File gnutls-fips_XTS_key_check.patch of Package gnutls.18748
Index: gnutls-3.6.7/lib/nettle/backport/xts.c
===================================================================
--- gnutls-3.6.7.orig/lib/nettle/backport/xts.c 2020-04-07 11:11:54.506109418 +0200
+++ gnutls-3.6.7/lib/nettle/backport/xts.c 2020-04-07 16:52:48.543404370 +0200
@@ -203,6 +203,8 @@ xts_decrypt_message(const void *dec_ctx,
void
xts_aes128_set_encrypt_key(struct xts_aes128_key *xts_key, const uint8_t *key)
{
+ /* FIPS requires that the key and the tweak must not be non-equal */
+ assert(memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) != 0);
aes128_set_encrypt_key(&xts_key->cipher, key);
aes128_set_encrypt_key(&xts_key->tweak_cipher, &key[AES128_KEY_SIZE]);
}
@@ -210,6 +212,8 @@ xts_aes128_set_encrypt_key(struct xts_ae
void
xts_aes128_set_decrypt_key(struct xts_aes128_key *xts_key, const uint8_t *key)
{
+ /* FIPS requires that the key and the tweak must not be non-equal */
+ assert(memcmp(key, key + AES128_KEY_SIZE, AES128_KEY_SIZE) != 0);
aes128_set_decrypt_key(&xts_key->cipher, key);
aes128_set_encrypt_key(&xts_key->tweak_cipher, &key[AES128_KEY_SIZE]);
}
@@ -238,6 +242,8 @@ xts_aes128_decrypt_message(struct xts_ae
void
xts_aes256_set_encrypt_key(struct xts_aes256_key *xts_key, const uint8_t *key)
{
+ /* FIPS requires that the key and the tweak must not be non-equal */
+ assert(memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) != 0);
aes256_set_encrypt_key(&xts_key->cipher, key);
aes256_set_encrypt_key(&xts_key->tweak_cipher, &key[AES256_KEY_SIZE]);
}
@@ -245,6 +251,8 @@ xts_aes256_set_encrypt_key(struct xts_ae
void
xts_aes256_set_decrypt_key(struct xts_aes256_key *xts_key, const uint8_t *key)
{
+ /* FIPS requires that the key and the tweak must not be non-equal */
+ assert(memcmp(key, key + AES256_KEY_SIZE, AES256_KEY_SIZE) != 0);
aes256_set_decrypt_key(&xts_key->cipher, key);
aes256_set_encrypt_key(&xts_key->tweak_cipher, &key[AES256_KEY_SIZE]);
}