diff options
| author | Daniel McCarney <daniel@binaryparadox.net> | 2024-12-13 14:17:48 -0500 |
|---|---|---|
| committer | Filippo Valsorda <filippo@golang.org> | 2025-02-10 05:50:37 -0800 |
| commit | ae26a30bb0cda77799334152a85eb63bb5cce0dc (patch) | |
| tree | 7fc1688149b148634a82e19b5a87270f44e8999a /src | |
| parent | ff27d270c9f95178f9749bc8e1f15957b1c1d5b3 (diff) | |
| download | go-ae26a30bb0cda77799334152a85eb63bb5cce0dc.tar.xz | |
crypto/internal/fips140test: add CMAC-AES ACVP tests
Adds ACVP test coverage for CMAC-AES based on the NIST spec:
https://pages.nist.gov/ACVP/draft-fussell-acvp-mac.html
Updates #69642
Change-Id: Ie731863b84c6f8d74c64daa6a6848354420151b2
Reviewed-on: https://go-review.googlesource.com/c/go/+/635762
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/crypto/internal/fips140test/acvp_capabilities.json | 3 | ||||
| -rw-r--r-- | src/crypto/internal/fips140test/acvp_test.config.json | 4 | ||||
| -rw-r--r-- | src/crypto/internal/fips140test/acvp_test.go | 55 |
3 files changed, 60 insertions, 2 deletions
diff --git a/src/crypto/internal/fips140test/acvp_capabilities.json b/src/crypto/internal/fips140test/acvp_capabilities.json index 68d8e3bd2a..117bd9e30b 100644 --- a/src/crypto/internal/fips140test/acvp_capabilities.json +++ b/src/crypto/internal/fips140test/acvp_capabilities.json @@ -53,5 +53,6 @@ {"algorithm":"ACVP-AES-CBC","direction":["encrypt","decrypt"],"keyLen":[128,192,256],"revision":"1.0"}, {"algorithm":"ACVP-AES-CTR","direction":["encrypt","decrypt"],"keyLen":[128,192,256],"payloadLen":[{"min":8,"max":128,"increment":8}],"incrementalCounter":true,"overflowCounter":true,"performCounterTests":true,"revision":"1.0"}, {"algorithm":"ACVP-AES-GCM","direction":["encrypt","decrypt"],"keyLen":[128,192,256],"payloadLen":[{"min":0,"max":65536,"increment":8}],"aadLen":[{"min":0,"max":65536,"increment":8}],"tagLen":[96,104,112,120,128],"ivLen":[96],"ivGen":"external","revision":"1.0"}, - {"algorithm":"ACVP-AES-GCM","direction":["encrypt","decrypt"],"keyLen":[128,192,256],"payloadLen":[{"min":0,"max":65536,"increment":8}],"aadLen":[{"min":0,"max":65536,"increment":8}],"tagLen":[128],"ivLen":[96],"ivGen":"internal","ivGenMode":"8.2.2","revision":"1.0"} + {"algorithm":"ACVP-AES-GCM","direction":["encrypt","decrypt"],"keyLen":[128,192,256],"payloadLen":[{"min":0,"max":65536,"increment":8}],"aadLen":[{"min":0,"max":65536,"increment":8}],"tagLen":[128],"ivLen":[96],"ivGen":"internal","ivGenMode":"8.2.2","revision":"1.0"}, + {"algorithm":"CMAC-AES","capabilities":[{"direction":["gen","ver"],"msgLen":[{"min":0,"max":524288,"increment":8}],"keyLen":[128,256],"macLen":[{"min":8,"max":128,"increment":8}]}],"revision":"1.0"} ] diff --git a/src/crypto/internal/fips140test/acvp_test.config.json b/src/crypto/internal/fips140test/acvp_test.config.json index d994f5b7c5..c2bb9fc662 100644 --- a/src/crypto/internal/fips140test/acvp_test.config.json +++ b/src/crypto/internal/fips140test/acvp_test.config.json @@ -35,5 +35,7 @@ {"Wrapper": "go", "In": "vectors/ACVP-AES-CBC.bz2", "Out": "expected/ACVP-AES-CBC.bz2"}, {"Wrapper": "go", "In": "vectors/ACVP-AES-CTR.bz2", "Out": "expected/ACVP-AES-CTR.bz2"}, - {"Wrapper": "go", "In": "vectors/ACVP-AES-GCM.bz2", "Out": "expected/ACVP-AES-GCM.bz2"} + {"Wrapper": "go", "In": "vectors/ACVP-AES-GCM.bz2", "Out": "expected/ACVP-AES-GCM.bz2"}, + + {"Wrapper": "go", "In": "vectors/CMAC-AES.bz2", "Out": "expected/CMAC-AES.bz2"} ]
\ No newline at end of file diff --git a/src/crypto/internal/fips140test/acvp_test.go b/src/crypto/internal/fips140test/acvp_test.go index 2637ccc3e4..2f425effd5 100644 --- a/src/crypto/internal/fips140test/acvp_test.go +++ b/src/crypto/internal/fips140test/acvp_test.go @@ -35,6 +35,7 @@ import ( "crypto/internal/fips140/sha256" "crypto/internal/fips140/sha3" "crypto/internal/fips140/sha512" + "crypto/internal/fips140/subtle" "crypto/rand" _ "embed" "encoding/binary" @@ -189,6 +190,9 @@ var ( "AES-GCM/open": cmdAesGcmOpen(false), "AES-GCM-randnonce/seal": cmdAesGcmSeal(true), "AES-GCM-randnonce/open": cmdAesGcmOpen(true), + + "CMAC-AES": cmdCmacAesAft(), + "CMAC-AES/verify": cmdCmacAesVerifyAft(), } ) @@ -1154,6 +1158,57 @@ func cmdAesGcmOpen(randNonce bool) command { } } +func cmdCmacAesAft() command { + return command{ + requiredArgs: 3, // Number of output bytes, key, message + handler: func(args [][]byte) ([][]byte, error) { + // safe to truncate to int based on our capabilities describing a max MAC output len of 128 bits. + outputLen := int(binary.LittleEndian.Uint32(args[0])) + key := args[1] + message := args[2] + + blockCipher, err := aes.New(key) + if err != nil { + return nil, fmt.Errorf("creating AES block cipher with key len %d: %w", len(key), err) + } + + cmac := gcm.NewCMAC(blockCipher) + tag := cmac.MAC(message) + + if outputLen > len(tag) { + return nil, fmt.Errorf("invalid output length: expected %d, got %d", outputLen, len(tag)) + } + + return [][]byte{tag[:outputLen]}, nil + }, + } +} + +func cmdCmacAesVerifyAft() command { + return command{ + requiredArgs: 3, // Key, message, claimed MAC + handler: func(args [][]byte) ([][]byte, error) { + key := args[0] + message := args[1] + claimedMAC := args[2] + + blockCipher, err := aes.New(key) + if err != nil { + return nil, fmt.Errorf("creating AES block cipher with key len %d: %w", len(key), err) + } + + cmac := gcm.NewCMAC(blockCipher) + tag := cmac.MAC(message) + + if subtle.ConstantTimeCompare(tag[:len(claimedMAC)], claimedMAC) != 1 { + return [][]byte{{0}}, nil + } + + return [][]byte{{1}}, nil + }, + } +} + func TestACVP(t *testing.T) { testenv.SkipIfShortAndSlow(t) |