1139749Simp/* ==================================================================== 219410Sguido * Copyright (c) 2003 The OpenSSL Project. All rights reserved. 319410Sguido * 419410Sguido * Redistribution and use in source and binary forms, with or without 519410Sguido * modification, are permitted provided that the following conditions 619410Sguido * are met: 719410Sguido * 819410Sguido * 1. Redistributions of source code must retain the above copyright 919410Sguido * notice, this list of conditions and the following disclaimer. 1019410Sguido * 1119410Sguido * 2. Redistributions in binary form must reproduce the above copyright 1219410Sguido * notice, this list of conditions and the following disclaimer in 1319410Sguido * the documentation and/or other materials provided with the 1419410Sguido * distribution. 1519410Sguido * 1619410Sguido * 3. All advertising materials mentioning features or use of this 1719410Sguido * software must display the following acknowledgment: 1819410Sguido * "This product includes software developed by the OpenSSL Project 1919410Sguido * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 2019410Sguido * 2119410Sguido * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 2219410Sguido * endorse or promote products derived from this software without 2319410Sguido * prior written permission. For written permission, please contact 2419410Sguido * openssl-core@openssl.org. 2519410Sguido * 2619410Sguido * 5. Products derived from this software may not be called "OpenSSL" 2719410Sguido * nor may "OpenSSL" appear in their names without prior written 2819410Sguido * permission of the OpenSSL Project. 2919410Sguido * 30119418Sobrien * 6. Redistributions of any form whatsoever must retain the following 31119418Sobrien * acknowledgment: 32119418Sobrien * "This product includes software developed by the OpenSSL Project 3319410Sguido * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 3419410Sguido * 3519410Sguido * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 36129879Sphk * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 3719410Sguido * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 3819410Sguido * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 39151017Sjhb * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 4019410Sguido * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 4132350Seivind * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 4219410Sguido * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4368417Swpaul * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 4468417Swpaul * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 4568417Swpaul * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 4668417Swpaul * OF THE POSSIBILITY OF SUCH DAMAGE. 4768417Swpaul * 48119287Simp */ 49119287Simp 5019410Sguido#include <string.h> 5119410Sguido#include <openssl/err.h> 52121491Simp#include <openssl/fips.h> 5319410Sguido#include <openssl/rand.h> 54173839Syongari#include <openssl/fips_rand.h> 5568417Swpaul 5668417Swpaul#ifdef OPENSSL_FIPS 5761038Speter 5868417Swpaultypedef struct { 5968417Swpaul unsigned char DT[16]; 60133980Sgibbs unsigned char V[16]; 61133980Sgibbs unsigned char R[16]; 62133980Sgibbs} AES_PRNG_TV; 6319410Sguido 64246128Ssbz/* The following test vectors are taken directly from the RGNVS spec */ 6568417Swpaul 6668417Swpaulstatic unsigned char aes_128_key[16] = 6768417Swpaul { 0xf3, 0xb1, 0x66, 0x6d, 0x13, 0x60, 0x72, 0x42, 6868417Swpaul 0xed, 0x06, 0x1c, 0xab, 0xb8, 0xd4, 0x62, 0x02 6968417Swpaul}; 7068417Swpaul 7168417Swpaulstatic AES_PRNG_TV aes_128_tv[] = { 7268417Swpaul { 7368417Swpaul /* DT */ 7468417Swpaul {0xe6, 0xb3, 0xbe, 0x78, 0x2a, 0x23, 0xfa, 0x62, 75113506Smdodd 0xd7, 0x1d, 0x4a, 0xfb, 0xb0, 0xe9, 0x22, 0xf9}, 76113506Smdodd /* V */ 77113506Smdodd {0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 7868417Swpaul 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 79173839Syongari /* R */ 80133980Sgibbs {0x59, 0x53, 0x1e, 0xd1, 0x3b, 0xb0, 0xc0, 0x55, 8119410Sguido 0x84, 0x79, 0x66, 0x85, 0xc1, 0x2f, 0x76, 0x41} 82133980Sgibbs }, 8368417Swpaul { 84133980Sgibbs /* DT */ 85151014Sjhb {0xe6, 0xb3, 0xbe, 0x78, 0x2a, 0x23, 0xfa, 0x62, 86151014Sjhb 0xd7, 0x1d, 0x4a, 0xfb, 0xb0, 0xe9, 0x22, 0xfa}, 87151014Sjhb /* V */ 88173839Syongari {0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 89173839Syongari 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 9019410Sguido /* R */ 9119410Sguido {0x7c, 0x22, 0x2c, 0xf4, 0xca, 0x8f, 0xa2, 0x4c, 9268417Swpaul 0x1c, 0x9c, 0xb6, 0x41, 0xa9, 0xf3, 0x22, 0x0d} 93133980Sgibbs }, 9419410Sguido { 95133980Sgibbs /* DT */ 9668417Swpaul {0xe6, 0xb3, 0xbe, 0x78, 0x2a, 0x23, 0xfa, 0x62, 97133980Sgibbs 0xd7, 0x1d, 0x4a, 0xfb, 0xb0, 0xe9, 0x22, 0xfb}, 9868417Swpaul /* V */ 99133980Sgibbs {0xe0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 100133980Sgibbs 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 101142880Simp /* R */ 102133980Sgibbs {0x8a, 0xaa, 0x00, 0x39, 0x66, 0x67, 0x5b, 0xe5, 103133980Sgibbs 0x29, 0x14, 0x28, 0x81, 0xa9, 0x4d, 0x4e, 0xc7} 104133980Sgibbs }, 105133980Sgibbs { 106142880Simp /* DT */ 107133980Sgibbs {0xe6, 0xb3, 0xbe, 0x78, 0x2a, 0x23, 0xfa, 0x62, 10838363Swpaul 0xd7, 0x1d, 0x4a, 0xfb, 0xb0, 0xe9, 0x22, 0xfc}, 10938363Swpaul /* V */ 11038363Swpaul {0xf0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 11138363Swpaul 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 11238363Swpaul /* R */ 113133980Sgibbs {0x88, 0xdd, 0xa4, 0x56, 0x30, 0x24, 0x23, 0xe5, 114133980Sgibbs 0xf6, 0x9d, 0xa5, 0x7e, 0x7b, 0x95, 0xc7, 0x3a} 115142880Simp }, 116133980Sgibbs { 117133980Sgibbs /* DT */ 118133980Sgibbs {0xe6, 0xb3, 0xbe, 0x78, 0x2a, 0x23, 0xfa, 0x62, 119142880Simp 0xd7, 0x1d, 0x4a, 0xfb, 0xb0, 0xe9, 0x22, 0xfd}, 120133980Sgibbs /* V */ 121133980Sgibbs {0xf8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 12219410Sguido 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 12319410Sguido /* R */ 124133980Sgibbs {0x05, 0x25, 0x92, 0x46, 0x61, 0x79, 0xd2, 0xcb, 125133980Sgibbs 0x78, 0xc4, 0x0b, 0x14, 0x0a, 0x5a, 0x9a, 0xc8} 12619410Sguido }, 127133980Sgibbs { 128133980Sgibbs /* DT */ 12919410Sguido {0xe6, 0xb3, 0xbe, 0x78, 0x2a, 0x23, 0xfa, 0x62, 130133980Sgibbs 0xd7, 0x1d, 0x4a, 0xfb, 0xb0, 0xe9, 0x23, 0x77}, 13119410Sguido /* V */ 132133980Sgibbs {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 133133980Sgibbs 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe}, 134133980Sgibbs /* R */ 13519410Sguido {0x0d, 0xd5, 0xa0, 0x36, 0x7a, 0x59, 0x26, 0xbc, 136133980Sgibbs 0x48, 0xd9, 0x38, 0xbf, 0xf0, 0x85, 0x8f, 0xea} 137133980Sgibbs }, 13819410Sguido { 139151014Sjhb /* DT */ 140151014Sjhb {0xe6, 0xb3, 0xbe, 0x78, 0x2a, 0x23, 0xfa, 0x62, 14168417Swpaul 0xd7, 0x1d, 0x4a, 0xfb, 0xb0, 0xe9, 0x23, 0x78}, 142133980Sgibbs /* V */ 143133980Sgibbs {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 144133980Sgibbs 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, 14568417Swpaul /* R */ 146133980Sgibbs {0xae, 0x53, 0x87, 0xee, 0x8c, 0xd9, 0x12, 0xf5, 147133980Sgibbs 0x73, 0x53, 0xae, 0x03, 0xf9, 0xd5, 0x13, 0x33} 14868417Swpaul }, 149151014Sjhb}; 150133980Sgibbs 15168417Swpaulstatic unsigned char aes_192_key[24] = 152151014Sjhb { 0x15, 0xd8, 0x78, 0x0d, 0x62, 0xd3, 0x25, 0x6e, 153166901Spiso 0x44, 0x64, 0x10, 0x13, 0x60, 0x2b, 0xa9, 0xbc, 154151014Sjhb 0x4a, 0xfb, 0xca, 0xeb, 0x4c, 0x8b, 0x99, 0x3b 15519410Sguido}; 156133980Sgibbs 157133980Sgibbsstatic AES_PRNG_TV aes_192_tv[] = { 158133980Sgibbs { 159151014Sjhb /* DT */ 160151014Sjhb {0x3f, 0xd8, 0xff, 0xe8, 0x80, 0x69, 0x8b, 0xc1, 161133980Sgibbs 0xbf, 0x99, 0x7d, 0xa4, 0x24, 0x78, 0xf3, 0x4b}, 162133980Sgibbs /* V */ 163151014Sjhb {0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 164151014Sjhb 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 165133980Sgibbs /* R */ 166151014Sjhb {0x17, 0x07, 0xd5, 0x28, 0x19, 0x79, 0x1e, 0xef, 167151014Sjhb 0xa5, 0x0c, 0xbf, 0x25, 0xe5, 0x56, 0xb4, 0x93} 16819410Sguido }, 169133980Sgibbs { 17019410Sguido /* DT */ 171151014Sjhb {0x3f, 0xd8, 0xff, 0xe8, 0x80, 0x69, 0x8b, 0xc1, 172151014Sjhb 0xbf, 0x99, 0x7d, 0xa4, 0x24, 0x78, 0xf3, 0x4c}, 173151017Sjhb /* V */ 174151017Sjhb {0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 17568417Swpaul 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 176133980Sgibbs /* R */ 177133980Sgibbs {0x92, 0x8d, 0xbe, 0x07, 0xdd, 0xc7, 0x58, 0xc0, 178133980Sgibbs 0x6f, 0x35, 0x41, 0x9b, 0x17, 0xc9, 0xbd, 0x9b} 179133980Sgibbs }, 180133980Sgibbs { 181133980Sgibbs /* DT */ 182133980Sgibbs {0x3f, 0xd8, 0xff, 0xe8, 0x80, 0x69, 0x8b, 0xc1, 18319410Sguido 0xbf, 0x99, 0x7d, 0xa4, 0x24, 0x78, 0xf3, 0x4d}, 184 /* V */ 185 {0xe0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 186 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 187 /* R */ 188 {0xd5, 0xde, 0xf4, 0x50, 0xf3, 0xb7, 0x10, 0x4e, 189 0xb8, 0xc6, 0xf8, 0xcf, 0xe2, 0xb1, 0xca, 0xa2} 190 }, 191 { 192 /* DT */ 193 {0x3f, 0xd8, 0xff, 0xe8, 0x80, 0x69, 0x8b, 0xc1, 194 0xbf, 0x99, 0x7d, 0xa4, 0x24, 0x78, 0xf3, 0x4e}, 195 /* V */ 196 {0xf0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 197 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 198 /* R */ 199 {0xce, 0x29, 0x08, 0x43, 0xfc, 0x34, 0x41, 0xe7, 200 0x47, 0x8f, 0xb3, 0x66, 0x2b, 0x46, 0xb1, 0xbb} 201 }, 202 { 203 /* DT */ 204 {0x3f, 0xd8, 0xff, 0xe8, 0x80, 0x69, 0x8b, 0xc1, 205 0xbf, 0x99, 0x7d, 0xa4, 0x24, 0x78, 0xf3, 0x4f}, 206 /* V */ 207 {0xf8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 208 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 209 /* R */ 210 {0xb3, 0x26, 0x0f, 0xf5, 0xd6, 0xca, 0xa8, 0xbf, 211 0x89, 0xb8, 0x5e, 0x2f, 0x22, 0x56, 0x92, 0x2f} 212 }, 213 { 214 /* DT */ 215 {0x3f, 0xd8, 0xff, 0xe8, 0x80, 0x69, 0x8b, 0xc1, 216 0xbf, 0x99, 0x7d, 0xa4, 0x24, 0x78, 0xf3, 0xc9}, 217 /* V */ 218 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 219 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe}, 220 /* R */ 221 {0x05, 0xeb, 0x18, 0x52, 0x34, 0x43, 0x00, 0x43, 222 0x6e, 0x5a, 0xa5, 0xfe, 0x7b, 0x32, 0xc4, 0x2d} 223 }, 224 { 225 /* DT */ 226 {0x3f, 0xd8, 0xff, 0xe8, 0x80, 0x69, 0x8b, 0xc1, 227 0xbf, 0x99, 0x7d, 0xa4, 0x24, 0x78, 0xf3, 0xca}, 228 /* V */ 229 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 230 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, 231 /* R */ 232 {0x15, 0x3c, 0xe8, 0xd1, 0x04, 0xc7, 0xad, 0x50, 233 0x0b, 0xf0, 0x07, 0x16, 0xe7, 0x56, 0x7a, 0xea} 234 }, 235}; 236 237static unsigned char aes_256_key[32] = 238 { 0x6d, 0x14, 0x06, 0x6c, 0xb6, 0xd8, 0x21, 0x2d, 239 0x82, 0x8d, 0xfa, 0xf2, 0x7a, 0x03, 0xb7, 0x9f, 240 0x0c, 0xc7, 0x3e, 0xcd, 0x76, 0xeb, 0xee, 0xb5, 241 0x21, 0x05, 0x8c, 0x4f, 0x31, 0x7a, 0x80, 0xbb 242}; 243 244static AES_PRNG_TV aes_256_tv[] = { 245 { 246 /* DT */ 247 {0xda, 0x3a, 0x41, 0xec, 0x1d, 0xa3, 0xb0, 0xd5, 248 0xf2, 0xa9, 0x4e, 0x34, 0x74, 0x8e, 0x9e, 0x88}, 249 /* V */ 250 {0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 251 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 252 /* R */ 253 {0x35, 0xc7, 0xef, 0xa7, 0x78, 0x4d, 0x29, 0xbc, 254 0x82, 0x79, 0x99, 0xfb, 0xd0, 0xb3, 0x3b, 0x72} 255 }, 256 { 257 /* DT */ 258 {0xda, 0x3a, 0x41, 0xec, 0x1d, 0xa3, 0xb0, 0xd5, 259 0xf2, 0xa9, 0x4e, 0x34, 0x74, 0x8e, 0x9e, 0x89}, 260 /* V */ 261 {0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 262 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 263 /* R */ 264 {0x6c, 0xf4, 0x42, 0x5d, 0xc7, 0x04, 0x1a, 0x41, 265 0x28, 0x2a, 0x78, 0xa9, 0xb0, 0x12, 0xc4, 0x95} 266 }, 267 { 268 /* DT */ 269 {0xda, 0x3a, 0x41, 0xec, 0x1d, 0xa3, 0xb0, 0xd5, 270 0xf2, 0xa9, 0x4e, 0x34, 0x74, 0x8e, 0x9e, 0x8a}, 271 /* V */ 272 {0xe0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 273 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 274 /* R */ 275 {0x16, 0x90, 0xa4, 0xff, 0x7b, 0x7e, 0xb9, 0x30, 276 0xdb, 0x67, 0x4b, 0xac, 0x2d, 0xe1, 0xd1, 0x75} 277 }, 278 { 279 /* DT */ 280 {0xda, 0x3a, 0x41, 0xec, 0x1d, 0xa3, 0xb0, 0xd5, 281 0xf2, 0xa9, 0x4e, 0x34, 0x74, 0x8e, 0x9e, 0x8b}, 282 /* V */ 283 {0xf0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 284 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 285 /* R */ 286 {0x14, 0x6f, 0xf5, 0x95, 0xa1, 0x46, 0x65, 0x30, 287 0xbc, 0x57, 0xe2, 0x4a, 0xf7, 0x45, 0x62, 0x05} 288 }, 289 { 290 /* DT */ 291 {0xda, 0x3a, 0x41, 0xec, 0x1d, 0xa3, 0xb0, 0xd5, 292 0xf2, 0xa9, 0x4e, 0x34, 0x74, 0x8e, 0x9e, 0x8c}, 293 /* V */ 294 {0xf8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 295 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 296 /* R */ 297 {0x96, 0xe2, 0xb4, 0x1e, 0x66, 0x5e, 0x0f, 0xa4, 298 0xc5, 0xcd, 0xa2, 0x07, 0xcc, 0xb7, 0x94, 0x40} 299 }, 300 { 301 /* DT */ 302 {0xda, 0x3a, 0x41, 0xec, 0x1d, 0xa3, 0xb0, 0xd5, 303 0xf2, 0xa9, 0x4e, 0x34, 0x74, 0x8e, 0x9f, 0x06}, 304 /* V */ 305 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 306 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe}, 307 /* R */ 308 {0x61, 0xce, 0x1d, 0x6a, 0x48, 0x75, 0x97, 0x28, 309 0x4b, 0x41, 0xde, 0x18, 0x44, 0x4f, 0x56, 0xec} 310 }, 311 { 312 /* DT */ 313 {0xda, 0x3a, 0x41, 0xec, 0x1d, 0xa3, 0xb0, 0xd5, 314 0xf2, 0xa9, 0x4e, 0x34, 0x74, 0x8e, 0x9f, 0x07}, 315 /* V */ 316 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 317 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, 318 /* R */ 319 {0x52, 0x89, 0x59, 0x79, 0x2d, 0xaa, 0x28, 0xb3, 320 0xb0, 0x8a, 0x3e, 0x70, 0xfa, 0x71, 0x59, 0x84} 321 }, 322}; 323 324void FIPS_corrupt_rng() 325{ 326 aes_192_tv[0].V[0]++; 327} 328 329# define fips_rand_test(key, tv) \ 330 do_rand_test(key, sizeof key, tv, sizeof(tv)/sizeof(AES_PRNG_TV)) 331 332static int do_rand_test(unsigned char *key, int keylen, 333 AES_PRNG_TV * tv, int ntv) 334{ 335 unsigned char R[16]; 336 int i; 337 if (!FIPS_rand_set_key(key, keylen)) 338 return 0; 339 for (i = 0; i < ntv; i++) { 340 FIPS_rand_seed(tv[i].V, 16); 341 FIPS_rand_set_dt(tv[i].DT); 342 FIPS_rand_bytes(R, 16); 343 if (memcmp(R, tv[i].R, 16)) 344 return 0; 345 } 346 return 1; 347} 348 349int FIPS_selftest_rng() 350{ 351 FIPS_rand_reset(); 352 if (!FIPS_rand_test_mode()) { 353 FIPSerr(FIPS_F_FIPS_SELFTEST_RNG, FIPS_R_SELFTEST_FAILED); 354 return 0; 355 } 356 if (!fips_rand_test(aes_128_key, aes_128_tv) 357 || !fips_rand_test(aes_192_key, aes_192_tv) 358 || !fips_rand_test(aes_256_key, aes_256_tv)) { 359 FIPSerr(FIPS_F_FIPS_SELFTEST_RNG, FIPS_R_SELFTEST_FAILED); 360 return 0; 361 } 362 FIPS_rand_reset(); 363 return 1; 364} 365 366#endif 367