List Info

Thread: OpenSSL: OpenSSL-fips-0_9_8-stable: openssl/fips/dsa/ fips_dssvs...
OpenSSL: OpenSSL-fips-0_9_8-stable: openssl/fips/dsa/ fips_dssvs...
country flaguser name
Germany		 2007-12-23 14:32:07 
  OpenSSL CVS Repository
  http://cvs.openssl.org/
 
____________________________________________________________
________________

  Server: cvs.openssl.org                  Name:   Dr.
Stephen Henson
  Root:   /v/openssl/cvs                   Email:  steveopenssl.org
  Module: openssl                          Date:  
23-Dec-2007 21:32:07
  Branch: OpenSSL-fips-0_9_8-stable        Handle:
2007122320320600

  Modified files:           (Branch:
OpenSSL-fips-0_9_8-stable)
    openssl/fips            fipsalgtest.pl
    openssl/fips/dsa        fips_dssvs.c

  Log:
    Update algorithm sanity checks to support KeyPair test.

  Summary:
    Revision    Changes     Path
    1.1.6.6     +119 -3     openssl/fips/dsa/fips_dssvs.c
    1.1.2.4     +1  -1      openssl/fips/fipsalgtest.pl
 
____________________________________________________________
________________

  patch -p0 <<' .'
  Index: openssl/fips/dsa/fips_dssvs.c
 
============================================================
================
  $ cvs diff -u -r1.1.6.5 -r1.1.6.6 fips_dssvs.c
  --- openssl/fips/dsa/fips_dssvs.c	22 Dec 2007 19:31:05
-0000	1.1.6.5
  +++ openssl/fips/dsa/fips_dssvs.c	23 Dec 2007 20:32:06
-0000	1.1.6.6
   -112,7 +112,6 
   	}
       }
   
  -
   void pqgver()
       {
       char buf[1024];
   -188,6 +187,122 
   	}
       }
   
  +/* Keypair verification routine. NB: this isn't part of
the stndard FIPS140-2
  + * algorithm tests. It is an additional test to perform
sanity checks on the
  + * output of the KeyPair test.
  + */
  +
  +static int dss_paramcheck(int nmod, BIGNUM *p, BIGNUM *q,
BIGNUM *g,
  +							BN_CTX *ctx)
  +    {
  +    BIGNUM *rem = NULL;
  +    if (BN_num_bits(p) != nmod)
  +	return 0;
  +    if (BN_num_bits(q) != 160)
  +	return 0;
  +    if (BN_is_prime_ex(p, BN_prime_checks, ctx, NULL) !=
1)
  +	return 0;
  +    if (BN_is_prime_ex(q, BN_prime_checks, ctx, NULL) !=
1)
  +	return 0;
  +    rem = BN_new();
  +    if (!BN_mod(rem, p, q, ctx) || !BN_is_one(rem)
  +    	|| (BN_cmp(g, BN_value_one()) <= 0)
  +	|| !BN_mod_exp(rem, g, q, p, ctx) || !BN_is_one(rem))
  +	{
  +	BN_free(rem);
  +	return 0;
  +	}
  +    /* Todo: check g */
  +    BN_free(rem);
  +    return 1;
  +    }
  +
  +void keyver()
  +    {
  +    char buf[1024];
  +    char lbuf[1024];
  +    char *keyword, *value;
  +    BIGNUM *p = NULL, *q = NULL, *g = NULL, *X = NULL, *Y
= NULL;
  +    BIGNUM *Y2;
  +    BN_CTX *ctx = NULL;
  +    int nmod=0, paramcheck = 0;
  +
  +    ctx = BN_CTX_new();
  +    Y2 = BN_new();
  +
  +    while(fgets(buf,sizeof buf,stdin) != NULL)
  +	{
  +	if (!parse_line(&keyword, &value, lbuf, buf))
  +		{
  +		fputs(buf,stdout);
  +		continue;
  +		}
  +	if(!strcmp(keyword,"[mod"))
  +	    {
  +	    if (p)
  +		BN_free(p);
  +	    p = NULL;
  +	    if (q)
  +		BN_free(q);
  +	    q = NULL;
  +	    if (g)
  +		BN_free(g);
  +	    g = NULL;
  +	    paramcheck = 0;
  +	    nmod=atoi(value);
  +	    }
  +	else if(!strcmp(keyword,"P"))
  +	    p=hex2bn(value);
  +	else if(!strcmp(keyword,"Q"))
  +	    q=hex2bn(value);
  +	else if(!strcmp(keyword,"G"))
  +	    g=hex2bn(value);
  +	else if(!strcmp(keyword,"X"))
  +	    X=hex2bn(value);
  +	else if(!strcmp(keyword,"Y"))
  +	    {
  +	    Y=hex2bn(value);
  +	    if (!p || !q || !g || !X || !Y)
  +		{
  +		fprintf(stderr, "Parse Errorn");
  +		exit (1);
  +		}
  +	    pbn("P",p);
  +	    pbn("Q",q);
  +	    pbn("G",g);
  +	    pbn("X",X);
  +	    pbn("Y",Y);
  +	    if (!paramcheck)
  +		{
  +		if (dss_paramcheck(nmod, p, q, g, ctx))
  +			paramcheck = 1;
  +		else
  +			paramcheck = -1;
  +		}
  +	    if (paramcheck != 1)
  +	   	printf("Result = Fn");
  +	    else
  +		{
  +		if (!BN_mod_exp(Y2, g, X, p, ctx) || BN_cmp(Y2, Y))
  +	    		printf("Result = Fn");
  +	        else
  +	    		printf("Result = Tn");
  +		}
  +	    BN_free(X);
  +	    BN_free(Y);
  +	    X = NULL;
  +	    Y = NULL;
  +	    }
  +	}
  +	if (p)
  +	    BN_free(p);
  +	if (q)
  +	    BN_free(q);
  +	if (g)
  +	    BN_free(g);
  +	if (Y2)
  +	    BN_free(Y2);
  +    }
   
   void keypair()
       {
   -317,9 +432,8 
       char buf[1024];
       char lbuf[1024];
       unsigned char msg[1024];
  -    int n;
       char *keyword, *value;
  -    int nmod=0;
  +    int nmod=0, n=0;
       DSA_SIG sg, *sig = &sg;
   
       sig->r = NULL;
   -410,6 +524,8 
   	pqgver();
       else if(!strcmp(argv[1],"keypair"))
   	keypair();
  +    else if(!strcmp(argv[1],"keyver"))
  +	keyver();
       else if(!strcmp(argv[1],"siggen"))
   	siggen();
       else if(!strcmp(argv[1],"sigver"))
   .
  patch -p0 <<' .'
  Index: openssl/fips/fipsalgtest.pl
 
============================================================
================
  $ cvs diff -u -r1.1.2.3 -r1.1.2.4 fipsalgtest.pl
  --- openssl/fips/fipsalgtest.pl	23 Dec 2007 14:20:50
-0000	1.1.2.3
  +++ openssl/fips/fipsalgtest.pl	23 Dec 2007 20:32:06
-0000	1.1.2.4
   -305,7 +305,7 
   my %verify_special = (
       "PQGGen" => "fips_dssvs
pqgver",
   
  -    #"KeyPair" => "fips_dssvs
pgqver",
  +    "KeyPair"	    => "fips_dssvs
keyver",
       "SigGen"        => "fips_dssvs
sigver",
       "SigGen15"      =>
"fips_rsavtest",
       "SigGenRSA"     => "fips_rsavtest
-x931",
   .
____________________________________________________________
__________
OpenSSL Project                                 http://www.openssl.org
CVS Repository Commit List                    
openssl-cvsopenssl.org
Automated List Manager                          
majordomoopenssl.org
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )