From: Dr. Stephen Henson Date: Wed, 9 Mar 2011 14:39:54 +0000 (+0000) Subject: Update fips_dhvs to handle functional test by generating keys. X-Git-Tag: OpenSSL-fips-2_0-rc1~679 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=0fa714a4f0cfdde652796da8acb0a3ef1d8675a1;p=oweals%2Fopenssl.git Update fips_dhvs to handle functional test by generating keys. --- diff --git a/fips/dh/fips_dhvs.c b/fips/dh/fips_dhvs.c index f00efecf22..92b8d699ef 100644 --- a/fips/dh/fips_dhvs.c +++ b/fips/dh/fips_dhvs.c @@ -106,42 +106,111 @@ static const EVP_MD *parse_md(char *line) return NULL; } +static void output_Zhash(FILE *out, int exout, + DH *dh, BIGNUM *peerkey, const EVP_MD *md, + unsigned char *rhash, size_t rhashlen) + { + unsigned char *Z; + unsigned char chash[EVP_MAX_MD_SIZE]; + int Zlen; + if (rhash == NULL) + { + rhashlen = M_EVP_MD_size(md); + if (!DH_generate_key(dh)) + exit (1); + do_bn_print_name(out, "YephemIUT", dh->pub_key); + if (exout) + do_bn_print_name(out, "XephemIUT", dh->priv_key); + } + Z = OPENSSL_malloc(BN_num_bytes(dh->p)); + if (!Z) + exit(1); + Zlen = DH_compute_key_padded(Z, peerkey, dh); + if (exout) + OutputValue("Z", Z, Zlen, out, 0); + FIPS_digest(Z, Zlen, chash, NULL, md); + OutputValue(rhash ? "IUTHashZZ" : "HashZZ", chash, rhashlen, out, 0); + if (rhash) + { + fprintf(out, "Result = %s\n", + memcmp(chash, rhash, rhashlen) ? "F" : "P"); + } + else + { + BN_clear_free(dh->priv_key); + BN_clear_free(dh->pub_key); + dh->priv_key = NULL; + dh->pub_key = NULL; + } + OPENSSL_cleanse(Z, Zlen); + OPENSSL_free(Z); + } + int main(int argc,char **argv) { + char **args = argv + 1; + int argn = argc - 1; FILE *in, *out; char buf[2048], lbuf[2048]; - unsigned char *rhash, chash[EVP_MAX_MD_SIZE]; + unsigned char *rhash; long rhashlen; DH *dh = NULL; const EVP_MD *md = NULL; BIGNUM *peerkey = NULL; char *keyword = NULL, *value = NULL; + int do_verify = -1, exout = 0; fips_set_error_print(); - if (argc == 3) + if (argn && !strcmp(*args, "dhver")) + { + do_verify = 1; + args++; + argn--; + } + else if (argn && !strcmp(*args, "dhgen")) { - in = fopen(argv[1], "r"); + do_verify = 0; + args++; + argn--; + } + + if (argn && !strcmp(*args, "-exout")) + { + exout = 1; + args++; + argn--; + } + + if (do_verify == -1) + { + fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]); + exit(1); + } + + if (argn == 2) + { + in = fopen(*args, "r"); if (!in) { fprintf(stderr, "Error opening input file\n"); exit(1); } - out = fopen(argv[2], "w"); + out = fopen(args[1], "w"); if (!out) { fprintf(stderr, "Error opening output file\n"); exit(1); } } - else if (argc == 1) + else if (argn == 0) { in = stdin; out = stdout; } else { - fprintf(stderr,"%s (infile outfile)\n",argv[0]); + fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]); exit(1); } @@ -162,7 +231,6 @@ int main(int argc,char **argv) } if (!parse_line(&keyword, &value, lbuf, buf)) continue; - if (!strcmp(keyword, "P")) { if (!do_hex2bn(&dh->p, value)) @@ -192,26 +260,19 @@ int main(int argc,char **argv) { if (!do_hex2bn(&peerkey, value)) goto parse_error; + if (do_verify == 0) + output_Zhash(out, exout, dh, peerkey, md, + NULL, 0); } else if (!strcmp(keyword, "CAVSHashZZ")) { - int Zlen; - unsigned char *Z; if (!md) goto parse_error; rhash = hex2bin_m(value, &rhashlen); if (!rhash || rhashlen != M_EVP_MD_size(md)) goto parse_error; - Z = OPENSSL_malloc(BN_num_bytes(dh->p)); - if (!Z) - exit(1); - Zlen = DH_compute_key_padded(Z, peerkey, dh); - OutputValue("Z", Z, Zlen, out, 0); - FIPS_digest(Z, Zlen, chash, NULL, md); - OutputValue("IUTHashZZ", chash, rhashlen, out, 0); - fprintf(out, "Result = %s\n", - memcmp(chash, rhash, rhashlen) ? "F" : "P"); - OPENSSL_free(Z); + output_Zhash(out, exout, dh, peerkey, md, + rhash, rhashlen); } } return 0;