/*---------------------------------------------------------------------------*/ void zrtp_test_crypto(zrtp_global_t* zrtp) { ZRTP_LOG(3, (_ZTU_,"====================CIPHERS TESTS====================\n")); cipher_test(zrtp); ZRTP_LOG(3, (_ZTU_,"=====================HASHES TESTS====================\n")); hash_test(zrtp); ZRTP_LOG(3, (_ZTU_,"================PUBLIC KEY SCHEMES TESTS==============\n")); dh_test(zrtp); ecdh_test(zrtp); ZRTP_LOG(3, (_ZTU_,"===============SRTP Key derivation TESTS==============\n")); dk_test(zrtp); ZRTP_LOG(3, (_ZTU_,"==============SRTP Replay protection TESTS============\n")) ; srtp_replay_protection_test(zrtp); }
int dh_tests (void) { unsigned char buf[3][4096]; unsigned long x, y, z; int stat, stat2; dh_key usera, userb; DO(dh_test()); /* make up two keys */ DO(dh_make_key (&test_yarrow, find_prng ("yarrow"), 96, &usera)); DO(dh_make_key (&test_yarrow, find_prng ("yarrow"), 96, &userb)); /* make the shared secret */ x = 4096; DO(dh_shared_secret (&usera, &userb, buf[0], &x)); y = 4096; DO(dh_shared_secret (&userb, &usera, buf[1], &y)); if (y != x) { printf ("DH Shared keys are not same size.\n"); return 1; } if (memcmp (buf[0], buf[1], x)) { printf ("DH Shared keys not same contents.\n"); return 1; } /* now export userb */ y = 4096; DO(dh_export (buf[1], &y, PK_PUBLIC, &userb)); dh_free (&userb); /* import and make the shared secret again */ DO(dh_import (buf[1], y, &userb)); z = 4096; DO(dh_shared_secret (&usera, &userb, buf[2], &z)); if (z != x) { printf ("failed. Size don't match?\n"); return 1; } if (memcmp (buf[0], buf[2], x)) { printf ("Failed. Content didn't match.\n"); return 1; } dh_free (&usera); dh_free (&userb); /* test encrypt_key */ dh_make_key (&test_yarrow, find_prng ("yarrow"), 128, &usera); for (x = 0; x < 16; x++) { buf[0][x] = x; } y = sizeof (buf[1]); DO(dh_encrypt_key (buf[0], 16, buf[1], &y, &test_yarrow, find_prng ("yarrow"), find_hash ("md5"), &usera)); zeromem (buf[0], sizeof (buf[0])); x = sizeof (buf[0]); DO(dh_decrypt_key (buf[1], y, buf[0], &x, &usera)); if (x != 16) { printf ("Failed (length)\n"); return 1; } for (x = 0; x < 16; x++) if (buf[0][x] != x) { printf ("Failed (contents)\n"); return 1; } /* test sign_hash */ for (x = 0; x < 16; x++) { buf[0][x] = x; } x = sizeof (buf[1]); DO(dh_sign_hash (buf[0], 16, buf[1], &x, &test_yarrow , find_prng ("yarrow"), &usera)); DO(dh_verify_hash (buf[1], x, buf[0], 16, &stat, &usera)); buf[0][0] ^= 1; DO(dh_verify_hash (buf[1], x, buf[0], 16, &stat2, &usera)); if (!(stat == 1 && stat2 == 0)) { printf("dh_sign/verify_hash %d %d", stat, stat2); return 1; } dh_free (&usera); return 0; }
