Re: AES Key Wrap in FIPS Mode

Wed, 21 May 2014 23:38:23 -0700 

Raghav,

Check openssl/evp.h. Check the man page of EVP_EncryptInit()

This is the corresponding EVP API

int     EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
                const unsigned char *key, const unsigned char *iv);
int     EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
ENGINE *impl,
                const unsigned char *key, const unsigned char *iv);
int     EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                int *outl, const unsigned char *in, int inl);
int     EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int
*outl);
int     EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int
*outl);


You can pass any of these as the EVP cipher

const EVP_CIPHER *EVP_aes_128_ecb(void);
const EVP_CIPHER *EVP_aes_128_cbc(void);
const EVP_CIPHER *EVP_aes_128_cfb1(void);
const EVP_CIPHER *EVP_aes_128_cfb8(void);
const EVP_CIPHER *EVP_aes_128_cfb128(void);
# define EVP_aes_128_cfb EVP_aes_128_cfb128
const EVP_CIPHER *EVP_aes_128_ofb(void);
#if 0
const EVP_CIPHER *EVP_aes_128_ctr(void);
#endif
const EVP_CIPHER *EVP_aes_192_ecb(void);
const EVP_CIPHER *EVP_aes_192_cbc(void);
const EVP_CIPHER *EVP_aes_192_cfb1(void);
const EVP_CIPHER *EVP_aes_192_cfb8(void);
const EVP_CIPHER *EVP_aes_192_cfb128(void);
# define EVP_aes_192_cfb EVP_aes_192_cfb128
const EVP_CIPHER *EVP_aes_192_ofb(void);
#if 0
const EVP_CIPHER *EVP_aes_192_ctr(void);
#endif
const EVP_CIPHER *EVP_aes_256_ecb(void);
const EVP_CIPHER *EVP_aes_256_cbc(void);
const EVP_CIPHER *EVP_aes_256_cfb1(void);
const EVP_CIPHER *EVP_aes_256_cfb8(void);
const EVP_CIPHER *EVP_aes_256_cfb128(void);
# define EVP_aes_256_cfb EVP_aes_256_cfb128
const EVP_CIPHER *EVP_aes_256_ofb(void);


You need to intialize OpenSSL ciphers using
OpenSSL_add_all_ciphers()


You will get plenty of examples on the internet


Rahul








On Thu, May 22, 2014 at 6:23 AM, Raghav Varadan
<raghavssubscr...@gmail.com>wrote:

> Hi,
>
> I'm using Openssl FIPS in my application. The application does some AES
> Key Wrap/Unwrap and uses function calls to
> AES_set_encrypt_key()/AES_wrap_key()/AES_unwrap_key(). But in FIPS mode
> call to these low-level crypto function calls are forbidden. I would like
> to know if there is an EVP* interface to do wrap crypto keys using Key
> Encryption Key for transportation.
>
> Looking forward to a reply.
>
> Thanks
> Raghav
>
>

Reply via email to