Re: FIPS Object Module 2.0 - Compliance with 186-3
On 07/09/2012 03:55 PM, John Foley wrote: According to the NIST web site, the 2.0 FIPS Object Module claims compliance for FIPS 186-3 using the Extra Random Bits method for EC public key generation. The implementation is FIPS 186-3 Section B.4.2, Key Pair Generation by Testing Candidates. The ExtraRandomBits reference is inaccurate. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS Object Module 2.0 - Compliance with 186-3
OK, thanks for clarifying this. On 07/12/2012 02:53 PM, Steve Marquess wrote: On 07/09/2012 03:55 PM, John Foley wrote: According to the NIST web site, the 2.0 FIPS Object Module claims compliance for FIPS 186-3 using the Extra Random Bits method for EC public key generation. The implementation is FIPS 186-3 Section B.4.2, Key Pair Generation by Testing Candidates. The ExtraRandomBits reference is inaccurate. -Steve M. attachment: foleyj.vcf
FIPS Object Module 2.0 - Compliance with 186-3
According to the NIST web site, the 2.0 FIPS Object Module claims compliance for FIPS 186-3 using the Extra Random Bits method for EC public key generation. This is taken from: http://csrc.nist.gov/groups/STM/cavp/documents/dss/ecdsaval.html#270 The extra random bits method is defined in FIPS 186-3 Appendix B.4.1. After inspecting EC_KEY_generate_key(), it's not clear how the requirements in appendix B.4.1 have been met. The following code from EC_KEY_generate_key() appears to be used to generate a random number to be used as the private key. do if (!BN_rand_range(priv_key, order)) goto err; while (BN_is_zero(priv_key)); Can someone explain how this complies with appendix B.4.1, which states an additional 64 bits of random data should be generated when deriving the key? Thank you. attachment: foleyj.vcf