|
 |
2c8c022 |
diff -up libgcrypt-1.7.3/tests/cavs_driver.pl.cavs libgcrypt-1.7.3/tests/cavs_driver.pl
|
|
|
2c8c022 |
--- libgcrypt-1.7.3/tests/cavs_driver.pl.cavs 2013-03-15 20:25:38.000000000 +0100
|
|
|
2c8c022 |
+++ libgcrypt-1.7.3/tests/cavs_driver.pl 2016-11-22 17:29:06.067553077 +0100
|
|
|
040c39b |
@@ -1,9 +1,11 @@
|
|
|
040c39b |
#!/usr/bin/env perl
|
|
|
040c39b |
#
|
|
|
040c39b |
-# $Id: cavs_driver.pl 1497 2009-01-22 14:01:29Z smueller $
|
|
|
040c39b |
+# $Id: cavs_driver.pl 2124 2010-12-20 07:56:30Z smueller $
|
|
|
040c39b |
#
|
|
|
040c39b |
# CAVS test driver (based on the OpenSSL driver)
|
|
|
040c39b |
# Written by: Stephan Müller <sm@atsec.com>
|
|
|
040c39b |
+# Werner Koch <wk@g10code.com> (libgcrypt interface)
|
|
|
040c39b |
+# Tomas Mraz <tmraz@redhat.com> (addition of DSA2)
|
|
|
040c39b |
# Copyright (c) atsec information security corporation
|
|
|
040c39b |
#
|
|
|
040c39b |
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
|
040c39b |
@@ -85,13 +87,16 @@
|
|
|
040c39b |
# T[CBC|CFB??|ECB|OFB]varkey
|
|
|
040c39b |
# T[CBC|CFB??|ECB|OFB]invperm
|
|
|
040c39b |
# T[CBC|CFB??|ECB|OFB]vartext
|
|
|
040c39b |
+# WARNING: TDES in CFB and OFB mode problems see below
|
|
|
040c39b |
#
|
|
|
040c39b |
# ANSI X9.31 RNG
|
|
|
040c39b |
# ANSI931_AES128MCT
|
|
|
040c39b |
# ANSI931_AES128VST
|
|
|
040c39b |
#
|
|
|
040c39b |
-# DSA
|
|
|
040c39b |
+# DSA2
|
|
|
040c39b |
# PQGGen
|
|
|
040c39b |
+# PQGVer
|
|
|
040c39b |
+# KeyPair
|
|
|
040c39b |
# SigGen
|
|
|
040c39b |
# SigVer
|
|
|
040c39b |
#
|
|
|
040c39b |
@@ -101,6 +106,36 @@
|
|
|
040c39b |
# RC4PltBD
|
|
|
040c39b |
# RC4REGT
|
|
|
040c39b |
#
|
|
|
040c39b |
+#
|
|
|
040c39b |
+# TDES MCT for CFB and OFB:
|
|
|
040c39b |
+# -------------------------
|
|
|
040c39b |
+# The inner loop cannot be handled by this script. If you want to have tests
|
|
|
040c39b |
+# for these cipher types, implement your own inner loop and add it to
|
|
|
040c39b |
+# crypto_mct.
|
|
|
040c39b |
+#
|
|
|
040c39b |
+# the value $next_source in crypto_mct is NOT set by the standard implementation
|
|
|
040c39b |
+# of this script. It would need to be set as follows for these two (code take
|
|
|
040c39b |
+# from fipsdrv.c from libgcrypt - the value input at the end will contain the
|
|
|
040c39b |
+# the value for $next_source:
|
|
|
040c39b |
+#
|
|
|
040c39b |
+# ... inner loop ...
|
|
|
040c39b |
+# ...
|
|
|
040c39b |
+# get_current_iv (hd, last_iv, blocklen);
|
|
|
040c39b |
+# ... encrypt / decrypt (input is the data to be en/decrypted and output is the
|
|
|
040c39b |
+# result of operation) ...
|
|
|
040c39b |
+# if (encrypt_mode && (cipher_mode == GCRY_CIPHER_MODE_CFB))
|
|
|
040c39b |
+# memcpy (input, last_iv, blocklen);
|
|
|
040c39b |
+# else if (cipher_mode == GCRY_CIPHER_MODE_OFB)
|
|
|
040c39b |
+# memcpy (input, last_iv, blocklen);
|
|
|
040c39b |
+# else if (!encrypt_mode && cipher_mode == GCRY_CIPHER_MODE_CFB)
|
|
|
040c39b |
+# {
|
|
|
040c39b |
+# /* Reconstruct the output vector. */
|
|
|
040c39b |
+# int i;
|
|
|
040c39b |
+# for (i=0; i < blocklen; i++)
|
|
|
040c39b |
+# input[i] ^= output[i];
|
|
|
040c39b |
+# }
|
|
|
040c39b |
+# ... inner loop ends ...
|
|
|
040c39b |
+# ==> now, the value of input is to be put into $next_source
|
|
|
040c39b |
|
|
|
040c39b |
use strict;
|
|
|
040c39b |
use warnings;
|
|
|
040c39b |
@@ -226,6 +261,8 @@ my $hmac;
|
|
|
040c39b |
# Generate the P, Q, G, Seed, counter, h (value used to generate g) values
|
|
|
040c39b |
# for DSA
|
|
|
040c39b |
# $1: modulus size
|
|
|
040c39b |
+# $2: q size
|
|
|
040c39b |
+# $3: seed (might be empty string)
|
|
|
040c39b |
# return: string with the calculated values in hex format, where each value
|
|
|
040c39b |
# is separated from the previous with a \n in the following order:
|
|
|
040c39b |
# P\n
|
|
|
040c39b |
@@ -236,6 +273,19 @@ my $hmac;
|
|
|
040c39b |
# h
|
|
|
040c39b |
my $dsa_pqggen;
|
|
|
040c39b |
|
|
|
040c39b |
+# Generate the G value from P and Q
|
|
|
040c39b |
+# for DSA
|
|
|
040c39b |
+# $1: modulus size
|
|
|
040c39b |
+# $2: q size
|
|
|
040c39b |
+# $3: P in hex form
|
|
|
040c39b |
+# $4: Q in hex form
|
|
|
040c39b |
+# return: string with the calculated values in hex format, where each value
|
|
|
040c39b |
+# is separated from the previous with a \n in the following order:
|
|
|
040c39b |
+# P\n
|
|
|
040c39b |
+# Q\n
|
|
|
040c39b |
+# G\n
|
|
|
040c39b |
+my $dsa_ggen;
|
|
|
040c39b |
+
|
|
|
040c39b |
#
|
|
|
040c39b |
# Generate an DSA public key from the provided parameters:
|
|
|
040c39b |
# $1: Name of file to create
|
|
|
69ded97 |
@@ -255,16 +305,30 @@ my $dsa_verify;
|
|
|
040c39b |
|
|
|
040c39b |
# generate a new DSA key with the following properties:
|
|
|
040c39b |
# PEM format
|
|
|
040c39b |
-# $1 keyfile name
|
|
|
040c39b |
-# return: file created, hash with keys of P, Q, G in hex format
|
|
|
040c39b |
+# $1: modulus size
|
|
|
040c39b |
+# $2: q size
|
|
|
040c39b |
+# $3 keyfile name
|
|
|
040c39b |
+# return: file created with key, string with values of P, Q, G in hex format
|
|
|
040c39b |
my $gen_dsakey;
|
|
|
040c39b |
|
|
|
040c39b |
+# generate a new DSA private key XY parameters in domain:
|
|
|
040c39b |
+# PEM format
|
|
|
040c39b |
+# $1: P in hex form
|
|
|
040c39b |
+# $2: Q in hex form
|
|
|
040c39b |
+# $3: G in hex form
|
|
|
040c39b |
+# return: string with values of X, Y in hex format
|
|
|
040c39b |
+my $gen_dsakey_domain;
|
|
|
040c39b |
+
|
|
|
040c39b |
# Sign a message with DSA
|
|
|
040c39b |
# $1: data to be signed in hex form
|
|
|
040c39b |
# $2: Key file in PEM format with the private key
|
|
|
69ded97 |
# return: hash of digest information in hex format with Y, R, S as keys
|
|
|
69ded97 |
my $dsa_sign;
|
|
|
69ded97 |
|
|
|
69ded97 |
+my $rsa_keygen;
|
|
|
69ded97 |
+
|
|
|
69ded97 |
+my $rsa_keygen_kat;
|
|
|
69ded97 |
+
|
|
|
69ded97 |
################################################################
|
|
|
69ded97 |
##### OpenSSL interface functions
|
|
|
69ded97 |
################################################################
|
|
|
69ded97 |
@@ -404,6 +468,35 @@ sub libgcrypt_rsa_derive($$$$$$$$) {
|
|
|
69ded97 |
}
|
|
|
69ded97 |
|
|
|
69ded97 |
|
|
|
69ded97 |
+sub libgcrypt_rsa_keygen($) {
|
|
|
69ded97 |
+ my $n = shift;
|
|
|
69ded97 |
+ my $sexp;
|
|
|
69ded97 |
+
|
|
|
69ded97 |
+ $n = sprintf ("%u", $n);
|
|
|
69ded97 |
+ $sexp = "(genkey(rsa(nbits " . sprintf ("%u:%s", length($n), $n) . ")))\n";
|
|
|
69ded97 |
+
|
|
|
69ded97 |
+ return pipe_through_program($sexp, "fipsdrv rsa-keygen");
|
|
|
69ded97 |
+}
|
|
|
69ded97 |
+
|
|
|
69ded97 |
+
|
|
|
69ded97 |
+sub libgcrypt_rsa_keygen_kat($$$$) {
|
|
|
69ded97 |
+ my $n = shift;
|
|
|
69ded97 |
+ my $e = shift;
|
|
|
69ded97 |
+ my $p = shift;
|
|
|
69ded97 |
+ my $q = shift;
|
|
|
69ded97 |
+ my $sexp;
|
|
|
69ded97 |
+
|
|
|
69ded97 |
+ $n = sprintf ("%u", $n);
|
|
|
69ded97 |
+ $sexp = "(genkey(rsa(nbits " . sprintf ("%u:%s", length($n), $n) . ")"
|
|
|
69ded97 |
+ . "(test-parms"
|
|
|
69ded97 |
+ . "(e #$e#)"
|
|
|
69ded97 |
+ . "(p #$p#)"
|
|
|
69ded97 |
+ . "(q #$q#))))\n";
|
|
|
69ded97 |
+
|
|
|
69ded97 |
