RE: Hitting seg fault in AES_wrap_key() when Key is 512 bits in length
> From: owner-openssl-us...@openssl.org On Behalf Of Jim Segrave
> Sent: Friday, 06 April, 2012 16:32
> On 04/06/2012 01:46 AM, Dave Thompson wrote:
> >> AES_KEY actx, dctx;
> >>printf("\n keylen = %d; kebits= %d", KEYLEN, KEYBITS);
> >>
> > Get out of the habit of outputting 'partial' lines (not
> > terminated by \n) in C. Sometimes it works and sometimes
> > it doesn't. It appears in this case on your system it didn't.
> > The standard requires complete lines to work
>
> I've looked through my copy of the C99 standard and the C89 standard,
> because I could not believe I'd overlooked such a caveat on printf
Sorry, I tailored this advice to the OP's case without
appropriately distinguishing two things.
It's not printf specifically. A C implementation may require
terminating newline on the last line of a text stream/file
(before close including normal exit), because historically
some operating systems (and filesystems) do require this.
If implementation requires it and program doesn't provide it,
behavior is undefined by omission. A sane implementor will add
a newline, or at worst drop or maybe mangle the unterminated
line, but portable code should avoid relying on it.
Also if stdout is 'determined to refer to an interactive
device' it may be unbuffered or line-buffered, in OP's case
apparently the latter. On a line-buffered stream if UB occurs
after writing a partial line and before writing the newline
that terminates it (or close/exit if permitted), the partial
line is likely to be lost, and in the OP's case this gave
a misleading impression of where the fault was. (In general
UB can be arbitrarily bad, but I say loss of buffered output
is what commonly occurs here.) And if the implementation's
determination of interactivity is mistaken, as can happen,
stdout is fully-buffered and likely to lose more.
> To the best of my knowledge there can be a restriction on the
> number of characters output in a single call to printf
You're probably thinking of the allowed limit on the characters
produced by a single *conversion* (C89 509, C99 4095). AFAIK
there's no limit on the output from a printf *call*, beyond the
all-purpose escape-hatch in 1 about "the size or complexity of a
program and its data that will exceed the capacity of any specific
data-processing system or the capacity of a particular processor".
Other related limits:
There can be a limit as low as C89 509 C99 4095 on characters
in a string *literal*; *printf format string often is a literal
but doesn't have to be, and other arguments sometimes are.
There can be a limit as low as C89 32767 C99 65535 bytes in
an object, and therefore that limit minus 1 characters in any
(singlebyte) string anywhere in the program, including *printf.
And of course if the stream goes to a disk file there must be
some limit on how much you can write to it by any sequence of
calls that doesn't position backwards (and possibly truncate).
Even for nondisk files there is sometimes a write limit. E.g.
TCP wraps and is theoretically infinite as long as the receiver
doesn't fall behind more than half the sequence space, but not
SSL/TLS: when it runs out of sequence numbers it must at least
renegotiate, and if it can't or doesn't it must disconnect.
Those issues aren't specific to C, of course.
> Building an output line in pieces with separate
> calls to printf to construct the pieces is a common programming
> practice. It can lead to cleaner and clearer code
If you ensure no UB (or other bug) in between, I agree.
So when I do this, I usually write smallish clumps of code
which collectively do complete lines, but I don't leave a
partial line 'too long' without at least trying fflush().
Like many other things, it ends up a judgement call.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: Hitting seg fault in AES_wrap_key() when Key is 512 bits in length
On 4/5/2012 7:46 PM, Dave Thompson wrote: Get out of the habit of outputting 'partial' lines (not terminated by \n) in C. Sometimes it works and sometimes it doesn't. It appears in this case on your system it didn't. The standard requires complete lines to work (up to possibly a reasonable documented length limit) and if they don't (and you didn't screw up something else) you can complain to your implementor; incomplete lines are formally undefined behavior which means the implementation can do anything it likes and needn't even document it, although in practice implementors try to do something reasonably sane if possible. I've never heard of this. Depending on whether stdout is fully buffered, line buffered, or unbuffered, the output may not appear right away unless you fflush. But I don't think the implementation can do anything it likes. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Hitting seg fault in AES_wrap_key() when Key is 512 bits in length
On 04/06/2012 01:46 AM, Dave Thompson wrote:
>> AES_KEY actx, dctx;
>>printf("\n keylen = %d; kebits= %d", KEYLEN, KEYBITS);
>>
> Get out of the habit of outputting 'partial' lines (not
> terminated by \n) in C. Sometimes it works and sometimes
> it doesn't. It appears in this case on your system it didn't.
> The standard requires complete lines to work (up to possibly
> a reasonable documented length limit) and if they don't (and
> you didn't screw up something else) you can complain to your
> implementor; incomplete lines are formally undefined behavior
> which means the implementation can do anything it likes and
> needn't even document it, although in practice implementors
> try to do something reasonably sane if possible.
I've looked through my copy of the C99 standard and the C89 standard,
because I could not believe I'd overlooked such a caveat on printf. Can
you provide any links to any document which suggests that the behaviour
of printf for output sequences not terminated with a newline leads to
undefined behaviour? To the best of my knowledge there can be a
restriction on the number of characters output in a single call to
printf, but nowhere can I find any suggestion that a newline is required
or even recommended. Building an output line in pieces with separate
calls to printf to construct the pieces is a common programming
practice. It can lead to cleaner and clearer code - you output things as
soon as they are ready and at the point where you know the output type
and the format appropriate to that particular datum, rather than saving
the various pieces which will make up a line of output, their types and
formatting details until you have a complete output line.
It's my belief that any C standard library which doesn't handle partial
lines of output is so severely broken as to make any use of that library
a risky proposition.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: Hitting seg fault in AES_wrap_key() when Key is 512 bits in length
Dave,
I had a suggestion for AES_unwrap() function. As of now, if IV doesn't
match it return 0. It would be good to change this to some other error
value which can be eye catchy. Normally the fist thing which comes to mind
when we see return 0 is things are fine... my 2cents
On Fri, Apr 6, 2012 at 1:41 PM, Prashanth kumar N <
prashanth.kuma...@gmail.com> wrote:
> Thanks Dave for your great support... you rock... after changing KEYBITS,
> it worked... my ignorance that i mistook it for Key and set it to 512...
> Please find my response below...
>
> Firstly Jeff,
>
> 256 is valid KEK and max one. Key can be of 'n' blocks each block being 64
> bits in size and 'n' should ne min of 2 blocks
>
>
>
> On Fri, Apr 6, 2012 at 5:16 AM, Dave Thompson wrote:
>
>> > From: owner-openssl-us...@openssl.org On Behalf Of pkumarn
>> > Sent: Wednesday, 04 April, 2012 05:41
>>
>> > I need to wrap 512bit key with 256 bit KEK key. When i do
>> > this, i am hitting
>> > seg fault in AES_wrap_key(). When i do gdb, it points to
>> > memcpy().
>>
>> > #define KEY512 0
>> >
>> > #if KEY512
>> > #define KEYLEN 64
>> > #define KEYBITS 512
>> > #else
>> > #define KEYLEN 32
>> > #define KEYBITS 256
>> > #endif
>>
>> > #if (!KEY512)
>> > static const unsigned char kek[] = {
>> > 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
>> > 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
>> > 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
>> > 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
>> > };
>> > #else
>> > static const unsigned char kek[] = {
>> > 0xbc, 0x54, 0xd8, 0xa0, 0x6e, 0xab, 0x3b,
>> > 0x4c, 0x06, 0xf5, 0xbe, 0x01, 0xc5, 0x77,
>> > 0x28, 0x3d, 0x92, 0xda, 0xfb, 0xe8, 0x3f,
>> > 0xe0, 0x59, 0x57, 0xff, 0xbe, 0xfa, 0x5b,
>> > 0xe0, 0xd4, 0xfb, 0xb7
>> > };
>> > #endif
>>
>> > #if (!KEY512)
>> > static const unsigned char key[] =
>> > #else
>> > static const unsigned char key[] =
>> > #endif
>> >
>> Suggestion: for hardcoded data like this which is supposed
>> to be an exact size, it's usually best to verify it is
>> the correct size before using it, because it's easy for
>> humans to mis-count and/or mistakenly change it.
>> In real use of course your key data should not be hardcoded
>> (because then it provides no actual security benefit) so
>> this issue doesn't arise; instead you should allocate
>> the correct size (by declaration or malloc/etc) and get
>> correct size data by some other means (e.g. RAND_bytes).
>> I will add this checks in my code...
>>
>> >
>> > int ret, i;
>> > unsigned char *otmp, *dtmp;
>> >
>> > AES_KEY actx, dctx;
>> >printf("\n keylen = %d; kebits= %d", KEYLEN, KEYBITS);
>> >
>> Get out of the habit of outputting 'partial' lines (not
>> terminated by \n) in C. Sometimes it works and sometimes
>> it doesn't. It appears in this case on your system it didn't.
>> The standard requires complete lines to work (up to possibly
>> a reasonable documented length limit) and if they don't (and
>> you didn't screw up something else) you can complain to your
>> implementor; incomplete lines are formally undefined behavior
>> which means the implementation can do anything it likes and
>> needn't even document it, although in practice implementors
>> try to do something reasonably sane if possible.
>>
> Above printf() is just for my reference ( i knew it was wrong). I had
> added them as a checkpoint.
>
>>
>> > if (AES_set_encrypt_key(kek, KEYBITS, &actx))
>> > printf("\n Error seeting AES key ");
>> >
>> This is the actual error. The KEK is an AES key and can't
>> ever be 512 bits. Your declarations above actually define
>> kek as 32 bytes = 256 bits for either setting of KEY512,
>> which is valid, so use 256 as kek length. Alternatively
>> choose a KEK which is another valid AES size and use that size.
>> Got that. i added another macro and it worked...
>>
>
>
>> > otmp = (unsigned char *) malloc(sizeof(char) * (KEYLEN+8));
>> > dtmp = (unsigned char *) malloc(sizeof(char) * KEYLEN);
>> >
>> Don't cast malloc in C, and in real code check for failure.
>> Or for a small known size like this don't malloc at all.
>> Yes i need to add checks. Many of them advice me to cast malloc. What
>> would go wrong if i followed the above approach?
>>
>
>
>> > ret = AES_wrap_key(&actx, default_iv, otmp, key, KEYLEN);
>> >
>> Because AES_set_encrypt_key failed (but you ignored the failure)
>> this screws up; it does so differently on different systems,
>> and the only system I have where it segfaults (Windows) I can't
>> currently debug for 1.0.0. In any case it doesn't work as desired.
>> In my earlier code, ret was 72 which was right as i was wrapping 64 bytes
>> + 8 bytes of IV. Is my understanding right?
>>
>
>
>> > printf("\n AES wrap ; ret = %d", ret);
>> >
>> > if (ret < 0)
>> > printf("\n AES wrap key failed");
>> >
>> > printf("\n Wrapped
Re: Hitting seg fault in AES_wrap_key() when Key is 512 bits in length
Thanks Dave for your great support... you rock... after changing KEYBITS,
it worked... my ignorance that i mistook it for Key and set it to 512...
Please find my response below...
Firstly Jeff,
256 is valid KEK and max one. Key can be of 'n' blocks each block being 64
bits in size and 'n' should ne min of 2 blocks
On Fri, Apr 6, 2012 at 5:16 AM, Dave Thompson wrote:
> > From: owner-openssl-us...@openssl.org On Behalf Of pkumarn
> > Sent: Wednesday, 04 April, 2012 05:41
>
> > I need to wrap 512bit key with 256 bit KEK key. When i do
> > this, i am hitting
> > seg fault in AES_wrap_key(). When i do gdb, it points to
> > memcpy().
>
> > #define KEY512 0
> >
> > #if KEY512
> > #define KEYLEN 64
> > #define KEYBITS 512
> > #else
> > #define KEYLEN 32
> > #define KEYBITS 256
> > #endif
>
> > #if (!KEY512)
> > static const unsigned char kek[] = {
> > 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
> > 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
> > 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
> > 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
> > };
> > #else
> > static const unsigned char kek[] = {
> > 0xbc, 0x54, 0xd8, 0xa0, 0x6e, 0xab, 0x3b,
> > 0x4c, 0x06, 0xf5, 0xbe, 0x01, 0xc5, 0x77,
> > 0x28, 0x3d, 0x92, 0xda, 0xfb, 0xe8, 0x3f,
> > 0xe0, 0x59, 0x57, 0xff, 0xbe, 0xfa, 0x5b,
> > 0xe0, 0xd4, 0xfb, 0xb7
> > };
> > #endif
>
> > #if (!KEY512)
> > static const unsigned char key[] =
> > #else
> > static const unsigned char key[] =
> > #endif
> >
> Suggestion: for hardcoded data like this which is supposed
> to be an exact size, it's usually best to verify it is
> the correct size before using it, because it's easy for
> humans to mis-count and/or mistakenly change it.
