rpms
/
mingw-libgcrypt
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to libgcrypt 1.8.3

Browse Source 
This sync mingw-libgcrypt with the current native rawhide package.
epel9
Christophe Fergeau 7 years ago
parent 607372ca28
commit 7227cdd511
19 changed files with 2860 additions and 291 deletions
Show Stats Download Patch File Download Diff File

6
.gitignore vendored
Unescape View File

@ -1,7 +1,3 @@
libgcrypt-1.4.4.tar.bz2 libgcrypt-1.4.4.tar.bz2
/libgcrypt-1.5.0-hobbled.tar.bz2 /libgcrypt-1.5.0-hobbled.tar.bz2
/libgcrypt-1.5.2-hobbled.tar.xz /libgcrypt-*-hobbled.tar.xz
/libgcrypt-1.5.3-hobbled.tar.xz
/libgcrypt-1.6.1-hobbled.tar.xz
/libgcrypt-1.6.2-hobbled.tar.xz
/libgcrypt-1.6.3-hobbled.tar.xz

40
curves.c
Unescape View File

@ -28,8 +28,12 @@
#include "../src/gcrypt-int.h" #include "../src/gcrypt-int.h"
#define PGM "curves"
#include "t-common.h"
/* Number of curves defined in ../cipger/ecc.c */ /* Number of curves defined in ../cipger/ecc.c */
#define N_CURVES 4 #define N_CURVES 14
/* A real world sample public key. */ /* A real world sample public key. */
static char const sample_key_1[] = static char const sample_key_1[] =
@ -41,37 +45,13 @@ static char const sample_key_1[] =
" (g #046B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296" " (g #046B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"
"4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5#)\n" "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5#)\n"
" (n #00FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551#)\n" " (n #00FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551#)\n"
" (h #000000000000000000000000000000000000000000000000000000000000000001#)\n"
" (q #0442B927242237639A36CE9221B340DB1A9AB76DF2FE3E171277F6A4023DED146EE" " (q #0442B927242237639A36CE9221B340DB1A9AB76DF2FE3E171277F6A4023DED146EE"
"86525E38CCECFF3FB8D152CC6334F70D23A525175C1BCBDDE6E023B2228770E#)\n" "86525E38CCECFF3FB8D152CC6334F70D23A525175C1BCBDDE6E023B2228770E#)\n"
" ))"; " ))";
static char const sample_key_1_curve[] = "NIST P-256"; static char const sample_key_1_curve[] = "NIST P-256";
static unsigned int sample_key_1_nbits = 256; static unsigned int sample_key_1_nbits = 256;
/* Program option flags. */
static int verbose;
static int error_count;
static void
fail (const char *format, ...)
{
va_list arg_ptr;
va_start (arg_ptr, format);
vfprintf (stderr, format, arg_ptr);
va_end (arg_ptr);
error_count++;
}
static void
die (const char *format, ...)
{
va_list arg_ptr;
va_start (arg_ptr, format);
vfprintf (stderr, format, arg_ptr);
va_end (arg_ptr);
exit (1);
}
static void static void
@ -144,8 +124,6 @@ check_get_params (void)
int int
main (int argc, char **argv) main (int argc, char **argv)
{ {
int debug = 0;
if (argc > 1 && !strcmp (argv[1], "--verbose")) if (argc > 1 && !strcmp (argv[1], "--verbose"))
verbose = 1; verbose = 1;
else if (argc > 1 && !strcmp (argv[1], "--debug")) else if (argc > 1 && !strcmp (argv[1], "--debug"))
@ -154,10 +132,10 @@ main (int argc, char **argv)
if (!gcry_check_version (GCRYPT_VERSION)) if (!gcry_check_version (GCRYPT_VERSION))
die ("version mismatch\n"); die ("version mismatch\n");
gcry_control (GCRYCTL_DISABLE_SECMEM, 0); xgcry_control (GCRYCTL_DISABLE_SECMEM, 0);
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); xgcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
if (debug) if (debug)
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0); xgcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0);
list_curves (); list_curves ();
check_matching (); check_matching ();
check_get_params (); check_get_params ();

