Loading fips/aes/Makefile +1 −1 Original line number Diff line number Diff line Loading @@ -21,7 +21,7 @@ AFLAGS= $(ASFLAGS) CFLAGS= $(INCLUDES) $(CFLAG) GENERAL=Makefile TEST=fips_aesavs.c TEST=fips_aesavs.c fips_gcmtest.c APPS= LIB=$(TOP)/libcrypto.a Loading fips/aes/fips_gcmtest.c 0 → 100644 +228 −0 Original line number Diff line number Diff line /* fips/aes/fips_gcmtest.c */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ /* ==================================================================== * Copyright (c) 2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * licensing@OpenSSL.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== */ #define OPENSSL_FIPSAPI #include <openssl/opensslconf.h> #ifndef OPENSSL_FIPS #include <stdio.h> int main(int argc, char **argv) { printf("No FIPS GCM support\n"); return(0); } #else #include <openssl/bn.h> #include <openssl/dsa.h> #include <openssl/fips.h> #include <openssl/err.h> #include <openssl/evp.h> #include <string.h> #include <ctype.h> #include "fips_utl.h" static void gcmtest(int encrypt) { char buf[2048]; char lbuf[2048]; char *keyword, *value; int keylen = -1, ivlen = -1, aadlen = -1, taglen = -1, ptlen = -1; int rv; long l; unsigned char *key = NULL, *iv = NULL, *aad = NULL, *tag = NULL; unsigned char *ct = NULL, *pt = NULL; EVP_CIPHER_CTX ctx; const EVP_CIPHER *gcm; EVP_CIPHER_CTX_init(&ctx); while(fgets(buf,sizeof buf,stdin) != NULL) { fputs(buf,stdout); if (!parse_line(&keyword, &value, lbuf, buf)) continue; if(!strcmp(keyword,"[Keylen")) { keylen = atoi(value); if (keylen == 128) gcm = EVP_aes_128_gcm(); else if (keylen == 192) gcm = EVP_aes_192_gcm(); else if (keylen == 256) gcm = EVP_aes_256_gcm(); else { fprintf(stderr, "Unsupported keylen %d\n", keylen); } keylen >>= 3; } else if (!strcmp(keyword, "[IVlen")) ivlen = atoi(value) >> 3; else if (!strcmp(keyword, "[AADlen")) aadlen = atoi(value) >> 3; else if (!strcmp(keyword, "[Taglen")) taglen = atoi(value) >> 3; else if (!strcmp(keyword, "[PTlen")) ptlen = atoi(value) >> 3; else if(!strcmp(keyword,"Key")) { key = hex2bin_m(value, &l); if (l != keylen) { fprintf(stderr, "Inconsistent Key length\n"); exit(1); } } else if(!strcmp(keyword,"IV")) { iv = hex2bin_m(value, &l); if (l != ivlen) { fprintf(stderr, "Inconsistent IV length\n"); exit(1); } } else if(!strcmp(keyword,"CT")) { ct = hex2bin_m(value, &l); if (l != ptlen) { fprintf(stderr, "Inconsistent CT length\n"); exit(1); } } else if(!strcmp(keyword,"AAD")) { aad = hex2bin_m(value, &l); if (l != aadlen) { fprintf(stderr, "Inconsistent AAD length\n"); exit(1); } } else if(!strcmp(keyword,"Tag")) { tag = hex2bin_m(value, &l); if (l != taglen) { fprintf(stderr, "Inconsistent Tag length\n"); exit(1); } if (encrypt) { fprintf(stderr, "Parse Error for Encrypt\n"); exit(1); } EVP_CipherInit_ex(&ctx, gcm, NULL, NULL, NULL, 0); EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0); EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, 0); EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, taglen, tag); if (aadlen) EVP_Cipher(&ctx, NULL, aad, aadlen); if (ptlen) { pt = OPENSSL_malloc(ptlen); rv = EVP_Cipher(&ctx, pt, ct, ptlen); } rv = EVP_Cipher(&ctx, NULL, NULL, 0); if (rv < 0) printf("FAIL\n"); else OutputValue("PT", pt, ptlen, stdout, 0); if (iv) OPENSSL_free(iv); if (aad) OPENSSL_free(aad); if (ct) OPENSSL_free(ct); if (pt) OPENSSL_free(pt); if (key) OPENSSL_free(key); if (tag) OPENSSL_free(tag); } } } int main(int argc,char **argv) { int encrypt; if(argc != 2) { fprintf(stderr,"%s [-encrypt|-decrypt]\n",argv[0]); exit(1); } fips_set_error_print(); if(!FIPS_mode_set(1)) exit(1); if(!strcmp(argv[1],"-encrypt")) encrypt = 1; else if(!strcmp(argv[1],"-decrypt")) encrypt = 0; else { fprintf(stderr,"Don't know how to %s.\n",argv[1]); exit(1); } gcmtest(encrypt); return 0; } #endif fips/fips_utl.h +5 −0 Original line number Diff line number Diff line Loading @@ -134,6 +134,11 @@ int hex2bin(const char *in, unsigned char *out) unsigned char *hex2bin_m(const char *in, long *plen) { unsigned char *p; if (strlen(in) == 0) { *plen = 0; return OPENSSL_malloc(1); } p = OPENSSL_malloc((strlen(in) + 1)/2); *plen = hex2bin(in, p); return p; Loading test/Makefile +8 −3 Original line number Diff line number Diff line Loading @@ -66,6 +66,7 @@ FIPS_SHATEST= fips_shatest FIPS_DESTEST= fips_desmovs FIPS_RANDTEST= fips_randtest FIPS_AESTEST= fips_aesavs FIPS_GCMTEST= fips_gcmtest FIPS_HMACTEST= fips_hmactest FIPS_RSAVTEST= fips_rsavtest FIPS_RSASTEST= fips_rsastest Loading @@ -90,7 +91,8 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST) $(FIPS_HMACTEST)$(EXE_EXT) $(FIPS_RSAVTEST)$(EXE_EXT) \ $(FIPS_RSASTEST)$(EXE_EXT) $(FIPS_RSAGTEST)$(EXE_EXT) \ $(FIPS_DSSVS)$(EXE_EXT) $(FIPS_DSATEST)$(EXE_EXT) \ $(FIPS_RNGVS)$(EXE_EXT) $(FIPS_TEST_SUITE)$(EXE_EXT) $(FIPS_RNGVS)$(EXE_EXT) $(FIPS_TEST_SUITE)$(EXE_EXT) \ $(FIPS_GCMTEST)$(EXE_EXT) # $(METHTEST)$(EXE_EXT) Loading @@ -104,7 +106,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \ $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \ $(FIPS_SHATEST).o $(FIPS_DESTEST).o $(FIPS_RANDTEST).o \ $(FIPS_AESTEST).o $(FIPS_HMACTEST).o $(FIPS_RSAVTEST).o \ $(FIPS_RSASTEST).o $(FIPS_RSAGTEST).o \ $(FIPS_RSASTEST).o $(FIPS_RSAGTEST).o $(FIPS_GCMTEST).o \ $(FIPS_DSSVS).o $(FIPS_DSATEST).o $(FIPS_RNGVS).o $(FIPS_TEST_SUITE).o \ $(EVPTEST).o $(IGETEST).o $(JPAKETEST).o SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ Loading @@ -116,7 +118,7 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c \ $(FIPS_SHATEST).c $(FIPS_DESTEST).c $(FIPS_RANDTEST).c \ $(FIPS_AESTEST).c $(FIPS_HMACTEST).c $(FIPS_RSAVTEST).c \ $(FIPS_RSASTEST).c $(FIPS_RSAGTEST).c \ $(FIPS_RSASTEST).c $(FIPS_RSAGTEST).c $(FIPS_GCMTEST).c \ $(FIPS_DSSVS).c $(FIPS_DSATEST).c $(FIPS_RNGVS).c $(FIPS_TEST_SUITE).c \ $(EVPTEST).c $(IGETEST).c $(JPAKETEST).c Loading Loading @@ -434,6 +436,9 @@ $(FIPS_SHATEST)$(EXE_EXT): $(FIPS_SHATEST).o $(DLIBCRYPTO) $(FIPS_AESTEST)$(EXE_EXT): $(FIPS_AESTEST).o $(DLIBCRYPTO) @target=$(FIPS_AESTEST); $(FIPS_BUILD_CMD) $(FIPS_GCMTEST)$(EXE_EXT): $(FIPS_GCMTEST).o $(DLIBCRYPTO) @target=$(FIPS_GCMTEST); $(FIPS_BUILD_CMD) $(FIPS_DESTEST)$(EXE_EXT): $(FIPS_DESTEST).o $(DLIBCRYPTO) @target=$(FIPS_DESTEST); $(FIPS_BUILD_CMD) Loading Loading
fips/aes/Makefile +1 −1 Original line number Diff line number Diff line Loading @@ -21,7 +21,7 @@ AFLAGS= $(ASFLAGS) CFLAGS= $(INCLUDES) $(CFLAG) GENERAL=Makefile TEST=fips_aesavs.c TEST=fips_aesavs.c fips_gcmtest.c APPS= LIB=$(TOP)/libcrypto.a Loading
fips/aes/fips_gcmtest.c 0 → 100644 +228 −0 Original line number Diff line number Diff line /* fips/aes/fips_gcmtest.c */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ /* ==================================================================== * Copyright (c) 2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * licensing@OpenSSL.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== */ #define OPENSSL_FIPSAPI #include <openssl/opensslconf.h> #ifndef OPENSSL_FIPS #include <stdio.h> int main(int argc, char **argv) { printf("No FIPS GCM support\n"); return(0); } #else #include <openssl/bn.h> #include <openssl/dsa.h> #include <openssl/fips.h> #include <openssl/err.h> #include <openssl/evp.h> #include <string.h> #include <ctype.h> #include "fips_utl.h" static void gcmtest(int encrypt) { char buf[2048]; char lbuf[2048]; char *keyword, *value; int keylen = -1, ivlen = -1, aadlen = -1, taglen = -1, ptlen = -1; int rv; long l; unsigned char *key = NULL, *iv = NULL, *aad = NULL, *tag = NULL; unsigned char *ct = NULL, *pt = NULL; EVP_CIPHER_CTX ctx; const EVP_CIPHER *gcm; EVP_CIPHER_CTX_init(&ctx); while(fgets(buf,sizeof buf,stdin) != NULL) { fputs(buf,stdout); if (!parse_line(&keyword, &value, lbuf, buf)) continue; if(!strcmp(keyword,"[Keylen")) { keylen = atoi(value); if (keylen == 128) gcm = EVP_aes_128_gcm(); else if (keylen == 192) gcm = EVP_aes_192_gcm(); else if (keylen == 256) gcm = EVP_aes_256_gcm(); else { fprintf(stderr, "Unsupported keylen %d\n", keylen); } keylen >>= 3; } else if (!strcmp(keyword, "[IVlen")) ivlen = atoi(value) >> 3; else if (!strcmp(keyword, "[AADlen")) aadlen = atoi(value) >> 3; else if (!strcmp(keyword, "[Taglen")) taglen = atoi(value) >> 3; else if (!strcmp(keyword, "[PTlen")) ptlen = atoi(value) >> 3; else if(!strcmp(keyword,"Key")) { key = hex2bin_m(value, &l); if (l != keylen) { fprintf(stderr, "Inconsistent Key length\n"); exit(1); } } else if(!strcmp(keyword,"IV")) { iv = hex2bin_m(value, &l); if (l != ivlen) { fprintf(stderr, "Inconsistent IV length\n"); exit(1); } } else if(!strcmp(keyword,"CT")) { ct = hex2bin_m(value, &l); if (l != ptlen) { fprintf(stderr, "Inconsistent CT length\n"); exit(1); } } else if(!strcmp(keyword,"AAD")) { aad = hex2bin_m(value, &l); if (l != aadlen) { fprintf(stderr, "Inconsistent AAD length\n"); exit(1); } } else if(!strcmp(keyword,"Tag")) { tag = hex2bin_m(value, &l); if (l != taglen) { fprintf(stderr, "Inconsistent Tag length\n"); exit(1); } if (encrypt) { fprintf(stderr, "Parse Error for Encrypt\n"); exit(1); } EVP_CipherInit_ex(&ctx, gcm, NULL, NULL, NULL, 0); EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0); EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, 0); EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, taglen, tag); if (aadlen) EVP_Cipher(&ctx, NULL, aad, aadlen); if (ptlen) { pt = OPENSSL_malloc(ptlen); rv = EVP_Cipher(&ctx, pt, ct, ptlen); } rv = EVP_Cipher(&ctx, NULL, NULL, 0); if (rv < 0) printf("FAIL\n"); else OutputValue("PT", pt, ptlen, stdout, 0); if (iv) OPENSSL_free(iv); if (aad) OPENSSL_free(aad); if (ct) OPENSSL_free(ct); if (pt) OPENSSL_free(pt); if (key) OPENSSL_free(key); if (tag) OPENSSL_free(tag); } } } int main(int argc,char **argv) { int encrypt; if(argc != 2) { fprintf(stderr,"%s [-encrypt|-decrypt]\n",argv[0]); exit(1); } fips_set_error_print(); if(!FIPS_mode_set(1)) exit(1); if(!strcmp(argv[1],"-encrypt")) encrypt = 1; else if(!strcmp(argv[1],"-decrypt")) encrypt = 0; else { fprintf(stderr,"Don't know how to %s.\n",argv[1]); exit(1); } gcmtest(encrypt); return 0; } #endif
fips/fips_utl.h +5 −0 Original line number Diff line number Diff line Loading @@ -134,6 +134,11 @@ int hex2bin(const char *in, unsigned char *out) unsigned char *hex2bin_m(const char *in, long *plen) { unsigned char *p; if (strlen(in) == 0) { *plen = 0; return OPENSSL_malloc(1); } p = OPENSSL_malloc((strlen(in) + 1)/2); *plen = hex2bin(in, p); return p; Loading
test/Makefile +8 −3 Original line number Diff line number Diff line Loading @@ -66,6 +66,7 @@ FIPS_SHATEST= fips_shatest FIPS_DESTEST= fips_desmovs FIPS_RANDTEST= fips_randtest FIPS_AESTEST= fips_aesavs FIPS_GCMTEST= fips_gcmtest FIPS_HMACTEST= fips_hmactest FIPS_RSAVTEST= fips_rsavtest FIPS_RSASTEST= fips_rsastest Loading @@ -90,7 +91,8 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST) $(FIPS_HMACTEST)$(EXE_EXT) $(FIPS_RSAVTEST)$(EXE_EXT) \ $(FIPS_RSASTEST)$(EXE_EXT) $(FIPS_RSAGTEST)$(EXE_EXT) \ $(FIPS_DSSVS)$(EXE_EXT) $(FIPS_DSATEST)$(EXE_EXT) \ $(FIPS_RNGVS)$(EXE_EXT) $(FIPS_TEST_SUITE)$(EXE_EXT) $(FIPS_RNGVS)$(EXE_EXT) $(FIPS_TEST_SUITE)$(EXE_EXT) \ $(FIPS_GCMTEST)$(EXE_EXT) # $(METHTEST)$(EXE_EXT) Loading @@ -104,7 +106,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \ $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \ $(FIPS_SHATEST).o $(FIPS_DESTEST).o $(FIPS_RANDTEST).o \ $(FIPS_AESTEST).o $(FIPS_HMACTEST).o $(FIPS_RSAVTEST).o \ $(FIPS_RSASTEST).o $(FIPS_RSAGTEST).o \ $(FIPS_RSASTEST).o $(FIPS_RSAGTEST).o $(FIPS_GCMTEST).o \ $(FIPS_DSSVS).o $(FIPS_DSATEST).o $(FIPS_RNGVS).o $(FIPS_TEST_SUITE).o \ $(EVPTEST).o $(IGETEST).o $(JPAKETEST).o SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ Loading @@ -116,7 +118,7 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c \ $(FIPS_SHATEST).c $(FIPS_DESTEST).c $(FIPS_RANDTEST).c \ $(FIPS_AESTEST).c $(FIPS_HMACTEST).c $(FIPS_RSAVTEST).c \ $(FIPS_RSASTEST).c $(FIPS_RSAGTEST).c \ $(FIPS_RSASTEST).c $(FIPS_RSAGTEST).c $(FIPS_GCMTEST).c \ $(FIPS_DSSVS).c $(FIPS_DSATEST).c $(FIPS_RNGVS).c $(FIPS_TEST_SUITE).c \ $(EVPTEST).c $(IGETEST).c $(JPAKETEST).c Loading Loading @@ -434,6 +436,9 @@ $(FIPS_SHATEST)$(EXE_EXT): $(FIPS_SHATEST).o $(DLIBCRYPTO) $(FIPS_AESTEST)$(EXE_EXT): $(FIPS_AESTEST).o $(DLIBCRYPTO) @target=$(FIPS_AESTEST); $(FIPS_BUILD_CMD) $(FIPS_GCMTEST)$(EXE_EXT): $(FIPS_GCMTEST).o $(DLIBCRYPTO) @target=$(FIPS_GCMTEST); $(FIPS_BUILD_CMD) $(FIPS_DESTEST)$(EXE_EXT): $(FIPS_DESTEST).o $(DLIBCRYPTO) @target=$(FIPS_DESTEST); $(FIPS_BUILD_CMD) Loading
