Add ECDSA functionality to fips module. Initial very incomplete version

of algorithm test program.
author: Dr. Stephen Henson <steve@openssl.org> 2011-02-14 17:14:55 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-02-14 17:14:55 +0000
commit: fe26d066ff6d34a01a2d05cba383e099960182c0 (patch)
tree: 353911c7b542155091761d1f2f72e9cc791b439b /fips/ecdsa
parent: c876a4b7b119faa80add62d7a04b46eda8b7bf99 (diff)
4 files changed, 587 insertions, 0 deletions
diff --git a/fips/ecdsa/Makefile b/fips/ecdsa/Makefile
new file mode 100644
index 0000000000..77948d08e3
--- /dev/null
+++ b/fips/ecdsa/Makefile
@@ -0,0 +1,180 @@
+#
+# OpenSSL/fips/ecdsa/Makefile
+#
+
+DIR=	ecdsa
+TOP=	../..
+CC=	cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=	Makefile
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST= fips_ecdsavs.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= fips_ecdsa_lib.c fips_ecdsa_sign.c
+LIBOBJ= fips_ecdsa_lib.o fips_ecdsa_sign.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	@echo $(LIBOBJ) > lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+	@$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
+
+install:
+	@headerlist="$(EXHEADER)"; for i in $$headerlist; \
+	do  \
+	  (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	  chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+fips_test:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+fips_dsa_gen.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_dsa_gen.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+fips_dsa_gen.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+fips_dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_dsa_gen.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+fips_dsa_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+fips_dsa_gen.o: ../../include/openssl/opensslconf.h
+fips_dsa_gen.o: ../../include/openssl/opensslv.h
+fips_dsa_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+fips_dsa_gen.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+fips_dsa_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_dsa_gen.o: fips_dsa_gen.c
+fips_dsa_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_dsa_key.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+fips_dsa_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+fips_dsa_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_dsa_key.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+fips_dsa_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+fips_dsa_key.o: ../../include/openssl/opensslconf.h
+fips_dsa_key.o: ../../include/openssl/opensslv.h
+fips_dsa_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+fips_dsa_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_dsa_key.o: ../../include/openssl/symhacks.h ../fips_locl.h fips_dsa_key.c
+fips_dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+fips_dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+fips_dsa_lib.o: ../../include/openssl/e_os2.h
+fips_dsa_lib.o: ../../include/openssl/opensslconf.h
+fips_dsa_lib.o: ../../include/openssl/opensslv.h
+fips_dsa_lib.o: ../../include/openssl/ossl_typ.h
+fips_dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_dsa_lib.o: ../../include/openssl/symhacks.h fips_dsa_lib.c
+fips_dsa_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_dsa_ossl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+fips_dsa_ossl.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+fips_dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+fips_dsa_ossl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+fips_dsa_ossl.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+fips_dsa_ossl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+fips_dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+fips_dsa_ossl.o: ../../include/openssl/objects.h
+fips_dsa_ossl.o: ../../include/openssl/opensslconf.h
+fips_dsa_ossl.o: ../../include/openssl/opensslv.h
+fips_dsa_ossl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+fips_dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+fips_dsa_ossl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+fips_dsa_ossl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+fips_dsa_ossl.o: ../../include/openssl/x509_vfy.h fips_dsa_ossl.c
+fips_dsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_dsa_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+fips_dsa_selftest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+fips_dsa_selftest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_dsa_selftest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+fips_dsa_selftest.o: ../../include/openssl/obj_mac.h
+fips_dsa_selftest.o: ../../include/openssl/objects.h
+fips_dsa_selftest.o: ../../include/openssl/opensslconf.h
+fips_dsa_selftest.o: ../../include/openssl/opensslv.h
+fips_dsa_selftest.o: ../../include/openssl/ossl_typ.h
+fips_dsa_selftest.o: ../../include/openssl/safestack.h
+fips_dsa_selftest.o: ../../include/openssl/stack.h
+fips_dsa_selftest.o: ../../include/openssl/symhacks.h fips_dsa_selftest.c
+fips_dsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+fips_dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+fips_dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_dsa_sign.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+fips_dsa_sign.o: ../../include/openssl/obj_mac.h
+fips_dsa_sign.o: ../../include/openssl/objects.h
+fips_dsa_sign.o: ../../include/openssl/opensslconf.h
+fips_dsa_sign.o: ../../include/openssl/opensslv.h
+fips_dsa_sign.o: ../../include/openssl/ossl_typ.h
+fips_dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+fips_dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_dsa_sign.o: fips_dsa_sign.c
+fips_dsatest.o: ../../e_os.h ../../include/openssl/asn1.h
+fips_dsatest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+fips_dsatest.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+fips_dsatest.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+fips_dsatest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+fips_dsatest.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+fips_dsatest.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+fips_dsatest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_dsatest.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
+fips_dsatest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+fips_dsatest.o: ../../include/openssl/objects.h
+fips_dsatest.o: ../../include/openssl/opensslconf.h
+fips_dsatest.o: ../../include/openssl/opensslv.h
+fips_dsatest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+fips_dsatest.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+fips_dsatest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+fips_dsatest.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+fips_dsatest.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+fips_dsatest.o: ../../include/openssl/x509_vfy.h ../fips_utl.h fips_dsatest.c
+fips_dssvs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_dssvs.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+fips_dssvs.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+fips_dssvs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_dssvs.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+fips_dssvs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+fips_dssvs.o: ../../include/openssl/opensslconf.h
+fips_dssvs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+fips_dssvs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_dssvs.o: ../../include/openssl/symhacks.h ../fips_utl.h fips_dssvs.c
diff --git a/fips/ecdsa/fips_ecdsa_lib.c b/fips/ecdsa/fips_ecdsa_lib.c
new file mode 100644
index 0000000000..b16bc5b505
--- /dev/null
+++ b/fips/ecdsa/fips_ecdsa_lib.c
@@ -0,0 +1,93 @@
+/* fips_dsa_lib.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2007.
+ */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#define OPENSSL_FIPSAPI
+
+#include <string.h>
+#include <openssl/ecdsa.h>
+#include <openssl/bn.h>
+#include <openssl/fips.h>
+
+ECDSA_SIG *FIPS_ecdsa_sig_new(void)
+	{
+	ECDSA_SIG *sig;
+	sig = OPENSSL_malloc(sizeof(ECDSA_SIG));
+	if (!sig)
+		return NULL;
+	sig->r = BN_new();
+	sig->s = BN_new();
+	if (!sig->r || !sig->s)
+		{
+		FIPS_ecdsa_sig_free(sig);
+		return NULL;
+		}
+	return sig;
+	}
+
+void FIPS_ecdsa_sig_free(ECDSA_SIG *sig)
+	{
+	if (sig)
+		{
+		if (sig->r)
+			BN_free(sig->r);
+		if (sig->s)
+			BN_free(sig->s);
+		OPENSSL_free(sig);
+		}
+	}
+
diff --git a/fips/ecdsa/fips_ecdsa_sign.c b/fips/ecdsa/fips_ecdsa_sign.c
new file mode 100644
index 0000000000..0e86a50ef4
--- /dev/null
+++ b/fips/ecdsa/fips_ecdsa_sign.c
@@ -0,0 +1,89 @@
+/* fips_ecdsa_sign.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2011.
+ */
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#define OPENSSL_FIPSAPI
+
+#include <string.h>
+#include <openssl/evp.h>
+#include <openssl/ecdsa.h>
+#include <openssl/err.h>
+#include <openssl/sha.h>
+#include <openssl/bn.h>
+
+ECDSA_SIG * FIPS_ecdsa_sign_ctx(EC_KEY *key, EVP_MD_CTX *ctx)
+	{
+	ECDSA_SIG *s;
+	unsigned char dig[EVP_MAX_MD_SIZE];
+	unsigned int dlen;
+        FIPS_digestfinal(ctx, dig, &dlen);
+	s = FIPS_ecdsa_sign_digest(key, dig, dlen);
+	OPENSSL_cleanse(dig, dlen);
+	return s;
+	}
+
+int FIPS_ecdsa_verify_ctx(EC_KEY *key, EVP_MD_CTX *ctx, ECDSA_SIG *s)
+	{
+	int ret=-1;
+	unsigned char dig[EVP_MAX_MD_SIZE];
+	unsigned int dlen;
+        FIPS_digestfinal(ctx, dig, &dlen);
+	ret = FIPS_ecdsa_verify_digest(key, dig, dlen, s);
+	OPENSSL_cleanse(dig, dlen);
+	return ret;
+	}
+
diff --git a/fips/ecdsa/fips_ecdsavs.c b/fips/ecdsa/fips_ecdsavs.c
new file mode 100644
index 0000000000..1b69c84ad0
--- /dev/null
+++ b/fips/ecdsa/fips_ecdsavs.c
@@ -0,0 +1,225 @@
+#define OPENSSL_FIPSAPI
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_FIPS
+#include <stdio.h>
+
+int main(int argc, char **argv)
+{
+    printf("No FIPS DSA support\n");
+    return(0);
+}
+#else
+
+#include <string.h>
+#include <ctype.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/ecdsa.h>
+#include <openssl/evp.h>
+#include "fips_utl.h"
+
+#include <openssl/objects.h>
+
+
+static int lookup_curve(const char *curve_name)
+	{
+	char cname[6];
+	strncpy(cname, curve_name, 5);
+	cname[5] = 0;
+	if (!strcmp(cname, "B-163"))
+		return NID_sect163r2;
+	if (!strcmp(cname, "B-233"))
+		return NID_sect233r1;
+	if (!strcmp(cname, "B-283"))
+		return NID_sect283r1;
+	if (!strcmp(cname, "B-409"))
+		return NID_sect409r1;
+	if (!strcmp(cname, "B-571"))
+		return NID_sect571r1;
+	if (!strcmp(cname, "K-163"))
+		return NID_sect163k1;
+	if (!strcmp(cname, "K-233"))
+		return NID_sect233k1;
+	if (!strcmp(cname, "K-283"))
+		return NID_sect283k1;
+	if (!strcmp(cname, "K-409"))
+		return NID_sect409k1;
+	if (!strcmp(cname, "K-571"))
+		return NID_sect571k1;
+	if (!strcmp(cname, "P-192"))
+		return NID_X9_62_prime192v1;
+	if (!strcmp(cname, "P-224"))
+		return NID_secp224r1;
+	if (!strcmp(cname, "P-256"))
+		return NID_X9_62_prime256v1;
+	if (!strcmp(cname, "P-384"))
+		return NID_secp384r1;
+	if (!strcmp(cname, "P-521"))
+		return NID_secp521r1;
+
+	fprintf(stderr, "Unknown Curve name %s\n", cname);
+	return NID_undef;
+	}
+
+static int PKV(void)
+	{
+
+	char buf[1024], lbuf[1024];
+	char *keyword, *value;
+	int curve_nid = NID_undef;
+	BIGNUM *Qx = NULL, *Qy = NULL;
+	EC_KEY *key = NULL;
+	while(fgets(buf, sizeof buf, stdin) != NULL)
+		{
+		fputs(buf, stdout);
+		if (*buf == '[')
+			{
+			curve_nid = lookup_curve(buf + 1);
+			if (curve_nid == NID_undef)
+				return 0;
+				
+			}
+		if (!parse_line(&keyword, &value, lbuf, buf))
+			continue;
+		if (!strcmp(keyword, "Qx"))
+			{
+			if (!do_hex2bn(&Qx, value))
+				{
+				fprintf(stderr, "Invalid Qx value\n");
+				return 0;
+				}
+			}
+		if (!strcmp(keyword, "Qy"))
+			{
+			int rv;
+			if (!do_hex2bn(&Qy, value))
+				{
+				fprintf(stderr, "Invalid Qy value\n");
+				return 0;
+				}
+			key = EC_KEY_new_by_curve_name(curve_nid);
+			rv = EC_KEY_set_public_key_affine_coordinates(key, Qx, Qy);
+			printf("Result = %s\n", rv ? "P":"F");
+			}
+
+		}
+	return 1;
+	}
+
+static int SigVer(void)
+	{
+	char buf[1024], lbuf[1024];
+	char *keyword, *value;
+	unsigned char *msg;
+	int curve_nid = NID_undef;
+	long mlen;
+	BIGNUM *Qx = NULL, *Qy = NULL;
+	EC_KEY *key = NULL;
+	ECDSA_SIG sg, *sig = &sg;
+	const EVP_MD *digest = EVP_sha1();
+	EVP_MD_CTX mctx;
+	EVP_MD_CTX_init(&mctx);
+	sig->r = NULL;
+	sig->s = NULL;
+	while(fgets(buf, sizeof buf, stdin) != NULL)
+		{
+		fputs(buf, stdout);
+		if (*buf == '[')
+			{
+			curve_nid = lookup_curve(buf + 1);
+			if (curve_nid == NID_undef)
+				return 0;
+			}
+		if (!parse_line(&keyword, &value, lbuf, buf))
+			continue;
+		if (!strcmp(keyword, "Msg"))
+			{
+			msg = hex2bin_m(value, &mlen);
+			if (!msg)
+				{
+				fprintf(stderr, "Invalid Message\n");
+				return 0;
+				}
+			}
+			
+		if (!strcmp(keyword, "Qx"))
+			{
+			if (!do_hex2bn(&Qx, value))
+				{
+				fprintf(stderr, "Invalid Qx value\n");
+				return 0;
+				}
+			}
+		if (!strcmp(keyword, "Qy"))
+			{
+			if (!do_hex2bn(&Qy, value))
+				{
+				fprintf(stderr, "Invalid Qy value\n");
+				return 0;
+				}
+			}
+		if (!strcmp(keyword, "R"))
+			{
+			if (!do_hex2bn(&sig->r, value))
+				{
+				fprintf(stderr, "Invalid R value\n");
+				return 0;
+				}
+			}
+		if (!strcmp(keyword, "S"))
+			{
+			int rv;
+			if (!do_hex2bn(&sig->s, value))
+				{
+				fprintf(stderr, "Invalid S value\n");
+				return 0;
+				}
+			key = EC_KEY_new_by_curve_name(curve_nid);
+			rv = EC_KEY_set_public_key_affine_coordinates(key, Qx, Qy);
+
+			if (rv != 1)
+				{
+				fprintf(stderr, "Error setting public key\n");
+				return 0;
+				}
+
+			FIPS_digestinit(&mctx, digest);
+			FIPS_digestupdate(&mctx, msg, mlen);
+			no_err = 1;
+	    		rv = FIPS_ecdsa_verify_ctx(key, &mctx, sig);
+			no_err = 0;
+
+			printf("Result = %s\n", rv ? "P":"F");
+			}
+
+		}
+	return 1;
+	}
+
+int main(int argc, char **argv)
+	{
+	const char *cmd = argv[1];
+	fips_set_error_print();
+	if (!cmd)
+		{
+		fprintf(stderr, "fips_ecdsavs [PKV|SigVer]\n");
+		return 1;
+		}
+	if (!strcmp(cmd, "PKV"))
+		{
+		if (PKV() <= 0)
+			goto err;
+		}
+	if (!strcmp(cmd, "SigVer"))
+		{
+		if (SigVer() <= 0)
+			goto err;
+		}
+	return 0;
+	err:
+	fprintf(stderr, "Error running %s\n", cmd);
+	return 1;
+	}
+
+#endif
author	Dr. Stephen Henson <steve@openssl.org>	2011-02-14 17:14:55 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-02-14 17:14:55 +0000
commit	fe26d066ff6d34a01a2d05cba383e099960182c0 (patch)
tree	353911c7b542155091761d1f2f72e9cc791b439b /fips/ecdsa
parent	c876a4b7b119faa80add62d7a04b46eda8b7bf99 (diff)