diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2011-01-26 00:56:19 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2011-01-26 00:56:19 +0000 |
| commit | 2b4b28dc32ce7623f6169b43cd18585174de6b20 (patch) | |
| tree | 1a039a5167d52b8060ddb9f3e3820a46956cc52e /fips/dsa | |
| parent | 72a267331a603c925fae337e508d013eb0103c5e (diff) | |
And so it begins... again.
Initial FIPS 140-2 code ported to HEAD. Doesn't even compile yet, may have
missing files, extraneous files and other nastiness.
In other words: it's experimental ATM, OK?
Diffstat (limited to 'fips/dsa')
| -rw-r--r-- | fips/dsa/.cvsignore | 4 | ||||
| -rw-r--r-- | fips/dsa/Makefile | 191 | ||||
| -rw-r--r-- | fips/dsa/fips_dsa_lib.c | 95 | ||||
| -rw-r--r-- | fips/dsa/fips_dsa_selftest.c | 182 | ||||
| -rw-r--r-- | fips/dsa/fips_dsa_sign.c | 96 | ||||
| -rw-r--r-- | fips/dsa/fips_dssvs.c | 512 |
6 files changed, 1080 insertions, 0 deletions
diff --git a/fips/dsa/.cvsignore b/fips/dsa/.cvsignore new file mode 100644 index 0000000000..439e6d3eb6 --- /dev/null +++ b/fips/dsa/.cvsignore @@ -0,0 +1,4 @@ +lib +Makefile.save +*.flc +semantic.cache diff --git a/fips/dsa/Makefile b/fips/dsa/Makefile new file mode 100644 index 0000000000..af41b9cb3b --- /dev/null +++ b/fips/dsa/Makefile @@ -0,0 +1,191 @@ +# +# OpenSSL/fips/dsa/Makefile +# + +DIR= dsa +TOP= ../.. +CC= cc +INCLUDES= +CFLAG=-g +INSTALL_PREFIX= +OPENSSLDIR= /usr/local/ssl +INSTALLTOP=/usr/local/ssl +MAKEDEPPROG= makedepend +MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) +MAKEFILE= Makefile +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +TEST=fips_dsatest.c fips_dssvs.c +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC= fips_dsa_selftest.c \ + fips_dsa_lib.c fips_dsa_sign.c +LIBOBJ= fips_dsa_selftest.o \ + fips_dsa_lib.o fips_dsa_sign.o + +SRC= $(LIBSRC) + +EXHEADER= +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + @echo $(LIBOBJ) > lib + +files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + +links: + @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS) + +install: + @headerlist="$(EXHEADER)"; for i in $$headerlist; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done + +tags: + ctags $(SRC) + +tests: + +Q=../testvectors/dsa/req +A=../testvectors/dsa/rsp + +fips_test: + -rm -rf $A + mkdir $A + if [ -f $(Q)/PQGGen.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs pqg < $(Q)/PQGGen.req > $(A)/PQGGen.rsp; fi + if [ -f $(Q)/KeyPair.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs keypair < $(Q)/KeyPair.req > $(A)/KeyPair.rsp; fi + if [ -f $(Q)/SigGen.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs siggen < $(Q)/SigGen.req > $(A)/SigGen.rsp; fi + if [ -f $(Q)/SigVer.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs sigver < $Q/SigVer.req > $A/SigVer.rsp; fi + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff +# DO NOT DELETE THIS LINE -- make depend depends on it. + +fips_dsa_gen.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +fips_dsa_gen.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +fips_dsa_gen.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +fips_dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h +fips_dsa_gen.