wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add SP800-132 112 bit minimum applicable after stretch/strengthen

Browse Source
This commit is contained in:
kaleb-himes
2024-05-08 17:14:40 -04:00
parent a365d38762
commit a9511e118a
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
wolfcrypt/src/pwdbased.c
View File

@@ -183,6 +183,7 @@ int wc_PBKDF1_ex(byte* key, int keyLen, byte* iv, int ivLen,
int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt, int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt,
int sLen, int iterations, int kLen, int hashType) int sLen, int iterations, int kLen, int hashType)
{ {
return wc_PBKDF1_ex(output, kLen, NULL, 0, return wc_PBKDF1_ex(output, kLen, NULL, 0,
passwd, pLen, salt, sLen, iterations, hashType, NULL); passwd, pLen, salt, sLen, iterations, hashType, NULL);
} }
@@ -209,6 +210,15 @@ int wc_PBKDF2_ex(byte* output, const byte* passwd, int pLen, const byte* salt,
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
#if FIPS_VERSION3_GE(6,0,0)
/* Per SP800-132 section 5 "The kLen value shall be at least 112 bits in
* length", ensure the returned bits for the derived master key are at a
* minimum 14-bytes or 112-bits after stretching and strengthening
* (iterations) */
if (kLen < HMAC_FIPS_MIN_KEY/8)
return BAD_LENGTH_E;
#endif
if (iterations <= 0) if (iterations <= 0)
iterations = 1; iterations = 1;