mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-23 18:13:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

EdDSA: disallow verification from a pregenerated hash when in FIPS

Browse Source 
Also includes an indicator and the capability to bypass via configuration
or params.

Fixes #24937

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25032)
This commit is contained in:
Pauli 2024-07-30 14:11:49 +10:00
parent 889277effb
commit 2d759937e2
1 changed files with 42 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
providers/implementations/signature/eddsa_sig.c
View File

@ -16,6 +16,8 @@
#include <openssl/proverr.h>
#include "internal/nelem.h"
#include "internal/sizes.h"
#include "prov/fipscommon.h"
#include "prov/fipsindicator.h"
#include "prov/providercommon.h"
#include "prov/implementations.h"
#include "prov/provider_ctx.h"
@ -142,6 +144,7 @@ typedef struct {
unsigned char context_string[EDDSA_MAX_CONTEXT_STRING_LEN];
size_t context_string_len;
OSSL_FIPS_IND_DECLARE
} PROV_EDDSA_CTX;
static void *eddsa_newctx(void *provctx, const char *propq_unused)
@ -156,6 +159,7 @@ static void *eddsa_newctx(void *provctx, const char *propq_unused)
return NULL;
peddsactx->libctx = PROV_LIBCTX_OF(provctx);
OSSL_FIPS_IND_INIT(peddsactx)
return peddsactx;
}
@ -189,6 +193,7 @@ static int eddsa_digest_signverify_init(void *vpeddsactx, const char *mdname,
return 0;
}
OSSL_FIPS_IND_SET_APPROVED(peddsactx)
peddsactx->dom2_flag = 0;
peddsactx->prehash_flag = 0;
peddsactx->context_string_flag = 0;
@ -232,9 +237,9 @@ static int eddsa_digest_signverify_init(void *vpeddsactx, const char *mdname,
return 1;
}
int ed25519_digest_sign(void *vpeddsactx, unsigned char *sigret,
size_t *siglen, size_t sigsize,
const unsigned char *tbs, size_t tbslen)
static int ed25519_digest_sign(void *vpeddsactx, unsigned char *sigret,
size_t *siglen, size_t sigsize,
const unsigned char *tbs, size_t tbslen)
{
PROV_EDDSA_CTX *peddsactx = (PROV_EDDSA_CTX *)vpeddsactx;
const ECX_KEY *edkey = peddsactx->key;
@ -318,9 +323,9 @@ static int ed448_shake256(OSSL_LIB_CTX *libctx,
return ret;
}
int ed448_digest_sign(void *vpeddsactx, unsigned char *sigret,
size_t *siglen, size_t sigsize,
const unsigned char *tbs, size_t tbslen)
static int ed448_digest_sign(void *vpeddsactx, unsigned char *sigret,
size_t *siglen, size_t sigsize,
const unsigned char *tbs, size_t tbslen)
{
PROV_EDDSA_CTX *peddsactx = (PROV_EDDSA_CTX *)vpeddsactx;
const ECX_KEY *edkey = peddsactx->key;
@ -375,16 +380,29 @@ int ed448_digest_sign(void *vpeddsactx, unsigned char *sigret,
return 1;
}
int ed25519_digest_verify(void *vpeddsactx, const unsigned char *sig,
size_t siglen, const unsigned char *tbs,
size_t tbslen)
static int fips_check_verify(PROV_EDDSA_CTX *ctx)
{
#ifdef FIPS_MODULE
if (!OSSL_FIPS_IND_ON_UNAPPROVED(ctx, OSSL_FIPS_IND_SETTABLE0,
ctx->libctx, "Verify", "EdDSA",
FIPS_eddsa_no_verify_digested))
return 0;
#endif /* FIPS_MODULE */
return 1;
}
static int ed25519_digest_verify(void *vpeddsactx, const unsigned char *sig,
size_t siglen, const unsigned char *tbs,
size_t tbslen)
{
PROV_EDDSA_CTX *peddsactx = (PROV_EDDSA_CTX *)vpeddsactx;
const ECX_KEY *edkey = peddsactx->key;
uint8_t md[EVP_MAX_MD_SIZE];
size_t mdlen;
if (!ossl_prov_is_running() || siglen != ED25519_SIGSIZE)
if (!ossl_prov_is_running()
|| siglen != ED25519_SIGSIZE
|| !fips_check_verify(peddsactx))
return 0;
#ifdef S390X_EC_ASM
@ -412,16 +430,18 @@ int ed25519_digest_verify(void *vpeddsactx, const unsigned char *sig,
peddsactx->libctx, edkey->propq);
}
int ed448_digest_verify(void *vpeddsactx, const unsigned char *sig,
size_t siglen, const unsigned char *tbs,
size_t tbslen)
static int ed448_digest_verify(void *vpeddsactx, const unsigned char *sig,
size_t siglen, const unsigned char *tbs,
size_t tbslen)
{
PROV_EDDSA_CTX *peddsactx = (PROV_EDDSA_CTX *)vpeddsactx;
const ECX_KEY *edkey = peddsactx->key;
uint8_t md[EDDSA_PREHASH_OUTPUT_LEN];
size_t mdlen = sizeof(md);
if (!ossl_prov_is_running() || siglen != ED448_SIGSIZE)
if (!ossl_prov_is_running()
|| siglen != ED448_SIGSIZE
|| !fips_check_verify(peddsactx))
return 0;
#ifdef S390X_EC_ASM
@ -495,6 +515,8 @@ static int eddsa_get_ctx_params(void *vpeddsactx, OSSL_PARAM *params)
peddsactx->aid_len))
return 0;
if (!OSSL_FIPS_IND_GET_CTX_PARAM(peddsactx, params))
return 0;
return 1;
}
@ -502,6 +524,7 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, NULL, 0),
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_INSTANCE, NULL, 0),
OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_CONTEXT_STRING, NULL, 0),
OSSL_FIPS_IND_GETTABLE_CTX_PARAM()
OSSL_PARAM_END
};
@ -521,6 +544,10 @@ static int eddsa_set_ctx_params(void *vpeddsactx, const OSSL_PARAM params[])
if (params == NULL)
return 1;
if (!OSSL_FIPS_IND_SET_CTX_PARAM(peddsactx, OSSL_FIPS_IND_SETTABLE0, params,
OSSL_SIGNATURE_PARAM_EDDSA_VERIFY_DIGESTED))
return 0;
p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_INSTANCE);
if (p != NULL) {
char instance_name[OSSL_MAX_NAME_SIZE] = "";
@ -580,6 +607,7 @@ static int eddsa_set_ctx_params(void *vpeddsactx, const OSSL_PARAM params[])
static const OSSL_PARAM settable_ctx_params[] = {
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_INSTANCE, NULL, 0),
OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_CONTEXT_STRING, NULL, 0),
OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_EDDSA_VERIFY_DIGESTED)
OSSL_PARAM_END
};