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +fips_dsa_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +fips_dsa_gen.o: ../../include/openssl/opensslconf.h +fips_dsa_gen.o: ../../include/openssl/opensslv.h +fips_dsa_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +fips_dsa_gen.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +fips_dsa_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +fips_dsa_gen.o: fips_dsa_gen.c +fips_dsa_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +fips_dsa_key.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +fips_dsa_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +fips_dsa_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h +fips_dsa_key.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +fips_dsa_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +fips_dsa_key.o: ../../include/openssl/opensslconf.h +fips_dsa_key.o: ../../include/openssl/opensslv.h +fips_dsa_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +fips_dsa_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +fips_dsa_key.o: ../../include/openssl/symhacks.h ../fips_locl.h fips_dsa_key.c +fips_dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +fips_dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h +fips_dsa_lib.o: ../../include/openssl/e_os2.h +fips_dsa_lib.o: ../../include/openssl/opensslconf.h +fips_dsa_lib.o: ../../include/openssl/opensslv.h +fips_dsa_lib.o: ../../include/openssl/ossl_typ.h +fips_dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +fips_dsa_lib.o: ../../include/openssl/symhacks.h fips_dsa_lib.c +fips_dsa_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +fips_dsa_ossl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +fips_dsa_ossl.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h +fips_dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +fips_dsa_ossl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +fips_dsa_ossl.o: ../../include/openssl/engine.h ../../include/openssl/err.h +fips_dsa_ossl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +fips_dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +fips_dsa_ossl.o: ../../include/openssl/objects.h +fips_dsa_ossl.o: ../../include/openssl/opensslconf.h +fips_dsa_ossl.o: ../../include/openssl/opensslv.h +fips_dsa_ossl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +fips_dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +fips_dsa_ossl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +fips_dsa_ossl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +fips_dsa_ossl.o: ../../include/openssl/x509_vfy.h fips_dsa_ossl.c +fips_dsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +fips_dsa_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +fips_dsa_selftest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +fips_dsa_selftest.o: ../../include/openssl/err.h ../../include/openssl/evp.h +fips_dsa_selftest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +fips_dsa_selftest.o: ../../include/openssl/obj_mac.h +fips_dsa_selftest.o: ../../include/openssl/objects.h +fips_dsa_selftest.o: ../../include/openssl/opensslconf.h +fips_dsa_selftest.o: ../../include/openssl/opensslv.h +fips_dsa_selftest.o: ../../include/openssl/ossl_typ.h +fips_dsa_selftest.o: ../../include/openssl/safestack.h +fips_dsa_selftest.o: ../../include/openssl/stack.h +fips_dsa_selftest.o: ../../include/openssl/symhacks.h fips_dsa_selftest.c +fips_dsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +fips_dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +fips_dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +fips_dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h +fips_dsa_sign.