X25519/X448 in FIPS mode. #22054
Replies: 4 comments 6 replies
-
The lab has been asked. No response yet. |
Beta Was this translation helpful? Give feedback.
-
And an excerpt from SP 800-186: It's hard to see how this permits X448 / X25519 for key exchange. |
Beta Was this translation helpful? Give feedback.
-
Related to this - does the mechanism to allow or not allow the Edwards 25519 and 448 curves also deal with the TLS Group capabilities found in provider/common/capabilities? |
Beta Was this translation helpful? Give feedback.
-
To be sure:
Is that correct? |
Beta Was this translation helpful? Give feedback.
-
Looking at the FIPS 140-3 IG and SP800-186 seems to indicate the following..
Signatures using ED25519/ED448 are now allowed.
Key Agreement using X25519/X448 is not allowed currently..
This seems to be the exact opposite of what we have in the FIPS provider (Based on previous advice from the lab?).
This basically means that TLS1.3 in FIPS mode cant use X25519/ED448.
Should we seek clarification from the lab, and potentially change the FIPS provider? (This will most likely break tests).
Beta Was this translation helpful? Give feedback.
All reactions