openssl3/SOURCES/0082-kbkdf-Add-explicit-FIP...

From 185fbbfea732588187c81d1b2cafb3e1fae9eb77 Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Thu, 17 Nov 2022 16:38:45 +0100
Subject: [PATCH 2/2] kbkdf: Add explicit FIPS indicator for key length

NIST SP 800-131Ar2, section 8 "Deriving Additional Keys from
a Cryptographic Key" says that for KDFs defined in SP 800-108, "[t]he
length of the key-derivation key shall be at least 112 bits". It further
specifies that HMAC-based KDFs "with a key whose length is at least 112
bits" are acceptable.

Add an explicit indicator for SP 800-108 KDFs that will mark shorter key
lengths as unapproved. The indicator can be queried from the EVP_KDF_CTX
object using EVP_KDF_CTX_get_params() with the
  OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR
parameter.

Signed-off-by: Clemens Lang <cllang@redhat.com>
---
 providers/implementations/kdfs/kbkdf.c | 32 +++++++++++++++++++++-----
 1 file changed, 26 insertions(+), 6 deletions(-)

diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c
index a542f84dfa..93a8a10537 100644
--- a/providers/implementations/kdfs/kbkdf.c
+++ b/providers/implementations/kdfs/kbkdf.c
@@ -365,18 +365,38 @@ static int kbkdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
     OSSL_PARAM *p;
 
     p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE);
-    if (p == NULL)
-        return -2;
+    if (p != NULL)
+        /* KBKDF can produce results as large as you like. */
+        return OSSL_PARAM_set_size_t(p, SIZE_MAX);
+
+#ifdef FIPS_MODULE
+    p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR);
+    if (p != NULL) {
+        KBKDF *ctx = (KBKDF *)vctx;
+        int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED;
+        /* According to NIST Special Publication 800-131Ar2, Section 8:
+         * Deriving Additional Keys from a Cryptographic Key, "[t]he length of
+         * the key-derivation key [i.e., the input key] shall be at least 112
+         * bits". */
+        if (ctx->ki_len < EVP_KDF_FIPS_MIN_KEY_LEN)
+            fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
+        return OSSL_PARAM_set_int(p, fips_indicator);
+    }
+#endif
 
-    /* KBKDF can produce results as large as you like. */
-    return OSSL_PARAM_set_size_t(p, SIZE_MAX);
+    return -2;
 }
 
 static const OSSL_PARAM *kbkdf_gettable_ctx_params(ossl_unused void *ctx,
                                                    ossl_unused void *provctx)
 {
-    static const OSSL_PARAM known_gettable_ctx_params[] =
-        { OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), OSSL_PARAM_END };
+    static const OSSL_PARAM known_gettable_ctx_params[] = {
+        OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
+#ifdef FIPS_MODULE
+        OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, NULL),
+#endif /* defined(FIPS_MODULE) */
+        OSSL_PARAM_END
+    };
     return known_gettable_ctx_params;
 }
 
-- 
2.38.1
import openssl3-3.0.7-5.el8.1 9 months ago			`From 185fbbfea732588187c81d1b2cafb3e1fae9eb77 Mon Sep 17 00:00:00 2001`
			`From: Clemens Lang <cllang@redhat.com>`
			`Date: Thu, 17 Nov 2022 16:38:45 +0100`
			`Subject: [PATCH 2/2] kbkdf: Add explicit FIPS indicator for key length`

			`NIST SP 800-131Ar2, section 8 "Deriving Additional Keys from`
			`a Cryptographic Key" says that for KDFs defined in SP 800-108, "[t]he`
			`length of the key-derivation key shall be at least 112 bits". It further`
			`specifies that HMAC-based KDFs "with a key whose length is at least 112`
			`bits" are acceptable.`

			`Add an explicit indicator for SP 800-108 KDFs that will mark shorter key`
			`lengths as unapproved. The indicator can be queried from the EVP_KDF_CTX`
			`object using EVP_KDF_CTX_get_params() with the`
			`OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR`
			`parameter.`

			`Signed-off-by: Clemens Lang <cllang@redhat.com>`
			`---`
			`providers/implementations/kdfs/kbkdf.c \| 32 +++++++++++++++++++++-----`
			`1 file changed, 26 insertions(+), 6 deletions(-)`

			`diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c`
			`index a542f84dfa..93a8a10537 100644`
			`--- a/providers/implementations/kdfs/kbkdf.c`
			`+++ b/providers/implementations/kdfs/kbkdf.c`
			`@@ -365,18 +365,38 @@ static int kbkdf_get_ctx_params(void *vctx, OSSL_PARAM params[])`
			`OSSL_PARAM *p;`

			`p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE);`
			`- if (p == NULL)`
			`- return -2;`
			`+ if (p != NULL)`
			`+ /* KBKDF can produce results as large as you like. */`
			`+ return OSSL_PARAM_set_size_t(p, SIZE_MAX);`
			`+`
			`+#ifdef FIPS_MODULE`
			`+ p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR);`
			`+ if (p != NULL) {`
			`+ KBKDF ctx = (KBKDF )vctx;`
			`+ int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED;`
			`+ /* According to NIST Special Publication 800-131Ar2, Section 8:`
			`+ * Deriving Additional Keys from a Cryptographic Key, "[t]he length of`
			`+ * the key-derivation key [i.e., the input key] shall be at least 112`
			`+ * bits". */`
			`+ if (ctx->ki_len < EVP_KDF_FIPS_MIN_KEY_LEN)`
			`+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;`
			`+ return OSSL_PARAM_set_int(p, fips_indicator);`
			`+ }`
			`+#endif`

			`- /* KBKDF can produce results as large as you like. */`
			`- return OSSL_PARAM_set_size_t(p, SIZE_MAX);`
			`+ return -2;`
			`}`

			`static const OSSL_PARAM kbkdf_gettable_ctx_params(ossl_unused void ctx,`
			`ossl_unused void *provctx)`
			`{`
			`- static const OSSL_PARAM known_gettable_ctx_params[] =`
			`- { OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), OSSL_PARAM_END };`
			`+ static const OSSL_PARAM known_gettable_ctx_params[] = {`
			`+ OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),`
			`+#ifdef FIPS_MODULE`
			`+ OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, NULL),`
			`+#endif /* defined(FIPS_MODULE) */`
			`+ OSSL_PARAM_END`
			`+ };`
			`return known_gettable_ctx_params;`
			`}`

			`--`
			`2.38.1`