X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=fips%2Ffips_test_suite.c;h=fac20d4ba11d04416bef305b4ee427f6430468c0;hp=6da26632e0a346ed73a398fbd2c4432e258c95e7;hb=75707a324f67bcaa9ea3b6a6bb167161db778ee3;hpb=fbbabb646c707b7c18a67a2724efe1a12bae15a7 diff --git a/fips/fips_test_suite.c b/fips/fips_test_suite.c index 6da26632e0..fac20d4ba1 100644 --- a/fips/fips_test_suite.c +++ b/fips/fips_test_suite.c @@ -21,6 +21,7 @@ #include #include #include +#include #include #include @@ -394,6 +395,209 @@ static int FIPS_hmac_sha512_test() return 1; } +/* CMAC-AES128: generate hash of known digest value and compare to known + precomputed correct hash +*/ +static int FIPS_cmac_aes128_test() + { + unsigned char key[16] = { 0x2b,0x7e,0x15,0x16, 0x28,0xae,0xd2,0xa6, + 0xab,0xf7,0x15,0x88, 0x09,0xcf,0x4f,0x3c, }; + unsigned char data[] = "Sample text"; + unsigned char kaval[EVP_MAX_MD_SIZE] = + { 0x16,0x83,0xfe,0xac, 0x52,0x9b,0xae,0x23, + 0xd7,0xd5,0x66,0xf5, 0xd2,0x8d,0xbd,0x2a, }; + + unsigned char *out = NULL; + size_t outlen; + CMAC_CTX *ctx = CMAC_CTX_new(); + int r = 0; + + ERR_clear_error(); + + if (!ctx) + goto end; + if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_128_cbc(),NULL)) + goto end; + if (!CMAC_Update(ctx,data,sizeof(data)-1)) + goto end; + /* This should return 1. If not, there's a programming error... */ + if (!CMAC_Final(ctx, out, &outlen)) + goto end; + out = OPENSSL_malloc(outlen); + if (!CMAC_Final(ctx, out, &outlen)) + goto end; +#if 0 + { + char *hexout = OPENSSL_malloc(outlen * 2 + 1); + bin2hex(out, outlen, hexout); + printf("CMAC-AES128: res = %s\n", hexout); + OPENSSL_free(hexout); + } + r = 1; +#else + if (!memcmp(out,kaval,outlen)) + r = 1; +#endif + end: + CMAC_CTX_free(ctx); + if (out) + OPENSSL_free(out); + return r; + } + +/* CMAC-AES192: generate hash of known digest value and compare to known + precomputed correct hash +*/ +static int FIPS_cmac_aes192_test() + { + unsigned char key[] = { 0x8e,0x73,0xb0,0xf7, 0xda,0x0e,0x64,0x52, + 0xc8,0x10,0xf3,0x2b, 0x80,0x90,0x79,0xe5, + 0x62,0xf8,0xea,0xd2, 0x52,0x2c,0x6b,0x7b, }; + unsigned char data[] = "Sample text"; + unsigned char kaval[] = + { 0xd6,0x99,0x19,0x25, 0xe5,0x1d,0x95,0x48, + 0xb1,0x4a,0x0b,0xf2, 0xc6,0x3c,0x47,0x1f, }; + + unsigned char *out = NULL; + size_t outlen; + CMAC_CTX *ctx = CMAC_CTX_new(); + int r = 0; + + ERR_clear_error(); + + if (!ctx) + goto end; + if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_192_cbc(),NULL)) + goto end; + if (!CMAC_Update(ctx,data,sizeof(data)-1)) + goto end; + /* This should return 1. If not, there's a programming error... */ + if (!CMAC_Final(ctx, out, &outlen)) + goto end; + out = OPENSSL_malloc(outlen); + if (!CMAC_Final(ctx, out, &outlen)) + goto end; +#if 0 + { + char *hexout = OPENSSL_malloc(outlen * 2 + 1); + bin2hex(out, outlen, hexout); + printf("CMAC-AES192: res = %s\n", hexout); + OPENSSL_free(hexout); + } + r = 1; +#else + if (!memcmp(out,kaval,outlen)) + r = 1; +#endif + end: + CMAC_CTX_free(ctx); + if (out) + OPENSSL_free(out); + return r; + } + +/* CMAC-AES256: generate hash of known digest value and compare to known + precomputed correct hash +*/ +static int FIPS_cmac_aes256_test() + { + unsigned char key[] = { 0x60,0x3d,0xeb,0x10, 0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0, 0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07, 0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3, 0x09,0x14,0xdf,0xf4, }; + unsigned char data[] = "Sample text"; + unsigned char kaval[] = + { 0xec,0xc2,0xcf,0x63, 0xc7,0xce,0xfc,0xa4, + 0xb0,0x86,0x37,0x5f, 0x15,0x60,0xba,0x1f, }; + + unsigned char *out = NULL; + size_t outlen; + CMAC_CTX *ctx = CMAC_CTX_new(); + int r = 0; + + ERR_clear_error(); + + if (!ctx) + goto end; + if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_256_cbc(),NULL)) + goto end; + if (!CMAC_Update(ctx,data,sizeof(data)-1)) + goto end; + /* This should return 1. If not, there's a programming error... */ + if (!CMAC_Final(ctx, out, &outlen)) + goto end; + out = OPENSSL_malloc(outlen); + if (!CMAC_Final(ctx, out, &outlen)) + goto end; +#if 0 + { + char *hexout = OPENSSL_malloc(outlen * 2 + 1); + bin2hex(out, outlen, hexout); + printf("CMAC-AES256: res = %s\n", hexout); + OPENSSL_free(hexout); + } + r = 1; +#else + if (!memcmp(out,kaval,outlen)) + r = 1; +#endif + end: + CMAC_CTX_free(ctx); + if (out) + OPENSSL_free(out); + return r; + } + +/* CMAC-TDEA3: generate hash of known digest value and compare to known + precomputed correct hash +*/ +static int FIPS_cmac_tdea3_test() + { + unsigned char key[] = { 0x8a,0xa8,0x3b,0xf8, 0xcb,0xda,0x10,0x62, + 0x0b,0xc1,0xbf,0x19, 0xfb,0xb6,0xcd,0x58, + 0xbc,0x31,0x3d,0x4a, 0x37,0x1c,0xa8,0xb5, }; + unsigned char data[] = "Sample text"; + unsigned char kaval[EVP_MAX_MD_SIZE] = + { 0xb4,0x06,0x4e,0xbf, 0x59,0x89,0xba,0x68, }; + + unsigned char *out = NULL; + size_t outlen; + CMAC_CTX *ctx = CMAC_CTX_new(); + int r = 0; + + ERR_clear_error(); + + if (!ctx) + goto end; + if (!CMAC_Init(ctx,key,sizeof(key),EVP_des_ede3_cbc(),NULL)) + goto end; + if (!CMAC_Update(ctx,data,sizeof(data)-1)) + goto end; + /* This should return 1. If not, there's a programming error... */ + if (!CMAC_Final(ctx, out, &outlen)) + goto end; + out = OPENSSL_malloc(outlen); + if (!CMAC_Final(ctx, out, &outlen)) + goto end; +#if 0 + { + char *hexout = OPENSSL_malloc(outlen * 2 + 1); + bin2hex(out, outlen, hexout); + printf("CMAC-TDEA3: res = %s\n", hexout); + OPENSSL_free(hexout); + } + r = 1; +#else + if (!memcmp(out,kaval,outlen)) + r = 1; +#endif + end: + CMAC_CTX_free(ctx); + if (out) + OPENSSL_free(out); + return r; + } + /* DH: generate shared parameters */ @@ -461,68 +665,243 @@ static void test_msg(const char *msg, int result) printf("%s...%s\n", msg, result ? "successful" : Fail("Failed!")); } +/* Table of IDs for POST translating between NIDs and names */ + +typedef struct + { + int id; + const char *name; + } POST_ID; + +POST_ID id_list[] = { + {NID_sha1, "SHA1"}, + {NID_sha224, "SHA224"}, + {NID_sha256, "SHA256"}, + {NID_sha384, "SHA384"}, + {NID_sha512, "SHA512"}, + {EVP_PKEY_RSA, "RSA"}, + {EVP_PKEY_DSA, "DSA"}, + {EVP_PKEY_EC, "ECDSA"}, + {NID_aes_128_cbc, "AES-128-CBC"}, + {NID_aes_192_cbc, "AES-192-CBC"}, + {NID_aes_256_cbc, "AES-256-CBC"}, + {NID_aes_128_ecb, "AES-128-ECB"}, + {NID_aes_128_xts, "AES-128-XTS"}, + {NID_aes_256_xts, "AES-256-XTS"}, + {NID_des_ede3_cbc, "DES-EDE3-CBC"}, + {NID_des_ede3_ecb, "DES-EDE3-ECB"}, + {0, NULL} +}; + +static const char *lookup_id(int id) + { + POST_ID *n; + static char out[40]; + for (n = id_list; n->name; n++) + { + if (n->id == id) + return n->name; + } + sprintf(out, "ID=%d", id); + return out; + } + +static int fail_id = -1; +static int fail_sub = -1; +static int fail_key = -1; + +static int post_cb(int op, int id, int subid, void *ex) + { + const char *idstr, *exstr = ""; + char asctmp[20]; + int keytype = -1; + switch(id) + { + case FIPS_TEST_INTEGRITY: + idstr = "Integrity"; + break; + + case FIPS_TEST_DIGEST: + idstr = "Digest"; + exstr = lookup_id(subid); + break; + + case FIPS_TEST_CIPHER: + exstr = lookup_id(subid); + idstr = "Cipher"; + break; + + case FIPS_TEST_SIGNATURE: + if (ex) + { + EVP_PKEY *pkey = ex; + keytype = pkey->type; + exstr = lookup_id(keytype); + } + idstr = "Signature"; + break; + + case FIPS_TEST_HMAC: + exstr = lookup_id(subid); + idstr = "HMAC"; + break; + + case FIPS_TEST_CMAC: + idstr = "CMAC"; + exstr = lookup_id(subid); + break; + + case FIPS_TEST_GCM: + idstr = "GCM"; + break; + + case FIPS_TEST_XTS: + idstr = "XTS"; + exstr = lookup_id(subid); + break; + + case FIPS_TEST_CCM: + idstr = "CCM"; + break; + + case FIPS_TEST_X931: + idstr = "X9.31 PRNG"; + sprintf(asctmp, "keylen=%d", subid); + exstr = asctmp; + break; + + case FIPS_TEST_DRBG: + idstr = "DRBG"; + break; + + case FIPS_TEST_PAIRWISE: + if (ex) + { + EVP_PKEY *pkey = ex; + keytype = pkey->type; + exstr = lookup_id(keytype); + } + idstr = "Pairwise Consistency"; + break; + + case FIPS_TEST_CONTINUOUS: + idstr = "Continuous PRNG"; + break; + + default: + idstr = "Unknown"; + break; + + } + + switch(op) + { + case FIPS_POST_BEGIN: + printf("\tPOST started\n"); + break; + + case FIPS_POST_END: + printf("\tPOST %s\n", id ? "Success" : "Failed"); + break; + + case FIPS_POST_STARTED: + printf("\t\t%s %s test started\n", idstr, exstr); + break; + + case FIPS_POST_SUCCESS: + printf("\t\t%s %s test OK\n", idstr, exstr); + break; + + case FIPS_POST_FAIL: + printf("\t\t%s %s test FAILED!!\n", idstr, exstr); + break; + + case FIPS_POST_CORRUPT: + if (fail_id == id + && (fail_key == -1 || fail_key == keytype) + && (fail_sub == -1 || fail_sub == subid)) + { + printf("\t\t%s %s test failure induced\n", idstr, exstr); + return 0; + } + break; + + } + return 1; + } + int main(int argc,char **argv) { - - int do_corrupt_rsa_keygen = 0, do_corrupt_dsa_keygen = 0; int bad_rsa = 0, bad_dsa = 0; int do_rng_stick = 0; + int do_drbg_stick = 0; int no_exit = 0; - fips_set_error_print(); + fips_algtest_init_nofips(); - printf("\tFIPS-mode test application\n\n"); + FIPS_post_set_callback(post_cb); - /* Load entropy from external file, if any */ - RAND_load_file(".rnd", 1024); + printf("\tFIPS-mode test application\n\n"); if (argv[1]) { /* Corrupted KAT tests */ - if (!strcmp(argv[1], "aes")) { - FIPS_corrupt_aes(); - printf("AES encryption/decryption with corrupted KAT...\n"); + if (!strcmp(argv[1], "integrity")) { + fail_id = FIPS_TEST_INTEGRITY; + } else if (!strcmp(argv[1], "aes")) { + fail_id = FIPS_TEST_CIPHER; + fail_sub = NID_aes_128_ecb; } else if (!strcmp(argv[1], "aes-gcm")) { - FIPS_corrupt_aes_gcm(); - printf("AES-GCM encryption/decryption with corrupted KAT...\n"); + fail_id = FIPS_TEST_GCM; + } else if (!strcmp(argv[1], "aes-xts")) { + fail_id = FIPS_TEST_XTS; } else if (!strcmp(argv[1], "des")) { - FIPS_corrupt_des(); - printf("DES3-ECB encryption/decryption with corrupted KAT...\n"); + fail_id = FIPS_TEST_CIPHER; + fail_sub = NID_des_ede3_ecb; } else if (!strcmp(argv[1], "dsa")) { - FIPS_corrupt_dsa(); - printf("DSA key generation and signature validation with corrupted KAT...\n"); + fail_id = FIPS_TEST_SIGNATURE; + fail_key = EVP_PKEY_DSA; } else if (!strcmp(argv[1], "ecdsa")) { - FIPS_corrupt_ecdsa(); - printf("ECDSA key generation and signature validation with corrupted KAT...\n"); + fail_id = FIPS_TEST_SIGNATURE; + fail_key = EVP_PKEY_EC; } else if (!strcmp(argv[1], "rsa")) { - FIPS_corrupt_rsa(); - printf("RSA key generation and signature validation with corrupted KAT...\n"); + fail_id = FIPS_TEST_SIGNATURE; + fail_key = EVP_PKEY_RSA; } else if (!strcmp(argv[1], "rsakey")) { printf("RSA key generation and signature validation with corrupted key...\n"); bad_rsa = 1; no_exit = 1; } else if (!strcmp(argv[1], "rsakeygen")) { - do_corrupt_rsa_keygen = 1; + fail_id = FIPS_TEST_PAIRWISE; + fail_key = EVP_PKEY_RSA; no_exit = 1; - printf("RSA key generation and signature validation with corrupted keygen...\n"); } else if (!strcmp(argv[1], "dsakey")) { printf("DSA key generation and signature validation with corrupted key...\n"); bad_dsa = 1; no_exit = 1; } else if (!strcmp(argv[1], "dsakeygen")) { - do_corrupt_dsa_keygen = 1; + fail_id = FIPS_TEST_PAIRWISE; + fail_key = EVP_PKEY_DSA; no_exit = 1; - printf("DSA key generation and signature validation with corrupted keygen...\n"); } else if (!strcmp(argv[1], "sha1")) { - FIPS_corrupt_sha1(); - printf("SHA-1 hash with corrupted KAT...\n"); + fail_id = FIPS_TEST_DIGEST; + } else if (!strcmp(argv[1], "hmac")) { + fail_id = FIPS_TEST_HMAC; + } else if (!strcmp(argv[1], "cmac")) { + fail_id = FIPS_TEST_CMAC; } else if (!strcmp(argv[1], "drbg")) { FIPS_corrupt_drbg(); } else if (!strcmp(argv[1], "rng")) { - FIPS_corrupt_rng(); + fail_id = FIPS_TEST_X931; + } else if (!strcmp(argv[1], "post")) { + fail_id = -1; } else if (!strcmp(argv[1], "rngstick")) { do_rng_stick = 1; no_exit = 1; printf("RNG test with stuck continuous test...\n"); + } else if (!strcmp(argv[1], "drbgstick")) { + do_drbg_stick = 1; + no_exit = 1; + printf("DRBG test with stuck continuous test...\n"); } else { printf("Bad argument \"%s\"\n", argv[1]); exit(1); @@ -548,12 +927,10 @@ int main(int argc,char **argv) test_msg("2. Automatic power-up self test", FIPS_mode_set(1)); if (!FIPS_mode()) exit(1); - if (do_corrupt_dsa_keygen) - FIPS_corrupt_dsa_keygen(); - if (do_corrupt_rsa_keygen) - FIPS_corrupt_rsa_keygen(); + if (do_drbg_stick) + FIPS_drbg_stick(); if (do_rng_stick) - FIPS_rng_stick(); + FIPS_x931_stick(); /* AES encryption/decryption */ @@ -608,16 +985,38 @@ int main(int argc,char **argv) */ test_msg("7h. HMAC-SHA-512 hash", FIPS_hmac_sha512_test()); + /* CMAC-AES-128 hash + */ + test_msg("8a. CMAC-AES-128 hash", FIPS_cmac_aes128_test()); + + /* CMAC-AES-192 hash + */ + test_msg("8b. CMAC-AES-192 hash", FIPS_cmac_aes192_test()); + + /* CMAC-AES-256 hash + */ + test_msg("8c. CMAC-AES-256 hash", FIPS_cmac_aes256_test()); + +# if 0 /* Not a FIPS algorithm */ + /* CMAC-TDEA-2 hash + */ + test_msg("8d. CMAC-TDEA-2 hash", FIPS_cmac_tdea2_test()); +#endif + + /* CMAC-TDEA-3 hash + */ + test_msg("8e. CMAC-TDEA-3 hash", FIPS_cmac_tdea3_test()); + /* Non-Approved cryptographic operation */ - printf("8. Non-Approved cryptographic operation test...\n"); + printf("9. Non-Approved cryptographic operation test...\n"); printf("\ta. Included algorithm (D-H)...%s\n", dh_test() ? "successful as expected" : Fail("failed INCORRECTLY!") ); /* Zeroization */ - printf("9. Zero-ization...\n\t%s\n", + printf("10. Zero-ization...\n\t%s\n", Zeroize() ? "successful as expected" : Fail("failed INCORRECTLY!") );