diff --git a/crypto/fips_callback_test.cc b/crypto/fips_callback_test.cc index 426c7b8ecf..f87c52a9fd 100644 --- a/crypto/fips_callback_test.cc +++ b/crypto/fips_callback_test.cc @@ -19,28 +19,39 @@ extern "C" { void AWS_LC_fips_failure_callback(const char* message) { ASSERT_EQ(1, FIPS_mode()); - - // TODO update the self test to report the actual test that failed const std::map kat_failure_messages = { - {"HMAC-SHA-256", "Integrity test failed"}, - {"AES-CBC-encrypt", "Self-tests failed"}, - {"AES-CBC-decrypt", "Self-tests failed"}, - {"AES-GCM-encrypt", "Self-tests failed"}, - {"AES-GCM-decrypt", "Self-tests failed"}, - {"DRBG", "Self-tests failed"}, - {"DRBG-reseed", "Self-tests failed"}, - {"SHA-1", "Self-tests failed"}, - {"SHA-256", "Integrity test failed"}, - {"SHA-512", "Self-tests failed"}, - {"TLS-KDF", "Self-tests failed"}, - {"RSA-sign", "RSA self-tests failed"}, - {"RSA-verify", "RSA self-tests failed"}, - {"ECDSA-sign", "ECC self-tests failed"}, - {"ECDSA-verify", "ECC self-tests failed"}, - {"Z-computation", "ECC self-tests failed"}, - {"FFDH", "FFDH self-tests failed"}, - {"RSA_PWCT", "RSA PCT failed"}, - {"ECDSA_PWCT", "EC PCT failed"} + {"HMAC-SHA-256", "HMAC-SHA-256 KAT failed.\nExpected: 365f5bd5f5ebfdc76e53a5736d732013aad3bc864bb884941646889c48eea90e\nCalculated: 853c7403937d8b6239569b184eb7993fc5f751aefcea28f2c863858e2d29c50b\n"}, + {"AES-CBC-encrypt", "AES-CBC-encrypt KAT failed.\nExpected: 5646c141f413d6ff6292417a26c686bd305fb657a7d2503ac55e8e9340f210d8\nCalculated: a2be9b9cf41b6e1ddb4d65278d5dd28c02e449fca4bdff92f1a9a9cec178954c\n"}, + {"AES-CBC-decrypt", "AES-CBC-decrypt KAT failed.\nExpected: 51a7a01f6b796ccd4803a141dc56a6c216b5d1d3b706b2256fa6d0d20e6f19b5\nCalculated: 85d7b98cd1599f7340ec7a00db67519185d7b98cd1599f7340ec7a00db675191\n"}, + {"AES-GCM-encrypt", "AES-GCM-encrypt KAT failed.\nExpected: 877bd58d963e4be66494402f619b7e56527da45af9a6e2db1c632e97930ffbedb59e1c20b2b058da48072dbd960d34c6\nCalculated: 08b7951416b03e2ccb61c2a6e9d3d6dbd2f6f1f1b73592a261f7257f5f128369f9ecdc5bad903c25ee946273656b472f\n"}, + {"AES-GCM-decrypt", "AES-GCM-decrypt KAT failed because EVP_AEAD_CTX_open failed.\n"}, + {"DRBG", "DRBG Generate KAT failed.\nExpected: 191f2b497685fd51b656bc1c7dd5dd4476a35e179b8eb8986512ca356ca06fa022e4f6d843ed4e2d9739433b57fc233f710ae0edfed5b8677a0039b26ea92597\nCalculated: 4af020970d7d770f44491cd477258a5a8f93a6496a5b98f342d1dcf5ebc374d9d21264e4627aa36678405a542bcf318c4d931da7a9012da5759a8ec58064144b\n"}, + {"DRBG-reseed", "DRBG-reseed KAT failed.\nExpected: 00f205aafd116c77bc818699ca51cf80159f029e0bcd26c84b878a151addf2f3eb940b08c8c957a40b4b0f13de7c0c6aac344a9af2d083020517c9818f2a8192\nCalculated: 533a0ea1f2577e4d2b4ddcf8d2d9a73132ea6e5a4595c1b923d610798707afde1efd7e0cfed5147fe0d4ce418b61c794dfbd125dd38d3c81684114655d927cd0\n"}, + {"SHA-1", "SHA-1 KAT failed.\nExpected: 941955930a582938ebf509116d1afd0f1e11e3cb\nCalculated: e129f27c5103bc5cc44bcdf0a15e160d445066ff\n"}, + {"SHA-256", "SHA-256 KAT failed.\nExpected: 7fe4d5f1a1e38287d958f511c71d5e275eccd266cfb9c8c660d8921e57fd4675\nCalculated: 374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb\n"}, + {"SHA-512", "SHA-512 KAT failed.\nExpected: 293c94354e9883e5c278367ae51890bf35410164198d26ebe1f82f048efa8b2bc6b29d5d46765ac8b525a3ea5284476d6df4c971f33d894c3b208c5b75e8f87c\nCalculated: 0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27\n"}, + {"SHA3-256", "SHA3-256 KAT failed.\nExpected: b87d9e4722edd3918729ded9a6d03af8256998ee088a1ae662ef4bcaff142a96\nCalculated: 61664696888a110278ff672620c85217e69aa662a83304052f1014d395f545bf\n"}, + {"TLS-KDF", "TLS-KDF KAT failed.\nExpected: e21dd6c268c757032c2cebbbb8a97de9eee6c947830abd11605dd52c47b60588\nCalculated: f6bf8fed0639cca6712ccba58f955c225fcc666ae8f55b968fd022bddd77db63\n"}, + {"RSA-sign", "RSA-sign KAT failed.\nExpected: b7ee251166d4fd87108f7c859a1d35422b0230aa8a81f750b264c015e6bd5de1038bf4d35b4a8cf17f3fcd1fe090783adeefd269e7e559bac9de537484aa33062947d60f00cae2deab6c869db2c64fb68edebe1c26462fbb05c12b79b0824ec903b31a27d0c8522e220470501dcfd66d7aa088903a496465728851e6db8e8cbe1c50c71ac08b443d8446b0a27b37c803f0012e76c10b7b0a5e62d9934b86afa844203fcae76b8d2756f603c1d55eaa6434a4f6f20b86c1d4a4a96e588c0a09caad4bd66b3bfefefb093c76db332d622844c4d543e4862ea8a026a88ce9407cf8598407bd90e0c7cb768b410fbaedc9bf1477c5db16d1db33bc20d0ec04bff8e3\nCalculated: 24e2b547c5ce89bd2943f6cf0ae6956ac6e639ceea104b5aff8940e89b57c7f5fef175cb6db081898ee6be7e4588fd1a44af573467743617d8c64c9edb9ca1b6925bc0423535d40bd9f60d5978ef1814d9344a5e5eaf5351c1b4d88cf0ec452b7f30ee14f49b61986434249d0e8ae7d0f3d96f3f0c3103cd419966bdde766c8ff0ae674ea6f0d5e2b57dd08f42f0b735c37ec85583e46ac7fa1b9ef530aa4fd34d9122004b069b2dab228f4ee1fc7e722f552994f8922eab4ee5522638a506e2fefd7fe568dc058eb2b59937c8e40b2719a7291e3bb574d5ee1580662657331e0bc4e02371a362172d642ff5b0a641a386be74870dd98833f4c5ba489b6faef8\n"}, + {"RSA-verify", "RSA-verify KAT failed.\n"}, + {"ECDSA-sign", "ECDSA-sign signature failed.\nExpected: 6780c5fc70275e2c7061a0e7877bb174deadeb9887027f3fa83654158ba7f50c3a82d965b2a72ac5a607bc56ab3722c842d921c04936e9e25fd7b600e7d8dc80\nCalculated: 6780c5fc70275e2c7061a0e7877bb174deadeb9887027f3fa83654158ba7f50c14672fa0338e4b0376d7255bf240b99a3c40f37dc1747346de9a6aaaedb3175b\n"}, + {"ECDSA-verify", "ECDSA-verify KAT failed.\n"}, + {"Z-computation", "Z-computation failed.