3
$\begingroup$

The Security Policy Document: Microsoft Windows FIPS 140 Validation (version 1.4 dated May 7, 2020) mentions in section 2.2:

2.2 FIPS 140-2 Approved Algorithms

Cryptographic Primitives Library implements the following FIPS-140-2 Approved algorithms:

  • NIST SP 800-38D AES-128, AES- 192, and AES-256 GCM decryption and GMAC

Note the explicit use of decryption and not encryption. Furthermore, section 2.3 says the following (where the meaning or purpose of the word Mode is unclear to me in this context ):

2.3 Non-Approved Algorithms

Mode Cryptographic Primitives Library implements the following non-approved algorithms:

  • NIST SP 800-38D AES-128, AES-192, and AES-256 GCM encryption

Apparently a FIPS-approved version of AES-GCM encryption is not available. Trying to confirm this from NIST's Cryptographic Algorithm Validation Program (CAVP) certificates directly is not easy though. For example, taking #C211 as the starting point, there are several references to AES-GCM but no distinction between encryption and decryption.

This lack of availability of encryption comes across as a severe restriction. For example it seems not possible to implement an encrypted two-way session with AES-GCM when operating in FIPS Mode. Is this really the case? If yes, what could be the rationale for such limitation?

Update: after a lot more searching, I found confirmation in actual NIST CMVP certificate pages that older versions of Windows did indeed only have AES-GCM decryption validated and not encryption. My conclusion is that the security policy document associated with the newer validations is an evolution of an older policy document and that it was never properly updated to reflect the validation of the encryption side.

I am fairly convinced that this is a documentation error but I think only Microsoft can confirm that.

Improve this question
$\endgroup$
6
  • 2
    $\begingroup$ That is weird. If you go and look at the individual certifications it does say that AES 128, 192 and 256 are validated for both encryption and decryption. I don't even have a guess at what's going on there other than it's a mistake. My company relies on Windows FIPS validations so this is of great interest to me. I'll contact Microsoft about this Monday and see if I can get an answer. If I do I'll post it here. $\endgroup$ Commented Nov 1, 2020 at 2:57
  • $\begingroup$ Which individual certifications are you referring to exactly? I have seen several but none of them mentioned both encryption and decryption explicitly. $\endgroup$ Commented Nov 1, 2020 at 3:01
  • $\begingroup$ Maybe just a typo there? docs.microsoft.com/en-us/windows/security/threat-protection/… $\endgroup$ Commented Nov 1, 2020 at 6:30
  • $\begingroup$ Thanks @kelalaka. As you can see in my added update, I do now believe this is a documentation error. But that is a document directly referenced by the NIST CMVP certificate page -- a lousy place to be sloppy, in my opinion. $\endgroup$ Commented Nov 1, 2020 at 14:45
  • 1
    $\begingroup$ @ReinierTorenbeek sent the email. We'll see what they say. $\endgroup$ Commented Nov 2, 2020 at 20:00

0

Reset to default

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.