[gnutls-help] ECDH internal functions and FIPS140-2 mode
Daiki Ueno
ueno at gnu.org
Mon Feb 22 18:22:22 CET 2021
Forwarding this to the list, with Stephan's permission :-)
Stephan Mueller <smueller at chronox.de> writes:
> Am Montag, dem 22.02.2021 um 16:10 +0100 schrieb Daiki Ueno:
>> Hello,
>>
> Hi Daiki,
>>
>> Yes, that would be very useful. What I am concerned with this is how it
>> would affect FIPS140-2 validation. Once they become part of the public
>> API, we may need to add checks to meet the SP800-56A requirements when
>> they are called under FIPS140-2 mode. Having said that, I guess the
>> implementation of such checks wouldn't be that hard. Stephan (Cc'ed)
>> might have some opinion on that.
>
> The impact on FIPS is as follows:
>
> - If the newly conceived ECDH API only available in non-FIPS mode, we have no
> impact.
>
> - If the newly conceived ECDH API is only meant to be an "internal" API that
> is not supposed to be used by normal users, we are fine.
>
> - If the newly conceived API is to be used as a truly normal API that offers
> generic (EC)DH operation, the following recently added checks must be invoked
> by this API:
>
> * the received remote public key must be validated
>
> * during local key pair generation, the key pair must be validated
>
> * after generating the shared secret, it must be validated
>
>
> When offering a general (EC)DH API, you also need to make sure that in FIPS
> mode only the approved parameters are allowed:
>
> * ECC: NIST curves (when FIPS 186-5 is released, also other curves
> are allowed)
>
> * FFC: MODP groups >= 2048 or PQG values generated compliant to
> SP800-56A rev 1. Note, if PQG values other than MODP are used, a full key
> validation of the remote public key must be performed which requires the
> presence of Q!
>
> Ciao
> Stephan
>
>
>>
>> Regards,
>
>
>
> !DSPAM:6033ce9213789401000011206!
More information about the Gnutls-help
mailing list