240
ecc-curves.c
Unescape View File

@ -40,9 +40,13 @@ static const struct
const char *other; /* Other name. */ const char *other; /* Other name. */
} curve_aliases[] = } curve_aliases[] =
{ {
/*{ "Curve25519", "1.3.6.1.4.1.3029.1.5.1" },*/ { "Curve25519", "1.3.6.1.4.1.3029.1.5.1" },
{ "Ed25519", "1.3.6.1.4.1.11591.15.1" }, { "Ed25519", "1.3.6.1.4.1.11591.15.1" },
{ "NIST P-224", "secp224r1" },
{ "NIST P-224", "1.3.132.0.33" }, /* SECP OID. */
{ "NIST P-224", "nistp224" }, /* rfc5656. */
{ "NIST P-256", "1.2.840.10045.3.1.7" }, /* From NIST SP 800-78-1. */ { "NIST P-256", "1.2.840.10045.3.1.7" }, /* From NIST SP 800-78-1. */
{ "NIST P-256", "prime256v1" }, { "NIST P-256", "prime256v1" },
{ "NIST P-256", "secp256r1" }, { "NIST P-256", "secp256r1" },
@ -56,6 +60,20 @@ static const struct
{ "NIST P-521", "1.3.132.0.35" }, { "NIST P-521", "1.3.132.0.35" },
{ "NIST P-521", "nistp521" }, /* rfc5656. */ { "NIST P-521", "nistp521" }, /* rfc5656. */
{ "GOST2001-test", "1.2.643.2.2.35.0" },
{ "GOST2001-CryptoPro-A", "1.2.643.2.2.35.1" },
{ "GOST2001-CryptoPro-B", "1.2.643.2.2.35.2" },
{ "GOST2001-CryptoPro-C", "1.2.643.2.2.35.3" },
{ "GOST2001-CryptoPro-A", "GOST2001-CryptoPro-XchA" },
{ "GOST2001-CryptoPro-C", "GOST2001-CryptoPro-XchB" },
{ "GOST2001-CryptoPro-A", "1.2.643.2.2.36.0" },
{ "GOST2001-CryptoPro-C", "1.2.643.2.2.36.1" },
{ "GOST2012-tc26-A", "1.2.643.7.1.2.1.2.1" },
{ "GOST2012-tc26-B", "1.2.643.7.1.2.1.2.2" },
{ "secp256k1", "1.3.132.0.10" },
{ NULL, NULL} { NULL, NULL}
}; };
@ -76,9 +94,11 @@ typedef struct
const char *p; /* The prime defining the field. */ const char *p; /* The prime defining the field. */
const char *a, *b; /* The coefficients. For Twisted Edwards const char *a, *b; /* The coefficients. For Twisted Edwards
Curves b is used for d. */ Curves b is used for d. For Montgomery
Curves (a,b) has ((A-2)/4,B^-1). */
const char *n; /* The order of the base point. */ const char *n; /* The order of the base point. */
const char *g_x, *g_y; /* Base point. */ const char *g_x, *g_y; /* Base point. */
const char *h; /* Cofactor. */
} ecc_domain_parms_t; } ecc_domain_parms_t;
@ -88,13 +108,38 @@ static const ecc_domain_parms_t domain_parms[] =
{ {
/* (-x^2 + y^2 = 1 + dx^2y^2) */ /* (-x^2 + y^2 = 1 + dx^2y^2) */
"Ed25519", 256, 0, "Ed25519", 256, 0,
MPI_EC_TWISTEDEDWARDS, ECC_DIALECT_ED25519, MPI_EC_EDWARDS, ECC_DIALECT_ED25519,
"0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED", "0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED",
"-0x01", "-0x01",
"-0x2DFC9311D490018C7338BF8688861767FF8FF5B2BEBE27548A14B235ECA6874A", "-0x2DFC9311D490018C7338BF8688861767FF8FF5B2BEBE27548A14B235ECA6874A",
"0x1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED", "0x1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED",
"0x216936D3CD6E53FEC0A4E231FDD6DC5C692CC7609525A7B2C9562D608F25D51A", "0x216936D3CD6E53FEC0A4E231FDD6DC5C692CC7609525A7B2C9562D608F25D51A",
"0x6666666666666666666666666666666666666666666666666666666666666658" "0x6666666666666666666666666666666666666666666666666666666666666658",
"0x08"
},
{
/* (y^2 = x^3 + 486662*x^2 + x) */
"Curve25519", 256, 0,
MPI_EC_MONTGOMERY, ECC_DIALECT_STANDARD,
"0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED",
"0x01DB41",
"0x01",
"0x1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED",
"0x0000000000000000000000000000000000000000000000000000000000000009",
"0x20AE19A1B8A086B4E01EDD2C7748D14C923D4D7E6D7C61B229E9C5A27ECED3D9",
"0x08"
},
{
"NIST P-224", 224, 1,
MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
"0xffffffffffffffffffffffffffffffff000000000000000000000001",
"0xfffffffffffffffffffffffffffffffefffffffffffffffffffffffe",
"0xb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4",
"0xffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d" ,
"0xb70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21",
"0xbd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34",
"0x01"
}, },
{ {
"NIST P-256", 256, 1, "NIST P-256", 256, 1,
@ -105,7 +150,8 @@ static const ecc_domain_parms_t domain_parms[] =
"0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", "0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551",
"0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", "0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
"0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5" "0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5",
"0x01"
}, },
{ {
"NIST P-384", 384, 1, "NIST P-384", 384, 1,
@ -122,7 +168,8 @@ static const ecc_domain_parms_t domain_parms[] =
"0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a38" "0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a38"
"5502f25dbf55296c3a545e3872760ab7", "5502f25dbf55296c3a545e3872760ab7",
"0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c0" "0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c0"
"0a60b1ce1d7e819d7a431d7c90ea0e5f" "0a60b1ce1d7e819d7a431d7c90ea0e5f",
"0x01"
}, },
{ {
"NIST P-521", 521, 1, "NIST P-521", 521, 1,
@ -139,10 +186,120 @@ static const ecc_domain_parms_t domain_parms[] =
"0x00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d" "0x00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d"
"3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66", "3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66",
"0x011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e" "0x011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e"
"662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650" "662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650",
"0x01"
}, },
{ NULL, 0, 0, 0, 0, NULL, NULL, NULL, NULL } {
"GOST2001-test", 256, 0,
MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
"0x8000000000000000000000000000000000000000000000000000000000000431",
"0x0000000000000000000000000000000000000000000000000000000000000007",
"0x5fbff498aa938ce739b8e022fbafef40563f6e6a3472fc2a514c0ce9dae23b7e",
"0x8000000000000000000000000000000150fe8a1892976154c59cfc193accf5b3",
"0x0000000000000000000000000000000000000000000000000000000000000002",
"0x08e2a8a0e65147d4bd6316030e16d19c85c97f0a9ca267122b96abbcea7e8fc8",
"0x01"
},
{
"GOST2001-CryptoPro-A", 256, 0,
MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
"0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd97",
"0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd94",
"0x00000000000000000000000000000000000000000000000000000000000000a6",
"0xffffffffffffffffffffffffffffffff6c611070995ad10045841b09b761b893",
"0x0000000000000000000000000000000000000000000000000000000000000001",
"0x8d91e471e0989cda27df505a453f2b7635294f2ddf23e3b122acc99c9e9f1e14",
"0x01"
},
{
"GOST2001-CryptoPro-B", 256, 0,
MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
"0x8000000000000000000000000000000000000000000000000000000000000c99",
"0x8000000000000000000000000000000000000000000000000000000000000c96",
"0x3e1af419a269a5f866a7d3c25c3df80ae979259373ff2b182f49d4ce7e1bbc8b",
"0x800000000000000000000000000000015f700cfff1a624e5e497161bcc8a198f",
"0x0000000000000000000000000000000000000000000000000000000000000001",
"0x3fa8124359f96680b83d1c3eb2c070e5c545c9858d03ecfb744bf8d717717efc",
"0x01"
},
{
"GOST2001-CryptoPro-C", 256, 0,
MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
"0x9b9f605f5a858107ab1ec85e6b41c8aacf846e86789051d37998f7b9022d759b",
"0x9b9f605f5a858107ab1ec85e6b41c8aacf846e86789051d37998f7b9022d7598",
"0x000000000000000000000000000000000000000000000000000000000000805a",
"0x9b9f605f5a858107ab1ec85e6b41c8aa582ca3511eddfb74f02f3a6598980bb9",
"0x0000000000000000000000000000000000000000000000000000000000000000",
"0x41ece55743711a8c3cbf3783cd08c0ee4d4dc440d4641a8f366e550dfdb3bb67",
"0x01"
},
{
"GOST2012-test", 511, 0,
MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
"0x4531acd1fe0023c7550d267b6b2fee80922b14b2ffb90f04d4eb7c09b5d2d15d"
"f1d852741af4704a0458047e80e4546d35b8336fac224dd81664bbf528be6373",
"0x0000000000000000000000000000000000000000000000000000000000000007",
"0x1cff0806a31116da29d8cfa54e57eb748bc5f377e49400fdd788b649eca1ac4"
"361834013b2ad7322480a89ca58e0cf74bc9e540c2add6897fad0a3084f302adc",
"0x4531acd1fe0023c7550d267b6b2fee80922b14b2ffb90f04d4eb7c09b5d2d15d"
"a82f2d7ecb1dbac719905c5eecc423f1d86e25edbe23c595d644aaf187e6e6df",
"0x24d19cc64572ee30f396bf6ebbfd7a6c5213b3b3d7057cc825f91093a68cd762"
"fd60611262cd838dc6b60aa7eee804e28bc849977fac33b4b530f1b120248a9a",
"0x2bb312a43bd2ce6e0d020613c857acddcfbf061e91e5f2c3f32447c259f39b2"
"c83ab156d77f1496bf7eb3351e1ee4e43dc1a18b91b24640b6dbb92cb1add371e",
"0x01"
},
{
"GOST2012-tc26-A", 512, 0,
MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
"0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffdc7",
"0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffdc4",
"0xe8c2505dedfc86ddc1bd0b2b6667f1da34b82574761cb0e879bd081cfd0b6265"
"ee3cb090f30d27614cb4574010da90dd862ef9d4ebee4761503190785a71c760",
"0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
"27e69532f48d89116ff22b8d4e0560609b4b38abfad2b85dcacdb1411f10b275",
"0x0000000000000000000000000000000000000000000000000000000000000000"
"0000000000000000000000000000000000000000000000000000000000000003",
"0x7503cfe87a836ae3a61b8816e25450e6ce5e1c93acf1abc1778064fdcbefa921"
"df1626be4fd036e93d75e6a50e3a41e98028fe5fc235f5b889a589cb5215f2a4",
"0x01"
},
{
"GOST2012-tc26-B", 512, 0,
MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
"0x8000000000000000000000000000000000000000000000000000000000000000"
"000000000000000000000000000000000000000000000000000000000000006f",
"0x8000000000000000000000000000000000000000000000000000000000000000"
"000000000000000000000000000000000000000000000000000000000000006c",
"0x687d1b459dc841457e3e06cf6f5e2517b97c7d614af138bcbf85dc806c4b289f"
"3e965d2db1416d217f8b276fad1ab69c50f78bee1fa3106efb8ccbc7c5140116",
"0x8000000000000000000000000000000000000000000000000000000000000001"
"49a1ec142565a545acfdb77bd9d40cfa8b996712101bea0ec6346c54374f25bd",
"0x0000000000000000000000000000000000000000000000000000000000000000"
"0000000000000000000000000000000000000000000000000000000000000002",
"0x1a8f7eda389b094c2c071e3647a8940f3c123b697578c213be6dd9e6c8ec7335"
"dcb228fd1edf4a39152cbcaaf8c0398828041055f94ceeec7e21340780fe41bd",
"0x01"
},
{
"secp256k1", 256, 0,
MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
"0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F",
"0x0000000000000000000000000000000000000000000000000000000000000000",
"0x0000000000000000000000000000000000000000000000000000000000000007",
"0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",
"0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",
"0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8",
"0x01"
},
{ NULL, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL }
}; };
@ -249,10 +406,9 @@ _gcry_ecc_fill_in_curve (unsigned int nbits, const char *name,
switch (domain_parms[idx].model) switch (domain_parms[idx].model)
{ {
case MPI_EC_WEIERSTRASS: case MPI_EC_WEIERSTRASS:
case MPI_EC_TWISTEDEDWARDS: case MPI_EC_EDWARDS:
break;
case MPI_EC_MONTGOMERY: case MPI_EC_MONTGOMERY:
return GPG_ERR_NOT_SUPPORTED; break;
default: default:
return GPG_ERR_BUG; return GPG_ERR_BUG;
} }
@ -268,11 +424,21 @@ _gcry_ecc_fill_in_curve (unsigned int nbits, const char *name,
if (!curve->p) if (!curve->p)
curve->p = scanval (domain_parms[idx].p); curve->p = scanval (domain_parms[idx].p);
if (!curve->a) if (!curve->a)
{
curve->a = scanval (domain_parms[idx].a); curve->a = scanval (domain_parms[idx].a);
if (curve->a->sign)
mpi_add (curve->a, curve->p, curve->a);
}
if (!curve->b) if (!curve->b)
{
curve->b = scanval (domain_parms[idx].b); curve->b = scanval (domain_parms[idx].b);
if (curve->b->sign)
mpi_add (curve->b, curve->p, curve->b);
}
if (!curve->n) if (!curve->n)
curve->n = scanval (domain_parms[idx].n); curve->n = scanval (domain_parms[idx].n);
if (!curve->h)
curve->h = scanval (domain_parms[idx].h);
if (!curve->G.x) if (!curve->G.x)
curve->G.x = scanval (domain_parms[idx].g_x); curve->G.x = scanval (domain_parms[idx].g_x);
if (!curve->G.y) if (!curve->G.y)
@ -288,7 +454,7 @@ _gcry_ecc_fill_in_curve (unsigned int nbits, const char *name,
/* Give the name of the curve NAME, store the curve parameters into P, /* Give the name of the curve NAME, store the curve parameters into P,
A, B, G, and N if they point to NULL value. Note that G is returned A, B, G, N, and H if they point to NULL value. Note that G is returned
in standard uncompressed format. Also update MODEL and DIALECT if in standard uncompressed format. Also update MODEL and DIALECT if
they are not NULL. */ they are not NULL. */
gpg_err_code_t gpg_err_code_t
@ -296,7 +462,7 @@ _gcry_ecc_update_curve_param (const char *name,
enum gcry_mpi_ec_models *model, enum gcry_mpi_ec_models *model,
enum ecc_dialects *dialect, enum ecc_dialects *dialect,
gcry_mpi_t *p, gcry_mpi_t *a, gcry_mpi_t *b, gcry_mpi_t *p, gcry_mpi_t *a, gcry_mpi_t *b,
gcry_mpi_t *g, gcry_mpi_t *n) gcry_mpi_t *g, gcry_mpi_t *n, gcry_mpi_t *h)
{ {
int idx; int idx;
@ -346,6 +512,11 @@ _gcry_ecc_update_curve_param (const char *name,
_gcry_mpi_release (*n); _gcry_mpi_release (*n);
*n = scanval (domain_parms[idx].n); *n = scanval (domain_parms[idx].n);
} }
if (h)
{
_gcry_mpi_release (*h);
*h = scanval (domain_parms[idx].h);
}
return 0; return 0;
} }
@ -383,8 +554,8 @@ _gcry_ecc_get_curve (gcry_sexp_t keyparms, int iterator, unsigned int *r_nbits)
/* /*
* Extract the curve parameters.. * Extract the curve parameters..
*/ */
rc = gpg_err_code (sexp_extract_param (keyparms, NULL, "-pabgn", rc = gpg_err_code (sexp_extract_param (keyparms, NULL, "-pabgnh",
&E.p, &E.a, &E.b, &mpi_g, &E.n, &E.p, &E.a, &E.b, &mpi_g, &E.n, &E.h,
NULL)); NULL));
if (rc == GPG_ERR_NO_OBJ) if (rc == GPG_ERR_NO_OBJ)
{ {
@ -440,6 +611,10 @@ _gcry_ecc_get_curve (gcry_sexp_t keyparms, int iterator, unsigned int *r_nbits)
mpi_free (tmp); mpi_free (tmp);
tmp = scanval (domain_parms[idx].n); tmp = scanval (domain_parms[idx].n);
if (!mpi_cmp (tmp, E.n)) if (!mpi_cmp (tmp, E.n))
{
mpi_free (tmp);
tmp = scanval (domain_parms[idx].h);
if (!mpi_cmp (tmp, E.h))
{ {
mpi_free (tmp); mpi_free (tmp);
tmp = scanval (domain_parms[idx].g_x); tmp = scanval (domain_parms[idx].g_x);
@ -460,6 +635,7 @@ _gcry_ecc_get_curve (gcry_sexp_t keyparms, int iterator, unsigned int *r_nbits)
} }
} }
} }
}
leave: leave:
_gcry_mpi_release (tmp); _gcry_mpi_release (tmp);
@ -469,6 +645,7 @@ _gcry_ecc_get_curve (gcry_sexp_t keyparms, int iterator, unsigned int *r_nbits)
_gcry_mpi_release (mpi_g); _gcry_mpi_release (mpi_g);
_gcry_mpi_point_free_parts (&E.G); _gcry_mpi_point_free_parts (&E.G);
_gcry_mpi_release (E.n); _gcry_mpi_release (E.n);
_gcry_mpi_release (E.h);
return result; return result;
} }
@ -600,6 +777,7 @@ _gcry_mpi_ec_new (gcry_ctx_t *r_ctx,
gcry_mpi_t b = NULL; gcry_mpi_t b = NULL;
gcry_mpi_point_t G = NULL; gcry_mpi_point_t G = NULL;
gcry_mpi_t n = NULL; gcry_mpi_t n = NULL;
gcry_mpi_t h = NULL;
gcry_mpi_point_t Q = NULL; gcry_mpi_point_t Q = NULL;
gcry_mpi_t d = NULL; gcry_mpi_t d = NULL;
int flags = 0; int flags = 0;
@ -642,6 +820,9 @@ _gcry_mpi_ec_new (gcry_ctx_t *r_ctx,
errc = mpi_from_keyparam (&n, keyparam, "n"); errc = mpi_from_keyparam (&n, keyparam, "n");
if (errc) if (errc)
goto leave; goto leave;
errc = mpi_from_keyparam (&h, keyparam, "h");
if (errc)
goto leave;
} }
} }
else else
@ -715,6 +896,11 @@ _gcry_mpi_ec_new (gcry_ctx_t *r_ctx,
n = E->n; n = E->n;
E->n = NULL; E->n = NULL;
} }
if (!h)
{
h = E->h;
E->h = NULL;
}
_gcry_ecc_curve_free (E); _gcry_ecc_curve_free (E);
xfree (E); xfree (E);
} }
@ -741,6 +927,11 @@ _gcry_mpi_ec_new (gcry_ctx_t *r_ctx,
ec->n = n; ec->n = n;
n = NULL; n = NULL;
} }
if (h)
{
ec->h = h;
h = NULL;
}
/* Now that we know the curve name we can look for the public key /* Now that we know the curve name we can look for the public key
Q. point_from_keyparam needs to know the curve parameters so Q. point_from_keyparam needs to know the curve parameters so
@ -779,6 +970,7 @@ _gcry_mpi_ec_new (gcry_ctx_t *r_ctx,
mpi_free (b); mpi_free (b);
_gcry_mpi_point_release (G); _gcry_mpi_point_release (G);
mpi_free (n); mpi_free (n);
mpi_free (h);
_gcry_mpi_point_release (Q); _gcry_mpi_point_release (Q);
mpi_free (d); mpi_free (d);
return errc; return errc;
@ -793,7 +985,7 @@ _gcry_ecc_get_param_sexp (const char *name)
elliptic_curve_t E; elliptic_curve_t E;
mpi_ec_t ctx; mpi_ec_t ctx;
gcry_mpi_t g_x, g_y; gcry_mpi_t g_x, g_y;
gcry_mpi_t pkey[6]; gcry_mpi_t pkey[7];
gcry_sexp_t result; gcry_sexp_t result;
int i; int i;
@ -817,14 +1009,15 @@ _gcry_ecc_get_param_sexp (const char *name)
pkey[2] = E.b; pkey[2] = E.b;
pkey[3] = _gcry_ecc_ec2os (g_x, g_y, E.p); pkey[3] = _gcry_ecc_ec2os (g_x, g_y, E.p);
pkey[4] = E.n; pkey[4] = E.n;
pkey[5] = NULL; pkey[5] = E.h;
pkey[6] = NULL;
mpi_free (g_x); mpi_free (g_x);
mpi_free (g_y); mpi_free (g_y);
if (sexp_build (&result, NULL, if (sexp_build (&result, NULL,
"(public-key(ecc(p%m)(a%m)(b%m)(g%m)(n%m)))", "(public-key(ecc(p%m)(a%m)(b%m)(g%m)(n%m)(h%m)))",
pkey[0], pkey[1], pkey[2], pkey[3], pkey[4])) pkey[0], pkey[1], pkey[2], pkey[3], pkey[4], pkey[5]))
result = NULL; result = NULL;
for (i=0; pkey[i]; i++) for (i=0; pkey[i]; i++)
@ -851,6 +1044,8 @@ _gcry_ecc_get_mpi (const char *name, mpi_ec_t ec, int copy)
return mpi_is_const (ec->b) && !copy? ec->b : mpi_copy (ec->b); return mpi_is_const (ec->b) && !copy? ec->b : mpi_copy (ec->b);
if (!strcmp (name, "n") && ec->n) if (!strcmp (name, "n") && ec->n)
return mpi_is_const (ec->n) && !copy? ec->n : mpi_copy (ec->n); return mpi_is_const (ec->n) && !copy? ec->n : mpi_copy (ec->n);
if (!strcmp (name, "h") && ec->h)
return mpi_is_const (ec->h) && !copy? ec->h : mpi_copy (ec->h);
if (!strcmp (name, "d") && ec->d) if (!strcmp (name, "d") && ec->d)
return mpi_is_const (ec->d) && !copy? ec->d : mpi_copy (ec->d); return mpi_is_const (ec->d) && !copy? ec->d : mpi_copy (ec->d);
@ -884,7 +1079,7 @@ _gcry_ecc_get_mpi (const char *name, mpi_ec_t ec, int copy)
if (name[1] != '@') if (name[1] != '@')
return _gcry_mpi_ec_ec2os (ec->Q, ec); return _gcry_mpi_ec_ec2os (ec->Q, ec);
if (!strcmp (name+2, "eddsa") && ec->model == MPI_EC_TWISTEDEDWARDS) if (!strcmp (name+2, "eddsa") && ec->model == MPI_EC_EDWARDS)
{ {
unsigned char *encpk; unsigned char *encpk;
unsigned int encpklen; unsigned int encpklen;
@ -949,6 +1144,11 @@ _gcry_ecc_set_mpi (const char *name, gcry_mpi_t newvalue, mpi_ec_t ec)
mpi_free (ec->n); mpi_free (ec->n);
ec->n = mpi_copy (newvalue); ec->n = mpi_copy (newvalue);
} }
else if (!strcmp (name, "h"))
{
mpi_free (ec->h);
ec->h = mpi_copy (newvalue);
}
else if (*name == 'q' && (!name[1] || name[1] == '@')) else if (*name == 'q' && (!name[1] || name[1] == '@'))
{ {
if (newvalue) if (newvalue)

2
hobble-libgcrypt
Unescape View File

@ -8,4 +8,4 @@ set -e -x
rm -f cipher/ecc-curves.c rm -f cipher/ecc-curves.c
rm -f tests/curves.c rm -f tests/curves.c
rm -f tests/t_mpi_point.c rm -f tests/t-mpi-point.c

104
libgcrypt-1.6.1-mpicoder-gccopt.patch
Unescape View File

@ -0,0 +1,104 @@
diff -up libgcrypt-1.6.1/mpi/mpicoder.c.gccopt libgcrypt-1.6.1/mpi/mpicoder.c
--- libgcrypt-1.6.1/mpi/mpicoder.c.gccopt 2014-02-28 15:37:53.983139821 +0100
+++ libgcrypt-1.6.1/mpi/mpicoder.c 2014-02-28 15:47:35.312576387 +0100
@@ -627,16 +627,16 @@ _gcry_mpi_print (enum gcry_mpi_format fo
extra = 1;
}
- if (buffer && n > len)
- {
- /* The provided buffer is too short. */
- xfree (tmp);
- return GPG_ERR_TOO_SHORT;
- }
if (buffer)
{
unsigned char *s = buffer;
+ if (n > len)
+ {
+ /* The provided buffer is too short. */
+ xfree (tmp);
+ return GPG_ERR_TOO_SHORT;
+ }
if (extra == 1)
*s++ = 0;
else if (extra)
@@ -654,13 +654,12 @@ _gcry_mpi_print (enum gcry_mpi_format fo
/* Note: We ignore the sign for this format. */
/* FIXME: for performance reasons we should put this into
mpi_aprint because we can then use the buffer directly. */
-
- if (buffer && n > len)
- return GPG_ERR_TOO_SHORT;
if (buffer)
{
unsigned char *tmp;
+ if (n > len)
+ return GPG_ERR_TOO_SHORT;
tmp = _gcry_mpi_get_buffer (a, 0, &n, NULL);
if (!tmp)
return gpg_err_code_from_syserror ();
@@ -678,14 +677,14 @@ _gcry_mpi_print (enum gcry_mpi_format fo
if (negative)
return GPG_ERR_INV_ARG;
- if (buffer && n+2 > len)
- return GPG_ERR_TOO_SHORT;
-
if (buffer)
{
unsigned char *tmp;
unsigned char *s = buffer;
+ if (n+2 > len)
+ return GPG_ERR_TOO_SHORT;
+
s[0] = nbits >> 8;
s[1] = nbits;
@@ -724,16 +723,16 @@ _gcry_mpi_print (enum gcry_mpi_format fo
extra=1;
}
- if (buffer && n+4 > len)
- {
- xfree(tmp);
- return GPG_ERR_TOO_SHORT;
- }
-
if (buffer)
{
unsigned char *s = buffer;
+ if (n+4 > len)
+ {
+ xfree(tmp);
+ return GPG_ERR_TOO_SHORT;
+ }
+
*s++ = n >> 24;
*s++ = n >> 16;
*s++ = n >> 8;
@@ -761,15 +760,15 @@ _gcry_mpi_print (enum gcry_mpi_format fo
if (!n || (*tmp & 0x80))
extra = 2;
- if (buffer && 2*n + extra + negative + 1 > len)
- {
- xfree(tmp);
- return GPG_ERR_TOO_SHORT;
- }
if (buffer)
{
unsigned char *s = buffer;
+ if (2*n + extra + negative + 1 > len)
+ {
+ xfree(tmp);
+ return GPG_ERR_TOO_SHORT;
+ }
if (negative)
*s++ = '-';
if (extra)

89
libgcrypt-1.6.2-use-fipscheck.patch
Unescape View File

@ -0,0 +1,89 @@
diff -up libgcrypt-1.6.2/src/fips.c.use-fipscheck libgcrypt-1.6.2/src/fips.c
--- libgcrypt-1.6.2/src/fips.c.use-fipscheck 2014-08-21 14:50:39.000000000 +0200
+++ libgcrypt-1.6.2/src/fips.c 2014-09-26 11:42:20.999588282 +0200
@@ -578,23 +578,50 @@ run_random_selftests (void)
return !!err;
}
+#ifdef ENABLE_HMAC_BINARY_CHECK
+static int
+get_library_path(const char *libname, const char *symbolname, char *path, size_t pathlen)
+{
+ Dl_info info;
+ void *dl, *sym;
+ int rv = -1;
+
+ dl = dlopen(libname, RTLD_LAZY);
+ if (dl == NULL) {
+ return -1;
+ }
+
+ sym = dlsym(dl, symbolname);
+
+ if (sym != NULL && dladdr(sym, &info)) {
+ strncpy(path, info.dli_fname, pathlen-1);
+ path[pathlen-1] = '\0';
+ rv = 0;
+ }
+
+ dlclose(dl);
+
+ return rv;
+}
+#endif
+
/* Run an integrity check on the binary. Returns 0 on success. */
static int
check_binary_integrity (void)
{
#ifdef ENABLE_HMAC_BINARY_CHECK
gpg_error_t err;
- Dl_info info;
+ char libpath[4096];
unsigned char digest[32];
int dlen;
char *fname = NULL;
- const char key[] = "What am I, a doctor or a moonshuttle conductor?";
-
- if (!dladdr ("gcry_check_version", &info))
+ const char key[] = "orboDeJITITejsirpADONivirpUkvarP";
+
+ if (get_library_path ("libgcrypt.so.20", "gcry_check_version", libpath, sizeof(libpath)))
err = gpg_error_from_syserror ();
else
{
- dlen = _gcry_hmac256_file (digest, sizeof digest, info.dli_fname,
+ dlen = _gcry_hmac256_file (digest, sizeof digest, libpath,
key, strlen (key));
if (dlen < 0)
err = gpg_error_from_syserror ();
@@ -602,7 +629,7 @@ check_binary_integrity (void)
err = gpg_error (GPG_ERR_INTERNAL);
else
{
- fname = xtrymalloc (strlen (info.dli_fname) + 1 + 5 + 1 );
+ fname = xtrymalloc (strlen (libpath) + 1 + 5 + 1 );
if (!fname)
err = gpg_error_from_syserror ();
else
@@ -611,7 +638,7 @@ check_binary_integrity (void)
char *p;
/* Prefix the basename with a dot. */
- strcpy (fname, info.dli_fname);
+ strcpy (fname, libpath);
p = strrchr (fname, '/');
if (p)
p++;
diff -up libgcrypt-1.6.2/src/Makefile.in.use-fipscheck libgcrypt-1.6.2/src/Makefile.in
--- libgcrypt-1.6.2/src/Makefile.in.use-fipscheck 2014-08-21 15:14:08.000000000 +0200
+++ libgcrypt-1.6.2/src/Makefile.in 2014-09-26 11:41:13.271059281 +0200
@@ -449,7 +449,7 @@ libgcrypt_la_LIBADD = $(gcrypt_res) \
../cipher/libcipher.la \
../random/librandom.la \
../mpi/libmpi.la \
- ../compat/libcompat.la $(GPG_ERROR_LIBS)
+ ../compat/libcompat.la $(GPG_ERROR_LIBS) -ldl
dumpsexp_SOURCES = dumpsexp.c
dumpsexp_CFLAGS = $(arch_gpg_error_cflags)

122
libgcrypt-1.7.3-ecc-test-fix.patch
Unescape View File

@ -0,0 +1,122 @@
diff -up libgcrypt-1.7.3/tests/benchmark.c.eccfix libgcrypt-1.7.3/tests/benchmark.c
--- libgcrypt-1.7.3/tests/benchmark.c.eccfix 2016-07-14 11:19:17.000000000 +0200
+++ libgcrypt-1.7.3/tests/benchmark.c 2016-11-22 16:21:00.109004197 +0100
@@ -1412,7 +1412,7 @@ ecc_bench (int iterations, int print_hea
{
#if USE_ECC
gpg_error_t err;
- const char *p_sizes[] = { "192", "224", "256", "384", "521", "Ed25519",
+ const char *p_sizes[] = { "224", "256", "384", "521", "Ed25519",
"gost256", "gost512" };
int testno;
diff -up libgcrypt-1.7.3/tests/dsa-rfc6979.c.eccfix libgcrypt-1.7.3/tests/dsa-rfc6979.c
--- libgcrypt-1.7.3/tests/dsa-rfc6979.c.eccfix 2016-02-18 09:38:03.000000000 +0100
+++ libgcrypt-1.7.3/tests/dsa-rfc6979.c 2016-11-22 16:22:11.804674008 +0100
@@ -210,16 +210,6 @@ check_dsa_rfc6979 (void)
" ))"
},
{
- "ECDSA, 192 bits (prime field)",
- "(private-key"
- " (ecdsa"
- " (curve \"NIST P-192\")"
- " (q #04AC2C77F529F91689FEA0EA5EFEC7F210D8EEA0B9E047ED56"
- " 3BC723E57670BD4887EBC732C523063D0A7C957BC97C1C43#)"
- " (d #6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4#)"
- " ))"
- },
- {
"ECDSA, 224 bits (prime field)",
"(private-key"
" (ecdsa"
@@ -443,89 +433,6 @@ check_dsa_rfc6979 (void)
"C9F0BDABCC0D880BB137A994CC7F3980CE91CC10FAF529FC46565B15CEA854E1"
},
{
- "ECDSA, 192 bits (prime field)",
- "With SHA-1, message = \"sample\"",
- "sha1", "sample",
- "37D7CA00D2C7B0E5E412AC03BD44BA837FDD5B28CD3B0021",
- "98C6BD12B23EAF5E2A2045132086BE3EB8EBD62ABF6698FF",
- "57A22B07DEA9530F8DE9471B1DC6624472E8E2844BC25B64"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-224, message = \"sample\"",
- "sha224", "sample",
- "4381526B3FC1E7128F202E194505592F01D5FF4C5AF015D8",
- "A1F00DAD97AEEC91C95585F36200C65F3C01812AA60378F5",
- "E07EC1304C7C6C9DEBBE980B9692668F81D4DE7922A0F97A"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-256, message = \"sample\"",
- "sha256", "sample",
- "32B1B6D7D42A05CB449065727A84804FB1A3E34D8F261496",
- "4B0B8CE98A92866A2820E20AA6B75B56382E0F9BFD5ECB55",
- "CCDB006926EA9565CBADC840829D8C384E06DE1F1E381B85"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-384, message = \"sample\"",
- "sha384", "sample",
- "4730005C4FCB01834C063A7B6760096DBE284B8252EF4311",
- "DA63BF0B9ABCF948FBB1E9167F136145F7A20426DCC287D5",
- "C3AA2C960972BD7A2003A57E1C4C77F0578F8AE95E31EC5E"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-512, message = \"sample\"",
- "sha512", "sample",
- "A2AC7AB055E4F20692D49209544C203A7D1F2C0BFBC75DB1",
- "4D60C5AB1996BD848343B31C00850205E2EA6922DAC2E4B8",
- "3F6E837448F027A1BF4B34E796E32A811CBB4050908D8F67"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-1, message = \"test\"",
- "sha1", "test",
- "D9CF9C3D3297D3260773A1DA7418DB5537AB8DD93DE7FA25",
- "0F2141A0EBBC44D2E1AF90A50EBCFCE5E197B3B7D4DE036D",
- "EB18BC9E1F3D7387500CB99CF5F7C157070A8961E38700B7"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-224, message = \"test\"",
- "sha224", "test",
- "F5DC805F76EF851800700CCE82E7B98D8911B7D510059FBE",
- "6945A1C1D1B2206B8145548F633BB61CEF04891BAF26ED34",
- "B7FB7FDFC339C0B9BD61A9F5A8EAF9BE58FC5CBA2CB15293"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-256, message = \"test\"",
- "sha256", "test",
- "5C4CE89CF56D9E7C77C8585339B006B97B5F0680B4306C6C",
- "3A718BD8B4926C3B52EE6BBE67EF79B18CB6EB62B1AD97AE",
- "5662E6848A4A19B1F1AE2F72ACD4B8BBE50F1EAC65D9124F"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-384, message = \"test\"",
- "sha384", "test",
- "5AFEFB5D3393261B828DB6C91FBC68C230727B030C975693",
- "B234B60B4DB75A733E19280A7A6034BD6B1EE88AF5332367",
- "7994090B2D59BB782BE57E74A44C9A1C700413F8ABEFE77A"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-512, message = \"test\"",
- "sha512", "test",
- "0758753A5254759C7CFBAD2E2D9B0792EEE44136C9480527",
- "FE4F4AE86A58B6507946715934FE2D8FF9D95B6B098FE739",
- "74CF5605C98FBA0E1EF34D4B5A1577A7DCF59457CAE52290"
- },
-
-
-
- {
"ECDSA, 224 bits (prime field)",
"With SHA-1, message = \"sample\"",
"sha1", "sample",

