Move cmac into the FIPS module boundary.
Change-Id: I2cffb9e870785a1c49d3ae872387494632bfb8fe
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/52567
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt
index 6701158..610e068 100644
--- a/crypto/CMakeLists.txt
+++ b/crypto/CMakeLists.txt
@@ -253,7 +253,6 @@
chacha/chacha.c
cipher_extra/cipher_extra.c
cipher_extra/derive_key.c
- cipher_extra/e_aesccm.c
cipher_extra/e_aesctrhmac.c
cipher_extra/e_aesgcmsiv.c
cipher_extra/e_chacha20poly1305.c
@@ -263,7 +262,6 @@
cipher_extra/e_rc4.c
cipher_extra/e_tls.c
cipher_extra/tls_cbc.c
- cmac/cmac.c
conf/conf.c
cpu_aarch64_apple.c
cpu_aarch64_fuchsia.c
@@ -505,7 +503,6 @@
chacha/chacha_test.cc
cipher_extra/aead_test.cc
cipher_extra/cipher_test.cc
- cmac/cmac_test.cc
compiler_test.cc
conf/conf_test.cc
constant_time_test.cc
@@ -525,6 +522,7 @@
evp/scrypt_test.cc
fipsmodule/aes/aes_test.cc
fipsmodule/bn/bn_test.cc
+ fipsmodule/cmac/cmac_test.cc
fipsmodule/ec/ec_test.cc
fipsmodule/ec/p256-nistz_test.cc
fipsmodule/ecdsa/ecdsa_test.cc
diff --git a/crypto/fipsmodule/bcm.c b/crypto/fipsmodule/bcm.c
index 87618fe..3381b90 100644
--- a/crypto/fipsmodule/bcm.c
+++ b/crypto/fipsmodule/bcm.c
@@ -58,6 +58,8 @@
#include "cipher/aead.c"
#include "cipher/cipher.c"
#include "cipher/e_aes.c"
+#include "cipher/e_aesccm.c"
+#include "cmac/cmac.c"
#include "dh/check.c"
#include "dh/dh.c"
#include "digest/digest.c"
diff --git a/crypto/cipher_extra/e_aesccm.c b/crypto/fipsmodule/cipher/e_aesccm.c
similarity index 92%
rename from crypto/cipher_extra/e_aesccm.c
rename to crypto/fipsmodule/cipher/e_aesccm.c
index 844b9b9..33c8b16 100644
--- a/crypto/cipher_extra/e_aesccm.c
+++ b/crypto/fipsmodule/cipher/e_aesccm.c
@@ -54,7 +54,7 @@
#include <openssl/err.h>
#include <openssl/mem.h>
-#include "../fipsmodule/cipher/internal.h"
+#include "internal.h"
struct ccm128_context {
@@ -398,25 +398,18 @@
return aead_aes_ccm_init(ctx, key, key_len, tag_len, 4, 2);
}
-static const EVP_AEAD aead_aes_128_ccm_bluetooth = {
- 16, // key length (AES-128)
- 13, // nonce length
- 4, // overhead
- 4, // max tag length
- 0, // seal_scatter_supports_extra_in
+DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_128_ccm_bluetooth) {
+ memset(out, 0, sizeof(EVP_AEAD));
- aead_aes_ccm_bluetooth_init,
- NULL /* init_with_direction */,
- aead_aes_ccm_cleanup,
- NULL /* open */,
- aead_aes_ccm_seal_scatter,
- aead_aes_ccm_open_gather,
- NULL /* get_iv */,
- NULL /* tag_len */,
-};
+ out->key_len = 16;
+ out->nonce_len = 13;
+ out->overhead = 4;
+ out->max_tag_len = 4;
-const EVP_AEAD *EVP_aead_aes_128_ccm_bluetooth(void) {
- return &aead_aes_128_ccm_bluetooth;
+ out->init = aead_aes_ccm_bluetooth_init;
+ out->cleanup = aead_aes_ccm_cleanup;
+ out->seal_scatter = aead_aes_ccm_seal_scatter;
+ out->open_gather = aead_aes_ccm_open_gather;
}
static int aead_aes_ccm_bluetooth_8_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
@@ -424,23 +417,16 @@
return aead_aes_ccm_init(ctx, key, key_len, tag_len, 8, 2);
}
-static const EVP_AEAD aead_aes_128_ccm_bluetooth_8 = {
- 16, // key length (AES-128)
- 13, // nonce length
- 8, // overhead
- 8, // max tag length
- 0, // seal_scatter_supports_extra_in
+DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_128_ccm_bluetooth_8) {
+ memset(out, 0, sizeof(EVP_AEAD));
- aead_aes_ccm_bluetooth_8_init,
- NULL /* init_with_direction */,
- aead_aes_ccm_cleanup,
- NULL /* open */,
- aead_aes_ccm_seal_scatter,
- aead_aes_ccm_open_gather,
- NULL /* get_iv */,
- NULL /* tag_len */,
-};
+ out->key_len = 16;
+ out->nonce_len = 13;
+ out->overhead = 8;
+ out->max_tag_len = 8;
-const EVP_AEAD *EVP_aead_aes_128_ccm_bluetooth_8(void) {
- return &aead_aes_128_ccm_bluetooth_8;
+ out->init = aead_aes_ccm_bluetooth_8_init;
+ out->cleanup = aead_aes_ccm_cleanup;
+ out->seal_scatter = aead_aes_ccm_seal_scatter;
