int FIPS_mode_set(int r) { #ifdef OPENSSL_FIPS return FIPS_module_mode_set(r); #else if (r == 0) return 1; CRYPTOerr(CRYPTO_F_FIPS_MODE_SET, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED); return 0; #endif }
int FIPS_mode_set(int r) { OPENSSL_init(); #ifdef OPENSSL_FIPS #ifndef FIPS_AUTH_USER_PASS #define FIPS_AUTH_USER_PASS "Default FIPS Crypto User Password" #endif if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS)) return 0; if (r) RAND_set_rand_method(FIPS_rand_get_method()); else RAND_set_rand_method(NULL); return 1; #else if (r == 0) return 1; CRYPTOerr(CRYPTO_F_FIPS_MODE_SET, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED); return 0; #endif }
int main(int argc, char **argv) { static char buf[1024]; char **args = argv + 1; const char *sname = "fipstests.sh"; ARGS arg; int xargc; char **xargv; int lineno = 0, badarg = 0; int nerr = 0, quiet = 0, verbose = 0; int rv; FILE *in = NULL; #ifdef FIPS_ALGVS_MEMCHECK CRYPTO_malloc_debug_init(); OPENSSL_init(); CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); #endif #if defined(_TMS320C6400_PLUS) SysInit(); #endif #if (defined(__arm__) || defined(__aarch64__)) if (*args && !strcmp(*args, "-noaccel")) { extern unsigned int OPENSSL_armcap_P; OPENSSL_armcap_P=0; args++; argc--; } #endif if (*args && *args[0] != '-') { rv = run_prg(argc - 1, args); #ifdef FIPS_ALGVS_MEMCHECK CRYPTO_mem_leaks_fp(stderr); #endif return rv; } while (!badarg && *args && *args[0] == '-') { if (!strcmp(*args, "-script")) { if (args[1]) { args++; sname = *args; } else badarg = 1; } else if (!strcmp(*args, "-quiet")) quiet = 1; else if (!strcmp(*args, "-verbose")) verbose = 1; else badarg = 1; args++; } if (badarg) { fprintf(stderr, "Error processing arguments\n"); return 1; } in = fopen(sname, "r"); if (!in) { fprintf(stderr, "Error opening script file \"%s\"\n", sname); return 1; } arg.data = NULL; arg.count = 0; while (fgets(buf, sizeof(buf), in)) { lineno++; if (!chopup_args(&arg, buf, &xargc, &xargv)) fprintf(stderr, "Error processing line %d\n", lineno); else { if (!quiet) { int i; int narg = verbose ? xargc : xargc - 2; printf("Running command line:"); for (i = 0; i < narg; i++) printf(" %s", xargv[i]); printf("\n"); } rv = run_prg(xargc, xargv); if (FIPS_module_mode()) FIPS_module_mode_set(0, NULL); if (rv != 0) nerr++; if (rv == -100) fprintf(stderr, "ERROR: Command not found\n"); else if (rv != 0) fprintf(stderr, "ERROR: returned %d\n", rv); else if (verbose) printf("\tCommand run successfully\n"); } } if (!quiet) printf("Completed with %d errors\n", nerr); if (arg.data) OPENSSL_free(arg.data); fclose(in); #ifdef FIPS_ALGVS_MEMCHECK CRYPTO_mem_leaks_fp(stderr); #endif if (nerr == 0) return 0; return 1; }
int main(int argc,char **argv) { int bad_rsa = 0, bad_dsa = 0; int do_rng_stick = 0; int do_drbg_stick = 0; int no_exit = 0; FIPS_post_set_callback(post_cb); printf("\tFIPS-mode test application\n"); printf("\t%s\n\n", FIPS_module_version_text()); if (argv[1]) { /* Corrupted KAT tests */ if (!strcmp(argv[1], "integrity")) { fail_id = FIPS_TEST_INTEGRITY; } else if (!strcmp(argv[1], "aes")) { fail_id = FIPS_TEST_CIPHER; fail_sub = NID_aes_128_ecb; } else if (!strcmp(argv[1], "aes-ccm")) { fail_id = FIPS_TEST_CCM; } else if (!strcmp(argv[1], "aes-gcm")) { fail_id = FIPS_TEST_GCM; } else if (!strcmp(argv[1], "aes-xts")) { fail_id = FIPS_TEST_XTS; } else if (!strcmp(argv[1], "des")) { fail_id = FIPS_TEST_CIPHER; fail_sub = NID_des_ede3_ecb; } else if (!strcmp(argv[1], "dsa")) { fail_id = FIPS_TEST_SIGNATURE; fail_key = EVP_PKEY_DSA; } else if (!strcmp(argv[1], "ecdsa")) { fail_id = FIPS_TEST_SIGNATURE; fail_key = EVP_PKEY_EC; } else if (!strcmp(argv[1], "rsa")) { fail_id = FIPS_TEST_SIGNATURE; fail_key = EVP_PKEY_RSA; } else if (!strcmp(argv[1], "rsakey")) { printf("RSA key generation and signature validation with corrupted key...