1 /* ====================================================================
2 * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
5 * This command is intended as a test driver for the FIPS-140 testing
6 * lab performing FIPS-140 validation. It demonstrates the use of the
7 * OpenSSL library ito perform a variety of common cryptographic
8 * functions. A power-up self test is demonstrated by deliberately
9 * pointing to an invalid executable hash
11 * Contributed by Steve Marquess.
15 #define OPENSSL_FIPSAPI
22 #include <openssl/evp.h>
23 #include <openssl/hmac.h>
24 #include <openssl/cmac.h>
25 #include <openssl/sha.h>
26 #include <openssl/err.h>
28 #include <openssl/bn.h>
29 #include <openssl/rand.h>
32 int main(int argc, char *argv[])
34 printf("No FIPS support\n");
39 #define ERR_clear_error() while(0)
41 #include <openssl/rsa.h>
42 #include <openssl/dsa.h>
43 #include <openssl/dh.h>
45 #include <openssl/fips.h>
46 #include <openssl/fips_rand.h>
49 /* AES: encrypt and decrypt known plaintext, verify result matches original plaintext
51 static int FIPS_aes_test(void)
54 unsigned char pltmp[16];
55 unsigned char citmp[16];
56 unsigned char key[16] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
57 unsigned char plaintext[16] = "etaonrishdlcu";
59 FIPS_cipher_ctx_init(&ctx);
60 if (FIPS_cipherinit(&ctx, EVP_aes_128_ecb(), key, NULL, 1) <= 0)
62 FIPS_cipher(&ctx, citmp, plaintext, 16);
63 if (FIPS_cipherinit(&ctx, EVP_aes_128_ecb(), key, NULL, 0) <= 0)
65 FIPS_cipher(&ctx, pltmp, citmp, 16);
66 if (memcmp(pltmp, plaintext, 16))
70 FIPS_cipher_ctx_cleanup(&ctx);
74 static int FIPS_aes_gcm_test(void)
77 unsigned char pltmp[16];
78 unsigned char citmp[16];
79 unsigned char tagtmp[16];
80 unsigned char key[16] = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
81 unsigned char iv[16] = {21,22,23,24,25,26,27,28,29,30,31,32};
82 unsigned char aad[] = "Some text AAD";
83 unsigned char plaintext[16] = "etaonrishdlcu";
85 FIPS_cipher_ctx_init(&ctx);
86 if (FIPS_cipherinit(&ctx, EVP_aes_128_gcm(), key, iv, 1) <= 0)
88 FIPS_cipher(&ctx, NULL, aad, sizeof(aad));
89 FIPS_cipher(&ctx, citmp, plaintext, 16);
90 FIPS_cipher(&ctx, NULL, NULL, 0);
91 if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, 16, tagtmp))
94 if (FIPS_cipherinit(&ctx, EVP_aes_128_gcm(), key, iv, 0) <= 0)
96 if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tagtmp))
99 FIPS_cipher(&ctx, NULL, aad, sizeof(aad));
101 FIPS_cipher(&ctx, pltmp, citmp, 16);
103 if (FIPS_cipher(&ctx, NULL, NULL, 0) < 0)
106 if (memcmp(pltmp, plaintext, 16))
111 FIPS_cipher_ctx_cleanup(&ctx);
115 static int FIPS_des3_test(void)
118 unsigned char pltmp[8];
119 unsigned char citmp[8];
120 unsigned char key[] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,
122 unsigned char plaintext[] = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' };
124 FIPS_cipher_ctx_init(&ctx);
125 if (FIPS_cipherinit(&ctx, EVP_des_ede3_ecb(), key, NULL, 1) <= 0)
127 FIPS_cipher(&ctx, citmp, plaintext, 8);
128 if (FIPS_cipherinit(&ctx, EVP_des_ede3_ecb(), key, NULL, 0) <= 0)
130 FIPS_cipher(&ctx, pltmp, citmp, 8);
131 if (memcmp(pltmp, plaintext, 8))
135 FIPS_cipher_ctx_cleanup(&ctx);
140 * DSA: generate keys and sign, verify input plaintext.
142 static int FIPS_dsa_test(int bad)
145 unsigned char dgst[] = "etaonrishdlc";
151 FIPS_md_ctx_init(&mctx);
152 dsa = FIPS_dsa_new();
155 if (!DSA_generate_parameters_ex(dsa, 1024,NULL,0,NULL,NULL,NULL))
157 if (!DSA_generate_key(dsa))
160 BN_add_word(dsa->pub_key, 1);
162 if (!FIPS_digestinit(&mctx, EVP_sha256()))
164 if (!FIPS_digestupdate(&mctx, dgst, sizeof(dgst) - 1))
166 sig = FIPS_dsa_sign_ctx(dsa, &mctx);
170 if (!FIPS_digestinit(&mctx, EVP_sha256()))
172 if (!FIPS_digestupdate(&mctx, dgst, sizeof(dgst) - 1))
174 r = FIPS_dsa_verify_ctx(dsa, &mctx, sig);
177 FIPS_dsa_sig_free(sig);
178 FIPS_md_ctx_cleanup(&mctx);
187 * RSA: generate keys and sign, verify input plaintext.
