1 /* ====================================================================
2 * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
5 * This command is intended as a test driver for the FIPS-140 testing
6 * lab performing FIPS-140 validation. It demonstrates the use of the
7 * OpenSSL library ito perform a variety of common cryptographic
8 * functions. A power-up self test is demonstrated by deliberately
9 * pointing to an invalid executable hash
11 * Contributed by Steve Marquess.
19 #include <openssl/aes.h>
20 #include <openssl/des.h>
21 #include <openssl/rsa.h>
22 #include <openssl/dsa.h>
23 #include <openssl/hmac.h>
24 #include <openssl/fips_sha.h>
25 #include <openssl/err.h>
26 #include <openssl/fips.h>
27 #include <openssl/bn.h>
28 #include <openssl/rand.h>
32 int main(int argc, char *argv[])
34 printf("No FIPS support\n");
41 /* AES: encrypt and decrypt known plaintext, verify result matches original plaintext
43 static int FIPS_aes_test()
45 unsigned char userkey[16] = { 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xf0, 0x0d };
46 unsigned char plaintext[16] = "etaonrishdlcu";
47 unsigned char ciphertext[16];
48 unsigned char buf[16];
53 if (AES_set_encrypt_key( userkey, 128, &key ))
55 AES_encrypt( plaintext, ciphertext, &key);
56 if (AES_set_decrypt_key( userkey, 128, &dkey ))
58 AES_decrypt( ciphertext, buf, &dkey);
59 if (memcmp(buf, plaintext, sizeof(buf)))
64 /* DES: encrypt and decrypt known plaintext, verify result matches original plaintext
66 static int FIPS_des_test()
68 DES_cblock userkey = { 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xf0, 0x0d };
69 DES_cblock plaintext = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' };
72 DES_cblock ciphertext;
76 if (DES_set_key(&userkey, &key) < 0)
78 DES_ecb_encrypt( &plaintext, &ciphertext, &key, 1);
79 DES_ecb_encrypt( &ciphertext, &buf, &key, 0);
80 if (memcmp(buf, plaintext, sizeof(buf)))
85 /* DSA: generate key and sign a known digest, then verify the signature
88 static int FIPS_dsa_test()
91 unsigned char dgst[] = "etaonrishdlc";
99 if (!DSA_generate_parameters_ex(dsa, 512,NULL,0,NULL,NULL,NULL))
101 if (!DSA_generate_key(dsa))
103 sig = DSA_do_sign(dgst,sizeof(dgst) - 1,dsa);
106 r = DSA_do_verify(dgst,sizeof(dgst) - 1,sig,dsa);
115 /* RSA: generate keys and encrypt and decrypt known plaintext, verify result
116 * matches the original plaintext
118 static int FIPS_rsa_test()
121 unsigned char input_ptext[] = "etaonrishdlc";
122 unsigned char ctext[256];
123 unsigned char ptext[256];
128 key = FIPS_rsa_new();
132 BN_set_word(bn, 65537);
133 if (!RSA_generate_key_ex(key, 1024,bn,NULL))
137 n = RSA_public_encrypt(sizeof(input_ptext) - 1,input_ptext,ctext,key,RSA_PKCS1_PADDING);
140 n = RSA_private_decrypt(n,ctext,ptext,key,RSA_PKCS1_PADDING);
144 if (memcmp(input_ptext,ptext,sizeof(input_ptext) - 1))
149 /* SHA1: generate hash of known digest value and compare to known
150 precomputed correct hash
152 static int FIPS_sha1_test()
154 unsigned char digest[SHA_DIGEST_LENGTH] =
155 { 0x11, 0xf1, 0x9a, 0x3a, 0xec, 0x1a, 0x1e, 0x8e, 0x65, 0xd4, 0x9a, 0x38, 0x0c, 0x8b, 0x1e, 0x2c, 0xe8, 0xb3, 0xc5, 0x18 };
156 unsigned char str[] = "etaonrishd";
158 unsigned char md[SHA_DIGEST_LENGTH];
161 if (!SHA1(str,sizeof(str) - 1,md)) return 0;
162 if (memcmp(md,digest,sizeof(md)))
167 /* SHA256: generate hash of known digest value and compare to known
168 precomputed correct hash
170 static int FIPS_sha256_test()
172 unsigned char digest[SHA256_DIGEST_LENGTH] =
173 {0xf5, 0x53, 0xcd, 0xb8, 0xcf, 0x1, 0xee, 0x17, 0x9b, 0x93, 0xc9, 0x68, 0xc0, 0xea, 0x40, 0x91,
174 0x6, 0xec, 0x8e, 0x11, 0x96, 0xc8, 0x5d, 0x1c, 0xaf, 0x64, 0x22, 0xe6, 0x50, 0x4f, 0x47, 0x57};
175 unsigned char str[] = "etaonrishd";
177 unsigned char md[SHA256_DIGEST_LENGTH];
180 if (!SHA256(str,sizeof(str) - 1,md)) return 0;
181 if (memcmp(md,digest,sizeof(md)))
186 /* SHA512: generate hash of known digest value and compare to known
187 precomputed correct hash
189 static int FIPS_sha512_test()
191 unsigned char digest[SHA512_DIGEST_LENGTH] =
192 {0x99, 0xc9, 0xe9, 0x5b, 0x88, 0xd4, 0x78, 0x88, 0xdf, 0x88, 0x5f, 0x94, 0x71, 0x64, 0x28, 0xca,
193 0x16, 0x1f, 0x3d, 0xf4, 0x1f, 0xf3, 0x0f, 0xc5, 0x03, 0x99, 0xb2, 0xd0, 0xe7, 0x0b, 0x94, 0x4a,
194 0x45, 0xd2, 0x6c, 0x4f, 0x20, 0x06, 0xef, 0x71, 0xa9, 0x25, 0x7f, 0x24, 0xb1, 0xd9, 0x40, 0x22,
195 0x49, 0x54, 0x10, 0xc2, 0x22, 0x9d, 0x27, 0xfe, 0xbd, 0xd6, 0xd6, 0xeb, 0x2d, 0x42, 0x1d, 0xa3};
196 unsigned char str[] = "etaonrishd";
198 unsigned char md[SHA512_DIGEST_LENGTH];
201 if (!SHA512(str,sizeof(str) - 1,md)) return 0;
202 if (memcmp(md,digest,sizeof(md)))
207 /* HMAC-SHA1: generate hash of known digest value and compare to known
208 precomputed correct hash
210 static int FIPS_hmac_sha1_test()
212 unsigned char key[] = "etaonrishd";
213 unsigned char iv[] = "Sample text";
214 unsigned char kaval[EVP_MAX_MD_SIZE] =
215 {0x73, 0xf7, 0xa0, 0x48, 0xf8, 0x94, 0xed, 0xdd, 0x0a, 0xea, 0xea, 0x56, 0x1b, 0x61, 0x2e, 0x70,
216 0xb2, 0xfb, 0xec, 0xc6};
218 unsigned char out[EVP_MAX_MD_SIZE];
222 if (!HMAC(EVP_sha1(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
223 if (memcmp(out,kaval,outlen))
228 /* HMAC-SHA224: generate hash of known digest value and compare to known
229 precomputed correct hash
231 static int FIPS_hmac_sha224_test()
233 unsigned char key[] = "etaonrishd";
234 unsigned char iv[] = "Sample text";
235 unsigned char kaval[EVP_MAX_MD_SIZE] =
236 {0x75, 0x58, 0xd5, 0xbd, 0x55, 0x6d, 0x87, 0x0f, 0x75, 0xff, 0xbe, 0x1c, 0xb2, 0xf0, 0x20, 0x35,
237 0xe5, 0x62, 0x49, 0xb6, 0x94, 0xb9, 0xfc, 0x65, 0x34, 0x33, 0x3a, 0x19};
239 unsigned char out[EVP_MAX_MD_SIZE];
243 if (!HMAC(EVP_sha224(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
244 if (memcmp(out,kaval,outlen))
249 /* HMAC-SHA256: generate hash of known digest value and compare to known
250 precomputed correct hash
252 static int FIPS_hmac_sha256_test()
254 unsigned char key[] = "etaonrishd";
255 unsigned char iv[] = "Sample text";
256 unsigned char kaval[EVP_MAX_MD_SIZE] =
257 {0xe9, 0x17, 0xc1, 0x7b, 0x4c, 0x6b, 0x77, 0xda, 0xd2, 0x30, 0x36, 0x02, 0xf5, 0x72, 0x33, 0x87,
