From 0fbf8f447b6063b2023ddbf8e8caa57a29aa368a Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 15 Feb 2011 16:58:28 +0000 Subject: [PATCH] Add pairwise consistency test to EC. --- crypto/ec/ec_key.c | 40 ++++++++++++++++++++++++++++++++++++++++ crypto/fips_err.h | 1 + fips/fips.c | 14 ++++++++++++++ fips/fips.h | 2 ++ 4 files changed, 57 insertions(+) diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index 7126cd619d..1615ec8a5a 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -232,6 +232,35 @@ int EC_KEY_up_ref(EC_KEY *r) return ((i > 1) ? 1 : 0); } +#ifdef OPENSSL_FIPS + +#include + +static int fips_ec_pairwise_fail = 0; + +void FIPS_corrupt_ec_keygen(void) + { + fips_ec_pairwise_fail = 1; + } + +static int fips_check_ec(EC_KEY *key) + { + EVP_PKEY pk; + unsigned char tbs[] = "ECDSA Pairwise Check Data"; + pk.type = EVP_PKEY_EC; + pk.pkey.ec = key; + + if (!fips_pkey_signature_test(&pk, tbs, -1, NULL, 0, NULL, 0, NULL)) + { + FIPSerr(FIPS_F_FIPS_CHECK_EC,FIPS_R_PAIRWISE_TEST_FAILED); + fips_set_selftest_fail(); + return 0; + } + return 1; + } + +#endif + int EC_KEY_generate_key(EC_KEY *eckey) { int ok = 0; @@ -280,6 +309,17 @@ int EC_KEY_generate_key(EC_KEY *eckey) eckey->priv_key = priv_key; eckey->pub_key = pub_key; +#ifdef OPENSSL_FIPS + if (fips_ec_pairwise_fail) + BN_add_word(eckey->priv_key, 1); + if(!fips_check_ec(eckey)) + { + eckey->priv_key = NULL; + eckey->pub_key = NULL; + goto err; + } +#endif + ok=1; err: diff --git a/crypto/fips_err.h b/crypto/fips_err.h index 4ea18399f1..00406ba8ac 100644 --- a/crypto/fips_err.h +++ b/crypto/fips_err.h @@ -78,6 +78,7 @@ static ERR_STRING_DATA FIPS_str_functs[]= {ERR_FUNC(FIPS_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"}, {ERR_FUNC(FIPS_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"}, {ERR_FUNC(FIPS_F_FIPS_CHECK_DSA), "FIPS_CHECK_DSA"}, +{ERR_FUNC(FIPS_F_FIPS_CHECK_EC), "FIPS_CHECK_EC"}, {ERR_FUNC(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT), "FIPS_check_incore_fingerprint"}, {ERR_FUNC(FIPS_F_FIPS_CHECK_RSA), "fips_check_rsa"}, {ERR_FUNC(FIPS_F_FIPS_CIPHERINIT), "FIPS_CIPHERINIT"}, diff --git a/fips/fips.c b/fips/fips.c index 6a90328d7e..ac4313f965 100644 --- a/fips/fips.c +++ b/fips/fips.c @@ -56,6 +56,7 @@ #include #include #include +#include #include #include #include "fips_locl.h" @@ -437,6 +438,7 @@ int fips_pkey_signature_test(EVP_PKEY *pkey, unsigned char sigtmp[256], *sig = sigtmp; unsigned int siglen; DSA_SIG *dsig = NULL; + ECDSA_SIG *esig = NULL; EVP_MD_CTX mctx; FIPS_md_ctx_init(&mctx); @@ -473,6 +475,12 @@ int fips_pkey_signature_test(EVP_PKEY *pkey, if (!dsig) goto error; } + else if (pkey->type == EVP_PKEY_EC) + { + esig = FIPS_ecdsa_sign_ctx(pkey->pkey.ec, &mctx); + if (!esig) + goto error; + } #if 0 else if (!EVP_SignFinal(&mctx, sig, &siglen, pkey)) goto error; @@ -494,6 +502,10 @@ int fips_pkey_signature_test(EVP_PKEY *pkey, { ret = FIPS_dsa_verify_ctx(pkey->pkey.dsa, &mctx, dsig); } + else if (pkey->type == EVP_PKEY_EC) + { + ret = FIPS_ecdsa_verify_ctx(pkey->pkey.ec, &mctx, esig); + } #if 0 else ret = EVP_VerifyFinal(&mctx, sig, siglen, pkey); @@ -502,6 +514,8 @@ int fips_pkey_signature_test(EVP_PKEY *pkey, error: if (dsig != NULL) FIPS_dsa_sig_free(dsig); + if (esig != NULL) + FIPS_ecdsa_sig_free(esig); if (sig != sigtmp) OPENSSL_free(sig); FIPS_md_ctx_cleanup(&mctx); diff --git a/fips/fips.h b/fips/fips.h index 64115da2d6..8087fa178b 100644 --- a/fips/fips.h +++ b/fips/fips.h @@ -84,6 +84,7 @@ int FIPS_selftest_rsa(void); void FIPS_corrupt_dsa(void); void FIPS_corrupt_dsa_keygen(void); int FIPS_selftest_dsa(void); +void FIPS_corrupt_ec_keygen(void); void FIPS_corrupt_rng(void); void FIPS_rng_stick(void); int FIPS_selftest_rng(void); @@ -180,6 +181,7 @@ void ERR_load_FIPS_strings(void); #define FIPS_F_EVP_CIPHERINIT_EX 124 #define FIPS_F_EVP_DIGESTINIT_EX 125 #define FIPS_F_FIPS_CHECK_DSA 104 +#define FIPS_F_FIPS_CHECK_EC 129 #define FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT 105 #define FIPS_F_FIPS_CHECK_RSA 106 #define FIPS_F_FIPS_CIPHERINIT 128 -- 2.25.1