1 /* ====================================================================
2 * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
30 * 6. Redistributions of any form whatsoever must retain the following
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
50 #define OPENSSL_FIPSAPI
53 #include <openssl/err.h>
54 #include <openssl/fips.h>
55 #include <openssl/evp.h>
56 #include "fips_locl.h"
61 const unsigned char key[16];
62 const unsigned char plaintext[16];
63 const unsigned char ciphertext[16];
67 { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
68 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F },
69 { 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,
70 0x88,0x99,0xAA,0xBB,0xCC,0xDD,0xEE,0xFF },
71 { 0x69,0xC4,0xE0,0xD8,0x6A,0x7B,0x04,0x30,
72 0xD8,0xCD,0xB7,0x80,0x70,0xB4,0xC5,0x5A },
76 int FIPS_selftest_aes()
81 FIPS_cipher_ctx_init(&ctx);
83 for(n=0 ; n < 1 ; ++n)
85 if (fips_cipher_test(FIPS_TEST_CIPHER, &ctx, EVP_aes_128_ecb(),
94 FIPS_cipher_ctx_cleanup(&ctx);
96 FIPSerr(FIPS_F_FIPS_SELFTEST_AES,FIPS_R_SELFTEST_FAILED);
100 /* AES-GCM test data from NIST public test vectors */
102 static const unsigned char gcm_key[] = {
103 0xee,0xbc,0x1f,0x57,0x48,0x7f,0x51,0x92,0x1c,0x04,0x65,0x66,
104 0x5f,0x8a,0xe6,0xd1,0x65,0x8b,0xb2,0x6d,0xe6,0xf8,0xa0,0x69,
105 0xa3,0x52,0x02,0x93,0xa5,0x72,0x07,0x8f
107 static const unsigned char gcm_iv[] = {
108 0x99,0xaa,0x3e,0x68,0xed,0x81,0x73,0xa0,0xee,0xd0,0x66,0x84
110 static const unsigned char gcm_pt[] = {
111 0xf5,0x6e,0x87,0x05,0x5b,0xc3,0x2d,0x0e,0xeb,0x31,0xb2,0xea,
114 static const unsigned char gcm_aad[] = {
115 0x4d,0x23,0xc3,0xce,0xc3,0x34,0xb4,0x9b,0xdb,0x37,0x0c,0x43,
118 static const unsigned char gcm_ct[] = {
119 0xf7,0x26,0x44,0x13,0xa8,0x4c,0x0e,0x7c,0xd5,0x36,0x86,0x7e,
122 static const unsigned char gcm_tag[] = {
123 0x67,0xba,0x05,0x10,0x26,0x2a,0xe4,0x87,0xd7,0x37,0xee,0x62,
127 int FIPS_selftest_aes_gcm(void)
129 int ret = 0, do_corrupt = 0;
130 unsigned char out[128], tag[16];
132 FIPS_cipher_ctx_init(&ctx);
133 memset(out, 0, sizeof(out));
134 memset(tag, 0, sizeof(tag));
135 if (!fips_post_started(FIPS_TEST_GCM, 0, 0))
137 if (!fips_post_corrupt(FIPS_TEST_GCM, 0, NULL))
139 if (!FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 1))
141 if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
142 sizeof(gcm_iv), NULL))
144 if (!FIPS_cipherinit(&ctx, NULL, gcm_key, gcm_iv, 1))
146 if (FIPS_cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
148 if (FIPS_cipher(&ctx, out, gcm_pt, sizeof(gcm_pt)) != sizeof(gcm_ct))
150 if (FIPS_cipher(&ctx, NULL, NULL, 0) < 0)
153 if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, 16, tag))
156 if (memcmp(tag, gcm_tag, 16) || memcmp(out, gcm_ct, 16))
159 memset(out, 0, sizeof(out));
161 /* Modify expected tag value */
165 if (!FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 0))
167 if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
168 sizeof(gcm_iv), NULL))
170 if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tag))
172 if (!FIPS_cipherinit(&ctx, NULL, gcm_key, gcm_iv, 0))
174 if (FIPS_cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
176 if (FIPS_cipher(&ctx, out, gcm_ct, sizeof(gcm_ct)) != sizeof(gcm_pt))
178 if (FIPS_cipher(&ctx, NULL, NULL, 0) < 0)
181 if (memcmp(out, gcm_pt, 16))
187 FIPS_cipher_ctx_cleanup(&ctx);
191 fips_post_failed(FIPS_TEST_GCM, 0, NULL);
192 FIPSerr(FIPS_F_FIPS_SELFTEST_AES_GCM,FIPS_R_SELFTEST_FAILED);
196 return fips_post_success(FIPS_TEST_GCM, 0, NULL);
201 static const unsigned char XTS_128_key[] = {
202 0xa1,0xb9,0x0c,0xba,0x3f,0x06,0xac,0x35,0x3b,0x2c,0x34,0x38,
203 0x76,0x08,0x17,0x62,0x09,0x09,0x23,0x02,0x6e,0x91,0x77,0x18,
204 0x15,0xf2,0x9d,0xab,0x01,0x93,0x2f,0x2f
206 static const unsigned char XTS_128_i[] = {
207 0x4f,0xae,0xf7,0x11,0x7c,0xda,0x59,0xc6,0x6e,0x4b,0x92,0x01,
210 static const unsigned char XTS_128_pt[] = {
211 0xeb,0xab,0xce,0x95,0xb1,0x4d,0x3c,0x8d,0x6f,0xb3,0x50,0x39,
214 static const unsigned char XTS_128_ct[] = {
215 0x77,0x8a,0xe8,0xb4,0x3c,0xb9,0x8d,0x5a,0x82,0x50,0x81,0xd5,
219 static const unsigned char XTS_256_key[] = {
220 0x1e,0xa6,0x61,0xc5,0x8d,0x94,0x3a,0x0e,0x48,0x01,0xe4,0x2f,
221 0x4b,0x09,0x47,0x14,0x9e,0x7f,0x9f,0x8e,0x3e,0x68,0xd0,0xc7,
222 0x50,0x52,0x10,0xbd,0x31,0x1a,0x0e,0x7c,0xd6,0xe1,0x3f,0xfd,
223 0xf2,0x41,0x8d,0x8d,0x19,0x11,0xc0,0x04,0xcd,0xa5,0x8d,0xa3,
224 0xd6,0x19,0xb7,0xe2,0xb9,0x14,0x1e,0x58,0x31,0x8e,0xea,0x39,
227 static const unsigned char XTS_256_i[] = {
228 0xad,0xf8,0xd9,0x26,0x27,0x46,0x4a,0xd2,0xf0,0x42,0x8e,0x84,
231 static const unsigned char XTS_256_pt[] = {
232 0x2e,0xed,0xea,0x52,0xcd,0x82,0x15,0xe1,0xac,0xc6,0x47,0xe8,
233 0x10,0xbb,0xc3,0x64,0x2e,0x87,0x28,0x7f,0x8d,0x2e,0x57,0xe3,
234 0x6c,0x0a,0x24,0xfb,0xc1,0x2a,0x20,0x2e
236 static const unsigned char XTS_256_ct[] = {
237 0xcb,0xaa,0xd0,0xe2,0xf6,0xce,0xa3,0xf5,0x0b,0x37,0xf9,0x34,
238 0xd4,0x6a,0x9b,0x13,0x0b,0x9d,0x54,0xf0,0x7e,0x34,0xf3,0x6a,
239 0xf7,0x93,0xe8,0x6f,0x73,0xc6,0xd7,0xdb
242 int FIPS_selftest_aes_xts()
246 FIPS_cipher_ctx_init(&ctx);
248 if (fips_cipher_test(FIPS_TEST_XTS, &ctx, EVP_aes_128_xts(),
249 XTS_128_key, XTS_128_i, XTS_128_pt, XTS_128_ct,
250 sizeof(XTS_128_pt)) <= 0)
253 if (fips_cipher_test(FIPS_TEST_XTS, &ctx, EVP_aes_256_xts(),
254 XTS_256_key, XTS_256_i, XTS_256_pt, XTS_256_ct,
255 sizeof(XTS_256_pt)) <= 0)
258 FIPS_cipher_ctx_cleanup(&ctx);
260 FIPSerr(FIPS_F_FIPS_SELFTEST_AES_XTS,FIPS_R_SELFTEST_FAILED);