diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-08-31 17:21:44 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-08-31 17:21:44 +0000 |
commit | b5de94835b55839b11490e486dcbd3a407999588 (patch) | |
tree | b4d6c212f5f510a8b08661c6c8a28b9a3679c164 | |
parent | 12b51010677967a2a3791a47c6ea2cfbe94aab13 (diff) | |
parent | 9face09a03c8921bf46d0707a013717a4e3e0102 (diff) | |
download | boringssl-android14-mainline-uwb-release.tar.gz |
Snap for 10743636 from 9face09a03c8921bf46d0707a013717a4e3e0102 to mainline-uwb-releaseaml_uwb_341310300aml_uwb_341310030aml_uwb_341111010android14-mainline-uwb-release
Change-Id: I81679aa5d603d380e745fd4bee5756fe41bf0a50
-rw-r--r-- | Android.bp | 2 | ||||
-rw-r--r-- | src/crypto/fipsmodule/self_check/self_check.c | 55 | ||||
-rw-r--r-- | src/crypto/fipsmodule/service_indicator/service_indicator.c | 11 | ||||
-rw-r--r-- | src/crypto/fipsmodule/service_indicator/service_indicator_test.cc | 18 | ||||
-rw-r--r-- | src/util/fipstools/break-kat.go | 5 | ||||
-rw-r--r-- | src/util/fipstools/test_fips.c | 13 |
6 files changed, 62 insertions, 42 deletions
@@ -161,6 +161,7 @@ cc_object { "com.android.compos", "com.android.conscrypt", "com.android.extservices", + "com.android.ondevicepersonalization", "com.android.resolv", "com.android.virt", ], @@ -302,6 +303,7 @@ cc_library { "com.android.conscrypt", "com.android.extservices", "com.android.resolv", + "com.android.ondevicepersonalization", "com.android.virt", ], min_sdk_version: "29", diff --git a/src/crypto/fipsmodule/self_check/self_check.c b/src/crypto/fipsmodule/self_check/self_check.c index 525cd169..edfef6d4 100644 --- a/src/crypto/fipsmodule/self_check/self_check.c +++ b/src/crypto/fipsmodule/self_check/self_check.c @@ -918,11 +918,6 @@ static int boringssl_self_test_fast(void) { } // TLS KDF KAT - static const uint8_t kTLSSecret[32] = { - 0xab, 0xc3, 0x65, 0x7b, 0x09, 0x4c, 0x76, 0x28, 0xa0, 0xb2, 0x82, - 0x99, 0x6f, 0xe7, 0x5a, 0x75, 0xf4, 0x98, 0x4f, 0xd9, 0x4d, 0x4e, - 0xcc, 0x2f, 0xcf, 0x53, 0xa2, 0xc4, 0x69, 0xa3, 0xf7, 0x31, - }; static const char kTLSLabel[] = "FIPS self test"; static const uint8_t kTLSSeed1[16] = { 0x8f, 0x0d, 0xe8, 0xb6, 0x90, 0x8f, 0xb1, 0xd2, @@ -932,17 +927,45 @@ static int boringssl_self_test_fast(void) { 0x7d, 0x24, 0x1a, 0x9d, 0x3c, 0x59, 0xbf, 0x3c, 0x31, 0x1e, 0x2b, 0x21, 0x41, 0x8d, 0x32, 0x81, }; - static const uint8_t kTLSOutput[32] = { - 0xe2, 0x1d, 0xd6, 0xc2, 0x68, 0xc7, 0x57, 0x03, 0x2c, 0x2c, 0xeb, - 0xbb, 0xb8, 0xa9, 0x7d, 0xe9, 0xee, 0xe6, 0xc9, 0x47, 0x83, 0x0a, - 0xbd, 0x11, 0x60, 0x5d, 0xd5, 0x2c, 0x47, 0xb6, 