fips/rand/fips_drbgvs.c

   1 /* fips/rand/fips_drbgvs.c */
   2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
   3  * project.
   4  */
   5 /* ====================================================================
   6  * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted provided that the following conditions
  10  * are met:
  11  *
  12  * 1. Redistributions of source code must retain the above copyright
  13  *    notice, this list of conditions and the following disclaimer.
  14  *
  15  * 2. Redistributions in binary form must reproduce the above copyright
  16  *    notice, this list of conditions and the following disclaimer in
  17  *    the documentation and/or other materials provided with the
  18  *    distribution.
  19  *
  20  * 3. All advertising materials mentioning features or use of this
  21  *    software must display the following acknowledgment:
  22  *    "This product includes software developed by the OpenSSL Project
  23  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  24  *
  25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  26  *    endorse or promote products derived from this software without
  27  *    prior written permission. For written permission, please contact
  28  *    licensing@OpenSSL.org.
  29  *
  30  * 5. Products derived from this software may not be called "OpenSSL"
  31  *    nor may "OpenSSL" appear in their names without prior written
  32  *    permission of the OpenSSL Project.
  33  *
  34  * 6. Redistributions of any form whatsoever must retain the following
  35  *    acknowledgment:
  36  *    "This product includes software developed by the OpenSSL Project
  37  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  38  *
  39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  42  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
  43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  50  * OF THE POSSIBILITY OF SUCH DAMAGE.
  51  * ====================================================================
  52  */
  53
  54
  55 #define OPENSSL_FIPSAPI
  56 #include <openssl/opensslconf.h>
  57
  58 #ifndef OPENSSL_FIPS
  59 #include <stdio.h>
  60
  61 int main(int argc, char **argv)
  62 {
  63     printf("No FIPS DRBG support\n");
  64     return(0);
  65 }
  66 #else
  67
  68 #include <openssl/bn.h>
  69 #include <openssl/dsa.h>
  70 #include <openssl/fips.h>
  71 #include <openssl/fips_rand.h>
  72 #include <openssl/err.h>
  73 #include <openssl/evp.h>
  74 #include <string.h>
  75 #include <ctype.h>
  76
  77 #include "fips_utl.h"
  78
  79 static int parse_md(char *str)
  80         {
  81         switch(atoi(str + 5))
  82                 {
  83                 case 1:
  84                 return NID_sha1;
  85
  86                 case 224:
  87                 return NID_sha224;
  88
  89                 case 256:
  90                 return NID_sha256;
  91
  92                 case 384:
  93                 return NID_sha384;
  94
  95                 case 512:
  96                 return NID_sha512;
  97
  98                 }
  99
 100         return NID_undef;
 101         }
 102
 103 static int parse_aes(char *str, int *pdf)
 104         {
 105
 106         if (!strncmp(str + 9, "no", 2))
 107                 *pdf = 0;
 108         else
 109                 *pdf = DRBG_FLAG_CTR_USE_DF;
 110
 111         switch(atoi(str + 5))
 112                 {
 113                 case 128:
 114                 return NID_aes_128_ctr;
 115
 116                 case 192:
 117                 return NID_aes_192_ctr;
 118
 119                 case 256:
 120                 return NID_aes_256_ctr;
 121
 122                 default:
 123                 return NID_undef;
 124
 125                 }
 126         }
 127
 128 typedef struct
 129         {
 130         unsigned char *ent;
 131         size_t entlen;
 132         unsigned char *nonce;
 133         size_t noncelen;
 134         } TEST_ENT;
 135
 136 static size_t test_entropy(DRBG_CTX *dctx, unsigned char **pout,
 137                                 int entropy, size_t min_len, size_t max_len)
 138         {
 139         TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
 140         *pout = (unsigned char *)t->ent;
 141         return t->entlen;
 142         }
 143
 144 static size_t test_nonce(DRBG_CTX *dctx, unsigned char **pout,
 145                                 int entropy, size_t min_len, size_t max_len)
 146         {
 147         TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
 148         *pout = (unsigned char *)t->nonce;
 149         return t->noncelen;
 150         }
 151
 152
 153
 154 int main(int argc,char **argv)
 155         {
 156         FILE *in, *out;
 157         DRBG_CTX *dctx = NULL;
 158         TEST_ENT t;
 159         int r, nid = 0;
 160         int pr = 0;
 161         char buf[2048], lbuf[2048];
 162         unsigned char randout[2048];
 163         char *keyword = NULL, *value = NULL;
 164
 165         unsigned char *ent = NULL, *nonce = NULL, *pers = NULL, *adin = NULL;
 166         long entlen, noncelen, perslen, adinlen;
 167         int df = 0;
 168
 169         enum dtype { DRBG_NONE, DRBG_CTR, DRBG_HASH, DRBG_HMAC, DRBG_DUAL_EC }
 170                 drbg_type = DRBG_NONE;
 171
 172         int randoutlen = 0;
 173
 174         int gen = 0;
 175
 176         fips_algtest_init();
 177
 178         if (argc == 3)
 179                 {
 180                 in = fopen(argv[1], "r");
 181                 if (!in)
 182                         {
 183                         fprintf(stderr, "Error opening input file\n");
 184                         exit(1);
 185                         }
 186                 out = fopen(argv[2], "w");
 187                 if (!out)
 188                         {
 189                         fprintf(stderr, "Error opening output file\n");
 190                         exit(1);
 191                         }
 192                 }
 193         else if (argc == 1)
 194                 {
 195                 in = stdin;
 196                 out = stdout;
 197                 }
 198         else
 199                 {
 200                 fprintf(stderr,"%s (infile outfile)\n",argv[0]);
 201                 exit(1);
 202                 }
 203
 204         while (fgets(buf, sizeof(buf), in) != NULL)
 205                 {
 206                 fputs(buf, out);
 207                 if (drbg_type == DRBG_NONE)
 208                         {
 209                         if (strstr(buf, "CTR_DRBG"))
 210                                 drbg_type = DRBG_CTR;
 211                         else if (strstr(buf, "Hash_DRBG"))
 212                                 drbg_type = DRBG_HASH;
 213                         else if (strstr(buf, "HMAC_DRBG"))
 214                                 drbg_type = DRBG_HMAC;
 215                         else if (strstr(buf, "Dual_EC_DRBG"))
 216                                 drbg_type = DRBG_DUAL_EC;
 217                         else
 218                                 continue;
 219                         }
 220                 if (strlen(buf) > 4 && !strncmp(buf, "[SHA-", 5))
 221                         {
 222                         nid = parse_md(buf);
 223                         if (nid == NID_undef)
 224                                 exit(1);
 225                         if (drbg_type == DRBG_HMAC)
 226                                 {
 227                                 switch (nid)
 228                                         {
 229                                         case NID_sha1:
 230                                         nid = NID_hmacWithSHA1;
 231                                         break;
 232
 233                                         case NID_sha224:
 234                                         nid = NID_hmacWithSHA224;
 235                                         break;
 236
 237                                         case NID_sha256:
 238                                         nid = NID_hmacWithSHA256;
 239                                         break;
 240
 241                                         case NID_sha384:
 242                                         nid = NID_hmacWithSHA384;
 243                                         break;
 244
 245                                         case NID_sha512:
 246                                         nid = NID_hmacWithSHA512;
 247                                         break;
 248
 249                                         default:
 250                                         exit(1);
 251                                         }
 252                                 }
 253                         }
 254                 if (strlen(buf) > 12 && !strncmp(buf, "[AES-", 5))
 255                         {
 256                         nid = parse_aes(buf, &df);
 257                         if (nid == NID_undef)
 258                                 exit(1);
 259                         }
 260                 if (!parse_line(&keyword, &value, lbuf, buf))
 261                         continue;
 262
 263                 if (!strcmp(keyword, "[PredictionResistance"))
 264                         {
 265                         if (!strcmp(value, "True]"))
 266                                 pr = 1;
 267                         else if (!strcmp(value, "False]"))
 268                                 pr = 0;
 269                         else
 270                                 exit(1);
 271                         }
 272
 273                 if (!strcmp(keyword, "EntropyInput"))
 274                         {
 275                         ent = hex2bin_m(value, &entlen);
 276                         t.ent = ent;
 277                         t.entlen = entlen;
 278                         }
 279
 280                 if (!strcmp(keyword, "Nonce"))
 281                         {
 282                         nonce = hex2bin_m(value, &noncelen);
 283                         t.nonce = nonce;
 284                         t.noncelen = noncelen;
 285                         }
 286
 287                 if (!strcmp(keyword, "PersonalizationString"))
 288                         {
 289                         pers = hex2bin_m(value, &perslen);
 290                         dctx = FIPS_drbg_new(nid, df | DRBG_FLAG_TEST);
 291                         if (!dctx)
 292                                 exit (1);
 293                         FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0,
 294                                                         test_nonce, 0);
 295                         FIPS_drbg_set_app_data(dctx, &t);
 296                         randoutlen = (int)FIPS_drbg_get_blocklength(dctx);
 297                         r = FIPS_drbg_instantiate(dctx, pers, perslen);
 298                         if (!r)
 299                                 {
 300                                 fprintf(stderr, "Error instantiating DRBG\n");
 301                                 exit(1);
 302                                 }
 303                         OPENSSL_free(pers);
 304                         OPENSSL_free(ent);
 305                         OPENSSL_free(nonce);
 306                         ent = nonce = pers = NULL;
 307                         gen = 0;
 308                         }
 309
 310                 if (!strcmp(keyword, "AdditionalInput"))
 311                         {
 312                         adin = hex2bin_m(value, &adinlen);
 313                         if (pr)
 314                                 continue;
 315                         r = FIPS_drbg_generate(dctx, randout, randoutlen, 0, 0,
 316                                                                 adin, adinlen);
 317                         if (!r)
 318                                 {
 319                                 fprintf(stderr, "Error generating DRBG bits\n");
 320                                 exit(1);
 321                                 }
 322                         if (!r)
 323                                 exit(1);
 324                         OPENSSL_free(adin);
 325                         adin = NULL;
 326                         gen++;
 327                         }
 328
 329                 if (pr)
 330                         {
 331                         if (!strcmp(keyword, "EntropyInputPR"))
 332                                 {
 333                                 ent = hex2bin_m(value, &entlen);
 334                                 t.ent = ent;
 335                                 t.entlen = entlen;
 336                                 r = FIPS_drbg_generate(dctx,
 337                                                         randout, randoutlen,
 338                                                         0, 1, adin, adinlen);
 339                                 if (!r)
 340                                         {
 341                                         fprintf(stderr,
 342                                                 "Error generating DRBG bits\n");
 343                                         exit(1);
 344                                         }
 345                                 OPENSSL_free(adin);
 346                                 OPENSSL_free(ent);
 347                                 adin = ent = NULL;
 348                                 gen++;
 349                                 }
 350                         }
 351                 if (!strcmp(keyword, "EntropyInputReseed"))
 352                         {
 353                         ent = hex2bin_m(value, &entlen);
 354                         t.ent = ent;
 355                         t.entlen = entlen;
 356                         }
 357                 if (!strcmp(keyword, "AdditionalInputReseed"))
 358                         {
 359                         adin = hex2bin_m(value, &adinlen);
 360                         FIPS_drbg_reseed(dctx, adin, adinlen);
 361                         OPENSSL_free(ent);
 362                         OPENSSL_free(adin);
 363                         ent = adin = NULL;
 364                         }
 365                 if (gen == 2)
 366                         {
 367                         OutputValue("ReturnedBits", randout, randoutlen,
 368                                                                         out, 0);
 369                         FIPS_drbg_free(dctx);
 370                         dctx = NULL;
 371                         gen = 0;
 372                         }
 373
 374                 }
 375         return 0;
 376         }
 377
 378 #endif