From f53a4db4e79b06c173ad8484887d7d1535433c98 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Thu, 6 May 2021 10:07:11 -0700 Subject: [PATCH] Unwind a few changes adding guards so it'll build with old FIPS. --- IDE/WIN10/user_settings.h | 2 ++ configure.ac | 2 +- src/internal.c | 34 +++++++++++++++++++-- src/tls.c | 53 +++++++++++++++++++++++++++++++-- wolfcrypt/benchmark/benchmark.c | 19 ++++++++++++ wolfcrypt/test/test.c | 30 +++++++++++++++++-- 6 files changed, 132 insertions(+), 8 deletions(-) diff --git a/IDE/WIN10/user_settings.h b/IDE/WIN10/user_settings.h index 90fc64089..e543b0818 100644 --- a/IDE/WIN10/user_settings.h +++ b/IDE/WIN10/user_settings.h @@ -53,6 +53,7 @@ #define WOLFSSL_VALIDATE_ECC_IMPORT #define WOLFSSL_VALIDATE_FFC_IMPORT #define HAVE_FFDHE_Q + #define HAVE_PUBLIC_FFDHE #define WOLFSSL_AESNI #define HAVE_INTEL_RDSEED #define FORCE_FAILURE_RDSEED @@ -61,6 +62,7 @@ #undef WOLFSSL_AESNI /* Comment out if using PAA */ #undef HAVE_INTEL_RDSEED #undef FORCE_FAILURE_RDSEED + #undef HAVE_PUBLIC_FFDHE #define NO_DES #define NO_DES3 diff --git a/configure.ac b/configure.ac index 11e09d927..be116a772 100644 --- a/configure.ac +++ b/configure.ac @@ -3414,7 +3414,7 @@ AS_CASE([$FIPS_VERSION], [ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"]) ], ["v2"],[ # Cert 3389 - AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q" + AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q -DHAVE_PUBLIC_FFDHE" ENABLED_KEYGEN="yes" ENABLED_SHA224="yes" ENABLED_DES3="yes" diff --git a/src/internal.c b/src/internal.c index 6a7193d22..0877eb423 100644 --- a/src/internal.c +++ b/src/internal.c @@ -23401,6 +23401,9 @@ static int GetDhPublicKey(WOLFSSL* ssl, const byte* input, word32 size, int ret = 0; word16 length; #ifdef HAVE_FFDHE +#ifdef HAVE_PUBLIC_FFDHE + const DhParams* params = NULL; +#endif word16 group = 0; #endif @@ -23566,26 +23569,41 @@ static int GetDhPublicKey(WOLFSSL* ssl, const byte* input, word32 size, switch (ssl->options.dhKeySz) { #ifdef HAVE_FFDHE_2048 case 2048/8: + #ifdef HAVE_PUBLIC_FFDHE + params = wc_Dh_ffdhe2048_Get(); + #endif group = WOLFSSL_FFDHE_2048; break; #endif #ifdef HAVE_FFDHE_3072 case 3072/8: + #ifdef HAVE_PUBLIC_FFDHE + params = wc_Dh_ffdhe3072_Get(); + #endif group = WOLFSSL_FFDHE_3072; break; #endif #ifdef HAVE_FFDHE_4096 case 4096/8: + #ifdef HAVE_PUBLIC_FFDHE + params = wc_Dh_ffdhe4096_Get(); + #endif group = WOLFSSL_FFDHE_4096; break; #endif #ifdef HAVE_FFDHE_6144 case 6144/8: + #ifdef HAVE_PUBLIC_FFDHE + params = wc_Dh_ffdhe6144_Get(); + #endif group = WOLFSSL_FFDHE_6144; break; #endif #ifdef HAVE_FFDHE_8192 case 8192/8: + #ifdef HAVE_PUBLIC_FFDHE + params = wc_Dh_ffdhe8192_Get(); + #endif group = WOLFSSL_FFDHE_8192; break; #endif @@ -23593,10 +23611,20 @@ static int GetDhPublicKey(WOLFSSL* ssl, const byte* input, word32 size, break; } + +#ifdef HAVE_PUBLIC_FFDHE + if (params == NULL || params->g_len != ssl->buffers.serverDH_G.length || + (XMEMCMP(ssl->buffers.serverDH_G.buffer, params->g, + params->g_len) != 0) || + (XMEMCMP(ssl->buffers.serverDH_P.buffer, params->p, + params->p_len) != 0)) +#else if (!wc_DhCmpNamedKey(group, 1, ssl->buffers.serverDH_P.buffer, ssl->buffers.serverDH_P.length, ssl->buffers.serverDH_G.buffer, ssl->buffers.serverDH_G.length, - NULL, 0)) { + NULL, 0)) +#endif + { WOLFSSL_MSG("Server not using