File gnutls-FIPS-pbkdf2-additional-requirements.patch of Package gnutls.37572

Index: gnutls-3.7.3/lib/crypto-api.c
===================================================================
--- gnutls-3.7.3.orig/lib/crypto-api.c
+++ gnutls-3.7.3/lib/crypto-api.c
@@ -1849,8 +1849,23 @@ gnutls_pbkdf2(gnutls_mac_algorithm_t mac
 		not_approved = true;
 	}
 
-	/* Key lengthes less than 112 bits are not approved */
-	if (length < 14 || key->size < 14) {
+	/* FIPS requires a minimum key length of 112 bits, see FIPS 140-3 IG D.N */
+	if (length < 14) {
+		not_approved = true;
+	}
+
+	/* FIPS requires minimum salt length of 128 bits (SP 800-132 5.1) */
+	if (salt->size < 16) {
+		not_approved = true;
+	}
+
+	/* FIPS requires minimum iterations count (SP 800-132 5.2) */
+	if (iter_count < 1000) {
+		not_approved = true;
+	}
+
+	/* FIPS recommends minimum passlen of 20 characters (SP SP800-132 sec 5) */
+	if (key->size < 20) {
 		not_approved = true;
 	}
 
Index: gnutls-3.7.3/tests/kdf-api.c
===================================================================
--- gnutls-3.7.3.orig/tests/kdf-api.c
+++ gnutls-3.7.3/tests/kdf-api.c
@@ -32,6 +32,9 @@
 
 #define MAX_BUF 1024
 
+#define GNUTLS_PBKDF2_FIPS_NOT_APPROVED 0
+#define GNUTLS_PBKDF2_FIPS_APPROVED 1
+
 static gnutls_fips140_context_t fips_context;
 static gnutls_fips140_operation_state_t fips_state;
 
@@ -130,7 +133,8 @@ test_pbkdf2(gnutls_mac_algorithm_t mac,
 	    const char *salt_hex,
 	    unsigned iter_count,
 	    size_t length,
-	    const char *okm_hex)
+	    const char *okm_hex,
+	    unsigned is_fips_approved)
 {
 	gnutls_datum_t hex;
 	gnutls_datum_t ikm;
@@ -151,7 +155,11 @@ test_pbkdf2(gnutls_mac_algorithm_t mac,
 
 	FIPS_PUSH_CONTEXT();
 	assert(gnutls_pbkdf2(mac, &ikm, &salt, iter_count, buf, length) >= 0);
-	FIPS_POP_CONTEXT(APPROVED);
+	if (is_fips_approved) {
+		FIPS_POP_CONTEXT(APPROVED);
+	} else {
+		FIPS_POP_CONTEXT(NOT_APPROVED);
+	}
 	gnutls_free(ikm.data);
 	gnutls_free(salt.data);
 
@@ -185,6 +193,26 @@ doit(void)
 		  "2d2d0a90cf1a5a4c5db02d56ecc4c5bf"
 		  "34007208d5b887185865");
 
+	/* Test vector from RFC 6070.  More thorough testing is done
+	 * in nettle. */
+	test_pbkdf2(GNUTLS_MAC_SHA1,
+		    "70617373776f7264", /* "password" */
+		    "73616c74",	/* "salt" */
+		    4096,
+		    20,
+		    "4b007901b765489abead49d926f721d065a429c1",
+		    /* Key sizes and output sizes less than 112-bit are not approved.  */
+		    GNUTLS_PBKDF2_FIPS_NOT_APPROVED);
+
+	test_pbkdf2(GNUTLS_MAC_AES_CMAC_128,
+		    "70617373776f726470617373776f7264", /* "passwordpassword" */
+		    "73616c74",	/* "salt" */
+		    4096,
+		    20,
+		    "c4c112c6e1e3b8757640603dec78825ff87605a7",
+		    /* Use of AES-CMAC in PBKDF2 is not supported in ACVP.  */
+		    GNUTLS_PBKDF2_FIPS_NOT_APPROVED);
+
 	/* Test vector extracted from:
 	 * https://dev.gnupg.org/source/libgcrypt/browse/master/cipher/kdf.c */
 	test_pbkdf2(GNUTLS_MAC_SHA256,
@@ -197,7 +225,9 @@ doit(void)
 		    40,
 		    "348c89dbcbd32b2f32d814b8"
 		    "116e84cf2b17347ebc180018"
-		    "1c4e2a1fb8dd53e1c635518c7dac47e9");
+		    "1c4e2a1fb8dd53e1c635518c7dac47e9",
+		    /* FIPS approved */
+		    GNUTLS_PBKDF2_FIPS_APPROVED);
 
 	gnutls_fips140_context_deinit(fips_context);
 }