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +fips_dsa_sign.o: ../../include/openssl/obj_mac.h +fips_dsa_sign.o: ../../include/openssl/objects.h +fips_dsa_sign.o: ../../include/openssl/opensslconf.h +fips_dsa_sign.o: ../../include/openssl/opensslv.h +fips_dsa_sign.o: ../../include/openssl/ossl_typ.h +fips_dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +fips_dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +fips_dsa_sign.o: fips_dsa_sign.c +fips_dsatest.o: ../../e_os.h ../../include/openssl/asn1.h +fips_dsatest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +fips_dsatest.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +fips_dsatest.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +fips_dsatest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +fips_dsatest.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +fips_dsatest.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +fips_dsatest.o: ../../include/openssl/err.h ../../include/openssl/evp.h +fips_dsatest.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h +fips_dsatest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +fips_dsatest.o: ../../include/openssl/objects.h +fips_dsatest.o: ../../include/openssl/opensslconf.h +fips_dsatest.o: ../../include/openssl/opensslv.h +fips_dsatest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +fips_dsatest.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +fips_dsatest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +fips_dsatest.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +fips_dsatest.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h +fips_dsatest.o: ../../include/openssl/x509_vfy.h ../fips_utl.h fips_dsatest.c +fips_dssvs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +fips_dssvs.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +fips_dssvs.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +fips_dssvs.o: ../../include/openssl/err.h ../../include/openssl/evp.h +fips_dssvs.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +fips_dssvs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +fips_dssvs.o: ../../include/openssl/opensslconf.h +fips_dssvs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +fips_dssvs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +fips_dssvs.o: ../../include/openssl/symhacks.h ../fips_utl.h fips_dssvs.c diff --git a/fips/dsa/fips_dsa_lib.c b/fips/dsa/fips_dsa_lib.c new file mode 100644 index 0000000000..2545966d2a --- /dev/null +++ b/fips/dsa/fips_dsa_lib.c @@ -0,0 +1,95 @@ +/* fips_dsa_lib.