1 /* ====================================================================
2 * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
5 * This command is intended as a test driver for the FIPS-140 testing
6 * lab performing FIPS-140 validation. It demonstrates the use of the
7 * OpenSSL library ito perform a variety of common cryptographic
8 * functions. A power-up self test is demonstrated by deliberately
9 * pointing to an invalid executable hash
11 * Contributed by Steve Marquess.
15 #define OPENSSL_FIPSAPI
22 #include <openssl/evp.h>
23 #include <openssl/hmac.h>
24 #include <openssl/cmac.h>
25 #include <openssl/sha.h>
26 #include <openssl/err.h>
28 #include <openssl/bn.h>
29 #include <openssl/rand.h>
32 int main(int argc, char *argv[])
34 printf("No FIPS support\n");
39 #define ERR_clear_error() while(0)
41 #include <openssl/rsa.h>
42 #include <openssl/dsa.h>
43 #include <openssl/dh.h>
45 #include <openssl/fips.h>
46 #include <openssl/fips_rand.h>
49 /* AES: encrypt and decrypt known plaintext, verify result matches original plaintext
51 static int FIPS_aes_test(void)
54 unsigned char pltmp[16];
55 unsigned char citmp[16];
56 unsigned char key[16] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
57 unsigned char plaintext[16] = "etaonrishdlcu";
59 FIPS_cipher_ctx_init(&ctx);
60 if (FIPS_cipherinit(&ctx, EVP_aes_128_ecb(), key, NULL, 1) <= 0)
62 FIPS_cipher(&ctx, citmp, plaintext, 16);
63 if (FIPS_cipherinit(&ctx, EVP_aes_128_ecb(), key, NULL, 0) <= 0)
65 FIPS_cipher(&ctx, pltmp, citmp, 16);
66 if (memcmp(pltmp, plaintext, 16))
70 FIPS_cipher_ctx_cleanup(&ctx);
74 static int FIPS_aes_gcm_test(void)
77 unsigned char pltmp[16];
78 unsigned char citmp[16];
79 unsigned char tagtmp[16];
80 unsigned char key[16] = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
81 unsigned char iv[16] = {21,22,23,24,25,26,27,28,29,30,31,32};
82 unsigned char aad[] = "Some text AAD";
83 unsigned char plaintext[16] = "etaonrishdlcu";
85 FIPS_cipher_ctx_init(&ctx);
86 if (FIPS_cipherinit(&ctx, EVP_aes_128_gcm(), key, iv, 1) <= 0)
88 FIPS_cipher(&ctx, NULL, aad, sizeof(aad));
89 FIPS_cipher(&ctx, citmp, plaintext, 16);
90 FIPS_cipher(&ctx, NULL, NULL, 0);
91 if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, 16, tagtmp))
94 if (FIPS_cipherinit(&ctx, EVP_aes_128_gcm(), key, iv, 0) <= 0)
96 if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tagtmp))
99 FIPS_cipher(&ctx, NULL, aad, sizeof(aad));
101 FIPS_cipher(&ctx, pltmp, citmp, 16);
103 if (FIPS_cipher(&ctx, NULL, NULL, 0) < 0)
106 if (memcmp(pltmp, plaintext, 16))
111 FIPS_cipher_ctx_cleanup(&ctx);
115 static int FIPS_des3_test(void)
118 unsigned char pltmp[8];
119 unsigned char citmp[8];
120 unsigned char key[] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,
122 unsigned char plaintext[] = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' };
124 FIPS_cipher_ctx_init(&ctx);
125 if (FIPS_cipherinit(&ctx, EVP_des_ede3_ecb(), key, NULL, 1) <= 0)
127 FIPS_cipher(&ctx, citmp, plaintext, 8);
128 if (FIPS_cipherinit(&ctx, EVP_des_ede3_ecb(), key, NULL, 0) <= 0)
130 FIPS_cipher(&ctx, pltmp, citmp, 8);
131 if (memcmp(pltmp, plaintext, 8))
135 FIPS_cipher_ctx_cleanup(&ctx);
140 * DSA: generate keys and sign, verify input plaintext.
142 static int FIPS_dsa_test(int bad)
145 unsigned char dgst[] = "etaonrishdlc";
151 FIPS_md_ctx_init(&mctx);
152 dsa = FIPS_dsa_new();
155 if (!DSA_generate_parameters_ex(dsa, 1024,NULL,0,NULL,NULL,NULL))
157 if (!DSA_generate_key(dsa))
160 BN_add_word(dsa->pub_key, 1);
162 if (!FIPS_digestinit(&mctx, EVP_sha256()))
164 if (!FIPS_digestupdate(&mctx, dgst, sizeof(dgst) - 1))
166 sig = FIPS_dsa_sign_ctx(dsa, &mctx);
170 if (!FIPS_digestinit(&mctx, EVP_sha256()))
172 if (!FIPS_digestupdate(&mctx, dgst, sizeof(dgst) - 1))
174 r = FIPS_dsa_verify_ctx(dsa, &mctx, sig);
177 FIPS_dsa_sig_free(sig);
178 FIPS_md_ctx_cleanup(&mctx);
187 * RSA: generate keys and sign, verify input plaintext.
