Update branch with current state

Author: abkarcher

Diff for: app/Makefile.am

@@ -8,8 +8,8 @@ bin_PROGRAMS = amvp_app
 
 amvp_app_includedir=$(includedir)/amvp
 amvp_app_SOURCES = ${tmp_sources}
-amvp_app_CFLAGS = -g -fPIE $(LIBAMVP_CFLAGS) $(SSL_CFLAGS) $(FOM_CFLAGS) $(SAFEC_CFLAGS) $(COND_ALG_CFLAGS)
-amvp_app_LDFLAGS = $(LIBAMVP_LDFLAGS) $(SSL_LDFLAGS) $(FOM_LDFLAGS)
+amvp_app_CFLAGS = -g -fPIE $(LIBAMVP_CFLAGS) $(SSL_CFLAGS) $(SAFEC_CFLAGS) $(COND_ALG_CFLAGS)
+amvp_app_LDFLAGS = $(LIBAMVP_LDFLAGS) $(SSL_LDFLAGS)
 amvp_app_LDADD = $(ADDL_LIB_DEPENDENCIES)
 
 if FORCE_STATIC
@@ -20,7 +20,3 @@ if ! BUILDING_OFFLINE
 amvp_app_LDFLAGS += $(LIBCURL_LDFLAGS)
 amvp_app_CFLAGS += $(LIBCURL_CFLAGS)
 endif
-
-if USE_FOM_OBJ
-amvp_app_LDADD += $(FOM_OBJ_DIR)/fipscanister.o
-endif

Diff for: app/app_cli.c

@@ -14,9 +14,6 @@
 #include "amvp/amvp.h"
 #include "safe_lib.h"
 
-#include <openssl/crypto.h>
-#include <openssl/evp.h>
-
 #define AMVP_APP_HELP_MSG "Use amvp_app --help for more information."
 
 static void print_usage(int code) {
@@ -159,7 +156,7 @@ static void print_usage(int code) {
     printf("To get info about a created module from the AMVP server:\n");
     printf("      --get_module <module_info_file>\n");
     printf("To request module certificate using a predefined request file:\n");
-    printf("      --module_cert_req <request_file>\n");
+    printf("      --module_cert_req --with_module <module_id_number> --with_vendor <vendor_id_number> --with-contact <CMVP contact ID> ...\n");
     printf("\n");
     printf("To post all resources a predefined resource json file:\n");
     printf("      --post_resources <resource_file>\n");
@@ -194,27 +191,6 @@ static void print_usage(int code) {
 
 static void print_version_info(void) {
     printf("\nAMVP library version(protocol version): %s(%s)\n\n", amvp_version(), amvp_protocol_version());
-    printf("        Runtime mode: yes\n");
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-    if (FIPS_mode()) {
-        printf("           FIPS mode: yes\n");
-    } else {
-        printf("           FIPS mode: no\n");
-    }
-#else
-    if (EVP_default_properties_is_fips_enabled(NULL)) {
-        printf("           FIPS by default: yes\n");
-    } else {
-        printf("           FIPS by default: no\n");
-    }
-#endif
-
-#ifdef OPENSSL_VERSION_TEXT
-    printf("Compiled SSL version: %s\n", OPENSSL_VERSION_TEXT);
-#else
-    printf("Compiled SSL version: not detected\n");
-#endif
-    printf("  Linked SSL version: %s\n", OpenSSL_version(OPENSSL_VERSION));
 }
 
 static ko_longopt_t longopts[] = {
@@ -227,24 +203,6 @@ static ko_longopt_t longopts[] = {
     { "verbose", ko_no_argument, 307 },
     { "none", ko_no_argument, 308 },
     { "sample", ko_no_argument, 309 },
-    { "aes", ko_no_argument, 310 },
-    { "tdes", ko_no_argument, 311 },
-    { "hash", ko_no_argument, 312 },
-    { "cmac", ko_no_argument, 313 },
-    { "hmac", ko_no_argument, 314 },
-    { "kdf", ko_no_argument, 315 },
-    { "dsa", ko_no_argument, 316 },
-    { "rsa", ko_no_argument, 317 },
-    { "drbg", ko_no_argument, 318 },
-    { "ecdsa", ko_no_argument, 319 },
-    { "kas_ecc", ko_no_argument, 320 },
-    { "kas_ffc", ko_no_argument, 321 },
-    { "safe_primes", ko_no_argument, 322 },
-    { "kas_ifc", ko_no_argument, 323 },
-    { "kts_ifc", ko_no_argument, 324 },
-    { "kda", ko_no_argument, 325 },
-    { "kmac", ko_no_argument, 326 },
-    { "all_algs", ko_no_argument, 350 },
     { "manual_registration", ko_required_argument, 400 },
     { "kat", ko_required_argument, 401 },
     { "fips_validation", ko_required_argument, 402 },
@@ -264,13 +222,13 @@ static ko_longopt_t longopts[] = {
     { "cost", ko_no_argument, 416 },
     { "debug", ko_no_argument, 417 },
     { "get_registration", ko_no_argument, 418 },
-    { "module_cert_req", ko_required_argument, 419 },
+    { "module_cert_req", ko_no_argument, 419 },
     { "post_resources", ko_required_argument, 420 },
     { "create_module", ko_required_argument, 421 },
     { "get_module", ko_required_argument, 422 },
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-    { "disable_fips", ko_no_argument, 500 },
-#endif
+    { "with_module", ko_required_argument, 423 },
+    { "with_vendor", ko_required_argument, 424} ,
+    { "with_contact", ko_required_argument, 425 } ,
     { NULL, 0, 0 }
 };
 
@@ -279,26 +237,6 @@ static void default_config(APP_CONFIG *cfg) {
     cfg->level = AMVP_LOG_LVL_STATUS;
 }
 
-static void enable_all_algorithms(APP_CONFIG *cfg) {
-    cfg->aes = 1;
-    cfg->tdes = 1;
-    cfg->hash = 1;
-    cfg->cmac = 1;
-    cfg->hmac = 1;
-    cfg->kmac = 1;
-    cfg->dsa = 1;
-    cfg->kas_ffc = 1;
-    cfg->safe_primes = 1;
-    cfg->rsa = 1;
-    cfg->drbg = 1;
-    cfg->ecdsa = 1;
-    cfg->kas_ecc = 1;
-    cfg->kas_ifc = 1;
-    cfg->kda = 1;
-    cfg->kts_ifc = 1;
-    cfg->kdf = 1;
-}
-
 static const char* lookup_arg_name(int c) {
     int i = 0;
     int arrlen = sizeof(longopts) / sizeof(ko_longopt_t);
@@ -325,7 +263,7 @@ static int check_option_length(const char *opt, int c, int maxAllowed) {
 
 int ingest_cli(APP_CONFIG *cfg, int argc, char **argv) {
     ketopt_t opt = KETOPT_INIT;
-    int c = 0, diff = 0, len = 0;
+    int c = 0, diff = 0, tmp = 0;
 
     cfg->empty_alg = 1;
 
@@ -343,12 +281,12 @@ int ingest_cli(APP_CONFIG *cfg, int argc, char **argv) {
         case 'h':
         case 302:
             if (opt.arg) {
-                len = strnlen_s(opt.arg, JSON_FILENAME_LENGTH + 1);
-                if (len > JSON_FILENAME_LENGTH || len <= 0) {
+                tmp = strnlen_s(opt.arg, JSON_FILENAME_LENGTH + 1);
+                if (tmp > JSON_FILENAME_LENGTH || tmp <= 0) {
                     printf("invalid help option length\n");
                     return 1;
                 }
-                strncmp_s(opt.arg, len, "--verbose", 9, &diff);
+                strncmp_s(opt.arg, tmp, "--verbose", 9, &diff);
                 if (!diff) {
                     print_usage(AMVP_LOG_LVL_VERBOSE);
                 } else {
@@ -379,80 +317,6 @@ int ingest_cli(APP_CONFIG *cfg, int argc, char **argv) {
         case 309:
             cfg->sample = 1;
             break;
-        case 310:
-            cfg->aes = 1;
-            cfg->empty_alg = 0;
-            break;
-        case 311:
-            cfg->tdes = 1;
-            cfg->empty_alg = 0;
-            break;
-        case 312:
-            cfg->hash = 1;
-            cfg->empty_alg = 0;
-            break;
-        case 313:
-            cfg->cmac = 1;
-            cfg->empty_alg = 0;
-            break;
-        case 314:
-            cfg->hmac = 1;
-            cfg->empty_alg = 0;
-            break;
-        case 315:
-            cfg->kdf = 1;
-            cfg->empty_alg = 0;
-            break;
-        case 316:
-            cfg->dsa = 1;
-            cfg->empty_alg = 0;
-            break;
-        case 317:
-            cfg->rsa = 1;
-            cfg->empty_alg = 0;
-            break;
-        case 318:
-            cfg->drbg = 1;
-            cfg->empty_alg = 0;
-            break;
-        case 319:
-            cfg->ecdsa = 1;
-            cfg->empty_alg = 0;
-            break;
-        case 320:
-            cfg->kas_ecc = 1;
-            cfg->empty_alg = 0;
-            break;
-        case 321:
-            cfg->kas_ffc = 1;
-            cfg->empty_alg = 0;
-            break;
-        case 322:
-            cfg->safe_primes = 1;
-            cfg->empty_alg = 0;
-            break;
-        case 323:
-            cfg->kas_ifc = 1;
-            cfg->empty_alg = 0;
-            break;
-        case 324:
-            cfg->kts_ifc = 1;
-            cfg->empty_alg = 0;
-            break;
-        case 325:
-            cfg->kda = 1;
-            cfg->empty_alg = 0;
-            break;
-        case 326:
-            cfg->kmac = 1;
-            cfg->empty_alg = 0;
-            break;
-        case 'a':
-        case 350:
-            enable_all_algorithms(cfg);
-            cfg->empty_alg = 0;
-            cfg->testall = 1;
-            break;
 
         case 400:
             cfg->manual_reg = 1;
@@ -600,10 +464,6 @@ int ingest_cli(APP_CONFIG *cfg, int argc, char **argv) {
 
         case 419:
             cfg->mod_cert_req = 1;
-            if (!check_option_length(opt.arg, c, JSON_FILENAME_LENGTH)) {
-                return 1;
-            }
-            strcpy_s(cfg->mod_cert_req_file, JSON_FILENAME_LENGTH + 1, opt.arg);
             break;
 
         case 420:
@@ -630,6 +490,37 @@ int ingest_cli(APP_CONFIG *cfg, int argc, char **argv) {
             strcpy_s(cfg->get_module_file, JSON_FILENAME_LENGTH + 1, opt.arg);
             break;
 
+        case 423:
+            tmp = atoi(opt.arg);
+            if (!tmp) {
+                printf("Invalid module ID format\n");
+                return 1;
+            }
+            printf("Module ID: %d\n", tmp);
+            cfg->module_id = tmp;
+            break;
+
+        case 424:
+            tmp = atoi(opt.arg);
+            if (!tmp) {
+                printf("Invalid vendor ID format\n");
+                return 1;
+            }
+            cfg->vendor_id = tmp;
+            break;
+
+        case 425:
+            if (cfg->num_contacts >= AMVP_MAX_CONTACTS_PER_CERT_REQ) {
+                printf("Too many contacts provided for cert req\n");
+                return 1;
+            }
+            if (!check_option_length(opt.arg, c, AMVP_CONTACT_STR_MAX_LEN)) {
+                return 1;
+            }
+            strcpy_s(cfg->contact_ids[cfg->num_contacts], AMVP_CONTACT_STR_MAX_LEN + 1, opt.arg);
+            cfg->num_contacts++;
+            break;
+
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
         case 500:
             cfg->disable_fips = 1;
@@ -671,6 +562,15 @@ int ingest_cli(APP_CONFIG *cfg, int argc, char **argv) {
         return 1;
     }
 
+    if (cfg->mod_cert_req && (!cfg->module_id || !cfg->vendor_id || !cfg->num_contacts)) {
+        printf("Module cert request requires module module ID, vendor ID, and at least one contact ID to be provided\n");
+        return 1;
+    }
+
+    if (!cfg->mod_cert_req && (cfg->module_id || cfg->vendor_id || cfg->num_contacts)) {
+        printf("Warning: Module ID/Vendor ID/Contact ID provided, but not performing a cert request. These options will be ignored\n");
+    }
+
     printf("\n");
 
     return 0;

Diff for: app/app_lcl.h

@@ -72,22 +72,15 @@ typedef struct app_config {
     char create_module_file[JSON_FILENAME_LENGTH + 1];
     char get_module_file[JSON_FILENAME_LENGTH + 1];
     char post_resources_filename[JSON_FILENAME_LENGTH + 1];
+    char contact_ids[AMVP_MAX_CONTACTS_PER_CERT_REQ][AMVP_CONTACT_STR_MAX_LEN + 1];
 
-    /*
-     * Algorithm Flags
-     * 0 is off, 1 is on
-     */
-    int aes; int tdes;
-    int hash; int cmac; int hmac; int kmac;
-    int dsa; int rsa;
-    int drbg; int ecdsa;
-    int kas_ecc; int kas_ffc; int kas_ifc; int kda; int kts_ifc;
-    int kdf;
-    int safe_primes;
+    int num_contacts;
     int mod_cert_req;
     int post_resources;
     int create_module;
     int get_module;
+    int module_id;
+    int vendor_id;
     int testall; /* So the app can check whether the user indicated to test all possible algorithms */
 } APP_CONFIG;
 
@@ -98,15 +91,6 @@ unsigned int swap_uint_endian(unsigned int i);
 int check_is_little_endian(void);
 char *remove_str_const(const char *str);
 int save_string_to_file(const char *str, const char *path);
-int get_nid_for_curve(AMVP_EC_CURVE curve);
-const EVP_MD *get_md_for_hash_alg(AMVP_HASH_ALG alg);
-const char *get_md_string_for_hash_alg(AMVP_HASH_ALG alg, int *md_size);
-char *ec_point_to_pub_key(unsigned char *x, int x_len, unsigned char *y, int y_len, int *key_len);
-
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-AMVP_RESULT fips_sanity_check(void);
-const char *get_string_from_oid(unsigned char *oid, int oid_len);
-#endif
 
 #ifdef __cplusplus
 }

Diff for: app/app_main.c

@@ -15,21 +15,9 @@
  * It will default to 127.0.0.1 port 443 if no arguments are given.
  */
 #include <stdio.h>
-#include <openssl/rsa.h>
-#include <openssl/bn.h>
 
 #include "app_lcl.h"
 
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-#include <openssl/provider.h>
-#include <openssl/evp.h>
-#ifdef _WIN32
-#include <Windows.h>
-#else
-#include <unistd.h>
-#endif
-#endif
-
 #include "safe_mem_lib.h"
 #include "safe_str_lib.h"
 
@@ -182,6 +170,7 @@ int main(int argc, char **argv) {
      * This may or may not be turned on...
      */
     if (app_setup_two_factor_auth(ctx)) {
+        printf("Error setting  up two factor auth\n");
         goto end;
     }
 
@@ -264,7 +253,6 @@ int main(int argc, char **argv) {
         if (reg) free(reg);
         goto end;
     }
-
     if (cfg.kat) {
        rv = amvp_load_kat_filename(ctx, cfg.kat_file);
        goto end;
@@ -350,7 +338,10 @@ int main(int argc, char **argv) {
     }
 
     if (cfg.mod_cert_req) {
-        rv = amvp_mark_as_cert_req(ctx, cfg.mod_cert_req_file);
+        rv = amvp_mark_as_cert_req(ctx, cfg.module_id, cfg.vendor_id);
+        for (diff = 0; diff < cfg.num_contacts; diff++) {
+            amvp_cert_req_add_contact(ctx, cfg.contact_ids[diff]);
+        }
     }
 
     if (cfg.create_module) {