Page MenuHome GnuPG

FIPSTag
ActivePublic

Details

Description

FIPS related

Recent Activity

Yesterday

gniibe added a comment to T6039: FIPS: Allow salt=NULL (or shorter salt) for HKDF.

The change allows internal use of HMAC with shorter key.

Fri, Jun 24, 2:59 AM · libgcrypt, FIPS
gniibe added a comment to T6039: FIPS: Allow salt=NULL (or shorter salt) for HKDF.

Considering again, I concluded the patch above should be applied.
The use of SALT in HKDF may be not secret and there are valid use cases with no last or shorter salt. It's different to the use case of HMAC, where KEY is secret.

Fri, Jun 24, 1:59 AM · libgcrypt, FIPS

Wed, Jun 22

gniibe added projects to T6039: FIPS: Allow salt=NULL (or shorter salt) for HKDF: FIPS, libgcrypt.
Wed, Jun 22, 3:48 AM · libgcrypt, FIPS

Thu, Jun 16

gniibe added a comment to T5964: gnupg should use the KDFs implemented in libgcrypt.

I pushed the change needed for GnuPG to t5964 branch.

Thu, Jun 16, 8:47 AM · gnupg (gpg23), FIPS, libgcrypt, Feature Request
gniibe added a comment to T5964: gnupg should use the KDFs implemented in libgcrypt.

Added HKDF implementation to master.

Thu, Jun 16, 8:18 AM · gnupg (gpg23), FIPS, libgcrypt, Feature Request

Tue, Jun 7

gniibe added a comment to T5964: gnupg should use the KDFs implemented in libgcrypt.

I can only find this one: https://github.com/patrickfav/singlestep-kdf/wiki/NIST-SP-800-56C-Rev1:-Non-Official-Test-Vectors

Tue, Jun 7, 8:51 AM · gnupg (gpg23), FIPS, libgcrypt, Feature Request

Tue, May 31

gniibe moved T5975: Allow signature verification using specific RSA keys <2k in FIPS mode from Next to Done on the FIPS board.
Tue, May 31, 11:16 AM · Testing, patch, libgcrypt, FIPS, Feature Request
gniibe added a comment to T5964: gnupg should use the KDFs implemented in libgcrypt.

I learned that it's now called "OneStep KDF" in SP 800-56Cr2.
It's "SSKDF" in OpenSSL (Single Step KDF, perhaps).

Tue, May 31, 8:17 AM · gnupg (gpg23), FIPS, libgcrypt, Feature Request

Fri, May 27

sergi added a watcher for FIPS: sergi.
Fri, May 27, 10:08 PM

May 23 2022

DemiMarie added a comment to T5975: Allow signature verification using specific RSA keys <2k in FIPS mode.

I can imagine thar there are use cases for this. Thus I see no problems for the first part.

The second part is imho not a good idea. Libgcrypt is a building block for all kind of software and there are for sure legitimate reasons to use rsa512 (MCUs, short living keys, etc). Thus I think that the decision on the key size should be done by the software using libgcrypt.

May 23 2022, 5:56 PM · Testing, patch, libgcrypt, FIPS, Feature Request

May 19 2022

gniibe claimed T5975: Allow signature verification using specific RSA keys <2k in FIPS mode.

Pushed the change (master and 1.10).

May 19 2022, 3:50 AM · Testing, patch, libgcrypt, FIPS, Feature Request
gniibe added a comment to T5964: gnupg should use the KDFs implemented in libgcrypt.

At first, we need to add/enhance new API for KDF in libgcrypt. Currently, the term "KDF" in libgcrypt is used with narrower focus, that is, only for password->key KDF.

May 19 2022, 3:43 AM · gnupg (gpg23), FIPS, libgcrypt, Feature Request

May 17 2022

werner moved T5975: Allow signature verification using specific RSA keys <2k in FIPS mode from Backlog to Next on the FIPS board.
May 17 2022, 11:12 AM · Testing, patch, libgcrypt, FIPS, Feature Request
werner raised the priority of T4873: Enable AES GCM in FIPS mode from Low to Normal.
May 17 2022, 11:09 AM · FIPS, libgcrypt, Feature Request
werner moved T5964: gnupg should use the KDFs implemented in libgcrypt from Backlog to Next on the FIPS board.
May 17 2022, 11:07 AM · gnupg (gpg23), FIPS, libgcrypt, Feature Request
werner added a comment to T5964: gnupg should use the KDFs implemented in libgcrypt.

Lets implement it for 2.3

May 17 2022, 11:06 AM · gnupg (gpg23), FIPS, libgcrypt, Feature Request
werner assigned T5964: gnupg should use the KDFs implemented in libgcrypt to gniibe.
May 17 2022, 11:06 AM · gnupg (gpg23), FIPS, libgcrypt, Feature Request

May 13 2022

Jakuje added a comment to T5975: Allow signature verification using specific RSA keys <2k in FIPS mode.

