Difference between revisions of "FIPS module 3.0"
(Update the old plans to be something closer to what the current plans are for the next FIPS module) |
|||
Line 5: | Line 5: | ||
These notes are old and subject to change going forward. | These notes are old and subject to change going forward. | ||
+ | What we probably won't do: | ||
− | + | 1. Any "light" or other versions of the FIPS module (i.e fewer algorithm implementations). | |
+ | 2. Matching set of platforms. The initial validation will only include a minimal platform set. | ||
− | + | 3. Any substantial additions or changes to the module once the initial development is substantially complete. | |
− | |||
− | + | == Draft Technical Objectives == | |
− | |||
− | + | An initial rough draft of requirements and goals: | |
− | + | 1) Keep it minimal and fully usable as a stand alone crypto module. | |
− | + | 2) FIPS 186-4 KeyGen. | |
− | + | 3) SP 800-56A compliance (Self-tests per I.G. 9.6). | |
− | |||
− | |||
:: Diffie-Hellman full compliance with NIST SP 800-56A including CAVP algorithm testing. | :: Diffie-Hellman full compliance with NIST SP 800-56A including CAVP algorithm testing. | ||
:: Diffie-Hellman Known Answer Tests (KATs) that include shared secret KAT and KDF KAT. | :: Diffie-Hellman Known Answer Tests (KATs) that include shared secret KAT and KDF KAT. | ||
− | + | 4) SP 800-56B vendor affirmation (I.G. D.4). | |
− | + | 5) SHA-3 and SHAKE. | |
− | + | 6) Automatic execution of power-on self-tests (I.G. 9.5/9.10). | |
− | + | 7) Consider any newly FIPS approved algorithms (e.g. new EC curves, Chacha/Poly) | |
− | |||
− | + | == Previous Stakeholder Requests == | |
− | + | Note: none of these are committed as yet. | |
− | |||
− | |||
a. RSA key wrapping as part of NIST SP 800-56B (also called KTS validation testing), if CAVS testing is available. | a. RSA key wrapping as part of NIST SP 800-56B (also called KTS validation testing), if CAVS testing is available. | ||
Line 68: | Line 63: | ||
l. XTS-AES compliance to I.G. A.9 | l. XTS-AES compliance to I.G. A.9 | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− |
Revision as of 09:31, 14 March 2018
The 3.0 FIPS module will be conceptually similar to the preceeding line of OpenSSL FIPS Object Module cryptographic modules. An extensive reworking of the internals is planned, to address some issues stemming from the historical origins and subsequent ad hoc evolution of previous modules.
Note
These notes are old and subject to change going forward.
What we probably won't do:
1. Any "light" or other versions of the FIPS module (i.e fewer algorithm implementations).
2. Matching set of platforms. The initial validation will only include a minimal platform set.
3. Any substantial additions or changes to the module once the initial development is substantially complete.
Draft Technical Objectives
An initial rough draft of requirements and goals:
1) Keep it minimal and fully usable as a stand alone crypto module.
2) FIPS 186-4 KeyGen.
3) SP 800-56A compliance (Self-tests per I.G. 9.6).
- Diffie-Hellman full compliance with NIST SP 800-56A including CAVP algorithm testing.
- Diffie-Hellman Known Answer Tests (KATs) that include shared secret KAT and KDF KAT.
4) SP 800-56B vendor affirmation (I.G. D.4).
5) SHA-3 and SHAKE.
6) Automatic execution of power-on self-tests (I.G. 9.5/9.10).
7) Consider any newly FIPS approved algorithms (e.g. new EC curves, Chacha/Poly)
Previous Stakeholder Requests
Note: none of these are committed as yet.
a. RSA key wrapping as part of NIST SP 800-56B (also called KTS validation testing), if CAVS testing is available.
b. AES-GMAC compliance (I.G. A.5).
c. AES Key Wrap Compliance to NIST SP 800-38F.
d. PBKDF2 Suppport.
e. Format Preserving Encrypion Support (NIST SP 800-38G)
f. Addition of EC curve 25519
g. Improved entropy to meet NIST SP 800-90B.
h. Symmetric key wrap conformant to SP 800-38F
i. SP 800-135 KDFs
j. SP 800-108 KDFs
k. Addition of AES XPN
l. XTS-AES compliance to I.G. A.9