Support retries in certificate callback
[openssl.git] / fips / fips_test_suite.c
1 /* ====================================================================
2  * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
3  *
4  *
5  * This command is intended as a test driver for the FIPS-140 testing
6  * lab performing FIPS-140 validation.  It demonstrates the use of the
7  * OpenSSL library ito perform a variety of common cryptographic
8  * functions.  A power-up self test is demonstrated by deliberately
9  * pointing to an invalid executable hash
10  *
11  * Contributed by Steve Marquess.
12  *
13  */
14
15 #define OPENSSL_FIPSAPI
16
17 #include <stdio.h>
18 #include <assert.h>
19 #include <ctype.h>
20 #include <string.h>
21 #include <stdlib.h>
22 #include <openssl/evp.h>
23 #include <openssl/hmac.h>
24 #include <openssl/cmac.h>
25 #include <openssl/sha.h>
26 #include <openssl/err.h>
27
28 #include <openssl/bn.h>
29 #include <openssl/rand.h>
30
31 #ifndef OPENSSL_FIPS
32 int main(int argc, char *argv[])
33     {
34     printf("No FIPS support\n");
35     return(0);
36     }
37 #else
38
39 #define ERR_clear_error() while(0)
40
41 #include <openssl/rsa.h>
42 #include <openssl/dsa.h>
43 #include <openssl/dh.h>
44
45 #include <openssl/fips.h>
46 #include <openssl/fips_rand.h>
47 #include "fips_utl.h"
48
49 /* AES: encrypt and decrypt known plaintext, verify result matches original plaintext
50 */
51 static int FIPS_aes_test(void)
52         {
53         int ret = 0;
54         unsigned char pltmp[16];
55         unsigned char citmp[16];
56         unsigned char key[16] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
57         unsigned char plaintext[16] = "etaonrishdlcu";
58         EVP_CIPHER_CTX ctx;
59         FIPS_cipher_ctx_init(&ctx);
60         if (FIPS_cipherinit(&ctx, EVP_aes_128_ecb(), key, NULL, 1) <= 0)
61                 goto err;
62         FIPS_cipher(&ctx, citmp, plaintext, 16);
63         if (FIPS_cipherinit(&ctx, EVP_aes_128_ecb(), key, NULL, 0) <= 0)
64                 goto err;
65         FIPS_cipher(&ctx, pltmp, citmp, 16);
66         if (memcmp(pltmp, plaintext, 16))
67                 goto err;
68         ret = 1;
69         err:
70         FIPS_cipher_ctx_cleanup(&ctx);
71         return ret;
72         }
73
74 static int FIPS_aes_gcm_test(void)
75         {
76         int ret = 0;
77         unsigned char pltmp[16];
78         unsigned char citmp[16];
79         unsigned char tagtmp[16];
80         unsigned char key[16] = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
81         unsigned char iv[16] = {21,22,23,24,25,26,27,28,29,30,31,32};
82         unsigned char aad[] = "Some text AAD";
83         unsigned char plaintext[16] = "etaonrishdlcu";
84         EVP_CIPHER_CTX ctx;
85         FIPS_cipher_ctx_init(&ctx);
86         if (FIPS_cipherinit(&ctx, EVP_aes_128_gcm(), key, iv, 1) <= 0)
87                 goto err;
88         FIPS_cipher(&ctx, NULL, aad, sizeof(aad));
89         FIPS_cipher(&ctx, citmp, plaintext, 16);
90         FIPS_cipher(&ctx, NULL, NULL, 0);
91         if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, 16, tagtmp))
92                 goto err;
93
94         if (FIPS_cipherinit(&ctx, EVP_aes_128_gcm(), key, iv, 0) <= 0)
95                 goto err;
96         if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tagtmp))
97                 goto err;
98
99         FIPS_cipher(&ctx, NULL, aad, sizeof(aad));
100
101         FIPS_cipher(&ctx, pltmp, citmp, 16);
102
103         if (FIPS_cipher(&ctx, NULL, NULL, 0) < 0)
104                 goto err;
105
106         if (memcmp(pltmp, plaintext, 16))
107                 goto err;
108
109         ret = 1;
110         err:
111         FIPS_cipher_ctx_cleanup(&ctx);
112         return ret;
113         }
114
115 static int FIPS_des3_test(void)
116         {
117         int ret = 0;
118         unsigned char pltmp[8];
119         unsigned char citmp[8];
120         unsigned char key[] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,
121                               19,20,21,22,23,24};
122         unsigned char plaintext[] = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' };
123         EVP_CIPHER_CTX ctx;
124         FIPS_cipher_ctx_init(&ctx);
125         if (FIPS_cipherinit(&ctx, EVP_des_ede3_ecb(), key, NULL, 1) <= 0)
126                 goto err;
127         FIPS_cipher(&ctx, citmp, plaintext, 8);
128         if (FIPS_cipherinit(&ctx, EVP_des_ede3_ecb(), key, NULL, 0) <= 0)
129                 goto err;
130         FIPS_cipher(&ctx, pltmp, citmp, 8);
131         if (memcmp(pltmp, plaintext, 8))
132                 goto err;
133         ret = 1;
134         err:
135         FIPS_cipher_ctx_cleanup(&ctx);
136         return ret;
137         }
138
139 /*
140  * DSA: generate keys and sign, verify input plaintext.
141  */
142 static int FIPS_dsa_test(int bad)
143     {
144     DSA *dsa = NULL;
145     unsigned char dgst[] = "etaonrishdlc";
146     int r = 0;
147     DSA_SIG *sig = NULL;
148
149     ERR_clear_error();
150     dsa = FIPS_dsa_new();
151     if (!dsa)
152         goto end;
153     if (!DSA_generate_parameters_ex(dsa, 1024,NULL,0,NULL,NULL,NULL))
154         goto end;
155     if (!DSA_generate_key(dsa))
156         goto end;
157     if (bad)
158             BN_add_word(dsa->pub_key, 1);
159
160     sig = FIPS_dsa_sign(dsa, dgst, sizeof(dgst) -1, EVP_sha256());
161     if (!sig)
162         goto end;
163
164     r = FIPS_dsa_verify(dsa, dgst, sizeof(dgst) -1, EVP_sha256(), sig);
165     end:
166     if (sig)
167         FIPS_dsa_sig_free(sig);
168     if (dsa)
169           FIPS_dsa_free(dsa);
170     if (r != 1)
171         return 0;
172     return 1;
173     }
174
175 /*
176  * RSA: generate keys and sign, verify input plaintext.
177  */
178 static int FIPS_rsa_test(int bad)
179     {
180     RSA *key;
181     unsigned char input_ptext[] = "etaonrishdlc";
182     unsigned char buf[256];
183     unsigned int slen;
184     BIGNUM *bn;
185     int r = 0;
186
187     ERR_clear_error();
188     key = FIPS_rsa_new();
189     bn = BN_new();
190     if (!key || !bn)
191         return 0;
192     BN_set_word(bn, 65537);
193     if (!RSA_generate_key_ex(key, 2048,bn,NULL))
194         return 0;
195     BN_free(bn);
196     if (bad)
197             BN_add_word(key->n, 1);
198
199     if (!FIPS_rsa_sign(key, input_ptext, sizeof(input_ptext) - 1, EVP_sha256(),
200                         RSA_PKCS1_PADDING, 0, NULL, buf, &slen))
201         goto end;
202
203     r = FIPS_rsa_verify(key, input_ptext, sizeof(input_ptext) - 1, EVP_sha256(),
204                         RSA_PKCS1_PADDING, 0, NULL, buf, slen);
205     end:
206     if (key)
207           FIPS_rsa_free(key);
208     if (r != 1)
209         return 0;
210     return 1;
211     }
212
213 /* SHA1: generate hash of known digest value and compare to known
214    precomputed correct hash
215 */
216 static int FIPS_sha1_test()
217     {
218     unsigned char digest[SHA_DIGEST_LENGTH] =
219         { 0x11, 0xf1, 0x9a, 0x3a, 0xec, 0x1a, 0x1e, 0x8e, 0x65, 0xd4, 0x9a, 0x38, 0x0c, 0x8b, 0x1e, 0x2c, 0xe8, 0xb3, 0xc5, 0x18 };
220     unsigned char str[] = "etaonrishd";
221
222     unsigned char md[SHA_DIGEST_LENGTH];
223
224     ERR_clear_error();
225     if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha1())) return 0;
226     if (memcmp(md,digest,sizeof(md)))
227         return 0;
228     return 1;
229     }
230
231 /* SHA256: generate hash of known digest value and compare to known
232    precomputed correct hash
233 */
234 static int FIPS_sha256_test()
235     {
236     unsigned char digest[SHA256_DIGEST_LENGTH] =
237         {0xf5, 0x53, 0xcd, 0xb8, 0xcf, 0x1, 0xee, 0x17, 0x9b, 0x93, 0xc9, 0x68, 0xc0, 0xea, 0x40, 0x91,
238          0x6, 0xec, 0x8e, 0x11, 0x96, 0xc8, 0x5d, 0x1c, 0xaf, 0x64, 0x22, 0xe6, 0x50, 0x4f, 0x47, 0x57};
239     unsigned char str[] = "etaonrishd";
240
241     unsigned char md[SHA256_DIGEST_LENGTH];
242
243     ERR_clear_error();
244     if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha256())) return 0;
245     if (memcmp(md,digest,sizeof(md)))
246         return 0;
247     return 1;
248     }
249
250 /* SHA512: generate hash of known digest value and compare to known
251    precomputed correct hash
252 */
253 static int FIPS_sha512_test()
254     {
255     unsigned char digest[SHA512_DIGEST_LENGTH] =
256         {0x99, 0xc9, 0xe9, 0x5b, 0x88, 0xd4, 0x78, 0x88, 0xdf, 0x88, 0x5f, 0x94, 0x71, 0x64, 0x28, 0xca,
257          0x16, 0x1f, 0x3d, 0xf4, 0x1f, 0xf3, 0x0f, 0xc5, 0x03, 0x99, 0xb2, 0xd0, 0xe7, 0x0b, 0x94, 0x4a,
258          0x45, 0xd2, 0x6c, 0x4f, 0x20, 0x06, 0xef, 0x71, 0xa9, 0x25, 0x7f, 0x24, 0xb1, 0xd9, 0x40, 0x22,
259          0x49, 0x54, 0x10, 0xc2, 0x22, 0x9d, 0x27, 0xfe, 0xbd, 0xd6, 0xd6, 0xeb, 0x2d, 0x42, 0x1d, 0xa3};
260     unsigned char str[] = "etaonrishd";
261
262     unsigned char md[SHA512_DIGEST_LENGTH];
263
264     ERR_clear_error();
265     if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha512())) return 0;
266     if (memcmp(md,digest,sizeof(md)))
267         return 0;
268     return 1;
269     }
270
271 /* HMAC-SHA1: generate hash of known digest value and compare to known
272    precomputed correct hash
273 */
274 static int FIPS_hmac_sha1_test()
275     {
276     unsigned char key[] = "etaonrishd";
277     unsigned char iv[] = "Sample text";
278     unsigned char kaval[EVP_MAX_MD_SIZE] =
279         {0x73, 0xf7, 0xa0, 0x48, 0xf8, 0x94, 0xed, 0xdd, 0x0a, 0xea, 0xea, 0x56, 0x1b, 0x61, 0x2e, 0x70,
280          0xb2, 0xfb, 0xec, 0xc6};
281
282     unsigned char out[EVP_MAX_MD_SIZE];
283     unsigned int outlen;
284
285     ERR_clear_error();
286     if (!HMAC(EVP_sha1(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
287     if (memcmp(out,kaval,outlen))
288         return 0;
289     return 1;
290     }
291
292 /* HMAC-SHA224: generate hash of known digest value and compare to known
293    precomputed correct hash
294 */
295 static int FIPS_hmac_sha224_test()
296     {
297     unsigned char key[] = "etaonrishd";
298     unsigned char iv[] = "Sample text";
299     unsigned char kaval[EVP_MAX_MD_SIZE] =
300         {0x75, 0x58, 0xd5, 0xbd, 0x55, 0x6d, 0x87, 0x0f, 0x75, 0xff, 0xbe, 0x1c, 0xb2, 0xf0, 0x20, 0x35,
301          0xe5, 0x62, 0x49, 0xb6, 0x94, 0xb9, 0xfc, 0x65, 0x34, 0x33, 0x3a, 0x19};
302
303     unsigned char out[EVP_MAX_MD_SIZE];
304     unsigned int outlen;
305
306     ERR_clear_error();
307     if (!HMAC(EVP_sha224(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
308     if (memcmp(out,kaval,outlen))
309         return 0;
310     return 1;
311     }
312
313 /* HMAC-SHA256: generate hash of known digest value and compare to known
314    precomputed correct hash
315 */
316 static int FIPS_hmac_sha256_test()
317     {
318     unsigned char key[] = "etaonrishd";
319     unsigned char iv[] = "Sample text";
320     unsigned char kaval[EVP_MAX_MD_SIZE] =
321         {0xe9, 0x17, 0xc1, 0x7b, 0x4c, 0x6b, 0x77, 0xda, 0xd2, 0x30, 0x36, 0x02, 0xf5, 0x72, 0x33, 0x87,
322          0x9f, 0xc6, 0x6e, 0x7b, 0x7e, 0xa8, 0xea, 0xaa, 0x9f, 0xba, 0xee, 0x51, 0xff, 0xda, 0x24, 0xf4};
323
324     unsigned char out[EVP_MAX_MD_SIZE];
325     unsigned int outlen;
326
327     ERR_clear_error();
328     if (!HMAC(EVP_sha256(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
329     if (memcmp(out,kaval,outlen))
330         return 0;
331     return 1;
332     }
333
334 /* HMAC-SHA384: generate hash of known digest value and compare to known
335    precomputed correct hash
336 */
337 static int FIPS_hmac_sha384_test()
338     {
339     unsigned char key[] = "etaonrishd";
340     unsigned char iv[] = "Sample text";
341     unsigned char kaval[EVP_MAX_MD_SIZE] =
342         {0xb2, 0x9d, 0x40, 0x58, 0x32, 0xc4, 0xe3, 0x31, 0xb6, 0x63, 0x08, 0x26, 0x99, 0xef, 0x3b, 0x10,
343          0xe2, 0xdf, 0xf8, 0xff, 0xc6, 0xe1, 0x03, 0x29, 0x81, 0x2a, 0x1b, 0xac, 0xb0, 0x07, 0x39, 0x08,
344          0xf3, 0x91, 0x35, 0x11, 0x76, 0xd6, 0x4c, 0x20, 0xfb, 0x4d, 0xc3, 0xf3, 0xb8, 0x9b, 0x88, 0x1c};
345
346     unsigned char out[EVP_MAX_MD_SIZE];
347     unsigned int outlen;
348
349     ERR_clear_error();
350     if (!HMAC(EVP_sha384(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
351     if (memcmp(out,kaval,outlen))
352         return 0;
353     return 1;
354     }
355
356 /* HMAC-SHA512: generate hash of known digest value and compare to known
357    precomputed correct hash
358 */
359 static int FIPS_hmac_sha512_test()
360     {
361     unsigned char key[] = "etaonrishd";
362     unsigned char iv[] = "Sample text";
363     unsigned char kaval[EVP_MAX_MD_SIZE] =
364         {0xcd, 0x3e, 0xb9, 0x51, 0xb8, 0xbc, 0x7f, 0x9a, 0x23, 0xaf, 0xf3, 0x77, 0x59, 0x85, 0xa9, 0xe6,
365          0xf7, 0xd1, 0x51, 0x96, 0x17, 0xe0, 0x92, 0xd8, 0xa6, 0x3b, 0xc1, 0xad, 0x7e, 0x24, 0xca, 0xb1,
366          0xd7, 0x79, 0x0a, 0xa5, 0xea, 0x2c, 0x02, 0x58, 0x0b, 0xa6, 0x52, 0x6b, 0x61, 0x7f, 0xeb, 0x9c,
367          0x47, 0x86, 0x5d, 0x74, 0x2b, 0x88, 0xdf, 0xee, 0x46, 0x69, 0x96, 0x3d, 0xa6, 0xd9, 0x2a, 0x53};
368
369     unsigned char out[EVP_MAX_MD_SIZE];
370     unsigned int outlen;
371
372     ERR_clear_error();
373     if (!HMAC(EVP_sha512(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
374     if (memcmp(out,kaval,outlen))
375         return 0;
376     return 1;
377     }
378
379 /* CMAC-AES128: generate hash of known digest value and compare to known
380    precomputed correct hash
381 */
382 static int FIPS_cmac_aes128_test()
383     {
384     unsigned char key[16] = { 0x2b,0x7e,0x15,0x16, 0x28,0xae,0xd2,0xa6,
385                               0xab,0xf7,0x15,0x88, 0x09,0xcf,0x4f,0x3c, };
386     unsigned char data[] = "Sample text";
387     unsigned char kaval[EVP_MAX_MD_SIZE] =
388             { 0x16,0x83,0xfe,0xac, 0x52,0x9b,0xae,0x23,
389               0xd7,0xd5,0x66,0xf5, 0xd2,0x8d,0xbd,0x2a, };
390
391     unsigned char *out = NULL;
392     size_t outlen;
393     CMAC_CTX *ctx = CMAC_CTX_new();
394     int r = 0;
395
396     ERR_clear_error();
397
398     if (!ctx)
399             goto end;
400     if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_128_cbc(),NULL))
401             goto end;
402     if (!CMAC_Update(ctx,data,sizeof(data)-1))
403             goto end;
404     /* This should return 1.  If not, there's a programming error... */
405     if (!CMAC_Final(ctx, out, &outlen))
406             goto end;
407     out = OPENSSL_malloc(outlen);
408     if (!CMAC_Final(ctx, out, &outlen))
409             goto end;
410 #if 0
411     {
412     char *hexout = OPENSSL_malloc(outlen * 2 + 1);
413     bin2hex(out, outlen, hexout);
414     printf("CMAC-AES128: res = %s\n", hexout);
415     OPENSSL_free(hexout);
416     }
417     r = 1;
418 #else
419     if (!memcmp(out,kaval,outlen))
420             r = 1;
421 #endif
422     end:
423     CMAC_CTX_free(ctx);
424     if (out)
425           OPENSSL_free(out);
426     return r;
427     }
428
429 /* CMAC-AES192: generate hash of known digest value and compare to known
430    precomputed correct hash
431 */
432 static int FIPS_cmac_aes192_test()
433     {
434     unsigned char key[] = { 0x8e,0x73,0xb0,0xf7, 0xda,0x0e,0x64,0x52,
435                             0xc8,0x10,0xf3,0x2b, 0x80,0x90,0x79,0xe5,
436                             0x62,0xf8,0xea,0xd2, 0x52,0x2c,0x6b,0x7b, };
437     unsigned char data[] = "Sample text";
438     unsigned char kaval[] =
439             { 0xd6,0x99,0x19,0x25, 0xe5,0x1d,0x95,0x48,
440               0xb1,0x4a,0x0b,0xf2, 0xc6,0x3c,0x47,0x1f, };
441
442     unsigned char *out = NULL;
443     size_t outlen;
444     CMAC_CTX *ctx = CMAC_CTX_new();
445     int r = 0;
446
447     ERR_clear_error();
448
449     if (!ctx)
450             goto end;
451     if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_192_cbc(),NULL))
452             goto end;
453     if (!CMAC_Update(ctx,data,sizeof(data)-1))
454             goto end;
455     /* This should return 1.  If not, there's a programming error... */
456     if (!CMAC_Final(ctx, out, &outlen))
457             goto end;
458     out = OPENSSL_malloc(outlen);
459     if (!CMAC_Final(ctx, out, &outlen))
460             goto end;
461 #if 0
462     {
463     char *hexout = OPENSSL_malloc(outlen * 2 + 1);
464     bin2hex(out, outlen, hexout);
465     printf("CMAC-AES192: res = %s\n", hexout);
466     OPENSSL_free(hexout);
467     }
468     r = 1;
469 #else
470     if (!memcmp(out,kaval,outlen))
471             r = 1;
472 #endif
473     end:
474     CMAC_CTX_free(ctx);
475     if (out)
476           OPENSSL_free(out);
477     return r;
478     }
479
480 /* CMAC-AES256: generate hash of known digest value and compare to known
481    precomputed correct hash
482 */
483 static int FIPS_cmac_aes256_test()
484     {
485     unsigned char key[] = { 0x60,0x3d,0xeb,0x10, 0x15,0xca,0x71,0xbe,
486                             0x2b,0x73,0xae,0xf0, 0x85,0x7d,0x77,0x81,
487                             0x1f,0x35,0x2c,0x07, 0x3b,0x61,0x08,0xd7,
488                             0x2d,0x98,0x10,0xa3, 0x09,0x14,0xdf,0xf4, };
489     unsigned char data[] = "Sample text";
490     unsigned char kaval[] =
491             { 0xec,0xc2,0xcf,0x63, 0xc7,0xce,0xfc,0xa4,
492               0xb0,0x86,0x37,0x5f, 0x15,0x60,0xba,0x1f, };
493
494     unsigned char *out = NULL;
495     size_t outlen;
496     CMAC_CTX *ctx = CMAC_CTX_new();
497     int r = 0;
498
499     ERR_clear_error();
500
501     if (!ctx)
502             goto end;
503     if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_256_cbc(),NULL))
504             goto end;
505     if (!CMAC_Update(ctx,data,sizeof(data)-1))
506             goto end;
507     /* This should return 1.  If not, there's a programming error... */
508     if (!CMAC_Final(ctx, out, &outlen))
509             goto end;
510     out = OPENSSL_malloc(outlen);
511     if (!CMAC_Final(ctx, out, &outlen))
512             goto end;
513 #if 0
514     {
515     char *hexout = OPENSSL_malloc(outlen * 2 + 1);
516     bin2hex(out, outlen, hexout);
517     printf("CMAC-AES256: res = %s\n", hexout);
518     OPENSSL_free(hexout);
519     }
520     r = 1;
521 #else
522     if (!memcmp(out,kaval,outlen))
523             r = 1;
524 #endif
525     end:
526     CMAC_CTX_free(ctx);
527     if (out)
528           OPENSSL_free(out);
529     return r;
530     }
531
532 /* CMAC-TDEA3: generate hash of known digest value and compare to known
533    precomputed correct hash
534 */
535 static int FIPS_cmac_tdea3_test()
536     {
537     unsigned char key[] = { 0x8a,0xa8,0x3b,0xf8, 0xcb,0xda,0x10,0x62,
538                             0x0b,0xc1,0xbf,0x19, 0xfb,0xb6,0xcd,0x58,
539                             0xbc,0x31,0x3d,0x4a, 0x37,0x1c,0xa8,0xb5, };
540     unsigned char data[] = "Sample text";
541     unsigned char kaval[EVP_MAX_MD_SIZE] =
542             { 0xb4,0x06,0x4e,0xbf, 0x59,0x89,0xba,0x68, };
543
544     unsigned char *out = NULL;
545     size_t outlen;
546     CMAC_CTX *ctx = CMAC_CTX_new();
547     int r = 0;
548
549     ERR_clear_error();
550
551     if (!ctx)
552             goto end;
553     if (!CMAC_Init(ctx,key,sizeof(key),EVP_des_ede3_cbc(),NULL))
554             goto end;
555     if (!CMAC_Update(ctx,data,sizeof(data)-1))
556             goto end;
557     /* This should return 1.  If not, there's a programming error... */
558     if (!CMAC_Final(ctx, out, &outlen))
559             goto end;
560     out = OPENSSL_malloc(outlen);
561     if (!CMAC_Final(ctx, out, &outlen))
562             goto end;
563 #if 0
564     {
565     char *hexout = OPENSSL_malloc(outlen * 2 + 1);
566     bin2hex(out, outlen, hexout);
567     printf("CMAC-TDEA3: res = %s\n", hexout);
568     OPENSSL_free(hexout);
569     }
570     r = 1;
571 #else
572     if (!memcmp(out,kaval,outlen))
573             r = 1;
574 #endif
575     end:
576     CMAC_CTX_free(ctx);
577     if (out)
578           OPENSSL_free(out);
579     return r;
580     }
581
582
583 /* DH: generate shared parameters
584 */
585 static int dh_test()
586     {
587     DH *dh;
588     ERR_clear_error();
589     dh = FIPS_dh_new();
590     if (!dh)
591         return 0;
592     if (!DH_generate_parameters_ex(dh, 1024, 2, NULL))
593         return 0;
594     FIPS_dh_free(dh);
595     return 1;
596     }
597
598 /* Zeroize
599 */
600 static int Zeroize()
601     {
602     RSA *key;
603     BIGNUM *bn;
604     unsigned char userkey[16] = 
605         { 0x48, 0x50, 0xf0, 0xa3, 0x3a, 0xed, 0xd3, 0xaf, 0x6e, 0x47, 0x7f, 0x83, 0x02, 0xb1, 0x09, 0x68 };
606     size_t i;
607     int n;
608
609     key = FIPS_rsa_new();
610     bn = BN_new();
611     if (!key || !bn)
612         return 0;
613     BN_set_word(bn, 65537);
614     if (!RSA_generate_key_ex(key, 1024,bn,NULL))
615         return 0;
616     BN_free(bn);
617     
618     n = BN_num_bytes(key->d);
619     printf(" Generated %d byte RSA private key\n", n);
620     printf("\tBN key before overwriting:\n");
621     do_bn_print(stdout, key->d);
622     BN_rand(key->d,n*8,-1,0);
623     printf("\tBN key after overwriting:\n");
624     do_bn_print(stdout, key->d);
625
626     printf("\tchar buffer key before overwriting: \n\t\t");
627     for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
628         printf("\n");
629     RAND_bytes(userkey, sizeof userkey);
630     printf("\tchar buffer key after overwriting: \n\t\t");
631     for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
632         printf("\n");
633
634     FIPS_rsa_free(key);
635
636     return 1;
637     }
638
639 /* Dummy Entropy for DRBG tests. WARNING: THIS IS TOTALLY BOGUS
640  * HAS ZERO SECURITY AND MUST NOT BE USED IN REAL APPLICATIONS.
641  */
642
643 static unsigned char dummy_drbg_entropy[1024];
644
645 static size_t drbg_test_cb(DRBG_CTX *ctx, unsigned char **pout,
646                                 int entropy, size_t min_len, size_t max_len)
647         {
648         *pout = dummy_drbg_entropy;
649         /* Round up to multiple of block size */
650         return (min_len + 0xf) & ~0xf;
651         }
652
653 /* Callback which returns 0 to indicate entropy source failure */
654 static size_t drbg_fail_cb(DRBG_CTX *ctx, unsigned char **pout,
655                                 int entropy, size_t min_len, size_t max_len)
656         {
657         return 0;
658         }
659
660 /* DRBG test: just generate lots of data and trigger health checks */
661
662 static int do_drbg_test(int type, int flags)
663     {
664     DRBG_CTX *dctx;
665     int rv = 0;
666     size_t i;
667     unsigned char randout[1024];
668     dctx = FIPS_drbg_new(type, flags);
669     if (!dctx)
670         return 0;
671     FIPS_drbg_set_callbacks(dctx, drbg_test_cb, 0, 0x10, drbg_test_cb, 0);
672     for (i = 0; i < sizeof(dummy_drbg_entropy); i++)
673         {
674         dummy_drbg_entropy[i] = i & 0xff;
675         }
676     if (!FIPS_drbg_instantiate(dctx, dummy_drbg_entropy, 10))
677         goto err;
678     FIPS_drbg_set_check_interval(dctx, 10);
679     for (i = 0; i < 32; i++)
680         {
681         if (!FIPS_drbg_generate(dctx, randout, sizeof(randout), 0, NULL, 0))
682                 goto err;
683         if (!FIPS_drbg_generate(dctx, randout, sizeof(randout), 0, dummy_drbg_entropy, 1))
684                 goto err;
685         }
686     rv = 1;
687     err:
688     FIPS_drbg_free(dctx);
689     return rv;
690     }
691
692 typedef struct 
693     {
694     int type, flags;
695     } DRBG_LIST;
696
697 static int do_drbg_all(void)
698     {
699     static DRBG_LIST drbg_types[] =
700         {
701                 {NID_sha1, 0},
702                 {NID_sha224, 0},
703                 {NID_sha256, 0},
704                 {NID_sha384, 0},
705                 {NID_sha512, 0},
706                 {NID_hmacWithSHA1, 0},
707                 {NID_hmacWithSHA224, 0},
708                 {NID_hmacWithSHA256, 0},
709                 {NID_hmacWithSHA384, 0},
710                 {NID_hmacWithSHA512, 0},
711                 {NID_aes_128_ctr, 0},
712                 {NID_aes_192_ctr, 0},
713                 {NID_aes_256_ctr, 0},
714                 {NID_aes_128_ctr, DRBG_FLAG_CTR_USE_DF},
715                 {NID_aes_192_ctr, DRBG_FLAG_CTR_USE_DF},
716                 {NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF},
717                 {(NID_X9_62_prime256v1 << 16)|NID_sha1, 0},
718                 {(NID_X9_62_prime256v1 << 16)|NID_sha224, 0},
719                 {(NID_X9_62_prime256v1 << 16)|NID_sha256, 0},
720                 {(NID_X9_62_prime256v1 << 16)|NID_sha384, 0},
721                 {(NID_X9_62_prime256v1 << 16)|NID_sha512, 0},
722                 {(NID_secp384r1 << 16)|NID_sha224, 0},
723                 {(NID_secp384r1 << 16)|NID_sha256, 0},
724                 {(NID_secp384r1 << 16)|NID_sha384, 0},
725                 {(NID_secp384r1 << 16)|NID_sha512, 0},
726                 {(NID_secp521r1 << 16)|NID_sha256, 0},
727                 {(NID_secp521r1 << 16)|NID_sha384, 0},
728                 {(NID_secp521r1 << 16)|NID_sha512, 0},
729                 {0, 0}
730         };
731     DRBG_LIST *lst;
732     int rv = 1;
733     for (lst = drbg_types;; lst++)
734         {
735         if (lst->type == 0)
736                 break;
737         if (!do_drbg_test(lst->type, lst->flags))
738                 rv = 0;
739         }
740     return rv;
741     }
742
743 static int Error;
744 static const char * Fail(const char *msg)
745     {
746     Error++;
747     return msg; 
748     }
749
750 static void test_msg(const char *msg, int result)
751         {
752         printf("%s...%s\n", msg, result ? "successful" : Fail("Failed!"));
753         }
754
755 /* Table of IDs for POST translating between NIDs and names */
756
757 typedef struct 
758         {
759         int id;
760         const char *name;
761         } POST_ID;
762
763 POST_ID id_list[] = {
764         {NID_sha1, "SHA1"},
765         {NID_sha224, "SHA224"},
766         {NID_sha256, "SHA256"},
767         {NID_sha384, "SHA384"},
768         {NID_sha512, "SHA512"},
769         {NID_hmacWithSHA1, "HMAC-SHA1"},
770         {NID_hmacWithSHA224, "HMAC-SHA224"},
771         {NID_hmacWithSHA256, "HMAC-SHA256"},
772         {NID_hmacWithSHA384, "HMAC-SHA384"},
773         {NID_hmacWithSHA512, "HMAC-SHA512"},
774         {EVP_PKEY_RSA, "RSA"},
775         {EVP_PKEY_DSA, "DSA"},
776         {EVP_PKEY_EC, "ECDSA"},
777         {NID_aes_128_cbc, "AES-128-CBC"},
778         {NID_aes_192_cbc, "AES-192-CBC"},
779         {NID_aes_256_cbc, "AES-256-CBC"},
780         {NID_aes_128_ctr, "AES-128-CTR"},
781         {NID_aes_192_ctr, "AES-192-CTR"},
782         {NID_aes_256_ctr, "AES-256-CTR"},
783         {NID_aes_128_ecb, "AES-128-ECB"},
784         {NID_aes_128_xts, "AES-128-XTS"},
785         {NID_aes_256_xts, "AES-256-XTS"},
786         {NID_des_ede3_cbc, "DES-EDE3-CBC"},
787         {NID_des_ede3_ecb, "DES-EDE3-ECB"},
788         {NID_secp224r1, "P-224"},
789         {NID_sect233r1, "B-233"},
790         {NID_sect233k1, "K-233"},
791         {NID_X9_62_prime256v1, "P-256"},
792         {NID_secp384r1, "P-384"},
793         {NID_secp521r1, "P-521"},
794         {0, NULL}
795 };
796
797 static const char *lookup_id(int id)
798         {
799         POST_ID *n;
800         static char out[40];
801         for (n = id_list; n->name; n++)
802                 {
803                 if (n->id == id)
804                         return n->name;
805                 }
806         sprintf(out, "ID=%d", id);
807         return out;
808         }
809
810 static int fail_id = -1;
811 static int fail_sub = -1;
812 static int fail_key = -1;
813
814 static int st_err, post_quiet = 0;
815
816 static int post_cb(int op, int id, int subid, void *ex)
817         {
818         const char *idstr, *exstr = "";
819         char asctmp[20];
820         int keytype = -1;
821         int exp_fail = 0;
822 #ifdef FIPS_POST_TIME
823         static struct timespec start, end, tstart, tend;
824 #endif
825         switch(id)
826                 {
827                 case FIPS_TEST_INTEGRITY:
828                 idstr = "Integrity";
829                 break;
830
831                 case FIPS_TEST_DIGEST:
832                 idstr = "Digest";
833                 exstr = lookup_id(subid);
834                 break;
835
836                 case FIPS_TEST_CIPHER:
837                 exstr = lookup_id(subid);
838                 idstr = "Cipher";
839                 break;
840
841                 case FIPS_TEST_SIGNATURE:
842                 if (ex)
843                         {
844                         EVP_PKEY *pkey = ex;
845                         keytype = pkey->type;
846                         if (keytype == EVP_PKEY_EC)
847                                 {
848                                 const EC_GROUP *grp;
849                                 int cnid;
850                                 grp = EC_KEY_get0_group(pkey->pkey.ec);
851                                 cnid = EC_GROUP_get_curve_name(grp);
852                                 sprintf(asctmp, "ECDSA %s", lookup_id(cnid));
853                                 exstr = asctmp;
854                                 }
855                         else
856                                 exstr = lookup_id(keytype);
857                         }
858                 idstr = "Signature";
859                 break;
860
861                 case FIPS_TEST_HMAC:
862                 exstr = lookup_id(subid);
863                 idstr = "HMAC";
864                 break;
865
866                 case FIPS_TEST_CMAC:
867                 idstr = "CMAC";
868                 exstr = lookup_id(subid);
869                 break;
870
871                 case FIPS_TEST_GCM:
872                 idstr = "GCM";
873                 break;
874
875                 case FIPS_TEST_XTS:
876                 idstr = "XTS";
877                 exstr = lookup_id(subid);
878                 break;
879
880                 case FIPS_TEST_CCM:
881                 idstr = "CCM";
882                 break;
883
884                 case FIPS_TEST_X931:
885                 idstr = "X9.31 PRNG";
886                 sprintf(asctmp, "keylen=%d", subid);
887                 exstr = asctmp;
888                 break;
889
890                 case FIPS_TEST_DRBG:
891                 idstr = "DRBG";
892                 if (*(int *)ex & DRBG_FLAG_CTR_USE_DF)
893                         {
894                         sprintf(asctmp, "%s DF", lookup_id(subid));
895                         exstr = asctmp;
896                         }
897                 else if (subid >> 16)
898                         {
899                         sprintf(asctmp, "%s %s",
900                                         lookup_id(subid >> 16),
901                                         lookup_id(subid & 0xFFFF));
902                         exstr = asctmp;
903                         }
904                 else
905                         exstr = lookup_id(subid);
906                 break;
907
908                 case FIPS_TEST_PAIRWISE:
909                 if (ex)
910                         {
911                         EVP_PKEY *pkey = ex;
912                         keytype = pkey->type;
913                         exstr = lookup_id(keytype);
914                         }
915                 idstr = "Pairwise Consistency";
916                 break;
917
918                 case FIPS_TEST_CONTINUOUS:
919                 idstr = "Continuous PRNG";
920                 break;
921
922                 case FIPS_TEST_ECDH:
923                 idstr = "ECDH";
924                 exstr = lookup_id(subid);
925                 break;
926
927                 default:
928                 idstr = "Unknown";
929                 break;
930
931                 }
932
933         if (fail_id == id
934                 && (fail_key == -1 || fail_key == keytype)
935                 && (fail_sub == -1 || fail_sub == subid))
936                         exp_fail = 1;
937
938         switch(op)
939                 {
940                 case FIPS_POST_BEGIN:
941 #ifdef FIPS_POST_TIME
942                 clock_getres(CLOCK_REALTIME, &tstart);
943                 printf("\tTimer resolution %ld s, %ld ns\n",
944                                 (long)tstart.tv_sec, (long)tstart.tv_nsec);
945                 clock_gettime(CLOCK_REALTIME, &tstart);
946 #endif
947                 printf("\tPOST started\n");
948                 break;
949
950                 case FIPS_POST_END:
951                 printf("\tPOST %s\n", id ? "Success" : "Failed");
952 #ifdef FIPS_POST_TIME
953                 clock_gettime(CLOCK_REALTIME, &tend);
954                 printf("\t\tTook %f seconds\n",
955                         (double)((tend.tv_sec+tend.tv_nsec*1e-9)
956                         - (tstart.tv_sec+tstart.tv_nsec*1e-9)));
957 #endif
958                 break;
959
960                 case FIPS_POST_STARTED:
961                 if (!post_quiet && !exp_fail)
962                         printf("\t\t%s %s test started\n", idstr, exstr);
963 #ifdef FIPS_POST_TIME
964                 clock_gettime(CLOCK_REALTIME, &start);
965 #endif
966                 break;
967
968                 case FIPS_POST_SUCCESS:
969                 if (exp_fail)
970                         {
971                         printf("\t\t%s %s test OK but should've failed\n",
972                                                                 idstr, exstr);
973                         st_err++;
974                         }
975                 else if (!post_quiet)
976                         printf("\t\t%s %s test OK\n", idstr, exstr);
977 #ifdef FIPS_POST_TIME
978                 clock_gettime(CLOCK_REALTIME, &end);
979                 printf("\t\t\tTook %f seconds\n",
980                         (double)((end.tv_sec+end.tv_nsec*1e-9)
981                         - (start.tv_sec+start.tv_nsec*1e-9)));
982 #endif
983                 break;
984
985                 case FIPS_POST_FAIL:
986                 if (exp_fail)
987                         {
988                         printf("\t\t%s %s test failed as expected\n",
989                                                         idstr, exstr);
990                         }
991                 else
992                         {
993                         printf("\t\t%s %s test Failed Incorrectly!!\n",
994                                                         idstr, exstr);
995                         st_err++;
996                         }
997                 break;
998
999                 case FIPS_POST_CORRUPT:
1000                 if (exp_fail)
1001                         {
1002                         printf("\t\t%s %s test failure induced\n", idstr, exstr);
1003                         return 0;
1004                         }
1005                 break;
1006
1007                 }
1008         return 1;
1009         }
1010
1011 /* Test POST induced failures */
1012
1013 typedef struct 
1014         {
1015         const char *name;
1016         int id, subid, keyid;
1017         } fail_list;
1018
1019 static fail_list flist[] =
1020         {
1021         {"Integrity", FIPS_TEST_INTEGRITY, -1, -1},
1022         {"AES", FIPS_TEST_CIPHER, NID_aes_128_ecb, -1},
1023         {"DES3", FIPS_TEST_CIPHER, NID_des_ede3_ecb, -1},
1024         {"AES-GCM", FIPS_TEST_GCM, -1, -1},
1025         {"AES-CCM", FIPS_TEST_CCM, -1, -1},
1026         {"AES-XTS", FIPS_TEST_XTS, -1, -1},
1027         {"Digest", FIPS_TEST_DIGEST, -1, -1},
1028         {"HMAC", FIPS_TEST_HMAC, -1, -1},
1029         {"CMAC", FIPS_TEST_CMAC, -1, -1},
1030         {"DRBG", FIPS_TEST_DRBG, -1, -1},
1031         {"X9.31 PRNG", FIPS_TEST_X931, -1, -1},
1032         {"RSA", FIPS_TEST_SIGNATURE, -1, EVP_PKEY_RSA},
1033         {"DSA", FIPS_TEST_SIGNATURE, -1, EVP_PKEY_DSA},
1034         {"ECDSA", FIPS_TEST_SIGNATURE, -1, EVP_PKEY_EC},
1035         {"ECDH", FIPS_TEST_ECDH, -1, -1},
1036         {NULL, -1, -1, -1}
1037         };
1038
1039 static int do_fail_all(int fullpost, int fullerr)
1040         {
1041         fail_list *ftmp;
1042         int rv;
1043         size_t i;
1044         RSA *rsa = NULL;
1045         DSA *dsa = NULL;
1046         DRBG_CTX *dctx = NULL, *defctx = NULL;
1047         EC_KEY *ec = NULL;
1048         BIGNUM *bn = NULL;
1049         unsigned char out[10];
1050         if (!fullpost)
1051                 post_quiet = 1;
1052         if (!fullerr)
1053                 no_err = 1;
1054         FIPS_module_mode_set(0, NULL);
1055         for (ftmp = flist; ftmp->name; ftmp++)
1056                 {
1057                 printf("    Testing induced failure of %s test\n", ftmp->name);
1058                 fail_id = ftmp->id;
1059                 fail_sub = ftmp->subid;
1060                 fail_key = ftmp->keyid;
1061                 rv = FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS);
1062                 if (rv)
1063                         {
1064                         printf("\tFIPS mode incorrectly successful!!\n");
1065                         st_err++;
1066                         }
1067                 }
1068         printf("    Testing induced failure of RSA keygen test\n");
1069         /* NB POST will succeed with a pairwise test failures as
1070          * it is not used during POST.
1071          */
1072         fail_id = FIPS_TEST_PAIRWISE;
1073         fail_key = EVP_PKEY_RSA;
1074         /* Now enter FIPS mode successfully */
1075         if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
1076                 {
1077                 printf("\tError entering FIPS mode\n");
1078                 st_err++;
1079                 }
1080
1081         rsa = FIPS_rsa_new();
1082         bn = BN_new();
1083         if (!rsa || !bn)
1084                 return 0;
1085         BN_set_word(bn, 65537);
1086         if (RSA_generate_key_ex(rsa, 2048,bn,NULL))
1087                 {
1088                 printf("\tRSA key generated OK incorrectly!!\n");
1089                 st_err++;
1090                 }
1091         else
1092                 printf("\tRSA key generation failed as expected.\n");
1093
1094         /* Leave FIPS mode to clear error */
1095         FIPS_module_mode_set(0, NULL);
1096
1097         printf("    Testing induced failure of DSA keygen test\n");
1098         fail_key = EVP_PKEY_DSA;
1099         /* Enter FIPS mode successfully */
1100         if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
1101                 {
1102                 printf("\tError entering FIPS mode\n");
1103                 st_err++;
1104                 }
1105         dsa = FIPS_dsa_new();
1106         if (!dsa)
1107                 return 0;
1108         if (!DSA_generate_parameters_ex(dsa, 1024,NULL,0,NULL,NULL,NULL))
1109                 return 0;
1110         if (DSA_generate_key(dsa))
1111                 {
1112                 printf("\tDSA key generated OK incorrectly!!\n");
1113                 st_err++;
1114                 }
1115         else
1116                 printf("\tDSA key generation failed as expected.\n");
1117
1118         /* Leave FIPS mode to clear error */
1119         FIPS_module_mode_set(0, NULL);
1120         /* Enter FIPS mode successfully */
1121         if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
1122                 {
1123                 printf("\tError entering FIPS mode\n");
1124                 st_err++;
1125                 }
1126
1127         printf("    Testing induced failure of ECDSA keygen test\n");
1128         fail_key = EVP_PKEY_EC;
1129
1130         ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1131
1132         if (!ec)
1133                 return 0;
1134
1135         if (EC_KEY_generate_key(ec))
1136                 {
1137                 printf("\tECDSA key generated OK incorrectly!!\n");
1138                 st_err++;
1139                 }
1140         else
1141                 printf("\tECDSA key generation failed as expected.\n");
1142
1143         FIPS_ec_key_free(ec);
1144         ec = NULL;
1145
1146         fail_id = -1;
1147         fail_sub = -1;
1148         fail_key = -1;
1149         /* Leave FIPS mode to clear error */
1150         FIPS_module_mode_set(0, NULL);
1151         /* Enter FIPS mode successfully */
1152         if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
1153                 {
1154                 printf("\tError entering FIPS mode\n");
1155                 st_err++;
1156                 }
1157         /* Induce continuous PRNG failure for DRBG */
1158         printf("    Testing induced failure of DRBG CPRNG test\n");
1159         FIPS_drbg_stick(1);
1160
1161         /* Initialise a DRBG context */
1162         dctx = FIPS_drbg_new(NID_sha1, 0);
1163         if (!dctx)
1164                 return 0;
1165         for (i = 0; i < sizeof(dummy_drbg_entropy); i++)
1166                 {
1167                 dummy_drbg_entropy[i] = i & 0xff;
1168                 }
1169         FIPS_drbg_set_callbacks(dctx, drbg_test_cb, 0, 0x10, drbg_test_cb, 0);
1170         if (!FIPS_drbg_instantiate(dctx, dummy_drbg_entropy, 10))
1171                 {
1172                 printf("\tDRBG instantiate error!!\n");
1173                 st_err++;
1174                 }
1175         if (FIPS_drbg_generate(dctx, out, sizeof(out), 0, NULL, 0))
1176                 {
1177                 printf("\tDRBG continuous PRNG OK incorrectly!!\n");
1178                 st_err++;
1179                 }
1180         else
1181                 printf("\tDRBG continuous PRNG failed as expected\n");
1182         FIPS_drbg_stick(0);
1183
1184         /* Leave FIPS mode to clear error */
1185         FIPS_module_mode_set(0, NULL);
1186         /* Enter FIPS mode successfully */
1187         if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
1188                 {
1189                 printf("\tError entering FIPS mode\n");
1190                 st_err++;
1191                 }
1192
1193         FIPS_drbg_free(dctx);
1194
1195         /* Induce continuous PRNG failure for DRBG entropy source*/
