commit 0402f894481899ccda5f2b5d301947f51f640926
author Martin Kreichgauer <martinkr@google.com> Tue May 09 12:40:40 2017 -0700
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Wed May 10 18:36:00 2017 +0000
tree 68cd7e2a52443b3e009fb7210f516d91d8fd6f4a
parent 74cd5d98cc92554a268305e1ca215010326911cc

crypto/fipsmodule: Make more Known Answer Tests breakable.

This allows breaking Known Answer Tests for AES-GCM, DES, SHA-1,
SHA-256, SHA-512, RSA signing and DRBG as required by FIPS.

Change-Id: I8e59698a5048656021f296195229a09ca5cd767c
Reviewed-on: https://boringssl-review.googlesource.com/16088
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

crypto/fipsmodule/bcm.c

diff --git a/crypto/fipsmodule/bcm.c b/crypto/fipsmodule/bcm.c
index bcdf5b8..4dbaef9 100644
--- a/crypto/fipsmodule/bcm.c
+++ b/crypto/fipsmodule/bcm.c
@@ -342,9 +342,9 @@
       0x3a, 0xb5, 0x59, 0x27, 0x7d, 0x21, 0x07, 0xca, 0x4c, 0x1d, 0x55,
       0x34, 0xdd, 0x5a, 0x2d, 0xc4, 0xb4, 0xf5, 0xa8,
 #if !defined(BORINGSSL_FIPS_BREAK_AES_CBC)
-      0x35,
+      0x35
 #else
-      0x00,
+      0x00
 #endif
   };
   static const uint8_t kAESGCMCiphertext[80] = {
@@ -354,7 +354,12 @@
       0xa0, 0x47, 0xfa, 0xd7, 0x8f, 0xb1, 0x4a, 0xc4, 0xdc, 0x89, 0xf9, 0xb4,
       0x14, 0x4d, 0xde, 0x95, 0xea, 0x29, 0x69, 0x76, 0x81, 0xa3, 0x5c, 0x33,
       0xd8, 0x37, 0xd8, 0xfa, 0x47, 0x19, 0x46, 0x2f, 0xf1, 0x90, 0xb7, 0x61,
-      0x8f, 0x6f, 0xdd, 0x31, 0x3f, 0x6a, 0x64, 0x0d
+      0x8f, 0x6f, 0xdd, 0x31, 0x3f, 0x6a, 0x64,
+#if !defined(BORINGSSL_FIPS_BREAK_AES_GCM)
+      0x0d
+#else
+      0x00
+#endif
   };
   static const DES_cblock kDESKey1 = {"BCMDESK1"};
   static const DES_cblock kDESKey2 = {"BCMDESK2"};
@@ -366,16 +371,31 @@
       0xaf, 0x93, 0x91, 0xb8, 0x88, 0x24, 0xb1, 0xf6, 0xf8, 0xbd, 0x31,
       0x96, 0x06, 0x76, 0xde, 0x32, 0xcd, 0x29, 0x29, 0xba, 0x70, 0x5f,
       0xea, 0xc0, 0xcb, 0xde, 0xc7, 0x75, 0x90, 0xe0, 0x0f, 0x5e, 0x2c,
-      0x0d, 0x49, 0x20, 0xd5, 0x30, 0x83, 0xf8, 0x08, 0x5a
+      0x0d, 0x49, 0x20, 0xd5, 0x30, 0x83, 0xf8, 0x08,
+#if !defined(BORINGSSL_FIPS_BREAK_DES)
+      0x5a
+#else
+      0x00
+#endif
   };
   static const uint8_t kPlaintextSHA1[20] = {
       0xc6, 0xf8, 0xc9, 0x63, 0x1c, 0x14, 0x23, 0x62, 0x9b, 0xbd,
-      0x55, 0x82, 0xf4, 0xd6, 0x1d, 0xf2, 0xab, 0x7d, 0xc8, 0x28
+      0x55, 0x82, 0xf4, 0xd6, 0x1d, 0xf2, 0xab, 0x7d, 0xc8,
+#if !defined(BORINGSSL_FIPS_BREAK_SHA_1)
+      0x28
+#else
+      0x00
+#endif
   };
   static const uint8_t kPlaintextSHA256[32] = {
       0x37, 0xbd, 0x70, 0x53, 0x72, 0xfc, 0xd4, 0x03, 0x79, 0x70, 0xfb,
       0x06, 0x95, 0xb1, 0x2a, 0x82, 0x48, 0xe1, 0x3e, 0xf2, 0x33, 0xfb,
-      0xef, 0x29, 0x81, 0x22, 0x45, 0x40, 0x43, 0x70, 0xce, 0x0f
+      0xef, 0x29, 0x81, 0x22, 0x45, 0x40, 0x43, 0x70, 0xce,
+#if !defined(BORINGSSL_FIPS_BREAK_SHA_256)
+      0x0f
+#else
+      0x00
+#endif
   };
   static const uint8_t kPlaintextSHA512[64] = {
       0x08, 0x6a, 0x1c, 0x84, 0x61, 0x9d, 0x8e, 0xb3, 0xc0, 0x97, 0x4e,
@@ -383,7 +403,12 @@
       0xc3, 0xbd, 0x6e, 0xd6, 0x1e, 0xb2, 0xbb, 0x34, 0x74, 0x72, 0x5c,
       0x51, 0x29, 0x8b, 0x87, 0x3a, 0xa3, 0xf2, 0x25, 0x23, 0xd4, 0x1c,
       0x82, 0x1b, 0xfe, 0xd3, 0xc6, 0xee, 0xb5, 0xd6, 0xaf, 0x07, 0x7b,
-      0x98, 0xca, 0xa7, 0x01, 0xf3, 0x94, 0xf3, 0x68, 0x14
+      0x98, 0xca, 0xa7, 0x01, 0xf3, 0x94, 0xf3, 0x68,
+#if !defined(BORINGSSL_FIPS_BREAK_SHA_512)
+      0x14
+#else
+      0x00
+#endif
   };
   static const uint8_t kRSASignature[256] = {
       0x62, 0x66, 0x4b, 0xe3, 0xb1, 0xd2, 0x83, 0xf1, 0xa8, 0x56, 0x2b, 0x33,
@@ -407,7 +432,12 @@
       0x13, 0xda, 0x78, 0x20, 0xae, 0x59, 0x5f, 0x9b, 0xa9, 0x6c, 0xf9, 0x1b,
       0xdf, 0x76, 0x53, 0xc8, 0xa7, 0xf5, 0x63, 0x6d, 0xf3, 0xff, 0xfd, 0xaf,
       0x75, 0x4b, 0xac, 0x67, 0xb1, 0x3c, 0xbf, 0x5e, 0xde, 0x73, 0x02, 0x6d,
-      0xd2, 0x0c, 0xb1, 0x64,
+      0xd2, 0x0c, 0xb1,
+#if !defined(BORINGSSL_FIPS_BREAK_RSA_SIG)
+      0x64
+#else
+      0x00
+#endif
   };
   const uint8_t kDRBGEntropy[48] =
       "BCM Known Answer Test DBRG Initial Entropy      ";
@@ -419,7 +449,12 @@
       0x96, 0x33, 0x3d, 0x60, 0xb6, 0x29, 0xd4, 0xbb, 0x6b, 0x44, 0xf9,
       0xef, 0xd9, 0xf4, 0xa2, 0xba, 0x48, 0xea, 0x39, 0x75, 0x59, 0x32,
       0xf7, 0x31, 0x2c, 0x98, 0x14, 0x2b, 0x49, 0xdf, 0x02, 0xb6, 0x5d,
-      0x71, 0x09, 0x50, 0xdb, 0x23, 0xdb, 0xe5, 0x22, 0x95,
+      0x71, 0x09, 0x50, 0xdb, 0x23, 0xdb, 0xe5, 0x22,
+#if !defined(BORINGSSL_FIPS_BREAK_DRBG)
+      0x95
+#else
+      0x00
+#endif
   };
   const uint8_t kDRBGEntropy2[48] =
       "BCM Known Answer Test DBRG Reseed Entropy       ";