/* fips/dh/fips_dhvs.c */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ /* ==================================================================== * Copyright (c) 2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * licensing@OpenSSL.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== */ #define OPENSSL_FIPSAPI #include #ifndef OPENSSL_FIPS #include int main(int argc, char **argv) { printf("No FIPS DH support\n"); return(0); } #else #include #include #include #include #include #include #include #include #include "fips_utl.h" static const EVP_MD *parse_md(char *line) { char *p; if (line[0] != '[' || line[1] != 'F') return NULL; p = strchr(line, '-'); if (!p) return NULL; line = p + 1; p = strchr(line, ']'); if (!p) return NULL; *p = 0; p = line; while(isspace(*p)) p++; if (!strcmp(p, "SHA1")) return EVP_sha1(); else if (!strcmp(p, "SHA224")) return EVP_sha224(); else if (!strcmp(p, "SHA256")) return EVP_sha256(); else if (!strcmp(p, "SHA384")) return EVP_sha384(); else if (!strcmp(p, "SHA512")) return EVP_sha512(); else return NULL; } static void output_Zhash(FILE *out, int exout, DH *dh, BIGNUM *peerkey, const EVP_MD *md, unsigned char *rhash, size_t rhashlen) { unsigned char *Z; unsigned char chash[EVP_MAX_MD_SIZE]; int Zlen; if (rhash == NULL) { rhashlen = M_EVP_MD_size(md); if (!DH_generate_key(dh)) exit (1); do_bn_print_name(out, "YephemIUT", dh->pub_key); if (exout) do_bn_print_name(out, "XephemIUT", dh->priv_key); } Z = OPENSSL_malloc(BN_num_bytes(dh->p)); if (!Z) exit(1); Zlen = DH_compute_key_padded(Z, peerkey, dh); if (exout) OutputValue("Z", Z, Zlen, out, 0); FIPS_digest(Z, Zlen, chash, NULL, md); OutputValue(rhash ? "IUTHashZZ" : "HashZZ", chash, rhashlen, out, 0); if (rhash) { fprintf(out, "Result = %s\n", memcmp(chash, rhash, rhashlen) ? "F" : "P"); } else { BN_clear_free(dh->priv_key); BN_clear_free(dh->pub_key); dh->priv_key = NULL; dh->pub_key = NULL; } OPENSSL_cleanse(Z, Zlen); OPENSSL_free(Z); } #ifdef FIPS_ALGVS int fips_dhvs_main(int argc, char **argv) #else int main(int argc, char **argv) #endif { char **args = argv + 1; int argn = argc - 1; FILE *in, *out; char buf[2048], lbuf[2048]; unsigned char *rhash; long rhashlen; DH *dh = NULL; const EVP_MD *md = NULL; BIGNUM *peerkey = NULL; char *keyword = NULL, *value = NULL; int do_verify = -1, exout = 0; fips_algtest_init(); if (argn && !strcmp(*args, "dhver")) { do_verify = 1; args++; argn--; } else if (argn && !strcmp(*args, "dhgen")) { do_verify = 0; args++; argn--; } if (argn && !strcmp(*args, "-exout")) { exout = 1; args++; argn--; } if (do_verify == -1) { fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]); exit(1); } if (argn == 2) { in = fopen(*args, "r"); if (!in) { fprintf(stderr, "Error opening input file\n"); exit(1); } out = fopen(args[1], "w"); if (!out) { fprintf(stderr, "Error opening output file\n"); exit(1); } } else if (argn == 0) { in = stdin; out = stdout; } else { fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]); exit(1); } dh = FIPS_dh_new(); while (fgets(buf, sizeof(buf), in) != NULL) { fputs(buf, out); if (strlen(buf) > 6 && !strncmp(buf, "[F", 2)) { md = parse_md(buf); if (md == NULL) goto parse_error; if (dh) FIPS_dh_free(dh); dh = FIPS_dh_new(); continue; } if (!parse_line(&keyword, &value, lbuf, buf)) continue; if (!strcmp(keyword, "P")) { if (!do_hex2bn(&dh->p, value)) goto parse_error; } else if (!strcmp(keyword, "Q")) { if (!do_hex2bn(&dh->q, value)) goto parse_error; } else if (!strcmp(keyword, "G")) { if (!do_hex2bn(&dh->g, value)) goto parse_error; } else if (!strcmp(keyword, "XephemIUT")) { if (!do_hex2bn(&dh->priv_key, value)) goto parse_error; } else if (!strcmp(keyword, "YephemIUT")) { if (!do_hex2bn(&dh->pub_key, value)) goto parse_error; } else if (!strcmp(keyword, "YephemCAVS")) { if (!do_hex2bn(&peerkey, value)) goto parse_error; if (do_verify == 0) output_Zhash(out, exout, dh, peerkey, md, NULL, 0); } else if (!strcmp(keyword, "CAVSHashZZ")) { if (!md) goto parse_error; rhash = hex2bin_m(value, &rhashlen); if (!rhash || rhashlen != M_EVP_MD_size(md)) goto parse_error; output_Zhash(out, exout, dh, peerkey, md, rhash, rhashlen); } } if (in && in != stdin) fclose(in); if (out && out != stdout) fclose(out); return 0; parse_error: fprintf(stderr, "Error Parsing request file\n"); return 1; } #endif