return NULL;
}
+static void output_Zhash(FILE *out, int exout,
+ DH *dh, BIGNUM *peerkey, const EVP_MD *md,
+ unsigned char *rhash, size_t rhashlen)
+ {
+ unsigned char *Z;
+ unsigned char chash[EVP_MAX_MD_SIZE];
+ int Zlen;
+ if (rhash == NULL)
+ {
+ rhashlen = M_EVP_MD_size(md);
+ if (!DH_generate_key(dh))
+ exit (1);
+ do_bn_print_name(out, "YephemIUT", dh->pub_key);
+ if (exout)
+ do_bn_print_name(out, "XephemIUT", dh->priv_key);
+ }
+ Z = OPENSSL_malloc(BN_num_bytes(dh->p));
+ if (!Z)
+ exit(1);
+ Zlen = DH_compute_key_padded(Z, peerkey, dh);
+ if (exout)
+ OutputValue("Z", Z, Zlen, out, 0);
+ FIPS_digest(Z, Zlen, chash, NULL, md);
+ OutputValue(rhash ? "IUTHashZZ" : "HashZZ", chash, rhashlen, out, 0);
+ if (rhash)
+ {
+ fprintf(out, "Result = %s\n",
+ memcmp(chash, rhash, rhashlen) ? "F" : "P");
+ }
+ else
+ {
+ BN_clear_free(dh->priv_key);
+ BN_clear_free(dh->pub_key);
+ dh->priv_key = NULL;
+ dh->pub_key = NULL;
+ }
+ OPENSSL_cleanse(Z, Zlen);
+ OPENSSL_free(Z);
+ }
+
int main(int argc,char **argv)
{
+ char **args = argv + 1;
+ int argn = argc - 1;
FILE *in, *out;
char buf[2048], lbuf[2048];
- unsigned char *rhash, chash[EVP_MAX_MD_SIZE];
+ unsigned char *rhash;
long rhashlen;
DH *dh = NULL;
const EVP_MD *md = NULL;
BIGNUM *peerkey = NULL;
char *keyword = NULL, *value = NULL;
+ int do_verify = -1, exout = 0;
fips_set_error_print();
- if (argc == 3)
+ if (argn && !strcmp(*args, "dhver"))
+ {
+ do_verify = 1;
+ args++;
+ argn--;
+ }
+ else if (argn && !strcmp(*args, "dhgen"))
{
- in = fopen(argv[1], "r");
+ do_verify = 0;
+ args++;
+ argn--;
+ }
+
+ if (argn && !strcmp(*args, "-exout"))
+ {
+ exout = 1;
+ args++;
+ argn--;
+ }
+
+ if (do_verify == -1)
+ {
+ fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]);
+ exit(1);
+ }
+
+ if (argn == 2)
+ {
+ in = fopen(*args, "r");
if (!in)
{
fprintf(stderr, "Error opening input file\n");
exit(1);
}
- out = fopen(argv[2], "w");
+ out = fopen(args[1], "w");
if (!out)
{
fprintf(stderr, "Error opening output file\n");
exit(1);
}
}
- else if (argc == 1)
+ else if (argn == 0)
{
in = stdin;
out = stdout;
}
else
{
- fprintf(stderr,"%s (infile outfile)\n",argv[0]);
+ fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]);
exit(1);
}
}
if (!parse_line(&keyword, &value, lbuf, buf))
continue;
-
if (!strcmp(keyword, "P"))
{
if (!do_hex2bn(&dh->p, value))
{
if (!do_hex2bn(&peerkey, value))
goto parse_error;
+ if (do_verify == 0)
+ output_Zhash(out, exout, dh, peerkey, md,
+ NULL, 0);
}
else if (!strcmp(keyword, "CAVSHashZZ"))
{
- int Zlen;
- unsigned char *Z;
if (!md)
goto parse_error;
rhash = hex2bin_m(value, &rhashlen);
if (!rhash || rhashlen != M_EVP_MD_size(md))
goto parse_error;
- Z = OPENSSL_malloc(BN_num_bytes(dh->p));
- if (!Z)
- exit(1);
- Zlen = DH_compute_key_padded(Z, peerkey, dh);
- OutputValue("Z", Z, Zlen, out, 0);
- FIPS_digest(Z, Zlen, chash, NULL, md);
- OutputValue("IUTHashZZ", chash, rhashlen, out, 0);
- fprintf(out, "Result = %s\n",
- memcmp(chash, rhash, rhashlen) ? "F" : "P");
- OPENSSL_free(Z);
+ output_Zhash(out, exout, dh, peerkey, md,
+ rhash, rhashlen);
}
}
return 0;