Loading CHANGES +4 −3 Original line number Diff line number Diff line Loading @@ -4,9 +4,10 @@ Changes between 1.0.1 and 1.1.0 [xx XXX xxxx] *) Initial untested CCM support via EVP. Interface is very similar to GCM case except we must supply all data in one chunk (i.e. no update, final) and the message length must be supplied if AAD is used. *) CCM support via EVP. Interface is very similar to GCM case except we must supply all data in one chunk (i.e. no update, final) and the message length must be supplied if AAD is used. Add algorithm test support. [Steve Henson] *) Initial version of POST overhaul. Add POST callback to allow the status Loading crypto/evp/e_aes.c +2 −2 Original line number Diff line number Diff line Loading @@ -625,7 +625,7 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) case EVP_CTRL_CCM_GET_TAG: if (!c->encrypt || !cctx->tag_set) return 0; if(CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg)) if(!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg)) return 0; cctx->tag_set = 0; cctx->iv_set = 0; Loading Loading @@ -707,7 +707,7 @@ static int aes_ccm(EVP_CIPHER_CTX *ctx, unsigned char *out, if (!CRYPTO_ccm128_decrypt(ccm, in, out, len)) { unsigned char tag[16]; if (!CRYPTO_ccm128_tag(ccm, tag, cctx->M)) if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { if (!memcmp(tag, ctx->buf, cctx->M)) rv = len; Loading fips/aes/fips_gcmtest.c +59 −11 Original line number Diff line number Diff line Loading @@ -337,7 +337,7 @@ static void xtstest(FILE *in, FILE *out) } } static void ccmencrypt(FILE *in, FILE *out) static void ccmtest(FILE *in, FILE *out) { char buf[2048]; char lbuf[2048]; Loading @@ -347,26 +347,37 @@ static void ccmencrypt(FILE *in, FILE *out) unsigned char *Adata = NULL, *Payload = NULL; unsigned char *CT = NULL; int Plen = -1, Nlen = -1, Tlen = -1, Alen = -1; int decr = 0; EVP_CIPHER_CTX ctx; const EVP_CIPHER *ccm = NULL; FIPS_cipher_ctx_init(&ctx); while(fgets(buf,sizeof buf,in) != NULL) { char *p; fputs(buf,out); redo: if (!parse_line(&keyword, &value, lbuf, buf)) continue; /* If surrounded by square brackets zap them */ if (keyword[0] == '[') { char *p; keyword++; p = strchr(value, ']'); if (p) *p = 0; } /* See if we have a comma separated list of parameters * if so copy rest of line back to buffer and redo later. */ p = strchr(value, ','); if (p) { *p = 0; strcpy(buf, p + 1); decr = 1; } if (!strcmp(keyword,"Plen")) Plen = atoi(value); else if (!strcmp(keyword,"Nlen")) Loading @@ -375,7 +386,9 @@ static void ccmencrypt(FILE *in, FILE *out) Tlen = atoi(value); else if (!strcmp(keyword,"Alen")) Alen = atoi(value); else if (!strcmp(keyword,"Key")) if (p) goto redo; if (!strcmp(keyword,"Key")) { if (Key) OPENSSL_free(Key); Loading Loading @@ -403,7 +416,7 @@ static void ccmencrypt(FILE *in, FILE *out) exit(1); } } else if (!strcmp(keyword,"Payload")) else if (!strcmp(keyword,"Payload") && !decr) { Payload = hex2bin_m(value, &l); if (Plen && l != Plen) Loading @@ -421,6 +434,15 @@ static void ccmencrypt(FILE *in, FILE *out) exit(1); } } else if (!strcmp(keyword,"CT") && decr) { CT = hex2bin_m(value, &l); if (l != (Plen + Tlen)) { fprintf(stderr, "Inconsistent CT length\n"); exit(1); } } if (Payload) { FIPS_cipherinit(&ctx, ccm, NULL, NULL, 1); Loading @@ -439,6 +461,32 @@ static void ccmencrypt(FILE *in, FILE *out) OPENSSL_free(Payload); CT = Payload = NULL; } if (CT) { int rv; int len = Plen == 0 ? 