Page MenuHome GnuPG

FIPSTag
ActivePublic

Details

Description

FIPS related

Recent Activity

Today

gniibe added a comment to T7338: Revamp the FIPS service indicator.

It seems that the internal API is not enough.
Now, we have _gcry_md_hash_buffer function with the new FIPS service indicator.
It's used for public key crypto, too.
The compliance for hash function is a part of public key crypto, but not all.

Fri, Dec 6, 6:54 AM · libgcrypt, FIPS, Feature Request
gniibe added a comment to T7338: Revamp the FIPS service indicator.

A change for gcry_md_hash_* functions are pushed by rC3478caac62c7: fips,md: Implement new FIPS service indicator for gcry_md_hash_*..
It doesn't have tests with FIPS service indicator yet.

Fri, Dec 6, 6:40 AM · libgcrypt, FIPS, Feature Request

Yesterday

gniibe added a comment to T7338: Revamp the FIPS service indicator.

New external API is by GCRYCTL_FIPS_SERVICE_INDICATOR and/or the new macro gcry_get_fips_service_indicator.
This change is pushed by rCf51f4e98930e: fips: Introduce GCRYCTL_FIPS_SERVICE_INDICATOR and the macro.

Thu, Dec 5, 3:37 AM · libgcrypt, FIPS, Feature Request
gniibe added a comment to T7338: Revamp the FIPS service indicator.

New internal API is introduced with T7340 by the commit rCe1cf31232825: fips: Introduce an internal API for FIPS service indicator.

Thu, Dec 5, 3:30 AM · libgcrypt, FIPS, Feature Request
gniibe changed the status of T7340: Introduced a context with thread local storage, a subtask of T7338: Revamp the FIPS service indicator, from Open to Testing.
Thu, Dec 5, 3:28 AM · libgcrypt, FIPS, Feature Request
gniibe changed the status of T7340: Introduced a context with thread local storage from Open to Testing.

Change is pushed by rCe1cf31232825: fips: Introduce an internal API for FIPS service indicator.

Thu, Dec 5, 3:28 AM · libgcrypt, FIPS, Feature Request

Nov 4 2024

werner triaged T7338: Revamp the FIPS service indicator as High priority.
Nov 4 2024, 12:54 PM · libgcrypt, FIPS, Feature Request

Oct 24 2024

gniibe added a comment to T7340: Introduced a context with thread local storage.

I created a branch: https://dev.gnupg.org/source/libgcrypt/history/gniibe%252Ft7340/

Oct 24 2024, 3:27 AM · libgcrypt, FIPS, Feature Request

Oct 16 2024

gniibe added a comment to T7340: Introduced a context with thread local storage.

Autoconf archive has AX_TLS: https://www.gnu.org/software/autoconf-archive/ax_tls.html
Also, AX_GCC_VAR_ATTRIBUTE(tls_model) could be used: https://www.gnu.org/software/autoconf-archive/ax_gcc_var_attribute.html

Oct 16 2024, 7:31 AM · libgcrypt, FIPS, Feature Request
gniibe updated the task description for T7340: Introduced a context with thread local storage.
Oct 16 2024, 7:28 AM · libgcrypt, FIPS, Feature Request
gniibe updated the task description for T7340: Introduced a context with thread local storage.
Oct 16 2024, 7:22 AM · libgcrypt, FIPS, Feature Request
gniibe triaged T7340: Introduced a context with thread local storage as Normal priority.
Oct 16 2024, 7:21 AM · libgcrypt, FIPS, Feature Request

Oct 15 2024

gniibe claimed T7338: Revamp the FIPS service indicator.
Oct 15 2024, 11:25 AM · libgcrypt, FIPS, Feature Request
werner created T7338: Revamp the FIPS service indicator.
Oct 15 2024, 11:24 AM · libgcrypt, FIPS, Feature Request

Jun 19 2024

werner closed T6976: RSA PKCS#1v1.5 signatures with SHA3 use invalid encoding as Resolved.
Jun 19 2024, 12:11 PM · FIPS, libgcrypt, Bug Report
werner closed T6557: Support of SHAKE in MGF function of RSA, a subtask of T6539: The digest&sign/verify API with SHAKE-class digests does not work, as Resolved.
Jun 19 2024, 12:10 PM · libgcrypt, FIPS, Bug Report
werner closed T6557: Support of SHAKE in MGF function of RSA as Resolved.
Jun 19 2024, 12:10 PM · libgcrypt, FIPS, Bug Report
werner removed a project from T5964: gnupg should use the KDFs implemented in libgcrypt: libgcrypt.
Jun 19 2024, 12:09 PM · gnupg26, FIPS, Feature Request

May 8 2024

werner closed T6511: EdDSA support in FIPS mode as Resolved.
May 8 2024, 8:32 AM · FIPS, libgcrypt, Bug Report

May 7 2024

Jakuje added a comment to T6511: EdDSA support in FIPS mode.

