This adds a FIPS indicator for KMAC key size.
Note that 112 bits keys are still smaller than the
sizes required to reach 128 bits for KMAC128 and
256 bits for KMAC256
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25049)
OPT_TLS_PRF_EMS_CHECK, OPT_NO_SHORT_MAC,
OPT_DISALLOW_PKCS15_PADDING, OPT_RSA_PSS_SALTLEN_CHECK,
OPT_DISALLOW_SIGNATURE_X931_PADDING,
- OPT_HMAC_KEY_CHECK,
+ OPT_HMAC_KEY_CHECK, OPT_KMAC_KEY_CHECK,
OPT_DISALLOW_DRGB_TRUNC_DIGEST,
OPT_SIGNATURE_DIGEST_CHECK,
OPT_HKDF_DIGEST_CHECK,
{"signature_digest_check", OPT_SIGNATURE_DIGEST_CHECK, '-',
"Enable checking for approved digests for signatures"},
{"hmac_key_check", OPT_HMAC_KEY_CHECK, '-', "Enable key check for HMAC"},
+ {"kmac_key_check", OPT_KMAC_KEY_CHECK, '-', "Enable key check for KMAC"},
{"hkdf_digest_check", OPT_HKDF_DIGEST_CHECK, '-',
"Enable digest check for HKDF"},
{"tls13_kdf_digest_check", OPT_TLS13_KDF_DIGEST_CHECK, '-',
unsigned int conditional_errors : 1;
unsigned int security_checks : 1;
unsigned int hmac_key_check : 1;
+ unsigned int kmac_key_check : 1;
unsigned int tls_prf_ems_check : 1;
unsigned int no_short_mac : 1;
unsigned int drgb_no_trunc_dgst : 1;
1, /* conditional_errors */
1, /* security_checks */
1, /* hmac_key_check */
+ 1, /* kmac_key_check */
1, /* tls_prf_ems_check */
1, /* no_short_mac */
1, /* drgb_no_trunc_dgst */
1, /* conditional_errors */
1, /* security_checks */
0, /* hmac_key_check */
+ 0, /* kmac_key_check */
0, /* tls_prf_ems_check */
0, /* no_short_mac */
0, /* drgb_no_trunc_dgst */
opts->security_checks ? "1" : "0") <= 0
|| BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_HMAC_KEY_CHECK,
opts->hmac_key_check ? "1": "0") <= 0
+ || BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_KMAC_KEY_CHECK,
+ opts->kmac_key_check ? "1": "0") <= 0
|| BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK,
opts->tls_prf_ems_check ? "1" : "0") <= 0
|| BIO_printf(out, "%s = %s\n", OSSL_PROV_PARAM_NO_SHORT_MAC,
case OPT_HMAC_KEY_CHECK:
fips_opts.hmac_key_check = 1;
break;
+ case OPT_KMAC_KEY_CHECK:
+ fips_opts.kmac_key_check = 1;
+ break;
case OPT_TLS_PRF_EMS_CHECK:
fips_opts.tls_prf_ems_check = 1;
break;
[B<-no_conditional_errors>]
[B<-no_security_checks>]
[B<-hmac_key_check>]
+[B<-kmac_key_check>]
[B<-ems_check>]
[B<-no_drbg_truncated_digests>]
[B<-signature_digest_check>]
Configure the module to not allow small keys sizes when using HMAC.
See SP 800-131Ar2 for details.
+=item B<-kmac_key_check>
+
+Configure the module to not allow small keys sizes when using KMAC.
+See SP 800-131Ar2 for details.
+
=item B<-no_drbg_truncated_digests>
Configure the module to not allow truncated digests to be used with Hash and
This settable parameter is described in L<provider-mac(7)>.
-=item "no-short-mac" (B<OSSL_PROV_FIPS_PARAM_NO_SHORT_MAC>) <integer>
+=item "no-short-mac" (B<OSSL_MAC_PARAM_FIPS_NO_SHORT_MAC>) <integer>
This settable parameter is described in L<provider-mac(7)>. It is used by
the OpenSSL FIPS provider and the minimum length output for KMAC
is defined by NIST's SP 800-185 8.4.2.
