Page MenuHome GnuPG

RSA/DSA keygen modification for FIPS/ACVP testing
Testing, HighPublic

Description

In FIPS we need to accept different key sized than just 2k and 3k. According to NIST.FIPS.186-5 draft, it should be perfectly fine.

For DSA keygen, we need to be able to generate keys based on P and Q parameters for ACVP testing to be able to verify the result.

Revisions and Commits

Event Timeline

Do we really need to support DSA in FIPS mode? I mean standard DSA and not ECDSA.

werner triaged this task as High priority.Fri, Oct 8, 3:34 PM

sorry for a confusion. We do not plan to certify DSA so disregard the second part of the patch.

Applied the RSA part.

Aside of DSA should be certified or not...

For the DSA part, yes, I know that there has been a patch for DSA, but it was originally written for older libgcrypt (<= 1.8.4). And it's not relevant to apply it directly to master.

I think that DSA for FIPS 186-3 was fixed in rC30ed9593f632: Fix DSA for FIPS 186-3..

If really needed, we should check the intention/meaning of the DSA part of the patch. At least, removing call of sexp_release (deriveparm) is wrong.

gniibe changed the task status from Open to Testing.Thu, Oct 14, 9:28 AM
gniibe added a project: Testing.

( No need to certify the DSA things)