Skip to content

O
openssl

btwise / openssl

通知 1
Star 0
Fork 0
O
openssl

体验新版 GitCode,发现更多精彩内容 >>

提交 78c990c1 编写于 作者: D Dr. Stephen Henson
浏览文件
操作

Remove fipscanister from Configure, delete fips directory 

Reviewed-by: NTim Hudson <tjh@openssl.org>
上级 00b4ee76
展开全部 隐藏空白更改
内联 并排
Showing with 4 addition and 37786 deletion
Configure
浏览文件 @ 78c990c1
......@@ -703,8 +703,6 @@ my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
my $cross_compile_prefix="";
my $fipslibdir="/usr/local/ssl/fips-2.0/lib/";
my $nofipscanistercheck=0;
my $fipscanisterinternal="n";
my $fipscanisteronly = 0;
my $baseaddr="0xFB00000";
my $no_threads=0;
my $threads=0;
......@@ -761,21 +759,6 @@ my %disabled = ( # "what" => "comment" [or special keyword "experimental
);
my @experimental = ();
# If ssl directory missing assume truncated FIPS tarball
if (!-d "ssl")
{
print STDERR "Auto Configuring fipsonly\n";
$fips = 1;
$nofipscanistercheck = 1;
$fipslibdir="";
$fipscanisterinternal="y";
$fipscanisteronly = 2;
if (! -f "crypto/bn/bn_gf2m.c" )
{
$disabled{ec2m} = "forced";
}
}
# This is what $depflags will look like with the above defaults
# (we need this to see if we should advise the user to run "make depend"):
my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
......@@ -925,32 +908,6 @@ PROCESS_ARGS:
$fips = 1;
$nofipscanistercheck = 1;
}
elsif (/^fipscheck$/)
{
if ($fipscanisteronly != 2)
{
print STDERR <<"EOF";
ERROR: FIPS not autodetected. Not running from restricted tarball??
EOF
exit(1);
}
}
elsif (/^fipscanisteronly$/)
{
$fips = 1;
$nofipscanistercheck = 1;
$fipslibdir="";
$fipscanisterinternal="y";
$fipscanisteronly = 1;
}
elsif (/^fipscanisterbuild$/)
{
$fips = 1;
$nofipscanistercheck = 1;
$fipslibdir="";
$fipscanisterinternal="y";
$fipscanisteronly = 1;
}
elsif (/^[-+]/)
{
if (/^--prefix=(.*)$/)
......@@ -1574,11 +1531,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($bn_obj =~ /-gf2m/);
if ($fips)
{
$openssl_other_defines.="#define OPENSSL_FIPS\n";
if ($fipscanisterinternal eq "y")
{
$openssl_other_defines.="#define OPENSSL_FIPSCANISTER\n";
$cflags = "-DOPENSSL_FIPSCANISTER $cflags";
}
}
$cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/);
......@@ -1619,7 +1571,6 @@ if ($aes_obj =~ /\.o$/)
# aes-xts.o indicates presence of AES_xts_[en|de]crypt...
$cflags.=" -DAES_XTS_ASM" if ($aes_obj =~ s/\s*aes\-xts\.o//);
$aes_obj =~ s/\s*(vpaes|aesni)\-x86\.o//g if ($no_sse2);
$aes_obj =~ s/\s*(vp|bs)aes-\w*\.o//g if ($fipscanisterinternal eq "y");
$cflags.=" -DVPAES_ASM" if ($aes_obj =~ m/vpaes/);
$cflags.=" -DBSAES_ASM" if ($aes_obj =~ m/bsaes/);
}
......@@ -1690,35 +1641,12 @@ if ($strict_warnings)
}
}
if ($fipscanisterinternal eq "y")
{
open(IN,"<fips/fips_auth.in") || die "can't open fips_auth.in";
open(OUT,">fips/fips_auth.h") || die "can't open fips_auth.h";
while(<IN>)
{
s/FIPS_AUTH_KEY.*$/FIPS_AUTH_KEY $fips_auth_key/ if defined $fips_auth_key;
s/FIPS_AUTH_CRYPTO_OFFICER.*$/FIPS_AUTH_CRYPTO_OFFICER $fips_auth_officer/ if defined $fips_auth_officer;
s/FIPS_AUTH_CRYPTO_USER.*$/FIPS_AUTH_CRYPTO_USER $fips_auth_user/ if defined $fips_auth_user;
print OUT $_;
}
close IN;
close OUT;
}
my $mforg = $fipscanisteronly ? "Makefile.fips" : "Makefile.org";
open(IN,"<$mforg") || die "unable to read $mforg:$!\n";
open(IN,"<Makefile.org") || die "unable to read Makefile.org:$!\n";
unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
print OUT "### Generated automatically from $mforg by Configure.\n\n";
print OUT "### Generated automatically from Makefile.org by Configure.\n\n";
my $sdirs=0;
if ($fipscanisteronly)
{
$aes_obj =~ s/aesni-sha1-x86_64.o//;
$bn_obj =~ s/modexp512-x86_64.o//;
}
while (<IN>)
{
chomp;
......@@ -1797,7 +1725,6 @@ while (<IN>)
s/^FIPSCANLIB=.*/FIPSCANLIB=libcrypto/ if $fips;
s/^SHARED_FIPS=.*/SHARED_FIPS=/;
s/^SHLIBDIRS=.*/SHLIBDIRS= crypto ssl/;
s/^FIPSCANISTERINTERNAL=.*/FIPSCANISTERINTERNAL=$fipscanisterinternal/;
s/^BASEADDR=.*/BASEADDR=$baseaddr/;
s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
......@@ -1821,10 +1748,6 @@ while (<IN>)
s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.\$(SHLIB_MAJOR).dylib .dylib/;
}
s/^SHARED_LDFLAGS=.*/SHARED_LDFLAGS=$shared_ldflag/;
if ($fipscanisteronly && exists $disabled{"ec2m"})
{
next if (/ec2_/ || /bn_gf2m/);
}
print OUT $_."\n";
}
close(IN);
......@@ -2070,9 +1993,7 @@ EOF
$make_targets .= " gentests" if $symlink;
(system $make_command.$make_targets) == 0 or die "make $make_targets failed"
if $make_targets ne "";
if ( $fipscanisteronly )
{}
elsif ( $perl =~ m@^/@) {
if ( $perl =~ m@^/@) {
&dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
&dofile("apps/CA.pl",$perl,'^#!/', '#!%s');
} else {
......@@ -2080,7 +2001,7 @@ EOF
&dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
&dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
}
if ($depflags ne $default_depflags && !$make_depend && !$fipscanisteronly) {
if ($depflags ne $default_depflags && !$make_depend) {
print <<EOF;
Since you've disabled or enabled at least one algorithm, you need to do
......@@ -2185,21 +2106,6 @@ libraries on this platform, they will at least look at it and try their best
(but please first make sure you have tried with a current version of OpenSSL).
EOF
print <<\EOF if ($fipscanisterinternal eq "y");
WARNING: OpenSSL has been configured using unsupported option(s) to internally
generate a fipscanister.o object module for TESTING PURPOSES ONLY; that
compiled module is NOT FIPS 140-2 validated and CANNOT be used to replace the
OpenSSL FIPS Object Module as identified by the CMVP
(http://csrc.nist.gov/cryptval/) in any application requiring the use of FIPS
140-2 validated software.
This is a test OpenSSL 2.0 FIPS module.
See the file README.FIPS for details of how to build a test library.
EOF
exit(0);
sub usage
......
Makefile.fips 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/Makefile 已删除 100644 → 0
浏览文件 @ 00b4ee76
#
# OpenSSL/crypto/Makefile
#
DIR= fips
TOP= ..
CC= cc
INCLUDE= -I. -I$(TOP) -I../include
# INCLUDES targets sudbirs!
INCLUDES= -I.. -I../.. -I../../include
CFLAG= -g
MAKEDEPPROG= makedepend
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
MAKEFILE= Makefile
RM= rm -f
AR= ar r
ARD= ar d
TEST= fips_test_suite.c
FIPS_TVDIR= testvectors
FIPS_TVOK= $$HOME/fips/tv.ok
FIPSCANLOC= $(FIPSLIBDIR)fipscanister.o
RECURSIVE_MAKE= [ -n "$(FDIRS)" ] && for i in $(FDIRS) ; do \
(cd $$i && echo "making $$target in $(DIR)/$$i..." && \
$(MAKE) -e TOP=../.. DIR=$$i INCLUDES='${INCLUDES}' $$target ) || exit 1; \
done;
PEX_LIBS=
EX_LIBS=
CFLAGS= $(INCLUDE) $(CFLAG) -DHMAC_EXT=\"$${HMAC_EXT:-sha1}\"
ASFLAGS= $(INCLUDE) $(ASFLAG)
AFLAGS=$(ASFLAGS)
LIBS=
FDIRS=sha rand des aes dsa ecdh ecdsa rsa dh cmac hmac utl
GENERAL=Makefile README fips-lib.com install.com
LIB= $(TOP)/libcrypto.a
SHARED_LIB= $(FIPSCANLIB)$(SHLIB_EXT)
LIBSRC=fips.c fips_post.c
LIBOBJ=fips.o fips_post.o
FIPS_OBJ_LISTS=sha/lib hmac/lib rand/lib des/lib aes/lib dsa/lib rsa/lib \
dh/lib utl/lib ecdsa/lib ecdh/lib cmac/lib
SRC= $(LIBSRC)
EXHEADER=fips.h fipssyms.h
HEADER=$(EXHEADER) fips_utl.h fips_locl.h fips_auth.h
EXE=fipsld fips_standalone_sha1
ALL= $(GENERAL) $(SRC) $(HEADER)
top:
@(cd ..; $(MAKE) DIRS=$(DIR) all)
testapps:
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
all:
@if [ -n "$(FIPSCANISTERONLY)" ]; then \
$(MAKE) -e subdirs lib ; \
elif [ -z "$(FIPSLIBDIR)" ]; then \
$(MAKE) -e subdirs lib fips_premain_dso$(EXE_EXT); \
else \
$(MAKE) -e lib fips_premain_dso$(EXE_EXT) fips_standalone_sha1$(EXE_EXT); \
fi
# Idea behind fipscanister.o is to "seize" the sequestered code between
# known symbols for fingerprinting purposes, which would be commonly
# done with ld -r start.o ... end.o. The latter however presents a minor
# challenge on multi-ABI platforms. As just implied, we'd rather use ld,
# but the trouble is that we don't generally know how ABI-selection
# compiler flag is translated to corresponding linker flag. All compiler
# drivers seem to recognize -r flag and pass it down to linker, but some
# of them, including gcc, erroneously add -lc, as well as run-time
# components, such as crt1.o and alike. Fortunately among those vendor
# compilers which were observed to misinterpret -r flag multi-ABI ones
# are equipped with smart linkers, which don't require any ABI-selection
# flag and simply assume that all objects are of the same type as first
# one in command line. So the idea is to identify gcc and deficient
# vendor compiler drivers...
fipscanister.o: fips_start.o $(LIBOBJ) $(FIPS_OBJ_LISTS) fips_end.o
FIPS_ASM=""; \
list="$(BN_ASM)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/bn/$$i" ; done; \
list="$(AES_ENC)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/aes/$$i" ; done; \
list="$(DES_ENC)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/des/$$i" ; done; \
list="$(SHA1_ASM_OBJ)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/sha/$$i" ; done; \
list="$(MODES_ASM_OBJ)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/modes/$$i" ; done; \
CPUID=""; \
list="$(CPUID_OBJ)"; for i in $$list; do CPUID="$$CPUID ../crypto/$$i" ; done; \
objs="fips_start.o $(LIBOBJ) $(FIPS_EX_OBJ) $$CPUID $$FIPS_ASM"; \
for i in $(FIPS_OBJ_LISTS); do \
dir=`dirname $$i`; script="s|^|$$dir/|;s| | $$dir/|g"; \
objs="$$objs `sed "$$script" $$i`"; \
done; \
objs="$$objs fips_end.o" ; \
os="`(uname -s) 2>/dev/null`"; cflags="$(CFLAGS)"; \
case "$$os" in \
AIX) cflags="$$cflags -Wl,-bnoobjreorder" ;; \
HP-UX) cflags="$$cflags -Wl,+sectionmerge" ;; \
esac; \
if [ -n "${FIPS_SITE_LD}" ]; then \
set -x; ${FIPS_SITE_LD} -r -o $@ $$objs; \
elif $(CC) -dumpversion >/dev/null 2>&1; then \
set -x; $(CC) $$cflags -r -nostdlib -o $@ $$objs ; \
else case "$$os" in \
OSF1|SunOS) set -x; /usr/ccs/bin/ld -r -o $@ $$objs ;; \
*) set -x; $(CC) $$cflags -r -o $@ $$objs ;; \
esac fi
./fips_standalone_sha1$(EXE_EXT) fipscanister.o > fipscanister.o.sha1
# If another exception is immediately required, assign approprite
# site-specific ld command to FIPS_SITE_LD environment variable.
fips_start.o: fips_canister.c
$(CC) $(CFLAGS) -DFIPS_START -c -o $@ fips_canister.c
fips_end.o: fips_canister.c
$(CC) $(CFLAGS) -DFIPS_END -c -o $@ fips_canister.c
fips_premain_dso$(EXE_EXT): fips_premain.c
$(CC) $(CFLAGS) -DFINGERPRINT_PREMAIN_DSO_LOAD -o $@ fips_premain.c \
$(FIPSLIBDIR)fipscanister.o ../libcrypto.a $(EX_LIBS)
# this is executed only when linking with external fipscanister.o
fips_standalone_sha1$(EXE_EXT): sha/fips_standalone_sha1.c
if [ -z "$(HOSTCC)" ] ; then \
$(CC) $(CFLAGS) -DFIPSCANISTER_O -o $@ sha/fips_standalone_sha1.c $(FIPSLIBDIR)fipscanister.o $(EX_LIBS) ; \
else \
$(HOSTCC) $(HOSTCFLAGS) -o $ $@ -I../include -I../crypto sha/fips_standalone_sha1.c ../crypto/sha/sha1dgst.c ; \
fi
subdirs:
@target=all; $(RECURSIVE_MAKE)
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@target=files; $(RECURSIVE_MAKE)
links:
@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
@target=links; $(RECURSIVE_MAKE)
# lib: and $(LIB): are splitted to avoid end-less loop
lib: $(LIB)
if [ "$(FIPSCANISTERINTERNAL)" = "n" -a -n "$(FIPSCANLOC)" ]; then $(AR) ../$(FIPSCANLIB).a $(FIPSCANLOC); fi
@touch lib
$(LIB): $(FIPSLIBDIR)fipscanister.o
$(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
$(RANLIB) $(LIB) || echo Never mind.
$(FIPSCANLIB): $(FIPSCANLOC)
$(AR) ../$(FIPSCANLIB).a $(FIPSCANLOC)
if [ "$(FIPSCANLIB)" = "libfips" ]; then \
$(AR) $(LIB) $(FIPSCANLOC) ; \
$(RANLIB) $(LIB) || echo Never Mind. ; \
fi
$(RANLIB) ../$(FIPSCANLIB).a || echo Never mind.
@touch lib
shared: lib subdirs fips_premain_dso$(EXE_EXT)
libs:
@target=lib; $(RECURSIVE_MAKE)
fips_test: top
@target=fips_test; $(RECURSIVE_MAKE)
fips_test_diff:
@if diff -b -B -I '^\#' -cr -X fips-nodiff.txt $(FIPS_TVDIR) $(FIPS_TVOK) ; then \
echo "FIPS diff OK" ; \
else \
echo "***FIPS DIFF ERROR***" ; exit 1 ; \
fi
install:
@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
@headerlist="$(EXHEADER)"; for i in $$headerlist ;\
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
@target=install; $(RECURSIVE_MAKE)
for i in $(EXE) ; \
do \
echo "installing $$i"; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
done
cp -p -f $(FIPSLIBDIR)fipscanister.o $(FIPSLIBDIR)fipscanister.o.sha1 \
$(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fips_premain.c.sha1 \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/; \
chmod 0444 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/fips*
lint:
@target=lint; $(RECURSIVE_MAKE)
depend:
@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
@[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) )
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
clean:
rm -f fipscanister.o.sha1 fips_premain_dso$(EXE_EXT) fips_standalone_sha1$(EXE_EXT) \
*.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
@target=clean; $(RECURSIVE_MAKE)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
@target=dclean; $(RECURSIVE_MAKE)
# DO NOT DELETE THIS LINE -- make depend depends on it.
fips.o: ../include/openssl/aes.h ../include/openssl/asn1.h
fips.o: ../include/openssl/bio.h ../include/openssl/crypto.h
fips.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
fips.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
fips.o: ../include/openssl/err.h ../include/openssl/evp.h
fips.o: ../include/openssl/fips.h ../include/openssl/fips_rand.h
fips.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
fips.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
fips.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
fips.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
fips.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
fips.o: ../include/openssl/stack.h ../include/openssl/symhacks.h fips.c
fips.o: fips_locl.h
fips_post.o: ../include/openssl/aes.h ../include/openssl/asn1.h
fips_post.o: ../include/openssl/bio.h ../include/openssl/crypto.h
fips_post.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
fips_post.o: ../include/openssl/ec.h ../include/openssl/ecdsa.h
fips_post.o: ../include/openssl/err.h ../include/openssl/evp.h
fips_post.o: ../include/openssl/fips.h ../include/openssl/fips_rand.h
fips_post.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
fips_post.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
fips_post.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
fips_post.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
fips_post.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
fips_post.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
fips_post.o: fips_locl.h fips_post.c
fips/aes/Makefile 已删除 100644 → 0
浏览文件 @ 00b4ee76
#
# OpenSSL/fips/aes/Makefile
#
DIR= aes
TOP= ../..
CC= cc
INCLUDES=
CFLAG=-g
INSTALL_PREFIX=
OPENSSLDIR= /usr/local/ssl
INSTALLTOP=/usr/local/ssl
MAKEDEPPROG= makedepend
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
MAKEFILE= Makefile
AR= ar r
ASFLAGS= $(INCLUDES) $(ASFLAG)
AFLAGS= $(ASFLAGS)
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile
TEST=fips_aesavs.c fips_gcmtest.c
APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC=fips_aes_selftest.c
LIBOBJ=fips_aes_selftest.o
SRC= $(LIBSRC)
EXHEADER=
HEADER=
ALL= $(GENERAL) $(SRC) $(HEADER)
top:
(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
all: lib
lib: $(LIBOBJ)
@echo $(LIBOBJ) > lib
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
links:
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
install:
@headerlist="$(EXHEADER)"; for i in $$headerlist; \
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done
tags:
ctags $(SRC)
tests:
fips_test:
-find ../testvectors/aes/req -name '*.req' > testlist
-rm -rf ../testvectors/aes/rsp
mkdir ../testvectors/aes/rsp
if [ -s testlist ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_aesavs -d testlist; fi
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) \
$(SRC) $(TEST)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
clean:
rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff testlist
# DO NOT DELETE THIS LINE -- make depend depends on it.
fips_aes_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
fips_aes_selftest.o: ../../include/openssl/crypto.h
fips_aes_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
fips_aes_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
fips_aes_selftest.o: ../../include/openssl/lhash.h
fips_aes_selftest.o: ../../include/openssl/obj_mac.h
fips_aes_selftest.o: ../../include/openssl/objects.h
fips_aes_selftest.o: ../../include/openssl/opensslconf.h
fips_aes_selftest.o: ../../include/openssl/opensslv.h
fips_aes_selftest.o: ../../include/openssl/ossl_typ.h
fips_aes_selftest.o: ../../include/openssl/safestack.h
fips_aes_selftest.o: ../../include/openssl/stack.h
fips_aes_selftest.o: ../../include/openssl/symhacks.h ../fips_locl.h
fips_aes_selftest.o: fips_aes_selftest.c
fips_aesavs.o: ../../e_os.h ../../include/openssl/aes.h
fips_aesavs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
fips_aesavs.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
fips_aesavs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
fips_aesavs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
fips_aesavs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
fips_aesavs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
fips_aesavs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
fips_aesavs.o: ../../include/openssl/opensslconf.h
fips_aesavs.o: ../../include/openssl/opensslv.h
fips_aesavs.o: ../../include/openssl/ossl_typ.h
fips_aesavs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
fips_aesavs.o: ../../include/openssl/symhacks.h ../fips_utl.h fips_aesavs.c
fips_gcmtest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
fips_gcmtest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
fips_gcmtest.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
fips_gcmtest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
fips_gcmtest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
fips_gcmtest.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
fips_gcmtest.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
fips_gcmtest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
fips_gcmtest.o: ../../include/openssl/opensslconf.h
fips_gcmtest.o: ../../include/openssl/opensslv.h
fips_gcmtest.o: ../../include/openssl/ossl_typ.h
fips_gcmtest.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
fips_gcmtest.o: ../../include/openssl/symhacks.h ../fips_utl.h fips_gcmtest.c
fips/aes/fips_aes_selftest.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
/* ====================================================================
* Copyright (c) 2003 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#define OPENSSL_FIPSAPI
#include <string.h>
#include <openssl/err.h>
#include <openssl/fips.h>
#include <openssl/evp.h>
#include "fips_locl.h"
#ifdef OPENSSL_FIPS
__fips_constseg
static const struct
{
const unsigned char key[16];
const unsigned char plaintext[16];
const unsigned char ciphertext[16];
} tests[]=
{
{
{ 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F },
{ 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,
0x88,0x99,0xAA,0xBB,0xCC,0xDD,0xEE,0xFF },
{ 0x69,0xC4,0xE0,0xD8,0x6A,0x7B,0x04,0x30,
0xD8,0xCD,0xB7,0x80,0x70,0xB4,0xC5,0x5A },
},
};
int FIPS_selftest_aes()
{
int n;
int ret = 0;
EVP_CIPHER_CTX ctx;
FIPS_cipher_ctx_init(&ctx);
for(n=0 ; n < 1 ; ++n)
{
if (fips_cipher_test(FIPS_TEST_CIPHER, &ctx, EVP_aes_128_ecb(),
tests[n].key, NULL,
tests[n].plaintext,
tests[n].ciphertext,
16) <= 0)
goto err;
}
ret = 1;
err:
FIPS_cipher_ctx_cleanup(&ctx);
if (ret == 0)
FIPSerr(FIPS_F_FIPS_SELFTEST_AES,FIPS_R_SELFTEST_FAILED);
return ret;
}
/* AES-CCM test data from NIST public test vectors */
__fips_constseg
static const unsigned char ccm_key[] = {
0xce,0xb0,0x09,0xae,0xa4,0x45,0x44,0x51,0xfe,0xad,0xf0,0xe6,
0xb3,0x6f,0x45,0x55,0x5d,0xd0,0x47,0x23,0xba,0xa4,0x48,0xe8
};
__fips_constseg
static const unsigned char ccm_nonce[] = {
0x76,0x40,0x43,0xc4,0x94,0x60,0xb7
};
__fips_constseg
static const unsigned char ccm_adata[] = {
0x6e,0x80,0xdd,0x7f,0x1b,0xad,0xf3,0xa1,0xc9,0xab,0x25,0xc7,
0x5f,0x10,0xbd,0xe7,0x8c,0x23,0xfa,0x0e,0xb8,0xf9,0xaa,0xa5,
0x3a,0xde,0xfb,0xf4,0xcb,0xf7,0x8f,0xe4
};
__fips_constseg
static const unsigned char ccm_pt[] = {
0xc8,0xd2,0x75,0xf9,0x19,0xe1,0x7d,0x7f,0xe6,0x9c,0x2a,0x1f,
0x58,0x93,0x9d,0xfe,0x4d,0x40,0x37,0x91,0xb5,0xdf,0x13,0x10
};
__fips_constseg
static const unsigned char ccm_ct[] = {
0x8a,0x0f,0x3d,0x82,0x29,0xe4,0x8e,0x74,0x87,0xfd,0x95,0xa2,
0x8a,0xd3,0x92,0xc8,0x0b,0x36,0x81,0xd4,0xfb,0xc7,0xbb,0xfd
};
__fips_constseg
static const unsigned char ccm_tag[] = {
0x2d,0xd6,0xef,0x1c,0x45,0xd4,0xcc,0xb7,0x23,0xdc,0x07,0x44,
0x14,0xdb,0x50,0x6d
};
int FIPS_selftest_aes_ccm(void)
{
int ret = 0, do_corrupt = 0;
unsigned char out[128], tag[16];
EVP_CIPHER_CTX ctx;
FIPS_cipher_ctx_init(&ctx);
memset(out, 0, sizeof(out));
if (!fips_post_started(FIPS_TEST_CCM, 0, 0))
return 1;
if (!fips_post_corrupt(FIPS_TEST_CCM, 0, NULL))
do_corrupt = 1;
if (!FIPS_cipherinit(&ctx, EVP_aes_192_ccm(), NULL, NULL, 1))
goto err;
if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN,
sizeof(ccm_nonce), NULL))
goto err;
if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG,
sizeof(ccm_tag), NULL))
goto err;
if (!FIPS_cipherinit(&ctx, NULL, ccm_key, ccm_nonce, 1))
goto err;
if (FIPS_cipher(&ctx, NULL, NULL, sizeof(ccm_pt)) != sizeof(ccm_pt))
goto err;
if (FIPS_cipher(&ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0)
goto err;
if (FIPS_cipher(&ctx, out, ccm_pt, sizeof(ccm_pt)) != sizeof(ccm_ct))
goto err;
if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_GET_TAG, 16, tag))
goto err;
if (memcmp(tag, ccm_tag, sizeof(ccm_tag))
|| memcmp(out, ccm_ct, sizeof(ccm_ct)))
goto err;
memset(out, 0, sizeof(out));
/* Modify expected tag value */
if (do_corrupt)
tag[0]++;
if (!FIPS_cipherinit(&ctx, EVP_aes_192_ccm(), NULL, NULL, 0))
goto err;
if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN,
sizeof(ccm_nonce), NULL))
goto err;
if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, 16, tag))
goto err;
if (!FIPS_cipherinit(&ctx, NULL, ccm_key, ccm_nonce, 0))
goto err;
if (FIPS_cipher(&ctx, NULL, NULL, sizeof(ccm_ct)) != sizeof(ccm_ct))
goto err;
if (FIPS_cipher(&ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0)
goto err;
if (FIPS_cipher(&ctx, out, ccm_ct, sizeof(ccm_ct)) != sizeof(ccm_pt))
goto err;
if (memcmp(out, ccm_pt, sizeof(ccm_pt)))
goto err;
ret = 1;
err:
FIPS_cipher_ctx_cleanup(&ctx);
if (ret == 0)
{
fips_post_failed(FIPS_TEST_CCM, 0, NULL);
FIPSerr(FIPS_F_FIPS_SELFTEST_AES_CCM,FIPS_R_SELFTEST_FAILED);
return 0;
}
else
return fips_post_success(FIPS_TEST_CCM, 0, NULL);
}
/* AES-GCM test data from NIST public test vectors */
__fips_constseg
static const unsigned char gcm_key[] = {
0xee,0xbc,0x1f,0x57,0x48,0x7f,0x51,0x92,0x1c,0x04,0x65,0x66,
0x5f,0x8a,0xe6,0xd1,0x65,0x8b,0xb2,0x6d,0xe6,0xf8,0xa0,0x69,
0xa3,0x52,0x02,0x93,0xa5,0x72,0x07,0x8f
};
__fips_constseg
static const unsigned char gcm_iv[] = {
0x99,0xaa,0x3e,0x68,0xed,0x81,0x73,0xa0,0xee,0xd0,0x66,0x84
};
__fips_constseg
static const unsigned char gcm_pt[] = {
0xf5,0x6e,0x87,0x05,0x5b,0xc3,0x2d,0x0e,0xeb,0x31,0xb2,0xea,
0xcc,0x2b,0xf2,0xa5
};
__fips_constseg
static const unsigned char gcm_aad[] = {
0x4d,0x23,0xc3,0xce,0xc3,0x34,0xb4,0x9b,0xdb,0x37,0x0c,0x43,
0x7f,0xec,0x78,0xde
};
__fips_constseg
static const unsigned char gcm_ct[] = {
0xf7,0x26,0x44,0x13,0xa8,0x4c,0x0e,0x7c,0xd5,0x36,0x86,0x7e,
0xb9,0xf2,0x17,0x36
};
__fips_constseg
static const unsigned char gcm_tag[] = {
0x67,0xba,0x05,0x10,0x26,0x2a,0xe4,0x87,0xd7,0x37,0xee,0x62,
0x98,0xf7,0x7e,0x0c
};
int FIPS_selftest_aes_gcm(void)
{
int ret = 0, do_corrupt = 0;
unsigned char out[128], tag[16];
EVP_CIPHER_CTX ctx;
FIPS_cipher_ctx_init(&ctx);
memset(out, 0, sizeof(out));
memset(tag, 0, sizeof(tag));
if (!fips_post_started(FIPS_TEST_GCM, 0, 0))
return 1;
if (!fips_post_corrupt(FIPS_TEST_GCM, 0, NULL))
do_corrupt = 1;
if (!FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 1))
goto err;
if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
sizeof(gcm_iv), NULL))
goto err;
if (!FIPS_cipherinit(&ctx, NULL, gcm_key, gcm_iv, 1))
goto err;
if (FIPS_cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
goto err;
if (FIPS_cipher(&ctx, out, gcm_pt, sizeof(gcm_pt)) != sizeof(gcm_ct))
goto err;
if (FIPS_cipher(&ctx, NULL, NULL, 0) < 0)
goto err;
if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, 16, tag))
goto err;
if (memcmp(tag, gcm_tag, 16) || memcmp(out, gcm_ct, 16))
goto err;
memset(out, 0, sizeof(out));
/* Modify expected tag value */
if (do_corrupt)
tag[0]++;
if (!FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 0))
goto err;
if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
sizeof(gcm_iv), NULL))
goto err;
if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tag))
goto err;
if (!FIPS_cipherinit(&ctx, NULL, gcm_key, gcm_iv, 0))
goto err;
if (FIPS_cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
goto err;
if (FIPS_cipher(&ctx, out, gcm_ct, sizeof(gcm_ct)) != sizeof(gcm_pt))
goto err;
if (FIPS_cipher(&ctx, NULL, NULL, 0) < 0)
goto err;
if (memcmp(out, gcm_pt, 16))
goto err;
ret = 1;
err:
FIPS_cipher_ctx_cleanup(&ctx);
if (ret == 0)
{
fips_post_failed(FIPS_TEST_GCM, 0, NULL);
FIPSerr(FIPS_F_FIPS_SELFTEST_AES_GCM,FIPS_R_SELFTEST_FAILED);
return 0;
}
else
return fips_post_success(FIPS_TEST_GCM, 0, NULL);
}
__fips_constseg
static const unsigned char XTS_128_key[] = {
0xa1,0xb9,0x0c,0xba,0x3f,0x06,0xac,0x35,0x3b,0x2c,0x34,0x38,
0x76,0x08,0x17,0x62,0x09,0x09,0x23,0x02,0x6e,0x91,0x77,0x18,
0x15,0xf2,0x9d,0xab,0x01,0x93,0x2f,0x2f
};
__fips_constseg
static const unsigned char XTS_128_i[] = {
0x4f,0xae,0xf7,0x11,0x7c,0xda,0x59,0xc6,0x6e,0x4b,0x92,0x01,
0x3e,0x76,0x8a,0xd5
};
__fips_constseg
static const unsigned char XTS_128_pt[] = {
0xeb,0xab,0xce,0x95,0xb1,0x4d,0x3c,0x8d,0x6f,0xb3,0x50,0x39,
0x07,0x90,0x31,0x1c
};
__fips_constseg
static const unsigned char XTS_128_ct[] = {
0x77,0x8a,0xe8,0xb4,0x3c,0xb9,0x8d,0x5a,0x82,0x50,0x81,0xd5,
0xbe,0x47,0x1c,0x63
};
__fips_constseg
static const unsigned char XTS_256_key[] = {
0x1e,0xa6,0x61,0xc5,0x8d,0x94,0x3a,0x0e,0x48,0x01,0xe4,0x2f,
0x4b,0x09,0x47,0x14,0x9e,0x7f,0x9f,0x8e,0x3e,0x68,0xd0,0xc7,
0x50,0x52,0x10,0xbd,0x31,0x1a,0x0e,0x7c,0xd6,0xe1,0x3f,0xfd,
0xf2,0x41,0x8d,0x8d,0x19,0x11,0xc0,0x04,0xcd,0xa5,0x8d,0xa3,
0xd6,0x19,0xb7,0xe2,0xb9,0x14,0x1e,0x58,0x31,0x8e,0xea,0x39,
0x2c,0xf4,0x1b,0x08
};
__fips_constseg
static const unsigned char XTS_256_i[] = {
0xad,0xf8,0xd9,0x26,0x27,0x46,0x4a,0xd2,0xf0,0x42,0x8e,0x84,
0xa9,0xf8,0x75,0x64
};
__fips_constseg
static const unsigned char XTS_256_pt[] = {
0x2e,0xed,0xea,0x52,0xcd,0x82,0x15,0xe1,0xac,0xc6,0x47,0xe8,
0x10,0xbb,0xc3,0x64,0x2e,0x87,0x28,0x7f,0x8d,0x2e,0x57,0xe3,
0x6c,0x0a,0x24,0xfb,0xc1,0x2a,0x20,0x2e
};
__fips_constseg
static const unsigned char XTS_256_ct[] = {
0xcb,0xaa,0xd0,0xe2,0xf6,0xce,0xa3,0xf5,0x0b,0x37,0xf9,0x34,
0xd4,0x6a,0x9b,0x13,0x0b,0x9d,0x54,0xf0,0x7e,0x34,0xf3,0x6a,
0xf7,0x93,0xe8,0x6f,0x73,0xc6,0xd7,0xdb
};
int FIPS_selftest_aes_xts()
{
int ret = 1;
EVP_CIPHER_CTX ctx;
FIPS_cipher_ctx_init(&ctx);
if (fips_cipher_test(FIPS_TEST_XTS, &ctx, EVP_aes_128_xts(),
XTS_128_key, XTS_128_i, XTS_128_pt, XTS_128_ct,
sizeof(XTS_128_pt)) <= 0)
ret = 0;
if (fips_cipher_test(FIPS_TEST_XTS, &ctx, EVP_aes_256_xts(),
XTS_256_key, XTS_256_i, XTS_256_pt, XTS_256_ct,
sizeof(XTS_256_pt)) <= 0)
ret = 0;
FIPS_cipher_ctx_cleanup(&ctx);
if (ret == 0)
FIPSerr(FIPS_F_FIPS_SELFTEST_AES_XTS,FIPS_R_SELFTEST_FAILED);
return ret;
}
#endif
fips/aes/fips_aesavs.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/aes/fips_gcmtest.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
/* fips/aes/fips_gcmtest.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#define OPENSSL_FIPSAPI
#include <openssl/opensslconf.h>
#ifndef OPENSSL_FIPS
#include <stdio.h>
int main(int argc, char **argv)
{
printf("No FIPS GCM support\n");
return(0);
}
#else
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/fips.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <string.h>
#include <ctype.h>
#include "fips_utl.h"
static void gcmtest(FILE *in, FILE *out, int encrypt)
{
char buf[2048];
char lbuf[2048];
char *keyword, *value;
int keylen = -1, ivlen = -1, aadlen = -1, taglen = -1, ptlen = -1;
int rv;
long l;
unsigned char *key = NULL, *iv = NULL, *aad = NULL, *tag = NULL;
unsigned char *ct = NULL, *pt = NULL;
EVP_CIPHER_CTX ctx;
const EVP_CIPHER *gcm = NULL;
FIPS_cipher_ctx_init(&ctx);
while(fgets(buf,sizeof buf,in) != NULL)
{
fputs(buf,out);
if (!parse_line(&keyword, &value, lbuf, buf))
continue;
if(!strcmp(keyword,"[Keylen"))
{
keylen = atoi(value);
if (keylen == 128)
gcm = EVP_aes_128_gcm();
else if (keylen == 192)
gcm = EVP_aes_192_gcm();
else if (keylen == 256)
gcm = EVP_aes_256_gcm();
else
{
fprintf(stderr, "Unsupported keylen %d\n",
keylen);
}
keylen >>= 3;
}
else if (!strcmp(keyword, "[IVlen"))
ivlen = atoi(value) >> 3;
else if (!strcmp(keyword, "[AADlen"))
aadlen = atoi(value) >> 3;
else if (!strcmp(keyword, "[Taglen"))
taglen = atoi(value) >> 3;
else if (!strcmp(keyword, "[PTlen"))
ptlen = atoi(value) >> 3;
else if(!strcmp(keyword,"Key"))
{
key = hex2bin_m(value, &l);
if (l != keylen)
{
fprintf(stderr, "Inconsistent Key length\n");
exit(1);
}
}
else if(!strcmp(keyword,"IV"))
{
iv = hex2bin_m(value, &l);
if (l != ivlen)
{
fprintf(stderr, "Inconsistent IV length\n");
exit(1);
}
}
else if(!strcmp(keyword,"PT"))
{
pt = hex2bin_m(value, &l);
if (l != ptlen)
{
fprintf(stderr, "Inconsistent PT length\n");
exit(1);
}
}
else if(!strcmp(keyword,"CT"))
{
ct = hex2bin_m(value, &l);
if (l != ptlen)
{
fprintf(stderr, "Inconsistent CT length\n");
exit(1);
}
}
else if(!strcmp(keyword,"AAD"))
{
aad = hex2bin_m(value, &l);
if (l != aadlen)
{
fprintf(stderr, "Inconsistent AAD length\n");
exit(1);
}
}
else if(!strcmp(keyword,"Tag"))
{
tag = hex2bin_m(value, &l);
if (l != taglen)
{
fprintf(stderr, "Inconsistent Tag length\n");
exit(1);
}
}
if (encrypt && pt && aad && (iv || encrypt==1))
{
tag = OPENSSL_malloc(taglen);
FIPS_cipherinit(&ctx, gcm, NULL, NULL, 1);
/* Relax FIPS constraints for testing */
M_EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW);
FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0);
if (encrypt == 1)
{
static unsigned char iv_fixed[4] = {1,2,3,4};
if (!iv)
iv = OPENSSL_malloc(ivlen);
FIPS_cipherinit(&ctx, NULL, key, NULL, 1);
FIPS_cipher_ctx_ctrl(&ctx,
EVP_CTRL_GCM_SET_IV_FIXED,
4, iv_fixed);
if (!FIPS_cipher_ctx_ctrl(&ctx,
EVP_CTRL_GCM_IV_GEN, 0, iv))
{
fprintf(stderr, "IV gen error\n");
exit(1);
}
OutputValue("IV", iv, ivlen, out, 0);
}
else
FIPS_cipherinit(&ctx, NULL, key, iv, 1);
if (aadlen)
FIPS_cipher(&ctx, NULL, aad, aadlen);
if (ptlen)
{
ct = OPENSSL_malloc(ptlen);
rv = FIPS_cipher(&ctx, ct, pt, ptlen);
}
FIPS_cipher(&ctx, NULL, NULL, 0);
FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG,
taglen, tag);
OutputValue("CT", ct, ptlen, out, 0);
OutputValue("Tag", tag, taglen, out, 0);
if (iv)
OPENSSL_free(iv);
if (aad)
OPENSSL_free(aad);
if (ct)
OPENSSL_free(ct);
if (pt)
OPENSSL_free(pt);
if (key)
OPENSSL_free(key);
if (tag)
OPENSSL_free(tag);
iv = aad = ct = pt = key = tag = NULL;
}
if (!encrypt && tag)
{
FIPS_cipherinit(&ctx, gcm, NULL, NULL, 0);
/* Relax FIPS constraints for testing */
M_EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW);
FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0);
FIPS_cipherinit(&ctx, NULL, key, iv, 0);
FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, taglen, tag);
if (aadlen)
FIPS_cipher(&ctx, NULL, aad, aadlen);
if (ptlen)
{
pt = OPENSSL_malloc(ptlen);
rv = FIPS_cipher(&ctx, pt, ct, ptlen);
}
rv = FIPS_cipher(&ctx, NULL, NULL, 0);
if (rv < 0)
fprintf(out, "FAIL" RESP_EOL);
else
OutputValue("PT", pt, ptlen, out, 0);
if (iv)
OPENSSL_free(iv);
if (aad)
OPENSSL_free(aad);
if (ct)
OPENSSL_free(ct);
if (pt)
OPENSSL_free(pt);
if (key)
OPENSSL_free(key);
if (tag)
OPENSSL_free(tag);
iv = aad = ct = pt = key = tag = NULL;
}
}
FIPS_cipher_ctx_cleanup(&ctx);
}
static void xtstest(FILE *in, FILE *out)
{
char buf[204800];
char lbuf[204800];
char *keyword, *value;
int inlen = 0;
int encrypt = 0;
long l;
unsigned char *key = NULL, *iv = NULL;
unsigned char *inbuf = NULL, *outbuf = NULL;
EVP_CIPHER_CTX ctx;
const EVP_CIPHER *xts = NULL;
FIPS_cipher_ctx_init(&ctx);
while(fgets(buf,sizeof buf,in) != NULL)
{
fputs(buf,out);
if (buf[0] == '[' && strlen(buf) >= 9)
{
if(!strncmp(buf,"[ENCRYPT]", 9))
encrypt = 1;
else if(!strncmp(buf,"[DECRYPT]", 9))
encrypt = 0;
}
if (!parse_line(&keyword, &value, lbuf, buf))
continue;
else if(!strcmp(keyword,"Key"))
{
key = hex2bin_m(value, &l);
if (l == 32)
xts = EVP_aes_128_xts();
else if (l == 64)
xts = EVP_aes_256_xts();
else
{
fprintf(stderr, "Inconsistent Key length\n");
exit(1);
}
}
else if(!strcmp(keyword,"i"))
{
iv = hex2bin_m(value, &l);
if (l != 16)
{
fprintf(stderr, "Inconsistent i length\n");
exit(1);
}
}
else if(encrypt && !strcmp(keyword,"PT"))
{
inbuf = hex2bin_m(value, &l);
inlen = l;
}
else if(!encrypt && !strcmp(keyword,"CT"))
{
inbuf = hex2bin_m(value, &l);
inlen = l;
}
if (inbuf)
{
FIPS_cipherinit(&ctx, xts, key, iv, encrypt);
outbuf = OPENSSL_malloc(inlen);
FIPS_cipher(&ctx, outbuf, inbuf, inlen);
OutputValue(encrypt ? "CT":"PT", outbuf, inlen, out, 0);
OPENSSL_free(inbuf);
OPENSSL_free(outbuf);
OPENSSL_free(key);
OPENSSL_free(iv);
iv = key = inbuf = outbuf = NULL;
}
}
FIPS_cipher_ctx_cleanup(&ctx);
}
static void ccmtest(FILE *in, FILE *out)
{
char buf[200048];
char lbuf[200048];
char *keyword, *value;
long l;
unsigned char *Key = NULL, *Nonce = NULL;
unsigned char *Adata = NULL, *Payload = NULL;
unsigned char *CT = NULL;
int Plen = -1, Nlen = -1, Tlen = -1, Alen = -1;
int decr = 0;
EVP_CIPHER_CTX ctx;
const EVP_CIPHER *ccm = NULL;
FIPS_cipher_ctx_init(&ctx);
while(fgets(buf,sizeof buf,in) != NULL)
{
char *p;
fputs(buf,out);
redo:
if (!parse_line(&keyword, &value, lbuf, buf))
continue;
/* If surrounded by square brackets zap them */
if (keyword[0] == '[')
{
keyword++;
p = strchr(value, ']');
if (p)
*p = 0;
}
/* See if we have a comma separated list of parameters
* if so copy rest of line back to buffer and redo later.
*/
p = strchr(value, ',');
if (p)
{
*p = 0;
strcpy(buf, p + 1);
strcat(buf, "\n");
decr = 1;
}
if (!strcmp(keyword,"Plen"))
Plen = atoi(value);
else if (!strcmp(keyword,"Nlen"))
Nlen = atoi(value);
else if (!strcmp(keyword,"Tlen"))
Tlen = atoi(value);
else if (!strcmp(keyword,"Alen"))
Alen = atoi(value);
if (p)
goto redo;
if (!strcmp(keyword,"Key"))
{
if (Key)
OPENSSL_free(Key);
Key = hex2bin_m(value, &l);
if (l == 16)
ccm = EVP_aes_128_ccm();
else if (l == 24)
ccm = EVP_aes_192_ccm();
else if (l == 32)
ccm = EVP_aes_256_ccm();
else
{
fprintf(stderr, "Inconsistent Key length\n");
exit(1);
}
}
else if (!strcmp(keyword,"Nonce"))
{
if (Nonce)
OPENSSL_free(Nonce);
Nonce = hex2bin_m(value, &l);
if (l != Nlen)
{
fprintf(stderr, "Inconsistent nonce length\n");
exit(1);
}
}
else if (!strcmp(keyword,"Payload") && !decr)
{
Payload = hex2bin_m(value, &l);
if (Plen && l != Plen)
{
fprintf(stderr, "Inconsistent Payload length\n");
exit(1);
}
}
else if (!strcmp(keyword,"Adata"))
{
if (Adata)
OPENSSL_free(Adata);
Adata = hex2bin_m(value, &l);
if (Alen && l != Alen)
{
fprintf(stderr, "Inconsistent Payload length\n");
exit(1);
}
}
else if (!strcmp(keyword,"CT") && decr)
{
CT = hex2bin_m(value, &l);
if (l != (Plen + Tlen))
{
fprintf(stderr, "Inconsistent CT length\n");
exit(1);
}
}
if (Payload)
{
FIPS_cipherinit(&ctx, ccm, NULL, NULL, 1);
FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, Nlen, 0);
FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, Tlen, 0);
FIPS_cipherinit(&ctx, NULL, Key, Nonce, 1);
FIPS_cipher(&ctx, NULL, NULL, Plen);
FIPS_cipher(&ctx, NULL, Adata, Alen);
CT = OPENSSL_malloc(Plen + Tlen);
FIPS_cipher(&ctx, CT, Payload, Plen);
FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_GET_TAG, Tlen,
CT + Plen);
OutputValue("CT", CT, Plen + Tlen, out, 0);
OPENSSL_free(CT);
OPENSSL_free(Payload);
CT = Payload = NULL;
}
if (CT)
{
int rv;
int len = Plen == 0 ? 1: Plen;
FIPS_cipherinit(&ctx, ccm, NULL, NULL, 0);
FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, Nlen, 0);
FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG,
Tlen, CT + Plen);
FIPS_cipherinit(&ctx, NULL, Key, Nonce, 0);
FIPS_cipher(&ctx, NULL, NULL, Plen);
FIPS_cipher(&ctx, NULL, Adata, Alen);
Payload = OPENSSL_malloc(len);
rv = FIPS_cipher(&ctx, Payload, CT, Plen);
if (rv >= 0)
{
if (rv == 0)
Payload[0] = 0;
fputs("Result = Pass" RESP_EOL, out);
OutputValue("Payload", Payload, len, out, 0);
}
else
fputs("Result = Fail" RESP_EOL, out);
OPENSSL_free(CT);
OPENSSL_free(Payload);
CT = Payload = NULL;
}
}
if (Key)
OPENSSL_free(Key);
if (Nonce)
OPENSSL_free(Nonce);
if (Adata)
OPENSSL_free(Adata);
FIPS_cipher_ctx_cleanup(&ctx);
}
#ifdef FIPS_ALGVS
int fips_gcmtest_main(int argc, char **argv)
#else
int main(int argc, char **argv)
#endif
{
int encrypt;
int xts = 0, ccm = 0;
FILE *in, *out;
if (argc == 4)
{
in = fopen(argv[2], "r");
if (!in)
{
fprintf(stderr, "Error opening input file\n");
exit(1);
}
out = fopen(argv[3], "w");
if (!out)
{
fprintf(stderr, "Error opening output file\n");
exit(1);
}
}
else if (argc == 2)
{
in = stdin;
out = stdout;
}
else
{
fprintf(stderr,"%s [-encrypt|-decrypt]\n",argv[0]);
exit(1);
}
fips_algtest_init();
if(!strcmp(argv[1],"-encrypt"))
encrypt = 1;
else if(!strcmp(argv[1],"-encryptIVext"))
encrypt = 2;
else if(!strcmp(argv[1],"-decrypt"))
encrypt = 0;
else if(!strcmp(argv[1],"-ccm"))
ccm = 1;
else if(!strcmp(argv[1],"-xts"))
xts = 1;
else
{
fprintf(stderr,"Don't know how to %s.\n",argv[1]);
exit(1);
}
if (ccm)
ccmtest(in, out);
else if (xts)
xtstest(in, out);
else
gcmtest(in, out, encrypt);
if (argc == 4)
{
fclose(in);
fclose(out);
}
return 0;
}
#endif
fips/cmac/Makefile 已删除 100644 → 0
浏览文件 @ 00b4ee76
#
# OpenSSL/fips/cmac/Makefile
#
DIR= cmac
TOP= ../..
CC= cc
INCLUDES=
CFLAG=-g
INSTALL_PREFIX=
OPENSSLDIR= /usr/local/ssl
INSTALLTOP=/usr/local/ssl
MAKEDEPPROG= makedepend
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
MAKEFILE= Makefile
AR= ar r
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile
TEST=fips_cmactest.c
APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC= fips_cmac_selftest.c
LIBOBJ= fips_cmac_selftest.o
SRC= $(LIBSRC)
EXHEADER=
HEADER= $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)
top:
(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
all: lib
lib: $(LIBOBJ)
@echo $(LIBOBJ) > lib
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
links:
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
install:
@headerlist="$(EXHEADER)"; for i in $$headerlist; \
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done
tags:
ctags $(SRC)
tests:
Q=../testvectors/cmac/req
A=../testvectors/cmac/rsp
fips_test:
-rm -rf $(A)
mkdir $(A)
if [ -f $(Q)/CMACGenAES256.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_cmactest -g < $(Q)/CMACGenAES256.req > $(A)/CMACGenAES256.rsp; fi
if [ -f $(Q)/CMACVerAES256.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_cmactest -v < $(Q)/CMACVerAES256.req > $(A)/CMACVerAES256.rsp; fi
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
clean:
rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
# DO NOT DELETE THIS LINE -- make depend depends on it.
fips_cmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
fips_cmac_selftest.o: ../../include/openssl/cmac.h
fips_cmac_selftest.o: ../../include/openssl/crypto.h
fips_cmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
fips_cmac_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
fips_cmac_selftest.o: ../../include/openssl/lhash.h
fips_cmac_selftest.o: ../../include/openssl/obj_mac.h
fips_cmac_selftest.o: ../../include/openssl/objects.h
fips_cmac_selftest.o: ../../include/openssl/opensslconf.h
fips_cmac_selftest.o: ../../include/openssl/opensslv.h
fips_cmac_selftest.o: ../../include/openssl/ossl_typ.h
fips_cmac_selftest.o: ../../include/openssl/safestack.h
fips_cmac_selftest.o: ../../include/openssl/stack.h
fips_cmac_selftest.o: ../../include/openssl/symhacks.h ../fips_locl.h
fips_cmac_selftest.o: fips_cmac_selftest.c
fips_cmactest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
fips_cmactest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
fips_cmactest.o: ../../include/openssl/cmac.h ../../include/openssl/crypto.h
fips_cmactest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
fips_cmactest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
fips_cmactest.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
fips_cmactest.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
fips_cmactest.o: ../../include/openssl/obj_mac.h
fips_cmactest.o: ../../include/openssl/objects.h
fips_cmactest.o: ../../include/openssl/opensslconf.h
fips_cmactest.o: ../../include/openssl/opensslv.h
fips_cmactest.o: ../../include/openssl/ossl_typ.h
fips_cmactest.o: ../../include/openssl/safestack.h
fips_cmactest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
fips_cmactest.o: ../fips_utl.h fips_cmactest.c
fips/cmac/fips_cmac_selftest.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#define OPENSSL_FIPSAPI
#include <string.h>
#include <openssl/err.h>
#include <openssl/fips.h>
#include <openssl/cmac.h>
#include "fips_locl.h"
#ifdef OPENSSL_FIPS
typedef struct {
int nid;
const unsigned char key[EVP_MAX_KEY_LENGTH]; size_t keysize;
const unsigned char msg[64]; size_t msgsize;
const unsigned char mac[32]; size_t macsize;
} CMAC_KAT;
/* from http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf */
__fips_constseg
static const CMAC_KAT vector[] = {
{ NID_aes_128_cbc, /* Count = 32 from CMACGenAES128.txt */
{ 0x77,0xa7,0x7f,0xaf, 0x29,0x0c,0x1f,0xa3,
0x0c,0x68,0x3d,0xf1, 0x6b,0xa7,0xa7,0x7b, }, 128,
{ 0x02,0x06,0x83,0xe1, 0xf0,0x39,0x2f,0x4c,
0xac,0x54,0x31,0x8b, 0x60,0x29,0x25,0x9e,
0x9c,0x55,0x3d,0xbc, 0x4b,0x6a,0xd9,0x98,
0xe6,0x4d,0x58,0xe4, 0xe7,0xdc,0x2e,0x13, }, 256,
{ 0xfb,0xfe,0xa4,0x1b, }, 32
},
{ NID_aes_192_cbc, /* Count = 23 from CMACGenAES192.txt */
{ 0x7b,0x32,0x39,0x13, 0x69,0xaa,0x4c,0xa9,
0x75,0x58,0x09,0x5b, 0xe3,0xc3,0xec,0x86,
0x2b,0xd0,0x57,0xce, 0xf1,0xe3,0x2d,0x62, }, 192,
{ 0x0 }, 0,
{ 0xe4,0xd9,0x34,0x0b, 0x03,0xe6,0x7d,0xef,
0xd4,0x96,0x9c,0xc1, 0xed,0x37,0x35,0xe6, }, 128,
},
{ NID_aes_256_cbc, /* Count = 33 from CMACGenAES256.txt */
{ 0x0b,0x12,0x2a,0xc8, 0xf3,0x4e,0xd1,0xfe,
0x08,0x2a,0x36,0x25, 0xd1,0x57,0x56,0x14,
0x54,0x16,0x7a,0xc1, 0x45,0xa1,0x0b,0xbf,
0x77,0xc6,0xa7,0x05, 0x96,0xd5,0x74,0xf1, }, 256,
{ 0x49,0x8b,0x53,0xfd, 0xec,0x87,0xed,0xcb,
0xf0,0x70,0x97,0xdc, 0xcd,0xe9,0x3a,0x08,
0x4b,0xad,0x75,0x01, 0xa2,0x24,0xe3,0x88,
0xdf,0x34,0x9c,0xe1, 0x89,0x59,0xfe,0x84,
0x85,0xf8,0xad,0x15, 0x37,0xf0,0xd8,0x96,
0xea,0x73,0xbe,0xdc, 0x72,0x14,0x71,0x3f, }, 384,
{ 0xf6,0x2c,0x46,0x32, 0x9b, }, 40,
},
{ NID_des_ede3_cbc, /* Count = 41 from CMACGenTDES3.req */
{ 0x89,0xbc,0xd9,0x52, 0xa8,0xc8,0xab,0x37,
0x1a,0xf4,0x8a,0xc7, 0xd0,0x70,0x85,0xd5,
0xef,0xf7,0x02,0xe6, 0xd6,0x2c,0xdc,0x23, }, 192,
{ 0xfa,0x62,0x0c,0x1b, 0xbe,0x97,0x31,0x9e,
0x9a,0x0c,0xf0,0x49, 0x21,0x21,0xf7,0xa2,
0x0e,0xb0,0x8a,0x6a, 0x70,0x9d,0xcb,0xd0,
0x0a,0xaf,0x38,0xe4, 0xf9,0x9e,0x75,0x4e, }, 256,
{ 0x8f,0x49,0xa1,0xb7, 0xd6,0xaa,0x22,0x58, }, 64,
},
};
int FIPS_selftest_cmac()
{
size_t n, outlen;
unsigned char out[32];
const EVP_CIPHER *cipher;
CMAC_CTX *ctx = CMAC_CTX_new();
const CMAC_KAT *t;
int subid = -1, rv = 1;
for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
{
cipher = FIPS_get_cipherbynid(t->nid);
if (!cipher)
{
rv = -1;
goto err;
}
subid = M_EVP_CIPHER_nid(cipher);
if (!fips_post_started(FIPS_TEST_CMAC, subid, 0))
continue;
if (!CMAC_Init(ctx, t->key, t->keysize/8, cipher, 0))
{
rv = -1;
goto err;
}
if (!CMAC_Update(ctx, t->msg, t->msgsize/8))
{
rv = -1;
goto err;
}
if (!fips_post_corrupt(FIPS_TEST_CMAC, subid, NULL))
{
if (!CMAC_Update(ctx, t->msg, 1))
{
rv = -1;
goto err;
}
}
if (!CMAC_Final(ctx, out, &outlen))
{
rv = -1;
goto err;
}
CMAC_CTX_cleanup(ctx);
if(outlen < t->macsize/8 || memcmp(out,t->mac,t->macsize/8))
{
fips_post_failed(FIPS_TEST_CMAC, subid, NULL);
rv = 0;
}
else if (!fips_post_success(FIPS_TEST_CMAC, subid, NULL))
{
rv = 0;
goto err;
}
}
err:
CMAC_CTX_free(ctx);
if (rv == -1)
{
fips_post_failed(FIPS_TEST_CMAC, subid, NULL);
rv = 0;
}
if (!rv)
FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC,FIPS_R_SELFTEST_FAILED);
return rv;
}
#endif
fips/cmac/fips_cmactest.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
/* fips_cmactest.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2005.
*/
/* ====================================================================
* Copyright (c) 2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#define OPENSSL_FIPSAPI
#include <stdio.h>
#include <ctype.h>
#include <string.h>
#include <openssl/bio.h>
#include <openssl/evp.h>
#include <openssl/cmac.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#ifndef OPENSSL_FIPS
int main(int argc, char *argv[])
{
printf("No FIPS CMAC support\n");
return(0);
}
#else
#include <openssl/fips.h>
#include "fips_utl.h"
static int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in,
int mode, int Klen_counts_keys, int known_keylen);
static int print_cmac_gen(const EVP_CIPHER *cipher, FILE *out,
unsigned char *Key, int Klen,
unsigned char *Msg, int Msglen,
int Tlen);
static int print_cmac_ver(const EVP_CIPHER *cipher, FILE *out,
unsigned char *Key, int Klen,
unsigned char *Msg, int Msglen,
unsigned char *Mac, int Maclen,
int Tlen);
#ifdef FIPS_ALGVS
int fips_cmactest_main(int argc, char **argv)
#else
int main(int argc, char **argv)
#endif
{
FILE *in = NULL, *out = NULL;
int mode = 0; /* 0 => Generate, 1 => Verify */
int Klen_counts_keys = 0; /* 0 => Klen is size of one key
1 => Klen is amount of keys
*/
int known_keylen = 0; /* Only set when Klen_counts_keys = 1 */
const EVP_CIPHER *cipher = 0;
int ret = 1;
fips_algtest_init();
while (argc > 1 && argv[1][0] == '-')
{
switch (argv[1][1])
{
case 'a':
{
char *p = &argv[1][2];
if (*p == '\0')
{
if (argc <= 2)
{
fprintf(stderr, "Option %s needs a value\n", argv[1]);
goto end;
}
argv++;
argc--;
p = &argv[1][0];
}
if (!strcmp(p, "aes128"))
cipher = EVP_aes_128_cbc();
else if (!strcmp(p, "aes192"))
cipher = EVP_aes_192_cbc();
else if (!strcmp(p, "aes256"))
cipher = EVP_aes_256_cbc();
else if (!strcmp(p, "tdea3") || !strcmp(p, "tdes3"))
{
cipher = EVP_des_ede3_cbc();
Klen_counts_keys = 1;
known_keylen = 8;
}
else
{
fprintf(stderr, "Unknown algorithm %s\n", p);
goto end;
}
}
break;
case 'g':
mode = 0;
break;
case 'v':
mode = 1;
break;
default:
fprintf(stderr, "Unknown option %s\n", argv[1]);
goto end;
}
argv++;
argc--;
}
if (argc == 1)
in = stdin;
else
in = fopen(argv[1], "r");
if (argc < 2)
out = stdout;
else
out = fopen(argv[2], "w");
if (!in)
{
fprintf(stderr, "FATAL input initialization error\n");
goto end;
}
if (!out)
{
fprintf(stderr, "FATAL output initialization error\n");
goto end;
}
if (!cmac_test(cipher, out, in, mode,
Klen_counts_keys, known_keylen))
{
fprintf(stderr, "FATAL cmac file processing error\n");
goto end;
}
else
ret = 0;
end:
if (in && (in != stdin))
fclose(in);
if (out && (out != stdout))
fclose(out);
return ret;
}
#define CMAC_TEST_MAXLINELEN 150000
int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in,
int mode, int Klen_counts_keys, int known_keylen)
{
char *linebuf, *olinebuf, *p, *q;
char *keyword, *value;
unsigned char **Keys = NULL, *Msg = NULL, *Mac = NULL;
unsigned char *Key = NULL;
int Count, Klen, Mlen, Tlen;
long Keylen, Msglen, Maclen;
int ret = 0;
int lnum = 0;
olinebuf = OPENSSL_malloc(CMAC_TEST_MAXLINELEN);
linebuf = OPENSSL_malloc(CMAC_TEST_MAXLINELEN);
if (!linebuf || !olinebuf)
goto error;
Count = -1;
Klen = -1;
Mlen = -1;
Tlen = -1;
while (fgets(olinebuf, CMAC_TEST_MAXLINELEN, in))
{
lnum++;
strcpy(linebuf, olinebuf);
keyword = linebuf;
/* Skip leading space */
while (isspace((unsigned char)*keyword))
keyword++;
/* Skip comments */
if (keyword[0] == '#')
{
if (fputs(olinebuf, out) < 0)
goto error;
continue;
}
/* Look for = sign */
p = strchr(linebuf, '=');
/* If no = or starts with [ (for [L=20] line) just copy */
if (!p)
{
if (fputs(olinebuf, out) < 0)
goto error;
continue;
}
q = p - 1;
/* Remove trailing space */
while (isspace((unsigned char)*q))
*q-- = 0;
*p = 0;
value = p + 1;
/* Remove leading space from value */
while (isspace((unsigned char)*value))
value++;
/* Remove trailing space from value */
p = value + strlen(value) - 1;
while (*p == '\n' || isspace((unsigned char)*p))
*p-- = 0;
if (!strcmp(keyword, "Count"))
{
if (Count != -1)
goto parse_error;
Count = atoi(value);
if (Count < 0)
goto parse_error;
}
else if (!strcmp(keyword, "Klen"))
{
if (Klen != -1)
goto parse_error;
Klen = atoi(value);
if (Klen < 0)
goto parse_error;
if (Klen_counts_keys)
{
Keys = OPENSSL_malloc(sizeof(*Keys) * Klen);
memset(Keys, '\0', sizeof(*Keys) * Klen);
}
else
{
Keys = OPENSSL_malloc(sizeof(*Keys));
memset(Keys, '\0', sizeof(*Keys));
}
}
else if (!strcmp(keyword, "Mlen"))
{
if (Mlen != -1)
goto parse_error;
Mlen = atoi(value);
if (Mlen < 0)
goto parse_error;
}
else if (!strcmp(keyword, "Tlen"))
{
if (Tlen != -1)
goto parse_error;
Tlen = atoi(value);
if (Tlen < 0)
goto parse_error;
}
else if (!strcmp(keyword, "Key") && !Klen_counts_keys)
{
if (Keys[0])
goto parse_error;
Keys[0] = hex2bin_m(value, &Keylen);
if (!Keys[0])
goto parse_error;
}
else if (!strncmp(keyword, "Key", 3) && Klen_counts_keys)
{
int keynum = atoi(keyword + 3);
if (!keynum || keynum > Klen || Keys[keynum-1])
goto parse_error;
Keys[keynum-1] = hex2bin_m(value, &Keylen);
if (!Keys[keynum-1])
goto parse_error;
}
else if (!strcmp(keyword, "Msg"))
{
if (Msg)
goto parse_error;
Msg = hex2bin_m(value, &Msglen);
if (!Msg)
goto parse_error;
}
else if (!strcmp(keyword, "Mac"))
{
if (mode == 0)
continue;
if (Mac)
goto parse_error;
Mac = hex2bin_m(value, &Maclen);
if (!Mac)
goto parse_error;
}
else if (!strcmp(keyword, "Result"))
{
if (mode == 1)
continue;
goto parse_error;
}
else
goto parse_error;
fputs(olinebuf, out);
if (Keys && Msg && (!mode || Mac) && (Tlen > 0) && (Klen > 0))
{
if (Klen_counts_keys)
{
int x;
Key = OPENSSL_malloc(Klen * known_keylen);
for (x = 0; x < Klen; x++)
{
memcpy(Key + x * known_keylen,
Keys[x], known_keylen);
OPENSSL_free(Keys[x]);
}
Klen *= known_keylen;
}
else
{
Key = OPENSSL_malloc(Klen);
memcpy(Key, Keys[0], Klen);
OPENSSL_free(Keys[0]);
}
OPENSSL_free(Keys);
switch(mode)
{
case 0:
if (!print_cmac_gen(cipher, out,
Key, Klen,
Msg, Mlen,
Tlen))
goto error;
break;
case 1:
if (!print_cmac_ver(cipher, out,
Key, Klen,
Msg, Mlen,
Mac, Maclen,
Tlen))
goto error;
break;
}
OPENSSL_free(Key);
Key = NULL;
OPENSSL_free(Msg);
Msg = NULL;
OPENSSL_free(Mac);
Mac = NULL;
Klen = -1;
Mlen = -1;
Tlen = -1;
Count = -1;
}
}
ret = 1;
error:
if (olinebuf)
OPENSSL_free(olinebuf);
if (linebuf)
OPENSSL_free(linebuf);
if (Key)
OPENSSL_free(Key);
if (Msg)
OPENSSL_free(Msg);
if (Mac)
OPENSSL_free(Mac);
return ret;
parse_error:
fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
goto error;
}
static int print_cmac_gen(const EVP_CIPHER *cipher, FILE *out,
unsigned char *Key, int Klen,
unsigned char *Msg, int Mlen,
int Tlen)
{
int rc, i;
size_t reslen;
unsigned char res[128];
CMAC_CTX *cmac_ctx = CMAC_CTX_new();
CMAC_Init(cmac_ctx, Key, Klen, cipher, 0);
CMAC_Update(cmac_ctx, Msg, Mlen);
if (!CMAC_Final(cmac_ctx, res, &reslen))
{
fputs("Error calculating CMAC\n", stderr);
rc = 0;
}
else if (Tlen > (int)reslen)
{
fputs("Parameter error, Tlen > CMAC length\n", stderr);
rc = 0;
}
else
{
fputs("Mac = ", out);
for (i = 0; i < Tlen; i++)
fprintf(out, "%02x", res[i]);
fputs(RESP_EOL, out);
rc = 1;
}
CMAC_CTX_free(cmac_ctx);
return rc;
}
static int print_cmac_ver(const EVP_CIPHER *cipher, FILE *out,
unsigned char *Key, int Klen,
unsigned char *Msg, int Mlen,
unsigned char *Mac, int Maclen,
int Tlen)
{
int rc = 1;
size_t reslen;
unsigned char res[128];
CMAC_CTX *cmac_ctx = CMAC_CTX_new();
CMAC_Init(cmac_ctx, Key, Klen, cipher, 0);
CMAC_Update(cmac_ctx, Msg, Mlen);
if (!CMAC_Final(cmac_ctx, res, &reslen))
{
fputs("Error calculating CMAC\n", stderr);
rc = 0;
}
else if (Tlen > (int)reslen)
{
fputs("Parameter error, Tlen > CMAC length\n", stderr);
rc = 0;
}
else if (Tlen != Maclen)
{
fputs("Parameter error, Tlen != resulting Mac length\n", stderr);
rc = 0;
}
else
{
if (!memcmp(Mac, res, Maclen))
fputs("Result = P" RESP_EOL, out);
else
fputs("Result = F" RESP_EOL, out);
}
CMAC_CTX_free(cmac_ctx);
return rc;
}
#endif
fips/des/Makefile 已删除 100644 → 0
浏览文件 @ 00b4ee76
#
# OpenSSL/fips/des/Makefile
#
DIR= des
TOP= ../..
CC= cc
INCLUDES=
CFLAG=-g
INSTALL_PREFIX=
OPENSSLDIR= /usr/local/ssl
INSTALLTOP=/usr/local/ssl
MAKEDEPPROG= makedepend
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
MAKEFILE= Makefile
AR= ar r
ASFLAGS= $(INCLUDES) $(ASFLAG)
AFLAGS= $(ASFLAGS)
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile
TEST= fips_desmovs.c
APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC=fips_des_selftest.c
LIBOBJ=fips_des_selftest.o
SRC= $(LIBSRC)
EXHEADER=
HEADER=
ALL= $(GENERAL) $(SRC) $(HEADER)
top:
(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
all: lib
lib: $(LIBOBJ)
@echo $(LIBOBJ) > lib
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
links:
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
install:
@headerlist="$(EXHEADER)"; for i in $$headerlist; \
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done
tags:
ctags $(SRC)
tests:
fips_test:
-find ../testvectors/tdes/req -name '*.req' > testlist
-rm -rf ../testvectors/tdes/rsp
mkdir ../testvectors/tdes/rsp
if [ -s testlist ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_desmovs -d testlist; fi
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) \
$(SRC) $(TEST)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
clean:
rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff testlist
# DO NOT DELETE THIS LINE -- make depend depends on it.
fips_des_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
fips_des_selftest.o: ../../include/openssl/crypto.h
fips_des_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
fips_des_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
fips_des_selftest.o: ../../include/openssl/lhash.h
fips_des_selftest.o: ../../include/openssl/obj_mac.h
fips_des_selftest.o: ../../include/openssl/objects.h
fips_des_selftest.o: ../../include/openssl/opensslconf.h
fips_des_selftest.o: ../../include/openssl/opensslv.h
fips_des_selftest.o: ../../include/openssl/ossl_typ.h
fips_des_selftest.o: ../../include/openssl/safestack.h
fips_des_selftest.o: ../../include/openssl/stack.h
fips_des_selftest.o: ../../include/openssl/symhacks.h fips_des_selftest.c
fips_desmovs.o: ../../e_os.h ../../include/openssl/aes.h
fips_desmovs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
fips_desmovs.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
fips_desmovs.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
fips_desmovs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
fips_desmovs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
fips_desmovs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
fips_desmovs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
fips_desmovs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
fips_desmovs.o: ../../include/openssl/opensslconf.h
fips_desmovs.o: ../../include/openssl/opensslv.h
fips_desmovs.o: ../../include/openssl/ossl_typ.h
fips_desmovs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
fips_desmovs.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
fips_desmovs.o: ../../include/openssl/ui_compat.h ../fips_utl.h fips_desmovs.c
fips/des/fips_des_selftest.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
/* ====================================================================
* Copyright (c) 2003 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#define OPENSSL_FIPSAPI
#include <string.h>
#include <openssl/err.h>
#include <openssl/fips.h>
#include <openssl/evp.h>
#include <openssl/opensslconf.h>
#ifdef OPENSSL_FIPS
__fips_constseg
static const struct
{
const unsigned char key[24];
const unsigned char plaintext[8];
const unsigned char ciphertext[8];
} tests3[]=
{
{
{ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,
0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0 },
{ 0x8f,0x8f,0xbf,0x9b,0x5d,0x48,0xb4,0x1c },
{ 0x59,0x8c,0xe5,0xd3,0x6c,0xa2,0xea,0x1b },
},
{
{ 0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,0xFE,
0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4 },
{ 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF },
{ 0x11,0x25,0xb0,0x35,0xbe,0xa0,0x82,0x86 },
},
};
int FIPS_selftest_des()
{
int n, ret = 0;
EVP_CIPHER_CTX ctx;
FIPS_cipher_ctx_init(&ctx);
/* Encrypt/decrypt with 3DES and compare to known answers */
for(n=0 ; n < 2 ; ++n)
{
if (!fips_cipher_test(FIPS_TEST_CIPHER, &ctx, EVP_des_ede3_ecb(),
tests3[n].key, NULL,
tests3[n].plaintext, tests3[n].ciphertext, 8))
goto err;
}
ret = 1;
err:
FIPS_cipher_ctx_cleanup(&ctx);
if (ret == 0)
FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);
return ret;
}
#endif
fips/des/fips_desmovs.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
/* ====================================================================
* Copyright (c) 2004 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/*---------------------------------------------
NIST DES Modes of Operation Validation System
Test Program
Based on the AES Validation Suite, which was:
Donated to OpenSSL by:
V-ONE Corporation
20250 Century Blvd, Suite 300
Germantown, MD 20874
U.S.A.
