fips_utl.h 10.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422
  1. /* ====================================================================
  2. * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. * 1. Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. *
  11. * 2. Redistributions in binary form must reproduce the above copyright
  12. * notice, this list of conditions and the following disclaimer in
  13. * the documentation and/or other materials provided with the
  14. * distribution.
  15. *
  16. * 3. All advertising materials mentioning features or use of this
  17. * software must display the following acknowledgment:
  18. * "This product includes software developed by the OpenSSL Project
  19. * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
  20. *
  21. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  22. * endorse or promote products derived from this software without
  23. * prior written permission. For written permission, please contact
  24. * openssl-core@openssl.org.
  25. *
  26. * 5. Products derived from this software may not be called "OpenSSL"
  27. * nor may "OpenSSL" appear in their names without prior written
  28. * permission of the OpenSSL Project.
  29. *
  30. * 6. Redistributions of any form whatsoever must retain the following
  31. * acknowledgment:
  32. * "This product includes software developed by the OpenSSL Project
  33. * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
  34. *
  35. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  36. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  37. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  38. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  39. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  40. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  41. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  42. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  43. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  44. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  45. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  46. * OF THE POSSIBILITY OF SUCH DAMAGE.
  47. *
  48. */
  49. #define OPENSSL_FIPSAPI
  50. #include <openssl/fips_rand.h>
  51. #include <openssl/objects.h>
  52. int hex2bin(const char *in, unsigned char *out);
  53. unsigned char *hex2bin_m(const char *in, long *plen);
  54. int do_hex2bn(BIGNUM **pr, const char *in);
  55. int do_bn_print(FILE *out, const BIGNUM *bn);
  56. int do_bn_print_name(FILE *out, const char *name, const BIGNUM *bn);
  57. int parse_line(char **pkw, char **pval, char *linebuf, char *olinebuf);
  58. BIGNUM *hex2bn(const char *in);
  59. int tidy_line(char *linebuf, char *olinebuf);
  60. int bint2bin(const char *in, int len, unsigned char *out);
  61. int bin2bint(const unsigned char *in,int len,char *out);
  62. void PrintValue(char *tag, unsigned char *val, int len);
  63. void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,int bitmode);
  64. void fips_algtest_init(void);
  65. void do_entropy_stick(void);
  66. static int no_err;
  67. static void put_err_cb(int lib, int func,int reason,const char *file,int line)
  68. {
  69. if (no_err)
  70. return;
  71. fprintf(stderr, "ERROR:%08lX:lib=%d,func=%d,reason=%d"
  72. ":file=%s:line=%d\n",
  73. ERR_PACK(lib, func, reason),
  74. lib, func, reason, file, line);
  75. }
  76. static void add_err_cb(int num, va_list args)
  77. {
  78. int i;
  79. char *str;
  80. if (no_err)
  81. return;
  82. fputs("\t", stderr);
  83. for (i = 0; i < num; i++)
  84. {
  85. str = va_arg(args, char *);
  86. if (str)
  87. fputs(str, stderr);
  88. }
  89. fputs("\n", stderr);
  90. }
  91. /* Dummy Entropy to keep DRBG happy. WARNING: THIS IS TOTALLY BOGUS
  92. * HAS ZERO SECURITY AND MUST NOT BE USED IN REAL APPLICATIONS.
