/[smecontribs]/rpms/openssl3/contribs10/0078-Add-FIPS-indicator-parameter-to-HKDF.patch
ViewVC logotype

Annotation of /rpms/openssl3/contribs10/0078-Add-FIPS-indicator-parameter-to-HKDF.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Wed Jan 31 17:24:46 2024 UTC (10 months ago) by jpp
Branch: MAIN
CVS Tags: openssl3-3_0_7-5_el7_sme_1, HEAD
Initial import

1 jpp 1.1 From 0c4aaedf29a1ed1559762515bfeaa5923925e18f Mon Sep 17 00:00:00 2001
2     From: Clemens Lang <cllang@redhat.com>
3     Date: Thu, 11 Aug 2022 09:27:12 +0200
4     Subject: [PATCH 1/2] Add FIPS indicator parameter to HKDF
5    
6     NIST considers HKDF only acceptable when used as in TLS 1.3, and
7     otherwise unapproved. Add an explicit indicator attached to the
8     EVP_KDF_CTX that can be queried using EVP_KDF_CTX_get_params() to
9     determine whether the KDF operation was approved after performing it.
10    
11     Signed-off-by: Clemens Lang <cllang@redhat.com>
12     Related: rhbz#2114772
13     ---
14     include/crypto/evp.h | 7 ++++
15     include/openssl/core_names.h | 1 +
16     include/openssl/kdf.h | 4 ++
17     providers/implementations/kdfs/hkdf.c | 53 +++++++++++++++++++++++++++
18     4 files changed, 65 insertions(+)
19    
20     diff --git a/include/crypto/evp.h b/include/crypto/evp.h
21     index e70d8e9e84..76fb990de4 100644
22     --- a/include/crypto/evp.h
23     +++ b/include/crypto/evp.h
24     @@ -219,6 +219,13 @@ struct evp_mac_st {
25     OSSL_FUNC_mac_set_ctx_params_fn *set_ctx_params;
26     };
27    
28     +#ifdef FIPS_MODULE
29     +/* According to NIST Special Publication 800-131Ar2, Section 8: Deriving
30     + * Additional Keys from a Cryptographic Key, "[t]he length of the
31     + * key-derivation key [i.e., the input key] shall be at least 112 bits". */
32     +# define EVP_KDF_FIPS_MIN_KEY_LEN (112 / 8)
33     +#endif
34     +
35     struct evp_kdf_st {
36     OSSL_PROVIDER *prov;
37     int name_id;
38     diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
39     index 21c94d0488..c019afbbb0 100644
40     --- a/include/openssl/core_names.h
41     +++ b/include/openssl/core_names.h
42     @@ -223,6 +223,7 @@ extern "C" {
43     #define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
44     #define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
45     #define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
46     +#define OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR "redhat-fips-indicator"
47    
48     /* Known KDF names */
49     #define OSSL_KDF_NAME_HKDF "HKDF"
50     diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h
51     index 0983230a48..86171635ea 100644
52     --- a/include/openssl/kdf.h
53     +++ b/include/openssl/kdf.h
54     @@ -63,6 +63,10 @@ int EVP_KDF_names_do_all(const EVP_KDF *kdf,
55     # define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1
56     # define EVP_KDF_HKDF_MODE_EXPAND_ONLY 2
57    
58     +# define EVP_KDF_REDHAT_FIPS_INDICATOR_UNDETERMINED 0
59     +# define EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED 1
60     +# define EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2
61     +
62     #define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 65
63     #define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66
64     #define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67
65     diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c
66     index afdb7138e1..6f06fa58fe 100644
67     --- a/providers/implementations/kdfs/hkdf.c
68     +++ b/providers/implementations/kdfs/hkdf.c
69     @@ -298,6 +298,56 @@ static int kdf_hkdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
70     return 0;
71     return OSSL_PARAM_set_size_t(p, sz);
72     }
73     +
74     +#ifdef FIPS_MODULE
75     + if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR))
76     + != NULL) {
77     + int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_UNDETERMINED;
78     + switch (ctx->mode) {
79     + case EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND:
80     + /* TLS 1.3 never uses extract-and-expand */
81     + fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
82     + break;
83     + case EVP_KDF_HKDF_MODE_EXTRACT_ONLY:
84     + {
85     + /* When TLS 1.3 uses extract, the following holds:
86     + * 1. The salt length matches the hash length, and either
87     + * 2.1. the key is all zeroes and matches the hash length, or
88     + * 2.2. the key originates from a PSK (resumption_master_secret
89     + * or some externally esablished key), or an ECDH or DH key
90     + * derivation. See
91     + * https://www.rfc-editor.org/rfc/rfc8446#section-7.1.
92     + * Unfortunately at this point, we cannot verify where the key
93     + * comes from, so all we can do is check the salt length.
94     + */
95     + const EVP_MD *md = ossl_prov_digest_md(&ctx->digest);
96     + if (md != NULL && ctx->salt_len == (size_t) EVP_MD_get_size(md))
97     + fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED;
98     + else
99     + fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
100     + }
101     + break;
102     + case EVP_KDF_HKDF_MODE_EXPAND_ONLY:
103     + /* When TLS 1.3 uses expand, it always provides a label that
104     + * contains an uint16 for the length, followed by between 7 and 255
105     + * bytes for a label string that starts with "tls13 " or "dtls13".
106     + * For compatibility with future versions, we only check for "tls"
107     + * or "dtls". See
108     + * https://www.rfc-editor.org/rfc/rfc8446#section-7.1 and
109     + * https://www.rfc-editor.org/rfc/rfc9147#section-5.9. */
110     + if (ctx->label != NULL
111     + && ctx->label_len >= 2 /* length */ + 4 /* "dtls" */
112     + && (strncmp("tls", (const char *)ctx->label + 2, 3) == 0 ||
113     + strncmp("dtls", (const char *)ctx->label + 2, 4) == 0))
114     + fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED;
115     + else
116     + fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
117     + break;
118     + }
119     + return OSSL_PARAM_set_int(p, fips_indicator);
120     + }
121     +#endif /* defined(FIPS_MODULE) */
122     +
123     return -2;
124     }
125    
126     @@ -306,6 +356,9 @@ static const OSSL_PARAM *kdf_hkdf_gettable_ctx_params(ossl_unused void *ctx,
127     {
128     static const OSSL_PARAM known_gettable_ctx_params[] = {
129     OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
130     +#ifdef FIPS_MODULE
131     + OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, NULL),
132     +#endif /* defined(FIPS_MODULE) */
133     OSSL_PARAM_END
134     };
135     return known_gettable_ctx_params;
136     --
137     2.38.1
138    

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed