fips: mark PBKDF2 with short key and output sizes non-approved

Signed-off-by: Daiki Ueno <ueno@gnu.org>

diff --git a/lib/crypto-api.c b/lib/crypto-api.c
index 7f81011c42510a592902b0ffec7781b4ee7fe144..9e246ce5376262bf8db3295796aa79f415df9fa2 100644 (file)
--- a/lib/crypto-api.c
+++ b/lib/crypto-api.c
@@ -2218,6 +2218,11 @@ gnutls_pbkdf2(gnutls_mac_algorithm_t mac,
                not_approved = true;
        }
 
+       /* Key lengths and output sizes of less than 112 bits are not approved */
+       if (key->size < 14 || length < 14) {
+               not_approved = true;
+       }
+
        ret = _gnutls_kdf_ops.pbkdf2(mac, key->data, key->size,
                                     salt->data, salt->size, iter_count,
                                     output, length);

diff --git a/tests/fips-test.c b/tests/fips-test.c
index b0bae4ef9f133270f98470bfbf89771b12000c45..704effeccba164eff4b5a788004f7accc6ac52b9 100644 (file)
--- a/tests/fips-test.c
+++ b/tests/fips-test.c
@@ -271,6 +271,7 @@ void doit(void)
        uint8_t hmac[64];
        uint8_t hash[64];
        gnutls_datum_t hashed_data;
+       uint8_t pbkdf2[64];
 
        fprintf(stderr,
                "Please note that if in FIPS140 mode, you need to assure the library's integrity prior to running this test\n");
@@ -368,6 +369,35 @@ void doit(void)
        }
        FIPS_POP_CONTEXT(NOT_APPROVED);
 
+       /* PBKDF2 with key equal to or longer than 112 bits: approved */
+       FIPS_PUSH_CONTEXT();
+       ret = gnutls_pbkdf2(GNUTLS_MAC_SHA256, &key, &iv, 100,
+                           &pbkdf2, sizeof(pbkdf2));
+       if (ret < 0) {
+               fail("gnutls_pbkdf2 failed\n");
+       }
+       FIPS_POP_CONTEXT(APPROVED);
+
+       /* PBKDF2 with key shorter than 112 bits: not approved */
+       FIPS_PUSH_CONTEXT();
+       key.size = 13;
+       ret = gnutls_pbkdf2(GNUTLS_MAC_SHA256, &key, &iv, 100,
+                           &pbkdf2, sizeof(pbkdf2));
+       if (ret < 0) {
+               fail("gnutls_pbkdf2 failed\n");
+       }
+       key.size = sizeof(key16);
+       FIPS_POP_CONTEXT(NOT_APPROVED);
+
+       /* PBKDF2 with output shorter than 112 bits: not approved */
+       FIPS_PUSH_CONTEXT();
+       ret = gnutls_pbkdf2(GNUTLS_MAC_SHA256, &key, &iv, 100,
+                           &pbkdf2, 13);
+       if (ret < 0) {
+               fail("gnutls_pbkdf2 failed\n");
+       }
+       FIPS_POP_CONTEXT(NOT_APPROVED);
+
        ret = gnutls_rnd(GNUTLS_RND_NONCE, key16, sizeof(key16));
        if (ret < 0) {
                fail("gnutls_rnd failed\n");

diff --git a/tests/kdf-api.c b/tests/kdf-api.c
index a28ce82a6224eec5e7f8287885b046ae5078221f..9774ce60007f41e8a265bcd4038a08b605037904 100644 (file)
--- a/tests/kdf-api.c
+++ b/tests/kdf-api.c
@@ -65,6 +65,7 @@ test_hkdf(gnutls_mac_algorithm_t mac,
 
        FIPS_PUSH_CONTEXT();
        assert(gnutls_hkdf_extract(mac, &ikm, &salt, buf) >= 0);
+       /* HKDF outside of TLS usage is not approved */
        FIPS_POP_CONTEXT(NOT_APPROVED);
        gnutls_free(ikm.data);
        gnutls_free(salt.data);
@@ -92,6 +93,7 @@ test_hkdf(gnutls_mac_algorithm_t mac,
 
        FIPS_PUSH_CONTEXT();
        assert(gnutls_hkdf_expand(mac, &prk, &info, buf, length) >= 0);
+       /* HKDF outside of TLS usage is not approved */
        FIPS_POP_CONTEXT(NOT_APPROVED);
 
        gnutls_free(info.data);
@@ -113,7 +115,8 @@ test_pbkdf2(gnutls_mac_algorithm_t mac,
            const char *salt_hex,
            unsigned iter_count,
            size_t length,
-           const char *okm_hex)
+           const char *okm_hex,
+           gnutls_fips140_operation_state_t expected_state)
 {
        gnutls_datum_t hex;
        gnutls_datum_t ikm;
@@ -131,9 +134,9 @@ test_pbkdf2(gnutls_mac_algorithm_t mac,
        hex.size = strlen(salt_hex);
        assert(gnutls_hex_decode2(&hex, &salt) >= 0);
 
-       FIPS_PUSH_CONTEXT();
+       fips_push_context(fips_context);
        assert(gnutls_pbkdf2(mac, &ikm, &salt, iter_count, buf, length) >= 0);
-       FIPS_POP_CONTEXT(APPROVED);
+       fips_pop_context(fips_context, expected_state);
        gnutls_free(ikm.data);
        gnutls_free(salt.data);
 
@@ -174,7 +177,9 @@ doit(void)
                    "73616c74",         /* "salt" */
                    4096,
                    20,
-                   "4b007901b765489abead49d926f721d065a429c1");
+                   "4b007901b765489abead49d926f721d065a429c1",
+                   /* Key sizes and output sizes less than 112-bit are not approved.  */
+                   GNUTLS_FIPS140_OP_NOT_APPROVED);
 
        gnutls_fips140_context_deinit(fips_context);
 }