提交 8038511c 编写于 作者: D Dr. Stephen Henson

Update CMAC, HMAC, GCM to use new POST system.

Fix crash if callback not set.
上级 a6311f85
......@@ -53,6 +53,7 @@
#include <openssl/err.h>
#include <openssl/fips.h>
#include <openssl/evp.h>
#include "fips_locl.h"
#ifdef OPENSSL_FIPS
static struct
......@@ -123,22 +124,23 @@ static const unsigned char gcm_tag[] = {
0x98,0xf7,0x7e,0x0c
};
static int corrupt_aes_gcm = 0;
void FIPS_corrupt_aes_gcm(void)
{
corrupt_aes_gcm = 1;
}
int FIPS_selftest_aes_gcm(void)
{
int ret = 0;
int ret = 0, do_corrupt = 0;
unsigned char out[128], tag[16];
EVP_CIPHER_CTX ctx;
FIPS_cipher_ctx_init(&ctx);
FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 1);
FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
sizeof(gcm_iv), NULL);
memset(out, 0, sizeof(out));
memset(tag, 0, sizeof(tag));
if (!fips_post_started(FIPS_TEST_GCM, 0, 0))
return 1;
if (!fips_post_corrupt(FIPS_TEST_HMAC, 0, NULL))
do_corrupt = 1;
if (!FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 1))
goto err;
if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
sizeof(gcm_iv), NULL))
goto err;
if (!FIPS_cipherinit(&ctx, NULL, gcm_key, gcm_iv, 1))
goto err;
if (FIPS_cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
......@@ -154,13 +156,17 @@ int FIPS_selftest_aes_gcm(void)
if (memcmp(tag, gcm_tag, 16) || memcmp(out, gcm_ct, 16))
goto err;
memset(out, 0, sizeof(out));
/* Modify expected tag value */
if (corrupt_aes_gcm)
if (do_corrupt)
tag[0]++;
FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 0);
FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
sizeof(gcm_iv), NULL);
if (!FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 0))
goto err;
if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
sizeof(gcm_iv), NULL))
goto err;
if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tag))
goto err;
if (!FIPS_cipherinit(&ctx, NULL, gcm_key, gcm_iv, 0))
......@@ -178,13 +184,17 @@ int FIPS_selftest_aes_gcm(void)
ret = 1;
err:
FIPS_cipher_ctx_cleanup(&ctx);
if (ret == 0)
{
fips_post_failed(FIPS_TEST_GCM, 0, NULL);
FIPSerr(FIPS_F_FIPS_SELFTEST_AES_GCM,FIPS_R_SELFTEST_FAILED);
return 0;
}
else
return fips_post_success(FIPS_TEST_GCM, 0, NULL);
FIPS_cipher_ctx_cleanup(&ctx);
return ret;
}
#endif
......@@ -53,6 +53,7 @@
#include <openssl/err.h>
#include <openssl/fips.h>
#include <openssl/cmac.h>
#include "fips_locl.h"
#ifdef OPENSSL_FIPS
typedef struct {
......@@ -107,29 +108,45 @@ static const CMAC_KAT vector[] = {
};
int FIPS_selftest_cmac()
{
size_t n, outlen;
unsigned char out[32];
const EVP_CIPHER *cipher;
CMAC_CTX *ctx = CMAC_CTX_new();
const CMAC_KAT *t;
for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
{
cipher = (*t->alg)();
CMAC_Init(ctx, t->key, t->keysize/8, cipher, 0);
CMAC_Update(ctx, t->msg, t->msgsize/8);
CMAC_Final(ctx, out, &outlen);
CMAC_CTX_cleanup(ctx);
size_t n, outlen;
unsigned char out[32];
const EVP_CIPHER *cipher;
CMAC_CTX *ctx = CMAC_CTX_new();
const CMAC_KAT *t;
int do_corrupt = 0, rv = 0;
if(outlen < t->macsize/8 || memcmp(out,t->mac,t->macsize/8))
{
FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC,FIPS_R_SELFTEST_FAILED);
return 0;
}
}
if (!fips_post_started(FIPS_TEST_CMAC, 0, 0))
return 1;
if (!fips_post_corrupt(FIPS_TEST_CMAC, 0, NULL))
for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
{
cipher = (*t->alg)();
CMAC_Init(ctx, t->key, t->keysize/8, cipher, 0);
CMAC_Update(ctx, t->msg, t->msgsize/8);
if (do_corrupt)
CMAC_Update(ctx, t->msg, 1);
CMAC_Final(ctx, out, &outlen);
CMAC_CTX_cleanup(ctx);
if(outlen < t->macsize/8 || memcmp(out,t->mac,t->macsize/8))
{
FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC,FIPS_R_SELFTEST_FAILED);
goto err;
}
}
CMAC_CTX_free(ctx);
return 1;
}
rv = 1;
err:
CMAC_CTX_free(ctx);
if (rv == 0)
{
fips_post_failed(FIPS_TEST_CMAC, 0, NULL);
return 0;
}
return fips_post_success(FIPS_TEST_CMAC, 0, NULL);
}
#endif
......@@ -74,7 +74,6 @@ int FIPS_selftest_failed(void);
void FIPS_selftest_check(void);
int FIPS_selftest_sha1(void);
int FIPS_selftest_aes_gcm(void);
void FIPS_corrupt_aes_gcm(void);
int FIPS_selftest_aes(void);
int FIPS_selftest_des(void);
int FIPS_selftest_rsa(void);
......
