From 34d8fc576b3a06dd205f45327a971eb6771e808c Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Wed, 17 Aug 2022 09:01:44 +0200 Subject: [PATCH 1/2] Disable RSA-OAEP padding in FIPS mode * cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi): Block OAEP padding in FIPS mode for encryption * cipher/rsa.c (rsa_decrypt): Block OAEP padding in FIPS mode for decryption --- Signed-off-by: Jakub Jelen --- cipher/pubkey-util.c | 5 ++++- cipher/rsa.c | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c index 4953caf3..244dd5d4 100644 --- a/cipher/pubkey-util.c +++ b/cipher/pubkey-util.c @@ -1092,7 +1092,10 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, const void * value; size_t valuelen; - if ( !(value=sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen ) + /* The RSA OAEP encryption requires some more assurances in FIPS */ + if (fips_mode ()) + rc = GPG_ERR_INV_FLAG; + else if ( !(value=sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen ) rc = GPG_ERR_INV_OBJ; else { diff --git a/cipher/rsa.c b/cipher/rsa.c index 96dba090..87f57b55 100644 --- a/cipher/rsa.c +++ b/cipher/rsa.c @@ -1457,7 +1457,8 @@ rsa_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) rc = GPG_ERR_INV_DATA; goto leave; } - if (fips_mode () && (ctx.encoding == PUBKEY_ENC_PKCS1)) + if (fips_mode () && (ctx.encoding == PUBKEY_ENC_PKCS1 || + ctx.encoding == PUBKEY_ENC_OAEP)) { rc = GPG_ERR_INV_FLAG; goto leave; -- 2.37.1 From c6d64e697c2748a49e875060aa753fc568c5f772 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Wed, 17 Aug 2022 10:31:19 +0200 Subject: [PATCH 2/2] tests: Expect the OEAP tests to fail in FIPS mode * tests/basic.c (check_pubkey_crypt): Expect the OAEP padding encryption to fail in FIPS mode * tests/pkcs1v2.c (check_oaep): Expect the OAEP tests to fail in FIPS mode --- Signed-off-by: Jakub Jelen --- tests/basic.c | 14 +++++++++----- tests/pkcs1v2.c | 13 +++++++++++++ 2 files changed, 22 insertions(+), 5 deletions(-) diff --git a/tests/basic.c b/tests/basic.c index 26980e15..b4102c9f 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -16892,21 +16892,24 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo, "(flags oaep)", 1, 0, - 0 }, + 0, + FLAG_NOFIPS }, { GCRY_PK_RSA, "(data\n (flags oaep)\n (hash-algo sha1)\n" " (value #11223344556677889900AA#))\n", "(flags oaep)(hash-algo sha1)", 1, 0, - 0 }, + 0, + FLAG_NOFIPS }, { GCRY_PK_RSA, "(data\n (flags oaep)\n (hash-algo sha1)\n (label \"test\")\n" " (value #11223344556677889900AA#))\n", "(flags oaep)(hash-algo sha1)(label \"test\")", 1, 0, - 0 }, + 0, + FLAG_NOFIPS }, { GCRY_PK_RSA, "(data\n (flags oaep)\n (hash-algo sha1)\n (label \"test\")\n" " (value #11223344556677889900AA#)\n" @@ -16914,7 +16917,8 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo, "(flags oaep)(hash-algo sha1)(label \"test\")", 1, 0, - 0 }, + 0, + FLAG_NOFIPS }, { 0, "(data\n (flags )\n" " (value #11223344556677889900AA#))\n", NULL, @@ -16960,7 +16964,7 @@ check_pubkey_crypt (int n, gcry_sexp_t skey, gcry_sexp_t pkey, int algo, "(flags pkcs1)", 1, 0, - GPG_ERR_ENCODING_PROBLEM, FLAG_SPECIAL }, + GPG_ERR_ENCODING_PROBLEM, FLAG_SPECIAL | FLAG_NOFIPS }, { 0, "(data\n (flags pss)\n" " (value #11223344556677889900AA#))\n", diff --git a/tests/pkcs1v2.c b/tests/pkcs1v2.c index 6c7f3d81..2fd495d5 100644 --- a/tests/pkcs1v2.c +++ b/tests/pkcs1v2.c @@ -186,11 +186,24 @@ check_oaep (void) err = gcry_pk_encrypt (&ciph, plain, pub_key); if (err) { + if (in_fips_mode) + { + gcry_sexp_release (plain); + plain = NULL; + continue; + } show_sexp ("plain:\n", ciph); fail ("gcry_pk_encrypt failed: %s\n", gpg_strerror (err)); } else { + if (in_fips_mode) + { + fail ("The OAEP encryption unexpectedly worked in FIPS mode\n"); + gcry_sexp_release (plain); + plain = NULL; + continue; + } if (extract_cmp_data (ciph, "a", tbl[tno].m[mno].encr, tbl[tno].m[mno].desc)) { -- 2.37.1