acvp: add AES-KWP support.

Change-Id: I826d1cf305b3906e0d0ff6ff5389561291065706 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43165 Reviewed-by: David Benjamin <davidben@google.com>
5 years ago · b117a3a0b7
parent 81658a95c9
commit b117a3a0b7
2 changed files with 77 additions and 3 deletions
--- a/util/fipstools/acvp/acvptool/subprocess/subprocess.go
+++ b/util/fipstools/acvp/acvptool/subprocess/subprocess.go
@ -81,6 +81,7 @@ func NewWithIO(cmd *exec.Cmd, in io.WriteCloser, out io.ReadCloser) *Subprocess
 		"ACVP-AES-CTR":  &blockCipher{"AES-CTR", 16, false, true},
 		"ACVP-AES-GCM":  &aead{"AES-GCM"},
 		"ACVP-AES-KW":   &aead{"AES-KW"},
+		"ACVP-AES-KWP":  &aead{"AES-KWP"},
 		"HMAC-SHA-1":    &hmacPrimitive{"HMAC-SHA-1", 20},
 		"HMAC-SHA2-224": &hmacPrimitive{"HMAC-SHA2-224", 28},
 		"HMAC-SHA2-256": &hmacPrimitive{"HMAC-SHA2-256", 32},
--- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc
+++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc
@ -220,6 +220,21 @@ static bool GetConfig(const Span<const uint8_t> args[]) {
        ],
        "payloadLen": [{"min": 128, "max": 1024, "increment": 64}]
      },
+      {
+        "algorithm": "ACVP-AES-KWP",
+        "revision": "1.0",
+        "direction": [
+            "encrypt",
+            "decrypt"
+        ],
+        "kwCipher": [
+            "cipher"
+        ],
+        "keyLen": [
+            128, 192, 256
+        ],
+        "payloadLen": [{"min": 8, "max": 1024, "increment": 8}]
+      },
      {
        "algorithm": "HMAC-SHA-1",
        "revision": "1.0",
@ -537,14 +552,23 @@ static bool AESGCMOpen(const Span<const uint8_t> args[]) {
                    Span<const uint8_t>(out));
 }

-static bool AESKeyWrapSetup(AES_KEY *out, bool decrypt, Span<const uint8_t> key,
-                            Span<const uint8_t> input) {
+static bool AESPaddedKeyWrapSetup(AES_KEY *out, bool decrypt,
+                                  Span<const uint8_t> key) {
  if ((decrypt ? AES_set_decrypt_key : AES_set_encrypt_key)(
          key.data(), key.size() * 8, out) != 0) {
-    fprintf(stderr, "Invalid AES key length for AES-KW: %u\n",
+    fprintf(stderr, "Invalid AES key length for AES-KW(P): %u\n",
            static_cast<unsigned>(key.size()));
    return false;
  }
+  return true;
+}
+
+static bool AESKeyWrapSetup(AES_KEY *out, bool decrypt, Span<const uint8_t> key,
+                            Span<const uint8_t> input) {
+  if (!AESPaddedKeyWrapSetup(out, decrypt, key)) {
+    return false;
+  }
+
  if (input.size() % 8) {
    fprintf(stderr, "Invalid AES-KW input length: %u\n",
            static_cast<unsigned>(input.size()));
@ -598,6 +622,53 @@ static bool AESKeyWrapOpen(const Span<const uint8_t> args[]) {
                    Span<const uint8_t>(out));
 }

+static bool AESPaddedKeyWrapSeal(const Span<const uint8_t> args[]) {
+  Span<const uint8_t> key = args[1];
+  Span<const uint8_t> plaintext = args[2];
+
+  AES_KEY aes;
+  if (!AESPaddedKeyWrapSetup(&aes, /*decrypt=*/false, key) ||
+      plaintext.size() + 15 < 15) {
+    return false;
+  }
+
+  std::vector<uint8_t> out(plaintext.size() + 15);
+  size_t out_len;
+  if (!AES_wrap_key_padded(&aes, out.data(), &out_len, out.size(),
+                           plaintext.data(), plaintext.size())) {
+    fprintf(stderr, "AES-KWP failed\n");
+    return false;
+  }
+
+  out.resize(out_len);
+  return WriteReply(STDOUT_FILENO, Span<const uint8_t>(out));
+}
+
+static bool AESPaddedKeyWrapOpen(const Span<const uint8_t> args[]) {
+  Span<const uint8_t> key = args[1];
+  Span<const uint8_t> ciphertext = args[2];
+
+  AES_KEY aes;
+  if (!AESPaddedKeyWrapSetup(&aes, /*decrypt=*/true, key) ||
+      ciphertext.size() % 8) {
+    return false;
+  }
+
+  std::vector<uint8_t> out(ciphertext.size());
+  size_t out_len;
+  uint8_t success_flag[1] = {0};
+  if (!AES_unwrap_key_padded(&aes, out.data(), &out_len, out.size(),
+                             ciphertext.data(), ciphertext.size())) {
+    return WriteReply(STDOUT_FILENO, Span<const uint8_t>(success_flag),
+                      Span<const uint8_t>());
+  }
+
+  success_flag[0] = 1;
+  out.resize(out_len);
+  return WriteReply(STDOUT_FILENO, Span<const uint8_t>(success_flag),
+                    Span<const uint8_t>(out));
+}
+
 template <const EVP_MD *HashFunc()>
 static bool HMAC(const Span<const uint8_t> args[]) {
  const EVP_MD *const md = HashFunc();
@ -849,6 +920,8 @@ static constexpr struct {
    {"AES-GCM/open", 5, AESGCMOpen},
    {"AES-KW/seal", 5, AESKeyWrapSeal},
    {"AES-KW/open", 5, AESKeyWrapOpen},
+    {"AES-KWP/seal", 5, AESPaddedKeyWrapSeal},
+    {"AES-KWP/open", 5, AESPaddedKeyWrapOpen},
    {"HMAC-SHA-1", 2, HMAC<EVP_sha1>},
    {"HMAC-SHA2-224", 2, HMAC<EVP_sha224>},
    {"HMAC-SHA2-256", 2, HMAC<EVP_sha256>},