1
#include <openssl/opensslconf.h>
6
int main(int argc, char **argv)
8
printf("No FIPS DSA support\n");
13
#include <openssl/bn.h>
14
#include <openssl/dsa.h>
15
#include <openssl/fips.h>
16
#include <openssl/err.h>
17
#include <openssl/evp.h>
23
static void pbn(const char *name, BIGNUM *bn)
27
len = BN_num_bytes(bn);
28
tmp = OPENSSL_malloc(len);
31
fprintf(stderr, "Memory allocation error\n");
35
printf("%s = ", name);
36
for (i = 0; i < len; i++)
37
printf("%02X", tmp[i]);
47
char *keyword, *value;
49
while(fgets(buf,sizeof buf,stdin) != NULL)
52
if (!parse_line(&keyword, &value, lbuf, buf))
54
if(!strcmp(keyword,"Prime"))
60
printf("result= %c\n",
61
BN_is_prime_ex(pp,20,NULL,NULL) ? 'P' : 'F');
70
char *keyword, *value;
73
while(fgets(buf,sizeof buf,stdin) != NULL)
75
if (!parse_line(&keyword, &value, lbuf, buf))
80
if(!strcmp(keyword,"[mod"))
82
else if(!strcmp(keyword,"N"))
86
printf("[mod = %d]\n\n",nmod);
90
unsigned char seed[20];
96
if (!DSA_generate_parameters_ex(dsa, nmod,seed,0,&counter,&h,NULL))
105
printf("c = %d\n",counter);
106
printf("H = %lx\n",h);
119
char *keyword, *value;
120
BIGNUM *p = NULL, *q = NULL, *g = NULL;
121
int counter, counter2;
125
unsigned char seed[1024];
127
while(fgets(buf,sizeof buf,stdin) != NULL)
129
if (!parse_line(&keyword, &value, lbuf, buf))
134
if(!strcmp(keyword,"[mod"))
136
else if(!strcmp(keyword,"P"))
138
else if(!strcmp(keyword,"Q"))
140
else if(!strcmp(keyword,"G"))
142
else if(!strcmp(keyword,"Seed"))
144
int slen = hex2bin(value, seed);
147
fprintf(stderr, "Seed parse length error\n");
151
else if(!strcmp(keyword,"c"))
152
counter =atoi(buf+4);
153
else if(!strcmp(keyword,"H"))
158
fprintf(stderr, "Parse Error\n");
165
printf("c = %d\n",counter);
166
printf("H = %lx\n",h);
167
dsa = FIPS_dsa_new();
168
if (!DSA_generate_parameters_ex(dsa, nmod,seed,20 ,&counter2,&h2,NULL))
173
if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) || BN_cmp(dsa->g, g)
174
|| (counter != counter2) || (h != h2))
175
printf("Result = F\n");
177
printf("Result = T\n");
190
/* Keypair verification routine. NB: this isn't part of the standard FIPS140-2
191
* algorithm tests. It is an additional test to perform sanity checks on the
192
* output of the KeyPair test.
