diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2011-02-18 17:25:00 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2011-02-18 17:25:00 +0000 |
| commit | 947ff113d29ec9755d4e1fd60bfb67674872f23d (patch) | |
| tree | 8edc726ab14a921df99add7bd018fdbb96b91db0 /fips/ecdsa | |
| parent | acf254f86efe94788827bc7da9ae167ecc19e6b1 (diff) | |
add ECDSA POST
Diffstat (limited to 'fips/ecdsa')
| -rw-r--r-- | fips/ecdsa/Makefile | 4 | ||||
| -rw-r--r-- | fips/ecdsa/fips_ecdsa_selftest.c | 71 |
2 files changed, 73 insertions, 2 deletions
diff --git a/fips/ecdsa/Makefile b/fips/ecdsa/Makefile index 77948d08e3..5e03694bba 100644 --- a/fips/ecdsa/Makefile +++ b/fips/ecdsa/Makefile @@ -22,8 +22,8 @@ TEST= fips_ecdsavs.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= fips_ecdsa_lib.c fips_ecdsa_sign.c -LIBOBJ= fips_ecdsa_lib.o fips_ecdsa_sign.o +LIBSRC= fips_ecdsa_lib.c fips_ecdsa_sign.c fips_ecdsa_selftest.c +LIBOBJ= fips_ecdsa_lib.o fips_ecdsa_sign.o fips_ecdsa_selftest.o SRC= $(LIBSRC) diff --git a/fips/ecdsa/fips_ecdsa_selftest.c b/fips/ecdsa/fips_ecdsa_selftest.c new file mode 100644 index 0000000000..50e0a8b710 --- /dev/null +++ b/fips/ecdsa/fips_ecdsa_selftest.c @@ -0,0 +1,71 @@ +/* fips/ecdsa/fips_ecdsa_selftest.c */ + +#define OPENSSL_FIPSAPI + +#include <string.h> +#include <openssl/crypto.h> +#include <openssl/ec.h> +#include <openssl/ecdsa.h> +#include <openssl/fips.h> +#include <openssl/err.h> +#include <openssl/evp.h> +#include <openssl/bn.h> + +#ifdef OPENSSL_FIPS + +static const unsigned char str1[]="12345678901234567890"; + +static int corrupt_ecdsa = 0; + +void FIPS_corrupt_ecdsa() + { + corrupt_ecdsa = 1; + } + +int FIPS_selftest_ecdsa() + { + EC_KEY *ec=NULL; + int ret = 0; + EVP_MD_CTX mctx; + ECDSA_SIG *esig = NULL; + + FIPS_md_ctx_init(&mctx); + + ec = EC_KEY_new_by_curve_name(NID_secp384r1); + + if(ec == NULL) + goto err; + + EC_KEY_generate_key(ec); + + if (!FIPS_digestinit(&mctx, EVP_sha512())) + goto err; + if (!FIPS_digestupdate(&mctx, str1, 20)) + goto err; + esig = FIPS_ecdsa_sign_ctx(ec, &mctx); + if (!esig) + goto err; + + if (corrupt_ecdsa) + BN_add_word(esig->r, 1); + + if (!FIPS_digestinit(&mctx, EVP_sha512())) + goto err; + if (!FIPS_digestupdate(&mctx, str1, 20)) + goto err; + if (FIPS_ecdsa_verify_ctx(ec, &mctx, esig) != 1) + goto err; + + ret = 1; + + err: + FIPS_md_ctx_cleanup(&mctx); + if (ec) + EC_KEY_free(ec); + if (esig) + FIPS_ecdsa_sig_free(esig); + if (ret == 0) + FIPSerr(FIPS_F_FIPS_SELFTEST_ECDSA,FIPS_R_SELFTEST_FAILED); + return ret; + } +#endif |