0x05, 0x88, + + static const uint8_t kTLS10Secret[32] = { + 0xab, 0xc3, 0x65, 0x7b, 0x09, 0x4c, 0x76, 0x28, 0xa0, 0xb2, 0x82, + 0x99, 0x6f, 0xe7, 0x5a, 0x75, 0xf4, 0x98, 0x4f, 0xd9, 0x4d, 0x4e, + 0xcc, 0x2f, 0xcf, 0x53, 0xa2, 0xc4, 0x69, 0xa3, 0xf7, 0x31, + }; + static const uint8_t kTLS10Output[32] = { + 0x69, 0x7c, 0x4e, 0x2c, 0xee, 0x82, 0xb1, 0xd2, 0x8b, 0xac, 0x90, + 0x7a, 0xa1, 0x8a, 0x81, 0xfe, 0xc5, 0x58, 0x45, 0x57, 0x61, 0x2f, + 0x7a, 0x8d, 0x80, 0xfb, 0x44, 0xd8, 0x81, 0x60, 0xe5, 0xf8, + }; + uint8_t tls10_output[sizeof(kTLS10Output)]; + if (!CRYPTO_tls1_prf(EVP_md5_sha1(), tls10_output, sizeof(tls10_output), + kTLS10Secret, sizeof(kTLS10Secret), kTLSLabel, + sizeof(kTLSLabel), kTLSSeed1, sizeof(kTLSSeed1), + kTLSSeed2, sizeof(kTLSSeed2)) || + !check_test(kTLS10Output, tls10_output, sizeof(kTLS10Output), + "TLS10-KDF KAT")) { + fprintf(stderr, "TLS KDF failed.\n"); + goto err; + } + + static const uint8_t kTLS12Secret[32] = { + 0xc5, 0x43, 0x8e, 0xe2, 0x6f, 0xd4, 0xac, 0xbd, 0x25, 0x9f, 0xc9, + 0x18, 0x55, 0xdc, 0x69, 0xbf, 0x88, 0x4e, 0xe2, 0x93, 0x22, 0xfc, + 0xbf, 0xd2, 0x96, 0x6a, 0x46, 0x23, 0xd4, 0x2e, 0xc7, 0x81, + }; + static const uint8_t kTLS12Output[32] = { + 0xee, 0x4a, 0xcd, 0x3f, 0xa3, 0xd3, 0x55, 0x89, 0x9e, 0x6f, 0xf1, + 0x38, 0x46, 0x9d, 0x2b, 0x33, 0xaa, 0x7f, 0xc4, 0x7f, 0x51, 0x85, + 0x8a, 0xf3, 0x13, 0x84, 0xbf, 0x53, 0x6a, 0x65, 0x37, 0x51, }; - uint8_t tls_output[sizeof(kTLSOutput)]; - if (!CRYPTO_tls1_prf(EVP_sha256(), tls_output, sizeof(tls_output), kTLSSecret, - sizeof(kTLSSecret), kTLSLabel, sizeof(kTLSLabel), - kTLSSeed1, sizeof(kTLSSeed1), kTLSSeed2, - sizeof(kTLSSeed2)) || - !check_test(kTLSOutput, tls_output, sizeof(kTLSOutput), "TLS-KDF KAT")) { + uint8_t tls12_output[sizeof(kTLS12Output)]; + if (!CRYPTO_tls1_prf(EVP_sha256(), tls12_output, sizeof(tls12_output), + kTLS12Secret, sizeof(kTLS12Secret), kTLSLabel, + sizeof(kTLSLabel), kTLSSeed1, sizeof(kTLSSeed1), + kTLSSeed2, sizeof(kTLSSeed2)) || + !check_test(kTLS12Output, tls12_output, sizeof(kTLS12Output), + "TLS12-KDF KAT")) { fprintf(stderr, "TLS KDF failed.\n"); goto err; } @@ -983,7 +1006,7 @@ static int boringssl_self_test_fast(void) { !check_test(kTLS13ExpandLabelOutput, tls13_expand_label_output, sizeof(kTLS13ExpandLabelOutput), "CRYPTO_tls13_hkdf_expand_label")) { - fprintf(stderr, "TLSv1.3 KDF failed.\n"); + fprintf(stderr, "TLS13-KDF failed.\n"); goto err; } diff --git a/src/crypto/fipsmodule/service_indicator/service_indicator.c b/src/crypto/fipsmodule/service_indicator/service_indicator.c index b1ea28e8..64325bea 100644 --- a/src/crypto/fipsmodule/service_indicator/service_indicator.c +++ b/src/crypto/fipsmodule/service_indicator/service_indicator.c @@ -303,14 +303,11 @@ void HMAC_verify_service_indicator(const EVP_MD *evp_md) { } void TLSKDF_verify_service_indicator(const EVP_MD *md) { - // HMAC-MD5, HMAC-SHA1, and HMAC-MD5/HMAC-SHA1 (both used concurrently) are - // approved for use in the KDF in TLS 1.0/1.1. - // HMAC-SHA{256, 384, 512} are approved for use in the KDF in TLS 1.2. - // These Key Derivation functions are to be used in the context of the TLS - // protocol. + // HMAC-MD5/HMAC-SHA1 (both used concurrently) is approved for use in the KDF + // in TLS 1.0/1.1. HMAC-SHA{256, 384, 512} are approved for use in the KDF in + // TLS 1.2. These Key Derivation functions are to be used in the context of + // the TLS protocol. switch (EVP_MD_type(md)) { - case NID_md5: - case NID_sha1: case NID_md5_sha1: case NID_sha256: case NID_sha384: diff --git a/src/crypto/fipsmodule/service_indicator/service_indicator_test.cc b/src/crypto/fipsmodule/service_indicator/service_indicator_test.cc index 4389b981..41f263db 100644 --- a/src/crypto/fipsmodule/service_indicator/service_indicator_test.cc +++ b/src/crypto/fipsmodule/service_indicator/service_indicator_test.cc @@ -422,24 +422,12 @@ static const uint8_t kTLSSeed2[16] = { 0x31, 0x1e, 0x2b, 0x21, 0x41, 0x8d, 0x32, 0x81, }; -static const uint8_t kTLSOutput_mdsha1[32] = { +static const uint8_t kTLSOutput_md5_sha1[32] = { 0x36, 0xa9, 0x31, 0xb0, 0x43, 0xe3, 0x64, 0x72, 0xb9, 0x47, 0x54, 0x0d, 0x8a, 0xfc, 0xe3, 0x5c, 0x1c, 0x15, 0x67, 0x7e, 0xa3, 0x5d, 0xf2, 0x3a, 0x57, 0xfd, 0x50, 0x16, 0xe1, 0xa4, 0xa6, 0x37, }; -static const uint8_t kTLSOutput_md[32] = { - 0x79, 0xef, 0x46, 0xc4, 0x35, 0xbc, 0xe5, 0xda, 0xd3, 0x66, 0x91, - 0xdc, 0x86, 0x09, 0x41, 0x66, 0xf2, 0x0c, 0xeb, 0xe6, 0xab, 0x5c, - 0x58, 0xf4, 0x65, 0xce, 0x2f, 0x5f, 0x4b, 0x34, 0x1e, 0xa1, -}; - -static const uint8_t kTLSOutput_sha1[32] = { - 0xbb, 0x0a, 0x73, 0x52, 0xf8, 0x85, 0xd7, 0xbd, 0x12, 0x34, 0x78, - 0x3b, 0x54, 0x4c, 0x75, 0xfe, 0xd7, 0x23, 0x6e, 0x22, 0x3f, 0x42, - 0x34, 0x99, 0x57, 0x6b, 0x14, 0xc4, 0xc8, 0xae, 0x9f, 0x4c, -}; - static const uint8_t kTLSOutput_sha224[32] = { 0xdd, 0xaf, 0x6f, 0xaa, 0xd9, 0x2b, 0x3d, 0xb9, 0x46, 0x4c, 0x55, 0x8a, 0xf7, 0xa6, 0x9b, 0x0b, 0x35, 0xcc, 0x07, 0xa7, 0x55, 0x5b, @@ -1783,9 +1771,7 @@ static const struct KDFTestVector { const uint8_t *expected_output; const FIPSStatus expect_approved; } kKDFTestVectors[] = { - {EVP_md5, kTLSOutput_md, FIPSStatus::APPROVED}, - {EVP_sha1, kTLSOutput_sha1, FIPSStatus::APPROVED}, - {EVP_md5_sha1, kTLSOutput_mdsha1, FIPSStatus::APPROVED}, + {EVP_md5_sha1, kTLSOutput_md5_sha1, FIPSStatus::APPROVED}, {EVP_sha224, kTLSOutput_sha224, FIPSStatus::NOT_APPROVED}, {EVP_sha256, kTLSOutput_sha256, FIPSStatus::APPROVED}, {EVP_sha384, kTLSOutput_sha384, FIPSStatus::APPROVED}, diff --git a/src/util/fipstools/break-kat.go b/src/util/fipstools/break-kat.go index e4d323ab..67c33002 100644 --- a/src/util/fipstools/break-kat.go +++ b/src/util/fipstools/break-kat.go @@ -1,5 +1,3 @@ -//go:build - // break-kat corrupts a known-answer-test input in a binary and writes the // corrupted binary to stdout. This is used to demonstrate that the KATs in the // binary notice the error. @@ -27,7 +25,8 @@ var ( "SHA-1": "132fd9bad5c1826263bafbb699f707a5", "SHA-256": "ff3b857da7236a2baa0f396b51522217", "SHA-512": "212512f8d2ad8322781c6c4d69a9daa1", - "TLS-KDF": "abc3657b094c7628a0b282996fe75a75f4984fd94d4ecc2fcf53a2c469a3f731", + "TLS10-KDF": "abc3657b094c7628a0b282996fe75a75f4984fd94d4ecc2fcf53a2c469a3f731", + "TLS12-KDF": "c5438ee26fd4acbd259fc91855dc69bf884ee29322fcbfd2966a4623d42ec781", "TLS13-KDF": "024a0d80f357f2499a1244dac26dab66fc13ed85fca71dace146211119525874", "RSA-sign": "d2b56e53306f720d7929d8708bf46f1c22300305582b115bedcac722d8aa5ab2", "RSA-verify": "abe2cbc13d6bd39d48db5334ddbf8d070a93bdcb104e2cc5d0ee486ee295f6b31bda126c41890b98b73e70e6b65d82f95c663121755a90744c8d1c21148a1960be0eca446e9ff497f1345c537ef8119b9a4398e95c5c6de2b1c955905c5299d8ce7a3b6ab76380d9babdd15f610237e1f3f2aa1c1f1e770b62fbb596381b2ebdd77ecef9c90d4c92f7b6b05fed2936285fa94826e62055322a33b6f04c74ce69e5d8d737fb838b79d2d48e3daf71387531882531a95ac964d02ea413bf85952982bbc089527daff5b845c9a0f4d14ef1956d9c3acae882d12da66da0f35794f5ee32232333517db9315232a183b991654dbea41615345c885325926744a53915", diff --git a/src/util/fipstools/test_fips.c b/src/util/fipstools/test_fips.c index 3a1f7fce..13b8d7d3 100644 --- a/src/util/fipstools/test_fips.c +++ b/src/util/fipstools/test_fips.c @@ -291,6 +291,19 @@ int main(int argc, char **argv) { printf(" got "); hexdump(hkdf_output, sizeof(hkdf_output)); + /* TLS v1.0 KDF */ + printf("About to run TLS v1.0 KDF\n"); + uint8_t tls10_output[32]; + if (!CRYPTO_tls1_prf(EVP_md5_sha1(), tls10_output, sizeof(tls10_output), + kAESKey, sizeof(kAESKey), "foo", 3, kPlaintextSHA256, + sizeof(kPlaintextSHA256), kPlaintextSHA256, + sizeof(kPlaintextSHA256))) { + fprintf(stderr, "TLS v1.0 KDF failed.\n"); + goto err; + } + printf(" got "); + hexdump(tls10_output, sizeof(tls10_output)); + /* TLS v1.2 KDF */ printf("About to run TLS v1.2 KDF\n"); uint8_t tls12_output[32]; |