Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FYI 3.3 backport] fips: enforce minimum MAC key length of 112 bits #24225

Draft
wants to merge 4 commits into
base: openssl-3.3
Choose a base branch
from
Draft

[FYI 3.3 backport] fips: enforce minimum MAC key length of 112 bits #24225

wants to merge 4 commits into from

Conversation

xnox
Copy link
Contributor

@xnox xnox commented Apr 22, 2024

Draft backport of #24199 to 3.3.0 tag

@0140454 @xnox
Use RFC 5869 test case for HKDF self-test
d04a1fa 
According to NIST SP 800-131Ar2 section 8, the length of the
key-derivation key shall be at least 112 bits.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from openssl#23833)

(cherry picked from commit 23fd48d)
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk>
@xnox xnox changed the base branch from master to openssl-3.3 April 22, 2024 09:56
@xnox xnox marked this pull request as draft April 22, 2024 09:56
@xnox
hkdf: when HMAC key is all zeros, still set a valid key length
9c8b1c3 
By itself, this is no change in any computation. However, this will
unlock enforcing minimum key lengths for NIST and FIPS 140-3
requirements.

Also reading RFC8448 and RFC5869, this seems to be strictly correct
too.

Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk>
(cherry picked from commit d657b03)
@xnox
fips: enforce minimum MAC key length of 112 bits
e36f71e 
Most regulations require 112 bits. Post 2030 transition to 128 bits is
likely. Implement security check to validate minimum MAC key length.

For FIPS, set it to 112 bits. This is inline with key sizes
recommendations in https://doi.org/10.6028/NIST.SP.800-131Ar2.

Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk>
@xnox
WIP: skip all failing test cases
c885f7b 
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk>
@xnox xnox force-pushed the min-mac-key-securitycheck-3.3.0 branch from 218f657 to c885f7b Compare April 22, 2024 10:21
@github-actions github-actions bot added the severity: fips change The pull request changes FIPS provider sources label Apr 22, 2024
@slontis
Copy link
Member

slontis commented Apr 24, 2024

Unless we are validating 3.3 as a FIPS provider, I dont think it should be backported if we intend to use indicators.

@t8m t8m added resolved: wont fix The issue has been confirmed but won't be fixed triaged: feature The issue/pr requests/adds a feature labels Apr 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
resolved: wont fix The issue has been confirmed but won't be fixed severity: fips change The pull request changes FIPS provider sources triaged: feature The issue/pr requests/adds a feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@xnox @slontis @t8m @0140454