{ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES_GCM), "FIPS_selftest_aes_gcm"},
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_DES), "FIPS_selftest_des"},
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_DSA), "FIPS_selftest_dsa"},
+{ERR_FUNC(FIPS_F_FIPS_SELFTEST_ECDSA), "FIPS_selftest_ecdsa"},
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_HMAC), "FIPS_selftest_hmac"},
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_RNG), "FIPS_selftest_rng"},
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA1), "FIPS_selftest_sha1"},
APPS=
LIB=$(TOP)/libcrypto.a
-LIBSRC= fips_ecdsa_lib.c fips_ecdsa_sign.c
-LIBOBJ= fips_ecdsa_lib.o fips_ecdsa_sign.o
+LIBSRC= fips_ecdsa_lib.c fips_ecdsa_sign.c fips_ecdsa_selftest.c
+LIBOBJ= fips_ecdsa_lib.o fips_ecdsa_sign.o fips_ecdsa_selftest.o
SRC= $(LIBSRC)
--- /dev/null
+/* fips/ecdsa/fips_ecdsa_selftest.c */
+
+#define OPENSSL_FIPSAPI
+
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/ec.h>
+#include <openssl/ecdsa.h>
+#include <openssl/fips.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+
+#ifdef OPENSSL_FIPS
+
+static const unsigned char str1[]="12345678901234567890";
+
+static int corrupt_ecdsa = 0;
+
+void FIPS_corrupt_ecdsa()
+ {
+ corrupt_ecdsa = 1;
+ }
+
+int FIPS_selftest_ecdsa()
+ {
+ EC_KEY *ec=NULL;
+ int ret = 0;
+ EVP_MD_CTX mctx;
+ ECDSA_SIG *esig = NULL;
+
+ FIPS_md_ctx_init(&mctx);
+
+ ec = EC_KEY_new_by_curve_name(NID_secp384r1);
+
+ if(ec == NULL)
+ goto err;
+
+ EC_KEY_generate_key(ec);
+
+ if (!FIPS_digestinit(&mctx, EVP_sha512()))
+ goto err;
+ if (!FIPS_digestupdate(&mctx, str1, 20))
+ goto err;
+ esig = FIPS_ecdsa_sign_ctx(ec, &mctx);
+ if (!esig)
+ goto err;
+
+ if (corrupt_ecdsa)
+ BN_add_word(esig->r, 1);
+
+ if (!FIPS_digestinit(&mctx, EVP_sha512()))
+ goto err;
+ if (!FIPS_digestupdate(&mctx, str1, 20))
+ goto err;
+ if (FIPS_ecdsa_verify_ctx(ec, &mctx, esig) != 1)
+ goto err;
+
+ ret = 1;
+
+ err:
+ FIPS_md_ctx_cleanup(&mctx);
+ if (ec)
+ EC_KEY_free(ec);
+ if (esig)
+ FIPS_ecdsa_sig_free(esig);
+ if (ret == 0)
+ FIPSerr(FIPS_F_FIPS_SELFTEST_ECDSA,FIPS_R_SELFTEST_FAILED);
+ return ret;
+ }
+#endif
&& FIPS_selftest_aes_gcm()
&& FIPS_selftest_des()
&& FIPS_selftest_rsa()
+ && FIPS_selftest_ecdsa()
&& FIPS_selftest_dsa();
}
void FIPS_corrupt_dsa(void);
void FIPS_corrupt_dsa_keygen(void);
int FIPS_selftest_dsa(void);
+int FIPS_selftest_ecdsa(void);
+void FIPS_corrupt_ecdsa(void);
void FIPS_corrupt_ec_keygen(void);
void FIPS_corrupt_rng(void);
void FIPS_rng_stick(void);
#define FIPS_F_FIPS_SELFTEST_AES_GCM 130
#define FIPS_F_FIPS_SELFTEST_DES 111
#define FIPS_F_FIPS_SELFTEST_DSA 112
+#define FIPS_F_FIPS_SELFTEST_ECDSA 131
#define FIPS_F_FIPS_SELFTEST_HMAC 113
#define FIPS_F_FIPS_SELFTEST_RNG 114
#define FIPS_F_FIPS_SELFTEST_SHA1 115
} else if (!strcmp(argv[1], "dsa")) {
FIPS_corrupt_dsa();
printf("DSA key generation and signature validation with corrupted KAT...\n");
+ } else if (!strcmp(argv[1], "ecdsa")) {
+ FIPS_corrupt_ecdsa();
+ printf("ECDSA key generation and signature validation with corrupted KAT...\n");
} else if (!strcmp(argv[1], "rsa")) {
FIPS_corrupt_rsa();
printf("RSA key generation and signature validation with corrupted KAT...\n");
projects / openssl / commitdiff