Commit e775bbc4 authored by Richard Levitte's avatar Richard Levitte
Browse files

* fips/cmac/fips_cmac_selftest.c: Because the examples in SP_800-38B 

  aren't trustworthy (see examples 13 and 14, they have the same mac,
  as do examples 17 and 18), use examples from official test vectors
  instead.
parent d8ba2a42

fips/cmac/fips_cmac_selftest.c

+36 −46
Original line number Diff line number Diff line
@@ -64,56 +64,46 @@ typedef struct { 


/* from http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf */

static const CMAC_KAT vector[] = {

    {	EVP_aes_128_cbc,	/* Example 3: Mlen = 320 */

	{ 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,

	  0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c }, 128,

	{ 0x6b,0xc1,0xbe,0xe2, 0x2e,0x40,0x9f,0x96,

	  0xe9,0x3d,0x7e,0x11, 0x73,0x93,0x17,0x2a,

	  0xae,0x2d,0x8a,0x57, 0x1e,0x03,0xac,0x9c,

	  0x9e,0xb7,0x6f,0xac, 0x45,0xaf,0x8e,0x51,

	  0x30,0xc8,0x1c,0x46, 0xa3,0x5c,0xe4,0x11 }, 320,

	{ 0xdf,0xa6,0x67,0x47, 0xde,0x9a,0xe6,0x30,

	  0x30,0xca,0x32,0x61, 0x14,0x97,0xc8,0x27 }, 128

    {	EVP_aes_128_cbc,	/* Count = 32 from CMACGenAES128.txt */

	{ 0x77,0xa7,0x7f,0xaf, 0x29,0x0c,0x1f,0xa3,

	  0x0c,0x68,0x3d,0xf1, 0x6b,0xa7,0xa7,0x7b, }, 128,

	{ 0x02,0x06,0x83,0xe1, 0xf0,0x39,0x2f,0x4c,

	  0xac,0x54,0x31,0x8b, 0x60,0x29,0x25,0x9e,

	  0x9c,0x55,0x3d,0xbc, 0x4b,0x6a,0xd9,0x98,

	  0xe6,0x4d,0x58,0xe4, 0xe7,0xdc,0x2e,0x13, }, 256,

	{ 0xfb,0xfe,0xa4,0x1b, }, 32

    },

    {	EVP_aes_192_cbc,	/* Example 5: Mlen = 0 */

	{ 0x8e,0x73,0xb0,0xf7, 0xda,0x0e,0x64,0x52,

	  0xc8,0x10,0xf3,0x2b, 0x80,0x90,0x79,0xe5,

	  0x62,0xf8,0xea,0xd2, 0x52,0x2c,0x6b,0x7b, }, 192,

    {	EVP_aes_192_cbc,	/* Count = 23 from CMACGenAES192.txt */

	{ 0x7b,0x32,0x39,0x13, 0x69,0xaa,0x4c,0xa9,

	  0x75,0x58,0x09,0x5b, 0xe3,0xc3,0xec,0x86,

	  0x2b,0xd0,0x57,0xce, 0xf1,0xe3,0x2d,0x62, }, 192,

	{ 0x0 }, 0,

	{ 0xd1,0x7d,0xdf,0x46, 0xad,0xaa,0xcd,0xe5,

	  0x31,0xca,0xc4,0x83, 0xde,0x7a,0x93,0x67, }, 128

	{ 0xe4,0xd9,0x34,0x0b, 0x03,0xe6,0x7d,0xef,

	  0xd4,0x96,0x9c,0xc1, 0xed,0x37,0x35,0xe6, }, 128,

    },

    {	EVP_aes_256_cbc,	/* Example 12: Mlen = 512 */

	{ 0x60,0x3d,0xeb,0x10, 0x15,0xca,0x71,0xbe,

	  0x2b,0x73,0xae,0xf0, 0x85,0x7d,0x77,0x81,

	  0x1f,0x35,0x2c,0x07, 0x3b,0x61,0x08,0xd7,

	  0x2d,0x98,0x10,0xa3, 0x09,0x14,0xdf,0xf4, }, 256,

	{ 0x6b,0xc1,0xbe,0xe2, 0x2e,0x40,0x9f,0x96,

