diff options
| author | Daiki Ueno <dueno@redhat.com> | 2019-08-07 15:55:44 +0200 |
|---|---|---|
| committer | Daiki Ueno <dueno@redhat.com> | 2019-08-08 13:17:00 +0200 |
| commit | 3beaa23ef5852e2d8aaa610aac9cde9b46be4f77 (patch) | |
| tree | a228e4920bde35f5a6f6f7b642d32e6fa75457e4 | |
| parent | 1adee9e136176a8fe26bae036ebb275fe4c26f64 (diff) | |
| download | gnutls-tmp-deterministic-ecdsa.tar.gz | |
nettle: prohibit deterministic ECDSA/DSA under FIPS except selfteststmp-deterministic-ecdsa
Signed-off-by: Daiki Ueno <dueno@redhat.com>
| -rw-r--r-- | lib/nettle/pk.c | 8 | ||||
| -rw-r--r-- | tests/sign-verify-deterministic.c | 27 |
2 files changed, 28 insertions, 7 deletions
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index 1f8e7f931f..b2d27cf74a 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -703,6 +703,14 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE); } + /* deterministic ECDSA/DSA is prohibited under FIPS except in + * the selftests */ + if (_gnutls_fips_mode_enabled() && + _gnutls_get_lib_state() != LIB_STATE_SELFTEST && + (algo == GNUTLS_PK_DSA || algo == GNUTLS_PK_ECDSA) && + (sign_params->flags & GNUTLS_PK_FLAG_REPRODUCIBLE)) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + switch (algo) { case GNUTLS_PK_EDDSA_ED25519: /* we do EdDSA */ { diff --git a/tests/sign-verify-deterministic.c b/tests/sign-verify-deterministic.c index fe4873fc89..6e907288ee 100644 --- a/tests/sign-verify-deterministic.c +++ b/tests/sign-verify-deterministic.c @@ -154,29 +154,40 @@ void doit(void) gnutls_global_set_log_level(6); for (i = 0; i < sizeof(tests) / sizeof(tests[0]); i++) { - success("testing: %s - %s\n", tests[i].name, gnutls_sign_algorithm_get_name(tests[i].sigalgo)); + success("testing: %s - %s", tests[i].name, gnutls_sign_algorithm_get_name(tests[i].sigalgo)); + + ret = gnutls_pubkey_init(&pubkey); + if (ret < 0) + testfail("gnutls_pubkey_init\n"); ret = gnutls_privkey_init(&privkey); if (ret < 0) testfail("gnutls_privkey_init\n"); + signature.data = NULL; + signature.size = 0; + ret = gnutls_privkey_import_x509_raw(privkey, &tests[i].key, GNUTLS_X509_FMT_PEM, NULL, 0); if (ret < 0) testfail("gnutls_privkey_import_x509_raw\n"); ret = gnutls_privkey_sign_data(privkey, tests[i].digest, tests[i].sign_flags, &tests[i].msg, &signature); - if (ret < 0) - testfail("gnutls_privkey_sign_data\n"); + if (gnutls_fips140_mode_enabled()) { + /* deterministic ECDSA/DSA is prohibited under FIPS */ + if (ret != GNUTLS_E_INVALID_REQUEST) + testfail("gnutls_privkey_sign_data unexpectedly succeeds\n"); + success(" - skipping\n"); + goto next; + } else { + if (ret < 0) + testfail("gnutls_privkey_sign_data\n"); + } if (signature.size != tests[i].sig.size || memcmp(signature.data, tests[i].sig.data, signature.size) != 0) testfail("signature does not match"); - ret = gnutls_pubkey_init(&pubkey); - if (ret < 0) - testfail("gnutls_pubkey_init\n"); - ret = gnutls_pubkey_import_privkey(pubkey, privkey, 0, 0); if (ret < 0) testfail("gnutls_pubkey_import_privkey\n"); @@ -186,7 +197,9 @@ void doit(void) &signature); if (ret < 0) testfail("gnutls_pubkey_verify_data2\n"); + success(" - pass"); + next: gnutls_free(signature.data); gnutls_privkey_deinit(privkey); gnutls_pubkey_deinit(pubkey); |