I think so. We did not submit a modules for recertification with these changes, but we do not plan this in close future so you can consider it completed.

May 7 2024, 3:01 PM · FIPS, libgcrypt, Bug Report
werner added a comment to T6511: EdDSA support in FIPS mode.

Can we close this?

May 7 2024, 2:44 PM · FIPS, libgcrypt, Bug Report

Apr 3 2024

werner closed T6515: GPG in FIPS mode spits out useless "out of core handler ignored in FIPS mode" message on every execution as Resolved.
Apr 3 2024, 9:28 AM · FIPS, Bug Report

Feb 9 2024

gniibe changed the status of T6976: RSA PKCS#1v1.5 signatures with SHA3 use invalid encoding from Open to Testing.

Applied the change. I write the ChangeLog entry by commit message.

Feb 9 2024, 8:32 AM · FIPS, libgcrypt, Bug Report

Feb 7 2024

werner triaged T6976: RSA PKCS#1v1.5 signatures with SHA3 use invalid encoding as Normal priority.
Feb 7 2024, 9:20 AM · FIPS, libgcrypt, Bug Report
werner added projects to T6976: RSA PKCS#1v1.5 signatures with SHA3 use invalid encoding: libgcrypt, FIPS.
Feb 7 2024, 9:17 AM · FIPS, libgcrypt, Bug Report

Nov 15 2023

gniibe closed T6539: The digest&sign/verify API with SHAKE-class digests does not work as Resolved.

The fix is in 1.10.3.

Nov 15 2023, 1:02 AM · libgcrypt, FIPS, Bug Report
gniibe closed T6507: SCRYPT does not work in FIPS mode as Resolved.

Fix is in 1.10.3.

Nov 15 2023, 12:54 AM · libgcrypt, FIPS, Bug Report

Nov 14 2023

werner closed T6217: sha3: wrong results for large inputs as Resolved.
Nov 14 2023, 1:18 PM · libgcrypt, FIPS, Bug Report
werner closed T4873: Enable AES GCM in FIPS mode as Resolved.
Nov 14 2023, 1:17 PM · FIPS, libgcrypt, Feature Request
werner closed T4873: Enable AES GCM in FIPS mode, a subtask of T5870: libgcrypt: AEAD API for FIPS 140 (in future), as Resolved.
Nov 14 2023, 1:17 PM · Feature Request, FIPS, libgcrypt
werner moved T6217: sha3: wrong results for large inputs from Backlog to For 1.10 on the libgcrypt board.
Nov 14 2023, 1:14 PM · libgcrypt, FIPS, Bug Report

Aug 8 2023

werner moved T6515: GPG in FIPS mode spits out useless "out of core handler ignored in FIPS mode" message on every execution from Backlog to Ready for release on the FIPS board.
Aug 8 2023, 11:08 AM · FIPS, Bug Report

Jun 28 2023

gniibe changed the status of T6539: The digest&sign/verify API with SHAKE-class digests does not work from Open to Testing.

Add the check of digest algorithm for EdDSA in: rCd15fe6aac10b: cipher:ecc:fips: Only allow defined digest algo for EdDSA.

Jun 28 2023, 7:23 AM · libgcrypt, FIPS, Bug Report
gniibe added a comment to T6539: The digest&sign/verify API with SHAKE-class digests does not work.

No, there are use cases in GnuPG, where we specify the hash algo for signing, and our own tests/benchmark.c.

Jun 28 2023, 3:54 AM · libgcrypt, FIPS, Bug Report
gniibe added a comment to T6539: The digest&sign/verify API with SHAKE-class digests does not work.

For the first issue, I added a check in: rCf65c30d470f5: cipher:ecc:fips: Reject use of SHAKE when it's ECDSA with RFC6979.

Jun 28 2023, 3:52 AM · libgcrypt, FIPS, Bug Report

Jun 27 2023

Jakuje added a comment to T6539: The digest&sign/verify API with SHAKE-class digests does not work.

From the FIPS 186-5 there are some limitations to use the SHAKE in FIPS Mode that we will have to reflect:

Jun 27 2023, 5:22 PM · libgcrypt, FIPS, Bug Report

Jun 23 2023

gniibe added a comment to T6557: Support of SHAKE in MGF function of RSA.

Pushed a change in master.

