|
|
3da501 |
From e1eba21921ceeffa45ffd2115868c14e4c7fb8d9 Mon Sep 17 00:00:00 2001
|
|
|
3da501 |
From: Clemens Lang <cllang@redhat.com>
|
|
|
3da501 |
Date: Thu, 17 Nov 2022 18:08:24 +0100
|
|
|
3da501 |
Subject: [PATCH] hmac: Add explicit FIPS indicator for key length
|
|
|
3da501 |
|
|
|
3da501 |
NIST SP 800-131Ar2, table 9 "Approval Status of MAC Algorithms"
|
|
|
3da501 |
specifies key lengths < 112 bytes are disallowed for HMAC generation and
|
|
|
3da501 |
are legacy use for HMAC verification.
|
|
|
3da501 |
|
|
|
3da501 |
Add an explicit indicator that will mark shorter key lengths as
|
|
|
3da501 |
unsupported. The indicator can be queries from the EVP_MAC_CTX object
|
|
|
3da501 |
using EVP_MAC_CTX_get_params() with the
|
|
|
3da501 |
OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR
|
|
|
3da501 |
parameter.
|
|
|
3da501 |
|
|
|
3da501 |
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
|
|
3da501 |
---
|
|
|
3da501 |
include/crypto/evp.h | 7 +++++++
|
|
|
3da501 |
include/openssl/core_names.h | 1 +
|
|
|
3da501 |
include/openssl/evp.h | 3 +++
|
|
|
3da501 |
providers/implementations/macs/hmac_prov.c | 17 +++++++++++++++++
|
|
|
3da501 |
4 files changed, 28 insertions(+)
|
|
|
3da501 |
|
|
|
3da501 |
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
|
|
|
3da501 |
index 76fb990de4..1e2240516e 100644
|
|
|
3da501 |
--- a/include/crypto/evp.h
|
|
|
3da501 |
+++ b/include/crypto/evp.h
|
|
|
3da501 |
@@ -196,6 +196,13 @@ const EVP_PKEY_METHOD *ossl_ed448_pkey_method(void);
|
|
|
3da501 |
const EVP_PKEY_METHOD *ossl_rsa_pkey_method(void);
|
|
|
3da501 |
const EVP_PKEY_METHOD *ossl_rsa_pss_pkey_method(void);
|
|
|
3da501 |
|
|
|
3da501 |
+#ifdef FIPS_MODULE
|
|
|
3da501 |
+/* NIST SP 800-131Ar2, Table 9: Approval Status of MAC Algorithms specifies key
|
|
|
3da501 |
+ * lengths < 112 bytes are disallowed for HMAC generation and legacy use for
|
|
|
3da501 |
+ * HMAC verification. */
|
|
|
3da501 |
+# define EVP_HMAC_GEN_FIPS_MIN_KEY_LEN (112 / 8)
|
|
|
3da501 |
+#endif
|
|
|
3da501 |
+
|
|
|
3da501 |
struct evp_mac_st {
|
|
|
3da501 |
OSSL_PROVIDER *prov;
|
|
|
3da501 |
int name_id;
|
|
|
3da501 |
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
|
|
|
3da501 |
index c019afbbb0..94fab83193 100644
|
|
|
3da501 |
--- a/include/openssl/core_names.h
|
|
|
3da501 |
+++ b/include/openssl/core_names.h
|
|
|
3da501 |
@@ -173,6 +173,7 @@ extern "C" {
|
|
|
3da501 |
#define OSSL_MAC_PARAM_SIZE "size" /* size_t */
|
|
|
3da501 |
#define OSSL_MAC_PARAM_BLOCK_SIZE "block-size" /* size_t */
|
|
|
3da501 |
#define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size" /* size_t */
|
|
|
3da501 |
+#define OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR "redhat-fips-indicator"
|
|
|
3da501 |
|
|
|
3da501 |
/* Known MAC names */
|
|
|
3da501 |
#define OSSL_MAC_NAME_BLAKE2BMAC "BLAKE2BMAC"
|
|
|
3da501 |
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
|
|
|
3da501 |
