2753bc
From d250d169e87168903a543248d0bfd6c37f2f6841 Mon Sep 17 00:00:00 2001
2753bc
From: Christian Heimes <christian@python.org>
2753bc
Date: Tue, 22 Feb 2022 00:37:32 +0200
2753bc
Subject: [PATCH 1/5] Block TripleDES in FIPS mode (#6879)
2753bc
2753bc
* Block TripleDES in FIPS mode
2753bc
2753bc
NIST SP-800-131A rev 2 lists TripleDES Encryption as disallowed in FIPS 140-3
2753bc
decryption as legacy use. Three-key TDEA is listed as deprecated
2753bc
throughout 2023 and disallowed after 2023.
2753bc
2753bc
For simplicity we block all use of TripleDES in FIPS mode.
2753bc
2753bc
Fixes: #6875
2753bc
Signed-off-by: Christian Heimes <christian@python.org>
2753bc
2753bc
* Fix flake
2753bc
---
2753bc
 src/cryptography/hazmat/backends/openssl/backend.py | 13 ++++++-------
2753bc
 tests/hazmat/primitives/utils.py                    |  4 ++++
2753bc
 2 files changed, 10 insertions(+), 7 deletions(-)
2753bc
2753bc
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
2753bc
index 736452392..f38269e26 100644
2753bc
--- a/src/cryptography/hazmat/backends/openssl/backend.py
2753bc
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
2753bc
@@ -134,7 +134,9 @@ class Backend(BackendInterface):
2753bc
         b"aes-192-gcm",
2753bc
         b"aes-256-gcm",
2753bc
     }
2753bc
-    _fips_ciphers = (AES, TripleDES)
2753bc
+    # TripleDES encryption is disallowed/deprecated throughout 2023 in
2753bc
+    # FIPS 140-3. To keep it simple we denylist any use of TripleDES (TDEA).
2753bc
+    _fips_ciphers = (AES,)
2753bc
     # Sometimes SHA1 is still permissible. That logic is contained
2753bc
     # within the various *_supported methods.
2753bc
     _fips_hashes = (
2753bc
@@ -323,12 +325,9 @@ class Backend(BackendInterface):
2753bc
 
2753bc
     def cipher_supported(self, cipher, mode):
2753bc
         if self._fips_enabled:
2753bc
-            # FIPS mode requires AES or TripleDES, but only CBC/ECB allowed
2753bc
-            # in TripleDES mode.
2753bc
-            if not isinstance(cipher, self._fips_ciphers) or (
2753bc
-                isinstance(cipher, TripleDES)
2753bc
-                and not isinstance(mode, (CBC, ECB))
2753bc
-            ):
2753bc
+            # FIPS mode requires AES. TripleDES is disallowed/deprecated in
2753bc
+            # FIPS 140-3.
2753bc
+            if not isinstance(cipher, self._fips_ciphers):
2753bc
                 return False
2753bc
 
2753bc
         try:
2753bc
diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py
2753bc
index 93f117828..a367343ca 100644
2753bc
--- a/tests/hazmat/primitives/utils.py
2753bc
+++ b/tests/hazmat/primitives/utils.py
2753bc
@@ -469,6 +469,10 @@ def _kbkdf_cmac_counter_mode_test(backend, prf, ctr_loc, params):
2753bc
     algorithm = supported_cipher_algorithms.get(prf)
2753bc
     assert algorithm is not None
2753bc
 
2753bc
+    # TripleDES is disallowed in FIPS mode.
2753bc
+    if backend._fips_enabled and algorithm is algorithms.TripleDES:
2753bc
+        pytest.skip("TripleDES is not supported in FIPS mode.")
2753bc
+
2753bc
     ctrkdf = KBKDFCMAC(
2753bc
         algorithm,
2753bc
         Mode.CounterMode,
2753bc
-- 
2753bc
2.35.1
2753bc