generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

* fips/cmac/fips_cmactest.c: Changed to accept all the ciphers we

Browse Source 
support (Two Key TDEA is not supported), to handle really big
  messages (some of the test vectors have messages 65536 bytes long),
  and to handle cases where there are several keys (Three Key TDEA)
This commit is contained in:
Richard Levitte 2011-03-25 08:40:33 +00:00
parent 9507979228
commit d15467d582
1 changed files with 120 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
fips/cmac/fips_cmactest.c
View File

@ -80,7 +80,8 @@ int main(int argc, char *argv[])
#include <openssl/fips.h> #include <openssl/fips.h>
#include "fips_utl.h" #include "fips_utl.h"
static int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in, int mode); static int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in,
int mode, int Klen_counts_keys, int known_keylen);
static int print_cmac_gen(const EVP_CIPHER *cipher, FILE *out, static int print_cmac_gen(const EVP_CIPHER *cipher, FILE *out,
unsigned char *Key, int Klen, unsigned char *Key, int Klen,
unsigned char *Msg, int Msglen, unsigned char *Msg, int Msglen,
@ -95,20 +96,60 @@ int main(int argc, char **argv)
{ {
FILE *in = NULL, *out = NULL; FILE *in = NULL, *out = NULL;
int mode = 0; /* 0 => Generate, 1 => Verify */ int mode = 0; /* 0 => Generate, 1 => Verify */
int Klen_counts_keys = 0; /* 0 => Klen is size of one key
1 => Klen is amount of keys
*/
int known_keylen = 0; /* Only set when Klen_counts_keys = 1 */
const EVP_CIPHER *cipher = 0;
int ret = 1; int ret = 1;
fips_set_error_print(); fips_set_error_print();
if(!FIPS_mode_set(1)) if(!FIPS_mode_set(1))
goto end; goto end;
if (argc > 1 && argv[1][0] == '-') while (argc > 1 && argv[1][0] == '-')
{ {
if (strcmp(argv[1], "-g") == 0) switch (argv[1][1])
mode = 0; {
else if (strcmp(argv[1], "-v") == 0) case 'a':
mode = 1; {
char *p = &argv[1][2];
if (*p == '\0')
{
if (argc <= 2)
{
fprintf(stderr, "Option %s needs a value\n", argv[1]);
goto end;
}
argv++;
argc--;
p = &argv[1][0];
}
if (!strcmp(p, "aes128"))
cipher = EVP_aes_128_cbc();
else if (!strcmp(p, "aes192"))
cipher = EVP_aes_192_cbc();
else if (!strcmp(p, "aes256"))
cipher = EVP_aes_256_cbc();
else if (!strcmp(p, "tdea3"))
{
cipher = EVP_des_ede3_cbc();
Klen_counts_keys = 1;
known_keylen = 8;
}
else else
{ {
fprintf(stderr, "Unknown algorithm %s\n", p);
goto end;
}
}
break;
case 'g':
mode = 0;
break;
case 'v':
mode = 1;
break;
default:
fprintf(stderr, "Unknown option %s\n", argv[1]); fprintf(stderr, "Unknown option %s\n", argv[1]);
goto end; goto end;
} }
@ -137,7 +178,8 @@ int main(int argc, char **argv)
goto end; goto end;
} }
if (!cmac_test(EVP_aes_256_cbc(), out, in, mode)) if (!cmac_test(cipher, out, in, mode,
Klen_counts_keys, known_keylen))
{ {
fprintf(stderr, "FATAL cmac file processing error\n"); fprintf(stderr, "FATAL cmac file processing error\n");
goto end; goto end;
@ -156,13 +198,15 @@ int main(int argc, char **argv)
} }
#define CMAC_TEST_MAXLINELEN 1024 #define CMAC_TEST_MAXLINELEN 150000
int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in, int mode) int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in,
int mode, int Klen_counts_keys, int known_keylen)
{ {
char *linebuf, *olinebuf, *p, *q; char *linebuf, *olinebuf, *p, *q;
char *keyword, *value; char *keyword, *value;
unsigned char *Key = NULL, *Msg = NULL, *Mac = NULL; unsigned char **Keys = NULL, *Msg = NULL, *Mac = NULL;
unsigned char *Key = NULL;
int Count, Klen, Mlen, Tlen; int Count, Klen, Mlen, Tlen;
long Keylen, Msglen, Maclen; long Keylen, Msglen, Maclen;
int ret = 0; int ret = 0;
@ -241,6 +285,16 @@ int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in, int mode)
Klen = atoi(value); Klen = atoi(value);
if (Klen < 0) if (Klen < 0)
goto parse_error; goto parse_error;
if (Klen_counts_keys)
{
Keys = OPENSSL_malloc(sizeof(*Keys) * Klen);
memset(Keys, '\0', sizeof(*Keys) * Klen);
}
else
{
Keys = OPENSSL_malloc(sizeof(*Keys));
memset(Keys, '\0', sizeof(*Keys));
}
} }
else if (!strcmp(keyword, "Mlen")) else if (!strcmp(keyword, "Mlen"))
{ {
@ -258,12 +312,21 @@ int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in, int mode)
if (Tlen < 0) if (Tlen < 0)
goto parse_error; goto parse_error;
} }
else if (!strcmp(keyword, "Key")) else if (!strcmp(keyword, "Key") && !Klen_counts_keys)
{ {
if (Key) if (Keys[0])
goto parse_error; goto parse_error;
Key = hex2bin_m(value, &Keylen); Keys[0] = hex2bin_m(value, &Keylen);
if (!Key) if (!Keys[0])
goto parse_error;
}
else if (!strncmp(keyword, "Key", 3) && Klen_counts_keys)
{
int keynum = atoi(keyword + 3);
if (!keynum || keynum > Klen || Keys[keynum-1])
goto parse_error;
Keys[keynum-1] = hex2bin_m(value, &Keylen);
if (!Keys[keynum-1])
goto parse_error; goto parse_error;
} }
else if (!strcmp(keyword, "Msg")) else if (!strcmp(keyword, "Msg"))
@ -295,35 +358,47 @@ int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in, int mode)
fputs(olinebuf, out); fputs(olinebuf, out);
if (Keys && Msg && (!mode || Mac) && (Tlen > 0) && (Klen > 0))
{
if (Klen_counts_keys)
{
int x;
Key = OPENSSL_malloc(Klen * known_keylen);
for (x = 0; x < Klen; x++)
{
memcpy(Key + x * known_keylen,
Keys[x], known_keylen);
OPENSSL_free(Keys[x]);
}
Klen *= known_keylen;
}
else
{
Key = OPENSSL_malloc(Klen);
memcpy(Key, Keys[0], Klen);
OPENSSL_free(Keys[0]);
}
OPENSSL_free(Keys);
switch(mode) switch(mode)
{ {
case 0: case 0:
if (Key && Msg && (Tlen > 0) && (Klen > 0))
{
if (!print_cmac_gen(cipher, out, if (!print_cmac_gen(cipher, out,
Key, Klen, Key, Klen,
Msg, Mlen, Msg, Mlen,
Tlen)) Tlen))
goto error; goto error;
OPENSSL_free(Key);
Key = NULL;
OPENSSL_free(Msg);
Msg = NULL;
Klen = -1;
Mlen = -1;
Tlen = -1;
Count = -1;
}
break; break;
case 1: case 1:
if (Key && Msg && Mac && (Tlen > 0) && (Klen > 0))
{
if (!print_cmac_ver(cipher, out, if (!print_cmac_ver(cipher, out,
Key, Klen, Key, Klen,
Msg, Mlen, Msg, Mlen,
Mac, Maclen, Mac, Maclen,
Tlen)) Tlen))
goto error; goto error;
break;
}
OPENSSL_free(Key); OPENSSL_free(Key);
Key = NULL; Key = NULL;
OPENSSL_free(Msg); OPENSSL_free(Msg);
@ -335,9 +410,6 @@ int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in, int mode)
Tlen = -1; Tlen = -1;
Count = -1; Count = -1;
} }
break;
}
} }
@ -354,6 +426,8 @@ int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in, int mode)
OPENSSL_free(Key); OPENSSL_free(Key);
if (Msg) if (Msg)
OPENSSL_free(Msg); OPENSSL_free(Msg);
if (Mac)
OPENSSL_free(Mac);
return ret; return ret;
@ -372,7 +446,7 @@ static int print_cmac_gen(const EVP_CIPHER *cipher, FILE *out,
{ {
int rc, i; int rc, i;
size_t reslen; size_t reslen;
unsigned char res[1024]; unsigned char res[128];
CMAC_CTX *cmac_ctx = CMAC_CTX_new(); CMAC_CTX *cmac_ctx = CMAC_CTX_new();
CMAC_Init(cmac_ctx, Key, Klen, cipher, 0); CMAC_Init(cmac_ctx, Key, Klen, cipher, 0);
@ -407,7 +481,7 @@ static int print_cmac_ver(const EVP_CIPHER *cipher, FILE *out,
{ {
int rc; int rc;
size_t reslen; size_t reslen;
unsigned char res[1024]; unsigned char res[128];
CMAC_CTX *cmac_ctx = CMAC_CTX_new(); CMAC_CTX *cmac_ctx = CMAC_CTX_new();
CMAC_Init(cmac_ctx, Key, Klen, cipher, 0); CMAC_Init(cmac_ctx, Key, Klen, cipher, 0);