Implement FIPS CMAC.
authorRichard Levitte <levitte@openssl.org>
Thu, 24 Mar 2011 22:55:02 +0000 (22:55 +0000)
committerRichard Levitte <levitte@openssl.org>
Thu, 24 Mar 2011 22:55:02 +0000 (22:55 +0000)
* fips/cmac/*: Implement the basis for FIPS CMAC, using FIPS HMAC as
  an example.
* crypto/cmac/cmac.c: Enable the FIPS API.  Change to use M_EVP macros
  where possible.
* crypto/evp/evp.h: (some of the macros get added with this change)
* fips/fips.h, fips/utl/fips_enc.c: Add a few needed functions and use
  macros to have cmac.c use these functions.
* Makefile.org, fips/Makefile, fips/fips.c: Hook it in.

Makefile.org
crypto/cmac/cmac.c
crypto/evp/evp.h
fips/Makefile
fips/cmac/Makefile [new file with mode: 0644]
fips/cmac/fips_cmac_selftest.c [new file with mode: 0644]
fips/cmac/fips_cmactest.c [new file with mode: 0644]
fips/cmac/lib [new file with mode: 0644]
fips/fips.c
fips/fips.h
fips/utl/fips_enc.c

index b1ad7cb..73e8b6d 100644 (file)
@@ -295,6 +295,7 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
        ../crypto/bn/bn_word.o \
        ../crypto/bn/bn_x931p.o \
        ../crypto/buffer/buf_str.o \
+       ../crypto/cmac/cmac.o \
        ../crypto/cryptlib.o \
        ../crypto/des/cfb64ede.o \
        ../crypto/des/cfb64enc.o \
index 307e93d..5807e30 100644 (file)
@@ -51,6 +51,8 @@
  * ====================================================================
  */
 
+#define OPENSSL_FIPSAPI
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -129,7 +131,7 @@ int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in)
                return 0;
        if (!EVP_CIPHER_CTX_copy(&out->cctx, &in->cctx))
                return 0;
-       bl = EVP_CIPHER_CTX_block_size(&in->cctx);
+       bl = M_EVP_CIPHER_CTX_block_size(&in->cctx);
        memcpy(out->k1, in->k1, bl);
        memcpy(out->k2, in->k2, bl);
        memcpy(out->tbl, in->tbl, bl);
@@ -148,31 +150,31 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
                /* Not initialised */
                if (ctx->nlast_block == -1)
                        return 0;
-               if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv))
+               if (!M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv))
                        return 0;
                return 1;
                }
        /* Initialiase context */
-       if (cipher && !EVP_EncryptInit_ex(&ctx->cctx, cipher, impl, NULL, NULL))
+       if (cipher && !M_EVP_EncryptInit_ex(&ctx->cctx, cipher, impl, NULL, NULL))
                return 0;
        /* Non-NULL key means initialisation complete */
        if (key)
                {
                int bl;
-               if (!EVP_CIPHER_CTX_cipher(&ctx->cctx))
+               if (!M_EVP_CIPHER_CTX_cipher(&ctx->cctx))
                        return 0;
                if (!EVP_CIPHER_CTX_set_key_length(&ctx->cctx, keylen))
                        return 0;
-               if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, key, zero_iv))
+               if (!M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, key, zero_iv))
                        return 0;
-               bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);
+               bl = M_EVP_CIPHER_CTX_block_size(&ctx->cctx);
                if (!EVP_Cipher(&ctx->cctx, ctx->tbl, zero_iv, bl))
                        return 0;
                make_kn(ctx->k1, ctx->tbl, bl);
                make_kn(ctx->k2, ctx->k1, bl);
                OPENSSL_cleanse(ctx->tbl, bl);
                /* Reset context again ready for first data block */
-               if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv))
+               if (!M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv))
                        return 0;
                /* Zero tbl so resume works */
                memset(ctx->tbl, 0, bl);
@@ -189,7 +191,7 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
                return 0;
        if (dlen == 0)
                return 1;
-       bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);
+       bl = M_EVP_CIPHER_CTX_block_size(&ctx->cctx);
        /* Copy into partial block if we need to */
        if (ctx->nlast_block > 0)
                {
@@ -228,7 +230,7 @@ int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen)
        int i, bl, lb;
        if (ctx->nlast_block == -1)
                return 0;
-       bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);
+       bl = M_EVP_CIPHER_CTX_block_size(&ctx->cctx);
        *poutlen = (size_t)bl;
        if (!out)
                return 1;
@@ -265,5 +267,5 @@ int CMAC_resume(CMAC_CTX *ctx)
         * So reinitliasing using the last decrypted block will allow
         * CMAC to continue after calling CMAC_Final(). 
         */
-       return EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, ctx->tbl);
+       return M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, ctx->tbl);
        }
index 240d9d5..8e041c5 100644 (file)
@@ -458,12 +458,23 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 #define M_EVP_MD_CTX_type(e)           M_EVP_MD_type(M_EVP_MD_CTX_md(e))
 #define M_EVP_MD_CTX_md(e)                     ((e)->digest)
 
