3e8b5b
diff -up openssh-6.8p1/Makefile.in.kdf-cavs openssh-6.8p1/Makefile.in
3e8b5b
--- openssh-6.8p1/Makefile.in.kdf-cavs	2015-03-18 11:23:46.346049359 +0100
3e8b5b
+++ openssh-6.8p1/Makefile.in	2015-03-18 11:24:20.395968445 +0100
3e8b5b
@@ -29,6 +29,7 @@ SSH_LDAP_HELPER=$(libexecdir)/ssh-ldap-h
3e8b5b
 SSH_LDAP_WRAPPER=$(libexecdir)/ssh-ldap-wrapper
3e8b5b
 SSH_KEYCAT=$(libexecdir)/ssh-keycat
3e8b5b
 CTR_CAVSTEST=$(libexecdir)/ctr-cavstest
3e8b5b
+SSH_CAVS=$(libexecdir)/ssh-cavs
3e8b5b
 SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
3e8b5b
 PRIVSEP_PATH=@PRIVSEP_PATH@
3e8b5b
 SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
3e8b5b
@@ -67,7 +68,7 @@ EXEEXT=@EXEEXT@
3e8b5b
 MKDIR_P=@MKDIR_P@
3e8b5b
 INSTALL_SSH_LDAP_HELPER=@INSTALL_SSH_LDAP_HELPER@
3e8b5b
 
3e8b5b
-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT) ctr-cavstest$(EXEEXT)
3e8b5b
+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT) ctr-cavstest$(EXEEXT) ssh-cavs$(EXEEXT)
3e8b5b
 
3e8b5b
 XMSS_OBJS=\
3e8b5b
 	ssh-xmss.o \
3e8b5b
@@ -198,6 +199,9 @@ ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHD
3e8b5b
 ctr-cavstest$(EXEEXT): $(LIBCOMPAT) libssh.a ctr-cavstest.o
3009ed
 	$(LD) -o $@ ctr-cavstest.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
3e8b5b
 
3e8b5b
+ssh-cavs$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-cavs.o
3e8b5b
+	$(LD) -o $@ ssh-cavs.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
3e8b5b
+
3e8b5b
 ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
3e8b5b
 	$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
3e8b5b
 
3e8b5b
@@ -331,6 +335,8 @@ install-files:
3e8b5b
 	fi
3e8b5b
 	$(INSTALL) -m 0755 $(STRIP_OPT) ssh-keycat$(EXEEXT) $(DESTDIR)$(libexecdir)/ssh-keycat$(EXEEXT)
3e8b5b
 	$(INSTALL) -m 0755 $(STRIP_OPT) ctr-cavstest$(EXEEXT) $(DESTDIR)$(libexecdir)/ctr-cavstest$(EXEEXT)
3e8b5b
+	$(INSTALL) -m 0755 $(STRIP_OPT) ssh-cavs$(EXEEXT) $(DESTDIR)$(libexecdir)/ssh-cavs$(EXEEXT)
3e8b5b
+	$(INSTALL) -m 0755 $(STRIP_OPT) ssh-cavs_driver.pl $(DESTDIR)$(libexecdir)/ssh-cavs_driver.pl
3e8b5b
 	$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
3e8b5b
 	$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
3e8b5b
 	$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
3e8b5b
diff -up openssh-6.8p1/ssh-cavs.c.kdf-cavs openssh-6.8p1/ssh-cavs.c
3e8b5b
--- openssh-6.8p1/ssh-cavs.c.kdf-cavs	2015-03-18 11:23:46.348049354 +0100
3e8b5b
+++ openssh-6.8p1/ssh-cavs.c	2015-03-18 11:23:46.348049354 +0100
3e8b5b
@@ -0,0 +1,387 @@
3e8b5b
+/*
3e8b5b
+ * Copyright (C) 2015, Stephan Mueller <smueller@chronox.de>
3e8b5b
+ *
3e8b5b
+ * Redistribution and use in source and binary forms, with or without
3e8b5b
+ * modification, are permitted provided that the following conditions
3e8b5b
+ * are met:
3e8b5b
+ * 1. Redistributions of source code must retain the above copyright
3e8b5b
+ *    notice, and the entire permission notice in its entirety,
3e8b5b
+ *    including the disclaimer of warranties.
3e8b5b
+ * 2. Redistributions in binary form must reproduce the above copyright
3e8b5b
+ *    notice, this list of conditions and the following disclaimer in the
3e8b5b
+ *    documentation and/or other materials provided with the distribution.
3e8b5b
+ * 3. The name of the author may not be used to endorse or promote
3e8b5b
+ *    products derived from this software without specific prior
3e8b5b
+ *    written permission.
3e8b5b
+ *
3e8b5b
+ * ALTERNATIVELY, this product may be distributed under the terms of
3e8b5b
+ * the GNU General Public License, in which case the provisions of the GPL2
3e8b5b
+ * are required INSTEAD OF the above restrictions.  (This clause is
3e8b5b
+ * necessary due to a potential bad interaction between the GPL and
3e8b5b
+ * the restrictions contained in a BSD-style copyright.)
3e8b5b
+ *
3e8b5b
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
3e8b5b
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
3e8b5b
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF
3e8b5b
+ * WHICH ARE HEREBY DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE
3e8b5b
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
3e8b5b
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
3e8b5b
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
3e8b5b
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
3e8b5b
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
3e8b5b
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
3e8b5b
+ * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH
3e8b5b
+ * DAMAGE.
3e8b5b
+ */
3e8b5b
+
3e8b5b
+#include "includes.h"
3e8b5b
+
3e8b5b
+#include <stdio.h>
3e8b5b
+#include <stdlib.h>
3e8b5b
+#include <errno.h>
3e8b5b
+#include <sys/types.h>
3e8b5b
+#include <string.h>
3e8b5b
+
3e8b5b
+#include <openssl/bn.h>
3e8b5b
+
3e8b5b
+#include "xmalloc.h"
3e8b5b
+#include "sshbuf.h"
3e8b5b
+#include "sshkey.h"
3e8b5b
+#include "cipher.h"
3e8b5b
+#include "kex.h"
3e8b5b
+#include "packet.h"
3e8b5b
+#include "digest.h"
3e8b5b
+
3e8b5b
+static int bin_char(unsigned char hex)
3e8b5b
+{
3e8b5b
+	if (48 <= hex && 57 >= hex)
3e8b5b
+		return (hex - 48);
3e8b5b
+	if (65 <= hex && 70 >= hex)
3e8b5b
+		return (hex - 55);
3e8b5b
+	if (97 <= hex && 102 >= hex)
3e8b5b
+		return (hex - 87);
3e8b5b
+	return 0;
3e8b5b
+}
3e8b5b
+
3e8b5b
+/*
3e8b5b
+ * Convert hex representation into binary string
3e8b5b
+ * @hex input buffer with hex representation
3e8b5b
+ * @hexlen length of hex
3e8b5b
+ * @bin output buffer with binary data
3e8b5b
+ * @binlen length of already allocated bin buffer (should be at least
3e8b5b
+ *	   half of hexlen -- if not, only a fraction of hexlen is converted)
3e8b5b
+ */
3e8b5b
+static void hex2bin(const char *hex, size_t hexlen,
3e8b5b
+		    unsigned char *bin, size_t binlen)
3e8b5b
+{
3e8b5b
+	size_t i = 0;
3e8b5b
+	size_t chars = (binlen > (hexlen / 2)) ? (hexlen / 2) : binlen;
3e8b5b
+
3e8b5b
+	for (i = 0; i < chars; i++) {
3e8b5b
+		bin[i] = bin_char(hex[(i*2)]) << 4;
3e8b5b
+		bin[i] |= bin_char(hex[((i*2)+1)]);
3e8b5b
+	}
3e8b5b
+}
3e8b5b
+
3e8b5b
+/*
3e8b5b
+ * Allocate sufficient space for binary representation of hex
3e8b5b
+ * and convert hex into bin
3e8b5b
+ *
3e8b5b
+ * Caller must free bin
3e8b5b
+ * @hex input buffer with hex representation
3e8b5b
+ * @hexlen length of hex
3e8b5b
+ * @bin return value holding the pointer to the newly allocated buffer
3e8b5b
+ * @binlen return value holding the allocated size of bin
3e8b5b
+ *
3e8b5b
+ * return: 0 on success, !0 otherwise
3e8b5b
+ */
3e8b5b
+static int hex2bin_alloc(const char *hex, size_t hexlen,
3e8b5b
+			 unsigned char **bin, size_t *binlen)
3e8b5b
+{
3e8b5b
+	unsigned char *out = NULL;
3e8b5b
+	size_t outlen = 0;
3e8b5b
+
3e8b5b
+	if (!hexlen)
3e8b5b
+		return -EINVAL;
3e8b5b
+
3e8b5b
+	outlen = (hexlen + 1) / 2;
3e8b5b
+
3e8b5b
+	out = calloc(1, outlen);
3e8b5b
+	if (!out)
3e8b5b
+		return -errno;
3e8b5b
+
3e8b5b
+	hex2bin(hex, hexlen, out, outlen);
3e8b5b
+	*bin = out;
3e8b5b
+	*binlen = outlen;
3e8b5b
+	return 0;
3e8b5b
+}
3e8b5b
+
3e8b5b
+static char hex_char_map_l[] = { '0', '1', '2', '3', '4', '5', '6', '7',
3e8b5b
+				 '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
3e8b5b
+static char hex_char_map_u[] = { '0', '1', '2', '3', '4', '5', '6', '7',
3e8b5b
+				 '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' };
3e8b5b
+static char hex_char(unsigned int bin, int u)
3e8b5b
+{
3e8b5b
+	if (bin < sizeof(hex_char_map_l))
3e8b5b
+		return (u) ? hex_char_map_u[bin] : hex_char_map_l[bin];
3e8b5b
+	return 'X';
3e8b5b
+}
3e8b5b
+
3e8b5b
+/*
3e8b5b
+ * Convert binary string into hex representation
3e8b5b
+ * @bin input buffer with binary data
3e8b5b
+ * @binlen length of bin
3e8b5b
+ * @hex output buffer to store hex data
3e8b5b
+ * @hexlen length of already allocated hex buffer (should be at least
3e8b5b
+ *	   twice binlen -- if not, only a fraction of binlen is converted)
3e8b5b
+ * @u case of hex characters (0=>lower case, 1=>upper case)
3e8b5b
+ */
3e8b5b
+static void bin2hex(const unsigned char *bin, size_t binlen,
3e8b5b
+		    char *hex, size_t hexlen, int u)
3e8b5b
+{
3e8b5b
+	size_t i = 0;
3e8b5b
+	size_t chars = (binlen > (hexlen / 2)) ? (hexlen / 2) : binlen;
3e8b5b
+
3e8b5b
+	for (i = 0; i < chars; i++) {
3e8b5b
+		hex[(i*2)] = hex_char((bin[i] >> 4), u);
3e8b5b
+		hex[((i*2)+1)] = hex_char((bin[i] & 0x0f), u);
3e8b5b
+	}
3e8b5b
+}
3e8b5b
+
3e8b5b
+struct kdf_cavs {
3e8b5b
+	unsigned char *K;
3e8b5b
+	size_t Klen;
3e8b5b
+	unsigned char *H;
3e8b5b
+	size_t Hlen;
3e8b5b
+	unsigned char *session_id;
3e8b5b
+	size_t session_id_len;
3e8b5b
+
3e8b5b
+	unsigned int iv_len;
3e8b5b
+	unsigned int ek_len;
3e8b5b
+	unsigned int ik_len;
3e8b5b
+};
3e8b5b
+
3e8b5b
+static int sshkdf_cavs(struct kdf_cavs *test)
3e8b5b
+{
3e8b5b
+	int ret = 0;
3e8b5b
+	struct kex kex;
3e8b5b
+	struct sshbuf *Kb = NULL;
3e8b5b
+	BIGNUM *Kbn = NULL;
3e8b5b
+	int mode = 0;
3e8b5b
+	struct newkeys *ctoskeys;
3e8b5b
+	struct newkeys *stockeys;
3e8b5b
+	struct ssh *ssh = NULL;
3e8b5b
+
3e8b5b
+#define HEXOUTLEN 500
3e8b5b
+	char hex[HEXOUTLEN];
3e8b5b
+
3e8b5b
+	memset(&kex, 0, sizeof(struct kex));
3e8b5b
+
3e8b5b
+	Kbn = BN_new();
3e8b5b
+	BN_bin2bn(test->K, test->Klen, Kbn);
3e8b5b
+	if (!Kbn) {
3e8b5b
+		printf("cannot convert K into bignum\n");
3e8b5b
+		ret = 1;
3e8b5b
+		goto out;
3e8b5b
+	}
3e8b5b
+	Kb = sshbuf_new();
3e8b5b
+	if (!Kb) {
3e8b5b
+		printf("cannot convert K into sshbuf\n");
3e8b5b
+		ret = 1;
3e8b5b
+		goto out;
3e8b5b
+	}
3e8b5b
+	sshbuf_put_bignum2(Kb, Kbn);
3e8b5b
+
3e8b5b
+	kex.session_id = test->session_id;
3e8b5b
+	kex.session_id_len = test->session_id_len;
3e8b5b
+
3e8b5b
+	/* setup kex */
3e8b5b
+
3e8b5b
+	/* select the right hash based on struct ssh_digest digests */
3e8b5b
+	switch (test->ik_len) {
3e8b5b
+		case 20:
3e8b5b
+			kex.hash_alg = SSH_DIGEST_SHA1;
3e8b5b
+			break;
3e8b5b
+		case 32:
3e8b5b
+			kex.hash_alg = SSH_DIGEST_SHA256;
3e8b5b
+			break;
3e8b5b
+		case 48:
3e8b5b
+			kex.hash_alg = SSH_DIGEST_SHA384;
3e8b5b
+			break;
3e8b5b
+		case 64:
3e8b5b
+			kex.hash_alg = SSH_DIGEST_SHA512;
3e8b5b
+			break;
3e8b5b
+		default:
3e8b5b
+			printf("Wrong hash type %u\n", test->ik_len);
3e8b5b
+			ret = 1;
3e8b5b
+			goto out;
3e8b5b
+	}
3e8b5b
+
3e8b5b
+	/* implement choose_enc */
3e8b5b
+	for (mode = 0; mode < 2; mode++) {
3e8b5b
+		kex.newkeys[mode] = calloc(1, sizeof(struct newkeys));
3e8b5b
+		if (!kex.newkeys[mode]) {
3e8b5b
+			printf("allocation of newkeys failed\n");
3e8b5b
+			ret = 1;
3e8b5b
+			goto out;
3e8b5b
+		}
3e8b5b
+		kex.newkeys[mode]->enc.iv_len = test->iv_len;
3e8b5b
+		kex.newkeys[mode]->enc.key_len = test->ek_len;
3e8b5b
+		kex.newkeys[mode]->enc.block_size = (test->iv_len == 64) ? 8 : 16;
3e8b5b
+		kex.newkeys[mode]->mac.key_len = test->ik_len;
3e8b5b
+	}
3e8b5b
+
3e8b5b
+	/* implement kex_choose_conf */
3e8b5b
+	kex.we_need = kex.newkeys[0]->enc.key_len;
3e8b5b
+	if (kex.we_need < kex.newkeys[0]->enc.block_size)
3e8b5b
+		kex.we_need = kex.newkeys[0]->enc.block_size;
3e8b5b
+	if (kex.we_need < kex.newkeys[0]->enc.iv_len)
3e8b5b
+		kex.we_need = kex.newkeys[0]->enc.iv_len;
3e8b5b
+	if (kex.we_need < kex.newkeys[0]->mac.key_len)
3e8b5b
+		kex.we_need = kex.newkeys[0]->mac.key_len;
3e8b5b
+
3e8b5b
+	/* MODE_OUT (1) -> server to client
3e8b5b
+	 * MODE_IN (0) -> client to server */
3e8b5b
+	kex.server = 1;
3e8b5b
+
3e8b5b
+	/* do it */
3e8b5b
+	if ((ssh = ssh_packet_set_connection(NULL, -1, -1)) == NULL){
3e8b5b
+		printf("Allocation error\n");
3e8b5b
+		goto out;
3e8b5b
+	}
3e8b5b
+	ssh->kex = &ke;;
3e8b5b
+	kex_derive_keys(ssh, test->H, test->Hlen, Kb);
3e8b5b
+
3e8b5b
+	ctoskeys = kex.newkeys[0];
3e8b5b
+	stockeys = kex.newkeys[1];
3e8b5b
+
3e8b5b
+	/* get data */
3e8b5b
+	memset(hex, 0, HEXOUTLEN);
3e8b5b
+	bin2hex(ctoskeys->enc.iv, (size_t)ctoskeys->enc.iv_len,
3e8b5b
+		hex, HEXOUTLEN, 0);
3e8b5b
+	printf("Initial IV (client to server) = %s\n", hex);
3e8b5b
+	memset(hex, 0, HEXOUTLEN);
3e8b5b
+	bin2hex(stockeys->enc.iv, (size_t)stockeys->enc.iv_len,
3e8b5b
+		hex, HEXOUTLEN, 0);
3e8b5b
+	printf("Initial IV (server to client) = %s\n", hex);
3e8b5b
+
3e8b5b
+	memset(hex, 0, HEXOUTLEN);
3e8b5b
+	bin2hex(ctoskeys->enc.key, (size_t)ctoskeys->enc.key_len,
3e8b5b
+		hex, HEXOUTLEN, 0);
3e8b5b
+	printf("Encryption key (client to server) = %s\n", hex);
3e8b5b
+	memset(hex, 0, HEXOUTLEN);
3e8b5b
+	bin2hex(stockeys->enc.key, (size_t)stockeys->enc.key_len,
3e8b5b
+		hex, HEXOUTLEN, 0);
3e8b5b
+	printf("Encryption key (server to client) = %s\n", hex);
3e8b5b
+
3e8b5b
+	memset(hex, 0, HEXOUTLEN);
3e8b5b
+	bin2hex(ctoskeys->mac.key, (size_t)ctoskeys->mac.key_len,
3e8b5b
+		hex, HEXOUTLEN, 0);
3e8b5b
+	printf("Integrity key (client to server) = %s\n", hex);
3e8b5b
+	memset(hex, 0, HEXOUTLEN);
3e8b5b
+	bin2hex(stockeys->mac.key, (size_t)stockeys->mac.key_len,
3e8b5b
+		hex, HEXOUTLEN, 0);
3e8b5b
+	printf("Integrity key (server to client) = %s\n", hex);
3e8b5b
+
3e8b5b
+out:
3e8b5b
+	if (Kbn)
3e8b5b
+		BN_free(Kbn);
3e8b5b
+	if (Kb)
3e8b5b
+		sshbuf_free(Kb);
3e8b5b
+	if (ssh)
3e8b5b
+		ssh_packet_close(ssh);
3e8b5b
+	return ret;
3e8b5b
+}
3e8b5b
+
3e8b5b
+static void usage(void)
3e8b5b
+{
3e8b5b
+	fprintf(stderr, "\nOpenSSH KDF CAVS Test\n\n");
3e8b5b
+	fprintf(stderr, "Usage:\n");
3e8b5b
+	fprintf(stderr, "\t-K\tShared secret string\n");
3e8b5b
+	fprintf(stderr, "\t-H\tHash string\n");
3e8b5b
+	fprintf(stderr, "\t-s\tSession ID string\n");
3e8b5b
+	fprintf(stderr, "\t-i\tIV length to be generated\n");
3e8b5b
+	fprintf(stderr, "\t-e\tEncryption key length to be generated\n");
3e8b5b
+	fprintf(stderr, "\t-m\tMAC key length to be generated\n");
3e8b5b
+}
3e8b5b
+
3e8b5b
+/*
3e8b5b
+ * Test command example:
3e8b5b
+ * ./ssh-cavs -K 0055d50f2d163cc07cd8a93cc7c3430c30ce786b572c01ad29fec7597000cf8618d664e2ec3dcbc8bb7a1a7eb7ef67f61cdaf291625da879186ac0a5cb27af571b59612d6a6e0627344d846271959fda61c78354aa498773d59762f8ca2d0215ec590d8633de921f920d41e47b3de6ab9a3d0869e1c826d0e4adebf8e3fb646a15dea20a410b44e969f4b791ed6a67f13f1b74234004d5fa5e87eff7abc32d49bbdf44d7b0107e8f10609233b7e2b7eff74a4daf25641de7553975dac6ac1e5117df6f6dbaa1c263d23a6c3e5a3d7d49ae8a828c1e333ac3f85fbbf57b5c1a45be45e43a7be1a4707eac779b8285522d1f531fe23f890fd38a004339932b93eda4 -H d3ab91a850febb417a25d892ec48ed5952c7a5de -s d3ab91a850febb417a25d892ec48ed5952c7a5de -i 8 -e 24 -m 20
3e8b5b
+ *
3e8b5b
+ * Initial IV (client to server) = 4bb320d1679dfd3a
3e8b5b
+ * Initial IV (server to client) = 43dea6fdf263a308
3e8b5b
+ * Encryption key (client to server) = 13048cc600b9d3cf9095aa6cf8e2ff9cf1c54ca0520c89ed
3e8b5b
+ * Encryption key (server to client) = 1e483c5134e901aa11fc4e0a524e7ec7b75556148a222bb0
3e8b5b
+ * Integrity key (client to server) = ecef63a092b0dcc585bdc757e01b2740af57d640
3e8b5b
+ * Integrity key (server to client) = 7424b05f3c44a72b4ebd281fb71f9cbe7b64d479
3e8b5b
+ */
3e8b5b
+int main(int argc, char *argv[])
3e8b5b
+{
3e8b5b
+	struct kdf_cavs test;
3e8b5b
+	int ret = 1;
3e8b5b
+	int opt = 0;
3e8b5b
+
3e8b5b
+	memset(&test, 0, sizeof(struct kdf_cavs));
3e8b5b
+	while((opt = getopt(argc, argv, "K:H:s:i:e:m:")) != -1)
3e8b5b
+	{
3e8b5b
+		size_t len = 0;
3e8b5b
+		switch(opt)
3e8b5b
+		{
3e8b5b
+			/*
3e8b5b
+			 * CAVS K is MPINT
3e8b5b
+			 * we want a hex (i.e. the caller must ensure the
3e8b5b
+			 * following transformations already happened):
3e8b5b
+			 * 	1. cut off first four bytes
3e8b5b
+			 * 	2. if most significant bit of value is
3e8b5b
+			 *	   1, prepend 0 byte
3e8b5b
+			 */
3e8b5b
+			case 'K':
3e8b5b
+				len = strlen(optarg);
3e8b5b
+				ret = hex2bin_alloc(optarg, len,
3e8b5b
+						    &test.K, &test.Klen);
3e8b5b
+				if (ret)
3e8b5b
+					goto out;
3e8b5b
+				break;
3e8b5b
+			case 'H':
3e8b5b
+				len = strlen(optarg);
3e8b5b
+				ret = hex2bin_alloc(optarg, len,
3e8b5b
+						    &test.H, &test.Hlen);
3e8b5b
+				if (ret)
3e8b5b
+					goto out;
3e8b5b
+				break;
3e8b5b
+			case 's':
3e8b5b
+				len = strlen(optarg);
3e8b5b
+				ret = hex2bin_alloc(optarg, len,
3e8b5b
+						    &test.session_id,
3e8b5b
+						    &test.session_id_len);
3e8b5b
+				if (ret)
3e8b5b
+					goto out;
3e8b5b
+				break;
3e8b5b
+			case 'i':
3e8b5b
+				test.iv_len = strtoul(optarg, NULL, 10);
3e8b5b
+				break;
3e8b5b
+			case 'e':
3e8b5b
+				test.ek_len = strtoul(optarg, NULL, 10);
3e8b5b
+				break;
3e8b5b
+			case 'm':
3e8b5b
+				test.ik_len = strtoul(optarg, NULL, 10);
3e8b5b
+				break;
3e8b5b
+			default:
3e8b5b
+				usage();
3e8b5b
+				goto out;
3e8b5b
+		}
3e8b5b
+	}
3e8b5b
+
3e8b5b
+	ret = sshkdf_cavs(&test);
3e8b5b
+
3e8b5b
+out:
3e8b5b
+	if (test.session_id)
3e8b5b
+		free(test.session_id);
3e8b5b
+	if (test.K)
3e8b5b
+		free(test.K);
3e8b5b
+	if (test.H)
3e8b5b
+		free(test.H);
3e8b5b
+	return ret;
3e8b5b
+
3e8b5b
+}
3e8b5b
diff -up openssh-6.8p1/ssh-cavs_driver.pl.kdf-cavs openssh-6.8p1/ssh-cavs_driver.pl
3e8b5b
--- openssh-6.8p1/ssh-cavs_driver.pl.kdf-cavs	2015-03-18 11:23:46.348049354 +0100
3e8b5b
+++ openssh-6.8p1/ssh-cavs_driver.pl	2015-03-18 11:23:46.348049354 +0100
3e8b5b
@@ -0,0 +1,184 @@
3e8b5b
+#!/usr/bin/env perl
3e8b5b
+#
3e8b5b
+# CAVS test driver for OpenSSH
3e8b5b
+#
3e8b5b
+# Copyright (C) 2015, Stephan Mueller <smueller@chronox.de>
3e8b5b
+#
3e8b5b
+# Permission is hereby granted, free of charge, to any person obtaining a copy
3e8b5b
+# of this software and associated documentation files (the "Software"), to deal
3e8b5b
+# in the Software without restriction, including without limitation the rights
3e8b5b
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
3e8b5b
+# copies of the Software, and to permit persons to whom the Software is
3e8b5b
+# furnished to do so, subject to the following conditions:
3e8b5b
+#
3e8b5b
+# The above copyright notice and this permission notice shall be included in
3e8b5b
+# all copies or substantial portions of the Software.
3e8b5b
+#
3e8b5b
+#                            NO WARRANTY
3e8b5b
+#
3e8b5b
+#    BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
3e8b5b
+#    FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
3e8b5b
+#    OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
3e8b5b
+#    PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
3e8b5b
+#    OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
3e8b5b
+#    MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
3e8b5b
+#    TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
3e8b5b
+#    PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
3e8b5b
+#    REPAIR OR CORRECTION.
3e8b5b
+#
3e8b5b
+#    IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
3e8b5b
+#    WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
3e8b5b
+#    REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
3e8b5b
+#    INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
3e8b5b
+#    OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
3e8b5b
+#    TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
3e8b5b
+#    YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
3e8b5b
+#    PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
3e8b5b
+#    POSSIBILITY OF SUCH DAMAGES.
3e8b5b
+#
3e8b5b
+use strict;
3e8b5b
+use warnings;
3e8b5b
+use IPC::Open2;
3e8b5b
+
3e8b5b
+# Executing a program by feeding STDIN and retrieving
3e8b5b
+# STDOUT
3e8b5b
+# $1: data string to be piped to the app on STDIN
3e8b5b
+# rest: program and args
3e8b5b
+# returns: STDOUT of program as string
3e8b5b
+sub pipe_through_program($@) {
3e8b5b
+	my $in = shift;
3e8b5b
+	my @args = @_;
3e8b5b
+
3e8b5b
+	my ($CO, $CI);
3e8b5b
+	my $pid = open2($CO, $CI, @args);
3e8b5b
+
3e8b5b
+	my $out = "";
3e8b5b
+	my $len = length($in);
3e8b5b
+	my $first = 1;
3e8b5b
+	while (1) {
3e8b5b
+		my $rin = "";
3e8b5b
+		my $win = "";
3e8b5b
+		# Output of prog is FD that we read
3e8b5b
+		vec($rin,fileno($CO),1) = 1;
3e8b5b
+		# Input of prog is FD that we write
3e8b5b
+		# check for $first is needed because we can have NULL input
3e8b5b
+		# that is to be written to the app
3e8b5b
+		if ( $len > 0 || $first) {
3e8b5b
+			(vec($win,fileno($CI),1) = 1);
3e8b5b
+			$first=0;
3e8b5b
+		}
3e8b5b
+		# Let us wait for 100ms
3e8b5b
+		my $nfound = select(my $rout=$rin, my $wout=$win, undef, 0.1);
3e8b5b
+		if ( $wout ) {
3e8b5b
+			my $written = syswrite($CI, $in, $len);
3e8b5b
+			die "broken pipe" if !defined $written;
3e8b5b
+			$len -= $written;
3e8b5b
+			substr($in, 0, $written) = "";
3e8b5b
+			if ($len <= 0) {
3e8b5b
+				close $CI or die "broken pipe: $!";
3e8b5b
+			}
3e8b5b
+		}
3e8b5b
+		if ( $rout ) {
3e8b5b
+			my $tmp_out = "";
3e8b5b
+			my $bytes_read = sysread($CO, $tmp_out, 4096);
3e8b5b
+			$out .= $tmp_out;
3e8b5b
+			last if ($bytes_read == 0);
3e8b5b
+		}
3e8b5b
+	}
3e8b5b
+	close $CO or die "broken pipe: $!";
3e8b5b
+	waitpid $pid, 0;
3e8b5b
+
3e8b5b
+	return $out;
3e8b5b
+}
3e8b5b
+
3e8b5b
+# Parser of CAVS test vector file
3e8b5b
+# $1: Test vector file
3e8b5b
+# $2: Output file for test results
3e8b5b
+# return: nothing
3e8b5b
+sub parse($$) {
3e8b5b
+	my $infile = shift;
3e8b5b
+	my $outfile = shift;
3e8b5b
+
3e8b5b
+	my $out = "";
3e8b5b
+
3e8b5b
+	my $K = "";
3e8b5b
+	my $H = "";
3e8b5b
+	my $session_id = "";
3e8b5b
+	my $ivlen = 0;
3e8b5b
+	my $eklen = "";
3e8b5b
+	my $iklen = "";
3e8b5b
+
3e8b5b
+	open(IN, "<$infile");
3e8b5b
+	while(<IN>) {
3e8b5b
+
3e8b5b
+		my $line = $_;
3e8b5b
+		chomp($line);
3e8b5b
+		$line =~ s/\r//;
3e8b5b
+
3e8b5b
+		if ($line =~ /\[SHA-1\]/) {
3e8b5b
+			$iklen = 20;
3e8b5b
+		} elsif ($line =~ /\[SHA-256\]/) {
3e8b5b
+			$iklen = 32;
3e8b5b
+		} elsif ($line =~ /\[SHA-384\]/) {
3e8b5b
+			$iklen = 48;
3e8b5b
+		} elsif ($line =~ /\[SHA-512\]/) {
3e8b5b
+			$iklen = 64;
3e8b5b
+		} elsif ($line =~ /^\[IV length\s*=\s*(.*)\]/) {
3e8b5b
+			$ivlen = $1;
3e8b5b
+			$ivlen = $ivlen / 8;
3e8b5b
+		} elsif ($line =~ /^\[encryption key length\s*=\s*(.*)\]/) {
3e8b5b
+			$eklen = $1;
3e8b5b
+			$eklen = $eklen / 8;
3e8b5b
+		} elsif ($line =~ /^K\s*=\s*(.*)/) {
3e8b5b
+			$K = $1;
3e8b5b
+			$K = substr($K, 8);
3e8b5b
+			$K = "00" . $K;
3e8b5b
+		} elsif ($line =~ /^H\s*=\s*(.*)/) {
3e8b5b
+			$H = $1;
3e8b5b
+		} elsif ($line =~ /^session_id\s*=\s*(.*)/) {
3e8b5b
+			$session_id = $1;
3e8b5b
+		}
3e8b5b
+		$out .= $line . "\n";
3e8b5b
+
3e8b5b
+		if ($K ne "" && $H ne "" && $session_id ne "" &&
3e8b5b
+		    $ivlen ne "" && $eklen ne "" && $iklen > 0) {
3e8b5b
+			$out .= pipe_through_program("", "./ssh-cavs -H $H -K $K -s $session_id -i $ivlen -e $eklen -m $iklen");
3e8b5b
+
3e8b5b
+			$K = "";
3e8b5b
+			$H = "";
3e8b5b
+			$session_id = "";
3e8b5b
+		}
3e8b5b
+	}
3e8b5b
+	close IN;
3e8b5b
+	$out =~ s/\n/\r\n/g; # make it a dos file
3e8b5b
+	open(OUT, ">$outfile") or die "Cannot create output file $outfile: $?";
3e8b5b
+	print OUT $out;
3e8b5b
+	close OUT;
3e8b5b
+}
3e8b5b
+
3e8b5b
+############################################################
3e8b5b
+#
3e8b5b
+# let us pretend to be C :-)
3e8b5b
+sub main() {
3e8b5b
+
3e8b5b
+	my $infile=$ARGV[0];
3e8b5b
+	die "Error: Test vector file $infile not found" if (! -f $infile);
3e8b5b
+
3e8b5b
+	my $outfile = $infile;
3e8b5b
+	# let us add .rsp regardless whether we could strip .req
3e8b5b
+	$outfile =~ s/\.req$//;
3e8b5b
+	$outfile .= ".rsp";
3e8b5b
+	if (-f $outfile) {
3e8b5b
+		die "Output file $outfile could not be removed: $?"
3e8b5b
+			unless unlink($outfile);
3e8b5b
+	}
3e8b5b
+	print STDERR "Performing tests from source file $infile with results stored in destination file $outfile\n";
3e8b5b
+
3e8b5b
+	# Do the job
3e8b5b
+	parse($infile, $outfile);
3e8b5b
+}
3e8b5b
+
3e8b5b
+###########################################
3e8b5b
+# Call it
3e8b5b
+main();
3e8b5b
+1;