1 /* ====================================================================
2 * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
5 * This command is intended as a test driver for the FIPS-140 testing
6 * lab performing FIPS-140 validation. It demonstrates the use of the
7 * OpenSSL library ito perform a variety of common cryptographic
8 * functions. A power-up self test is demonstrated by deliberately
9 * pointing to an invalid executable hash
11 * Contributed by Steve Marquess.
15 #define OPENSSL_FIPSAPI
22 #include <openssl/evp.h>
23 #include <openssl/hmac.h>
24 #include <openssl/cmac.h>
25 #include <openssl/sha.h>
26 #include <openssl/err.h>
28 #include <openssl/bn.h>
29 #include <openssl/rand.h>
32 int main(int argc, char *argv[])
34 printf("No FIPS support\n");
39 #define ERR_clear_error() while(0)
41 #include <openssl/rsa.h>
42 #include <openssl/dsa.h>
43 #include <openssl/dh.h>
45 #include <openssl/fips.h>
48 /* AES: encrypt and decrypt known plaintext, verify result matches original plaintext
50 static int FIPS_aes_test(void)
53 unsigned char pltmp[16];
54 unsigned char citmp[16];
55 unsigned char key[16] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
56 unsigned char plaintext[16] = "etaonrishdlcu";
58 FIPS_cipher_ctx_init(&ctx);
59 if (FIPS_cipherinit(&ctx, EVP_aes_128_ecb(), key, NULL, 1) <= 0)
61 FIPS_cipher(&ctx, citmp, plaintext, 16);
62 if (FIPS_cipherinit(&ctx, EVP_aes_128_ecb(), key, NULL, 0) <= 0)
64 FIPS_cipher(&ctx, pltmp, citmp, 16);
65 if (memcmp(pltmp, plaintext, 16))
69 FIPS_cipher_ctx_cleanup(&ctx);
73 static int FIPS_aes_gcm_test(void)
76 unsigned char pltmp[16];
77 unsigned char citmp[16];
78 unsigned char tagtmp[16];
79 unsigned char key[16] = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
80 unsigned char iv[16] = {21,22,23,24,25,26,27,28,29,30,31,32};
81 unsigned char aad[] = "Some text AAD";
82 unsigned char plaintext[16] = "etaonrishdlcu";
84 FIPS_cipher_ctx_init(&ctx);
85 if (FIPS_cipherinit(&ctx, EVP_aes_128_gcm(), key, iv, 1) <= 0)
87 FIPS_cipher(&ctx, NULL, aad, sizeof(aad));
88 FIPS_cipher(&ctx, citmp, plaintext, 16);
89 FIPS_cipher(&ctx, NULL, NULL, 0);
90 if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, 16, tagtmp))
93 if (FIPS_cipherinit(&ctx, EVP_aes_128_gcm(), key, iv, 0) <= 0)
95 if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tagtmp))
98 FIPS_cipher(&ctx, NULL, aad, sizeof(aad));
100 FIPS_cipher(&ctx, pltmp, citmp, 16);
102 if (FIPS_cipher(&ctx, NULL, NULL, 0) < 0)
105 if (memcmp(pltmp, plaintext, 16))
110 FIPS_cipher_ctx_cleanup(&ctx);
114 static int FIPS_des3_test(void)
117 unsigned char pltmp[8];
118 unsigned char citmp[8];
119 unsigned char key[] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,
121 unsigned char plaintext[] = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' };
123 FIPS_cipher_ctx_init(&ctx);
124 if (FIPS_cipherinit(&ctx, EVP_des_ede3_ecb(), key, NULL, 1) <= 0)
126 FIPS_cipher(&ctx, citmp, plaintext, 8);
127 if (FIPS_cipherinit(&ctx, EVP_des_ede3_ecb(), key, NULL, 0) <= 0)
129 FIPS_cipher(&ctx, pltmp, citmp, 8);
130 if (memcmp(pltmp, plaintext, 8))
134 FIPS_cipher_ctx_cleanup(&ctx);
139 * DSA: generate keys and sign, verify input plaintext.
141 static int FIPS_dsa_test(int bad)
144 unsigned char dgst[] = "etaonrishdlc";
150 FIPS_md_ctx_init(&mctx);
151 dsa = FIPS_dsa_new();
154 if (!DSA_generate_parameters_ex(dsa, 1024,NULL,0,NULL,NULL,NULL))
156 if (!DSA_generate_key(dsa))
159 BN_add_word(dsa->pub_key, 1);
161 if (!FIPS_digestinit(&mctx, EVP_sha256()))
163 if (!FIPS_digestupdate(&mctx, dgst, sizeof(dgst) - 1))
165 sig = FIPS_dsa_sign_ctx(dsa, &mctx);
169 if (!FIPS_digestinit(&mctx, EVP_sha256()))
171 if (!FIPS_digestupdate(&mctx, dgst, sizeof(dgst) - 1))
173 r = FIPS_dsa_verify_ctx(dsa, &mctx, sig);
176 FIPS_dsa_sig_free(sig);
177 FIPS_md_ctx_cleanup(&mctx);
186 * RSA: generate keys and sign, verify input plaintext.
188 static int FIPS_rsa_test(int bad)
191 unsigned char input_ptext[] = "etaonrishdlc";
192 unsigned char buf[256];
199 FIPS_md_ctx_init(&mctx);
200 key = FIPS_rsa_new();
204 BN_set_word(bn, 65537);
205 if (!RSA_generate_key_ex(key, 2048,bn,NULL))
209 BN_add_word(key->n, 1);
211 if (!FIPS_digestinit(&mctx, EVP_sha256()))
213 if (!FIPS_digestupdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
215 if (!FIPS_rsa_sign_ctx(key, &mctx, RSA_PKCS1_PADDING, 0, NULL, buf, &slen))
218 if (!FIPS_digestinit(&mctx, EVP_sha256()))
220 if (!FIPS_digestupdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
222 r = FIPS_rsa_verify_ctx(key, &mctx, RSA_PKCS1_PADDING, 0, NULL, buf, slen);
224 FIPS_md_ctx_cleanup(&mctx);
232 /* SHA1: generate hash of known digest value and compare to known
233 precomputed correct hash
235 static int FIPS_sha1_test()
237 unsigned char digest[SHA_DIGEST_LENGTH] =
238 { 0x11, 0xf1, 0x9a, 0x3a, 0xec, 0x1a, 0x1e, 0x8e, 0x65, 0xd4, 0x9a, 0x38, 0x0c, 0x8b, 0x1e, 0x2c, 0xe8, 0xb3, 0xc5, 0x18 };
239 unsigned char str[] = "etaonrishd";
241 unsigned char md[SHA_DIGEST_LENGTH];
244 if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha1())) return 0;
245 if (memcmp(md,digest,sizeof(md)))
250 /* SHA256: generate hash of known digest value and compare to known
251 precomputed correct hash
253 static int FIPS_sha256_test()
255 unsigned char digest[SHA256_DIGEST_LENGTH] =
256 {0xf5, 0x53, 0xcd, 0xb8, 0xcf, 0x1, 0xee, 0x17, 0x9b, 0x93, 0xc9, 0x68, 0xc0, 0xea, 0x40, 0x91,
257 0x6, 0xec, 0x8e, 0x11, 0x96, 0xc8, 0x5d, 0x1c, 0xaf, 0x64, 0x22, 0xe6, 0x50, 0x4f, 0x47, 0x57};
258 unsigned char str[] = "etaonrishd";
260 unsigned char md[SHA256_DIGEST_LENGTH];
263 if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha256())) return 0;
264 if (memcmp(md,digest,sizeof(md)))
269 /* SHA512: generate hash of known digest value and compare to known
270 precomputed correct hash
272 static int FIPS_sha512_test()
274 unsigned char digest[SHA512_DIGEST_LENGTH] =
275 {0x99, 0xc9, 0xe9, 0x5b, 0x88, 0xd4, 0x78, 0x88, 0xdf, 0x88, 0x5f, 0x94, 0x71, 0x64, 0x28, 0xca,
276 0x16, 0x1f, 0x3d, 0xf4, 0x1f, 0xf3, 0x0f, 0xc5, 0x03, 0x99, 0xb2, 0xd0, 0xe7, 0x0b, 0x94, 0x4a,
277 0x45, 0xd2, 0x6c, 0x4f, 0x20, 0x06, 0xef, 0x71, 0xa9, 0x25, 0x7f, 0x24, 0xb1, 0xd9, 0x40, 0x22,
278 0x49, 0x54, 0x10, 0xc2, 0x22, 0x9d, 0x27, 0xfe, 0xbd, 0xd6, 0xd6, 0xeb, 0x2d, 0x42, 0x1d, 0xa3};
279 unsigned char str[] = "etaonrishd";
281 unsigned char md[SHA512_DIGEST_LENGTH];
284 if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha512())) return 0;
285 if (memcmp(md,digest,sizeof(md)))
290 /* HMAC-SHA1: generate hash of known digest value and compare to known
291 precomputed correct hash
293 static int FIPS_hmac_sha1_test()
295 unsigned char key[] = "etaonrishd";
296 unsigned char iv[] = "Sample text";
297 unsigned char kaval[EVP_MAX_MD_SIZE] =
298 {0x73, 0xf7, 0xa0, 0x48, 0xf8, 0x94, 0xed, 0xdd, 0x0a, 0xea, 0xea, 0x56, 0x1b, 0x61, 0x2e, 0x70,
299 0xb2, 0xfb, 0xec, 0xc6};
301 unsigned char out[EVP_MAX_MD_SIZE];
305 if (!HMAC(EVP_sha1(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
306 if (memcmp(out,kaval,outlen))
311 /* HMAC-SHA224: generate hash of known digest value and compare to known
312 precomputed correct hash
314 static int FIPS_hmac_sha224_test()
316 unsigned char key[] = "etaonrishd";
317 unsigned char iv[] = "Sample text";
318 unsigned char kaval[EVP_MAX_MD_SIZE] =
319 {0x75, 0x58, 0xd5, 0xbd, 0x55, 0x6d, 0x87, 0x0f, 0x75, 0xff, 0xbe, 0x1c, 0xb2, 0xf0, 0x20, 0x35,
320 0xe5, 0x62, 0x49, 0xb6, 0x94, 0xb9, 0xfc, 0x65, 0x34, 0x33, 0x3a, 0x19};
322 unsigned char out[EVP_MAX_MD_SIZE];
326 if (!HMAC(EVP_sha224(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
327 if (memcmp(out,kaval,outlen))
332 /* HMAC-SHA256: generate hash of known digest value and compare to known
333 precomputed correct hash
335 static int FIPS_hmac_sha256_test()
337 unsigned char key[] = "etaonrishd";
338 unsigned char iv[] = "Sample text";
339 unsigned char kaval[EVP_MAX_MD_SIZE] =
340 {0xe9, 0x17, 0xc1, 0x7b, 0x4c, 0x6b, 0x77, 0xda, 0xd2, 0x30, 0x36, 0x02, 0xf5, 0x72, 0x33, 0x87,
341 0x9f, 0xc6, 0x6e, 0x7b, 0x7e, 0xa8, 0xea, 0xaa, 0x9f, 0xba, 0xee, 0x51, 0xff, 0xda, 0x24, 0xf4};
343 unsigned char out[EVP_MAX_MD_SIZE];
347 if (!HMAC(EVP_sha256(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
348 if (memcmp(out,kaval,outlen))
353 /* HMAC-SHA384: generate hash of known digest value and compare to known
354 precomputed correct hash
356 static int FIPS_hmac_sha384_test()
358 unsigned char key[] = "etaonrishd";
359 unsigned char iv[] = "Sample text";
360 unsigned char kaval[EVP_MAX_MD_SIZE] =
361 {0xb2, 0x9d, 0x40, 0x58, 0x32, 0xc4, 0xe3, 0x31, 0xb6, 0x63, 0x08, 0x26, 0x99, 0xef, 0x3b, 0x10,
362 0xe2, 0xdf, 0xf8, 0xff, 0xc6, 0xe1, 0x03, 0x29, 0x81, 0x2a, 0x1b, 0xac, 0xb0, 0x07, 0x39, 0x08,
363 0xf3, 0x91, 0x35, 0x11, 0x76, 0xd6, 0x4c, 0x20, 0xfb, 0x4d, 0xc3, 0xf3, 0xb8, 0x9b, 0x88, 0x1c};
365 unsigned char out[EVP_MAX_MD_SIZE];
369 if (!HMAC(EVP_sha384(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
370 if (memcmp(out,kaval,outlen))
375 /* HMAC-SHA512: generate hash of known digest value and compare to known
376 precomputed correct hash
378 static int FIPS_hmac_sha512_test()
380 unsigned char key[] = "etaonrishd";
381 unsigned char iv[] = "Sample text";
382 unsigned char kaval[EVP_MAX_MD_SIZE] =
383 {0xcd, 0x3e, 0xb9, 0x51, 0xb8, 0xbc, 0x7f, 0x9a, 0x23, 0xaf, 0xf3, 0x77, 0x59, 0x85, 0xa9, 0xe6,
384 0xf7, 0xd1, 0x51, 0x96, 0x17, 0xe0, 0x92, 0xd8, 0xa6, 0x3b, 0xc1, 0xad, 0x7e, 0x24, 0xca, 0xb1,
385 0xd7, 0x79, 0x0a, 0xa5, 0xea, 0x2c, 0x02, 0x58, 0x0b, 0xa6, 0x52, 0x6b, 0x61, 0x7f, 0xeb, 0x9c,
386 0x47, 0x86, 0x5d, 0x74, 0x2b, 0x88, 0xdf, 0xee, 0x46, 0x69, 0x96, 0x3d, 0xa6, 0xd9, 0x2a, 0x53};
388 unsigned char out[EVP_MAX_MD_SIZE];
392 if (!HMAC(EVP_sha512(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
393 if (memcmp(out,kaval,outlen))
398 /* CMAC-AES128: generate hash of known digest value and compare to known
399 precomputed correct hash
401 static int FIPS_cmac_aes128_test()
403 unsigned char key[16] = { 0x2b,0x7e,0x15,0x16, 0x28,0xae,0xd2,0xa6,
404 0xab,0xf7,0x15,0x88, 0x09,0xcf,0x4f,0x3c, };
405 unsigned char data[] = "Sample text";
406 unsigned char kaval[EVP_MAX_MD_SIZE] =
407 { 0x16,0x83,0xfe,0xac, 0x52,0x9b,0xae,0x23,
408 0xd7,0xd5,0x66,0xf5, 0xd2,0x8d,0xbd,0x2a, };
410 unsigned char *out = NULL;
412 CMAC_CTX *ctx = CMAC_CTX_new();
419 if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_128_cbc(),NULL))
421 if (!CMAC_Update(ctx,data,sizeof(data)-1))
423 /* This should return 1. If not, there's a programming error... */
424 if (!CMAC_Final(ctx, out, &outlen))
426 out = OPENSSL_malloc(outlen);
427 if (!CMAC_Final(ctx, out, &outlen))
431 char *hexout = OPENSSL_malloc(outlen * 2 + 1);
432 bin2hex(out, outlen, hexout);
433 printf("CMAC-AES128: res = %s\n", hexout);
434 OPENSSL_free(hexout);
438 if (!memcmp(out,kaval,outlen))
448 /* CMAC-AES192: generate hash of known digest value and compare to known
449 precomputed correct hash
451 static int FIPS_cmac_aes192_test()
453 unsigned char key[] = { 0x8e,0x73,0xb0,0xf7, 0xda,0x0e,0x64,0x52,
454 0xc8,0x10,0xf3,0x2b, 0x80,0x90,0x79,0xe5,
455 0x62,0xf8,0xea,0xd2, 0x52,0x2c,0x6b,0x7b, };
456 unsigned char data[] = "Sample text";
457 unsigned char kaval[] =
458 { 0xd6,0x99,0x19,0x25, 0xe5,0x1d,0x95,0x48,
459 0xb1,0x4a,0x0b,0xf2, 0xc6,0x3c,0x47,0x1f, };
461 unsigned char *out = NULL;
463 CMAC_CTX *ctx = CMAC_CTX_new();
470 if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_192_cbc(),NULL))
472 if (!CMAC_Update(ctx,data,sizeof(data)-1))
474 /* This should return 1. If not, there's a programming error... */
475 if (!CMAC_Final(ctx, out, &outlen))
477 out = OPENSSL_malloc(outlen);
478 if (!CMAC_Final(ctx, out, &outlen))
482 char *hexout = OPENSSL_malloc(outlen * 2 + 1);
483 bin2hex(out, outlen, hexout);
484 printf("CMAC-AES192: res = %s\n", hexout);
485 OPENSSL_free(hexout);
489 if (!memcmp(out,kaval,outlen))
499 /* CMAC-AES256: generate hash of known digest value and compare to known
500 precomputed correct hash
502 static int FIPS_cmac_aes256_test()
504 unsigned char key[] = { 0x60,0x3d,0xeb,0x10, 0x15,0xca,0x71,0xbe,
505 0x2b,0x73,0xae,0xf0, 0x85,0x7d,0x77,0x81,
506 0x1f,0x35,0x2c,0x07, 0x3b,0x61,0x08,0xd7,
507 0x2d,0x98,0x10,0xa3, 0x09,0x14,0xdf,0xf4, };
508 unsigned char data[] = "Sample text";
509 unsigned char kaval[] =
510 { 0xec,0xc2,0xcf,0x63, 0xc7,0xce,0xfc,0xa4,
511 0xb0,0x86,0x37,0x5f, 0x15,0x60,0xba,0x1f, };
513 unsigned char *out = NULL;
515 CMAC_CTX *ctx = CMAC_CTX_new();
522 if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_256_cbc(),NULL))
524 if (!CMAC_Update(ctx,data,sizeof(data)-1))
526 /* This should return 1. If not, there's a programming error... */
527 if (!CMAC_Final(ctx, out, &outlen))
529 out = OPENSSL_malloc(outlen);
530 if (!CMAC_Final(ctx, out, &outlen))
534 char *hexout = OPENSSL_malloc(outlen * 2 + 1);
535 bin2hex(out, outlen, hexout);
536 printf("CMAC-AES256: res = %s\n", hexout);
537 OPENSSL_free(hexout);
541 if (!memcmp(out,kaval,outlen))
551 /* CMAC-TDEA3: generate hash of known digest value and compare to known
552 precomputed correct hash
554 static int FIPS_cmac_tdea3_test()
556 unsigned char key[] = { 0x8a,0xa8,0x3b,0xf8, 0xcb,0xda,0x10,0x62,
557 0x0b,0xc1,0xbf,0x19, 0xfb,0xb6,0xcd,0x58,
558 0xbc,0x31,0x3d,0x4a, 0x37,0x1c,0xa8,0xb5, };
559 unsigned char data[] = "Sample text";
560 unsigned char kaval[EVP_MAX_MD_SIZE] =
561 { 0xb4,0x06,0x4e,0xbf, 0x59,0x89,0xba,0x68, };
563 unsigned char *out = NULL;
565 CMAC_CTX *ctx = CMAC_CTX_new();
572 if (!CMAC_Init(ctx,key,sizeof(key),EVP_des_ede3_cbc(),NULL))
574 if (!CMAC_Update(ctx,data,sizeof(data)-1))
576 /* This should return 1. If not, there's a programming error... */
577 if (!CMAC_Final(ctx, out, &outlen))
579 out = OPENSSL_malloc(outlen);
580 if (!CMAC_Final(ctx, out, &outlen))
584 char *hexout = OPENSSL_malloc(outlen * 2 + 1);
585 bin2hex(out, outlen, hexout);
586 printf("CMAC-TDEA3: res = %s\n", hexout);
587 OPENSSL_free(hexout);
591 if (!memcmp(out,kaval,outlen))
602 /* DH: generate shared parameters
611 if (!DH_generate_parameters_ex(dh, 1024, 2, NULL))
623 unsigned char userkey[16] =
624 { 0x48, 0x50, 0xf0, 0xa3, 0x3a, 0xed, 0xd3, 0xaf, 0x6e, 0x47, 0x7f, 0x83, 0x02, 0xb1, 0x09, 0x68 };
628 key = FIPS_rsa_new();
632 BN_set_word(bn, 65537);
633 if (!RSA_generate_key_ex(key, 1024,bn,NULL))
637 n = BN_num_bytes(key->d);
638 printf(" Generated %d byte RSA private key\n", n);
639 printf("\tBN key before overwriting:\n");
640 do_bn_print(stdout, key->d);
641 BN_rand(key->d,n*8,-1,0);
642 printf("\tBN key after overwriting:\n");
643 do_bn_print(stdout, key->d);
645 printf("\tchar buffer key before overwriting: \n\t\t");
646 for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
648 RAND_bytes(userkey, sizeof userkey);
649 printf("\tchar buffer key after overwriting: \n\t\t");
650 for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
657 static const char * Fail(const char *msg)
663 static void test_msg(const char *msg, int result)
665 printf("%s...%s\n", msg, result ? "successful" : Fail("Failed!"));
668 /* Table of IDs for POST translating between NIDs and names */
676 POST_ID id_list[] = {
678 {NID_sha224, "SHA224"},
679 {NID_sha256, "SHA256"},
680 {NID_sha384, "SHA384"},
681 {NID_sha512, "SHA512"},
682 {NID_hmacWithSHA1, "HMAC-SHA1"},
683 {NID_hmacWithSHA224, "HMAC-SHA224"},
684 {NID_hmacWithSHA256, "HMAC-SHA256"},
685 {NID_hmacWithSHA384, "HMAC-SHA384"},
686 {NID_hmacWithSHA512, "HMAC-SHA512"},
687 {EVP_PKEY_RSA, "RSA"},
688 {EVP_PKEY_DSA, "DSA"},
689 {EVP_PKEY_EC, "ECDSA"},
690 {NID_aes_128_cbc, "AES-128-CBC"},
691 {NID_aes_192_cbc, "AES-192-CBC"},
692 {NID_aes_256_cbc, "AES-256-CBC"},
693 {NID_aes_128_ctr, "AES-128-CTR"},
694 {NID_aes_192_ctr, "AES-192-CTR"},
695 {NID_aes_256_ctr, "AES-256-CTR"},
696 {NID_aes_128_ecb, "AES-128-ECB"},
697 {NID_aes_128_xts, "AES-128-XTS"},
698 {NID_aes_256_xts, "AES-256-XTS"},
699 {NID_des_ede3_cbc, "DES-EDE3-CBC"},
700 {NID_des_ede3_ecb, "DES-EDE3-ECB"},
701 {NID_X9_62_prime256v1, "P-256"},
702 {NID_secp384r1, "P-384"},
703 {NID_secp521r1, "P-521"},
707 static const char *lookup_id(int id)
711 for (n = id_list; n->name; n++)
716 sprintf(out, "ID=%d", id);
720 static int fail_id = -1;
721 static int fail_sub = -1;
722 static int fail_key = -1;
724 static int post_cb(int op, int id, int subid, void *ex)
726 const char *idstr, *exstr = "";
729 #ifdef FIPS_POST_TIME
730 static struct timespec start, end, tstart, tend;
734 case FIPS_TEST_INTEGRITY:
738 case FIPS_TEST_DIGEST:
740 exstr = lookup_id(subid);
743 case FIPS_TEST_CIPHER:
744 exstr = lookup_id(subid);
748 case FIPS_TEST_SIGNATURE:
752 keytype = pkey->type;
753 exstr = lookup_id(keytype);
759 exstr = lookup_id(subid);
765 exstr = lookup_id(subid);
774 exstr = lookup_id(subid);
782 idstr = "X9.31 PRNG";
783 sprintf(asctmp, "keylen=%d", subid);
789 if (*(int *)ex & DRBG_FLAG_CTR_USE_DF)
791 sprintf(asctmp, "%s DF", lookup_id(subid));
794 else if (subid >> 16)
796 sprintf(asctmp, "%s %s",
797 lookup_id(subid >> 16),
798 lookup_id(subid & 0xFFFF));
802 exstr = lookup_id(subid);
805 case FIPS_TEST_PAIRWISE:
809 keytype = pkey->type;
810 exstr = lookup_id(keytype);
812 idstr = "Pairwise Consistency";
815 case FIPS_TEST_CONTINUOUS:
816 idstr = "Continuous PRNG";
827 case FIPS_POST_BEGIN:
828 #ifdef FIPS_POST_TIME
829 clock_getres(CLOCK_REALTIME, &tstart);
830 printf("\tTimer resolution %ld s, %ld ns\n",
831 (long)tstart.tv_sec, (long)tstart.tv_nsec);
832 clock_gettime(CLOCK_REALTIME, &tstart);
834 printf("\tPOST started\n");
838 printf("\tPOST %s\n", id ? "Success" : "Failed");
839 #ifdef FIPS_POST_TIME
840 clock_gettime(CLOCK_REALTIME, &tend);
841 printf("\t\tTook %f seconds\n",
842 (double)((tend.tv_sec+tend.tv_nsec*1e-9)
843 - (tstart.tv_sec+tstart.tv_nsec*1e-9)));
847 case FIPS_POST_STARTED:
848 printf("\t\t%s %s test started\n", idstr, exstr);
849 #ifdef FIPS_POST_TIME
850 clock_gettime(CLOCK_REALTIME, &start);
854 case FIPS_POST_SUCCESS:
855 printf("\t\t%s %s test OK\n", idstr, exstr);
856 #ifdef FIPS_POST_TIME
857 clock_gettime(CLOCK_REALTIME, &end);
858 printf("\t\t\tTook %f seconds\n",
859 (double)((end.tv_sec+end.tv_nsec*1e-9)
860 - (start.tv_sec+start.tv_nsec*1e-9)));
865 printf("\t\t%s %s test FAILED!!\n", idstr, exstr);
868 case FIPS_POST_CORRUPT:
870 && (fail_key == -1 || fail_key == keytype)
871 && (fail_sub == -1 || fail_sub == subid))
873 printf("\t\t%s %s test failure induced\n", idstr, exstr);
882 int main(int argc,char **argv)
884 int bad_rsa = 0, bad_dsa = 0;
885 int do_rng_stick = 0;
886 int do_drbg_stick = 0;
890 FIPS_post_set_callback(post_cb);
892 printf("\tFIPS-mode test application\n");
894 printf("\t%s\n\n", FIPS_module_version_text());
897 /* Corrupted KAT tests */
898 if (!strcmp(argv[1], "integrity")) {
899 fail_id = FIPS_TEST_INTEGRITY;
900 } else if (!strcmp(argv[1], "aes")) {
901 fail_id = FIPS_TEST_CIPHER;
902 fail_sub = NID_aes_128_ecb;
903 } else if (!strcmp(argv[1], "aes-ccm")) {
904 fail_id = FIPS_TEST_CCM;
905 } else if (!strcmp(argv[1], "aes-gcm")) {
906 fail_id = FIPS_TEST_GCM;
907 } else if (!strcmp(argv[1], "aes-xts")) {
908 fail_id = FIPS_TEST_XTS;
909 } else if (!strcmp(argv[1], "des")) {
910 fail_id = FIPS_TEST_CIPHER;
911 fail_sub = NID_des_ede3_ecb;
912 } else if (!strcmp(argv[1], "dsa")) {
913 fail_id = FIPS_TEST_SIGNATURE;
914 fail_key = EVP_PKEY_DSA;
915 } else if (!strcmp(argv[1], "ecdsa")) {
916 fail_id = FIPS_TEST_SIGNATURE;
917 fail_key = EVP_PKEY_EC;
918 } else if (!strcmp(argv[1], "rsa")) {
919 fail_id = FIPS_TEST_SIGNATURE;
920 fail_key = EVP_PKEY_RSA;
921 } else if (!strcmp(argv[1], "rsakey")) {
922 printf("RSA key generation and signature validation with corrupted key...\n");
925 } else if (!strcmp(argv[1], "rsakeygen")) {
926 fail_id = FIPS_TEST_PAIRWISE;
927 fail_key = EVP_PKEY_RSA;
929 } else if (!strcmp(argv[1], "dsakey")) {
930 printf("DSA key generation and signature validation with corrupted key...\n");
933 } else if (!strcmp(argv[1], "dsakeygen")) {
934 fail_id = FIPS_TEST_PAIRWISE;
935 fail_key = EVP_PKEY_DSA;
937 } else if (!strcmp(argv[1], "sha1")) {
938 fail_id = FIPS_TEST_DIGEST;
939 } else if (!strcmp(argv[1], "hmac")) {
940 fail_id = FIPS_TEST_HMAC;
941 } else if (!strcmp(argv[1], "cmac")) {
942 fail_id = FIPS_TEST_CMAC;
943 } else if (!strcmp(argv[1], "drbg")) {
944 fail_id = FIPS_TEST_DRBG;
945 } else if (!strcmp(argv[1], "rng")) {
946 fail_id = FIPS_TEST_X931;
947 } else if (!strcmp(argv[1], "post")) {
949 } else if (!strcmp(argv[1], "rngstick")) {
952 printf("RNG test with stuck continuous test...\n");
953 } else if (!strcmp(argv[1], "drbgentstick")) {
955 } else if (!strcmp(argv[1], "drbgstick")) {
958 printf("DRBG test with stuck continuous test...\n");
960 printf("Bad argument \"%s\"\n", argv[1]);
964 fips_algtest_init_nofips();
965 if (!FIPS_module_mode_set(1)) {
966 printf("Power-up self test failed\n");
969 printf("Power-up self test successful\n");
974 fips_algtest_init_nofips();
976 /* Non-Approved cryptographic operation
978 printf("1. Non-Approved cryptographic operation test...\n");
979 test_msg("\ta. Included algorithm (D-H)...", dh_test());
981 /* Power-up self test
984 test_msg("2. Automatic power-up self test", FIPS_module_mode_set(1));
985 if (!FIPS_module_mode())
992 /* AES encryption/decryption
994 test_msg("3a. AES encryption/decryption", FIPS_aes_test());
995 /* AES GCM encryption/decryption
997 test_msg("3b. AES-GCM encryption/decryption", FIPS_aes_gcm_test());
999 /* RSA key generation and encryption/decryption
1001 test_msg("4. RSA key generation and encryption/decryption",
1002 FIPS_rsa_test(bad_rsa));
1004 /* DES-CBC encryption/decryption
1006 test_msg("5. DES-ECB encryption/decryption", FIPS_des3_test());
1008 /* DSA key generation and signature validation
1010 test_msg("6. DSA key generation and signature validation",
1011 FIPS_dsa_test(bad_dsa));
1015 test_msg("7a. SHA-1 hash", FIPS_sha1_test());
1019 test_msg("7b. SHA-256 hash", FIPS_sha256_test());
1023 test_msg("7c. SHA-512 hash", FIPS_sha512_test());
1027 test_msg("7d. HMAC-SHA-1 hash", FIPS_hmac_sha1_test());
1029 /* HMAC-SHA-224 hash
1031 test_msg("7e. HMAC-SHA-224 hash", FIPS_hmac_sha224_test());
1033 /* HMAC-SHA-256 hash
1035 test_msg("7f. HMAC-SHA-256 hash", FIPS_hmac_sha256_test());
1037 /* HMAC-SHA-384 hash
1039 test_msg("7g. HMAC-SHA-384 hash", FIPS_hmac_sha384_test());
1041 /* HMAC-SHA-512 hash
1043 test_msg("7h. HMAC-SHA-512 hash", FIPS_hmac_sha512_test());
1045 /* CMAC-AES-128 hash
1047 test_msg("8a. CMAC-AES-128 hash", FIPS_cmac_aes128_test());
1049 /* CMAC-AES-192 hash
1051 test_msg("8b. CMAC-AES-192 hash", FIPS_cmac_aes192_test());
1053 /* CMAC-AES-256 hash
1055 test_msg("8c. CMAC-AES-256 hash", FIPS_cmac_aes256_test());
1057 # if 0 /* Not a FIPS algorithm */
1060 test_msg("8d. CMAC-TDEA-2 hash", FIPS_cmac_tdea2_test());
1065 test_msg("8e. CMAC-TDEA-3 hash", FIPS_cmac_tdea3_test());
1067 /* Non-Approved cryptographic operation
1069 printf("9. Non-Approved cryptographic operation test...\n");
1070 printf("\ta. Included algorithm (D-H)...%s\n",
1071 dh_test() ? "successful as expected"
1072 : Fail("failed INCORRECTLY!") );
1076 printf("10. Zero-ization...\n\t%s\n",
1077 Zeroize() ? "successful as expected"
1078 : Fail("failed INCORRECTLY!") );
1080 printf("11. Complete DRBG health check...\n\t%s\n",
1081 FIPS_selftest_drbg_all() ? "successful as expected"
1082 : Fail("failed INCORRECTLY!") );
1084 printf("\nAll tests completed with %d errors\n", Error);
1085 return Error ? 1 : 0;
projects / openssl.git / blob