238,6 +1357,10 @@ sub crypto_mct($$$$$$$$) {
$line = <$CO>;
} else {
for (my $j = 0; $j < $iloop; ++$j) {
+ if ($cipher =~ /des-ede3-ofb/ ||
+ (!$enc && $cipher =~ /des-ede3-cfb/)) {
+ die "Implementation lacks support for TDES OFB and TDES CFB in encryption mode - the problem is that we would need to extract the IV of the last round of encryption which would be the input for the next round - see comments in this script for implementation requirements";
+ }
$old_old_calc_data = $old_calc_data;
$old_calc_data = $calc_data;
@@ -1429,7 +1552,7 @@ sub rsa_sigver($$$$$) {
# $7 xq2
# $8 Xq
# return: string formatted as expected by CAVS
-sub rsa_keygen($$$$$$$$) {
+sub rsa_keygen_x931($$$$$$$$) {
my $modulus = shift;
my $e = shift;
my $xp1 = shift;
@@ -1503,21 +1626,23 @@ sub rngx931($$$$) {
return $out;
}
-# DSA PQGGen test
+# DSA PQGen test
# $1 modulus size
-# $2 number of rounds to perform the test
+# $2 q size
+# $3 number of rounds to perform the test
# return: string formatted as expected by CAVS
-sub dsa_pqggen_driver($$) {
+sub dsa_pqgen_driver($$$) {
my $mod = shift;
+ my $qsize = shift;
my $rounds = shift;
my $out = "";
for(my $i=0; $i<$rounds; $i++) {
- my $ret = &$dsa_pqggen($mod);
+ my $ret = &$dsa_pqggen($mod, $qsize, "");
my ($P, $Q, $G, $Seed, $c, $H) = split(/\n/, $ret);
- die "Return value does not contain all expected values of P, Q, G, Seed, c, H for dsa_pqggen"
- if (!defined($P) || !defined($Q) || !defined($G) ||
- !defined($Seed) || !defined($c) || !defined($H));
+ die "Return value does not contain all expected values of P, Q, Seed, c for dsa_pqggen"
+ if (!defined($P) || !defined($Q) ||
+ !defined($Seed) || !defined($c));
# now change the counter to decimal as CAVS wants decimal
# counter value although all other is HEX
@@ -1525,15 +1650,166 @@ sub dsa_pqggen_driver($$) {
$out .= "P = $P\n";
$out .= "Q = $Q\n";
- $out .= "G = $G\n";
- $out .= "Seed = $Seed\n";
- $out .= "c = $c\n";
- $out .= "H = $H\n\n";
+ $out .= "domain_parameter_seed = $Seed\n";
+ $out .= "counter = $c\n\n";
}
return $out;
}
+# DSA GGen test
+# $1 modulus size
+# $2 q size
+# $3 p in hex form
+# $4 q in hex form
+# return: string formatted as expected by CAVS
+sub dsa_ggen_driver($$$$) {
+ my $mod = shift;
+ my $qsize = shift;
+ my $p = shift;
+ my $q = shift;
+
+ my $out = "";
+ my $ret = &$dsa_ggen($mod, $qsize, $p, $q);
+ my ($P, $Q, $G) = split(/\n/, $ret);
+ die "Return value does not contain all expected values of P, Q, G for dsa_ggen"
+ if (!defined($P) || !defined($Q) || !defined($G));
+
+ $out .= "G = $G\n\n";
+
+ return $out;
+}
+
+sub hexcomp($$) {
+ my $a = lc shift;
+ my $b = lc shift;
+
+ if (length $a < length $b) {
+ my $c = $a;
+ $a = $b;
+ $b = $a;
+ }
+
+ while (length $b < length $a) {
+ $b = "00$b";
+ }
+
+ return $a eq $b;
+}
+
+# DSA PQVer test
+# $1 modulus size
+# $2 q size
+# $3 p in hex form
+# $4 q in hex form
+# $5 seed in hex form
+# $6 c decimal counter
+# return: string formatted as expected by CAVS
+sub dsa_pqver_driver($$$$$$) {
+ my $mod = shift;
+ my $qsize = shift;
+ my $p = shift;
+ my $q = shift;
+ my $seed = shift;
+ my $c = shift;
+
+ my $out = "";
+ my $ret = &$dsa_pqggen($mod, $qsize, $seed);
+ my ($P, $Q, $G, $seed2, $c2, $h2) = split(/\n/, $ret);
+ die "Return value does not contain all expected values of P, Q, G, seed, c for dsa_pqggen"
+ if (!defined($P) || !defined($Q) || !defined($G) ||
+ !defined($seed2) || !defined($c2));
+
+ $c2 = hex($c2);
+
+ $out .= "Seed = $seed\n";
+ $out .= "c = $c\n";
+
+ if (hexcomp($P, $p) && hexcomp($Q, $q) && hexcomp($seed, $seed2) && $c == $c2) {
+ $out .= "Result = P\n\n";
+ }
+ else {
+ $out .= "Result = F\n\n";
+ }
+ return $out;
+}
+
+# DSA PQGVer test
+# $1 modulus size
+# $2 q size
+# $3 p in hex form
+# $4 q in hex form
+# $5 g in hex form
+# $6 seed in hex form
+# $7 c decimal counter
+# $8 h in hex form
+# return: string formatted as expected by CAVS
+sub dsa_pqgver_driver($$$$$$$$) {
+ my $mod = shift;
+ my $qsize = shift;
+ my $p = shift;
+ my $q = shift;
+ my $g = shift;
+ my $seed = shift;
+ my $c = shift;
+ my $h = shift;
+
+ my $out = "";
+ my $ret = &$dsa_pqggen($mod, $qsize, $seed);
+ my ($P, $Q, $G, $seed2, $c2, $h2) = split(/\n/, $ret);
+ die "Return value does not contain all expected values of P, Q, G, seed, c, H for dsa_pqggen"
+ if (!defined($P) || !defined($Q) || !defined($G) ||
+ !defined($seed2) || !defined($c2) || !defined($h2));
+
+
+
+ $out .= "Seed = $seed\n";
+ $out .= "c = $c\n";
+ $out .= "H = $h\n";
+
+ $c2 = hex($c2);
+
+ if (hexcomp($P, $p) && hexcomp($Q, $q) && hexcomp($G, $g) && hexcomp($seed, $seed2) &&
+ $c == $c2 && hex($h) == hex($h2)) {
+ $out .= "Result = P\n\n";
+ }
+ else {
+ $out .= "Result = F\n\n";
+ }
+
+ return $out;
+}
+
+# DSA Keypair test
+# $1 modulus size
+# $2 q size
+# $3 number of rounds to perform the test
+# return: string formatted as expected by CAVS
+sub dsa_keypair_driver($$$) {
+ my $mod = shift;
+ my $qsize = shift;
+ my $rounds = shift;
+
+ my $out = "";
+ my $tmpkeyfile = "dsa_siggen.tmp.$$";
+ my %pqg = &$gen_dsakey($mod, $qsize, $tmpkeyfile);
+ $out .= "P = " . $pqg{'P'} . "\n";
+ $out .= "Q = " . $pqg{'Q'} . "\n";
+ $out .= "G = " . $pqg{'G'} . "\n\n";
+ unlink($tmpkeyfile);
+
+ for(my $i=0; $i<$rounds; $i++) {
+ my $ret = &$gen_dsakey_domain($pqg{'P'}, $pqg{'Q'}, $pqg{'G'});
+ my ($X, $Y) = split(/\n/, $ret);
+ die "Return value does not contain all expected values of X, Y for gen_dsakey_domain"
+ if (!defined($X) || !defined($Y));
+
+ $out .= "X = $X\n";
+ $out .= "Y = $Y\n\n";
+ }
+
+ return $out;
+}
# DSA SigGen test
# $1: Message to be signed in hex form
@@ -1598,6 +1874,53 @@ sub dsa_sigver($$$$$$$$) {
return $out;
}
+# RSA Keygen RPP test
+# $1 modulus size
+# $2 number of rounds to perform the test
+# return: string formatted as expected by CAVS
+sub rsa_keygen_driver($$) {
+ my $mod = shift;
+ my $rounds = shift;
+
+ my $out = "";
+
+ for(my $i=0; $i<$rounds; $i++) {
+ my $ret = &$rsa_keygen($mod);
+ my ($e, $p, $q, $n, $d) = split(/\n/, $ret);
+ die "Return value does not contain all expected values of e, p, q, n, d for rsa_keygen"
+ if (!defined($e) || !defined($p) || !defined($q) || !defined($n) || !defined($d));
+
+ $out .= "e = $e\n";
+ $out .= "p = $p\n";
+ $out .= "q = $q\n";
+ $out .= "n = $n\n";
+ $out .= "d = $d\n\n";
+ }
+
+ return $out;
+}
+
+# RSA RPP Keygen KAT test
+# $1 modulus size
+# $2 p in hex form
+# $3 q in hex form
+# return: string formatted as expected by CAVS
+sub rsa_keygen_kat_driver($$$) {
+ my $mod = shift;
+ my $p = shift;
+ my $q = shift;
+
+ my $out = "";
+ my $ret = &$rsa_keygen_kat($mod, $p, $q);
+ my ($Result) = split(/\n/, $ret);
+ die "Return value does not contain all expected values of Result for rsa_keygen_kat"
+ if (!defined($Result));
+
+ $out .= "Result = $Result\n\n";
+ return $out;
+}
+
+
##############################################################
# Parser of input file and generator of result file
#
@@ -1658,12 +1981,18 @@ sub parse($$) {
my $klen = "";
my $tlen = "";
my $modulus = "";
+ my $qsize = "";
my $capital_n = 0;
+ my $num = 0;
my $capital_p = "";
my $capital_q = "";
my $capital_g = "";
my $capital_y = "";
my $capital_r = "";
+ my $capital_h = "";
+ my $c = "";
+ my $prandom = "";
+ my $qrandom = "";
my $xp1 = "";
