fips-1.0/dsa/fips_dssvs.c

   1 #include <openssl/opensslconf.h>
   2
   3 #ifndef OPENSSL_FIPS
   4 #include <stdio.h>
   5
   6 int main()
   7 {
   8     printf("No FIPS DSA support\n");
   9     return(0);
  10 }
  11 #else
  12
  13 #include <openssl/bn.h>
  14 #include <openssl/dsa.h>
  15 #include <openssl/fips.h>
  16 #include <openssl/err.h>
  17 #include <openssl/evp.h>
  18 #include <openssl/fips_sha.h>
  19 #include <string.h>
  20 #include <ctype.h>
  21
  22 #include "fips_utl.h"
  23
  24 static void pbn(const char *name, BIGNUM *bn)
  25         {
  26         int len, i;
  27         unsigned char *tmp;
  28         len = BN_num_bytes(bn);
  29         tmp = OPENSSL_malloc(len);
  30         if (!tmp)
  31                 {
  32                 fprintf(stderr, "Memory allocation error\n");
  33                 return;
  34                 }
  35         BN_bn2bin(bn, tmp);
  36         printf("%s = ", name);
  37         for (i = 0; i < len; i++)
  38                 printf("%02X", tmp[i]);
  39         fputs("\n", stdout);
  40         OPENSSL_free(tmp);
  41         return;
  42         }
  43
  44 void primes()
  45     {
  46     char buf[10240];
  47     char lbuf[10240];
  48     char *keyword, *value;
  49
  50     while(fgets(buf,sizeof buf,stdin) != NULL)
  51         {
  52         fputs(buf,stdout);
  53         if (!parse_line(&keyword, &value, lbuf, buf))
  54                 continue;
  55         if(!strcmp(keyword,"Prime"))
  56             {
  57             BIGNUM *pp;
  58
  59             pp=BN_new();
  60             do_hex2bn(&pp,value);
  61             printf("result= %c\n",
  62                    BN_is_prime_ex(pp,20,NULL,NULL) ? 'P' : 'F');
  63             }
  64         }
  65     }
  66
  67 void pqg()
  68     {
  69     char buf[1024];
  70     char lbuf[1024];
  71     char *keyword, *value;
  72     int nmod=0;
  73
  74     while(fgets(buf,sizeof buf,stdin) != NULL)
  75         {
  76         if (!parse_line(&keyword, &value, lbuf, buf))
  77                 {
  78                 fputs(buf,stdout);
  79                 continue;
  80                 }
  81         if(!strcmp(keyword,"[mod"))
  82             nmod=atoi(value);
  83         else if(!strcmp(keyword,"N"))
  84             {
  85             int n=atoi(value);
  86
  87             printf("[mod = %d]\n\n",nmod);
  88
  89             while(n--)
  90                 {
  91                 unsigned char seed[20];
  92                 DSA *dsa;
  93                 int counter;
  94                 unsigned long h;
  95                 dsa = FIPS_dsa_new();
  96
  97                 if (!DSA_generate_parameters_ex(dsa, nmod,seed,0,&counter,&h,NULL))
  98                         do_print_errors();
  99                 pbn("P",dsa->p);
 100                 pbn("Q",dsa->q);
 101                 pbn("G",dsa->g);
 102                 pv("Seed",seed,20);
 103                 printf("c = %d\n",counter);
 104                 printf("H = %lx\n",h);
 105                 putc('\n',stdout);
 106                 }
 107             }
 108         else
 109             fputs(buf,stdout);
 110         }
 111     }
 112
 113 void keypair()
 114     {
 115     char buf[1024];
 116     char lbuf[1024];
 117     char *keyword, *value;
 118     int nmod=0;
 119
 120     while(fgets(buf,sizeof buf,stdin) != NULL)
 121         {
 122         if (!parse_line(&keyword, &value, lbuf, buf))
 123                 {
 124                 fputs(buf,stdout);
 125                 continue;
 126                 }
 127         if(!strcmp(keyword,"[mod"))
 128             nmod=atoi(value);
 129         else if(!strcmp(keyword,"N"))
 130             {
 131             DSA *dsa;
 132             int n=atoi(value);
 133
 134             printf("[mod = %d]\n\n",nmod);
 135             dsa = FIPS_dsa_new();
 136             if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL))
 137                 do_print_errors();
 138             pbn("P",dsa->p);
 139             pbn("Q",dsa->q);
 140             pbn("G",dsa->g);
 141             putc('\n',stdout);
 142
 143             while(n--)
 144                 {
 145                 if (!DSA_generate_key(dsa))
 146                         do_print_errors();
 147
 148
 149                 pbn("X",dsa->priv_key);
 150                 pbn("Y",dsa->pub_key);
 151                 putc('\n',stdout);
 152                 }
 153             }
 154         }
 155     }
 156
 157 void siggen()
 158     {
 159     char buf[1024];
 160     char lbuf[1024];
 161     char *keyword, *value;
 162     int nmod=0;
 163     DSA *dsa=NULL;
 164
 165     while(fgets(buf,sizeof buf,stdin) != NULL)
 166         {
 167         if (!parse_line(&keyword, &value, lbuf, buf))
 168                 {
 169                 fputs(buf,stdout);
 170                 continue;
 171                 }
 172         if(!strcmp(keyword,"[mod"))
 173             {
 174             nmod=atoi(value);
 175             printf("[mod = %d]\n\n",nmod);
 176             if (dsa)
 177                 FIPS_dsa_free(dsa);
 178             dsa = FIPS_dsa_new();
 179             if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL))
 180                 do_print_errors();
 181             pbn("P",dsa->p);
 182             pbn("Q",dsa->q);
 183             pbn("G",dsa->g);
 184             putc('\n',stdout);
 185             }
 186         else if(!strcmp(keyword,"Msg"))
 187             {
 188             unsigned char msg[1024];
 189             unsigned char sbuf[60];
 190             unsigned int slen;
 191             int n;
 192             EVP_PKEY pk;
 193             EVP_MD_CTX mctx;
 194             DSA_SIG *sig;
 195             EVP_MD_CTX_init(&mctx);
 196
 197             n=hex2bin(value,msg);
 198             pv("Msg",msg,n);
 199
 200             if (!DSA_generate_key(dsa))
 201                 do_print_errors();
 202             pk.type = EVP_PKEY_DSA;
 203             pk.pkey.dsa = dsa;
 204             pbn("Y",dsa->pub_key);
 205
 206             EVP_SignInit_ex(&mctx, EVP_dss1(), NULL);
 207             EVP_SignUpdate(&mctx, msg, n);
 208             EVP_SignFinal(&mctx, sbuf, &slen, &pk);
 209
 210             sig = DSA_SIG_new();
 211             FIPS_dsa_sig_decode(sig, sbuf, slen);
 212
 213             pbn("R",sig->r);
 214             pbn("S",sig->s);
 215             putc('\n',stdout);
 216             DSA_SIG_free(sig);
 217             EVP_MD_CTX_cleanup(&mctx);
 218             }
 219         }
 220         if (dsa)
 221                 FIPS_dsa_free(dsa);
 222     }
 223
 224 void sigver()
 225     {
 226     DSA *dsa=NULL;
 227     char buf[1024];
 228     char lbuf[1024];
 229     unsigned char msg[1024];
 230     int n;
 231     char *keyword, *value;
 232     int nmod=0;
 233     unsigned char hash[20];
 234     DSA_SIG sg, *sig = &sg;
 235
 236     sig->r = NULL;
 237     sig->s = NULL;
 238
 239     while(fgets(buf,sizeof buf,stdin) != NULL)
 240         {
 241         if (!parse_line(&keyword, &value, lbuf, buf))
 242                 {
 243                 fputs(buf,stdout);
 244                 continue;
 245                 }
 246         if(!strcmp(keyword,"[mod"))
 247             {
 248             nmod=atoi(value);
 249             if(dsa)
 250                 FIPS_dsa_free(dsa);
 251             dsa=FIPS_dsa_new();
 252             }
 253         else if(!strcmp(keyword,"P"))
 254             dsa->p=hex2bn(value);
 255         else if(!strcmp(keyword,"Q"))
 256             dsa->q=hex2bn(value);
 257         else if(!strcmp(keyword,"G"))
 258             {
 259             dsa->g=hex2bn(value);
 260
 261             printf("[mod = %d]\n\n",nmod);
 262             pbn("P",dsa->p);
 263             pbn("Q",dsa->q);
 264             pbn("G",dsa->g);
 265             putc('\n',stdout);
 266             }
 267         else if(!strcmp(keyword,"Msg"))
 268             {
 269
 270             n=hex2bin(value,msg);
 271             pv("Msg",msg,n);
 272             SHA1(msg,n,hash);
 273             }
 274         else if(!strcmp(keyword,"Y"))
 275             dsa->pub_key=hex2bn(value);
 276         else if(!strcmp(keyword,"R"))
 277             sig->r=hex2bn(value);
 278         else if(!strcmp(keyword,"S"))
 279             {
 280             EVP_MD_CTX mctx;
 281             EVP_PKEY pk;
 282             unsigned char sigbuf[60];
 283             unsigned int slen;
 284             int r;
 285             EVP_MD_CTX_init(&mctx);
 286             pk.type = EVP_PKEY_DSA;
 287             pk.pkey.dsa = dsa;
 288             sig->s=hex2bn(value);
 289
 290             pbn("Y",dsa->pub_key);
 291             pbn("R",sig->r);
 292             pbn("S",sig->s);
 293
 294             slen = FIPS_dsa_sig_encode(sigbuf, sig);
 295             EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL);
 296             EVP_VerifyUpdate(&mctx, msg, n);
 297             r = EVP_VerifyFinal(&mctx, sigbuf, slen, &pk);
 298             EVP_MD_CTX_cleanup(&mctx);
 299
 300             printf("Result = %c\n", r == 1 ? 'P' : 'F');
 301             putc('\n',stdout);
 302             }
 303         }
 304     }
 305
 306 int main(int argc,char **argv)
 307     {
 308     if(argc != 2)
 309         {
 310         fprintf(stderr,"%s [prime|pqg]\n",argv[0]);
 311         exit(1);
 312         }
 313     if(!FIPS_mode_set(1))
 314         {
 315         do_print_errors();
 316         exit(1);
 317         }
 318     if(!strcmp(argv[1],"prime"))
 319         primes();
 320     else if(!strcmp(argv[1],"pqg"))
 321         pqg();
 322     else if(!strcmp(argv[1],"keypair"))
 323         keypair();
 324     else if(!strcmp(argv[1],"siggen"))
 325         siggen();
 326     else if(!strcmp(argv[1],"sigver"))
 327         sigver();
 328     else
 329         {
 330         fprintf(stderr,"Don't know how to %s.\n",argv[1]);
 331         exit(1);
 332         }
 333
 334     return 0;
 335     }
 336
 337 #endif