diff options
author | Adam Langley <agl@google.com> | 2023-07-31 21:55:28 +0000 |
---|---|---|
committer | Pete Bentley <prb@google.com> | 2023-08-11 16:23:15 +0100 |
commit | 9face09a03c8921bf46d0707a013717a4e3e0102 (patch) | |
tree | b4d6c212f5f510a8b08661c6c8a28b9a3679c164 | |
parent | 8f0d203ff4baaec115f7fa9d736919ef2459e6d4 (diff) | |
download | boringssl-9face09a03c8921bf46d0707a013717a4e3e0102.tar.gz |
Split TLS 1.0 and 1.2 self checks.
Cherry-picked direct to UDC branches for FIPS certification,
these changes already landed in main as part of change
I29bdd7d2dd6800e9dbcb5da82deb4faf36cc43d9.
While it's the same code path, NIST may consider these different
functions and thus want separate checks for them.
Bug: 295523306
Test: mm
Change-Id: Ic391b5e656b22c5e11d94ec22398346669833bd9
Merged-In: I29bdd7d2dd6800e9dbcb5da82deb4faf36cc43d9
(cherry picked from commit 7ae2b910c13017b63f1a8bd6c8decfce692869b0)
-rw-r--r-- | src/crypto/fipsmodule/self_check/self_check.c | 55 | ||||
-rw-r--r-- | src/util/fipstools/break-kat.go | 5 | ||||
-rw-r--r-- | src/util/fipstools/test_fips.c | 13 |
3 files changed, 54 insertions, 19 deletions
diff --git a/src/crypto/fipsmodule/self_check/self_check.c b/src/crypto/fipsmodule/self_check/self_check.c index 525cd169..edfef6d4 100644 --- a/src/crypto/fipsmodule/self_check/self_check.c +++ b/src/crypto/fipsmodule/self_check/self_check.c @@ -918,11 +918,6 @@ static int boringssl_self_test_fast(void) { } // TLS KDF KAT - static const uint8_t kTLSSecret[32] = { - 0xab, 0xc3, 0x65, 0x7b, 0x09, 0x4c, 0x76, 0x28, 0xa0, 0xb2, 0x82, - 0x99, 0x6f, 0xe7, 0x5a, 0x75, 0xf4, 0x98, 0x4f, 0xd9, 0x4d, 0x4e, - 0xcc, 0x2f, 0xcf, 0x53, 0xa2, 0xc4, 0x69, 0xa3, 0xf7, 0x31, - }; static const char kTLSLabel[] = "FIPS self test"; static const uint8_t kTLSSeed1[16] = { 0x8f, 0x0d, 0xe8, 0xb6, 0x90, 0x8f, 0xb1, 0xd2, @@ -932,17 +927,45 @@ static int boringssl_self_test_fast(void) { 0x7d, 0x24, 0x1a, 0x9d, 0x3c, 0x59, 0xbf, 0x3c, 0x31, 0x1e, 0x2b, 0x21, 0x41, 0x8d, 0x32, 0x81, }; - static const uint8_t kTLSOutput[32] = { - 0xe2, 0x1d, 0xd6, 0xc2, 0x68, 0xc7, 0x57, 0x03, 0x2c, 0x2c, 0xeb, - 0xbb, 0xb8, 0xa9, 0x7d, 0xe9, 0xee, 0xe6, 0xc9, 0x47, 0x83, 0x0a, - 0xbd, 0x11, 0x60, 0x5d, 0xd5, 0x2c, 0x47, 0xb6, 0x05, 0x88, + + static const uint8_t kTLS10Secret[32] = { + 0xab, 0xc3, 0x65, 0x7b, 0x09, 0x4c, 0x76, 0x28, 0xa0, 0xb2, 0x82, + 0x99, 0x6f, 0xe7, 0x5a, 0x75, 0xf4, 0x98, 0x4f, 0xd9, 0x4d, 0x4e, + 0xcc, 0x2f, 0xcf, 0x53, 0xa2, 0xc4, 0x69, 0xa3, 0xf7, 0x31, + }; + static const uint8_t kTLS10Output[32] = { + 0x69, 0x7c, 0x4e, 0x2c, 0xee, 0x82, 0xb1, 0xd2, 0x8b, 0xac, 0x90, + 0x7a, 0xa1, 0x8a, 0x81, 0xfe, 0xc5, 0x58, 0x45, 0x57, 0x61, 0x2f, + 0x7a, 0x8d, 0x80, 0xfb, 0x44, 0xd8, 0x81, 0x60, 0xe5, 0xf8, + }; + uint8_t tls10_output[sizeof(kTLS10Output)]; + if (!CRYPTO_tls1_prf(EVP_md5_sha1(), tls10_output, sizeof(tls10_output), + kTLS10Secret, sizeof(kTLS10Secret), kTLSLabel, + sizeof(kTLSLabel), kTLSSeed1, sizeof(kTLSSeed1), + kTLSSeed2, sizeof(kTLSSeed2)) || + !check_test(kTLS10Output, tls10_output, sizeof(kTLS10Output), + "TLS10-KDF KAT")) { + fprintf(stderr, "TLS KDF failed.\n"); + goto err; + } + + static const uint8_t kTLS12Secret[32] = { + 0xc5, 0x43, 0x8e, 0xe2, 0x6f, 0xd4, 0xac, 0xbd, 0x25, 0x9f, 0xc9, + 0x18, 0x55, 0xdc, 0x69, 0xbf, 0x88, 0x4e, 0xe2, 0x93, 0x22, 0xfc, + 0xbf, 0xd2, 0x96, 0x6a, 0x46, 0x23, 0xd4, 0x2e, 0xc7, 0x81, + }; + static const uint8_t kTLS12Output[32] = { + 0xee, 0x4a, 0xcd, 0x3f, 0xa3, 0xd3, 0x55, 0x89, 0x9e, 0x6f, 0xf1, + 0x38, 0x46, 0x9d, 0x2b, 0x33, 0xaa, 0x7f, 0xc4, 0x7f, 0x51, 0x85, + 0x8a, 0xf3, 0x13, 0x84, 0xbf, 0x53, 0x6a, 0x65, 0x37, 0x51, }; - uint8_t tls_output[sizeof(kTLSOutput)]; - if (!CRYPTO_tls1_prf(EVP_sha256(), tls_output, sizeof(tls_output), kTLSSecret, - sizeof(kTLSSecret), kTLSLabel, sizeof(kTLSLabel), - kTLSSeed1, sizeof(kTLSSeed1), kTLSSeed2, - sizeof(kTLSSeed2)) || - !check_test(kTLSOutput, tls_output, sizeof(kTLSOutput), "TLS-KDF KAT")) { + uint8_t tls12_output[sizeof(kTLS12Output)]; + if (!CRYPTO_tls1_prf(EVP_sha256(), tls12_output, sizeof(tls12_output), + kTLS12Secret, sizeof(kTLS12Secret), kTLSLabel, + sizeof(kTLSLabel), kTLSSeed1, sizeof(kTLSSeed1), + kTLSSeed2, sizeof(kTLSSeed2)) || + !check_test(kTLS12Output, tls12_output, sizeof(kTLS12Output), + "TLS12-KDF KAT")) { fprintf(stderr, "TLS KDF failed.\n"); goto err; } @@ -983,7 +1006,7 @@ static int boringssl_self_test_fast(void) { !check_test(kTLS13ExpandLabelOutput, tls13_expand_label_output, sizeof(kTLS13ExpandLabelOutput), "CRYPTO_tls13_hkdf_expand_label")) { - fprintf(stderr, "TLSv1.3 KDF failed.\n"); + fprintf(stderr, "TLS13-KDF failed.\n"); goto err; } diff --git a/src/util/fipstools/break-kat.go b/src/util/fipstools/break-kat.go index e4d323ab..67c33002 100644 --- a/src/util/fipstools/break-kat.go +++ b/src/util/fipstools/break-kat.go @@ -1,5 +1,3 @@ -//go:build - // break-kat corrupts a known-answer-test input in a binary and writes the // corrupted binary to stdout. This is used to demonstrate that the KATs in the // binary notice the error. @@ -27,7 +25,8 @@ var ( "SHA-1": "132fd9bad5c1826263bafbb699f707a5", "SHA-256": "ff3b857da7236a2baa0f396b51522217", "SHA-512": "212512f8d2ad8322781c6c4d69a9daa1", - "TLS-KDF": "abc3657b094c7628a0b282996fe75a75f4984fd94d4ecc2fcf53a2c469a3f731", + "TLS10-KDF": "abc3657b094c7628a0b282996fe75a75f4984fd94d4ecc2fcf53a2c469a3f731", + "TLS12-KDF": "c5438ee26fd4acbd259fc91855dc69bf884ee29322fcbfd2966a4623d42ec781", "TLS13-KDF": "024a0d80f357f2499a1244dac26dab66fc13ed85fca71dace146211119525874", "RSA-sign": "d2b56e53306f720d7929d8708bf46f1c22300305582b115bedcac722d8aa5ab2", "RSA-verify": "abe2cbc13d6bd39d48db5334ddbf8d070a93bdcb104e2cc5d0ee486ee295f6b31bda126c41890b98b73e70e6b65d82f95c663121755a90744c8d1c21148a1960be0eca446e9ff497f1345c537ef8119b9a4398e95c5c6de2b1c955905c5299d8ce7a3b6ab76380d9babdd15f610237e1f3f2aa1c1f1e770b62fbb596381b2ebdd77ecef9c90d4c92f7b6b05fed2936285fa94826e62055322a33b6f04c74ce69e5d8d737fb838b79d2d48e3daf71387531882531a95ac964d02ea413bf85952982bbc089527daff5b845c9a0f4d14ef1956d9c3acae882d12da66da0f35794f5ee32232333517db9315232a183b991654dbea41615345c885325926744a53915", diff --git a/src/util/fipstools/test_fips.c b/src/util/fipstools/test_fips.c index 3a1f7fce..13b8d7d3 100644 --- a/src/util/fipstools/test_fips.c +++ b/src/util/fipstools/test_fips.c @@ -291,6 +291,19 @@ int main(int argc, char **argv) { printf(" got "); hexdump(hkdf_output, sizeof(hkdf_output)); + /* TLS v1.0 KDF */ + printf("About to run TLS v1.0 KDF\n"); + uint8_t tls10_output[32]; + if (!CRYPTO_tls1_prf(EVP_md5_sha1(), tls10_output, sizeof(tls10_output), + kAESKey, sizeof(kAESKey), "foo", 3, kPlaintextSHA256, + sizeof(kPlaintextSHA256), kPlaintextSHA256, + sizeof(kPlaintextSHA256))) { + fprintf(stderr, "TLS v1.0 KDF failed.\n"); + goto err; + } + printf(" got "); + hexdump(tls10_output, sizeof(tls10_output)); + /* TLS v1.2 KDF */ printf("About to run TLS v1.2 KDF\n"); uint8_t tls12_output[32]; |