diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-08-26 14:51:49 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-08-26 14:51:49 +0000 |
commit | f55f5f775e69f853e8753aff94ee621ba14af40c (patch) | |
tree | 62dd3d8b9091324006eec608d6fee8f121af84a7 /fips/dsa | |
parent | 7daf0efad90ed403c407d562f20affca12c7a816 (diff) | |
download | openssl-new-f55f5f775e69f853e8753aff94ee621ba14af40c.tar.gz |
Add support for canonical generation of DSA parameter g.
Modify fips_dssvs to support appropriate file format.
Diffstat (limited to 'fips/dsa')
-rw-r--r-- | fips/dsa/fips_dssvs.c | 51 |
1 files changed, 39 insertions, 12 deletions
diff --git a/fips/dsa/fips_dssvs.c b/fips/dsa/fips_dssvs.c index b6dc56dbdc..ce1bc18f53 100644 --- a/fips/dsa/fips_dssvs.c +++ b/fips/dsa/fips_dssvs.c @@ -111,9 +111,9 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, unsigned char *seed_out, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); -int dsa_builtin_paramgen2(DSA *ret, size_t bits, size_t qbits, +int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, - unsigned char *seed_out, + int idx, unsigned char *seed_out, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); static void pqg(FILE *in, FILE *out) @@ -160,7 +160,7 @@ static void pqg(FILE *in, FILE *out) exit(1); } if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md, - NULL, 0, seed, + NULL, 0, -1, seed, &counter, &h, NULL) <= 0) { fprintf(stderr, "Parameter Generation error\n"); @@ -191,8 +191,8 @@ static void pqgver(FILE *in, FILE *out) DSA *dsa=NULL; int dsa2, L, N, part_test = 0; const EVP_MD *md = NULL; - int seedlen=-1; - unsigned char seed[1024]; + int seedlen=-1, idxlen, idx = -1; + unsigned char seed[1024], idtmp[1024]; while(fgets(buf,sizeof buf,in) != NULL) { @@ -221,7 +221,8 @@ static void pqgver(FILE *in, FILE *out) q=hex2bn(value); else if(!strcmp(keyword,"G")) g=hex2bn(value); - else if(!strcmp(keyword,"Seed")) + else if(!strcmp(keyword,"Seed") + || !strcmp(keyword,"domain_parameter_seed")) { seedlen = hex2bin(value, seed); if (!dsa2 && seedlen != 20) @@ -229,9 +230,21 @@ static void pqgver(FILE *in, FILE *out) fprintf(stderr, "Seed parse length error\n"); exit (1); } + if (idx > 0) + part_test = 1; + } + else if(!strcmp(keyword,"index")) + { + idxlen = hex2bin(value, idtmp); + if (idxlen != 1) + { + fprintf(stderr, "Index value error\n"); + exit (1); + } + idx = idtmp[0]; } else if(!strcmp(keyword,"c")) - counter =atoi(buf+4); + counter = atoi(buf+4); partial: if(!strcmp(keyword,"H") || part_test) { @@ -243,6 +256,11 @@ static void pqgver(FILE *in, FILE *out) exit (1); } dsa = FIPS_dsa_new(); + if (idx >= 0) + { + dsa->p = BN_dup(p); + dsa->q = BN_dup(q); + } if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md, seed, seedlen, NULL, &counter2, &h2, NULL)) @@ -251,13 +269,20 @@ static void pqgver(FILE *in, FILE *out) exit(1); } if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md, - seed, seedlen, NULL, + seed, seedlen, idx, NULL, &counter2, &h2, NULL) < 0) { fprintf(stderr, "Parameter Generation error\n"); exit(1); } - if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) || + if (idx >= 0) + { + if (BN_cmp(dsa->g, g)) + fprintf(out, "Result = F\n"); + else + fprintf(out, "Result = P\n"); + } + else if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) || (!part_test && ((BN_cmp(dsa->g, g) || (counter != counter2) || (h != h2))))) fprintf(out, "Result = F\n"); @@ -273,9 +298,11 @@ static void pqgver(FILE *in, FILE *out) dsa = NULL; if (part_test) { - fputs(buf,out); + if (idx == -1) + fputs(buf,out); part_test = 0; } + idx = -1; } } } @@ -436,7 +463,7 @@ static void keypair(FILE *in, FILE *out) fprintf(stderr, "Parameter Generation error\n"); exit(1); } - if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, NULL, NULL, 0, + if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, NULL, NULL, 0, -1, NULL, NULL, NULL, NULL) <= 0) { fprintf(stderr, "Parameter Generation error\n"); @@ -493,7 +520,7 @@ static void siggen(FILE *in, FILE *out) fprintf(stderr, "Parameter Generation error\n"); exit(1); } - if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md, NULL, 0, + if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md, NULL, 0, -1, NULL, NULL, NULL, NULL) <= 0) { fprintf(stderr, "Parameter Generation error\n"); |