my $xp2 = "";
my $Xp = "";
@@ -1700,7 +2029,7 @@ sub parse($$) {
##### Extract cipher
# XXX there may be more - to be added
- if ($tmpline =~ /^#.*(CBC|ECB|OFB|CFB|SHA-|SigGen|SigVer|RC4VS|ANSI X9\.31|Hash sizes tested|PQGGen|KeyGen RSA)/) {
+ if ($tmpline =~ /^#.*(CBC|ECB|OFB|CFB|SHA-|SigGen|SigVer|RC4VS|ANSI X9\.31|Hash sizes tested|PQGGen|KeyGen RSA|KeyGen - Random Probably Prime|KeyPair|PQGVer)/) {
if ($tmpline =~ /CBC/) { $mode="cbc"; }
elsif ($tmpline =~ /ECB/) { $mode="ecb"; }
elsif ($tmpline =~ /OFB/) { $mode="ofb"; }
@@ -1749,7 +2078,23 @@ sub parse($$) {
if ($tt == 0) {
##### Identify the test type
- if ($tmpline =~ /KeyGen RSA \(X9\.31\)/) {
+ if ($tmpline =~ /KeyGen - Random Probably Prime Known Answer Test/) {
+ $tt = 19;
+ die "Interface function rsa_keygen_kat for RSA key generation KAT not defined for tested library"
+ if (!defined($rsa_keygen_kat));
+ } elsif ($tmpline =~ /KeyGen - Random Probably Prime Test/) {
+ $tt = 18;
+ die "Interface function rsa_keygen for RSA key generation not defined for tested library"
+ if (!defined($rsa_keygen));
+ } elsif ($tmpline =~ /PQGVer/) {
+ $tt = 16;
+ die "Interface function for DSA PQGVer testing not defined for tested library"
+ if (!defined($dsa_pqggen));
+ } elsif ($tmpline =~ /KeyPair/) {
+ $tt = 14;
+ die "Interface function dsa_keygen for DSA key generation not defined for tested library"
+ if (!defined($gen_dsakey_domain));
+ } elsif ($tmpline =~ /KeyGen RSA \(X9\.31\)/) {
$tt = 13;
die "Interface function rsa_derive for RSA key generation not defined for tested library"
if (!defined($rsa_derive));
@@ -1760,11 +2105,11 @@ sub parse($$) {
} elsif ($tmpline =~ /SigGen/ && $opt{'D'}) {
$tt = 11;
die "Interface function dsa_sign or gen_dsakey for DSA sign not defined for tested library"
- if (!defined($dsa_sign) || !defined($gen_rsakey));
+ if (!defined($dsa_sign) || !defined($gen_dsakey));
} elsif ($tmpline =~ /PQGGen/) {
$tt = 10;
die "Interface function for DSA PQGGen testing not defined for tested library"
- if (!defined($dsa_pqggen));
+ if (!defined($dsa_pqggen) || !defined($dsa_ggen));
} elsif ($tmpline =~ /Hash sizes tested/) {
$tt = 9;
die "Interface function hmac for HMAC testing not defined for tested library"
@@ -1792,7 +2137,7 @@ sub parse($$) {
} elsif ($tmpline =~ /Monte|MCT|Carlo/) {
$tt = 2;
die "Interface function state_cipher for Stateful Cipher operation defined for tested library"
- if (!defined($state_cipher) || !defined($state_cipher_des));
+ if (!defined($state_cipher) && !defined($state_cipher_des));
} elsif ($cipher =~ /^sha/) {
$tt = 3;
die "Interface function hash for Hashing not defined for tested library"
@@ -1875,18 +2220,44 @@ sub parse($$) {
die "Msg/Seed seen twice - input file crap" if ($pt ne "");
$pt=$2;
}
- elsif ($line =~ /^\[mod\s*=\s*(.*)\]$/) { # found in RSA requests
+ elsif ($line =~ /^\[A.2.1\s.*\]$/) { # found in DSA2 PQGGen request
+ $out .= $line . "\n"; # print it
+ if ($tt == 10) {
+ # now generate G from PQ
+ $tt = 15;
+ }
+ }
+ elsif ($line =~ /^\[A.2.2\s.*\]$/) { # found in DSA2 PQGVer request
+ $out .= $line . "\n"; # print it
+ if ($tt == 16) {
+ # now verify PQG
+ $tt = 17;
+ }
+ }
+ elsif ($line =~ /^\[mod\s*=\s*L=([0-9]*),\s*N=([0-9]*).*\]$/) { # found in DSA2 requests
$modulus = $1;
+ $qsize = $2;
$out .= $line . "\n\n"; # print it
+ # clear eventual PQG
+ $capital_p = "";
+ $capital_q = "";
+ $capital_g = "";
# generate the private key with given bit length now
# as we have the required key length in bit
if ($tt == 11) {
$dsa_keyfile = "dsa_siggen.tmp.$$";
- my %pqg = &$gen_dsakey($dsa_keyfile);
+ my %pqg = &$gen_dsakey($modulus, $qsize, $dsa_keyfile);
$out .= "P = " . $pqg{'P'} . "\n";
$out .= "Q = " . $pqg{'Q'} . "\n";
- $out .= "G = " . $pqg{'G'} . "\n";
- } elsif ( $tt == 5 ) {
+ $out .= "G = " . $pqg{'G'} . "\n\n";
+ }
+ }
+ elsif ($line =~ /^\[mod\s*=\s*(.*)\]$/) { # found in RSA requests
+ $modulus = $1;
+ $out .= $line . "\n\n"; # print it
+ # generate the private key with given bit length now
+ # as we have the required key length in bit
+ if ( $tt == 5 ) {
# XXX maybe a secure temp file name is better here
# but since it is not run on a security sensitive
# system, I hope that this is fine
@@ -1907,6 +2278,9 @@ sub parse($$) {
}
elsif ($line =~ /^e\s*=\s*(.*)/) { # found in RSA requests
$e=$1;
+ if ($tt == 19) {
+ $out .= $line . "\n"; # print it
+ }
}
elsif ($line =~ /^S\s*=\s*(.*)/) { # found in RSA requests
die "S seen twice - input file crap" if ($signature ne "");
@@ -1932,11 +2306,16 @@ sub parse($$) {
if ($tlen ne "");
$tlen=$1;
}
- elsif ($line =~ /^N\s*=\s*(.*)/) { #DSA PQGGen
+ elsif ($line =~ /^N\s*=\s*(.*)/) { #DSA KeyPair
die "N seen twice - check input file"
if ($capital_n);
$capital_n = $1;
}
+ elsif ($line =~ /^Num\s*=\s*(.*)/) { #DSA PQGGen
+ die "Num seen twice - check input file"
+ if ($num);
+ $num = $1;
+ }
elsif ($line =~ /^P\s*=\s*(.*)/) { #DSA SigVer
die "P seen twice - check input file"
if ($capital_p);
@@ -1965,6 +2344,16 @@ sub parse($$) {
if ($capital_r);
$capital_r = $1;
}
+ elsif ($line =~ /^H\s*=\s*(.*)/) { #DSA PQGVer
+ die "H seen twice - check input file"
+ if ($capital_h);
+ $capital_h = $1;
+ }
+ elsif ($line =~ /^c\s*=\s*(.*)/) { #DSA PQGVer
+ die "c seen twice - check input file"
+ if ($c);
+ $c = $1;
+ }
elsif ($line =~ /^xp1\s*=\s*(.*)/) { #RSA key gen
die "xp1 seen twice - check input file"
if ($xp1);
@@ -1995,6 +2384,22 @@ sub parse($$) {
if ($Xq);
$Xq = $1;
}
+ elsif ($line =~ /^prandom\s*=\s*(.*)/) { #RSA key gen KAT
+ die "prandom seen twice - check input file"
+ if ($prandom);
+ $prandom = $1;
+ $out .= $line . "\n"; # print it
+ }
+ elsif ($line =~ /^qrandom\s*=\s*(.*)/) { #RSA key gen KAT
+ die "qrandom seen twice - check input file"
+ if ($qrandom);
+ $qrandom = $1;
+ $out .= $line . "\n"; # print it
+ }
+ elsif ($tt == 19 && $line =~ /^ / && $qrandom eq "") { #RSA key gen KAT
+ $qrandom = "00";
+ $out .= $line . "\n"; # print it
+ }
else {
$out .= $line . "\n";
}
@@ -2074,11 +2479,10 @@ sub parse($$) {
}
}
elsif ($tt == 10) {
- if ($modulus ne "" && $capital_n > 0) {
- $out .= dsa_pqggen_driver($modulus, $capital_n);
- #$mod is not resetted
- $capital_n = 0;
- }
+ if ($modulus ne "" && $qsize ne "" && $num > 0) {
+ $out .= dsa_pqgen_driver($modulus, $qsize, $num);
+ $num = 0;
+ }
}
elsif ($tt == 11) {
if ($pt ne "" && $dsa_keyfile ne "") {
@@ -2124,7 +2528,7 @@ sub parse($$) {
$xq1 ne "" &&
$xq2 ne "" &&
$Xq ne "") {
- $out .= rsa_keygen($modulus,
+ $out .= rsa_keygen_x931($modulus,
$e,
$xp1,
$xp2,
@@ -2141,6 +2545,96 @@ sub parse($$) {
$Xq = "";
}
}
+ elsif ($tt == 14) {
+ if ($modulus ne "" &&
+ $qsize ne "" &&
+ $capital_n > 0) {
+ $out .= dsa_keypair_driver($modulus,
+ $qsize,
+ $capital_n);
+ $capital_n = 0;
+ }
+ }
+ elsif ($tt == 15) {
+ if ($modulus ne "" &&
+ $qsize ne "" &&
+ $capital_p ne "" &&
+ $capital_q ne "") {
+ $out .= dsa_ggen_driver($modulus,
+ $qsize,
+ $capital_p,
+ $capital_q);
+ $capital_p = "";
+ $capital_q = "";
+ $num--;
+ }
+ }
+ elsif ($tt == 16) {
+ if ($modulus ne "" &&
+ $qsize ne "" &&
+ $capital_p ne "" &&
+ $capital_q ne "" &&
+ $pt ne "" &&
+ $c ne "") {
+ $out .= dsa_pqver_driver($modulus,
+ $qsize,
+ $capital_p,
+ $capital_q,
+ $pt,
+ $c);
+ $capital_p = "";
+ $capital_q = "";
+ $pt = "";
+ $c = "";
+ }
+ }