1311
libgcrypt-1.7.3-fips-cavs.patch
View File

File diff suppressed because it is too large Load Diff

35
libgcrypt-1.7.3-fips-reqs.patch
Unescape View File

@ -0,0 +1,35 @@
diff -up libgcrypt-1.7.3/src/visibility.c.fips-reqs libgcrypt-1.7.3/src/visibility.c
--- libgcrypt-1.7.3/src/visibility.c.fips-reqs 2016-03-23 12:59:34.000000000 +0100
+++ libgcrypt-1.7.3/src/visibility.c 2016-11-22 16:29:36.992042480 +0100
@@ -1288,6 +1288,8 @@ gcry_kdf_derive (const void *passphrase,
unsigned long iterations,
size_t keysize, void *keybuffer)
{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
return gpg_error (_gcry_kdf_derive (passphrase, passphraselen, algo, hashalgo,
salt, saltlen, iterations,
keysize, keybuffer));
@@ -1343,6 +1345,13 @@ void
gcry_mpi_randomize (gcry_mpi_t w,
unsigned int nbits, enum gcry_random_level level)
{
+ if (!fips_is_operational ())
+ {
+ (void)fips_not_operational ();
+ fips_signal_fatal_error ("called in non-operational state");
+ fips_noreturn ();
+ }
+
_gcry_mpi_randomize (w, nbits, level);
}
@@ -1368,6 +1377,8 @@ gcry_prime_generate (gcry_mpi_t *prime,
gcry_random_level_t random_level,
unsigned int flags)
{
+ if (!fips_is_operational ())
+ return gpg_error (fips_not_operational ());
return gpg_error (_gcry_prime_generate (prime, prime_bits, factor_bits,
factors, cb_func, cb_arg,
random_level, flags));

115
libgcrypt-1.8.0-tests.patch
Unescape View File

@ -0,0 +1,115 @@
diff -up libgcrypt-1.8.0/cipher/dsa.c.tests libgcrypt-1.8.0/cipher/dsa.c
--- libgcrypt-1.8.0/cipher/dsa.c.tests 2016-04-07 17:30:08.000000000 +0200
+++ libgcrypt-1.8.0/cipher/dsa.c 2017-08-15 15:10:39.551600227 +0200
@@ -457,11 +457,22 @@ generate_fips186 (DSA_secret_key *sk, un
&prime_q, &prime_p,
r_counter,
r_seed, r_seedlen);
- else
- ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0,
+ else if (!domain->p || !domain->q)
+ ec = _gcry_generate_fips186_3_prime (nbits, qbits,
+ initial_seed.seed,
+ initial_seed.seedlen,
&prime_q, &prime_p,
r_counter,
r_seed, r_seedlen, NULL);
+ else
+ {
+ /* Domain parameters p and q are given; use them. */
+ prime_p = mpi_copy (domain->p);
+ prime_q = mpi_copy (domain->q);
+ gcry_assert (mpi_get_nbits (prime_p) == nbits);
+ gcry_assert (mpi_get_nbits (prime_q) == qbits);
+ ec = 0;
+ }
sexp_release (initial_seed.sexp);
if (ec)
goto leave;
@@ -855,13 +866,12 @@ dsa_generate (const gcry_sexp_t genparms
sexp_release (l1);
sexp_release (domainsexp);
- /* Check that all domain parameters are available. */
- if (!domain.p || !domain.q || !domain.g)
+ /* Check that p and q domain parameters are available. */
+ if (!domain.p || !domain.q || (!domain.g && !(flags & PUBKEY_FLAG_USE_FIPS186)))
{
_gcry_mpi_release (domain.p);
_gcry_mpi_release (domain.q);
_gcry_mpi_release (domain.g);
- sexp_release (deriveparms);
return GPG_ERR_MISSING_VALUE;
}
diff -up libgcrypt-1.8.0/cipher/rsa.c.tests libgcrypt-1.8.0/cipher/rsa.c
--- libgcrypt-1.8.0/cipher/rsa.c.tests 2017-07-06 10:21:36.000000000 +0200
+++ libgcrypt-1.8.0/cipher/rsa.c 2017-08-15 15:10:39.551600227 +0200
@@ -696,7 +696,7 @@ generate_x931 (RSA_secret_key *sk, unsig
*swapped = 0;
- if (e_value == 1) /* Alias for a secure value. */
+ if (e_value == 1 || e_value == 0) /* Alias for a secure value. */
e_value = 65537;
/* Point 1 of section 4.1: k = 1024 + 256s with S >= 0 */
diff -up libgcrypt-1.8.0/tests/keygen.c.tests libgcrypt-1.8.0/tests/keygen.c
--- libgcrypt-1.8.0/tests/keygen.c.tests 2017-08-15 15:10:39.551600227 +0200
+++ libgcrypt-1.8.0/tests/keygen.c 2017-08-15 15:16:05.433176171 +0200
@@ -200,11 +200,11 @@ check_rsa_keys (void)
if (verbose)
- info ("creating 512 bit RSA key with e=257\n");
+ info ("creating 1024 bit RSA key with e=257\n");
rc = gcry_sexp_new (&keyparm,
"(genkey\n"
" (rsa\n"
- " (nbits 3:512)\n"
+ " (nbits 4:1024)\n"
" (rsa-use-e 3:257)\n"
" ))", 0, 1);
if (rc)
@@ -225,11 +225,11 @@ check_rsa_keys (void)
gcry_sexp_release (key);
if (verbose)
- info ("creating 512 bit RSA key with default e\n");
+ info ("creating 1024 bit RSA key with default e\n");
rc = gcry_sexp_new (&keyparm,
"(genkey\n"
" (rsa\n"
- " (nbits 3:512)\n"
+ " (nbits 4:1024)\n"
" (rsa-use-e 1:0)\n"
" ))", 0, 1);
if (rc)
@@ -309,12 +309,12 @@ check_dsa_keys (void)
}
if (verbose)
- info ("creating 1536 bit DSA key\n");
+ info ("creating 2048 bit DSA key\n");
rc = gcry_sexp_new (&keyparm,
"(genkey\n"
" (dsa\n"
- " (nbits 4:1536)\n"
- " (qbits 3:224)\n"
+ " (nbits 4:2048)\n"
+ " (qbits 3:256)\n"
" ))", 0, 1);
if (rc)
die ("error creating S-expression: %s\n", gpg_strerror (rc));
diff -up libgcrypt-1.8.0/tests/pubkey.c.tests libgcrypt-1.8.0/tests/pubkey.c
--- libgcrypt-1.8.0/tests/pubkey.c.tests 2017-01-18 15:24:25.000000000 +0100
+++ libgcrypt-1.8.0/tests/pubkey.c 2017-08-15 15:10:39.552600207 +0200
@@ -595,7 +595,7 @@ get_dsa_key_fips186_with_seed_new (gcry_
" (use-fips186)"
" (transient-key)"
" (derive-parms"
- " (seed #0cb1990c1fd3626055d7a0096f8fa99807399871#))))",
+ " (seed #8b4c4d671fff82e8ed932260206d0571e3a1c2cee8cd94cb73fe58f9b67488fa#))))",
0, 1);
if (rc)
die ("error creating S-expression: %s\n", gcry_strerror (rc));

77
libgcrypt-1.8.0-use-poll.patch
Unescape View File

@ -0,0 +1,77 @@
diff -up libgcrypt-1.8.0/random/rndlinux.c.use-poll libgcrypt-1.8.0/random/rndlinux.c
--- libgcrypt-1.8.0/random/rndlinux.c.use-poll 2017-06-24 13:34:29.000000000 +0200
+++ libgcrypt-1.8.0/random/rndlinux.c 2017-08-15 15:37:37.604629377 +0200
@@ -32,6 +32,7 @@
#include <string.h>
#include <unistd.h>
#include <fcntl.h>
+#include <poll.h>
#if defined(__linux__) && defined(HAVE_SYSCALL)
# include <sys/syscall.h>
#endif
@@ -216,9 +217,8 @@ _gcry_rndlinux_gather_random (void (*add
return with something we will actually use 100ms. */
while (length)
{
- fd_set rfds;
- struct timeval tv;
int rc;
+ struct pollfd pfd;
/* If we have a modern Linux kernel and we want to read from the
* the non-blocking /dev/urandom, we first try to use the new
@@ -276,36 +276,25 @@ _gcry_rndlinux_gather_random (void (*add
any_need_entropy = 1;
}
- /* If the system has no limit on the number of file descriptors
- and we encounter an fd which is larger than the fd_set size,
- we don't use the select at all. The select code is only used
- to emit progress messages. A better solution would be to
- fall back to poll() if available. */
-#ifdef FD_SETSIZE
- if (fd < FD_SETSIZE)
-#endif
+ pfd.fd = fd;
+ pfd.events = POLLIN;
+
+ _gcry_pre_syscall ();
+ rc = poll(&pfd, 1, delay);
+ _gcry_post_syscall ();
+ if (!rc)
{
- FD_ZERO(&rfds);
- FD_SET(fd, &rfds);
- tv.tv_sec = delay;
- tv.tv_usec = delay? 0 : 100000;
- _gcry_pre_syscall ();
- rc = select (fd+1, &rfds, NULL, NULL, &tv);
- _gcry_post_syscall ();
- if (!rc)
- {
- any_need_entropy = 1;
- delay = 3; /* Use 3 seconds henceforth. */
- continue;
- }
- else if( rc == -1 )
- {
- log_error ("select() error: %s\n", strerror(errno));
- if (!delay)
- delay = 1; /* Use 1 second if we encounter an error before
- we have ever blocked. */
- continue;
- }
+ any_need_entropy = 1;
+ delay = 3000; /* Use 3 seconds henceforth. */
+ continue;
+ }
+ else if( rc == -1 )
+ {
+ log_error ("poll() error: %s\n", strerror(errno));
+ if (!delay)
+ delay = 1000; /* Use 1 second if we encounter an error before
+ we have ever blocked. */
+ continue;
}
do

