#include <openssl/err.h>
#include <openssl/fips.h>
#include <openssl/evp.h>
+#include "fips_locl.h"
#ifdef OPENSSL_FIPS
static struct
{
- unsigned char key[16];
- unsigned char plaintext[16];
- unsigned char ciphertext[16];
+ const unsigned char key[16];
+ const unsigned char plaintext[16];
+ const unsigned char ciphertext[16];
} tests[]=
{
{
},
};
-void FIPS_corrupt_aes()
- {
- tests[0].key[0]++;
- }
-
int FIPS_selftest_aes()
{
int n;
for(n=0 ; n < 1 ; ++n)
{
- if (fips_cipher_test(&ctx, EVP_aes_128_ecb(),
+ if (fips_cipher_test(FIPS_TEST_CIPHER, &ctx, EVP_aes_128_ecb(),
tests[n].key, NULL,
tests[n].plaintext,
tests[n].ciphertext,
return ret;
}
+/* AES-CCM test data from NIST public test vectors */
+
+static const unsigned char ccm_key[] = {
+ 0xce,0xb0,0x09,0xae,0xa4,0x45,0x44,0x51,0xfe,0xad,0xf0,0xe6,
+ 0xb3,0x6f,0x45,0x55,0x5d,0xd0,0x47,0x23,0xba,0xa4,0x48,0xe8
+};
+static const unsigned char ccm_nonce[] = {
+ 0x76,0x40,0x43,0xc4,0x94,0x60,0xb7
+};
+static const unsigned char ccm_adata[] = {
+ 0x6e,0x80,0xdd,0x7f,0x1b,0xad,0xf3,0xa1,0xc9,0xab,0x25,0xc7,
+ 0x5f,0x10,0xbd,0xe7,0x8c,0x23,0xfa,0x0e,0xb8,0xf9,0xaa,0xa5,
+ 0x3a,0xde,0xfb,0xf4,0xcb,0xf7,0x8f,0xe4
+};
+static const unsigned char ccm_pt[] = {
+ 0xc8,0xd2,0x75,0xf9,0x19,0xe1,0x7d,0x7f,0xe6,0x9c,0x2a,0x1f,
+ 0x58,0x93,0x9d,0xfe,0x4d,0x40,0x37,0x91,0xb5,0xdf,0x13,0x10
+};
+static const unsigned char ccm_ct[] = {
+ 0x8a,0x0f,0x3d,0x82,0x29,0xe4,0x8e,0x74,0x87,0xfd,0x95,0xa2,
+ 0x8a,0xd3,0x92,0xc8,0x0b,0x36,0x81,0xd4,0xfb,0xc7,0xbb,0xfd
+};
+static const unsigned char ccm_tag[] = {
+ 0x2d,0xd6,0xef,0x1c,0x45,0xd4,0xcc,0xb7,0x23,0xdc,0x07,0x44,
+ 0x14,0xdb,0x50,0x6d
+};
+
+int FIPS_selftest_aes_ccm(void)
+ {
+ int ret = 0, do_corrupt = 0;
+ unsigned char out[128], tag[16];
+ EVP_CIPHER_CTX ctx;
+ FIPS_cipher_ctx_init(&ctx);
+ memset(out, 0, sizeof(out));
+ if (!fips_post_started(FIPS_TEST_CCM, 0, 0))
+ return 1;
+ if (!fips_post_corrupt(FIPS_TEST_CCM, 0, NULL))
+ do_corrupt = 1;
+ if (!FIPS_cipherinit(&ctx, EVP_aes_192_ccm(), NULL, NULL, 1))
+ goto err;
+ if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN,
+ sizeof(ccm_nonce), NULL))
+ goto err;
+ if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG,
+ sizeof(ccm_tag), NULL))
+ goto err;
+ if (!FIPS_cipherinit(&ctx, NULL, ccm_key, ccm_nonce, 1))
+ goto err;
+ if (FIPS_cipher(&ctx, NULL, NULL, sizeof(ccm_pt)) != sizeof(ccm_pt))
+ goto err;
+ if (FIPS_cipher(&ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0)
+ goto err;
+ if (FIPS_cipher(&ctx, out, ccm_pt, sizeof(ccm_pt)) != sizeof(ccm_ct))
+ goto err;
+
+ if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_GET_TAG, 16, tag))
+ goto err;
+ if (memcmp(tag, ccm_tag, sizeof(ccm_tag))
+ || memcmp(out, ccm_ct, sizeof(ccm_ct)))
+ goto err;
+
+ memset(out, 0, sizeof(out));
+
+ /* Modify expected tag value */
+ if (do_corrupt)
+ tag[0]++;
+
+ if (!FIPS_cipherinit(&ctx, EVP_aes_192_ccm(), NULL, NULL, 0))
+ goto err;
+ if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN,
+ sizeof(ccm_nonce), NULL))
+ goto err;
+ if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, 16, tag))
+ goto err;
+ if (!FIPS_cipherinit(&ctx, NULL, ccm_key, ccm_nonce, 0))
+ goto err;
+ if (FIPS_cipher(&ctx, NULL, NULL, sizeof(ccm_ct)) != sizeof(ccm_ct))
+ goto err;
+ if (FIPS_cipher(&ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0)
+ goto err;
+ if (FIPS_cipher(&ctx, out, ccm_ct, sizeof(ccm_ct)) != sizeof(ccm_pt))
+ goto err;
+
+ if (memcmp(out, ccm_pt, sizeof(ccm_pt)))
+ goto err;
+
+ ret = 1;
+
+ err:
+ FIPS_cipher_ctx_cleanup(&ctx);
+
+ if (ret == 0)
+ {
+ fips_post_failed(FIPS_TEST_CCM, 0, NULL);
+ FIPSerr(FIPS_F_FIPS_SELFTEST_AES_CCM,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+ else
+ return fips_post_success(FIPS_TEST_CCM, 0, NULL);
+
+ }
+
/* AES-GCM test data from NIST public test vectors */
static const unsigned char gcm_key[] = {
0x98,0xf7,0x7e,0x0c
};
-static int corrupt_aes_gcm = 0;
-
-void FIPS_corrupt_aes_gcm(void)
- {
- corrupt_aes_gcm = 1;
- }
-
int FIPS_selftest_aes_gcm(void)
{
- int ret = 0;
+ int ret = 0, do_corrupt = 0;
unsigned char out[128], tag[16];
EVP_CIPHER_CTX ctx;
FIPS_cipher_ctx_init(&ctx);
- FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 1);
- FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
- sizeof(gcm_iv), NULL);
+ memset(out, 0, sizeof(out));
+ memset(tag, 0, sizeof(tag));
+ if (!fips_post_started(FIPS_TEST_GCM, 0, 0))
+ return 1;
+ if (!fips_post_corrupt(FIPS_TEST_GCM, 0, NULL))
+ do_corrupt = 1;
+ if (!FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 1))
+ goto err;
+ if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
+ sizeof(gcm_iv), NULL))
+ goto err;
if (!FIPS_cipherinit(&ctx, NULL, gcm_key, gcm_iv, 1))
goto err;
if (FIPS_cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
if (memcmp(tag, gcm_tag, 16) || memcmp(out, gcm_ct, 16))
goto err;
+ memset(out, 0, sizeof(out));
+
/* Modify expected tag value */
- if (corrupt_aes_gcm)
+ if (do_corrupt)
tag[0]++;
- FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 0);
- FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
- sizeof(gcm_iv), NULL);
+ if (!FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 0))
+ goto err;
+ if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
+ sizeof(gcm_iv), NULL))
+ goto err;
if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tag))
goto err;
if (!FIPS_cipherinit(&ctx, NULL, gcm_key, gcm_iv, 0))
ret = 1;
err:
+ FIPS_cipher_ctx_cleanup(&ctx);
if (ret == 0)
+ {
+ fips_post_failed(FIPS_TEST_GCM, 0, NULL);
FIPSerr(FIPS_F_FIPS_SELFTEST_AES_GCM,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+ else
+ return fips_post_success(FIPS_TEST_GCM, 0, NULL);
- FIPS_cipher_ctx_cleanup(&ctx);
+ }
+
+
+static const unsigned char XTS_128_key[] = {
+ 0xa1,0xb9,0x0c,0xba,0x3f,0x06,0xac,0x35,0x3b,0x2c,0x34,0x38,
+ 0x76,0x08,0x17,0x62,0x09,0x09,0x23,0x02,0x6e,0x91,0x77,0x18,
+ 0x15,0xf2,0x9d,0xab,0x01,0x93,0x2f,0x2f
+};
+static const unsigned char XTS_128_i[] = {
+ 0x4f,0xae,0xf7,0x11,0x7c,0xda,0x59,0xc6,0x6e,0x4b,0x92,0x01,
+ 0x3e,0x76,0x8a,0xd5
+};
+static const unsigned char XTS_128_pt[] = {
+ 0xeb,0xab,0xce,0x95,0xb1,0x4d,0x3c,0x8d,0x6f,0xb3,0x50,0x39,
+ 0x07,0x90,0x31,0x1c
+};
+static const unsigned char XTS_128_ct[] = {
+ 0x77,0x8a,0xe8,0xb4,0x3c,0xb9,0x8d,0x5a,0x82,0x50,0x81,0xd5,
+ 0xbe,0x47,0x1c,0x63
+};
+
+static const unsigned char XTS_256_key[] = {
+ 0x1e,0xa6,0x61,0xc5,0x8d,0x94,0x3a,0x0e,0x48,0x01,0xe4,0x2f,
+ 0x4b,0x09,0x47,0x14,0x9e,0x7f,0x9f,0x8e,0x3e,0x68,0xd0,0xc7,
+ 0x50,0x52,0x10,0xbd,0x31,0x1a,0x0e,0x7c,0xd6,0xe1,0x3f,0xfd,
+ 0xf2,0x41,0x8d,0x8d,0x19,0x11,0xc0,0x04,0xcd,0xa5,0x8d,0xa3,
+ 0xd6,0x19,0xb7,0xe2,0xb9,0x14,0x1e,0x58,0x31,0x8e,0xea,0x39,
+ 0x2c,0xf4,0x1b,0x08
+};
+static const unsigned char XTS_256_i[] = {
+ 0xad,0xf8,0xd9,0x26,0x27,0x46,0x4a,0xd2,0xf0,0x42,0x8e,0x84,
+ 0xa9,0xf8,0x75,0x64
+};
+static const unsigned char XTS_256_pt[] = {
+ 0x2e,0xed,0xea,0x52,0xcd,0x82,0x15,0xe1,0xac,0xc6,0x47,0xe8,
+ 0x10,0xbb,0xc3,0x64,0x2e,0x87,0x28,0x7f,0x8d,0x2e,0x57,0xe3,
+ 0x6c,0x0a,0x24,0xfb,0xc1,0x2a,0x20,0x2e
+};
+static const unsigned char XTS_256_ct[] = {
+ 0xcb,0xaa,0xd0,0xe2,0xf6,0xce,0xa3,0xf5,0x0b,0x37,0xf9,0x34,
+ 0xd4,0x6a,0x9b,0x13,0x0b,0x9d,0x54,0xf0,0x7e,0x34,0xf3,0x6a,
+ 0xf7,0x93,0xe8,0x6f,0x73,0xc6,0xd7,0xdb
+};
+
+int FIPS_selftest_aes_xts()
+ {
+ int ret = 1;
+ EVP_CIPHER_CTX ctx;
+ FIPS_cipher_ctx_init(&ctx);
+
+ if (fips_cipher_test(FIPS_TEST_XTS, &ctx, EVP_aes_128_xts(),
+ XTS_128_key, XTS_128_i, XTS_128_pt, XTS_128_ct,
+ sizeof(XTS_128_pt)) <= 0)
+ ret = 0;
+
+ if (fips_cipher_test(FIPS_TEST_XTS, &ctx, EVP_aes_256_xts(),
+ XTS_256_key, XTS_256_i, XTS_256_pt, XTS_256_ct,
+ sizeof(XTS_256_pt)) <= 0)
+ ret = 0;
+ FIPS_cipher_ctx_cleanup(&ctx);
+ if (ret == 0)
+ FIPSerr(FIPS_F_FIPS_SELFTEST_AES_XTS,FIPS_R_SELFTEST_FAILED);
return ret;
}
projects / openssl.git / blobdiff