aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJakub Jelen <[email protected]>2022-01-11 15:06:12 +0100
committerNIIBE Yutaka <[email protected]>2022-01-17 14:32:13 +0900
commit8611c9f276ad0f51fcdd4da0481108880104338f (patch)
treef8d8ea4165de2154bdc9c36da009b561265ee6bf
parentdfd53c7eddf0beaf9e85daaed92c0bd756112470 (diff)
downloadlibgcrypt-8611c9f276ad0f51fcdd4da0481108880104338f.tar.gz
libgcrypt-8611c9f276ad0f51fcdd4da0481108880104338f.tar.bz2
libgcrypt-8611c9f276ad0f51fcdd4da0481108880104338f.zip
fips: Add support for KDF FIPS indicators
* src/fips.c (_gcry_fips_indicator): rename to _gcry_fips_indicator_cipher(). (_gcry_fips_indicator_kdf): New function. * src/g10lib.h: Rename _gcry_fips_indicator to _gcry_fips_indicator_cipher() and add _gcry_fips_indicator_kdf() * src/gcrypt.h.in (enum gcry_ctl_cmds): Add GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER and GCRYCTL_FIPS_SERVICE_INDICATOR_KDF. * src/global.c (_gcry_vcontrol): Implement support for KDF FIPS Indicator separate from the cipher one. -- GnuPG-bug-id: 5512 Signed-off-by: Jakub Jelen <[email protected]>
-rw-r--r--src/fips.c16
-rw-r--r--src/g10lib.h3
-rw-r--r--src/gcrypt.h.in4
-rw-r--r--src/global.c14
4 files changed, 30 insertions, 7 deletions
diff --git a/src/fips.c b/src/fips.c
index 5499aee8..c82c2875 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -343,7 +343,7 @@ _gcry_fips_test_operational (void)
}
int
-_gcry_fips_indicator (va_list arg_ptr)
+_gcry_fips_indicator_cipher (va_list arg_ptr)
{
enum gcry_cipher_algos alg = va_arg (arg_ptr, enum gcry_cipher_algos);
enum gcry_cipher_modes mode;
@@ -374,6 +374,20 @@ _gcry_fips_indicator (va_list arg_ptr)
}
}
+int
+_gcry_fips_indicator_kdf (va_list arg_ptr)
+{
+ enum gcry_cipher_algos alg = va_arg (arg_ptr, enum gcry_kdf_algos);
+
+ switch (alg)
+ {
+ case GCRY_KDF_PBKDF2:
+ return GPG_ERR_NO_ERROR;
+ default:
+ return GPG_ERR_NOT_SUPPORTED;
+ }
+}
+
/* This is a test on whether the library is in the error or
operational state. */
diff --git a/src/g10lib.h b/src/g10lib.h
index 7b95a237..bfaf509f 100644
--- a/src/g10lib.h
+++ b/src/g10lib.h
@@ -455,7 +455,8 @@ void _gcry_fips_signal_error (const char *srcfile,
_gcry_fips_signal_error (__FILE__, __LINE__, NULL, 1, (a))
#endif
-int _gcry_fips_indicator (va_list arg_ptr);
+int _gcry_fips_indicator_cipher (va_list arg_ptr);
+int _gcry_fips_indicator_kdf (va_list arg_ptr);
int _gcry_fips_is_operational (void);
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index 2e27d406..4a5a671b 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
@@ -328,7 +328,9 @@ enum gcry_ctl_cmds
GCRYCTL_SET_ALLOW_WEAK_KEY = 79,
GCRYCTL_SET_DECRYPTION_TAG = 80,
GCRYCTL_FIPS_SERVICE_INDICATOR = 81,
- GCRYCTL_NO_FIPS_MODE = 82
+ GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER = 81,
+ GCRYCTL_NO_FIPS_MODE = 82,
+ GCRYCTL_FIPS_SERVICE_INDICATOR_KDF = 83
};
/* Perform various operations defined by CMD. */
diff --git a/src/global.c b/src/global.c
index 054998f2..7cf40e4a 100644
--- a/src/global.c
+++ b/src/global.c
@@ -784,11 +784,17 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
rc = _gcry_fips_run_selftests (1);
break;
- case GCRYCTL_FIPS_SERVICE_INDICATOR:
- /* Get FIPS Service Indicator for a given algorithm and optional mode.
- * Returns GPG_ERR_NO_ERROR if algorithm is allowed or
+ case GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER:
+ /* Get FIPS Service Indicator for a given symmetric algorithm and
+ * optional mode. Returns GPG_ERR_NO_ERROR if algorithm is allowed or
* GPG_ERR_NOT_SUPPORTED otherwise */
- rc = _gcry_fips_indicator (arg_ptr);
+ rc = _gcry_fips_indicator_cipher (arg_ptr);
+ break;
+
+ case GCRYCTL_FIPS_SERVICE_INDICATOR_KDF:
+ /* Get FIPS Service Indicator for a given KDF. Returns GPG_ERR_NO_ERROR
+ * if algorithm is allowed or GPG_ERR_NOT_SUPPORTED otherwise */
+ rc = _gcry_fips_indicator_kdf (arg_ptr);
break;
case PRIV_CTL_INIT_EXTRNG_TEST: /* Init external random test. */