Resolves: RHEL-44426 RHEL-44425

Include FIPS-140-3 specific defines and instructions in the SPEC file.

fips_algorithms.h

@@ -0,0 +1,188 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Vendors should replace this header file with the file containing those
+ * algorithms which have NIST algorithm Certificates.
+ */
+
+/* handle special cases. Classes require existing code to already be
+ * in place for that class */
+typedef enum {
+    SFTKFIPSNone = 0,
+    SFTKFIPSDH,  /* allow only specific primes */
+    SFTKFIPSECC, /* not just keys but specific curves */
+    SFTKFIPSAEAD, /* single shot AEAD functions not allowed in FIPS mode */
+    SFTKFIPSRSAPSS, /* make sure salt isn't too big */
+    SFTKFIPSPBKDF2,  /* handle pbkdf2 FIPS restrictions */
+    SFTKFIPSTlsKeyCheck,  /* check the output of TLS prf functions */
+    SFTKFIPSChkHash,  /* make sure the base hash of KDF functions is FIPS */
+    SFTKFIPSChkHashTls,  /* make sure the base hash of TLS KDF functions is FIPS */
+    SFTKFIPSChkHashSp800,  /* make sure the base hash of SP-800-108 KDF functions is FIPS */
+} SFTKFIPSSpecialClass;
+
+/* set according to your security policy */
+#define SFTKFIPS_PBKDF2_MIN_PW_LEN  8
+
+typedef struct SFTKFIPSAlgorithmListStr SFTKFIPSAlgorithmList;
+struct SFTKFIPSAlgorithmListStr {
+    CK_MECHANISM_TYPE type;
+    CK_MECHANISM_INFO info;
+    CK_ULONG step;
+    SFTKFIPSSpecialClass special;
+    size_t offset;
+};
+
+SFTKFIPSAlgorithmList sftk_fips_mechs[] = {
+/* A sample set of algorithms to allow basic testing in our continous
+ * testing infrastructure. The vendor version should replace this with
+ * a version that matches their algorithm testing and security policy */
+/* NOTE, This looks a lot like the PKCS #11 mechanism list in pkcs11.c, it
+ * differs in the following ways:
+ *    1) the addition of step and class elements to help restrict
+ *       the supported key sizes and types.
+ *    2) The mechanism flags are restricted to only those that map to
+ *       fips approved operations.
+ *    3) All key sizes are in bits, independent of mechanism.
+ *    4) You can add more then one entry for the same mechanism to handle
+ *       multiple descrete keys where the MIN/MAX/STEP semantics doesn't apply
+ *       or where different operations have different key requirements.
+ * This table does not encode all the modules legal FIPS semantics, only
+ * those semantics that might possibly change due to algorithms dropping
+ * of the security policy late in the process. */
+/* handy common flag types */
+#define CKF_KPG CKF_GENERATE_KEY_PAIR
+#define CKF_GEN CKF_GENERATE
+#define CKF_SGN (CKF_SIGN | CKF_VERIFY)
+#define CKF_ENC (CKF_ENCRYPT | CKF_DECRYPT )
+#define CKF_ECW (CKF_ENCRYPT | CKF_DECRYPT | CKF_WRAP | CKF_UNWRAP)
+#define CKF_WRP (CKF_WRAP | CKF_UNWRAP)
+#define CKF_KEK (CKF_WRAP | CKF_UNWRAP)
+#define CKF_KEA CKF_DERIVE
+#define CKF_KDF CKF_DERIVE
+#define CKF_HSH CKF_DIGEST