\nExpected: 04f1630088c5d5e90552acb6ec6876b8737f0f7234e6bb30322237b62a80e89e6e6f3602e721d231db9463b7d8190ec2c0a72f15491aa27c418faf9c40af2e4a0c\nCalculated: 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\n"}, + {"FFDH", "FFDH self tests failed"}, + {"RSA_PWCT", "RSA keygen checks failed"}, + {"ECDSA_PWCT", "EC keygen checks failed"}, + {"ED25519-sign", "ED25519-sign failed.\nExpected: a881e8d95ddbd5d14760af4ecfce4596f72e04d7eeccb9c6a193e24dd735b13c18a534c7793145469dd16f0c5e0371a3fb85063597c0924597cb427560db2a0b\nCalculated: 8608f1c9cf5070fae1f6833c868886a1e997bd3d02d200c942286d831ed78e16ce580009d05bea51d78dd4f65fb0179373d3449c7088133fd0774854cf03bb00\n"}, + {"ED25519-verify", "ED25519-verify failed.\n"}, + {"ED25519ph-sign", "ED25519ph-sign failed.\nExpected: 0b933d3f5900e3a1e53947ce9732c7014037e9c94b71cd3afb6046aa29fea9bbd81c50541064c659d0075fb38c8b420f8148682dc9f8384355105c3970d20609\nCalculated: 55cf180696924ba9ac1275ea19da4d1584f69250c479145cdbd7068ffbfadf8d5aafb666893b365dcaf66ae20bc9e813df3b3f9d3197ead79d644fc5a17dff0d\n"}, + {"ED25519ph-verify", "ED25519ph-verify failed.\n"}, + {"ML-KEM-keyGen-decaps", "ML-KEM-keyGen-decaps failed.\nExpected: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\nCalculated: 88c12ceaa6cb91f589acb86d913c7a60f7cdabe3b7b590091d0084e29a049b436841f2473b03165ae9c6a9826d6c650d04b388eff594505b7e54709530546825a070a625b0e5fa866e6aaf40c2414246240973c7598aae7c363e4303abb7a11131b464a943996de7592ca04922ea8a4d73b443ea048c06acc4e55a8f254bf6d271fd827119ec5b5580498bfcc09eb0266f8c2b45988ae98c1e5402b7003463f20359470159c0509fa971153443ce2580c0b2443f8ac2b0810401e73052d626bf58c674ee48880c408d1f313a94b1667f897628c55a83e28634a20710d25da88b2ac90c0f5d6b0ed6e080fd2c24bb11816b5c607957781db2287966717ffa500a03025839164115ba5ea7b717344588169e8a85a9e83c516cab5ee6e63b7c736ce90628ddeca99a6bc547588681bc2223f39fbc4464b41c63d924afeba1098960bd43c12fd0080f490c8c50f4843222303c6821ad7b663d8844a1368a19549e5cfc83d14a8491205c44f5492bf609b69c526c95aa5e508ecf714b7955b61f6cab340b06200432ce3b1ecd0a075a8332046865959a25698a081df3532691348a2581d606a0e0b2cf2e8b3c9afc594e926eb0d7c702c0c3e5b54ee2c86ca20cc476aaaca3208f32a20190562c27338202071e11665f134273bdaacbc952b994ba9462671226514b446113e7ab7edb9c54c311c4da94104d262a80280e39201e755191763983c439a95aeaafa767c2cb594829e6313e386982d6621acc4bb0991a60790a2b0c5f3139aadd7045f7d849aa209bf60bc15ed82667414b70b71a7e184e164280af00bf95a9ad3de41dcf19623610cfb30687a5a082a2458870eb33d649b3fce3317e0362ee6175fb811c7fe3647ca21020673aedd23bf0470cd8735ce53a78082668e49a5132d1336a084360187fcff9227cdc0d7f205b2af2c88dc6bc9a04b41f429fa9a386f58b8f216cbf6714a619597caa5a9bf668048d7135105a9425cb46fe807a406459b067b716f5a47730974b207826716fe3f747fd74cd8c025720b1003f27b2dea695f221971cd5af81a1a795001f125c285c150ddc9959e9e0220a694556bc0a4b5aade032b2aa877c0da816ef32a84d77bbff4656e680854e6961a417082bd46f5023c47cea09bba2145d415188e13803bb5e7fc19d39819e59ca7fdc38051d969401d4c411dac00a47ab57527daa897a37759351b4b1185b1496d79aa33229bea3c0e8dbcf1d7a64730928775c74c946181bb88e0a38a165ebbdc7860b014c59894c7211bc23d39077e62944d3c48c434b737b1a64b5f9a1646a18a5195a54603ffc280bf5ea1bf3d8cb4112aa82fab89e2633665597bed30de6c8897a9613ea8c11736524a7086266523fbab887465494ebfc96fbe4466775bc0d707e624bb3de700eaac9b37c2bc12b52aa2dfb73b7006bd956c0b9324c47295e4e4c4cc47ba9b5a899694b38a64a29120684bf64c648211b18d017ce34849c4a092b24bcb8960d870422ebd954bc7264ba95a727a31926f31c12381d0d051e1e04190b949322442845f3aa6fb17940442a9c1a183b2397dcc0770cb2b4a07aaf0af52636778ac9949d2db42f3d036bc842b2f3b0b11d278ea025cc16ac8b6986a9b18b3356790dbc821d0ac7b5eae965fcf14b0e202b00ec5d707c45af52be2d9771bcc53b31f2525ab53f95a3b00242c11c494e2554438b0a4f68194019181bbdb194910307bc19afae553dd666564332c078604fbd8bc4fdc92f9201809ab495c1b535530bad2eb35753f91956b58bfbf62d1e33c861f73846334c4a2ac5576984ef1163a50454a3e4ce838898f225868189bdae5a03efd8001d2a9f557cb6cd93a46fbb1379d81645b853cb98b47ba87a66fcbc0ada76506b8dcd659042640ef616820ff20b26433399371dc4c50287349ca2763e3073865c5bc9aaa1437b86b20b25b6f088bd6a4c9483842d7c65257cc42ad7c7b26f58c8ed199b848b8c6f408d487637751888a95a449cab47b7a2ace6a82c7d46910526414ab149b11343b0ea32d969a508a81cf896b081087f4d52a2a9e077878a43e5971d74863a7bf20037b2974703140ea8160a5ba72227c15bec5df171140198896d31732a241f5b938ff233cba2dc82de91c6b493782b6163bc1282df855ee6a6a65975b33cb6a27d258bd317d04cef8eb557ba02d49471923cd60e9917966be90f56d2d53fa3bc2629740abbd16720a9a7069a64de7a26328817d74a7c2f55a2461b074bff8044445e11660b1b6b26df242b8fc02b9e8df538db17a639d7c46132\n"}, + {"ML-KEM-keyGen-encaps", "ML-KEM-keyGen-encaps failed.\nExpected: 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\nCalculated: a7cc68f8d02110ca5720223b9e2a8987c8a24835a20dabcbefa430e74a85af80b9b74b74574c5e5f585459ca3610940f0b57b33344ceacccc135557b82f4968688a0168c1aa2940e5604482bf8b900a4343096446330cfee10917c0338181b7fe8d30f4816087d6299f225417f533ee40473894847bd45291367be6b1a7dee55bb21d60e3828552f4c8a6f3c54fc74cf67a614eeab002a076851879cef2218fdb3766123c2de32a269b6aa4661b69370314c004446f7258c40b2ea789f40ca023bbb1217c2c44b380c6e3194edd129d039218d9b75194a386d944acce7a9720ab026362004e95bf9229290b53613416082e82ba8a42a5ff14759f57712395706b307f7635ecee42317a48eb3b90683f3ab53d17c50f53c6cfb1c0cf59d6f2a981021428a7ac5edf13b26844d83c31d3608710e623aabb24b6c5b48baebc1b3078972589201b7a30bc09315612b067655bec403a69c89eb137c31157971098cb693ba4ae9ae40a8031cec92580bcc1b5ab3ecd1aa5f79aa2cd69249d138c8965a81c87a07eb59a4612e60658f4df028cef8af1b837e0ab0bfedb726904290d0bc41df6a67f7a4166609952439631960648e229a21f2a4d82abad3ec8135dc9bb43c703d3b33e437c9ef7bca91c3465676740125a15ad1707088b101b4273d3c4bf30181b4b2575de75ccfc13312a2a6bcebc477a9668e751629b569bfa20beca09800992c63f04b6b4a7df977a00131c2f8722e5138775235b517a709852167c1d415fdc7ad32f2aaca437e9cc6b248d9ca7c65b405e68d24e81b8688caa22b3cf5c9b147f0cc27e667a80b83ccbb4f4161a5ffd0194b1b5720e68ea0f59997f26740972d2c8124d7a6ad8327c2075a3f76b968d2aaad19c00697599e0be49fa6d65b4088b0be692dcda028095852a0d7205e4417409c0317780305a878fb582963b6953f6b8f0880b050178301d659be3a4db7e0bf2587129164178f32707d40392d85713dea82913999aa6c35aa94b3547abe40e2b0ba82b5b78319182a5a47d173176ba6fa3a4d70a8130b310743fa8aaae314381c9b7f49991f19a4ff8369638de380b5d828b7b5fcfdd91fe68efe16d4cd9eed66d65c1d2d8caf5af4a692\n"}, + {"ML-KEM-encapsulate-ciphertext", "ML-KEM-encapsulate-ciphertext failed.