2 #define OPENSSL_FIPSAPI
3 #include <openssl/opensslconf.h>
8 int main(int argc, char **argv)
10 printf("No FIPS DSA support\n");
15 #include <openssl/bn.h>
16 #include <openssl/dsa.h>
17 #include <openssl/fips.h>
18 #include <openssl/err.h>
19 #include <openssl/evp.h>
25 static int parse_mod(char *line, int *pdsa2, int *pL, int *pN,
29 char *keyword, *value;
32 p = strchr(line, ',');
43 if (!parse_line(&keyword, &value, lbuf, line))
45 if (strcmp(keyword, "L"))
49 p = strchr(line, ',');
53 if (!parse_line(&keyword, &value, lbuf, line))
55 if (strcmp(keyword, "N"))
59 p = strchr(line, ']');
66 if (!strcmp(p, "SHA-1"))
68 else if (!strcmp(p, "SHA-224"))
70 else if (!strcmp(p, "SHA-256"))
72 else if (!strcmp(p, "SHA-384"))
74 else if (!strcmp(p, "SHA-512"))
83 static void pbn(const char *name, BIGNUM *bn)
87 len = BN_num_bytes(bn);
88 tmp = OPENSSL_malloc(len);
91 fprintf(stderr, "Memory allocation error\n");
95 printf("%s = ", name);
96 for (i = 0; i < len; i++)
97 printf("%02X", tmp[i]);
107 char *keyword, *value;
109 while(fgets(buf,sizeof buf,stdin) != NULL)
112 if (!parse_line(&keyword, &value, lbuf, buf))
114 if(!strcmp(keyword,"Prime"))
119 do_hex2bn(&pp,value);
120 printf("result= %c\n",
121 BN_is_prime_ex(pp,20,NULL,NULL) ? 'P' : 'F');
126 int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
127 const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
128 unsigned char *seed_out,
129 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
130 int dsa_builtin_paramgen2(DSA *ret, size_t bits, size_t qbits,
131 const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
132 unsigned char *seed_out,
133 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
139 char *keyword, *value;
142 while(fgets(buf,sizeof buf,stdin) != NULL)
144 if (!parse_line(&keyword, &value, lbuf, buf))
149 if(!strcmp(keyword,"[mod"))
153 else if(!strcmp(keyword,"N"))
157 printf("[mod = %d]\n\n",nmod);
161 unsigned char seed[EVP_MAX_MD_SIZE];
165 dsa = FIPS_dsa_new();
167 if (!dsa_builtin_paramgen(dsa, nmod, 160, NULL, NULL, 0,
168 seed,&counter,&h,NULL))
174 printf("c = %d\n",counter);
175 printf("H = %lx\n",h);
188 char *keyword, *value;
189 BIGNUM *p = NULL, *q = NULL, *g = NULL;
190 int counter, counter2;
194 const EVP_MD *md = NULL;
196 unsigned char seed[1024];
198 while(fgets(buf,sizeof buf,stdin) != NULL)
200 if (!parse_line(&keyword, &value, lbuf, buf))
206 if(!strcmp(keyword,"[mod"))
208 if (!parse_mod(value, &dsa2, &L, &N, &md))
210 fprintf(stderr, "Mod Parse Error\n");
214 else if(!strcmp(keyword,"P"))
216 else if(!strcmp(keyword,"Q"))
218 else if(!strcmp(keyword,"G"))
220 else if(!strcmp(keyword,"Seed"))
222 seedlen = hex2bin(value, seed);
223 if (!dsa2 && seedlen != 20)
225 fprintf(stderr, "Seed parse length error\n");
229 else if(!strcmp(keyword,"c"))
230 counter =atoi(buf+4);
231 else if(!strcmp(keyword,"H"))
236 fprintf(stderr, "Parse Error\n");
239 dsa = FIPS_dsa_new();
240 if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md,
242 &counter2, &h2, NULL))
244 fprintf(stderr, "Parameter Generation error\n");
247 if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md,
249 &counter2, &h2, NULL) < 0)
251 fprintf(stderr, "Parameter Generation error\n");
254 if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) || BN_cmp(dsa->g, g)
255 || (counter != counter2) || (h != h2))
256 printf("Result = F\n");
258 printf("Result = P\n");
271 /* Keypair verification routine. NB: this isn't part of the standard FIPS140-2
272 * algorithm tests. It is an additional test to perform sanity checks on the
273 * output of the KeyPair test.
276 static int dss_paramcheck(int nmod, BIGNUM *p, BIGNUM *q, BIGNUM *g,
280 if (BN_num_bits(p) != nmod)
282 if (BN_num_bits(q) != 160)
284 if (BN_is_prime_ex(p, BN_prime_checks, ctx, NULL) != 1)
286 if (BN_is_prime_ex(q, BN_prime_checks, ctx, NULL) != 1)
289 if (!BN_mod(rem, p, q, ctx) || !BN_is_one(rem)
290 || (BN_cmp(g, BN_value_one()) <= 0)
291 || !BN_mod_exp(rem, g, q, p, ctx) || !BN_is_one(rem))
305 char *keyword, *value;
306 BIGNUM *p = NULL, *q = NULL, *g = NULL, *X = NULL, *Y = NULL;
309 int nmod=0, paramcheck = 0;
314 while(fgets(buf,sizeof buf,stdin) != NULL)
316 if (!parse_line(&keyword, &value, lbuf, buf))
321 if(!strcmp(keyword,"[mod"))
335 else if(!strcmp(keyword,"P"))
337 else if(!strcmp(keyword,"Q"))
339 else if(!strcmp(keyword,"G"))
341 else if(!strcmp(keyword,"X"))
343 else if(!strcmp(keyword,"Y"))
346 if (!p || !q || !g || !X || !Y)
348 fprintf(stderr, "Parse Error\n");
358 if (dss_paramcheck(nmod, p, q, g, ctx))
364 printf("Result = F\n");
367 if (!BN_mod_exp(Y2, g, X, p, ctx) || BN_cmp(Y2, Y))
368 printf("Result = F\n");
370 printf("Result = P\n");
388 static void keypair()
392 char *keyword, *value;
395 while(fgets(buf,sizeof buf,stdin) != NULL)
397 if (!parse_line(&keyword, &value, lbuf, buf))
402 if(!strcmp(keyword,"[mod"))
404 else if(!strcmp(keyword,"N"))
409 printf("[mod = %d]\n\n",nmod);
410 dsa = FIPS_dsa_new();
411 if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL))
420 if (!DSA_generate_key(dsa))
423 pbn("X",dsa->priv_key);
424 pbn("Y",dsa->pub_key);
435 char *keyword, *value;
439 while(fgets(buf,sizeof buf,stdin) != NULL)
441 if (!parse_line(&keyword, &value, lbuf, buf))
446 if(!strcmp(keyword,"[mod"))
449 printf("[mod = %d]\n\n",nmod);
452 dsa = FIPS_dsa_new();
453 if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL))
460 else if(!strcmp(keyword,"Msg"))
462 unsigned char msg[1024];
466 EVP_MD_CTX_init(&mctx);
468 n=hex2bin(value,msg);
471 if (!DSA_generate_key(dsa))
473 pbn("Y",dsa->pub_key);
475 EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL);
476 EVP_DigestUpdate(&mctx, msg, n);
477 sig = FIPS_dsa_sign_ctx(dsa, &mctx);
483 EVP_MD_CTX_cleanup(&mctx);
495 unsigned char msg[1024];
496 char *keyword, *value;
498 DSA_SIG sg, *sig = &sg;
503 while(fgets(buf,sizeof buf,stdin) != NULL)
505 if (!parse_line(&keyword, &value, lbuf, buf))
510 if(!strcmp(keyword,"[mod"))
517 else if(!strcmp(keyword,"P"))
518 dsa->p=hex2bn(value);
519 else if(!strcmp(keyword,"Q"))
520 dsa->q=hex2bn(value);
521 else if(!strcmp(keyword,"G"))
523 dsa->g=hex2bn(value);
525 printf("[mod = %d]\n\n",nmod);
531 else if(!strcmp(keyword,"Msg"))
533 n=hex2bin(value,msg);
536 else if(!strcmp(keyword,"Y"))
537 dsa->pub_key=hex2bn(value);
538 else if(!strcmp(keyword,"R"))
539 sig->r=hex2bn(value);
540 else if(!strcmp(keyword,"S"))
544 EVP_MD_CTX_init(&mctx);
545 sig->s=hex2bn(value);
547 pbn("Y",dsa->pub_key);
550 EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL);
551 EVP_DigestUpdate(&mctx, msg, n);
553 r = FIPS_dsa_verify_ctx(dsa, &mctx, sig);
555 EVP_MD_CTX_cleanup(&mctx);
557 printf("Result = %c\n", r == 1 ? 'P' : 'F');
563 int main(int argc,char **argv)
567 fprintf(stderr,"%s [prime|pqg|pqgver|keypair|siggen|sigver]\n",argv[0]);
570 fips_set_error_print();
571 if(!FIPS_mode_set(1))
573 if(!strcmp(argv[1],"prime"))
575 else if(!strcmp(argv[1],"pqg"))
577 else if(!strcmp(argv[1],"pqgver"))
579 else if(!strcmp(argv[1],"keypair"))
581 else if(!strcmp(argv[1],"keyver"))
583 else if(!strcmp(argv[1],"siggen"))
585 else if(!strcmp(argv[1],"sigver"))
589 fprintf(stderr,"Don't know how to %s.\n",argv[1]);