Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FIPS Compliance #765

Merged
merged 4 commits into from
Nov 10, 2023
Merged

FIPS Compliance #765

merged 4 commits into from
Nov 10, 2023

Conversation

artoonie
Copy link
Collaborator

@artoonie artoonie commented Oct 30, 2023

Our RSA validation algorithm needs to be FIPS Compliant. Bouncycastle is compliant (certificate #4616) but only up to Java 17.

Luckily 1.3.2 uses Java 17, but 1.4.x will not, so we'll need to figure something out then.

In the meantime, there are two methods that are not FIPS compliant:

  1. The psuedo-random number generator
  2. The XML canonicalization library

(2) is not directly related to cryptography, and is likely a non-issue. We will need to determine if (1) is an issue. In the meantime, this is ready for review @tarheel @HEdingfield.

@artoonie artoonie added the WIP label Oct 30, 2023
@artoonie artoonie changed the base branch from hotfix/1.3.2 to feature/rsa-validation-onto-1.3.2 October 30, 2023 16:52
@artoonie artoonie force-pushed the feature/fips-compliance branch 2 times, most recently from ee4fd99 to 252e6de Compare October 30, 2023 19:24
@artoonie artoonie removed the WIP label Oct 30, 2023
@artoonie artoonie changed the title WIP: FIPS Compliance FIPS Compliance Oct 30, 2023
Copy link
Contributor

@tarheel tarheel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have basically zero context on this FIPS compliance work. Will let @HEdingfield look also.

Regarding the random number generation code that we already had: I believe it's only relevant to the tie-breaking logic. There's a longstanding unresolved discussion about making it more secure (see #170, for example). I can't remember what's left to do there...

@artoonie
Copy link
Collaborator Author

The random number generator is needed by generatePublicKey, and is referenced here: https://github.com/BrightSpots/rcv/pull/765/files#diff-3f597618fe0497e6e5c6b9d51ed6ab1071e5a7d3e6ca438f022417ff5fe3382dR88

I don't know why it's being used, and have asked here: bcgit/bc-java#1520

However, it is used within the cryptography process.

The context is basically what you've gathered: we've been informed that we need to be "FIPS Compliant," and using the bouncycastle library is a software-only solution that has been federally certified. The default libraries are not certified, and despite some arguments that they are more secure, they do not have the FIPS certification.

@yezr
Copy link
Collaborator

yezr commented Nov 1, 2023

Following some discussions with folks that have certification related FIPs experience, for signature verification FIPS 140-2 compliance we are going to move forward with the BouncyCastle implementation and call out the missing FIPS certified random number implementation with the following in the TDP

RCTab uses #4616 BC-FJA (Bouncy Castle FIPS Java API), a Level 1 FIPS 140-2 Validated Cryptographic Module to verify the cryptographic signature of Hart Verity Signed CVRs.

Note: We have BouncyCastle implemented as a provider, but we still use a non-FIPS-certified Sun implementation of a random number generator. The random number generator is only used to validate that the chosen public key is valid -- it's used as part of a primality-checking algorithm. Since we know that the public key we're given is already valid (as it is created by Hart Verity using their FIPS 140-2 certified implementation), this check is superfluous.

Copy link
Contributor

@HEdingfield HEdingfield left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see this is being targetted to rsa-validation-onto-1.3.2 -- do we not want to include this in 1.4.0 as well?

@HEdingfield
Copy link
Contributor

HEdingfield commented Nov 4, 2023

I see this is being targetted to rsa-validation-onto-1.3.2 -- do we not want to include this in 1.4.0 as well?

Just saw the note in the description. That's unfortunate... are there no other options besides Bouncycastle at this point?

If not, can we at least create a new issue (or note in an existing one) that this divergence between 1.3.2 and 1.4.0 needs to be reconciled?

@artoonie
Copy link
Collaborator Author

artoonie commented Nov 4, 2023

@HEdingfield Yes, we do need to reconcile this for 1.4.0, either by researching whether bouncycastle will soon have a new FIPS certification for the latest version of Java, or by determining we need to downgrade Java, or we need to replace bouncycastle with something else.

@yezr can you make an issue for 1.4.0 for this problem?

@yezr
Copy link
Collaborator

yezr commented Nov 7, 2023

created #767 to research a way to reconcile this PR in 1.4.0

Base automatically changed from feature/rsa-validation-onto-1.3.2 to hotfix/1.3.2 November 8, 2023 02:39
@HEdingfield HEdingfield changed the base branch from hotfix/1.3.2 to develop November 8, 2023 06:19
@HEdingfield HEdingfield changed the base branch from develop to hotfix/1.3.2 November 8, 2023 06:20
@@ -0,0 +1,146 @@
/*
Copy link
Contributor

@HEdingfield HEdingfield Nov 8, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm super annoyed that this diff doesn't seem to be working properly... this file already exists in hotfix/1.3.2 because it was created by #764, which has now been merged in. I've tried changing the base back and forth in GitHub. This isn't really reviewable as-is. Any idea how to fix this problem?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the issue caused by squash commits + chained PRs that we noted a while back.

My workflow is to cherry-pick only the relevant commits and force-push to the branch, e.g.:

Base < Feature1 [commit1, commit2] < Feature2 [commit3, commit4]
When Feature1 merges into Base:

git checkout Feature2
git reset --hard Base
git cherrypick commit3..commit4
git push --force

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it worth adding a section to the Wiki about this, or will you just keep it on your end as domain knowledge, since it seems to be specific to your workflow (unless I'm misunderstanding)?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can do: https://github.com/BrightSpots/rcv/wiki/Notes-on-Development

Maybe worth adding the IntelliJ setup you use to this wiki too (I think it's on the README now?)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Follow-up on this: could this have been avoided if, in your local branch and after the first squash was merged into the main branch, you pulled back from the main branch (with the new squash merge) into your local branch and reconciled changes? I believe this is what I've historically done in these situations, but there might be some subtle difference I'm missing.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, that's what I used to do, but reconciling differences is manual and error-prone, especially if there are dozens. Bugs have slipped in before caused by this (e.g. #670), so I don't recommend it.

This method is less error-prone.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok cool. It's generally pretty painless with IntelliJ -- I'll mention that method in the Wiki as well.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Filed #771 for updating Wiki with IntelliJ info.

@artoonie artoonie force-pushed the feature/fips-compliance branch from a87e8a3 to 56a0f93 Compare November 9, 2023 19:57
@artoonie
Copy link
Collaborator Author

Merging now to start building the release candidate but still hoping for approval after-the-fact @HEdingfield

@artoonie artoonie merged commit cbfcc24 into hotfix/1.3.2 Nov 10, 2023
1 check passed
@artoonie artoonie deleted the feature/fips-compliance branch November 10, 2023 15:31
@Test
@DisplayName("Ensure FIPS Compliance check is run")
void testFipsComplianceWasCorrectlySetUp() {
Assertions.assertTrue(SecurityConfig.haveProvidersBeenCulled());
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So I guess this is something that gets set up (i.e. all of SecurityConfig is run) when the app initializes, but it only matters / gets checked during Hart tabulation?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, though I'd maybe use the term verified over matters, in that it may affect other places in the code (and some may take "matters" to mean "affects")

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants