diff options
author | Richard Levitte <levitte@openssl.org> | 2011-03-24 22:57:52 +0000 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2011-03-24 22:57:52 +0000 |
commit | 37942b93af4fca91ca915d4da1f68d7965a9522f (patch) | |
tree | fa5f7d8e7f50fdc1bc6629d2e60939cf73249d93 /fips | |
parent | 399aa6b5ffd37e2601af4524bb71d862cbee4a84 (diff) | |
download | openssl-37942b93af4fca91ca915d4da1f68d7965a9522f.tar.gz |
Implement FIPS CMAC.
* fips/fips_test_suite.c, fips/fipsalgtest.pl, test/Makefile: Hook in
test cases and build test program.
Diffstat (limited to 'fips')
-rw-r--r-- | fips/fips_test_suite.c | 280 | ||||
-rw-r--r-- | fips/fipsalgtest.pl | 13 |
2 files changed, 291 insertions, 2 deletions
diff --git a/fips/fips_test_suite.c b/fips/fips_test_suite.c index 6da26632e0..bcb2c7a0dc 100644 --- a/fips/fips_test_suite.c +++ b/fips/fips_test_suite.c @@ -21,6 +21,7 @@ #include <stdlib.h> #include <openssl/evp.h> #include <openssl/hmac.h> +#include <openssl/cmac.h> #include <openssl/sha.h> #include <openssl/err.h> @@ -394,6 +395,259 @@ static int FIPS_hmac_sha512_test() return 1; } +/* CMAC-AES128: generate hash of known digest value and compare to known + precomputed correct hash +*/ +static int FIPS_cmac_aes128_test() + { + unsigned char key[16] = { 0x2b,0x7e,0x15,0x16, 0x28,0xae,0xd2,0xa6, + 0xab,0xf7,0x15,0x88, 0x09,0xcf,0x4f,0x3c, }; + unsigned char data[] = "Sample text"; + unsigned char kaval[EVP_MAX_MD_SIZE] = + { 0x16,0x83,0xfe,0xac, 0x52,0x9b,0xae,0x23, + 0xd7,0xd5,0x66,0xf5, 0xd2,0x8d,0xbd,0x2a, }; + + unsigned char *out = NULL; + unsigned int outlen; + CMAC_CTX *ctx = CMAC_CTX_new(); + int r = 0; + + ERR_clear_error(); + + if (!ctx) + goto end; + if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_128_cbc(),NULL)) + goto end; + if (!CMAC_Update(ctx,data,sizeof(data)-1)) + goto end; + /* This should return 1. If not, there's a programming error... */ + if (!CMAC_Final(ctx, out, &outlen)) + goto end; + out = OPENSSL_malloc(outlen); + if (!CMAC_Final(ctx, out, &outlen)) + goto end; +#if 0 + { + char *hexout = OPENSSL_malloc(outlen * 2 + 1); + bin2hex(out, outlen, hexout); + printf("CMAC-AES128: res = %s\n", hexout); + OPENSSL_free(hexout); + } + r = 1; +#else + if (!memcmp(out,kaval,outlen)) + r = 1; +#endif + end: + CMAC_CTX_free(ctx); + if (out) + OPENSSL_free(out); + return r; + } + +/* CMAC-AES192: generate hash of known digest value and compare to known + precomputed correct hash +*/ +static int FIPS_cmac_aes192_test() + { + unsigned char key[] = { 0x8e,0x73,0xb0,0xf7, 0xda,0x0e,0x64,0x52, + 0xc8,0x10,0xf3,0x2b, 0x80,0x90,0x79,0xe5, + 0x62,0xf8,0xea,0xd2, 0x52,0x2c,0x6b,0x7b, }; + unsigned char data[] = "Sample text"; + unsigned char kaval[] = + { 0xd6,0x99,0x19,0x25, 0xe5,0x1d,0x95,0x48, + 0xb1,0x4a,0x0b,0xf2, 0xc6,0x3c,0x47,0x1f, }; + + unsigned char *out = NULL; + unsigned int outlen; + CMAC_CTX *ctx = CMAC_CTX_new(); + int r = 0; + + ERR_clear_error(); + + if (!ctx) + goto end; + if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_192_cbc(),NULL)) + goto end; + if (!CMAC_Update(ctx,data,sizeof(data)-1)) + goto end; + /* This should return 1. If not, there's a programming error... */ + if (!CMAC_Final(ctx, out, &outlen)) + goto end; + out = OPENSSL_malloc(outlen); + if (!CMAC_Final(ctx, out, &outlen)) + goto end; +#if 0 + { + char *hexout = OPENSSL_malloc(outlen * 2 + 1); + bin2hex(out, outlen, hexout); + printf("CMAC-AES192: res = %s\n", hexout); + OPENSSL_free(hexout); + } + r = 1; +#else + if (!memcmp(out,kaval,outlen)) + r = 1; +#endif + end: + CMAC_CTX_free(ctx); + if (out) + OPENSSL_free(out); + return r; + } + +/* CMAC-AES256: generate hash of known digest value and compare to known + precomputed correct hash +*/ +static int FIPS_cmac_aes256_test() + { + unsigned char key[] = { 0x60,0x3d,0xeb,0x10, 0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0, 0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07, 0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3, 0x09,0x14,0xdf,0xf4, }; + unsigned char data[] = "Sample text"; + unsigned char kaval[] = + { 0xec,0xc2,0xcf,0x63, 0xc7,0xce,0xfc,0xa4, + 0xb0,0x86,0x37,0x5f, 0x15,0x60,0xba,0x1f, }; + + unsigned char *out = NULL; + unsigned int outlen; + CMAC_CTX *ctx = CMAC_CTX_new(); + int r = 0; + + ERR_clear_error(); + + if (!ctx) + goto end; + if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_256_cbc(),NULL)) + goto end; + if (!CMAC_Update(ctx,data,sizeof(data)-1)) + goto end; + /* This should return 1. If not, there's a programming error... */ + if (!CMAC_Final(ctx, out, &outlen)) + goto end; + out = OPENSSL_malloc(outlen); + if (!CMAC_Final(ctx, out, &outlen)) + goto end; +#if 0 + { + char *hexout = OPENSSL_malloc(outlen * 2 + 1); + bin2hex(out, outlen, hexout); + printf("CMAC-AES256: res = %s\n", hexout); + OPENSSL_free(hexout); + } + r = 1; +#else + if (!memcmp(out,kaval,outlen)) + r = 1; +#endif + end: + CMAC_CTX_free(ctx); + if (out) + OPENSSL_free(out); + return r; + } + +/* CMAC-TDEA2: generate hash of known digest value and compare to known + precomputed correct hash +*/ +static int FIPS_cmac_tdea2_test() + { + unsigned char key[] = { 0x4c,0xf1,0x51,0x34, 0xa2,0x85,0x0d,0xd5, + 0x8a,0x3d,0x10,0xba, 0x80,0x57,0x0d,0x38, }; + unsigned char data[] = "Sample text"; + unsigned char kaval[] = + {0x73, 0xf7, 0xa0, 0x48, 0xf8, 0x94, 0xed, 0xdd, 0x0a, 0xea, 0xea, 0x56, 0x1b, 0x61, 0x2e, 0x70, + 0xb2, 0xfb, 0xec, 0xc6}; + + unsigned char *out = NULL; + unsigned int outlen; + CMAC_CTX *ctx = CMAC_CTX_new(); + int r = 0; + + ERR_clear_error(); + + if (!ctx) + goto end; + if (!CMAC_Init(ctx,key,sizeof(key),EVP_des_ede_cbc(),NULL)) + goto end; + if (!CMAC_Update(ctx,data,sizeof(data)-1)) + goto end; + /* This should return 1. If not, there's a programming error... */ + if (!CMAC_Final(ctx, out, &outlen)) + goto end; + out = OPENSSL_malloc(outlen); + if (!CMAC_Final(ctx, out, &outlen)) + goto end; +#if 1 + { + char *hexout = OPENSSL_malloc(outlen * 2 + 1); + bin2hex(out, outlen, hexout); + printf("CMAC-TDEA2: res = %s\n", hexout); + OPENSSL_free(hexout); + } + r = 1; +#else + if (!memcmp(out,kaval,outlen)) + r = 1; +#endif + end: + CMAC_CTX_free(ctx); + if (out) + OPENSSL_free(out); + return r; + } + +/* CMAC-TDEA3: generate hash of known digest value and compare to known + precomputed correct hash +*/ +static int FIPS_cmac_tdea3_test() + { + unsigned char key[] = { 0x8a,0xa8,0x3b,0xf8, 0xcb,0xda,0x10,0x62, + 0x0b,0xc1,0xbf,0x19, 0xfb,0xb6,0xcd,0x58, + 0xbc,0x31,0x3d,0x4a, 0x37,0x1c,0xa8,0xb5, }; + unsigned char data[] = "Sample text"; + unsigned char kaval[EVP_MAX_MD_SIZE] = + { 0xb4,0x06,0x4e,0xbf, 0x59,0x89,0xba,0x68, }; + + unsigned char *out = NULL; + unsigned int outlen; + CMAC_CTX *ctx = CMAC_CTX_new(); + int r = 0; + + ERR_clear_error(); + + if (!ctx) + goto end; + if (!CMAC_Init(ctx,key,sizeof(key),EVP_des_ede3_cbc(),NULL)) + goto end; + if (!CMAC_Update(ctx,data,sizeof(data)-1)) + goto end; + /* This should return 1. If not, there's a programming error... */ + if (!CMAC_Final(ctx, out, &outlen)) + goto end; + out = OPENSSL_malloc(outlen); + if (!CMAC_Final(ctx, out, &outlen)) + goto end; +#if 0 + { + char *hexout = OPENSSL_malloc(outlen * 2 + 1); + bin2hex(out, outlen, hexout); + printf("CMAC-TDEA3: res = %s\n", hexout); + OPENSSL_free(hexout); + } + r = 1; +#else + if (!memcmp(out,kaval,outlen)) + r = 1; +#endif + end: + CMAC_CTX_free(ctx); + if (out) + OPENSSL_free(out); + return r; + } + /* DH: generate shared parameters */ @@ -608,16 +862,38 @@ int main(int argc,char **argv) */ test_msg("7h. HMAC-SHA-512 hash", FIPS_hmac_sha512_test()); + /* CMAC-AES-128 hash + */ + test_msg("8a. CMAC-AES-128 hash", FIPS_cmac_aes128_test()); + + /* CMAC-AES-192 hash + */ + test_msg("8b. CMAC-AES-192 hash", FIPS_cmac_aes192_test()); + + /* CMAC-AES-256 hash + */ + test_msg("8c. CMAC-AES-256 hash", FIPS_cmac_aes256_test()); + +# if 0 /* Not a FIPS algorithm */ + /* CMAC-TDEA-2 hash + */ + test_msg("8d. CMAC-TDEA-2 hash", FIPS_cmac_tdea2_test()); +#endif + + /* CMAC-TDEA-3 hash + */ + test_msg("8e. CMAC-TDEA-3 hash", FIPS_cmac_tdea3_test()); + /* Non-Approved cryptographic operation */ - printf("8. Non-Approved cryptographic operation test...\n"); + printf("9. Non-Approved cryptographic operation test...\n"); printf("\ta. Included algorithm (D-H)...%s\n", dh_test() ? "successful as expected" : Fail("failed INCORRECTLY!") ); /* Zeroization */ - printf("9. Zero-ization...\n\t%s\n", + printf("10. Zero-ization...\n\t%s\n", Zeroize() ? "successful as expected" : Fail("failed INCORRECTLY!") ); diff --git a/fips/fipsalgtest.pl b/fips/fipsalgtest.pl index af778a47a9..24467e0153 100644 --- a/fips/fipsalgtest.pl +++ b/fips/fipsalgtest.pl @@ -95,6 +95,17 @@ my @fips_hmac_test_list = ( ); +# CMAC + +my @fips_cmac_test_list = ( + + "CMAC", + + [ "CMACGenAES256", "fips_cmactest -g" ], + [ "CMACVerAES256", "fips_cmactest -v" ] + +); + # RAND tests, AES version my @fips_rand_aes_test_list = ( @@ -372,6 +383,7 @@ my %fips_enabled = ( "rsa-pss62" => 1, sha => 1, hmac => 1, + cmac => 1, "rand-aes" => 1, "rand-des2" => 0, aes => 1, @@ -449,6 +461,7 @@ push @fips_test_list, @fips_rsa_pss0_test_list if $fips_enabled{"rsa-pss0"}; push @fips_test_list, @fips_rsa_pss62_test_list if $fips_enabled{"rsa-pss62"}; push @fips_test_list, @fips_sha_test_list if $fips_enabled{"sha"}; push @fips_test_list, @fips_hmac_test_list if $fips_enabled{"hmac"}; +push @fips_test_list, @fips_cmac_test_list if $fips_enabled{"cmac"}; push @fips_test_list, @fips_rand_aes_test_list if $fips_enabled{"rand-aes"}; push @fips_test_list, @fips_rand_des2_test_list if $fips_enabled{"rand-des2"}; push @fips_test_list, @fips_aes_test_list if $fips_enabled{"aes"}; |