From 90630939937bd8fa6c0227dbb69491d1e4f0eb7e Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Wed, 26 Feb 2025 07:38:45 -0700 Subject: [PATCH 1/3] Disable XTS-384 as an allowed use in FIPS mode --- fips-check.sh | 4 ++-- wolfcrypt/src/aes.c | 5 +++++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/fips-check.sh b/fips-check.sh index b3472f4f3..462990be4 100755 --- a/fips-check.sh +++ b/fips-check.sh @@ -240,9 +240,9 @@ linuxv5|linuxv5.2.1) ) ;; v6.0.0) - WOLF_REPO_TAG='WCv6.0.0-RC3' + WOLF_REPO_TAG='WCv6.0.0-RC4' FIPS_REPO_TAG='WCv6.0.0-RC4' - ASM_PICKUPS_TAG='WCv6.0.0-RC3' + ASM_PICKUPS_TAG='WCv6.0.0-RC4' FIPS_OPTION='v6' FIPS_FILES=( "wolfcrypt/src/fips.c:${FIPS_REPO_TAG}" diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 2cba92193..c6682214e 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -12818,7 +12818,12 @@ int wc_AesXtsSetKeyNoInit(XtsAes* aes, const byte* key, word32 len, int dir) } if ((len != (AES_128_KEY_SIZE*2)) && +#ifndef HAVE_FIPS + /* XTS-384 not allowed by FIPS and can not be treated like + * RSA-4096 bit keys back in the day, can not vendor affirm + * the use of 2 concatenated 192-bit keys (XTS-384) */ (len != (AES_192_KEY_SIZE*2)) && +#endif (len != (AES_256_KEY_SIZE*2))) { WOLFSSL_MSG("Unsupported key size"); From b8a383469af5ddbfbcf54b29a96e4a2b74b2d39f Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Wed, 26 Feb 2025 11:09:31 -0700 Subject: [PATCH 2/3] Disable 192-bit tests in FIPS mode --- wolfcrypt/test/test.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 3d1c6b6f8..4496567d2 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -11585,6 +11585,8 @@ static wc_test_ret_t aes_xts_128_test(void) } #endif /* WOLFSSL_AES_128 */ +#ifndef HAVE_FIPS +/* FIPS won't allow for XTS-384 (two 192-bit keys) */ #ifdef WOLFSSL_AES_192 static wc_test_ret_t aes_xts_192_test(void) { @@ -12288,7 +12290,7 @@ static wc_test_ret_t aes_xts_192_test(void) return ret; } #endif /* WOLFSSL_AES_192 */ - +#endif /* HAVE_FIPS */ #ifdef WOLFSSL_AES_256 static wc_test_ret_t aes_xts_256_test(void) @@ -14637,11 +14639,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_xts_test(void) return ret; #endif +/* FIPS won't allow for XTS-384 (two 192-bit keys) */ +#ifndef HAVE_FIPS #ifdef WOLFSSL_AES_192 ret = aes_xts_192_test(); if (ret != 0) return ret; #endif +#endif #ifdef WOLFSSL_AES_256 ret = aes_xts_256_test(); From 738462a6f097a290c2582b0e3037284b426b3871 Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Wed, 26 Feb 2025 12:03:25 -0700 Subject: [PATCH 3/3] Remove redundent gates --- wolfcrypt/test/test.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 4496567d2..0ead87dd0 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -11677,7 +11677,6 @@ static wc_test_ret_t aes_xts_192_test(void) 0x65, 0x37, 0x15, 0x53, 0xf1, 0x98, 0xab, 0xb4 }; -#ifndef HAVE_FIPS /* FIPS requires different keys for main and tweak. */ WOLFSSL_SMALL_STACK_STATIC unsigned char k3[] = { 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, @@ -11704,7 +11703,6 @@ static wc_test_ret_t aes_xts_192_test(void) 0xe8, 0xc5, 0x99, 0x3d, 0x58, 0x3c, 0xeb, 0xba, 0x86, 0xea, 0x2c, 0x7e, 0x1f, 0xba, 0x81, 0xde }; -#endif /* HAVE_FIPS */ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) @@ -12019,8 +12017,6 @@ static wc_test_ret_t aes_xts_192_test(void) if (XMEMCMP(p2, buf, sizeof(p2))) ERROR_OUT(WC_TEST_RET_ENC_NC, out); -#ifndef HAVE_FIPS - /* Test ciphertext stealing in-place. */ XMEMCPY(buf, p3, sizeof(p3)); ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_ENCRYPTION); @@ -12104,8 +12100,6 @@ static wc_test_ret_t aes_xts_192_test(void) ERROR_OUT(WC_TEST_RET_ENC_NC, out); #endif /* WOLFSSL_AESXTS_STREAM */ -#endif /* !HAVE_FIPS */ - #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \ !defined(WOLFSSL_AFALG) {