+ return pipe_through_program($sexp, "fipsdrv rsa-keygen-kat");
|
|
|
69ded97 |
+}
|
|
|
69ded97 |
+
|
|
|
69ded97 |
+
|
|
|
69ded97 |
sub libgcrypt_rsa_sign($$$) {
|
|
|
69ded97 |
my $data = shift;
|
|
|
69ded97 |
my $hashalgo = shift;
|
|
|
69ded97 |
@@ -500,17 +593,32 @@ sub libgcrypt_hmac($$$$) {
|
|
|
040c39b |
return pipe_through_program($msg, $program);
|
|
|
040c39b |
}
|
|
|
040c39b |
|
|
|
040c39b |
-sub libgcrypt_dsa_pqggen($) {
|
|
|
040c39b |
+sub libgcrypt_dsa_pqggen($$$) {
|
|
|
040c39b |
+ my $mod = shift;
|
|
|
040c39b |
+ my $qsize = shift;
|
|
|
040c39b |
+ my $seed = shift;
|
|
|
040c39b |
+
|
|
|
040c39b |
+ my $program = "fipsdrv --keysize $mod --qsize $qsize dsa-pqg-gen";
|
|
|
040c39b |
+ return pipe_through_program($seed, $program);
|
|
|
040c39b |
+}
|
|
|
040c39b |
+
|
|
|
040c39b |
+sub libgcrypt_dsa_ggen($$$$) {
|
|
|
040c39b |
my $mod = shift;
|
|
|
040c39b |
+ my $qsize = shift;
|
|
|
040c39b |
+ my $p = shift;
|
|
|
040c39b |
+ my $q = shift;
|
|
|
040c39b |
+ my $domain = "(domain (p #$p#)(q #$q#))";
|
|
|
040c39b |
|
|
|
040c39b |
- my $program = "fipsdrv --keysize $mod dsa-pqg-gen";
|
|
|
040c39b |
+ my $program = "fipsdrv --keysize $mod --qsize $qsize --key \'$domain\' dsa-g-gen";
|
|
|
040c39b |
return pipe_through_program("", $program);
|
|
|
040c39b |
}
|
|
|
040c39b |
|
|
|
040c39b |
-sub libgcrypt_gen_dsakey($) {
|
|
|
040c39b |
+sub libgcrypt_gen_dsakey($$$) {
|
|
|
040c39b |
+ my $mod = shift;
|
|
|
040c39b |
+ my $qsize = shift;
|
|
|
040c39b |
my $file = shift;
|
|
|
040c39b |
|
|
|
040c39b |
- my $program = "fipsdrv --keysize 1024 --key $file dsa-gen";
|
|
|
040c39b |
+ my $program = "fipsdrv --keysize $mod --qsize $qsize --key $file dsa-gen";
|
|
|
040c39b |
my $tmp;
|
|
|
040c39b |
my %ret;
|
|
|
040c39b |
|
|
|
69ded97 |
@@ -519,10 +627,21 @@ sub libgcrypt_gen_dsakey($) {
|
|
|
040c39b |
$tmp = pipe_through_program("", $program);
|
|
|
040c39b |
die "dsa key gen failed: file $file not created" if (! -f $file);
|
|
|
040c39b |
|
|
|
040c39b |
- @ret{'P', 'Q', 'G', 'Seed', 'c', 'H'} = split(/\n/, $tmp);
|
|
|
040c39b |
+ @ret{'P', 'Q', 'G'} = split(/\n/, $tmp);
|
|
|
040c39b |
return %ret;
|
|
|
040c39b |
}
|
|
|
040c39b |
|
|
|
040c39b |
+sub libgcrypt_gen_dsakey_domain($$$) {
|
|
|
040c39b |
+ my $p = shift;
|
|
|
040c39b |
+ my $q = shift;
|
|
|
040c39b |
+ my $g = shift;
|
|
|
040c39b |
+ my $domain = "(domain (p #$p#)(q #$q#)(g #$g#))";
|
|
|
040c39b |
+
|
|
|
040c39b |
+ my $program = "fipsdrv --key '$domain' dsa-gen-key";
|
|
|
040c39b |
+
|
|
|
040c39b |
+ return pipe_through_program("", $program);
|
|
|
040c39b |
+}
|
|
|
040c39b |
+
|
|
|
040c39b |
sub libgcrypt_dsa_genpubkey($$$$$) {
|
|
|
040c39b |
my $filename = shift;
|
|
|
040c39b |
my $p = shift;
|
|
|
69ded97 |
@@ -1139,7 +1258,7 @@ sub hmac_kat($$$$) {
|
|
|
040c39b |
$out .= "Tlen = $tlen\n";
|
|
|
040c39b |
$out .= "Key = $key\n";
|
|
|
040c39b |
$out .= "Msg = $msg\n";
|
|
|
040c39b |
- $out .= "Mac = " . &$hmac($key, $tlen, $msg, $hashtype{$tlen}) . "\n";
|
|
|
040c39b |
+ $out .= "Mac = " . lc(&$hmac($key, $tlen, $msg, $hashtype{$tlen})) . "\n";
|
|
|
040c39b |
|
|
|
040c39b |
return $out;
|
|
|
040c39b |
}
|
|
|
69ded97 |
@@ -1205,7 +1324,7 @@ sub crypto_mct($$$$$$$$) {
|
|
|
040c39b |
}
|
|
|
040c39b |
my ($CO, $CI);
|
|
|
040c39b |
my $cipher_imp = &$state_cipher($cipher, $enc, $bufsize, $key1, $iv);
|
|
|
040c39b |
- $cipher_imp = &$state_cipher_des($cipher, $enc, $bufsize, $key1, $iv) if($cipher =~ /des/);
|
|
|
040c39b |
+ $cipher_imp = &$state_cipher_des($cipher, $enc, $bufsize, $key1, $iv) if($cipher =~ /des/ && defined($state_cipher_des));
|
|
|
040c39b |
my $pid = open2($CO, $CI, $cipher_imp);
|
|
|
040c39b |
|
|
|
040c39b |
my $calc_data = $iv; # CT[j]
|
|
|
69ded97 |
@@ -1213,8 +1332,8 @@ sub crypto_mct($$$$$$$$) {
|
|
|
040c39b |
my $old_old_calc_data; # CT[j-2]
|
|
|
040c39b |
my $next_source;
|
|
|
040c39b |
|
|
|
040c39b |
- # TDES inner loop implements logic within driver
|
|
|
040c39b |
- if ($cipher =~ /des/) {
|
|
|
040c39b |
+ # TDES inner loop implements logic within driver of libgcrypt
|
|
|
040c39b |
+ if ($cipher =~ /des/ && $opt{'I'} && $opt{'I'} eq 'libgcrypt' ) {
|
|
|
040c39b |
# Need to provide a dummy IV in case of ECB mode.
|
|
|
040c39b |
my $iv_arg = (defined($iv) && $iv ne "")
|
|
|
040c39b |
? bin2hex($iv)
|
|
|
69ded97 |
@@ -1238,6 +1357,10 @@ sub crypto_mct($$$$$$$$) {
|
|
|
040c39b |
$line = <$CO>;
|
|
|
040c39b |
} else {
|
|
|
040c39b |
for (my $j = 0; $j < $iloop; ++$j) {
|
|
|
040c39b |
+ if ($cipher =~ /des-ede3-ofb/ ||
|
|
|
040c39b |
+ (!$enc && $cipher =~ /des-ede3-cfb/)) {
|
|
|
040c39b |
+ die "Implementation lacks support for TDES OFB and TDES CFB in encryption mode - the problem is that we would need to extract the IV of the last round of encryption which would be the input for the next round - see comments in this script for implementation requirements";
|
|
|
040c39b |
+ }
|
|
|
040c39b |
$old_old_calc_data = $old_calc_data;
|
|
|
040c39b |
$old_calc_data = $calc_data;
|
|
|
040c39b |
|
|
|
69ded97 |
@@ -1429,7 +1552,7 @@ sub rsa_sigver($$$$$) {
|
|
|
69ded97 |
# $7 xq2
|
|
|
69ded97 |
# $8 Xq
|
|
|
69ded97 |
# return: string formatted as expected by CAVS
|
|
|
69ded97 |
-sub rsa_keygen($$$$$$$$) {
|
|
|
69ded97 |
+sub rsa_keygen_x931($$$$$$$$) {
|
|
|
69ded97 |
my $modulus = shift;
|
|
|
69ded97 |
my $e = shift;
|
|
|
69ded97 |
my $xp1 = shift;
|
|
|
69ded97 |
@@ -1503,21 +1626,23 @@ sub rngx931($$$$) {
|
|
|
040c39b |
return $out;
|
|
|
040c39b |
}
|
|
|
040c39b |
|
|
|
040c39b |
-# DSA PQGGen test
|
|
|
040c39b |
+# DSA PQGen test
|
|
|
040c39b |
# $1 modulus size
|
|
|
040c39b |
-# $2 number of rounds to perform the test
|
|
|
040c39b |
+# $2 q size
|
|
|
040c39b |
+# $3 number of rounds to perform the test
|
|
|
040c39b |
# return: string formatted as expected by CAVS
|
|
|
040c39b |
-sub dsa_pqggen_driver($$) {
|
|
|
040c39b |
+sub dsa_pqgen_driver($$$) {
|
|
|
040c39b |
my $mod = shift;
|
|
|
040c39b |
+ my $qsize = shift;
|
|
|
040c39b |
my $rounds = shift;
|
|
|
040c39b |
|
|
|
040c39b |
my $out = "";
|
|
|
040c39b |
for(my $i=0; $i<$rounds; $i++) {
|
|
|
040c39b |
- my $ret = &$dsa_pqggen($mod);
|
|
|
040c39b |
+ my $ret = &$dsa_pqggen($mod, $qsize, "");
|
|
|
040c39b |
my ($P, $Q, $G, $Seed, $c, $H) = split(/\n/, $ret);
|
|
|
040c39b |
- die "Return value does not contain all expected values of P, Q, G, Seed, c, H for dsa_pqggen"
|
|
|
040c39b |
- if (!defined($P) || !defined($Q) || !defined($G) ||
|
|
|
040c39b |
- !defined($Seed) || !defined($c) || !defined($H));
|
|
|
040c39b |
+ die "Return value does not contain all expected values of P, Q, Seed, c for dsa_pqggen"
|
|
|
040c39b |
+ if (!defined($P) || !defined($Q) ||
|
|
|
040c39b |
+ !defined($Seed) || !defined($c));
|
|
|
040c39b |
|
|
|
040c39b |
# now change the counter to decimal as CAVS wants decimal
|
|
|
040c39b |
# counter value although all other is HEX
|
|
|
69ded97 |
@@ -1525,15 +1650,166 @@ sub dsa_pqggen_driver($$) {
|
|
|
040c39b |
|
|
|
040c39b |
$out .= "P = $P\n";
|
|
|
040c39b |
$out .= "Q = $Q\n";
|
|
|
040c39b |
- $out .= "G = $G\n";
|
|
|
040c39b |
- $out .= "Seed = $Seed\n";
|
|
|
040c39b |
- $out .= "c = $c\n";
