add ECDSA POST

[openssl.git] / fips / ecdsa / fips_ecdsa_selftest.c

diff --git a/fips/ecdsa/fips_ecdsa_selftest.c b/fips/ecdsa/fips_ecdsa_selftest.c
new file mode 100644 (file)
index 0000000..50e0a8b
--- /dev/null
+++ b/fips/ecdsa/fips_ecdsa_selftest.c
@@ -0,0 +1,71 @@
+/* fips/ecdsa/fips_ecdsa_selftest.c */
+
+#define OPENSSL_FIPSAPI
+
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/ec.h>
+#include <openssl/ecdsa.h>
+#include <openssl/fips.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+
+#ifdef OPENSSL_FIPS
+
+static const unsigned char str1[]="12345678901234567890";
+
+static int corrupt_ecdsa = 0;
+
+void FIPS_corrupt_ecdsa()
+    {
+    corrupt_ecdsa = 1;
+    }
+
+int FIPS_selftest_ecdsa()
+    {
+    EC_KEY *ec=NULL;
+    int ret = 0;
+    EVP_MD_CTX mctx;
+    ECDSA_SIG *esig = NULL;
+
+    FIPS_md_ctx_init(&mctx);
+
+    ec = EC_KEY_new_by_curve_name(NID_secp384r1);
+
+    if(ec == NULL)
+       goto err;
+
+    EC_KEY_generate_key(ec);
+
+    if (!FIPS_digestinit(&mctx, EVP_sha512()))
+       goto err;
+    if (!FIPS_digestupdate(&mctx, str1, 20))
+       goto err;
+    esig = FIPS_ecdsa_sign_ctx(ec, &mctx);
+    if (!esig)
+       goto err;
+
+    if (corrupt_ecdsa)
+       BN_add_word(esig->r, 1);
+
+    if (!FIPS_digestinit(&mctx, EVP_sha512()))
+       goto err;
+    if (!FIPS_digestupdate(&mctx, str1, 20))
+       goto err;
+    if (FIPS_ecdsa_verify_ctx(ec, &mctx, esig) != 1)
+       goto err;
+
+    ret = 1;
+
+    err:
+    FIPS_md_ctx_cleanup(&mctx);
+    if (ec)
+       EC_KEY_free(ec);
+    if (esig)
+       FIPS_ecdsa_sig_free(esig);
+    if (ret == 0)
+           FIPSerr(FIPS_F_FIPS_SELFTEST_ECDSA,FIPS_R_SELFTEST_FAILED);
+    return ret;
+    }
+#endif