From 8038511c27a530f6da76c8826a8d5614e806ba44 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 14 Apr 2011 13:10:00 +0000 Subject: [PATCH] Update CMAC, HMAC, GCM to use new POST system. Fix crash if callback not set. --- fips/aes/fips_aes_selftest.c | 46 ++++++++++++++---------- fips/cmac/fips_cmac_selftest.c | 61 +++++++++++++++++++------------ fips/fips.h | 1 - fips/fips_post.c | 6 ++-- fips/fips_test_suite.c | 8 ++--- fips/hmac/fips_hmac_selftest.c | 65 ++++++++++++++++++++++++---------- 6 files changed, 121 insertions(+), 66 deletions(-) diff --git a/fips/aes/fips_aes_selftest.c b/fips/aes/fips_aes_selftest.c index 403f4b74ca..8b0ffafd70 100644 --- a/fips/aes/fips_aes_selftest.c +++ b/fips/aes/fips_aes_selftest.c @@ -53,6 +53,7 @@ #include #include #include +#include "fips_locl.h" #ifdef OPENSSL_FIPS static struct @@ -123,22 +124,23 @@ static const unsigned char gcm_tag[] = { 0x98,0xf7,0x7e,0x0c }; -static int corrupt_aes_gcm = 0; - -void FIPS_corrupt_aes_gcm(void) - { - corrupt_aes_gcm = 1; - } - int FIPS_selftest_aes_gcm(void) { - int ret = 0; + int ret = 0, do_corrupt = 0; unsigned char out[128], tag[16]; EVP_CIPHER_CTX ctx; FIPS_cipher_ctx_init(&ctx); - FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 1); - FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, - sizeof(gcm_iv), NULL); + memset(out, 0, sizeof(out)); + memset(tag, 0, sizeof(tag)); + if (!fips_post_started(FIPS_TEST_GCM, 0, 0)) + return 1; + if (!fips_post_corrupt(FIPS_TEST_HMAC, 0, NULL)) + do_corrupt = 1; + if (!FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 1)) + goto err; + if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, + sizeof(gcm_iv), NULL)) + goto err; if (!FIPS_cipherinit(&ctx, NULL, gcm_key, gcm_iv, 1)) goto err; if (FIPS_cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0) @@ -154,13 +156,17 @@ int FIPS_selftest_aes_gcm(void) if (memcmp(tag, gcm_tag, 16) || memcmp(out, gcm_ct, 16)) goto err; + memset(out, 0, sizeof(out)); + /* Modify expected tag value */ - if (corrupt_aes_gcm) + if (do_corrupt) tag[0]++; - FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 0); - FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, - sizeof(gcm_iv), NULL); + if (!FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 0)) + goto err; + if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, + sizeof(gcm_iv), NULL)) + goto err; if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tag)) goto err; if (!FIPS_cipherinit(&ctx, NULL, gcm_key, gcm_iv, 0)) @@ -178,13 +184,17 @@ int FIPS_selftest_aes_gcm(void) ret = 1; err: + FIPS_cipher_ctx_cleanup(&ctx); if (ret == 0) + { + fips_post_failed(FIPS_TEST_GCM, 0, NULL); FIPSerr(FIPS_F_FIPS_SELFTEST_AES_GCM,FIPS_R_SELFTEST_FAILED); + return 0; + } + else + return fips_post_success(FIPS_TEST_GCM, 0, NULL); - FIPS_cipher_ctx_cleanup(&ctx); - - return ret; } #endif diff --git a/fips/cmac/fips_cmac_selftest.c b/fips/cmac/fips_cmac_selftest.c index 86646a2ff1..2550bc6364 100644 --- a/fips/cmac/fips_cmac_selftest.c +++ b/fips/cmac/fips_cmac_selftest.c @@ -53,6 +53,7 @@ #include #include #include +#include "fips_locl.h" #ifdef OPENSSL_FIPS typedef struct { @@ -107,29 +108,45 @@ static const CMAC_KAT vector[] = { }; int FIPS_selftest_cmac() - { - size_t n, outlen; - unsigned char out[32]; - const EVP_CIPHER *cipher; - CMAC_CTX *ctx = CMAC_CTX_new(); - const CMAC_KAT *t; - - for(n=0,t=vector; nalg)(); - CMAC_Init(ctx, t->key, t->keysize/8, cipher, 0); - CMAC_Update(ctx, t->msg, t->msgsize/8); - CMAC_Final(ctx, out, &outlen); - CMAC_CTX_cleanup(ctx); + size_t n, outlen; + unsigned char out[32]; + const EVP_CIPHER *cipher; + CMAC_CTX *ctx = CMAC_CTX_new(); + const CMAC_KAT *t; + int do_corrupt = 0, rv = 0; - if(outlen < t->macsize/8 || memcmp(out,t->mac,t->macsize/8)) - { - FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC,FIPS_R_SELFTEST_FAILED); - return 0; - } - } + if (!fips_post_started(FIPS_TEST_CMAC, 0, 0)) + return 1; + if (!fips_post_corrupt(FIPS_TEST_CMAC, 0, NULL)) + + for(n=0,t=vector; nalg)(); + CMAC_Init(ctx, t->key, t->keysize/8, cipher, 0); + CMAC_Update(ctx, t->msg, t->msgsize/8); + if (do_corrupt) + CMAC_Update(ctx, t->msg, 1); + CMAC_Final(ctx, out, &outlen); + CMAC_CTX_cleanup(ctx); + + if(outlen < t->macsize/8 || memcmp(out,t->mac,t->macsize/8)) + { + FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC,FIPS_R_SELFTEST_FAILED); + goto err; + } + } - CMAC_CTX_free(ctx); - return 1; - } + rv = 1; + err: + CMAC_CTX_free(ctx); + + if (rv == 0) + { + fips_post_failed(FIPS_TEST_CMAC, 0, NULL); + return 0; + } + + return fips_post_success(FIPS_TEST_CMAC, 0, NULL); + } #endif diff --git a/fips/fips.h b/fips/fips.h index 1e4b109ed0..1a35f73a11 100644 --- a/fips/fips.h +++ b/fips/fips.h @@ -74,7 +74,6 @@ int FIPS_selftest_failed(void); void FIPS_selftest_check(void); int FIPS_selftest_sha1(void); int FIPS_selftest_aes_gcm(void); -void FIPS_corrupt_aes_gcm(void); int FIPS_selftest_aes(void); int FIPS_selftest_des(void); int FIPS_selftest_rsa(void); diff --git a/fips/fips_post.c b/fips/fips_post.c index 1ab156fb3f..a6d0cfeae6 100644 --- a/fips/fips_post.c +++ b/fips/fips_post.c @@ -105,12 +105,14 @@ void fips_post_end(void) if (post_failure) { post_status = FIPS_POST_STATUS_FAILED; - fips_post_cb(FIPS_POST_END, 0, 0, NULL); + if(fips_post_cb) + fips_post_cb(FIPS_POST_END, 0, 0, NULL); } else { post_status = FIPS_POST_STATUS_OK; - fips_post_cb(FIPS_POST_END, 1, 0, NULL); + if (fips_post_cb) + fips_post_cb(FIPS_POST_END, 1, 0, NULL); } } diff --git a/fips/fips_test_suite.c b/fips/fips_test_suite.c index 168db53711..40676ae666 100644 --- a/fips/fips_test_suite.c +++ b/fips/fips_test_suite.c @@ -743,7 +743,7 @@ static int post_cb(int op, int id, int subid, void *ex) break; case FIPS_TEST_CMAC: - idstr = "HMAC"; + idstr = "CMAC"; break; case FIPS_TEST_GCM: @@ -845,8 +845,7 @@ int main(int argc,char **argv) fail_id = FIPS_TEST_CIPHER; fail_sub = NID_aes_128_ecb; } else if (!strcmp(argv[1], "aes-gcm")) { - FIPS_corrupt_aes_gcm(); - printf("AES-GCM encryption/decryption with corrupted KAT...\n"); + fail_id = FIPS_TEST_GCM; } else if (!strcmp(argv[1], "des")) { fail_id = FIPS_TEST_CIPHER; fail_sub = NID_des_ede3_ecb; @@ -877,7 +876,8 @@ int main(int argc,char **argv) no_exit = 1; } else if (!strcmp(argv[1], "sha1")) { fail_id = FIPS_TEST_DIGEST; - fail_sub = NID_sha1; + } else if (!strcmp(argv[1], "hmac")) { + fail_id = FIPS_TEST_HMAC; } else if (!strcmp(argv[1], "drbg")) { FIPS_corrupt_drbg(); } else if (!strcmp(argv[1], "rng")) { diff --git a/fips/hmac/fips_hmac_selftest.c b/fips/hmac/fips_hmac_selftest.c index a3967a4a77..fd8189040d 100644 --- a/fips/hmac/fips_hmac_selftest.c +++ b/fips/hmac/fips_hmac_selftest.c @@ -53,6 +53,7 @@ #include #include #include +#include "fips_locl.h" #ifdef OPENSSL_FIPS typedef struct { @@ -112,26 +113,52 @@ static const HMAC_KAT vector[] = { }; int FIPS_selftest_hmac() - { - size_t n; - unsigned int outlen; - unsigned char out[EVP_MAX_MD_SIZE]; - const EVP_MD *md; - const HMAC_KAT *t; - - for(n=0,t=vector; nalg)(); - HMAC(md,t->key,strlen(t->key), - (const unsigned char *)t->iv,strlen(t->iv), - out,&outlen); + size_t n; + unsigned int outlen; + unsigned char out[EVP_MAX_MD_SIZE]; + const EVP_MD *md; + const HMAC_KAT *t; + int rv = 0, do_corrupt = 0; + HMAC_CTX c; + HMAC_CTX_init(&c); + + if (!fips_post_started(FIPS_TEST_HMAC, 0, 0)) + return 1; + if (!fips_post_corrupt(FIPS_TEST_HMAC, 0, NULL)) + do_corrupt = 1; + + for(n=0,t=vector; nalg)(); + if (!HMAC_Init_ex(&c, t->key, strlen(t->key), md, NULL)) + goto err; + if (!HMAC_Update(&c, (const unsigned char *)t->iv, strlen(t->iv))) + goto err; + if (do_corrupt) + { + if (!HMAC_Update(&c, (const unsigned char *)t->iv, 1)) + goto err; + } + if (!HMAC_Final(&c, out, &outlen)) + goto err; + + if(memcmp(out,t->kaval,outlen)) + { + FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC,FIPS_R_SELFTEST_FAILED); + goto err; + } + } + + rv = 1; - if(memcmp(out,t->kaval,outlen)) - { - FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC,FIPS_R_SELFTEST_FAILED); - return 0; - } + err: + HMAC_CTX_cleanup(&c); + if (rv == 0) + { + fips_post_failed(FIPS_TEST_HMAC, 0, NULL); + return 0; + } + return fips_post_success(FIPS_TEST_HMAC, 0, NULL); } - return 1; - } #endif -- 2.34.1