Difference between revisions of "FIPS module 3.0"

From OpenSSLWiki
Jump to navigationJump to search
(Update the old plans to be something closer to what the current plans are for the next FIPS module)
(remove historical information that is out of date)
 
Line 1: Line 1:
The 3.0 FIPS module will be conceptually similar to the preceeding line of ''OpenSSL FIPS Object Module'' cryptographic modules. An extensive reworking of the internals is planned, to address some issues stemming from the historical origins and subsequent ad hoc evolution of previous modules.
+
The 3.0 FIPS module will be conceptually different to the preceeding line of ''OpenSSL FIPS Object Module'' cryptographic modules.  
 +
An extensive reworking of the internals is planned, to address some issues stemming from the historical origins and subsequent ad-hoc evolution of previous modules.
 +
 
 +
Refer to the [https://www.openssl.org/blog/blog/2018/09/25/fips/ OpenSSL FIPS 140-2 blog].
  
 
== Note ==
 
== Note ==
  
These notes are old and subject to change going forward.
+
These notes are subject to change going forward.
  
What we probably won't do:
+
What we won't do:
  
 
1. Any "light" or other versions of the FIPS module (i.e fewer algorithm implementations).  
 
1. Any "light" or other versions of the FIPS module (i.e fewer algorithm implementations).  
  
2. Matching set of platforms. The initial validation will only include a minimal platform set.  
+
2. Matching set of platforms. The initial validation will only include a very minimal platform set.  
  
 
3. Any substantial additions or changes to the module once the initial development is substantially complete.
 
3. Any substantial additions or changes to the module once the initial development is substantially complete.
 
 
== Draft Technical Objectives ==
 
 
 
An initial rough draft of requirements and goals:
 
 
1) Keep it minimal and fully usable as a stand alone crypto module.
 
 
2) FIPS 186-4 KeyGen.
 
 
3) SP 800-56A compliance (Self-tests per I.G. 9.6).
 
:: Diffie-Hellman full compliance with NIST SP 800-56A including CAVP algorithm testing.
 
:: Diffie-Hellman Known Answer Tests (KATs) that include shared secret KAT and KDF KAT.
 
 
4) SP 800-56B vendor affirmation (I.G. D.4).
 
 
5) SHA-3 and SHAKE.
 
 
6) Automatic execution of power-on self-tests (I.G. 9.5/9.10).
 
 
7) Consider any newly FIPS approved algorithms (e.g. new EC curves, Chacha/Poly)
 
 
 
== Previous Stakeholder Requests ==
 
 
Note: none of these are committed as yet.
 
 
a. RSA key wrapping as part of NIST SP 800-56B (also called KTS validation testing), if CAVS testing is available.
 
 
b. AES-GMAC compliance (I.G. A.5).
 
 
c. AES Key Wrap Compliance to NIST SP 800-38F.
 
 
d. PBKDF2 Suppport.
 
 
e.      Format Preserving Encrypion Support (NIST SP 800-38G)
 
 
f. Addition of EC curve 25519
 
 
g.      Improved entropy to meet NIST SP 800-90B.
 
 
h. Symmetric key wrap conformant to SP 800-38F
 
 
i. SP 800-135 KDFs
 
 
j. SP 800-108 KDFs
 
 
k. Addition of AES XPN
 
 
l. XTS-AES compliance to I.G. A.9
 

Latest revision as of 02:12, 1 October 2018

The 3.0 FIPS module will be conceptually different to the preceeding line of OpenSSL FIPS Object Module cryptographic modules. An extensive reworking of the internals is planned, to address some issues stemming from the historical origins and subsequent ad-hoc evolution of previous modules.

Refer to the OpenSSL FIPS 140-2 blog.

Note[edit]

These notes are subject to change going forward.

What we won't do:

1. Any "light" or other versions of the FIPS module (i.e fewer algorithm implementations).

2. Matching set of platforms. The initial validation will only include a very minimal platform set.

3. Any substantial additions or changes to the module once the initial development is substantially complete.