1 /* ====================================================================
2 * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
5 * This command is intended as a test driver for the FIPS-140 testing
6 * lab performing FIPS-140 validation. It demonstrates the use of the
7 * OpenSSL library ito perform a variety of common cryptographic
8 * functions. A power-up self test is demonstrated by deliberately
9 * pointing to an invalid executable hash
11 * Contributed by Steve Marquess.
19 #include <openssl/aes.h>
20 #include <openssl/des.h>
21 #include <openssl/rsa.h>
22 #include <openssl/dsa.h>
23 #include <openssl/hmac.h>
24 #include <openssl/fips_sha.h>
25 #include <openssl/err.h>
26 #include <openssl/fips.h>
27 #include <openssl/bn.h>
28 #include <openssl/rand.h>
32 int main(int argc, char *argv[])
34 printf("No FIPS support\n");
41 /* AES: encrypt and decrypt known plaintext, verify result matches original plaintext
43 static int FIPS_aes_test()
45 unsigned char userkey[16] = { 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xf0, 0x0d };
46 unsigned char plaintext[16] = "etaonrishdlcu";
47 unsigned char ciphertext[16];
48 unsigned char buf[16];
53 if (AES_set_encrypt_key( userkey, 128, &key ))
55 AES_encrypt( plaintext, ciphertext, &key);
56 if (AES_set_decrypt_key( userkey, 128, &dkey ))
58 AES_decrypt( ciphertext, buf, &dkey);
59 if (memcmp(buf, plaintext, sizeof(buf)))
64 /* DES: encrypt and decrypt known plaintext, verify result matches original plaintext
66 static int FIPS_des_test()
68 DES_cblock userkey = { 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xf0, 0x0d };
69 DES_cblock plaintext = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' };
72 DES_cblock ciphertext;
76 if (DES_set_key(&userkey, &key) < 0)
78 DES_ecb_encrypt( &plaintext, &ciphertext, &key, 1);
79 DES_ecb_encrypt( &ciphertext, &buf, &key, 0);
80 if (memcmp(buf, plaintext, sizeof(buf)))
86 * DSA: generate keys and sign, verify input plaintext.
88 static int FIPS_dsa_test()
92 unsigned char dgst[] = "etaonrishdlc";
93 unsigned char buf[60];
99 EVP_MD_CTX_init(&mctx);
100 dsa = FIPS_dsa_new();
103 if (!DSA_generate_parameters_ex(dsa, 512,NULL,0,NULL,NULL,NULL))
105 if (!DSA_generate_key(dsa))
108 pk.type = EVP_PKEY_DSA;
111 if (!EVP_SignInit_ex(&mctx, EVP_dss1(), NULL))
113 if (!EVP_SignUpdate(&mctx, dgst, sizeof(dgst) - 1))
115 if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
118 if (!EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL))
120 if (!EVP_VerifyUpdate(&mctx, dgst, sizeof(dgst) - 1))
122 r = EVP_VerifyFinal(&mctx, buf, slen, &pk);
124 EVP_MD_CTX_cleanup(&mctx);
133 * RSA: generate keys and sign, verify input plaintext.
135 static int FIPS_rsa_test()
138 unsigned char input_ptext[] = "etaonrishdlc";
139 unsigned char buf[256];
147 EVP_MD_CTX_init(&mctx);
148 key = FIPS_rsa_new();
152 BN_set_word(bn, 65537);
153 if (!RSA_generate_key_ex(key, 1024,bn,NULL))
157 pk.type = EVP_PKEY_RSA;
160 if (!EVP_SignInit_ex(&mctx, EVP_sha1(), NULL))
162 if (!EVP_SignUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
164 if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
167 if (!EVP_VerifyInit_ex(&mctx, EVP_sha1(), NULL))
169 if (!EVP_VerifyUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
171 r = EVP_VerifyFinal(&mctx, buf, slen, &pk);
173 EVP_MD_CTX_cleanup(&mctx);
181 /* SHA1: generate hash of known digest value and compare to known
182 precomputed correct hash
184 static int FIPS_sha1_test()
186 unsigned char digest[SHA_DIGEST_LENGTH] =
187 { 0x11, 0xf1, 0x9a, 0x3a, 0xec, 0x1a, 0x1e, 0x8e, 0x65, 0xd4, 0x9a, 0x38, 0x0c, 0x8b, 0x1e, 0x2c, 0xe8, 0xb3, 0xc5, 0x18 };
188 unsigned char str[] = "etaonrishd";
190 unsigned char md[SHA_DIGEST_LENGTH];
193 if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha1(), NULL)) return 0;
194 if (memcmp(md,digest,sizeof(md)))
199 /* SHA256: generate hash of known digest value and compare to known
200 precomputed correct hash
202 static int FIPS_sha256_test()
204 unsigned char digest[SHA256_DIGEST_LENGTH] =
205 {0xf5, 0x53, 0xcd, 0xb8, 0xcf, 0x1, 0xee, 0x17, 0x9b, 0x93, 0xc9, 0x68, 0xc0, 0xea, 0x40, 0x91,
206 0x6, 0xec, 0x8e, 0x11, 0x96, 0xc8, 0x5d, 0x1c, 0xaf, 0x64, 0x22, 0xe6, 0x50, 0x4f, 0x47, 0x57};
207 unsigned char str[] = "etaonrishd";
209 unsigned char md[SHA256_DIGEST_LENGTH];
212 if (!SHA256(str,sizeof(str) - 1,md)) return 0;
213 if (memcmp(md,digest,sizeof(md)))
218 /* SHA512: generate hash of known digest value and compare to known
219 precomputed correct hash
221 static int FIPS_sha512_test()
223 unsigned char digest[SHA512_DIGEST_LENGTH] =
224 {0x99, 0xc9, 0xe9, 0x5b, 0x88, 0xd4, 0x78, 0x88, 0xdf, 0x88, 0x5f, 0x94, 0x71, 0x64, 0x28, 0xca,
225 0x16, 0x1f, 0x3d, 0xf4, 0x1f, 0xf3, 0x0f, 0xc5, 0x03, 0x99, 0xb2, 0xd0, 0xe7, 0x0b, 0x94, 0x4a,
226 0x45, 0xd2, 0x6c, 0x4f, 0x20, 0x06, 0xef, 0x71, 0xa9, 0x25, 0x7f, 0x24, 0xb1, 0xd9, 0x40, 0x22,
227 0x49, 0x54, 0x10, 0xc2, 0x22, 0x9d, 0x27, 0xfe, 0xbd, 0xd6, 0xd6, 0xeb, 0x2d, 0x42, 0x1d, 0xa3};
228 unsigned char str[] = "etaonrishd";
230 unsigned char md[SHA512_DIGEST_LENGTH];
233 if (!SHA512(str,sizeof(str) - 1,md)) return 0;
234 if (memcmp(md,digest,sizeof(md)))
239 /* HMAC-SHA1: generate hash of known digest value and compare to known
240 precomputed correct hash
242 static int FIPS_hmac_sha1_test()
244 unsigned char key[] = "etaonrishd";
245 unsigned char iv[] = "Sample text";
246 unsigned char kaval[EVP_MAX_MD_SIZE] =
247 {0x73, 0xf7, 0xa0, 0x48, 0xf8, 0x94, 0xed, 0xdd, 0x0a, 0xea, 0xea, 0x56, 0x1b, 0x61, 0x2e, 0x70,
248 0xb2, 0xfb, 0xec, 0xc6};
250 unsigned char out[EVP_MAX_MD_SIZE];
254 if (!HMAC(EVP_sha1(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
255 if (memcmp(out,kaval,outlen))
260 /* HMAC-SHA224: generate hash of known digest value and compare to known
261 precomputed correct hash
263 static int FIPS_hmac_sha224_test()
265 unsigned char key[] = "etaonrishd";
266 unsigned char iv[] = "Sample text";
267 unsigned char kaval[EVP_MAX_MD_SIZE] =
268 {0x75, 0x58, 0xd5, 0xbd, 0x55, 0x6d, 0x87, 0x0f, 0x75, 0xff, 0xbe, 0x1c, 0xb2, 0xf0, 0x20, 0x35,
269 0xe5, 0x62, 0x49, 0xb6, 0x94, 0xb9, 0xfc, 0x65, 0x34, 0x33, 0x3a, 0x19};
271 unsigned char out[EVP_MAX_MD_SIZE];
275 if (!HMAC(EVP_sha224(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
276 if (memcmp(out,kaval,outlen))
281 /* HMAC-SHA256: generate hash of known digest value and compare to known
282 precomputed correct hash
284 static int FIPS_hmac_sha256_test()
286 unsigned char key[] = "etaonrishd";
287 unsigned char iv[] = "Sample text";
288 unsigned char kaval[EVP_MAX_MD_SIZE] =
289 {0xe9, 0x17, 0xc1, 0x7b, 0x4c, 0x6b, 0x77, 0xda, 0xd2, 0x30, 0x36, 0x02, 0xf5, 0x72, 0x33, 0x87,
290 0x9f, 0xc6, 0x6e, 0x7b, 0x7e, 0xa8, 0xea, 0xaa, 0x9f, 0xba, 0xee, 0x51, 0xff, 0xda, 0x24, 0xf4};
292 unsigned char out[EVP_MAX_MD_SIZE];
296 if (!HMAC(EVP_sha256(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
297 if (memcmp(out,kaval,outlen))
302 /* HMAC-SHA384: generate hash of known digest value and compare to known
303 precomputed correct hash
305 static int FIPS_hmac_sha384_test()
307 unsigned char key[] = "etaonrishd";
308 unsigned char iv[] = "Sample text";
309 unsigned char kaval[EVP_MAX_MD_SIZE] =
310 {0xb2, 0x9d, 0x40, 0x58, 0x32, 0xc4, 0xe3, 0x31, 0xb6, 0x63, 0x08, 0x26, 0x99, 0xef, 0x3b, 0x10,
311 0xe2, 0xdf, 0xf8, 0xff, 0xc6, 0xe1, 0x03, 0x29, 0x81, 0x2a, 0x1b, 0xac, 0xb0, 0x07, 0x39, 0x08,
312 0xf3, 0x91, 0x35, 0x11, 0x76, 0xd6, 0x4c, 0x20, 0xfb, 0x4d, 0xc3, 0xf3, 0xb8, 0x9b, 0x88, 0x1c};
314 unsigned char out[EVP_MAX_MD_SIZE];
318 if (!HMAC(EVP_sha384(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
319 if (memcmp(out,kaval,outlen))
324 /* HMAC-SHA512: generate hash of known digest value and compare to known
325 precomputed correct hash
327 static int FIPS_hmac_sha512_test()
329 unsigned char key[] = "etaonrishd";
330 unsigned char iv[] = "Sample text";
331 unsigned char kaval[EVP_MAX_MD_SIZE] =
332 {0xcd, 0x3e, 0xb9, 0x51, 0xb8, 0xbc, 0x7f, 0x9a, 0x23, 0xaf, 0xf3, 0x77, 0x59, 0x85, 0xa9, 0xe6,
333 0xf7, 0xd1, 0x51, 0x96, 0x17, 0xe0, 0x92, 0xd8, 0xa6, 0x3b, 0xc1, 0xad, 0x7e, 0x24, 0xca, 0xb1,
334 0xd7, 0x79, 0x0a, 0xa5, 0xea, 0x2c, 0x02, 0x58, 0x0b, 0xa6, 0x52, 0x6b, 0x61, 0x7f, 0xeb, 0x9c,
335 0x47, 0x86, 0x5d, 0x74, 0x2b, 0x88, 0xdf, 0xee, 0x46, 0x69, 0x96, 0x3d, 0xa6, 0xd9, 0x2a, 0x53};
337 unsigned char out[EVP_MAX_MD_SIZE];
341 if (!HMAC(EVP_sha512(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
342 if (memcmp(out,kaval,outlen))
348 /* DH: generate shared parameters
357 if (!DH_generate_parameters_ex(dh, 256, 2, NULL))
369 unsigned char userkey[16] =
370 { 0x48, 0x50, 0xf0, 0xa3, 0x3a, 0xed, 0xd3, 0xaf, 0x6e, 0x47, 0x7f, 0x83, 0x02, 0xb1, 0x09, 0x68 };
373 key = FIPS_rsa_new();
377 BN_set_word(bn, 65537);
378 if (!RSA_generate_key_ex(key, 1024,bn,NULL))
382 n = BN_num_bytes(key->d);
383 printf(" Generated %d byte RSA private key\n", n);
384 printf("\tBN key before overwriting:\n");
385 do_bn_print(stdout, key->d);
386 BN_rand(key->d,n*8,-1,0);
387 printf("\tBN key after overwriting:\n");
388 do_bn_print(stdout, key->d);
390 printf("\tchar buffer key before overwriting: \n\t\t");
391 for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
393 RAND_bytes(userkey, sizeof userkey);
394 printf("\tchar buffer key after overwriting: \n\t\t");
395 for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
402 const char * Fail(const char *msg)
408 int main(int argc,char **argv)
411 printf("\tFIPS-mode test application\n\n");
413 /* Load entropy from external file, if any */
414 RAND_load_file(".rnd", 1024);
417 /* Corrupted KAT tests */
418 if (!strcmp(argv[1], "aes")) {
420 printf("AES encryption/decryption with corrupted KAT...\n");
421 } else if (!strcmp(argv[1], "des")) {
423 printf("DES-ECB encryption/decryption with corrupted KAT...\n");
424 } else if (!strcmp(argv[1], "dsa")) {
426 printf("DSA key generation and signature validation with corrupted KAT...\n");
427 } else if (!strcmp(argv[1], "rsa")) {
429 printf("RSA key generation and encryption/decryption with corrupted KAT...\n");
430 } else if (!strcmp(argv[1], "sha1")) {
432 printf("SHA-1 hash with corrupted KAT...\n");
433 } else if (!strcmp(argv[1], "rng")) {
435 printf("RNG test with corrupted KAT...\n");
437 printf("Bad argument \"%s\"\n", argv[1]);
440 if (!FIPS_mode_set(1))
443 printf("Power-up self test failed\n");
446 printf("Power-up self test successful\n");
450 /* Non-Approved cryptographic operation
452 printf("1. Non-Approved cryptographic operation test...\n");
453 printf("\ta. Included algorithm (D-H)...");
454 printf( dh_test() ? "successful\n" : Fail("FAILED!\n") );
456 /* Power-up self test
459 printf("2. Automatic power-up self test...");
460 if (!FIPS_mode_set(1))
463 printf(Fail("FAILED!\n"));
466 printf("successful\n");
468 /* AES encryption/decryption
470 printf("3. AES encryption/decryption...");
471 printf( FIPS_aes_test() ? "successful\n" : Fail("FAILED!\n") );
473 /* RSA key generation and encryption/decryption
475 printf("4. RSA key generation and encryption/decryption...");
476 printf( FIPS_rsa_test() ? "successful\n" : Fail("FAILED!\n") );
478 /* DES-CBC encryption/decryption
480 printf("5. DES-ECB encryption/decryption...");
481 printf( FIPS_des_test() ? "successful\n" : Fail("FAILED!\n") );
483 /* DSA key generation and signature validation
485 printf("6. DSA key generation and signature validation...");
486 printf( FIPS_dsa_test() ? "successful\n" : Fail("FAILED!\n") );
490 printf("7a. SHA-1 hash...");
491 printf( FIPS_sha1_test() ? "successful\n" : Fail("FAILED!\n") );
495 printf("7b. SHA-256 hash...");
496 printf( FIPS_sha256_test() ? "successful\n" : Fail("FAILED!\n") );
500 printf("7c. SHA-512 hash...");
501 printf( FIPS_sha512_test() ? "successful\n" : Fail("FAILED!\n") );
505 printf("7d. HMAC-SHA-1 hash...");
506 printf( FIPS_hmac_sha1_test() ? "successful\n" : Fail("FAILED!\n") );
510 printf("7e. HMAC-SHA-224 hash...");
511 printf( FIPS_hmac_sha224_test() ? "successful\n" : Fail("FAILED!\n") );
515 printf("7f. HMAC-SHA-256 hash...");
516 printf( FIPS_hmac_sha256_test() ? "successful\n" : Fail("FAILED!\n") );
520 printf("7g. HMAC-SHA-384 hash...");
521 printf( FIPS_hmac_sha384_test() ? "successful\n" : Fail("FAILED!\n") );
525 printf("7h. HMAC-SHA-512 hash...");
526 printf( FIPS_hmac_sha512_test() ? "successful\n" : Fail("FAILED!\n") );
528 /* Non-Approved cryptographic operation
530 printf("8. Non-Approved cryptographic operation test...\n");
531 printf("\ta. Included algorithm (D-H)...");
532 printf( dh_test() ? "successful as expected\n"
533 : Fail("failed INCORRECTLY!\n") );
537 printf("9. Zero-ization...\n");
538 printf( Zeroize() ? "\tsuccessful as expected\n"
539 : Fail("\tfailed INCORRECTLY!\n") );
541 printf("\nAll tests completed with %d errors\n", Error);
542 return Error ? 1 : 0;