fips/ecdsa/fips_ecdsavs.c

   1 #define OPENSSL_FIPSAPI
   2 #include <openssl/opensslconf.h>
   3
   4 #ifndef OPENSSL_FIPS
   5 #include <stdio.h>
   6
   7 int main(int argc, char **argv)
   8 {
   9     printf("No FIPS ECDSA support\n");
  10     return(0);
  11 }
  12 #else
  13
  14 #include <string.h>
  15 #include <ctype.h>
  16 #include <openssl/err.h>
  17 #include <openssl/bn.h>
  18 #include <openssl/ecdsa.h>
  19 #include <openssl/evp.h>
  20 #include "fips_utl.h"
  21
  22 #include <openssl/objects.h>
  23
  24
  25 static int lookup_curve(char *curve_name, const EVP_MD **pmd)
  26         {
  27         char *cname, *p;
  28         cname = curve_name + 1;
  29         p = strchr(cname, ']');
  30         if (!p)
  31                 {
  32                 fprintf(stderr, "Parse error: missing ]\n");
  33                 return NID_undef;
  34                 }
  35         *p = 0;
  36         p = strchr(cname, ',');
  37         if (p)
  38                 {
  39                 if (!pmd)
  40                         {
  41                         fprintf(stderr, "Parse error: unexpected digest\n");
  42                         return NID_undef;
  43                         }
  44                 *p = 0;
  45                 p++;
  46
  47                 if (!strcmp(p, "SHA-1"))
  48                         *pmd = EVP_sha1();
  49                 else if (!strcmp(p, "SHA-224"))
  50                         *pmd = EVP_sha224();
  51                 else if (!strcmp(p, "SHA-256"))
  52                         *pmd = EVP_sha256();
  53                 else if (!strcmp(p, "SHA-384"))
  54                         *pmd = EVP_sha384();
  55                 else if (!strcmp(p, "SHA-512"))
  56                         *pmd = EVP_sha512();
  57                 else
  58                         {
  59                         fprintf(stderr, "Unknown digest %s\n", p);
  60                         return NID_undef;
  61                         }
  62                 }
  63         else if(pmd)
  64                 *pmd = EVP_sha1();
  65
  66         if (!strcmp(cname, "B-163"))
  67                 return NID_sect163r2;
  68         if (!strcmp(cname, "B-233"))
  69                 return NID_sect233r1;
  70         if (!strcmp(cname, "B-283"))
  71                 return NID_sect283r1;
  72         if (!strcmp(cname, "B-409"))
  73                 return NID_sect409r1;
  74         if (!strcmp(cname, "B-571"))
  75                 return NID_sect571r1;
  76         if (!strcmp(cname, "K-163"))
  77                 return NID_sect163k1;
  78         if (!strcmp(cname, "K-233"))
  79                 return NID_sect233k1;
  80         if (!strcmp(cname, "K-283"))
  81                 return NID_sect283k1;
  82         if (!strcmp(cname, "K-409"))
  83                 return NID_sect409k1;
  84         if (!strcmp(cname, "K-571"))
  85                 return NID_sect571k1;
  86         if (!strcmp(cname, "P-192"))
  87                 return NID_X9_62_prime192v1;
  88         if (!strcmp(cname, "P-224"))
  89                 return NID_secp224r1;
  90         if (!strcmp(cname, "P-256"))
  91                 return NID_X9_62_prime256v1;
  92         if (!strcmp(cname, "P-384"))
  93                 return NID_secp384r1;
  94         if (!strcmp(cname, "P-521"))
  95                 return NID_secp521r1;
  96
  97         fprintf(stderr, "Unknown Curve name %s\n", cname);
  98         return NID_undef;
  99         }
 100
 101 static int PKV(void)
 102         {
 103
 104         char buf[2048], lbuf[2048];
 105         char *keyword, *value;
 106         int curve_nid = NID_undef;
 107         BIGNUM *Qx = NULL, *Qy = NULL;
 108         EC_KEY *key = NULL;
 109         while(fgets(buf, sizeof buf, stdin) != NULL)
 110                 {
 111                 fputs(buf, stdout);
 112                 if (*buf == '[')
 113                         {
 114                         curve_nid = lookup_curve(buf, NULL);
 115                         if (curve_nid == NID_undef)
 116                                 return 0;
 117
 118                         }
 119                 if (!parse_line(&keyword, &value, lbuf, buf))
 120                         continue;
 121                 if (!strcmp(keyword, "Qx"))
 122                         {
 123                         if (!do_hex2bn(&Qx, value))
 124                                 {
 125                                 fprintf(stderr, "Invalid Qx value\n");
 126                                 return 0;
 127                                 }
 128                         }
 129                 if (!strcmp(keyword, "Qy"))
 130                         {
 131                         int rv;
 132                         if (!do_hex2bn(&Qy, value))
 133                                 {
 134                                 fprintf(stderr, "Invalid Qy value\n");
 135                                 return 0;
 136                                 }
 137                         key = EC_KEY_new_by_curve_name(curve_nid);
 138                         rv = EC_KEY_set_public_key_affine_coordinates(key, Qx, Qy);
 139                         printf("Result = %s\n", rv ? "P":"F");
 140                         }
 141
 142                 }
 143         return 1;
 144         }
 145
 146 static int SigVer(void)
 147         {
 148         char buf[2048], lbuf[2048];
 149         char *keyword, *value;
 150         unsigned char *msg;
 151         int curve_nid = NID_undef;
 152         long mlen;
 153         BIGNUM *Qx = NULL, *Qy = NULL;
 154         EC_KEY *key = NULL;
 155         ECDSA_SIG sg, *sig = &sg;
 156         const EVP_MD *digest = NULL;
 157         EVP_MD_CTX mctx;
 158         EVP_MD_CTX_init(&mctx);
 159         sig->r = NULL;
 160         sig->s = NULL;
 161         while(fgets(buf, sizeof buf, stdin) != NULL)
 162                 {
 163                 fputs(buf, stdout);
 164                 if (*buf == '[')
 165                         {
 166                         curve_nid = lookup_curve(buf, &digest);
 167                         if (curve_nid == NID_undef)
 168                                 return 0;
 169                         }
 170                 if (!parse_line(&keyword, &value, lbuf, buf))
 171                         continue;
 172                 if (!strcmp(keyword, "Msg"))
 173                         {
 174                         msg = hex2bin_m(value, &mlen);
 175                         if (!msg)
 176                                 {
 177                                 fprintf(stderr, "Invalid Message\n");
 178                                 return 0;
 179                                 }
 180                         }
 181
 182                 if (!strcmp(keyword, "Qx"))
 183                         {
 184                         if (!do_hex2bn(&Qx, value))
 185                                 {
 186                                 fprintf(stderr, "Invalid Qx value\n");
 187                                 return 0;
 188                                 }
 189                         }
 190                 if (!strcmp(keyword, "Qy"))
 191                         {
 192                         if (!do_hex2bn(&Qy, value))
 193                                 {
 194                                 fprintf(stderr, "Invalid Qy value\n");
 195                                 return 0;
 196                                 }
 197                         }
 198                 if (!strcmp(keyword, "R"))
 199                         {
 200                         if (!do_hex2bn(&sig->r, value))
 201                                 {
 202                                 fprintf(stderr, "Invalid R value\n");
 203                                 return 0;
 204                                 }
 205                         }
 206                 if (!strcmp(keyword, "S"))
 207                         {
 208                         int rv;
 209                         if (!do_hex2bn(&sig->s, value))
 210                                 {
 211                                 fprintf(stderr, "Invalid S value\n");
 212                                 return 0;
 213                                 }
 214                         key = EC_KEY_new_by_curve_name(curve_nid);
 215                         rv = EC_KEY_set_public_key_affine_coordinates(key, Qx, Qy);
 216
 217                         if (rv != 1)
 218                                 {
 219                                 fprintf(stderr, "Error setting public key\n");
 220                                 return 0;
 221                                 }
 222
 223                         FIPS_digestinit(&mctx, digest);
 224                         FIPS_digestupdate(&mctx, msg, mlen);
 225                         no_err = 1;
 226                         rv = FIPS_ecdsa_verify_ctx(key, &mctx, sig);
 227                         no_err = 0;
 228
 229                         printf("Result = %s\n", rv ? "P":"F");
 230                         }
 231
 232                 }
 233         return 1;
 234         }
 235
 236 int main(int argc, char **argv)
 237         {
 238         const char *cmd = argv[1];
 239         fips_set_error_print();
 240         if (!cmd)
 241                 {
 242                 fprintf(stderr, "fips_ecdsavs [PKV|SigVer]\n");
 243                 return 1;
 244                 }
 245         if (!strcmp(cmd, "PKV"))
 246                 {
 247                 if (PKV() <= 0)
 248                         goto err;
 249                 }
 250         if (!strcmp(cmd, "SigVer"))
 251                 {
 252                 if (SigVer() <= 0)
 253                         goto err;
 254                 }
 255         return 0;
 256         err:
 257         fprintf(stderr, "Error running %s\n", cmd);
 258         return 1;
 259         }
 260
 261 #endif