X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=fips%2Ffips_test_suite.c;h=bfd34c19247a4e6c81fb1f28b3f35b2972b303f5;hp=0d6bc807fde15b30520c87014c45d48b0fbfe7a6;hb=b38fd40db43d9eaa9739f128ce0a701d5850ace4;hpb=2b4b28dc32ce7623f6169b43cd18585174de6b20 diff --git a/fips/fips_test_suite.c b/fips/fips_test_suite.c index 0d6bc807fd..bfd34c1924 100644 --- a/fips/fips_test_suite.c +++ b/fips/fips_test_suite.c @@ -12,7 +12,7 @@ * */ -#define OPENSSL_FIPSEVP +#define OPENSSL_FIPSAPI #include #include @@ -21,6 +21,7 @@ #include #include #include +#include #include #include @@ -54,18 +55,59 @@ static int FIPS_aes_test(void) unsigned char key[16] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16}; unsigned char plaintext[16] = "etaonrishdlcu"; EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(),NULL, key, NULL, 1) <= 0) + FIPS_cipher_ctx_init(&ctx); + if (FIPS_cipherinit(&ctx, EVP_aes_128_ecb(), key, NULL, 1) <= 0) goto err; - EVP_Cipher(&ctx, citmp, plaintext, 16); - if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(),NULL, key, NULL, 0) <= 0) + FIPS_cipher(&ctx, citmp, plaintext, 16); + if (FIPS_cipherinit(&ctx, EVP_aes_128_ecb(), key, NULL, 0) <= 0) goto err; - EVP_Cipher(&ctx, pltmp, citmp, 16); + FIPS_cipher(&ctx, pltmp, citmp, 16); if (memcmp(pltmp, plaintext, 16)) goto err; ret = 1; err: - EVP_CIPHER_CTX_cleanup(&ctx); + FIPS_cipher_ctx_cleanup(&ctx); + return ret; + } + +static int FIPS_aes_gcm_test(void) + { + int ret = 0; + unsigned char pltmp[16]; + unsigned char citmp[16]; + unsigned char tagtmp[16]; + unsigned char key[16] = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16}; + unsigned char iv[16] = {21,22,23,24,25,26,27,28,29,30,31,32}; + unsigned char aad[] = "Some text AAD"; + unsigned char plaintext[16] = "etaonrishdlcu"; + EVP_CIPHER_CTX ctx; + FIPS_cipher_ctx_init(&ctx); + if (FIPS_cipherinit(&ctx, EVP_aes_128_gcm(), key, iv, 1) <= 0) + goto err; + FIPS_cipher(&ctx, NULL, aad, sizeof(aad)); + FIPS_cipher(&ctx, citmp, plaintext, 16); + FIPS_cipher(&ctx, NULL, NULL, 0); + if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, 16, tagtmp)) + goto err; + + if (FIPS_cipherinit(&ctx, EVP_aes_128_gcm(), key, iv, 0) <= 0) + goto err; + if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tagtmp)) + goto err; + + FIPS_cipher(&ctx, NULL, aad, sizeof(aad)); + + FIPS_cipher(&ctx, pltmp, citmp, 16); + + if (FIPS_cipher(&ctx, NULL, NULL, 0) < 0) + goto err; + + if (memcmp(pltmp, plaintext, 16)) + goto err; + + ret = 1; + err: + FIPS_cipher_ctx_cleanup(&ctx); return ret; } @@ -78,18 +120,18 @@ static int FIPS_des3_test(void) 19,20,21,22,23,24}; unsigned char plaintext[] = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' }; EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(),NULL, key, NULL, 1) <= 0) + FIPS_cipher_ctx_init(&ctx); + if (FIPS_cipherinit(&ctx, EVP_des_ede3_ecb(), key, NULL, 1) <= 0) goto err; - EVP_Cipher(&ctx, citmp, plaintext, 8); - if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(),NULL, key, NULL, 0) <= 0) + FIPS_cipher(&ctx, citmp, plaintext, 8); + if (FIPS_cipherinit(&ctx, EVP_des_ede3_ecb(), key, NULL, 0) <= 0) goto err; - EVP_Cipher(&ctx, pltmp, citmp, 8); + FIPS_cipher(&ctx, pltmp, citmp, 8); if (memcmp(pltmp, plaintext, 8)) goto err; ret = 1; err: - EVP_CIPHER_CTX_cleanup(&ctx); + FIPS_cipher_ctx_cleanup(&ctx); return ret; } @@ -105,7 +147,7 @@ static int FIPS_dsa_test(int bad) DSA_SIG *sig = NULL; ERR_clear_error(); - EVP_MD_CTX_init(&mctx); + FIPS_md_ctx_init(&mctx); dsa = FIPS_dsa_new(); if (!dsa) goto end; @@ -116,23 +158,23 @@ static int FIPS_dsa_test(int bad) if (bad) BN_add_word(dsa->pub_key, 1); - if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL)) + if (!FIPS_digestinit(&mctx, EVP_sha256())) goto end; - if (!EVP_DigestUpdate(&mctx, dgst, sizeof(dgst) - 1)) + if (!FIPS_digestupdate(&mctx, dgst, sizeof(dgst) - 1)) goto end; sig = FIPS_dsa_sign_ctx(dsa, &mctx); if (!sig) goto end; - if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL)) + if (!FIPS_digestinit(&mctx, EVP_sha256())) goto end; - if (!EVP_DigestUpdate(&mctx, dgst, sizeof(dgst) - 1)) + if (!FIPS_digestupdate(&mctx, dgst, sizeof(dgst) - 1)) goto end; r = FIPS_dsa_verify_ctx(dsa, &mctx, sig); end: if (sig) - DSA_SIG_free(sig); - EVP_MD_CTX_cleanup(&mctx); + FIPS_dsa_sig_free(sig); + FIPS_md_ctx_cleanup(&mctx); if (dsa) FIPS_dsa_free(dsa); if (r != 1) @@ -154,32 +196,32 @@ static int FIPS_rsa_test(int bad) int r = 0; ERR_clear_error(); - EVP_MD_CTX_init(&mctx); + FIPS_md_ctx_init(&mctx); key = FIPS_rsa_new(); bn = BN_new(); if (!key || !bn) return 0; BN_set_word(bn, 65537); - if (!RSA_generate_key_ex(key, 1024,bn,NULL)) + if (!RSA_generate_key_ex(key, 2048,bn,NULL)) return 0; BN_free(bn); if (bad) BN_add_word(key->n, 1); - if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL)) + if (!FIPS_digestinit(&mctx, EVP_sha256())) goto end; - if (!EVP_DigestUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1)) + if (!FIPS_digestupdate(&mctx, input_ptext, sizeof(input_ptext) - 1)) goto end; if (!FIPS_rsa_sign_ctx(key, &mctx, RSA_PKCS1_PADDING, 0, NULL, buf, &slen)) goto end; - if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL)) + if (!FIPS_digestinit(&mctx, EVP_sha256())) goto end; - if (!EVP_DigestUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1)) + if (!FIPS_digestupdate(&mctx, input_ptext, sizeof(input_ptext) - 1)) goto end; r = FIPS_rsa_verify_ctx(key, &mctx, RSA_PKCS1_PADDING, 0, NULL, buf, slen); end: - EVP_MD_CTX_cleanup(&mctx); + FIPS_md_ctx_cleanup(&mctx); if (key) FIPS_rsa_free(key); if (r != 1) @@ -199,7 +241,7 @@ static int FIPS_sha1_test() unsigned char md[SHA_DIGEST_LENGTH]; ERR_clear_error(); - if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha1(), NULL)) return 0; + if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha1())) return 0; if (memcmp(md,digest,sizeof(md))) return 0; return 1; @@ -218,7 +260,7 @@ static int FIPS_sha256_test() unsigned char md[SHA256_DIGEST_LENGTH]; ERR_clear_error(); - if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha256(), NULL)) return 0; + if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha256())) return 0; if (memcmp(md,digest,sizeof(md))) return 0; return 1; @@ -239,7 +281,7 @@ static int FIPS_sha512_test() unsigned char md[SHA512_DIGEST_LENGTH]; ERR_clear_error(); - if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha512(), NULL)) return 0; + if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha512())) return 0; if (memcmp(md,digest,sizeof(md))) return 0; return 1; @@ -353,6 +395,209 @@ static int FIPS_hmac_sha512_test() return 1; } +/* CMAC-AES128: generate hash of known digest value and compare to known + precomputed correct hash +*/ +static int FIPS_cmac_aes128_test() + { + unsigned char key[16] = { 0x2b,0x7e,0x15,0x16, 0x28,0xae,0xd2,0xa6, + 0xab,0xf7,0x15,0x88, 0x09,0xcf,0x4f,0x3c, }; + unsigned char data[] = "Sample text"; + unsigned char kaval[EVP_MAX_MD_SIZE] = + { 0x16,0x83,0xfe,0xac, 0x52,0x9b,0xae,0x23, + 0xd7,0xd5,0x66,0xf5, 0xd2,0x8d,0xbd,0x2a, }; + + unsigned char *out = NULL; + size_t outlen; + CMAC_CTX *ctx = CMAC_CTX_new(); + int r = 0; + + ERR_clear_error(); + + if (!ctx) + goto end; + if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_128_cbc(),NULL)) + goto end; + if (!CMAC_Update(ctx,data,sizeof(data)-1)) + goto end; + /* This should return 1. If not, there's a programming error... */ + if (!CMAC_Final(ctx, out, &outlen)) + goto end; + out = OPENSSL_malloc(outlen); + if (!CMAC_Final(ctx, out, &outlen)) + goto end; +#if 0 + { + char *hexout = OPENSSL_malloc(outlen * 2 + 1); + bin2hex(out, outlen, hexout); + printf("CMAC-AES128: res = %s\n", hexout); + OPENSSL_free(hexout); + } + r = 1; +#else + if (!memcmp(out,kaval,outlen)) + r = 1; +#endif + end: + CMAC_CTX_free(ctx); + if (out) + OPENSSL_free(out); + return r; + } + +/* CMAC-AES192: generate hash of known digest value and compare to known + precomputed correct hash +*/ +static int FIPS_cmac_aes192_test() + { + unsigned char key[] = { 0x8e,0x73,0xb0,0xf7, 0xda,0x0e,0x64,0x52, + 0xc8,0x10,0xf3,0x2b, 0x80,0x90,0x79,0xe5, + 0x62,0xf8,0xea,0xd2, 0x52,0x2c,0x6b,0x7b, }; + unsigned char data[] = "Sample text"; + unsigned char kaval[] = + { 0xd6,0x99,0x19,0x25, 0xe5,0x1d,0x95,0x48, + 0xb1,0x4a,0x0b,0xf2, 0xc6,0x3c,0x47,0x1f, }; + + unsigned char *out = NULL; + size_t outlen; + CMAC_CTX *ctx = CMAC_CTX_new(); + int r = 0; + + ERR_clear_error(); + + if (!ctx) + goto end; + if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_192_cbc(),NULL)) + goto end; + if (!CMAC_Update(ctx,data,sizeof(data)-1)) + goto end; + /* This should return 1. If not, there's a programming error... */ + if (!CMAC_Final(ctx, out, &outlen)) + goto end; + out = OPENSSL_malloc(outlen); + if (!CMAC_Final(ctx, out, &outlen)) + goto end; +#if 0 + { + char *hexout = OPENSSL_malloc(outlen * 2 + 1); + bin2hex(out, outlen, hexout); + printf("CMAC-AES192: res = %s\n", hexout); + OPENSSL_free(hexout); + } + r = 1; +#else + if (!memcmp(out,kaval,outlen)) + r = 1; +#endif + end: + CMAC_CTX_free(ctx); + if (out) + OPENSSL_free(out); + return r; + } + +/* CMAC-AES256: generate hash of known digest value and compare to known + precomputed correct hash +*/ +static int FIPS_cmac_aes256_test() + { + unsigned char key[] = { 0x60,0x3d,0xeb,0x10, 0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0, 0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07, 0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3, 0x09,0x14,0xdf,0xf4, }; + unsigned char data[] = "Sample text"; + unsigned char kaval[] = + { 0xec,0xc2,0xcf,0x63, 0xc7,0xce,0xfc,0xa4, + 0xb0,0x86,0x37,0x5f, 0x15,0x60,0xba,0x1f, }; + + unsigned char *out = NULL; + size_t outlen; + CMAC_CTX *ctx = CMAC_CTX_new(); + int r = 0; + + ERR_clear_error(); + + if (!ctx) + goto end; + if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_256_cbc(),NULL)) + goto end; + if (!CMAC_Update(ctx,data,sizeof(data)-1)) + goto end; + /* This should return 1. If not, there's a programming error... */ + if (!CMAC_Final(ctx, out, &outlen)) + goto end; + out = OPENSSL_malloc(outlen); + if (!CMAC_Final(ctx, out, &outlen)) + goto end; +#if 0 + { + char *hexout = OPENSSL_malloc(outlen * 2 + 1); + bin2hex(out, outlen, hexout); + printf("CMAC-AES256: res = %s\n", hexout); + OPENSSL_free(hexout); + } + r = 1; +#else + if (!memcmp(out,kaval,outlen)) + r = 1; +#endif + end: + CMAC_CTX_free(ctx); + if (out) + OPENSSL_free(out); + return r; + } + +/* CMAC-TDEA3: generate hash of known digest value and compare to known + precomputed correct hash +*/ +static int FIPS_cmac_tdea3_test() + { + unsigned char key[] = { 0x8a,0xa8,0x3b,0xf8, 0xcb,0xda,0x10,0x62, + 0x0b,0xc1,0xbf,0x19, 0xfb,0xb6,0xcd,0x58, + 0xbc,0x31,0x3d,0x4a, 0x37,0x1c,0xa8,0xb5, }; + unsigned char data[] = "Sample text"; + unsigned char kaval[EVP_MAX_MD_SIZE] = + { 0xb4,0x06,0x4e,0xbf, 0x59,0x89,0xba,0x68, }; + + unsigned char *out = NULL; + size_t outlen; + CMAC_CTX *ctx = CMAC_CTX_new(); + int r = 0; + + ERR_clear_error(); + + if (!ctx) + goto end; + if (!CMAC_Init(ctx,key,sizeof(key),EVP_des_ede3_cbc(),NULL)) + goto end; + if (!CMAC_Update(ctx,data,sizeof(data)-1)) + goto end; + /* This should return 1. If not, there's a programming error... */ + if (!CMAC_Final(ctx, out, &outlen)) + goto end; + out = OPENSSL_malloc(outlen); + if (!CMAC_Final(ctx, out, &outlen)) + goto end; +#if 0 + { + char *hexout = OPENSSL_malloc(outlen * 2 + 1); + bin2hex(out, outlen, hexout); + printf("CMAC-TDEA3: res = %s\n", hexout); + OPENSSL_free(hexout); + } + r = 1; +#else + if (!memcmp(out,kaval,outlen)) + r = 1; +#endif + end: + CMAC_CTX_free(ctx); + if (out) + OPENSSL_free(out); + return r; + } + /* DH: generate shared parameters */ @@ -420,66 +665,289 @@ static void test_msg(const char *msg, int result) printf("%s...%s\n", msg, result ? "successful" : Fail("Failed!")); } +/* Table of IDs for POST translating between NIDs and names */ + +typedef struct + { + int id; + const char *name; + } POST_ID; + +POST_ID id_list[] = { + {NID_sha1, "SHA1"}, + {NID_sha224, "SHA224"}, + {NID_sha256, "SHA256"}, + {NID_sha384, "SHA384"}, + {NID_sha512, "SHA512"}, + {EVP_PKEY_RSA, "RSA"}, + {EVP_PKEY_DSA, "DSA"}, + {EVP_PKEY_EC, "ECDSA"}, + {NID_aes_128_cbc, "AES-128-CBC"}, + {NID_aes_192_cbc, "AES-192-CBC"}, + {NID_aes_256_cbc, "AES-256-CBC"}, + {NID_aes_128_ctr, "AES-128-CTR"}, + {NID_aes_192_ctr, "AES-192-CTR"}, + {NID_aes_256_ctr, "AES-256-CTR"}, + {NID_aes_128_ecb, "AES-128-ECB"}, + {NID_aes_128_xts, "AES-128-XTS"}, + {NID_aes_256_xts, "AES-256-XTS"}, + {NID_des_ede3_cbc, "DES-EDE3-CBC"}, + {NID_des_ede3_ecb, "DES-EDE3-ECB"}, + {0, NULL} +}; + +static const char *lookup_id(int id) + { + POST_ID *n; + static char out[40]; + for (n = id_list; n->name; n++) + { + if (n->id == id) + return n->name; + } + sprintf(out, "ID=%d", id); + return out; + } + +static int fail_id = -1; +static int fail_sub = -1; +static int fail_key = -1; + +static int post_cb(int op, int id, int subid, void *ex) + { + const char *idstr, *exstr = ""; + char asctmp[20]; + int keytype = -1; +#ifdef FIPS_POST_TIME + static struct timespec start, end, tstart, tend; +#endif + switch(id) + { + case FIPS_TEST_INTEGRITY: + idstr = "Integrity"; + break; + + case FIPS_TEST_DIGEST: + idstr = "Digest"; + exstr = lookup_id(subid); + break; + + case FIPS_TEST_CIPHER: + exstr = lookup_id(subid); + idstr = "Cipher"; + break; + + case FIPS_TEST_SIGNATURE: + if (ex) + { + EVP_PKEY *pkey = ex; + keytype = pkey->type; + exstr = lookup_id(keytype); + } + idstr = "Signature"; + break; + + case FIPS_TEST_HMAC: + exstr = lookup_id(subid); + idstr = "HMAC"; + break; + + case FIPS_TEST_CMAC: + idstr = "CMAC"; + exstr = lookup_id(subid); + break; + + case FIPS_TEST_GCM: + idstr = "GCM"; + break; + + case FIPS_TEST_XTS: + idstr = "XTS"; + exstr = lookup_id(subid); + break; + + case FIPS_TEST_CCM: + idstr = "CCM"; + break; + + case FIPS_TEST_X931: + idstr = "X9.31 PRNG"; + sprintf(asctmp, "keylen=%d", subid); + exstr = asctmp; + break; + + case FIPS_TEST_DRBG: + idstr = "DRBG"; + if (*(int *)ex & DRBG_FLAG_CTR_USE_DF) + { + sprintf(asctmp, "%s DF", lookup_id(subid)); + exstr = asctmp; + } + else + exstr = lookup_id(subid); + break; + + case FIPS_TEST_PAIRWISE: + if (ex) + { + EVP_PKEY *pkey = ex; + keytype = pkey->type; + exstr = lookup_id(keytype); + } + idstr = "Pairwise Consistency"; + break; + + case FIPS_TEST_CONTINUOUS: + idstr = "Continuous PRNG"; + break; + + default: + idstr = "Unknown"; + break; + + } + + switch(op) + { + case FIPS_POST_BEGIN: +#ifdef FIPS_POST_TIME + clock_getres(CLOCK_REALTIME, &tstart); + printf("\tTimer resolution %ld s, %ld ns\n", + (long)tstart.tv_sec, (long)tstart.tv_nsec); + clock_gettime(CLOCK_REALTIME, &tstart); +#endif + printf("\tPOST started\n"); + break; + + case FIPS_POST_END: + printf("\tPOST %s\n", id ? "Success" : "Failed"); +#ifdef FIPS_POST_TIME + clock_gettime(CLOCK_REALTIME, &tend); + printf("\t\tTook %f seconds\n", + (double)((tend.tv_sec+tend.tv_nsec*1e-9) + - (tstart.tv_sec+tstart.tv_nsec*1e-9))); +#endif + break; + + case FIPS_POST_STARTED: + printf("\t\t%s %s test started\n", idstr, exstr); +#ifdef FIPS_POST_TIME + clock_gettime(CLOCK_REALTIME, &start); +#endif + break; + + case FIPS_POST_SUCCESS: + printf("\t\t%s %s test OK\n", idstr, exstr); +#ifdef FIPS_POST_TIME + clock_gettime(CLOCK_REALTIME, &end); + printf("\t\t\tTook %f seconds\n", + (double)((end.tv_sec+end.tv_nsec*1e-9) + - (start.tv_sec+start.tv_nsec*1e-9))); +#endif + break; + + case FIPS_POST_FAIL: + printf("\t\t%s %s test FAILED!!\n", idstr, exstr); + break; + + case FIPS_POST_CORRUPT: + if (fail_id == id + && (fail_key == -1 || fail_key == keytype) + && (fail_sub == -1 || fail_sub == subid)) + { + printf("\t\t%s %s test failure induced\n", idstr, exstr); + return 0; + } + break; + + } + return 1; + } + int main(int argc,char **argv) { - - int do_corrupt_rsa_keygen = 0, do_corrupt_dsa_keygen = 0; int bad_rsa = 0, bad_dsa = 0; int do_rng_stick = 0; + int do_drbg_stick = 0; int no_exit = 0; - fips_set_error_print(); - printf("\tFIPS-mode test application\n\n"); + FIPS_post_set_callback(post_cb); - /* Load entropy from external file, if any */ - RAND_load_file(".rnd", 1024); + printf("\tFIPS-mode test application\n"); + + printf("\t%s\n\n", FIPS_module_version_text()); if (argv[1]) { /* Corrupted KAT tests */ - if (!strcmp(argv[1], "aes")) { - FIPS_corrupt_aes(); - printf("AES encryption/decryption with corrupted KAT...\n"); + if (!strcmp(argv[1], "integrity")) { + fail_id = FIPS_TEST_INTEGRITY; + } else if (!strcmp(argv[1], "aes")) { + fail_id = FIPS_TEST_CIPHER; + fail_sub = NID_aes_128_ecb; + } else if (!strcmp(argv[1], "aes-ccm")) { + fail_id = FIPS_TEST_CCM; + } else if (!strcmp(argv[1], "aes-gcm")) { + fail_id = FIPS_TEST_GCM; + } else if (!strcmp(argv[1], "aes-xts")) { + fail_id = FIPS_TEST_XTS; } else if (!strcmp(argv[1], "des")) { - FIPS_corrupt_des(); - printf("DES3-ECB encryption/decryption with corrupted KAT...\n"); + fail_id = FIPS_TEST_CIPHER; + fail_sub = NID_des_ede3_ecb; } else if (!strcmp(argv[1], "dsa")) { - FIPS_corrupt_dsa(); - printf("DSA key generation and signature validation with corrupted KAT...\n"); + fail_id = FIPS_TEST_SIGNATURE; + fail_key = EVP_PKEY_DSA; + } else if (!strcmp(argv[1], "ecdsa")) { + fail_id = FIPS_TEST_SIGNATURE; + fail_key = EVP_PKEY_EC; } else if (!strcmp(argv[1], "rsa")) { - FIPS_corrupt_rsa(); - printf("RSA key generation and signature validation with corrupted KAT...\n"); + fail_id = FIPS_TEST_SIGNATURE; + fail_key = EVP_PKEY_RSA; } else if (!strcmp(argv[1], "rsakey")) { printf("RSA key generation and signature validation with corrupted key...\n"); bad_rsa = 1; no_exit = 1; } else if (!strcmp(argv[1], "rsakeygen")) { - do_corrupt_rsa_keygen = 1; + fail_id = FIPS_TEST_PAIRWISE; + fail_key = EVP_PKEY_RSA; no_exit = 1; - printf("RSA key generation and signature validation with corrupted keygen...\n"); } else if (!strcmp(argv[1], "dsakey")) { printf("DSA key generation and signature validation with corrupted key...\n"); bad_dsa = 1; no_exit = 1; } else if (!strcmp(argv[1], "dsakeygen")) { - do_corrupt_dsa_keygen = 1; + fail_id = FIPS_TEST_PAIRWISE; + fail_key = EVP_PKEY_DSA; no_exit = 1; - printf("DSA key generation and signature validation with corrupted keygen...\n"); } else if (!strcmp(argv[1], "sha1")) { - FIPS_corrupt_sha1(); - printf("SHA-1 hash with corrupted KAT...\n"); + fail_id = FIPS_TEST_DIGEST; + } else if (!strcmp(argv[1], "hmac")) { + fail_id = FIPS_TEST_HMAC; + } else if (!strcmp(argv[1], "cmac")) { + fail_id = FIPS_TEST_CMAC; + } else if (!strcmp(argv[1], "drbg")) { + fail_id = FIPS_TEST_DRBG; } else if (!strcmp(argv[1], "rng")) { - FIPS_corrupt_rng(); + fail_id = FIPS_TEST_X931; + } else if (!strcmp(argv[1], "post")) { + fail_id = -1; } else if (!strcmp(argv[1], "rngstick")) { do_rng_stick = 1; no_exit = 1; printf("RNG test with stuck continuous test...\n"); + } else if (!strcmp(argv[1], "drbgentstick")) { + do_entropy_stick(); + } else if (!strcmp(argv[1], "drbgstick")) { + do_drbg_stick = 1; + no_exit = 1; + printf("DRBG test with stuck continuous test...\n"); } else { printf("Bad argument \"%s\"\n", argv[1]); exit(1); } if (!no_exit) { - if (!FIPS_mode_set(1)) { + fips_algtest_init_nofips(); + if (!FIPS_module_mode_set(1)) { printf("Power-up self test failed\n"); exit(1); } @@ -488,6 +956,8 @@ int main(int argc,char **argv) } } + fips_algtest_init_nofips(); + /* Non-Approved cryptographic operation */ printf("1. Non-Approved cryptographic operation test...\n"); @@ -496,19 +966,20 @@ int main(int argc,char **argv) /* Power-up self test */ ERR_clear_error(); - test_msg("2. Automatic power-up self test", FIPS_mode_set(1)); - if (!FIPS_mode()) + test_msg("2. Automatic power-up self test", FIPS_module_mode_set(1)); + if (!FIPS_module_mode()) exit(1); - if (do_corrupt_dsa_keygen) - FIPS_corrupt_dsa_keygen(); - if (do_corrupt_rsa_keygen) - FIPS_corrupt_rsa_keygen(); + if (do_drbg_stick) + FIPS_drbg_stick(); if (do_rng_stick) - FIPS_rng_stick(); + FIPS_x931_stick(); /* AES encryption/decryption */ - test_msg("3. AES encryption/decryption", FIPS_aes_test()); + test_msg("3a. AES encryption/decryption", FIPS_aes_test()); + /* AES GCM encryption/decryption + */ + test_msg("3b. AES-GCM encryption/decryption", FIPS_aes_gcm_test()); /* RSA key generation and encryption/decryption */ @@ -556,16 +1027,38 @@ int main(int argc,char **argv) */ test_msg("7h. HMAC-SHA-512 hash", FIPS_hmac_sha512_test()); + /* CMAC-AES-128 hash + */ + test_msg("8a. CMAC-AES-128 hash", FIPS_cmac_aes128_test()); + + /* CMAC-AES-192 hash + */ + test_msg("8b. CMAC-AES-192 hash", FIPS_cmac_aes192_test()); + + /* CMAC-AES-256 hash + */ + test_msg("8c. CMAC-AES-256 hash", FIPS_cmac_aes256_test()); + +# if 0 /* Not a FIPS algorithm */ + /* CMAC-TDEA-2 hash + */ + test_msg("8d. CMAC-TDEA-2 hash", FIPS_cmac_tdea2_test()); +#endif + + /* CMAC-TDEA-3 hash + */ + test_msg("8e. CMAC-TDEA-3 hash", FIPS_cmac_tdea3_test()); + /* Non-Approved cryptographic operation */ - printf("8. Non-Approved cryptographic operation test...\n"); + printf("9. Non-Approved cryptographic operation test...\n"); printf("\ta. Included algorithm (D-H)...%s\n", dh_test() ? "successful as expected" : Fail("failed INCORRECTLY!") ); /* Zeroization */ - printf("9. Zero-ization...\n\t%s\n", + printf("10. Zero-ization...\n\t%s\n", Zeroize() ? "successful as expected" : Fail("failed INCORRECTLY!") );