Add FIPS KMAC key check
This adds a FIPS indicator for KMAC key size. Note that 112 bits keys are still smaller than the sizes required to reach 128 bits for KMAC128 and 256 bits for KMAC256 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25049)
This commit is contained in:
slontis
Tomas Mraz
parent
390f00a1e9
commit
ea396c7024
13 changed files with 175 additions and 71 deletions
|
|
@ -41,7 +41,7 @@ typedef enum OPTION_choice {
|
|||
OPT_TLS_PRF_EMS_CHECK, OPT_NO_SHORT_MAC,
|
||||
OPT_DISALLOW_PKCS15_PADDING, OPT_RSA_PSS_SALTLEN_CHECK,
|
||||
OPT_DISALLOW_SIGNATURE_X931_PADDING,
|
||||
OPT_HMAC_KEY_CHECK,
|
||||
OPT_HMAC_KEY_CHECK, OPT_KMAC_KEY_CHECK,
|
||||
OPT_DISALLOW_DRGB_TRUNC_DIGEST,
|
||||
OPT_SIGNATURE_DIGEST_CHECK,
|
||||
OPT_HKDF_DIGEST_CHECK,
|
||||
|
|
@ -91,6 +91,7 @@ const OPTIONS fipsinstall_options[] = {
|
|||
{"signature_digest_check", OPT_SIGNATURE_DIGEST_CHECK, '-',
|
||||
"Enable checking for approved digests for signatures"},
|
||||
{"hmac_key_check", OPT_HMAC_KEY_CHECK, '-', "Enable key check for HMAC"},
|
||||
{"kmac_key_check", OPT_KMAC_KEY_CHECK, '-', "Enable key check for KMAC"},
|
||||
{"hkdf_digest_check", OPT_HKDF_DIGEST_CHECK, '-',
|
||||
"Enable digest check for HKDF"},
|
||||
{"tls13_kdf_digest_check", OPT_TLS13_KDF_DIGEST_CHECK, '-',
|
||||
|
|
@ -152,6 +153,7 @@ typedef struct {
|
|||
unsigned int conditional_errors : 1;
|
||||
unsigned int security_checks : 1;
|
||||
unsigned int hmac_key_check : 1;
|
||||
unsigned int kmac_key_check : 1;
|
||||
unsigned int tls_prf_ems_check : 1;
|
||||
unsigned int no_short_mac : 1;
|
||||
unsigned int drgb_no_trunc_dgst : 1;
|
||||
|
|
@ -184,6 +186,7 @@ static const FIPS_OPTS pedantic_opts = {
|
|||
1, /* conditional_errors */
|
||||
1, /* security_checks */
|
||||
1, /* hmac_key_check */
|
||||
1, /* kmac_key_check */
|
||||
1, /* tls_prf_ems_check */
|
||||
1, /* no_short_mac */
|
||||
1, /* drgb_no_trunc_dgst */
|
||||
|
|
@ -216,6 +219,7 @@ static FIPS_OPTS fips_opts = {
|
|||
1, /* conditional_errors */
|
||||
1, /* security_checks */
|
||||
0, /* hmac_key_check */
|
||||
0, /* kmac_key_check */
|
||||
0, /* tls_prf_ems_check */
|
||||
0, /* no_short_mac */
|
||||
0, /* drgb_no_trunc_dgst */
|
||||
|
|
@ -361,6 +365,8 @@ static int write_config_fips_section(BIO *out, const char *section,
|
|||
opts->security_checks ? "1" : "0") <= 0
|
||||
|| BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_HMAC_KEY_CHECK,
|
||||
opts->hmac_key_check ? "1": "0") <= 0
|
||||
|| BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_KMAC_KEY_CHECK,
|
||||
opts->kmac_key_check ? "1": "0") <= 0
|
||||
|| BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK,
|
||||
opts->tls_prf_ems_check ? "1" : "0") <= 0
|
||||
|| BIO_printf(out, "%s = %s\n", OSSL_PROV_PARAM_NO_SHORT_MAC,
|
||||
|
|
@ -601,6 +607,9 @@ int fipsinstall_main(int argc, char **argv)
|
|||
case OPT_HMAC_KEY_CHECK:
|
||||
fips_opts.hmac_key_check = 1;
|
||||
break;
|
||||
case OPT_KMAC_KEY_CHECK:
|
||||
fips_opts.kmac_key_check = 1;
|
||||
break;
|
||||
case OPT_TLS_PRF_EMS_CHECK:
|
||||
fips_opts.tls_prf_ems_check = 1;
|
||||
break;
|
||||
|
|
|
|||
|
|
@ -23,6 +23,7 @@ B<openssl fipsinstall>
|
|||
[B<-no_conditional_errors>]
|
||||
[B<-no_security_checks>]
|
||||
[B<-hmac_key_check>]
|
||||
[B<-kmac_key_check>]
|
||||
[B<-ems_check>]
|
||||
[B<-no_drbg_truncated_digests>]
|
||||
[B<-signature_digest_check>]
|
||||
|
|
@ -218,6 +219,11 @@ See SP 800-185 8.4.2 and FIPS 140-3 ID C.D for details.
|
|||
Configure the module to not allow small keys sizes when using HMAC.
|
||||
See SP 800-131Ar2 for details.
|
||||
|
||||
=item B<-kmac_key_check>
|
||||
|
||||
Configure the module to not allow small keys sizes when using KMAC.
|
||||
See SP 800-131Ar2 for details.
|
||||
|
||||
=item B<-no_drbg_truncated_digests>
|
||||
|
||||
Configure the module to not allow truncated digests to be used with Hash and
|
||||
|
|
|
|||
|
|
@ -68,12 +68,16 @@ The default value is 0.
|
|||
|
||||
This settable parameter is described in L<provider-mac(7)>.
|
||||
|
||||
=item "no-short-mac" (B<OSSL_PROV_FIPS_PARAM_NO_SHORT_MAC>) <integer>
|
||||
=item "no-short-mac" (B<OSSL_MAC_PARAM_FIPS_NO_SHORT_MAC>) <integer>
|
||||
|
||||
This settable parameter is described in L<provider-mac(7)>. It is used by
|
||||
the OpenSSL FIPS provider and the minimum length output for KMAC
|
||||
is defined by NIST's SP 800-185 8.4.2.
|
||||
|
||||
=item "key-check" (B<OSSL_MAC_PARAM_FIPS_KEY_CHECK>) <integer>
|
||||
|
||||
This settable parameter is described in L<provider-mac(7)>.
|
||||
|
||||
=back
|
||||
|
||||
The "custom" and "no-short-mac" parameters must be set as part of or before
|
||||
|
|
|
|||
|
|
@ -204,7 +204,7 @@ This option is used by the OpenSSL FIPS provider.
|
|||
|
||||
=over 4
|
||||
|
||||
=item "no-short-mac" (B<OSSL_PROV_FIPS_PARAM_NO_SHORT_MAC>) <integer>
|
||||
=item "no-short-mac" (B<OSSL_MAC_PARAM_FIPS_NO_SHORT_MAC>) <integer>
|
||||
|
||||
If required this parameter should be set early via an init function.
|
||||
The default value of 1 causes an error when too short MAC output is
|
||||
|
|
|
|||
|
|
@ -77,6 +77,14 @@ extern "C" {
|
|||
*/
|
||||
# define OSSL_PROV_FIPS_PARAM_HMAC_KEY_CHECK "hmac-key-check"
|
||||
|
||||
/*
|
||||
* A boolean that determines if the runtime FIPS key check for KMAC is
|
||||
* performed.
|
||||
* This is enabled by default.
|
||||
* Type: OSSL_PARAM_UTF8_STRING
|
||||
*/
|
||||
# define OSSL_PROV_FIPS_PARAM_KMAC_KEY_CHECK "kmac-key-check"
|
||||
|
||||
/*
|
||||
* A boolean that determines if truncated digests can be used with Hash and HMAC
|
||||
* DRBGs. FIPS 140-3 IG D.R disallows such use for efficiency rather than
|
||||
|
|
|
|||
|
|
@ -14,6 +14,7 @@ int FIPS_security_check_enabled(OSSL_LIB_CTX *libctx);
|
|||
int FIPS_tls_prf_ems_check(OSSL_LIB_CTX *libctx);
|
||||
int FIPS_no_short_mac(OSSL_LIB_CTX *libctx);
|
||||
int FIPS_hmac_key_check(OSSL_LIB_CTX *libctx);
|
||||
int FIPS_kmac_key_check(OSSL_LIB_CTX *libctx);s
|
||||
int FIPS_restricted_drbg_digests_enabled(OSSL_LIB_CTX *libctx);
|
||||
int FIPS_fips_signature_digest_check(OSSL_LIB_CTX *libctx);
|
||||
int FIPS_hkdf_digest_check(OSSL_LIB_CTX *libctx);
|
||||
|
|
|
|||
|
|
@ -91,6 +91,7 @@ typedef struct fips_global_st {
|
|||
FIPS_OPTION fips_tls1_prf_ems_check;
|
||||
FIPS_OPTION fips_no_short_mac;
|
||||
FIPS_OPTION fips_hmac_key_check;
|
||||
FIPS_OPTION fips_kmac_key_check;
|
||||
FIPS_OPTION fips_restricted_drgb_digests;
|
||||
FIPS_OPTION fips_signature_digest_check;
|
||||
FIPS_OPTION fips_hkdf_digest_check;
|
||||
|
|
@ -131,6 +132,7 @@ void *ossl_fips_prov_ossl_ctx_new(OSSL_LIB_CTX *libctx)
|
|||
init_fips_option(&fgbl->fips_tls1_prf_ems_check, 0); /* Disabled by default */
|
||||
init_fips_option(&fgbl->fips_no_short_mac, 1);
|
||||
init_fips_option(&fgbl->fips_hmac_key_check, 0);
|
||||
init_fips_option(&fgbl->fips_kmac_key_check, 0);
|
||||
init_fips_option(&fgbl->fips_restricted_drgb_digests, 0);
|
||||
init_fips_option(&fgbl->fips_signature_digest_check, 0);
|
||||
init_fips_option(&fgbl->fips_hkdf_digest_check, 0);
|
||||
|
|
@ -192,6 +194,8 @@ static const OSSL_PARAM fips_param_types[] = {
|
|||
OSSL_PARAM_INTEGER, NULL, 0),
|
||||
OSSL_PARAM_DEFN(OSSL_PROV_PARAM_HKDF_KEY_CHECK, OSSL_PARAM_INTEGER, NULL,
|
||||
0),
|
||||
OSSL_PARAM_DEFN(OSSL_PROV_PARAM_KMAC_KEY_CHECK, OSSL_PARAM_INTEGER, NULL,
|
||||
0),
|
||||
OSSL_PARAM_DEFN(OSSL_PROV_PARAM_TLS13_KDF_KEY_CHECK, OSSL_PARAM_INTEGER,
|
||||
NULL, 0),
|
||||
OSSL_PARAM_DEFN(OSSL_PROV_PARAM_TLS1_PRF_KEY_CHECK, OSSL_PARAM_INTEGER,
|
||||
|
|
@ -219,7 +223,7 @@ static int fips_get_params_from_core(FIPS_GLOBAL *fgbl)
|
|||
* OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS and
|
||||
* OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK are not self test parameters.
|
||||
*/
|
||||
OSSL_PARAM core_params[29], *p = core_params;
|
||||
OSSL_PARAM core_params[31], *p = core_params;
|
||||
|
||||
/* FIPS self test params */
|
||||
#define FIPS_FEATURE_SELF_TEST(fgbl, pname, field) \
|
||||
|
|
@ -249,6 +253,8 @@ static int fips_get_params_from_core(FIPS_GLOBAL *fgbl)
|
|||
fips_no_short_mac);
|
||||
FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_HMAC_KEY_CHECK,
|
||||
fips_hmac_key_check);
|
||||
FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_KMAC_KEY_CHECK,
|
||||
fips_kmac_key_check);
|
||||
FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_DRBG_TRUNC_DIGEST,
|
||||
fips_restricted_drgb_digests);
|
||||
FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_SIGNATURE_DIGEST_CHECK,
|
||||
|
|
@ -342,6 +348,8 @@ static int fips_get_params(void *provctx, OSSL_PARAM params[])
|
|||
fips_no_short_mac);
|
||||
FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_HMAC_KEY_CHECK,
|
||||
fips_hmac_key_check);
|
||||
FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_KMAC_KEY_CHECK,
|
||||
fips_kmac_key_check);
|
||||
FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST,
|
||||
fips_restricted_drgb_digests);
|
||||
FIPS_FEATURE_GET(fgbl, OSSL_PROV_FIPS_PARAM_SIGNATURE_DIGEST_CHECK,
|
||||
|
|
@ -547,8 +555,9 @@ static const OSSL_ALGORITHM fips_macs_internal[] = {
|
|||
{ PROV_NAMES_CMAC, FIPS_DEFAULT_PROPERTIES, ossl_cmac_functions },
|
||||
#endif
|
||||
{ PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_hmac_internal_functions },
|
||||
{ PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions },
|
||||
{ PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions },
|
||||
{ PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_internal_functions },
|
||||
{ PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_internal_functions },
|
||||
{ NULL, NULL, NULL }
|
||||
};
|
||||
|
||||
static const OSSL_ALGORITHM fips_kdfs[] = {
|
||||
|
|
@ -725,34 +734,13 @@ static const OSSL_ALGORITHM *fips_query(void *provctx, int operation_id,
|
|||
static const OSSL_ALGORITHM *fips_query_internal(void *provctx, int operation_id,
|
||||
int *no_cache)
|
||||
{
|
||||
*no_cache = 0;
|
||||
|
||||
if (!ossl_prov_is_running())
|
||||
return NULL;
|
||||
|
||||
switch (operation_id) {
|
||||
case OSSL_OP_DIGEST:
|
||||
return fips_digests;
|
||||
case OSSL_OP_CIPHER:
|
||||
return exported_fips_ciphers;
|
||||
case OSSL_OP_MAC:
|
||||
if (operation_id == OSSL_OP_MAC) {
|
||||
*no_cache = 0;
|
||||
if (!ossl_prov_is_running())
|
||||
return NULL;
|
||||
return fips_macs_internal;
|
||||
case OSSL_OP_KDF:
|
||||
return fips_kdfs;
|
||||
case OSSL_OP_RAND:
|
||||
return fips_rands;
|
||||
case OSSL_OP_KEYMGMT:
|
||||
return fips_keymgmt;
|
||||
case OSSL_OP_KEYEXCH:
|
||||
return fips_keyexch;
|
||||
case OSSL_OP_SIGNATURE:
|
||||
return fips_signature;
|
||||
case OSSL_OP_ASYM_CIPHER:
|
||||
return fips_asym_cipher;
|
||||
case OSSL_OP_KEM:
|
||||
return fips_asym_kem;
|
||||
}
|
||||
return NULL;
|
||||
return fips_query(provctx, operation_id, no_cache);
|
||||
}
|
||||
|
||||
static void fips_teardown(void *provctx)
|
||||
|
|
@ -985,6 +973,7 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle,
|
|||
FIPS_SET_OPTION(fgbl, fips_tls1_prf_ems_check);
|
||||
FIPS_SET_OPTION(fgbl, fips_no_short_mac);
|
||||
FIPS_SET_OPTION(fgbl, fips_hmac_key_check);
|
||||
FIPS_SET_OPTION(fgbl, fips_kmac_key_check);
|
||||
FIPS_SET_OPTION(fgbl, fips_restricted_drgb_digests);
|
||||
FIPS_SET_OPTION(fgbl, fips_signature_digest_check);
|
||||
FIPS_SET_OPTION(fgbl, fips_hkdf_digest_check);
|
||||
|
|
@ -1214,6 +1203,7 @@ FIPS_FEATURE_CHECK(FIPS_security_check_enabled, fips_security_checks)
|
|||
FIPS_FEATURE_CHECK(FIPS_tls_prf_ems_check, fips_tls1_prf_ems_check)
|
||||
FIPS_FEATURE_CHECK(FIPS_no_short_mac, fips_no_short_mac)
|
||||
FIPS_FEATURE_CHECK(FIPS_hmac_key_check, fips_hmac_key_check)
|
||||
FIPS_FEATURE_CHECK(FIPS_kmac_key_check, fips_kmac_key_check)
|
||||
FIPS_FEATURE_CHECK(FIPS_restricted_drbg_digests_enabled,
|
||||
fips_restricted_drgb_digests)
|
||||
FIPS_FEATURE_CHECK(FIPS_fips_signature_digest_check, fips_signature_digest_check)
