diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-12-20 15:36:59 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-02-19 08:39:36 +0100 |
| commit | 0bca8ce7c2ed2cdadb52466ae5147ea9cb3997aa (patch) | |
| tree | 79190e3ca998d82c9d98999970ddcd7a12c8c8ec | |
| parent | 76bc340c4815e1e6d03390a6cd2ff4f097755255 (diff) | |
| download | gnutls-0bca8ce7c2ed2cdadb52466ae5147ea9cb3997aa.tar.gz | |
fips140: enforcement of hash and MACs use moved to crypto-api.c and hash_int.c
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | lib/crypto-api.c | 28 | ||||
| -rw-r--r-- | lib/fips.h | 29 | ||||
| -rw-r--r-- | lib/hash_int.c | 6 | ||||
| -rw-r--r-- | lib/nettle/mac.c | 27 |
4 files changed, 53 insertions, 37 deletions
diff --git a/lib/crypto-api.c b/lib/crypto-api.c index 788627a118..eeb2610a53 100644 --- a/lib/crypto-api.c +++ b/lib/crypto-api.c @@ -299,6 +299,7 @@ void gnutls_cipher_deinit(gnutls_cipher_hd_t handle) /* HMAC */ + /** * gnutls_hmac_init: * @dig: is a #gnutls_hmac_hd_t type @@ -323,15 +324,9 @@ gnutls_hmac_init(gnutls_hmac_hd_t * dig, gnutls_mac_algorithm_t algorithm, const void *key, size_t keylen) { -#ifdef ENABLE_FIPS140 /* MD5 is only allowed internally for TLS */ - if (_gnutls_fips_mode_enabled() != 0 && - _gnutls_get_lib_state() != LIB_STATE_SELFTEST) { - - if (algorithm == GNUTLS_MAC_MD5) - return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM); - } -#endif + if (is_mac_algo_forbidden(algorithm)) + return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM); *dig = gnutls_malloc(sizeof(mac_hd_st)); if (*dig == NULL) { @@ -446,6 +441,9 @@ gnutls_hmac_fast(gnutls_mac_algorithm_t algorithm, const void *key, size_t keylen, const void *ptext, size_t ptext_len, void *digest) { + if (is_mac_algo_forbidden(algorithm)) + return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM); + return _gnutls_mac_fast(algorithm, key, keylen, ptext, ptext_len, digest); } @@ -470,15 +468,8 @@ int gnutls_hash_init(gnutls_hash_hd_t * dig, gnutls_digest_algorithm_t algorithm) { -#ifdef ENABLE_FIPS140 - /* MD5 is only allowed internally for TLS */ - if (_gnutls_fips_mode_enabled() != 0 && - _gnutls_get_lib_state() != LIB_STATE_SELFTEST) { - - if (algorithm == GNUTLS_DIG_MD5) - return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM); - } -#endif + if (is_mac_algo_forbidden(algorithm)) + return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM); *dig = gnutls_malloc(sizeof(digest_hd_st)); if (*dig == NULL) { @@ -573,6 +564,9 @@ int gnutls_hash_fast(gnutls_digest_algorithm_t algorithm, const void *ptext, size_t ptext_len, void *digest) { + if (is_mac_algo_forbidden(algorithm)) + return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM); + return _gnutls_hash_fast(algorithm, ptext, ptext_len, digest); } diff --git a/lib/fips.h b/lib/fips.h index 4de5ea2422..413cb3cd08 100644 --- a/lib/fips.h +++ b/lib/fips.h @@ -73,4 +73,33 @@ void _gnutls_switch_lib_state(gnutls_lib_state_t state); void _gnutls_lib_simulate_error(void); void _gnutls_lib_force_operational(void); +#ifdef ENABLE_FIPS140 +inline +static unsigned is_mac_algo_forbidden(gnutls_mac_algorithm_t algo) +{ + if (_gnutls_fips_mode_enabled() != 0 && + _gnutls_get_lib_state() != LIB_STATE_SELFTEST) { + + switch(algo) { + case GNUTLS_MAC_SHA1: + case GNUTLS_MAC_SHA256: + case GNUTLS_MAC_SHA384: + case GNUTLS_MAC_SHA512: + case GNUTLS_MAC_SHA224: + case GNUTLS_MAC_SHA3_224: + case GNUTLS_MAC_SHA3_256: + case GNUTLS_MAC_SHA3_384: + case GNUTLS_MAC_SHA3_512: + return 0; + default: + return 1; + } + } + + return 0; +} +#else +# define is_mac_algo_forbidden(x) 0 +#endif + #endif /* FIPS_H */ diff --git a/lib/hash_int.c b/lib/hash_int.c index ba2a5f01f1..1c33796e77 100644 --- a/lib/hash_int.c +++ b/lib/hash_int.c @@ -78,6 +78,9 @@ int _gnutls_digest_exists(gnutls_digest_algorithm_t algo) { const gnutls_crypto_digest_st *cc = NULL; + if (is_mac_algo_forbidden(algo)) + return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM); + cc = _gnutls_get_crypto_digest(algo); if (cc != NULL) return 1; @@ -178,6 +181,9 @@ int _gnutls_mac_exists(gnutls_mac_algorithm_t algo) if (algo == GNUTLS_MAC_AEAD) return 1; + if (is_mac_algo_forbidden(algo)) + return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM); + cc = _gnutls_get_crypto_mac(algo); if (cc != NULL) return 1; diff --git a/lib/nettle/mac.c b/lib/nettle/mac.c index e63ff6110b..68fb478849 100644 --- a/lib/nettle/mac.c +++ b/lib/nettle/mac.c @@ -32,7 +32,6 @@ #include <nettle/sha3.h> #include <nettle/hmac.h> #include <nettle/umac.h> -#include <fips.h> typedef void (*update_func) (void *, size_t, const uint8_t *); typedef void (*digest_func) (void *, size_t, uint8_t *); @@ -109,6 +108,9 @@ _wrap_umac128_set_key(void *ctx, size_t len, const uint8_t * key) static int _mac_ctx_init(gnutls_mac_algorithm_t algo, struct nettle_mac_ctx *ctx) { + /* Any FIPS140-2 related enforcement is performed on + * gnutls_hash_init() and gnutls_hmac_init() */ + ctx->set_nonce = NULL; switch (algo) { case GNUTLS_MAC_MD5: @@ -154,9 +156,6 @@ static int _mac_ctx_init(gnutls_mac_algorithm_t algo, ctx->length = SHA512_DIGEST_SIZE; break; case GNUTLS_MAC_UMAC_96: - if (_gnutls_fips_mode_enabled() != 0) - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - ctx->update = (update_func) umac96_update; ctx->digest = (digest_func) umac96_digest; ctx->set_key = _wrap_umac96_set_key; @@ -165,9 +164,6 @@ static int _mac_ctx_init(gnutls_mac_algorithm_t algo, ctx->length = 12; break; case GNUTLS_MAC_UMAC_128: - if (_gnutls_fips_mode_enabled() != 0) - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - ctx->update = (update_func) umac128_update; ctx->digest = (digest_func) umac128_digest; ctx->set_key = _wrap_umac128_set_key; @@ -216,14 +212,9 @@ static int wrap_nettle_mac_exists(gnutls_mac_algorithm_t algo) case GNUTLS_MAC_SHA256: case GNUTLS_MAC_SHA384: case GNUTLS_MAC_SHA512: - return 1; - case GNUTLS_MAC_UMAC_96: case GNUTLS_MAC_UMAC_128: - if (_gnutls_fips_mode_enabled() != 0) - return 0; - else - return 1; + return 1; default: return 0; } @@ -348,10 +339,7 @@ static int wrap_nettle_hash_exists(gnutls_digest_algorithm_t algo) return 0; #endif case GNUTLS_DIG_MD2: - if (_gnutls_fips_mode_enabled() != 0) - return 0; - else - return 1; + return 1; default: return 0; } @@ -380,6 +368,8 @@ static void _md5_sha1_digest(void *_ctx, size_t len, uint8_t *digest) static int _ctx_init(gnutls_digest_algorithm_t algo, struct nettle_hash_ctx *ctx) { + /* Any FIPS140-2 related enforcement is performed on + * gnutls_hash_init() and gnutls_hmac_init() */ switch (algo) { case GNUTLS_DIG_MD5: md5_init(&ctx->ctx.md5); @@ -462,9 +452,6 @@ static int _ctx_init(gnutls_digest_algorithm_t algo, break; #endif case GNUTLS_DIG_MD2: - if (_gnutls_fips_mode_enabled() != 0) - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - md2_init(&ctx->ctx.md2); ctx->update = (update_func) md2_update; ctx->digest = (digest_func) md2_digest; |