Пример #1
0
int main(int argc, char **argv)
{

    int do_corrupt_rsa_keygen = 0, do_corrupt_dsa_keygen = 0;
    int bad_rsa = 0, bad_dsa = 0;
    int do_rng_stick = 0;
    int no_exit = 0;

    printf("\tFIPS-mode test application\n\n");

    /* Load entropy from external file, if any */
    RAND_load_file(".rnd", 1024);

    if (argv[1]) {
        /* Corrupted KAT tests */
        if (!strcmp(argv[1], "aes")) {
            FIPS_corrupt_aes();
            printf("AES encryption/decryption with corrupted KAT...\n");
        } else if (!strcmp(argv[1], "des")) {
            FIPS_corrupt_des();
            printf("DES3-ECB encryption/decryption with corrupted KAT...\n");
        } else if (!strcmp(argv[1], "dsa")) {
            FIPS_corrupt_dsa();
            printf
            ("DSA key generation and signature validation with corrupted KAT...\n");
        } else if (!strcmp(argv[1], "rsa")) {
            FIPS_corrupt_rsa();
            printf
            ("RSA key generation and signature validation with corrupted KAT...\n");
        } else if (!strcmp(argv[1], "rsakey")) {
            printf
            ("RSA key generation and signature validation with corrupted key...\n");
            bad_rsa = 1;
            no_exit = 1;
        } else if (!strcmp(argv[1], "rsakeygen")) {
            do_corrupt_rsa_keygen = 1;
            no_exit = 1;
            printf
            ("RSA key generation and signature validation with corrupted keygen...\n");
        } else if (!strcmp(argv[1], "dsakey")) {
            printf
            ("DSA key generation and signature validation with corrupted key...\n");
            bad_dsa = 1;
            no_exit = 1;
        } else if (!strcmp(argv[1], "dsakeygen")) {
            do_corrupt_dsa_keygen = 1;
            no_exit = 1;
            printf
            ("DSA key generation and signature validation with corrupted keygen...\n");
        } else if (!strcmp(argv[1], "sha1")) {
            FIPS_corrupt_sha1();
            printf("SHA-1 hash with corrupted KAT...\n");
        } else if (!strcmp(argv[1], "rng")) {
            FIPS_corrupt_rng();
        } else if (!strcmp(argv[1], "rngstick")) {
            do_rng_stick = 1;
            no_exit = 1;
            printf("RNG test with stuck continuous test...\n");
        } else {
            printf("Bad argument \"%s\"\n", argv[1]);
            exit(1);
        }
        if (!no_exit) {
            if (!FIPS_mode_set(1)) {
                do_print_errors();
                printf("Power-up self test failed\n");
                exit(1);
            }
            printf("Power-up self test successful\n");
            exit(0);
        }
    }

    /* Non-Approved cryptographic operation
     */
    printf("1. Non-Approved cryptographic operation test...\n");
    printf("\ta. Included algorithm (D-H)...");
    printf(dh_test()? "successful\n" : Fail("FAILED!\n"));

    /* Power-up self test
     */
    ERR_clear_error();
    printf("2. Automatic power-up self test...");
    if (!FIPS_mode_set(1)) {
        do_print_errors();
        printf(Fail("FAILED!\n"));
        exit(1);
    }
    printf("successful\n");
    if (do_corrupt_dsa_keygen)
        FIPS_corrupt_dsa_keygen();
    if (do_corrupt_rsa_keygen)
        FIPS_corrupt_rsa_keygen();
    if (do_rng_stick)
        FIPS_rng_stick();

    /* AES encryption/decryption
     */
    printf("3. AES encryption/decryption...");
    printf(FIPS_aes_test()? "successful\n" : Fail("FAILED!\n"));

    /* RSA key generation and encryption/decryption
     */
    printf("4. RSA key generation and encryption/decryption...");
    printf(FIPS_rsa_test(bad_rsa) ? "successful\n" : Fail("FAILED!\n"));

    /* DES-CBC encryption/decryption
     */
    printf("5. DES-ECB encryption/decryption...");
    printf(FIPS_des3_test()? "successful\n" : Fail("FAILED!\n"));

    /* DSA key generation and signature validation
     */
    printf("6. DSA key generation and signature validation...");
    printf(FIPS_dsa_test(bad_dsa) ? "successful\n" : Fail("FAILED!\n"));

    /* SHA-1 hash
     */
    printf("7a. SHA-1 hash...");
    printf(FIPS_sha1_test()? "successful\n" : Fail("FAILED!\n"));

    /* SHA-256 hash
     */
    printf("7b. SHA-256 hash...");
    printf(FIPS_sha256_test()? "successful\n" : Fail("FAILED!\n"));