|
|
|
040c39b |
- $out .= "H = $H\n\n";
|
|
|
040c39b |
+ $out .= "domain_parameter_seed = $Seed\n";
|
|
|
040c39b |
+ $out .= "counter = $c\n\n";
|
|
|
040c39b |
}
|
|
|
040c39b |
|
|
|
040c39b |
return $out;
|
|
|
040c39b |
}
|
|
|
040c39b |
|
|
|
040c39b |
+# DSA GGen test
|
|
|
040c39b |
+# $1 modulus size
|
|
|
040c39b |
+# $2 q size
|
|
|
040c39b |
+# $3 p in hex form
|
|
|
040c39b |
+# $4 q in hex form
|
|
|
040c39b |
+# return: string formatted as expected by CAVS
|
|
|
040c39b |
+sub dsa_ggen_driver($$$$) {
|
|
|
040c39b |
+ my $mod = shift;
|
|
|
040c39b |
+ my $qsize = shift;
|
|
|
040c39b |
+ my $p = shift;
|
|
|
040c39b |
+ my $q = shift;
|
|
|
040c39b |
+
|
|
|
040c39b |
+ my $out = "";
|
|
|
040c39b |
+ my $ret = &$dsa_ggen($mod, $qsize, $p, $q);
|
|
|
040c39b |
+ my ($P, $Q, $G) = split(/\n/, $ret);
|
|
|
040c39b |
+ die "Return value does not contain all expected values of P, Q, G for dsa_ggen"
|
|
|
040c39b |
+ if (!defined($P) || !defined($Q) || !defined($G));
|
|
|
040c39b |
+
|
|
|
040c39b |
+ $out .= "G = $G\n\n";
|
|
|
040c39b |
+
|
|
|
040c39b |
+ return $out;
|
|
|
040c39b |
+}
|
|
|
040c39b |
+
|
|
|
040c39b |
+sub hexcomp($$) {
|
|
|
040c39b |
+ my $a = lc shift;
|
|
|
040c39b |
+ my $b = lc shift;
|
|
|
040c39b |
+
|
|
|
040c39b |
+ if (length $a < length $b) {
|
|
|
040c39b |
+ my $c = $a;
|
|
|
040c39b |
+ $a = $b;
|
|
|
040c39b |
+ $b = $a;
|
|
|
040c39b |
+ }
|
|
|
040c39b |
+
|
|
|
040c39b |
+ while (length $b < length $a) {
|
|
|
040c39b |
+ $b = "00$b";
|
|
|
040c39b |
+ }
|
|
|
040c39b |
+
|
|
|
040c39b |
+ return $a eq $b;
|
|
|
040c39b |
+}
|
|
|
040c39b |
+
|
|
|
040c39b |
+# DSA PQVer test
|
|
|
040c39b |
+# $1 modulus size
|
|
|
040c39b |
+# $2 q size
|
|
|
040c39b |
+# $3 p in hex form
|
|
|
040c39b |
+# $4 q in hex form
|
|
|
040c39b |
+# $5 seed in hex form
|
|
|
040c39b |
+# $6 c decimal counter
|
|
|
040c39b |
+# return: string formatted as expected by CAVS
|
|
|
040c39b |
+sub dsa_pqver_driver($$$$$$) {
|
|
|
040c39b |
+ my $mod = shift;
|
|
|
040c39b |
+ my $qsize = shift;
|
|
|
040c39b |
+ my $p = shift;
|
|
|
040c39b |
+ my $q = shift;
|
|
|
040c39b |
+ my $seed = shift;
|
|
|
040c39b |
+ my $c = shift;
|
|
|
040c39b |
+
|
|
|
040c39b |
+ my $out = "";
|
|
|
040c39b |
+ my $ret = &$dsa_pqggen($mod, $qsize, $seed);
|
|
|
040c39b |
+ my ($P, $Q, $G, $seed2, $c2, $h2) = split(/\n/, $ret);
|
|
|
040c39b |
+ die "Return value does not contain all expected values of P, Q, G, seed, c for dsa_pqggen"
|
|
|
040c39b |
+ if (!defined($P) || !defined($Q) || !defined($G) ||
|
|
|
040c39b |
+ !defined($seed2) || !defined($c2));
|
|
|
040c39b |
+
|
|
|
040c39b |
+ $c2 = hex($c2);
|
|
|
040c39b |
+
|
|
|
040c39b |
+ $out .= "Seed = $seed\n";
|
|
|
040c39b |
+ $out .= "c = $c\n";
|
|
|
040c39b |
+
|
|
|
040c39b |
+ if (hexcomp($P, $p) && hexcomp($Q, $q) && hexcomp($seed, $seed2) && $c == $c2) {
|
|
|
040c39b |
+ $out .= "Result = P\n\n";
|
|
|
040c39b |
+ }
|
|
|
040c39b |
+ else {
|
|
|
040c39b |
+ $out .= "Result = F\n\n";
|
|
|
040c39b |
+ }
|
|
|
040c39b |
+ return $out;
|
|
|
040c39b |
+}
|
|
|
040c39b |
+
|
|
|
040c39b |
+# DSA PQGVer test
|
|
|
040c39b |
+# $1 modulus size
|
|
|
040c39b |
+# $2 q size
|
|
|
040c39b |
+# $3 p in hex form
|
|
|
040c39b |
+# $4 q in hex form
|
|
|
040c39b |
+# $5 g in hex form
|
|
|
040c39b |
+# $6 seed in hex form
|
|
|
040c39b |
+# $7 c decimal counter
|
|
|
040c39b |
+# $8 h in hex form
|
|
|
040c39b |
+# return: string formatted as expected by CAVS
|
|
|
040c39b |
+sub dsa_pqgver_driver($$$$$$$$) {
|
|
|
040c39b |
+ my $mod = shift;
|
|
|
040c39b |
+ my $qsize = shift;
|
|
|
040c39b |
+ my $p = shift;
|
|
|
040c39b |
+ my $q = shift;
|
|
|
040c39b |
+ my $g = shift;
|
|
|
040c39b |
+ my $seed = shift;
|
|
|
040c39b |
+ my $c = shift;
|
|
|
040c39b |
+ my $h = shift;
|
|
|
040c39b |
+
|
|
|
040c39b |
+ my $out = "";
|
|
|
040c39b |
+ my $ret = &$dsa_pqggen($mod, $qsize, $seed);
|
|
|
040c39b |
+ my ($P, $Q, $G, $seed2, $c2, $h2) = split(/\n/, $ret);
|
|
|
040c39b |
+ die "Return value does not contain all expected values of P, Q, G, seed, c, H for dsa_pqggen"
|
|
|
040c39b |
+ if (!defined($P) || !defined($Q) || !defined($G) ||
|
|
|
040c39b |
+ !defined($seed2) || !defined($c2) || !defined($h2));
|
|
|
040c39b |
+
|
|
|
040c39b |
+
|
|
|
040c39b |
+
|
|
|
040c39b |
+ $out .= "Seed = $seed\n";
|
|
|
040c39b |
+ $out .= "c = $c\n";
|
|
|
040c39b |
+ $out .= "H = $h\n";
|
|
|
040c39b |
+
|
|
|
040c39b |
+ $c2 = hex($c2);
|
|
|
040c39b |
+
|
|
|
040c39b |
+ if (hexcomp($P, $p) && hexcomp($Q, $q) && hexcomp($G, $g) && hexcomp($seed, $seed2) &&
|
|
|
040c39b |
+ $c == $c2 && hex($h) == hex($h2)) {
|
|
|
040c39b |
+ $out .= "Result = P\n\n";
|
|
|
040c39b |
+ }
|
|
|
040c39b |
+ else {
|
|
|
040c39b |
+ $out .= "Result = F\n\n";
|
|
|
040c39b |
+ }
|
|
|
040c39b |
+
|
|
|
040c39b |
+ return $out;
|
|
|
040c39b |
+}
|
|
|
040c39b |
+
|
|
|
040c39b |
+# DSA Keypair test
|
|
|
040c39b |
+# $1 modulus size
|
|
|
040c39b |
+# $2 q size
|
|
|
040c39b |
+# $3 number of rounds to perform the test
|
|
|
040c39b |
+# return: string formatted as expected by CAVS
|
|
|
040c39b |
+sub dsa_keypair_driver($$$) {
|
|
|
040c39b |
+ my $mod = shift;
|
|
|
040c39b |
+ my $qsize = shift;
|
|
|
040c39b |
+ my $rounds = shift;
|
|
|
040c39b |
+
|
|
|
040c39b |
+ my $out = "";
|
|
|
040c39b |
+ my $tmpkeyfile = "dsa_siggen.tmp.$$";
|
|
|
040c39b |
+ my %pqg = &$gen_dsakey($mod, $qsize, $tmpkeyfile);
|
|
|
040c39b |
+ $out .= "P = " . $pqg{'P'} . "\n";
|
|
|
040c39b |
+ $out .= "Q = " . $pqg{'Q'} . "\n";
|
|
|
040c39b |
+ $out .= "G = " . $pqg{'G'} . "\n\n";
|
|
|
040c39b |
+ unlink($tmpkeyfile);
|
|
|
040c39b |
+
|
|
|
040c39b |
+ for(my $i=0; $i<$rounds; $i++) {
|
|
|
040c39b |
+ my $ret = &$gen_dsakey_domain($pqg{'P'}, $pqg{'Q'}, $pqg{'G'});
|
|
|
040c39b |
+ my ($X, $Y) = split(/\n/, $ret);
|
|
|
040c39b |
+ die "Return value does not contain all expected values of X, Y for gen_dsakey_domain"
|
|
|
040c39b |
+ if (!defined($X) || !defined($Y));
|
|
|
040c39b |
+
|
|
|
040c39b |
+ $out .= "X = $X\n";
|
|
|
040c39b |
+ $out .= "Y = $Y\n\n";
|
|
|
040c39b |
+ }
|
|
|
040c39b |
+
|
|
|
040c39b |
+ return $out;
|
|
|
040c39b |
+}
|
|
|
040c39b |
|
|
|
040c39b |
# DSA SigGen test
|
|
|
040c39b |
# $1: Message to be signed in hex form
|
|
|
69ded97 |
@@ -1598,6 +1874,53 @@ sub dsa_sigver($$$$$$$$) {
|
|
|
69ded97 |
return $out;
|
|
|
69ded97 |
}
|
|
|
69ded97 |
|
|
|
69ded97 |
+# RSA Keygen RPP test
|
|
|
69ded97 |
+# $1 modulus size
|
|
|
69ded97 |
+# $2 number of rounds to perform the test
|
|
|
69ded97 |
+# return: string formatted as expected by CAVS
|
|
|
69ded97 |
+sub rsa_keygen_driver($$) {
|
|
|
69ded97 |
+ my $mod = shift;
|
|
|
69ded97 |
+ my $rounds = shift;
|
|
|
69ded97 |
+
|
|
|
69ded97 |
+ my $out = "";
|
|
|
69ded97 |
+
|
|
|
69ded97 |
+ for(my $i=0; $i<$rounds; $i++) {
|
|
|
69ded97 |
+ my $ret = &$rsa_keygen($mod);
|
|
|
69ded97 |
+ my ($e, $p, $q, $n, $d) = split(/\n/, $ret);
|
|
|
69ded97 |
+ die "Return value does not contain all expected values of e, p, q, n, d for rsa_keygen"
|
|
|
69ded97 |
+ if (!defined($e) || !defined($p) || !defined($q) || !defined($n) || !defined($d));
