92 lines
2.1 KiB
C
92 lines
2.1 KiB
C
#ifndef H_FIPS
|
|
#define H_FIPS
|
|
|
|
#include <openssl/rsa.h>
|
|
#include <openssl/pem.h>
|
|
#include <openssl/bn.h>
|
|
#include <openssl/err.h>
|
|
#include <math.h>
|
|
#include "audit.h"
|
|
|
|
#define TYPE_RSA 0x01
|
|
#define TYPE_ELLIPTIC 0x02
|
|
#define TYPE_X509 0x03
|
|
|
|
#define RSA_FORMAT_PKCS1 0x1
|
|
#define RSA_FORMAT_SPKI 0x2
|
|
|
|
#define BUF_SIZE_RESULT 256
|
|
|
|
#define ALGO_RSA 0x01
|
|
#define ALGO_EC 0x02
|
|
|
|
struct audit_fips_ecc{
|
|
struct st_audit audit_curve;
|
|
};
|
|
|
|
struct audit_fips_rsa{
|
|
struct st_audit audit_keysize;
|
|
struct st_audit audit_exponent;
|
|
};
|
|
|
|
struct audit_fips{
|
|
struct audit_fips_rsa audit_rsa;
|
|
struct audit_fips_ecc audit_ecc;
|
|
};
|
|
|
|
struct rsa{
|
|
int keysize;
|
|
unsigned long exponent;
|
|
int format; /* Format of the RSA KEY: PKCS1 or SPKI */
|
|
char *key;
|
|
int algo;
|
|
};
|
|
|
|
struct ecc{
|
|
//char *prime;
|
|
EC_KEY *ec;
|
|
char *g;
|
|
char *order;
|
|
int order_bits;
|
|
const char *curve;
|
|
int nid;
|
|
char *cofactor;
|
|
};
|
|
|
|
struct x509{
|
|
EVP_PKEY *evp;
|
|
X509_NAME *issuer;
|
|
X509_NAME *subject;
|
|
};
|
|
|
|
struct keyinfo{
|
|
int algo; /* RSA, ECC */
|
|
|
|
struct x509 st_x509;
|
|
struct ecc s_ecc;
|
|
struct rsa st_rsa;
|
|
};
|
|
|
|
int fips(const char *, struct audit_fips *, struct keyinfo *, const int, const int);
|
|
/* RSA */
|
|
static int fips_pubkey_rsa(struct audit_fips *, struct keyinfo *, const char *);
|
|
static int fips_privkey_rsa(struct audit_fips *, struct keyinfo *, const char *);
|
|
static int loadkeys_rsa(RSA **, const char *, int *format);
|
|
static int load_priv_rsa_keys(RSA **, const char *);
|
|
static void audit_rsa_keys(RSA *, struct audit_fips *, struct keyinfo *, const char *);
|
|
static int check_exponent(const BIGNUM *, char *, unsigned long *);
|
|
|
|
/* Elliptic */
|
|
static int fips_pubkey_ecc(EC_KEY *, struct audit_fips *, struct keyinfo *, const char *);
|
|
static EC_KEY *fips_load_pubkey_ecc(const char *);
|
|
static int get_domain_parameters(struct ecc *);
|
|
static void audit_ecc(struct audit_fips *, const int);
|
|
|
|
/* X509 */
|
|
static int fips_x509(struct audit_fips *, struct keyinfo *, const char *);
|
|
|
|
static int openssl_version();
|
|
static void print_error();
|
|
|
|
#endif
|