diff options
Diffstat (limited to 'src/crypto/cipher_extra')
-rw-r--r-- | src/crypto/cipher_extra/aead_test.cc | 56 | ||||
-rw-r--r-- | src/crypto/cipher_extra/e_aesctrhmac.c | 18 | ||||
-rw-r--r-- | src/crypto/cipher_extra/e_aesgcmsiv.c | 19 | ||||
-rw-r--r-- | src/crypto/cipher_extra/e_chacha20poly1305.c | 16 | ||||
-rw-r--r-- | src/crypto/cipher_extra/e_ssl3.c | 21 | ||||
-rw-r--r-- | src/crypto/cipher_extra/e_tls.c | 43 |
6 files changed, 130 insertions, 43 deletions
diff --git a/src/crypto/cipher_extra/aead_test.cc b/src/crypto/cipher_extra/aead_test.cc index e5e7761f..cce432c5 100644 --- a/src/crypto/cipher_extra/aead_test.cc +++ b/src/crypto/cipher_extra/aead_test.cc @@ -23,6 +23,7 @@ #include <openssl/cipher.h> #include <openssl/err.h> +#include "../fipsmodule/cipher/internal.h" #include "../internal.h" #include "../test/file_test.h" #include "../test/test_util.h" @@ -208,6 +209,55 @@ TEST_P(PerAEADTest, TestVector) { }); } +TEST_P(PerAEADTest, TestExtraInput) { + const KnownAEAD &aead_config = GetParam(); + if (!aead()->seal_scatter_supports_extra_in) { + return; + } + + const std::string test_vectors = + "crypto/cipher_extra/test/" + std::string(aead_config.test_vectors); + FileTestGTest(test_vectors.c_str(), [&](FileTest *t) { + if (t->HasAttribute("NO_SEAL") || + t->HasAttribute("FAILS")) { + t->SkipCurrent(); + return; + } + + std::vector<uint8_t> key, nonce, in, ad, ct, tag; + ASSERT_TRUE(t->GetBytes(&key, "KEY")); + ASSERT_TRUE(t->GetBytes(&nonce, "NONCE")); + ASSERT_TRUE(t->GetBytes(&in, "IN")); + ASSERT_TRUE(t->GetBytes(&ad, "AD")); + ASSERT_TRUE(t->GetBytes(&ct, "CT")); + ASSERT_TRUE(t->GetBytes(&tag, "TAG")); + + bssl::ScopedEVP_AEAD_CTX ctx; + ASSERT_TRUE(EVP_AEAD_CTX_init(ctx.get(), aead(), key.data(), key.size(), + tag.size(), nullptr)); + std::vector<uint8_t> out_tag(EVP_AEAD_max_overhead(aead()) + in.size()); + std::vector<uint8_t> out(in.size()); + + for (size_t extra_in_size = 0; extra_in_size < in.size(); extra_in_size++) { + size_t tag_bytes_written; + ASSERT_TRUE(EVP_AEAD_CTX_seal_scatter( + ctx.get(), out.data(), out_tag.data(), &tag_bytes_written, + out_tag.size(), nonce.data(), nonce.size(), in.data(), + in.size() - extra_in_size, in.data() + in.size() - extra_in_size, + extra_in_size, ad.data(), ad.size())); + + ASSERT_EQ(tag_bytes_written, extra_in_size + tag.size()); + + memcpy(out.data() + in.size() - extra_in_size, out_tag.data(), + extra_in_size); + + EXPECT_EQ(Bytes(ct), Bytes(out.data(), in.size())); + EXPECT_EQ(Bytes(tag), Bytes(out_tag.data() + extra_in_size, + tag_bytes_written - extra_in_size)); + } + }); +} + TEST_P(PerAEADTest, TestVectorScatterGather) { std::string test_vectors = "crypto/cipher_extra/test/"; const KnownAEAD &aead_config = GetParam(); @@ -240,8 +290,8 @@ TEST_P(PerAEADTest, TestVectorScatterGather) { size_t out_tag_len; ASSERT_TRUE(EVP_AEAD_CTX_seal_scatter( ctx.get(), out.data(), out_tag.data(), &out_tag_len, out_tag.size(), - nonce.data(), nonce.size(), in.data(), in.size(), ad.data(), - ad.size())); + nonce.data(), nonce.size(), in.data(), in.size(), nullptr, 0, + ad.data(), ad.size())); out_tag.resize(out_tag_len); ASSERT_EQ(out.size(), ct.size()); @@ -271,7 +321,7 @@ TEST_P(PerAEADTest, TestVectorScatterGather) { int err = ERR_peek_error(); if (ERR_GET_LIB(err) == ERR_LIB_CIPHER && ERR_GET_REASON(err) == CIPHER_R_CTRL_NOT_IMPLEMENTED) { - (void)t->HasAttribute("FAILS"); // All attributes need to be used. + t->SkipCurrent(); return; } } diff --git a/src/crypto/cipher_extra/e_aesctrhmac.c b/src/crypto/cipher_extra/e_aesctrhmac.c index dbe9f062..2982d0de 100644 --- a/src/crypto/cipher_extra/e_aesctrhmac.c +++ b/src/crypto/cipher_extra/e_aesctrhmac.c @@ -178,8 +178,8 @@ static void aead_aes_ctr_hmac_sha256_crypt( static int aead_aes_ctr_hmac_sha256_seal_scatter( const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t *out_tag, size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce, - size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *ad, - size_t ad_len) { + size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in, + size_t extra_in_len, const uint8_t *ad, size_t ad_len) { const struct aead_aes_ctr_hmac_sha256_ctx *aes_ctx = ctx->aead_state; const uint64_t in_len_64 = in_len; @@ -242,9 +242,10 @@ static int aead_aes_ctr_hmac_sha256_open_gather( static const EVP_AEAD aead_aes_128_ctr_hmac_sha256 = { 16 /* AES key */ + 32 /* HMAC key */, - 12, /* nonce length */ - EVP_AEAD_AES_CTR_HMAC_SHA256_TAG_LEN, /* overhead */ - EVP_AEAD_AES_CTR_HMAC_SHA256_TAG_LEN, /* max tag length */ + 12, /* nonce length */ + EVP_AEAD_AES_CTR_HMAC_SHA256_TAG_LEN, /* overhead */ + EVP_AEAD_AES_CTR_HMAC_SHA256_TAG_LEN, /* max tag length */ + 0, /* seal_scatter_supports_extra_in */ aead_aes_ctr_hmac_sha256_init, NULL /* init_with_direction */, @@ -257,9 +258,10 @@ static const EVP_AEAD aead_aes_128_ctr_hmac_sha256 = { static const EVP_AEAD aead_aes_256_ctr_hmac_sha256 = { 32 /* AES key */ + 32 /* HMAC key */, - 12, /* nonce length */ - EVP_AEAD_AES_CTR_HMAC_SHA256_TAG_LEN, /* overhead */ - EVP_AEAD_AES_CTR_HMAC_SHA256_TAG_LEN, /* max tag length */ + 12, /* nonce length */ + EVP_AEAD_AES_CTR_HMAC_SHA256_TAG_LEN, /* overhead */ + EVP_AEAD_AES_CTR_HMAC_SHA256_TAG_LEN, /* max tag length */ + 0, /* seal_scatter_supports_extra_in */ aead_aes_ctr_hmac_sha256_init, NULL /* init_with_direction */, diff --git a/src/crypto/cipher_extra/e_aesgcmsiv.c b/src/crypto/cipher_extra/e_aesgcmsiv.c index 3a1ec47a..190a1b96 100644 --- a/src/crypto/cipher_extra/e_aesgcmsiv.c +++ b/src/crypto/cipher_extra/e_aesgcmsiv.c @@ -322,8 +322,8 @@ static void aead_aes_gcm_siv_kdf( static int aead_aes_gcm_siv_asm_seal_scatter( const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t *out_tag, size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce, - size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *ad, - size_t ad_len) { + size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in, + size_t extra_in_len, const uint8_t *ad, size_t ad_len) { const struct aead_aes_gcm_siv_asm_ctx *gcm_siv_ctx = ctx->aead_state; const uint64_t in_len_64 = in_len; const uint64_t ad_len_64 = ad_len; @@ -505,6 +505,7 @@ static const EVP_AEAD aead_aes_128_gcm_siv_asm = { EVP_AEAD_AES_GCM_SIV_NONCE_LEN, /* nonce length */ EVP_AEAD_AES_GCM_SIV_TAG_LEN, /* overhead */ EVP_AEAD_AES_GCM_SIV_TAG_LEN, /* max