1 /* ====================================================================
2 * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
5 * This command is intended as a test driver for the FIPS-140 testing
6 * lab performing FIPS-140 validation. It demonstrates the use of the
7 * OpenSSL library ito perform a variety of common cryptographic
8 * functions. A power-up self test is demonstrated by deliberately
9 * pointing to an invalid executable hash
11 * Contributed by Steve Marquess.
15 #define OPENSSL_FIPSAPI
22 #include <openssl/evp.h>
23 #include <openssl/hmac.h>
24 #include <openssl/cmac.h>
25 #include <openssl/sha.h>
26 #include <openssl/err.h>
28 #include <openssl/bn.h>
29 #include <openssl/rand.h>
32 int main(int argc, char *argv[])
34 printf("No FIPS support\n");
39 #define ERR_clear_error() while(0)
41 #include <openssl/rsa.h>
42 #include <openssl/dsa.h>
43 #include <openssl/dh.h>
45 #include <openssl/fips.h>
46 #include <openssl/fips_rand.h>
49 /* AES: encrypt and decrypt known plaintext, verify result matches original plaintext
51 static int FIPS_aes_test(void)
54 unsigned char pltmp[16];
55 unsigned char citmp[16];
56 unsigned char key[16] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
57 unsigned char plaintext[16] = "etaonrishdlcu";
59 FIPS_cipher_ctx_init(&ctx);
60 if (FIPS_cipherinit(&ctx, EVP_aes_128_ecb(), key, NULL, 1) <= 0)
62 FIPS_cipher(&ctx, citmp, plaintext, 16);
63 if (FIPS_cipherinit(&ctx, EVP_aes_128_ecb(), key, NULL, 0) <= 0)
65 FIPS_cipher(&ctx, pltmp, citmp, 16);
66 if (memcmp(pltmp, plaintext, 16))
70 FIPS_cipher_ctx_cleanup(&ctx);
74 static int FIPS_aes_gcm_test(void)
77 unsigned char pltmp[16];
78 unsigned char citmp[16];
79 unsigned char tagtmp[16];
80 unsigned char key[16] = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
81 unsigned char iv[16] = {21,22,23,24,25,26,27,28,29,30,31,32};
82 unsigned char aad[] = "Some text AAD";
83 unsigned char plaintext[16] = "etaonrishdlcu";
85 FIPS_cipher_ctx_init(&ctx);
86 if (FIPS_cipherinit(&ctx, EVP_aes_128_gcm(), key, iv, 1) <= 0)
88 FIPS_cipher(&ctx, NULL, aad, sizeof(aad));
89 FIPS_cipher(&ctx, citmp, plaintext, 16);
90 FIPS_cipher(&ctx, NULL, NULL, 0);
91 if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, 16, tagtmp))
94 if (FIPS_cipherinit(&ctx, EVP_aes_128_gcm(), key, iv, 0) <= 0)
96 if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tagtmp))
99 FIPS_cipher(&ctx, NULL, aad, sizeof(aad));
101 FIPS_cipher(&ctx, pltmp, citmp, 16);
103 if (FIPS_cipher(&ctx, NULL, NULL, 0) < 0)
106 if (memcmp(pltmp, plaintext, 16))
111 FIPS_cipher_ctx_cleanup(&ctx);
115 static int FIPS_des3_test(void)
118 unsigned char pltmp[8];
119 unsigned char citmp[8];
120 unsigned char key[] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,
122 unsigned char plaintext[] = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' };
124 FIPS_cipher_ctx_init(&ctx);
125 if (FIPS_cipherinit(&ctx, EVP_des_ede3_ecb(), key, NULL, 1) <= 0)
127 FIPS_cipher(&ctx, citmp, plaintext, 8);
128 if (FIPS_cipherinit(&ctx, EVP_des_ede3_ecb(), key, NULL, 0) <= 0)
130 FIPS_cipher(&ctx, pltmp, citmp, 8);
131 if (memcmp(pltmp, plaintext, 8))
135 FIPS_cipher_ctx_cleanup(&ctx);
140 * DSA: generate keys and sign, verify input plaintext.
142 static int FIPS_dsa_test(int bad)
145 unsigned char dgst[] = "etaonrishdlc";
151 FIPS_md_ctx_init(&mctx);
152 dsa = FIPS_dsa_new();
155 if (!DSA_generate_parameters_ex(dsa, 1024,NULL,0,NULL,NULL,NULL))
157 if (!DSA_generate_key(dsa))
160 BN_add_word(dsa->pub_key, 1);
162 if (!FIPS_digestinit(&mctx, EVP_sha256()))
164 if (!FIPS_digestupdate(&mctx, dgst, sizeof(dgst) - 1))
166 sig = FIPS_dsa_sign_ctx(dsa, &mctx);
170 if (!FIPS_digestinit(&mctx, EVP_sha256()))
172 if (!FIPS_digestupdate(&mctx, dgst, sizeof(dgst) - 1))
174 r = FIPS_dsa_verify_ctx(dsa, &mctx, sig);
177 FIPS_dsa_sig_free(sig);
178 FIPS_md_ctx_cleanup(&mctx);
187 * RSA: generate keys and sign, verify input plaintext.
