int main(int argc, char **argv)
{
if (argc != 2) {
fprintf(stderr, "%s [mct|vst]\n", argv[0]);
exit(1);
}
if (!FIPS_mode_set(1)) {
do_print_errors();
exit(1);
}
FIPS_rand_reset();
if (!FIPS_rand_test_mode()) {
fprintf(stderr, "Error setting PRNG test mode\n");
do_print_errors();
exit(1);
}
if (!strcmp(argv[1], "mct"))
mct();
else if (!strcmp(argv[1], "vst"))
vst();
else {
fprintf(stderr, "Don't know how to %s.\n", argv[1]);
exit(1);
}
return 0;
}
int main(int argc, char **argv)
{
FILE *in = NULL, *out = NULL;
int ret = 1;
if(!FIPS_mode_set(1))
{
do_print_errors();
goto end;
}
if (argc == 1)
in = stdin;
else
in = fopen(argv[1], "r");
if (argc < 2)
out = stdout;
else
out = fopen(argv[2], "w");
if (!in)
{
fprintf(stderr, "FATAL input initialization error\n");
goto end;
}
if (!out)
{
fprintf(stderr, "FATAL output initialization error\n");
goto end;
}
if (!hmac_test(EVP_sha1(), out, in))
{
fprintf(stderr, "FATAL hmac file processing error\n");
goto end;
}
else
ret = 0;
end:
if (ret)
do_print_errors();
if (in && (in != stdin))
fclose(in);
if (out && (out != stdout))
fclose(out);
return ret;
}
int main(int argc, char **argv)
{
if (argc != 2) {
fprintf(stderr, "%s [prime|pqg|pqgver|keypair|siggen|sigver]\n",
argv[0]);
exit(1);
}
if (!FIPS_mode_set(1)) {
do_print_errors();
exit(1);
}
if (!strcmp(argv[1], "prime"))
primes();
else if (!strcmp(argv[1], "pqg"))
pqg();
else if (!strcmp(argv[1], "pqgver"))
pqgver();
else if (!strcmp(argv[1], "keypair"))
keypair();
else if (!strcmp(argv[1], "keyver"))
keyver();
else if (!strcmp(argv[1], "siggen"))
siggen();
else if (!strcmp(argv[1], "sigver"))
sigver();
else {
fprintf(stderr, "Don't know how to %s.\n", argv[1]);
exit(1);
}
return 0;
}
static void keypair()
{
char buf[1024];
char lbuf[1024];
char *keyword, *value;
int nmod = 0;
while (fgets(buf, sizeof buf, stdin) != NULL) {
if (!parse_line(&keyword, &value, lbuf, buf)) {
fputs(buf, stdout);
continue;
}
if (!strcmp(keyword, "[mod"))
nmod = atoi(value);
else if (!strcmp(keyword, "N")) {
DSA *dsa;
int n = atoi(value);
printf("[mod = %d]\n\n", nmod);
dsa = FIPS_dsa_new();
if (!DSA_generate_parameters_ex
(dsa, nmod, NULL, 0, NULL, NULL, NULL)) {
do_print_errors();
exit(1);
}
pbn("P", dsa->p);
pbn("Q", dsa->q);
pbn("G", dsa->g);
putc('\n', stdout);
while (n--) {
if (!DSA_generate_key(dsa)) {
do_print_errors();
exit(1);
}
pbn("X", dsa->priv_key);
pbn("Y", dsa->pub_key);
putc('\n', stdout);
}
}
}
}
static void pqg()
{
char buf[1024];
char lbuf[1024];
char *keyword, *value;
int nmod = 0;
while (fgets(buf, sizeof buf, stdin) != NULL) {
if (!parse_line(&keyword, &value, lbuf, buf)) {
fputs(buf, stdout);
continue;
}
if (!strcmp(keyword, "[mod"))
nmod = atoi(value);
else if (!strcmp(keyword, "N")) {
int n = atoi(value);
printf("[mod = %d]\n\n", nmod);
while (n--) {
unsigned char seed[20];
DSA *dsa;
int counter;
unsigned long h;
dsa = FIPS_dsa_new();
if (!DSA_generate_parameters_ex
(dsa, nmod, seed, 0, &counter, &h, NULL)) {
do_print_errors();
exit(1);
}
pbn("P", dsa->p);
pbn("Q", dsa->q);
pbn("G", dsa->g);
pv("Seed", seed, 20);
printf("c = %d\n", counter);
printf("H = %lx\n", h);
putc('\n', stdout);
}
} else
fputs(buf, stdout);
}
}
static void siggen()
{
char buf[1024];
char lbuf[1024];
char *keyword, *value;
int nmod = 0;
DSA *dsa = NULL;
while (fgets(buf, sizeof buf, stdin) != NULL) {
if (!parse_line(&keyword, &value, lbuf, buf)) {
fputs(buf, stdout);
continue;
}
if (!strcmp(keyword, "[mod")) {
nmod = atoi(value);
printf("[mod = %d]\n\n", nmod);
if (dsa)
FIPS_dsa_free(dsa);
dsa = FIPS_dsa_new();
if (!DSA_generate_parameters_ex
(dsa, nmod, NULL, 0, NULL, NULL, NULL)) {
do_print_errors();
exit(1);
}
pbn("P", dsa->p);
pbn("Q", dsa->q);
pbn("G", dsa->g);
putc('\n', stdout);
} else if (!strcmp(keyword, "Msg")) {
unsigned char msg[1024];
unsigned char sbuf[60];
unsigned int slen;
int n;
EVP_PKEY pk;
EVP_MD_CTX mctx;
DSA_SIG *sig;
EVP_MD_CTX_init(&mctx);
n = hex2bin(value, msg);
pv("Msg", msg, n);
if (!DSA_generate_key(dsa)) {
do_print_errors();
exit(1);
}
pk.type = EVP_PKEY_DSA;
pk.pkey.dsa = dsa;
pbn("Y", dsa->pub_key);
EVP_SignInit_ex(&mctx, EVP_dss1(), NULL);
EVP_SignUpdate(&mctx, msg, n);
EVP_SignFinal(&mctx, sbuf, &slen, &pk);
sig = DSA_SIG_new();
FIPS_dsa_sig_decode(sig, sbuf, slen);
pbn("R", sig->r);
pbn("S", sig->s);
putc('\n', stdout);
DSA_SIG_free(sig);
EVP_MD_CTX_cleanup(&mctx);
}
}
if (dsa)
FIPS_dsa_free(dsa);
}
static void pqgver()
{
char buf[1024];
char lbuf[1024];
char *keyword, *value;
BIGNUM *p = NULL, *q = NULL, *g = NULL;
int counter, counter2;
unsigned long h, h2;
DSA *dsa = NULL;
int nmod = 0;
unsigned char seed[1024];
while (fgets(buf, sizeof buf, stdin) != NULL) {
if (!parse_line(&keyword, &value, lbuf, buf)) {
fputs(buf, stdout);
continue;
}
fputs(buf, stdout);
if (!strcmp(keyword, "[mod"))
nmod = atoi(value);
else if (!strcmp(keyword, "P"))
p = hex2bn(value);
else if (!strcmp(keyword, "Q"))
q = hex2bn(value);
else if (!strcmp(keyword, "G"))
g = hex2bn(value);
else if (!strcmp(keyword, "Seed")) {
int slen = hex2bin(value, seed);
if (slen != 20) {
fprintf(stderr, "Seed parse length error\n");
exit(1);
}
} else if (!strcmp(keyword, "c"))
counter = atoi(buf + 4);
else if (!strcmp(keyword, "H")) {
h = atoi(value);
if (!p || !q || !g) {
fprintf(stderr, "Parse Error\n");
exit(1);
}
dsa = FIPS_dsa_new();
if (!DSA_generate_parameters_ex
(dsa, nmod, seed, 20, &counter2, &h2, NULL)) {
do_print_errors();
exit(1);
}
if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) || BN_cmp(dsa->g, g)
|| (counter != counter2) || (h != h2))
printf("Result = F\n");
else
printf("Result = P\n");
BN_free(p);
BN_free(q);
BN_free(g);
p = NULL;
q = NULL;
g = NULL;
FIPS_dsa_free(dsa);
dsa = NULL;
}
}
}
int main(int argc, char **argv)
{
int do_corrupt_rsa_keygen = 0, do_corrupt_dsa_keygen = 0;
int bad_rsa = 0, bad_dsa = 0;
int do_rng_stick = 0;
int no_exit = 0;
printf("\tFIPS-mode test application\n\n");
/* Load entropy from external file, if any */
RAND_load_file(".rnd", 1024);
if (argv[1]) {
/* Corrupted KAT tests */
if (!strcmp(argv[1], "aes")) {
FIPS_corrupt_aes();
