int fips_cipher_test(int id, EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv, const unsigned char *plaintext, const unsigned char *ciphertext, int len) { unsigned char pltmp[FIPS_MAX_CIPHER_TEST_SIZE]; unsigned char citmp[FIPS_MAX_CIPHER_TEST_SIZE]; int subid = M_EVP_CIPHER_nid(cipher); int rv = 0; OPENSSL_assert(len <= FIPS_MAX_CIPHER_TEST_SIZE); memset(pltmp, 0, FIPS_MAX_CIPHER_TEST_SIZE); memset(citmp, 0, FIPS_MAX_CIPHER_TEST_SIZE); if (!fips_post_started(id, subid, NULL)) return 1; if (FIPS_cipherinit(ctx, cipher, key, iv, 1) <= 0) goto error; if (!FIPS_cipher(ctx, citmp, plaintext, len)) goto error; if (memcmp(citmp, ciphertext, len)) goto error; if (!fips_post_corrupt(id, subid, NULL)) citmp[0] ^= 0x1; if (FIPS_cipherinit(ctx, cipher, key, iv, 0) <= 0) goto error; FIPS_cipher(ctx, pltmp, citmp, len); if (memcmp(pltmp, plaintext, len)) goto error; rv = 1; error: if (rv == 0) { fips_post_failed(id, subid, NULL); return 0; } return fips_post_success(id, subid, NULL); }
int FIPS_selftest_cmac() { size_t n, outlen; unsigned char out[32]; const EVP_CIPHER *cipher; CMAC_CTX *ctx = CMAC_CTX_new(); const CMAC_KAT *t; int subid = -1, rv = 1; for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++) { cipher = FIPS_get_cipherbynid(t->nid); if (!cipher) { rv = -1; goto err; } subid = M_EVP_CIPHER_nid(cipher); if (!fips_post_started(FIPS_TEST_CMAC, subid, 0)) continue; if (!CMAC_Init(ctx, t->key, t->keysize/8, cipher, 0)) { rv = -1; goto err; } if (!CMAC_Update(ctx, t->msg, t->msgsize/8)) { rv = -1; goto err; } if (!fips_post_corrupt(FIPS_TEST_CMAC, subid, NULL)) { if (!CMAC_Update(ctx, t->msg, 1)) { rv = -1; goto err; } } if (!CMAC_Final(ctx, out, &outlen)) { rv = -1; goto err; } CMAC_CTX_cleanup(ctx); if(outlen < t->macsize/8 || memcmp(out,t->mac,t->macsize/8)) { fips_post_failed(FIPS_TEST_CMAC, subid, NULL); rv = 0; } else if (!fips_post_success(FIPS_TEST_CMAC, subid, NULL)) { rv = 0; goto err; } } err: CMAC_CTX_free(ctx); if (rv == -1) { fips_post_failed(FIPS_TEST_CMAC, subid, NULL); rv = 0; } if (!rv) FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC,FIPS_R_SELFTEST_FAILED); return rv; }