Page MenuHome GnuPG
Create Task
Maniphest T6394

FIPS requires running PCT tests unconditionally
Closed, ResolvedPublic
Actions

Description

The ECC key generator support the no-keytest, but this is no longer allowed by the FIPS. From ISO 19790:

  • PCT shall be executed for every generated key pair.

This means in case of FIPS we need to either ignore this flag in the ECC code or forbid use of this flag altogether.

I tend to the first option, skipping the check directly in the ECC code:

From c7bc82f56d6ebd27111ac0607f4369e2875d7553 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 1 Mar 2023 15:42:29 +0100
Subject: [PATCH] ecc: Do not allow skipping tests in FIPS Mode

The new FIPS specification requires to run the PCT without any
exceptions.

--
* cipher/ecc.c (ecc_generate): Do not allow skipping tests PCT tests in
  FIPS mode.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
 cipher/ecc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cipher/ecc.c b/cipher/ecc.c
index 1e80200e..797f2368 100644
--- a/cipher/ecc.c
+++ b/cipher/ecc.c
@@ -677,7 +677,7 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
         log_debug ("ecgen result  using Ed25519+EdDSA\n");
     }
 
-  if (!(flags & PUBKEY_FLAG_NO_KEYTEST) && fips_mode ())
+  if (fips_mode ())
     test_keys_fips (*r_skey);
 
  leave:
-- 
2.39.1

Details

Version
master, 1.10.x

Revisions and Commits

rC libgcrypt
rC2ddeec574bc1 ecc: Do not allow skipping tests in FIPS Mode.

Event Timeline

Jakuje created this task.Mar 1 2023, 3:57 PM
werner triaged this task as Normal priority.Mar 2 2023, 11:46 AM
werner added a subscriber: werner.

Agreed

Jakuje added a comment.Mar 6 2023, 4:49 PM

We discussed this further with the lab and there are more problematic flags that we need to "cut" and we can not do that always in the code as for example the RFC6979 (deterministic ECDSA signatures) are not allowed in the current version of the FIPS documents, but it is used in the selftests (which is weirdly enough allowed) so we just need to mark it unapproved. Lets discuss this further tomorrow.

gniibe added a commit: rC2ddeec574bc1: ecc: Do not allow skipping tests in FIPS Mode..Mar 7 2023, 3:42 AM
gniibe claimed this task.Mar 7 2023, 3:42 AM
gniibe added a subscriber: gniibe.

Applied to both (of 1.10 and master).

gniibe moved this task from Backlog to Next on the FIPS board.Mar 7 2023, 3:43 AM
gniibe changed the task status from Open to Testing.Mar 8 2023, 1:47 AM
gniibe moved this task from Next to Ready for release on the FIPS board.
gniibe added a comment.Apr 13 2023, 3:15 AM

Fixed in 1.10.2.

gniibe closed this task as Resolved.Apr 13 2023, 3:17 AM