You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
420 lines
13 KiB
420 lines
13 KiB
/////////////////////////////////////////////////////////////////////////////
|
|
// FILE : fipslib.c //
|
|
// DESCRIPTION : FIPS 140 support code. //
|
|
// AUTHOR : //
|
|
// HISTORY : //
|
|
// Oct 20 1999 jeffspel/ramas Merge STT into default CSP //
|
|
// //
|
|
// Copyright (C) 2000 Microsoft Corporation All Rights Reserved //
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
|
|
#include <nt.h>
|
|
#include <ntrtl.h>
|
|
#include <nturtl.h>
|
|
#include <windows.h>
|
|
#include <wincrypt.h>
|
|
|
|
#ifdef KERNEL_MODE
|
|
#if WINVER == 0x0500
|
|
#include <ntos.h>
|
|
#else
|
|
#include <ntosp.h>
|
|
#endif
|
|
#endif
|
|
|
|
#include <sha.h>
|
|
#include <des.h>
|
|
#include <tripldes.h>
|
|
#include <modes.h>
|
|
|
|
// known result of an SHA-1 hash on the above buffer
|
|
static UCHAR rgbKnownSHA1[] =
|
|
{
|
|
0xe8, 0x96, 0x82, 0x85, 0xeb, 0xae, 0x01, 0x14,
|
|
0x73, 0xf9, 0x08, 0x45, 0xc0, 0x6a, 0x6d, 0x3e,
|
|
0x69, 0x80, 0x6a, 0x0c
|
|
};
|
|
|
|
// IV for all block ciphers
|
|
UCHAR rgbIV[] = {0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF};
|
|
|
|
// known key, plaintext, and ciphertext for DES
|
|
UCHAR rgbDESKey[] = {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef};
|
|
UCHAR rgbDESKnownPlaintext[] = {0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74};
|
|
UCHAR rgbDESKnownCiphertext[] = {0x3F, 0xA4, 0x0E, 0x8A, 0x98, 0x4D, 0x48, 0x15};
|
|
UCHAR rgbDESCBCCiphertext[] = {0xE5, 0xC7, 0xCD, 0xDE, 0x87, 0x2B, 0xF2, 0x7C};
|
|
|
|
// known key, plaintext, and ciphertext for 3 key 3DES
|
|
UCHAR rgb3DESKey[] =
|
|
{
|
|
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
|
|
0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01,
|
|
0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23
|
|
};
|
|
UCHAR rgb3DESKnownPlaintext[] = {0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74};
|
|
UCHAR rgb3DESKnownCiphertext[] = {0x31, 0x4F, 0x83, 0x27, 0xFA, 0x7A, 0x09, 0xA8};
|
|
UCHAR rgb3DESCBCCiphertext[] = {0xf3, 0xc0, 0xff, 0x02, 0x6c, 0x02, 0x30, 0x89};
|
|
|
|
// known key, plaintext, and ciphertext for 2 key 3DES
|
|
UCHAR rgb3DES112Key[] =
|
|
{
|
|
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
|
|
0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01
|
|
};
|
|
UCHAR rgb3DES112KnownPlaintext[] = {0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74};
|
|
UCHAR rgb3DES112KnownCiphertext[] = {0xb7, 0x83, 0x57, 0x79, 0xee, 0x26, 0xac, 0xb7};
|
|
UCHAR rgb3DES112CBCCiphertext[] = {0x13, 0x4b, 0x98, 0xf8, 0xee, 0xb3, 0xf6, 0x07};
|
|
|
|
#define MAX_BLOCKLEN 8
|
|
#define MAXKEYSTRUCTSIZE DES3_TABLESIZE // currently the max is a 3DES key structure
|
|
|
|
// Known answer test for SHA HMAC from Fips draft
|
|
UCHAR rgbHmacKey [] = {
|
|
0x01, 0x02, 0x03, 0x04, 0x05,
|
|
0x06, 0x07, 0x08, 0x09, 0x0a,
|
|
0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
|
|
0x10, 0x11, 0x12, 0x13, 0x14,
|
|
0x15, 0x16, 0x17, 0x18, 0x19
|
|
};
|
|
UCHAR rgbHmacData [50]; // set bytes to 0xcd
|
|
UCHAR rgbHmac [] = {
|
|
0x4c, 0x90, 0x07, 0xf4, 0x02,
|
|
0x62, 0x50, 0xc6, 0xbc, 0x84,
|
|
0x14, 0xf9, 0xbf, 0x50, 0xc8,
|
|
0x6c, 0x2d, 0x72, 0x35, 0xda
|
|
};
|
|
|
|
extern VOID FipsHmacSHAInit(
|
|
OUT A_SHA_CTX *pShaCtx,
|
|
IN UCHAR *pKey,
|
|
IN unsigned int cbKey
|
|
);
|
|
|
|
extern VOID FipsHmacSHAUpdate(
|
|
IN OUT A_SHA_CTX *pShaCtx,
|
|
IN UCHAR *pb,
|
|
IN unsigned int cb
|
|
);
|
|
|
|
extern VOID FipsHmacSHAFinal(
|
|
IN A_SHA_CTX *pShaCtx,
|
|
IN UCHAR *pKey,
|
|
IN unsigned int cbKey,
|
|
OUT UCHAR *pHash
|
|
);
|
|
|
|
//
|
|
// Function : TestSHA1
|
|
//
|
|
// Description : This function hashes the passed in message with the SHA1 hash
|
|
// algorithm and returns the resulting hash value.
|
|
//
|
|
void TestSHA1(
|
|
UCHAR *pbMsg,
|
|
ULONG cbMsg,
|
|
UCHAR *pbHash
|
|
)
|
|
{
|
|
A_SHA_CTX HashContext;
|
|
|
|
// Initialize SHA
|
|
A_SHAInit(&HashContext);
|
|
|
|
// Compute SHA
|
|
A_SHAUpdate(&HashContext, pbMsg, cbMsg);
|
|
|
|
A_SHAFinal(&HashContext, pbHash);
|
|
}
|
|
|
|
//
|
|
// Function : TestEncDec
|
|
//
|
|
// Description : This function expands the passed in key buffer for the appropriate
|
|
// algorithm, and then either encryption or decryption is performed.
|
|
// A comparison is then made to see if the ciphertext or plaintext
|
|
// matches the expected value.
|
|
// The function only uses ECB mode for block ciphers and the plaintext
|
|
// buffer must be the same length as the ciphertext buffer. The length
|
|
// of the plaintext must be either the block length of the cipher if it
|
|
// is a block cipher or less than MAX_BLOCKLEN if a stream cipher is
|
|
// being used.
|
|
//
|
|
NTSTATUS TestEncDec(
|
|
IN ALG_ID Algid,
|
|
IN UCHAR *pbKey,
|
|
IN ULONG cbKey,
|
|
IN UCHAR *pbPlaintext,
|
|
IN ULONG cbPlaintext,
|
|
IN UCHAR *pbCiphertext,
|
|
IN UCHAR *pbIV,
|
|
IN int iOperation
|
|
)
|
|
{
|
|
UCHAR rgbExpandedKey[MAXKEYSTRUCTSIZE];
|
|
UCHAR rgbBuffIn[MAX_BLOCKLEN];
|
|
UCHAR rgbBuffOut[MAX_BLOCKLEN];
|
|
ULONG i;
|
|
NTSTATUS Status = STATUS_UNSUCCESSFUL;
|
|
|
|
RtlZeroMemory(rgbExpandedKey, sizeof(rgbExpandedKey));
|
|
RtlZeroMemory(rgbBuffIn, sizeof(rgbBuffIn));
|
|
RtlZeroMemory(rgbBuffOut, sizeof(rgbBuffOut));
|
|
|
|
// length of data to encrypt must be < MAX_BLOCKLEN
|
|
if (cbPlaintext > MAX_BLOCKLEN)
|
|
{
|
|
goto Ret;
|
|
}
|
|
|
|
// alloc for and expand the key
|
|
switch(Algid)
|
|
{
|
|
case (CALG_DES):
|
|
{
|
|
desparityonkey(pbKey, cbKey);
|
|
deskey((DESTable*)rgbExpandedKey, pbKey);
|
|
break;
|
|
}
|
|
|
|
case (CALG_3DES):
|
|
{
|
|
desparityonkey(pbKey, cbKey);
|
|
tripledes3key((PDES3TABLE)rgbExpandedKey, pbKey);
|
|
break;
|
|
}
|
|
|
|
case (CALG_3DES_112):
|
|
{
|
|
desparityonkey(pbKey, cbKey);
|
|
tripledes2key((PDES3TABLE)rgbExpandedKey, pbKey);
|
|
break;
|
|
}
|
|
}
|
|
|
|
// if encrypting and there is an IV then use it
|
|
if (ENCRYPT == iOperation)
|
|
{
|
|
memcpy(rgbBuffIn, pbPlaintext, cbPlaintext);
|
|
|
|
if (NULL != pbIV)
|
|
{
|
|
for(i = 0; i < cbPlaintext; i++)
|
|
{
|
|
rgbBuffIn[i] = rgbBuffIn[i] ^ pbIV[i];
|
|
}
|
|
}
|
|
}
|
|
|
|
// encrypt the plaintext
|
|
switch(Algid)
|
|
{
|
|
case (CALG_DES):
|
|
{
|
|
if (ENCRYPT == iOperation)
|
|
{
|
|
des(rgbBuffOut, rgbBuffIn, rgbExpandedKey, ENCRYPT);
|
|
}
|
|
else
|
|
{
|
|
des(rgbBuffOut, pbCiphertext, rgbExpandedKey, DECRYPT);
|
|
}
|
|
break;
|
|
}
|
|
|
|
case (CALG_3DES):
|
|
case (CALG_3DES_112):
|
|
{
|
|
if (ENCRYPT == iOperation)
|
|
{
|
|
tripledes(rgbBuffOut, rgbBuffIn, rgbExpandedKey, ENCRYPT);
|
|
}
|
|
else
|
|
{
|
|
tripledes(rgbBuffOut, pbCiphertext, rgbExpandedKey, DECRYPT);
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
|
|
// compare the encrypted plaintext with the passed in ciphertext
|
|
if (ENCRYPT == iOperation)
|
|
{
|
|
if (memcmp(pbCiphertext, rgbBuffOut, cbPlaintext))
|
|
{
|
|
goto Ret;
|
|
}
|
|
}
|
|
// compare the decrypted ciphertext with the passed in plaintext
|
|
else
|
|
{
|
|
// if there is an IV then use it
|
|
if (NULL != pbIV)
|
|
{
|
|
for(i = 0; i < cbPlaintext; i++)
|
|
{
|
|
rgbBuffOut[i] = rgbBuffOut[i] ^ pbIV[i];
|
|
}
|
|
}
|
|
|
|
if (memcmp(pbPlaintext, rgbBuffOut, cbPlaintext))
|
|
{
|
|
goto Ret;
|
|
}
|
|
}
|
|
|
|
Status = STATUS_SUCCESS;
|
|
Ret:
|
|
return Status;
|
|
}
|
|
|
|
//
|
|
// Function : TestSymmetricAlgorithm
|
|
//
|
|
// Description : This function expands the passed in key buffer for the appropriate algorithm,
|
|
// encrypts the plaintext buffer with the same algorithm and key, and the
|
|
// compares the passed in expected ciphertext with the calculated ciphertext
|
|
// to make sure they are the same. The opposite is then done with decryption.
|
|
// The function only uses ECB mode for block ciphers and the plaintext
|
|
// buffer must be the same length as the ciphertext buffer. The length
|
|
// of the plaintext must be either the block length of the cipher if it
|
|
// is a block cipher or less than MAX_BLOCKLEN if a stream cipher is
|
|
// being used.
|
|
//
|
|
NTSTATUS TestSymmetricAlgorithm(
|
|
IN ALG_ID Algid,
|
|
IN UCHAR *pbKey,
|
|
IN ULONG cbKey,
|
|
IN UCHAR *pbPlaintext,
|
|
IN ULONG cbPlaintext,
|
|
IN UCHAR *pbCiphertext,
|
|
IN UCHAR *pbIV
|
|
)
|
|
{
|
|
NTSTATUS Status = STATUS_UNSUCCESSFUL;
|
|
|
|
Status = TestEncDec(Algid, pbKey, cbKey, pbPlaintext, cbPlaintext,
|
|
pbCiphertext, pbIV, ENCRYPT);
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
goto Ret;
|
|
}
|
|
|
|
Status = TestEncDec(Algid, pbKey, cbKey, pbPlaintext, cbPlaintext,
|
|
pbCiphertext, pbIV, DECRYPT);
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
goto Ret;
|
|
}
|
|
Ret:
|
|
return Status;
|
|
}
|
|
|
|
|
|
|
|
// **********************************************************************
|
|
// AlgorithmCheck performs known answer tests using the algorithms
|
|
// supported by the provider.
|
|
// **********************************************************************
|
|
NTSTATUS AlgorithmCheck()
|
|
{
|
|
UCHAR rgbSHA1[A_SHA_DIGEST_LEN];
|
|
NTSTATUS Status = STATUS_UNSUCCESSFUL;
|
|
A_SHA_CTX ShaCtx;
|
|
ULONG ul;
|
|
|
|
RtlZeroMemory(rgbSHA1, sizeof(rgbSHA1));
|
|
|
|
// known answer test with SHA-1 (this function is found in hash.c)
|
|
TestSHA1("HashThis", 8, rgbSHA1);
|
|
if (!RtlEqualMemory(rgbSHA1, rgbKnownSHA1, sizeof(rgbSHA1)))
|
|
{
|
|
goto Ret;
|
|
}
|
|
|
|
// known answer test with DES - ECB
|
|
Status = TestSymmetricAlgorithm(CALG_DES, rgbDESKey, sizeof(rgbDESKey),
|
|
rgbDESKnownPlaintext,
|
|
sizeof(rgbDESKnownPlaintext),
|
|
rgbDESKnownCiphertext,
|
|
NULL);
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
goto Ret;
|
|
}
|
|
// known answer test with DES - CBC
|
|
Status = TestSymmetricAlgorithm(CALG_DES, rgbDESKey, sizeof(rgbDESKey),
|
|
rgbDESKnownPlaintext,
|
|
sizeof(rgbDESKnownPlaintext),
|
|
rgbDESCBCCiphertext,
|
|
rgbIV);
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
goto Ret;
|
|
}
|
|
|
|
// known answer test with 3DES - ECB
|
|
Status = TestSymmetricAlgorithm(CALG_3DES, rgb3DESKey, sizeof(rgb3DESKey),
|
|
rgb3DESKnownPlaintext,
|
|
sizeof(rgb3DESKnownPlaintext),
|
|
rgb3DESKnownCiphertext,
|
|
NULL);
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
goto Ret;
|
|
}
|
|
|
|
// known answer test with 3DES - CBC
|
|
Status = TestSymmetricAlgorithm(CALG_3DES, rgb3DESKey, sizeof(rgb3DESKey),
|
|
rgb3DESKnownPlaintext,
|
|
sizeof(rgb3DESKnownPlaintext),
|
|
rgb3DESCBCCiphertext,
|
|
rgbIV);
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
goto Ret;
|
|
}
|
|
|
|
// known answer test with 3DES 112 - ECB
|
|
Status = TestSymmetricAlgorithm(CALG_3DES_112, rgb3DES112Key,
|
|
sizeof(rgb3DES112Key),
|
|
rgb3DES112KnownPlaintext,
|
|
sizeof(rgb3DES112KnownPlaintext),
|
|
rgb3DES112KnownCiphertext,
|
|
NULL);
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
goto Ret;
|
|
}
|
|
|
|
Status = TestSymmetricAlgorithm(CALG_3DES_112, rgb3DES112Key,
|
|
sizeof(rgb3DES112Key),
|
|
rgb3DES112KnownPlaintext,
|
|
sizeof(rgb3DES112KnownPlaintext),
|
|
rgb3DES112CBCCiphertext,
|
|
rgbIV);
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
goto Ret;
|
|
}
|
|
|
|
// Known answer test for SHA-HMAC
|
|
RtlZeroMemory(rgbSHA1, sizeof(rgbSHA1));
|
|
RtlZeroMemory(&ShaCtx, sizeof(ShaCtx));
|
|
|
|
for (ul = 0; ul < sizeof(rgbHmacData); ul++)
|
|
rgbHmacData[ul] = 0xcd;
|
|
|
|
FipsHmacSHAInit(&ShaCtx, rgbHmacKey, sizeof(rgbHmacKey));
|
|
FipsHmacSHAUpdate(&ShaCtx, rgbHmacData, sizeof(rgbHmacData));
|
|
FipsHmacSHAFinal(&ShaCtx, rgbHmacKey, sizeof(rgbHmacKey), rgbSHA1);
|
|
|
|
if (! RtlEqualMemory(rgbSHA1, rgbHmac, sizeof(rgbHmac)))
|
|
goto Ret;
|
|
|
|
Status = STATUS_SUCCESS;
|
|
Ret:
|
|
return Status;
|
|
}
|
|
|
|
|
|
|