1 #include <openssl/opensslconf.h>
6 int main(int argc, char **argv)
8 printf("No FIPS DSA support\n");
13 # include <openssl/bn.h>
14 # include <openssl/dsa.h>
15 # include <openssl/fips.h>
16 # include <openssl/err.h>
17 # include <openssl/evp.h>
21 # include "fips_utl.h"
23 static void pbn(const char *name, BIGNUM *bn)
27 len = BN_num_bytes(bn);
28 tmp = OPENSSL_malloc(len);
30 fprintf(stderr, "Memory allocation error\n");
34 printf("%s = ", name);
35 for (i = 0; i < len; i++)
36 printf("%02X", tmp[i]);
46 char *keyword, *value;
48 while (fgets(buf, sizeof buf, stdin) != NULL) {
50 if (!parse_line(&keyword, &value, lbuf, buf))
52 if (!strcmp(keyword, "Prime")) {
56 do_hex2bn(&pp, value);
57 printf("result= %c\n",
58 BN_is_prime_ex(pp, 20, NULL, NULL) ? 'P' : 'F');
67 char *keyword, *value;
70 while (fgets(buf, sizeof buf, stdin) != NULL) {
71 if (!parse_line(&keyword, &value, lbuf, buf)) {
75 if (!strcmp(keyword, "[mod"))
77 else if (!strcmp(keyword, "N")) {
80 printf("[mod = %d]\n\n", nmod);
83 unsigned char seed[20];
89 if (!DSA_generate_parameters_ex
90 (dsa, nmod, seed, 0, &counter, &h, NULL)) {
98 printf("c = %d\n", counter);
99 printf("H = %lx\n", h);
111 char *keyword, *value;
112 BIGNUM *p = NULL, *q = NULL, *g = NULL;
113 int counter, counter2;
117 unsigned char seed[1024];
119 while (fgets(buf, sizeof buf, stdin) != NULL) {
120 if (!parse_line(&keyword, &value, lbuf, buf)) {
125 if (!strcmp(keyword, "[mod"))
127 else if (!strcmp(keyword, "P"))
129 else if (!strcmp(keyword, "Q"))
131 else if (!strcmp(keyword, "G"))
133 else if (!strcmp(keyword, "Seed")) {
134 int slen = hex2bin(value, seed);
136 fprintf(stderr, "Seed parse length error\n");
139 } else if (!strcmp(keyword, "c"))
140 counter = atoi(buf + 4);
141 else if (!strcmp(keyword, "H")) {
143 if (!p || !q || !g) {
144 fprintf(stderr, "Parse Error\n");
147 dsa = FIPS_dsa_new();
148 if (!DSA_generate_parameters_ex
149 (dsa, nmod, seed, 20, &counter2, &h2, NULL)) {
153 if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) || BN_cmp(dsa->g, g)
154 || (counter != counter2) || (h != h2))
155 printf("Result = F\n");
157 printf("Result = P\n");
171 * Keypair verification routine. NB: this isn't part of the standard
172 * FIPS140-2 algorithm tests. It is an additional test to perform sanity
173 * checks on the output of the KeyPair test.
176 static int dss_paramcheck(int nmod, BIGNUM *p, BIGNUM *q, BIGNUM *g,
180 if (BN_num_bits(p) != nmod)
182 if (BN_num_bits(q) != 160)
184 if (BN_is_prime_ex(p, BN_prime_checks, ctx, NULL) != 1)
186 if (BN_is_prime_ex(q, BN_prime_checks, ctx, NULL) != 1)
189 if (!BN_mod(rem, p, q, ctx) || !BN_is_one(rem)
190 || (BN_cmp(g, BN_value_one()) <= 0)
191 || !BN_mod_exp(rem, g, q, p, ctx) || !BN_is_one(rem)) {
204 char *keyword, *value;
205 BIGNUM *p = NULL, *q = NULL, *g = NULL, *X = NULL, *Y = NULL;
208 int nmod = 0, paramcheck = 0;
213 while (fgets(buf, sizeof buf, stdin) != NULL) {
214 if (!parse_line(&keyword, &value, lbuf, buf)) {
218 if (!strcmp(keyword, "[mod")) {
230 } else if (!strcmp(keyword, "P"))
232 else if (!strcmp(keyword, "Q"))
234 else if (!strcmp(keyword, "G"))
236 else if (!strcmp(keyword, "X"))
