diff options
| author | Jakub Jelen <[email protected]> | 2022-01-11 15:06:12 +0100 |
|---|---|---|
| committer | NIIBE Yutaka <[email protected]> | 2022-01-17 14:32:13 +0900 |
| commit | 8611c9f276ad0f51fcdd4da0481108880104338f (patch) | |
| tree | f8d8ea4165de2154bdc9c36da009b561265ee6bf | |
| parent | dfd53c7eddf0beaf9e85daaed92c0bd756112470 (diff) | |
| download | libgcrypt-8611c9f276ad0f51fcdd4da0481108880104338f.tar.gz libgcrypt-8611c9f276ad0f51fcdd4da0481108880104338f.tar.bz2 libgcrypt-8611c9f276ad0f51fcdd4da0481108880104338f.zip | |
fips: Add support for KDF FIPS indicators
* src/fips.c (_gcry_fips_indicator): rename to
_gcry_fips_indicator_cipher().
(_gcry_fips_indicator_kdf): New function.
* src/g10lib.h: Rename _gcry_fips_indicator to
_gcry_fips_indicator_cipher() and add _gcry_fips_indicator_kdf()
* src/gcrypt.h.in (enum gcry_ctl_cmds): Add
GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER and
GCRYCTL_FIPS_SERVICE_INDICATOR_KDF.
* src/global.c (_gcry_vcontrol): Implement support for KDF FIPS
Indicator separate from the cipher one.
--
GnuPG-bug-id: 5512
Signed-off-by: Jakub Jelen <[email protected]>
| -rw-r--r-- | src/fips.c | 16 | ||||
| -rw-r--r-- | src/g10lib.h | 3 | ||||
| -rw-r--r-- | src/gcrypt.h.in | 4 | ||||
| -rw-r--r-- | src/global.c | 14 |
4 files changed, 30 insertions, 7 deletions
@@ -343,7 +343,7 @@ _gcry_fips_test_operational (void) } int -_gcry_fips_indicator (va_list arg_ptr) +_gcry_fips_indicator_cipher (va_list arg_ptr) { enum gcry_cipher_algos alg = va_arg (arg_ptr, enum gcry_cipher_algos); enum gcry_cipher_modes mode; @@ -374,6 +374,20 @@ _gcry_fips_indicator (va_list arg_ptr) } } +int +_gcry_fips_indicator_kdf (va_list arg_ptr) +{ + enum gcry_cipher_algos alg = va_arg (arg_ptr, enum gcry_kdf_algos); + + switch (alg) + { + case GCRY_KDF_PBKDF2: + return GPG_ERR_NO_ERROR; + default: + return GPG_ERR_NOT_SUPPORTED; + } +} + /* This is a test on whether the library is in the error or operational state. */ diff --git a/src/g10lib.h b/src/g10lib.h index 7b95a237..bfaf509f 100644 --- a/src/g10lib.h +++ b/src/g10lib.h @@ -455,7 +455,8 @@ void _gcry_fips_signal_error (const char *srcfile, _gcry_fips_signal_error (__FILE__, __LINE__, NULL, 1, (a)) #endif -int _gcry_fips_indicator (va_list arg_ptr); +int _gcry_fips_indicator_cipher (va_list arg_ptr); +int _gcry_fips_indicator_kdf (va_list arg_ptr); int _gcry_fips_is_operational (void); diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index 2e27d406..4a5a671b 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -328,7 +328,9 @@ enum gcry_ctl_cmds GCRYCTL_SET_ALLOW_WEAK_KEY = 79, GCRYCTL_SET_DECRYPTION_TAG = 80, GCRYCTL_FIPS_SERVICE_INDICATOR = 81, - GCRYCTL_NO_FIPS_MODE = 82 + GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER = 81, + GCRYCTL_NO_FIPS_MODE = 82, + GCRYCTL_FIPS_SERVICE_INDICATOR_KDF = 83 }; /* Perform various operations defined by CMD. */ diff --git a/src/global.c b/src/global.c index 054998f2..7cf40e4a 100644 --- a/src/global.c +++ b/src/global.c @@ -784,11 +784,17 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr) rc = _gcry_fips_run_selftests (1); break; - case GCRYCTL_FIPS_SERVICE_INDICATOR: - /* Get FIPS Service Indicator for a given algorithm and optional mode. - * Returns GPG_ERR_NO_ERROR if algorithm is allowed or + case GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER: + /* Get FIPS Service Indicator for a given symmetric algorithm and + * optional mode. Returns GPG_ERR_NO_ERROR if algorithm is allowed or * GPG_ERR_NOT_SUPPORTED otherwise */ - rc = _gcry_fips_indicator (arg_ptr); + rc = _gcry_fips_indicator_cipher (arg_ptr); + break; + + case GCRYCTL_FIPS_SERVICE_INDICATOR_KDF: + /* Get FIPS Service Indicator for a given KDF. Returns GPG_ERR_NO_ERROR + * if algorithm is allowed or GPG_ERR_NOT_SUPPORTED otherwise */ + rc = _gcry_fips_indicator_kdf (arg_ptr); break; case PRIV_CTL_INIT_EXTRNG_TEST: /* Init external random test. */ |