From 8b6d0dc2086272c70f13de6a0b944d3b7f6c7ad3 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 3 Jan 2008 13:37:23 +0000 Subject: [PATCH] Backport fixes/updates from 0.9.8-fips to algorithm tests. --- fips-1.0/aes/fips_aesavs.c | 47 +++++++++----- fips-1.0/des/fips_desmovs.c | 42 ++++++++----- fips-1.0/dsa/fips_dssvs.c | 118 ++++++++++++++++++++++++++++++++++++ 3 files changed, 177 insertions(+), 30 deletions(-) diff --git a/fips-1.0/aes/fips_aesavs.c b/fips-1.0/aes/fips_aesavs.c index ac155e926d..af7874970c 100644 --- a/fips-1.0/aes/fips_aesavs.c +++ b/fips-1.0/aes/fips_aesavs.c @@ -82,7 +82,7 @@ int main(int argc, char *argv[]) #define AES_BLOCK_SIZE 16 -#define VERBOSE 1 +#define VERBOSE 0 /*-----------------------------------------------*/ @@ -476,8 +476,10 @@ int do_mct(char *amode, if(j == 0) { /* compensate for wrong endianness of input file */ +#if 0 if(i == 0) ptext[0][0]<<=7; +#endif ret=AESTest(&ctx,amode,akeysz,key[i],iv[i],dir, ptext[j], ctext[j], len); } @@ -694,7 +696,7 @@ static int tidy_line(char *linebuf, char *olinebuf) # Fri Aug 30 04:07:22 PM ----------------------------*/ -int proc_file(char *rqfile) +int proc_file(char *rqfile, char *rspfile) { char afn[256], rfn[256]; FILE *afp = NULL, *rfp = NULL; @@ -725,13 +727,21 @@ int proc_file(char *rqfile) afn, strerror(errno)); return -1; } - strcpy(rfn,afn); - rp=strstr(rfn,"req/"); - assert(rp); - memcpy(rp,"rsp",3); - rp = strstr(rfn, ".req"); - memcpy(rp, ".rsp", 4); - if ((rfp = fopen(rfn, "w")) == NULL) + if (!rspfile) + { + strcpy(rfn,afn); + rp=strstr(rfn,"req/"); +#ifdef OPENSSL_SYS_WIN32 + if (!rp) + rp=strstr(rfn,"req\\"); +#endif + assert(rp); + memcpy(rp,"rsp",3); + rp = strstr(rfn, ".req"); + memcpy(rp, ".rsp", 4); + rspfile = rfn; + } + if ((rfp = fopen(rspfile, "w")) == NULL) { printf("Cannot open file: %s, %s\n", rfn, strerror(errno)); @@ -795,7 +805,8 @@ int proc_file(char *rqfile) strncpy(amode, xp+1, n); amode[n] = '\0'; /* amode[3] = '\0'; */ - printf("Test = %s, Mode = %s\n", atest, amode); + if (VERBOSE) + printf("Test = %s, Mode = %s\n", atest, amode); } else if (strncasecmp(pp, "Key Length : ", 13) == 0) { @@ -947,7 +958,6 @@ int proc_file(char *rqfile) err =1; break; } - PrintValue("CIPHERTEXT", ciphertext, len); if (strcmp(atest, "MCT") == 0) /* Monte Carlo Test */ { @@ -998,7 +1008,7 @@ int proc_file(char *rqfile) --------------------------------------------------*/ int main(int argc, char **argv) { - char *rqlist = "req.txt"; + char *rqlist = "req.txt", *rspfile = NULL; FILE *fp = NULL; char fn[250] = "", rfn[256] = ""; int f_opt = 0, d_opt = 1; @@ -1034,7 +1044,10 @@ int main(int argc, char **argv) if (d_opt) rqlist = argv[2]; else + { strcpy(fn, argv[2]); + rspfile = argv[3]; + } } if (d_opt) { /* list