]>
Commit | Line | Data |
---|---|---|
aeb9ccfa DSH |
1 | #include <openssl/opensslconf.h> |
2 | ||
3 | #ifndef OPENSSL_FIPS | |
4 | #include <stdio.h> | |
5 | ||
6 | int main() | |
7 | { | |
8 | printf("No FIPS DSA support\n"); | |
9 | return(0); | |
10 | } | |
11 | #else | |
12 | ||
13 | #include <openssl/bn.h> | |
14 | #include <openssl/dsa.h> | |
15 | #include <openssl/fips.h> | |
16 | #include <openssl/err.h> | |
ff03c6bc | 17 | #include <openssl/evp.h> |
aeb9ccfa DSH |
18 | #include <openssl/fips_sha.h> |
19 | #include <string.h> | |
20 | #include <ctype.h> | |
21 | ||
22 | #include "fips_utl.h" | |
23 | ||
24 | static void pbn(const char *name, BIGNUM *bn) | |
25 | { | |
26 | int len, i; | |
27 | unsigned char *tmp; | |
28 | len = BN_num_bytes(bn); | |
29 | tmp = OPENSSL_malloc(len); | |
30 | if (!tmp) | |
31 | { | |
32 | fprintf(stderr, "Memory allocation error\n"); | |
33 | return; | |
34 | } | |
35 | BN_bn2bin(bn, tmp); | |
36 | printf("%s = ", name); | |
37 | for (i = 0; i < len; i++) | |
38 | printf("%02X", tmp[i]); | |
39 | fputs("\n", stdout); | |
40 | OPENSSL_free(tmp); | |
41 | return; | |
42 | } | |
43 | ||
44 | void primes() | |
45 | { | |
46 | char buf[10240]; | |
47 | char lbuf[10240]; | |
48 | char *keyword, *value; | |
49 | ||
50 | while(fgets(buf,sizeof buf,stdin) != NULL) | |
51 | { | |
52 | fputs(buf,stdout); | |
53 | if (!parse_line(&keyword, &value, lbuf, buf)) | |
54 | continue; | |
55 | if(!strcmp(keyword,"Prime")) | |
56 | { | |
57 | BIGNUM *pp; | |
58 | ||
59 | pp=BN_new(); | |
60 | do_hex2bn(&pp,value); | |
61 | printf("result= %c\n", | |
62 | BN_is_prime_ex(pp,20,NULL,NULL) ? 'P' : 'F'); | |
63 | } | |
64 | } | |
65 | } | |
66 | ||
67 | void pqg() | |
68 | { | |
69 | char buf[1024]; | |
70 | char lbuf[1024]; | |
71 | char *keyword, *value; | |
72 | int nmod=0; | |
73 | ||
74 | while(fgets(buf,sizeof buf,stdin) != NULL) | |
75 | { | |
76 | if (!parse_line(&keyword, &value, lbuf, buf)) | |
77 | { | |
78 | fputs(buf,stdout); | |
79 | continue; | |
80 | } | |
81 | if(!strcmp(keyword,"[mod")) | |
82 | nmod=atoi(value); | |
83 | else if(!strcmp(keyword,"N")) | |
84 | { | |
85 | int n=atoi(value); | |
86 | ||
87 | printf("[mod = %d]\n\n",nmod); | |
88 | ||
89 | while(n--) | |
90 | { | |
91 | unsigned char seed[20]; | |
92 | DSA *dsa; | |
93 | int counter; | |
94 | unsigned long h; | |
95 | dsa = FIPS_dsa_new(); | |
96 | ||
ddb0cb5b DSH |
97 | if (!DSA_generate_parameters_ex(dsa, nmod,seed,0,&counter,&h,NULL)) |
98 | do_print_errors(); | |
aeb9ccfa DSH |
99 | pbn("P",dsa->p); |
100 | pbn("Q",dsa->q); | |
101 | pbn("G",dsa->g); | |
102 | pv("Seed",seed,20); | |
103 | printf("c = %d\n",counter); | |
104 | printf("H = %lx\n",h); | |
105 | putc('\n',stdout); | |
106 | } | |
107 | } | |
108 | else | |
109 | fputs(buf,stdout); | |
110 | } | |
111 | } | |
112 | ||
113 | void keypair() | |
114 | { | |
115 | char buf[1024]; | |
116 | char lbuf[1024]; | |
117 | char *keyword, *value; | |
118 | int nmod=0; | |
119 | ||
120 | while(fgets(buf,sizeof buf,stdin) != NULL) | |
121 | { | |
122 | if (!parse_line(&keyword, &value, lbuf, buf)) | |
123 | { | |
124 | fputs(buf,stdout); | |
125 | continue; | |
126 | } | |
127 | if(!strcmp(keyword,"[mod")) | |
128 | nmod=atoi(value); | |
129 | else if(!strcmp(keyword,"N")) | |
130 | { | |
131 | DSA *dsa; | |
132 | int n=atoi(value); | |
133 | ||
134 | printf("[mod = %d]\n\n",nmod); | |
135 | dsa = FIPS_dsa_new(); | |
ddb0cb5b DSH |
136 | if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL)) |
137 | do_print_errors(); | |
aeb9ccfa DSH |
138 | pbn("P",dsa->p); |
139 | pbn("Q",dsa->q); | |
140 | pbn("G",dsa->g); | |
141 | putc('\n',stdout); | |
142 | ||
143 | while(n--) | |
144 | { | |
ddb0cb5b DSH |
145 | if (!DSA_generate_key(dsa)) |
146 | do_print_errors(); | |
147 | ||
aeb9ccfa DSH |
148 | |
149 | pbn("X",dsa->priv_key); | |
150 | pbn("Y",dsa->pub_key); | |
151 | putc('\n',stdout); | |
152 | } | |
153 | } | |
154 | } | |
155 | } | |
156 | ||
157 | void siggen() | |
158 | { | |
159 | char buf[1024]; | |
160 | char lbuf[1024]; | |
161 | char *keyword, *value; | |
162 | int nmod=0; | |
163 | DSA *dsa=NULL; | |
164 | ||
165 | while(fgets(buf,sizeof buf,stdin) != NULL) | |
166 | { | |
167 | if (!parse_line(&keyword, &value, lbuf, buf)) | |
168 | { | |
169 | fputs(buf,stdout); | |
170 | continue; | |
171 | } | |
172 | if(!strcmp(keyword,"[mod")) | |
173 | { | |
174 | nmod=atoi(value); | |
175 | printf("[mod = %d]\n\n",nmod); | |
ddb0cb5b DSH |
176 | if (dsa) |
177 | FIPS_dsa_free(dsa); | |
aeb9ccfa | 178 | dsa = FIPS_dsa_new(); |
ddb0cb5b DSH |
179 | if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL)) |
180 | do_print_errors(); | |
aeb9ccfa DSH |
181 | pbn("P",dsa->p); |
182 | pbn("Q",dsa->q); | |
183 | pbn("G",dsa->g); | |
184 | putc('\n',stdout); | |
185 | } | |
186 | else if(!strcmp(keyword,"Msg")) | |
187 | { | |
188 | unsigned char msg[1024]; | |
ff03c6bc DSH |
189 | unsigned char sbuf[60]; |
190 | unsigned int slen; | |
aeb9ccfa | 191 | int n; |
ff03c6bc DSH |
192 | EVP_PKEY pk; |
193 | EVP_MD_CTX mctx; | |
aeb9ccfa | 194 | DSA_SIG *sig; |
ff03c6bc | 195 | EVP_MD_CTX_init(&mctx); |
aeb9ccfa DSH |
196 | |
197 | n=hex2bin(value,msg); | |
198 | pv("Msg",msg,n); | |
199 | ||
ddb0cb5b DSH |
200 | if (!DSA_generate_key(dsa)) |
201 | do_print_errors(); | |
ff03c6bc DSH |
202 | pk.type = EVP_PKEY_DSA; |
203 | pk.pkey.dsa = dsa; | |
aeb9ccfa DSH |
204 | pbn("Y",dsa->pub_key); |
205 | ||
ff03c6bc DSH |
206 | EVP_SignInit_ex(&mctx, EVP_dss1(), NULL); |
207 | EVP_SignUpdate(&mctx, msg, n); | |
208 | EVP_SignFinal(&mctx, sbuf, &slen, &pk); | |
209 | ||
210 | sig = DSA_SIG_new(); | |
211 | FIPS_dsa_sig_decode(sig, sbuf, slen); | |
212 | ||
aeb9ccfa DSH |
213 | pbn("R",sig->r); |
214 | pbn("S",sig->s); | |
215 | putc('\n',stdout); | |
ddb0cb5b | 216 | DSA_SIG_free(sig); |
ff03c6bc | 217 | EVP_MD_CTX_cleanup(&mctx); |
aeb9ccfa DSH |
218 | } |
219 | } | |
ddb0cb5b DSH |
220 | if (dsa) |
221 | FIPS_dsa_free(dsa); | |
aeb9ccfa DSH |
222 | } |
223 | ||
224 | void sigver() | |
225 | { | |
226 | DSA *dsa=NULL; | |
227 | char buf[1024]; | |
228 | char lbuf[1024]; | |
ff03c6bc DSH |
229 | unsigned char msg[1024]; |
230 | int n; | |
aeb9ccfa DSH |
231 | char *keyword, *value; |
232 | int nmod=0; | |
233 | unsigned char hash[20]; | |
234 | DSA_SIG sg, *sig = &sg; | |
235 | ||
236 | sig->r = NULL; | |
237 | sig->s = NULL; | |
238 | ||
239 | while(fgets(buf,sizeof buf,stdin) != NULL) | |
240 | { | |
241 | if (!parse_line(&keyword, &value, lbuf, buf)) | |
242 | { | |
243 | fputs(buf,stdout); | |
244 | continue; | |
245 | } | |
246 | if(!strcmp(keyword,"[mod")) | |
247 | { | |
248 | nmod=atoi(value); | |
249 | if(dsa) | |
250 | FIPS_dsa_free(dsa); | |
251 | dsa=FIPS_dsa_new(); | |
252 | } | |
253 | else if(!strcmp(keyword,"P")) | |
254 | dsa->p=hex2bn(value); | |
255 | else if(!strcmp(keyword,"Q")) | |
256 | dsa->q=hex2bn(value); | |
257 | else if(!strcmp(keyword,"G")) | |
258 | { | |
259 | dsa->g=hex2bn(value); | |
260 | ||
261 | printf("[mod = %d]\n\n",nmod); | |
262 | pbn("P",dsa->p); | |
263 | pbn("Q",dsa->q); | |
264 | pbn("G",dsa->g); | |
265 | putc('\n',stdout); | |
266 | } | |
267 | else if(!strcmp(keyword,"Msg")) | |
268 | { | |
aeb9ccfa DSH |
269 | |
270 | n=hex2bin(value,msg); | |
271 | pv("Msg",msg,n); | |
272 | SHA1(msg,n,hash); | |
273 | } | |
274 | else if(!strcmp(keyword,"Y")) | |
275 | dsa->pub_key=hex2bn(value); | |
276 | else if(!strcmp(keyword,"R")) | |
277 | sig->r=hex2bn(value); | |
278 | else if(!strcmp(keyword,"S")) | |
279 | { | |
ff03c6bc DSH |
280 | EVP_MD_CTX mctx; |
281 | EVP_PKEY pk; | |
282 | unsigned char sigbuf[60]; | |
283 | unsigned int slen; | |
284 | int r; | |
285 | EVP_MD_CTX_init(&mctx); | |
286 | pk.type = EVP_PKEY_DSA; | |
287 | pk.pkey.dsa = dsa; | |
aeb9ccfa DSH |
288 | sig->s=hex2bn(value); |
289 | ||
290 | pbn("Y",dsa->pub_key); | |
291 | pbn("R",sig->r); | |
292 | pbn("S",sig->s); | |
ff03c6bc DSH |
293 | |
294 | slen = FIPS_dsa_sig_encode(sigbuf, sig); | |
295 | EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL); | |
296 | EVP_VerifyUpdate(&mctx, msg, n); | |
297 | r = EVP_VerifyFinal(&mctx, sigbuf, slen, &pk); | |
298 | EVP_MD_CTX_cleanup(&mctx); | |
299 | ||
300 | printf("Result = %c\n", r == 1 ? 'P' : 'F'); | |
aeb9ccfa DSH |
301 | putc('\n',stdout); |
302 | } | |
303 | } | |
304 | } | |
305 | ||
306 | int main(int argc,char **argv) | |
307 | { | |
308 | if(argc != 2) | |
309 | { | |
310 | fprintf(stderr,"%s [prime|pqg]\n",argv[0]); | |
311 | exit(1); | |
312 | } | |
313 | if(!FIPS_mode_set(1)) | |
314 | { | |
315 | do_print_errors(); | |
316 | exit(1); | |
317 | } | |
318 | if(!strcmp(argv[1],"prime")) | |
319 | primes(); | |
320 | else if(!strcmp(argv[1],"pqg")) | |
321 | pqg(); | |
322 | else if(!strcmp(argv[1],"keypair")) | |
323 | keypair(); | |
324 | else if(!strcmp(argv[1],"siggen")) | |
325 | siggen(); | |
326 | else if(!strcmp(argv[1],"sigver")) | |
327 | sigver(); | |
328 | else | |
329 | { | |
330 | fprintf(stderr,"Don't know how to %s.\n",argv[1]); | |
331 | exit(1); | |
332 | } | |
333 | ||
334 | return 0; | |
335 | } | |
336 | ||
337 | #endif |