Implement FIPS-compliant mode - Githubissues

rnpgp / rnp

RNP: high performance C++ OpenPGP library used by Mozilla Thunderbird

https://www.rnpgp.org

Other

199 stars 55 forks source link

Implement FIPS-compliant mode #846

Open ronaldtse opened 5 years ago

ronaldtse commented 5 years ago

We are interested in pursuing NIST CMVP validation for RNP: https://csrc.nist.gov/projects/cryptographic-module-validation-program

The following table shows OpenPGP-used algorithms compatible with FIPS 140-2 (from https://kb.globalscape.com/KnowledgebaseArticle11172.aspx?Keywords=FIPS)

Symmetric Encryption Algorithms

Algorithm	FIPS Compliant Mode	Non-FIPS Mode
3DES (192-bit key)	✅	✅
AES256 (256-bit key)	✅	✅
AES192 (192-bit key)	✅	✅
AES128 (128-bit key)	✅	✅
CAST5 (128-bit key)		✅
BLOWFISH (128-bit key, 16 rounds)		✅
TWOFISH (256-bit key)		✅
IDEA (128-bit key)		✅

Hash Algorithms

Algorithm	FIPS Compliant Mode	Non-FIPS Mode
SHA1	✅	✅
SHA256	✅	✅
SHA384	✅	✅
SHA512	✅	✅
SHA224	✅	✅
RIPEMD160		✅

Asymmetric Algorithms

Algorithm	FIPS Compliant Mode	Non-FIPS Mode
RSA (512-bit ~ 4096-bit key)	✅	✅
DSA (512-bit ~ 4096-bit key, Sign-Only)	✅	✅
Elgamal (512-bit ~ 4096-bit key, Encrypt-Only)		✅

Compression Algorithms

Algorithm	FIPS Compliant Mode	Non-FIPS Mode
zip (RFC1951)	✅	✅
zlib (RFC1950)	✅	✅
bzip2 (BZ2)	✅	✅
none	✅	✅

Thoughts?

ronaldtse commented 4 years ago

FIPS validation process: https://icmconference.org/wp-content/uploads/FIPS-140-2.pdf