From c826d23e28f01e6d47fe34280b86530096afe54c Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Tue, 18 Jun 2024 10:48:19 +0900 Subject: [PATCH] Update hobble-nettle to disable SM4 again Related: RHEL-39951 Signed-off-by: Daiki Ueno --- hobble-nettle | 339 +++++++++++++++++++++++++++++++++++++++++++++++--- sources | 2 +- 2 files changed, 320 insertions(+), 21 deletions(-) diff --git a/hobble-nettle b/hobble-nettle index 828e0b3..c31786b 100755 --- a/hobble-nettle +++ b/hobble-nettle @@ -12,27 +12,87 @@ for f in ecc-secp192r1.c ecc-secp224r1.c; do eval "$CMD $f" done -patch -p1 << __EOF__ -From b519b23a141752043c9cc9182048c26d80d22af2 Mon Sep 17 00:00:00 2001 +# SM4 +for f in gcm-sm4-meta.c gcm-sm4.c sm4-meta.c sm4.c sm4.h testsuite/sm4-test.c; do + eval "$CMD $f" +done + +patch -p1 << '__EOF__' +From 6a729afd5059ba8aff85827e718be54658904ad6 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Sun, 21 Mar 2021 11:09:51 +0100 -Subject: [PATCH] Remove secp192r1 and secp224r1 support +Subject: [PATCH 1/2] Remove secp192r1 and secp224r1 support --- + Makefile.in | 22 ++---------- eccdata.c | 67 +---------------------------------- examples/ecc-benchmark.c | 2 -- examples/hogweed-benchmark.c | 17 --------- testsuite/ecdh-test.c | 40 --------------------- testsuite/ecdsa-sign-test.c | 47 ------------------------ testsuite/ecdsa-verify-test.c | 28 --------------- - testsuite/testutils.c | 20 ----------- - 7 files changed, 1 insertion(+), 220 deletions(-) + testsuite/testutils.c | 22 +----------- + 8 files changed, 4 insertions(+), 241 deletions(-) +diff --git a/Makefile.in b/Makefile.in +index f031e195..36587d29 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -201,7 +201,7 @@ hogweed_SOURCES = sexp.c sexp-format.c \ + ecc-mod-arith.c ecc-pp1-redc.c ecc-pm1-redc.c \ + ecc-curve25519.c ecc-curve448.c \ + ecc-gost-gc256b.c ecc-gost-gc512a.c \ +- ecc-secp192r1.c ecc-secp224r1.c ecc-secp256r1.c \ ++ ecc-secp256r1.c \ + ecc-secp384r1.c ecc-secp521r1.c \ + ecc-size.c ecc-j-to-a.c ecc-a-to-j.c \ + ecc-dup-jj.c ecc-add-jja.c ecc-add-jjj.c ecc-nonsec-add-jjj.c \ +@@ -354,22 +354,6 @@ des.$(OBJEXT): des.c des.h $(des_headers) + + # Generate ECC files, with roughly 16 KB of tables per curve. + +-# Some reasonable choices for 192: +-# k = 8, c = 6, S = 256, T = 40 ( 32 A + 8 D) 12 KB +-# k = 14, c = 7, S = 256, T = 42 ( 28 A + 14 D) 12 KB +-# k = 11, c = 6, S = 192, T = 44 ( 33 A + 11 D) 9 KB +-# k = 16, c = 6, S = 128, T = 48 ( 32 A + 16 D) 6 KB +-ecc-secp192r1.h: eccdata.stamp +- ./eccdata$(EXEEXT_FOR_BUILD) secp192r1 8 6 $(NUMB_BITS) > $@T && mv $@T $@ +- +-# Some reasonable choices for 224: +-# k = 16, c = 7, S = 256, T = 48 ( 32 A + 16 D) ~16 KB +-# k = 10, c = 6, S = 256, T = 50 ( 40 A + 10 D) ~16 KB +-# k = 13, c = 6, S = 192, T = 52 ( 39 A + 13 D) ~12 KB +-# k = 9, c = 5, S = 160, T = 54 ( 45 A + 9 D) ~10 KB +-ecc-secp224r1.h: eccdata.stamp +- ./eccdata$(EXEEXT_FOR_BUILD) secp224r1 16 7 $(NUMB_BITS) > $@T && mv $@T $@ +- + # Some reasonable choices for 256: + # k = 9, c = 6, S = 320, T = 54 ( 45 A + 9 D) 20 KB + # k = 11, c = 6, S = 256, T = 55 ( 44 A + 11 D) 16 KB +@@ -429,8 +413,6 @@ ecc-curve25519.