1 /* ====================================================================
2 * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
5 * This command is intended as a test driver for the FIPS-140 testing
6 * lab performing FIPS-140 validation. It demonstrates the use of the
7 * OpenSSL library ito perform a variety of common cryptographic
8 * functions. A power-up self test is demonstrated by deliberately
9 * pointing to an invalid executable hash
11 * Contributed by Steve Marquess.
19 #include <openssl/aes.h>
20 #include <openssl/des.h>
21 #include <openssl/rsa.h>
22 #include <openssl/dsa.h>
23 #include <openssl/dh.h>
24 #include <openssl/hmac.h>
25 #include <openssl/err.h>
27 #include <openssl/bn.h>
28 #include <openssl/rand.h>
29 #include <openssl/sha.h>
33 int main(int argc, char *argv[])
35 printf("No FIPS support\n");
40 #include <openssl/fips.h>
43 /* AES: encrypt and decrypt known plaintext, verify result matches original plaintext
45 static int FIPS_aes_test(void)
48 unsigned char pltmp[16];
49 unsigned char citmp[16];
50 unsigned char key[16] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
51 unsigned char plaintext[16] = "etaonrishdlcu";
53 EVP_CIPHER_CTX_init(&ctx);
54 if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(),NULL, key, NULL, 1) <= 0)
56 EVP_Cipher(&ctx, citmp, plaintext, 16);
57 if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(),NULL, key, NULL, 0) <= 0)
59 EVP_Cipher(&ctx, pltmp, citmp, 16);
60 if (memcmp(pltmp, plaintext, 16))
64 EVP_CIPHER_CTX_cleanup(&ctx);
68 static int FIPS_des3_test(void)
71 unsigned char pltmp[8];
72 unsigned char citmp[8];
73 unsigned char key[] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,
75 unsigned char plaintext[] = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' };
77 EVP_CIPHER_CTX_init(&ctx);
78 if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(),NULL, key, NULL, 1) <= 0)
80 EVP_Cipher(&ctx, citmp, plaintext, 8);
81 if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(),NULL, key, NULL, 0) <= 0)
83 EVP_Cipher(&ctx, pltmp, citmp, 8);
84 if (memcmp(pltmp, plaintext, 8))
88 EVP_CIPHER_CTX_cleanup(&ctx);
93 * DSA: generate keys and sign, verify input plaintext.
95 static int FIPS_dsa_test(int bad)
99 unsigned char dgst[] = "etaonrishdlc";
100 unsigned char buf[60];
106 EVP_MD_CTX_init(&mctx);
107 dsa = FIPS_dsa_new();
110 if (!DSA_generate_parameters_ex(dsa, 1024,NULL,0,NULL,NULL,NULL))
112 if (!DSA_generate_key(dsa))
115 BN_add_word(dsa->pub_key, 1);
117 pk.type = EVP_PKEY_DSA;
120 if (!EVP_SignInit_ex(&mctx, EVP_dss1(), NULL))
122 if (!EVP_SignUpdate(&mctx, dgst, sizeof(dgst) - 1))
124 if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
127 if (!EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL))
129 if (!EVP_VerifyUpdate(&mctx, dgst, sizeof(dgst) - 1))
131 r = EVP_VerifyFinal(&mctx, buf, slen, &pk);
133 EVP_MD_CTX_cleanup(&mctx);
142 * RSA: generate keys and sign, verify input plaintext.
144 static int FIPS_rsa_test(int bad)
147 unsigned char input_ptext[] = "etaonrishdlc";
148 unsigned char buf[256];
156 EVP_MD_CTX_init(&mctx);
157 key = FIPS_rsa_new();
161 BN_set_word(bn, 65537);
162 if (!RSA_generate_key_ex(key, 1024,bn,NULL))
166 BN_add_word(key->n, 1);
168 pk.type = EVP_PKEY_RSA;
171 if (!EVP_SignInit_ex(&mctx, EVP_sha1(), NULL))
173 if (!EVP_SignUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
175 if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
178 if (!EVP_VerifyInit_ex(&mctx, EVP_sha1(), NULL))
180 if (!EVP_VerifyUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
182 r = EVP_VerifyFinal(&mctx, buf, slen, &pk);
184 EVP_MD_CTX_cleanup(&mctx);
192 /* SHA1: generate hash of known digest value and compare to known
193 precomputed correct hash
195 static int FIPS_sha1_test()
197 unsigned char digest[SHA_DIGEST_LENGTH] =
198 { 0x11, 0xf1, 0x9a, 0x3a, 0xec, 0x1a, 0x1e, 0x8e, 0x65, 0xd4, 0x9a, 0x38, 0x0c, 0x8b, 0x1e, 0x2c, 0xe8, 0xb3, 0xc5, 0x18 };
199 unsigned char str[] = "etaonrishd";
201 unsigned char md[SHA_DIGEST_LENGTH];
204 if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha1(), NULL)) return 0;
205 if (memcmp(md,digest,sizeof(md)))
210 /* SHA256: generate hash of known digest value and compare to known
211 precomputed correct hash
213 static int FIPS_sha256_test()
215 unsigned char digest[SHA256_DIGEST_LENGTH] =
216 {0xf5, 0x53, 0xcd, 0xb8, 0xcf, 0x1, 0xee, 0x17, 0x9b, 0x93, 0xc9, 0x68, 0xc0, 0xea, 0x40, 0x91,
217 0x6, 0xec, 0x8e, 0x11, 0x96, 0xc8, 0x5d, 0x1c, 0xaf, 0x64, 0x22, 0xe6, 0x50, 0x4f, 0x47, 0x57};
218 unsigned char str[] = "etaonrishd";
220 unsigned char md[SHA256_DIGEST_LENGTH];
223 if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha256(), NULL)) return 0;
224 if (memcmp(md,digest,sizeof(md)))
229 /* SHA512: generate hash of known digest value and compare to known
230 precomputed correct hash
232 static int FIPS_sha512_test()
234 unsigned char digest[SHA512_DIGEST_LENGTH] =
235 {0x99, 0xc9, 0xe9, 0x5b, 0x88, 0xd4, 0x78, 0x88, 0xdf, 0x88, 0x5f, 0x94, 0x71, 0x64, 0x28, 0xca,
236 0x16, 0x1f, 0x3d, 0xf4, 0x1f, 0xf3, 0x0f, 0xc5, 0x03, 0x99, 0xb2, 0xd0, 0xe7, 0x0b, 0x94, 0x4a,
237 0x45, 0xd2, 0x6c, 0x4f, 0x20, 0x06, 0xef, 0x71, 0xa9, 0x25, 0x7f, 0x24, 0xb1, 0xd9, 0x40, 0x22,
238 0x49, 0x54, 0x10, 0xc2, 0x22, 0x9d, 0x27, 0xfe, 0xbd, 0xd6, 0xd6, 0xeb, 0x2d, 0x42, 0x1d, 0xa3};
239 unsigned char str[] = "etaonrishd";
241 unsigned char md[SHA512_DIGEST_LENGTH];
244 if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha512(), NULL)) return 0;
245 if (memcmp(md,digest,sizeof(md)))
250 /* HMAC-SHA1: generate hash of known digest value and compare to known
251 precomputed correct hash
253 static int FIPS_hmac_sha1_test()
255 unsigned char key[] = "etaonrishd";
256 unsigned char iv[] = "Sample text";
257 unsigned char kaval[EVP_MAX_MD_SIZE] =
258 {0x73, 0xf7, 0xa0, 0x48, 0xf8, 0x94, 0xed, 0xdd, 0x0a, 0xea, 0xea, 0x56, 0x1b, 0x61, 0x2e, 0x70,
259 0xb2, 0xfb, 0xec, 0xc6};
261 unsigned char out[EVP_MAX_MD_SIZE];
265 if (!HMAC(EVP_sha1(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
266 if (memcmp(out,kaval,outlen))
271 /* HMAC-SHA224: generate hash of known digest value and compare to known
272 precomputed correct hash
274 static int FIPS_hmac_sha224_test()
276 unsigned char key[] = "etaonrishd";
277 unsigned char iv[] = "Sample text";
278 unsigned char kaval[EVP_MAX_MD_SIZE] =
279 {0x75, 0x58, 0xd5, 0xbd, 0x55, 0x6d, 0x87, 0x0f, 0x75, 0xff, 0xbe, 0x1c, 0xb2, 0xf0, 0x20, 0x35,
280 0xe5, 0x62, 0x49, 0xb6, 0x94, 0xb9, 0xfc, 0x65, 0x34, 0x33, 0x3a, 0x19};
282 unsigned char out[EVP_MAX_MD_SIZE];
286 if (!HMAC(EVP_sha224(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
287 if (memcmp(out,kaval,outlen))
292 /* HMAC-SHA256: generate hash of known digest value and compare to known
293 precomputed correct hash
295 static int FIPS_hmac_sha256_test()
297 unsigned char key[] = "etaonrishd";
298 unsigned char iv[] = "Sample text";
299 unsigned char kaval[EVP_MAX_MD_SIZE] =
300 {0xe9, 0x17, 0xc1, 0x7b, 0x4c, 0x6b, 0x77, 0xda, 0xd2, 0x30, 0x36, 0x02, 0xf5, 0x72, 0x33, 0x87,
301 0x9f, 0xc6, 0x6e, 0x7b, 0x7e, 0xa8, 0xea, 0xaa, 0x9f, 0xba, 0xee, 0x51, 0xff, 0xda, 0x24, 0xf4};
303 unsigned char out[EVP_MAX_MD_SIZE];
307 if (!HMAC(EVP_sha256(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
308 if (memcmp(out,kaval,outlen))
313 /* HMAC-SHA384: generate hash of known digest value and compare to known
314 precomputed correct hash
316 static int FIPS_hmac_sha384_test()
318 unsigned char key[] = "etaonrishd";
319 unsigned char iv[] = "Sample text";
320 unsigned char kaval[EVP_MAX_MD_SIZE] =
321 {0xb2, 0x9d, 0x40, 0x58, 0x32, 0xc4, 0xe3, 0x31, 0xb6, 0x63, 0x08, 0x26, 0x99, 0xef, 0x3b, 0x10,
322 0xe2, 0xdf, 0xf8, 0xff, 0xc6, 0xe1, 0x03, 0x29, 0x81, 0x2a, 0x1b, 0xac, 0xb0, 0x07, 0x39, 0x08,
323 0xf3, 0x91, 0x35, 0x11, 0x76, 0xd6, 0x4c, 0x20, 0xfb, 0x4d, 0xc3, 0xf3, 0xb8, 0x9b, 0x88, 0x1c};
325 unsigned char out[EVP_MAX_MD_SIZE];
329 if (!HMAC(EVP_sha384(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
330 if (memcmp(out,kaval,outlen))
335 /* HMAC-SHA512: generate hash of known digest value and compare to known
336 precomputed correct hash
338 static int FIPS_hmac_sha512_test()
340 unsigned char key[] = "etaonrishd";
341 unsigned char iv[] = "Sample text";
342 unsigned char kaval[EVP_MAX_MD_SIZE] =
343 {0xcd, 0x3e, 0xb9, 0x51, 0xb8, 0xbc, 0x7f, 0x9a, 0x23, 0xaf, 0xf3, 0x77, 0x59, 0x85, 0xa9, 0xe6,
344 0xf7, 0xd1, 0x51, 0x96, 0x17, 0xe0, 0x92, 0xd8, 0xa6, 0x3b, 0xc1, 0xad, 0x7e, 0x24, 0xca, 0xb1,
345 0xd7, 0x79, 0x0a, 0xa5, 0xea, 0x2c, 0x02, 0x58, 0x0b, 0xa6, 0x52, 0x6b, 0x61, 0x7f, 0xeb, 0x9c,
346 0x47, 0x86, 0x5d, 0x74, 0x2b, 0x88, 0xdf, 0xee, 0x46, 0x69, 0x96, 0x3d, 0xa6, 0xd9, 0x2a, 0x53};
348 unsigned char out[EVP_MAX_MD_SIZE];
352 if (!HMAC(EVP_sha512(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
353 if (memcmp(out,kaval,outlen))
359 /* DH: generate shared parameters
368 if (!DH_generate_parameters_ex(dh, 1024, 2, NULL))
380 unsigned char userkey[16] =
381 { 0x48, 0x50, 0xf0, 0xa3, 0x3a, 0xed, 0xd3, 0xaf, 0x6e, 0x47, 0x7f, 0x83, 0x02, 0xb1, 0x09, 0x68 };
384 key = FIPS_rsa_new();
388 BN_set_word(bn, 65537);
389 if (!RSA_generate_key_ex(key, 1024,bn,NULL))
393 n = BN_num_bytes(key->d);
394 printf(" Generated %d byte RSA private key\n", n);
395 printf("\tBN key before overwriting:\n");
396 do_bn_print(stdout, key->d);
397 BN_rand(key->d,n*8,-1,0);
398 printf("\tBN key after overwriting:\n");
399 do_bn_print(stdout, key->d);
401 printf("\tchar buffer key before overwriting: \n\t\t");
402 for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
404 RAND_bytes(userkey, sizeof userkey);
405 printf("\tchar buffer key after overwriting: \n\t\t");
406 for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
413 const char * Fail(const char *msg)
420 int main(int argc,char **argv)
423 int do_corrupt_rsa_keygen = 0, do_corrupt_dsa_keygen = 0;
424 int bad_rsa = 0, bad_dsa = 0;
425 int do_rng_stick = 0;
428 printf("\tFIPS-mode test application\n\n");
430 /* Load entropy from external file, if any */
431 RAND_load_file(".rnd", 1024);
434 /* Corrupted KAT tests */
435 if (!strcmp(argv[1], "aes")) {
437 printf("AES encryption/decryption with corrupted KAT...\n");
438 } else if (!strcmp(argv[1], "des")) {
440 printf("DES3-ECB encryption/decryption with corrupted KAT...\n");
441 } else if (!strcmp(argv[1], "dsa")) {
443 printf("DSA key generation and signature validation with corrupted KAT...\n");
444 } else if (!strcmp(argv[1], "rsa")) {
446 printf("RSA key generation and signature validation with corrupted KAT...\n");
447 } else if (!strcmp(argv[1], "rsakey")) {
448 printf("RSA key generation and signature validation with corrupted key...\n");
451 } else if (!strcmp(argv[1], "rsakeygen")) {
452 do_corrupt_rsa_keygen = 1;
454 printf("RSA key generation and signature validation with corrupted keygen...\n");
455 } else if (!strcmp(argv[1], "dsakey")) {
456 printf("DSA key generation and signature validation with corrupted key...\n");
459 } else if (!strcmp(argv[1], "dsakeygen")) {
460 do_corrupt_dsa_keygen = 1;
462 printf("DSA key generation and signature validation with corrupted keygen...\n");
463 } else if (!strcmp(argv[1], "sha1")) {
465 printf("SHA-1 hash with corrupted KAT...\n");
466 } else if (!strcmp(argv[1], "rng")) {
468 } else if (!strcmp(argv[1], "rngstick")) {
471 printf("RNG test with stuck continuous test...\n");
473 printf("Bad argument \"%s\"\n", argv[1]);
477 if (!FIPS_mode_set(1)) {
479 printf("Power-up self test failed\n");
482 printf("Power-up self test successful\n");
487 /* Non-Approved cryptographic operation
489 printf("1. Non-Approved cryptographic operation test...\n");
490 printf("\ta. Included algorithm (D-H)...");
491 printf( dh_test() ? "successful\n" : Fail("FAILED!\n") );
493 /* Power-up self test
496 printf("2. Automatic power-up self test...");
497 if (!FIPS_mode_set(1))
500 printf(Fail("FAILED!\n"));
503 printf("successful\n");
504 if (do_corrupt_dsa_keygen)
505 FIPS_corrupt_dsa_keygen();
506 if (do_corrupt_rsa_keygen)
507 FIPS_corrupt_rsa_keygen();
511 /* AES encryption/decryption
513 printf("3. AES encryption/decryption...");
514 printf( FIPS_aes_test() ? "successful\n" : Fail("FAILED!\n") );
516 /* RSA key generation and encryption/decryption
518 printf("4. RSA key generation and encryption/decryption...");
519 printf( FIPS_rsa_test(bad_rsa) ? "successful\n" : Fail("FAILED!\n") );
521 /* DES-CBC encryption/decryption
523 printf("5. DES-ECB encryption/decryption...");
524 printf( FIPS_des3_test() ? "successful\n" : Fail("FAILED!\n") );
526 /* DSA key generation and signature validation
528 printf("6. DSA key generation and signature validation...");
529 printf( FIPS_dsa_test(bad_dsa) ? "successful\n" : Fail("FAILED!\n") );
533 printf("7a. SHA-1 hash...");
534 printf( FIPS_sha1_test() ? "successful\n" : Fail("FAILED!\n") );
538 printf("7b. SHA-256 hash...");
539 printf( FIPS_sha256_test() ? "successful\n" : Fail("FAILED!\n") );
543 printf("7c. SHA-512 hash...");
544 printf( FIPS_sha512_test() ? "successful\n" : Fail("FAILED!\n") );
548 printf("7d. HMAC-SHA-1 hash...");
549 printf( FIPS_hmac_sha1_test() ? "successful\n" : Fail("FAILED!\n") );
553 printf("7e. HMAC-SHA-224 hash...");
554 printf( FIPS_hmac_sha224_test() ? "successful\n" : Fail("FAILED!\n") );
558 printf("7f. HMAC-SHA-256 hash...");
559 printf( FIPS_hmac_sha256_test() ? "successful\n" : Fail("FAILED!\n") );
563 printf("7g. HMAC-SHA-384 hash...");
564 printf( FIPS_hmac_sha384_test() ? "successful\n" : Fail("FAILED!\n") );
568 printf("7h. HMAC-SHA-512 hash...");
569 printf( FIPS_hmac_sha512_test() ? "successful\n" : Fail("FAILED!\n") );
571 /* Non-Approved cryptographic operation
573 printf("8. Non-Approved cryptographic operation test...\n");
574 printf("\ta. Included algorithm (D-H)...");
575 printf( dh_test() ? "successful as expected\n"
576 : Fail("failed INCORRECTLY!\n") );
580 printf("9. Zero-ization...\n");
581 printf( Zeroize() ? "\tsuccessful as expected\n"
582 : Fail("\tfailed INCORRECTLY!\n") );
584 printf("\nAll tests completed with %d errors\n", Error);
585 return Error ? 1 : 0;