    /* SHA-512 hash
     */
    printf("7c. SHA-512 hash...");
    printf(FIPS_sha512_test()? "successful\n" : Fail("FAILED!\n"));

    /* HMAC-SHA-1 hash
     */
    printf("7d. HMAC-SHA-1 hash...");
    printf(FIPS_hmac_sha1_test()? "successful\n" : Fail("FAILED!\n"));

    /* HMAC-SHA-224 hash
     */
    printf("7e. HMAC-SHA-224 hash...");
    printf(FIPS_hmac_sha224_test()? "successful\n" : Fail("FAILED!\n"));

    /* HMAC-SHA-256 hash
     */
    printf("7f. HMAC-SHA-256 hash...");
    printf(FIPS_hmac_sha256_test()? "successful\n" : Fail("FAILED!\n"));

    /* HMAC-SHA-384 hash
     */
    printf("7g. HMAC-SHA-384 hash...");
    printf(FIPS_hmac_sha384_test()? "successful\n" : Fail("FAILED!\n"));

    /* HMAC-SHA-512 hash
     */
    printf("7h. HMAC-SHA-512 hash...");
    printf(FIPS_hmac_sha512_test()? "successful\n" : Fail("FAILED!\n"));

    /* Non-Approved cryptographic operation
     */
    printf("8. Non-Approved cryptographic operation test...\n");
    printf("\ta. Included algorithm (D-H)...");
    printf(dh_test()? "successful as expected\n"
           : Fail("failed INCORRECTLY!\n"));

    /* Zeroization
     */
    printf("9. Zero-ization...\n");
    printf(Zeroize()? "\tsuccessful as expected\n"
           : Fail("\tfailed INCORRECTLY!\n"));

    printf("\nAll tests completed with %d errors\n", Error);
    return Error ? 1 : 0;
}
Пример #2
0
int main(int argc,char **argv)
{
    int bad_rsa = 0, bad_dsa = 0;
    int do_rng_stick = 0;
    int do_drbg_stick = 0;
    int no_exit = 0;


    FIPS_post_set_callback(post_cb);

    printf("\tFIPS-mode test application\n");

    printf("\t%s\n\n", FIPS_module_version_text());

    if (argv[1]) {
        /* Corrupted KAT tests */
        if (!strcmp(argv[1], "integrity")) {
            fail_id = FIPS_TEST_INTEGRITY;
        } else if (!strcmp(argv[1], "aes")) {
            fail_id = FIPS_TEST_CIPHER;
            fail_sub = NID_aes_128_ecb;
        } else if (!strcmp(argv[1], "aes-ccm")) {
            fail_id = FIPS_TEST_CCM;
        } else if (!strcmp(argv[1], "aes-gcm")) {
            fail_id = FIPS_TEST_GCM;
        } else if (!strcmp(argv[1], "aes-xts")) {
            fail_id = FIPS_TEST_XTS;
        } else if (!strcmp(argv[1], "des")) {
            fail_id = FIPS_TEST_CIPHER;
            fail_sub = NID_des_ede3_ecb;
        } else if (!strcmp(argv[1], "dsa")) {
            fail_id = FIPS_TEST_SIGNATURE;
            fail_key = EVP_PKEY_DSA;
        } else if (!strcmp(argv[1], "ecdsa")) {
            fail_id = FIPS_TEST_SIGNATURE;
            fail_key = EVP_PKEY_EC;
        } else if (!strcmp(argv[1], "rsa")) {
            fail_id = FIPS_TEST_SIGNATURE;
            fail_key = EVP_PKEY_RSA;
        } else if (!strcmp(argv[1], "rsakey")) {
            printf("RSA key generation and signature validation with corrupted key...\n");
            bad_rsa = 1;
            no_exit = 1;
        } else if (!strcmp(argv[1], "rsakeygen")) {
            fail_id = FIPS_TEST_PAIRWISE;
            fail_key = EVP_PKEY_RSA;
            no_exit = 1;
        } else if (!strcmp(argv[1], "dsakey")) {
            printf("DSA key generation and signature validation with corrupted key...\n");
            bad_dsa = 1;
            no_exit = 1;
        } else if (!strcmp(argv[1], "dsakeygen")) {
            fail_id = FIPS_TEST_PAIRWISE;
            fail_key = EVP_PKEY_DSA;
            no_exit = 1;
        } else if (!strcmp(argv[1], "sha1")) {
            fail_id = FIPS_TEST_DIGEST;
        } else if (!strcmp(argv[1], "hmac")) {
            fail_id = FIPS_TEST_HMAC;
        } else if (!strcmp(argv[1], "cmac")) {
            fail_id = FIPS_TEST_CMAC;
        } else if (!strcmp(argv[1], "drbg")) {
            fail_id = FIPS_TEST_DRBG;
        } else if (!strcmp(argv[1], "rng")) {
            fail_id = FIPS_TEST_X931;
        } else if (!strcmp(argv[1], "post")) {
            fail_id = -1;
        } else if (!strcmp(argv[1], "rngstick")) {
            do_rng_stick = 1;
            no_exit = 1;
            printf("RNG test with stuck continuous test...\n");
        } else if (!strcmp(argv[1], "drbgentstick")) {
            do_entropy_stick();
        } else if (!strcmp(argv[1], "drbgstick")) {
            do_drbg_stick = 1;
            no_exit = 1;
            printf("DRBG test with stuck continuous test...\n");
        } else {
            printf("Bad argument \"%s\"\n", argv[1]);
            exit(1);
        }
        if (!no_exit) {
            fips_algtest_init_nofips();
            if (!FIPS_module_mode_set(1)) {
                printf("Power-up self test failed\n");
                exit(1);
            }
            printf("Power-up self test successful\n");
            exit(0);
        }
    }