\n"); bad_rsa = 1; no_exit = 1; } else if (!strcmp(argv[1], "rsakeygen")) { fail_id = FIPS_TEST_PAIRWISE; fail_key = EVP_PKEY_RSA; no_exit = 1; } else if (!strcmp(argv[1], "dsakey")) { printf("DSA key generation and signature validation with corrupted key...\n"); bad_dsa = 1; no_exit = 1; } else if (!strcmp(argv[1], "dsakeygen")) { fail_id = FIPS_TEST_PAIRWISE; fail_key = EVP_PKEY_DSA; no_exit = 1; } else if (!strcmp(argv[1], "sha1")) { fail_id = FIPS_TEST_DIGEST; } else if (!strcmp(argv[1], "hmac")) { fail_id = FIPS_TEST_HMAC; } else if (!strcmp(argv[1], "cmac")) { fail_id = FIPS_TEST_CMAC; } else if (!strcmp(argv[1], "drbg")) { fail_id = FIPS_TEST_DRBG; } else if (!strcmp(argv[1], "rng")) { fail_id = FIPS_TEST_X931; } else if (!strcmp(argv[1], "post")) { fail_id = -1; } else if (!strcmp(argv[1], "rngstick")) { do_rng_stick = 1; no_exit = 1; printf("RNG test with stuck continuous test...\n"); } else if (!strcmp(argv[1], "drbgentstick")) { do_entropy_stick(); } else if (!strcmp(argv[1], "drbgstick")) { do_drbg_stick = 1; no_exit = 1; printf("DRBG test with stuck continuous test...\n"); } else { printf("Bad argument \"%s\"\n", argv[1]); exit(1); } if (!no_exit) { fips_algtest_init_nofips(); if (!FIPS_module_mode_set(1)) { printf("Power-up self test failed\n"); exit(1); } printf("Power-up self test successful\n"); exit(0); } } fips_algtest_init_nofips(); /* Non-Approved cryptographic operation */ printf("1. Non-Approved cryptographic operation test...\n"); test_msg("\ta. Included algorithm (D-H)...", dh_test()); /* Power-up self test */ ERR_clear_error(); test_msg("2. Automatic power-up self test", FIPS_module_mode_set(1)); if (!FIPS_module_mode()) exit(1); if (do_drbg_stick) FIPS_drbg_stick(); if (do_rng_stick) FIPS_x931_stick(); /* AES encryption/decryption */ test_msg("3a. AES encryption/decryption", FIPS_aes_test()); /* AES GCM encryption/decryption */ test_msg("3b. AES-GCM encryption/decryption", FIPS_aes_gcm_test()); /* RSA key generation and encryption/decryption */ test_msg("4. RSA key generation and encryption/decryption", FIPS_rsa_test(bad_rsa)); /* DES-CBC encryption/decryption */ test_msg("5. DES-ECB encryption/decryption", FIPS_des3_test()); /* DSA key generation and signature validation */ test_msg("6. DSA key generation and signature validation", FIPS_dsa_test(bad_dsa)); /* SHA-1 hash */ test_msg("7a. SHA-1 hash", FIPS_sha1_test()); /* SHA-256 hash */ test_msg("7b. SHA-256 hash", FIPS_sha256_test()); /* SHA-512 hash */ test_msg("7c. SHA-512 hash", FIPS_sha512_test()); /* HMAC-SHA-1 hash */ test_msg("7d. HMAC-SHA-1 hash", FIPS_hmac_sha1_test()); /* HMAC-SHA-224 hash */ test_msg("7e. HMAC-SHA-224 hash", FIPS_hmac_sha224_test()); /* HMAC-SHA-256 hash */ test_msg("7f. HMAC-SHA-256 hash", FIPS_hmac_sha256_test()); /* HMAC-SHA-384 hash */ test_msg("7g. HMAC-SHA-384 hash", FIPS_hmac_sha384_test()); /* HMAC-SHA-512 hash */ test_msg("7h. HMAC-SHA-512 hash", FIPS_hmac_sha512_test()); /* CMAC-AES-128 hash */ test_msg("8a. CMAC-AES-128 hash", FIPS_cmac_aes128_test()); /* CMAC-AES-192 hash */ test_msg("8b. CMAC-AES-192 hash", FIPS_cmac_aes192_test()); /* CMAC-AES-256 hash */ test_msg("8c. CMAC-AES-256 hash", FIPS_cmac_aes256_test()); # if 0 /* Not a FIPS algorithm */ /* CMAC-TDEA-2 hash */ test_msg("8d. CMAC-TDEA-2 hash", FIPS_cmac_tdea2_test()); #endif /* CMAC-TDEA-3 hash */ test_msg("8e. CMAC-TDEA-3 hash", FIPS_cmac_tdea3_test()); /* Non-Approved cryptographic operation */ printf("9. Non-Approved cryptographic operation test...\n"); printf("\ta. Included algorithm (D-H)...%s\n", dh_test() ? "successful as expected" : Fail("failed INCORRECTLY!") ); /* Zeroization */ printf("10. Zero-ization...\n\t%s\n", Zeroize() ? "successful as expected" : Fail("failed INCORRECTLY!") ); printf("\nAll tests completed with %d errors\n", Error); return Error ? 1 : 0; }