256
libgcrypt-1.8.3-fips-ctor.patch
Unescape View File

@ -0,0 +1,256 @@
diff -up libgcrypt-1.8.3/cipher/md.c.fips-ctor libgcrypt-1.8.3/cipher/md.c
--- libgcrypt-1.8.3/cipher/md.c.fips-ctor 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.3/cipher/md.c 2018-07-12 13:24:54.088403006 +0200
@@ -411,11 +411,8 @@ md_enable (gcry_md_hd_t hd, int algorith
if (!err && algorithm == GCRY_MD_MD5 && fips_mode ())
{
- _gcry_inactivate_fips_mode ("MD5 used");
if (_gcry_enforced_fips_mode () )
{
- /* We should never get to here because we do not register
- MD5 in enforced fips mode. But better throw an error. */
err = GPG_ERR_DIGEST_ALGO;
}
}
diff -up libgcrypt-1.8.3/src/fips.c.fips-ctor libgcrypt-1.8.3/src/fips.c
--- libgcrypt-1.8.3/src/fips.c.fips-ctor 2018-07-12 13:24:54.075402698 +0200
+++ libgcrypt-1.8.3/src/fips.c 2018-07-12 13:24:54.088403006 +0200
@@ -91,6 +91,31 @@ static void fips_new_state (enum module_
+/* Initialize the FSM lock - this function may only
+ be called once and is intended to be run from the library
+ constructor */
+void
+_gcry_initialize_fsm_lock (void)
+{
+ gpg_error_t err;
+ /* Intitialize the lock to protect the FSM. */
+ err = gpgrt_lock_init (&fsm_lock);
+ if (err)
+ {
+ /* If that fails we can't do anything but abort the
+ process. We need to use log_info so that the FSM won't
+ get involved. */
+ log_info ("FATAL: failed to create the FSM lock in libgcrypt: %s\n",
+ gpg_strerror (err));
+#ifdef HAVE_SYSLOG
+ syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
+ "creating FSM lock failed: %s - abort",
+ gpg_strerror (err));
+#endif /*HAVE_SYSLOG*/
+ abort ();
+ }
+}
+
/* Check whether the OS is in FIPS mode and record that in a module
local variable. If FORCE is passed as true, fips mode will be
enabled anyway. Note: This function is not thread-safe and should
@@ -100,7 +125,6 @@ void
_gcry_initialize_fips_mode (int force)
{
static int done;
- gpg_error_t err;
/* Make sure we are not accidentally called twice. */
if (done)
@@ -179,24 +203,6 @@ _gcry_initialize_fips_mode (int force)
/* Yes, we are in FIPS mode. */
FILE *fp;
- /* Intitialize the lock to protect the FSM. */
- err = gpgrt_lock_init (&fsm_lock);
- if (err)
- {
- /* If that fails we can't do anything but abort the
- process. We need to use log_info so that the FSM won't
- get involved. */
- log_info ("FATAL: failed to create the FSM lock in libgcrypt: %s\n",
- gpg_strerror (err));
-#ifdef HAVE_SYSLOG
- syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
- "creating FSM lock failed: %s - abort",
- gpg_strerror (err));
-#endif /*HAVE_SYSLOG*/
- abort ();
- }
-
-
/* If the FIPS force files exists, is readable and has a number
!= 0 on its first line, we enable the enforced fips mode. */
fp = fopen (FIPS_FORCE_FILE, "r");
@@ -359,16 +365,20 @@ _gcry_fips_is_operational (void)
{
int result;
- if (!fips_mode ())
+ lock_fsm ();
+ if (current_state == STATE_POWERON && !fips_mode ())
+ /* If we are at this point in POWERON state it means the FIPS
+ module installation was not completed. (/etc/system-fips
+ is not present.) */
result = 1;
else
{
- lock_fsm ();
- if (current_state == STATE_INIT)
+ if (current_state == STATE_INIT || current_state == STATE_SELFTEST)
{
- /* If we are still in the INIT state, we need to run the
- selftests so that the FSM can eventually get into
- operational state. Given that we would need a 2-phase
+ /* If we are still in the INIT (or SELFTEST) state,
+ we need to run (or finish) the selftests so
+ that the FSM can eventually get into operational
+ state. Given that we would need a 2-phase
initialization of libgcrypt, but that has traditionally
not been enforced, we use this on demand self-test
checking. Note that Proper applications would do the
@@ -384,9 +394,11 @@ _gcry_fips_is_operational (void)
lock_fsm ();
}
- result = (current_state == STATE_OPERATIONAL);
- unlock_fsm ();
+ result = (current_state == STATE_OPERATIONAL) || !fips_mode ();
+ /* We always run the selftests but ignore the result
+ in non-FIPS mode. */
}
+ unlock_fsm ();
return result;
}
@@ -709,9 +721,25 @@ _gcry_fips_run_selftests (int extended)
{
enum module_states result = STATE_ERROR;
gcry_err_code_t ec = GPG_ERR_SELFTEST_FAILED;
+ int in_poweron;
- if (fips_mode ())
- fips_new_state (STATE_SELFTEST);
+ lock_fsm ();
+ in_poweron = (current_state == STATE_POWERON);
+ unlock_fsm ();
+
+ fips_new_state (STATE_SELFTEST);
+
+ /* We first check the integrity of the binary.
+ If run from the constructor we are in POWERON state,
+ we return and finish the remaining selftests before
+ real use of the library. It will be in the POWERON
+ state meanwhile. */
+ if (in_poweron)
+ if (check_binary_integrity ())
+ goto leave;
+
+ if (in_poweron)
+ return 0;
if (run_cipher_selftests (extended))
goto leave;
@@ -730,18 +758,12 @@ _gcry_fips_run_selftests (int extended)
if (run_pubkey_selftests (extended))
goto leave;
- /* Now check the integrity of the binary. We do this this after
- having checked the HMAC code. */
- if (check_binary_integrity ())
- goto leave;
-
/* All selftests passed. */
result = STATE_OPERATIONAL;
ec = 0;
leave:
- if (fips_mode ())
- fips_new_state (result);
+ fips_new_state (result);
return ec;
}
@@ -797,6 +819,7 @@ fips_new_state (enum module_states new_s
{
case STATE_POWERON:
if (new_state == STATE_INIT
+ || new_state == STATE_SELFTEST
|| new_state == STATE_ERROR
|| new_state == STATE_FATALERROR)
ok = 1;
@@ -811,6 +834,8 @@ fips_new_state (enum module_states new_s
case STATE_SELFTEST:
if (new_state == STATE_OPERATIONAL
+ || new_state == STATE_INIT
+ || new_state == STATE_SELFTEST
|| new_state == STATE_ERROR
|| new_state == STATE_FATALERROR)
ok = 1;
diff -up libgcrypt-1.8.3/src/global.c.fips-ctor libgcrypt-1.8.3/src/global.c
--- libgcrypt-1.8.3/src/global.c.fips-ctor 2017-11-23 19:25:58.000000000 +0100
+++ libgcrypt-1.8.3/src/global.c 2018-07-17 19:15:43.933827112 +0200
@@ -141,6 +141,29 @@ global_init (void)
}
+#ifndef FIPS_MODULE_PATH
+#define FIPS_MODULE_PATH "/etc/system-fips"
+#endif
+
+void __attribute__ ((constructor)) _gcry_global_constructor (void)
+{
+ int rv;
+
+ /* We always need the FSM lock to be functional. */
+ _gcry_initialize_fsm_lock ();
+
+ rv = access (FIPS_MODULE_PATH, F_OK);
+ if (rv < 0 && errno != ENOENT)
+ rv = 0;
+
+ if (!rv)
+ {
+ /* We run the integrity check at this point. The remaining
+ selftests are run before use of the library by application. */
+ _gcry_fips_run_selftests (0);
+ }
+}
+
/* This function is called by the macro fips_is_operational and makes
sure that the minimal initialization has been done. This is far
from a perfect solution and hides problems with an improper
@@ -671,8 +694,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
case GCRYCTL_FIPS_MODE_P:
if (fips_mode ()
- && !_gcry_is_fips_mode_inactive ()
- && !no_secure_memory)
+ && !_gcry_is_fips_mode_inactive ())
rc = GPG_ERR_GENERAL; /* Used as TRUE value */
break;
@@ -749,9 +771,9 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
break;
case GCRYCTL_SET_ENFORCED_FIPS_FLAG:
- if (!any_init_done)
+ if (fips_mode ())
{
- /* Not yet initialized at all. Set the enforced fips mode flag */
+ /* We are in FIPS mode, we can set the enforced fips mode flag. */
_gcry_set_preferred_rng_type (0);
_gcry_set_enforced_fips_mode ();
}
diff -up libgcrypt-1.8.3/src/g10lib.h.fips-ctor libgcrypt-1.8.3/src/g10lib.h
--- libgcrypt-1.8.3/src/g10lib.h.fips-ctor 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.3/src/g10lib.h 2018-07-12 13:24:54.089403030 +0200
@@ -422,6 +422,8 @@ gpg_err_code_t _gcry_sexp_vextract_param
/*-- fips.c --*/
+void _gcry_initialize_fsm_lock (void);
+
void _gcry_initialize_fips_mode (int force);
int _gcry_fips_mode (void);

101
libgcrypt-1.8.3-getrandom.patch
Unescape View File

@ -0,0 +1,101 @@
diff -up libgcrypt-1.8.3/random/random.c.getrandom libgcrypt-1.8.3/random/random.c
--- libgcrypt-1.8.3/random/random.c.getrandom 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.3/random/random.c 2018-07-10 15:38:34.303855808 +0200
@@ -110,8 +110,8 @@ _gcry_random_read_conf (void)
unsigned int result = 0;
fp = fopen (fname, "r");
- if (!fp)
- return result;
+ if (!fp) /* We make only_urandom the default. */
+ return RANDOM_CONF_ONLY_URANDOM;
for (;;)
{
diff -up libgcrypt-1.8.3/random/random-csprng.c.getrandom libgcrypt-1.8.3/random/random-csprng.c
--- libgcrypt-1.8.3/random/random-csprng.c.getrandom 2017-11-23 19:16:58.000000000 +0100
+++ libgcrypt-1.8.3/random/random-csprng.c 2018-06-14 16:31:04.731179208 +0200
@@ -55,6 +55,10 @@
#ifdef __MINGW32__
#include <process.h>
#endif
+#if defined(__linux__) && defined(HAVE_SYSCALL)
+# include <sys/syscall.h>
+# include <linux/random.h>
+#endif
#include "g10lib.h"
#include "random.h"
#include "rand-internal.h"
@@ -1116,6 +1120,22 @@ getfnc_gather_random (void))(void (*)(co
enum random_origins, size_t, int);
#if USE_RNDLINUX
+#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
+ long ret;
+ char buffer[1];
+
+ _gcry_pre_syscall ();
+ ret = syscall (__NR_getrandom,
+ (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK);
+ _gcry_post_syscall ();
+ if (ret != -1 || errno != ENOSYS)
+ {
+ fnc = _gcry_rndlinux_gather_random;
+ return fnc;
+ }
+ else
+ /* The syscall is not supported - fallback to /dev/urandom. */
+#endif
if ( !access (NAME_OF_DEV_RANDOM, R_OK)
&& !access (NAME_OF_DEV_URANDOM, R_OK))
{
diff -up libgcrypt-1.8.3/random/rndlinux.c.getrandom libgcrypt-1.8.3/random/rndlinux.c
--- libgcrypt-1.8.3/random/rndlinux.c.getrandom 2018-06-14 16:31:04.722178971 +0200
+++ libgcrypt-1.8.3/random/rndlinux.c 2018-07-10 15:55:03.301075155 +0200
@@ -35,6 +35,7 @@
#include <poll.h>
#if defined(__linux__) && defined(HAVE_SYSCALL)
# include <sys/syscall.h>
+# include <linux/random.h>
#endif
#include "types.h"
@@ -204,6 +205,18 @@ _gcry_rndlinux_gather_random (void (*add
{
if (fd_urandom == -1)
{
+#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
+ long ret;
+
+ _gcry_pre_syscall ();
+ ret = syscall (__NR_getrandom,
+ (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK);
+ _gcry_post_syscall ();
+ if (ret > -1 || errno == EAGAIN || errno == EINTR)
+ fd_urandom = -2;
+ else
+ /* The syscall is not supported - fallback to /dev/urandom. */
+#endif
fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2));
ever_opened |= 2;
}
@@ -230,7 +243,7 @@ _gcry_rndlinux_gather_random (void (*add
* syscall and not a new device and thus we are not able to use
* select(2) to have a timeout. */
#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
- if (fd == fd_urandom)
+ if (fd == -2)
{
long ret;
size_t nbytes;
@@ -246,9 +259,7 @@ _gcry_rndlinux_gather_random (void (*add
_gcry_post_syscall ();
}
while (ret == -1 && errno == EINTR);
- if (ret == -1 && errno == ENOSYS)
- ; /* The syscall is not supported - fallback to /dev/urandom. */
- else
+ if (1)
{ /* The syscall is supported. Some sanity checks. */
if (ret == -1)
log_fatal ("unexpected error from getrandom: %s\n",

11
libgcrypt-mingw64-use-correct-datatype-for-GetProcessWorkingSet.patch
Unescape View File

@ -1,11 +0,0 @@
--- random/rndw32.c.orig 2011-07-04 19:11:18.137525831 +0200
+++ random/rndw32.c 2011-07-04 19:11:40.785404249 +0200
@@ -887,7 +887,7 @@
{
HANDLE handle;
FILETIME creationTime, exitTime, kernelTime, userTime;
- DWORD minimumWorkingSetSize, maximumWorkingSetSize;
+ SIZE_T minimumWorkingSetSize, maximumWorkingSetSize;
handle = GetCurrentThread ();
GetThreadTimes (handle, &creationTime, &exitTime,

94
libgcrypt-use-correct-asm-code-for-win64.patch
Unescape View File

@ -1,94 +0,0 @@
diff -ur libgcrypt-1.6.2/acinclude.m4 libgcrypt-1.6.2.new/acinclude.m4
--- libgcrypt-1.6.2/acinclude.m4 2014-08-18 08:46:51.000000000 +0200
+++ libgcrypt-1.6.2.new/acinclude.m4 2014-11-07 21:48:36.315702591 +0100
@@ -102,7 +102,9 @@
[tmp_do_check="no"
case "${host}" in
*-mingw32*)
- ac_cv_sys_symbol_underscore=yes
+ if test "x$ac_cv_sys_symbol_underscore" = x ; then
+ ac_cv_sys_symbol_underscore=yes
+ fi
;;
i386-emx-os2 | i[3456]86-pc-os2*emx | i386-pc-msdosdjgpp)
ac_cv_sys_symbol_underscore=yes
diff -ur libgcrypt-1.6.2/mpi/generic/mpi-asm-defs.h libgcrypt-1.6.2.new/mpi/generic/mpi-asm-defs.h
--- libgcrypt-1.6.2/mpi/generic/mpi-asm-defs.h 2014-08-18 08:46:51.000000000 +0200
+++ libgcrypt-1.6.2.new/mpi/generic/mpi-asm-defs.h 2014-11-07 21:47:30.932355415 +0100
@@ -4,5 +4,9 @@
#if __GNUC__ >= 3 && defined(__x86_64__) && defined(__ILP32__)
#define BYTES_PER_MPI_LIMB 8
#else
+#ifdef _WIN64
+#define BYTES_PER_MPI_LIMB (SIZEOF_UNSIGNED_LONG_LONG)
+#else
#define BYTES_PER_MPI_LIMB (SIZEOF_UNSIGNED_LONG)
#endif
+#endif
diff -ur libgcrypt-1.6.2/mpi/mpi-internal.h libgcrypt-1.6.2.new/mpi/mpi-internal.h
--- libgcrypt-1.6.2/mpi/mpi-internal.h 2014-08-18 08:46:51.000000000 +0200
+++ libgcrypt-1.6.2.new/mpi/mpi-internal.h 2014-11-07 21:46:02.009004456 +0100
@@ -169,6 +169,12 @@
} while (0)
+#ifdef _WIN64
+#define ATTR_ABI __attribute__ ((sysv_abi))
+#else
+#define ATTR_ABI
+#endif
+
/*-- mpiutil.c --*/
#define mpi_alloc_limb_space(n,f) _gcry_mpi_alloc_limb_space((n),(f))
mpi_ptr_t _gcry_mpi_alloc_limb_space( unsigned nlimbs, int sec );
@@ -187,7 +193,7 @@
mpi_limb_t _gcry_mpih_add_1(mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr,
mpi_size_t s1_size, mpi_limb_t s2_limb );
mpi_limb_t _gcry_mpih_add_n( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr,
- mpi_ptr_t s2_ptr, mpi_size_t size);
+ mpi_ptr_t s2_ptr, mpi_size_t size) ATTR_ABI;
mpi_limb_t _gcry_mpih_add(mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr, mpi_size_t s1_size,
mpi_ptr_t s2_ptr, mpi_size_t s2_size);
@@ -195,7 +201,7 @@
mpi_limb_t _gcry_mpih_sub_1( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr,
mpi_size_t s1_size, mpi_limb_t s2_limb );
mpi_limb_t _gcry_mpih_sub_n( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr,
- mpi_ptr_t s2_ptr, mpi_size_t size);
+ mpi_ptr_t s2_ptr, mpi_size_t size) ATTR_ABI;
mpi_limb_t _gcry_mpih_sub(mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr, mpi_size_t s1_size,
mpi_ptr_t s2_ptr, mpi_size_t s2_size);
@@ -217,9 +223,9 @@
void _gcry_mpih_release_karatsuba_ctx( struct karatsuba_ctx *ctx );
mpi_limb_t _gcry_mpih_addmul_1( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr,
- mpi_size_t s1_size, mpi_limb_t s2_limb);
+ mpi_size_t s1_size, mpi_limb_t s2_limb) ATTR_ABI;
mpi_limb_t _gcry_mpih_submul_1( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr,
- mpi_size_t s1_size, mpi_limb_t s2_limb);
+ mpi_size_t s1_size, mpi_limb_t s2_limb) ATTR_ABI;
void _gcry_mpih_mul_n( mpi_ptr_t prodp, mpi_ptr_t up, mpi_ptr_t vp,
mpi_size_t size);
mpi_limb_t _gcry_mpih_mul( mpi_ptr_t prodp, mpi_ptr_t up, mpi_size_t usize,
@@ -236,7 +242,7 @@
/*-- mpih-mul_1.c (or xxx/cpu/ *.S) --*/
mpi_limb_t _gcry_mpih_mul_1( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr,
- mpi_size_t s1_size, mpi_limb_t s2_limb);
+ mpi_size_t s1_size, mpi_limb_t s2_limb) ATTR_ABI;
/*-- mpih-div.c --*/
mpi_limb_t _gcry_mpih_mod_1(mpi_ptr_t dividend_ptr, mpi_size_t dividend_size,
@@ -250,9 +256,9 @@
/*-- mpih-shift.c --*/
mpi_limb_t _gcry_mpih_lshift( mpi_ptr_t wp, mpi_ptr_t up, mpi_size_t usize,
- unsigned cnt);
+ unsigned cnt) ATTR_ABI;
mpi_limb_t _gcry_mpih_rshift( mpi_ptr_t wp, mpi_ptr_t up, mpi_size_t usize,
- unsigned cnt);
+ unsigned cnt) ATTR_ABI;
/* Define stuff for longlong.h. */