+ out->open_gather = aead_aes_ccm_open_gather;
}
diff --git a/crypto/cmac/cavp_3des_cmac_tests.txt b/crypto/fipsmodule/cmac/cavp_3des_cmac_tests.txt
similarity index 100%
rename from crypto/cmac/cavp_3des_cmac_tests.txt
rename to crypto/fipsmodule/cmac/cavp_3des_cmac_tests.txt
diff --git a/crypto/cmac/cavp_aes128_cmac_tests.txt b/crypto/fipsmodule/cmac/cavp_aes128_cmac_tests.txt
similarity index 100%
rename from crypto/cmac/cavp_aes128_cmac_tests.txt
rename to crypto/fipsmodule/cmac/cavp_aes128_cmac_tests.txt
diff --git a/crypto/cmac/cavp_aes192_cmac_tests.txt b/crypto/fipsmodule/cmac/cavp_aes192_cmac_tests.txt
similarity index 100%
rename from crypto/cmac/cavp_aes192_cmac_tests.txt
rename to crypto/fipsmodule/cmac/cavp_aes192_cmac_tests.txt
diff --git a/crypto/cmac/cavp_aes256_cmac_tests.txt b/crypto/fipsmodule/cmac/cavp_aes256_cmac_tests.txt
similarity index 100%
rename from crypto/cmac/cavp_aes256_cmac_tests.txt
rename to crypto/fipsmodule/cmac/cavp_aes256_cmac_tests.txt
diff --git a/crypto/cmac/cmac.c b/crypto/fipsmodule/cmac/cmac.c
similarity index 99%
rename from crypto/cmac/cmac.c
rename to crypto/fipsmodule/cmac/cmac.c
index b6a10f7..3421bbf 100644
--- a/crypto/cmac/cmac.c
+++ b/crypto/fipsmodule/cmac/cmac.c
@@ -55,7 +55,7 @@
#include <openssl/cipher.h>
#include <openssl/mem.h>
-#include "../internal.h"
+#include "../../internal.h"
struct cmac_ctx_st {
diff --git a/crypto/cmac/cmac_test.cc b/crypto/fipsmodule/cmac/cmac_test.cc
similarity index 94%
rename from crypto/cmac/cmac_test.cc
rename to crypto/fipsmodule/cmac/cmac_test.cc
index e8a220a..9e3744e 100644
--- a/crypto/cmac/cmac_test.cc
+++ b/crypto/fipsmodule/cmac/cmac_test.cc
@@ -23,9 +23,9 @@
#include <openssl/cmac.h>
#include <openssl/mem.h>
-#include "../test/file_test.h"
-#include "../test/test_util.h"
-#include "../test/wycheproof_util.h"
+#include "../../test/file_test.h"
+#include "../../test/test_util.h"
+#include "../../test/wycheproof_util.h"
static void test(const char *name, const uint8_t *key, size_t key_len,
@@ -248,20 +248,21 @@
}
TEST(CMACTest, CAVPAES128) {
- RunCAVPTest("crypto/cmac/cavp_aes128_cmac_tests.txt", EVP_aes_128_cbc(),
- false);
+ RunCAVPTest("crypto/fipsmodule/cmac/cavp_aes128_cmac_tests.txt",
+ EVP_aes_128_cbc(), false);
}
TEST(CMACTest, CAVPAES192) {
- RunCAVPTest("crypto/cmac/cavp_aes192_cmac_tests.txt", EVP_aes_192_cbc(),
- false);
+ RunCAVPTest("crypto/fipsmodule/cmac/cavp_aes192_cmac_tests.txt",
+ EVP_aes_192_cbc(), false);
}
TEST(CMACTest, CAVPAES256) {
- RunCAVPTest("crypto/cmac/cavp_aes256_cmac_tests.txt", EVP_aes_256_cbc(),
- false);
+ RunCAVPTest("crypto/fipsmodule/cmac/cavp_aes256_cmac_tests.txt",
+ EVP_aes_256_cbc(), false);
}
TEST(CMACTest, CAVP3DES) {
- RunCAVPTest("crypto/cmac/cavp_3des_cmac_tests.txt", EVP_des_ede3_cbc(), true);
+ RunCAVPTest("crypto/fipsmodule/cmac/cavp_3des_cmac_tests.txt",
+ EVP_des_ede3_cbc(), true);
}
diff --git a/sources.cmake b/sources.cmake
index 434b3c2..4cbc4c5 100644
--- a/sources.cmake
+++ b/sources.cmake
@@ -38,16 +38,16 @@
crypto/cipher_extra/test/nist_cavp/tdes_cbc.txt
crypto/cipher_extra/test/nist_cavp/tdes_ecb.txt
crypto/curve25519/ed25519_tests.txt
- crypto/cmac/cavp_3des_cmac_tests.txt
- crypto/cmac/cavp_aes128_cmac_tests.txt
- crypto/cmac/cavp_aes192_cmac_tests.txt
- crypto/cmac/cavp_aes256_cmac_tests.txt
crypto/ecdh_extra/ecdh_tests.txt
crypto/evp/evp_tests.txt
crypto/evp/scrypt_tests.txt
crypto/fipsmodule/aes/aes_tests.txt
crypto/fipsmodule/bn/bn_tests.txt
crypto/fipsmodule/bn/miller_rabin_tests.txt
+ crypto/fipsmodule/cmac/cavp_3des_cmac_tests.txt
+ crypto/fipsmodule/cmac/cavp_aes128_cmac_tests.txt
+ crypto/fipsmodule/cmac/cavp_aes192_cmac_tests.txt
+ crypto/fipsmodule/cmac/cavp_aes256_cmac_tests.txt
crypto/fipsmodule/ec/ec_scalar_base_mult_tests.txt
crypto/fipsmodule/ec/p256-nistz_tests.txt
crypto/fipsmodule/ecdsa/ecdsa_sign_tests.txt
