diff options
author | NIIBE Yutaka <gniibe@fsij.org> | 2022-01-19 11:41:40 +0900 |
---|---|---|
committer | NIIBE Yutaka <gniibe@fsij.org> | 2022-01-19 11:41:40 +0900 |
commit | 76aad97dd312e83f2f9b8d086553f2b72ab6546f (patch) | |
tree | 40d41c810f9cff3ebbdae697fceaec5ee2d49928 /tests | |
parent | 6f225308d3e59f8749403ad743d8e6c591142f8f (diff) | |
download | libgcrypt-76aad97dd312e83f2f9b8d086553f2b72ab6546f.tar.gz |
fips: Reject shorter key for HMAC in FIPS mode.
* cipher/md.c (prepare_macpads): Reject < 112-bit key.
* cipher/kdf.c (selftest_pbkdf2): Remove selftest cases with shorter
key.
* cipher/mac-hmac.c (selftests_sha224, selftests_sha256): Likewise.
(selftests_sha384, selftests_sha512, selftests_sha3): Likewise.
* tests/basic.c (check_one_hmac) Handle an error when shorter key
is rejected.
(check_one_mac): Likewise.
* tests/t-kdf.c (check_pbkdf2, check_scrypt): Likewise.
--
GnuPG-bug-id: 5512
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/basic.c | 29 | ||||
-rw-r--r-- | tests/t-kdf.c | 38 |
2 files changed, 57 insertions, 10 deletions
diff --git a/tests/basic.c b/tests/basic.c index ab9a4733..32be7c2f 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -13757,7 +13757,19 @@ check_one_hmac (int algo, const char *data, int datalen, return; } - gcry_md_setkey( hd, key, keylen ); + err = gcry_md_setkey( hd, key, keylen ); + if (err) + { + if (in_fips_mode) + { + if (verbose) + fprintf (stderr, + " shorter key (%d) rejected correctly in fips mode\n", + keylen); + } + gcry_md_close (hd); + return; + } gcry_md_write (hd, data, datalen); @@ -14161,9 +14173,18 @@ check_one_mac (int algo, const char *data, int datalen, clutter_vector_registers(); err = gcry_mac_setkey (hd, key, keylen); if (err) - fail("algo %d, mac gcry_mac_setkey failed: %s\n", algo, gpg_strerror (err)); - if (err) - goto out; + { + if (in_fips_mode) + { + if (verbose) + fprintf (stderr, + " shorter key (%d) rejected correctly in fips mode\n", + keylen); + } + else + fail("algo %d, mac gcry_mac_setkey failed: %s\n", algo, gpg_strerror (err)); + goto out; + } if (ivlen && iv) { diff --git a/tests/t-kdf.c b/tests/t-kdf.c index 48309b9a..26570186 100644 --- a/tests/t-kdf.c +++ b/tests/t-kdf.c @@ -31,6 +31,8 @@ #define PGM "t-kdf" #include "t-common.h" +static int in_fips_mode; + static void dummy_consumer (volatile char *buffer, size_t buflen) @@ -858,8 +860,7 @@ check_openpgp (void) if (tv[tvidx].disabled) continue; /* MD5 isn't supported in fips mode */ - if (gcry_fips_mode_active() - && tv[tvidx].hashalgo == GCRY_MD_MD5) + if (in_fips_mode && tv[tvidx].hashalgo == GCRY_MD_MD5) continue; if (verbose) fprintf (stderr, "checking S2K test vector %d\n", tvidx); @@ -1104,7 +1105,7 @@ check_pbkdf2 (void) GCRY_KDF_PBKDF2, tv[tvidx].hashalgo, tv[tvidx].salt, tv[tvidx].saltlen, tv[tvidx].c, tv[tvidx].dklen, outbuf); - if (gcry_fips_mode_active() && tvidx > 6) + if (in_fips_mode && tvidx > 6) { if (!err) fail ("pbkdf2 test %d unexpectedly passed in FIPS mode: %s\n", @@ -1112,7 +1113,17 @@ check_pbkdf2 (void) continue; } if (err) - fail ("pbkdf2 test %d failed: %s\n", tvidx, gpg_strerror (err)); + { + if (in_fips_mode && tv[tvidx].plen < 14) + { + if (verbose) + fprintf (stderr, + " shorter key (%ld) rejected correctly in fips mode\n", + tv[tvidx].plen); + } + else + fail ("pbkdf2 test %d failed: %s\n", tvidx, gpg_strerror (err)); + } else if (memcmp (outbuf, tv[tvidx].dk, tv[tvidx].dklen)) { fail ("pbkdf2 test %d failed: mismatch\n", tvidx); @@ -1209,7 +1220,17 @@ check_scrypt (void) tv[tvidx].salt, tv[tvidx].saltlen, tv[tvidx].parm_p, tv[tvidx].dklen, outbuf); if (err) - fail ("scrypt test %d failed: %s\n", tvidx, gpg_strerror (err)); + { + if (in_fips_mode && tv[tvidx].plen < 14) + { + if (verbose) + fprintf (stderr, + " shorter key (%ld) rejected correctly in fips mode\n", + tv[tvidx].plen); + } + else + fail ("scrypt test %d failed: %s\n", tvidx, gpg_strerror (err)); + } else if (memcmp (outbuf, tv[tvidx].dk, tv[tvidx].dklen)) { fail ("scrypt test %d failed: mismatch\n", tvidx); @@ -1281,7 +1302,12 @@ main (int argc, char **argv) if (!gcry_check_version (GCRYPT_VERSION)) die ("version mismatch\n"); - xgcry_control ((GCRYCTL_DISABLE_SECMEM, 0)); + if (gcry_fips_mode_active ()) + in_fips_mode = 1; + + if (!in_fips_mode) + xgcry_control ((GCRYCTL_DISABLE_SECMEM, 0)); + xgcry_control ((GCRYCTL_INITIALIZATION_FINISHED, 0)); if (debug) xgcry_control ((GCRYCTL_SET_DEBUG_FLAGS, 1u, 0)); |