diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c index 237a0bba84..32d514bedb 100644 --- a/apps/fipsinstall.c +++ b/apps/fipsinstall.c @@ -41,7 +41,7 @@ typedef enum OPTION_choice { OPT_TLS_PRF_EMS_CHECK, OPT_NO_SHORT_MAC, OPT_DISALLOW_PKCS15_PADDING, OPT_RSA_PSS_SALTLEN_CHECK, OPT_DISALLOW_SIGNATURE_X931_PADDING, - OPT_HMAC_KEY_CHECK, + OPT_HMAC_KEY_CHECK, OPT_KMAC_KEY_CHECK, OPT_DISALLOW_DRGB_TRUNC_DIGEST, OPT_SIGNATURE_DIGEST_CHECK, OPT_HKDF_DIGEST_CHECK, @@ -91,6 +91,7 @@ const OPTIONS fipsinstall_options[] = { {"signature_digest_check", OPT_SIGNATURE_DIGEST_CHECK, '-', "Enable checking for approved digests for signatures"}, {"hmac_key_check", OPT_HMAC_KEY_CHECK, '-', "Enable key check for HMAC"}, + {"kmac_key_check", OPT_KMAC_KEY_CHECK, '-', "Enable key check for KMAC"}, {"hkdf_digest_check", OPT_HKDF_DIGEST_CHECK, '-', "Enable digest check for HKDF"}, {"tls13_kdf_digest_check", OPT_TLS13_KDF_DIGEST_CHECK, '-', @@ -152,6 +153,7 @@ typedef struct { unsigned int conditional_errors : 1; unsigned int security_checks : 1; unsigned int hmac_key_check : 1; + unsigned int kmac_key_check : 1; unsigned int tls_prf_ems_check : 1; unsigned int no_short_mac : 1; unsigned int drgb_no_trunc_dgst : 1; @@ -184,6 +186,7 @@ static const FIPS_OPTS pedantic_opts = { 1, /* conditional_errors */ 1, /* security_checks */ 1, /* hmac_key_check */ + 1, /* kmac_key_check */ 1, /* tls_prf_ems_check */ 1, /* no_short_mac */ 1, /* drgb_no_trunc_dgst */ @@ -216,6 +219,7 @@ static FIPS_OPTS fips_opts = { 1, /* conditional_errors */ 1, /* security_checks */ 0, /* hmac_key_check */ + 0, /* kmac_key_check */ 0, /* tls_prf_ems_check */ 0, /* no_short_mac */ 0, /* drgb_no_trunc_dgst */ @@ -361,6 +365,8 @@ static int write_config_fips_section(BIO *out, const char *section, opts->security_checks ? "1" : "0") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_HMAC_KEY_CHECK, opts->hmac_key_check ? "1": "0") <= 0 + || BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_KMAC_KEY_CHECK, + opts->kmac_key_check ? "1": "0") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK, opts->tls_prf_ems_check ? "1" : "0") <= 0 || BIO_printf(out, "%s = %s\n", OSSL_PROV_PARAM_NO_SHORT_MAC, @@ -601,6 +607,9 @@ int fipsinstall_main(int argc, char **argv) case OPT_HMAC_KEY_CHECK: fips_opts.hmac_key_check = 1; break; + case OPT_KMAC_KEY_CHECK: + fips_opts.kmac_key_check = 1; + break; case OPT_TLS_PRF_EMS_CHECK: fips_opts.tls_prf_ems_check = 1; break; diff --git a/doc/man1/openssl-fipsinstall.pod.in b/doc/man1/openssl-fipsinstall.pod.in index 413c490329..cf86c64288 100644 --- a/doc/man1/openssl-fipsinstall.pod.in +++ b/doc/man1/openssl-fipsinstall.pod.in @@ -23,6 +23,7 @@ B [B<-no_conditional_errors>] [B<-no_security_checks>] [B<-hmac_key_check>] +[B<-kmac_key_check>] [B<-ems_check>] [B<-no_drbg_truncated_digests>] [B<-signature_digest_check>] @@ -218,6 +219,11 @@ See SP 800-185 8.4.2 and FIPS 140-3 ID C.D for details. Configure the module to not allow small keys sizes when using HMAC. See SP 800-131Ar2 for details. +=item B<-kmac_key_check> + +Configure the module to not allow small keys sizes when using KMAC. +See SP 800-131Ar2 for details. + =item B<-no_drbg_truncated_digests> Configure the module to not allow truncated digests to be used with Hash and diff --git a/doc/man7/EVP_MAC-KMAC.pod