2 #define OPENSSL_FIPSAPI
3 #include <openssl/opensslconf.h>
8 int main(int argc, char **argv)
10 printf("No FIPS DSA support\n");
15 #include <openssl/bn.h>
16 #include <openssl/dsa.h>
17 #include <openssl/fips.h>
18 #include <openssl/err.h>
19 #include <openssl/evp.h>
25 static int parse_mod(char *line, int *pdsa2, int *pL, int *pN,
29 char *keyword, *value;
32 p = strchr(line, ',');
43 if (!parse_line(&keyword, &value, lbuf, line))
45 if (strcmp(keyword, "L"))
49 p = strchr(line, ',');
53 if (!parse_line(&keyword, &value, lbuf, line))
55 if (strcmp(keyword, "N"))
59 p = strchr(line, ']');
66 if (!strcmp(p, "SHA-1"))
68 else if (!strcmp(p, "SHA-224"))
70 else if (!strcmp(p, "SHA-256"))
72 else if (!strcmp(p, "SHA-384"))
74 else if (!strcmp(p, "SHA-512"))
83 static void pbn(const char *name, BIGNUM *bn)
87 len = BN_num_bytes(bn);
88 tmp = OPENSSL_malloc(len);
91 fprintf(stderr, "Memory allocation error\n");
95 printf("%s = ", name);
96 for (i = 0; i < len; i++)
97 printf("%02X", tmp[i]);
107 char *keyword, *value;
109 while(fgets(buf,sizeof buf,stdin) != NULL)
112 if (!parse_line(&keyword, &value, lbuf, buf))
114 if(!strcmp(keyword,"Prime"))
119 do_hex2bn(&pp,value);
120 printf("result= %c\n",
121 BN_is_prime_ex(pp,20,NULL,NULL) ? 'P' : 'F');
126 int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
127 const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
128 unsigned char *seed_out,
129 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
130 int dsa_builtin_paramgen2(DSA *ret, size_t bits, size_t qbits,
131 const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
132 unsigned char *seed_out,
133 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
139 char *keyword, *value;
141 const EVP_MD *md = NULL;
143 while(fgets(buf,sizeof buf,stdin) != NULL)
145 if (!parse_line(&keyword, &value, lbuf, buf))
150 if(!strcmp(keyword,"[mod"))
153 if (!parse_mod(value, &dsa2, &L, &N, &md))
155 fprintf(stderr, "Mod Parse Error\n");
159 else if(!strcmp(keyword,"N"))
165 unsigned char seed[EVP_MAX_MD_SIZE];
169 dsa = FIPS_dsa_new();
171 if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md,
175 fprintf(stderr, "Parameter Generation error\n");
178 if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md,
180 &counter, &h, NULL) <= 0)
182 fprintf(stderr, "Parameter Generation error\n");
189 pv("Seed",seed, M_EVP_MD_size(md));
190 printf("c = %d\n",counter);
191 printf("H = %lx\n",h);
204 char *keyword, *value;
205 BIGNUM *p = NULL, *q = NULL, *g = NULL;
206 int counter, counter2;
210 const EVP_MD *md = NULL;
212 unsigned char seed[1024];
214 while(fgets(buf,sizeof buf,stdin) != NULL)
216 if (!parse_line(&keyword, &value, lbuf, buf))
222 if(!strcmp(keyword,"[mod"))
224 if (!parse_mod(value, &dsa2, &L, &N, &md))
226 fprintf(stderr, "Mod Parse Error\n");
230 else if(!strcmp(keyword,"P"))
232 else if(!strcmp(keyword,"Q"))
234 else if(!strcmp(keyword,"G"))
236 else if(!strcmp(keyword,"Seed"))
238 seedlen = hex2bin(value, seed);
239 if (!dsa2 && seedlen != 20)
241 fprintf(stderr, "Seed parse length error\n");
245 else if(!strcmp(keyword,"c"))
246 counter =atoi(buf+4);
247 else if(!strcmp(keyword,"H"))
252 fprintf(stderr, "Parse Error\n");
255 dsa = FIPS_dsa_new();
256 if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md,
258 &counter2, &h2, NULL))
260 fprintf(stderr, "Parameter Generation error\n");
263 if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md,
265 &counter2, &h2, NULL) < 0)
267 fprintf(stderr, "Parameter Generation error\n");
270 if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) || BN_cmp(dsa->g, g)
271 || (counter != counter2) || (h != h2))
272 printf("Result = F\n");
274 printf("Result = P\n");
287 /* Keypair verification routine. NB: this isn't part of the standard FIPS140-2
288 * algorithm tests. It is an additional test to perform sanity checks on the
289 * output of the KeyPair test.
