Re: suite B crypto in what version?
Hi Doctor Henson, On Mon, Aug 6, 2012 at 11:33 AM, Dr. Stephen Henson st...@openssl.org wrote: On Mon, Aug 06, 2012, Jakob Bohm wrote: Much (maybe all, I don't know) of suite B is probable in OpenSSL 1.0.1 too, but I don't have an algorithm by algorithm breakdown of inclusion status, others on this list probably have such a list. All the required suite B algorithms are supported in OpenSSL 1.0.1. Some of the suite B standards (e.g. RFC 6460) include additional requirements which aren't currently enforced by OpenSSL. Out of curiousity, what is OpenSSL using in place of MQV? A hardened version (HMQV or FHMQV)? Or is it speciifed in one of the other documents? Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: suite B crypto in what version?
On Tue, Aug 07, 2012, Jeffrey Walton wrote: Hi Doctor Henson, On Mon, Aug 6, 2012 at 11:33 AM, Dr. Stephen Henson st...@openssl.org wrote: On Mon, Aug 06, 2012, Jakob Bohm wrote: Much (maybe all, I don't know) of suite B is probable in OpenSSL 1.0.1 too, but I don't have an algorithm by algorithm breakdown of inclusion status, others on this list probably have such a list. All the required suite B algorithms are supported in OpenSSL 1.0.1. Some of the suite B standards (e.g. RFC 6460) include additional requirements which aren't currently enforced by OpenSSL. Out of curiousity, what is OpenSSL using in place of MQV? A hardened version (HMQV or FHMQV)? Or is it speciifed in one of the other documents? Ah it doesn't support MQV. It supports the necessary algorithms for some suite B standards such as RFC6460 (ECDH, ECDSA, SHA256, SHA384 and AES-GCM). As I mentioned in the other message it doesn't yet support all the additional suite B requirements. For example you can only sign using ECDSA+SHA256 with P-256 curves whereas you can use any digest with OpenSSL. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: suite B crypto in what version?
On 8/7/2012 2:52 PM, Dr. Stephen Henson wrote: On Tue, Aug 07, 2012, Jeffrey Walton wrote: Hi Doctor Henson, On Mon, Aug 6, 2012 at 11:33 AM, Dr. Stephen Henson st...@openssl.org wrote: On Mon, Aug 06, 2012, Jakob Bohm wrote: Much (maybe all, I don't know) of suite B is probable in OpenSSL 1.0.1 too, but I don't have an algorithm by algorithm breakdown of inclusion status, others on this list probably have such a list. All the required suite B algorithms are supported in OpenSSL 1.0.1. Some of the suite B standards (e.g. RFC 6460) include additional requirements which aren't currently enforced by OpenSSL. Out of curiousity, what is OpenSSL using in place of MQV? A hardened version (HMQV or FHMQV)? Or is it speciifed in one of the other documents? Ah it doesn't support MQV. It supports the necessary algorithms for some suite B standards such as RFC6460 (ECDH, ECDSA, SHA256, SHA384 and AES-GCM). As I mentioned in the other message it doesn't yet support all the additional suite B requirements. For example you can only sign using ECDSA+SHA256 with P-256 curves whereas you can use any digest with OpenSSL. Steve. I think it would be clearer if we don't use the words can and cannot for things that are permitted or not permitted by an outside entity such as NIST or NSA. may and mustnot are better for that. So here is how I understand the answers so far: 1. OpenSSL does not provide (cannot do) some of the Suite B approved algorithms and methods, thus OpenSSL can only perform some of the cryptographic operations that might be needed by Suite B protocols designed by others. 2. OpenSSL (even in FIPS mode) does not enforce the requirement that applications use *only* suite B algorithms and methods. In other words OpenSSL *can* perform other cryptographic operations that an application might need when not trying to be restricted to Suite B only. 3. OpenSSL in FIPS mode enforces the requirement that only FIPS Approved algorithms and methods are used from the universe of OpenSSL algorithms and methods. In other words OpenSSL in FIPS mode *cannot* do crypto not approved for US Federal Government use. 4. OpenSSL in FIPS mode *can* perform FIPS Approved algorithms and methods other than those included in Suite B. For instance it *can* perform most or all DSA variants permitted by the applicable FIPS specifications, such as DL based 1024 bit DSA signatures using any of the SHA-2 algorithms and ECDSA signatures using P-256 with a truncated SHA-384 hash. 5. OpenSSL (even in FIPS mode) *cannot* do some of the FIPS approved algorithms, such as SkipJack or KEA (not sure if those are still Approved) and certain variants of MQV. 5. OpenSSL(even in FIPS mode) *cannot* do some of the Suite B algorithms, such as certain variants of MQV. What would still be very useful would be a document (perhaps it exists already), listing the OpenSSL status for each of the FIPS Approved algorithms. Status is one of In Suite B or Not Suite B combined with one of In FIPS module 2.0 and OpenSSL vX.Y.Zw, In OpenSSL vX.Y.Z or Not in OpenSSL. Some lines I seem to have gathered from the conversation so far: AES-128-GCM In B FIPSmod 2.0 and OpenSSL 1.?.? AES-192-GCM In B FIPSmod 2.0 and OpenSSL 1.?.? AES-256-GCM In B FIPSmod 2.0 and OpenSSL 1.?.? TDEA-168-CBC Not B FIPSmod ?.? and OpenSSL 0.9.0 ECDSA-P-256-SHA-256 In B FIPSmod 2.0 and OpenSSL ?.?.? ECDSA-P-256-SHA-384 Not B FIPSmod 2.0 and OpenSSL ?.?.? etc. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: suite B crypto in what version?
On 8/6/2012 2:25 PM, Bruce (Riji) Cai wrote: Hi all, I want to ask, is openssl supporting NSA suite B crypto? If yes, what version of openssl contains it, does any compiling option for it? Among the requirement, aes-gcm is one of the algorithms , is the file ec_curve.c mapping to gcm? Thanks I guess ec_curve.c is one of the files for the ECC algorithms (such as ECDSA) in suite B crypto, not anything to do with AES in GCM. For US Government use, the FIPS certified FIPS module 2.0 is also needed, this requires the latest in the OpenSSL 1.0.1 series. Much (maybe all, I don't know) of suite B is probable in OpenSSL 1.0.1 too, but I don't have an algorithm by algorithm breakdown of inclusion status, others on this list probably have such a list. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: suite B crypto in what version?
On Mon, Aug 06, 2012, Jakob Bohm wrote: Much (maybe all, I don't know) of suite B is probable in OpenSSL 1.0.1 too, but I don't have an algorithm by algorithm breakdown of inclusion status, others on this list probably have such a list. All the required suite B algorithms are supported in OpenSSL 1.0.1. Some of the suite B standards (e.g. RFC 6460) include additional requirements which aren't currently enforced by OpenSSL. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: suite B crypto in what version?
Thanks all, I don't know if there is any document file or any material saying what additional requirements are not in OpenSSL 1.01 for now? -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: 2012年8月6日 23:33 To: openssl-users@openssl.org Subject: Re: suite B crypto in what version? On Mon, Aug 06, 2012, Jakob Bohm wrote: Much (maybe all, I don't know) of suite B is probable in OpenSSL 1.0.1 too, but I don't have an algorithm by algorithm breakdown of inclusion status, others on this list probably have such a list. All the required suite B algorithms are supported in OpenSSL 1.0.1. Some of the suite B standards (e.g. RFC 6460) include additional requirements which aren't currently enforced by OpenSSL. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org