-
Is there a way to check if a key or a key name is FIPS-unapproved ( The logic may be to get key name by the It's related to this comment, #20758 (comment). |
Beta Was this translation helpful? Give feedback.
Replies: 4 comments 10 replies
-
There is no such thing as an unapproved key. Well, there are some key types that do not have any FIPS approved operations but that is only an indirect thing. Instead you always need to try to use the key with an operation to find out whether that is approved or not. For example let's have a key that supports both signatures and decryption of encrypted data - the signature can be FIPS approved but the decryption non-approved. This is actually a real-world example with RSA keys - signatures with PKCS#1 v1.5 padding are approved, decryption with PKCS#1 v1.5 padding is unapproved. |
Beta Was this translation helpful? Give feedback.
-
I do not actually think there will be a failure from OSSL_DECODER_CTX_new_for_pkey() and OSSL_DECODER_from_bio() when a key is unapproved. Only when you try to use that key in an operation, it will fail if it is unapproved. |
Beta Was this translation helpful? Give feedback.
-
As a real case to know if a key is FIPS-unapproved or not, we failed to read the following key (EC PRIVATE KEY - AES-128-CBC) in OpenSSL 3.2.0 dev (cf71283) FIPS module. The
In this case, how can we know the key is FIPS-unapproved or not by checking both the code and the security policy document? For the code, I guess that the code below is a clue. However, as it doesn't have the openssl/providers/fips/fipsprov.c Line 315 in bd3b026 For the security policy document (https://www.openssl.org/source/ - security policy links), openssl-3.0.8-security-policy-2023-05-05.pdf - 8.1 Cryptographic Algorithms (page 17) - AES 128 bits is listed as approved algorithms in OpenSSL 3.0.8 (FIPS 180-2). This is the key (EC PRIVATE KEY - AES-128-CBC) in this case, right? If it is, it's weird that the |
Beta Was this translation helpful? Give feedback.
-
Yeah, the current situation with the errors raised (or rather not raised) from decoders is bad and the fact that no error is raised in your testing is a bug that should be fixed - could you please create a concise testcase and report that as a separate bug? But even with that bug fixed you would just see that fetch for the MD5 algorithm as failed and possibly that PEM decoding failed in a subsequent error. That MD5 fetch failed because it is unapproved is a knowledge that you would have to have. In general the only method that could give you true answer as for whether something is unsupported because of the FIPS rules and no other reasons would be to try to load and use the key with FIPS provider and then with DEFAULT provider if it fails with FIPS. If it then succeeds with DEFAULT provider it means the reason for the failure were the FIPS requirements. |
Beta Was this translation helpful? Give feedback.
There is no such thing as an unapproved key. Well, there are some key types that do not have any FIPS approved operations but that is only an indirect thing. Instead you always need to try to use the key with an operation to find out whether that is approved or not. For example let's have a key that supports both signatures and decryption of encrypted data - the signature can be FIPS approved but the decryption non-approved. This is actually a real-world example with RSA keys - signatures with PKCS#1 v1.5 padding are approved, decryption with PKCS#1 v1.5 padding is unapproved.