From: Dr. Stephen Henson Date: Tue, 8 Mar 2011 19:10:17 +0000 (+0000) Subject: New initial DH algorithm test driver. X-Git-Tag: OpenSSL-fips-2_0-rc1~682 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=11e80de3ee155e21110019c5833cde55f555f0b9;p=oweals%2Fopenssl.git New initial DH algorithm test driver. --- diff --git a/CHANGES b/CHANGES index d3c0c27f7a..3690126846 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,13 @@ Changes between 1.0.1 and 1.1.0 [xx XXX xxxx] + *) New algorithm test program fips_dhvs to handle DH primitives only testing. + [Steve Henson] + + *) New function DH_compute_key_padded() to compute a DH key and pad with + leading zeroes if needed: this complies with SP800-56A et al. + [Steve Henson] + *) Initial implementation of SP800-90 DRBGs for Hash and CTR. Not used by anything, incomplete, subject to change and largely untested at present. [Steve Henson] diff --git a/fips/dh/Makefile b/fips/dh/Makefile index f3a4b042d6..1bb713814b 100644 --- a/fips/dh/Makefile +++ b/fips/dh/Makefile @@ -18,7 +18,7 @@ AR= ar r CFLAGS= $(INCLUDES) $(CFLAG) GENERAL=Makefile -TEST= +TEST= fips_dhvs.c APPS= LIB=$(TOP)/libcrypto.a diff --git a/fips/dh/fips_dhvs.c b/fips/dh/fips_dhvs.c new file mode 100644 index 0000000000..73623e36b4 --- /dev/null +++ b/fips/dh/fips_dhvs.c @@ -0,0 +1,223 @@ +/* fips/dh/fips_dhvs.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + + +#define OPENSSL_FIPSAPI +#include + +#ifndef OPENSSL_FIPS +#include + +int main(int argc, char **argv) +{ + printf("No FIPS DRBG support\n"); + return(0); +} +#else + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "fips_utl.h" + +static const EVP_MD *parse_md(char *line) + { + char *p; + if (line[0] != '[' || line[1] != 'F') + return NULL; + p = strchr(line, '-'); + if (!p) + return NULL; + line = p + 1; + p = strchr(line, ']'); + if (!p) + return NULL; + *p = 0; + p = line; + while(isspace(*p)) + p++; + if (!strcmp(p, "SHA1")) + return EVP_sha1(); + else if (!strcmp(p, "SHA224")) + return EVP_sha224(); + else if (!strcmp(p, "SHA256")) + return EVP_sha256(); + else if (!strcmp(p, "SHA384")) + return EVP_sha384(); + else if (!strcmp(p, "SHA512")) + return EVP_sha512(); + else + return NULL; + } + +int main(int argc,char **argv) + { + FILE *in, *out; + char buf[2048], lbuf[2048]; + unsigned char *rhash, chash[EVP_MAX_MD_SIZE]; + long rhashlen; + DH *dh = NULL; + const EVP_MD *md = NULL; + BIGNUM *peerkey = NULL; + char *keyword = NULL, *value = NULL; + + fips_set_error_print(); + + if (argc == 3) + { + in = fopen(argv[1], "r"); + if (!in) + { + fprintf(stderr, "Error opening input file\n"); + exit(1); + } + out = fopen(argv[2], "w"); + if (!out) + { + fprintf(stderr, "Error opening output file\n"); + exit(1); + } + } + else if (argc == 1) + { + in = stdin; + out = stdout; + } + else + { + fprintf(stderr,"%s (infile outfile)\n",argv[0]); + exit(1); + } + + dh = FIPS_dh_new(); + + while (fgets(buf, sizeof(buf), in) != NULL) + { + fputs(buf, out); + if (strlen(buf) > 6 && !strncmp(buf, "[F", 2)) + { + md = parse_md(buf); + if (md == NULL) + goto parse_error; + if (dh) + FIPS_dh_free(dh); + dh = FIPS_dh_new(); + continue; + } + if (!parse_line(&keyword, &value, lbuf, buf)) + continue; + + if (!strcmp(keyword, "P")) + { + if (!do_hex2bn(&dh->p, value)) + goto parse_error; + } + else if (!strcmp(keyword, "Q")) + { + if (!do_hex2bn(&dh->q, value)) + goto parse_error; + } + else if (!strcmp(keyword, "G")) + { + if (!do_hex2bn(&dh->g, value)) + goto parse_error; + } + else if (!strcmp(keyword, "XephemIUT")) + { + if (!do_hex2bn(&dh->priv_key, value)) + goto parse_error; + } + else if (!strcmp(keyword, "YephemIUT")) + { + if (!do_hex2bn(&dh->pub_key, value)) + goto parse_error; + } + else if (!strcmp(keyword, "YephemCAVS")) + { + if (!do_hex2bn(&peerkey, value)) + goto parse_error; + } + else if (!strcmp(keyword, "CAVSHashZZ")) + { + int Zlen; + unsigned char *Z; + if (!md) + goto parse_error; + rhash = hex2bin_m(value, &rhashlen); + if (!rhash || rhashlen != M_EVP_MD_size(md)) + goto parse_error; + Z = OPENSSL_malloc(BN_num_bytes(dh->p)); + if (!Z) + exit(1); + Zlen = DH_compute_key_padded(Z, peerkey, dh); + OutputValue("Z", Z, Zlen, out, 0); + FIPS_digest(Z, Zlen, chash, NULL, md); + OutputValue("IUTHashZZ", chash, rhashlen, out, 0); + fprintf(out, "Result = %s\n", + memcmp(chash, rhash, rhashlen) ? "F" : "P"); + OPENSSL_free(Z); + } + } + return 0; + parse_error: + fprintf(stderr, "Error Parsing request file\n"); + exit(1); + } + +#endif diff --git a/test/Makefile b/test/Makefile index 3e26dfcbfb..b5aedfd7ed 100644 --- a/test/Makefile +++ b/test/Makefile @@ -75,6 +75,7 @@ FIPS_DSATEST= fips_dsatest FIPS_DSSVS= fips_dssvs FIPS_RNGVS= fips_rngvs FIPS_DRBGVS= fips_drbgvs +FIPS_DHVS= fips_dhvs FIPS_ECDSAVS= fips_ecdsavs FIPS_TEST_SUITE=fips_test_suite @@ -96,7 +97,7 @@ FIPSEXE=$(FIPS_SHATEST)$(EXE_EXT) $(FIPS_DESTEST)$(EXE_EXT) \ $(FIPS_RSASTEST)$(EXE_EXT) $(FIPS_RSAGTEST)$(EXE_EXT) \ $(FIPS_DSSVS)$(EXE_EXT) $(FIPS_DSATEST)$(EXE_EXT) \ $(FIPS_RNGVS)$(EXE_EXT) $(FIPS_DRBGVS)$(EXE_EXT) \ - $(FIPS_TEST_SUITE)$(EXE_EXT) \ + $(FIPS_DHVS)$(EXE_EXT) $(FIPS_TEST_SUITE)$(EXE_EXT) \ $(FIPS_GCMTEST)$(EXE_EXT) $(FIPS_ECDSAVS)$(EXE_EXT) # $(METHTEST)$(EXE_EXT) @@ -113,7 +114,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \ $(FIPS_AESTEST).o $(FIPS_HMACTEST).o $(FIPS_RSAVTEST).o \ $(FIPS_RSASTEST).o $(FIPS_RSAGTEST).o $(FIPS_GCMTEST).o \ $(FIPS_DSSVS).o $(FIPS_DSATEST).o $(FIPS_RNGVS).o $(FIPS_DRBGVS).o \ - $(FIPS_TEST_SUITE).o $(FIPS_ECDSAVS).o \ + $(FIPS_TEST_SUITE).o $(FIPS_DHVS).o $(FIPS_ECDSAVS).o \ $(EVPTEST).o $(IGETEST).o $(JPAKETEST).o SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \ @@ -126,7 +127,7 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(FIPS_AESTEST).c $(FIPS_HMACTEST).c $(FIPS_RSAVTEST).c \ $(FIPS_RSASTEST).c $(FIPS_RSAGTEST).c $(FIPS_GCMTEST).c \ $(FIPS_DSSVS).c $(FIPS_DSATEST).c $(FIPS_RNGVS).c $(FIPS_DRBGVS).c \ - $(FIPS_TEST_SUITE).c $(FIPS_ECDSAVS).c \ + $(FIPS_TEST_SUITE).c $(FIPS_DHVS).c $(FIPS_ECDSAVS).c \ $(EVPTEST).c $(IGETEST).c $(JPAKETEST).c EXHEADER= @@ -472,6 +473,9 @@ $(FIPS_DSATEST)$(EXE_EXT): $(FIPS_DSATEST).o $(DLIBCRYPTO) $(FIPS_DSSVS)$(EXE_EXT): $(FIPS_DSSVS).o $(DLIBCRYPTO) @target=$(FIPS_DSSVS); $(FIPS_BUILD_CMD) +$(FIPS_DHVS)$(EXE_EXT): $(FIPS_DHVS).o $(DLIBCRYPTO) + @target=$(FIPS_DHVS); $(FIPS_BUILD_CMD) + $(FIPS_ECDSAVS)$(EXE_EXT): $(FIPS_ECDSAVS).o $(DLIBCRYPTO) @target=$(FIPS_ECDSAVS); $(FIPS_BUILD_CMD)