1: Plen; FIPS_cipherinit(&ctx, ccm, NULL, NULL, 0); FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, Nlen, 0); FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, Tlen, CT + Plen); FIPS_cipherinit(&ctx, NULL, Key, Nonce, 0); FIPS_cipher(&ctx, NULL, NULL, Plen); FIPS_cipher(&ctx, NULL, Adata, Alen); Payload = OPENSSL_malloc(len); rv = FIPS_cipher(&ctx, Payload, CT, Plen); if (rv >= 0) { if (rv == 0) Payload[0] = 0; fputs("Result = Pass\n", out); OutputValue("Payload", Payload, len, out, 0); } else fputs("Result = Fail\n", out); OPENSSL_free(CT); OPENSSL_free(Payload); CT = Payload = NULL; } } if (Key) OPENSSL_free(Key); Loading @@ -450,7 +498,7 @@ static void ccmencrypt(FILE *in, FILE *out) int main(int argc,char **argv) { int encrypt; int xts = 0, ccmenc = 0; int xts = 0, ccm = 0; FILE *in, *out; if (argc == 4) { Loading Loading @@ -484,8 +532,8 @@ int main(int argc,char **argv) encrypt = 2; else if(!strcmp(argv[1],"-decrypt")) encrypt = 0; else if(!strcmp(argv[1],"-ccmencrypt")) ccmenc = 1; else if(!strcmp(argv[1],"-ccm")) ccm = 1; else if(!strcmp(argv[1],"-xts")) xts = 1; else Loading @@ -494,8 +542,8 @@ int main(int argc,char **argv) exit(1); } if (ccmenc) ccmencrypt(in, out); if (ccm) ccmtest(in, out); else if (xts) xtstest(in, out); else Loading Loading
CHANGES +4 −3 Original line number Diff line number Diff line Loading @@ -4,9 +4,10 @@ Changes between 1.0.1 and 1.1.0 [xx XXX xxxx] *) Initial untested CCM support via EVP. Interface is very similar to GCM case except we must supply all data in one chunk (i.e. no update, final) and the message length must be supplied if AAD is used. *) CCM support via EVP. Interface is very similar to GCM case except we must supply all data in one chunk (i.e. no update, final) and the message length must be supplied if AAD is used. Add algorithm test support. [Steve Henson] *) Initial version of POST overhaul. Add POST callback to allow the status Loading
crypto/evp/e_aes.c +2 −2 Original line number Diff line number Diff line Loading @@ -625,7 +625,7 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) case EVP_CTRL_CCM_GET_TAG: if (!c->encrypt || !cctx->tag_set) return 0; if(CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg)) if(!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg)) return 0; cctx->tag_set = 0; cctx->iv_set = 0; Loading Loading @@ -707,7 +707,7 @@ static int aes_ccm(EVP_CIPHER_CTX *ctx, unsigned char *out, if (!CRYPTO_ccm128_decrypt(ccm, in, out, len)) { unsigned char tag[16]; if (!CRYPTO_ccm128_tag(ccm, tag, cctx->M)) if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { if (!memcmp(tag, ctx->buf, cctx->M)) rv = len; Loading
