Enable TLSv1.3 HKDF for FIPS qatprovider.

- Enable HKDF and its fips requirements like self-tests,
  approved service & zeroization indicators
- Version bump to v1.3.1

Signed-off-by: Jaya Naga Venkata Sudhakar <bavirisettyx.jaya.naga.venkata.sudhakar@intel.com>

Author: bjayanax

configure.ac

@@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ([2.68])
-AC_INIT([qatengine], [1.3.0], [])
+AC_INIT([qatengine], [1.3.1], [])
 AC_CONFIG_SRCDIR([config.h.in])
 AC_CONFIG_HEADERS([config.h])
 AC_CONFIG_AUX_DIR([.])

docs/qat_common.md

@@ -174,12 +174,12 @@ self tests, integrity tests and will satisfy other FIPS 140-3 CMVP & CAVP
 requirements. The FIPS is build as RPM using the specfile fips/qatengine_fips.spec
 with QAT_HW & QAT_SW Coexistence enabled along with other flags enabled.
 
-Please note that the version v1.3.0 is only satisfying FIPS 140-3 Level-1
+Please note that the version v1.3.1 is only satisfying FIPS 140-3 Level-1
 certification requirements and not FIPS certified yet.
 The FIPS 140-3 certification is under process.
 
 ## Support Algorithms in FIPS mode
 | Mode | Algorithms |
 | :---: | :---: |
-| QAT_HW | RSA, ECDSA, ECDH, ECDHX25519, ECDHX448, DSA, DH, TLS1.2-KDF(PRF), SHA3 & AES-GCM |
+| QAT_HW | RSA, ECDSA, ECDH, ECDHX25519, ECDHX448, DSA, DH, TLS1.2-KDF(PRF), TLS1.3-KDF(HKDF), SHA3 & AES-GCM |
 | QAT_SW | RSA, ECDSA, ECDH, ECDHX25519, SHA2 & AES-GCM |

e_qat.c

@@ -163,13 +163,13 @@ int qat_fips_kat_test;
 const char *engine_qat_id = STR(QAT_ENGINE_ID);
 #if defined(QAT_HW) && defined(QAT_SW)
 const char *engine_qat_name =
-    "Reference implementation of QAT crypto engine(qat_hw & qat_sw) v1.3.0";
+    "Reference implementation of QAT crypto engine(qat_hw & qat_sw) v1.3.1";
 #elif QAT_HW
 const char *engine_qat_name =
-    "Reference implementation of QAT crypto engine(qat_hw) v1.3.0";
+    "Reference implementation of QAT crypto engine(qat_hw) v1.3.1";
 #else
 const char *engine_qat_name =
-    "Reference implementation of QAT crypto engine(qat_sw) v1.3.0";
+    "Reference implementation of QAT crypto engine(qat_sw) v1.3.1";
 #endif
 unsigned int engine_inited = 0;
 int fallback_to_openssl = 0;

fips/qatprovider-fips.spec

@@ -23,7 +23,7 @@
 %global openssl_src_path   /root/openssl
 
 Name:       qatprovider-fips
-Version:    1.3.0
+Version:    1.3.1
 Release:    1%{?dist}
 Summary:    Intel QuickAssist Technology(QAT) OpenSSL Provider
 
@@ -121,7 +121,7 @@ cp -rf %{buildroot}/%{_libdir}/libcrypto_mb.so.%{ippcpfullversion} %{openssl_lib
 cp -rf %{buildroot}/%{_libdir}/libcrypto_mb.so %{openssl_lib_path}/lib64/ossl-modules/
 cp -rf %{buildroot}/%{_libdir}/libIPSec_MB.so.%{fullversion}  %{openssl_lib_path}/lib64/ossl-modules/
 cp -rf %{buildroot}/%{_libdir}/libIPSec_MB.so  %{openssl_lib_path}/lib64/ossl-modules/
-./configure --with-openssl_install_dir=%{openssl_lib_path} --with-qat_hw_dir=/QAT --enable-qat_provider --enable-qat_hw_gcm --enable-qat_hw_sha3 --enable-qat_fips --enable-qat_sw --enable-qat_small_pkt_offload --enable-qat_insecure_algorithms --disable-qat_sw_sm2 --disable-qat_hw_ciphers
+./configure --with-openssl_install_dir=%{openssl_lib_path} --with-qat_hw_dir=/QAT --enable-qat_provider --enable-qat_hw_gcm --enable-qat_hw_hkdf --enable-qat_hw_sha3 --enable-qat_fips --enable-qat_sw --enable-qat_small_pkt_offload --enable-qat_insecure_algorithms --disable-qat_sw_sm2 --disable-qat_hw_ciphers
 
