From: Ben Laurie Date: Fri, 30 Apr 2004 09:14:48 +0000 (+0000) Subject: Final(?) version of test suite. X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=f7376e8ebca77e6ed7486cdb50faf58de8d1ed7f;p=oweals%2Fopenssl.git Final(?) version of test suite. --- diff --git a/fips/fips_test_suite.c b/fips/fips_test_suite.c index 772373458f..a2f3f13163 100644 --- a/fips/fips_test_suite.c +++ b/fips/fips_test_suite.c @@ -21,9 +21,9 @@ #include #include #include +#include #include #include -#include #ifndef OPENSSL_FIPS int main(int argc, char *argv[]) @@ -44,15 +44,16 @@ static int FIPS_aes_test() AES_KEY key; AES_KEY dkey; + ERR_clear_error(); if (AES_set_encrypt_key( userkey, 128, &key )) return 0; AES_encrypt( plaintext, ciphertext, &key); - AES_set_decrypt_key( userkey, 128, &dkey ); + if (AES_set_decrypt_key( userkey, 128, &dkey )) + return 0; AES_decrypt( ciphertext, buf, &dkey); if (memcmp(buf, plaintext, sizeof(buf))) return 0; return 1; - } /* DES: encrypt and decrypt known plaintext, verify result matches original plaintext @@ -66,8 +67,9 @@ static int FIPS_des_test() DES_cblock ciphertext; DES_cblock buf; - if(DES_set_key(&userkey, &key)) - return 0; + ERR_clear_error(); + if (DES_set_key(&userkey, &key)) + return 0; DES_ecb_encrypt( &plaintext, &ciphertext, &key, 1); DES_ecb_encrypt( &ciphertext, &buf, &key, 0); if (memcmp(buf, plaintext, sizeof(buf))) @@ -85,10 +87,11 @@ static int FIPS_dsa_test() unsigned char sig[256]; unsigned int siglen; + ERR_clear_error(); dsa = DSA_generate_parameters(512,NULL,0,NULL,NULL,NULL,NULL); if (!dsa) return 0; - if(!DSA_generate_key(dsa)) + if (!DSA_generate_key(dsa)) return 0; if ( DSA_sign(0,dgst,strlen(dgst),sig,&siglen,dsa) != 1 ) return 0; @@ -109,6 +112,7 @@ static int FIPS_rsa_test() unsigned char ptext[256]; int n; + ERR_clear_error(); key = RSA_generate_key(1024,65537,NULL,NULL); if (!key) return 0; @@ -125,7 +129,8 @@ static int FIPS_rsa_test() return 1; } -/* SHA1: generate hash of known digest value and compate to known precomputed correct hash +/* SHA1: generate hash of known digest value and compare to known + precomputed correct hash */ static int FIPS_sha1_test() { @@ -135,15 +140,16 @@ static int FIPS_sha1_test() unsigned char md[SHA_DIGEST_LENGTH]; + ERR_clear_error(); if (!SHA1(str,strlen(str),md)) return 0; if (memcmp(md,digest,sizeof(md))) return 0; return 1; } -/* MD5: generate hash of known digest value and compate to known - precomputed correct hash */ - +/* MD5: generate hash of known digest value and compare to known + precomputed correct hash +*/ static int md5_test() { unsigned char digest[MD5_DIGEST_LENGTH] = @@ -152,6 +158,7 @@ static int md5_test() unsigned char md[MD5_DIGEST_LENGTH]; + ERR_clear_error(); if (!MD5(str,strlen(str),md)) return 0; if (memcmp(md,digest,sizeof(md))) @@ -159,6 +166,18 @@ static int md5_test() return 1; } +/* DH: generate shared parameters +*/ +static int dh_test() + { + DH *dh; + + dh = DH_generate_parameters(256, 2, NULL, NULL); + if (dh) + return 0; + return 1; + } + static int Error; const char * Fail(const char *msg) { @@ -171,10 +190,45 @@ int main(int argc,char **argv) printf("\tFIPS-mode test application\n\n"); + if (argv[1]) { + /* Corrupted KAT tests */ + if (!strcmp(argv[1], "aes")) { + FIPS_corrupt_aes(); + printf("3. AES encryption/decryption with corrupted KAT...\n"); + } else if (!strcmp(argv[1], "des")) { + FIPS_corrupt_des(); + printf("5. DES-ECB encryption/decryption with corrupted KAT...\n"); + } else if (!strcmp(argv[1], "dsa")) { + FIPS_corrupt_dsa(); + printf("6. DSA key generation and signature validation with corrupted KAT...\n"); + } else if (!strcmp(argv[1], "rsa")) { + FIPS_corrupt_rsa(); + printf("4. RSA key generation and encryption/decryption with corrupted KAT...\n"); + } else if (!strcmp(argv[1], "sha1")) { + FIPS_corrupt_sha1(); + printf("7. SHA-1 hash with corrupted KAT...\n"); + } else { + printf("Bad argument \"%s\"\n", argv[1]); + exit(1); + } + if (!FIPS_mode_set(1,argv[0])) + { + ERR_load_crypto_strings(); + ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); + printf("Power-up self test failed\n"); + exit(1); + } + printf("Power-up self test successful\n"); + exit(0); + } + /* Non-Approved cryptographic operation - */ - printf("0. Non-Approved cryptographic operation..."); + */ + printf("0. Non-Approved cryptographic operation test...\n"); + printf("\ta. MD5..."); printf( md5_test() ? "successful\n" : Fail("FAILED!\n") ); + printf("\tb. D-H..."); + printf( dh_test() ? "successful\n" : Fail("FAILED!\n") ); /* Power-up self test failure */ @@ -196,8 +250,9 @@ int main(int argc,char **argv) /* Power-up self test retry */ + ERR_clear_error(); printf("2. Automatic power-up self test retry..."); - if(!FIPS_mode_set(1,argv[0])) + if (!FIPS_mode_set(1,argv[0])) { ERR_load_crypto_strings(); ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); @@ -233,9 +288,13 @@ int main(int argc,char **argv) /* Non-Approved cryptographic operation */ - printf("8. Non-Approved cryptographic operation..."); + printf("8. Non-Approved cryptographic operation test...\n"); + printf("\ta. MD5..."); printf( md5_test() ? Fail("passed INCORRECTLY!\n") : "failed as expected\n" ); + printf("\tb. D-H..."); + printf( dh_test() ? Fail("passed INCORRECTLY!\n") + : "failed as expected\n" ); printf("\nAll tests completed with %d errors\n", Error); return 0;