+ elsif ($tt == 17) {
+ if ($modulus ne "" &&
+ $qsize ne "" &&
+ $capital_p ne "" &&
+ $capital_q ne "" &&
+ $capital_g ne "" &&
+ $pt ne "" &&
+ $c ne "" &&
+ $capital_h ne "") {
+ $out .= dsa_pqgver_driver($modulus,
+ $qsize,
+ $capital_p,
+ $capital_q,
+ $capital_g,
+ $pt,
+ $c,
+ $capital_h);
+ $capital_p = "";
+ $capital_q = "";
+ $capital_g = "";
+ $pt = "";
+ $c = "";
+ $capital_h = "";
+ }
+ }
+ elsif ($tt == 18) {
+ if ($modulus ne "" &&
+ $capital_n > 0) {
+ $out .= rsa_keygen_driver($modulus,
+ $capital_n);
+ $capital_n = 0;
+ }
+ }
+ elsif ($tt == 19) {
+ if ($modulus ne "" &&
+ $e ne "" &&
+ $prandom ne "" &&
+ $qrandom ne "") {
+ $out .= rsa_keygen_kat_driver($modulus,
+ $e,
+ $prandom,
+ $qrandom);
+ $prandom = "";
+ $qrandom = "";
+ $e = "";
+ }
+ }
elsif ($tt > 0) {
die "Test case $tt not defined";
}
@@ -2199,10 +2693,14 @@ sub main() {
$state_rng = \&libgcrypt_state_rng;
$hmac = \&libgcrypt_hmac;
$dsa_pqggen = \&libgcrypt_dsa_pqggen;
+ $dsa_ggen = \&libgcrypt_dsa_ggen;
$gen_dsakey = \&libgcrypt_gen_dsakey;
+ $gen_dsakey_domain = \&libgcrypt_gen_dsakey_domain;
$dsa_sign = \&libgcrypt_dsa_sign;
$dsa_verify = \&libgcrypt_dsa_verify;
$dsa_genpubkey = \&libgcrypt_dsa_genpubkey;
+ $rsa_keygen = \&libgcrypt_rsa_keygen;
+ $rsa_keygen_kat = \&libgcrypt_rsa_keygen_kat;
} else {
die "Invalid interface option given";
}
diff -up libgcrypt-1.7.3/tests/cavs_tests.sh.cavs libgcrypt-1.7.3/tests/cavs_tests.sh
--- libgcrypt-1.7.3/tests/cavs_tests.sh.cavs 2013-03-15 20:25:38.000000000 +0100
+++ libgcrypt-1.7.3/tests/cavs_tests.sh 2016-11-22 17:29:06.067553077 +0100
@@ -55,7 +55,7 @@ function run_one_test () {
[ -d "$respdir" ] || mkdir "$respdir"
[ -f "$rspfile" ] && rm "$rspfile"
- if echo "$reqfile" | grep '/DSA/req/' >/dev/null 2>/dev/null; then
+ if echo "$reqfile" | grep '/DSA.\?/req/' >/dev/null 2>/dev/null; then
dflag="-D"
fi
diff -up libgcrypt-1.7.3/tests/fipsdrv.c.cavs libgcrypt-1.7.3/tests/fipsdrv.c
--- libgcrypt-1.7.3/tests/fipsdrv.c.cavs 2016-07-14 11:19:17.000000000 +0200
+++ libgcrypt-1.7.3/tests/fipsdrv.c 2016-11-22 17:33:15.468330859 +0100
@@ -892,6 +892,9 @@ print_mpi_line (gcry_mpi_t a, int no_lz)
die ("gcry_mpi_aprint failed: %s\n", gpg_strerror (err));
p = buf;
+ while (*p)
+ *p++ = tolower(*p);
+ p = buf;
if (no_lz && p[0] == '0' && p[1] == '0' && p[2])
p += 2;
@@ -1765,14 +1768,14 @@ run_rsa_verify (const void *data, size_t
/* Generate a DSA key of size KEYSIZE and return the complete
S-expression. */
static gcry_sexp_t
-dsa_gen (int keysize)
+dsa_gen (int keysize, int qsize)
{
gpg_error_t err;
gcry_sexp_t keyspec, key;
err = gcry_sexp_build (&keyspec, NULL,
- "(genkey (dsa (nbits %d)(use-fips186-2)))",
- keysize);
+ "(genkey (dsa (nbits %d)(qbits %d)(use-fips186)))",
+ keysize, qsize);
if (err)
die ("gcry_sexp_build failed for DSA key generation: %s\n",
gpg_strerror (err));
@@ -1790,7 +1793,7 @@ dsa_gen (int keysize)
/* Generate a DSA key of size KEYSIZE and return the complete
S-expression. */
static gcry_sexp_t
-dsa_gen_with_seed (int keysize, const void *seed, size_t seedlen)
+dsa_gen_with_seed (int keysize, int qsize, const void *seed, size_t seedlen)
{
gpg_error_t err;
gcry_sexp_t keyspec, key;
@@ -1799,10 +1802,11 @@ dsa_gen_with_seed (int keysize, const vo
"(genkey"
" (dsa"
" (nbits %d)"
- " (use-fips186-2)"
+ " (qbits %d)"
+ " (use-fips186)"
" (derive-parms"
" (seed %b))))",
- keysize, (int)seedlen, seed);
+ keysize, qsize, (int)seedlen, seed);
if (err)
die ("gcry_sexp_build failed for DSA key generation: %s\n",
gpg_strerror (err));
@@ -1810,6 +1814,37 @@ dsa_gen_with_seed (int keysize, const vo
err = gcry_pk_genkey (&key, keyspec);
if (err)
die ("gcry_pk_genkey failed for DSA: %s\n", gpg_strerror (err));
+
+ gcry_sexp_release (keyspec);
+
+ return key;
+}
+
+/* Generate a DSA key with specified domain parameters and return the complete
+ S-expression. */
+static gcry_sexp_t
+dsa_gen_key (const char *domain)
+{
+ gpg_error_t err;
+ gcry_sexp_t keyspec, key, domspec;
+
+ err = gcry_sexp_new (&domspec, domain, strlen(domain), 0);
+ if (err)
+ die ("gcry_sexp_build failed for domain spec: %s\n",
+ gpg_strerror (err));
+
+ err = gcry_sexp_build (&keyspec, NULL,
+ "(genkey"
+ " (dsa"
+ " (use-fips186)"
+ " %S))",
+ domspec);
+ if (err)
+ die ("gcry_sexp_build failed for DSA key generation: %s\n",
+ gpg_strerror (err));
+ err = gcry_pk_genkey (&key, keyspec);
+ if (err)
+ die ("gcry_pk_genkey failed for DSA: %s\n", gpg_strerror (err));
gcry_sexp_release (keyspec);
@@ -1849,7 +1884,7 @@ ecdsa_gen_key (const char *curve)
with one parameter per line in hex format using this order: p, q,
g, seed, counter, h. */
static void
-print_dsa_domain_parameters (gcry_sexp_t key)
+print_dsa_domain_parameters (gcry_sexp_t key, int print_misc)
{
gcry_sexp_t l1, l2;
gcry_mpi_t mpi;
@@ -1885,6 +1920,9 @@ print_dsa_domain_parameters (gcry_sexp_t
}
gcry_sexp_release (l1);
+ if (!print_misc)
+ return;
+
/* Extract the seed values. */
l1 = gcry_sexp_find_token (key, "misc-key-info", 0);
if (!l1)
@@ -1976,38 +2014,106 @@ print_ecdsa_dq (gcry_sexp_t key)
}
-/* Generate DSA domain parameters for a modulus size of KEYSIZE. The
+/* Print just the XY private key parameters. KEY
+ is the complete key as returned by dsa_gen. We print to stdout
+ with one parameter per line in hex format using this order: x, y. */
+static void
+print_dsa_xy (gcry_sexp_t key)
+{
+ gcry_sexp_t l1, l2;
+ gcry_mpi_t mpi;
+ int idx;
+
+ l1 = gcry_sexp_find_token (key, "private-key", 0);
+ if (!l1)
+ die ("private key not found in genkey result\n");
+
+ l2 = gcry_sexp_find_token (l1, "dsa", 0);
+ if (!l2)
+ die ("returned private key not formed as expected\n");
+ gcry_sexp_release (l1);
+ l1 = l2;
+
+ /* Extract the parameters from the S-expression and print them to stdout. */
+ for (idx=0; "xy"[idx]; idx++)
+ {
+ l2 = gcry_sexp_find_token (l1, "xy"+idx, 1);
+ if (!l2)
+ die ("no %c parameter in returned public key\n", "xy"[idx]);
+ mpi = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
+ if (!mpi)
+ die ("no value for %c parameter in returned private key\n","xy"[idx]);
+ gcry_sexp_release (l2);
+ if (standalone_mode)
+ printf ("%c = ", "XY"[idx]);
+ print_mpi_line (mpi, 1);
+ gcry_mpi_release (mpi);
+ }
+
+ gcry_sexp_release (l1);
+}
+
+
+/* Generate DSA pq domain parameters for a modulus size of KEYSIZE. The
result is printed to stdout with one parameter per line in hex
- format and in this order: p, q, g, seed, counter, h. If SEED is
+ format and in this order: p, q, seed, counter. If SEED is
not NULL this seed value will be used for the generation. */
static void
-run_dsa_pqg_gen (int keysize, const void *seed, size_t seedlen)
+run_dsa_pqg_gen (int keysize, int qsize, const void *seed, size_t seedlen)
{
gcry_sexp_t key;
if (seed)
- key = dsa_gen_with_seed (keysize, seed, seedlen);
+ key = dsa_gen_with_seed (keysize, qsize, seed, seedlen);
else
- key = dsa_gen (keysize);
- print_dsa_domain_parameters (key);
+ key = dsa_gen (keysize, qsize);
+ print_dsa_domain_parameters (key, 1);
+ gcry_sexp_release (key);
+}
+
+
+/* Generate DSA domain parameters for a modulus size of KEYSIZE. The
+ result is printed to stdout with one parameter per line in hex
+ format and in this order: p, q, g, seed, counter, h. If SEED is
+ not NULL this seed value will be used for the generation. */
