/* * RSA: generate keys and sign, verify input plaintext. */ static int FIPS_rsa_test(int bad) { RSA *key; unsigned char input_ptext[] = "etaonrishdlc"; unsigned char buf[256]; unsigned int slen; BIGNUM *bn; EVP_MD_CTX mctx; EVP_PKEY pk; int r; ERR_clear_error(); EVP_MD_CTX_init(&mctx); key = FIPS_rsa_new(); bn = BN_new(); if (!key || !bn) return 0; BN_set_word(bn, 65537); if (!RSA_generate_key_ex(key, 1024,bn,NULL)) return 0; BN_free(bn); if (bad) BN_add_word(key->n, 1); pk.type = EVP_PKEY_RSA; pk.pkey.rsa = key; if (!EVP_SignInit_ex(&mctx, EVP_sha1(), NULL)) goto end; if (!EVP_SignUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1)) goto end; if (!EVP_SignFinal(&mctx, buf, &slen, &pk)) goto end; if (!EVP_VerifyInit_ex(&mctx, EVP_sha1(), NULL)) goto end; if (!EVP_VerifyUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1)) goto end; r = EVP_VerifyFinal(&mctx, buf, slen, &pk); end: EVP_MD_CTX_cleanup(&mctx); if (key) FIPS_rsa_free(key); if (r != 1) return 0; return 1; }
/* * RSA: generate keys and sign, verify input plaintext. */ static int FIPS_rsa_test(int bad) { RSA *key; unsigned char input_ptext[] = "etaonrishdlc"; unsigned char buf[256]; unsigned int slen; BIGNUM *bn; EVP_MD_CTX mctx; int r = 0; ERR_clear_error(); FIPS_md_ctx_init(&mctx); key = FIPS_rsa_new(); bn = BN_new(); if (!key || !bn) return 0; BN_set_word(bn, 65537); if (!RSA_generate_key_ex(key, 2048,bn,NULL)) return 0; BN_free(bn); if (bad) BN_add_word(key->n, 1); if (!FIPS_digestinit(&mctx, EVP_sha256())) goto end; if (!FIPS_digestupdate(&mctx, input_ptext, sizeof(input_ptext) - 1)) goto end; if (!FIPS_rsa_sign_ctx(key, &mctx, RSA_PKCS1_PADDING, 0, NULL, buf, &slen)) goto end; if (!FIPS_digestinit(&mctx, EVP_sha256())) goto end; if (!FIPS_digestupdate(&mctx, input_ptext, sizeof(input_ptext) - 1)) goto end; r = FIPS_rsa_verify_ctx(key, &mctx, RSA_PKCS1_PADDING, 0, NULL, buf, slen); end: FIPS_md_ctx_cleanup(&mctx); if (key) FIPS_rsa_free(key); if (r != 1) return 0; return 1; }
int FIPS_selftest_rsa() { int ret = 0; RSA *key = NULL; EVP_PKEY pk; key=FIPS_rsa_new(); setrsakey(key); pk.type = EVP_PKEY_RSA; pk.pkey.rsa = key; if (!fips_pkey_signature_test(FIPS_TEST_SIGNATURE, &pk, kat_tbs, sizeof(kat_tbs) - 1, kat_RSA_PSS_SHA256, sizeof(kat_RSA_PSS_SHA256), EVP_sha256(), RSA_PKCS1_PSS_PADDING, "RSA SHA256 PSS")) goto err; ret = 1; err: FIPS_rsa_free(key); return ret; }
int rsa_test(FILE *out, FILE *in) { char *linebuf, *olinebuf, *p, *q; char *keyword, *value; RSA *rsa = NULL; BIGNUM *Xp1 = NULL, *Xp2 = NULL, *Xp = NULL; BIGNUM *Xq1 = NULL, *Xq2 = NULL, *Xq = NULL; BIGNUM *e = NULL; int ret = 0; int lnum = 0; olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN); linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN); if (!linebuf || !olinebuf) goto error; while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in)) { lnum++; strcpy(linebuf, olinebuf); keyword = linebuf; /* Skip leading space */ while (isspace((unsigned char)*keyword)) keyword++; /* Look for = sign */ p = strchr(linebuf, '='); /* If no = or starts with [ (for [foo = bar] line) just copy */ if (!p || *keyword=='[') { if (fputs(olinebuf, out) < 0) goto error; continue; } q = p - 1; /* Remove trailing space */ while (isspace((unsigned char)*q)) *q-- = 0; *p = 0; value = p + 1; /* Remove leading space from value */ while (isspace((unsigned char)*value)) value++; /* Remove trailing space from value */ p = value + strlen(value) - 1; while (*p == '\n' || isspace((unsigned char)*p)) *p-- = 0; if (!strcmp(keyword, "xp1")) { if (Xp1 || !do_hex2bn(&Xp1,value)) goto parse_error; } else if (!strcmp(keyword, "xp2")) { if (Xp2 || !do_hex2bn(&Xp2,value)) goto parse_error; } else if (!strcmp(keyword, "Xp")) { if (Xp || !do_hex2bn(&Xp,value)) goto parse_error; } else if (!strcmp(keyword, "xq1")) { if (Xq1 || !do_hex2bn(&Xq1,value)) goto parse_error; } else if (!strcmp(keyword, "xq2")) { if (Xq2 || !do_hex2bn(&Xq2,value)) goto parse_error; } else if (!strcmp(keyword, "Xq")) { if (Xq || !do_hex2bn(&Xq,value)) goto parse_error; } else if (!strcmp(keyword, "e")) { if (e || !do_hex2bn(&e,value)) goto parse_error; } else if (!strcmp(keyword, "p1")) continue; else if (!strcmp(keyword, "p2")) continue; else if (!strcmp(keyword, "p")) continue; else if (!strcmp(keyword, "q1")) continue; else if (!strcmp(keyword, "q2")) continue; else if (!strcmp(keyword, "q")) continue; else if (!strcmp(keyword, "n")) continue; else if (!strcmp(keyword, "d")) continue; else goto parse_error; fputs(olinebuf, out); if (e && Xp1 && Xp2 && Xp) { rsa = FIPS_rsa_new(); if (!rsa) goto error; if (!rsa_printkey1(out, rsa, Xp1, Xp2, Xp, e)) goto error; BN_free(Xp1); Xp1 = NULL; BN_free(Xp2); Xp2 = NULL; BN_free(Xp); Xp = NULL; BN_free(e); e = NULL; } if (rsa && Xq1 && Xq2 && Xq) { if (!rsa_printkey2(out, rsa, Xq1, Xq2, Xq)) goto error; BN_free(Xq1); Xq1 = NULL; BN_free(Xq2); Xq2 = NULL; BN_free(Xq); Xq = NULL; FIPS_rsa_free(rsa); rsa = NULL; } } ret = 1; error: if (olinebuf) OPENSSL_free(olinebuf); if (linebuf) OPENSSL_free(linebuf); if (Xp1) BN_free(Xp1); if (Xp2) BN_free(Xp2); if (Xp) BN_free(Xp); if (Xq1) BN_free(Xq1); if (Xq1) BN_free(Xq1); if (Xq2) BN_free(Xq2); if (Xq) BN_free(Xq); if (e) BN_free(e); if (rsa) FIPS_rsa_free(rsa); return ret; parse_error: fprintf(stderr, "FATAL parse error processing line %d\n", lnum); goto error; }