> In real use of course your key data should not be hardcoded
> (because then it provides no actual security benefit) so
> this issue doesn't arise; instead you should allocate
> the correct size (by declaration or malloc/etc) and get
> correct size data by some other means (e.g. RAND_bytes).
> I will add this checks in my code...
> >
> > int ret, i;
> > unsigned char *otmp, *dtmp;
> >
> > AES_KEY actx, dctx;
> >printf("\n keylen = %d; kebits= %d", KEYLEN, KEYBITS);
> >
> Get out of the habit of outputting 'partial' lines (not
> terminated by \n) in C. Sometimes it works and sometimes
> it doesn't. It appears in this case on your system it didn't.
> The standard requires complete lines to work (up to possibly
> a reasonable documented length limit) and if they don't (and
> you didn't screw up something else) you can complain to your
> implementor; incomplete lines are formally undefined behavior
> which means the implementation can do anything it likes and
> needn't even document it, although in practice implementors
> try to do something reasonably sane if possible.
>
Above printf() is just for my reference ( i knew it was wrong). I had added
them as a checkpoint.
>
> > if (AES_set_encrypt_key(kek, KEYBITS, &actx))
> > printf("\n Error seeting AES key ");
> >
> This is the actual error. The KEK is an AES key and can't
> ever be 512 bits. Your declarations above actually define
> kek as 32 bytes = 256 bits for either setting of KEY512,
> which is valid, so use 256 as kek length. Alternatively
> choose a KEK which is another valid AES size and use that size.
> Got that. i added another macro and it worked...
>
> > otmp = (unsigned char *) malloc(sizeof(char) * (KEYLEN+8));
> > dtmp = (unsigned char *) malloc(sizeof(char) * KEYLEN);
> >
> Don't cast malloc in C, and in real code check for failure.
> Or for a small known size like this don't malloc at all.
> Yes i need to add checks. Many of them advice me to cast malloc. What
> would go wrong if i followed the above approach?
>
> > ret = AES_wrap_key(&actx, default_iv, otmp, key, KEYLEN);
> >
> Because AES_set_encrypt_key failed (but you ignored the failure)
> this screws up; it does so differently on different systems,
> and the only system I have where it segfaults (Windows) I can't
> currently debug for 1.0.0. In any case it doesn't work as desired.
> In my earlier code, ret was 72 which was right as i was wrapping 64 bytes
> + 8 bytes of IV. Is my understanding right?
>
> > printf("\n AES wrap ; ret = %d", ret);
> >
> > if (ret < 0)
> > printf("\n AES wrap key failed");
> >
> > printf("\n Wrapped key : ");
> >
> > for (i = 0; i< (KEYLEN + 8); i++)
> > printf(" %02x", otmp[i]);
> >
> >
> > if (AES_set_decrypt_key(kek, KEYBITS, &dctx))
> > printf("\n Error setting decrypt key ");
> >
> Same here.
>
> > ret = AES_unwrap_key(&dctx, default_iv, dtmp, otmp, ret);
> >
> > printf("\n AES unwrap ; ret = %d", ret);
> >
> > if (ret == 0)
> > printf("\n AES unwrapping failed ");
> >
> > printf("\n Original key : ");
> > for (i = 0; i < KEYLEN ; i++)
> >
RE: Hitting seg fault in AES_wrap_key() when Key is 512 bits in length
> From: owner-openssl-us...@openssl.org On Behalf Of pkumarn
> Sent: Wednesday, 04 April, 2012 05:41
> I need to wrap 512bit key with 256 bit KEK key. When i do
> this, i am hitting
> seg fault in AES_wrap_key(). When i do gdb, it points to
> memcpy().
