Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
T
TLMSP OpenSSL
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package Registry
Container Registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
CYBER - Cyber Security
TS 103 523 MSP
TLMSP
TLMSP OpenSSL
Commits
11e80de3
Commit
11e80de3
authored
13 years ago
by
Dr. Stephen Henson
Browse files
Options
Downloads
Patches
Plain Diff
New initial DH algorithm test driver.
parent
bc91494e
No related branches found
Branches containing commit
No related tags found
Tags containing commit
No related merge requests found
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
CHANGES
+7
-0
7 additions, 0 deletions
CHANGES
fips/dh/Makefile
+1
-1
1 addition, 1 deletion
fips/dh/Makefile
fips/dh/fips_dhvs.c
+223
-0
223 additions, 0 deletions
fips/dh/fips_dhvs.c
test/Makefile
+7
-3
7 additions, 3 deletions
test/Makefile
with
238 additions
and
4 deletions
CHANGES
+
7
−
0
View file @
11e80de3
...
...
@@ -4,6 +4,13 @@
Changes between 1.0.1 and 1.1.0 [xx XXX xxxx]
*) New algorithm test program fips_dhvs to handle DH primitives only testing.
[Steve Henson]
*) New function DH_compute_key_padded() to compute a DH key and pad with
leading zeroes if needed: this complies with SP800-56A et al.
[Steve Henson]
*) Initial implementation of SP800-90 DRBGs for Hash and CTR. Not used by
anything, incomplete, subject to change and largely untested at present.
[Steve Henson]
...
...
This diff is collapsed.
Click to expand it.
fips/dh/Makefile
+
1
−
1
View file @
11e80de3
...
...
@@ -18,7 +18,7 @@ AR= ar r
CFLAGS
=
$(
INCLUDES
)
$(
CFLAG
)
GENERAL
=
Makefile
TEST
=
TEST
=
fips_dhvs.c
APPS
=
LIB
=
$(
TOP
)
/libcrypto.a
...
...
This diff is collapsed.
Click to expand it.
fips/dh/fips_dhvs.c
0 → 100644
+
223
−
0
View file @
11e80de3
/* fips/dh/fips_dhvs.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#define OPENSSL_FIPSAPI
#include
<openssl/opensslconf.h>
#ifndef OPENSSL_FIPS
#include
<stdio.h>
int
main
(
int
argc
,
char
**
argv
)
{
printf
(
"No FIPS DRBG support
\n
"
);
return
(
0
);
}
#else
#include
<openssl/crypto.h>
#include
<openssl/bn.h>
#include
<openssl/dh.h>
#include
<openssl/fips.h>
#include
<openssl/err.h>
#include
<openssl/evp.h>
#include
<string.h>
#include
<ctype.h>
#include
"fips_utl.h"
static
const
EVP_MD
*
parse_md
(
char
*
line
)
{
char
*
p
;
if
(
line
[
0
]
!=
'['
||
line
[
1
]
!=
'F'
)
return
NULL
;
p
=
strchr
(
line
,
'-'
);
if
(
!
p
)
return
NULL
;
line
=
p
+
1
;
p
=
strchr
(
line
,
']'
);
if
(
!
p
)
return
NULL
;
*
p
=
0
;
p
=
line
;
while
(
isspace
(
*
p
))
p
++
;
if
(
!
strcmp
(
p
,
"SHA1"
))
return
EVP_sha1
();
else
if
(
!
strcmp
(
p
,
"SHA224"
))
return
EVP_sha224
();
else
if
(
!
strcmp
(
p
,
"SHA256"
))
return
EVP_sha256
();
else
if
(
!
strcmp
(
p
,
"SHA384"
))
return
EVP_sha384
();
else
if
(
!
strcmp
(
p
,
"SHA512"
))
return
EVP_sha512
();
else
return
NULL
;
}
int
main
(
int
argc
,
char
**
argv
)
{
FILE
*
in
,
*
out
;
char
buf
[
2048
],
lbuf
[
2048
];
unsigned
char
*
rhash
,
chash
[
EVP_MAX_MD_SIZE
];
long
rhashlen
;
DH
*
dh
=
NULL
;
const
EVP_MD
*
md
=
NULL
;
BIGNUM
*
peerkey
=
NULL
;
char
*
keyword
=
NULL
,
*
value
=
NULL
;
fips_set_error_print
();
if
(
argc
==
3
)
{
in
=
fopen
(
argv
[
1
],
"r"
);
if
(
!
