int FIPS_mode_set(int r)
{
#ifdef OPENSSL_FIPS
return FIPS_module_mode_set(r);
#else
if (r == 0)
return 1;
CRYPTOerr(CRYPTO_F_FIPS_MODE_SET, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED);
return 0;
#endif
}
int FIPS_mode_set(int r)
{
OPENSSL_init();
#ifdef OPENSSL_FIPS
#ifndef FIPS_AUTH_USER_PASS
#define FIPS_AUTH_USER_PASS "Default FIPS Crypto User Password"
#endif
if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS))
return 0;
if (r)
RAND_set_rand_method(FIPS_rand_get_method());
else
RAND_set_rand_method(NULL);
return 1;
#else
if (r == 0)
return 1;
CRYPTOerr(CRYPTO_F_FIPS_MODE_SET, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED);
return 0;
#endif
}
int main(int argc, char **argv)
{
static char buf[1024];
char **args = argv + 1;
const char *sname = "fipstests.sh";
ARGS arg;
int xargc;
char **xargv;
int lineno = 0, badarg = 0;
int nerr = 0, quiet = 0, verbose = 0;
int rv;
FILE *in = NULL;
#ifdef FIPS_ALGVS_MEMCHECK
CRYPTO_malloc_debug_init();
OPENSSL_init();
CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
#endif
#if defined(_TMS320C6400_PLUS)
SysInit();
#endif
#if (defined(__arm__) || defined(__aarch64__))
if (*args && !strcmp(*args, "-noaccel"))
{
extern unsigned int OPENSSL_armcap_P;
OPENSSL_armcap_P=0;
args++;
argc--;
}
#endif
if (*args && *args[0] != '-')
{
rv = run_prg(argc - 1, args);
#ifdef FIPS_ALGVS_MEMCHECK
CRYPTO_mem_leaks_fp(stderr);
#endif
return rv;
}
while (!badarg && *args && *args[0] == '-')
{
if (!strcmp(*args, "-script"))
{
if (args[1])
{
args++;
sname = *args;
}
else
badarg = 1;
}
else if (!strcmp(*args, "-quiet"))
quiet = 1;
else if (!strcmp(*args, "-verbose"))
verbose = 1;
else
badarg = 1;
args++;
}
if (badarg)
{
fprintf(stderr, "Error processing arguments\n");
return 1;
}
in = fopen(sname, "r");
if (!in)
{
fprintf(stderr, "Error opening script file \"%s\"\n", sname);
return 1;
}
arg.data = NULL;
arg.count = 0;
while (fgets(buf, sizeof(buf), in))
{
lineno++;
if (!chopup_args(&arg, buf, &xargc, &xargv))
fprintf(stderr, "Error processing line %d\n", lineno);
else
{
if (!quiet)
{
int i;
int narg = verbose ? xargc : xargc - 2;
printf("Running command line:");
for (i = 0; i < narg; i++)
printf(" %s", xargv[i]);
printf("\n");
}
rv = run_prg(xargc, xargv);
if (FIPS_module_mode())
FIPS_module_mode_set(0, NULL);
if (rv != 0)
nerr++;
if (rv == -100)
fprintf(stderr, "ERROR: Command not found\n");
else if (rv != 0)
fprintf(stderr, "ERROR: returned %d\n", rv);
else if (verbose)
printf("\tCommand run successfully\n");
}
}
if (!quiet)
printf("Completed with %d errors\n", nerr);
if (arg.data)
OPENSSL_free(arg.data);
fclose(in);
#ifdef FIPS_ALGVS_MEMCHECK
CRYPTO_mem_leaks_fp(stderr);
#endif
if (nerr == 0)
return 0;
return 1;
}
int main(int argc,char **argv)
{
int bad_rsa = 0, bad_dsa = 0;
int do_rng_stick = 0;
int do_drbg_stick = 0;
int no_exit = 0;
FIPS_post_set_callback(post_cb);
printf("\tFIPS-mode test application\n");
printf("\t%s\n\n", FIPS_module_version_text());
if (argv[1]) {
/* Corrupted KAT tests */
if (!strcmp(argv[1], "integrity")) {
fail_id = FIPS_TEST_INTEGRITY;
} else if (!strcmp(argv[1], "aes")) {
fail_id = FIPS_TEST_CIPHER;
fail_sub = NID_aes_128_ecb;
} else if (!strcmp(argv[1], "aes-ccm")) {
fail_id = FIPS_TEST_CCM;
} else if (!strcmp(argv[1], "aes-gcm")) {
fail_id = FIPS_TEST_GCM;
} else if (!strcmp(argv[1], "aes-xts")) {
fail_id = FIPS_TEST_XTS;
} else if (!strcmp(argv[1], "des")) {
fail_id = FIPS_TEST_CIPHER;
fail_sub = NID_des_ede3_ecb;
} else if (!strcmp(argv[1], "dsa")) {
fail_id = FIPS_TEST_SIGNATURE;
fail_key = EVP_PKEY_DSA;
} else if (!strcmp(argv[1], "ecdsa")) {
fail_id = FIPS_TEST_SIGNATURE;
fail_key = EVP_PKEY_EC;
} else if (!strcmp(argv[1], "rsa")) {
fail_id = FIPS_TEST_SIGNATURE;
fail_key = EVP_PKEY_RSA;
} else if (!strcmp(argv[1], "rsakey")) {
printf("RSA key generation and signature validation with corrupted key...\n");
bad_rsa = 1;
no_exit = 1;
} else if (!strcmp(argv[1], "rsakeygen")) {
fail_id = FIPS_TEST_PAIRWISE;
fail_key = EVP_PKEY_RSA;
no_exit = 1;
} else if (!strcmp(argv[1], "dsakey")) {
printf("DSA key generation and signature validation with corrupted key...\n");
bad_dsa = 1;
no_exit = 1;
} else if (!strcmp(argv[1], "dsakeygen")) {
fail_id = FIPS_TEST_PAIRWISE;
fail_key = EVP_PKEY_DSA;
no_exit = 1;
} else if (!strcmp(argv[1], "sha1")) {
fail_id = FIPS_TEST_DIGEST;
} else if (!strcmp(argv[1], "hmac")) {
fail_id = FIPS_TEST_HMAC;
} else if (!strcmp(argv[1], "cmac")) {
fail_id = FIPS_TEST_CMAC;
} else if (!strcmp(argv[1], "drbg")) {
fail_id = FIPS_TEST_DRBG;
} else if (!strcmp(argv[1], "rng")) {
fail_id = FIPS_TEST_X931;
} else if (!strcmp(argv[1], "post")) {
fail_id = -1;
} else if (!strcmp(argv[1], "rngstick")) {
do_rng_stick = 1;
no_exit = 1;
printf("RNG test with stuck continuous test...\n");
} else if (!strcmp(argv[1], "drbgentstick")) {
do_entropy_stick();
} else if (!strcmp(argv[1], "drbgstick")) {
do_drbg_stick = 1;
no_exit = 1;
printf("DRBG test with stuck continuous test...\n");
} else {
printf("Bad argument \"%s\"\n", argv[1]);
exit(1);
}
if (!no_exit) {
fips_algtest_init_nofips();
if (!FIPS_module_mode_set(1)) {
printf("Power-up self test failed\n");
exit(1);
}
printf("Power-up self test successful\n");
exit(0);
}
}
fips_algtest_init_nofips();
/* Non-Approved cryptographic operation
*/
printf("1. Non-Approved cryptographic operation test...\n");
test_msg("\ta. Included algorithm (D-H)...", dh_test());
/* Power-up self test
*/
ERR_clear_error();
test_msg("2. Automatic power-up self test", FIPS_module_mode_set(1));
if (!FIPS_module_mode())
exit(1);
if (do_drbg_stick)
FIPS_drbg_stick();
if (do_rng_stick)
FIPS_x931_stick();
/* AES encryption/decryption
*/
test_msg("3a. AES encryption/decryption", FIPS_aes_test());
/* AES GCM encryption/decryption
*/
test_msg("3b. AES-GCM encryption/decryption", FIPS_aes_gcm_test());
/* RSA key generation and encryption/decryption
*/
test_msg("4. RSA key generation and encryption/decryption",
FIPS_rsa_test(bad_rsa));
/* DES-CBC encryption/decryption
*/
test_msg("5. DES-ECB encryption/decryption", FIPS_des3_test());
/* DSA key generation and signature validation
*/
test_msg("6. DSA key generation and signature validation",
FIPS_dsa_test(bad_dsa));
/* SHA-1 hash
*/
test_msg("7a. SHA-1 hash", FIPS_sha1_test());
/* SHA-256 hash
*/
test_msg("7b. SHA-256 hash", FIPS_sha256_test());
/* SHA-512 hash
*/
test_msg("7c. SHA-512 hash", FIPS_sha512_test());
/* HMAC-SHA-1 hash
*/
test_msg("7d. HMAC-SHA-1 hash", FIPS_hmac_sha1_test());
/* HMAC-SHA-224 hash
*/
test_msg("7e. HMAC-SHA-224 hash", FIPS_hmac_sha224_test());
/* HMAC-SHA-256 hash
*/
test_msg("7f. HMAC-SHA-256 hash", FIPS_hmac_sha256_test());
/* HMAC-SHA-384 hash
*/
test_msg("7g. HMAC-SHA-384 hash", FIPS_hmac_sha384_test());
/* HMAC-SHA-512 hash
*/
test_msg("7h. HMAC-SHA-512 hash", FIPS_hmac_sha512_test());
/* CMAC-AES-128 hash
*/
test_msg("8a. CMAC-AES-128 hash", FIPS_cmac_aes128_test());
/* CMAC-AES-192 hash
*/
test_msg("8b. CMAC-AES-192 hash", FIPS_cmac_aes192_test());
/* CMAC-AES-256 hash
*/
test_msg("8c. CMAC-AES-256 hash", FIPS_cmac_aes256_test());
# if 0 /* Not a FIPS algorithm */
/* CMAC-TDEA-2 hash
*/
test_msg("8d. CMAC-TDEA-2 hash", FIPS_cmac_tdea2_test());
#endif
/* CMAC-TDEA-3 hash
*/
test_msg("8e. CMAC-TDEA-3 hash", FIPS_cmac_tdea3_test());
/* Non-Approved cryptographic operation
*/
printf("9. Non-Approved cryptographic operation test...\n");
printf("\ta. Included algorithm (D-H)...%s\n",
dh_test() ? "successful as expected"
: Fail("failed INCORRECTLY!") );
/* Zeroization
*/
printf("10. Zero-ization...\n\t%s\n",
Zeroize() ? "successful as expected"
: Fail("failed INCORRECTLY!") );
printf("\nAll tests completed with %d errors\n", Error);
return Error ? 1 : 0;
}
