doc/man7/OSSL_PROVIDER-FIPS.pod

   1 =pod
   2
   3 =head1 NAME
   4
   5 OSSL_PROVIDER-FIPS - OpenSSL FIPS provider
   6
   7 =head1 DESCRIPTION
   8
   9 The OpenSSL FIPS provider is a special provider that conforms to the Federal
  10 Information Processing Standards (FIPS) specified in FIPS 140-2. This 'module'
  11 contains an approved set of cryptographic algorithms that is validated by an
  12 accredited testing laboratory.
  13
  14 =head2 Properties
  15
  16 The implementations in this provider specifically have these properties
  17 defined:
  18
  19 =over 4
  20
  21 =item "provider=fips"
  22
  23 =item "fips=yes"
  24
  25 =back
  26
  27 It may be used in a property query string with fetching functions such as
  28 L<EVP_MD_fetch(3)> or L<EVP_CIPHER_fetch(3)>, as well as with other
  29 functions that take a property query string, such as
  30 L<EVP_PKEY_CTX_new_from_name(3)>.
  31
  32 It isn't mandatory to query for any of these properties, except to
  33 make sure to get implementations of this provider and none other.
  34
  35 The "fips=yes" property can be use to make sure only FIPS approved
  36 implementations are used for crypto operations.  This may also include
  37 other non-crypto support operations that are not in the fips provider,
  38 such as asymmetric key encoders,
  39 see L<OSSL_PROVIDER-default(7)/Asymmetric Key Management>.
  40
  41 =head1 OPERATIONS AND ALGORITHMS
  42
  43 The OpenSSL FIPS provider supports these operations and algorithms:
  44
  45 =head2 Hashing Algorithms / Message Digests
  46
  47 =over 4
  48
  49 =item SHA1, see L<EVP_MD-SHA1(7)>
  50
  51 =item SHA2, see L<EVP_MD-SHA2(7)>
  52
  53 =item SHA3, see L<EVP_MD-SHA3(7)>
  54
  55 =item KECCAK-KMAC, see L<EVP_MD-KECCAK-KMAC(7)>
  56
  57 =back
  58
  59 =head2 Symmetric Ciphers
  60
  61 =over 4
  62
  63 =item AES, see L<EVP_CIPHER-AES(7)>
  64
  65 =item DES-EDE3 (TripleDES), see L<EVP_CIPHER-DES(7)>
  66
  67 =back
  68
  69 =head2 Message Authentication Code (MAC)
  70
  71 =over 4
  72
  73 =item CMAC, see L<EVP_MAC-CMAC(7)>
  74
  75 =item GMAC, see L<EVP_MAC-GMAC(7)>
  76
  77 =item HMAC, see L<EVP_MAC-HMAC(7)>
  78
  79 =item KMAC, see L<EVP_MAC-KMAC(7)>
  80
  81 =back
  82
  83 =head2 Key Derivation Function (KDF)
  84
  85 =over 4
  86
  87 =item HKDF, see L<EVP_KDF-HKDF(7)>
  88
  89 =item TLS13-KDF, see L<EVP_KDF-TLS13_KDF(7)>
  90
  91 =item SSKDF, see L<EVP_KDF-SSKDF(7)>
  92
  93 =item PBKDF2, see L<EVP_KDF-PBKDF2(7)>
  94
  95 =item SSHKDF, see L<EVP_KDF-SSHKDF(7)>
  96
  97 =item TLS1-PRF, see L<EVP_KDF-TLS1_PRF(7)>
  98
  99 =item KBKDF, see L<EVP_KDF-KBKDF(7)>
 100
 101 =item X942KDF-ASN1, see L<EVP_KDF-X942-ASN1(7)>
 102
 103 =item X942KDF-CONCAT, see L<EVP_KDF-X942-CONCAT(7)>
 104
 105 =item X963KDF, see L<EVP_KDF-X963(7)>
 106
 107 =back
 108
 109 =head2 Key Exchange
 110
 111 =over 4
 112
 113 =item DH, see L<EVP_KEYEXCH-DH(7)>
 114
 115 =item ECDH, see L<EVP_KEYEXCH-ECDH(7)>
 116
 117 =item X25519, see L<EVP_KEYEXCH-X25519(7)>
 118
 119 =item X448, see L<EVP_KEYEXCH-X448(7)>
 120
 121 =back
 122
