Merge pull request #8509 from kaleb-himes/WCv6.0.0-RC4-CHECKIN

douzzer · web-flow · commit 183d9b44d12e · 2025-02-26T18:24:12.000-06:00
Disable XTS-384 as an allowed use in FIPS mode
diff --git a/fips-check.sh b/fips-check.sh
@@ -240,9 +240,9 @@ linuxv5|linuxv5.2.1)
   )
   ;;
 v6.0.0)
-  WOLF_REPO_TAG='WCv6.0.0-RC3'
+  WOLF_REPO_TAG='WCv6.0.0-RC4'
   FIPS_REPO_TAG='WCv6.0.0-RC4'
-  ASM_PICKUPS_TAG='WCv6.0.0-RC3'
+  ASM_PICKUPS_TAG='WCv6.0.0-RC4'
   FIPS_OPTION='v6'
   FIPS_FILES=(
     "wolfcrypt/src/fips.c:${FIPS_REPO_TAG}"
diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
@@ -12818,7 +12818,12 @@ int wc_AesXtsSetKeyNoInit(XtsAes* aes, const byte* key, word32 len, int dir)
     }
 
     if ((len != (AES_128_KEY_SIZE*2)) &&
+#ifndef HAVE_FIPS
+        /* XTS-384 not allowed by FIPS and can not be treated like
+         * RSA-4096 bit keys back in the day, can not vendor affirm
+         * the use of 2 concatenated 192-bit keys (XTS-384) */
         (len != (AES_192_KEY_SIZE*2)) &&
+#endif
         (len != (AES_256_KEY_SIZE*2)))
     {
         WOLFSSL_MSG("Unsupported key size");
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
@@ -11613,6 +11613,8 @@ static wc_test_ret_t aes_xts_128_test(void)
 }
 #endif /* WOLFSSL_AES_128 */
 
+#ifndef HAVE_FIPS
+/* FIPS won't allow for XTS-384 (two 192-bit keys) */
 #ifdef WOLFSSL_AES_192
 static wc_test_ret_t aes_xts_192_test(void)
 {
@@ -11703,7 +11705,6 @@ static wc_test_ret_t aes_xts_192_test(void)
         0x65, 0x37, 0x15, 0x53, 0xf1, 0x98, 0xab, 0xb4
     };
 
-#ifndef HAVE_FIPS /* FIPS requires different keys for main and tweak. */
     WOLFSSL_SMALL_STACK_STATIC unsigned char k3[] = {
         0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
         0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
@@ -11730,7 +11731,6 @@ static wc_test_ret_t aes_xts_192_test(void)
         0xe8, 0xc5, 0x99, 0x3d, 0x58, 0x3c, 0xeb, 0xba,
         0x86, 0xea, 0x2c, 0x7e, 0x1f, 0xba, 0x81, 0xde
     };
-#endif /* HAVE_FIPS */
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
@@ -12045,8 +12045,6 @@ static wc_test_ret_t aes_xts_192_test(void)
     if (XMEMCMP(p2, buf, sizeof(p2)))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
-#ifndef HAVE_FIPS
-
     /* Test ciphertext stealing in-place. */
     XMEMCPY(buf, p3, sizeof(p3));
     ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_ENCRYPTION);
@@ -12130,8 +12128,6 @@ static wc_test_ret_t aes_xts_192_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 #endif /* WOLFSSL_AESXTS_STREAM */
 
-#endif /* !HAVE_FIPS */
-
 #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
     !defined(WOLFSSL_AFALG)
     {
@@ -12316,7 +12312,7 @@ static wc_test_ret_t aes_xts_192_test(void)
     return ret;
 }
 #endif /* WOLFSSL_AES_192 */
-
+#endif /* HAVE_FIPS */
 
 #ifdef WOLFSSL_AES_256
 static wc_test_ret_t aes_xts_256_test(void)
@@ -14665,11 +14661,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_xts_test(void)
         return ret;
     #endif
 
+/* FIPS won't allow for XTS-384 (two 192-bit keys) */
+#ifndef HAVE_FIPS
     #ifdef WOLFSSL_AES_192
     ret = aes_xts_192_test();
     if (ret != 0)
         return ret;
     #endif
+#endif
 
     #ifdef WOLFSSL_AES_256
     ret = aes_xts_256_test();

Original file line number	Diff line number	Diff line change
`@@ -12818,7 +12818,12 @@ int wc_AesXtsSetKeyNoInit(XtsAes* aes, const byte* key, word32 len, int dir)`
`12818`	`12818`	`}`
`12819`	`12819`
`12820`	`12820`	`if ((len != (AES_128_KEY_SIZE*2)) &&`
	`12821`	`+#ifndef HAVE_FIPS`
	`12822`	`+ /* XTS-384 not allowed by FIPS and can not be treated like`
	`12823`	`+ * RSA-4096 bit keys back in the day, can not vendor affirm`
	`12824`	`+ * the use of 2 concatenated 192-bit keys (XTS-384) */`
`12821`	`12825`	`(len != (AES_192_KEY_SIZE*2)) &&`
	`12826`	`+#endif`
`12822`	`12827`	`(len != (AES_256_KEY_SIZE*2)))`
`12823`	`12828`	`{`
`12824`	`12829`	`WOLFSSL_MSG("Unsupported key size");`