Thanks very much Kyle !! Lemme see if I can make some progress with that 1.2.0 code-base on this.
- Nilay On Tue, Jul 8, 2008 at 5:17 PM, Kyle Hamilton <[EMAIL PROTECTED]> wrote: > fips-1.1 is "not available", fips-1.1.1 is "revoked", fips-1.1.2 is > current (without DH), fips-1.2.0 is currently submitted for > validation. Steve M (of the OSS Institute, which is the sponsor for > the validation) stated that the fast-tracking of the fips-1.1.2 > validation was possible because of the changes to the PRNG, but that > the requirements for DH validation changed between the validation of > 1.1.1 and 1.1.2. He has also stated that changes necessary for DH > validation have been integrated into the 1.2.0 codebase. (Since I'm > not intimately familiar with the code, I can't say one way or the > other.) > > However, the code that was submitted for validation as fips-1.2.0 can > be found at ftp://ftp.openssl.org/snapshot/openssl-fips-test-1.2.0.tar.gz > if you're interested in poking at it. > > -Kyle H > > On Tue, Jul 8, 2008 at 3:36 AM, Nilay Tripathi <[EMAIL PROTECTED]> > wrote: > > Thanks Kyle, > > > > Yes I was looking at fips-1.1.2 version only. > > Can you help me with some information, whether FIPS compliance for DH in > > openssl is available already in some other revision or expected in which > > future release down the line. > > > > Also, since the generation of 'q' cyclic order public key does not look > > deterministic to me, what is the approach which can be taken to tackle > this > > compliance issue. > > > > Appreciate your help!! > > Nilay > > > > > > On Tue, Jul 8, 2008 at 3:48 PM, Kyle Hamilton <[EMAIL PROTECTED]> > wrote: > >> > >> fips-1.1.2 does not have validation for Diffie-Hellmann. > >> > >> Which version are you looking at? > >> > >> -Kyle H > >> > >> On Tue, Jul 8, 2008 at 2:57 AM, Nilay Tripathi <[EMAIL PROTECTED]> > >> wrote: > >> > Hi All, > >> > > >> > I have a query regarding FIPS compliance for Diffie-Hellman api's in > the > >> > openssl stack. > >> > > >> > FIPS uses the recommendation for pairwise-key establishment schemes > from > >> > NIST. Document is SP800-56A. Rev.1 > >> > > >> > As per FIPS compliance requirement for DH, there are a couple of KAT > >> > (Known Answer Test) specified in the aforementioned document (which > are > >> > specified in Sec. 5.6.2.4 and Sec. 5.7.1.1). > >> > [Sec. 5.6.2.4 - FFC Full Public Key Validation] > >> > [Sec. 5.7.1.1 - FFC DH Primitive] > >> > > >> > Generating 'p' randomly as a safe prime and using 'g' order as 5, the > >> > keys generated are not consistently passing Sec 5.6.2.4 KAT test. The > >> > public key does not fall into 'q' cyclic group where 'q' is defined as > >> > [q=(p-1)/2] and is a prime number. > >> > If I loop for few times I do get such generated values which passes > this > >> > KAT. But I was expecting that FIPS compliant DH api's in openssl stack > >> > will generate and return only such values which satisfy this KAT. > >> > > >> > The only difference I found in normal and FIPS compliant DH code is > that > >> > in latter, FIPS_self_tests api is also called; which really doesn't > help > >> > in the issue noted above. > >> > > >> > I would really appreciate if anyone can throw some light on the state > >> > and any development on this issue. > >> > > >> > Regards, > >> > Nilay Tripathi > >> > One Convergence > >> ______________________________________________________________________ > >> OpenSSL Project http://www.openssl.org > >> Development Mailing List [email protected] > >> Automated List Manager [EMAIL PROTECTED] > > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [email protected] > Automated List Manager [EMAIL PROTECTED] >
