]> CyberLeo.Net >> Repos - FreeBSD/releng/8.0.git/blob - crypto/openssl/fips/dsa/fips_dssvs.c
projects / FreeBSD / releng / 8.0.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Adjust to reflect 8.0-RELEASE.
[FreeBSD/releng/8.0.git] / crypto / openssl / fips / dsa / fips_dssvs.c
1 #include <openssl/opensslconf.h>
2
3 #ifndef OPENSSL_FIPS
4 #include <stdio.h>
5
6 int main(int argc, char **argv)
7 {
8     printf("No FIPS DSA support\n");
9     return(0);
10 }
11 #else
12
13 #include <openssl/bn.h>
14 #include <openssl/dsa.h>
15 #include <openssl/fips.h>
16 #include <openssl/err.h>
17 #include <openssl/evp.h>
18 #include <string.h>
19 #include <ctype.h>
20
21 #include "fips_utl.h"
22
23 static void pbn(const char *name, BIGNUM *bn)
24         {
25         int len, i;
26         unsigned char *tmp;
27         len = BN_num_bytes(bn);
28         tmp = OPENSSL_malloc(len);
29         if (!tmp)
30                 {
31                 fprintf(stderr, "Memory allocation error\n");
32                 return;
33                 }
34         BN_bn2bin(bn, tmp);
35         printf("%s = ", name);
36         for (i = 0; i < len; i++)
37                 printf("%02X", tmp[i]);
38         fputs("\n", stdout);
39         OPENSSL_free(tmp);
40         return;
41         }
42
43 void primes()
44     {
45     char buf[10240];
46     char lbuf[10240];
47     char *keyword, *value;
48
49     while(fgets(buf,sizeof buf,stdin) != NULL)
50         {
51         fputs(buf,stdout);
52         if (!parse_line(&keyword, &value, lbuf, buf))
53                 continue;
54         if(!strcmp(keyword,"Prime"))
55             {
56             BIGNUM *pp;
57
58             pp=BN_new();
59             do_hex2bn(&pp,value);
60             printf("result= %c\n",
61                    BN_is_prime_ex(pp,20,NULL,NULL) ? 'P' : 'F');
62             }       
63         }
64     }
65
66 void pqg()
67     {
68     char buf[1024];
69     char lbuf[1024];
70     char *keyword, *value;
71     int nmod=0;
72
73     while(fgets(buf,sizeof buf,stdin) != NULL)
74         {
75         if (!parse_line(&keyword, &value, lbuf, buf))
76                 {
77                 fputs(buf,stdout);
78                 continue;
79                 }
80         if(!strcmp(keyword,"[mod"))
81             nmod=atoi(value);
82         else if(!strcmp(keyword,"N"))
83             {
84             int n=atoi(value);
85
86             printf("[mod = %d]\n\n",nmod);
87
88             while(n--)
89                 {
90                 unsigned char seed[20];
91                 DSA *dsa;
92                 int counter;
93                 unsigned long h;
94                 dsa = FIPS_dsa_new();
95
96                 if (!DSA_generate_parameters_ex(dsa, nmod,seed,0,&counter,&h,NULL))
97                         {
98                         do_print_errors();
99                         exit(1);
100                         }
101                 pbn("P",dsa->p);
102                 pbn("Q",dsa->q);
103                 pbn("G",dsa->g);
104                 pv("Seed",seed,20);
105                 printf("c = %d\n",counter);
106                 printf("H = %lx\n",h);
107                 putc('\n',stdout);
108                 }
109             }
110         else
111             fputs(buf,stdout);
112         }
113     }
114
115 void pqgver()
116     {
117     char buf[1024];
118     char lbuf[1024];
119     char *keyword, *value;
120     BIGNUM *p = NULL, *q = NULL, *g = NULL;
121     int counter, counter2;
122     unsigned long h, h2;
123     DSA *dsa=NULL;
124     int nmod=0;
125     unsigned char seed[1024];
126
127     while(fgets(buf,sizeof buf,stdin) != NULL)
128         {
129         if (!parse_line(&keyword, &value, lbuf, buf))
130                 {
131                 fputs(buf,stdout);
132                 continue;
133                 }
134         if(!strcmp(keyword,"[mod"))
135             nmod=atoi(value);
136         else if(!strcmp(keyword,"P"))
137             p=hex2bn(value);
138         else if(!strcmp(keyword,"Q"))
139             q=hex2bn(value);
140         else if(!strcmp(keyword,"G"))
141             g=hex2bn(value);
142         else if(!strcmp(keyword,"Seed"))
143             {
144             int slen = hex2bin(value, seed);
145             if (slen != 20)
146                 {
147                 fprintf(stderr, "Seed parse length error\n");
148                 exit (1);
149                 }
150             }
151         else if(!strcmp(keyword,"c"))
152             counter =atoi(buf+4);
153         else if(!strcmp(keyword,"H"))
154             {
155             h = atoi(value);
156             if (!p || !q || !g)
157                 {
158                 fprintf(stderr, "Parse Error\n");
159                 exit (1);
160                 }
161             pbn("P",p);
162             pbn("Q",q);
163             pbn("G",g);
164             pv("Seed",seed,20);
165             printf("c = %d\n",counter);
166             printf("H = %lx\n",h);
167             dsa = FIPS_dsa_new();
168             if (!DSA_generate_parameters_ex(dsa, nmod,seed,20 ,&counter2,&h2,NULL))
169                         {
170                         do_print_errors();
171                         exit(1);
172                         }
173             if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) || BN_cmp(dsa->g, g)
174                 || (counter != counter2) || (h != h2))
175                 printf("Result = F\n");
176             else
177                 printf("Result = T\n");
178             BN_free(p);
179             BN_free(q);
180             BN_free(g);
181             p = NULL;
182             q = NULL;
183             g = NULL;
184             FIPS_dsa_free(dsa);
185             dsa = NULL;
186             }
187         }
188     }
189
190 /* Keypair verification routine. NB: this isn't part of the standard FIPS140-2
191  * algorithm tests. It is an additional test to perform sanity checks on the
192  * output of the KeyPair test.
193  */
194
195 static int dss_paramcheck(int nmod, BIGNUM *p, BIGNUM *q, BIGNUM *g,
196                                                         BN_CTX *ctx)
197     {
198     BIGNUM *rem = NULL;
199     if (BN_num_bits(p) != nmod)
200         return 0;
201     if (BN_num_bits(q) != 160)
202         return 0;
203     if (BN_is_prime_ex(p, BN_prime_checks, ctx, NULL) != 1)
204         return 0;
205     if (BN_is_prime_ex(q, BN_prime_checks, ctx, NULL) != 1)
206         return 0;
207     rem = BN_new();
208     if (!BN_mod(rem, p, q, ctx) || !BN_is_one(rem)
209         || (BN_cmp(g, BN_value_one()) <= 0)
210         || !BN_mod_exp(rem, g, q, p, ctx) || !BN_is_one(rem))
211         {
212         BN_free(rem);
213         return 0;
214         }
215     /* Todo: check g */
216     BN_free(rem);
217     return 1;
218     }
219
220 void keyver()
221     {
222     char buf[1024];
223     char lbuf[1024];
224     char *keyword, *value;
225     BIGNUM *p = NULL, *q = NULL, *g = NULL, *X = NULL, *Y = NULL;
226     BIGNUM *Y2;
227     BN_CTX *ctx = NULL;
228     int nmod=0, paramcheck = 0;
229
230     ctx = BN_CTX_new();
231     Y2 = BN_new();
232
233     while(fgets(buf,sizeof buf,stdin) != NULL)
234         {
235         if (!parse_line(&keyword, &value, lbuf, buf))
236                 {
237                 fputs(buf,stdout);
238                 continue;
239                 }
240         if(!strcmp(keyword,"[mod"))
241             {
242             if (p)
243                 BN_free(p);
244             p = NULL;
245             if (q)
246                 BN_free(q);
247             q = NULL;
248             if (g)
249                 BN_free(g);
250             g = NULL;
251             paramcheck = 0;
252             nmod=atoi(value);
253             }
254         else if(!strcmp(keyword,"P"))
255             p=hex2bn(value);
256         else if(!strcmp(keyword,"Q"))
257             q=hex2bn(value);
258         else if(!strcmp(keyword,"G"))
259             g=hex2bn(value);
260         else if(!strcmp(keyword,"X"))
261             X=hex2bn(value);
262         else if(!strcmp(keyword,"Y"))
263             {
264             Y=hex2bn(value);
265             if (!p || !q || !g || !X || !Y)
266                 {
267                 fprintf(stderr, "Parse Error\n");
268                 exit (1);
269                 }
270             pbn("P",p);
271             pbn("Q",q);
272             pbn("G",g);
273             pbn("X",X);
274             pbn("Y",Y);
275             if (!paramcheck)
276                 {
277                 if (dss_paramcheck(nmod, p, q, g, ctx))
278                         paramcheck = 1;
279                 else
280                         paramcheck = -1;
281                 }
282             if (paramcheck != 1)
283                 printf("Result = F\n");
284             else
285                 {
286                 if (!BN_mod_exp(Y2, g, X, p, ctx) || BN_cmp(Y2, Y))
287                         printf("Result = F\n");
288                 else
289                         printf("Result = T\n");
290                 }
291             BN_free(X);
292             BN_free(Y);
293             X = NULL;
294             Y = NULL;
295             }
296         }
297         if (p)
298             BN_free(p);
299         if (q)
300             BN_free(q);
301         if (g)
302             BN_free(g);
303         if (Y2)
304             BN_free(Y2);
305     }
306
307 void keypair()
308     {
309     char buf[1024];
310     char lbuf[1024];
311     char *keyword, *value;
312     int nmod=0;
313
314     while(fgets(buf,sizeof buf,stdin) != NULL)
315         {
316         if (!parse_line(&keyword, &value, lbuf, buf))
317                 {
318                 fputs(buf,stdout);
319                 continue;
320                 }
321         if(!strcmp(keyword,"[mod"))
322             nmod=atoi(value);
323         else if(!strcmp(keyword,"N"))
324             {
325             DSA *dsa;
326             int n=atoi(value);
327
328             printf("[mod = %d]\n\n",nmod);
329             dsa = FIPS_dsa_new();
330             if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL))
331                 {
332                 do_print_errors();
333                 exit(1);
334                 }
335             pbn("P",dsa->p);
336             pbn("Q",dsa->q);
337             pbn("G",dsa->g);
338             putc('\n',stdout);
339
340             while(n--)
341                 {
342                 if (!DSA_generate_key(dsa))
343                         {
344                         do_print_errors();
345                         exit(1);
346                         }
347
348                 pbn("X",dsa->priv_key);
349                 pbn("Y",dsa->pub_key);
350                 putc('\n',stdout);
351                 }
352             }
353         }
354     }
355
356 void siggen()
357     {
358     char buf[1024];
359     char lbuf[1024];
360     char *keyword, *value;
361     int nmod=0;
362     DSA *dsa=NULL;
363
364     while(fgets(buf,sizeof buf,stdin) != NULL)
365         {
366         if (!parse_line(&keyword, &value, lbuf, buf))
367                 {
368                 fputs(buf,stdout);
369                 continue;
370                 }
371         if(!strcmp(keyword,"[mod"))
372             {
373             nmod=atoi(value);
374             printf("[mod = %d]\n\n",nmod);
375             if (dsa)
376                 FIPS_dsa_free(dsa);
377             dsa = FIPS_dsa_new();
378             if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL))
379                 {
380                 do_print_errors();
381                 exit(1);
382                 }
383             pbn("P",dsa->p);
384             pbn("Q",dsa->q);
385             pbn("G",dsa->g);
386             putc('\n',stdout);
387             }
388         else if(!strcmp(keyword,"Msg"))
389             {
390             unsigned char msg[1024];
391             unsigned char sbuf[60];
392             unsigned int slen;
393             int n;
394             EVP_PKEY pk;
395             EVP_MD_CTX mctx;
396             DSA_SIG *sig;
397             EVP_MD_CTX_init(&mctx);
398
399             n=hex2bin(value,msg);
400             pv("Msg",msg,n);
401
402             if (!DSA_generate_key(dsa))
403                 {
404                 do_print_errors();
405                 exit(1);
406                 }
407             pk.type = EVP_PKEY_DSA;
408             pk.pkey.dsa = dsa;
409             pbn("Y",dsa->pub_key);
410
411             EVP_SignInit_ex(&mctx, EVP_dss1(), NULL);
412             EVP_SignUpdate(&mctx, msg, n);
413             EVP_SignFinal(&mctx, sbuf, &slen, &pk);
414
415             sig = DSA_SIG_new();
416             FIPS_dsa_sig_decode(sig, sbuf, slen);
417
418             pbn("R",sig->r);
419             pbn("S",sig->s);
420             putc('\n',stdout);
421             DSA_SIG_free(sig);
422             EVP_MD_CTX_cleanup(&mctx);
423             }
424         }
425         if (dsa)
426                 FIPS_dsa_free(dsa);
427     }
428
429 void sigver()
430     {
431     DSA *dsa=NULL;
432     char buf[1024];
433     char lbuf[1024];
434     unsigned char msg[1024];
435     char *keyword, *value;
436     int nmod=0, n=0;
437     DSA_SIG sg, *sig = &sg;
438
439     sig->r = NULL;
440     sig->s = NULL;
441
442     while(fgets(buf,sizeof buf,stdin) != NULL)
443         {
444         if (!parse_line(&keyword, &value, lbuf, buf))
445                 {
446                 fputs(buf,stdout);
447                 continue;
448                 }
449         if(!strcmp(keyword,"[mod"))
450             {
451             nmod=atoi(value);
452             if(dsa)
453                 FIPS_dsa_free(dsa);
454             dsa=FIPS_dsa_new();
455             }
456         else if(!strcmp(keyword,"P"))
457             dsa->p=hex2bn(value);
458         else if(!strcmp(keyword,"Q"))
459             dsa->q=hex2bn(value);
460         else if(!strcmp(keyword,"G"))
461             {
462             dsa->g=hex2bn(value);
463
464             printf("[mod = %d]\n\n",nmod);
465             pbn("P",dsa->p);
466             pbn("Q",dsa->q);
467             pbn("G",dsa->g);
468             putc('\n',stdout);
469             }
470         else if(!strcmp(keyword,"Msg"))
471             {
472             n=hex2bin(value,msg);
473             pv("Msg",msg,n);
474             }
475         else if(!strcmp(keyword,"Y"))
476             dsa->pub_key=hex2bn(value);
477         else if(!strcmp(keyword,"R"))
478             sig->r=hex2bn(value);
479         else if(!strcmp(keyword,"S"))
480             {
481             EVP_MD_CTX mctx;
482             EVP_PKEY pk;
483             unsigned char sigbuf[60];
484             unsigned int slen;
485             int r;
486             EVP_MD_CTX_init(&mctx);
487             pk.type = EVP_PKEY_DSA;
488             pk.pkey.dsa = dsa;
489             sig->s=hex2bn(value);
490         
491             pbn("Y",dsa->pub_key);
492             pbn("R",sig->r);
493             pbn("S",sig->s);
494
495             slen = FIPS_dsa_sig_encode(sigbuf, sig);
496             EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL);
497             EVP_VerifyUpdate(&mctx, msg, n);
498             r = EVP_VerifyFinal(&mctx, sigbuf, slen, &pk);
499             EVP_MD_CTX_cleanup(&mctx);
500         
501             printf("Result = %c\n", r == 1 ? 'P' : 'F');
502             putc('\n',stdout);
503             }
504         }
505     }
506
507 int main(int argc,char **argv)
508     {
509     if(argc != 2)
510         {
511         fprintf(stderr,"%s [prime|pqg|pqgver|keypair|siggen|sigver]\n",argv[0]);
512         exit(1);
513         }
514     if(!FIPS_mode_set(1))
515         {
516         do_print_errors();
517         exit(1);
518         }
519     if(!strcmp(argv[1],"prime"))
520         primes();
521     else if(!strcmp(argv[1],"pqg"))
522         pqg();
523     else if(!strcmp(argv[1],"pqgver"))
524         pqgver();
525     else if(!strcmp(argv[1],"keypair"))
526         keypair();
527     else if(!strcmp(argv[1],"keyver"))
528         keyver();
529     else if(!strcmp(argv[1],"siggen"))
530         siggen();
531     else if(!strcmp(argv[1],"sigver"))
532         sigver();
533     else
534         {
535         fprintf(stderr,"Don't know how to %s.\n",argv[1]);
536         exit(1);
537         }
538
539     return 0;
540     }
541
542 #endif
8.0-RELEASE