1 #include <openssl/opensslconf.h>
6 int main(int argc, char **argv)
8 printf("No FIPS DSA support\n");
13 #define OPENSSL_FIPSAPI
15 #include <openssl/bn.h>
16 #include <openssl/dsa.h>
17 #include <openssl/fips.h>
18 #include <openssl/err.h>
19 #include <openssl/evp.h>
25 static void pbn(const char *name, BIGNUM *bn)
29 len = BN_num_bytes(bn);
30 tmp = OPENSSL_malloc(len);
33 fprintf(stderr, "Memory allocation error\n");
37 printf("%s = ", name);
38 for (i = 0; i < len; i++)
39 printf("%02X", tmp[i]);
49 char *keyword, *value;
51 while(fgets(buf,sizeof buf,stdin) != NULL)
54 if (!parse_line(&keyword, &value, lbuf, buf))
56 if(!strcmp(keyword,"Prime"))
62 printf("result= %c\n",
63 BN_is_prime_ex(pp,20,NULL,NULL) ? 'P' : 'F');
68 int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
69 const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
70 unsigned char *seed_out,
71 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
77 char *keyword, *value;
80 while(fgets(buf,sizeof buf,stdin) != NULL)
82 if (!parse_line(&keyword, &value, lbuf, buf))
87 if(!strcmp(keyword,"[mod"))
89 else if(!strcmp(keyword,"N"))
93 printf("[mod = %d]\n\n",nmod);
97 unsigned char seed[EVP_MAX_MD_SIZE];
101 dsa = FIPS_dsa_new();
103 if (!dsa_builtin_paramgen(dsa, nmod, 160, NULL, NULL, 0,
104 seed,&counter,&h,NULL))
110 printf("c = %d\n",counter);
111 printf("H = %lx\n",h);
124 char *keyword, *value;
125 BIGNUM *p = NULL, *q = NULL, *g = NULL;
126 int counter, counter2;
130 unsigned char seed[1024];
132 while(fgets(buf,sizeof buf,stdin) != NULL)
134 if (!parse_line(&keyword, &value, lbuf, buf))
140 if(!strcmp(keyword,"[mod"))
142 else if(!strcmp(keyword,"P"))
144 else if(!strcmp(keyword,"Q"))
146 else if(!strcmp(keyword,"G"))
148 else if(!strcmp(keyword,"Seed"))
150 int slen = hex2bin(value, seed);
153 fprintf(stderr, "Seed parse length error\n");
157 else if(!strcmp(keyword,"c"))
158 counter =atoi(buf+4);
159 else if(!strcmp(keyword,"H"))
164 fprintf(stderr, "Parse Error\n");
167 dsa = FIPS_dsa_new();
168 if (!DSA_generate_parameters_ex(dsa, nmod,seed,20 ,&counter2,&h2,NULL))
170 if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) || BN_cmp(dsa->g, g)
171 || (counter != counter2) || (h != h2))
172 printf("Result = F\n");
174 printf("Result = P\n");
187 /* Keypair verification routine. NB: this isn't part of the standard FIPS140-2
188 * algorithm tests. It is an additional test to perform sanity checks on the
189 * output of the KeyPair test.
192 static int dss_paramcheck(int nmod, BIGNUM *p, BIGNUM *q, BIGNUM *g,
196 if (BN_num_bits(p) != nmod)
198 if (BN_num_bits(q) != 160)
200 if (BN_is_prime_ex(p, BN_prime_checks, ctx, NULL) != 1)
202 if (BN_is_prime_ex(q, BN_prime_checks, ctx, NULL) != 1)
205 if (!BN_mod(rem, p, q, ctx) || !BN_is_one(rem)
206 || (BN_cmp(g, BN_value_one()) <= 0)
207 || !BN_mod_exp(rem, g, q, p, ctx) || !BN_is_one(rem))
221 char *keyword, *value;
222 BIGNUM *p = NULL, *q = NULL, *g = NULL, *X = NULL, *Y = NULL;
225 int nmod=0, paramcheck = 0;
230 while(fgets(buf,sizeof buf,stdin) != NULL)
232 if (!parse_line(&keyword, &value, lbuf, buf))
237 if(!strcmp(keyword,"[mod"))
251 else if(!strcmp(keyword,"P"))
253 else if(!strcmp(keyword,"Q"))
255 else if(!strcmp(keyword,"G"))
257 else if(!strcmp(keyword,"X"))
259 else if(!strcmp(keyword,"Y"))
262 if (!p || !q || !g || !X || !Y)
264 fprintf(stderr, "Parse Error\n");
274 if (dss_paramcheck(nmod, p, q, g, ctx))
280 printf("Result = F\n");
283 if (!BN_mod_exp(Y2, g, X, p, ctx) || BN_cmp(Y2, Y))
284 printf("Result = F\n");
286 printf("Result = P\n");
304 static void keypair()
308 char *keyword, *value;
311 while(fgets(buf,sizeof buf,stdin) != NULL)
313 if (!parse_line(&keyword, &value, lbuf, buf))
318 if(!strcmp(keyword,"[mod"))
320 else if(!strcmp(keyword,"N"))
325 printf("[mod = %d]\n\n",nmod);
326 dsa = FIPS_dsa_new();
327 if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL))
336 if (!DSA_generate_key(dsa))
339 pbn("X",dsa->priv_key);
340 pbn("Y",dsa->pub_key);
351 char *keyword, *value;
355 while(fgets(buf,sizeof buf,stdin) != NULL)
357 if (!parse_line(&keyword, &value, lbuf, buf))
362 if(!strcmp(keyword,"[mod"))
365 printf("[mod = %d]\n\n",nmod);
368 dsa = FIPS_dsa_new();
369 if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL))
376 else if(!strcmp(keyword,"Msg"))
378 unsigned char msg[1024];
382 EVP_MD_CTX_init(&mctx);
384 n=hex2bin(value,msg);
387 if (!DSA_generate_key(dsa))
389 pbn("Y",dsa->pub_key);
391 EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL);
392 EVP_DigestUpdate(&mctx, msg, n);
393 sig = FIPS_dsa_sign_ctx(dsa, &mctx);
399 EVP_MD_CTX_cleanup(&mctx);
411 unsigned char msg[1024];
412 char *keyword, *value;
414 DSA_SIG sg, *sig = &sg;
419 while(fgets(buf,sizeof buf,stdin) != NULL)
421 if (!parse_line(&keyword, &value, lbuf, buf))
426 if(!strcmp(keyword,"[mod"))
433 else if(!strcmp(keyword,"P"))
434 dsa->p=hex2bn(value);
435 else if(!strcmp(keyword,"Q"))
436 dsa->q=hex2bn(value);
437 else if(!strcmp(keyword,"G"))
439 dsa->g=hex2bn(value);
441 printf("[mod = %d]\n\n",nmod);
447 else if(!strcmp(keyword,"Msg"))
449 n=hex2bin(value,msg);
452 else if(!strcmp(keyword,"Y"))
453 dsa->pub_key=hex2bn(value);
454 else if(!strcmp(keyword,"R"))
455 sig->r=hex2bn(value);
456 else if(!strcmp(keyword,"S"))
460 EVP_MD_CTX_init(&mctx);
461 sig->s=hex2bn(value);
463 pbn("Y",dsa->pub_key);
466 EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL);
467 EVP_DigestUpdate(&mctx, msg, n);
469 r = FIPS_dsa_verify_ctx(dsa, &mctx, sig);
471 EVP_MD_CTX_cleanup(&mctx);
473 printf("Result = %c\n", r == 1 ? 'P' : 'F');
479 int main(int argc,char **argv)
483 fprintf(stderr,"%s [prime|pqg|pqgver|keypair|siggen|sigver]\n",argv[0]);
486 fips_set_error_print();
487 if(!FIPS_mode_set(1))
489 if(!strcmp(argv[1],"prime"))
491 else if(!strcmp(argv[1],"pqg"))
493 else if(!strcmp(argv[1],"pqgver"))
495 else if(!strcmp(argv[1],"keypair"))
497 else if(!strcmp(argv[1],"keyver"))
499 else if(!strcmp(argv[1],"siggen"))
501 else if(!strcmp(argv[1],"sigver"))
505 fprintf(stderr,"Don't know how to %s.\n",argv[1]);