fips_aes_selftest.c 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366
  1. /* ====================================================================
  2. * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. * 1. Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. *
  11. * 2. Redistributions in binary form must reproduce the above copyright
  12. * notice, this list of conditions and the following disclaimer in
  13. * the documentation and/or other materials provided with the
  14. * distribution.
  15. *
  16. * 3. All advertising materials mentioning features or use of this
  17. * software must display the following acknowledgment:
  18. * "This product includes software developed by the OpenSSL Project
  19. * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
  20. *
  21. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  22. * endorse or promote products derived from this software without
  23. * prior written permission. For written permission, please contact
  24. * openssl-core@openssl.org.
  25. *
  26. * 5. Products derived from this software may not be called "OpenSSL"
  27. * nor may "OpenSSL" appear in their names without prior written
  28. * permission of the OpenSSL Project.
  29. *
  30. * 6. Redistributions of any form whatsoever must retain the following
  31. * acknowledgment:
  32. * "This product includes software developed by the OpenSSL Project
  33. * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
  34. *
  35. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  36. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  37. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  38. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  39. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  40. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  41. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  42. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  43. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  44. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  45. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  46. * OF THE POSSIBILITY OF SUCH DAMAGE.
  47. *
  48. */
  49. #define OPENSSL_FIPSAPI
  50. #include <string.h>
  51. #include <openssl/err.h>
  52. #include <openssl/fips.h>
  53. #include <openssl/evp.h>
  54. #include "fips_locl.h"
  55. #ifdef OPENSSL_FIPS
  56. static struct
  57. {
  58. const unsigned char key[16];
  59. const unsigned char plaintext[16];
  60. const unsigned char ciphertext[16];
  61. } tests[]=
  62. {
  63. {
  64. { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
  65. 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F },
  66. { 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,
  67. 0x88,0x99,0xAA,0xBB,0xCC,0xDD,0xEE,0xFF },
  68. { 0x69,0xC4,0xE0,0xD8,0x6A,0x7B,0x04,0x30,
  69. 0xD8,0xCD,0xB7,0x80,0x70,0xB4,0xC5,0x5A },
  70. },
  71. };
  72. int FIPS_selftest_aes()
  73. {
  74. int n;
  75. int ret = 0;
  76. EVP_CIPHER_CTX ctx;
  77. FIPS_cipher_ctx_init(&ctx);
  78. for(n=0 ; n < 1 ; ++n)
  79. {
  80. if (fips_cipher_test(FIPS_TEST_CIPHER, &ctx, EVP_aes_128_ecb(),
