diff --git a/crypto/Makefile b/crypto/Makefile index 8c022d7f0938..6651b9f1a685 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -206,8 +206,8 @@ FIPS140_CFLAGS := -D__DISABLE_EXPORTS -DBUILD_FIPS140_KO # Create a separate FIPS archive containing a duplicate of each builtin generic # module that is in scope for FIPS 140-2 certification # -crypto-fips-objs := drbg.o ecb.o cbc.o ctr.o cts.o gcm.o xts.o hmac.o memneq.o \ - gf128mul.o aes_generic.o lib-crypto-aes.o \ +crypto-fips-objs := drbg.o ecb.o cbc.o ctr.o cts.o gcm.o xts.o hmac.o cmac.o \ + memneq.o gf128mul.o aes_generic.o lib-crypto-aes.o \ sha1_generic.o sha256_generic.o sha512_generic.o \ lib-sha1.o lib-crypto-sha256.o crypto-fips-objs := $(foreach o,$(crypto-fips-objs),$(o:.o=-fips.o)) diff --git a/crypto/fips140-generated-testvecs.h b/crypto/fips140-generated-testvecs.h index af5c5a4a17a9..d4ccd77eb97f 100644 --- a/crypto/fips140-generated-testvecs.h +++ b/crypto/fips140-generated-testvecs.h @@ -39,6 +39,9 @@ static const u8 fips_aes_xts_ciphertext[32] __initconst = "\x4f\xf7\x9f\x6c\x00\xa8\x30\xdf\xff\xf3\x25\x9c\xf6\x0b\x1b\xfd" "\x3b\x34\x5e\x67\x7c\xf8\x8b\x68\x9a\xb9\x5a\x89\x51\x51\xbd\x35"; +static const u8 fips_aes_cmac_digest[16] __initconst = + "\x0c\x05\xda\x64\x51\x0c\x8e\x6c\x86\x52\x46\xa8\x2d\xb1\xfe\x0f"; + static const u8 fips_hmac_key[16] __initconst = "128-bit HMAC key"; static const u8 fips_sha1_digest[20] __initconst = diff --git a/crypto/fips140-module.c b/crypto/fips140-module.c index 67092d857b60..5b991163a971 100644 --- a/crypto/fips140-module.c +++ b/crypto/fips140-module.c @@ -79,6 +79,7 @@ static const char * const fips140_algorithms[] __initconst = { "cts(cbc(aes))", "ctr(aes)", "xts(aes)", + "cmac(aes)", "hmac(sha1)", "hmac(sha224)", diff --git a/crypto/fips140-selftests.c b/crypto/fips140-selftests.c index 437520dacd69..f94fc0bff0f3 100644 --- a/crypto/fips140-selftests.c +++ b/crypto/fips140-selftests.c @@ -599,8 +599,8 @@ static const struct fips_test fips140_selftests[] __initconst = { * Tests for AES-GCM, a.k.a. "gcm(aes)" in crypto API syntax. * * The IG requires that each underlying AES implementation be tested in - * an authenticated mode, if implemented. We therefore must test the - * "gcm" template composed with each "aes" implementation. + * an authenticated mode, if implemented. We therefore test the "gcm" + * template composed with each "aes" implementation. * * We also must test all standalone implementations of "gcm(aes)" such * as "gcm-aes-ce", as they don't reuse another full AES implementation @@ -672,11 +672,11 @@ static const struct fips_test fips140_selftests[] __initconst = { } }, /* - * Tests for AES-CBC, AES-CBC-CTS, AES-CTR, and AES-XTS. + * Tests for AES-CBC, AES-CBC-CTS, AES-CTR, AES-XTS, and AES-CMAC. * - * According to the IG, unauthenticated AES modes don't need to have - * their own test as long as both directions of the underlying AES - * implementation are already tested via other modes. + * According to the IG, other AES modes don't need to have their own + * test as long as both directions of the underlying AES implementation + * are already tested via other modes. * * However we must still test standalone implementations of these modes, * as they don't reuse another full AES implementation and thus can't be @@ -762,6 +762,22 @@ static const struct fips_test fips140_selftests[] __initconst = { .ciphertext = fips_aes_xts_ciphertext, .message_size = sizeof(fips_message), } + }, { + .alg = "cmac(aes)", + .impls = { + /* All standalone implementations of "cmac(aes)" */ + "cmac-aes-neon", + "cmac-aes-ce", + }, + .func = fips_test_hash, + .hash = { + .key = fips_aes_key, + .key_size = sizeof(fips_aes_key), + .message = fips_message, + .message_size = sizeof(fips_message), + .digest = fips_aes_cmac_digest, + .digest_size = sizeof(fips_aes_cmac_digest), + } }, /* Tests for SHA-1 */ diff --git a/tools/crypto/gen_fips140_testvecs.py b/tools/crypto/gen_fips140_testvecs.py index fdd816e8f2c4..825c4872235a 100755 --- a/tools/crypto/gen_fips140_testvecs.py +++ b/tools/crypto/gen_fips140_testvecs.py @@ -101,6 +101,10 @@ def generate_aes_testvecs(): ciphertext = xts.update(message) + xts.finalize() print_value('aes_xts_ciphertext', ciphertext) + cmac = Cryptodome.Hash.CMAC.new(aes_key, ciphermod=Cryptodome.Cipher.AES) + cmac.update(message) + print_value('aes_cmac_digest', cmac.digest()) + def generate_sha_testvecs(): print_value('hmac_key', hmac_key) for alg in ['sha1', 'sha256', 'hmac_sha256', 'sha512']: