FIPS meets AEAD, AES-nnn-SIV
15 views
Skip to first unread message
Hal Murray
Jun 2, 2025, 2:24:09 AM6/2/25
to openss...@openssl.org, Hal Murray
Could somebody please give me a lesson in FIPS and AEAD or a pointer to
the right place?
I work on NTP software. NTS (Network Time Security) uses AEAD which uses,
for example, AES-128-SIV which uses AES-128-CBC and AES-128-CTR.
We have a package that implements AEAD using the old/deprecated cmac
interface. It was written long before OpenSSL supported AEAD. I'm
looking into fixing our code to use OpenSSL's AEAD routines.
Our old code works on a system running in FIPS mode. Our new code doesn't
because OpenSSL's FIPS provider doesn't support AES-128-SIV.
Does FIPS know anything about any of the AEAD algorithims?
What do FIPS shops do when they want to use a protocol that uses an AEAD
algorithm? Do we just say "no" to them?
This seems like it should be covered by a FAQ someplace, but all I've
found while poking around is that the OpenSSL FIPS provider doesn't
support any AEAD algorithims.
Or what should I be asking? or thinking about?
Thanks.
--
These are my opinions. I hate spam.
Viktor Dukhovni
Jun 2, 2025, 3:51:18 AM6/2/25
to openss...@openssl.org
On Sun, Jun 01, 2025 at 11:23:58PM -0700, Hal Murray wrote:
> I work on NTP software. NTS (Network Time Security) uses AEAD which uses,
> for example, AES-128-SIV which uses AES-128-CBC and AES-128-CTR.
>
> We have a package that implements AEAD using the old/deprecated cmac
> interface. It was written long before OpenSSL supported AEAD. I'm
> looking into fixing our code to use OpenSSL's AEAD routines.
>
> Our old code works on a system running in FIPS mode. Our new code doesn't
> because OpenSSL's FIPS provider doesn't support AES-128-SIV.
The OpenSSL FIPS provider supports AES in the GCM and CCM AEAD modes.
> I work on NTP software. NTS (Network Time Security) uses AEAD which uses,
> for example, AES-128-SIV which uses AES-128-CBC and AES-128-CTR.
>
> We have a package that implements AEAD using the old/deprecated cmac
> interface. It was written long before OpenSSL supported AEAD. I'm
> looking into fixing our code to use OpenSSL's AEAD routines.
>
> Our old code works on a system running in FIPS mode. Our new code doesn't
> because OpenSSL's FIPS provider doesn't support AES-128-SIV.
The OpenSSL default provider supports AES in SIV and GCM-SIV modes.
Unless I am not looking in the right places, the FIPS provider does
not support SIV.
> Does FIPS know anything about any of the AEAD algorithims?
> This seems like it should be covered by a FAQ someplace, but all I've
> found while poking around is that the OpenSSL FIPS provider doesn't
> support any AEAD algorithims.
>
> Or what should I be asking? or thinking about?
https://csrc.nist.gov/Projects/cryptographic-algorithm-validation-program/cavp-testing-block-cipher-modes
CMAC (SP 800-38B)
XTS-AES (SP 800-38E)
CCM (SP 800-38C)
KW / KWP / TKW (SP 800-38F)(Key Wrap using AES and Triple-DES)
GCM / GMAC / XPN (SP 800-38D and CMVP Annex A)
https://csrc.nist.gov/Projects/block-cipher-techniques/bcm
--
Viktor.
Reply all
Reply to author
Forward
0 new messages