-#define M_EVP_CIPHER_CTX_iv_length(e)  (e->cipher->iv_len)
-#define M_EVP_CIPHER_CTX_flags(e)      (e->cipher->flags)
+#define M_EVP_CIPHER_CTX_iv_length(e)  ((e)->cipher->iv_len)
+#define M_EVP_CIPHER_CTX_flags(e)      ((e)->cipher->flags)
+#define M_EVP_CIPHER_CTX_block_size(e) ((e)->cipher->block_size)
+#define M_EVP_CIPHER_CTX_cipher(e)     ((e)->cipher)
 #define M_EVP_CIPHER_CTX_mode(e)       (M_EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE)
 
 #define M_EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
 
+#define M_EVP_EncryptInit(ctx,ciph,key,iv) \
+       (EVP_CipherInit(ctx,ciph,key,iv,1))
+#define M_EVP_EncryptInit_ex(ctx,ciph,impl,key,iv) \
+       (EVP_CipherInit_ex(ctx,ciph,impl,key,iv,1))
+#define M_EVP_DecryptInit(ctx,ciph,key,iv) \
+       (EVP_CipherInit(ctx,ciph,key,iv,0))
+#define M_EVP_DecryptInit_ex(ctx,ciph,impl,key,iv) \
+       (EVP_CipherInit_ex(ctx,ciph,impl,key,iv,0))
+
 int EVP_MD_type(const EVP_MD *md);
 #define EVP_MD_nid(e)                  EVP_MD_type(e)
 #define EVP_MD_name(e)                 OBJ_nid2sn(EVP_MD_nid(e))
@@ -1288,7 +1299,9 @@ void ERR_load_EVP_strings(void);
 #define EVP_F_EVP_SIGNFINAL                             107
 #define EVP_F_EVP_VERIFYFINAL                           108
 #define EVP_F_FIPS_CIPHERINIT                           166
+#define EVP_F_FIPS_CIPHER_CTX_COPY                      170
 #define EVP_F_FIPS_CIPHER_CTX_CTRL                      167
+#define EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH            171
 #define EVP_F_FIPS_DIGESTINIT                           168
 #define EVP_F_FIPS_MD_CTX_COPY                          169
 #define EVP_F_INT_CTX_NEW                               157
index 1373fda..28df80c 100644 (file)
@@ -35,7 +35,7 @@ AFLAGS=$(ASFLAGS)
 
 LIBS=
 
-FDIRS=sha rand des aes dsa ecdh ecdsa rsa dh hmac utl
+FDIRS=sha rand des aes dsa ecdh ecdsa rsa dh cmac hmac utl
 
 GENERAL=Makefile README fips-lib.com install.com
 
@@ -45,7 +45,7 @@ LIBSRC=fips.c
 LIBOBJ=fips.o
 
 FIPS_OBJ_LISTS=sha/lib hmac/lib rand/lib des/lib aes/lib dsa/lib rsa/lib \
-               dh/lib utl/lib ecdsa/lib
+               dh/lib utl/lib ecdsa/lib cmac/lib
 