void ctaocrypt_test(void* args) { int ret = 0; ((func_args*)args)->return_code = -1; /* error state */ if ( (ret = md5_test()) ) err_sys("MD5 test failed!\n", ret); else printf( "MD5 test passed!\n"); #ifndef NO_MD4 if ( (ret = md4_test()) ) err_sys("MD4 test failed!\n", ret); else printf( "MD4 test passed!\n"); #endif if ( (ret = sha_test()) ) err_sys("SHA test failed!\n", ret); else printf( "SHA test passed!\n"); #ifndef NO_SHA256 if ( (ret = sha256_test()) ) err_sys("SHA-256 test failed!\n", ret); else printf( "SHA-256 test passed!\n"); #endif #ifndef NO_HMAC if ( (ret = hmac_test()) ) err_sys("HMAC test failed!\n", ret); else printf( "HMAC test passed!\n"); #endif if ( (ret = arc4_test()) ) err_sys("ARC4 test failed!\n", ret); else printf( "ARC4 test passed!\n"); #ifndef NO_HC128 if ( (ret = hc128_test()) ) err_sys("HC-128 test failed!\n", ret); else printf( "HC-128 test passed!\n"); #endif #ifndef NO_RABBIT if ( (ret = rabbit_test()) ) err_sys("Rabbit test failed!\n", ret); else printf( "Rabbit test passed!\n"); #endif #ifndef NO_DES if ( (ret = des_test()) ) err_sys("DES test failed!\n", ret); else printf( "DES test passed!\n"); #endif #ifndef NO_DES3 if ( (ret = des3_test()) ) err_sys("DES3 test failed!\n", ret); else printf( "DES3 test passed!\n"); #endif #ifndef NO_AES if ( (ret = aes_test()) ) err_sys("AES test failed!\n", ret); else printf( "AES test passed!\n"); #endif if ( (ret = random_test()) ) err_sys("RANDOM test failed!\n", ret); else printf( "RANDOM test passed!\n"); if ( (ret = rsa_test()) ) err_sys("RSA test failed!\n", ret); else printf( "RSA test passed!\n"); #ifndef NO_DH if ( (ret = dh_test()) ) err_sys("DH test failed!\n", ret); else printf( "DH test passed!\n"); #endif #ifndef NO_DSA if ( (ret = dsa_test()) ) err_sys("DSA test failed!\n", ret); else printf( "DSA test passed!\n"); #endif #ifdef OPENSSL_EXTRA if ( (ret = openssl_test()) ) err_sys("OPENSSL test failed!\n", ret); else printf( "OPENSSL test passed!\n"); #endif ((func_args*)args)->return_code = ret; }
int main(int argc, char **argv) { int do_corrupt_rsa_keygen = 0, do_corrupt_dsa_keygen = 0; int bad_rsa = 0, bad_dsa = 0; int do_rng_stick = 0; int no_exit = 0; printf("\tFIPS-mode test application\n\n"); /* Load entropy from external file, if any */ RAND_load_file(".rnd", 1024); if (argv[1]) { /* Corrupted KAT tests */ if (!strcmp(argv[1], "aes")) { FIPS_corrupt_aes(); printf("AES encryption/decryption with corrupted KAT...\n"); } else if (!strcmp(argv[1], "des")) { FIPS_corrupt_des(); printf("DES3-ECB encryption/decryption with corrupted KAT...\n"); } else if (!strcmp(argv[1], "dsa")) { FIPS_corrupt_dsa(); printf ("DSA key generation and signature validation with corrupted KAT...\n"); } else if (!strcmp(argv[1], "rsa")) { FIPS_corrupt_rsa(); printf ("RSA key generation and signature validation with corrupted KAT...\n"); } else if (!strcmp(argv[1], "rsakey")) { printf ("RSA key generation and signature validation with corrupted key...\n"); bad_rsa = 1; no_exit = 1; } else if (!strcmp(argv[1], "rsakeygen")) { do_corrupt_rsa_keygen = 1; no_exit = 1; printf ("RSA key generation and signature validation with corrupted keygen...\n"); } else if (!strcmp(argv[1], "dsakey")) { printf ("DSA key generation and signature validation with corrupted key...\n"); bad_dsa = 1; no_exit = 1; } else if (!strcmp(argv[1], "dsakeygen")) { do_corrupt_dsa_keygen = 1; no_exit = 1; printf ("DSA key generation and signature validation with corrupted keygen...