printf("AES encryption/decryption with corrupted KAT...\n");
} else if (!strcmp(argv[1], "des")) {
FIPS_corrupt_des();
printf("DES3-ECB encryption/decryption with corrupted KAT...\n");
} else if (!strcmp(argv[1], "dsa")) {
FIPS_corrupt_dsa();
printf
("DSA key generation and signature validation with corrupted KAT...\n");
} else if (!strcmp(argv[1], "rsa")) {
FIPS_corrupt_rsa();
printf
("RSA key generation and signature validation with corrupted KAT...\n");
} else if (!strcmp(argv[1], "rsakey")) {
printf
("RSA key generation and signature validation with corrupted key...\n");
bad_rsa = 1;
no_exit = 1;
} else if (!strcmp(argv[1], "rsakeygen")) {
do_corrupt_rsa_keygen = 1;
no_exit = 1;
printf
("RSA key generation and signature validation with corrupted keygen...\n");
} else if (!strcmp(argv[1], "dsakey")) {
printf
("DSA key generation and signature validation with corrupted key...\n");
bad_dsa = 1;
no_exit = 1;
} else if (!strcmp(argv[1], "dsakeygen")) {
do_corrupt_dsa_keygen = 1;
no_exit = 1;
printf
("DSA key generation and signature validation with corrupted keygen...\n");
} else if (!strcmp(argv[1], "sha1")) {
FIPS_corrupt_sha1();
printf("SHA-1 hash with corrupted KAT...\n");
} else if (!strcmp(argv[1], "rng")) {
FIPS_corrupt_rng();
} else if (!strcmp(argv[1], "rngstick")) {
do_rng_stick = 1;
no_exit = 1;
printf("RNG test with stuck continuous test...\n");
} else {
printf("Bad argument \"%s\"\n", argv[1]);
exit(1);
}
if (!no_exit) {
if (!FIPS_mode_set(1)) {
do_print_errors();
printf("Power-up self test failed\n");
exit(1);
}
printf("Power-up self test successful\n");
exit(0);
}
}
/* Non-Approved cryptographic operation
*/
printf("1. Non-Approved cryptographic operation test...\n");
printf("\ta. Included algorithm (D-H)...");
printf(dh_test()? "successful\n" : Fail("FAILED!\n"));
/* Power-up self test
*/
ERR_clear_error();
printf("2. Automatic power-up self test...");
if (!FIPS_mode_set(1)) {
do_print_errors();
printf(Fail("FAILED!\n"));
exit(1);
}
printf("successful\n");
if (do_corrupt_dsa_keygen)
FIPS_corrupt_dsa_keygen();
if (do_corrupt_rsa_keygen)
FIPS_corrupt_rsa_keygen();
if (do_rng_stick)
FIPS_rng_stick();
/* AES encryption/decryption
*/
printf("3. AES encryption/decryption...");
printf(FIPS_aes_test()? "successful\n" : Fail("FAILED!\n"));
/* RSA key generation and encryption/decryption
*/
printf("4. RSA key generation and encryption/decryption...");
printf(FIPS_rsa_test(bad_rsa) ? "successful\n" : Fail("FAILED!\n"));
/* DES-CBC encryption/decryption
*/
printf("5. DES-ECB encryption/decryption...");
printf(FIPS_des3_test()? "successful\n" : Fail("FAILED!\n"));
/* DSA key generation and signature validation
*/
printf("6. DSA key generation and signature validation...");
printf(FIPS_dsa_test(bad_dsa) ? "successful\n" : Fail("FAILED!\n"));
/* SHA-1 hash
*/
printf("7a. SHA-1 hash...");
printf(FIPS_sha1_test()? "successful\n" : Fail("FAILED!\n"));
/* SHA-256 hash
*/
printf("7b. SHA-256 hash...");
printf(FIPS_sha256_test()? "successful\n" : Fail("FAILED!\n"));
/* SHA-512 hash
*/
printf("7c. SHA-512 hash...");
printf(FIPS_sha512_test()? "successful\n" : Fail("FAILED!\n"));
/* HMAC-SHA-1 hash
*/
printf("7d. HMAC-SHA-1 hash...");
printf(FIPS_hmac_sha1_test()? "successful\n" : Fail("FAILED!\n"));
/* HMAC-SHA-224 hash
*/
printf("7e. HMAC-SHA-224 hash...");
printf(FIPS_hmac_sha224_test()? "successful\n" : Fail("FAILED!\n"));
/* HMAC-SHA-256 hash
*/
printf("7f. HMAC-SHA-256 hash...");
printf(FIPS_hmac_sha256_test()? "successful\n" : Fail("FAILED!\n"));
/* HMAC-SHA-384 hash
*/
printf("7g. HMAC-SHA-384 hash...");
printf(FIPS_hmac_sha384_test()? "successful\n" : Fail("FAILED!\n"));
/* HMAC-SHA-512 hash
*/
printf("7h. HMAC-SHA-512 hash...");
printf(FIPS_hmac_sha512_test()? "successful\n" : Fail("FAILED!\n"));
/* Non-Approved cryptographic operation
*/
printf("8. Non-Approved cryptographic operation test...\n");
printf("\ta. Included algorithm (D-H)...");
printf(dh_test()? "successful as expected\n"
: Fail("failed INCORRECTLY!\n"));
/* Zeroization
*/
printf("9. Zero-ization...\n");
printf(Zeroize()? "\tsuccessful as expected\n"
: Fail("\tfailed INCORRECTLY!\n"));
printf("\nAll tests completed with %d errors\n", Error);
return Error ? 1 : 0;
}
const char *Fail(const char *msg)
{
do_print_errors();
Error++;
return msg;
}
int main(int argc, char **argv)
{
DSA *dsa=NULL;
EVP_PKEY pk;
int counter,ret=0,i,j;
unsigned int slen;
unsigned char buf[256];
unsigned long h;
BN_GENCB cb;
EVP_MD_CTX mctx;
BN_GENCB_set(&cb, dsa_cb, stderr);
EVP_MD_CTX_init(&mctx);
if(!FIPS_mode_set(1))
{
do_print_errors();
EXIT(1);
}
fprintf(stderr,"test generation of DSA parameters\n");
dsa = FIPS_dsa_new();
DSA_generate_parameters_ex(dsa, 1024,seed,20,&counter,&h,&cb);
fprintf(stderr,"seed\n");
for (i=0; i<20; i+=4)
{
fprintf(stderr,"%02X%02X%02X%02X ",
seed[i],seed[i+1],seed[i+2],seed[i+3]);
}
fprintf(stderr,"\ncounter=%d h=%ld\n",counter,h);
if (dsa == NULL) goto end;
if (counter != 16)
{
fprintf(stderr,"counter should be 105\n");
goto end;
}
if (h != 2)
{
fprintf(stderr,"h should be 2\n");
goto end;
}
i=BN_bn2bin(dsa->q,buf);
j=sizeof(out_q);
if ((i != j) || (memcmp(buf,out_q,i) != 0))
{
fprintf(stderr,"q value is wrong\n");
goto end;
}
i=BN_bn2bin(dsa->p,buf);
j=sizeof(out_p);
if ((i != j) || (memcmp(buf,out_p,i) != 0))
{
fprintf(stderr,"p value is wrong\n");
goto end;
}
i=BN_bn2bin(dsa->g,buf);
j=sizeof(out_g);
if ((i != j) || (memcmp(buf,out_g,i) != 0))
{
fprintf(stderr,"g value is wrong\n");
goto end;
}
DSA_generate_key(dsa);
pk.type = EVP_PKEY_DSA;
pk.pkey.dsa = dsa;
if (!EVP_SignInit_ex(&mctx, EVP_dss1(), NULL))
goto end;
if (!EVP_SignUpdate(&mctx, str1, 20))
goto end;
if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
goto end;
if (!EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL))
goto end;
if (!EVP_VerifyUpdate(&mctx, str1, 20))
goto end;
if (EVP_VerifyFinal(&mctx, buf, slen, &pk) != 1)
goto end;
ret = 1;
end:
if (!ret)
do_print_errors();
if (dsa != NULL) FIPS_dsa_free(dsa);
EVP_MD_CTX_cleanup(&mctx);
#if 0
CRYPTO_mem_leaks(bio_err);
#endif
EXIT(!ret);
return(!ret);
}
