2 #define OPENSSL_FIPSAPI
3 #include <openssl/opensslconf.h>
8 int main(int argc, char **argv)
10 printf("No FIPS DSA support\n");
15 #include <openssl/bn.h>
16 #include <openssl/dsa.h>
17 #include <openssl/fips.h>
18 #include <openssl/err.h>
19 #include <openssl/evp.h>
25 static int parse_mod(char *line, int *pdsa2, int *pL, int *pN,
29 char *keyword, *value;
32 p = strchr(line, ',');
44 if (!parse_line2(&keyword, &value, lbuf, line, 0))
46 if (strcmp(keyword, "L"))
51 p = strchr(line, ',');
53 p = strchr(line, ']');
57 if (!parse_line2(&keyword, &value, lbuf, line, 0))
59 if (strcmp(keyword, "N"))
65 p = strchr(line, ']');
72 if (!strcmp(p, "SHA-1"))
74 else if (!strcmp(p, "SHA-224"))
76 else if (!strcmp(p, "SHA-256"))
78 else if (!strcmp(p, "SHA-384"))
80 else if (!strcmp(p, "SHA-512"))
87 static void primes(FILE *in, FILE *out)
91 char *keyword, *value;
93 while(fgets(buf,sizeof buf,in) != NULL)
96 if (!parse_line(&keyword, &value, lbuf, buf))
98 if(!strcmp(keyword,"Prime"))
103 do_hex2bn(&pp,value);
104 fprintf(out, "result= %c\n",
105 BN_is_prime_ex(pp,20,NULL,NULL) ? 'P' : 'F');
110 int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
111 const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
112 unsigned char *seed_out,
113 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
114 int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
115 const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
116 int idx, unsigned char *seed_out,
117 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
119 static void pqg(FILE *in, FILE *out)
123 char *keyword, *value;
125 const EVP_MD *md = NULL;
127 while(fgets(buf,sizeof buf,in) != NULL)
129 if (!parse_line(&keyword, &value, lbuf, buf))
134 if(!strcmp(keyword,"[mod"))
137 if (!parse_mod(value, &dsa2, &L, &N, &md))
139 fprintf(stderr, "Mod Parse Error\n");
143 else if(!strcmp(keyword,"N"))
149 unsigned char seed[EVP_MAX_MD_SIZE];
153 dsa = FIPS_dsa_new();
155 if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md,
159 fprintf(stderr, "Parameter Generation error\n");
162 if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md,
164 &counter, &h, NULL) <= 0)
166 fprintf(stderr, "Parameter Generation error\n");
170 do_bn_print_name(out, "P",dsa->p);
171 do_bn_print_name(out, "Q",dsa->q);
172 do_bn_print_name(out, "G",dsa->g);
173 OutputValue("Seed",seed, M_EVP_MD_size(md), out, 0);
174 fprintf(out, "c = %d\n",counter);
175 fprintf(out, "H = %lx\n\n",h);
183 static void pqgver(FILE *in, FILE *out)
187 char *keyword, *value;
188 BIGNUM *p = NULL, *q = NULL, *g = NULL;
189 int counter=-1, counter2;
190 unsigned long h=0, h2;
192 int dsa2, L, N, part_test = 0;
193 const EVP_MD *md = NULL;
194 int seedlen=-1, idxlen, idx = -1;
195 unsigned char seed[1024], idtmp[1024];
197 while(fgets(buf,sizeof buf,in) != NULL)
199 if (!parse_line(&keyword, &value, lbuf, buf))
210 if(!strcmp(keyword,"[mod"))
212 if (!parse_mod(value, &dsa2, &L, &N, &md))
214 fprintf(stderr, "Mod Parse Error\n");
218 else if(!strcmp(keyword,"P"))
220 else if(!strcmp(keyword,"Q"))
222 else if(!strcmp(keyword,"G"))
224 else if(!strcmp(keyword,"Seed")
225 || !strcmp(keyword,"domain_parameter_seed"))
227 seedlen = hex2bin(value, seed);
228 if (!dsa2 && seedlen != 20)
230 fprintf(stderr, "Seed parse length error\n");
236 else if(!strcmp(keyword,"index"))
238 idxlen = hex2bin(value, idtmp);
241 fprintf(stderr, "Index value error\n");
246 else if(!strcmp(keyword,"c"))
247 counter = atoi(buf+4);
249 if(!strcmp(keyword,"H") || part_test)
253 if (!p || !q || (!g && !part_test))
255 fprintf(stderr, "Parse Error\n");
258 dsa = FIPS_dsa_new();
264 if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md,
266 &counter2, &h2, NULL))
268 fprintf(stderr, "Parameter Generation error\n");
271 if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md,
272 seed, seedlen, idx, NULL,
273 &counter2, &h2, NULL) < 0)
275 fprintf(stderr, "Parameter Generation error\n");
280 if (BN_cmp(dsa->g, g))
281 fprintf(out, "Result = F\n");
283 fprintf(out, "Result = P\n");
285 else if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) ||
287 ((BN_cmp(dsa->g, g) || (counter != counter2) || (h != h2)))))
288 fprintf(out, "Result = F\n");
290 fprintf(out, "Result = P\n");
310 /* Keypair verification routine. NB: this isn't part of the standard FIPS140-2
311 * algorithm tests. It is an additional test to perform sanity checks on the
312 * output of the KeyPair test.
315 static int dss_paramcheck(int L, int N, BIGNUM *p, BIGNUM *q, BIGNUM *g,
319 if (BN_num_bits(p) != L)
321 if (BN_num_bits(q) != N)
323 if (BN_is_prime_ex(p, BN_prime_checks, ctx, NULL) != 1)
325 if (BN_is_prime_ex(q, BN_prime_checks, ctx, NULL) != 1)
328 if (!BN_mod(rem, p, q, ctx) || !BN_is_one(rem)
329 || (BN_cmp(g, BN_value_one()) <= 0)
330 || !BN_mod_exp(rem, g, q, p, ctx) || !BN_is_one(rem))
340 static void keyver(FILE *in, FILE *out)
344 char *keyword, *value;
345 BIGNUM *p = NULL, *q = NULL, *g = NULL, *X = NULL, *Y = NULL;
354 while(fgets(buf,sizeof buf,in) != NULL)
356 if (!parse_line(&keyword, &value, lbuf, buf))
361 if(!strcmp(keyword,"[mod"))
373 if (!parse_mod(value, &dsa2, &L, &N, NULL))
375 fprintf(stderr, "Mod Parse Error\n");
379 else if(!strcmp(keyword,"P"))
381 else if(!strcmp(keyword,"Q"))
383 else if(!strcmp(keyword,"G"))
385 else if(!strcmp(keyword,"X"))
387 else if(!strcmp(keyword,"Y"))
390 if (!p || !q || !g || !X || !Y)
392 fprintf(stderr, "Parse Error\n");
395 do_bn_print_name(out, "P",p);
396 do_bn_print_name(out, "Q",q);
397 do_bn_print_name(out, "G",g);
398 do_bn_print_name(out, "X",X);
399 do_bn_print_name(out, "Y",Y);
402 if (dss_paramcheck(L, N, p, q, g, ctx))
408 fprintf(out, "Result = F\n");
411 if (!BN_mod_exp(Y2, g, X, p, ctx) || BN_cmp(Y2, Y))
412 fprintf(out, "Result = F\n");
414 fprintf(out, "Result = P\n");
432 static void keypair(FILE *in, FILE *out)
436 char *keyword, *value;
439 while(fgets(buf,sizeof buf,in) != NULL)
441 if (!parse_line(&keyword, &value, lbuf, buf))
445 if(!strcmp(keyword,"[mod"))
447 if (!parse_mod(value, &dsa2, &L, &N, NULL))
449 fprintf(stderr, "Mod Parse Error\n");
454 else if(!strcmp(keyword,"N"))
459 dsa = FIPS_dsa_new();
460 if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, NULL, NULL, 0,
461 NULL, NULL, NULL, NULL))
463 fprintf(stderr, "Parameter Generation error\n");
466 if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, NULL, NULL, 0, -1,
467 NULL, NULL, NULL, NULL) <= 0)
469 fprintf(stderr, "Parameter Generation error\n");
472 do_bn_print_name(out, "P",dsa->p);
473 do_bn_print_name(out, "Q",dsa->q);
474 do_bn_print_name(out, "G",dsa->g);
479 if (!DSA_generate_key(dsa))
482 do_bn_print_name(out, "X",dsa->priv_key);
483 do_bn_print_name(out, "Y",dsa->pub_key);
490 static void siggen(FILE *in, FILE *out)
494 char *keyword, *value;
496 const EVP_MD *md = NULL;
499 while(fgets(buf,sizeof buf,in) != NULL)
501 if (!parse_line(&keyword, &value, lbuf, buf))
507 if(!strcmp(keyword,"[mod"))
509 if (!parse_mod(value, &dsa2, &L, &N, &md))
511 fprintf(stderr, "Mod Parse Error\n");
516 dsa = FIPS_dsa_new();
517 if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md, NULL, 0,
518 NULL, NULL, NULL, NULL))
520 fprintf(stderr, "Parameter Generation error\n");
523 if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md, NULL, 0, -1,
524 NULL, NULL, NULL, NULL) <= 0)
526 fprintf(stderr, "Parameter Generation error\n");
529 do_bn_print_name(out, "P",dsa->p);
530 do_bn_print_name(out, "Q",dsa->q);
531 do_bn_print_name(out, "G",dsa->g);
534 else if(!strcmp(keyword,"Msg"))
536 unsigned char msg[1024];
540 FIPS_md_ctx_init(&mctx);
542 n=hex2bin(value,msg);
544 if (!DSA_generate_key(dsa))
546 do_bn_print_name(out, "Y",dsa->pub_key);
548 FIPS_digestinit(&mctx, md);
549 FIPS_digestupdate(&mctx, msg, n);
550 sig = FIPS_dsa_sign_ctx(dsa, &mctx);
552 do_bn_print_name(out, "R",sig->r);
553 do_bn_print_name(out, "S",sig->s);
555 FIPS_dsa_sig_free(sig);
556 FIPS_md_ctx_cleanup(&mctx);
563 static void sigver(FILE *in, FILE *out)
568 unsigned char msg[1024];
569 char *keyword, *value;
572 const EVP_MD *md = NULL;
573 DSA_SIG sg, *sig = &sg;
578 while(fgets(buf,sizeof buf,in) != NULL)
580 if (!parse_line(&keyword, &value, lbuf, buf))
586 if(!strcmp(keyword,"[mod"))
588 if (!parse_mod(value, &dsa2, &L, &N, &md))
590 fprintf(stderr, "Mod Parse Error\n");
595 dsa = FIPS_dsa_new();
597 else if(!strcmp(keyword,"P"))
598 dsa->p=hex2bn(value);
599 else if(!strcmp(keyword,"Q"))
600 dsa->q=hex2bn(value);
601 else if(!strcmp(keyword,"G"))
602 dsa->g=hex2bn(value);
603 else if(!strcmp(keyword,"Msg"))
604 n=hex2bin(value,msg);
605 else if(!strcmp(keyword,"Y"))
606 dsa->pub_key=hex2bn(value);
607 else if(!strcmp(keyword,"R"))
608 sig->r=hex2bn(value);
609 else if(!strcmp(keyword,"S"))
613 FIPS_md_ctx_init(&mctx);
614 sig->s=hex2bn(value);
616 FIPS_digestinit(&mctx, md);
617 FIPS_digestupdate(&mctx, msg, n);
619 r = FIPS_dsa_verify_ctx(dsa, &mctx, sig);
621 FIPS_md_ctx_cleanup(&mctx);
623 fprintf(out, "Result = %c\n\n", r == 1 ? 'P' : 'F');
628 int main(int argc,char **argv)
633 in = fopen(argv[2], "r");
636 fprintf(stderr, "Error opening input file\n");
639 out = fopen(argv[3], "w");
642 fprintf(stderr, "Error opening output file\n");
653 fprintf(stderr,"%s [prime|pqg|pqgver|keypair|keyver|siggen|sigver]\n",argv[0]);
657 if(!strcmp(argv[1],"prime"))
659 else if(!strcmp(argv[1],"pqg"))
661 else if(!strcmp(argv[1],"pqgver"))
663 else if(!strcmp(argv[1],"keypair"))
665 else if(!strcmp(argv[1],"keyver"))
667 else if(!strcmp(argv[1],"siggen"))
669 else if(!strcmp(argv[1],"sigver"))
673 fprintf(stderr,"Don't know how to %s.\n",argv[1]);