in
)
{
fprintf
(
stderr
,
"Error opening input file
\n
"
);
exit
(
1
);
}
out
=
fopen
(
argv
[
2
],
"w"
);
if
(
!
out
)
{
fprintf
(
stderr
,
"Error opening output file
\n
"
);
exit
(
1
);
}
}
else
if
(
argc
==
1
)
{
in
=
stdin
;
out
=
stdout
;
}
else
{
fprintf
(
stderr
,
"%s (infile outfile)
\n
"
,
argv
[
0
]);
exit
(
1
);
}
dh
=
FIPS_dh_new
();
while
(
fgets
(
buf
,
sizeof
(
buf
),
in
)
!=
NULL
)
{
fputs
(
buf
,
out
);
if
(
strlen
(
buf
)
>
6
&&
!
strncmp
(
buf
,
"[F"
,
2
))
{
md
=
parse_md
(
buf
);
if
(
md
==
NULL
)
goto
parse_error
;
if
(
dh
)
FIPS_dh_free
(
dh
);
dh
=
FIPS_dh_new
();
continue
;
}
if
(
!
parse_line
(
&
keyword
,
&
value
,
lbuf
,
buf
))
continue
;
if
(
!
strcmp
(
keyword
,
"P"
))
{
if
(
!
do_hex2bn
(
&
dh
->
p
,
value
))
goto
parse_error
;
}
else
if
(
!
strcmp
(
keyword
,
"Q"
))
{
if
(
!
do_hex2bn
(
&
dh
->
q
,
value
))
goto
parse_error
;
}
else
if
(
!
strcmp
(
keyword
,
"G"
))
{
if
(
!
do_hex2bn
(
&
dh
->
g
,
value
))
goto
parse_error
;
}
else
if
(
!
strcmp
(
keyword
,
"XephemIUT"
))
{
if
(
!
do_hex2bn
(
&
dh
->
priv_key
,
value
))
goto
parse_error
;
}
else
if
(
!
strcmp
(
keyword
,
"YephemIUT"
))
{
if
(
!
do_hex2bn
(
&
dh
->
pub_key
,
value
))
goto
parse_error
;
}
else
if
(
!
strcmp
(
keyword
,
"YephemCAVS"
))
{
if
(
!
do_hex2bn
(
&
peerkey
,
value
))
goto
parse_error
;
}
else
if
(
!
strcmp
(
keyword
,
"CAVSHashZZ"
))
{
int
Zlen
;
unsigned
char
*
Z
;
if
(
!
md
)
goto
parse_error
;
rhash
=
hex2bin_m
(
value
,
&
rhashlen
);
if
(
!
rhash
||
rhashlen
!=
M_EVP_MD_size
(
md
))
goto
parse_error
;
Z
=
OPENSSL_malloc
(
BN_num_bytes
(
dh
->
p
));
if
(
!
Z
)
exit
(
1
);
Zlen
=
DH_compute_key_padded
(
Z
,
peerkey
,
dh
);
OutputValue
(
"Z"
,
Z
,
Zlen
,
out
,
0
);
FIPS_digest
(
Z
,
Zlen
,
chash
,
NULL
,
md
);
OutputValue
(
"IUTHashZZ"
,
chash
,
rhashlen
,
out
,
0
);
fprintf
(
out
,
"Result = %s
\n
"
,
memcmp
(
chash
,
rhash
,
rhashlen
)
?
"F"
:
"P"
);
OPENSSL_free
(
Z
);
}
}
return
0
;
parse_error:
fprintf
(
stderr
,
"Error Parsing request file
\n
"
);
exit
(
1
);
}
#endif
This diff is collapsed.
Click to expand it.
test/Makefile
+
7
−
3
View file @
11e80de3
...
...
@@ -75,6 +75,7 @@ FIPS_DSATEST= fips_dsatest
FIPS_DSSVS
=
fips_dssvs
FIPS_RNGVS
=
fips_rngvs
FIPS_DRBGVS
=
fips_drbgvs
FIPS_DHVS
=
fips_dhvs
FIPS_ECDSAVS
=
fips_ecdsavs
FIPS_TEST_SUITE
=
fips_test_suite
...
...
@@ -96,7 +97,7 @@ FIPSEXE=$(FIPS_SHATEST)$(EXE_EXT) $(FIPS_DESTEST)$(EXE_EXT) \
$(
FIPS_RSASTEST
)$(
EXE_EXT
)
$(
FIPS_RSAGTEST
)$(
EXE_EXT
)
\
$(
FIPS_DSSVS
)$(
EXE_EXT
)
$(
FIPS_DSATEST
)$(
EXE_EXT
)
\
$(
FIPS_RNGVS
)$(
EXE_EXT
)
$(
FIPS_DRBGVS
)$(
EXE_EXT
)
\
$(
FIPS_TEST_SUITE
)$(
EXE_EXT
)
\
$(
FIPS_DHVS
)$(
EXE_EXT
)
$(
FIPS_TEST_SUITE
)$(
EXE_EXT
)
\
$(
FIPS_GCMTEST
)$(
EXE_EXT
)
$(
FIPS_ECDSAVS
)$(
EXE_EXT
)
# $(METHTEST)$(EXE_EXT)
...
...
@@ -113,7 +114,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \
$(
FIPS_AESTEST
)
.o
$(
FIPS_HMACTEST
)
.o
$(
FIPS_RSAVTEST
)
.o
\
$(
FIPS_RSASTEST
)
.o
$(
FIPS_RSAGTEST
)
.o
$(
FIPS_GCMTEST
)
.o
\
$(
FIPS_DSSVS
)
.o
$(
FIPS_DSATEST
)
.o
$(
FIPS_RNGVS
)
.o
$(
FIPS_DRBGVS
)
.o
\
$(
FIPS_TEST_SUITE
)
.o
$(
FIPS_ECDSAVS
)
.o
\
$(
FIPS_TEST_SUITE
)
.o
$(
FIPS_DHVS
)
.o
$(
FIPS_ECDSAVS
)
.o
\
$(
EVPTEST
)
.o
$(
IGETEST
)
.o
$(
JPAKETEST
)
.o
SRC
=
$(
BNTEST
)
.c
$(
ECTEST
)
.c
$(
ECDSATEST
)
.c
$(
ECDHTEST
)
.c
$(
IDEATEST
)
.c
\
$(
MD2TEST
)
.c
$(
MD4TEST
)
.c
$(
MD5TEST
)
.c
\
...
...
@@ -126,7 +127,7 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
$(
FIPS_AESTEST
)
.c
$(
FIPS_HMACTEST
)
.c
$(
FIPS_RSAVTEST
)
.c
\
$(
FIPS_RSASTEST
)
.c
$(
FIPS_RSAGTEST
)
.c
$(
FIPS_GCMTEST
)
.c
\
$(
FIPS_DSSVS
)
.c
$(
FIPS_DSATEST
)
.c
$(
FIPS_RNGVS
)
.c
$(
FIPS_DRBGVS
)
.c
\
$(
FIPS_TEST_SUITE
)
.c
$(
FIPS_ECDSAVS
)
.c
\
$(
FIPS_TEST_SUITE
)
.c
$(
FIPS_DHVS
)
.c
$(
FIPS_ECDSAVS
)
.c
\
$(
EVPTEST
)
.c
$(
IGETEST
)
.c
$(
JPAKETEST
)
.c
EXHEADER
=
...
...
@@ -472,6 +473,9 @@ $(FIPS_DSATEST)$(EXE_EXT): $(FIPS_DSATEST).o $(DLIBCRYPTO)
$(FIPS_DSSVS)$(EXE_EXT)
:
$(FIPS_DSSVS).o $(DLIBCRYPTO)
@
target
=
$(
FIPS_DSSVS
);
$(
FIPS_BUILD_CMD
)
$(FIPS_DHVS)$(EXE_EXT)
:
$(FIPS_DHVS).o $(DLIBCRYPTO)
@
target
=
$(
FIPS_DHVS
);
$(
FIPS_BUILD_CMD
)
$(FIPS_ECDSAVS)$(EXE_EXT)
:
$(FIPS_ECDSAVS).o $(DLIBCRYPTO)
@
target
=
$(
FIPS_ECDSAVS
);
$(
FIPS_BUILD_CMD
)
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment