openssl/fips/rand/fips_drbgvs.c
Dr. Stephen Henson de2132de93 Delete strength parameter from FIPS_drbg_generate. It isn't very useful
(strength can be queried using FIPS_drbg_get_strength ) and adds a
substantial extra overhead to health check (need to check every combination
of parameters).
2011-09-12 13:20:57 +00:00

410 lines
9 KiB
C

/* fips/rand/fips_drbgvs.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#define OPENSSL_FIPSAPI
#include <openssl/opensslconf.h>
#ifndef OPENSSL_FIPS
#include <stdio.h>
int main(int argc, char **argv)
{
printf("No FIPS DRBG support\n");
return(0);
}
#else
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/fips.h>
#include <openssl/fips_rand.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <string.h>
#include <ctype.h>
#include "fips_utl.h"
static int parse_md(char *str)
{
switch(atoi(str + 5))
{
case 1:
return NID_sha1;
case 224:
return NID_sha224;
case 256:
return NID_sha256;
case 384:
return NID_sha384;
case 512:
return NID_sha512;
}
return NID_undef;
}
static int parse_ec(char *str)
{
int curve_nid, md_nid;
char *md;
md = strchr(str, ' ');
if (!md)
return NID_undef;
if (!strncmp(str, "[P-256", 6))
curve_nid = NID_X9_62_prime256v1;
else if (!strncmp(str, "[P-384", 6))
curve_nid = NID_secp384r1;
else if (!strncmp(str, "[P-521", 6))
curve_nid = NID_secp521r1;
else
return NID_undef;
md_nid = parse_md(md);
if (md_nid == NID_undef)
return NID_undef;
return (curve_nid << 16) | md_nid;
}
static int parse_aes(char *str, int *pdf)
{
if (!strncmp(str + 9, "no", 2))
*pdf = 0;
else
*pdf = DRBG_FLAG_CTR_USE_DF;
switch(atoi(str + 5))
{
case 128:
return NID_aes_128_ctr;
case 192:
return NID_aes_192_ctr;
case 256:
return NID_aes_256_ctr;
default:
return NID_undef;
}
}
typedef struct
{
unsigned char *ent;
size_t entlen;
unsigned char *nonce;
size_t noncelen;
} TEST_ENT;
static size_t test_entropy(DRBG_CTX *dctx, unsigned char **pout,
int entropy, size_t min_len, size_t max_len)
{
TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
*pout = (unsigned char *)t->ent;
return t->entlen;
}
static size_t test_nonce(DRBG_CTX *dctx, unsigned char **pout,
int entropy, size_t min_len, size_t max_len)
{
TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
*pout = (unsigned char *)t->nonce;
return t->noncelen;
}
int main(int argc,char **argv)
{
FILE *in, *out;
DRBG_CTX *dctx = NULL;
TEST_ENT t;
int r, nid = 0;
int pr = 0;
char buf[2048], lbuf[2048];
unsigned char randout[2048];
char *keyword = NULL, *value = NULL;
unsigned char *ent = NULL, *nonce = NULL, *pers = NULL, *adin = NULL;
long entlen, noncelen, perslen, adinlen;
int df = 0;
enum dtype { DRBG_NONE, DRBG_CTR, DRBG_HASH, DRBG_HMAC, DRBG_DUAL_EC }
drbg_type = DRBG_NONE;
int randoutlen = 0;
int gen = 0;
fips_algtest_init();
if (argc == 3)
{
in = fopen(argv[1], "r");
if (!in)
{
fprintf(stderr, "Error opening input file\n");
exit(1);
}
out = fopen(argv[2], "w");
if (!out)
{
fprintf(stderr, "Error opening output file\n");
exit(1);
}
}
else if (argc == 1)
{
in = stdin;
out = stdout;
}
else
{
fprintf(stderr,"%s (infile outfile)\n",argv[0]);
exit(1);
}
while (fgets(buf, sizeof(buf), in) != NULL)
{
fputs(buf, out);
if (drbg_type == DRBG_NONE)
{
if (strstr(buf, "CTR_DRBG"))
drbg_type = DRBG_CTR;
else if (strstr(buf, "Hash_DRBG"))
drbg_type = DRBG_HASH;
else if (strstr(buf, "HMAC_DRBG"))
drbg_type = DRBG_HMAC;
else if (strstr(buf, "Dual_EC_DRBG"))
drbg_type = DRBG_DUAL_EC;
else
continue;
}
if (strlen(buf) > 4 && !strncmp(buf, "[SHA-", 5))
{
nid = parse_md(buf);
if (nid == NID_undef)
exit(1);
if (drbg_type == DRBG_HMAC)
{
switch (nid)
{
case NID_sha1:
nid = NID_hmacWithSHA1;
break;
case NID_sha224:
nid = NID_hmacWithSHA224;
break;
case NID_sha256:
nid = NID_hmacWithSHA256;
break;
case NID_sha384:
nid = NID_hmacWithSHA384;
break;
case NID_sha512:
nid = NID_hmacWithSHA512;
break;
default:
exit(1);
}
}
}
if (strlen(buf) > 12 && !strncmp(buf, "[AES-", 5))
{
nid = parse_aes(buf, &df);
if (nid == NID_undef)
exit(1);
}
if (strlen(buf) > 12 && !strncmp(buf, "[P-", 3))
{
nid = parse_ec(buf);
if (nid == NID_undef)
exit(1);
}
if (!parse_line(&keyword, &value, lbuf, buf))
continue;
if (!strcmp(keyword, "[PredictionResistance"))
{
if (!strcmp(value, "True]"))
pr = 1;
else if (!strcmp(value, "False]"))
pr = 0;
else
exit(1);
}
if (!strcmp(keyword, "EntropyInput"))
{
ent = hex2bin_m(value, &entlen);
t.ent = ent;
t.entlen = entlen;
}
if (!strcmp(keyword, "Nonce"))
{
nonce = hex2bin_m(value, &noncelen);
t.nonce = nonce;
t.noncelen = noncelen;
}
if (!strcmp(keyword, "PersonalizationString"))
{
pers = hex2bin_m(value, &perslen);
if (nid == 0)
{
fprintf(stderr, "DRBG type not recognised!\n");
exit (1);
}
dctx = FIPS_drbg_new(nid, df | DRBG_FLAG_TEST);
if (!dctx)
exit (1);
FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0,
test_nonce, 0);
FIPS_drbg_set_app_data(dctx, &t);
randoutlen = (int)FIPS_drbg_get_blocklength(dctx);
r = FIPS_drbg_instantiate(dctx, pers, perslen);
if (!r)
{
fprintf(stderr, "Error instantiating DRBG\n");
exit(1);
}
OPENSSL_free(pers);
OPENSSL_free(ent);
OPENSSL_free(nonce);
ent = nonce = pers = NULL;
gen = 0;
}
if (!strcmp(keyword, "AdditionalInput"))
{
adin = hex2bin_m(value, &adinlen);
if (pr)
continue;
r = FIPS_drbg_generate(dctx, randout, randoutlen, 0,
adin, adinlen);
if (!r)
{
fprintf(stderr, "Error generating DRBG bits\n");
exit(1);
}
if (!r)
exit(1);
OPENSSL_free(adin);
adin = NULL;
gen++;
}
if (pr)
{
if (!strcmp(keyword, "EntropyInputPR"))
{
ent = hex2bin_m(value, &entlen);
t.ent = ent;
t.entlen = entlen;
r = FIPS_drbg_generate(dctx,
randout, randoutlen,
1, adin, adinlen);
if (!r)
{
fprintf(stderr,
"Error generating DRBG bits\n");
exit(1);
}
OPENSSL_free(adin);
OPENSSL_free(ent);
adin = ent = NULL;
gen++;
}
}
if (!strcmp(keyword, "EntropyInputReseed"))
{
ent = hex2bin_m(value, &entlen);
t.ent = ent;
t.entlen = entlen;
}
if (!strcmp(keyword, "AdditionalInputReseed"))
{
adin = hex2bin_m(value, &adinlen);
FIPS_drbg_reseed(dctx, adin, adinlen);
OPENSSL_free(ent);
OPENSSL_free(adin);
ent = adin = NULL;
}
if (gen == 2)
{
OutputValue("ReturnedBits", randout, randoutlen,
out, 0);
FIPS_drbg_free(dctx);
dctx = NULL;
gen = 0;
}
}
return 0;
}
#endif