Hello, Let me answer two messages by this reply.
Werner Koch <[email protected]> wrote: > Using that API would make FIPS certification easier, right? Yes. That's my intention. I think that KEM API will be added in FIPS 140-* when FIPS 203 (for ML-KEM) is finalized. Jussi Kivilinna <[email protected]> wrote: > I noticed that t-kem is currently failing with FIPS mode in master: > > t-kem: gcry_kem_keypair 40: Not supported Thank you for your report. The test program t-kem is not good yet for FIPS support. Since KEM API is not included in FIPS 140-* yet, all tests should be failed and the tests should handle the failure as expected. Currently, ECC KEM with X25519 fails because Curve25519 is defined with "fips" field = 0 (in libgcrypt/cipher/ecc-curves.c). In (near) future, KEM API itself should have check for FIPS. -- _______________________________________________ Gcrypt-devel mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gcrypt-devel
