From 227ffdba6b919e18b03fed59b07e2c0212b40303 Mon Sep 17 00:00:00 2001

From: Ingo Franzki <ifranzki@linux.ibm.com>

Date: Thu, 2 Aug 2018 14:48:47 +0200

Subject: [PATCH 1/2] Fix bug with master key encryption with FIPS enabled

 libica

When running with a FIPS enabled libica, the ICA token fails to

initialize, because the 3DES key derived from the user or SO pin is

considered invalid because the first and the third part of the

3DES key is the same.

For clear key tokens, the token specific 3DES-CBC function is

used for the master key encryption. In case of the ICA token,

the ICA token specific 3DES-CBC function fails, because libica

rejects the key when compiled with FIPS support. This leads to

an error during token initialization.

Instead of using the token specific 3DES-CBC function, the code

now always falls back to the (OpenSSL) based software encryption

function, as it is also done for secure key tokens.

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>

---

 usr/lib/pkcs11/common/loadsave.c | 12 ++++++++----

 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/usr/lib/pkcs11/common/loadsave.c b/usr/lib/pkcs11/common/loadsave.c

index a593b932..a5532c9d 100644

--- a/usr/lib/pkcs11/common/loadsave.c

+++ b/usr/lib/pkcs11/common/loadsave.c

@@ -206,12 +206,14 @@ static CK_RV encrypt_data_with_clear_key(STDLL_TokData_t * tokdata,

 	/* If token doesn't have a specific key size that means that it uses a

 	 * clear key.

 	 */

-	if (token_specific.token_keysize == 0) {

+    if (token_specific.token_keysize == 0 &&

+        token_specific.data_store.encryption_algorithm != CKM_DES3_CBC) {

 		return encrypt_data(tokdata, key, keylen, iv, clear, clear_len,

 				    cipher, p_cipher_len);

 	}

-	/* Fall back to a software alternative if key is secure. */

+    /* Fall back to a software alternative if key is secure, or

+     * if token's data store encryption algorithm is 3DES_CBC */

 	initial_vector = duplicate_initial_vector(iv);

 	if (initial_vector == NULL) {

 		TRACE_ERROR("%s\n", ock_err(ERR_HOST_MEMORY));

@@ -322,12 +324,14 @@ static CK_RV decrypt_data_with_clear_key(STDLL_TokData_t *tokdata,

 	/* If token doesn't have a specific key size that means that it uses a

 	 * clear key.

 	 */

-	if (token_specific.token_keysize == 0) {

+    if (token_specific.token_keysize == 0 &&

+        token_specific.data_store.encryption_algorithm != CKM_DES3_CBC) {

 		return decrypt_data(tokdata, key, keylen, iv, cipher,

 				    cipher_len, clear, p_clear_len);

 	}

-	/* Fall back to a software alternative if key is secure. */

+    /* Fall back to a software alternative if key is secure, or

+     * if token's data store encryption algorithm is 3DES_CBC */

 	initial_vector = duplicate_initial_vector(iv);

 	if (initial_vector == NULL) {

 		TRACE_ERROR("%s\n", ock_err(ERR_HOST_MEMORY));

-- 

2.17.1

From 3e091d7ff34a56eac0b9a5e8eaf92e5a7cf11b7f Mon Sep 17 00:00:00 2001

From: Ingo Franzki <ifranzki@linux.ibm.com>

Date: Tue, 7 Aug 2018 14:45:05 +0200

Subject: [PATCH 2/2] TESTCASE: Disable 3DES test vectors with non-FIPS

 compliant keys

The 3DES test vectors contain keys that are considered invalid

by a FIPS enabled libica because the first, middle and/and third

part of the 3DES key are the same.

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>

---

 testcases/crypto/des3.h | 9 +++++++++

 1 file changed, 9 insertions(+)

diff --git a/testcases/crypto/des3.h b/testcases/crypto/des3.h

index e1bb1038..1860778e 100644

--- a/testcases/crypto/des3.h

+++ b/testcases/crypto/des3.h

@@ -850,7 +850,16 @@ static struct des3_test_vector des3_ofb64_tv[] = {

 	}

 };

+/*

+ * All above test vectors use keys that are not FIPS compliant.

+ * This will cause the testcase to fail when the token performs FIPS key

+ * checks.

+ */

+#ifdef NON_FIPS_COMPLIANT_TEST_VECTORS

 # define NUM_OF_PUBLISHED_TESTSUITES	5

+#else

+# define NUM_OF_PUBLISHED_TESTSUITES    0

+#endif

 struct published_test_suite_info published_test_suites[] = {

 	{

-- 

2.17.1