\n"); } else if (!strcmp(argv[1], "sha1")) { FIPS_corrupt_sha1(); printf("SHA-1 hash with corrupted KAT...\n"); } else if (!strcmp(argv[1], "rng")) { FIPS_corrupt_rng(); } else if (!strcmp(argv[1], "rngstick")) { do_rng_stick = 1; no_exit = 1; printf("RNG test with stuck continuous test...\n"); } else { printf("Bad argument \"%s\"\n", argv[1]); exit(1); } if (!no_exit) { if (!FIPS_mode_set(1)) { do_print_errors(); printf("Power-up self test failed\n"); exit(1); } printf("Power-up self test successful\n"); exit(0); } } /* Non-Approved cryptographic operation */ printf("1. Non-Approved cryptographic operation test...\n"); printf("\ta. Included algorithm (D-H)..."); printf(dh_test()? "successful\n" : Fail("FAILED!\n")); /* Power-up self test */ ERR_clear_error(); printf("2. Automatic power-up self test..."); if (!FIPS_mode_set(1)) { do_print_errors(); printf(Fail("FAILED!\n")); exit(1); } printf("successful\n"); if (do_corrupt_dsa_keygen) FIPS_corrupt_dsa_keygen(); if (do_corrupt_rsa_keygen) FIPS_corrupt_rsa_keygen(); if (do_rng_stick) FIPS_rng_stick(); /* AES encryption/decryption */ printf("3. AES encryption/decryption..."); printf(FIPS_aes_test()? "successful\n" : Fail("FAILED!\n")); /* RSA key generation and encryption/decryption */ printf("4. RSA key generation and encryption/decryption..."); printf(FIPS_rsa_test(bad_rsa) ? "successful\n" : Fail("FAILED!\n")); /* DES-CBC encryption/decryption */ printf("5. DES-ECB encryption/decryption..."); printf(FIPS_des3_test()? "successful\n" : Fail("FAILED!\n")); /* DSA key generation and signature validation */ printf("6. DSA key generation and signature validation..."); printf(FIPS_dsa_test(bad_dsa) ? "successful\n" : Fail("FAILED!\n")); /* SHA-1 hash */ printf("7a. SHA-1 hash..."); printf(FIPS_sha1_test()? "successful\n" : Fail("FAILED!\n")); /* SHA-256 hash */ printf("7b. SHA-256 hash..."); printf(FIPS_sha256_test()? "successful\n" : Fail("FAILED!\n")); /* SHA-512 hash */ printf("7c. SHA-512 hash..."); printf(FIPS_sha512_test()? "successful\n" : Fail("FAILED!\n")); /* HMAC-SHA-1 hash */ printf("7d. HMAC-SHA-1 hash..."); printf(FIPS_hmac_sha1_test()? "successful\n" : Fail("FAILED!\n")); /* HMAC-SHA-224 hash */ printf("7e. HMAC-SHA-224 hash..."); printf(FIPS_hmac_sha224_test()? "successful\n" : Fail("FAILED!\n")); /* HMAC-SHA-256 hash */ printf("7f. HMAC-SHA-256 hash..."); printf(FIPS_hmac_sha256_test()? "successful\n" : Fail("FAILED!\n")); /* HMAC-SHA-384 hash */ printf("7g. HMAC-SHA-384 hash..."); printf(FIPS_hmac_sha384_test()? "successful\n" : Fail("FAILED!\n")); /* HMAC-SHA-512 hash */ printf("7h. HMAC-SHA-512 hash..."); printf(FIPS_hmac_sha512_test()? "successful\n" : Fail("FAILED!\n")); /* Non-Approved cryptographic operation */ printf("8. Non-Approved cryptographic operation test...\n"); printf("\ta. Included algorithm (D-H)..."); printf(dh_test()? "successful as expected\n" : Fail("failed INCORRECTLY!\n")); /* Zeroization */ printf("9. Zero-ization...\n"); printf(Zeroize()? "\tsuccessful as expected\n" : Fail("\tfailed INCORRECTLY!\n")); printf("\nAll tests completed with %d errors\n", Error); return Error ? 1 : 0; }
int main(int argc,char **argv) { int bad_rsa = 0, bad_dsa = 0; int do_rng_stick = 0; int do_drbg_stick = 0; int no_exit = 0; FIPS_post_set_callback(post_cb); printf("\tFIPS-mode test application\n"); printf("\t%s\n\n", FIPS_module_version_text()); if (argv[1]) { /* Corrupted KAT tests */ if (!strcmp(argv[1], "integrity")) { fail_id = FIPS_TEST_INTEGRITY; } else if (!strcmp(argv[1], "aes")) { fail_id = FIPS_TEST_CIPHER; fail_sub = NID_aes_128_ecb; } else if (!strcmp(argv[1], "aes-ccm")) { fail_id = FIPS_TEST_CCM; } else if (!strcmp(argv[1], "aes-gcm")) { fail_id = FIPS_TEST_GCM; } else if (!strcmp(argv[1], "aes-xts")) { fail_id = FIPS_TEST_XTS; } else if (!strcmp(argv[1], "des")) { fail_id = FIPS_TEST_CIPHER; fail_sub = NID_des_ede3_ecb; } else if (!strcmp(argv[1], "dsa")) { fail_id = FIPS_TEST_SIGNATURE; fail_key = EVP_PKEY_DSA; } else if (!strcmp(argv[1], "ecdsa")) { fail_id = FIPS_TEST_SIGNATURE; fail_key = EVP_PKEY_EC; } else if (!strcmp(argv[1], "rsa")) { fail_id = FIPS_TEST_SIGNATURE; fail_key = EVP_PKEY_RSA; } else if (!strcmp(argv[1], "rsakey")) { printf("RSA key generation and signature validation with corrupted key...\n"); bad_rsa = 1; no_exit = 1; } else if (!strcmp(argv[1], "rsakeygen")) { fail_id = FIPS_TEST_PAIRWISE; fail_key = EVP_PKEY_RSA; no_exit = 1; } else if (!strcmp(argv[1], "dsakey")) { printf("DSA key generation and signature validation with corrupted key...\n"); bad_dsa = 1; no_exit = 1; } else if (!strcmp(argv[1], "dsakeygen")) { fail_id = FIPS_TEST_PAIRWISE; fail_key = EVP_PKEY_DSA; no_exit = 1; } else if (!strcmp(argv[1], "sha1")) { fail_id = FIPS_TEST_DIGEST; } else if (!strcmp(argv[1], "hmac")) { fail_id = FIPS_TEST_HMAC; } else if (!strcmp(argv[1], "cmac")) { fail_id = FIPS_TEST_CMAC; } else if (!strcmp(argv[1], "drbg")) { fail_id = FIPS_TEST_DRBG; } else if (!strcmp(argv[1], "rng")) { fail_id = FIPS_TEST_X931; } else if (!strcmp(argv[1], "post")) { fail_id = -1; } else if (!strcmp(argv[1], "rngstick")) { do_rng_stick = 1; no_exit = 1; printf("RNG test with stuck continuous test...\n"); } else if (!strcmp(argv[1], "drbgentstick")) { do_entropy_stick(); } else if (!strcmp(argv[1], "drbgstick")) { do_drbg_stick = 1; no_exit = 1; printf("DRBG test with stuck continuous test...\n"); } else { printf("Bad argument \"%s\"\n", argv[1]); exit(1); } if (!no_exit) { fips_algtest_init_nofips(); if (!FIPS_module_mode_set(1)) { printf("Power-up self test failed\n"); exit(1); } printf("Power-up self test successful\n"); exit(0); } } fips_algtest_init_nofips(); /* Non-Approved cryptographic operation */ printf("1. Non-Approved cryptographic operation test...