From: Richard Levitte Date: Thu, 24 Mar 2011 22:55:02 +0000 (+0000) Subject: Implement FIPS CMAC. X-Git-Tag: OpenSSL-fips-2_0-rc1~646 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=399aa6b5ffd37e2601af4524bb71d862cbee4a84;p=openssl Implement FIPS CMAC. * fips/cmac/*: Implement the basis for FIPS CMAC, using FIPS HMAC as an example. * crypto/cmac/cmac.c: Enable the FIPS API. Change to use M_EVP macros where possible. * crypto/evp/evp.h: (some of the macros get added with this change) * fips/fips.h, fips/utl/fips_enc.c: Add a few needed functions and use macros to have cmac.c use these functions. * Makefile.org, fips/Makefile, fips/fips.c: Hook it in. --- diff --git a/Makefile.org b/Makefile.org index b1ad7cb052..73e8b6dd26 100644 --- a/Makefile.org +++ b/Makefile.org @@ -295,6 +295,7 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \ ../crypto/bn/bn_word.o \ ../crypto/bn/bn_x931p.o \ ../crypto/buffer/buf_str.o \ + ../crypto/cmac/cmac.o \ ../crypto/cryptlib.o \ ../crypto/des/cfb64ede.o \ ../crypto/des/cfb64enc.o \ diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c index 307e93ddf5..5807e30ddd 100644 --- a/crypto/cmac/cmac.c +++ b/crypto/cmac/cmac.c @@ -51,6 +51,8 @@ * ==================================================================== */ +#define OPENSSL_FIPSAPI + #include #include #include @@ -129,7 +131,7 @@ int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in) return 0; if (!EVP_CIPHER_CTX_copy(&out->cctx, &in->cctx)) return 0; - bl = EVP_CIPHER_CTX_block_size(&in->cctx); + bl = M_EVP_CIPHER_CTX_block_size(&in->cctx); memcpy(out->k1, in->k1, bl); memcpy(out->k2, in->k2, bl); memcpy(out->tbl, in->tbl, bl); @@ -148,31 +150,31 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, /* Not initialised */ if (ctx->nlast_block == -1) return 0; - if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv)) + if (!M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv)) return 0; return 1; } /* Initialiase context */ - if (cipher && !EVP_EncryptInit_ex(&ctx->cctx, cipher, impl, NULL, NULL)) + if (cipher && !M_EVP_EncryptInit_ex(&ctx->cctx, cipher, impl, NULL, NULL)) return 0; /* Non-NULL key means initialisation complete */ if (key) { int bl; - if (!EVP_CIPHER_CTX_cipher(&ctx->cctx)) + if (!M_EVP_CIPHER_CTX_cipher(&ctx->cctx)) return 0; if (!EVP_CIPHER_CTX_set_key_length(&ctx->cctx, keylen)) return 0; - if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, key, zero_iv)) + if (!M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, key, zero_iv)) return 0; - bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); + bl = M_EVP_CIPHER_CTX_block_size(&ctx->cctx); if (!EVP_Cipher(&ctx->cctx, ctx->tbl, zero_iv, bl)) return 0; make_kn(ctx->k1, ctx->tbl, bl); make_kn(ctx->k2, ctx->k1, bl); OPENSSL_cleanse(ctx->tbl, bl); /* Reset context again ready for first data block */ - if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv)) + if (!M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv)) return 0; /* Zero tbl so resume works */ memset(ctx->tbl, 0, bl); @@ -189,7 +191,7 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) return 0; if (dlen == 0) return 1; - bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); + bl = M_EVP_CIPHER_CTX_block_size(&ctx->cctx); /* Copy into partial block if we need to */ if (ctx->nlast_block > 0) { @@ -228,7 +230,7 @@ int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) int i, bl, lb; if (ctx->nlast_block == -1) return 0; - bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); + bl = M_EVP_CIPHER_CTX_block_size(&ctx->cctx); *poutlen = (size_t)bl; if (!out) return 1; @@ -265,5 +267,5 @@ int CMAC_resume(CMAC_CTX *ctx) * So reinitliasing using the last decrypted block will allow * CMAC to continue after calling CMAC_Final(). */ - return EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, ctx->tbl); + return M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, ctx->tbl); } diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 240d9d5d69..8e041c56d1 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -458,12 +458,23 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, #define M_EVP_MD_CTX_type(e) M_EVP_MD_type(M_EVP_MD_CTX_md(e)) #define M_EVP_MD_CTX_md(e) ((e)->digest) -#define M_EVP_CIPHER_CTX_iv_length(e) (e->cipher->iv_len) -#define M_EVP_CIPHER_CTX_flags(e) (e->cipher->flags) +#define M_EVP_CIPHER_CTX_iv_length(e) ((e)->cipher->iv_len) +#define M_EVP_CIPHER_CTX_flags(e) ((e)->cipher->flags) +#define M_EVP_CIPHER_CTX_block_size(e) ((e)->cipher->block_size) +#define M_EVP_CIPHER_CTX_cipher(e) ((e)->cipher) #define M_EVP_CIPHER_CTX_mode(e) (M_EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE) #define M_EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) +#define M_EVP_EncryptInit(ctx,ciph,key,iv) \ + (EVP_CipherInit(ctx,ciph,key,iv,1)) +#define M_EVP_EncryptInit_ex(ctx,ciph,impl,key,iv) \ + (EVP_CipherInit_ex(ctx,ciph,impl,key,iv,1)) +#define M_EVP_DecryptInit(ctx,ciph,key,iv) \ + (EVP_CipherInit(ctx,ciph,key,iv,0)) +#define M_EVP_DecryptInit_ex(ctx,ciph,impl,key,iv) \ + (EVP_CipherInit_ex(ctx,ciph,impl,key,iv,0)) + int EVP_MD_type(const EVP_MD *md); #define EVP_MD_nid(e) EVP_MD_type(e) #define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) @@ -1288,7 +1299,9 @@ void ERR_load_EVP_strings(void); #define EVP_F_EVP_SIGNFINAL 107 #define EVP_F_EVP_VERIFYFINAL 108 #define EVP_F_FIPS_CIPHERINIT 166 +#define EVP_F_FIPS_CIPHER_CTX_COPY 170 #define EVP_F_FIPS_CIPHER_CTX_CTRL 167 +#define EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH 171 #define EVP_F_FIPS_DIGESTINIT 168 #define EVP_F_FIPS_MD_CTX_COPY 169 #define EVP_F_INT_CTX_NEW 157 diff --git a/fips/Makefile b/fips/Makefile index 1373fdaf97..28df80cab8 100644 --- a/fips/Makefile +++ b/fips/Makefile @@ -35,7 +35,7 @@ AFLAGS=$(ASFLAGS) LIBS= -FDIRS=sha rand des aes dsa ecdh ecdsa rsa dh hmac utl +FDIRS=sha rand des aes dsa ecdh ecdsa rsa dh cmac hmac utl GENERAL=Makefile README fips-lib.com install.com @@ -45,7 +45,7 @@ LIBSRC=fips.c LIBOBJ=fips.o FIPS_OBJ_LISTS=sha/lib hmac/lib rand/lib des/lib aes/lib dsa/lib rsa/lib \ - dh/lib utl/lib ecdsa/lib + dh/lib utl/lib ecdsa/lib cmac/lib SRC= $(LIBSRC) diff --git a/fips/cmac/Makefile b/fips/cmac/Makefile new file mode 100644 index 0000000000..1404c672ba --- /dev/null +++ b/fips/cmac/Makefile @@ -0,0 +1,112 @@ +# +# OpenSSL/fips/cmac/Makefile +# + +DIR= cmac +TOP= ../.. +CC= cc +INCLUDES= +CFLAG=-g +INSTALL_PREFIX= +OPENSSLDIR= /usr/local/ssl +INSTALLTOP=/usr/local/ssl +MAKEDEPPROG= makedepend +MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) +MAKEFILE= Makefile +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +TEST=fips_cmactest.c +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC= fips_cmac_selftest.c +LIBOBJ= fips_cmac_selftest.o + +SRC= $(LIBSRC) + +EXHEADER= +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + @echo $(LIBOBJ) > lib + +files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + +links: + @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS) + +install: + @headerlist="$(EXHEADER)"; for i in $$headerlist; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done + +tags: + ctags $(SRC) + +tests: + +Q=../testvectors/cmac/req +A=../testvectors/cmac/rsp + +fips_test: + -rm -rf $(A) + mkdir $(A) + if [ -f $(Q)/CMACGenAES256.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_cmactest -g < $(Q)/CMACGenAES256.req > $(A)/CMACGenAES256.rsp; fi + if [ -f $(Q)/CMACVerAES256.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_cmactest -v < $(Q)/CMACVerAES256.req > $(A)/CMACVerAES256.rsp; fi + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff +# DO NOT DELETE THIS LINE -- make depend depends on it. + +fips_cmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +fips_cmac_selftest.o: ../../include/openssl/cmac.h +fips_cmac_selftest.o: ../../include/openssl/crypto.h +fips_cmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +fips_cmac_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +fips_cmac_selftest.o: ../../include/openssl/lhash.h +fips_cmac_selftest.o: ../../include/openssl/obj_mac.h +fips_cmac_selftest.o: ../../include/openssl/objects.h +fips_cmac_selftest.o: ../../include/openssl/opensslconf.h +fips_cmac_selftest.o: ../../include/openssl/opensslv.h +fips_cmac_selftest.o: ../../include/openssl/ossl_typ.h +fips_cmac_selftest.o: ../../include/openssl/safestack.h +fips_cmac_selftest.o: ../../include/openssl/stack.h +fips_cmac_selftest.o: ../../include/openssl/symhacks.h fips_cmac_selftest.c +fips_cmactest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +fips_cmactest.o: ../../include/openssl/bn.h ../../include/openssl/cmac.h +fips_cmactest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +fips_cmactest.o: ../../include/openssl/err.h ../../include/openssl/evp.h +fips_cmactest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +fips_cmactest.o: ../../include/openssl/obj_mac.h +fips_cmactest.o: ../../include/openssl/objects.h +fips_cmactest.o: ../../include/openssl/opensslconf.h +fips_cmactest.o: ../../include/openssl/opensslv.h +fips_cmactest.o: ../../include/openssl/ossl_typ.h +fips_cmactest.o: ../../include/openssl/safestack.h +fips_cmactest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +fips_cmactest.o: ../fips_utl.h fips_cmactest.c diff --git a/fips/cmac/fips_cmac_selftest.c b/fips/cmac/fips_cmac_selftest.c new file mode 100644 index 0000000000..834efab10a --- /dev/null +++ b/fips/cmac/fips_cmac_selftest.c @@ -0,0 +1,146 @@ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#define OPENSSL_FIPSAPI + +#include +#include +#include +#include + +#ifdef OPENSSL_FIPS +typedef struct { + const EVP_CIPHER *(*alg)(void); + const unsigned char key[EVP_MAX_KEY_LENGTH]; int keysize; + const unsigned char msg[64]; int msgsize; + const unsigned char mac[32]; int macsize; +} CMAC_KAT; + +/* from http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf */ +static const CMAC_KAT vector[] = { + { EVP_aes_128_cbc, /* Example 3: Mlen = 320 */ + { 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, + 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c }, 128, + { 0x6b,0xc1,0xbe,0xe2, 0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11, 0x73,0x93,0x17,0x2a, + 0xae,0x2d,0x8a,0x57, 0x1e,0x03,0xac,0x9c, + 0x9e,0xb7,0x6f,0xac, 0x45,0xaf,0x8e,0x51, + 0x30,0xc8,0x1c,0x46, 0xa3,0x5c,0xe4,0x11 }, 320, + { 0xdf,0xa6,0x67,0x47, 0xde,0x9a,0xe6,0x30, + 0x30,0xca,0x32,0x61, 0x14,0x97,0xc8,0x27 }, 128 + }, + { EVP_aes_192_cbc, /* Example 5: Mlen = 0 */ + { 0x8e,0x73,0xb0,0xf7, 0xda,0x0e,0x64,0x52, + 0xc8,0x10,0xf3,0x2b, 0x80,0x90,0x79,0xe5, + 0x62,0xf8,0xea,0xd2, 0x52,0x2c,0x6b,0x7b, }, 192, + { 0x0 }, 0, + { 0xd1,0x7d,0xdf,0x46, 0xad,0xaa,0xcd,0xe5, + 0x31,0xca,0xc4,0x83, 0xde,0x7a,0x93,0x67, }, 128 + }, + { EVP_aes_256_cbc, /* Example 12: Mlen = 512 */ + { 0x60,0x3d,0xeb,0x10, 0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0, 0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07, 0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3, 0x09,0x14,0xdf,0xf4, }, 256, + { 0x6b,0xc1,0xbe,0xe2, 0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11, 0x73,0x93,0x17,0x2a, + 0xae,0x2d,0x8a,0x57, 0x1e,0x03,0xac,0x9c, + 0x9e,0xb7,0x6f,0xac, 0x45,0xaf,0x8e,0x51, + 0x30,0xc8,0x1c,0x46, 0xa3,0x5c,0xe4,0x11, + 0xe5,0xfb,0xc1,0x19, 0x1a,0x0a,0x52,0xef, + 0xf6,0x9f,0x24,0x45, 0xdf,0x4f,0x9b,0x17, + 0xad,0x2b,0x41,0x7b, 0xe6,0x6c,0x37,0x10, }, 512, + { 0xe1,0x99,0x21,0x90, 0x54,0x9f,0x6e,0xd5, + 0x69,0x6a,0x2c,0x05, 0x6c,0x31,0x54,0x10, }, 128, + }, +# if 0 + /* Removed because the actual result was: + 0x74,0x3d,0xdb,0xe0, 0xce,0x2d,0xc2,0xed + I suspect an error on my part -- Richard Levitte + */ + { EVP_des_ede3_cbc, /* Example 15: Mlen = 160 */ + { 0x8a,0xa8,0x3b,0xf8, 0xcb,0xda,0x10,0x62, + 0x0b,0xc1,0xbf,0x19, 0xfb,0xb6,0xcd,0x58, + 0xbc,0x31,0x3d,0x4a, 0x37,0x1c,0xa8,0xb5, }, 192, + { 0x6b,0xc1,0xbe,0xe2, 0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11, 0x73,0x93,0x17,0x2a, + 0xae,0x2d,0x8a,0x57, }, 160, + { 0xd3,0x2b,0xce,0xbe, 0x43,0xd2,0x3d,0x80, }, 64, + }, +# endif +}; + +int FIPS_selftest_cmac() + { + size_t n; + unsigned int outlen; + unsigned char out[32]; + const EVP_CIPHER *cipher; + CMAC_CTX *ctx = CMAC_CTX_new(); + const CMAC_KAT *t; + + for(n=0,t=vector; nalg)(); + CMAC_Init(ctx, t->key, t->keysize/8, cipher, 0); + CMAC_Update(ctx, t->msg, t->msgsize/8); + CMAC_Final(ctx, out, &outlen); + CMAC_CTX_cleanup(ctx); + + if(outlen != t->macsize/8 || memcmp(out,t->mac,outlen)) + { + FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC,FIPS_R_SELFTEST_FAILED); + return 0; + } + } + + CMAC_CTX_free(ctx); + return 1; + } +#endif diff --git a/fips/cmac/fips_cmactest.c b/fips/cmac/fips_cmactest.c new file mode 100644 index 0000000000..296f1a8f03 --- /dev/null +++ b/fips/cmac/fips_cmactest.c @@ -0,0 +1,441 @@ +/* fips_cmactest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2005. + */ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#define OPENSSL_FIPSAPI + +#include +#include +#include +#include +#include +#include +#include +#include + +#ifndef OPENSSL_FIPS + +int main(int argc, char *argv[]) +{ + printf("No FIPS CMAC support\n"); + return(0); +} + +#else + +#include +#include "fips_utl.h" + +static int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in, int mode); +static int print_cmac_gen(const EVP_CIPHER *cipher, FILE *out, + unsigned char *Key, int Klen, + unsigned char *Msg, int Msglen, + int Tlen); +static int print_cmac_ver(const EVP_CIPHER *cipher, FILE *out, + unsigned char *Key, int Klen, + unsigned char *Msg, int Msglen, + unsigned char *Mac, int Maclen, + int Tlen); + +int main(int argc, char **argv) + { + FILE *in = NULL, *out = NULL; + int mode = 0; /* 0 => Generate, 1 => Verify */ + + int ret = 1; + fips_set_error_print(); + if(!FIPS_mode_set(1)) + goto end; + + if (argc > 1 && argv[1][0] == '-') + { + if (strcmp(argv[1], "-g") == 0) + mode = 0; + else if (strcmp(argv[1], "-v") == 0) + mode = 1; + else + { + fprintf(stderr, "Unknown option %s\n", argv[1]); + goto end; + } + argv++; + argc--; + } + if (argc == 1) + in = stdin; + else + in = fopen(argv[1], "r"); + + if (argc < 2) + out = stdout; + else + out = fopen(argv[2], "w"); + + if (!in) + { + fprintf(stderr, "FATAL input initialization error\n"); + goto end; + } + + if (!out) + { + fprintf(stderr, "FATAL output initialization error\n"); + goto end; + } + + if (!cmac_test(EVP_aes_256_cbc(), out, in, mode)) + { + fprintf(stderr, "FATAL cmac file processing error\n"); + goto end; + } + else + ret = 0; + + end: + + if (in && (in != stdin)) + fclose(in); + if (out && (out != stdout)) + fclose(out); + + return ret; + + } + +#define CMAC_TEST_MAXLINELEN 1024 + +int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in, int mode) + { + char *linebuf, *olinebuf, *p, *q; + char *keyword, *value; + unsigned char *Key = NULL, *Msg = NULL, *Mac = NULL; + int Count, Klen, Mlen, Tlen; + long Keylen, Msglen, Maclen; + int ret = 0; + int lnum = 0; + + olinebuf = OPENSSL_malloc(CMAC_TEST_MAXLINELEN); + linebuf = OPENSSL_malloc(CMAC_TEST_MAXLINELEN); + + if (!linebuf || !olinebuf) + goto error; + + Count = -1; + Klen = -1; + Mlen = -1; + Tlen = -1; + + while (fgets(olinebuf, CMAC_TEST_MAXLINELEN, in)) + { + lnum++; + strcpy(linebuf, olinebuf); + keyword = linebuf; + /* Skip leading space */ + while (isspace((unsigned char)*keyword)) + keyword++; + + /* Skip comments */ + if (keyword[0] == '#') + { + if (fputs(olinebuf, out) < 0) + goto error; + continue; + } + + /* Look for = sign */ + p = strchr(linebuf, '='); + + /* If no = or starts with [ (for [L=20] line) just copy */ + if (!p) + { + if (fputs(olinebuf, out) < 0) + goto error; + continue; + } + + q = p - 1; + + /* Remove trailing space */ + while (isspace((unsigned char)*q)) + *q-- = 0; + + *p = 0; + value = p + 1; + + /* Remove leading space from value */ + while (isspace((unsigned char)*value)) + value++; + + /* Remove trailing space from value */ + p = value + strlen(value) - 1; + + while (*p == '\n' || isspace((unsigned char)*p)) + *p-- = 0; + + if (!strcmp(keyword, "Count")) + { + if (Count != -1) + goto parse_error; + Count = atoi(value); + if (Count < 0) + goto parse_error; + } + else if (!strcmp(keyword, "Klen")) + { + if (Klen != -1) + goto parse_error; + Klen = atoi(value); + if (Klen < 0) + goto parse_error; + } + else if (!strcmp(keyword, "Mlen")) + { + if (Mlen != -1) + goto parse_error; + Mlen = atoi(value); + if (Mlen < 0) + goto parse_error; + } + else if (!strcmp(keyword, "Tlen")) + { + if (Tlen != -1) + goto parse_error; + Tlen = atoi(value); + if (Tlen < 0) + goto parse_error; + } + else if (!strcmp(keyword, "Key")) + { + if (Key) + goto parse_error; + Key = hex2bin_m(value, &Keylen); + if (!Key) + goto parse_error; + } + else if (!strcmp(keyword, "Msg")) + { + if (Msg) + goto parse_error; + Msg = hex2bin_m(value, &Msglen); + if (!Msg) + goto parse_error; + } + else if (!strcmp(keyword, "Mac")) + { + if (mode == 0) + continue; + if (Mac) + goto parse_error; + Mac = hex2bin_m(value, &Maclen); + if (!Mac) + goto parse_error; + } + else if (!strcmp(keyword, "Result")) + { + if (mode == 1) + continue; + goto parse_error; + } + else + goto parse_error; + + fputs(olinebuf, out); + + switch(mode) + { + case 0: + if (Key && Msg && (Tlen > 0) && (Klen > 0)) + { + if (!print_cmac_gen(cipher, out, + Key, Klen, + Msg, Mlen, + Tlen)) + goto error; + OPENSSL_free(Key); + Key = NULL; + OPENSSL_free(Msg); + Msg = NULL; + Klen = -1; + Mlen = -1; + Tlen = -1; + Count = -1; + } + break; + case 1: + if (Key && Msg && Mac && (Tlen > 0) && (Klen > 0)) + { + if (!print_cmac_ver(cipher, out, + Key, Klen, + Msg, Mlen, + Mac, Maclen, + Tlen)) + goto error; + OPENSSL_free(Key); + Key = NULL; + OPENSSL_free(Msg); + Msg = NULL; + OPENSSL_free(Mac); + Mac = NULL; + Klen = -1; + Mlen = -1; + Tlen = -1; + Count = -1; + } + break; + } + + } + + + ret = 1; + + + error: + + if (olinebuf) + OPENSSL_free(olinebuf); + if (linebuf) + OPENSSL_free(linebuf); + if (Key) + OPENSSL_free(Key); + if (Msg) + OPENSSL_free(Msg); + + return ret; + + parse_error: + + fprintf(stderr, "FATAL parse error processing line %d\n", lnum); + + goto error; + + } + +static int print_cmac_gen(const EVP_CIPHER *cipher, FILE *out, + unsigned char *Key, int Klen, + unsigned char *Msg, int Mlen, + int Tlen) + { + int rc, i; + size_t reslen; + unsigned char res[1024]; + CMAC_CTX *cmac_ctx = CMAC_CTX_new(); + + CMAC_Init(cmac_ctx, Key, Klen, cipher, 0); + CMAC_Update(cmac_ctx, Msg, Mlen); + if (!CMAC_Final(cmac_ctx, res, &reslen)) + { + fputs("Error calculating CMAC\n", stderr); + rc = 0; + } + else if (Tlen > reslen) + { + fputs("Parameter error, Tlen > CMAC length\n", stderr); + rc = 0; + } + else + { + fputs("Mac = ", out); + for (i = 0; i < Tlen; i++) + fprintf(out, "%02x", res[i]); + fputs("\n", out); + rc = 1; + } + CMAC_CTX_free(cmac_ctx); + return rc; + } + +static int print_cmac_ver(const EVP_CIPHER *cipher, FILE *out, + unsigned char *Key, int Klen, + unsigned char *Msg, int Mlen, + unsigned char *Mac, int Maclen, + int Tlen) + { + int rc; + size_t reslen; + unsigned char res[1024]; + CMAC_CTX *cmac_ctx = CMAC_CTX_new(); + + CMAC_Init(cmac_ctx, Key, Klen, cipher, 0); + CMAC_Update(cmac_ctx, Msg, Mlen); + if (!CMAC_Final(cmac_ctx, res, &reslen)) + { + fputs("Error calculating CMAC\n", stderr); + rc = 0; + } + else if (Tlen > reslen) + { + fputs("Parameter error, Tlen > CMAC length\n", stderr); + rc = 0; + } + else if (Tlen != Maclen) + { + fputs("Parameter error, Tlen != resulting Mac length\n", stderr); + rc = 0; + } + else + { + if (!memcmp(Mac, res, Maclen)) + fputs("Result = P\n", out); + else + fputs("Result = F\n", out); + } + CMAC_CTX_free(cmac_ctx); + return rc; + } + +#endif diff --git a/fips/cmac/lib b/fips/cmac/lib new file mode 100644 index 0000000000..604e7e7f24 --- /dev/null +++ b/fips/cmac/lib @@ -0,0 +1 @@ +fips_cmac_selftest.o diff --git a/fips/fips.c b/fips/fips.c index c7d4bb567c..5ea4be1e08 100644 --- a/fips/fips.c +++ b/fips/fips.c @@ -174,6 +174,7 @@ int FIPS_selftest(void) return FIPS_selftest_sha1() && FIPS_selftest_hmac() + && FIPS_selftest_cmac() && FIPS_selftest_aes() && FIPS_selftest_aes_gcm() && FIPS_selftest_des() diff --git a/fips/fips.h b/fips/fips.h index 6dadc1ee18..110ee3c5b4 100644 --- a/fips/fips.h +++ b/fips/fips.h @@ -95,6 +95,7 @@ void FIPS_rng_stick(void); int FIPS_selftest_rng(void); int FIPS_selftest_hmac(void); int FIPS_selftest_drbg(void); +int FIPS_selftest_cmac(void); unsigned int FIPS_incore_fingerprint(unsigned char *sig,unsigned int len); int FIPS_check_incore_fingerprint(void); @@ -159,6 +160,8 @@ void FIPS_set_locking_callbacks(void (*func)(int mode, int type, #define EVP_CIPHER_CTX_ctrl FIPS_cipher_ctx_ctrl #define EVP_CIPHER_CTX_new FIPS_cipher_ctx_new #define EVP_CIPHER_CTX_free FIPS_cipher_ctx_free +#define EVP_CIPHER_CTX_copy FIPS_cipher_ctx_copy +#define EVP_CIPHER_CTX_set_key_length FIPS_cipher_ctx_set_key_length #define DSA_SIG_new FIPS_dsa_sig_new #define DSA_SIG_free FIPS_dsa_sig_free @@ -205,6 +208,7 @@ void ERR_load_FIPS_strings(void); #define FIPS_F_FIPS_PKEY_SIGNATURE_TEST 109 #define FIPS_F_FIPS_SELFTEST_AES 110 #define FIPS_F_FIPS_SELFTEST_AES_GCM 130 +#define FIPS_F_FIPS_SELFTEST_CMAC 139 #define FIPS_F_FIPS_SELFTEST_DES 111 #define FIPS_F_FIPS_SELFTEST_DSA 112 #define FIPS_F_FIPS_SELFTEST_ECDSA 131 diff --git a/fips/utl/fips_enc.c b/fips/utl/fips_enc.c index b3db931fe9..a25e5a1e5c 100644 --- a/fips/utl/fips_enc.c +++ b/fips/utl/fips_enc.c @@ -275,6 +275,54 @@ int FIPS_cipher_ctx_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) return ret; } +int FIPS_cipher_ctx_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) + { + if ((in == NULL) || (in->cipher == NULL)) + { + EVPerr(EVP_F_FIPS_CIPHER_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED); + return 0; + } + + /* Only FIPS ciphers allowed */ + if (FIPS_mode() && !(in->cipher->flags & EVP_CIPH_FLAG_FIPS) && + !(out->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) + { + EVPerr(EVP_F_FIPS_CIPHER_CTX_COPY, EVP_R_DISABLED_FOR_FIPS); + out->cipher = &bad_cipher; + return 0; + } + + FIPS_cipher_ctx_cleanup(out); + memcpy(out,in,sizeof *out); + + if (in->cipher_data && in->cipher->ctx_size) + { + out->cipher_data=OPENSSL_malloc(in->cipher->ctx_size); + if (!out->cipher_data) + { + EVPerr(EVP_F_FIPS_CIPHER_CTX_COPY,ERR_R_MALLOC_FAILURE); + return 0; + } + memcpy(out->cipher_data,in->cipher_data,in->cipher->ctx_size); + } + + if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY) + return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out); + return 1; + } + +/* You can't really set the key length with FIPS, so just check that the + caller sets the length the context already has. */ +int FIPS_cipher_ctx_set_key_length(EVP_CIPHER_CTX *ctx, int keylen) + { + if (ctx->key_len == keylen) + return 1; + + EVPerr(EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH,EVP_R_INVALID_KEY_LENGTH); + return 0; + } + + int FIPS_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl)