X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=fips%2Fdsa%2Ffips_dssvs.c;h=3feb0ffe7c96142b1a035fa03a05805bbeafffa8;hp=a3261af6c41cbdc83c58b9f514a209ed2a23671b;hb=54bb3f68e15dc7a9739df5a0d1ab70a446f94c95;hpb=ee9884654b976386015533766a77e74c414871f5;ds=sidebyside diff --git a/fips/dsa/fips_dssvs.c b/fips/dsa/fips_dssvs.c index a3261af6c4..3feb0ffe7c 100644 --- a/fips/dsa/fips_dssvs.c +++ b/fips/dsa/fips_dssvs.c @@ -41,7 +41,7 @@ static int parse_mod(char *line, int *pdsa2, int *pL, int *pN, } *pdsa2 = 1; *p = 0; - if (!parse_line(&keyword, &value, lbuf, line)) + if (!parse_line2(&keyword, &value, lbuf, line, 0)) return 0; if (strcmp(keyword, "L")) return 0; @@ -54,7 +54,7 @@ static int parse_mod(char *line, int *pdsa2, int *pL, int *pN, if (!p) return 0; *p = 0; - if (!parse_line(&keyword, &value, lbuf, line)) + if (!parse_line2(&keyword, &value, lbuf, line, 0)) return 0; if (strcmp(keyword, "N")) return 0; @@ -84,37 +84,15 @@ static int parse_mod(char *line, int *pdsa2, int *pL, int *pN, return 1; } - - -static void pbn(const char *name, BIGNUM *bn) - { - int len, i; - unsigned char *tmp; - len = BN_num_bytes(bn); - tmp = OPENSSL_malloc(len); - if (!tmp) - { - fprintf(stderr, "Memory allocation error\n"); - return; - } - BN_bn2bin(bn, tmp); - printf("%s = ", name); - for (i = 0; i < len; i++) - printf("%02X", tmp[i]); - fputs("\n", stdout); - OPENSSL_free(tmp); - return; - } - -static void primes() +static void primes(FILE *in, FILE *out) { char buf[10240]; char lbuf[10240]; char *keyword, *value; - while(fgets(buf,sizeof buf,stdin) != NULL) + while(fgets(buf,sizeof buf,in) != NULL) { - fputs(buf,stdout); + fputs(buf,out); if (!parse_line(&keyword, &value, lbuf, buf)) continue; if(!strcmp(keyword,"Prime")) @@ -123,7 +101,7 @@ static void primes() pp=BN_new(); do_hex2bn(&pp,value); - printf("result= %c\n", + fprintf(out, "result= %c\n", BN_is_prime_ex(pp,20,NULL,NULL) ? 'P' : 'F'); } } @@ -133,42 +111,57 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, unsigned char *seed_out, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); -int dsa_builtin_paramgen2(DSA *ret, size_t bits, size_t qbits, +int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, - unsigned char *seed_out, + int idx, unsigned char *seed_out, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); -static void pqg() +static void pqg(FILE *in, FILE *out) { char buf[1024]; char lbuf[1024]; char *keyword, *value; int dsa2, L, N; const EVP_MD *md = NULL; + BIGNUM *p = NULL, *q = NULL; + enum pqtype { PQG_NONE, PQG_PQ, PQG_G, PQG_GCANON} + pqg_type = PQG_NONE; + int seedlen=-1, idxlen, idx = -1; + unsigned char seed[1024], idtmp[1024]; - while(fgets(buf,sizeof buf,stdin) != NULL) + while(fgets(buf,sizeof buf,in) != NULL) { + if (buf[0] == '[') + { + if (strstr(buf, "Probable")) + pqg_type = PQG_PQ; + else if (strstr(buf, "Unverifiable")) + pqg_type = PQG_G; + else if (strstr(buf, "Canonical")) + pqg_type = PQG_GCANON; + } if (!parse_line(&keyword, &value, lbuf, buf)) { - fputs(buf,stdout); + fputs(buf,out); continue; } + if (strcmp(keyword, "Num") || pqg_type != PQG_PQ) + fputs(buf,out); if(!strcmp(keyword,"[mod")) { - fputs(buf,stdout); if (!parse_mod(value, &dsa2, &L, &N, &md)) { fprintf(stderr, "Mod Parse Error\n"); exit (1); } } - else if(!strcmp(keyword,"N")) + else if(!strcmp(keyword,"N") + || (!strcmp(keyword, "Num") && pqg_type == PQG_PQ)) { int n=atoi(value); while(n--) { - unsigned char seed[EVP_MAX_MD_SIZE]; DSA *dsa; int counter; unsigned long h; @@ -182,42 +175,89 @@ static void pqg() exit(1); } if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md, - NULL, 0, seed, + NULL, 0, -1, seed, &counter, &h, NULL) <= 0) { fprintf(stderr, "Parameter Generation error\n"); exit(1); } - pbn("P",dsa->p); - pbn("Q",dsa->q); - pbn("G",dsa->g); - pv("Seed",seed, M_EVP_MD_size(md)); - printf("c = %d\n",counter); - printf("H = %lx\n",h); - putc('\n',stdout); + do_bn_print_name(out, "P",dsa->p); + do_bn_print_name(out, "Q",dsa->q); + if (!dsa2) + do_bn_print_name(out, "G",dsa->g); + OutputValue(dsa2 ? "domain_parameter_seed" : "Seed", + seed, M_EVP_MD_size(md), out, 0); + if (!dsa2) + { + fprintf(out, "c = %d\n",counter); + fprintf(out, "H = %lx\n\n",h); + } + else + { + fprintf(out, "counter = %d\n",counter); + fputs("\n", out); + } } } - else - fputs(buf,stdout); + else if(!strcmp(keyword,"P")) + p=hex2bn(value); + else if(!strcmp(keyword,"Q")) + q=hex2bn(value); + else if(!strcmp(keyword,"domain_parameter_seed")) + seedlen = hex2bin(value, seed); + else if(!strcmp(keyword,"firstseed")) + seedlen = hex2bin(value, seed); + else if(!strcmp(keyword,"pseed")) + seedlen += hex2bin(value, seed + seedlen); + else if(!strcmp(keyword,"qseed")) + seedlen += hex2bin(value, seed + seedlen); + else if(!strcmp(keyword,"index")) + { + idxlen = hex2bin(value, idtmp); + if (idxlen != 1) + { + fprintf(stderr, "Index value error\n"); + exit (1); + } + idx = idtmp[0]; + } + if ((idx >= 0 && pqg_type == PQG_GCANON) || (q && pqg_type == PQG_G)) + { + DSA *dsa; + dsa = FIPS_dsa_new(); + dsa->p = p; + dsa->q = q; + p = q = NULL; + if (dsa_builtin_paramgen2(dsa, L, N, md, + seed, seedlen, idx, NULL, + NULL, NULL, NULL) <= 0) + { + fprintf(stderr, "Parameter Generation error\n"); + exit(1); + } + do_bn_print_name(out, "G",dsa->g); + FIPS_dsa_free(dsa); + idx = -1; + } } } -static void pqgver() +static void pqgver(FILE *in, FILE *out) { char buf[1024]; char lbuf[1024]; char *keyword, *value; BIGNUM *p = NULL, *q = NULL, *g = NULL; - int counter, counter2; - unsigned long h, h2; + int counter=-1, counter2; + unsigned long h=0, h2; DSA *dsa=NULL; int dsa2, L, N, part_test = 0; const EVP_MD *md = NULL; - int seedlen; - unsigned char seed[1024]; + int seedlen=-1, idxlen, idx = -1; + unsigned char seed[1024], idtmp[1024]; - while(fgets(buf,sizeof buf,stdin) != NULL) + while(fgets(buf,sizeof buf,in) != NULL) { if (!parse_line(&keyword, &value, lbuf, buf)) { @@ -226,10 +266,10 @@ static void pqgver() part_test = 1; goto partial; } - fputs(buf,stdout); + fputs(buf,out); continue; } - fputs(buf, stdout); + fputs(buf, out); if(!strcmp(keyword,"[mod")) { if (!parse_mod(value, &dsa2, &L, &N, &md)) @@ -244,7 +284,8 @@ static void pqgver() q=hex2bn(value); else if(!strcmp(keyword,"G")) g=hex2bn(value); - else if(!strcmp(keyword,"Seed")) + else if(!strcmp(keyword,"Seed") + || !strcmp(keyword,"domain_parameter_seed")) { seedlen = hex2bin(value, seed); if (!dsa2 && seedlen != 20) @@ -252,9 +293,21 @@ static void pqgver() fprintf(stderr, "Seed parse length error\n"); exit (1); } + if (idx > 0) + part_test = 1; + } + else if(!strcmp(keyword,"index")) + { + idxlen = hex2bin(value, idtmp); + if (idxlen != 1) + { + fprintf(stderr, "Index value error\n"); + exit (1); + } + idx = idtmp[0]; } else if(!strcmp(keyword,"c")) - counter =atoi(buf+4); + counter = atoi(buf+4); partial: if(!strcmp(keyword,"H") || part_test) { @@ -266,6 +319,12 @@ static void pqgver() exit (1); } dsa = FIPS_dsa_new(); + if (idx >= 0) + { + dsa->p = BN_dup(p); + dsa->q = BN_dup(q); + } + no_err = 1; if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md, seed, seedlen, NULL, &counter2, &h2, NULL)) @@ -274,18 +333,26 @@ static void pqgver() exit(1); } if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md, - seed, seedlen, NULL, + seed, seedlen, idx, NULL, &counter2, &h2, NULL) < 0) { fprintf(stderr, "Parameter Generation error\n"); exit(1); } - if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) || + no_err = 0; + if (idx >= 0) + { + if (BN_cmp(dsa->g, g)) + fprintf(out, "Result = F\n"); + else + fprintf(out, "Result = P\n"); + } + else if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) || (!part_test && ((BN_cmp(dsa->g, g) || (counter != counter2) || (h != h2))))) - printf("Result = F\n"); + fprintf(out, "Result = F\n"); else - printf("Result = P\n"); + fprintf(out, "Result = P\n"); BN_free(p); BN_free(q); BN_free(g); @@ -296,9 +363,11 @@ static void pqgver() dsa = NULL; if (part_test) { - fputs(buf,stdout); + if (idx == -1) + fputs(buf,out); part_test = 0; } + idx = -1; } } } @@ -333,7 +402,7 @@ static int dss_paramcheck(int L, int N, BIGNUM *p, BIGNUM *q, BIGNUM *g, return 1; } -static void keyver() +static void keyver(FILE *in, FILE *out) { char buf[1024]; char lbuf[1024]; @@ -347,11 +416,11 @@ static void keyver() ctx = BN_CTX_new(); Y2 = BN_new(); - while(fgets(buf,sizeof buf,stdin) != NULL) + while(fgets(buf,sizeof buf,in) != NULL) { if (!parse_line(&keyword, &value, lbuf, buf)) { - fputs(buf,stdout); + fputs(buf,out); continue; } if(!strcmp(keyword,"[mod")) @@ -388,11 +457,11 @@ static void keyver() fprintf(stderr, "Parse Error\n"); exit (1); } - pbn("P",p); - pbn("Q",q); - pbn("G",g); - pbn("X",X); - pbn("Y",Y); + do_bn_print_name(out, "P",p); + do_bn_print_name(out, "Q",q); + do_bn_print_name(out, "G",g); + do_bn_print_name(out, "X",X); + do_bn_print_name(out, "Y",Y); if (!paramcheck) { if (dss_paramcheck(L, N, p, q, g, ctx)) @@ -401,13 +470,13 @@ static void keyver() paramcheck = -1; } if (paramcheck != 1) - printf("Result = F\n"); + fprintf(out, "Result = F\n"); else { if (!BN_mod_exp(Y2, g, X, p, ctx) || BN_cmp(Y2, Y)) - printf("Result = F\n"); + fprintf(out, "Result = F\n"); else - printf("Result = P\n"); + fprintf(out, "Result = P\n"); } BN_free(X); BN_free(Y); @@ -425,14 +494,14 @@ static void keyver() BN_free(Y2); } -static void keypair() +static void keypair(FILE *in, FILE *out) { char buf[1024]; char lbuf[1024]; char *keyword, *value; int dsa2, L, N; - while(fgets(buf,sizeof buf,stdin) != NULL) + while(fgets(buf,sizeof buf,in) != NULL) { if (!parse_line(&keyword, &value, lbuf, buf)) { @@ -445,7 +514,7 @@ static void keypair() fprintf(stderr, "Mod Parse Error\n"); exit (1); } - fputs(buf,stdout); + fputs(buf,out); } else if(!strcmp(keyword,"N")) { @@ -459,31 +528,31 @@ static void keypair() fprintf(stderr, "Parameter Generation error\n"); exit(1); } - if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, NULL, NULL, 0, + if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, NULL, NULL, 0, -1, NULL, NULL, NULL, NULL) <= 0) { fprintf(stderr, "Parameter Generation error\n"); exit(1); } - pbn("P",dsa->p); - pbn("Q",dsa->q); - pbn("G",dsa->g); - putc('\n',stdout); + do_bn_print_name(out, "P",dsa->p); + do_bn_print_name(out, "Q",dsa->q); + do_bn_print_name(out, "G",dsa->g); + fputs("\n", out); while(n--) { if (!DSA_generate_key(dsa)) exit(1); - pbn("X",dsa->priv_key); - pbn("Y",dsa->pub_key); - putc('\n',stdout); + do_bn_print_name(out, "X",dsa->priv_key); + do_bn_print_name(out, "Y",dsa->pub_key); + fputs("\n", out); } } } } -static void siggen() +static void siggen(FILE *in, FILE *out) { char buf[1024]; char lbuf[1024]; @@ -492,14 +561,14 @@ static void siggen() const EVP_MD *md = NULL; DSA *dsa=NULL; - while(fgets(buf,sizeof buf,stdin) != NULL) + while(fgets(buf,sizeof buf,in) != NULL) { if (!parse_line(&keyword, &value, lbuf, buf)) { - fputs(buf,stdout); + fputs(buf,out); continue; } - fputs(buf,stdout); + fputs(buf,out); if(!strcmp(keyword,"[mod")) { if (!parse_mod(value, &dsa2, &L, &N, &md)) @@ -516,16 +585,16 @@ static void siggen() fprintf(stderr, "Parameter Generation error\n"); exit(1); } - if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md, NULL, 0, + if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md, NULL, 0, -1, NULL, NULL, NULL, NULL) <= 0) { fprintf(stderr, "Parameter Generation error\n"); exit(1); } - pbn("P",dsa->p); - pbn("Q",dsa->q); - pbn("G",dsa->g); - putc('\n',stdout); + do_bn_print_name(out, "P",dsa->p); + do_bn_print_name(out, "Q",dsa->q); + do_bn_print_name(out, "G",dsa->g); + fputs("\n", out); } else if(!strcmp(keyword,"Msg")) { @@ -533,30 +602,30 @@ static void siggen() int n; EVP_MD_CTX mctx; DSA_SIG *sig; - EVP_MD_CTX_init(&mctx); + FIPS_md_ctx_init(&mctx); n=hex2bin(value,msg); if (!DSA_generate_key(dsa)) exit(1); - pbn("Y",dsa->pub_key); + do_bn_print_name(out, "Y",dsa->pub_key); - EVP_DigestInit_ex(&mctx, md, NULL); - EVP_DigestUpdate(&mctx, msg, n); + FIPS_digestinit(&mctx, md); + FIPS_digestupdate(&mctx, msg, n); sig = FIPS_dsa_sign_ctx(dsa, &mctx); - pbn("R",sig->r); - pbn("S",sig->s); - putc('\n',stdout); - DSA_SIG_free(sig); - EVP_MD_CTX_cleanup(&mctx); + do_bn_print_name(out, "R",sig->r); + do_bn_print_name(out, "S",sig->s); + fputs("\n", out); + FIPS_dsa_sig_free(sig); + FIPS_md_ctx_cleanup(&mctx); } } if (dsa) FIPS_dsa_free(dsa); } -static void sigver() +static void sigver(FILE *in, FILE *out) { DSA *dsa=NULL; char buf[1024]; @@ -571,14 +640,14 @@ static void sigver() sig->r = NULL; sig->s = NULL; - while(fgets(buf,sizeof buf,stdin) != NULL) + while(fgets(buf,sizeof buf,in) != NULL) { if (!parse_line(&keyword, &value, lbuf, buf)) { - fputs(buf,stdout); + fputs(buf,out); continue; } - fputs(buf,stdout); + fputs(buf,out); if(!strcmp(keyword,"[mod")) { if (!parse_mod(value, &dsa2, &L, &N, &md)) @@ -606,52 +675,76 @@ static void sigver() { EVP_MD_CTX mctx; int r; - EVP_MD_CTX_init(&mctx); + FIPS_md_ctx_init(&mctx); sig->s=hex2bn(value); - EVP_DigestInit_ex(&mctx, md, NULL); - EVP_DigestUpdate(&mctx, msg, n); + FIPS_digestinit(&mctx, md); + FIPS_digestupdate(&mctx, msg, n); no_err = 1; r = FIPS_dsa_verify_ctx(dsa, &mctx, sig); no_err = 0; - EVP_MD_CTX_cleanup(&mctx); + FIPS_md_ctx_cleanup(&mctx); - printf("Result = %c\n", r == 1 ? 'P' : 'F'); - putc('\n',stdout); + fprintf(out, "Result = %c\n\n", r == 1 ? 'P' : 'F'); } } } int main(int argc,char **argv) { - if(argc != 2) + FILE *in, *out; + if (argc == 4) + { + in = fopen(argv[2], "r"); + if (!in) + { + fprintf(stderr, "Error opening input file\n"); + exit(1); + } + out = fopen(argv[3], "w"); + if (!out) + { + fprintf(stderr, "Error opening output file\n"); + exit(1); + } + } + else if (argc == 2) + { + in = stdin; + out = stdout; + } + else { fprintf(stderr,"%s [prime|pqg|pqgver|keypair|keyver|siggen|sigver]\n",argv[0]); exit(1); } - fips_set_error_print(); - if(!FIPS_mode_set(1)) - exit(1); + fips_algtest_init(); if(!strcmp(argv[1],"prime")) - primes(); + primes(in, out); else if(!strcmp(argv[1],"pqg")) - pqg(); + pqg(in, out); else if(!strcmp(argv[1],"pqgver")) - pqgver(); + pqgver(in, out); else if(!strcmp(argv[1],"keypair")) - keypair(); + keypair(in, out); else if(!strcmp(argv[1],"keyver")) - keyver(); + keyver(in, out); else if(!strcmp(argv[1],"siggen")) - siggen(); + siggen(in, out); else if(!strcmp(argv[1],"sigver")) - sigver(); + sigver(in, out); else { fprintf(stderr,"Don't know how to %s.\n",argv[1]); exit(1); } + if (argc == 4) + { + fclose(in); + fclose(out); + } + return 0; }