wpa_supplicant in FIPS 140-2 mode
Jate Sujjavanich
jatedev
Wed Jul 29 14:20:06 PDT 2015
I replaced the calls within to aes_wrap/aes_unwrap in crypto_openssl.c with
the callbacks in aes_wrap.c/aes_unwrap.c. They actually lead down to EVP_*
functions within OpenSSL which is valid in FIPS mode. The callbacks to
aes_encrypt_* lead to higher level EVP_* calls which are allowed in FIPS
mode.
Do you see anything wrong with this algorithmically as far as encryption is
concerned?
----
Replace aes wrapping functions with higher level EVP calls for FIPS
compatibility
diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index f158ef4..ca44386 100644
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -297,33 +297,6 @@ void aes_decrypt_deinit(void *ctx)
}
-int aes_wrap(const u8 *kek, size_t kek_len, int n, const u8 *plain, u8
*cipher)
-{
- AES_KEY actx;
- int res;
-
- if (AES_set_encrypt_key(kek, kek_len << 3, &actx))
- return -1;
- res = AES_wrap_key(&actx, NULL, cipher, plain, n * 8);
- OPENSSL_cleanse(&actx, sizeof(actx));
- return res <= 0 ? -1 : 0;
-}
-
-
-int aes_unwrap(const u8 *kek, size_t kek_len, int n, const u8 *cipher,
- u8 *plain)
-{
- AES_KEY actx;
- int res;
-
- if (AES_set_decrypt_key(kek, kek_len << 3, &actx))
- return -1;
- res = AES_unwrap_key(&actx, NULL, plain, cipher, (n + 1) * 8);
- OPENSSL_cleanse(&actx, sizeof(actx));
- return res <= 0 ? -1 : 0;
-}
-
-
int crypto_mod_exp(const u8 *base, size_t base_len,
const u8 *power, size_t power_len,
const u8 *modulus, size_t modulus_len,
diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
index 0f82af9..87af300 100644
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@@ -983,6 +983,10 @@ LIBS += -lssl
endif
OBJS += ../src/crypto/crypto_openssl.o
OBJS_p += ../src/crypto/crypto_openssl.o
+OBJS += ../src/crypto/aes-wrap.o
+OBJS_p += ../src/crypto/aes-wrap.o
+OBJS += ../src/crypto/aes-unwrap.o
+OBJS_p += ../src/crypto/aes-unwrap.o
ifdef NEED_FIPS186_2_PRF
OBJS += ../src/crypto/fips_prf_openssl.o
endif
On Wed, Jul 29, 2015 at 3:43 PM, Jouni Malinen <j at w1.fi> wrote:
> On Wed, Jul 29, 2015 at 02:50:09PM -0400, Jate Sujjavanich wrote:
> > I figured out an issue with the aes_wrap/aes_unwrap function calls
> causing
> > the exit. The ones implemented in crypto_openssl.c make a lower level
> call
> > which is not allowed in FIPS mode for 1.0.1. I will submit a patch which
> > uses the more generic callbacks in src/crypto/aes_wrap.c and
> > src/crypto/aes_unwrap.c.
>
> Hmm.. That would be somewhat of an unfortunate direction.. My goal has
> been more to reduce externally required crypto implementation than
> adding it, i.e., this change would be reverting an earlier cleanup. It's
> a bit unfortunate if OpenSSL does not provide a FIPS mode compatible
> mechanism for AES key wrapping.
>
>
> --
> Jouni Malinen PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shmoo.com/pipermail/hostap/attachments/20150729/a17d9689/attachment.htm>
More information about the Hostap
mailing list