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2007. + */ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <string.h> +#include <openssl/dsa.h> +#include <openssl/bn.h> + +/* Minimal FIPS versions of FIPS_dsa_new() and FIPS_dsa_free: to + * reduce external dependencies. + */ + +DSA *FIPS_dsa_new(void) + { + DSA *ret; + ret = OPENSSL_malloc(sizeof(DSA)); + if (!ret) + return NULL; + memset(ret, 0, sizeof(DSA)); + ret->meth = DSA_OpenSSL(); + if (ret->meth->init) + ret->meth->init(ret); + return ret; + } + +void FIPS_dsa_free(DSA *r) + { + if (!r) + return; + if (r->meth->finish) + r->meth->finish(r); + if (r->p != NULL) BN_clear_free(r->p); + if (r->q != NULL) BN_clear_free(r->q); + if (r->g != NULL) BN_clear_free(r->g); + if (r->pub_key != NULL) BN_clear_free(r->pub_key); + if (r->priv_key != NULL) BN_clear_free(r->priv_key); + if (r->kinv != NULL) BN_clear_free(r->kinv); + if (r->r != NULL) BN_clear_free(r->r); + OPENSSL_free(r); + } + diff --git a/fips/dsa/fips_dsa_selftest.c b/fips/dsa/fips_dsa_selftest.c new file mode 100644 index 0000000000..db000a8484 --- /dev/null +++ b/fips/dsa/fips_dsa_selftest.c @@ -0,0 +1,182 @@ +/* crypto/dsa/dsatest.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#define OPENSSL_FIPSEVP + +#include <string.h> +#include <openssl/crypto.h> +#include <openssl/dsa.h> +#include <openssl/fips.h> +#include <openssl/err.h> +#include <openssl/evp.h> +#include <openssl/bn.h> + +#ifdef OPENSSL_FIPS + +/* seed, out_p, out_q, out_g are taken the NIST test vectors */ + +static unsigned char seed[20] = { + 0x77, 0x8f, 0x40, 0x74, 0x6f, 0x66, 0xbe, 0x33, 0xce, 0xbe, 0x99, 0x34, + 0x4c, 0xfc, 0xf3, 0x28, 0xaa, 0x70, 0x2d, 0x3a + }; + +static unsigned char out_p[] = { + 0xf7, 0x7c, 0x1b, 0x83, 0xd8, 0xe8, 0x5c, 0x7f, 0x85, 0x30, 0x17, 0x57, + 0x21, 0x95, 0xfe, 0x26, 0x04, 0xeb, 0x47, 0x4c, 0x3a, 0x4a, 0x81, 0x4b, + 0x71, 0x2e, 0xed, 0x6e, 0x4f, 0x3d, 0x11, 0x0f, 0x7c, 0xfe, 0x36, 0x43, + 0x51, 0xd9, 0x81, 0x39, 0x17, 0xdf, 0x62, 0xf6, 0x9c, 0x01, 0xa8, 0x69, + 0x71, 0xdd, 0x29, 0x7f, 0x47, 0xe6, 0x65, 0xa6, 0x22, 0xe8, 0x6a, 0x12, + 0x2b, 0xc2, 0x81, 0xff, 0x32, 0x70, 0x2f, 0x9e, 0xca, 0x53, 0x26, 0x47, + 0x0f, 0x59, 0xd7, 0x9e, 0x2c, 0xa5, 0x07, 0xc4, 0x49, 0x52, 0xa3, 0xe4, + 0x6b, 0x04, 0x00, 0x25, 0x49, 0xe2, 0xe6, 0x7f, 0x28, 0x78, 0x97, 0xb8, + 0x3a, 0x32, 0x14, 0x38, 0xa2, 0x51, 0x33, 0x22, 0x44, 0x7e, 0xd7, 0xef, + 0x45, 0xdb, 0x06, 0x4a, 0xd2, 0x82, 0x4a, 0x82, 0x2c, 0xb1, 0xd7, 0xd8, + 0xb6, 0x73, 0x00, 0x4d, 0x94, 0x77, 0x94, 0xef + }; + +static unsigned char out_q[] = { + 0xd4, 0x0a, 0xac, 0x9f, 0xbd, 0x8c, 0x80, 0xc2, 0x38, 0x7e, 0x2e, 0x0c, + 0x52, 0x5c, 0xea, 0x34, 0xa1, 0x83, 0x32, 0xf3 + }; + +static unsigned char out_g[] = { + 0x34, 0x73, 0x8b, 0x57, 0x84, 0x8e, 0x55, 0xbf, 0x57, 0xcc, 0x41, 0xbb, + 0x5e, 0x2b, 0xd5, 0x42, 0xdd, 0x24, 0x22, 0x2a, 0x09, 0xea, 0x26, 0x1e, + 0x17, 0x65, 0xcb, 0x1a, 0xb3, 0x12, 0x44, 0xa3, 0x9e, 0x99, 0xe9, 0x63, + 0xeb, 0x30, 0xb1, 0x78, 0x7b, 0x09, 0x40, 0x30, 0xfa, 0x83, 0xc2, 0x35, + 0xe1, 0xc4, 0x2d, 0x74, 0x1a, 0xb1, 0x83, 0x54, 0xd8, 0x29, 0xf4, 0xcf, + 0x7f, 0x6f, 0x67, 0x1c, 0x36, 0x49, 0xee, 0x6c, 0xa2, 0x3c, 0x2d, 0x6a, + 0xe9, 0xd3, 0x9a, 0xf6, 0x57, 0x78, 0x6f, 0xfd, 0x33, 0xcd, 0x3c, 0xed, + 0xfd, 0xd4, 0x41, 0xe6, 0x5c, 0x8b, 0xe0, 0x68, 0x31, 0x47, 0x47, 0xaf, + 0x12, 0xa7, 0xf9, 0x32, 0x0d, 0x94, 0x15, 0x48, 0xd0, 0x54, 0x85, 0xb2, + 0x04, 0xb5, 0x4d, 0xd4, 0x9d, 0x05, 0x22, 0x25, 0xd9, 0xfd, 0x6c, 0x36, + 0xef, 0xbe, 0x69, 0x6c, 0x55, 0xf4, 0xee, 0xec + }; + +static const unsigned char