2 #define OPENSSL_FIPSAPI
3 #include <openssl/opensslconf.h>
8 int main(int argc, char **argv)
10 printf("No FIPS DSA support\n");
15 #include <openssl/bn.h>
16 #include <openssl/dsa.h>
17 #include <openssl/fips.h>
18 #include <openssl/err.h>
19 #include <openssl/evp.h>
25 static int parse_mod(char *line, int *pdsa2, int *pL, int *pN,
29 char *keyword, *value;
32 p = strchr(line, ',');
44 if (!parse_line(&keyword, &value, lbuf, line))
46 if (strcmp(keyword, "L"))
51 p = strchr(line, ',');
53 p = strchr(line, ']');
57 if (!parse_line(&keyword, &value, lbuf, line))
59 if (strcmp(keyword, "N"))
65 p = strchr(line, ']');
72 if (!strcmp(p, "SHA-1"))
74 else if (!strcmp(p, "SHA-224"))
76 else if (!strcmp(p, "SHA-256"))
78 else if (!strcmp(p, "SHA-384"))
80 else if (!strcmp(p, "SHA-512"))
87 static void primes(FILE *in, FILE *out)
91 char *keyword, *value;
93 while(fgets(buf,sizeof buf,in) != NULL)
96 if (!parse_line(&keyword, &value, lbuf, buf))
98 if(!strcmp(keyword,"Prime"))
103 do_hex2bn(&pp,value);
104 fprintf(out, "result= %c\n",
105 BN_is_prime_ex(pp,20,NULL,NULL) ? 'P' : 'F');
110 int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
111 const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
112 unsigned char *seed_out,
113 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
114 int dsa_builtin_paramgen2(DSA *ret, size_t bits, size_t qbits,
115 const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
116 unsigned char *seed_out,
117 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
119 static void pqg(FILE *in, FILE *out)
123 char *keyword, *value;
125 const EVP_MD *md = NULL;
127 while(fgets(buf,sizeof buf,in) != NULL)
129 if (!parse_line(&keyword, &value, lbuf, buf))
134 if(!strcmp(keyword,"[mod"))
137 if (!parse_mod(value, &dsa2, &L, &N, &md))
139 fprintf(stderr, "Mod Parse Error\n");
143 else if(!strcmp(keyword,"N"))
149 unsigned char seed[EVP_MAX_MD_SIZE];
153 dsa = FIPS_dsa_new();
155 if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md,
159 fprintf(stderr, "Parameter Generation error\n");
162 if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md,
164 &counter, &h, NULL) <= 0)
166 fprintf(stderr, "Parameter Generation error\n");
170 do_bn_print_name(out, "P",dsa->p);
171 do_bn_print_name(out, "Q",dsa->q);
172 do_bn_print_name(out, "G",dsa->g);
173 OutputValue("Seed",seed, M_EVP_MD_size(md), out, 0);
174 fprintf(out, "c = %d\n",counter);
175 fprintf(out, "H = %lx\n\n",h);
183 static void pqgver(FILE *in, FILE *out)
187 char *keyword, *value;
188 BIGNUM *p = NULL, *q = NULL, *g = NULL;
189 int counter=-1, counter2;
190 unsigned long h=-1, h2;
192 int dsa2, L, N, part_test = 0;
193 const EVP_MD *md = NULL;
195 unsigned char seed[1024];
197 while(fgets(buf,sizeof buf,in) != NULL)
199 if (!parse_line(&keyword, &value, lbuf, buf))
210 if(!strcmp(keyword,"[mod"))
212 if (!parse_mod(value, &dsa2, &L, &N, &md))
214 fprintf(stderr, "Mod Parse Error\n");
218 else if(!strcmp(keyword,"P"))
220 else if(!strcmp(keyword,"Q"))
222 else if(!strcmp(keyword,"G"))
224 else if(!strcmp(keyword,"Seed"))
226 seedlen = hex2bin(value, seed);
227 if (!dsa2 && seedlen != 20)
229 fprintf(stderr, "Seed parse length error\n");
233 else if(!strcmp(keyword,"c"))
234 counter =atoi(buf+4);
236 if(!strcmp(keyword,"H") || part_test)
240 if (!p || !q || (!g && !part_test))
242 fprintf(stderr, "Parse Error\n");
245 dsa = FIPS_dsa_new();
246 if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md,
248 &counter2, &h2, NULL))
250 fprintf(stderr, "Parameter Generation error\n");
253 if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md,
255 &counter2, &h2, NULL) < 0)
257 fprintf(stderr, "Parameter Generation error\n");
260 if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) ||
262 ((BN_cmp(dsa->g, g) || (counter != counter2) || (h != h2)))))
263 fprintf(out, "Result = F\n");
265 fprintf(out, "Result = P\n");
283 /* Keypair verification routine. NB: this isn't part of the standard FIPS140-2
284 * algorithm tests. It is an additional test to perform sanity checks on the
285 * output of the KeyPair test.
288 static int dss_paramcheck(int L, int N, BIGNUM *p, BIGNUM *q, BIGNUM *g,
292 if (BN_num_bits(p) != L)
294 if (BN_num_bits(q) != N)
296 if (BN_is_prime_ex(p, BN_prime_checks, ctx, NULL) != 1)
298 if (BN_is_prime_ex(q, BN_prime_checks, ctx, NULL) != 1)
301 if (!BN_mod(rem, p, q, ctx) || !BN_is_one(rem)
302 || (BN_cmp(g, BN_value_one()) <= 0)
303 || !BN_mod_exp(rem, g, q, p, ctx) || !BN_is_one(rem))
313 static void keyver(FILE *in, FILE *out)
317 char *keyword, *value;
318 BIGNUM *p = NULL, *q = NULL, *g = NULL, *X = NULL, *Y = NULL;
327 while(fgets(buf,sizeof buf,in) != NULL)
329 if (!parse_line(&keyword, &value, lbuf, buf))
334 if(!strcmp(keyword,"[mod"))
346 if (!parse_mod(value, &dsa2, &L, &N, NULL))
348 fprintf(stderr, "Mod Parse Error\n");
352 else if(!strcmp(keyword,"P"))
354 else if(!strcmp(keyword,"Q"))
356 else if(!strcmp(keyword,"G"))
358 else if(!strcmp(keyword,"X"))
360 else if(!strcmp(keyword,"Y"))
363 if (!p || !q || !g || !X || !Y)
365 fprintf(stderr, "Parse Error\n");
368 do_bn_print_name(out, "P",p);
369 do_bn_print_name(out, "Q",q);
370 do_bn_print_name(out, "G",g);
371 do_bn_print_name(out, "X",X);
372 do_bn_print_name(out, "Y",Y);
375 if (dss_paramcheck(L, N, p, q, g, ctx))
381 fprintf(out, "Result = F\n");
384 if (!BN_mod_exp(Y2, g, X, p, ctx) || BN_cmp(Y2, Y))
385 fprintf(out, "Result = F\n");
387 fprintf(out, "Result = P\n");
405 static void keypair(FILE *in, FILE *out)
409 char *keyword, *value;
412 while(fgets(buf,sizeof buf,in) != NULL)
414 if (!parse_line(&keyword, &value, lbuf, buf))
418 if(!strcmp(keyword,"[mod"))
420 if (!parse_mod(value, &dsa2, &L, &N, NULL))
422 fprintf(stderr, "Mod Parse Error\n");
427 else if(!strcmp(keyword,"N"))
432 dsa = FIPS_dsa_new();
433 if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, NULL, NULL, 0,
434 NULL, NULL, NULL, NULL))
436 fprintf(stderr, "Parameter Generation error\n");
439 if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, NULL, NULL, 0,
440 NULL, NULL, NULL, NULL) <= 0)
442 fprintf(stderr, "Parameter Generation error\n");
445 do_bn_print_name(out, "P",dsa->p);
446 do_bn_print_name(out, "Q",dsa->q);
447 do_bn_print_name(out, "G",dsa->g);
452 if (!DSA_generate_key(dsa))
455 do_bn_print_name(out, "X",dsa->priv_key);
456 do_bn_print_name(out, "Y",dsa->pub_key);
463 static void siggen(FILE *in, FILE *out)
467 char *keyword, *value;
469 const EVP_MD *md = NULL;
472 while(fgets(buf,sizeof buf,in) != NULL)
474 if (!parse_line(&keyword, &value, lbuf, buf))
480 if(!strcmp(keyword,"[mod"))
482 if (!parse_mod(value, &dsa2, &L, &N, &md))
484 fprintf(stderr, "Mod Parse Error\n");
489 dsa = FIPS_dsa_new();
490 if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md, NULL, 0,
491 NULL, NULL, NULL, NULL))
493 fprintf(stderr, "Parameter Generation error\n");
496 if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md, NULL, 0,
497 NULL, NULL, NULL, NULL) <= 0)
499 fprintf(stderr, "Parameter Generation error\n");
502 do_bn_print_name(out, "P",dsa->p);
503 do_bn_print_name(out, "Q",dsa->q);
504 do_bn_print_name(out, "G",dsa->g);
507 else if(!strcmp(keyword,"Msg"))
509 unsigned char msg[1024];
513 FIPS_md_ctx_init(&mctx);
515 n=hex2bin(value,msg);
517 if (!DSA_generate_key(dsa))
519 do_bn_print_name(out, "Y",dsa->pub_key);
521 FIPS_digestinit(&mctx, md);
522 FIPS_digestupdate(&mctx, msg, n);
523 sig = FIPS_dsa_sign_ctx(dsa, &mctx);
525 do_bn_print_name(out, "R",sig->r);
526 do_bn_print_name(out, "S",sig->s);
528 FIPS_dsa_sig_free(sig);
529 FIPS_md_ctx_cleanup(&mctx);
536 static void sigver(FILE *in, FILE *out)
541 unsigned char msg[1024];
542 char *keyword, *value;
545 const EVP_MD *md = NULL;
546 DSA_SIG sg, *sig = &sg;
551 while(fgets(buf,sizeof buf,in) != NULL)
553 if (!parse_line(&keyword, &value, lbuf, buf))
559 if(!strcmp(keyword,"[mod"))
561 if (!parse_mod(value, &dsa2, &L, &N, &md))
563 fprintf(stderr, "Mod Parse Error\n");
568 dsa = FIPS_dsa_new();
570 else if(!strcmp(keyword,"P"))
571 dsa->p=hex2bn(value);
572 else if(!strcmp(keyword,"Q"))
573 dsa->q=hex2bn(value);
574 else if(!strcmp(keyword,"G"))
575 dsa->g=hex2bn(value);
576 else if(!strcmp(keyword,"Msg"))
577 n=hex2bin(value,msg);
578 else if(!strcmp(keyword,"Y"))
579 dsa->pub_key=hex2bn(value);
580 else if(!strcmp(keyword,"R"))
581 sig->r=hex2bn(value);
582 else if(!strcmp(keyword,"S"))
586 FIPS_md_ctx_init(&mctx);
587 sig->s=hex2bn(value);
589 FIPS_digestinit(&mctx, md);
590 FIPS_digestupdate(&mctx, msg, n);
592 r = FIPS_dsa_verify_ctx(dsa, &mctx, sig);
594 FIPS_md_ctx_cleanup(&mctx);
596 fprintf(out, "Result = %c\n\n", r == 1 ? 'P' : 'F');
601 int main(int argc,char **argv)
606 in = fopen(argv[2], "r");
609 fprintf(stderr, "Error opening input file\n");
612 out = fopen(argv[3], "w");
615 fprintf(stderr, "Error opening output file\n");
626 fprintf(stderr,"%s [prime|pqg|pqgver|keypair|keyver|siggen|sigver]\n",argv[0]);
630 if(!strcmp(argv[1],"prime"))
632 else if(!strcmp(argv[1],"pqg"))
634 else if(!strcmp(argv[1],"pqgver"))
636 else if(!strcmp(argv[1],"keypair"))
638 else if(!strcmp(argv[1],"keyver"))
640 else if(!strcmp(argv[1],"siggen"))
642 else if(!strcmp(argv[1],"sigver"))
646 fprintf(stderr,"Don't know how to %s.\n",argv[1]);