258 0x9f, 0xc6, 0x6e, 0x7b, 0x7e, 0xa8, 0xea, 0xaa, 0x9f, 0xba, 0xee, 0x51, 0xff, 0xda, 0x24, 0xf4};
260 unsigned char out[EVP_MAX_MD_SIZE];
264 if (!HMAC(EVP_sha256(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
265 if (memcmp(out,kaval,outlen))
270 /* HMAC-SHA384: generate hash of known digest value and compare to known
271 precomputed correct hash
273 static int FIPS_hmac_sha384_test()
275 unsigned char key[] = "etaonrishd";
276 unsigned char iv[] = "Sample text";
277 unsigned char kaval[EVP_MAX_MD_SIZE] =
278 {0xb2, 0x9d, 0x40, 0x58, 0x32, 0xc4, 0xe3, 0x31, 0xb6, 0x63, 0x08, 0x26, 0x99, 0xef, 0x3b, 0x10,
279 0xe2, 0xdf, 0xf8, 0xff, 0xc6, 0xe1, 0x03, 0x29, 0x81, 0x2a, 0x1b, 0xac, 0xb0, 0x07, 0x39, 0x08,
280 0xf3, 0x91, 0x35, 0x11, 0x76, 0xd6, 0x4c, 0x20, 0xfb, 0x4d, 0xc3, 0xf3, 0xb8, 0x9b, 0x88, 0x1c};
282 unsigned char out[EVP_MAX_MD_SIZE];
286 if (!HMAC(EVP_sha384(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
287 if (memcmp(out,kaval,outlen))
292 /* HMAC-SHA512: generate hash of known digest value and compare to known
293 precomputed correct hash
295 static int FIPS_hmac_sha512_test()
297 unsigned char key[] = "etaonrishd";
298 unsigned char iv[] = "Sample text";
299 unsigned char kaval[EVP_MAX_MD_SIZE] =
300 {0xcd, 0x3e, 0xb9, 0x51, 0xb8, 0xbc, 0x7f, 0x9a, 0x23, 0xaf, 0xf3, 0x77, 0x59, 0x85, 0xa9, 0xe6,
301 0xf7, 0xd1, 0x51, 0x96, 0x17, 0xe0, 0x92, 0xd8, 0xa6, 0x3b, 0xc1, 0xad, 0x7e, 0x24, 0xca, 0xb1,
302 0xd7, 0x79, 0x0a, 0xa5, 0xea, 0x2c, 0x02, 0x58, 0x0b, 0xa6, 0x52, 0x6b, 0x61, 0x7f, 0xeb, 0x9c,
303 0x47, 0x86, 0x5d, 0x74, 0x2b, 0x88, 0xdf, 0xee, 0x46, 0x69, 0x96, 0x3d, 0xa6, 0xd9, 0x2a, 0x53};
305 unsigned char out[EVP_MAX_MD_SIZE];
309 if (!HMAC(EVP_sha512(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
310 if (memcmp(out,kaval,outlen))
316 /* DH: generate shared parameters
325 if (!DH_generate_parameters_ex(dh, 256, 2, NULL))
337 unsigned char userkey[16] =
338 { 0x48, 0x50, 0xf0, 0xa3, 0x3a, 0xed, 0xd3, 0xaf, 0x6e, 0x47, 0x7f, 0x83, 0x02, 0xb1, 0x09, 0x68 };
341 key = FIPS_rsa_new();
345 BN_set_word(bn, 65537);
346 if (!RSA_generate_key_ex(key, 1024,bn,NULL))
350 n = BN_num_bytes(key->d);
351 printf(" Generated %d byte RSA private key\n", n);
352 printf("\tBN key before overwriting:\n");
353 do_bn_print(stdout, key->d);
354 BN_rand(key->d,n*8,-1,0);
355 printf("\tBN key after overwriting:\n");
356 do_bn_print(stdout, key->d);
358 printf("\tchar buffer key before overwriting: \n\t\t");
359 for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
361 RAND_bytes(userkey, sizeof userkey);
362 printf("\tchar buffer key after overwriting: \n\t\t");
363 for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
370 const char * Fail(const char *msg)
376 int main(int argc,char **argv)
379 printf("\tFIPS-mode test application\n\n");
381 /* Load entropy from external file, if any */
382 RAND_load_file(".rnd", 1024);
385 /* Corrupted KAT tests */
386 if (!strcmp(argv[1], "aes")) {
388 printf("AES encryption/decryption with corrupted KAT...\n");
389 } else if (!strcmp(argv[1], "des")) {
391 printf("DES-ECB encryption/decryption with corrupted KAT...\n");
392 } else if (!strcmp(argv[1], "dsa")) {
394 printf("DSA key generation and signature validation with corrupted KAT...\n");
395 } else if (!strcmp(argv[1], "rsa")) {
397 printf("RSA key generation and encryption/decryption with corrupted KAT...\n");
398 } else if (!strcmp(argv[1], "sha1")) {
400 printf("SHA-1 hash with corrupted KAT...\n");
401 } else if (!strcmp(argv[1], "rng")) {
403 printf("RNG test with corrupted KAT...\n");
405 printf("Bad argument \"%s\"\n", argv[1]);
408 if (!FIPS_mode_set(1))
411 printf("Power-up self test failed\n");
414 printf("Power-up self test successful\n");
418 /* Non-Approved cryptographic operation
420 printf("1. Non-Approved cryptographic operation test...\n");
421 printf("\ta. Included algorithm (D-H)...");
422 printf( dh_test() ? "successful\n" : Fail("FAILED!\n") );
424 /* Power-up self test
427 printf("2. Automatic power-up self test...");
428 if (!FIPS_mode_set(1))
431 printf(Fail("FAILED!\n"));
434 printf("successful\n");
436 /* AES encryption/decryption
438 printf("3. AES encryption/decryption...");
439 printf( FIPS_aes_test() ? "successful\n" : Fail("FAILED!\n") );
441 /* RSA key generation and encryption/decryption
443 printf("4. RSA key generation and encryption/decryption...");
444 printf( FIPS_rsa_test() ? "successful\n" : Fail("FAILED!\n") );
446 /* DES-CBC encryption/decryption
448 printf("5. DES-ECB encryption/decryption...");
449 printf( FIPS_des_test() ? "successful\n" : Fail("FAILED!\n") );
451 /* DSA key generation and signature validation
453 printf("6. DSA key generation and signature validation...");
454 printf( FIPS_dsa_test() ? "successful\n" : Fail("FAILED!\n") );
458 printf("7a. SHA-1 hash...");
459 printf( FIPS_sha1_test() ? "successful\n" : Fail("FAILED!\n") );
463 printf("7b. SHA-256 hash...");
464 printf( FIPS_sha256_test() ? "successful\n" : Fail("FAILED!\n") );
468 printf("7c. SHA-512 hash...");
469 printf( FIPS_sha512_test() ? "successful\n" : Fail("FAILED!\n") );
473 printf("7d. HMAC-SHA-1 hash...");
474 printf( FIPS_hmac_sha1_test() ? "successful\n" : Fail("FAILED!\n") );
478 printf("7e. HMAC-SHA-224 hash...");
479 printf( FIPS_hmac_sha224_test() ? "successful\n" : Fail("FAILED!\n") );
483 printf("7f. HMAC-SHA-256 hash...");
484 printf( FIPS_hmac_sha256_test() ? "successful\n" : Fail("FAILED!\n") );
488 printf("7g. HMAC-SHA-384 hash...");
489 printf( FIPS_hmac_sha384_test() ? "successful\n" : Fail("FAILED!\n") );
493 printf("7h. HMAC-SHA-512 hash...");
494 printf( FIPS_hmac_sha512_test() ? "successful\n" : Fail("FAILED!\n") );
496 /* Non-Approved cryptographic operation
498 printf("8. Non-Approved cryptographic operation test...\n");
499 printf("\ta. Included algorithm (D-H)...");
500 printf( dh_test() ? "successful as expected\n"
501 : Fail("failed INCORRECTLY!\n") );
505 printf("9. Zero-ization...\n");
506 printf( Zeroize() ? "\tsuccessful as expected\n"
507 : Fail("\tfailed INCORRECTLY!\n") );
509 printf("\nAll tests completed with %d errors\n", Error);
510 return Error ? 1 : 0;
projects / oweals / openssl.git / blob