+static void
+run_dsa_g_gen (int keysize, int qsize, const char *domain)
+{
+ gcry_sexp_t key;
+
+ key = dsa_gen_key (domain);
+ print_dsa_domain_parameters (key, 0);
+ gcry_sexp_release (key);
+}
+
+/* Generate a DSA key with specified domain parameters
+ and print the XY values. */
+static void
+run_dsa_gen_key (const char *domain)
+{
+ gcry_sexp_t key;
+
+ key = dsa_gen_key (domain);
+ print_dsa_xy (key);
+
gcry_sexp_release (key);
}
/* Generate a DSA key of size of KEYSIZE and write the private key to
FILENAME. Also write the parameters to stdout in the same way as
- run_dsa_pqg_gen. */
+ run_dsa_g_gen. */
static void
-run_dsa_gen (int keysize, const char *filename)
+run_dsa_gen (int keysize, int qsize, const char *filename)
{
gcry_sexp_t key, private_key;
FILE *fp;
- key = dsa_gen (keysize);
+ key = dsa_gen (keysize, qsize);
private_key = gcry_sexp_find_token (key, "private-key", 0);
if (!private_key)
die ("private key not found in genkey result\n");
- print_dsa_domain_parameters (key);
+ print_dsa_domain_parameters (key, 1);
fp = fopen (filename, "wb");
if (!fp)
@@ -2020,6 +2126,53 @@ run_dsa_gen (int keysize, const char *fi
}
+static int
+dsa_hash_from_key(gcry_sexp_t s_key)
+{
+ gcry_sexp_t l1, l2;
+ gcry_mpi_t q;
+ unsigned int qbits;
+
+ l1 = gcry_sexp_find_token (s_key, "public-key", 0);
+ if (!l1)
+ {
+ l1 = gcry_sexp_find_token (s_key, "private-key", 0);
+ if (!l1)
+ die ("neither private nor public key found in the loaded key\n");
+ }
+
+ l2 = gcry_sexp_find_token (l1, "dsa", 0);
+ if (!l2)
+ die ("public key not formed as expected - no dsa\n");
+ gcry_sexp_release (l1);
+ l1 = l2;
+
+ l2 = gcry_sexp_find_token (l1, "q", 0);
+ if (!l2)
+ die ("public key not formed as expected - no q\n");
+ gcry_sexp_release (l1);
+ l1 = l2;
+
+ q = gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG);
+ if (!q)
+ die ("public key not formed as expected - no mpi in q\n");
+ qbits = gcry_mpi_get_nbits(q);
+ gcry_sexp_release(l1);
+ gcry_mpi_release(q);
+ switch(qbits)
+ {
+ case 160:
+ return GCRY_MD_SHA1;
+ case 224:
+ return GCRY_MD_SHA224;
+ case 256:
+ return GCRY_MD_SHA256;
+ default:
+ die("bad number bits (%d) of q in key\n", qbits);
+ }
+ return GCRY_MD_NONE;
+}
+
/* Sign DATA of length DATALEN using the key taken from the S-expression
encoded KEYFILE. */
@@ -2029,11 +2182,16 @@ run_dsa_sign (const void *data, size_t d
{
gpg_error_t err;
gcry_sexp_t s_data, s_key, s_sig, s_tmp, s_tmp2;
- char hash[20];
+ char hash[128];
gcry_mpi_t tmpmpi;
+ int algo;
+
+ s_key = read_sexp_from_file (keyfile);
+ algo = dsa_hash_from_key(s_key);
- gcry_md_hash_buffer (GCRY_MD_SHA1, hash, data, datalen);
- err = gcry_mpi_scan (&tmpmpi, GCRYMPI_FMT_USG, hash, 20, NULL);
+ gcry_md_hash_buffer (algo, hash, data, datalen);
+ err = gcry_mpi_scan (&tmpmpi, GCRYMPI_FMT_USG, hash,
+ gcry_md_get_algo_dlen(algo), NULL);
if (!err)
{
err = gcry_sexp_build (&s_data, NULL,
@@ -2044,8 +2202,6 @@ run_dsa_sign (const void *data, size_t d
die ("gcry_sexp_build failed for DSA data input: %s\n",
gpg_strerror (err));
- s_key = read_sexp_from_file (keyfile);
-
err = gcry_pk_sign (&s_sig, s_data, s_key);
if (err)
{
@@ -2121,13 +2277,18 @@ run_dsa_verify (const void *data, size_t
{
gpg_error_t err;
gcry_sexp_t s_data, s_key, s_sig;
- char hash[20];
+ char hash[128];
gcry_mpi_t tmpmpi;
+ int algo;
- gcry_md_hash_buffer (GCRY_MD_SHA1, hash, data, datalen);
+ s_key = read_sexp_from_file (keyfile);
+ algo = dsa_hash_from_key(s_key);
+
+ gcry_md_hash_buffer (algo, hash, data, datalen);
/* Note that we can't simply use %b with HASH to build the
S-expression, because that might yield a negative value. */
- err = gcry_mpi_scan (&tmpmpi, GCRYMPI_FMT_USG, hash, 20, NULL);
+ err = gcry_mpi_scan (&tmpmpi, GCRYMPI_FMT_USG, hash,
+ gcry_md_get_algo_dlen(algo), NULL);
if (!err)
{
err = gcry_sexp_build (&s_data, NULL,
@@ -2138,7 +2299,6 @@ run_dsa_verify (const void *data, size_t
die ("gcry_sexp_build failed for DSA data input: %s\n",
gpg_strerror (err));
- s_key = read_sexp_from_file (keyfile);
s_sig = read_sexp_from_file (sigfile);
err = gcry_pk_verify (s_sig, s_data, s_key);
@@ -2304,7 +2464,7 @@ usage (int show_help)
"MODE:\n"
" encrypt, decrypt, digest, random, hmac-sha,\n"
" rsa-{derive,gen,sign,verify},\n"
- " dsa-{pqg-gen,gen,sign,verify}, ecdsa-{gen-key,sign,verify}\n"
+ " dsa-{pq-gen,g-gen,gen,sign,verify}, ecdsa-{gen-key,sign,verify}\n"
"OPTIONS:\n"
" --verbose Print additional information\n"
" --binary Input and output is in binary form\n"
@@ -2315,6 +2475,7 @@ usage (int show_help)
" --algo NAME Use algorithm NAME\n"
" --curve NAME Select ECC curve spec NAME\n"
" --keysize N Use a keysize of N bits\n"
+ " --qize N Use a DSA q parameter size of N bits\n"
" --signature NAME Take signature from file NAME\n"
" --chunk N Read in chunks of N bytes (implies --binary)\n"
" --pkcs1 Use PKCS#1 encoding\n"
@@ -2344,6 +2505,7 @@ main (int argc, char **argv)
const char *dt_string = NULL;
const char *algo_string = NULL;
const char *keysize_string = NULL;
+ const char *qsize_string = NULL;
const char *signature_string = NULL;
FILE *input;
void *data;
@@ -2437,6 +2599,14 @@ main (int argc, char **argv)
keysize_string = *argv;
argc--; argv++;
}
+ else if (!strcmp (*argv, "--qsize"))
+ {
+ argc--; argv++;
+ if (!argc)
+ usage (0);
+ qsize_string = *argv;
+ argc--; argv++;
+ }
else if (!strcmp (*argv, "--signature"))
{
argc--; argv++;
@@ -2792,23 +2962,49 @@ main (int argc, char **argv)
}
else if (!strcmp (mode_string, "dsa-pqg-gen"))
{
- int keysize;
+ int keysize, qsize;
+
+ keysize = keysize_string? atoi (keysize_string) : 0;
+ if (keysize < 1024 || keysize > 3072)
+ die ("invalid keysize specified; needs to be 1024 .. 3072\n");
+ qsize = qsize_string? atoi (qsize_string) : 0;
+ if (qsize < 160 || qsize > 256)
+ die ("invalid qsize specified; needs to be 160 .. 256\n");
+ run_dsa_pqg_gen (keysize, qsize, datalen? data:NULL, datalen);
+ }
+ else if (!strcmp (mode_string, "dsa-g-gen"))
+ {
+ int keysize, qsize;
keysize = keysize_string? atoi (keysize_string) : 0;
if (keysize < 1024 || keysize > 3072)
die ("invalid keysize specified; needs to be 1024 .. 3072\n");
- run_dsa_pqg_gen (keysize, datalen? data:NULL, datalen);
+ qsize = qsize_string? atoi (qsize_string) : 0;
+ if (qsize < 160 || qsize > 256)
+ die ("invalid qsize specified; needs to be 160 .. 256\n");
+ if (!key_string)
+ die ("option --key containing pq domain parameters is required in this mode\n");
+ run_dsa_g_gen (keysize, qsize, key_string);
+ }
+ else if (!strcmp (mode_string, "dsa-gen-key"))
+ {
+ if (!key_string)
+ die ("option --key containing pqg domain parameters is required in this mode\n");
+ run_dsa_gen_key (key_string);
}
else if (!strcmp (mode_string, "dsa-gen"))
{
- int keysize;
+ int keysize, qsize;
keysize = keysize_string? atoi (keysize_string) : 0;
if (keysize < 1024 || keysize > 3072)
die ("invalid keysize specified; needs to be 1024 .. 3072\n");
+ qsize = qsize_string? atoi (qsize_string) : 0;
+ if (qsize < 160 || qsize > 256)
+ die ("invalid qsize specified; needs to be 160 .. 256\n");
if (!key_string)
die ("option --key is required in this mode\n");
- run_dsa_gen (keysize, key_string);
+ run_dsa_gen (keysize, qsize, key_string);
}
else if (!strcmp (mode_string, "dsa-sign"))
{