Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FIPS Feature Improvements #244

Merged
merged 27 commits into from
Oct 20, 2023
Merged

FIPS Feature Improvements #244

merged 27 commits into from
Oct 20, 2023

Conversation

skmcgrail
Copy link
Member

@skmcgrail skmcgrail commented Oct 14, 2023
edited
Loading

Description of changes:

  • aws_lc_rs::aead::RandomizedNonceKey has been added to easily allow for encryption or decryption of data using AES-128 and AES-256 GCM with a cryptographically secure random generated 96-bit (12 byte) nonces. This provides an alternative for users who don't want to construct and manage a NonceSequence with the OpeningKey / SealingKey based types.
  • aws_lc_rs::aead::TlsRecordOpeningKey and aws_lcs_rs::aead::TlsRecordSealingKey have been added to aid systems developers who are creating TLS protocol implementations. The TlsRecordSealingKey validates that the provided sequence of nonces are monotonically increasing.
  • aws_lc_rs::tls_prf module has been added for systems developers who need access to TLS 1.2 PRF APIs for usage in implementing RFC 5246 and RFC 7627.
  • aws_lc_rs::signature::Ed25519KeyPair::generate_pkcs8 and aws_lc_rs::signature::Ed25519KeyPair::generate_pkcs8v1 no longer use the provided &dyn SecureRandom. This is consistent with other public APIs in aws_lc_rs that don't honor this parameter. This has been treated a legacy argument that is only present in our APIs for drop-in compatibility with ring 0.16 releases.

Call-outs:

PRs that need to be merged into fips-api-changes first prior to this merging:

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

skmcgrail and others added 22 commits July 18, 2023 13:19
@skmcgrail
Merge pull request #193 from aws/main
0c4d1b3 
Merge main into fips-api-changes
@skmcgrail
Migrate ECDSA to FIPS Approved Functions (#188)
92883a4
@skmcgrail
Migrate RSA to FIPS Approved Functions (#196)
6a4d598
@skmcgrail
Migrate Agreement to FIPS Approved Functions (#198)
8669331
@skmcgrail
Merge main into fips-api-changes
16405f5
@skmcgrail
Merge remote-tracking branch 'upstream/main' into fips-api-changes
4233d2f
@skmcgrail
FIPS AEAD API Types (#207)
7eac11d
@skmcgrail
Merge remote-tracking branch 'upstream/main' into fips-api-changes
e171db1
@skmcgrail
Minor fixes post main merge
acaa1d8
@skmcgrail
Refactor HKDF for FIPS (#217)
b105769
@skmcgrail
Merge branch main into fips-api-changes
6a25017
@skmcgrail
Merge branch 'main' into fips-api-changes
8c46d68
@skmcgrail
Fix clippy from merge
cadb004
@skmcgrail
Merge branch 'main' into fips-api-changes
ef50dfe
@skmcgrail
FIPS Status Indicator (#216)
955ec83
@skmcgrail
Migrate Ed25519 key generation to EVP_PKEY_keygen (#224)
4c60d2f
@skmcgrail
Merge branch 'main' into fips-api-changes
41d97e7
@skmcgrail
FIPS Usage Documentation (#231)
83549ae
@skmcgrail
Merge branch 'main' into fips-api-changes
4889b50
@skmcgrail
Merge branch 'main' into fips-api-changes
976a029
@skmcgrail
Support for TLS 1.2 PRF (#232)
5b0faa6
@skmcgrail
Documentation cleanup (#243)
52c3772
@skmcgrail skmcgrail marked this pull request as ready for review October 18, 2023 19:50
@skmcgrail skmcgrail requested a review from a team as a code owner October 18, 2023 19:50
justsmth
justsmth previously approved these changes Oct 20, 2023
View reviewed changes
@skmcgrail skmcgrail requested a review from justsmth October 20, 2023 21:18
@skmcgrail skmcgrail merged commit fe5d0de into main Oct 20, 2023
74 of 80 checks passed
hansonchar pushed a commit to hansonchar/aws-lc-rs that referenced this pull request Oct 21, 2023
@skmcgrail
FIPS Feature Improvements (aws#244)
08d07ee 
* Migrate ECDSA to FIPS Approved Functions (aws#188)
* Migrate RSA to FIPS Approved Functions (aws#196)
* Migrate Agreement to FIPS Approved Functions (aws#198)
* FIPS AEAD API Types (aws#207)
* Refactor HKDF for FIPS (aws#217)
* FIPS Status Indicator (aws#216)
* Migrate Ed25519 key generation to EVP_PKEY_keygen (aws#224)
* FIPS Usage Documentation (aws#231)
* Support for TLS 1.2 PRF (aws#232)
* Documentation cleanup (aws#243)
* Cleanup for fips-api-changes branch (aws#248)
@ctz
Copy link
Contributor

ctz commented Nov 15, 2023

  • aws_lc_rs::aead::TlsRecordOpeningKey and aws_lcs_rs::aead::TlsRecordSealingKey have been added to aid systems developers who are creating TLS protocol implementations. These types validate that the provided sequence of nonces are monotonically increasing.

Unless I've missed something, I think TlsRecordOpeningKey doesn't do that[1]? And also, I don't think it should. If the nonce is reused on decryption, that is because either a) the nonce is correct, and was reused by the encrypter (so the security failure already happened, and nothing can save us), or the nonce is incorrect and the decryption won't work anyway.

[1]: ref aws-lc-fips-sys/aws-lc/crypto/fipsmodule/cipher/e_aes.c where EVP_aead_aes_128_gcm_tls13 uses plain aead_aes_gcm_open_gather in the open_gather slot, and doesn't specialise it for nonce checking.

@ctz
Copy link
Contributor

ctz commented Nov 15, 2023

(btw, if the intention is to validate the nonces in TlsRecordOpeningKey methods, they should take &mut self to avoid races from multiple calls.)

@ctz ctz mentioned this pull request Nov 15, 2023
Merged
@skmcgrail
Copy link
Member Author

You are correct that TlsRecordOpeningKey key doesn't enforce this behavior, and that is expected. Which is why we modeled it as not taking a &mut self reference.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@justsmth justsmth justsmth approved these changes

@samuel40791765 samuel40791765 samuel40791765 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@skmcgrail @ctz @samuel40791765 @justsmth