2 #define OPENSSL_FIPSAPI
3 #include <openssl/opensslconf.h>
8 int main(int argc, char **argv)
10 printf("No FIPS DSA support\n");
15 #include <openssl/bn.h>
16 #include <openssl/dsa.h>
17 #include <openssl/fips.h>
18 #include <openssl/err.h>
19 #include <openssl/evp.h>
25 static int parse_mod(char *line, int *pdsa2, int *pL, int *pN,
29 char *keyword, *value;
32 p = strchr(line, ',');
44 if (!parse_line2(&keyword, &value, lbuf, line, 0))
46 if (strcmp(keyword, "L"))
51 p = strchr(line, ',');
53 p = strchr(line, ']');
57 if (!parse_line2(&keyword, &value, lbuf, line, 0))
59 if (strcmp(keyword, "N"))
65 p = strchr(line, ']');
72 if (!strcmp(p, "SHA-1"))
74 else if (!strcmp(p, "SHA-224"))
76 else if (!strcmp(p, "SHA-256"))
78 else if (!strcmp(p, "SHA-384"))
80 else if (!strcmp(p, "SHA-512"))
87 static void primes(FILE *in, FILE *out)
91 char *keyword, *value;
93 while(fgets(buf,sizeof buf,in) != NULL)
96 if (!parse_line(&keyword, &value, lbuf, buf))
98 if(!strcmp(keyword,"Prime"))
103 do_hex2bn(&pp,value);
104 fprintf(out, "result= %c\n",
105 BN_is_prime_ex(pp,20,NULL,NULL) ? 'P' : 'F');
110 int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
111 const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
112 unsigned char *seed_out,
113 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
114 int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
115 const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
116 int idx, unsigned char *seed_out,
117 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
119 static void pqg(FILE *in, FILE *out)
123 char *keyword, *value;
125 const EVP_MD *md = NULL;
126 BIGNUM *p = NULL, *q = NULL;
127 enum pqtype { PQG_NONE, PQG_PQ, PQG_G, PQG_GCANON}
129 int seedlen=-1, idxlen, idx = -1;
130 unsigned char seed[1024], idtmp[1024];
132 while(fgets(buf,sizeof buf,in) != NULL)
136 if (strstr(buf, "Probable"))
138 else if (strstr(buf, "Unverifiable"))
140 else if (strstr(buf, "Canonical"))
141 pqg_type = PQG_GCANON;
143 if (!parse_line(&keyword, &value, lbuf, buf))
149 if(!strcmp(keyword,"[mod"))
151 if (!parse_mod(value, &dsa2, &L, &N, &md))
153 fprintf(stderr, "Mod Parse Error\n");
157 else if(!strcmp(keyword,"N")
158 || (!strcmp(keyword, "Num") && pqg_type == PQG_PQ))
167 dsa = FIPS_dsa_new();
169 if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md,
173 fprintf(stderr, "Parameter Generation error\n");
176 if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md,
178 &counter, &h, NULL) <= 0)
180 fprintf(stderr, "Parameter Generation error\n");
184 do_bn_print_name(out, "P",dsa->p);
185 do_bn_print_name(out, "Q",dsa->q);
187 do_bn_print_name(out, "G",dsa->g);
188 OutputValue(dsa2 ? "domain_parameter_seed" : "Seed",
189 seed, M_EVP_MD_size(md), out, 0);
192 fprintf(out, "c = %d\n",counter);
193 fprintf(out, "H = %lx\n\n",h);
199 else if(!strcmp(keyword,"P"))
201 else if(!strcmp(keyword,"Q"))
203 else if(!strcmp(keyword,"domain_parameter_seed"))
204 seedlen = hex2bin(value, seed);
205 else if(!strcmp(keyword,"index"))
207 idxlen = hex2bin(value, idtmp);
210 fprintf(stderr, "Index value error\n");
215 if ((idx >= 0 && pqg_type == PQG_GCANON) || (q && pqg_type == PQG_G))
218 dsa = FIPS_dsa_new();
222 if (dsa_builtin_paramgen2(dsa, L, N, md,
223 seed, seedlen, idx, NULL,
224 NULL, NULL, NULL) <= 0)
226 fprintf(stderr, "Parameter Generation error\n");
229 do_bn_print_name(out, "G",dsa->g);
236 static void pqgver(FILE *in, FILE *out)
240 char *keyword, *value;
241 BIGNUM *p = NULL, *q = NULL, *g = NULL;
242 int counter=-1, counter2;
243 unsigned long h=0, h2;
245 int dsa2, L, N, part_test = 0;
246 const EVP_MD *md = NULL;
247 int seedlen=-1, idxlen, idx = -1;
248 unsigned char seed[1024], idtmp[1024];
250 while(fgets(buf,sizeof buf,in) != NULL)
252 if (!parse_line(&keyword, &value, lbuf, buf))
263 if(!strcmp(keyword,"[mod"))
265 if (!parse_mod(value, &dsa2, &L, &N, &md))
267 fprintf(stderr, "Mod Parse Error\n");
271 else if(!strcmp(keyword,"P"))
273 else if(!strcmp(keyword,"Q"))
275 else if(!strcmp(keyword,"G"))
277 else if(!strcmp(keyword,"Seed")
278 || !strcmp(keyword,"domain_parameter_seed"))
280 seedlen = hex2bin(value, seed);
281 if (!dsa2 && seedlen != 20)
283 fprintf(stderr, "Seed parse length error\n");
289 else if(!strcmp(keyword,"index"))
291 idxlen = hex2bin(value, idtmp);
294 fprintf(stderr, "Index value error\n");
299 else if(!strcmp(keyword,"c"))
300 counter = atoi(buf+4);
302 if(!strcmp(keyword,"H") || part_test)
306 if (!p || !q || (!g && !part_test))
308 fprintf(stderr, "Parse Error\n");
311 dsa = FIPS_dsa_new();
318 if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md,
320 &counter2, &h2, NULL))
322 fprintf(stderr, "Parameter Generation error\n");
325 if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md,
326 seed, seedlen, idx, NULL,
327 &counter2, &h2, NULL) < 0)
329 fprintf(stderr, "Parameter Generation error\n");
335 if (BN_cmp(dsa->g, g))
336 fprintf(out, "Result = F\n");
338 fprintf(out, "Result = P\n");
340 else if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) ||
342 ((BN_cmp(dsa->g, g) || (counter != counter2) || (h != h2)))))
343 fprintf(out, "Result = F\n");
345 fprintf(out, "Result = P\n");
365 /* Keypair verification routine. NB: this isn't part of the standard FIPS140-2
366 * algorithm tests. It is an additional test to perform sanity checks on the
367 * output of the KeyPair test.
370 static int dss_paramcheck(int L, int N, BIGNUM *p, BIGNUM *q, BIGNUM *g,
374 if (BN_num_bits(p) != L)
376 if (BN_num_bits(q) != N)
378 if (BN_is_prime_ex(p, BN_prime_checks, ctx, NULL) != 1)
380 if (BN_is_prime_ex(q, BN_prime_checks, ctx, NULL) != 1)
383 if (!BN_mod(rem, p, q, ctx) || !BN_is_one(rem)
384 || (BN_cmp(g, BN_value_one()) <= 0)
385 || !BN_mod_exp(rem, g, q, p, ctx) || !BN_is_one(rem))
395 static void keyver(FILE *in, FILE *out)
399 char *keyword, *value;
400 BIGNUM *p = NULL, *q = NULL, *g = NULL, *X = NULL, *Y = NULL;
409 while(fgets(buf,sizeof buf,in) != NULL)
411 if (!parse_line(&keyword, &value, lbuf, buf))
416 if(!strcmp(keyword,"[mod"))
428 if (!parse_mod(value, &dsa2, &L, &N, NULL))
430 fprintf(stderr, "Mod Parse Error\n");
434 else if(!strcmp(keyword,"P"))
436 else if(!strcmp(keyword,"Q"))
438 else if(!strcmp(keyword,"G"))
440 else if(!strcmp(keyword,"X"))
442 else if(!strcmp(keyword,"Y"))
445 if (!p || !q || !g || !X || !Y)
447 fprintf(stderr, "Parse Error\n");
450 do_bn_print_name(out, "P",p);
451 do_bn_print_name(out, "Q",q);
452 do_bn_print_name(out, "G",g);
453 do_bn_print_name(out, "X",X);
454 do_bn_print_name(out, "Y",Y);
457 if (dss_paramcheck(L, N, p, q, g, ctx))
463 fprintf(out, "Result = F\n");
466 if (!BN_mod_exp(Y2, g, X, p, ctx) || BN_cmp(Y2, Y))
467 fprintf(out, "Result = F\n");
469 fprintf(out, "Result = P\n");
487 static void keypair(FILE *in, FILE *out)
491 char *keyword, *value;
494 while(fgets(buf,sizeof buf,in) != NULL)
496 if (!parse_line(&keyword, &value, lbuf, buf))
500 if(!strcmp(keyword,"[mod"))
502 if (!parse_mod(value, &dsa2, &L, &N, NULL))
504 fprintf(stderr, "Mod Parse Error\n");
509 else if(!strcmp(keyword,"N"))
514 dsa = FIPS_dsa_new();
515 if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, NULL, NULL, 0,
516 NULL, NULL, NULL, NULL))
518 fprintf(stderr, "Parameter Generation error\n");
521 if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, NULL, NULL, 0, -1,
522 NULL, NULL, NULL, NULL) <= 0)
524 fprintf(stderr, "Parameter Generation error\n");
527 do_bn_print_name(out, "P",dsa->p);
528 do_bn_print_name(out, "Q",dsa->q);
529 do_bn_print_name(out, "G",dsa->g);
534 if (!DSA_generate_key(dsa))
537 do_bn_print_name(out, "X",dsa->priv_key);
538 do_bn_print_name(out, "Y",dsa->pub_key);
545 static void siggen(FILE *in, FILE *out)
549 char *keyword, *value;
551 const EVP_MD *md = NULL;
554 while(fgets(buf,sizeof buf,in) != NULL)
556 if (!parse_line(&keyword, &value, lbuf, buf))
562 if(!strcmp(keyword,"[mod"))
564 if (!parse_mod(value, &dsa2, &L, &N, &md))
566 fprintf(stderr, "Mod Parse Error\n");
571 dsa = FIPS_dsa_new();
572 if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md, NULL, 0,
573 NULL, NULL, NULL, NULL))
575 fprintf(stderr, "Parameter Generation error\n");
578 if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md, NULL, 0, -1,
579 NULL, NULL, NULL, NULL) <= 0)
581 fprintf(stderr, "Parameter Generation error\n");
584 do_bn_print_name(out, "P",dsa->p);
585 do_bn_print_name(out, "Q",dsa->q);
586 do_bn_print_name(out, "G",dsa->g);
589 else if(!strcmp(keyword,"Msg"))
591 unsigned char msg[1024];
595 FIPS_md_ctx_init(&mctx);
597 n=hex2bin(value,msg);
599 if (!DSA_generate_key(dsa))
601 do_bn_print_name(out, "Y",dsa->pub_key);
603 FIPS_digestinit(&mctx, md);
604 FIPS_digestupdate(&mctx, msg, n);
605 sig = FIPS_dsa_sign_ctx(dsa, &mctx);
607 do_bn_print_name(out, "R",sig->r);
608 do_bn_print_name(out, "S",sig->s);
610 FIPS_dsa_sig_free(sig);
611 FIPS_md_ctx_cleanup(&mctx);
618 static void sigver(FILE *in, FILE *out)
623 unsigned char msg[1024];
624 char *keyword, *value;
627 const EVP_MD *md = NULL;
628 DSA_SIG sg, *sig = &sg;
633 while(fgets(buf,sizeof buf,in) != NULL)
635 if (!parse_line(&keyword, &value, lbuf, buf))
641 if(!strcmp(keyword,"[mod"))
643 if (!parse_mod(value, &dsa2, &L, &N, &md))
645 fprintf(stderr, "Mod Parse Error\n");
650 dsa = FIPS_dsa_new();
652 else if(!strcmp(keyword,"P"))
653 dsa->p=hex2bn(value);
654 else if(!strcmp(keyword,"Q"))
655 dsa->q=hex2bn(value);
656 else if(!strcmp(keyword,"G"))
657 dsa->g=hex2bn(value);
658 else if(!strcmp(keyword,"Msg"))
659 n=hex2bin(value,msg);
660 else if(!strcmp(keyword,"Y"))
661 dsa->pub_key=hex2bn(value);
662 else if(!strcmp(keyword,"R"))
663 sig->r=hex2bn(value);
664 else if(!strcmp(keyword,"S"))
668 FIPS_md_ctx_init(&mctx);
669 sig->s=hex2bn(value);
671 FIPS_digestinit(&mctx, md);
672 FIPS_digestupdate(&mctx, msg, n);
674 r = FIPS_dsa_verify_ctx(dsa, &mctx, sig);
676 FIPS_md_ctx_cleanup(&mctx);
678 fprintf(out, "Result = %c\n\n", r == 1 ? 'P' : 'F');
683 int main(int argc,char **argv)
688 in = fopen(argv[2], "r");
691 fprintf(stderr, "Error opening input file\n");
694 out = fopen(argv[3], "w");
697 fprintf(stderr, "Error opening output file\n");
708 fprintf(stderr,"%s [prime|pqg|pqgver|keypair|keyver|siggen|sigver]\n",argv[0]);
712 if(!strcmp(argv[1],"prime"))
714 else if(!strcmp(argv[1],"pqg"))
716 else if(!strcmp(argv[1],"pqgver"))
718 else if(!strcmp(argv[1],"keypair"))
720 else if(!strcmp(argv[1],"keyver"))
722 else if(!strcmp(argv[1],"siggen"))
724 else if(!strcmp(argv[1],"sigver"))
728 fprintf(stderr,"Don't know how to %s.\n",argv[1]);