From c1efb6705fbd82f426d9e765c75ad1247f33a4d8 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 3 May 2005 17:07:56 +0000 Subject: [PATCH] Preliminary FIPS hmac test program. --- fips/hmac/Makefile | 2 +- fips/hmac/fips_hmactest.c | 311 ++++++++++++++++++++++++++++++++++++++ test/Makefile | 13 +- 3 files changed, 322 insertions(+), 4 deletions(-) create mode 100644 fips/hmac/fips_hmactest.c diff --git a/fips/hmac/Makefile b/fips/hmac/Makefile index aba7dc4732..cf2a482065 100644 --- a/fips/hmac/Makefile +++ b/fips/hmac/Makefile @@ -18,7 +18,7 @@ AR= ar r CFLAGS= $(INCLUDES) $(CFLAG) GENERAL=Makefile -TEST= +TEST=fips_hmactest.c APPS= LIB=$(TOP)/libcrypto.a diff --git a/fips/hmac/fips_hmactest.c b/fips/hmac/fips_hmactest.c new file mode 100644 index 0000000000..de50129e1b --- /dev/null +++ b/fips/hmac/fips_hmactest.c @@ -0,0 +1,311 @@ +/* fips_hmactest.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 2005. + */ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +static int hmac_test(BIO *err, BIO *out, BIO *in); +static int print_hmac(BIO *err, BIO *out, + unsigned char *Key, int Klen, + unsigned char *Msg, int Msglen, int Tlen); + +int main(int argc, char **argv) + { + BIO *in = NULL, *out = NULL, *err = NULL; + + int ret = 1; + ERR_load_crypto_strings(); + + err = BIO_new_fp(stderr, BIO_NOCLOSE); + + if (!err) + { + fprintf(stderr, "FATAL stderr initialization error\n"); + goto end; + } + +#ifdef OPENSSL_FIPS + if(!FIPS_mode_set(1,argv[0])) + { + ERR_print_errors(err); + goto end; + } +#endif + + if (argc == 1) + in = BIO_new_fp(stdin, BIO_NOCLOSE); + else + in = BIO_new_file(argv[1], "r"); + + if (argc < 2) + out = BIO_new_fp(stdout, BIO_NOCLOSE); + else + out = BIO_new_file(argv[2], "w"); + + if (!in) + { + BIO_printf(err, "FATAL input initialization error\n"); + goto end; + } + + if (!out) + { + fprintf(stderr, "FATAL output initialization error\n"); + goto end; + } + + if (!hmac_test(err, out, in)) + { + fprintf(stderr, "FATAL hmac file processing error\n"); + goto end; + } + else + ret = 0; + + end: + + if (ret && err) + ERR_print_errors(err); + + if (in) + BIO_free(in); + if (out) + BIO_free(out); + if (err) + BIO_free(err); + + return ret; + + } + +#define HMAC_TEST_MAXLINELEN 1024 + +int hmac_test(BIO *err, BIO *out, BIO *in) + { + char *linebuf, *olinebuf, *p, *q; + char *keyword, *value; + unsigned char *Key = NULL, *Msg = NULL; + int Count, Klen, Tlen, have_key, have_mesg; + long Keylen, Msglen; + int ret = 0; + int lnum = 0; + + olinebuf = OPENSSL_malloc(HMAC_TEST_MAXLINELEN); + linebuf = OPENSSL_malloc(HMAC_TEST_MAXLINELEN); + + if (!linebuf || !olinebuf) + goto error; + + Count = -1; + Klen = -1; + Tlen = -1; + have_key = 0; + have_mesg = 0; + + while (BIO_gets(in, olinebuf, HMAC_TEST_MAXLINELEN) > 0) + { + lnum++; + strcpy(linebuf, olinebuf); + keyword = linebuf; + /* Skip leading space */ + while (isspace((unsigned char)*keyword)) + keyword++; + + /* Look for = sign */ + p = strchr(linebuf, '='); + + /* If no = or starts with [ (for [L=20] line) just copy */ + if (!p || *keyword=='[') + { + if (!BIO_puts(out, olinebuf)) + goto error; + continue; + } + + q = p - 1; + + /* Remove trailing space */ + while (isspace((unsigned char)*q)) + *q-- = 0; + + + value = p + 1; + + /* Remove leading space from value */ + while (isspace((unsigned char)*value)) + value++; + + /* Remove trailing space from value */ + p = value + strlen(value) - 1; + + while (*p == '\n' || isspace((unsigned char)*p)) + *p-- = 0; + + if (!strcmp(keyword, "Count")) + { + if (Count != -1) + goto parse_error; + Count = atoi(value); + if (Count < 0) + goto parse_error; + } + else if (!strcmp(keyword, "Klen")) + { + if (Klen != -1) + goto parse_error; + Klen = atoi(value); + if (Klen < 0) + goto parse_error; + } + else if (!strcmp(keyword, "Tlen")) + { + if (Tlen != -1) + goto parse_error; + Tlen = atoi(value); + if (Tlen < 0) + goto parse_error; + } + else if (!strcmp(keyword, "Msg")) + { + if (Msg) + goto parse_error; + Msg = string_to_hex(value, &Msglen); + } + else if (!strcmp(keyword, "Key")) + { + if (Key) + goto parse_error; + Key = string_to_hex(value, &Keylen); + } + else if (!strcmp(keyword, "Mac")) + continue; + else + goto parse_error; + + BIO_puts(out, olinebuf); + + if (Key && Msg && (Tlen > 0) && (Klen > 0)) + { + if (!print_hmac(err, out, Key, Klen, Msg, Msglen, Tlen)) + goto error; + OPENSSL_free(Key); + Key = NULL; + OPENSSL_free(Msg); + Msg = NULL; + Klen = -1; + Tlen = -1; + Count = -1; + } + + } + + + ret = 1; + + + error: + + if (olinebuf) + OPENSSL_free(olinebuf); + if (linebuf) + OPENSSL_free(linebuf); + if (Key) + OPENSSL_free(Key); + if (Msg) + OPENSSL_free(Msg); + + return ret; + + parse_error: + + BIO_printf(err, "FATAL parse error processing line %d\n", lnum); + + goto error; + + } + +static int print_hmac(BIO *err, BIO *out, + unsigned char *Key, int Klen, + unsigned char *Msg, int Msglen, int Tlen) + { + unsigned int i, mdlen; + unsigned char md[EVP_MAX_MD_SIZE]; + if (!HMAC(EVP_sha1(), Key, Klen, Msg, Msglen, md, &mdlen)) + { + BIO_puts(err, "Error calculating HMAC\n"); + return 0; + } + if (Tlen > mdlen) + { + BIO_puts(err, "Parameter error, Tlen > HMAC length\n"); + return 0; + } + BIO_puts(out, "Mac = "); + for (i = 0; i < Tlen; i++) + BIO_printf(out, "%02x", md[i]); + BIO_puts(out, "\n"); + return 1; + } + + diff --git a/test/Makefile b/test/Makefile index 8f60f3c1d5..cd7e57d13e 100644 --- a/test/Makefile +++ b/test/Makefile @@ -64,6 +64,7 @@ RSATEST= rsa_test ENGINETEST= enginetest EVPTEST= evp_test FIPS_AESTEST= fips_aesavs +FIPS_HMACTEST= fips_hmactest TESTS= alltests @@ -72,7 +73,7 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(IDEATEST)$(EXE_EXT) $(MD2TEST)$(E $(DESTEST)$(EXE_EXT) $(FIPS_DESTEST)$(EXE_EXT) $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(FIPS_SHA1TEST)$(EXE_EXT) $(MDC2TEST)$(EXE_EXT) $(RMDTEST)$(EXE_EXT) \ $(RANDTEST)$(EXE_EXT) $(FIPS_RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \ $(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(FIPS_DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \ - $(EVPTEST)$(EXE_EXT) $(FIPS_AESTEST)$(EXE_EXT) + $(EVPTEST)$(EXE_EXT) $(FIPS_AESTEST)$(EXE_EXT) $(FIPS_HMACTEST)$(EXE_EXT) # $(METHTEST)$(EXE_EXT) @@ -82,14 +83,14 @@ OBJ= $(BNTEST).o $(ECTEST).o $(IDEATEST).o $(MD2TEST).o $(MD4TEST).o $(MD5TEST). $(DESTEST).o $(FIPS_DESTEST).o $(SHATEST).o $(SHA1TEST).o $(FIPS_SHA1TEST).o $(MDC2TEST).o $(RMDTEST).o \ $(RANDTEST).o $(FIPS_RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \ $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(FIPS_DSATEST).o $(EXPTEST).o $(RSATEST).o \ - $(EVPTEST).o $(FIPS_AESTEST).o + $(EVPTEST).o $(FIPS_AESTEST).o $(FIPS_HMACTEST).o SRC= $(BNTEST).c $(ECTEST).c $(IDEATEST).c $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \ $(HMACTEST).c \ $(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \ $(DESTEST).c $(FIPS_DESTEST).c $(SHATEST).c $(SHA1TEST).c $(FIPS_SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \ $(RANDTEST).c $(FIPS_RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \ $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(FIPS_DSATEST).c $(EXPTEST).c $(RSATEST).c \ - $(EVPTEST).c $(FIPS_AESTEST).c + $(EVPTEST).c $(FIPS_AESTEST).c $(FIPS_HMACTEST).c EXHEADER= HEADER= $(EXHEADER) @@ -326,6 +327,12 @@ $(FIPS_AESTEST)$(EXE_EXT): $(FIPS_AESTEST).o $(DLIBCRYPTO) TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_AESTEST); \ fi +$(FIPS_HMACTEST)$(EXE_EXT): $(FIPS_HMACTEST).o $(DLIBCRYPTO) + @target=$(FIPS_HMACTEST); $(BUILD_CMD) + if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \ + TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_HMACTEST); \ + fi + $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) @target=$(RSATEST); $(BUILD_CMD) -- 2.40.0