From d250d169e87168903a543248d0bfd6c37f2f6841 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Tue, 22 Feb 2022 00:37:32 +0200 Subject: [PATCH 1/5] Block TripleDES in FIPS mode (#6879) * Block TripleDES in FIPS mode NIST SP-800-131A rev 2 lists TripleDES Encryption as disallowed in FIPS 140-3 decryption as legacy use. Three-key TDEA is listed as deprecated throughout 2023 and disallowed after 2023. For simplicity we block all use of TripleDES in FIPS mode. Fixes: #6875 Signed-off-by: Christian Heimes * Fix flake --- src/cryptography/hazmat/backends/openssl/backend.py | 13 ++++++------- tests/hazmat/primitives/utils.py | 4 ++++ 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 736452392..f38269e26 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -134,7 +134,9 @@ class Backend(BackendInterface): b"aes-192-gcm", b"aes-256-gcm", } - _fips_ciphers = (AES, TripleDES) + # TripleDES encryption is disallowed/deprecated throughout 2023 in + # FIPS 140-3. To keep it simple we denylist any use of TripleDES (TDEA). + _fips_ciphers = (AES,) # Sometimes SHA1 is still permissible. That logic is contained # within the various *_supported methods. _fips_hashes = ( @@ -323,12 +325,9 @@ class Backend(BackendInterface): def cipher_supported(self, cipher, mode): if self._fips_enabled: - # FIPS mode requires AES or TripleDES, but only CBC/ECB allowed - # in TripleDES mode. - if not isinstance(cipher, self._fips_ciphers) or ( - isinstance(cipher, TripleDES) - and not isinstance(mode, (CBC, ECB)) - ): + # FIPS mode requires AES. TripleDES is disallowed/deprecated in + # FIPS 140-3. + if not isinstance(cipher, self._fips_ciphers): return False try: diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py index 93f117828..a367343ca 100644 --- a/tests/hazmat/primitives/utils.py +++ b/tests/hazmat/primitives/utils.py @@ -469,6 +469,10 @@ def _kbkdf_cmac_counter_mode_test(backend, prf, ctr_loc, params): algorithm = supported_cipher_algorithms.get(prf) assert algorithm is not None + # TripleDES is disallowed in FIPS mode. + if backend._fips_enabled and algorithm is algorithms.TripleDES: + pytest.skip("TripleDES is not supported in FIPS mode.") + ctrkdf = KBKDFCMAC( algorithm, Mode.CounterMode, -- 2.35.1