fips-1.0/dsa/fips_dssvs.c

   1 #include <openssl/opensslconf.h>
   2
   3 #ifndef OPENSSL_FIPS
   4 #include <stdio.h>
   5
   6 int main()
   7 {
   8     printf("No FIPS DSA support\n");
   9     return(0);
  10 }
  11 #else
  12
  13 #include <openssl/bn.h>
  14 #include <openssl/dsa.h>
  15 #include <openssl/fips.h>
  16 #include <openssl/err.h>
  17 #include <openssl/fips_sha.h>
  18 #include <string.h>
  19 #include <ctype.h>
  20
  21 #include "fips_utl.h"
  22
  23 static void pbn(const char *name, BIGNUM *bn)
  24         {
  25         int len, i;
  26         unsigned char *tmp;
  27         len = BN_num_bytes(bn);
  28         tmp = OPENSSL_malloc(len);
  29         if (!tmp)
  30                 {
  31                 fprintf(stderr, "Memory allocation error\n");
  32                 return;
  33                 }
  34         BN_bn2bin(bn, tmp);
  35         printf("%s = ", name);
  36         for (i = 0; i < len; i++)
  37                 printf("%02X", tmp[i]);
  38         fputs("\n", stdout);
  39         OPENSSL_free(tmp);
  40         return;
  41         }
  42
  43 void primes()
  44     {
  45     char buf[10240];
  46     char lbuf[10240];
  47     char *keyword, *value;
  48
  49     while(fgets(buf,sizeof buf,stdin) != NULL)
  50         {
  51         fputs(buf,stdout);
  52         if (!parse_line(&keyword, &value, lbuf, buf))
  53                 continue;
  54         if(!strcmp(keyword,"Prime"))
  55             {
  56             BIGNUM *pp;
  57
  58             pp=BN_new();
  59             do_hex2bn(&pp,value);
  60             printf("result= %c\n",
  61                    BN_is_prime_ex(pp,20,NULL,NULL) ? 'P' : 'F');
  62             }
  63         }
  64     }
  65
  66 void pqg()
  67     {
  68     char buf[1024];
  69     char lbuf[1024];
  70     char *keyword, *value;
  71     int nmod=0;
  72
  73     while(fgets(buf,sizeof buf,stdin) != NULL)
  74         {
  75         if (!parse_line(&keyword, &value, lbuf, buf))
  76                 {
  77                 fputs(buf,stdout);
  78                 continue;
  79                 }
  80         if(!strcmp(keyword,"[mod"))
  81             nmod=atoi(value);
  82         else if(!strcmp(keyword,"N"))
  83             {
  84             int n=atoi(value);
  85
  86             printf("[mod = %d]\n\n",nmod);
  87
  88             while(n--)
  89                 {
  90                 unsigned char seed[20];
  91                 DSA *dsa;
  92                 int counter;
  93                 unsigned long h;
  94                 dsa = FIPS_dsa_new();
  95
  96                 DSA_generate_parameters_ex(dsa, nmod,seed,0,&counter,&h,NULL);
  97                 pbn("P",dsa->p);
  98                 pbn("Q",dsa->q);
  99                 pbn("G",dsa->g);
 100                 pv("Seed",seed,20);
 101                 printf("c = %d\n",counter);
 102                 printf("H = %lx\n",h);
 103                 putc('\n',stdout);
 104                 }
 105             }
 106         else
 107             fputs(buf,stdout);
 108         }
 109     }
 110
 111 void keypair()
 112     {
 113     char buf[1024];
 114     char lbuf[1024];
 115     char *keyword, *value;
 116     int nmod=0;
 117
 118     while(fgets(buf,sizeof buf,stdin) != NULL)
 119         {
 120         if (!parse_line(&keyword, &value, lbuf, buf))
 121                 {
 122                 fputs(buf,stdout);
 123                 continue;
 124                 }
 125         if(!strcmp(keyword,"[mod"))
 126             nmod=atoi(value);
 127         else if(!strcmp(keyword,"N"))
 128             {
 129             DSA *dsa;
 130             int n=atoi(value);
 131
 132             printf("[mod = %d]\n\n",nmod);
 133             dsa = FIPS_dsa_new();
 134             DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL);
 135             pbn("P",dsa->p);
 136             pbn("Q",dsa->q);
 137             pbn("G",dsa->g);
 138             putc('\n',stdout);
 139
 140             while(n--)
 141                 {
 142                 DSA_generate_key(dsa);
 143
 144                 pbn("X",dsa->priv_key);
 145                 pbn("Y",dsa->pub_key);
 146                 putc('\n',stdout);
 147                 }
 148             }
 149         }
 150     }
 151
 152 void siggen()
 153     {
 154     char buf[1024];
 155     char lbuf[1024];
 156     char *keyword, *value;
 157     int nmod=0;
 158     DSA *dsa=NULL;
 159
 160     while(fgets(buf,sizeof buf,stdin) != NULL)
 161         {
 162         if (!parse_line(&keyword, &value, lbuf, buf))
 163                 {
 164                 fputs(buf,stdout);
 165                 continue;
 166                 }
 167         if(!strcmp(keyword,"[mod"))
 168             {
 169             nmod=atoi(value);
 170             printf("[mod = %d]\n\n",nmod);
 171
 172             dsa = FIPS_dsa_new();
 173             DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL);
 174             pbn("P",dsa->p);
 175             pbn("Q",dsa->q);
 176             pbn("G",dsa->g);
 177             putc('\n',stdout);
 178             }
 179         else if(!strcmp(keyword,"Msg"))
 180             {
 181             unsigned char msg[1024];
 182             unsigned char hash[20];
 183             int n;
 184             DSA_SIG *sig;
 185
 186             n=hex2bin(value,msg);
 187             pv("Msg",msg,n);
 188
 189             DSA_generate_key(dsa);
 190             pbn("Y",dsa->pub_key);
 191
 192             SHA1(msg,n,hash);
 193             sig=DSA_do_sign(hash,sizeof hash,dsa);
 194             pbn("R",sig->r);
 195             pbn("S",sig->s);
 196             putc('\n',stdout);
 197             }
 198         }
 199     }
 200
 201 void sigver()
 202     {
 203     DSA *dsa=NULL;
 204     char buf[1024];
 205     char lbuf[1024];
 206     char *keyword, *value;
 207     int nmod=0;
 208     unsigned char hash[20];
 209     DSA_SIG sg, *sig = &sg;
 210
 211     sig->r = NULL;
 212     sig->s = NULL;
 213
 214     while(fgets(buf,sizeof buf,stdin) != NULL)
 215         {
 216         if (!parse_line(&keyword, &value, lbuf, buf))
 217                 {
 218                 fputs(buf,stdout);
 219                 continue;
 220                 }
 221         if(!strcmp(keyword,"[mod"))
 222             {
 223             nmod=atoi(value);
 224             if(dsa)
 225                 FIPS_dsa_free(dsa);
 226             dsa=FIPS_dsa_new();
 227             }
 228         else if(!strcmp(keyword,"P"))
 229             dsa->p=hex2bn(value);
 230         else if(!strcmp(keyword,"Q"))
 231             dsa->q=hex2bn(value);
 232         else if(!strcmp(keyword,"G"))
 233             {
 234             dsa->g=hex2bn(value);
 235
 236             printf("[mod = %d]\n\n",nmod);
 237             pbn("P",dsa->p);
 238             pbn("Q",dsa->q);
 239             pbn("G",dsa->g);
 240             putc('\n',stdout);
 241             }
 242         else if(!strcmp(keyword,"Msg"))
 243             {
 244             unsigned char msg[1024];
 245             int n;
 246
 247             n=hex2bin(value,msg);
 248             pv("Msg",msg,n);
 249             SHA1(msg,n,hash);
 250             }
 251         else if(!strcmp(keyword,"Y"))
 252             dsa->pub_key=hex2bn(value);
 253         else if(!strcmp(keyword,"R"))
 254             sig->r=hex2bn(value);
 255         else if(!strcmp(keyword,"S"))
 256             {
 257             sig->s=hex2bn(value);
 258
 259             pbn("Y",dsa->pub_key);
 260             pbn("R",sig->r);
 261             pbn("S",sig->s);
 262             printf("Result = %c\n",DSA_do_verify(hash,sizeof hash,sig,dsa)
 263                    ? 'P' : 'F');
 264             putc('\n',stdout);
 265             }
 266         }
 267     }
 268
 269 int main(int argc,char **argv)
 270     {
 271     if(argc != 2)
 272         {
 273         fprintf(stderr,"%s [prime|pqg]\n",argv[0]);
 274         exit(1);
 275         }
 276     if(!FIPS_mode_set(1))
 277         {
 278         do_print_errors();
 279         exit(1);
 280         }
 281     if(!strcmp(argv[1],"prime"))
 282         primes();
 283     else if(!strcmp(argv[1],"pqg"))
 284         pqg();
 285     else if(!strcmp(argv[1],"keypair"))
 286         keypair();
 287     else if(!strcmp(argv[1],"siggen"))
 288         siggen();
 289     else if(!strcmp(argv[1],"sigver"))
 290         sigver();
 291     else
 292         {
 293         fprintf(stderr,"Don't know how to %s.\n",argv[1]);
 294         exit(1);
 295         }
 296
 297     return 0;
 298     }
 299
 300 #endif