fips/aes/fips_aes_selftest.c

   1 /* ====================================================================
   2  * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
   3  *
   4  * Redistribution and use in source and binary forms, with or without
   5  * modification, are permitted provided that the following conditions
   6  * are met:
   7  *
   8  * 1. Redistributions of source code must retain the above copyright
   9  *    notice, this list of conditions and the following disclaimer.
  10  *
  11  * 2. Redistributions in binary form must reproduce the above copyright
  12  *    notice, this list of conditions and the following disclaimer in
  13  *    the documentation and/or other materials provided with the
  14  *    distribution.
  15  *
  16  * 3. All advertising materials mentioning features or use of this
  17  *    software must display the following acknowledgment:
  18  *    "This product includes software developed by the OpenSSL Project
  19  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
  20  *
  21  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  22  *    endorse or promote products derived from this software without
  23  *    prior written permission. For written permission, please contact
  24  *    openssl-core@openssl.org.
  25  *
  26  * 5. Products derived from this software may not be called "OpenSSL"
  27  *    nor may "OpenSSL" appear in their names without prior written
  28  *    permission of the OpenSSL Project.
  29  *
  30  * 6. Redistributions of any form whatsoever must retain the following
  31  *    acknowledgment:
  32  *    "This product includes software developed by the OpenSSL Project
  33  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
  34  *
  35  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  36  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  37  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  38  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
  39  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  40  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  41  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  42  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  43  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  44  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  45  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  46  * OF THE POSSIBILITY OF SUCH DAMAGE.
  47  *
  48  */
  49
  50 #define OPENSSL_FIPSAPI
  51
  52 #include <string.h>
  53 #include <openssl/err.h>
  54 #include <openssl/fips.h>
  55 #include <openssl/evp.h>
  56
  57 #ifdef OPENSSL_FIPS
  58 static struct
  59     {
  60     unsigned char key[16];
  61     unsigned char plaintext[16];
  62     unsigned char ciphertext[16];
  63     } tests[]=
  64         {
  65         {
  66         { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
  67           0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F },
  68         { 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,
  69           0x88,0x99,0xAA,0xBB,0xCC,0xDD,0xEE,0xFF },
  70         { 0x69,0xC4,0xE0,0xD8,0x6A,0x7B,0x04,0x30,
  71           0xD8,0xCD,0xB7,0x80,0x70,0xB4,0xC5,0x5A },
  72         },
  73         };
  74
  75 void FIPS_corrupt_aes()
  76     {
  77     tests[0].key[0]++;
  78     }
  79
  80 int FIPS_selftest_aes()
  81     {
  82     int n;
  83     int ret = 0;
  84     EVP_CIPHER_CTX ctx;
  85     FIPS_cipher_ctx_init(&ctx);
  86
  87     for(n=0 ; n < 1 ; ++n)
  88         {
  89         if (fips_cipher_test(&ctx, EVP_aes_128_ecb(),
  90                                 tests[n].key, NULL,
  91                                 tests[n].plaintext,
  92                                 tests[n].ciphertext,
  93                                 16) <= 0)
  94                 goto err;
  95         }
  96     ret = 1;
  97     err:
  98     FIPS_cipher_ctx_cleanup(&ctx);
  99     if (ret == 0)
 100             FIPSerr(FIPS_F_FIPS_SELFTEST_AES,FIPS_R_SELFTEST_FAILED);
 101     return ret;
 102     }
 103
 104 /* AES-GCM test data from NIST public test vectors */
 105
 106 static const unsigned char gcm_key[] = {
 107         0xee,0xbc,0x1f,0x57,0x48,0x7f,0x51,0x92,0x1c,0x04,0x65,0x66,
 108         0x5f,0x8a,0xe6,0xd1,0x65,0x8b,0xb2,0x6d,0xe6,0xf8,0xa0,0x69,
 109         0xa3,0x52,0x02,0x93,0xa5,0x72,0x07,0x8f
 110 };
 111 static const unsigned char gcm_iv[] = {
 112         0x99,0xaa,0x3e,0x68,0xed,0x81,0x73,0xa0,0xee,0xd0,0x66,0x84
 113 };
 114 static const unsigned char gcm_pt[] = {
 115         0xf5,0x6e,0x87,0x05,0x5b,0xc3,0x2d,0x0e,0xeb,0x31,0xb2,0xea,
 116         0xcc,0x2b,0xf2,0xa5
 117 };
 118 static const unsigned char gcm_aad[] = {
 119         0x4d,0x23,0xc3,0xce,0xc3,0x34,0xb4,0x9b,0xdb,0x37,0x0c,0x43,
 120         0x7f,0xec,0x78,0xde
 121 };
 122 static const unsigned char gcm_ct[] = {
 123         0xf7,0x26,0x44,0x13,0xa8,0x4c,0x0e,0x7c,0xd5,0x36,0x86,0x7e,
 124         0xb9,0xf2,0x17,0x36
 125 };
 126 static const unsigned char gcm_tag[] = {
 127         0x67,0xba,0x05,0x10,0x26,0x2a,0xe4,0x87,0xd7,0x37,0xee,0x62,
 128         0x98,0xf7,0x7e,0x0c
 129 };
 130
 131 static int corrupt_aes_gcm = 0;
 132
 133 void FIPS_corrupt_aes_gcm(void)
 134     {
 135     corrupt_aes_gcm = 1;
 136     }
 137
 138 int FIPS_selftest_aes_gcm(void)
 139         {
 140         int ret = 0;
 141         unsigned char out[128], tag[16];
 142         EVP_CIPHER_CTX ctx;
 143         FIPS_cipher_ctx_init(&ctx);
 144         FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 1);
 145         FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
 146                                         sizeof(gcm_iv), NULL);
 147         if (!FIPS_cipherinit(&ctx, NULL, gcm_key, gcm_iv, 1))
 148                 goto err;
 149         if (FIPS_cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
 150                 goto err;
 151         if (FIPS_cipher(&ctx, out, gcm_pt, sizeof(gcm_pt)) != sizeof(gcm_ct))
 152                 goto err;
 153         if (FIPS_cipher(&ctx, NULL, NULL, 0) < 0)
 154                 goto err;
 155
 156         if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, 16, tag))
 157                 goto err;
 158
 159         if (memcmp(tag, gcm_tag, 16) || memcmp(out, gcm_ct, 16))
 160                 goto err;
 161
 162         /* Modify expected tag value */
 163         if (corrupt_aes_gcm)
 164                 tag[0]++;
 165
 166         FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 0);
 167         FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
 168                                         sizeof(gcm_iv), NULL);
 169         if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tag))
 170                 goto err;
 171         if (!FIPS_cipherinit(&ctx, NULL, gcm_key, gcm_iv, 0))
 172                 goto err;
 173         if (FIPS_cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
 174                 goto err;
 175         if (FIPS_cipher(&ctx, out, gcm_ct, sizeof(gcm_ct)) != sizeof(gcm_pt))
 176                 goto err;
 177         if (FIPS_cipher(&ctx, NULL, NULL, 0) < 0)
 178                 goto err;
 179
 180         if (memcmp(out, gcm_pt, 16))
 181                 goto err;
 182
 183         ret = 1;
 184
 185         err:
 186
 187         if (ret == 0)
 188                 FIPSerr(FIPS_F_FIPS_SELFTEST_AES_GCM,FIPS_R_SELFTEST_FAILED);
 189
 190         FIPS_cipher_ctx_cleanup(&ctx);
 191
 192         return ret;
 193         }
 194
 195 #endif