diff options
Diffstat (limited to 'fips/dh/fips_dhvs.c')
| -rw-r--r-- | fips/dh/fips_dhvs.c | 292 |
1 files changed, 0 insertions, 292 deletions
diff --git a/fips/dh/fips_dhvs.c b/fips/dh/fips_dhvs.c deleted file mode 100644 index 0fb52f79a4..0000000000 --- a/fips/dh/fips_dhvs.c +++ /dev/null @@ -1,292 +0,0 @@ -/* fips/dh/fips_dhvs.c */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ -/* ==================================================================== - * Copyright (c) 2011 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - - -#define OPENSSL_FIPSAPI -#include <openssl/opensslconf.h> - -#ifndef OPENSSL_FIPS -#include <stdio.h> - -int main(int argc, char **argv) -{ - printf("No FIPS DH support\n"); - return(0); -} -#else - -#include <openssl/crypto.h> -#include <openssl/bn.h> -#include <openssl/dh.h> -#include <openssl/fips.h> -#include <openssl/err.h> -#include <openssl/evp.h> -#include <string.h> -#include <ctype.h> - -#include "fips_utl.h" - -static const EVP_MD *parse_md(char *line) - { - char *p; - if (line[0] != '[' || line[1] != 'F') - return NULL; - p = strchr(line, '-'); - if (!p) - return NULL; - line = p + 1; - p = strchr(line, ']'); - if (!p) - return NULL; - *p = 0; - p = line; - while(isspace(*p)) - p++; - if (!strcmp(p, "SHA1")) - return EVP_sha1(); - else if (!strcmp(p, "SHA224")) - return EVP_sha224(); - else if (!strcmp(p, "SHA256")) - return EVP_sha256(); - else if (!strcmp(p, "SHA384")) - return EVP_sha384(); - else if (!strcmp(p, "SHA512")) - return EVP_sha512(); - else - return NULL; - } - -static void output_Zhash(FILE *out, int exout, - DH *dh, BIGNUM *peerkey, const EVP_MD *md, - unsigned char *rhash, size_t rhashlen) - { - unsigned char *Z; - unsigned char chash[EVP_MAX_MD_SIZE]; - int Zlen; - if (rhash == NULL) - { - rhashlen = M_EVP_MD_size(md); - if (!DH_generate_key(dh)) - exit (1); - do_bn_print_name(out, "YephemIUT", dh->pub_key); - if (exout) - do_bn_print_name(out, "XephemIUT", dh->priv_key); - } - Z = OPENSSL_malloc(BN_num_bytes(dh->p)); - if (!Z) - exit(1); - Zlen = DH_compute_key_padded(Z, peerkey, dh); - if (exout) - OutputValue("Z", Z, Zlen, out, 0); - FIPS_digest(Z, Zlen, chash, NULL, md); - OutputValue(rhash ? "IUTHashZZ" : "HashZZ", chash, rhashlen, out, 0); - if (rhash) - { - fprintf(out, "Result = %s\n", - memcmp(chash, rhash, rhashlen) ? "F" : "P"); - } - else - { - BN_clear_free(dh->priv_key); - BN_clear_free(dh->pub_key); - dh->priv_key = NULL; - dh->pub_key = NULL; - } - OPENSSL_cleanse(Z, Zlen); - OPENSSL_free(Z); - } - -#ifdef FIPS_ALGVS -int fips_dhvs_main(int argc, char **argv) -#else -int main(int argc, char **argv) -#endif - { - char **args = argv + 1; - int argn = argc - 1; - FILE *in, *out; - char buf[2048], lbuf[2048]; - unsigned char *rhash; - long rhashlen; - DH *dh = NULL; - const EVP_MD *md = NULL; - BIGNUM *peerkey = NULL; - char *keyword = NULL, *value = NULL; - int do_verify = -1, exout = 0; - - fips_algtest_init(); - - if (argn && !strcmp(*args, "dhver")) - { - do_verify = 1; - args++; - argn--; - } - else if (argn && !strcmp(*args, "dhgen")) - { - do_verify = 0; - args++; - argn--; - } - - if (argn && !strcmp(*args, "-exout")) - { - exout = 1; - args++; - argn--; - } - - if (do_verify == -1) - { - fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]); - exit(1); - } - - if (argn == 2) - { - in = fopen(*args, "r"); - if (!in) - { - fprintf(stderr, "Error opening input file\n"); - exit(1); - } - out = fopen(args[1], "w"); - if (!out) - { - fprintf(stderr, "Error opening output file\n"); - exit(1); - } - } - else if (argn == 0) - { - in = stdin; - out = stdout; - } - else - { - fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]); - exit(1); - } - - dh = FIPS_dh_new(); - - while (fgets(buf, sizeof(buf), in) != NULL) - { - fputs(buf, out); - if (strlen(buf) > 6 && !strncmp(buf, "[F", 2)) - { - md = parse_md(buf); - if (md == NULL) - goto parse_error; - if (dh) - FIPS_dh_free(dh); - dh = FIPS_dh_new(); - continue; - } - if (!parse_line(&keyword, &value, lbuf, buf)) - continue; - if (!strcmp(keyword, "P")) - { - if (!do_hex2bn(&dh->p, value)) - goto parse_error; - } - else if (!strcmp(keyword, "Q")) - { - if (!do_hex2bn(&dh->q, value)) - goto parse_error; - } - else if (!strcmp(keyword, "G")) - { - if (!do_hex2bn(&dh->g, value)) - goto parse_error; - } - else if (!strcmp(keyword, "XephemIUT")) - { - if (!do_hex2bn(&dh->priv_key, value)) - goto parse_error; - } - else if (!strcmp(keyword, "YephemIUT")) - { - if (!do_hex2bn(&dh->pub_key, value)) - goto parse_error; - } - else if (!strcmp(keyword, "YephemCAVS")) - { - if (!do_hex2bn(&peerkey, value)) - goto parse_error; - if (do_verify == 0) - output_Zhash(out, exout, dh, peerkey, md, - NULL, 0); - } - else if (!strcmp(keyword, "CAVSHashZZ")) - { - if (!md) - goto parse_error; - rhash = hex2bin_m(value, &rhashlen); - if (!rhash || rhashlen != M_EVP_MD_size(md)) - goto parse_error; - output_Zhash(out, exout, dh, peerkey, md, - rhash, rhashlen); - } - } - if (in && in != stdin) - fclose(in); - if (out && out != stdout) - fclose(out); - return 0; - parse_error: - fprintf(stderr, "Error Parsing request file\n"); - exit(1); - } - -#endif |