/* fips/rand/fips_drbgvs.c */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ /* ==================================================================== * Copyright (c) 2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * licensing@OpenSSL.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written * permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== */ #define OPENSSL_FIPSAPI #include #ifndef OPENSSL_FIPS #include int main(int argc, char **argv) { printf("No FIPS DRBG support\n"); return(0); } #else #include #include #include #include #include #include #include #include #include "fips_utl.h" static int dparse_md(char *str) { switch(atoi(str + 5)) { case 1: return NID_sha1; case 224: return NID_sha224; case 256: return NID_sha256; case 384: return NID_sha384; case 512: return NID_sha512; } return NID_undef; } static int parse_ec(char *str) { int curve_nid, md_nid; char *md; md = strchr(str, ' '); if (!md) return NID_undef; if (!strncmp(str, "[P-256", 6)) curve_nid = NID_X9_62_prime256v1; else if (!strncmp(str, "[P-384", 6)) curve_nid = NID_secp384r1; else if (!strncmp(str, "[P-521", 6)) curve_nid = NID_secp521r1; else return NID_undef; md_nid = dparse_md(md); if (md_nid == NID_undef) return NID_undef; return (curve_nid << 16) | md_nid; } static int parse_aes(char *str, int *pdf) { if (!strncmp(str + 9, "no", 2)) *pdf = 0; else *pdf = DRBG_FLAG_CTR_USE_DF; switch(atoi(str + 5)) { case 128: return NID_aes_128_ctr; case 192: return NID_aes_192_ctr; case 256: return NID_aes_256_ctr; default: return NID_undef; } } typedef struct { unsigned char *ent; size_t entlen; unsigned char *nonce; size_t noncelen; } TEST_ENT; static size_t test_entropy(DRBG_CTX *dctx, unsigned char **pout, int entropy, size_t min_len, size_t max_len) { TEST_ENT *t = FIPS_drbg_get_app_data(dctx); *pout = (unsigned char *)t->ent; return t->entlen; } static size_t test_nonce(DRBG_CTX *dctx, unsigned char **pout, int entropy, size_t min_len, size_t max_len) { TEST_ENT *t = FIPS_drbg_get_app_data(dctx); *pout = (unsigned char *)t->nonce; return t->noncelen; } #ifdef FIPS_ALGVS int fips_drbgvs_main(int argc,char **argv) #else int main(int argc,char **argv) #endif { FILE *in, *out; DRBG_CTX *dctx = NULL; TEST_ENT t; int r, nid = 0; int pr = 0; char buf[2048], lbuf[2048]; unsigned char randout[2048]; char *keyword = NULL, *value = NULL; unsigned char *ent = NULL, *nonce = NULL, *pers = NULL, *adin = NULL; long entlen, noncelen, perslen, adinlen; int df = 0; enum dtype { DRBG_NONE, DRBG_CTR, DRBG_HASH, DRBG_HMAC, DRBG_DUAL_EC } drbg_type = DRBG_NONE; int randoutlen = 0; int gen = 0; fips_algtest_init(); if (argc == 3) { in = fopen(argv[1], "r"); if (!in) { fprintf(stderr, "Error opening input file\n"); exit(1); } out = fopen(argv[2], "w"); if (!out) { fprintf(stderr, "Error opening output file\n"); exit(1); } } else if (argc == 1) { in = stdin; out = stdout; } else { fprintf(stderr,"%s (infile outfile)\n",argv[0]); exit(1); } while (fgets(buf, sizeof(buf), in) != NULL) { fputs(buf, out); if (drbg_type == DRBG_NONE) { if (strstr(buf, "CTR_DRBG")) drbg_type = DRBG_CTR; else if (strstr(buf, "Hash_DRBG")) drbg_type = DRBG_HASH; else if (strstr(buf, "HMAC_DRBG")) drbg_type = DRBG_HMAC; else if (strstr(buf, "Dual_EC_DRBG")) drbg_type = DRBG_DUAL_EC; else continue; } if (strlen(buf) > 4 && !strncmp(buf, "[SHA-", 5)) { nid = dparse_md(buf); if (nid == NID_undef) exit(1); if (drbg_type == DRBG_HMAC) { switch (nid) { case NID_sha1: nid = NID_hmacWithSHA1; break; case NID_sha224: nid = NID_hmacWithSHA224; break; case NID_sha256: nid = NID_hmacWithSHA256; break; case NID_sha384: nid = NID_hmacWithSHA384; break; case NID_sha512: nid = NID_hmacWithSHA512; break; default: exit(1); } } } if (strlen(buf) > 12 && !strncmp(buf, "[AES-", 5)) { nid = parse_aes(buf, &df); if (nid == NID_undef) exit(1); } if (strlen(buf) > 12 && !strncmp(buf, "[P-", 3)) { nid = parse_ec(buf); if (nid == NID_undef) exit(1); } if (!parse_line(&keyword, &value, lbuf, buf)) continue; if (!strcmp(keyword, "[PredictionResistance")) { if (!strcmp(value, "True]")) pr = 1; else if (!strcmp(value, "False]")) pr = 0; else exit(1); } if (!strcmp(keyword, "EntropyInput")) { ent = hex2bin_m(value, &entlen); t.ent = ent; t.entlen = entlen; } if (!strcmp(keyword, "Nonce")) { nonce = hex2bin_m(value, &noncelen); t.nonce = nonce; t.noncelen = noncelen; } if (!strcmp(keyword, "PersonalizationString")) { pers = hex2bin_m(value, &perslen); if (nid == 0) { fprintf(stderr, "DRBG type not recognised!\n"); exit (1); } dctx = FIPS_drbg_new(nid, df | DRBG_FLAG_TEST); if (!dctx) exit (1); FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0); FIPS_drbg_set_app_data(dctx, &t); randoutlen = (int)FIPS_drbg_get_blocklength(dctx); r = FIPS_drbg_instantiate(dctx, pers, perslen); if (!r) { fprintf(stderr, "Error instantiating DRBG\n"); exit(1); } OPENSSL_free(pers); OPENSSL_free(ent); OPENSSL_free(nonce); ent = nonce = pers = NULL; gen = 0; } if (!strcmp(keyword, "AdditionalInput")) { adin = hex2bin_m(value, &adinlen); if (pr) continue; r = FIPS_drbg_generate(dctx, randout, randoutlen, 0, adin, adinlen); if (!r) { fprintf(stderr, "Error generating DRBG bits\n"); exit(1); } if (!r) exit(1); OPENSSL_free(adin); adin = NULL; gen++; } if (pr) { if (!strcmp(keyword, "EntropyInputPR")) { ent = hex2bin_m(value, &entlen); t.ent = ent; t.entlen = entlen; r = FIPS_drbg_generate(dctx, randout, randoutlen, 1, adin, adinlen); if (!r) { fprintf(stderr, "Error generating DRBG bits\n"); exit(1); } OPENSSL_free(adin); OPENSSL_free(ent); adin = ent = NULL; gen++; } } if (!strcmp(keyword, "EntropyInputReseed")) { ent = hex2bin_m(value, &entlen); t.ent = ent; t.entlen = entlen; } if (!strcmp(keyword, "AdditionalInputReseed")) { adin = hex2bin_m(value, &adinlen); FIPS_drbg_reseed(dctx, adin, adinlen); OPENSSL_free(ent); OPENSSL_free(adin); ent = adin = NULL; } if (gen == 2) { OutputValue("ReturnedBits", randout, randoutlen, out, 0); FIPS_drbg_free(dctx); dctx = NULL; gen = 0; } } return 0; } #endif