File gnutls-FIPS-SLI-pbkdf2-verify-keylengths-only-SHA.patch of Package gnutls.26407
Index: gnutls-3.7.3/lib/crypto-api.c
===================================================================
--- gnutls-3.7.3.orig/lib/crypto-api.c
+++ gnutls-3.7.3/lib/crypto-api.c
@@ -1845,7 +1845,12 @@ gnutls_pbkdf2(gnutls_mac_algorithm_t mac
if (!is_mac_algo_allowed(mac)) {
_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
- } else if (!is_mac_algo_approved_in_fips(mac)) {
+ } else if (!is_mac_algo_approved_for_pbkdf2_in_fips(mac)) {
+ not_approved = true;
+ }
+
+ /* Key lengthes less than 112 bits are not approved */
+ if (length < 14 || key->size < 14) {
not_approved = true;
}
Index: gnutls-3.7.3/lib/fips.h
===================================================================
--- gnutls-3.7.3.orig/lib/fips.h
+++ gnutls-3.7.3/lib/fips.h
@@ -104,6 +104,25 @@ is_mac_algo_approved_in_fips(gnutls_mac_
}
inline static bool
+is_mac_algo_approved_for_pbkdf2_in_fips(gnutls_mac_algorithm_t algo)
+{
+ switch (algo) {
+ case GNUTLS_MAC_SHA1:
+ case GNUTLS_MAC_SHA256:
+ case GNUTLS_MAC_SHA384:
+ case GNUTLS_MAC_SHA512:
+ case GNUTLS_MAC_SHA224:
+ case GNUTLS_MAC_SHA3_224:
+ case GNUTLS_MAC_SHA3_256:
+ case GNUTLS_MAC_SHA3_384:
+ case GNUTLS_MAC_SHA3_512:
+ return true;
+ default:
+ return false;
+ }
+}
+
+inline static bool
is_mac_algo_allowed_in_fips(gnutls_mac_algorithm_t algo)
{
return is_mac_algo_approved_in_fips(algo);
Index: gnutls-3.7.3/lib/crypto-selftests.c
===================================================================
--- gnutls-3.7.3.orig/lib/crypto-selftests.c
+++ gnutls-3.7.3/lib/crypto-selftests.c
@@ -3088,30 +3088,6 @@ struct pbkdf2_vectors_st {
};
const struct pbkdf2_vectors_st pbkdf2_sha256_vectors[] = {
- /* RFC 7914: 11. Test Vectors for PBKDF2 with HMAC-SHA-256 */
- {
- STR(key, key_size, "passwd"),
- STR(salt, salt_size, "salt"),
- .iter_count = 1,
- STR(output, output_size,
- "\x55\xac\x04\x6e\x56\xe3\x08\x9f\xec\x16\x91\xc2\x25\x44"
- "\xb6\x05\xf9\x41\x85\x21\x6d\xde\x04\x65\xe6\x8b\x9d\x57"
- "\xc2\x0d\xac\xbc\x49\xca\x9c\xcc\xf1\x79\xb6\x45\x99\x16"
- "\x64\xb3\x9d\x77\xef\x31\x7c\x71\xb8\x45\xb1\xe3\x0b\xd5"
- "\x09\x11\x20\x41\xd3\xa1\x97\x83"),
- },
- /* RFC 7914: 11. Test Vectors for PBKDF2 with HMAC-SHA-256 */
- {
- STR(key, key_size, "Password"),
- STR(salt, salt_size, "NaCl"),
- .iter_count = 80000,
- STR(output, output_size,
- "\x4d\xdc\xd8\xf6\x0b\x98\xbe\x21\x83\x0c\xee\x5e\xf2\x27"
- "\x01\xf9\x64\x1a\x44\x18\xd0\x4c\x04\x14\xae\xff\x08\x87"
- "\x6b\x34\xab\x56\xa1\xd4\x25\xa1\x22\x58\x33\x54\x9a\xdb"
- "\x84\x1b\x51\xc9\xb3\x17\x6a\x27\x2b\xde\xbb\xa1\xd0\x78"
- "\x47\x8f\x62\xb3\x97\xf3\x3c\x8d"),
- },
/* Test vector extracted from:
* https://dev.gnupg.org/source/libgcrypt/browse/master/cipher/kdf.c */
{
Index: gnutls-3.7.3/tests/kdf-api.c
===================================================================
--- gnutls-3.7.3.orig/tests/kdf-api.c
+++ gnutls-3.7.3/tests/kdf-api.c
@@ -185,14 +185,19 @@ doit(void)
"2d2d0a90cf1a5a4c5db02d56ecc4c5bf"
"34007208d5b887185865");
- /* Test vector from RFC 6070. More thorough testing is done
- * in nettle. */
- test_pbkdf2(GNUTLS_MAC_SHA1,
- "70617373776f7264", /* "password" */
- "73616c74", /* "salt" */
+ /* Test vector extracted from:
+ * https://dev.gnupg.org/source/libgcrypt/browse/master/cipher/kdf.c */
+ test_pbkdf2(GNUTLS_MAC_SHA256,
+ "70617373776f726450415353"
+ "574f524470617373776f7264", /* "passwordPASSWORDpassword" */
+ "73616c7453414c5473616c74"
+ "53414c5473616c7453414c54"
+ "73616c7453414c5473616c74", /* "saltSALTsaltSALTsaltSALTsaltSALTsalt" */
4096,
- 20,
- "4b007901b765489abead49d926f721d065a429c1");
+ 40,
+ "348c89dbcbd32b2f32d814b8"
+ "116e84cf2b17347ebc180018"
+ "1c4e2a1fb8dd53e1c635518c7dac47e9");
gnutls_fips140_context_deinit(fips_context);
}
