1
/* ====================================================================
2
* Copyright (c) 2003 The OpenSSL Project. All rights reserved.
5
* This command is intended as a test driver for the FIPS-140 testing
6
* lab performing FIPS-140 validation. It demonstrates the use of the
7
* OpenSSL library ito perform a variety of common cryptographic
8
* functions. A power-up self test is demonstrated by deliberately
9
* pointing to an invalid executable hash
11
* Contributed by Steve Marquess.
19
#include <openssl/aes.h>
20
#include <openssl/des.h>
21
#include <openssl/rsa.h>
22
#include <openssl/dsa.h>
23
#include <openssl/dh.h>
24
#include <openssl/hmac.h>
25
#include <openssl/err.h>
27
#include <openssl/bn.h>
28
#include <openssl/rand.h>
29
#include <openssl/sha.h>
33
int main(int argc, char *argv[])
35
printf("No FIPS support\n");
40
#include <openssl/fips.h>
43
/* AES: encrypt and decrypt known plaintext, verify result matches original plaintext
45
static int FIPS_aes_test(void)
48
unsigned char pltmp[16];
49
unsigned char citmp[16];
50
unsigned char key[16] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
51
unsigned char plaintext[16] = "etaonrishdlcu";
53
EVP_CIPHER_CTX_init(&ctx);
54
if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(),NULL, key, NULL, 1) <= 0)
56
EVP_Cipher(&ctx, citmp, plaintext, 16);
57
if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(),NULL, key, NULL, 0) <= 0)
59
EVP_Cipher(&ctx, pltmp, citmp, 16);
60
if (memcmp(pltmp, plaintext, 16))
64
EVP_CIPHER_CTX_cleanup(&ctx);
68
static int FIPS_des3_test(void)
71
unsigned char pltmp[8];
72
unsigned char citmp[8];
73
unsigned char key[] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,
75
unsigned char plaintext[] = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' };
77
EVP_CIPHER_CTX_init(&ctx);
78
if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(),NULL, key, NULL, 1) <= 0)
80
EVP_Cipher(&ctx, citmp, plaintext, 8);
81
if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(),NULL, key, NULL, 0) <= 0)
83
EVP_Cipher(&ctx, pltmp, citmp, 8);
84
if (memcmp(pltmp, plaintext, 8))
88
EVP_CIPHER_CTX_cleanup(&ctx);
93
* DSA: generate keys and sign, verify input plaintext.
95
static int FIPS_dsa_test(int bad)
99
unsigned char dgst[] = "etaonrishdlc";
100
unsigned char buf[60];
106
EVP_MD_CTX_init(&mctx);
107
dsa = FIPS_dsa_new();
110
if (!DSA_generate_parameters_ex(dsa, 1024,NULL,0,NULL,NULL,NULL))
112
if (!DSA_generate_key(dsa))
115
BN_add_word(dsa->pub_key, 1);
117
pk.type = EVP_PKEY_DSA;
120
if (!EVP_SignInit_ex(&mctx, EVP_dss1(), NULL))
122
if (!EVP_SignUpdate(&mctx, dgst, sizeof(dgst) - 1))
124
if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
127
if (!EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL))
129
if (!EVP_VerifyUpdate(&mctx, dgst, sizeof(dgst) - 1))
131
r = EVP_VerifyFinal(&mctx, buf, slen, &pk);
133
EVP_MD_CTX_cleanup(&mctx);
142
* RSA: generate keys and sign, verify input plaintext.
144
static int FIPS_rsa_test(int bad)
147
unsigned char input_ptext[] = "etaonrishdlc";
148
unsigned char buf[256];
156
EVP_MD_CTX_init(&mctx);
157
key = FIPS_rsa_new();
161
BN_set_word(bn, 65537);
162
if (!RSA_generate_key_ex(key, 1024,bn,NULL))
166
BN_add_word(key->n, 1);
168
pk.type = EVP_PKEY_RSA;
171
if (!EVP_SignInit_ex(&mctx, EVP_sha1(), NULL))
173
if (!EVP_SignUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
175
if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
178
if (!EVP_VerifyInit_ex(&mctx, EVP_sha1(), NULL))
180
if (!EVP_VerifyUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
182
r = EVP_VerifyFinal(&mctx, buf, slen, &pk);
184
EVP_MD_CTX_cleanup(&mctx);
192
/* SHA1: generate hash of known digest value and compare to known
193
precomputed correct hash
195
static int FIPS_sha1_test()
197
unsigned char digest[SHA_DIGEST_LENGTH] =
198
{ 0x11, 0xf1, 0x9a, 0x3a, 0xec, 0x1a, 0x1e, 0x8e, 0x65, 0xd4, 0x9a, 0x38, 0x0c, 0x8b, 0x1e, 0x2c, 0xe8, 0xb3, 0xc5, 0x18 };
199
unsigned char str[] = "etaonrishd";
201
unsigned char md[SHA_DIGEST_LENGTH];
204
if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha1(), NULL)) return 0;
205
if (memcmp(md,digest,sizeof(md)))
210
/* SHA256: generate hash of known digest value and compare to known
211
precomputed correct hash
213
static int FIPS_sha256_test()
215
unsigned char digest[SHA256_DIGEST_LENGTH] =
216
{0xf5, 0x53, 0xcd, 0xb8, 0xcf, 0x1, 0xee, 0x17, 0x9b, 0x93, 0xc9, 0x68, 0xc0, 0xea, 0x40, 0x91,
217
0x6, 0xec, 0x8e, 0x11, 0x96, 0xc8, 0x5d, 0x1c, 0xaf, 0x64, 0x22, 0xe6, 0x50, 0x4f, 0x47, 0x57};
218
unsigned char str[] = "etaonrishd";
220
unsigned char md[SHA256_DIGEST_LENGTH];
223
if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha256(), NULL)) return 0;
224
if (memcmp(md,digest,sizeof(md)))
229
/* SHA512: generate hash of known digest value and compare to known
230
precomputed correct hash
232
static int FIPS_sha512_test()
234
unsigned char digest[SHA512_DIGEST_LENGTH] =
235
{0x99, 0xc9, 0xe9, 0x5b, 0x88, 0xd4, 0x78, 0x88, 0xdf, 0x88, 0x5f, 0x94, 0x71, 0x64, 0x28, 0xca,
236
0x16, 0x1f, 0x3d, 0xf4, 0x1f, 0xf3, 0x0f, 0xc5, 0x03, 0x99, 0xb2, 0xd0, 0xe7, 0x0b, 0x94, 0x4a,
237
0x45, 0xd2, 0x6c, 0x4f, 0x20, 0x06, 0xef, 0x71, 0xa9, 0x25, 0x7f, 0x24, 0xb1, 0xd9, 0x40, 0x22,
238
0x49, 0x54, 0x10, 0xc2, 0x22, 0x9d, 0x27, 0xfe, 0xbd, 0xd6, 0xd6, 0xeb, 0x2d, 0x42, 0x1d, 0xa3};
239
unsigned char str[] = "etaonrishd";
241
unsigned char md[SHA512_DIGEST_LENGTH];
244
if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha512(), NULL)) return 0;
245
if (memcmp(md,digest,sizeof(md)))
250
/* HMAC-SHA1: generate hash of known digest value and compare to known
251
precomputed correct hash
253
static int FIPS_hmac_sha1_test()
255
unsigned char key[] = "etaonrishd";
256
unsigned char iv[] = "Sample text";
257
unsigned char kaval[EVP_MAX_MD_SIZE] =
258
{0x73, 0xf7, 0xa0, 0x48, 0xf8, 0x94, 0xed, 0xdd, 0x0a, 0xea, 0xea, 0x56, 0x1b, 0x61, 0x2e, 0x70,
259
0xb2, 0xfb, 0xec, 0xc6};
261
unsigned char out[EVP_MAX_MD_SIZE];
265
if (!HMAC(EVP_sha1(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
266
if (memcmp(out,kaval,outlen))
271
/* HMAC-SHA224: generate hash of known digest value and compare to known
272
precomputed correct hash
274
static int FIPS_hmac_sha224_test()
276
unsigned char key[] = "etaonrishd";
277
unsigned char iv[] = "Sample text";
278
unsigned char kaval[EVP_MAX_MD_SIZE] =
279
{0x75, 0x58, 0xd5, 0xbd, 0x55, 0x6d, 0x87, 0x0f, 0x75, 0xff, 0xbe, 0x1c, 0xb2, 0xf0, 0x20, 0x35,
280
0xe5, 0x62, 0x49, 0xb6, 0x94, 0xb9, 0xfc, 0x65, 0x34, 0x33, 0x3a, 0x19};
282
unsigned char out[EVP_MAX_MD_SIZE];
286
if (!HMAC(EVP_sha224(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
287
if (memcmp(out,kaval,outlen))
