diff options
author | marha <marha@users.sourceforge.net> | 2009-06-28 22:07:26 +0000 |
---|---|---|
committer | marha <marha@users.sourceforge.net> | 2009-06-28 22:07:26 +0000 |
commit | 3562e78743202e43aec8727005182a2558117eca (patch) | |
tree | 8f9113a77d12470c5c851a2a8e4cb02e89df7d43 /openssl/fips/hmac | |
download | vcxsrv-3562e78743202e43aec8727005182a2558117eca.tar.gz vcxsrv-3562e78743202e43aec8727005182a2558117eca.tar.bz2 vcxsrv-3562e78743202e43aec8727005182a2558117eca.zip |
Checked in the following released items:
xkeyboard-config-1.4.tar.gz
ttf-bitstream-vera-1.10.tar.gz
font-alias-1.0.1.tar.gz
font-sun-misc-1.0.0.tar.gz
font-sun-misc-1.0.0.tar.gz
font-sony-misc-1.0.0.tar.gz
font-schumacher-misc-1.0.0.tar.gz
font-mutt-misc-1.0.0.tar.gz
font-misc-misc-1.0.0.tar.gz
font-misc-meltho-1.0.0.tar.gz
font-micro-misc-1.0.0.tar.gz
font-jis-misc-1.0.0.tar.gz
font-isas-misc-1.0.0.tar.gz
font-dec-misc-1.0.0.tar.gz
font-daewoo-misc-1.0.0.tar.gz
font-cursor-misc-1.0.0.tar.gz
font-arabic-misc-1.0.0.tar.gz
font-winitzki-cyrillic-1.0.0.tar.gz
font-misc-cyrillic-1.0.0.tar.gz
font-cronyx-cyrillic-1.0.0.tar.gz
font-screen-cyrillic-1.0.1.tar.gz
font-xfree86-type1-1.0.1.tar.gz
font-adobe-utopia-type1-1.0.1.tar.gz
font-ibm-type1-1.0.0.tar.gz
font-bitstream-type1-1.0.0.tar.gz
font-bitstream-speedo-1.0.0.tar.gz
font-bh-ttf-1.0.0.tar.gz
font-bh-type1-1.0.0.tar.gz
font-bitstream-100dpi-1.0.0.tar.gz
font-bh-lucidatypewriter-100dpi-1.0.0.tar.gz
font-bh-100dpi-1.0.0.tar.gz
font-adobe-utopia-100dpi-1.0.1.tar.gz
font-adobe-100dpi-1.0.0.tar.gz
font-util-1.0.1.tar.gz
font-bitstream-75dpi-1.0.0.tar.gz
font-bh-lucidatypewriter-75dpi-1.0.0.tar.gz
font-adobe-utopia-75dpi-1.0.1.tar.gz
font-bh-75dpi-1.0.0.tar.gz
bdftopcf-1.0.1.tar.gz
font-adobe-75dpi-1.0.0.tar.gz
mkfontscale-1.0.6.tar.gz
openssl-0.9.8k.tar.gz
bigreqsproto-1.0.2.tar.gz
xtrans-1.2.2.tar.gz
resourceproto-1.0.2.tar.gz
inputproto-1.4.4.tar.gz
compositeproto-0.4.tar.gz
damageproto-1.1.0.tar.gz
zlib-1.2.3.tar.gz
xkbcomp-1.0.5.tar.gz
freetype-2.3.9.tar.gz
pthreads-w32-2-8-0-release.tar.gz
pixman-0.12.0.tar.gz
kbproto-1.0.3.tar.gz
evieext-1.0.2.tar.gz
fixesproto-4.0.tar.gz
recordproto-1.13.2.tar.gz
randrproto-1.2.2.tar.gz
scrnsaverproto-1.1.0.tar.gz
renderproto-0.9.3.tar.gz
xcmiscproto-1.1.2.tar.gz
fontsproto-2.0.2.tar.gz
xextproto-7.0.3.tar.gz
xproto-7.0.14.tar.gz
libXdmcp-1.0.2.tar.gz
libxkbfile-1.0.5.tar.gz
libfontenc-1.0.4.tar.gz
libXfont-1.3.4.tar.gz
libX11-1.1.5.tar.gz
libXau-1.0.4.tar.gz
libxcb-1.1.tar.gz
xorg-server-1.5.3.tar.gz
Diffstat (limited to 'openssl/fips/hmac')
-rw-r--r-- | openssl/fips/hmac/Makefile | 123 | ||||
-rw-r--r-- | openssl/fips/hmac/fips_hmac.c | 191 | ||||
-rw-r--r-- | openssl/fips/hmac/fips_hmac_selftest.c | 135 | ||||
-rw-r--r-- | openssl/fips/hmac/fips_hmactest.c | 328 |
4 files changed, 777 insertions, 0 deletions
diff --git a/openssl/fips/hmac/Makefile b/openssl/fips/hmac/Makefile new file mode 100644 index 000000000..be230ade9 --- /dev/null +++ b/openssl/fips/hmac/Makefile @@ -0,0 +1,123 @@ +# +# OpenSSL/fips/hmac/Makefile +# + +DIR= hmac +TOP= ../.. +CC= cc +INCLUDES= +CFLAG=-g +INSTALL_PREFIX= +OPENSSLDIR= /usr/local/ssl +INSTALLTOP=/usr/local/ssl +MAKEDEPPROG= makedepend +MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) +MAKEFILE= Makefile +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +TEST=fips_hmactest.c +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC=fips_hmac.c fips_hmac_selftest.c +LIBOBJ=fips_hmac.o fips_hmac_selftest.o + +SRC= $(LIBSRC) + +EXHEADER= +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + @echo $(LIBOBJ) > lib + +files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + +links: + @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS) + +install: + @headerlist="$(EXHEADER)"; for i in $$headerlist; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done + +tags: + ctags $(SRC) + +tests: + +Q=../testvectors/hmac/req +A=../testvectors/hmac/rsp + +fips_test: + -rm -rf $(A) + mkdir $(A) + if [ -f $(Q)/HMAC.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_hmactest < $(Q)/HMAC.req > $(A)/HMAC.rsp; fi + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff +# DO NOT DELETE THIS LINE -- make depend depends on it. + +fips_hmac.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +fips_hmac.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +fips_hmac.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +fips_hmac.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h +fips_hmac.o: ../../include/openssl/objects.h +fips_hmac.o: ../../include/openssl/opensslconf.h +fips_hmac.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +fips_hmac.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +fips_hmac.o: ../../include/openssl/symhacks.h fips_hmac.c +fips_hmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +fips_hmac_selftest.o: ../../include/openssl/crypto.h +fips_hmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +fips_hmac_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +fips_hmac_selftest.o: ../../include/openssl/hmac.h +fips_hmac_selftest.o: ../../include/openssl/lhash.h +fips_hmac_selftest.o: ../../include/openssl/obj_mac.h +fips_hmac_selftest.o: ../../include/openssl/objects.h +fips_hmac_selftest.o: ../../include/openssl/opensslconf.h +fips_hmac_selftest.o: ../../include/openssl/opensslv.h +fips_hmac_selftest.o: ../../include/openssl/ossl_typ.h +fips_hmac_selftest.o: ../../include/openssl/safestack.h +fips_hmac_selftest.o: ../../include/openssl/stack.h +fips_hmac_selftest.o: ../../include/openssl/symhacks.h fips_hmac_selftest.c +fips_hmactest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +fips_hmactest.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +fips_hmactest.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +fips_hmactest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +fips_hmactest.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +fips_hmactest.o: ../../include/openssl/err.h ../../include/openssl/evp.h +fips_hmactest.o: ../../include/openssl/fips.h ../../include/openssl/hmac.h +fips_hmactest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +fips_hmactest.o: ../../include/openssl/objects.h +fips_hmactest.o: ../../include/openssl/opensslconf.h +fips_hmactest.o: ../../include/openssl/opensslv.h +fips_hmactest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +fips_hmactest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +fips_hmactest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +fips_hmactest.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +fips_hmactest.o: ../../include/openssl/x509v3.h ../fips_utl.h fips_hmactest.c diff --git a/openssl/fips/hmac/fips_hmac.c b/openssl/fips/hmac/fips_hmac.c new file mode 100644 index 000000000..7c49c9882 --- /dev/null +++ b/openssl/fips/hmac/fips_hmac.c @@ -0,0 +1,191 @@ +/* crypto/hmac/hmac.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <openssl/hmac.h> +#include <openssl/fips.h> + +#ifdef OPENSSL_FIPS + +void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, + const EVP_MD *md, ENGINE *impl) + { + int i,j,reset=0; + unsigned char pad[HMAC_MAX_MD_CBLOCK]; + + if (md != NULL) + { + reset=1; + ctx->md=md; + } + else + md=ctx->md; + + if (key != NULL) + { + if (FIPS_mode() && !(md->flags & EVP_MD_FLAG_FIPS) + && (!(ctx->md_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW) + || !(ctx->i_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW) + || !(ctx->o_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW))) + OpenSSLDie(__FILE__,__LINE__, + "HMAC: digest not allowed in FIPS mode"); + + reset=1; + j=M_EVP_MD_block_size(md); + OPENSSL_assert(j <= sizeof ctx->key); + if (j < len) + { + EVP_DigestInit_ex(&ctx->md_ctx,md, impl); + EVP_DigestUpdate(&ctx->md_ctx,key,len); + EVP_DigestFinal_ex(&(ctx->md_ctx),ctx->key, + &ctx->key_length); + } + else + { + OPENSSL_assert(len <= sizeof ctx->key); + memcpy(ctx->key,key,len); + ctx->key_length=len; + } + if(ctx->key_length != HMAC_MAX_MD_CBLOCK) + memset(&ctx->key[ctx->key_length], 0, + HMAC_MAX_MD_CBLOCK - ctx->key_length); + } + + if (reset) + { + for (i=0; i<HMAC_MAX_MD_CBLOCK; i++) + pad[i]=0x36^ctx->key[i]; + EVP_DigestInit_ex(&ctx->i_ctx,md, impl); + EVP_DigestUpdate(&ctx->i_ctx,pad,M_EVP_MD_block_size(md)); + + for (i=0; i<HMAC_MAX_MD_CBLOCK; i++) + pad[i]=0x5c^ctx->key[i]; + EVP_DigestInit_ex(&ctx->o_ctx,md, impl); + EVP_DigestUpdate(&ctx->o_ctx,pad,M_EVP_MD_block_size(md)); + } + EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx); + } + +void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, + const EVP_MD *md) + { + if(key && md) + HMAC_CTX_init(ctx); + HMAC_Init_ex(ctx,key,len,md, NULL); + } + +void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) + { + EVP_DigestUpdate(&ctx->md_ctx,data,len); + } + +void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) + { + int j; + unsigned int i; + unsigned char buf[EVP_MAX_MD_SIZE]; + + j=M_EVP_MD_block_size(ctx->md); + + EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i); + EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx); + EVP_DigestUpdate(&ctx->md_ctx,buf,i); + EVP_DigestFinal_ex(&ctx->md_ctx,md,len); + } + +void HMAC_CTX_init(HMAC_CTX *ctx) + { + EVP_MD_CTX_init(&ctx->i_ctx); + EVP_MD_CTX_init(&ctx->o_ctx); + EVP_MD_CTX_init(&ctx->md_ctx); + } + +void HMAC_CTX_cleanup(HMAC_CTX *ctx) + { + EVP_MD_CTX_cleanup(&ctx->i_ctx); + EVP_MD_CTX_cleanup(&ctx->o_ctx); + EVP_MD_CTX_cleanup(&ctx->md_ctx); + memset(ctx,0,sizeof *ctx); + } + +unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, + const unsigned char *d, size_t n, unsigned char *md, + unsigned int *md_len) + { + HMAC_CTX c; + static unsigned char m[EVP_MAX_MD_SIZE]; + + if (md == NULL) md=m; + HMAC_CTX_init(&c); + HMAC_Init(&c,key,key_len,evp_md); + HMAC_Update(&c,d,n); + HMAC_Final(&c,md,md_len); + HMAC_CTX_cleanup(&c); + return(md); + } + +void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) + { + M_EVP_MD_CTX_set_flags(&ctx->i_ctx, flags); + M_EVP_MD_CTX_set_flags(&ctx->o_ctx, flags); + M_EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); + } + +#endif + diff --git a/openssl/fips/hmac/fips_hmac_selftest.c b/openssl/fips/hmac/fips_hmac_selftest.c new file mode 100644 index 000000000..a69777073 --- /dev/null +++ b/openssl/fips/hmac/fips_hmac_selftest.c @@ -0,0 +1,135 @@ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include <string.h> +#include <openssl/err.h> +#include <openssl/fips.h> +#include <openssl/hmac.h> + +#ifdef OPENSSL_FIPS +typedef struct { + const EVP_MD *(*alg)(void); + const char *key, *iv; + unsigned char kaval[EVP_MAX_MD_SIZE]; +} HMAC_KAT; + +static const HMAC_KAT vector[] = { + { EVP_sha1, + /* from http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf */ + "0123456789:;<=>?@ABC", + "Sample #2", + { 0x09,0x22,0xd3,0x40,0x5f,0xaa,0x3d,0x19, + 0x4f,0x82,0xa4,0x58,0x30,0x73,0x7d,0x5c, + 0xc6,0xc7,0x5d,0x24 } + }, + { EVP_sha224, + /* just keep extending the above... */ + "0123456789:;<=>?@ABC", + "Sample #2", + { 0xdd,0xef,0x0a,0x40,0xcb,0x7d,0x50,0xfb, + 0x6e,0xe6,0xce,0xa1,0x20,0xba,0x26,0xaa, + 0x08,0xf3,0x07,0x75,0x87,0xb8,0xad,0x1b, + 0x8c,0x8d,0x12,0xc7 } + }, + { EVP_sha256, + "0123456789:;<=>?@ABC", + "Sample #2", + { 0xb8,0xf2,0x0d,0xb5,0x41,0xea,0x43,0x09, + 0xca,0x4e,0xa9,0x38,0x0c,0xd0,0xe8,0x34, + 0xf7,0x1f,0xbe,0x91,0x74,0xa2,0x61,0x38, + 0x0d,0xc1,0x7e,0xae,0x6a,0x34,0x51,0xd9 } + }, + { EVP_sha384, + "0123456789:;<=>?@ABC", + "Sample #2", + { 0x08,0xbc,0xb0,0xda,0x49,0x1e,0x87,0xad, + 0x9a,0x1d,0x6a,0xce,0x23,0xc5,0x0b,0xf6, + 0xb7,0x18,0x06,0xa5,0x77,0xcd,0x49,0x04, + 0x89,0xf1,0xe6,0x23,0x44,0x51,0x51,0x9f, + 0x85,0x56,0x80,0x79,0x0c,0xbd,0x4d,0x50, + 0xa4,0x5f,0x29,0xe3,0x93,0xf0,0xe8,0x7f } + }, + { EVP_sha512, + "0123456789:;<=>?