 make clean
 %make_build
@@ -201,6 +201,9 @@ rm -rf %{buildroot}
 %{_includedir}/crypto_mb/sm4_gcm.h
 
 %changelog
+* Mon Aug 21 2023 Yogaraj Alamenda <yogarajx.alamenda@intel.com> - 1.3.1-1
+- Update to v1.3.1
+
 * Wed Aug 09 2023 Yogaraj Alamenda <yogarajx.alamenda@intel.com> - 1.3.0-1
 - Update to v1.3.0
 

fips_install.sh

@@ -11,7 +11,7 @@ cp -f /lib/firmware/qat_4xxx.bin $OPENSSL_ENGINES/
 cp -f /lib/firmware/qat_4xxx_mmp.bin $OPENSSL_ENGINES/
 cp -f /usr/lib64/libIPSec_MB.so $OPENSSL_ENGINES/
 cp -f /usr/lib64/libcrypto_mb.so $OPENSSL_ENGINES/
-./configure --with-qat_hw_dir=$ICP_ROOT --with-openssl_install_dir=$OPENSSL_LIB --enable-qat_sw --enable-qat_provider --enable-qat_hw_sha3 --enable-qat_hw_gcm --enable-qat_fips --enable-qat_insecure_algorithms --disable-qat_sw_sm2 --disable-qat_hw_ciphers
+./configure --with-qat_hw_dir=$ICP_ROOT --with-openssl_install_dir=$OPENSSL_LIB --enable-qat_sw --enable-qat_provider --enable-qat_hw_sha3 --enable-qat_hw_gcm --enable-qat_hw_hkdf --enable-qat_fips --enable-qat_insecure_algorithms --disable-qat_sw_sm2 --disable-qat_hw_ciphers
 make clean
 make -j 30
 make install
@@ -36,7 +36,7 @@ cp -f /usr/lib64/libusdm_drv_s.so $OPENSSL_ENGINES/
 cp -f /usr/lib64/libqat_s.so $OPENSSL_ENGINES/
 cp -f /lib/firmware/qat_4xxx.bin $OPENSSL_ENGINES/
 cp -f /lib/firmware/qat_4xxx_mmp.bin $OPENSSL_ENGINES/
-./configure --with-qat_hw_dir=$ICP_ROOT --with-openssl_install_dir=$OPENSSL_LIB --enable-qat_provider --enable-qat_hw_sha3 --enable-qat_hw_gcm --enable-qat_fips --enable-qat_insecure_algorithms --disable-qat_hw_ciphers
+./configure --with-qat_hw_dir=$ICP_ROOT --with-openssl_install_dir=$OPENSSL_LIB --enable-qat_provider --enable-qat_hw_sha3 --enable-qat_hw_gcm --enable-qat_hw_hkdf --enable-qat_fips --enable-qat_insecure_algorithms --disable-qat_hw_ciphers
 else
 cp -f /usr/lib64/libIPSec_MB.so $OPENSSL_ENGINES/
 cp -f /usr/lib64/libcrypto_mb.so $OPENSSL_ENGINES/

qat_fips.c

@@ -181,11 +181,20 @@ void fips_result(void)
     }
 
     for (i = 0; i < (int)OSSL_NELEM(st_kat_kdf_tests); ++i) {
-        if ((qat_hw_prf_offload == 0
+        if ((qat_hw_hkdf_offload == 0
+             && !strcmp(st_kat_kdf_tests[i].desc, "TLS13_KDF_EXTRACT_256"))
+            || (qat_hw_hkdf_offload == 0
+                && !strcmp(st_kat_kdf_tests[i].desc, "TLS13_KDF_EXPAND_256"))
+            || (qat_hw_hkdf_offload == 0
+                && !strcmp(st_kat_kdf_tests[i].desc, "TLS13_KDF_EXTRACT_384"))
+            || (qat_hw_hkdf_offload == 0
+                && !strcmp(st_kat_kdf_tests[i].desc, "TLS13_KDF_EXPAND_384"))
+            || (qat_hw_prf_offload == 0
                 && !strcmp(st_kat_kdf_tests[i].desc, "TLS12_PRF_256"))
             || (qat_hw_prf_offload == 0
                 && !strcmp(st_kat_kdf_tests[i].desc, "TLS12_PRF_384")))
             continue;
+
 # ifdef QAT_DEBUG
         INFO("\t%s   : (%s)  :  %s\n", qat_kdf_result->desc[i],
              qat_kdf_result->type[i],
@@ -308,11 +317,23 @@ void fips_result(void)
         }
 
         for (i = 0; i < (int)OSSL_NELEM(st_kat_kdf_tests); ++i) {
-            if ((qat_hw_prf_offload == 0
+            if ((qat_hw_hkdf_offload == 0
+                 && !strcmp(st_kat_kdf_tests[i].desc, "TLS13_KDF_EXTRACT_256"))
+                || (qat_hw_hkdf_offload == 0
+                    && !strcmp(st_kat_kdf_tests[i].desc,
+                               "TLS13_KDF_EXPAND_256"))
+                || (qat_hw_hkdf_offload == 0
+                    && !strcmp(st_kat_kdf_tests[i].desc,
+                               "TLS13_KDF_EXTRACT_384"))
+                || (qat_hw_hkdf_offload == 0
+                    && !strcmp(st_kat_kdf_tests[i].desc,
+                               "TLS13_KDF_EXPAND_384"))
+                || (qat_hw_prf_offload == 0
                     && !strcmp(st_kat_kdf_tests[i].desc, "TLS12_PRF_256"))
                 || (qat_hw_prf_offload == 0
                     && !strcmp(st_kat_kdf_tests[i].desc, "TLS12_PRF_384")))
                 continue;
+
 # ifdef QAT_DEBUG
             INFO("\t%s   : (%s)  :  %s\n", qat_async_kdf_result->desc[i],
                  qat_async_kdf_result->type[i],
@@ -1099,6 +1120,7 @@ int qat_fips_self_test(void *qatctx, int ondemand, int co_ex_enabled)
         qat_hw_dsa_offload = 0;
         qat_hw_dh_offload = 0;
         qat_hw_ecx_448_offload = 0;
+        qat_hw_hkdf_offload = 0;
         qat_hw_prf_offload = 0;
 # ifdef ENABLE_QAT_SW_SHA2
         qat_hw_sha_offload = 0;
@@ -1146,6 +1168,9 @@ int qat_fips_self_test(void *qatctx, int ondemand, int co_ex_enabled)
 # ifdef ENABLE_QAT_HW_ECX
         qat_hw_ecx_448_offload = 1;
 # endif
+# ifdef ENABLE_QAT_HW_HKDF
+        qat_hw_hkdf_offload = 1;
+# endif
 # ifdef ENABLE_QAT_HW_PRF
         qat_hw_prf_offload = 1;
 # endif

qat_hw_gcm.c

@@ -1085,10 +1085,6 @@ int qat_aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
     CRYPTO_QAT_LOG("CIPHER - %s\n", __func__);
 
-#ifdef ENABLE_QAT_FIPS
-    qat_fips_get_approved_status();
-#endif
-
     /* Encrypt/decrypt must be performed in place */
     if (NULL == in ||
         out != in ||
@@ -1425,6 +1421,9 @@ int qat_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         QATerr(QAT_F_QAT_AES_GCM_CIPHER, QAT_R_QCTX_NULL);
         return RET_FAIL;
     }
+#ifdef ENABLE_QAT_FIPS
+    qat_fips_get_approved_status();
+#endif
 