FFDHE parameters"); #ifdef WOLFSSL_REQUIRE_FFDHE SendAlert(ssl, alert_fatal, handshake_failure); @@ -24970,7 +24998,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) goto exit_scke; } -#ifdef HAVE_FFDHE +#if defined(HAVE_FFDHE) && !defined(HAVE_PUBLIC_FFDHE) if (ssl->namedGroup) { ret = wc_DhSetNamedKey(ssl->buffers.serverDH_Key, ssl->namedGroup); @@ -26876,7 +26904,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, !defined(WOLFSSL_NO_TLS12)) case diffie_hellman_kea: #endif -#if defined(WOLFSSL_TLS13) || defined(HAVE_FFDHE) +#if (defined(WOLFSSL_TLS13) || defined(HAVE_FFDHE)) && !defined(HAVE_PUBLIC_FFDHE) if (ssl->namedGroup) { word32 pSz = 0; diff --git a/src/tls.c b/src/tls.c index 9246f4fb9..f7b0fbadd 100644 --- a/src/tls.c +++ b/src/tls.c @@ -4171,7 +4171,11 @@ int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl) SupportedCurve* serverGroup; SupportedCurve* clientGroup; SupportedCurve* group; +#ifdef HAVE_PUBLIC_FFDHE + const DhParams* params = NULL; +#else word32 p_len; +#endif int found = 0; extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS); @@ -4220,6 +4224,43 @@ int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl) if (serverGroup->name != group->name) continue; +#ifdef HAVE_PUBLIC_FFDHE + switch (serverGroup->name) { + #ifdef HAVE_FFDHE_2048 + case WOLFSSL_FFDHE_2048: + params = wc_Dh_ffdhe2048_Get(); + break; + #endif + #ifdef HAVE_FFDHE_3072 + case WOLFSSL_FFDHE_3072: + params = wc_Dh_ffdhe3072_Get(); + break; + #endif + #ifdef HAVE_FFDHE_4096 + case WOLFSSL_FFDHE_4096: + params = wc_Dh_ffdhe4096_Get(); + break; + #endif + #ifdef HAVE_FFDHE_6144 + case WOLFSSL_FFDHE_6144: + params = wc_Dh_ffdhe6144_Get(); + break; + #endif + #ifdef HAVE_FFDHE_8192 + case WOLFSSL_FFDHE_8192: + params = wc_Dh_ffdhe8192_Get(); + break; + #endif + default: + break; + } + if (params == NULL) + return BAD_FUNC_ARG; + if (params->p_len >= ssl->options.minDhKeySz && + params->p_len <= ssl->options.maxDhKeySz) { + break; + } +#else wc_DhGetNamedKeyParamSize(serverGroup->name, &p_len, NULL, NULL); if (p_len == 0) return BAD_FUNC_ARG; @@ -4227,6 +4268,7 @@ int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl) p_len <= ssl->options.maxDhKeySz) { break; } +#endif } if (group != NULL && serverGroup->name == group->name) @@ -4234,6 +4276,12 @@ int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl) } if (serverGroup) { + #ifdef HAVE_PUBLIC_FFDHE + ssl->buffers.serverDH_P.buffer = (unsigned char *)params->p; + ssl->buffers.serverDH_P.length = params->p_len; + ssl->buffers.serverDH_G.buffer = (unsigned char *)params->g; + ssl->buffers.serverDH_G.length = params->g_len; + #else word32 pSz, gSz; ret = wc_DhGetNamedKeyParamSize(serverGroup->name, &pSz, &gSz, NULL); @@ -4247,13 +4295,14 @@ int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl) ssl->buffers.serverDH_P.buffer, &pSz, ssl->buffers.serverDH_G.buffer, &gSz, NULL, NULL); - ssl->namedGroup = serverGroup->name; + ssl->buffers.weOwnDH = 1; + #endif + ssl->namedGroup = serverGroup->name; #if !defined(WOLFSSL_OLD_PRIME_CHECK) && \ !