index 49e8e1df78..a5e78efd6e 100644
|
|
|
3da501 |
--- a/include/openssl/evp.h
|
|
|
3da501 |
+++ b/include/openssl/evp.h
|
|
|
3da501 |
@@ -1192,6 +1192,9 @@ void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx,
|
|
|
3da501 |
void *arg);
|
|
|
3da501 |
|
|
|
3da501 |
/* MAC stuff */
|
|
|
3da501 |
+# define EVP_MAC_REDHAT_FIPS_INDICATOR_UNDETERMINED 0
|
|
|
3da501 |
+# define EVP_MAC_REDHAT_FIPS_INDICATOR_APPROVED 1
|
|
|
3da501 |
+# define EVP_MAC_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2
|
|
|
3da501 |
|
|
|
3da501 |
EVP_MAC *EVP_MAC_fetch(OSSL_LIB_CTX *libctx, const char *algorithm,
|
|
|
3da501 |
const char *properties);
|
|
|
3da501 |
diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c
|
|
|
3da501 |
index 52ebb08b8f..cf5c3ecbe7 100644
|
|
|
3da501 |
--- a/providers/implementations/macs/hmac_prov.c
|
|
|
3da501 |
+++ b/providers/implementations/macs/hmac_prov.c
|
|
|
3da501 |
@@ -21,6 +21,8 @@
|
|
|
3da501 |
#include <openssl/evp.h>
|
|
|
3da501 |
#include <openssl/hmac.h>
|
|
|
3da501 |
|
|
|
3da501 |
+#include "crypto/evp.h"
|
|
|
3da501 |
+
|
|
|
3da501 |
#include "prov/implementations.h"
|
|
|
3da501 |
#include "prov/provider_ctx.h"
|
|
|
3da501 |
#include "prov/provider_util.h"
|
|
|
3da501 |
@@ -244,6 +246,9 @@ static int hmac_final(void *vmacctx, unsigned char *out, size_t *outl,
|
|
|
3da501 |
static const OSSL_PARAM known_gettable_ctx_params[] = {
|
|
|
3da501 |
OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL),
|
|
|
3da501 |
OSSL_PARAM_size_t(OSSL_MAC_PARAM_BLOCK_SIZE, NULL),
|
|
|
3da501 |
+#ifdef FIPS_MODULE
|
|
|
3da501 |
+ OSSL_PARAM_int(OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR, NULL),
|
|
|
3da501 |
+#endif /* defined(FIPS_MODULE) */
|
|
|
3da501 |
OSSL_PARAM_END
|
|
|
3da501 |
};
|
|
|
3da501 |
static const OSSL_PARAM *hmac_gettable_ctx_params(ossl_unused void *ctx,
|
|
|
3da501 |
@@ -265,6 +270,18 @@ static int hmac_get_ctx_params(void *vmacctx, OSSL_PARAM params[])
|
|
|
3da501 |
&& !OSSL_PARAM_set_int(p, hmac_block_size(macctx)))
|
|
|
3da501 |
return 0;
|
|
|
3da501 |
|
|
|
3da501 |
+#ifdef FIPS_MODULE
|
|
|
3da501 |
+ if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR)) != NULL) {
|
|
|
3da501 |
+ int fips_indicator = EVP_MAC_REDHAT_FIPS_INDICATOR_APPROVED;
|
|
|
3da501 |
+ /* NIST SP 800-131Ar2, Table 9: Approval Status of MAC Algorithms
|
|
|
3da501 |
+ * specifies key lengths < 112 bytes are disallowed for HMAC generation
|
|
|
3da501 |
+ * and legacy use for HMAC verification. */
|
|
|
3da501 |
+ if (macctx->keylen < EVP_HMAC_GEN_FIPS_MIN_KEY_LEN)
|
|
|
3da501 |
+ fips_indicator = EVP_MAC_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
|
|
|
3da501 |
+ return OSSL_PARAM_set_int(p, fips_indicator);
|
|
|
3da501 |
+ }
|
|
|
3da501 |
+#endif /* defined(FIPS_MODULE) */
|
|
|
3da501 |
+
|
|
|
3da501 |
return 1;
|
|
|
3da501 |
}
|
|
|
3da501 |
|
|
|
3da501 |
--
|
|
|
3da501 |
2.38.1
|
|
|
3da501 |
|