 123 =head2 Asymmetric Signature
 124
 125 =over 4
 126
 127 =item DSA, see L<EVP_KEYEXCH-DSA(7)>
 128
 129 =item RSA, see L<EVP_SIGNATURE-RSA(7)>
 130
 131 =item X25519, see L<EVP_SIGNATURE-ED25519(7)>
 132
 133 =item X448, see L<EVP_SIGNATURE-ED448(7)>
 134
 135 =item HMAC, see L<EVP_SIGNATURE-HMAC(7)>
 136
 137 =item CMAC, see L<EVP_SIGNATURE-CMAC(7)>
 138
 139 =back
 140
 141 =head2 Asymmetric Cipher
 142
 143 =over 4
 144
 145 =item RSA, see L<EVP_KEYEXCH-RSA(7)>
 146
 147 =back
 148
 149 =head2 Asymmetric Key Encapsulation
 150
 151 =over 4
 152
 153 =item RSA, see L<EVP_KEM-RSA(7)>
 154
 155 =back
 156
 157 =head2 Asymmetric Key Management
 158
 159 =over 4
 160
 161 =item DH, see L<EVP_KEYMGMT-DH(7)>
 162
 163 =item DSA, see L<EVP_KEYMGMT-DSA(7)>
 164
 165 =item RSA, see L<EVP_KEYMGMT-RSA(7)>
 166
 167 =back
 168
 169 =head1 SELF TESTING
 170
 171 One of the requirements for the FIPS module is self testing. An optional callback
 172 mechanism is available to return information to the user using
 173 L<OSSL_SELF_TEST_set_callback(3)>.
 174
 175 The parameters passed to the callback are described in L<OSSL_SELF_TEST_new(3)>
 176
 177 The OpenSSL FIPS module uses the following mechanism to provide information
 178 about the self tests as they run.
 179 This is useful for debugging if a self test is failing.
 180 The callback also allows forcing any self test to fail, in order to check that
 181 it operates correctly on failure.
 182 Note that all self tests run even if a self test failure occurs.
 183
 184 The FIPS module passes the following type(s) to OSSL_SELF_TEST_onbegin().
 185
 186 =over 4
 187
 188 =item "Module_Integrity" (B<OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY>)
 189
 190 Uses HMAC SHA256 on the module file to validate that the module has not been
 191 modified. The integrity value is compared to a value written to a configuration
 192 file during installation.
 193
 194 =item "Install_Integrity" (B<OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY>)
 195
 196 Uses HMAC SHA256 on a fixed string to validate that the installation process
 197 has already been performed and the self test KATS have already been tested,
 198 The integrity value is compared to a value written to a configuration
 199 file after successfully running the self tests during installation.
 200
 201 =item "KAT_Cipher" (B<OSSL_SELF_TEST_TYPE_KAT_CIPHER>)
 202
 203 Known answer test for a symmetric cipher.
 204
 205 =item "KAT_AsymmetricCipher" (B<OSSL_SELF_TEST_TYPE_KAT_ASYM_CIPHER>)
 206
 207 Known answer test for a asymmetric cipher.
 208
 209 =item "KAT_Digest" (B<OSSL_SELF_TEST_TYPE_KAT_DIGEST>)
 210
 211 Known answer test for a digest.
 212
 213 =item "KAT_Signature" (B<OSSL_SELF_TEST_TYPE_KAT_SIGNATURE>)
 214
 215 Known answer test for a signature.
 216
 217 =item "PCT_Signature" (B<OSSL_SELF_TEST_TYPE_PCT_SIGNATURE>)
 218
 219 Pairwise Consistency check for a signature.
 220
 221 =item "KAT_KDF" (B<OSSL_SELF_TEST_TYPE_KAT_KDF>)
 222
 223 Known answer test for a key derivation function.
 224
 225 =item "KAT_KA" (B<OSSL_SELF_TEST_TYPE_KAT_KA>)
 226
 227 Known answer test for key agreement.
 228
 229 =item "DRBG" (B<OSSL_SELF_TEST_TYPE_DRBG>)
 230
 231 Known answer test for a Deterministic Random Bit Generator.
 232
 233 =item "Conditional_PCT" (B<OSSL_SELF_TEST_TYPE_PCT>)
 234
 235 Conditional test that is run during the generation of key pairs.
 236
 237 =item "Continuous_RNG_Test" (B<OSSL_SELF_TEST_TYPE_CRNG>)
 238
 239 Continuous random number generator test.
 240
 241 =back
 242
 243 The "Module_Integrity" self test is always run at startup.
 244 The "Install_Integrity" self test is used to check if the self tests have
 245 already been run at installation time. If they have already run then the
 246 self tests are not run on subsequent startups.
 247 All other self test categories are run once at installation time, except for the
 248 "Pairwise_Consistency_Test".
 249
 250 There is only one instance of the "Module_Integrity" and "Install_Integrity"
 251 self tests. All other self tests may have multiple instances.
 252
 253
 254 The FIPS module passes the following descriptions(s) to OSSL_SELF_TEST_onbegin().
 255
 256 =over 4
 257
 258 =item "HMAC" (B<OSSL_SELF_TEST_DESC_INTEGRITY_HMAC>)
 259
 260 "Module_Integrity" and "Install_Integrity" use this.
 261
 262 =item "RSA" (B<OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1>)
 263
 264 =item "ECDSA" (B<OSSL_SELF_TEST_DESC_PCT_ECDSA>)
 265
 266 =item "DSA" (B<OSSL_SELF_TEST_DESC_PCT_DSA>)
 267
 268 Key generation tests used with the "Pairwise_Consistency_Test" type.
 269
 270 =item "RSA_Encrypt" (B<OSSL_SELF_TEST_DESC_ASYM_RSA_ENC>)
 271
 272 =item "RSA_Decrypt" (B<OSSL_SELF_TEST_DESC_ASYM_RSA_DEC>)
 273
 274 "KAT_AsymmetricCipher" uses this to indicate an encrypt or decrypt KAT.
 275
 276 =item "AES_GCM" (B<OSSL_SELF_TEST_DESC_CIPHER_AES_GCM>)
 277
 278 =item "AES_ECB_Decrypt" (B<OSSL_SELF_TEST_DESC_CIPHER_AES_ECB>)
 279
 280 =item "TDES" (B<OSSL_SELF_TEST_DESC_CIPHER_TDES>)
 281
 282 Symmetric cipher tests used with the "KAT_Cipher" type.
 283
 284 =item "SHA1" (B<OSSL_SELF_TEST_DESC_MD_SHA1>)
 285
 286 =item "SHA2" (B<OSSL_SELF_TEST_DESC_MD_SHA2>)
 287
 288 =item "SHA3" (B<OSSL_SELF_TEST_DESC_MD_SHA3>)
 289
 290 Digest tests used with the "KAT_Digest" type.
 291
 292 =item "DSA" (B<OSSL_SELF_TEST_DESC_SIGN_DSA>)
 293
 294 =item "RSA" (B<OSSL_SELF_TEST_DESC_SIGN_RSA>)
 295
 296 =item "ECDSA" (B<OSSL_SELF_TEST_DESC_SIGN_ECDSA>)
 297
 298 Signature tests used with the "KAT_Signature" type.
 299
 300 =item "ECDH" (B<OSSL_SELF_TEST_DESC_KA_ECDH>)
 301
 302 =item "DH" (B<OSSL_SELF_TEST_DESC_KA_DH>)
