Implement FIPS CMAC.

* fips/cmac/*: Implement the basis for FIPS CMAC, using FIPS HMAC as
  an example.
* crypto/cmac/cmac.c: Enable the FIPS API.  Change to use M_EVP macros
  where possible.
* crypto/evp/evp.h: (some of the macros get added with this change)
* fips/fips.h, fips/utl/fips_enc.c: Add a few needed functions and use
  macros to have cmac.c use these functions.
* Makefile.org, fips/Makefile, fips/fips.c: Hook it in.

Makefile.org

@@ -295,6 +295,7 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
 	../crypto/bn/bn_word.o \
 	../crypto/bn/bn_x931p.o \
 	../crypto/buffer/buf_str.o \
+	../crypto/cmac/cmac.o \
 	../crypto/cryptlib.o \
 	../crypto/des/cfb64ede.o \
 	../crypto/des/cfb64enc.o \

crypto/cmac/cmac.c

@@ -51,6 +51,8 @@
  * ====================================================================
  */
 
+#define OPENSSL_FIPSAPI
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -129,7 +131,7 @@ int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in)
 		return 0;
 	if (!EVP_CIPHER_CTX_copy(&out->cctx, &in->cctx))
 		return 0;
-	bl = EVP_CIPHER_CTX_block_size(&in->cctx);
+	bl = M_EVP_CIPHER_CTX_block_size(&in->cctx);
 	memcpy(out->k1, in->k1, bl);
 	memcpy(out->k2, in->k2, bl);
 	memcpy(out->tbl, in->tbl, bl);
@@ -148,31 +150,31 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
 		/* Not initialised */
 		if (ctx->nlast_block == -1)
 			return 0;
-		if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv))
+		if (!M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv))
 			return 0;
 		return 1;
 		}
 	/* Initialiase context */
-	if (cipher && !EVP_EncryptInit_ex(&ctx->cctx, cipher, impl, NULL, NULL))
+	if (cipher && !M_EVP_EncryptInit_ex(&ctx->cctx, cipher, impl, NULL, NULL))
 		return 0;
 	/* Non-NULL key means initialisation complete */
 	if (key)
 		{
 		int bl;
-		if (!EVP_CIPHER_CTX_cipher(&ctx->cctx))
+		if (!M_EVP_CIPHER_CTX_cipher(&ctx->cctx))
 			return 0;
 		if (!EVP_CIPHER_CTX_set_key_length(&ctx->cctx, keylen))
 			return 0;
-		if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, key, zero_iv))
+		if (!M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, key, zero_iv))
 			return 0;
-		bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);
+		bl = M_EVP_CIPHER_CTX_block_size(&ctx->cctx);
 		if (!EVP_Cipher(&ctx->cctx, ctx->tbl, zero_iv, bl))
 			return 0;
 		make_kn(ctx->k1, ctx->tbl, bl);
 		make_kn(ctx->k2, ctx->k1, bl);
 		OPENSSL_cleanse(ctx->tbl, bl);
 		/* Reset context again ready for first data block */
-		if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv))
+		if (!M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv))
 			return 0;
 		/* Zero tbl so resume works */
 		memset(ctx->tbl, 0, bl);
@@ -189,7 +191,7 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
 		return 0;
 	if (dlen == 0)
 		return 1;
-	bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);
+	bl = M_EVP_CIPHER_CTX_block_size(&ctx->cctx);
 	/* Copy into partial block if we need to */
 	if (ctx->nlast_block > 0)
 		{
@@ -228,7 +230,7 @@ int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen)
 	int i, bl, lb;
 	if (ctx->nlast_block == -1)
 		return 0;
-	bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);
+	bl = M_EVP_CIPHER_CTX_block_size(&ctx->cctx);
 	*poutlen = (size_t)bl;
 	if (!out)
 		return 1;
@@ -265,5 +267,5 @@ int CMAC_resume(CMAC_CTX *ctx)
 	 * So reinitliasing using the last decrypted block will allow
 	 * CMAC to continue after calling CMAC_Final(). 
 	 */
-	return EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, ctx->tbl);
+	return M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, ctx->tbl);
 	}

crypto/evp/evp.h

@@ -458,12 +458,23 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 #define M_EVP_MD_CTX_type(e)		M_EVP_MD_type(M_EVP_MD_CTX_md(e))
 #define M_EVP_MD_CTX_md(e)			((e)->digest)
 
