|
 |
a7fcec |
From c7709f7b23848abf4ba65cb99cb2a9e9c7ebdefc Mon Sep 17 00:00:00 2001
|
|
|
a7fcec |
From: Jakub Jelen <jjelen@redhat.com>
|
|
|
a7fcec |
Date: Fri, 1 Apr 2022 18:29:08 +0200
|
|
|
a7fcec |
Subject: [PATCH 1/3] Do not allow PKCS #1.5 padding for encryption in FIPS
|
|
|
a7fcec |
|
|
|
a7fcec |
* cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Block PKCS #1.5
|
|
|
a7fcec |
padding for encryption in FIPS mode
|
|
|
a7fcec |
* cipher/rsa.c (rsa_decrypt): Block PKCS #1.5 decryption in FIPS mode
|
|
|
a7fcec |
--
|
|
|
a7fcec |
|
|
|
a7fcec |
GnuPG-bug-id: 5918
|
|
|
a7fcec |
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
a7fcec |
---
|
|
|
a7fcec |
cipher/pubkey-util.c | 5 ++++-
|
|
|
a7fcec |
cipher/rsa.c | 5 +++++
|
|
|
a7fcec |
2 files changed, 9 insertions(+), 1 deletion(-)
|
|
|
a7fcec |
|
|
|
a7fcec |
diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c
|
|
|
a7fcec |
index 68defea6..4953caf3 100644
|
|
|
a7fcec |
--- a/cipher/pubkey-util.c
|
|
|
a7fcec |
+++ b/cipher/pubkey-util.c
|
|
|
a7fcec |
@@ -957,7 +957,10 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi,
|
|
|
a7fcec |
void *random_override = NULL;
|
|
|
a7fcec |
size_t random_override_len = 0;
|
|
|
a7fcec |
|
|
|
a7fcec |
- if ( !(value=sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen )
|
|
|
a7fcec |
+ /* The RSA PKCS#1.5 encryption is no longer supported by FIPS */
|
|
|
a7fcec |
+ if (fips_mode ())
|
|
|
a7fcec |
+ rc = GPG_ERR_INV_FLAG;
|
|
|
a7fcec |
+ else if ( !(value=sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen )
|
|
|
a7fcec |
rc = GPG_ERR_INV_OBJ;
|
|
|
a7fcec |
else
|
|
|
a7fcec |
{
|
|
|
a7fcec |
diff --git a/cipher/rsa.c b/cipher/rsa.c
|
|
|
a7fcec |
index 771413b3..c6319b67 100644
|
|
|
a7fcec |
--- a/cipher/rsa.c
|
|
|
a7fcec |
+++ b/cipher/rsa.c
|
|
|
a7fcec |
@@ -1391,6 +1391,11 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms)
|
|
|
a7fcec |
rc = GPG_ERR_INV_DATA;
|
|
|
a7fcec |
goto leave;
|
|
|
a7fcec |
}
|
|
|
a7fcec |
+ if (fips_mode () && (ctx.encoding == PUBKEY_ENC_PKCS1))
|
|
|
a7fcec |
+ {
|
|
|
a7fcec |
+ rc = GPG_ERR_INV_FLAG;
|
|
|
a7fcec |
+ goto leave;
|
|
|
a7fcec |
+ }
|
|
|
a7fcec |
|
|
|
a7fcec |
/* Extract the key. */
|
|
|
a7fcec |
rc = sexp_extract_param (keyparms, NULL, "nedp?q?u?",
|
|
|
a7fcec |
--
|
|
|
a7fcec |
2.34.1
|
|
|
a7fcec |
|
|
|
a7fcec |
|
|
|
a7fcec |
From 299e2f93415984919181e0ee651719bbf83bdd2f Mon Sep 17 00:00:00 2001
|
|
|
a7fcec |
From: Jakub Jelen <jjelen@redhat.com>
|
|
|
a7fcec |
Date: Fri, 1 Apr 2022 18:31:05 +0200
|
|
|
a7fcec |
Subject: [PATCH 2/3] tests: Replace custom bit with more generic flags
|
|
|
a7fcec |
|
|
|
a7fcec |
* tests/basic.c (global): New flag FLAG_SPECIAL
|
|
|
a7fcec |
(check_pubkey_crypt): Change to use bitfield flags
|
|
|
a7fcec |
|
|
|
a7fcec |
--
|
|
|
a7fcec |
|
|
|
a7fcec |
GnuPG-bug-id: 5918
|
|
|
a7fcec |
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
a7fcec |
---
|
|
|
a7fcec |
tests/basic.c | 19 ++++++++++---------
|
|
|
a7fcec |
1 file changed, 10 insertions(+), 9 deletions(-)
|
|
|
a7fcec |
|
|
|
a7fcec |
diff --git a/tests/basic.c b/tests/basic.c
|
|
|
a7fcec |
index a0ad33eb..1c6cb40b 100644
|
|
|
a7fcec |
--- a/tests/basic.c
|
|
|
a7fcec |
+++ b/tests/basic.c
|
|
|
a7fcec |
@@ -55,11 +55,12 @@ typedef struct test_spec_pubkey
|
|
|
a7fcec |
}
|
|
|
a7fcec |
test_spec_pubkey_t;
|
|
|
a7fcec |
|
|
|
a7fcec |
-#define FLAG_CRYPT (1 << 0)
|
|
|
a7fcec |
-#define FLAG_SIGN (1 << 1)
|
|
|
a7fcec |
-#define FLAG_GRIP (1 << 2)
|
|
|
a7fcec |
-#define FLAG_NOFIPS (1 << 3)
|
|
|
a7fcec |
-#define FLAG_CFB8 (1 << 4)
|
|
|
a7fcec |
+#define FLAG_CRYPT (1 << 0)
|
|
|
a7fcec |
+#define FLAG_SIGN (1 << 1)
|
|
|
a7fcec |
+#define FLAG_GRIP (1 << 2)
|
|
|
a7fcec |
+#define FLAG_NOFIPS (1 << 3)
|
|
|
a7fcec |
+#define FLAG_CFB8 (1 << 4)
|
|
|
a7fcec |
+#define FLAG_SPECIAL (1 << 5)
|
|
|
a7fcec |
|
|
|
a7fcec |
static int in_fips_mode;
|
|
|
a7fcec |
|
|
|
a7fcec |
@@ -15558,7 +15559,7 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
|
|
|
a7fcec |
int unpadded;
|
|
|
a7fcec |
int encrypt_expected_rc;
|
|
|
a7fcec |
int decrypt_expected_rc;
|
|
|
a7fcec |
- int special;
|
|
|
a7fcec |
+ int flags;
|
|
|
a7fcec |
} datas[] =
|
|
|
a7fcec |
{
|
|
|
a7fcec |
{ GCRY_PK_RSA,
|
|
|
a7fcec |
@@ -15642,14 +15643,14 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
|
|
|
a7fcec |
"(flags oaep)",
|
|
|
a7fcec |
1,
|
|
|
a7fcec |
0,
|
|
|
a7fcec |
- GPG_ERR_ENCODING_PROBLEM, 1 },
|
|
|
a7fcec |
+ GPG_ERR_ENCODING_PROBLEM, FLAG_SPECIAL },
|
|
|
a7fcec |
{ GCRY_PK_RSA,
|
|
|
a7fcec |
"(data\n (flags oaep)\n"
|
|
|
a7fcec |
" (value #11223344556677889900AA#))\n",
|
|
|
a7fcec |
"(flags pkcs1)",
|
|
|
a7fcec |
1,
|
|
|
a7fcec |
0,
|
|
|
a7fcec |
- GPG_ERR_ENCODING_PROBLEM, 1 },
|
|
|
a7fcec |
+ GPG_ERR_ENCODING_PROBLEM, FLAG_SPECIAL },
|
|
|
a7fcec |
{ 0,
|
|
|
a7fcec |
"(data\n (flags pss)\n"
|
|
|
a7fcec |
" (value #11223344556677889900AA#))\n",
|
|
|
a7fcec |
@@ -15725,7 +15726,7 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
|
|
|
a7fcec |
ciph = list;
|
|
|
a7fcec |
}
|
|
|
a7fcec |
rc = gcry_pk_decrypt (&plain, ciph, skey);
|
|
|
a7fcec |
- if (!rc && datas[dataidx].special == 1)
|
|
|
a7fcec |
+ if (!rc && (datas[dataidx].flags & FLAG_SPECIAL))
|
|
|
a7fcec |
{
|
|
|
a7fcec |
/* It may happen that OAEP formatted data which is
|
|
|
a7fcec |
decrypted as pkcs#1 data returns a valid pkcs#1
|
|
|
a7fcec |
--
|
|
|
a7fcec |
2.34.1
|
|
|
a7fcec |
|
|
|
a7fcec |
|
|
|
a7fcec |
From f736f3c70182d9c948f9105eb769c47c5578df35 Mon Sep 17 00:00:00 2001
|
|
|
a7fcec |
From: Jakub Jelen <jjelen@redhat.com>
|
|
|
a7fcec |
Date: Fri, 1 Apr 2022 18:34:42 +0200
|
|
|
a7fcec |
Subject: [PATCH 3/3] tests: Expect the RSA PKCS #1.5 encryption to fail in
|
|
|
a7fcec |
FIPS mode
|
|
|
a7fcec |
|
|
|
a7fcec |
* tests/basic.c (check_pubkey_crypt): Expect RSA PKCS #1.5 encryption to
|
|
|
a7fcec |
fail in FIPS mode. Expect failure when wrong padding is selected
|
|
|
a7fcec |
* tests/pkcs1v2.c (check_v15crypt): Expect RSA PKCS #1.5 encryption to
|
|
|
a7fcec |
fail in FIPS mode
|
|
|
a7fcec |
--
|
|
|
a7fcec |
|
|
|
a7fcec |
GnuPG-bug-id: 5918