 303
 304 Key agreement tests used with the "KAT_KA" type.
 305
 306 =item "HKDF" (B<OSSL_SELF_TEST_DESC_KDF_HKDF>)
 307
 308 =item "TLS13_KDF_EXTRACT" (B<OSSL_SELF_TEST_DESC_KDF_TLS13_EXTRACT>)
 309
 310 =item "TLS13_KDF_EXPAND" (B<OSSL_SELF_TEST_DESC_KDF_TLS13_EXPAND>)
 311
 312 =item "SSKDF" (B<OSSL_SELF_TEST_DESC_KDF_SSKDF>)
 313
 314 =item "X963KDF" (B<OSSL_SELF_TEST_DESC_KDF_X963KDF>)
 315
 316 =item "X942KDF" (B<OSSL_SELF_TEST_DESC_KDF_X942KDF>)
 317
 318 =item "PBKDF2" (B<OSSL_SELF_TEST_DESC_KDF_PBKDF2>)
 319
 320 =item "SSHKDF" (B<OSSL_SELF_TEST_DESC_KDF_SSHKDF>)
 321
 322 =item "TLS12_PRF" (B<OSSL_SELF_TEST_DESC_KDF_TLS12_PRF>)
 323
 324 =item "KBKDF" (B<OSSL_SELF_TEST_DESC_KDF_KBKDF>)
 325
 326 Key Derivation Function tests used with the "KAT_KDF" type.
 327
 328 =item "CTR" (B<OSSL_SELF_TEST_DESC_DRBG_CTR>)
 329
 330 =item "HASH" (B<OSSL_SELF_TEST_DESC_DRBG_HASH>)
 331
 332 =item "HMAC" (B<OSSL_SELF_TEST_DESC_DRBG_HMAC>)
 333
 334 DRBG tests used with the "DRBG" type.
 335
 336 = item "RNG" (B<OSSL_SELF_TEST_DESC_RNG>)
 337
 338 "Continuous_RNG_Test" uses this.
 339
 340 =back
 341
 342 =head1 EXAMPLES
 343
 344 A simple self test callback is shown below for illustrative purposes.
 345
 346   #include <openssl/self_test.h>
 347
 348   static OSSL_CALLBACK self_test_cb;
 349
 350   static int self_test_cb(const OSSL_PARAM params[], void *arg)
 351   {
 352     int ret = 0;
 353     const OSSL_PARAM *p = NULL;
 354     const char *phase = NULL, *type = NULL, *desc = NULL;
 355
 356     p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_PHASE);
 357     if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
 358         goto err;
 359     phase = (const char *)p->data;
 360
 361     p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_DESC);
 362     if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
 363         goto err;
 364     desc = (const char *)p->data;
 365
 366     p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_TYPE);
 367     if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING)
 368         goto err;
 369     type = (const char *)p->data;
 370
 371     /* Do some logging */
 372     if (strcmp(phase, OSSL_SELF_TEST_PHASE_START) == 0)
 373         BIO_printf(bio_out, "%s : (%s) : ", desc, type);
 374     if (strcmp(phase, OSSL_SELF_TEST_PHASE_PASS) == 0
 375             || strcmp(phase, OSSL_SELF_TEST_PHASE_FAIL) == 0)
 376         BIO_printf(bio_out, "%s\n", phase);
 377
 378     /* Corrupt the SHA1 self test during the 'corrupt' phase by returning 0 */
 379     if (strcmp(phase, OSSL_SELF_TEST_PHASE_CORRUPT) == 0
 380             && strcmp(desc, OSSL_SELF_TEST_DESC_MD_SHA1) == 0) {
 381         BIO_printf(bio_out, "%s %s", phase, desc);
 382         return 0;
 383     }
 384     ret = 1;
 385   err:
 386     return ret;
 387   }
 388
 389 =head1 SEE ALSO
 390
 391 L<openssl-fipsinstall(1)>,
 392 L<fips_config(5)>,
 393 L<OSSL_SELF_TEST_set_callback(3)>,
 394 L<OSSL_SELF_TEST_new(3)>,
 395 L<OSSL_PARAM(3)>,
 396 L<openssl-core.h(7)>,
 397 L<openssl-core_dispatch.h(7)>,
 398 L<provider(7)>
 399
 400 =head1 HISTORY
 401
 402 The type and functions described here were added in OpenSSL 3.0.
 403
 404 =head1 COPYRIGHT
 405
 406 Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
 407
 408 Licensed under the Apache License 2.0 (the "License").  You may not use
 409 this file except in compliance with the License.  You can obtain a copy
 410 in the file LICENSE in the source distribution or at
 411 L<https://www.openssl.org/source/license.html>.
 412
 413 =cut