Skip to content
Snippets Groups Projects
Commit 11e80de3 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

New initial DH algorithm test driver.

parent bc91494e
No related branches found
No related tags found
No related merge requests found
......@@ -4,6 +4,13 @@
Changes between 1.0.1 and 1.1.0 [xx XXX xxxx]
*) New algorithm test program fips_dhvs to handle DH primitives only testing.
[Steve Henson]
*) New function DH_compute_key_padded() to compute a DH key and pad with
leading zeroes if needed: this complies with SP800-56A et al.
[Steve Henson]
*) Initial implementation of SP800-90 DRBGs for Hash and CTR. Not used by
anything, incomplete, subject to change and largely untested at present.
[Steve Henson]
......
......@@ -18,7 +18,7 @@ AR= ar r
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile
TEST=
TEST= fips_dhvs.c
APPS=
LIB=$(TOP)/libcrypto.a
......
/* fips/dh/fips_dhvs.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#define OPENSSL_FIPSAPI
#include <openssl/opensslconf.h>
#ifndef OPENSSL_FIPS
#include <stdio.h>
int main(int argc, char **argv)
{
printf("No FIPS DRBG support\n");
return(0);
}
#else
#include <openssl/crypto.h>
#include <openssl/bn.h>
#include <openssl/dh.h>
#include <openssl/fips.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <string.h>
#include <ctype.h>
#include "fips_utl.h"
static const EVP_MD *parse_md(char *line)
{
char *p;
if (line[0] != '[' || line[1] != 'F')
return NULL;
p = strchr(line, '-');
if (!p)
return NULL;
line = p + 1;
p = strchr(line, ']');
if (!p)
return NULL;
*p = 0;
p = line;
while(isspace(*p))
p++;
if (!strcmp(p, "SHA1"))
return EVP_sha1();
else if (!strcmp(p, "SHA224"))
return EVP_sha224();
else if (!strcmp(p, "SHA256"))
return EVP_sha256();
else if (!strcmp(p, "SHA384"))
return EVP_sha384();
else if (!strcmp(p, "SHA512"))
return EVP_sha512();
else
return NULL;
}
int main(int argc,char **argv)
{
FILE *in, *out;
char buf[2048], lbuf[2048];
unsigned char *rhash, chash[EVP_MAX_MD_SIZE];
long rhashlen;
DH *dh = NULL;
const EVP_MD *md = NULL;
BIGNUM *peerkey = NULL;
char *keyword = NULL, *value = NULL;
fips_set_error_print();
if (argc == 3)
{
in = fopen(argv[1], "r");
if (!in)
{
fprintf(stderr, "Error opening input file\n");
exit(1);
}
out = fopen(argv[2], "w");
if (!out)
{
fprintf(stderr, "Error opening output file\n");
exit(1);
}
}
else if (argc == 1)
{
in = stdin;
out = stdout;
}
else
{
fprintf(stderr,"%s (infile outfile)\n",argv[0]);
exit(1);
}
dh = FIPS_dh_new();
while (fgets(buf, sizeof(buf), in) != NULL)
{
fputs(buf, out);
if (strlen(buf) > 6 && !strncmp(buf, "[F", 2))
{
md = parse_md(buf);
if (md == NULL)
goto parse_error;
if (dh)
FIPS_dh_free(dh);
dh = FIPS_dh_new();
continue;
}
if (!parse_line(&keyword, &value, lbuf, buf))
continue;
if (!strcmp(keyword, "P"))
{
if (!do_hex2bn(&dh->p, value))
goto parse_error;
}
else if (!strcmp(keyword, "Q"))
{
if (!do_hex2bn(&dh->q, value))
goto parse_error;
}
else if (!strcmp(keyword, "G"))