$(OBJEXT): ecc-curve25519.h + ecc-curve448.$(OBJEXT): ecc-curve448.h + ecc-gost-gc256b.$(OBJEXT): ecc-gost-gc256b.h + ecc-gost-gc512a.$(OBJEXT): ecc-gost-gc512a.h +-ecc-secp192r1.$(OBJEXT): ecc-secp192r1.h +-ecc-secp224r1.$(OBJEXT): ecc-secp224r1.h + ecc-secp256r1.$(OBJEXT): ecc-secp256r1.h + ecc-secp384r1.$(OBJEXT): ecc-secp384r1.h + ecc-secp521r1.$(OBJEXT): ecc-secp521r1.h +@@ -677,7 +659,7 @@ clean-here: + -rm -f $(TARGETS) *.$(OBJEXT) *.$(OBJEXT).d *.s *.so *.dll *.a \ + ecc-curve25519.h ecc-curve448.h \ + ecc-gost-gc256b.h ecc-gost-gc512a.h \ +- ecc-secp192r1.h ecc-secp224r1.h ecc-secp256r1.h \ ++ ecc-secp256r1.h \ + ecc-secp384r1.h ecc-secp521r1.h \ + aesdata$(EXEEXT_FOR_BUILD) \ + desdata$(EXEEXT_FOR_BUILD) \ diff --git a/eccdata.c b/eccdata.c -index 1b4cb0b5..dc2be5f9 100644 +index 3f8e3f13..06afb200 100644 --- a/eccdata.c +++ b/eccdata.c -@@ -434,72 +434,7 @@ ecc_curve_init_str (struct ecc_curve *ecc, enum ecc_type type, +@@ -435,72 +435,7 @@ ecc_curve_init_str (struct ecc_curve *ecc, enum ecc_type type, static void ecc_curve_init (struct ecc_curve *ecc, const char *curve) { @@ -107,10 +167,10 @@ index 1b4cb0b5..dc2be5f9 100644 ecc_curve_init_str (ecc, ECC_TYPE_WEIERSTRASS, /* p = 2^{256} - 2^{224} + 2^{192} + 2^{96} - 1 */ diff --git a/examples/ecc-benchmark.c b/examples/ecc-benchmark.c -index 3ab269c7..402744a0 100644 +index 7e857f80..0bffe7a9 100644 --- a/examples/ecc-benchmark.c +++ b/examples/ecc-benchmark.c -@@ -307,8 +307,6 @@ bench_curve (const struct ecc_curve *ecc) +@@ -314,8 +314,6 @@ bench_curve (const struct ecc_curve *ecc) } const struct ecc_curve * const curves[] = { @@ -199,10 +259,10 @@ index ff4f7233..2be26b19 100644 "94731533361265297353914491124013058635674217345912524033267198103710636378786", "22441589863306126152768848344973918725077248391248404659242620344938484650846", diff --git a/testsuite/ecdsa-sign-test.c b/testsuite/ecdsa-sign-test.c -index 08a10a1d..0acd4e5c 100644 +index b8a100b6..bc1ab7e3 100644 --- a/testsuite/ecdsa-sign-test.c +++ b/testsuite/ecdsa-sign-test.c -@@ -58,53 +58,6 @@ test_ecdsa (const struct ecc_curve *ecc, +@@ -64,19 +64,6 @@ test_ecdsa (const struct ecc_curve *ecc, void test_main (void) { @@ -219,6 +279,13 @@ index 08a10a1d..0acd4e5c 100644 - "3a41e1423b1853e8aa89747b1f987364" - "44705d6d6d8371ea1f578f2e"); /* s */ - + /* Produce a signature where