提交 8038511c 编写于 作者: D Dr. Stephen Henson

Update CMAC, HMAC, GCM to use new POST system.

Fix crash if callback not set.
上级 a6311f85
...@@ -53,6 +53,7 @@ ...@@ -53,6 +53,7 @@
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/fips.h> #include <openssl/fips.h>
#include <openssl/evp.h> #include <openssl/evp.h>
#include "fips_locl.h"
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS
static struct static struct
...@@ -123,22 +124,23 @@ static const unsigned char gcm_tag[] = { ...@@ -123,22 +124,23 @@ static const unsigned char gcm_tag[] = {
0x98,0xf7,0x7e,0x0c 0x98,0xf7,0x7e,0x0c
}; };
static int corrupt_aes_gcm = 0;
void FIPS_corrupt_aes_gcm(void)
{
corrupt_aes_gcm = 1;
}
int FIPS_selftest_aes_gcm(void) int FIPS_selftest_aes_gcm(void)
{ {
int ret = 0; int ret = 0, do_corrupt = 0;
unsigned char out[128], tag[16]; unsigned char out[128], tag[16];
EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX ctx;
FIPS_cipher_ctx_init(&ctx); FIPS_cipher_ctx_init(&ctx);
FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 1); memset(out, 0, sizeof(out));
FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, memset(tag, 0, sizeof(tag));
sizeof(gcm_iv), NULL); if (!fips_post_started(FIPS_TEST_GCM, 0, 0))
return 1;
if (!fips_post_corrupt(FIPS_TEST_HMAC, 0, NULL))
do_corrupt = 1;
if (!FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 1))
goto err;
if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
sizeof(gcm_iv), NULL))
goto err;
if (!FIPS_cipherinit(&ctx, NULL, gcm_key, gcm_iv, 1)) if (!FIPS_cipherinit(&ctx, NULL, gcm_key, gcm_iv, 1))
goto err; goto err;
if (FIPS_cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0) if (FIPS_cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
...@@ -154,13 +156,17 @@ int FIPS_selftest_aes_gcm(void) ...@@ -154,13 +156,17 @@ int FIPS_selftest_aes_gcm(void)
if (memcmp(tag, gcm_tag, 16) || memcmp(out, gcm_ct, 16)) if (memcmp(tag, gcm_tag, 16) || memcmp(out, gcm_ct, 16))
goto err; goto err;
memset(out, 0, sizeof(out));
/* Modify expected tag value */ /* Modify expected tag value */
if (corrupt_aes_gcm) if (do_corrupt)
tag[0]++; tag[0]++;
FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 0); if (!FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 0))
FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, goto err;
sizeof(gcm_iv), NULL); if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
sizeof(gcm_iv), NULL))
goto err;
if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tag)) if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tag))
goto err; goto err;
if (!FIPS_cipherinit(&ctx, NULL, gcm_key, gcm_iv, 0)) if (!FIPS_cipherinit(&ctx, NULL, gcm_key, gcm_iv, 0))
...@@ -178,13 +184,17 @@ int FIPS_selftest_aes_gcm(void) ...@@ -178,13 +184,17 @@ int FIPS_selftest_aes_gcm(void)
ret = 1; ret = 1;
err: err:
FIPS_cipher_ctx_cleanup(&ctx);
if (ret == 0) if (ret == 0)
{
fips_post_failed(FIPS_TEST_GCM, 0, NULL);
FIPSerr(FIPS_F_FIPS_SELFTEST_AES_GCM,FIPS_R_SELFTEST_FAILED); FIPSerr(FIPS_F_FIPS_SELFTEST_AES_GCM,FIPS_R_SELFTEST_FAILED);