292 static int dss_paramcheck(int nmod, BIGNUM *p, BIGNUM *q, BIGNUM *g,
296 if (BN_num_bits(p) != nmod)
298 if (BN_num_bits(q) != 160)
300 if (BN_is_prime_ex(p, BN_prime_checks, ctx, NULL) != 1)
302 if (BN_is_prime_ex(q, BN_prime_checks, ctx, NULL) != 1)
305 if (!BN_mod(rem, p, q, ctx) || !BN_is_one(rem)
306 || (BN_cmp(g, BN_value_one()) <= 0)
307 || !BN_mod_exp(rem, g, q, p, ctx) || !BN_is_one(rem))
321 char *keyword, *value;
322 BIGNUM *p = NULL, *q = NULL, *g = NULL, *X = NULL, *Y = NULL;
325 int nmod=0, paramcheck = 0;
330 while(fgets(buf,sizeof buf,stdin) != NULL)
332 if (!parse_line(&keyword, &value, lbuf, buf))
337 if(!strcmp(keyword,"[mod"))
351 else if(!strcmp(keyword,"P"))
353 else if(!strcmp(keyword,"Q"))
355 else if(!strcmp(keyword,"G"))
357 else if(!strcmp(keyword,"X"))
359 else if(!strcmp(keyword,"Y"))
362 if (!p || !q || !g || !X || !Y)
364 fprintf(stderr, "Parse Error\n");
374 if (dss_paramcheck(nmod, p, q, g, ctx))
380 printf("Result = F\n");
383 if (!BN_mod_exp(Y2, g, X, p, ctx) || BN_cmp(Y2, Y))
384 printf("Result = F\n");
386 printf("Result = P\n");
404 static void keypair()
408 char *keyword, *value;
411 while(fgets(buf,sizeof buf,stdin) != NULL)
413 if (!parse_line(&keyword, &value, lbuf, buf))
418 if(!strcmp(keyword,"[mod"))
420 else if(!strcmp(keyword,"N"))
425 printf("[mod = %d]\n\n",nmod);
426 dsa = FIPS_dsa_new();
427 if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL))
436 if (!DSA_generate_key(dsa))
439 pbn("X",dsa->priv_key);
440 pbn("Y",dsa->pub_key);
451 char *keyword, *value;
453 const EVP_MD *md = NULL;
456 while(fgets(buf,sizeof buf,stdin) != NULL)
458 if (!parse_line(&keyword, &value, lbuf, buf))
464 if(!strcmp(keyword,"[mod"))
466 if (!parse_mod(value, &dsa2, &L, &N, &md))
468 fprintf(stderr, "Mod Parse Error\n");
473 dsa = FIPS_dsa_new();
474 if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md, NULL, 0,
475 NULL, NULL, NULL, NULL))
477 fprintf(stderr, "Parameter Generation error\n");
480 if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md, NULL, 0,
481 NULL, NULL, NULL, NULL) <= 0)
483 fprintf(stderr, "Parameter Generation error\n");
491 else if(!strcmp(keyword,"Msg"))
493 unsigned char msg[1024];
497 EVP_MD_CTX_init(&mctx);
499 n=hex2bin(value,msg);
501 if (!DSA_generate_key(dsa))
503 pbn("Y",dsa->pub_key);
505 EVP_DigestInit_ex(&mctx, md, NULL);
506 EVP_DigestUpdate(&mctx, msg, n);
507 sig = FIPS_dsa_sign_ctx(dsa, &mctx);
513 EVP_MD_CTX_cleanup(&mctx);
525 unsigned char msg[1024];
526 char *keyword, *value;
529 const EVP_MD *md = NULL;
530 DSA_SIG sg, *sig = &sg;
535 while(fgets(buf,sizeof buf,stdin) != NULL)
537 if (!parse_line(&keyword, &value, lbuf, buf))
543 if(!strcmp(keyword,"[mod"))
545 if (!parse_mod(value, &dsa2, &L, &N, &md))
547 fprintf(stderr, "Mod Parse Error\n");
552 dsa = FIPS_dsa_new();
554 else if(!strcmp(keyword,"P"))
555 dsa->p=hex2bn(value);
556 else if(!strcmp(keyword,"Q"))
557 dsa->q=hex2bn(value);
558 else if(!strcmp(keyword,"G"))
559 dsa->g=hex2bn(value);
560 else if(!strcmp(keyword,"Msg"))
561 n=hex2bin(value,msg);
562 else if(!strcmp(keyword,"Y"))
563 dsa->pub_key=hex2bn(value);
564 else if(!strcmp(keyword,"R"))
565 sig->r=hex2bn(value);
566 else if(!strcmp(keyword,"S"))
570 EVP_MD_CTX_init(&mctx);
571 sig->s=hex2bn(value);
573 EVP_DigestInit_ex(&mctx, md, NULL);
574 EVP_DigestUpdate(&mctx, msg, n);
576 r = FIPS_dsa_verify_ctx(dsa, &mctx, sig);
578 EVP_MD_CTX_cleanup(&mctx);
580 printf("Result = %c\n", r == 1 ? 'P' : 'F');
586 int main(int argc,char **argv)
590 fprintf(stderr,"%s [prime|pqg|pqgver|keypair|siggen|sigver]\n",argv[0]);
593 fips_set_error_print();
594 if(!FIPS_mode_set(1))
596 if(!strcmp(argv[1],"prime"))
598 else if(!strcmp(argv[1],"pqg"))
600 else if(!strcmp(argv[1],"pqgver"))
602 else if(!strcmp(argv[1],"keypair"))
604 else if(!strcmp(argv[1],"keyver"))
606 else if(!strcmp(argv[1],"siggen"))
608 else if(!strcmp(argv[1],"sigver"))
612 fprintf(stderr,"Don't know how to %s.\n",argv[1]);