......@@ -105,12 +105,14 @@ void fips_post_end(void)
if (post_failure)
{
post_status = FIPS_POST_STATUS_FAILED;
fips_post_cb(FIPS_POST_END, 0, 0, NULL);
if(fips_post_cb)
fips_post_cb(FIPS_POST_END, 0, 0, NULL);
}
else
{
post_status = FIPS_POST_STATUS_OK;
fips_post_cb(FIPS_POST_END, 1, 0, NULL);
if (fips_post_cb)
fips_post_cb(FIPS_POST_END, 1, 0, NULL);
}
}
......
......@@ -743,7 +743,7 @@ static int post_cb(int op, int id, int subid, void *ex)
break;
case FIPS_TEST_CMAC:
idstr = "HMAC";
idstr = "CMAC";
break;
case FIPS_TEST_GCM:
......@@ -845,8 +845,7 @@ int main(int argc,char **argv)
fail_id = FIPS_TEST_CIPHER;
fail_sub = NID_aes_128_ecb;
} else if (!strcmp(argv[1], "aes-gcm")) {
FIPS_corrupt_aes_gcm();
printf("AES-GCM encryption/decryption with corrupted KAT...\n");
fail_id = FIPS_TEST_GCM;
} else if (!strcmp(argv[1], "des")) {
fail_id = FIPS_TEST_CIPHER;
fail_sub = NID_des_ede3_ecb;
......@@ -877,7 +876,8 @@ int main(int argc,char **argv)
no_exit = 1;
} else if (!strcmp(argv[1], "sha1")) {
fail_id = FIPS_TEST_DIGEST;
fail_sub = NID_sha1;
} else if (!strcmp(argv[1], "hmac")) {
fail_id = FIPS_TEST_HMAC;
} else if (!strcmp(argv[1], "drbg")) {
FIPS_corrupt_drbg();
} else if (!strcmp(argv[1], "rng")) {
......
......@@ -53,6 +53,7 @@
#include <openssl/err.h>
#include <openssl/fips.h>
#include <openssl/hmac.h>
#include "fips_locl.h"
#ifdef OPENSSL_FIPS
typedef struct {
......@@ -112,26 +113,52 @@ static const HMAC_KAT vector[] = {
};
int FIPS_selftest_hmac()
{
size_t n;
unsigned int outlen;
unsigned char out[EVP_MAX_MD_SIZE];
const EVP_MD *md;
const HMAC_KAT *t;
for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
{
md = (*t->alg)();
HMAC(md,t->key,strlen(t->key),
(const unsigned char *)t->iv,strlen(t->iv),
out,&outlen);
size_t n;
unsigned int outlen;
unsigned char out[EVP_MAX_MD_SIZE];
const EVP_MD *md;
const HMAC_KAT *t;
int rv = 0, do_corrupt = 0;
HMAC_CTX c;
HMAC_CTX_init(&c);
if (!fips_post_started(FIPS_TEST_HMAC, 0, 0))
return 1;
if (!fips_post_corrupt(FIPS_TEST_HMAC, 0, NULL))
do_corrupt = 1;
for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
{
md = (*t->alg)();
if (!HMAC_Init_ex(&c, t->key, strlen(t->key), md, NULL))
goto err;
if (!HMAC_Update(&c, (const unsigned char *)t->iv, strlen(t->iv)))
goto err;
if (do_corrupt)
{
if (!HMAC_Update(&c, (const unsigned char *)t->iv, 1))
goto err;
}
if (!HMAC_Final(&c, out, &outlen))
goto err;
if(memcmp(out,t->kaval,outlen))
{
FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC,FIPS_R_SELFTEST_FAILED);
goto err;
}
}
rv = 1;
if(memcmp(out,t->kaval,outlen))
{
FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC,FIPS_R_SELFTEST_FAILED);
return 0;
}
err:
HMAC_CTX_cleanup(&c);
if (rv == 0)
{
fips_post_failed(FIPS_TEST_HMAC, 0, NULL);
return 0;
}
return fips_post_success(FIPS_TEST_HMAC, 0, NULL);
}
return 1;
}
#endif
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册