int fips_check_rsa(RSA *rsa)
{
const unsigned char tbs[] = "RSA Pairwise Check Data";
unsigned char *ctbuf = NULL, *ptbuf = NULL;
int len, ret = 0;
EVP_PKEY pk;
pk.type = EVP_PKEY_RSA;
pk.pkey.rsa = rsa;
/* Perform pairwise consistency signature test */
if (!fips_pkey_signature_test(FIPS_TEST_PAIRWISE, &pk, tbs, 0,
NULL, 0, NULL, RSA_PKCS1_PADDING, NULL)
|| !fips_pkey_signature_test(FIPS_TEST_PAIRWISE, &pk, tbs, 0,
NULL, 0, NULL, RSA_X931_PADDING, NULL)
|| !fips_pkey_signature_test(FIPS_TEST_PAIRWISE, &pk, tbs, 0,
NULL, 0, NULL, RSA_PKCS1_PSS_PADDING, NULL))
goto err;
/* Now perform pairwise consistency encrypt/decrypt test */
ctbuf = OPENSSL_malloc(RSA_size(rsa));
if (!ctbuf)
goto err;
len = RSA_public_encrypt(sizeof(tbs) - 1, tbs, ctbuf, rsa, RSA_PKCS1_PADDING);
if (len <= 0)
goto err;
/* Check ciphertext doesn't match plaintext */
if ((len == (sizeof(tbs) - 1)) && !memcmp(tbs, ctbuf, len))
goto err;
ptbuf = OPENSSL_malloc(RSA_size(rsa));
if (!ptbuf)
goto err;
len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING);
if (len != (sizeof(tbs) - 1))
goto err;
if (memcmp(ptbuf, tbs, len))
goto err;
ret = 1;
if (!ptbuf)
goto err;
err:
if (ret == 0)
{
fips_set_selftest_fail();
FIPSerr(FIPS_F_FIPS_CHECK_RSA,FIPS_R_PAIRWISE_TEST_FAILED);
}
if (ctbuf)
OPENSSL_free(ctbuf);
if (ptbuf)
OPENSSL_free(ptbuf);
return ret;
}
int FIPS_selftest_dsa()
{
DSA *dsa=NULL;
EVP_PKEY pk;
int ret = 0;
dsa = FIPS_dsa_new();
if(dsa == NULL)
goto err;
fips_load_key_component(dsa, p, dsa_test_2048);
fips_load_key_component(dsa, q, dsa_test_2048);
fips_load_key_component(dsa, g, dsa_test_2048);
fips_load_key_component(dsa, pub_key, dsa_test_2048);
fips_load_key_component(dsa, priv_key, dsa_test_2048);
pk.type = EVP_PKEY_DSA;
pk.pkey.dsa = dsa;
if (!fips_pkey_signature_test(FIPS_TEST_SIGNATURE, &pk, NULL, 0,
NULL, 0, EVP_sha384(), 0,
"DSA SHA384"))
goto err;
ret = 1;
err:
if (dsa)
FIPS_dsa_free(dsa);
return ret;
}
int FIPS_selftest_ecdsa()
{
EC_KEY *ec = NULL;
BIGNUM *x = NULL, *y = NULL, *d = NULL;
EVP_PKEY pk;
int rv = 0;
size_t i;
for (i = 0; i < sizeof(test_ec_data)/sizeof(EC_SELFTEST_DATA); i++)
{
EC_SELFTEST_DATA *ecd = test_ec_data + i;
x = BN_bin2bn(ecd->x, ecd->xlen, x);
y = BN_bin2bn(ecd->y, ecd->ylen, y);
d = BN_bin2bn(ecd->d, ecd->dlen, d);
if (!x || !y || !d)
goto err;
ec = EC_KEY_new_by_curve_name(ecd->curve);
if (!ec)
goto err;
if (!EC_KEY_set_public_key_affine_coordinates(ec, x, y))
goto err;
if (!EC_KEY_set_private_key(ec, d))
goto err;
pk.type = EVP_PKEY_EC;
pk.pkey.ec = ec;
if (!fips_pkey_signature_test(FIPS_TEST_SIGNATURE, &pk, NULL, 0,
NULL, 0, EVP_sha512(), 0,
ecd->name))
goto err;
EC_KEY_free(ec);
ec = NULL;
}
rv = 1;
err:
if (x)
BN_clear_free(x);
if (y)
BN_clear_free(y);
if (d)
BN_clear_free(d);
if (ec)
EC_KEY_free(ec);
return rv;
}
static int fips_check_dsa(DSA *dsa)
{
EVP_PKEY pk;
unsigned char tbs[] = "DSA Pairwise Check Data";
pk.type = EVP_PKEY_DSA;
pk.pkey.dsa = dsa;
if (!fips_pkey_signature_test(&pk, tbs, -1, NULL, 0, EVP_dss1(), 0, NULL)) {
FIPSerr(FIPS_F_FIPS_CHECK_DSA, FIPS_R_PAIRWISE_TEST_FAILED);
fips_set_selftest_fail();
return 0;
}
return 1;
}
static int fips_check_ec(EC_KEY *key)
{
EVP_PKEY pk;
unsigned char tbs[] = "ECDSA Pairwise Check Data";
pk.type = EVP_PKEY_EC;
pk.pkey.ec = key;
if (!fips_pkey_signature_test(FIPS_TEST_PAIRWISE,
&pk, tbs, 0, NULL, 0, NULL, 0, NULL))
{
FIPSerr(FIPS_F_FIPS_CHECK_EC,FIPS_R_PAIRWISE_TEST_FAILED);
fips_set_selftest_fail();
return 0;
}
return 1;
}
int FIPS_selftest_sha1()
{
int rv = 1;
size_t i;
for(i=0 ; i <sizeof(test)/sizeof(test[0]) ; i++)
{
if (!fips_pkey_signature_test(FIPS_TEST_DIGEST, NULL,
test[i], 0,
ret[i], 20,
EVP_sha1(), 0,
"SHA1 Digest"))
rv = 0;
}
return rv;
}
int FIPS_selftest_rsa()
{
int ret = 0;
RSA *key = NULL;
EVP_PKEY pk;
key=FIPS_rsa_new();
setrsakey(key);
pk.type = EVP_PKEY_RSA;
pk.pkey.rsa = key;
if (!fips_pkey_signature_test(FIPS_TEST_SIGNATURE,
&pk, kat_tbs, sizeof(kat_tbs) - 1,
kat_RSA_PSS_SHA256, sizeof(kat_RSA_PSS_SHA256),
EVP_sha256(), RSA_PKCS1_PSS_PADDING,
"RSA SHA256 PSS"))
goto err;
ret = 1;
err:
FIPS_rsa_free(key);
return ret;
}
int FIPS_selftest_dsa()
{
DSA *dsa = NULL;
EVP_PKEY *pk = NULL;
int ret = 0;
dsa = DSA_new();
if (dsa == NULL)
goto err;
fips_load_key_component(dsa, p, dsa_test_2048);
fips_load_key_component(dsa, q, dsa_test_2048);
fips_load_key_component(dsa, g, dsa_test_2048);
fips_load_key_component(dsa, pub_key, dsa_test_2048);
fips_load_key_component(dsa, priv_key, dsa_test_2048);
if (corrupt_dsa)
BN_set_bit(dsa->pub_key, 2047);
if ((pk = EVP_PKEY_new()) == NULL)
goto err;
EVP_PKEY_assign_DSA(pk, dsa);
if (!fips_pkey_signature_test(pk, NULL, 0,
NULL, 0, EVP_sha256(), 0, "DSA SHA256"))
goto err;
ret = 1;
err:
if (pk)
EVP_PKEY_free(pk);
else if (dsa)
DSA_free(dsa);
return ret;
}