\nExpected: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\nCalculated: 431a4f1b2d2c6c00f1690bbe482541ef3d563774daff83207f96de7e5e4a59d5d936d9443ad422e645793e7a60a9b0a76cd672d20c69b82a5563df52d96f9a6cdfc56fbd4fd8d5a8afeb2a09d92ec854094794b4ed2db381f04c68439608aa9902a4d1689e2eb1e5f07a4a1c709262d7c2ff2f81f6eeaab2a86a41ba210eb1bf8e75febccd1a15b4d7a7b60257c89d00bd81d39fcb8d1ce3278102595dd652f7fb7d5584874f3327b174043b350ebd4d41fe08bd0e854d41cbb027c481da64dc6151b88dececcf022ddac2e22736c147e0773294231c0589967154c526b0b7cdd59568eeff5749a40cb100c60c6480897655d96e9f64d61684c0b3150646732c19409fe565540a31894703cf0179cae85bc8c1a5732649836e48e676405b9591b65ba25f9b489b9e5772aa1ed5a00143cb9f5449fd013457a3c13874cb58c75b52c9b6a9ae495ccb504a89cb5f145695b921632fb85b0316b30d4ad17fef0862d6b1e6ca6a611c8a6a7234b4362c5ca0ad9f7697687798cf624dc9f35fbb376e09953156532a9033709df755b46cc6d83de3a111e19a76b361e0ef14c91db8d91c6c6d9e3e46f42291fd6cbf5cfd122716fb0675698e602ab39ee98e0d8145eebaaa9374f5b3bb0df4d0fd83a40e0d25038c39e9bee01cf79c86f3086158d031d5c5e86bc7e7eb16e622505f2888213884c0b5252289b11fce5bfeebfbef0a32ceaf9c14c6250090028463db6f8d19684f541108fe934d88e7ef5cce9daebb32700b9397691a684298c9bf1b7c22d1bcec3fcacfbb17f2ed2b98b85e6a8fe2482996b5e099e9d0211cb9412614de87dc18d23613ed7f6c29cc37b727116dd901c2817938c29fcd026089336addc09eca90de9a25a6374fee86bcdd06ae3daaf0b1bc5b3b2790d4d9f759bef8ac743612a2bbf6e45de8b22efa61226625d4c39f346b844c5ebec5355866c00b726cc1640cb237c34a20a7c603d251f46e6b3b0fa71b3276835e3e9da5b9485e789614af49f1e9504db2528631fbe1cd7dbee85164e4c099a27a4583e9247d078f8830b46874c1b010bf3cd90eb0774961f239ba\n"}, + {"ML-KEM-encapsulate-shared-secret", "ML-KEM-encapsulate-shared-secret failed.\nExpected: 0000000000000000000000000000000000000000000000000000000000000000\nCalculated: a772df2de250ac7d896bbb820b57f2ae05f9a412ab55baa421d4af6dac62662a\n"}, + {"HKDF-SHA-256", "HKDF-SHA-256 KAT failed.\nExpected: 3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865\nCalculated: 5f59c2b22f7dc2decd91068cabda75bacf8079c31748f91e4ba67ea26c36ad8e0b8e48c9b630c42bfc3f\n"}, + {"KBKDF", "KBKDF-CTR-HMAC-SHA-256 KAT failed.\nExpected: 10621342bfb0fd40046c0e29f2cfdbf0\nCalculated: 606060902f7c6632bcde3a67f5818c48\n"}, + {"PBKDF2", "PBKDF2 KAT failed.\nExpected: 13dc8a7c13d372c90382822d2dc492f2ed52467fb7828ea864\nCalculated: e442f1807d5fc9b466badcdfd3806fed7fa50da9a6f5729117\n"}, + {"SSKDF", "SSKDF_digest KAT failed.\nExpected: 5a2e26644d16222cd636a1fdb57bfaa17f94449127612bcd7be1bb39cc18f32893d3c648c16372fb6e9c63de5433b1ccdeb51bb5f15368c8a849a1e5a4efc666fd33eeb9f6728b0479f76668cfafc13a91367074def2b50e9d9a918a120210824165d596ad4f94a3236ef7cf5843282a0a57a483819f63e0cfb2081daf9ccf35c66a03e7a02d3891f45022e1c89d888aa8087e08f45babbc52062b18e6fb70c12dcb29a194d23abc351cfb3cf4f161cc775a3e711bb1502d6901f6931407a9ae868476f998d1ca4cca296a9f14752d14f47427e666289f80892a3d14a84fe343fd78d0dadbde1819aca915f7c0c024376b40cb34bae2d26e9f4552b6b1a26fa5\nCalculated: 63d19beaa2b5a2685510e4a3bd3692cec7d370f7d8eea41239a2d89439dc9643767c37c3fd892434c4f567d3c6854b57e63222bc99df63d7d02e6527b90fe57baaecf7fcb4ba278be3b2ff6f22d8435ccbc1c4d92fd89b88915d0711ad5ca81151d7c62a3d12a8315c2b3cf6f1d7b8b367687eadcb87d7c7b4e79f629df1aa35e05a8450291fdcdb744c1013bc25883fb913942ab0b77ac3a9dcd068e46af564e7deb1d2abc60d45d7f16ff985c652bc7559b8277026d238460f6133dfe6ab5641dbbcb749481c94c6e910161e54bef623cbaec3f4e096ec66bb6f3702c86dad3bd57b25d5115a972aafe8ab15fd60a30d401a6fbd421bab89095f7be374a439\n"} }; char* broken_kat = getenv("FIPS_CALLBACK_TEST_EXPECTED_FAILURE"); diff --git a/crypto/fipsmodule/bcm.c b/crypto/fipsmodule/bcm.c index c8120dffd6..1a2919af5c 100644 --- a/crypto/fipsmodule/bcm.c +++ b/crypto/fipsmodule/bcm.c @@ -331,8 +331,8 @@ int BORINGSSL_integrity_test(void) { uint8_t result[SHA256_DIGEST_LENGTH]; const EVP_MD *const kHashFunction = EVP_sha256(); - if (!boringssl_self_test_sha256(true) || - !boringssl_self_test_hmac_sha256(true)) { + if (!boringssl_self_test_sha256() || + !boringssl_self_test_hmac_sha256()) { return 0; } @@ -377,11 +377,11 @@ int BORINGSSL_integrity_test(void) { #if defined(BORINGSSL_FIPS_BREAK_TESTS) // Check the integrity but don't call AWS_LC_FIPS_failure or return 0 - check_test(expected, result, sizeof(result), "FIPS integrity test", false); + check_test_optional_abort(expected, result, sizeof(result), "FIPS integrity test", false); #else - // Check the integrity, call AWS_LC_FIPS_failure if it doesn't match which will - // result in an abort - check_test(expected, result, sizeof(result), "FIPS integrity test", true); + // Check the integrity, call check_test_optional_abort with true to trigger an + // abort + check_test_optional_abort(expected, result, sizeof(result), "FIPS integrity test", true); #endif OPENSSL_cleanse(result, sizeof(result)); // FIPS 140-3, AS05.10. @@ -395,14 +395,18 @@ void AWS_LC_FIPS_failure(const char* message) { if (AWS_LC_fips_failure_callback != NULL) { AWS_LC_fips_failure_callback(message); } - fprintf(stderr, "AWS-LC FIPS failure caused by %s\n", message); + fprintf(stderr, "AWS-LC FIPS failure caused by:\n%s\n", message); for (;;) { abort(); exit(1); } } -#endif // BORINGSSL_FIPS +#else +void AWS_LC_FIPS_failure(const char* message) { + fprintf(stderr, "AWS-LC FIPS failure caused by:\n%s\n", message); +} +#endif #if !defined(AWSLC_FIPS) && !defined(BORINGSSL_SHARED_LIBRARY) // When linking with a static library, if no symbols in an object file are diff --git a/crypto/fipsmodule/self_check/self_check.c b/crypto/fipsmodule/self_check/self_check.c index 14da14abc4..1dcaaf8bc7 100644 --- a/crypto/fipsmodule/self_check/self_check.c +++ b/crypto/fipsmodule/self_check/self_check.c @@ -60,9 +60,8 @@ static void hexdump(char buf[MAX_HEXDUMP_SIZE], const uint8_t *in, size_t in_len } } -static int check_test(const void *expected, const void *actual, - size_t expected_len, const char *name, - const bool call_aws_lc_fips_failure) { +static int check_test_optional_abort(const void *expected, const void *actual, + size_t expected_len, const char *name, const bool call_abort) { if (OPENSSL_memcmp(actual, expected, expected_len) != 0) { assert(sizeof(name) < MAX_NAME); char expected_hex[MAX_HEXDUMP_SIZE] = {0}; @@ -74,22 +73,21 @@ static int check_test(const void *expected, const void *actual, snprintf(error_msg, sizeof(error_msg), "%s failed.\nExpected: %s\nCalculated: %s\n", name, expected_hex, actual_hex); -#if defined(BORINGSSL_FIPS) - if (call_aws_lc_fips_failure) { + if (call_abort) { AWS_LC_FIPS_failure(error_msg); } else { - fprintf(stderr, "%s", error_msg); - fflush(stderr); + fprintf(stderr, "%s\n", error_msg); } -#else - fprintf(stderr, "%s", error_msg); - fflush(stderr); -#endif return 0; } return 1; } +static int check_test(const void *expected, const void *actual, + size_t expected_len, const char *name) { + return check_test_optional_abort(expected, actual, expected_len, name, true); +} + static int set_bignum(BIGNUM **out, const uint8_t *in, size_t len) { *out = BN_bin2bn(in, len, NULL); return *out != NULL; @@ -440,7 +438,7 @@ static DH *self_test_dh(void) { // actually exercised, in FIPS mode. (In non-FIPS mode these tests are only run // when requested by |BORINGSSL_self_test|.) -static int boringssl_self_test_rsa(const bool call_aws_lc_fips_failure) { +static int boringssl_self_test_rsa(void) { int ret = 0; uint8_t output[256]; @@ -489,7 +487,7 @@ static int boringssl_self_test_rsa(const bool call_aws_lc_fips_failure) { if (!rsa_digestsign_no_self_test(EVP_sha256(), kRSASignPlaintext, sizeof(kRSASignPlaintext),output, &sig_len, rsa_key) || !check_test(kRSASignSignature, output, sizeof(kRSASignSignature), - "RSA-sign KAT", call_aws_lc_fips_failure)) { + "RSA-sign KAT")) { goto err; } @@ -527,7 +525,7 @@ static int boringssl_self_test_rsa(const bool call_aws_lc_fips_failure) { if (!rsa_digestverify_no_self_test(EVP_sha256(), kRSAVerifyPlaintext, sizeof(kRSAVerifyPlaintext), kRSAVerifySignature, sizeof(kRSAVerifySignature), rsa_key)) { - fprintf(stderr, "RSA-verify KAT failed.\n"); + AWS_LC_FIPS_failure("RSA-verify KAT failed.\n"); goto err; } @@ -539,7 +537,7 @@ static int boringssl_self_test_rsa(const bool call_aws_lc_fips_failure) { return ret; } -static int boringssl_self_test_ecc(const bool call_aws_lc_fips_failure) { +static int boringssl_self_test_ecc(void) { int ret = 0; EC_KEY *ec_key = NULL; EC_POINT *ec_point_in = NULL; @@ -580,8 +578,8 @@ static int boringssl_self_test_ecc(const bool call_aws_lc_fips_failure) { if (sig == NULL || !serialize_ecdsa_sig(ecdsa_sign_output, sizeof(ecdsa_sign_output), sig) || !check_test(kECDSASignSig, ecdsa_sign_output, sizeof(ecdsa_sign_output), - "ECDSA-sign signature", call_aws_lc_fips_failure)) { - fprintf(stderr, "ECDSA-sign KAT failed.\n"); + "ECDSA-sign signature")) { + AWS_LC_FIPS_failure("ECDSA-sign KAT failed.\n"); goto err; } @@ -604,7 +602,7 @@ static int boringssl_self_test_ecc(const bool call_aws_lc_fips_failure) { if (!sig || !ecdsa_digestverify_no_self_test(EVP_sha256(), kECDSAVerifyPlaintext, sizeof(kECDSAVerifyPlaintext), sig, ec_key)) { - fprintf(stderr, "ECDSA-verify KAT failed.\n"); + AWS_LC_FIPS_failure("ECDSA-verify KAT failed.\n"); goto err; } @@ -639,7 +637,7 @@ static int boringssl_self_test_ecc(const bool call_aws_lc_fips_failure) { ec_point_in = EC_POINT_new(ec_group); ec_point_out = EC_POINT_new(ec_group); ec_scalar = BN_new(); - uint8_t z_comp_result[65]; + uint8_t z_comp_result[65] = {0}; if (ec_point_in == NULL || ec_point_out == NULL || ec_scalar == NULL || !EC_POINT_oct2point(ec_group, ec_point_in, kP256Point, sizeof(kP256Point), NULL) || @@ -649,7 +647,7 @@ static int boringssl_self_test_ecc(const bool call_aws_lc_fips_failure) { !EC_POINT_point2oct(ec_group, ec_point_out, POINT_CONVERSION_UNCOMPRESSED, z_comp_result, sizeof(z_comp_result), NULL) || !check_test(kP256PointResult, z_comp_result, sizeof(z_comp_result), - "Z-computation", call_aws_lc_fips_failure)) { + "Z-computation")) { goto err; } @@ -665,7 +663,7 @@ static int boringssl_self_test_ecc(const bool call_aws_lc_fips_failure) { return ret; } -static int boringssl_self_test_ffdh(const bool call_aws_lc_fips_failure) { +static int boringssl_self_test_ffdh(void) { int ret = 0; DH *dh = NULL; DH *fb_dh = NULL; @@ -790,7 +788,7 @@ static int boringssl_self_test_ffdh(const bool call_aws_lc_fips_failure) { if (dh == NULL || ffdhe2048_value == NULL || sizeof(dh_out) != DH_size(dh) || dh_compute_key_padded_no_self_test(dh_out, ffdhe2048_value, dh) != sizeof(dh_out) || - !check_test(kDHOutput, dh_out, sizeof(dh_out), "FFC DH", call_aws_lc_fips_failure)) { + !check_test(kDHOutput, dh_out, sizeof(dh_out), "FFC DH")) { goto err; } @@ -802,7 +800,7 @@ static int boringssl_self_test_ffdh(const bool call_aws_lc_fips_failure) { sizeof(fb_dh_out) != DH_size(fb_dh) || dh_compute_key_padded_no_self_test(fb_dh_out, fb_peers_key, fb_dh) != sizeof(fb_dh_out) || - !check_test(kDH_fb_z, fb_dh_out, sizeof(fb_dh_out), "FFC DH FB", call_aws_lc_fips_failure)) { + !check_test(kDH_fb_z, fb_dh_out, sizeof(fb_dh_out), "FFC DH FB")) { goto err; } @@ -817,7 +815,7 @@ static int boringssl_self_test_ffdh(const bool call_aws_lc_fips_failure) { return ret; } -static int boringssl_self_test_ml_kem(const bool call_aws_lc_fips_failure) { +static int boringssl_self_test_ml_kem(void) { int ret = 0; static const uint8_t kKeyGenEKSeed[MLKEM512_KEYGEN_SEED_LEN] = { @@ -902,7 +900,7 @@ static int boringssl_self_test_ml_kem(const bool call_aws_lc_fips_failure) { if (ml_kem_512_keypair_deterministic_no_self_test( keygen_encaps, keygen_decaps, kKeyGenEKSeed) || !check_test(kKeyGenEK, keygen_encaps, sizeof(keygen_encaps), - "ML-KEM-keyGen-encaps", call_aws_lc_fips_failure)) { + "ML-KEM-keyGen-encaps")) { goto err; } @@ -1060,7 +1058,7 @@ static int boringssl_self_test_ml_kem(const bool call_aws_lc_fips_failure) { if (ml_kem_512_keypair_deterministic_no_self_test( keygen_encaps, keygen_decaps, kKeyGenDKSeed) || !check_test(kKeyGenDK, keygen_decaps, sizeof(keygen_decaps), - "ML-KEM-keyGen-decaps", call_aws_lc_fips_failure)) { + "ML-KEM-keyGen-decaps")) { goto err; } @@ -1212,9 +1210,9 @@ static int boringssl_self_test_ml_kem(const bool call_aws_lc_fips_failure) { if (ml_kem_512_encapsulate_deterministic_no_self_test( ciphertext, shared_secret, kEncapEK, kEncapM) || !check_test(kEncapCiphertext, ciphertext, sizeof(kEncapCiphertext), - "ML-KEM-encapsulate-ciphertext", call_aws_lc_fips_failure) || + "ML-KEM-encapsulate-ciphertext") || !check_test(kEncapSharedSecret, shared_secret, sizeof(kEncapSharedSecret), - "ML-KEM-encapsulate-shared-secret", call_aws_lc_fips_failure)) { + "ML-KEM-encapsulate-shared-secret")) { goto err; } @@ -1497,12 +1495,12 @@ static int boringssl_self_test_ml_kem(const bool call_aws_lc_fips_failure) { if (ml_kem_512_decapsulate_no_self_test(shared_secret, kDecapCiphertext, kDecapDK) || !check_test(kDecapSharedSecret, shared_secret, sizeof(kDecapSharedSecret), - "ML-KEM decapsulate non-rejection", call_aws_lc_fips_failure) || + "ML-KEM decapsulate non-rejection") || ml_kem_512_decapsulate_no_self_test( shared_secret, kDecapCiphertextRejection, kDecapDK) || !check_test(kDecapSharedSecretRejection, shared_secret, sizeof(kDecapSharedSecretRejection), - "ML-KEM decapsulate implicit rejection", call_aws_lc_fips_failure)) { + "ML-KEM decapsulate implicit rejection")) { goto err; } @@ -1511,7 +1509,7 @@ static int boringssl_self_test_ml_kem(const bool call_aws_lc_fips_failure) { return ret; } -static int boringssl_self_test_ml_dsa(const bool call_aws_lc_fips_failure) { +static int boringssl_self_test_ml_dsa(void) { int ret = 0; // Examples kMLDSAKeyGenSeed, kMLDSAKeyGenPublicKey, kMLDSAKeyGenPrivateKey from @@ -2077,8 +2075,8 @@ static int boringssl_self_test_ml_dsa(const bool call_aws_lc_fips_failure) { uint8_t private_key[MLDSA44_PRIVATE_KEY_BYTES] = {0}; if (!ml_dsa_44_keypair_internal_no_self_test(public_key, private_key, kMLDSAKeyGenSeed) || - !check_test(kMLDSAKeyGenPublicKey, public_key, sizeof(public_key), "ML-DSA keyGen public", call_aws_lc_fips_failure) || - !check_test(kMLDSAKeyGenPrivateKey, private_key, sizeof(private_key), "ML-DSA keyGen private", call_aws_lc_fips_failure)) { + !check_test(kMLDSAKeyGenPublicKey, public_key, sizeof(public_key), "ML-DSA keyGen public") || + !check_test(kMLDSAKeyGenPrivateKey, private_key, sizeof(private_key), "ML-DSA keyGen private")) { goto err; } @@ -2089,7 +2087,7 @@ static int boringssl_self_test_ml_dsa(const bool call_aws_lc_fips_failure) { if (!ml_dsa_44_sign_internal_no_self_test(private_key, signature, &sig_len, kMLDSASignPlaintext, mlen_int, NULL, 0, kMLDSASigGenSeed) || - !check_test(kMLDSASignSignature, signature, sizeof(signature), "ML-DSA SigGen signature", call_aws_lc_fips_failure)) { + !check_test(kMLDSASignSignature, signature, sizeof(signature), "ML-DSA SigGen signature")) { goto err; } @@ -2104,7 +2102,7 @@ static int boringssl_self_test_ml_dsa(const bool call_aws_lc_fips_failure) { return ret; } -static int boringssl_self_test_eddsa(const bool call_aws_lc_fips_failure) { +static int boringssl_self_test_eddsa(void) { int ret = 0; static const uint8_t kEd25519PrivateKey[ED25519_PRIVATE_KEY_SEED_LEN] = { @@ -2140,8 +2138,8 @@ static int boringssl_self_test_eddsa(const bool call_aws_lc_fips_failure) { sizeof(kEd25519SignMessage), ed25519_private_key) || !check_test(kEd25519SignSignature, ed25519_out_sig, - ED25519_SIGNATURE_LEN, "ED25519-sign", call_aws_lc_fips_failure)) { - fprintf(stderr, "ED25519-sign failed.\n"); + ED25519_SIGNATURE_LEN, "ED25519-sign")) { + AWS_LC_FIPS_failure("ED25519-sign failed.\n"); goto err; } @@ -2158,7 +2156,7 @@ static int boringssl_self_test_eddsa(const bool call_aws_lc_fips_failure) { 0x78, 0x89, 0x67, 0x0a}; if (!ED25519_verify_no_self_test(kEd25519VerifyMessage, sizeof(kEd25519VerifyMessage), kEd25519VerifySignature, kEd25519PublicKey)) { - fprintf(stderr, "ED25519-verify failed.\n"); + AWS_LC_FIPS_failure("ED25519-verify failed.\n"); goto err; } @@ -2167,7 +2165,7 @@ static int boringssl_self_test_eddsa(const bool call_aws_lc_fips_failure) { return ret; } -static int boringssl_self_test_hasheddsa(const bool call_aws_lc_fips_failure) { +static int boringssl_self_test_hasheddsa(void) { int ret = 0; static const uint8_t kEd25519PrivateKey[ED25519_PRIVATE_KEY_SEED_LEN] = { @@ -2211,7 +2209,7 @@ static int boringssl_self_test_hasheddsa(const bool call_aws_lc_fips_failure) { &ed25519_out_sig[0], kEd25519SignMessage, sizeof(kEd25519SignMessage), ed25519_private_key, kEd25519Context, sizeof(kEd25519Context)) || !check_test(kEd25519SignSignature, ed25519_out_sig, - ED25519_SIGNATURE_LEN, "ED25519ph-sign", call_aws_lc_fips_failure)) { + ED25519_SIGNATURE_LEN, "ED25519ph-sign")) { goto err; } @@ -2230,7 +2228,7 @@ static int boringssl_self_test_hasheddsa(const bool call_aws_lc_fips_failure) { }; if (!ED25519ph_verify_no_self_test(kEd25519VerifyMessage, sizeof(kEd25519VerifyMessage), kEd25519VerifySignature, kEd25519PublicKey, kEd25519Context, sizeof(kEd25519Context))) { - fprintf(stderr, "ED25519ph-verify failed.\n"); + AWS_LC_FIPS_failure("ED25519ph-verify failed.\n"); goto err; } @@ -2242,7 +2240,7 @@ static int boringssl_self_test_hasheddsa(const bool call_aws_lc_fips_failure) { #if defined(BORINGSSL_FIPS) static void run_self_test_rsa(void) { - if (!boringssl_self_test_rsa(true)) { + if (!boringssl_self_test_rsa()) { AWS_LC_FIPS_failure("RSA self tests failed"); } } @@ -2254,7 +2252,7 @@ void boringssl_ensure_rsa_self_test(void) { } static void run_self_test_ecc(void) { - if (!boringssl_self_test_ecc(true)) { + if (!boringssl_self_test_ecc()) { AWS_LC_FIPS_failure("ECC self tests failed"); } } @@ -2266,7 +2264,7 @@ void boringssl_ensure_ecc_self_test(void) { } static void run_self_test_ffdh(void) { - if (!boringssl_self_test_ffdh(true)) { + if (!boringssl_self_test_ffdh()) { AWS_LC_FIPS_failure("FFDH self tests failed"); } } @@ -2278,7 +2276,7 @@ void boringssl_ensure_ffdh_self_test(void) { } static void run_self_test_ml_kem(void) { - if (!boringssl_self_test_ml_kem(true)) { + if (!boringssl_self_test_ml_kem()) { AWS_LC_FIPS_failure("ML-KEM self-tests failed"); } } @@ -2290,7 +2288,7 @@ void boringssl_ensure_ml_kem_self_test(void) { } static void run_self_test_ml_dsa(void) { - if (!boringssl_self_test_ml_dsa(true)) { + if (!boringssl_self_test_ml_dsa()) { AWS_LC_FIPS_failure("ML-DSA self tests failed"); } } @@ -2302,7 +2300,7 @@ void boringssl_ensure_ml_dsa_self_test(void) { } static void run_self_test_eddsa(void) { - if (!boringssl_self_test_eddsa(true)) { + if (!boringssl_self_test_eddsa()) { AWS_LC_FIPS_failure("EdDSA self tests failed"); } } @@ -2314,7 +2312,7 @@ void boringssl_ensure_eddsa_self_test(void) { } static void run_self_test_hasheddsa(void) { - if (!boringssl_self_test_hasheddsa(true)) { + if (!boringssl_self_test_hasheddsa()) { AWS_LC_FIPS_failure("EdDSA-ph self tests failed"); } } @@ -2333,7 +2331,7 @@ void boringssl_ensure_hasheddsa_self_test(void) { // These tests are run at process start when in FIPS mode. Note that the SHA256 // and HMAC-SHA256 tests are also used from bcm.c, so they can't be static. -int boringssl_self_test_sha256(const bool call_aws_lc_fips_failure) { +int boringssl_self_test_sha256(void) { static const uint8_t kInput[16] = { 0xff, 0x3b, 0x85, 0x7d, 0xa7, 0x23, 0x6a, 0x2b, 0xaa, 0x0f, 0x39, 0x6b, 0x51, 0x52, 0x22, 0x17, @@ -2348,10 +2346,10 @@ int boringssl_self_test_sha256(const bool call_aws_lc_fips_failure) { // SHA-256 KAT SHA256(kInput, sizeof(kInput), output); return check_test(kPlaintextSHA256, output, sizeof(kPlaintextSHA256), - "SHA-256 KAT", call_aws_lc_fips_failure); + "SHA-256 KAT"); } -static int boringssl_self_test_sha512(const bool call_aws_lc_fips_failure) { +static int boringssl_self_test_sha512(void) { static const uint8_t kInput[16] = { 0x21, 0x25, 0x12, 0xf8, 0xd2, 0xad, 0x83, 0x22, 0x78, 0x1c, 0x6c, 0x4d, 0x69, 0xa9, 0xda, 0xa1, @@ -2369,10 +2367,10 @@ static int boringssl_self_test_sha512(const bool call_aws_lc_fips_failure) { // SHA-512 KAT SHA512(kInput, sizeof(kInput), output); return check_test(kPlaintextSHA512, output, sizeof(kPlaintextSHA512), - "SHA-512 KAT", call_aws_lc_fips_failure); + "SHA-512 KAT"); } -int boringssl_self_test_hmac_sha256(const bool call_aws_lc_fips_failure) { +int boringssl_self_test_hmac_sha256(void) { static const uint8_t kInput[16] = { 0xda, 0xd9, 0x12, 0x93, 0xdf, 0xcf, 0x2a, 0x7c, 0x8e, 0xcd, 0x13, 0xfe, 0x35, 0x3f, 0xa7, 0x5b, @@ -2389,10 +2387,10 @@ int boringssl_self_test_hmac_sha256(const bool call_aws_lc_fips_failure) { &output_len); return output_len == sizeof(kPlaintextHMACSHA256) && check_test(kPlaintextHMACSHA256, output, sizeof(kPlaintextHMACSHA256), - "HMAC-SHA-256 KAT", call_aws_lc_fips_failure); + "HMAC-SHA-256 KAT"); } -static int boringssl_self_test_hkdf_sha256(const bool call_aws_lc_fips_failure) { +static int boringssl_self_test_hkdf_sha256(void) { static const uint8_t kHKDF_ikm_tc1[] = { // RFC 5869 Test Case 1 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b @@ -2417,10 +2415,10 @@ static int boringssl_self_test_hkdf_sha256(const bool call_aws_lc_fips_failure) kHKDF_salt_tc1, sizeof(kHKDF_salt_tc1), kHKDF_info_tc1, sizeof(kHKDF_info_tc1)); return check_test(kHKDF_okm_tc1_sha256, output, sizeof(output), - "HKDF-SHA-256 KAT", call_aws_lc_fips_failure); + "HKDF-SHA-256 KAT"); } -static int boringssl_self_test_sha3_256(const bool call_aws_lc_fips_failure) { +static int boringssl_self_test_sha3_256(void) { // From: SHA3_256ShortMsg.txt // Len = 128 // Msg = d83c721ee51b060c5a41438a8221e040 @@ -2439,10 +2437,10 @@ static int boringssl_self_test_sha3_256(const bool call_aws_lc_fips_failure) { // SHA3-256 KAT SHA3_256(kInput, sizeof(kInput), output); return check_test(kPlaintextSHA3_256, output, sizeof(kPlaintextSHA3_256), - "SHA3-256 KAT", call_aws_lc_fips_failure); + "SHA3-256 KAT"); } -static int boringssl_self_test_fast(const bool call_aws_lc_fips_failure) { +static int boringssl_self_test_fast(void) { static const uint8_t kAESKey[16] = {'B', 'o', 'r', 'i', 'n', 'g', 'C', 'r', 'y', 'p', 't', 'o', ' ', 'K', 'e', 'y'}; // Older versions of the gcc release build on ARM will optimize out the @@ -2484,7 +2482,7 @@ static int boringssl_self_test_fast(const bool call_aws_lc_fips_failure) { AES_cbc_encrypt(kAESCBCEncPlaintext, output, sizeof(kAESCBCEncPlaintext), &aes_key, aes_iv, AES_ENCRYPT); if (!check_test(kAESCBCEncCiphertext, output, sizeof(kAESCBCEncCiphertext), - "AES-CBC-encrypt KAT", call_aws_lc_fips_failure)) { + "AES-CBC-encrypt KAT")) { goto err; } @@ -2507,7 +2505,7 @@ static int boringssl_self_test_fast(const bool call_aws_lc_fips_failure) { AES_cbc_encrypt(kAESCBCDecCiphertext, output, sizeof(kAESCBCDecCiphertext), &aes_key, aes_iv, AES_DECRYPT); if (!check_test(kAESCBCDecPlaintext, output, sizeof(kAESCBCDecPlaintext), - "AES-CBC-decrypt KAT", call_aws_lc_fips_failure)) { + "AES-CBC-decrypt KAT")) { goto err; } @@ -2516,7 +2514,7 @@ static int boringssl_self_test_fast(const bool call_aws_lc_fips_failure) { OPENSSL_memset(nonce, 0, sizeof(nonce)); if (!EVP_AEAD_CTX_init(&aead_ctx, EVP_aead_aes_128_gcm(), kAESKey, sizeof(kAESKey), 0, NULL)) { - fprintf(stderr, "EVP_AEAD_CTX_init for AES-128-GCM failed.\n"); + AWS_LC_FIPS_failure("EVP_AEAD_CTX_init for AES-128-GCM failed.\n"); goto err; } @@ -2537,8 +2535,8 @@ static int boringssl_self_test_fast(const bool call_aws_lc_fips_failure) { kAESGCMEncPlaintext, sizeof(kAESGCMEncPlaintext), NULL, 0) || !check_test(kAESGCMCiphertext, output, sizeof(kAESGCMCiphertext), - "AES-GCM-encrypt KAT", call_aws_lc_fips_failure)) { - fprintf(stderr, "EVP_AEAD_CTX_seal for AES-128-GCM failed.\n"); + "AES-GCM-encrypt KAT")) { + AWS_LC_FIPS_failure("EVP_AEAD_CTX_seal for AES-128-GCM failed.\n"); goto err; } @@ -2560,9 +2558,8 @@ static int boringssl_self_test_fast(const bool call_aws_lc_fips_failure) { kAESGCMDecCiphertext, sizeof(kAESGCMDecCiphertext), NULL, 0) || !check_test(kAESGCMDecPlaintext, output, sizeof(kAESGCMDecPlaintext), - "AES-GCM-decrypt KAT", call_aws_lc_fips_failure)) { - fprintf(stderr, - "AES-GCM-decrypt KAT failed because EVP_AEAD_CTX_open failed.\n"); + "AES-GCM-decrypt KAT")) { + AWS_LC_FIPS_failure("AES-GCM-decrypt KAT failed because EVP_AEAD_CTX_open failed.\n"); goto err; } @@ -2577,13 +2574,13 @@ static int boringssl_self_test_fast(const bool call_aws_lc_fips_failure) { }; SHA1(kSHA1Input, sizeof(kSHA1Input), output); if (!check_test(kSHA1Digest, output, sizeof(kSHA1Digest), - "SHA-1 KAT", call_aws_lc_fips_failure)) { + "SHA-1 KAT")) { goto err; } - if (!boringssl_self_test_sha512(call_aws_lc_fips_failure) || - !boringssl_self_test_sha3_256(call_aws_lc_fips_failure) || - !boringssl_self_test_hkdf_sha256(call_aws_lc_fips_failure)) { + if (!boringssl_self_test_sha512() || + !boringssl_self_test_sha3_256() || + !boringssl_self_test_hkdf_sha256()) { goto err; } @@ -2627,20 +2624,20 @@ static int boringssl_self_test_fast(const bool call_aws_lc_fips_failure) { !CTR_DRBG_generate(&drbg, output, sizeof(kDRBGOutput), kDRBGAD, sizeof(kDRBGAD)) || !check_test(kDRBGOutput, output, sizeof(kDRBGOutput), - "DRBG Generate KAT", call_aws_lc_fips_failure) || + "DRBG Generate KAT") || !CTR_DRBG_reseed(&drbg, kDRBGEntropy2, kDRBGAD, sizeof(kDRBGAD)) || !CTR_DRBG_generate(&drbg, output, sizeof(kDRBGReseedOutput), kDRBGAD, sizeof(kDRBGAD)) || !check_test(kDRBGReseedOutput, output, sizeof(kDRBGReseedOutput), - "DRBG-reseed KAT", call_aws_lc_fips_failure)) { - fprintf(stderr, "CTR-DRBG failed.\n"); + "DRBG-reseed KAT")) { + AWS_LC_FIPS_failure("CTR-DRBG failed.\n"); goto err; } CTR_DRBG_clear(&drbg); CTR_DRBG_STATE kZeroDRBG; memset(&kZeroDRBG, 0, sizeof(kZeroDRBG)); - if (!check_test(&kZeroDRBG, &drbg, sizeof(drbg), "DRBG Clear KAT", call_aws_lc_fips_failure)) { + if (!check_test(&kZeroDRBG, &drbg, sizeof(drbg), "DRBG Clear KAT")) { goto err; } @@ -2669,7 +2666,7 @@ static int boringssl_self_test_fast(const bool call_aws_lc_fips_failure) { sizeof(kTLSSecret), kTLSLabel, sizeof(kTLSLabel), kTLSSeed1, sizeof(kTLSSeed1), kTLSSeed2, sizeof(kTLSSeed2)) || - !check_test(kTLSOutput, tls_output, sizeof(kTLSOutput), "TLS-KDF KAT", call_aws_lc_fips_failure)) { + !check_test(kTLSOutput, tls_output, sizeof(kTLSOutput), "TLS-KDF KAT")) { goto err; } @@ -2696,7 +2693,7 @@ static int boringssl_self_test_fast(const bool call_aws_lc_fips_failure) { EVP_sha256(), sizeof(kPBKDF2DerivedKey), pbkdf2_output) || !check_test(kPBKDF2DerivedKey, pbkdf2_output, sizeof(kPBKDF2DerivedKey), - "PBKDF2 KAT", call_aws_lc_fips_failure)) { + "PBKDF2 KAT")) { goto err; } @@ -2739,8 +2736,8 @@ static int boringssl_self_test_fast(const bool call_aws_lc_fips_failure) { sizeof(kSSKDFDigestSharedSecret), &kSSKDFDigestInfo[0], sizeof(kSSKDFDigestInfo)) || !check_test(kSSKDFDigestDerivedKey, sskdf_digest_output, - sizeof(kSSKDFDigestDerivedKey), "SSKDF_digest KAT", call_aws_lc_fips_failure)) { - fprintf(stderr, "SSKDF_digest failed.\n"); + sizeof(kSSKDFDigestDerivedKey), "SSKDF_digest KAT")) { + AWS_LC_FIPS_failure("SSKDF_digest failed.