238 else if (!strcmp(keyword, "Y")) {
240 if (!p || !q || !g || !X || !Y) {
241 fprintf(stderr, "Parse Error\n");
250 if (dss_paramcheck(nmod, p, q, g, ctx))
256 printf("Result = F\n");
258 if (!BN_mod_exp(Y2, g, X, p, ctx) || BN_cmp(Y2, Y))
259 printf("Result = F\n");
261 printf("Result = P\n");
279 static void keypair()
283 char *keyword, *value;
286 while (fgets(buf, sizeof buf, stdin) != NULL) {
287 if (!parse_line(&keyword, &value, lbuf, buf)) {
291 if (!strcmp(keyword, "[mod"))
293 else if (!strcmp(keyword, "N")) {
297 printf("[mod = %d]\n\n", nmod);
298 dsa = FIPS_dsa_new();
299 if (!DSA_generate_parameters_ex
300 (dsa, nmod, NULL, 0, NULL, NULL, NULL)) {
310 if (!DSA_generate_key(dsa)) {
315 pbn("X", dsa->priv_key);
316 pbn("Y", dsa->pub_key);
327 char *keyword, *value;
331 while (fgets(buf, sizeof buf, stdin) != NULL) {
332 if (!parse_line(&keyword, &value, lbuf, buf)) {
336 if (!strcmp(keyword, "[mod")) {
338 printf("[mod = %d]\n\n", nmod);
341 dsa = FIPS_dsa_new();
342 if (!DSA_generate_parameters_ex
343 (dsa, nmod, NULL, 0, NULL, NULL, NULL)) {
351 } else if (!strcmp(keyword, "Msg")) {
352 unsigned char msg[1024];
353 unsigned char sbuf[60];
359 EVP_MD_CTX_init(&mctx);
361 n = hex2bin(value, msg);
364 if (!DSA_generate_key(dsa)) {
368 pk.type = EVP_PKEY_DSA;
370 pbn("Y", dsa->pub_key);
372 EVP_SignInit_ex(&mctx, EVP_dss1(), NULL);
373 EVP_SignUpdate(&mctx, msg, n);
374 EVP_SignFinal(&mctx, sbuf, &slen, &pk);
377 FIPS_dsa_sig_decode(sig, sbuf, slen);
383 EVP_MD_CTX_cleanup(&mctx);
395 unsigned char msg[1024];
396 char *keyword, *value;
398 DSA_SIG sg, *sig = &sg;
403 while (fgets(buf, sizeof buf, stdin) != NULL) {
404 if (!parse_line(&keyword, &value, lbuf, buf)) {
408 if (!strcmp(keyword, "[mod")) {
412 dsa = FIPS_dsa_new();
413 } else if (!strcmp(keyword, "P"))
414 dsa->p = hex2bn(value);
415 else if (!strcmp(keyword, "Q"))
416 dsa->q = hex2bn(value);
417 else if (!strcmp(keyword, "G")) {
418 dsa->g = hex2bn(value);
420 printf("[mod = %d]\n\n", nmod);
425 } else if (!strcmp(keyword, "Msg")) {
426 n = hex2bin(value, msg);
428 } else if (!strcmp(keyword, "Y"))
429 dsa->pub_key = hex2bn(value);
430 else if (!strcmp(keyword, "R"))
431 sig->r = hex2bn(value);
432 else if (!strcmp(keyword, "S")) {
435 unsigned char sigbuf[60];
438 EVP_MD_CTX_init(&mctx);
439 pk.type = EVP_PKEY_DSA;
441 sig->s = hex2bn(value);
443 pbn("Y", dsa->pub_key);
447 slen = FIPS_dsa_sig_encode(sigbuf, sig);
448 EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL);
449 EVP_VerifyUpdate(&mctx, msg, n);
450 r = EVP_VerifyFinal(&mctx, sigbuf, slen, &pk);
451 EVP_MD_CTX_cleanup(&mctx);
453 printf("Result = %c\n", r == 1 ? 'P' : 'F');
459 int main(int argc, char **argv)
462 fprintf(stderr, "%s [prime|pqg|pqgver|keypair|siggen|sigver]\n",
466 if (!FIPS_mode_set(1)) {
470 if (!strcmp(argv[1], "prime"))
472 else if (!strcmp(argv[1], "pqg"))
474 else if (!strcmp(argv[1], "pqgver"))
476 else if (!strcmp(argv[1], "keypair"))
478 else if (!strcmp(argv[1], "keyver"))
480 else if (!strcmp(argv[1], "siggen"))
482 else if (!strcmp(argv[1], "sigver"))
485 fprintf(stderr, "Don't know how to %s.\n", argv[1]);