Enable AES GCM in FIPS mode
Open, LowPublic


Since commit [0] from 2013, GCM is disabled in FIPS mode as the invocation of the _gcry_cipher_gcm_setiv function disables encryption:

_gcry_cipher_gcm_setiv (gcry_cipher_hd_t c, const byte *iv, size_t ivlen)
  c->marks.iv = 0;
  c->marks.tag = 0;
  c->u_mode.gcm.disallow_encryption_because_of_setiv_in_fips_mode = 0;

  if (fips_mode ())
      /* Direct invocation of GCM setiv in FIPS mode disables encryption. */
      c->u_mode.gcm.disallow_encryption_because_of_setiv_in_fips_mode = 1;

  return _gcry_cipher_gcm_initiv (c, iv, ivlen);

There is another commit [1] that fixes the counter overflow handling in AES-GCM.

What is needed to have AES-GCM working in FIPS mode?

[0] https://dev.gnupg.org/rC56d352d6bdcf7abaa33c3399741f5063e2ddc32a
[1] https://dev.gnupg.org/rC3caf35a49cb62fb59834b5027ff299e2363a03c4


pmgdeb created this task.Mar 10 2020, 11:31 AM
werner added a subscriber: werner.Mar 10 2020, 4:13 PM

This requires re-evaluation of Libgcrypt to match the current FIPS specs.

werner triaged this task as Low priority.Mar 12 2020, 9:59 AM
werner moved this task from Backlog to For 1.9 on the libgcrypt board.Thu, Jan 7, 11:40 AM
werner moved this task from For 1.9 to FIPS on the libgcrypt board.Thu, Jan 7, 5:59 PM
werner moved this task from FIPS to For 1.10 on the libgcrypt board.Mon, Jan 18, 7:04 PM