155714Skris/* crypto/dsa/dsatest.c */ 255714Skris/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 355714Skris * All rights reserved. 455714Skris * 555714Skris * This package is an SSL implementation written 655714Skris * by Eric Young (eay@cryptsoft.com). 755714Skris * The implementation was written so as to conform with Netscapes SSL. 8280297Sjkim * 955714Skris * This library is free for commercial and non-commercial use as long as 1055714Skris * the following conditions are aheared to. The following conditions 1155714Skris * apply to all code found in this distribution, be it the RC4, RSA, 1255714Skris * lhash, DES, etc., code; not just the SSL code. The SSL documentation 1355714Skris * included with this distribution is covered by the same copyright terms 1455714Skris * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15280297Sjkim * 1655714Skris * Copyright remains Eric Young's, and as such any Copyright notices in 1755714Skris * the code are not to be removed. 1855714Skris * If this package is used in a product, Eric Young should be given attribution 1955714Skris * as the author of the parts of the library used. 2055714Skris * This can be in the form of a textual message at program startup or 2155714Skris * in documentation (online or textual) provided with the package. 22280297Sjkim * 2355714Skris * Redistribution and use in source and binary forms, with or without 2455714Skris * modification, are permitted provided that the following conditions 2555714Skris * are met: 2655714Skris * 1. Redistributions of source code must retain the copyright 2755714Skris * notice, this list of conditions and the following disclaimer. 2855714Skris * 2. Redistributions in binary form must reproduce the above copyright 2955714Skris * notice, this list of conditions and the following disclaimer in the 3055714Skris * documentation and/or other materials provided with the distribution. 3155714Skris * 3. All advertising materials mentioning features or use of this software 3255714Skris * must display the following acknowledgement: 3355714Skris * "This product includes cryptographic software written by 3455714Skris * Eric Young (eay@cryptsoft.com)" 3555714Skris * The word 'cryptographic' can be left out if the rouines from the library 3655714Skris * being used are not cryptographic related :-). 37280297Sjkim * 4. If you include any Windows specific code (or a derivative thereof) from 3855714Skris * the apps directory (application code) you must include an acknowledgement: 3955714Skris * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40280297Sjkim * 4155714Skris * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 4255714Skris * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4355714Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 4455714Skris * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 4555714Skris * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 4655714Skris * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 4755714Skris * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4855714Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 4955714Skris * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 5055714Skris * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 5155714Skris * SUCH DAMAGE. 52280297Sjkim * 5355714Skris * The licence and distribution terms for any publically available version or 5455714Skris * derivative of this code cannot be changed. i.e. this code cannot simply be 5555714Skris * copied and put under another distribution licence 5655714Skris * [including the GNU Public Licence.] 5755714Skris */ 5855714Skris 59280297Sjkim/* 60280297Sjkim * Until the key-gen callbacks are modified to use newer prototypes, we allow 61280297Sjkim * deprecated functions for openssl-internal code 62280297Sjkim */ 63160814Ssimon#ifdef OPENSSL_NO_DEPRECATED 64280297Sjkim# undef OPENSSL_NO_DEPRECATED 65160814Ssimon#endif 66160814Ssimon 6755714Skris#include <stdio.h> 6855714Skris#include <stdlib.h> 6955714Skris#include <string.h> 7055714Skris#include <sys/types.h> 7155714Skris#include <sys/stat.h> 72109998Smarkm 73109998Smarkm#include "../e_os.h" 74109998Smarkm 7555714Skris#include <openssl/crypto.h> 7655714Skris#include <openssl/rand.h> 7755714Skris#include <openssl/bio.h> 7855714Skris#include <openssl/err.h> 79160814Ssimon#include <openssl/bn.h> 8055714Skris 81109998Smarkm#ifdef OPENSSL_NO_DSA 8255714Skrisint main(int argc, char *argv[]) 8355714Skris{ 8455714Skris printf("No DSA support\n"); 85280297Sjkim return (0); 8655714Skris} 8755714Skris#else 88280297Sjkim# include <openssl/dsa.h> 8955714Skris 90280297Sjkim# ifdef OPENSSL_SYS_WIN16 91280297Sjkim# define MS_CALLBACK _far _loadds 92280297Sjkim# else 93280297Sjkim# define MS_CALLBACK 94280297Sjkim# endif 9555714Skris 96160814Ssimonstatic int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg); 9759191Skris 98280297Sjkim/* 99280297Sjkim * seed, out_p, out_q, out_g are taken from the updated Appendix 5 to FIPS 100280297Sjkim * PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 101280297Sjkim */ 102280297Sjkimstatic unsigned char seed[20] = { 103280297Sjkim 0xd5, 0x01, 0x4e, 0x4b, 0x60, 0xef, 0x2b, 0xa8, 0xb6, 0x21, 0x1b, 0x40, 104280297Sjkim 0x62, 0xba, 0x32, 0x24, 0xe0, 0x42, 0x7d, 0xd3, 105280297Sjkim}; 10655714Skris 107280297Sjkimstatic unsigned char out_p[] = { 108280297Sjkim 0x8d, 0xf2, 0xa4, 0x94, 0x49, 0x22, 0x76, 0xaa, 109280297Sjkim 0x3d, 0x25, 0x75, 0x9b, 0xb0, 0x68, 0x69, 0xcb, 110280297Sjkim 0xea, 0xc0, 0xd8, 0x3a, 0xfb, 0x8d, 0x0c, 0xf7, 111280297Sjkim 0xcb, 0xb8, 0x32, 0x4f, 0x0d, 0x78, 0x82, 0xe5, 112280297Sjkim 0xd0, 0x76, 0x2f, 0xc5, 0xb7, 0x21, 0x0e, 0xaf, 113280297Sjkim 0xc2, 0xe9, 0xad, 0xac, 0x32, 0xab, 0x7a, 0xac, 114280297Sjkim 0x49, 0x69, 0x3d, 0xfb, 0xf8, 0x37, 0x24, 0xc2, 115280297Sjkim 0xec, 0x07, 0x36, 0xee, 0x31, 0xc8, 0x02, 0x91, 116280297Sjkim}; 11755714Skris 118280297Sjkimstatic unsigned char out_q[] = { 119280297Sjkim 0xc7, 0x73, 0x21, 0x8c, 0x73, 0x7e, 0xc8, 0xee, 120280297Sjkim 0x99, 0x3b, 0x4f, 0x2d, 0xed, 0x30, 0xf4, 0x8e, 121280297Sjkim 0xda, 0xce, 0x91, 0x5f, 122280297Sjkim}; 12355714Skris 124280297Sjkimstatic unsigned char out_g[] = { 125280297Sjkim 0x62, 0x6d, 0x02, 0x78, 0x39, 0xea, 0x0a, 0x13, 126280297Sjkim 0x41, 0x31, 0x63, 0xa5, 0x5b, 0x4c, 0xb5, 0x00, 127280297Sjkim 0x29, 0x9d, 0x55, 0x22, 0x95, 0x6c, 0xef, 0xcb, 128280297Sjkim 0x3b, 0xff, 0x10, 0xf3, 0x99, 0xce, 0x2c, 0x2e, 129280297Sjkim 0x71, 0xcb, 0x9d, 0xe5, 0xfa, 0x24, 0xba, 0xbf, 130280297Sjkim 0x58, 0xe5, 0xb7, 0x95, 0x21, 0x92, 0x5c, 0x9c, 131280297Sjkim 0xc4, 0x2e, 0x9f, 0x6f, 0x46, 0x4b, 0x08, 0x8c, 132280297Sjkim 0xc5, 0x72, 0xaf, 0x53, 0xe6, 0xd7, 0x88, 0x02, 133280297Sjkim}; 13455714Skris 135280297Sjkimstatic const unsigned char str1[] = "12345678901234567890"; 13655714Skris 137280297Sjkimstatic const char rnd_seed[] = 138280297Sjkim "string to make the random number generator think it has entropy"; 13959191Skris 140280297Sjkimstatic BIO *bio_err = NULL; 14155714Skris 14255714Skrisint main(int argc, char **argv) 143280297Sjkim{ 144280297Sjkim BN_GENCB cb; 145280297Sjkim DSA *dsa = NULL; 146280297Sjkim int counter, ret = 0, i, j; 147280297Sjkim unsigned char buf[256]; 148280297Sjkim unsigned long h; 149280297Sjkim unsigned char sig[256]; 150280297Sjkim unsigned int siglen; 15155714Skris 152280297Sjkim if (bio_err == NULL) 153280297Sjkim bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); 15455714Skris 155280297Sjkim CRYPTO_malloc_debug_init(); 156280297Sjkim CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); 157280297Sjkim CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); 15855714Skris 159280297Sjkim ERR_load_crypto_strings(); 160331638Sjkim RAND_seed(rnd_seed, sizeof(rnd_seed)); 161109998Smarkm 162280297Sjkim BIO_printf(bio_err, "test generation of DSA parameters\n"); 16355714Skris 164280297Sjkim BN_GENCB_set(&cb, dsa_cb, bio_err); 165280297Sjkim if (((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512, 166280297Sjkim seed, 20, 167280297Sjkim &counter, 168280297Sjkim &h, &cb)) 169280297Sjkim goto end; 17059191Skris 171280297Sjkim BIO_printf(bio_err, "seed\n"); 172280297Sjkim for (i = 0; i < 20; i += 4) { 173280297Sjkim BIO_printf(bio_err, "%02X%02X%02X%02X ", 174280297Sjkim seed[i], seed[i + 1], seed[i + 2], seed[i + 3]); 175280297Sjkim } 176280297Sjkim BIO_printf(bio_err, "\ncounter=%d h=%ld\n", counter, h); 17755714Skris 178280297Sjkim DSA_print(bio_err, dsa, 0); 179280297Sjkim if (counter != 105) { 180280297Sjkim BIO_printf(bio_err, "counter should be 105\n"); 181280297Sjkim goto end; 182280297Sjkim } 183280297Sjkim if (h != 2) { 184280297Sjkim BIO_printf(bio_err, "h should be 2\n"); 185280297Sjkim goto end; 186280297Sjkim } 18755714Skris 188280297Sjkim i = BN_bn2bin(dsa->q, buf); 189280297Sjkim j = sizeof(out_q); 190280297Sjkim if ((i != j) || (memcmp(buf, out_q, i) != 0)) { 191280297Sjkim BIO_printf(bio_err, "q value is wrong\n"); 192280297Sjkim goto end; 193280297Sjkim } 19455714Skris 195280297Sjkim i = BN_bn2bin(dsa->p, buf); 196280297Sjkim j = sizeof(out_p); 197280297Sjkim if ((i != j) || (memcmp(buf, out_p, i) != 0)) { 198280297Sjkim BIO_printf(bio_err, "p value is wrong\n"); 199280297Sjkim goto end; 200280297Sjkim } 201160814Ssimon 202280297Sjkim i = BN_bn2bin(dsa->g, buf); 203280297Sjkim j = sizeof(out_g); 204280297Sjkim if ((i != j) || (memcmp(buf, out_g, i) != 0)) { 205280297Sjkim BIO_printf(bio_err, "g value is wrong\n"); 206280297Sjkim goto end; 207280297Sjkim } 208160814Ssimon 209280297Sjkim dsa->flags |= DSA_FLAG_NO_EXP_CONSTTIME; 210280297Sjkim DSA_generate_key(dsa); 211280297Sjkim DSA_sign(0, str1, 20, sig, &siglen, dsa); 212280297Sjkim if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1) 213280297Sjkim ret = 1; 214160814Ssimon 215280297Sjkim dsa->flags &= ~DSA_FLAG_NO_EXP_CONSTTIME; 216280297Sjkim DSA_generate_key(dsa); 217280297Sjkim DSA_sign(0, str1, 20, sig, &siglen, dsa); 218280297Sjkim if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1) 219280297Sjkim ret = 1; 22055714Skris 221280297Sjkim end: 222280297Sjkim if (!ret) 223280297Sjkim ERR_print_errors(bio_err); 224280297Sjkim if (dsa != NULL) 225280297Sjkim DSA_free(dsa); 226280297Sjkim CRYPTO_cleanup_all_ex_data(); 227280297Sjkim ERR_remove_thread_state(NULL); 228280297Sjkim ERR_free_strings(); 229280297Sjkim CRYPTO_mem_leaks(bio_err); 230280297Sjkim if (bio_err != NULL) { 231280297Sjkim BIO_free(bio_err); 232280297Sjkim bio_err = NULL; 233280297Sjkim } 234280297Sjkim# ifdef OPENSSL_SYS_NETWARE 235280297Sjkim if (!ret) 236280297Sjkim printf("ERROR\n"); 237280297Sjkim# endif 238280297Sjkim EXIT(!ret); 239280297Sjkim return (0); 240280297Sjkim} 241280297Sjkim 242160814Ssimonstatic int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg) 243280297Sjkim{ 244280297Sjkim char c = '*'; 245280297Sjkim static int ok = 0, num = 0; 24655714Skris 247280297Sjkim if (p == 0) { 248280297Sjkim c = '.'; 249280297Sjkim num++; 250280297Sjkim }; 251280297Sjkim if (p == 1) 252280297Sjkim c = '+'; 253280297Sjkim if (p == 2) { 254280297Sjkim c = '*'; 255280297Sjkim ok++; 256280297Sjkim } 257280297Sjkim if (p == 3) 258280297Sjkim c = '\n'; 259280297Sjkim BIO_write(arg->arg, &c, 1); 260280297Sjkim (void)BIO_flush(arg->arg); 26155714Skris 262280297Sjkim if (!ok && (p == 0) && (num > 1)) { 263280297Sjkim BIO_printf((BIO *)arg, "error in dsatest\n"); 264280297Sjkim return 0; 265280297Sjkim } 266280297Sjkim return 1; 267280297Sjkim} 26855714Skris#endif 269