forked from rpms/openssl
105cc32a20
NIST SP 800-131Ar2, section 8 "Deriving Additional Keys from a Cryptographic Key" says that for KDFs defined in SP 800-108, "[t]he length of the key-derivation key shall be at least 112 bits". It further specifies that HMAC-based KDFs "with a key whose length is at least 112 bits" are acceptable. Add an explicit indicator for SP 800-108 KDFs that will mark shorter key lengths as unapproved. The indicator can be queried from the EVP_KDF_CTX object using EVP_KDF_CTX_get_params() with the OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR parameter. This also modifies the previously applied HKDF indicator patch to use the same interface to query its FIPS indicator. This provides better consistency across the various KDFs with explicit indicators. Additionally, the new constants are clearly marked as being specific to Red Hat. Signed-off-by: Clemens Lang <cllang@redhat.com> Resolves: rhbz#2144019
75 lines
2.9 KiB
Diff
75 lines
2.9 KiB
Diff
From 185fbbfea732588187c81d1b2cafb3e1fae9eb77 Mon Sep 17 00:00:00 2001
|
|
From: Clemens Lang <cllang@redhat.com>
|
|
Date: Thu, 17 Nov 2022 16:38:45 +0100
|
|
Subject: [PATCH 2/2] kbkdf: Add explicit FIPS indicator for key length
|
|
|
|
NIST SP 800-131Ar2, section 8 "Deriving Additional Keys from
|
|
a Cryptographic Key" says that for KDFs defined in SP 800-108, "[t]he
|
|
length of the key-derivation key shall be at least 112 bits". It further
|
|
specifies that HMAC-based KDFs "with a key whose length is at least 112
|
|
bits" are acceptable.
|
|
|
|
Add an explicit indicator for SP 800-108 KDFs that will mark shorter key
|
|
lengths as unapproved. The indicator can be queried from the EVP_KDF_CTX
|
|
object using EVP_KDF_CTX_get_params() with the
|
|
OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR
|
|
parameter.
|
|
|
|
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
|
---
|
|
providers/implementations/kdfs/kbkdf.c | 32 +++++++++++++++++++++-----
|
|
1 file changed, 26 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c
|
|
index a542f84dfa..93a8a10537 100644
|
|
--- a/providers/implementations/kdfs/kbkdf.c
|
|
+++ b/providers/implementations/kdfs/kbkdf.c
|
|
@@ -365,18 +365,38 @@ static int kbkdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
|
|
OSSL_PARAM *p;
|
|
|
|
p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE);
|
|
- if (p == NULL)
|
|
- return -2;
|
|
+ if (p != NULL)
|
|
+ /* KBKDF can produce results as large as you like. */
|
|
+ return OSSL_PARAM_set_size_t(p, SIZE_MAX);
|
|
+
|
|
+#ifdef FIPS_MODULE
|
|
+ p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR);
|
|
+ if (p != NULL) {
|
|
+ KBKDF *ctx = (KBKDF *)vctx;
|
|
+ int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED;
|
|
+ /* According to NIST Special Publication 800-131Ar2, Section 8:
|
|
+ * Deriving Additional Keys from a Cryptographic Key, "[t]he length of
|
|
+ * the key-derivation key [i.e., the input key] shall be at least 112
|
|
+ * bits". */
|
|
+ if (ctx->ki_len < EVP_KDF_FIPS_MIN_KEY_LEN)
|
|
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
|
+ return OSSL_PARAM_set_int(p, fips_indicator);
|
|
+ }
|
|
+#endif
|
|
|
|
- /* KBKDF can produce results as large as you like. */
|
|
- return OSSL_PARAM_set_size_t(p, SIZE_MAX);
|
|
+ return -2;
|
|
}
|
|
|
|
static const OSSL_PARAM *kbkdf_gettable_ctx_params(ossl_unused void *ctx,
|
|
ossl_unused void *provctx)
|
|
{
|
|
- static const OSSL_PARAM known_gettable_ctx_params[] =
|
|
- { OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), OSSL_PARAM_END };
|
|
+ static const OSSL_PARAM known_gettable_ctx_params[] = {
|
|
+ OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
|
|
+#ifdef FIPS_MODULE
|
|
+ OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, NULL),
|
|
+#endif /* defined(FIPS_MODULE) */
|
|
+ OSSL_PARAM_END
|
|
+ };
|
|
return known_gettable_ctx_params;
|
|
}
|
|
|
|
--
|
|
2.38.1
|
|
|