From b7ebbcaa2cdee4b63ac2649e696f99b65327e109 Mon Sep 17 00:00:00 2001 From: Nir Sonnenschein Date: Wed, 29 Aug 2018 10:20:12 +0300 Subject: [PATCH] compile time warning of 128bit ctr_drbg keys and standardized warnings a compile time print was added warning in case of 128bit ctr_drbg keys. This was don't to avoid an actual warning in these cases (making build with warnings as errors possible). Additional warnings on the Changelog/headers were set to use the same phrasing phrasing was approved by Gilles and Janos. --- CMakeLists.txt | 18 +++++++++++++++++- ChangeLog | 4 ++-- Makefile | 12 ++++++++++++ include/mbedtls/ctr_drbg.h | 4 ++-- 4 files changed, 33 insertions(+), 5 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 157eebab8..34710015d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -36,10 +36,26 @@ set(NULL_ENTROPY_WARNING "${WARNING_BORDER}" "${NULL_ENTROPY_WARN_L3}" "${WARNING_BORDER}") -find_package(PythonInterp) +set(CTR_DRBG_128_BIT_KEY_WARN_L1 "**** WARNING! MBEDTLS_CTR_DRBG_USE_128_BIT_KEY defined!\n") +set(CTR_DRBG_128_BIT_KEY_WARN_L2 "**** Using 128-bit keys for CTR_DRBG limits the security of generated\n") +set(CTR_DRBG_128_BIT_KEY_WARN_L3 "**** keys and operations that use random values generated to 128-bit security\n") + +set(CTR_DRBG_128_BIT_KEY_WARNING "${WARNING_BORDER}" + "${CTR_DRBG_128_BIT_KEY_WARN_L1}" + "${CTR_DRBG_128_BIT_KEY_WARN_L2}" + "${CTR_DRBG_128_BIT_KEY_WARN_L3}" + "${WARNING_BORDER}") + find_package(Perl) if(PERL_FOUND) + # If 128-bit keys are configured for CTR_DRBG, display an appropriate warning + execute_process(COMMAND ${PERL_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.pl -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + RESULT_VARIABLE result) + if(${result} EQUAL 0) + message(WARNING ${CTR_DRBG_128_BIT_KEY_WARNING}) + endif() + # If NULL Entropy is configured, display an appropriate warning execute_process(COMMAND ${PERL_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.pl -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_TEST_NULL_ENTROPY RESULT_VARIABLE result) diff --git a/ChangeLog b/ChangeLog index d43ba740f..7bc671041 100644 --- a/ChangeLog +++ b/ChangeLog @@ -71,8 +71,8 @@ Features independently contributed again by Paul Sokolovsky. * Add support for key wrapping modes based on AES as defined by NIST SP 800-38F algorithms KW and KWP and by RFC 3394 and RFC 5649. - * Add support different keys sizes to CTR_CRBG. Note: using shorter keys - than 256 bit may decrease security. + * Add support for 128-bit keys in CTR_DRBG. Note that using keys shorter + than 256 bits limits the security of generated material to 128 bits. Bugfix * Fix the key_app_writer example which was writing a leading zero byte which diff --git a/Makefile b/Makefile index 78c1acb89..f4c0a0021 100644 --- a/Makefile +++ b/Makefile @@ -61,9 +61,21 @@ NULL_ENTROPY_WARN_L3=**** AND IS *NOT* SUITABLE FOR PRODUCTION USE ****\n NULL_ENTROPY_WARNING=\n$(WARNING_BORDER)$(NULL_ENTROPY_WARN_L1)$(NULL_ENTROPY_WARN_L2)$(NULL_ENTROPY_WARN_L3)$(WARNING_BORDER) +WARNING_BORDER_LONG =**********************************************************************************\n +CTR_DRBG_128_BIT_KEY_WARN_L1=**** WARNING! MBEDTLS_CTR_DRBG_USE_128_BIT_KEY defined! ****\n +CTR_DRBG_128_BIT_KEY_WARN_L2=**** Using 128-bit keys for CTR_DRBG limits the security of generated ****\n +CTR_DRBG_128_BIT_KEY_WARN_L3=**** keys and operations that use random values generated to 128-bit security ****\n + +CTR_DRBG_128_BIT_KEY_WARNING=\n$(WARNING_BORDER_LONG)$(CTR_DRBG_128_BIT_KEY_WARN_L1)$(CTR_DRBG_128_BIT_KEY_WARN_L2)$(CTR_DRBG_128_BIT_KEY_WARN_L3)$(WARNING_BORDER_LONG) + # Post build steps post_build: ifndef WINDOWS + + # If 128-bit keys are configured for CTR_DRBG, display an appropriate warning + -scripts/config.pl get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY && ([ $$? -eq 0 ]) && \ + echo '$(CTR_DRBG_128_BIT_KEY_WARNING)' + # If NULL Entropy is configured, display an appropriate warning -scripts/config.pl get MBEDTLS_TEST_NULL_ENTROPY && ([ $$? -eq 0 ]) && \ echo '$(NULL_ENTROPY_WARNING)' diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h index 5e0d1f03c..f08a9798c 100644 --- a/include/mbedtls/ctr_drbg.h +++ b/include/mbedtls/ctr_drbg.h @@ -11,8 +11,8 @@ * The Mbed TLS implementation of CTR_DRBG uses AES-256 (default) or AES-128 * as the underlying block cipher. * - * * \warning ARC4 is considered a weak cipher and its use constitutes a - * security risk. We recommend considering stronger ciphers instead. + * \warning Using 128-bit keys for CTR_DRBG limits the security of generated + * keys and operations that use random values generated to 128-bit security. */ /* * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved