(gcrypt.info.gz) FIPS Mode
Info Catalog
(gcrypt.info.gz) Self-Tests
(gcrypt.info.gz) Top
(gcrypt.info.gz) Library Copying
Appendix B Description of the FIPS Mode
***************************************
This appendix gives detailed information pertaining to the FIPS mode.
In particular, the changes to the standard mode and the finite state
machine are described. The self-tests required in this mode are
described in the appendix on self-tests.
B.1 Restrictions in FIPS Mode
=============================
If Libgcrypt is used in FIPS mode these restrictions are effective:
* The cryptographic algorithms are restricted to this list:
GCRY_CIPHER_3DES
3 key EDE Triple-DES symmetric encryption.
GCRY_CIPHER_AES128
AES 128 bit symmetric encryption.
GCRY_CIPHER_AES192
AES 192 bit symmetric encryption.
GCRY_CIPHER_AES256
AES 256 bit symmetric encryption.
GCRY_MD_SHA1
SHA-1 message digest.
GCRY_MD_SHA224
SHA-224 message digest.
GCRY_MD_SHA256
SHA-256 message digest.
GCRY_MD_SHA384
SHA-384 message digest.
GCRY_MD_SHA512
SHA-512 message digest.
GCRY_MD_SHA1,GCRY_MD_FLAG_HMAC
HMAC using a SHA-1 message digest.
GCRY_MD_SHA224,GCRY_MD_FLAG_HMAC
HMAC using a SHA-224 message digest.
GCRY_MD_SHA256,GCRY_MD_FLAG_HMAC
HMAC using a SHA-256 message digest.
GCRY_MD_SHA384,GCRY_MD_FLAG_HMAC
HMAC using a SHA-384 message digest.
GCRY_MD_SHA512,GCRY_MD_FLAG_HMAC
HMAC using a SHA-512 message digest.
GCRY_PK_RSA
RSA encryption and signing.
GCRY_PK_DSA
DSA signing.
Note that the CRC algorithms are not considered cryptographic
algorithms and thus are in addition available.
* RSA key generation refuses to create a key with a keysize of less
than 1024 bits.
* DSA key generation refuses to create a key with a keysize other
than 1024 bits.
* The `transient-key' flag for RSA and DSA key generation is ignored.
* Support for the VIA Padlock engine is disabled.
* FIPS mode may only be used on systems with a /dev/random device.
Switching into FIPS mode on other systems will fail at runtime.
* Saving and loading a random seed file is ignored.
* An X9.31 style random number generator is used in place of the
large-pool-CSPRNG generator.
* The command `GCRYCTL_ENABLE_QUICK_RANDOM' is ignored.
* The Alternative Public Key Interface (`gcry_ac_xxx') is not
supported and all API calls return an error.
* Registration of external modules is not supported.
* Message digest debugging is disabled.
* All debug output related to cryptographic data is suppressed.
* On-the-fly self-tests are not performed, instead self-tests are run
before entering operational state.
* The function `gcry_set_allocation_handler' may not be used. If it
is used Libgcrypt disables FIPS mode unless Enforced FIPS mode is
enabled, in which case Libgcrypt will enter the error state.
* The digest algorithm MD5 may not be used. If it is used Libgcrypt
disables FIPS mode unless Enforced FIPS mode is enabled, in which
case Libgcrypt will enter the error state.
* In Enforced FIPS mode the command `GCRYCTL_DISABLE_SECMEM' is
ignored. In standard FIPS mode it disables FIPS mode.
* A handler set by `gcry_set_outofcore_handler' is ignored.
* A handler set by `gcry_set_fatalerror_handler' is ignored.
Note that when we speak about disabling FIPS mode, it merely means
that the function `gcry_fips_mode_active' returns false; it does not
mean that any non FIPS algorithms are allowed.
B.2 FIPS Finite State Machine
=============================
The FIPS mode of libgcrypt implements a finite state machine (FSM) using
8 states (*note tbl:fips-states::) and checks at runtime that only valid-NEWLINE- transitions ( tblfips-state-transitions::) may happen.
��[image src="fips-fsm.png" alt="FIPS FSM Diagram"��]
Figure B.1: FIPS mode state diagram
States used by the FIPS FSM:
Power-Off
Libgcrypt is not runtime linked to another application. This
usually means that the library is not loaded into main memory.
This state is documentation only.
Power-On
Libgcrypt is loaded into memory and API calls may be made.
Compiler introducted constructor functions may be run. Note that
Libgcrypt does not implement any arbitrary constructor functions
to be called by the operating system
Init
The Libgcrypt initialization functions are performed and the
library has not yet run any self-test.
Self-Test
Libgcrypt is performing self-tests.
Operational
Libgcrypt is in the operational state and all interfaces may be
used.
Error
Libgrypt is in the error state. When calling any FIPS relevant
interfaces they either return an error (`GPG_ERR_NOT_OPERATIONAL')
or put Libgcrypt into the Fatal-Error state and won't return.
Fatal-Error
Libgcrypt is in a non-recoverable error state and will
automatically transit into the Shutdown state.
Shutdown
Libgcrypt is about to be terminated and removed from the memory.
The application may at this point still runing cleanup handlers.
Table B.1: FIPS mode states
The valid state transitions ( Figure B.1 fig:fips-fsm.) are:
`1'
Power-Off to Power-On is implicitly done by the OS loading
Libgcrypt as a shared library and having it linked to an
application.
`2'
Power-On to Init is triggered by the application calling the
Libgcrypt intialization function `gcry_check_version'.
`3'
Init to Self-Test is either triggred by a dedicated API call or
implicit by invoking a libgrypt service conrolled by the FSM.
`4'
Self-Test to Operational is triggered after all self-tests passed
successfully.
`5'
Operational to Shutdown is an artifical state without any direct
action in Libgcrypt. When reaching the Shutdown state the library
is deinitialized and can't return to any other state again.
`6'
Shutdown to Power-off is the process of removing Libgcrypt from the
computer's memory. For obvious reasons the Power-Off state can't
be represented within Libgcrypt and thus this transition is for
documentation only.
`7'
Operational to Error is triggered if Libgcrypt detected an
application error which can't be returned to the caller but still
allows Libgcrypt to properly run. In the Error state all FIPS
relevant interfaces return an error code.
`8'
Error to Shutdown is similar to the Operational to Shutdown
transition (5).
`9'
Error to Fatal-Error is triggred if Libgrypt detects an fatal error
while already being in Error state.
`10'
Fatal-Error to Shutdown is automatically entered by Libgcrypt
after having reported the error.
`11'
Power-On to Shutdown is an artifical state to document that
Libgcrypt has not ye been initializaed but the process is about to
terminate.
`12'
Power-On to Fatal-Error will be triggerd if certain Libgcrypt
functions are used without having reached the Init state.
`13'
Self-Test to Fatal-Error is triggred by severe errors in Libgcrypt
while running self-tests.
`14'
Self-Test to Error is triggred by a failed self-test.
`15'
Operational to Fatal-Error is triggered if Libcrypt encountered a
non-recoverable error.
`16'
Operational to Self-Test is triggred if the application requested
to run the self-tests again.
`17'
Error to Self-Test is triggered if the application has requested
to run self-tests to get to get back into operational state after
an error.
`18'
Init to Error is triggered by errors in the initialization code.
`19'
Init to Fatal-Error is triggered by non-recoverable errors in the
initialization code.
`20'
Error to Error is triggered by errors while already in the Error
state.
Table B.2: FIPS mode state transitions
B.3 FIPS Miscellaneous Information
==================================
Libgcrypt does not do any key management on itself; the application
needs to care about it. Keys which are passed to Libgcrypt should be
allocated in secure memory as available with the functions
`gcry_malloc_secure' and `gcry_calloc_secure'. By calling `gcry_free'
on this memory, the memory and thus the keys are overwritten with zero
bytes before releasing the memory.
For use with the random number generator, Libgcrypt generates 3
internal keys which are stored in the encryption contexts used by the
RNG. These keys are stored in secure memory for the lifetime of the
process. Application are required to use `GCRYCTL_TERM_SECMEM' before
process termination. This will zero out the entire secure memory and
thus also the encryption contexts with these keys.
Info Catalog
(gcrypt.info.gz) Self-Tests
(gcrypt.info.gz) Top
(gcrypt.info.gz) Library Copying
automatically generated by
info2html