|
|
|
69ded97 |
+
|
|
|
69ded97 |
+ $out .= "e = $e\n";
|
|
|
69ded97 |
+ $out .= "p = $p\n";
|
|
|
69ded97 |
+ $out .= "q = $q\n";
|
|
|
69ded97 |
+ $out .= "n = $n\n";
|
|
|
69ded97 |
+ $out .= "d = $d\n\n";
|
|
|
69ded97 |
+ }
|
|
|
69ded97 |
+
|
|
|
69ded97 |
+ return $out;
|
|
|
69ded97 |
+}
|
|
|
69ded97 |
+
|
|
|
69ded97 |
+# RSA RPP Keygen KAT test
|
|
|
69ded97 |
+# $1 modulus size
|
|
|
69ded97 |
+# $2 p in hex form
|
|
|
69ded97 |
+# $3 q in hex form
|
|
|
69ded97 |
+# return: string formatted as expected by CAVS
|
|
|
69ded97 |
+sub rsa_keygen_kat_driver($$$) {
|
|
|
69ded97 |
+ my $mod = shift;
|
|
|
69ded97 |
+ my $p = shift;
|
|
|
69ded97 |
+ my $q = shift;
|
|
|
69ded97 |
+
|
|
|
69ded97 |
+ my $out = "";
|
|
|
69ded97 |
+ my $ret = &$rsa_keygen_kat($mod, $p, $q);
|
|
|
69ded97 |
+ my ($Result) = split(/\n/, $ret);
|
|
|
69ded97 |
+ die "Return value does not contain all expected values of Result for rsa_keygen_kat"
|
|
|
69ded97 |
+ if (!defined($Result));
|
|
|
69ded97 |
+
|
|
|
69ded97 |
+ $out .= "Result = $Result\n\n";
|
|
|
69ded97 |
+ return $out;
|
|
|
69ded97 |
+}
|
|
|
69ded97 |
+
|
|
|
69ded97 |
+
|
|
|
69ded97 |
##############################################################
|
|
|
69ded97 |
# Parser of input file and generator of result file
|
|
|
69ded97 |
#
|
|
|
69ded97 |
@@ -1658,12 +1981,18 @@ sub parse($$) {
|
|
|
040c39b |
my $klen = "";
|
|
|
040c39b |
my $tlen = "";
|
|
|
040c39b |
my $modulus = "";
|
|
|
040c39b |
+ my $qsize = "";
|
|
|
040c39b |
my $capital_n = 0;
|
|
|
040c39b |
+ my $num = 0;
|
|
|
040c39b |
my $capital_p = "";
|
|
|
040c39b |
my $capital_q = "";
|
|
|
040c39b |
my $capital_g = "";
|
|
|
040c39b |
my $capital_y = "";
|
|
|
040c39b |
my $capital_r = "";
|
|
|
040c39b |
+ my $capital_h = "";
|
|
|
040c39b |
+ my $c = "";
|
|
|
69ded97 |
+ my $prandom = "";
|
|
|
69ded97 |
+ my $qrandom = "";
|
|
|
040c39b |
my $xp1 = "";
|
|
|
040c39b |
my $xp2 = "";
|
|
|
040c39b |
my $Xp = "";
|
|
|
69ded97 |
@@ -1700,7 +2029,7 @@ sub parse($$) {
|
|
|
040c39b |
|
|
|
040c39b |
##### Extract cipher
|
|
|
040c39b |
# XXX there may be more - to be added
|
|
|
040c39b |
- if ($tmpline =~ /^#.*(CBC|ECB|OFB|CFB|SHA-|SigGen|SigVer|RC4VS|ANSI X9\.31|Hash sizes tested|PQGGen|KeyGen RSA)/) {
|
|
|
69ded97 |
+ if ($tmpline =~ /^#.*(CBC|ECB|OFB|CFB|SHA-|SigGen|SigVer|RC4VS|ANSI X9\.31|Hash sizes tested|PQGGen|KeyGen RSA|KeyGen - Random Probably Prime|KeyPair|PQGVer)/) {
|
|
|
040c39b |
if ($tmpline =~ /CBC/) { $mode="cbc"; }
|
|
|
040c39b |
elsif ($tmpline =~ /ECB/) { $mode="ecb"; }
|
|
|
040c39b |
elsif ($tmpline =~ /OFB/) { $mode="ofb"; }
|
|
|
69ded97 |
@@ -1749,7 +2078,23 @@ sub parse($$) {
|
|
|
040c39b |
|
|
|
040c39b |
if ($tt == 0) {
|
|
|
040c39b |
##### Identify the test type
|
|
|
040c39b |
- if ($tmpline =~ /KeyGen RSA \(X9\.31\)/) {
|
|
|
69ded97 |
+ if ($tmpline =~ /KeyGen - Random Probably Prime Known Answer Test/) {
|
|
|
69ded97 |
+ $tt = 19;
|
|
|
69ded97 |
+ die "Interface function rsa_keygen_kat for RSA key generation KAT not defined for tested library"
|
|
|
69ded97 |
+ if (!defined($rsa_keygen_kat));
|
|
|
69ded97 |
+ } elsif ($tmpline =~ /KeyGen - Random Probably Prime Test/) {
|
|
|
69ded97 |
+ $tt = 18;
|
|
|
69ded97 |
+ die "Interface function rsa_keygen for RSA key generation not defined for tested library"
|
|
|
69ded97 |
+ if (!defined($rsa_keygen));
|
|
|
69ded97 |
+ } elsif ($tmpline =~ /PQGVer/) {
|
|
|
040c39b |
+ $tt = 16;
|
|
|
040c39b |
+ die "Interface function for DSA PQGVer testing not defined for tested library"
|
|
|
040c39b |
+ if (!defined($dsa_pqggen));
|
|
|
040c39b |
+ } elsif ($tmpline =~ /KeyPair/) {
|
|
|
040c39b |
+ $tt = 14;
|
|
|
040c39b |
+ die "Interface function dsa_keygen for DSA key generation not defined for tested library"
|
|
|
040c39b |
+ if (!defined($gen_dsakey_domain));
|
|
|
040c39b |
+ } elsif ($tmpline =~ /KeyGen RSA \(X9\.31\)/) {
|
|
|
040c39b |
$tt = 13;
|
|
|
040c39b |
die "Interface function rsa_derive for RSA key generation not defined for tested library"
|
|
|
040c39b |
if (!defined($rsa_derive));
|
|
|
69ded97 |
@@ -1760,11 +2105,11 @@ sub parse($$) {
|
|
|
040c39b |
} elsif ($tmpline =~ /SigGen/ && $opt{'D'}) {
|
|
|
040c39b |
$tt = 11;
|
|
|
040c39b |
die "Interface function dsa_sign or gen_dsakey for DSA sign not defined for tested library"
|
|
|
040c39b |
- if (!defined($dsa_sign) || !defined($gen_rsakey));
|
|
|
040c39b |
+ if (!defined($dsa_sign) || !defined($gen_dsakey));
|
|
|
040c39b |
} elsif ($tmpline =~ /PQGGen/) {
|
|
|
040c39b |
$tt = 10;
|
|
|
040c39b |
die "Interface function for DSA PQGGen testing not defined for tested library"
|
|
|
040c39b |
- if (!defined($dsa_pqggen));
|
|
|
040c39b |
+ if (!defined($dsa_pqggen) || !defined($dsa_ggen));
|
|
|
040c39b |
} elsif ($tmpline =~ /Hash sizes tested/) {
|
|
|
040c39b |
$tt = 9;
|
|
|
040c39b |
die "Interface function hmac for HMAC testing not defined for tested library"
|
|
|
69ded97 |
@@ -1792,7 +2137,7 @@ sub parse($$) {
|
|
|
040c39b |
} elsif ($tmpline =~ /Monte|MCT|Carlo/) {
|
|
|
040c39b |
$tt = 2;
|
|
|
040c39b |
die "Interface function state_cipher for Stateful Cipher operation defined for tested library"
|
|
|
040c39b |
- if (!defined($state_cipher) || !defined($state_cipher_des));
|
|
|
040c39b |
+ if (!defined($state_cipher) && !defined($state_cipher_des));
|
|
|
040c39b |
} elsif ($cipher =~ /^sha/) {
|
|
|
040c39b |
$tt = 3;
|
|
|
040c39b |
die "Interface function hash for Hashing not defined for tested library"
|
|
|
69ded97 |
@@ -1875,18 +2220,44 @@ sub parse($$) {
|
|
|
040c39b |
die "Msg/Seed seen twice - input file crap" if ($pt ne "");
|
|
|
040c39b |
$pt=$2;
|
|
|
040c39b |
}
|
|
|
040c39b |
- elsif ($line =~ /^\[mod\s*=\s*(.*)\]$/) { # found in RSA requests
|
|
|
040c39b |
+ elsif ($line =~ /^\[A.2.1\s.*\]$/) { # found in DSA2 PQGGen request
|
|
|
040c39b |
+ $out .= $line . "\n"; # print it
|
|
|
040c39b |
+ if ($tt == 10) {
|
|
|
040c39b |
+ # now generate G from PQ
|
|
|
040c39b |
+ $tt = 15;
|
|
|
040c39b |
+ }
|
|
|
040c39b |
+ }
|
|
|
040c39b |
+ elsif ($line =~ /^\[A.2.2\s.*\]$/) { # found in DSA2 PQGVer request
|
|
|
040c39b |
+ $out .= $line . "\n"; # print it
|
|
|
040c39b |
+ if ($tt == 16) {
|
|
|
040c39b |
+ # now verify PQG
|
|
|
040c39b |
+ $tt = 17;
|
|
|
040c39b |
+ }
|
|
|
040c39b |
+ }
|
|
|
040c39b |
+ elsif ($line =~ /^\[mod\s*=\s*L=([0-9]*),\s*N=([0-9]*).*\]$/) { # found in DSA2 requests
|
|
|
040c39b |
$modulus = $1;
|
|
|
040c39b |
+ $qsize = $2;
|
|
|
040c39b |
$out .= $line . "\n\n"; # print it
|
|
|
040c39b |
+ # clear eventual PQG
|
|
|
040c39b |
+ $capital_p = "";
|
|
|
040c39b |
+ $capital_q = "";
|
|
|
040c39b |
+ $capital_g = "";
|
|
|
040c39b |
# generate the private key with given bit length now
|
|
|
040c39b |
# as we have the required key length in bit
|
|
|
040c39b |
if ($tt == 11) {
|
|
|
040c39b |
$dsa_keyfile = "dsa_siggen.tmp.$$";
|
|
|
040c39b |
- my %pqg = &$gen_dsakey($dsa_keyfile);
|
|
|
040c39b |
+ my %pqg = &$gen_dsakey($modulus, $qsize, $dsa_keyfile);
|
|
|
040c39b |
$out .= "P = " . $pqg{'P'} . "\n";
|
|
|
040c39b |
$out .= "Q = " . $pqg{'Q'} . "\n";
|
|
|
040c39b |
- $out .= "G = " . $pqg{'G'} . "\n";
|
|
|
040c39b |
- } elsif ( $tt == 5 ) {
|
|
|
040c39b |
+ $out .= "G = " . $pqg{'G'} . "\n\n";
|
|
|
040c39b |
+ }
|
|
|
040c39b |
+ }
|
|
|
040c39b |
+ elsif ($line =~ /^\[mod\s*=\s*(.*)\]$/) { # found in RSA requests
|
|
|
040c39b |
+ $modulus = $1;
|
|
|
040c39b |
+ $out .= $line . "\n\n"; # print it
|
|
|
040c39b |
+ # generate the private key with given bit length now
|
|
|
040c39b |
+ # as we have the required key length in bit
|
|
|
040c39b |
+ if ( $tt == 5 ) {
|
|
|
040c39b |
# XXX maybe a secure temp file name is better here
|
|
|
040c39b |
# but since it is not run on a security sensitive
|
|
|
040c39b |
# system, I hope that this is fine
|
|
|
69ded97 |
@@ -1907,6 +2278,9 @@ sub parse($$) {
|
|
|
69ded97 |
}
|
|
|
69ded97 |
elsif ($line =~ /^e\s*=\s*(.*)/) { # found in RSA requests
|
|
|
69ded97 |
$e=$1;
|
|
|
69ded97 |
+ if ($tt == 19) {
|
|
|
69ded97 |
+ $out .= $line . "\n"; # print it
|
|
|
69ded97 |
+ }
|
|
|
69ded97 |
}
|
|
|
69ded97 |
elsif ($line =~ /^S\s*=\s*(.*)/) { # found in RSA requests
|
|
|
69ded97 |
die "S seen twice - input file crap" if ($signature ne "");
|
|
|
69ded97 |
@@ -1932,11 +2306,16 @@ sub parse($$) {
|
|
|
040c39b |
if ($tlen ne "");
|
|
|
040c39b |
$tlen=$1;
|
|
|
040c39b |
}
|
|
|
040c39b |
- elsif ($line =~ /^N\s*=\s*(.*)/) { #DSA PQGGen
|
|
|
040c39b |
+ elsif ($line =~ /^N\s*=\s*(.*)/) { #DSA KeyPair
|
|
|
040c39b |
die "N seen twice - check input file"
|
|
|
040c39b |
if ($capital_n);
|
|
|
040c39b |
$capital_n = $1;
|
|
|
040c39b |
}
|
|
|
040c39b |
+ elsif ($line =~ /^Num\s*=\s*(.*)/) { #DSA PQGGen
|
|
|
040c39b |
+ die "Num seen twice - check input file"
|
|
|
040c39b |
+ if ($num);
|
|
|
040c39b |
+ $num = $1;
|
|
|
040c39b |
+ }
|
|
|
040c39b |
elsif ($line =~ /^P\s*=\s*(.*)/) { #DSA SigVer
|
|
|
040c39b |
die "P seen twice - check input file"
|
|
|
040c39b |
if ($capital_p);
|
|
|
69ded97 |
@@ -1965,6 +2344,16 @@ sub parse($$) {
|
|
|
040c39b |
if ($capital_r);
|
|
|
040c39b |
$capital_r = $1;
|
|
|
040c39b |
}
|
|
|
040c39b |
+ elsif ($line =~ /^H\s*=\s*(.*)/) { #DSA PQGVer
|
|
|
040c39b |
+ die "H seen twice - check input file"
|
|
|
040c39b |
+ if ($capital_h);
|
|
|
040c39b |
+ $capital_h = $1;
|
|
|
040c39b |
+ }
|
|
|
040c39b |
+ elsif ($line =~ /^c\s*=\s*(.*)/) { #DSA PQGVer
|
|
|
040c39b |
+ die "c seen twice - check input file"
|
|
|
040c39b |
+ if ($c);
|
|
|
040c39b |
+ $c = $1;
|
|
|
040c39b |
+ }
|
|
|
040c39b |
elsif ($line =~ /^xp1\s*=\s*(.*)/) { #RSA key gen
|
|
|
040c39b |
die "xp1 seen twice - check input file"
|
|
|
040c39b |
if ($xp1);
|
|
|
69ded97 |
@@ -1995,6 +2384,22 @@ sub parse($$) {
|
|
|
69ded97 |
if ($Xq);
|
|
|
69ded97 |
$Xq = $1;
|
|
|
69ded97 |
}
|
|
|
69ded97 |
+ elsif ($line =~ /^prandom\s*=\s*(.*)/) { #RSA key gen KAT
|
|
|
69ded97 |
+ die "prandom seen twice - check input file"
|
|
|
69ded97 |
+ if ($prandom);
|
|
|
69ded97 |
+ $prandom = $1;
|
|
|
69ded97 |
+ $out .= $line . "\n"; # print it
|
|
|
69ded97 |
+ }
|
|
|
69ded97 |
+ elsif ($line =~ /^qrandom\s*=\s*(.*)/) { #RSA key gen KAT
|
|
|
69ded97 |
+ die "qrandom seen twice - check input file"
|
|
|
69ded97 |
+ if ($qrandom);
|
|
|
69ded97 |
+ $qrandom = $1;
|
|
|
69ded97 |
+ $out .= $line . "\n"; # print it
|
|
|
69ded97 |
+ }
|
|
|
69ded97 |
+ elsif ($tt == 19 && $line =~ /^ / && $qrandom eq "") { #RSA key gen KAT
|
|
|
69ded97 |
+ $qrandom = "00";
|
|
|
69ded97 |
+ $out .= $line . "\n"; # print it
|
|
|
69ded97 |
+ }
|
|
|
69ded97 |
else {
|
|
|
69ded97 |
$out .= $line . "\n";
|
|
|
69ded97 |
}
|
|
|
69ded97 |
@@ -2074,11 +2479,10 @@ sub parse($$) {
|
|
|
040c39b |
}
|
|
|
040c39b |
}
|
|
|
040c39b |
elsif ($tt == 10) {
|
|
|
040c39b |
- if ($modulus ne "" && $capital_n > 0) {
|
|
|
040c39b |
- $out .= dsa_pqggen_driver($modulus, $capital_n);
|
|
|
040c39b |
- #$mod is not resetted
|
|
|
040c39b |
- $capital_n = 0;
|
|
|
040c39b |
- }
|
|
|
040c39b |
+ if ($modulus ne "" && $qsize ne "" && $num > 0) {
|
|
|
040c39b |
+ $out .= dsa_pqgen_driver($modulus, $qsize, $num);
|
|
|
040c39b |
+ $num = 0;
|
|
|
040c39b |
+ }
|
|
|
040c39b |
}
|
|
|
040c39b |
elsif ($tt == 11) {
|
|
|
040c39b |
if ($pt ne "" && $dsa_keyfile ne "") {
|
|
|
69ded97 |
@@ -2124,7 +2528,7 @@ sub parse($$) {
|
|
|
69ded97 |
$xq1 ne "" &&
|
|
|
69ded97 |
$xq2 ne "" &&
|
|
|
69ded97 |
$Xq ne "") {
|
|
|
69ded97 |
- $out .= rsa_keygen($modulus,
|
|
|
69ded97 |
+ $out .= rsa_keygen_x931($modulus,
|
|
|
69ded97 |
$e,
|
|
|
69ded97 |
$xp1,
|
|
|
69ded97 |
$xp2,
|
|
|
69ded97 |
@@ -2141,6 +2545,96 @@ sub parse($$) {
|
|
|
040c39b |
$Xq = "";
|
|
|
040c39b |
}
|
|
|
040c39b |
}
|
|
|
040c39b |
+ elsif ($tt == 14) {
|
|
|
040c39b |
+ if ($modulus ne "" &&
|
|
|
040c39b |
+ $qsize ne "" &&
|
|
|
040c39b |
+ $capital_n > 0) {
|
|
|
040c39b |
+ $out .= dsa_keypair_driver($modulus,
|
|
|
040c39b |
+ $qsize,
|
|
|
040c39b |
+ $capital_n);
|
|
|
040c39b |
+ $capital_n = 0;
|
|
|
040c39b |
+ }
|
|
|
040c39b |
+ }
|
|
|
040c39b |
+ elsif ($tt == 15) {
|
|
|
040c39b |
+ if ($modulus ne "" &&
|
|
|
040c39b |
+ $qsize ne "" &&
|
|
|
040c39b |
+ $capital_p ne "" &&
|
|
|
040c39b |
+ $capital_q ne "") {
|
|
|
040c39b |
+ $out .= dsa_ggen_driver($modulus,
|
|
|
040c39b |
+ $qsize,
|
|
|
040c39b |
+ $capital_p,
|
|
|
040c39b |
+ $capital_q);
|
|
|
040c39b |
+ $capital_p = "";
|
|
|
040c39b |
+ $capital_q = "";
|
|
|
040c39b |
+ $num--;
|
|
|
040c39b |
+ }
|
|
|
040c39b |
+ }
|
|
|
040c39b |
+ elsif ($tt == 16) {
|
|
|
040c39b |
+ if ($modulus ne "" &&
|
|
|
040c39b |
+ $qsize ne "" &&
|
|
|
040c39b |
+ $capital_p ne "" &&
|
|
|
040c39b |
+ $capital_q ne "" &&
|
|
|
040c39b |
+ $pt ne "" &&
|
|
|
040c39b |
+ $c ne "") {
|
|
|
040c39b |
+ $out .= dsa_pqver_driver($modulus,
|
|
|
040c39b |
+ $qsize,
|
|
|
040c39b |
+ $capital_p,
|
|
|
040c39b |
+ $capital_q,
|
|
|
040c39b |
+ $pt,
|
|
|
040c39b |
+ $c);
|
|
|
040c39b |
+ $capital_p = "";
|
|
|
040c39b |
+ $capital_q = "";
|
|
|
040c39b |
+ $pt = "";
|
|
|
040c39b |
+ $c = "";
|
|
|
040c39b |
+ }
|
|
|
040c39b |
+ }
|
|
|
040c39b |
+ elsif ($tt == 17) {
|
|
|
040c39b |
+ if ($modulus ne "" &&
|
|
|
040c39b |
+ $qsize ne "" &&
|
|
|
040c39b |
+ $capital_p ne "" &&
|
|
|
040c39b |
+ $capital_q ne "" &&
|
|
|
040c39b |
+ $capital_g ne "" &&
|
|
|
040c39b |
+ $pt ne "" &&
|
|
|
040c39b |
+ $c ne "" &&
|
|
|
040c39b |
+ $capital_h ne "") {
|
|
|
040c39b |
+ $out .= dsa_pqgver_driver($modulus,
|
|
|
040c39b |
+ $qsize,
|
|
|
040c39b |
+ $capital_p,
|
|
|
040c39b |
+ $capital_q,
|
|
|
040c39b |
+ $capital_g,
|
|
|
040c39b |
+ $pt,
|
|
|
040c39b |
+ $c,
|
|
|
040c39b |
+ $capital_h);
|
|
|
040c39b |
+ $capital_p = "";
|
|
|
040c39b |
+ $capital_q = "";
|
|
|
040c39b |
+ $capital_g = "";
|
|
|
040c39b |
+ $pt = "";
|
|
|
040c39b |
+ $c = "";
|
|
|
040c39b |
+ $capital_h = "";
|
|
|
040c39b |
+ }
|
|
|
040c39b |
+ }
|
|
|
69ded97 |
+ elsif ($tt == 18) {
|
|
|
69ded97 |
+ if ($modulus ne "" &&
|
|
|
69ded97 |
+ $capital_n > 0) {
|
|
|
69ded97 |
+ $out .= rsa_keygen_driver($modulus,
|
|
|
69ded97 |
+ $capital_n);
|
|
|
69ded97 |
+ $capital_n = 0;
|
|
|
69ded97 |
+ }
|
|
|
69ded97 |
+ }
|
|
|
69ded97 |
+ elsif ($tt == 19) {
|
|
|
69ded97 |
+ if ($modulus ne "" &&
|
|
|
69ded97 |
+ $e ne "" &&
|
|
|
69ded97 |
+ $prandom ne "" &&
|
|
|
69ded97 |
+ $qrandom ne "") {
|
|
|
69ded97 |
+ $out .= rsa_keygen_kat_driver($modulus,
|
|
|
69ded97 |
+ $e,
|
|
|
69ded97 |
+ $prandom,
|
|
|
69ded97 |
+ $qrandom);
|
|
|
69ded97 |
+ $prandom = "";
|
|
|
69ded97 |
+ $qrandom = "";
|
|
|
69ded97 |
+ $e = "";
|
|
|
69ded97 |
+ }
|
|
|
69ded97 |
+ }
|
|
|
040c39b |
elsif ($tt > 0) {
|
|
|
040c39b |
die "Test case $tt not defined";
|
|
|
040c39b |
}
|
|
|
69ded97 |
@@ -2199,10 +2693,14 @@ sub main() {
|
|
|
040c39b |
$state_rng = \&libgcrypt_state_rng;
|
|
|
040c39b |
$hmac = \&libgcrypt_hmac;
|
|
|
040c39b |
$dsa_pqggen = \&libgcrypt_dsa_pqggen;
|
|
|
040c39b |
+ $dsa_ggen = \&libgcrypt_dsa_ggen;
|
|
|
040c39b |
$gen_dsakey = \&libgcrypt_gen_dsakey;
|
|
|
040c39b |
+ $gen_dsakey_domain = \&libgcrypt_gen_dsakey_domain;
|
|
|
040c39b |
$dsa_sign = \&libgcrypt_dsa_sign;
|
|
|
040c39b |
$dsa_verify = \&libgcrypt_dsa_verify;
|
|
|
040c39b |
$dsa_genpubkey = \&libgcrypt_dsa_genpubkey;
|
|
|
69ded97 |
+ $rsa_keygen = \&libgcrypt_rsa_keygen;
|
|
|
69ded97 |
+ $rsa_keygen_kat = \&libgcrypt_rsa_keygen_kat;
|
|
|
69ded97 |
} else {
|
|
|
69ded97 |
die "Invalid interface option given";
|
|
|
69ded97 |
}
|
|
|
2c8c022 |
diff -up libgcrypt-1.7.3/tests/cavs_tests.sh.cavs libgcrypt-1.7.3/tests/cavs_tests.sh
|
|
|
2c8c022 |
--- libgcrypt-1.7.3/tests/cavs_tests.sh.cavs 2013-03-15 20:25:38.000000000 +0100
|
|
|
2c8c022 |
+++ libgcrypt-1.7.3/tests/cavs_tests.sh 2016-11-22 17:29:06.067553077 +0100
|
|
|
040c39b |
@@ -55,7 +55,7 @@ function run_one_test () {
|
|
|
040c39b |
[ -d "$respdir" ] || mkdir "$respdir"
|
|
|
040c39b |
[ -f "$rspfile" ] && rm "$rspfile"
|
|
|
040c39b |
|
|
|
040c39b |
- if echo "$reqfile" | grep '/DSA/req/' >/dev/null 2>/dev/null; then
|
|
|
040c39b |
+ if echo "$reqfile" | grep '/DSA.\?/req/' >/dev/null 2>/dev/null; then
|
|
|
040c39b |
dflag="-D"
|
|
|
040c39b |
fi
|
|
|
040c39b |
|
|
|
2c8c022 |
diff -up libgcrypt-1.7.3/tests/fipsdrv.c.cavs libgcrypt-1.7.3/tests/fipsdrv.c
|
|
|
2c8c022 |
--- libgcrypt-1.7.3/tests/fipsdrv.c.cavs 2016-07-14 11:19:17.000000000 +0200
|
|
|
2c8c022 |
+++ libgcrypt-1.7.3/tests/fipsdrv.c 2016-11-22 17:33:15.468330859 +0100
|
|
|
2c8c022 |
@@ -892,6 +892,9 @@ print_mpi_line (gcry_mpi_t a, int no_lz)
|
|
|
040c39b |
die ("gcry_mpi_aprint failed: %s\n", gpg_strerror (err));
|
|
|
040c39b |
|
|
|
040c39b |
p = buf;
|
|
|
040c39b |
+ while (*p)
|
|
|
040c39b |
+ *p++ = tolower(*p);
|
|
|
040c39b |
+ p = buf;
|
|
|
040c39b |
if (no_lz && p[0] == '0' && p[1] == '0' && p[2])
|
|
|
040c39b |
p += 2;
|
|
|
040c39b |
|
|
|
2c8c022 |
@@ -1765,14 +1768,14 @@ run_rsa_verify (const void *data, size_t
|
|
|
040c39b |
/* Generate a DSA key of size KEYSIZE and return the complete
|
|
|
040c39b |
S-expression. */
|
|
|
040c39b |
static gcry_sexp_t
|
|
|
040c39b |
-dsa_gen (int keysize)
|
|
|
040c39b |
+dsa_gen (int keysize, int qsize)
|
|
|
040c39b |
{
|
|
|
040c39b |
gpg_error_t err;
|
|
|
040c39b |
gcry_sexp_t keyspec, key;
|
|
|
040c39b |
|
|
|
040c39b |
err = gcry_sexp_build (&keyspec, NULL,
|
|
|
040c39b |
- "(genkey (dsa (nbits %d)(use-fips186-2)))",
|
|
|
040c39b |
- keysize);
|
|
|
040c39b |
+ "(genkey (dsa (nbits %d)(qbits %d)(use-fips186)))",
|
|
|
040c39b |
+ keysize, qsize);
|
|
|
040c39b |
if (err)
|
|
|
040c39b |
die ("gcry_sexp_build failed for DSA key generation: %s\n",
|
|
|
040c39b |
gpg_strerror (err));
|
|
|
2c8c022 |
@@ -1790,7 +1793,7 @@ dsa_gen (int keysize)
|
|
|
040c39b |
/* Generate a DSA key of size KEYSIZE and return the complete
|
|
|
040c39b |
S-expression. */
|
|
|
040c39b |
static gcry_sexp_t
|
|
|
040c39b |
-dsa_gen_with_seed (int keysize, const void *seed, size_t seedlen)
|
|
|
040c39b |
+dsa_gen_with_seed (int keysize, int qsize, const void *seed, size_t seedlen)
|
|
|
040c39b |
{
|
|
|
040c39b |
gpg_error_t err;
|
|
|
040c39b |
gcry_sexp_t keyspec, key;
|
|
|
2c8c022 |
@@ -1799,10 +1802,11 @@ dsa_gen_with_seed (int keysize, const vo
|
|
|
040c39b |
"(genkey"
|
|
|
040c39b |
" (dsa"
|
|
|
040c39b |
" (nbits %d)"
|
|
|
040c39b |
- " (use-fips186-2)"
|
|
|
040c39b |
+ " (qbits %d)"
|
|
|
040c39b |
+ " (use-fips186)"
|
|
|
040c39b |
" (derive-parms"
|
|
|
040c39b |
" (seed %b))))",
|
|
|
040c39b |
- keysize, (int)seedlen, seed);
|
|
|
040c39b |
+ keysize, qsize, (int)seedlen, seed);
|
|
|
040c39b |
if (err)
|
|
|
040c39b |
die ("gcry_sexp_build failed for DSA key generation: %s\n",
|
|
|
040c39b |
gpg_strerror (err));
|
|
|
2c8c022 |
@@ -1810,6 +1814,37 @@ dsa_gen_with_seed (int keysize, const vo
|
|
|
040c39b |
err = gcry_pk_genkey (&key, keyspec);
|
|
|
040c39b |
if (err)
|
|
|
040c39b |
die ("gcry_pk_genkey failed for DSA: %s\n", gpg_strerror (err));
|
|
|
040c39b |
+
|
|
|
040c39b |
+ gcry_sexp_release (keyspec);
|
|
|
040c39b |
+
|
|
|
040c39b |
+ return key;
|
|
|
040c39b |
+}
|
|
|
040c39b |
+
|
|
|
040c39b |
+/* Generate a DSA key with specified domain parameters and return the complete
|
|
|
040c39b |
+ S-expression. */
|
|
|
040c39b |
+static gcry_sexp_t
|
|
|
040c39b |
+dsa_gen_key (const char *domain)
|
|
|
040c39b |
+{
|
|
|
040c39b |
+ gpg_error_t err;
|
|
|
040c39b |
+ gcry_sexp_t keyspec, key, domspec;
|
|
|
040c39b |
+
|
|
|
040c39b |
+ err = gcry_sexp_new (&domspec, domain, strlen(domain), 0);
|
|
|
040c39b |
+ if (err)
|
|
|
040c39b |
+ die ("gcry_sexp_build failed for domain spec: %s\n",
|
|
|
040c39b |
+ gpg_strerror (err));
|
|
|
040c39b |
+
|
|
|
040c39b |
+ err = gcry_sexp_build (&keyspec, NULL,
|
|
|
040c39b |
+ "(genkey"
|
|
|
040c39b |
+ " (dsa"
|
|
|
040c39b |
+ " (use-fips186)"
|
|
|
040c39b |
+ " %S))",
|
|
|
040c39b |
+ domspec);
|
|
|
040c39b |
+ if (err)
|
|
|
040c39b |
+ die ("gcry_sexp_build failed for DSA key generation: %s\n",
|
|
|
040c39b |
+ gpg_strerror (err));
|
|
|
040c39b |
+ err = gcry_pk_genkey (&key, keyspec);
|
|
|
040c39b |
+ if (err)
|
|
|
040c39b |
+ die ("gcry_pk_genkey failed for DSA: %s\n", gpg_strerror (err));
|
|
|
040c39b |
|
|
|
040c39b |
gcry_sexp_release (keyspec);
|
|
|
040c39b |
|
|
|
2c8c022 |
@@ -1849,7 +1884,7 @@ ecdsa_gen_key (const char *curve)
|
|
|
040c39b |
with one parameter per line in hex format using this order: p, q,
|
|
|
040c39b |
g, seed, counter, h. */
|
|
|
040c39b |
static void
|
|
|
040c39b |
-print_dsa_domain_parameters (gcry_sexp_t key)
|
|
|
040c39b |
+print_dsa_domain_parameters (gcry_sexp_t key, int print_misc)
|
|
|
040c39b |
{
|
|
|
040c39b |
gcry_sexp_t l1, l2;
|
|
|
040c39b |
gcry_mpi_t mpi;
|
|
|
2c8c022 |
@@ -1885,6 +1920,9 @@ print_dsa_domain_parameters (gcry_sexp_t
|
|
|
040c39b |
}
|
|
|
040c39b |
gcry_sexp_release (l1);
|
|
|
040c39b |
|
|
|
040c39b |
+ if (!print_misc)
|
|
|
040c39b |
+ return;
|
|
|
040c39b |
+
|
|
|
040c39b |
/* Extract the seed values. */
|
|
|
040c39b |
l1 = gcry_sexp_find_token (key, "misc-key-info", 0);
|
|
|
040c39b |
if (!l1)
|
|
|
2c8c022 |
@@ -1976,38 +2014,106 @@ print_ecdsa_dq (gcry_sexp_t key)
|
|
|
040c39b |
}
|
|
|
040c39b |
|
|
|
040c39b |
|
|
|
040c39b |
-/* Generate DSA domain parameters for a modulus size of KEYSIZE. The
|
|
|
040c39b |
+/* Print just the XY private key parameters. KEY
|
|
|
040c39b |
+ is the complete key as returned by dsa_gen. We print to stdout
|
|
|
040c39b |
+ with one parameter per line in hex format using this order: x, y. */
|
|
|
040c39b |
+static void
|
|
|
040c39b |
+print_dsa_xy (gcry_sexp_t key)
|
|
|
040c39b |
+{
|
|
|
040c39b |
+ gcry_sexp_t l1, l2;
|
|
|
040c39b |
+ gcry_mpi_t mpi;
|
|
|
040c39b |
+ int idx;
|
|
|
040c39b |
+
|
|
|
040c39b |
+ l1 = gcry_sexp_find_token (key, "private-key", 0);
|
|
|
040c39b |
+ if (!l1)
|
|
|
040c39b |
+ die ("private key not found in genkey result\n");
|
|
|
040c39b |
+
|
|
|
040c39b |
+ l2 = gcry_sexp_find_token (l1, "dsa", 0);
|
|
|
040c39b |
+ if (!l2)
|
|
|
040c39b |
+ die ("returned private key not formed as expected\n");
|
|
|
040c39b |
+ gcry_sexp_release (l1);
|
|
|
040c39b |
+ l1 = l2;
|
|
|
040c39b |
+
|
|
|
040c39b |
+ /* Extract the parameters from the S-expression and print them to stdout. */
|
|
|
040c39b |
+ for (idx=0; "xy"[idx]; idx++)
|
|
|
040c39b |
+ {
|
|
|
040c39b |
+ l2 = gcry_sexp_find_token (l1, "xy"+idx, 1);
|
|
|
040c39b |
+ if (!l2)
|
|
|
040c39b |
+ die ("no %c parameter in returned public key\n", "xy"[idx]);
|
|
|
040c39b |
+ mpi = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
|
|
|
040c39b |
+ if (!mpi)
|
|
|
040c39b |
+ die ("no value for %c parameter in returned private key\n","xy"[idx]);
|
|
|
040c39b |
+ gcry_sexp_release (l2);
|
|
|
040c39b |
+ if (standalone_mode)
|
|
|
040c39b |
+ printf ("%c = ", "XY"[idx]);
|
|
|
040c39b |
+ print_mpi_line (mpi, 1);
|
|
|
040c39b |
+ gcry_mpi_release (mpi);
|
|
|
040c39b |
+ }
|
|
|
040c39b |
+
|
|
|
040c39b |
+ gcry_sexp_release (l1);
|
|
|
040c39b |
+}
|
|
|
040c39b |
+
|
|
|
040c39b |
+
|
|
|
040c39b |
+/* Generate DSA pq domain parameters for a modulus size of KEYSIZE. The
|
|
|
040c39b |
result is printed to stdout with one parameter per line in hex
|
|
|
040c39b |
- format and in this order: p, q, g, seed, counter, h. If SEED is
|
|
|
040c39b |
+ format and in this order: p, q, seed, counter. If SEED is
|
|
|
040c39b |
not NULL this seed value will be used for the generation. */
|
|
|
040c39b |
static void
|
|
|
040c39b |
-run_dsa_pqg_gen (int keysize, const void *seed, size_t seedlen)
|
|
|
040c39b |
+run_dsa_pqg_gen (int keysize, int qsize, const void *seed, size_t seedlen)
|
|
|
040c39b |
{
|
|
|
040c39b |
gcry_sexp_t key;
|
|
|
040c39b |
|
|
|
040c39b |
if (seed)
|
|
|
040c39b |
- key = dsa_gen_with_seed (keysize, seed, seedlen);
|
|
|
040c39b |
+ key = dsa_gen_with_seed (keysize, qsize, seed, seedlen);
|
|
|
040c39b |
else
|
|
|
040c39b |
- key = dsa_gen (keysize);
|
|
|
040c39b |
- print_dsa_domain_parameters (key);
|
|
|
040c39b |
+ key = dsa_gen (keysize, qsize);
|
|
|
040c39b |
+ print_dsa_domain_parameters (key, 1);
|
|
|
040c39b |
+ gcry_sexp_release (key);
|
|
|
040c39b |
+}
|
|
|
040c39b |
+
|
|
|
040c39b |
+
|
|
|
040c39b |
+/* Generate DSA domain parameters for a modulus size of KEYSIZE. The
|
|
|
040c39b |
+ result is printed to stdout with one parameter per line in hex
|
|
|
040c39b |
+ format and in this order: p, q, g, seed, counter, h. If SEED is
|
|
|
040c39b |
+ not NULL this seed value will be used for the generation. */
|
|
|
040c39b |
+static void
|
|
|
040c39b |
+run_dsa_g_gen (int keysize, int qsize, const char *domain)
|
|
|
040c39b |
+{
|
|
|
040c39b |
+ gcry_sexp_t key;
|
|
|
040c39b |
+
|
|
|
040c39b |
+ key = dsa_gen_key (domain);
|
|
|
040c39b |
+ print_dsa_domain_parameters (key, 0);
|
|
|
040c39b |
+ gcry_sexp_release (key);
|
|
|
040c39b |
+}
|
|
|
040c39b |
+
|
|
|
040c39b |
+/* Generate a DSA key with specified domain parameters
|
|
|
040c39b |
+ and print the XY values. */
|
|
|
040c39b |
+static void
|
|
|
040c39b |
+run_dsa_gen_key (const char *domain)
|
|
|
040c39b |
+{
|
|
|
040c39b |
+ gcry_sexp_t key;
|
|
|
040c39b |
+
|
|
|
040c39b |
+ key = dsa_gen_key (domain);
|
|
|
040c39b |
+ print_dsa_xy (key);
|
|
|
040c39b |
+
|
|
|
040c39b |
gcry_sexp_release (key);
|
|
|
040c39b |
}
|
|
|
040c39b |
|
|
|
040c39b |
|
|
|
040c39b |
/* Generate a DSA key of size of KEYSIZE and write the private key to
|
|
|
040c39b |
FILENAME. Also write the parameters to stdout in the same way as
|
|
|
040c39b |
- run_dsa_pqg_gen. */
|
|
|
040c39b |
+ run_dsa_g_gen. */
|
|
|
040c39b |
static void
|
|
|
040c39b |
-run_dsa_gen (int keysize, const char *filename)
|
|
|
040c39b |
+run_dsa_gen (int keysize, int qsize, const char *filename)
|
|
|
040c39b |
{
|
|
|
040c39b |
gcry_sexp_t key, private_key;
|
|
|
040c39b |
FILE *fp;
|
|
|
040c39b |
|
|
|
040c39b |
- key = dsa_gen (keysize);
|
|
|
040c39b |
+ key = dsa_gen (keysize, qsize);
|
|
|
040c39b |
private_key = gcry_sexp_find_token (key, "private-key", 0);
|
|
|
040c39b |
if (!private_key)
|
|
|
040c39b |
die ("private key not found in genkey result\n");
|
|
|
040c39b |
- print_dsa_domain_parameters (key);
|
|
|
040c39b |
+ print_dsa_domain_parameters (key, 1);
|
|
|
040c39b |
|
|
|
040c39b |
fp = fopen (filename, "wb");
|
|
|
040c39b |
if (!fp)
|
|
|
2c8c022 |
@@ -2020,6 +2126,53 @@ run_dsa_gen (int keysize, const char *fi
|
|
|
040c39b |
}
|
|
|
040c39b |
|
|
|
040c39b |
|
|
|
040c39b |
+static int
|
|
|
040c39b |
+dsa_hash_from_key(gcry_sexp_t s_key)
|
|
|
040c39b |
+{
|
|
|
040c39b |
+ gcry_sexp_t l1, l2;
|
|
|
040c39b |
+ gcry_mpi_t q;
|
|
|
040c39b |
+ unsigned int qbits;
|
|
|
040c39b |
+
|
|
|
040c39b |
+ l1 = gcry_sexp_find_token (s_key, "public-key", 0);
|
|
|
040c39b |
+ if (!l1)
|
|
|
040c39b |
+ {
|
|
|
040c39b |
+ l1 = gcry_sexp_find_token (s_key, "private-key", 0);
|
|
|
040c39b |
+ if (!l1)
|
|
|
040c39b |
+ die ("neither private nor public key found in the loaded key\n");
|
|
|
040c39b |
+ }
|
|
|
040c39b |
+
|
|
|
040c39b |
+ l2 = gcry_sexp_find_token (l1, "dsa", 0);
|
|
|
040c39b |
+ if (!l2)
|
|
|
040c39b |
+ die ("public key not formed as expected - no dsa\n");
|
|
|
040c39b |
+ gcry_sexp_release (l1);
|
|
|
040c39b |
+ l1 = l2;
|
|
|
040c39b |
+
|
|
|
040c39b |
+ l2 = gcry_sexp_find_token (l1, "q", 0);
|
|
|
040c39b |
+ if (!l2)
|
|
|
040c39b |
+ die ("public key not formed as expected - no q\n");
|
|
|
040c39b |
+ gcry_sexp_release (l1);
|
|
|
040c39b |
+ l1 = l2;
|
|
|
040c39b |
+
|
|
|
040c39b |
+ q = gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG);
|
|
|
040c39b |
+ if (!q)
|
|
|
040c39b |
+ die ("public key not formed as expected - no mpi in q\n");
|
|
|
040c39b |
+ qbits = gcry_mpi_get_nbits(q);
|
|
|
040c39b |
+ gcry_sexp_release(l1);
|
|
|
040c39b |
+ gcry_mpi_release(q);
|
|
|
040c39b |
+ switch(qbits)
|
|
|
040c39b |
+ {
|
|
|
040c39b |
+ case 160:
|
|
|
040c39b |
+ return GCRY_MD_SHA1;
|
|
|
040c39b |
+ case 224:
|
|
|
040c39b |
+ return GCRY_MD_SHA224;
|
|
|
040c39b |
+ case 256:
|
|
|
040c39b |
+ return GCRY_MD_SHA256;
|
|
|
040c39b |
+ default:
|
|
|
040c39b |
+ die("bad number bits (%d) of q in key\n", qbits);
|
|
|
040c39b |
+ }
|
|
|
040c39b |
+ return GCRY_MD_NONE;
|
|
|
040c39b |
+}
|
|
|
040c39b |
+
|
|
|
040c39b |
�
|
|
|
040c39b |
/* Sign DATA of length DATALEN using the key taken from the S-expression
|
|
|
040c39b |
encoded KEYFILE. */
|
|
|
2c8c022 |
@@ -2029,11 +2182,16 @@ run_dsa_sign (const void *data, size_t d
|
|
|
040c39b |
{
|
|
|
040c39b |
gpg_error_t err;
|
|
|
040c39b |
gcry_sexp_t s_data, s_key, s_sig, s_tmp, s_tmp2;
|
|
|
040c39b |
- char hash[20];
|
|
|
040c39b |
+ char hash[128];
|
|
|
040c39b |
gcry_mpi_t tmpmpi;
|
|
|
040c39b |
+ int algo;
|
|
|
2c8c022 |
+
|
|
|
2c8c022 |
+ s_key = read_sexp_from_file (keyfile);
|
|
|
2c8c022 |
+ algo = dsa_hash_from_key(s_key);
|
|
|
040c39b |
|
|
|
040c39b |
- gcry_md_hash_buffer (GCRY_MD_SHA1, hash, data, datalen);
|
|
|
040c39b |
- err = gcry_mpi_scan (&tmpmpi, GCRYMPI_FMT_USG, hash, 20, NULL);
|
|
|
040c39b |
+ gcry_md_hash_buffer (algo, hash, data, datalen);
|
|
|
040c39b |
+ err = gcry_mpi_scan (&tmpmpi, GCRYMPI_FMT_USG, hash,
|
|
|
040c39b |
+ gcry_md_get_algo_dlen(algo), NULL);
|
|
|
040c39b |
if (!err)
|
|
|
040c39b |
{
|
|
|
040c39b |
err = gcry_sexp_build (&s_data, NULL,
|
|
|
2c8c022 |
@@ -2044,8 +2202,6 @@ run_dsa_sign (const void *data, size_t d
|
|
|
040c39b |
die ("gcry_sexp_build failed for DSA data input: %s\n",
|
|
|
040c39b |
gpg_strerror (err));
|
|
|
040c39b |
|
|
|
040c39b |
- s_key = read_sexp_from_file (keyfile);
|
|
|
040c39b |
-
|
|
|
040c39b |
err = gcry_pk_sign (&s_sig, s_data, s_key);
|
|
|
040c39b |
if (err)
|
|
|
040c39b |
{
|
|
|
2c8c022 |
@@ -2121,13 +2277,18 @@ run_dsa_verify (const void *data, size_t
|
|
|
040c39b |
{
|
|
|
040c39b |
gpg_error_t err;
|
|
|
040c39b |
gcry_sexp_t s_data, s_key, s_sig;
|
|
|
040c39b |
- char hash[20];
|
|
|
040c39b |
+ char hash[128];
|
|
|
040c39b |
gcry_mpi_t tmpmpi;
|
|
|
040c39b |
+ int algo;
|
|
|
040c39b |
|
|
|
040c39b |
- gcry_md_hash_buffer (GCRY_MD_SHA1, hash, data, datalen);
|
|
|
2c8c022 |
+ s_key = read_sexp_from_file (keyfile);
|
|
|
2c8c022 |
+ algo = dsa_hash_from_key(s_key);
|
|
|
2c8c022 |
+
|
|
|
040c39b |
+ gcry_md_hash_buffer (algo, hash, data, datalen);
|
|
|
040c39b |
/* Note that we can't simply use %b with HASH to build the
|
|
|
040c39b |
S-expression, because that might yield a negative value. */
|
|
|
040c39b |
- err = gcry_mpi_scan (&tmpmpi, GCRYMPI_FMT_USG, hash, 20, NULL);
|
|
|
040c39b |
+ err = gcry_mpi_scan (&tmpmpi, GCRYMPI_FMT_USG, hash,
|
|
|
040c39b |
+ gcry_md_get_algo_dlen(algo), NULL);
|
|
|
040c39b |
if (!err)
|
|
|
040c39b |
{
|
|
|
040c39b |
err = gcry_sexp_build (&s_data, NULL,
|
|
|
2c8c022 |
@@ -2138,7 +2299,6 @@ run_dsa_verify (const void *data, size_t
|
|
|
040c39b |
die ("gcry_sexp_build failed for DSA data input: %s\n",
|
|
|
040c39b |
gpg_strerror (err));
|
|
|
040c39b |
|
|
|
040c39b |
- s_key = read_sexp_from_file (keyfile);
|
|
|
040c39b |
s_sig = read_sexp_from_file (sigfile);
|
|
|
040c39b |
|
|
|
040c39b |
err = gcry_pk_verify (s_sig, s_data, s_key);
|
|
|
2c8c022 |
@@ -2304,7 +2464,7 @@ usage (int show_help)
|
|
|
040c39b |
"MODE:\n"
|
|
|
040c39b |
" encrypt, decrypt, digest, random, hmac-sha,\n"
|
|
|
2c8c022 |
" rsa-{derive,gen,sign,verify},\n"
|
|
|
2c8c022 |
- " dsa-{pqg-gen,gen,sign,verify}, ecdsa-{gen-key,sign,verify}\n"
|
|
|
2c8c022 |
+ " dsa-{pq-gen,g-gen,gen,sign,verify}, ecdsa-{gen-key,sign,verify}\n"
|
|
|
040c39b |
"OPTIONS:\n"
|
|
|
040c39b |
" --verbose Print additional information\n"
|
|
|
040c39b |
" --binary Input and output is in binary form\n"
|
|
|
2c8c022 |
@@ -2315,6 +2475,7 @@ usage (int show_help)
|
|
|
040c39b |
" --algo NAME Use algorithm NAME\n"
|
|
|
2c8c022 |
" --curve NAME Select ECC curve spec NAME\n"
|
|
|
040c39b |
" --keysize N Use a keysize of N bits\n"
|
|
|
040c39b |
+ " --qize N Use a DSA q parameter size of N bits\n"
|
|
|
040c39b |
" --signature NAME Take signature from file NAME\n"
|
|
|
040c39b |
" --chunk N Read in chunks of N bytes (implies --binary)\n"
|
|
|
040c39b |
" --pkcs1 Use PKCS#1 encoding\n"
|
|
|
2c8c022 |
@@ -2344,6 +2505,7 @@ main (int argc, char **argv)
|
|
|
040c39b |
const char *dt_string = NULL;
|
|
|
040c39b |
const char *algo_string = NULL;
|
|
|
040c39b |
const char *keysize_string = NULL;
|
|
|
040c39b |
+ const char *qsize_string = NULL;
|
|
|
040c39b |
const char *signature_string = NULL;
|
|
|
040c39b |
FILE *input;
|
|
|
040c39b |
void *data;
|
|
|
2c8c022 |
@@ -2437,6 +2599,14 @@ main (int argc, char **argv)
|
|
|
040c39b |
keysize_string = *argv;
|
|
|
040c39b |
argc--; argv++;
|
|
|
040c39b |
}
|
|
|
040c39b |
+ else if (!strcmp (*argv, "--qsize"))
|
|
|
040c39b |
+ {
|
|
|
040c39b |
+ argc--; argv++;
|
|
|
040c39b |
+ if (!argc)
|
|
|
040c39b |
+ usage (0);
|
|
|
040c39b |
+ qsize_string = *argv;
|
|
|
040c39b |
+ argc--; argv++;
|
|
|
040c39b |
+ }
|
|
|
040c39b |
else if (!strcmp (*argv, "--signature"))
|
|
|
040c39b |
{
|
|
|
040c39b |
argc--; argv++;
|
|
|
2c8c022 |
@@ -2792,23 +2962,49 @@ main (int argc, char **argv)
|
|
|
040c39b |
}
|
|
|
040c39b |
else if (!strcmp (mode_string, "dsa-pqg-gen"))
|
|
|
040c39b |
{
|
|
|
040c39b |
- int keysize;
|
|
|
040c39b |
+ int keysize, qsize;
|
|
|
2c8c022 |
+
|
|
|
2c8c022 |
+ keysize = keysize_string? atoi (keysize_string) : 0;
|
|
|
2c8c022 |
+ if (keysize < 1024 || keysize > 3072)
|
|
|
2c8c022 |
+ die ("invalid keysize specified; needs to be 1024 .. 3072\n");
|
|
|
040c39b |
+ qsize = qsize_string? atoi (qsize_string) : 0;
|
|
|
040c39b |
+ if (qsize < 160 || qsize > 256)
|
|
|
040c39b |
+ die ("invalid qsize specified; needs to be 160 .. 256\n");
|
|
|
040c39b |
+ run_dsa_pqg_gen (keysize, qsize, datalen? data:NULL, datalen);
|
|
|
040c39b |
+ }
|
|
|
040c39b |
+ else if (!strcmp (mode_string, "dsa-g-gen"))
|
|
|
040c39b |
+ {
|
|
|
040c39b |
+ int keysize, qsize;
|
|
|
2c8c022 |
|
|
|
2c8c022 |
keysize = keysize_string? atoi (keysize_string) : 0;
|
|
|
2c8c022 |
if (keysize < 1024 || keysize > 3072)
|
|
|
2c8c022 |
die ("invalid keysize specified; needs to be 1024 .. 3072\n");
|
|
|
2c8c022 |
- run_dsa_pqg_gen (keysize, datalen? data:NULL, datalen);
|
|
|
040c39b |
+ qsize = qsize_string? atoi (qsize_string) : 0;
|
|
|
040c39b |
+ if (qsize < 160 || qsize > 256)
|
|
|
040c39b |
+ die ("invalid qsize specified; needs to be 160 .. 256\n");
|
|
|
040c39b |
+ if (!key_string)
|
|
|
040c39b |
+ die ("option --key containing pq domain parameters is required in this mode\n");
|
|
|
040c39b |
+ run_dsa_g_gen (keysize, qsize, key_string);
|
|
|
040c39b |
+ }
|
|
|
040c39b |
+ else if (!strcmp (mode_string, "dsa-gen-key"))
|
|
|
040c39b |
+ {
|
|
|
040c39b |
+ if (!key_string)
|
|
|
040c39b |
+ die ("option --key containing pqg domain parameters is required in this mode\n");
|
|
|
040c39b |
+ run_dsa_gen_key (key_string);
|
|
|
040c39b |
}
|
|
|
040c39b |
else if (!strcmp (mode_string, "dsa-gen"))
|
|
|
040c39b |
{
|
|
|
040c39b |
- int keysize;
|
|
|
040c39b |
+ int keysize, qsize;
|
|
|
040c39b |
|
|
|
040c39b |
keysize = keysize_string? atoi (keysize_string) : 0;
|
|
|
040c39b |
if (keysize < 1024 || keysize > 3072)
|
|
|
040c39b |
die ("invalid keysize specified; needs to be 1024 .. 3072\n");
|
|
|
040c39b |
+ qsize = qsize_string? atoi (qsize_string) : 0;
|
|
|
040c39b |
+ if (qsize < 160 || qsize > 256)
|
|
|
040c39b |
+ die ("invalid qsize specified; needs to be 160 .. 256\n");
|
|
|
040c39b |
if (!key_string)
|
|
|
040c39b |
die ("option --key is required in this mode\n");
|
|
|
040c39b |
- run_dsa_gen (keysize, key_string);
|
|
|
040c39b |
+ run_dsa_gen (keysize, qsize, key_string);
|
|
|
040c39b |
}
|
|
|
040c39b |
else if (!strcmp (mode_string, "dsa-sign"))
|
|
|
040c39b |
{
|