On 03/26/2014 03:19 AM, Leon Brits wrote:
> Hi all,
>
>
>
> We use the OpenSSL FIPS Object Module v.2.0, but are not allowed anymore
> (as of the start of this year) to submit new product for validation
> because the RSA implementation is only FIPS 186-2 compliant. Based on
> extensive review and research it seems to be possible to “patch” the RSA
> key generation to be FIPS 186-4 compliant and apparently (correct me if
> I am wrong) the sign/verify is close enough to FIPS 186-4 to pass.
>
>
>
> I am in no way capable of writing such a patch and was hoping that
> someone is willing to share.
>
> To be more specific I need a patch that will change the key generation from:
>
> d = e-1 mod((p-1)(q-1))
>
> to this:
>
> d = e-1 mod(LCM(p-1, q-1))
>
>
>
> I would appreciate any comment about the statement that the RSA
> implementation for sign and verify will pass the CAVP testing for FIPS
> 186-4.
Well, you asked for any comment so you'll get one from me.
The easiest part of any FIPS 140-2 validation is the coding. The hard
part is figuring out the requirements, both written and unwritten, which
are subject to frequent change and inconsistent interpretation. The
OpenSSL FIPS Object Module series of open source based validations have
been funded with the intent of providing a ready made example of
something that does meet those requirements, or at least the
requirements in place at the time the validations were obtained. Those
examples can be (and have extensively been) used for obtaining privately
branded copycat ("private label") validations such as what you are
attempting.
Unfortunately a number of new requirements have been introduced since
the #1747 validation was obtained. We *think* we know what code changes
would suffice to satisfy them, but unfortunately we aren't allowed to
apply them to that existing validation. Since the interpretation of the
requirements can be very inconsistent (as we know from obtaining
multiple validations in parallel using exactly the same code) we can't
be sure until and if we succeed in obtaining a new validation. At that
time the resulting successful example will be available for all as a new
reference as has been the case with prior OpenSSL FIPS Object Module
validations.
If you do succeed in obtaining a validation under the new requirements
before we do (which is likely as we have no current plans or funding for
same) then please publish the results. Much of the mystery and
inconsistency of cryptographic module validation would be obviated if
the results of validations were more fully disclosed. At present details
about validations are treated as state secrets, with the singular
exception of our open source based validations.
I think you will find that a number of other code modifications will
also be required. I'll be interested to learn what works for your
validation.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
gpg/pgp key: http://openssl.com/docs/0xCE69424E.asc
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
