|  | /* fips/rand/fips_drbgvs.c */ | 
|  | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 
|  | * project. | 
|  | */ | 
|  | /* ==================================================================== | 
|  | * Copyright (c) 2011 The OpenSSL Project.  All rights reserved. | 
|  | * | 
|  | * Redistribution and use in source and binary forms, with or without | 
|  | * modification, are permitted provided that the following conditions | 
|  | * are met: | 
|  | * | 
|  | * 1. Redistributions of source code must retain the above copyright | 
|  | *    notice, this list of conditions and the following disclaimer. | 
|  | * | 
|  | * 2. Redistributions in binary form must reproduce the above copyright | 
|  | *    notice, this list of conditions and the following disclaimer in | 
|  | *    the documentation and/or other materials provided with the | 
|  | *    distribution. | 
|  | * | 
|  | * 3. All advertising materials mentioning features or use of this | 
|  | *    software must display the following acknowledgment: | 
|  | *    "This product includes software developed by the OpenSSL Project | 
|  | *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | 
|  | * | 
|  | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | 
|  | *    endorse or promote products derived from this software without | 
|  | *    prior written permission. For written permission, please contact | 
|  | *    licensing@OpenSSL.org. | 
|  | * | 
|  | * 5. Products derived from this software may not be called "OpenSSL" | 
|  | *    nor may "OpenSSL" appear in their names without prior written | 
|  | *    permission of the OpenSSL Project. | 
|  | * | 
|  | * 6. Redistributions of any form whatsoever must retain the following | 
|  | *    acknowledgment: | 
|  | *    "This product includes software developed by the OpenSSL Project | 
|  | *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | 
|  | * | 
|  | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | 
|  | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 
|  | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | 
|  | * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR | 
|  | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | 
|  | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 
|  | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | 
|  | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 
|  | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | 
|  | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | 
|  | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 
|  | * OF THE POSSIBILITY OF SUCH DAMAGE. | 
|  | * ==================================================================== | 
|  | */ | 
|  |  | 
|  |  | 
|  | #define OPENSSL_FIPSAPI | 
|  | #include <openssl/opensslconf.h> | 
|  |  | 
|  | #ifndef OPENSSL_FIPS | 
|  | #include <stdio.h> | 
|  |  | 
|  | int main(int argc, char **argv) | 
|  | { | 
|  | printf("No FIPS DRBG support\n"); | 
|  | return(0); | 
|  | } | 
|  | #else | 
|  |  | 
|  | #include <openssl/bn.h> | 
|  | #include <openssl/dsa.h> | 
|  | #include <openssl/fips.h> | 
|  | #include <openssl/fips_rand.h> | 
|  | #include <openssl/err.h> | 
|  | #include <openssl/evp.h> | 
|  | #include <string.h> | 
|  | #include <ctype.h> | 
|  |  | 
|  | #include "fips_utl.h" | 
|  |  | 
|  | static int dparse_md(char *str) | 
|  | { | 
|  | switch(atoi(str + 5)) | 
|  | { | 
|  | case 1: | 
|  | return NID_sha1; | 
|  |  | 
|  | case 224: | 
|  | return NID_sha224; | 
|  |  | 
|  | case 256: | 
|  | return NID_sha256; | 
|  |  | 
|  | case 384: | 
|  | return NID_sha384; | 
|  |  | 
|  | case 512: | 
|  | return NID_sha512; | 
|  |  | 
|  | } | 
|  |  | 
|  | return NID_undef; | 
|  | } | 
|  |  | 
|  | static int parse_ec(char *str) | 
|  | { | 
|  | int curve_nid, md_nid; | 
|  | char *md; | 
