|
|
3da501 |
From 185fbbfea732588187c81d1b2cafb3e1fae9eb77 Mon Sep 17 00:00:00 2001
|
|
|
3da501 |
From: Clemens Lang <cllang@redhat.com>
|
|
|
3da501 |
Date: Thu, 17 Nov 2022 16:38:45 +0100
|
|
|
3da501 |
Subject: [PATCH 2/2] kbkdf: Add explicit FIPS indicator for key length
|
|
|
3da501 |
|
|
|
3da501 |
NIST SP 800-131Ar2, section 8 "Deriving Additional Keys from
|
|
|
3da501 |
a Cryptographic Key" says that for KDFs defined in SP 800-108, "[t]he
|
|
|
3da501 |
length of the key-derivation key shall be at least 112 bits". It further
|
|
|
3da501 |
specifies that HMAC-based KDFs "with a key whose length is at least 112
|
|
|
3da501 |
bits" are acceptable.
|
|
|
3da501 |
|
|
|
3da501 |
Add an explicit indicator for SP 800-108 KDFs that will mark shorter key
|
|
|
3da501 |
lengths as unapproved. The indicator can be queried from the EVP_KDF_CTX
|
|
|
3da501 |
object using EVP_KDF_CTX_get_params() with the
|
|
|
3da501 |
OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR
|
|
|
3da501 |
parameter.
|
|
|
3da501 |
|
|
|
3da501 |
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
|
|
3da501 |
---
|
|
|
3da501 |
providers/implementations/kdfs/kbkdf.c | 32 +++++++++++++++++++++-----
|
|
|
3da501 |
1 file changed, 26 insertions(+), 6 deletions(-)
|
|
|
3da501 |
|
|
|
3da501 |
diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c
|
|
|
3da501 |
index a542f84dfa..93a8a10537 100644
|
|
|
3da501 |
--- a/providers/implementations/kdfs/kbkdf.c
|
|
|
3da501 |
+++ b/providers/implementations/kdfs/kbkdf.c
|
|
|
3da501 |
@@ -365,18 +365,38 @@ static int kbkdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
|
|
|
3da501 |
OSSL_PARAM *p;
|
|
|
3da501 |
|
|
|
3da501 |
p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE);
|
|
|
3da501 |
- if (p == NULL)
|
|
|
3da501 |
- return -2;
|
|
|
3da501 |
+ if (p != NULL)
|
|
|
3da501 |
+ /* KBKDF can produce results as large as you like. */
|
|
|
3da501 |
+ return OSSL_PARAM_set_size_t(p, SIZE_MAX);
|
|
|
3da501 |
+
|
|
|
3da501 |
+#ifdef FIPS_MODULE
|
|
|
3da501 |
+ p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR);
|
|
|
3da501 |
+ if (p != NULL) {
|
|
|
3da501 |
+ KBKDF *ctx = (KBKDF *)vctx;
|
|
|
3da501 |
+ int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED;
|
|
|
3da501 |
+ /* According to NIST Special Publication 800-131Ar2, Section 8:
|
|
|
3da501 |
+ * Deriving Additional Keys from a Cryptographic Key, "[t]he length of
|
|
|
3da501 |
+ * the key-derivation key [i.e., the input key] shall be at least 112
|
|
|
3da501 |
+ * bits". */
|
|
|
3da501 |
+ if (ctx->ki_len < EVP_KDF_FIPS_MIN_KEY_LEN)
|
|
|
3da501 |
+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
|
|
3da501 |
+ return OSSL_PARAM_set_int(p, fips_indicator);
|
|
|
3da501 |
+ }
|
|
|
3da501 |
+#endif
|
|
|
3da501 |
|
|
|
3da501 |
- /* KBKDF can produce results as large as you like. */
|
|
|
3da501 |
- return OSSL_PARAM_set_size_t(p, SIZE_MAX);
|
|
|
3da501 |
+ return -2;
|
|
|
3da501 |
}
|
|
|
3da501 |
|
|
|
3da501 |
static const OSSL_PARAM *kbkdf_gettable_ctx_params(ossl_unused void *ctx,
|
|
|
3da501 |
ossl_unused void *provctx)
|
|
|
3da501 |
{
|
|
|
3da501 |
- static const OSSL_PARAM known_gettable_ctx_params[] =
|
|
|
3da501 |
- { OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), OSSL_PARAM_END };
|
|
|
3da501 |
+ static const OSSL_PARAM known_gettable_ctx_params[] = {
|
|
|
3da501 |
+ OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
|
|
|
3da501 |
+#ifdef FIPS_MODULE
|
|
|
3da501 |
+ OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, NULL),
|
|
|
3da501 |
+#endif /* defined(FIPS_MODULE) */
|
|
|
3da501 |
+ OSSL_PARAM_END
|
|
|
3da501 |
+ };
|
|
|
3da501 |
return known_gettable_ctx_params;
|
|
|
3da501 |
}
|
|
|
3da501 |
|
|
|
3da501 |
--
|
|
|
3da501 |
2.38.1
|
|
|
3da501 |
|