 #ifdef QAT_OPENSSL_PROVIDER
     enc = QAT_GCM_GET_ENC(qctx);

qat_hw_hkdf.c

@@ -70,10 +70,18 @@
 # include "qat_hw_usdm_inf.h"
 #endif
 
+#ifdef ENABLE_QAT_FIPS
+# include "qat_prov_cmvp.h"
+#endif
+
 #include "cpa.h"
 #include "cpa_types.h"
 #include "cpa_cy_key.h"
 
+#ifdef ENABLE_QAT_FIPS
+extern int qat_fips_key_zeroize;
+#endif
+
 /* These limits are based on QuickAssist limits.
  * OpenSSL is more generous but better to restrict and fail
  * early on here if they are exceeded rather than later on
@@ -217,6 +225,9 @@ int qat_hkdf_init(EVP_PKEY_CTX *ctx)
 ******************************************************************************/
 void qat_hkdf_cleanup(EVP_PKEY_CTX *ctx)
 {
+#ifdef ENABLE_QAT_FIPS
+    qat_fips_key_zeroize = 0;
+#endif
     QAT_HKDF_CTX *qat_hkdf_ctx = NULL;
 #ifndef QAT_OPENSSL_3
     void (*sw_cleanup_fn_ptr)(EVP_PKEY_CTX *) = NULL;
@@ -271,9 +282,12 @@ void qat_hkdf_cleanup(EVP_PKEY_CTX *ctx)
     OPENSSL_free(qat_hkdf_ctx);
     EVP_PKEY_CTX_set_data(ctx, NULL);
 
+#ifdef ENABLE_QAT_FIPS
+    qat_fips_key_zeroize = 1;
+    qat_fips_get_key_zeroize_status();
+#endif
 }
 
-
 /******************************************************************************
 * function:
 *        qat_hkdf_ctrl(EVP_PKEY_CTX *ctx,
@@ -735,6 +749,9 @@ int qat_hkdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *olen)
     }
 
     DEBUG("QAT HW HKDF Started\n");
+#ifdef ENABLE_QAT_FIPS
+    qat_fips_get_approved_status();
+#endif
     qat_hkdf_ctx = (QAT_HKDF_CTX *)EVP_PKEY_CTX_get_data(ctx);
     if (qat_hkdf_ctx == NULL) {
         WARN("qat_hkdf_ctx is NULL\n");

qat_prov_cmvp.h

@@ -59,7 +59,7 @@
 
 #define QAT_FIPS_PROVIDER_NAME "QAT Provider FIPS"
 #define QAT_FIPS_PROVIDER_ID "qatprovider"
-#define QAT_FIPS_PROVIDER_VERSION "QAT Engine v1.3.0"
+#define QAT_FIPS_PROVIDER_VERSION "QAT Engine v1.3.1"
 #ifdef QAT_HW
 #define QAT_HW_DRIVER_version "QAT20.l.1.0.40-00004"
 #endif

qat_prov_hkdf.c

@@ -256,6 +256,9 @@ static int qat_kdf_tls1_3_derive(void *vctx, unsigned char *key, size_t keylen,
     const EVP_MD *md;
     size_t mdlen;
     int ret = 0;
+#ifdef ENABLE_QAT_FIPS
+    qat_fips_service_indicator = 1;
+#endif
     if (!qat_prov_is_running() || !qat_kdf_tls1_3_set_ctx_params(ctx, params))
         goto end;
 
@@ -323,6 +326,9 @@ static int qat_kdf_tls1_3_derive(void *vctx, unsigned char *key, size_t keylen,
     ret = qat_hkdf_derive(ctx->evp_pkey_ctx, key, &keylen);
 
 end:
+#ifdef ENABLE_QAT_FIPS
+    qat_fips_service_indicator = 0;
+#endif
     return ret;
 }