pkdf2: Add checks for FIPS.

* cipher/kdf.c (_gcry_kdf_pkdf2): Require 8 chars passphrase for FIPS. Set bounds for salt length and iteration count in FIPS mode. -- Cherry-picked from master branch of: f4a861f3e5ae82f278284061e4829c03edf9c3a7 GnuPG-bug-id: 6039 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
author: Jakub Jelen <jjelen@redhat.com> 2022-11-18 09:49:50 +0900
committer: NIIBE Yutaka <gniibe@fsij.org> 2022-11-18 10:09:37 +0900
commit: 057844700ec2e652249b0b80136229c049d41975 (patch)
tree: fa28ba5e4273b3d01916c12b1673971d166e410f
parent: 44789af6c23b13911c982883656d6c3238a2e51f (diff)
download: libgcrypt-057844700ec2e652249b0b80136229c049d41975.tar.gz
1 files changed, 12 insertions, 0 deletions
diff --git a/cipher/kdf.c b/cipher/kdf.c
index ff13e6e8..b13574f8 100644
--- a/cipher/kdf.c
+++ b/cipher/kdf.c
@@ -160,6 +160,18 @@ _gcry_kdf_pkdf2 (const void *passphrase, size_t passphraselen,
     return GPG_ERR_INV_VALUE;
 #endif
 
+  /* FIPS requires minimum passphrase length, see FIPS 140-3 IG D.N */
+  if (fips_mode () && passphraselen < 8)
+    return GPG_ERR_INV_VALUE;
+
+  /* FIPS requires minimum salt length of 128 b (SP 800-132 sec. 5.1, p.6) */
+  if (fips_mode () && saltlen < 16)
+    return GPG_ERR_INV_VALUE;
+
+  /* FIPS requires minimum iterations bound (SP 800-132 sec 5.2, p.6) */
+  if (fips_mode () && iterations < 1000)
+    return GPG_ERR_INV_VALUE;
+
   /* Check minimum key size */
   if (fips_mode () && dklen < 14)
     return GPG_ERR_INV_VALUE;
author	Jakub Jelen <jjelen@redhat.com>	2022-11-18 09:49:50 +0900
committer	NIIBE Yutaka <gniibe@fsij.org>	2022-11-18 10:09:37 +0900
commit	057844700ec2e652249b0b80136229c049d41975 (patch)
tree	fa28ba5e4273b3d01916c12b1673971d166e410f
parent	44789af6c23b13911c982883656d6c3238a2e51f (diff)
download	libgcrypt-057844700ec2e652249b0b80136229c049d41975.tar.gz