of files (directory) */ @@ -1047,8 +1060,9 @@ int main(int argc, char **argv) { strtok(fn, "\r\n"); strcpy(rfn, fn); - printf("Processing: %s\n", rfn); - if (proc_file(rfn)) + if (VERBOSE) + printf("Processing: %s\n", rfn); + if (proc_file(rfn, rspfile)) { printf(">>> Processing failed for: %s <<<\n", rfn); EXIT(1); @@ -1058,8 +1072,9 @@ int main(int argc, char **argv) } else /* single file */ { - printf("Processing: %s\n", fn); - if (proc_file(fn)) + if (VERBOSE) + printf("Processing: %s\n", fn); + if (proc_file(fn, rspfile)) { printf(">>> Processing failed for: %s <<<\n", fn); } diff --git a/fips-1.0/des/fips_desmovs.c b/fips-1.0/des/fips_desmovs.c index 900e800320..c8df37eed1 100644 --- a/fips-1.0/des/fips_desmovs.c +++ b/fips-1.0/des/fips_desmovs.c @@ -558,7 +558,7 @@ void do_mct(char *amode, } } -int proc_file(char *rqfile) +int proc_file(char *rqfile, char *rspfile) { char afn[256], rfn[256]; FILE *afp = NULL, *rfp = NULL; @@ -588,13 +588,21 @@ int proc_file(char *rqfile) afn, strerror(errno)); return -1; } - strcpy(rfn,afn); - rp=strstr(rfn,"req/"); - assert(rp); - memcpy(rp,"rsp",3); - rp = strstr(rfn, ".req"); - memcpy(rp, ".rsp", 4); - if ((rfp = fopen(rfn, "w")) == NULL) + if (!rspfile) + { + strcpy(rfn,afn); + rp=strstr(rfn,"req/"); +#ifdef OPENSSL_SYS_WIN32 + if (!rp) + rp=strstr(rfn,"req\\"); +#endif + assert(rp); + memcpy(rp,"rsp",3); + rp = strstr(rfn, ".req"); + memcpy(rp, ".rsp", 4); + rspfile = rfn; + } + if ((rfp = fopen(rspfile, "w")) == NULL) { printf("Cannot open file: %s, %s\n", rfn, strerror(errno)); @@ -666,7 +674,8 @@ int proc_file(char *rqfile) strncpy(amode, xp+1, n); amode[n] = '\0'; /* amode[3] = '\0'; */ - printf("Test=%s, Mode=%s\n",atest,amode); + if (VERBOSE) + printf("Test=%s, Mode=%s\n",atest,amode); } } } @@ -909,7 +918,7 @@ int proc_file(char *rqfile) --------------------------------------------------*/ int main(int argc, char **argv) { - char *rqlist = "req.txt"; + char *rqlist = "req.txt", *rspfile = NULL; FILE *fp = NULL; char fn[250] = "", rfn[256] = ""; int f_opt = 0, d_opt = 1; @@ -945,7 +954,10 @@ int main(int argc, char **argv) if (d_opt) rqlist = argv[2]; else + { strcpy(fn, argv[2]); + rspfile = argv[3]; + } } if (d_opt) { /* list of files (directory) */ @@ -958,8 +970,9 @@ int main(int argc, char **argv) { strtok(fn, "\r\n"); strcpy(rfn, fn); - printf("Processing: %s\n", rfn); - if (proc_file(rfn)) + if (VERBOSE) + printf("Processing: %s\n", rfn); + if (proc_file(rfn, rspfile)) { printf(">>> Processing failed for: %s <<<\n", rfn); EXIT(1); @@ -969,8 +982,9 @@ int main(int argc, char **argv) } else /* single file */ { - printf("Processing: %s\n", fn); - if (proc_file(fn)) + if (VERBOSE) + printf("Processing: %s\n", fn); + if (proc_file(fn, rspfile)) { printf(">>> Processing