fips: plumb service indicator to symmetric key crypto operations

Signed-off-by: Daiki Ueno <ueno@gnu.org>
Co-authored-by: Pedro Monreal <pmonrealgonzalez@suse.de>

2 files changed, 75 insertions, 0 deletions

diff --git a/tests/fips-test.c b/tests/fips-test.c
index bf6ec26435..d72b5d2bce 100644
--- a/tests/fips-test.c
+++ b/tests/fips-test.c
@@ -125,6 +125,7 @@ void doit(void)
 	gnutls_fips140_operation_state_t fips_state;
 	gnutls_datum_t signature;
 	unsigned int bits;
+	uint8_t hmac[64];
 
 	fprintf(stderr,
 		"Please note that if in FIPS140 mode, you need to assure the library's integrity prior to running this test\n");
@@ -201,6 +202,42 @@ void doit(void)
 		fail("gnutls_hmac_init succeeded for md5\n");
 	}
 
+	/* HMAC with key equal to or longer than 112 bits: approved */
+	FIPS_PUSH_CONTEXT();
+	ret = gnutls_hmac_init(&mh, GNUTLS_MAC_SHA256, key.data, key.size);
+	if (ret < 0) {
+		fail("gnutls_hmac_init failed\n");
+	}
+	gnutls_hmac_deinit(mh, NULL);
+	FIPS_POP_CONTEXT(APPROVED);
+
+	/* HMAC with key shorter than 112 bits: not approved */
+	FIPS_PUSH_CONTEXT();
+	ret = gnutls_hmac_init(&mh, GNUTLS_MAC_SHA256, key.data, 13);
+	if (ret < 0) {
+		fail("gnutls_hmac_init failed\n");
+	}
+	gnutls_hmac_deinit(mh, NULL);
+	FIPS_POP_CONTEXT(NOT_APPROVED);
+
+	/* HMAC with key equal to or longer than 112 bits: approved */
+	FIPS_PUSH_CONTEXT();
+	ret = gnutls_hmac_fast(GNUTLS_MAC_SHA256, key.data, key.size,
+			       data.data, data.size, hmac);
+	if (ret < 0) {
+		fail("gnutls_hmac_fast failed\n");
+	}
+	FIPS_POP_CONTEXT(APPROVED);
+
+	/* HMAC with key shorter than 112 bits: not approved */
+	FIPS_PUSH_CONTEXT();
+	ret = gnutls_hmac_fast(GNUTLS_MAC_SHA256, key.data, 13,
+			       data.data, data.size, hmac);
+	if (ret < 0) {
+		fail("gnutls_hmac_fast failed\n");
+	}
+	FIPS_POP_CONTEXT(NOT_APPROVED);
+
 	ret = gnutls_rnd(GNUTLS_RND_NONCE, key16, sizeof(key16));
 	if (ret < 0) {
 		fail("gnutls_rnd failed\n");
diff --git a/tests/kdf-api.c b/tests/kdf-api.c
index ec74f44ce8..25fbc6a81f 100644
--- a/tests/kdf-api.c
+++ b/tests/kdf-api.c
@@ -32,6 +32,32 @@
 
 #define MAX_BUF 1024
 
+static gnutls_fips140_context_t fips_context;
+static gnutls_fips140_operation_state_t fips_state;
+
+#define FIPS_PUSH_CONTEXT() do {					\
+	if (gnutls_fips140_mode_enabled()) {				\
+		ret = gnutls_fips140_push_context(fips_context);	\
+		if (ret < 0) {						\
+			fail("gnutls_fips140_push_context failed\n");	\
+		}							\
+	}								\
+} while (0)
+
+#define FIPS_POP_CONTEXT(state) do {					\
+	if (gnutls_fips140_mode_enabled()) {				\
+		ret = gnutls_fips140_pop_context();			\
+		if (ret < 0) {						\
+			fail("gnutls_fips140_context_pop failed\n");	\
+		}							\
+		fips_state = gnutls_fips140_get_operation_state(fips_context); \
+		if (fips_state != GNUTLS_FIPS140_OP_ ## state) {	\
+			fail("operation state is not " # state " (%d)\n", \
+			     fips_state);				\
+		}							\
+	}								\
+} while (0)
+
 static void
 test_hkdf(gnutls_mac_algorithm_t mac,
 	  const char *ikm_hex,
@@ -48,6 +74,7 @@ test_hkdf(gnutls_mac_algorithm_t mac,
 	gnutls_datum_t prk;
 	gnutls_datum_t okm;
 	uint8_t buf[MAX_BUF];
+	int ret;
 
 	success("HKDF test with %s\n", gnutls_mac_get_name(mac));
 
@@ -60,7 +87,9 @@ test_hkdf(gnutls_mac_algorithm_t mac,
 	hex.size = strlen(salt_hex);
 	assert(gnutls_hex_decode2(&hex, &salt) >= 0);
 
+	FIPS_PUSH_CONTEXT();
 	assert(gnutls_hkdf_extract(mac, &ikm, &salt, buf) >= 0);
+	FIPS_POP_CONTEXT(NOT_APPROVED);
 	gnutls_free(ikm.data);
 	gnutls_free(salt.data);
 
@@ -79,7 +108,9 @@ test_hkdf(gnutls_mac_algorithm_t mac,
 	hex.size = strlen(info_hex);
 	assert(gnutls_hex_decode2(&hex, &info) >= 0);
 
+	FIPS_PUSH_CONTEXT();
 	assert(gnutls_hkdf_expand(mac, &prk, &info, buf, length) >= 0);
+	FIPS_POP_CONTEXT(NOT_APPROVED);
 	gnutls_free(info.data);
 
 	okm.data = buf;
@@ -106,6 +137,7 @@ test_pbkdf2(gnutls_mac_algorithm_t mac,
 	gnutls_datum_t salt;
 	gnutls_datum_t okm;
 	uint8_t buf[MAX_BUF];
+	int ret;
 
 	success("PBKDF2 test with %s\n", gnutls_mac_get_name(mac));
 
@@ -117,7 +149,9 @@ test_pbkdf2(gnutls_mac_algorithm_t mac,
 	hex.size = strlen(salt_hex);
 	assert(gnutls_hex_decode2(&hex, &salt) >= 0);
 
+	FIPS_PUSH_CONTEXT();
 	assert(gnutls_pbkdf2(mac, &ikm, &salt, iter_count, buf, length) >= 0);
+	FIPS_POP_CONTEXT(APPROVED);
 	gnutls_free(ikm.data);
 	gnutls_free(salt.data);
 
@@ -135,6 +169,8 @@ test_pbkdf2(gnutls_mac_algorithm_t mac,
 void
 doit(void)
 {
+	assert(gnutls_fips140_context_init(&fips_context) >= 0);
+
 	/* Test vector from RFC 5869.  More thorough testing is done
 	 * in nettle. */
 	test_hkdf(GNUTLS_MAC_SHA256,
@@ -157,4 +193,6 @@ doit(void)
 		    4096,
 		    20,
 		    "4b007901b765489abead49d926f721d065a429c1");
+
+	gnutls_fips140_context_deinit(fips_context);
 }