  81. tests[n].key, NULL,
  82. tests[n].plaintext,
  83. tests[n].ciphertext,
  84. 16) <= 0)
  85. goto err;
  86. }
  87. ret = 1;
  88. err:
  89. FIPS_cipher_ctx_cleanup(&ctx);
  90. if (ret == 0)
  91. FIPSerr(FIPS_F_FIPS_SELFTEST_AES,FIPS_R_SELFTEST_FAILED);
  92. return ret;
  93. }
  94. /* AES-CCM test data from NIST public test vectors */
  95. static const unsigned char ccm_key[] = {
  96. 0xce,0xb0,0x09,0xae,0xa4,0x45,0x44,0x51,0xfe,0xad,0xf0,0xe6,
  97. 0xb3,0x6f,0x45,0x55,0x5d,0xd0,0x47,0x23,0xba,0xa4,0x48,0xe8
  98. };
  99. static const unsigned char ccm_nonce[] = {
  100. 0x76,0x40,0x43,0xc4,0x94,0x60,0xb7
  101. };
  102. static const unsigned char ccm_adata[] = {
  103. 0x6e,0x80,0xdd,0x7f,0x1b,0xad,0xf3,0xa1,0xc9,0xab,0x25,0xc7,
  104. 0x5f,0x10,0xbd,0xe7,0x8c,0x23,0xfa,0x0e,0xb8,0xf9,0xaa,0xa5,
  105. 0x3a,0xde,0xfb,0xf4,0xcb,0xf7,0x8f,0xe4
  106. };
  107. static const unsigned char ccm_pt[] = {
  108. 0xc8,0xd2,0x75,0xf9,0x19,0xe1,0x7d,0x7f,0xe6,0x9c,0x2a,0x1f,
  109. 0x58,0x93,0x9d,0xfe,0x4d,0x40,0x37,0x91,0xb5,0xdf,0x13,0x10
  110. };
  111. static const unsigned char ccm_ct[] = {
  112. 0x8a,0x0f,0x3d,0x82,0x29,0xe4,0x8e,0x74,0x87,0xfd,0x95,0xa2,
  113. 0x8a,0xd3,0x92,0xc8,0x0b,0x36,0x81,0xd4,0xfb,0xc7,0xbb,0xfd
  114. };
  115. static const unsigned char ccm_tag[] = {
  116. 0x2d,0xd6,0xef,0x1c,0x45,0xd4,0xcc,0xb7,0x23,0xdc,0x07,0x44,
  117. 0x14,0xdb,0x50,0x6d
  118. };
  119. int FIPS_selftest_aes_ccm(void)
  120. {
  121. int ret = 0, do_corrupt = 0;
  122. unsigned char out[128], tag[16];
  123. EVP_CIPHER_CTX ctx;
  124. FIPS_cipher_ctx_init(&ctx);
  125. memset(out, 0, sizeof(out));
  126. if (!fips_post_started(FIPS_TEST_CCM, 0, 0))
  127. return 1;
  128. if (!fips_post_corrupt(FIPS_TEST_CCM, 0, NULL))
  129. do_corrupt = 1;
  130. if (!FIPS_cipherinit(&ctx, EVP_aes_192_ccm(), NULL, NULL, 1))
  131. goto err;
  132. if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN,
  133. sizeof(ccm_nonce), NULL))
  134. goto err;
  135. if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG,
  136. sizeof(ccm_tag), NULL))
  137. goto err;
  138. if (!FIPS_cipherinit(&ctx, NULL, ccm_key, ccm_nonce, 1))
  139. goto err;
  140. if (FIPS_cipher(&ctx, NULL, NULL, sizeof(ccm_pt)) != sizeof(ccm_pt))
  141. goto err;
  142. if (FIPS_cipher(&ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0)
  143. goto err;
  144. if (FIPS_cipher(&ctx, out, ccm_pt, sizeof(ccm_pt)) != sizeof(ccm_ct))
  145. goto err;
  146. if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_GET_TAG, 16, tag))
  147. goto err;
  148. if (memcmp(tag, ccm_tag, sizeof(ccm_tag))
  149. || memcmp(out, ccm_ct, sizeof(ccm_ct)))
  150. goto err;
  151. memset(out, 0, sizeof(out));
  152. /* Modify expected tag value */
  153. if (do_corrupt)
  154. tag[0]++;
  155. if (!FIPS_cipherinit(&ctx, EVP_aes_192_ccm(), NULL, NULL, 0))
  156. goto err;
  157. if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN,
  158. sizeof(ccm_nonce), NULL))
  159. goto err;
  160. if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, 16, tag))
  161. goto err;
  162. if (!FIPS_cipherinit(&ctx, NULL, ccm_key, ccm_nonce, 0))
  163. goto err;
  164. if (FIPS_cipher(&ctx, NULL, NULL, sizeof(ccm_ct)) != sizeof(ccm_ct))
  165. goto err;
  166. if (FIPS_cipher(&ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0)
  167. goto err;
  168. if (FIPS_cipher(&ctx, out, ccm_ct, sizeof(ccm_ct)) != sizeof(ccm_pt))
  169. goto err;
  170. if (memcmp(out, ccm_pt, sizeof(ccm_pt)))
  171. goto err;
  172. ret = 1;
  173. err:
  174. FIPS_cipher_ctx_cleanup(&ctx);
  175. if (ret == 0)
  176. {
  177. fips_post_failed(FIPS_TEST_CCM, 0, NULL);
  178. FIPSerr(FIPS_F_FIPS_SELFTEST_AES_CCM,FIPS_R_SELFTEST_FAILED);
  179. return 0;
  180. }
  181. else
  182. return fips_post_success(FIPS_TEST_CCM, 0, NULL);
  183. }
  184. /* AES-GCM test data from NIST public test vectors */
  185. static const unsigned char gcm_key[] = {
  186. 0xee,0xbc,0x1f,0x57,0x48,0x7f,0x51,0x92,0x1c,0x04,0x65,0x66,
  187. 0x5f,0x8a,0xe6,0xd1,0x65,0x8b,0xb2,0x6d,0xe6,0xf8,0xa0,0x69,
  188. 0xa3,0x52,0x02,0x93,0xa5,0x72,0x07,0x8f
  189. };
  190. static const unsigned char gcm_iv[] = {
  191. 0x99,0xaa,0x3e,0x68,0xed,0x81,0x73,0xa0,0xee,0xd0,0x66,0x84
  192. };
  193. static const unsigned char gcm_pt[] = {
  194. 0xf5,0x6e,0x87,0x05,0x5b,0xc3,0x2d,0x0e,0xeb,0x31,0xb2,0xea,
  195. 0xcc,0x2b,0xf2,0xa5
  196. };
  197. static const unsigned char gcm_aad[] = {
  198. 0x4d,0x23,0xc3,0xce,0xc3,0x34,0xb4,0x9b,0xdb,0x37,0x0c,0x43,
  199. 0x7f,0xec,0x78,0xde
  200. };
  201. static const unsigned char gcm_ct[] = {
  202. 0xf7,0x26,0x44,0x13,0xa8,0x4c,0x0e,0x7c,0xd5,0x36,0x86,0x7e,
  203. 0xb9,0xf2,0x17,0x36
  204. };
  205. static const unsigned char gcm_tag[] = {
  206. 0x67,0xba,0x05,0x10,0x26,0x2a,0xe4,0x87,0xd7,0x37,0xee,0x62,
  207. 0x98,0xf7,0x7e,0x0c
  208. };
  209. int FIPS_selftest_aes_gcm(void)
  210. {
  211. int ret = 0, do_corrupt = 0;
  212. unsigned char out[128], tag[16];
  213. EVP_CIPHER_CTX ctx;
  214. FIPS_cipher_ctx_init(&ctx);
  215. memset(out, 0, sizeof(out));
  216. memset(tag, 0, sizeof(tag));
  217. if (!fips_post_started(FIPS_TEST_GCM, 0, 0))
  218. return 1;
  219. if (!fips_post_corrupt(FIPS_TEST_GCM, 0, NULL))
  220. do_corrupt = 1;
  221. if (!FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 1))
  222. goto err;
  223. if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
  224. sizeof(gcm_iv), NULL))
  225. goto err;
  226. if (!FIPS_cipherinit(&ctx, NULL, gcm_key, gcm_iv, 1))
  227. goto err;
  228. if (FIPS_cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
  229. goto err;
  230. if (FIPS_cipher(&ctx, out, gcm_pt, sizeof(gcm_pt)) != sizeof(gcm_ct))
  231. goto err;
  232. if (FIPS_cipher(&ctx, NULL, NULL, 0) < 0)
  233. goto err;
  234. if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, 16, tag))
  235. goto err;
  236. if (memcmp(tag, gcm_tag, 16) || memcmp(out, gcm_ct, 16))
  237. goto err;
  238. memset(out, 0, sizeof(out));
  239. /* Modify expected tag value */
  240. if (do_corrupt)
  241. tag[0]++;
  242. if (!FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 0))
  243. goto err;
  244. if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
  245. sizeof(gcm_iv), NULL))
  246. goto err;
  247. if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tag))
  248. goto err;
  249. if (!FIPS_cipherinit(&ctx, NULL, gcm_key, gcm_iv, 0))
  250. goto err;
  251. if (FIPS_cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
  252. goto err;
  253. if (FIPS_cipher(&ctx, out, gcm_ct, sizeof(gcm_ct)) != sizeof(gcm_pt))
  254. goto err;
  255. if (FIPS_cipher(&ctx, NULL, NULL, 0) < 0)
  256. goto err;
  257. if (memcmp(out, gcm_pt, 16))
  258. goto err;
  259. ret = 1;
  260. err:
  261. FIPS_cipher_ctx_cleanup(&ctx);
  262. if (ret == 0)
  263. {
  264. fips_post_failed(FIPS_TEST_GCM, 0, NULL);
  265. FIPSerr(FIPS_F_FIPS_SELFTEST_AES_GCM,FIPS_R_SELFTEST_FAILED);
  266. return 0;
  267. }
  268. else
  269. return fips_post_success(FIPS_TEST_GCM, 0, NULL);
  270. }
  271. static const unsigned char XTS_128_key[] = {
  272. 0xa1,0xb9,0x0c,0xba,0x3f,0x06,0xac,0x35,0x3b,0x2c,0x34,0x38,
  273. 0x76,0x08,0x17,0x62,0x09,0x09,0x23,0x02,0x6e,0x91,0x77,0x18,
  274. 0x15,0xf2,0x9d,0xab,0x01,0x93,0x2f,0x2f
  275. };
  276. static const unsigned char XTS_128_i[] = {
  277. 0x4f,0xae,0xf7,0x11,0x7c,0xda,0x59,0xc6,0x6e,0x4b,0x92,0x01,
  278. 0x3e,0x76,0x8a,0xd5
  279. };
  280. static const unsigned char XTS_128_pt[] = {
  281. 0xeb,0xab,0xce,0x95,0xb1,0x4d,0x3c,0x8d,0x6f,0xb3,0x50,0x39,
  282. 0x07,0x90,0x31,0x1c
  283. };
  284. static const unsigned char XTS_128_ct[] = {
  285. 0x77,0x8a,0xe8,0xb4,0x3c,0xb9,0x8d,0x5a,0x82,0x50,0x81,0xd5,
  286. 0xbe,0x47,0x1c,0x63
  287. };
  288. static const unsigned char XTS_256_key[] = {
  289. 0x1e,0xa6,0x61,0xc5,0x8d,0x94,0x3a,0x0e,0x48,0x01,0xe4,0x2f,
  290. 0x4b,0x09,0x47,0x14,0x9e,0x7f,0x9f,0x8e,0x3e,0x68,0xd0,0xc7,
  291. 0x50,0x52,0x10,0xbd,0x31,0x1a,0x0e,0x7c,0xd6,0xe1,0x3f,0xfd,
  292. 0xf2,0x41,0x8d,0x8d,0x19,0x11,0xc0,0x04,0xcd,0xa5,0x8d,0xa3,
  293. 0xd6,0x19,0xb7,0xe2,0xb9,0x14,0x1e,0x58,0x31,0x8e,0xea,0x39,
  294. 0x2c,0xf4,0x1b,0x08
  295. };
  296. static const unsigned char XTS_256_i[] = {
  297. 0xad,0xf8,0xd9,0x26,0x27,0x46,0x4a,0xd2,0xf0,0x42,0x8e,0x84,
  298. 0xa9,0xf8,0x75,0x64
  299. };
  300. static const unsigned char XTS_256_pt[] = {
  301. 0x2e,0xed,0xea,0x52,0xcd,0x82,0x15,0xe1,0xac,0xc6,0x47,0xe8,
  302. 0x10,0xbb,0xc3,0x64,0x2e,0x87,0x28,0x7f,0x8d,0x2e,0x57,0xe3,
  303. 0x6c,0x0a,0x24,0xfb,0xc1,0x2a,0x20,0x2e
  304. };
  305. static const unsigned char XTS_256_ct[] = {
  306. 0xcb,0xaa,0xd0,0xe2,0xf6,0xce,0xa3,0xf5,0x0b,0x37,0xf9,0x34,
  307. 0xd4,0x6a,0x9b,0x13,0x0b,0x9d,0x54,0xf0,0x7e,0x34,0xf3,0x6a,
  308. 0xf7,0x93,0xe8,0x6f,0x73,0xc6,0xd7,0xdb
  309. };
  310. int FIPS_selftest_aes_xts()
  311. {
  312. int ret = 1;
  313. EVP_CIPHER_CTX ctx;
  314. FIPS_cipher_ctx_init(&ctx);
  315. if (fips_cipher_test(FIPS_TEST_XTS, &ctx, EVP_aes_128_xts(),
  316. XTS_128_key, XTS_128_i, XTS_128_pt, XTS_128_ct,
  317. sizeof(XTS_128_pt)) <= 0)
  318. ret = 0;
  319. if (fips_cipher_test(FIPS_TEST_XTS, &ctx, EVP_aes_256_xts(),
  320. XTS_256_key, XTS_256_i, XTS_256_pt, XTS_256_ct,
  321. sizeof(XTS_256_pt)) <= 0)
  322. ret = 0;
  323. FIPS_cipher_ctx_cleanup(&ctx);
  324. if (ret == 0)
  325. FIPSerr(FIPS_F_FIPS_SELFTEST_AES_XTS,FIPS_R_SELFTEST_FAILED);
  326. return ret;
  327. }
  328. #endif