diff options
Diffstat (limited to 'src/lib/libcrypto/dsa')
| -rw-r--r-- | src/lib/libcrypto/dsa/Makefile | 208 | ||||
| -rw-r--r-- | src/lib/libcrypto/dsa/README | 4 | ||||
| -rw-r--r-- | src/lib/libcrypto/dsa/dsa_gen.c | 3 | ||||
| -rw-r--r-- | src/lib/libcrypto/dsa/dsa_ossl.c | 20 | ||||
| -rw-r--r-- | src/lib/libcrypto/dsa/dsagen.c | 111 | ||||
| -rw-r--r-- | src/lib/libcrypto/dsa/dsatest.c | 259 | ||||
| -rw-r--r-- | src/lib/libcrypto/dsa/fips186a.txt | 122 |
7 files changed, 725 insertions, 2 deletions
diff --git a/src/lib/libcrypto/dsa/Makefile b/src/lib/libcrypto/dsa/Makefile new file mode 100644 index 0000000000..8073c4ecfe --- /dev/null +++ b/src/lib/libcrypto/dsa/Makefile | |||
| @@ -0,0 +1,208 @@ | |||
| 1 | # | ||
| 2 | # OpenSSL/crypto/dsa/Makefile | ||
| 3 | # | ||
| 4 | |||
| 5 | DIR= dsa | ||
| 6 | TOP= ../.. | ||
| 7 | CC= cc | ||
| 8 | INCLUDES= -I.. -I$(TOP) -I../../include | ||
| 9 | CFLAG=-g | ||
| 10 | MAKEFILE= Makefile | ||
| 11 | AR= ar r | ||
| 12 | |||
| 13 | CFLAGS= $(INCLUDES) $(CFLAG) | ||
| 14 | |||
| 15 | GENERAL=Makefile | ||
| 16 | TEST=dsatest.c | ||
| 17 | APPS= | ||
| 18 | |||
| 19 | LIB=$(TOP)/libcrypto.a | ||
| 20 | LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \ | ||
| 21 | dsa_err.c dsa_ossl.c dsa_depr.c dsa_ameth.c dsa_pmeth.c dsa_prn.c | ||
| 22 | LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \ | ||
| 23 | dsa_err.o dsa_ossl.o dsa_depr.o dsa_ameth.o dsa_pmeth.o dsa_prn.o | ||
| 24 | |||
| 25 | SRC= $(LIBSRC) | ||
| 26 | |||
| 27 | EXHEADER= dsa.h | ||
| 28 | HEADER= dsa_locl.h $(EXHEADER) | ||
| 29 | |||
| 30 | ALL= $(GENERAL) $(SRC) $(HEADER) | ||
| 31 | |||
| 32 | top: | ||
| 33 | (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) | ||
| 34 | |||
| 35 | all: lib | ||
| 36 | |||
| 37 | lib: $(LIBOBJ) | ||
| 38 | $(AR) $(LIB) $(LIBOBJ) | ||
| 39 | $(RANLIB) $(LIB) || echo Never mind. | ||
| 40 | @touch lib | ||
| 41 | |||
| 42 | files: | ||
| 43 | $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO | ||
| 44 | |||
| 45 | links: | ||
| 46 | @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) | ||
| 47 | @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) | ||
| 48 | @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) | ||
| 49 | |||
| 50 | install: | ||
| 51 | @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... | ||
| 52 | @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ | ||
| 53 | do \ | ||
| 54 | (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ | ||
| 55 | chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ | ||
| 56 | done; | ||
| 57 | |||
| 58 | tags: | ||
| 59 | ctags $(SRC) | ||
| 60 | |||
| 61 | tests: | ||
| 62 | |||
| 63 | lint: | ||
| 64 | lint -DLINT $(INCLUDES) $(SRC)>fluff | ||
| 65 | |||
| 66 | depend: | ||
| 67 | @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... | ||
| 68 | $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) | ||
| 69 | |||
| 70 | dclean: | ||
| 71 | $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new | ||
| 72 | mv -f Makefile.new $(MAKEFILE) | ||
| 73 | |||
| 74 | clean: | ||
| 75 | rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff | ||
| 76 | |||
| 77 | # DO NOT DELETE THIS LINE -- make depend depends on it. | ||
| 78 | |||
| 79 | dsa_ameth.o: ../../e_os.h ../../include/openssl/asn1.h | ||
| 80 | dsa_ameth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h | ||
| 81 | dsa_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h | ||
| 82 | dsa_ameth.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h | ||
| 83 | dsa_ameth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h | ||
| 84 | dsa_ameth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h | ||
| 85 | dsa_ameth.o: ../../include/openssl/err.h ../../include/openssl/evp.h | ||
| 86 | dsa_ameth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h | ||
| 87 | dsa_ameth.o: ../../include/openssl/objects.h | ||
| 88 | dsa_ameth.o: ../../include/openssl/opensslconf.h | ||
| 89 | dsa_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h | ||
| 90 | dsa_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h | ||
| 91 | dsa_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h | ||
| 92 | dsa_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h | ||
| 93 | dsa_ameth.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h | ||
| 94 | dsa_ameth.o: dsa_ameth.c | ||
| 95 | dsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h | ||
| 96 | dsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h | ||
| 97 | dsa_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h | ||
| 98 | dsa_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h | ||
| 99 | dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h | ||
| 100 | dsa_asn1.o: ../../include/openssl/opensslconf.h | ||
| 101 | dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h | ||
| 102 | dsa_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h | ||
| 103 | dsa_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_asn1.c | ||
| 104 | dsa_depr.o: ../../e_os.h ../../include/openssl/asn1.h | ||
| 105 | dsa_depr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h | ||
| 106 | dsa_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h | ||
| 107 | dsa_depr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h | ||
| 108 | dsa_depr.o: ../../include/openssl/err.h ../../include/openssl/evp.h | ||
| 109 | dsa_depr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h | ||
| 110 | dsa_depr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h | ||
| 111 | dsa_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h | ||
| 112 | dsa_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h | ||
| 113 | dsa_depr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h | ||
| 114 | dsa_depr.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_depr.c | ||
| 115 | dsa_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h | ||
| 116 | dsa_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h | ||
| 117 | dsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h | ||
| 118 | dsa_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h | ||
| 119 | dsa_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h | ||
| 120 | dsa_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h | ||
| 121 | dsa_err.o: dsa_err.c | ||
| 122 | dsa_gen.o: ../../e_os.h ../../include/openssl/asn1.h | ||
| 123 | dsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h | ||
| 124 | dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h | ||
| 125 | dsa_gen.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h | ||
| 126 | dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h | ||
| 127 | dsa_gen.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h | ||
| 128 | dsa_gen.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h | ||
| 129 | dsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h | ||
| 130 | dsa_gen.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h | ||
| 131 | dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h | ||
| 132 | dsa_gen.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_gen.c dsa_locl.h | ||
| 133 | dsa_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h | ||
| 134 | dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h | ||
| 135 | dsa_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h | ||
| 136 | dsa_key.o: ../../include/openssl/err.h ../../include/openssl/lhash.h | ||
| 137 | dsa_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h | ||
| 138 | dsa_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h | ||
| 139 | dsa_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h | ||
| 140 | dsa_key.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_key.c | ||
| 141 | dsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h | ||
| 142 | dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h | ||
| 143 | dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h | ||
| 144 | dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h | ||
| 145 | dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h | ||
| 146 | dsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h | ||
| 147 | dsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h | ||
| 148 | dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h | ||
| 149 | dsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h | ||
| 150 | dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h | ||
| 151 | dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h | ||
| 152 | dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h | ||
| 153 | dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h | ||
| 154 | dsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h | ||
| 155 | dsa_lib.o: ../cryptlib.h dsa_lib.c | ||
| 156 | dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h | ||
| 157 | dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h | ||
| 158 | dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h | ||
| 159 | dsa_ossl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h | ||
| 160 | dsa_ossl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h | ||
| 161 | dsa_ossl.o: ../../include/openssl/opensslconf.h | ||
| 162 | dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h | ||
| 163 | dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h | ||
| 164 | dsa_ossl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h | ||
| 165 | dsa_ossl.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_ossl.c | ||
| 166 | dsa_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h | ||
| 167 | dsa_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h | ||
| 168 | dsa_pmeth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h | ||
| 169 | dsa_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h | ||
| 170 | dsa_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h | ||
| 171 | dsa_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h | ||
| 172 | dsa_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h | ||
| 173 | dsa_pmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h | ||
| 174 | dsa_pmeth.o: ../../include/openssl/objects.h | ||
| 175 | dsa_pmeth.o: ../../include/openssl/opensslconf.h | ||
| 176 | dsa_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h | ||
| 177 | dsa_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h | ||
| 178 | dsa_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h | ||
| 179 | dsa_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h | ||
| 180 | dsa_pmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ../evp/evp_locl.h | ||
| 181 | dsa_pmeth.o: dsa_locl.h dsa_pmeth.c | ||
| 182 | dsa_prn.o: ../../e_os.h ../../include/openssl/asn1.h | ||
| 183 | dsa_prn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h | ||
| 184 | dsa_prn.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h | ||
| 185 | dsa_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h | ||
| 186 | dsa_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h | ||
| 187 | dsa_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h | ||
| 188 | dsa_prn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h | ||
| 189 | dsa_prn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h | ||
| 190 | dsa_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h | ||
| 191 | dsa_prn.o: ../cryptlib.h dsa_prn.c | ||
| 192 | dsa_sign.o: ../../e_os.h ../../include/openssl/bio.h | ||
| 193 | dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h | ||
| 194 | dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h | ||
| 195 | dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/lhash.h | ||
| 196 | dsa_sign.o: ../../include/openssl/opensslconf.h | ||
| 197 | dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h | ||
| 198 | dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h | ||
| 199 | dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h | ||
| 200 | dsa_sign.o: ../cryptlib.h dsa_sign.c | ||
| 201 | dsa_vrf.o: ../../e_os.h ../../include/openssl/bio.h | ||
| 202 | dsa_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h | ||
| 203 | dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h | ||
| 204 | dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h | ||
| 205 | dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h | ||
| 206 | dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h | ||
| 207 | dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h | ||
| 208 | dsa_vrf.o: ../cryptlib.h dsa_vrf.c | ||
diff --git a/src/lib/libcrypto/dsa/README b/src/lib/libcrypto/dsa/README new file mode 100644 index 0000000000..6a7e9c170a --- /dev/null +++ b/src/lib/libcrypto/dsa/README | |||
| @@ -0,0 +1,4 @@ | |||
| 1 | The stuff in here is based on patches supplied to me by | ||
| 2 | Steven Schoch <schoch@sheba.arc.nasa.gov> to do DSS. | ||
| 3 | I have since modified a them a little but a debt of gratitude | ||
| 4 | is due for doing the initial work. | ||
diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c index cb0b4538a4..0fcd25f8b0 100644 --- a/src/lib/libcrypto/dsa/dsa_gen.c +++ b/src/lib/libcrypto/dsa/dsa_gen.c | |||
| @@ -120,7 +120,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, | |||
| 120 | BIGNUM *r0,*W,*X,*c,*test; | 120 | BIGNUM *r0,*W,*X,*c,*test; |
| 121 | BIGNUM *g=NULL,*q=NULL,*p=NULL; | 121 | BIGNUM *g=NULL,*q=NULL,*p=NULL; |
| 122 | BN_MONT_CTX *mont=NULL; | 122 | BN_MONT_CTX *mont=NULL; |
| 123 | int i, k, n=0, m=0, qsize = qbits >> 3; | 123 | int i, k,n=0,b,m=0, qsize = qbits >> 3; |
| 124 | int counter=0; | 124 | int counter=0; |
| 125 | int r=0; | 125 | int r=0; |
| 126 | BN_CTX *ctx=NULL; | 126 | BN_CTX *ctx=NULL; |
| @@ -232,6 +232,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, | |||
| 232 | /* "offset = 2" */ | 232 | /* "offset = 2" */ |
| 233 | 233 | ||
| 234 | n=(bits-1)/160; | 234 | n=(bits-1)/160; |
| 235 | b=(bits-1)-n*160; | ||
| 235 | 236 | ||
| 236 | for (;;) | 237 | for (;;) |
| 237 | { | 238 | { |
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c index a3ddd7d281..4fead07e80 100644 --- a/src/lib/libcrypto/dsa/dsa_ossl.c +++ b/src/lib/libcrypto/dsa/dsa_ossl.c | |||
| @@ -148,6 +148,15 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) | |||
| 148 | 148 | ||
| 149 | s=BN_new(); | 149 | s=BN_new(); |
| 150 | if (s == NULL) goto err; | 150 | if (s == NULL) goto err; |
| 151 | |||
| 152 | /* reject a excessive digest length (currently at most | ||
| 153 | * dsa-with-SHA256 is supported) */ | ||
| 154 | if (dlen > SHA256_DIGEST_LENGTH) | ||
| 155 | { | ||
| 156 | reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE; | ||
| 157 | goto err; | ||
| 158 | } | ||
| 159 | |||
| 151 | ctx=BN_CTX_new(); | 160 | ctx=BN_CTX_new(); |
| 152 | if (ctx == NULL) goto err; | 161 | if (ctx == NULL) goto err; |
| 153 | 162 | ||
| @@ -176,7 +185,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) | |||
| 176 | if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */ | 185 | if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */ |
| 177 | if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */ | 186 | if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */ |
| 178 | if (BN_cmp(s,dsa->q) > 0) | 187 | if (BN_cmp(s,dsa->q) > 0) |
| 179 | if (!BN_sub(s,s,dsa->q)) goto err; | 188 | BN_sub(s,s,dsa->q); |
| 180 | if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err; | 189 | if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err; |
| 181 | 190 | ||
| 182 | ret=DSA_SIG_new(); | 191 | ret=DSA_SIG_new(); |
| @@ -316,6 +325,15 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, | |||
| 316 | DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE); | 325 | DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE); |
| 317 | return -1; | 326 | return -1; |
| 318 | } | 327 | } |
| 328 | |||
| 329 | /* reject a excessive digest length (currently at most | ||
| 330 | * dsa-with-SHA256 is supported) */ | ||
| 331 | if (dgst_len > SHA256_DIGEST_LENGTH) | ||
| 332 | { | ||
| 333 | DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); | ||
| 334 | return -1; | ||
| 335 | } | ||
| 336 | |||
| 319 | BN_init(&u1); | 337 | BN_init(&u1); |
| 320 | BN_init(&u2); | 338 | BN_init(&u2); |
| 321 | BN_init(&t1); | 339 | BN_init(&t1); |
diff --git a/src/lib/libcrypto/dsa/dsagen.c b/src/lib/libcrypto/dsa/dsagen.c new file mode 100644 index 0000000000..1b6a1cca0f --- /dev/null +++ b/src/lib/libcrypto/dsa/dsagen.c | |||
| @@ -0,0 +1,111 @@ | |||
| 1 | /* crypto/dsa/dsagen.c */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <stdio.h> | ||
| 60 | #include <openssl/dsa.h> | ||
| 61 | |||
| 62 | #define TEST | ||
| 63 | #define GENUINE_DSA | ||
| 64 | |||
| 65 | #ifdef GENUINE_DSA | ||
| 66 | #define LAST_VALUE 0xbd | ||
| 67 | #else | ||
| 68 | #define LAST_VALUE 0xd3 | ||
| 69 | #endif | ||
| 70 | |||
| 71 | #ifdef TEST | ||
| 72 | unsigned char seed[20]={ | ||
| 73 | 0xd5,0x01,0x4e,0x4b, | ||
| 74 | 0x60,0xef,0x2b,0xa8, | ||
| 75 | 0xb6,0x21,0x1b,0x40, | ||
| 76 | 0x62,0xba,0x32,0x24, | ||
| 77 | 0xe0,0x42,0x7d,LAST_VALUE}; | ||
| 78 | #endif | ||
| 79 | |||
| 80 | int cb(int p, int n) | ||
| 81 | { | ||
| 82 | char c='*'; | ||
| 83 | |||
| 84 | if (p == 0) c='.'; | ||
| 85 | if (p == 1) c='+'; | ||
| 86 | if (p == 2) c='*'; | ||
| 87 | if (p == 3) c='\n'; | ||
| 88 | printf("%c",c); | ||
| 89 | fflush(stdout); | ||
| 90 | } | ||
| 91 | |||
| 92 | main() | ||
| 93 | { | ||
| 94 | int i; | ||
| 95 | BIGNUM *n; | ||
| 96 | BN_CTX *ctx; | ||
| 97 | unsigned char seed_buf[20]; | ||
| 98 | DSA *dsa; | ||
| 99 | int counter,h; | ||
| 100 | BIO *bio_err=NULL; | ||
| 101 | |||
| 102 | if (bio_err == NULL) | ||
| 103 | bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); | ||
| 104 | |||
| 105 | memcpy(seed_buf,seed,20); | ||
| 106 | dsa=DSA_generate_parameters(1024,seed,20,&counter,&h,cb,bio_err); | ||
| 107 | |||
| 108 | if (dsa == NULL) | ||
| 109 | DSA_print(bio_err,dsa,0); | ||
| 110 | } | ||
| 111 | |||
diff --git a/src/lib/libcrypto/dsa/dsatest.c b/src/lib/libcrypto/dsa/dsatest.c new file mode 100644 index 0000000000..edffd24e6b --- /dev/null +++ b/src/lib/libcrypto/dsa/dsatest.c | |||
| @@ -0,0 +1,259 @@ | |||
| 1 | /* crypto/dsa/dsatest.c */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | |||
| 59 | /* Until the key-gen callbacks are modified to use newer prototypes, we allow | ||
| 60 | * deprecated functions for openssl-internal code */ | ||
| 61 | #ifdef OPENSSL_NO_DEPRECATED | ||
| 62 | #undef OPENSSL_NO_DEPRECATED | ||
| 63 | #endif | ||
| 64 | |||
| 65 | #include <stdio.h> | ||
| 66 | #include <stdlib.h> | ||
| 67 | #include <string.h> | ||
| 68 | #include <sys/types.h> | ||
| 69 | #include <sys/stat.h> | ||
| 70 | |||
| 71 | #include "../e_os.h" | ||
| 72 | |||
| 73 | #include <openssl/crypto.h> | ||
| 74 | #include <openssl/rand.h> | ||
| 75 | #include <openssl/bio.h> | ||
| 76 | #include <openssl/err.h> | ||
| 77 | #include <openssl/bn.h> | ||
| 78 | |||
| 79 | #ifdef OPENSSL_NO_DSA | ||
| 80 | int main(int argc, char *argv[]) | ||
| 81 | { | ||
| 82 | printf("No DSA support\n"); | ||
| 83 | return(0); | ||
| 84 | } | ||
| 85 | #else | ||
| 86 | #include <openssl/dsa.h> | ||
| 87 | |||
| 88 | #ifdef OPENSSL_SYS_WIN16 | ||
| 89 | #define MS_CALLBACK _far _loadds | ||
| 90 | #else | ||
| 91 | #define MS_CALLBACK | ||
| 92 | #endif | ||
| 93 | |||
| 94 | static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg); | ||
| 95 | |||
| 96 | /* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to | ||
| 97 | * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */ | ||
| 98 | static unsigned char seed[20]={ | ||
| 99 | 0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40, | ||
| 100 | 0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3, | ||
| 101 | }; | ||
| 102 | |||
| 103 | static unsigned char out_p[]={ | ||
| 104 | 0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa, | ||
| 105 | 0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb, | ||
| 106 | 0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7, | ||
| 107 | 0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5, | ||
| 108 | 0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf, | ||
| 109 | 0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac, | ||
| 110 | 0x49,0x69,0x3d,0xfb,0xf8,0x37,0x24,0xc2, | ||
| 111 | 0xec,0x07,0x36,0xee,0x31,0xc8,0x02,0x91, | ||
| 112 | }; | ||
| 113 | |||
| 114 | static unsigned char out_q[]={ | ||
| 115 | 0xc7,0x73,0x21,0x8c,0x73,0x7e,0xc8,0xee, | ||
| 116 | 0x99,0x3b,0x4f,0x2d,0xed,0x30,0xf4,0x8e, | ||
| 117 | 0xda,0xce,0x91,0x5f, | ||
| 118 | }; | ||
| 119 | |||
| 120 | static unsigned char out_g[]={ | ||
| 121 | 0x62,0x6d,0x02,0x78,0x39,0xea,0x0a,0x13, | ||
| 122 | 0x41,0x31,0x63,0xa5,0x5b,0x4c,0xb5,0x00, | ||
| 123 | 0x29,0x9d,0x55,0x22,0x95,0x6c,0xef,0xcb, | ||
| 124 | 0x3b,0xff,0x10,0xf3,0x99,0xce,0x2c,0x2e, | ||
| 125 | 0x71,0xcb,0x9d,0xe5,0xfa,0x24,0xba,0xbf, | ||
| 126 | 0x58,0xe5,0xb7,0x95,0x21,0x92,0x5c,0x9c, | ||
| 127 | 0xc4,0x2e,0x9f,0x6f,0x46,0x4b,0x08,0x8c, | ||
| 128 | 0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02, | ||
| 129 | }; | ||
| 130 | |||
| 131 | static const unsigned char str1[]="12345678901234567890"; | ||
| 132 | |||
| 133 | static const char rnd_seed[] = "string to make the random number generator think it has entropy"; | ||
| 134 | |||
| 135 | static BIO *bio_err=NULL; | ||
| 136 | |||
| 137 | int main(int argc, char **argv) | ||
| 138 | { | ||
| 139 | BN_GENCB cb; | ||
| 140 | DSA *dsa=NULL; | ||
| 141 | int counter,ret=0,i,j; | ||
| 142 | unsigned char buf[256]; | ||
| 143 | unsigned long h; | ||
| 144 | unsigned char sig[256]; | ||
| 145 | unsigned int siglen; | ||
| 146 | |||
| 147 | if (bio_err == NULL) | ||
| 148 | bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); | ||
| 149 | |||
| 150 | CRYPTO_malloc_debug_init(); | ||
| 151 | CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); | ||
| 152 | CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); | ||
| 153 | |||
| 154 | ERR_load_crypto_strings(); | ||
| 155 | RAND_seed(rnd_seed, sizeof rnd_seed); | ||
| 156 | |||
| 157 | BIO_printf(bio_err,"test generation of DSA parameters\n"); | ||
| 158 | |||
| 159 | BN_GENCB_set(&cb, dsa_cb, bio_err); | ||
| 160 | if(((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512, | ||
| 161 | seed, 20, &counter, &h, &cb)) | ||
| 162 | goto end; | ||
| 163 | |||
| 164 | BIO_printf(bio_err,"seed\n"); | ||
| 165 | for (i=0; i<20; i+=4) | ||
| 166 | { | ||
| 167 | BIO_printf(bio_err,"%02X%02X%02X%02X ", | ||
| 168 | seed[i],seed[i+1],seed[i+2],seed[i+3]); | ||
| 169 | } | ||
| 170 | BIO_printf(bio_err,"\ncounter=%d h=%ld\n",counter,h); | ||
| 171 | |||
| 172 | DSA_print(bio_err,dsa,0); | ||
| 173 | if (counter != 105) | ||
| 174 | { | ||
| 175 | BIO_printf(bio_err,"counter should be 105\n"); | ||
| 176 | goto end; | ||
| 177 | } | ||
| 178 | if (h != 2) | ||
| 179 | { | ||
| 180 | BIO_printf(bio_err,"h should be 2\n"); | ||
| 181 | goto end; | ||
| 182 | } | ||
| 183 | |||
| 184 | i=BN_bn2bin(dsa->q,buf); | ||
| 185 | j=sizeof(out_q); | ||
| 186 | if ((i != j) || (memcmp(buf,out_q,i) != 0)) | ||
| 187 | { | ||
| 188 | BIO_printf(bio_err,"q value is wrong\n"); | ||
| 189 | goto end; | ||
| 190 | } | ||
| 191 | |||
| 192 | i=BN_bn2bin(dsa->p,buf); | ||
| 193 | j=sizeof(out_p); | ||
| 194 | if ((i != j) || (memcmp(buf,out_p,i) != 0)) | ||
| 195 | { | ||
| 196 | BIO_printf(bio_err,"p value is wrong\n"); | ||
| 197 | goto end; | ||
| 198 | } | ||
| 199 | |||
| 200 | i=BN_bn2bin(dsa->g,buf); | ||
| 201 | j=sizeof(out_g); | ||
| 202 | if ((i != j) || (memcmp(buf,out_g,i) != 0)) | ||
| 203 | { | ||
| 204 | BIO_printf(bio_err,"g value is wrong\n"); | ||
| 205 | goto end; | ||
| 206 | } | ||
| 207 | |||
| 208 | dsa->flags |= DSA_FLAG_NO_EXP_CONSTTIME; | ||
| 209 | DSA_generate_key(dsa); | ||
| 210 | DSA_sign(0, str1, 20, sig, &siglen, dsa); | ||
| 211 | if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1) | ||
| 212 | ret=1; | ||
| 213 | |||
| 214 | dsa->flags &= ~DSA_FLAG_NO_EXP_CONSTTIME; | ||
| 215 | DSA_generate_key(dsa); | ||
| 216 | DSA_sign(0, str1, 20, sig, &siglen, dsa); | ||
| 217 | if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1) | ||
| 218 | ret=1; | ||
| 219 | |||
| 220 | end: | ||
| 221 | if (!ret) | ||
| 222 | ERR_print_errors(bio_err); | ||
| 223 | if (dsa != NULL) DSA_free(dsa); | ||
| 224 | CRYPTO_cleanup_all_ex_data(); | ||
| 225 | ERR_remove_thread_state(NULL); | ||
| 226 | ERR_free_strings(); | ||
| 227 | CRYPTO_mem_leaks(bio_err); | ||
| 228 | if (bio_err != NULL) | ||
| 229 | { | ||
| 230 | BIO_free(bio_err); | ||
| 231 | bio_err = NULL; | ||
| 232 | } | ||
| 233 | #ifdef OPENSSL_SYS_NETWARE | ||
| 234 | if (!ret) printf("ERROR\n"); | ||
| 235 | #endif | ||
| 236 | EXIT(!ret); | ||
| 237 | return(0); | ||
| 238 | } | ||
| 239 | |||
| 240 | static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg) | ||
| 241 | { | ||
| 242 | char c='*'; | ||
| 243 | static int ok=0,num=0; | ||
| 244 | |||
| 245 | if (p == 0) { c='.'; num++; }; | ||
| 246 | if (p == 1) c='+'; | ||
| 247 | if (p == 2) { c='*'; ok++; } | ||
| 248 | if (p == 3) c='\n'; | ||
| 249 | BIO_write(arg->arg,&c,1); | ||
| 250 | (void)BIO_flush(arg->arg); | ||
| 251 | |||
| 252 | if (!ok && (p == 0) && (num > 1)) | ||
| 253 | { | ||
| 254 | BIO_printf((BIO *)arg,"error in dsatest\n"); | ||
| 255 | return 0; | ||
| 256 | } | ||
| 257 | return 1; | ||
| 258 | } | ||
| 259 | #endif | ||
diff --git a/src/lib/libcrypto/dsa/fips186a.txt b/src/lib/libcrypto/dsa/fips186a.txt new file mode 100644 index 0000000000..3a2e0a0d51 --- /dev/null +++ b/src/lib/libcrypto/dsa/fips186a.txt | |||
| @@ -0,0 +1,122 @@ | |||
| 1 | The origional FIPE 180 used SHA-0 (FIPS 180) for its appendix 5 | ||
| 2 | examples. This is an updated version that uses SHA-1 (FIPS 180-1) | ||
| 3 | supplied to me by Wei Dai | ||
| 4 | -- | ||
| 5 | APPENDIX 5. EXAMPLE OF THE DSA | ||
| 6 | |||
| 7 | |||
| 8 | This appendix is for informational purposes only and is not required to meet | ||
| 9 | the standard. | ||
| 10 | |||
| 11 | Let L = 512 (size of p). The values in this example are expressed in | ||
| 12 | hexadecimal notation. The p and q given here were generated by the prime | ||
| 13 | generation standard described in appendix 2 using the 160-bit SEED: | ||
| 14 | |||
| 15 | d5014e4b 60ef2ba8 b6211b40 62ba3224 e0427dd3 | ||
| 16 | |||
| 17 | With this SEED, the algorithm found p and q when the counter was at 105. | ||
| 18 | |||
| 19 | x was generated by the algorithm described in appendix 3, section 3.1, using | ||
| 20 | the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit XSEED: | ||
| 21 | |||
| 22 | XSEED = | ||
| 23 | |||
| 24 | bd029bbe 7f51960b cf9edb2b 61f06f0f eb5a38b6 | ||
| 25 | |||
| 26 | t = | ||
| 27 | 67452301 EFCDAB89 98BADCFE 10325476 C3D2E1F0 | ||
| 28 | |||
| 29 | x = G(t,XSEED) mod q | ||
| 30 | |||
| 31 | k was generated by the algorithm described in appendix 3, section 3.2, using | ||
| 32 | the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit KSEED: | ||
| 33 | |||
| 34 | KSEED = | ||
| 35 | |||
| 36 | 687a66d9 0648f993 867e121f 4ddf9ddb 01205584 | ||
| 37 | |||
| 38 | t = | ||
| 39 | EFCDAB89 98BADCFE 10325476 C3D2E1F0 67452301 | ||
| 40 | |||
| 41 | k = G(t,KSEED) mod q | ||
| 42 | |||
| 43 | Finally: | ||
| 44 | |||
| 45 | h = 2 | ||
| 46 | |||
| 47 | p = | ||
| 48 | 8df2a494 492276aa 3d25759b b06869cb eac0d83a fb8d0cf7 | ||
| 49 | cbb8324f 0d7882e5 d0762fc5 b7210eaf c2e9adac 32ab7aac | ||
| 50 | 49693dfb f83724c2 ec0736ee 31c80291 | ||
| 51 | |||
| 52 | |||
| 53 | q = | ||
| 54 | c773218c 737ec8ee 993b4f2d ed30f48e dace915f | ||
| 55 | |||
| 56 | |||
| 57 | g = | ||
| 58 | 626d0278 39ea0a13 413163a5 5b4cb500 299d5522 956cefcb | ||
| 59 | 3bff10f3 99ce2c2e 71cb9de5 fa24babf 58e5b795 21925c9c | ||
| 60 | c42e9f6f 464b088c c572af53 e6d78802 | ||
| 61 | |||
| 62 | |||
| 63 | x = | ||
| 64 | 2070b322 3dba372f de1c0ffc 7b2e3b49 8b260614 | ||
| 65 | |||
| 66 | |||
| 67 | k = | ||
| 68 | 358dad57 1462710f 50e254cf 1a376b2b deaadfbf | ||
| 69 | |||
| 70 | |||
| 71 | kinv = | ||
| 72 | |||
| 73 | 0d516729 8202e49b 4116ac10 4fc3f415 ae52f917 | ||
| 74 | |||
| 75 | M = ASCII form of "abc" (See FIPS PUB 180-1, Appendix A) | ||
| 76 | |||
| 77 | SHA(M) = | ||
| 78 | |||
| 79 | a9993e36 4706816a ba3e2571 7850c26c 9cd0d89d | ||
| 80 | |||
| 81 | |||
| 82 | y = | ||
| 83 | |||
| 84 | 19131871 d75b1612 a819f29d 78d1b0d7 346f7aa7 7bb62a85 | ||
| 85 | 9bfd6c56 75da9d21 2d3a36ef 1672ef66 0b8c7c25 5cc0ec74 | ||
| 86 | 858fba33 f44c0669 9630a76b 030ee333 | ||
| 87 | |||
| 88 | |||
| 89 | r = | ||
| 90 | 8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0 | ||
| 91 | |||
| 92 | s = | ||
| 93 | 41e2345f 1f56df24 58f426d1 55b4ba2d b6dcd8c8 | ||
| 94 | |||
| 95 | |||
| 96 | w = | ||
| 97 | 9df4ece5 826be95f ed406d41 b43edc0b 1c18841b | ||
| 98 | |||
| 99 | |||
| 100 | u1 = | ||
| 101 | bf655bd0 46f0b35e c791b004 804afcbb 8ef7d69d | ||
| 102 | |||
| 103 | |||
| 104 | u2 = | ||
| 105 | 821a9263 12e97ade abcc8d08 2b527897 8a2df4b0 | ||
| 106 | |||
| 107 | |||
| 108 | gu1 mod p = | ||
| 109 | |||
| 110 | 51b1bf86 7888e5f3 af6fb476 9dd016bc fe667a65 aafc2753 | ||
| 111 | 9063bd3d 2b138b4c e02cc0c0 2ec62bb6 7306c63e 4db95bbf | ||
| 112 | 6f96662a 1987a21b e4ec1071 010b6069 | ||
| 113 | |||
| 114 | |||
| 115 | yu2 mod p = | ||
| 116 | |||
| 117 | 8b510071 2957e950 50d6b8fd 376a668e 4b0d633c 1e46e665 | ||
| 118 | 5c611a72 e2b28483 be52c74d 4b30de61 a668966e dc307a67 | ||
| 119 | c19441f4 22bf3c34 08aeba1f 0a4dbec7 | ||
| 120 | |||
| 121 | v = | ||
| 122 | 8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0 | ||