Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make CMAC properly fail if cipher is not CBC mode one #19401

Closed
wants to merge 5 commits into from
Closed

Make CMAC properly fail if cipher is not CBC mode one #19401

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
c673164
demos/mac/cmac-aes256: Clarify the cipher algorithm used
t8m Oct 12, 2022
7ccf045
cmac_set_ctx_params(): Fail if cipher mode is not CBC
t8m Oct 12, 2022
22dba85
test_CMAC_keygen(): Avoid using ECB cipher with CMAC
t8m Oct 12, 2022
ee57124
fixup! cmac_set_ctx_params(): Fail if cipher mode is not CBC
t8m Oct 12, 2022
a876e60
fixup! cmac_set_ctx_params(): Fail if cipher mode is not CBC
t8m Oct 12, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 1 addition & 1 deletion demos/mac/cmac-aes256.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ int main(void)
unsigned char *out = NULL;
size_t out_len = 0;
OSSL_PARAM params[4], *p = params;
char cipher_name[] = "aes256";
char cipher_name[] = "AES-256-CBC";

library_context = OSSL_LIB_CTX_new();
if (library_context == NULL) {
Expand Down
3 changes: 2 additions & 1 deletion doc/man7/EVP_MAC-CMAC.pod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,8 @@ Setting this parameter is identical to passing a I<key> to L<EVP_MAC_init(3)>.

=item "cipher" (B<OSSL_MAC_PARAM_CIPHER>) <UTF8 string>

Sets the name of the underlying cipher to be used.
Sets the name of the underlying cipher to be used. The mode of the cipher
must be CBC.

=item "properties" (B<OSSL_MAC_PARAM_PROPERTIES>) <UTF8 string>

Expand Down
14 changes: 12 additions & 2 deletions providers/implementations/macs/cmac_prov.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@
#include <openssl/params.h>
#include <openssl/evp.h>
#include <openssl/cmac.h>
#include <openssl/err.h>
#include <openssl/proverr.h>

#include "prov/implementations.h"
#include "prov/provider_ctx.h"
Expand Down Expand Up @@ -195,8 +197,16 @@ static int cmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[])
if (params == NULL)
return 1;

if (!ossl_prov_cipher_load_from_params(&macctx->cipher, params, ctx))
return 0;
if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_CIPHER)) != NULL) {
if (!ossl_prov_cipher_load_from_params(&macctx->cipher, params, ctx))
return 0;

if (EVP_CIPHER_get_mode(ossl_prov_cipher_cipher(&macctx->cipher))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nicely backwards compatible if the returned error is ignored 😃

!= EVP_CIPH_CBC_MODE) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MODE);
return 0;
}
}

if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_KEY)) != NULL) {
if (p->data_type != OSSL_PARAM_OCTET_STRING)
Expand Down
4 changes: 2 additions & 2 deletions test/evp_extra_test.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2343,7 +2343,7 @@ static int test_CMAC_keygen(void)
if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
|| !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
EVP_PKEY_CTRL_CIPHER,
0, (void *)EVP_aes_256_ecb()), 0)
0, (void *)EVP_aes_256_cbc()), 0)
|| !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
EVP_PKEY_CTRL_SET_MAC_KEY,
sizeof(key), (void *)key), 0)
Expand All @@ -2359,7 +2359,7 @@ static int test_CMAC_keygen(void)
* Test a CMAC key using the direct method, and compare with the mac
* created above.
*/
pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_cbc());
if (!TEST_ptr(pkey)
|| !TEST_true(get_cmac_val(pkey, mac2))
|| !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
Expand Down
13 changes: 13 additions & 0 deletions test/recipes/30-test_evp_data/evpmac_common.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -259,6 +259,13 @@ Key = 0B122AC8F34ED1FE082A3625D157561454167AC145A10BBF77C6A70596D574F1
Input = 498B53FDEC87EDCBF07097DCCDE93A084BAD7501A224E388DF349CE18959FE8485F8AD1537F0D896EA73BEDC7214713F
Output = F62C46329B41085625669BAF51DEA66A

FIPSversion = >3.0.6
MAC = CMAC
Algorithm = AES-256-ECB
Key = 0B122AC8F34ED1FE082A3625D157561454167AC145A10BBF77C6A70596D574F1
Input = 498B53FDEC87EDCBF07097DCCDE93A084BAD7501A224E388DF349CE18959FE8485F8AD1537F0D896EA73BEDC7214713F
Result = MAC_INIT_ERROR

Title = GMAC Tests (from NIST)

MAC = GMAC
Expand Down Expand Up @@ -326,6 +333,12 @@ IV = 7AE8E2CA4EC500012E58495C
Input = 68F2E77696CE7AE8E2CA4EC588E541002E58495C08000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D0007
Output = 00BDA1B7E87608BCBF470F12157F4C07

MAC = GMAC
Algorithm = AES-256-CBC
Key = 4C973DBC7364621674F8B5B89E5C15511FCED9216490FB1C1A2CAA0FFE0407E5
IV = 7AE8E2CA4EC500012E58495C
Input = 68F2E77696CE7AE8E2CA4EC588E541002E58495C08000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D0007
Result = MAC_INIT_ERROR

Title = KMAC Tests (From NIST)
MAC = KMAC128
Expand Down