diff options
| author | Simo Sorce <simo@redhat.com> | 2018-10-26 16:55:27 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2018-10-28 19:41:32 -0400 |
| commit | aa9f1be594ca9f11742794d6da534a63e8de69a2 (patch) | |
| tree | d93d5a55d6bb871d33cf2c34ec5bf21fa6035f3e | |
| parent | c8d9b6261e88062ca58bf40f0ceaab4a559b9b00 (diff) | |
| download | gnutls-aa9f1be594ca9f11742794d6da534a63e8de69a2.tar.gz | |
Add selftests for CMAC
Signed-off-by: Simo Sorce <simo@redhat.com>
| -rw-r--r-- | lib/crypto-selftests.c | 27 | ||||
| -rw-r--r-- | lib/fips.h | 2 |
2 files changed, 29 insertions, 0 deletions
diff --git a/lib/crypto-selftests.c b/lib/crypto-selftests.c index ba1de66f6a..3d24c3aede 100644 --- a/lib/crypto-selftests.c +++ b/lib/crypto-selftests.c @@ -1425,6 +1425,29 @@ const struct mac_vectors_st hmac_streebog_256_vectors[] = { }, }; +const struct mac_vectors_st aes_cmac_128_vectors[] = { /* NIST SP800-38A */ + { + STR(key, key_size, + "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c"), + STR(plaintext, plaintext_size, + "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"), + STR(output, output_size, + "\x07\x0a\x16\xb4\x6b\x4d\x41\x44\xf7\x9b\xdd\x9d\xd0\x4a\x28\x7c"), + }, +}; + +const struct mac_vectors_st aes_cmac_256_vectors[] = { /* NIST SP800-38A */ + { + STR(key, key_size, + "\x60\x3d\xeb\x10\x15\xca\x71\xbe\x2b\x73\xae\xf0\x85\x7d\x77\x81" + "\x1f\x35\x2c\x07\x3b\x61\x08\xd7\x2d\x98\x10\xa3\x09\x14\xdf\xf4"), + STR(plaintext, plaintext_size, + "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"), + STR(output, output_size, + "\x28\xa7\x02\x3f\x45\x2e\x8f\x82\xbd\x4b\xf2\x8d\x8c\x37\xc3\x5c"), + }, +}; + static int test_mac(gnutls_mac_algorithm_t mac, const struct mac_vectors_st *vectors, size_t vectors_size, unsigned flags) @@ -1623,6 +1646,10 @@ int gnutls_mac_self_test(unsigned flags, gnutls_mac_algorithm_t mac) FALLTHROUGH; NON_FIPS_CASE(GNUTLS_MAC_STREEBOG_256, test_mac, hmac_streebog_256_vectors); #endif + FALLTHROUGH; + CASE(GNUTLS_MAC_AES_CMAC_128, test_mac, aes_cmac_128_vectors); + FALLTHROUGH; + CASE(GNUTLS_MAC_AES_CMAC_256, test_mac, aes_cmac_256_vectors); break; default: diff --git a/lib/fips.h b/lib/fips.h index 4e09916ac4..df04f0c86c 100644 --- a/lib/fips.h +++ b/lib/fips.h @@ -105,6 +105,8 @@ static unsigned is_mac_algo_forbidden(gnutls_mac_algorithm_t algo) case GNUTLS_MAC_SHA3_256: case GNUTLS_MAC_SHA3_384: case GNUTLS_MAC_SHA3_512: + case GNUTLS_MAC_AES_CMAC_128: + case GNUTLS_MAC_AES_CMAC_256: return 0; default: if (mode == GNUTLS_FIPS140_LAX) |