SCRYPT does not work in FIPS mode
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Jakuje
	May 30 2023, 11:33 AM

Description

The pkbdf2 does not allow low iterations <1000 in FIPS mode as required by SP 800-132 sec 5.2, p.6 since f4a861f3e5ae82f278284061e4829c03edf9c3a7. But the side effect of this change is that the SCRYPT KDF fails this test as it runs PBKDF2 with 1 iteration internally.

This is not an issue for the certification as the SCRYPT is not FIPS approved, but given that the KDF's use FIPS service indicator using GCRYCTL_FIPS_SERVICE_INDICATOR_KDF, it should keep working.

My proposal would be moving the checks out of the _gcry_kdf_pkdf2() to the _gcry_kdf_derive() to make them effective only for the "external callers", but there might be better ways, what do you think?

Details

Version: master, 1.10.x

Revisions and Commits

rC libgcrypt
	rCf4bff832c7f5 cipher:kdf: Move FIPS mode check to _gcry_kdf_derive.

Related Objects

Mentioned Here: rCf4a861f3e5ae: pkdf2: Add checks for FIPS.

Event Timeline

Jakuje created this task.May 30 2023, 11:33 AM

• werner triaged this task as Normal priority.May 30 2023, 1:42 PM

• gniibe added a commit: rCf4bff832c7f5: cipher:kdf: Move FIPS mode check to _gcry_kdf_derive..Jun 16 2023, 8:04 AM

Fixed in both of master and 1.10 branch.

Also, I fixed bench-slope test program (in FIPS mode) for KDF.

Possibly, SCRYPT is good to be supported by gcry_kdf_open/compute/final/close API, so that we can take advantage of many cores of modern computer.

Fix is in 1.10.3.