verify operation results in a point duplication. */ + test_ecdsa (&_nettle_secp_256r1, + "1", /* Private key */ +@@ -89,40 +76,6 @@ test_main (void) + "53f097727a0e0dc284a0daa0da0ab77d" + "5792ae67ed075d1f8d5bda0f853fa093"); /* s */ + - /* Test cases for the smaller groups, verified with a - proof-of-concept implementation done for Yubico AB. */ - test_ecdsa (&_nettle_secp_192r1, @@ -257,7 +324,7 @@ index 08a10a1d..0acd4e5c 100644 test_ecdsa (&_nettle_secp_256r1, "DC51D386 6A15BACD E33D96F9 92FCA99D" diff --git a/testsuite/ecdsa-verify-test.c b/testsuite/ecdsa-verify-test.c -index 8110c64d..71c0b5c0 100644 +index 8d527000..eb5449da 100644 --- a/testsuite/ecdsa-verify-test.c +++ b/testsuite/ecdsa-verify-test.c @@ -81,34 +81,6 @@ test_ecdsa (const struct ecc_curve *ecc, @@ -292,14 +359,14 @@ index 8110c64d..71c0b5c0 100644 - "952800792ed19341fdeeec047f2514f3b0f150d6066151fb", /* r */ - "ec5971222014878b50d7a19d8954bc871e7e65b00b860ffb"); /* s */ - - /* From RFC 4754 */ - test_ecdsa (&_nettle_secp_256r1, - "2442A5CC 0ECD015F A3CA31DC 8E2BBC70" + /* Test case provided by Guido Vranken, from oss-fuzz. Triggers + point duplication in the verify operation by using private key = + 1 (public key = generator) and hash = r. */ diff --git a/testsuite/testutils.c b/testsuite/testutils.c -index 2c6cac40..fbf4974c 100644 +index 3420ae9d..99c96956 100644 --- a/testsuite/testutils.c +++ b/testsuite/testutils.c -@@ -1656,8 +1656,6 @@ test_dsa_key(const struct dsa_params *params, +@@ -1915,8 +1915,6 @@ test_dsa_key(const struct dsa_params *params, } const struct ecc_curve * const ecc_curves[] = { @@ -308,10 +375,11 @@ index 2c6cac40..fbf4974c 100644 &_nettle_secp_256r1, &_nettle_secp_384r1, &_nettle_secp_521r1, -@@ -1714,24 +1712,6 @@ test_ecc_point (const struct ecc_curve *ecc, +@@ -2040,25 +2038,7 @@ test_ecc_point (const struct ecc_curve *ecc, + } /* For each curve, the points g, 2 g, 3 g and 4 g */ - static const struct ecc_ref_point ecc_ref[9][4] = { +-static const struct ecc_ref_point ecc_ref[9][4] = { - { { "188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012", - "07192b95ffc8da78631011ed6b24cdd573f977a11e794811" }, - { "dafebf5828783f2ad35534631588a3f629a70fb16982a888", @@ -330,10 +398,241 @@ index 2c6cac40..fbf4974c 100644 - { "ae99feebb5d26945b54892092a8aee02912930fa41cd114e40447301", - "482580a0ec5bc47e88bc8c378632cd196cb3fa058a7114eb03054c9" }, - }, ++static const struct ecc_ref_point ecc_ref[7][4] = { { { "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5" }, { "7cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc47669978", -- -2.30.2 +2.41.0 + + +From c1b637ce2774065308e6c39639a03449cefe1537 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Wed, 1 Nov 2023 09:21:16 +0900 +Subject: [PATCH 2/2] Remove SM4 cipher support + +--- + Makefile.in | 4 +--- + examples/nettle-benchmark.c | 2 -- + gcm.h | 23 ----------------------- + nettle-meta-aeads.c | 1 - + nettle-meta-ciphers.c | 1 - + nettle-meta.h | 3 --- + testsuite/Makefile.in | 2 +- + testsuite/gcm-test.c | 18 ------------------ + testsuite/meta-aead-test.c | 1 - + testsuite/meta-cipher-test.c | 1 - + 10 files changed, 2 insertions(+), 54 deletions(-) + +diff --git a/Makefile.in b/Makefile.in +index 36587d29..037f3001 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -117,7 +117,6 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c aes-decrypt-table.c \ + gcm-aes256.c gcm-aes256-meta.c \ + gcm-camellia128.c gcm-camellia128-meta.c \ + gcm-camellia256.c gcm-camellia256-meta.c \ +- gcm-sm4.c gcm-sm4-meta.c \ + cmac.c cmac64.c cmac-aes128.c cmac-aes256.c cmac-des3.c \ + cmac-aes128-meta.c cmac-aes256-meta.c cmac-des3-meta.c \ + gost28147.c gosthash94.c gosthash94-meta.c \ +@@ -157,7 +156,6 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c aes-decrypt-table.c \ + serpent-meta.c \ + streebog.c streebog-meta.c \ + twofish.c twofish-meta.c \ +- sm4.c sm4-meta.c \ + umac-nh.c umac-nh-n.c umac-l2.c umac-l3.c \ + umac-poly64.c umac-poly128.c umac-set-key.c \ + umac32.c umac64.c umac96.c umac128.c \ +@@ -242,7 +240,7 @@ HEADERS = aes.h arcfour.h arctwo.h asn1.h blowfish.h balloon.h \ + ocb.h pbkdf2.h \ + pgp.h pkcs1.h pss.h pss-mgf1.h realloc.h ripemd160.h rsa.h \ + salsa20.h sexp.h serpent.h \ +- sha.h sha1.h sha2.h sha3.h sm3.h sm4.h streebog.h twofish.h \ ++ sha.h sha1.h sha2.h sha3.h sm3.h streebog.h twofish.h \ + umac.h yarrow.h xts.h poly1305.h nist-keywrap.h + + INSTALL_HEADERS = $(HEADERS) version.h @IF_MINI_GMP@ mini-gmp.h +diff --git a/examples/nettle-benchmark.c b/examples/nettle-benchmark.c +index 04c3e0f2..0ac57a0a 100644 +--- a/examples/nettle-benchmark.c ++++ b/examples/nettle-benchmark.c +@@ -64,7 +64,6 @@ + #include "sha1.h" + #include "sha2.h" + #include "sha3.h" +-#include "sm4.h" + #include "twofish.h" + #include "umac.h" + #include "cmac.h" +@@ -940,7 +939,6 @@ main(int argc, char **argv) + &nettle_des3, + &nettle_serpent256, + &nettle_twofish128, &nettle_twofish192, &nettle_twofish256, +- &nettle_sm4, + NULL + }; + +diff --git a/gcm.h b/gcm.h +index 39af5ab0..68c6c1ba 100644 +--- a/gcm.h ++++ b/gcm.h +@@ -40,7 +40,6 @@ + + #include "aes.h" + #include "camellia.h" +-#include "sm4.h" + + #ifdef __cplusplus + extern "C" { +@@ -96,13 +95,6 @@ extern "C" { + #define gcm_camellia256_decrypt nettle_gcm_camellia256_decrypt + #define gcm_camellia256_digest nettle_gcm_camellia256_digest + +-#define gcm_sm4_set_key nettle_gcm_sm4_set_key +-#define gcm_sm4_set_iv nettle_gcm_sm4_set_iv +-#define gcm_sm4_update nettle_gcm_sm4_update +-#define gcm_sm4_encrypt nettle_gcm_sm4_encrypt +-#define gcm_sm4_decrypt nettle_gcm_sm4_decrypt +-#define gcm_sm4_digest nettle_gcm_sm4_digest +- + #define GCM_BLOCK_SIZE 16 + #define GCM_IV_SIZE (GCM_BLOCK_SIZE - 4) + #define GCM_DIGEST_SIZE 16 +@@ -331,21 +323,6 @@ void gcm_camellia256_digest(struct gcm_camellia256_ctx *ctx, + size_t length, uint8_t *digest); + + +-struct gcm_sm4_ctx GCM_CTX(struct sm4_ctx); +- +-void gcm_sm4_set_key(struct gcm_sm4_ctx *ctx, const uint8_t *key); +-void gcm_sm4_set_iv(struct gcm_sm4_ctx *ctx, +- size_t length, const uint8_t *iv); +-void gcm_sm4_update(struct gcm_sm4_ctx *ctx, +- size_t length, const uint8_t *data); +-void gcm_sm4_encrypt(struct gcm_sm4_ctx *ctx, +- size_t length, uint8_t *dst, const uint8_t *src); +-void gcm_sm4_decrypt(struct gcm_sm4_ctx *ctx, +- size_t length, uint8_t *dst, const uint8_t *src); +-void gcm_sm4_digest(struct gcm_sm4_ctx *ctx, +- size_t length, uint8_t *digest); +- +- + #ifdef __cplusplus + } + #endif +diff --git a/nettle-meta-aeads.c b/nettle-meta-aeads.c +index 78f38a3c..c99cc465 100644 +--- a/nettle-meta-aeads.c ++++ b/nettle-meta-aeads.c +@@ -43,7 +43,6 @@ const struct nettle_aead * const _nettle_aeads[] = { + &nettle_gcm_aes256, + &nettle_gcm_camellia128, + &nettle_gcm_camellia256, +- &nettle_gcm_sm4, + &nettle_eax_aes128, + &nettle_chacha_poly1305, + NULL +diff --git a/nettle-meta-ciphers.c b/nettle-meta-ciphers.c +index f8d691cf..49cb47a7 100644 +--- a/nettle-meta-ciphers.c ++++ b/nettle-meta-ciphers.c +@@ -54,7 +54,6 @@ const struct nettle_cipher * const _nettle_ciphers[] = { + &nettle_arctwo64, + &nettle_arctwo128, + &nettle_arctwo_gutmann128, +- &nettle_sm4, + NULL + }; + +diff --git a/nettle-meta.h b/nettle-meta.h +index 19dc96c5..d684947e 100644 +--- a/nettle-meta.h ++++ b/nettle-meta.h +@@ -89,8 +89,6 @@ extern const struct nettle_cipher nettle_arctwo64; + extern const struct nettle_cipher nettle_arctwo128; + extern const struct nettle_cipher nettle_arctwo_gutmann128; + +-extern const struct nettle_cipher nettle_sm4; +- + struct nettle_hash + { + const char *name; +@@ -200,7 +198,6 @@ extern const struct nettle_aead nettle_gcm_aes192; + extern const struct nettle_aead nettle_gcm_aes256; + extern const struct nettle_aead nettle_gcm_camellia128; + extern const struct nettle_aead nettle_gcm_camellia256; +-extern const struct nettle_aead nettle_gcm_sm4; + extern const struct nettle_aead nettle_eax_aes128; + extern const struct nettle_aead nettle_chacha_poly1305; + +diff --git a/testsuite/Makefile.in b/testsuite/Makefile.in +index 5c2a0028..b00390df 100644 +--- a/testsuite/Makefile.in ++++ b/testsuite/Makefile.in +@@ -24,7 +24,7 @@ TS_NETTLE_SOURCES = aes-test.c aes-keywrap-test.c arcfour-test.c arctwo-test.c \ + sha384-test.c sha512-test.c sha512-224-test.c sha512-256-test.c \ + sha3-permute-test.c sha3-224-test.c sha3-256-test.c \ + sha3-384-test.c sha3-512-test.c \ +- shake256-test.c streebog-test.c sm3-test.c sm4-test.c \ ++ shake256-test.c streebog-test.c sm3-test.c \ + serpent-test.c twofish-test.c version-test.c \ + knuth-lfib-test.c \ + cbc-test.c cfb-test.c ctr-test.c gcm-test.c eax-test.c ccm-test.c \ +diff --git a/testsuite/gcm-test.c b/testsuite/gcm-test.c +index bc555d60..156381ad 100644 +--- a/testsuite/gcm-test.c ++++ b/testsuite/gcm-test.c +@@ -592,24 +592,6 @@ test_main(void) + "16aedbf5a0de6a57 a637b39b"), /* iv */ + SHEX("5791883f822013f8bd136fc36fb9946b")); /* tag */ + +- /* +- * GCM-SM4 Test Vectors from +- * https://datatracker.ietf.org/doc/html/rfc8998 +- */ +- test_aead(&nettle_gcm_sm4, NULL, +- SHEX("0123456789ABCDEFFEDCBA9876543210"), +- SHEX("FEEDFACEDEADBEEFFEEDFACEDEADBEEFABADDAD2"), +- SHEX("AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBB" +- "CCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDD" +- "EEEEEEEEEEEEEEEEFFFFFFFFFFFFFFFF" +- "EEEEEEEEEEEEEEEEAAAAAAAAAAAAAAAA"), +- SHEX("17F399F08C67D5EE19D0DC9969C4BB7D" +- "5FD46FD3756489069157B282BB200735" +- "D82710CA5C22F0CCFA7CBF93D496AC15" +- "A56834CBCF98C397B4024A2691233B8D"), +- SHEX("00001234567800000000ABCD"), +- SHEX("83DE3541E4C2B58177E065A9BF7B62EC")); +- + /* Test gcm_hash, with varying message size, keys and iv all zero. + Not compared to any other implementation. */ + test_gcm_hash (SDATA("a"), +diff --git a/testsuite/meta-aead-test.c b/testsuite/meta-aead-test.c +index ceeca227..1fcede40 100644 +--- a/testsuite/meta-aead-test.c ++++ b/testsuite/meta-aead-test.c +@@ -8,7 +8,6 @@ const char* aeads[] = { + "gcm_aes256", + "gcm_camellia128", + "gcm_camellia256", +- "gcm_sm4", + "eax_aes128", + "chacha_poly1305", + }; +diff --git a/testsuite/meta-cipher-test.c b/testsuite/meta-cipher-test.c +index 912fac5a..046fbdaf 100644 +--- a/testsuite/meta-cipher-test.c ++++ b/testsuite/meta-cipher-test.c +@@ -20,7 +20,6 @@ const char* ciphers[] = { + "twofish128", + "twofish192", + "twofish256", +- "sm4" + }; + + void +-- +2.41.0 __EOF__ diff --git a/sources b/sources index 86ba9d0..d07dc4a 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (gmp-6.2.1.tar.xz) = c99be0950a1d05a0297d65641dd35b75b74466f7bf03c9e8a99895a3b2f9a0856cd17887738fa51cf7499781b65c049769271cbcb77d057d2e9f1ec52e07dd84 -SHA512 (nettle-3.9.1-hobbled.tar.xz) = 5ec88409f5615fe08ae091f6949198ca9b177d5fc04784f0c52974616f5537cfe88447b2748e436e065756f394bfc9698ada4bc524031150b724d33949a30d3f +SHA512 (nettle-3.9.1-hobbled.tar.xz) = 8e79b2c7ec0da17ce7eddb9c10c35d0a7bd0d17f978103499536c276e7824d6b938d877616a9cc808b7f001741d8a1a08f2130a8f21136909c42fb84fb303a6a