|
 |
7dd5c5 |
From 06ea5b5332ffdb44a0a394d766be8989bcb6a95c Mon Sep 17 00:00:00 2001
|
|
|
7dd5c5 |
From: Jakub Jelen <jjelen@redhat.com>
|
|
|
7dd5c5 |
Date: Tue, 6 Dec 2022 10:03:47 +0900
|
|
|
7dd5c5 |
Subject: [PATCH] fips,rsa: Prevent usage of X9.31 keygen in FIPS mode.
|
|
|
7dd5c5 |
|
|
|
7dd5c5 |
* cipher/rsa.c (rsa_generate): Do not accept use-x931 or derive-parms
|
|
|
7dd5c5 |
in FIPS mode.
|
|
|
7dd5c5 |
* tests/pubkey.c (get_keys_x931_new): Expect failure in FIPS mode.
|
|
|
7dd5c5 |
(check_run): Skip checking X9.31 keys in FIPS mode.
|
|
|
7dd5c5 |
* doc/gcrypt.texi: Document "test-parms" and clarify some cases around
|
|
|
7dd5c5 |
the X9.31 keygen.
|
|
|
7dd5c5 |
|
|
|
7dd5c5 |
--
|
|
|
7dd5c5 |
|
|
|
7dd5c5 |
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
7dd5c5 |
---
|
|
|
7dd5c5 |
cipher/rsa.c | 5 +++++
|
|
|
7dd5c5 |
doc/gcrypt.texi | 41 ++++++++++++++++++++++++++++++++++++-----
|
|
|
7dd5c5 |
tests/pubkey.c | 15 +++++++++++++--
|
|
|
7dd5c5 |
3 files changed, 54 insertions(+), 7 deletions(-)
|
|
|
7dd5c5 |
|
|
|
7dd5c5 |
diff --git a/cipher/rsa.c b/cipher/rsa.c
|
|
|
7dd5c5 |
index df4af94b..45523e6b 100644
|
|
|
7dd5c5 |
--- a/cipher/rsa.c
|
|
|
7dd5c5 |
+++ b/cipher/rsa.c
|
|
|
7dd5c5 |
@@ -1256,6 +1256,11 @@ rsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
|
|
|
7dd5c5 |
if (deriveparms || (flags & PUBKEY_FLAG_USE_X931))
|
|
|
7dd5c5 |
{
|
|
|
7dd5c5 |
int swapped;
|
|
|
7dd5c5 |
+ if (fips_mode ())
|
|
|
7dd5c5 |
+ {
|
|
|
7dd5c5 |
+ sexp_release (deriveparms);
|
|
|
7dd5c5 |
+ return GPG_ERR_INV_SEXP;
|
|
|
7dd5c5 |
+ }
|
|
|
7dd5c5 |
ec = generate_x931 (&sk, nbits, evalue, deriveparms, &swapped);
|
|
|
7dd5c5 |
sexp_release (deriveparms);
|
|
|
7dd5c5 |
if (!ec && swapped)
|
|
|
7dd5c5 |
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
|
|
|
7dd5c5 |
index d0372f3e..e845a4dd 100644
|
|
|
7dd5c5 |
--- a/doc/gcrypt.texi
|
|
|
7dd5c5 |
+++ b/doc/gcrypt.texi
|
|
|
7dd5c5 |
@@ -2699,8 +2699,7 @@ achieve fastest ECC key generation.
|
|
|
7dd5c5 |
Force the use of the ANSI X9.31 key generation algorithm instead of
|
|
|
7dd5c5 |
the default algorithm. This flag is only meaningful for RSA key
|
|
|
7dd5c5 |
generation and usually not required. Note that this algorithm is
|
|
|
7dd5c5 |
-implicitly used if either @code{derive-parms} is given or Libgcrypt is
|
|
|
7dd5c5 |
-in FIPS mode.
|
|
|
7dd5c5 |
+implicitly used if either @code{derive-parms} is given.
|
|
|
7dd5c5 |
|
|
|
7dd5c5 |
@item use-fips186
|
|
|
7dd5c5 |
@cindex FIPS 186
|
|
|
7dd5c5 |
@@ -3310,9 +3309,9 @@ This is currently only implemented for RSA and DSA keys. It is not
|
|
|
7dd5c5 |
allowed to use this together with a @code{domain} specification. If
|
|
|
7dd5c5 |
given, it is used to derive the keys using the given parameters.
|
|
|
7dd5c5 |
|
|
|
7dd5c5 |
-If given for an RSA key the X9.31 key generation algorithm is used
|
|
|
7dd5c5 |
-even if libgcrypt is not in FIPS mode. If given for a DSA key, the
|
|
|
7dd5c5 |
-FIPS 186 algorithm is used even if libgcrypt is not in FIPS mode.
|
|
|
7dd5c5 |
+If given for an RSA key, the X9.31 key generation algorithm is used.
|
|
|
7dd5c5 |
+If given for a DSA key, the FIPS 186 algorithm is used even if
|
|
|
7dd5c5 |
+libgcrypt is not in FIPS mode.
|
|
|
7dd5c5 |
|
|
|
7dd5c5 |
@example
|
|
|
7dd5c5 |
(genkey
|
|
|
7dd5c5 |
@@ -3342,6 +3341,38 @@ FIPS 186 algorithm is used even if libgcrypt is not in FIPS mode.
|
|
|
7dd5c5 |
(seed @var{seed-mpi}))))
|
|
|
7dd5c5 |
@end example
|
|
|
7dd5c5 |
|
|
|
7dd5c5 |
+@item test-parms @var{list}
|
|
|
7dd5c5 |
+This is currently only implemented for RSA keys. If given, the
|
|
|
7dd5c5 |
+libgcrypt will not generate parameter, but tests whether the p,q is
|
|
|
7dd5c5 |
+probably prime. Returns key with zeroes.
|
|
|
7dd5c5 |
+
|
|
|
7dd5c5 |
+The FIPS key generation algorithm is used even if libgcrypt is not
|
|
|
7dd5c5 |
+in FIPS mode.
|
|
|
7dd5c5 |
+
|
|
|
7dd5c5 |
+@example
|
|
|
7dd5c5 |
+(genkey
|
|
|
7dd5c5 |
+ (rsa
|
|
|
7dd5c5 |
+ (nbits 4:1024)
|
|
|
7dd5c5 |
+ (rsa-use-e 1:3)
|
|
|
7dd5c5 |
+ (test-parms
|
|
|
7dd5c5 |
+ (e "65537")
|
|
|
7dd5c5 |
+ (p #00bbccabcee15d343944a47e492d4b1f4de79633e2
|
|
|
7dd5c5 |
+ 0cbb46f7d2d6813392a807ad048cf77528edd19f77
|
|
|
7dd5c5 |
+ e7453f25173b9dcb70423afa2037aae147b81a33d5
|
|
|
7dd5c5 |
+ 41fc58f875eff1e852ab55e2e09a3debfbc151b3b0
|
|
|
7dd5c5 |
+ d17fef6f74d81fca14fbae531418e211ef818592af
|
|
|
7dd5c5 |
+ 70de5cec3b92795cc3578572bf456099cd8727150e
|
|
|
7dd5c5 |
+ 523261#)
|
|
|
7dd5c5 |
+ (q #00ca87ecf2883f4ed00a9ec65abdeba81d28edbfcc
|
|
|
7dd5c5 |
+ 34ecc563d587f166b52d42bfbe22bbc095b0b8426a
|
|
|
7dd5c5 |
+ 2f8bbc55baaa8859b42cbc376ed3067db3ef7b135b
|
|
|
7dd5c5 |
+ 63481322911ebbd7014db83aa051e0ca2dbf302b75
|
|
|
7dd5c5 |
+ cd37f2ae8df90e134226e92f6353a284b28bb30af0
|
|
|
7dd5c5 |
+ bbf925b345b955328379866ebac11d55bc80fe84f1
|
|
|
7dd5c5 |
+ 05d415#)
|
|
|
7dd5c5 |
+
|
|
|
7dd5c5 |
+@end example
|
|
|
7dd5c5 |
+
|
|
|
7dd5c5 |
|
|
|
7dd5c5 |
@item flags @var{flaglist}
|
|
|
7dd5c5 |
This is preferred way to define flags. @var{flaglist} may contain any
|
|
|
7dd5c5 |
diff --git a/tests/pubkey.c b/tests/pubkey.c
|
|
|
7dd5c5 |
index bc44f3a5..2669b41a 100644
|
|
|
7dd5c5 |
--- a/tests/pubkey.c
|
|
|
7dd5c5 |
+++ b/tests/pubkey.c
|
|
|
7dd5c5 |
@@ -430,7 +430,17 @@ get_keys_x931_new (gcry_sexp_t *pkey, gcry_sexp_t *skey)
|
|
|
7dd5c5 |
rc = gcry_pk_genkey (&key, key_spec);
|
|
|
7dd5c5 |
gcry_sexp_release (key_spec);
|
|
|
7dd5c5 |
if (rc)
|
|
|
7dd5c5 |
- die ("error generating RSA key: %s\n", gcry_strerror (rc));
|
|
|
7dd5c5 |
+ {
|
|
|
7dd5c5 |
+ if (in_fips_mode)
|
|
|
7dd5c5 |
+ {
|
|
|
7dd5c5 |
+ if (verbose)
|
|
|
7dd5c5 |
+ fprintf (stderr, "The X9.31 RSA keygen is not available in FIPS modee.\n");
|
|
|
7dd5c5 |
+ return;
|
|
|
7dd5c5 |
+ }
|
|
|
7dd5c5 |
+ die ("error generating RSA key: %s\n", gcry_strerror (rc));
|
|
|
7dd5c5 |
+ }
|
|
|
7dd5c5 |
+ else if (in_fips_mode)
|
|
|
7dd5c5 |
+ die ("generating X9.31 RSA key unexpected worked in FIPS mode\n");
|
|
|
7dd5c5 |
|
|
|
7dd5c5 |
if (verbose > 1)
|
|
|
7dd5c5 |
show_sexp ("generated RSA (X9.31) key:\n", key);
|
|
|
7dd5c5 |
@@ -777,7 +787,8 @@ check_run (void)
|
|
|
7dd5c5 |
if (verbose)
|
|
|
7dd5c5 |
fprintf (stderr, "Checking generated RSA key (X9.31).\n");
|
|
|
7dd5c5 |
get_keys_x931_new (&pkey, &skey);
|
|
|
7dd5c5 |
- check_keys (pkey, skey, 800, 0);
|
|
|
7dd5c5 |
+ if (!in_fips_mode)
|
|
|
7dd5c5 |
+ check_keys (pkey, skey, 800, 0);
|
|
|
7dd5c5 |
gcry_sexp_release (pkey);
|
|
|
7dd5c5 |
gcry_sexp_release (skey);
|
|
|
7dd5c5 |
pkey = skey = NULL;
|
|
|
7dd5c5 |
--
|
|
|
7dd5c5 |
2.39.0
|
|
|
7dd5c5 |
|