crypto: hmac - disallow keys < 112 bits in FIPS mode

FIPS 140 requires a minimum security strength of 112 bits. This implies that the HMAC key must not be smaller than 112 in FIPS mode. This restriction implies that the test vectors for HMAC that have a key that is smaller than 112 bits must be disabled when FIPS support is compiled. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Stephan Müller 2022-02-01 09:41:32 +0100
committer: Herbert Xu 2022-02-11 20:22:01 +1100
commit: 37f36e5717869a69775ecb23baedf0f06ea940b4 (patch)
tree: 2079a33d7c0c708e353f00b0c14682a6ea729e30 /crypto/hmac.c
parent: c9c28ed0ab611b6ee3bfab88eba334e272642433 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/crypto/hmac.c b/crypto/hmac.c
index 25856aa7ccbf..3610ff0b6739 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -15,6 +15,7 @@
 #include <crypto/internal/hash.h>
 #include <crypto/scatterwalk.h>
 #include <linux/err.h>
+#include <linux/fips.h>
 #include <linux/init.h>
 #include <linux/kernel.h>
 #include <linux/module.h>
@@ -51,6 +52,9 @@ static int hmac_setkey(struct crypto_shash *parent,
 	SHASH_DESC_ON_STACK(shash, hash);
 	unsigned int i;
 
+	if (fips_enabled && (keylen < 112 / 8))
+		return -EINVAL;
+
 	shash->tfm = hash;
 
 	if (keylen > bs) {
author	Stephan Müller	2022-02-01 09:41:32 +0100
committer	Herbert Xu	2022-02-11 20:22:01 +1100
commit	37f36e5717869a69775ecb23baedf0f06ea940b4 (patch)
tree	2079a33d7c0c708e353f00b0c14682a6ea729e30 /crypto/hmac.c
parent	c9c28ed0ab611b6ee3bfab88eba334e272642433 (diff)