 SRC= $(LIBSRC)
 
diff --git a/fips/cmac/Makefile b/fips/cmac/Makefile
new file mode 100644 (file)
index 0000000..1404c67
--- /dev/null
@@ -0,0 +1,112 @@
+#
+# OpenSSL/fips/cmac/Makefile
+#
+
+DIR=   cmac
+TOP=   ../..
+CC=    cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKEDEPPROG=   makedepend
+MAKEDEPEND=    $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=      Makefile
+AR=            ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=fips_cmactest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= fips_cmac_selftest.c
+LIBOBJ= fips_cmac_selftest.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=
+HEADER=        $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+       (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
+
+all:   lib
+
+lib:   $(LIBOBJ)
+       @echo $(LIBOBJ) > lib
+
+files:
+       $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+       @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
+       @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
+       @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
+
+install:
+       @headerlist="$(EXHEADER)"; for i in $$headerlist; \
+       do \
+         (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+         chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+       done
+
+tags:
+       ctags $(SRC)
+
+tests:
+
+Q=../testvectors/cmac/req
+A=../testvectors/cmac/rsp
+
+fips_test:
+       -rm -rf $(A)
+       mkdir $(A)
+       if [ -f $(Q)/CMACGenAES256.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_cmactest -g < $(Q)/CMACGenAES256.req > $(A)/CMACGenAES256.rsp; fi
+       if [ -f $(Q)/CMACVerAES256.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_cmactest -v < $(Q)/CMACVerAES256.req > $(A)/CMACVerAES256.rsp; fi
+
+lint:
+       lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+       $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
+
+dclean:
+       $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+       mv -f Makefile.new $(MAKEFILE)
+
+clean:
+       rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+fips_cmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_cmac_selftest.o: ../../include/openssl/cmac.h
+fips_cmac_selftest.o: ../../include/openssl/crypto.h
+fips_cmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+fips_cmac_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+fips_cmac_selftest.o: ../../include/openssl/lhash.h
+fips_cmac_selftest.o: ../../include/openssl/obj_mac.h
+fips_cmac_selftest.o: ../../include/openssl/objects.h
+fips_cmac_selftest.o: ../../include/openssl/opensslconf.h
+fips_cmac_selftest.o: ../../include/openssl/opensslv.h
+fips_cmac_selftest.o: ../../include/openssl/ossl_typ.h
+fips_cmac_selftest.o: ../../include/openssl/safestack.h
+fips_cmac_selftest.o: ../../include/openssl/stack.h
+fips_cmac_selftest.o: ../../include/openssl/symhacks.h fips_cmac_selftest.c
+fips_cmactest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_cmactest.o: ../../include/openssl/bn.h ../../include/openssl/cmac.h
+fips_cmactest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+fips_cmactest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_cmactest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+fips_cmactest.o: ../../include/openssl/obj_mac.h
+fips_cmactest.o: ../../include/openssl/objects.h
+fips_cmactest.o: ../../include/openssl/opensslconf.h
+fips_cmactest.o: ../../include/openssl/opensslv.h
+fips_cmactest.o: ../../include/openssl/ossl_typ.h
+fips_cmactest.o: ../../include/openssl/safestack.h
+fips_cmactest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_cmactest.o: ../fips_utl.h fips_cmactest.c
diff --git a/fips/cmac/fips_cmac_selftest.c b/fips/cmac/fips_cmac_selftest.c
new file mode 100644 (file)
index 0000000..834efab
--- /dev/null
@@ -0,0 +1,146 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#define OPENSSL_FIPSAPI
+
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+#include <openssl/cmac.h>
+
+#ifdef OPENSSL_FIPS
+typedef struct {
+       const EVP_CIPHER *(*alg)(void);
+       const unsigned char key[EVP_MAX_KEY_LENGTH]; int keysize;
+       const unsigned char msg[64]; int msgsize;
+       const unsigned char mac[32]; int macsize;
+} CMAC_KAT;
+
+/* from http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf */
+static const CMAC_KAT vector[] = {
+    {  EVP_aes_128_cbc,        /* Example 3: Mlen = 320 */
+       { 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
+         0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c }, 128,
+       { 0x6b,0xc1,0xbe,0xe2, 0x2e,0x40,0x9f,0x96,
+         0xe9,0x3d,0x7e,0x11, 0x73,0x93,0x17,0x2a,
+         0xae,0x2d,0x8a,0x57, 0x1e,0x03,0xac,0x9c,
+         0x9e,0xb7,0x6f,0xac, 0x45,0xaf,0x8e,0x51,
+         0x30,0xc8,0x1c,0x46, 0xa3,0x5c,0xe4,0x11 }, 320,
+       { 0xdf,0xa6,0x67,0x47, 0xde,0x9a,0xe6,0x30,
+         0x30,0xca,0x32,0x61, 0x14,0x97,0xc8,0x27 }, 128
+    },
+    {  EVP_aes_192_cbc,        /* Example 5: Mlen = 0 */
+       { 0x8e,0x73,0xb0,0xf7, 0xda,0x0e,0x64,0x52,
+         0xc8,0x10,0xf3,0x2b, 0x80,0x90,0x79,0xe5,
+         0x62,0xf8,0xea,0xd2, 0x52,0x2c,0x6b,0x7b, }, 192,
+       { 0x0 }, 0,
+       { 0xd1,0x7d,0xdf,0x46, 0xad,0xaa,0xcd,0xe5,
+         0x31,0xca,0xc4,0x83, 0xde,0x7a,0x93,0x67, }, 128
+    },
+    {  EVP_aes_256_cbc,        /* Example 12: Mlen = 512 */
+       { 0x60,0x3d,0xeb,0x10, 0x15,0xca,0x71,0xbe,
+         0x2b,0x73,0xae,0xf0, 0x85,0x7d,0x77,0x81,
+         0x1f,0x35,0x2c,0x07, 0x3b,0x61,0x08,0xd7,
+         0x2d,0x98,0x10,0xa3, 0x09,0x14,0xdf,0xf4, }, 256,
+       { 0x6b,0xc1,0xbe,0xe2, 0x2e,0x40,0x9f,0x96,
+         0xe9,0x3d,0x7e,0x11, 0x73,0x93,0x17,0x2a,
+         0xae,0x2d,0x8a,0x57, 0x1e,0x03,0xac,0x9c,
+         0x9e,0xb7,0x6f,0xac, 0x45,0xaf,0x8e,0x51,
+         0x30,0xc8,0x1c,0x46, 0xa3,0x5c,0xe4,0x11,
+         0xe5,0xfb,0xc1,0x19, 0x1a,0x0a,0x52,0xef,
+         0xf6,0x9f,0x24,0x45, 0xdf,0x4f,0x9b,0x17,
+         0xad,0x2b,0x41,0x7b, 0xe6,0x6c,0x37,0x10, }, 512,
+       { 0xe1,0x99,0x21,0x90, 0x54,0x9f,0x6e,0xd5,
+         0x69,0x6a,0x2c,0x05, 0x6c,0x31,0x54,0x10, }, 128,
+    },
+# if 0
+    /* Removed because the actual result was:
+         0x74,0x3d,0xdb,0xe0,  0xce,0x2d,0xc2,0xed
+       I suspect an error on my part -- Richard Levitte
+     */
+    {  EVP_des_ede3_cbc,       /* Example 15: Mlen = 160 */
+       { 0x8a,0xa8,0x3b,0xf8, 0xcb,0xda,0x10,0x62,
+         0x0b,0xc1,0xbf,0x19, 0xfb,0xb6,0xcd,0x58,
+         0xbc,0x31,0x3d,0x4a, 0x37,0x1c,0xa8,0xb5, }, 192,
+       { 0x6b,0xc1,0xbe,0xe2, 0x2e,0x40,0x9f,0x96,
+         0xe9,0x3d,0x7e,0x11, 0x73,0x93,0x17,0x2a,
+         0xae,0x2d,0x8a,0x57, }, 160,
+       { 0xd3,0x2b,0xce,0xbe, 0x43,0xd2,0x3d,0x80, }, 64,
+    },
+# endif
+};
+
+int FIPS_selftest_cmac()
+    {
+    size_t n;
+    unsigned int     outlen;
+    unsigned char    out[32];
+    const EVP_CIPHER *cipher;
+    CMAC_CTX *ctx = CMAC_CTX_new();
+    const CMAC_KAT *t;
+
+    for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
+       {
+       cipher = (*t->alg)();
+       CMAC_Init(ctx, t->key, t->keysize/8, cipher, 0);
+       CMAC_Update(ctx, t->msg, t->msgsize/8);
+       CMAC_Final(ctx, out, &outlen);
+       CMAC_CTX_cleanup(ctx);
+
+       if(outlen != t->macsize/8 || memcmp(out,t->mac,outlen))
+           {
+           FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC,FIPS_R_SELFTEST_FAILED);
+           return 0;
+           }
+       }
+
+    CMAC_CTX_free(ctx);
+    return 1;
+    }
+#endif
diff --git a/fips/cmac/fips_cmactest.c b/fips/cmac/fips_cmactest.c
new file mode 100644 (file)
index 0000000..296f1a8
--- /dev/null
@@ -0,0 +1,441 @@
+/* fips_cmactest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#define OPENSSL_FIPSAPI
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/cmac.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+    printf("No FIPS CMAC support\n");
+    return(0);
+}
+
+#else
+
+#include <openssl/fips.h>
+#include "fips_utl.h"
+
+static int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in, int mode);
+static int print_cmac_gen(const EVP_CIPHER *cipher, FILE *out,
+               unsigned char *Key, int Klen,
+               unsigned char *Msg, int Msglen,
+               int Tlen);
+static int print_cmac_ver(const EVP_CIPHER *cipher, FILE *out,
+               unsigned char *Key, int Klen,
+               unsigned char *Msg, int Msglen,
+               unsigned char *Mac, int Maclen,
+               int Tlen);
+
+int main(int argc, char **argv)
+       {
+       FILE *in = NULL, *out = NULL;
+       int mode = 0;           /* 0 => Generate, 1 => Verify */
+
+       int ret = 1;
+       fips_set_error_print();
+       if(!FIPS_mode_set(1))
+               goto end;
+
+       if (argc > 1 && argv[1][0] == '-')
+               {
+               if (strcmp(argv[1], "-g") == 0)
+                       mode = 0;
+               else if (strcmp(argv[1], "-v") == 0)
+                       mode = 1;
+               else
+                       {
+                       fprintf(stderr, "Unknown option %s\n", argv[1]);
+                       goto end;
+                       }
+               argv++;
+               argc--;
+               }
+       if (argc == 1)
+               in = stdin;
+       else
+               in = fopen(argv[1], "r");
+
+       if (argc < 2)
+               out = stdout;
+       else
+               out = fopen(argv[2], "w");
+
+       if (!in)
+               {
+               fprintf(stderr, "FATAL input initialization error\n");
+               goto end;
+               }
+
+       if (!out)
+               {
+               fprintf(stderr, "FATAL output initialization error\n");
+               goto end;
+               }
+
+       if (!cmac_test(EVP_aes_256_cbc(), out, in, mode))
+               {
+               fprintf(stderr, "FATAL cmac file processing error\n");
+               goto end;
+               }
+       else
+               ret = 0;
+
+       end:
+
+       if (in && (in != stdin))
+               fclose(in);
+       if (out && (out != stdout))
+               fclose(out);
+
+       return ret;
+
+       }
+
+#define CMAC_TEST_MAXLINELEN   1024
+
+int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in, int mode)
+       {
+       char *linebuf, *olinebuf, *p, *q;
+       char *keyword, *value;
+       unsigned char *Key = NULL, *Msg = NULL, *Mac = NULL;
+       int Count, Klen, Mlen, Tlen;
+       long Keylen, Msglen, Maclen;
+       int ret = 0;
+       int lnum = 0;
+
+       olinebuf = OPENSSL_malloc(CMAC_TEST_MAXLINELEN);
+       linebuf = OPENSSL_malloc(CMAC_TEST_MAXLINELEN);
+
+       if (!linebuf || !olinebuf)
+               goto error;
+
+       Count = -1;
+       Klen = -1;
+       Mlen = -1;
+       Tlen = -1;
+
+       while (fgets(olinebuf, CMAC_TEST_MAXLINELEN, in))
+               {
+               lnum++;
+               strcpy(linebuf, olinebuf);
+               keyword = linebuf;
+               /* Skip leading space */
+               while (isspace((unsigned char)*keyword))
+                       keyword++;
+
+               /* Skip comments */
+               if (keyword[0] == '#')
+                       {
+                       if (fputs(olinebuf, out) < 0)
+                               goto error;
+                       continue;
+                       }
+
+               /* Look for = sign */
+               p = strchr(linebuf, '=');
+
+               /* If no = or starts with [ (for [L=20] line) just copy */
+               if (!p)
+                       {
+                       if (fputs(olinebuf, out) < 0)
+                               goto error;
+                       continue;
+                       }
+
+               q = p - 1;
+
+               /* Remove trailing space */
+               while (isspace((unsigned char)*q))
+                       *q-- = 0;
+
+               *p = 0;
+               value = p + 1;
+
+               /* Remove leading space from value */
+               while (isspace((unsigned char)*value))
+                       value++;
+
+               /* Remove trailing space from value */
+               p = value + strlen(value) - 1;
+
+               while (*p == '\n' || isspace((unsigned char)*p))
+                       *p-- = 0;
+
+               if (!strcmp(keyword, "Count"))
+                       {
+                       if (Count != -1)
+                               goto parse_error;
+                       Count = atoi(value);
+                       if (Count < 0)
+                               goto parse_error;
+                       }
+               else if (!strcmp(keyword, "Klen"))
+                       {
+                       if (Klen != -1)
+                               goto parse_error;
+                       Klen = atoi(value);
+                       if (Klen < 0)
+                               goto parse_error;
+                       }
+               else if (!strcmp(keyword, "Mlen"))
+                       {
+                       if (Mlen != -1)
+                               goto parse_error;
+                       Mlen = atoi(value);
+                       if (Mlen < 0)
+                               goto parse_error;
+                       }
+               else if (!strcmp(keyword, "Tlen"))
+                       {
+                       if (Tlen != -1)
+                               goto parse_error;
+                       Tlen = atoi(value);
+                       if (Tlen < 0)
+                               goto parse_error;
+                       }
+               else if (!strcmp(keyword, "Key"))
+                       {
+                       if (Key)
+                               goto parse_error;
+                       Key = hex2bin_m(value, &Keylen);
+                       if (!Key)
+                               goto parse_error;
+                       }
+               else if (!strcmp(keyword, "Msg"))
+                       {
+                       if (Msg)
+                               goto parse_error;
+                       Msg = hex2bin_m(value, &Msglen);
+                       if (!Msg)
+                               goto parse_error;
+                       }
+               else if (!strcmp(keyword, "Mac"))
+                       {
+                       if (mode == 0)
+                               continue;
+                       if (Mac)
+                               goto parse_error;
+                       Mac = hex2bin_m(value, &Maclen);
+                       if (!Mac)
+                               goto parse_error;
+                       }
+               else if (!strcmp(keyword, "Result"))
+                       {
+                       if (mode == 1)
+                               continue;
+                       goto parse_error;
+                       }
+               else