|
||||
|
|
|
|||
|
|
@ -260,6 +260,8 @@ extern const OSSL_DISPATCH ossl_gmac_functions[];
|
|||
extern const OSSL_DISPATCH ossl_hmac_functions[];
|
||||
#ifdef FIPS_MODULE
|
||||
extern const OSSL_DISPATCH ossl_hmac_internal_functions[];
|
||||
extern const OSSL_DISPATCH ossl_kmac128_internal_functions[];
|
||||
extern const OSSL_DISPATCH ossl_kmac256_internal_functions[];
|
||||
#endif
|
||||
extern const OSSL_DISPATCH ossl_kmac128_functions[];
|
||||
extern const OSSL_DISPATCH ossl_kmac256_functions[];
|
||||
|
|
|
|||
|
|
@ -519,9 +519,10 @@ static int HKDF_Extract(OSSL_LIB_CTX *libctx, const EVP_MD *evp_md,
|
|||
return 0;
|
||||
}
|
||||
/* calc: PRK = HMAC-Hash(salt, IKM) */
|
||||
return EVP_Q_mac(libctx, "HMAC", NULL, EVP_MD_get0_name(evp_md), NULL, salt,
|
||||
salt_len, ikm, ikm_len, prk, EVP_MD_get_size(evp_md), NULL)
|
||||
!= NULL;
|
||||
return
|
||||
EVP_Q_mac(libctx, "HMAC", NULL, EVP_MD_get0_name(evp_md), NULL, salt,
|
||||
salt_len, ikm, ikm_len, prk, EVP_MD_get_size(evp_md), NULL)
|
||||
!= NULL;
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
|||
|
|
@ -62,6 +62,7 @@
|
|||
#include "prov/providercommon.h"
|
||||
#include "prov/fipscommon.h"
|
||||
#include "prov/fipsindicator.h"
|
||||
#include "prov/securitycheck.h"
|
||||
#include "internal/cryptlib.h" /* ossl_assert */
|
||||
|
||||
/*
|
||||
|
|
@ -129,6 +130,14 @@ struct kmac_data_st {
|
|||
/* key and custom are stored in encoded form */
|
||||
unsigned char key[KMAC_MAX_KEY_ENCODED];
|
||||
unsigned char custom[KMAC_MAX_CUSTOM_ENCODED];
|
||||
#ifdef FIPS_MODULE
|
||||
/*
|
||||
* 'internal' is set to 1 if KMAC is used inside another algorithm such as a
|
||||
* KDF. In this case it is the parent algorithm that is responsible for
|
||||
* performing any conditional FIPS indicator related checks for KMAC.
|
||||
*/
|
||||
int internal;
|
||||
#endif
|
||||
OSSL_FIPS_IND_DECLARE
|
||||
};
|
||||
|
||||
|
|
@ -239,7 +248,9 @@ static void *kmac_dup(void *vsrc)
|
|||
kmac_free(dst);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
#ifdef FIPS_MODULE
|
||||
dst->internal = src->internal;
|
||||
#endif
|
||||
dst->out_len = src->out_len;
|
||||
dst->key_len = src->key_len;
|
||||
dst->custom_len = src->custom_len;
|
||||
|
|
@ -261,6 +272,25 @@ static int kmac_setkey(struct kmac_data_st *kctx, const unsigned char *key,
|
|||
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
|
||||
return 0;
|
||||
}
|
||||
#ifdef FIPS_MODULE
|
||||
/*
|
||||
* Only do the key check if KMAC is fetched directly.
|
||||
* Other algorithms that embed KMAC such as SSKDF will ignore this check.
|
||||
*/
|
||||
if (!kctx->internal) {
|
||||
int approved = ossl_mac_check_key_size(keylen);
|
||||
|
||||
if (!approved) {
|
||||
if (!OSSL_FIPS_IND_ON_UNAPPROVED(kctx, OSSL_FIPS_IND_SETTABLE1,
|
||||
PROV_LIBCTX_OF(kctx->provctx),
|
||||
"KMAC", "Key size",
|
||||
FIPS_kmac_key_check)) {
|
||||
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif
|
||||
if (w <= 0) {
|
||||
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_LENGTH);
|
||||
return 0;
|
||||
|
|
@ -401,7 +431,8 @@ static const OSSL_PARAM known_settable_ctx_params[] = {
|
|||
OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL),
|
||||
OSSL_PARAM_octet_string(OSSL_MAC_PARAM_KEY, NULL, 0),
|
||||
OSSL_PARAM_octet_string(OSSL_MAC_PARAM_CUSTOM, NULL, 0),
|
||||
OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_PROV_FIPS_PARAM_NO_SHORT_MAC)
|
||||
OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_MAC_PARAM_FIPS_NO_SHORT_MAC)
|
||||
OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_MAC_PARAM_FIPS_KEY_CHECK)
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
static const OSSL_PARAM *kmac_settable_ctx_params(ossl_unused void *ctx,
|
||||
|
|
@ -428,8 +459,11 @@ static int kmac_set_ctx_params(void *vmacctx, const OSSL_PARAM *params)
|
|||
return 1;
|
||||
|
||||
if (!OSSL_FIPS_IND_SET_CTX_PARAM(kctx, OSSL_FIPS_IND_SETTABLE0, params,
|
||||
OSSL_PROV_PARAM_NO_SHORT_MAC))
|
||||
return 0;
|
||||
OSSL_MAC_PARAM_FIPS_NO_SHORT_MAC))
|
||||
return 0;
|
||||
if (!OSSL_FIPS_IND_SET_CTX_PARAM(kctx, OSSL_FIPS_IND_SETTABLE1, params,
|
||||
OSSL_MAC_PARAM_FIPS_KEY_CHECK))
|
||||
return 0;
|
||||
|
||||
if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_XOF)) != NULL
|
||||
&& !OSSL_PARAM_get_int(p, &kctx->xof_mode))
|
||||
|
|
@ -625,34 +659,42 @@ static int kmac_bytepad_encode_key(unsigned char *out, size_t out_max_len,
|
|||
return bytepad(out, NULL, tmp, tmp_len, NULL, 0, w);
|
||||
}
|
||||
|
||||
const OSSL_DISPATCH ossl_kmac128_functions[] = {
|
||||
{ OSSL_FUNC_MAC_NEWCTX, (void (*)(void))kmac128_new },
|
||||
{ OSSL_FUNC_MAC_DUPCTX, (void (*)(void))kmac_dup },
|
||||
{ OSSL_FUNC_MAC_FREECTX, (void (*)(void))kmac_free },
|
||||
{ OSSL_FUNC_MAC_INIT, (void (*)(void))kmac_init },
|
||||
{ OSSL_FUNC_MAC_UPDATE, (void (*)(void))kmac_update },
|
||||
{ OSSL_FUNC_MAC_FINAL, (void (*)(void))kmac_final },
|
||||
{ OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS,
|
||||
(void (*)(void))kmac_gettable_ctx_params },
|
||||
{ OSSL_FUNC_MAC_GET_CTX_PARAMS, (void (*)(void))kmac_get_ctx_params },
|
||||
{ OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS,
|
||||
(void (*)(void))kmac_settable_ctx_params },
|
||||
{ OSSL_FUNC_MAC_SET_CTX_PARAMS, (void (*)(void))kmac_set_ctx_params },
|
||||
OSSL_DISPATCH_END
|
||||
};
|
||||
#define IMPLEMENT_KMAC_TABLE(size, funcname, newname) \
|
||||
const OSSL_DISPATCH ossl_kmac##size##_##funcname[] = \
|
||||
{ \
|
||||
{ OSSL_FUNC_MAC_NEWCTX, (void (*)(void))kmac##size##_##newname }, \
|
||||
{ OSSL_FUNC_MAC_DUPCTX, (void (*)(void))kmac_dup }, \
|
||||
{ OSSL_FUNC_MAC_FREECTX, (void (*)(void))kmac_free }, \
|
||||
{ OSSL_FUNC_MAC_INIT, (void (*)(void))kmac_init }, \
|
||||
{ OSSL_FUNC_MAC_UPDATE, (void (*)(void))kmac_update }, \
|
||||
{ OSSL_FUNC_MAC_FINAL, (void (*)(void))kmac_final }, \
|
||||
{ OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS, \
|
||||
(void (*)(void))kmac_gettable_ctx_params }, \
|
||||
{ OSSL_FUNC_MAC_GET_CTX_PARAMS, (void (*)(void))kmac_get_ctx_params }, \
|
||||
{ OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS, \
|
||||
(void (*)(void))kmac_settable_ctx_params }, \
|
||||
{ OSSL_FUNC_MAC_SET_CTX_PARAMS, (void (*)(void))kmac_set_ctx_params }, \
|
||||
OSSL_DISPATCH_END \
|
||||
}
|
||||
|
||||
const OSSL_DISPATCH ossl_kmac256_functions[] = {
|
||||
{ OSSL_FUNC_MAC_NEWCTX, (void (*)(void))kmac256_new },
|
||||
{ OSSL_FUNC_MAC_DUPCTX, (void (*)(void))kmac_dup },
|
||||
{ OSSL_FUNC_MAC_FREECTX, (void (*)(void))kmac_free },
|
||||
{ OSSL_FUNC_MAC_INIT, (void (*)(void))kmac_init },
|
||||
{ OSSL_FUNC_MAC_UPDATE, (void (*)(void))kmac_update },
|
||||
{ OSSL_FUNC_MAC_FINAL, (void (*)(void))kmac_final },
|
||||
{ OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS,
|
||||
(void (*)(void))kmac_gettable_ctx_params },
|
||||
{ OSSL_FUNC_MAC_GET_CTX_PARAMS, (void (*)(void))kmac_get_ctx_params },
|
||||
{ OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS,
|
||||
(void (*)(void))kmac_settable_ctx_params },
|
||||
{ OSSL_FUNC_MAC_SET_CTX_PARAMS, (void (*)(void))kmac_set_ctx_params },
|
||||
OSSL_DISPATCH_END
|
||||
};
|
||||
#define KMAC_TABLE(size) IMPLEMENT_KMAC_TABLE(size, functions, new)
|
||||
|
||||
KMAC_TABLE(128);
|
||||
KMAC_TABLE(256);
|
||||
|
||||
#ifdef FIPS_MODULE
|
||||
# define KMAC_INTERNAL_TABLE(size) \
|
||||
static OSSL_FUNC_mac_newctx_fn kmac##size##_internal_new; \
|
||||
static void *kmac##size##_internal_new(void *provctx) \
|
||||
{ \
|
||||
struct kmac_data_st *macctx = kmac##size##_new(provctx); \
|
||||
\
|
||||
if (macctx != NULL) \
|
||||
macctx->internal = 1; \
|
||||
return macctx; \
|
||||
} \
|
||||
IMPLEMENT_KMAC_TABLE(size, internal_functions, internal_new)
|
||||
|
||||
KMAC_INTERNAL_TABLE(128);
|
||||
KMAC_INTERNAL_TABLE(256);
|
||||
#endif /* FIPS_MODULE */
|
||||
|
|
|
|||
|
|
@ -306,12 +306,23 @@ Key = 0B122AC8F34ED1FE082A3625D157561454167AC145A10BBF77C6A70596D574F1
|
|||
Input = 498B53FDEC87EDCBF07097DCCDE93A084BAD7501A224E388DF349CE18959FE8485F8AD1537F0D896EA73BEDC7214713F
|
||||
Output = F62C46329B41085625669BAF51DEA66A
|
||||
|
||||
# For AES - test only CBC mode is allowed
|
||||
FIPSversion = >=3.1.0
|
||||
MAC = CMAC
|
||||
Algorithm = AES-256-ECB
|
||||
Key = 0B122AC8F34ED1FE082A3625D157561454167AC145A10BBF77C6A70596D574F1
|
||||
Input = 498B53FDEC87EDCBF07097DCCDE93A084BAD7501A224E388DF349CE18959FE8485F8AD1537F0D896EA73BEDC7214713F
|
||||
Result = MAC_INIT_ERROR
|
||||
Reason = invalid mode
|
||||
|
||||
# Test CMAC with a small key is not allowed
|
||||
# (Most ciphers have fixed length keys - so it fails due to this restriction).
|
||||
MAC = CMAC
|
||||
Algorithm = AES-128-CBC
|
||||
Key = 77A77FAF290C1FA30C68
|
||||
Input = 020683E1F0392F4CAC54318B6029259E9C553DBC4B6AD998E64D58E4E7DC2E13
|
||||
Result = MAC_INIT_ERROR
|
||||
Reason = invalid key length
|
||||
|
||||
Title = GMAC Tests (from NIST)
|
||||
|
||||
|
|
@ -386,6 +397,7 @@ Key = 4C973DBC7364621674F8B5B89E5C15511FCED9216490FB1C1A2CAA0FFE0407E5
|
|||
IV = 7AE8E2CA4EC500012E58495C
|
||||
Input = 68F2E77696CE7AE8E2CA4EC588E541002E58495C08000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D0007
|
||||
Result = MAC_INIT_ERROR
|
||||
Reason = invalid mode
|
||||
|
||||
Title = KMAC Tests (From NIST)
|
||||
MAC = KMAC128
|
||||
|
|
@ -548,6 +560,7 @@ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
|||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
|
||||
Custom = ":abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789:::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::"
|
||||
Result = MAC_INIT_ERROR
|
||||
Reason = invalid custom length
|
||||
|
||||
Title = KMAC output is too large
|
||||
|
||||
|
|
@ -557,6 +570,7 @@ Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223
|
|||
Custom = "My Tagged Application"
|
||||
Ctrl = size:2097152
|
||||
Result = MAC_INIT_ERROR
|
||||
Reason = invalid output length
|
||||
|
||||
Title = KMAC output is too small in FIPS
|
||||
|
||||
|
|
@ -609,3 +623,27 @@ Output = 28c815
|
|||
Custom = "My Tagged Application"
|
||||
Ctrl = size:3
|
||||
|
||||
Title = KMAC FIPS short key test
|
||||
|
||||
# Test KMAC with key < 112 bits is not allowed
|
||||
Availablein = fips
|
||||
FIPSversion = >=3.4.0
|
||||
MAC = KMAC256
|
||||
Key = 404142434445464748494A4B4C
|
||||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
|
||||
Custom = ""
|
||||
Result = MAC_INIT_ERROR
|
||||
Reason = invalid key length
|
||||
|
||||
Title = KMAC FIPS short key indicator test
|
||||
|
||||
# Test KMAC with key < 112 bits is unapproved
|
||||
Availablein = fips
|
||||
FIPSversion = >=3.4.0
|
||||
MAC = KMAC256
|
||||
Unapproved = 1
|
||||
Ctrl = key-check:0
|
||||
Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
||||
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
|
||||
Custom = ""
|
||||
Output = 75358CF39E41494E949707927CEE0AF20A3FF553904C86B08F21CC414BCFD691589D27CF5E15369CBBFF8B9A4C2EB17800855D0235FF635DA82533EC6B759B69
|
||||
|
|
|
|||
|
|
@ -14,7 +14,6 @@ my $conditional_errors = 1;
|
|||
my $security_checks = 1;
|
||||
my $ems_check = 1;
|
||||
my $no_short_mac = 1;
|
||||
my $key_check = 1;
|
||||
my $drgb_no_trunc_dgst = 1;
|
||||
my $digest_check = 1;
|
||||
my $dsa_sign_disabled = 1;
|
||||
|
|
@ -25,6 +24,7 @@ my $rsa_sign_x931_pad_disabled = 1;
|
|||
my $kdf_key_check = 1;
|
||||
my $pbkdf2_lower_bound_check = 1;
|
||||
my $ec_cofactor_check = 1;
|
||||
my $mac_key_check = 1;
|
||||
|
||||
my $activate = 1;
|
||||
my $version = 1;
|
||||
|
|
@ -61,7 +61,6 @@ security-checks = $security_checks
|
|||
module-mac = $module_mac
|
||||
tls1-prf-ems-check = $ems_check
|
||||
no-short-mac = $no_short_mac
|
||||
hmac-key-check = $key_check
|
||||
drbg-no-trunc-md = $drgb_no_trunc_dgst
|
||||
signature-digest-check = $digest_check
|
||||
dsa-sign-disabled = $dsa_sign_disabled
|
||||
|
|
@ -84,4 +83,6 @@ sskdf-key-check = $kdf_key_check
|
|||
x963kdf-key-check = $kdf_key_check
|
||||
pbkdf2-lower-bound-check = $pbkdf2_lower_bound_check
|
||||
ecdh-cofactor-check = $ec_cofactor_check
|
||||
hmac-key-check = $mac_key_check
|
||||
kmac-key-check = $mac_key_check
|
||||
_____
|
||||
|
|
|
|||
|
|
@ -32,6 +32,7 @@ my %params = (
|
|||
'PROV_PARAM_STATUS' => "status", # uint
|
||||
'PROV_PARAM_SECURITY_CHECKS' => "security-checks", # uint
|
||||
'PROV_PARAM_HMAC_KEY_CHECK' => "hmac-key-check", # uint
|
||||
'PROV_PARAM_KMAC_KEY_CHECK' => "kmac-key-check", # uint
|
||||
'PROV_PARAM_TLS1_PRF_EMS_CHECK' => "tls1-prf-ems-check", # uint
|
||||
'PROV_PARAM_NO_SHORT_MAC' => "no-short-mac", # uint
|
||||
'PROV_PARAM_DRBG_TRUNC_DIGEST' => "drbg-no-trunc-md", # uint
|
||||
|
|
@ -169,6 +170,7 @@ my %params = (
|
|||
'MAC_PARAM_SIZE' => "size", # size_t
|
||||
'MAC_PARAM_BLOCK_SIZE' => "block-size", # size_t
|
||||
'MAC_PARAM_TLS_DATA_SIZE' => "tls-data-size", # size_t
|
||||
'MAC_PARAM_FIPS_NO_SHORT_MAC' =>'*PROV_PARAM_NO_SHORT_MAC',
|
||||
'MAC_PARAM_FIPS_KEY_CHECK' => '*PKEY_PARAM_FIPS_KEY_CHECK',
|
||||
'MAC_PARAM_FIPS_APPROVED_INDICATOR' => '*ALG_PARAM_FIPS_APPROVED_INDICATOR',
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue