File openssl-fips_cavs_aes_keywrap.patch of Package openssl
Index: openssl-1.0.2j/crypto/fips/fips_kwvs.c
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2j/crypto/fips/fips_kwvs.c 2017-05-12 14:14:26.561672018 +0200
@@ -0,0 +1,137 @@
+/*
+ * Crude test driver for processing the VST and MCT testvector files
+ * generated by the CMVP RNGVS product.
+ *
+ * Note the input files are assumed to have a _very_ specific format
+ * as described in the NIST document "The Random Number Generator
+ * Validation System (RNGVS)", May 25, 2004.
+ *
+ */
+#include <openssl/opensslconf.h>
+
+#include <openssl/bn.h>
+#include <openssl/fips.h>
+#include <openssl/err.h>
+#include <openssl/modes.h>
+#include <string.h>
+#include <ctype.h>
+
+#include "fips_utl.h"
+
+void die(char *mes)
+{
+ fprintf(stderr, mes);
+ exit(1);
+}
+
+void process(char *req, char *rsp)
+{
+ char buf[2048], lbuf[2048];
+ unsigned char result[2048];
+ unsigned char *K = NULL;
+ unsigned char *P = NULL;
+ unsigned char *C = NULL;
+ unsigned plaintext_len, ciphertext_len;
+ unsigned key_len;
+ char *end;
+ AES_KEY aes_key;
+ char *keyword, *value;
+ long l;
+ int length;
+ int inverse = 0;
+ block128_f f;
+
+ FILE *in = fopen(req, "r");
+ FILE *out = fopen(rsp, "w");
+
+ if (!in || !out) {
+ die("Can't open input or output file\n");
+ }
+
+ while(fgets(buf, sizeof(buf), in) != NULL)
+ {
+ fputs(buf,out);
+
+ if (!parse_line(&keyword, &value, lbuf, buf)) {
+ /* might be a header, check if inverse cipher function is requested */
+ if(strstr(buf, "inverse")) {
+ inverse = 1;
+ }
+ continue;
+ }
+
+ if(!strcmp(keyword, "[PLAINTEXT LENGTH"))
+ {
+ end = value + strlen(value) - 1;
+ /* remove trailing ] */
+ if (*end == ']')
+ *end = 0;
+ plaintext_len = atoi(value) / 8;
+ ciphertext_len = plaintext_len + 8;
+ }
+ /* key */
+ else if(!strcmp(keyword, "K"))
+ {
+ K = hex2bin_m(value, &l);
+ key_len = strlen(value) / 2;
+ }
+ /* plaintext */
+ else if(!strcmp(keyword, "P"))
+ {
+ /* Wrap, we have a key and a plaintext */
+ P = hex2bin_m(value, &l);
+ if (inverse) {
+ if (AES_set_decrypt_key(K, key_len*8, &aes_key))
+ die("Can't set AES decrypt key.\n");
+ f = (block128_f)AES_decrypt;
+ } else {
+ if (AES_set_encrypt_key(K, key_len*8, &aes_key))
+ die("Can't set AES encrypt key.\n");
+ f = (block128_f)AES_encrypt;
+ }
+ length = CRYPTO_128_wrap(&aes_key, NULL, result, P, plaintext_len, f);
+ if (!length)
+ die("Wrapping failed.\n");
+ OutputValue("C", result, length, out, 0);
+ }
+ /* ciphertext */
+ else if(!strcmp(keyword, "C"))
+ {
+ /* Unwrap, we have a key and a ciphertext */
+ C = hex2bin_m(value, &l);
+ if (inverse) {
+ if (AES_set_encrypt_key(K, key_len*8, &aes_key))
+ die("Can't set AES encrypt key.\n");
+ f = (block128_f)AES_encrypt;
+ } else {
+ if (AES_set_decrypt_key(K, key_len*8, &aes_key))
+ die("Can't set AES decrypt key.\n");
+ f = (block128_f)AES_decrypt;
+ }
+ length = CRYPTO_128_unwrap(&aes_key, NULL, result, C, ciphertext_len, f);
+ if (!length) {
+ fprintf(out, "FAIL" RESP_EOL);
+ } else {
+ OutputValue("P", result, length, out, 0);
+ }
+ }
+ }
+}
+
+int main(int argc,char **argv)
+{
+ if(argc != 3)
+ {
+ fprintf(stderr,"%s Req Rsp\n",argv[0]);
+ exit(1);
+ }
+ if(!FIPS_mode_set(1))
+ {
+ do_print_errors();
+ exit(1);
+ }
+
+ process(argv[1], argv[2]);
+
+ return 0;
+}
Index: openssl-1.0.2j/crypto/fips/Makefile
===================================================================
--- openssl-1.0.2j.orig/crypto/fips/Makefile 2017-05-11 16:56:02.495668727 +0200
+++ openssl-1.0.2j/crypto/fips/Makefile 2017-05-11 16:56:02.531669302 +0200
@@ -19,15 +19,15 @@ APPS=
PROGRAM= fips_standalone_hmac
EXE= $(PROGRAM)$(EXE_EXT)
-CAVS_PROGRAMS= fips_aesavs fips_cmactest fips_desmovs fips_dhvs fips_drbgvs \
+CAVS_PROGRAMS= fips_kwvs fips_aesavs fips_cmactest fips_desmovs fips_dhvs fips_drbgvs \
fips_ecdhvs fips_ecdsavs fips_rngvs fips_rsagtest fips_rsastest \
fips_rsavtest fips_shatest fips_gcmtest fips_dssvs fips_tlsvs fips_hmactest
-CAVS_SRC= fips_aesavs.c fips_cmactest.c fips_desmovs.c fips_dhvs.c fips_drbgvs.c fips_dssvs.c \
+CAVS_SRC= fips_kwvs.c fips_aesavs.c fips_cmactest.c fips_desmovs.c fips_dhvs.c fips_drbgvs.c fips_dssvs.c \
fips_ecdhvs.c fips_ecdsavs.c fips_gcmtest.c fips_rngvs.c fips_rsagtest.c fips_rsastest.c \
fips_rsavtest.c fips_shatest.c fips_tlsvs.c fips_hmactest.c
-CAVS_OBJ= fips_aesavs.o fips_cmactest.o fips_desmovs.o fips_dhvs.o fips_drbgvs.o \
+CAVS_OBJ= fips_kwvs.o fips_aesavs.o fips_cmactest.o fips_desmovs.o fips_dhvs.o fips_drbgvs.o \
fips_ecdhvs.o fips_ecdsavs.o fips_gcmtest.o fips_rngvs.o fips_rsagtest.o fips_rsastest.o \
fips_rsavtest.o fips_shatest.o fips_dssvs.o fips_tlsvs.o fips_hmactest.o
@@ -454,6 +454,19 @@ fips_aesavs.o: ../../include/openssl/ope
fips_aesavs.o: ../../include/openssl/ossl_typ.h
fips_aesavs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
fips_aesavs.o: ../../include/openssl/symhacks.h fips_utl.h fips_aesavs.c
+fips_kwvs.o: ../../e_os.h ../../include/openssl/aes.h
+fips_kwvs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_kwvs.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+fips_kwvs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+fips_kwvs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_kwvs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
+fips_kwvs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
+fips_kwvs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+fips_kwvs.o: ../../include/openssl/opensslconf.h
+fips_kwvs.o: ../../include/openssl/opensslv.h
+fips_kwvs.o: ../../include/openssl/ossl_typ.h
+fips_kwvs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_kwvs.o: ../../include/openssl/symhacks.h fips_utl.h fips_kwvs.c
fips_gcmtest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
fips_gcmtest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
fips_gcmtest.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
