QuasarApp/openssl
4
0
Fork 0
mirror of https://github.com/QuasarApp/openssl.git synced 2025-05-02 12:39:38 +00:00
Code Issues Projects Releases Wiki Activity

Change AES-CTS modes CS2 and CS3 to also be inside the fips module.

Browse Source 
The initial thought was that only CS1 mode (the NIST variant) was allowed.
The lab has asked if these other modes should be included.
The algorithm form indicates that these are able to be validated.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13639)
This commit is contained in:
Shane Lontis 2020-12-09 12:32:47 +10:00
parent ac7750bb5e
commit 3dafbd4468
5 changed files with 151 additions and 165 deletions
providers/implementations/ciphers
build.infocipher_aes_cts.c
test/recipes
30-test_evp.t
30-test_evp_data
evpciph_aes_cts.txtevpciph_aes_cts1.txt

7
providers/implementations/ciphers/build.info

@ -46,12 +46,13 @@ SOURCE[$AES_GOAL]=\
cipher_aes_ccm.c cipher_aes_ccm_hw.c \
cipher_aes_wrp.c \
cipher_aes_cbc_hmac_sha.c \
cipher_aes_cbc_hmac_sha256_hw.c cipher_aes_cbc_hmac_sha1_hw.c
cipher_aes_cbc_hmac_sha256_hw.c cipher_aes_cbc_hmac_sha1_hw.c \
cipher_aes_cts.c
# Extra code to satisfy the FIPS and non-FIPS separation.
# When the AES-xxx-XTS moves to legacy, cipher_aes_xts_fips.c can be removed.
SOURCE[../../libfips.a]=cipher_aes_xts_fips.c cipher_aes_cts_fips.c
SOURCE[../../libnonfips.a]=cipher_aes_xts_fips.c cipher_aes_cts_fips.c
SOURCE[../../libfips.a]=cipher_aes_xts_fips.c
SOURCE[../../libnonfips.a]=cipher_aes_xts_fips.c
IF[{- !$disabled{siv} -}]
SOURCE[$SIV_GOAL]=\

25
providers/implementations/ciphers/cipher_aes_cts_fips.c → providers/implementations/ciphers/cipher_aes_cts.c

@ -7,7 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/* Helper functions for AES CBC CTS ciphers related to fips */
/*
* Helper functions for AES CBC CTS ciphers.
*
* The function dispatch tables are embedded into cipher_aes.c
* using cipher_aes_cts.inc
*/
/*
* Refer to SP800-38A-Addendum
@ -66,10 +71,8 @@ typedef struct cts_mode_name2id_st {
static CTS_MODE_NAME2ID cts_modes[] =
{
{ CTS_CS1, OSSL_CIPHER_CTS_MODE_CS1 },
#ifndef FIPS_MODULE
{ CTS_CS2, OSSL_CIPHER_CTS_MODE_CS2 },
{ CTS_CS3, OSSL_CIPHER_CTS_MODE_CS3 },
#endif
};
const char *ossl_aes_cbc_cts_mode_id2name(unsigned int id)
@ -185,7 +188,6 @@ static size_t cts128_cs1_decrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in,
return len + AES_BLOCK_SIZE + residue;
}
#ifndef FIPS_MODULE
static size_t cts128_cs3_encrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in,
unsigned char *out, size_t len)
{
@ -305,11 +307,10 @@ static size_t cts128_cs2_decrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in,
/* For partial blocks CS2 is equivalent to CS3 */
return cts128_cs3_decrypt(ctx, in, out, len);
}
#endif
int ossl_aes_cbc_cts_block_update(void *vctx, unsigned char *out, size_t *outl,
size_t outsize, const unsigned char *in,
size_t inl)
size_t outsize, const unsigned char *in,
size_t inl)
{
PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
size_t sz = 0;
@ -331,27 +332,19 @@ int ossl_aes_cbc_cts_block_update(void *vctx, unsigned char *out, size_t *outl,
return 0;
if (ctx->enc) {
#ifdef FIPS_MODULE
sz = cts128_cs1_encrypt(ctx, in, out, inl);
#else
if (ctx->cts_mode == CTS_CS1)
sz = cts128_cs1_encrypt(ctx, in, out, inl);
else if (ctx->cts_mode == CTS_CS2)
sz = cts128_cs2_encrypt(ctx, in, out, inl);
else if (ctx->cts_mode == CTS_CS3)
sz = cts128_cs3_encrypt(ctx, in, out, inl);
#endif
} else {
#ifdef FIPS_MODULE
sz = cts128_cs1_decrypt(ctx, in, out, inl);
#else
if (ctx->cts_mode == CTS_CS1)
sz = cts128_cs1_decrypt(ctx, in, out, inl);
else if (ctx->cts_mode == CTS_CS2)
sz = cts128_cs2_decrypt(ctx, in, out, inl);
else if (ctx->cts_mode == CTS_CS3)
sz = cts128_cs3_decrypt(ctx, in, out, inl);
#endif
}
if (sz == 0)
return 0;
@ -361,7 +354,7 @@ int ossl_aes_cbc_cts_block_update(void *vctx, unsigned char *out, size_t *outl,
}
int ossl_aes_cbc_cts_block_final(void *vctx, unsigned char *out, size_t *outl,
size_t outsize)
size_t outsize)
{
*outl = 0;
return 1;