	  0xe9,0x3d,0x7e,0x11, 0x73,0x93,0x17,0x2a,

	  0xae,0x2d,0x8a,0x57, 0x1e,0x03,0xac,0x9c,

	  0x9e,0xb7,0x6f,0xac, 0x45,0xaf,0x8e,0x51,

	  0x30,0xc8,0x1c,0x46, 0xa3,0x5c,0xe4,0x11,

	  0xe5,0xfb,0xc1,0x19, 0x1a,0x0a,0x52,0xef,

	  0xf6,0x9f,0x24,0x45, 0xdf,0x4f,0x9b,0x17,

	  0xad,0x2b,0x41,0x7b, 0xe6,0x6c,0x37,0x10, }, 512,

	{ 0xe1,0x99,0x21,0x90, 0x54,0x9f,0x6e,0xd5,

	  0x69,0x6a,0x2c,0x05, 0x6c,0x31,0x54,0x10, }, 128,

    {	EVP_aes_256_cbc,	/* Count = 33 from CMACGenAES256.txt */

	{ 0x0b,0x12,0x2a,0xc8, 0xf3,0x4e,0xd1,0xfe,

	  0x08,0x2a,0x36,0x25, 0xd1,0x57,0x56,0x14,

	  0x54,0x16,0x7a,0xc1, 0x45,0xa1,0x0b,0xbf,

	  0x77,0xc6,0xa7,0x05, 0x96,0xd5,0x74,0xf1, }, 256,

	{ 0x49,0x8b,0x53,0xfd, 0xec,0x87,0xed,0xcb,

	  0xf0,0x70,0x97,0xdc, 0xcd,0xe9,0x3a,0x08,

	  0x4b,0xad,0x75,0x01, 0xa2,0x24,0xe3,0x88,

	  0xdf,0x34,0x9c,0xe1, 0x89,0x59,0xfe,0x84,

	  0x85,0xf8,0xad,0x15, 0x37,0xf0,0xd8,0x96,

	  0xea,0x73,0xbe,0xdc, 0x72,0x14,0x71,0x3f, }, 384,

	{ 0xf6,0x2c,0x46,0x32, 0x9b, }, 40,

    },

# if 0

    /* Removed because the actual result was:

	  0x74,0x3d,0xdb,0xe0,  0xce,0x2d,0xc2,0xed

       I suspect an error on my part -- Richard Levitte

     */

    {	EVP_des_ede3_cbc,	/* Example 15: Mlen = 160 */

	{ 0x8a,0xa8,0x3b,0xf8, 0xcb,0xda,0x10,0x62,

	  0x0b,0xc1,0xbf,0x19, 0xfb,0xb6,0xcd,0x58,

	  0xbc,0x31,0x3d,0x4a, 0x37,0x1c,0xa8,0xb5, }, 192,

	{ 0x6b,0xc1,0xbe,0xe2, 0x2e,0x40,0x9f,0x96,

	  0xe9,0x3d,0x7e,0x11, 0x73,0x93,0x17,0x2a,

	  0xae,0x2d,0x8a,0x57, }, 160,

	{ 0xd3,0x2b,0xce,0xbe, 0x43,0xd2,0x3d,0x80, }, 64,

    {	EVP_des_ede3_cbc,	/* Count = 41 from CMACGenTDES3.req */

	{ 0x89,0xbc,0xd9,0x52, 0xa8,0xc8,0xab,0x37,

	  0x1a,0xf4,0x8a,0xc7, 0xd0,0x70,0x85,0xd5,

	  0xef,0xf7,0x02,0xe6, 0xd6,0x2c,0xdc,0x23, }, 192,

	{ 0xfa,0x62,0x0c,0x1b, 0xbe,0x97,0x31,0x9e,

	  0x9a,0x0c,0xf0,0x49, 0x21,0x21,0xf7,0xa2,

	  0x0e,0xb0,0x8a,0x6a, 0x70,0x9d,0xcb,0xd0,

	  0x0a,0xaf,0x38,0xe4, 0xf9,0x9e,0x75,0x4e, }, 256,

	{ 0x8f,0x49,0xa1,0xb7, 0xd6,0xaa,0x22,0x58, }, 64,

    },

# endif

};



int FIPS_selftest_cmac()
@@ -133,7 +123,7 @@ int FIPS_selftest_cmac() 
	CMAC_Final(ctx, out, &outlen);

	CMAC_CTX_cleanup(ctx);



	if(outlen != t->macsize/8 || memcmp(out,t->mac,outlen))

	if(outlen < t->macsize/8 || memcmp(out,t->mac,t->macsize/8))

	    {

	    FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC,FIPS_R_SELFTEST_FAILED);

	    return 0;