|
|
|
a7fcec |
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
a7fcec |
---
|
|
|
a7fcec |
tests/basic.c | 11 +++++++----
|
|
|
a7fcec |
tests/pkcs1v2.c | 14 +++++++++++++-
|
|
|
a7fcec |
2 files changed, 20 insertions(+), 5 deletions(-)
|
|
|
a7fcec |
|
|
|
a7fcec |
diff --git a/tests/basic.c b/tests/basic.c
|
|
|
a7fcec |
index 1c6cb40b..85764591 100644
|
|
|
a7fcec |
--- a/tests/basic.c
|
|
|
a7fcec |
+++ b/tests/basic.c
|
|
|
a7fcec |
@@ -15568,14 +15568,16 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
|
|
|
a7fcec |
NULL,
|
|
|
a7fcec |
0,
|
|
|
a7fcec |
0,
|
|
|
a7fcec |
- 0 },
|
|
|
a7fcec |
+ 0,
|
|
|
a7fcec |
+ FLAG_NOFIPS },
|
|
|
a7fcec |
{ GCRY_PK_RSA,
|
|
|
a7fcec |
"(data\n (flags pkcs1)\n"
|
|
|
a7fcec |
" (value #11223344556677889900AA#))\n",
|
|
|
a7fcec |
"(flags pkcs1)",
|
|
|
a7fcec |
1,
|
|
|
a7fcec |
0,
|
|
|
a7fcec |
- 0 },
|
|
|
a7fcec |
+ 0,
|
|
|
a7fcec |
+ FLAG_NOFIPS },
|
|
|
a7fcec |
{ GCRY_PK_RSA,
|
|
|
a7fcec |
"(data\n (flags oaep)\n"
|
|
|
a7fcec |
" (value #11223344556677889900AA#))\n",
|
|
|
a7fcec |
@@ -15677,7 +15679,8 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
|
|
|
a7fcec |
die ("converting data failed: %s\n", gpg_strerror (rc));
|
|
|
a7fcec |
|
|
|
a7fcec |
rc = gcry_pk_encrypt (&ciph, data, pkey);
|
|
|
a7fcec |
- if (in_fips_mode && (flags & FLAG_NOFIPS))
|
|
|
a7fcec |
+ if (in_fips_mode && ((flags & FLAG_NOFIPS) ||
|
|
|
a7fcec |
+ (datas[dataidx].flags & FLAG_NOFIPS)))
|
|
|
a7fcec |
{
|
|
|
a7fcec |
if (!rc)
|
|
|
a7fcec |
fail ("gcry_pk_encrypt did not fail as expected in FIPS mode\n");
|
|
|
a7fcec |
@@ -15726,7 +15729,7 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo,
|
|
|
a7fcec |
ciph = list;
|
|
|
a7fcec |
}
|
|
|
a7fcec |
rc = gcry_pk_decrypt (&plain, ciph, skey);
|
|
|
a7fcec |
- if (!rc && (datas[dataidx].flags & FLAG_SPECIAL))
|
|
|
a7fcec |
+ if ((!rc || in_fips_mode) && (datas[dataidx].flags & FLAG_SPECIAL))
|
|
|
a7fcec |
{
|
|
|
a7fcec |
/* It may happen that OAEP formatted data which is
|
|
|
a7fcec |
decrypted as pkcs#1 data returns a valid pkcs#1
|
|
|
a7fcec |
diff --git a/tests/pkcs1v2.c b/tests/pkcs1v2.c
|
|
|
a7fcec |
index f26e779b..6c7f3d81 100644
|
|
|
a7fcec |
--- a/tests/pkcs1v2.c
|
|
|
a7fcec |
+++ b/tests/pkcs1v2.c
|
|
|
a7fcec |
@@ -454,7 +454,19 @@ check_v15crypt (void)
|
|
|
a7fcec |
gcry_free (seed);
|
|
|
a7fcec |
|
|
|
a7fcec |
err = gcry_pk_encrypt (&ciph, plain, pub_key);
|
|
|
a7fcec |
- if (err)
|
|
|
a7fcec |
+ if (in_fips_mode)
|
|
|
a7fcec |
+ {
|
|
|
a7fcec |
+ if (!err)
|
|
|
a7fcec |
+ {
|
|
|
a7fcec |
+ fail ("gcry_pk_encrypt should have failed in FIPS mode:\n");
|
|
|
a7fcec |
+ }
|
|
|
a7fcec |
+ gcry_sexp_release (plain);
|
|
|
a7fcec |
+ plain = NULL;
|
|
|
a7fcec |
+ gcry_sexp_release (ciph);
|
|
|
a7fcec |
+ ciph = NULL;
|
|
|
a7fcec |
+ continue;
|
|
|
a7fcec |
+ }
|
|
|
a7fcec |
+ else if (err)
|
|
|
a7fcec |
{
|
|
|
a7fcec |
show_sexp ("plain:\n", ciph);
|
|
|
a7fcec |
fail ("gcry_pk_encrypt failed: %s\n", gpg_strerror (err));
|
|
|
a7fcec |
--
|
|
|
a7fcec |
2.34.1
|
|
|
a7fcec |
|