63
mingw-libgcrypt.spec
Unescape View File

@ -3,8 +3,8 @@
%global run_tests 0 %global run_tests 0
Name: mingw-libgcrypt Name: mingw-libgcrypt
Version: 1.6.3 Version: 1.8.3
Release: 8%{?dist} Release: 1%{?dist}
Summary: MinGW Windows gcrypt encryption library Summary: MinGW Windows gcrypt encryption library
License: LGPLv2+ and GPLv2+ License: LGPLv2+ and GPLv2+
@ -24,32 +24,51 @@ Source3: hobble-libgcrypt
Source4: ecc-curves.c Source4: ecc-curves.c
Source5: curves.c Source5: curves.c
Source6: t-mpi-point.c Source6: t-mpi-point.c
Source7: random.conf
# Upstream is unwilling to accept this patch...
# https://bugs.g10code.com/gnupg/issue1360 # make FIPS hmac compatible with fipscheck - non upstreamable
Patch0: libgcrypt-mingw64-use-correct-datatype-for-GetProcessWorkingSet.patch # update on soname bump
Patch2: libgcrypt-1.6.2-use-fipscheck.patch
# fix tests in the FIPS mode, allow CAVS testing of DSA keygen
Patch5: libgcrypt-1.8.0-tests.patch
# update the CAVS tests
Patch7: libgcrypt-1.7.3-fips-cavs.patch
# use poll instead of select when gathering randomness
Patch11: libgcrypt-1.8.0-use-poll.patch
# slight optimalization of mpicoder.c to silence Valgrind (#968288)
Patch13: libgcrypt-1.6.1-mpicoder-gccopt.patch
# fix tests to work with approved ECC
Patch14: libgcrypt-1.7.3-ecc-test-fix.patch
# Run the FIPS mode initialization in the shared library constructor
Patch18: libgcrypt-1.8.3-fips-ctor.patch
# Block some operations if in FIPS non-operational state
Patch22: libgcrypt-1.7.3-fips-reqs.patch
# Do not try to open /dev/urandom if getrandom() works
Patch24: libgcrypt-1.8.3-getrandom.patch
# MinGW-specific patches
# Workaround a bug in libtool: # Workaround a bug in libtool:
# libgcrypt-use-correct-def-file.patch # libgcrypt-use-correct-def-file.patch
Patch2: libgcrypt-use-correct-def-file.patch Patch1000: libgcrypt-use-correct-def-file.patch
# The ASM code is written for the generic x86_64 target.
# For Win64 some minor changes are needed
Patch3: libgcrypt-use-correct-asm-code-for-win64.patch
BuildArch: noarch BuildArch: noarch
BuildRequires: mingw32-filesystem >= 95 BuildRequires: mingw32-filesystem >= 95
BuildRequires: mingw32-gcc BuildRequires: mingw32-gcc
BuildRequires: mingw32-binutils BuildRequires: mingw32-binutils
BuildRequires: mingw32-dlfcn
BuildRequires: mingw32-libgpg-error BuildRequires: mingw32-libgpg-error
BuildRequires: mingw64-filesystem >= 95 BuildRequires: mingw64-filesystem >= 95
BuildRequires: mingw64-gcc BuildRequires: mingw64-gcc
BuildRequires: mingw64-binutils BuildRequires: mingw64-binutils
BuildRequires: mingw64-dlfcn
BuildRequires: mingw64-libgpg-error BuildRequires: mingw64-libgpg-error
BuildRequires: autoconf automake libtool BuildRequires: gcc
#BuildRequires: autoconf automake libtool
%if %run_tests %if %run_tests
BuildRequires: wine BuildRequires: wine
@ -106,14 +125,23 @@ Static library for mingw64-libgcrypt development.
%prep %prep
%setup -q -n libgcrypt-%{version} %setup -q -n libgcrypt-%{version}
%{SOURCE3} %{SOURCE3}
%patch0 -p0 -b .win64 %patch2 -p1 -b .use-fipscheck
%patch2 -p0 -b .def %patch5 -p1 -b .tests
%patch3 -p1 -b .asm64 %patch7 -p1 -b .cavs
%patch11 -p1 -b .use-poll
%patch13 -p1 -b .gccopt
%patch14 -p1 -b .eccfix
%patch18 -p1 -b .fips-ctor
%patch22 -p1 -b .fips-reqs
%patch24 -p1 -b .getrandom
%patch1000 -p0 -b .def
cp %{SOURCE4} cipher/ cp %{SOURCE4} cipher/
cp %{SOURCE5} %{SOURCE6} tests/ cp %{SOURCE5} %{SOURCE6} tests/
# Needed for the asm64 patch # Needed for the asm64 patch
autoreconf -i --force #autoreconf -i --force
%build %build
@ -183,6 +211,9 @@ rm $RPM_BUILD_ROOT%{mingw64_libdir}/libgcrypt.la
%changelog %changelog
* Wed Aug 29 2018 Christophe Fergeau <cfergeau@redhat.com> - 1.8.3-1
- Update to 1.8.3, this syncs mingw-libgcrypt with the native libgcrypt package
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.3-8 * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.3-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

4
random.conf
Unescape View File

@ -0,0 +1,4 @@
# use only /dev/urandom - see https://www.2uo.de/myths-about-urandom/
only-urandom
# Keep jitter entropy generator enabled (should do no harm)
#disable-jent

2
sources
Unescape View File

@ -1 +1 @@
cbb7aa4b8c4c63f24e954fbf00e16335 libgcrypt-1.6.3-hobbled.tar.xz SHA512 (libgcrypt-1.8.3-hobbled.tar.xz) = 6981367a138e03375d7ccf44e2dacb5c96f0ebadf34c2734f95cf3b94a7d7b206a2864304abfbcc3acf0055cc83491fd68d065af33487fefa73f550954a99613

