Blame SOURCES/libgcrypt-1.8.5-kdf-selftest.patch

4bbd51
diff -up libgcrypt-1.8.5/cipher/kdf.c.kdf-selftest libgcrypt-1.8.5/cipher/kdf.c
4bbd51
--- libgcrypt-1.8.5/cipher/kdf.c.kdf-selftest	2017-11-23 19:16:58.000000000 +0100
4bbd51
+++ libgcrypt-1.8.5/cipher/kdf.c	2020-06-15 18:14:26.494995669 +0200
4bbd51
@@ -305,3 +305,99 @@ _gcry_kdf_derive (const void *passphrase
4bbd51
  leave:
4bbd51
   return ec;
4bbd51
 }
4bbd51
+
4bbd51
+
4bbd51
+/* PBKDF2 selftests.
4bbd51
+ * Copyright (C) 2008 Free Software Foundation, Inc.
4bbd51
+ * Copyright (C) 2019, 2020 Red Hat, Inc.
4bbd51
+ */
4bbd51
+
4bbd51
+/* Check one PBKDF2 call with HASH ALGO using the regular KDF
4bbd51
+ * API. (passphrase,passphraselen) is the password to be derived,
4bbd51
+ * (salt,saltlen) the salt for the key derivation,
4bbd51
+ * iterations is the number of the kdf iterations,
4bbd51
+ * and (expect,expectlen) the expected result. Returns NULL on
4bbd51
+ * success or a string describing the failure.  */
4bbd51
+
4bbd51
+static const char *
4bbd51
+check_one (int algo,
4bbd51
+           const void *passphrase, size_t passphraselen,
4bbd51
+           const void *salt, size_t saltlen,
4bbd51
+           unsigned long iterations,
4bbd51
+           const void *expect, size_t expectlen)
4bbd51
+{
4bbd51
+  unsigned char key[512]; /* hardcoded to avoid allocation */
4bbd51
+  size_t keysize = expectlen;
4bbd51
+
4bbd51
+  if (keysize > sizeof(key))
4bbd51
+    return "invalid tests data";
4bbd51
+
4bbd51
+  if (_gcry_kdf_derive (passphrase, passphraselen, GCRY_KDF_PBKDF2,
4bbd51
+                        algo, salt, saltlen, iterations,
4bbd51
+                         keysize, key))
4bbd51
+    return "gcry_kdf_derive failed";
4bbd51
+
4bbd51
+  if (memcmp (key, expect, expectlen))
4bbd51
+    return "does not match";
4bbd51
+
4bbd51
+  return NULL;
4bbd51
+}
4bbd51
+
4bbd51
+static gpg_err_code_t
4bbd51
+run_pbkdf2_selftest (int extended, selftest_report_func_t report)
4bbd51
+{
4bbd51
+  const char *what;
4bbd51
+  const char *errtxt;
4bbd51
+
4bbd51
+  what = "Basic PBKDF2 SHA256";
4bbd51
+  errtxt = check_one (GCRY_MD_SHA256,
4bbd51
+        "password", 8,
4bbd51
+        "salt", 4,
4bbd51
+        2,
4bbd51
+        "\xae\x4d\x0c\x95\xaf\x6b\x46\xd3\x2d\x0a\xdf\xf9\x28\xf0\x6d\xd0"
4bbd51
+        "\x2a\x30\x3f\x8e\xf3\xc2\x51\xdf\xd6\xe2\xd8\x5a\x95\x47\x4c\x43", 32);
4bbd51
+  if (errtxt)
4bbd51
+    goto failed;
4bbd51
+
4bbd51
+  if (extended)
4bbd51
+    {
4bbd51
+      what = "Extended PBKDF2 SHA256";
4bbd51
+      errtxt = check_one (GCRY_MD_SHA256,
4bbd51
+        "passwordPASSWORDpassword", 24,
4bbd51
+        "saltSALTsaltSALTsaltSALTsaltSALTsalt", 36,
4bbd51
+        4096,
4bbd51
+        "\x34\x8c\x89\xdb\xcb\xd3\x2b\x2f\x32\xd8\x14\xb8\x11\x6e\x84\xcf"
4bbd51
+        "\x2b\x17\x34\x7e\xbc\x18\x00\x18\x1c\x4e\x2a\x1f\xb8\xdd\x53\xe1"
4bbd51
+        "\xc6\x35\x51\x8c\x7d\xac\x47\xe9", 40);
4bbd51
+      if (errtxt)
4bbd51
+        goto failed;
4bbd51
+    }
4bbd51
+
4bbd51
+  return 0; /* Succeeded. */
4bbd51
+
4bbd51
+ failed:
4bbd51
+  if (report)
4bbd51
+    report ("kdf", GCRY_KDF_PBKDF2, what, errtxt);
4bbd51
+  return GPG_ERR_SELFTEST_FAILED;
4bbd51
+}
4bbd51
+
4bbd51
+
4bbd51
+/* Run the selftests for KDF with KDF algorithm ALGO with optional
4bbd51
+   reporting function REPORT.  */
4bbd51
+gpg_error_t
4bbd51
+_gcry_kdf_selftest (int algo, int extended, selftest_report_func_t report)
4bbd51
+{
4bbd51
+  gcry_err_code_t ec = 0;
4bbd51
+
4bbd51
+  if (algo == GCRY_KDF_PBKDF2)
4bbd51
+    {
4bbd51
+      ec = run_pbkdf2_selftest (extended, report);
4bbd51
+    }
4bbd51
+  else
4bbd51
+    {
4bbd51
+      ec = GPG_ERR_UNSUPPORTED_ALGORITHM;
4bbd51
+      if (report)
4bbd51
+        report ("kdf", algo, "module", "algorithm not available");
4bbd51
+    }
4bbd51
+  return gpg_error (ec);
4bbd51
+}
4bbd51
diff -up libgcrypt-1.8.5/src/cipher-proto.h.kdf-selftest libgcrypt-1.8.5/src/cipher-proto.h
4bbd51
--- libgcrypt-1.8.5/src/cipher-proto.h.kdf-selftest	2020-06-15 18:03:25.785353036 +0200
4bbd51
+++ libgcrypt-1.8.5/src/cipher-proto.h	2020-06-15 18:03:25.788353061 +0200
4bbd51
@@ -259,6 +259,8 @@ gcry_error_t _gcry_hmac_selftest (int al
4bbd51
                                   selftest_report_func_t report);
4bbd51
 gcry_error_t _gcry_cmac_selftest (int algo, int extended,
4bbd51
                                   selftest_report_func_t report);
4bbd51
+gcry_error_t _gcry_kdf_selftest (int algo, int extended,
4bbd51
+                                  selftest_report_func_t report);
4bbd51
 
4bbd51
 gcry_error_t _gcry_random_selftest (selftest_report_func_t report);
4bbd51
 
4bbd51
diff -up libgcrypt-1.8.5/src/fips.c.kdf-selftest libgcrypt-1.8.5/src/fips.c
4bbd51
--- libgcrypt-1.8.5/src/fips.c.kdf-selftest	2020-06-15 18:03:25.777352968 +0200
4bbd51
+++ libgcrypt-1.8.5/src/fips.c	2020-06-15 18:08:40.651028096 +0200
4bbd51
@@ -490,6 +490,29 @@ run_mac_selftests (int extended)
4bbd51
   return anyerr;
4bbd51
 }
4bbd51
 
4bbd51
+/* Run self-tests for all KDF algorithms.  Return 0 on success. */
4bbd51
+static int
4bbd51
+run_kdf_selftests (int extended)
4bbd51
+{
4bbd51
+  static int algos[] =
4bbd51
+    {
4bbd51
+      GCRY_KDF_PBKDF2,
4bbd51
+      0
4bbd51
+    };
4bbd51
+  int idx;
4bbd51
+  gpg_error_t err;
4bbd51
+  int anyerr = 0;
4bbd51
+
4bbd51
+  for (idx=0; algos[idx]; idx++)
4bbd51
+    {
4bbd51
+      err = _gcry_kdf_selftest (algos[idx], extended, reporter);
4bbd51
+      reporter ("kdf", algos[idx], NULL, err? gpg_strerror (err):NULL);
4bbd51
+      if (err)
4bbd51
+        anyerr = 1;
4bbd51
+    }
4bbd51
+  return anyerr;
4bbd51
+}
4bbd51
+
4bbd51
 
4bbd51
 /* Run self-tests for all required public key algorithms.  Return 0 on
4bbd51
    success. */
4bbd51
@@ -673,6 +696,9 @@ _gcry_fips_run_selftests (int extended)
4bbd51
   if (run_mac_selftests (extended))
4bbd51
     goto leave;
4bbd51
 
4bbd51
+  if (run_kdf_selftests (extended))
4bbd51
+    goto leave;
4bbd51
+
4bbd51
   /* Run random tests before the pubkey tests because the latter
4bbd51
      require random.  */
4bbd51
   if (run_random_selftests ())