]>
Commit | Line | Data |
---|---|---|
2b4b28dc DSH |
1 | /* ==================================================================== |
2 | * Copyright (c) 2003 The OpenSSL Project. All rights reserved. | |
3 | * | |
4 | * | |
5 | * This command is intended as a test driver for the FIPS-140 testing | |
6 | * lab performing FIPS-140 validation. It demonstrates the use of the | |
7 | * OpenSSL library ito perform a variety of common cryptographic | |
8 | * functions. A power-up self test is demonstrated by deliberately | |
9 | * pointing to an invalid executable hash | |
10 | * | |
11 | * Contributed by Steve Marquess. | |
12 | * | |
13 | */ | |
14 | ||
7c8ced94 | 15 | #define OPENSSL_FIPSAPI |
2b4b28dc DSH |
16 | |
17 | #include <stdio.h> | |
18 | #include <assert.h> | |
19 | #include <ctype.h> | |
20 | #include <string.h> | |
21 | #include <stdlib.h> | |
22 | #include <openssl/evp.h> | |
23 | #include <openssl/hmac.h> | |
37942b93 | 24 | #include <openssl/cmac.h> |
2b4b28dc DSH |
25 | #include <openssl/sha.h> |
26 | #include <openssl/err.h> | |
27 | ||
28 | #include <openssl/bn.h> | |
29 | #include <openssl/rand.h> | |
30 | ||
31 | #ifndef OPENSSL_FIPS | |
32 | int main(int argc, char *argv[]) | |
33 | { | |
34 | printf("No FIPS support\n"); | |
35 | return(0); | |
36 | } | |
37 | #else | |
38 | ||
39 | #define ERR_clear_error() while(0) | |
40 | ||
41 | #include <openssl/rsa.h> | |
42 | #include <openssl/dsa.h> | |
43 | #include <openssl/dh.h> | |
44 | ||
45 | #include <openssl/fips.h> | |
4420b3b1 | 46 | #include <openssl/fips_rand.h> |
2b4b28dc DSH |
47 | #include "fips_utl.h" |
48 | ||
49 | /* AES: encrypt and decrypt known plaintext, verify result matches original plaintext | |
50 | */ | |
51 | static int FIPS_aes_test(void) | |
52 | { | |
53 | int ret = 0; | |
54 | unsigned char pltmp[16]; | |
55 | unsigned char citmp[16]; | |
56 | unsigned char key[16] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16}; | |
57 | unsigned char plaintext[16] = "etaonrishdlcu"; | |
58 | EVP_CIPHER_CTX ctx; | |
e47af46c DSH |
59 | FIPS_cipher_ctx_init(&ctx); |
60 | if (FIPS_cipherinit(&ctx, EVP_aes_128_ecb(), key, NULL, 1) <= 0) | |
2b4b28dc | 61 | goto err; |
e47af46c DSH |
62 | FIPS_cipher(&ctx, citmp, plaintext, 16); |
63 | if (FIPS_cipherinit(&ctx, EVP_aes_128_ecb(), key, NULL, 0) <= 0) | |
2b4b28dc | 64 | goto err; |
e47af46c | 65 | FIPS_cipher(&ctx, pltmp, citmp, 16); |
2b4b28dc DSH |
66 | if (memcmp(pltmp, plaintext, 16)) |
67 | goto err; | |
68 | ret = 1; | |
69 | err: | |
e47af46c | 70 | FIPS_cipher_ctx_cleanup(&ctx); |
2b4b28dc DSH |
71 | return ret; |
72 | } | |
73 | ||
acf254f8 DSH |
74 | static int FIPS_aes_gcm_test(void) |
75 | { | |
76 | int ret = 0; | |
77 | unsigned char pltmp[16]; | |
78 | unsigned char citmp[16]; | |
79 | unsigned char tagtmp[16]; | |
80 | unsigned char key[16] = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16}; | |
81 | unsigned char iv[16] = {21,22,23,24,25,26,27,28,29,30,31,32}; | |
82 | unsigned char aad[] = "Some text AAD"; | |
83 | unsigned char plaintext[16] = "etaonrishdlcu"; | |
84 | EVP_CIPHER_CTX ctx; | |
85 | FIPS_cipher_ctx_init(&ctx); | |
86 | if (FIPS_cipherinit(&ctx, EVP_aes_128_gcm(), key, iv, 1) <= 0) | |
87 | goto err; | |
88 | FIPS_cipher(&ctx, NULL, aad, sizeof(aad)); | |
89 | FIPS_cipher(&ctx, citmp, plaintext, 16); | |
90 | FIPS_cipher(&ctx, NULL, NULL, 0); | |
91 | if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, 16, tagtmp)) | |
92 | goto err; | |
93 | ||
94 | if (FIPS_cipherinit(&ctx, EVP_aes_128_gcm(), key, iv, 0) <= 0) | |
95 | goto err; | |
96 | if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tagtmp)) | |
97 | goto err; | |
98 | ||
99 | FIPS_cipher(&ctx, NULL, aad, sizeof(aad)); | |
100 | ||
101 | FIPS_cipher(&ctx, pltmp, citmp, 16); | |
102 | ||
103 | if (FIPS_cipher(&ctx, NULL, NULL, 0) < 0) | |
104 | goto err; | |
105 | ||
106 | if (memcmp(pltmp, plaintext, 16)) | |
107 | goto err; | |
108 | ||
109 | ret = 1; | |
110 | err: | |
111 | FIPS_cipher_ctx_cleanup(&ctx); | |
112 | return ret; | |
113 | } | |
114 | ||
2b4b28dc DSH |
115 | static int FIPS_des3_test(void) |
116 | { | |
117 | int ret = 0; | |
118 | unsigned char pltmp[8]; | |
119 | unsigned char citmp[8]; | |
120 | unsigned char key[] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18, | |
121 | 19,20,21,22,23,24}; | |
122 | unsigned char plaintext[] = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' }; | |
123 | EVP_CIPHER_CTX ctx; | |
e47af46c DSH |
124 | FIPS_cipher_ctx_init(&ctx); |
125 | if (FIPS_cipherinit(&ctx, EVP_des_ede3_ecb(), key, NULL, 1) <= 0) | |
2b4b28dc | 126 | goto err; |
e47af46c DSH |
127 | FIPS_cipher(&ctx, citmp, plaintext, 8); |
128 | if (FIPS_cipherinit(&ctx, EVP_des_ede3_ecb(), key, NULL, 0) <= 0) | |
2b4b28dc | 129 | goto err; |
e47af46c | 130 | FIPS_cipher(&ctx, pltmp, citmp, 8); |
2b4b28dc DSH |
131 | if (memcmp(pltmp, plaintext, 8)) |
132 | goto err; | |
133 | ret = 1; | |
134 | err: | |
e47af46c | 135 | FIPS_cipher_ctx_cleanup(&ctx); |
2b4b28dc DSH |
136 | return ret; |
137 | } | |
138 | ||
139 | /* | |
140 | * DSA: generate keys and sign, verify input plaintext. | |
141 | */ | |
142 | static int FIPS_dsa_test(int bad) | |
143 | { | |
144 | DSA *dsa = NULL; | |
145 | unsigned char dgst[] = "etaonrishdlc"; | |
146 | int r = 0; | |
2b4b28dc DSH |
147 | DSA_SIG *sig = NULL; |
148 | ||
149 | ERR_clear_error(); | |
2b4b28dc DSH |
150 | dsa = FIPS_dsa_new(); |
151 | if (!dsa) | |
152 | goto end; | |
153 | if (!DSA_generate_parameters_ex(dsa, 1024,NULL,0,NULL,NULL,NULL)) | |
154 | goto end; | |
155 | if (!DSA_generate_key(dsa)) | |
156 | goto end; | |
157 | if (bad) | |
158 | BN_add_word(dsa->pub_key, 1); | |
159 | ||
485ef852 | 160 | sig = FIPS_dsa_sign(dsa, dgst, sizeof(dgst) -1, EVP_sha256()); |
2b4b28dc DSH |
161 | if (!sig) |
162 | goto end; | |
163 | ||
485ef852 | 164 | r = FIPS_dsa_verify(dsa, dgst, sizeof(dgst) -1, EVP_sha256(), sig); |
2b4b28dc DSH |
165 | end: |
166 | if (sig) | |
e990b4f8 | 167 | FIPS_dsa_sig_free(sig); |
2b4b28dc DSH |
168 | if (dsa) |
169 | FIPS_dsa_free(dsa); | |
170 | if (r != 1) | |
171 | return 0; | |
172 | return 1; | |
173 | } | |
174 | ||
175 | /* | |
176 | * RSA: generate keys and sign, verify input plaintext. | |
177 | */ | |
178 | static int FIPS_rsa_test(int bad) | |
179 | { | |
180 | RSA *key; | |
181 | unsigned char input_ptext[] = "etaonrishdlc"; | |
182 | unsigned char buf[256]; | |
183 | unsigned int slen; | |
184 | BIGNUM *bn; | |
2b4b28dc DSH |
185 | int r = 0; |
186 | ||
187 | ERR_clear_error(); | |
2b4b28dc DSH |
188 | key = FIPS_rsa_new(); |
189 | bn = BN_new(); | |
190 | if (!key || !bn) | |
191 | return 0; | |
192 | BN_set_word(bn, 65537); | |
c81f8f59 | 193 | if (!RSA_generate_key_ex(key, 2048,bn,NULL)) |
2b4b28dc DSH |
194 | return 0; |
195 | BN_free(bn); | |
196 | if (bad) | |
197 | BN_add_word(key->n, 1); | |
198 | ||
485ef852 DSH |
199 | if (!FIPS_rsa_sign(key, input_ptext, sizeof(input_ptext) - 1, EVP_sha256(), |
200 | RSA_PKCS1_PADDING, 0, NULL, buf, &slen)) | |
2b4b28dc DSH |
201 | goto end; |
202 | ||
485ef852 DSH |
203 | r = FIPS_rsa_verify(key, input_ptext, sizeof(input_ptext) - 1, EVP_sha256(), |
204 | RSA_PKCS1_PADDING, 0, NULL, buf, slen); | |
2b4b28dc | 205 | end: |
2b4b28dc DSH |
206 | if (key) |
207 | FIPS_rsa_free(key); | |
208 | if (r != 1) | |
209 | return 0; | |
210 | return 1; | |
211 | } | |
212 | ||
213 | /* SHA1: generate hash of known digest value and compare to known | |
214 | precomputed correct hash | |
215 | */ | |
216 | static int FIPS_sha1_test() | |
217 | { | |
218 | unsigned char digest[SHA_DIGEST_LENGTH] = | |
219 | { 0x11, 0xf1, 0x9a, 0x3a, 0xec, 0x1a, 0x1e, 0x8e, 0x65, 0xd4, 0x9a, 0x38, 0x0c, 0x8b, 0x1e, 0x2c, 0xe8, 0xb3, 0xc5, 0x18 }; | |
220 | unsigned char str[] = "etaonrishd"; | |
221 | ||
222 | unsigned char md[SHA_DIGEST_LENGTH]; | |
223 | ||
224 | ERR_clear_error(); | |
e47af46c | 225 | if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha1())) return 0; |
2b4b28dc DSH |
226 | if (memcmp(md,digest,sizeof(md))) |
227 | return 0; | |
228 | return 1; | |
229 | } | |
230 | ||
231 | /* SHA256: generate hash of known digest value and compare to known | |
232 | precomputed correct hash | |
233 | */ | |
234 | static int FIPS_sha256_test() | |
235 | { | |
236 | unsigned char digest[SHA256_DIGEST_LENGTH] = | |
237 | {0xf5, 0x53, 0xcd, 0xb8, 0xcf, 0x1, 0xee, 0x17, 0x9b, 0x93, 0xc9, 0x68, 0xc0, 0xea, 0x40, 0x91, | |
238 | 0x6, 0xec, 0x8e, 0x11, 0x96, 0xc8, 0x5d, 0x1c, 0xaf, 0x64, 0x22, 0xe6, 0x50, 0x4f, 0x47, 0x57}; | |
239 | unsigned char str[] = "etaonrishd"; | |
240 | ||
241 | unsigned char md[SHA256_DIGEST_LENGTH]; | |
242 | ||
243 | ERR_clear_error(); | |
e47af46c | 244 | if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha256())) return 0; |
2b4b28dc DSH |
245 | if (memcmp(md,digest,sizeof(md))) |
246 | return 0; | |
247 | return 1; | |
248 | } | |
249 | ||
250 | /* SHA512: generate hash of known digest value and compare to known | |
251 | precomputed correct hash | |
252 | */ | |
253 | static int FIPS_sha512_test() | |
254 | { | |
255 | unsigned char digest[SHA512_DIGEST_LENGTH] = | |
256 | {0x99, 0xc9, 0xe9, 0x5b, 0x88, 0xd4, 0x78, 0x88, 0xdf, 0x88, 0x5f, 0x94, 0x71, 0x64, 0x28, 0xca, | |
257 | 0x16, 0x1f, 0x3d, 0xf4, 0x1f, 0xf3, 0x0f, 0xc5, 0x03, 0x99, 0xb2, 0xd0, 0xe7, 0x0b, 0x94, 0x4a, | |
258 | 0x45, 0xd2, 0x6c, 0x4f, 0x20, 0x06, 0xef, 0x71, 0xa9, 0x25, 0x7f, 0x24, 0xb1, 0xd9, 0x40, 0x22, | |
259 | 0x49, 0x54, 0x10, 0xc2, 0x22, 0x9d, 0x27, 0xfe, 0xbd, 0xd6, 0xd6, 0xeb, 0x2d, 0x42, 0x1d, 0xa3}; | |
260 | unsigned char str[] = "etaonrishd"; | |
261 | ||
262 | unsigned char md[SHA512_DIGEST_LENGTH]; | |
263 | ||
264 | ERR_clear_error(); | |
e47af46c | 265 | if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha512())) return 0; |
2b4b28dc DSH |
266 | if (memcmp(md,digest,sizeof(md))) |
267 | return 0; | |
268 | return 1; | |
269 | } | |
270 | ||
271 | /* HMAC-SHA1: generate hash of known digest value and compare to known | |
272 | precomputed correct hash | |
273 | */ | |
274 | static int FIPS_hmac_sha1_test() | |
275 | { | |
276 | unsigned char key[] = "etaonrishd"; | |
277 | unsigned char iv[] = "Sample text"; | |
278 | unsigned char kaval[EVP_MAX_MD_SIZE] = | |
279 | {0x73, 0xf7, 0xa0, 0x48, 0xf8, 0x94, 0xed, 0xdd, 0x0a, 0xea, 0xea, 0x56, 0x1b, 0x61, 0x2e, 0x70, | |
280 | 0xb2, 0xfb, 0xec, 0xc6}; | |
281 | ||
282 | unsigned char out[EVP_MAX_MD_SIZE]; | |
283 | unsigned int outlen; | |
284 | ||
285 | ERR_clear_error(); | |
286 | if (!HMAC(EVP_sha1(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0; | |
287 | if (memcmp(out,kaval,outlen)) | |
288 | return 0; | |
289 | return 1; | |
290 | } | |
291 | ||
292 | /* HMAC-SHA224: generate hash of known digest value and compare to known | |
293 | precomputed correct hash | |
294 | */ | |
295 | static int FIPS_hmac_sha224_test() | |
296 | { | |
297 | unsigned char key[] = "etaonrishd"; | |
298 | unsigned char iv[] = "Sample text"; | |
299 | unsigned char kaval[EVP_MAX_MD_SIZE] = | |
300 | {0x75, 0x58, 0xd5, 0xbd, 0x55, 0x6d, 0x87, 0x0f, 0x75, 0xff, 0xbe, 0x1c, 0xb2, 0xf0, 0x20, 0x35, | |
301 | 0xe5, 0x62, 0x49, 0xb6, 0x94, 0xb9, 0xfc, 0x65, 0x34, 0x33, 0x3a, 0x19}; | |
302 | ||
303 | unsigned char out[EVP_MAX_MD_SIZE]; | |
304 | unsigned int outlen; | |
305 | ||
306 | ERR_clear_error(); | |
307 | if (!HMAC(EVP_sha224(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0; | |
308 | if (memcmp(out,kaval,outlen)) | |
309 | return 0; | |
310 | return 1; | |
311 | } | |
312 | ||
313 | /* HMAC-SHA256: generate hash of known digest value and compare to known | |
314 | precomputed correct hash | |
315 | */ | |
316 | static int FIPS_hmac_sha256_test() | |
317 | { | |
318 | unsigned char key[] = "etaonrishd"; | |
319 | unsigned char iv[] = "Sample text"; | |
320 | unsigned char kaval[EVP_MAX_MD_SIZE] = | |
321 | {0xe9, 0x17, 0xc1, 0x7b, 0x4c, 0x6b, 0x77, 0xda, 0xd2, 0x30, 0x36, 0x02, 0xf5, 0x72, 0x33, 0x87, | |
322 | 0x9f, 0xc6, 0x6e, 0x7b, 0x7e, 0xa8, 0xea, 0xaa, 0x9f, 0xba, 0xee, 0x51, 0xff, 0xda, 0x24, 0xf4}; | |
323 | ||
324 | unsigned char out[EVP_MAX_MD_SIZE]; | |
325 | unsigned int outlen; | |
326 | ||
327 | ERR_clear_error(); | |
328 | if (!HMAC(EVP_sha256(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0; | |
329 | if (memcmp(out,kaval,outlen)) | |
330 | return 0; | |
331 | return 1; | |
332 | } | |
333 | ||
334 | /* HMAC-SHA384: generate hash of known digest value and compare to known | |
335 | precomputed correct hash | |
336 | */ | |
337 | static int FIPS_hmac_sha384_test() | |
338 | { | |
339 | unsigned char key[] = "etaonrishd"; | |
340 | unsigned char iv[] = "Sample text"; | |
341 | unsigned char kaval[EVP_MAX_MD_SIZE] = | |
342 | {0xb2, 0x9d, 0x40, 0x58, 0x32, 0xc4, 0xe3, 0x31, 0xb6, 0x63, 0x08, 0x26, 0x99, 0xef, 0x3b, 0x10, | |
343 | 0xe2, 0xdf, 0xf8, 0xff, 0xc6, 0xe1, 0x03, 0x29, 0x81, 0x2a, 0x1b, 0xac, 0xb0, 0x07, 0x39, 0x08, | |
344 | 0xf3, 0x91, 0x35, 0x11, 0x76, 0xd6, 0x4c, 0x20, 0xfb, 0x4d, 0xc3, 0xf3, 0xb8, 0x9b, 0x88, 0x1c}; | |
345 | ||
346 | unsigned char out[EVP_MAX_MD_SIZE]; | |
347 | unsigned int outlen; | |
348 | ||
349 | ERR_clear_error(); | |
350 | if (!HMAC(EVP_sha384(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0; | |
351 | if (memcmp(out,kaval,outlen)) | |
352 | return 0; | |
353 | return 1; | |
354 | } | |
355 | ||
356 | /* HMAC-SHA512: generate hash of known digest value and compare to known | |
357 | precomputed correct hash | |
358 | */ | |
359 | static int FIPS_hmac_sha512_test() | |
360 | { | |
361 | unsigned char key[] = "etaonrishd"; | |
362 | unsigned char iv[] = "Sample text"; | |
363 | unsigned char kaval[EVP_MAX_MD_SIZE] = | |
364 | {0xcd, 0x3e, 0xb9, 0x51, 0xb8, 0xbc, 0x7f, 0x9a, 0x23, 0xaf, 0xf3, 0x77, 0x59, 0x85, 0xa9, 0xe6, | |
365 | 0xf7, 0xd1, 0x51, 0x96, 0x17, 0xe0, 0x92, 0xd8, 0xa6, 0x3b, 0xc1, 0xad, 0x7e, 0x24, 0xca, 0xb1, | |
366 | 0xd7, 0x79, 0x0a, 0xa5, 0xea, 0x2c, 0x02, 0x58, 0x0b, 0xa6, 0x52, 0x6b, 0x61, 0x7f, 0xeb, 0x9c, | |