\n"); test_msg("\ta. Included algorithm (D-H)...", dh_test()); /* Power-up self test */ ERR_clear_error(); test_msg("2. Automatic power-up self test", FIPS_module_mode_set(1)); if (!FIPS_module_mode()) exit(1); if (do_drbg_stick) FIPS_drbg_stick(); if (do_rng_stick) FIPS_x931_stick(); /* AES encryption/decryption */ test_msg("3a. AES encryption/decryption", FIPS_aes_test()); /* AES GCM encryption/decryption */ test_msg("3b. AES-GCM encryption/decryption", FIPS_aes_gcm_test()); /* RSA key generation and encryption/decryption */ test_msg("4. RSA key generation and encryption/decryption", FIPS_rsa_test(bad_rsa)); /* DES-CBC encryption/decryption */ test_msg("5. DES-ECB encryption/decryption", FIPS_des3_test()); /* DSA key generation and signature validation */ test_msg("6. DSA key generation and signature validation", FIPS_dsa_test(bad_dsa)); /* SHA-1 hash */ test_msg("7a. SHA-1 hash", FIPS_sha1_test()); /* SHA-256 hash */ test_msg("7b. SHA-256 hash", FIPS_sha256_test()); /* SHA-512 hash */ test_msg("7c. SHA-512 hash", FIPS_sha512_test()); /* HMAC-SHA-1 hash */ test_msg("7d. HMAC-SHA-1 hash", FIPS_hmac_sha1_test()); /* HMAC-SHA-224 hash */ test_msg("7e. HMAC-SHA-224 hash", FIPS_hmac_sha224_test()); /* HMAC-SHA-256 hash */ test_msg("7f. HMAC-SHA-256 hash", FIPS_hmac_sha256_test()); /* HMAC-SHA-384 hash */ test_msg("7g. HMAC-SHA-384 hash", FIPS_hmac_sha384_test()); /* HMAC-SHA-512 hash */ test_msg("7h. HMAC-SHA-512 hash", FIPS_hmac_sha512_test()); /* CMAC-AES-128 hash */ test_msg("8a. CMAC-AES-128 hash", FIPS_cmac_aes128_test()); /* CMAC-AES-192 hash */ test_msg("8b. CMAC-AES-192 hash", FIPS_cmac_aes192_test()); /* CMAC-AES-256 hash */ test_msg("8c. CMAC-AES-256 hash", FIPS_cmac_aes256_test()); # if 0 /* Not a FIPS algorithm */ /* CMAC-TDEA-2 hash */ test_msg("8d. CMAC-TDEA-2 hash", FIPS_cmac_tdea2_test()); #endif /* CMAC-TDEA-3 hash */ test_msg("8e. CMAC-TDEA-3 hash", FIPS_cmac_tdea3_test()); /* Non-Approved cryptographic operation */ printf("9. Non-Approved cryptographic operation test...\n"); printf("\ta. Included algorithm (D-H)...%s\n", dh_test() ? "successful as expected" : Fail("failed INCORRECTLY!") ); /* Zeroization */ printf("10. Zero-ization...\n\t%s\n", Zeroize() ? "successful as expected" : Fail("failed INCORRECTLY!") ); printf("\nAll tests completed with %d errors\n", Error); return Error ? 1 : 0; }
int main(int argc,char **argv) { printf("\tFIPS-mode test application\n\n"); /* Load entropy from external file, if any */ RAND_load_file(".rnd", 1024); if (argv[1]) { /* Corrupted KAT tests */ if (!strcmp(argv[1], "aes")) { FIPS_corrupt_aes(); printf("AES encryption/decryption with corrupted KAT...\n"); } else if (!strcmp(argv[1], "des")) { FIPS_corrupt_des(); printf("DES-ECB encryption/decryption with corrupted KAT...\n"); } else if (!strcmp(argv[1], "dsa")) { FIPS_corrupt_dsa(); printf("DSA key generation and signature validation with corrupted KAT...\n"); } else if (!strcmp(argv[1], "rsa")) { FIPS_corrupt_rsa(); printf("RSA key generation and encryption/decryption with corrupted KAT...\n"); } else if (!strcmp(argv[1], "sha1")) { FIPS_corrupt_sha1(); printf("SHA-1 hash with corrupted KAT...