Skip to content

Commit

Permalink
Make gcrypt amenable to deterministic RNG by enabling FIPS PRNG.
Browse files Browse the repository at this point in the history
  • Loading branch information
@J08nY
J08nY committed Aug 8, 2024
1 parent 92ddf4c commit 960b3c6
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 10 deletions.
14 changes: 7 additions & 7 deletions standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ cpp_utils.o: cpp_utils.cpp
# OpenSSL shim
openssl: openssl_provider.so

openssl_provider.so: openssl.o c_utils.o | lib_timing.so lib_csignals.so
openssl_provider.so: openssl.o c_utils.o | lib_timing.so lib_csignals.so lib_preload.so
$(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. $(shell pkg-config --libs openssl) -l:lib_timing.so -l:lib_csignals.so

openssl.o: openssl.c
Expand Down Expand Up @@ -122,7 +122,7 @@ gcrypt.o: gcrypt.c
# Libtomcrypt shim
tomcrypt: tomcrypt_provider.so

tomcrypt_provider.so: tomcrypt.o c_utils.o | lib_timing.so lib_csignals.so
tomcrypt_provider.so: tomcrypt.o c_utils.o | lib_timing.so lib_csignals.so lib_preload.so
$(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. -ltommath $(shell pkg-config --libs libtomcrypt) -l:lib_timing.so -l:lib_csignals.so

tomcrypt.o: tomcrypt.c
Expand All @@ -132,7 +132,7 @@ tomcrypt.o: tomcrypt.c
# Botan-2 shim
botan: botan_provider.so

botan_provider.so: botan.o cpp_utils.o | lib_timing.so lib_cppsignals.so
botan_provider.so: botan.o cpp_utils.o | lib_timing.so lib_cppsignals.so lib_preload.so
$(CXX) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. $(shell pkg-config --libs botan-2) -l:lib_timing.so -l:lib_cppsignals.so

botan.o: botan.cpp
Expand All @@ -146,7 +146,7 @@ ifeq ($(shell pkg-config --exists $(CRYPTOPP_NAME); echo $$?),1)
endif
cryptopp: cryptopp_provider.so

cryptopp_provider.so: cryptopp.o cpp_utils.o | lib_timing.so lib_cppsignals.so
cryptopp_provider.so: cryptopp.o cpp_utils.o | lib_timing.so lib_cppsignals.so lib_preload.so
$(CXX) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. $(shell pkg-config --libs $(CRYPTOPP_NAME)) -l:lib_timing.so -l:lib_cppsignals.so

cryptopp.o: cryptopp.cpp
Expand All @@ -159,7 +159,7 @@ mbedtls: mbedtls_provider.so
lib_mbedtls.so:
cp $(PROJECT_ROOT_PATH)/ext/mbedtls/build/library/libmbedcrypto.so lib_mbedtls.so

mbedtls_provider.so: mbedtls.o c_utils.o | lib_timing.so lib_csignals.so lib_mbedtls.so
mbedtls_provider.so: mbedtls.o c_utils.o | lib_timing.so lib_csignals.so lib_preload.so lib_mbedtls.so
$(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. lib_mbedtls.so -l:lib_timing.so -l:lib_csignals.so

mbedtls.o: mbedtls.c
Expand All @@ -172,7 +172,7 @@ ippcp: ippcp_provider.so
lib_ippcp.so:
cp $(PROJECT_ROOT_PATH)/ext/ipp-crypto/build/.build/RELEASE/lib/libippcp.so lib_ippcp.so

ippcp_provider.so: ippcp.o c_utils.o | lib_timing.so lib_csignals.so lib_ippcp.so
ippcp_provider.so: ippcp.o c_utils.o | lib_timing.so lib_csignals.so lib_preload.so lib_ippcp.so
$(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. lib_ippcp.so -l:lib_timing.so -l:lib_csignals.so

ippcp.o: ippcp.c
Expand All @@ -182,7 +182,7 @@ ippcp.o: ippcp.c
# Nettle shim
nettle: nettle_provider.so

nettle_provider.so: nettle.o c_utils.o | lib_timing.so lib_csignals.so
nettle_provider.so: nettle.o c_utils.o | lib_timing.so lib_csignals.so lib_preload.so
$(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. $(shell pkg-config --libs nettle) -l:lib_timing.so -l:lib_csignals.so $(shell pkg-config --libs hogweed) -lgmp

nettle.o: nettle.c
Expand Down
5 changes: 2 additions & 3 deletions standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/gcrypt.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ JNIEXPORT jobject JNICALL Java_cz_crcs_ectester_standalone_libs_GcryptLib_create

jmethodID init = (*env)->GetMethodID(env, local_provider_class, "<init>", "(Ljava/lang/String;DLjava/lang/String;)V");

gcry_control(GCRYCTL_SET_PREFERRED_RNG_TYPE, GCRY_RNG_TYPE_FIPS);
const char *running_with = gcry_check_version(GCRYPT_VERSION);
if (!running_with) {
return NULL;
Expand All @@ -40,10 +41,8 @@ JNIEXPORT jobject JNICALL Java_cz_crcs_ectester_standalone_libs_GcryptLib_create

JNIEXPORT void JNICALL Java_cz_crcs_ectester_standalone_libs_jni_NativeProvider_00024Gcrypt_setup(JNIEnv *env, jobject this) {
gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
//gcry_control(GCRYCTL_SET_DEBUG_FLAGS, 1);
gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0);
gcry_control(GCRYCTL_SET_PREFERRED_RNG_TYPE, GCRY_RNG_TYPE_SYSTEM);
gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
//gcry_control(GCRYCTL_SET_DEBUG_FLAGS, 1);

INIT_PROVIDER(env, provider_class);

Expand Down

0 comments on commit 960b3c6

Please sign in to comment.