diff options
| author | Richard Levitte <levitte@openssl.org> | 2011-03-24 22:55:02 +0000 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2011-03-24 22:55:02 +0000 |
| commit | 399aa6b5ffd37e2601af4524bb71d862cbee4a84 (patch) | |
| tree | 4a8007b086c33a2525c237209fbfbd6bb6070b9f /crypto | |
| parent | 487b023f3d30114cad2118be70a47171ea4d65cd (diff) | |
Implement FIPS CMAC.
* fips/cmac/*: Implement the basis for FIPS CMAC, using FIPS HMAC as
an example.
* crypto/cmac/cmac.c: Enable the FIPS API. Change to use M_EVP macros
where possible.
* crypto/evp/evp.h: (some of the macros get added with this change)
* fips/fips.h, fips/utl/fips_enc.c: Add a few needed functions and use
macros to have cmac.c use these functions.
* Makefile.org, fips/Makefile, fips/fips.c: Hook it in.
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/cmac/cmac.c | 22 | ||||
| -rw-r--r-- | crypto/evp/evp.h | 17 |
2 files changed, 27 insertions, 12 deletions
diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c index 307e93ddf5..5807e30ddd 100644 --- a/crypto/cmac/cmac.c +++ b/crypto/cmac/cmac.c @@ -51,6 +51,8 @@ * ==================================================================== */ +#define OPENSSL_FIPSAPI + #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -129,7 +131,7 @@ int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in) return 0; if (!EVP_CIPHER_CTX_copy(&out->cctx, &in->cctx)) return 0; - bl = EVP_CIPHER_CTX_block_size(&in->cctx); + bl = M_EVP_CIPHER_CTX_block_size(&in->cctx); memcpy(out->k1, in->k1, bl); memcpy(out->k2, in->k2, bl); memcpy(out->tbl, in->tbl, bl); @@ -148,31 +150,31 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, /* Not initialised */ if (ctx->nlast_block == -1) return 0; - if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv)) + if (!M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv)) return 0; return 1; } /* Initialiase context */ - if (cipher && !EVP_EncryptInit_ex(&ctx->cctx, cipher, impl, NULL, NULL)) + if (cipher && !M_EVP_EncryptInit_ex(&ctx->cctx, cipher, impl, NULL, NULL)) return 0; /* Non-NULL key means initialisation complete */ if (key) { int bl; - if (!EVP_CIPHER_CTX_cipher(&ctx->cctx)) + if (!M_EVP_CIPHER_CTX_cipher(&ctx->cctx)) return 0; if (!EVP_CIPHER_CTX_set_key_length(&ctx->cctx, keylen)) return 0; - if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, key, zero_iv)) + if (!M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, key, zero_iv)) return 0; - bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); + bl = M_EVP_CIPHER_CTX_block_size(&ctx->cctx); if (!EVP_Cipher(&ctx->cctx, ctx->tbl, zero_iv, bl)) return 0; make_kn(ctx->k1, ctx->tbl, bl); make_kn(ctx->k2, ctx->k1, bl); OPENSSL_cleanse(ctx->tbl, bl); /* Reset context again ready for first data block */ - if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv)) + if (!M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv)) return 0; /* Zero tbl so resume works */ memset(ctx->tbl, 0, bl); @@ -189,7 +191,7 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) return 0; if (dlen == 0) return 1; - bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); + bl = M_EVP_CIPHER_CTX_block_size(&ctx->cctx); /* Copy into partial block if we need to */ if (ctx->nlast_block > 0) { @@ -228,7 +230,7 @@ int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) int i, bl, lb; if (ctx->nlast_block == -1) return 0; - bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); + bl = M_EVP_CIPHER_CTX_block_size(&ctx->cctx); *poutlen = (size_t)bl; if (!out) return 1; @@ -265,5 +267,5 @@ int CMAC_resume(CMAC_CTX *ctx) * So reinitliasing using the last decrypted block will allow * CMAC to continue after calling CMAC_Final(). */ - return EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, ctx->tbl); + return M_EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, ctx->tbl); } diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 240d9d5d69..8e041c56d1 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -458,12 +458,23 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, #define M_EVP_MD_CTX_type(e) M_EVP_MD_type(M_EVP_MD_CTX_md(e)) #define M_EVP_MD_CTX_md(e) ((e)->digest) -#define M_EVP_CIPHER_CTX_iv_length(e) (e->cipher->iv_len) -#define M_EVP_CIPHER_CTX_flags(e) (e->cipher->flags) +#define M_EVP_CIPHER_CTX_iv_length(e) ((e)->cipher->iv_len) +#define M_EVP_CIPHER_CTX_flags(e) ((e)->cipher->flags) +#define M_EVP_CIPHER_CTX_block_size(e) ((e)->cipher->block_size) +#define M_EVP_CIPHER_CTX_cipher(e) ((e)->cipher) #define M_EVP_CIPHER_CTX_mode(e) (M_EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE) #define M_EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) +#define M_EVP_EncryptInit(ctx,ciph,key,iv) \ + (EVP_CipherInit(ctx,ciph,key,iv,1)) +#define M_EVP_EncryptInit_ex(ctx,ciph,impl,key,iv) \ + (EVP_CipherInit_ex(ctx,ciph,impl,key,iv,1)) +#define M_EVP_DecryptInit(ctx,ciph,key,iv) \ + (EVP_CipherInit(ctx,ciph,key,iv,0)) +#define M_EVP_DecryptInit_ex(ctx,ciph,impl,key,iv) \ + (EVP_CipherInit_ex(ctx,ciph,impl,key,iv,0)) + int EVP_MD_type(const EVP_MD *md); #define EVP_MD_nid(e) EVP_MD_type(e) #define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) @@ -1288,7 +1299,9 @@ void ERR_load_EVP_strings(void); #define EVP_F_EVP_SIGNFINAL 107 #define EVP_F_EVP_VERIFYFINAL 108 #define EVP_F_FIPS_CIPHERINIT 166 +#define EVP_F_FIPS_CIPHER_CTX_COPY 170 #define EVP_F_FIPS_CIPHER_CTX_CTRL 167 +#define EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH 171 #define EVP_F_FIPS_DIGESTINIT 168 #define EVP_F_FIPS_MD_CTX_COPY 169 #define EVP_F_INT_CTX_NEW 157 |