Adding ECC KEM
NIIBE Yutaka
gniibe at fsij.org
Wed Apr 3 07:19:11 CEST 2024
Hello,
Let me answer two messages by this reply.
Werner Koch <wk at gnupg.org> wrote:
> Using that API would make FIPS certification easier, right?
Yes. That's my intention.
I think that KEM API will be added in FIPS 140-* when FIPS 203 (for
ML-KEM) is finalized.
Jussi Kivilinna <jussi.kivilinna at iki.fi> wrote:
> I noticed that t-kem is currently failing with FIPS mode in master:
>
> t-kem: gcry_kem_keypair 40: Not supported
Thank you for your report.
The test program t-kem is not good yet for FIPS support. Since KEM API
is not included in FIPS 140-* yet, all tests should be failed and the
tests should handle the failure as expected. Currently, ECC KEM with
X25519 fails because Curve25519 is defined with "fips" field = 0 (in
libgcrypt/cipher/ecc-curves.c).
In (near) future, KEM API itself should have check for FIPS.
--
More information about the Gcrypt-devel
mailing list