1 /* ====================================================================
2 * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
5 * This command is intended as a test driver for the FIPS-140 testing
6 * lab performing FIPS-140 validation. It demonstrates the use of the
7 * OpenSSL library ito perform a variety of common cryptographic
8 * functions. A power-up self test is demonstrated by deliberately
9 * pointing to an invalid executable hash
11 * Contributed by Steve Marquess.
19 #include <openssl/aes.h>
20 #include <openssl/des.h>
21 #include <openssl/rsa.h>
22 #include <openssl/dsa.h>
23 #include <openssl/hmac.h>
24 #include <openssl/err.h>
25 #include <openssl/fips.h>
26 #include <openssl/bn.h>
27 #include <openssl/rand.h>
28 #include <openssl/sha.h>
32 int main(int argc, char *argv[])
34 printf("No FIPS support\n");
41 /* AES: encrypt and decrypt known plaintext, verify result matches original plaintext
43 static int FIPS_aes_test(void)
46 unsigned char pltmp[16];
47 unsigned char citmp[16];
48 unsigned char key[16] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
49 unsigned char plaintext[16] = "etaonrishdlcu";
51 EVP_CIPHER_CTX_init(&ctx);
52 if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(),NULL, key, NULL, 1) <= 0)
54 EVP_Cipher(&ctx, citmp, plaintext, 16);
55 if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(),NULL, key, NULL, 0) <= 0)
57 EVP_Cipher(&ctx, pltmp, citmp, 16);
58 if (memcmp(pltmp, plaintext, 16))
62 EVP_CIPHER_CTX_cleanup(&ctx);
66 static int FIPS_des3_test(void)
69 unsigned char pltmp[8];
70 unsigned char citmp[8];
71 unsigned char key[] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,
73 unsigned char plaintext[] = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' };
75 EVP_CIPHER_CTX_init(&ctx);
76 if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(),NULL, key, NULL, 1) <= 0)
78 EVP_Cipher(&ctx, citmp, plaintext, 8);
79 if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(),NULL, key, NULL, 0) <= 0)
81 EVP_Cipher(&ctx, pltmp, citmp, 8);
82 if (memcmp(pltmp, plaintext, 8))
86 EVP_CIPHER_CTX_cleanup(&ctx);
91 * DSA: generate keys and sign, verify input plaintext.
93 static int FIPS_dsa_test(int bad)
97 unsigned char dgst[] = "etaonrishdlc";
98 unsigned char buf[60];
104 EVP_MD_CTX_init(&mctx);
105 dsa = FIPS_dsa_new();
108 if (!DSA_generate_parameters_ex(dsa, 1024,NULL,0,NULL,NULL,NULL))
110 if (!DSA_generate_key(dsa))
113 BN_add_word(dsa->pub_key, 1);
115 pk.type = EVP_PKEY_DSA;
118 if (!EVP_SignInit_ex(&mctx, EVP_dss1(), NULL))
120 if (!EVP_SignUpdate(&mctx, dgst, sizeof(dgst) - 1))
122 if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
125 if (!EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL))
127 if (!EVP_VerifyUpdate(&mctx, dgst, sizeof(dgst) - 1))
129 r = EVP_VerifyFinal(&mctx, buf, slen, &pk);
131 EVP_MD_CTX_cleanup(&mctx);
140 * RSA: generate keys and sign, verify input plaintext.