189 static int FIPS_rsa_test(int bad)
192 unsigned char input_ptext[] = "etaonrishdlc";
193 unsigned char buf[256];
200 FIPS_md_ctx_init(&mctx);
201 key = FIPS_rsa_new();
205 BN_set_word(bn, 65537);
206 if (!RSA_generate_key_ex(key, 2048,bn,NULL))
210 BN_add_word(key->n, 1);
212 if (!FIPS_digestinit(&mctx, EVP_sha256()))
214 if (!FIPS_digestupdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
216 if (!FIPS_rsa_sign_ctx(key, &mctx, RSA_PKCS1_PADDING, 0, NULL, buf, &slen))
219 if (!FIPS_digestinit(&mctx, EVP_sha256()))
221 if (!FIPS_digestupdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
223 r = FIPS_rsa_verify_ctx(key, &mctx, RSA_PKCS1_PADDING, 0, NULL, buf, slen);
225 FIPS_md_ctx_cleanup(&mctx);
233 /* SHA1: generate hash of known digest value and compare to known
234 precomputed correct hash
236 static int FIPS_sha1_test()
238 unsigned char digest[SHA_DIGEST_LENGTH] =
239 { 0x11, 0xf1, 0x9a, 0x3a, 0xec, 0x1a, 0x1e, 0x8e, 0x65, 0xd4, 0x9a, 0x38, 0x0c, 0x8b, 0x1e, 0x2c, 0xe8, 0xb3, 0xc5, 0x18 };
240 unsigned char str[] = "etaonrishd";
242 unsigned char md[SHA_DIGEST_LENGTH];
245 if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha1())) return 0;
246 if (memcmp(md,digest,sizeof(md)))
251 /* SHA256: generate hash of known digest value and compare to known
252 precomputed correct hash
254 static int FIPS_sha256_test()
256 unsigned char digest[SHA256_DIGEST_LENGTH] =
257 {0xf5, 0x53, 0xcd, 0xb8, 0xcf, 0x1, 0xee, 0x17, 0x9b, 0x93, 0xc9, 0x68, 0xc0, 0xea, 0x40, 0x91,
258 0x6, 0xec, 0x8e, 0x11, 0x96, 0xc8, 0x5d, 0x1c, 0xaf, 0x64, 0x22, 0xe6, 0x50, 0x4f, 0x47, 0x57};
259 unsigned char str[] = "etaonrishd";
261 unsigned char md[SHA256_DIGEST_LENGTH];
264 if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha256())) return 0;
265 if (memcmp(md,digest,sizeof(md)))
270 /* SHA512: generate hash of known digest value and compare to known
271 precomputed correct hash
273 static int FIPS_sha512_test()
275 unsigned char digest[SHA512_DIGEST_LENGTH] =
276 {0x99, 0xc9, 0xe9, 0x5b, 0x88, 0xd4, 0x78, 0x88, 0xdf, 0x88, 0x5f, 0x94, 0x71, 0x64, 0x28, 0xca,
277 0x16, 0x1f, 0x3d, 0xf4, 0x1f, 0xf3, 0x0f, 0xc5, 0x03, 0x99, 0xb2, 0xd0, 0xe7, 0x0b, 0x94, 0x4a,
278 0x45, 0xd2, 0x6c, 0x4f, 0x20, 0x06, 0xef, 0x71, 0xa9, 0x25, 0x7f, 0x24, 0xb1, 0xd9, 0x40, 0x22,
279 0x49, 0x54, 0x10, 0xc2, 0x22, 0x9d, 0x27, 0xfe, 0xbd, 0xd6, 0xd6, 0xeb, 0x2d, 0x42, 0x1d, 0xa3};
280 unsigned char str[] = "etaonrishd";
282 unsigned char md[SHA512_DIGEST_LENGTH];
285 if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha512())) return 0;
286 if (memcmp(md,digest,sizeof(md)))
291 /* HMAC-SHA1: generate hash of known digest value and compare to known
292 precomputed correct hash
294 static int FIPS_hmac_sha1_test()
296 unsigned char key[] = "etaonrishd";
297 unsigned char iv[] = "Sample text";
298 unsigned char kaval[EVP_MAX_MD_SIZE] =
299 {0x73, 0xf7, 0xa0, 0x48, 0xf8, 0x94, 0xed, 0xdd, 0x0a, 0xea, 0xea, 0x56, 0x1b, 0x61, 0x2e, 0x70,
300 0xb2, 0xfb, 0xec, 0xc6};
302 unsigned char out[EVP_MAX_MD_SIZE];
306 if (!HMAC(EVP_sha1(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
307 if (memcmp(out,kaval,outlen))
312 /* HMAC-SHA224: generate hash of known digest value and compare to known
313 precomputed correct hash
315 static int FIPS_hmac_sha224_test()
317 unsigned char key[] = "etaonrishd";
318 unsigned char iv[] = "Sample text";
319 unsigned char kaval[EVP_MAX_MD_SIZE] =
320 {0x75, 0x58, 0xd5, 0xbd, 0x55, 0x6d, 0x87, 0x0f, 0x75, 0xff, 0xbe, 0x1c, 0xb2, 0xf0, 0x20, 0x35,
321 0xe5, 0x62, 0x49, 0xb6, 0x94, 0xb9, 0xfc, 0x65, 0x34, 0x33, 0x3a, 0x19};
323 unsigned char out[EVP_MAX_MD_SIZE];
327 if (!HMAC(EVP_sha224(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
328 if (memcmp(out,kaval,outlen))
333 /* HMAC-SHA256: generate hash of known digest value and compare to known
334 precomputed correct hash
336 static int FIPS_hmac_sha256_test()
338 unsigned char key[] = "etaonrishd";
339 unsigned char iv[] = "Sample text";
340 unsigned char kaval[EVP_MAX_MD_SIZE] =
341 {0xe9, 0x17, 0xc1, 0x7b, 0x4c, 0x6b, 0x77, 0xda, 0xd2, 0x30, 0x36, 0x02, 0xf5, 0x72, 0x33, 0x87,
342 0x9f, 0xc6, 0x6e, 0x7b, 0x7e, 0xa8, 0xea, 0xaa, 0x9f, 0xba, 0xee, 0x51, 0xff, 0xda, 0x24, 0xf4};
344 unsigned char out[EVP_MAX_MD_SIZE];
348 if (!HMAC(EVP_sha256(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
349 if (memcmp(out,kaval,outlen))
354 /* HMAC-SHA384: generate hash of known digest value and compare to known
355 precomputed correct hash
357 static int FIPS_hmac_sha384_test()
359 unsigned char key[] = "etaonrishd";
360 unsigned char iv[] = "Sample text";
361 unsigned char kaval[EVP_MAX_MD_SIZE] =
362 {0xb2, 0x9d, 0x40, 0x58, 0x32, 0xc4, 0xe3, 0x31, 0xb6, 0x63, 0x08, 0x26, 0x99, 0xef, 0x3b, 0x10,
363 0xe2, 0xdf, 0xf8, 0xff, 0xc6, 0xe1, 0x03, 0x29, 0x81, 0x2a, 0x1b, 0xac, 0xb0, 0x07, 0x39, 0x08,
364 0xf3, 0x91, 0x35, 0x11, 0x76, 0xd6, 0x4c, 0x20, 0xfb, 0x4d, 0xc3, 0xf3, 0xb8, 0x9b, 0x88, 0x1c};
366 unsigned char out[EVP_MAX_MD_SIZE];
370 if (!HMAC(EVP_sha384(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
371 if (memcmp(out,kaval,outlen))
376 /* HMAC-SHA512: generate hash of known digest value and compare to known
377 precomputed correct hash
379 static int FIPS_hmac_sha512_test()
381 unsigned char key[] = "etaonrishd";
382 unsigned char iv[] = "Sample text";
383 unsigned char kaval[EVP_MAX_MD_SIZE] =
384 {0xcd, 0x3e, 0xb9, 0x51, 0xb8, 0xbc, 0x7f, 0x9a, 0x23, 0xaf, 0xf3, 0x77, 0x59, 0x85, 0xa9, 0xe6,
385 0xf7, 0xd1, 0x51, 0x96, 0x17, 0xe0, 0x92, 0xd8, 0xa6, 0x3b, 0xc1, 0xad, 0x7e, 0x24, 0xca, 0xb1,
386 0xd7, 0x79, 0x0a, 0xa5, 0xea, 0x2c, 0x02, 0x58, 0x0b, 0xa6, 0x52, 0x6b, 0x61, 0x7f, 0xeb, 0x9c,
387 0x47, 0x86, 0x5d, 0x74, 0x2b, 0x88, 0xdf, 0xee, 0x46, 0x69, 0x96, 0x3d, 0xa6, 0xd9, 0x2a, 0x53};
389 unsigned char out[EVP_MAX_MD_SIZE];
393 if (!HMAC(EVP_sha512(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
394 if (memcmp(out,kaval,outlen))
399 /* CMAC-AES128: generate hash of known digest value and compare to known
400 precomputed correct hash
402 static int FIPS_cmac_aes128_test()
404 unsigned char key[16] = { 0x2b,0x7e,0x15,0x16, 0x28,0xae,0xd2,0xa6,
405 0xab,0xf7,0x15,0x88, 0x09,0xcf,0x4f,0x3c, };
406 unsigned char data[] = "Sample text";
407 unsigned char kaval[EVP_MAX_MD_SIZE] =
408 { 0x16,0x83,0xfe,0xac, 0x52,0x9b,0xae,0x23,
409 0xd7,0xd5,0x66,0xf5, 0xd2,0x8d,0xbd,0x2a, };
411 unsigned char *out = NULL;
413 CMAC_CTX *ctx = CMAC_CTX_new();
420 if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_128_cbc(),NULL))
422 if (!CMAC_Update(ctx,data,sizeof(data)-1))
424 /* This should return 1. If not, there's a programming error... */
425 if (!CMAC_Final(ctx, out, &outlen))
427 out = OPENSSL_malloc(outlen);
428 if (!CMAC_Final(ctx, out, &outlen))
432 char *hexout = OPENSSL_malloc(outlen * 2 + 1);
433 bin2hex(out, outlen, hexout);
434 printf("CMAC-AES128: res = %s\n", hexout);
435 OPENSSL_free(hexout);
439 if (!memcmp(out,kaval,outlen))
449 /* CMAC-AES192: generate hash of known digest value and compare to known
450 precomputed correct hash
452 static int FIPS_cmac_aes192_test()
454 unsigned char key[] = { 0x8e,0x73,0xb0,0xf7, 0xda,0x0e,0x64,0x52,
455 0xc8,0x10,0xf3,0x2b, 0x80,0x90,0x79,0xe5,
456 0x62,0xf8,0xea,0xd2, 0x52,0x2c,0x6b,0x7b, };
457 unsigned char data[] = "Sample text";
458 unsigned char kaval[] =
459 { 0xd6,0x99,0x19,0x25, 0xe5,0x1d,0x95,0x48,
460 0xb1,0x4a,0x0b,0xf2, 0xc6,0x3c,0x47,0x1f, };
462 unsigned char *out = NULL;
464 CMAC_CTX *ctx = CMAC_CTX_new();
471 if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_192_cbc(),NULL))
473 if (!CMAC_Update(ctx,data,sizeof(data)-1))
475 /* This should return 1. If not, there's a programming error... */
476 if (!CMAC_Final(ctx, out, &outlen))
478 out = OPENSSL_malloc(outlen);
479 if (!CMAC_Final(ctx, out, &outlen))
483 char *hexout = OPENSSL_malloc(outlen * 2 + 1);
484 bin2hex(out, outlen, hexout);
485 printf("CMAC-AES192: res = %s\n", hexout);
486 OPENSSL_free(hexout);
490 if (!memcmp(out,kaval,outlen))
500 /* CMAC-AES256: generate hash of known digest value and compare to known
501 precomputed correct hash
503 static int FIPS_cmac_aes256_test()
505 unsigned char key[] = { 0x60,0x3d,0xeb,0x10, 0x15,0xca,0x71,0xbe,
506 0x2b,0x73,0xae,0xf0, 0x85,0x7d,0x77,0x81,
507 0x1f,0x35,0x2c,0x07, 0x3b,0x61,0x08,0xd7,
508 0x2d,0x98,0x10,0xa3, 0x09,0x14,0xdf,0xf4, };
509 unsigned char data[] = "Sample text";
510 unsigned char kaval[] =
511 { 0xec,0xc2,0xcf,0x63, 0xc7,0xce,0xfc,0xa4,
512 0xb0,0x86,0x37,0x5f, 0x15,0x60,0xba,0x1f, };
514 unsigned char *out = NULL;
516 CMAC_CTX *ctx = CMAC_CTX_new();
523 if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_256_cbc(),NULL))
525 if (!CMAC_Update(ctx,data,sizeof(data)-1))
527 /* This should return 1. If not, there's a programming error... */
528 if (!CMAC_Final(ctx, out, &outlen))
530 out = OPENSSL_malloc(outlen);
531 if (!CMAC_Final(ctx, out, &outlen))
535 char *hexout = OPENSSL_malloc(outlen * 2 + 1);
536 bin2hex(out, outlen, hexout);
537 printf("CMAC-AES256: res = %s\n", hexout);
538 OPENSSL_free(hexout);
542 if (!memcmp(out,kaval,outlen))
552 /* CMAC-TDEA3: generate hash of known digest value and compare to known
553 precomputed correct hash
555 static int FIPS_cmac_tdea3_test()
557 unsigned char key[] = { 0x8a,0xa8,0x3b,0xf8, 0xcb,0xda,0x10,0x62,
558 0x0b,0xc1,0xbf,0x19, 0xfb,0xb6,0xcd,0x58,
559 0xbc,0x31,0x3d,0x4a, 0x37,0x1c,0xa8,0xb5, };
560 unsigned char data[] = "Sample text";
561 unsigned char kaval[EVP_MAX_MD_SIZE] =
562 { 0xb4,0x06,0x4e,0xbf, 0x59,0x89,0xba,0x68, };
564 unsigned char *out = NULL;
566 CMAC_CTX *ctx = CMAC_CTX_new();
573 if (!CMAC_Init(ctx,key,sizeof(key),EVP_des_ede3_cbc(),NULL))
575 if (!CMAC_Update(ctx,data,sizeof(data)-1))
577 /* This should return 1. If not, there's a programming error... */
578 if (!CMAC_Final(ctx, out, &outlen))
580 out = OPENSSL_malloc(outlen);
581 if (!CMAC_Final(ctx, out, &outlen))
585 char *hexout = OPENSSL_malloc(outlen * 2 + 1);
586 bin2hex(out, outlen, hexout);
587 printf("CMAC-TDEA3: res = %s\n", hexout);
588 OPENSSL_free(hexout);
592 if (!memcmp(out,kaval,outlen))
603 /* DH: generate shared parameters
612 if (!DH_generate_parameters_ex(dh, 1024, 2, NULL))
624 unsigned char userkey[16] =
625 { 0x48, 0x50, 0xf0, 0xa3, 0x3a, 0xed, 0xd3, 0xaf, 0x6e, 0x47, 0x7f, 0x83, 0x02, 0xb1, 0x09, 0x68 };
629 key = FIPS_rsa_new();
633 BN_set_word(bn, 65537);
634 if (!RSA_generate_key_ex(key, 1024,bn,NULL))
638 n = BN_num_bytes(key->d);
639 printf(" Generated %d byte RSA private key\n", n);
640 printf("\tBN key before overwriting:\n");
641 do_bn_print(stdout, key->d);
642 BN_rand(key->d,n*8,-1,0);
643 printf("\tBN key after overwriting:\n");
644 do_bn_print(stdout, key->d);
646 printf("\tchar buffer key before overwriting: \n\t\t");
647 for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
649 RAND_bytes(userkey, sizeof userkey);
650 printf("\tchar buffer key after overwriting: \n\t\t");
651 for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
657 /* Dummy Entropy for DRBG tests. WARNING: THIS IS TOTALLY BOGUS
658 * HAS ZERO SECURITY AND MUST NOT BE USED IN REAL APPLICATIONS.
661 static unsigned char dummy_drbg_entropy[1024];
663 static size_t drbg_test_cb(DRBG_CTX *ctx, unsigned char **pout,
664 int entropy, size_t min_len, size_t max_len)
666 *pout = dummy_drbg_entropy;
667 /* Round up to multiple of block size */
668 return (min_len + 0xf) & ~0xf;
671 /* DRBG test: just generate lots of data and trigger health checks */
673 static int do_drbg_test(int type, int flags)
678 unsigned char randout[1024];
679 dctx = FIPS_drbg_new(type, flags);
682 FIPS_drbg_set_callbacks(dctx, drbg_test_cb, 0, 0x10, drbg_test_cb, 0);
683 for (i = 0; i < sizeof(dummy_drbg_entropy); i++)
685 dummy_drbg_entropy[i] = i & 0xff;
687 if (!FIPS_drbg_instantiate(dctx, dummy_drbg_entropy, 10))
689 FIPS_drbg_set_check_interval(dctx, 10);
690 for (i = 0; i < 32; i++)
692 if (!FIPS_drbg_generate(dctx, randout, sizeof(randout), 0, NULL, 0))
694 if (!FIPS_drbg_generate(dctx, randout, sizeof(randout), 0, dummy_drbg_entropy, 1))
699 FIPS_drbg_uninstantiate(dctx);
708 static int do_drbg_all(void)
710 static DRBG_LIST drbg_types[] =
717 {NID_hmacWithSHA1, 0},
718 {NID_hmacWithSHA224, 0},
719 {NID_hmacWithSHA256, 0},
720 {NID_hmacWithSHA384, 0},
721 {NID_hmacWithSHA512, 0},
722 {NID_aes_128_ctr, 0},
723 {NID_aes_192_ctr, 0},
724 {NID_aes_256_ctr, 0},
725 {NID_aes_128_ctr, DRBG_FLAG_CTR_USE_DF},
726 {NID_aes_192_ctr, DRBG_FLAG_CTR_USE_DF},
727 {NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF},
728 {(NID_X9_62_prime256v1 << 16)|NID_sha1, 0},
729 {(NID_X9_62_prime256v1 << 16)|NID_sha224, 0},
730 {(NID_X9_62_prime256v1 << 16)|NID_sha256, 0},
731 {(NID_X9_62_prime256v1 << 16)|NID_sha384, 0},
732 {(NID_X9_62_prime256v1 << 16)|NID_sha512, 0},
733 {(NID_secp384r1 << 16)|NID_sha224, 0},
734 {(NID_secp384r1 << 16)|NID_sha256, 0},
735 {(NID_secp384r1 << 16)|NID_sha384, 0},
736 {(NID_secp384r1 << 16)|NID_sha512, 0},
737 {(NID_secp521r1 << 16)|NID_sha256, 0},
738 {(NID_secp521r1 << 16)|NID_sha384, 0},
739 {(NID_secp521r1 << 16)|NID_sha512, 0},
744 for (lst = drbg_types;; lst++)
748 if (!do_drbg_test(lst->type, lst->flags))
755 static const char * Fail(const char *msg)
761 static void test_msg(const char *msg, int result)
763 printf("%s...%s\n", msg, result ? "successful" : Fail("Failed!"));
766 /* Table of IDs for POST translating between NIDs and names */
774 POST_ID id_list[] = {
776 {NID_sha224, "SHA224"},
777 {NID_sha256, "SHA256"},
778 {NID_sha384, "SHA384"},
779 {NID_sha512, "SHA512"},
780 {NID_hmacWithSHA1, "HMAC-SHA1"},
781 {NID_hmacWithSHA224, "HMAC-SHA224"},
782 {NID_hmacWithSHA256, "HMAC-SHA256"},
783 {NID_hmacWithSHA384, "HMAC-SHA384"},
784 {NID_hmacWithSHA512, "HMAC-SHA512"},
785 {EVP_PKEY_RSA, "RSA"},
786 {EVP_PKEY_DSA, "DSA"},
787 {EVP_PKEY_EC, "ECDSA"},
788 {NID_aes_128_cbc, "AES-128-CBC"},
789 {NID_aes_192_cbc, "AES-192-CBC"},
790 {NID_aes_256_cbc, "AES-256-CBC"},
791 {NID_aes_128_ctr, "AES-128-CTR"},
792 {NID_aes_192_ctr, "AES-192-CTR"},
793 {NID_aes_256_ctr, "AES-256-CTR"},
794 {NID_aes_128_ecb, "AES-128-ECB"},
795 {NID_aes_128_xts, "AES-128-XTS"},
796 {NID_aes_256_xts, "AES-256-XTS"},
797 {NID_des_ede3_cbc, "DES-EDE3-CBC"},
798 {NID_des_ede3_ecb, "DES-EDE3-ECB"},
799 {NID_secp224r1, "P-224"},
800 {NID_sect233r1, "B-233"},
801 {NID_X9_62_prime256v1, "P-256"},
802 {NID_secp384r1, "P-384"},
803 {NID_secp521r1, "P-521"},
807 static const char *lookup_id(int id)
811 for (n = id_list; n->name; n++)
816 sprintf(out, "ID=%d", id);
820 static int fail_id = -1;
821 static int fail_sub = -1;
822 static int fail_key = -1;
824 static int post_cb(int op, int id, int subid, void *ex)
826 const char *idstr, *exstr = "";
829 #ifdef FIPS_POST_TIME
830 static struct timespec start, end, tstart, tend;
834 case FIPS_TEST_INTEGRITY:
838 case FIPS_TEST_DIGEST:
840 exstr = lookup_id(subid);
843 case FIPS_TEST_CIPHER:
844 exstr = lookup_id(subid);
848 case FIPS_TEST_SIGNATURE:
852 keytype = pkey->type;
853 exstr = lookup_id(keytype);
859 exstr = lookup_id(subid);
865 exstr = lookup_id(subid);
874 exstr = lookup_id(subid);
882 idstr = "X9.31 PRNG";
883 sprintf(asctmp, "keylen=%d", subid);
889 if (*(int *)ex & DRBG_FLAG_CTR_USE_DF)
891 sprintf(asctmp, "%s DF", lookup_id(subid));
894 else if (subid >> 16)
896 sprintf(asctmp, "%s %s",
897 lookup_id(subid >> 16),
898 lookup_id(subid & 0xFFFF));
902 exstr = lookup_id(subid);
905 case FIPS_TEST_PAIRWISE:
909 keytype = pkey->type;
910 exstr = lookup_id(keytype);
912 idstr = "Pairwise Consistency";
915 case FIPS_TEST_CONTINUOUS:
916 idstr = "Continuous PRNG";
921 exstr = lookup_id(subid);
932 case FIPS_POST_BEGIN:
933 #ifdef FIPS_POST_TIME
934 clock_getres(CLOCK_REALTIME, &tstart);
935 printf("\tTimer resolution %ld s, %ld ns\n",
936 (long)tstart.tv_sec, (long)tstart.tv_nsec);
937 clock_gettime(CLOCK_REALTIME, &tstart);
939 printf("\tPOST started\n");
943 printf("\tPOST %s\n", id ? "Success" : "Failed");
944 #ifdef FIPS_POST_TIME
945 clock_gettime(CLOCK_REALTIME, &tend);
946 printf("\t\tTook %f seconds\n",
947 (double)((tend.tv_sec+tend.tv_nsec*1e-9)
948 - (tstart.tv_sec+tstart.tv_nsec*1e-9)));
952 case FIPS_POST_STARTED:
953 printf("\t\t%s %s test started\n", idstr, exstr);
954 #ifdef FIPS_POST_TIME
955 clock_gettime(CLOCK_REALTIME, &start);
959 case FIPS_POST_SUCCESS:
960 printf("\t\t%s %s test OK\n", idstr, exstr);
961 #ifdef FIPS_POST_TIME
962 clock_gettime(CLOCK_REALTIME, &end);
963 printf("\t\t\tTook %f seconds\n",
964 (double)((end.tv_sec+end.tv_nsec*1e-9)
965 - (start.tv_sec+start.tv_nsec*1e-9)));
970 printf("\t\t%s %s test FAILED!!\n", idstr, exstr);
973 case FIPS_POST_CORRUPT:
975 && (fail_key == -1 || fail_key == keytype)
976 && (fail_sub == -1 || fail_sub == subid))
978 printf("\t\t%s %s test failure induced\n", idstr, exstr);
987 int main(int argc,char **argv)
989 int bad_rsa = 0, bad_dsa = 0;
990 int do_rng_stick = 0;
991 int do_drbg_stick = 0;
995 FIPS_post_set_callback(post_cb);
997 printf("\tFIPS-mode test application\n");
999 printf("\t%s\n\n", FIPS_module_version_text());
1002 /* Corrupted KAT tests */
1003 if (!strcmp(argv[1], "integrity")) {
1004 fail_id = FIPS_TEST_INTEGRITY;
1005 } else if (!strcmp(argv[1], "aes")) {
1006 fail_id = FIPS_TEST_CIPHER;
1007 fail_sub = NID_aes_128_ecb;
1008 } else if (!strcmp(argv[1], "aes-ccm")) {
1009 fail_id = FIPS_TEST_CCM;
1010 } else if (!strcmp(argv[1], "aes-gcm")) {
1011 fail_id = FIPS_TEST_GCM;
1012 } else if (!strcmp(argv[1], "aes-xts")) {
1013 fail_id = FIPS_TEST_XTS;
1014 } else if (!strcmp(argv[1], "des")) {
1015 fail_id = FIPS_TEST_CIPHER;
1016 fail_sub = NID_des_ede3_ecb;
1017 } else if (!strcmp(argv[1], "dsa")) {
1018 fail_id = FIPS_TEST_SIGNATURE;
1019 fail_key = EVP_PKEY_DSA;
1020 } else if (!strcmp(argv[1], "ecdsa")) {
1021 fail_id = FIPS_TEST_SIGNATURE;
1022 fail_key = EVP_PKEY_EC;
1023 } else if (!strcmp(argv[1], "rsa")) {
1024 fail_id = FIPS_TEST_SIGNATURE;
1025 fail_key = EVP_PKEY_RSA;
1026 } else if (!strcmp(argv[1], "rsakey")) {
1027 printf("RSA key generation and signature validation with corrupted key...\n");
1030 } else if (!strcmp(argv[1], "rsakeygen")) {
1031 fail_id = FIPS_TEST_PAIRWISE;
1032 fail_key = EVP_PKEY_RSA;
1034 } else if (!strcmp(argv[1], "dsakey")) {
1035 printf("DSA key generation and signature validation with corrupted key...\n");
1038 } else if (!strcmp(argv[1], "dsakeygen")) {
1039 fail_id = FIPS_TEST_PAIRWISE;
1040 fail_key = EVP_PKEY_DSA;
1042 } else if (!strcmp(argv[1], "sha1")) {
1043 fail_id = FIPS_TEST_DIGEST;
1044 } else if (!strcmp(argv[1], "hmac")) {
1045 fail_id = FIPS_TEST_HMAC;
1046 } else if (!strcmp(argv[1], "cmac")) {
1047 fail_id = FIPS_TEST_CMAC;
1048 } else if (!strcmp(argv[1], "drbg")) {
1049 fail_id = FIPS_TEST_DRBG;
1050 } else if (!strcmp(argv[1], "rng")) {
1051 fail_id = FIPS_TEST_X931;
1052 } else if (!strcmp(argv[1], "nodh")) {
1055 } else if (!strcmp(argv[1], "post")) {
1057 } else if (!strcmp(argv[1], "rngstick")) {
1060 printf("RNG test with stuck continuous test...\n");
1061 } else if (!strcmp(argv[1], "drbgentstick")) {
1063 } else if (!strcmp(argv[1], "drbgstick")) {
1066 printf("DRBG test with stuck continuous test...\n");
1068 printf("Bad argument \"%s\"\n", argv[1]);
1072 fips_algtest_init_nofips();
1073 if (!FIPS_module_mode_set(1)) {
1074 printf("Power-up self test failed\n");
1077 printf("Power-up self test successful\n");
1082 fips_algtest_init_nofips();
1084 /* Non-Approved cryptographic operation
1086 printf("1. Non-Approved cryptographic operation test...\n");
1088 printf("\t D-H test skipped\n");
1090 test_msg("\ta. Included algorithm (D-H)...", dh_test());
1092 /* Power-up self test
1095 test_msg("2. Automatic power-up self test", FIPS_module_mode_set(1));
1096 if (!FIPS_module_mode())
1103 /* AES encryption/decryption
1105 test_msg("3a. AES encryption/decryption", FIPS_aes_test());
1106 /* AES GCM encryption/decryption
1108 test_msg("3b. AES-GCM encryption/decryption", FIPS_aes_gcm_test());
1110 /* RSA key generation and encryption/decryption
1112 test_msg("4. RSA key generation and encryption/decryption",
1113 FIPS_rsa_test(bad_rsa));
1115 /* DES-CBC encryption/decryption
1117 test_msg("5. DES-ECB encryption/decryption", FIPS_des3_test());
1119 /* DSA key generation and signature validation
1121 test_msg("6. DSA key generation and signature validation",
1122 FIPS_dsa_test(bad_dsa));
1126 test_msg("7a. SHA-1 hash", FIPS_sha1_test());
1130 test_msg("7b. SHA-256 hash", FIPS_sha256_test());
1134 test_msg("7c. SHA-512 hash", FIPS_sha512_test());
1138 test_msg("7d. HMAC-SHA-1 hash", FIPS_hmac_sha1_test());
1140 /* HMAC-SHA-224 hash
1142 test_msg("7e. HMAC-SHA-224 hash", FIPS_hmac_sha224_test());
1144 /* HMAC-SHA-256 hash
1146 test_msg("7f. HMAC-SHA-256 hash", FIPS_hmac_sha256_test());
1148 /* HMAC-SHA-384 hash
1150 test_msg("7g. HMAC-SHA-384 hash", FIPS_hmac_sha384_test());
1152 /* HMAC-SHA-512 hash
1154 test_msg("7h. HMAC-SHA-512 hash", FIPS_hmac_sha512_test());
1156 /* CMAC-AES-128 hash
1158 test_msg("8a. CMAC-AES-128 hash", FIPS_cmac_aes128_test());
1160 /* CMAC-AES-192 hash
1162 test_msg("8b. CMAC-AES-192 hash", FIPS_cmac_aes192_test());
1164 /* CMAC-AES-256 hash
1166 test_msg("8c. CMAC-AES-256 hash", FIPS_cmac_aes256_test());
1168 # if 0 /* Not a FIPS algorithm */
1171 test_msg("8d. CMAC-TDEA-2 hash", FIPS_cmac_tdea2_test());
1176 test_msg("8e. CMAC-TDEA-3 hash", FIPS_cmac_tdea3_test());
1178 /* Non-Approved cryptographic operation
1180 printf("9. Non-Approved cryptographic operation test...\n");
1181 printf("\ta. Included algorithm (D-H)...%s\n",
1183 dh_test() ? "successful as expected"
1184 : Fail("failed INCORRECTLY!") );
1188 printf("10. Zero-ization...\n\t%s\n",
1189 Zeroize() ? "successful as expected"
1190 : Fail("failed INCORRECTLY!") );
1192 printf("11. Complete DRBG health check...\n");
1193 printf("\t%s\n", FIPS_selftest_drbg_all() ? "successful as expected"
1194 : Fail("failed INCORRECTLY!") );
1196 printf("12. DRBG generation check...\n");
1197 printf("\t%s\n", do_drbg_all() ? "successful as expected"
1198 : Fail("failed INCORRECTLY!") );
1200 printf("\nAll tests completed with %d errors\n", Error);
1201 return Error ? 1 : 0;