Update fips_dhvs to handle functional test by generating keys.
authorDr. Stephen Henson <steve@openssl.org>
Wed, 9 Mar 2011 14:39:54 +0000 (14:39 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 9 Mar 2011 14:39:54 +0000 (14:39 +0000)
fips/dh/fips_dhvs.c

index f00efecf224da474eca773dc2b9fc2f6b622b714..92b8d699ef6f71327a715c3244ea1bb6a45ab01c 100644 (file)
@@ -106,42 +106,111 @@ static const EVP_MD *parse_md(char *line)
                return NULL;
        }
 
+static void output_Zhash(FILE *out, int exout,
+                               DH *dh, BIGNUM *peerkey, const EVP_MD *md,
+                               unsigned char *rhash, size_t rhashlen)
+       {
+       unsigned char *Z;
+       unsigned char chash[EVP_MAX_MD_SIZE];
+       int Zlen;
+       if (rhash == NULL)
+               {
+               rhashlen = M_EVP_MD_size(md);
+               if (!DH_generate_key(dh))
+                       exit (1);
+               do_bn_print_name(out, "YephemIUT", dh->pub_key);
+               if (exout)
+                       do_bn_print_name(out, "XephemIUT", dh->priv_key);
+               }
+       Z = OPENSSL_malloc(BN_num_bytes(dh->p));
+       if (!Z)
+               exit(1);
+       Zlen = DH_compute_key_padded(Z, peerkey, dh);
+       if (exout)
+               OutputValue("Z", Z, Zlen, out, 0);
+       FIPS_digest(Z, Zlen, chash, NULL, md);
+       OutputValue(rhash ? "IUTHashZZ" : "HashZZ", chash, rhashlen, out, 0);
+       if (rhash)
+               {
+               fprintf(out, "Result = %s\n",
+                               memcmp(chash, rhash, rhashlen) ? "F" : "P");
+               }
+       else
+               {
+               BN_clear_free(dh->priv_key);
+               BN_clear_free(dh->pub_key);
+               dh->priv_key = NULL;
+               dh->pub_key = NULL;
+               }
+       OPENSSL_cleanse(Z, Zlen);
+       OPENSSL_free(Z);
+       }
+               
 int main(int argc,char **argv)
        {
+       char **args = argv + 1;
+       int argn = argc - 1;
        FILE *in, *out;
        char buf[2048], lbuf[2048];
-       unsigned char *rhash, chash[EVP_MAX_MD_SIZE];
+       unsigned char *rhash;
        long rhashlen;
        DH *dh = NULL;
        const EVP_MD *md = NULL;
        BIGNUM *peerkey = NULL;
        char *keyword = NULL, *value = NULL;
+       int do_verify = -1, exout = 0;
 
        fips_set_error_print();
 
-       if (argc == 3)
+       if (argn && !strcmp(*args, "dhver"))
+               {
+               do_verify = 1;
+               args++;
+               argn--;
+               }
+       else if (argn && !strcmp(*args, "dhgen"))
                {
-               in = fopen(argv[1], "r");
+               do_verify = 0;
+               args++;
+               argn--;
+               }
+
+       if (argn && !strcmp(*args, "-exout"))
+               {
+               exout = 1;
+               args++;
+               argn--;
+               }
+
+       if (do_verify == -1)
+               {
+               fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]);
+               exit(1);
+               }
+
+       if (argn == 2)
+               {
+               in = fopen(*args, "r");
                if (!in)
                        {
                        fprintf(stderr, "Error opening input file\n");
                        exit(1);
                        }
-               out = fopen(argv[2], "w");
+               out = fopen(args[1], "w");
                if (!out)
                        {
                        fprintf(stderr, "Error opening output file\n");
                        exit(1);
                        }
                }
-       else if (argc == 1)
+       else if (argn == 0)
                {
                in = stdin;
                out = stdout;
                }
        else
                {
-               fprintf(stderr,"%s (infile outfile)\n",argv[0]);
+               fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]);
                exit(1);
                }
 
@@ -162,7 +231,6 @@ int main(int argc,char **argv)
                        }
                if (!parse_line(&keyword, &value, lbuf, buf))
                        continue;
-
                if (!strcmp(keyword, "P"))
                        {
                        if (!do_hex2bn(&dh->p, value))
@@ -192,26 +260,19 @@ int main(int argc,char **argv)
                        {
                        if (!do_hex2bn(&peerkey, value))
                                goto parse_error;
+                       if (do_verify == 0)
+                               output_Zhash(out, exout, dh, peerkey, md,
+                                                       NULL, 0);
                        }
                else if (!strcmp(keyword, "CAVSHashZZ"))
                        {
-                       int Zlen;
-                       unsigned char *Z;
                        if (!md)
                                goto parse_error;
                        rhash = hex2bin_m(value, &rhashlen);
                        if (!rhash || rhashlen != M_EVP_MD_size(md))
                                goto parse_error;
-                       Z = OPENSSL_malloc(BN_num_bytes(dh->p));
-                       if (!Z)
-                               exit(1);
-                       Zlen = DH_compute_key_padded(Z, peerkey, dh);
-                       OutputValue("Z", Z, Zlen, out, 0);
-                       FIPS_digest(Z, Zlen, chash, NULL, md);
-                       OutputValue("IUTHashZZ", chash, rhashlen, out, 0);
-                       fprintf(out, "Result = %s\n",
-                               memcmp(chash, rhash, rhashlen) ? "F" : "P");
-                       OPENSSL_free(Z);
+                       output_Zhash(out, exout, dh, peerkey, md,
+                                                       rhash, rhashlen);
                        }
                }
        return 0;