-#define M_EVP_CIPHER_CTX_iv_length(e)	(e->cipher->iv_len)
-#define M_EVP_CIPHER_CTX_flags(e)	(e->cipher->flags)
+#define M_EVP_CIPHER_CTX_iv_length(e)	((e)->cipher->iv_len)
+#define M_EVP_CIPHER_CTX_flags(e)	((e)->cipher->flags)
+#define M_EVP_CIPHER_CTX_block_size(e)	((e)->cipher->block_size)
+#define M_EVP_CIPHER_CTX_cipher(e)	((e)->cipher)
 #define M_EVP_CIPHER_CTX_mode(e)	(M_EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE)
 
 #define M_EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
 
+#define M_EVP_EncryptInit(ctx,ciph,key,iv) \
+	(EVP_CipherInit(ctx,ciph,key,iv,1))
+#define M_EVP_EncryptInit_ex(ctx,ciph,impl,key,iv) \
+	(EVP_CipherInit_ex(ctx,ciph,impl,key,iv,1))
+#define M_EVP_DecryptInit(ctx,ciph,key,iv) \
+	(EVP_CipherInit(ctx,ciph,key,iv,0))
+#define M_EVP_DecryptInit_ex(ctx,ciph,impl,key,iv) \
+	(EVP_CipherInit_ex(ctx,ciph,impl,key,iv,0))
+
 int EVP_MD_type(const EVP_MD *md);
 #define EVP_MD_nid(e)			EVP_MD_type(e)
 #define EVP_MD_name(e)			OBJ_nid2sn(EVP_MD_nid(e))
@@ -1288,7 +1299,9 @@ void ERR_load_EVP_strings(void);
 #define EVP_F_EVP_SIGNFINAL				 107
 #define EVP_F_EVP_VERIFYFINAL				 108
 #define EVP_F_FIPS_CIPHERINIT				 166
+#define EVP_F_FIPS_CIPHER_CTX_COPY			 170
 #define EVP_F_FIPS_CIPHER_CTX_CTRL			 167
+#define EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH		 171
 #define EVP_F_FIPS_DIGESTINIT				 168
 #define EVP_F_FIPS_MD_CTX_COPY				 169
 #define EVP_F_INT_CTX_NEW				 157

fips/Makefile

@@ -35,7 +35,7 @@ AFLAGS=$(ASFLAGS)
 
 LIBS=
 
-FDIRS=sha rand des aes dsa ecdh ecdsa rsa dh hmac utl
+FDIRS=sha rand des aes dsa ecdh ecdsa rsa dh cmac hmac utl
 
 GENERAL=Makefile README fips-lib.com install.com
 
@@ -45,7 +45,7 @@ LIBSRC=fips.c
 LIBOBJ=fips.o
 
 FIPS_OBJ_LISTS=sha/lib hmac/lib rand/lib des/lib aes/lib dsa/lib rsa/lib \
-		dh/lib utl/lib ecdsa/lib
+		dh/lib utl/lib ecdsa/lib cmac/lib
 
 SRC= $(LIBSRC)
 