Ok. Thank you for the clarification. I will drop the second part and keep only the FIPS change in the patch. Merge request already updated.

May 13 2022, 11:17 AM · Testing, patch, libgcrypt, FIPS, Feature Request
werner triaged T5975: Allow signature verification using specific RSA keys <2k in FIPS mode as Normal priority.

I can imagine thar there are use cases for this. Thus I see no problems for the first part.

May 13 2022, 8:00 AM · Testing, patch, libgcrypt, FIPS, Feature Request

May 12 2022

Jakuje created T5975: Allow signature verification using specific RSA keys <2k in FIPS mode.
May 12 2022, 2:53 PM · Testing, patch, libgcrypt, FIPS, Feature Request

May 6 2022

gniibe moved T5933: libgcrypt: Simply use BSS (not secure heap) for DRBG instance from Next to Done on the FIPS board.
May 6 2022, 2:31 AM · backport, Testing, FIPS, libgcrypt
gniibe moved T5919: libgcrypt tests/basic.c and tests/keygen.c occasionally fail with "error generating RSA key: Number is not prime" from Next to Done on the FIPS board.
May 6 2022, 2:31 AM · backport, Testing, FIPS, libgcrypt, Bug Report
gniibe moved T5918: Disable RSA PKCS #1.5 encryption in FIPS mode from Next to Done on the FIPS board.
May 6 2022, 2:31 AM · backport, Testing, libgcrypt, FIPS, Bug Report
gniibe closed T5929: gnupg fails to add ssh key to control entry in FIPS mode with libgcrypt 1.10.1 as Resolved.
May 6 2022, 2:16 AM · FIPS, gnupg (gpg23), Bug Report

May 5 2022

werner triaged T5964: gnupg should use the KDFs implemented in libgcrypt as Normal priority.

When we implemented this first, Libgcrypt had no appropriate KDF support. I recall that I considered to change this but it turned out the for 2.2 the changes are too large. For 2.3 we will consider such a change.

May 5 2022, 8:40 AM · gnupg (gpg23), FIPS, libgcrypt, Feature Request

May 4 2022

Jakuje created T5964: gnupg should use the KDFs implemented in libgcrypt.
May 4 2022, 3:16 PM · gnupg (gpg23), FIPS, libgcrypt, Feature Request

May 3 2022

gniibe added a project to T5933: libgcrypt: Simply use BSS (not secure heap) for DRBG instance: backport.
May 3 2022, 11:22 AM · backport, Testing, FIPS, libgcrypt
werner added a project to T5919: libgcrypt tests/basic.c and tests/keygen.c occasionally fail with "error generating RSA key: Number is not prime": backport.
May 3 2022, 11:21 AM · backport, Testing, FIPS, libgcrypt, Bug Report
werner added a project to T5918: Disable RSA PKCS #1.5 encryption in FIPS mode: backport.
May 3 2022, 11:17 AM · backport, Testing, libgcrypt, FIPS, Bug Report
gniibe moved T5933: libgcrypt: Simply use BSS (not secure heap) for DRBG instance from Backlog to Next on the FIPS board.
May 3 2022, 10:58 AM · backport, Testing, FIPS, libgcrypt
gniibe moved T5929: gnupg fails to add ssh key to control entry in FIPS mode with libgcrypt 1.10.1 from Next to Done on the FIPS board.
May 3 2022, 10:58 AM · FIPS, gnupg (gpg23), Bug Report
gniibe removed a project from T5929: gnupg fails to add ssh key to control entry in FIPS mode with libgcrypt 1.10.1: Testing.
May 3 2022, 10:57 AM · FIPS, gnupg (gpg23), Bug Report
gniibe added a comment to T5929: gnupg fails to add ssh key to control entry in FIPS mode with libgcrypt 1.10.1.

Fixed in GnuPG 2.3.5.

May 3 2022, 10:57 AM · FIPS, gnupg (gpg23), Bug Report
gniibe added a project to T5918: Disable RSA PKCS #1.5 encryption in FIPS mode: Testing.
May 3 2022, 10:49 AM · backport, Testing, libgcrypt, FIPS, Bug Report
gniibe added a project to T5929: gnupg fails to add ssh key to control entry in FIPS mode with libgcrypt 1.10.1: Testing.
May 3 2022, 10:48 AM · FIPS, gnupg (gpg23), Bug Report
gniibe added a project to T5919: libgcrypt tests/basic.c and tests/keygen.c occasionally fail with "error generating RSA key: Number is not prime": Testing.
May 3 2022, 10:48 AM · backport, Testing, FIPS, libgcrypt, Bug Report
gniibe added a project to T5933: libgcrypt: Simply use BSS (not secure heap) for DRBG instance: Testing.
May 3 2022, 10:46 AM · backport, Testing, FIPS, libgcrypt

Apr 20 2022

neverpanic added a comment to T5919: libgcrypt tests/basic.c and tests/keygen.c occasionally fail with "error generating RSA key: Number is not prime".

