diff --git a/.gitignore b/.gitignore index d194dc51..1499b464 100644 --- a/.gitignore +++ b/.gitignore @@ -14,6 +14,12 @@ .idea __pycache__/ +_build +.vscode +doc/source/nocp-parameters.xml +nocp-parameters.xml + + # temporary files if a process still has a handle open of a deleted file .fuse_hidden* @@ -31,3 +37,4 @@ Thumbs.db:encryptable ehthumbs.db ehthumbs_vista.db *.lnk + diff --git a/BUILD.md b/BUILD.md index adf5f529..9012656a 100644 --- a/BUILD.md +++ b/BUILD.md @@ -25,15 +25,14 @@ - [CMake\*](https://cmake.org/download) 3.18 or higher - Python 3.8.1 - The Netwide Assembler (NASM) 2.15 -- OpenSSL\* 3.0.8 or higher +- OpenSSL\* 3.0.8 or higher **OR** BoringSSL* [45cf810d](https://github.com/google/boringssl/archive/45cf810dbdbd767f09f8cb0b0fcccd342c39041f.tar.gz) **OR** Tongsuo* 8.2.1 + ### Linux* OS - [Common tools](#common-tools) - Intel® C++ Compiler Classic 2021.9 for Linux\* OS -- GCC 8.3 -- GCC 9.1 -- GCC 10.1 -- GCC 11.1 +- GCC 8.5 +- GCC 11.4 - Clang 9.0 - Clang 12.0 - GNU binutils 2.32 @@ -217,6 +216,8 @@ To build the Intel IPP Cryptography library on macOS\*, complete the following s - Example for Linux\* OS and the Intel® 64 architecture: `-DPLATFORM_LIST="w7;n8;y8;e9;l9;k0"` +- `-DNO_CRYPTO_MB:BOOL=TRUE` - optional, turns off the build of [Crypto Multi Buffer library](./sources/ippcp/crypto_mb/Readme.md) and, as a consequence, removes all dependencies on OpenSSL library. +- `-DBABASSL:BOOL=on`, `-DBORINGSSL:BOOL=on` - required only if forks of OpenSSL library are used to resolve OpenSSL dependencies - Tongsuo and BoringSSL respectively. These flags make sense when [Crypto Multi Buffer library](./sources/ippcp/crypto_mb/Readme.md) is built. - `-DIPPCP_CUSTOM_BUILD=""` - optional, works only if `-DMERGED_BLD:BOOL=off` is set, i.e. only for 1CPU libraries. Enables the CPU feature dispatching mask at compile-time based on the provided list. - Currently supported by the library custom features dispatching: diff --git a/CHANGELOG.md b/CHANGELOG.md index 33fb2923..f23fda35 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,9 @@ This is a list of notable changes to Intel(R) IPP Cryptography, in reverse chronological order. +## Intel(R) IPP Cryptography 2021.11 +- Minimal supported BoringSSL version was increased to [45cf810d](https://github.com/google/boringssl/archive/45cf810dbdbd767f09f8cb0b0fcccd342c39041f.tar.gz) tag. + ## Intel(R) IPP Cryptography 2021.10 - Added the verification part of eXtended Merkle Signature Scheme (XMSS) algorithm. - Added FIPS-compliance mode for the library. More information can be found in the [Intel(R) IPP Cryptography FIPS Guide](./README_FIPS.md). diff --git a/CONST_TIME_EXECUTION_TESTING.md b/CONST_TIME_EXECUTION_TESTING.md index 61868362..1bf9c7dd 100644 --- a/CONST_TIME_EXECUTION_TESTING.md +++ b/CONST_TIME_EXECUTION_TESTING.md @@ -5,18 +5,10 @@ - [Scope for crypto_mb library](#cryptomb) ## General information
-- Testing is conducted under Linux for 64-bit Intel® IPP Cryptography built with the following compilers: - - Intel® C++ Compiler 19.1 - - Intel® C++ Compiler Classic 2021.9 - - GCC 8.3 - - GCC 9.1 - - GCC 10.1 - - GCC 11.1 - - Clang 9.0 - - Clang 12.0 +- Testing is conducted under Linux for 64-bit Intel® IPP Cryptography built with the compilers listed in [Build](./BUILD.md). - Tested platforms: w7, n8, y8, e9, l9, k0 (see the supported platforms list [here](./OVERVIEW.md#target-optimization-codes-in-function-names)). - Testing scope described below is guaranteed to pass for **`release`** branches. This is not guaranteed for the **`develop`** branch ([branches description](./OVERVIEW.md#branches-description)) -- Information about Pin-Based Constant Execution Checker can be found [here](https://github.com/intel/pin_based_cec) +- Information about Pin-Based Constant Execution Checker can be found [here](https://github.com/intel/pin_based_cec) ## ippcp library
| Tested Function | Parameters | diff --git a/README.md b/README.md index d8a08d52..1ac624a6 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,7 @@ The library provides a comprehensive set of routines commonly used for cryptogra - RSA, RSA-OAEP, RSA-PKCS_v15, RSA-PSS - DLP, DLP-DSA, DLP-DH - ECC (NIST curves), ECDSA, ECDH, EC-SM2 -- Multi-buffer RSA, ECDSA, SM3, x25519 +- Multi-buffer RSA, ECDSA, ECDH, x25519, SM2, SM3, SM4, etc - Finite Field Arithmetic Functions - Big Number Integer Arithmetic Functions - PRNG/TRNG and Prime Numbers Generation diff --git a/README_FIPS.md b/README_FIPS.md index 5bdf1200..6eac94da 100644 --- a/README_FIPS.md +++ b/README_FIPS.md @@ -291,6 +291,7 @@ fips_test_status fips_selftest_ippsRSASignVerify_PSS_rmf_get_size_keys (int *pKe fips_test_status fips_selftest_ippsRSASignVerify_PSS_rmf_get_size (int *pBufferSize Ipp8u *pKeysBuffer); fips_test_status fips_selftest_ippsRSASign_PSS_rmf (Ipp8u *pBuffer Ipp8u *pKeysBuffer); fips_test_status fips_selftest_ippsRSAVerify_PSS_rmf (Ipp8u *pBuffer Ipp8u *pKeysBuffer); +fips_test_status fips_selftest_ippsRSA_GenerateKeys (Ipp8u *pBuffer Ipp8u *pKeysBuffer); ``` , where `pBuffer` is the valid buffer for selftest of size indicated by @@ -305,6 +306,8 @@ fips_test_status fips_selftest_ippsGFpECSignVerifyDSA_get_size_GFpEC_buff (int * fips_test_status fips_selftest_ippsGFpECSignVerifyDSA_get_size_data_buff (int *pDataBuffSize Ipp8u *pGFpBuff Ipp8u *pGFpECBuff); fips_test_status fips_selftest_ippsGFpECSignDSA (Ipp8u *pGFpBuff Ipp8u *pGFpECBuff Ipp8u *pDataBuff); fips_test_status fips_selftest_ippsGFpECVerifyDSA (Ipp8u *pGFpBuff Ipp8u *pGFpECBuff Ipp8u *pDataBuff); +fips_test_status fips_selftest_ippsGFpECPublicKey (Ipp8u *pGFpBuff Ipp8u *pGFpECBuff Ipp8u *pDataBuff); +fips_test_status fips_selftest_ippsGFpECSharedSecretDH (Ipp8u *pGFpBuff Ipp8u *pGFpECBuff Ipp8u *pDataBuff); ``` , where `pGFpBuff` is the valid buffer for selftest of size indicated by diff --git a/include/ippcp/fips_cert.h b/include/ippcp/fips_cert.h index 0e7ef42e..6bbc7c12 100644 --- a/include/ippcp/fips_cert.h +++ b/include/ippcp/fips_cert.h @@ -93,6 +93,7 @@ IPPAPI(fips_test_status, fips_selftest_ippsRSASignVerify_PSS_rmf_get_size_keys, IPPAPI(fips_test_status, fips_selftest_ippsRSASignVerify_PSS_rmf_get_size, (int *pBufferSize, Ipp8u *pKeysBuffer)) IPPAPI(fips_test_status, fips_selftest_ippsRSASign_PSS_rmf, (Ipp8u *pBuffer, Ipp8u *pKeysBuffer)) IPPAPI(fips_test_status, fips_selftest_ippsRSAVerify_PSS_rmf, (Ipp8u *pBuffer, Ipp8u *pKeysBuffer)) +IPPAPI(fips_test_status, fips_selftest_ippsRSA_GenerateKeys, (Ipp8u *pBuffer, Ipp8u *pKeysBuffer)) /* ECDSA sign/verify */ IPPAPI(fips_test_status, fips_selftest_ippsGFpECSignVerifyDSA_get_size_GFp_buff, (int *pGFpBuffSize)) @@ -100,6 +101,8 @@ IPPAPI(fips_test_status, fips_selftest_ippsGFpECSignVerifyDSA_get_size_GFpEC_buf IPPAPI(fips_test_status, fips_selftest_ippsGFpECSignVerifyDSA_get_size_data_buff, (int *pDataBuffSize, Ipp8u *pGFpBuff, Ipp8u *pGFpECBuff)) IPPAPI(fips_test_status, fips_selftest_ippsGFpECSignDSA, (Ipp8u *pGFpBuff, Ipp8u *pGFpECBuff, Ipp8u *pDataBuff)) IPPAPI(fips_test_status, fips_selftest_ippsGFpECVerifyDSA, (Ipp8u *pGFpBuff, Ipp8u *pGFpECBuff, Ipp8u *pDataBuff)) +IPPAPI(fips_test_status, fips_selftest_ippsGFpECPublicKey, (Ipp8u *pGFpBuff, Ipp8u *pGFpECBuff, Ipp8u *pDataBuff)) +IPPAPI(fips_test_status, fips_selftest_ippsGFpECSharedSecretDH, (Ipp8u *pGFpBuff, Ipp8u *pGFpECBuff, Ipp8u *pDataBuff)) /* // Enumerator that contains information about FIPS-approved @@ -135,8 +138,11 @@ enum FIPS_IPPCP_FUNC { RSAVerify_PKCS1v15_rmf, RSASign_PSS_rmf, RSAVerify_PSS_rmf, + RSA_GenerateKeys, GFpECSignDSA, GFpECVerifyDSA, + GFpECSharedSecretDH, + GFpECPublicKey, HashUpdate_rmf, HashGetTag_rmf, HashFinal_rmf, @@ -151,8 +157,8 @@ enum FIPS_IPPCP_FUNC { RSAEncrypt_OAEP_rmf, RSADecrypt_OAEP_rmf, - /* Not approved functions or - * FIPS-mode is not yet implemented, < 0 + /* Not approved functions or + * FIPS-mode is not yet implemented, < 0 */ SMS4EncryptCBC = -0xFFF, SMS4EncryptCBC_CS1, @@ -173,7 +179,7 @@ enum FIPS_IPPCP_FUNC { SMS4_CCMDecrypt, SMS4_CCMGetTag, /* XTS APIs didn't pass CAVP testing */ - AES_XTSEncrypt, + AES_XTSEncrypt, AES_XTSDecrypt, AESEncryptXTS_Direct, AESDecryptXTS_Direct, @@ -193,7 +199,6 @@ enum FIPS_IPPCP_FUNC { PrimeGen_BN, RSA_Encrypt, RSA_Decrypt, - RSA_GenerateKeys, DLPGenKeyPair, DLPPublicKey, DLPSignDSA, @@ -203,8 +208,6 @@ enum FIPS_IPPCP_FUNC { DLPGenerateDH, GFpECVerify, GFpECPrivateKey, - GFpECPublicKey, - GFpECSharedSecretDH, GFpECSharedSecretDHC, GFpECSignNR, GFpECVerifyNR, diff --git a/sources/include/owndefs.h b/sources/include/owndefs.h index 729bcae2..7fa1a040 100644 --- a/sources/include/owndefs.h +++ b/sources/include/owndefs.h @@ -48,7 +48,7 @@ #if !defined(__NOINLINE) #if defined(__INTEL_COMPILER) || defined(_MSC_VER) #define __NOINLINE __declspec(noinline) -#elif defined( __GNUC__ ) +#elif defined( __GNUC__ ) || defined(__INTEL_LLVM_COMPILER) #define __NOINLINE __attribute__((noinline)) #else #define __NOINLINE diff --git a/sources/ippcp/CMakeLists.txt b/sources/ippcp/CMakeLists.txt index 516fc1ee..82389d48 100644 --- a/sources/ippcp/CMakeLists.txt +++ b/sources/ippcp/CMakeLists.txt @@ -106,7 +106,7 @@ set(DEFAULT_Clang_COMPILER_VER 9.0.0) set(DEFAULT_Intel18_COMPILER_VER 18.0.0) set(DEFAULT_Intel19_COMPILER_VER 19.0.0) set(DEFAULT_MSVC19_COMPILER_VER 19.14) -set(DEFAULT_IntelLLVM2023_COMPILER_VER 2023.1.0) +set(DEFAULT_IntelLLVM_COMPILER_VER 2023.1.0) string(REGEX REPLACE "^([0-9]+)\\.([0-9]+)\\.([0-9]+).*$" "\\1.\\2.\\3" CMAKE_C_COMPILER_VERSION_SHORT ${CMAKE_C_COMPILER_VERSION}) string(REGEX REPLACE "^([0-9]+)\\..*$" "\\1" CMAKE_C_COMPILER_VERSION_MAJOR ${CMAKE_C_COMPILER_VERSION}) diff --git a/sources/ippcp/crypto_mb/Readme.md b/sources/ippcp/crypto_mb/Readme.md index ae3e07e4..72f6835b 100644 --- a/sources/ippcp/crypto_mb/Readme.md +++ b/sources/ippcp/crypto_mb/Readme.md @@ -1,7 +1,7 @@ # Crypto Multi-buffer Library Currently, the library provides optimized version of the following algorithms: -1. RSA, ECDSA, ECDH, x25519 multi-buffer algorithms based on Intel® Advanced Vector Extensions 512 (Intel® AVX-512) integer fused multiply-add (IFMA) operations. This CPU feature is introduced with Intel® Microarchitecture Code Named Ice Lake. +1. RSA, ECDSA, ECDH, x25519, SM2 multi-buffer algorithms based on Intel® Advanced Vector Extensions 512 (Intel® AVX-512) integer fused multiply-add (IFMA) operations. This CPU feature is introduced with Intel® Microarchitecture Code Named Ice Lake. 2. SM4 based on Intel(R) Advanced Vector Extensions 512 (Intel(R) AVX-512) GFNI instructions. 3. SM3 based on Intel® Advanced Vector Extensions 512 (Intel® AVX-512) instructions. @@ -28,10 +28,8 @@ This library consists of highly-optimized kernels taking advantage of Intel’s ### Linux* OS - Intel® C++ Compiler Classic 2021.9 for Linux\* OS -- GCC 8.3 -- GCC 9.1 -- GCC 10.1 -- GCC 11.1 +- GCC 8.5 +- GCC 11.4 - Clang 9.0 - Clang 12.0 - GNU binutils 2.32 @@ -84,6 +82,7 @@ You can find the installed files in:    │   ├── ec_sm2.h    │   ├── ed25519.h    │   ├── exp.h +   │   ├── fips_cert.h    │   ├── rsa.h    │   ├── sm3.h    │   ├── sm4_ccm.h @@ -95,6 +94,14 @@ You can find the installed files in:    └── lib └── libcrypto_mb.so ``` +> **Note**: This project uses the default `RPATH` settings: +> +> CMake is linking the executables and shared libraries with full `RPATH` to all used +> libraries in the build tree. When installing, CMake will clear the `RPATH` of these +> targets so they are installed with an empty `RPATH`. +> In this case to resolve the Crypto Multi-buffer Library dependency on OpenSSL it is +> necessary to update `LD_LIBRARY_PATH` with the path to the target OpenSSL library. + ## How to Build diff --git a/sources/ippcp/crypto_mb/include/internal/fips_cert/common.h b/sources/ippcp/crypto_mb/include/internal/fips_cert/common.h index 29e5402c..4e588429 100644 --- a/sources/ippcp/crypto_mb/include/internal/fips_cert/common.h +++ b/sources/ippcp/crypto_mb/include/internal/fips_cert/common.h @@ -45,18 +45,6 @@ #define MBX_RSA3K_DATA_BYTE_LEN ( (MBX_RSA3K_DATA_BIT_LEN) >> 3 ) #define MBX_RSA4K_DATA_BYTE_LEN ( (MBX_RSA4K_DATA_BIT_LEN) >> 3 ) -#ifdef OPENSSL_IS_BORINGSSL - -/** - * \brief - * - * OpenSSL alias for BoringSSL. - * - */ -BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret); - -#endif - /** * \brief * diff --git a/sources/ippcp/crypto_mb/src/common/ifma_cvt52.c b/sources/ippcp/crypto_mb/src/common/ifma_cvt52.c index efe631ec..e6db178c 100644 --- a/sources/ippcp/crypto_mb/src/common/ifma_cvt52.c +++ b/sources/ippcp/crypto_mb/src/common/ifma_cvt52.c @@ -167,12 +167,6 @@ __INLINE void transform_8sb_to_mb8(U64 out_mb8[], int bitLen, int8u *inp[8], int } } -#ifdef OPENSSL_IS_BORINGSSL -static int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen) { - return BN_bn2le_padded(to, tolen, a); -} -#endif - #ifndef BN_OPENSSL_DISABLE // Convert BIGNUM into MB8(Radix=2^52) format // Returns bitmask of successfully converted values diff --git a/sources/ippcp/crypto_mb/src/fips_cert/common.c b/sources/ippcp/crypto_mb/src/fips_cert/common.c index 88013f83..e53ceb10 100644 --- a/sources/ippcp/crypto_mb/src/fips_cert/common.c +++ b/sources/ippcp/crypto_mb/src/fips_cert/common.c @@ -17,15 +17,6 @@ #include -#ifdef OPENSSL_IS_BORINGSSL - -BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret) -{ - return BN_le2bn(s, len, ret); -} - -#endif - int mbx_is_mem_eq(const int8u *p1, int32u p1_byte_len, const int8u *p2, int32u p2_byte_len) { if ((p1_byte_len != p2_byte_len) || (p1 == NULL) || (p2 == NULL)) { diff --git a/sources/ippcp/exports.linux.selftests-export b/sources/ippcp/exports.linux.selftests-export index a4ae2f99..77651541 100644 --- a/sources/ippcp/exports.linux.selftests-export +++ b/sources/ippcp/exports.linux.selftests-export @@ -610,6 +610,9 @@ EXTERN (fips_selftest_ippsGFpECSignVerifyDSA_get_size_GFpEC_buff) EXTERN (fips_selftest_ippsGFpECSignVerifyDSA_get_size_data_buff) EXTERN (fips_selftest_ippsGFpECSignDSA) EXTERN (fips_selftest_ippsGFpECVerifyDSA) +EXTERN (fips_selftest_ippsGFpECPublicKey) +EXTERN (fips_selftest_ippsRSA_GenerateKeys) +EXTERN (fips_selftest_ippsGFpECSharedSecretDH) VERSION { @@ -1227,6 +1230,9 @@ VERSION { fips_selftest_ippsGFpECSignVerifyDSA_get_size_data_buff; fips_selftest_ippsGFpECSignDSA; fips_selftest_ippsGFpECVerifyDSA; + fips_selftest_ippsGFpECPublicKey; + fips_selftest_ippsRSA_GenerateKeys; + fips_selftest_ippsGFpECSharedSecretDH; local: *; }; } diff --git a/sources/ippcp/exports.macosx.selftests-export b/sources/ippcp/exports.macosx.selftests-export index 5ae9ae3b..a659b5c9 100644 --- a/sources/ippcp/exports.macosx.selftests-export +++ b/sources/ippcp/exports.macosx.selftests-export @@ -55,9 +55,13 @@ _fips_selftest_ippsRSASignVerify_PSS_rmf_get_size_keys _fips_selftest_ippsRSASignVerify_PSS_rmf_get_size _fips_selftest_ippsRSASign_PSS_rmf _fips_selftest_ippsRSAVerify_PSS_rmf +_fips_selftest_ippsRSA_GenerateKeys _fips_selftest_ippsGFpECSignVerifyDSA_get_size_GFp_buff _fips_selftest_ippsGFpECSignVerifyDSA_get_size_GFpEC_buff _fips_selftest_ippsGFpECSignVerifyDSA_get_size_data_buff _fips_selftest_ippsGFpECSignDSA _fips_selftest_ippsGFpECVerifyDSA +_fips_selftest_ippsGFpECPublicKey +_fips_selftest_ippsGFpECSharedSecretDH + diff --git a/sources/ippcp/fips_cert/selftest_aes_enc_dec_cbc.c b/sources/ippcp/fips_cert/selftest_aes_enc_dec_cbc.c index fc832d6d..a341532e 100644 --- a/sources/ippcp/fips_cert/selftest_aes_enc_dec_cbc.c +++ b/sources/ippcp/fips_cert/selftest_aes_enc_dec_cbc.c @@ -56,7 +56,7 @@ IPPFUN(fips_test_status, fips_selftest_ippsAESEncryptDecrypt_get_size, (int *pBu int ctx_size = 0; sts = ippsAESGetSize(&ctx_size); if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } - + ctx_size += IPPCP_AES_ALIGNMENT; *pBuffSize = ctx_size; @@ -67,10 +67,11 @@ IPPFUN(fips_test_status, fips_selftest_ippsAESEncryptCBC, (Ipp8u *pBuffer)) { IppStatus sts = ippStsNoErr; - /* check input pointers and allocate memory in "use malloc" mode */ + /* check input pointers and allocate memory in "use malloc" mode */ int internalMemMgm = 0; int ctx_size = 0; - fips_selftest_ippsAESEncryptDecrypt_get_size(&ctx_size); + sts = fips_selftest_ippsAESEncryptDecrypt_get_size(&ctx_size); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } BUF_CHECK_NULL_AND_ALLOC(pBuffer, internalMemMgm, ctx_size, IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR) /* output ciphertext */ @@ -79,7 +80,11 @@ IPPFUN(fips_test_status, fips_selftest_ippsAESEncryptCBC, (Ipp8u *pBuffer)) IppsAESSpec* spec = (IppsAESSpec*)(IPP_ALIGNED_PTR(pBuffer, IPPCP_AES_ALIGNMENT)); /* context initialization */ - ippsAESGetSize(&ctx_size); + sts = ippsAESGetSize(&ctx_size); + if (sts != ippStsNoErr) { + MEMORY_FREE(pBuffer, internalMemMgm) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } sts = ippsAESInit(key, IPPCP_AES_KEY128_BYTE_LEN, spec, ctx_size); if (sts != ippStsNoErr) { MEMORY_FREE(pBuffer, internalMemMgm) @@ -105,10 +110,11 @@ IPPFUN(fips_test_status, fips_selftest_ippsAESDecryptCBC, (Ipp8u *pBuffer)) { IppStatus sts = ippStsNoErr; - /* check input pointers and allocate memory in "use malloc" mode */ + /* check input pointers and allocate memory in "use malloc" mode */ int internalMemMgm = 0; int ctx_size = 0; - fips_selftest_ippsAESEncryptDecrypt_get_size(&ctx_size); + sts = fips_selftest_ippsAESEncryptDecrypt_get_size(&ctx_size); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } BUF_CHECK_NULL_AND_ALLOC(pBuffer, internalMemMgm, ctx_size, IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR) /* output plaintext */ diff --git a/sources/ippcp/fips_cert/selftest_aes_enc_dec_ccm.c b/sources/ippcp/fips_cert/selftest_aes_enc_dec_ccm.c index 781efb34..47e2b62a 100644 --- a/sources/ippcp/fips_cert/selftest_aes_enc_dec_ccm.c +++ b/sources/ippcp/fips_cert/selftest_aes_enc_dec_ccm.c @@ -46,7 +46,7 @@ static const Ipp8u tag[IPPCP_TAG_BYTE_LEN] = {0x4d,0xac,0x25,0x5d}; /* additional authenticated data */ static const Ipp8u ad[IPPCP_AAD_BYTE_LEN] = {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07}; -IPPFUN(fips_test_status, fips_selftest_ippsAESEncryptDecryptCCM_get_size, (int *pBuffSize)) +IPPFUN(fips_test_status, fips_selftest_ippsAESEncryptDecryptCCM_get_size, (int *pBuffSize)) { /* return bad status if input pointer is NULL */ IPP_BADARG_RET((NULL == pBuffSize), IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR); @@ -55,7 +55,7 @@ IPPFUN(fips_test_status, fips_selftest_ippsAESEncryptDecryptCCM_get_size, (int * int ctx_size = 0; sts = ippsAES_CCMGetSize(&ctx_size); if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } - + ctx_size += IPPCP_AES_ALIGNMENT; *pBuffSize = ctx_size; @@ -66,10 +66,11 @@ IPPFUN(fips_test_status, fips_selftest_ippsAES_CCMEncrypt, (Ipp8u *pBuffer)) { IppStatus sts = ippStsNoErr; - /* check input pointers and allocate memory in "use malloc" mode */ + /* check input pointers and allocate memory in "use malloc" mode */ int internalMemMgm = 0; int ctx_size = 0; - fips_selftest_ippsAESEncryptDecryptCCM_get_size(&ctx_size); + sts = fips_selftest_ippsAESEncryptDecryptCCM_get_size(&ctx_size); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } BUF_CHECK_NULL_AND_ALLOC(pBuffer, internalMemMgm, ctx_size, IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR) /* output ciphertext */ @@ -80,7 +81,11 @@ IPPFUN(fips_test_status, fips_selftest_ippsAES_CCMEncrypt, (Ipp8u *pBuffer)) IppsAES_CCMState* state = (IppsAES_CCMState*)(IPP_ALIGNED_PTR(pBuffer, IPPCP_AES_ALIGNMENT)); /* context initialization */ - ippsAES_CCMGetSize(&ctx_size); + sts = ippsAES_CCMGetSize(&ctx_size); + if (sts != ippStsNoErr) { + MEMORY_FREE(pBuffer, internalMemMgm) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } sts = ippsAES_CCMInit(key, IPPCP_AES_KEY128_BYTE_LEN, state, ctx_size); if (sts != ippStsNoErr) { MEMORY_FREE(pBuffer, internalMemMgm) @@ -138,10 +143,11 @@ IPPFUN(fips_test_status, fips_selftest_ippsAES_CCMDecrypt, (Ipp8u *pBuffer)) { IppStatus sts = ippStsNoErr; - /* check input pointers and allocate memory in "use malloc" mode */ + /* check input pointers and allocate memory in "use malloc" mode */ int internalMemMgm = 0; int ctx_size = 0; - fips_selftest_ippsAESEncryptDecryptCCM_get_size(&ctx_size); + sts = fips_selftest_ippsAESEncryptDecryptCCM_get_size(&ctx_size); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } BUF_CHECK_NULL_AND_ALLOC(pBuffer, internalMemMgm, ctx_size, IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR) /* output plaintext */ @@ -152,7 +158,11 @@ IPPFUN(fips_test_status, fips_selftest_ippsAES_CCMDecrypt, (Ipp8u *pBuffer)) IppsAES_CCMState* state = (IppsAES_CCMState*)(IPP_ALIGNED_PTR(pBuffer, IPPCP_AES_ALIGNMENT)); /* context initialization */ - ippsAES_CCMGetSize(&ctx_size); + sts = ippsAES_CCMGetSize(&ctx_size); + if (sts != ippStsNoErr) { + MEMORY_FREE(pBuffer, internalMemMgm) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } sts = ippsAES_CCMInit(key, IPPCP_AES_KEY128_BYTE_LEN, state, ctx_size); if (sts != ippStsNoErr) { MEMORY_FREE(pBuffer, internalMemMgm) diff --git a/sources/ippcp/fips_cert/selftest_aes_enc_dec_cfb.c b/sources/ippcp/fips_cert/selftest_aes_enc_dec_cfb.c index 43e6f7cf..53254925 100644 --- a/sources/ippcp/fips_cert/selftest_aes_enc_dec_cfb.c +++ b/sources/ippcp/fips_cert/selftest_aes_enc_dec_cfb.c @@ -54,10 +54,11 @@ IPPFUN(fips_test_status, fips_selftest_ippsAESEncryptCFB, (Ipp8u *pBuffer)) { IppStatus sts = ippStsNoErr; - /* check input pointers and allocate memory in "use malloc" mode */ + /* check input pointers and allocate memory in "use malloc" mode */ int internalMemMgm = 0; int ctx_size = 0; - fips_selftest_ippsAESEncryptDecrypt_get_size(&ctx_size); + sts = fips_selftest_ippsAESEncryptDecrypt_get_size(&ctx_size); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } BUF_CHECK_NULL_AND_ALLOC(pBuffer, internalMemMgm, ctx_size, IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR) /* output ciphertext */ @@ -87,24 +88,29 @@ IPPFUN(fips_test_status, fips_selftest_ippsAESEncryptCFB, (Ipp8u *pBuffer)) MEMORY_FREE(pBuffer, internalMemMgm) return IPPCP_ALGO_SELFTEST_OK; } - + IPPFUN(fips_test_status, fips_selftest_ippsAESDecryptCFB, (Ipp8u *pBuffer)) { IppStatus sts = ippStsNoErr; - /* check input pointers and allocate memory in "use malloc" mode */ + /* check input pointers and allocate memory in "use malloc" mode */ int internalMemMgm = 0; int ctx_size = 0; - fips_selftest_ippsAESEncryptDecrypt_get_size(&ctx_size); + sts = fips_selftest_ippsAESEncryptDecrypt_get_size(&ctx_size); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } BUF_CHECK_NULL_AND_ALLOC(pBuffer, internalMemMgm, ctx_size, IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR) /* output plaintext */ Ipp8u out_ptext[IPPCP_AES_MSG_BYTE_LEN]; /* context */ IppsAESSpec* spec = (IppsAESSpec*)(IPP_ALIGNED_PTR(pBuffer, IPPCP_AES_ALIGNMENT)); - + /* context initialization */ - ippsAESGetSize(&ctx_size); + sts = ippsAESGetSize(&ctx_size); + if (sts != ippStsNoErr) { + MEMORY_FREE(pBuffer, internalMemMgm) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } sts = ippsAESInit(key, IPPCP_AES_KEY128_BYTE_LEN, spec, ctx_size); if (sts != ippStsNoErr) { MEMORY_FREE(pBuffer, internalMemMgm) diff --git a/sources/ippcp/fips_cert/selftest_aes_enc_dec_ctr.c b/sources/ippcp/fips_cert/selftest_aes_enc_dec_ctr.c index de03de86..38510803 100644 --- a/sources/ippcp/fips_cert/selftest_aes_enc_dec_ctr.c +++ b/sources/ippcp/fips_cert/selftest_aes_enc_dec_ctr.c @@ -55,10 +55,11 @@ IPPFUN(fips_test_status, fips_selftest_ippsAESEncryptCTR, (Ipp8u *pBuffer)) { IppStatus sts = ippStsNoErr; - /* check input pointers and allocate memory in "use malloc" mode */ + /* check input pointers and allocate memory in "use malloc" mode */ int internalMemMgm = 0; int ctx_size = 0; - fips_selftest_ippsAESEncryptDecrypt_get_size(&ctx_size); + sts = fips_selftest_ippsAESEncryptDecrypt_get_size(&ctx_size); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } BUF_CHECK_NULL_AND_ALLOC(pBuffer, internalMemMgm, ctx_size, IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR) /* counter */ @@ -93,12 +94,12 @@ IPPFUN(fips_test_status, fips_selftest_ippsAESEncryptCTR, (Ipp8u *pBuffer)) MEMORY_FREE(pBuffer, internalMemMgm) return IPPCP_ALGO_SELFTEST_OK; } - + IPPFUN(fips_test_status, fips_selftest_ippsAESDecryptCTR, (Ipp8u *pBuffer)) { IppStatus sts = ippStsNoErr; - /* check input pointers and allocate memory in "use malloc" mode */ + /* check input pointers and allocate memory in "use malloc" mode */ int internalMemMgm = 0; int ctx_size = 0; fips_selftest_ippsAESEncryptDecrypt_get_size(&ctx_size); @@ -114,7 +115,11 @@ IPPFUN(fips_test_status, fips_selftest_ippsAESDecryptCTR, (Ipp8u *pBuffer)) IppsAESSpec* spec = (IppsAESSpec*)(IPP_ALIGNED_PTR(pBuffer, IPPCP_AES_ALIGNMENT)); /* context initialization */ - ippsAESGetSize(&ctx_size); + sts = ippsAESGetSize(&ctx_size); + if (sts != ippStsNoErr) { + MEMORY_FREE(pBuffer, internalMemMgm) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } sts = ippsAESInit(key, IPPCP_AES_KEY128_BYTE_LEN, spec, ctx_size); if (sts != ippStsNoErr) { MEMORY_FREE(pBuffer, internalMemMgm) diff --git a/sources/ippcp/fips_cert/selftest_aes_enc_dec_gcm.c b/sources/ippcp/fips_cert/selftest_aes_enc_dec_gcm.c index 177a77ca..a7ee3d58 100644 --- a/sources/ippcp/fips_cert/selftest_aes_enc_dec_gcm.c +++ b/sources/ippcp/fips_cert/selftest_aes_enc_dec_gcm.c @@ -66,7 +66,7 @@ IPPFUN(fips_test_status, fips_selftest_ippsAES_GCM_get_size, (int *pBufferSize)) int ctx_size = 0; sts = ippsAES_GCMGetSize(&ctx_size); if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } - + ctx_size += IPPCP_AES_ALIGNMENT; *pBufferSize = ctx_size; @@ -77,10 +77,11 @@ IPPFUN(fips_test_status, fips_selftest_ippsAES_GCMEncrypt, (Ipp8u *pBuffer)) { IppStatus sts = ippStsNoErr; - /* check input pointers and allocate memory in "use malloc" mode */ + /* check input pointers and allocate memory in "use malloc" mode */ int internalMemMgm = 0; int ctx_size = 0; - fips_selftest_ippsAES_GCM_get_size(&ctx_size); + sts = fips_selftest_ippsAES_GCM_get_size(&ctx_size); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } BUF_CHECK_NULL_AND_ALLOC(pBuffer, internalMemMgm, ctx_size, IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR) /* output ciphertext */ @@ -136,10 +137,11 @@ IPPFUN(fips_test_status, fips_selftest_ippsAES_GCMDecrypt, (Ipp8u *pBuffer)) { IppStatus sts = ippStsNoErr; - /* check input pointers and allocate memory in "use malloc" mode */ + /* check input pointers and allocate memory in "use malloc" mode */ int internalMemMgm = 0; int ctx_size = 0; - fips_selftest_ippsAES_GCM_get_size(&ctx_size); + sts = fips_selftest_ippsAES_GCM_get_size(&ctx_size); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } BUF_CHECK_NULL_AND_ALLOC(pBuffer, internalMemMgm, ctx_size, IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR) /* output plaintext */ @@ -150,7 +152,11 @@ IPPFUN(fips_test_status, fips_selftest_ippsAES_GCMDecrypt, (Ipp8u *pBuffer)) IppsAES_GCMState *state = (IppsAES_GCMState *)IPP_ALIGNED_PTR(pBuffer, IPPCP_AES_ALIGNMENT); /* context initialization */ - ippsAES_GCMGetSize(&ctx_size); + sts = ippsAES_GCMGetSize(&ctx_size); + if (sts != ippStsNoErr) { + MEMORY_FREE(pBuffer, internalMemMgm) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } sts = ippsAES_GCMInit(key, IPPCP_AES_KEY128_BYTE_LEN, state, ctx_size); if (sts != ippStsNoErr) { MEMORY_FREE(pBuffer, internalMemMgm) diff --git a/sources/ippcp/fips_cert/selftest_aes_enc_dec_ofb.c b/sources/ippcp/fips_cert/selftest_aes_enc_dec_ofb.c index d0e77613..592e7c78 100644 --- a/sources/ippcp/fips_cert/selftest_aes_enc_dec_ofb.c +++ b/sources/ippcp/fips_cert/selftest_aes_enc_dec_ofb.c @@ -54,10 +54,11 @@ IPPFUN(fips_test_status, fips_selftest_ippsAESEncryptOFB, (Ipp8u *pBuffer)) { IppStatus sts = ippStsNoErr; - /* check input pointers and allocate memory in "use malloc" mode */ + /* check input pointers and allocate memory in "use malloc" mode */ int internalMemMgm = 0; int ctx_size = 0; - fips_selftest_ippsAESEncryptDecrypt_get_size(&ctx_size); + sts = fips_selftest_ippsAESEncryptDecrypt_get_size(&ctx_size); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } BUF_CHECK_NULL_AND_ALLOC(pBuffer, internalMemMgm, ctx_size, IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR) /* initialization vector */ @@ -70,7 +71,11 @@ IPPFUN(fips_test_status, fips_selftest_ippsAESEncryptOFB, (Ipp8u *pBuffer)) IppsAESSpec* spec = (IppsAESSpec*)(IPP_ALIGNED_PTR(pBuffer, IPPCP_AES_ALIGNMENT)); /* context initialization */ - ippsAESGetSize(&ctx_size); + sts = ippsAESGetSize(&ctx_size); + if (sts != ippStsNoErr) { + MEMORY_FREE(pBuffer, internalMemMgm) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } sts = ippsAESInit(key, IPPCP_AES_KEY128_BYTE_LEN, spec, ctx_size); if (sts != ippStsNoErr) { MEMORY_FREE(pBuffer, internalMemMgm) @@ -92,15 +97,16 @@ IPPFUN(fips_test_status, fips_selftest_ippsAESEncryptOFB, (Ipp8u *pBuffer)) MEMORY_FREE(pBuffer, internalMemMgm) return IPPCP_ALGO_SELFTEST_OK; } - + IPPFUN(fips_test_status, fips_selftest_ippsAESDecryptOFB, (Ipp8u *pBuffer)) { IppStatus sts = ippStsNoErr; - /* check input pointers and allocate memory in "use malloc" mode */ + /* check input pointers and allocate memory in "use malloc" mode */ int internalMemMgm = 0; int ctx_size = 0; - fips_selftest_ippsAESEncryptDecrypt_get_size(&ctx_size); + sts = fips_selftest_ippsAESEncryptDecrypt_get_size(&ctx_size); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } BUF_CHECK_NULL_AND_ALLOC(pBuffer, internalMemMgm, ctx_size, IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR) /* output plaintext */ @@ -113,7 +119,11 @@ IPPFUN(fips_test_status, fips_selftest_ippsAESDecryptOFB, (Ipp8u *pBuffer)) IppsAESSpec* spec = (IppsAESSpec*)(IPP_ALIGNED_PTR(pBuffer, IPPCP_AES_ALIGNMENT)); /* context initialization */ - ippsAESGetSize(&ctx_size); + sts = ippsAESGetSize(&ctx_size); + if (sts != ippStsNoErr) { + MEMORY_FREE(pBuffer, internalMemMgm) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } sts = ippsAESInit(key, IPPCP_AES_KEY128_BYTE_LEN, spec, ctx_size); if (sts != ippStsNoErr) { MEMORY_FREE(pBuffer, internalMemMgm) diff --git a/sources/ippcp/fips_cert/selftest_aes_upd_cmac.c b/sources/ippcp/fips_cert/selftest_aes_upd_cmac.c index a0301026..524824a9 100644 --- a/sources/ippcp/fips_cert/selftest_aes_upd_cmac.c +++ b/sources/ippcp/fips_cert/selftest_aes_upd_cmac.c @@ -26,7 +26,7 @@ #include "ippcp/fips_cert.h" #include "fips_cert_internal/common.h" -/* +/* * KAT TEST * taken from Wycheproof testing */ @@ -36,7 +36,7 @@ static const Ipp8u msg[] = { 0x61, 0x23, 0xc5, 0x56, 0xc5, 0xcc }; static const Ipp8u key[] = { 0x48,0x14,0x40,0x29,0x85,0x25,0xcc,0x26,0x1f,0x81,0x59,0x15,0x9a,0xed,0xf6,0x2d }; // known tag static const Ipp8u tag[] = { 0xa2,0x81,0xe0,0xd2,0xd5,0x37,0x8d,0xfd,0xcc,0x13,0x10,0xfd,0x97,0x82,0xca,0x56 }; - + static const int msgByteLen = sizeof(msg); static const int keyByteSize = sizeof(key); @@ -53,18 +53,19 @@ IPPFUN(fips_test_status, fips_selftest_ippsAES_CMAC_get_size, (int *pBuffSize)) ctx_size += IPPCP_AES_ALIGNMENT; *pBuffSize = ctx_size; - + return IPPCP_ALGO_SELFTEST_OK; } IPPFUN(fips_test_status, fips_selftest_ippsAES_CMACUpdate, (Ipp8u *pBuffer)) { IppStatus sts = ippStsNoErr; - - /* check input pointers and allocate memory in "use malloc" mode */ + + /* check input pointers and allocate memory in "use malloc" mode */ int internalMemMgm = 0; int ctx_size = 0; - fips_selftest_ippsAES_CMAC_get_size(&ctx_size); + sts = fips_selftest_ippsAES_CMAC_get_size(&ctx_size); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } BUF_CHECK_NULL_AND_ALLOC(pBuffer, internalMemMgm, ctx_size, IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR) /* output hash */ @@ -74,27 +75,31 @@ IPPFUN(fips_test_status, fips_selftest_ippsAES_CMACUpdate, (Ipp8u *pBuffer)) IppsAES_CMACState* pCtx = (IppsAES_CMACState*)(IPP_ALIGNED_PTR(pBuffer, IPPCP_AES_ALIGNMENT)); /* context initialization */ - ippsAES_CMACGetSize(&ctx_size); + sts = ippsAES_CMACGetSize(&ctx_size); + if (sts != ippStsNoErr) { + MEMORY_FREE(pBuffer, internalMemMgm) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } sts = ippsAES_CMACInit(key, keyByteSize, pCtx, ctx_size); - if (sts != ippStsNoErr) { + if (sts != ippStsNoErr) { MEMORY_FREE(pBuffer, internalMemMgm) - return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } /* function call */ sts = ippsAES_CMACUpdate(msg, msgByteLen, pCtx); - if (sts != ippStsNoErr) { + if (sts != ippStsNoErr) { MEMORY_FREE(pBuffer, internalMemMgm) - return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } sts = ippsAES_CMACGetTag(outTagBuff, IPPCP_TAG_BYTE_SIZE, pCtx); - if (sts != ippStsNoErr) { + if (sts != ippStsNoErr) { MEMORY_FREE(pBuffer, internalMemMgm) - return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } sts = ippsAES_CMACFinal(outTagFinBuff, IPPCP_TAG_BYTE_SIZE, pCtx); - if (sts != ippStsNoErr) { + if (sts != ippStsNoErr) { MEMORY_FREE(pBuffer, internalMemMgm) - return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } /* compare output to known answer */ int isEqual; @@ -105,7 +110,7 @@ IPPFUN(fips_test_status, fips_selftest_ippsAES_CMACUpdate, (Ipp8u *pBuffer)) MEMORY_FREE(pBuffer, internalMemMgm) return IPPCP_ALGO_SELFTEST_KAT_ERR; } - + MEMORY_FREE(pBuffer, internalMemMgm) return IPPCP_ALGO_SELFTEST_OK; } diff --git a/sources/ippcp/fips_cert/selftest_aes_upd_hmac.c b/sources/ippcp/fips_cert/selftest_aes_upd_hmac.c index 60c9d875..6f823443 100644 --- a/sources/ippcp/fips_cert/selftest_aes_upd_hmac.c +++ b/sources/ippcp/fips_cert/selftest_aes_upd_hmac.c @@ -26,7 +26,7 @@ #include "ippcp/fips_cert.h" #include "fips_cert_internal/common.h" -/* +/* * KAT TEST * taken from Wycheproof testing */ @@ -37,7 +37,7 @@ static const Ipp8u key[] = { 0xac,0x68,0x6b,0xa0,0xf1,0xa5,0x1b,0x4e,0xc4,0xf0,0 // known tag static const Ipp8u tag[] = { 0x00,0x85,0x32,0xa5,0x3d,0x0c,0x0a,0xb2,0x20,0x27,0xae,0x24,0x90,0x23,0x37,0x53, 0x74,0xe2,0x23,0x9b,0x95,0x96,0x09,0xe8,0x33,0x9b,0x05,0xa1,0x57,0x42,0xa6,0x75 }; - + static const int msgByteLen = sizeof(msg); static const int keyByteSize = sizeof(key); @@ -62,10 +62,11 @@ IPPFUN(fips_test_status, fips_selftest_ippsHMACUpdate_rmf, (Ipp8u *pBuffer)) { IppStatus sts = ippStsNoErr; - /* check input pointers and allocate memory in "use malloc" mode */ + /* check input pointers and allocate memory in "use malloc" mode */ int internalMemMgm = 0; int ctx_size = 0; - fips_selftest_ippsHMAC_rmf_get_size(&ctx_size); + sts = fips_selftest_ippsHMAC_rmf_get_size(&ctx_size); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } BUF_CHECK_NULL_AND_ALLOC(pBuffer, internalMemMgm, ctx_size, IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR) /* output hash */ @@ -74,28 +75,32 @@ IPPFUN(fips_test_status, fips_selftest_ippsHMACUpdate_rmf, (Ipp8u *pBuffer)) /* context */ IppsHMACState_rmf* pCtx = (IppsHMACState_rmf*)(IPP_ALIGNED_PTR(pBuffer, IPPCP_HMAC_ALIGNMENT)); /* context initialization */ - ippsHMACGetSize_rmf(&ctx_size); + sts = ippsHMACGetSize_rmf(&ctx_size); + if (sts != ippStsNoErr) { + MEMORY_FREE(pBuffer, internalMemMgm) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } sts = ippsHMACInit_rmf(key, keyByteSize, pCtx, ippsHashMethod_SHA256()); - if (sts != ippStsNoErr) { + if (sts != ippStsNoErr) { MEMORY_FREE(pBuffer, internalMemMgm) - return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; - } + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } /* function call */ sts = ippsHMACUpdate_rmf(msg, msgByteLen, pCtx); - if (sts != ippStsNoErr) { + if (sts != ippStsNoErr) { MEMORY_FREE(pBuffer, internalMemMgm) - return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } sts = ippsHMACGetTag_rmf(outTagBuff, IPPCP_TAG_BYTE_SIZE, pCtx); - if (sts != ippStsNoErr) { + if (sts != ippStsNoErr) { MEMORY_FREE(pBuffer, internalMemMgm) - return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } sts = ippsHMACFinal_rmf(outTagFinBuff, IPPCP_TAG_BYTE_SIZE, pCtx); - if (sts != ippStsNoErr) { + if (sts != ippStsNoErr) { MEMORY_FREE(pBuffer, internalMemMgm) - return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } /* compare output to known answer */ @@ -117,7 +122,7 @@ IPPFUN(fips_test_status, fips_selftest_ippsHMACMessage_rmf, (void)) IppStatus sts = ippStsNoErr; /* output hash */ Ipp8u outTagBuff[IPPCP_TAG_BYTE_SIZE]; - + /* function call */ sts = ippsHMACMessage_rmf(msg, msgByteLen, key, keyByteSize, outTagBuff, IPPCP_TAG_BYTE_SIZE, ippsHashMethod_SHA256()); if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } diff --git a/sources/ippcp/fips_cert/selftest_ecdsa_shared_secret.c b/sources/ippcp/fips_cert/selftest_ecdsa_shared_secret.c new file mode 100644 index 00000000..ca5aa865 --- /dev/null +++ b/sources/ippcp/fips_cert/selftest_ecdsa_shared_secret.c @@ -0,0 +1,206 @@ +/************************************************************************* +* Copyright (C) 2024 Intel Corporation +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*************************************************************************/ + +#ifdef IPPCP_FIPS_MODE +#include "ippcp.h" +#include "owndefs.h" +#include "dispatcher.h" + +// FIPS selftests are not processed by dispatcher. +// Prevent several copies of the same functions. +#ifdef _IPP_DATA + +#include "ippcp/fips_cert.h" +#include "fips_cert_internal/common.h" +#include "fips_cert_internal/bn_common.h" + +/* + * KAT + * taken from wycheproof testing + */ + +/* public */ +static const Ipp8u pub_x[] = {0x26,0x4f,0xe4,0xaf,0x31,0xd7,0x61,0xfa, + 0xfd,0x0b,0x8b,0x86,0x46,0x70,0xe0,0x28, + 0x24,0x50,0x0f,0x5d,0x71,0x40,0xa0,0x85, + 0xfe,0x75,0xaf,0x72,0x33,0xbd,0xd5,0x62}; + +static const Ipp8u pub_y[] = {0xcf,0x30,0x4e,0x01,0x5a,0x27,0x7d,0xa0, + 0xb4,0x72,0x88,0xc3,0xc8,0x41,0xb7,0x0e, + 0x99,0x13,0x8d,0xbf,0xb5,0x95,0x5a,0xcd, + 0x81,0x0a,0xe7,0xa9,0x93,0x3a,0x33,0xac}; +/* private */ +static const Ipp8u prv_key[] = {0x46,0xc3,0x10,0x2c,0xe0,0x52,0x53,0x7b, + 0x64,0x38,0x41,0xf8,0xae,0x53,0xbb,0xfe, + 0xd3,0xbf,0xce,0x6b,0x0a,0x5b,0x85,0x17, + 0xab,0x23,0xa0,0x89,0x5c,0x46,0x12,0x06}; +/* shared key */ +static const Ipp8u sh_key[] = {0x85,0x42,0x71,0xe1,0x95,0x08,0xbc,0x93, + 0x5a,0xb2,0x2b,0x95,0xcd,0x2b,0xe1,0x3a, + 0x0e,0x78,0x26,0x5f,0x52,0x8b,0x65,0x8b, + 0x32,0x19,0x02,0x8b,0x90,0x0d,0x02,0x53}; + + +IPPFUN(fips_test_status, fips_selftest_ippsGFpECSharedSecretDH, (Ipp8u *pGFpBuff, Ipp8u *pGFpECBuff, Ipp8u *pDataBuff)) { + IppStatus sts = ippStsNoErr; + fips_test_status test_result = IPPCP_ALGO_SELFTEST_OK; + + const unsigned int primeBitSize = 256; + const unsigned int primeWordSize = 8; + + /* Internal memory allocation feature */ + int internalMemMgm = 0; +#if IPPCP_SELFTEST_USE_MALLOC + if(pGFpBuff == NULL || pGFpECBuff == NULL || pDataBuff == NULL) { + internalMemMgm = 1; + + int gfpBuffSize = 0; + sts = fips_selftest_ippsGFpECSignVerifyDSA_get_size_GFp_buff(&gfpBuffSize); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } + pGFpBuff = malloc((size_t)gfpBuffSize); + + int gfpECBuffSize = 0; + sts = fips_selftest_ippsGFpECSignVerifyDSA_get_size_GFpEC_buff(&gfpECBuffSize, pGFpBuff); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } + pGFpECBuff = malloc((size_t)gfpECBuffSize); + + int dataBuffSize = 0; + sts = fips_selftest_ippsGFpECSignVerifyDSA_get_size_data_buff(&dataBuffSize, pGFpBuff, pGFpECBuff); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } + pDataBuff = malloc((size_t)dataBuffSize); + } +#else + IPP_BADARG_RET((NULL == pGFpBuff) || (NULL == pGFpECBuff) || (NULL == pDataBuff), IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR); +#endif + + /* Init GFp context */ + IppsGFpState* pGF = (IppsGFpState*)(IPP_ALIGNED_PTR(pGFpBuff, IPPCP_GFP_ALIGNMENT)); + sts = ippsGFpInitFixed(primeBitSize, ippsGFpMethod_p256r1(), pGF); + if(sts != ippStsNoErr) { + MEMORY_FREE_3(pGFpBuff, pGFpECBuff, pDataBuff, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } + + /* Init GFpEC context */ + IppsGFpECState* pEC = (IppsGFpECState*)(IPP_ALIGNED_PTR(pGFpECBuff, IPPCP_GFP_ALIGNMENT)); + sts = ippsGFpECInitStd256r1(pGF, pEC); + if(sts != ippStsNoErr) { + MEMORY_FREE_3(pGFpBuff, pGFpECBuff, pDataBuff, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } + + Ipp8u* pLocDataBuff = pDataBuff; + + /* private key */ + int regKeyCtxByteSize; + sts = ippsBigNumGetSize(primeWordSize, ®KeyCtxByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_3(pGFpBuff, pGFpECBuff, pDataBuff, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } + IppsBigNumState* bnPrivate = (IppsBigNumState*)(IPP_ALIGNED_PTR(pLocDataBuff, IPPCP_GFP_ALIGNMENT)); + sts = ippcp_init_set_bn(bnPrivate, primeWordSize, ippBigNumPOS, (const Ipp32u *)prv_key, primeWordSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_3(pGFpBuff, pGFpECBuff, pDataBuff, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } + pLocDataBuff += regKeyCtxByteSize; + + /* shared key */ + int sharedKeyCtxByteSize; + sts = ippsBigNumGetSize(primeWordSize, &sharedKeyCtxByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_3(pGFpBuff, pGFpECBuff, pDataBuff, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } + IppsBigNumState* bnShared = (IppsBigNumState*)(IPP_ALIGNED_PTR(pLocDataBuff, IPPCP_GFP_ALIGNMENT)); + sts = ippcp_init_set_bn(bnShared, primeWordSize, ippBigNumPOS, (const Ipp32u *) /*empty*/ prv_key, primeWordSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_3(pGFpBuff, pGFpECBuff, pDataBuff, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } + pLocDataBuff += sharedKeyCtxByteSize; + + /* public key */ + // element + int sizeElem; + sts = ippsGFpElementGetSize(pGF, &sizeElem); + if(sts != ippStsNoErr) { + MEMORY_FREE_3(pGFpBuff, pGFpECBuff, pDataBuff, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } + + IppsGFpElement* pubXElement = (IppsGFpElement*)(IPP_ALIGNED_PTR(pLocDataBuff, IPPCP_GFP_ALIGNMENT)); + sts = ippsGFpElementInit((Ipp32u*) pub_x, primeWordSize, pubXElement, pGF); + if(sts != ippStsNoErr) { + MEMORY_FREE_3(pGFpBuff, pGFpECBuff, pDataBuff, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } + pLocDataBuff += sizeElem; + + IppsGFpElement* pubYElement = (IppsGFpElement*)(IPP_ALIGNED_PTR(pLocDataBuff, IPPCP_GFP_ALIGNMENT)); + sts = ippsGFpElementInit((Ipp32u*) pub_y, primeWordSize, pubYElement, pGF); + if(sts != ippStsNoErr) { + MEMORY_FREE_3(pGFpBuff, pGFpECBuff, pDataBuff, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } + pLocDataBuff += sizeElem; + + // point + int sizePoint; + sts = ippsGFpECPointGetSize(pEC, &sizePoint); + if(sts != ippStsNoErr) { + MEMORY_FREE_3(pGFpBuff, pGFpECBuff, pDataBuff, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } + IppsGFpECPoint* regPublic = (IppsGFpECPoint*)(IPP_ALIGNED_PTR(pLocDataBuff, IPPCP_GFP_ALIGNMENT)); + sts = ippsGFpECPointInit(pubXElement, pubYElement, regPublic, pEC); + if(sts != ippStsNoErr) { + MEMORY_FREE_3(pGFpBuff, pGFpECBuff, pDataBuff, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } + pLocDataBuff += sizePoint; + + /* Shared Key Generation */ + sts = ippsGFpECSharedSecretDH(bnPrivate, regPublic, bnShared, pEC, pLocDataBuff); + if(sts != ippStsNoErr) { + MEMORY_FREE_3(pGFpBuff, pGFpECBuff, pDataBuff, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } + + Ipp8u pOut[sizeof(sh_key)]; + int len; + + IppsBigNumSGN sgn; + sts = ippsGet_BN(&sgn, &len, (Ipp32u*)pOut, bnShared); + if(sts != ippStsNoErr) { + MEMORY_FREE_3(pGFpBuff, pGFpECBuff, pDataBuff, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } + + int sigFlagErr; + sigFlagErr = ippcp_is_mem_eq(sh_key, sizeof(sh_key), pOut, sizeof(sh_key)); + + if( 1 != sigFlagErr ) { + test_result = IPPCP_ALGO_SELFTEST_KAT_ERR; + } + + MEMORY_FREE_3(pGFpBuff, pGFpECBuff, pDataBuff, memMgmFlag) + return test_result; +} + +#endif // _IPP_DATA +#endif // IPPCP_FIPS_MODE diff --git a/sources/ippcp/fips_cert/selftest_ecdsa_sign_verify.c b/sources/ippcp/fips_cert/selftest_ecdsa_sign_verify.c index 61ecd79f..2edc5548 100644 --- a/sources/ippcp/fips_cert/selftest_ecdsa_sign_verify.c +++ b/sources/ippcp/fips_cert/selftest_ecdsa_sign_verify.c @@ -120,7 +120,7 @@ IPPFUN(fips_test_status, fips_selftest_ippsGFpECSignVerifyDSA_get_size_data_buff /* message */ sts = ippsBigNumGetSize(msgWordSize, &tmp_size); if(sts != ippStsNoErr) return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; - total_size += (tmp_size+IPPCP_GFP_ALIGNMENT); + total_size += (tmp_size+IPPCP_GFP_ALIGNMENT); /* Reg and eph keys */ sts = ippsBigNumGetSize(primeWordSize, &tmp_size); @@ -137,8 +137,9 @@ IPPFUN(fips_test_status, fips_selftest_ippsGFpECSignVerifyDSA_get_size_data_buff if(sts != ippStsNoErr) return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; total_size += (tmp_size+IPPCP_GFP_ALIGNMENT); /* Scratch buffer */ - ippsGFpECScratchBufferSize(2, pEC, &tmp_size); - total_size += (tmp_size+IPPCP_GFP_ALIGNMENT); + sts = ippsGFpECScratchBufferSize(2, pEC, &tmp_size); + if(sts != ippStsNoErr) return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + total_size += (tmp_size+IPPCP_GFP_ALIGNMENT); *pDataBuffSize = total_size; @@ -149,7 +150,7 @@ IPPFUN(fips_test_status, fips_selftest_ippsGFpECSignDSA, (Ipp8u *pGFpBuff, Ipp8u { IppStatus sts = ippStsNoErr; fips_test_status test_result = IPPCP_ALGO_SELFTEST_OK; - + /* Internal memory allocation feature */ int internalMemMgm = 0; #if IPPCP_SELFTEST_USE_MALLOC @@ -157,15 +158,18 @@ IPPFUN(fips_test_status, fips_selftest_ippsGFpECSignDSA, (Ipp8u *pGFpBuff, Ipp8u internalMemMgm = 1; int gfpBuffSize = 0; - fips_selftest_ippsGFpECSignVerifyDSA_get_size_GFp_buff(&gfpBuffSize); + sts = fips_selftest_ippsGFpECSignVerifyDSA_get_size_GFp_buff(&gfpBuffSize); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } pGFpBuff = malloc((size_t)gfpBuffSize); int gfpECBuffSize = 0; - fips_selftest_ippsGFpECSignVerifyDSA_get_size_GFpEC_buff(&gfpECBuffSize, pGFpBuff); + sts = fips_selftest_ippsGFpECSignVerifyDSA_get_size_GFpEC_buff(&gfpECBuffSize, pGFpBuff); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } pGFpECBuff = malloc((size_t)gfpECBuffSize); int dataBuffSize = 0; - fips_selftest_ippsGFpECSignVerifyDSA_get_size_data_buff(&dataBuffSize, pGFpBuff, pGFpECBuff); + sts = fips_selftest_ippsGFpECSignVerifyDSA_get_size_data_buff(&dataBuffSize, pGFpBuff, pGFpECBuff); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } pDataBuff = malloc((size_t)dataBuffSize); } #else @@ -192,6 +196,10 @@ IPPFUN(fips_test_status, fips_selftest_ippsGFpECSignDSA, (Ipp8u *pGFpBuff, Ipp8u /* signature */ int sByteSize; sts = ippsBigNumGetSize(ordWordSize, &sByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_3(pGFpBuff, pGFpECBuff, pDataBuff, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } IppsBigNumState* bnS = (IppsBigNumState*)(IPP_ALIGNED_PTR(pLocDataBuff, IPPCP_GFP_ALIGNMENT)); sts = ippcp_init_set_bn(bnS, ordWordSize, ippBigNumPOS, (const Ipp32u *)msg_digest, ordWordSize); if(sts != ippStsNoErr) { @@ -202,6 +210,10 @@ IPPFUN(fips_test_status, fips_selftest_ippsGFpECSignDSA, (Ipp8u *pGFpBuff, Ipp8u int rByteSize; sts = ippsBigNumGetSize(ordWordSize, &rByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_3(pGFpBuff, pGFpECBuff, pDataBuff, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } IppsBigNumState* bnR = (IppsBigNumState*)(IPP_ALIGNED_PTR(pLocDataBuff, IPPCP_GFP_ALIGNMENT)); sts = ippcp_init_set_bn(bnR, ordWordSize, ippBigNumPOS, (const Ipp32u *)msg_digest, ordWordSize); if(sts != ippStsNoErr) { @@ -213,37 +225,49 @@ IPPFUN(fips_test_status, fips_selftest_ippsGFpECSignDSA, (Ipp8u *pGFpBuff, Ipp8u /* message */ int msgCtxByteSize; sts = ippsBigNumGetSize(msgWordSize, &msgCtxByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_3(pGFpBuff, pGFpECBuff, pDataBuff, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } IppsBigNumState* bnMsgDigest = (IppsBigNumState*)(IPP_ALIGNED_PTR(pLocDataBuff, IPPCP_GFP_ALIGNMENT)); sts = ippcp_init_set_bn(bnMsgDigest, msgWordSize, ippBigNumPOS, (const Ipp32u *)msg_digest, msgWordSize); if(sts != ippStsNoErr) { MEMORY_FREE_3(pGFpBuff, pGFpECBuff, pDataBuff, memMgmFlag) return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } - pLocDataBuff += msgCtxByteSize; + pLocDataBuff += msgCtxByteSize; /* Reg and eph keys */ int regKeyCtxByteSize; sts = ippsBigNumGetSize(primeWordSize, ®KeyCtxByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_3(pGFpBuff, pGFpECBuff, pDataBuff, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } IppsBigNumState* bnRegPrivate = (IppsBigNumState*)(IPP_ALIGNED_PTR(pLocDataBuff, IPPCP_GFP_ALIGNMENT)); sts = ippcp_init_set_bn(bnRegPrivate, primeWordSize, ippBigNumPOS, (const Ipp32u *)d, primeWordSize); if(sts != ippStsNoErr) { MEMORY_FREE_3(pGFpBuff, pGFpECBuff, pDataBuff, memMgmFlag) return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } - pLocDataBuff += regKeyCtxByteSize; + pLocDataBuff += regKeyCtxByteSize; int ephKeyCtxByteSize; sts = ippsBigNumGetSize(primeWordSize, &ephKeyCtxByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_3(pGFpBuff, pGFpECBuff, pDataBuff, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } IppsBigNumState* bnEphPrivate = (IppsBigNumState*)(IPP_ALIGNED_PTR(pLocDataBuff, IPPCP_GFP_ALIGNMENT)); sts = ippcp_init_set_bn(bnEphPrivate, primeWordSize, ippBigNumPOS, (const Ipp32u *)k, primeWordSize); if(sts != ippStsNoErr) { MEMORY_FREE_3(pGFpBuff, pGFpECBuff, pDataBuff, memMgmFlag) return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } - pLocDataBuff += ephKeyCtxByteSize; + pLocDataBuff += ephKeyCtxByteSize; - int srcatchSize; - ippsGFpECScratchBufferSize(2, pEC, &srcatchSize); + int scratchSize; + ippsGFpECScratchBufferSize(2, pEC, &scratchSize); Ipp8u* pScratchBuffer = pLocDataBuff; /* RSA Signature Generation */ @@ -286,15 +310,18 @@ IPPFUN(fips_test_status, fips_selftest_ippsGFpECVerifyDSA, (Ipp8u *pGFpBuff, Ipp internalMemMgm = 1; int gfpBuffSize = 0; - fips_selftest_ippsGFpECSignVerifyDSA_get_size_GFp_buff(&gfpBuffSize); + sts = fips_selftest_ippsGFpECSignVerifyDSA_get_size_GFp_buff(&gfpBuffSize); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } pGFpBuff = malloc((size_t)gfpBuffSize); int gfpECBuffSize = 0; - fips_selftest_ippsGFpECSignVerifyDSA_get_size_GFpEC_buff(&gfpECBuffSize, pGFpBuff); + sts = fips_selftest_ippsGFpECSignVerifyDSA_get_size_GFpEC_buff(&gfpECBuffSize, pGFpBuff); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } pGFpECBuff = malloc((size_t)gfpECBuffSize); int dataBuffSize = 0; - fips_selftest_ippsGFpECSignVerifyDSA_get_size_data_buff(&dataBuffSize, pGFpBuff, pGFpECBuff); + sts = fips_selftest_ippsGFpECSignVerifyDSA_get_size_data_buff(&dataBuffSize, pGFpBuff, pGFpECBuff); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } pDataBuff = malloc((size_t)dataBuffSize); } #else @@ -322,6 +349,10 @@ IPPFUN(fips_test_status, fips_selftest_ippsGFpECVerifyDSA, (Ipp8u *pGFpBuff, Ipp /* signature */ int sByteSize; sts = ippsBigNumGetSize(ordWordSize, &sByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_3(pGFpBuff, pGFpECBuff, pDataBuff, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } IppsBigNumState* bnS = (IppsBigNumState*)(IPP_ALIGNED_PTR(pLocDataBuff, IPPCP_GFP_ALIGNMENT)); sts = ippcp_init_set_bn(bnS, ordWordSize, ippBigNumPOS, (const Ipp32u *)s, ordWordSize); if(sts != ippStsNoErr) { @@ -332,6 +363,10 @@ IPPFUN(fips_test_status, fips_selftest_ippsGFpECVerifyDSA, (Ipp8u *pGFpBuff, Ipp int rByteSize; sts = ippsBigNumGetSize(ordWordSize, &rByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_3(pGFpBuff, pGFpECBuff, pDataBuff, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } IppsBigNumState* bnR = (IppsBigNumState*)(IPP_ALIGNED_PTR(pLocDataBuff, IPPCP_GFP_ALIGNMENT)); sts = ippcp_init_set_bn(bnR, ordWordSize, ippBigNumPOS, (const Ipp32u *)r, ordWordSize); if(sts != ippStsNoErr) { @@ -343,54 +378,58 @@ IPPFUN(fips_test_status, fips_selftest_ippsGFpECVerifyDSA, (Ipp8u *pGFpBuff, Ipp /* message */ int msgCtxByteSize; sts = ippsBigNumGetSize(msgWordSize, &msgCtxByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_3(pGFpBuff, pGFpECBuff, pDataBuff, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } IppsBigNumState* bnMsgDigest = (IppsBigNumState*)(IPP_ALIGNED_PTR(pLocDataBuff, IPPCP_GFP_ALIGNMENT)); sts = ippcp_init_set_bn(bnMsgDigest, msgWordSize, ippBigNumPOS, (const Ipp32u *)msg_digest, msgWordSize); if(sts != ippStsNoErr) { MEMORY_FREE_3(pGFpBuff, pGFpECBuff, pDataBuff, memMgmFlag) return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } - pLocDataBuff += msgCtxByteSize; + pLocDataBuff += msgCtxByteSize; - /* Public key x and y coordinates */ - int pubGxCtxByteSize; - ippsGFpElementGetSize(pGF, &pubGxCtxByteSize); - IppsGFpElement* pubGx = (IppsGFpElement*)(IPP_ALIGNED_PTR(pLocDataBuff, IPPCP_GFP_ALIGNMENT)); - sts = ippsGFpElementInit((const Ipp32u *)qx, primeWordSize, pubGx, pGF); + /* Reg private key */ + int regKeyCtxByteSize; + sts = ippsBigNumGetSize(primeWordSize, ®KeyCtxByteSize); if(sts != ippStsNoErr) { MEMORY_FREE_3(pGFpBuff, pGFpECBuff, pDataBuff, memMgmFlag) return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } - pLocDataBuff += pubGxCtxByteSize; - - int pubGyCtxByteSize; - ippsGFpElementGetSize(pGF, &pubGyCtxByteSize); - IppsGFpElement* pubGy = (IppsGFpElement*)(IPP_ALIGNED_PTR(pLocDataBuff, IPPCP_GFP_ALIGNMENT)); - sts = ippsGFpElementInit((const Ipp32u *)qy, primeWordSize, pubGy, pGF); + IppsBigNumState* bnRegPrivate = (IppsBigNumState*)(IPP_ALIGNED_PTR(pLocDataBuff, IPPCP_GFP_ALIGNMENT)); + sts = ippcp_init_set_bn(bnRegPrivate, primeWordSize, ippBigNumPOS, (const Ipp32u *)d, primeWordSize); if(sts != ippStsNoErr) { MEMORY_FREE_3(pGFpBuff, pGFpECBuff, pDataBuff, memMgmFlag) return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } - pLocDataBuff += pubGyCtxByteSize; + pLocDataBuff += regKeyCtxByteSize; - /* Public key */ - int pubKeyCtxSize; - ippsGFpECPointGetSize(pEC, &pubKeyCtxSize); + // Generate public key + int pubKeyCtxByteSize; + sts = ippsGFpECPointGetSize(pEC, &pubKeyCtxByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_3(pGFpBuff, pGFpECBuff, pDataBuff, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } IppsGFpECPoint* regPublic = (IppsGFpECPoint*)(IPP_ALIGNED_PTR(pLocDataBuff, IPPCP_GFP_ALIGNMENT)); - sts = ippsGFpECPointInit(pubGx, pubGy, regPublic, pEC); + sts = ippsGFpECPointInit(NULL, NULL, regPublic, pEC); if(sts != ippStsNoErr) { MEMORY_FREE_3(pGFpBuff, pGFpECBuff, pDataBuff, memMgmFlag) return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } - pLocDataBuff+=pubKeyCtxSize; - - int srcatchSize; // single point multiplication - ippsGFpECScratchBufferSize(2, pEC, &srcatchSize); - Ipp8u* pScratchBuffer = pLocDataBuff; + pLocDataBuff += pubKeyCtxByteSize; - /* RSA Signature Generation */ + sts = ippsGFpECPublicKey(bnRegPrivate, regPublic, pEC, pLocDataBuff); + if( ippStsNoErr != sts ) { + MEMORY_FREE_3(pGFpBuff, pGFpECBuff, pDataBuff, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } + + /* RSA Signature Verification */ IppECResult verifRes; sts = ippsGFpECVerifyDSA(bnMsgDigest, regPublic, bnR, - bnS, &verifRes, pEC, pScratchBuffer); + bnS, &verifRes, pEC, pLocDataBuff); if( ippECValid != verifRes || ippStsNoErr != sts ) { test_result = IPPCP_ALGO_SELFTEST_KAT_ERR; @@ -400,5 +439,11 @@ IPPFUN(fips_test_status, fips_selftest_ippsGFpECVerifyDSA, (Ipp8u *pGFpBuff, Ipp return test_result; } +// test can be the same as the test above +IPPFUN(fips_test_status, fips_selftest_ippsGFpECPublicKey, (Ipp8u *pGFpBuff, Ipp8u *pGFpECBuff, Ipp8u *pDataBuff)) +{ + return fips_selftest_ippsGFpECVerifyDSA(pGFpBuff, pGFpECBuff, pDataBuff); +} + #endif // _IPP_DATA #endif // IPPCP_FIPS_MODE diff --git a/sources/ippcp/fips_cert/selftest_hash_msg_upd_sha.c b/sources/ippcp/fips_cert/selftest_hash_msg_upd_sha.c index 0b28d250..dd01f659 100644 --- a/sources/ippcp/fips_cert/selftest_hash_msg_upd_sha.c +++ b/sources/ippcp/fips_cert/selftest_hash_msg_upd_sha.c @@ -26,7 +26,7 @@ #include "ippcp/fips_cert.h" #include "fips_cert_internal/common.h" -/* +/* * KAT TEST * taken from the regular known-answer testing */ @@ -112,10 +112,11 @@ IPPFUN(fips_test_status, fips_selftest_ippsHashUpdate_rmf, (IppHashAlgId hashAlg /* Unsupported method was given */ IPP_BADARG_RET((NULL == locMethod), IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR); - /* check input pointers and allocate memory in "use malloc" mode */ + /* check input pointers and allocate memory in "use malloc" mode */ int internalMemMgm = 0; int ctx_size = 0; - fips_selftest_ippsHash_rmf_get_size(&ctx_size); + sts = fips_selftest_ippsHash_rmf_get_size(&ctx_size); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } BUF_CHECK_NULL_AND_ALLOC(pBuffer, internalMemMgm, (ctx_size + IPPCP_HASH_ALIGNMENT), IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR) /* output hash */ @@ -123,28 +124,28 @@ IPPFUN(fips_test_status, fips_selftest_ippsHashUpdate_rmf, (IppHashAlgId hashAlg Ipp8u outTagBuff[IPP_SHA512_DIGEST_BYTESIZE]; /* context */ IppsHashState_rmf* hashCtx = (IppsHashState_rmf*)(IPP_ALIGNED_PTR(pBuffer, IPPCP_HASH_ALIGNMENT)); - + /* context initialization */ sts = ippsHashInit_rmf(hashCtx, locMethod); - if (sts != ippStsNoErr) { + if (sts != ippStsNoErr) { MEMORY_FREE(pBuffer, internalMemMgm) - return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; - } + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } /* function call */ sts = ippsHashUpdate_rmf(msg, msgByteLen, hashCtx); - if (sts != ippStsNoErr) { + if (sts != ippStsNoErr) { MEMORY_FREE(pBuffer, internalMemMgm) - return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } sts = ippsHashGetTag_rmf(outTagBuff, (int)locHashByteSize, hashCtx); - if (sts != ippStsNoErr) { + if (sts != ippStsNoErr) { MEMORY_FREE(pBuffer, internalMemMgm) - return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } sts = ippsHashFinal_rmf(outHashBuff, hashCtx); - if (sts != ippStsNoErr) { + if (sts != ippStsNoErr) { MEMORY_FREE(pBuffer, internalMemMgm) - return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } /* compare output to known answer */ int isEqual; diff --git a/sources/ippcp/fips_cert/selftest_rsa_enc_dec_oaep.c b/sources/ippcp/fips_cert/selftest_rsa_enc_dec_oaep.c index 3ed05768..4c39ea1d 100644 --- a/sources/ippcp/fips_cert/selftest_rsa_enc_dec_oaep.c +++ b/sources/ippcp/fips_cert/selftest_rsa_enc_dec_oaep.c @@ -122,11 +122,11 @@ IPPFUN(fips_test_status, fips_selftest_ippsRSAEncryptDecrypt_OAEP_rmf_get_size_k if(sts != ippStsNoErr) return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; total_size += (tmp_size + IPPCP_BN_ALIGNMENT); // N - ippsRSA_GetSizePublicKey(modulusBitSize, pubExpBitSize, &tmp_size); + sts = ippsRSA_GetSizePublicKey(modulusBitSize, pubExpBitSize, &tmp_size); if(sts != ippStsNoErr) return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; total_size += (tmp_size + IPPCP_RSA_ALIGNMENT); // pPubKey - ippsRSA_GetSizePrivateKeyType1(modulusBitSize, privExpBitSize, &tmp_size); + sts = ippsRSA_GetSizePrivateKeyType1(modulusBitSize, privExpBitSize, &tmp_size); if(sts != ippStsNoErr) return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; total_size += (tmp_size + IPPCP_RSA_ALIGNMENT); // pPrivKey @@ -148,30 +148,37 @@ IPPFUN(fips_test_status, fips_selftest_ippsRSAEncryptDecrypt_OAEP_rmf_get_size, /* Initialize BigNumber-s */ int eByteSize; sts = ippsBigNumGetSize(IPPCP_PUB_EXP_WORD_SIZE, &eByteSize); + if(sts != ippStsNoErr) return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_BN_ALIGNMENT)); IppsBigNumState* bnE = (IppsBigNumState *)pLocKeysBuffer; pLocKeysBuffer += eByteSize; int dByteSize; sts = ippsBigNumGetSize(IPPCP_PRIV_EXP_WORD_SIZE, &dByteSize); + if(sts != ippStsNoErr) return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_BN_ALIGNMENT)); IppsBigNumState* bnD = (IppsBigNumState *)pLocKeysBuffer; pLocKeysBuffer += dByteSize; int nByteSize; sts = ippsBigNumGetSize(IPPCP_MODULUS_WORD_SIZE, &nByteSize); + if(sts != ippStsNoErr) return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_BN_ALIGNMENT)); IppsBigNumState* bnN = (IppsBigNumState *)pLocKeysBuffer; pLocKeysBuffer += nByteSize; sts = ippcp_init_set_bn(bnE, IPPCP_PUB_EXP_WORD_SIZE, ippBigNumPOS, (const Ipp32u *)dataE, IPPCP_PUB_EXP_WORD_SIZE); + if(sts != ippStsNoErr) return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; sts = ippcp_init_set_bn(bnD, IPPCP_PRIV_EXP_WORD_SIZE, ippBigNumPOS, (const Ipp32u *)dataD, IPPCP_PRIV_EXP_WORD_SIZE); + if(sts != ippStsNoErr) return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; sts = ippcp_init_set_bn(bnN, IPPCP_MODULUS_WORD_SIZE, ippBigNumPOS, (const Ipp32u *)dataN, IPPCP_MODULUS_WORD_SIZE); + if(sts != ippStsNoErr) return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; /* Initialize key pair - necessary to obtain signature size */ // private key int privKeyByteSize = 0; - ippsRSA_GetSizePrivateKeyType1(modulusBitSize, privExpBitSize, &privKeyByteSize); + sts = ippsRSA_GetSizePrivateKeyType1(modulusBitSize, privExpBitSize, &privKeyByteSize); + if(sts != ippStsNoErr) return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_RSA_ALIGNMENT)); IppsRSAPrivateKeyState* pPrivKey = (IppsRSAPrivateKeyState*)pLocKeysBuffer; sts = ippsRSA_InitPrivateKeyType1(modulusBitSize, privExpBitSize, pPrivKey, privKeyByteSize); @@ -180,7 +187,8 @@ IPPFUN(fips_test_status, fips_selftest_ippsRSAEncryptDecrypt_OAEP_rmf_get_size, // public key int pubKeyByteSize = 0; - ippsRSA_GetSizePublicKey(modulusBitSize, pubExpBitSize, &pubKeyByteSize); + sts = ippsRSA_GetSizePublicKey(modulusBitSize, pubExpBitSize, &pubKeyByteSize); + if(sts != ippStsNoErr) return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_RSA_ALIGNMENT)); IppsRSAPublicKeyState* pPubKey = (IppsRSAPublicKeyState*)pLocKeysBuffer; sts = ippsRSA_InitPublicKey(modulusBitSize, pubExpBitSize, pPubKey, pubKeyByteSize); @@ -238,22 +246,42 @@ IPPFUN(fips_test_status, fips_selftest_ippsRSAEncrypt_OAEP_rmf, (Ipp8u *pBuffer, /* Initialize BigNumber-s */ int eByteSize; sts = ippsBigNumGetSize(IPPCP_PUB_EXP_WORD_SIZE, &eByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_BN_ALIGNMENT)); IppsBigNumState* bnE = (IppsBigNumState *)pLocKeysBuffer; pLocKeysBuffer += eByteSize; int nByteSize; sts = ippsBigNumGetSize(IPPCP_MODULUS_WORD_SIZE, &nByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_BN_ALIGNMENT)); IppsBigNumState* bnN = (IppsBigNumState *)pLocKeysBuffer; pLocKeysBuffer += nByteSize; sts = ippcp_init_set_bn(bnE, IPPCP_PUB_EXP_WORD_SIZE, ippBigNumPOS, (const Ipp32u *)dataE, IPPCP_PUB_EXP_WORD_SIZE); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } sts = ippcp_init_set_bn(bnN, IPPCP_MODULUS_WORD_SIZE, ippBigNumPOS, (const Ipp32u *)dataN, IPPCP_MODULUS_WORD_SIZE); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } /* Initialize public key */ int pubKeyByteSize = 0; - ippsRSA_GetSizePublicKey(modulusBitSize, pubExpBitSize, &pubKeyByteSize); + sts = ippsRSA_GetSizePublicKey(modulusBitSize, pubExpBitSize, &pubKeyByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_RSA_ALIGNMENT)); IppsRSAPublicKeyState* pPubKey = (IppsRSAPublicKeyState*)pLocKeysBuffer; sts = ippsRSA_InitPublicKey(modulusBitSize, pubExpBitSize, pPubKey, pubKeyByteSize); @@ -271,7 +299,11 @@ IPPFUN(fips_test_status, fips_selftest_ippsRSAEncrypt_OAEP_rmf, (Ipp8u *pBuffer, /* RSA encryption */ int encBufSize; - ippsRSA_GetBufferSizePublicKey(&encBufSize, pPubKey); + sts = ippsRSA_GetBufferSizePublicKey(&encBufSize, pPubKey); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } Ipp8u* encScratchBuffer = (IPP_ALIGNED_PTR(pBuffer, IPPCP_RSA_ALIGNMENT)); sts = ippsRSAEncrypt_OAEP_rmf(pMsg, IPPCP_MSG_BYTE_LEN, 0, 0, seed, pOutCtxt, pPubKey, @@ -318,22 +350,42 @@ IPPFUN(fips_test_status, fips_selftest_ippsRSADecrypt_OAEP_rmf, (Ipp8u *pBuffer, /* Initialize BigNumber-s */ int dByteSize; sts = ippsBigNumGetSize(IPPCP_PRIV_EXP_WORD_SIZE, &dByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_BN_ALIGNMENT)); IppsBigNumState* bnD = (IppsBigNumState *)pLocKeysBuffer; pLocKeysBuffer += dByteSize; int nByteSize; sts = ippsBigNumGetSize(IPPCP_MODULUS_WORD_SIZE, &nByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_BN_ALIGNMENT)); IppsBigNumState* bnN = (IppsBigNumState *)pLocKeysBuffer; pLocKeysBuffer += nByteSize; sts = ippcp_init_set_bn(bnD, IPPCP_PRIV_EXP_WORD_SIZE, ippBigNumPOS, (const Ipp32u *)dataD, IPPCP_PRIV_EXP_WORD_SIZE); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } sts = ippcp_init_set_bn(bnN, IPPCP_MODULUS_WORD_SIZE, ippBigNumPOS, (const Ipp32u *)dataN, IPPCP_MODULUS_WORD_SIZE); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } /* Initialize private key */ int privKeyByteSize = 0; - ippsRSA_GetSizePrivateKeyType1(modulusBitSize, privExpBitSize, &privKeyByteSize); + sts = ippsRSA_GetSizePrivateKeyType1(modulusBitSize, privExpBitSize, &privKeyByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_RSA_ALIGNMENT)); IppsRSAPrivateKeyState* pPrivKey = (IppsRSAPrivateKeyState*)pLocKeysBuffer; sts = ippsRSA_InitPrivateKeyType1(modulusBitSize, privExpBitSize, pPrivKey, privKeyByteSize); @@ -351,7 +403,11 @@ IPPFUN(fips_test_status, fips_selftest_ippsRSADecrypt_OAEP_rmf, (Ipp8u *pBuffer, /* RSA decryption */ int decBufSize; - ippsRSA_GetBufferSizePrivateKey(&decBufSize, pPrivKey); + sts = ippsRSA_GetBufferSizePrivateKey(&decBufSize, pPrivKey); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } Ipp8u* decScratchBuffer = (IPP_ALIGNED_PTR(pBuffer, IPPCP_RSA_ALIGNMENT)); int ptxtLen; @@ -363,7 +419,7 @@ IPPFUN(fips_test_status, fips_selftest_ippsRSADecrypt_OAEP_rmf, (Ipp8u *pBuffer, if(1 != sigFlagErr || sts != ippStsNoErr) { test_result = IPPCP_ALGO_SELFTEST_KAT_ERR; } - + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) return test_result; } diff --git a/sources/ippcp/fips_cert/selftest_rsa_sign_verify_pkcs_v15.c b/sources/ippcp/fips_cert/selftest_rsa_sign_verify_pkcs_v15.c index 5b00bc08..a4e36955 100644 --- a/sources/ippcp/fips_cert/selftest_rsa_sign_verify_pkcs_v15.c +++ b/sources/ippcp/fips_cert/selftest_rsa_sign_verify_pkcs_v15.c @@ -141,30 +141,37 @@ IPPFUN(fips_test_status, fips_selftest_ippsRSASignVerify_PKCS1v15_rmf_get_size, /* Initialize BigNumber-s */ int dByteSize; sts = ippsBigNumGetSize(IPPCP_PRIV_EXP_WORD_SIZE, &dByteSize); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_BN_ALIGNMENT)); IppsBigNumState* bnD = (IppsBigNumState *)pLocKeysBuffer; pLocKeysBuffer += dByteSize; int eByteSize; sts = ippsBigNumGetSize(IPPCP_PUB_EXP_WORD_SIZE, &eByteSize); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_BN_ALIGNMENT)); IppsBigNumState* bnE = (IppsBigNumState *)pLocKeysBuffer; pLocKeysBuffer += eByteSize; int nByteSize; sts = ippsBigNumGetSize(IPPCP_MODULUS_WORD_SIZE, &nByteSize); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_BN_ALIGNMENT)); IppsBigNumState* bnN = (IppsBigNumState *)pLocKeysBuffer; pLocKeysBuffer += nByteSize; sts = ippcp_init_set_bn(bnD, IPPCP_PRIV_EXP_WORD_SIZE, ippBigNumPOS, (const Ipp32u *)pPrivExp, IPPCP_PRIV_EXP_WORD_SIZE); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } sts = ippcp_init_set_bn(bnE, IPPCP_PUB_EXP_WORD_SIZE, ippBigNumPOS, (const Ipp32u *)pPubExp, IPPCP_PUB_EXP_WORD_SIZE); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } sts = ippcp_init_set_bn(bnN, IPPCP_MODULUS_WORD_SIZE, ippBigNumPOS, (const Ipp32u *)pModulus, IPPCP_MODULUS_WORD_SIZE); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } /* Initialize key pair - necessary to obtain signature size */ int pubKeySize; // public key - ippsRSA_GetSizePublicKey(modulusBitSize, pubExpBitSize, &pubKeySize); + sts = ippsRSA_GetSizePublicKey(modulusBitSize, pubExpBitSize, &pubKeySize); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_RSA_ALIGNMENT)); IppsRSAPublicKeyState* pPubKey = (IppsRSAPublicKeyState*)pLocKeysBuffer; sts = ippsRSA_InitPublicKey(modulusBitSize, pubExpBitSize, pPubKey, pubKeySize); @@ -182,21 +189,17 @@ IPPFUN(fips_test_status, fips_selftest_ippsRSASignVerify_PKCS1v15_rmf_get_size, /* Set public and private keys */ sts = ippsRSA_SetPublicKey(bnN, bnE, pPubKey); - if(sts != ippStsNoErr) return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } sts = ippsRSA_SetPrivateKeyType1(bnN, bnD, pPrvKey); - if(sts != ippStsNoErr) return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } /* RSA signature and verification buffers */ int buffSize = 0; sts = ippsRSA_GetBufferSizePublicKey(&buffSize, pPubKey); - if (sts != ippStsNoErr) { - return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; - } + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } int buffSizePrivKey = 0; sts = ippsRSA_GetBufferSizePrivateKey(&buffSizePrivKey, pPrvKey); - if (sts != ippStsNoErr) { - return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; - } + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } /* Resize buffer */ total_size = IPP_MAX(buffSize, buffSizePrivKey) + IPPCP_RSA_ALIGNMENT; @@ -217,11 +220,13 @@ IPPFUN(fips_test_status, fips_selftest_ippsRSASign_PKCS1v15_rmf, (Ipp8u *pBuffer internalMemMgm = 1; int keysBuffSize = 0; - fips_selftest_ippsRSASignVerify_PKCS1v15_rmf_get_size_keys(&keysBuffSize); + sts = fips_selftest_ippsRSASignVerify_PKCS1v15_rmf_get_size_keys(&keysBuffSize); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } pKeysBuffer = malloc((size_t)keysBuffSize); int dataBuffSize = 0; - fips_selftest_ippsRSASignVerify_PKCS1v15_rmf_get_size(&dataBuffSize, pKeysBuffer); + sts = fips_selftest_ippsRSASignVerify_PKCS1v15_rmf_get_size(&dataBuffSize, pKeysBuffer); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } pBuffer = malloc((size_t)dataBuffSize); } #else @@ -235,30 +240,58 @@ IPPFUN(fips_test_status, fips_selftest_ippsRSASign_PKCS1v15_rmf, (Ipp8u *pBuffer /* Initialize BigNumber-s */ int dByteSize; sts = ippsBigNumGetSize(IPPCP_PRIV_EXP_WORD_SIZE, &dByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_BN_ALIGNMENT)); IppsBigNumState* bnD = (IppsBigNumState *)pLocKeysBuffer; pLocKeysBuffer += dByteSize; int eByteSize; sts = ippsBigNumGetSize(IPPCP_PUB_EXP_WORD_SIZE, &eByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_BN_ALIGNMENT)); IppsBigNumState* bnE = (IppsBigNumState *)pLocKeysBuffer; pLocKeysBuffer += eByteSize; int nByteSize; sts = ippsBigNumGetSize(IPPCP_MODULUS_WORD_SIZE, &nByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_BN_ALIGNMENT)); IppsBigNumState* bnN = (IppsBigNumState *)pLocKeysBuffer; pLocKeysBuffer += nByteSize; sts = ippcp_init_set_bn(bnD, IPPCP_PRIV_EXP_WORD_SIZE, ippBigNumPOS, (const Ipp32u *)pPrivExp, IPPCP_PRIV_EXP_WORD_SIZE); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } sts = ippcp_init_set_bn(bnE, IPPCP_PUB_EXP_WORD_SIZE, ippBigNumPOS, (const Ipp32u *)pPubExp, IPPCP_PUB_EXP_WORD_SIZE); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } sts = ippcp_init_set_bn(bnN, IPPCP_MODULUS_WORD_SIZE, ippBigNumPOS, (const Ipp32u *)pModulus, IPPCP_MODULUS_WORD_SIZE); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } /* Initialize key pair */ // private key int privKeyByteSize = 0; - ippsRSA_GetSizePrivateKeyType1(modulusBitSize, privExpBitSize, &privKeyByteSize); + sts = ippsRSA_GetSizePrivateKeyType1(modulusBitSize, privExpBitSize, &privKeyByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_RSA_ALIGNMENT)); IppsRSAPrivateKeyState* pPrvKey = (IppsRSAPrivateKeyState*)pLocKeysBuffer; sts = ippsRSA_InitPrivateKeyType1(modulusBitSize, privExpBitSize, pPrvKey, privKeyByteSize); @@ -269,7 +302,11 @@ IPPFUN(fips_test_status, fips_selftest_ippsRSASign_PKCS1v15_rmf, (Ipp8u *pBuffer pLocKeysBuffer += privKeyByteSize; // public key int pubKeyByteSize = 0; - ippsRSA_GetSizePublicKey(modulusBitSize, pubExpBitSize, &pubKeyByteSize); + sts = ippsRSA_GetSizePublicKey(modulusBitSize, pubExpBitSize, &pubKeyByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_RSA_ALIGNMENT)); IppsRSAPublicKeyState* pPubKey = (IppsRSAPublicKeyState*)pLocKeysBuffer; sts = ippsRSA_InitPublicKey(modulusBitSize, pubExpBitSize, pPubKey, pubKeyByteSize); @@ -316,11 +353,13 @@ IPPFUN(fips_test_status, fips_selftest_ippsRSAVerify_PKCS1v15_rmf,(Ipp8u *pBuffe internalMemMgm = 1; int keysBuffSize = 0; - fips_selftest_ippsRSASignVerify_PKCS1v15_rmf_get_size_keys(&keysBuffSize); + sts = fips_selftest_ippsRSASignVerify_PKCS1v15_rmf_get_size_keys(&keysBuffSize); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } pKeysBuffer = malloc((size_t)keysBuffSize); int dataBuffSize = 0; - fips_selftest_ippsRSASignVerify_PKCS1v15_rmf_get_size(&dataBuffSize, pKeysBuffer); + sts = fips_selftest_ippsRSASignVerify_PKCS1v15_rmf_get_size(&dataBuffSize, pKeysBuffer); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } pBuffer = malloc((size_t)dataBuffSize); } #else @@ -332,25 +371,49 @@ IPPFUN(fips_test_status, fips_selftest_ippsRSAVerify_PKCS1v15_rmf,(Ipp8u *pBuffe /* Initialize BigNumber-s */ int eByteSize; sts = ippsBigNumGetSize(IPPCP_PUB_EXP_WORD_SIZE, &eByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_BN_ALIGNMENT)); IppsBigNumState* bnE = (IppsBigNumState *)pLocKeysBuffer; pLocKeysBuffer += eByteSize; int nByteSize; sts = ippsBigNumGetSize(IPPCP_MODULUS_WORD_SIZE, &nByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_BN_ALIGNMENT)); IppsBigNumState* bnN = (IppsBigNumState *)pLocKeysBuffer; pLocKeysBuffer += nByteSize; sts = ippcp_init_set_bn(bnE, IPPCP_PUB_EXP_WORD_SIZE, ippBigNumPOS, (const Ipp32u *)pPubExp, IPPCP_PUB_EXP_WORD_SIZE); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } sts = ippcp_init_set_bn(bnN, IPPCP_MODULUS_WORD_SIZE, ippBigNumPOS, (const Ipp32u *)pModulus, IPPCP_MODULUS_WORD_SIZE); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } /* Initialize public key */ int pubKeyByteSize = 0; - ippsRSA_GetSizePublicKey(modulusBitSize, pubExpBitSize, &pubKeyByteSize); + sts = ippsRSA_GetSizePublicKey(modulusBitSize, pubExpBitSize, &pubKeyByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_RSA_ALIGNMENT)); IppsRSAPublicKeyState* pPubKey = (IppsRSAPublicKeyState*)pLocKeysBuffer; - ippsRSA_InitPublicKey(modulusBitSize, pubExpBitSize, pPubKey, pubKeyByteSize); + sts = ippsRSA_InitPublicKey(modulusBitSize, pubExpBitSize, pPubKey, pubKeyByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } /* Set public and private keys */ sts = ippsRSA_SetPublicKey(bnN, bnE, pPubKey); diff --git a/sources/ippcp/fips_cert/selftest_rsa_sign_verify_pss.c b/sources/ippcp/fips_cert/selftest_rsa_sign_verify_pss.c index df588c31..e34c73fe 100644 --- a/sources/ippcp/fips_cert/selftest_rsa_sign_verify_pss.c +++ b/sources/ippcp/fips_cert/selftest_rsa_sign_verify_pss.c @@ -108,6 +108,7 @@ static const unsigned int saltByteLen = sizeof(pSalt); static const unsigned int pubExpBitSize = 24; static const unsigned int privExpBitSize = 2048; static const unsigned int modulusBitSize = 2048; +static const unsigned int primeBitsize = 1024; #define IPPCP_PUB_EXP_WORD_SIZE (IPPCP_BITSIZE_2_WORDSIZE(pubExpBitSize)) #define IPPCP_PRIV_EXP_WORD_SIZE (IPPCP_BITSIZE_2_WORDSIZE(privExpBitSize)) @@ -140,9 +141,22 @@ IPPFUN(fips_test_status, fips_selftest_ippsRSASignVerify_PSS_rmf_get_size_keys, if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } total_size += tmp_size; // pPubKey + sts = ippsPrimeGetSize(primeBitsize, &tmp_size); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } + total_size += tmp_size; // pPrimeG + + sts = ippsPRNGGetSize(&tmp_size); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } + total_size += tmp_size; // pRand + sts = ippsRSA_GetSizePrivateKeyType1(modulusBitSize, privExpBitSize, &tmp_size); if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } - total_size += tmp_size; // pPrvKey + + int tmp_size_2 = 0; + sts = ippsRSA_GetSizePrivateKeyType2(primeBitsize, privExpBitSize - primeBitsize, &tmp_size_2); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } + + total_size += IPP_MAX(tmp_size, tmp_size_2); // pPrvKey *pKeysBufferSize = total_size; @@ -162,30 +176,37 @@ IPPFUN(fips_test_status, fips_selftest_ippsRSASignVerify_PSS_rmf_get_size, (int /* Initialize BigNumber-s */ int dByteSize; sts = ippsBigNumGetSize(IPPCP_PRIV_EXP_WORD_SIZE, &dByteSize); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_BN_ALIGNMENT)); IppsBigNumState* bnD = (IppsBigNumState *)pLocKeysBuffer; pLocKeysBuffer += dByteSize; int eByteSize; sts = ippsBigNumGetSize(IPPCP_PUB_EXP_WORD_SIZE, &eByteSize); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_BN_ALIGNMENT)); IppsBigNumState* bnE = (IppsBigNumState *)pLocKeysBuffer; pLocKeysBuffer += eByteSize; int nByteSize; sts = ippsBigNumGetSize(IPPCP_MODULUS_WORD_SIZE, &nByteSize); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_BN_ALIGNMENT)); IppsBigNumState* bnN = (IppsBigNumState *)pLocKeysBuffer; pLocKeysBuffer += nByteSize; sts = ippcp_init_set_bn(bnD, IPPCP_PRIV_EXP_WORD_SIZE, ippBigNumPOS, (const Ipp32u *)pPrivExp, IPPCP_PRIV_EXP_WORD_SIZE); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } sts = ippcp_init_set_bn(bnE, IPPCP_PUB_EXP_WORD_SIZE, ippBigNumPOS, (const Ipp32u *)pPubExp, IPPCP_PUB_EXP_WORD_SIZE); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } sts = ippcp_init_set_bn(bnN, IPPCP_MODULUS_WORD_SIZE, ippBigNumPOS, (const Ipp32u *)pModulus, IPPCP_MODULUS_WORD_SIZE); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } /* Initialize public and private keys - necessary to obtain signature size */ // public key int pubKeySize; - ippsRSA_GetSizePublicKey(modulusBitSize, pubExpBitSize, &pubKeySize); + sts = ippsRSA_GetSizePublicKey(modulusBitSize, pubExpBitSize, &pubKeySize); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_RSA_ALIGNMENT)); IppsRSAPublicKeyState* pPubKey = (IppsRSAPublicKeyState*)pLocKeysBuffer; sts = ippsRSA_InitPublicKey(modulusBitSize, pubExpBitSize, pPubKey, pubKeySize); @@ -193,11 +214,23 @@ IPPFUN(fips_test_status, fips_selftest_ippsRSASignVerify_PSS_rmf_get_size, (int pLocKeysBuffer+=pubKeySize; // private key int privKeySize; - ippsRSA_GetSizePrivateKeyType1(modulusBitSize, privExpBitSize, &privKeySize); + sts = ippsRSA_GetSizePrivateKeyType1(modulusBitSize, privExpBitSize, &privKeySize); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_RSA_ALIGNMENT)); IppsRSAPrivateKeyState* pPrvKey = (IppsRSAPrivateKeyState*)(pLocKeysBuffer); sts = ippsRSA_InitPrivateKeyType1(modulusBitSize, privExpBitSize, pPrvKey, privKeySize); if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } + pLocKeysBuffer+=privKeySize; + + sts = ippsRSA_GetSizePrivateKeyType2(primeBitsize, privExpBitSize - primeBitsize, &privKeySize); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } + IppsRSAPrivateKeyState* pPrvKey2 = (IppsRSAPrivateKeyState*)(pLocKeysBuffer); + sts = ippsRSA_InitPrivateKeyType2(primeBitsize, privExpBitSize - primeBitsize, pPrvKey2, privKeySize); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } + + int buffSizePrivKey2 = 0; + sts = ippsRSA_GetBufferSizePrivateKey(&buffSizePrivKey2, pPrvKey2); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } /* set public and private keys */ sts = ippsRSA_SetPublicKey(bnN, bnE, pPubKey); @@ -206,16 +239,17 @@ IPPFUN(fips_test_status, fips_selftest_ippsRSASignVerify_PSS_rmf_get_size, (int if(sts != ippStsNoErr) return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; /* RSA signature and verification buffers */ - int buffSize = 0; - sts = ippsRSA_GetBufferSizePublicKey(&buffSize, pPubKey); + int buffSizeSignVerify = 0; + sts = ippsRSA_GetBufferSizePublicKey(&buffSizeSignVerify, pPubKey); if(sts != ippStsNoErr) return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + // private - int buffSizePrivKey = 0; - sts = ippsRSA_GetBufferSizePrivateKey(&buffSizePrivKey, pPrvKey); + int buffSizePrivKey1 = 0; + sts = ippsRSA_GetBufferSizePrivateKey(&buffSizePrivKey1, pPrvKey); if(sts != ippStsNoErr) return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; /* resize buffer */ - total_size = IPP_MAX(buffSize, buffSizePrivKey) + IPPCP_RSA_ALIGNMENT; + total_size = IPP_MAX(IPP_MAX(buffSizeSignVerify, buffSizePrivKey1), buffSizePrivKey2) + IPPCP_RSA_ALIGNMENT; *pBufferSize = total_size; return IPPCP_ALGO_SELFTEST_OK; @@ -233,11 +267,13 @@ IPPFUN(fips_test_status, fips_selftest_ippsRSASign_PSS_rmf,(Ipp8u *pBuffer, Ipp8 internalMemMgm = 1; int keysBuffSize = 0; - fips_selftest_ippsRSASignVerify_PSS_rmf_get_size_keys(&keysBuffSize); + sts = fips_selftest_ippsRSASignVerify_PSS_rmf_get_size_keys(&keysBuffSize); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } pKeysBuffer = malloc((size_t)keysBuffSize); int dataBuffSize = 0; - fips_selftest_ippsRSASignVerify_PSS_rmf_get_size(&dataBuffSize, pKeysBuffer); + sts = fips_selftest_ippsRSASignVerify_PSS_rmf_get_size(&dataBuffSize, pKeysBuffer); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } pBuffer = malloc((size_t)dataBuffSize); } #else @@ -251,30 +287,58 @@ IPPFUN(fips_test_status, fips_selftest_ippsRSASign_PSS_rmf,(Ipp8u *pBuffer, Ipp8 /* Initialize BigNumber-s */ int dByteSize; sts = ippsBigNumGetSize(IPPCP_PRIV_EXP_WORD_SIZE, &dByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_BN_ALIGNMENT)); IppsBigNumState* bnD = (IppsBigNumState *)pLocKeysBuffer; pLocKeysBuffer += dByteSize; int eByteSize; sts = ippsBigNumGetSize(IPPCP_PUB_EXP_WORD_SIZE, &eByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_BN_ALIGNMENT)); IppsBigNumState* bnE = (IppsBigNumState *)pLocKeysBuffer; pLocKeysBuffer += eByteSize; int nByteSize; sts = ippsBigNumGetSize(IPPCP_MODULUS_WORD_SIZE, &nByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_BN_ALIGNMENT)); IppsBigNumState* bnN = (IppsBigNumState *)pLocKeysBuffer; pLocKeysBuffer += nByteSize; sts = ippcp_init_set_bn(bnD, IPPCP_PRIV_EXP_WORD_SIZE, ippBigNumPOS, (const Ipp32u *)pPrivExp, IPPCP_PRIV_EXP_WORD_SIZE); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } sts = ippcp_init_set_bn(bnE, IPPCP_PUB_EXP_WORD_SIZE, ippBigNumPOS, (const Ipp32u *)pPubExp, IPPCP_PUB_EXP_WORD_SIZE); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } sts = ippcp_init_set_bn(bnN, IPPCP_MODULUS_WORD_SIZE, ippBigNumPOS, (const Ipp32u *)pModulus, IPPCP_MODULUS_WORD_SIZE); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } /* Initialize key pair */ // private key int privKeyByteSize = 0; - ippsRSA_GetSizePrivateKeyType1(modulusBitSize, privExpBitSize, &privKeyByteSize); + sts = ippsRSA_GetSizePrivateKeyType1(modulusBitSize, privExpBitSize, &privKeyByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_RSA_ALIGNMENT)); IppsRSAPrivateKeyState* pPrvKey = (IppsRSAPrivateKeyState*)pLocKeysBuffer; sts = ippsRSA_InitPrivateKeyType1(modulusBitSize, privExpBitSize, pPrvKey, privKeyByteSize); @@ -286,7 +350,11 @@ IPPFUN(fips_test_status, fips_selftest_ippsRSASign_PSS_rmf,(Ipp8u *pBuffer, Ipp8 // public key int pubKeyByteSize = 0; - ippsRSA_GetSizePublicKey(modulusBitSize, pubExpBitSize, &pubKeyByteSize); + sts = ippsRSA_GetSizePublicKey(modulusBitSize, pubExpBitSize, &pubKeyByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_RSA_ALIGNMENT)); IppsRSAPublicKeyState* pPubKey = (IppsRSAPublicKeyState*)pLocKeysBuffer; sts = ippsRSA_InitPublicKey(modulusBitSize, pubExpBitSize, pPubKey, pubKeyByteSize); @@ -310,7 +378,7 @@ IPPFUN(fips_test_status, fips_selftest_ippsRSASign_PSS_rmf,(Ipp8u *pBuffer, Ipp8 /* RSA Signature Generation */ Ipp8u* pLocSignBuffer = (IPP_ALIGNED_PTR(pBuffer, IPPCP_RSA_ALIGNMENT)); - sts = ippsRSASign_PSS_rmf(pMsg, msgByteLen, pSalt, saltByteLen, pOutSig, pPrvKey, + sts = ippsRSASign_PSS_rmf(pMsg, msgByteLen, pSalt, saltByteLen, pOutSig, pPrvKey, pPubKey, ippsHashMethod_SHA256(), pLocSignBuffer); int sigFlagErr = ippcp_is_mem_eq(pSig, sizeof(pSig), pOutSig, sizeof(pSig)); @@ -334,11 +402,13 @@ IPPFUN(fips_test_status, fips_selftest_ippsRSAVerify_PSS_rmf,(Ipp8u *pBuffer, Ip internalMemMgm = 1; int keysBuffSize = 0; - fips_selftest_ippsRSASignVerify_PSS_rmf_get_size_keys(&keysBuffSize); + sts = fips_selftest_ippsRSASignVerify_PSS_rmf_get_size_keys(&keysBuffSize); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } pKeysBuffer = malloc((size_t)keysBuffSize); int dataBuffSize = 0; - fips_selftest_ippsRSASignVerify_PSS_rmf_get_size(&dataBuffSize, pKeysBuffer); + sts = fips_selftest_ippsRSASignVerify_PSS_rmf_get_size(&dataBuffSize, pKeysBuffer); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } pBuffer = malloc((size_t)dataBuffSize); } #else @@ -350,25 +420,49 @@ IPPFUN(fips_test_status, fips_selftest_ippsRSAVerify_PSS_rmf,(Ipp8u *pBuffer, Ip /* Initialize BigNumber-s */ int eByteSize; sts = ippsBigNumGetSize(IPPCP_PUB_EXP_WORD_SIZE, &eByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_BN_ALIGNMENT)); IppsBigNumState* bnE = (IppsBigNumState *)pLocKeysBuffer; pLocKeysBuffer += eByteSize; int nByteSize; sts = ippsBigNumGetSize(IPPCP_MODULUS_WORD_SIZE, &nByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_BN_ALIGNMENT)); IppsBigNumState* bnN = (IppsBigNumState *)pLocKeysBuffer; pLocKeysBuffer += nByteSize; sts = ippcp_init_set_bn(bnE, IPPCP_PUB_EXP_WORD_SIZE, ippBigNumPOS, (const Ipp32u *)pPubExp, IPPCP_PUB_EXP_WORD_SIZE); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } sts = ippcp_init_set_bn(bnN, IPPCP_MODULUS_WORD_SIZE, ippBigNumPOS, (const Ipp32u *)pModulus, IPPCP_MODULUS_WORD_SIZE); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } /* Initialize and set public key */ int pubKeyByteSize = 0; - ippsRSA_GetSizePublicKey(modulusBitSize, pubExpBitSize, &pubKeyByteSize); + sts = ippsRSA_GetSizePublicKey(modulusBitSize, pubExpBitSize, &pubKeyByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_RSA_ALIGNMENT)); IppsRSAPublicKeyState* pPubKey = (IppsRSAPublicKeyState*)pLocKeysBuffer; - ippsRSA_InitPublicKey(modulusBitSize, pubExpBitSize, pPubKey, pubKeyByteSize); + sts = ippsRSA_InitPublicKey(modulusBitSize, pubExpBitSize, pPubKey, pubKeyByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } sts = ippsRSA_SetPublicKey(bnN, bnE, pPubKey); if(sts != ippStsNoErr) { MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) @@ -390,5 +484,183 @@ IPPFUN(fips_test_status, fips_selftest_ippsRSAVerify_PSS_rmf,(Ipp8u *pBuffer, Ip return test_result; } +IPPFUN(fips_test_status, fips_selftest_ippsRSA_GenerateKeys,(Ipp8u *pBuffer, Ipp8u *pKeysBuffer)) +{ + IppStatus sts = ippStsNoErr; + fips_test_status test_result = IPPCP_ALGO_SELFTEST_OK; + + /* Internal memory allocation feature */ + int internalMemMgm = 0; +#if IPPCP_SELFTEST_USE_MALLOC + if(pBuffer == NULL || pKeysBuffer == NULL) { + internalMemMgm = 1; + + int keysBuffSize = 0; + sts = fips_selftest_ippsRSASignVerify_PSS_rmf_get_size_keys(&keysBuffSize); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } + pKeysBuffer = malloc((size_t)keysBuffSize); + + int dataBuffSize = 0; + sts = fips_selftest_ippsRSASignVerify_PSS_rmf_get_size(&dataBuffSize, pKeysBuffer); + if (sts != ippStsNoErr) { return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; } + pBuffer = malloc((size_t)dataBuffSize); + } +#else + IPP_BADARG_RET((NULL == pBuffer) || (NULL == pKeysBuffer), IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR); +#endif + + /* buffer for the generated signature */ + Ipp8u pOutSig[256] = {0}; + Ipp8u* pLocKeysBuffer = pKeysBuffer; + + /* Initialize BigNumber-s */ + int dByteSize; + sts = ippsBigNumGetSize(IPPCP_PRIV_EXP_WORD_SIZE, &dByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } + pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_BN_ALIGNMENT)); + IppsBigNumState* bnD = (IppsBigNumState *)pLocKeysBuffer; + pLocKeysBuffer += dByteSize; + + int eByteSize; + sts = ippsBigNumGetSize(IPPCP_PUB_EXP_WORD_SIZE, &eByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } + pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_BN_ALIGNMENT)); + IppsBigNumState* bnE = (IppsBigNumState *)pLocKeysBuffer; + pLocKeysBuffer += eByteSize; + + int nByteSize; + sts = ippsBigNumGetSize(IPPCP_MODULUS_WORD_SIZE, &nByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } + pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_BN_ALIGNMENT)); + IppsBigNumState* bnN = (IppsBigNumState *)pLocKeysBuffer; + pLocKeysBuffer += nByteSize; + + sts = ippcp_init_set_bn(bnD, IPPCP_PRIV_EXP_WORD_SIZE, ippBigNumPOS, (const Ipp32u *)pPrivExp, IPPCP_PRIV_EXP_WORD_SIZE); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } + sts = ippcp_init_set_bn(bnE, IPPCP_PUB_EXP_WORD_SIZE, ippBigNumPOS, (const Ipp32u *)pPubExp, IPPCP_PUB_EXP_WORD_SIZE); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } + sts = ippcp_init_set_bn(bnN, IPPCP_MODULUS_WORD_SIZE, ippBigNumPOS, (const Ipp32u *)pModulus, IPPCP_MODULUS_WORD_SIZE); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } + + // prime generator + int size; + sts = ippsPrimeGetSize(primeBitsize, &size); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } + IppsPrimeState* pPrimeG = (IppsPrimeState*)(IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_GFP_ALIGNMENT)); + sts = ippsPrimeInit(primeBitsize, pPrimeG); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } + pLocKeysBuffer += size; + + int privKey2ByteSize = 0; + sts = ippsRSA_GetSizePrivateKeyType2(primeBitsize, privExpBitSize - primeBitsize, &privKey2ByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } + pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_RSA_ALIGNMENT)); + IppsRSAPrivateKeyState* pPrvKey2 = (IppsRSAPrivateKeyState*)pLocKeysBuffer; + sts = ippsRSA_InitPrivateKeyType2(primeBitsize, privExpBitSize - primeBitsize, pPrvKey2, privKey2ByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } + pLocKeysBuffer += (privKey2ByteSize); + + // initialize RNG + int pRandSize; + const int seedBitsize = 160; + sts = ippsPRNGGetSize(&pRandSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } + IppsPRNGState* pRand = (IppsPRNGState*)pLocKeysBuffer; + sts = ippsPRNGInit(seedBitsize, pRand); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } + pLocKeysBuffer += (pRandSize); + + // generate keys + Ipp8u* pLocGenerateKeysBuffer = (IPP_ALIGNED_PTR(pBuffer, IPPCP_RSA_ALIGNMENT)); + sts = ippStsInsufficientEntropy; + for(int loop_count = 0; loop_count < 100 && ippStsInsufficientEntropy == sts; ++loop_count) { + sts = ippsRSA_GenerateKeys(bnE, bnN, bnE, bnD, pPrvKey2, pLocGenerateKeysBuffer, 0, pPrimeG, ippsPRNGen, pRand); + } + + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } + + // public key + int pubKeyByteSize = 0; + sts = ippsRSA_GetSizePublicKey(modulusBitSize, pubExpBitSize, &pubKeyByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } + pLocKeysBuffer = (IPP_ALIGNED_PTR(pLocKeysBuffer, IPPCP_RSA_ALIGNMENT)); + IppsRSAPublicKeyState* pPubKey = (IppsRSAPublicKeyState*)pLocKeysBuffer; + sts = ippsRSA_InitPublicKey(modulusBitSize, pubExpBitSize, pPubKey, pubKeyByteSize); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } + + /* set public and private keys */ + sts = ippsRSA_SetPublicKey(bnN, bnE, pPubKey); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } + + /* RSA Signature Generation */ + Ipp8u* pLocSignBuffer = (IPP_ALIGNED_PTR(pBuffer, IPPCP_RSA_ALIGNMENT)); + sts = ippsRSASign_PSS_rmf(pMsg, msgByteLen, pSalt, saltByteLen, pOutSig, pPrvKey2, + pPubKey, ippsHashMethod_SHA256(), pLocSignBuffer); + if(sts != ippStsNoErr) { + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return IPPCP_ALGO_SELFTEST_BAD_ARGS_ERR; + } + + /* RSA Signature Verification */ + int isValid; + Ipp8u* pLocVerifBuffer = (IPP_ALIGNED_PTR(pBuffer, IPPCP_RSA_ALIGNMENT)); + sts = ippsRSAVerify_PSS_rmf(pMsg,msgByteLen, pOutSig, &isValid, pPubKey, + ippsHashMethod_SHA256(), pLocVerifBuffer); + + if(!isValid || sts != ippStsNoErr) { + test_result = IPPCP_ALGO_SELFTEST_KAT_ERR; + } + MEMORY_FREE_2(pKeysBuffer, pBuffer, memMgmFlag) + return test_result; +} + #endif // _IPP_DATA #endif // IPPCP_FIPS_MODE diff --git a/sources/ippcp/ippcp_fips_selftests.def b/sources/ippcp/ippcp_fips_selftests.def index 69c9806a..2ec5963c 100644 --- a/sources/ippcp/ippcp_fips_selftests.def +++ b/sources/ippcp/ippcp_fips_selftests.def @@ -622,9 +622,12 @@ fips_selftest_ippsRSASignVerify_PSS_rmf_get_size_keys fips_selftest_ippsRSASignVerify_PSS_rmf_get_size fips_selftest_ippsRSASign_PSS_rmf fips_selftest_ippsRSAVerify_PSS_rmf +fips_selftest_ippsRSA_GenerateKeys fips_selftest_ippsGFpECSignVerifyDSA_get_size_GFp_buff fips_selftest_ippsGFpECSignVerifyDSA_get_size_GFpEC_buff fips_selftest_ippsGFpECSignVerifyDSA_get_size_data_buff fips_selftest_ippsGFpECSignDSA -fips_selftest_ippsGFpECVerifyDSA \ No newline at end of file +fips_selftest_ippsGFpECVerifyDSA +fips_selftest_ippsGFpECPublicKey +fips_selftest_ippsGFpECSharedSecretDH diff --git a/sources/ippcp/pcpaes_gcmprocessaad.c b/sources/ippcp/pcpaes_gcmprocessaad.c index a4f7ba17..eb6d94eb 100644 --- a/sources/ippcp/pcpaes_gcmprocessaad.c +++ b/sources/ippcp/pcpaes_gcmprocessaad.c @@ -213,9 +213,10 @@ IPPFUN(IppStatus, ippsAES_GCMProcessAAD,(const Ipp8u* pAAD, int aadLen, IppsAES_ /* copy the rest of AAD into the buffer */ if(aadLen) { - XorBlock(pAAD, AESGCM_GHASH(pState), AESGCM_GHASH(pState), aadLen); - AESGCM_AAD_LEN(pState) += (Ipp64u)aadLen; - AESGCM_BUFLEN(pState) = aadLen; + int locLen = IPP_MIN(aadLen, BLOCK_SIZE); + XorBlock(pAAD, AESGCM_GHASH(pState), AESGCM_GHASH(pState), locLen); + AESGCM_AAD_LEN(pState) += (Ipp64u)locLen; + AESGCM_BUFLEN(pState) = locLen; } #endif /* #if(_IPP32E>=_IPP32E_K0) */ diff --git a/sources/ippcp/pcpaes_gcmprocessiv.c b/sources/ippcp/pcpaes_gcmprocessiv.c index 3c46b6c5..bdb45ff6 100644 --- a/sources/ippcp/pcpaes_gcmprocessiv.c +++ b/sources/ippcp/pcpaes_gcmprocessiv.c @@ -147,9 +147,10 @@ IPPFUN(IppStatus, ippsAES_GCMProcessIV,(const Ipp8u* pIV, int ivLen, IppsAES_GCM /* copy the rest of IV into the buffer */ if(ivLen) { - XorBlock(pIV, AESGCM_COUNTER(pState), AESGCM_COUNTER(pState), ivLen); - AESGCM_IV_LEN(pState) += (Ipp64u)ivLen; - AESGCM_BUFLEN(pState) += ivLen; + int locLen = IPP_MIN(ivLen, BLOCK_SIZE); + XorBlock(pIV, AESGCM_COUNTER(pState), AESGCM_COUNTER(pState), locLen); + AESGCM_IV_LEN(pState) += (Ipp64u)locLen; + AESGCM_BUFLEN(pState) += locLen; } #endif /* #if(_IPP32E>=_IPP32E_K0) */ diff --git a/sources/ippcp/pcpmask_ct.h b/sources/ippcp/pcpmask_ct.h index 6357344a..85245e23 100644 --- a/sources/ippcp/pcpmask_ct.h +++ b/sources/ippcp/pcpmask_ct.h @@ -48,12 +48,38 @@ // cpIs_msb_ct( sgn_char) tests 7 bit of sgn_char */ - /* Disable optimization for Clang compiler to produce constant execution time code */ -#if defined( __clang__ ) && !defined (__INTEL_COMPILER) +#if defined( __clang__ ) && !defined (__INTEL_COMPILER) && !defined (__INTEL_LLVM_COMPILER) #pragma clang optimize off #endif +#if defined (__INTEL_LLVM_COMPILER) + +/* replace under mask: dst[] = replaceFlag? src[] : dst[] */ +static __NOINLINE void cpMaskedReplace_ct(BNU_CHUNK_T* dst, const BNU_CHUNK_T* src, int len, BNU_CHUNK_T replaceMask) +{ + BNU_CHUNK_T dstMask = ~replaceMask; + int n; + for(n=0; n> (sizeof(a) * 8 - 1)); +} + +#else + /* replace under mask: dst[] = replaceFlag? src[] : dst[] */ __INLINE void cpMaskedReplace_ct(BNU_CHUNK_T* dst, const BNU_CHUNK_T* src, int len, BNU_CHUNK_T replaceMask) { @@ -77,7 +103,9 @@ __INLINE BNU_CHUNK_T cpIsMsb_ct(BNU_CHUNK_T a) return (BNU_CHUNK_T)0 - (a >> (sizeof(a) * 8 - 1)); } -#if defined( __clang__ ) && !defined (__INTEL_COMPILER) +#endif // if defined (__INTEL_LLVM_COMPILER) + +#if defined( __clang__ ) && !defined (__INTEL_COMPILER) && !defined (__INTEL_LLVM_COMPILER) #pragma clang optimize on #endif diff --git a/sources/ippcp/pcptool.h b/sources/ippcp/pcptool.h index 1d0cb1ea..3680cc85 100644 --- a/sources/ippcp/pcptool.h +++ b/sources/ippcp/pcptool.h @@ -48,9 +48,9 @@ __INLINE void CopyBlock8(const void* pSrc, void* pDst) ((Ipp8u*)pDst)[k] = ((Ipp8u*)pSrc)[k]; } -/* Because of the incorrect inlining with ICX compiler definition of CopyBlock16 function was moved to pcptool.c */ +/* Because of the incorrect inlining with ICX compiler definition of CopyBlock16 function was moved to pcptool.c */ #define CopyBlock16 OWNAPI(CopyBlock16) -IPP_OWN_DECL (void, CopyBlock16, (const void* pSrc, void* pDst)) +IPP_OWN_DECL (void, CopyBlock16, (const void* pSrc, void* pDst)) __INLINE void CopyBlock24(const void* pSrc, void* pDst) { @@ -102,8 +102,10 @@ __INLINE void XorBlock(const void* pSrc1, const void* pSrc2, void* pDst, int len const Ipp8u* p2 = (const Ipp8u*)pSrc2; Ipp8u* d = (Ipp8u*)pDst; int k; - for(k=0; k