]> git.ipfire.org Git - thirdparty/openssl.git/blame - fips/fips_test_suite.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Make DES3 and ECDSA self tests continue with remaining cases on
[thirdparty/openssl.git] / fips / fips_test_suite.c
CommitLineData
2b4b28dc
DSH		 1/* ====================================================================
2 * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
3 *
4 *
5 * This command is intended as a test driver for the FIPS-140 testing
6 * lab performing FIPS-140 validation. It demonstrates the use of the
7 * OpenSSL library ito perform a variety of common cryptographic
8 * functions. A power-up self test is demonstrated by deliberately
9 * pointing to an invalid executable hash
10 *
11 * Contributed by Steve Marquess.
12 *
13 */
14
7c8ced94 15#define OPENSSL_FIPSAPI
2b4b28dc
DSH		 16
17#include <stdio.h>
18#include <assert.h>
19#include <ctype.h>
20#include <string.h>
21#include <stdlib.h>
22#include <openssl/evp.h>
23#include <openssl/hmac.h>
37942b93 24#include <openssl/cmac.h>
2b4b28dc
DSH		 25#include <openssl/sha.h>
26#include <openssl/err.h>
27
28#include <openssl/bn.h>
29#include <openssl/rand.h>
30
31#ifndef OPENSSL_FIPS
32int main(int argc, char *argv[])
33 {
34 printf("No FIPS support\n");
35 return(0);
36 }
37#else
38
39#define ERR_clear_error() while(0)
40
41#include <openssl/rsa.h>
42#include <openssl/dsa.h>
43#include <openssl/dh.h>
44
45#include <openssl/fips.h>
4420b3b1 46#include <openssl/fips_rand.h>
2b4b28dc
DSH		 47#include "fips_utl.h"
48
49/* AES: encrypt and decrypt known plaintext, verify result matches original plaintext
50*/
51static int FIPS_aes_test(void)
52 {
53 int ret = 0;
54 unsigned char pltmp[16];
55 unsigned char citmp[16];
56 unsigned char key[16] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
57 unsigned char plaintext[16] = "etaonrishdlcu";
58 EVP_CIPHER_CTX ctx;
e47af46c
DSH		 59 FIPS_cipher_ctx_init(&ctx);
60 if (FIPS_cipherinit(&ctx, EVP_aes_128_ecb(), key, NULL, 1) <= 0)
2b4b28dc 61 goto err;
e47af46c
DSH		 62 FIPS_cipher(&ctx, citmp, plaintext, 16);
63 if (FIPS_cipherinit(&ctx, EVP_aes_128_ecb(), key, NULL, 0) <= 0)
2b4b28dc 64 goto err;
e47af46c 65 FIPS_cipher(&ctx, pltmp, citmp, 16);
2b4b28dc
DSH		 66 if (memcmp(pltmp, plaintext, 16))
67 goto err;
68 ret = 1;
69 err:
e47af46c 70 FIPS_cipher_ctx_cleanup(&ctx);
2b4b28dc
DSH		 71 return ret;
72 }
73
acf254f8
DSH		 74static int FIPS_aes_gcm_test(void)
75 {
76 int ret = 0;
77 unsigned char pltmp[16];
78 unsigned char citmp[16];
79 unsigned char tagtmp[16];
80 unsigned char key[16] = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
81 unsigned char iv[16] = {21,22,23,24,25,26,27,28,29,30,31,32};
82 unsigned char aad[] = "Some text AAD";
83 unsigned char plaintext[16] = "etaonrishdlcu";
84 EVP_CIPHER_CTX ctx;
85 FIPS_cipher_ctx_init(&ctx);
86 if (FIPS_cipherinit(&ctx, EVP_aes_128_gcm(), key, iv, 1) <= 0)
87 goto err;
88 FIPS_cipher(&ctx, NULL, aad, sizeof(aad));
89 FIPS_cipher(&ctx, citmp, plaintext, 16);
90 FIPS_cipher(&ctx, NULL, NULL, 0);
91 if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, 16, tagtmp))
92 goto err;
93
94 if (FIPS_cipherinit(&ctx, EVP_aes_128_gcm(), key, iv, 0) <= 0)
95 goto err;
96 if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tagtmp))
97 goto err;
98
99 FIPS_cipher(&ctx, NULL, aad, sizeof(aad));
100
101 FIPS_cipher(&ctx, pltmp, citmp, 16);
102
103 if (FIPS_cipher(&ctx, NULL, NULL, 0) < 0)
104 goto err;
105
106 if (memcmp(pltmp, plaintext, 16))
107 goto err;
108
109 ret = 1;
110 err:
111 FIPS_cipher_ctx_cleanup(&ctx);
112 return ret;
113 }
114
2b4b28dc
DSH		 115static int FIPS_des3_test(void)
116 {
117 int ret = 0;
118 unsigned char pltmp[8];
119 unsigned char citmp[8];
120 unsigned char key[] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,
121 19,20,21,22,23,24};
122 unsigned char plaintext[] = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' };
123 EVP_CIPHER_CTX ctx;
e47af46c
DSH		 124 FIPS_cipher_ctx_init(&ctx);
125 if (FIPS_cipherinit(&ctx, EVP_des_ede3_ecb(), key, NULL, 1) <= 0)
2b4b28dc 126 goto err;
e47af46c
DSH		 127 FIPS_cipher(&ctx, citmp, plaintext, 8);
128 if (FIPS_cipherinit(&ctx, EVP_des_ede3_ecb(), key, NULL, 0) <= 0)
2b4b28dc 129 goto err;
e47af46c 130 FIPS_cipher(&ctx, pltmp, citmp, 8);
2b4b28dc
DSH		 131 if (memcmp(pltmp, plaintext, 8))
132 goto err;
133 ret = 1;
134 err:
e47af46c 135 FIPS_cipher_ctx_cleanup(&ctx);
2b4b28dc
DSH		 136 return ret;
137 }
138
139/*
140 * DSA: generate keys and sign, verify input plaintext.
141 */
142static int FIPS_dsa_test(int bad)
143 {
144 DSA *dsa = NULL;
145 unsigned char dgst[] = "etaonrishdlc";
146 int r = 0;
2b4b28dc
DSH		 147 DSA_SIG *sig = NULL;
148
149 ERR_clear_error();
2b4b28dc
DSH		 150 dsa = FIPS_dsa_new();
151 if (!dsa)
152 goto end;
153 if (!DSA_generate_parameters_ex(dsa, 1024,NULL,0,NULL,NULL,NULL))
154 goto end;
155 if (!DSA_generate_key(dsa))
156 goto end;
157 if (bad)
158 BN_add_word(dsa->pub_key, 1);
159
485ef852 160 sig = FIPS_dsa_sign(dsa, dgst, sizeof(dgst) -1, EVP_sha256());
2b4b28dc
DSH		 161 if (!sig)
162 goto end;
163
485ef852 164 r = FIPS_dsa_verify(dsa, dgst, sizeof(dgst) -1, EVP_sha256(), sig);
2b4b28dc
DSH		 165 end:
166 if (sig)
e990b4f8 167 FIPS_dsa_sig_free(sig);
2b4b28dc
DSH		 168 if (dsa)
169 FIPS_dsa_free(dsa);
170 if (r != 1)
171 return 0;
172 return 1;
173 }
174
175/*
176 * RSA: generate keys and sign, verify input plaintext.
177 */
178static int FIPS_rsa_test(int bad)
179 {
180 RSA *key;
181 unsigned char input_ptext[] = "etaonrishdlc";
182 unsigned char buf[256];
183 unsigned int slen;
184 BIGNUM *bn;
2b4b28dc
DSH		 185 int r = 0;
186
187 ERR_clear_error();
2b4b28dc
DSH		 188 key = FIPS_rsa_new();
189 bn = BN_new();
190 if (!key || !bn)
191 return 0;
192 BN_set_word(bn, 65537);
c81f8f59 193 if (!RSA_generate_key_ex(key, 2048,bn,NULL))
2b4b28dc
DSH		 194 return 0;
195 BN_free(bn);
196 if (bad)
197 BN_add_word(key->n, 1);
198
485ef852
DSH		 199 if (!FIPS_rsa_sign(key, input_ptext, sizeof(input_ptext) - 1, EVP_sha256(),
200 RSA_PKCS1_PADDING, 0, NULL, buf, &slen))
2b4b28dc
DSH		 201 goto end;
202
485ef852
DSH		 203 r = FIPS_rsa_verify(key, input_ptext, sizeof(input_ptext) - 1, EVP_sha256(),
204 RSA_PKCS1_PADDING, 0, NULL, buf, slen);
2b4b28dc 205 end:
2b4b28dc
DSH		 206 if (key)
207 FIPS_rsa_free(key);
208 if (r != 1)
209 return 0;
210 return 1;
211 }
212
213/* SHA1: generate hash of known digest value and compare to known
214 precomputed correct hash
215*/
216static int FIPS_sha1_test()
217 {
218 unsigned char digest[SHA_DIGEST_LENGTH] =
219 { 0x11, 0xf1, 0x9a, 0x3a, 0xec, 0x1a, 0x1e, 0x8e, 0x65, 0xd4, 0x9a, 0x38, 0x0c, 0x8b, 0x1e, 0x2c, 0xe8, 0xb3, 0xc5, 0x18 };
220 unsigned char str[] = "etaonrishd";
221
222 unsigned char md[SHA_DIGEST_LENGTH];
223
224 ERR_clear_error();
e47af46c 225 if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha1())) return 0;
2b4b28dc
DSH		 226 if (memcmp(md,digest,sizeof(md)))
227 return 0;
228 return 1;
229 }
230
231/* SHA256: generate hash of known digest value and compare to known
232 precomputed correct hash
233*/
234static int FIPS_sha256_test()
235 {
236 unsigned char digest[SHA256_DIGEST_LENGTH] =
237 {0xf5, 0x53, 0xcd, 0xb8, 0xcf, 0x1, 0xee, 0x17, 0x9b, 0x93, 0xc9, 0x68, 0xc0, 0xea, 0x40, 0x91,
238 0x6, 0xec, 0x8e, 0x11, 0x96, 0xc8, 0x5d, 0x1c, 0xaf, 0x64, 0x22, 0xe6, 0x50, 0x4f, 0x47, 0x57};
239 unsigned char str[] = "etaonrishd";
240
241 unsigned char md[SHA256_DIGEST_LENGTH];
242
243 ERR_clear_error();
e47af46c 244 if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha256())) return 0;
2b4b28dc
DSH		 245 if (memcmp(md,digest,sizeof(md)))
246 return 0;
247 return 1;
248 }
249
250/* SHA512: generate hash of known digest value and compare to known
251 precomputed correct hash
252*/
253static int FIPS_sha512_test()
254 {
255 unsigned char digest[SHA512_DIGEST_LENGTH] =
256 {0x99, 0xc9, 0xe9, 0x5b, 0x88, 0xd4, 0x78, 0x88, 0xdf, 0x88, 0x5f, 0x94, 0x71, 0x64, 0x28, 0xca,
257 0x16, 0x1f, 0x3d, 0xf4, 0x1f, 0xf3, 0x0f, 0xc5, 0x03, 0x99, 0xb2, 0xd0, 0xe7, 0x0b, 0x94, 0x4a,
258 0x45, 0xd2, 0x6c, 0x4f, 0x20, 0x06, 0xef, 0x71, 0xa9, 0x25, 0x7f, 0x24, 0xb1, 0xd9, 0x40, 0x22,
259 0x49, 0x54, 0x10, 0xc2, 0x22, 0x9d, 0x27, 0xfe, 0xbd, 0xd6, 0xd6, 0xeb, 0x2d, 0x42, 0x1d, 0xa3};
260 unsigned char str[] = "etaonrishd";
261
262 unsigned char md[SHA512_DIGEST_LENGTH];
263
264 ERR_clear_error();
e47af46c 265 if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha512())) return 0;
2b4b28dc
DSH		 266 if (memcmp(md,digest,sizeof(md)))
267 return 0;
268 return 1;
269 }
270
271/* HMAC-SHA1: generate hash of known digest value and compare to known
272 precomputed correct hash
273*/
274static int FIPS_hmac_sha1_test()
275 {
276 unsigned char key[] = "etaonrishd";
277 unsigned char iv[] = "Sample text";
278 unsigned char kaval[EVP_MAX_MD_SIZE] =
279 {0x73, 0xf7, 0xa0, 0x48, 0xf8, 0x94, 0xed, 0xdd, 0x0a, 0xea, 0xea, 0x56, 0x1b, 0x61, 0x2e, 0x70,
280 0xb2, 0xfb, 0xec, 0xc6};
281
282 unsigned char out[EVP_MAX_MD_SIZE];
283 unsigned int outlen;
284
285 ERR_clear_error();
286 if (!HMAC(EVP_sha1(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
287 if (memcmp(out,kaval,outlen))
288 return 0;
289 return 1;
290 }
291
292/* HMAC-SHA224: generate hash of known digest value and compare to known
293 precomputed correct hash
294*/
295static int FIPS_hmac_sha224_test()
296 {
297 unsigned char key[] = "etaonrishd";
298 unsigned char iv[] = "Sample text";
299 unsigned char kaval[EVP_MAX_MD_SIZE] =
300 {0x75, 0x58, 0xd5, 0xbd, 0x55, 0x6d, 0x87, 0x0f, 0x75, 0xff, 0xbe, 0x1c, 0xb2, 0xf0, 0x20, 0x35,
301 0xe5, 0x62, 0x49, 0xb6, 0x94, 0xb9, 0xfc, 0x65, 0x34, 0x33, 0x3a, 0x19};
302
303 unsigned char out[EVP_MAX_MD_SIZE];
304 unsigned int outlen;
305
306 ERR_clear_error();
307 if (!HMAC(EVP_sha224(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
308 if (memcmp(out,kaval,outlen))
309 return 0;
310 return 1;
311 }
312
313/* HMAC-SHA256: generate hash of known digest value and compare to known
314 precomputed correct hash
315*/
316static int FIPS_hmac_sha256_test()
317 {
318 unsigned char key[] = "etaonrishd";
319 unsigned char iv[] = "Sample text";
320 unsigned char kaval[EVP_MAX_MD_SIZE] =
321 {0xe9, 0x17, 0xc1, 0x7b, 0x4c, 0x6b, 0x77, 0xda, 0xd2, 0x30, 0x36, 0x02, 0xf5, 0x72, 0x33, 0x87,
322 0x9f, 0xc6, 0x6e, 0x7b, 0x7e, 0xa8, 0xea, 0xaa, 0x9f, 0xba, 0xee, 0x51, 0xff, 0xda, 0x24, 0xf4};
323
324 unsigned char out[EVP_MAX_MD_SIZE];
325 unsigned int outlen;
326
327 ERR_clear_error();
328 if (!HMAC(EVP_sha256(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
329 if (memcmp(out,kaval,outlen))
330 return 0;
331 return 1;
332 }
333
334/* HMAC-SHA384: generate hash of known digest value and compare to known
335 precomputed correct hash
336*/
337static int FIPS_hmac_sha384_test()
338 {
339 unsigned char key[] = "etaonrishd";
340 unsigned char iv[] = "Sample text";
341 unsigned char kaval[EVP_MAX_MD_SIZE] =
342 {0xb2, 0x9d, 0x40, 0x58, 0x32, 0xc4, 0xe3, 0x31, 0xb6, 0x63, 0x08, 0x26, 0x99, 0xef, 0x3b, 0x10,
343 0xe2, 0xdf, 0xf8, 0xff, 0xc6, 0xe1, 0x03, 0x29, 0x81, 0x2a, 0x1b, 0xac, 0xb0, 0x07, 0x39, 0x08,
344 0xf3, 0x91, 0x35, 0x11, 0x76, 0xd6, 0x4c, 0x20, 0xfb, 0x4d, 0xc3, 0xf3, 0xb8, 0x9b, 0x88, 0x1c};
345
346 unsigned char out[EVP_MAX_MD_SIZE];
347 unsigned int outlen;
348
349 ERR_clear_error();
350 if (!HMAC(EVP_sha384(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
351 if (memcmp(out,kaval,outlen))
352 return 0;
353 return 1;
354 }
355
356/* HMAC-SHA512: generate hash of known digest value and compare to known
357 precomputed correct hash
358*/
359static int FIPS_hmac_sha512_test()
360 {
361 unsigned char key[] = "etaonrishd";
362 unsigned char iv[] = "Sample text";
363 unsigned char kaval[EVP_MAX_MD_SIZE] =
364 {0xcd, 0x3e, 0xb9, 0x51, 0xb8, 0xbc, 0x7f, 0x9a, 0x23, 0xaf, 0xf3, 0x77, 0x59, 0x85, 0xa9, 0xe6,
365 0xf7, 0xd1, 0x51, 0x96, 0x17, 0xe0, 0x92, 0xd8, 0xa6, 0x3b, 0xc1, 0xad, 0x7e, 0x24, 0xca, 0xb1,
366 0xd7, 0x79, 0x0a, 0xa5, 0xea, 0x2c, 0x02, 0x58, 0x0b, 0xa6, 0x52, 0x6b, 0x61, 0x7f, 0xeb, 0x9c,
367 0x47, 0x86, 0x5d, 0x74, 0x2b, 0x88, 0xdf, 0xee, 0x46, 0x69, 0x96, 0x3d, 0xa6, 0xd9, 0x2a, 0x53};
368
369 unsigned char out[EVP_MAX_MD_SIZE];
370 unsigned int outlen;
371
372 ERR_clear_error();
373 if (!HMAC(EVP_sha512(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
374 if (memcmp(out,kaval,outlen))
375 return 0;
376 return 1;
377 }
378
37942b93
RL		 379/* CMAC-AES128: generate hash of known digest value and compare to known
380 precomputed correct hash
381*/
382static int FIPS_cmac_aes128_test()
383 {
384 unsigned char key[16] = { 0x2b,0x7e,0x15,0x16, 0x28,0xae,0xd2,0xa6,
385 0xab,0xf7,0x15,0x88, 0x09,0xcf,0x4f,0x3c, };
386 unsigned char data[] = "Sample text";
387 unsigned char kaval[EVP_MAX_MD_SIZE] =
388 { 0x16,0x83,0xfe,0xac, 0x52,0x9b,0xae,0x23,
389 0xd7,0xd5,0x66,0xf5, 0xd2,0x8d,0xbd,0x2a, };
390
391 unsigned char *out = NULL;
bb61a6c8 392 size_t outlen;
37942b93
RL		 393 CMAC_CTX *ctx = CMAC_CTX_new();
394 int r = 0;
395
396 ERR_clear_error();
397
398 if (!ctx)
399 goto end;
400 if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_128_cbc(),NULL))
401 goto end;
402 if (!CMAC_Update(ctx,data,sizeof(data)-1))
403 goto end;
404 /* This should return 1. If not, there's a programming error... */
405 if (!CMAC_Final(ctx, out, &outlen))
406 goto end;
407 out = OPENSSL_malloc(outlen);
408 if (!CMAC_Final(ctx, out, &outlen))
409 goto end;
410#if 0
411 {
412 char *hexout = OPENSSL_malloc(outlen * 2 + 1);
413 bin2hex(out, outlen, hexout);
414 printf("CMAC-AES128: res = %s\n", hexout);
415 OPENSSL_free(hexout);
416 }
417 r = 1;
418#else
419 if (!memcmp(out,kaval,outlen))
420 r = 1;
421#endif
422 end:
423 CMAC_CTX_free(ctx);
424 if (out)
425 OPENSSL_free(out);
426 return r;
427 }
428
429/* CMAC-AES192: generate hash of known digest value and compare to known
430 precomputed correct hash
431*/
432static int FIPS_cmac_aes192_test()
433 {
434 unsigned char key[] = { 0x8e,0x73,0xb0,0xf7, 0xda,0x0e,0x64,0x52,
435 0xc8,0x10,0xf3,0x2b, 0x80,0x90,0x79,0xe5,
436 0x62,0xf8,0xea,0xd2, 0x52,0x2c,0x6b,0x7b, };
437 unsigned char data[] = "Sample text";
438 unsigned char kaval[] =
439 { 0xd6,0x99,0x19,0x25, 0xe5,0x1d,0x95,0x48,
440 0xb1,0x4a,0x0b,0xf2, 0xc6,0x3c,0x47,0x1f, };
441
442 unsigned char *out = NULL;
bb61a6c8 443 size_t outlen;
37942b93
RL		 444 CMAC_CTX *ctx = CMAC_CTX_new();
445 int r = 0;
446
447 ERR_clear_error();
448
449 if (!ctx)
450 goto end;
451 if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_192_cbc(),NULL))
452 goto end;
453 if (!CMAC_Update(ctx,data,sizeof(data)-1))
454 goto end;
455 /* This should return 1. If not, there's a programming error... */
456 if (!CMAC_Final(ctx, out, &outlen))
457 goto end;
458 out = OPENSSL_malloc(outlen);
459 if (!CMAC_Final(ctx, out, &outlen))
460 goto end;
461#if 0
462 {
463 char *hexout = OPENSSL_malloc(outlen * 2 + 1);
464 bin2hex(out, outlen, hexout);
465 printf("CMAC-AES192: res = %s\n", hexout);
466 OPENSSL_free(hexout);
467 }
468 r = 1;
469#else
470 if (!memcmp(out,kaval,outlen))
471 r = 1;
472#endif
473 end:
474 CMAC_CTX_free(ctx);
475 if (out)
476 OPENSSL_free(out);
477 return r;
478 }
479
480/* CMAC-AES256: generate hash of known digest value and compare to known
481 precomputed correct hash
482*/
483static int FIPS_cmac_aes256_test()
484 {
485 unsigned char key[] = { 0x60,0x3d,0xeb,0x10, 0x15,0xca,0x71,0xbe,
486 0x2b,0x73,0xae,0xf0, 0x85,0x7d,0x77,0x81,
487 0x1f,0x35,0x2c,0x07, 0x3b,0x61,0x08,0xd7,
488 0x2d,0x98,0x10,0xa3, 0x09,0x14,0xdf,0xf4, };
489 unsigned char data[] = "Sample text";
490 unsigned char kaval[] =
491 { 0xec,0xc2,0xcf,0x63, 0xc7,0xce,0xfc,0xa4,
492 0xb0,0x86,0x37,0x5f, 0x15,0x60,0xba,0x1f, };
493
494 unsigned char *out = NULL;
bb61a6c8 495 size_t outlen;
37942b93
RL		 496 CMAC_CTX *ctx = CMAC_CTX_new();
497 int r = 0;
498
499 ERR_clear_error();
500
501 if (!ctx)
502 goto end;
503 if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_256_cbc(),NULL))
504 goto end;
505 if (!CMAC_Update(ctx,data,sizeof(data)-1))
506 goto end;
507 /* This should return 1. If not, there's a programming error... */
508 if (!CMAC_Final(ctx, out, &outlen))
509 goto end;
510 out = OPENSSL_malloc(outlen);
511 if (!CMAC_Final(ctx, out, &outlen))
512 goto end;
513#if 0
514 {
515 char *hexout = OPENSSL_malloc(outlen * 2 + 1);
516 bin2hex(out, outlen, hexout);
517 printf("CMAC-AES256: res = %s\n", hexout);
518 OPENSSL_free(hexout);
519 }
520 r = 1;
521#else
522 if (!memcmp(out,kaval,outlen))
523 r = 1;
524#endif
525 end:
526 CMAC_CTX_free(ctx);
527 if (out)
528 OPENSSL_free(out);
529 return r;
530 }
531
37942b93
RL		 532/* CMAC-TDEA3: generate hash of known digest value and compare to known
533 precomputed correct hash
534*/
535static int FIPS_cmac_tdea3_test()
536 {
537 unsigned char key[] = { 0x8a,0xa8,0x3b,0xf8, 0xcb,0xda,0x10,0x62,
538 0x0b,0xc1,0xbf,0x19, 0xfb,0xb6,0xcd,0x58,
539 0xbc,0x31,0x3d,0x4a, 0x37,0x1c,0xa8,0xb5, };
540 unsigned char data[] = "Sample text";
541 unsigned char kaval[EVP_MAX_MD_SIZE] =
542 { 0xb4,0x06,0x4e,0xbf, 0x59,0x89,0xba,0x68, };
543
544 unsigned char *out = NULL;
bb61a6c8 545 size_t outlen;
37942b93
RL		 546 CMAC_CTX *ctx = CMAC_CTX_new();
547 int r = 0;
548
549 ERR_clear_error();
550
551 if (!ctx)
552 goto end;
553 if (!CMAC_Init(ctx,key,sizeof(key),EVP_des_ede3_cbc(),NULL))
554 goto end;
555 if (!CMAC_Update(ctx,data,sizeof(data)-1))
556 goto end;
557 /* This should return 1. If not, there's a programming error... */
558 if (!CMAC_Final(ctx, out, &outlen))
559 goto end;
560 out = OPENSSL_malloc(outlen);
561 if (!CMAC_Final(ctx, out, &outlen))
562 goto end;
563#if 0
564 {
565 char *hexout = OPENSSL_malloc(outlen * 2 + 1);
566 bin2hex(out, outlen, hexout);
567 printf("CMAC-TDEA3: res = %s\n", hexout);
568 OPENSSL_free(hexout);
569 }
570 r = 1;
571#else
572 if (!memcmp(out,kaval,outlen))
573 r = 1;
574#endif
575 end:
576 CMAC_CTX_free(ctx);
577 if (out)
578 OPENSSL_free(out);
579 return r;
580 }
581
2b4b28dc
DSH		 582
583/* DH: generate shared parameters
584*/
585static int dh_test()
586 {
587 DH *dh;
588 ERR_clear_error();
589 dh = FIPS_dh_new();
590 if (!dh)
591 return 0;
592 if (!DH_generate_parameters_ex(dh, 1024, 2, NULL))
593 return 0;
594 FIPS_dh_free(dh);
595 return 1;
596 }
597
598/* Zeroize
599*/
600static int Zeroize()
601 {
602 RSA *key;
603 BIGNUM *bn;
604 unsigned char userkey[16] =
605 { 0x48, 0x50, 0xf0, 0xa3, 0x3a, 0xed, 0xd3, 0xaf, 0x6e, 0x47, 0x7f, 0x83, 0x02, 0xb1, 0x09, 0x68 };
606 size_t i;
607 int n;
608
609 key = FIPS_rsa_new();
610 bn = BN_new();
611 if (!key || !bn)
612 return 0;
613 BN_set_word(bn, 65537);
614 if (!RSA_generate_key_ex(key, 1024,bn,NULL))
615 return 0;
616 BN_free(bn);
617
618 n = BN_num_bytes(key->d);
619 printf(" Generated %d byte RSA private key\n", n);
620 printf("\tBN key before overwriting:\n");
621 do_bn_print(stdout, key->d);
622 BN_rand(key->d,n*8,-1,0);
623 printf("\tBN key after overwriting:\n");
624 do_bn_print(stdout, key->d);
625
626 printf("\tchar buffer key before overwriting: \n\t\t");
627 for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
628 printf("\n");
629 RAND_bytes(userkey, sizeof userkey);
630 printf("\tchar buffer key after overwriting: \n\t\t");
631 for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
632 printf("\n");
633
b7de76b7
DSH		 634 FIPS_rsa_free(key);
635
2b4b28dc
DSH		 636 return 1;
637 }
638
4420b3b1
DSH		 639/* Dummy Entropy for DRBG tests. WARNING: THIS IS TOTALLY BOGUS
640 * HAS ZERO SECURITY AND MUST NOT BE USED IN REAL APPLICATIONS.
641 */
642
643static unsigned char dummy_drbg_entropy[1024];
644
645static size_t drbg_test_cb(DRBG_CTX *ctx, unsigned char **pout,
646 int entropy, size_t min_len, size_t max_len)
647 {
648 *pout = dummy_drbg_entropy;
649 /* Round up to multiple of block size */
650 return (min_len + 0xf) & ~0xf;
651 }
652
476e7e49
DSH		 653/* Callback which returns 0 to indicate entropy source failure */
654static size_t drbg_fail_cb(DRBG_CTX *ctx, unsigned char **pout,
655 int entropy, size_t min_len, size_t max_len)
656 {
657 return 0;
658 }
659
4420b3b1
DSH		 660/* DRBG test: just generate lots of data and trigger health checks */
661
662static int do_drbg_test(int type, int flags)
663 {
664 DRBG_CTX *dctx;
665 int rv = 0;
666 size_t i;
667 unsigned char randout[1024];
668 dctx = FIPS_drbg_new(type, flags);
669 if (!dctx)
670 return 0;
671 FIPS_drbg_set_callbacks(dctx, drbg_test_cb, 0, 0x10, drbg_test_cb, 0);
672 for (i = 0; i < sizeof(dummy_drbg_entropy); i++)
673 {
674 dummy_drbg_entropy[i] = i & 0xff;
675 }
676 if (!FIPS_drbg_instantiate(dctx, dummy_drbg_entropy, 10))
677 goto err;
678 FIPS_drbg_set_check_interval(dctx, 10);
679 for (i = 0; i < 32; i++)
680 {
681 if (!FIPS_drbg_generate(dctx, randout, sizeof(randout), 0, NULL, 0))
682 goto err;
683 if (!FIPS_drbg_generate(dctx, randout, sizeof(randout), 0, dummy_drbg_entropy, 1))
684 goto err;
685 }
686 rv = 1;
687 err:
b7de76b7 688 FIPS_drbg_free(dctx);
4420b3b1
DSH		 689 return rv;
690 }
691
692typedef struct
693 {
694 int type, flags;
695 } DRBG_LIST;
696
697static int do_drbg_all(void)
698 {
699 static DRBG_LIST drbg_types[] =
700 {
701 {NID_sha1, 0},
702 {NID_sha224, 0},
703 {NID_sha256, 0},
704 {NID_sha384, 0},
705 {NID_sha512, 0},
706 {NID_hmacWithSHA1, 0},
707 {NID_hmacWithSHA224, 0},
708 {NID_hmacWithSHA256, 0},
709 {NID_hmacWithSHA384, 0},
710 {NID_hmacWithSHA512, 0},
711 {NID_aes_128_ctr, 0},
712 {NID_aes_192_ctr, 0},
713 {NID_aes_256_ctr, 0},
714 {NID_aes_128_ctr, DRBG_FLAG_CTR_USE_DF},
715 {NID_aes_192_ctr, DRBG_FLAG_CTR_USE_DF},
716 {NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF},
717 {(NID_X9_62_prime256v1 << 16)|NID_sha1, 0},
718 {(NID_X9_62_prime256v1 << 16)|NID_sha224, 0},
719 {(NID_X9_62_prime256v1 << 16)|NID_sha256, 0},
720 {(NID_X9_62_prime256v1 << 16)|NID_sha384, 0},
721 {(NID_X9_62_prime256v1 << 16)|NID_sha512, 0},
722 {(NID_secp384r1 << 16)|NID_sha224, 0},
723 {(NID_secp384r1 << 16)|NID_sha256, 0},
724 {(NID_secp384r1 << 16)|NID_sha384, 0},
725 {(NID_secp384r1 << 16)|NID_sha512, 0},
726 {(NID_secp521r1 << 16)|NID_sha256, 0},
727 {(NID_secp521r1 << 16)|NID_sha384, 0},
728 {(NID_secp521r1 << 16)|NID_sha512, 0},
729 {0, 0}
730 };
731 DRBG_LIST *lst;
732 int rv = 1;
733 for (lst = drbg_types;; lst++)
734 {
735 if (lst->type == 0)
736 break;
737 if (!do_drbg_test(lst->type, lst->flags))
738 rv = 0;
739 }
740 return rv;
741 }
742
2b4b28dc
DSH		 743static int Error;
744static const char * Fail(const char *msg)
745 {
746 Error++;
747 return msg;
748 }
749
750static void test_msg(const char *msg, int result)
751 {
752 printf("%s...%s\n", msg, result ? "successful" : Fail("Failed!"));
753 }
754
9338f290 755/* Table of IDs for POST translating between NIDs and names */
ac892b7a 756
9338f290 757typedef struct
ac892b7a 758 {
9338f290
DSH		 759 int id;
760 const char *name;
761 } POST_ID;
762
763POST_ID id_list[] = {
764 {NID_sha1, "SHA1"},
765 {NID_sha224, "SHA224"},
766 {NID_sha256, "SHA256"},
767 {NID_sha384, "SHA384"},
768 {NID_sha512, "SHA512"},
20f12e63
DSH		 769 {NID_hmacWithSHA1, "HMAC-SHA1"},
770 {NID_hmacWithSHA224, "HMAC-SHA224"},
771 {NID_hmacWithSHA256, "HMAC-SHA256"},
772 {NID_hmacWithSHA384, "HMAC-SHA384"},
773 {NID_hmacWithSHA512, "HMAC-SHA512"},
9338f290
DSH		 774 {EVP_PKEY_RSA, "RSA"},
775 {EVP_PKEY_DSA, "DSA"},
776 {EVP_PKEY_EC, "ECDSA"},
8f331999
DSH		 777 {NID_aes_128_cbc, "AES-128-CBC"},
778 {NID_aes_192_cbc, "AES-192-CBC"},
779 {NID_aes_256_cbc, "AES-256-CBC"},
76089788
DSH		 780 {NID_aes_128_ctr, "AES-128-CTR"},
781 {NID_aes_192_ctr, "AES-192-CTR"},
782 {NID_aes_256_ctr, "AES-256-CTR"},
9338f290 783 {NID_aes_128_ecb, "AES-128-ECB"},
bf8131f7
DSH		 784 {NID_aes_128_xts, "AES-128-XTS"},
785 {NID_aes_256_xts, "AES-256-XTS"},
8f331999 786 {NID_des_ede3_cbc, "DES-EDE3-CBC"},
9338f290 787 {NID_des_ede3_ecb, "DES-EDE3-ECB"},
2bfeb7dc
DSH		 788 {NID_secp224r1, "P-224"},
789 {NID_sect233r1, "B-233"},
59365214 790 {NID_sect233k1, "K-233"},
7fdcb457
DSH		 791 {NID_X9_62_prime256v1, "P-256"},
792 {NID_secp384r1, "P-384"},
793 {NID_secp521r1, "P-521"},
9338f290
DSH		 794 {0, NULL}
795};
796
797static const char *lookup_id(int id)
798 {
799 POST_ID *n;
800 static char out[40];
801 for (n = id_list; n->name; n++)
ac892b7a 802 {
9338f290
DSH		 803 if (n->id == id)
804 return n->name;
ac892b7a 805 }
8f331999 806 sprintf(out, "ID=%d", id);
9338f290 807 return out;
ac892b7a
DSH		 808 }
809
810static int fail_id = -1;
811static int fail_sub = -1;
812static int fail_key = -1;
b1adc971
DSH		 813static int sub_num = -1, sub_count = -1;
814static int sub_fail_num = -1;
ac892b7a 815
8a794abd
DSH		 816static int st_err, post_quiet = 0;
817
ac892b7a
DSH		 818static int post_cb(int op, int id, int subid, void *ex)
819 {
820 const char *idstr, *exstr = "";
b1adc971 821 char asctmp[20], teststr[80];
ac892b7a 822 int keytype = -1;
8a794abd 823 int exp_fail = 0;
fc98a437
DSH		 824#ifdef FIPS_POST_TIME
825 static struct timespec start, end, tstart, tend;
826#endif
ac892b7a
DSH		 827 switch(id)
828 {
829 case FIPS_TEST_INTEGRITY:
830 idstr = "Integrity";
831 break;
832
833 case FIPS_TEST_DIGEST:
834 idstr = "Digest";
9338f290 835 exstr = lookup_id(subid);
ac892b7a
DSH		 836 break;
837
838 case FIPS_TEST_CIPHER:
9338f290 839 exstr = lookup_id(subid);
ac892b7a
DSH		 840 idstr = "Cipher";
841 break;
842
843 case FIPS_TEST_SIGNATURE:
844 if (ex)
845 {
846 EVP_PKEY *pkey = ex;
847 keytype = pkey->type;
59365214
DSH		 848 if (keytype == EVP_PKEY_EC)
849 {
850 const EC_GROUP *grp;
851 int cnid;
852 grp = EC_KEY_get0_group(pkey->pkey.ec);
853 cnid = EC_GROUP_get_curve_name(grp);
854 sprintf(asctmp, "ECDSA %s", lookup_id(cnid));
855 exstr = asctmp;
856 }
857 else
858 exstr = lookup_id(keytype);
ac892b7a
DSH		 859 }
860 idstr = "Signature";
861 break;
862
863 case FIPS_TEST_HMAC:
9338f290 864 exstr = lookup_id(subid);
ac892b7a
DSH		 865 idstr = "HMAC";
866 break;
867
868 case FIPS_TEST_CMAC:
8038511c 869 idstr = "CMAC";
8f331999 870 exstr = lookup_id(subid);
ac892b7a
DSH		 871 break;
872
873 case FIPS_TEST_GCM:
9338f290 874 idstr = "GCM";
ac892b7a
DSH		 875 break;
876
bf8131f7
DSH		 877 case FIPS_TEST_XTS:
878 idstr = "XTS";
879 exstr = lookup_id(subid);
ac892b7a
DSH		 880 break;
881
bf8131f7
DSH		 882 case FIPS_TEST_CCM:
883 idstr = "CCM";
ac892b7a
DSH		 884 break;
885
886 case FIPS_TEST_X931:
887 idstr = "X9.31 PRNG";
706735ae
DSH		 888 sprintf(asctmp, "keylen=%d", subid);
889 exstr = asctmp;
ac892b7a
DSH		 890 break;
891
892 case FIPS_TEST_DRBG:
893 idstr = "DRBG";
76089788
DSH		 894 if (*(int *)ex & DRBG_FLAG_CTR_USE_DF)
895 {
896 sprintf(asctmp, "%s DF", lookup_id(subid));
897 exstr = asctmp;
898 }
7fdcb457
DSH		 899 else if (subid >> 16)
900 {
901 sprintf(asctmp, "%s %s",
902 lookup_id(subid >> 16),
903 lookup_id(subid & 0xFFFF));
904 exstr = asctmp;
905 }
76089788
DSH		 906 else
907 exstr = lookup_id(subid);
ac892b7a
DSH		 908 break;
909
910 case FIPS_TEST_PAIRWISE:
911 if (ex)
912 {
913 EVP_PKEY *pkey = ex;
914 keytype = pkey->type;
9338f290 915 exstr = lookup_id(keytype);
ac892b7a
DSH		 916 }
917 idstr = "Pairwise Consistency";
918 break;
919
920 case FIPS_TEST_CONTINUOUS:
921 idstr = "Continuous PRNG";
922 break;
923
2bfeb7dc
DSH		 924 case FIPS_TEST_ECDH:
925 idstr = "ECDH";
926 exstr = lookup_id(subid);
927 break;
928
ac892b7a
DSH		 929 default:
930 idstr = "Unknown";
931 break;
932
933 }
934
8a794abd
DSH		 935 if (fail_id == id
936 && (fail_key == -1 || fail_key == keytype)
937 && (fail_sub == -1 || fail_sub == subid))
938 exp_fail = 1;
939
b1adc971
DSH		 940 if (sub_num > 0)
941 {
942 if (sub_fail_num == sub_num)
943 exp_fail = 1;
944 sprintf(teststr, "\t\t%s %s (POST subtest #%d) test",
945 idstr, exstr, sub_num);
946 }
947 else
948 sprintf(teststr, "\t\t%s %s test", idstr, exstr);
949
ac892b7a
DSH		 950 switch(op)
951 {
952 case FIPS_POST_BEGIN:
fc98a437 953#ifdef FIPS_POST_TIME
6313d628
DSH		 954 clock_getres(CLOCK_REALTIME, &tstart);
955 printf("\tTimer resolution %ld s, %ld ns\n",
956 (long)tstart.tv_sec, (long)tstart.tv_nsec);
fc98a437
DSH		 957 clock_gettime(CLOCK_REALTIME, &tstart);
958#endif
ac892b7a 959 printf("\tPOST started\n");
b1adc971 960 sub_num = 1;
ac892b7a
DSH		 961 break;
962
963 case FIPS_POST_END:
b1adc971
DSH		 964 if (sub_count == -1)
965 sub_count = sub_num;
966 else if (sub_num != sub_count)
967 printf("Inconsistent POST count %d != %d\n",
968 sub_num, sub_count);
969 sub_num = -1;
ac892b7a 970 printf("\tPOST %s\n", id ? "Success" : "Failed");
fc98a437
DSH		 971#ifdef FIPS_POST_TIME
972 clock_gettime(CLOCK_REALTIME, &tend);
973 printf("\t\tTook %f seconds\n",
974 (double)((tend.tv_sec+tend.tv_nsec*1e-9)
975 - (tstart.tv_sec+tstart.tv_nsec*1e-9)));
976#endif
ac892b7a
DSH		 977 break;
978
979 case FIPS_POST_STARTED:
8a794abd 980 if (!post_quiet && !exp_fail)
b1adc971 981 printf("%s started\n", teststr);
fc98a437
DSH		 982#ifdef FIPS_POST_TIME
983 clock_gettime(CLOCK_REALTIME, &start);
984#endif
ac892b7a
DSH		 985 break;
986
987 case FIPS_POST_SUCCESS:
b1adc971
DSH		 988 if (sub_num > 0)
989 sub_num++;
8a794abd
DSH		 990 if (exp_fail)
991 {
b1adc971 992 printf("%s OK but should've failed\n", teststr);
8a794abd
DSH		 993 st_err++;
994 }
995 else if (!post_quiet)
b1adc971 996 printf("%s OK\n", teststr);
fc98a437
DSH		 997#ifdef FIPS_POST_TIME
998 clock_gettime(CLOCK_REALTIME, &end);
999 printf("\t\t\tTook %f seconds\n",
1000 (double)((end.tv_sec+end.tv_nsec*1e-9)
1001 - (start.tv_sec+start.tv_nsec*1e-9)));
fc98a437 1002#endif
ac892b7a
DSH		 1003 break;
1004
1005 case FIPS_POST_FAIL:
b1adc971
DSH		 1006 if (sub_num > 0)
1007 sub_num++;
8a794abd 1008 if (exp_fail)
b1adc971 1009 printf("%s failed as expected\n", teststr);
8a794abd
DSH		 1010 else
1011 {
b1adc971 1012 printf("%s Failed Incorrectly!!\n", teststr);
8a794abd
DSH		 1013 st_err++;
1014 }
ac892b7a
DSH		 1015 break;
1016
1017 case FIPS_POST_CORRUPT:
8a794abd 1018 if (exp_fail)
ac892b7a 1019 {
b1adc971 1020 printf("%s failure induced\n", teststr);
ac892b7a
DSH		 1021 return 0;
1022 }
1023 break;
1024
1025 }
1026 return 1;
1027 }
1028
8a794abd
DSH		 1029static int do_fail_all(int fullpost, int fullerr)
1030 {
8a794abd
DSH		 1031 int rv;
1032 size_t i;
b1adc971 1033 int sub_fail;
8a794abd
DSH		 1034 RSA *rsa = NULL;
1035 DSA *dsa = NULL;
476e7e49 1036 DRBG_CTX *dctx = NULL, *defctx = NULL;
8a794abd
DSH		 1037 EC_KEY *ec = NULL;
1038 BIGNUM *bn = NULL;
1039 unsigned char out[10];
1040 if (!fullpost)
1041 post_quiet = 1;
1042 if (!fullerr)
1043 no_err = 1;
1044 FIPS_module_mode_set(0, NULL);
b1adc971 1045 for (sub_fail = 1; sub_fail < sub_count; sub_fail++)
8a794abd 1046 {
b1adc971
DSH		 1047 sub_fail_num = sub_fail;
1048 printf(" Testing induced failure of POST subtest %d\n",
1049 sub_fail);
8a794abd
DSH		 1050 rv = FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS);
1051 if (rv)
1052 {
1053 printf("\tFIPS mode incorrectly successful!!\n");
1054 st_err++;
1055 }
1056 }
b1adc971 1057 sub_fail_num = -1;
8a794abd
DSH		 1058 printf(" Testing induced failure of RSA keygen test\n");
1059 /* NB POST will succeed with a pairwise test failures as
1060 * it is not used during POST.
1061 */
1062 fail_id = FIPS_TEST_PAIRWISE;
1063 fail_key = EVP_PKEY_RSA;
1064 /* Now enter FIPS mode successfully */
1065 if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
1066 {
1067 printf("\tError entering FIPS mode\n");
1068 st_err++;
1069 }
1070
1071 rsa = FIPS_rsa_new();
1072 bn = BN_new();
1073 if (!rsa || !bn)
1074 return 0;
1075 BN_set_word(bn, 65537);
1076 if (RSA_generate_key_ex(rsa, 2048,bn,NULL))
1077 {
1078 printf("\tRSA key generated OK incorrectly!!\n");
1079 st_err++;
1080 }
1081 else
1082 printf("\tRSA key generation failed as expected.\n");
1083
1084 /* Leave FIPS mode to clear error */
1085 FIPS_module_mode_set(0, NULL);
1086
1087 printf(" Testing induced failure of DSA keygen test\n");
1088 fail_key = EVP_PKEY_DSA;
1089 /* Enter FIPS mode successfully */
1090 if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
1091 {
1092 printf("\tError entering FIPS mode\n");
1093 st_err++;
1094 }
1095 dsa = FIPS_dsa_new();
1096 if (!dsa)
1097 return 0;
1098 if (!DSA_generate_parameters_ex(dsa, 1024,NULL,0,NULL,NULL,NULL))
1099 return 0;
1100 if (DSA_generate_key(dsa))
1101 {
1102 printf("\tDSA key generated OK incorrectly!!\n");
1103 st_err++;
1104 }
1105 else
1106 printf("\tDSA key generation failed as expected.\n");
1107
1108 /* Leave FIPS mode to clear error */
1109 FIPS_module_mode_set(0, NULL);
1110 /* Enter FIPS mode successfully */
1111 if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
1112 {
1113 printf("\tError entering FIPS mode\n");
1114 st_err++;
1115 }
1116
1117 printf(" Testing induced failure of ECDSA keygen test\n");
1118 fail_key = EVP_PKEY_EC;
1119
1120 ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1121
1122 if (!ec)
1123 return 0;
1124
1125 if (EC_KEY_generate_key(ec))
1126 {
1127 printf("\tECDSA key generated OK incorrectly!!\n");
1128 st_err++;
1129 }
1130 else
1131 printf("\tECDSA key generation failed as expected.\n");
1132
476e7e49
DSH		 1133 FIPS_ec_key_free(ec);
1134 ec = NULL;
1135
8a794abd
DSH		 1136 fail_id = -1;
1137 fail_sub = -1;
1138 fail_key = -1;
1139 /* Leave FIPS mode to clear error */
1140 FIPS_module_mode_set(0, NULL);
1141 /* Enter FIPS mode successfully */
1142 if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
1143 {
1144 printf("\tError entering FIPS mode\n");
1145 st_err++;
1146 }
1147 /* Induce continuous PRNG failure for DRBG */
1148 printf(" Testing induced failure of DRBG CPRNG test\n");
1149 FIPS_drbg_stick(1);
1150
1151 /* Initialise a DRBG context */
1152 dctx = FIPS_drbg_new(NID_sha1, 0);
1153 if (!dctx)
1154 return 0;
1155 for (i = 0; i < sizeof(dummy_drbg_entropy); i++)
1156 {
1157 dummy_drbg_entropy[i] = i & 0xff;
1158 }
1159 FIPS_drbg_set_callbacks(dctx, drbg_test_cb, 0, 0x10, drbg_test_cb, 0);
1160 if (!FIPS_drbg_instantiate(dctx, dummy_drbg_entropy, 10))
1161 {
1162 printf("\tDRBG instantiate error!!\n");
1163 st_err++;
1164 }
1165 if (FIPS_drbg_generate(dctx, out, sizeof(out), 0, NULL, 0))
1166 {
1167 printf("\tDRBG continuous PRNG OK incorrectly!!\n");
1168 st_err++;
1169 }
1170 else
1171 printf("\tDRBG continuous PRNG failed as expected\n");
1172 FIPS_drbg_stick(0);
1173
1174 /* Leave FIPS mode to clear error */
1175 FIPS_module_mode_set(0, NULL);
1176 /* Enter FIPS mode successfully */
1177 if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
1178 {
1179 printf("\tError entering FIPS mode\n");
1180 st_err++;
1181 }
1182
1183 FIPS_drbg_free(dctx);
1184
1185 /* Induce continuous PRNG failure for DRBG entropy source*/
1186 printf(" Testing induced failure of DRBG entropy CPRNG test\n");
1187
1188 /* Initialise a DRBG context */
1189 dctx = FIPS_drbg_new(NID_sha1, 0);
1190 if (!dctx)
1191 return 0;
1192 for (i = 0; i < sizeof(dummy_drbg_entropy); i++)
1193 {
1194 dummy_drbg_entropy[i] = i & 0xf;
1195 }
1196 FIPS_drbg_set_callbacks(dctx, drbg_test_cb, 0, 0x10, drbg_test_cb, 0);
1197 if (FIPS_drbg_instantiate(dctx, dummy_drbg_entropy, 10))
1198 {
1199 printf("\tDRBG continuous PRNG entropy OK incorrectly!!\n");
1200 st_err++;
1201 }
1202 else
1203 printf("\tDRBG continuous PRNG entropy failed as expected\n");
1204 /* Leave FIPS mode to clear error */
1205 FIPS_module_mode_set(0, NULL);
1206 /* Enter FIPS mode successfully */
1207 if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
1208 {
1209 printf("\tError entering FIPS mode\n");
1210 st_err++;
1211 }
1212 FIPS_drbg_free(dctx);
1213
1214 /* Leave FIPS mode to clear error */
1215 FIPS_module_mode_set(0, NULL);
1216 /* Enter FIPS mode successfully */
1217 if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
1218 {
1219 printf("\tError entering FIPS mode\n");
1220 st_err++;
1221 }
1222
1223 printf(" Testing induced failure of X9.31 CPRNG test\n");
1224 FIPS_x931_stick(1);
1225 if (!FIPS_x931_set_key(dummy_drbg_entropy, 32))
1226 {
1227 printf("\tError initialiasing X9.31 PRNG\n");
1228 st_err++;
1229 }
1230 if (!FIPS_x931_seed(dummy_drbg_entropy + 32, 16))
1231 {
1232 printf("\tError seeding X9.31 PRNG\n");
1233 st_err++;
1234 }
1235 if (FIPS_x931_bytes(out, 10) > 0)
1236 {
1237 printf("\tX9.31 continuous PRNG failure OK incorrectly!!\n");
1238 st_err++;
1239 }
1240 else
1241 printf("\tX9.31 continuous PRNG failed as expected\n");
1242 FIPS_x931_stick(0);
1243
476e7e49
DSH		 1244 /* Leave FIPS mode to clear error */
1245 FIPS_module_mode_set(0, NULL);
1246 /* Enter FIPS mode successfully */
1247 if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
1248 {
1249 printf("\tError entering FIPS mode\n");
1250 st_err++;
1251 }
1252
1253 printf(" Testing operation failure with DRBG entropy failure\n");
1254
1255 /* Generate DSA key for later use */
1256 if (DSA_generate_key(dsa))
1257 printf("\tDSA key generated OK as expected.\n");
1258 else
1259 {
1260 printf("\tDSA key generation FAILED!!\n");
1261 st_err++;
1262 }
1263
1264 /* Initialise default DRBG context */
1265 defctx = FIPS_get_default_drbg();
1266 if (!defctx)
1267 return 0;
1268 if (!FIPS_drbg_init(defctx, NID_sha512, 0))
1269 return 0;
1270 /* Set entropy failure callback */
1271 FIPS_drbg_set_callbacks(defctx, drbg_fail_cb, 0, 0x10, drbg_test_cb, 0);
1272 if (FIPS_drbg_instantiate(defctx, dummy_drbg_entropy, 10))
1273 {
1274 printf("\tDRBG entropy fail OK incorrectly!!\n");
1275 st_err++;
1276 }
1277 else
1278 printf("\tDRBG entropy fail failed as expected\n");
1279
1280 if (FIPS_dsa_sign(dsa, dummy_drbg_entropy, 5, EVP_sha256()))
1281 {
1282 printf("\tDSA signing OK incorrectly!!\n");
1283 st_err++;
1284 }
1285 else
1286 printf("\tDSA signing failed as expected\n");
1287
1288 ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1289
1290 if (!ec)
1291 return 0;
1292
1293 if (EC_KEY_generate_key(ec))
1294 {
1295 printf("\tECDSA key generated OK incorrectly!!\n");
1296 st_err++;
1297 }
1298 else
1299 printf("\tECDSA key generation failed as expected.\n");
1300
8a794abd
DSH		 1301 printf(" Induced failure test completed with %d errors\n", st_err);
1302 post_quiet = 0;
1303 no_err = 0;
1304 BN_free(bn);
1305 FIPS_rsa_free(rsa);
1306 FIPS_dsa_free(dsa);
1307 FIPS_ec_key_free(ec);
1308 if (st_err)
1309 return 0;
1310 return 1;
1311 }
1312
8b8096d0
DSH		 1313#ifdef FIPS_ALGVS
1314int fips_test_suite_main(int argc, char **argv)
1315#else
1316int main(int argc, char **argv)
1317#endif
2b4b28dc 1318 {
8a794abd 1319 char **args = argv + 1;
2b4b28dc
DSH		 1320 int bad_rsa = 0, bad_dsa = 0;
1321 int do_rng_stick = 0;
ded19997 1322 int do_drbg_stick = 0;
2b4b28dc 1323 int no_exit = 0;
8a794abd 1324 int no_dh = 0, no_drbg = 0;
5e4eb995 1325 char *pass = FIPS_AUTH_USER_PASS;
8a794abd 1326 int fullpost = 0, fullerr = 0;
2b4b28dc 1327
ac892b7a
DSH		 1328 FIPS_post_set_callback(post_cb);
1329
01a9a759
DSH		 1330 printf("\tFIPS-mode test application\n");
1331
1332 printf("\t%s\n\n", FIPS_module_version_text());
2b4b28dc 1333
8a794abd 1334 while(*args) {
2b4b28dc 1335 /* Corrupted KAT tests */
8a794abd 1336 if (!strcmp(*args, "integrity")) {
ac892b7a 1337 fail_id = FIPS_TEST_INTEGRITY;
8a794abd 1338 } else if (!strcmp(*args, "aes")) {
ac892b7a
DSH		 1339 fail_id = FIPS_TEST_CIPHER;
1340 fail_sub = NID_aes_128_ecb;
8a794abd 1341 } else if (!strcmp(*args, "aes-ccm")) {
cb1b3aa1 1342 fail_id = FIPS_TEST_CCM;
8a794abd 1343 } else if (!strcmp(*args, "aes-gcm")) {
8038511c 1344 fail_id = FIPS_TEST_GCM;
8a794abd 1345 } else if (!strcmp(*args, "aes-xts")) {
bf8131f7 1346 fail_id = FIPS_TEST_XTS;
8a794abd 1347 } else if (!strcmp(*args, "des")) {
ac892b7a
DSH		 1348 fail_id = FIPS_TEST_CIPHER;
1349 fail_sub = NID_des_ede3_ecb;
8a794abd 1350 } else if (!strcmp(*args, "dsa")) {
ac892b7a
DSH		 1351 fail_id = FIPS_TEST_SIGNATURE;
1352 fail_key = EVP_PKEY_DSA;
c1f63b5c
DSH		 1353 } else if (!strcmp(argv[1], "ecdh")) {
1354 fail_id = FIPS_TEST_ECDH;
8a794abd 1355 } else if (!strcmp(*args, "ecdsa")) {
ac892b7a
DSH		 1356 fail_id = FIPS_TEST_SIGNATURE;
1357 fail_key = EVP_PKEY_EC;
8a794abd 1358 } else if (!strcmp(*args, "rsa")) {
ac892b7a
DSH		 1359 fail_id = FIPS_TEST_SIGNATURE;
1360 fail_key = EVP_PKEY_RSA;
8a794abd 1361 } else if (!strcmp(*args, "rsakey")) {
2b4b28dc
DSH		 1362 printf("RSA key generation and signature validation with corrupted key...\n");
1363 bad_rsa = 1;
1364 no_exit = 1;
8a794abd 1365 } else if (!strcmp(*args, "rsakeygen")) {
ac892b7a
DSH		 1366 fail_id = FIPS_TEST_PAIRWISE;
1367 fail_key = EVP_PKEY_RSA;
2b4b28dc 1368 no_exit = 1;
8a794abd 1369 } else if (!strcmp(*args, "dsakey")) {
2b4b28dc
DSH		 1370 printf("DSA key generation and signature validation with corrupted key...\n");
1371 bad_dsa = 1;
1372 no_exit = 1;
8a794abd 1373 } else if (!strcmp(*args, "dsakeygen")) {
ac892b7a
DSH		 1374 fail_id = FIPS_TEST_PAIRWISE;
1375 fail_key = EVP_PKEY_DSA;
2b4b28dc 1376 no_exit = 1;
8a794abd 1377 } else if (!strcmp(*args, "sha1")) {
ac892b7a 1378 fail_id = FIPS_TEST_DIGEST;
8a794abd 1379 } else if (!strcmp(*args, "hmac")) {
8038511c 1380 fail_id = FIPS_TEST_HMAC;
8a794abd 1381 } else if (!strcmp(*args, "cmac")) {
8f331999 1382 fail_id = FIPS_TEST_CMAC;
8a794abd 1383 } else if (!strcmp(*args, "drbg")) {
76089788 1384 fail_id = FIPS_TEST_DRBG;
2b4b28dc 1385 } else if (!strcmp(argv[1], "rng")) {
706735ae 1386 fail_id = FIPS_TEST_X931;
8a794abd
DSH		 1387 } else if (!strcmp(*args, "nodrbg")) {
1388 no_drbg = 1;
1389 no_exit = 1;
1390 } else if (!strcmp(*args, "nodh")) {
4420b3b1
DSH		 1391 no_dh = 1;
1392 no_exit = 1;
8a794abd 1393 } else if (!strcmp(*args, "post")) {
75707a32 1394 fail_id = -1;
8a794abd 1395 } else if (!strcmp(*args, "rngstick")) {
2b4b28dc
DSH		 1396 do_rng_stick = 1;
1397 no_exit = 1;
1398 printf("RNG test with stuck continuous test...\n");
8a794abd 1399 } else if (!strcmp(*args, "drbgentstick")) {
b8b6a13a 1400 do_entropy_stick();
8a794abd 1401 } else if (!strcmp(*args, "drbgstick")) {
ded19997
DSH		 1402 do_drbg_stick = 1;
1403 no_exit = 1;
1404 printf("DRBG test with stuck continuous test...\n");
8a794abd 1405 } else if (!strcmp(*args, "user")) {
5e4eb995 1406 pass = FIPS_AUTH_USER_PASS;
8a794abd 1407 } else if (!strcmp(*args, "officer")) {
5e4eb995 1408 pass = FIPS_AUTH_OFFICER_PASS;
8a794abd 1409 } else if (!strcmp(*args, "badpass")) {
5e4eb995 1410 pass = "bad invalid password";
8a794abd 1411 } else if (!strcmp(*args, "nopass")) {
4ff2999e 1412 pass = "";
8a794abd
DSH		 1413 } else if (!strcmp(*args, "fullpost")) {
1414 fullpost = 1;
1415 no_exit = 1;
1416 } else if (!strcmp(*args, "fullerr")) {
1417 fullerr = 1;
1418 no_exit = 1;
2b4b28dc 1419 } else {
8a794abd 1420 printf("Bad argument \"%s\"\n", *args);
d5939062 1421 return 1;
2b4b28dc 1422 }
8a794abd
DSH		 1423 args++;
1424 }
1425
1426 if ((argc != 1) && !no_exit) {
b8b6a13a 1427 fips_algtest_init_nofips();
5e4eb995 1428 if (!FIPS_module_mode_set(1, pass)) {
2b4b28dc 1429 printf("Power-up self test failed\n");
d5939062 1430 return 1;
2b4b28dc
DSH		 1431 }
1432 printf("Power-up self test successful\n");
d5939062 1433 return 0;
2b4b28dc
DSH		 1434 }
1435
b8b6a13a
DSH		 1436 fips_algtest_init_nofips();
1437
2b4b28dc
DSH		 1438 /* Non-Approved cryptographic operation
1439 */
1440 printf("1. Non-Approved cryptographic operation test...\n");
4420b3b1
DSH		 1441 if (no_dh)
1442 printf("\t D-H test skipped\n");
1443 else
1444 test_msg("\ta. Included algorithm (D-H)...", dh_test());
2b4b28dc
DSH		 1445
1446 /* Power-up self test
1447 */
1448 ERR_clear_error();
5e4eb995 1449 test_msg("2. Automatic power-up self test", FIPS_module_mode_set(1, pass));
c2fd5989 1450 if (!FIPS_module_mode())
d5939062 1451 return 1;
ded19997 1452 if (do_drbg_stick)
df64f34e 1453 FIPS_drbg_stick(1);
2b4b28dc 1454 if (do_rng_stick)
df64f34e 1455 FIPS_x931_stick(1);
2b4b28dc
DSH		 1456
1457 /* AES encryption/decryption
1458 */
acf254f8
DSH		 1459 test_msg("3a. AES encryption/decryption", FIPS_aes_test());
1460 /* AES GCM encryption/decryption
1461 */
1462 test_msg("3b. AES-GCM encryption/decryption", FIPS_aes_gcm_test());
2b4b28dc
DSH		 1463
1464 /* RSA key generation and encryption/decryption
1465 */
1466 test_msg("4. RSA key generation and encryption/decryption",
1467 FIPS_rsa_test(bad_rsa));
1468
1469 /* DES-CBC encryption/decryption
1470 */
1471 test_msg("5. DES-ECB encryption/decryption", FIPS_des3_test());
1472
1473 /* DSA key generation and signature validation
1474 */
1475 test_msg("6. DSA key generation and signature validation",
1476 FIPS_dsa_test(bad_dsa));
1477
1478 /* SHA-1 hash
1479 */
1480 test_msg("7a. SHA-1 hash", FIPS_sha1_test());
1481
1482 /* SHA-256 hash
1483 */
1484 test_msg("7b. SHA-256 hash", FIPS_sha256_test());
1485
1486 /* SHA-512 hash
1487 */
1488 test_msg("7c. SHA-512 hash", FIPS_sha512_test());
1489
1490 /* HMAC-SHA-1 hash
1491 */
1492 test_msg("7d. HMAC-SHA-1 hash", FIPS_hmac_sha1_test());
1493
1494 /* HMAC-SHA-224 hash
1495 */
1496 test_msg("7e. HMAC-SHA-224 hash", FIPS_hmac_sha224_test());
1497
1498 /* HMAC-SHA-256 hash
1499 */
1500 test_msg("7f. HMAC-SHA-256 hash", FIPS_hmac_sha256_test());
1501
1502 /* HMAC-SHA-384 hash
1503 */
1504 test_msg("7g. HMAC-SHA-384 hash", FIPS_hmac_sha384_test());
1505
1506 /* HMAC-SHA-512 hash
1507 */
1508 test_msg("7h. HMAC-SHA-512 hash", FIPS_hmac_sha512_test());
1509
37942b93
RL		 1510 /* CMAC-AES-128 hash
1511 */
1512 test_msg("8a. CMAC-AES-128 hash", FIPS_cmac_aes128_test());
1513
1514 /* CMAC-AES-192 hash
1515 */
1516 test_msg("8b. CMAC-AES-192 hash", FIPS_cmac_aes192_test());
1517
1518 /* CMAC-AES-256 hash
1519 */
1520 test_msg("8c. CMAC-AES-256 hash", FIPS_cmac_aes256_test());
1521
1522# if 0 /* Not a FIPS algorithm */
1523 /* CMAC-TDEA-2 hash
1524 */
1525 test_msg("8d. CMAC-TDEA-2 hash", FIPS_cmac_tdea2_test());
1526#endif
1527
1528 /* CMAC-TDEA-3 hash
1529 */
1530 test_msg("8e. CMAC-TDEA-3 hash", FIPS_cmac_tdea3_test());
1531
2b4b28dc
DSH		 1532 /* Non-Approved cryptographic operation
1533 */
37942b93 1534 printf("9. Non-Approved cryptographic operation test...\n");
2b4b28dc 1535 printf("\ta. Included algorithm (D-H)...%s\n",
4420b3b1 1536 no_dh ? "skipped" :
2b4b28dc
DSH		 1537 dh_test() ? "successful as expected"
1538 : Fail("failed INCORRECTLY!") );
1539
1540 /* Zeroization
1541 */
37942b93 1542 printf("10. Zero-ization...\n\t%s\n",
2b4b28dc
DSH		 1543 Zeroize() ? "successful as expected"
1544 : Fail("failed INCORRECTLY!") );
1545
4420b3b1
DSH		 1546 printf("11. Complete DRBG health check...\n");
1547 printf("\t%s\n", FIPS_selftest_drbg_all() ? "successful as expected"
1548 : Fail("failed INCORRECTLY!") );
1549
1550 printf("12. DRBG generation check...\n");
8a794abd
DSH		 1551 if (no_drbg)
1552 printf("\tskipped\n");
1553 else
1554 printf("\t%s\n", do_drbg_all() ? "successful as expected"
a11f06b2
DSH		 1555 : Fail("failed INCORRECTLY!") );
1556
8a794abd
DSH		 1557 printf("13. Induced test failure check...\n");
1558 printf("\t%s\n", do_fail_all(fullpost, fullerr) ? "successful as expected"
1559 : Fail("failed INCORRECTLY!") );
2b4b28dc
DSH		 1560 printf("\nAll tests completed with %d errors\n", Error);
1561 return Error ? 1 : 0;
1562 }
1563
1564#endif
A mirror of the official openssl repository