Does m2Crypto 0.21 contains fips support? - m2crypto

I do see that there exists a fips test case tests/fips.py which reads /proc/sys/crypto/fips_enabled and this file contains a 0 at the moment.
So, does this mean that there is fips support built into M2Crypto?
If yes, how do I enable fips from my python code?
Any comments please?

You don't. FIPS mode shouldn't be enabled by user applications, but it is always systemwide (for more info see https://access.redhat.com/site/solutions/137833 ... sorry, not sure about correct non-RH page, but I guess FIPS is used mostly by people who have access to R anyway). More or less ... see http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2012.htm#1758 for more.
So, yes, m2crypto contains functions for dealing with FIPS and that support is always on, but it has nothing to do with the state of FIPS in system.

Related

Are FIPS certified algorithms in .net framework backward compatible?

Our software is based on .net framework 4.5. We are making our application FIPS compliant. So we are replacing the older classes with FIPS compliant classes.
MD5CryptoServiceProvider -> SHA1CryptoServiceProvider
RijndaelManaged -> AesCryptoServiceProvider
But we have certain data in our database which are encrypted with older algorithm. How do I retrieve them, as we are now using newer algorithms? Are the newer algorithms backward compatible?
Thanks
we have certain data in our database which are encrypted with older algorithm. How do I retrieve them, as we are now using newer algorithms
Upsize the data. Rather than storing just MD5(data), add an extra column to the table called upsized. If upsized = false, then calculate SHA256(MD5(data)) and store it. Finally, set upsized = true.
There's some small/trivial technical defects in the construction, but it gets you past the C&A requirements of FIPS 140-2 and the SP800-53 audit.

Is there a LINUX command line tool for CRC32C (Castagnoli)

I need to verify data using CRC32C, the Castagnoli variant of CRC32 calculation. I cannot find a self-contained command line utility anywhere that will calculate this to verify the values in question. CRC32? MD5? SHA? Check. CRC32C? You lose.
I need a program. Has to be self contained (no non-standard PERL or Python modules that require installation...standard ones are okay). Probably no Java, as I cannot guarantee a Java installation. Ruby is right out.
Clever "gzip" or "tar" tricks are fine. Needs to run on OS-X, Linux, and maybe Android.
I could indeed write one (the code is in the RFC), but c'mon...that's sort of like
"hmmm, my car uses synthetic oil...time for an oil change, let me go to the local refinery and make a few quarts"
or
"Uncle Bill wants a PB&J sandwich, but has a gluten allergy...let me go get some rice flour and make gluten-free bread".
I found some libraries to calculate CRC32Cs, but no programs. Grumble.
https://developers.google.com/storage/docs/composite-objects?hl=ja
Starting with 4.4, gsutil supports a 'hash' command that can compute hashes like so:
gsutil hash filename
It will output CRC32C and MD5 by default.
gsutil will include a new "hash" command in the next release (gsutil 4.4) - which should be out pretty soon.
So long as you can compile C code, you can find the program you're looking for in this stackoverflow answer. It will also use the Intel crc32 instruction if available.

Signature/Hash Choice for File Integrity Verification

For a file repository, I need to select a hashing algorithm that will reasonably ensure the integrity of files.
I need an algorithm that anyone (with a bit of effort) would be able to easily use to verify the integrity given the hash. In short, the file may be transferred to the user, along with a hash, and they must be able to verify that the hash comes from the file.
My first choice would be MD5 because there seems to be widely available utilities to verify MD5 hashes, but I'm concerned with the MD5 algorithm being cryptographically broken (ref Wikipedia/US-CERT: http://en.wikipedia.org/wiki/MD5)
My second choice would be a SHA-2 algorithm, but I'm concerned about availability of utilities that could easily verify the hash. Most examples I've found show program code to evaluate a hash, but I've found few, if any, utilities that are pre-built (asking users to build their own utility is beyond the 'easily' scope)
What other options are available for generating and evaluating a file hash, or are these two the options that are best?
Provide both/multiple, and let the user decide which they verify against. Or if they are really cautious, they can verify against both/all.
Have seen download sites use this approach. One site recommended the most secure, but offered others like md5 as fallback. It also provided links to tools. Can't remember specific site I'm afraid.
Since you've been able to find a few file-checkers, why not link to them as a recommendation? That way your users have at least one tool they can use. They don't need several dozen different filechecking utilities, they need just one which works for the algo you chose to use.
Tools you could link to:
Windows: http://securityxploded.com/download-hash-verifier.php
Mac OS X: http://www.macupdate.com/app/mac/31781/checksum
sha256sum, a program a part of the coreutils package on linux will generate checksums for the listed files. The format of the checksum output is the same as that of the md5sum program (but using SHA-256 hashing instead of MD5 of course), which has been widely used for years. You didn't list any target platforms but a quick googling shows there are Windows ports of the command line program.
If you need to generate large numbers of checksums you can use md5deep, which includes support for other hashes as well, including SHA-256.
http://md5deep.sourceforge.net/
I haven't tried this but from the screenshots it looks pretty neat integrating into OSX and Windows Explorer: http://implbits.com/HashTab.aspx

Sample code for public key encryption/decryption on Mac?

