diff options
author | Jakub Jelen <jjelen@redhat.com> | 2022-11-18 09:49:50 +0900 |
---|---|---|
committer | NIIBE Yutaka <gniibe@fsij.org> | 2022-11-18 10:09:37 +0900 |
commit | 057844700ec2e652249b0b80136229c049d41975 (patch) | |
tree | fa28ba5e4273b3d01916c12b1673971d166e410f | |
parent | 44789af6c23b13911c982883656d6c3238a2e51f (diff) | |
download | libgcrypt-057844700ec2e652249b0b80136229c049d41975.tar.gz |
pkdf2: Add checks for FIPS.
* cipher/kdf.c (_gcry_kdf_pkdf2): Require 8 chars passphrase for FIPS.
Set bounds for salt length and iteration count in FIPS mode.
--
Cherry-picked from master branch of:
f4a861f3e5ae82f278284061e4829c03edf9c3a7
GnuPG-bug-id: 6039
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
-rw-r--r-- | cipher/kdf.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/cipher/kdf.c b/cipher/kdf.c index ff13e6e8..b13574f8 100644 --- a/cipher/kdf.c +++ b/cipher/kdf.c @@ -160,6 +160,18 @@ _gcry_kdf_pkdf2 (const void *passphrase, size_t passphraselen, return GPG_ERR_INV_VALUE; #endif + /* FIPS requires minimum passphrase length, see FIPS 140-3 IG D.N */ + if (fips_mode () && passphraselen < 8) + return GPG_ERR_INV_VALUE; + + /* FIPS requires minimum salt length of 128 b (SP 800-132 sec. 5.1, p.6) */ + if (fips_mode () && saltlen < 16) + return GPG_ERR_INV_VALUE; + + /* FIPS requires minimum iterations bound (SP 800-132 sec 5.2, p.6) */ + if (fips_mode () && iterations < 1000) + return GPG_ERR_INV_VALUE; + /* Check minimum key size */ if (fips_mode () && dklen < 14) return GPG_ERR_INV_VALUE; |