1 /* ====================================================================
2 * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
5 * This command is intended as a test driver for the FIPS-140 testing
6 * lab performing FIPS-140 validation. It demonstrates the use of the
7 * OpenSSL library ito perform a variety of common cryptographic
8 * functions. A power-up self test is demonstrated by deliberately
9 * pointing to an invalid executable hash
11 * Contributed by Steve Marquess.
19 #include <openssl/aes.h>
20 #include <openssl/des.h>
21 #include <openssl/rsa.h>
22 #include <openssl/dsa.h>
23 #include <openssl/hmac.h>
24 #include <openssl/err.h>
26 #include <openssl/bn.h>
27 #include <openssl/rand.h>
28 #include <openssl/sha.h>
32 int main(int argc, char *argv[])
34 printf("No FIPS support\n");
39 #include <openssl/fips.h>
42 /* AES: encrypt and decrypt known plaintext, verify result matches original plaintext
44 static int FIPS_aes_test(void)
47 unsigned char pltmp[16];
48 unsigned char citmp[16];
49 unsigned char key[16] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
50 unsigned char plaintext[16] = "etaonrishdlcu";
52 EVP_CIPHER_CTX_init(&ctx);
53 if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(),NULL, key, NULL, 1) <= 0)
55 EVP_Cipher(&ctx, citmp, plaintext, 16);
56 if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(),NULL, key, NULL, 0) <= 0)
58 EVP_Cipher(&ctx, pltmp, citmp, 16);
59 if (memcmp(pltmp, plaintext, 16))
63 EVP_CIPHER_CTX_cleanup(&ctx);
67 static int FIPS_des3_test(void)
70 unsigned char pltmp[8];
71 unsigned char citmp[8];
72 unsigned char key[] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,
74 unsigned char plaintext[] = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' };
76 EVP_CIPHER_CTX_init(&ctx);
77 if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(),NULL, key, NULL, 1) <= 0)
79 EVP_Cipher(&ctx, citmp, plaintext, 8);
80 if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(),NULL, key, NULL, 0) <= 0)
82 EVP_Cipher(&ctx, pltmp, citmp, 8);
83 if (memcmp(pltmp, plaintext, 8))
87 EVP_CIPHER_CTX_cleanup(&ctx);
92 * DSA: generate keys and sign, verify input plaintext.
94 static int FIPS_dsa_test(int bad)
98 unsigned char dgst[] = "etaonrishdlc";
99 unsigned char buf[60];
105 EVP_MD_CTX_init(&mctx);
106 dsa = FIPS_dsa_new();
109 if (!DSA_generate_parameters_ex(dsa, 1024,NULL,0,NULL,NULL,NULL))
111 if (!DSA_generate_key(dsa))
114 BN_add_word(dsa->pub_key, 1);
116 pk.type = EVP_PKEY_DSA;
119 if (!EVP_SignInit_ex(&mctx, EVP_dss1(), NULL))
121 if (!EVP_SignUpdate(&mctx, dgst, sizeof(dgst) - 1))
123 if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
126 if (!EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL))
128 if (!EVP_VerifyUpdate(&mctx, dgst, sizeof(dgst) - 1))
130 r = EVP_VerifyFinal(&mctx, buf, slen, &pk);
132 EVP_MD_CTX_cleanup(&mctx);
141 * RSA: generate keys and sign, verify input plaintext.