367 | 0x47, 0x86, 0x5d, 0x74, 0x2b, 0x88, 0xdf, 0xee, 0x46, 0x69, 0x96, 0x3d, 0xa6, 0xd9, 0x2a, 0x53}; | |
368 | ||
369 | unsigned char out[EVP_MAX_MD_SIZE]; | |
370 | unsigned int outlen; | |
371 | ||
372 | ERR_clear_error(); | |
373 | if (!HMAC(EVP_sha512(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0; | |
374 | if (memcmp(out,kaval,outlen)) | |
375 | return 0; | |
376 | return 1; | |
377 | } | |
378 | ||
37942b93 RL |
379 | /* CMAC-AES128: generate hash of known digest value and compare to known |
380 | precomputed correct hash | |
381 | */ | |
382 | static int FIPS_cmac_aes128_test() | |
383 | { | |
384 | unsigned char key[16] = { 0x2b,0x7e,0x15,0x16, 0x28,0xae,0xd2,0xa6, | |
385 | 0xab,0xf7,0x15,0x88, 0x09,0xcf,0x4f,0x3c, }; | |
386 | unsigned char data[] = "Sample text"; | |
387 | unsigned char kaval[EVP_MAX_MD_SIZE] = | |
388 | { 0x16,0x83,0xfe,0xac, 0x52,0x9b,0xae,0x23, | |
389 | 0xd7,0xd5,0x66,0xf5, 0xd2,0x8d,0xbd,0x2a, }; | |
390 | ||
391 | unsigned char *out = NULL; | |
bb61a6c8 | 392 | size_t outlen; |
37942b93 RL |
393 | CMAC_CTX *ctx = CMAC_CTX_new(); |
394 | int r = 0; | |
395 | ||
396 | ERR_clear_error(); | |
397 | ||
398 | if (!ctx) | |
399 | goto end; | |
400 | if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_128_cbc(),NULL)) | |
401 | goto end; | |
402 | if (!CMAC_Update(ctx,data,sizeof(data)-1)) | |
403 | goto end; | |
404 | /* This should return 1. If not, there's a programming error... */ | |
405 | if (!CMAC_Final(ctx, out, &outlen)) | |
406 | goto end; | |
407 | out = OPENSSL_malloc(outlen); | |
408 | if (!CMAC_Final(ctx, out, &outlen)) | |
409 | goto end; | |
410 | #if 0 | |
411 | { | |
412 | char *hexout = OPENSSL_malloc(outlen * 2 + 1); | |
413 | bin2hex(out, outlen, hexout); | |
414 | printf("CMAC-AES128: res = %s\n", hexout); | |
415 | OPENSSL_free(hexout); | |
416 | } | |
417 | r = 1; | |
418 | #else | |
419 | if (!memcmp(out,kaval,outlen)) | |
420 | r = 1; | |
421 | #endif | |
422 | end: | |
423 | CMAC_CTX_free(ctx); | |
424 | if (out) | |
425 | OPENSSL_free(out); | |
426 | return r; | |
427 | } | |
428 | ||
429 | /* CMAC-AES192: generate hash of known digest value and compare to known | |
430 | precomputed correct hash | |
431 | */ | |
432 | static int FIPS_cmac_aes192_test() | |
433 | { | |
434 | unsigned char key[] = { 0x8e,0x73,0xb0,0xf7, 0xda,0x0e,0x64,0x52, | |
435 | 0xc8,0x10,0xf3,0x2b, 0x80,0x90,0x79,0xe5, | |
436 | 0x62,0xf8,0xea,0xd2, 0x52,0x2c,0x6b,0x7b, }; | |
437 | unsigned char data[] = "Sample text"; | |
438 | unsigned char kaval[] = | |
439 | { 0xd6,0x99,0x19,0x25, 0xe5,0x1d,0x95,0x48, | |
440 | 0xb1,0x4a,0x0b,0xf2, 0xc6,0x3c,0x47,0x1f, }; | |
441 | ||
442 | unsigned char *out = NULL; | |
bb61a6c8 | 443 | size_t outlen; |
37942b93 RL |
444 | CMAC_CTX *ctx = CMAC_CTX_new(); |
445 | int r = 0; | |
446 | ||
447 | ERR_clear_error(); | |
448 | ||
449 | if (!ctx) | |
450 | goto end; | |
451 | if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_192_cbc(),NULL)) | |
452 | goto end; | |
453 | if (!CMAC_Update(ctx,data,sizeof(data)-1)) | |
454 | goto end; | |
455 | /* This should return 1. If not, there's a programming error... */ | |
456 | if (!CMAC_Final(ctx, out, &outlen)) | |
457 | goto end; | |
458 | out = OPENSSL_malloc(outlen); | |
459 | if (!CMAC_Final(ctx, out, &outlen)) | |
460 | goto end; | |
461 | #if 0 | |
462 | { | |
463 | char *hexout = OPENSSL_malloc(outlen * 2 + 1); | |
464 | bin2hex(out, outlen, hexout); | |
465 | printf("CMAC-AES192: res = %s\n", hexout); | |
466 | OPENSSL_free(hexout); | |
467 | } | |
468 | r = 1; | |
469 | #else | |
470 | if (!memcmp(out,kaval,outlen)) | |
471 | r = 1; | |
472 | #endif | |
473 | end: | |
474 | CMAC_CTX_free(ctx); | |
475 | if (out) | |
476 | OPENSSL_free(out); | |
477 | return r; | |
478 | } | |
479 | ||
480 | /* CMAC-AES256: generate hash of known digest value and compare to known | |
481 | precomputed correct hash | |
482 | */ | |
483 | static int FIPS_cmac_aes256_test() | |
484 | { | |
485 | unsigned char key[] = { 0x60,0x3d,0xeb,0x10, 0x15,0xca,0x71,0xbe, | |
486 | 0x2b,0x73,0xae,0xf0, 0x85,0x7d,0x77,0x81, | |
487 | 0x1f,0x35,0x2c,0x07, 0x3b,0x61,0x08,0xd7, | |
488 | 0x2d,0x98,0x10,0xa3, 0x09,0x14,0xdf,0xf4, }; | |
489 | unsigned char data[] = "Sample text"; | |
490 | unsigned char kaval[] = | |
491 | { 0xec,0xc2,0xcf,0x63, 0xc7,0xce,0xfc,0xa4, | |
492 | 0xb0,0x86,0x37,0x5f, 0x15,0x60,0xba,0x1f, }; | |
493 | ||
494 | unsigned char *out = NULL; | |
bb61a6c8 | 495 | size_t outlen; |
37942b93 RL |
496 | CMAC_CTX *ctx = CMAC_CTX_new(); |
497 | int r = 0; | |
498 | ||
499 | ERR_clear_error(); | |
500 | ||
501 | if (!ctx) | |
502 | goto end; | |
503 | if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_256_cbc(),NULL)) | |
504 | goto end; | |
505 | if (!CMAC_Update(ctx,data,sizeof(data)-1)) | |
506 | goto end; | |
507 | /* This should return 1. If not, there's a programming error... */ | |
508 | if (!CMAC_Final(ctx, out, &outlen)) | |
509 | goto end; | |
510 | out = OPENSSL_malloc(outlen); | |
511 | if (!CMAC_Final(ctx, out, &outlen)) | |
512 | goto end; | |
513 | #if 0 | |
514 | { | |
515 | char *hexout = OPENSSL_malloc(outlen * 2 + 1); | |
516 | bin2hex(out, outlen, hexout); | |
517 | printf("CMAC-AES256: res = %s\n", hexout); | |
518 | OPENSSL_free(hexout); | |
519 | } | |
520 | r = 1; | |
521 | #else | |
522 | if (!memcmp(out,kaval,outlen)) | |
523 | r = 1; | |
524 | #endif | |
525 | end: | |
526 | CMAC_CTX_free(ctx); | |
527 | if (out) | |
528 | OPENSSL_free(out); | |
529 | return r; | |
530 | } | |
531 | ||
37942b93 RL |
532 | /* CMAC-TDEA3: generate hash of known digest value and compare to known |
533 | precomputed correct hash | |
534 | */ | |
535 | static int FIPS_cmac_tdea3_test() | |
536 | { | |
537 | unsigned char key[] = { 0x8a,0xa8,0x3b,0xf8, 0xcb,0xda,0x10,0x62, | |
538 | 0x0b,0xc1,0xbf,0x19, 0xfb,0xb6,0xcd,0x58, | |
539 | 0xbc,0x31,0x3d,0x4a, 0x37,0x1c,0xa8,0xb5, }; | |
540 | unsigned char data[] = "Sample text"; | |
541 | unsigned char kaval[EVP_MAX_MD_SIZE] = | |
542 | { 0xb4,0x06,0x4e,0xbf, 0x59,0x89,0xba,0x68, }; | |
543 | ||
544 | unsigned char *out = NULL; | |
bb61a6c8 | 545 | size_t outlen; |
37942b93 RL |
546 | CMAC_CTX *ctx = CMAC_CTX_new(); |
547 | int r = 0; | |
548 | ||
549 | ERR_clear_error(); | |
550 | ||
551 | if (!ctx) | |
552 | goto end; | |
553 | if (!CMAC_Init(ctx,key,sizeof(key),EVP_des_ede3_cbc(),NULL)) | |
554 | goto end; | |
555 | if (!CMAC_Update(ctx,data,sizeof(data)-1)) | |
556 | goto end; | |
557 | /* This should return 1. If not, there's a programming error... */ | |
558 | if (!CMAC_Final(ctx, out, &outlen)) | |
559 | goto end; | |
560 | out = OPENSSL_malloc(outlen); | |
561 | if (!CMAC_Final(ctx, out, &outlen)) | |
562 | goto end; | |
563 | #if 0 | |
564 | { | |
565 | char *hexout = OPENSSL_malloc(outlen * 2 + 1); | |
566 | bin2hex(out, outlen, hexout); | |
567 | printf("CMAC-TDEA3: res = %s\n", hexout); | |
568 | OPENSSL_free(hexout); | |
569 | } | |
570 | r = 1; | |
571 | #else | |
572 | if (!memcmp(out,kaval,outlen)) | |
573 | r = 1; | |
574 | #endif | |
575 | end: | |
576 | CMAC_CTX_free(ctx); | |
577 | if (out) | |
578 | OPENSSL_free(out); | |
579 | return r; | |
580 | } | |
581 | ||
2b4b28dc DSH |
582 | |
583 | /* DH: generate shared parameters | |
584 | */ | |
585 | static int dh_test() | |
586 | { | |
587 | DH *dh; | |
588 | ERR_clear_error(); | |
589 | dh = FIPS_dh_new(); | |
590 | if (!dh) | |
591 | return 0; | |
592 | if (!DH_generate_parameters_ex(dh, 1024, 2, NULL)) | |
593 | return 0; | |
594 | FIPS_dh_free(dh); | |
595 | return 1; | |
596 | } | |
597 | ||
598 | /* Zeroize | |
599 | */ | |
600 | static int Zeroize() | |
601 | { | |
602 | RSA *key; | |
603 | BIGNUM *bn; | |
604 | unsigned char userkey[16] = | |
605 | { 0x48, 0x50, 0xf0, 0xa3, 0x3a, 0xed, 0xd3, 0xaf, 0x6e, 0x47, 0x7f, 0x83, 0x02, 0xb1, 0x09, 0x68 }; | |
606 | size_t i; | |
607 | int n; | |
608 | ||
609 | key = FIPS_rsa_new(); | |
610 | bn = BN_new(); | |
611 | if (!key || !bn) | |
612 | return 0; | |
613 | BN_set_word(bn, 65537); | |
614 | if (!RSA_generate_key_ex(key, 1024,bn,NULL)) | |
615 | return 0; | |
616 | BN_free(bn); | |
617 | ||
618 | n = BN_num_bytes(key->d); | |
619 | printf(" Generated %d byte RSA private key\n", n); | |
620 | printf("\tBN key before overwriting:\n"); | |
621 | do_bn_print(stdout, key->d); | |
622 | BN_rand(key->d,n*8,-1,0); | |
623 | printf("\tBN key after overwriting:\n"); | |
624 | do_bn_print(stdout, key->d); | |
625 | ||
626 | printf("\tchar buffer key before overwriting: \n\t\t"); | |
627 | for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]); | |
628 | printf("\n"); | |
629 | RAND_bytes(userkey, sizeof userkey); | |
630 | printf("\tchar buffer key after overwriting: \n\t\t"); | |
631 | for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]); | |
632 | printf("\n"); | |
633 | ||
b7de76b7 DSH |
634 | FIPS_rsa_free(key); |
635 | ||
2b4b28dc DSH |
636 | return 1; |
637 | } | |
638 | ||
4420b3b1 DSH |
639 | /* Dummy Entropy for DRBG tests. WARNING: THIS IS TOTALLY BOGUS |
640 | * HAS ZERO SECURITY AND MUST NOT BE USED IN REAL APPLICATIONS. | |
641 | */ | |
642 | ||
643 | static unsigned char dummy_drbg_entropy[1024]; | |
644 | ||
645 | static size_t drbg_test_cb(DRBG_CTX *ctx, unsigned char **pout, | |
646 | int entropy, size_t min_len, size_t max_len) | |
647 | { | |
648 | *pout = dummy_drbg_entropy; | |
649 | /* Round up to multiple of block size */ | |
650 | return (min_len + 0xf) & ~0xf; | |
651 | } | |
652 | ||
476e7e49 DSH |
653 | /* Callback which returns 0 to indicate entropy source failure */ |
654 | static size_t drbg_fail_cb(DRBG_CTX *ctx, unsigned char **pout, | |
655 | int entropy, size_t min_len, size_t max_len) | |
656 | { | |
657 | return 0; | |
658 | } | |
659 | ||
4420b3b1 DSH |
660 | /* DRBG test: just generate lots of data and trigger health checks */ |
661 | ||
662 | static int do_drbg_test(int type, int flags) | |
663 | { | |
664 | DRBG_CTX *dctx; | |
665 | int rv = 0; | |
666 | size_t i; | |
667 | unsigned char randout[1024]; | |
668 | dctx = FIPS_drbg_new(type, flags); | |
669 | if (!dctx) | |
670 | return 0; | |
671 | FIPS_drbg_set_callbacks(dctx, drbg_test_cb, 0, 0x10, drbg_test_cb, 0); | |
672 | for (i = 0; i < sizeof(dummy_drbg_entropy); i++) | |
673 | { | |
674 | dummy_drbg_entropy[i] = i & 0xff; | |
675 | } | |
676 | if (!FIPS_drbg_instantiate(dctx, dummy_drbg_entropy, 10)) | |
677 | goto err; | |
678 | FIPS_drbg_set_check_interval(dctx, 10); | |
679 | for (i = 0; i < 32; i++) | |
680 | { | |
681 | if (!FIPS_drbg_generate(dctx, randout, sizeof(randout), 0, NULL, 0)) | |
682 | goto err; | |
683 | if (!FIPS_drbg_generate(dctx, randout, sizeof(randout), 0, dummy_drbg_entropy, 1)) | |
684 | goto err; | |
685 | } | |
686 | rv = 1; | |
687 | err: | |
b7de76b7 | 688 | FIPS_drbg_free(dctx); |
4420b3b1 DSH |
689 | return rv; |
690 | } | |
691 | ||
692 | typedef struct | |
693 | { | |
694 | int type, flags; | |
695 | } DRBG_LIST; | |
696 | ||
697 | static int do_drbg_all(void) | |
698 | { | |
699 | static DRBG_LIST drbg_types[] = | |
700 | { | |
701 | {NID_sha1, 0}, | |
702 | {NID_sha224, 0}, | |
703 | {NID_sha256, 0}, | |
704 | {NID_sha384, 0}, | |
705 | {NID_sha512, 0}, | |
706 | {NID_hmacWithSHA1, 0}, | |
707 | {NID_hmacWithSHA224, 0}, | |
708 | {NID_hmacWithSHA256, 0}, | |
709 | {NID_hmacWithSHA384, 0}, | |
710 | {NID_hmacWithSHA512, 0}, | |
711 | {NID_aes_128_ctr, 0}, | |
712 | {NID_aes_192_ctr, 0}, | |
713 | {NID_aes_256_ctr, 0}, | |
714 | {NID_aes_128_ctr, DRBG_FLAG_CTR_USE_DF}, | |
715 | {NID_aes_192_ctr, DRBG_FLAG_CTR_USE_DF}, | |
716 | {NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF}, | |
717 | {(NID_X9_62_prime256v1 << 16)|NID_sha1, 0}, | |
718 | {(NID_X9_62_prime256v1 << 16)|NID_sha224, 0}, | |
719 | {(NID_X9_62_prime256v1 << 16)|NID_sha256, 0}, | |
720 | {(NID_X9_62_prime256v1 << 16)|NID_sha384, 0}, | |
721 | {(NID_X9_62_prime256v1 << 16)|NID_sha512, 0}, | |
722 | {(NID_secp384r1 << 16)|NID_sha224, 0}, | |
723 | {(NID_secp384r1 << 16)|NID_sha256, 0}, | |
724 | {(NID_secp384r1 << 16)|NID_sha384, 0}, | |
725 | {(NID_secp384r1 << 16)|NID_sha512, 0}, | |
726 | {(NID_secp521r1 << 16)|NID_sha256, 0}, | |
727 | {(NID_secp521r1 << 16)|NID_sha384, 0}, | |
728 | {(NID_secp521r1 << 16)|NID_sha512, 0}, | |
729 | {0, 0} | |
730 | }; | |
731 | DRBG_LIST *lst; | |
732 | int rv = 1; | |
733 | for (lst = drbg_types;; lst++) | |
734 | { | |
735 | if (lst->type == 0) | |
736 | break; | |
737 | if (!do_drbg_test(lst->type, lst->flags)) | |
738 | rv = 0; | |
739 | } | |
740 | return rv; | |
741 | } | |
742 | ||
2b4b28dc DSH |
743 | static int Error; |
744 | static const char * Fail(const char *msg) | |
745 | { | |
746 | Error++; | |
747 | return msg; | |
748 | } | |
749 | ||
750 | static void test_msg(const char *msg, int result) | |
751 | { | |
752 | printf("%s...%s\n", msg, result ? "successful" : Fail("Failed!")); | |
753 | } | |
754 | ||
9338f290 | 755 | /* Table of IDs for POST translating between NIDs and names */ |
ac892b7a | 756 | |
9338f290 | 757 | typedef struct |
ac892b7a | 758 | { |
9338f290 DSH |
759 | int id; |
760 | const char *name; | |
761 | } POST_ID; | |
762 | ||
763 | POST_ID id_list[] = { | |
764 | {NID_sha1, "SHA1"}, | |
765 | {NID_sha224, "SHA224"}, | |
766 | {NID_sha256, "SHA256"}, | |
767 | {NID_sha384, "SHA384"}, | |
768 | {NID_sha512, "SHA512"}, | |
20f12e63 DSH |
769 | {NID_hmacWithSHA1, "HMAC-SHA1"}, |
770 | {NID_hmacWithSHA224, "HMAC-SHA224"}, | |
771 | {NID_hmacWithSHA256, "HMAC-SHA256"}, | |
772 | {NID_hmacWithSHA384, "HMAC-SHA384"}, | |
773 | {NID_hmacWithSHA512, "HMAC-SHA512"}, | |
9338f290 DSH |
774 | {EVP_PKEY_RSA, "RSA"}, |
775 | {EVP_PKEY_DSA, "DSA"}, | |
776 | {EVP_PKEY_EC, "ECDSA"}, | |
8f331999 DSH |
777 | {NID_aes_128_cbc, "AES-128-CBC"}, |
778 | {NID_aes_192_cbc, "AES-192-CBC"}, | |
779 | {NID_aes_256_cbc, "AES-256-CBC"}, | |
76089788 DSH |
780 | {NID_aes_128_ctr, "AES-128-CTR"}, |
781 | {NID_aes_192_ctr, "AES-192-CTR"}, | |
782 | {NID_aes_256_ctr, "AES-256-CTR"}, | |
9338f290 | 783 | {NID_aes_128_ecb, "AES-128-ECB"}, |
bf8131f7 DSH |
784 | {NID_aes_128_xts, "AES-128-XTS"}, |
785 | {NID_aes_256_xts, "AES-256-XTS"}, | |
8f331999 | 786 | {NID_des_ede3_cbc, "DES-EDE3-CBC"}, |
9338f290 | 787 | {NID_des_ede3_ecb, "DES-EDE3-ECB"}, |
2bfeb7dc DSH |
788 | {NID_secp224r1, "P-224"}, |
789 | {NID_sect233r1, "B-233"}, | |
59365214 | 790 | {NID_sect233k1, "K-233"}, |
7fdcb457 DSH |
791 | {NID_X9_62_prime256v1, "P-256"}, |
792 | {NID_secp384r1, "P-384"}, | |
793 | {NID_secp521r1, "P-521"}, | |
9338f290 DSH |
794 | {0, NULL} |
795 | }; | |
796 | ||
797 | static const char *lookup_id(int id) | |
798 | { | |
799 | POST_ID *n; | |
800 | static char out[40]; | |
801 | for (n = id_list; n->name; n++) | |
ac892b7a | 802 | { |
9338f290 DSH |
803 | if (n->id == id) |
804 | return n->name; | |
ac892b7a | 805 | } |
8f331999 | 806 | sprintf(out, "ID=%d", id); |
9338f290 | 807 | return out; |
ac892b7a DSH |
808 | } |
809 | ||
810 | static int fail_id = -1; | |
811 | static int fail_sub = -1; | |
812 | static int fail_key = -1; | |
b1adc971 DSH |
813 | static int sub_num = -1, sub_count = -1; |
814 | static int sub_fail_num = -1; | |
ac892b7a | 815 | |
8a794abd DSH |
816 | static int st_err, post_quiet = 0; |
817 | ||
ac892b7a DSH |
818 | static int post_cb(int op, int id, int subid, void *ex) |
819 | { | |
820 | const char *idstr, *exstr = ""; | |
b1adc971 | 821 | char asctmp[20], teststr[80]; |
ac892b7a | 822 | int keytype = -1; |
8a794abd | 823 | int exp_fail = 0; |
fc98a437 DSH |
824 | #ifdef FIPS_POST_TIME |
825 | static struct timespec start, end, tstart, tend; | |
826 | #endif | |
ac892b7a DSH |
827 | switch(id) |
828 | { | |
829 | case FIPS_TEST_INTEGRITY: | |
830 | idstr = "Integrity"; | |
831 | break; | |
832 | ||
833 | case FIPS_TEST_DIGEST: | |
834 | idstr = "Digest"; | |
9338f290 | 835 | exstr = lookup_id(subid); |
ac892b7a DSH |
836 | break; |
837 | ||
838 | case FIPS_TEST_CIPHER: | |
9338f290 | 839 | exstr = lookup_id(subid); |
ac892b7a DSH |
840 | idstr = "Cipher"; |
841 | break; | |
842 | ||
843 | case FIPS_TEST_SIGNATURE: | |
844 | if (ex) | |
845 | { | |
846 | EVP_PKEY *pkey = ex; | |
847 | keytype = pkey->type; | |
59365214 DSH |
848 | if (keytype == EVP_PKEY_EC) |
849 | { | |
850 | const EC_GROUP *grp; | |
851 | int cnid; | |
852 | grp = EC_KEY_get0_group(pkey->pkey.ec); | |
853 | cnid = EC_GROUP_get_curve_name(grp); | |
854 | sprintf(asctmp, "ECDSA %s", lookup_id(cnid)); | |
855 | exstr = asctmp; | |
856 | } | |
857 | else | |
858 | exstr = lookup_id(keytype); | |
ac892b7a DSH |
859 | } |
860 | idstr = "Signature"; | |
861 | break; | |
862 | ||
863 | case FIPS_TEST_HMAC: | |
9338f290 | 864 | exstr = lookup_id(subid); |
ac892b7a DSH |
865 | idstr = "HMAC"; |
866 | break; | |
867 | ||
868 | case FIPS_TEST_CMAC: | |
8038511c | 869 | idstr = "CMAC"; |
8f331999 | 870 | exstr = lookup_id(subid); |
ac892b7a DSH |
871 | break; |
872 | ||
873 | case FIPS_TEST_GCM: | |
9338f290 | 874 | idstr = "GCM"; |
ac892b7a DSH |
875 | break; |
876 | ||
bf8131f7 DSH |
877 | case FIPS_TEST_XTS: |
878 | idstr = "XTS"; | |
879 | exstr = lookup_id(subid); | |
ac892b7a DSH |
880 | break; |
881 | ||
bf8131f7 DSH |
882 | case FIPS_TEST_CCM: |
883 | idstr = "CCM"; | |
ac892b7a DSH |
884 | break; |
885 | ||
886 | case FIPS_TEST_X931: | |
887 | idstr = "X9.31 PRNG"; | |
706735ae DSH |
888 | sprintf(asctmp, "keylen=%d", subid); |
889 | exstr = asctmp; | |
ac892b7a DSH |
890 | break; |
891 | ||
892 | case FIPS_TEST_DRBG: | |
893 | idstr = "DRBG"; | |
76089788 DSH |
894 | if (*(int *)ex & DRBG_FLAG_CTR_USE_DF) |
895 | { | |
896 | sprintf(asctmp, "%s DF", lookup_id(subid)); | |
897 | exstr = asctmp; | |
898 | } | |
7fdcb457 DSH |
899 | else if (subid >> 16) |
900 | { | |
901 | sprintf(asctmp, "%s %s", | |
902 | lookup_id(subid >> 16), | |
903 | lookup_id(subid & 0xFFFF)); | |
904 | exstr = asctmp; | |
905 | } | |
76089788 DSH |
906 | else |
907 | exstr = lookup_id(subid); | |
ac892b7a DSH |
908 | break; |
909 | ||
910 | case FIPS_TEST_PAIRWISE: | |
911 | if (ex) | |
912 | { | |
913 | EVP_PKEY *pkey = ex; | |
914 | keytype = pkey->type; | |
9338f290 | 915 | exstr = lookup_id(keytype); |
ac892b7a DSH |
916 | } |
917 | idstr = "Pairwise Consistency"; | |
918 | break; | |
919 | ||
920 | case FIPS_TEST_CONTINUOUS: | |
921 | idstr = "Continuous PRNG"; | |
922 | break; | |
923 | ||
2bfeb7dc DSH |
924 | case FIPS_TEST_ECDH: |
925 | idstr = "ECDH"; | |
926 | exstr = lookup_id(subid); | |
927 | break; | |
928 | ||
ac892b7a DSH |
929 | default: |
930 | idstr = "Unknown"; | |
931 | break; | |
932 | ||
933 | } | |
934 | ||
8a794abd DSH |
935 | if (fail_id == id |
936 | && (fail_key == -1 || fail_key == keytype) | |
937 | && (fail_sub == -1 || fail_sub == subid)) | |
938 | exp_fail = 1; | |
939 | ||
b1adc971 DSH |
940 | if (sub_num > 0) |
941 | { | |
942 | if (sub_fail_num == sub_num) | |
943 | exp_fail = 1; | |
944 | sprintf(teststr, "\t\t%s %s (POST subtest #%d) test", | |
945 | idstr, exstr, sub_num); | |
946 | } | |
947 | else | |
948 | sprintf(teststr, "\t\t%s %s test", idstr, exstr); | |
949 | ||
ac892b7a DSH |
950 | switch(op) |
951 | { | |
952 | case FIPS_POST_BEGIN: | |
fc98a437 | 953 | #ifdef FIPS_POST_TIME |
6313d628 DSH |
954 | clock_getres(CLOCK_REALTIME, &tstart); |
955 | printf("\tTimer resolution %ld s, %ld ns\n", | |
956 | (long)tstart.tv_sec, (long)tstart.tv_nsec); | |
fc98a437 DSH |
957 | clock_gettime(CLOCK_REALTIME, &tstart); |
958 | #endif | |
ac892b7a | 959 | printf("\tPOST started\n"); |
b1adc971 | 960 | sub_num = 1; |
ac892b7a DSH |
961 | break; |
962 | ||
963 | case FIPS_POST_END: | |
b1adc971 DSH |
964 | if (sub_count == -1) |
965 | sub_count = sub_num; | |
966 | else if (sub_num != sub_count) | |
967 | printf("Inconsistent POST count %d != %d\n", | |
968 | sub_num, sub_count); | |
969 | sub_num = -1; | |
ac892b7a | 970 | printf("\tPOST %s\n", id ? "Success" : "Failed"); |
fc98a437 DSH |
971 | #ifdef FIPS_POST_TIME |
972 | clock_gettime(CLOCK_REALTIME, &tend); | |
973 | printf("\t\tTook %f seconds\n", | |
974 | (double)((tend.tv_sec+tend.tv_nsec*1e-9) | |
975 | - (tstart.tv_sec+tstart.tv_nsec*1e-9))); | |
976 | #endif | |
ac892b7a DSH |
977 | break; |
978 | ||
979 | case FIPS_POST_STARTED: | |
8a794abd | 980 | if (!post_quiet && !exp_fail) |
b1adc971 | 981 | printf("%s started\n", teststr); |
fc98a437 DSH |
982 | #ifdef FIPS_POST_TIME |
983 | clock_gettime(CLOCK_REALTIME, &start); | |
984 | #endif | |
ac892b7a DSH |
985 | break; |
986 | ||
987 | case FIPS_POST_SUCCESS: | |
b1adc971 DSH |
988 | if (sub_num > 0) |
989 | sub_num++; | |
8a794abd DSH |
990 | if (exp_fail) |
991 | { | |
b1adc971 | 992 | printf("%s OK but should've failed\n", teststr); |
8a794abd DSH |
993 | st_err++; |
994 | } | |
995 | else if (!post_quiet) | |
b1adc971 | 996 | printf("%s OK\n", teststr); |
fc98a437 DSH |
997 | #ifdef FIPS_POST_TIME |
998 | clock_gettime(CLOCK_REALTIME, &end); | |
999 | printf("\t\t\tTook %f seconds\n", | |
1000 | (double)((end.tv_sec+end.tv_nsec*1e-9) | |
1001 | - (start.tv_sec+start.tv_nsec*1e-9))); | |
fc98a437 | 1002 | #endif |
ac892b7a DSH |
1003 | break; |
1004 | ||
1005 | case FIPS_POST_FAIL: | |
b1adc971 DSH |
1006 | if (sub_num > 0) |
1007 | sub_num++; | |
8a794abd | 1008 | if (exp_fail) |
b1adc971 | 1009 | printf("%s failed as expected\n", teststr); |
8a794abd DSH |
1010 | else |
1011 | { | |
b1adc971 | 1012 | printf("%s Failed Incorrectly!!\n", teststr); |
8a794abd DSH |
1013 | st_err++; |
1014 | } | |
ac892b7a DSH |
1015 | break; |
1016 | ||
1017 | case FIPS_POST_CORRUPT: | |
8a794abd | 1018 | if (exp_fail) |
ac892b7a | 1019 | { |
b1adc971 | 1020 | printf("%s failure induced\n", teststr); |
ac892b7a DSH |
1021 | return 0; |
1022 | } | |
1023 | break; | |
1024 | ||
1025 | } | |
1026 | return 1; | |
1027 | } | |
1028 | ||
8a794abd DSH |
1029 | static int do_fail_all(int fullpost, int fullerr) |
1030 | { | |
8a794abd DSH |
1031 | int rv; |
1032 | size_t i; | |
b1adc971 | 1033 | int sub_fail; |
8a794abd DSH |
1034 | RSA *rsa = NULL; |
1035 | DSA *dsa = NULL; | |
476e7e49 | 1036 | DRBG_CTX *dctx = NULL, *defctx = NULL; |
8a794abd DSH |
1037 | EC_KEY *ec = NULL; |
1038 | BIGNUM *bn = NULL; | |
1039 | unsigned char out[10]; | |
1040 | if (!fullpost) | |
1041 | post_quiet = 1; | |
1042 | if (!fullerr) | |
1043 | no_err = 1; | |
1044 | FIPS_module_mode_set(0, NULL); | |
b1adc971 | 1045 | for (sub_fail = 1; sub_fail < sub_count; sub_fail++) |
8a794abd | 1046 | { |
b1adc971 DSH |
1047 | sub_fail_num = sub_fail; |
1048 | printf(" Testing induced failure of POST subtest %d\n", | |
1049 | sub_fail); | |
8a794abd DSH |
1050 | rv = FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS); |
1051 | if (rv) | |
1052 | { | |
1053 | printf("\tFIPS mode incorrectly successful!!\n"); | |
1054 | st_err++; | |
1055 | } | |
1056 | } | |
b1adc971 | 1057 | sub_fail_num = -1; |
8a794abd DSH |
1058 | printf(" Testing induced failure of RSA keygen test\n"); |
1059 | /* NB POST will succeed with a pairwise test failures as | |
1060 | * it is not used during POST. | |
1061 | */ | |
1062 | fail_id = FIPS_TEST_PAIRWISE; | |
1063 | fail_key = EVP_PKEY_RSA; | |
1064 | /* Now enter FIPS mode successfully */ | |
1065 | if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS)) | |
1066 | { | |
1067 | printf("\tError entering FIPS mode\n"); | |
1068 | st_err++; | |
1069 | } | |
1070 | ||
1071 | rsa = FIPS_rsa_new(); | |
1072 | bn = BN_new(); | |
1073 | if (!rsa || !bn) | |
1074 | return 0; | |
1075 | BN_set_word(bn, 65537); | |
1076 | if (RSA_generate_key_ex(rsa, 2048,bn,NULL)) | |
1077 | { | |
1078 | printf("\tRSA key generated OK incorrectly!!\n"); | |
1079 | st_err++; | |
1080 | } | |
1081 | else | |
1082 | printf("\tRSA key generation failed as expected.\n"); | |
1083 | ||
1084 | /* Leave FIPS mode to clear error */ | |
1085 | FIPS_module_mode_set(0, NULL); | |
1086 | ||
1087 | printf(" Testing induced failure of DSA keygen test\n"); | |
1088 | fail_key = EVP_PKEY_DSA; | |
1089 | /* Enter FIPS mode successfully */ | |
1090 | if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS)) | |
1091 | { | |
1092 | printf("\tError entering FIPS mode\n"); | |
1093 | st_err++; | |
1094 | } | |
1095 | dsa = FIPS_dsa_new(); | |
1096 | if (!dsa) | |
1097 | return 0; | |
1098 | if (!DSA_generate_parameters_ex(dsa, 1024,NULL,0,NULL,NULL,NULL)) | |
1099 | return 0; | |
1100 | if (DSA_generate_key(dsa)) | |
1101 | { | |
1102 | printf("\tDSA key generated OK incorrectly!!\n"); | |
1103 | st_err++; | |
1104 | } | |
1105 | else | |
1106 | printf("\tDSA key generation failed as expected.\n"); | |
1107 | ||
1108 | /* Leave FIPS mode to clear error */ | |
1109 | FIPS_module_mode_set(0, NULL); | |
1110 | /* Enter FIPS mode successfully */ | |
1111 | if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS)) | |
1112 | { | |
1113 | printf("\tError entering FIPS mode\n"); | |
1114 | st_err++; | |
1115 | } | |
1116 | ||
1117 | printf(" Testing induced failure of ECDSA keygen test\n"); | |
1118 | fail_key = EVP_PKEY_EC; | |
1119 | ||
1120 | ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); | |
1121 | ||
1122 | if (!ec) | |
1123 | return 0; | |
1124 | ||
1125 | if (EC_KEY_generate_key(ec)) | |
1126 | { | |
1127 | printf("\tECDSA key generated OK incorrectly!!\n"); | |
1128 | st_err++; | |
1129 | } | |
1130 | else | |
1131 | printf("\tECDSA key generation failed as expected.\n"); | |
1132 | ||
476e7e49 DSH |
1133 | FIPS_ec_key_free(ec); |
1134 | ec = NULL; | |
1135 | ||
8a794abd DSH |
1136 | fail_id = -1; |
1137 | fail_sub = -1; | |
1138 | fail_key = -1; | |
1139 | /* Leave FIPS mode to clear error */ | |
1140 | FIPS_module_mode_set(0, NULL); | |
1141 | /* Enter FIPS mode successfully */ | |
1142 | if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS)) | |
1143 | { | |
1144 | printf("\tError entering FIPS mode\n"); | |
1145 | st_err++; | |
1146 | } | |
1147 | /* Induce continuous PRNG failure for DRBG */ | |
1148 | printf(" Testing induced failure of DRBG CPRNG test\n"); | |
1149 | FIPS_drbg_stick(1); | |
1150 | ||
1151 | /* Initialise a DRBG context */ | |
1152 | dctx = FIPS_drbg_new(NID_sha1, 0); | |
1153 | if (!dctx) | |
1154 | return 0; | |
1155 | for (i = 0; i < sizeof(dummy_drbg_entropy); i++) | |
1156 | { | |
1157 | dummy_drbg_entropy[i] = i & 0xff; | |
1158 | } | |
1159 | FIPS_drbg_set_callbacks(dctx, drbg_test_cb, 0, 0x10, drbg_test_cb, 0); | |
1160 | if (!FIPS_drbg_instantiate(dctx, dummy_drbg_entropy, 10)) | |
1161 | { | |
1162 | printf("\tDRBG instantiate error!!\n"); | |
1163 | st_err++; | |
1164 | } | |
1165 | if (FIPS_drbg_generate(dctx, out, sizeof(out), 0, NULL, 0)) | |
1166 | { | |
1167 | printf("\tDRBG continuous PRNG OK incorrectly!!\n"); | |
1168 | st_err++; | |
1169 | } | |
1170 | else | |
1171 | printf("\tDRBG continuous PRNG failed as expected\n"); | |
1172 | FIPS_drbg_stick(0); | |
1173 | ||
1174 | /* Leave FIPS mode to clear error */ | |
1175 | FIPS_module_mode_set(0, NULL); | |
1176 | /* Enter FIPS mode successfully */ | |
1177 | if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS)) | |
1178 | { | |
1179 | printf("\tError entering FIPS mode\n"); | |
1180 | st_err++; | |
1181 | } | |
1182 | ||
1183 | FIPS_drbg_free(dctx); | |
1184 | ||
1185 | /* Induce continuous PRNG failure for DRBG entropy source*/ | |
1186 | printf(" Testing induced failure of DRBG entropy CPRNG test\n"); | |
1187 | ||
1188 | /* Initialise a DRBG context */ | |
1189 | dctx = FIPS_drbg_new(NID_sha1, 0); | |
1190 | if (!dctx) | |
1191 | return 0; | |
1192 | for (i = 0; i < sizeof(dummy_drbg_entropy); i++) | |
1193 | { | |
1194 | dummy_drbg_entropy[i] = i & 0xf; | |
1195 | } | |
1196 | FIPS_drbg_set_callbacks(dctx, drbg_test_cb, 0, 0x10, drbg_test_cb, 0); | |
1197 | if (FIPS_drbg_instantiate(dctx, dummy_drbg_entropy, 10)) | |
1198 | { | |
1199 | printf("\tDRBG continuous PRNG entropy OK incorrectly!!\n"); | |
1200 | st_err++; | |
1201 | } | |
1202 | else | |
1203 | printf("\tDRBG continuous PRNG entropy failed as expected\n"); | |
1204 | /* Leave FIPS mode to clear error */ | |
1205 | FIPS_module_mode_set(0, NULL); | |
1206 | /* Enter FIPS mode successfully */ | |
1207 | if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS)) | |
1208 | { | |
1209 | printf("\tError entering FIPS mode\n"); | |
1210 | st_err++; | |
1211 | } | |
1212 | FIPS_drbg_free(dctx); | |
1213 | ||
1214 | /* Leave FIPS mode to clear error */ | |
1215 | FIPS_module_mode_set(0, NULL); | |
1216 | /* Enter FIPS mode successfully */ | |
1217 | if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS)) | |
1218 | { | |
1219 | printf("\tError entering FIPS mode\n"); | |
1220 | st_err++; | |
1221 | } | |
1222 | ||
1223 | printf(" Testing induced failure of X9.31 CPRNG test\n"); | |
1224 | FIPS_x931_stick(1); | |
1225 | if (!FIPS_x931_set_key(dummy_drbg_entropy, 32)) | |
1226 | { | |
1227 | printf("\tError initialiasing X9.31 PRNG\n"); | |
1228 | st_err++; | |
1229 | } | |
1230 | if (!FIPS_x931_seed(dummy_drbg_entropy + 32, 16)) | |
1231 | { | |
1232 | printf("\tError seeding X9.31 PRNG\n"); | |
1233 | st_err++; | |
1234 | } | |
1235 | if (FIPS_x931_bytes(out, 10) > 0) | |
1236 | { | |
1237 | printf("\tX9.31 continuous PRNG failure OK incorrectly!!\n"); | |
1238 | st_err++; | |
1239 | } | |
1240 | else | |
1241 | printf("\tX9.31 continuous PRNG failed as expected\n"); | |
1242 | FIPS_x931_stick(0); | |
1243 | ||
476e7e49 DSH |
1244 | /* Leave FIPS mode to clear error */ |
1245 | FIPS_module_mode_set(0, NULL); | |
1246 | /* Enter FIPS mode successfully */ | |
1247 | if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS)) | |
1248 | { | |
1249 | printf("\tError entering FIPS mode\n"); | |
1250 | st_err++; | |
1251 | } | |
1252 | ||
1253 | printf(" Testing operation failure with DRBG entropy failure\n"); | |
1254 | ||
1255 | /* Generate DSA key for later use */ | |
1256 | if (DSA_generate_key(dsa)) | |
1257 | printf("\tDSA key generated OK as expected.\n"); | |
1258 | else | |
1259 | { | |
1260 | printf("\tDSA key generation FAILED!!\n"); | |
1261 | st_err++; | |
1262 | } | |
1263 | ||
1264 | /* Initialise default DRBG context */ | |
1265 | defctx = FIPS_get_default_drbg(); | |
1266 | if (!defctx) | |
1267 | return 0; | |
1268 | if (!FIPS_drbg_init(defctx, NID_sha512, 0)) | |
1269 | return 0; | |
1270 | /* Set entropy failure callback */ | |
1271 | FIPS_drbg_set_callbacks(defctx, drbg_fail_cb, 0, 0x10, drbg_test_cb, 0); | |
1272 | if (FIPS_drbg_instantiate(defctx, dummy_drbg_entropy, 10)) | |
1273 | { | |
1274 | printf("\tDRBG entropy fail OK incorrectly!!\n"); | |
1275 | st_err++; | |
1276 | } | |
1277 | else | |
1278 | printf("\tDRBG entropy fail failed as expected\n"); | |
1279 | ||
1280 | if (FIPS_dsa_sign(dsa, dummy_drbg_entropy, 5, EVP_sha256())) | |
1281 | { | |
1282 | printf("\tDSA signing OK incorrectly!!\n"); | |
1283 | st_err++; | |
1284 | } | |
1285 | else | |
1286 | printf("\tDSA signing failed as expected\n"); | |
1287 | ||
1288 | ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); | |
1289 | ||
1290 | if (!ec) | |
1291 | return 0; | |
1292 | ||
1293 | if (EC_KEY_generate_key(ec)) | |
1294 | { | |
1295 | printf("\tECDSA key generated OK incorrectly!!\n"); | |
1296 | st_err++; | |
1297 | } | |
1298 | else | |
1299 | printf("\tECDSA key generation failed as expected.\n"); | |
1300 | ||
8a794abd DSH |
1301 | printf(" Induced failure test completed with %d errors\n", st_err); |
1302 | post_quiet = 0; | |
1303 | no_err = 0; | |
1304 | BN_free(bn); | |
1305 | FIPS_rsa_free(rsa); | |
1306 | FIPS_dsa_free(dsa); | |
1307 | FIPS_ec_key_free(ec); | |
1308 | if (st_err) | |
1309 | return 0; | |
1310 | return 1; | |
1311 | } | |
1312 | ||
8b8096d0 DSH |
1313 | #ifdef FIPS_ALGVS |
1314 | int fips_test_suite_main(int argc, char **argv) | |
1315 | #else | |
1316 | int main(int argc, char **argv) | |
1317 | #endif | |
2b4b28dc | 1318 | { |
8a794abd | 1319 | char **args = argv + 1; |
2b4b28dc DSH |
1320 | int bad_rsa = 0, bad_dsa = 0; |
1321 | int do_rng_stick = 0; | |
ded19997 | 1322 | int do_drbg_stick = 0; |
2b4b28dc | 1323 | int no_exit = 0; |
8a794abd | 1324 | int no_dh = 0, no_drbg = 0; |
5e4eb995 | 1325 | char *pass = FIPS_AUTH_USER_PASS; |
8a794abd | 1326 | int fullpost = 0, fullerr = 0; |
2b4b28dc | 1327 | |
ac892b7a DSH |
1328 | FIPS_post_set_callback(post_cb); |
1329 | ||
01a9a759 DSH |
1330 | printf("\tFIPS-mode test application\n"); |
1331 | ||
1332 | printf("\t%s\n\n", FIPS_module_version_text()); | |
2b4b28dc | 1333 | |
8a794abd | 1334 | while(*args) { |
2b4b28dc | 1335 | /* Corrupted KAT tests */ |
8a794abd | 1336 | if (!strcmp(*args, "integrity")) { |
ac892b7a | 1337 | fail_id = FIPS_TEST_INTEGRITY; |
8a794abd | 1338 | } else if (!strcmp(*args, "aes")) { |
ac892b7a DSH |
1339 | fail_id = FIPS_TEST_CIPHER; |
1340 | fail_sub = NID_aes_128_ecb; | |
8a794abd | 1341 | } else if (!strcmp(*args, "aes-ccm")) { |
cb1b3aa1 | 1342 | fail_id = FIPS_TEST_CCM; |
8a794abd | 1343 | } else if (!strcmp(*args, "aes-gcm")) { |
8038511c | 1344 | fail_id = FIPS_TEST_GCM; |
8a794abd | 1345 | } else if (!strcmp(*args, "aes-xts")) { |
bf8131f7 | 1346 | fail_id = FIPS_TEST_XTS; |
8a794abd | 1347 | } else if (!strcmp(*args, "des")) { |
ac892b7a DSH |
1348 | fail_id = FIPS_TEST_CIPHER; |
1349 | fail_sub = NID_des_ede3_ecb; | |
8a794abd | 1350 | } else if (!strcmp(*args, "dsa")) { |
ac892b7a DSH |
1351 | fail_id = FIPS_TEST_SIGNATURE; |
1352 | fail_key = EVP_PKEY_DSA; | |
c1f63b5c DSH |
1353 | } else if (!strcmp(argv[1], "ecdh")) { |
1354 | fail_id = FIPS_TEST_ECDH; | |
8a794abd | 1355 | } else if (!strcmp(*args, "ecdsa")) { |
ac892b7a DSH |
1356 | fail_id = FIPS_TEST_SIGNATURE; |
1357 | fail_key = EVP_PKEY_EC; | |
8a794abd | 1358 | } else if (!strcmp(*args, "rsa")) { |
ac892b7a DSH |
1359 | fail_id = FIPS_TEST_SIGNATURE; |
1360 | fail_key = EVP_PKEY_RSA; | |
8a794abd | 1361 | } else if (!strcmp(*args, "rsakey")) { |
2b4b28dc DSH |
1362 | printf("RSA key generation and signature validation with corrupted key...\n"); |
1363 | bad_rsa = 1; | |
1364 | no_exit = 1; | |
8a794abd | 1365 | } else if (!strcmp(*args, "rsakeygen")) { |
ac892b7a DSH |
1366 | fail_id = FIPS_TEST_PAIRWISE; |
1367 | fail_key = EVP_PKEY_RSA; | |
2b4b28dc | 1368 | no_exit = 1; |
8a794abd | 1369 | } else if (!strcmp(*args, "dsakey")) { |
2b4b28dc DSH |
1370 | printf("DSA key generation and signature validation with corrupted key...\n"); |
1371 | bad_dsa = 1; | |
1372 | no_exit = 1; | |
8a794abd | 1373 | } else if (!strcmp(*args, "dsakeygen")) { |
ac892b7a DSH |
1374 | fail_id = FIPS_TEST_PAIRWISE; |
1375 | fail_key = EVP_PKEY_DSA; | |
2b4b28dc | 1376 | no_exit = 1; |
8a794abd | 1377 | } else if (!strcmp(*args, "sha1")) { |
ac892b7a | 1378 | fail_id = FIPS_TEST_DIGEST; |
8a794abd | 1379 | } else if (!strcmp(*args, "hmac")) { |
8038511c | 1380 | fail_id = FIPS_TEST_HMAC; |
8a794abd | 1381 | } else if (!strcmp(*args, "cmac")) { |
8f331999 | 1382 | fail_id = FIPS_TEST_CMAC; |
8a794abd | 1383 | } else if (!strcmp(*args, "drbg")) { |
76089788 | 1384 | fail_id = FIPS_TEST_DRBG; |
2b4b28dc | 1385 | } else if (!strcmp(argv[1], "rng")) { |
706735ae | 1386 | fail_id = FIPS_TEST_X931; |
8a794abd DSH |
1387 | } else if (!strcmp(*args, "nodrbg")) { |
1388 | no_drbg = 1; | |
1389 | no_exit = 1; | |
1390 | } else if (!strcmp(*args, "nodh")) { | |
4420b3b1 DSH |
1391 | no_dh = 1; |
1392 | no_exit = 1; | |
8a794abd | 1393 | } else if (!strcmp(*args, "post")) { |
75707a32 | 1394 | fail_id = -1; |
8a794abd | 1395 | } else if (!strcmp(*args, "rngstick")) { |
2b4b28dc DSH |
1396 | do_rng_stick = 1; |
1397 | no_exit = 1; | |
1398 | printf("RNG test with stuck continuous test...\n"); | |
8a794abd | 1399 | } else if (!strcmp(*args, "drbgentstick")) { |
b8b6a13a | 1400 | do_entropy_stick(); |
8a794abd | 1401 | } else if (!strcmp(*args, "drbgstick")) { |
ded19997 DSH |
1402 | do_drbg_stick = 1; |
1403 | no_exit = 1; | |
1404 | printf("DRBG test with stuck continuous test...\n"); | |
8a794abd | 1405 | } else if (!strcmp(*args, "user")) { |
5e4eb995 | 1406 | pass = FIPS_AUTH_USER_PASS; |
8a794abd | 1407 | } else if (!strcmp(*args, "officer")) { |
5e4eb995 | 1408 | pass = FIPS_AUTH_OFFICER_PASS; |
8a794abd | 1409 | } else if (!strcmp(*args, "badpass")) { |
5e4eb995 | 1410 | pass = "bad invalid password"; |
8a794abd | 1411 | } else if (!strcmp(*args, "nopass")) { |
4ff2999e | 1412 | pass = ""; |
8a794abd DSH |
1413 | } else if (!strcmp(*args, "fullpost")) { |
1414 | fullpost = 1; | |
1415 | no_exit = 1; | |
1416 | } else if (!strcmp(*args, "fullerr")) { | |
1417 | fullerr = 1; | |
1418 | no_exit = 1; | |
2b4b28dc | 1419 | } else { |
8a794abd | 1420 | printf("Bad argument \"%s\"\n", *args); |
d5939062 | 1421 | return 1; |
2b4b28dc | 1422 | } |
8a794abd DSH |
1423 | args++; |
1424 | } | |
1425 | ||
1426 | if ((argc != 1) && !no_exit) { | |
b8b6a13a | 1427 | fips_algtest_init_nofips(); |
5e4eb995 | 1428 | if (!FIPS_module_mode_set(1, pass)) { |
2b4b28dc | 1429 | printf("Power-up self test failed\n"); |
d5939062 | 1430 | return 1; |
2b4b28dc DSH |
1431 | } |
1432 | printf("Power-up self test successful\n"); | |
d5939062 | 1433 | return 0; |
2b4b28dc DSH |
1434 | } |
1435 | ||
b8b6a13a DSH |
1436 | fips_algtest_init_nofips(); |
1437 | ||
2b4b28dc DSH |
1438 | /* Non-Approved cryptographic operation |
1439 | */ | |
1440 | printf("1. Non-Approved cryptographic operation test...\n"); | |
4420b3b1 DSH |
1441 | if (no_dh) |
1442 | printf("\t D-H test skipped\n"); | |
1443 | else | |
1444 | test_msg("\ta. Included algorithm (D-H)...", dh_test()); | |
2b4b28dc DSH |
1445 | |
1446 | /* Power-up self test | |
1447 | */ | |
1448 | ERR_clear_error(); | |
5e4eb995 | 1449 | test_msg("2. Automatic power-up self test", FIPS_module_mode_set(1, pass)); |
c2fd5989 | 1450 | if (!FIPS_module_mode()) |
d5939062 | 1451 | return 1; |
ded19997 | 1452 | if (do_drbg_stick) |
df64f34e | 1453 | FIPS_drbg_stick(1); |
2b4b28dc | 1454 | if (do_rng_stick) |
df64f34e | 1455 | FIPS_x931_stick(1); |
2b4b28dc DSH |
1456 | |
1457 | /* AES encryption/decryption | |
1458 | */ | |
acf254f8 DSH |
1459 | test_msg("3a. AES encryption/decryption", FIPS_aes_test()); |
1460 | /* AES GCM encryption/decryption | |
1461 | */ | |
1462 | test_msg("3b. AES-GCM encryption/decryption", FIPS_aes_gcm_test()); | |
2b4b28dc DSH |
1463 | |
1464 | /* RSA key generation and encryption/decryption | |
1465 | */ | |
1466 | test_msg("4. RSA key generation and encryption/decryption", | |
1467 | FIPS_rsa_test(bad_rsa)); | |
1468 | ||
1469 | /* DES-CBC encryption/decryption | |
1470 | */ | |
1471 | test_msg("5. DES-ECB encryption/decryption", FIPS_des3_test()); | |
1472 | ||
1473 | /* DSA key generation and signature validation | |
1474 | */ | |
1475 | test_msg("6. DSA key generation and signature validation", | |
1476 | FIPS_dsa_test(bad_dsa)); | |
1477 | ||
1478 | /* SHA-1 hash | |
1479 | */ | |
1480 | test_msg("7a. SHA-1 hash", FIPS_sha1_test()); | |
1481 | ||
1482 | /* SHA-256 hash | |
1483 | */ | |
1484 | test_msg("7b. SHA-256 hash", FIPS_sha256_test()); | |
1485 | ||
1486 | /* SHA-512 hash | |
1487 | */ | |
1488 | test_msg("7c. SHA-512 hash", FIPS_sha512_test()); | |
1489 | ||
1490 | /* HMAC-SHA-1 hash | |
1491 | */ | |
1492 | test_msg("7d. HMAC-SHA-1 hash", FIPS_hmac_sha1_test()); | |
1493 | ||
1494 | /* HMAC-SHA-224 hash | |
1495 | */ | |
1496 | test_msg("7e. HMAC-SHA-224 hash", FIPS_hmac_sha224_test()); | |
1497 | ||
1498 | /* HMAC-SHA-256 hash | |
1499 | */ | |
1500 | test_msg("7f. HMAC-SHA-256 hash", FIPS_hmac_sha256_test()); | |
1501 | ||
1502 | /* HMAC-SHA-384 hash | |
1503 | */ | |
1504 | test_msg("7g. HMAC-SHA-384 hash", FIPS_hmac_sha384_test()); | |
1505 | ||
1506 | /* HMAC-SHA-512 hash | |
1507 | */ | |
1508 | test_msg("7h. HMAC-SHA-512 hash", FIPS_hmac_sha512_test()); | |
1509 | ||
37942b93 RL |
1510 | /* CMAC-AES-128 hash |
1511 | */ | |
1512 | test_msg("8a. CMAC-AES-128 hash", FIPS_cmac_aes128_test()); | |
1513 | ||
1514 | /* CMAC-AES-192 hash | |
1515 | */ | |
1516 | test_msg("8b. CMAC-AES-192 hash", FIPS_cmac_aes192_test()); | |
1517 | ||
1518 | /* CMAC-AES-256 hash | |
1519 | */ | |
1520 | test_msg("8c. CMAC-AES-256 hash", FIPS_cmac_aes256_test()); | |
1521 | ||
1522 | # if 0 /* Not a FIPS algorithm */ | |
1523 | /* CMAC-TDEA-2 hash | |
1524 | */ | |
1525 | test_msg("8d. CMAC-TDEA-2 hash", FIPS_cmac_tdea2_test()); | |
1526 | #endif | |
1527 | ||
1528 | /* CMAC-TDEA-3 hash | |
1529 | */ | |
1530 | test_msg("8e. CMAC-TDEA-3 hash", FIPS_cmac_tdea3_test()); | |
1531 | ||
2b4b28dc DSH |
1532 | /* Non-Approved cryptographic operation |
1533 | */ | |
37942b93 | 1534 | printf("9. Non-Approved cryptographic operation test...\n"); |
2b4b28dc | 1535 | printf("\ta. Included algorithm (D-H)...%s\n", |
4420b3b1 | 1536 | no_dh ? "skipped" : |
2b4b28dc DSH |
1537 | dh_test() ? "successful as expected" |
1538 | : Fail("failed INCORRECTLY!") ); | |
1539 | ||
1540 | /* Zeroization | |
1541 | */ | |
37942b93 | 1542 | printf("10. Zero-ization...\n\t%s\n", |
2b4b28dc DSH |
1543 | Zeroize() ? "successful as expected" |
1544 | : Fail("failed INCORRECTLY!") ); | |
1545 | ||
4420b3b1 DSH |
1546 | printf("11. Complete DRBG health check...\n"); |
1547 | printf("\t%s\n", FIPS_selftest_drbg_all() ? "successful as expected" | |
1548 | : Fail("failed INCORRECTLY!") ); | |
1549 | ||
1550 | printf("12. DRBG generation check...\n"); | |
8a794abd DSH |
1551 | if (no_drbg) |
1552 | printf("\tskipped\n"); | |
1553 | else | |
1554 | printf("\t%s\n", do_drbg_all() ? "successful as expected" | |
a11f06b2 DSH |
1555 | : Fail("failed INCORRECTLY!") ); |
1556 | ||
8a794abd DSH |
1557 | printf("13. Induced test failure check...\n"); |
1558 | printf("\t%s\n", do_fail_all(fullpost, fullerr) ? "successful as expected" | |
1559 | : Fail("failed INCORRECTLY!") ); | |
2b4b28dc DSH |
1560 | printf("\nAll tests completed with %d errors\n", Error); |
1561 | return Error ? 1 : 0; | |
1562 | } | |
1563 | ||
1564 | #endif |