+=item "key-check" (B<OSSL_MAC_PARAM_FIPS_KEY_CHECK>) <integer>
+
+This settable parameter is described in L<provider-mac(7)>.
+
=back
The "custom" and "no-short-mac" parameters must be set as part of or before
=over 4
-=item "no-short-mac" (B<OSSL_PROV_FIPS_PARAM_NO_SHORT_MAC>) <integer>
+=item "no-short-mac" (B<OSSL_MAC_PARAM_FIPS_NO_SHORT_MAC>) <integer>
If required this parameter should be set early via an init function.
The default value of 1 causes an error when too short MAC output is
*/
# define OSSL_PROV_FIPS_PARAM_HMAC_KEY_CHECK "hmac-key-check"
+/*
+ * A boolean that determines if the runtime FIPS key check for KMAC is
+ * performed.
+ * This is enabled by default.
+ * Type: OSSL_PARAM_UTF8_STRING
+ */
+# define OSSL_PROV_FIPS_PARAM_KMAC_KEY_CHECK "kmac-key-check"
+
/*
* A boolean that determines if truncated digests can be used with Hash and HMAC
* DRBGs. FIPS 140-3 IG D.R disallows such use for efficiency rather than
int FIPS_tls_prf_ems_check(OSSL_LIB_CTX *libctx);
int FIPS_no_short_mac(OSSL_LIB_CTX *libctx);
int FIPS_hmac_key_check(OSSL_LIB_CTX *libctx);
+int FIPS_kmac_key_check(OSSL_LIB_CTX *libctx);s
int FIPS_restricted_drbg_digests_enabled(OSSL_LIB_CTX *libctx);
int FIPS_fips_signature_digest_check(OSSL_LIB_CTX *libctx);
int FIPS_hkdf_digest_check(OSSL_LIB_CTX *libctx);
FIPS_OPTION fips_tls1_prf_ems_check;
FIPS_OPTION fips_no_short_mac;
FIPS_OPTION fips_hmac_key_check;
+ FIPS_OPTION fips_kmac_key_check;
FIPS_OPTION fips_restricted_drgb_digests;
FIPS_OPTION fips_signature_digest_check;
FIPS_OPTION fips_hkdf_digest_check;
init_fips_option(&fgbl->fips_tls1_prf_ems_check, 0); /* Disabled by default */
init_fips_option(&fgbl->fips_no_short_mac, 1);
init_fips_option(&fgbl->fips_hmac_key_check, 0);
+ init_fips_option(&fgbl->fips_kmac_key_check, 0);
init_fips_option(&fgbl->fips_restricted_drgb_digests, 0);
init_fips_option(&fgbl->fips_signature_digest_check, 0);
init_fips_option(&fgbl->fips_hkdf_digest_check, 0);
OSSL_PARAM_INTEGER, NULL, 0),
OSSL_PARAM_DEFN(OSSL_PROV_PARAM_HKDF_KEY_CHECK, OSSL_PARAM_INTEGER, NULL,
0),
+ OSSL_PARAM_DEFN(OSSL_PROV_PARAM_KMAC_KEY_CHECK, OSSL_PARAM_INTEGER, NULL,
+ 0),
OSSL_PARAM_DEFN(OSSL_PROV_PARAM_TLS13_KDF_KEY_CHECK, OSSL_PARAM_INTEGER,
NULL, 0),
OSSL_PARAM_DEFN(OSSL_PROV_PARAM_TLS1_PRF_KEY_CHECK, OSSL_PARAM_INTEGER,
* OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS and
* OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK are not self test parameters.
*/
- OSSL_PARAM core_params[29], *p = core_params;
+ OSSL_PARAM core_params[31], *p = core_params;
/* FIPS self test params */
#define FIPS_FEATURE_SELF_TEST(fgbl, pname, field) \
fips_no_short_mac);
FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_HMAC_KEY_CHECK,
fips_hmac_key_check);
+ FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_KMAC_KEY_CHECK,
+ fips_kmac_key_check);
FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_DRBG_TRUNC_DIGEST,
fips_restricted_drgb_digests);
FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_SIGNATURE_DIGEST_CHECK,
fips_no_short_mac);
FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_HMAC_KEY_CHECK,
fips_hmac_key_check);
+ FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_KMAC_KEY_CHECK,
+ fips_kmac_key_check);
FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST,
fips_restricted_drgb_digests);
FIPS_FEATURE_GET(fgbl, OSSL_PROV_FIPS_PARAM_SIGNATURE_DIGEST_CHECK,
{ PROV_NAMES_CMAC, FIPS_DEFAULT_PROPERTIES, ossl_cmac_functions },
#endif
{ PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_hmac_internal_functions },
- { PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions },
- { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions },
+ { PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_internal_functions },
+ { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_internal_functions },
+ { NULL, NULL, NULL }
};
static const OSSL_ALGORITHM fips_kdfs[] = {
static const OSSL_ALGORITHM *fips_query_internal(void *provctx, int operation_id,
int *no_cache)
{
- *no_cache = 0;
-
- if (!ossl_prov_is_running())
- return NULL;
-
- switch (operation_id) {
- case OSSL_OP_DIGEST:
- return fips_digests;
- case OSSL_OP_CIPHER:
- return exported_fips_ciphers;
- case OSSL_OP_MAC:
+ if (operation_id == OSSL_OP_MAC) {
+ *no_cache = 0;
+ if (!ossl_prov_is_running())
+ return NULL;
return fips_macs_internal;
- case OSSL_OP_KDF:
- return fips_kdfs;
- case OSSL_OP_RAND:
- return fips_rands;
- case OSSL_OP_KEYMGMT:
- return fips_keymgmt;
- case OSSL_OP_KEYEXCH:
- return fips_keyexch;
- case OSSL_OP_SIGNATURE:
- return fips_signature;
- case OSSL_OP_ASYM_CIPHER:
- return fips_asym_cipher;
- case OSSL_OP_KEM:
- return fips_asym_kem;
}
- return NULL;
+ return fips_query(provctx, operation_id, no_cache);
}
static void fips_teardown(void *provctx)
FIPS_SET_OPTION(fgbl, fips_tls1_prf_ems_check);
FIPS_SET_OPTION(fgbl, fips_no_short_mac);
FIPS_SET_OPTION(fgbl, fips_hmac_key_check);
+ FIPS_SET_OPTION(fgbl, fips_kmac_key_check);
FIPS_SET_OPTION(fgbl, fips_restricted_drgb_digests);
FIPS_SET_OPTION(fgbl, fips_signature_digest_check);
FIPS_SET_OPTION(fgbl, fips_hkdf_digest_check);
FIPS_FEATURE_CHECK(FIPS_tls_prf_ems_check, fips_tls1_prf_ems_check)
FIPS_FEATURE_CHECK(FIPS_no_short_mac, fips_no_short_mac)
FIPS_FEATURE_CHECK(FIPS_hmac_key_check, fips_hmac_key_check)
+FIPS_FEATURE_CHECK(FIPS_kmac_key_check, fips_kmac_key_check)
FIPS_FEATURE_CHECK(FIPS_restricted_drbg_digests_enabled,
fips_restricted_drgb_digests)
FIPS_FEATURE_CHECK(FIPS_fips_signature_digest_check, fips_signature_digest_check)
extern const OSSL_DISPATCH ossl_hmac_functions[];
#ifdef FIPS_MODULE
extern const OSSL_DISPATCH ossl_hmac_internal_functions[];
+extern const OSSL_DISPATCH ossl_kmac128_internal_functions[];
+extern const OSSL_DISPATCH ossl_kmac256_internal_functions[];
#endif
extern const OSSL_DISPATCH ossl_kmac128_functions[];
extern const OSSL_DISPATCH ossl_kmac256_functions[];
return 0;
}
/* calc: PRK = HMAC-Hash(salt, IKM) */
- return EVP_Q_mac(libctx, "HMAC", NULL, EVP_MD_get0_name(evp_md), NULL, salt,
- salt_len, ikm, ikm_len, prk, EVP_MD_get_size(evp_md), NULL)
- != NULL;
+ return
+ EVP_Q_mac(libctx, "HMAC", NULL, EVP_MD_get0_name(evp_md), NULL, salt,
+ salt_len, ikm, ikm_len, prk, EVP_MD_get_size(evp_md), NULL)
+ != NULL;
}
/*
#include "prov/providercommon.h"
#include "prov/fipscommon.h"
#include "prov/fipsindicator.h"
+#include "prov/securitycheck.h"
#include "internal/cryptlib.h" /* ossl_assert */
/*
/* key and custom are stored in encoded form */
unsigned char key[KMAC_MAX_KEY_ENCODED];
unsigned char custom[KMAC_MAX_CUSTOM_ENCODED];
+#ifdef FIPS_MODULE
+ /*
+ * 'internal' is set to 1 if KMAC is used inside another algorithm such as a
+ * KDF. In this case it is the parent algorithm that is responsible for
+ * performing any conditional FIPS indicator related checks for KMAC.
+ */
+ int internal;
+#endif
OSSL_FIPS_IND_DECLARE
};
kmac_free(dst);
return NULL;
}
-
+#ifdef FIPS_MODULE
+ dst->internal = src->internal;
+#endif
dst->out_len = src->out_len;
dst->key_len = src->key_len;
dst->custom_len = src->custom_len;
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
return 0;
}
+#ifdef FIPS_MODULE
+ /*
+ * Only do the key check if KMAC is fetched directly.
+ * Other algorithms that embed KMAC such as SSKDF will ignore this check.
+ */
+ if (!kctx->internal) {
+ int approved = ossl_mac_check_key_size(keylen);
+
+ if (!approved) {
+ if (!OSSL_FIPS_IND_ON_UNAPPROVED(kctx, OSSL_FIPS_IND_SETTABLE1,
+ PROV_LIBCTX_OF(kctx->provctx),
+ "KMAC", "Key size",
+ FIPS_kmac_key_check)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
+ return 0;
+ }
+ }
+ }
+#endif
if (w <= 0) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_LENGTH);
return 0;
OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL),
OSSL_PARAM_octet_string(OSSL_MAC_PARAM_KEY, NULL, 0),
OSSL_PARAM_octet_string(OSSL_MAC_PARAM_CUSTOM, NULL, 0),
- OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_PROV_FIPS_PARAM_NO_SHORT_MAC)
+ OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_MAC_PARAM_FIPS_NO_SHORT_MAC)
+ OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_MAC_PARAM_FIPS_KEY_CHECK)
OSSL_PARAM_END
};
static const OSSL_PARAM *kmac_settable_ctx_params(ossl_unused void *ctx,
return 1;
if (!OSSL_FIPS_IND_SET_CTX_PARAM(kctx, OSSL_FIPS_IND_SETTABLE0, params,
- OSSL_PROV_PARAM_NO_SHORT_MAC))
- return 0;
+ OSSL_MAC_PARAM_FIPS_NO_SHORT_MAC))
+ return 0;
+ if (!OSSL_FIPS_IND_SET_CTX_PARAM(kctx, OSSL_FIPS_IND_SETTABLE1, params,
+ OSSL_MAC_PARAM_FIPS_KEY_CHECK))
+ return 0;
if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_XOF)) != NULL
&& !OSSL_PARAM_get_int(p, &kctx->xof_mode))
return bytepad(out, NULL, tmp, tmp_len, NULL, 0, w);
}
-const OSSL_DISPATCH ossl_kmac128_functions[] = {
- { OSSL_FUNC_MAC_NEWCTX, (void (*)(void))kmac128_new },
- { OSSL_FUNC_MAC_DUPCTX, (void (*)(void))kmac_dup },
- { OSSL_FUNC_MAC_FREECTX, (void (*)(void))kmac_free },
- { OSSL_FUNC_MAC_INIT, (void (*)(void))kmac_init },
- { OSSL_FUNC_MAC_UPDATE, (void (*)(void))kmac_update },
- { OSSL_FUNC_MAC_FINAL, (void (*)(void))kmac_final },
- { OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS,
- (void (*)(void))kmac_gettable_ctx_params },
- { OSSL_FUNC_MAC_GET_CTX_PARAMS, (void (*)(void))kmac_get_ctx_params },
- { OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS,
- (void (*)(void))kmac_settable_ctx_params },
- { OSSL_FUNC_MAC_SET_CTX_PARAMS, (void (*)(void))kmac_set_ctx_params },
- OSSL_DISPATCH_END
-};
+#define IMPLEMENT_KMAC_TABLE(size, funcname, newname) \
+const OSSL_DISPATCH ossl_kmac##size##_##funcname[] = \
+{ \
+ { OSSL_FUNC_MAC_NEWCTX, (void (*)(void))kmac##size##_##newname }, \
+ { OSSL_FUNC_MAC_DUPCTX, (void (*)(void))kmac_dup }, \
+ { OSSL_FUNC_MAC_FREECTX, (void (*)(void))kmac_free }, \
+ { OSSL_FUNC_MAC_INIT, (void (*)(void))kmac_init }, \
+ { OSSL_FUNC_MAC_UPDATE, (void (*)(void))kmac_update }, \
+ { OSSL_FUNC_MAC_FINAL, (void (*)(void))kmac_final }, \
+ { OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS, \
+ (void (*)(void))kmac_gettable_ctx_params }, \
+ { OSSL_FUNC_MAC_GET_CTX_PARAMS, (void (*)(void))kmac_get_ctx_params }, \
+ { OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS, \
+ (void (*)(void))kmac_settable_ctx_params }, \
+ { OSSL_FUNC_MAC_SET_CTX_PARAMS, (void (*)(void))kmac_set_ctx_params }, \
+ OSSL_DISPATCH_END \
+}
-const OSSL_DISPATCH ossl_kmac256_functions[] = {
- { OSSL_FUNC_MAC_NEWCTX, (void (*)(void))kmac256_new },
- { OSSL_FUNC_MAC_DUPCTX, (void (*)(void))kmac_dup },
- { OSSL_FUNC_MAC_FREECTX, (void (*)(void))kmac_free },
- { OSSL_FUNC_MAC_INIT, (void (*)(void))kmac_init },
- { OSSL_FUNC_MAC_UPDATE, (void (*)(void))kmac_update },
- { OSSL_FUNC_MAC_FINAL, (void (*)(void))kmac_final },
- { OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS,
- (void (*)(void))kmac_gettable_ctx_params },
- { OSSL_FUNC_MAC_GET_CTX_PARAMS, (void (*)(void))kmac_get_ctx_params },
- { OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS,
- (void (*)(void))kmac_settable_ctx_params },
- { OSSL_FUNC_MAC_SET_CTX_PARAMS, (void (*)(void))kmac_set_ctx_params },
- OSSL_DISPATCH_END
-};
+#define KMAC_TABLE(size) IMPLEMENT_KMAC_TABLE(size, functions, new)
+
+KMAC_TABLE(128);
+KMAC_TABLE(256);
+
+#ifdef FIPS_MODULE
+# define KMAC_INTERNAL_TABLE(size) \
+static OSSL_FUNC_mac_newctx_fn kmac##size##_internal_new; \
+static void *kmac##size##_internal_new(void *provctx) \
+{ \
+ struct kmac_data_st *macctx = kmac##size##_new(provctx); \
+ \
+ if (macctx != NULL) \
+ macctx->internal = 1; \
+ return macctx; \
+} \
+IMPLEMENT_KMAC_TABLE(size, internal_functions, internal_new)
+
+KMAC_INTERNAL_TABLE(128);
+KMAC_INTERNAL_TABLE(256);
+#endif /* FIPS_MODULE */
Input = 498B53FDEC87EDCBF07097DCCDE93A084BAD7501A224E388DF349CE18959FE8485F8AD1537F0D896EA73BEDC7214713F
Output = F62C46329B41085625669BAF51DEA66A
+# For AES - test only CBC mode is allowed
FIPSversion = >=3.1.0
MAC = CMAC
Algorithm = AES-256-ECB
Key = 0B122AC8F34ED1FE082A3625D157561454167AC145A10BBF77C6A70596D574F1
Input = 498B53FDEC87EDCBF07097DCCDE93A084BAD7501A224E388DF349CE18959FE8485F8AD1537F0D896EA73BEDC7214713F
Result = MAC_INIT_ERROR
+Reason = invalid mode
+
+# Test CMAC with a small key is not allowed
+# (Most ciphers have fixed length keys - so it fails due to this restriction).
+MAC = CMAC
+Algorithm = AES-128-CBC
+Key = 77A77FAF290C1FA30C68
+Input = 020683E1F0392F4CAC54318B6029259E9C553DBC4B6AD998E64D58E4E7DC2E13
+Result = MAC_INIT_ERROR
+Reason = invalid key length
Title = GMAC Tests (from NIST)
IV = 7AE8E2CA4EC500012E58495C
Input = 68F2E77696CE7AE8E2CA4EC588E541002E58495C08000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D0007
Result = MAC_INIT_ERROR
+Reason = invalid mode
Title = KMAC Tests (From NIST)
MAC = KMAC128
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
Custom = ":abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789:::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::"
Result = MAC_INIT_ERROR
+Reason = invalid custom length
Title = KMAC output is too large
Custom = "My Tagged Application"
Ctrl = size:2097152
Result = MAC_INIT_ERROR
+Reason = invalid output length
Title = KMAC output is too small in FIPS
Custom = "My Tagged Application"
Ctrl = size:3
+Title = KMAC FIPS short key test
+
+# Test KMAC with key < 112 bits is not allowed
+Availablein = fips
+FIPSversion = >=3.4.0
+MAC = KMAC256
+Key = 404142434445464748494A4B4C
+Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+Custom = ""
+Result = MAC_INIT_ERROR
+Reason = invalid key length
+
+Title = KMAC FIPS short key indicator test
+
+# Test KMAC with key < 112 bits is unapproved
+Availablein = fips
+FIPSversion = >=3.4.0
+MAC = KMAC256
+Unapproved = 1
+Ctrl = key-check:0
+Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+Custom = ""
+Output = 75358CF39E41494E949707927CEE0AF20A3FF553904C86B08F21CC414BCFD691589D27CF5E15369CBBFF8B9A4C2EB17800855D0235FF635DA82533EC6B759B69
my $security_checks = 1;
my $ems_check = 1;
my $no_short_mac = 1;
-my $key_check = 1;
my $drgb_no_trunc_dgst = 1;
my $digest_check = 1;
my $dsa_sign_disabled = 1;
my $kdf_key_check = 1;
my $pbkdf2_lower_bound_check = 1;
my $ec_cofactor_check = 1;
+my $mac_key_check = 1;
my $activate = 1;
my $version = 1;
module-mac = $module_mac
tls1-prf-ems-check = $ems_check
no-short-mac = $no_short_mac
-hmac-key-check = $key_check
drbg-no-trunc-md = $drgb_no_trunc_dgst
signature-digest-check = $digest_check
dsa-sign-disabled = $dsa_sign_disabled
x963kdf-key-check = $kdf_key_check
pbkdf2-lower-bound-check = $pbkdf2_lower_bound_check
ecdh-cofactor-check = $ec_cofactor_check
+hmac-key-check = $mac_key_check
+kmac-key-check = $mac_key_check
_____
'PROV_PARAM_STATUS' => "status", # uint
'PROV_PARAM_SECURITY_CHECKS' => "security-checks", # uint
'PROV_PARAM_HMAC_KEY_CHECK' => "hmac-key-check", # uint
+ 'PROV_PARAM_KMAC_KEY_CHECK' => "kmac-key-check", # uint
'PROV_PARAM_TLS1_PRF_EMS_CHECK' => "tls1-prf-ems-check", # uint
'PROV_PARAM_NO_SHORT_MAC' => "no-short-mac", # uint
'PROV_PARAM_DRBG_TRUNC_DIGEST' => "drbg-no-trunc-md", # uint
'MAC_PARAM_SIZE' => "size", # size_t
'MAC_PARAM_BLOCK_SIZE' => "block-size", # size_t
'MAC_PARAM_TLS_DATA_SIZE' => "tls-data-size", # size_t
+ 'MAC_PARAM_FIPS_NO_SHORT_MAC' =>'*PROV_PARAM_NO_SHORT_MAC',
'MAC_PARAM_FIPS_KEY_CHECK' => '*PKEY_PARAM_FIPS_KEY_CHECK',
'MAC_PARAM_FIPS_APPROVED_INDICATOR' => '*ALG_PARAM_FIPS_APPROVED_INDICATOR',
projects / thirdparty / openssl.git / commitdiff