\n"); } else if (!strcmp(argv[1], "rng")) { FIPS_corrupt_rng(); printf("RNG test with corrupted KAT...\n"); } else { printf("Bad argument \"%s\"\n", argv[1]); exit(1); } if (!FIPS_mode_set(1)) { ERR_load_crypto_strings(); ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); printf("Power-up self test failed\n"); exit(1); } printf("Power-up self test successful\n"); exit(0); } /* Non-Approved cryptographic operation */ printf("1. Non-Approved cryptographic operation test...\n"); printf("\ta. Excluded algorithm (MD5)..."); printf( md5_test() ? "successful\n" : Fail("FAILED!\n") ); printf("\tb. Included algorithm (D-H)..."); printf( dh_test() ? "successful\n" : Fail("FAILED!\n") ); /* Power-up self test */ ERR_clear_error(); printf("2. Automatic power-up self test..."); if (!FIPS_mode_set(1)) { ERR_load_crypto_strings(); ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); printf(Fail("FAILED!\n")); exit(1); } printf("successful\n"); /* AES encryption/decryption */ printf("3. AES encryption/decryption..."); printf( FIPS_aes_test() ? "successful\n" : Fail("FAILED!\n") ); /* RSA key generation and encryption/decryption */ printf("4. RSA key generation and encryption/decryption..."); printf( FIPS_rsa_test() ? "successful\n" : Fail("FAILED!\n") ); /* DES-CBC encryption/decryption */ printf("5. DES-ECB encryption/decryption..."); printf( FIPS_des_test() ? "successful\n" : Fail("FAILED!\n") ); /* DSA key generation and signature validation */ printf("6. DSA key generation and signature validation..."); printf( FIPS_dsa_test() ? "successful\n" : Fail("FAILED!\n") ); /* SHA-1 hash */ printf("7a. SHA-1 hash..."); printf( FIPS_sha1_test() ? "successful\n" : Fail("FAILED!\n") ); /* SHA-256 hash */ printf("7b. SHA-256 hash..."); printf( FIPS_sha256_test() ? "successful\n" : Fail("FAILED!\n") ); /* SHA-512 hash */ printf("7c. SHA-512 hash..."); printf( FIPS_sha512_test() ? "successful\n" : Fail("FAILED!\n") ); /* HMAC-SHA-1 hash */ printf("7d. SHA-1 hash..."); printf( FIPS_hmac_sha1_test() ? "successful\n" : Fail("FAILED!\n") ); /* HMAC-SHA-224 hash */ printf("7e. SHA-224 hash..."); printf( FIPS_hmac_sha224_test() ? "successful\n" : Fail("FAILED!\n") ); /* HMAC-SHA-256 hash */ printf("7f. SHA-256 hash..."); printf( FIPS_hmac_sha256_test() ? "successful\n" : Fail("FAILED!\n") ); /* HMAC-SHA-384 hash */ printf("7g. SHA-384 hash..."); printf( FIPS_hmac_sha384_test() ? "successful\n" : Fail("FAILED!\n") ); /* HMAC-SHA-512 hash */ printf("7h. SHA-512 hash..."); printf( FIPS_hmac_sha512_test() ? "successful\n" : Fail("FAILED!\n") ); /* Non-Approved cryptographic operation */ printf("8. Non-Approved cryptographic operation test...\n"); printf("\ta. Excluded algorithm (MD5)..."); printf( md5_test() ? Fail("passed INCORRECTLY!\n") : "failed as expected\n" ); printf("\tb. Included algorithm (D-H)..."); printf( dh_test() ? "successful as expected\n" : Fail("failed INCORRECTLY!\n") ); /* Zeroization */ printf("9. Zero-ization...\n"); Zeroize(); printf("\nAll tests completed with %d errors\n", Error); return 0; }