    fips_algtest_init_nofips();

    /* Non-Approved cryptographic operation
    */
    printf("1. Non-Approved cryptographic operation test...\n");
    test_msg("\ta. Included algorithm (D-H)...", dh_test());

    /* Power-up self test
    */
    ERR_clear_error();
    test_msg("2. Automatic power-up self test", FIPS_module_mode_set(1));
    if (!FIPS_module_mode())
        exit(1);
    if (do_drbg_stick)
        FIPS_drbg_stick();
    if (do_rng_stick)
        FIPS_x931_stick();

    /* AES encryption/decryption
    */
    test_msg("3a. AES encryption/decryption", FIPS_aes_test());
    /* AES GCM encryption/decryption
    */
    test_msg("3b. AES-GCM encryption/decryption", FIPS_aes_gcm_test());

    /* RSA key generation and encryption/decryption
    */
    test_msg("4. RSA key generation and encryption/decryption",
             FIPS_rsa_test(bad_rsa));

    /* DES-CBC encryption/decryption
    */
    test_msg("5. DES-ECB encryption/decryption", FIPS_des3_test());

    /* DSA key generation and signature validation
    */
    test_msg("6. DSA key generation and signature validation",
             FIPS_dsa_test(bad_dsa));

    /* SHA-1 hash
    */
    test_msg("7a. SHA-1 hash", FIPS_sha1_test());

    /* SHA-256 hash
    */
    test_msg("7b. SHA-256 hash", FIPS_sha256_test());

    /* SHA-512 hash
    */
    test_msg("7c. SHA-512 hash", FIPS_sha512_test());

    /* HMAC-SHA-1 hash
    */
    test_msg("7d. HMAC-SHA-1 hash", FIPS_hmac_sha1_test());

    /* HMAC-SHA-224 hash
    */
    test_msg("7e. HMAC-SHA-224 hash", FIPS_hmac_sha224_test());

    /* HMAC-SHA-256 hash
    */
    test_msg("7f. HMAC-SHA-256 hash", FIPS_hmac_sha256_test());

    /* HMAC-SHA-384 hash
    */
    test_msg("7g. HMAC-SHA-384 hash", FIPS_hmac_sha384_test());

    /* HMAC-SHA-512 hash
    */
    test_msg("7h. HMAC-SHA-512 hash", FIPS_hmac_sha512_test());

    /* CMAC-AES-128 hash
    */
    test_msg("8a. CMAC-AES-128 hash", FIPS_cmac_aes128_test());

    /* CMAC-AES-192 hash
    */
    test_msg("8b. CMAC-AES-192 hash", FIPS_cmac_aes192_test());

    /* CMAC-AES-256 hash
    */
    test_msg("8c. CMAC-AES-256 hash", FIPS_cmac_aes256_test());

# if 0				/* Not a FIPS algorithm */
    /* CMAC-TDEA-2 hash
    */
    test_msg("8d. CMAC-TDEA-2 hash", FIPS_cmac_tdea2_test());
#endif

    /* CMAC-TDEA-3 hash
    */
    test_msg("8e. CMAC-TDEA-3 hash", FIPS_cmac_tdea3_test());

    /* Non-Approved cryptographic operation
    */
    printf("9. Non-Approved cryptographic operation test...\n");
    printf("\ta. Included algorithm (D-H)...%s\n",
           dh_test() ? "successful as expected"
           : Fail("failed INCORRECTLY!") );

    /* Zeroization
    */
    printf("10. Zero-ization...\n\t%s\n",
           Zeroize() ? "successful as expected"
           : Fail("failed INCORRECTLY!") );

    printf("\nAll tests completed with %d errors\n", Error);
    return Error ? 1 : 0;
}