int main(int argc,char **argv) { int bad_rsa = 0, bad_dsa = 0; int do_rng_stick = 0; int do_drbg_stick = 0; int no_exit = 0; FIPS_post_set_callback(post_cb); printf("\tFIPS-mode test application\n"); printf("\t%s\n\n", FIPS_module_version_text()); if (argv[1]) { /* Corrupted KAT tests */ if (!strcmp(argv[1], "integrity")) { fail_id = FIPS_TEST_INTEGRITY; } else if (!strcmp(argv[1], "aes")) { fail_id = FIPS_TEST_CIPHER; fail_sub = NID_aes_128_ecb; } else if (!strcmp(argv[1], "aes-ccm")) { fail_id = FIPS_TEST_CCM; } else if (!strcmp(argv[1], "aes-gcm")) { fail_id = FIPS_TEST_GCM; } else if (!strcmp(argv[1], "aes-xts")) { fail_id = FIPS_TEST_XTS; } else if (!strcmp(argv[1], "des")) { fail_id = FIPS_TEST_CIPHER; fail_sub = NID_des_ede3_ecb; } else if (!strcmp(argv[1], "dsa")) { fail_id = FIPS_TEST_SIGNATURE; fail_key = EVP_PKEY_DSA; } else if (!strcmp(argv[1], "ecdsa")) { fail_id = FIPS_TEST_SIGNATURE; fail_key = EVP_PKEY_EC; } else if (!strcmp(argv[1], "rsa")) { fail_id = FIPS_TEST_SIGNATURE; fail_key = EVP_PKEY_RSA; } else if (!strcmp(argv[1], "rsakey")) { printf("RSA key generation and signature validation with corrupted key...\n"); bad_rsa = 1; no_exit = 1; } else if (!strcmp(argv[1], "rsakeygen")) { fail_id = FIPS_TEST_PAIRWISE; fail_key = EVP_PKEY_RSA; no_exit = 1; } else if (!strcmp(argv[1], "dsakey")) { printf("DSA key generation and signature validation with corrupted key...\n"); bad_dsa = 1; no_exit = 1; } else if (!strcmp(argv[1], "dsakeygen")) { fail_id = FIPS_TEST_PAIRWISE; fail_key = EVP_PKEY_DSA; no_exit = 1; } else if (!strcmp(argv[1], "sha1")) { fail_id = FIPS_TEST_DIGEST; } else if (!strcmp(argv[1], "hmac")) { fail_id = FIPS_TEST_HMAC; } else if (!strcmp(argv[1], "cmac")) { fail_id = FIPS_TEST_CMAC; } else if (!strcmp(argv[1], "drbg")) { fail_id = FIPS_TEST_DRBG; } else if (!strcmp(argv[1], "rng")) { fail_id = FIPS_TEST_X931; } else if (!strcmp(argv[1], "post")) { fail_id = -1; } else if (!strcmp(argv[1], "rngstick")) { do_rng_stick = 1; no_exit = 1; printf("RNG test with stuck continuous test...\n"); } else if (!strcmp(argv[1], "drbgentstick")) { do_entropy_stick(); } else if (!strcmp(argv[1], "drbgstick")) { do_drbg_stick = 1; no_exit = 1; printf("DRBG test with stuck continuous test...\n"); } else { printf("Bad argument \"%s\"\n", argv[1]); exit(1); } if (!no_exit) { fips_algtest_init_nofips(); if (!FIPS_module_mode_set(1)) { printf("Power-up self test failed\n"); exit(1); } printf("Power-up self test successful\n"); exit(0); } } fips_algtest_init_nofips(); /* Non-Approved cryptographic operation */ printf("1. Non-Approved cryptographic operation test...\n"); test_msg("\ta. Included algorithm (D-H)...", dh_test()); /* Power-up self test */ ERR_clear_error(); test_msg("2. Automatic power-up self test", FIPS_module_mode_set(1)); if (!FIPS_module_mode()) exit(1); if (do_drbg_stick) FIPS_drbg_stick(); if (do_rng_stick) FIPS_x931_stick(); /* AES encryption/decryption */ test_msg("3a. AES encryption/decryption", FIPS_aes_test()); /* AES GCM encryption/decryption */ test_msg("3b. AES-GCM encryption/decryption", FIPS_aes_gcm_test()); /* RSA key generation and encryption/decryption */ test_msg("4. RSA key generation and encryption/decryption", FIPS_rsa_test(bad_rsa)); /* DES-CBC encryption/decryption */ test_msg("5. DES-ECB encryption/decryption", FIPS_des3_test()); /* DSA key