+                       goto parse_error;
+
+               fputs(olinebuf, out);
+
+               switch(mode)
+                       {
+               case 0:
+                       if (Key && Msg && (Tlen > 0) && (Klen > 0))
+                               {
+                               if (!print_cmac_gen(cipher, out,
+                                               Key, Klen,
+                                               Msg, Mlen,
+                                               Tlen))
+                                       goto error;
+                               OPENSSL_free(Key);
+                               Key = NULL;
+                               OPENSSL_free(Msg);
+                               Msg = NULL;
+                               Klen = -1;
+                               Mlen = -1;
+                               Tlen = -1;
+                               Count = -1;
+                               }
+                       break;
+               case 1:
+                       if (Key && Msg && Mac && (Tlen > 0) && (Klen > 0))
+                               {
+                               if (!print_cmac_ver(cipher, out,
+                                               Key, Klen,
+                                               Msg, Mlen,
+                                               Mac, Maclen,
+                                               Tlen))
+                                       goto error;
+                               OPENSSL_free(Key);
+                               Key = NULL;
+                               OPENSSL_free(Msg);
+                               Msg = NULL;
+                               OPENSSL_free(Mac);
+                               Mac = NULL;
+                               Klen = -1;
+                               Mlen = -1;
+                               Tlen = -1;
+                               Count = -1;
+                               }
+                       break;
+                       }
+
+               }
+
+
+       ret = 1;
+
+
+       error:
+
+       if (olinebuf)
+               OPENSSL_free(olinebuf);
+       if (linebuf)
+               OPENSSL_free(linebuf);
+       if (Key)
+               OPENSSL_free(Key);
+       if (Msg)
+               OPENSSL_free(Msg);
+
+       return ret;
+
+       parse_error:
+
+       fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
+
+       goto error;
+
+       }
+
+static int print_cmac_gen(const EVP_CIPHER *cipher, FILE *out,
+               unsigned char *Key, int Klen,
+               unsigned char *Msg, int Mlen,
+               int Tlen)
+       {
+       int rc, i;
+       size_t reslen;
+       unsigned char res[1024];
+       CMAC_CTX *cmac_ctx = CMAC_CTX_new();
+
+       CMAC_Init(cmac_ctx, Key, Klen, cipher, 0);
+       CMAC_Update(cmac_ctx, Msg, Mlen);
+       if (!CMAC_Final(cmac_ctx, res, &reslen))
+               {
+               fputs("Error calculating CMAC\n", stderr);
+               rc = 0;
+               }
+       else if (Tlen > reslen)
+               {
+               fputs("Parameter error, Tlen > CMAC length\n", stderr);
+               rc = 0;
+               }
+       else
+               {
+               fputs("Mac = ", out);
+               for (i = 0; i < Tlen; i++)
+                       fprintf(out, "%02x", res[i]);
+               fputs("\n", out);
+               rc = 1;
+               }
+       CMAC_CTX_free(cmac_ctx);
+       return rc;
+       }
+
+static int print_cmac_ver(const EVP_CIPHER *cipher, FILE *out,
+               unsigned char *Key, int Klen,
+               unsigned char *Msg, int Mlen,
+               unsigned char *Mac, int Maclen,
+               int Tlen)
+       {
+       int rc;
+       size_t reslen;
+       unsigned char res[1024];
+       CMAC_CTX *cmac_ctx = CMAC_CTX_new();
+
+       CMAC_Init(cmac_ctx, Key, Klen, cipher, 0);
+       CMAC_Update(cmac_ctx, Msg, Mlen);
+       if (!CMAC_Final(cmac_ctx, res, &reslen))
+               {
+               fputs("Error calculating CMAC\n", stderr);
+               rc = 0;
+               }
+       else if (Tlen > reslen)
+               {
+               fputs("Parameter error, Tlen > CMAC length\n", stderr);
+               rc = 0;
+               }
+       else if (Tlen != Maclen)
+               {
+               fputs("Parameter error, Tlen != resulting Mac length\n", stderr);
+               rc = 0;
+               }
+       else
+               {
+               if (!memcmp(Mac, res, Maclen))
+                       fputs("Result = P\n", out);
+               else
+                       fputs("Result = F\n", out);
+               }
+       CMAC_CTX_free(cmac_ctx);
+       return rc;
+       }
+
+#endif
diff --git a/fips/cmac/lib b/fips/cmac/lib
new file mode 100644 (file)
index 0000000..604e7e7
--- /dev/null
@@ -0,0 +1 @@
+fips_cmac_selftest.o
index c7d4bb5..5ea4be1 100644 (file)
@@ -174,6 +174,7 @@ int FIPS_selftest(void)
 