> #define KEY512 0
>
> #if KEY512
> #define KEYLEN 64
> #define KEYBITS 512
> #else
> #define KEYLEN 32
> #define KEYBITS 256
> #endif
> #if (!KEY512)
> static const unsigned char kek[] = {
> 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
> 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
> 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
> 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
> };
> #else
> static const unsigned char kek[] = {
> 0xbc, 0x54, 0xd8, 0xa0, 0x6e, 0xab, 0x3b,
> 0x4c, 0x06, 0xf5, 0xbe, 0x01, 0xc5, 0x77,
> 0x28, 0x3d, 0x92, 0xda, 0xfb, 0xe8, 0x3f,
> 0xe0, 0x59, 0x57, 0xff, 0xbe, 0xfa, 0x5b,
> 0xe0, 0xd4, 0xfb, 0xb7
> };
> #endif
> #if (!KEY512)
> static const unsigned char key[] =
> #else
> static const unsigned char key[] =
> #endif
>
Suggestion: for hardcoded data like this which is supposed
to be an exact size, it's usually best to verify it is
the correct size before using it, because it's easy for
humans to mis-count and/or mistakenly change it.
In real use of course your key data should not be hardcoded
(because then it provides no actual security benefit) so
this issue doesn't arise; instead you should allocate
the correct size (by declaration or malloc/etc) and get
correct size data by some other means (e.g. RAND_bytes).
>
> int ret, i;
> unsigned char *otmp, *dtmp;
>
> AES_KEY actx, dctx;
>printf("\n keylen = %d; kebits= %d", KEYLEN, KEYBITS);
>
Get out of the habit of outputting 'partial' lines (not
terminated by \n) in C. Sometimes it works and sometimes
it doesn't. It appears in this case on your system it didn't.
The standard requires complete lines to work (up to possibly
a reasonable documented length limit) and if they don't (and
you didn't screw up something else) you can complain to your
implementor; incomplete lines are formally undefined behavior
which means the implementation can do anything it likes and
needn't even document it, although in practice implementors
try to do something reasonably sane if possible.
> if (AES_set_encrypt_key(kek, KEYBITS, &actx))
> printf("\n Error seeting AES key ");
>
This is the actual error. The KEK is an AES key and can't
ever be 512 bits. Your declarations above actually define
kek as 32 bytes = 256 bits for either setting of KEY512,
which is valid, so use 256 as kek length. Alternatively
choose a KEK which is another valid AES size and use that size.
> otmp = (unsigned char *) malloc(sizeof(char) * (KEYLEN+8));
> dtmp = (unsigned char *) malloc(sizeof(char) * KEYLEN);
>
Don't cast malloc in C, and in real code check for failure.
Or for a small known size like this don't malloc at all.
> ret = AES_wrap_key(&actx, default_iv, otmp, key, KEYLEN);
>
Because AES_set_encrypt_key failed (but you ignored the failure)
this screws up; it does so differently on different systems,
and the only system I have where it segfaults (Windows) I can't
currently debug for 1.0.0. In any case it doesn't work as desired.
> printf("\n AES wrap ; ret = %d", ret);
>
> if (ret < 0)
> printf("\n AES wrap key failed");
>
> printf("\n Wrapped key : ");
>
> for (i = 0; i< (KEYLEN + 8); i++)
> printf(" %02x", otmp[i]);
>
>
> if (AES_set_decrypt_key(kek, KEYBITS, &dctx))
> printf("\n Error setting decrypt key ");
>
Same here.
> ret = AES_unwrap_key(&dctx, default_iv, dtmp, otmp, ret);
>
> printf("\n AES unwrap ; ret = %d", ret);
>
> if (ret == 0)
> printf("\n AES unwrapping failed ");
>
> printf("\n Original key : ");
> for (i = 0; i < KEYLEN ; i++)
> printf(" %02x", dtmp[i]);
>
> printf("\n");
>free(otmp);
>free(dtmp);
>
> }
>
With set_{en,de}crypt_key fixed it works for me.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: Hitting seg fault in AES_wrap_key() when Key is 512 bits in length
On Thu, Apr 05, 2012, pkumarn wrote:
>
> Can anyone please help me on this? This is really blocking me to proceed
> further
>
> >
> > #define KEY512 0
> >
> > #if KEY512
> > #define KEYLEN 64
> > #define KEYBITS 512
> > #else
> > #define KEYLEN 32
> > #define KEYBITS 256
> > #endif
> >
> > if (AES_set_encrypt_key(kek, KEYBITS, &actx))
> > printf("\n Error seeting AES key ");
> >
Your problem is with the above line. KEYBITS is 512 which is invalid for an
AES key. You need the key bits of the kek, not the key being wrapped.
Looks like some of the assembly language optimised routines don't sanity check
the key length and return an error if it is invalid.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: Hitting seg fault in AES_wrap_key() when Key is 512 bits in length
On 4/5/2012 8:54 PM, Jeffrey Walton wrote: On Wed, Apr 4, 2012 at 5:41 AM, pkumarn wrote: Hi, I had earlier posted query on AES_Keywrap() usage and had good response on the same and got lot of things clarified. Now i am successful in using AES_wrap_key() API but i am running into a new problem. I need to wrap 512bit key with 256 bit KEK key. When i do this, i am hitting seg fault in AES_wrap_key(). When i do gdb, it points to memcpy(). From the code i didn't see any limitation of not using 512 bit key. Am i missing something? Below is my sample code which works successfully for 256 bit Key. Below code can be enabled for 512 bit with the macro KEY512. Forgive my ignorance (I did not refer to the RFC), but is a 256 KEK/512 CEK a valid combination? Perhaps you can "stretch" the 256 key with two iterations of SHA-256. It won't affect your choice of security levels, and will match KEK/CEK key sizes. While current cryptanalytic attacks cannot penetrate such stretching, this might not be true of future (or current unpublished) attacks. While I am not that familiar with the API in question, in general a key wrapping method should be able to securely transport keys of a different size than the KEK, the classic (but not only) example being to transport an RSA private key with a same security level AES key. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Hitting seg fault in AES_wrap_key() when Key is 512 bits in length
On Wed, Apr 4, 2012 at 5:41 AM, pkumarn wrote: > > Hi, > > I had earlier posted query on AES_Keywrap() usage and had good response on > the same and got lot of things clarified. Now i am successful in using > AES_wrap_key() API but i am running into a new problem. > I need to wrap 512bit key with 256 bit KEK key. When i do this, i am hitting > seg fault in AES_wrap_key(). When i do gdb, it points to memcpy(). From the > code i didn't see any limitation of not using 512 bit key. Am i missing > something? Below is my sample code which works successfully for 256 bit Key. > Below code can be enabled for 512 bit with the macro KEY512. Forgive my ignorance (I did not refer to the RFC), but is a 256 KEK/512 CEK a valid combination? Perhaps you can "stretch" the 256 key with two iterations of SHA-256. It won't affect your choice of security levels, and will match KEK/CEK key sizes. Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Hitting seg fault in AES_wrap_key() when Key is 512 bits in length
Can anyone please help me on this? This is really blocking me to proceed
further
-Prashanth
pkumarn wrote:
>
> Hi,
>
> I had earlier posted query on AES_Keywrap() usage and had good response on
> the same and got lot of things clarified. Now i am successful in using
> AES_wrap_key() API but i am running into a new problem.
> I need to wrap 512bit key with 256 bit KEK key. When i do this, i am
> hitting seg fault in AES_wrap_key(). When i do gdb, it points to memcpy().
> From the code i didn't see any limitation of not using 512 bit key. Am i
> missing something? Below is my sample code which works successfully for
> 256 bit Key. Below code can be enabled for 512 bit with the macro KEY512.
>
>
> #include
>
> #include
> #include
>
> //#define KEYBITS 128
> //#define KEYLEN16
>
> #define KEY512 0
>
> #if KEY512
> #define KEYLEN 64
> #define KEYBITS 512
> #else
> #define KEYLEN 32
> #define KEYBITS 256
> #endif
>
> static const unsigned char default_iv[] = {
> 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6,
> };
>
>
> static const unsigned char invalid_iv[] = {
> 0x16, 0xA6, 0xA6, 0xA6, 0xA6, 0x16, 0xA6, 0xA6,
> };
> void main()
> {
> #if (!KEY512)
> static const unsigned char kek[] = {
> 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
> 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
> 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
> 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
> };
> #else
> static const unsigned char kek[] = {
> 0xbc, 0x54, 0xd8, 0xa0, 0x6e, 0xab, 0x3b,
> 0x4c, 0x06, 0xf5, 0xbe, 0x01, 0xc5, 0x77,
> 0x28, 0x3d, 0x92, 0xda, 0xfb, 0xe8, 0x3f,
> 0xe0, 0x59, 0x57, 0xff, 0xbe, 0xfa, 0x5b,
> 0xe0, 0xd4, 0xfb, 0xb7
> };
> #endif
>
>
> /* static const unsigned char key[] = {
> 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
> 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
> 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
> 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
> };
> */
> #if (!KEY512)
> static const unsigned char key[] = {
> 0x46, 0xab, 0x1b, 0xdc, 0x89, 0x38, 0x57, 0x23,
> 0x47, 0x49, 0xfc, 0xc4, 0x6e, 0x26, 0xf0, 0xae,
> 0xbd, 0x4b, 0x0b, 0xcf, 0x51, 0x96, 0x21, 0x2c,
> 0xd4, 0xd0, 0x82, 0x71, 0xa3, 0x8c, 0xcb, 0x3c
> };
> #else
> static const unsigned char key[] = {
> 0xf5, 0x96, 0x87, 0x3e, 0x53, 0x6d, 0x61,
> 0xf5, 0x55, 0x53, 0xca, 0x0c, 0xd8, 0xcd,
> 0x1d, 0x40, 0xcb, 0x66, 0x58, 0xf7, 0x8f,
> 0xae, 0xbf, 0x9b, 0x78, 0x4d, 0xd1, 0x0f,
> 0x19, 0xc2, 0x89, 0x5a, 0x47, 0xd9, 0x3c,
> 0x7e, 0x26, 0x18, 0x2d, 0xd0, 0xce, 0xcb,
> 0x3a, 0x58, 0x55, 0x59, 0x4e, 0x5b, 0x2a,
> 0xd3, 0x9a, 0x86, 0x9d, 0x6c, 0x5d, 0x70,
> 0x21, 0xa7, 0x87, 0xcb, 0xdd, 0xf5, 0xe3,
> 0xf5
> };
> #endif
>
>
> int ret, i;
> unsigned char *otmp, *dtmp;
>
> AES_KEY actx, dctx;
>printf("\n keylen = %d; kebits= %d", KEYLEN, KEYBITS);
>
> if (AES_set_encrypt_key(kek, KEYBITS, &actx))
> printf("\n Error seeting AES key ");
>
> otmp = (unsigned char *) malloc(sizeof(char) * (KEYLEN+8));
> dtmp = (unsigned char *) malloc(sizeof(char) * KEYLEN);
>
> ret = AES_wrap_key(&actx, default_iv, otmp, key, KEYLEN);
>
> printf("\n AES wrap ; ret = %d", ret);
>
> if (ret < 0)
> printf("\n AES wrap key failed");
>
> printf("\n Wrapped key : ");
>
> for (i = 0; i< (KEYLEN + 8); i++)
> printf(" %02x", otmp[i]);
>
>
> if (AES_set_decrypt_key(kek, KEYBITS, &dctx))
> printf("\n Error setting decrypt key ");
>
> ret = AES_unwrap_key(&dctx, default_iv, dtmp, otmp, ret);
>
> printf("\n AES unwrap ; ret = %d", ret);
>
> if (ret == 0)
> printf("\n AES unwrapping failed ");
>
> printf("\n Original key : ");
> for (i = 0; i < KEYLEN ; i++)
> printf(" %02x", dtmp[i]);
>
> printf("\n");
>free(otmp);
>free(dtmp);
>
> }
>
> Output result when 256 bit key is used
>
> keylen = 32; kebits= 256
> AES wrap ; ret = 40
> Wrapped key : 0a f2 44 0b 98 e9 7d 65 3d 90 ea aa 4d fd 10 37 24 17 66
> 82 cb 60 b2 c6 56 cc 83 d9 ad 6b 32 a8 5d aa d1 b7 10 54 1b ea
> AES unwrap ; ret = 32
> Original key : 46 ab 1b dc 89 38 57 23 47 49 fc c4 6e 26 f0 ae bd 4b 0b
> cf 51 96 21 2c d4 d0 82 71 a3 8c cb 3c
>
>
> Ouput when 512 bit is key - Here i hit seg fault
>
> keylen = 64; kebits= 512
> Segmentation fault
>
>
> any help is highly appreciated...
>
>
>
--
View this message in context:
http://old.nabble.com/Hitting-seg-fault-in-AES_wrap_key%28%29-when-Key-is-512-bits-in-length-tp33552263p33576992.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support M