457
t-mpi-point.c
Unescape View File

@ -26,29 +26,8 @@
#include <assert.h> #include <assert.h>
#include <stdarg.h> #include <stdarg.h>
#include "../src/gcrypt-int.h"
#define PGM "t-mpi-point" #define PGM "t-mpi-point"
#include "t-common.h"
static const char *wherestr;
static int verbose;
static int debug;
static int error_count;
#define my_isascii(c) (!((c) & 0x80))
#define digitp(p) (*(p) >= '0' && *(p) <= '9')
#define hexdigitp(a) (digitp (a) \
|| (*(a) >= 'A' && *(a) <= 'F') \
|| (*(a) >= 'a' && *(a) <= 'f'))
#define xtoi_1(p) (*(p) <= '9'? (*(p)- '0'): \
*(p) <= 'F'? (*(p)-'A'+10):(*(p)-'a'+10))
#define xtoi_2(p) ((xtoi_1(p) * 16) + xtoi_1((p)+1))
#define xmalloc(a) gcry_xmalloc ((a))
#define xcalloc(a,b) gcry_xcalloc ((a),(b))
#define xfree(a) gcry_free ((a))
#define pass() do { ; } while (0)
static struct static struct
{ {
@ -57,8 +36,20 @@ static struct
const char *a, *b; /* The coefficients. */ const char *a, *b; /* The coefficients. */
const char *n; /* The order of the base point. */ const char *n; /* The order of the base point. */
const char *g_x, *g_y; /* Base point. */ const char *g_x, *g_y; /* Base point. */
const char *h; /* Cofactor. */
} test_curve[] = } test_curve[] =
{ {
{
"NIST P-224",
"0xffffffffffffffffffffffffffffffff000000000000000000000001",
"0xfffffffffffffffffffffffffffffffefffffffffffffffffffffffe",
"0xb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4",
"0xffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d" ,
"0xb70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21",
"0xbd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34",
"0x01"
},
{ {
"NIST P-256", "NIST P-256",
"0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff", "0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff",
@ -67,7 +58,8 @@ static struct
"0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", "0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551",
"0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", "0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
"0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5" "0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5",
"0x01"
}, },
{ {
"NIST P-384", "NIST P-384",
@ -83,7 +75,8 @@ static struct
"0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a38" "0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a38"
"5502f25dbf55296c3a545e3872760ab7", "5502f25dbf55296c3a545e3872760ab7",
"0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c0" "0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c0"
"0a60b1ce1d7e819d7a431d7c90ea0e5f" "0a60b1ce1d7e819d7a431d7c90ea0e5f",
"0x01"
}, },
{ {
"NIST P-521", "NIST P-521",
@ -99,18 +92,20 @@ static struct
"0xc6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3d" "0xc6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3d"
"baa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66", "baa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66",
"0x11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e6" "0x11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e6"
"62c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650" "62c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650",
"0x01"
}, },
{ {
"Ed25519", "Ed25519",
"0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED", "0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED",
"-0x01", "0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEC",
"-0x2DFC9311D490018C7338BF8688861767FF8FF5B2BEBE27548A14B235ECA6874A", "0x52036CEE2B6FFE738CC740797779E89800700A4D4141D8AB75EB4DCA135978A3",
"0x1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED", "0x1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED",
"0x216936D3CD6E53FEC0A4E231FDD6DC5C692CC7609525A7B2C9562D608F25D51A", "0x216936D3CD6E53FEC0A4E231FDD6DC5C692CC7609525A7B2C9562D608F25D51A",
"0x6666666666666666666666666666666666666666666666666666666666666658" "0x6666666666666666666666666666666666666666666666666666666666666658",
"0x08"
}, },
{ NULL, NULL, NULL, NULL, NULL } { NULL, NULL, NULL, NULL, NULL, NULL }
}; };
/* A sample public key for NIST P-256. */ /* A sample public key for NIST P-256. */
@ -139,50 +134,6 @@ static const char sample_ed25519_d[] =
"9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60"; "9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60";
static void
show (const char *format, ...)
{
va_list arg_ptr;
if (!verbose)
return;
fprintf (stderr, "%s: ", PGM);
va_start (arg_ptr, format);
vfprintf (stderr, format, arg_ptr);
va_end (arg_ptr);
}
static void
fail (const char *format, ...)
{
va_list arg_ptr;
fflush (stdout);
fprintf (stderr, "%s: ", PGM);
if (wherestr)
fprintf (stderr, "%s: ", wherestr);
va_start (arg_ptr, format);
vfprintf (stderr, format, arg_ptr);
va_end (arg_ptr);
error_count++;
}
static void
die (const char *format, ...)
{
va_list arg_ptr;
fflush (stdout);
fprintf (stderr, "%s: ", PGM);
if (wherestr)
fprintf (stderr, "%s: ", wherestr);
va_start (arg_ptr, format);
vfprintf (stderr, format, arg_ptr);
va_end (arg_ptr);
exit (1);
}
static void static void
print_mpi_2 (const char *text, const char *text2, gcry_mpi_t a) print_mpi_2 (const char *text, const char *text2, gcry_mpi_t a)
{ {
@ -294,7 +245,7 @@ hex2mpiopa (const char *string)
die ("hex2mpiopa '%s' failed: parser error\n", string); die ("hex2mpiopa '%s' failed: parser error\n", string);
val = gcry_mpi_set_opaque (NULL, buffer, buflen*8); val = gcry_mpi_set_opaque (NULL, buffer, buflen*8);
if (!buffer) if (!buffer)
die ("hex2mpiopa '%s' failed: set_opaque error%s\n", string); die ("hex2mpiopa '%s' failed: set_opaque error\n", string);
return val; return val;
} }
@ -344,11 +295,11 @@ ec_p_new (gcry_ctx_t *r_ctx, gcry_mpi_t p, gcry_mpi_t a)
static void static void
set_get_point (void) set_get_point (void)
{ {
gcry_mpi_point_t point; gcry_mpi_point_t point, point2;
gcry_mpi_t x, y, z; gcry_mpi_t x, y, z;
wherestr = "set_get_point"; wherestr = "set_get_point";
show ("checking point setting functions\n"); info ("checking point setting functions\n");
point = gcry_mpi_point_new (0); point = gcry_mpi_point_new (0);
x = gcry_mpi_set_ui (NULL, 17); x = gcry_mpi_set_ui (NULL, 17);
@ -388,7 +339,22 @@ set_get_point (void)
|| gcry_mpi_cmp_ui (y, 42) || gcry_mpi_cmp_ui (z, 11371)) || gcry_mpi_cmp_ui (y, 42) || gcry_mpi_cmp_ui (z, 11371))
fail ("point_snatch_set/point_get failed\n"); fail ("point_snatch_set/point_get failed\n");
point2 = gcry_mpi_point_copy (point);
gcry_mpi_point_get (x, y, z, point2);
if (gcry_mpi_cmp_ui (x, 17)
|| gcry_mpi_cmp_ui (y, 42) || gcry_mpi_cmp_ui (z, 11371))
fail ("point_copy failed (1)\n");
gcry_mpi_point_release (point); gcry_mpi_point_release (point);
gcry_mpi_point_get (x, y, z, point2);
if (gcry_mpi_cmp_ui (x, 17)
|| gcry_mpi_cmp_ui (y, 42) || gcry_mpi_cmp_ui (z, 11371))
fail ("point_copy failed (2)\n");
gcry_mpi_point_release (point2);
gcry_mpi_release (x); gcry_mpi_release (x);
gcry_mpi_release (y); gcry_mpi_release (y);
gcry_mpi_release (z); gcry_mpi_release (z);
@ -403,7 +369,7 @@ context_alloc (void)
gcry_mpi_t p, a; gcry_mpi_t p, a;
wherestr = "context_alloc"; wherestr = "context_alloc";
show ("checking context functions\n"); info ("checking context functions\n");
p = gcry_mpi_set_ui (NULL, 1); p = gcry_mpi_set_ui (NULL, 1);
a = gcry_mpi_set_ui (NULL, 1); a = gcry_mpi_set_ui (NULL, 1);
@ -414,28 +380,18 @@ context_alloc (void)
gcry_mpi_release (a); gcry_mpi_release (a);
gcry_ctx_release (ctx); gcry_ctx_release (ctx);
p = gcry_mpi_set_ui (NULL, 0); p = NULL;
a = gcry_mpi_set_ui (NULL, 0); a = gcry_mpi_set_ui (NULL, 0);
err = ec_p_new (&ctx, p, a);
if (!err || gpg_err_code (err) != GPG_ERR_EINVAL)
fail ("ec_p_new: bad parameter detection failed (1)\n");
gcry_mpi_set_ui (p, 1);
err = ec_p_new (&ctx, p, a); err = ec_p_new (&ctx, p, a);
if (!err || gpg_err_code (err) != GPG_ERR_EINVAL) if (!err || gpg_err_code (err) != GPG_ERR_EINVAL)
fail ("ec_p_new: bad parameter detection failed (2)\n"); fail ("ec_p_new: bad parameter detection failed (1)\n");
gcry_mpi_release (p);
p = NULL;
err = ec_p_new (&ctx, p, a);
if (!err || gpg_err_code (err) != GPG_ERR_EINVAL)
fail ("ec_p_new: bad parameter detection failed (3)\n");
gcry_mpi_release (a); gcry_mpi_release (a);
a = NULL; a = NULL;
err = ec_p_new (&ctx, p, a); err = ec_p_new (&ctx, p, a);
if (!err || gpg_err_code (err) != GPG_ERR_EINVAL) if (!err || gpg_err_code (err) != GPG_ERR_EINVAL)
fail ("ec_p_new: bad parameter detection failed (4)\n"); fail ("ec_p_new: bad parameter detection failed (2)\n");
} }
@ -520,9 +476,20 @@ context_param (void)
wherestr = "context_param"; wherestr = "context_param";
show ("checking standard curves\n"); info ("checking standard curves\n");
for (idx=0; test_curve[idx].desc; idx++) for (idx=0; test_curve[idx].desc; idx++)
{ {
/* P-192 and Ed25519 are not supported in fips mode */
if (gcry_fips_mode_active())
{
if (!strcmp(test_curve[idx].desc, "NIST P-192")
|| !strcmp(test_curve[idx].desc, "Ed25519"))
{
info ("skipping %s in fips mode\n", test_curve[idx].desc );
continue;
}
}
gcry_ctx_release (ctx); gcry_ctx_release (ctx);
err = gcry_mpi_ec_new (&ctx, NULL, test_curve[idx].desc); err = gcry_mpi_ec_new (&ctx, NULL, test_curve[idx].desc);
if (err) if (err)
@ -546,10 +513,12 @@ context_param (void)
if (get_and_cmp_point ("g", test_curve[idx].g_x, test_curve[idx].g_y, if (get_and_cmp_point ("g", test_curve[idx].g_x, test_curve[idx].g_y,
test_curve[idx].desc, ctx)) test_curve[idx].desc, ctx))
continue; continue;
if (get_and_cmp_mpi ("h", test_curve[idx].h, test_curve[idx].desc, ctx))
continue;
} }
show ("checking sample public key (nistp256)\n"); info ("checking sample public key (nistp256)\n");
q = hex2mpi (sample_p256_q); q = hex2mpi (sample_p256_q);
err = gcry_sexp_build (&keyparam, NULL, err = gcry_sexp_build (&keyparam, NULL,
"(public-key(ecc(curve %s)(q %m)))", "(public-key(ecc(curve %s)(q %m)))",
@ -616,7 +585,11 @@ context_param (void)
gcry_sexp_release (sexp); gcry_sexp_release (sexp);
} }
show ("checking sample public key (Ed25519)\n"); /* Skipping Ed25519 if in FIPS mode (it isn't supported) */
if (gcry_fips_mode_active())
goto cleanup;
info ("checking sample public key (Ed25519)\n");
q = hex2mpi (sample_ed25519_q); q = hex2mpi (sample_ed25519_q);
gcry_sexp_release (keyparam); gcry_sexp_release (keyparam);
err = gcry_sexp_build (&keyparam, NULL, err = gcry_sexp_build (&keyparam, NULL,
@ -703,6 +676,7 @@ context_param (void)
} }
cleanup:
gcry_ctx_release (ctx); gcry_ctx_release (ctx);
gcry_sexp_release (keyparam); gcry_sexp_release (keyparam);
} }
@ -737,7 +711,7 @@ basic_ec_math (void)
gcry_mpi_t x, y, z; gcry_mpi_t x, y, z;
wherestr = "basic_ec_math"; wherestr = "basic_ec_math";
show ("checking basic math functions for EC\n"); info ("checking basic math functions for EC\n");
P = hex2mpi ("0xfffffffffffffffffffffffffffffffeffffffffffffffff"); P = hex2mpi ("0xfffffffffffffffffffffffffffffffeffffffffffffffff");
A = hex2mpi ("0xfffffffffffffffffffffffffffffffefffffffffffffffc"); A = hex2mpi ("0xfffffffffffffffffffffffffffffffefffffffffffffffc");
@ -804,6 +778,14 @@ basic_ec_math (void)
} }
/* This is the same as basic_ec_math but uses more advanced
features. */
static void
basic_ec_math_simplified (void)
{
}
/* Check the math used with Twisted Edwards curves. */ /* Check the math used with Twisted Edwards curves. */
static void static void
twistededwards_math (void) twistededwards_math (void)
@ -815,7 +797,7 @@ twistededwards_math (void)
gcry_mpi_t w, a, x, y, z, p, n, b, I; gcry_mpi_t w, a, x, y, z, p, n, b, I;
wherestr = "twistededwards_math"; wherestr = "twistededwards_math";
show ("checking basic Twisted Edwards math\n"); info ("checking basic Twisted Edwards math\n");
err = gcry_mpi_ec_new (&ctx, NULL, "Ed25519"); err = gcry_mpi_ec_new (&ctx, NULL, "Ed25519");
if (err) if (err)
@ -849,7 +831,7 @@ twistededwards_math (void)
/* Check: p % 4 == 1 */ /* Check: p % 4 == 1 */
gcry_mpi_mod (w, p, GCRYMPI_CONST_FOUR); gcry_mpi_mod (w, p, GCRYMPI_CONST_FOUR);
if (gcry_mpi_cmp_ui (w, 1)) if (gcry_mpi_cmp_ui (w, 1))
fail ("failed assertion: p % 4 == 1\n"); fail ("failed assertion: p %% 4 == 1\n");
/* Check: 2^{n-1} mod n == 1 */ /* Check: 2^{n-1} mod n == 1 */
gcry_mpi_sub_ui (a, n, 1); gcry_mpi_sub_ui (a, n, 1);
@ -941,6 +923,271 @@ twistededwards_math (void)
} }
/* Check the point on curve function. */
static void
point_on_curve (void)
{
static struct {
const char *curve;
int oncurve; /* Point below is on the curve. */
const char *qx;
const char *qy;
} t[] = {
{
"NIST P-256", 0,
"015B4F6775D68D4D2E2192C6B8027FC5A3D49957E453CB251155AA3FF5D3EC9974",
"4BC4C87B57A25E1056831208AB5B8F091142F891E9FF19F1E090B030DF1087B3"
}, {
"NIST P-256", 0,
"D22C316E7EBE7B293BD66808E000806F0754398A5D72A4F9BBC21C26EAC0A651",
"3C8DB80CC3CDE5E530D040536E6A58AAB41C33FA70B30896943513FF3690132D"
}, {
"NIST P-256", 0,
"0130F7E7BC52854CA493A0DE87DC4AB3B4343758F2B634F15B10D70DBC0A5A5291",
"86F9CA73C25CE86D54CB21C181AECBB52A5971334FF5040F76CAE9845ED46023"
}, {
"NIST P-256", 1,
"14957B602C7849F28858C7407696F014BC091D6D68C449560B7A38147D6E6A9B",
"A8E09EFEECFE00C797A0848F38B61992D30C61FAB13021E88C8BD3545B3A6C63"
}, {
"NIST P-256", 0,
"923DE4957241DD97780841C76294DB0D4F5DC04C3045081174764D2D32AD2D53",
"01B4B1A2027C02F0F520A3B01E4CE3C668BF481346A74499C5D1044A53E210B600"
}, {
"NIST P-256", 1,
"9021DFAB8B4DAEAADA634AAA26D6E5FFDF8C0476FF5CA31606C870A1B933FB36",
"9AFC65EEB24E46C7B75712EF29A981CB09FAC56E2B81D3ED024748CCAB1CB77E"
}, {
"NIST P-256", 0,
"011529F0B26DE5E0EB2DA4BFB6C149C802CB52EE479DD666553286928A4005E990",
"0EBC63DB2104884456DC0AA81A3F4E99D93B7AE2CD4B1489655EA9BE6289CF9E"
}, {
"NIST P-256", 1,
"216EC5DE8CA989199D31F0DFCD381DCC9270A0785365EC3E34CA347C070A87BE",
"87A88897BA763509ECC1DBE28D9D37F6F4E70E3B99B1CD3C0B934D4190968A6D"
}, {
"NIST P-256", 1,
"7ABAA44ACBC6016FDB52A6F45F6178E65CBFC35F9920D99149CA9999612CE945",
"88F7684BDCDA31EAFB6CAD859F8AB29B5D921D7DB2B34DF7E40CE36235F45B63"
}, {
"NIST P-256", 0,
"E765B4272D211DD0064189B55421FB76BB3A7756364A6CB1627FAED848157A84",
"C13171CFFB243E06B203F0996BBDD16F52292AD11F2DA81106E9C2FD87F4FA0F"
}, {
"NIST P-256", 0,
"EE4999DFC3A1871EE7A592BE26A09BEC9D9B561613EE9EFB6ED42F17985C9CDC",
"8399E967338A7A618336AF70DA67D9CAC1C19267809652F5C5183C8B129E0902"
}, {
"NIST P-256", 0,
"F755D0CF2642A2C7FBACCC8E9E442B8B047A99C6E052B2FA5AB0544B36B4D51C",
"AA080F17657B6565D9A4D94BD260B54D92FEE8DC4A78C4FC9C19209933AF39B0"
} , {
"NIST P-384", 0,
"CBFC7DBEBF15BEAD682549757F9BBA0E3F67669DF13FCE0EBE8024B725B38B00"
"83EC46A8F2FF3203C5C7F8C7E722A5EF",
"0548FE281BEAB18FD1AB86F59B0CA524479A4A81373C83B78AFFD801FAC75922"
"96470753DCF46173C9AA4A8A4C2FBE51"
}, {
"NIST P-384", 0,
"1DC8E054A883DB81EAEDE6C487B26816C927B8196780525A6CA8F675D2557752"
"02CE06CCBE705EA8A38AA2894D4BEEE6",
"010191050E867AFAA96A199FE9C591CF8B853D81486786DA889124881FB39D2F"
"8E0875F4C4BB1E3D0F8535C7A52306FB82"
}, {
"NIST P-384", 1,
"2539FC368CE1D5E464B6C0FBB12D557B712327DB086975255AD7D17F7E7E4F23"
"D719ED4116E2CC907AEB92CF22331A60",
"8843FDBA742CB64323E49CEBE8DD74908CFC9C3AA0015662DFBB7219E92CF32E"
"9FC63F61EF19DE9B3CEA98D163ABF254"
}, {
"NIST P-384", 0,
"0B786DACF400D43575394349EDD9F9CD145FC7EF737A3C5F69B253BE7639DB24"
"EC2F0CA62FF1F90B6515DE356EC2A404",
"225D6B2939CC7F7133F43353946A682C68DAC6BB75EE9CF6BD9A1609FA915692"
"72F4D3A87E88529754E109BB9B61B03B"
}, {
"NIST P-384", 0,
"76C660C9F58CF2051F9F8B06049694AB6FE418009DE6F0A0833BC690CEC06CC2"
"9A440AD51C94CF5BC28817C8C6E2D302",
"012974E5D9E55304ED294AB6C7A3C65B663E67ABC5E6F6C0F6498B519F2F6CA1"
"8306976291F3ADC0B5ABA42DED376EA9A5"
}, {
"NIST P-384", 0,
"23D758B1EDB8E12E9E707C53C131A19D9464B20EE05C99766F5ABDF9F906AD03"
"B958BF28B022E54E320672C4BAD4EEC0",
"01E9E72870C88F4C82A5AB3CC8A3398E8F006BF3EC05FFBB1EFF8AEE88020FEA"
"9E558E9F58ED1D324C9DCBCB4E8F2A5970"
}, {
"NIST P-384", 0,
"D062B96D5A10F715ACF361F99262ABF0F7693A8BB60ECB1DF459CF95750E4293"
"18BCB9FC60499D009F949298F3F9F47B",
"9089C6328E4B39A73D7EE6FAE1A77E48CE354B83BBCE432082C32C8FD6784B86"
"CFE9C552E2E720F5DA5806503D3784CD"
}, {
"NIST P-384", 0,
"2A951D4D6EB35C43D94866280D37365B82441BC84D62CBFF3365CAB1FD0A3E20"
"823CA8F84D2BBF4EA687885437DE7839",
"01CC7D762AFE613F7B5568BC516568A421159C40599E8D52DE10E8F9488931E1"
"69F3656C322DE45C4A70DC6DB9A661E599"
}, {
"NIST P-384", 1,
"A4BAEE6CDAF3AEB69032B3FBA811707C54F5753670DA5173D891547E8CBAEEF3"
"89B92C9A55573A596123415FBFA26991",
"3241EA716583C11C71BB30AF6C5E3A6637956F17ADBBE641BAB52E8539F9FC7B"
"F3B04F46DBFFE08151E0F0950CC70081"
}, {
"NIST P-384", 0,
"5C0E18B0DE3261BCBCFC7B702C2D75CF481336BFBADF420BADC616235C1966AB"
"4C0F876575DDEC1BDB3F3F04061C9AE4",
"E90C78550D1C922F1D8161D8C9C0576E29BD09CA665376FA887D13FA8DF48352"
"D7BBEEFB803F6CC8FC7895E47F348D33"
}, {
"NIST P-384", 1,
"2015864CD50F0A1A50E6401F44191665C19E4AD4B4903EA9EB464E95D1070E36"
"F1D8325E45734D5A0FDD103F4DF6F83E",
"5FB3E9A5C59DD5C5262A8176CB7032A00AE33AED08485884A3E5D68D9EEB990B"
"F26E8D87EC175577E782AD51A6A12C02"
}, {
"NIST P-384", 1,
"56EBF5310EEF5A5D8D001F570A18625383ECD4882B3FC738A69874E7C9D8F89C"
"187BECA23369DFD6C15CC0DA0629958F",
"C1230B349FB662CB762563DB8F9FCB32D5CCA16120681C474D67D279CCA6F6DB"
"73DE6AA96140B5C457B7486E06D318CE"
}, {
"NIST P-521", 0,
"01E4D82EE5CD6DA37080252295EFA273BBBA6952012D0120EAF131E73F1E5024"
"36E3324624471040030E1C345D65490ECEE9B64E03B15B6C7EB69A39C618BAFEED70",
"03EE3A3C88A6933B7B16016BE4CC4E3BF5EA0625CB3DB2604CDCBBD02CABBC90"
"8904D9DB42998F6C5101D4D4318ACFC9643C9CD641F636D1810ED86F1840EA74F3C0"
}, {
"NIST P-521", 0,
"01F3DFCB5433387B6B2E3F74177F4F3D7300F05E1AD49DE112630E27B1C8A437"
"1E742CB020E0039B5477FC897D17332034F9660B3066764EFF5FB440EB8856E782E3",
"02D337616C9D202DC5E290C486F5855CBD6A8470AE62CA96245834CF49257D8D"
"96D4041B15007650DEE668C00DDBF749054256C571F60980AC74D0DBCA7FB96C2F48"
}, {
"NIST P-521", 1,
"822A846606DC9E96452CAC373567A8B57D9ACA15B177F75DD7EF10C635F52CE4"
"EF6ABEEDB90D3F48F50A0C9015A95C955A25C45DE8413DE3BF899B6B1E62CF7CB8",
"0102771B5F3EC8C36838CEC04DCBC28AD1E38C37DAB0EA89B5EE92D21F7A35CE"
"ABC8B155EDC70154D6DFA2E77EC1D8C4A3406A6BD0ECF8F1EE2AC33A02464CB70C97"
}, {
"NIST P-521", 0,
"F733D48467912D1FFE46CF442F27FDD218D190E7B8A829D822DA3B6BAF9B987E"
"5B4BCCE34499248F59EEAF74F63ED15FF73F243C6FC3FD5E5842F6A3BA34C2022D",
"0281AAAD1B7EEBABEB6EC67932CB7E95717AFA3B4CF7A2DB151CD537C419C3A5"
"156ED9160758190B47696CDC15E81BBAD12975283907A571604DB23F702AEA4B38FF"
}, {
"NIST P-521", 0,
"03B1B274175AAEB5907152E5114CCAEADA28A7ADD4A2B1831C3D8302E8596489"
"E2C98B9B8D0CAE98C03BB11E28CE66D4736449758AF58BAFE40EF5A5FA22C9A43117",
"94C5951F81D544E959EDFC5DC1D5F42FE427871D4FB91A43A0B4A6BEA6B35B9E"
"BC5FB444C70BE4FD47B4ED16704F8C86EF019FC47C7FF2271F8B0DDEA9E2D3BCDD"
}, {
"NIST P-521", 1,
"F2248C318055DE37CD706D4FCAF7E7D96737A4A7B6B8067A66DCD58B6B8DFC55"
"90ECE67F6AA67F9C51B57E7B023075F2F42909BF47361CB6881C10F55FB7215B56",
"0162F735CE6A2ADA54CAF96A12D6888C02DE0A74638CF34CE39DABBACA4D651B"
"7E6ED1A65B551B36BAE7BE474BB6E6905ED0E33C7BA2021885027C7C6E40C5613004"
}, {
"NIST P-521", 0,
"9F08E97FEADCF0A391CA1EA4D97B5FE62D3B164593E12027EB967BD6E1FA841A"
"9831158DF164BCAD0BF3ADA96127745E25F349BDDD52EEA1654892B35960C9C023",
"AE2A25F5440F258AFACA6925C4C9F7AEAD3CB67153C4FACB31AC33F58B43A78C"
"B14F682FF726CEE2A6B6F6B481AEEB29A9B3150F02D1CFB764672BA8294C477291"
}, {
"NIST P-521", 0,
"01047B52014748C904980716953206A93F0D01B34CA94A997407FA93FE304F86"
"17BB6E402B2BB8B434C2671ECE953ABE7BADB75713CD9DF950943A33A9A19ACCDABE",
"7433533F098037DEA616337986887D01C5CC8DEC3DC1FDB9CDF7287EF27CC125"
"54FCF3A5E212DF9DAD9F8A3A7173B23FC6E15930704F3AEE1B074BDDB0ED6823E4"
}, {
"NIST P-521", 0,
"01C2A9EBF51592FE6589F618EAADA1697D9B2EC7CE5D48C9E80FC597642B23F1"
"F0EBE953449762BD3F094F57791D9850AFE98BBDA9872BE399B7BDD617860076BB03",
"0B822E27692F63DB8E12C59BB3CCA172B9BBF613CAE5F9D1474186E45E8B26FF"
"962084E1C6BE74821EDBB60941A3B75516F603719563433383812BFEA89EC14B89"
}, {
"NIST P-521", 0,
"99390F342C3F0D46E80C5B65C61E8AA8ACA0B6D4E1352404586364A05D8398E9"
"2BC71A644E8663F0A9B87D0B3ACAEE32F2AB9B321317AD23059D045EBAB91C5D93",
"82FCF93AE4467EB57766F2B150E736636727E7282500CD482DA70D153D195F2B"
"DF9B96D689A0DC1BB9137B41557A33F202F1B71840544CBEFF03072E77E4BB6F0B"
}, {
"NIST P-521", 1,
"018E48E80594FF5496D8CC7DF8A19D6AA18805A4EF4490038AED6A1E9AA18056"
"D0244A97DCF6D132C6804E3F4F369922119544B4C057D783C848FB798B48730A382C",
"01AF510B4F5E1C40BC9C110216D35E7C6D7A2BEE52914FC98258676288449901"
"F27A07EE91DF2D5D79259712906C3E18A990CBF35BCAC41A952820CE2BA8D0220080"
}, {
"NIST P-521", 1,
"ADCEF3539B4BC831DC0AFD173137A4426152058AFBAE06A17FCB89F4DB6E48B5"
"335CB88F8E4DB475A1E390E5656072F06605BFB84CBF9795B7992ECA04A8E10CA1",
"01BCB985AFD6404B9EDA49B6190AAA346BF7D5909CA440C0F7E505C62FAC8635"
"31D3EB7B2AC4DD4F4404E4B12E9D6D3C596179587F3724B1EFFF684CFDB4B21826B9"
}
};
gpg_error_t err;
int tidx;
const char *lastcurve = NULL;
gcry_ctx_t ctx = NULL;
gcry_mpi_t qx = NULL;
gcry_mpi_t qy = NULL;
gcry_mpi_point_t Q;
int oncurve;
wherestr = "point_on_curve";
for (tidx=0; tidx < DIM (t); tidx++)
{
if (!t[tidx].curve)
{
if (!lastcurve || !ctx)
die ("invalid test vectors at idx %d\n", tidx);
}
else if (!ctx || !lastcurve || strcmp (t[tidx].curve, lastcurve))
{
lastcurve = t[tidx].curve;
gcry_ctx_release (ctx);
err = gcry_mpi_ec_new (&ctx, NULL, lastcurve);
if (err)
die ("error creating context for curve %s at idx %d: %s\n",
lastcurve, tidx, gpg_strerror (err));
info ("checking points on curve %s\n", lastcurve);
}
gcry_mpi_release (qx);
gcry_mpi_release (qy);
qx = hex2mpi (t[tidx].qx);
qy = hex2mpi (t[tidx].qy);
Q = gcry_mpi_point_set (NULL, qx, qy, GCRYMPI_CONST_ONE);
if (!Q)
die ("gcry_mpi_point_set(Q) failed at idx %d\n", tidx);
oncurve = gcry_mpi_ec_curve_point (Q, ctx);
if (t[tidx].oncurve && !oncurve)
{
fail ("point expected on curve but not identified as such (i=%d):\n",
tidx);
print_point (" Q", Q);
}
else if (!t[tidx].oncurve && oncurve)
{
fail ("point not expected on curve but identified as such (i=%d):\n",
tidx);
print_point (" Q", Q);
}
gcry_mpi_point_release (Q);
}
gcry_mpi_release (qx);
gcry_mpi_release (qy);
gcry_ctx_release (ctx);
}
int int
main (int argc, char **argv) main (int argc, char **argv)
{ {
@ -953,18 +1200,26 @@ main (int argc, char **argv)
if (!gcry_check_version (GCRYPT_VERSION)) if (!gcry_check_version (GCRYPT_VERSION))
die ("version mismatch\n"); die ("version mismatch\n");
gcry_control (GCRYCTL_DISABLE_SECMEM, 0); xgcry_control (GCRYCTL_DISABLE_SECMEM, 0);
gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); xgcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
if (debug) if (debug)
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0); xgcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0);
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); xgcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
set_get_point (); set_get_point ();
context_alloc (); context_alloc ();
context_param (); context_param ();
basic_ec_math (); basic_ec_math ();
point_on_curve ();
/* The tests are for P-192 and ed25519 which are not supported in
FIPS mode. */
if (!gcry_fips_mode_active())
{
basic_ec_math_simplified ();
twistededwards_math (); twistededwards_math ();
}
show ("All tests completed. Errors: %d\n", error_count); info ("All tests completed. Errors: %d\n", error_count);
return error_count ? 1 : 0; return error_count ? 1 : 0;
} }

Write Preview
Loading…
Cancel
Save