PQG generation and verification testing

Tue May 22 18:29:50 CEST 2018

Hi,

I see the following code in libgcrypt 1.5.3 in function generate_fips186:

      if (deriveparms)
        {
          initial_seed.sexp = gcry_sexp_find_token (deriveparms, "seed", 0);
          if (initial_seed.sexp)
            initial_seed.seed = gcry_sexp_nth_data (initial_seed.sexp, 1,
                                                    &initial_seed.seedlen);
        }
      if (use_fips186_2)
        ec = _gcry_generate_fips186_2_prime (nbits, qbits,
                                           initial_seed.seed,
                                           initial_seed.seedlen,
                                           &prime_q, &prime_p,
                                           r_counter,
                                           r_seed, r_seedlen);
      else if (!domain->p || !domain->q)
        ec = _gcry_generate_fips186_3_prime (nbits, qbits,
                                          initial_seed.seed,
                                          initial_seed.seedlen,
                                          &prime_q, &prime_p,
                                          r_counter,
                                          r_seed, r_seedlen, NULL);

In the current upstream code, it is implemented differently:

      if (deriveparms)
        {
          initial_seed.sexp = sexp_find_token (deriveparms, "seed", 0);
          if (initial_seed.sexp)
            initial_seed.seed = sexp_nth_data (initial_seed.sexp, 1,
                                               &initial_seed.seedlen);
        }

      if (use_fips186_2)
        ec = _gcry_generate_fips186_2_prime (nbits, qbits,
                                             initial_seed.seed,
                                             initial_seed.seedlen,
                                             &prime_q, &prime_p,
                                             r_counter,
                                             r_seed, r_seedlen);
      else
        ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0,
                                             &prime_q, &prime_p,
                                             r_counter,
                                             r_seed, r_seedlen, NULL);

See 3rd and 4th parameter for _gcry_generate_fips186_3_prime which is now NULL 
instead of initial_seed. With that, there is no way to set a pre-defined seed 
to verify that the P/Q generation function works correctly.

Is there any other way how to test the P/Q generation by supplying the seed?

If not, could the current upstream code be changed back to the old 
implementation?

Thanks.

Ciao
Stephan