From patchwork Wed Jul 29 21:20:06 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jate Sujjavanich X-Patchwork-Id: 501848 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from maxx.maxx.shmoo.com (maxx.shmoo.com [205.134.188.171]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id CD5F514030A for ; Thu, 30 Jul 2015 07:20:23 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b=Y17DG1Sq; dkim-atps=neutral Received: from localhost (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id 38B5D17C150; Wed, 29 Jul 2015 17:20:19 -0400 (EDT) X-Virus-Scanned: amavisd-new at maxx.shmoo.com Received: from maxx.maxx.shmoo.com ([127.0.0.1]) by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hIQCxBgCUdWJ; Wed, 29 Jul 2015 17:20:18 -0400 (EDT) Received: from maxx.shmoo.com (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id 4B66D17C165; Wed, 29 Jul 2015 17:20:14 -0400 (EDT) X-Original-To: mailman-post+hostap@maxx.shmoo.com Delivered-To: mailman-post+hostap@maxx.shmoo.com Received: from localhost (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id 6D9F717C165 for ; Wed, 29 Jul 2015 17:20:13 -0400 (EDT) X-Virus-Scanned: amavisd-new at maxx.shmoo.com Received: from maxx.maxx.shmoo.com ([127.0.0.1]) by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z2qNAVYomk7g for ; Wed, 29 Jul 2015 17:20:09 -0400 (EDT) Received: from mail-ob0-f174.google.com (mail-ob0-f174.google.com [209.85.214.174]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (not verified)) by maxx.maxx.shmoo.com (Postfix) with ESMTPS id CC7E517C150 for ; Wed, 29 Jul 2015 17:20:08 -0400 (EDT) Received: by obnw1 with SMTP id w1so17020020obn.3 for ; Wed, 29 Jul 2015 14:20:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=0tQPvUwtQ0sgM8nQQw+ne3r0ttitE9sJdyLZyg+MlJs=; b=Y17DG1SqYP65p+kh5O64MIxk9Qs13HhoQznXMHZ01N2SNFyrKrqxk2BHWuITwEd8Ib dVxqavZrB9A3lLCnaGMoC1F9fXwfK+GOHMbv1QbIdkdLrWhIQlN6prDX8rrNrMZDrswS u8fw4y3muXoPdB1lA4IIO7HTPc92RDx1oOHfQxzQdHxeIq+IekZkAq0RRLHvtP3dSyjE VWIuFDWLeaxTqupMlF8YVsxKLciPVsUxYeIlBZw6nnrFgNL9n0MOt5BIud2Knu0C7U9H /8IybKmS32XW7NLgQoafEtK5w0O3rCjSK8ZX+XRW+06lBM5Rh7GMEewvfs3nQdccDWFc rBdg== MIME-Version: 1.0 X-Received: by 10.60.84.143 with SMTP id z15mr41675979oey.55.1438204807039; Wed, 29 Jul 2015 14:20:07 -0700 (PDT) Received: by 10.76.156.130 with HTTP; Wed, 29 Jul 2015 14:20:06 -0700 (PDT) In-Reply-To: <20150729194320.GA5614@w1.fi> References: <20150725161415.GA7074@w1.fi> <20150729194320.GA5614@w1.fi> Date: Wed, 29 Jul 2015 17:20:06 -0400 Message-ID: Subject: Re: wpa_supplicant in FIPS 140-2 mode From: Jate Sujjavanich To: hostap@lists.shmoo.com X-BeenThere: hostap@lists.shmoo.com X-Mailman-Version: 2.1.11 Precedence: list List-Id: HostAP Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: hostap-bounces@lists.shmoo.com Errors-To: hostap-bounces@lists.shmoo.com I replaced the calls within to aes_wrap/aes_unwrap in crypto_openssl.c with the callbacks in aes_wrap.c/aes_unwrap.c. They actually lead down to EVP_* functions within OpenSSL which is valid in FIPS mode. The callbacks to aes_encrypt_* lead to higher level EVP_* calls which are allowed in FIPS mode. Do you see anything wrong with this algorithmically as far as encryption is concerned? ---- Replace aes wrapping functions with higher level EVP calls for FIPS compatibility On Wed, Jul 29, 2015 at 3:43 PM, Jouni Malinen wrote: > On Wed, Jul 29, 2015 at 02:50:09PM -0400, Jate Sujjavanich wrote: > > I figured out an issue with the aes_wrap/aes_unwrap function calls > causing > > the exit. The ones implemented in crypto_openssl.c make a lower level > call > > which is not allowed in FIPS mode for 1.0.1. I will submit a patch which > > uses the more generic callbacks in src/crypto/aes_wrap.c and > > src/crypto/aes_unwrap.c. > > Hmm.. That would be somewhat of an unfortunate direction.. My goal has > been more to reduce externally required crypto implementation than > adding it, i.e., this change would be reverting an earlier cleanup. It's > a bit unfortunate if OpenSSL does not provide a FIPS mode compatible > mechanism for AES key wrapping. > > > -- > Jouni Malinen PGP id EFC895FA > _______________________________________________ > HostAP mailing list > HostAP@lists.shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap > diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c index f158ef4..ca44386 100644 --- a/src/crypto/crypto_openssl.c +++ b/src/crypto/crypto_openssl.c @@ -297,33 +297,6 @@ void aes_decrypt_deinit(void *ctx) } -int aes_wrap(const u8 *kek, size_t kek_len, int n, const u8 *plain, u8 *cipher) -{ - AES_KEY actx; - int res; - - if (AES_set_encrypt_key(kek, kek_len << 3, &actx)) - return -1; - res = AES_wrap_key(&actx, NULL, cipher, plain, n * 8); - OPENSSL_cleanse(&actx, sizeof(actx)); - return res <= 0 ? -1 : 0; -} - - -int aes_unwrap(const u8 *kek, size_t kek_len, int n, const u8 *cipher, - u8 *plain) -{ - AES_KEY actx; - int res; - - if (AES_set_decrypt_key(kek, kek_len << 3, &actx)) - return -1; - res = AES_unwrap_key(&actx, NULL, plain, cipher, (n + 1) * 8); - OPENSSL_cleanse(&actx, sizeof(actx)); - return res <= 0 ? -1 : 0; -} - - int crypto_mod_exp(const u8 *base, size_t base_len, const u8 *power, size_t power_len, const u8 *modulus, size_t modulus_len, diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile index 0f82af9..87af300 100644 --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile @@ -983,6 +983,10 @@ LIBS += -lssl endif OBJS += ../src/crypto/crypto_openssl.o OBJS_p += ../src/crypto/crypto_openssl.o +OBJS += ../src/crypto/aes-wrap.o +OBJS_p += ../src/crypto/aes-wrap.o +OBJS += ../src/crypto/aes-unwrap.o +OBJS_p += ../src/crypto/aes-unwrap.o ifdef NEED_FIPS186_2_PRF OBJS += ../src/crypto/fips_prf_openssl.o endif