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) ssl->options.dhDoKeyTest = 0; #endif - ssl->buffers.weOwnDH = 1; ssl->options.haveDH = 1; } diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 0efe6706d..4886e8071 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -5073,7 +5073,11 @@ void bench_dh(int doAsync) word32 privSz2 = BENCH_DH_PRIV_SIZE; word32 agreeSz[BENCH_MAX_PENDING]; #if defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072) +#ifdef HAVE_PUBLIC_FFDHE + const DhParams *params = NULL; +#else int paramName = 0; +#endif #endif DECLARE_ARRAY(pub, byte, BENCH_MAX_PENDING, BENCH_DH_KEY_SIZE, HEAP_HINT); @@ -5112,13 +5116,21 @@ void bench_dh(int doAsync) } #ifdef HAVE_FFDHE_2048 else if (use_ffdhe == 2048) { +#ifdef HAVE_PUBLIC_FFDHE + params = wc_Dh_ffdhe2048_Get(); +#else paramName = WC_FFDHE_2048; +#endif dhKeySz = 2048; } #endif #ifdef HAVE_FFDHE_3072 else if (use_ffdhe == 3072) { +#ifdef HAVE_PUBLIC_FFDHE + params = wc_Dh_ffdhe2048_Get(); +#else paramName = WC_FFDHE_3072; +#endif dhKeySz = 3072; } #endif @@ -5151,9 +5163,16 @@ void bench_dh(int doAsync) #endif } #if defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072) + #ifdef HAVE_PUBLIC_FFDHE + else if (params != NULL) { + ret = wc_DhSetKey(&dhKey[i], params->p, params->p_len, params->g, + params->g_len); + } + #else else if (paramName != 0) { ret = wc_DhSetNamedKey(&dhKey[i], paramName); } + #endif #endif if (ret != 0) { printf("DhKeyDecode failed %d, can't benchmark\n", ret); diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 269f93430..08b4839ce 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -16026,8 +16026,8 @@ static int dh_fips_generate_test(WC_RNG *rng) 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5, 0x40, 0x52, 0xed, 0x41 }; - byte priv[sizeof q]; - byte pub[sizeof p]; + byte priv[256]; + byte pub[256]; word32 privSz = sizeof(priv); word32 pubSz = sizeof(pub); @@ -16326,7 +16326,11 @@ static int dh_test_check_pubvalue(void) #endif #ifndef WC_NO_RNG +#ifdef HAVE_PUBLIC_FFDHE +static int dh_ffdhe_test(WC_RNG *rng, const DhParams* params) +#else static int dh_ffdhe_test(WC_RNG *rng, int name) +#endif { int ret; word32 privSz, pubSz, privSz2, pubSz2; @@ -16366,8 +16370,13 @@ static int dh_ffdhe_test(WC_RNG *rng, int name) pubSz = FFDHE_KEY_SIZE; pubSz2 = FFDHE_KEY_SIZE; + #ifdef HAVE_PUBLIC_FFDHE + privSz = FFDHE_KEY_SIZE; + privSz2 = FFDHE_KEY_SIZE; + #else privSz = wc_DhGetNamedKeyMinSize(name); privSz2 = privSz; + #endif XMEMSET(key, 0, sizeof(*key)); XMEMSET(key2, 0, sizeof(*key2)); @@ -16381,12 +16390,21 @@ static int dh_ffdhe_test(WC_RNG *rng, int name) ERROR_OUT(-8052, done); } +#ifdef HAVE_PUBLIC_FFDHE + ret = wc_DhSetKey(key, params->p, params->p_len, params->g, params->g_len); +#else ret = wc_DhSetNamedKey(key, name); +#endif if (ret != 0) { ERROR_OUT(-8053, done); } +#ifdef HAVE_PUBLIC_FFDHE + ret = wc_DhSetKey(key2, params->p, params->p_len, params->g, + params->g_len); +#else ret = wc_DhSetNamedKey(key2, name); +#endif if (ret != 0) { ERROR_OUT(-8054, done); } @@ -16808,12 +16826,20 @@ WOLFSSL_TEST_SUBROUTINE int dh_test(void) #ifndef WC_NO_RNG /* Specialized code for key gen when using FFDHE-2048, FFDHE-3072 and FFDHE-4096 */ #ifdef HAVE_FFDHE_2048 + #ifdef HAVE_PUBLIC_FFDHE + ret = dh_ffdhe_test(&rng, wc_Dh_ffdhe2048_Get()); + #else ret = dh_ffdhe_test(&rng, WC_FFDHE_2048); + #endif if (ret != 0) ERROR_OUT(-8126, done); #endif #ifdef HAVE_FFDHE_3072 + #ifdef HAVE_PUBLIC_FFDHE + ret = dh_ffdhe_test(&rng, wc_Dh_ffdhe3072_Get()); + #else ret = dh_ffdhe_test(&rng, WC_FFDHE_3072); + #endif if (ret != 0) ERROR_OUT(-8127, done); #endif