#include <openssl/err.h>
#include <openssl/fips.h>
#include <openssl/cmac.h>
+#include "fips_locl.h"
#ifdef OPENSSL_FIPS
typedef struct {
const EVP_CIPHER *(*alg)(void);
- const unsigned char key[EVP_MAX_KEY_LENGTH]; int keysize;
- const unsigned char msg[64]; int msgsize;
- const unsigned char mac[32]; int macsize;
+ const unsigned char key[EVP_MAX_KEY_LENGTH]; size_t keysize;
+ const unsigned char msg[64]; size_t msgsize;
+ const unsigned char mac[32]; size_t macsize;
} CMAC_KAT;
/* from http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf */
static const CMAC_KAT vector[] = {
- { EVP_aes_128_cbc, /* Example 3: Mlen = 320 */
- { 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
- 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c }, 128,
- { 0x6b,0xc1,0xbe,0xe2, 0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11, 0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57, 0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac, 0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46, 0xa3,0x5c,0xe4,0x11 }, 320,
- { 0xdf,0xa6,0x67,0x47, 0xde,0x9a,0xe6,0x30,
- 0x30,0xca,0x32,0x61, 0x14,0x97,0xc8,0x27 }, 128
+ { EVP_aes_128_cbc, /* Count = 32 from CMACGenAES128.txt */
+ { 0x77,0xa7,0x7f,0xaf, 0x29,0x0c,0x1f,0xa3,
+ 0x0c,0x68,0x3d,0xf1, 0x6b,0xa7,0xa7,0x7b, }, 128,
+ { 0x02,0x06,0x83,0xe1, 0xf0,0x39,0x2f,0x4c,
+ 0xac,0x54,0x31,0x8b, 0x60,0x29,0x25,0x9e,
+ 0x9c,0x55,0x3d,0xbc, 0x4b,0x6a,0xd9,0x98,
+ 0xe6,0x4d,0x58,0xe4, 0xe7,0xdc,0x2e,0x13, }, 256,
+ { 0xfb,0xfe,0xa4,0x1b, }, 32
},
- { EVP_aes_192_cbc, /* Example 5: Mlen = 0 */
- { 0x8e,0x73,0xb0,0xf7, 0xda,0x0e,0x64,0x52,
- 0xc8,0x10,0xf3,0x2b, 0x80,0x90,0x79,0xe5,
- 0x62,0xf8,0xea,0xd2, 0x52,0x2c,0x6b,0x7b, }, 192,
+ { EVP_aes_192_cbc, /* Count = 23 from CMACGenAES192.txt */
+ { 0x7b,0x32,0x39,0x13, 0x69,0xaa,0x4c,0xa9,
+ 0x75,0x58,0x09,0x5b, 0xe3,0xc3,0xec,0x86,
+ 0x2b,0xd0,0x57,0xce, 0xf1,0xe3,0x2d,0x62, }, 192,
{ 0x0 }, 0,
- { 0xd1,0x7d,0xdf,0x46, 0xad,0xaa,0xcd,0xe5,
- 0x31,0xca,0xc4,0x83, 0xde,0x7a,0x93,0x67, }, 128
+ { 0xe4,0xd9,0x34,0x0b, 0x03,0xe6,0x7d,0xef,
+ 0xd4,0x96,0x9c,0xc1, 0xed,0x37,0x35,0xe6, }, 128,
},
- { EVP_aes_256_cbc, /* Example 12: Mlen = 512 */
- { 0x60,0x3d,0xeb,0x10, 0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0, 0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07, 0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3, 0x09,0x14,0xdf,0xf4, }, 256,
- { 0x6b,0xc1,0xbe,0xe2, 0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11, 0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57, 0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac, 0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46, 0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19, 0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45, 0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b, 0xe6,0x6c,0x37,0x10, }, 512,
- { 0xe1,0x99,0x21,0x90, 0x54,0x9f,0x6e,0xd5,
- 0x69,0x6a,0x2c,0x05, 0x6c,0x31,0x54,0x10, }, 128,
+ { EVP_aes_256_cbc, /* Count = 33 from CMACGenAES256.txt */
+ { 0x0b,0x12,0x2a,0xc8, 0xf3,0x4e,0xd1,0xfe,
+ 0x08,0x2a,0x36,0x25, 0xd1,0x57,0x56,0x14,
+ 0x54,0x16,0x7a,0xc1, 0x45,0xa1,0x0b,0xbf,
+ 0x77,0xc6,0xa7,0x05, 0x96,0xd5,0x74,0xf1, }, 256,
+ { 0x49,0x8b,0x53,0xfd, 0xec,0x87,0xed,0xcb,
+ 0xf0,0x70,0x97,0xdc, 0xcd,0xe9,0x3a,0x08,
+ 0x4b,0xad,0x75,0x01, 0xa2,0x24,0xe3,0x88,
+ 0xdf,0x34,0x9c,0xe1, 0x89,0x59,0xfe,0x84,
+ 0x85,0xf8,0xad,0x15, 0x37,0xf0,0xd8,0x96,
+ 0xea,0x73,0xbe,0xdc, 0x72,0x14,0x71,0x3f, }, 384,
+ { 0xf6,0x2c,0x46,0x32, 0x9b, }, 40,
},
-# if 0
- /* Removed because the actual result was:
- 0x74,0x3d,0xdb,0xe0, 0xce,0x2d,0xc2,0xed
- I suspect an error on my part -- Richard Levitte
- */
- { EVP_des_ede3_cbc, /* Example 15: Mlen = 160 */
- { 0x8a,0xa8,0x3b,0xf8, 0xcb,0xda,0x10,0x62,
- 0x0b,0xc1,0xbf,0x19, 0xfb,0xb6,0xcd,0x58,
- 0xbc,0x31,0x3d,0x4a, 0x37,0x1c,0xa8,0xb5, }, 192,
- { 0x6b,0xc1,0xbe,0xe2, 0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11, 0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57, }, 160,
- { 0xd3,0x2b,0xce,0xbe, 0x43,0xd2,0x3d,0x80, }, 64,
+ { EVP_des_ede3_cbc, /* Count = 41 from CMACGenTDES3.req */
+ { 0x89,0xbc,0xd9,0x52, 0xa8,0xc8,0xab,0x37,
+ 0x1a,0xf4,0x8a,0xc7, 0xd0,0x70,0x85,0xd5,
+ 0xef,0xf7,0x02,0xe6, 0xd6,0x2c,0xdc,0x23, }, 192,
+ { 0xfa,0x62,0x0c,0x1b, 0xbe,0x97,0x31,0x9e,
+ 0x9a,0x0c,0xf0,0x49, 0x21,0x21,0xf7,0xa2,
+ 0x0e,0xb0,0x8a,0x6a, 0x70,0x9d,0xcb,0xd0,
+ 0x0a,0xaf,0x38,0xe4, 0xf9,0x9e,0x75,0x4e, }, 256,
+ { 0x8f,0x49,0xa1,0xb7, 0xd6,0xaa,0x22,0x58, }, 64,
},
-# endif
};
int FIPS_selftest_cmac()
- {
- size_t n;
- unsigned int outlen;
- unsigned char out[32];
- const EVP_CIPHER *cipher;
- CMAC_CTX *ctx = CMAC_CTX_new();
- const CMAC_KAT *t;
-
- for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
{
- cipher = (*t->alg)();
- CMAC_Init(ctx, t->key, t->keysize/8, cipher, 0);
- CMAC_Update(ctx, t->msg, t->msgsize/8);
- CMAC_Final(ctx, out, &outlen);
- CMAC_CTX_cleanup(ctx);
+ size_t n, outlen;
+ unsigned char out[32];
+ const EVP_CIPHER *cipher;
+ CMAC_CTX *ctx = CMAC_CTX_new();
+ const CMAC_KAT *t;
+ int subid, rv = 1;
- if(outlen != t->macsize/8 || memcmp(out,t->mac,outlen))
- {
- FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC,FIPS_R_SELFTEST_FAILED);
- return 0;
- }
- }
+ for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
+ {
+ cipher = (*t->alg)();
+ subid = M_EVP_CIPHER_nid(cipher);
+ if (!fips_post_started(FIPS_TEST_CMAC, subid, 0))
+ continue;
+ if (!CMAC_Init(ctx, t->key, t->keysize/8, cipher, 0))
+ {
+ rv = -1;
+ goto err;
+ }
+ if (!CMAC_Update(ctx, t->msg, t->msgsize/8))
+ {
+ rv = -1;
+ goto err;
+ }
+
+ if (!fips_post_corrupt(FIPS_TEST_CMAC, subid, NULL))
+ {
+ if (!CMAC_Update(ctx, t->msg, 1))
+ {
+ rv = -1;
+ goto err;
+ }
+ }
+ if (!CMAC_Final(ctx, out, &outlen))
+ {
+ rv = -1;
+ goto err;
+ }
+ CMAC_CTX_cleanup(ctx);
+
+ if(outlen < t->macsize/8 || memcmp(out,t->mac,t->macsize/8))
+ {
+ fips_post_failed(FIPS_TEST_CMAC, subid, NULL);
+ rv = 0;
+ }
+ else if (!fips_post_success(FIPS_TEST_CMAC, subid, NULL))
+ {
+ rv = 0;
+ goto err;
+ }
+ }
- CMAC_CTX_free(ctx);
- return 1;
- }
+ err:
+ CMAC_CTX_free(ctx);
+
+ if (rv == -1)
+ {
+ fips_post_failed(FIPS_TEST_CMAC, subid, NULL);
+ rv = 0;
+ }
+ if (!rv)
+ FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC,FIPS_R_SELFTEST_FAILED);
+
+ return rv;
+ }
#endif
projects / openssl.git / blobdiff