#ifndef H_FIPS #define H_FIPS #include #include #include #include #include #include "audit.h" #define TYPE_RSA 0x01 #define TYPE_ELLIPTIC 0x02 #define TYPE_X509 0x03 #define RSA_FORMAT_PKCS1 0x1 #define RSA_FORMAT_SPKI 0x2 #define BUF_SIZE_RESULT 256 #define ALGO_RSA 0x01 #define ALGO_EC 0x02 struct audit_fips_ecc{ struct st_audit audit_curve; }; struct audit_fips_rsa{ struct st_audit audit_keysize; struct st_audit audit_exponent; }; struct audit_fips{ struct audit_fips_rsa audit_rsa; struct audit_fips_ecc audit_ecc; }; struct rsa{ int keysize; unsigned long exponent; int format; /* Format of the RSA KEY: PKCS1 or SPKI */ char *key; int algo; }; struct ecc{ //char *prime; EC_KEY *ec; char *g; char *order; int order_bits; const char *curve; int nid; char *cofactor; }; struct x509{ EVP_PKEY *evp; X509_NAME *issuer; X509_NAME *subject; }; struct keyinfo{ int algo; /* RSA, ECC */ struct x509 st_x509; struct ecc s_ecc; struct rsa st_rsa; }; int fips(const char *, struct audit_fips *, struct keyinfo *, const int, const int); /* RSA */ static int fips_pubkey_rsa(struct audit_fips *, struct keyinfo *, const char *); static int fips_privkey_rsa(struct audit_fips *, struct keyinfo *, const char *); static int loadkeys_rsa(RSA **, const char *, int *format); static int load_priv_rsa_keys(RSA **, const char *); static void audit_rsa_keys(RSA *, struct audit_fips *, struct keyinfo *, const char *); static int check_exponent(const BIGNUM *, char *, unsigned long *); /* Elliptic */ static int fips_pubkey_ecc(EC_KEY *, struct audit_fips *, struct keyinfo *, const char *); static EC_KEY *fips_load_pubkey_ecc(const char *); static int get_domain_parameters(struct ecc *); static void audit_ecc(struct audit_fips *, const int); /* X509 */ static int fips_x509(struct audit_fips *, struct keyinfo *, const char *); static int openssl_version(); static void print_error(); #endif