Update fips_dhvs to handle functional test by generating keys.

fips/dh/fips_dhvs.c

@@ -106,42 +106,111 @@ static const EVP_MD *parse_md(char *line)
 		return NULL;
 	}
 
+static void output_Zhash(FILE *out, int exout,
+				DH *dh, BIGNUM *peerkey, const EVP_MD *md,
+				unsigned char *rhash, size_t rhashlen)
+	{
+	unsigned char *Z;
+	unsigned char chash[EVP_MAX_MD_SIZE];
+	int Zlen;
+	if (rhash == NULL)
+		{
+		rhashlen = M_EVP_MD_size(md);
+		if (!DH_generate_key(dh))
+			exit (1);
+		do_bn_print_name(out, "YephemIUT", dh->pub_key);
+		if (exout)
+			do_bn_print_name(out, "XephemIUT", dh->priv_key);
+		}
+	Z = OPENSSL_malloc(BN_num_bytes(dh->p));
+	if (!Z)
+		exit(1);
+	Zlen = DH_compute_key_padded(Z, peerkey, dh);
+	if (exout)
+		OutputValue("Z", Z, Zlen, out, 0);
+	FIPS_digest(Z, Zlen, chash, NULL, md);
+	OutputValue(rhash ? "IUTHashZZ" : "HashZZ", chash, rhashlen, out, 0);
+	if (rhash)
+		{
+		fprintf(out, "Result = %s\n",
+				memcmp(chash, rhash, rhashlen) ? "F" : "P");
+		}
+	else
+		{
+		BN_clear_free(dh->priv_key);
+		BN_clear_free(dh->pub_key);
+		dh->priv_key = NULL;
+		dh->pub_key = NULL;
+		}
+	OPENSSL_cleanse(Z, Zlen);
+	OPENSSL_free(Z);
+	}
+		
 int main(int argc,char **argv)
 	{
+	char **args = argv + 1;
+	int argn = argc - 1;
 	FILE *in, *out;
 	char buf[2048], lbuf[2048];
-	unsigned char *rhash, chash[EVP_MAX_MD_SIZE];
+	unsigned char *rhash;
 	long rhashlen;
 	DH *dh = NULL;
 	const EVP_MD *md = NULL;
 	BIGNUM *peerkey = NULL;
 	char *keyword = NULL, *value = NULL;
+	int do_verify = -1, exout = 0;
 
 	fips_set_error_print();
 
-	if (argc == 3)
+	if (argn && !strcmp(*args, "dhver"))
 		{
-		in = fopen(argv[1], "r");
+		do_verify = 1;
+		args++;
+		argn--;
+		}
+	else if (argn && !strcmp(*args, "dhgen"))
+		{
+		do_verify = 0;
+		args++;
+		argn--;
+		}
+
+	if (argn && !strcmp(*args, "-exout"))
+		{
+		exout = 1;
+		args++;
+		argn--;
+		}
+
+	if (do_verify == -1)
+		{
+		fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]);
+		exit(1);
+		}
+
+	if (argn == 2)
+		{
+		in = fopen(*args, "r");
 		if (!in)
 			{
 			fprintf(stderr, "Error opening input file\n");
 			exit(1);
 			}
-		out = fopen(argv[2], "w");
+		out = fopen(args[1], "w");
 		if (!out)
 			{
 			fprintf(stderr, "Error opening output file\n");
 			exit(1);
 			}
 		}
-	else if (argc == 1)
+	else if (argn == 0)
 		{
 		in = stdin;
 		out = stdout;
 		}
 	else
 		{
-		fprintf(stderr,"%s (infile outfile)\n",argv[0]);
+		fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]);
 		exit(1);
 		}
 
@@ -162,7 +231,6 @@ int main(int argc,char **argv)
 			}
 		if (!parse_line(&keyword, &value, lbuf, buf))
 			continue;
-
 		if (!strcmp(keyword, "P"))
 			{
 			if (!do_hex2bn(&dh->p, value))
@@ -192,26 +260,19 @@ int main(int argc,char **argv)
 			{
 			if (!do_hex2bn(&peerkey, value))
 				goto parse_error;
+			if (do_verify == 0)
+				output_Zhash(out, exout, dh, peerkey, md,
+							NULL, 0);
 			}
 		else if (!strcmp(keyword, "CAVSHashZZ"))
 			{
-			int Zlen;
-			unsigned char *Z;
 			if (!md)
 				goto parse_error;
 			rhash = hex2bin_m(value, &rhashlen);
 			if (!rhash || rhashlen != M_EVP_MD_size(md))
 				goto parse_error;
-			Z = OPENSSL_malloc(BN_num_bytes(dh->p));
-			if (!Z)
-				exit(1);
-			Zlen = DH_compute_key_padded(Z, peerkey, dh);
-			OutputValue("Z", Z, Zlen, out, 0);
-			FIPS_digest(Z, Zlen, chash, NULL, md);
-			OutputValue("IUTHashZZ", chash, rhashlen, out, 0);
-			fprintf(out, "Result = %s\n",
-				memcmp(chash, rhash, rhashlen) ? "F" : "P");
-			OPENSSL_free(Z);
+			output_Zhash(out, exout, dh, peerkey, md,
+							rhash, rhashlen);
 			}
 		}
 	return 0;