Jun 23 2023, 6:00 AM · libgcrypt, FIPS, Bug Report
gniibe changed the status of T6557: Support of SHAKE in MGF function of RSA, a subtask of T6539: The digest&sign/verify API with SHAKE-class digests does not work, from Open to Testing.
Jun 23 2023, 6:00 AM · libgcrypt, FIPS, Bug Report
gniibe changed the status of T6557: Support of SHAKE in MGF function of RSA from Open to Testing.
Jun 23 2023, 6:00 AM · libgcrypt, FIPS, Bug Report
gniibe updated the task description for T6557: Support of SHAKE in MGF function of RSA.
Jun 23 2023, 3:28 AM · libgcrypt, FIPS, Bug Report
gniibe renamed T6557: Support of SHAKE in MGF function of RSA from Support of SHAKE in MGF1 function of RSA to Support of SHAKE in MGF function of RSA.
Jun 23 2023, 3:27 AM · libgcrypt, FIPS, Bug Report
gniibe triaged T6557: Support of SHAKE in MGF function of RSA as Normal priority.
Jun 23 2023, 2:41 AM · libgcrypt, FIPS, Bug Report

Jun 22 2023

gniibe added a comment to T6539: The digest&sign/verify API with SHAKE-class digests does not work.

I found the case of X.509, which also uses fixed length output for RSA-PSS and ECDSA: https://www.rfc-editor.org/rfc/rfc8692.html

Jun 22 2023, 7:29 AM · libgcrypt, FIPS, Bug Report

Jun 20 2023

Jakuje added a comment to T6539: The digest&sign/verify API with SHAKE-class digests does not work.

Thank you for having a look into that! The proposed patch looks good. Should we have this change also in master?

Jun 20 2023, 1:58 PM · libgcrypt, FIPS, Bug Report

Jun 19 2023

gniibe added a comment to T6539: The digest&sign/verify API with SHAKE-class digests does not work.

Here is a possible change (... to master, assuming it's good to support use case of RFC 8702):

diff --git a/cipher/keccak.c b/cipher/keccak.c
index 22c40302..76e08cb5 100644
--- a/cipher/keccak.c
+++ b/cipher/keccak.c
@@ -1630,8 +1630,8 @@ const gcry_md_spec_t _gcry_digest_spec_sha3_512 =
 const gcry_md_spec_t _gcry_digest_spec_shake128 =
   {
     GCRY_MD_SHAKE128, {0, 1},
-    "SHAKE128", shake128_asn, DIM (shake128_asn), oid_spec_shake128, 0,
-    shake128_init, keccak_write, keccak_final, NULL, keccak_extract,
+    "SHAKE128", shake128_asn, DIM (shake128_asn), oid_spec_shake128, 32,
+    shake128_init, keccak_write, keccak_final, keccak_read, keccak_extract,
     _gcry_shake128_hash_buffers,
     sizeof (KECCAK_CONTEXT),
     run_selftests
@@ -1639,8 +1639,8 @@ const gcry_md_spec_t _gcry_digest_spec_shake128 =
 const gcry_md_spec_t _gcry_digest_spec_shake256 =
   {
     GCRY_MD_SHAKE256, {0, 1},
-    "SHAKE256", shake256_asn, DIM (shake256_asn), oid_spec_shake256, 0,
-    shake256_init, keccak_write, keccak_final, NULL, keccak_extract,
+    "SHAKE256", shake256_asn, DIM (shake256_asn), oid_spec_shake256, 64,
+    shake256_init, keccak_write, keccak_final, keccak_read, keccak_extract,
     _gcry_shake256_hash_buffers,
     sizeof (KECCAK_CONTEXT),
     run_selftests
Jun 19 2023, 4:53 AM · libgcrypt, FIPS, Bug Report
gniibe added a comment to T6539: The digest&sign/verify API with SHAKE-class digests does not work.

Reading RFC 8702, I realized that it defines the hash size in the use of CMS as: SHAKE128 : 32-byte SHAKE256 : 64-byte.

Jun 19 2023, 4:47 AM · libgcrypt, FIPS, Bug Report
gniibe added a comment to T6539: The digest&sign/verify API with SHAKE-class digests does not work.

Applied rC8cdd0d353e19: cipher:pubkey: Check digest size which should not be zero. for 1.10.

Jun 19 2023, 4:36 AM · libgcrypt, FIPS, Bug Report

Jun 16 2023

gniibe claimed T6539: The digest&sign/verify API with SHAKE-class digests does not work.
Jun 16 2023, 9:36 AM · libgcrypt, FIPS, Bug Report
gniibe added a comment to T6539: The digest&sign/verify API with SHAKE-class digests does not work.

I found this use case: RFC 8702
"Use of the SHAKE One-Way Hash Functions in the Cryptographic Message Syntax (CMS)": https://www.rfc-editor.org/rfc/rfc8702.html

Jun 16 2023, 9:35 AM · libgcrypt, FIPS, Bug Report
gniibe added a comment to T6539: The digest&sign/verify API with SHAKE-class digests does not work.

Another possibility for digest&sign API: it is possible to determine the length of required hash function by the underlining field Fp of the curve in use. Then, use this length instead. It's better than to (try to) get the length by _gcry_md_get_algo_dlen (for SHAKE, it's undefined).

Jun 16 2023, 9:16 AM · libgcrypt, FIPS, Bug Report