Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Windows FIPS compliant App publishes FIPS and non-FIPS ciphers during TLS handshake #1434

Open
lmaliniak opened this issue Dec 9, 2024 · 7 comments

Comments

@lmaliniak
Copy link

The Go app is was built with latest Microsoft Go fork release basked on Go 1.23.x. It was built with goexperiment.systemcrypto tag.
The platform is Win 10 22H2 VM.
Fips local policy, security option is enabled (System cryptography: Use FIPS compliant algorithms for encryption, hashing and signing).
Capturing the app traffic and analyzing TLS handshake, I see that the app continues to publish send a list of FIPS and non-FIPS ciphers.

The question is why does the FIPS compliant built app keeps publishing non-FIPS ciphers in FIPS mode?
Thanks

@dagood
Copy link
Member

dagood commented Dec 9, 2024

This doesn't repro for me. I used this program that prints out Go's TLS settings: https://gist.github.com/dagood/f5b825f8e07a564f347a43f1523e8f1c
(I built with systemcrypto on "my" machine and ran it in the VM with the -serve flag).

In a Windows VM, I ran it normally, and it got:

{
[49195 49199 49196 49200 52393 52392 49161 49171 49162 49172 156 157 47 53 49170 10 4865 4866 4867]
[X25519 CurveP256 CurveP384 CurveP521]
[0]
[772 771]
}

I enabled the FIPS local policy using the Windows UI and restarted the VM, then the program got:

{
[49195 49199 49196 49200 4865 4866]
[CurveP256 CurveP384 CurveP521]
[0]
[772 771]
}

Maybe you can try your interception approach with that test program and see if it shows different results for you?

@lmaliniak
Copy link
Author

Thanks @dagood.
I want to make sure we refer to the same FIPS local policy.
For Win 10 22H2 It is set here:
Open the Group Policy Editor, navigate to Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options , and enable the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing.

Thought the policy is enabled and the service is built with goexperiment.systemcrypto tag, when it runs and I capture the traffic (filter by usingtcp.port == 443 && tls.handshake), when checking the client published ciphers I get a mix of FIPS and non-FIPS ciphers.

@dagood
Copy link
Member

dagood commented Dec 12, 2024

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options , and enable the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing

Yep, I got there by searching "local security policy", but the rest of the path is the same. I am on Windows 11 rather than 10, but I wouldn't expect any difference here.

A few things I'd like to confirm:

  • Did you reboot after changing the policy?
    • Rebooting is necessary after changing the policy, but it isn't necessary when changing the HKLM\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy registry key manually for testing.
  • Did you use the test program I linked, or something else?

@lmaliniak
Copy link
Author

Thanks @dagood for the detailed reply.
My Windows VM was restarted. The registry key is also set to enabled.
When the app was build I passed to the build command the following tags: goexperiment.systemcrypto cgo release
I plan is to repeat the test on the same Windows VM with your App. Capture and analyze the traffic and share the results.

@dagood
Copy link
Member

dagood commented Dec 13, 2024

On my end, I've now reproduced the good behavior on a win10 VM:

Edition	Windows 10 Enterprise
Version		22H2
Installed on	‎12/‎13/‎2024
OS build	19045.2965
Experience	Windows Feature Experience Pack 1000.19041.1000.0

(Even when using the policy radio box, rebooting doesn't appear to be necessary in my tests on that win10 VM. I'm not sure why I had a different experience on a win11 VM. Either way, generally docs do recommend a reboot.)

@lmaliniak
Copy link
Author

lmaliniak commented Dec 16, 2024

@dagood, I've cloned, built and run the server & client on my Windows VM.

Edition	Windows 10 Enterprise
Version	22H2
Installed on	‎4/‎25/‎2024
OS build	19045.5131
Experience	Windows Feature Experience Pack 1000.19060.1000.0

Build special settings:

set GOEXPERIMENT=systemcrypto
set GOFLAGS='-tags=goexperiment.systemcrypto cgo release'set GOEXPERIMENT=systemcrypto

Built with Microsoft go fork
go version go1.23.4 windows/amd64

Note: Windows policy was enabled but used the regkey and GOFIPS to emulate enable/disable of the FIPS mode.

Run two tests:

  1. FIPS mode enabled:
    GOFIPS=1 and Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy=1.
  2. FIPS mode disabled:
    GOFIPS=0 and Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy=0.

Results:
FIPS mode enable -
Server side:

main.exe -serve
2024/12/16 09:54:59 {
[49195 49199 49196 49200 4865 4866]
[CurveP256 CurveP384 CurveP521]
[0]
[772 771]
}
2024/12/16 09:54:59 foo: 200 OK
2024/12/16 09:55:53 {
[49195 49199 49196 49200 4865 4866]
[CurveP256 CurveP384 CurveP521]
[0]
[772 771]
}

Client side:

main.exe
2024/12/16 09:55:53 foo: 200 OK

FIPS mode disabled -

main.exe -serve
2024/12/16 11:05:35 {
[49195 49199 49196 49200 52393 52392 49161 49171 49162 49172 4865 4866 4867]
[X25519Kyber768Draft00 X25519 CurveP256 CurveP384 CurveP521]
[0]
[772 771]
}
2024/12/16 11:05:35 foo: 200 OK
2024/12/16 11:05:45 {
[49195 49199 49196 49200 52393 52392 49161 49171 49162 49172 4865 4866 4867]
[X25519Kyber768Draft00 X25519 CurveP256 CurveP384 CurveP521]
[0]
[772 771]
}

Client:

main.exe
2024/12/16 11:05:45 foo: 200 OK

I see that when running in FIPS mode enabled no non-FIPS cipher is listed. The list of omitted ciphers in FIPS mode:
52393, 52392, 49161, 49171, 49162, 49172, 4867.

I learned that my Windows VM has correct setup.

The next thing I'll do is to repeat a similar test with my app and share the results.

@lmaliniak
Copy link
Author

After analyzing the Wireshark capture of the app, the conclusion is that the Go part is publishing only FIPS ciphers as expected. The TLS client hello with a list containing a mix of FIPS and non-FOPS ciphers was recorded from the browser and a part of the client app that is written in C++, hence was not built using Microsoft Go.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants