From: Dr. Stephen Henson Date: Thu, 5 May 2005 21:46:30 +0000 (+0000) Subject: FIPS RSA verify test. X-Git-Tag: BEN_FIPS_TEST_8~38 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=2dab26339d8e26c78169f858b87626cc47af4dbb;p=oweals%2Fopenssl.git FIPS RSA verify test. --- diff --git a/fips/rsa/Makefile b/fips/rsa/Makefile index bc52bb9726..2fa85a773b 100644 --- a/fips/rsa/Makefile +++ b/fips/rsa/Makefile @@ -18,7 +18,7 @@ AR= ar r CFLAGS= $(INCLUDES) $(CFLAG) GENERAL=Makefile -TEST= +TEST= fips_rsavtest.c APPS= LIB=$(TOP)/libcrypto.a diff --git a/fips/rsa/fips_rsavtest.c b/fips/rsa/fips_rsavtest.c new file mode 100644 index 0000000000..f8b07a989a --- /dev/null +++ b/fips/rsa/fips_rsavtest.c @@ -0,0 +1,332 @@ +/* fips_rsavtest.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 2005. + */ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +static int rsa_test(BIO *err, BIO *out, BIO *in); +static int rsa_printver(BIO *err, BIO *out, + BIGNUM *n, BIGNUM *e, + unsigned char *Msg, long Msglen, + unsigned char *S, long Slen); + +int main(int argc, char **argv) + { + BIO *in = NULL, *out = NULL, *err = NULL; + + int ret = 1; + ERR_load_crypto_strings(); + + err = BIO_new_fp(stderr, BIO_NOCLOSE); + + if (!err) + { + fprintf(stderr, "FATAL stderr initialization error\n"); + goto end; + } + +#ifdef OPENSSL_FIPS + if(!FIPS_mode_set(1,argv[0])) + { + ERR_print_errors(err); + goto end; + } +#endif + + if (argc == 1) + in = BIO_new_fp(stdin, BIO_NOCLOSE); + else + in = BIO_new_file(argv[1], "r"); + + if (argc < 2) + out = BIO_new_fp(stdout, BIO_NOCLOSE); + else + out = BIO_new_file(argv[2], "w"); + + if (!in) + { + BIO_printf(err, "FATAL input initialization error\n"); + goto end; + } + + if (!out) + { + fprintf(stderr, "FATAL output initialization error\n"); + goto end; + } + + if (!rsa_test(err, out, in)) + { + fprintf(stderr, "FATAL RSAVTEST file processing error\n"); + goto end; + } + else + ret = 0; + + end: + + if (ret && err) + ERR_print_errors(err); + + if (in) + BIO_free(in); + if (out) + BIO_free(out); + if (err) + BIO_free(err); + + return ret; + + } + +#define RSA_TEST_MAXLINELEN 10240 + +int rsa_test(BIO *err, BIO *out, BIO *in) + { + char *linebuf, *olinebuf, *p, *q; + char *keyword, *value; + BIGNUM *n = NULL, *e = NULL; + unsigned char *Msg = NULL, *S = NULL; + long Msglen, Slen; + int ret = 0; + int lnum = 0; + + olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN); + linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN); + + if (!linebuf || !olinebuf) + goto error; + + while (BIO_gets(in, olinebuf, RSA_TEST_MAXLINELEN) > 0) + { + lnum++; + strcpy(linebuf, olinebuf); + keyword = linebuf; + /* Skip leading space */ + while (isspace((unsigned char)*keyword)) + keyword++; + + /* Look for = sign */ + p = strchr(linebuf, '='); + + /* If no = or starts with [ (for [foo = bar] line) just copy */ + if (!p || *keyword=='[') + { + if (!BIO_puts(out, olinebuf)) + goto error; + continue; + } + + q = p - 1; + + /* Remove trailing space */ + while (isspace((unsigned char)*q)) + *q-- = 0; + + + value = p + 1; + + /* Remove leading space from value */ + while (isspace((unsigned char)*value)) + value++; + + /* Remove trailing space from value */ + p = value + strlen(value) - 1; + + while (*p == '\n' || isspace((unsigned char)*p)) + *p-- = 0; + + if (!strcmp(keyword, "n")) + { + if (!BN_hex2bn(&n,value)) + goto parse_error; + } + else if (!strcmp(keyword, "e")) + { + if (!BN_hex2bn(&e,value)) + goto parse_error; + } + else if (!strcmp(keyword, "SHAAlg")) + { + if (strcmp(value, "SHA1")) + { + BIO_printf(err, + "FATAL: unsupported algorithm \"%s\"\n", + value); + goto parse_error; + } + } + else if (!strcmp(keyword, "Msg")) + { + if (Msg) + goto parse_error; + Msg = string_to_hex(value, &Msglen); + if (!Msg) + goto parse_error; + } + else if (!strcmp(keyword, "S")) + { + if (S) + goto parse_error; + S = string_to_hex(value, &Slen); + if (!S) + goto parse_error; + } + else if (!strcmp(keyword, "Result")) + continue; + else + goto parse_error; + + BIO_puts(out, olinebuf); + + if (n && e && Msg && S) + { + if (!rsa_printver(err, out, n, e, Msg, Msglen, S, Slen)) + goto error; + OPENSSL_free(Msg); + Msg = NULL; + OPENSSL_free(S); + S = NULL; + } + + } + + + ret = 1; + + + error: + + if (olinebuf) + OPENSSL_free(olinebuf); + if (linebuf) + OPENSSL_free(linebuf); + if (n) + BN_free(n); + if (e) + BN_free(e); + + return ret; + + parse_error: + + BIO_printf(err, "FATAL parse error processing line %d\n", lnum); + + goto error; + + } + +static int rsa_printver(BIO *err, BIO *out, + BIGNUM *n, BIGNUM *e, + unsigned char *Msg, long Msglen, + unsigned char *S, long Slen) + { + int ret = 0, r; + /* Setup RSA and EVP_PKEY structures */ + RSA *rsa_pubkey = NULL; + EVP_PKEY *pubkey = NULL; + EVP_MD_CTX ctx; + rsa_pubkey = RSA_new(); + pubkey = EVP_PKEY_new(); + if (!rsa_pubkey || !pubkey) + goto error; + rsa_pubkey->n = BN_dup(n); + rsa_pubkey->e = BN_dup(e); + if (!rsa_pubkey->n || !rsa_pubkey->e) + goto error; + if (!EVP_PKEY_set1_RSA(pubkey, rsa_pubkey)) + goto error; + + EVP_MD_CTX_init(&ctx); + + if (!EVP_VerifyInit_ex(&ctx, EVP_sha1(), NULL)) + goto error; + if (!EVP_VerifyUpdate(&ctx, Msg, Msglen)) + goto error; + + r = EVP_VerifyFinal(&ctx, S, Slen, pubkey); + + EVP_MD_CTX_cleanup(&ctx); + + if (r < 0) + goto error; + + ERR_clear_error(); + + if (r == 0) + BIO_puts(out, "Result = F\n"); + else + BIO_puts(out, "Result = P\n"); + + ret = 1; + + error: + if (rsa_pubkey) + RSA_free(rsa_pubkey); + if (pubkey) + EVP_PKEY_free(pubkey); + + return ret; + } + diff --git a/test/Makefile b/test/Makefile index cd7e57d13e..f59c6acea2 100644 --- a/test/Makefile +++ b/test/Makefile @@ -65,6 +65,7 @@ ENGINETEST= enginetest EVPTEST= evp_test FIPS_AESTEST= fips_aesavs FIPS_HMACTEST= fips_hmactest +FIPS_RSAVTEST= fips_rsavtest TESTS= alltests @@ -73,7 +74,8 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(IDEATEST)$(EXE_EXT) $(MD2TEST)$(E $(DESTEST)$(EXE_EXT) $(FIPS_DESTEST)$(EXE_EXT) $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(FIPS_SHA1TEST)$(EXE_EXT) $(MDC2TEST)$(EXE_EXT) $(RMDTEST)$(EXE_EXT) \ $(RANDTEST)$(EXE_EXT) $(FIPS_RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \ $(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(FIPS_DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \ - $(EVPTEST)$(EXE_EXT) $(FIPS_AESTEST)$(EXE_EXT) $(FIPS_HMACTEST)$(EXE_EXT) + $(EVPTEST)$(EXE_EXT) $(FIPS_AESTEST)$(EXE_EXT) \ + $(FIPS_HMACTEST)$(EXE_EXT) $(FIPS_RSAVTEST)$(EXE_EXT) # $(METHTEST)$(EXE_EXT) @@ -83,14 +85,14 @@ OBJ= $(BNTEST).o $(ECTEST).o $(IDEATEST).o $(MD2TEST).o $(MD4TEST).o $(MD5TEST). $(DESTEST).o $(FIPS_DESTEST).o $(SHATEST).o $(SHA1TEST).o $(FIPS_SHA1TEST).o $(MDC2TEST).o $(RMDTEST).o \ $(RANDTEST).o $(FIPS_RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \ $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(FIPS_DSATEST).o $(EXPTEST).o $(RSATEST).o \ - $(EVPTEST).o $(FIPS_AESTEST).o $(FIPS_HMACTEST).o + $(EVPTEST).o $(FIPS_AESTEST).o $(FIPS_HMACTEST).o $(FIPS_RSAVTEST).o SRC= $(BNTEST).c $(ECTEST).c $(IDEATEST).c $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \ $(HMACTEST).c \ $(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \ $(DESTEST).c $(FIPS_DESTEST).c $(SHATEST).c $(SHA1TEST).c $(FIPS_SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \ $(RANDTEST).c $(FIPS_RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \ $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(FIPS_DSATEST).c $(EXPTEST).c $(RSATEST).c \ - $(EVPTEST).c $(FIPS_AESTEST).c $(FIPS_HMACTEST).c + $(EVPTEST).c $(FIPS_AESTEST).c $(FIPS_HMACTEST).c $(FIPS_RSAVTEST).c EXHEADER= HEADER= $(EXHEADER) @@ -333,6 +335,12 @@ $(FIPS_HMACTEST)$(EXE_EXT): $(FIPS_HMACTEST).o $(DLIBCRYPTO) TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_HMACTEST); \ fi +$(FIPS_RSAVTEST)$(EXE_EXT): $(FIPS_RSAVTEST).o $(DLIBCRYPTO) + @target=$(FIPS_RSAVTEST); $(BUILD_CMD) + if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \ + TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_RSAVTEST); \ + fi + $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) @target=$(RSATEST); $(BUILD_CMD)