195
static int dss_paramcheck(int nmod, BIGNUM *p, BIGNUM *q, BIGNUM *g,
199
if (BN_num_bits(p) != nmod)
201
if (BN_num_bits(q) != 160)
203
if (BN_is_prime_ex(p, BN_prime_checks, ctx, NULL) != 1)
205
if (BN_is_prime_ex(q, BN_prime_checks, ctx, NULL) != 1)
208
if (!BN_mod(rem, p, q, ctx) || !BN_is_one(rem)
209
|| (BN_cmp(g, BN_value_one()) <= 0)
210
|| !BN_mod_exp(rem, g, q, p, ctx) || !BN_is_one(rem))
224
char *keyword, *value;
225
BIGNUM *p = NULL, *q = NULL, *g = NULL, *X = NULL, *Y = NULL;
228
int nmod=0, paramcheck = 0;
233
while(fgets(buf,sizeof buf,stdin) != NULL)
235
if (!parse_line(&keyword, &value, lbuf, buf))
240
if(!strcmp(keyword,"[mod"))
254
else if(!strcmp(keyword,"P"))
256
else if(!strcmp(keyword,"Q"))
258
else if(!strcmp(keyword,"G"))
260
else if(!strcmp(keyword,"X"))
262
else if(!strcmp(keyword,"Y"))
265
if (!p || !q || !g || !X || !Y)
267
fprintf(stderr, "Parse Error\n");
277
if (dss_paramcheck(nmod, p, q, g, ctx))
283
printf("Result = F\n");
286
if (!BN_mod_exp(Y2, g, X, p, ctx) || BN_cmp(Y2, Y))
287
printf("Result = F\n");
289
printf("Result = T\n");
311
char *keyword, *value;
314
while(fgets(buf,sizeof buf,stdin) != NULL)
316
if (!parse_line(&keyword, &value, lbuf, buf))
321
if(!strcmp(keyword,"[mod"))
323
else if(!strcmp(keyword,"N"))
328
printf("[mod = %d]\n\n",nmod);
329
dsa = FIPS_dsa_new();
330
if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL))
342
if (!DSA_generate_key(dsa))
348
pbn("X",dsa->priv_key);
349
pbn("Y",dsa->pub_key);
360
char *keyword, *value;
364
while(fgets(buf,sizeof buf,stdin) != NULL)
366
if (!parse_line(&keyword, &value, lbuf, buf))
371
if(!strcmp(keyword,"[mod"))
374
printf("[mod = %d]\n\n",nmod);
377
dsa = FIPS_dsa_new();
378
if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL))
388
else if(!strcmp(keyword,"Msg"))
390
unsigned char msg[1024];
391
unsigned char sbuf[60];
397
EVP_MD_CTX_init(&mctx);
399
n=hex2bin(value,msg);
402
if (!DSA_generate_key(dsa))
407
pk.type = EVP_PKEY_DSA;
409
pbn("Y",dsa->pub_key);
411
EVP_SignInit_ex(&mctx, EVP_dss1(), NULL);
412
EVP_SignUpdate(&mctx, msg, n);
413
EVP_SignFinal(&mctx, sbuf, &slen, &pk);
416
FIPS_dsa_sig_decode(sig, sbuf, slen);
422
EVP_MD_CTX_cleanup(&mctx);
434
unsigned char msg[1024];
435
char *keyword, *value;
437
DSA_SIG sg, *sig = &sg;
442
while(fgets(buf,sizeof buf,stdin) != NULL)
444
if (!parse_line(&keyword, &value, lbuf, buf))
449
if(!strcmp(keyword,"[mod"))
456
else if(!strcmp(keyword,"P"))
457
dsa->p=hex2bn(value);
458
else if(!strcmp(keyword,"Q"))
459
dsa->q=hex2bn(value);
460
else if(!strcmp(keyword,"G"))
462
dsa->g=hex2bn(value);
464
printf("[mod = %d]\n\n",nmod);
470
else if(!strcmp(keyword,"Msg"))
472
n=hex2bin(value,msg);
475
else if(!strcmp(keyword,"Y"))
476
dsa->pub_key=hex2bn(value);
477
else if(!strcmp(keyword,"R"))
478
sig->r=hex2bn(value);
479
else if(!strcmp(keyword,"S"))
483
unsigned char sigbuf[60];
486
EVP_MD_CTX_init(&mctx);
487
pk.type = EVP_PKEY_DSA;
489
sig->s=hex2bn(value);
491
pbn("Y",dsa->pub_key);
495
slen = FIPS_dsa_sig_encode(sigbuf, sig);
496
EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL);
497
EVP_VerifyUpdate(&mctx, msg, n);
498
r = EVP_VerifyFinal(&mctx, sigbuf, slen, &pk);
499
EVP_MD_CTX_cleanup(&mctx);
501
printf("Result = %c\n", r == 1 ? 'P' : 'F');
507
int main(int argc,char **argv)
511
fprintf(stderr,"%s [prime|pqg|pqgver|keypair|siggen|sigver]\n",argv[0]);
514
if(!FIPS_mode_set(1))
519
if(!strcmp(argv[1],"prime"))
521
else if(!strcmp(argv[1],"pqg"))
523
else if(!strcmp(argv[1],"pqgver"))
525
else if(!strcmp(argv[1],"keypair"))
527
else if(!strcmp(argv[1],"keyver"))
529
else if(!strcmp(argv[1],"siggen"))
531
else if(!strcmp(argv[1],"sigver"))
535
fprintf(stderr,"Don't know how to %s.\n",argv[1]);