     return FIPS_selftest_sha1()
        && FIPS_selftest_hmac()
+       && FIPS_selftest_cmac()
        && FIPS_selftest_aes()
        && FIPS_selftest_aes_gcm()
        && FIPS_selftest_des()
index 6dadc1e..110ee3c 100644 (file)
@@ -95,6 +95,7 @@ void FIPS_rng_stick(void);
 int FIPS_selftest_rng(void);
 int FIPS_selftest_hmac(void);
 int FIPS_selftest_drbg(void);
+int FIPS_selftest_cmac(void);
 
 unsigned int FIPS_incore_fingerprint(unsigned char *sig,unsigned int len);
 int FIPS_check_incore_fingerprint(void);
@@ -159,6 +160,8 @@ void FIPS_set_locking_callbacks(void (*func)(int mode, int type,
 #define EVP_CIPHER_CTX_ctrl FIPS_cipher_ctx_ctrl
 #define EVP_CIPHER_CTX_new FIPS_cipher_ctx_new
 #define EVP_CIPHER_CTX_free FIPS_cipher_ctx_free
+#define EVP_CIPHER_CTX_copy FIPS_cipher_ctx_copy
+#define EVP_CIPHER_CTX_set_key_length FIPS_cipher_ctx_set_key_length
 
 #define DSA_SIG_new FIPS_dsa_sig_new
 #define DSA_SIG_free FIPS_dsa_sig_free
@@ -205,6 +208,7 @@ void ERR_load_FIPS_strings(void);
 #define FIPS_F_FIPS_PKEY_SIGNATURE_TEST                         109
 #define FIPS_F_FIPS_SELFTEST_AES                        110
 #define FIPS_F_FIPS_SELFTEST_AES_GCM                    130
+#define FIPS_F_FIPS_SELFTEST_CMAC                       139
 #define FIPS_F_FIPS_SELFTEST_DES                        111
 #define FIPS_F_FIPS_SELFTEST_DSA                        112
 #define FIPS_F_FIPS_SELFTEST_ECDSA                      131
index b3db931..a25e5a1 100644 (file)
@@ -275,6 +275,54 @@ int FIPS_cipher_ctx_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
        return ret;
 }
 
+int FIPS_cipher_ctx_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
+       {
+       if ((in == NULL) || (in->cipher == NULL))
+               {
+               EVPerr(EVP_F_FIPS_CIPHER_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
+               return 0;
+               }
+
+       /* Only FIPS ciphers allowed */
+       if (FIPS_mode() && !(in->cipher->flags & EVP_CIPH_FLAG_FIPS) &&
+               !(out->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
+               {
+               EVPerr(EVP_F_FIPS_CIPHER_CTX_COPY, EVP_R_DISABLED_FOR_FIPS);
+               out->cipher = &bad_cipher;
+               return 0;
+               }
+
+       FIPS_cipher_ctx_cleanup(out);
+       memcpy(out,in,sizeof *out);
+
+       if (in->cipher_data && in->cipher->ctx_size)
+               {
+               out->cipher_data=OPENSSL_malloc(in->cipher->ctx_size);
+               if (!out->cipher_data)
+                       {
+                       EVPerr(EVP_F_FIPS_CIPHER_CTX_COPY,ERR_R_MALLOC_FAILURE);
+                       return 0;
+                       }
+               memcpy(out->cipher_data,in->cipher_data,in->cipher->ctx_size);
+               }
+
+       if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
+               return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out);
+       return 1;
+       }
+
+/* You can't really set the key length with FIPS, so just check that the
+   caller sets the length the context already has. */
+int FIPS_cipher_ctx_set_key_length(EVP_CIPHER_CTX *ctx, int keylen)
+       {
+       if (ctx->key_len == keylen)
+               return 1;
+
+       EVPerr(EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH,EVP_R_INVALID_KEY_LENGTH);
+       return 0;
+       }
+
+
 
 int FIPS_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                        const unsigned char *in, unsigned int inl)