/*---------------------------------------------------------------------------*/
void zrtp_test_crypto(zrtp_global_t* zrtp)
{
ZRTP_LOG(3, (_ZTU_,"====================CIPHERS TESTS====================\n"));
cipher_test(zrtp);
ZRTP_LOG(3, (_ZTU_,"=====================HASHES TESTS====================\n"));
hash_test(zrtp);
ZRTP_LOG(3, (_ZTU_,"================PUBLIC KEY SCHEMES TESTS==============\n"));
dh_test(zrtp);
ecdh_test(zrtp);
ZRTP_LOG(3, (_ZTU_,"===============SRTP Key derivation TESTS==============\n"));
dk_test(zrtp);
ZRTP_LOG(3, (_ZTU_,"==============SRTP Replay protection TESTS============\n")) ;
srtp_replay_protection_test(zrtp);
}
int dh_tests (void)
{
unsigned char buf[3][4096];
unsigned long x, y, z;
int stat, stat2;
dh_key usera, userb;
DO(dh_test());
/* make up two keys */
DO(dh_make_key (&test_yarrow, find_prng ("yarrow"), 96, &usera));
DO(dh_make_key (&test_yarrow, find_prng ("yarrow"), 96, &userb));
/* make the shared secret */
x = 4096;
DO(dh_shared_secret (&usera, &userb, buf[0], &x));
y = 4096;
DO(dh_shared_secret (&userb, &usera, buf[1], &y));
if (y != x) {
printf ("DH Shared keys are not same size.\n");
return 1;
}
if (memcmp (buf[0], buf[1], x)) {
printf ("DH Shared keys not same contents.\n");
return 1;
}
/* now export userb */
y = 4096;
DO(dh_export (buf[1], &y, PK_PUBLIC, &userb));
dh_free (&userb);
/* import and make the shared secret again */
DO(dh_import (buf[1], y, &userb));
z = 4096;
DO(dh_shared_secret (&usera, &userb, buf[2], &z));
if (z != x) {
printf ("failed. Size don't match?\n");
return 1;
}
if (memcmp (buf[0], buf[2], x)) {
printf ("Failed. Content didn't match.\n");
return 1;
}
dh_free (&usera);
dh_free (&userb);
/* test encrypt_key */
dh_make_key (&test_yarrow, find_prng ("yarrow"), 128, &usera);
for (x = 0; x < 16; x++) {
buf[0][x] = x;
}
y = sizeof (buf[1]);
DO(dh_encrypt_key (buf[0], 16, buf[1], &y, &test_yarrow, find_prng ("yarrow"), find_hash ("md5"), &usera));
zeromem (buf[0], sizeof (buf[0]));
x = sizeof (buf[0]);
DO(dh_decrypt_key (buf[1], y, buf[0], &x, &usera));
if (x != 16) {
printf ("Failed (length)\n");
return 1;
}
for (x = 0; x < 16; x++)
if (buf[0][x] != x) {
printf ("Failed (contents)\n");
return 1;
}
/* test sign_hash */
for (x = 0; x < 16; x++) {
buf[0][x] = x;
}
x = sizeof (buf[1]);
DO(dh_sign_hash (buf[0], 16, buf[1], &x, &test_yarrow , find_prng ("yarrow"), &usera));
DO(dh_verify_hash (buf[1], x, buf[0], 16, &stat, &usera));
buf[0][0] ^= 1;
DO(dh_verify_hash (buf[1], x, buf[0], 16, &stat2, &usera));
if (!(stat == 1 && stat2 == 0)) {
printf("dh_sign/verify_hash %d %d", stat, stat2);
return 1;
}
dh_free (&usera);
return 0;
}
void ctaocrypt_test(void* args)
{
int ret = 0;
((func_args*)args)->return_code = -1; /* error state */
if ( (ret = md5_test()) )
err_sys("MD5 test failed!\n", ret);
else
printf( "MD5 test passed!\n");
#ifndef NO_MD4
if ( (ret = md4_test()) )
err_sys("MD4 test failed!\n", ret);
else
printf( "MD4 test passed!\n");
#endif
if ( (ret = sha_test()) )
err_sys("SHA test failed!\n", ret);
else
printf( "SHA test passed!\n");
#ifndef NO_SHA256
if ( (ret = sha256_test()) )
err_sys("SHA-256 test failed!\n", ret);
else
printf( "SHA-256 test passed!\n");
#endif
#ifndef NO_HMAC
if ( (ret = hmac_test()) )
err_sys("HMAC test failed!\n", ret);
else
printf( "HMAC test passed!\n");
#endif
if ( (ret = arc4_test()) )
err_sys("ARC4 test failed!\n", ret);
else
