[SERVER-63186] Add AES-CTR support for Openssl Created: 01/Feb/22  Updated: 09/Feb/22  Resolved: 09/Feb/22

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Mark Benvenuto Assignee: Sergey Galtsev (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by SERVER-63188 Add AES-CTR support for macOS Closed
Sprint: Security 2022-02-07, Security 2022-02-21
Participants:

 Description   

1. Extend aesMode to support CTR in src/mongo/crypto/symmetric_crypto.h

2. Extend the existing SymmetricEncryptorOpenSSL in

src/mongo/crypto/symmetric_crypto_openssl.cpp to support AES-CTR mode 

3. Add test vectors from US NIST SP 800-38A Sections F.5.5. and F.5.6

See https://csrc.nist.gov/publications/detail/sp/800-38a/final

 



 Comments   
Comment by Githook User [ 09/Feb/22 ]

Author:

{'name': 'sergey.galtsev', 'email': 'sergey.galtsev@mongodb.com', 'username': 'brushless-glitch'}

Message: SERVER-63186 Add AES-CTR support for OpenSSL
Branch: master
https://github.com/mongodb/mongo/commit/9357161cfc1098344d94f8e3efd38b90ce67516f

Comment by Githook User [ 09/Feb/22 ]

Author:

{'name': 'sergey.galtsev', 'email': 'sergey.galtsev@mongodb.com', 'username': 'brushless-glitch'}

Message: SERVER-63186 Add AES-CTR support for OpenSSL
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/1a10a59a20693e36bfe4c93f113bbe233613a451

Comment by Sergey Galtsev (Inactive) [ 07/Feb/22 ]

elizabeth.roytburd I will eventually need to check-in code against this ticket. Will need "Mongo Internal" removed, or alternatively I can create a new ticket

Comment by Sergey Galtsev (Inactive) [ 07/Feb/22 ]

CTR test vectors: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf

F.5.5 CTR-AES256.Encrypt
Key 603deb1015ca71be2b73aef0857d7781
1f352c073b6108d72d9810a30914dff4
Init. Counter f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
Block #1
Input Block f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
Output Block 0bdf7df1591716335e9a8b15c860c502
Plaintext 6bc1bee22e409f96e93d7e117393172a
Ciphertext 601ec313775789a5b7a7f504bbf3d228
Block #2
Input Block f0f1f2f3f4f5f6f7f8f9fafbfcfdff00
Output Block 5a6e699d536119065433863c8f657b94
Plaintext ae2d8a571e03ac9c9eb76fac45af8e51
Ciphertext f443e3ca4d62b59aca84e990cacaf5c5
Block #3
Input Block f0f1f2f3f4f5f6f7f8f9fafbfcfdff01
Output Block 1bc12c9c01610d5d0d8bd6a3378eca62
Plaintext 30c81c46a35ce411e5fbc1191a0a52ef
Ciphertext 2b0930daa23de94ce87017ba2d84988d
Block #4
Input Block f0f1f2f3f4f5f6f7f8f9fafbfcfdff02
Output Block 2956e1c8693536b1bee99c73a31576b6
Plaintext f69f2445df4f9b17ad2b417be66c3710
Ciphertext dfc9c58db67aada613c2dd08457941a6
F.5.6 CTR-AES256.Decrypt
Key 603deb1015ca71be2b73aef0857d7781
1f352c073b6108d72d9810a30914dff4
Init. Counter f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
57
 
 
Block #1
Input Block f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
Output Block 0bdf7df1591716335e9a8b15c860c502
Ciphertext 601ec313775789a5b7a7f504bbf3d228
Plaintext 6bc1bee22e409f96e93d7e117393172a
Block #2
Input Block f0f1f2f3f4f5f6f7f8f9fafbfcfdff00
Output Block 5a6e699d536119065433863c8f657b94
Ciphertext f443e3ca4d62b59aca84e990cacaf5c5
Plaintext ae2d8a571e03ac9c9eb76fac45af8e51
Block #3
Input Block f0f1f2f3f4f5f6f7f8f9fafbfcfdff01
Output Block 1bc12c9c01610d5d0d8bd6a3378eca62
Ciphertext 2b0930daa23de94ce87017ba2d84988d
Plaintext 30c81c46a35ce411e5fbc1191a0a52ef
Block #4
Input Block f0f1f2f3f4f5f6f7f8f9fafbfcfdff02
Output Block 2956e1c8693536b1bee99c73a31576b6
Ciphertext dfc9c58db67aada613c2dd08457941a6
Plaintext f69f2445df4f9b17ad2b417be66c3710 

Generated at Thu Feb 08 05:57:06 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.