fips/aes/fips_gcmtest.c +59 −11 Original line number Diff line number Diff line Loading @@ -337,7 +337,7 @@ static void xtstest(FILE *in, FILE *out) } } static void ccmencrypt(FILE *in, FILE *out) static void ccmtest(FILE *in, FILE *out) { char buf[2048]; char lbuf[2048]; Loading @@ -347,26 +347,37 @@ static void ccmencrypt(FILE *in, FILE *out) unsigned char *Adata = NULL, *Payload = NULL; unsigned char *CT = NULL; int Plen = -1, Nlen = -1, Tlen = -1, Alen = -1; int decr = 0; EVP_CIPHER_CTX ctx; const EVP_CIPHER *ccm = NULL; FIPS_cipher_ctx_init(&ctx); while(fgets(buf,sizeof buf,in) != NULL) { char *p; fputs(buf,out); redo: if (!parse_line(&keyword, &value, lbuf, buf)) continue; /* If surrounded by square brackets zap them */ if (keyword[0] == '[') { char *p; keyword++; p = strchr(value, ']'); if (p) *p = 0; } /* See if we have a comma separated list of parameters * if so copy rest of line back to buffer and redo later. */ p = strchr(value, ','); if (p) { *p = 0; strcpy(buf, p + 1); decr = 1; } if (!strcmp(keyword,"Plen")) Plen = atoi(value); else if (!strcmp(keyword,"Nlen")) Loading @@ -375,7 +386,9 @@ static void ccmencrypt(FILE *in, FILE *out) Tlen = atoi(value); else if (!strcmp(keyword,"Alen")) Alen = atoi(value); else if (!strcmp(keyword,"Key")) if (p) goto redo; if (!strcmp(keyword,"Key")) { if (Key) OPENSSL_free(Key); Loading Loading @@ -403,7 +416,7 @@ static void ccmencrypt(FILE *in, FILE *out) exit(1); } } else if (!strcmp(keyword,"Payload")) else if (!strcmp(keyword,"Payload") && !decr) { Payload = hex2bin_m(value, &l); if (Plen && l != Plen) Loading @@ -421,6 +434,15 @@ static void ccmencrypt(FILE *in, FILE *out) exit(1); } } else if (!strcmp(keyword,"CT") && decr) { CT = hex2bin_m(value, &l); if (l != (Plen + Tlen)) { fprintf(stderr, "Inconsistent CT length\n"); exit(1); } } if (Payload) { FIPS_cipherinit(&ctx, ccm, NULL, NULL, 1); Loading @@ -439,6 +461,32 @@ static void ccmencrypt(FILE *in, FILE *out) OPENSSL_free(Payload); CT = Payload = NULL; } if (CT) { int rv; int len = Plen == 0 ? 1: Plen; FIPS_cipherinit(&ctx, ccm, NULL, NULL, 0); FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, Nlen, 0); FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, Tlen, CT + Plen); FIPS_cipherinit(&ctx, NULL, Key, Nonce, 0); FIPS_cipher(&ctx, NULL, NULL, Plen); FIPS_cipher(&ctx, NULL, Adata, Alen); Payload = OPENSSL_malloc(len); rv = FIPS_cipher(&ctx, Payload, CT, Plen); if (rv >= 0) { if (rv == 0) Payload[0] = 0; fputs("Result = Pass\n", out); OutputValue("Payload", Payload, len, out, 0); } else fputs("Result = Fail\n", out); OPENSSL_free(CT); OPENSSL_free(Payload); CT = Payload = NULL; } } if (Key) OPENSSL_free(Key); Loading @@ -450,7 +498,7 @@ static void ccmencrypt(FILE *in, FILE *out) int main(int argc,char **argv) { int encrypt; int xts = 0, ccmenc = 0; int xts = 0, ccm = 0; FILE *in, *out; if (argc == 4) { Loading Loading @@ -484,8 +532,8 @@ int main(int argc,char **argv) encrypt = 2; else if(!strcmp(argv[1],"-decrypt")) encrypt = 0; else if(!strcmp(argv[1],"-ccmencrypt")) ccmenc = 1; else if(!strcmp(argv[1],"-ccm")) ccm = 1; else if(!strcmp(argv[1],"-xts")) xts = 1; else Loading @@ -494,8 +542,8 @@ int main(int argc,char **argv) exit(1); } if (ccmenc) ccmencrypt(in, out); if (ccm) ccmtest(in, out); else if (xts) xtstest(in, out); else Loading