+#define CK_MAX 0xffffffffUL
+/* mechanisms using the same key types share the same key type
+ * limits */
+#define RSA_FB_KEY 2048, 4096 /* min, max */
+#define RSA_FB_STEP 1
+#define RSA_LEGACY_FB_KEY 1024, 1792 /* min, max */
+#define RSA_LEGACY_FB_STEP 256
+
+#define DSA_FB_KEY 2048, 4096 /* min, max */
+#define DSA_FB_STEP 1024
+#define DH_FB_KEY 2048, 8192 /* min, max */
+#define DH_FB_STEP 1024
+#define EC_FB_KEY 256, 521 /* min, max */
+#define EC_FB_STEP 1       /* key limits handled by special operation */
+#define AES_FB_KEY 128, 256
+#define AES_FB_STEP 64
+    { CKM_RSA_PKCS_KEY_PAIR_GEN, { RSA_FB_KEY, CKF_KPG }, RSA_FB_STEP, SFTKFIPSNone },
+
+    /* -------------- RSA Multipart Signing Operations -------------------- */
+    { CKM_SHA224_RSA_PKCS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone },
+    { CKM_SHA256_RSA_PKCS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone },
+    { CKM_SHA384_RSA_PKCS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone },
+    { CKM_SHA512_RSA_PKCS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone },
+    { CKM_SHA224_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone },
+    { CKM_SHA256_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone },
+    { CKM_SHA384_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone },
+    { CKM_SHA512_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone },
+    { CKM_SHA224_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSRSAPSS },
+    { CKM_SHA256_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSRSAPSS },
+    { CKM_SHA384_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSRSAPSS },
+    { CKM_SHA512_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSRSAPSS },
+    { CKM_SHA224_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSRSAPSS },
+    { CKM_SHA256_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSRSAPSS },
+    { CKM_SHA384_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSRSAPSS },
+    { CKM_SHA512_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSRSAPSS },
+    /* -------------------- Diffie Hellman Operations --------------------- */
+    { CKM_DH_PKCS_KEY_PAIR_GEN, { DH_FB_KEY, CKF_KPG }, DH_FB_STEP, SFTKFIPSDH },
+    { CKM_DH_PKCS_DERIVE, { DH_FB_KEY, CKF_KEA }, DH_FB_STEP, SFTKFIPSDH },
+    /* -------------------- Elliptic Curve Operations --------------------- */
+    { CKM_EC_KEY_PAIR_GEN, { EC_FB_KEY, CKF_KPG }, EC_FB_STEP, SFTKFIPSECC },
+    { CKM_ECDH1_DERIVE, { EC_FB_KEY, CKF_KEA }, EC_FB_STEP, SFTKFIPSECC },
+    { CKM_ECDH1_COFACTOR_DERIVE, { EC_FB_KEY, CKF_KEA }, EC_FB_STEP, SFTKFIPSECC },
+    { CKM_ECDSA_SHA224, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC },
+    { CKM_ECDSA_SHA256, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC },
+    { CKM_ECDSA_SHA384, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC },
+    { CKM_ECDSA_SHA512, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC },
+    /* ------------------------- RC2 Operations --------------------------- */
+    /* ------------------------- AES Operations --------------------------- */
+    { CKM_AES_KEY_GEN, { AES_FB_KEY, CKF_GEN }, AES_FB_STEP, SFTKFIPSNone },
+    { CKM_AES_ECB, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone },
+    { CKM_AES_CBC, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone },
+    { CKM_AES_CMAC, { AES_FB_KEY, CKF_SGN }, AES_FB_STEP, SFTKFIPSNone },
+    { CKM_AES_CMAC_GENERAL, { AES_FB_KEY, CKF_SGN }, AES_FB_STEP, SFTKFIPSNone },
+    { CKM_AES_CBC_PAD, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone },
+    { CKM_AES_CTS, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone },
+    { CKM_AES_CTR, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone },
+    { CKM_AES_GCM, { AES_FB_KEY, CKF_ECW }, AES_FB_STEP, SFTKFIPSAEAD },
+    { CKM_AES_KEY_WRAP, { AES_FB_KEY, CKF_ECW }, AES_FB_STEP, SFTKFIPSNone },
+    { CKM_AES_KEY_WRAP_PAD, { AES_FB_KEY, CKF_ECW }, AES_FB_STEP, SFTKFIPSNone },
+    { CKM_AES_KEY_WRAP_KWP, { AES_FB_KEY, CKF_ECW }, AES_FB_STEP, SFTKFIPSNone },
+    /* ------------------------- Hashing Operations ----------------------- */
+    { CKM_SHA224, { 0, 0, CKF_HSH }, 1, SFTKFIPSNone },
+    { CKM_SHA224_HMAC, { 112, 224, CKF_SGN }, 1, SFTKFIPSNone },
+    { CKM_SHA224_HMAC_GENERAL, { 112, 224, CKF_SGN }, 1, SFTKFIPSNone },
+    { CKM_SHA256, { 0, 0, CKF_HSH }, 1, SFTKFIPSNone },
+    { CKM_SHA256_HMAC, { 112, 256, CKF_SGN }, 1, SFTKFIPSNone },
+    { CKM_SHA256_HMAC_GENERAL, { 112, 256, CKF_SGN }, 1, SFTKFIPSNone },
+    { CKM_SHA384, { 0, 0, CKF_HSH }, 1, SFTKFIPSNone },
+    { CKM_SHA384_HMAC, { 112, 384, CKF_SGN }, 1, SFTKFIPSNone },
+    { CKM_SHA384_HMAC_GENERAL, { 112, 384, CKF_SGN }, 1, SFTKFIPSNone },
+    { CKM_SHA512, { 0, 0, CKF_HSH }, 1, SFTKFIPSNone },
+    { CKM_SHA512_HMAC, { 112, 512, CKF_SGN }, 1, SFTKFIPSNone },
+    { CKM_SHA512_HMAC_GENERAL, { 112, 512, CKF_SGN }, 1, SFTKFIPSNone },
+    /* --------------------- Secret Key Operations ------------------------ */
+    { CKM_GENERIC_SECRET_KEY_GEN, { 112, 256, CKF_GEN }, 1, SFTKFIPSNone },
+    /* ---------------------- SSL/TLS operations ------------------------- */
+    { CKM_SSL3_PRE_MASTER_KEY_GEN, { 384, 384, CKF_GEN }, 1, SFTKFIPSNone },
+    { CKM_TLS12_KEY_AND_MAC_DERIVE, { 384, 384, CKF_KDF }, 1, SFTKFIPSTlsKeyCheck, offsetof(CK_TLS12_KEY_MAT_PARAMS, prfHashMechanism) },
+    { CKM_TLS_MAC, { 112, 512, CKF_SGN }, 1, SFTKFIPSChkHashTls,
+        offsetof(CK_TLS_MAC_PARAMS, prfHashMechanism) },
+    { CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, { 192, 1024, CKF_KDF }, 1, SFTKFIPSChkHashTls,
+        offsetof(CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS, prfHashMechanism) },
+    { CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH, { 192, 1024, CKF_DERIVE }, 1, SFTKFIPSChkHashTls,
+        offsetof(CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS, prfHashMechanism) },
+
+    /* ------------------------- HKDF Operations -------------------------- */
+    { CKM_HKDF_DERIVE, { 112, 255 * 64 * 8, CKF_KDF }, 1, SFTKFIPSChkHash,
+        offsetof(CK_HKDF_PARAMS, prfHashMechanism) },
+    { CKM_HKDF_DATA, { 112, 255 * 64 * 8, CKF_KDF }, 1, SFTKFIPSChkHash,
+        offsetof(CK_HKDF_PARAMS, prfHashMechanism) },
+    { CKM_HKDF_KEY_GEN, { 160, 224, CKF_GEN }, 1, SFTKFIPSNone },
+    { CKM_HKDF_KEY_GEN, { 256, 512, CKF_GEN }, 128, SFTKFIPSNone },
+    /* ------------------ NIST 800-108 Key Derivations  ------------------- */
+    { CKM_SP800_108_COUNTER_KDF, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSChkHashSp800,
+        offsetof(CK_SP800_108_KDF_PARAMS, prfType) },
+    { CKM_SP800_108_FEEDBACK_KDF, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSChkHashSp800,
+        offsetof(CK_SP800_108_KDF_PARAMS, prfType) },
+    { CKM_SP800_108_DOUBLE_PIPELINE_KDF, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSChkHashSp800,
+        offsetof(CK_SP800_108_KDF_PARAMS, prfType) },
+    /* --------------------IPSEC ----------------------- */
+    { CKM_NSS_IKE_PRF_PLUS_DERIVE, { 112, 255 * 64 * 8, CKF_KDF }, 1, SFTKFIPSChkHash,
+        offsetof(CK_NSS_IKE_PRF_PLUS_DERIVE_PARAMS, prfMechanism) },
+    { CKM_NSS_IKE_PRF_DERIVE, { 112, 64 * 8, CKF_KDF }, 1, SFTKFIPSChkHash,
+        offsetof(CK_NSS_IKE_PRF_DERIVE_PARAMS, prfMechanism) },
+    /* ------------------ PBE Key Derivations  ------------------- */
+    { CKM_PKCS5_PBKD2, { 112, 256, CKF_GEN }, 1, SFTKFIPSPBKDF2 },
+    /* the deprecated mechanisms, don't use for some reason we are supposed
+     * to set the FIPS indicators on these (sigh) */
+    { CKM_NSS_AES_KEY_WRAP, { AES_FB_KEY, CKF_ECW }, AES_FB_STEP, SFTKFIPSNone },
+    { CKM_NSS_AES_KEY_WRAP_PAD, { AES_FB_KEY, CKF_ECW }, AES_FB_STEP, SFTKFIPSNone },
+    { CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256, { 384, 384, CKF_DERIVE }, 1, SFTKFIPSTlsKeyCheck },
+    { CKM_NSS_TLS_PRF_GENERAL_SHA256, { 112, 512, CKF_SGN }, 1, SFTKFIPSNone },
+    { CKM_NSS_HKDF_SHA1, { 1, 128, CKF_DERIVE }, 1, SFTKFIPSNone },
+    { CKM_NSS_HKDF_SHA256, { 1, 128, CKF_DERIVE }, 1, SFTKFIPSNone },
+    { CKM_NSS_HKDF_SHA384, { 1, 128, CKF_DERIVE }, 1, SFTKFIPSNone },
+    { CKM_NSS_HKDF_SHA512, { 1, 128, CKF_DERIVE }, 1, SFTKFIPSNone },
+    { CKM_NSS_SP800_108_COUNTER_KDF_DERIVE_DATA, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSChkHashSp800,
+        offsetof(CK_SP800_108_KDF_PARAMS, prfType) },
+    { CKM_NSS_SP800_108_FEEDBACK_KDF_DERIVE_DATA, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSChkHashSp800,
+        offsetof(CK_SP800_108_KDF_PARAMS, prfType) },
+    { CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA, { 112, CK_MAX, CKF_KDF }, 1,  SFTKFIPSChkHashSp800,
+        offsetof(CK_SP800_108_KDF_PARAMS, prfType) },
+};
+const int SFTK_NUMBER_FIPS_ALGORITHMS = PR_ARRAY_SIZE(sftk_fips_mechs);