@ABC", + "Sample #2", + { 0x80,0x9d,0x44,0x05,0x7c,0x5b,0x95,0x41, + 0x05,0xbd,0x04,0x13,0x16,0xdb,0x0f,0xac, + 0x44,0xd5,0xa4,0xd5,0xd0,0x89,0x2b,0xd0, + 0x4e,0x86,0x64,0x12,0xc0,0x90,0x77,0x68, + 0xf1,0x87,0xb7,0x7c,0x4f,0xae,0x2c,0x2f, + 0x21,0xa5,0xb5,0x65,0x9a,0x4f,0x4b,0xa7, + 0x47,0x02,0xa3,0xde,0x9b,0x51,0xf1,0x45, + 0xbd,0x4f,0x25,0x27,0x42,0x98,0x99,0x05 } + }, +}; + +int FIPS_selftest_hmac() + { + int n; + unsigned int outlen; + unsigned char out[EVP_MAX_MD_SIZE]; + const EVP_MD *md; + const HMAC_KAT *t; + + for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++) + { + md = (*t->alg)(); + HMAC(md,t->key,strlen(t->key), + (const unsigned char *)t->iv,strlen(t->iv), + out,&outlen); + + if(memcmp(out,t->kaval,outlen)) + { + FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC,FIPS_R_SELFTEST_FAILED); + return 0; + } + } + return 1; + } +#endif diff --git a/openssl/fips/hmac/fips_hmactest.c b/openssl/fips/hmac/fips_hmactest.c new file mode 100644 index 000000000..69ebf6862 --- /dev/null +++ b/openssl/fips/hmac/fips_hmactest.c @@ -0,0 +1,328 @@ +/* fips_hmactest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2005. + */ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include <ctype.h> +#include <string.h> +#include <openssl/bio.h> +#include <openssl/evp.h> +#include <openssl/hmac.h> +#include <openssl/err.h> +#include <openssl/bn.h> + +#include <openssl/x509v3.h> + +#ifndef OPENSSL_FIPS + +int main(int argc, char *argv[]) +{ + printf("No FIPS HMAC support\n"); + return(0); +} + +#else + +#include <openssl/fips.h> +#include "fips_utl.h" + +static int hmac_test(const EVP_MD *md, FILE *out, FILE *in); +static int print_hmac(const EVP_MD *md, FILE *out, + unsigned char *Key, int Klen, + unsigned char *Msg, int Msglen, int Tlen); + +int main(int argc, char **argv) + { + FILE *in = NULL, *out = NULL; + + int ret = 1; + + if(!FIPS_mode_set(1)) + { + do_print_errors(); + goto end; + } + + if (argc == 1) + in = stdin; + else + in = fopen(argv[1], "r"); + + if (argc < 2) + out = stdout; + else + out = fopen(argv[2], "w"); + + if (!in) + { + fprintf(stderr, "FATAL input initialization error\n"); + goto end; + } + + if (!out) + { + fprintf(stderr, "FATAL output initialization error\n"); + goto end; + } + + if (!hmac_test(EVP_sha1(), out, in)) + { + fprintf(stderr, "FATAL hmac file processing error\n"); + goto end; + } + else + ret = 0; + + end: + + if (ret) + do_print_errors(); + + if (in && (in != stdin)) + fclose(in); + if (out && (out != stdout)) + fclose(out); + + return ret; + + } + +#define HMAC_TEST_MAXLINELEN 1024 + +int hmac_test(const EVP_MD *md, FILE *out, FILE *in) + { + char *linebuf, *olinebuf, *p, *q; + char *keyword, *value; + unsigned char *Key = NULL, *Msg = NULL; + int Count, Klen, Tlen; + long Keylen, Msglen; + int ret = 0; + int lnum = 0; + + olinebuf = OPENSSL_malloc(HMAC_TEST_MAXLINELEN); + linebuf = OPENSSL_malloc(HMAC_TEST_MAXLINELEN); + + if (!linebuf || !olinebuf) + goto error; + + Count = -1; + Klen = -1; + Tlen = -1; + + while (fgets(olinebuf, HMAC_TEST_MAXLINELEN, in)) + { + lnum++; + strcpy(linebuf, olinebuf); + keyword = linebuf; + /* Skip leading space */ + while (isspace((unsigned char)*keyword)) + keyword++; + + /* Look for = sign */ + p = strchr(linebuf, '='); + + /* If no = or starts with [ (for [L=20] line) just copy */ + if (!p) + { + if (fputs(olinebuf, out) < 0) + goto error; + continue; + } + + q = p - 1; + + /* Remove trailing space */ + while (isspace((unsigned char)*q)) + *q-- = 0; + + *p = 0; + value = p + 1; + + /* Remove leading space from value */ + while (isspace((unsigned char)*value)) + value++; + + /* Remove trailing space from value */ + p = value + strlen(value) - 1; + + while (*p == '\n' || isspace((unsigned char)*p)) + *p-- = 0; + + if (!strcmp(keyword,"[L") && *p==']') + { + switch (atoi(value)) + { + case 20: md=EVP_sha1(); break; + case 28: md=EVP_sha224(); break; + case 32: md=EVP_sha256(); break; + case 48: md=EVP_sha384(); break; + case 64: md=EVP_sha512(); break; + default: goto parse_error; + } + } + else if (!strcmp(keyword, "Count")) + { + if (Count != -1) + goto parse_error; + Count = atoi(value); + if (Count < 0) + goto parse_error; + } + else if (!strcmp(keyword, "Klen")) + { + if (Klen != -1) + goto parse_error; + Klen = atoi(value); + if (Klen < 0) + goto parse_error; + } + else if (!strcmp(keyword, "Tlen")) + { + if (Tlen != -1) + goto parse_error; + Tlen = atoi(value); + if (Tlen < 0) + goto parse_error; + } + else if (!strcmp(keyword, "Msg")) + { + if (Msg) + goto parse_error; + Msg = hex2bin_m(value, &Msglen); + if (!Msg) + goto parse_error; + } + else if (!strcmp(keyword, "Key")) + { + if (Key) + goto parse_error; + Key = hex2bin_m(value, &Keylen); + if (!Key) + goto parse_error; + } + else if (!strcmp(keyword, "Mac")) + continue; + else + goto parse_error; + + fputs(olinebuf, out); + + if (Key && Msg && (Tlen > 0) && (Klen > 0)) + { + if (!print_hmac(md, out, Key, Klen, Msg, Msglen, Tlen)) + goto error; + OPENSSL_free(Key); + Key = NULL; + OPENSSL_free(Msg); + Msg = NULL; + Klen = -1; + Tlen = -1; + Count = -1; + } + + } + + + ret = 1; + + + error: + + if (olinebuf) + OPENSSL_free(olinebuf); + if (linebuf) + OPENSSL_free(linebuf); + if (Key) + OPENSSL_free(Key); + if (Msg) + OPENSSL_free(Msg); + + return ret; + + parse_error: + + fprintf(stderr, "FATAL parse error processing line %d\n", lnum); + + goto error; + + } + +static int print_hmac(const EVP_MD *emd, FILE *out, + unsigned char *Key, int Klen, + unsigned char *Msg, int Msglen, int Tlen) + { + int i, mdlen; + unsigned char md[EVP_MAX_MD_SIZE]; + if (!HMAC(emd, Key, Klen, Msg, Msglen, md, + (unsigned int *)&mdlen)) + { + fputs("Error calculating HMAC\n", stderr); + return 0; + } + if (Tlen > mdlen) + { + fputs("Parameter error, Tlen > HMAC length\n", stderr); + return 0; + } + fputs("Mac = ", out); + for (i = 0; i < Tlen; i++) + fprintf(out, "%02x", md[i]); + fputs("\n", out); + return 1; + } + +#endif |