----------------------------------------------*/
#define OPENSSL_FIPSAPI
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <assert.h>
#include <ctype.h>
#include <openssl/crypto.h>
#include <openssl/des.h>
#include <openssl/evp.h>
#include <openssl/bn.h>
#include <openssl/err.h>
#include "e_os.h"
#ifndef OPENSSL_FIPS
int main(int argc, char *argv[])
{
printf("No FIPS DES support\n");
return(0);
}
#else
#include "fips_utl.h"
#include <openssl/fips.h>
#define DES_BLOCK_SIZE 8
#define VERBOSE 0
static int DESTest(EVP_CIPHER_CTX *ctx,
char *amode, int akeysz, unsigned char *aKey,
unsigned char *iVec,
int dir, /* 0 = decrypt, 1 = encrypt */
unsigned char *out, unsigned char *in, int len)
{
const EVP_CIPHER *cipher = NULL;
if (akeysz != 192)
{
printf("Invalid key size: %d\n", akeysz);
return 0;
}
if (fips_strcasecmp(amode, "CBC") == 0)
cipher = EVP_des_ede3_cbc();
else if (fips_strcasecmp(amode, "ECB") == 0)
cipher = EVP_des_ede3_ecb();
else if (fips_strcasecmp(amode, "CFB64") == 0)
cipher = EVP_des_ede3_cfb64();
else if (fips_strncasecmp(amode, "OFB", 3) == 0)
cipher = EVP_des_ede3_ofb();
else if(!fips_strcasecmp(amode,"CFB8"))
cipher = EVP_des_ede3_cfb8();
else if(!fips_strcasecmp(amode,"CFB1"))
cipher = EVP_des_ede3_cfb1();
else
{
printf("Unknown mode: %s\n", amode);
return 0;
}
if (FIPS_cipherinit(ctx, cipher, aKey, iVec, dir) <= 0)
return 0;
if(!fips_strcasecmp(amode,"CFB1"))
M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
FIPS_cipher(ctx, out, in, len);
return 1;
}
#if 0
static void DebugValue(char *tag, unsigned char *val, int len)
{
char obuf[2048];
int olen;
olen = bin2hex(val, len, obuf);
printf("%s = %.*s\n", tag, olen, obuf);
}
#endif
static void shiftin(unsigned char *dst,unsigned char *src,int nbits)
{
int n;
/* move the bytes... */
memmove(dst,dst+nbits/8,3*8-nbits/8);
/* append new data */
memcpy(dst+3*8-nbits/8,src,(nbits+7)/8);
/* left shift the bits */
if(nbits%8)
for(n=0 ; n < 3*8 ; ++n)
dst[n]=(dst[n] << (nbits%8))|(dst[n+1] >> (8-nbits%8));
}
/*-----------------------------------------------*/
char *tdes_t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"};
char *tdes_t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB64"};
enum tdes_Mode {TCBC, TECB, TOFB, TCFB1, TCFB8, TCFB64};
int Sizes[6]={64,64,64,1,8,64};
static int do_tmct(char *amode,
int akeysz, int numkeys, unsigned char *akey,unsigned char *ivec,
int dir, unsigned char *text, int len,
FILE *rfp)
{
int i,imode;
unsigned char nk[4*8]; /* longest key+8 */
unsigned char text0[8];
for (imode=0 ; imode < 6 ; ++imode)
if(!strcmp(amode,tdes_t_mode[imode]))
break;
if (imode == 6)
{
printf("Unrecognized mode: %s\n", amode);
return 0;
}
for(i=0 ; i < 400 ; ++i)
{
int j;
int n;
int kp=akeysz/64;
unsigned char old_iv[8];
EVP_CIPHER_CTX ctx;
FIPS_cipher_ctx_init(&ctx);
fprintf(rfp,RESP_EOL "COUNT = %d" RESP_EOL,i);
if(kp == 1)
OutputValue("KEY",akey,8,rfp,0);
else
for(n=0 ; n < kp ; ++n)
{
fprintf(rfp,"KEY%d",n+1);
OutputValue("",akey+n*8,8,rfp,0);
}
if(imode != TECB)
OutputValue("IV",ivec,8,rfp,0);
OutputValue(tdes_t_tag[dir^1],text,len,rfp,imode == TCFB1);
#if 0
/* compensate for endianness */
if(imode == TCFB1)
text[0]<<=7;
#endif
memcpy(text0,text,8);
for(j=0 ; j < 10000 ; ++j)
{
unsigned char old_text[8];
memcpy(old_text,text,8);
if(j == 0)
{
memcpy(old_iv,ivec,8);
DESTest(&ctx,amode,akeysz,akey,ivec,dir,text,text,len);
}
else
{
memcpy(old_iv,ctx.iv,8);
FIPS_cipher(&ctx,text,text,len);
}
if(j == 9999)
{
OutputValue(tdes_t_tag[dir],text,len,rfp,imode == TCFB1);
/* memcpy(ivec,text,8); */
}
/* DebugValue("iv",ctx.iv,8); */
/* accumulate material for the next key */
shiftin(nk,text,Sizes[imode]);
/* DebugValue("nk",nk,24);*/
if((dir && (imode == TCFB1 || imode == TCFB8
|| imode == TCFB64 || imode == TCBC)) || imode == TOFB)
memcpy(text,old_iv,8);
if(!dir && (imode == TCFB1 || imode == TCFB8 || imode == TCFB64))
{
/* the test specifies using the output of the raw DES operation
which we don't have, so reconstruct it... */
for(n=0 ; n < 8 ; ++n)
text[n]^=old_text[n];
}
}
for(n=0 ; n < 8 ; ++n)
akey[n]^=nk[16+n];
for(n=0 ; n < 8 ; ++n)
akey[8+n]^=nk[8+n];
for(n=0 ; n < 8 ; ++n)
akey[16+n]^=nk[n];
if(numkeys < 3)
memcpy(&akey[2*8],akey,8);
if(numkeys < 2)
memcpy(&akey[8],akey,8);
DES_set_odd_parity((DES_cblock *)akey);
DES_set_odd_parity((DES_cblock *)(akey+8));
DES_set_odd_parity((DES_cblock *)(akey+16));
memcpy(ivec,ctx.iv,8);
/* pointless exercise - the final text doesn't depend on the
initial text in OFB mode, so who cares what it is? (Who
designed these tests?) */
if(imode == TOFB)
for(n=0 ; n < 8 ; ++n)
text[n]=text0[n]^old_iv[n];
FIPS_cipher_ctx_cleanup(&ctx);
}
return 1;
}
static int tproc_file(char *rqfile, char *rspfile)
{
char afn[256], rfn[256];
FILE *afp = NULL, *rfp = NULL;
char ibuf[2048], tbuf[2048];
int len;
char amode[8] = "";
char atest[100] = "";
int akeysz=0;
unsigned char iVec[20], aKey[40];
int dir = -1, err = 0, step = 0, echo = 1;
unsigned char plaintext[2048];
unsigned char ciphertext[2048];
char *rp;
EVP_CIPHER_CTX ctx;
int numkeys=1;
FIPS_cipher_ctx_init(&ctx);
if (!rqfile || !(*rqfile))
{
printf("No req file\n");
return -1;
}
strcpy(afn, rqfile);
if ((afp = fopen(afn, "r")) == NULL)
{
printf("Cannot open file: %s, %s\n",
afn, strerror(errno));
return -1;
}
if (!rspfile)
{
strcpy(rfn,afn);
rp=strstr(rfn,"req/");
#ifdef OPENSSL_SYS_WIN32
if (!rp)
rp=strstr(rfn,"req\\");
#endif
assert(rp);
memcpy(rp,"rsp",3);
rp = strstr(rfn, ".req");
memcpy(rp, ".rsp", 4);
rspfile = rfn;
}
if ((rfp = fopen(rspfile, "w")) == NULL)
{
printf("Cannot open file: %s, %s\n",
rfn, strerror(errno));
fclose(afp);
afp = NULL;
return -1;
}
while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL)
{
tidy_line(tbuf, ibuf);
/* printf("step=%d ibuf=%s",step,ibuf);*/
if(step == 3 && !strcmp(amode,"ECB"))
{
memset(iVec, 0, sizeof(iVec));
step = (dir)? 4: 5; /* no ivec for ECB */
}
switch (step)
{
case 0: /* read preamble */
if (ibuf[0] == '\n')
{ /* end of preamble */
if (*amode == '\0')
{
printf("Missing Mode\n");
err = 1;
}
else
{
copy_line(ibuf, rfp);
++ step;
}
}
else if (ibuf[0] != '#')
{
printf("Invalid preamble item: %s\n", ibuf);
err = 1;
}
else
{ /* process preamble */
char *xp, *pp = ibuf+2;
int n;
if(*amode)
{ /* insert current time & date */
time_t rtim = time(0);
fputs("# ", rfp);
copy_line(ctime(&rtim), rfp);
}
else
{
copy_line(ibuf, rfp);
if(!strncmp(pp,"INVERSE ",8) || !strncmp(pp,"DES ",4)
|| !strncmp(pp,"TDES ",5)
|| !strncmp(pp,"PERMUTATION ",12)
|| !strncmp(pp,"SUBSTITUTION ",13)
|| !strncmp(pp,"VARIABLE ",9))
{
/* get test type */
if(!strncmp(pp,"DES ",4))
pp+=4;
else if(!strncmp(pp,"TDES ",5))
pp+=5;
xp = strchr(pp, ' ');
n = xp-pp;
strncpy(atest, pp, n);
atest[n] = '\0';
/* get mode */
xp = strrchr(pp, ' '); /* get mode" */
n = strlen(xp+1)-1;
strncpy(amode, xp+1, n);
amode[n] = '\0';
if (!strcmp(atest, "Monte"))
echo = 0;
/* amode[3] = '\0'; */
if (VERBOSE)
printf("Test=%s, Mode=%s\n",atest,amode);
}
}
}
break;
case 1: /* [ENCRYPT] | [DECRYPT] */
if(ibuf[0] == '\n')
break;
if (ibuf[0] == '[')
{
copy_line(ibuf, rfp);
++step;
if (fips_strncasecmp(ibuf, "[ENCRYPT]", 9) == 0)
dir = 1;
else if (fips_strncasecmp(ibuf, "[DECRYPT]", 9) == 0)
dir = 0;
else
{
printf("Invalid keyword: %s\n", ibuf);
err = 1;
}
break;
}
else if (dir == -1)
{
err = 1;
printf("Missing ENCRYPT/DECRYPT keyword\n");
break;
}
else
step = 2;
case 2: /* KEY = xxxx */
if(*ibuf == '\n')
{
copy_line(ibuf, rfp);
break;
}
if(!fips_strncasecmp(ibuf,"COUNT = ",8))
{
copy_line(ibuf, rfp);
break;
}
if(!fips_strncasecmp(ibuf,"COUNT=",6))
{
copy_line(ibuf, rfp);
break;
}
if(!fips_strncasecmp(ibuf,"NumKeys = ",10))
{
numkeys=atoi(ibuf+10);
break;
}
if (echo)
copy_line(ibuf, rfp);
if(!fips_strncasecmp(ibuf,"KEY = ",6))
{
akeysz=64;
len = hex2bin((char*)ibuf+6, aKey);
if (len < 0)
{
printf("Invalid KEY\n");
err=1;
break;
}
PrintValue("KEY", aKey, len);
++step;
}
else if(!fips_strncasecmp(ibuf,"KEYs = ",7))
{
akeysz=64*3;
len=hex2bin(ibuf+7,aKey);
if(len != 8)
{
printf("Invalid KEY\n");
err=1;
break;
}
memcpy(aKey+8,aKey,8);
memcpy(aKey+16,aKey,8);
ibuf[4]='\0';
PrintValue("KEYs",aKey,len);
++step;
}
else if(!fips_strncasecmp(ibuf,"KEY",3))
{
int n=ibuf[3]-'1';
akeysz=64*3;
len=hex2bin(ibuf+7,aKey+n*8);
if(len != 8)
{
printf("Invalid KEY\n");
err=1;
break;
}
ibuf[4]='\0';
PrintValue(ibuf,aKey,len);
if(n == 2)
++step;
}
else
{
printf("Missing KEY\n");
err = 1;
}
break;
case 3: /* IV = xxxx */
if (echo)
copy_line(ibuf, rfp);
if (fips_strncasecmp(ibuf, "IV = ", 5) != 0)
{
printf("Missing IV\n");
err = 1;
}
else
{
len = hex2bin((char*)ibuf+5, iVec);
if (len < 0)
{
printf("Invalid IV\n");
err =1;
break;
}
PrintValue("IV", iVec, len);
step = (dir)? 4: 5;
}
break;
case 4: /* PLAINTEXT = xxxx */
if (echo)
copy_line(ibuf, rfp);
if (fips_strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0)
{
printf("Missing PLAINTEXT\n");
err = 1;
}
else
{
int nn = strlen(ibuf+12);
if(!strcmp(amode,"CFB1"))
len=bint2bin(ibuf+12,nn-1,plaintext);
else
len=hex2bin(ibuf+12, plaintext);
if (len < 0)
{
printf("Invalid PLAINTEXT: %s", ibuf+12);
err =1;
break;
}
if (len >= (int)sizeof(plaintext))
{
printf("Buffer overflow\n");
}
PrintValue("PLAINTEXT", (unsigned char*)plaintext, len);
if (strcmp(atest, "Monte") == 0) /* Monte Carlo Test */
{
if (!do_tmct(amode,akeysz,numkeys,aKey,iVec,
dir,plaintext,len,rfp))
return -1;
}
else
{
assert(dir == 1);
DESTest(&ctx, amode, akeysz, aKey, iVec,
dir, /* 0 = decrypt, 1 = encrypt */
ciphertext, plaintext, len);
OutputValue("CIPHERTEXT",ciphertext,len,rfp,
!strcmp(amode,"CFB1"));
}
step = 6;
}
break;
case 5: /* CIPHERTEXT = xxxx */
if (echo)
copy_line(ibuf, rfp);
if (fips_strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0)
{
printf("Missing KEY\n");
err = 1;
}
else
{
if(!strcmp(amode,"CFB1"))
len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
else
len = hex2bin(ibuf+13,ciphertext);
if (len < 0)
{
printf("Invalid CIPHERTEXT\n");
err =1;
break;
}
PrintValue("CIPHERTEXT", ciphertext, len);
if (strcmp(atest, "Monte") == 0) /* Monte Carlo Test */
{
do_tmct(amode, akeysz, numkeys, aKey, iVec,
dir, ciphertext, len, rfp);
}
else
{
assert(dir == 0);
DESTest(&ctx, amode, akeysz, aKey, iVec,
dir, /* 0 = decrypt, 1 = encrypt */
plaintext, ciphertext, len);
OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp,
!strcmp(amode,"CFB1"));
}
step = 6;
}
break;
case 6:
if (ibuf[0] != '\n')
{
err = 1;
printf("Missing terminator\n");
}
else if (strcmp(atest, "MCT") != 0)
{ /* MCT already added terminating nl */
copy_line(ibuf, rfp);
}
step = 1;
break;
}
}
if (rfp)
fclose(rfp);
if (afp)
fclose(afp);
FIPS_cipher_ctx_cleanup(&ctx);
return err;
}
/*--------------------------------------------------
Processes either a single file or
a set of files whose names are passed in a file.
A single file is specified as:
aes_test -f xxx.req
A set of files is specified as:
aes_test -d xxxxx.xxx
The default is: -d req.txt
--------------------------------------------------*/
#ifdef FIPS_ALGVS
int fips_desmovs_main(int argc, char **argv)
#else
int main(int argc, char **argv)
#endif
{
char *rqlist = "req.txt", *rspfile = NULL;
FILE *fp = NULL;
char fn[250] = "", rfn[256] = "";
int d_opt = 1;
fips_algtest_init();
if (argc > 1)
{
if (fips_strcasecmp(argv[1], "-d") == 0)
{
d_opt = 1;
}
else if (fips_strcasecmp(argv[1], "-f") == 0)
{
d_opt = 0;
}
else
{
printf("Invalid parameter: %s\n", argv[1]);
return 0;
}
if (argc < 3)
{
printf("Missing parameter\n");
return 0;
}
if (d_opt)
rqlist = argv[2];
else
{
strcpy(fn, argv[2]);
rspfile = argv[3];
}
}
if (d_opt)
{ /* list of files (directory) */
if (!(fp = fopen(rqlist, "r")))
{
printf("Cannot open req list file\n");
return -1;
}
while (fgets(fn, sizeof(fn), fp))
{
strtok(fn, "\r\n");
strcpy(rfn, fn);
printf("Processing: %s\n", rfn);
if (tproc_file(rfn, rspfile))
{
printf(">>> Processing failed for: %s <<<\n", rfn);
return -1;
}
}
fclose(fp);
}
else /* single file */
{
if (VERBOSE)
printf("Processing: %s\n", fn);
if (tproc_file(fn, rspfile))
{
printf(">>> Processing failed for: %s <<<\n", fn);
}
}
return 0;
}
#endif
fips/dh/Makefile 已删除 100644 → 0
浏览文件 @ 00b4ee76
#
# OpenSSL/fips/dh/Makefile
#
DIR= dh
TOP= ../..
CC= cc
INCLUDES=
CFLAG=-g
INSTALL_PREFIX=
OPENSSLDIR= /usr/local/ssl
INSTALLTOP=/usr/local/ssl
MAKEDEPPROG= makedepend
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
MAKEFILE= Makefile
AR= ar r
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile
TEST= fips_dhvs.c
APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC= fips_dh_lib.c
LIBOBJ= fips_dh_lib.o
SRC= $(LIBSRC)
EXHEADER=
HEADER= $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)
top:
(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
all: lib
lib: $(LIBOBJ)
@echo $(LIBOBJ) > lib
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
links:
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
install:
@headerlist="$(EXHEADER)"; for i in $$headerlist; \
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done
tags:
ctags $(SRC)
tests:
fips_test:
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
clean:
rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
# DO NOT DELETE THIS LINE -- make depend depends on it.
fips_dh_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
fips_dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
fips_dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h
fips_dh_lib.o: ../../include/openssl/opensslconf.h
fips_dh_lib.o: ../../include/openssl/opensslv.h
fips_dh_lib.o: ../../include/openssl/ossl_typ.h
fips_dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
fips_dh_lib.o: ../../include/openssl/symhacks.h fips_dh_lib.c
fips_dhvs.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
fips_dhvs.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
fips_dhvs.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
fips_dhvs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
fips_dhvs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
fips_dhvs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
fips_dhvs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
fips_dhvs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
fips_dhvs.o: ../../include/openssl/opensslconf.h
fips_dhvs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
fips_dhvs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
fips_dhvs.o: ../../include/openssl/symhacks.h ../fips_utl.h fips_dhvs.c
fips/dh/fips_dh_lib.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/dh/fips_dhvs.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/dsa/Makefile 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/dsa/fips_dsa_lib.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/dsa/fips_dsa_selftest.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/dsa/fips_dsa_sign.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/dsa/fips_dsatest.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/dsa/fips_dssvs.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/ecdh/Makefile 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/ecdh/fips_ecdh_selftest.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/ecdh/fips_ecdhvs.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/ecdsa/Makefile 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/ecdsa/fips_ecdsa_lib.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/ecdsa/fips_ecdsa_selftest.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/ecdsa/fips_ecdsa_sign.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/ecdsa/fips_ecdsavs.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/fips.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/fips.h 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/fips_auth.in 已删除 100644 → 0
浏览文件 @ 00b4ee76
/* ====================================================================
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#define FIPS_AUTH_KEY "etaonrishdlcupfm"
#define FIPS_AUTH_CRYPTO_OFFICER "7f92562d409c903322c0f94a1188ae8178339a4f"
#define FIPS_AUTH_CRYPTO_USER "cb6cbdaad26cd210a8b31a5d56a876ee1d51a96c"
fips/fips_canister.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/fips_locl.h 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/fips_post.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/fips_premain.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/fips_premain.c.sha1 已删除 100644 → 0
浏览文件 @ 00b4ee76
HMAC-SHA1(fips_premain.c)= 1eaf66f76187877ff403708a2948d240f92736a0
fips/fips_test_suite.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/fips_utl.h 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/fipsalgtest.pl 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/fipsld 已删除 100755 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/fipssyms.h 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/hmac/Makefile 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/hmac/fips_hmac_selftest.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/hmac/fips_hmactest.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/mkfipsscr.pl 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/rand/Makefile 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/rand/fips_drbg_ctr.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/rand/fips_drbg_ec.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/rand/fips_drbg_hash.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/rand/fips_drbg_hmac.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/rand/fips_drbg_lib.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/rand/fips_drbg_rand.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/rand/fips_drbg_selftest.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/rand/fips_drbg_selftest.h 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/rand/fips_drbgvs.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/rand/fips_rand.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/rand/fips_rand.h 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/rand/fips_rand_lcl.h 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/rand/fips_rand_lib.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/rand/fips_rand_selftest.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/rand/fips_randtest.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/rand/fips_rngvs.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/rsa/Makefile 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/rsa/fips_rsa_lib.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/rsa/fips_rsa_selftest.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/rsa/fips_rsa_sign.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/rsa/fips_rsagtest.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/rsa/fips_rsastest.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/rsa/fips_rsavtest.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/sha/Makefile 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/sha/fips_sha1_selftest.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/sha/fips_shatest.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/sha/fips_standalone_sha1.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/tools/README 已删除 100644 → 0
浏览文件 @ 00b4ee76
FIPS tools explained
====================
api_list.pl
a script to produce an API description, saying what parameters are
for input, output or both.
Most often, the direction of a parameter is determined automatically.
However, quite a number of them are educated guesses. Either way,
the information is stored in the file declarations.dat in this
directory, and can be manually corrected; simply go through
declarations.dat, look for any value with the key 'direction'
where the value contains a question mark. Those should be changed
to whatever is true, and the values should be one of the
following:
<- output
-> input
<-> both
api_fns.pm
a module that helps api_list.pl do its job.
declarations.dat
a file of information about public fips symbols. See api_list.pl
above.
fips/tools/api_fns.pm 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/tools/api_list.pl 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/tools/declarations.dat 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/utl/Makefile 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/utl/fips_enc.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/utl/fips_err.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/utl/fips_lck.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/utl/fips_md.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
fips/utl/fips_mem.c 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
util/arx.pl 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
util/fipsas.pl 已删除 100644 → 0
浏览文件 @ 00b4ee76
此差异已折叠。
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册