tag length */ + 0, /* seal_scatter_supports_extra_in */ aead_aes_gcm_siv_asm_init, NULL /* init_with_direction */, @@ -520,6 +521,7 @@ static const EVP_AEAD aead_aes_256_gcm_siv_asm = { EVP_AEAD_AES_GCM_SIV_NONCE_LEN, /* nonce length */ EVP_AEAD_AES_GCM_SIV_TAG_LEN, /* overhead */ EVP_AEAD_AES_GCM_SIV_TAG_LEN, /* max tag length */ + 0, /* seal_scatter_supports_extra_in */ aead_aes_gcm_siv_asm_init, NULL /* init_with_direction */, @@ -698,12 +700,11 @@ static void gcm_siv_keys( key_material + 16, gcm_siv_ctx->is_256 ? 32 : 16); } -static int aead_aes_gcm_siv_seal_scatter(const EVP_AEAD_CTX *ctx, uint8_t *out, - uint8_t *out_tag, size_t *out_tag_len, - size_t max_out_tag_len, - const uint8_t *nonce, size_t nonce_len, - const uint8_t *in, size_t in_len, - const uint8_t *ad, size_t ad_len) { +static int aead_aes_gcm_siv_seal_scatter( + const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t *out_tag, + size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce, + size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in, + size_t extra_in_len, const uint8_t *ad, size_t ad_len) { const struct aead_aes_gcm_siv_ctx *gcm_siv_ctx = ctx->aead_state; const uint64_t in_len_64 = in_len; const uint64_t ad_len_64 = ad_len; @@ -788,6 +789,7 @@ static const EVP_AEAD aead_aes_128_gcm_siv = { EVP_AEAD_AES_GCM_SIV_NONCE_LEN, /* nonce length */ EVP_AEAD_AES_GCM_SIV_TAG_LEN, /* overhead */ EVP_AEAD_AES_GCM_SIV_TAG_LEN, /* max tag length */ + 0, /* seal_scatter_supports_extra_in */ aead_aes_gcm_siv_init, NULL /* init_with_direction */, @@ -803,6 +805,7 @@ static const EVP_AEAD aead_aes_256_gcm_siv = { EVP_AEAD_AES_GCM_SIV_NONCE_LEN, /* nonce length */ EVP_AEAD_AES_GCM_SIV_TAG_LEN, /* overhead */ EVP_AEAD_AES_GCM_SIV_TAG_LEN, /* max tag length */ + 0, /* seal_scatter_supports_extra_in */ aead_aes_gcm_siv_init, NULL /* init_with_direction */, diff --git a/src/crypto/cipher_extra/e_chacha20poly1305.c b/src/crypto/cipher_extra/e_chacha20poly1305.c index c433053e..6cfc856c 100644 --- a/src/crypto/cipher_extra/e_chacha20poly1305.c +++ b/src/crypto/cipher_extra/e_chacha20poly1305.c @@ -157,8 +157,8 @@ static void calc_tag(uint8_t tag[POLY1305_TAG_LEN], static int aead_chacha20_poly1305_seal_scatter( const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t *out_tag, size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce, - size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *ad, - size_t ad_len) { + size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in, + size_t extra_in_len, const uint8_t *ad, size_t ad_len) { const struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state; if (nonce_len != 12) { @@ -249,17 +249,19 @@ static int aead_chacha20_poly1305_open_gather( } static const EVP_AEAD aead_chacha20_poly1305 = { - 32, /* key len */ - 12, /* nonce len */ - POLY1305_TAG_LEN, /* overhead */ - POLY1305_TAG_LEN, /* max tag length */ + 32, /* key len */ + 12, /* nonce len */ + POLY1305_TAG_LEN, /* overhead */ + POLY1305_TAG_LEN, /* max tag length */ + 0, /* seal_scatter_supports_extra_in */ + aead_chacha20_poly1305_init, NULL, /* init_with_direction */ aead_chacha20_poly1305_cleanup, NULL /* open */, aead_chacha20_poly1305_seal_scatter, aead_chacha20_poly1305_open_gather, - NULL, /* get_iv */ + NULL, /* get_iv */ }; const EVP_AEAD *EVP_aead_chacha20_poly1305(void) { diff --git a/src/crypto/cipher_extra/e_ssl3.c b/src/crypto/cipher_extra/e_ssl3.c index 7af9a58c..f2eb357c 100644 --- a/src/crypto/cipher_extra/e_ssl3.c +++ b/src/crypto/cipher_extra/e_ssl3.c @@ -127,7 +127,8 @@ static int aead_ssl3_seal_scatter(const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t *out_tag, size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce, size_t nonce_len, const uint8_t *in, - size_t in_len, const uint8_t *ad, + size_t in_len, const uint8_t *extra_in, + size_t extra_in_len, const uint8_t *ad, size_t ad_len) { AEAD_SSL3_CTX *ssl3_ctx = (AEAD_SSL3_CTX *)ctx->aead_state; @@ -362,6 +363,8 @@ static const EVP_AEAD aead_aes_128_cbc_sha1_ssl3 = { 0, /* nonce len */ 16 + SHA_DIGEST_LENGTH, /* overhead (padding + SHA1) */ SHA_DIGEST_LENGTH, /* max tag length */ + 0, /* seal_scatter_supports_extra_in */ + NULL, /* init */ aead_aes_128_cbc_sha1_ssl3_init, aead_ssl3_cleanup, @@ -376,6 +379,8 @@ static const EVP_AEAD aead_aes_256_cbc_sha1_ssl3 = { 0, /* nonce len */ 16 + SHA_DIGEST_LENGTH, /* overhead (padding + SHA1) */ SHA_DIGEST_LENGTH, /* max tag length */ + 0, /* seal_scatter_supports_extra_in */ + NULL, /* init */ aead_aes_256_cbc_sha1_ssl3_init, aead_ssl3_cleanup, @@ -390,6 +395,8 @@ static const EVP_AEAD aead_des_ede3_cbc_sha1_ssl3 = { 0, /* nonce len */ 8 + SHA_DIGEST_LENGTH, /* overhead (padding + SHA1) */ SHA_DIGEST_LENGTH, /* max tag length */ + 0, /* seal_scatter_supports_extra_in */ + NULL, /* init */ aead_des_ede3_cbc_sha1_ssl3_init, aead_ssl3_cleanup, @@ -400,11 +407,13 @@ static const EVP_AEAD aead_des_ede3_cbc_sha1_ssl3 = { }; static const EVP_AEAD aead_null_sha1_ssl3 = { - SHA_DIGEST_LENGTH, /* key len */ - 0, /* nonce len */ - SHA_DIGEST_LENGTH, /* overhead (SHA1) */ - SHA_DIGEST_LENGTH, /* max tag length */ - NULL, /* init */ + SHA_DIGEST_LENGTH, /* key len */ + 0, /* nonce len */ + SHA_DIGEST_LENGTH, /* overhead (SHA1) */ + SHA_DIGEST_LENGTH, /* max tag length */ + 0, /* seal_scatter_supports_extra_in */ + + NULL, /* init */ aead_null_sha1_ssl3_init, aead_ssl3_cleanup, aead_ssl3_open, diff --git a/src/crypto/cipher_extra/e_tls.c b/src/crypto/cipher_extra/e_tls.c index bf4f2e4a..14d53771 100644 --- a/src/crypto/cipher_extra/e_tls.c +++ b/src/crypto/cipher_extra/e_tls.c @@ -103,7 +103,8 @@ static int aead_tls_seal_scatter(const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t *out_tag, size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce, size_t nonce_len, const uint8_t *in, - size_t in_len, const uint8_t *ad, + size_t in_len, const uint8_t *extra_in, + size_t extra_in_len, const uint8_t *ad, size_t ad_len) { AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX *)ctx->aead_state; @@ -457,7 +458,9 @@ static const EVP_AEAD aead_aes_128_cbc_sha1_tls = { 16, /* nonce len (IV) */ 16 + SHA_DIGEST_LENGTH, /* overhead (padding + SHA1) */ SHA_DIGEST_LENGTH, /* max tag length */ - NULL, /* init */ + 0, /* seal_scatter_supports_extra_in */ + + NULL, /* init */ aead_aes_128_cbc_sha1_tls_init, aead_tls_cleanup, aead_tls_open, @@ -471,7 +474,9 @@ static const EVP_AEAD aead_aes_128_cbc_sha1_tls_implicit_iv = { 0, /* nonce len */ 16 + SHA_DIGEST_LENGTH, /* overhead (padding + SHA1) */ SHA_DIGEST_LENGTH, /* max tag length */ - NULL, /* init */ + 0, /* seal_scatter_supports_extra_in */ + + NULL, /* init */ aead_aes_128_cbc_sha1_tls_implicit_iv_init, aead_tls_cleanup, aead_tls_open, @@ -485,7 +490,9 @@ static const EVP_AEAD aead_aes_128_cbc_sha256_tls = { 16, /* nonce len (IV) */ 16 + SHA256_DIGEST_LENGTH, /* overhead (padding + SHA256) */ SHA256_DIGEST_LENGTH, /* max tag length */ - NULL, /* init */ + 0, /* seal_scatter_supports_extra_in */ + + NULL, /* init */ aead_aes_128_cbc_sha256_tls_init, aead_tls_cleanup, aead_tls_open, @@ -499,7 +506,9 @@ static const EVP_AEAD aead_aes_256_cbc_sha1_tls = { 16, /* nonce len (IV) */ 16 + SHA_DIGEST_LENGTH, /* overhead (padding + SHA1) */ SHA_DIGEST_LENGTH, /* max tag length */ - NULL, /* init */ + 0, /* seal_scatter_supports_extra_in */ + + NULL, /* init */ aead_aes_256_cbc_sha1_tls_init, aead_tls_cleanup, aead_tls_open, @@ -513,7 +522,9 @@ static const EVP_AEAD aead_aes_256_cbc_sha1_tls_implicit_iv = { 0, /* nonce len */ 16 + SHA_DIGEST_LENGTH, /* overhead (padding + SHA1) */ SHA_DIGEST_LENGTH, /* max tag length */ - NULL, /* init */ + 0, /* seal_scatter_supports_extra_in */ + + NULL, /* init */ aead_aes_256_cbc_sha1_tls_implicit_iv_init, aead_tls_cleanup, aead_tls_open, @@ -527,7 +538,9 @@ static const EVP_AEAD aead_aes_256_cbc_sha256_tls = { 16, /* nonce len (IV) */ 16 + SHA256_DIGEST_LENGTH, /* overhead (padding + SHA256) */ SHA256_DIGEST_LENGTH, /* max tag length */ - NULL, /* init */ + 0, /* seal_scatter_supports_extra_in */ + + NULL, /* init */ aead_aes_256_cbc_sha256_tls_init, aead_tls_cleanup, aead_tls_open, @@ -541,7 +554,9 @@ static const EVP_AEAD aead_aes_256_cbc_sha384_tls = { 16, /* nonce len (IV) */ 16 + SHA384_DIGEST_LENGTH, /* overhead (padding + SHA384) */ SHA384_DIGEST_LENGTH, /* max tag length */ - NULL, /* init */ + 0, /* seal_scatter_supports_extra_in */ + + NULL, /* init */ aead_aes_256_cbc_sha384_tls_init, aead_tls_cleanup, aead_tls_open, @@ -555,7 +570,9 @@ static const EVP_AEAD aead_des_ede3_cbc_sha1_tls = { 8, /* nonce len (IV) */ 8 + SHA_DIGEST_LENGTH, /* overhead (padding + SHA1) */ SHA_DIGEST_LENGTH, /* max tag length */ - NULL, /* init */ + 0, /* seal_scatter_supports_extra_in */ + + NULL, /* init */ aead_des_ede3_cbc_sha1_tls_init, aead_tls_cleanup, aead_tls_open, @@ -569,7 +586,9 @@ static const EVP_AEAD aead_des_ede3_cbc_sha1_tls_implicit_iv = { 0, /* nonce len */ 8 + SHA_DIGEST_LENGTH, /* overhead (padding + SHA1) */ SHA_DIGEST_LENGTH, /* max tag length */ - NULL, /* init */ + 0, /* seal_scatter_supports_extra_in */ + + NULL, /* init */ aead_des_ede3_cbc_sha1_tls_implicit_iv_init, aead_tls_cleanup, aead_tls_open, @@ -583,7 +602,9 @@ static const EVP_AEAD aead_null_sha1_tls = { 0, /* nonce len */ SHA_DIGEST_LENGTH, /* overhead (SHA1) */ SHA_DIGEST_LENGTH, /* max tag length */ - NULL, /* init */ + 0, /* seal_scatter_supports_extra_in */ + + NULL, /* init */ aead_null_sha1_tls_init, aead_tls_cleanup, aead_tls_open, |