C# AES 算法何时兼容 FIPS？

发布于 2024-07-22 07:39:06 字数 533 浏览 5 评论 0 原文

现在，我获得 RijndaelManaged 在打开 FIPS 本地安全设置的计算机上工作的算法是禁用它。这是一台政府计算机，所以我不确定它会如何运行。我看过 msdn 博客网站表示他们正在开发符合 AES FIPS 的版本，但我似乎无法找到更多信息。有谁知道这什么时候会发生？

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

九八野马 2024-07-29 07:39:06

在这个问题之前我从未意识到这一点，但你是对的。构造函数具有以下内容：

public RijndaelManaged()
{
    if (Utils.FipsAlgorithmPolicy == 1)
    {
        throw new InvalidOperationException(Environment.GetResourceString("Cryptography_NonCompliantFIPSAlgorithm"));
    }
}

System.Security.Cryptography.AesManaged< /a> 有类似的内容：

public AesManaged()
{
    if (CoreCryptoConfig.EnforceFipsAlgorithms)
    {
        throw new InvalidOperationException(SR.GetString("Cryptography_NonCompliantFIPSAlgorithm"));
    }
    this.m_rijndael = new RijndaelManaged();
    this.m_rijndael.BlockSize = this.BlockSize;
    this.m_rijndael.KeySize = this.KeySize;
}

您尝试过 System.Security .Cryptography.AesCryptoServiceProvider？它应该可以工作，因为它使用 Windows 内置的基于 CAPI 的 FIPS AES 实现。

此问题 Microsoft 的 .NET 基类库论坛讨论了哪些算法符合 FIPS 标准并具有良好的链接。

看来 Microsoft 正在持续努力遵守 HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control 的设置 Vista 之前的计算机上的 \Lsa\FIPSAlgorithmPolicy 以及使用 BCryptGetFipsAlgorithmMode 用于后 Vista 的 API。

我认为验证实施是否符合 FIPS 需要付出很大的努力，这就是为什么 Microsoft 可能不想重复该过程，并且只为绝对需要此要求的客户提供 AesCryptoServiceProvider。

这篇 MSDN 博客文章有一条评论，使其更加清晰：

判断是否存在的简单方法
算法是否合规在于
看后缀。没有任何一个
*托管类型经过 FIPS 认证。 *CryptoServiceProvider 和 *Cng
然而，类型很可能是 FIPS
已认证。如果他们实施
FIPS 允许的算法，并且是
使用默认的 Microsoft 提供程序，
那么他们将会是。

例如，SHA256Managed 不是
（因为它是*托管的）。
SHA256CryptoServiceProvider 和
SHA256Cng 是。
MD5CryptoServiceProvider 不是
（因为MD5不是FIPS算法）。

I never realized this before this question, but you're right. The constructor has this:

public RijndaelManaged()
{
    if (Utils.FipsAlgorithmPolicy == 1)
    {
        throw new InvalidOperationException(Environment.GetResourceString("Cryptography_NonCompliantFIPSAlgorithm"));
    }
}

System.Security.Cryptography.AesManaged has something similar:

public AesManaged()
{
    if (CoreCryptoConfig.EnforceFipsAlgorithms)
    {
        throw new InvalidOperationException(SR.GetString("Cryptography_NonCompliantFIPSAlgorithm"));
    }
    this.m_rijndael = new RijndaelManaged();
    this.m_rijndael.BlockSize = this.BlockSize;
    this.m_rijndael.KeySize = this.KeySize;
}

Have you tried System.Security.Cryptography.AesCryptoServiceProvider? It should work since it's using the CAPI based FIPS AES implementation built into Windows.

This question on Microsoft's .NET Base Class Library forum discusses which algorithms are FIPS compliant and has good links.

It appears that Microsoft is making a consistent effort to obey the setting of HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy on pre-Vista machines and use of the BCryptGetFipsAlgorithmMode API for post-Vista.

I assume there is non-trivial effort involved in certifying an implementation as FIPS compliant, that is why Microsoft probably doesn't want to repeat the process and only offers the AesCryptoServiceProvider for customers that absolutely need this requirement.

This MSDN blog post has a comment that makes it clearer:

The easy way to figure out if an
algorithm is compliant or not is to
look at the suffix. None of the
*Managed types are FIPS certified. The *CryptoServiceProvider and *Cng
types however, may well be FIPS
certified. If they implement an
algorithm that FIPS allows, and are
using the default Microsoft providers,
then they will be.

For instance, SHA256Managed is not
(because it is *Managed).
SHA256CryptoServiceProvider and
SHA256Cng are.
MD5CryptoServiceProvider is not
(because MD5 is not a FIPS algorithm).

