From cc0b5ccd6ee404b4faa969d19440078bc8b49f35 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 7 Mar 2025 18:22:07 -0500 Subject: [PATCH 48/53] FIPS: NO Kmac Signed-off-by: Simo Sorce --- providers/fips/fipsprov.c | 10 +++++---- providers/fips/self_test_data.inc | 4 ++++ test/recipes/30-test_evp_data/evpkdf_ss.txt | 2 ++ .../30-test_evp_data/evpmac_common.txt | 22 +++++++++++++++++++ 4 files changed, 34 insertions(+), 4 deletions(-) diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 30f0c8ca14..00b7d1e2aa 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -293,10 +293,11 @@ static const OSSL_ALGORITHM fips_digests[] = { * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for * KMAC128 and KMAC256. */ - { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES, + /* We don't certify KECCAK in our FIPS provider */ + /* { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_keccak_kmac_128_functions }, { PROV_NAMES_KECCAK_KMAC_256, FIPS_DEFAULT_PROPERTIES, - ossl_keccak_kmac_256_functions }, + ossl_keccak_kmac_256_functions }, */ { NULL, NULL, NULL } }; @@ -369,8 +370,9 @@ static const OSSL_ALGORITHM fips_macs[] = { #endif { PROV_NAMES_GMAC, FIPS_DEFAULT_PROPERTIES, ossl_gmac_functions }, { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_hmac_functions }, - { PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions }, - { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions }, + /* We don't certify KMAC in our FIPS provider */ + /*{ PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions }, + { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions }, */ { NULL, NULL, NULL } }; diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc index 6a69e1687b..f3059a8446 100644 --- a/providers/fips/self_test_data.inc +++ b/providers/fips/self_test_data.inc @@ -544,6 +544,7 @@ static const ST_KAT_PARAM kbkdf_params[] = { ST_KAT_PARAM_END() }; +#if 0 static const char kbkdf_kmac_mac[] = "KMAC128"; static unsigned char kbkdf_kmac_label[] = { 0xB5, 0xB5, 0xF3, 0x71, 0x9F, 0xBE, 0x5B, 0x3D, @@ -570,6 +571,7 @@ static const ST_KAT_PARAM kbkdf_kmac_params[] = { ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, kbkdf_kmac_context), ST_KAT_PARAM_END() }; +#endif static const char tls13_kdf_digest[] = "SHA256"; static int tls13_kdf_extract_mode = EVP_KDF_HKDF_MODE_EXTRACT_ONLY; @@ -660,12 +662,14 @@ static const ST_KAT_KDF st_kat_kdf_tests[] = kbkdf_params, ITM(kbkdf_expected) }, +#if 0 { OSSL_SELF_TEST_DESC_KDF_KBKDF_KMAC, OSSL_KDF_NAME_KBKDF, kbkdf_kmac_params, ITM(kbkdf_kmac_expected) }, +#endif { OSSL_SELF_TEST_DESC_KDF_HKDF, OSSL_KDF_NAME_HKDF, diff --git a/test/recipes/30-test_evp_data/evpkdf_ss.txt b/test/recipes/30-test_evp_data/evpkdf_ss.txt index 07691ccf57..ce315ecf76 100644 --- a/test/recipes/30-test_evp_data/evpkdf_ss.txt +++ b/test/recipes/30-test_evp_data/evpkdf_ss.txt @@ -1171,6 +1171,7 @@ Ctrl.hexsecret = hexsecret:40B6E03711EBEBA14011ACE96CB056DEBAEB6E5E706F99435257C Ctrl.hexinfo = hexinfo:5D437C2F1035A4F1F751E59CF10650171EF5769FCFBE438DFBC5BD8EA724100076447AB804F91DFA680E592FE2621A45DAB4C6A77B678059FC29E572DE4424EB5459F53523002ED38AAB1D9DD96C3523D1907C5EFBAE93DFFE680F716498720110D2A3B9CE9B66DB2884C83E9BEB546754874C0CA1967AF000000400 Output = 428979EA52175DC833C04215AC6B4BA89BA4FCAA0E0FA3B4E2C0E264C5746F0A5C788F2907A2C2B90719E396B35A14C4B583C51B9911125D34100FADDC4D94C0D936263CC1EF0B0D526E3891FE1F67BCB94DEA2525B84A8E7949A4CA34F36AEEC55099BF0EC5DE24B86428F4E6E6E23FE9AA443E2BDCF25A77ECD22BF758D554 +Availablein = default KDF = SSKDF Ctrl.mac = mac:KMAC-128 Ctrl.hexsecret = hexsecret:EAD54AE33FFAFFE7875610390ADBA9DFB291EE8C1920CB13452FDF851E0A6DBBB862FD8811F8CB29CDEC13591D8C047065FCD2 @@ -1257,6 +1258,7 @@ Ctrl.hexsalt = hexsalt:00 Ctrl.hexinfo = hexinfo:861aa2886798231259bd0314 Output = 02cfca07797566285b38982b86762abd +Availablein = default KDF = SSKDF Ctrl.mac = mac:KMAC-128 Ctrl.hexsalt = hexsalt:00000000 diff --git a/test/recipes/30-test_evp_data/evpmac_common.txt b/test/recipes/30-test_evp_data/evpmac_common.txt index 831eecbac9..f18b558796 100644 --- a/test/recipes/30-test_evp_data/evpmac_common.txt +++ b/test/recipes/30-test_evp_data/evpmac_common.txt @@ -399,6 +399,7 @@ Input = 68F2E77696CE7AE8E2CA4EC588E541002E58495C08000F101112131415161718191A1B1C Result = MAC_INIT_ERROR Reason = invalid mode +Availablein = default Title = KMAC Tests (From NIST) MAC = KMAC128 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F @@ -409,12 +410,14 @@ Ctrl = xof:0 OutputSize = 32 BlockSize = 168 +Availablein = default MAC = KMAC128 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 00010203 Custom = "My Tagged Application" Output = 3B1FBA963CD8B0B59E8C1A6D71888B7143651AF8BA0A7070C0979E2811324AA5 +Availablein = default MAC = KMAC128 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 @@ -422,6 +425,7 @@ Custom = "My Tagged Application" Output = 1F5B4E6CCA02209E0DCB5CA635B89A15E271ECC760071DFD805FAA38F9729230 Ctrl = size:32 +Availablein = default MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 00010203 @@ -430,12 +434,14 @@ Output = 20C570C31346F703C9AC36C61C03CB64C3970D0CFC787E9B79599D273A68D2F7F69D4CC OutputSize = 64 BlockSize = 136 +Availablein = default MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 Custom = "" Output = 75358CF39E41494E949707927CEE0AF20A3FF553904C86B08F21CC414BCFD691589D27CF5E15369CBBFF8B9A4C2EB17800855D0235FF635DA82533EC6B759B69 +Availablein = default MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 @@ -445,12 +451,14 @@ Ctrl = size:64 Title = KMAC XOF Tests (From NIST) +Availablein = default MAC = KMAC128 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 00010203 Output = CD83740BBD92CCC8CF032B1481A0F4460E7CA9DD12B08A0C4031178BACD6EC35 XOF = 1 +Availablein = default MAC = KMAC128 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 00010203 @@ -458,6 +466,7 @@ Custom = "My Tagged Application" Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C XOF = 1 +Availablein = default MAC = KMAC128 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 @@ -466,6 +475,7 @@ Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F XOF = 1 Ctrl = size:32 +Availablein = default MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 00010203 @@ -473,6 +483,7 @@ Custom = "My Tagged Application" Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B XOF = 1 +Availablein = default MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 @@ -480,6 +491,7 @@ Custom = "" Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B XOF = 1 +Availablein = default MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 @@ -490,6 +502,7 @@ XOF = 1 Title = KMAC long customisation string (from NIST ACVP) +Availablein = default MAC = KMAC256 Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3 Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D @@ -500,12 +513,14 @@ XOF = 1 Title = KMAC XOF Tests via ctrl (From NIST) +Availablein = default MAC = KMAC128 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 00010203 Output = CD83740BBD92CCC8CF032B1481A0F4460E7CA9DD12B08A0C4031178BACD6EC35 Ctrl = xof:1 +Availablein = default MAC = KMAC128 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 00010203 @@ -513,6 +528,7 @@ Custom = "My Tagged Application" Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C Ctrl = xof:1 +Availablein = default MAC = KMAC128 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 @@ -521,6 +537,7 @@ Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F Ctrl = xof:1 Ctrl = size:32 +Availablein = default MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 00010203 @@ -528,6 +545,7 @@ Custom = "My Tagged Application" Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B Ctrl = xof:1 +Availablein = default MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 @@ -535,6 +553,7 @@ Custom = "" Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B Ctrl = xof:1 +Availablein = default MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 @@ -545,6 +564,7 @@ Ctrl = xof:1 Title = KMAC long customisation string via ctrl (from NIST ACVP) +Availablein = default MAC = KMAC256 Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3 Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D @@ -555,6 +575,7 @@ Ctrl = xof:1 Title = KMAC long customisation string negative test +Availablein = default MAC = KMAC128 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 @@ -564,6 +585,7 @@ Reason = invalid custom length Title = KMAC output is too large +Availablein = default MAC = KMAC256 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -- 2.49.0