fips/cmac/Makefile

+#
+# OpenSSL/fips/cmac/Makefile
+#
+
+DIR=	cmac
+TOP=	../..
+CC=	cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=	Makefile
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=fips_cmactest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= fips_cmac_selftest.c
+LIBOBJ= fips_cmac_selftest.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	@echo $(LIBOBJ) > lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+	@$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
+
+install:
+	@headerlist="$(EXHEADER)"; for i in $$headerlist; \
+	do \
+	  (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	  chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+Q=../testvectors/cmac/req
+A=../testvectors/cmac/rsp
+
+fips_test:
+	-rm -rf $(A)
+	mkdir $(A)
+	if [ -f $(Q)/CMACGenAES256.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_cmactest -g < $(Q)/CMACGenAES256.req > $(A)/CMACGenAES256.rsp; fi
+	if [ -f $(Q)/CMACVerAES256.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_cmactest -v < $(Q)/CMACVerAES256.req > $(A)/CMACVerAES256.rsp; fi
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+fips_cmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_cmac_selftest.o: ../../include/openssl/cmac.h
+fips_cmac_selftest.o: ../../include/openssl/crypto.h
+fips_cmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+fips_cmac_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+fips_cmac_selftest.o: ../../include/openssl/lhash.h
+fips_cmac_selftest.o: ../../include/openssl/obj_mac.h
+fips_cmac_selftest.o: ../../include/openssl/objects.h
+fips_cmac_selftest.o: ../../include/openssl/opensslconf.h
+fips_cmac_selftest.o: ../../include/openssl/opensslv.h
+fips_cmac_selftest.o: ../../include/openssl/ossl_typ.h
+fips_cmac_selftest.o: ../../include/openssl/safestack.h
+fips_cmac_selftest.o: ../../include/openssl/stack.h
+fips_cmac_selftest.o: ../../include/openssl/symhacks.h fips_cmac_selftest.c
+fips_cmactest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_cmactest.o: ../../include/openssl/bn.h ../../include/openssl/cmac.h
+fips_cmactest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+fips_cmactest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_cmactest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+fips_cmactest.o: ../../include/openssl/obj_mac.h
+fips_cmactest.o: ../../include/openssl/objects.h
+fips_cmactest.o: ../../include/openssl/opensslconf.h
+fips_cmactest.o: ../../include/openssl/opensslv.h
+fips_cmactest.o: ../../include/openssl/ossl_typ.h
+fips_cmactest.o: ../../include/openssl/safestack.h
+fips_cmactest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_cmactest.o: ../fips_utl.h fips_cmactest.c

fips/cmac/fips_cmac_selftest.c

+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#define OPENSSL_FIPSAPI
+
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+#include <openssl/cmac.h>
+
+#ifdef OPENSSL_FIPS
+typedef struct {
+	const EVP_CIPHER *(*alg)(void);
+	const unsigned char key[EVP_MAX_KEY_LENGTH]; int keysize;
+	const unsigned char msg[64]; int msgsize;
+	const unsigned char mac[32]; int macsize;
+} CMAC_KAT;
+
+/* from http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf */
+static const CMAC_KAT vector[] = {
+    {	EVP_aes_128_cbc,	/* Example 3: Mlen = 320 */
+	{ 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
+	  0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c }, 128,
+	{ 0x6b,0xc1,0xbe,0xe2, 0x2e,0x40,0x9f,0x96,
+	  0xe9,0x3d,0x7e,0x11, 0x73,0x93,0x17,0x2a,
+	  0xae,0x2d,0x8a,0x57, 0x1e,0x03,0xac,0x9c,
+	  0x9e,0xb7,0x6f,0xac, 0x45,0xaf,0x8e,0x51,
+	  0x30,0xc8,0x1c,0x46, 0xa3,0x5c,0xe4,0x11 }, 320,
+	{ 0xdf,0xa6,0x67,0x47, 0xde,0x9a,0xe6,0x30,
+	  0x30,0xca,0x32,0x61, 0x14,0x97,0xc8,0x27 }, 128
+    },
+    {	EVP_aes_192_cbc,	/* Example 5: Mlen = 0 */
+	{ 0x8e,0x73,0xb0,0xf7, 0xda,0x0e,0x64,0x52,
+	  0xc8,0x10,0xf3,0x2b, 0x80,0x90,0x79,0xe5,
+	  0x62,0xf8,0xea,0xd2, 0x52,0x2c,0x6b,0x7b, }, 192,
+	{ 0x0 }, 0,
+	{ 0xd1,0x7d,0xdf,0x46, 0xad,0xaa,0xcd,0xe5,
+	  0x31,0xca,0xc4,0x83, 0xde,0x7a,0x93,0x67, }, 128
+    },
+    {	EVP_aes_256_cbc,	/* Example 12: Mlen = 512 */
+	{ 0x60,0x3d,0xeb,0x10, 0x15,0xca,0x71,0xbe,
+	  0x2b,0x73,0xae,0xf0, 0x85,0x7d,0x77,0x81,
+	  0x1f,0x35,0x2c,0x07, 0x3b,0x61,0x08,0xd7,
+	  0x2d,0x98,0x10,0xa3, 0x09,0x14,0xdf,0xf4, }, 256,
+	{ 0x6b,0xc1,0xbe,0xe2, 0x2e,0x40,0x9f,0x96,
+	  0xe9,0x3d,0x7e,0x11, 0x73,0x93,0x17,0x2a,
+	  0xae,0x2d,0x8a,0x57, 0x1e,0x03,0xac,0x9c,
+	  0x9e,0xb7,0x6f,0xac, 0x45,0xaf,0x8e,0x51,
+	  0x30,0xc8,0x1c,0x46, 0xa3,0x5c,0xe4,0x11,
+	  0xe5,0xfb,0xc1,0x19, 0x1a,0x0a,0x52,0xef,
+	  0xf6,0x9f,0x24,0x45, 0xdf,0x4f,0x9b,0x17,
+	  0xad,0x2b,0x41,0x7b, 0xe6,0x6c,0x37,0x10, }, 512,
+	{ 0xe1,0x99,0x21,0x90, 0x54,0x9f,0x6e,0xd5,
+	  0x69,0x6a,0x2c,0x05, 0x6c,0x31,0x54,0x10, }, 128,
+    },
+# if 0
+    /* Removed because the actual result was:
+	  0x74,0x3d,0xdb,0xe0,  0xce,0x2d,0xc2,0xed
+       I suspect an error on my part -- Richard Levitte
+     */
+    {	EVP_des_ede3_cbc,	/* Example 15: Mlen = 160 */
+	{ 0x8a,0xa8,0x3b,0xf8, 0xcb,0xda,0x10,0x62,
+	  0x0b,0xc1,0xbf,0x19, 0xfb,0xb6,0xcd,0x58,
+	  0xbc,0x31,0x3d,0x4a, 0x37,0x1c,0xa8,0xb5, }, 192,
+	{ 0x6b,0xc1,0xbe,0xe2, 0x2e,0x40,0x9f,0x96,
+	  0xe9,0x3d,0x7e,0x11, 0x73,0x93,0x17,0x2a,
+	  0xae,0x2d,0x8a,0x57, }, 160,
+	{ 0xd3,0x2b,0xce,0xbe, 0x43,0xd2,0x3d,0x80, }, 64,
+    },
+# endif
+};
+
+int FIPS_selftest_cmac()
+    {
+    size_t n;
+    unsigned int     outlen;
+    unsigned char    out[32];
+    const EVP_CIPHER *cipher;
+    CMAC_CTX *ctx = CMAC_CTX_new();
+    const CMAC_KAT *t;
+
+    for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
+	{
+	cipher = (*t->alg)();
+	CMAC_Init(ctx, t->key, t->keysize/8, cipher, 0);
+	CMAC_Update(ctx, t->msg, t->msgsize/8);
+	CMAC_Final(ctx, out, &outlen);
+	CMAC_CTX_cleanup(ctx);
+
+	if(outlen != t->macsize/8 || memcmp(out,t->mac,outlen))
+	    {
+	    FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC,FIPS_R_SELFTEST_FAILED);
+	    return 0;
+	    }
+	}
+
+    CMAC_CTX_free(ctx);
+    return 1;
+    }
+#endif