return 0;
}
else
return fips_post_success(FIPS_TEST_GCM, 0, NULL);
FIPS_cipher_ctx_cleanup(&ctx);
return ret;
} }
#endif #endif
...@@ -53,6 +53,7 @@ ...@@ -53,6 +53,7 @@
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/fips.h> #include <openssl/fips.h>
#include <openssl/cmac.h> #include <openssl/cmac.h>
#include "fips_locl.h"
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS
typedef struct { typedef struct {
...@@ -107,29 +108,45 @@ static const CMAC_KAT vector[] = { ...@@ -107,29 +108,45 @@ static const CMAC_KAT vector[] = {
}; };
int FIPS_selftest_cmac() int FIPS_selftest_cmac()
{
size_t n, outlen;
unsigned char out[32];
const EVP_CIPHER *cipher;
CMAC_CTX *ctx = CMAC_CTX_new();
const CMAC_KAT *t;
for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
{ {
cipher = (*t->alg)(); size_t n, outlen;
CMAC_Init(ctx, t->key, t->keysize/8, cipher, 0); unsigned char out[32];
CMAC_Update(ctx, t->msg, t->msgsize/8); const EVP_CIPHER *cipher;
CMAC_Final(ctx, out, &outlen); CMAC_CTX *ctx = CMAC_CTX_new();
CMAC_CTX_cleanup(ctx); const CMAC_KAT *t;
int do_corrupt = 0, rv = 0;
if(outlen < t->macsize/8 || memcmp(out,t->mac,t->macsize/8)) if (!fips_post_started(FIPS_TEST_CMAC, 0, 0))
{ return 1;
FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC,FIPS_R_SELFTEST_FAILED); if (!fips_post_corrupt(FIPS_TEST_CMAC, 0, NULL))
return 0;
} for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
} {
cipher = (*t->alg)();
CMAC_Init(ctx, t->key, t->keysize/8, cipher, 0);
CMAC_Update(ctx, t->msg, t->msgsize/8);
if (do_corrupt)
CMAC_Update(ctx, t->msg, 1);
CMAC_Final(ctx, out, &outlen);
CMAC_CTX_cleanup(ctx);
if(outlen < t->macsize/8 || memcmp(out,t->mac,t->macsize/8))
{
FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC,FIPS_R_SELFTEST_FAILED);
goto err;
}
}
CMAC_CTX_free(ctx); rv = 1;
return 1; err:
} CMAC_CTX_free(ctx);
if (rv == 0)
{
fips_post_failed(FIPS_TEST_CMAC, 0, NULL);
return 0;
}
return fips_post_success(FIPS_TEST_CMAC, 0, NULL);
}
#endif #endif
...@@ -74,7 +74,6 @@ int FIPS_selftest_failed(void); ...@@ -74,7 +74,6 @@ int FIPS_selftest_failed(void);
void FIPS_selftest_check(void); void FIPS_selftest_check(void);
int FIPS_selftest_sha1(void); int FIPS_selftest_sha1(void);
int FIPS_selftest_aes_gcm(void); int FIPS_selftest_aes_gcm(void);
void FIPS_corrupt_aes_gcm(void);
int FIPS_selftest_aes(void); int FIPS_selftest_aes(void);
int FIPS_selftest_des(void); int FIPS_selftest_des(void);
int FIPS_selftest_rsa(void); int FIPS_selftest_rsa(void);
......
...@@ -105,12 +105,14 @@ void fips_post_end(void) ...@@ -105,12 +105,14 @@ void fips_post_end(void)
if (post_failure) if (post_failure)
{ {
post_status = FIPS_POST_STATUS_FAILED; post_status = FIPS_POST_STATUS_FAILED;
fips_post_cb(FIPS_POST_END, 0, 0, NULL); if(fips_post_cb)
fips_post_cb(FIPS_POST_END, 0, 0, NULL);
} }
else else
{ {
post_status = FIPS_POST_STATUS_OK; post_status = FIPS_POST_STATUS_OK;
fips_post_cb(FIPS_POST_END, 1, 0, NULL); if (fips_post_cb)
fips_post_cb(FIPS_POST_END, 1, 0, NULL);
} }
} }
......
...@@ -743,7 +743,7 @@ static int post_cb(int op, int id, int subid, void *ex) ...@@ -743,7 +743,7 @@ static int post_cb(int op, int id, int subid, void *ex)
break; break;
case FIPS_TEST_CMAC: case FIPS_TEST_CMAC:
idstr = "HMAC"; idstr = "CMAC";
break; break;
case FIPS_TEST_GCM: case FIPS_TEST_GCM:
...@@ -845,8 +845,7 @@ int main(int argc,char **argv) ...@@ -845,8 +845,7 @@ int main(int argc,char **argv)
fail_id = FIPS_TEST_CIPHER; fail_id = FIPS_TEST_CIPHER;
fail_sub = NID_aes_128_ecb; fail_sub = NID_aes_128_ecb;
} else if (!strcmp(argv[1], "aes-gcm")) { } else if (!strcmp(argv[1], "aes-gcm")) {
FIPS_corrupt_aes_gcm(); fail_id = FIPS_TEST_GCM;
printf("AES-GCM encryption/decryption with corrupted KAT...\n");
} else if (!strcmp(argv[1], "des")) { } else if (!strcmp(argv[1], "des")) {
fail_id = FIPS_TEST_CIPHER; fail_id = FIPS_TEST_CIPHER;
fail_sub = NID_des_ede3_ecb; fail_sub = NID_des_ede3_ecb;
...@@ -877,7 +876,8 @@ int main(int argc,char **argv) ...@@ -877,7 +876,8 @@ int main(int argc,char **argv)
no_exit = 1; no_exit = 1;
} else if (!strcmp(argv[1], "sha1")) { } else if (!strcmp(argv[1], "sha1")) {
fail_id = FIPS_TEST_DIGEST; fail_id = FIPS_TEST_DIGEST;
fail_sub = NID_sha1; } else if (!strcmp(argv[1], "hmac")) {
fail_id = FIPS_TEST_HMAC;
} else if (!strcmp(argv[1], "drbg")) { } else if (!strcmp(argv[1], "drbg")) {
FIPS_corrupt_drbg(); FIPS_corrupt_drbg();
} else if (!strcmp(argv[1], "rng")) { } else if (!strcmp(argv[1], "rng")) {
......
...@@ -53,6 +53,7 @@ ...@@ -53,6 +53,7 @@
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/fips.h> #include <openssl/fips.h>
#include <openssl/hmac.h> #include <openssl/hmac.h>
#include "fips_locl.h"
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS
typedef struct { typedef struct {
...@@ -112,26 +113,52 @@ static const HMAC_KAT vector[] = { ...@@ -112,26 +113,52 @@ static const HMAC_KAT vector[] = {
}; };
int FIPS_selftest_hmac() int FIPS_selftest_hmac()
{
size_t n;
unsigned int outlen;
unsigned char out[EVP_MAX_MD_SIZE];
const EVP_MD *md;
const HMAC_KAT *t;
for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
{ {
md = (*t->alg)(); size_t n;
HMAC(md,t->key,strlen(t->key), unsigned int outlen;
(const unsigned char *)t->iv,strlen(t->iv), unsigned char out[EVP_MAX_MD_SIZE];
out,&outlen); const EVP_MD *md;
const HMAC_KAT *t;
int rv = 0, do_corrupt = 0;
HMAC_CTX c;
HMAC_CTX_init(&c);
if (!fips_post_started(FIPS_TEST_HMAC, 0, 0))
return 1;
if (!fips_post_corrupt(FIPS_TEST_HMAC, 0, NULL))
do_corrupt = 1;
for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
{
md = (*t->alg)();
if (!HMAC_Init_ex(&c, t->key, strlen(t->key), md, NULL))
goto err;
if (!HMAC_Update(&c, (const unsigned char *)t->iv, strlen(t->iv)))
goto err;
if (do_corrupt)
{
if (!HMAC_Update(&c, (const unsigned char *)t->iv, 1))
goto err;
}
if (!HMAC_Final(&c, out, &outlen))
goto err;
if(memcmp(out,t->kaval,outlen))
{
FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC,FIPS_R_SELFTEST_FAILED);
goto err;
}
}
rv = 1;
if(memcmp(out,t->kaval,outlen)) err:
{ HMAC_CTX_cleanup(&c);
FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC,FIPS_R_SELFTEST_FAILED); if (rv == 0)
return 0; {
} fips_post_failed(FIPS_TEST_HMAC, 0, NULL);
return 0;
}
return fips_post_success(FIPS_TEST_HMAC, 0, NULL);
} }
return 1;
}
#endif #endif
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册