142 static int FIPS_rsa_test(int bad)
145 unsigned char input_ptext[] = "etaonrishdlc";
146 unsigned char buf[256];
154 EVP_MD_CTX_init(&mctx);
155 key = FIPS_rsa_new();
159 BN_set_word(bn, 65537);
160 if (!RSA_generate_key_ex(key, 1024,bn,NULL))
164 BN_add_word(key->n, 1);
166 pk.type = EVP_PKEY_RSA;
169 if (!EVP_SignInit_ex(&mctx, EVP_sha1(), NULL))
171 if (!EVP_SignUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
173 if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
176 if (!EVP_VerifyInit_ex(&mctx, EVP_sha1(), NULL))
178 if (!EVP_VerifyUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
180 r = EVP_VerifyFinal(&mctx, buf, slen, &pk);
182 EVP_MD_CTX_cleanup(&mctx);
190 /* SHA1: generate hash of known digest value and compare to known
191 precomputed correct hash
193 static int FIPS_sha1_test()
195 unsigned char digest[SHA_DIGEST_LENGTH] =
196 { 0x11, 0xf1, 0x9a, 0x3a, 0xec, 0x1a, 0x1e, 0x8e, 0x65, 0xd4, 0x9a, 0x38, 0x0c, 0x8b, 0x1e, 0x2c, 0xe8, 0xb3, 0xc5, 0x18 };
197 unsigned char str[] = "etaonrishd";
199 unsigned char md[SHA_DIGEST_LENGTH];
202 if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha1(), NULL)) return 0;
203 if (memcmp(md,digest,sizeof(md)))
208 /* SHA256: generate hash of known digest value and compare to known
209 precomputed correct hash
211 static int FIPS_sha256_test()
213 unsigned char digest[SHA256_DIGEST_LENGTH] =
214 {0xf5, 0x53, 0xcd, 0xb8, 0xcf, 0x1, 0xee, 0x17, 0x9b, 0x93, 0xc9, 0x68, 0xc0, 0xea, 0x40, 0x91,
215 0x6, 0xec, 0x8e, 0x11, 0x96, 0xc8, 0x5d, 0x1c, 0xaf, 0x64, 0x22, 0xe6, 0x50, 0x4f, 0x47, 0x57};
216 unsigned char str[] = "etaonrishd";
218 unsigned char md[SHA256_DIGEST_LENGTH];
221 if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha256(), NULL)) return 0;
222 if (memcmp(md,digest,sizeof(md)))
227 /* SHA512: generate hash of known digest value and compare to known
228 precomputed correct hash
230 static int FIPS_sha512_test()
232 unsigned char digest[SHA512_DIGEST_LENGTH] =
233 {0x99, 0xc9, 0xe9, 0x5b, 0x88, 0xd4, 0x78, 0x88, 0xdf, 0x88, 0x5f, 0x94, 0x71, 0x64, 0x28, 0xca,
234 0x16, 0x1f, 0x3d, 0xf4, 0x1f, 0xf3, 0x0f, 0xc5, 0x03, 0x99, 0xb2, 0xd0, 0xe7, 0x0b, 0x94, 0x4a,
235 0x45, 0xd2, 0x6c, 0x4f, 0x20, 0x06, 0xef, 0x71, 0xa9, 0x25, 0x7f, 0x24, 0xb1, 0xd9, 0x40, 0x22,
236 0x49, 0x54, 0x10, 0xc2, 0x22, 0x9d, 0x27, 0xfe, 0xbd, 0xd6, 0xd6, 0xeb, 0x2d, 0x42, 0x1d, 0xa3};
237 unsigned char str[] = "etaonrishd";
239 unsigned char md[SHA512_DIGEST_LENGTH];
242 if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha512(), NULL)) return 0;
243 if (memcmp(md,digest,sizeof(md)))
248 /* HMAC-SHA1: generate hash of known digest value and compare to known
249 precomputed correct hash
251 static int FIPS_hmac_sha1_test()
253 unsigned char key[] = "etaonrishd";
254 unsigned char iv[] = "Sample text";
255 unsigned char kaval[EVP_MAX_MD_SIZE] =
256 {0x73, 0xf7, 0xa0, 0x48, 0xf8, 0x94, 0xed, 0xdd, 0x0a, 0xea, 0xea, 0x56, 0x1b, 0x61, 0x2e, 0x70,
257 0xb2, 0xfb, 0xec, 0xc6};
259 unsigned char out[EVP_MAX_MD_SIZE];
263 if (!HMAC(EVP_sha1(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
264 if (memcmp(out,kaval,outlen))
269 /* HMAC-SHA224: generate hash of known digest value and compare to known
270 precomputed correct hash
272 static int FIPS_hmac_sha224_test()
274 unsigned char key[] = "etaonrishd";
275 unsigned char iv[] = "Sample text";
276 unsigned char kaval[EVP_MAX_MD_SIZE] =
277 {0x75, 0x58, 0xd5, 0xbd, 0x55, 0x6d, 0x87, 0x0f, 0x75, 0xff, 0xbe, 0x1c, 0xb2, 0xf0, 0x20, 0x35,
278 0xe5, 0x62, 0x49, 0xb6, 0x94, 0xb9, 0xfc, 0x65, 0x34, 0x33, 0x3a, 0x19};
280 unsigned char out[EVP_MAX_MD_SIZE];
284 if (!HMAC(EVP_sha224(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
285 if (memcmp(out,kaval,outlen))
290 /* HMAC-SHA256: generate hash of known digest value and compare to known
291 precomputed correct hash
293 static int FIPS_hmac_sha256_test()
295 unsigned char key[] = "etaonrishd";
296 unsigned char iv[] = "Sample text";
297 unsigned char kaval[EVP_MAX_MD_SIZE] =
298 {0xe9, 0x17, 0xc1, 0x7b, 0x4c, 0x6b, 0x77, 0xda, 0xd2, 0x30, 0x36, 0x02, 0xf5, 0x72, 0x33, 0x87,
299 0x9f, 0xc6, 0x6e, 0x7b, 0x7e, 0xa8, 0xea, 0xaa, 0x9f, 0xba, 0xee, 0x51, 0xff, 0xda, 0x24, 0xf4};
301 unsigned char out[EVP_MAX_MD_SIZE];
305 if (!HMAC(EVP_sha256(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
306 if (memcmp(out,kaval,outlen))
311 /* HMAC-SHA384: generate hash of known digest value and compare to known
312 precomputed correct hash
314 static int FIPS_hmac_sha384_test()
316 unsigned char key[] = "etaonrishd";
317 unsigned char iv[] = "Sample text";
318 unsigned char kaval[EVP_MAX_MD_SIZE] =
319 {0xb2, 0x9d, 0x40, 0x58, 0x32, 0xc4, 0xe3, 0x31, 0xb6, 0x63, 0x08, 0x26, 0x99, 0xef, 0x3b, 0x10,
320 0xe2, 0xdf, 0xf8, 0xff, 0xc6, 0xe1, 0x03, 0x29, 0x81, 0x2a, 0x1b, 0xac, 0xb0, 0x07, 0x39, 0x08,
321 0xf3, 0x91, 0x35, 0x11, 0x76, 0xd6, 0x4c, 0x20, 0xfb, 0x4d, 0xc3, 0xf3, 0xb8, 0x9b, 0x88, 0x1c};
323 unsigned char out[EVP_MAX_MD_SIZE];
327 if (!HMAC(EVP_sha384(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
328 if (memcmp(out,kaval,outlen))
333 /* HMAC-SHA512: generate hash of known digest value and compare to known
334 precomputed correct hash
336 static int FIPS_hmac_sha512_test()
338 unsigned char key[] = "etaonrishd";
339 unsigned char iv[] = "Sample text";
340 unsigned char kaval[EVP_MAX_MD_SIZE] =
341 {0xcd, 0x3e, 0xb9, 0x51, 0xb8, 0xbc, 0x7f, 0x9a, 0x23, 0xaf, 0xf3, 0x77, 0x59, 0x85, 0xa9, 0xe6,
342 0xf7, 0xd1, 0x51, 0x96, 0x17, 0xe0, 0x92, 0xd8, 0xa6, 0x3b, 0xc1, 0xad, 0x7e, 0x24, 0xca, 0xb1,
343 0xd7, 0x79, 0x0a, 0xa5, 0xea, 0x2c, 0x02, 0x58, 0x0b, 0xa6, 0x52, 0x6b, 0x61, 0x7f, 0xeb, 0x9c,
344 0x47, 0x86, 0x5d, 0x74, 0x2b, 0x88, 0xdf, 0xee, 0x46, 0x69, 0x96, 0x3d, 0xa6, 0xd9, 0x2a, 0x53};
346 unsigned char out[EVP_MAX_MD_SIZE];
350 if (!HMAC(EVP_sha512(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
351 if (memcmp(out,kaval,outlen))
357 /* DH: generate shared parameters
366 if (!DH_generate_parameters_ex(dh, 1024, 2, NULL))
378 unsigned char userkey[16] =
379 { 0x48, 0x50, 0xf0, 0xa3, 0x3a, 0xed, 0xd3, 0xaf, 0x6e, 0x47, 0x7f, 0x83, 0x02, 0xb1, 0x09, 0x68 };
382 key = FIPS_rsa_new();
386 BN_set_word(bn, 65537);
387 if (!RSA_generate_key_ex(key, 1024,bn,NULL))
391 n = BN_num_bytes(key->d);
392 printf(" Generated %d byte RSA private key\n", n);
393 printf("\tBN key before overwriting:\n");
394 do_bn_print(stdout, key->d);
395 BN_rand(key->d,n*8,-1,0);
396 printf("\tBN key after overwriting:\n");
397 do_bn_print(stdout, key->d);
399 printf("\tchar buffer key before overwriting: \n\t\t");
400 for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
402 RAND_bytes(userkey, sizeof userkey);
403 printf("\tchar buffer key after overwriting: \n\t\t");
404 for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
411 const char * Fail(const char *msg)
418 int main(int argc,char **argv)
421 int do_corrupt_rsa_keygen = 0, do_corrupt_dsa_keygen = 0;
422 int bad_rsa = 0, bad_dsa = 0;
423 int do_rng_stick = 0;
426 printf("\tFIPS-mode test application\n\n");
428 /* Load entropy from external file, if any */
429 RAND_load_file(".rnd", 1024);
432 /* Corrupted KAT tests */
433 if (!strcmp(argv[1], "aes")) {
435 printf("AES encryption/decryption with corrupted KAT...\n");
436 } else if (!strcmp(argv[1], "des")) {
438 printf("DES3-ECB encryption/decryption with corrupted KAT...\n");
439 } else if (!strcmp(argv[1], "dsa")) {
441 printf("DSA key generation and signature validation with corrupted KAT...\n");
442 } else if (!strcmp(argv[1], "rsa")) {
444 printf("RSA key generation and signature validation with corrupted KAT...\n");
445 } else if (!strcmp(argv[1], "rsakey")) {
446 printf("RSA key generation and signature validation with corrupted key...\n");
449 } else if (!strcmp(argv[1], "rsakeygen")) {
450 do_corrupt_rsa_keygen = 1;
452 printf("RSA key generation and signature validation with corrupted keygen...\n");
453 } else if (!strcmp(argv[1], "dsakey")) {
454 printf("DSA key generation and signature validation with corrupted key...\n");
457 } else if (!strcmp(argv[1], "dsakeygen")) {
458 do_corrupt_dsa_keygen = 1;
460 printf("DSA key generation and signature validation with corrupted keygen...\n");
461 } else if (!strcmp(argv[1], "sha1")) {
463 printf("SHA-1 hash with corrupted KAT...\n");
464 } else if (!strcmp(argv[1], "rng")) {
466 } else if (!strcmp(argv[1], "rngstick")) {
469 printf("RNG test with stuck continuous test...\n");
471 printf("Bad argument \"%s\"\n", argv[1]);
475 if (!FIPS_mode_set(1)) {
477 printf("Power-up self test failed\n");
480 printf("Power-up self test successful\n");
485 /* Non-Approved cryptographic operation
487 printf("1. Non-Approved cryptographic operation test...\n");
488 printf("\ta. Included algorithm (D-H)...");
489 printf( dh_test() ? "successful\n" : Fail("FAILED!\n") );
491 /* Power-up self test
494 printf("2. Automatic power-up self test...");
495 if (!FIPS_mode_set(1))
498 printf(Fail("FAILED!\n"));
501 printf("successful\n");
502 if (do_corrupt_dsa_keygen)
503 FIPS_corrupt_dsa_keygen();
504 if (do_corrupt_rsa_keygen)
505 FIPS_corrupt_rsa_keygen();
509 /* AES encryption/decryption
511 printf("3. AES encryption/decryption...");
512 printf( FIPS_aes_test() ? "successful\n" : Fail("FAILED!\n") );
514 /* RSA key generation and encryption/decryption
516 printf("4. RSA key generation and encryption/decryption...");
517 printf( FIPS_rsa_test(bad_rsa) ? "successful\n" : Fail("FAILED!\n") );
519 /* DES-CBC encryption/decryption
521 printf("5. DES-ECB encryption/decryption...");
522 printf( FIPS_des3_test() ? "successful\n" : Fail("FAILED!\n") );
524 /* DSA key generation and signature validation
526 printf("6. DSA key generation and signature validation...");
527 printf( FIPS_dsa_test(bad_dsa) ? "successful\n" : Fail("FAILED!\n") );
531 printf("7a. SHA-1 hash...");
532 printf( FIPS_sha1_test() ? "successful\n" : Fail("FAILED!\n") );
536 printf("7b. SHA-256 hash...");
537 printf( FIPS_sha256_test() ? "successful\n" : Fail("FAILED!\n") );
541 printf("7c. SHA-512 hash...");
542 printf( FIPS_sha512_test() ? "successful\n" : Fail("FAILED!\n") );
546 printf("7d. HMAC-SHA-1 hash...");
547 printf( FIPS_hmac_sha1_test() ? "successful\n" : Fail("FAILED!\n") );
551 printf("7e. HMAC-SHA-224 hash...");
552 printf( FIPS_hmac_sha224_test() ? "successful\n" : Fail("FAILED!\n") );
556 printf("7f. HMAC-SHA-256 hash...");
557 printf( FIPS_hmac_sha256_test() ? "successful\n" : Fail("FAILED!\n") );
561 printf("7g. HMAC-SHA-384 hash...");
562 printf( FIPS_hmac_sha384_test() ? "successful\n" : Fail("FAILED!\n") );
566 printf("7h. HMAC-SHA-512 hash...");
567 printf( FIPS_hmac_sha512_test() ? "successful\n" : Fail("FAILED!\n") );
569 /* Non-Approved cryptographic operation
571 printf("8. Non-Approved cryptographic operation test...\n");
572 printf("\ta. Included algorithm (D-H)...");
573 printf( dh_test() ? "successful as expected\n"
574 : Fail("failed INCORRECTLY!\n") );
578 printf("9. Zero-ization...\n");
579 printf( Zeroize() ? "\tsuccessful as expected\n"
580 : Fail("\tfailed INCORRECTLY!\n") );
582 printf("\nAll tests completed with %d errors\n", Error);
583 return Error ? 1 : 0;