Move cmac into the FIPS module boundary. Change-Id: I2cffb9e870785a1c49d3ae872387494632bfb8fe Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/52567 Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt index 6701158..610e068 100644 --- a/crypto/CMakeLists.txt +++ b/crypto/CMakeLists.txt
@@ -253,7 +253,6 @@ chacha/chacha.c cipher_extra/cipher_extra.c cipher_extra/derive_key.c - cipher_extra/e_aesccm.c cipher_extra/e_aesctrhmac.c cipher_extra/e_aesgcmsiv.c cipher_extra/e_chacha20poly1305.c @@ -263,7 +262,6 @@ cipher_extra/e_rc4.c cipher_extra/e_tls.c cipher_extra/tls_cbc.c - cmac/cmac.c conf/conf.c cpu_aarch64_apple.c cpu_aarch64_fuchsia.c @@ -505,7 +503,6 @@ chacha/chacha_test.cc cipher_extra/aead_test.cc cipher_extra/cipher_test.cc - cmac/cmac_test.cc compiler_test.cc conf/conf_test.cc constant_time_test.cc @@ -525,6 +522,7 @@ evp/scrypt_test.cc fipsmodule/aes/aes_test.cc fipsmodule/bn/bn_test.cc + fipsmodule/cmac/cmac_test.cc fipsmodule/ec/ec_test.cc fipsmodule/ec/p256-nistz_test.cc fipsmodule/ecdsa/ecdsa_test.cc
diff --git a/crypto/fipsmodule/bcm.c b/crypto/fipsmodule/bcm.c index 87618fe..3381b90 100644 --- a/crypto/fipsmodule/bcm.c +++ b/crypto/fipsmodule/bcm.c
@@ -58,6 +58,8 @@ #include "cipher/aead.c" #include "cipher/cipher.c" #include "cipher/e_aes.c" +#include "cipher/e_aesccm.c" +#include "cmac/cmac.c" #include "dh/check.c" #include "dh/dh.c" #include "digest/digest.c"
diff --git a/crypto/cipher_extra/e_aesccm.c b/crypto/fipsmodule/cipher/e_aesccm.c similarity index 92% rename from crypto/cipher_extra/e_aesccm.c rename to crypto/fipsmodule/cipher/e_aesccm.c index 844b9b9..33c8b16 100644 --- a/crypto/cipher_extra/e_aesccm.c +++ b/crypto/fipsmodule/cipher/e_aesccm.c
@@ -54,7 +54,7 @@ #include <openssl/err.h> #include <openssl/mem.h> -#include "../fipsmodule/cipher/internal.h" +#include "internal.h" struct ccm128_context { @@ -398,25 +398,18 @@ return aead_aes_ccm_init(ctx, key, key_len, tag_len, 4, 2); } -static const EVP_AEAD aead_aes_128_ccm_bluetooth = { - 16, // key length (AES-128) - 13, // nonce length - 4, // overhead - 4, // max tag length - 0, // seal_scatter_supports_extra_in +DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_128_ccm_bluetooth) { + memset(out, 0, sizeof(EVP_AEAD)); - aead_aes_ccm_bluetooth_init, - NULL /* init_with_direction */, - aead_aes_ccm_cleanup, - NULL /* open */, - aead_aes_ccm_seal_scatter, - aead_aes_ccm_open_gather, - NULL /* get_iv */, - NULL /* tag_len */, -}; + out->key_len = 16; + out->nonce_len = 13; + out->overhead = 4; + out->max_tag_len = 4; -const EVP_AEAD *EVP_aead_aes_128_ccm_bluetooth(void) { - return &aead_aes_128_ccm_bluetooth; + out->init = aead_aes_ccm_bluetooth_init; + out->cleanup = aead_aes_ccm_cleanup; + out->seal_scatter = aead_aes_ccm_seal_scatter; + out->open_gather = aead_aes_ccm_open_gather; } static int aead_aes_ccm_bluetooth_8_init(EVP_AEAD_CTX *ctx, const uint8_t *key, @@ -424,23 +417,16 @@ return aead_aes_ccm_init(ctx, key, key_len, tag_len, 8, 2); } -static const EVP_AEAD aead_aes_128_ccm_bluetooth_8 = { - 16, // key length (AES-128) - 13, // nonce length - 8, // overhead - 8, // max tag length - 0, // seal_scatter_supports_extra_in +DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_128_ccm_bluetooth_8) { + memset(out, 0, sizeof(EVP_AEAD)); - aead_aes_ccm_bluetooth_8_init, - NULL /* init_with_direction */, - aead_aes_ccm_cleanup, - NULL /* open */, - aead_aes_ccm_seal_scatter, - aead_aes_ccm_open_gather, - NULL /* get_iv */, - NULL /* tag_len */, -}; + out->key_len = 16; + out->nonce_len = 13; + out->overhead = 8; + out->max_tag_len = 8; -const EVP_AEAD *EVP_aead_aes_128_ccm_bluetooth_8(void) { - return &aead_aes_128_ccm_bluetooth_8; + out->init = aead_aes_ccm_bluetooth_8_init; + out->cleanup = aead_aes_ccm_cleanup; + out->seal_scatter = aead_aes_ccm_seal_scatter; + out->open_gather = aead_aes_ccm_open_gather; }