fips/cmac/fips_cmactest.c

+/* fips_cmactest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#define OPENSSL_FIPSAPI
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/cmac.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+    printf("No FIPS CMAC support\n");
+    return(0);
+}
+
+#else
+
+#include <openssl/fips.h>
+#include "fips_utl.h"
+
+static int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in, int mode);
+static int print_cmac_gen(const EVP_CIPHER *cipher, FILE *out,
+		unsigned char *Key, int Klen,
+		unsigned char *Msg, int Msglen,
+		int Tlen);
+static int print_cmac_ver(const EVP_CIPHER *cipher, FILE *out,
+		unsigned char *Key, int Klen,
+		unsigned char *Msg, int Msglen,
+		unsigned char *Mac, int Maclen,
+		int Tlen);
+
+int main(int argc, char **argv)
+	{
+	FILE *in = NULL, *out = NULL;
+	int mode = 0;		/* 0 => Generate, 1 => Verify */
+
+	int ret = 1;
+	fips_set_error_print();
+	if(!FIPS_mode_set(1))
+		goto end;
+
+	if (argc > 1 && argv[1][0] == '-')
+		{
+		if (strcmp(argv[1], "-g") == 0)
+			mode = 0;
+		else if (strcmp(argv[1], "-v") == 0)
+			mode = 1;
+		else
+			{
+			fprintf(stderr, "Unknown option %s\n", argv[1]);
+			goto end;
+			}
+		argv++;
+		argc--;
+		}
+	if (argc == 1)
+		in = stdin;
+	else
+		in = fopen(argv[1], "r");
+
+	if (argc < 2)
+		out = stdout;
+	else
+		out = fopen(argv[2], "w");
+
+	if (!in)
+		{
+		fprintf(stderr, "FATAL input initialization error\n");
+		goto end;
+		}
+
+	if (!out)
+		{
+		fprintf(stderr, "FATAL output initialization error\n");
+		goto end;
+		}
+
+	if (!cmac_test(EVP_aes_256_cbc(), out, in, mode))
+		{
+		fprintf(stderr, "FATAL cmac file processing error\n");
+		goto end;
+		}
+	else
+		ret = 0;
+
+	end:
+
+	if (in && (in != stdin))
+		fclose(in);
+	if (out && (out != stdout))
+		fclose(out);
+
+	return ret;
+
+	}
+
+#define CMAC_TEST_MAXLINELEN	1024
+
+int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in, int mode)
+	{
+	char *linebuf, *olinebuf, *p, *q;
+	char *keyword, *value;
+	unsigned char *Key = NULL, *Msg = NULL, *Mac = NULL;
+	int Count, Klen, Mlen, Tlen;
+	long Keylen, Msglen, Maclen;
+	int ret = 0;
+	int lnum = 0;
+
+	olinebuf = OPENSSL_malloc(CMAC_TEST_MAXLINELEN);
+	linebuf = OPENSSL_malloc(CMAC_TEST_MAXLINELEN);
+
+	if (!linebuf || !olinebuf)
+		goto error;
+
+	Count = -1;
+	Klen = -1;
+	Mlen = -1;
+	Tlen = -1;
+
+	while (fgets(olinebuf, CMAC_TEST_MAXLINELEN, in))
+		{
+		lnum++;
+		strcpy(linebuf, olinebuf);
+		keyword = linebuf;
+		/* Skip leading space */
+		while (isspace((unsigned char)*keyword))
+			keyword++;
+
+		/* Skip comments */
+		if (keyword[0] == '#')
+			{
+			if (fputs(olinebuf, out) < 0)
+				goto error;
+			continue;
+			}
+
+		/* Look for = sign */
+		p = strchr(linebuf, '=');
+
+		/* If no = or starts with [ (for [L=20] line) just copy */
+		if (!p)
+			{
+			if (fputs(olinebuf, out) < 0)
+				goto error;
+			continue;
+			}
+
+		q = p - 1;
+
+		/* Remove trailing space */
+		while (isspace((unsigned char)*q))
+			*q-- = 0;
+
+		*p = 0;
+		value = p + 1;
+
+		/* Remove leading space from value */
+		while (isspace((unsigned char)*value))
+			value++;
+
+		/* Remove trailing space from value */
+		p = value + strlen(value) - 1;
+
+		while (*p == '\n' || isspace((unsigned char)*p))
+			*p-- = 0;
+
+		if (!strcmp(keyword, "Count"))
+			{
+			if (Count != -1)
+				goto parse_error;
+			Count = atoi(value);
+			if (Count < 0)
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "Klen"))
+			{
+			if (Klen != -1)
+				goto parse_error;
+			Klen = atoi(value);
+			if (Klen < 0)
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "Mlen"))
+			{
+			if (Mlen != -1)
+				goto parse_error;
+			Mlen = atoi(value);
+			if (Mlen < 0)
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "Tlen"))
+			{
+			if (Tlen != -1)
+				goto parse_error;
+			Tlen = atoi(value);
+			if (Tlen < 0)
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "Key"))
+			{
+			if (Key)
+				goto parse_error;
+			Key = hex2bin_m(value, &Keylen);
+			if (!Key)
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "Msg"))
+			{
+			if (Msg)
+				goto parse_error;
+			Msg = hex2bin_m(value, &Msglen);
+			if (!Msg)
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "Mac"))
+			{
+			if (mode == 0)
+				continue;
+			if (Mac)
+				goto parse_error;
+			Mac = hex2bin_m(value, &Maclen);
+			if (!Mac)
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "Result"))
+			{
+			if (mode == 1)
+				continue;
+			goto parse_error;
+			}
+		else
+			goto parse_error;
+
+		fputs(olinebuf, out);
+
+		switch(mode)
+			{
+		case 0:
+			if (Key && Msg && (Tlen > 0) && (Klen > 0))
+				{
+				if (!print_cmac_gen(cipher, out,
+						Key, Klen,
+						Msg, Mlen,
+						Tlen))
+					goto error;
+				OPENSSL_free(Key);
+				Key = NULL;
+				OPENSSL_free(Msg);
+				Msg = NULL;
+				Klen = -1;
+				Mlen = -1;
+				Tlen = -1;
+				Count = -1;
+				}
+			break;
+		case 1:
+			if (Key && Msg && Mac && (Tlen > 0) && (Klen > 0))
+				{
+				if (!print_cmac_ver(cipher, out,
+						Key, Klen,
+						Msg, Mlen,
+						Mac, Maclen,
+						Tlen))
+					goto error;
+				OPENSSL_free(Key);
+				Key = NULL;
+				OPENSSL_free(Msg);
+				Msg = NULL;
+				OPENSSL_free(Mac);
+				Mac = NULL;
+				Klen = -1;
+				Mlen = -1;
+				Tlen = -1;
+				Count = -1;
+				}
+			break;
+			}
+
+		}
+
+
+	ret = 1;
+
+
+	error:
+
+	if (olinebuf)
+		OPENSSL_free(olinebuf);
+	if (linebuf)
+		OPENSSL_free(linebuf);
+	if (Key)
+		OPENSSL_free(Key);
+	if (Msg)
+		OPENSSL_free(Msg);
+
+	return ret;
+
+	parse_error:
+
+	fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
+
+	goto error;
+
+	}
+
+static int print_cmac_gen(const EVP_CIPHER *cipher, FILE *out,
+		unsigned char *Key, int Klen,
+		unsigned char *Msg, int Mlen,
+		int Tlen)
+	{
+	int rc, i;
+	size_t reslen;
+	unsigned char res[1024];
+	CMAC_CTX *cmac_ctx = CMAC_CTX_new();
+
+	CMAC_Init(cmac_ctx, Key, Klen, cipher, 0);
+	CMAC_Update(cmac_ctx, Msg, Mlen);
+	if (!CMAC_Final(cmac_ctx, res, &reslen))
+		{
+		fputs("Error calculating CMAC\n", stderr);
+		rc = 0;
+		}
+	else if (Tlen > reslen)
+		{
+		fputs("Parameter error, Tlen > CMAC length\n", stderr);
+		rc = 0;
+		}
+	else
+		{
+		fputs("Mac = ", out);
+		for (i = 0; i < Tlen; i++)
+			fprintf(out, "%02x", res[i]);
+		fputs("\n", out);
+		rc = 1;
+		}
+	CMAC_CTX_free(cmac_ctx);
+	return rc;
+	}
+
+static int print_cmac_ver(const EVP_CIPHER *cipher, FILE *out,
+		unsigned char *Key, int Klen,
+		unsigned char *Msg, int Mlen,
+		unsigned char *Mac, int Maclen,
+		int Tlen)
+	{
+	int rc;
+	size_t reslen;
+	unsigned char res[1024];
+	CMAC_CTX *cmac_ctx = CMAC_CTX_new();
+
+	CMAC_Init(cmac_ctx, Key, Klen, cipher, 0);
+	CMAC_Update(cmac_ctx, Msg, Mlen);
+	if (!CMAC_Final(cmac_ctx, res, &reslen))
+		{
+		fputs("Error calculating CMAC\n", stderr);
+		rc = 0;
+		}
+	else if (Tlen > reslen)
+		{
+		fputs("Parameter error, Tlen > CMAC length\n", stderr);
+		rc = 0;
+		}
+	else if (Tlen != Maclen)
+		{
+		fputs("Parameter error, Tlen != resulting Mac length\n", stderr);
+		rc = 0;
+		}
+	else
+		{
+		if (!memcmp(Mac, res, Maclen))
+			fputs("Result = P\n", out);
+		else
+			fputs("Result = F\n", out);
+		}
+	CMAC_CTX_free(cmac_ctx);
+	return rc;
+	}
+
+#endif

fips/cmac/lib

+fips_cmac_selftest.o

fips/fips.c

@@ -174,6 +174,7 @@ int FIPS_selftest(void)
 
     return FIPS_selftest_sha1()
 	&& FIPS_selftest_hmac()
+	&& FIPS_selftest_cmac()
 	&& FIPS_selftest_aes()
 	&& FIPS_selftest_aes_gcm()
 	&& FIPS_selftest_des()

fips/fips.h

@@ -95,6 +95,7 @@ void FIPS_rng_stick(void);
 int FIPS_selftest_rng(void);
 int FIPS_selftest_hmac(void);
 int FIPS_selftest_drbg(void);
+int FIPS_selftest_cmac(void);
 
 unsigned int FIPS_incore_fingerprint(unsigned char *sig,unsigned int len);
 int FIPS_check_incore_fingerprint(void);
@@ -159,6 +160,8 @@ void FIPS_set_locking_callbacks(void (*func)(int mode, int type,
 #define EVP_CIPHER_CTX_ctrl FIPS_cipher_ctx_ctrl
 #define EVP_CIPHER_CTX_new FIPS_cipher_ctx_new
 #define EVP_CIPHER_CTX_free FIPS_cipher_ctx_free
+#define EVP_CIPHER_CTX_copy FIPS_cipher_ctx_copy
+#define EVP_CIPHER_CTX_set_key_length FIPS_cipher_ctx_set_key_length
 
 #define DSA_SIG_new FIPS_dsa_sig_new
 #define DSA_SIG_free FIPS_dsa_sig_free
@@ -205,6 +208,7 @@ void ERR_load_FIPS_strings(void);
 #define FIPS_F_FIPS_PKEY_SIGNATURE_TEST			 109
 #define FIPS_F_FIPS_SELFTEST_AES			 110
 #define FIPS_F_FIPS_SELFTEST_AES_GCM			 130
+#define FIPS_F_FIPS_SELFTEST_CMAC			 139
 #define FIPS_F_FIPS_SELFTEST_DES			 111
 #define FIPS_F_FIPS_SELFTEST_DSA			 112
 #define FIPS_F_FIPS_SELFTEST_ECDSA			 131

fips/utl/fips_enc.c

@@ -275,6 +275,54 @@ int FIPS_cipher_ctx_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
 	return ret;
 }
 
+int FIPS_cipher_ctx_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
+	{
+	if ((in == NULL) || (in->cipher == NULL))
+		{
+		EVPerr(EVP_F_FIPS_CIPHER_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
+		return 0;
+		}
+
+	/* Only FIPS ciphers allowed */
+	if (FIPS_mode() && !(in->cipher->flags & EVP_CIPH_FLAG_FIPS) &&
+		!(out->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
+		{
+		EVPerr(EVP_F_FIPS_CIPHER_CTX_COPY, EVP_R_DISABLED_FOR_FIPS);
+		out->cipher = &bad_cipher;
+		return 0;
+		}
+
+	FIPS_cipher_ctx_cleanup(out);
+	memcpy(out,in,sizeof *out);
+
+	if (in->cipher_data && in->cipher->ctx_size)
+		{
+		out->cipher_data=OPENSSL_malloc(in->cipher->ctx_size);
+		if (!out->cipher_data)
+			{
+			EVPerr(EVP_F_FIPS_CIPHER_CTX_COPY,ERR_R_MALLOC_FAILURE);
+			return 0;
+			}
+		memcpy(out->cipher_data,in->cipher_data,in->cipher->ctx_size);
+		}
+
+	if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
+		return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out);
+	return 1;
+	}
+
+/* You can't really set the key length with FIPS, so just check that the
+   caller sets the length the context already has. */
+int FIPS_cipher_ctx_set_key_length(EVP_CIPHER_CTX *ctx, int keylen)
+	{
+	if (ctx->key_len == keylen)
+		return 1;
+
+	EVPerr(EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH,EVP_R_INVALID_KEY_LENGTH);
+	return 0;
+	}
+
+
 
 int FIPS_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 			const unsigned char *in, unsigned int inl)