189 static int FIPS_rsa_test(int bad)
192 unsigned char input_ptext[] = "etaonrishdlc";
193 unsigned char buf[256];
200 FIPS_md_ctx_init(&mctx);
201 key = FIPS_rsa_new();
205 BN_set_word(bn, 65537);
206 if (!RSA_generate_key_ex(key, 2048,bn,NULL))
210 BN_add_word(key->n, 1);
212 if (!FIPS_digestinit(&mctx, EVP_sha256()))
214 if (!FIPS_digestupdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
216 if (!FIPS_rsa_sign_ctx(key, &mctx, RSA_PKCS1_PADDING, 0, NULL, buf, &slen))
219 if (!FIPS_digestinit(&mctx, EVP_sha256()))
221 if (!FIPS_digestupdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
223 r = FIPS_rsa_verify_ctx(key, &mctx, RSA_PKCS1_PADDING, 0, NULL, buf, slen);
225 FIPS_md_ctx_cleanup(&mctx);
233 /* SHA1: generate hash of known digest value and compare to known
234 precomputed correct hash
236 static int FIPS_sha1_test()
238 unsigned char digest[SHA_DIGEST_LENGTH] =
239 { 0x11, 0xf1, 0x9a, 0x3a, 0xec, 0x1a, 0x1e, 0x8e, 0x65, 0xd4, 0x9a, 0x38, 0x0c, 0x8b, 0x1e, 0x2c, 0xe8, 0xb3, 0xc5, 0x18 };
240 unsigned char str[] = "etaonrishd";
242 unsigned char md[SHA_DIGEST_LENGTH];
245 if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha1())) return 0;
246 if (memcmp(md,digest,sizeof(md)))
251 /* SHA256: generate hash of known digest value and compare to known
252 precomputed correct hash
254 static int FIPS_sha256_test()
256 unsigned char digest[SHA256_DIGEST_LENGTH] =
257 {0xf5, 0x53, 0xcd, 0xb8, 0xcf, 0x1, 0xee, 0x17, 0x9b, 0x93, 0xc9, 0x68, 0xc0, 0xea, 0x40, 0x91,
258 0x6, 0xec, 0x8e, 0x11, 0x96, 0xc8, 0x5d, 0x1c, 0xaf, 0x64, 0x22, 0xe6, 0x50, 0x4f, 0x47, 0x57};
259 unsigned char str[] = "etaonrishd";
261 unsigned char md[SHA256_DIGEST_LENGTH];
264 if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha256())) return 0;
265 if (memcmp(md,digest,sizeof(md)))
270 /* SHA512: generate hash of known digest value and compare to known
271 precomputed correct hash
273 static int FIPS_sha512_test()
275 unsigned char digest[SHA512_DIGEST_LENGTH] =
276 {0x99, 0xc9, 0xe9, 0x5b, 0x88, 0xd4, 0x78, 0x88, 0xdf, 0x88, 0x5f, 0x94, 0x71, 0x64, 0x28, 0xca,
277 0x16, 0x1f, 0x3d, 0xf4, 0x1f, 0xf3, 0x0f, 0xc5, 0x03, 0x99, 0xb2, 0xd0, 0xe7, 0x0b, 0x94, 0x4a,
278 0x45, 0xd2, 0x6c, 0x4f, 0x20, 0x06, 0xef, 0x71, 0xa9, 0x25, 0x7f, 0x24, 0xb1, 0xd9, 0x40, 0x22,
279 0x49, 0x54, 0x10, 0xc2, 0x22, 0x9d, 0x27, 0xfe, 0xbd, 0xd6, 0xd6, 0xeb, 0x2d, 0x42, 0x1d, 0xa3};
280 unsigned char str[] = "etaonrishd";
282 unsigned char md[SHA512_DIGEST_LENGTH];
285 if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha512())) return 0;
286 if (memcmp(md,digest,sizeof(md)))
291 /* HMAC-SHA1: generate hash of known digest value and compare to known
292 precomputed correct hash
294 static int FIPS_hmac_sha1_test()
296 unsigned char key[] = "etaonrishd";
297 unsigned char iv[] = "Sample text";
298 unsigned char kaval[EVP_MAX_MD_SIZE] =
299 {0x73, 0xf7, 0xa0, 0x48, 0xf8, 0x94, 0xed, 0xdd, 0x0a, 0xea, 0xea, 0x56, 0x1b, 0x61, 0x2e, 0x70,
300 0xb2, 0xfb, 0xec, 0xc6};
302 unsigned char out[EVP_MAX_MD_SIZE];
306 if (!HMAC(EVP_sha1(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
307 if (memcmp(out,kaval,outlen))
312 /* HMAC-SHA224: generate hash of known digest value and compare to known
313 precomputed correct hash
315 static int FIPS_hmac_sha224_test()
317 unsigned char key[] = "etaonrishd";
318 unsigned char iv[] = "Sample text";
319 unsigned char kaval[EVP_MAX_MD_SIZE] =
320 {0x75, 0x58, 0xd5, 0xbd, 0x55, 0x6d, 0x87, 0x0f, 0x75, 0xff, 0xbe, 0x1c, 0xb2, 0xf0, 0x20, 0x35,
321 0xe5, 0x62, 0x49, 0xb6, 0x94, 0xb9, 0xfc, 0x65, 0x34, 0x33, 0x3a, 0x19};
323 unsigned char out[EVP_MAX_MD_SIZE];
327 if (!HMAC(EVP_sha224(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
328 if (memcmp(out,kaval,outlen))
333 /* HMAC-SHA256: generate hash of known digest value and compare to known
334 precomputed correct hash
336 static int FIPS_hmac_sha256_test()
338 unsigned char key[] = "etaonrishd";
339 unsigned char iv[] = "Sample text";
340 unsigned char kaval[EVP_MAX_MD_SIZE] =
341 {0xe9, 0x17, 0xc1, 0x7b, 0x4c, 0x6b, 0x77, 0xda, 0xd2, 0x30, 0x36, 0x02, 0xf5, 0x72, 0x33, 0x87,
342 0x9f, 0xc6, 0x6e, 0x7b, 0x7e, 0xa8, 0xea, 0xaa, 0x9f, 0xba, 0xee, 0x51, 0xff, 0xda, 0x24, 0xf4};
344 unsigned char out[EVP_MAX_MD_SIZE];
348 if (!HMAC(EVP_sha256(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
349 if (memcmp(out,kaval,outlen))
354 /* HMAC-SHA384: generate hash of known digest value and compare to known
355 precomputed correct hash
357 static int FIPS_hmac_sha384_test()
359 unsigned char key[] = "etaonrishd";
360 unsigned char iv[] = "Sample text";
361 unsigned char kaval[EVP_MAX_MD_SIZE] =
362 {0xb2, 0x9d, 0x40, 0x58, 0x32, 0xc4, 0xe3, 0x31, 0xb6, 0x63, 0x08, 0x26, 0x99, 0xef, 0x3b, 0x10,
363 0xe2, 0xdf, 0xf8, 0xff, 0xc6, 0xe1, 0x03, 0x29, 0x81, 0x2a, 0x1b, 0xac, 0xb0, 0x07, 0x39, 0x08,
364 0xf3, 0x91, 0x35, 0x11, 0x76, 0xd6, 0x4c, 0x20, 0xfb, 0x4d, 0xc3, 0xf3, 0xb8, 0x9b, 0x88, 0x1c};
366 unsigned char out[EVP_MAX_MD_SIZE];
370 if (!HMAC(EVP_sha384(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
371 if (memcmp(out,kaval,outlen))
376 /* HMAC-SHA512: generate hash of known digest value and compare to known
377 precomputed correct hash
379 static int FIPS_hmac_sha512_test()
381 unsigned char key[] = "etaonrishd";
382 unsigned char iv[] = "Sample text";
383 unsigned char kaval[EVP_MAX_MD_SIZE] =
384 {0xcd, 0x3e, 0xb9, 0x51, 0xb8, 0xbc, 0x7f, 0x9a, 0x23, 0xaf, 0xf3, 0x77, 0x59, 0x85, 0xa9, 0xe6,
385 0xf7, 0xd1, 0x51, 0x96, 0x17, 0xe0, 0x92, 0xd8, 0xa6, 0x3b, 0xc1, 0xad, 0x7e, 0x24, 0xca, 0xb1,
386 0xd7, 0x79, 0x0a, 0xa5, 0xea, 0x2c, 0x02, 0x58, 0x0b, 0xa6, 0x52, 0x6b, 0x61, 0x7f, 0xeb, 0x9c,
387 0x47, 0x86, 0x5d, 0x74, 0x2b, 0x88, 0xdf, 0xee, 0x46, 0x69, 0x96, 0x3d, 0xa6, 0xd9, 0x2a, 0x53};
389 unsigned char out[EVP_MAX_MD_SIZE];
393 if (!HMAC(EVP_sha512(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
394 if (memcmp(out,kaval,outlen))
399 /* CMAC-AES128: generate hash of known digest value and compare to known
400 precomputed correct hash
402 static int FIPS_cmac_aes128_test()
404 unsigned char key[16] = { 0x2b,0x7e,0x15,0x16, 0x28,0xae,0xd2,0xa6,
405 0xab,0xf7,0x15,0x88, 0x09,0xcf,0x4f,0x3c, };
406 unsigned char data[] = "Sample text";
407 unsigned char kaval[EVP_MAX_MD_SIZE] =
408 { 0x16,0x83,0xfe,0xac, 0x52,0x9b,0xae,0x23,
409 0xd7,0xd5,0x66,0xf5, 0xd2,0x8d,0xbd,0x2a, };
411 unsigned char *out = NULL;
413 CMAC_CTX *ctx = CMAC_CTX_new();
420 if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_128_cbc(),NULL))
422 if (!CMAC_Update(ctx,data,sizeof(data)-1))
424 /* This should return 1. If not, there's a programming error... */
425 if (!CMAC_Final(ctx, out, &outlen))
427 out = OPENSSL_malloc(outlen);
428 if (!CMAC_Final(ctx, out, &outlen))
432 char *hexout = OPENSSL_malloc(outlen * 2 + 1);
433 bin2hex(out, outlen, hexout);
434 printf("CMAC-AES128: res = %s\n", hexout);
435 OPENSSL_free(hexout);
439 if (!memcmp(out,kaval,outlen))
449 /* CMAC-AES192: generate hash of known digest value and compare to known
450 precomputed correct hash
452 static int FIPS_cmac_aes192_test()
454 unsigned char key[] = { 0x8e,0x73,0xb0,0xf7, 0xda,0x0e,0x64,0x52,
455 0xc8,0x10,0xf3,0x2b, 0x80,0x90,0x79,0xe5,
456 0x62,0xf8,0xea,0xd2, 0x52,0x2c,0x6b,0x7b, };
457 unsigned char data[] = "Sample text";
458 unsigned char kaval[] =
459 { 0xd6,0x99,0x19,0x25, 0xe5,0x1d,0x95,0x48,
460 0xb1,0x4a,0x0b,0xf2, 0xc6,0x3c,0x47,0x1f, };
462 unsigned char *out = NULL;
464 CMAC_CTX *ctx = CMAC_CTX_new();
471 if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_192_cbc(),NULL))
473 if (!CMAC_Update(ctx,data,sizeof(data)-1))
475 /* This should return 1. If not, there's a programming error... */
476 if (!CMAC_Final(ctx, out, &outlen))
478 out = OPENSSL_malloc(outlen);
479 if (!CMAC_Final(ctx, out, &outlen))
483 char *hexout = OPENSSL_malloc(outlen * 2 + 1);
484 bin2hex(out, outlen, hexout);
485 printf("CMAC-AES192: res = %s\n", hexout);
486 OPENSSL_free(hexout);
490 if (!memcmp(out,kaval,outlen))
500 /* CMAC-AES256: generate hash of known digest value and compare to known
501 precomputed correct hash
503 static int FIPS_cmac_aes256_test()
505 unsigned char key[] = { 0x60,0x3d,0xeb,0x10, 0x15,0xca,0x71,0xbe,
506 0x2b,0x73,0xae,0xf0, 0x85,0x7d,0x77,0x81,
507 0x1f,0x35,0x2c,0x07, 0x3b,0x61,0x08,0xd7,
508 0x2d,0x98,0x10,0xa3, 0x09,0x14,0xdf,0xf4, };
509 unsigned char data[] = "Sample text";
510 unsigned char kaval[] =
511 { 0xec,0xc2,0xcf,0x63, 0xc7,0xce,0xfc,0xa4,
512 0xb0,0x86,0x37,0x5f, 0x15,0x60,0xba,0x1f, };
514 unsigned char *out = NULL;
516 CMAC_CTX *ctx = CMAC_CTX_new();
523 if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_256_cbc(),NULL))
525 if (!CMAC_Update(ctx,data,sizeof(data)-1))
527 /* This should return 1. If not, there's a programming error... */
528 if (!CMAC_Final(ctx, out, &outlen))
530 out = OPENSSL_malloc(outlen);
531 if (!CMAC_Final(ctx, out, &outlen))
535 char *hexout = OPENSSL_malloc(outlen * 2 + 1);
536 bin2hex(out, outlen, hexout);
537 printf("CMAC-AES256: res = %s\n", hexout);
538 OPENSSL_free(hexout);
542 if (!memcmp(out,kaval,outlen))
552 /* CMAC-TDEA3: generate hash of known digest value and compare to known
553 precomputed correct hash
555 static int FIPS_cmac_tdea3_test()
557 unsigned char key[] = { 0x8a,0xa8,0x3b,0xf8, 0xcb,0xda,0x10,0x62,
558 0x0b,0xc1,0xbf,0x19, 0xfb,0xb6,0xcd,0x58,
559 0xbc,0x31,0x3d,0x4a, 0x37,0x1c,0xa8,0xb5, };
560 unsigned char data[] = "Sample text";
561 unsigned char kaval[EVP_MAX_MD_SIZE] =
562 { 0xb4,0x06,0x4e,0xbf, 0x59,0x89,0xba,0x68, };
564 unsigned char *out = NULL;
566 CMAC_CTX *ctx = CMAC_CTX_new();
573 if (!CMAC_Init(ctx,key,sizeof(key),EVP_des_ede3_cbc(),NULL))
575 if (!CMAC_Update(ctx,data,sizeof(data)-1))
577 /* This should return 1. If not, there's a programming error... */
578 if (!CMAC_Final(ctx, out, &outlen))
580 out = OPENSSL_malloc(outlen);
581 if (!CMAC_Final(ctx, out, &outlen))
585 char *hexout = OPENSSL_malloc(outlen * 2 + 1);
586 bin2hex(out, outlen, hexout);
587 printf("CMAC-TDEA3: res = %s\n", hexout);
588 OPENSSL_free(hexout);
592 if (!memcmp(out,kaval,outlen))
603 /* DH: generate shared parameters
612 if (!DH_generate_parameters_ex(dh, 1024, 2, NULL))
624 unsigned char userkey[16] =
625 { 0x48, 0x50, 0xf0, 0xa3, 0x3a, 0xed, 0xd3, 0xaf, 0x6e, 0x47, 0x7f, 0x83, 0x02, 0xb1, 0x09, 0x68 };
629 key = FIPS_rsa_new();
633 BN_set_word(bn, 65537);
634 if (!RSA_generate_key_ex(key, 1024,bn,NULL))
638 n = BN_num_bytes(key->d);
639 printf(" Generated %d byte RSA private key\n", n);
640 printf("\tBN key before overwriting:\n");
641 do_bn_print(stdout, key->d);
642 BN_rand(key->d,n*8,-1,0);
643 printf("\tBN key after overwriting:\n");
644 do_bn_print(stdout, key->d);
646 printf("\tchar buffer key before overwriting: \n\t\t");
647 for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
649 RAND_bytes(userkey, sizeof userkey);
650 printf("\tchar buffer key after overwriting: \n\t\t");
651 for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
657 /* Dummy Entropy for DRBG tests. WARNING: THIS IS TOTALLY BOGUS
658 * HAS ZERO SECURITY AND MUST NOT BE USED IN REAL APPLICATIONS.
661 static unsigned char dummy_drbg_entropy[1024];
663 static size_t drbg_test_cb(DRBG_CTX *ctx, unsigned char **pout,
664 int entropy, size_t min_len, size_t max_len)
666 *pout = dummy_drbg_entropy;
667 /* Round up to multiple of block size */
668 return (min_len + 0xf) & ~0xf;
671 /* DRBG test: just generate lots of data and trigger health checks */
673 static int do_drbg_test(int type, int flags)
678 unsigned char randout[1024];
679 dctx = FIPS_drbg_new(type, flags);
682 FIPS_drbg_set_callbacks(dctx, drbg_test_cb, 0, 0x10, drbg_test_cb, 0);
683 for (i = 0; i < sizeof(dummy_drbg_entropy); i++)
685 dummy_drbg_entropy[i] = i & 0xff;
687 if (!FIPS_drbg_instantiate(dctx, dummy_drbg_entropy, 10))
689 FIPS_drbg_set_check_interval(dctx, 10);
690 for (i = 0; i < 32; i++)
692 if (!FIPS_drbg_generate(dctx, randout, sizeof(randout), 0, NULL, 0))
694 if (!FIPS_drbg_generate(dctx, randout, sizeof(randout), 0, dummy_drbg_entropy, 1))
699 FIPS_drbg_uninstantiate(dctx);
708 static int do_drbg_all(void)
710 static DRBG_LIST drbg_types[] =
717 {NID_hmacWithSHA1, 0},
718 {NID_hmacWithSHA224, 0},
719 {NID_hmacWithSHA256, 0},
720 {NID_hmacWithSHA384, 0},
721 {NID_hmacWithSHA512, 0},
722 {NID_aes_128_ctr, 0},
723 {NID_aes_192_ctr, 0},
724 {NID_aes_256_ctr, 0},
725 {NID_aes_128_ctr, DRBG_FLAG_CTR_USE_DF},
726 {NID_aes_192_ctr, DRBG_FLAG_CTR_USE_DF},
727 {NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF},
728 {(NID_X9_62_prime256v1 << 16)|NID_sha1, 0},
729 {(NID_X9_62_prime256v1 << 16)|NID_sha224, 0},
730 {(NID_X9_62_prime256v1 << 16)|NID_sha256, 0},
731 {(NID_X9_62_prime256v1 << 16)|NID_sha384, 0},
732 {(NID_X9_62_prime256v1 << 16)|NID_sha512, 0},
733 {(NID_secp384r1 << 16)|NID_sha224, 0},
734 {(NID_secp384r1 << 16)|NID_sha256, 0},
735 {(NID_secp384r1 << 16)|NID_sha384, 0},
736 {(NID_secp384r1 << 16)|NID_sha512, 0},
737 {(NID_secp521r1 << 16)|NID_sha256, 0},
738 {(NID_secp521r1 << 16)|NID_sha384, 0},
739 {(NID_secp521r1 << 16)|NID_sha512, 0},
744 for (lst = drbg_types;; lst++)
748 if (!do_drbg_test(lst->type, lst->flags))
755 static const char * Fail(const char *msg)
761 static void test_msg(const char *msg, int result)
763 printf("%s...%s\n", msg, result ? "successful" : Fail("Failed!"));
766 /* Table of IDs for POST translating between NIDs and names */
774 POST_ID id_list[] = {
776 {NID_sha224, "SHA224"},
777 {NID_sha256, "SHA256"},
778 {NID_sha384, "SHA384"},
779 {NID_sha512, "SHA512"},
780 {NID_hmacWithSHA1, "HMAC-SHA1"},
781 {NID_hmacWithSHA224, "HMAC-SHA224"},
782 {NID_hmacWithSHA256, "HMAC-SHA256"},
783 {NID_hmacWithSHA384, "HMAC-SHA384"},
784 {NID_hmacWithSHA512, "HMAC-SHA512"},
785 {EVP_PKEY_RSA, "RSA"},
786 {EVP_PKEY_DSA, "DSA"},
787 {EVP_PKEY_EC, "ECDSA"},
788 {NID_aes_128_cbc, "AES-128-CBC"},
789 {NID_aes_192_cbc, "AES-192-CBC"},
790 {NID_aes_256_cbc, "AES-256-CBC"},
791 {NID_aes_128_ctr, "AES-128-CTR"},
792 {NID_aes_192_ctr, "AES-192-CTR"},
793 {NID_aes_256_ctr, "AES-256-CTR"},
794 {NID_aes_128_ecb, "AES-128-ECB"},
795 {NID_aes_128_xts, "AES-128-XTS"},
796 {NID_aes_256_xts, "AES-256-XTS"},
797 {NID_des_ede3_cbc, "DES-EDE3-CBC"},
798 {NID_des_ede3_ecb, "DES-EDE3-ECB"},
799 {NID_secp224r1, "P-224"},
800 {NID_sect233r1, "B-233"},
801 {NID_sect233k1, "K-233"},
802 {NID_X9_62_prime256v1, "P-256"},
803 {NID_secp384r1, "P-384"},
804 {NID_secp521r1, "P-521"},
808 static const char *lookup_id(int id)
812 for (n = id_list; n->name; n++)
817 sprintf(out, "ID=%d", id);
821 static int fail_id = -1;
822 static int fail_sub = -1;
823 static int fail_key = -1;
825 static int post_cb(int op, int id, int subid, void *ex)
827 const char *idstr, *exstr = "";
830 #ifdef FIPS_POST_TIME
831 static struct timespec start, end, tstart, tend;
835 case FIPS_TEST_INTEGRITY:
839 case FIPS_TEST_DIGEST:
841 exstr = lookup_id(subid);
844 case FIPS_TEST_CIPHER:
845 exstr = lookup_id(subid);
849 case FIPS_TEST_SIGNATURE:
853 keytype = pkey->type;
854 if (keytype == EVP_PKEY_EC)
858 grp = EC_KEY_get0_group(pkey->pkey.ec);
859 cnid = EC_GROUP_get_curve_name(grp);
860 sprintf(asctmp, "ECDSA %s", lookup_id(cnid));
864 exstr = lookup_id(keytype);
870 exstr = lookup_id(subid);
876 exstr = lookup_id(subid);
885 exstr = lookup_id(subid);
893 idstr = "X9.31 PRNG";
894 sprintf(asctmp, "keylen=%d", subid);
900 if (*(int *)ex & DRBG_FLAG_CTR_USE_DF)
902 sprintf(asctmp, "%s DF", lookup_id(subid));
905 else if (subid >> 16)
907 sprintf(asctmp, "%s %s",
908 lookup_id(subid >> 16),
909 lookup_id(subid & 0xFFFF));
913 exstr = lookup_id(subid);
916 case FIPS_TEST_PAIRWISE:
920 keytype = pkey->type;
921 exstr = lookup_id(keytype);
923 idstr = "Pairwise Consistency";
926 case FIPS_TEST_CONTINUOUS:
927 idstr = "Continuous PRNG";
932 exstr = lookup_id(subid);
943 case FIPS_POST_BEGIN:
944 #ifdef FIPS_POST_TIME
945 clock_getres(CLOCK_REALTIME, &tstart);
946 printf("\tTimer resolution %ld s, %ld ns\n",
947 (long)tstart.tv_sec, (long)tstart.tv_nsec);
948 clock_gettime(CLOCK_REALTIME, &tstart);
950 printf("\tPOST started\n");
954 printf("\tPOST %s\n", id ? "Success" : "Failed");
955 #ifdef FIPS_POST_TIME
956 clock_gettime(CLOCK_REALTIME, &tend);
957 printf("\t\tTook %f seconds\n",
958 (double)((tend.tv_sec+tend.tv_nsec*1e-9)
959 - (tstart.tv_sec+tstart.tv_nsec*1e-9)));
963 case FIPS_POST_STARTED:
964 printf("\t\t%s %s test started\n", idstr, exstr);
965 #ifdef FIPS_POST_TIME
966 clock_gettime(CLOCK_REALTIME, &start);
970 case FIPS_POST_SUCCESS:
971 printf("\t\t%s %s test OK\n", idstr, exstr);
972 #ifdef FIPS_POST_TIME
973 clock_gettime(CLOCK_REALTIME, &end);
974 printf("\t\t\tTook %f seconds\n",
975 (double)((end.tv_sec+end.tv_nsec*1e-9)
976 - (start.tv_sec+start.tv_nsec*1e-9)));
981 printf("\t\t%s %s test FAILED!!\n", idstr, exstr);
984 case FIPS_POST_CORRUPT:
986 && (fail_key == -1 || fail_key == keytype)
987 && (fail_sub == -1 || fail_sub == subid))
989 printf("\t\t%s %s test failure induced\n", idstr, exstr);
998 int main(int argc,char **argv)
1000 int bad_rsa = 0, bad_dsa = 0;
1001 int do_rng_stick = 0;
1002 int do_drbg_stick = 0;
1006 FIPS_post_set_callback(post_cb);
1008 printf("\tFIPS-mode test application\n");
1010 printf("\t%s\n\n", FIPS_module_version_text());
1013 /* Corrupted KAT tests */
1014 if (!strcmp(argv[1], "integrity")) {
1015 fail_id = FIPS_TEST_INTEGRITY;
1016 } else if (!strcmp(argv[1], "aes")) {
1017 fail_id = FIPS_TEST_CIPHER;
1018 fail_sub = NID_aes_128_ecb;
1019 } else if (!strcmp(argv[1], "aes-ccm")) {
1020 fail_id = FIPS_TEST_CCM;
1021 } else if (!strcmp(argv[1], "aes-gcm")) {
1022 fail_id = FIPS_TEST_GCM;
1023 } else if (!strcmp(argv[1], "aes-xts")) {
1024 fail_id = FIPS_TEST_XTS;
1025 } else if (!strcmp(argv[1], "des")) {
1026 fail_id = FIPS_TEST_CIPHER;
1027 fail_sub = NID_des_ede3_ecb;
1028 } else if (!strcmp(argv[1], "dsa")) {
1029 fail_id = FIPS_TEST_SIGNATURE;
1030 fail_key = EVP_PKEY_DSA;
1031 } else if (!strcmp(argv[1], "ecdh")) {
1032 fail_id = FIPS_TEST_ECDH;
1033 } else if (!strcmp(argv[1], "ecdsa")) {
1034 fail_id = FIPS_TEST_SIGNATURE;
1035 fail_key = EVP_PKEY_EC;
1036 } else if (!strcmp(argv[1], "rsa")) {
1037 fail_id = FIPS_TEST_SIGNATURE;
1038 fail_key = EVP_PKEY_RSA;
1039 } else if (!strcmp(argv[1], "rsakey")) {
1040 printf("RSA key generation and signature validation with corrupted key...\n");
1043 } else if (!strcmp(argv[1], "rsakeygen")) {
1044 fail_id = FIPS_TEST_PAIRWISE;
1045 fail_key = EVP_PKEY_RSA;
1047 } else if (!strcmp(argv[1], "dsakey")) {
1048 printf("DSA key generation and signature validation with corrupted key...\n");
1051 } else if (!strcmp(argv[1], "dsakeygen")) {
1052 fail_id = FIPS_TEST_PAIRWISE;
1053 fail_key = EVP_PKEY_DSA;
1055 } else if (!strcmp(argv[1], "sha1")) {
1056 fail_id = FIPS_TEST_DIGEST;
1057 } else if (!strcmp(argv[1], "hmac")) {
1058 fail_id = FIPS_TEST_HMAC;
1059 } else if (!strcmp(argv[1], "cmac")) {
1060 fail_id = FIPS_TEST_CMAC;
1061 } else if (!strcmp(argv[1], "drbg")) {
1062 fail_id = FIPS_TEST_DRBG;
1063 } else if (!strcmp(argv[1], "rng")) {
1064 fail_id = FIPS_TEST_X931;
1065 } else if (!strcmp(argv[1], "nodh")) {
1068 } else if (!strcmp(argv[1], "post")) {
1070 } else if (!strcmp(argv[1], "rngstick")) {
1073 printf("RNG test with stuck continuous test...\n");
1074 } else if (!strcmp(argv[1], "drbgentstick")) {
1076 } else if (!strcmp(argv[1], "drbgstick")) {
1079 printf("DRBG test with stuck continuous test...\n");
1081 printf("Bad argument \"%s\"\n", argv[1]);
1085 fips_algtest_init_nofips();
1086 if (!FIPS_module_mode_set(1)) {
1087 printf("Power-up self test failed\n");
1090 printf("Power-up self test successful\n");
1095 fips_algtest_init_nofips();
1097 /* Non-Approved cryptographic operation
1099 printf("1. Non-Approved cryptographic operation test...\n");
1101 printf("\t D-H test skipped\n");
1103 test_msg("\ta. Included algorithm (D-H)...", dh_test());
1105 /* Power-up self test
1108 test_msg("2. Automatic power-up self test", FIPS_module_mode_set(1));
1109 if (!FIPS_module_mode())
1116 /* AES encryption/decryption
1118 test_msg("3a. AES encryption/decryption", FIPS_aes_test());
1119 /* AES GCM encryption/decryption
1121 test_msg("3b. AES-GCM encryption/decryption", FIPS_aes_gcm_test());
1123 /* RSA key generation and encryption/decryption
1125 test_msg("4. RSA key generation and encryption/decryption",
1126 FIPS_rsa_test(bad_rsa));
1128 /* DES-CBC encryption/decryption
1130 test_msg("5. DES-ECB encryption/decryption", FIPS_des3_test());
1132 /* DSA key generation and signature validation
1134 test_msg("6. DSA key generation and signature validation",
1135 FIPS_dsa_test(bad_dsa));
1139 test_msg("7a. SHA-1 hash", FIPS_sha1_test());
1143 test_msg("7b. SHA-256 hash", FIPS_sha256_test());
1147 test_msg("7c. SHA-512 hash", FIPS_sha512_test());
1151 test_msg("7d. HMAC-SHA-1 hash", FIPS_hmac_sha1_test());
1153 /* HMAC-SHA-224 hash
1155 test_msg("7e. HMAC-SHA-224 hash", FIPS_hmac_sha224_test());
1157 /* HMAC-SHA-256 hash
1159 test_msg("7f. HMAC-SHA-256 hash", FIPS_hmac_sha256_test());
1161 /* HMAC-SHA-384 hash
1163 test_msg("7g. HMAC-SHA-384 hash", FIPS_hmac_sha384_test());
1165 /* HMAC-SHA-512 hash
1167 test_msg("7h. HMAC-SHA-512 hash", FIPS_hmac_sha512_test());
1169 /* CMAC-AES-128 hash
1171 test_msg("8a. CMAC-AES-128 hash", FIPS_cmac_aes128_test());
1173 /* CMAC-AES-192 hash
1175 test_msg("8b. CMAC-AES-192 hash", FIPS_cmac_aes192_test());
1177 /* CMAC-AES-256 hash
1179 test_msg("8c. CMAC-AES-256 hash", FIPS_cmac_aes256_test());
1181 # if 0 /* Not a FIPS algorithm */
1184 test_msg("8d. CMAC-TDEA-2 hash", FIPS_cmac_tdea2_test());
1189 test_msg("8e. CMAC-TDEA-3 hash", FIPS_cmac_tdea3_test());
1191 /* Non-Approved cryptographic operation
1193 printf("9. Non-Approved cryptographic operation test...\n");
1194 printf("\ta. Included algorithm (D-H)...%s\n",
1196 dh_test() ? "successful as expected"
1197 : Fail("failed INCORRECTLY!") );
1201 printf("10. Zero-ization...\n\t%s\n",
1202 Zeroize() ? "successful as expected"
1203 : Fail("failed INCORRECTLY!") );
1205 printf("11. Complete DRBG health check...\n");
1206 printf("\t%s\n", FIPS_selftest_drbg_all() ? "successful as expected"
1207 : Fail("failed INCORRECTLY!") );
1209 printf("12. DRBG generation check...\n");
1210 printf("\t%s\n", do_drbg_all() ? "successful as expected"
1211 : Fail("failed INCORRECTLY!") );
1213 printf("\nAll tests completed with %d errors\n", Error);
1214 return Error ? 1 : 0;