189 static int FIPS_rsa_test(int bad)
192 unsigned char input_ptext[] = "etaonrishdlc";
193 unsigned char buf[256];
200 FIPS_md_ctx_init(&mctx);
201 key = FIPS_rsa_new();
205 BN_set_word(bn, 65537);
206 if (!RSA_generate_key_ex(key, 2048,bn,NULL))
210 BN_add_word(key->n, 1);
212 if (!FIPS_digestinit(&mctx, EVP_sha256()))
214 if (!FIPS_digestupdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
216 if (!FIPS_rsa_sign_ctx(key, &mctx, RSA_PKCS1_PADDING, 0, NULL, buf, &slen))
219 if (!FIPS_digestinit(&mctx, EVP_sha256()))
221 if (!FIPS_digestupdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
223 r = FIPS_rsa_verify_ctx(key, &mctx, RSA_PKCS1_PADDING, 0, NULL, buf, slen);
225 FIPS_md_ctx_cleanup(&mctx);
233 /* SHA1: generate hash of known digest value and compare to known
234 precomputed correct hash
236 static int FIPS_sha1_test()
238 unsigned char digest[SHA_DIGEST_LENGTH] =
239 { 0x11, 0xf1, 0x9a, 0x3a, 0xec, 0x1a, 0x1e, 0x8e, 0x65, 0xd4, 0x9a, 0x38, 0x0c, 0x8b, 0x1e, 0x2c, 0xe8, 0xb3, 0xc5, 0x18 };
240 unsigned char str[] = "etaonrishd";
242 unsigned char md[SHA_DIGEST_LENGTH];
245 if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha1())) return 0;
246 if (memcmp(md,digest,sizeof(md)))
251 /* SHA256: generate hash of known digest value and compare to known
252 precomputed correct hash
254 static int FIPS_sha256_test()
256 unsigned char digest[SHA256_DIGEST_LENGTH] =
257 {0xf5, 0x53, 0xcd, 0xb8, 0xcf, 0x1, 0xee, 0x17, 0x9b, 0x93, 0xc9, 0x68, 0xc0, 0xea, 0x40, 0x91,
258 0x6, 0xec, 0x8e, 0x11, 0x96, 0xc8, 0x5d, 0x1c, 0xaf, 0x64, 0x22, 0xe6, 0x50, 0x4f, 0x47, 0x57};
259 unsigned char str[] = "etaonrishd";
261 unsigned char md[SHA256_DIGEST_LENGTH];
264 if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha256())) return 0;
265 if (memcmp(md,digest,sizeof(md)))
270 /* SHA512: generate hash of known digest value and compare to known
271 precomputed correct hash
273 static int FIPS_sha512_test()
275 unsigned char digest[SHA512_DIGEST_LENGTH] =
276 {0x99, 0xc9, 0xe9, 0x5b, 0x88, 0xd4, 0x78, 0x88, 0xdf, 0x88, 0x5f, 0x94, 0x71, 0x64, 0x28, 0xca,
277 0x16, 0x1f, 0x3d, 0xf4, 0x1f, 0xf3, 0x0f, 0xc5, 0x03, 0x99, 0xb2, 0xd0, 0xe7, 0x0b, 0x94, 0x4a,
278 0x45, 0xd2, 0x6c, 0x4f, 0x20, 0x06, 0xef, 0x71, 0xa9, 0x25, 0x7f, 0x24, 0xb1, 0xd9, 0x40, 0x22,
279 0x49, 0x54, 0x10, 0xc2, 0x22, 0x9d, 0x27, 0xfe, 0xbd, 0xd6, 0xd6, 0xeb, 0x2d, 0x42, 0x1d, 0xa3};
280 unsigned char str[] = "etaonrishd";
282 unsigned char md[SHA512_DIGEST_LENGTH];
285 if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha512())) return 0;
286 if (memcmp(md,digest,sizeof(md)))
291 /* HMAC-SHA1: generate hash of known digest value and compare to known
292 precomputed correct hash
294 static int FIPS_hmac_sha1_test()
296 unsigned char key[] = "etaonrishd";
297 unsigned char iv[] = "Sample text";
298 unsigned char kaval[EVP_MAX_MD_SIZE] =
299 {0x73, 0xf7, 0xa0, 0x48, 0xf8, 0x94, 0xed, 0xdd, 0x0a, 0xea, 0xea, 0x56, 0x1b, 0x61, 0x2e, 0x70,
300 0xb2, 0xfb, 0xec, 0xc6};
302 unsigned char out[EVP_MAX_MD_SIZE];
306 if (!HMAC(EVP_sha1(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
307 if (memcmp(out,kaval,outlen))
312 /* HMAC-SHA224: generate hash of known digest value and compare to known
313 precomputed correct hash
315 static int FIPS_hmac_sha224_test()
317 unsigned char key[] = "etaonrishd";
318 unsigned char iv[] = "Sample text";
319 unsigned char kaval[EVP_MAX_MD_SIZE] =
320 {0x75, 0x58, 0xd5, 0xbd, 0x55, 0x6d, 0x87, 0x0f, 0x75, 0xff, 0xbe, 0x1c, 0xb2, 0xf0, 0x20, 0x35,
321 0xe5, 0x62, 0x49, 0xb6, 0x94, 0xb9, 0xfc, 0x65, 0x34, 0x33, 0x3a, 0x19};
323 unsigned char out[EVP_MAX_MD_SIZE];
327 if (!HMAC(EVP_sha224(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
328 if (memcmp(out,kaval,outlen))
333 /* HMAC-SHA256: generate hash of known digest value and compare to known
334 precomputed correct hash
336 static int FIPS_hmac_sha256_test()
338 unsigned char key[] = "etaonrishd";
339 unsigned char iv[] = "Sample text";
340 unsigned char kaval[EVP_MAX_MD_SIZE] =
341 {0xe9, 0x17, 0xc1, 0x7b, 0x4c, 0x6b, 0x77, 0xda, 0xd2, 0x30, 0x36, 0x02, 0xf5, 0x72, 0x33, 0x87,
342 0x9f, 0xc6, 0x6e, 0x7b, 0x7e, 0xa8, 0xea, 0xaa, 0x9f, 0xba, 0xee, 0x51, 0xff, 0xda, 0x24, 0xf4};
344 unsigned char out[EVP_MAX_MD_SIZE];
348 if (!HMAC(EVP_sha256(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
349 if (memcmp(out,kaval,outlen))
354 /* HMAC-SHA384: generate hash of known digest value and compare to known
355 precomputed correct hash
357 static int FIPS_hmac_sha384_test()
359 unsigned char key[] = "etaonrishd";
360 unsigned char iv[] = "Sample text";
361 unsigned char kaval[EVP_MAX_MD_SIZE] =
362 {0xb2, 0x9d, 0x40, 0x58, 0x32, 0xc4, 0xe3, 0x31, 0xb6, 0x63, 0x08, 0x26, 0x99, 0xef, 0x3b, 0x10,
363 0xe2, 0xdf, 0xf8, 0xff, 0xc6, 0xe1, 0x03, 0x29, 0x81, 0x2a, 0x1b, 0xac, 0xb0, 0x07, 0x39, 0x08,
364 0xf3, 0x91, 0x35, 0x11, 0x76, 0xd6, 0x4c, 0x20, 0xfb, 0x4d, 0xc3, 0xf3, 0xb8, 0x9b, 0x88, 0x1c};
366 unsigned char out[EVP_MAX_MD_SIZE];
370 if (!HMAC(EVP_sha384(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
371 if (memcmp(out,kaval,outlen))
376 /* HMAC-SHA512: generate hash of known digest value and compare to known
377 precomputed correct hash
379 static int FIPS_hmac_sha512_test()
381 unsigned char key[] = "etaonrishd";
382 unsigned char iv[] = "Sample text";
383 unsigned char kaval[EVP_MAX_MD_SIZE] =
384 {0xcd, 0x3e, 0xb9, 0x51, 0xb8, 0xbc, 0x7f, 0x9a, 0x23, 0xaf, 0xf3, 0x77, 0x59, 0x85, 0xa9, 0xe6,
385 0xf7, 0xd1, 0x51, 0x96, 0x17, 0xe0, 0x92, 0xd8, 0xa6, 0x3b, 0xc1, 0xad, 0x7e, 0x24, 0xca, 0xb1,
386 0xd7, 0x79, 0x0a, 0xa5, 0xea, 0x2c, 0x02, 0x58, 0x0b, 0xa6, 0x52, 0x6b, 0x61, 0x7f, 0xeb, 0x9c,
387 0x47, 0x86, 0x5d, 0x74, 0x2b, 0x88, 0xdf, 0xee, 0x46, 0x69, 0x96, 0x3d, 0xa6, 0xd9, 0x2a, 0x53};
389 unsigned char out[EVP_MAX_MD_SIZE];
393 if (!HMAC(EVP_sha512(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
394 if (memcmp(out,kaval,outlen))
399 /* CMAC-AES128: generate hash of known digest value and compare to known
400 precomputed correct hash
402 static int FIPS_cmac_aes128_test()
404 unsigned char key[16] = { 0x2b,0x7e,0x15,0x16, 0x28,0xae,0xd2,0xa6,
405 0xab,0xf7,0x15,0x88, 0x09,0xcf,0x4f,0x3c, };
406 unsigned char data[] = "Sample text";
407 unsigned char kaval[EVP_MAX_MD_SIZE] =
408 { 0x16,0x83,0xfe,0xac, 0x52,0x9b,0xae,0x23,
409 0xd7,0xd5,0x66,0xf5, 0xd2,0x8d,0xbd,0x2a, };
411 unsigned char *out = NULL;
413 CMAC_CTX *ctx = CMAC_CTX_new();
420 if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_128_cbc(),NULL))
422 if (!CMAC_Update(ctx,data,sizeof(data)-1))
424 /* This should return 1. If not, there's a programming error... */
425 if (!CMAC_Final(ctx, out, &outlen))
427 out = OPENSSL_malloc(outlen);
428 if (!CMAC_Final(ctx, out, &outlen))
432 char *hexout = OPENSSL_malloc(outlen * 2 + 1);
433 bin2hex(out, outlen, hexout);
434 printf("CMAC-AES128: res = %s\n", hexout);
435 OPENSSL_free(hexout);
439 if (!memcmp(out,kaval,outlen))
449 /* CMAC-AES192: generate hash of known digest value and compare to known
450 precomputed correct hash
452 static int FIPS_cmac_aes192_test()
454 unsigned char key[] = { 0x8e,0x73,0xb0,0xf7, 0xda,0x0e,0x64,0x52,
455 0xc8,0x10,0xf3,0x2b, 0x80,0x90,0x79,0xe5,
456 0x62,0xf8,0xea,0xd2, 0x52,0x2c,0x6b,0x7b, };
457 unsigned char data[] = "Sample text";
458 unsigned char kaval[] =
459 { 0xd6,0x99,0x19,0x25, 0xe5,0x1d,0x95,0x48,
460 0xb1,0x4a,0x0b,0xf2, 0xc6,0x3c,0x47,0x1f, };
462 unsigned char *out = NULL;
464 CMAC_CTX *ctx = CMAC_CTX_new();
471 if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_192_cbc(),NULL))
473 if (!CMAC_Update(ctx,data,sizeof(data)-1))
475 /* This should return 1. If not, there's a programming error... */
476 if (!CMAC_Final(ctx, out, &outlen))
478 out = OPENSSL_malloc(outlen);
479 if (!CMAC_Final(ctx, out, &outlen))
483 char *hexout = OPENSSL_malloc(outlen * 2 + 1);
484 bin2hex(out, outlen, hexout);
485 printf("CMAC-AES192: res = %s\n", hexout);
486 OPENSSL_free(hexout);
490 if (!memcmp(out,kaval,outlen))
500 /* CMAC-AES256: generate hash of known digest value and compare to known
501 precomputed correct hash
503 static int FIPS_cmac_aes256_test()
505 unsigned char key[] = { 0x60,0x3d,0xeb,0x10, 0x15,0xca,0x71,0xbe,
506 0x2b,0x73,0xae,0xf0, 0x85,0x7d,0x77,0x81,
507 0x1f,0x35,0x2c,0x07, 0x3b,0x61,0x08,0xd7,
508 0x2d,0x98,0x10,0xa3, 0x09,0x14,0xdf,0xf4, };
509 unsigned char data[] = "Sample text";
510 unsigned char kaval[] =
511 { 0xec,0xc2,0xcf,0x63, 0xc7,0xce,0xfc,0xa4,
512 0xb0,0x86,0x37,0x5f, 0x15,0x60,0xba,0x1f, };
514 unsigned char *out = NULL;
516 CMAC_CTX *ctx = CMAC_CTX_new();
523 if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_256_cbc(),NULL))
525 if (!CMAC_Update(ctx,data,sizeof(data)-1))
527 /* This should return 1. If not, there's a programming error... */
528 if (!CMAC_Final(ctx, out, &outlen))
530 out = OPENSSL_malloc(outlen);
531 if (!CMAC_Final(ctx, out, &outlen))
535 char *hexout = OPENSSL_malloc(outlen * 2 + 1);
536 bin2hex(out, outlen, hexout);
537 printf("CMAC-AES256: res = %s\n", hexout);
538 OPENSSL_free(hexout);
542 if (!memcmp(out,kaval,outlen))
552 /* CMAC-TDEA3: generate hash of known digest value and compare to known
553 precomputed correct hash
555 static int FIPS_cmac_tdea3_test()
557 unsigned char key[] = { 0x8a,0xa8,0x3b,0xf8, 0xcb,0xda,0x10,0x62,
558 0x0b,0xc1,0xbf,0x19, 0xfb,0xb6,0xcd,0x58,
559 0xbc,0x31,0x3d,0x4a, 0x37,0x1c,0xa8,0xb5, };
560 unsigned char data[] = "Sample text";
561 unsigned char kaval[EVP_MAX_MD_SIZE] =
562 { 0xb4,0x06,0x4e,0xbf, 0x59,0x89,0xba,0x68, };
564 unsigned char *out = NULL;
566 CMAC_CTX *ctx = CMAC_CTX_new();
573 if (!CMAC_Init(ctx,key,sizeof(key),EVP_des_ede3_cbc(),NULL))
575 if (!CMAC_Update(ctx,data,sizeof(data)-1))
577 /* This should return 1. If not, there's a programming error... */
578 if (!CMAC_Final(ctx, out, &outlen))
580 out = OPENSSL_malloc(outlen);
581 if (!CMAC_Final(ctx, out, &outlen))
585 char *hexout = OPENSSL_malloc(outlen * 2 + 1);
586 bin2hex(out, outlen, hexout);
587 printf("CMAC-TDEA3: res = %s\n", hexout);
588 OPENSSL_free(hexout);
592 if (!memcmp(out,kaval,outlen))
603 /* DH: generate shared parameters
612 if (!DH_generate_parameters_ex(dh, 1024, 2, NULL))
624 unsigned char userkey[16] =
625 { 0x48, 0x50, 0xf0, 0xa3, 0x3a, 0xed, 0xd3, 0xaf, 0x6e, 0x47, 0x7f, 0x83, 0x02, 0xb1, 0x09, 0x68 };
629 key = FIPS_rsa_new();
633 BN_set_word(bn, 65537);
634 if (!RSA_generate_key_ex(key, 1024,bn,NULL))
638 n = BN_num_bytes(key->d);
639 printf(" Generated %d byte RSA private key\n", n);
640 printf("\tBN key before overwriting:\n");
641 do_bn_print(stdout, key->d);
642 BN_rand(key->d,n*8,-1,0);
643 printf("\tBN key after overwriting:\n");
644 do_bn_print(stdout, key->d);
646 printf("\tchar buffer key before overwriting: \n\t\t");
647 for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
649 RAND_bytes(userkey, sizeof userkey);
650 printf("\tchar buffer key after overwriting: \n\t\t");
651 for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
659 /* Dummy Entropy for DRBG tests. WARNING: THIS IS TOTALLY BOGUS
660 * HAS ZERO SECURITY AND MUST NOT BE USED IN REAL APPLICATIONS.
663 static unsigned char dummy_drbg_entropy[1024];
665 static size_t drbg_test_cb(DRBG_CTX *ctx, unsigned char **pout,
666 int entropy, size_t min_len, size_t max_len)
668 *pout = dummy_drbg_entropy;
669 /* Round up to multiple of block size */
670 return (min_len + 0xf) & ~0xf;
673 /* DRBG test: just generate lots of data and trigger health checks */
675 static int do_drbg_test(int type, int flags)
680 unsigned char randout[1024];
681 dctx = FIPS_drbg_new(type, flags);
684 FIPS_drbg_set_callbacks(dctx, drbg_test_cb, 0, 0x10, drbg_test_cb, 0);
685 for (i = 0; i < sizeof(dummy_drbg_entropy); i++)
687 dummy_drbg_entropy[i] = i & 0xff;
689 if (!FIPS_drbg_instantiate(dctx, dummy_drbg_entropy, 10))
691 FIPS_drbg_set_check_interval(dctx, 10);
692 for (i = 0; i < 32; i++)
694 if (!FIPS_drbg_generate(dctx, randout, sizeof(randout), 0, NULL, 0))
696 if (!FIPS_drbg_generate(dctx, randout, sizeof(randout), 0, dummy_drbg_entropy, 1))
701 FIPS_drbg_free(dctx);
710 static int do_drbg_all(void)
712 static DRBG_LIST drbg_types[] =
719 {NID_hmacWithSHA1, 0},
720 {NID_hmacWithSHA224, 0},
721 {NID_hmacWithSHA256, 0},
722 {NID_hmacWithSHA384, 0},
723 {NID_hmacWithSHA512, 0},
724 {NID_aes_128_ctr, 0},
725 {NID_aes_192_ctr, 0},
726 {NID_aes_256_ctr, 0},
727 {NID_aes_128_ctr, DRBG_FLAG_CTR_USE_DF},
728 {NID_aes_192_ctr, DRBG_FLAG_CTR_USE_DF},
729 {NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF},
730 {(NID_X9_62_prime256v1 << 16)|NID_sha1, 0},
731 {(NID_X9_62_prime256v1 << 16)|NID_sha224, 0},
732 {(NID_X9_62_prime256v1 << 16)|NID_sha256, 0},
733 {(NID_X9_62_prime256v1 << 16)|NID_sha384, 0},
734 {(NID_X9_62_prime256v1 << 16)|NID_sha512, 0},
735 {(NID_secp384r1 << 16)|NID_sha224, 0},
736 {(NID_secp384r1 << 16)|NID_sha256, 0},
737 {(NID_secp384r1 << 16)|NID_sha384, 0},
738 {(NID_secp384r1 << 16)|NID_sha512, 0},
739 {(NID_secp521r1 << 16)|NID_sha256, 0},
740 {(NID_secp521r1 << 16)|NID_sha384, 0},
741 {(NID_secp521r1 << 16)|NID_sha512, 0},
746 for (lst = drbg_types;; lst++)
750 if (!do_drbg_test(lst->type, lst->flags))
757 static const char * Fail(const char *msg)
763 static void test_msg(const char *msg, int result)
765 printf("%s...%s\n", msg, result ? "successful" : Fail("Failed!"));
768 /* Table of IDs for POST translating between NIDs and names */
776 POST_ID id_list[] = {
778 {NID_sha224, "SHA224"},
779 {NID_sha256, "SHA256"},
780 {NID_sha384, "SHA384"},
781 {NID_sha512, "SHA512"},
782 {NID_hmacWithSHA1, "HMAC-SHA1"},
783 {NID_hmacWithSHA224, "HMAC-SHA224"},
784 {NID_hmacWithSHA256, "HMAC-SHA256"},
785 {NID_hmacWithSHA384, "HMAC-SHA384"},
786 {NID_hmacWithSHA512, "HMAC-SHA512"},
787 {EVP_PKEY_RSA, "RSA"},
788 {EVP_PKEY_DSA, "DSA"},
789 {EVP_PKEY_EC, "ECDSA"},
790 {NID_aes_128_cbc, "AES-128-CBC"},
791 {NID_aes_192_cbc, "AES-192-CBC"},
792 {NID_aes_256_cbc, "AES-256-CBC"},
793 {NID_aes_128_ctr, "AES-128-CTR"},
794 {NID_aes_192_ctr, "AES-192-CTR"},
795 {NID_aes_256_ctr, "AES-256-CTR"},
796 {NID_aes_128_ecb, "AES-128-ECB"},
797 {NID_aes_128_xts, "AES-128-XTS"},
798 {NID_aes_256_xts, "AES-256-XTS"},
799 {NID_des_ede3_cbc, "DES-EDE3-CBC"},
800 {NID_des_ede3_ecb, "DES-EDE3-ECB"},
801 {NID_secp224r1, "P-224"},
802 {NID_sect233r1, "B-233"},
803 {NID_sect233k1, "K-233"},
804 {NID_X9_62_prime256v1, "P-256"},
805 {NID_secp384r1, "P-384"},
806 {NID_secp521r1, "P-521"},
810 static const char *lookup_id(int id)
814 for (n = id_list; n->name; n++)
819 sprintf(out, "ID=%d", id);
823 static int fail_id = -1;
824 static int fail_sub = -1;
825 static int fail_key = -1;
827 static int post_cb(int op, int id, int subid, void *ex)
829 const char *idstr, *exstr = "";
832 #ifdef FIPS_POST_TIME
833 static struct timespec start, end, tstart, tend;
837 case FIPS_TEST_INTEGRITY:
841 case FIPS_TEST_DIGEST:
843 exstr = lookup_id(subid);
846 case FIPS_TEST_CIPHER:
847 exstr = lookup_id(subid);
851 case FIPS_TEST_SIGNATURE:
855 keytype = pkey->type;
856 if (keytype == EVP_PKEY_EC)
860 grp = EC_KEY_get0_group(pkey->pkey.ec);
861 cnid = EC_GROUP_get_curve_name(grp);
862 sprintf(asctmp, "ECDSA %s", lookup_id(cnid));
866 exstr = lookup_id(keytype);
872 exstr = lookup_id(subid);
878 exstr = lookup_id(subid);
887 exstr = lookup_id(subid);
895 idstr = "X9.31 PRNG";
896 sprintf(asctmp, "keylen=%d", subid);
902 if (*(int *)ex & DRBG_FLAG_CTR_USE_DF)
904 sprintf(asctmp, "%s DF", lookup_id(subid));
907 else if (subid >> 16)
909 sprintf(asctmp, "%s %s",
910 lookup_id(subid >> 16),
911 lookup_id(subid & 0xFFFF));
915 exstr = lookup_id(subid);
918 case FIPS_TEST_PAIRWISE:
922 keytype = pkey->type;
923 exstr = lookup_id(keytype);
925 idstr = "Pairwise Consistency";
928 case FIPS_TEST_CONTINUOUS:
929 idstr = "Continuous PRNG";
934 exstr = lookup_id(subid);
945 case FIPS_POST_BEGIN:
946 #ifdef FIPS_POST_TIME
947 clock_getres(CLOCK_REALTIME, &tstart);
948 printf("\tTimer resolution %ld s, %ld ns\n",
949 (long)tstart.tv_sec, (long)tstart.tv_nsec);
950 clock_gettime(CLOCK_REALTIME, &tstart);
952 printf("\tPOST started\n");
956 printf("\tPOST %s\n", id ? "Success" : "Failed");
957 #ifdef FIPS_POST_TIME
958 clock_gettime(CLOCK_REALTIME, &tend);
959 printf("\t\tTook %f seconds\n",
960 (double)((tend.tv_sec+tend.tv_nsec*1e-9)
961 - (tstart.tv_sec+tstart.tv_nsec*1e-9)));
965 case FIPS_POST_STARTED:
966 printf("\t\t%s %s test started\n", idstr, exstr);
967 #ifdef FIPS_POST_TIME
968 clock_gettime(CLOCK_REALTIME, &start);
972 case FIPS_POST_SUCCESS:
973 printf("\t\t%s %s test OK\n", idstr, exstr);
974 #ifdef FIPS_POST_TIME
975 clock_gettime(CLOCK_REALTIME, &end);
976 printf("\t\t\tTook %f seconds\n",
977 (double)((end.tv_sec+end.tv_nsec*1e-9)
978 - (start.tv_sec+start.tv_nsec*1e-9)));
983 printf("\t\t%s %s test FAILED!!\n", idstr, exstr);
986 case FIPS_POST_CORRUPT:
988 && (fail_key == -1 || fail_key == keytype)
989 && (fail_sub == -1 || fail_sub == subid))
991 printf("\t\t%s %s test failure induced\n", idstr, exstr);
1001 int fips_test_suite_main(int argc, char **argv)
1003 int main(int argc, char **argv)
1006 int bad_rsa = 0, bad_dsa = 0;
1007 int do_rng_stick = 0;
1008 int do_drbg_stick = 0;
1011 char *pass = FIPS_AUTH_USER_PASS;
1013 FIPS_post_set_callback(post_cb);
1015 printf("\tFIPS-mode test application\n");
1017 printf("\t%s\n\n", FIPS_module_version_text());
1020 /* Corrupted KAT tests */
1021 if (!strcmp(argv[1], "integrity")) {
1022 fail_id = FIPS_TEST_INTEGRITY;
1023 } else if (!strcmp(argv[1], "aes")) {
1024 fail_id = FIPS_TEST_CIPHER;
1025 fail_sub = NID_aes_128_ecb;
1026 } else if (!strcmp(argv[1], "aes-ccm")) {
1027 fail_id = FIPS_TEST_CCM;
1028 } else if (!strcmp(argv[1], "aes-gcm")) {
1029 fail_id = FIPS_TEST_GCM;
1030 } else if (!strcmp(argv[1], "aes-xts")) {
1031 fail_id = FIPS_TEST_XTS;
1032 } else if (!strcmp(argv[1], "des")) {
1033 fail_id = FIPS_TEST_CIPHER;
1034 fail_sub = NID_des_ede3_ecb;
1035 } else if (!strcmp(argv[1], "dsa")) {
1036 fail_id = FIPS_TEST_SIGNATURE;
1037 fail_key = EVP_PKEY_DSA;
1038 } else if (!strcmp(argv[1], "ecdh")) {
1039 fail_id = FIPS_TEST_ECDH;
1040 } else if (!strcmp(argv[1], "ecdsa")) {
1041 fail_id = FIPS_TEST_SIGNATURE;
1042 fail_key = EVP_PKEY_EC;
1043 } else if (!strcmp(argv[1], "rsa")) {
1044 fail_id = FIPS_TEST_SIGNATURE;
1045 fail_key = EVP_PKEY_RSA;
1046 } else if (!strcmp(argv[1], "rsakey")) {
1047 printf("RSA key generation and signature validation with corrupted key...\n");
1050 } else if (!strcmp(argv[1], "rsakeygen")) {
1051 fail_id = FIPS_TEST_PAIRWISE;
1052 fail_key = EVP_PKEY_RSA;
1054 } else if (!strcmp(argv[1], "dsakey")) {
1055 printf("DSA key generation and signature validation with corrupted key...\n");
1058 } else if (!strcmp(argv[1], "dsakeygen")) {
1059 fail_id = FIPS_TEST_PAIRWISE;
1060 fail_key = EVP_PKEY_DSA;
1062 } else if (!strcmp(argv[1], "sha1")) {
1063 fail_id = FIPS_TEST_DIGEST;
1064 } else if (!strcmp(argv[1], "hmac")) {
1065 fail_id = FIPS_TEST_HMAC;
1066 } else if (!strcmp(argv[1], "cmac")) {
1067 fail_id = FIPS_TEST_CMAC;
1068 } else if (!strcmp(argv[1], "drbg")) {
1069 fail_id = FIPS_TEST_DRBG;
1070 } else if (!strcmp(argv[1], "rng")) {
1071 fail_id = FIPS_TEST_X931;
1072 } else if (!strcmp(argv[1], "nodh")) {
1075 } else if (!strcmp(argv[1], "post")) {
1077 } else if (!strcmp(argv[1], "rngstick")) {
1080 printf("RNG test with stuck continuous test...\n");
1081 } else if (!strcmp(argv[1], "drbgentstick")) {
1083 } else if (!strcmp(argv[1], "drbgstick")) {
1086 printf("DRBG test with stuck continuous test...\n");
1087 } else if (!strcmp(argv[1], "user")) {
1088 pass = FIPS_AUTH_USER_PASS;
1089 } else if (!strcmp(argv[1], "officer")) {
1090 pass = FIPS_AUTH_OFFICER_PASS;
1091 } else if (!strcmp(argv[1], "badpass")) {
1092 pass = "bad invalid password";
1093 } else if (!strcmp(argv[1], "nopass")) {
1096 printf("Bad argument \"%s\"\n", argv[1]);
1100 fips_algtest_init_nofips();
1101 if (!FIPS_module_mode_set(1, pass)) {
1102 printf("Power-up self test failed\n");
1105 printf("Power-up self test successful\n");
1110 fips_algtest_init_nofips();
1112 /* Non-Approved cryptographic operation
1114 printf("1. Non-Approved cryptographic operation test...\n");
1116 printf("\t D-H test skipped\n");
1118 test_msg("\ta. Included algorithm (D-H)...", dh_test());
1120 /* Power-up self test
1123 test_msg("2. Automatic power-up self test", FIPS_module_mode_set(1, pass));
1124 if (!FIPS_module_mode())
1131 /* AES encryption/decryption
1133 test_msg("3a. AES encryption/decryption", FIPS_aes_test());
1134 /* AES GCM encryption/decryption
1136 test_msg("3b. AES-GCM encryption/decryption", FIPS_aes_gcm_test());
1138 /* RSA key generation and encryption/decryption
1140 test_msg("4. RSA key generation and encryption/decryption",
1141 FIPS_rsa_test(bad_rsa));
1143 /* DES-CBC encryption/decryption
1145 test_msg("5. DES-ECB encryption/decryption", FIPS_des3_test());
1147 /* DSA key generation and signature validation
1149 test_msg("6. DSA key generation and signature validation",
1150 FIPS_dsa_test(bad_dsa));
1154 test_msg("7a. SHA-1 hash", FIPS_sha1_test());
1158 test_msg("7b. SHA-256 hash", FIPS_sha256_test());
1162 test_msg("7c. SHA-512 hash", FIPS_sha512_test());
1166 test_msg("7d. HMAC-SHA-1 hash", FIPS_hmac_sha1_test());
1168 /* HMAC-SHA-224 hash
1170 test_msg("7e. HMAC-SHA-224 hash", FIPS_hmac_sha224_test());
1172 /* HMAC-SHA-256 hash
1174 test_msg("7f. HMAC-SHA-256 hash", FIPS_hmac_sha256_test());
1176 /* HMAC-SHA-384 hash
1178 test_msg("7g. HMAC-SHA-384 hash", FIPS_hmac_sha384_test());
1180 /* HMAC-SHA-512 hash
1182 test_msg("7h. HMAC-SHA-512 hash", FIPS_hmac_sha512_test());
1184 /* CMAC-AES-128 hash
1186 test_msg("8a. CMAC-AES-128 hash", FIPS_cmac_aes128_test());
1188 /* CMAC-AES-192 hash
1190 test_msg("8b. CMAC-AES-192 hash", FIPS_cmac_aes192_test());
1192 /* CMAC-AES-256 hash
1194 test_msg("8c. CMAC-AES-256 hash", FIPS_cmac_aes256_test());
1196 # if 0 /* Not a FIPS algorithm */
1199 test_msg("8d. CMAC-TDEA-2 hash", FIPS_cmac_tdea2_test());
1204 test_msg("8e. CMAC-TDEA-3 hash", FIPS_cmac_tdea3_test());
1206 /* Non-Approved cryptographic operation
1208 printf("9. Non-Approved cryptographic operation test...\n");
1209 printf("\ta. Included algorithm (D-H)...%s\n",
1211 dh_test() ? "successful as expected"
1212 : Fail("failed INCORRECTLY!") );
1216 printf("10. Zero-ization...\n\t%s\n",
1217 Zeroize() ? "successful as expected"
1218 : Fail("failed INCORRECTLY!") );
1220 printf("11. Complete DRBG health check...\n");
1221 printf("\t%s\n", FIPS_selftest_drbg_all() ? "successful as expected"
1222 : Fail("failed INCORRECTLY!") );
1224 printf("12. DRBG generation check...\n");
1225 printf("\t%s\n", do_drbg_all() ? "successful as expected"
1226 : Fail("failed INCORRECTLY!") );
1228 printf("\nAll tests completed with %d errors\n", Error);
1229 return Error ? 1 : 0;