Loading fips/fips_test_suite.c +73 −14 Original line number Diff line number Diff line Loading @@ -21,9 +21,9 @@ #include <openssl/rsa.h> #include <openssl/dsa.h> #include <openssl/sha.h> #include <openssl/md5.h> #include <openssl/err.h> #include <openssl/fips.h> #include <openssl/md5.h> #ifndef OPENSSL_FIPS int main(int argc, char *argv[]) Loading @@ -44,15 +44,16 @@ static int FIPS_aes_test() AES_KEY key; AES_KEY dkey; ERR_clear_error(); if (AES_set_encrypt_key( userkey, 128, &key )) return 0; AES_encrypt( plaintext, ciphertext, &key); AES_set_decrypt_key( userkey, 128, &dkey ); if (AES_set_decrypt_key( userkey, 128, &dkey )) return 0; AES_decrypt( ciphertext, buf, &dkey); if (memcmp(buf, plaintext, sizeof(buf))) return 0; return 1; } /* DES: encrypt and decrypt known plaintext, verify result matches original plaintext Loading @@ -66,6 +67,7 @@ static int FIPS_des_test() DES_cblock ciphertext; DES_cblock buf; ERR_clear_error(); if (DES_set_key(&userkey, &key)) return 0; DES_ecb_encrypt( &plaintext, &ciphertext, &key, 1); Loading @@ -85,6 +87,7 @@ static int FIPS_dsa_test() unsigned char sig[256]; unsigned int siglen; ERR_clear_error(); dsa = DSA_generate_parameters(512,NULL,0,NULL,NULL,NULL,NULL); if (!dsa) return 0; Loading @@ -109,6 +112,7 @@ static int FIPS_rsa_test() unsigned char ptext[256]; int n; ERR_clear_error(); key = RSA_generate_key(1024,65537,NULL,NULL); if (!key) return 0; Loading @@ -125,7 +129,8 @@ static int FIPS_rsa_test() return 1; } /* SHA1: generate hash of known digest value and compate to known precomputed correct hash /* SHA1: generate hash of known digest value and compare to known precomputed correct hash */ static int FIPS_sha1_test() { Loading @@ -135,15 +140,16 @@ static int FIPS_sha1_test() unsigned char md[SHA_DIGEST_LENGTH]; ERR_clear_error(); if (!SHA1(str,strlen(str),md)) return 0; if (memcmp(md,digest,sizeof(md))) return 0; return 1; } /* MD5: generate hash of known digest value and compate to known precomputed correct hash */ /* MD5: generate hash of known digest value and compare to known precomputed correct hash */ static int md5_test() { unsigned char digest[MD5_DIGEST_LENGTH] = Loading @@ -152,6 +158,7 @@ static int md5_test() unsigned char md[MD5_DIGEST_LENGTH]; ERR_clear_error(); if (!MD5(str,strlen(str),md)) return 0; if (memcmp(md,digest,sizeof(md))) Loading @@ -159,6 +166,18 @@ static int md5_test() return 1; } /* DH: generate shared parameters */ static int dh_test() { DH *dh; dh = DH_generate_parameters(256, 2, NULL, NULL); if (dh) return 0; return 1; } static int Error; const char * Fail(const char *msg) { Loading @@ -171,10 +190,45 @@ int main(int argc,char **argv) printf("\tFIPS-mode test application\n\n"); if (argv[1]) { /* Corrupted KAT tests */ if (!strcmp(argv[1], "aes")) { FIPS_corrupt_aes(); printf("3. AES encryption/decryption with corrupted KAT...\n"); } else if (!strcmp(argv[1], "des")) { FIPS_corrupt_des(); printf("5. DES-ECB encryption/decryption with corrupted KAT...\n"); } else if (!strcmp(argv[1], "dsa")) { FIPS_corrupt_dsa(); printf("6. DSA key generation and signature validation with corrupted KAT...\n"); } else if (!strcmp(argv[1], "rsa")) { FIPS_corrupt_rsa(); printf("4. RSA key generation and encryption/decryption with corrupted KAT...\n"); } else if (!strcmp(argv[1], "sha1")) { FIPS_corrupt_sha1(); printf("7. SHA-1 hash with corrupted KAT...\n"); } else { printf("Bad argument \"%s\"\n", argv[1]); exit(1); } if (!FIPS_mode_set(1,argv[0])) { ERR_load_crypto_strings(); ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); printf("Power-up self test failed\n"); exit(1); } printf("Power-up self test successful\n"); exit(0); } /* Non-Approved cryptographic operation */ printf("0. Non-Approved cryptographic operation..."); printf("0. Non-Approved cryptographic operation test...\n"); printf("\ta. MD5..."); printf( md5_test() ? "successful\n" : Fail("FAILED!\n") ); printf("\tb. D-H..."); printf( dh_test() ? "successful\n" : Fail("FAILED!\n") ); /* Power-up self test failure */ Loading @@ -196,6 +250,7 @@ int main(int argc,char **argv) /* Power-up self test retry */ ERR_clear_error(); printf("2. Automatic power-up self test retry..."); if (!FIPS_mode_set(1,argv[0])) { Loading Loading @@ -233,9 +288,13 @@ int main(int argc,char **argv) /* Non-Approved cryptographic operation */ printf("8. Non-Approved cryptographic operation..."); printf("8. Non-Approved cryptographic operation test...\n"); printf("\ta. MD5..."); printf( md5_test() ? Fail("passed INCORRECTLY!\n") : "failed as expected\n" ); printf("\tb. D-H..."); printf( dh_test() ? Fail("passed INCORRECTLY!\n") : "failed as expected\n" ); printf("\nAll tests completed with %d errors\n", Error); return 0; Loading Loading
fips/fips_test_suite.c +73 −14 Original line number Diff line number Diff line Loading @@ -21,9 +21,9 @@ #include <openssl/rsa.h> #include <openssl/dsa.h> #include <openssl/sha.h> #include <openssl/md5.h> #include <openssl/err.h> #include <openssl/fips.h> #include <openssl/md5.h> #ifndef OPENSSL_FIPS int main(int argc, char *argv[]) Loading @@ -44,15 +44,16 @@ static int FIPS_aes_test() AES_KEY key; AES_KEY dkey; ERR_clear_error(); if (AES_set_encrypt_key( userkey, 128, &key )) return 0; AES_encrypt( plaintext, ciphertext, &key); AES_set_decrypt_key( userkey, 128, &dkey ); if (AES_set_decrypt_key( userkey, 128, &dkey )) return 0; AES_decrypt( ciphertext, buf, &dkey); if (memcmp(buf, plaintext, sizeof(buf))) return 0; return 1; } /* DES: encrypt and decrypt known plaintext, verify result matches original plaintext Loading @@ -66,6 +67,7 @@ static int FIPS_des_test() DES_cblock ciphertext; DES_cblock buf; ERR_clear_error(); if (DES_set_key(&userkey, &key)) return 0; DES_ecb_encrypt( &plaintext, &ciphertext, &key, 1); Loading @@ -85,6 +87,7 @@ static int FIPS_dsa_test() unsigned char sig[256]; unsigned int siglen; ERR_clear_error(); dsa = DSA_generate_parameters(512,NULL,0,NULL,NULL,NULL,NULL); if (!dsa) return 0; Loading @@ -109,6 +112,7 @@ static int FIPS_rsa_test() unsigned char ptext[256]; int n; ERR_clear_error(); key = RSA_generate_key(1024,65537,NULL,NULL); if (!key) return 0; Loading @@ -125,7 +129,8 @@ static int FIPS_rsa_test() return 1; } /* SHA1: generate hash of known digest value and compate to known precomputed correct hash /* SHA1: generate hash of known digest value and compare to known precomputed correct hash */ static int FIPS_sha1_test() { Loading @@ -135,15 +140,16 @@ static int FIPS_sha1_test() unsigned char md[SHA_DIGEST_LENGTH]; ERR_clear_error(); if (!SHA1(str,strlen(str),md)) return 0; if (memcmp(md,digest,sizeof(md))) return 0; return 1; } /* MD5: generate hash of known digest value and compate to known precomputed correct hash */ /* MD5: generate hash of known digest value and compare to known precomputed correct hash */ static int md5_test() { unsigned char digest[MD5_DIGEST_LENGTH] = Loading @@ -152,6 +158,7 @@ static int md5_test() unsigned char md[MD5_DIGEST_LENGTH]; ERR_clear_error(); if (!MD5(str,strlen(str),md)) return 0; if (memcmp(md,digest,sizeof(md))) Loading @@ -159,6 +166,18 @@ static int md5_test() return 1; } /* DH: generate shared parameters */ static int dh_test() { DH *dh; dh = DH_generate_parameters(256, 2, NULL, NULL); if (dh) return 0; return 1; } static int Error; const char * Fail(const char *msg) { Loading @@ -171,10 +190,45 @@ int main(int argc,char **argv) printf("\tFIPS-mode test application\n\n"); if (argv[1]) { /* Corrupted KAT tests */ if (!strcmp(argv[1], "aes")) { FIPS_corrupt_aes(); printf("3. AES encryption/decryption with corrupted KAT...\n"); } else if (!strcmp(argv[1], "des")) { FIPS_corrupt_des(); printf("5. DES-ECB encryption/decryption with corrupted KAT...\n"); } else if (!strcmp(argv[1], "dsa")) { FIPS_corrupt_dsa(); printf("6. DSA key generation and signature validation with corrupted KAT...\n"); } else if (!strcmp(argv[1], "rsa")) { FIPS_corrupt_rsa(); printf("4. RSA key generation and encryption/decryption with corrupted KAT...\n"); } else if (!strcmp(argv[1], "sha1")) { FIPS_corrupt_sha1(); printf("7. SHA-1 hash with corrupted KAT...\n"); } else { printf("Bad argument \"%s\"\n", argv[1]); exit(1); } if (!FIPS_mode_set(1,argv[0])) { ERR_load_crypto_strings(); ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); printf("Power-up self test failed\n"); exit(1); } printf("Power-up self test successful\n"); exit(0); } /* Non-Approved cryptographic operation */ printf("0. Non-Approved cryptographic operation..."); printf("0. Non-Approved cryptographic operation test...\n"); printf("\ta. MD5..."); printf( md5_test() ? "successful\n" : Fail("FAILED!\n") ); printf("\tb. D-H..."); printf( dh_test() ? "successful\n" : Fail("FAILED!\n") ); /* Power-up self test failure */ Loading @@ -196,6 +250,7 @@ int main(int argc,char **argv) /* Power-up self test retry */ ERR_clear_error(); printf("2. Automatic power-up self test retry..."); if (!FIPS_mode_set(1,argv[0])) { Loading Loading @@ -233,9 +288,13 @@ int main(int argc,char **argv) /* Non-Approved cryptographic operation */ printf("8. Non-Approved cryptographic operation..."); printf("8. Non-Approved cryptographic operation test...\n"); printf("\ta. MD5..."); printf( md5_test() ? Fail("passed INCORRECTLY!\n") : "failed as expected\n" ); printf("\tb. D-H..."); printf( dh_test() ? Fail("passed INCORRECTLY!\n") : "failed as expected\n" ); printf("\nAll tests completed with %d errors\n", Error); return 0; Loading
