+
+#define OPENSSL_FIPSAPI
#include <openssl/opensslconf.h>
#ifndef OPENSSL_FIPS
}
#else
-#define OPENSSL_FIPSAPI
-
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/fips.h>
#include "fips_utl.h"
+static int parse_mod(char *line, int *pdsa2, int *pL, int *pN,
+ const EVP_MD **pmd)
+ {
+ char lbuf[10240];
+ char *keyword, *value;
+
+ char *p;
+ p = strchr(line, ',');
+ if (!p)
+ {
+ *pL = atoi(line);
+ *pdsa2 = 0;
+ *pN = 160;
+ if (pmd)
+ *pmd = EVP_sha1();
+ return 1;
+ }
+ *pdsa2 = 1;
+ *p = 0;
+ if (!parse_line(&keyword, &value, lbuf, line))
+ return 0;
+ if (strcmp(keyword, "L"))
+ return 0;
+ *pL = atoi(value);
+ strcpy(line, p + 1);
+ if (pmd)
+ p = strchr(line, ',');
+ else
+ p = strchr(line, ']');
+ if (!p)
+ return 0;
+ *p = 0;
+ if (!parse_line(&keyword, &value, lbuf, line))
+ return 0;
+ if (strcmp(keyword, "N"))
+ return 0;
+ *pN = atoi(value);
+ if (!pmd)
+ return 1;
+ strcpy(line, p + 1);
+ p = strchr(line, ']');
+ if (!p)
+ return 0;
+ *p = 0;
+ p = line;
+ while(isspace(*p))
+ p++;
+ if (!strcmp(p, "SHA-1"))
+ *pmd = EVP_sha1();
+ else if (!strcmp(p, "SHA-224"))
+ *pmd = EVP_sha224();
+ else if (!strcmp(p, "SHA-256"))
+ *pmd = EVP_sha256();
+ else if (!strcmp(p, "SHA-384"))
+ *pmd = EVP_sha384();
+ else if (!strcmp(p, "SHA-512"))
+ *pmd = EVP_sha512();
+ else
+ return 0;
+ return 1;
+ }
+
+
+
static void pbn(const char *name, BIGNUM *bn)
{
int len, i;
const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
unsigned char *seed_out,
int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
+int dsa_builtin_paramgen2(DSA *ret, size_t bits, size_t qbits,
+ const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
+ unsigned char *seed_out,
+ int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
static void pqg()
{
char buf[1024];
char lbuf[1024];
char *keyword, *value;
- int nmod=0;
+ int dsa2, L, N;
+ const EVP_MD *md = NULL;
while(fgets(buf,sizeof buf,stdin) != NULL)
{
continue;
}
if(!strcmp(keyword,"[mod"))
- nmod=atoi(value);
+ {
+ fputs(buf,stdout);
+ if (!parse_mod(value, &dsa2, &L, &N, &md))
+ {
+ fprintf(stderr, "Mod Parse Error\n");
+ exit (1);
+ }
+ }
else if(!strcmp(keyword,"N"))
{
int n=atoi(value);
- printf("[mod = %d]\n\n",nmod);
-
while(n--)
{
unsigned char seed[EVP_MAX_MD_SIZE];
unsigned long h;
dsa = FIPS_dsa_new();
- if (!dsa_builtin_paramgen(dsa, nmod, 160, NULL, NULL, 0,
- seed,&counter,&h,NULL))
+ if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md,
+ NULL, 0, seed,
+ &counter, &h, NULL))
+ {
+ fprintf(stderr, "Parameter Generation error\n");
exit(1);
+ }
+ if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md,
+ NULL, 0, seed,
+ &counter, &h, NULL) <= 0)
+ {
+ fprintf(stderr, "Parameter Generation error\n");
+ exit(1);
+ }
+
pbn("P",dsa->p);
pbn("Q",dsa->q);
pbn("G",dsa->g);
- pv("Seed",seed,20);
+ pv("Seed",seed, M_EVP_MD_size(md));
printf("c = %d\n",counter);
printf("H = %lx\n",h);
putc('\n',stdout);
char lbuf[1024];
char *keyword, *value;
BIGNUM *p = NULL, *q = NULL, *g = NULL;
- int counter, counter2;
- unsigned long h, h2;
+ int counter=-1, counter2;
+ unsigned long h=-1, h2;
DSA *dsa=NULL;
- int nmod=0;
+ int dsa2, L, N, part_test = 0;
+ const EVP_MD *md = NULL;
+ int seedlen=-1;
unsigned char seed[1024];
while(fgets(buf,sizeof buf,stdin) != NULL)
{
if (!parse_line(&keyword, &value, lbuf, buf))
{
+ if (p && q)
+ {
+ part_test = 1;
+ goto partial;
+ }
fputs(buf,stdout);
continue;
}
fputs(buf, stdout);
if(!strcmp(keyword,"[mod"))
- nmod=atoi(value);
+ {
+ if (!parse_mod(value, &dsa2, &L, &N, &md))
+ {
+ fprintf(stderr, "Mod Parse Error\n");
+ exit (1);
+ }
+ }
else if(!strcmp(keyword,"P"))
p=hex2bn(value);
else if(!strcmp(keyword,"Q"))
g=hex2bn(value);
else if(!strcmp(keyword,"Seed"))
{
- int slen = hex2bin(value, seed);
- if (slen != 20)
+ seedlen = hex2bin(value, seed);
+ if (!dsa2 && seedlen != 20)
{
fprintf(stderr, "Seed parse length error\n");
exit (1);
}
else if(!strcmp(keyword,"c"))
counter =atoi(buf+4);
- else if(!strcmp(keyword,"H"))
+ partial:
+ if(!strcmp(keyword,"H") || part_test)
{
- h = atoi(value);
- if (!p || !q || !g)
+ if (!part_test)
+ h = atoi(value);
+ if (!p || !q || (!g && !part_test))
{
fprintf(stderr, "Parse Error\n");
exit (1);
}
dsa = FIPS_dsa_new();
- if (!DSA_generate_parameters_ex(dsa, nmod,seed,20 ,&counter2,&h2,NULL))
+ if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md,
+ seed, seedlen, NULL,
+ &counter2, &h2, NULL))
+ {
+ fprintf(stderr, "Parameter Generation error\n");
+ exit(1);
+ }
+ if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md,
+ seed, seedlen, NULL,
+ &counter2, &h2, NULL) < 0)
+ {
+ fprintf(stderr, "Parameter Generation error\n");
exit(1);
- if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) || BN_cmp(dsa->g, g)
- || (counter != counter2) || (h != h2))
+ }
+ if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) ||
+ (!part_test &&
+ ((BN_cmp(dsa->g, g) || (counter != counter2) || (h != h2)))))
printf("Result = F\n");
else
printf("Result = P\n");
g = NULL;
FIPS_dsa_free(dsa);
dsa = NULL;
+ if (part_test)
+ {
+ fputs(buf,stdout);
+ part_test = 0;
+ }
}
}
}
* output of the KeyPair test.
*/
-static int dss_paramcheck(int nmod, BIGNUM *p, BIGNUM *q, BIGNUM *g,
+static int dss_paramcheck(int L, int N, BIGNUM *p, BIGNUM *q, BIGNUM *g,
BN_CTX *ctx)
{
BIGNUM *rem = NULL;
- if (BN_num_bits(p) != nmod)
+ if (BN_num_bits(p) != L)
return 0;
- if (BN_num_bits(q) != 160)
+ if (BN_num_bits(q) != N)
return 0;
if (BN_is_prime_ex(p, BN_prime_checks, ctx, NULL) != 1)
return 0;
BIGNUM *p = NULL, *q = NULL, *g = NULL, *X = NULL, *Y = NULL;
BIGNUM *Y2;
BN_CTX *ctx = NULL;
- int nmod=0, paramcheck = 0;
+ int dsa2, L, N;
+ int paramcheck = 0;
ctx = BN_CTX_new();
Y2 = BN_new();
BN_free(g);
g = NULL;
paramcheck = 0;
- nmod=atoi(value);
+ if (!parse_mod(value, &dsa2, &L, &N, NULL))
+ {
+ fprintf(stderr, "Mod Parse Error\n");
+ exit (1);
+ }
}
else if(!strcmp(keyword,"P"))
p=hex2bn(value);
pbn("Y",Y);
if (!paramcheck)
{
- if (dss_paramcheck(nmod, p, q, g, ctx))
+ if (dss_paramcheck(L, N, p, q, g, ctx))
paramcheck = 1;
else
paramcheck = -1;
char buf[1024];
char lbuf[1024];
char *keyword, *value;
- int nmod=0;
+ int dsa2, L, N;
while(fgets(buf,sizeof buf,stdin) != NULL)
{
if (!parse_line(&keyword, &value, lbuf, buf))
{
- fputs(buf,stdout);
continue;
}
if(!strcmp(keyword,"[mod"))
- nmod=atoi(value);
+ {
+ if (!parse_mod(value, &dsa2, &L, &N, NULL))
+ {
+ fprintf(stderr, "Mod Parse Error\n");
+ exit (1);
+ }
+ fputs(buf,stdout);
+ }
else if(!strcmp(keyword,"N"))
{
DSA *dsa;
int n=atoi(value);
- printf("[mod = %d]\n\n",nmod);
dsa = FIPS_dsa_new();
- if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL))
- exit(1);
+ if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, NULL, NULL, 0,
+ NULL, NULL, NULL, NULL))
+ {
+ fprintf(stderr, "Parameter Generation error\n");
+ exit(1);
+ }
+ if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, NULL, NULL, 0,
+ NULL, NULL, NULL, NULL) <= 0)
+ {
+ fprintf(stderr, "Parameter Generation error\n");
+ exit(1);
+ }
pbn("P",dsa->p);
pbn("Q",dsa->q);
pbn("G",dsa->g);
char buf[1024];
char lbuf[1024];
char *keyword, *value;
- int nmod=0;
+ int dsa2, L, N;
+ const EVP_MD *md = NULL;
DSA *dsa=NULL;
while(fgets(buf,sizeof buf,stdin) != NULL)
fputs(buf,stdout);
continue;
}
+ fputs(buf,stdout);
if(!strcmp(keyword,"[mod"))
{
- nmod=atoi(value);
- printf("[mod = %d]\n\n",nmod);
+ if (!parse_mod(value, &dsa2, &L, &N, &md))
+ {
+ fprintf(stderr, "Mod Parse Error\n");
+ exit (1);
+ }
if (dsa)
FIPS_dsa_free(dsa);
dsa = FIPS_dsa_new();
- if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL))
- exit(1);
+ if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md, NULL, 0,
+ NULL, NULL, NULL, NULL))
+ {
+ fprintf(stderr, "Parameter Generation error\n");
+ exit(1);
+ }
+ if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md, NULL, 0,
+ NULL, NULL, NULL, NULL) <= 0)
+ {
+ fprintf(stderr, "Parameter Generation error\n");
+ exit(1);
+ }
pbn("P",dsa->p);
pbn("Q",dsa->q);
pbn("G",dsa->g);
int n;
EVP_MD_CTX mctx;
DSA_SIG *sig;
- EVP_MD_CTX_init(&mctx);
+ FIPS_md_ctx_init(&mctx);
n=hex2bin(value,msg);
- pv("Msg",msg,n);
if (!DSA_generate_key(dsa))
exit(1);
pbn("Y",dsa->pub_key);
- EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL);
- EVP_DigestUpdate(&mctx, msg, n);
+ FIPS_digestinit(&mctx, md);
+ FIPS_digestupdate(&mctx, msg, n);
sig = FIPS_dsa_sign_ctx(dsa, &mctx);
pbn("R",sig->r);
pbn("S",sig->s);
putc('\n',stdout);
- DSA_SIG_free(sig);
- EVP_MD_CTX_cleanup(&mctx);
+ FIPS_dsa_sig_free(sig);
+ FIPS_md_ctx_cleanup(&mctx);
}
}
if (dsa)
char lbuf[1024];
unsigned char msg[1024];
char *keyword, *value;
- int nmod=0, n=0;
+ int n=0;
+ int dsa2, L, N;
+ const EVP_MD *md = NULL;
DSA_SIG sg, *sig = &sg;
sig->r = NULL;
fputs(buf,stdout);
continue;
}
+ fputs(buf,stdout);
if(!strcmp(keyword,"[mod"))
{
- nmod=atoi(value);
- if(dsa)
+ if (!parse_mod(value, &dsa2, &L, &N, &md))
+ {
+ fprintf(stderr, "Mod Parse Error\n");
+ exit (1);
+ }
+ if (dsa)
FIPS_dsa_free(dsa);
- dsa=FIPS_dsa_new();
+ dsa = FIPS_dsa_new();
}
else if(!strcmp(keyword,"P"))
dsa->p=hex2bn(value);
else if(!strcmp(keyword,"Q"))
dsa->q=hex2bn(value);
else if(!strcmp(keyword,"G"))
- {
dsa->g=hex2bn(value);
-
- printf("[mod = %d]\n\n",nmod);
- pbn("P",dsa->p);
- pbn("Q",dsa->q);
- pbn("G",dsa->g);
- putc('\n',stdout);
- }
else if(!strcmp(keyword,"Msg"))
- {
n=hex2bin(value,msg);
- pv("Msg",msg,n);
- }
else if(!strcmp(keyword,"Y"))
dsa->pub_key=hex2bn(value);
else if(!strcmp(keyword,"R"))
{
EVP_MD_CTX mctx;
int r;
- EVP_MD_CTX_init(&mctx);
+ FIPS_md_ctx_init(&mctx);
sig->s=hex2bn(value);
-
- pbn("Y",dsa->pub_key);
- pbn("R",sig->r);
- pbn("S",sig->s);
- EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL);
- EVP_DigestUpdate(&mctx, msg, n);
+
+ FIPS_digestinit(&mctx, md);
+ FIPS_digestupdate(&mctx, msg, n);
no_err = 1;
r = FIPS_dsa_verify_ctx(dsa, &mctx, sig);
no_err = 0;
- EVP_MD_CTX_cleanup(&mctx);
+ FIPS_md_ctx_cleanup(&mctx);
printf("Result = %c\n", r == 1 ? 'P' : 'F');
putc('\n',stdout);
{
if(argc != 2)
{
- fprintf(stderr,"%s [prime|pqg|pqgver|keypair|siggen|sigver]\n",argv[0]);
+ fprintf(stderr,"%s [prime|pqg|pqgver|keypair|keyver|siggen|sigver]\n",argv[0]);
exit(1);
}
fips_set_error_print();