2 #define OPENSSL_FIPSAPI
3 #include <openssl/opensslconf.h>
8 int main(int argc, char **argv)
10 printf("No FIPS DSA support\n");
15 #include <openssl/bn.h>
16 #include <openssl/dsa.h>
17 #include <openssl/fips.h>
18 #include <openssl/err.h>
19 #include <openssl/evp.h>
25 static int parse_mod(char *line, int *pdsa2, int *pL, int *pN,
29 char *keyword, *value;
32 p = strchr(line, ',');
43 if (!parse_line(&keyword, &value, lbuf, line))
45 if (strcmp(keyword, "L"))
50 p = strchr(line, ',');
52 p = strchr(line, ']');
56 if (!parse_line(&keyword, &value, lbuf, line))
58 if (strcmp(keyword, "N"))
64 p = strchr(line, ']');
71 if (!strcmp(p, "SHA-1"))
73 else if (!strcmp(p, "SHA-224"))
75 else if (!strcmp(p, "SHA-256"))
77 else if (!strcmp(p, "SHA-384"))
79 else if (!strcmp(p, "SHA-512"))
88 static void pbn(const char *name, BIGNUM *bn)
92 len = BN_num_bytes(bn);
93 tmp = OPENSSL_malloc(len);
96 fprintf(stderr, "Memory allocation error\n");
100 printf("%s = ", name);
101 for (i = 0; i < len; i++)
102 printf("%02X", tmp[i]);
112 char *keyword, *value;
114 while(fgets(buf,sizeof buf,stdin) != NULL)
117 if (!parse_line(&keyword, &value, lbuf, buf))
119 if(!strcmp(keyword,"Prime"))
124 do_hex2bn(&pp,value);
125 printf("result= %c\n",
126 BN_is_prime_ex(pp,20,NULL,NULL) ? 'P' : 'F');
131 int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
132 const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
133 unsigned char *seed_out,
134 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
135 int dsa_builtin_paramgen2(DSA *ret, size_t bits, size_t qbits,
136 const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
137 unsigned char *seed_out,
138 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
144 char *keyword, *value;
146 const EVP_MD *md = NULL;
148 while(fgets(buf,sizeof buf,stdin) != NULL)
150 if (!parse_line(&keyword, &value, lbuf, buf))
155 if(!strcmp(keyword,"[mod"))
158 if (!parse_mod(value, &dsa2, &L, &N, &md))
160 fprintf(stderr, "Mod Parse Error\n");
164 else if(!strcmp(keyword,"N"))
170 unsigned char seed[EVP_MAX_MD_SIZE];
174 dsa = FIPS_dsa_new();
176 if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md,
180 fprintf(stderr, "Parameter Generation error\n");
183 if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md,
185 &counter, &h, NULL) <= 0)
187 fprintf(stderr, "Parameter Generation error\n");
194 pv("Seed",seed, M_EVP_MD_size(md));
195 printf("c = %d\n",counter);
196 printf("H = %lx\n",h);
209 char *keyword, *value;
210 BIGNUM *p = NULL, *q = NULL, *g = NULL;
211 int counter, counter2;
215 const EVP_MD *md = NULL;
217 unsigned char seed[1024];
219 while(fgets(buf,sizeof buf,stdin) != NULL)
221 if (!parse_line(&keyword, &value, lbuf, buf))
227 if(!strcmp(keyword,"[mod"))
229 if (!parse_mod(value, &dsa2, &L, &N, &md))
231 fprintf(stderr, "Mod Parse Error\n");
235 else if(!strcmp(keyword,"P"))
237 else if(!strcmp(keyword,"Q"))
239 else if(!strcmp(keyword,"G"))
241 else if(!strcmp(keyword,"Seed"))
243 seedlen = hex2bin(value, seed);
244 if (!dsa2 && seedlen != 20)
246 fprintf(stderr, "Seed parse length error\n");
250 else if(!strcmp(keyword,"c"))
251 counter =atoi(buf+4);
252 else if(!strcmp(keyword,"H"))
257 fprintf(stderr, "Parse Error\n");
260 dsa = FIPS_dsa_new();
261 if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md,
263 &counter2, &h2, NULL))
265 fprintf(stderr, "Parameter Generation error\n");
268 if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md,
270 &counter2, &h2, NULL) < 0)
272 fprintf(stderr, "Parameter Generation error\n");
275 if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) || BN_cmp(dsa->g, g)
276 || (counter != counter2) || (h != h2))
277 printf("Result = F\n");
279 printf("Result = P\n");
292 /* Keypair verification routine. NB: this isn't part of the standard FIPS140-2
293 * algorithm tests. It is an additional test to perform sanity checks on the
294 * output of the KeyPair test.
297 static int dss_paramcheck(int L, int N, BIGNUM *p, BIGNUM *q, BIGNUM *g,
301 if (BN_num_bits(p) != L)
303 if (BN_num_bits(q) != N)
305 if (BN_is_prime_ex(p, BN_prime_checks, ctx, NULL) != 1)
307 if (BN_is_prime_ex(q, BN_prime_checks, ctx, NULL) != 1)
310 if (!BN_mod(rem, p, q, ctx) || !BN_is_one(rem)
311 || (BN_cmp(g, BN_value_one()) <= 0)
312 || !BN_mod_exp(rem, g, q, p, ctx) || !BN_is_one(rem))
326 char *keyword, *value;
327 BIGNUM *p = NULL, *q = NULL, *g = NULL, *X = NULL, *Y = NULL;
336 while(fgets(buf,sizeof buf,stdin) != NULL)
338 if (!parse_line(&keyword, &value, lbuf, buf))
343 if(!strcmp(keyword,"[mod"))
355 if (!parse_mod(value, &dsa2, &L, &N, NULL))
357 fprintf(stderr, "Mod Parse Error\n");
361 else if(!strcmp(keyword,"P"))
363 else if(!strcmp(keyword,"Q"))
365 else if(!strcmp(keyword,"G"))
367 else if(!strcmp(keyword,"X"))
369 else if(!strcmp(keyword,"Y"))
372 if (!p || !q || !g || !X || !Y)
374 fprintf(stderr, "Parse Error\n");
384 if (dss_paramcheck(L, N, p, q, g, ctx))
390 printf("Result = F\n");
393 if (!BN_mod_exp(Y2, g, X, p, ctx) || BN_cmp(Y2, Y))
394 printf("Result = F\n");
396 printf("Result = P\n");
414 static void keypair()
418 char *keyword, *value;
421 while(fgets(buf,sizeof buf,stdin) != NULL)
423 if (!parse_line(&keyword, &value, lbuf, buf))
427 if(!strcmp(keyword,"[mod"))
429 if (!parse_mod(value, &dsa2, &L, &N, NULL))
431 fprintf(stderr, "Mod Parse Error\n");
436 else if(!strcmp(keyword,"N"))
441 dsa = FIPS_dsa_new();
442 if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, NULL, NULL, 0,
443 NULL, NULL, NULL, NULL))
445 fprintf(stderr, "Parameter Generation error\n");
448 if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, NULL, NULL, 0,
449 NULL, NULL, NULL, NULL) <= 0)
451 fprintf(stderr, "Parameter Generation error\n");
461 if (!DSA_generate_key(dsa))
464 pbn("X",dsa->priv_key);
465 pbn("Y",dsa->pub_key);
476 char *keyword, *value;
478 const EVP_MD *md = NULL;
481 while(fgets(buf,sizeof buf,stdin) != NULL)
483 if (!parse_line(&keyword, &value, lbuf, buf))
489 if(!strcmp(keyword,"[mod"))
491 if (!parse_mod(value, &dsa2, &L, &N, &md))
493 fprintf(stderr, "Mod Parse Error\n");
498 dsa = FIPS_dsa_new();
499 if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md, NULL, 0,
500 NULL, NULL, NULL, NULL))
502 fprintf(stderr, "Parameter Generation error\n");
505 if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md, NULL, 0,
506 NULL, NULL, NULL, NULL) <= 0)
508 fprintf(stderr, "Parameter Generation error\n");
516 else if(!strcmp(keyword,"Msg"))
518 unsigned char msg[1024];
522 EVP_MD_CTX_init(&mctx);
524 n=hex2bin(value,msg);
526 if (!DSA_generate_key(dsa))
528 pbn("Y",dsa->pub_key);
530 EVP_DigestInit_ex(&mctx, md, NULL);
531 EVP_DigestUpdate(&mctx, msg, n);
532 sig = FIPS_dsa_sign_ctx(dsa, &mctx);
538 EVP_MD_CTX_cleanup(&mctx);
550 unsigned char msg[1024];
551 char *keyword, *value;
554 const EVP_MD *md = NULL;
555 DSA_SIG sg, *sig = &sg;
560 while(fgets(buf,sizeof buf,stdin) != NULL)
562 if (!parse_line(&keyword, &value, lbuf, buf))
568 if(!strcmp(keyword,"[mod"))
570 if (!parse_mod(value, &dsa2, &L, &N, &md))
572 fprintf(stderr, "Mod Parse Error\n");
577 dsa = FIPS_dsa_new();
579 else if(!strcmp(keyword,"P"))
580 dsa->p=hex2bn(value);
581 else if(!strcmp(keyword,"Q"))
582 dsa->q=hex2bn(value);
583 else if(!strcmp(keyword,"G"))
584 dsa->g=hex2bn(value);
585 else if(!strcmp(keyword,"Msg"))
586 n=hex2bin(value,msg);
587 else if(!strcmp(keyword,"Y"))
588 dsa->pub_key=hex2bn(value);
589 else if(!strcmp(keyword,"R"))
590 sig->r=hex2bn(value);
591 else if(!strcmp(keyword,"S"))
595 EVP_MD_CTX_init(&mctx);
596 sig->s=hex2bn(value);
598 EVP_DigestInit_ex(&mctx, md, NULL);
599 EVP_DigestUpdate(&mctx, msg, n);
601 r = FIPS_dsa_verify_ctx(dsa, &mctx, sig);
603 EVP_MD_CTX_cleanup(&mctx);
605 printf("Result = %c\n", r == 1 ? 'P' : 'F');
611 int main(int argc,char **argv)
615 fprintf(stderr,"%s [prime|pqg|pqgver|keypair|keyver|siggen|sigver]\n",argv[0]);
618 fips_set_error_print();
619 if(!FIPS_mode_set(1))
621 if(!strcmp(argv[1],"prime"))
623 else if(!strcmp(argv[1],"pqg"))
625 else if(!strcmp(argv[1],"pqgver"))
627 else if(!strcmp(argv[1],"keypair"))
629 else if(!strcmp(argv[1],"keyver"))
631 else if(!strcmp(argv[1],"siggen"))
633 else if(!strcmp(argv[1],"sigver"))
637 fprintf(stderr,"Don't know how to %s.\n",argv[1]);