Enable AES GCM in FIPS mode
Open, LowPublic

Description

Since commit [0] from 2013, GCM is disabled in FIPS mode as the invocation of the _gcry_cipher_gcm_setiv function disables encryption:

gcry_err_code_t
_gcry_cipher_gcm_setiv (gcry_cipher_hd_t c, const byte *iv, size_t ivlen)
{
  c->marks.iv = 0;
  c->marks.tag = 0;
  c->u_mode.gcm.disallow_encryption_because_of_setiv_in_fips_mode = 0;

  if (fips_mode ())
    {
      /* Direct invocation of GCM setiv in FIPS mode disables encryption. */
      c->u_mode.gcm.disallow_encryption_because_of_setiv_in_fips_mode = 1;
    }

  return _gcry_cipher_gcm_initiv (c, iv, ivlen);
}

There is another commit [1] that fixes the counter overflow handling in AES-GCM.

What is needed to have AES-GCM working in FIPS mode?

[0] https://dev.gnupg.org/rC56d352d6bdcf7abaa33c3399741f5063e2ddc32a
[1] https://dev.gnupg.org/rC3caf35a49cb62fb59834b5027ff299e2363a03c4

Details

Version
master
pmgdeb created this task.Mar 10 2020, 11:31 AM
werner added a subscriber: werner.Mar 10 2020, 4:13 PM

This requires re-evaluation of Libgcrypt to match the current FIPS specs.

werner triaged this task as Low priority.Mar 12 2020, 9:59 AM