generation and signature validation */ test_msg("6. DSA key generation and signature validation", FIPS_dsa_test(bad_dsa)); /* SHA-1 hash */ test_msg("7a. SHA-1 hash", FIPS_sha1_test()); /* SHA-256 hash */ test_msg("7b. SHA-256 hash", FIPS_sha256_test()); /* SHA-512 hash */ test_msg("7c. SHA-512 hash", FIPS_sha512_test()); /* HMAC-SHA-1 hash */ test_msg("7d. HMAC-SHA-1 hash", FIPS_hmac_sha1_test()); /* HMAC-SHA-224 hash */ test_msg("7e. HMAC-SHA-224 hash", FIPS_hmac_sha224_test()); /* HMAC-SHA-256 hash */ test_msg("7f. HMAC-SHA-256 hash", FIPS_hmac_sha256_test()); /* HMAC-SHA-384 hash */ test_msg("7g. HMAC-SHA-384 hash", FIPS_hmac_sha384_test()); /* HMAC-SHA-512 hash */ test_msg("7h. HMAC-SHA-512 hash", FIPS_hmac_sha512_test()); /* CMAC-AES-128 hash */ test_msg("8a. CMAC-AES-128 hash", FIPS_cmac_aes128_test()); /* CMAC-AES-192 hash */ test_msg("8b. CMAC-AES-192 hash", FIPS_cmac_aes192_test()); /* CMAC-AES-256 hash */ test_msg("8c. CMAC-AES-256 hash", FIPS_cmac_aes256_test()); # if 0 /* Not a FIPS algorithm */ /* CMAC-TDEA-2 hash */ test_msg("8d. CMAC-TDEA-2 hash", FIPS_cmac_tdea2_test()); #endif /* CMAC-TDEA-3 hash */ test_msg("8e. CMAC-TDEA-3 hash", FIPS_cmac_tdea3_test()); /* Non-Approved cryptographic operation */ printf("9. Non-Approved cryptographic operation test...\n"); printf("\ta. Included algorithm (D-H)...%s\n", dh_test() ? "successful as expected" : Fail("failed INCORRECTLY!") ); /* Zeroization */ printf("10. Zero-ization...\n\t%s\n", Zeroize() ? "successful as expected" : Fail("failed INCORRECTLY!") ); printf("\nAll tests completed with %d errors\n", Error); return Error ? 1 : 0; }
int main(int argc, char **argv) { int do_corrupt_rsa_keygen = 0, do_corrupt_dsa_keygen = 0; int bad_rsa = 0, bad_dsa = 0; int do_rng_stick = 0; int no_exit = 0; printf("\tFIPS-mode test application\n\n"); /* Load entropy from external file, if any */ RAND_load_file(".rnd", 1024); if (argv[1]) { /* Corrupted KAT tests */ if (!strcmp(argv[1], "aes")) { FIPS_corrupt_aes(); printf("AES encryption/decryption with corrupted KAT...\n"); } else if (!strcmp(argv[1], "des")) { FIPS_corrupt_des(); printf("DES3-ECB encryption/decryption with corrupted KAT...\n"); } else if (!strcmp(argv[1], "dsa")) { FIPS_corrupt_dsa(); printf ("DSA key generation and signature validation with corrupted KAT...\n"); } else if (!strcmp(argv[1], "rsa")) { FIPS_corrupt_rsa(); printf ("RSA key generation and signature validation with corrupted KAT...\n"); } else if (!strcmp(argv[1], "rsakey")) { printf ("RSA key generation and signature validation with corrupted key...\n"); bad_rsa = 1; no_exit = 1; } else if (!strcmp(argv[1], "rsakeygen")) { do_corrupt_rsa_keygen = 1; no_exit = 1; printf ("RSA key generation and signature validation with corrupted keygen...\n"); } else if (!strcmp(argv[1], "dsakey")) { printf ("DSA key generation and signature validation with corrupted key...\n"); bad_dsa = 1; no_exit = 1; } else if (!strcmp(argv[1], "dsakeygen")) { do_corrupt_dsa_keygen = 1; no_exit = 1; printf ("DSA key generation and signature validation with corrupted keygen...\n"); } else if (!strcmp(argv[1], "sha1")) { FIPS_corrupt_sha1(); printf("SHA-1 hash with corrupted KAT...\n"); } else if (!strcmp(argv[1], "rng")) { FIPS_corrupt_rng(); } else if (!strcmp(argv[1], "rngstick")) { do_rng_stick = 1; no_exit = 1; printf("RNG test with stuck continuous test...\n"); } else { printf("Bad argument \"%s\"\n", argv[1]); exit(1); } if (!no_exit) { if (!FIPS_mode_set(1)) { do_print_errors(); printf("Power-up self test failed\n"); exit(1); } printf("Power-up self test successful\n"); exit(0); } } /* Non-Approved cryptographic operation */ printf("1. Non-Approved cryptographic operation test...\n"); printf("\ta. Included algorithm (D-H)..."); printf(dh_test()? "successful\n" : Fail("FAILED!\n")); /* Power-up self test */ ERR_clear_error(); printf("2. Automatic power-up self test..."); if (!FIPS_mode_set(1)) { do_print_errors(); printf(Fail("FAILED!\n")); exit(1); } printf("successful\n"); if (do_corrupt_dsa_keygen) FIPS_corrupt_dsa_keygen(); if (do_corrupt_rsa_keygen) FIPS_corrupt_rsa_keygen(); if (do_rng_stick) FIPS_rng_stick(); /* AES encryption/decryption */ printf("3. AES encryption/decryption..."); printf(FIPS_aes_test()? "successful\n" : Fail("FAILED!\n")); /* RSA key generation and encryption/decryption */ printf("4. RSA key generation and encryption/decryption..."); printf(FIPS_rsa_test(bad_rsa) ? "successful\n" : Fail("FAILED!\n")); /* DES-CBC encryption/decryption */ printf("5. DES-ECB encryption/decryption..."); printf(FIPS_des3_test()? "successful\n" : Fail("FAILED!\n")); /* DSA key generation and signature validation */ printf("6. DSA key generation and signature validation..."); printf(FIPS_dsa_test(bad_dsa) ? "successful\n" : Fail("FAILED!\n")); /* SHA-1 hash */ printf("7a. SHA-1 hash..."); printf(FIPS_sha1_test()? "successful\n" : Fail("FAILED!\n")); /* SHA-256 hash */ printf("7b. SHA-256 hash..."); printf(FIPS_sha256_test()? "successful\n" : Fail("FAILED!\n")); /* SHA-512 hash */ printf("7c. SHA-512 hash..."); printf(FIPS_sha512_test()? "successful\n" : Fail("FAILED!\n")); /* HMAC-SHA-1 hash */ printf("7d. HMAC-SHA-1 hash..."); printf(FIPS_hmac_sha1_test()? "successful\n" : Fail("FAILED!\n")); /* HMAC-SHA-224 hash */ printf("7e. HMAC-SHA-224 hash..."); printf(FIPS_hmac_sha224_test()? "successful\n" : Fail("FAILED!\n")); /* HMAC-SHA-256 hash */ printf("7f. HMAC-SHA-256 hash..."); printf(FIPS_hmac_sha256_test()? "successful\n" : Fail("FAILED!\n")); /* HMAC-SHA-384 hash */ printf("7g. HMAC-SHA-384 hash..."); printf(FIPS_hmac_sha384_test()? "successful\n" : Fail("FAILED!\n")); /* HMAC-SHA-512 hash */ printf("7h. HMAC-SHA-512 hash..."); printf(FIPS_hmac_sha512_test()? "successful\n" : Fail("FAILED!\n")); /* Non-Approved cryptographic operation */ printf("8. Non-Approved cryptographic operation test...\n"); printf("\ta. Included algorithm (D-H)..."); printf(dh_test()? "successful as expected\n" : Fail("failed INCORRECTLY!\n")); /* Zeroization */ printf("9. Zero-ization...\n"); printf(Zeroize()? "\tsuccessful as expected\n" : Fail("\tfailed INCORRECTLY!\n")); printf("\nAll tests completed with %d errors\n", Error); return Error ? 1 : 0; }
int main(int argc,char **argv) { printf("\tFIPS-mode test application\n\n"); /* Load entropy from external file, if any */ RAND_load_file(".rnd", 1024); if (argv[1]) { /* Corrupted KAT tests */ if (!strcmp(argv[1], "aes")) { FIPS_corrupt_aes(); printf("AES encryption/decryption with corrupted KAT...\n"); } else if (!strcmp(argv[1], "des")) { FIPS_corrupt_des(); printf("DES-ECB encryption/decryption with corrupted KAT...\n"); } else if (!strcmp(argv[1], "dsa")) { FIPS_corrupt_dsa(); printf("DSA key generation and signature validation with corrupted KAT...\n"); } else if (!strcmp(argv[1], "rsa")) { FIPS_corrupt_rsa(); printf("RSA key generation and encryption/decryption with corrupted KAT...\n"); } else if (!strcmp(argv[1], "sha1")) { FIPS_corrupt_sha1(); printf("SHA-1 hash with corrupted KAT...\n"); } else if (!strcmp(argv[1], "rng")) { FIPS_corrupt_rng(); printf("RNG test with corrupted KAT...\n"); } else { printf("Bad argument \"%s\"\n", argv[1]); exit(1); } if (!FIPS_mode_set(1)) { ERR_load_crypto_strings(); ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); printf("Power-up self test failed\n"); exit(1); } printf("Power-up self test successful\n"); exit(0); } /* Non-Approved cryptographic operation */ printf("1. Non-Approved cryptographic operation test...\n"); printf("\ta. Excluded algorithm (MD5)..."); printf( md5_test() ? "successful\n" : Fail("FAILED!\n") ); printf("\tb. Included algorithm (D-H)..."); printf( dh_test() ? "successful\n" : Fail("FAILED!\n") ); /* Power-up self test */ ERR_clear_error(); printf("2. Automatic power-up self test..."); if (!FIPS_mode_set(1)) { ERR_load_crypto_strings(); ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); printf(Fail("FAILED!\n")); exit(1); } printf("successful\n"); /* AES encryption/decryption */ printf("3. AES encryption/decryption..."); printf( FIPS_aes_test() ? "successful\n" : Fail("FAILED!\n") ); /* RSA key generation and encryption/decryption */ printf("4. RSA key generation and encryption/decryption..."); printf( FIPS_rsa_test() ? "successful\n" : Fail("FAILED!\n") ); /* DES-CBC encryption/decryption */ printf("5. DES-ECB encryption/decryption..."); printf( FIPS_des_test() ? "successful\n" : Fail("FAILED!\n") ); /* DSA key generation and signature validation */ printf("6. DSA key generation and signature validation..."); printf( FIPS_dsa_test() ? "successful\n" : Fail("FAILED!\n") ); /* SHA-1 hash */ printf("7a. SHA-1 hash..."); printf( FIPS_sha1_test() ? "successful\n" : Fail("FAILED!\n") ); /* SHA-256 hash */ printf("7b. SHA-256 hash..."); printf( FIPS_sha256_test() ? "successful\n" : Fail("FAILED!\n") ); /* SHA-512 hash */ printf("7c. SHA-512 hash..."); printf( FIPS_sha512_test() ? "successful\n" : Fail("FAILED!\n") ); /* HMAC-SHA-1 hash */ printf("7d. SHA-1 hash..."); printf( FIPS_hmac_sha1_test() ? "successful\n" : Fail("FAILED!\n") ); /* HMAC-SHA-224 hash */ printf("7e. SHA-224 hash..."); printf( FIPS_hmac_sha224_test() ? "successful\n" : Fail("FAILED!\n") ); /* HMAC-SHA-256 hash */ printf("7f. SHA-256 hash..."); printf( FIPS_hmac_sha256_test() ? "successful\n" : Fail("FAILED!\n") ); /* HMAC-SHA-384 hash */ printf("7g. SHA-384 hash..."); printf( FIPS_hmac_sha384_test() ? "successful\n" : Fail("FAILED!\n") ); /* HMAC-SHA-512 hash */ printf("7h. SHA-512 hash..."); printf( FIPS_hmac_sha512_test() ? "successful\n" : Fail("FAILED!\n") ); /* Non-Approved cryptographic operation */ printf("8. Non-Approved cryptographic operation test...\n"); printf("\ta. Excluded algorithm (MD5)..."); printf( md5_test() ? Fail("passed INCORRECTLY!\n") : "failed as expected\n" ); printf("\tb. Included algorithm (D-H)..."); printf( dh_test() ? "successful as expected\n" : Fail("failed INCORRECTLY!\n") ); /* Zeroization */ printf("9. Zero-ization...\n"); Zeroize(); printf("\nAll tests completed with %d errors\n", Error); return 0; }