143 static int FIPS_rsa_test(int bad)
146 unsigned char input_ptext[] = "etaonrishdlc";
147 unsigned char buf[256];
155 EVP_MD_CTX_init(&mctx);
156 key = FIPS_rsa_new();
160 BN_set_word(bn, 65537);
161 if (!RSA_generate_key_ex(key, 1024,bn,NULL))
165 BN_add_word(key->n, 1);
167 pk.type = EVP_PKEY_RSA;
170 if (!EVP_SignInit_ex(&mctx, EVP_sha1(), NULL))
172 if (!EVP_SignUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
174 if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
177 if (!EVP_VerifyInit_ex(&mctx, EVP_sha1(), NULL))
179 if (!EVP_VerifyUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
181 r = EVP_VerifyFinal(&mctx, buf, slen, &pk);
183 EVP_MD_CTX_cleanup(&mctx);
191 /* SHA1: generate hash of known digest value and compare to known
192 precomputed correct hash
194 static int FIPS_sha1_test()
196 unsigned char digest[SHA_DIGEST_LENGTH] =
197 { 0x11, 0xf1, 0x9a, 0x3a, 0xec, 0x1a, 0x1e, 0x8e, 0x65, 0xd4, 0x9a, 0x38, 0x0c, 0x8b, 0x1e, 0x2c, 0xe8, 0xb3, 0xc5, 0x18 };
198 unsigned char str[] = "etaonrishd";
200 unsigned char md[SHA_DIGEST_LENGTH];
203 if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha1(), NULL)) return 0;
204 if (memcmp(md,digest,sizeof(md)))
209 /* SHA256: generate hash of known digest value and compare to known
210 precomputed correct hash
212 static int FIPS_sha256_test()
214 unsigned char digest[SHA256_DIGEST_LENGTH] =
215 {0xf5, 0x53, 0xcd, 0xb8, 0xcf, 0x1, 0xee, 0x17, 0x9b, 0x93, 0xc9, 0x68, 0xc0, 0xea, 0x40, 0x91,
216 0x6, 0xec, 0x8e, 0x11, 0x96, 0xc8, 0x5d, 0x1c, 0xaf, 0x64, 0x22, 0xe6, 0x50, 0x4f, 0x47, 0x57};
217 unsigned char str[] = "etaonrishd";
219 unsigned char md[SHA256_DIGEST_LENGTH];
222 if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha256(), NULL)) return 0;
223 if (memcmp(md,digest,sizeof(md)))
228 /* SHA512: generate hash of known digest value and compare to known
229 precomputed correct hash
231 static int FIPS_sha512_test()
233 unsigned char digest[SHA512_DIGEST_LENGTH] =
234 {0x99, 0xc9, 0xe9, 0x5b, 0x88, 0xd4, 0x78, 0x88, 0xdf, 0x88, 0x5f, 0x94, 0x71, 0x64, 0x28, 0xca,
235 0x16, 0x1f, 0x3d, 0xf4, 0x1f, 0xf3, 0x0f, 0xc5, 0x03, 0x99, 0xb2, 0xd0, 0xe7, 0x0b, 0x94, 0x4a,
236 0x45, 0xd2, 0x6c, 0x4f, 0x20, 0x06, 0xef, 0x71, 0xa9, 0x25, 0x7f, 0x24, 0xb1, 0xd9, 0x40, 0x22,
237 0x49, 0x54, 0x10, 0xc2, 0x22, 0x9d, 0x27, 0xfe, 0xbd, 0xd6, 0xd6, 0xeb, 0x2d, 0x42, 0x1d, 0xa3};
238 unsigned char str[] = "etaonrishd";
240 unsigned char md[SHA512_DIGEST_LENGTH];
243 if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha512(), NULL)) return 0;
244 if (memcmp(md,digest,sizeof(md)))
249 /* HMAC-SHA1: generate hash of known digest value and compare to known
250 precomputed correct hash
252 static int FIPS_hmac_sha1_test()
254 unsigned char key[] = "etaonrishd";
255 unsigned char iv[] = "Sample text";
256 unsigned char kaval[EVP_MAX_MD_SIZE] =
257 {0x73, 0xf7, 0xa0, 0x48, 0xf8, 0x94, 0xed, 0xdd, 0x0a, 0xea, 0xea, 0x56, 0x1b, 0x61, 0x2e, 0x70,
258 0xb2, 0xfb, 0xec, 0xc6};
260 unsigned char out[EVP_MAX_MD_SIZE];
264 if (!HMAC(EVP_sha1(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
265 if (memcmp(out,kaval,outlen))
270 /* HMAC-SHA224: generate hash of known digest value and compare to known
271 precomputed correct hash
273 static int FIPS_hmac_sha224_test()
275 unsigned char key[] = "etaonrishd";
276 unsigned char iv[] = "Sample text";
277 unsigned char kaval[EVP_MAX_MD_SIZE] =
278 {0x75, 0x58, 0xd5, 0xbd, 0x55, 0x6d, 0x87, 0x0f, 0x75, 0xff, 0xbe, 0x1c, 0xb2, 0xf0, 0x20, 0x35,
279 0xe5, 0x62, 0x49, 0xb6, 0x94, 0xb9, 0xfc, 0x65, 0x34, 0x33, 0x3a, 0x19};
281 unsigned char out[EVP_MAX_MD_SIZE];
285 if (!HMAC(EVP_sha224(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
286 if (memcmp(out,kaval,outlen))
291 /* HMAC-SHA256: generate hash of known digest value and compare to known
292 precomputed correct hash
294 static int FIPS_hmac_sha256_test()
296 unsigned char key[] = "etaonrishd";
297 unsigned char iv[] = "Sample text";
298 unsigned char kaval[EVP_MAX_MD_SIZE] =
299 {0xe9, 0x17, 0xc1, 0x7b, 0x4c, 0x6b, 0x77, 0xda, 0xd2, 0x30, 0x36, 0x02, 0xf5, 0x72, 0x33, 0x87,
300 0x9f, 0xc6, 0x6e, 0x7b, 0x7e, 0xa8, 0xea, 0xaa, 0x9f, 0xba, 0xee, 0x51, 0xff, 0xda, 0x24, 0xf4};
302 unsigned char out[EVP_MAX_MD_SIZE];
306 if (!HMAC(EVP_sha256(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
307 if (memcmp(out,kaval,outlen))
312 /* HMAC-SHA384: generate hash of known digest value and compare to known
313 precomputed correct hash
315 static int FIPS_hmac_sha384_test()
317 unsigned char key[] = "etaonrishd";
318 unsigned char iv[] = "Sample text";
319 unsigned char kaval[EVP_MAX_MD_SIZE] =
320 {0xb2, 0x9d, 0x40, 0x58, 0x32, 0xc4, 0xe3, 0x31, 0xb6, 0x63, 0x08, 0x26, 0x99, 0xef, 0x3b, 0x10,
321 0xe2, 0xdf, 0xf8, 0xff, 0xc6, 0xe1, 0x03, 0x29, 0x81, 0x2a, 0x1b, 0xac, 0xb0, 0x07, 0x39, 0x08,
322 0xf3, 0x91, 0x35, 0x11, 0x76, 0xd6, 0x4c, 0x20, 0xfb, 0x4d, 0xc3, 0xf3, 0xb8, 0x9b, 0x88, 0x1c};
324 unsigned char out[EVP_MAX_MD_SIZE];
328 if (!HMAC(EVP_sha384(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
329 if (memcmp(out,kaval,outlen))
334 /* HMAC-SHA512: generate hash of known digest value and compare to known
335 precomputed correct hash
337 static int FIPS_hmac_sha512_test()
339 unsigned char key[] = "etaonrishd";
340 unsigned char iv[] = "Sample text";
341 unsigned char kaval[EVP_MAX_MD_SIZE] =
342 {0xcd, 0x3e, 0xb9, 0x51, 0xb8, 0xbc, 0x7f, 0x9a, 0x23, 0xaf, 0xf3, 0x77, 0x59, 0x85, 0xa9, 0xe6,
343 0xf7, 0xd1, 0x51, 0x96, 0x17, 0xe0, 0x92, 0xd8, 0xa6, 0x3b, 0xc1, 0xad, 0x7e, 0x24, 0xca, 0xb1,
344 0xd7, 0x79, 0x0a, 0xa5, 0xea, 0x2c, 0x02, 0x58, 0x0b, 0xa6, 0x52, 0x6b, 0x61, 0x7f, 0xeb, 0x9c,
345 0x47, 0x86, 0x5d, 0x74, 0x2b, 0x88, 0xdf, 0xee, 0x46, 0x69, 0x96, 0x3d, 0xa6, 0xd9, 0x2a, 0x53};
347 unsigned char out[EVP_MAX_MD_SIZE];
351 if (!HMAC(EVP_sha512(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
352 if (memcmp(out,kaval,outlen))
358 /* DH: generate shared parameters
367 if (!DH_generate_parameters_ex(dh, 1024, 2, NULL))
379 unsigned char userkey[16] =
380 { 0x48, 0x50, 0xf0, 0xa3, 0x3a, 0xed, 0xd3, 0xaf, 0x6e, 0x47, 0x7f, 0x83, 0x02, 0xb1, 0x09, 0x68 };
383 key = FIPS_rsa_new();
387 BN_set_word(bn, 65537);
388 if (!RSA_generate_key_ex(key, 1024,bn,NULL))
392 n = BN_num_bytes(key->d);
393 printf(" Generated %d byte RSA private key\n", n);
394 printf("\tBN key before overwriting:\n");
395 do_bn_print(stdout, key->d);
396 BN_rand(key->d,n*8,-1,0);
397 printf("\tBN key after overwriting:\n");
398 do_bn_print(stdout, key->d);
400 printf("\tchar buffer key before overwriting: \n\t\t");
401 for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
403 RAND_bytes(userkey, sizeof userkey);
404 printf("\tchar buffer key after overwriting: \n\t\t");
405 for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
412 const char * Fail(const char *msg)
419 int main(int argc,char **argv)
422 int do_corrupt_rsa_keygen = 0, do_corrupt_dsa_keygen = 0;
423 int bad_rsa = 0, bad_dsa = 0;
424 int do_rng_stick = 0;
427 printf("\tFIPS-mode test application\n\n");
429 /* Load entropy from external file, if any */
430 RAND_load_file(".rnd", 1024);
433 /* Corrupted KAT tests */
434 if (!strcmp(argv[1], "aes")) {
436 printf("AES encryption/decryption with corrupted KAT...\n");
437 } else if (!strcmp(argv[1], "des")) {
439 printf("DES3-ECB encryption/decryption with corrupted KAT...\n");
440 } else if (!strcmp(argv[1], "dsa")) {
442 printf("DSA key generation and signature validation with corrupted KAT...\n");
443 } else if (!strcmp(argv[1], "rsa")) {
445 printf("RSA key generation and signature validation with corrupted KAT...\n");
446 } else if (!strcmp(argv[1], "rsakey")) {
447 printf("RSA key generation and signature validation with corrupted key...\n");
450 } else if (!strcmp(argv[1], "rsakeygen")) {
451 do_corrupt_rsa_keygen = 1;
453 printf("RSA key generation and signature validation with corrupted keygen...\n");
454 } else if (!strcmp(argv[1], "dsakey")) {
455 printf("DSA key generation and signature validation with corrupted key...\n");
458 } else if (!strcmp(argv[1], "dsakeygen")) {
459 do_corrupt_dsa_keygen = 1;
461 printf("DSA key generation and signature validation with corrupted keygen...\n");
462 } else if (!strcmp(argv[1], "sha1")) {
464 printf("SHA-1 hash with corrupted KAT...\n");
465 } else if (!strcmp(argv[1], "rng")) {
467 } else if (!strcmp(argv[1], "rngstick")) {
470 printf("RNG test with stuck continuous test...\n");
472 printf("Bad argument \"%s\"\n", argv[1]);
476 if (!FIPS_mode_set(1)) {
478 printf("Power-up self test failed\n");
481 printf("Power-up self test successful\n");
486 /* Non-Approved cryptographic operation
488 printf("1. Non-Approved cryptographic operation test...\n");
489 printf("\ta. Included algorithm (D-H)...");
490 printf( dh_test() ? "successful\n" : Fail("FAILED!\n") );
492 /* Power-up self test
495 printf("2. Automatic power-up self test...");
496 if (!FIPS_mode_set(1))
499 printf(Fail("FAILED!\n"));
502 printf("successful\n");
503 if (do_corrupt_dsa_keygen)
504 FIPS_corrupt_dsa_keygen();
505 if (do_corrupt_rsa_keygen)
506 FIPS_corrupt_rsa_keygen();
510 /* AES encryption/decryption
512 printf("3. AES encryption/decryption...");
513 printf( FIPS_aes_test() ? "successful\n" : Fail("FAILED!\n") );
515 /* RSA key generation and encryption/decryption
517 printf("4. RSA key generation and encryption/decryption...");
518 printf( FIPS_rsa_test(bad_rsa) ? "successful\n" : Fail("FAILED!\n") );
520 /* DES-CBC encryption/decryption
522 printf("5. DES-ECB encryption/decryption...");
523 printf( FIPS_des3_test() ? "successful\n" : Fail("FAILED!\n") );
525 /* DSA key generation and signature validation
527 printf("6. DSA key generation and signature validation...");
528 printf( FIPS_dsa_test(bad_dsa) ? "successful\n" : Fail("FAILED!\n") );
532 printf("7a. SHA-1 hash...");
533 printf( FIPS_sha1_test() ? "successful\n" : Fail("FAILED!\n") );
537 printf("7b. SHA-256 hash...");
538 printf( FIPS_sha256_test() ? "successful\n" : Fail("FAILED!\n") );
542 printf("7c. SHA-512 hash...");
543 printf( FIPS_sha512_test() ? "successful\n" : Fail("FAILED!\n") );
547 printf("7d. HMAC-SHA-1 hash...");
548 printf( FIPS_hmac_sha1_test() ? "successful\n" : Fail("FAILED!\n") );
552 printf("7e. HMAC-SHA-224 hash...");
553 printf( FIPS_hmac_sha224_test() ? "successful\n" : Fail("FAILED!\n") );
557 printf("7f. HMAC-SHA-256 hash...");
558 printf( FIPS_hmac_sha256_test() ? "successful\n" : Fail("FAILED!\n") );
562 printf("7g. HMAC-SHA-384 hash...");
563 printf( FIPS_hmac_sha384_test() ? "successful\n" : Fail("FAILED!\n") );
567 printf("7h. HMAC-SHA-512 hash...");
568 printf( FIPS_hmac_sha512_test() ? "successful\n" : Fail("FAILED!\n") );
570 /* Non-Approved cryptographic operation
572 printf("8. Non-Approved cryptographic operation test...\n");
573 printf("\ta. Included algorithm (D-H)...");
574 printf( dh_test() ? "successful as expected\n"
575 : Fail("failed INCORRECTLY!\n") );
579 printf("9. Zero-ization...\n");
580 printf( Zeroize() ? "\tsuccessful as expected\n"
581 : Fail("\tfailed INCORRECTLY!\n") );
583 printf("\nAll tests completed with %d errors\n", Error);
584 return Error ? 1 : 0;