diff --git a/crypto/cmac/cavp_3des_cmac_tests.txt b/crypto/fipsmodule/cmac/cavp_3des_cmac_tests.txt similarity index 100% rename from crypto/cmac/cavp_3des_cmac_tests.txt rename to crypto/fipsmodule/cmac/cavp_3des_cmac_tests.txt
diff --git a/crypto/cmac/cavp_aes128_cmac_tests.txt b/crypto/fipsmodule/cmac/cavp_aes128_cmac_tests.txt similarity index 100% rename from crypto/cmac/cavp_aes128_cmac_tests.txt rename to crypto/fipsmodule/cmac/cavp_aes128_cmac_tests.txt
diff --git a/crypto/cmac/cavp_aes192_cmac_tests.txt b/crypto/fipsmodule/cmac/cavp_aes192_cmac_tests.txt similarity index 100% rename from crypto/cmac/cavp_aes192_cmac_tests.txt rename to crypto/fipsmodule/cmac/cavp_aes192_cmac_tests.txt
diff --git a/crypto/cmac/cavp_aes256_cmac_tests.txt b/crypto/fipsmodule/cmac/cavp_aes256_cmac_tests.txt similarity index 100% rename from crypto/cmac/cavp_aes256_cmac_tests.txt rename to crypto/fipsmodule/cmac/cavp_aes256_cmac_tests.txt
diff --git a/crypto/cmac/cmac.c b/crypto/fipsmodule/cmac/cmac.c similarity index 99% rename from crypto/cmac/cmac.c rename to crypto/fipsmodule/cmac/cmac.c index b6a10f7..3421bbf 100644 --- a/crypto/cmac/cmac.c +++ b/crypto/fipsmodule/cmac/cmac.c
@@ -55,7 +55,7 @@ #include <openssl/cipher.h> #include <openssl/mem.h> -#include "../internal.h" +#include "../../internal.h" struct cmac_ctx_st {
diff --git a/crypto/cmac/cmac_test.cc b/crypto/fipsmodule/cmac/cmac_test.cc similarity index 94% rename from crypto/cmac/cmac_test.cc rename to crypto/fipsmodule/cmac/cmac_test.cc index e8a220a..9e3744e 100644 --- a/crypto/cmac/cmac_test.cc +++ b/crypto/fipsmodule/cmac/cmac_test.cc
@@ -23,9 +23,9 @@ #include <openssl/cmac.h> #include <openssl/mem.h> -#include "../test/file_test.h" -#include "../test/test_util.h" -#include "../test/wycheproof_util.h" +#include "../../test/file_test.h" +#include "../../test/test_util.h" +#include "../../test/wycheproof_util.h" static void test(const char *name, const uint8_t *key, size_t key_len, @@ -248,20 +248,21 @@ } TEST(CMACTest, CAVPAES128) { - RunCAVPTest("crypto/cmac/cavp_aes128_cmac_tests.txt", EVP_aes_128_cbc(), - false); + RunCAVPTest("crypto/fipsmodule/cmac/cavp_aes128_cmac_tests.txt", + EVP_aes_128_cbc(), false); } TEST(CMACTest, CAVPAES192) { - RunCAVPTest("crypto/cmac/cavp_aes192_cmac_tests.txt", EVP_aes_192_cbc(), - false); + RunCAVPTest("crypto/fipsmodule/cmac/cavp_aes192_cmac_tests.txt", + EVP_aes_192_cbc(), false); } TEST(CMACTest, CAVPAES256) { - RunCAVPTest("crypto/cmac/cavp_aes256_cmac_tests.txt", EVP_aes_256_cbc(), - false); + RunCAVPTest("crypto/fipsmodule/cmac/cavp_aes256_cmac_tests.txt", + EVP_aes_256_cbc(), false); } TEST(CMACTest, CAVP3DES) { - RunCAVPTest("crypto/cmac/cavp_3des_cmac_tests.txt", EVP_des_ede3_cbc(), true); + RunCAVPTest("crypto/fipsmodule/cmac/cavp_3des_cmac_tests.txt", + EVP_des_ede3_cbc(), true); }
diff --git a/sources.cmake b/sources.cmake index 434b3c2..4cbc4c5 100644 --- a/sources.cmake +++ b/sources.cmake
@@ -38,16 +38,16 @@ crypto/cipher_extra/test/nist_cavp/tdes_cbc.txt crypto/cipher_extra/test/nist_cavp/tdes_ecb.txt crypto/curve25519/ed25519_tests.txt - crypto/cmac/cavp_3des_cmac_tests.txt - crypto/cmac/cavp_aes128_cmac_tests.txt - crypto/cmac/cavp_aes192_cmac_tests.txt - crypto/cmac/cavp_aes256_cmac_tests.txt crypto/ecdh_extra/ecdh_tests.txt crypto/evp/evp_tests.txt crypto/evp/scrypt_tests.txt crypto/fipsmodule/aes/aes_tests.txt crypto/fipsmodule/bn/bn_tests.txt crypto/fipsmodule/bn/miller_rabin_tests.txt + crypto/fipsmodule/cmac/cavp_3des_cmac_tests.txt + crypto/fipsmodule/cmac/cavp_aes128_cmac_tests.txt + crypto/fipsmodule/cmac/cavp_aes192_cmac_tests.txt + crypto/fipsmodule/cmac/cavp_aes256_cmac_tests.txt crypto/fipsmodule/ec/ec_scalar_base_mult_tests.txt crypto/fipsmodule/ec/p256-nistz_tests.txt crypto/fipsmodule/ecdsa/ecdsa_sign_tests.txt