123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401 |
- =pod
- =head1 NAME
- OSSL_PROVIDER-FIPS - OpenSSL FIPS provider
- =head1 DESCRIPTION
- The OpenSSL FIPS provider is a special provider that conforms to the Federal
- Information Processing Standards (FIPS) specified in FIPS 140-2. This 'module'
- contains an approved set of cryptographic algorithms that is validated by an
- accredited testing laboratory.
- =head2 Properties
- The implementations in this provider specifically have these properties
- defined:
- =over 4
- =item "provider=default"
- =item "fips=yes"
- =back
- It may be used in a property query string with fetching functions such as
- L<EVP_MD_fetch(3)> or L<EVP_CIPHER_fetch(3)>, as well as with other
- functions that take a property query string, such as
- L<EVP_PKEY_CTX_new_from_name(3)>.
- It isn't mandatory to query for any of these properties, except to
- make sure to get implementations of this provider and none other.
- The "fips=yes" property can be use to make sure only FIPS approved
- implementations are used for crypto operations. This may also include
- other non-crypto support operations that are not in the fips provider,
- such as asymmetric key encoders,
- see L<OSSL_PROVIDER-default(7)/Asymmetric Key Management>.
- =head1 OPERATIONS AND ALGORITHMS
- The OpenSSL FIPS provider supports these operations and algorithms:
- =head2 Hashing Algorithms / Message Digests
- =over 4
- =item SHA1, see L<EVP_MD-SHA1(7)>
- =item SHA2, see L<EVP_MD-SHA2(7)>
- =item SHA3, see L<EVP_MD-SHA3(7)>
- =item KECCAK-KMAC, see L<EVP_MD-KECCAK-KMAC(7)>
- =back
- =head2 Symmetric Ciphers
- =over 4
- =item AES, see L<EVP_CIPHER-AES(7)>
- =item DES-EDE3 (TrippleDES), see L<EVP_CIPHER-DES(7)>
- =back
- =head2 Message Authentication Code (MAC)
- =over 4
- =item CMAC, see L<EVP_MAC-CMAC(7)>
- =item GMAC, see L<EVP_MAC-GMAC(7)>
- =item HMAC, see L<EVP_MAC-HMAC(7)>
- =item KMAC, see L<EVP_MAC-KMAC(7)>
- =back
- =head2 Key Derivation Function (KDF)
- =over 4
- =item HKDF, see L<EVP_KDF-HKDF(7)>
- =item SSKDF, see L<EVP_KDF-SSKDF(7)>
- =item PBKDF2, see L<EVP_KDF-PBKDF2(7)>
- =item SSHKDF, see L<EVP_KDF-SSHKDF(7)>
- =item TLS1-PRF, see L<EVP_KDF-TLS1-PRF(7)>
- =item KBKDF, see L<EVP_KDF-KBKDF(7)>
- =item X942KDF-ASN1, see L<EVP_KDF-X942-ASN1(7)>
- =item X942KDF-CONCAT, see L<EVP_KDF-X942-CONCAT(7)>
- =item X963KDF, see L<EVP_KDF-X963(7)>
- =back
- =head2 Key Exchange
- =over 4
- =item DH, see L<EVP_KEYEXCH-DH(7)>
- =item ECDH, see L<EVP_KEYEXCH-ECDH(7)>
- =item X25519, see L<EVP_KEYEXCH-X25519(7)>
- This has the property "provider=fips,fips=no"
- =item X448, see L<EVP_KEYEXCH-X448(7)>
- This has the property "provider=fips,fips=no"
- =back
- =head2 Asymmetric Signature
- =over 4
- =item DSA, see L<EVP_KEYEXCH-DSA(7)>
- =item RSA, see L<EVP_SIGNATURE-RSA(7)>
- =item HMAC, see L<EVP_SIGNATURE-HMAC(7)>
- =item CMAC, see L<EVP_SIGNATURE-CMAC(7)>
- =back
- =head2 Asymmetric Cipher
- =over 4
- =item RSA, see L<EVP_KEYEXCH-RSA(7)>
- =back
- =head2 Asymmetric Key Encapsulation
- =over 4
- =item RSA, see L<EVP_KEM-RSA(7)>
- =back
- =head2 Asymmetric Key Management
- =over 4
- =item DH, see L<EVP_KEYMGMT-DH(7)>
- =item DSA, see L<EVP_KEYMGMT-DSA(7)>
- =item RSA, see L<EVP_KEYMGMT-RSA(7)>
- =back
- =head1 SELF TESTING
- One of the requirements for the FIPS module is self testing. An optional callback
- mechanism is available to return information to the user using
- L<OSSL_SELF_TEST_set_callback(3)>.
- The parameters passed to the callback are described in L<OSSL_SELF_TEST_new(3)>
- The OpenSSL FIPS module uses the following mechanism to provide information
- about the self tests as they run.
- This is useful for debugging if a self test is failing.
- The callback also allows forcing any self test to fail, in order to check that
- it operates correctly on failure.
- Note that all self tests run even if a self test failure occurs.
- The FIPS module passes the following type(s) to OSSL_SELF_TEST_onbegin().
- =over 4
- =item "Module_Integrity" (B<OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY>)
- Uses HMAC SHA256 on the module file to validate that the module has not been
- modified. The integrity value is compared to a value written to a configuration
- file during installation.
- =item "Install_Integrity" (B<OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY>)
- Uses HMAC SHA256 on a fixed string to validate that the installation process
- has already been performed and the self test KATS have already been tested,
- The integrity value is compared to a value written to a configuration
- file after successfully running the self tests during installation.
- =item "KAT_Cipher" (B<OSSL_SELF_TEST_TYPE_KAT_CIPHER>)
- Known answer test for a symmetric cipher.
- =item "KAT_AsymmetricCipher" (B<OSSL_SELF_TEST_TYPE_KAT_ASYM_CIPHER>)
- Known answer test for a asymmetric cipher.
- =item "KAT_Digest" (B<OSSL_SELF_TEST_TYPE_KAT_DIGEST>)
- Known answer test for a digest.
- =item "KAT_Signature" (B<OSSL_SELF_TEST_TYPE_KAT_SIGNATURE>)
- Known answer test for a signature.
- =item "KAT_KDF" (B<OSSL_SELF_TEST_TYPE_KAT_KDF>)
- Known answer test for a key derivation function.
- =item "KAT_KA" (B<OSSL_SELF_TEST_TYPE_KAT_KA>)
- Known answer test for key agreement.
- =item "DRBG" (B<OSSL_SELF_TEST_TYPE_DRBG>)
- Known answer test for a Deterministic Random Bit Generator.
- =item "Pairwise_Consistency_Test" (B<OSSL_SELF_TEST_TYPE_PCT>)
- Conditional test that is run during the generation of key pairs.
- =item "Continuous_RNG_Test" (B<OSSL_SELF_TEST_TYPE_CRNG>)
- Continuous random number generator test.
- =back
- The "Module_Integrity" self test is always run at startup.
- The "Install_Integrity" self test is used to check if the self tests have
- already been run at installation time. If they have already run then the
- self tests are not run on subsequent startups.
- All other self test categories are run once at installation time, except for the
- "Pairwise_Consistency_Test".
- There is only one instance of the "Module_Integrity" and "Install_Integrity"
- self tests. All other self tests may have multiple instances.
- The FIPS module passes the following descriptions(s) to OSSL_SELF_TEST_onbegin().
- =over 4
- =item "HMAC" (B<OSSL_SELF_TEST_DESC_INTEGRITY_HMAC>)
- "Module_Integrity" and "Install_Integrity" use this.
- =item "RSA" (B<OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1>)
- =item "ECDSA" (B<OSSL_SELF_TEST_DESC_PCT_ECDSA>)
- =item "DSA" (B<OSSL_SELF_TEST_DESC_PCT_DSA>)
- Key generation tests used with the "Pairwise_Consistency_Test" type.
- =item "RSA_Encrypt" (B<OSSL_SELF_TEST_DESC_ASYM_RSA_ENC>)
- =item "RSA_Decrypt" (B<OSSL_SELF_TEST_DESC_ASYM_RSA_DEC>)
- "KAT_AsymmetricCipher" uses this to indicate an encrypt or decrypt KAT.
- =item "AES_GCM" (B<OSSL_SELF_TEST_DESC_CIPHER_AES_GCM>)
- =item "TDES" (B<OSSL_SELF_TEST_DESC_CIPHER_TDES>)
- Symmetric cipher tests used with the "KAT_Cipher" type.
- =item "SHA1" (B<OSSL_SELF_TEST_DESC_MD_SHA1>)
- =item "SHA2" (B<OSSL_SELF_TEST_DESC_MD_SHA2>)
- =item "SHA3" (B<OSSL_SELF_TEST_DESC_MD_SHA3>)
- Digest tests used with the "KAT_Digest" type.