Where can I find some simple sample code for public key encryption and decryption on Mac OS X? I'm frustrated that Apple's "Certificate, Key, and Trust Services Programming Guide" shows how to do this stuff on iOS, but the needed APIs (SecKeyEncrypt, SecKeyDecrypt) are apparently not available on Mac OS X. There's probably a way to do it in "CryptoSample", but it doesn't look clear or simple, and the sample project is too old to open with the current version of Xcode.
The Security Framework APIs change rather frequently between Mac OS releases. The best approach depends on what version you target:
If your code only needs to run on 10.7 and above, you can use Security Transforms, a new high-level public API for cryptography transformations. The Security Transforms Programming Guide has useful (and simple!) example code:
https://developer.apple.com/library/archive/documentation/Security/Conceptual/SecTransformPG/SecurityTransformsBasics/SecurityTransformsBasics.html
You'll want to create a transform using SecEncryptTransformCreate or SecDecryptTransformCreate, set its input using SecTransformSetAttribute and execute it with SecTransformExecute.
If you need to support Mac OS 10.6 or below, you must use the low-level and rather scary CDSA APIs. CryptoSample's cdsaEncrypt is a concise example.
https://developer.apple.com/library/archive/samplecode/CryptoSample/Listings/libCdsaCrypt_libCdsaCrypt_cpp.html
You can get a CSSM_CSP_HANDLE and a CSSM_KEY from a SecKeyRef by using SecKeyGetCSPHandle and SecKeyGetCSSMKey, respectively.
To learn more about CDSA, the full specification is available from the Open Group (free, but requires registration):
https://www2.opengroup.org/ogsys/jsp/publications/PublicationDetails.jsp?publicationid=11287
Good luck!
If the private key was created exportable, you can export it in an unprotected format and use openssl directly. This puts the raw key data directly in the address space of your application, so it defeats one of the primary purposes of the Keychain. Don't do this.
Finally, you can mess around with private functions. Mac OS 10.6 and 10.7 include, but do not publicly declare, SecKeyEncrypt and SecKeyDecrypt, with the same arguments as on iOS. The quick'n'dirty solution is to simply declare and use them (weakly linked, with the usual caveats). This is probably a bad idea to do in code that you plan to distribute to others.
There's an implementation of decrypting data using the Public-Key at: https://github.com/karstenBriksoft/CSSMPublicKeyDecrypt.
The Security.framework does not have a public API for that kind of functionality, which is why CSSM needs to be use directly even though its marked as deprecated.
To encrypt with the public key, simply use the SecEncryptTransformCreate, but for public-key decryption you need to use the CSSMPublicKeyDecrypt class.
Mac OS X contains OpenSSL in libcrypto. The CommonCrypto framework seems to be derived from SSLeay, the precursor of OpenSSL.

How can I write a program that can detect by itself that it has been changed?

I need to write a small program that can detect that it has been changed. Please give me a suggestion!
Thank you.
The short answer is to create a hash or key of the program and have the program encrypt and store that key within itself. From time to time the program would make a checksum of itself and compare it against that hash/key. If there is a difference then handle it accordingly.
There are lots and lots of ways to go about this. There are lots of very smart engineers out there that know how to work around it if that is what you are trying to avoid.
The simplest way would be to use a hash function to generate a short code which is a digest of the whole program and then check this.
It would be fairly easy to debug the code and replace the hash value to subvert this.
A better way would be to generate a digital signature using your private key and with the public key in the program to check it.
This would then require changing the public key and the hash as well as understanding the program, or changing the program code itself to subvert the check.
All you can do in the case described so far is make it more difficult to subvert but it will be possible with a certain amount of effort. I'd suggest looking into cryptographic techniques and copy protection for more information to suit your specific case.
Do you mean that program 'foo' should be able to tell if some part of it was modified prior to / during run time? That's not the responsibility of the program, its the responsibility of the security hooks in the target OS.
For instance, if the installed and trusted 'foo' has signature "xyz1234" , the kernel should refuse to run a modified (or completely new) 'foo'. The same goes for 'foo' while its currently running in memory. Look up 'Trusted Path Of Execution', aka TPE to start.
A better question to ask would be how to sign your released version of 'foo', which depends upon your target platform.
try searching for "code signing"
The easiest way would be for the program to detect its own md5 and store that in a separate file, but this isn't totally secure. An MD5 + CRC might work slightly better.
Or as others here have suggested, a sha1, sha2 or sha3 which are much more secure than md5 currently.
I'd ask an external tool to do the check. This problem reminds me of the challenge to write a program that prints itself. In Bash you could do something like this:
#!/bin/bash
cat $0
which really asks for an external tool to do the job. It's kind of solving the problem by getting away from solving the problem...
The best option is going to be code signing -- either using a tool supplied by your local friendly OS (For example, If you're targeting Windows, you probably want to take a look at Authenticode where the Operating System handles the tampering), or by rolling your own option storing MD5 hashes and comparing
It is important to remember that bets are off if someone injects a thread into your process (to potentially kill your ongoing checks, etc.), or if they tamper with your compiled application to bypass said checks.
An alternative way which wasn't mentioned is to use a binary packer such as UPX.
If the binary gets changed on the disk then the unpacking code is likely to fail.
This however doesn't protect you if someone changes the binary while it is in memory.

Resources