回复收藏 0 原文

泪眸﹌ 2024-07-29 07:39:06

这个问题比大多数受访者理解的要复杂得多。这就是大多数人的答案不起作用的真正原因（我刚刚花了近 48 小时的马拉松时间试图理解并解决这个问题）：

Windows 下的 C# 基本上有 3 个“支持”AES 的加密提供程序：RijndaelManaged 、AesManaged、AesCryptoServiceProvider。
RijndaelManaged 实现了完整的 Rijnadael 算法（所有选项），因此它是 AES 功能的超集；但是，它并未经过 FIPS 认证（因为它能够执行不符合 FIPS 批准的 AES 规范的操作，例如块大小不是 128 位）。AesManaged
只不过是 RijndaelManaged 上的装饰器/包装器，将其限制为块大小为 128 位，但是，由于 RijndaelManaged 未获得 FIPS 批准，因此 AesManaged 也未获得批准
。然而，在CFB模式下，它只支持8|16|24|32|40|48|56|64位的FeedbackSize（我找不到任何文档说FIPS受到如此限制，所以，AesCryptoServiceProvider如何通过FIPS 认证 - 可能有人与其他人一起打了午夜高尔夫球以使其通过认证）
如果在 Windows 上打开了 FIPS 模式，那么当您尝试实例化时，RijndaelManaged（以及 AesManaged）将抛出异常，说明它们不符合 FIPS 标准他们。
有些东西需要 AES-128 和 128 位反馈大小的 CFB（例如，根据 RFC 的 SNMPv3 AES）。

因此，如果您处于满足以下条件的环境中：

您需要 AES-128 和 CFB-128（例如 SNMPv3）
您需要从 C# 进行加密而不使用非 Microsoft 库
您需要打开 FIPS 模式在操作系统上（例如政府要求）

然后，您唯一的选择（或者至少是我在广泛搜索和大量哀嚎和咬牙切齿之后找到的唯一选择）是使用 RijndaelManaged 并使用“ ; Application.exe.config 中的 " 以关闭该特定应用程序的 FIPS 强制合规性。

什么样的恶梦！我希望这个答案可以帮助下一个不幸遇到这个问题的人。

关键词： Cisco IOS SNMPv3 FIPS AES 128 CFB 128 AesCryptoServiceProvider Rijndael

This problem is much more complex than most of those responding understand. Here is the true reason why most of people's answers just won't work (I just spent a nearly 48-hour marathon session trying to understand and fix this problem):

C# Under Windows has basically 3 encryption providers that "support" AES: RijndaelManaged, AesManaged, AesCryptoServiceProvider.
RijndaelManaged implements the full Rijnadael Algorithm (All Options) and so it is a super-set of AES capabilities; however, it is not certified FIPS compliant (because it is capable of doing things not in the FIPS-approved AES specification, like having block size other than 128 bits)
AesManaged is nothing more than a decorator/wrapper over RijndaelManaged that restrict it to a block-size of 128 bits, but, because RijndaelManaged is not FIPS approved, neither is AesManaged
AesCryptoServiceProvider is a C# wrapper over the C-library on Windows for AES that IS FIPS approved; however, in CFB Mode, it only supports 8|16|24|32|40|48|56|64 bits for the FeedbackSize (I can find no documentation that says that FIPS is restricted thusly, so, it's questionable how AesCryptoServiceProvider passsed the FIPS certification - probably somebody played midnight golf with someone else to have it pushed through the certification)
If FIPS mode is turned on on Windows, then RijndaelManaged (and thereby AesManaged) will throw and exception saying they are not FIPS compliant when you attempt to instantiate them.
Some things require AES-128 with CFB of 128-bits FeedbackSize (e.g. SNMPv3 AES according the the RFC).

So, if you are in an environment where the following is true:

You need AES-128 with CFB-128 (SNMPv3 for example)
You need to do the Crypto from C# without using Non-Microsoft Libs
You need to have FIPS mode turned on on the OS (Gov't requirements for example)

Then, your ONLY option (or at least the only I could find after extensive searching and much wailing and gnashing of teeth) is to use RijndaelManaged AND use the "<configuration> <runtime> <enforceFIPSPolicy enabled="false"/> <runtime> </configuration>" in the Application.exe.config to turn-off FIPS forced compliance for that particular application.

What a nightmare! I hope this answer helps the next unfortunate soul to run into this problem.

Keywords: Cisco IOS SNMPv3 FIPS AES 128 CFB 128 AesCryptoServiceProvider Rijndael

回复收藏 0 原文