3
test/recipes/30-test_evp.t

@ -40,7 +40,7 @@ push @configs, 'fips-and-base.cnf' unless $no_fips;
my @files = qw(
evpciph_aes_ccm_cavs.txt
evpciph_aes_common.txt
evpciph_aes_cts1.txt
evpciph_aes_cts.txt
evpciph_aes_wrap.txt
evpciph_des3_common.txt
evpkdf_hkdf.txt
@ -71,7 +71,6 @@ push @files, qw(
# A list of tests that only run with the default provider
# (i.e. The algorithms are not present in the fips provider)
my @defltfiles = qw(
evpciph_aes_cts23.txt
evpciph_aes_ocb.txt
evpciph_aes_siv.txt
evpciph_aria.txt

138
test/recipes/30-test_evp_data/evpciph_aes_cts23.txt → test/recipes/30-test_evp_data/evpciph_aes_cts.txt

@ -9,6 +9,142 @@
# Original test vectors were taken from https://www.ietf.org/rfc/rfc3962.txt for CS3
# These have an IV of all zeros, for a 128 bit AES key.
Title = AES CBC Test vectors
#------------------------------------------------------
# AES_CBC results for aligned block lengths. (Result should be the same as 32 byte CTS1 & CTS2)
# 32 bytes input
Cipher = AES-128-CBC
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043
Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a8
# 48 bytes input
Cipher = AES-128-CBC
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20
Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd8
# 64 bytes input
Cipher = AES-128-CBC
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e
Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd84807efe836ee89a526730dbc2f7bc840
Title = AES CBC CTS1 Test vectors
#------------------------------------------------------
# Manually edited using the same inputs to also produce CS1 ciphertext
# where aligned blocks are the same as CBC mode, and partial lengths
# have the last 2 blocks swapped compared to CS3.
# 17 bytes Input((Default is CS1 if CTSMode is not specified)
Cipher = AES-128-CBC-CTS
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b652074686520
Ciphertext = 97c6353568f2bf8cb4d8a580362da7ff7f
# 31 bytes input
Cipher = AES-128-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320
Ciphertext = 97687268d6ecccc0c07b25e25ecfe5fc00783e0efdb2c1d445d4c8eff7ed22
# 32 bytes input
Cipher = AES-128-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043
Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a8
# 47 bytes input
Cipher = AES-128-CBC-CTS
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c
Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5b3fffd940c16a18c1b5549d2f838029e
# 64 bytes input (CS1 is equivalent to CBC when the last block in full)
Cipher = AES-128-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e
Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd84807efe836ee89a526730dbc2f7bc840
#-------------------------------------------------------------------------------
# Generated test values using an IV.
# 47 bytes input
Cipher = AES-128-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69
IV =000102030405060708090A0B0C0D0E0F
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c
Ciphertext = 5432a630742dee7beb70f9f1400ee6a0b557cfb581949a4bdf3bb67dedd472426da5c54a9990f5ae0b7825f51f0060
# 127 bytes
Cipher = AES-128-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69
IV = 000102030405060708090A0B0C0D0E0F
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f7570
Ciphertext = 5432a630742dee7beb70f9f1400ee6a0b557cfb581949a4bdf3bb67dedd472b9fc50e4e7dacf9e3d94b6cc031f9997a22d2fea7e6ef4aba2b717b0fa3f150e5e86e46b9e51c6ea5091a92aa791ce826b2e4fbaaf0e0314939625434b9530ce56f299891a48d26bdc287f54b230340d652a4721bf0f082ede80b6399800a92f
# 129 bytes
Cipher = AES-128-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69
IV = 000102030405060708090A0B0C0D0E0F
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e49
Ciphertext = 5432a630742dee7beb70f9f1400ee6a0b557cfb581949a4bdf3bb67dedd472b9fc50e4e7dacf9e3d94b6cc031f9997a22d2fea7e6ef4aba2b717b0fa3f150e5e86e46b9e51c6ea5091a92aa791ce826b2e4fbaaf0e0314939625434b9530ce56f299891a48d26bdc287f54b230340d14fde9fd1098b9b1db788b5868a8d009eeef
# 17 Bytes
Cipher = AES-192-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69636869636b656e20
IV = 000102030405060708090A0B0C0D0E0F
Plaintext = 4920776f756c64206c696b652074686520
Ciphertext = e9de1b402de8f79f947cc6b5880588d9b6
# 31 Bytes
Cipher = AES-192-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69636869636b656e20
IV = 000102030405060708090A0B0C0D0E0F
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320
Ciphertext = e9de17d6248fb492bdea1fb2e09c8edea2b610546f3b1e1d231821e283e153
# 32 Bytes
Cipher = AES-192-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69636869636b656e20
IV = 000102030405060708090A0B0C0D0E0F
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043
Ciphertext = e9de17d6248fb492bdea1fb2e09c8e8e31d005cc9fea948fed1ba6308dad9dd1
#------------------------------------------------------------------------------
# Failure test
# 15 bytes should fail for CS1
Cipher = AES-128-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 0102030405060708090A0B0C0D0E0F
Result = CIPHERUPDATE_ERROR
# Original test vectors were taken from https://www.ietf.org/rfc/rfc3962.txt for CS3
# These have an IV of all zeros, for a 128 bit AES key.
Title = AES CBC CTS2 Test vectors
#------------------------------------------------------
@ -91,7 +227,6 @@ Plaintext = 0102030405060708090A0B0C0D0E0F
Result = CIPHERUPDATE_ERROR
Title = AES CBC CTS3 Test vectors
# 17 bytes Input
@ -216,3 +351,4 @@ Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 0102030405060708090A0B0C0D0E0F00
Result = CIPHERUPDATE_ERROR

143
test/recipes/30-test_evp_data/evpciph_aes_cts1.txt

@ -1,143 +0,0 @@
#
# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# Original test vectors were taken from https://www.ietf.org/rfc/rfc3962.txt for CS3
# These have an IV of all zeros, for a 128 bit AES key.
Title = AES CBC Test vectors
#------------------------------------------------------
# AES_CBC results for aligned block lengths. (Result should be the same as 32 byte CTS1 & CTS2)
# 32 bytes input
Cipher = AES-128-CBC
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043
Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a8
# 48 bytes input
Cipher = AES-128-CBC
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20
Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd8
# 64 bytes input
Cipher = AES-128-CBC
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e
Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd84807efe836ee89a526730dbc2f7bc840
Title = AES CBC CTS1 Test vectors
#------------------------------------------------------
# Manually edited using the same inputs to also produce CS1 ciphertext
# where aligned blocks are the same as CBC mode, and partial lengths
# have the last 2 blocks swapped compared to CS3.
# 17 bytes Input((Default is CS1 if CTSMode is not specified)
Cipher = AES-128-CBC-CTS
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b652074686520
Ciphertext = 97c6353568f2bf8cb4d8a580362da7ff7f
# 31 bytes input
Cipher = AES-128-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320
Ciphertext = 97687268d6ecccc0c07b25e25ecfe5fc00783e0efdb2c1d445d4c8eff7ed22
# 32 bytes input
Cipher = AES-128-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043
Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a8
# 47 bytes input
Cipher = AES-128-CBC-CTS
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c
Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5b3fffd940c16a18c1b5549d2f838029e
# 64 bytes input (CS1 is equivalent to CBC when the last block in full)
Cipher = AES-128-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e
Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd84807efe836ee89a526730dbc2f7bc840
#-------------------------------------------------------------------------------
# Generated test values using an IV.
# 47 bytes input
Cipher = AES-128-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69
IV =000102030405060708090A0B0C0D0E0F
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c
Ciphertext = 5432a630742dee7beb70f9f1400ee6a0b557cfb581949a4bdf3bb67dedd472426da5c54a9990f5ae0b7825f51f0060
# 127 bytes
Cipher = AES-128-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69
IV = 000102030405060708090A0B0C0D0E0F
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f7570
Ciphertext = 5432a630742dee7beb70f9f1400ee6a0b557cfb581949a4bdf3bb67dedd472b9fc50e4e7dacf9e3d94b6cc031f9997a22d2fea7e6ef4aba2b717b0fa3f150e5e86e46b9e51c6ea5091a92aa791ce826b2e4fbaaf0e0314939625434b9530ce56f299891a48d26bdc287f54b230340d652a4721bf0f082ede80b6399800a92f
# 129 bytes
Cipher = AES-128-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69
IV = 000102030405060708090A0B0C0D0E0F
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e49
Ciphertext = 5432a630742dee7beb70f9f1400ee6a0b557cfb581949a4bdf3bb67dedd472b9fc50e4e7dacf9e3d94b6cc031f9997a22d2fea7e6ef4aba2b717b0fa3f150e5e86e46b9e51c6ea5091a92aa791ce826b2e4fbaaf0e0314939625434b9530ce56f299891a48d26bdc287f54b230340d14fde9fd1098b9b1db788b5868a8d009eeef
# 17 Bytes
Cipher = AES-192-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69636869636b656e20
IV = 000102030405060708090A0B0C0D0E0F
Plaintext = 4920776f756c64206c696b652074686520
Ciphertext = e9de1b402de8f79f947cc6b5880588d9b6
# 31 Bytes
Cipher = AES-192-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69636869636b656e20
IV = 000102030405060708090A0B0C0D0E0F
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320
Ciphertext = e9de17d6248fb492bdea1fb2e09c8edea2b610546f3b1e1d231821e283e153
# 32 Bytes
Cipher = AES-192-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69636869636b656e20
IV = 000102030405060708090A0B0C0D0E0F
Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043
Ciphertext = e9de17d6248fb492bdea1fb2e09c8e8e31d005cc9fea948fed1ba6308dad9dd1
#------------------------------------------------------------------------------
# Failure test
# 15 bytes should fail for CS1
Cipher = AES-128-CBC-CTS
CTSMode = CS1
Key = 636869636b656e207465726979616b69
IV = 00000000000000000000000000000000
Plaintext = 0102030405060708090A0B0C0D0E0F
Result = CIPHERUPDATE_ERROR