1 #include <openssl/opensslconf.h>
6 int main(int argc, char **argv)
8 printf("No FIPS DSA support\n");
13 #include <openssl/bn.h>
14 #include <openssl/dsa.h>
15 #include <openssl/fips.h>
16 #include <openssl/err.h>
17 #include <openssl/evp.h>
23 static void pbn(const char *name, BIGNUM *bn)
27 len = BN_num_bytes(bn);
28 tmp = OPENSSL_malloc(len);
31 fprintf(stderr, "Memory allocation error\n");
35 printf("%s = ", name);
36 for (i = 0; i < len; i++)
37 printf("%02X", tmp[i]);
47 char *keyword, *value;
49 while(fgets(buf,sizeof buf,stdin) != NULL)
52 if (!parse_line(&keyword, &value, lbuf, buf))
54 if(!strcmp(keyword,"Prime"))
60 printf("result= %c\n",
61 BN_is_prime_ex(pp,20,NULL,NULL) ? 'P' : 'F');
70 char *keyword, *value;
73 while(fgets(buf,sizeof buf,stdin) != NULL)
75 if (!parse_line(&keyword, &value, lbuf, buf))
80 if(!strcmp(keyword,"[mod"))
82 else if(!strcmp(keyword,"N"))
86 printf("[mod = %d]\n\n",nmod);
90 unsigned char seed[20];
96 if (!DSA_generate_parameters_ex(dsa, nmod,seed,0,&counter,&h,NULL))
105 printf("c = %d\n",counter);
106 printf("H = %lx\n",h);
119 char *keyword, *value;
120 BIGNUM *p = NULL, *q = NULL, *g = NULL;
121 int counter, counter2;
125 unsigned char seed[1024];
127 while(fgets(buf,sizeof buf,stdin) != NULL)
129 if (!parse_line(&keyword, &value, lbuf, buf))
135 if(!strcmp(keyword,"[mod"))
137 else if(!strcmp(keyword,"P"))
139 else if(!strcmp(keyword,"Q"))
141 else if(!strcmp(keyword,"G"))
143 else if(!strcmp(keyword,"Seed"))
145 int slen = hex2bin(value, seed);
148 fprintf(stderr, "Seed parse length error\n");
152 else if(!strcmp(keyword,"c"))
153 counter =atoi(buf+4);
154 else if(!strcmp(keyword,"H"))
159 fprintf(stderr, "Parse Error\n");
162 dsa = FIPS_dsa_new();
163 if (!DSA_generate_parameters_ex(dsa, nmod,seed,20 ,&counter2,&h2,NULL))
168 if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) || BN_cmp(dsa->g, g)
169 || (counter != counter2) || (h != h2))
170 printf("Result = F\n");
172 printf("Result = P\n");
185 /* Keypair verification routine. NB: this isn't part of the standard FIPS140-2
186 * algorithm tests. It is an additional test to perform sanity checks on the
187 * output of the KeyPair test.
190 static int dss_paramcheck(int nmod, BIGNUM *p, BIGNUM *q, BIGNUM *g,
194 if (BN_num_bits(p) != nmod)
196 if (BN_num_bits(q) != 160)
198 if (BN_is_prime_ex(p, BN_prime_checks, ctx, NULL) != 1)
200 if (BN_is_prime_ex(q, BN_prime_checks, ctx, NULL) != 1)
203 if (!BN_mod(rem, p, q, ctx) || !BN_is_one(rem)
204 || (BN_cmp(g, BN_value_one()) <= 0)
205 || !BN_mod_exp(rem, g, q, p, ctx) || !BN_is_one(rem))
219 char *keyword, *value;
220 BIGNUM *p = NULL, *q = NULL, *g = NULL, *X = NULL, *Y = NULL;
223 int nmod=0, paramcheck = 0;
228 while(fgets(buf,sizeof buf,stdin) != NULL)
230 if (!parse_line(&keyword, &value, lbuf, buf))
235 if(!strcmp(keyword,"[mod"))
249 else if(!strcmp(keyword,"P"))
251 else if(!strcmp(keyword,"Q"))
253 else if(!strcmp(keyword,"G"))
255 else if(!strcmp(keyword,"X"))
257 else if(!strcmp(keyword,"Y"))
260 if (!p || !q || !g || !X || !Y)
262 fprintf(stderr, "Parse Error\n");
272 if (dss_paramcheck(nmod, p, q, g, ctx))
278 printf("Result = F\n");
281 if (!BN_mod_exp(Y2, g, X, p, ctx) || BN_cmp(Y2, Y))
282 printf("Result = F\n");
284 printf("Result = P\n");
302 static void keypair()
306 char *keyword, *value;
309 while(fgets(buf,sizeof buf,stdin) != NULL)
311 if (!parse_line(&keyword, &value, lbuf, buf))
316 if(!strcmp(keyword,"[mod"))
318 else if(!strcmp(keyword,"N"))
323 printf("[mod = %d]\n\n",nmod);
324 dsa = FIPS_dsa_new();
325 if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL))
337 if (!DSA_generate_key(dsa))
343 pbn("X",dsa->priv_key);
344 pbn("Y",dsa->pub_key);
355 char *keyword, *value;
359 while(fgets(buf,sizeof buf,stdin) != NULL)
361 if (!parse_line(&keyword, &value, lbuf, buf))
366 if(!strcmp(keyword,"[mod"))
369 printf("[mod = %d]\n\n",nmod);
372 dsa = FIPS_dsa_new();
373 if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL))
383 else if(!strcmp(keyword,"Msg"))
385 unsigned char msg[1024];
386 unsigned char sbuf[60];
392 EVP_MD_CTX_init(&mctx);
394 n=hex2bin(value,msg);
397 if (!DSA_generate_key(dsa))
402 pk.type = EVP_PKEY_DSA;
404 pbn("Y",dsa->pub_key);
406 EVP_SignInit_ex(&mctx, EVP_dss1(), NULL);
407 EVP_SignUpdate(&mctx, msg, n);
408 EVP_SignFinal(&mctx, sbuf, &slen, &pk);
411 FIPS_dsa_sig_decode(sig, sbuf, slen);
417 EVP_MD_CTX_cleanup(&mctx);
429 unsigned char msg[1024];
430 char *keyword, *value;
432 DSA_SIG sg, *sig = &sg;
437 while(fgets(buf,sizeof buf,stdin) != NULL)
439 if (!parse_line(&keyword, &value, lbuf, buf))
444 if(!strcmp(keyword,"[mod"))
451 else if(!strcmp(keyword,"P"))
452 dsa->p=hex2bn(value);
453 else if(!strcmp(keyword,"Q"))
454 dsa->q=hex2bn(value);
455 else if(!strcmp(keyword,"G"))
457 dsa->g=hex2bn(value);
459 printf("[mod = %d]\n\n",nmod);
465 else if(!strcmp(keyword,"Msg"))
467 n=hex2bin(value,msg);
470 else if(!strcmp(keyword,"Y"))
471 dsa->pub_key=hex2bn(value);
472 else if(!strcmp(keyword,"R"))
473 sig->r=hex2bn(value);
474 else if(!strcmp(keyword,"S"))
478 unsigned char sigbuf[60];
481 EVP_MD_CTX_init(&mctx);
482 pk.type = EVP_PKEY_DSA;
484 sig->s=hex2bn(value);
486 pbn("Y",dsa->pub_key);
490 slen = FIPS_dsa_sig_encode(sigbuf, sig);
491 EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL);
492 EVP_VerifyUpdate(&mctx, msg, n);
493 r = EVP_VerifyFinal(&mctx, sigbuf, slen, &pk);
494 EVP_MD_CTX_cleanup(&mctx);
496 printf("Result = %c\n", r == 1 ? 'P' : 'F');
502 int main(int argc,char **argv)
506 fprintf(stderr,"%s [prime|pqg|pqgver|keypair|siggen|sigver]\n",argv[0]);
509 if(!FIPS_mode_set(1))
514 if(!strcmp(argv[1],"prime"))
516 else if(!strcmp(argv[1],"pqg"))
518 else if(!strcmp(argv[1],"pqgver"))
520 else if(!strcmp(argv[1],"keypair"))
522 else if(!strcmp(argv[1],"keyver"))
524 else if(!strcmp(argv[1],"siggen"))
526 else if(!strcmp(argv[1],"sigver"))
530 fprintf(stderr,"Don't know how to %s.\n",argv[1]);