292
/* HMAC-SHA256: generate hash of known digest value and compare to known
293
precomputed correct hash
295
static int FIPS_hmac_sha256_test()
297
unsigned char key[] = "etaonrishd";
298
unsigned char iv[] = "Sample text";
299
unsigned char kaval[EVP_MAX_MD_SIZE] =
300
{0xe9, 0x17, 0xc1, 0x7b, 0x4c, 0x6b, 0x77, 0xda, 0xd2, 0x30, 0x36, 0x02, 0xf5, 0x72, 0x33, 0x87,
301
0x9f, 0xc6, 0x6e, 0x7b, 0x7e, 0xa8, 0xea, 0xaa, 0x9f, 0xba, 0xee, 0x51, 0xff, 0xda, 0x24, 0xf4};
303
unsigned char out[EVP_MAX_MD_SIZE];
307
if (!HMAC(EVP_sha256(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
308
if (memcmp(out,kaval,outlen))
313
/* HMAC-SHA384: generate hash of known digest value and compare to known
314
precomputed correct hash
316
static int FIPS_hmac_sha384_test()
318
unsigned char key[] = "etaonrishd";
319
unsigned char iv[] = "Sample text";
320
unsigned char kaval[EVP_MAX_MD_SIZE] =
321
{0xb2, 0x9d, 0x40, 0x58, 0x32, 0xc4, 0xe3, 0x31, 0xb6, 0x63, 0x08, 0x26, 0x99, 0xef, 0x3b, 0x10,
322
0xe2, 0xdf, 0xf8, 0xff, 0xc6, 0xe1, 0x03, 0x29, 0x81, 0x2a, 0x1b, 0xac, 0xb0, 0x07, 0x39, 0x08,
323
0xf3, 0x91, 0x35, 0x11, 0x76, 0xd6, 0x4c, 0x20, 0xfb, 0x4d, 0xc3, 0xf3, 0xb8, 0x9b, 0x88, 0x1c};
325
unsigned char out[EVP_MAX_MD_SIZE];
329
if (!HMAC(EVP_sha384(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
330
if (memcmp(out,kaval,outlen))
335
/* HMAC-SHA512: generate hash of known digest value and compare to known
336
precomputed correct hash
338
static int FIPS_hmac_sha512_test()
340
unsigned char key[] = "etaonrishd";
341
unsigned char iv[] = "Sample text";
342
unsigned char kaval[EVP_MAX_MD_SIZE] =
343
{0xcd, 0x3e, 0xb9, 0x51, 0xb8, 0xbc, 0x7f, 0x9a, 0x23, 0xaf, 0xf3, 0x77, 0x59, 0x85, 0xa9, 0xe6,
344
0xf7, 0xd1, 0x51, 0x96, 0x17, 0xe0, 0x92, 0xd8, 0xa6, 0x3b, 0xc1, 0xad, 0x7e, 0x24, 0xca, 0xb1,
345
0xd7, 0x79, 0x0a, 0xa5, 0xea, 0x2c, 0x02, 0x58, 0x0b, 0xa6, 0x52, 0x6b, 0x61, 0x7f, 0xeb, 0x9c,
346
0x47, 0x86, 0x5d, 0x74, 0x2b, 0x88, 0xdf, 0xee, 0x46, 0x69, 0x96, 0x3d, 0xa6, 0xd9, 0x2a, 0x53};
348
unsigned char out[EVP_MAX_MD_SIZE];
352
if (!HMAC(EVP_sha512(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
353
if (memcmp(out,kaval,outlen))
359
/* DH: generate shared parameters
368
if (!DH_generate_parameters_ex(dh, 1024, 2, NULL))
380
unsigned char userkey[16] =
381
{ 0x48, 0x50, 0xf0, 0xa3, 0x3a, 0xed, 0xd3, 0xaf, 0x6e, 0x47, 0x7f, 0x83, 0x02, 0xb1, 0x09, 0x68 };
384
key = FIPS_rsa_new();
388
BN_set_word(bn, 65537);
389
if (!RSA_generate_key_ex(key, 1024,bn,NULL))
393
n = BN_num_bytes(key->d);
394
printf(" Generated %d byte RSA private key\n", n);
395
printf("\tBN key before overwriting:\n");
396
do_bn_print(stdout, key->d);
397
BN_rand(key->d,n*8,-1,0);
398
printf("\tBN key after overwriting:\n");
399
do_bn_print(stdout, key->d);
401
printf("\tchar buffer key before overwriting: \n\t\t");
402
for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
404
RAND_bytes(userkey, sizeof userkey);
405
printf("\tchar buffer key after overwriting: \n\t\t");
406
for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
413
const char * Fail(const char *msg)
420
int main(int argc,char **argv)
423
int do_corrupt_rsa_keygen = 0, do_corrupt_dsa_keygen = 0;
424
int bad_rsa = 0, bad_dsa = 0;
425
int do_rng_stick = 0;
428
printf("\tFIPS-mode test application\n\n");
430
/* Load entropy from external file, if any */
431
RAND_load_file(".rnd", 1024);
434
/* Corrupted KAT tests */
435
if (!strcmp(argv[1], "aes")) {
437
printf("AES encryption/decryption with corrupted KAT...\n");
438
} else if (!strcmp(argv[1], "des")) {
440
printf("DES3-ECB encryption/decryption with corrupted KAT...\n");
441
} else if (!strcmp(argv[1], "dsa")) {
443
printf("DSA key generation and signature validation with corrupted KAT...\n");
444
} else if (!strcmp(argv[1], "rsa")) {
446
printf("RSA key generation and signature validation with corrupted KAT...\n");
447
} else if (!strcmp(argv[1], "rsakey")) {
448
printf("RSA key generation and signature validation with corrupted key...\n");
451
} else if (!strcmp(argv[1], "rsakeygen")) {
452
do_corrupt_rsa_keygen = 1;
454
printf("RSA key generation and signature validation with corrupted keygen...\n");
455
} else if (!strcmp(argv[1], "dsakey")) {
456
printf("DSA key generation and signature validation with corrupted key...\n");
459
} else if (!strcmp(argv[1], "dsakeygen")) {
460
do_corrupt_dsa_keygen = 1;
462
printf("DSA key generation and signature validation with corrupted keygen...\n");
463
} else if (!strcmp(argv[1], "sha1")) {
465
printf("SHA-1 hash with corrupted KAT...\n");
466
} else if (!strcmp(argv[1], "rng")) {
468
} else if (!strcmp(argv[1], "rngstick")) {
471
printf("RNG test with stuck continuous test...\n");
473
printf("Bad argument \"%s\"\n", argv[1]);
477
if (!FIPS_mode_set(1)) {
479
printf("Power-up self test failed\n");
482
printf("Power-up self test successful\n");
487
/* Non-Approved cryptographic operation
489
printf("1. Non-Approved cryptographic operation test...\n");
490
printf("\ta. Included algorithm (D-H)...");
491
printf( dh_test() ? "successful\n" : Fail("FAILED!\n") );
493
/* Power-up self test
496
printf("2. Automatic power-up self test...");
497
if (!FIPS_mode_set(1))
500
printf(Fail("FAILED!\n"));
503
printf("successful\n");
504
if (do_corrupt_dsa_keygen)
505
FIPS_corrupt_dsa_keygen();
506
if (do_corrupt_rsa_keygen)
507
FIPS_corrupt_rsa_keygen();
511
/* AES encryption/decryption
513
printf("3. AES encryption/decryption...");
514
printf( FIPS_aes_test() ? "successful\n" : Fail("FAILED!\n") );
516
/* RSA key generation and encryption/decryption
518
printf("4. RSA key generation and encryption/decryption...");
519
printf( FIPS_rsa_test(bad_rsa) ? "successful\n" : Fail("FAILED!\n") );
521
/* DES-CBC encryption/decryption
523
printf("5. DES-ECB encryption/decryption...");
524
printf( FIPS_des3_test() ? "successful\n" : Fail("FAILED!\n") );
526
/* DSA key generation and signature validation
528
printf("6. DSA key generation and signature validation...");
529
printf( FIPS_dsa_test(bad_dsa) ? "successful\n" : Fail("FAILED!\n") );
533
printf("7a. SHA-1 hash...");
534
printf( FIPS_sha1_test() ? "successful\n" : Fail("FAILED!\n") );
538
printf("7b. SHA-256 hash...");
539
printf( FIPS_sha256_test() ? "successful\n" : Fail("FAILED!\n") );
543
printf("7c. SHA-512 hash...");
544
printf( FIPS_sha512_test() ? "successful\n" : Fail("FAILED!\n") );
548
printf("7d. HMAC-SHA-1 hash...");
549
printf( FIPS_hmac_sha1_test() ? "successful\n" : Fail("FAILED!\n") );
553
printf("7e. HMAC-SHA-224 hash...");
554
printf( FIPS_hmac_sha224_test() ? "successful\n" : Fail("FAILED!\n") );
558
printf("7f. HMAC-SHA-256 hash...");
559
printf( FIPS_hmac_sha256_test() ? "successful\n" : Fail("FAILED!\n") );
563
printf("7g. HMAC-SHA-384 hash...");
564
printf( FIPS_hmac_sha384_test() ? "successful\n" : Fail("FAILED!\n") );
568
printf("7h. HMAC-SHA-512 hash...");
569
printf( FIPS_hmac_sha512_test() ? "successful\n" : Fail("FAILED!\n") );
571
/* Non-Approved cryptographic operation
573
printf("8. Non-Approved cryptographic operation test...\n");
574
printf("\ta. Included algorithm (D-H)...");
575
printf( dh_test() ? "successful as expected\n"
576
: Fail("failed INCORRECTLY!\n") );
580
printf("9. Zero-ization...\n");
581
printf( Zeroize() ? "\tsuccessful as expected\n"
582
: Fail("\tfailed INCORRECTLY!\n") );
584
printf("\nAll tests completed with %d errors\n", Error);
585
return Error ? 1 : 0;