diff options
author | Jakub Jelen <jjelen@redhat.com> | 2022-11-18 09:49:50 +0900 |
---|---|---|
committer | NIIBE Yutaka <gniibe@fsij.org> | 2022-11-18 10:01:05 +0900 |
commit | f4a861f3e5ae82f278284061e4829c03edf9c3a7 (patch) | |
tree | 58b317e5a180baad95aedd7829fcce4cf4859654 /cipher | |
parent | 1ce5fce7e4de3e7a44bc37fd741ed52f0054a970 (diff) | |
download | libgcrypt-f4a861f3e5ae82f278284061e4829c03edf9c3a7.tar.gz |
pkdf2: Add checks for FIPS.
* cipher/kdf.c (_gcry_kdf_pkdf2): Require 8 chars passphrase for FIPS.
Set bounds for salt length and iteration count in FIPS mode.
--
GnuPG-bug-id: 6039
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Diffstat (limited to 'cipher')
-rw-r--r-- | cipher/kdf.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/cipher/kdf.c b/cipher/kdf.c index d22584da..823c744e 100644 --- a/cipher/kdf.c +++ b/cipher/kdf.c @@ -160,6 +160,18 @@ _gcry_kdf_pkdf2 (const void *passphrase, size_t passphraselen, return GPG_ERR_INV_VALUE; #endif + /* FIPS requires minimum passphrase length, see FIPS 140-3 IG D.N */ + if (fips_mode () && passphraselen < 8) + return GPG_ERR_INV_VALUE; + + /* FIPS requires minimum salt length of 128 b (SP 800-132 sec. 5.1, p.6) */ + if (fips_mode () && saltlen < 16) + return GPG_ERR_INV_VALUE; + + /* FIPS requires minimum iterations bound (SP 800-132 sec 5.2, p.6) */ + if (fips_mode () && iterations < 1000) + return GPG_ERR_INV_VALUE; + /* Check minimum key size */ if (fips_mode () && dklen < 14) return GPG_ERR_INV_VALUE; |