1
#include <openssl/opensslconf.h>
6
int main(int argc, char **argv)
8
printf("No FIPS DSA support\n");
13
#include <openssl/bn.h>
14
#include <openssl/dsa.h>
15
#include <openssl/fips.h>
16
#include <openssl/err.h>
17
#include <openssl/evp.h>
23
static void pbn(const char *name, BIGNUM *bn)
27
len = BN_num_bytes(bn);
28
tmp = OPENSSL_malloc(len);
31
fprintf(stderr, "Memory allocation error\n");
35
printf("%s = ", name);
36
for (i = 0; i < len; i++)
37
printf("%02X", tmp[i]);
47
char *keyword, *value;
49
while(fgets(buf,sizeof buf,stdin) != NULL)
52
if (!parse_line(&keyword, &value, lbuf, buf))
54
if(!strcmp(keyword,"Prime"))
60
printf("result= %c\n",
61
BN_is_prime_ex(pp,20,NULL,NULL) ? 'P' : 'F');
70
char *keyword, *value;
73
while(fgets(buf,sizeof buf,stdin) != NULL)
75
if (!parse_line(&keyword, &value, lbuf, buf))
80
if(!strcmp(keyword,"[mod"))
82
else if(!strcmp(keyword,"N"))
86
printf("[mod = %d]\n\n",nmod);
90
unsigned char seed[20];
96
if (!DSA_generate_parameters_ex(dsa, nmod,seed,0,&counter,&h,NULL))
105
printf("c = %d\n",counter);
106
printf("H = %lx\n",h);
119
char *keyword, *value;
120
BIGNUM *p = NULL, *q = NULL, *g = NULL;
121
int counter, counter2;
125
unsigned char seed[1024];
127
while(fgets(buf,sizeof buf,stdin) != NULL)
129
if (!parse_line(&keyword, &value, lbuf, buf))
135
if(!strcmp(keyword,"[mod"))
137
else if(!strcmp(keyword,"P"))
139
else if(!strcmp(keyword,"Q"))
141
else if(!strcmp(keyword,"G"))
143
else if(!strcmp(keyword,"Seed"))
145
int slen = hex2bin(value, seed);
148
fprintf(stderr, "Seed parse length error\n");
152
else if(!strcmp(keyword,"c"))
153
counter =atoi(buf+4);
154
else if(!strcmp(keyword,"H"))
159
fprintf(stderr, "Parse Error\n");
162
dsa = FIPS_dsa_new();
163
if (!DSA_generate_parameters_ex(dsa, nmod,seed,20 ,&counter2,&h2,NULL))
168
if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) || BN_cmp(dsa->g, g)
169
|| (counter != counter2) || (h != h2))
170
printf("Result = F\n");
172
printf("Result = P\n");
185
/* Keypair verification routine. NB: this isn't part of the standard FIPS140-2
186
* algorithm tests. It is an additional test to perform sanity checks on the
187
* output of the KeyPair test.
190
static int dss_paramcheck(int nmod, BIGNUM *p, BIGNUM *q, BIGNUM *g,
194
if (BN_num_bits(p) != nmod)
196
if (BN_num_bits(q) != 160)
198
if (BN_is_prime_ex(p, BN_prime_checks, ctx, NULL) != 1)
200
if (BN_is_prime_ex(q, BN_prime_checks, ctx, NULL) != 1)
203
if (!BN_mod(rem, p, q, ctx) || !BN_is_one(rem)
204
|| (BN_cmp(g, BN_value_one()) <= 0)
205
|| !BN_mod_exp(rem, g, q, p, ctx) || !BN_is_one(rem))
219
char *keyword, *value;
220
BIGNUM *p = NULL, *q = NULL, *g = NULL, *X = NULL, *Y = NULL;
223
int nmod=0, paramcheck = 0;
228
while(fgets(buf,sizeof buf,stdin) != NULL)
230
if (!parse_line(&keyword, &value, lbuf, buf))
235
if(!strcmp(keyword,"[mod"))
249
else if(!strcmp(keyword,"P"))
251
else if(!strcmp(keyword,"Q"))
253
else if(!strcmp(keyword,"G"))
255
else if(!strcmp(keyword,"X"))