- =item "DSA" (B<OSSL_SELF_TEST_DESC_SIGN_DSA>)
- =item "RSA" (B<OSSL_SELF_TEST_DESC_SIGN_RSA>)
- =item "ECDSA" (B<OSSL_SELF_TEST_DESC_SIGN_ECDSA>)
- Signature tests used with the "KAT_Signature" type.
- =item "ECDH" (B<OSSL_SELF_TEST_DESC_KA_ECDH>)
- =item "DH" (B<OSSL_SELF_TEST_DESC_KA_DH>)
- Key agreement tests used with the "KAT_KA" type.
- =item "HKDF" (B<OSSL_SELF_TEST_DESC_KDF_HKDF>)
- =item "SSKDF" (B<OSSL_SELF_TEST_DESC_KDF_SSKDF>)
- =item "X963KDF" (B<OSSL_SELF_TEST_DESC_KDF_X963KDF>)
- =item "X942KDF" (B<OSSL_SELF_TEST_DESC_KDF_X942KDF>)
- =item "PBKDF2" (B<OSSL_SELF_TEST_DESC_KDF_PBKDF2>)
- =item "SSHKDF" (B<OSSL_SELF_TEST_DESC_KDF_SSHKDF>)
- =item "TLS12_PRF" (B<OSSL_SELF_TEST_DESC_KDF_TLS12_PRF>)
- =item "KBKDF" (B<OSSL_SELF_TEST_DESC_KDF_KBKDF>)
- Key Derivation Function tests used with the "KAT_KDF" type.
- =item "CTR" (B<OSSL_SELF_TEST_DESC_DRBG_CTR>)
- =item "HASH" (B<OSSL_SELF_TEST_DESC_DRBG_HASH>)
- =item "HMAC" (B<OSSL_SELF_TEST_DESC_DRBG_HMAC>)
- DRBG tests used with the "DRBG" type.
- = item "RNG" (B<OSSL_SELF_TEST_DESC_RNG>)
- "Continuous_RNG_Test" uses this.
- =back
- =head1 EXAMPLES
- A simple self test callback is shown below for illustrative purposes.
- #include <openssl/self_test.h>
- static OSSL_CALLBACK self_test_cb;
- static int self_test_cb(const OSSL_PARAM params[], void *arg)
- {
- int ret = 0;
- const OSSL_PARAM *p = NULL;
- const char *phase = NULL, *type = NULL, *desc = NULL;
- p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_PHASE);
- if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
- goto err;
- phase = (const char *)p->data;
- p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_DESC);
- if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
- goto err;
- desc = (const char *)p->data;
- p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_TYPE);
- if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
- goto err;
- type = (const char *)p->data;
- /* Do some logging */
- if (strcmp(phase, OSSL_SELF_TEST_PHASE_START) == 0)
- BIO_printf(bio_out, "%s : (%s) : ", desc, type);
- if (strcmp(phase, OSSL_SELF_TEST_PHASE_PASS) == 0
- || strcmp(phase, OSSL_SELF_TEST_PHASE_FAIL) == 0)
- BIO_printf(bio_out, "%s\n", phase);
- /* Corrupt the SHA1 self test during the 'corrupt' phase by returning 0 */
- if (strcmp(phase, OSSL_SELF_TEST_PHASE_CORRUPT) == 0
- && strcmp(desc, OSSL_SELF_TEST_DESC_MD_SHA1) == 0) {
- BIO_printf(bio_out, "%s %s", phase, desc);
- return 0;
- }
- ret = 1;
- err:
- return ret;
- }
- =head1 SEE ALSO
- L<openssl-fipsinstall(1)>,
- L<fips_config(5)>,
- L<OSSL_SELF_TEST_set_callback(3)>,
- L<OSSL_SELF_TEST_new(3)>,
- L<OSSL_PARAM(3)>,
- L<openssl-core.h(7)>,
- L<openssl-core_dispatch.h(7)>,
- L<provider(7)>
- =head1 HISTORY
- The type and functions described here were added in OpenSSL 3.0.
- =head1 COPYRIGHT
- Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
- Licensed under the Apache License 2.0 (the "License"). You may not use
- this file except in compliance with the License. You can obtain a copy
- in the file LICENSE in the source distribution or at
- L<https://www.openssl.org/source/license.html>.
- =cut
|