|  | md = strchr(str, ' '); | 
|  | if (!md) | 
|  | return NID_undef; | 
|  | if (!strncmp(str, "[P-256", 6)) | 
|  | curve_nid = NID_X9_62_prime256v1; | 
|  | else if (!strncmp(str, "[P-384", 6)) | 
|  | curve_nid = NID_secp384r1; | 
|  | else if (!strncmp(str, "[P-521", 6)) | 
|  | curve_nid = NID_secp521r1; | 
|  | else | 
|  | return NID_undef; | 
|  | md_nid = dparse_md(md); | 
|  | if (md_nid == NID_undef) | 
|  | return NID_undef; | 
|  | return (curve_nid << 16) | md_nid; | 
|  | } | 
|  |  | 
|  | static int parse_aes(char *str, int *pdf) | 
|  | { | 
|  |  | 
|  | if (!strncmp(str + 9, "no", 2)) | 
|  | *pdf = 0; | 
|  | else | 
|  | *pdf = DRBG_FLAG_CTR_USE_DF; | 
|  |  | 
|  | switch(atoi(str + 5)) | 
|  | { | 
|  | case 128: | 
|  | return NID_aes_128_ctr; | 
|  |  | 
|  | case 192: | 
|  | return NID_aes_192_ctr; | 
|  |  | 
|  | case 256: | 
|  | return NID_aes_256_ctr; | 
|  |  | 
|  | default: | 
|  | return NID_undef; | 
|  |  | 
|  | } | 
|  | } | 
|  |  | 
|  | typedef struct | 
|  | { | 
|  | unsigned char *ent; | 
|  | size_t entlen; | 
|  | unsigned char *nonce; | 
|  | size_t noncelen; | 
|  | } TEST_ENT; | 
|  |  | 
|  | static size_t test_entropy(DRBG_CTX *dctx, unsigned char **pout, | 
|  | int entropy, size_t min_len, size_t max_len) | 
|  | { | 
|  | TEST_ENT *t = FIPS_drbg_get_app_data(dctx); | 
|  | *pout = (unsigned char *)t->ent; | 
|  | return t->entlen; | 
|  | } | 
|  |  | 
|  | static size_t test_nonce(DRBG_CTX *dctx, unsigned char **pout, | 
|  | int entropy, size_t min_len, size_t max_len) | 
|  | { | 
|  | TEST_ENT *t = FIPS_drbg_get_app_data(dctx); | 
|  | *pout = (unsigned char *)t->nonce; | 
|  | return t->noncelen; | 
|  | } | 
|  |  | 
|  | #ifdef FIPS_ALGVS | 
|  | int fips_drbgvs_main(int argc,char **argv) | 
|  | #else | 
|  | int main(int argc,char **argv) | 
|  | #endif | 
|  | { | 
|  | FILE *in = NULL, *out = NULL; | 
|  | DRBG_CTX *dctx = NULL; | 
|  | TEST_ENT t; | 
|  | int r, nid = 0; | 
|  | int pr = 0; | 
|  | char buf[2048], lbuf[2048]; | 
|  | unsigned char randout[2048]; | 
|  | char *keyword = NULL, *value = NULL; | 
|  |  | 
|  | unsigned char *ent = NULL, *nonce = NULL, *pers = NULL, *adin = NULL; | 
|  | long entlen, noncelen, perslen, adinlen; | 
|  | int df = 0; | 
|  |  | 
|  | enum dtype { DRBG_NONE, DRBG_CTR, DRBG_HASH, DRBG_HMAC, DRBG_DUAL_EC } | 
|  | drbg_type = DRBG_NONE; | 
|  |  | 
|  | int randoutlen = 0; | 
|  |  | 
|  | int gen = 0; | 
|  |  | 
|  | fips_algtest_init(); | 
|  |  | 
|  | if (argc == 3) | 
|  | { | 
|  | in = fopen(argv[1], "r"); | 
|  | if (!in) | 
|  | { | 
|  | fprintf(stderr, "Error opening input file\n"); | 
|  | exit(1); | 
|  | } | 
|  | out = fopen(argv[2], "w"); | 
|  | if (!out) | 
|  | { | 
|  | fprintf(stderr, "Error opening output file\n"); | 
|  | exit(1); | 
|  | } | 
|  | } | 
|  | else if (argc == 1) | 
|  | { | 
|  | in = stdin; | 
|  | out = stdout; | 
|  | } | 
|  | else | 
|  | { | 
|  | fprintf(stderr,"%s (infile outfile)\n",argv[0]); | 
|  | exit(1); | 
|  | } | 
|  |  | 
|  | while (fgets(buf, sizeof(buf), in) != NULL) | 
|  | { | 
|  | fputs(buf, out); | 
|  | if (drbg_type == DRBG_NONE) | 
|  | { | 
|  | if (strstr(buf, "CTR_DRBG")) | 
|  | drbg_type = DRBG_CTR; | 
|  | else if (strstr(buf, "Hash_DRBG")) | 
|  | drbg_type = DRBG_HASH; | 
|  | else if (strstr(buf, "HMAC_DRBG")) | 
|  | drbg_type = DRBG_HMAC; | 
|  | else if (strstr(buf, "Dual_EC_DRBG")) | 
|  | drbg_type = DRBG_DUAL_EC; | 
|  | else | 
|  | continue; | 
|  | } | 
|  | if (strlen(buf) > 4 && !strncmp(buf, "[SHA-", 5)) | 
|  | { | 
|  | nid = dparse_md(buf); | 
|  | if (nid == NID_undef) | 
|  | exit(1); | 
|  | if (drbg_type == DRBG_HMAC) | 
|  | { | 
|  | switch (nid) | 
|  | { | 
|  | case NID_sha1: | 
|  | nid = NID_hmacWithSHA1; | 
|  | break; | 
|  |  | 
|  | case NID_sha224: | 
|  | nid = NID_hmacWithSHA224; | 
|  | break; | 
|  |  | 
|  | case NID_sha256: | 
|  | nid = NID_hmacWithSHA256; | 
|  | break; | 
|  |  | 
|  | case NID_sha384: | 
|  | nid = NID_hmacWithSHA384; | 
|  | break; | 
|  |  | 
|  | case NID_sha512: | 
|  | nid = NID_hmacWithSHA512; | 
|  | break; | 
|  |  | 
|  | default: | 
|  | exit(1); | 
|  | } | 
|  | } | 
|  | } | 
|  | if (strlen(buf) > 12 && !strncmp(buf, "[AES-", 5)) | 
|  | { | 
|  | nid = parse_aes(buf, &df); | 
|  | if (nid == NID_undef) | 
|  | exit(1); | 
|  | } | 
|  | if (strlen(buf) > 12 && !strncmp(buf, "[P-", 3)) | 
|  | { | 
|  | nid = parse_ec(buf); | 
|  | if (nid == NID_undef) | 
|  | exit(1); | 
|  | } | 
|  | if (!parse_line(&keyword, &value, lbuf, buf)) | 
|  | continue; | 
|  |  | 
|  | if (!strcmp(keyword, "[PredictionResistance")) | 
|  | { | 
|  | if (!strcmp(value, "True]")) | 
|  | pr = 1; | 
|  | else if (!strcmp(value, "False]")) | 
|  | pr = 0; | 
|  | else | 
|  | exit(1); | 
|  | } | 
|  |  | 
|  | if (!strcmp(keyword, "EntropyInput")) | 
|  | { | 
|  | ent = hex2bin_m(value, &entlen); | 
|  | t.ent = ent; | 
|  | t.entlen = entlen; | 
|  | } | 
|  |  | 
|  | if (!strcmp(keyword, "Nonce")) | 
|  | { | 
|  | nonce = hex2bin_m(value, &noncelen); | 
|  | t.nonce = nonce; | 
|  | t.noncelen = noncelen; | 
|  | } | 
|  |  | 
|  | if (!strcmp(keyword, "PersonalizationString")) | 
|  | { | 
|  | pers = hex2bin_m(value, &perslen); | 
|  | if (nid == 0) | 
|  | { | 
|  | fprintf(stderr, "DRBG type not recognised!\n"); | 
|  | exit (1); | 
|  | } | 
|  | dctx = FIPS_drbg_new(nid, df | DRBG_FLAG_TEST); | 
|  | if (!dctx) | 
|  | exit (1); | 
|  | FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, | 
|  | test_nonce, 0); | 
|  | FIPS_drbg_set_app_data(dctx, &t); | 
|  | randoutlen = (int)FIPS_drbg_get_blocklength(dctx); | 
|  | r = FIPS_drbg_instantiate(dctx, pers, perslen); | 
|  | if (!r) | 
|  | { | 
|  | fprintf(stderr, "Error instantiating DRBG\n"); | 
|  | exit(1); | 
|  | } | 
|  | OPENSSL_free(pers); | 
|  | OPENSSL_free(ent); | 
|  | OPENSSL_free(nonce); | 
|  | ent = nonce = pers = NULL; | 
|  | gen = 0; | 
|  | } | 
|  |  | 
|  | if (!strcmp(keyword, "AdditionalInput")) | 
|  | { | 
|  | adin = hex2bin_m(value, &adinlen); | 
|  | if (pr) | 
|  | continue; | 
|  | r = FIPS_drbg_generate(dctx, randout, randoutlen, 0, | 
|  | adin, adinlen); | 
|  | if (!r) | 
|  | { | 
|  | fprintf(stderr, "Error generating DRBG bits\n"); | 
|  | exit(1); | 
|  | } | 
|  | if (!r) | 
|  | exit(1); | 
|  | OPENSSL_free(adin); | 
|  | adin = NULL; | 
|  | gen++; | 
|  | } | 
|  |  | 
|  | if (pr) | 
|  | { | 
|  | if (!strcmp(keyword, "EntropyInputPR")) | 
|  | { | 
|  | ent = hex2bin_m(value, &entlen); | 
|  | t.ent = ent; | 
|  | t.entlen = entlen; | 
|  | r = FIPS_drbg_generate(dctx, | 
|  | randout, randoutlen, | 
|  | 1, adin, adinlen); | 
|  | if (!r) | 
|  | { | 
|  | fprintf(stderr, | 
|  | "Error generating DRBG bits\n"); | 
|  | exit(1); | 
|  | } | 
|  | OPENSSL_free(adin); | 
|  | OPENSSL_free(ent); | 
|  | adin = ent = NULL; | 
|  | gen++; | 
|  | } | 
|  | } | 
|  | if (!strcmp(keyword, "EntropyInputReseed")) | 
|  | { | 
|  | ent = hex2bin_m(value, &entlen); | 
|  | t.ent = ent; | 
|  | t.entlen = entlen; | 
|  | } | 
|  | if (!strcmp(keyword, "AdditionalInputReseed")) | 
|  | { | 
|  | adin = hex2bin_m(value, &adinlen); | 
|  | FIPS_drbg_reseed(dctx, adin, adinlen); | 
|  | OPENSSL_free(ent); | 
|  | OPENSSL_free(adin); | 
|  | ent = adin = NULL; | 
|  | } | 
|  | if (gen == 2) | 
|  | { | 
|  | OutputValue("ReturnedBits", randout, randoutlen, | 
|  | out, 0); | 
|  | FIPS_drbg_free(dctx); | 
|  | dctx = NULL; | 
|  | gen = 0; | 
|  | } | 
|  |  | 
|  | } | 
|  | if (in && in != stdin) | 
|  | fclose(in); | 
|  | if (out && out != stdout) | 
|  | fclose(out); | 
|  | return 0; | 
|  | } | 
|  |  | 
|  | #endif |