failed for: %s <<<\n", fn); } diff --git a/fips-1.0/dsa/fips_dssvs.c b/fips-1.0/dsa/fips_dssvs.c index 4eec29e761..dd44f057ae 100644 --- a/fips-1.0/dsa/fips_dssvs.c +++ b/fips-1.0/dsa/fips_dssvs.c @@ -274,6 +274,122 @@ void pqgver() } } +/* Keypair verification routine. NB: this isn't part of the stndard FIPS140-2 + * algorithm tests. It is an additional test to perform sanity checks on the + * output of the KeyPair test. + */ + +static int dss_paramcheck(int nmod, BIGNUM *p, BIGNUM *q, BIGNUM *g, + BN_CTX *ctx) + { + BIGNUM *rem = NULL; + if (BN_num_bits(p) != nmod) + return 0; + if (BN_num_bits(q) != 160) + return 0; + if (BN_is_prime(p, BN_prime_checks, NULL, NULL, NULL) != 1) + return 0; + if (BN_is_prime(q, BN_prime_checks, NULL, NULL, NULL) != 1) + return 0; + rem = BN_new(); + if (!BN_mod(rem, p, q, ctx) || !BN_is_one(rem) + || (BN_cmp(g, BN_value_one()) <= 0) + || !BN_mod_exp(rem, g, q, p, ctx) || !BN_is_one(rem)) + { + BN_free(rem); + return 0; + } + BN_free(rem); + return 1; + } + +void keyver() + { + char buf[1024]; + char lbuf[1024]; + char *keyword, *value; + BIGNUM *p = NULL, *q = NULL, *g = NULL, *X = NULL, *Y = NULL; + BIGNUM *Y2; + BN_CTX *ctx = NULL; + int nmod=0, paramcheck = 0; + + ctx = BN_CTX_new(); + Y2 = BN_new(); + + while(fgets(buf,sizeof buf,stdin) != NULL) + { + if (!parse_line(&keyword, &value, lbuf, buf)) + { + fputs(buf,stdout); + continue; + } + if(!strcmp(keyword,"[mod")) + { + if (p) + BN_free(p); + p = NULL; + if (q) + BN_free(q); + q = NULL; + if (g) + BN_free(g); + g = NULL; + paramcheck = 0; + nmod=atoi(value); + } + else if(!strcmp(keyword,"P")) + p=hex2bn(value); + else if(!strcmp(keyword,"Q")) + q=hex2bn(value); + else if(!strcmp(keyword,"G")) + g=hex2bn(value); + else if(!strcmp(keyword,"X")) + X=hex2bn(value); + else if(!strcmp(keyword,"Y")) + { + Y=hex2bn(value); + if (!p || !q || !g || !X || !Y) + { + fprintf(stderr, "Parse Error\n"); + exit (1); + } + pbn("P",p); + pbn("Q",q); + pbn("G",g); + pbn("X",X); + pbn("Y",Y); + if (!paramcheck) + { + if (dss_paramcheck(nmod, p, q, g, ctx)) + paramcheck = 1; + else + paramcheck = -1; + } + if (paramcheck != 1) + printf("Result = F\n"); + else + { + if (!BN_mod_exp(Y2, g, X, p, ctx) || BN_cmp(Y2, Y)) + printf("Result = F\n"); + else + printf("Result = T\n"); + } + BN_free(X); + BN_free(Y); + X = NULL; + Y = NULL; + } + } + if (p) + BN_free(p); + if (q) + BN_free(q); + if (g) + BN_free(g); + if (Y2) + BN_free(Y2); + } + void keypair() { char buf[1024]; @@ -451,6 +567,8 @@ int main(int argc,char **argv) pqgver(); else if(!strcmp(argv[1],"keypair")) keypair(); + else if(!strcmp(argv[1],"keyver")) + keyver(); else if(!strcmp(argv[1],"siggen")) siggen(); else if(!strcmp(argv[1],"sigver")) -- 2.34.1