]> git.ipfire.org Git - thirdparty/openssl.git/blob - fips/fips_test_suite.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add support for Dual EC DRBG from SP800-90. Include updates to algorithm
[thirdparty/openssl.git] / fips / fips_test_suite.c
1 /* ====================================================================
2 * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
3 *
4 *
5 * This command is intended as a test driver for the FIPS-140 testing
6 * lab performing FIPS-140 validation. It demonstrates the use of the
7 * OpenSSL library ito perform a variety of common cryptographic
8 * functions. A power-up self test is demonstrated by deliberately
9 * pointing to an invalid executable hash
10 *
11 * Contributed by Steve Marquess.
12 *
13 */
14
15 #define OPENSSL_FIPSAPI
16
17 #include <stdio.h>
18 #include <assert.h>
19 #include <ctype.h>
20 #include <string.h>
21 #include <stdlib.h>
22 #include <openssl/evp.h>
23 #include <openssl/hmac.h>
24 #include <openssl/cmac.h>
25 #include <openssl/sha.h>
26 #include <openssl/err.h>
27
28 #include <openssl/bn.h>
29 #include <openssl/rand.h>
30
31 #ifndef OPENSSL_FIPS
32 int main(int argc, char *argv[])
33 {
34 printf("No FIPS support\n");
35 return(0);
36 }
37 #else
38
39 #define ERR_clear_error() while(0)
40
41 #include <openssl/rsa.h>
42 #include <openssl/dsa.h>
43 #include <openssl/dh.h>
44
45 #include <openssl/fips.h>
46 #include "fips_utl.h"
47
48 /* AES: encrypt and decrypt known plaintext, verify result matches original plaintext
49 */
50 static int FIPS_aes_test(void)
51 {
52 int ret = 0;
53 unsigned char pltmp[16];
54 unsigned char citmp[16];
55 unsigned char key[16] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
56 unsigned char plaintext[16] = "etaonrishdlcu";
57 EVP_CIPHER_CTX ctx;
58 FIPS_cipher_ctx_init(&ctx);
59 if (FIPS_cipherinit(&ctx, EVP_aes_128_ecb(), key, NULL, 1) <= 0)
60 goto err;
61 FIPS_cipher(&ctx, citmp, plaintext, 16);
62 if (FIPS_cipherinit(&ctx, EVP_aes_128_ecb(), key, NULL, 0) <= 0)
63 goto err;
64 FIPS_cipher(&ctx, pltmp, citmp, 16);
65 if (memcmp(pltmp, plaintext, 16))
66 goto err;
67 ret = 1;
68 err:
69 FIPS_cipher_ctx_cleanup(&ctx);
70 return ret;
71 }
72
73 static int FIPS_aes_gcm_test(void)
74 {
75 int ret = 0;
76 unsigned char pltmp[16];
77 unsigned char citmp[16];
78 unsigned char tagtmp[16];
79 unsigned char key[16] = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
80 unsigned char iv[16] = {21,22,23,24,25,26,27,28,29,30,31,32};
81 unsigned char aad[] = "Some text AAD";
82 unsigned char plaintext[16] = "etaonrishdlcu";
83 EVP_CIPHER_CTX ctx;
84 FIPS_cipher_ctx_init(&ctx);
85 if (FIPS_cipherinit(&ctx, EVP_aes_128_gcm(), key, iv, 1) <= 0)
86 goto err;
87 FIPS_cipher(&ctx, NULL, aad, sizeof(aad));
88 FIPS_cipher(&ctx, citmp, plaintext, 16);
89 FIPS_cipher(&ctx, NULL, NULL, 0);
90 if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, 16, tagtmp))
91 goto err;
92
93 if (FIPS_cipherinit(&ctx, EVP_aes_128_gcm(), key, iv, 0) <= 0)
94 goto err;
95 if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tagtmp))
96 goto err;
97
98 FIPS_cipher(&ctx, NULL, aad, sizeof(aad));
99
100 FIPS_cipher(&ctx, pltmp, citmp, 16);
101
102 if (FIPS_cipher(&ctx, NULL, NULL, 0) < 0)
103 goto err;
104
105 if (memcmp(pltmp, plaintext, 16))
106 goto err;
107
108 ret = 1;
109 err:
110 FIPS_cipher_ctx_cleanup(&ctx);
111 return ret;
112 }
113
114 static int FIPS_des3_test(void)
115 {
116 int ret = 0;
117 unsigned char pltmp[8];
118 unsigned char citmp[8];
119 unsigned char key[] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,
120 19,20,21,22,23,24};
121 unsigned char plaintext[] = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' };
122 EVP_CIPHER_CTX ctx;
123 FIPS_cipher_ctx_init(&ctx);
124 if (FIPS_cipherinit(&ctx, EVP_des_ede3_ecb(), key, NULL, 1) <= 0)
125 goto err;
126 FIPS_cipher(&ctx, citmp, plaintext, 8);
127 if (FIPS_cipherinit(&ctx, EVP_des_ede3_ecb(), key, NULL, 0) <= 0)
128 goto err;
129 FIPS_cipher(&ctx, pltmp, citmp, 8);
130 if (memcmp(pltmp, plaintext, 8))
131 goto err;
132 ret = 1;
133 err:
134 FIPS_cipher_ctx_cleanup(&ctx);
135 return ret;
136 }
137
138 /*
139 * DSA: generate keys and sign, verify input plaintext.
140 */
141 static int FIPS_dsa_test(int bad)
142 {
143 DSA *dsa = NULL;
144 unsigned char dgst[] = "etaonrishdlc";
145 int r = 0;
146 EVP_MD_CTX mctx;
147 DSA_SIG *sig = NULL;
148
149 ERR_clear_error();
150 FIPS_md_ctx_init(&mctx);
151 dsa = FIPS_dsa_new();
152 if (!dsa)
153 goto end;
154 if (!DSA_generate_parameters_ex(dsa, 1024,NULL,0,NULL,NULL,NULL))
155 goto end;
156 if (!DSA_generate_key(dsa))
157 goto end;
158 if (bad)
159 BN_add_word(dsa->pub_key, 1);
160
161 if (!FIPS_digestinit(&mctx, EVP_sha256()))
162 goto end;
163 if (!FIPS_digestupdate(&mctx, dgst, sizeof(dgst) - 1))
164 goto end;
165 sig = FIPS_dsa_sign_ctx(dsa, &mctx);
166 if (!sig)
167 goto end;
168
169 if (!FIPS_digestinit(&mctx, EVP_sha256()))
170 goto end;
171 if (!FIPS_digestupdate(&mctx, dgst, sizeof(dgst) - 1))
172 goto end;
173 r = FIPS_dsa_verify_ctx(dsa, &mctx, sig);
174 end:
175 if (sig)
176 FIPS_dsa_sig_free(sig);
177 FIPS_md_ctx_cleanup(&mctx);
178 if (dsa)
179 FIPS_dsa_free(dsa);
180 if (r != 1)
181 return 0;
182 return 1;
183 }
184
185 /*
186 * RSA: generate keys and sign, verify input plaintext.
187 */
188 static int FIPS_rsa_test(int bad)
189 {
190 RSA *key;
191 unsigned char input_ptext[] = "etaonrishdlc";
192 unsigned char buf[256];
193 unsigned int slen;
194 BIGNUM *bn;
195 EVP_MD_CTX mctx;
196 int r = 0;
197
198 ERR_clear_error();
199 FIPS_md_ctx_init(&mctx);
200 key = FIPS_rsa_new();
201 bn = BN_new();
202 if (!key || !bn)
203 return 0;
204 BN_set_word(bn, 65537);
205 if (!RSA_generate_key_ex(key, 2048,bn,NULL))
206 return 0;
207 BN_free(bn);
208 if (bad)
209 BN_add_word(key->n, 1);
210
211 if (!FIPS_digestinit(&mctx, EVP_sha256()))
212 goto end;
213 if (!FIPS_digestupdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
214 goto end;
215 if (!FIPS_rsa_sign_ctx(key, &mctx, RSA_PKCS1_PADDING, 0, NULL, buf, &slen))
216 goto end;
217
218 if (!FIPS_digestinit(&mctx, EVP_sha256()))
219 goto end;
220 if (!FIPS_digestupdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
221 goto end;
222 r = FIPS_rsa_verify_ctx(key, &mctx, RSA_PKCS1_PADDING, 0, NULL, buf, slen);
223 end:
224 FIPS_md_ctx_cleanup(&mctx);
225 if (key)
226 FIPS_rsa_free(key);
227 if (r != 1)
228 return 0;
229 return 1;
230 }
231
232 /* SHA1: generate hash of known digest value and compare to known
233 precomputed correct hash
234 */
235 static int FIPS_sha1_test()
236 {
237 unsigned char digest[SHA_DIGEST_LENGTH] =
238 { 0x11, 0xf1, 0x9a, 0x3a, 0xec, 0x1a, 0x1e, 0x8e, 0x65, 0xd4, 0x9a, 0x38, 0x0c, 0x8b, 0x1e, 0x2c, 0xe8, 0xb3, 0xc5, 0x18 };
239 unsigned char str[] = "etaonrishd";
240
241 unsigned char md[SHA_DIGEST_LENGTH];
242
243 ERR_clear_error();
244 if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha1())) return 0;
245 if (memcmp(md,digest,sizeof(md)))
246 return 0;
247 return 1;
248 }
249
250 /* SHA256: generate hash of known digest value and compare to known
251 precomputed correct hash
252 */
253 static int FIPS_sha256_test()
254 {
255 unsigned char digest[SHA256_DIGEST_LENGTH] =
256 {0xf5, 0x53, 0xcd, 0xb8, 0xcf, 0x1, 0xee, 0x17, 0x9b, 0x93, 0xc9, 0x68, 0xc0, 0xea, 0x40, 0x91,
257 0x6, 0xec, 0x8e, 0x11, 0x96, 0xc8, 0x5d, 0x1c, 0xaf, 0x64, 0x22, 0xe6, 0x50, 0x4f, 0x47, 0x57};
258 unsigned char str[] = "etaonrishd";
259
260 unsigned char md[SHA256_DIGEST_LENGTH];
261
262 ERR_clear_error();
263 if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha256())) return 0;
264 if (memcmp(md,digest,sizeof(md)))
265 return 0;
266 return 1;
267 }
268
269 /* SHA512: generate hash of known digest value and compare to known
270 precomputed correct hash
271 */
272 static int FIPS_sha512_test()
273 {
274 unsigned char digest[SHA512_DIGEST_LENGTH] =
275 {0x99, 0xc9, 0xe9, 0x5b, 0x88, 0xd4, 0x78, 0x88, 0xdf, 0x88, 0x5f, 0x94, 0x71, 0x64, 0x28, 0xca,
276 0x16, 0x1f, 0x3d, 0xf4, 0x1f, 0xf3, 0x0f, 0xc5, 0x03, 0x99, 0xb2, 0xd0, 0xe7, 0x0b, 0x94, 0x4a,
277 0x45, 0xd2, 0x6c, 0x4f, 0x20, 0x06, 0xef, 0x71, 0xa9, 0x25, 0x7f, 0x24, 0xb1, 0xd9, 0x40, 0x22,
278 0x49, 0x54, 0x10, 0xc2, 0x22, 0x9d, 0x27, 0xfe, 0xbd, 0xd6, 0xd6, 0xeb, 0x2d, 0x42, 0x1d, 0xa3};
279 unsigned char str[] = "etaonrishd";
280
281 unsigned char md[SHA512_DIGEST_LENGTH];
282
283 ERR_clear_error();
284 if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha512())) return 0;
285 if (memcmp(md,digest,sizeof(md)))
286 return 0;
287 return 1;
288 }
289
290 /* HMAC-SHA1: generate hash of known digest value and compare to known
291 precomputed correct hash
292 */
293 static int FIPS_hmac_sha1_test()
294 {
295 unsigned char key[] = "etaonrishd";
296 unsigned char iv[] = "Sample text";
297 unsigned char kaval[EVP_MAX_MD_SIZE] =
298 {0x73, 0xf7, 0xa0, 0x48, 0xf8, 0x94, 0xed, 0xdd, 0x0a, 0xea, 0xea, 0x56, 0x1b, 0x61, 0x2e, 0x70,
299 0xb2, 0xfb, 0xec, 0xc6};
300
301 unsigned char out[EVP_MAX_MD_SIZE];
302 unsigned int outlen;
303
304 ERR_clear_error();
305 if (!HMAC(EVP_sha1(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
306 if (memcmp(out,kaval,outlen))
307 return 0;
308 return 1;
309 }
310
311 /* HMAC-SHA224: generate hash of known digest value and compare to known
312 precomputed correct hash
313 */
314 static int FIPS_hmac_sha224_test()
315 {
316 unsigned char key[] = "etaonrishd";
317 unsigned char iv[] = "Sample text";
318 unsigned char kaval[EVP_MAX_MD_SIZE] =
319 {0x75, 0x58, 0xd5, 0xbd, 0x55, 0x6d, 0x87, 0x0f, 0x75, 0xff, 0xbe, 0x1c, 0xb2, 0xf0, 0x20, 0x35,
320 0xe5, 0x62, 0x49, 0xb6, 0x94, 0xb9, 0xfc, 0x65, 0x34, 0x33, 0x3a, 0x19};
321
322 unsigned char out[EVP_MAX_MD_SIZE];
323 unsigned int outlen;
324
325 ERR_clear_error();
326 if (!HMAC(EVP_sha224(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
327 if (memcmp(out,kaval,outlen))
328 return 0;
329 return 1;
330 }
331
332 /* HMAC-SHA256: generate hash of known digest value and compare to known
333 precomputed correct hash
334 */
335 static int FIPS_hmac_sha256_test()
336 {
337 unsigned char key[] = "etaonrishd";
338 unsigned char iv[] = "Sample text";
339 unsigned char kaval[EVP_MAX_MD_SIZE] =
340 {0xe9, 0x17, 0xc1, 0x7b, 0x4c, 0x6b, 0x77, 0xda, 0xd2, 0x30, 0x36, 0x02, 0xf5, 0x72, 0x33, 0x87,
341 0x9f, 0xc6, 0x6e, 0x7b, 0x7e, 0xa8, 0xea, 0xaa, 0x9f, 0xba, 0xee, 0x51, 0xff, 0xda, 0x24, 0xf4};
342
343 unsigned char out[EVP_MAX_MD_SIZE];
344 unsigned int outlen;
345
346 ERR_clear_error();
347 if (!HMAC(EVP_sha256(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
348 if (memcmp(out,kaval,outlen))
349 return 0;
350 return 1;
351 }
352
353 /* HMAC-SHA384: generate hash of known digest value and compare to known
354 precomputed correct hash
355 */
356 static int FIPS_hmac_sha384_test()
357 {
358 unsigned char key[] = "etaonrishd";
359 unsigned char iv[] = "Sample text";
360 unsigned char kaval[EVP_MAX_MD_SIZE] =
361 {0xb2, 0x9d, 0x40, 0x58, 0x32, 0xc4, 0xe3, 0x31, 0xb6, 0x63, 0x08, 0x26, 0x99, 0xef, 0x3b, 0x10,
362 0xe2, 0xdf, 0xf8, 0xff, 0xc6, 0xe1, 0x03, 0x29, 0x81, 0x2a, 0x1b, 0xac, 0xb0, 0x07, 0x39, 0x08,
363 0xf3, 0x91, 0x35, 0x11, 0x76, 0xd6, 0x4c, 0x20, 0xfb, 0x4d, 0xc3, 0xf3, 0xb8, 0x9b, 0x88, 0x1c};
364
365 unsigned char out[EVP_MAX_MD_SIZE];
366 unsigned int outlen;
367
368 ERR_clear_error();
369 if (!HMAC(EVP_sha384(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
370 if (memcmp(out,kaval,outlen))
371 return 0;
372 return 1;
373 }
374
375 /* HMAC-SHA512: generate hash of known digest value and compare to known
376 precomputed correct hash
377 */
378 static int FIPS_hmac_sha512_test()
379 {
380 unsigned char key[] = "etaonrishd";
381 unsigned char iv[] = "Sample text";
382 unsigned char kaval[EVP_MAX_MD_SIZE] =
383 {0xcd, 0x3e, 0xb9, 0x51, 0xb8, 0xbc, 0x7f, 0x9a, 0x23, 0xaf, 0xf3, 0x77, 0x59, 0x85, 0xa9, 0xe6,
384 0xf7, 0xd1, 0x51, 0x96, 0x17, 0xe0, 0x92, 0xd8, 0xa6, 0x3b, 0xc1, 0xad, 0x7e, 0x24, 0xca, 0xb1,
385 0xd7, 0x79, 0x0a, 0xa5, 0xea, 0x2c, 0x02, 0x58, 0x0b, 0xa6, 0x52, 0x6b, 0x61, 0x7f, 0xeb, 0x9c,
386 0x47, 0x86, 0x5d, 0x74, 0x2b, 0x88, 0xdf, 0xee, 0x46, 0x69, 0x96, 0x3d, 0xa6, 0xd9, 0x2a, 0x53};
387
388 unsigned char out[EVP_MAX_MD_SIZE];
389 unsigned int outlen;
390
391 ERR_clear_error();
392 if (!HMAC(EVP_sha512(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
393 if (memcmp(out,kaval,outlen))
394 return 0;
395 return 1;
396 }
397
398 /* CMAC-AES128: generate hash of known digest value and compare to known
399 precomputed correct hash
400 */
401 static int FIPS_cmac_aes128_test()
402 {
403 unsigned char key[16] = { 0x2b,0x7e,0x15,0x16, 0x28,0xae,0xd2,0xa6,
404 0xab,0xf7,0x15,0x88, 0x09,0xcf,0x4f,0x3c, };
405 unsigned char data[] = "Sample text";
406 unsigned char kaval[EVP_MAX_MD_SIZE] =
407 { 0x16,0x83,0xfe,0xac, 0x52,0x9b,0xae,0x23,
408 0xd7,0xd5,0x66,0xf5, 0xd2,0x8d,0xbd,0x2a, };
409
410 unsigned char *out = NULL;
411 size_t outlen;
412 CMAC_CTX *ctx = CMAC_CTX_new();
413 int r = 0;
414
415 ERR_clear_error();
416
417 if (!ctx)
418 goto end;
419 if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_128_cbc(),NULL))
420 goto end;
421 if (!CMAC_Update(ctx,data,sizeof(data)-1))
422 goto end;
423 /* This should return 1. If not, there's a programming error... */
424 if (!CMAC_Final(ctx, out, &outlen))
425 goto end;
426 out = OPENSSL_malloc(outlen);
427 if (!CMAC_Final(ctx, out, &outlen))
428 goto end;
429 #if 0
430 {
431 char *hexout = OPENSSL_malloc(outlen * 2 + 1);
432 bin2hex(out, outlen, hexout);
433 printf("CMAC-AES128: res = %s\n", hexout);
434 OPENSSL_free(hexout);
435 }
436 r = 1;
437 #else
438 if (!memcmp(out,kaval,outlen))
439 r = 1;
440 #endif
441 end:
442 CMAC_CTX_free(ctx);
443 if (out)
444 OPENSSL_free(out);
445 return r;
446 }
447
448 /* CMAC-AES192: generate hash of known digest value and compare to known
449 precomputed correct hash
450 */
451 static int FIPS_cmac_aes192_test()
452 {
453 unsigned char key[] = { 0x8e,0x73,0xb0,0xf7, 0xda,0x0e,0x64,0x52,
454 0xc8,0x10,0xf3,0x2b, 0x80,0x90,0x79,0xe5,
455 0x62,0xf8,0xea,0xd2, 0x52,0x2c,0x6b,0x7b, };
456 unsigned char data[] = "Sample text";
457 unsigned char kaval[] =
458 { 0xd6,0x99,0x19,0x25, 0xe5,0x1d,0x95,0x48,
459 0xb1,0x4a,0x0b,0xf2, 0xc6,0x3c,0x47,0x1f, };
460
461 unsigned char *out = NULL;
462 size_t outlen;
463 CMAC_CTX *ctx = CMAC_CTX_new();
464 int r = 0;
465
466 ERR_clear_error();
467
468 if (!ctx)
469 goto end;
470 if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_192_cbc(),NULL))
471 goto end;
472 if (!CMAC_Update(ctx,data,sizeof(data)-1))
473 goto end;
474 /* This should return 1. If not, there's a programming error... */
475 if (!CMAC_Final(ctx, out, &outlen))
476 goto end;
477 out = OPENSSL_malloc(outlen);
478 if (!CMAC_Final(ctx, out, &outlen))
479 goto end;
480 #if 0
481 {
482 char *hexout = OPENSSL_malloc(outlen * 2 + 1);
483 bin2hex(out, outlen, hexout);
484 printf("CMAC-AES192: res = %s\n", hexout);
485 OPENSSL_free(hexout);
486 }
487 r = 1;
488 #else
489 if (!memcmp(out,kaval,outlen))
490 r = 1;
491 #endif
492 end:
493 CMAC_CTX_free(ctx);
494 if (out)
495 OPENSSL_free(out);
496 return r;
497 }
498
499 /* CMAC-AES256: generate hash of known digest value and compare to known
500 precomputed correct hash
501 */
502 static int FIPS_cmac_aes256_test()
503 {
504 unsigned char key[] = { 0x60,0x3d,0xeb,0x10, 0x15,0xca,0x71,0xbe,
505 0x2b,0x73,0xae,0xf0, 0x85,0x7d,0x77,0x81,
506 0x1f,0x35,0x2c,0x07, 0x3b,0x61,0x08,0xd7,
507 0x2d,0x98,0x10,0xa3, 0x09,0x14,0xdf,0xf4, };
508 unsigned char data[] = "Sample text";
509 unsigned char kaval[] =
510 { 0xec,0xc2,0xcf,0x63, 0xc7,0xce,0xfc,0xa4,
511 0xb0,0x86,0x37,0x5f, 0x15,0x60,0xba,0x1f, };
512
513 unsigned char *out = NULL;
514 size_t outlen;
515 CMAC_CTX *ctx = CMAC_CTX_new();
516 int r = 0;
517
518 ERR_clear_error();
519
520 if (!ctx)
521 goto end;
522 if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_256_cbc(),NULL))
523 goto end;
524 if (!CMAC_Update(ctx,data,sizeof(data)-1))
525 goto end;
526 /* This should return 1. If not, there's a programming error... */
527 if (!CMAC_Final(ctx, out, &outlen))
528 goto end;
529 out = OPENSSL_malloc(outlen);
530 if (!CMAC_Final(ctx, out, &outlen))
531 goto end;
532 #if 0
533 {
534 char *hexout = OPENSSL_malloc(outlen * 2 + 1);
535 bin2hex(out, outlen, hexout);
536 printf("CMAC-AES256: res = %s\n", hexout);
537 OPENSSL_free(hexout);
538 }
539 r = 1;
540 #else
541 if (!memcmp(out,kaval,outlen))
542 r = 1;
543 #endif
544 end:
545 CMAC_CTX_free(ctx);
546 if (out)
547 OPENSSL_free(out);
548 return r;
549 }
550
551 /* CMAC-TDEA3: generate hash of known digest value and compare to known
552 precomputed correct hash
553 */
554 static int FIPS_cmac_tdea3_test()
555 {
556 unsigned char key[] = { 0x8a,0xa8,0x3b,0xf8, 0xcb,0xda,0x10,0x62,
557 0x0b,0xc1,0xbf,0x19, 0xfb,0xb6,0xcd,0x58,
558 0xbc,0x31,0x3d,0x4a, 0x37,0x1c,0xa8,0xb5, };
559 unsigned char data[] = "Sample text";
560 unsigned char kaval[EVP_MAX_MD_SIZE] =
561 { 0xb4,0x06,0x4e,0xbf, 0x59,0x89,0xba,0x68, };
562
563 unsigned char *out = NULL;
564 size_t outlen;
565 CMAC_CTX *ctx = CMAC_CTX_new();
566 int r = 0;
567
568 ERR_clear_error();
569
570 if (!ctx)
571 goto end;
572 if (!CMAC_Init(ctx,key,sizeof(key),EVP_des_ede3_cbc(),NULL))
573 goto end;
574 if (!CMAC_Update(ctx,data,sizeof(data)-1))
575 goto end;
576 /* This should return 1. If not, there's a programming error... */
577 if (!CMAC_Final(ctx, out, &outlen))
578 goto end;
579 out = OPENSSL_malloc(outlen);
580 if (!CMAC_Final(ctx, out, &outlen))
581 goto end;
582 #if 0
583 {
584 char *hexout = OPENSSL_malloc(outlen * 2 + 1);
585 bin2hex(out, outlen, hexout);
586 printf("CMAC-TDEA3: res = %s\n", hexout);
587 OPENSSL_free(hexout);
588 }
589 r = 1;
590 #else
591 if (!memcmp(out,kaval,outlen))
592 r = 1;
593 #endif
594 end:
595 CMAC_CTX_free(ctx);
596 if (out)
597 OPENSSL_free(out);
598 return r;
599 }
600
601
602 /* DH: generate shared parameters
603 */
604 static int dh_test()
605 {
606 DH *dh;
607 ERR_clear_error();
608 dh = FIPS_dh_new();
609 if (!dh)
610 return 0;
611 if (!DH_generate_parameters_ex(dh, 1024, 2, NULL))
612 return 0;
613 FIPS_dh_free(dh);
614 return 1;
615 }
616
617 /* Zeroize
618 */
619 static int Zeroize()
620 {
621 RSA *key;
622 BIGNUM *bn;
623 unsigned char userkey[16] =
624 { 0x48, 0x50, 0xf0, 0xa3, 0x3a, 0xed, 0xd3, 0xaf, 0x6e, 0x47, 0x7f, 0x83, 0x02, 0xb1, 0x09, 0x68 };
625 size_t i;
626 int n;
627
628 key = FIPS_rsa_new();
629 bn = BN_new();
630 if (!key || !bn)
631 return 0;
632 BN_set_word(bn, 65537);
633 if (!RSA_generate_key_ex(key, 1024,bn,NULL))
634 return 0;
635 BN_free(bn);
636
637 n = BN_num_bytes(key->d);
638 printf(" Generated %d byte RSA private key\n", n);
639 printf("\tBN key before overwriting:\n");
640 do_bn_print(stdout, key->d);
641 BN_rand(key->d,n*8,-1,0);
642 printf("\tBN key after overwriting:\n");
643 do_bn_print(stdout, key->d);
644
645 printf("\tchar buffer key before overwriting: \n\t\t");
646 for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
647 printf("\n");
648 RAND_bytes(userkey, sizeof userkey);
649 printf("\tchar buffer key after overwriting: \n\t\t");
650 for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
651 printf("\n");
652
653 return 1;
654 }
655
656 static int Error;
657 static const char * Fail(const char *msg)
658 {
659 Error++;
660 return msg;
661 }
662
663 static void test_msg(const char *msg, int result)
664 {
665 printf("%s...%s\n", msg, result ? "successful" : Fail("Failed!"));
666 }
667
668 /* Table of IDs for POST translating between NIDs and names */
669
670 typedef struct
671 {
672 int id;
673 const char *name;
674 } POST_ID;
675
676 POST_ID id_list[] = {
677 {NID_sha1, "SHA1"},
678 {NID_sha224, "SHA224"},
679 {NID_sha256, "SHA256"},
680 {NID_sha384, "SHA384"},
681 {NID_sha512, "SHA512"},
682 {NID_hmacWithSHA1, "HMAC-SHA1"},
683 {NID_hmacWithSHA224, "HMAC-SHA224"},
684 {NID_hmacWithSHA256, "HMAC-SHA256"},
685 {NID_hmacWithSHA384, "HMAC-SHA384"},
686 {NID_hmacWithSHA512, "HMAC-SHA512"},
687 {EVP_PKEY_RSA, "RSA"},
688 {EVP_PKEY_DSA, "DSA"},
689 {EVP_PKEY_EC, "ECDSA"},
690 {NID_aes_128_cbc, "AES-128-CBC"},
691 {NID_aes_192_cbc, "AES-192-CBC"},
692 {NID_aes_256_cbc, "AES-256-CBC"},
693 {NID_aes_128_ctr, "AES-128-CTR"},
694 {NID_aes_192_ctr, "AES-192-CTR"},
695 {NID_aes_256_ctr, "AES-256-CTR"},
696 {NID_aes_128_ecb, "AES-128-ECB"},
697 {NID_aes_128_xts, "AES-128-XTS"},
698 {NID_aes_256_xts, "AES-256-XTS"},
699 {NID_des_ede3_cbc, "DES-EDE3-CBC"},
700 {NID_des_ede3_ecb, "DES-EDE3-ECB"},
701 {NID_X9_62_prime256v1, "P-256"},
702 {NID_secp384r1, "P-384"},
703 {NID_secp521r1, "P-521"},
704 {0, NULL}
705 };
706
707 static const char *lookup_id(int id)
708 {
709 POST_ID *n;
710 static char out[40];
711 for (n = id_list; n->name; n++)
712 {
713 if (n->id == id)
714 return n->name;
715 }
716 sprintf(out, "ID=%d", id);
717 return out;
718 }
719
720 static int fail_id = -1;
721 static int fail_sub = -1;
722 static int fail_key = -1;
723
724 static int post_cb(int op, int id, int subid, void *ex)
725 {
726 const char *idstr, *exstr = "";
727 char asctmp[20];
728 int keytype = -1;
729 #ifdef FIPS_POST_TIME
730 static struct timespec start, end, tstart, tend;
731 #endif
732 switch(id)
733 {
734 case FIPS_TEST_INTEGRITY:
735 idstr = "Integrity";
736 break;
737
738 case FIPS_TEST_DIGEST:
739 idstr = "Digest";
740 exstr = lookup_id(subid);
741 break;
742
743 case FIPS_TEST_CIPHER:
744 exstr = lookup_id(subid);
745 idstr = "Cipher";
746 break;
747
748 case FIPS_TEST_SIGNATURE:
749 if (ex)
750 {
751 EVP_PKEY *pkey = ex;
752 keytype = pkey->type;
753 exstr = lookup_id(keytype);
754 }
755 idstr = "Signature";
756 break;
757
758 case FIPS_TEST_HMAC:
759 exstr = lookup_id(subid);
760 idstr = "HMAC";
761 break;
762
763 case FIPS_TEST_CMAC:
764 idstr = "CMAC";
765 exstr = lookup_id(subid);
766 break;
767
768 case FIPS_TEST_GCM:
769 idstr = "GCM";
770 break;
771
772 case FIPS_TEST_XTS:
773 idstr = "XTS";
774 exstr = lookup_id(subid);
775 break;
776
777 case FIPS_TEST_CCM:
778 idstr = "CCM";
779 break;
780
781 case FIPS_TEST_X931:
782 idstr = "X9.31 PRNG";
783 sprintf(asctmp, "keylen=%d", subid);
784 exstr = asctmp;
785 break;
786
787 case FIPS_TEST_DRBG:
788 idstr = "DRBG";
789 if (*(int *)ex & DRBG_FLAG_CTR_USE_DF)
790 {
791 sprintf(asctmp, "%s DF", lookup_id(subid));
792 exstr = asctmp;
793 }
794 else if (subid >> 16)
795 {
796 sprintf(asctmp, "%s %s",
797 lookup_id(subid >> 16),
798 lookup_id(subid & 0xFFFF));
799 exstr = asctmp;
800 }
801 else
802 exstr = lookup_id(subid);
803 break;
804
805 case FIPS_TEST_PAIRWISE:
806 if (ex)
807 {
808 EVP_PKEY *pkey = ex;
809 keytype = pkey->type;
810 exstr = lookup_id(keytype);
811 }
812 idstr = "Pairwise Consistency";
813 break;
814
815 case FIPS_TEST_CONTINUOUS:
816 idstr = "Continuous PRNG";
817 break;
818
819 default:
820 idstr = "Unknown";
821 break;
822
823 }
824
825 switch(op)
826 {
827 case FIPS_POST_BEGIN:
828 #ifdef FIPS_POST_TIME
829 clock_getres(CLOCK_REALTIME, &tstart);
830 printf("\tTimer resolution %ld s, %ld ns\n",
831 (long)tstart.tv_sec, (long)tstart.tv_nsec);
832 clock_gettime(CLOCK_REALTIME, &tstart);
833 #endif
834 printf("\tPOST started\n");
835 break;
836
837 case FIPS_POST_END:
838 printf("\tPOST %s\n", id ? "Success" : "Failed");
839 #ifdef FIPS_POST_TIME
840 clock_gettime(CLOCK_REALTIME, &tend);
841 printf("\t\tTook %f seconds\n",
842 (double)((tend.tv_sec+tend.tv_nsec*1e-9)
843 - (tstart.tv_sec+tstart.tv_nsec*1e-9)));
844 #endif
845 break;
846
847 case FIPS_POST_STARTED:
848 printf("\t\t%s %s test started\n", idstr, exstr);
849 #ifdef FIPS_POST_TIME
850 clock_gettime(CLOCK_REALTIME, &start);
851 #endif
852 break;
853
854 case FIPS_POST_SUCCESS:
855 printf("\t\t%s %s test OK\n", idstr, exstr);
856 #ifdef FIPS_POST_TIME
857 clock_gettime(CLOCK_REALTIME, &end);
858 printf("\t\t\tTook %f seconds\n",
859 (double)((end.tv_sec+end.tv_nsec*1e-9)
860 - (start.tv_sec+start.tv_nsec*1e-9)));
861 #endif
862 break;
863
864 case FIPS_POST_FAIL:
865 printf("\t\t%s %s test FAILED!!\n", idstr, exstr);
866 break;
867
868 case FIPS_POST_CORRUPT:
869 if (fail_id == id
870 && (fail_key == -1 || fail_key == keytype)
871 && (fail_sub == -1 || fail_sub == subid))
872 {
873 printf("\t\t%s %s test failure induced\n", idstr, exstr);
874 return 0;
875 }
876 break;
877
878 }
879 return 1;
880 }
881
882 int main(int argc,char **argv)
883 {
884 int bad_rsa = 0, bad_dsa = 0;
885 int do_rng_stick = 0;
886 int do_drbg_stick = 0;
887 int no_exit = 0;
888
889
890 FIPS_post_set_callback(post_cb);
891
892 printf("\tFIPS-mode test application\n");
893
894 printf("\t%s\n\n", FIPS_module_version_text());
895
896 if (argv[1]) {
897 /* Corrupted KAT tests */
898 if (!strcmp(argv[1], "integrity")) {
899 fail_id = FIPS_TEST_INTEGRITY;
900 } else if (!strcmp(argv[1], "aes")) {
901 fail_id = FIPS_TEST_CIPHER;
902 fail_sub = NID_aes_128_ecb;
903 } else if (!strcmp(argv[1], "aes-ccm")) {
904 fail_id = FIPS_TEST_CCM;
905 } else if (!strcmp(argv[1], "aes-gcm")) {
906 fail_id = FIPS_TEST_GCM;
907 } else if (!strcmp(argv[1], "aes-xts")) {
908 fail_id = FIPS_TEST_XTS;
909 } else if (!strcmp(argv[1], "des")) {
910 fail_id = FIPS_TEST_CIPHER;
911 fail_sub = NID_des_ede3_ecb;
912 } else if (!strcmp(argv[1], "dsa")) {
913 fail_id = FIPS_TEST_SIGNATURE;
914 fail_key = EVP_PKEY_DSA;
915 } else if (!strcmp(argv[1], "ecdsa")) {
916 fail_id = FIPS_TEST_SIGNATURE;
917 fail_key = EVP_PKEY_EC;
918 } else if (!strcmp(argv[1], "rsa")) {
919 fail_id = FIPS_TEST_SIGNATURE;
920 fail_key = EVP_PKEY_RSA;
921 } else if (!strcmp(argv[1], "rsakey")) {
922 printf("RSA key generation and signature validation with corrupted key...\n");
923 bad_rsa = 1;
924 no_exit = 1;
925 } else if (!strcmp(argv[1], "rsakeygen")) {
926 fail_id = FIPS_TEST_PAIRWISE;
927 fail_key = EVP_PKEY_RSA;
928 no_exit = 1;
929 } else if (!strcmp(argv[1], "dsakey")) {
930 printf("DSA key generation and signature validation with corrupted key...\n");
931 bad_dsa = 1;
932 no_exit = 1;
933 } else if (!strcmp(argv[1], "dsakeygen")) {
934 fail_id = FIPS_TEST_PAIRWISE;
935 fail_key = EVP_PKEY_DSA;
936 no_exit = 1;
937 } else if (!strcmp(argv[1], "sha1")) {
938 fail_id = FIPS_TEST_DIGEST;
939 } else if (!strcmp(argv[1], "hmac")) {
940 fail_id = FIPS_TEST_HMAC;
941 } else if (!strcmp(argv[1], "cmac")) {
942 fail_id = FIPS_TEST_CMAC;
943 } else if (!strcmp(argv[1], "drbg")) {
944 fail_id = FIPS_TEST_DRBG;
945 } else if (!strcmp(argv[1], "rng")) {
946 fail_id = FIPS_TEST_X931;
947 } else if (!strcmp(argv[1], "post")) {
948 fail_id = -1;
949 } else if (!strcmp(argv[1], "rngstick")) {
950 do_rng_stick = 1;
951 no_exit = 1;
952 printf("RNG test with stuck continuous test...\n");
953 } else if (!strcmp(argv[1], "drbgentstick")) {
954 do_entropy_stick();
955 } else if (!strcmp(argv[1], "drbgstick")) {
956 do_drbg_stick = 1;
957 no_exit = 1;
958 printf("DRBG test with stuck continuous test...\n");
959 } else {
960 printf("Bad argument \"%s\"\n", argv[1]);
961 exit(1);
962 }
963 if (!no_exit) {
964 fips_algtest_init_nofips();
965 if (!FIPS_module_mode_set(1)) {
966 printf("Power-up self test failed\n");
967 exit(1);
968 }
969 printf("Power-up self test successful\n");
970 exit(0);
971 }
972 }
973
974 fips_algtest_init_nofips();
975
976 /* Non-Approved cryptographic operation
977 */
978 printf("1. Non-Approved cryptographic operation test...\n");
979 test_msg("\ta. Included algorithm (D-H)...", dh_test());
980
981 /* Power-up self test
982 */
983 ERR_clear_error();
984 test_msg("2. Automatic power-up self test", FIPS_module_mode_set(1));
985 if (!FIPS_module_mode())
986 exit(1);
987 if (do_drbg_stick)
988 FIPS_drbg_stick();
989 if (do_rng_stick)
990 FIPS_x931_stick();
991
992 /* AES encryption/decryption
993 */
994 test_msg("3a. AES encryption/decryption", FIPS_aes_test());
995 /* AES GCM encryption/decryption
996 */
997 test_msg("3b. AES-GCM encryption/decryption", FIPS_aes_gcm_test());
998
999 /* RSA key generation and encryption/decryption
1000 */
1001 test_msg("4. RSA key generation and encryption/decryption",
1002 FIPS_rsa_test(bad_rsa));
1003
1004 /* DES-CBC encryption/decryption
1005 */
1006 test_msg("5. DES-ECB encryption/decryption", FIPS_des3_test());
1007
1008 /* DSA key generation and signature validation
1009 */
1010 test_msg("6. DSA key generation and signature validation",
1011 FIPS_dsa_test(bad_dsa));
1012
1013 /* SHA-1 hash
1014 */
1015 test_msg("7a. SHA-1 hash", FIPS_sha1_test());
1016
1017 /* SHA-256 hash
1018 */
1019 test_msg("7b. SHA-256 hash", FIPS_sha256_test());
1020
1021 /* SHA-512 hash
1022 */
1023 test_msg("7c. SHA-512 hash", FIPS_sha512_test());
1024
1025 /* HMAC-SHA-1 hash
1026 */
1027 test_msg("7d. HMAC-SHA-1 hash", FIPS_hmac_sha1_test());
1028
1029 /* HMAC-SHA-224 hash
1030 */
1031 test_msg("7e. HMAC-SHA-224 hash", FIPS_hmac_sha224_test());
1032
1033 /* HMAC-SHA-256 hash
1034 */
1035 test_msg("7f. HMAC-SHA-256 hash", FIPS_hmac_sha256_test());
1036
1037 /* HMAC-SHA-384 hash
1038 */
1039 test_msg("7g. HMAC-SHA-384 hash", FIPS_hmac_sha384_test());
1040
1041 /* HMAC-SHA-512 hash
1042 */
1043 test_msg("7h. HMAC-SHA-512 hash", FIPS_hmac_sha512_test());
1044
1045 /* CMAC-AES-128 hash
1046 */
1047 test_msg("8a. CMAC-AES-128 hash", FIPS_cmac_aes128_test());
1048
1049 /* CMAC-AES-192 hash
1050 */
1051 test_msg("8b. CMAC-AES-192 hash", FIPS_cmac_aes192_test());
1052
1053 /* CMAC-AES-256 hash
1054 */
1055 test_msg("8c. CMAC-AES-256 hash", FIPS_cmac_aes256_test());
1056
1057 # if 0 /* Not a FIPS algorithm */
1058 /* CMAC-TDEA-2 hash
1059 */
1060 test_msg("8d. CMAC-TDEA-2 hash", FIPS_cmac_tdea2_test());
1061 #endif
1062
1063 /* CMAC-TDEA-3 hash
1064 */
1065 test_msg("8e. CMAC-TDEA-3 hash", FIPS_cmac_tdea3_test());
1066
1067 /* Non-Approved cryptographic operation
1068 */
1069 printf("9. Non-Approved cryptographic operation test...\n");
1070 printf("\ta. Included algorithm (D-H)...%s\n",
1071 dh_test() ? "successful as expected"
1072 : Fail("failed INCORRECTLY!") );
1073
1074 /* Zeroization
1075 */
1076 printf("10. Zero-ization...\n\t%s\n",
1077 Zeroize() ? "successful as expected"
1078 : Fail("failed INCORRECTLY!") );
1079
1080 printf("\nAll tests completed with %d errors\n", Error);
1081 return Error ? 1 : 0;
1082 }
1083
1084 #endif
A mirror of the official openssl repository