b/doc/man7/EVP_MAC-KMAC.pod index 0b3e96b005..76f1a52ae3 100644 --- a/doc/man7/EVP_MAC-KMAC.pod +++ b/doc/man7/EVP_MAC-KMAC.pod @@ -68,12 +68,16 @@ The default value is 0. This settable parameter is described in L. -=item "no-short-mac" (B) +=item "no-short-mac" (B) This settable parameter is described in L. It is used by the OpenSSL FIPS provider and the minimum length output for KMAC is defined by NIST's SP 800-185 8.4.2. +=item "key-check" (B) + +This settable parameter is described in L. + =back The "custom" and "no-short-mac" parameters must be set as part of or before diff --git a/doc/man7/provider-mac.pod b/doc/man7/provider-mac.pod index 15a86f51b4..a7643e7c85 100644 --- a/doc/man7/provider-mac.pod +++ b/doc/man7/provider-mac.pod @@ -204,7 +204,7 @@ This option is used by the OpenSSL FIPS provider. =over 4 -=item "no-short-mac" (B) +=item "no-short-mac" (B) If required this parameter should be set early via an init function. The default value of 1 causes an error when too short MAC output is diff --git a/include/openssl/fips_names.h b/include/openssl/fips_names.h index 203ef54fe9..af13e9aceb 100644 --- a/include/openssl/fips_names.h +++ b/include/openssl/fips_names.h @@ -77,6 +77,14 @@ extern "C" { */ # define OSSL_PROV_FIPS_PARAM_HMAC_KEY_CHECK "hmac-key-check" +/* + * A boolean that determines if the runtime FIPS key check for KMAC is + * performed. + * This is enabled by default. + * Type: OSSL_PARAM_UTF8_STRING + */ +# define OSSL_PROV_FIPS_PARAM_KMAC_KEY_CHECK "kmac-key-check" + /* * A boolean that determines if truncated digests can be used with Hash and HMAC * DRBGs. FIPS 140-3 IG D.R disallows such use for efficiency rather than diff --git a/providers/common/include/prov/fipscommon.h b/providers/common/include/prov/fipscommon.h index 40e09f946e..2d4e685400 100644 --- a/providers/common/include/prov/fipscommon.h +++ b/providers/common/include/prov/fipscommon.h @@ -14,6 +14,7 @@ int FIPS_security_check_enabled(OSSL_LIB_CTX *libctx); int FIPS_tls_prf_ems_check(OSSL_LIB_CTX *libctx); int FIPS_no_short_mac(OSSL_LIB_CTX *libctx); int FIPS_hmac_key_check(OSSL_LIB_CTX *libctx); +int FIPS_kmac_key_check(OSSL_LIB_CTX *libctx);s int FIPS_restricted_drbg_digests_enabled(OSSL_LIB_CTX *libctx); int FIPS_fips_signature_digest_check(OSSL_LIB_CTX *libctx); int FIPS_hkdf_digest_check(OSSL_LIB_CTX *libctx); diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index e72faf4173..6de56ddb88 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -91,6 +91,7 @@ typedef struct fips_global_st { FIPS_OPTION fips_tls1_prf_ems_check; FIPS_OPTION fips_no_short_mac; FIPS_OPTION fips_hmac_key_check; + FIPS_OPTION fips_kmac_key_check; FIPS_OPTION fips_restricted_drgb_digests; FIPS_OPTION fips_signature_digest_check; FIPS_OPTION fips_hkdf_digest_check; @@ -131,6 +132,7 @@ void *ossl_fips_prov_ossl_ctx_new(OSSL_LIB_CTX *libctx) init_fips_option(&fgbl->fips_tls1_prf_ems_check, 0); /* Disabled by default */ init_fips_option(&fgbl->fips_no_short_mac, 1); init_fips_option(&fgbl->fips_hmac_key_check, 0); + init_fips_option(&fgbl->fips_kmac_key_check, 0); init_fips_option(&fgbl->fips_restricted_drgb_digests, 0); init_fips_option(&fgbl->fips_signature_digest_check, 0); init_fips_option(&fgbl->fips_hkdf_digest_check, 0); @@ -192,6 +194,8 @@ static const OSSL_PARAM fips_param_types[] = { OSSL_PARAM_INTEGER, NULL, 0), OSSL_PARAM_DEFN(OSSL_PROV_PARAM_HKDF_KEY_CHECK, OSSL_PARAM_INTEGER, NULL, 0), + OSSL_PARAM_DEFN(OSSL_PROV_PARAM_KMAC_KEY_CHECK, OSSL_PARAM_INTEGER, NULL, + 0), OSSL_PARAM_DEFN(OSSL_PROV_PARAM_TLS13_KDF_KEY_CHECK, OSSL_PARAM_INTEGER, NULL, 0), OSSL_PARAM_DEFN(OSSL_PROV_PARAM_TLS1_PRF_KEY_CHECK, OSSL_PARAM_INTEGER, @@ -219,7 +223,7 @@ static int fips_get_params_from_core(FIPS_GLOBAL *fgbl) * OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS and * OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK are not self test parameters. */ - OSSL_PARAM core_params[29], *p = core_params; + OSSL_PARAM core_params[31], *p = core_params; /* FIPS self test params */ #define FIPS_FEATURE_SELF_TEST(fgbl, pname, field) \ @@ -249,6 +253,8 @@ static int fips_get_params_from_core(FIPS_GLOBAL *fgbl) fips_no_short_mac); FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_HMAC_KEY_CHECK, fips_hmac_key_check); + FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_KMAC_KEY_CHECK, + fips_kmac_key_check); FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_DRBG_TRUNC_DIGEST, fips_restricted_drgb_digests); FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_SIGNATURE_DIGEST_CHECK, @@ -342,6 +348,8 @@ static int fips_get_params(void *provctx, OSSL_PARAM params[]) fips_no_short_mac); FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_HMAC_KEY_CHECK, fips_hmac_key_check); + FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_KMAC_KEY_CHECK, + fips_kmac_key_check); FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST, fips_restricted_drgb_digests); FIPS_FEATURE_GET(fgbl, OSSL_PROV_FIPS_PARAM_SIGNATURE_DIGEST_CHECK, @@ -547,8 +555,9 @@ static const OSSL_ALGORITHM fips_macs_internal[] = { { PROV_NAMES_CMAC, FIPS_DEFAULT_PROPERTIES, ossl_cmac_functions }, #endif { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_hmac_internal_functions }, - { PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions }, - { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions }, + { PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_internal_functions }, + { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_internal_functions }, + { NULL, NULL, NULL } }; static const OSSL_ALGORITHM fips_kdfs[] = { @@ -725,34 +734,13 @@ static const OSSL_ALGORITHM *fips_query(void *provctx, int operation_id, static const OSSL_ALGORITHM *fips_query_internal(void *provctx, int operation_id, int *no_cache) { - *no_cache = 0; - - if (!ossl_prov_is_running()) - return NULL; - - switch (operation_id) { - case OSSL_OP_DIGEST: - return fips_digests; - case OSSL_OP_CIPHER: - return exported_fips_ciphers; - case OSSL_OP_MAC: + if (operation_id == OSSL_OP_MAC) { + *no_cache = 0; + if (!ossl_prov_is_running()) + return NULL; return fips_macs_internal; - case OSSL_OP_KDF: - return fips_kdfs; - case OSSL_OP_RAND: - return fips_rands; - case OSSL_OP_KEYMGMT: - return fips_keymgmt; - case OSSL_OP_KEYEXCH: - return fips_keyexch; - case OSSL_OP_SIGNATURE: - return fips_signature; - case OSSL_OP_ASYM_CIPHER: - return fips_asym_cipher; - case OSSL_OP_KEM: - return fips_asym_kem; } - return NULL; + return fips_query(provctx, operation_id, no_cache); } static void fips_teardown(void *provctx) @@ -985,6 +973,7 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle, FIPS_SET_OPTION(fgbl, fips_tls1_prf_ems_check); FIPS_SET_OPTION(fgbl, fips_no_short_mac); FIPS_SET_OPTION(fgbl, fips_hmac_key_check); + FIPS_SET_OPTION(fgbl, fips_kmac_key_check); FIPS_SET_OPTION(fgbl, fips_restricted_drgb_digests); FIPS_SET_OPTION(fgbl, fips_signature_digest_check); FIPS_SET_OPTION(fgbl, fips_hkdf_digest_check); @@ -1214,6 +1203,7 @@ FIPS_FEATURE_CHECK(FIPS_security_check_enabled, fips_security_checks) FIPS_FEATURE_CHECK(FIPS_tls_prf_ems_check, fips_tls1_prf_ems_check) FIPS_FEATURE_CHECK(FIPS_no_short_mac, fips_no_short_mac) FIPS_FEATURE_CHECK(FIPS_hmac_key_check, fips_hmac_key_check) +FIPS_FEATURE_CHECK(FIPS_kmac_key_check, fips_kmac_key_check) FIPS_FEATURE_CHECK(FIPS_restricted_drbg_digests_enabled, fips_restricted_drgb_digests) FIPS_FEATURE_CHECK(FIPS_fips_signature_digest_check, fips_signature_digest_check) diff --git a/providers/implementations/include/prov/implementations.h b/providers/implementations/include/prov/implementations.h index 6199292c53..ed73ece0c3 100644 --- a/providers/implementations/include/prov/implementations.h +++ b/providers/implementations/include/prov/implementations.h @@ -260,6 +260,8 @@ extern const OSSL_DISPATCH ossl_gmac_functions[]; extern const OSSL_DISPATCH ossl_hmac_functions[]; #ifdef FIPS_MODULE extern const OSSL_DISPATCH ossl_hmac_internal_functions[]; +extern const OSSL_DISPATCH ossl_kmac128_internal_functions[]; +extern const OSSL_DISPATCH ossl_kmac256_internal_functions[]; #endif extern const OSSL_DISPATCH ossl_kmac128_functions[]; extern const OSSL_DISPATCH ossl_kmac256_functions[]; diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c index e2bf3d5c3a..64a3e8f05e 100644 --- a/providers/implementations/kdfs/hkdf.c +++ b/providers/implementations/kdfs/hkdf.c @@ -519,9 +519,10 @@ static int HKDF_Extract(OSSL_LIB_CTX *libctx, const EVP_MD *evp_md, return 0; } /* calc: PRK = HMAC-Hash(salt, IKM) */ - return EVP_Q_mac(libctx, "HMAC", NULL, EVP_MD_get0_name(evp_md), NULL, salt, - salt_len, ikm, ikm_len, prk, EVP_MD_get_size(evp_md), NULL) - != NULL; + return + EVP_Q_mac(libctx, "HMAC", NULL, EVP_MD_get0_name(evp_md), NULL, salt, + salt_len, ikm, ikm_len, prk, EVP_MD_get_size(evp_md), NULL) + != NULL; } /* diff --git a/providers/implementations/macs/kmac_prov.c b/providers/implementations/macs/kmac_prov.c index fffa23b942..44b7022e65 100644 --- a/providers/implementations/macs/kmac_prov.c +++ b/providers/implementations/macs/kmac_prov.c @@ -62,6 +62,7 @@ #include "prov/providercommon.h" #include "prov/fipscommon.h" #include "prov/fipsindicator.h" +#include "prov/securitycheck.h" #include "internal/cryptlib.h" /* ossl_assert */ /* @@ -129,6 +130,14 @@ struct kmac_data_st { /* key and custom are stored in encoded form */ unsigned char key[KMAC_MAX_KEY_ENCODED]; unsigned char custom[KMAC_MAX_CUSTOM_ENCODED]; +#ifdef FIPS_MODULE + /* + * 'internal' is set to 1 if KMAC is used inside another algorithm such as a + * KDF. In this case it is the parent algorithm that is responsible for + * performing any conditional FIPS indicator related checks for KMAC. + */ + int internal; +#endif OSSL_FIPS_IND_DECLARE }; @@ -239,7 +248,9 @@ static void *kmac_dup(void *vsrc) kmac_free(dst); return NULL; } - +#ifdef FIPS_MODULE + dst->internal = src->internal; +#endif dst->out_len = src->out_len; dst->key_len = src->key_len; dst->custom_len = src->custom_len; @@ -261,6 +272,25 @@ static int kmac_setkey(struct kmac_data_st *kctx, const unsigned char *key, ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); return 0; } +#ifdef FIPS_MODULE + /* + * Only do the key check if KMAC is fetched directly. + * Other algorithms that embed KMAC such as SSKDF will ignore this check. + */ + if (!kctx->internal) { + int approved = ossl_mac_check_key_size(keylen); + + if (!approved) { + if (!OSSL_FIPS_IND_ON_UNAPPROVED(kctx, OSSL_FIPS_IND_SETTABLE1, + PROV_LIBCTX_OF(kctx->provctx), + "KMAC", "Key size", + FIPS_kmac_key_check)) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); + return 0; + } + } + } +#endif if (w <= 0) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_LENGTH); return 0; @@ -401,7 +431,8 @@ static const OSSL_PARAM known_settable_ctx_params[] = { OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL), OSSL_PARAM_octet_string(OSSL_MAC_PARAM_KEY, NULL, 0), OSSL_PARAM_octet_string(OSSL_MAC_PARAM_CUSTOM, NULL, 0), - OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_PROV_FIPS_PARAM_NO_SHORT_MAC) + OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_MAC_PARAM_FIPS_NO_SHORT_MAC) + OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_MAC_PARAM_FIPS_KEY_CHECK) OSSL_PARAM_END }; static const OSSL_PARAM *kmac_settable_ctx_params(ossl_unused void *ctx, @@ -428,8 +459,11 @@ static int kmac_set_ctx_params(void *vmacctx, const OSSL_PARAM *params) return 1; if (!OSSL_FIPS_IND_SET_CTX_PARAM(kctx, OSSL_FIPS_IND_SETTABLE0, params, - OSSL_PROV_PARAM_NO_SHORT_MAC)) - return 0; + OSSL_MAC_PARAM_FIPS_NO_SHORT_MAC)) + return 0; + if (!OSSL_FIPS_IND_SET_CTX_PARAM(kctx, OSSL_FIPS_IND_SETTABLE1, params, + OSSL_MAC_PARAM_FIPS_KEY_CHECK)) + return 0; if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_XOF)) != NULL && !OSSL_PARAM_get_int(p, &kctx->xof_mode)) @@ -625,34 +659,42 @@ static int kmac_bytepad_encode_key(unsigned char *out, size_t out_max_len, return bytepad(out, NULL, tmp, tmp_len, NULL, 0, w); } -const OSSL_DISPATCH ossl_kmac128_functions[] = { - { OSSL_FUNC_MAC_NEWCTX, (void (*)(void))kmac128_new }, - { OSSL_FUNC_MAC_DUPCTX, (void (*)(void))kmac_dup }, - { OSSL_FUNC_MAC_FREECTX, (void (*)(void))kmac_free }, - { OSSL_FUNC_MAC_INIT, (void (*)(void))kmac_init }, - { OSSL_FUNC_MAC_UPDATE, (void (*)(void))kmac_update }, - { OSSL_FUNC_MAC_FINAL, (void (*)(void))kmac_final }, - { OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS, - (void (*)(void))kmac_gettable_ctx_params }, - { OSSL_FUNC_MAC_GET_CTX_PARAMS, (void (*)(void))kmac_get_ctx_params }, - { OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS, - (void (*)(void))kmac_settable_ctx_params }, - { OSSL_FUNC_MAC_SET_CTX_PARAMS, (void (*)(void))kmac_set_ctx_params }, - OSSL_DISPATCH_END -}; +#define IMPLEMENT_KMAC_TABLE(size, funcname, newname) \ +const OSSL_DISPATCH ossl_kmac##size##_##funcname[] = \ +{ \ + { OSSL_FUNC_MAC_NEWCTX, (void (*)(void))kmac##size##_##newname }, \ + { OSSL_FUNC_MAC_DUPCTX, (void (*)(void))kmac_dup }, \ + { OSSL_FUNC_MAC_FREECTX, (void (*)(void))kmac_free }, \ + { OSSL_FUNC_MAC_INIT, (void (*)(void))kmac_init }, \ + { OSSL_FUNC_MAC_UPDATE, (void (*)(void))kmac_update }, \ + { OSSL_FUNC_MAC_FINAL, (void (*)(void))kmac_final }, \ + { OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS, \ + (void (*)(void))kmac_gettable_ctx_params }, \ + { OSSL_FUNC_MAC_GET_CTX_PARAMS, (void (*)(void))kmac_get_ctx_params }, \ + { OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS, \ + (void (*)(void))kmac_settable_ctx_params }, \ + { OSSL_FUNC_MAC_SET_CTX_PARAMS, (void (*)(void))kmac_set_ctx_params }, \ + OSSL_DISPATCH_END \ +} -const OSSL_DISPATCH ossl_kmac256_functions[] = { - { OSSL_FUNC_MAC_NEWCTX, (void (*)(void))kmac256_new }, - { OSSL_FUNC_MAC_DUPCTX, (void (*)(void))kmac_dup }, - { OSSL_FUNC_MAC_FREECTX, (void (*)(void))kmac_free }, - { OSSL_FUNC_MAC_INIT, (void (*)(void))kmac_init }, - { OSSL_FUNC_MAC_UPDATE, (void (*)(void))kmac_update }, - { OSSL_FUNC_MAC_FINAL, (void (*)(void))kmac_final }, - { OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS, - (void (*)(void))kmac_gettable_ctx_params }, - { OSSL_FUNC_MAC_GET_CTX_PARAMS, (void (*)(void))kmac_get_ctx_params }, - { OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS, - (void (*)(void))kmac_settable_ctx_params }, - { OSSL_FUNC_MAC_SET_CTX_PARAMS, (void (*)(void))kmac_set_ctx_params }, - OSSL_DISPATCH_END -}; +#define KMAC_TABLE(size) IMPLEMENT_KMAC_TABLE(size, functions, new) + +KMAC_TABLE(128); +KMAC_TABLE(256); + +#ifdef FIPS_MODULE +# define KMAC_INTERNAL_TABLE(size) \ +static OSSL_FUNC_mac_newctx_fn kmac##size##_internal_new; \ +static void *kmac##size##_internal_new(void *provctx) \ +{ \ + struct kmac_data_st *macctx = kmac##size##_new(provctx); \ + \ + if (macctx != NULL) \ + macctx->internal = 1; \ + return macctx; \ +} \ +IMPLEMENT_KMAC_TABLE(size, internal_functions, internal_new) + +KMAC_INTERNAL_TABLE(128); +KMAC_INTERNAL_TABLE(256); +#endif /* FIPS_MODULE */ diff --git a/test/recipes/30-test_evp_data/evpmac_common.txt b/test/recipes/30-test_evp_data/evpmac_common.txt index d2caddbcea..ff18d2e033 100644 --- a/test/recipes/30-test_evp_data/evpmac_common.txt +++ b/test/recipes/30-test_evp_data/evpmac_common.txt @@ -306,12 +306,23 @@ Key = 0B122AC8F34ED1FE082A3625D157561454167AC145A10BBF77C6A70596D574F1 Input = 498B53FDEC87EDCBF07097DCCDE93A084BAD7501A224E388DF349CE18959FE8485F8AD1537F0D896EA73BEDC7214713F Output = F62C46329B41085625669BAF51DEA66A +# For AES - test only CBC mode is allowed FIPSversion = >=3.1.0 MAC = CMAC Algorithm = AES-256-ECB Key = 0B122AC8F34ED1FE082A3625D157561454167AC145A10BBF77C6A70596D574F1 Input = 498B53FDEC87EDCBF07097DCCDE93A084BAD7501A224E388DF349CE18959FE8485F8AD1537F0D896EA73BEDC7214713F Result = MAC_INIT_ERROR +Reason = invalid mode + +# Test CMAC with a small key is not allowed +# (Most ciphers have fixed length keys - so it fails due to this restriction). +MAC = CMAC +Algorithm = AES-128-CBC +Key = 77A77FAF290C1FA30C68 +Input = 020683E1F0392F4CAC54318B6029259E9C553DBC4B6AD998E64D58E4E7DC2E13 +Result = MAC_INIT_ERROR +Reason = invalid key length Title = GMAC Tests (from NIST) @@ -386,6 +397,7 @@ Key = 4C973DBC7364621674F8B5B89E5C15511FCED9216490FB1C1A2CAA0FFE0407E5 IV = 7AE8E2CA4EC500012E58495C Input = 68F2E77696CE7AE8E2CA4EC588E541002E58495C08000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D0007 Result = MAC_INIT_ERROR +Reason = invalid mode Title = KMAC Tests (From NIST) MAC = KMAC128 @@ -548,6 +560,7 @@ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 Custom = ":abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789:::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::" Result = MAC_INIT_ERROR +Reason = invalid custom length Title = KMAC output is too large @@ -557,6 +570,7 @@ Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223 Custom = "My Tagged Application" Ctrl = size:2097152 Result = MAC_INIT_ERROR +Reason = invalid output length Title = KMAC output is too small in FIPS @@ -609,3 +623,27 @@ Output = 28c815 Custom = "My Tagged Application" Ctrl = size:3 +Title = KMAC FIPS short key test + +# Test KMAC with key < 112 bits is not allowed +Availablein = fips +FIPSversion = >=3.4.0 +MAC = KMAC256 +Key = 404142434445464748494A4B4C +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +Custom = "" +Result = MAC_INIT_ERROR +Reason = invalid key length + +Title = KMAC FIPS short key indicator test + +# Test KMAC with key < 112 bits is unapproved +Availablein = fips +FIPSversion = >=3.4.0 +MAC = KMAC256 +Unapproved = 1 +Ctrl = key-check:0 +Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F +Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 +Custom = "" +Output = 75358CF39E41494E949707927CEE0AF20A3FF553904C86B08F21CC414BCFD691589D27CF5E15369CBBFF8B9A4C2EB17800855D0235FF635DA82533EC6B759B69 diff --git a/util/mk-fipsmodule-cnf.pl b/util/mk-fipsmodule-cnf.pl index 3fd7ee67fa..a8d1baf3b5 100644 --- a/util/mk-fipsmodule-cnf.pl +++ b/util/mk-fipsmodule-cnf.pl @@ -14,7 +14,6 @@ my $conditional_errors = 1; my $security_checks = 1; my $ems_check = 1; my $no_short_mac = 1; -my $key_check = 1; my $drgb_no_trunc_dgst = 1; my $digest_check = 1; my $dsa_sign_disabled = 1; @@ -25,6 +24,7 @@ my $rsa_sign_x931_pad_disabled = 1; my $kdf_key_check = 1; my $pbkdf2_lower_bound_check = 1; my $ec_cofactor_check = 1; +my $mac_key_check = 1; my $activate = 1; my $version = 1; @@ -61,7 +61,6 @@ security-checks = $security_checks module-mac = $module_mac tls1-prf-ems-check = $ems_check no-short-mac = $no_short_mac -hmac-key-check = $key_check drbg-no-trunc-md = $drgb_no_trunc_dgst signature-digest-check = $digest_check dsa-sign-disabled = $dsa_sign_disabled @@ -84,4 +83,6 @@ sskdf-key-check = $kdf_key_check x963kdf-key-check = $kdf_key_check pbkdf2-lower-bound-check = $pbkdf2_lower_bound_check ecdh-cofactor-check = $ec_cofactor_check +hmac-key-check = $mac_key_check +kmac-key-check = $mac_key_check _____ diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm index ccff1670c8..77d2f8e679 100644 --- a/util/perl/OpenSSL/paramnames.pm +++ b/util/perl/OpenSSL/paramnames.pm @@ -32,6 +32,7 @@ my %params = ( 'PROV_PARAM_STATUS' => "status", # uint 'PROV_PARAM_SECURITY_CHECKS' => "security-checks", # uint 'PROV_PARAM_HMAC_KEY_CHECK' => "hmac-key-check", # uint + 'PROV_PARAM_KMAC_KEY_CHECK' => "kmac-key-check", # uint 'PROV_PARAM_TLS1_PRF_EMS_CHECK' => "tls1-prf-ems-check", # uint 'PROV_PARAM_NO_SHORT_MAC' => "no-short-mac", # uint 'PROV_PARAM_DRBG_TRUNC_DIGEST' => "drbg-no-trunc-md", # uint @@ -169,6 +170,7 @@ my %params = ( 'MAC_PARAM_SIZE' => "size", # size_t 'MAC_PARAM_BLOCK_SIZE' => "block-size", # size_t 'MAC_PARAM_TLS_DATA_SIZE' => "tls-data-size", # size_t + 'MAC_PARAM_FIPS_NO_SHORT_MAC' =>'*PROV_PARAM_NO_SHORT_MAC', 'MAC_PARAM_FIPS_KEY_CHECK' => '*PKEY_PARAM_FIPS_KEY_CHECK', 'MAC_PARAM_FIPS_APPROVED_INDICATOR' => '*ALG_PARAM_FIPS_APPROVED_INDICATOR',