#include <openssl/rsa.h>
#include <openssl/dsa.h>
+#include <openssl/ecdsa.h>
#include <openssl/dh.h>
#include <openssl/fips.h>
#include <openssl/fips_rand.h>
#include "fips_utl.h"
+static int verbose = 0;
+
+static int fips_module_mode_set_verbose(int mode, const char *pass)
+ {
+ int rv;
+ if (verbose)
+ printf("Attempting to %s FIPS mode\n", mode ? "Enter" : "Leave");
+ rv = FIPS_module_mode_set(mode, pass);
+ if (verbose)
+ printf("FIPS_module_mode() returned %d\n", FIPS_module_mode());
+ return rv;
+ }
+
+static void do_print_rsa_key(RSA *rsa)
+ {
+ if (!verbose)
+ return;
+ do_bn_print_name(stdout, "RSA key modulus value", rsa->e);
+ do_bn_print_name(stdout, "RSA key publicExponent value", rsa->n);
+ do_bn_print_name(stdout, "RSA key pricateExponent value", rsa->d);
+ do_bn_print_name(stdout, "RSA key prime1 value", rsa->p);
+ do_bn_print_name(stdout, "RSA key prime2 value", rsa->q);
+ do_bn_print_name(stdout, "RSA key exponent1 value", rsa->dmp1);
+ do_bn_print_name(stdout, "RSA key exponent2 value", rsa->dmq1);
+ do_bn_print_name(stdout, "RSA key coefficient value", rsa->iqmp);
+ }
+
+static void do_print_buf(char *name, unsigned char *buf, int buflen)
+ {
+ if (verbose)
+ OutputValue(name, buf, buflen, stdout, 0);
+ }
+
/* AES: encrypt and decrypt known plaintext, verify result matches original plaintext
*/
static int FIPS_aes_test(void)
unsigned char plaintext[16] = "etaonrishdlcu";
EVP_CIPHER_CTX ctx;
FIPS_cipher_ctx_init(&ctx);
+ if (verbose)
+ {
+ do_print_buf("Key", key, sizeof(key));
+ do_print_buf("Plaintext", plaintext, sizeof(plaintext));
+ }
if (FIPS_cipherinit(&ctx, EVP_aes_128_ecb(), key, NULL, 1) <= 0)
goto err;
FIPS_cipher(&ctx, citmp, plaintext, 16);
+ if (verbose)
+ {
+ do_print_buf("Ciphertext", citmp, sizeof(plaintext));
+ printf("AES 128 bit ECB mode decryption started\n");
+ }
if (FIPS_cipherinit(&ctx, EVP_aes_128_ecb(), key, NULL, 0) <= 0)
goto err;
FIPS_cipher(&ctx, pltmp, citmp, 16);
+ do_print_buf("Recovered Plaintext", pltmp, sizeof(plaintext));
if (memcmp(pltmp, plaintext, 16))
+ {
+ printf("Comparison failure!!\n");
goto err;
+ }
+ if (verbose)
+ printf("Comparison success.\n");
ret = 1;
err:
FIPS_cipher_ctx_cleanup(&ctx);
unsigned char plaintext[16] = "etaonrishdlcu";
EVP_CIPHER_CTX ctx;
FIPS_cipher_ctx_init(&ctx);
+ if (verbose)
+ {
+ do_print_buf("Key", key, sizeof(key));
+ do_print_buf("IV", key, sizeof(iv));
+ do_print_buf("Plaintext", plaintext, sizeof(plaintext));
+ do_print_buf("AAD", aad, sizeof(aad));
+ }
if (FIPS_cipherinit(&ctx, EVP_aes_128_gcm(), key, iv, 1) <= 0)
goto err;
FIPS_cipher(&ctx, NULL, aad, sizeof(aad));
if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, 16, tagtmp))
goto err;
+ if (verbose)
+ {
+ do_print_buf("Ciphertext", citmp, sizeof(citmp));
+ do_print_buf("Tag", tagtmp, sizeof(tagtmp));
+ }
+
if (FIPS_cipherinit(&ctx, EVP_aes_128_gcm(), key, iv, 0) <= 0)
goto err;
if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tagtmp))
if (FIPS_cipher(&ctx, NULL, NULL, 0) < 0)
goto err;
+ if (verbose)
+ do_print_buf("Recovered Plaintext", pltmp, sizeof(plaintext));
+
if (memcmp(pltmp, plaintext, 16))
+ {
+ if (verbose)
+ printf("Comparison failure!!\n");
goto err;
+ }
+
+ printf("Comparison sucess.\n");
ret = 1;
err:
unsigned char plaintext[] = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' };
EVP_CIPHER_CTX ctx;
FIPS_cipher_ctx_init(&ctx);
+ if (verbose)
+ {
+ do_print_buf("Key", key, sizeof(key));
+ do_print_buf("Plaintext", plaintext, sizeof(plaintext));
+ }
if (FIPS_cipherinit(&ctx, EVP_des_ede3_ecb(), key, NULL, 1) <= 0)
goto err;
FIPS_cipher(&ctx, citmp, plaintext, 8);
+ if (verbose)
+ {
+ do_print_buf("Ciphertext", citmp, sizeof(plaintext));
+ printf("DES3 ECB mode decryption\n");
+ }
if (FIPS_cipherinit(&ctx, EVP_des_ede3_ecb(), key, NULL, 0) <= 0)
goto err;
FIPS_cipher(&ctx, pltmp, citmp, 8);
+ if (verbose)
+ do_print_buf("Recovered Plaintext", pltmp, sizeof(plaintext));
if (memcmp(pltmp, plaintext, 8))
+ {
+ if (verbose)
+ printf("Comparison failure!!\n");
+
goto err;
+ }
+ if (verbose)
+ printf("Comparison success\n");
ret = 1;
err:
FIPS_cipher_ctx_cleanup(&ctx);
return ret;
}
+/*
+ * ECDSA: generate keys and sign, verify input plaintext.
+ */
+static int FIPS_ecdsa_test(void)
+ {
+ EC_KEY *ec = NULL;
+ unsigned char dgst[] = "etaonrishdlc";
+ int r = 0;
+ ECDSA_SIG *sig = NULL;
+
+ ERR_clear_error();
+ ec = FIPS_ec_key_new_by_curve_name(NID_X9_62_prime256v1);
+ if (!ec)
+ goto end;
+ if (!FIPS_ec_key_generate_key(ec))
+ goto end;
+
+ if (verbose)
+ {
+ BIGNUM *Qx, *Qy;
+ BN_CTX *ctx;
+ const EC_GROUP *grp;
+ const EC_POINT *pt;
+ const BIGNUM *priv;
+ Qx = BN_new();
+ Qy = BN_new();
+ ctx = BN_CTX_new();
+ grp = EC_KEY_get0_group(ec);
+ pt = EC_KEY_get0_public_key(ec);
+ priv = EC_KEY_get0_private_key(ec);
+ printf("EC Key using P-256\n");
+ if (!EC_POINT_get_affine_coordinates_GFp(grp, pt, Qx, Qy, ctx))
+ goto end;
+
+ do_bn_print_name(stdout, "ECDSA key x coordinate", Qx);
+ do_bn_print_name(stdout, "ECDSA key y coordinate", Qy);
+ do_bn_print_name(stdout, "ECDSA key private value", priv);
+ BN_free(Qx);
+ BN_free(Qy);
+ BN_CTX_free(ctx);
+ printf("Signing string \"%s\" using SHA256\n", dgst);
+ }
+
+ sig = FIPS_ecdsa_sign(ec, dgst, sizeof(dgst) -1, EVP_sha256());
+ if (!sig)
+ {
+ if (verbose)
+ printf("Signing Failed!!\n");
+ goto end;
+ }
+
+ if (verbose)
+ {
+ printf("Signing successful\n");
+ do_bn_print_name(stdout, "ECDSA signature r value", sig->r);
+ do_bn_print_name(stdout, "ECDSA signature s value", sig->s);
+ }
+
+ r = FIPS_ecdsa_verify(ec, dgst, sizeof(dgst) -1, EVP_sha256(), sig);
+ if (verbose)
+ printf("ECDSA verification %s\n", r ? "Successful." : "Failed!!");
+ end:
+ if (sig)
+ FIPS_ecdsa_sig_free(sig);
+ if (ec)
+ FIPS_ec_key_free(ec);
+ if (r != 1)
+ return 0;
+ return 1;
+ }
+
/*
* DSA: generate keys and sign, verify input plaintext.
*/
if (bad)
BN_add_word(dsa->pub_key, 1);
+ if (verbose)
+ {
+ do_bn_print_name(stdout, "DSA key p value", dsa->p);
+ do_bn_print_name(stdout, "DSA key q value", dsa->q);
+ do_bn_print_name(stdout, "DSA key g value", dsa->g);
+ do_bn_print_name(stdout, "DSA key public_key value", dsa->pub_key);
+ do_bn_print_name(stdout, "DSA key private key value", dsa->priv_key);
+ printf("Signing string \"%s\" using SHA256\n", dgst);
+ }
+
sig = FIPS_dsa_sign(dsa, dgst, sizeof(dgst) -1, EVP_sha256());
if (!sig)
+ {
+ if (verbose)
+ printf("Signing Failed!!\n");
goto end;
+ }
+
+ if (verbose)
+ {
+ printf("Signing successful\n");
+ do_bn_print_name(stdout, "DSA signature r value", sig->r);
+ do_bn_print_name(stdout, "DSA signature s value", sig->s);
+ }
r = FIPS_dsa_verify(dsa, dgst, sizeof(dgst) -1, EVP_sha256(), sig);
+ if (verbose)
+ printf("DSA verification %s\n", r ? "Successful." : "Failed!!");
end:
if (sig)
FIPS_dsa_sig_free(sig);
if (bad)
BN_add_word(key->n, 1);
+ if (verbose)
+ {
+ do_print_rsa_key(key);
+ printf("Signing string \"%s\" using SHA256\n", input_ptext);
+ }
+
if (!FIPS_rsa_sign(key, input_ptext, sizeof(input_ptext) - 1, EVP_sha256(),
RSA_PKCS1_PADDING, 0, NULL, buf, &slen))
+ {
+ if (verbose)
+ printf("RSA Signing failed!!\n");
goto end;
+ }
+
+ if (verbose)
+ {
+ printf("RSA signing successul\n");
+ do_print_buf("RSA signature", buf, slen);
+ }
r = FIPS_rsa_verify(key, input_ptext, sizeof(input_ptext) - 1, EVP_sha256(),
RSA_PKCS1_PADDING, 0, NULL, buf, slen);
+ if (verbose)
+ printf("RSA Verification %s\n", r == 1 ? "Successful" : "Failed!!");
end:
if (key)
FIPS_rsa_free(key);
ERR_clear_error();
if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha1())) return 0;
+ if (verbose)
+ {
+ printf("Digesting string %s\n", str);
+ do_print_buf("Digest value", md, sizeof(md));
+ }
if (memcmp(md,digest,sizeof(md)))
return 0;
return 1;
ERR_clear_error();
if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha256())) return 0;
+ if (verbose)
+ {
+ printf("Digesting string %s\n", str);
+ do_print_buf("Digest value", md, sizeof(md));
+ }
if (memcmp(md,digest,sizeof(md)))
return 0;
return 1;
ERR_clear_error();
if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha512())) return 0;
+ if (verbose)
+ {
+ printf("Digesting string %s\n", str);
+ do_print_buf("Digest value", md, sizeof(md));
+ }
if (memcmp(md,digest,sizeof(md)))
return 0;
return 1;
ERR_clear_error();
if (!HMAC(EVP_sha1(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
+ if (verbose)
+ {
+ do_print_buf("HMAC key", key, sizeof(key) -1);
+ do_print_buf("HMAC input", iv, sizeof(iv) -1);
+ do_print_buf("HMAC output", out, outlen);
+ }
if (memcmp(out,kaval,outlen))
+ {
+ if (verbose)
+ printf("HMAC comparison failed!!\n");
return 0;
+ }
+ printf("HMAC comparison successful.\n");
return 1;
}
ERR_clear_error();
if (!HMAC(EVP_sha224(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
+ if (verbose)
+ {
+ do_print_buf("HMAC key", key, sizeof(key) -1);
+ do_print_buf("HMAC input", iv, sizeof(iv) -1);
+ do_print_buf("HMAC output", out, outlen);
+ }
+ if (memcmp(out,kaval,outlen))
+ {
+ if (verbose)
+ printf("HMAC comparison failed!!\n");
+ return 0;
+ }
+ printf("HMAC comparison successful.\n");
if (memcmp(out,kaval,outlen))
return 0;
return 1;
ERR_clear_error();
if (!HMAC(EVP_sha256(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
+ if (verbose)
+ {
+ do_print_buf("HMAC key", key, sizeof(key) -1);
+ do_print_buf("HMAC input", iv, sizeof(iv) -1);
+ do_print_buf("HMAC output", out, outlen);
+ }
if (memcmp(out,kaval,outlen))
+ {
+ if (verbose)
+ printf("HMAC comparison failed!!\n");
return 0;
+ }
+ printf("HMAC comparison successful.\n");
return 1;
}
ERR_clear_error();
if (!HMAC(EVP_sha384(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
+ if (verbose)
+ {
+ do_print_buf("HMAC key", key, sizeof(key) -1);
+ do_print_buf("HMAC input", iv, sizeof(iv) -1);
+ do_print_buf("HMAC output", out, outlen);
+ }
if (memcmp(out,kaval,outlen))
+ {
+ if (verbose)
+ printf("HMAC comparison failed!!\n");
return 0;
+ }
+ printf("HMAC comparison successful.\n");
return 1;
}
ERR_clear_error();
if (!HMAC(EVP_sha512(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
+ if (verbose)
+ {
+ do_print_buf("HMAC key", key, sizeof(key) -1);
+ do_print_buf("HMAC input", iv, sizeof(iv) -1);
+ do_print_buf("HMAC output", out, outlen);
+ }
if (memcmp(out,kaval,outlen))
+ {
+ if (verbose)
+ printf("HMAC comparison failed!!\n");
return 0;
+ }
+ printf("HMAC comparison successful.\n");
return 1;
}
out = OPENSSL_malloc(outlen);
if (!CMAC_Final(ctx, out, &outlen))
goto end;
-#if 0
- {
- char *hexout = OPENSSL_malloc(outlen * 2 + 1);
- bin2hex(out, outlen, hexout);
- printf("CMAC-AES128: res = %s\n", hexout);
- OPENSSL_free(hexout);
- }
- r = 1;
-#else
if (!memcmp(out,kaval,outlen))
r = 1;
-#endif
+ if (verbose)
+ {
+ do_print_buf("CMAC key", key, sizeof(key));
+ do_print_buf("CMAC input", data, sizeof(data) -1);
+ do_print_buf("CMAC output", out, outlen);
+ printf("CMAC comparison %s\n", r == 1 ? "successful." : "Failed!!");
+ }
end:
CMAC_CTX_free(ctx);
if (out)
out = OPENSSL_malloc(outlen);
if (!CMAC_Final(ctx, out, &outlen))
goto end;
-#if 0
- {
- char *hexout = OPENSSL_malloc(outlen * 2 + 1);
- bin2hex(out, outlen, hexout);
- printf("CMAC-AES192: res = %s\n", hexout);
- OPENSSL_free(hexout);
- }
- r = 1;
-#else
if (!memcmp(out,kaval,outlen))
r = 1;
-#endif
+ if (verbose)
+ {
+ do_print_buf("CMAC key", key, sizeof(key));
+ do_print_buf("CMAC input", data, sizeof(data) -1);
+ do_print_buf("CMAC output", out, outlen);
+ printf("CMAC comparison %s\n", r == 1 ? "successful." : "Failed!!");
+ }
end:
CMAC_CTX_free(ctx);
if (out)
out = OPENSSL_malloc(outlen);
if (!CMAC_Final(ctx, out, &outlen))
goto end;
-#if 0
- {
- char *hexout = OPENSSL_malloc(outlen * 2 + 1);
- bin2hex(out, outlen, hexout);
- printf("CMAC-AES256: res = %s\n", hexout);
- OPENSSL_free(hexout);
- }
- r = 1;
-#else
if (!memcmp(out,kaval,outlen))
r = 1;
-#endif
+ if (verbose)
+ {
+ do_print_buf("CMAC key", key, sizeof(key));
+ do_print_buf("CMAC input", data, sizeof(data) -1);
+ do_print_buf("CMAC output", out, outlen);
+ printf("CMAC comparison %s\n", r == 1 ? "successful." : "Failed!!");
+ }
end:
CMAC_CTX_free(ctx);
if (out)
out = OPENSSL_malloc(outlen);
if (!CMAC_Final(ctx, out, &outlen))
goto end;
-#if 0
- {
- char *hexout = OPENSSL_malloc(outlen * 2 + 1);
- bin2hex(out, outlen, hexout);
- printf("CMAC-TDEA3: res = %s\n", hexout);
- OPENSSL_free(hexout);
- }
- r = 1;
-#else
if (!memcmp(out,kaval,outlen))
r = 1;
-#endif
+ if (verbose)
+ {
+ do_print_buf("CMAC key", key, sizeof(key));
+ do_print_buf("CMAC input", data, sizeof(data) -1);
+ do_print_buf("CMAC output", out, outlen);
+ printf("CMAC comparison %s\n", r == 1 ? "successful." : "Failed!!");
+ }
end:
CMAC_CTX_free(ctx);
if (out)
for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
printf("\n");
RAND_bytes(userkey, sizeof userkey);
- printf("\tchar buffer key after overwriting: \n\t\t");
+ printf("\tchar buffer key after overwriting with random key: \n\t\t");
+ for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
+ printf("\n");
+ OPENSSL_cleanse(userkey, sizeof(userkey));
+ printf("\tchar buffer key after zeroization: \n\t\t");
for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
printf("\n");
return msg;
}
-static void test_msg(const char *msg, int result)
- {
- printf("%s...%s\n", msg, result ? "successful" : Fail("Failed!"));
+#define test_msg(msg, rtest) \
+ { \
+ int rv; \
+ if (verbose) \
+ printf("%s...started\n", msg); \
+ rv = rtest; \
+ printf("%s...%s\n", msg, rv ? "successful" : Fail("Failed!")); \
}
/* Table of IDs for POST translating between NIDs and names */
DRBG_CTX *dctx = NULL, *defctx = NULL;
EC_KEY *ec = NULL;
BIGNUM *bn = NULL;
+ unsigned char key[16] = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
+ EVP_CIPHER_CTX ctx;
unsigned char out[10];
if (!fullpost)
post_quiet = 1;
if (!fullerr)
no_err = 1;
- FIPS_module_mode_set(0, NULL);
+ fips_module_mode_set_verbose(0, NULL);
for (sub_fail = 1; sub_fail < sub_count; sub_fail++)
{
sub_fail_num = sub_fail;
printf(" Testing induced failure of POST subtest %d\n",
sub_fail);
- rv = FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS);
+ rv = fips_module_mode_set_verbose(1, FIPS_AUTH_USER_PASS);
if (rv)
{
printf("\tFIPS mode incorrectly successful!!\n");
st_err++;
}
+ printf("\tAttempting crypto operation after failed POST... ");
+ FIPS_cipher_ctx_init(&ctx);
+ rv = FIPS_cipherinit(&ctx, EVP_aes_128_ecb(), key, NULL, 1);
+ if (rv > 0)
+ {
+ printf("succeeded incorrectly!!\n");
+ st_err++;
+ }
+ else
+ printf("failed as expected.\n");
+ FIPS_cipher_ctx_cleanup(&ctx);
}
sub_fail_num = -1;
printf(" Testing induced failure of RSA keygen test\n");
fail_id = FIPS_TEST_PAIRWISE;
fail_key = EVP_PKEY_RSA;
/* Now enter FIPS mode successfully */
- if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
+ if (!fips_module_mode_set_verbose(1, FIPS_AUTH_USER_PASS))
{
printf("\tError entering FIPS mode\n");
st_err++;
printf("\tRSA key generation failed as expected.\n");
/* Leave FIPS mode to clear error */
- FIPS_module_mode_set(0, NULL);
+ fips_module_mode_set_verbose(0, NULL);
printf(" Testing induced failure of DSA keygen test\n");
fail_key = EVP_PKEY_DSA;
/* Enter FIPS mode successfully */
- if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
+ if (!fips_module_mode_set_verbose(1, FIPS_AUTH_USER_PASS))
{
printf("\tError entering FIPS mode\n");
st_err++;
printf("\tDSA key generation failed as expected.\n");
/* Leave FIPS mode to clear error */
- FIPS_module_mode_set(0, NULL);
+ fips_module_mode_set_verbose(0, NULL);
/* Enter FIPS mode successfully */
- if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
+ if (!fips_module_mode_set_verbose(1, FIPS_AUTH_USER_PASS))
{
printf("\tError entering FIPS mode\n");
st_err++;
fail_sub = -1;
fail_key = -1;
/* Leave FIPS mode to clear error */
- FIPS_module_mode_set(0, NULL);
+ fips_module_mode_set_verbose(0, NULL);
/* Enter FIPS mode successfully */
- if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
+ if (!fips_module_mode_set_verbose(1, FIPS_AUTH_USER_PASS))
{
printf("\tError entering FIPS mode\n");
st_err++;
FIPS_drbg_stick(0);
/* Leave FIPS mode to clear error */
- FIPS_module_mode_set(0, NULL);
+ fips_module_mode_set_verbose(0, NULL);
/* Enter FIPS mode successfully */
- if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
+ if (!fips_module_mode_set_verbose(1, FIPS_AUTH_USER_PASS))
{
printf("\tError entering FIPS mode\n");
st_err++;
else
printf("\tDRBG continuous PRNG entropy failed as expected\n");
/* Leave FIPS mode to clear error */
- FIPS_module_mode_set(0, NULL);
+ fips_module_mode_set_verbose(0, NULL);
/* Enter FIPS mode successfully */
- if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
+ if (!fips_module_mode_set_verbose(1, FIPS_AUTH_USER_PASS))
{
printf("\tError entering FIPS mode\n");
st_err++;
FIPS_drbg_free(dctx);
/* Leave FIPS mode to clear error */
- FIPS_module_mode_set(0, NULL);
+ fips_module_mode_set_verbose(0, NULL);
/* Enter FIPS mode successfully */
- if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
+ if (!fips_module_mode_set_verbose(1, FIPS_AUTH_USER_PASS))
{
printf("\tError entering FIPS mode\n");
st_err++;
FIPS_x931_stick(0);
/* Leave FIPS mode to clear error */
- FIPS_module_mode_set(0, NULL);
+ fips_module_mode_set_verbose(0, NULL);
/* Enter FIPS mode successfully */
- if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
+ if (!fips_module_mode_set_verbose(1, FIPS_AUTH_USER_PASS))
{
printf("\tError entering FIPS mode\n");
st_err++;
} else if (!strcmp(*args, "fullerr")) {
fullerr = 1;
no_exit = 1;
+ } else if (!strcmp(*args, "verbose")) {
+ verbose = 1;
+ no_exit = 1;
} else {
printf("Bad argument \"%s\"\n", *args);
return 1;
if ((argc != 1) && !no_exit) {
fips_algtest_init_nofips();
- if (!FIPS_module_mode_set(1, pass)) {
+ if (!fips_module_mode_set_verbose(1, pass)) {
printf("Power-up self test failed\n");
return 1;
}
/* Power-up self test
*/
ERR_clear_error();
- test_msg("2. Automatic power-up self test", FIPS_module_mode_set(1, pass));
+ test_msg("2a. Automatic power-up self test", fips_module_mode_set_verbose(1, pass));
if (!FIPS_module_mode())
return 1;
if (do_drbg_stick)
if (do_rng_stick)
FIPS_x931_stick(1);
+ test_msg("2b. On demand self test", FIPS_selftest());
+
/* AES encryption/decryption
*/
test_msg("3a. AES encryption/decryption", FIPS_aes_test());
printf("\t%s\n", do_drbg_all() ? "successful as expected"
: Fail("failed INCORRECTLY!") );
- printf("13. Induced test failure check...\n");
+ test_msg("13. ECDSA key generation and signature validation",
+ FIPS_ecdsa_test());
+
+ printf("14. Induced test failure check...\n");
printf("\t%s\n", do_fail_all(fullpost, fullerr) ? "successful as expected"
: Fail("failed INCORRECTLY!") );
printf("\nAll tests completed with %d errors\n", Error);