On 8/7/2012 2:52 PM, Dr. Stephen Henson wrote:
On Tue, Aug 07, 2012, Jeffrey Walton wrote:
> Hi Doctor Henson,
>
> On Mon, Aug 6, 2012 at 11:33 AM, Dr. Stephen Henson
<st...@openssl.org> wrote:
>> On Mon, Aug 06, 2012, Jakob Bohm wrote:
>>
>>>
>>> Much (maybe all, I don't know) of suite B is probable in OpenSSL
>>> 1.0.1 too, but I don't have an algorithm by algorithm breakdown
>>> of inclusion status, others on this list probably have such a
>>> list.
>>>
>>
>> All the required suite B algorithms are supported in OpenSSL 1.0.1.
Some of
>> the suite B standards (e.g. RFC 6460) include additional
requirements which
>> aren't currently enforced by OpenSSL.
>>
> Out of curiousity, what is OpenSSL using in place of MQV? A hardened
> version (HMQV or FHMQV)? Or is it speciifed in one of the other
> documents?
>
Ah it doesn't support MQV. It supports the necessary algorithms for
some suite
B standards such as RFC6460 (ECDH, ECDSA, SHA256, SHA384 and AES-GCM).
As I mentioned in the other message it doesn't yet support all the
additional
suite B requirements. For example you can only sign using ECDSA+SHA256
with
P-256 curves whereas you can use any digest with OpenSSL.
Steve.
I think it would be clearer if we don't use the words "can" and
"cannot" for things that are permitted or not permitted by an
outside entity such as NIST or NSA. "may" and "mustnot" are
better for that.
So here is how I understand the answers so far:
1. OpenSSL does not provide (cannot do) some of the Suite B
approved algorithms and methods, thus OpenSSL can only perform
some of the cryptographic operations that might be needed by
Suite B protocols designed by others.
2. OpenSSL (even in FIPS mode) does not enforce the requirement
that applications use *only* suite B algorithms and methods.
In other words OpenSSL *can* perform other cryptographic
operations that an application might need when not trying to
be restricted to "Suite B only".
3. OpenSSL in FIPS mode enforces the requirement that only
FIPS Approved algorithms and methods are used from the
universe of OpenSSL algorithms and methods. In other words
OpenSSL in FIPS mode *cannot* do crypto not approved for
US Federal Government use.
4. OpenSSL in FIPS mode *can* perform FIPS Approved algorithms
and methods other than those included in Suite B. For instance
it *can* perform most or all DSA variants permitted by the
applicable FIPS specifications, such as DL based 1024 bit DSA
signatures using any of the SHA-2 algorithms and ECDSA
signatures using P-256 with a truncated SHA-384 hash.
5. OpenSSL (even in FIPS mode) *cannot* do some of the FIPS
approved algorithms, such as SkipJack or KEA (not sure if those
are still Approved) and certain variants of MQV.
5. OpenSSL(even in FIPS mode) *cannot* do some of the Suite
B algorithms, such as certain variants of MQV.
What would still be very useful would be a document (perhaps
it exists already), listing the OpenSSL status for each of the
FIPS Approved algorithms. Status is one of "In Suite B" or
"Not Suite B" combined with one of "In FIPS module 2.0 and
OpenSSL vX.Y.Zw", "In OpenSSL vX.Y.Z" or "Not in OpenSSL".
Some lines I seem to have gathered from the conversation
so far:
AES-128-GCM "In B" "FIPSmod 2.0 and OpenSSL 1.?.?"
AES-192-GCM "In B" "FIPSmod 2.0 and OpenSSL 1.?.?"
AES-256-GCM "In B" "FIPSmod 2.0 and OpenSSL 1.?.?"
TDEA-168-CBC "Not B" "FIPSmod ?.? and OpenSSL 0.9.0"
ECDSA-P-256-SHA-256 "In B" "FIPSmod 2.0 and OpenSSL ?.?.?"
ECDSA-P-256-SHA-384 "Not B" "FIPSmod 2.0 and OpenSSL ?.?.?"
etc.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