Feedback from the lab is that they'd recommend returning a specific error code that indicates that the prime search failed and then relying on the caller to decide whether to loop or bubble up the error. I'm not sure who we would consider to be the "caller" of the relevant generation function in this case, though.

Apr 20 2022, 12:06 PM · backport, Testing, FIPS, libgcrypt, Bug Report
werner triaged T5918: Disable RSA PKCS #1.5 encryption in FIPS mode as High priority.
Apr 20 2022, 8:45 AM · backport, Testing, libgcrypt, FIPS, Bug Report
werner triaged T5933: libgcrypt: Simply use BSS (not secure heap) for DRBG instance as Normal priority.

Full ack.

Apr 20 2022, 8:45 AM · backport, Testing, FIPS, libgcrypt
gniibe added a comment to T5933: libgcrypt: Simply use BSS (not secure heap) for DRBG instance.

Here is my proposal patch:

diff --git a/random/random-drbg.c b/random/random-drbg.c
index 5a46fd92..f1cfe286 100644
--- a/random/random-drbg.c
+++ b/random/random-drbg.c
@@ -341,6 +341,9 @@ enum drbg_prefixes
  * Global variables
  ***************************************************************/
Apr 20 2022, 2:39 AM · backport, Testing, FIPS, libgcrypt
gniibe created T5933: libgcrypt: Simply use BSS (not secure heap) for DRBG instance.
Apr 20 2022, 2:37 AM · backport, Testing, FIPS, libgcrypt

Apr 19 2022

gniibe moved T5918: Disable RSA PKCS #1.5 encryption in FIPS mode from Backlog to Next on the FIPS board.
Apr 19 2022, 11:27 AM · backport, Testing, libgcrypt, FIPS, Bug Report
gniibe claimed T5918: Disable RSA PKCS #1.5 encryption in FIPS mode.
Apr 19 2022, 11:27 AM · backport, Testing, libgcrypt, FIPS, Bug Report
gniibe moved T5919: libgcrypt tests/basic.c and tests/keygen.c occasionally fail with "error generating RSA key: Number is not prime" from Backlog to Next on the FIPS board.
Apr 19 2022, 11:07 AM · backport, Testing, FIPS, libgcrypt, Bug Report
gniibe moved T5929: gnupg fails to add ssh key to control entry in FIPS mode with libgcrypt 1.10.1 from Backlog to Next on the FIPS board.
Apr 19 2022, 11:07 AM · FIPS, gnupg (gpg23), Bug Report
gniibe claimed T5919: libgcrypt tests/basic.c and tests/keygen.c occasionally fail with "error generating RSA key: Number is not prime".
Apr 19 2022, 11:01 AM · backport, Testing, FIPS, libgcrypt, Bug Report
neverpanic added a comment to T5919: libgcrypt tests/basic.c and tests/keygen.c occasionally fail with "error generating RSA key: Number is not prime".

That sounds reasonable. The FIPS 186-5 draft (https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5-draft.pdf) covers this in section A.1.3, although I'm not quite sure why a lower bound for p was chosen compared to q. The comment that seems to have triggered this change is published on page 68 of https://csrc.nist.gov/CSRC/media/Publications/fips/186/4/final/documents/comments-received-fips186-4-december-2015.pdf by Allen Roginsky. It only contains a suggestion of 20, presumably for both numbers.

Apr 19 2022, 9:53 AM · backport, Testing, FIPS, libgcrypt, Bug Report

Apr 18 2022

gniibe added a comment to T5919: libgcrypt tests/basic.c and tests/keygen.c occasionally fail with "error generating RSA key: Number is not prime".

I checked FIPS 186-4 (and FIPS 186-5-draft). It is Appendix A 1.3.

Apr 18 2022, 3:35 AM · backport, Testing, FIPS, libgcrypt, Bug Report

Apr 14 2022

werner triaged T5930: Use the FIPS-compatible digest&sign API as Normal priority.

Passing fds etc adds complex extra code to gpg-agent. This was not the original design goal, although we violated this anyway by have some OpenPGP specific code there. This needs more thinking. Due to our internal use of OCB we can't make it FIPS compliant without large changes.

Apr 14 2022, 1:42 PM · FIPS, gnupg (gpg23), Feature Request