nss.spec

@@ -3,7 +3,7 @@
 # NOTE: To avoid NVR clashes of nspr* packages:
 # - reset %%{nspr_release} to 1, when updating %%{nspr_version}
 # - increment %%{nspr_version}, when updating the NSS part only
-%global baserelease 2
+%global baserelease 3
 %global nss_release %baserelease
 # use "%%global nspr_release %%[%%baserelease+n]" to handle offsets when
 # release number between nss and nspr are different.
@@ -59,6 +59,21 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM",
 
 %global nss_nspr_archive nss-%{nss_archive_version}-with-nspr-%{nspr_archive_version}
 
+# This is taken from gnutls.spec
+%define srpmhash() %{lua:
+local files = rpm.expand("%_specdir/nss.spec")
+for i, p in ipairs(patches) do
+   files = files.." "..p
+end
+for i, p in ipairs(sources) do
+   files = files.." "..p
+end
+local sha256sum = assert(io.popen("cat "..files.."| sha256sum"))
+local hash = sha256sum:read("*a")
+sha256sum:close()
+print(string.sub(hash, 0, 16))
+}
+
 Summary:          Network Security Services
 Name:             nss
 Version:          %{nss_version}
@@ -113,6 +128,9 @@ Source25:         key3.db.xml
 Source27:         secmod.db.xml
 %endif
 Source28:         nss-p11-kit.config
+# fips algorithms are tied to the red hat validation, others
+# will have their own validation
+Source30:         fips_algorithms.h
 
 Source101:        nspr-config.xml
 
@@ -342,6 +360,11 @@ pushd nss
 %patch -P 300 -R -p 1
 popd
 
+# copy the fips_algorithms.h for this release
+# this file is release specific and matches what
+# each vendors claim in their own FIPS certification
+cp %{SOURCE30} nss/lib/softoken/
+
 # https://bugzilla.redhat.com/show_bug.cgi?id=1247353
 find nss/lib/libpkix -perm /u+x -type f -exec chmod -x {} \;
 
@@ -403,10 +426,20 @@ popd
 # uncomment if the iquote patch is activated
 export IN_TREE_FREEBL_HEADERS_FIRST=1
 
-export NSS_FORCE_FIPS=1
+# deprication
 export NSS_DISABLE_DEPRECATED_SEED=1
 export NSS_DISABLE_DSA=1
 
+# FIPS related defines
+export NSS_FORCE_FIPS=1
+export NSS_FIPS_VERSION="%{name}\ %{nss_version}-%{srpmhash}"
+eval $(sed -n 's/^\(\(NAME\|VERSION_ID\)=.*\)/OS_\1/p' /etc/os-release | sed -e 's/ /\\ /g')
+export FIPS_MODULE_OS="$OS_NAME\ ${OS_VERSION_ID%%.*}"
+export NSS_FIPS_MODULE_ID="${FIPS_MODULE_OS}\ ${NSS_FIPS_VERSION}"
+# remove when the infrastructure is fixed
+export NSS_FIPS_140_3=1
+export NSS_ENABLE_FIPS_INDICATORS=1
+
 # Enable compiler optimizations and disable debugging code
 export BUILD_OPT=1
 
@@ -774,7 +807,7 @@ do
 done
 
 # Copy the binaries we ship as unsupported
-for file in bltest dbtool ecperf fbectest fipstest shlibsign atob btoa derdump listsuites ocspclnt pp selfserv signtool strsclnt symkeyutil tstclnt vfyserv vfychain
+for file in bltest dbtool ecperf fbectest fipstest shlibsign atob btoa derdump listsuites ocspclnt pp selfserv signtool strsclnt symkeyutil tstclnt validation vfyserv vfychain
 do
   install -p -m 755 dist/${LOBJDIR}/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory}
 done
@@ -913,6 +946,7 @@ update-crypto-policies &> /dev/null || :
 %{unsupported_tools_directory}/strsclnt
 %{unsupported_tools_directory}/symkeyutil
 %{unsupported_tools_directory}/tstclnt
+%{unsupported_tools_directory}/validation
 %{unsupported_tools_directory}/vfyserv
 %{unsupported_tools_directory}/vfychain
 # instead of %%{_mandir}/man*/* let's list them explicitly
@@ -1134,6 +1168,9 @@ update-crypto-policies &> /dev/null || :
 
 
 %changelog
+* Mon Jul 15 2024 Bob Relyea <rrelyea@redhat.com> - 3.101.0-3
+- Add FIPS 140-3 defines to sec file
+
 * Fri Jul 12 2024 Bob Relyea <rrelyea@redhat.com> - 3.101.0-2
 - Fix spec to deal with annocheck failures