FIPS wrapper to lock low level AES calls in FIPS mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

I would like to retract my previous email on this subject.

I found the routine EVP_CIPHER_CTX_set_key_length(), and have successfully implemented.

I apologize for wasting anyone's time who may have read the original email.

Thanks,

Phil




From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of Philip Bellino
Sent: Monday, April 06, 2015 8:03 AM
To: openssl-users at openssl.org
Subject: FIPS wrapper to lock low level AES calls in FIPS mode

Hello,
We are using Openssl-1.0.2a with FIPS 2.0.9 on Linux PPC environment. We have code that we assume needs updating,
to avoid using low level routines in FIPS. For example, our snmp v3 implementation currently decrypts/encrypts using
AES_set_encrypt_key() and AES_cfb128_encrypt().
The old decryption routine is as follows:
BOOL                            /* TRUE:=ok, FALSE=error condition */
sc_aes_decrypt(SN_PRIVPROT privProto,   /* usm priv protocol type */
               UCHAR * key,     /* priv key */
               UINT keylen,     /* priv key length */
               UCHAR * iv,      /* iv buffer */
               UINT ivlen,      /* iv length */
               UCHAR * ciphertext,      /* encrypted buffer: the cipher text */
               UINT ctlen,      /* encrypted data length */
               UCHAR * plaintext,       /* OUT: decrypted buffer */
               int *ptlen)
{                               /* IN: decrypt buf len, OUT: decrypt data */
    static char fname[] = "sc_aes_decrypt";
    AES_KEY aes_key;
    char my_iv[16];
    int new_ivlen = 0;
    int ret;

    ret = AES_set_encrypt_key(key, (keylen * 8), &aes_key);
    if (ret < 0) {
        errorMsg("%s: call to AES_set_encrypt_key() failed (error=%d)", fname,
                 ret);
        return FALSE;
    }
    memcpy(my_iv, iv, ivlen);

    /*
     * Decrypt the data.
     */
    AES_cfb128_encrypt(ciphertext, plaintext, ctlen,
                       &aes_key, my_iv, &new_ivlen, AES_DECRYPT);

    *ptlen = ctlen;
    return TRUE;
}

AES_set_encrypt_key() is no longer useable in FIPS mode as
shown in the following code snippet from openssl-1.0.2a/crypto/aes/aes_misc.c -
/* FIPS wrapper functions to block low level AES calls in FIPS mode */
int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
                        AES_KEY *key)
{
#ifdef OPENSSL_FIPS
    fips_cipher_abort(AES);
#endif
    return private_AES_set_encrypt_key(userKey, bits, key);
}

I could not find a parallel routine for AES_set_encrypt_key()  in the high level EVP routines.  I also looked on the Openssl wiki.
Do I need one? Does one exist?
I am attempting to replace the old code with FIPS safe EVP routines EVP_CIPHER_CTX_init(), EVP_DecryptInit_ex() using EVP_aes_128_cfb, EVP_DecryptUpdate(), EVP_DecryptFinal_ex() and EVP_CIPHER_CTX_cleanup().
The data passed into the decrypt routine
is not a fixed length (not necessarily a multiple of block size). Is that the correct path?
Are there any gotchas I should watch out for, for example, with padding issues? I am asking because my first attempt
at the new code results in a decryption error from Openssl crypto/evp/evp_enc.c EVP_DecryptFinal_ex() line 519
if (b > 1) {
        if (ctx->buf_len) {
            EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH);
           return (0);
        }

Any help/guidance would be most appreciated.

Thank you.


Phil Bellino
Principal Software Engineer | MRV Communications Inc.
300 Apollo Drive |  Chelmsford, MA 01824
Phone: 978-674-6870  |   Fax: 978-674-6799
www.mrv.com

[MRV-email]


[Image removed by sender. E-Banner]<http://www.mrv.com/landing/video-datasheet-mrvs-optidriver-platform>


The contents of this message, together with any attachments, are intended only for the use of the person(s) to whom they are addressed and may contain confidential and/or privileged information. If you are not the intended recipient, immediately advise the sender, delete this message and any attachments and note that any distribution, or copying of this message, or any attachment, is prohibited.

[E-Banner]<http://www.mrv.com/landing/video-datasheet-mrvs-optidriver-platform>


The contents of this message, together with any attachments, are intended only for the use of the person(s) to whom they are addressed and may contain confidential and/or privileged information. If you are not the intended recipient, immediately advise the sender, delete this message and any attachments and note that any distribution, or copying of this message, or any attachment, is prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150406/0f5dbe49/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ~WRD000.jpg
Type: image/jpeg
Size: 823 bytes
Desc: ~WRD000.jpg
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150406/0f5dbe49/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 6563 bytes
Desc: image001.png
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150406/0f5dbe49/attachment-0001.png>


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux