ee5f320e0e2de239cf8287bcd2f4f7beb6e3ac9f
[openssl.git] / fips / rand / fips_rand_selftest.c
1 /* ====================================================================
2  * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  *
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer. 
10  *
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in
13  *    the documentation and/or other materials provided with the
14  *    distribution.
15  *
16  * 3. All advertising materials mentioning features or use of this
17  *    software must display the following acknowledgment:
18  *    "This product includes software developed by the OpenSSL Project
19  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20  *
21  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22  *    endorse or promote products derived from this software without
23  *    prior written permission. For written permission, please contact
24  *    openssl-core@openssl.org.
25  *
26  * 5. Products derived from this software may not be called "OpenSSL"
27  *    nor may "OpenSSL" appear in their names without prior written
28  *    permission of the OpenSSL Project.
29  *
30  * 6. Redistributions of any form whatsoever must retain the following
31  *    acknowledgment:
32  *    "This product includes software developed by the OpenSSL Project
33  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34  *
35  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
39  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46  * OF THE POSSIBILITY OF SUCH DAMAGE.
47  *
48  */
49
50 #define OPENSSL_FIPSAPI
51
52 #include <string.h>
53 #include <openssl/err.h>
54 #include <openssl/fips.h>
55 #include <openssl/rand.h>
56 #include <openssl/fips_rand.h>
57
58 #ifdef OPENSSL_FIPS
59
60
61
62 typedef struct
63         {
64         unsigned char DT[16];
65         unsigned char V[16];
66         unsigned char R[16];
67         } AES_PRNG_TV;
68
69 /* The following test vectors are taken directly from the RGNVS spec */
70
71 static unsigned char aes_128_key[16] =
72                 {0xf3,0xb1,0x66,0x6d,0x13,0x60,0x72,0x42,
73                  0xed,0x06,0x1c,0xab,0xb8,0xd4,0x62,0x02};
74
75 static AES_PRNG_TV aes_128_tv[] = {
76         {
77                                 /* DT */
78                 {0xe6,0xb3,0xbe,0x78,0x2a,0x23,0xfa,0x62,
79                  0xd7,0x1d,0x4a,0xfb,0xb0,0xe9,0x22,0xf9},
80                                 /* V */
81                 {0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
82                  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
83                                 /* R */
84                 {0x59,0x53,0x1e,0xd1,0x3b,0xb0,0xc0,0x55,
85                  0x84,0x79,0x66,0x85,0xc1,0x2f,0x76,0x41}
86         },
87         {
88                                 /* DT */
89                 {0xe6,0xb3,0xbe,0x78,0x2a,0x23,0xfa,0x62,
90                  0xd7,0x1d,0x4a,0xfb,0xb0,0xe9,0x22,0xfa},
91                                 /* V */
92                 {0xc0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
93                  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
94                                 /* R */
95                 {0x7c,0x22,0x2c,0xf4,0xca,0x8f,0xa2,0x4c,
96                  0x1c,0x9c,0xb6,0x41,0xa9,0xf3,0x22,0x0d}
97         },
98         {
99                                 /* DT */
100                 {0xe6,0xb3,0xbe,0x78,0x2a,0x23,0xfa,0x62,
101                  0xd7,0x1d,0x4a,0xfb,0xb0,0xe9,0x22,0xfb},
102                                 /* V */
103                 {0xe0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
104                  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
105                                 /* R */
106                 {0x8a,0xaa,0x00,0x39,0x66,0x67,0x5b,0xe5,
107                  0x29,0x14,0x28,0x81,0xa9,0x4d,0x4e,0xc7}
108         },
109         {
110                                 /* DT */
111                 {0xe6,0xb3,0xbe,0x78,0x2a,0x23,0xfa,0x62,
112                  0xd7,0x1d,0x4a,0xfb,0xb0,0xe9,0x22,0xfc},
113                                 /* V */
114                 {0xf0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
115                  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
116                                 /* R */
117                 {0x88,0xdd,0xa4,0x56,0x30,0x24,0x23,0xe5,
118                  0xf6,0x9d,0xa5,0x7e,0x7b,0x95,0xc7,0x3a}
119         },
120         {
121                                 /* DT */
122                 {0xe6,0xb3,0xbe,0x78,0x2a,0x23,0xfa,0x62,
123                  0xd7,0x1d,0x4a,0xfb,0xb0,0xe9,0x22,0xfd},
124                                 /* V */
125                 {0xf8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
126                  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
127                                 /* R */
128                 {0x05,0x25,0x92,0x46,0x61,0x79,0xd2,0xcb,
129                  0x78,0xc4,0x0b,0x14,0x0a,0x5a,0x9a,0xc8}
130         },
131         {
132                                 /* DT */
133                 {0xe6,0xb3,0xbe,0x78,0x2a,0x23,0xfa,0x62,
134                  0xd7,0x1d,0x4a,0xfb,0xb0,0xe9,0x23,0x77},
135                                 /* V */
136                 {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
137                  0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe},
138                                 /* R */
139                 {0x0d,0xd5,0xa0,0x36,0x7a,0x59,0x26,0xbc,
140                  0x48,0xd9,0x38,0xbf,0xf0,0x85,0x8f,0xea}
141         },
142         {
143                                 /* DT */
144                 {0xe6,0xb3,0xbe,0x78,0x2a,0x23,0xfa,0x62,
145                  0xd7,0x1d,0x4a,0xfb,0xb0,0xe9,0x23,0x78},
146                                 /* V */
147                 {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
148                  0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
149                                 /* R */
150                 {0xae,0x53,0x87,0xee,0x8c,0xd9,0x12,0xf5,
151                  0x73,0x53,0xae,0x03,0xf9,0xd5,0x13,0x33}
152         },
153 };
154
155 static unsigned char aes_192_key[24] =
156                 {0x15,0xd8,0x78,0x0d,0x62,0xd3,0x25,0x6e,
157                  0x44,0x64,0x10,0x13,0x60,0x2b,0xa9,0xbc,
158                  0x4a,0xfb,0xca,0xeb,0x4c,0x8b,0x99,0x3b};
159
160 static AES_PRNG_TV aes_192_tv[] = {
161         {
162                                 /* DT */
163                 {0x3f,0xd8,0xff,0xe8,0x80,0x69,0x8b,0xc1,
164                  0xbf,0x99,0x7d,0xa4,0x24,0x78,0xf3,0x4b},
165                                 /* V */
166                 {0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
167                  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
168                                 /* R */
169                 {0x17,0x07,0xd5,0x28,0x19,0x79,0x1e,0xef,
170                  0xa5,0x0c,0xbf,0x25,0xe5,0x56,0xb4,0x93}
171         },
172         {
173                                 /* DT */
174                 {0x3f,0xd8,0xff,0xe8,0x80,0x69,0x8b,0xc1,
175                  0xbf,0x99,0x7d,0xa4,0x24,0x78,0xf3,0x4c},
176                                 /* V */
177                 {0xc0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
178                  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
179                                 /* R */
180                 {0x92,0x8d,0xbe,0x07,0xdd,0xc7,0x58,0xc0,
181                  0x6f,0x35,0x41,0x9b,0x17,0xc9,0xbd,0x9b}
182         },
183         {
184                                 /* DT */
185                 {0x3f,0xd8,0xff,0xe8,0x80,0x69,0x8b,0xc1,
186                  0xbf,0x99,0x7d,0xa4,0x24,0x78,0xf3,0x4d},
187                                 /* V */
188                 {0xe0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
189                  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
190                                 /* R */
191                 {0xd5,0xde,0xf4,0x50,0xf3,0xb7,0x10,0x4e,
192                  0xb8,0xc6,0xf8,0xcf,0xe2,0xb1,0xca,0xa2}
193         },
194         {
195                                 /* DT */
196                 {0x3f,0xd8,0xff,0xe8,0x80,0x69,0x8b,0xc1,
197                  0xbf,0x99,0x7d,0xa4,0x24,0x78,0xf3,0x4e},
198                                 /* V */
199                 {0xf0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
200                  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
201                                 /* R */
202                 {0xce,0x29,0x08,0x43,0xfc,0x34,0x41,0xe7,
203                  0x47,0x8f,0xb3,0x66,0x2b,0x46,0xb1,0xbb}
204         },
205         {
206                                 /* DT */
207                 {0x3f,0xd8,0xff,0xe8,0x80,0x69,0x8b,0xc1,
208                  0xbf,0x99,0x7d,0xa4,0x24,0x78,0xf3,0x4f},
209                                 /* V */
210                 {0xf8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
211                  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
212                                 /* R */
213                 {0xb3,0x26,0x0f,0xf5,0xd6,0xca,0xa8,0xbf,
214                  0x89,0xb8,0x5e,0x2f,0x22,0x56,0x92,0x2f}
215         },
216         {
217                                 /* DT */
218                 {0x3f,0xd8,0xff,0xe8,0x80,0x69,0x8b,0xc1,
219                  0xbf,0x99,0x7d,0xa4,0x24,0x78,0xf3,0xc9},
220                                 /* V */
221                 {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
222                  0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe},
223                                 /* R */
224                 {0x05,0xeb,0x18,0x52,0x34,0x43,0x00,0x43,
225                  0x6e,0x5a,0xa5,0xfe,0x7b,0x32,0xc4,0x2d}
226         },
227         {
228                                 /* DT */
229                 {0x3f,0xd8,0xff,0xe8,0x80,0x69,0x8b,0xc1,
230                  0xbf,0x99,0x7d,0xa4,0x24,0x78,0xf3,0xca},
231                                 /* V */
232                 {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
233                  0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
234                                 /* R */
235                 {0x15,0x3c,0xe8,0xd1,0x04,0xc7,0xad,0x50,
236                  0x0b,0xf0,0x07,0x16,0xe7,0x56,0x7a,0xea}
237         },
238 };
239
240 static unsigned char aes_256_key[32] =
241                 {0x6d,0x14,0x06,0x6c,0xb6,0xd8,0x21,0x2d,
242                  0x82,0x8d,0xfa,0xf2,0x7a,0x03,0xb7,0x9f,
243                  0x0c,0xc7,0x3e,0xcd,0x76,0xeb,0xee,0xb5,
244                  0x21,0x05,0x8c,0x4f,0x31,0x7a,0x80,0xbb};
245
246 static AES_PRNG_TV aes_256_tv[] = {
247         {
248                                 /* DT */
249                 {0xda,0x3a,0x41,0xec,0x1d,0xa3,0xb0,0xd5,
250                  0xf2,0xa9,0x4e,0x34,0x74,0x8e,0x9e,0x88},
251                                 /* V */
252                 {0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
253                  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
254                                 /* R */
255                 {0x35,0xc7,0xef,0xa7,0x78,0x4d,0x29,0xbc,
256                  0x82,0x79,0x99,0xfb,0xd0,0xb3,0x3b,0x72}
257         },
258         {
259                                 /* DT */
260                 {0xda,0x3a,0x41,0xec,0x1d,0xa3,0xb0,0xd5,
261                  0xf2,0xa9,0x4e,0x34,0x74,0x8e,0x9e,0x89},
262                                 /* V */
263                 {0xc0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
264                  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
265                                 /* R */
266                 {0x6c,0xf4,0x42,0x5d,0xc7,0x04,0x1a,0x41,
267                  0x28,0x2a,0x78,0xa9,0xb0,0x12,0xc4,0x95}
268         },
269         {
270                                 /* DT */
271                 {0xda,0x3a,0x41,0xec,0x1d,0xa3,0xb0,0xd5,
272                  0xf2,0xa9,0x4e,0x34,0x74,0x8e,0x9e,0x8a},
273                                 /* V */
274                 {0xe0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
275                  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
276                                 /* R */
277                 {0x16,0x90,0xa4,0xff,0x7b,0x7e,0xb9,0x30,
278                  0xdb,0x67,0x4b,0xac,0x2d,0xe1,0xd1,0x75}
279         },
280         {
281                                 /* DT */
282                 {0xda,0x3a,0x41,0xec,0x1d,0xa3,0xb0,0xd5,
283                  0xf2,0xa9,0x4e,0x34,0x74,0x8e,0x9e,0x8b},
284                                 /* V */
285                 {0xf0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
286                  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
287                                 /* R */
288                 {0x14,0x6f,0xf5,0x95,0xa1,0x46,0x65,0x30,
289                  0xbc,0x57,0xe2,0x4a,0xf7,0x45,0x62,0x05}
290         },
291         {
292                                 /* DT */
293                 {0xda,0x3a,0x41,0xec,0x1d,0xa3,0xb0,0xd5,
294                  0xf2,0xa9,0x4e,0x34,0x74,0x8e,0x9e,0x8c},
295                                 /* V */
296                 {0xf8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
297                  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
298                                 /* R */
299                 {0x96,0xe2,0xb4,0x1e,0x66,0x5e,0x0f,0xa4,
300                  0xc5,0xcd,0xa2,0x07,0xcc,0xb7,0x94,0x40}
301         },
302         {
303                                 /* DT */
304                 {0xda,0x3a,0x41,0xec,0x1d,0xa3,0xb0,0xd5,
305                  0xf2,0xa9,0x4e,0x34,0x74,0x8e,0x9f,0x06},
306                                 /* V */
307                 {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
308                  0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe},
309                                 /* R */
310                 {0x61,0xce,0x1d,0x6a,0x48,0x75,0x97,0x28,
311                  0x4b,0x41,0xde,0x18,0x44,0x4f,0x56,0xec}
312         },
313         {
314                                 /* DT */
315                 {0xda,0x3a,0x41,0xec,0x1d,0xa3,0xb0,0xd5,
316                  0xf2,0xa9,0x4e,0x34,0x74,0x8e,0x9f,0x07},
317                                 /* V */
318                 {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
319                  0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
320                                 /* R */
321                 {0x52,0x89,0x59,0x79,0x2d,0xaa,0x28,0xb3,
322                  0xb0,0x8a,0x3e,0x70,0xfa,0x71,0x59,0x84}
323         },
324 };
325
326
327 void FIPS_corrupt_x931()
328     {
329     aes_192_tv[0].V[0]++;
330     }
331
332 #define fips_x931_test(key, tv) \
333         do_x931_test(key, sizeof key, tv, sizeof(tv)/sizeof(AES_PRNG_TV))
334
335 static int do_x931_test(unsigned char *key, int keylen,
336                         AES_PRNG_TV *tv, int ntv)
337         {
338         unsigned char R[16];
339         int i;
340         if (!FIPS_x931_set_key(key, keylen))
341                 return 0;
342         for (i = 0; i < ntv; i++)
343                 {
344                 FIPS_x931_seed(tv[i].V, 16);
345                 FIPS_x931_set_dt(tv[i].DT);
346                 FIPS_x931_bytes(R, 16);
347                 if (memcmp(R, tv[i].R, 16))
348                         return 0;
349                 }
350         return 1;
351         }
352         
353
354 int FIPS_selftest_x931()
355         {
356         FIPS_x931_reset();
357         if (!FIPS_x931_test_mode())
358                 {
359                 FIPSerr(FIPS_F_FIPS_SELFTEST_RNG,FIPS_R_SELFTEST_FAILED);
360                 return 0;
361                 }
362         if (!fips_x931_test(aes_128_key,aes_128_tv)
363                 || !fips_x931_test(aes_192_key, aes_192_tv)
364                 || !fips_x931_test(aes_256_key, aes_256_tv))
365                 {
366                 FIPSerr(FIPS_F_FIPS_SELFTEST_RNG,FIPS_R_SELFTEST_FAILED);
367                 return 0;
368                 }
369         FIPS_x931_reset();
370         return 1;
371         }
372
373 #endif