str1[]="12345678901234567890"; + +void FIPS_corrupt_dsa() + { + ++seed[0]; + } + +int FIPS_selftest_dsa() + { + DSA *dsa=NULL; + int counter,i,j, ret = 0; + unsigned char buf[256]; + unsigned long h; + EVP_MD_CTX mctx; + DSA_SIG *dsig = NULL; + + EVP_MD_CTX_init(&mctx); + + dsa = FIPS_dsa_new(); + + if(dsa == NULL) + goto err; + if(!DSA_generate_parameters_ex(dsa, 1024,seed,20,&counter,&h,NULL)) + goto err; + if (counter != 378) + goto err; + if (h != 2) + goto err; + i=BN_bn2bin(dsa->q,buf); + j=sizeof(out_q); + if (i != j || memcmp(buf,out_q,i) != 0) + goto err; + + i=BN_bn2bin(dsa->p,buf); + j=sizeof(out_p); + if (i != j || memcmp(buf,out_p,i) != 0) + goto err; + + i=BN_bn2bin(dsa->g,buf); + j=sizeof(out_g); + if (i != j || memcmp(buf,out_g,i) != 0) + goto err; + DSA_generate_key(dsa); + + if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL)) + goto err; + if (!EVP_DigestUpdate(&mctx, str1, 20)) + goto err; + dsig = FIPS_dsa_sign_ctx(dsa, &mctx); + if (!dsig) + goto err; + + if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL)) + goto err; + if (!EVP_DigestUpdate(&mctx, str1, 20)) + goto err; + if (FIPS_dsa_verify_ctx(dsa, &mctx, dsig) != 1) + goto err; + + ret = 1; + + err: + EVP_MD_CTX_cleanup(&mctx); + if (dsa) + FIPS_dsa_free(dsa); + if (dsig) + DSA_SIG_free(dsig); + if (ret == 0) + FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED); + return ret; + } +#endif diff --git a/fips/dsa/fips_dsa_sign.c b/fips/dsa/fips_dsa_sign.c new file mode 100644 index 0000000000..c111ce0f25 --- /dev/null +++ b/fips/dsa/fips_dsa_sign.c @@ -0,0 +1,96 @@ +/* fips_dsa_sign.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2007. + */ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#define OPENSSL_FIPSEVP + +#include <string.h> +#include <openssl/evp.h> +#include <openssl/dsa.h> +#include <openssl/err.h> +#include <openssl/sha.h> +#include <openssl/bn.h> + +#ifdef OPENSSL_FIPS + +/* FIPS versions of DSA_sign() and DSA_verify(). + * Handle DSA_SIG structures to avoid need to handle ASN1. + */ + +DSA_SIG * FIPS_dsa_sign_ctx(DSA *dsa, EVP_MD_CTX *ctx) + { + DSA_SIG *s; + unsigned char dig[EVP_MAX_MD_SIZE]; + unsigned int dlen; + EVP_DigestFinal_ex(ctx, dig, &dlen); + s = dsa->meth->dsa_do_sign(dig,dlen,dsa); + OPENSSL_cleanse(dig, dlen); + return s; + } + +int FIPS_dsa_verify_ctx(DSA *dsa, EVP_MD_CTX *ctx, DSA_SIG *s) + { + int ret=-1; + unsigned char dig[EVP_MAX_MD_SIZE]; + unsigned int dlen; + EVP_DigestFinal_ex(ctx, dig, &dlen); + ret=dsa->meth->dsa_do_verify(dig,dlen,s,dsa); + OPENSSL_cleanse(dig, dlen); + return ret; + } + +#endif diff --git a/fips/dsa/fips_dssvs.c b/fips/dsa/fips_dssvs.c new file mode 100644 index 0000000000..9c9e37b452 --- /dev/null +++ b/fips/dsa/fips_dssvs.c @@ -0,0 +1,512 @@ +#include <openssl/opensslconf.h> + +#ifndef OPENSSL_FIPS +#include <stdio.h> + +int main(int argc, char **argv) +{ + printf("No FIPS DSA support\n"); + return(0); +} +#else + +#define OPENSSL_FIPSEVP + +#include <openssl/bn.h> +#include <openssl/dsa.h> +#include <openssl/fips.h> +#include <openssl/err.h> +#include <openssl/evp.h> +#include <string.h> +#include <ctype.h> + +#include "fips_utl.h" + +static void pbn(const char *name, BIGNUM *bn) + { + int len, i; + unsigned char *tmp; + len = BN_num_bytes(bn); + tmp = OPENSSL_malloc(len); + if (!tmp) + { + fprintf(stderr, "Memory allocation error\n"); + return; + } + BN_bn2bin(bn, tmp); + printf("%s = ", name); + for (i = 0; i < len; i++) + printf("%02X", tmp[i]); + fputs("\n", stdout); + OPENSSL_free(tmp); + return; + } + +static void primes() + { + char buf[10240]; + char lbuf[10240]; + char *keyword, *value; + + while(fgets(buf,sizeof buf,stdin) != NULL) + { + fputs(buf,stdout); + if (!parse_line(&keyword, &value, lbuf, buf)) + continue; + if(!strcmp(keyword,"Prime")) + { + BIGNUM *pp; + + pp=BN_new(); + do_hex2bn(&pp,value); + printf("result= %c\n", + BN_is_prime_ex(pp,20,NULL,NULL) ? 'P' : 'F'); + } + } + } + +int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, + const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, + unsigned char *seed_out, + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); + +static void pqg() + { + char buf[1024]; + char lbuf[1024]; + char *keyword, *value; + int nmod=0; + + while(fgets(buf,sizeof buf,stdin) != NULL) + { + if (!parse_line(&keyword, &value, lbuf, buf)) + { + fputs(buf,stdout); + continue; + } + if(!strcmp(keyword,"[mod")) + nmod=atoi(value); + else if(!strcmp(keyword,"N")) + { + int n=atoi(value); + + printf("[mod = %d]\n\n",nmod); + + while(n--) + { + unsigned char seed[EVP_MAX_MD_SIZE]; + DSA *dsa; + int counter; + unsigned long h; + dsa = FIPS_dsa_new(); + + if (!dsa_builtin_paramgen(dsa, nmod, 160, NULL, NULL, 0, + seed,&counter,&h,NULL)) + exit(1); + pbn("P",dsa->p); + pbn("Q",dsa->q); + pbn("G",dsa->g); + pv("Seed",seed,20); + printf("c = %d\n",counter); + printf("H = %lx\n",h); + putc('\n',stdout); + } + } + else + fputs(buf,stdout); + } + } + +static void pqgver() + { + char buf[1024]; + char lbuf[1024]; + char *keyword, *value; + BIGNUM *p = NULL, *q = NULL, *g = NULL; + int counter, counter2; + unsigned long h, h2; + DSA *dsa=NULL; + int nmod=0; + unsigned char seed[1024]; + + while(fgets(buf,sizeof buf,stdin) != NULL) + { + if (!parse_line(&keyword, &value, lbuf, buf)) + { + fputs(buf,stdout); + continue; + } + fputs(buf, stdout); + if(!strcmp(keyword,"[mod")) + nmod=atoi(value); + else if(!strcmp(keyword,"P")) + p=hex2bn(value); + else if(!strcmp(keyword,"Q")) + q=hex2bn(value); + else if(!strcmp(keyword,"G")) + g=hex2bn(value); + else if(!strcmp(keyword,"Seed")) + { + int slen = hex2bin(value, seed); + if (slen != 20) + { + fprintf(stderr, "Seed parse length error\n"); + exit (1); + } + } + else if(!strcmp(keyword,"c")) + counter =atoi(buf+4); + else if(!strcmp(keyword,"H")) + { + h = atoi(value); + if (!p || !q || !g) + { + fprintf(stderr, "Parse Error\n"); + exit (1); + } + dsa = FIPS_dsa_new(); + if (!DSA_generate_parameters_ex(dsa, nmod,seed,20 ,&counter2,&h2,NULL)) + exit(1); + if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) || BN_cmp(dsa->g, g) + || (counter != counter2) || (h != h2)) + printf("Result = F\n"); + else + printf("Result = P\n"); + BN_free(p); + BN_free(q); + BN_free(g); + p = NULL; + q = NULL; + g = NULL; + FIPS_dsa_free(dsa); + dsa = NULL; + } + } + } + +/* Keypair verification routine. NB: this isn't part of the standard FIPS140-2 + * algorithm tests. It is an additional test to perform sanity checks on the + * output of the KeyPair test. + */ + +static int dss_paramcheck(int nmod, BIGNUM *p, BIGNUM *q, BIGNUM *g, + BN_CTX *ctx) + { + BIGNUM *rem = NULL; + if (BN_num_bits(p) != nmod) + return 0; + if (BN_num_bits(q) != 160) + return 0; + if (BN_is_prime_ex(p, BN_prime_checks, ctx, NULL) != 1) + return 0; + if (BN_is_prime_ex(q, BN_prime_checks, ctx, NULL) != 1) + return 0; + rem = BN_new(); + if (!BN_mod(rem, p, q, ctx) || !BN_is_one(rem) + || (BN_cmp(g, BN_value_one()) <= 0) + || !BN_mod_exp(rem, g, q, p, ctx) || !BN_is_one(rem)) + { + BN_free(rem); + return 0; + } + /* Todo: check g */ + BN_free(rem); + return 1; + } + +static void keyver() + { + char buf[1024]; + char lbuf[1024]; + char *keyword, *value; + BIGNUM *p = NULL, *q = NULL, *g = NULL, *X = NULL, *Y = NULL; + BIGNUM *Y2; + BN_CTX *ctx = NULL; + int nmod=0, paramcheck = 0; + + ctx = BN_CTX_new(); + Y2 = BN_new(); + + while(fgets(buf,sizeof buf,stdin) != NULL) + { + if (!parse_line(&keyword, &value, lbuf, buf)) + { + fputs(buf,stdout); + continue; + } + if(!strcmp(keyword,"[mod")) + { + if (p) + BN_free(p); + p = NULL; + if (q) + BN_free(q); + q = NULL; + if (g) + BN_free(g); + g = NULL; + paramcheck = 0; + nmod=atoi(value); + } + else if(!strcmp(keyword,"P")) + p=hex2bn(value); + else if(!strcmp(keyword,"Q")) + q=hex2bn(value); + else if(!strcmp(keyword,"G")) + g=hex2bn(value); + else if(!strcmp(keyword,"X")) + X=hex2bn(value); + else if(!strcmp(keyword,"Y")) + { + Y=hex2bn(value); + if (!p || !q || !g || !X || !Y) + { + fprintf(stderr, "Parse Error\n"); + exit (1); + } + pbn("P",p); + pbn("Q",q); + pbn("G",g); + pbn("X",X); + pbn("Y",Y); + if (!paramcheck) + { + if (dss_paramcheck(nmod, p, q, g, ctx)) + paramcheck = 1; + else + paramcheck = -1; + } + if (paramcheck != 1) + printf("Result = F\n"); + else + { + if (!BN_mod_exp(Y2, g, X, p, ctx) || BN_cmp(Y2, Y)) + printf("Result = F\n"); + else + printf("Result = P\n"); + } + BN_free(X); + BN_free(Y); + X = NULL; + Y = NULL; + } + } + if (p) + BN_free(p); + if (q) + BN_free(q); + if (g) + BN_free(g); + if (Y2) + BN_free(Y2); + } + +static void keypair() + { + char buf[1024]; + char lbuf[1024]; + char *keyword, *value; + int nmod=0; + + while(fgets(buf,sizeof buf,stdin) != NULL) + { + if (!parse_line(&keyword, &value, lbuf, buf)) + { + fputs(buf,stdout); + continue; + } + if(!strcmp(keyword,"[mod")) + nmod=atoi(value); + else if(!strcmp(keyword,"N")) + { + DSA *dsa; + int n=atoi(value); + + printf("[mod = %d]\n\n",nmod); + dsa = FIPS_dsa_new(); + if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL)) + exit(1); + pbn("P",dsa->p); + pbn("Q",dsa->q); + pbn("G",dsa->g); + putc('\n',stdout); + + while(n--) + { + if (!DSA_generate_key(dsa)) + exit(1); + + pbn("X",dsa->priv_key); + pbn("Y",dsa->pub_key); + putc('\n',stdout); + } + } + } + } + +static void siggen() + { + char buf[1024]; + char lbuf[1024]; + char *keyword, *value; + int nmod=0; + DSA *dsa=NULL; + + while(fgets(buf,sizeof buf,stdin) != NULL) + { + if (!parse_line(&keyword, &value, lbuf, buf)) + { + fputs(buf,stdout); + continue; + } + if(!strcmp(keyword,"[mod")) + { + nmod=atoi(value); + printf("[mod = %d]\n\n",nmod); + if (dsa) + FIPS_dsa_free(dsa); + dsa = FIPS_dsa_new(); + if (!DSA_gener |