\n"); goto err; } @@ -2769,7 +2766,7 @@ static int boringssl_self_test_fast(const bool call_aws_lc_fips_failure) { kKBKDF_ctr_hmac_info, sizeof(kKBKDF_ctr_hmac_info)) || !check_test(kKBKDF_ctr_hmac_output, kbkdf_ctr_hmac_output, sizeof(kbkdf_ctr_hmac_output), - "KBKDF-CTR-HMAC-SHA-256 KAT", call_aws_lc_fips_failure)) { + "KBKDF-CTR-HMAC-SHA-256 KAT")) { goto err; } ret = 1; @@ -2782,15 +2779,15 @@ static int boringssl_self_test_fast(const bool call_aws_lc_fips_failure) { // BORINGSSL_self_test does not abort if any tests fail int BORINGSSL_self_test(void) { - if (!boringssl_self_test_fast(false) || + if (!boringssl_self_test_fast() || // When requested to run self tests, also run the lazy tests. - !boringssl_self_test_rsa(false) || - !boringssl_self_test_ecc(false) || - !boringssl_self_test_ffdh(false) || - !boringssl_self_test_ml_kem(false) || - !boringssl_self_test_ml_dsa(false) || - !boringssl_self_test_eddsa(false) || - !boringssl_self_test_hasheddsa(false)) { + !boringssl_self_test_rsa() || + !boringssl_self_test_ecc() || + !boringssl_self_test_ffdh() || + !boringssl_self_test_ml_kem() || + !boringssl_self_test_ml_dsa() || + !boringssl_self_test_eddsa() || + !boringssl_self_test_hasheddsa()) { return 0; } @@ -2799,6 +2796,6 @@ int BORINGSSL_self_test(void) { #if defined(BORINGSSL_FIPS) int boringssl_self_test_startup(void) { - return boringssl_self_test_fast(true); + return boringssl_self_test_fast(); } #endif diff --git a/crypto/internal.h b/crypto/internal.h index 1cd6ba1d03..991b7d779d 100644 --- a/crypto/internal.h +++ b/crypto/internal.h @@ -1330,17 +1330,16 @@ OPENSSL_INLINE void boringssl_ensure_ml_dsa_self_test(void) {} OPENSSL_INLINE void boringssl_ensure_eddsa_self_test(void) {} OPENSSL_INLINE void boringssl_ensure_hasheddsa_self_test(void) {} +// |AWS_LC_FIPS_failure| simply logs any FIPS errors to |stderr| +OPENSSL_INLINE void AWS_LC_FIPS_failure(const char* message); + #endif // FIPS -// boringssl_self_test_sha256 performs a SHA-256 KAT, |call_aws_lc_fips_failure| -// determines if error messages should be printed to |stderr| call -// |AWS_LC_FIPS_failure| with the message. -int boringssl_self_test_sha256(const bool call_aws_lc_fips_failure); +// boringssl_self_test_sha256 performs a SHA-256 KAT +int boringssl_self_test_sha256(void); - // boringssl_self_test_hmac_sha256 performs an HMAC-SHA-256 KAT, - // |call_aws_lc_fips_failure| determines if error messages should be printed - // to |stderr| or call |AWS_LC_FIPS_failure| with the message. -int boringssl_self_test_hmac_sha256(const bool call_aws_lc_fips_failure); +// boringssl_self_test_hmac_sha256 performs an HMAC-SHA-256 KAT +int boringssl_self_test_hmac_sha256(void); #if defined(BORINGSSL_FIPS_COUNTERS) void boringssl_fips_inc_counter(enum fips_counter_t counter); diff --git a/tests/ci/cdk/cdk/codebuild/github_ci_linux_x86_omnibus.yaml b/tests/ci/cdk/cdk/codebuild/github_ci_linux_x86_omnibus.yaml index 30d09e1dbe..ff2c84a34c 100644 --- a/tests/ci/cdk/cdk/codebuild/github_ci_linux_x86_omnibus.yaml +++ b/tests/ci/cdk/cdk/codebuild/github_ci_linux_x86_omnibus.yaml @@ -441,16 +441,6 @@ batch: variables: AWS_LC_CI_TARGET: "tests/ci/run_fips_tests.sh" - - identifier: amazonlinux2023_clang15x_x86_64_fips_callback - buildspec: ./tests/ci/codebuild/common/run_simple_target.yml - env: - type: LINUX_CONTAINER - privileged-mode: true - compute-type: BUILD_GENERAL1_LARGE - image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-x86:amazonlinux-2023_clang-15x_latest - variables: - AWS_LC_CI_TARGET: "tests/ci/run_fips_callback_tests.sh" - - identifier: amazonlinux2023_clang15x_x86_64_sanitizer buildspec: ./tests/ci/codebuild/common/run_simple_target.yml env: diff --git a/tests/ci/run_fips_callback_tests.sh b/tests/ci/run_fips_callback_tests.sh index dbd5a82d3a..565d062045 100755 --- a/tests/ci/run_fips_callback_tests.sh +++ b/tests/ci/run_fips_callback_tests.sh @@ -3,10 +3,6 @@ # SPDX-License-Identifier: Apache-2.0 OR ISC source tests/ci/common_posix_setup.sh -run_build -DFIPS=1 -DCMAKE_C_FLAGS="-DBORINGSSL_FIPS_BREAK_TESTS" -cd "$SRC_ROOT" -#"${SRC_ROOT}/util/fipstools/test-break-kat.sh" - original_test="${BUILD_ROOT}/crypto/fips_callback_test" broken_test="${BUILD_ROOT}/crypto/fips_callback_test_broken" diff --git a/tests/ci/run_fips_tests.sh b/tests/ci/run_fips_tests.sh index b3841c3bc7..712dccb2fa 100755 --- a/tests/ci/run_fips_tests.sh +++ b/tests/ci/run_fips_tests.sh @@ -34,6 +34,7 @@ if static_linux_supported || static_openbsd_supported; then echo "Testing AWS-LC static breakable release build" run_build -DFIPS=1 -DCMAKE_C_FLAGS="-DBORINGSSL_FIPS_BREAK_TESTS" ./util/fipstools/test-break-kat.sh + ./tests/ci/run_fips_callback_tests.sh export BORINGSSL_FIPS_BREAK_TEST="RSA_PWCT" ${BUILD_ROOT}/crypto/crypto_test --gtest_filter="RSADeathTest.KeygenFailAndDie" unset BORINGSSL_FIPS_BREAK_TEST diff --git a/util/fipstools/test-break-kat.sh b/util/fipstools/test-break-kat.sh index 86f58e23ce..e42cc517cd 100755 --- a/util/fipstools/test-break-kat.sh +++ b/util/fipstools/test-break-kat.sh @@ -32,8 +32,9 @@ KATS=$(go run util/fipstools/break-kat.go --list-tests) for kat in $KATS; do go run util/fipstools/break-kat.go $TEST_FIPS_BIN $kat > break-kat-bin chmod u+x ./break-kat-bin - if ! (./break-kat-bin 2>&1 >/dev/null || true) | \ - egrep -q "^$kat[^a-zA-Z0-9]"; then + # Only capture stderr + output=$(2>&1 ./break-kat-bin 2>&1 >/dev/null || true) + if ! echo "$output" | egrep -q "^${kat}"; then echo "Failure for $kat did not mention that name in the output" exit 1 fi