1196         printf("    Testing induced failure of DRBG entropy CPRNG test\n");
1197
1198         /* Initialise a DRBG context */
1199         dctx = FIPS_drbg_new(NID_sha1, 0);
1200         if (!dctx)
1201                 return 0;
1202         for (i = 0; i < sizeof(dummy_drbg_entropy); i++)
1203                 {
1204                 dummy_drbg_entropy[i] = i & 0xf;
1205                 }
1206         FIPS_drbg_set_callbacks(dctx, drbg_test_cb, 0, 0x10, drbg_test_cb, 0);
1207         if (FIPS_drbg_instantiate(dctx, dummy_drbg_entropy, 10))
1208                 {
1209                 printf("\tDRBG continuous PRNG entropy OK incorrectly!!\n");
1210                 st_err++;
1211                 }
1212         else
1213                 printf("\tDRBG continuous PRNG entropy failed as expected\n");
1214         /* Leave FIPS mode to clear error */
1215         FIPS_module_mode_set(0, NULL);
1216         /* Enter FIPS mode successfully */
1217         if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
1218                 {
1219                 printf("\tError entering FIPS mode\n");
1220                 st_err++;
1221                 }
1222         FIPS_drbg_free(dctx);
1223
1224         /* Leave FIPS mode to clear error */
1225         FIPS_module_mode_set(0, NULL);
1226         /* Enter FIPS mode successfully */
1227         if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
1228                 {
1229                 printf("\tError entering FIPS mode\n");
1230                 st_err++;
1231                 }
1232
1233         printf("    Testing induced failure of X9.31 CPRNG test\n");
1234         FIPS_x931_stick(1);
1235         if (!FIPS_x931_set_key(dummy_drbg_entropy, 32))
1236                 {
1237                 printf("\tError initialiasing X9.31 PRNG\n");
1238                 st_err++;
1239                 }
1240         if (!FIPS_x931_seed(dummy_drbg_entropy + 32, 16))
1241                 {
1242                 printf("\tError seeding X9.31 PRNG\n");
1243                 st_err++;
1244                 }
1245         if (FIPS_x931_bytes(out, 10) > 0)
1246                 {
1247                 printf("\tX9.31 continuous PRNG failure OK incorrectly!!\n");
1248                 st_err++;
1249                 }
1250         else
1251                 printf("\tX9.31 continuous PRNG failed as expected\n");
1252         FIPS_x931_stick(0);
1253
1254         /* Leave FIPS mode to clear error */
1255         FIPS_module_mode_set(0, NULL);
1256         /* Enter FIPS mode successfully */
1257         if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
1258                 {
1259                 printf("\tError entering FIPS mode\n");
1260                 st_err++;
1261                 }
1262
1263         printf("    Testing operation failure with DRBG entropy failure\n");
1264
1265         /* Generate DSA key for later use */
1266         if (DSA_generate_key(dsa))
1267                 printf("\tDSA key generated OK as expected.\n");
1268         else
1269                 {
1270                 printf("\tDSA key generation FAILED!!\n");
1271                 st_err++;
1272                 }
1273
1274         /* Initialise default DRBG context */
1275         defctx = FIPS_get_default_drbg();
1276         if (!defctx)
1277                 return 0;
1278         if (!FIPS_drbg_init(defctx, NID_sha512, 0))
1279                 return 0;
1280         /* Set entropy failure callback */
1281         FIPS_drbg_set_callbacks(defctx, drbg_fail_cb, 0, 0x10, drbg_test_cb, 0);
1282         if (FIPS_drbg_instantiate(defctx, dummy_drbg_entropy, 10))
1283                 {
1284                 printf("\tDRBG entropy fail OK incorrectly!!\n");
1285                 st_err++;
1286                 }
1287         else
1288                 printf("\tDRBG entropy fail failed as expected\n");
1289
1290         if (FIPS_dsa_sign(dsa, dummy_drbg_entropy, 5, EVP_sha256()))
1291                 {
1292                 printf("\tDSA signing OK incorrectly!!\n");
1293                 st_err++;
1294                 }
1295         else
1296                 printf("\tDSA signing failed as expected\n");
1297
1298         ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1299
1300         if (!ec)
1301                 return 0;
1302
1303         if (EC_KEY_generate_key(ec))
1304                 {
1305                 printf("\tECDSA key generated OK incorrectly!!\n");
1306                 st_err++;
1307                 }
1308         else
1309                 printf("\tECDSA key generation failed as expected.\n");
1310
1311         printf("  Induced failure test completed with %d errors\n", st_err);
1312         post_quiet = 0; 
1313         no_err = 0;
1314         BN_free(bn);
1315         FIPS_rsa_free(rsa);
1316         FIPS_dsa_free(dsa);
1317         FIPS_ec_key_free(ec);
1318         if (st_err)
1319                 return 0;
1320         return 1;
1321         }
1322
1323 #ifdef FIPS_ALGVS
1324 int fips_test_suite_main(int argc, char **argv)
1325 #else
1326 int main(int argc, char **argv)
1327 #endif
1328     {
1329     char **args = argv + 1;
1330     int bad_rsa = 0, bad_dsa = 0;
1331     int do_rng_stick = 0;
1332     int do_drbg_stick = 0;
1333     int no_exit = 0;
1334     int no_dh = 0, no_drbg = 0;
1335     char *pass = FIPS_AUTH_USER_PASS;
1336     int fullpost = 0, fullerr = 0;
1337
1338     FIPS_post_set_callback(post_cb);
1339
1340     printf("\tFIPS-mode test application\n");
1341
1342     printf("\t%s\n\n", FIPS_module_version_text());
1343
1344     while(*args) {
1345         /* Corrupted KAT tests */
1346         if (!strcmp(*args, "integrity")) {
1347             fail_id = FIPS_TEST_INTEGRITY;
1348         } else if (!strcmp(*args, "aes")) {
1349             fail_id = FIPS_TEST_CIPHER;
1350             fail_sub = NID_aes_128_ecb; 
1351         } else if (!strcmp(*args, "aes-ccm")) {
1352             fail_id = FIPS_TEST_CCM;
1353         } else if (!strcmp(*args, "aes-gcm")) {
1354             fail_id = FIPS_TEST_GCM;
1355         } else if (!strcmp(*args, "aes-xts")) {
1356             fail_id = FIPS_TEST_XTS;
1357         } else if (!strcmp(*args, "des")) {
1358             fail_id = FIPS_TEST_CIPHER;
1359             fail_sub = NID_des_ede3_ecb;        
1360         } else if (!strcmp(*args, "dsa")) {
1361             fail_id = FIPS_TEST_SIGNATURE;
1362             fail_key = EVP_PKEY_DSA;    
1363         } else if (!strcmp(argv[1], "ecdh")) {
1364             fail_id = FIPS_TEST_ECDH;
1365         } else if (!strcmp(*args, "ecdsa")) {
1366             fail_id = FIPS_TEST_SIGNATURE;
1367             fail_key = EVP_PKEY_EC;     
1368         } else if (!strcmp(*args, "rsa")) {
1369             fail_id = FIPS_TEST_SIGNATURE;
1370             fail_key = EVP_PKEY_RSA;    
1371         } else if (!strcmp(*args, "rsakey")) {
1372             printf("RSA key generation and signature validation with corrupted key...\n");
1373             bad_rsa = 1;
1374             no_exit = 1;
1375         } else if (!strcmp(*args, "rsakeygen")) {
1376             fail_id = FIPS_TEST_PAIRWISE;
1377             fail_key = EVP_PKEY_RSA;
1378             no_exit = 1;
1379         } else if (!strcmp(*args, "dsakey")) {
1380             printf("DSA key generation and signature validation with corrupted key...\n");
1381             bad_dsa = 1;
1382             no_exit = 1;
1383         } else if (!strcmp(*args, "dsakeygen")) {
1384             fail_id = FIPS_TEST_PAIRWISE;
1385             fail_key = EVP_PKEY_DSA;
1386             no_exit = 1;
1387         } else if (!strcmp(*args, "sha1")) {
1388             fail_id = FIPS_TEST_DIGEST;
1389         } else if (!strcmp(*args, "hmac")) {
1390             fail_id = FIPS_TEST_HMAC;
1391         } else if (!strcmp(*args, "cmac")) {
1392             fail_id = FIPS_TEST_CMAC;
1393         } else if (!strcmp(*args, "drbg")) {
1394             fail_id = FIPS_TEST_DRBG;
1395         } else if (!strcmp(argv[1], "rng")) {
1396             fail_id = FIPS_TEST_X931;
1397         } else if (!strcmp(*args, "nodrbg")) {
1398             no_drbg = 1;
1399             no_exit = 1;
1400         } else if (!strcmp(*args, "nodh")) {
1401             no_dh = 1;
1402             no_exit = 1;
1403         } else if (!strcmp(*args, "post")) {
1404             fail_id = -1;
1405         } else if (!strcmp(*args, "rngstick")) {
1406             do_rng_stick = 1;
1407             no_exit = 1;
1408             printf("RNG test with stuck continuous test...\n");
1409         } else if (!strcmp(*args, "drbgentstick")) {
1410                 do_entropy_stick();
1411         } else if (!strcmp(*args, "drbgstick")) {
1412             do_drbg_stick = 1;
1413             no_exit = 1;
1414             printf("DRBG test with stuck continuous test...\n");
1415         } else if (!strcmp(*args, "user")) {
1416                 pass = FIPS_AUTH_USER_PASS;
1417         } else if (!strcmp(*args, "officer")) {
1418                 pass = FIPS_AUTH_OFFICER_PASS;
1419         } else if (!strcmp(*args, "badpass")) {
1420                 pass = "bad invalid password";
1421         } else if (!strcmp(*args, "nopass")) {
1422                 pass = "";
1423         } else if (!strcmp(*args, "fullpost")) {
1424                 fullpost = 1;
1425                 no_exit = 1;
1426         } else if (!strcmp(*args, "fullerr")) {
1427                 fullerr = 1;
1428                 no_exit = 1;
1429         } else {
1430             printf("Bad argument \"%s\"\n", *args);
1431             return 1;
1432         }
1433     args++;
1434     }
1435
1436     if ((argc != 1) && !no_exit) {
1437                 fips_algtest_init_nofips();
1438                 if (!FIPS_module_mode_set(1, pass)) {
1439                     printf("Power-up self test failed\n");
1440                     return 1;
1441                 }
1442                 printf("Power-up self test successful\n");
1443                 return 0;
1444     }
1445
1446     fips_algtest_init_nofips();
1447
1448     /* Non-Approved cryptographic operation
1449     */
1450     printf("1. Non-Approved cryptographic operation test...\n");
1451     if (no_dh)
1452         printf("\t D-H test skipped\n");
1453     else
1454         test_msg("\ta. Included algorithm (D-H)...", dh_test());
1455
1456     /* Power-up self test
1457     */
1458     ERR_clear_error();
1459     test_msg("2. Automatic power-up self test", FIPS_module_mode_set(1, pass));
1460     if (!FIPS_module_mode())
1461         return 1;
1462     if (do_drbg_stick)
1463             FIPS_drbg_stick(1);
1464     if (do_rng_stick)
1465             FIPS_x931_stick(1);
1466
1467     /* AES encryption/decryption
1468     */
1469     test_msg("3a. AES encryption/decryption", FIPS_aes_test());
1470     /* AES GCM encryption/decryption
1471     */
1472     test_msg("3b. AES-GCM encryption/decryption", FIPS_aes_gcm_test());
1473
1474     /* RSA key generation and encryption/decryption
1475     */
1476     test_msg("4. RSA key generation and encryption/decryption",
1477                                                 FIPS_rsa_test(bad_rsa));
1478
1479     /* DES-CBC encryption/decryption
1480     */
1481     test_msg("5. DES-ECB encryption/decryption", FIPS_des3_test());
1482
1483     /* DSA key generation and signature validation
1484     */
1485     test_msg("6. DSA key generation and signature validation",
1486                                                 FIPS_dsa_test(bad_dsa));
1487
1488     /* SHA-1 hash
1489     */
1490     test_msg("7a. SHA-1 hash", FIPS_sha1_test());
1491
1492     /* SHA-256 hash
1493     */
1494     test_msg("7b. SHA-256 hash", FIPS_sha256_test());
1495
1496     /* SHA-512 hash
1497     */
1498     test_msg("7c. SHA-512 hash", FIPS_sha512_test());
1499
1500     /* HMAC-SHA-1 hash
1501     */
1502     test_msg("7d. HMAC-SHA-1 hash", FIPS_hmac_sha1_test());
1503
1504     /* HMAC-SHA-224 hash
1505     */
1506     test_msg("7e. HMAC-SHA-224 hash", FIPS_hmac_sha224_test());
1507
1508     /* HMAC-SHA-256 hash
1509     */
1510     test_msg("7f. HMAC-SHA-256 hash", FIPS_hmac_sha256_test());
1511
1512     /* HMAC-SHA-384 hash
1513     */
1514     test_msg("7g. HMAC-SHA-384 hash", FIPS_hmac_sha384_test());
1515
1516     /* HMAC-SHA-512 hash
1517     */
1518     test_msg("7h. HMAC-SHA-512 hash", FIPS_hmac_sha512_test());
1519
1520     /* CMAC-AES-128 hash
1521     */
1522     test_msg("8a. CMAC-AES-128 hash", FIPS_cmac_aes128_test());
1523
1524     /* CMAC-AES-192 hash
1525     */
1526     test_msg("8b. CMAC-AES-192 hash", FIPS_cmac_aes192_test());
1527
1528     /* CMAC-AES-256 hash
1529     */
1530     test_msg("8c. CMAC-AES-256 hash", FIPS_cmac_aes256_test());
1531
1532 # if 0                          /* Not a FIPS algorithm */
1533     /* CMAC-TDEA-2 hash
1534     */
1535     test_msg("8d. CMAC-TDEA-2 hash", FIPS_cmac_tdea2_test());
1536 #endif
1537
1538     /* CMAC-TDEA-3 hash
1539     */
1540     test_msg("8e. CMAC-TDEA-3 hash", FIPS_cmac_tdea3_test());
1541
1542     /* Non-Approved cryptographic operation
1543     */
1544     printf("9. Non-Approved cryptographic operation test...\n");
1545     printf("\ta. Included algorithm (D-H)...%s\n",
1546                 no_dh ? "skipped" :
1547                 dh_test() ? "successful as expected"
1548                                                 : Fail("failed INCORRECTLY!") );
1549
1550     /* Zeroization
1551     */
1552     printf("10. Zero-ization...\n\t%s\n",
1553                 Zeroize() ? "successful as expected"
1554                                         : Fail("failed INCORRECTLY!") );
1555
1556     printf("11. Complete DRBG health check...\n");
1557     printf("\t%s\n", FIPS_selftest_drbg_all() ? "successful as expected"
1558                                         : Fail("failed INCORRECTLY!") );
1559
1560     printf("12. DRBG generation check...\n");
1561     if (no_drbg)
1562         printf("\tskipped\n");
1563     else
1564         printf("\t%s\n", do_drbg_all() ? "successful as expected"
1565                                         : Fail("failed INCORRECTLY!") );
1566
1567     printf("13. Induced test failure check...\n");
1568     printf("\t%s\n", do_fail_all(fullpost, fullerr) ? "successful as expected"
1569                                         : Fail("failed INCORRECTLY!") );
1570     printf("\nAll tests completed with %d errors\n", Error);
1571     return Error ? 1 : 0;
1572     }
1573
1574 #endif