Support key wrap with padding in CAVP. Change-Id: I27a282ee2b11083a1137990b00a9d599dd1f48df Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/36625 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: Adam Langley <agl@google.com>
diff --git a/util/fipstools/cavp/cavp_keywrap_test.cc b/util/fipstools/cavp/cavp_keywrap_test.cc index c7270df..a4abccd 100644 --- a/util/fipstools/cavp/cavp_keywrap_test.cc +++ b/util/fipstools/cavp/cavp_keywrap_test.cc
@@ -28,15 +28,16 @@ struct TestCtx { bool encrypt; + bool padding; }; -} +} // namespace static bool AESKeyWrap(std::vector<uint8_t> *out, bool encrypt, const std::vector<uint8_t> &key, const std::vector<uint8_t> &in) { size_t key_bits = key.size() * 8; - if (key_bits != 128 && key_bits != 256) { + if (key_bits != 128 && key_bits != 192 && key_bits != 256) { return false; } AES_KEY aes_key; @@ -60,6 +61,36 @@ return true; } +static bool AESKeyWrapWithPadding(std::vector<uint8_t> *out, bool encrypt, + const std::vector<uint8_t> &key, + const std::vector<uint8_t> &in) { + const size_t key_bits = key.size() * 8; + if (key_bits != 128 && key_bits != 192 && key_bits != 256) { + return false; + } + AES_KEY aes_key; + + size_t out_len; + if (encrypt) { + out->resize(in.size() + 15); + if (AES_set_encrypt_key(key.data(), key_bits, &aes_key) || + !AES_wrap_key_padded(&aes_key, out->data(), &out_len, out->size(), + in.data(), in.size())) { + return false; + } + } else { + out->resize(in.size()); + if (AES_set_decrypt_key(key.data(), key_bits, &aes_key) || + !AES_unwrap_key_padded(&aes_key, out->data(), &out_len, out->size(), + in.data(), in.size())) { + return false; + } + } + + out->resize(out_len); + return true; +} + static bool TestCipher(FileTest *t, void *arg) { TestCtx *ctx = reinterpret_cast<TestCtx *>(arg); @@ -75,8 +106,13 @@ } // clang-format on + auto wrap_function = AESKeyWrap; + if (ctx->padding) { + wrap_function = AESKeyWrapWithPadding; + } + printf("%s", t->CurrentTestToString().c_str()); - if (!AESKeyWrap(&result, ctx->encrypt, key, in)) { + if (!wrap_function(&result, ctx->encrypt, key, in)) { if (ctx->encrypt) { return false; } else { @@ -93,7 +129,7 @@ static int usage(char *arg) { fprintf( stderr, - "usage: %s (enc|dec) (128|256) <test file>\n", + "usage: %s (enc|dec|enc-pad|dec-pad) (128|192|256) <test file>\n", arg); return 1; } @@ -104,16 +140,21 @@ } const std::string op(argv[1]); - bool encrypt; + bool encrypt = false; + bool padding = false; if (op == "enc") { encrypt = true; } else if (op == "dec") { - encrypt = false; + } else if (op == "enc-pad") { + encrypt = true; + padding = true; + } else if (op == "dec-pad") { + padding = true; } else { return usage(argv[0]); } - TestCtx ctx = {encrypt}; + TestCtx ctx = {encrypt, padding}; FileTest::Options opts; opts.path = argv[3];
diff --git a/util/fipstools/cavp/run_cavp.go b/util/fipstools/cavp/run_cavp.go index 438bb78..b37f453 100644 --- a/util/fipstools/cavp/run_cavp.go +++ b/util/fipstools/cavp/run_cavp.go
@@ -283,9 +283,17 @@ nil, []test{ {"KW_AD_128", []string{"dec", "128"}, false}, + {"KW_AD_192", []string{"dec", "192"}, false}, {"KW_AD_256", []string{"dec", "256"}, false}, {"KW_AE_128", []string{"enc", "128"}, false}, + {"KW_AE_192", []string{"enc", "192"}, false}, {"KW_AE_256", []string{"enc", "256"}, false}, + {"KWP_AD_128", []string{"dec-pad", "128"}, false}, + {"KWP_AD_192", []string{"dec-pad", "192"}, false}, + {"KWP_AD_256", []string{"dec-pad", "256"}, false}, + {"KWP_AE_128", []string{"enc-pad", "128"}, false}, + {"KWP_AE_192", []string{"enc-pad", "192"}, false}, + {"KWP_AE_256", []string{"enc-pad", "256"}, false}, }, }