  93. */
  94. static unsigned char dummy_entropy[1024];
  95. static size_t dummy_cb(DRBG_CTX *ctx, unsigned char **pout,
  96. int entropy, size_t min_len, size_t max_len)
  97. {
  98. *pout = dummy_entropy;
  99. return min_len;
  100. }
  101. static int entropy_stick = 0;
  102. static void fips_algtest_init_nofips(void)
  103. {
  104. DRBG_CTX *ctx;
  105. size_t i;
  106. FIPS_set_error_callbacks(put_err_cb, add_err_cb);
  107. for (i = 0; i < sizeof(dummy_entropy); i++)
  108. dummy_entropy[i] = i & 0xff;
  109. if (entropy_stick)
  110. memcpy(dummy_entropy + 32, dummy_entropy + 16, 16);
  111. ctx = FIPS_get_default_drbg();
  112. FIPS_drbg_init(ctx, NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF);
  113. FIPS_drbg_set_callbacks(ctx, dummy_cb, 0, 16, dummy_cb, 0);
  114. FIPS_drbg_instantiate(ctx, dummy_entropy, 10);
  115. FIPS_rand_set_method(FIPS_drbg_method());
  116. }
  117. void do_entropy_stick(void)
  118. {
  119. entropy_stick = 1;
  120. }
  121. void fips_algtest_init(void)
  122. {
  123. fips_algtest_init_nofips();
  124. if (!FIPS_mode_set(1))
  125. {
  126. fprintf(stderr, "Error entering FIPS mode\n");
  127. exit(1);
  128. }
  129. }
  130. int hex2bin(const char *in, unsigned char *out)
  131. {
  132. int n1, n2, isodd = 0;
  133. unsigned char ch;
  134. n1 = strlen(in);
  135. if (in[n1 - 1] == '\n')
  136. n1--;
  137. if (n1 & 1)
  138. isodd = 1;
  139. for (n1=0,n2=0 ; in[n1] && in[n1] != '\n' ; )
  140. { /* first byte */
  141. if ((in[n1] >= '0') && (in[n1] <= '9'))
  142. ch = in[n1++] - '0';
  143. else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
  144. ch = in[n1++] - 'A' + 10;
  145. else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
  146. ch = in[n1++] - 'a' + 10;
  147. else
  148. return -1;
  149. if(!in[n1])
  150. {
  151. out[n2++]=ch;
  152. break;
  153. }
  154. /* If input is odd length first digit is least significant: assumes
  155. * all digits valid hex and null terminated which is true for the
  156. * strings we pass.
  157. */
  158. if (n1 == 1 && isodd)
  159. {
  160. out[n2++] = ch;
  161. continue;
  162. }
  163. out[n2] = ch << 4;
  164. /* second byte */
  165. if ((in[n1] >= '0') && (in[n1] <= '9'))
  166. ch = in[n1++] - '0';
  167. else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
  168. ch = in[n1++] - 'A' + 10;
  169. else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
  170. ch = in[n1++] - 'a' + 10;
  171. else
  172. return -1;
  173. out[n2++] |= ch;
  174. }
  175. return n2;
  176. }
  177. unsigned char *hex2bin_m(const char *in, long *plen)
  178. {
  179. unsigned char *p;
  180. if (strlen(in) == 0)
  181. {
  182. *plen = 0;
  183. return OPENSSL_malloc(1);
  184. }
  185. p = OPENSSL_malloc((strlen(in) + 1)/2);
  186. *plen = hex2bin(in, p);
  187. return p;
  188. }
  189. int do_hex2bn(BIGNUM **pr, const char *in)
  190. {
  191. unsigned char *p;
  192. long plen;
  193. int r = 0;
  194. p = hex2bin_m(in, &plen);
  195. if (!p)
  196. return 0;
  197. if (!*pr)
  198. *pr = BN_new();
  199. if (!*pr)
  200. return 0;
  201. if (BN_bin2bn(p, plen, *pr))
  202. r = 1;
  203. OPENSSL_free(p);
  204. return r;
  205. }
  206. int do_bn_print(FILE *out, const BIGNUM *bn)
  207. {
  208. int len, i;
  209. unsigned char *tmp;
  210. len = BN_num_bytes(bn);
  211. if (len == 0)
  212. {
  213. fputs("00", out);
  214. return 1;
  215. }
  216. tmp = OPENSSL_malloc(len);
  217. if (!tmp)
  218. {
  219. fprintf(stderr, "Memory allocation error\n");
  220. return 0;
  221. }
  222. BN_bn2bin(bn, tmp);
  223. for (i = 0; i < len; i++)
  224. fprintf(out, "%02x", tmp[i]);
  225. OPENSSL_free(tmp);
  226. return 1;
  227. }
  228. int do_bn_print_name(FILE *out, const char *name, const BIGNUM *bn)
  229. {
  230. int r;
  231. fprintf(out, "%s = ", name);
  232. r = do_bn_print(out, bn);
  233. if (!r)
  234. return 0;
  235. fputs("\n", out);
  236. return 1;
  237. }
  238. int parse_line(char **pkw, char **pval, char *linebuf, char *olinebuf)
  239. {
  240. char *keyword, *value, *p, *q;
  241. strcpy(linebuf, olinebuf);
  242. keyword = linebuf;
  243. /* Skip leading space */
  244. while (isspace((unsigned char)*keyword))
  245. keyword++;
  246. /* Look for = sign */
  247. p = strchr(linebuf, '=');
  248. /* If no '=' exit */
  249. if (!p)
  250. return 0;
  251. q = p - 1;
  252. /* Remove trailing space */
  253. while (isspace((unsigned char)*q))
  254. *q-- = 0;
  255. *p = 0;
  256. value = p + 1;
  257. /* Remove leading space from value */
  258. while (isspace((unsigned char)*value))
  259. value++;
  260. /* Remove trailing space from value */
  261. p = value + strlen(value) - 1;
  262. if (*p != '\n')
  263. fprintf(stderr, "Warning: missing EOL\n");
  264. while (*p == '\n' || isspace((unsigned char)*p))
  265. *p-- = 0;
  266. *pkw = keyword;
  267. *pval = value;
  268. return 1;
  269. }
  270. BIGNUM *hex2bn(const char *in)
  271. {
  272. BIGNUM *p=NULL;
  273. if (!do_hex2bn(&p, in))
  274. return NULL;
  275. return p;
  276. }
  277. /* To avoid extensive changes to test program at this stage just convert
  278. * the input line into an acceptable form. Keyword lines converted to form
  279. * "keyword = value\n" no matter what white space present, all other lines
  280. * just have leading and trailing space removed.
  281. */
  282. int tidy_line(char *linebuf, char *olinebuf)
  283. {
  284. char *keyword, *value, *p, *q;
  285. strcpy(linebuf, olinebuf);
  286. keyword = linebuf;
  287. /* Skip leading space */
  288. while (isspace((unsigned char)*keyword))
  289. keyword++;
  290. /* Look for = sign */
  291. p = strchr(linebuf, '=');
  292. /* If no '=' just chop leading, trailing ws */
  293. if (!p)
  294. {
  295. p = keyword + strlen(keyword) - 1;
  296. while (*p == '\n' || isspace((unsigned char)*p))
  297. *p-- = 0;
  298. strcpy(olinebuf, keyword);
  299. strcat(olinebuf, "\n");
  300. return 1;
  301. }
  302. q = p - 1;
  303. /* Remove trailing space */
  304. while (isspace((unsigned char)*q))
  305. *q-- = 0;
  306. *p = 0;
  307. value = p + 1;
  308. /* Remove leading space from value */
  309. while (isspace((unsigned char)*value))
  310. value++;
  311. /* Remove trailing space from value */
  312. p = value + strlen(value) - 1;
  313. while (*p == '\n' || isspace((unsigned char)*p))
  314. *p-- = 0;
  315. strcpy(olinebuf, keyword);
  316. strcat(olinebuf, " = ");
  317. strcat(olinebuf, value);
  318. strcat(olinebuf, "\n");
  319. return 1;
  320. }
  321. /* NB: this return the number of _bits_ read */
  322. int bint2bin(const char *in, int len, unsigned char *out)
  323. {
  324. int n;
  325. memset(out,0,len);
  326. for(n=0 ; n < len ; ++n)
  327. if(in[n] == '1')
  328. out[n/8]|=(0x80 >> (n%8));
  329. return len;
  330. }
  331. int bin2bint(const unsigned char *in,int len,char *out)
  332. {
  333. int n;
  334. for(n=0 ; n < len ; ++n)
  335. out[n]=(in[n/8]&(0x80 >> (n%8))) ? '1' : '0';
  336. return n;
  337. }
  338. /*-----------------------------------------------*/
  339. void PrintValue(char *tag, unsigned char *val, int len)
  340. {
  341. #ifdef VERBOSE
  342. OutputValue(tag, val, len, stdout, 0);
  343. #endif
  344. }
  345. void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,int bitmode)
  346. {
  347. char obuf[2048];
  348. int olen;
  349. if(bitmode)
  350. {
  351. olen=bin2bint(val,len,obuf);
  352. fprintf(rfp, "%s = %.*s\n", tag, olen, obuf);
  353. }
  354. else
  355. {
  356. int i;
  357. fprintf(rfp, "%s = ", tag);
  358. for (i = 0; i < len; i++)
  359. fprintf(rfp, "%02x", val[i]);
  360. fputs("\n", rfp);
  361. }
  362. #if VERBOSE
  363. printf("%s = %.*s\n", tag, olen, obuf);
  364. #endif
  365. }