diff options
Diffstat (limited to 'openssl/fips/sha')
-rw-r--r-- | openssl/fips/sha/Makefile | 158 | ||||
-rw-r--r-- | openssl/fips/sha/fips_sha1_selftest.c | 97 | ||||
-rw-r--r-- | openssl/fips/sha/fips_shatest.c | 388 | ||||
-rw-r--r-- | openssl/fips/sha/fips_standalone_sha1.c | 173 |
4 files changed, 816 insertions, 0 deletions
diff --git a/openssl/fips/sha/Makefile b/openssl/fips/sha/Makefile new file mode 100644 index 000000000..a661640bc --- /dev/null +++ b/openssl/fips/sha/Makefile @@ -0,0 +1,158 @@ +# +# OpenSSL/fips/sha/Makefile +# + +DIR= sha +TOP= ../.. +CC= cc +INCLUDES= +CFLAG=-g +INSTALL_PREFIX= +OPENSSLDIR= /usr/local/ssl +INSTALLTOP=/usr/local/ssl +MAKEDEPPROG= makedepend +MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) +MAKEFILE= Makefile +AR= ar r +EXE_EXT= + +ASFLAGS= $(INCLUDES) $(ASFLAG) +AFLAGS= $(ASFLAGS) + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +TEST= fips_shatest.c +APPS= +EXE= fips_standalone_sha1$(EXE_EXT) + +LIB=$(TOP)/libcrypto.a +LIBSRC=fips_sha1_selftest.c +LIBOBJ=fips_sha1_selftest.o + +SRC= $(LIBSRC) fips_standalone_sha1.c + +EXHEADER= +HEADER= + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd $(TOP); $(MAKE) DIRS=fips SDIRS=$(DIR) sub_all) + +all: ../fips_standalone_sha1$(EXE_EXT) lib + +lib: $(LIBOBJ) + @echo $(LIBOBJ) > lib + +../fips_standalone_sha1$(EXE_EXT): fips_standalone_sha1.o + FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha1dgst.o ; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../../crypto/sha/$$i" ; done; \ + $(CC) -o $@ $(CFLAGS) fips_standalone_sha1.o $$FIPS_SHA_ASM + +files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + +links: + @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS) + +install: + @headerlist="$(EXHEADER)"; for i in $$headerlist; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done + +tags: + ctags $(SRC) + +tests: + +Q=../testvectors/sha/req +A=../testvectors/sha/rsp + +VECTORS = SHA1LongMsg \ + SHA1Monte \ + SHA1ShortMsg \ + SHA224LongMsg \ + SHA224Monte \ + SHA224ShortMsg \ + SHA256LongMsg \ + SHA256Monte \ + SHA256ShortMsg \ + SHA384LongMsg \ + SHA384Monte \ + SHA384ShortMsg \ + SHA512LongMsg \ + SHA512Monte \ + SHA512ShortMsg + +fips_test: + -rm -rf $(A) + mkdir $(A) + for file in $(VECTORS); do \ + if [ -f $(Q)/$$file.req ]; then \ + $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_shatest $(Q)/$$file.req $(A)/$$file.rsp; \ + fi; \ + done + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) + +# DO NOT DELETE THIS LINE -- make depend depends on it. + +fips_sha1_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +fips_sha1_selftest.o: ../../include/openssl/crypto.h +fips_sha1_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +fips_sha1_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +fips_sha1_selftest.o: ../../include/openssl/lhash.h +fips_sha1_selftest.o: ../../include/openssl/obj_mac.h +fips_sha1_selftest.o: ../../include/openssl/objects.h +fips_sha1_selftest.o: ../../include/openssl/opensslconf.h +fips_sha1_selftest.o: ../../include/openssl/opensslv.h +fips_sha1_selftest.o: ../../include/openssl/ossl_typ.h +fips_sha1_selftest.o: ../../include/openssl/safestack.h +fips_sha1_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +fips_sha1_selftest.o: ../../include/openssl/symhacks.h fips_sha1_selftest.c +fips_shatest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +fips_shatest.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +fips_shatest.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +fips_shatest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +fips_shatest.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +fips_shatest.o: ../../include/openssl/err.h ../../include/openssl/evp.h +fips_shatest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +fips_shatest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +fips_shatest.o: ../../include/openssl/opensslconf.h +fips_shatest.o: ../../include/openssl/opensslv.h +fips_shatest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +fips_shatest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +fips_shatest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +fips_shatest.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +fips_shatest.o: ../../include/openssl/x509v3.h ../fips_utl.h fips_shatest.c +fips_standalone_sha1.o: ../../include/openssl/asn1.h +fips_standalone_sha1.o: ../../include/openssl/bio.h +fips_standalone_sha1.o: ../../include/openssl/crypto.h +fips_standalone_sha1.o: ../../include/openssl/e_os2.h +fips_standalone_sha1.o: ../../include/openssl/evp.h +fips_standalone_sha1.o: ../../include/openssl/fips.h +fips_standalone_sha1.o: ../../include/openssl/hmac.h +fips_standalone_sha1.o: ../../include/openssl/obj_mac.h +fips_standalone_sha1.o: ../../include/openssl/objects.h +fips_standalone_sha1.o: ../../include/openssl/opensslconf.h +fips_standalone_sha1.o: ../../include/openssl/opensslv.h +fips_standalone_sha1.o: ../../include/openssl/ossl_typ.h +fips_standalone_sha1.o: ../../include/openssl/safestack.h +fips_standalone_sha1.o: ../../include/openssl/sha.h +fips_standalone_sha1.o: ../../include/openssl/stack.h +fips_standalone_sha1.o: ../../include/openssl/symhacks.h fips_standalone_sha1.c diff --git a/openssl/fips/sha/fips_sha1_selftest.c b/openssl/fips/sha/fips_sha1_selftest.c new file mode 100644 index 000000000..ba6a29ed9 --- /dev/null +++ b/openssl/fips/sha/fips_sha1_selftest.c @@ -0,0 +1,97 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include <string.h> +#include <openssl/err.h> +#include <openssl/fips.h> +#include <openssl/evp.h> +#include <openssl/sha.h> + +#ifdef OPENSSL_FIPS +static char test[][60]= + { + "", + "abc", + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" + }; + +static const unsigned char ret[][SHA_DIGEST_LENGTH]= + { + { 0xda,0x39,0xa3,0xee,0x5e,0x6b,0x4b,0x0d,0x32,0x55, + 0xbf,0xef,0x95,0x60,0x18,0x90,0xaf,0xd8,0x07,0x09 }, + { 0xa9,0x99,0x3e,0x36,0x47,0x06,0x81,0x6a,0xba,0x3e, + 0x25,0x71,0x78,0x50,0xc2,0x6c,0x9c,0xd0,0xd8,0x9d }, + { 0x84,0x98,0x3e,0x44,0x1c,0x3b,0xd2,0x6e,0xba,0xae, + 0x4a,0xa1,0xf9,0x51,0x29,0xe5,0xe5,0x46,0x70,0xf1 }, + }; + +void FIPS_corrupt_sha1() + { + test[2][0]++; + } + +int FIPS_selftest_sha1() + { + int n; + + for(n=0 ; n<sizeof(test)/sizeof(test[0]) ; ++n) + { + unsigned char md[SHA_DIGEST_LENGTH]; + + EVP_Digest(test[n],strlen(test[n]),md, NULL, EVP_sha1(), NULL); + if(memcmp(md,ret[n],sizeof md)) + { + FIPSerr(FIPS_F_FIPS_SELFTEST_SHA1,FIPS_R_SELFTEST_FAILED); + return 0; + } + } + return 1; + } + +#endif diff --git a/openssl/fips/sha/fips_shatest.c b/openssl/fips/sha/fips_shatest.c new file mode 100644 index 000000000..ae5ecdd2b --- /dev/null +++ b/openssl/fips/sha/fips_shatest.c @@ -0,0 +1,388 @@ +/* fips_shatest.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2005. + */ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include <ctype.h> +#include <string.h> +#include <openssl/bio.h> +#include <openssl/evp.h> +#include <openssl/err.h> +#include <openssl/bn.h> +#include <openssl/x509v3.h> + +#ifndef OPENSSL_FIPS + +int main(int argc, char *argv[]) +{ + printf("No FIPS SHAXXX support\n"); + return(0); +} + +#else + +#include "fips_utl.h" + +static int dgst_test(FILE *out, FILE *in); +static int print_dgst(const EVP_MD *md, FILE *out, + unsigned char *Msg, int Msglen); +static int print_monte(const EVP_MD *md, FILE *out, + unsigned char *Seed, int SeedLen); + +int main(int argc, char **argv) + { + FILE *in = NULL, *out = NULL; + + int ret = 1; + + if(!FIPS_mode_set(1)) + { + do_print_errors(); + goto end; + } + + if (argc == 1) + in = stdin; + else + in = fopen(argv[1], "r"); + + if (argc < 2) + out = stdout; + else + out = fopen(argv[2], "w"); + + if (!in) + { + fprintf(stderr, "FATAL input initialization error\n"); + goto end; + } + + if (!out) + { + fprintf(stderr, "FATAL output initialization error\n"); + goto end; + } + + if (!dgst_test(out, in)) + { + fprintf(stderr, "FATAL digest file processing error\n"); + goto end; + } + else + ret = 0; + + end: + + if (ret) + do_print_errors(); + + if (in && (in != stdin)) + fclose(in); + if (out && (out != stdout)) + fclose(out); + + return ret; + + } + +#define SHA_TEST_MAX_BITS 102400 +#define SHA_TEST_MAXLINELEN (((SHA_TEST_MAX_BITS >> 3) * 2) + 100) + +int dgst_test(FILE *out, FILE *in) + { + const EVP_MD *md = NULL; + char *linebuf, *olinebuf, *p, *q; + char *keyword, *value; + unsigned char *Msg = NULL, *Seed = NULL; + long MsgLen = -1, Len = -1, SeedLen = -1; + int ret = 0; + int lnum = 0; + + olinebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN); + linebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN); + + if (!linebuf || !olinebuf) + goto error; + + + while (fgets(olinebuf, SHA_TEST_MAXLINELEN, in)) + { + lnum++; + strcpy(linebuf, olinebuf); + keyword = linebuf; + /* Skip leading space */ + while (isspace((unsigned char)*keyword)) + keyword++; + + /* Look for = sign */ + p = strchr(linebuf, '='); + + /* If no = or starts with [ (for [L=20] line) just copy */ + if (!p) + { + fputs(olinebuf, out); + continue; + } + + q = p - 1; + + /* Remove trailing space */ + while (isspace((unsigned char)*q)) + *q-- = 0; + + *p = 0; + value = p + 1; + + /* Remove leading space from value */ + while (isspace((unsigned char)*value)) + value++; + + /* Remove trailing space from value */ + p = value + strlen(value) - 1; + while (*p == '\n' || isspace((unsigned char)*p)) + *p-- = 0; + + if (!strcmp(keyword,"[L") && *p==']') + { + switch (atoi(value)) + { + case 20: md=EVP_sha1(); break; + case 28: md=EVP_sha224(); break; + case 32: md=EVP_sha256(); break; + case 48: md=EVP_sha384(); break; + case 64: md=EVP_sha512(); break; + default: goto parse_error; + } + } + else if (!strcmp(keyword, "Len")) + { + if (Len != -1) + goto parse_error; + Len = atoi(value); + if (Len < 0) + goto parse_error; + /* Only handle multiples of 8 bits */ + if (Len & 0x7) + goto parse_error; + if (Len > SHA_TEST_MAX_BITS) + goto parse_error; + MsgLen = Len >> 3; + } + + else if (!strcmp(keyword, "Msg")) + { + long tmplen; + if (strlen(value) & 1) + *(--value) = '0'; + if (Msg) + goto parse_error; + Msg = hex2bin_m(value, &tmplen); + if (!Msg) + goto parse_error; + } + else if (!strcmp(keyword, "Seed")) + { + if (strlen(value) & 1) + *(--value) = '0'; + if (Seed) + goto parse_error; + Seed = hex2bin_m(value, &SeedLen); + if (!Seed) + goto parse_error; + } + else if (!strcmp(keyword, "MD")) + continue; + else + goto parse_error; + + fputs(olinebuf, out); + + if (md && Msg && (MsgLen >= 0)) + { + if (!print_dgst(md, out, Msg, MsgLen)) + goto error; + OPENSSL_free(Msg); + Msg = NULL; + MsgLen = -1; + Len = -1; + } + else if (md && Seed && (SeedLen > 0)) + { + if (!print_monte(md, out, Seed, SeedLen)) + goto error; + OPENSSL_free(Seed); + Seed = NULL; + SeedLen = -1; + } + + + } + + + ret = 1; + + + error: + + if (olinebuf) + OPENSSL_free(olinebuf); + if (linebuf) + OPENSSL_free(linebuf); + if (Msg) + OPENSSL_free(Msg); + if (Seed) + OPENSSL_free(Seed); + + return ret; + + parse_error: + + fprintf(stderr, "FATAL parse error processing line %d\n", lnum); + + goto error; + + } + +static int print_dgst(const EVP_MD *emd, FILE *out, + unsigned char *Msg, int Msglen) + { + int i, mdlen; + unsigned char md[EVP_MAX_MD_SIZE]; + if (!EVP_Digest(Msg, Msglen, md, (unsigned int *)&mdlen, emd, NULL)) + { + fputs("Error calculating HASH\n", stderr); + return 0; + } + fputs("MD = ", out); + for (i = 0; i < mdlen; i++) + fprintf(out, "%02x", md[i]); + fputs("\n", out); + return 1; + } + +static int print_monte(const EVP_MD *md, FILE *out, + unsigned char *Seed, int SeedLen) + { + unsigned int i, j, k; + int ret = 0; + EVP_MD_CTX ctx; + unsigned char *m1, *m2, *m3, *p; + unsigned int mlen, m1len, m2len, m3len; + + EVP_MD_CTX_init(&ctx); + + if (SeedLen > EVP_MAX_MD_SIZE) + mlen = SeedLen; + else + mlen = EVP_MAX_MD_SIZE; + + m1 = OPENSSL_malloc(mlen); + m2 = OPENSSL_malloc(mlen); + m3 = OPENSSL_malloc(mlen); + + if (!m1 || !m2 || !m3) + goto mc_error; + + m1len = m2len = m3len = SeedLen; + memcpy(m1, Seed, SeedLen); + memcpy(m2, Seed, SeedLen); + memcpy(m3, Seed, SeedLen); + + fputs("\n", out); + + for (j = 0; j < 100; j++) + { + for (i = 0; i < 1000; i++) + { + EVP_DigestInit_ex(&ctx, md, NULL); + EVP_DigestUpdate(&ctx, m1, m1len); + EVP_DigestUpdate(&ctx, m2, m2len); + EVP_DigestUpdate(&ctx, m3, m3len); + p = m1; + m1 = m2; + m1len = m2len; + m2 = m3; + m2len = m3len; + m3 = p; + EVP_DigestFinal_ex(&ctx, m3, &m3len); + } + fprintf(out, "COUNT = %d\n", j); + fputs("MD = ", out); + for (k = 0; k < m3len; k++) + fprintf(out, "%02x", m3[k]); + fputs("\n\n", out); + memcpy(m1, m3, m3len); + memcpy(m2, m3, m3len); + m1len = m2len = m3len; + } + + ret = 1; + + mc_error: + if (m1) + OPENSSL_free(m1); + if (m2) + OPENSSL_free(m2); + if (m3) + OPENSSL_free(m3); + + EVP_MD_CTX_cleanup(&ctx); + + return ret; + } + +#endif diff --git a/openssl/fips/sha/fips_standalone_sha1.c b/openssl/fips/sha/fips_standalone_sha1.c new file mode 100644 index 000000000..eec65dc39 --- /dev/null +++ b/openssl/fips/sha/fips_standalone_sha1.c @@ -0,0 +1,173 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <openssl/opensslconf.h> +#include <openssl/sha.h> +#include <openssl/hmac.h> + +#ifndef FIPSCANISTER_O +int FIPS_selftest_failed() { return 0; } +void FIPS_selftest_check() {} +void OPENSSL_cleanse(void *p,size_t len) {} +#endif + +#ifdef OPENSSL_FIPS + +static void hmac_init(SHA_CTX *md_ctx,SHA_CTX *o_ctx, + const char *key) + { + size_t len=strlen(key); + int i; + unsigned char keymd[HMAC_MAX_MD_CBLOCK]; + unsigned char pad[HMAC_MAX_MD_CBLOCK]; + + if (len > SHA_CBLOCK) + { + SHA1_Init(md_ctx); + SHA1_Update(md_ctx,key,len); + SHA1_Final(keymd,md_ctx); + len=20; + } + else + memcpy(keymd,key,len); + memset(&keymd[len],'\0',HMAC_MAX_MD_CBLOCK-len); + + for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++) + pad[i]=0x36^keymd[i]; + SHA1_Init(md_ctx); + SHA1_Update(md_ctx,pad,SHA_CBLOCK); + + for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++) + pad[i]=0x5c^keymd[i]; + SHA1_Init(o_ctx); + SHA1_Update(o_ctx,pad,SHA_CBLOCK); + } + +static void hmac_final(unsigned char *md,SHA_CTX *md_ctx,SHA_CTX *o_ctx) + { + unsigned char buf[20]; + + SHA1_Final(buf,md_ctx); + SHA1_Update(o_ctx,buf,sizeof buf); + SHA1_Final(md,o_ctx); + } + +#endif + +int main(int argc,char **argv) + { +#ifdef OPENSSL_FIPS + static char key[]="etaonrishdlcupfm"; + int n,binary=0; + + if(argc < 2) + { + fprintf(stderr,"%s [<file>]+\n",argv[0]); + exit(1); + } + + n=1; + if (!strcmp(argv[n],"-binary")) + { + n++; + binary=1; /* emit binary fingerprint... */ + } + + for(; n < argc ; ++n) + { + FILE *f=fopen(argv[n],"rb"); + SHA_CTX md_ctx,o_ctx; + unsigned char md[20]; + int i; + + if(!f) + { + perror(argv[n]); + exit(2); + } + + hmac_init(&md_ctx,&o_ctx,key); + for( ; ; ) + { + char buf[1024]; + size_t l=fread(buf,1,sizeof buf,f); + + if(l == 0) + { + if(ferror(f)) + { + perror(argv[n]); + exit(3); + } + else + break; + } + SHA1_Update(&md_ctx,buf,l); + } + hmac_final(md,&md_ctx,&o_ctx); + + if (binary) + { + fwrite(md,20,1,stdout); + break; /* ... for single(!) file */ + } + + printf("HMAC-SHA1(%s)= ",argv[n]); + for(i=0 ; i < 20 ; ++i) + printf("%02x",md[i]); + printf("\n"); + } +#endif + return 0; + } + + |