2
0

fips_cmac_selftest.c 5.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176
  1. /* ====================================================================
  2. * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. * 1. Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. *
  11. * 2. Redistributions in binary form must reproduce the above copyright
  12. * notice, this list of conditions and the following disclaimer in
  13. * the documentation and/or other materials provided with the
  14. * distribution.
  15. *
  16. * 3. All advertising materials mentioning features or use of this
  17. * software must display the following acknowledgment:
  18. * "This product includes software developed by the OpenSSL Project
  19. * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
  20. *
  21. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  22. * endorse or promote products derived from this software without
  23. * prior written permission. For written permission, please contact
  24. * openssl-core@openssl.org.
  25. *
  26. * 5. Products derived from this software may not be called "OpenSSL"
  27. * nor may "OpenSSL" appear in their names without prior written
  28. * permission of the OpenSSL Project.
  29. *
  30. * 6. Redistributions of any form whatsoever must retain the following
  31. * acknowledgment:
  32. * "This product includes software developed by the OpenSSL Project
  33. * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
  34. *
  35. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  36. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  37. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  38. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  39. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  40. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  41. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  42. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  43. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  44. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  45. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  46. * OF THE POSSIBILITY OF SUCH DAMAGE.
  47. *
  48. */
  49. #define OPENSSL_FIPSAPI
  50. #include <string.h>
  51. #include <openssl/err.h>
  52. #include <openssl/fips.h>
  53. #include <openssl/cmac.h>
  54. #include "fips_locl.h"
  55. #ifdef OPENSSL_FIPS
  56. typedef struct {
  57. const EVP_CIPHER *(*alg)(void);
  58. const unsigned char key[EVP_MAX_KEY_LENGTH]; size_t keysize;
  59. const unsigned char msg[64]; size_t msgsize;
  60. const unsigned char mac[32]; size_t macsize;
  61. } CMAC_KAT;
  62. /* from http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf */
  63. static const CMAC_KAT vector[] = {
  64. { EVP_aes_128_cbc, /* Count = 32 from CMACGenAES128.txt */
  65. { 0x77,0xa7,0x7f,0xaf, 0x29,0x0c,0x1f,0xa3,
  66. 0x0c,0x68,0x3d,0xf1, 0x6b,0xa7,0xa7,0x7b, }, 128,
  67. { 0x02,0x06,0x83,0xe1, 0xf0,0x39,0x2f,0x4c,
  68. 0xac,0x54,0x31,0x8b, 0x60,0x29,0x25,0x9e,
  69. 0x9c,0x55,0x3d,0xbc, 0x4b,0x6a,0xd9,0x98,
  70. 0xe6,0x4d,0x58,0xe4, 0xe7,0xdc,0x2e,0x13, }, 256,
  71. { 0xfb,0xfe,0xa4,0x1b, }, 32
  72. },
  73. { EVP_aes_192_cbc, /* Count = 23 from CMACGenAES192.txt */
  74. { 0x7b,0x32,0x39,0x13, 0x69,0xaa,0x4c,0xa9,
  75. 0x75,0x58,0x09,0x5b, 0xe3,0xc3,0xec,0x86,
  76. 0x2b,0xd0,0x57,0xce, 0xf1,0xe3,0x2d,0x62, }, 192,
  77. { 0x0 }, 0,
  78. { 0xe4,0xd9,0x34,0x0b, 0x03,0xe6,0x7d,0xef,
  79. 0xd4,0x96,0x9c,0xc1, 0xed,0x37,0x35,0xe6, }, 128,
  80. },
  81. { EVP_aes_256_cbc, /* Count = 33 from CMACGenAES256.txt */
  82. { 0x0b,0x12,0x2a,0xc8, 0xf3,0x4e,0xd1,0xfe,
  83. 0x08,0x2a,0x36,0x25, 0xd1,0x57,0x56,0x14,
  84. 0x54,0x16,0x7a,0xc1, 0x45,0xa1,0x0b,0xbf,
  85. 0x77,0xc6,0xa7,0x05, 0x96,0xd5,0x74,0xf1, }, 256,
  86. { 0x49,0x8b,0x53,0xfd, 0xec,0x87,0xed,0xcb,
  87. 0xf0,0x70,0x97,0xdc, 0xcd,0xe9,0x3a,0x08,
  88. 0x4b,0xad,0x75,0x01, 0xa2,0x24,0xe3,0x88,
  89. 0xdf,0x34,0x9c,0xe1, 0x89,0x59,0xfe,0x84,
  90. 0x85,0xf8,0xad,0x15, 0x37,0xf0,0xd8,0x96,
  91. 0xea,0x73,0xbe,0xdc, 0x72,0x14,0x71,0x3f, }, 384,
  92. { 0xf6,0x2c,0x46,0x32, 0x9b, }, 40,
  93. },
  94. { EVP_des_ede3_cbc, /* Count = 41 from CMACGenTDES3.req */
  95. { 0x89,0xbc,0xd9,0x52, 0xa8,0xc8,0xab,0x37,
  96. 0x1a,0xf4,0x8a,0xc7, 0xd0,0x70,0x85,0xd5,
  97. 0xef,0xf7,0x02,0xe6, 0xd6,0x2c,0xdc,0x23, }, 192,
  98. { 0xfa,0x62,0x0c,0x1b, 0xbe,0x97,0x31,0x9e,
  99. 0x9a,0x0c,0xf0,0x49, 0x21,0x21,0xf7,0xa2,
  100. 0x0e,0xb0,0x8a,0x6a, 0x70,0x9d,0xcb,0xd0,
  101. 0x0a,0xaf,0x38,0xe4, 0xf9,0x9e,0x75,0x4e, }, 256,
  102. { 0x8f,0x49,0xa1,0xb7, 0xd6,0xaa,0x22,0x58, }, 64,
  103. },
  104. };
  105. int FIPS_selftest_cmac()
  106. {
  107. size_t n, outlen;
  108. unsigned char out[32];
  109. const EVP_CIPHER *cipher;
  110. CMAC_CTX *ctx = CMAC_CTX_new();
  111. const CMAC_KAT *t;
  112. int subid, rv = 1;
  113. for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
  114. {
  115. cipher = (*t->alg)();
  116. subid = M_EVP_CIPHER_nid(cipher);
  117. if (!fips_post_started(FIPS_TEST_CMAC, subid, 0))
  118. continue;
  119. if (!CMAC_Init(ctx, t->key, t->keysize/8, cipher, 0))
  120. {
  121. rv = -1;
  122. goto err;
  123. }
  124. if (!CMAC_Update(ctx, t->msg, t->msgsize/8))
  125. {
  126. rv = -1;
  127. goto err;
  128. }
  129. if (!fips_post_corrupt(FIPS_TEST_CMAC, subid, NULL))
  130. {
  131. if (!CMAC_Update(ctx, t->msg, 1))
  132. {
  133. rv = -1;
  134. goto err;
  135. }
  136. }
  137. if (!CMAC_Final(ctx, out, &outlen))
  138. {
  139. rv = -1;
  140. goto err;
  141. }
  142. CMAC_CTX_cleanup(ctx);
  143. if(outlen < t->macsize/8 || memcmp(out,t->mac,t->macsize/8))
  144. {
  145. fips_post_failed(FIPS_TEST_CMAC, subid, NULL);
  146. rv = 0;
  147. }
  148. else if (!fips_post_success(FIPS_TEST_CMAC, subid, NULL))
  149. {
  150. rv = 0;
  151. goto err;
  152. }
  153. }
  154. err:
  155. CMAC_CTX_free(ctx);
  156. if (rv == -1)
  157. {
  158. fips_post_failed(FIPS_TEST_CMAC, subid, NULL);
  159. rv = 0;
  160. }
  161. if (!rv)
  162. FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC,FIPS_R_SELFTEST_FAILED);
  163. return rv;
  164. }
  165. #endif