Sorry for responding late. I am using openssl-1.0.1h. My af_alg engine does support xts.
Following are the findings: 1. The command works fine if I dont make any changes in the openssl.cnf file: root@bodhi64vm:/home/jlulla/install/bin# ./openssl enc -aes-128-xts -in data_32 -out enc_data_32 -K 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef -iv 00000000000000000000000000000000 root@bodhi64vm:/home/jlulla/install/bin# ./openssl enc -aes-128-xts -in enc_data_32 -out dec_data_32 -K 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef -iv 00000000000000000000000000000000 -d root@bodhi64vm:/home/jlulla/install/bin# md5sum *data_32 8fdbeaeafab909e9d9d81e23c06ef4d2 data_32 8fdbeaeafab909e9d9d81e23c06ef4d2 dec_data_32 3e38c0dba1f59c5901a7319524b97b45 enc_data_32 2. A. (without specifying engine in command) If I modify openssl.cnf by adding aes-128-xts in CIPHERS, the command gives me "Error setting cipher AES-128-XTS" root@bodhi64vm:/home/jlulla/install/bin# ./openssl enc -aes-128-xts -in data_32 -out enc_data_32 -K 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef -iv 00000000000000000000000000000000 Error setting cipher AES-128-XTS 2.B. (with engine specified in command) If I modify openssl.cnf by adding aes-128-xts in CIPHERS, the command gives methe same error again: root@bodhi64vm:/home/jlulla/install/bin# ./openssl enc -engine af_alg -aes-128-xts -in data_32 -out enc_data_32 -K 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef -iv 00000000000000000000000000000000 engine "af_alg" set. Error setting cipher AES-128-XTS 3. My af_alg engine does support xts and that only works if I make the changes in evp_enc.c root@bodhi64vm:/home/jlulla/install/bin# ./openssl enc -engine af_alg -aes-128-xts -in data_32 -out enc_data_32_af_alg -K 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef -iv 00000000000000000000000000000000 engine "af_alg" set. root@bodhi64vm:/home/jlulla/install/bin# ./openssl enc -engine af_alg -aes-128-xts -in enc_data_32_af_alg -out dec_data_32_af_alg -K 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef -iv 00000000000000000000000000000000 -d engine "af_alg" set. root@bodhi64vm:/home/jlulla/install/bin# md5sum data_32 dec_data_32 dec_data_32_af_alg 8fdbeaeafab909e9d9d81e23c06ef4d2 data_32 8fdbeaeafab909e9d9d81e23c06ef4d2 dec_data_32 8fdbeaeafab909e9d9d81e23c06ef4d2 dec_data_32_af_alg root@bodhi64vm:/home/jlulla/install/bin# My objective was to try linux kernel's crypto for xts. I know that I could have written custom driver or custom user space applications (by using socket options and af_alg as the socket family) to try kernel's crypto without involving openssl. But I wanted to use openssl and go to the linux kernel's crypto code for doing xts. Based on the discussions on this thread so far, I now know that doing xts with openssl enc command is not advisable. I should try some other app with openssl. Also the changes I am proposing may not be acceptable for similar reasons. Another question I have is: (off topic though..) why the af_alg patch submitted some time ago to openssl was not accepted? http://www.mail-archive.com/openssl-dev%40openssl.org/msg29411.html It seems that it has some performance issues but the linux crypto people still advocate that af_alg should be used for new crypto projects and af_alg engine for openssl should be extended: Here’s a very recent set of slides [may 18 2014] which says that af_alg should be the choice for new projects [2nd last slide/page] for crypto accelerators in linux. http://events.linuxfoundation.org/sites/events/files/slides/lcj-2014-crypto-user.pdf ~Jitendra ________________________________ From: Matt Caswell via RT <[email protected]> To: [email protected] Cc: [email protected] Sent: Friday, July 11, 2014 3:50 AM Subject: [openssl.org #3442] [patch] AES XTS: supporting custom iv from openssl enc command On Wed Jul 09 16:24:04 2014, [email protected] wrote: > Hi, > > openssl enc command with -aes-xxx-xts doesnt work if an IV is specified When you say it "doesn't work", what do you mean? Do you get an error? If so what is it? > as below: > openssl enc -engine af_alg -aes-256-xts -in <plaintext_file> -out > <output_encrypted_file> -K > 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef -iv > 00000000000000000000000000000000 I notice you have installed a custom engine. Does it advertise XTS support? What happens if you do not use the engine? Running this command (without the engine parameter) works for me. Which version of openssl are you running? Note: although I don't think it explains your problem, the key you are using here is too short. XTS is unusual in that it requires double length keys, hence aes-256-xts requires a 512 bit key. > > I am proposing a minor enhancement in EVP_CipherInit_ex() to include > case EVP_CIPH_XTS_MODE which currently is not present. > > Please consider the patch [attached as well as pasted below] > --- /root/jlulla/evp_enc.c 2014-07-04 04:23:48.000000000 -0700 > +++ crypto/evp/evp_enc.c 2014-07-04 03:21:29.000000000 -0700 > @@ -242,6 +242,10 @@ skip_to_init: > if(iv) > memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx)); > break; > + case EVP_CIPH_XTS_MODE: > + if(iv) > + memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx)); > + break; > > default: > return 0; This will not work. This section of code only runs if the flag EVP_CIPH_CUSTOM_IV is not set - which it is for XTS. Matt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
