From: Pauli Date: Wed, 20 May 2020 04:15:04 +0000 (+1000) Subject: fips rand: DRBG KAT self test updates to provider model. X-Git-Tag: openssl-3.0.0-alpha4~14 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=6154f9a7cad7805a551343ed2111231aa2e00681;p=oweals%2Fopenssl.git fips rand: DRBG KAT self test updates to provider model. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/11682) --- diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index 80759cbfaf..ee33cfa631 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * RAND_DRBG_set is deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include #include @@ -433,6 +439,7 @@ void RAND_DRBG_free(RAND_DRBG *drbg) return; CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RAND_DRBG, drbg, &drbg->ex_data); + EVP_RAND_CTX_free(drbg->rand); OPENSSL_free(drbg); } diff --git a/include/openssl/rand_drbg.h b/include/openssl/rand_drbg.h index fd708d397c..f8517b8ecd 100644 --- a/include/openssl/rand_drbg.h +++ b/include/openssl/rand_drbg.h @@ -152,6 +152,8 @@ int RAND_DRBG_set_callback_data(RAND_DRBG *drbg, void *data); void *RAND_DRBG_get_callback_data(RAND_DRBG *drbg); +int RAND_DRBG_verify_zeroization(RAND_DRBG *drbg); + # ifdef __cplusplus } # endif diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc index 674806edb2..17bfc950db 100644 --- a/providers/fips/self_test_data.inc +++ b/providers/fips/self_test_data.inc @@ -60,7 +60,8 @@ typedef struct st_kat_kdf_st { typedef struct st_kat_drbg_st { const char *desc; const char *algorithm; - int nid; + const char *param_name; + char *param_value; const unsigned char *entropyin; size_t entropyinlen; const unsigned char *nonce; @@ -458,8 +459,7 @@ static const ST_KAT_DRBG st_kat_drbg_tests[] = { { OSSL_SELF_TEST_DESC_DRBG_HASH, - "SHA256", - NID_sha256, + "HASH-DRBG", "digest", "SHA256", ITM(drbg_hash_sha256_pr_entropyin), ITM(drbg_hash_sha256_pr_nonce), ITM(drbg_hash_sha256_pr_persstr), @@ -471,8 +471,7 @@ static const ST_KAT_DRBG st_kat_drbg_tests[] = }, { OSSL_SELF_TEST_DESC_DRBG_CTR, - "AES-128", - NID_aes_128_ctr, + "CTR-DRBG", "cipher", "AES-128-CTR", ITM(drbg_ctr_aes128_pr_df_entropyin), ITM(drbg_ctr_aes128_pr_df_nonce), ITM(drbg_ctr_aes128_pr_df_persstr), @@ -484,8 +483,7 @@ static const ST_KAT_DRBG st_kat_drbg_tests[] = }, { OSSL_SELF_TEST_DESC_DRBG_HMAC, - "SHA1", - NID_sha1, + "HMAC-DRBG", "digest", "SHA1", ITM(drbg_hmac_sha1_pr_entropyin), ITM(drbg_hmac_sha1_pr_nonce), ITM(drbg_hmac_sha1_pr_persstr), diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c index 6b75f12e5c..6dc9dbc17f 100644 --- a/providers/fips/self_test_kats.c +++ b/providers/fips/self_test_kats.c @@ -10,17 +10,12 @@ #include #include #include -#include #include #include #include "internal/cryptlib.h" #include "internal/nelem.h" #include "self_test.h" #include "self_test_data.inc" -#include "../../crypto/rand/rand_local.h" - -#define DRBG_PARAM_ENTROPY "DRBG-ENTROPY" -#define DRBG_PARAM_NONCE "DRBG-NONCE" static int self_test_digest(const ST_KAT_DIGEST *t, OSSL_SELF_TEST *st, OPENSSL_CTX *libctx) @@ -240,86 +235,90 @@ err: return ret; } -static size_t drbg_kat_entropy_cb(RAND_DRBG *drbg, unsigned char **pout, - int entropy, size_t min_len, size_t max_len, - int prediction_resistance) -{ - OSSL_PARAM *drbg_params = RAND_DRBG_get_callback_data(drbg); - OSSL_PARAM *p = OSSL_PARAM_locate(drbg_params, DRBG_PARAM_ENTROPY); - - if (p == NULL || p->data_type != OSSL_PARAM_OCTET_STRING) - return 0; - *pout = (unsigned char *)p->data; - return p->data_size; -} - -static size_t drbg_kat_nonce_cb(RAND_DRBG *drbg, unsigned char **pout, - int entropy, size_t min_len, size_t max_len) -{ - OSSL_PARAM *drbg_params = RAND_DRBG_get_callback_data(drbg); - OSSL_PARAM *p = OSSL_PARAM_locate(drbg_params, DRBG_PARAM_NONCE); - - if (p == NULL || p->data_type != OSSL_PARAM_OCTET_STRING) - return 0; - *pout = (unsigned char *)p->data; - return p->data_size; -} - static int self_test_drbg(const ST_KAT_DRBG *t, OSSL_SELF_TEST *st, OPENSSL_CTX *libctx) { int ret = 0; unsigned char out[256]; - RAND_DRBG *drbg = NULL; - unsigned int flags = 0; + EVP_RAND *rand; + EVP_RAND_CTX *test = NULL, *drbg = NULL; + unsigned int strength = 256; int prediction_resistance = 1; /* Causes a reseed */ OSSL_PARAM drbg_params[3] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END }; - static const unsigned char zero[sizeof(drbg->data)] = { 0 }; OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_DRBG, t->desc); - if (strcmp(t->desc, OSSL_SELF_TEST_DESC_DRBG_HMAC) == 0) - flags |= RAND_DRBG_FLAG_HMAC; + rand = EVP_RAND_fetch(libctx, "TEST-RAND", NULL); + if (rand == NULL) + goto err; - drbg = RAND_DRBG_new_ex(libctx, t->nid, flags, NULL); - if (drbg == NULL) + test = EVP_RAND_CTX_new(rand, NULL); + EVP_RAND_free(rand); + if (test == NULL) goto err; - if (!RAND_DRBG_set_callback_data(drbg, drbg_params)) + drbg_params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, + &strength); + if (!EVP_RAND_set_ctx_params(test, drbg_params)) goto err; - if (!RAND_DRBG_set_callbacks(drbg, drbg_kat_entropy_cb, NULL, - drbg_kat_nonce_cb, NULL)) + rand = EVP_RAND_fetch(libctx, t->algorithm, NULL); + if (rand == NULL) + goto err; + + drbg = EVP_RAND_CTX_new(rand, test); + EVP_RAND_free(rand); + if (drbg == NULL) + goto err; + + strength = EVP_RAND_strength(drbg); + + drbg_params[0] = OSSL_PARAM_construct_utf8_string(t->param_name, + t->param_value, 0); + /* This is only used by HMAC-DRBG but it is ignored by the others */ + drbg_params[1] = + OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_MAC, "HMAC", 0); + if (!EVP_RAND_set_ctx_params(drbg, drbg_params)) goto err; drbg_params[0] = - OSSL_PARAM_construct_octet_string(DRBG_PARAM_ENTROPY, - (void *)t->entropyin, t->entropyinlen); + OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, + (void *)t->entropyin, + t->entropyinlen); drbg_params[1] = - OSSL_PARAM_construct_octet_string(DRBG_PARAM_NONCE, + OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE, (void *)t->nonce, t->noncelen); - - if (!RAND_DRBG_instantiate(drbg, t->persstr, t->persstrlen)) + if (!EVP_RAND_set_ctx_params(test, drbg_params) + || !EVP_RAND_instantiate(test, strength, 0, NULL, 0)) + goto err; + if (!EVP_RAND_instantiate(drbg, strength, 0, t->persstr, t->persstrlen)) goto err; drbg_params[0] = - OSSL_PARAM_construct_octet_string(DRBG_PARAM_ENTROPY, + OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, (void *)t->entropyinpr1, t->entropyinpr1len); + if (!EVP_RAND_set_ctx_params(test, drbg_params)) + goto err; - if (!RAND_DRBG_generate(drbg, out, t->expectedlen, prediction_resistance, - t->entropyaddin1, t->entropyaddin1len)) + if (!EVP_RAND_generate(drbg, out, t->expectedlen, strength, + prediction_resistance, + t->entropyaddin1, t->entropyaddin1len)) goto err; drbg_params[0] = - OSSL_PARAM_construct_octet_string(DRBG_PARAM_ENTROPY, + OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, (void *)t->entropyinpr2, t->entropyinpr2len); + if (!EVP_RAND_set_ctx_params(test, drbg_params)) + goto err; + /* This calls RAND_DRBG_reseed() internally when prediction_resistance = 1 */ - if (!RAND_DRBG_generate(drbg, out, t->expectedlen, prediction_resistance, - t->entropyaddin2, t->entropyaddin2len)) + if (!EVP_RAND_generate(drbg, out, t->expectedlen, strength, + prediction_resistance, + t->entropyaddin2, t->entropyaddin2len)) goto err; OSSL_SELF_TEST_oncorrupt_byte(st, out); @@ -327,17 +326,18 @@ static int self_test_drbg(const ST_KAT_DRBG *t, OSSL_SELF_TEST *st, if (memcmp(out, t->expected, t->expectedlen) != 0) goto err; - if (!RAND_DRBG_uninstantiate(drbg)) + if (!EVP_RAND_uninstantiate(drbg)) goto err; /* * Check that the DRBG data has been zeroized after RAND_DRBG_uninstantiate. */ - if (memcmp((unsigned char *)&drbg->data, zero, sizeof(drbg->data)) != 0) + if (!EVP_RAND_verify_zeroization(drbg)) goto err; ret = 1; err: - RAND_DRBG_free(drbg); + EVP_RAND_CTX_free(drbg); + EVP_RAND_CTX_free(test); OSSL_SELF_TEST_onend(st, ret); return ret; }