257
else if(!strcmp(keyword,"Y"))
260
if (!p || !q || !g || !X || !Y)
262
fprintf(stderr, "Parse Error\n");
272
if (dss_paramcheck(nmod, p, q, g, ctx))
278
printf("Result = F\n");
281
if (!BN_mod_exp(Y2, g, X, p, ctx) || BN_cmp(Y2, Y))
282
printf("Result = F\n");
284
printf("Result = P\n");
302
static void keypair()
306
char *keyword, *value;
309
while(fgets(buf,sizeof buf,stdin) != NULL)
311
if (!parse_line(&keyword, &value, lbuf, buf))
316
if(!strcmp(keyword,"[mod"))
318
else if(!strcmp(keyword,"N"))
323
printf("[mod = %d]\n\n",nmod);
324
dsa = FIPS_dsa_new();
325
if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL))
337
if (!DSA_generate_key(dsa))
343
pbn("X",dsa->priv_key);
344
pbn("Y",dsa->pub_key);
355
char *keyword, *value;
359
while(fgets(buf,sizeof buf,stdin) != NULL)
361
if (!parse_line(&keyword, &value, lbuf, buf))
366
if(!strcmp(keyword,"[mod"))
369
printf("[mod = %d]\n\n",nmod);
372
dsa = FIPS_dsa_new();
373
if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL))
383
else if(!strcmp(keyword,"Msg"))
385
unsigned char msg[1024];
386
unsigned char sbuf[60];
392
EVP_MD_CTX_init(&mctx);
394
n=hex2bin(value,msg);
397
if (!DSA_generate_key(dsa))
402
pk.type = EVP_PKEY_DSA;
404
pbn("Y",dsa->pub_key);
406
EVP_SignInit_ex(&mctx, EVP_dss1(), NULL);
407
EVP_SignUpdate(&mctx, msg, n);
408
EVP_SignFinal(&mctx, sbuf, &slen, &pk);
411
FIPS_dsa_sig_decode(sig, sbuf, slen);
417
EVP_MD_CTX_cleanup(&mctx);
429
unsigned char msg[1024];
430
char *keyword, *value;
432
DSA_SIG sg, *sig = &sg;
437
while(fgets(buf,sizeof buf,stdin) != NULL)
439
if (!parse_line(&keyword, &value, lbuf, buf))
444
if(!strcmp(keyword,"[mod"))
451
else if(!strcmp(keyword,"P"))
452
dsa->p=hex2bn(value);
453
else if(!strcmp(keyword,"Q"))
454
dsa->q=hex2bn(value);
455
else if(!strcmp(keyword,"G"))
457
dsa->g=hex2bn(value);
459
printf("[mod = %d]\n\n",nmod);
465
else if(!strcmp(keyword,"Msg"))
467
n=hex2bin(value,msg);
470
else if(!strcmp(keyword,"Y"))
471
dsa->pub_key=hex2bn(value);
472
else if(!strcmp(keyword,"R"))
473
sig->r=hex2bn(value);
474
else if(!strcmp(keyword,"S"))
478
unsigned char sigbuf[60];
481
EVP_MD_CTX_init(&mctx);
482
pk.type = EVP_PKEY_DSA;
484
sig->s=hex2bn(value);
486
pbn("Y",dsa->pub_key);
490
slen = FIPS_dsa_sig_encode(sigbuf, sig);
491
EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL);
492
EVP_VerifyUpdate(&mctx, msg, n);
493
r = EVP_VerifyFinal(&mctx, sigbuf, slen, &pk);
494
EVP_MD_CTX_cleanup(&mctx);
496
printf("Result = %c\n", r == 1 ? 'P' : 'F');
502
int main(int argc,char **argv)
506
fprintf(stderr,"%s [prime|pqg|pqgver|keypair|siggen|sigver]\n",argv[0]);
509
if(!FIPS_mode_set(1))
514
if(!strcmp(argv[1],"prime"))
516
else if(!strcmp(argv[1],"pqg"))
518
else if(!strcmp(argv[1],"pqgver"))
520
else if(!strcmp(argv[1],"keypair"))
522
else if(!strcmp(argv[1],"keyver"))
524
else if(!strcmp(argv[1],"siggen"))
526
else if(!strcmp(argv[1],"sigver"))
530
fprintf(stderr,"Don't know how to %s.\n",argv[1]);