]>
git.ipfire.org Git - thirdparty/openssl.git/blob - fips/dsa/fips_dssvs.c
2 #define OPENSSL_FIPSAPI
3 #include <openssl/opensslconf.h>
8 int main(int argc
, char **argv
)
10 printf("No FIPS DSA support\n");
15 #include <openssl/bn.h>
16 #include <openssl/dsa.h>
17 #include <openssl/fips.h>
18 #include <openssl/err.h>
19 #include <openssl/evp.h>
25 static int parse_mod(char *line
, int *pdsa2
, int *pL
, int *pN
,
29 char *keyword
, *value
;
32 p
= strchr(line
, ',');
43 if (!parse_line(&keyword
, &value
, lbuf
, line
))
45 if (strcmp(keyword
, "L"))
49 p
= strchr(line
, ',');
53 if (!parse_line(&keyword
, &value
, lbuf
, line
))
55 if (strcmp(keyword
, "N"))
59 p
= strchr(line
, ']');
66 if (!strcmp(p
, "SHA-1"))
68 else if (!strcmp(p
, "SHA-224"))
70 else if (!strcmp(p
, "SHA-256"))
72 else if (!strcmp(p
, "SHA-384"))
74 else if (!strcmp(p
, "SHA-512"))
83 static void pbn(const char *name
, BIGNUM
*bn
)
87 len
= BN_num_bytes(bn
);
88 tmp
= OPENSSL_malloc(len
);
91 fprintf(stderr
, "Memory allocation error\n");
95 printf("%s = ", name
);
96 for (i
= 0; i
< len
; i
++)
97 printf("%02X", tmp
[i
]);
107 char *keyword
, *value
;
109 while(fgets(buf
,sizeof buf
,stdin
) != NULL
)
112 if (!parse_line(&keyword
, &value
, lbuf
, buf
))
114 if(!strcmp(keyword
,"Prime"))
119 do_hex2bn(&pp
,value
);
120 printf("result= %c\n",
121 BN_is_prime_ex(pp
,20,NULL
,NULL
) ? 'P' : 'F');
126 int dsa_builtin_paramgen(DSA
*ret
, size_t bits
, size_t qbits
,
127 const EVP_MD
*evpmd
, const unsigned char *seed_in
, size_t seed_len
,
128 unsigned char *seed_out
,
129 int *counter_ret
, unsigned long *h_ret
, BN_GENCB
*cb
);
130 int dsa_builtin_paramgen2(DSA
*ret
, size_t bits
, size_t qbits
,
131 const EVP_MD
*evpmd
, const unsigned char *seed_in
, size_t seed_len
,
132 unsigned char *seed_out
,
133 int *counter_ret
, unsigned long *h_ret
, BN_GENCB
*cb
);
139 char *keyword
, *value
;
142 while(fgets(buf
,sizeof buf
,stdin
) != NULL
)
144 if (!parse_line(&keyword
, &value
, lbuf
, buf
))
149 if(!strcmp(keyword
,"[mod"))
153 else if(!strcmp(keyword
,"N"))
157 printf("[mod = %d]\n\n",nmod
);
161 unsigned char seed
[EVP_MAX_MD_SIZE
];
165 dsa
= FIPS_dsa_new();
167 if (!dsa_builtin_paramgen(dsa
, nmod
, 160, NULL
, NULL
, 0,
168 seed
,&counter
,&h
,NULL
))
174 printf("c = %d\n",counter
);
175 printf("H = %lx\n",h
);
188 char *keyword
, *value
;
189 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
;
190 int counter
, counter2
;
194 const EVP_MD
*md
= NULL
;
196 unsigned char seed
[1024];
198 while(fgets(buf
,sizeof buf
,stdin
) != NULL
)
200 if (!parse_line(&keyword
, &value
, lbuf
, buf
))
206 if(!strcmp(keyword
,"[mod"))
208 if (!parse_mod(value
, &dsa2
, &L
, &N
, &md
))
210 fprintf(stderr
, "Mod Parse Error\n");
214 else if(!strcmp(keyword
,"P"))
216 else if(!strcmp(keyword
,"Q"))
218 else if(!strcmp(keyword
,"G"))
220 else if(!strcmp(keyword
,"Seed"))
222 seedlen
= hex2bin(value
, seed
);
223 if (!dsa2
&& seedlen
!= 20)
225 fprintf(stderr
, "Seed parse length error\n");
229 else if(!strcmp(keyword
,"c"))
230 counter
=atoi(buf
+4);
231 else if(!strcmp(keyword
,"H"))
236 fprintf(stderr
, "Parse Error\n");
239 dsa
= FIPS_dsa_new();
240 if (!dsa2
&& !dsa_builtin_paramgen(dsa
, L
, N
, md
,
242 &counter2
, &h2
, NULL
))
244 fprintf(stderr
, "Parameter Generation error\n");
247 if (dsa2
&& dsa_builtin_paramgen2(dsa
, L
, N
, md
,
249 &counter2
, &h2
, NULL
) < 0)
251 fprintf(stderr
, "Parameter Generation error\n");
254 if (BN_cmp(dsa
->p
, p
) || BN_cmp(dsa
->q
, q
) || BN_cmp(dsa
->g
, g
)
255 || (counter
!= counter2
) || (h
!= h2
))
256 printf("Result = F\n");
258 printf("Result = P\n");
271 /* Keypair verification routine. NB: this isn't part of the standard FIPS140-2
272 * algorithm tests. It is an additional test to perform sanity checks on the
273 * output of the KeyPair test.
276 static int dss_paramcheck(int nmod
, BIGNUM
*p
, BIGNUM
*q
, BIGNUM
*g
,
280 if (BN_num_bits(p
) != nmod
)
282 if (BN_num_bits(q
) != 160)
284 if (BN_is_prime_ex(p
, BN_prime_checks
, ctx
, NULL
) != 1)
286 if (BN_is_prime_ex(q
, BN_prime_checks
, ctx
, NULL
) != 1)
289 if (!BN_mod(rem
, p
, q
, ctx
) || !BN_is_one(rem
)
290 || (BN_cmp(g
, BN_value_one()) <= 0)
291 || !BN_mod_exp(rem
, g
, q
, p
, ctx
) || !BN_is_one(rem
))
305 char *keyword
, *value
;
306 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
, *X
= NULL
, *Y
= NULL
;
309 int nmod
=0, paramcheck
= 0;
314 while(fgets(buf
,sizeof buf
,stdin
) != NULL
)
316 if (!parse_line(&keyword
, &value
, lbuf
, buf
))
321 if(!strcmp(keyword
,"[mod"))
335 else if(!strcmp(keyword
,"P"))
337 else if(!strcmp(keyword
,"Q"))
339 else if(!strcmp(keyword
,"G"))
341 else if(!strcmp(keyword
,"X"))
343 else if(!strcmp(keyword
,"Y"))
346 if (!p
|| !q
|| !g
|| !X
|| !Y
)
348 fprintf(stderr
, "Parse Error\n");
358 if (dss_paramcheck(nmod
, p
, q
, g
, ctx
))
364 printf("Result = F\n");
367 if (!BN_mod_exp(Y2
, g
, X
, p
, ctx
) || BN_cmp(Y2
, Y
))
368 printf("Result = F\n");
370 printf("Result = P\n");
388 static void keypair()
392 char *keyword
, *value
;
395 while(fgets(buf
,sizeof buf
,stdin
) != NULL
)
397 if (!parse_line(&keyword
, &value
, lbuf
, buf
))
402 if(!strcmp(keyword
,"[mod"))
404 else if(!strcmp(keyword
,"N"))
409 printf("[mod = %d]\n\n",nmod
);
410 dsa
= FIPS_dsa_new();
411 if (!DSA_generate_parameters_ex(dsa
, nmod
,NULL
,0,NULL
,NULL
,NULL
))
420 if (!DSA_generate_key(dsa
))
423 pbn("X",dsa
->priv_key
);
424 pbn("Y",dsa
->pub_key
);
435 char *keyword
, *value
;
439 while(fgets(buf
,sizeof buf
,stdin
) != NULL
)
441 if (!parse_line(&keyword
, &value
, lbuf
, buf
))
446 if(!strcmp(keyword
,"[mod"))
449 printf("[mod = %d]\n\n",nmod
);
452 dsa
= FIPS_dsa_new();
453 if (!DSA_generate_parameters_ex(dsa
, nmod
,NULL
,0,NULL
,NULL
,NULL
))
460 else if(!strcmp(keyword
,"Msg"))
462 unsigned char msg
[1024];
466 EVP_MD_CTX_init(&mctx
);
468 n
=hex2bin(value
,msg
);
471 if (!DSA_generate_key(dsa
))
473 pbn("Y",dsa
->pub_key
);
475 EVP_DigestInit_ex(&mctx
, EVP_sha1(), NULL
);
476 EVP_DigestUpdate(&mctx
, msg
, n
);
477 sig
= FIPS_dsa_sign_ctx(dsa
, &mctx
);
483 EVP_MD_CTX_cleanup(&mctx
);
495 unsigned char msg
[1024];
496 char *keyword
, *value
;
498 DSA_SIG sg
, *sig
= &sg
;
503 while(fgets(buf
,sizeof buf
,stdin
) != NULL
)
505 if (!parse_line(&keyword
, &value
, lbuf
, buf
))
510 if(!strcmp(keyword
,"[mod"))
517 else if(!strcmp(keyword
,"P"))
518 dsa
->p
=hex2bn(value
);
519 else if(!strcmp(keyword
,"Q"))
520 dsa
->q
=hex2bn(value
);
521 else if(!strcmp(keyword
,"G"))
523 dsa
->g
=hex2bn(value
);
525 printf("[mod = %d]\n\n",nmod
);
531 else if(!strcmp(keyword
,"Msg"))
533 n
=hex2bin(value
,msg
);
536 else if(!strcmp(keyword
,"Y"))
537 dsa
->pub_key
=hex2bn(value
);
538 else if(!strcmp(keyword
,"R"))
539 sig
->r
=hex2bn(value
);
540 else if(!strcmp(keyword
,"S"))
544 EVP_MD_CTX_init(&mctx
);
545 sig
->s
=hex2bn(value
);
547 pbn("Y",dsa
->pub_key
);
550 EVP_DigestInit_ex(&mctx
, EVP_sha1(), NULL
);
551 EVP_DigestUpdate(&mctx
, msg
, n
);
553 r
= FIPS_dsa_verify_ctx(dsa
, &mctx
, sig
);
555 EVP_MD_CTX_cleanup(&mctx
);
557 printf("Result = %c\n", r
== 1 ? 'P' : 'F');
563 int main(int argc
,char **argv
)
567 fprintf(stderr
,"%s [prime|pqg|pqgver|keypair|siggen|sigver]\n",argv
[0]);
570 fips_set_error_print();
571 if(!FIPS_mode_set(1))
573 if(!strcmp(argv
[1],"prime"))
575 else if(!strcmp(argv
[1],"pqg"))
577 else if(!strcmp(argv
[1],"pqgver"))
579 else if(!strcmp(argv
[1],"keypair"))
581 else if(!strcmp(argv
[1],"keyver"))
583 else if(!strcmp(argv
[1],"siggen"))
585 else if(!strcmp(argv
[1],"sigver"))
589 fprintf(stderr
,"Don't know how to %s.\n",argv
[1]);