From e1eba21921ceeffa45ffd2115868c14e4c7fb8d9 Mon Sep 17 00:00:00 2001 From: Clemens Lang Date: Thu, 17 Nov 2022 18:08:24 +0100 Subject: [PATCH] hmac: Add explicit FIPS indicator for key length NIST SP 800-131Ar2, table 9 "Approval Status of MAC Algorithms" specifies key lengths < 112 bytes are disallowed for HMAC generation and are legacy use for HMAC verification. Add an explicit indicator that will mark shorter key lengths as unsupported. The indicator can be queries from the EVP_MAC_CTX object using EVP_MAC_CTX_get_params() with the OSSL_MAC_PARAM_SUSE_FIPS_INDICATOR parameter. Signed-off-by: Clemens Lang --- include/crypto/evp.h | 7 +++++++ include/openssl/evp.h | 3 +++ providers/implementations/macs/hmac_prov.c | 17 +++++++++++++++++ 4 files changed, 28 insertions(+) Index: openssl-3.2.3/include/crypto/evp.h =================================================================== --- openssl-3.2.3.orig/include/crypto/evp.h +++ openssl-3.2.3/include/crypto/evp.h @@ -206,6 +206,13 @@ const EVP_PKEY_METHOD *ossl_ed448_pkey_m const EVP_PKEY_METHOD *ossl_rsa_pkey_method(void); const EVP_PKEY_METHOD *ossl_rsa_pss_pkey_method(void); +#ifdef FIPS_MODULE +/* NIST SP 800-131Ar2, Table 9: Approval Status of MAC Algorithms specifies key + * lengths < 112 bytes are disallowed for HMAC generation and legacy use for + * HMAC verification. */ +# define EVP_HMAC_GEN_FIPS_MIN_KEY_LEN (112 / 8) +#endif + struct evp_mac_st { OSSL_PROVIDER *prov; int name_id; Index: openssl-3.2.3/include/openssl/evp.h =================================================================== --- openssl-3.2.3.orig/include/openssl/evp.h +++ openssl-3.2.3/include/openssl/evp.h @@ -1199,6 +1199,9 @@ void EVP_MD_do_all_provided(OSSL_LIB_CTX void *arg); /* MAC stuff */ +# define EVP_MAC_SUSE_FIPS_INDICATOR_UNDETERMINED 0 +# define EVP_MAC_SUSE_FIPS_INDICATOR_APPROVED 1 +# define EVP_MAC_SUSE_FIPS_INDICATOR_NOT_APPROVED 2 EVP_MAC *EVP_MAC_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, const char *properties); Index: openssl-3.2.3/providers/implementations/macs/hmac_prov.c =================================================================== --- openssl-3.2.3.orig/providers/implementations/macs/hmac_prov.c +++ openssl-3.2.3/providers/implementations/macs/hmac_prov.c @@ -23,6 +23,8 @@ #include "internal/ssl3_cbc.h" +#include "crypto/evp.h" + #include "prov/implementations.h" #include "prov/provider_ctx.h" #include "prov/provider_util.h" @@ -235,6 +237,9 @@ static int hmac_final(void *vmacctx, uns static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL), OSSL_PARAM_size_t(OSSL_MAC_PARAM_BLOCK_SIZE, NULL), +#ifdef FIPS_MODULE + OSSL_PARAM_int(OSSL_MAC_PARAM_SUSE_FIPS_INDICATOR, NULL), +#endif /* defined(FIPS_MODULE) */ OSSL_PARAM_END }; static const OSSL_PARAM *hmac_gettable_ctx_params(ossl_unused void *ctx, @@ -256,6 +261,18 @@ static int hmac_get_ctx_params(void *vma && !OSSL_PARAM_set_int(p, hmac_block_size(macctx))) return 0; +#ifdef FIPS_MODULE + if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_SUSE_FIPS_INDICATOR)) != NULL) { + int fips_indicator = EVP_MAC_SUSE_FIPS_INDICATOR_APPROVED; + /* NIST SP 800-131Ar2, Table 9: Approval Status of MAC Algorithms + * specifies key lengths < 112 bytes are disallowed for HMAC generation + * and legacy use for HMAC verification. */ + if (macctx->keylen < EVP_HMAC_GEN_FIPS_MIN_KEY_LEN) + fips_indicator = EVP_MAC_SUSE_FIPS_INDICATOR_NOT_APPROVED; + return OSSL_PARAM_set_int(p, fips_indicator); + } +#endif /* defined(FIPS_MODULE) */ + return 1; } Index: openssl-3.2.3/util/perl/OpenSSL/paramnames.pm =================================================================== --- openssl-3.2.3.orig/util/perl/OpenSSL/paramnames.pm +++ openssl-3.2.3/util/perl/OpenSSL/paramnames.pm @@ -143,6 +143,7 @@ my %params = ( 'MAC_PARAM_SIZE' => "size", # size_t 'MAC_PARAM_BLOCK_SIZE' => "block-size", # size_t 'MAC_PARAM_TLS_DATA_SIZE' => "tls-data-size", # size_t + 'MAC_PARAM_SUSE_FIPS_INDICATOR' => "suse-fips-indicator", # size_t # KDF / PRF parameters 'KDF_PARAM_SECRET' => "secret", # octet string