{
if (!do_hex2bn(&dh->g, value))
goto parse_error;
}
else if (!strcmp(keyword, "XephemIUT"))
{
if (!do_hex2bn(&dh->priv_key, value))
goto parse_error;
}
else if (!strcmp(keyword, "YephemIUT"))
{
if (!do_hex2bn(&dh->pub_key, value))
goto parse_error;
}
else if (!strcmp(keyword, "YephemCAVS"))
{
if (!do_hex2bn(&peerkey, value))
goto parse_error;
}
else if (!strcmp(keyword, "CAVSHashZZ"))
{
int Zlen;
unsigned char *Z;
if (!md)
goto parse_error;
rhash = hex2bin_m(value, &rhashlen);
if (!rhash || rhashlen != M_EVP_MD_size(md))
goto parse_error;
Z = OPENSSL_malloc(BN_num_bytes(dh->p));
if (!Z)
exit(1);
Zlen = DH_compute_key_padded(Z, peerkey, dh);
OutputValue("Z", Z, Zlen, out, 0);
FIPS_digest(Z, Zlen, chash, NULL, md);
OutputValue("IUTHashZZ", chash, rhashlen, out, 0);
fprintf(out, "Result = %s\n",
memcmp(chash, rhash, rhashlen) ? "F" : "P");
OPENSSL_free(Z);
}
}
return 0;
parse_error:
fprintf(stderr, "Error Parsing request file\n");
exit(1);
}
#endif
......@@ -75,6 +75,7 @@ FIPS_DSATEST= fips_dsatest
FIPS_DSSVS= fips_dssvs
FIPS_RNGVS= fips_rngvs
FIPS_DRBGVS= fips_drbgvs
FIPS_DHVS= fips_dhvs
FIPS_ECDSAVS= fips_ecdsavs
FIPS_TEST_SUITE=fips_test_suite
......@@ -96,7 +97,7 @@ FIPSEXE=$(FIPS_SHATEST)$(EXE_EXT) $(FIPS_DESTEST)$(EXE_EXT) \
$(FIPS_RSASTEST)$(EXE_EXT) $(FIPS_RSAGTEST)$(EXE_EXT) \
$(FIPS_DSSVS)$(EXE_EXT) $(FIPS_DSATEST)$(EXE_EXT) \
$(FIPS_RNGVS)$(EXE_EXT) $(FIPS_DRBGVS)$(EXE_EXT) \
$(FIPS_TEST_SUITE)$(EXE_EXT) \
$(FIPS_DHVS)$(EXE_EXT) $(FIPS_TEST_SUITE)$(EXE_EXT) \
$(FIPS_GCMTEST)$(EXE_EXT) $(FIPS_ECDSAVS)$(EXE_EXT)
# $(METHTEST)$(EXE_EXT)
......@@ -113,7 +114,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \
$(FIPS_AESTEST).o $(FIPS_HMACTEST).o $(FIPS_RSAVTEST).o \
$(FIPS_RSASTEST).o $(FIPS_RSAGTEST).o $(FIPS_GCMTEST).o \
$(FIPS_DSSVS).o $(FIPS_DSATEST).o $(FIPS_RNGVS).o $(FIPS_DRBGVS).o \
$(FIPS_TEST_SUITE).o $(FIPS_ECDSAVS).o \
$(FIPS_TEST_SUITE).o $(FIPS_DHVS).o $(FIPS_ECDSAVS).o \
$(EVPTEST).o $(IGETEST).o $(JPAKETEST).o
SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
$(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \
......@@ -126,7 +127,7 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
$(FIPS_AESTEST).c $(FIPS_HMACTEST).c $(FIPS_RSAVTEST).c \
$(FIPS_RSASTEST).c $(FIPS_RSAGTEST).c $(FIPS_GCMTEST).c \
$(FIPS_DSSVS).c $(FIPS_DSATEST).c $(FIPS_RNGVS).c $(FIPS_DRBGVS).c \
$(FIPS_TEST_SUITE).c $(FIPS_ECDSAVS).c \
$(FIPS_TEST_SUITE).c $(FIPS_DHVS).c $(FIPS_ECDSAVS).c \
$(EVPTEST).c $(IGETEST).c $(JPAKETEST).c
EXHEADER=
......@@ -472,6 +473,9 @@ $(FIPS_DSATEST)$(EXE_EXT): $(FIPS_DSATEST).o $(DLIBCRYPTO)
$(FIPS_DSSVS)$(EXE_EXT): $(FIPS_DSSVS).o $(DLIBCRYPTO)
@target=$(FIPS_DSSVS); $(FIPS_BUILD_CMD)
$(FIPS_DHVS)$(EXE_EXT): $(FIPS_DHVS).o $(DLIBCRYPTO)
@target=$(FIPS_DHVS); $(FIPS_BUILD_CMD)
$(FIPS_ECDSAVS)$(EXE_EXT): $(FIPS_ECDSAVS).o $(DLIBCRYPTO)
@target=$(FIPS_ECDSAVS); $(FIPS_BUILD_CMD)
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment