Backport fixes/updates from 0.9.8-fips to algorithm tests.

3 files changed, 177 insertions, 30 deletions

diff --git a/fips-1.0/aes/fips_aesavs.c b/fips-1.0/aes/fips_aesavs.c
index ac155e926d..af7874970c 100644
--- a/fips-1.0/aes/fips_aesavs.c
+++ b/fips-1.0/aes/fips_aesavs.c
@@ -82,7 +82,7 @@ int main(int argc, char *argv[])
 
 #define AES_BLOCK_SIZE 16
 
-#define VERBOSE 1
+#define VERBOSE 0
 
 /*-----------------------------------------------*/
 
@@ -476,8 +476,10 @@ int do_mct(char *amode,
 		if(j == 0)
 		    {
 		    /* compensate for wrong endianness of input file */
+#if 0
 		    if(i == 0)
 			ptext[0][0]<<=7;
+#endif
 		    ret=AESTest(&ctx,amode,akeysz,key[i],iv[i],dir,
 				ptext[j], ctext[j], len);
 		    }
@@ -694,7 +696,7 @@ static int tidy_line(char *linebuf, char *olinebuf)
   # Fri Aug 30 04:07:22 PM
   ----------------------------*/
 
-int proc_file(char *rqfile)
+int proc_file(char *rqfile, char *rspfile)
     {
     char afn[256], rfn[256];
     FILE *afp = NULL, *rfp = NULL;
@@ -725,13 +727,21 @@ int proc_file(char *rqfile)
 	       afn, strerror(errno));
 	return -1;
 	}
-    strcpy(rfn,afn);
-    rp=strstr(rfn,"req/");
-    assert(rp);
-    memcpy(rp,"rsp",3);
-    rp = strstr(rfn, ".req");
-    memcpy(rp, ".rsp", 4);
-    if ((rfp = fopen(rfn, "w")) == NULL)
+    if (!rspfile)
+	{
+	strcpy(rfn,afn);
+	rp=strstr(rfn,"req/");
+#ifdef OPENSSL_SYS_WIN32
+	if (!rp)
+	    rp=strstr(rfn,"req\\");
+#endif
+	assert(rp);
+	memcpy(rp,"rsp",3);
+	rp = strstr(rfn, ".req");
+	memcpy(rp, ".rsp", 4);
+	rspfile = rfn;
+	}
+    if ((rfp = fopen(rspfile, "w")) == NULL)
 	{
 	printf("Cannot open file: %s, %s\n", 
 	       rfn, strerror(errno));
@@ -795,7 +805,8 @@ int proc_file(char *rqfile)
 			strncpy(amode, xp+1, n);
 			amode[n] = '\0';
 			/* amode[3] = '\0'; */
-			printf("Test = %s, Mode = %s\n", atest, amode);
+			if (VERBOSE)
+			    printf("Test = %s, Mode = %s\n", atest, amode);
 			}
 		    else if (strncasecmp(pp, "Key Length : ", 13) == 0)
 			{
@@ -947,7 +958,6 @@ int proc_file(char *rqfile)
 		    err =1;
 		    break;
 		    }
-
 		PrintValue("CIPHERTEXT", ciphertext, len);
 		if (strcmp(atest, "MCT") == 0)  /* Monte Carlo Test */
 		    {
@@ -998,7 +1008,7 @@ int proc_file(char *rqfile)
 --------------------------------------------------*/
 int main(int argc, char **argv)
     {
-    char *rqlist = "req.txt";
+    char *rqlist = "req.txt", *rspfile = NULL;
     FILE *fp = NULL;
     char fn[250] = "", rfn[256] = "";
     int f_opt = 0, d_opt = 1;
@@ -1034,7 +1044,10 @@ int main(int argc, char **argv)
 	if (d_opt)
 	    rqlist = argv[2];
 	else
+	    {
 	    strcpy(fn, argv[2]);
+	    rspfile = argv[3];
+	    }
 	}
     if (d_opt)
 	{ /* list of files (directory) */
@@ -1047,8 +1060,9 @@ int main(int argc, char **argv)
 	    {
 	    strtok(fn, "\r\n");
 	    strcpy(rfn, fn);
-	    printf("Processing: %s\n", rfn);
-	    if (proc_file(rfn))
+	    if (VERBOSE)
+	    	printf("Processing: %s\n", rfn);
+	    if (proc_file(rfn, rspfile))
 		{
 		printf(">>> Processing failed for: %s <<<\n", rfn);
 		EXIT(1);
@@ -1058,8 +1072,9 @@ int main(int argc, char **argv)
 	}
     else /* single file */
 	{
-	printf("Processing: %s\n", fn);
-	if (proc_file(fn))
+	if (VERBOSE)
+	    printf("Processing: %s\n", fn);
+	if (proc_file(fn, rspfile))
 	    {
 	    printf(">>> Processing failed for: %s <<<\n", fn);
 	    }
diff --git a/fips-1.0/des/fips_desmovs.c b/fips-1.0/des/fips_desmovs.c
index 900e800320..c8df37eed1 100644
--- a/fips-1.0/des/fips_desmovs.c
+++ b/fips-1.0/des/fips_desmovs.c
@@ -558,7 +558,7 @@ void do_mct(char *amode,
 	}
     }
     
-int proc_file(char *rqfile)
+int proc_file(char *rqfile, char *rspfile)
     {
     char afn[256], rfn[256];
     FILE *afp = NULL, *rfp = NULL;
@@ -588,13 +588,21 @@ int proc_file(char *rqfile)
 	       afn, strerror(errno));
 	return -1;
 	}
-    strcpy(rfn,afn);
-    rp=strstr(rfn,"req/");
-    assert(rp);
-    memcpy(rp,"rsp",3);
-    rp = strstr(rfn, ".req");
-    memcpy(rp, ".rsp", 4);
-    if ((rfp = fopen(rfn, "w")) == NULL)
+    if (!rspfile)
+	{
+	strcpy(rfn,afn);
+	rp=strstr(rfn,"req/");
+#ifdef OPENSSL_SYS_WIN32
+	if (!rp)
+	    rp=strstr(rfn,"req\\");
+#endif
+	assert(rp);
+	memcpy(rp,"rsp",3);
+	rp = strstr(rfn, ".req");
+	memcpy(rp, ".rsp", 4);
+	rspfile = rfn;
+	}
+    if ((rfp = fopen(rspfile, "w")) == NULL)
 	{
 	printf("Cannot open file: %s, %s\n", 
 	       rfn, strerror(errno));
@@ -666,7 +674,8 @@ int proc_file(char *rqfile)
 			strncpy(amode, xp+1, n);
 			amode[n] = '\0';
 			/* amode[3] = '\0'; */
-			printf("Test=%s, Mode=%s\n",atest,amode);
+			if (VERBOSE)
+				printf("Test=%s, Mode=%s\n",atest,amode);
 			}
 		    }
 		}
@@ -909,7 +918,7 @@ int proc_file(char *rqfile)
 --------------------------------------------------*/
 int main(int argc, char **argv)
     {
-    char *rqlist = "req.txt";
+    char *rqlist = "req.txt", *rspfile = NULL;
     FILE *fp = NULL;
     char fn[250] = "", rfn[256] = "";
     int f_opt = 0, d_opt = 1;
@@ -945,7 +954,10 @@ int main(int argc, char **argv)
 	if (d_opt)
 	    rqlist = argv[2];
 	else
+	    {
 	    strcpy(fn, argv[2]);
+	    rspfile = argv[3];
+	    }
 	}
     if (d_opt)
 	{ /* list of files (directory) */
@@ -958,8 +970,9 @@ int main(int argc, char **argv)
 	    {
 	    strtok(fn, "\r\n");
 	    strcpy(rfn, fn);
-	    printf("Processing: %s\n", rfn);
-	    if (proc_file(rfn))
+	    if (VERBOSE)
+	    	printf("Processing: %s\n", rfn);
+	    if (proc_file(rfn, rspfile))
 		{
 		printf(">>> Processing failed for: %s <<<\n", rfn);
 		EXIT(1);
@@ -969,8 +982,9 @@ int main(int argc, char **argv)
 	}
     else /* single file */
 	{
-	printf("Processing: %s\n", fn);
-	if (proc_file(fn))
+	if (VERBOSE)
+	    printf("Processing: %s\n", fn);
+	if (proc_file(fn, rspfile))
 	    {
 	    printf(">>> Processing failed for: %s <<<\n", fn);
 	    }
diff --git a/fips-1.0/dsa/fips_dssvs.c b/fips-1.0/dsa/fips_dssvs.c
index 4eec29e761..dd44f057ae 100644
--- a/fips-1.0/dsa/fips_dssvs.c
+++ b/fips-1.0/dsa/fips_dssvs.c
@@ -274,6 +274,122 @@ void pqgver()
 	}
     }
 
+/* Keypair verification routine. NB: this isn't part of the stndard FIPS140-2
+ * algorithm tests. It is an additional test to perform sanity checks on the
+ * output of the KeyPair test.
+ */
+
+static int dss_paramcheck(int nmod, BIGNUM *p, BIGNUM *q, BIGNUM *g,
+							BN_CTX *ctx)
+    {
+    BIGNUM *rem = NULL;
+    if (BN_num_bits(p) != nmod)
+	return 0;
+    if (BN_num_bits(q) != 160)
+	return 0;
+    if (BN_is_prime(p, BN_prime_checks, NULL, NULL, NULL) != 1)
+	return 0;
+    if (BN_is_prime(q, BN_prime_checks, NULL, NULL, NULL) != 1)
+	return 0;
+    rem = BN_new();
+    if (!BN_mod(rem, p, q, ctx) || !BN_is_one(rem)
+    	|| (BN_cmp(g, BN_value_one()) <= 0)
+	|| !BN_mod_exp(rem, g, q, p, ctx) || !BN_is_one(rem))
+	{
+	BN_free(rem);
+	return 0;
+	}
+    BN_free(rem);
+    return 1;
+    }
+
+void keyver()
+    {
+    char buf[1024];
+    char lbuf[1024];
+    char *keyword, *value;
+    BIGNUM *p = NULL, *q = NULL, *g = NULL, *X = NULL, *Y = NULL;
+    BIGNUM *Y2;
+    BN_CTX *ctx = NULL;
+    int nmod=0, paramcheck = 0;
+
+    ctx = BN_CTX_new();
+    Y2 = BN_new();
+
+    while(fgets(buf,sizeof buf,stdin) != NULL)
+	{
+	if (!parse_line(&keyword, &value, lbuf, buf))
+		{
+		fputs(buf,stdout);
+		continue;
+		}
+	if(!strcmp(keyword,"[mod"))
+	    {
+	    if (p)
+		BN_free(p);
+	    p = NULL;
+	    if (q)
+		BN_free(q);
+	    q = NULL;
+	    if (g)
+		BN_free(g);
+	    g = NULL;
+	    paramcheck = 0;
+	    nmod=atoi(value);
+	    }
+	else if(!strcmp(keyword,"P"))
+	    p=hex2bn(value);
+	else if(!strcmp(keyword,"Q"))
+	    q=hex2bn(value);
+	else if(!strcmp(keyword,"G"))
+	    g=hex2bn(value);
+	else if(!strcmp(keyword,"X"))
+	    X=hex2bn(value);
+	else if(!strcmp(keyword,"Y"))
+	    {
+	    Y=hex2bn(value);
+	    if (!p || !q || !g || !X || !Y)
+		{
+		fprintf(stderr, "Parse Error\n");
+		exit (1);
+		}
+	    pbn("P",p);
+	    pbn("Q",q);
+	    pbn("G",g);
+	    pbn("X",X);
+	    pbn("Y",Y);
+	    if (!paramcheck)
+		{
+		if (dss_paramcheck(nmod, p, q, g, ctx))
+			paramcheck = 1;
+		else
+			paramcheck = -1;
+		}
+	    if (paramcheck != 1)
+	   	printf("Result = F\n");
+	    else
+		{
+		if (!BN_mod_exp(Y2, g, X, p, ctx) || BN_cmp(Y2, Y))
+	    		printf("Result = F\n");
+	        else
+	    		printf("Result = T\n");
+		}
+	    BN_free(X);
+	    BN_free(Y);
+	    X = NULL;
+	    Y = NULL;
+	    }
+	}
+	if (p)
+	    BN_free(p);
+	if (q)
+	    BN_free(q);
+	if (g)
+	    BN_free(g);
+	if (Y2)
+	    BN_free(Y2);
+    }
+
 void keypair()
     {
     char buf[1024];
@@ -451,6 +567,8 @@ int main(int argc,char **argv)
 	pqgver();
     else if(!strcmp(argv[1],"keypair"))
 	keypair();
+    else if(!strcmp(argv[1],"keyver"))
+	keyver();
     else if(!strcmp(argv[1],"siggen"))
 	siggen();
     else if(!strcmp(argv[1],"sigver"))