2 #define OPENSSL_FIPSAPI
3 #include <openssl/opensslconf.h>
8 int main(int argc, char **argv)
10 printf("No FIPS DSA support\n");
15 #include <openssl/bn.h>
16 #include <openssl/dsa.h>
17 #include <openssl/fips.h>
18 #include <openssl/err.h>
19 #include <openssl/evp.h>
25 static int parse_mod(char *line, int *pdsa2, int *pL, int *pN,
29 char *keyword, *value;
32 p = strchr(line, ',');
44 if (!parse_line(&keyword, &value, lbuf, line))
46 if (strcmp(keyword, "L"))
51 p = strchr(line, ',');
53 p = strchr(line, ']');
57 if (!parse_line(&keyword, &value, lbuf, line))
59 if (strcmp(keyword, "N"))
65 p = strchr(line, ']');
72 if (!strcmp(p, "SHA-1"))
74 else if (!strcmp(p, "SHA-224"))
76 else if (!strcmp(p, "SHA-256"))
78 else if (!strcmp(p, "SHA-384"))
80 else if (!strcmp(p, "SHA-512"))
89 static void pbn(const char *name, BIGNUM *bn)
93 len = BN_num_bytes(bn);
94 tmp = OPENSSL_malloc(len);
97 fprintf(stderr, "Memory allocation error\n");
101 printf("%s = ", name);
102 for (i = 0; i < len; i++)
103 printf("%02X", tmp[i]);
113 char *keyword, *value;
115 while(fgets(buf,sizeof buf,stdin) != NULL)
118 if (!parse_line(&keyword, &value, lbuf, buf))
120 if(!strcmp(keyword,"Prime"))
125 do_hex2bn(&pp,value);
126 printf("result= %c\n",
127 BN_is_prime_ex(pp,20,NULL,NULL) ? 'P' : 'F');
132 int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
133 const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
134 unsigned char *seed_out,
135 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
136 int dsa_builtin_paramgen2(DSA *ret, size_t bits, size_t qbits,
137 const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
138 unsigned char *seed_out,
139 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
145 char *keyword, *value;
147 const EVP_MD *md = NULL;
149 while(fgets(buf,sizeof buf,stdin) != NULL)
151 if (!parse_line(&keyword, &value, lbuf, buf))
156 if(!strcmp(keyword,"[mod"))
159 if (!parse_mod(value, &dsa2, &L, &N, &md))
161 fprintf(stderr, "Mod Parse Error\n");
165 else if(!strcmp(keyword,"N"))
171 unsigned char seed[EVP_MAX_MD_SIZE];
175 dsa = FIPS_dsa_new();
177 if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md,
181 fprintf(stderr, "Parameter Generation error\n");
184 if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md,
186 &counter, &h, NULL) <= 0)
188 fprintf(stderr, "Parameter Generation error\n");
195 pv("Seed",seed, M_EVP_MD_size(md));
196 printf("c = %d\n",counter);
197 printf("H = %lx\n",h);
210 char *keyword, *value;
211 BIGNUM *p = NULL, *q = NULL, *g = NULL;
212 int counter, counter2;
215 int dsa2, L, N, part_test = 0;
216 const EVP_MD *md = NULL;
218 unsigned char seed[1024];
220 while(fgets(buf,sizeof buf,stdin) != NULL)
222 if (!parse_line(&keyword, &value, lbuf, buf))
233 if(!strcmp(keyword,"[mod"))
235 if (!parse_mod(value, &dsa2, &L, &N, &md))
237 fprintf(stderr, "Mod Parse Error\n");
241 else if(!strcmp(keyword,"P"))
243 else if(!strcmp(keyword,"Q"))
245 else if(!strcmp(keyword,"G"))
247 else if(!strcmp(keyword,"Seed"))
249 seedlen = hex2bin(value, seed);
250 if (!dsa2 && seedlen != 20)
252 fprintf(stderr, "Seed parse length error\n");
256 else if(!strcmp(keyword,"c"))
257 counter =atoi(buf+4);
259 if(!strcmp(keyword,"H") || part_test)
263 if (!p || !q || (!g && !part_test))
265 fprintf(stderr, "Parse Error\n");
268 dsa = FIPS_dsa_new();
269 if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md,
271 &counter2, &h2, NULL))
273 fprintf(stderr, "Parameter Generation error\n");
276 if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md,
278 &counter2, &h2, NULL) < 0)
280 fprintf(stderr, "Parameter Generation error\n");
283 if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) ||
285 ((BN_cmp(dsa->g, g) || (counter != counter2) || (h != h2)))))
286 printf("Result = F\n");
288 printf("Result = P\n");
306 /* Keypair verification routine. NB: this isn't part of the standard FIPS140-2
307 * algorithm tests. It is an additional test to perform sanity checks on the
308 * output of the KeyPair test.
311 static int dss_paramcheck(int L, int N, BIGNUM *p, BIGNUM *q, BIGNUM *g,
315 if (BN_num_bits(p) != L)
317 if (BN_num_bits(q) != N)
319 if (BN_is_prime_ex(p, BN_prime_checks, ctx, NULL) != 1)
321 if (BN_is_prime_ex(q, BN_prime_checks, ctx, NULL) != 1)
324 if (!BN_mod(rem, p, q, ctx) || !BN_is_one(rem)
325 || (BN_cmp(g, BN_value_one()) <= 0)
326 || !BN_mod_exp(rem, g, q, p, ctx) || !BN_is_one(rem))
340 char *keyword, *value;
341 BIGNUM *p = NULL, *q = NULL, *g = NULL, *X = NULL, *Y = NULL;
350 while(fgets(buf,sizeof buf,stdin) != NULL)
352 if (!parse_line(&keyword, &value, lbuf, buf))
357 if(!strcmp(keyword,"[mod"))
369 if (!parse_mod(value, &dsa2, &L, &N, NULL))
371 fprintf(stderr, "Mod Parse Error\n");
375 else if(!strcmp(keyword,"P"))
377 else if(!strcmp(keyword,"Q"))
379 else if(!strcmp(keyword,"G"))
381 else if(!strcmp(keyword,"X"))
383 else if(!strcmp(keyword,"Y"))
386 if (!p || !q || !g || !X || !Y)
388 fprintf(stderr, "Parse Error\n");
398 if (dss_paramcheck(L, N, p, q, g, ctx))
404 printf("Result = F\n");
407 if (!BN_mod_exp(Y2, g, X, p, ctx) || BN_cmp(Y2, Y))
408 printf("Result = F\n");
410 printf("Result = P\n");
428 static void keypair()
432 char *keyword, *value;
435 while(fgets(buf,sizeof buf,stdin) != NULL)
437 if (!parse_line(&keyword, &value, lbuf, buf))
441 if(!strcmp(keyword,"[mod"))
443 if (!parse_mod(value, &dsa2, &L, &N, NULL))
445 fprintf(stderr, "Mod Parse Error\n");
450 else if(!strcmp(keyword,"N"))
455 dsa = FIPS_dsa_new();
456 if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, NULL, NULL, 0,
457 NULL, NULL, NULL, NULL))
459 fprintf(stderr, "Parameter Generation error\n");
462 if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, NULL, NULL, 0,
463 NULL, NULL, NULL, NULL) <= 0)
465 fprintf(stderr, "Parameter Generation error\n");
475 if (!DSA_generate_key(dsa))
478 pbn("X",dsa->priv_key);
479 pbn("Y",dsa->pub_key);
490 char *keyword, *value;
492 const EVP_MD *md = NULL;
495 while(fgets(buf,sizeof buf,stdin) != NULL)
497 if (!parse_line(&keyword, &value, lbuf, buf))
503 if(!strcmp(keyword,"[mod"))
505 if (!parse_mod(value, &dsa2, &L, &N, &md))
507 fprintf(stderr, "Mod Parse Error\n");
512 dsa = FIPS_dsa_new();
513 if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md, NULL, 0,
514 NULL, NULL, NULL, NULL))
516 fprintf(stderr, "Parameter Generation error\n");
519 if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md, NULL, 0,
520 NULL, NULL, NULL, NULL) <= 0)
522 fprintf(stderr, "Parameter Generation error\n");
530 else if(!strcmp(keyword,"Msg"))
532 unsigned char msg[1024];
536 EVP_MD_CTX_init(&mctx);
538 n=hex2bin(value,msg);
540 if (!DSA_generate_key(dsa))
542 pbn("Y",dsa->pub_key);
544 EVP_DigestInit_ex(&mctx, md, NULL);
545 EVP_DigestUpdate(&mctx, msg, n);
546 sig = FIPS_dsa_sign_ctx(dsa, &mctx);
552 EVP_MD_CTX_cleanup(&mctx);
564 unsigned char msg[1024];
565 char *keyword, *value;
568 const EVP_MD *md = NULL;
569 DSA_SIG sg, *sig = &sg;
574 while(fgets(buf,sizeof buf,stdin) != NULL)
576 if (!parse_line(&keyword, &value, lbuf, buf))
582 if(!strcmp(keyword,"[mod"))
584 if (!parse_mod(value, &dsa2, &L, &N, &md))
586 fprintf(stderr, "Mod Parse Error\n");
591 dsa = FIPS_dsa_new();
593 else if(!strcmp(keyword,"P"))
594 dsa->p=hex2bn(value);
595 else if(!strcmp(keyword,"Q"))
596 dsa->q=hex2bn(value);
597 else if(!strcmp(keyword,"G"))
598 dsa->g=hex2bn(value);
599 else if(!strcmp(keyword,"Msg"))
600 n=hex2bin(value,msg);
601 else if(!strcmp(keyword,"Y"))
602 dsa->pub_key=hex2bn(value);
603 else if(!strcmp(keyword,"R"))
604 sig->r=hex2bn(value);
605 else if(!strcmp(keyword,"S"))
609 EVP_MD_CTX_init(&mctx);
610 sig->s=hex2bn(value);
612 EVP_DigestInit_ex(&mctx, md, NULL);
613 EVP_DigestUpdate(&mctx, msg, n);
615 r = FIPS_dsa_verify_ctx(dsa, &mctx, sig);
617 EVP_MD_CTX_cleanup(&mctx);
619 printf("Result = %c\n", r == 1 ? 'P' : 'F');
625 int main(int argc,char **argv)
629 fprintf(stderr,"%s [prime|pqg|pqgver|keypair|keyver|siggen|sigver]\n",argv[0]);
632 fips_set_error_print();
633 if(!FIPS_mode_set(1))
635 if(!strcmp(argv[1],"prime"))
637 else if(!strcmp(argv[1],"pqg"))
639 else if(!strcmp(argv[1],"pqgver"))
641 else if(!strcmp(argv[1],"keypair"))
643 else if(!strcmp(argv[1],"keyver"))
645 else if(!strcmp(argv[1],"siggen"))
647 else if(!strcmp(argv[1],"sigver"))
651 fprintf(stderr,"Don't know how to %s.\n",argv[1]);