cmac_set_ctx_params(): Fail if cipher mode is not CBC

Also add negative test cases for CMAC and GMAC using a cipher with wrong mode. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19401) (cherry picked from commit 94976a1e8d)
2022-10-12 11:30:56 +02:00 · 2022-10-12 11:30:56 +02:00 · d90a4c7d5a
parent 66c4f14136
commit d90a4c7d5a
3 changed files with 27 additions and 3 deletions
--- a/doc/man7/EVP_MAC-CMAC.pod
+++ b/doc/man7/EVP_MAC-CMAC.pod
@ -38,7 +38,8 @@ Setting this parameter is identical to passing a I<key> to L<EVP_MAC_init(3)>.

 =item "cipher" (B<OSSL_MAC_PARAM_CIPHER>) <UTF8 string>

-Sets the name of the underlying cipher to be used.
+Sets the name of the underlying cipher to be used. The mode of the cipher
+must be CBC.

 =item "properties" (B<OSSL_MAC_PARAM_PROPERTIES>) <UTF8 string>

--- a/providers/implementations/macs/cmac_prov.c
+++ b/providers/implementations/macs/cmac_prov.c
@ -18,6 +18,8 @@
 #include <openssl/params.h>
 #include <openssl/evp.h>
 #include <openssl/cmac.h>
+#include <openssl/err.h>
+#include <openssl/proverr.h>

 #include "prov/implementations.h"
 #include "prov/provider_ctx.h"
@ -195,9 +197,17 @@ static int cmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[])
    if (params == NULL)
        return 1;

+    if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_CIPHER)) != NULL) {
        if (!ossl_prov_cipher_load_from_params(&macctx->cipher, params, ctx))
            return 0;

+        if (EVP_CIPHER_get_mode(ossl_prov_cipher_cipher(&macctx->cipher))
+            != EVP_CIPH_CBC_MODE) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MODE);
+            return 0;
+        }
+    }
+
    if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_KEY)) != NULL) {
        if (p->data_type != OSSL_PARAM_OCTET_STRING)
            return 0;
--- a/test/recipes/30-test_evp_data/evpmac_common.txt
+++ b/test/recipes/30-test_evp_data/evpmac_common.txt
@ -259,6 +259,13 @@ Key = 0B122AC8F34ED1FE082A3625D157561454167AC145A10BBF77C6A70596D574F1
 Input = 498B53FDEC87EDCBF07097DCCDE93A084BAD7501A224E388DF349CE18959FE8485F8AD1537F0D896EA73BEDC7214713F
 Output = F62C46329B41085625669BAF51DEA66A

+FIPSversion = >3.0.99
+MAC = CMAC
+Algorithm = AES-256-ECB
+Key = 0B122AC8F34ED1FE082A3625D157561454167AC145A10BBF77C6A70596D574F1
+Input = 498B53FDEC87EDCBF07097DCCDE93A084BAD7501A224E388DF349CE18959FE8485F8AD1537F0D896EA73BEDC7214713F
+Result = MAC_INIT_ERROR
+
 Title = GMAC Tests (from NIST)

 MAC = GMAC
@ -326,6 +333,12 @@ IV = 7AE8E2CA4EC500012E58495C
 Input = 68F2E77696CE7AE8E2CA4EC588E541002E58495C08000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D0007
 Output = 00BDA1B7E87608BCBF470F12157F4C07

+MAC = GMAC
+Algorithm = AES-256-CBC
+Key = 4C973DBC7364621674F8B5B89E5C15511FCED9216490FB1C1A2CAA0FFE0407E5
+IV = 7AE8E2CA4EC500012E58495C
+Input = 68F2E77696CE7AE8E2CA4EC588E541002E58495C08000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D0007
+Result = MAC_INIT_ERROR

 Title = KMAC Tests (From NIST)
 MAC = KMAC128