|
|
12cf54 |
From 227ffdba6b919e18b03fed59b07e2c0212b40303 Mon Sep 17 00:00:00 2001
|
|
|
12cf54 |
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
|
12cf54 |
Date: Thu, 2 Aug 2018 14:48:47 +0200
|
|
|
12cf54 |
Subject: [PATCH 1/2] Fix bug with master key encryption with FIPS enabled
|
|
|
12cf54 |
libica
|
|
|
12cf54 |
|
|
|
12cf54 |
When running with a FIPS enabled libica, the ICA token fails to
|
|
|
12cf54 |
initialize, because the 3DES key derived from the user or SO pin is
|
|
|
12cf54 |
considered invalid because the first and the third part of the
|
|
|
12cf54 |
3DES key is the same.
|
|
|
12cf54 |
|
|
|
12cf54 |
For clear key tokens, the token specific 3DES-CBC function is
|
|
|
12cf54 |
used for the master key encryption. In case of the ICA token,
|
|
|
12cf54 |
the ICA token specific 3DES-CBC function fails, because libica
|
|
|
12cf54 |
rejects the key when compiled with FIPS support. This leads to
|
|
|
12cf54 |
an error during token initialization.
|
|
|
12cf54 |
|
|
|
12cf54 |
Instead of using the token specific 3DES-CBC function, the code
|
|
|
12cf54 |
now always falls back to the (OpenSSL) based software encryption
|
|
|
12cf54 |
function, as it is also done for secure key tokens.
|
|
|
12cf54 |
|
|
|
12cf54 |
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
|
12cf54 |
---
|
|
|
12cf54 |
usr/lib/pkcs11/common/loadsave.c | 12 ++++++++----
|
|
|
12cf54 |
1 file changed, 8 insertions(+), 4 deletions(-)
|
|
|
12cf54 |
|
|
|
12cf54 |
diff --git a/usr/lib/pkcs11/common/loadsave.c b/usr/lib/pkcs11/common/loadsave.c
|
|
|
12cf54 |
index a593b932..a5532c9d 100644
|
|
|
12cf54 |
--- a/usr/lib/pkcs11/common/loadsave.c
|
|
|
12cf54 |
+++ b/usr/lib/pkcs11/common/loadsave.c
|
|
|
12cf54 |
@@ -206,12 +206,14 @@ static CK_RV encrypt_data_with_clear_key(STDLL_TokData_t * tokdata,
|
|
|
12cf54 |
/* If token doesn't have a specific key size that means that it uses a
|
|
|
12cf54 |
* clear key.
|
|
|
12cf54 |
*/
|
|
|
12cf54 |
- if (token_specific.token_keysize == 0) {
|
|
|
12cf54 |
+ if (token_specific.token_keysize == 0 &&
|
|
|
12cf54 |
+ token_specific.data_store.encryption_algorithm != CKM_DES3_CBC) {
|
|
|
12cf54 |
return encrypt_data(tokdata, key, keylen, iv, clear, clear_len,
|
|
|
12cf54 |
cipher, p_cipher_len);
|
|
|
12cf54 |
}
|
|
|
12cf54 |
|
|
|
12cf54 |
- /* Fall back to a software alternative if key is secure. */
|
|
|
12cf54 |
+ /* Fall back to a software alternative if key is secure, or
|
|
|
12cf54 |
+ * if token's data store encryption algorithm is 3DES_CBC */
|
|
|
12cf54 |
initial_vector = duplicate_initial_vector(iv);
|
|
|
12cf54 |
if (initial_vector == NULL) {
|
|
|
12cf54 |
TRACE_ERROR("%s\n", ock_err(ERR_HOST_MEMORY));
|
|
|
12cf54 |
@@ -322,12 +324,14 @@ static CK_RV decrypt_data_with_clear_key(STDLL_TokData_t *tokdata,
|
|
|
12cf54 |
/* If token doesn't have a specific key size that means that it uses a
|
|
|
12cf54 |
* clear key.
|
|
|
12cf54 |
*/
|
|
|
12cf54 |
- if (token_specific.token_keysize == 0) {
|
|
|
12cf54 |
+ if (token_specific.token_keysize == 0 &&
|
|
|
12cf54 |
+ token_specific.data_store.encryption_algorithm != CKM_DES3_CBC) {
|
|
|
12cf54 |
return decrypt_data(tokdata, key, keylen, iv, cipher,
|
|
|
12cf54 |
cipher_len, clear, p_clear_len);
|
|
|
12cf54 |
}
|
|
|
12cf54 |
|
|
|
12cf54 |
- /* Fall back to a software alternative if key is secure. */
|
|
|
12cf54 |
+ /* Fall back to a software alternative if key is secure, or
|
|
|
12cf54 |
+ * if token's data store encryption algorithm is 3DES_CBC */
|
|
|
12cf54 |
initial_vector = duplicate_initial_vector(iv);
|
|
|
12cf54 |
if (initial_vector == NULL) {
|
|
|
12cf54 |
TRACE_ERROR("%s\n", ock_err(ERR_HOST_MEMORY));
|
|
|
12cf54 |
--
|
|
|
12cf54 |
2.17.1
|
|
|
12cf54 |
|
|
|
12cf54 |
|
|
|
12cf54 |
From 3e091d7ff34a56eac0b9a5e8eaf92e5a7cf11b7f Mon Sep 17 00:00:00 2001
|
|
|
12cf54 |
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
|
12cf54 |
Date: Tue, 7 Aug 2018 14:45:05 +0200
|
|
|
12cf54 |
Subject: [PATCH 2/2] TESTCASE: Disable 3DES test vectors with non-FIPS
|
|
|
12cf54 |
compliant keys
|
|
|
12cf54 |
|
|
|
12cf54 |
The 3DES test vectors contain keys that are considered invalid
|
|
|
12cf54 |
by a FIPS enabled libica because the first, middle and/and third
|
|
|
12cf54 |
part of the 3DES key are the same.
|
|
|
12cf54 |
|
|
|
12cf54 |
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
|
12cf54 |
---
|
|
|
12cf54 |
testcases/crypto/des3.h | 9 +++++++++
|
|
|
12cf54 |
1 file changed, 9 insertions(+)
|
|
|
12cf54 |
|
|
|
12cf54 |
diff --git a/testcases/crypto/des3.h b/testcases/crypto/des3.h
|
|
|
12cf54 |
index e1bb1038..1860778e 100644
|
|
|
12cf54 |
--- a/testcases/crypto/des3.h
|
|
|
12cf54 |
+++ b/testcases/crypto/des3.h
|
|
|
12cf54 |
@@ -850,7 +850,16 @@ static struct des3_test_vector des3_ofb64_tv[] = {
|
|
|
12cf54 |
}
|
|
|
12cf54 |
};
|
|
|
12cf54 |
|
|
|
12cf54 |
+/*
|
|
|
12cf54 |
+ * All above test vectors use keys that are not FIPS compliant.
|
|
|
12cf54 |
+ * This will cause the testcase to fail when the token performs FIPS key
|
|
|
12cf54 |
+ * checks.
|
|
|
12cf54 |
+ */
|
|
|
12cf54 |
+#ifdef NON_FIPS_COMPLIANT_TEST_VECTORS
|
|
|
12cf54 |
# define NUM_OF_PUBLISHED_TESTSUITES 5
|
|
|
12cf54 |
+#else
|
|
|
12cf54 |
+# define NUM_OF_PUBLISHED_TESTSUITES 0
|
|
|
12cf54 |
+#endif
|
|
|
12cf54 |
|
|
|
12cf54 |
struct published_test_suite_info published_test_suites[] = {
|
|
|
12cf54 |
{
|
|
|
12cf54 |
--
|
|
|
12cf54 |
2.17.1
|
|
|
12cf54 |
|