printf( "ARC4 test passed!\n");
#ifndef NO_HC128
if ( (ret = hc128_test()) )
err_sys("HC-128 test failed!\n", ret);
else
printf( "HC-128 test passed!\n");
#endif
#ifndef NO_RABBIT
if ( (ret = rabbit_test()) )
err_sys("Rabbit test failed!\n", ret);
else
printf( "Rabbit test passed!\n");
#endif
#ifndef NO_DES
if ( (ret = des_test()) )
err_sys("DES test failed!\n", ret);
else
printf( "DES test passed!\n");
#endif
#ifndef NO_DES3
if ( (ret = des3_test()) )
err_sys("DES3 test failed!\n", ret);
else
printf( "DES3 test passed!\n");
#endif
#ifndef NO_AES
if ( (ret = aes_test()) )
err_sys("AES test failed!\n", ret);
else
printf( "AES test passed!\n");
#endif
if ( (ret = random_test()) )
err_sys("RANDOM test failed!\n", ret);
else
printf( "RANDOM test passed!\n");
if ( (ret = rsa_test()) )
err_sys("RSA test failed!\n", ret);
else
printf( "RSA test passed!\n");
#ifndef NO_DH
if ( (ret = dh_test()) )
err_sys("DH test failed!\n", ret);
else
printf( "DH test passed!\n");
#endif
#ifndef NO_DSA
if ( (ret = dsa_test()) )
err_sys("DSA test failed!\n", ret);
else
printf( "DSA test passed!\n");
#endif
#ifdef OPENSSL_EXTRA
if ( (ret = openssl_test()) )
err_sys("OPENSSL test failed!\n", ret);
else
printf( "OPENSSL test passed!\n");
#endif
((func_args*)args)->return_code = ret;
}
int main(int argc, char **argv)
{
int do_corrupt_rsa_keygen = 0, do_corrupt_dsa_keygen = 0;
int bad_rsa = 0, bad_dsa = 0;
int do_rng_stick = 0;
int no_exit = 0;
printf("\tFIPS-mode test application\n\n");
/* Load entropy from external file, if any */
RAND_load_file(".rnd", 1024);
if (argv[1]) {
/* Corrupted KAT tests */
if (!strcmp(argv[1], "aes")) {
FIPS_corrupt_aes();
printf("AES encryption/decryption with corrupted KAT...\n");
} else if (!strcmp(argv[1], "des")) {
FIPS_corrupt_des();
printf("DES3-ECB encryption/decryption with corrupted KAT...\n");
} else if (!strcmp(argv[1], "dsa")) {
FIPS_corrupt_dsa();
printf
("DSA key generation and signature validation with corrupted KAT...\n");
} else if (!strcmp(argv[1], "rsa")) {
FIPS_corrupt_rsa();
printf
("RSA key generation and signature validation with corrupted KAT...\n");
} else if (!strcmp(argv[1], "rsakey")) {
printf
("RSA key generation and signature validation with corrupted key...\n");
bad_rsa = 1;
no_exit = 1;
} else if (!strcmp(argv[1], "rsakeygen")) {
do_corrupt_rsa_keygen = 1;
no_exit = 1;
printf
("RSA key generation and signature validation with corrupted keygen...\n");
} else if (!strcmp(argv[1], "dsakey")) {
printf
("DSA key generation and signature validation with corrupted key...\n");
bad_dsa = 1;
no_exit = 1;
} else if (!strcmp(argv[1], "dsakeygen")) {
do_corrupt_dsa_keygen = 1;
no_exit = 1;
printf
("DSA key generation and signature validation with corrupted keygen...\n");
} else if (!strcmp(argv[1], "sha1")) {
FIPS_corrupt_sha1();
printf("SHA-1 hash with corrupted KAT...\n");
} else if (!strcmp(argv[1], "rng")) {
FIPS_corrupt_rng();
} else if (!strcmp(argv[1], "rngstick")) {
do_rng_stick = 1;
no_exit = 1;
printf("RNG test with stuck continuous test...\n");
} else {
printf("Bad argument \"%s\"\n", argv[1]);
exit(1);
}
if (!no_exit) {
if (!FIPS_mode_set(1)) {
do_print_errors();
printf("Power-up self test failed\n");
exit(1);
}
printf("Power-up self test successful\n");
exit(0);
}
}
/* Non-Approved cryptographic operation
*/
printf("1. Non-Approved cryptographic operation test...\n");
printf("\ta. Included algorithm (D-H)...");
printf(dh_test()? "successful\n" : Fail("FAILED!\n"));
/* Power-up self test
*/
ERR_clear_error();
printf("2. Automatic power-up self test...");
if (!FIPS_mode_set(1)) {
do_print_errors();
printf(Fail("FAILED!\n"));
exit(1);
}
printf("successful\n");
if (do_corrupt_dsa_keygen)
FIPS_corrupt_dsa_keygen();
if (do_corrupt_rsa_keygen)
FIPS_corrupt_rsa_keygen();
if (do_rng_stick)
FIPS_rng_stick();
/* AES encryption/decryption
*/
printf("3. AES encryption/decryption...");
printf(FIPS_aes_test()? "successful\n" : Fail("FAILED!\n"));
/* RSA key generation and encryption/decryption
*/
printf("4. RSA key generation and encryption/decryption...");
printf(FIPS_rsa_test(bad_rsa) ? "successful\n" : Fail("FAILED!\n"));
/* DES-CBC encryption/decryption
*/
printf("5. DES-ECB encryption/decryption...");
printf(FIPS_des3_test()? "successful\n" : Fail("FAILED!\n"));
/* DSA key generation and signature validation
*/
printf("6. DSA key generation and signature validation...");
printf(FIPS_dsa_test(bad_dsa) ? "successful\n" : Fail("FAILED!\n"));
/* SHA-1 hash
*/
printf("7a. SHA-1 hash...");
printf(FIPS_sha1_test()? "successful\n" : Fail("FAILED!\n"));
/* SHA-256 hash
*/
printf("7b. SHA-256 hash...");
printf(FIPS_sha256_test()? "successful\n" : Fail("FAILED!\n"));
/* SHA-512 hash
*/
printf("7c. SHA-512 hash...");
printf(FIPS_sha512_test()? "successful\n" : Fail("FAILED!\n"));
/* HMAC-SHA-1 hash
*/
printf("7d. HMAC-SHA-1 hash...");
printf(FIPS_hmac_sha1_test()? "successful\n" : Fail("FAILED!\n"));
/* HMAC-SHA-224 hash
*/
printf("7e. HMAC-SHA-224 hash...");
printf(FIPS_hmac_sha224_test()? "successful\n" : Fail("FAILED!\n"));
/* HMAC-SHA-256 hash
*/
printf("7f. HMAC-SHA-256 hash...");
printf(FIPS_hmac_sha256_test()? "successful\n" : Fail("FAILED!\n"));
/* HMAC-SHA-384 hash
*/
printf("7g. HMAC-SHA-384 hash...");
printf(FIPS_hmac_sha384_test()? "successful\n" : Fail("FAILED!\n"));
/* HMAC-SHA-512 hash
*/
printf("7h. HMAC-SHA-512 hash...");
printf(FIPS_hmac_sha512_test()? "successful\n" : Fail("FAILED!\n"));
/* Non-Approved cryptographic operation
*/
printf("8. Non-Approved cryptographic operation test...\n");
printf("\ta. Included algorithm (D-H)...");
printf(dh_test()? "successful as expected\n"
: Fail("failed INCORRECTLY!\n"));
/* Zeroization
*/
printf("9. Zero-ization...\n");
printf(Zeroize()? "\tsuccessful as expected\n"
: Fail("\tfailed INCORRECTLY!\n"));
printf("\nAll tests completed with %d errors\n", Error);
return Error ? 1 : 0;
}
int main(int argc,char **argv)
{
int bad_rsa = 0, bad_dsa = 0;
int do_rng_stick = 0;
int do_drbg_stick = 0;
int no_exit = 0;
FIPS_post_set_callback(post_cb);
printf("\tFIPS-mode test application\n");
printf("\t%s\n\n", FIPS_module_version_text());
if (argv[1]) {
/* Corrupted KAT tests */
if (!strcmp(argv[1], "integrity")) {
fail_id = FIPS_TEST_INTEGRITY;
} else if (!strcmp(argv[1], "aes")) {
fail_id = FIPS_TEST_CIPHER;
fail_sub = NID_aes_128_ecb;
} else if (!strcmp(argv[1], "aes-ccm")) {
fail_id = FIPS_TEST_CCM;
} else if (!strcmp(argv[1], "aes-gcm")) {
fail_id = FIPS_TEST_GCM;
} else if (!strcmp(argv[1], "aes-xts")) {
fail_id = FIPS_TEST_XTS;
} else if (!strcmp(argv[1], "des")) {
fail_id = FIPS_TEST_CIPHER;
fail_sub = NID_des_ede3_ecb;
} else if (!strcmp(argv[1], "dsa")) {
fail_id = FIPS_TEST_SIGNATURE;
fail_key = EVP_PKEY_DSA;
} else if (!strcmp(argv[1], "ecdsa")) {
fail_id = FIPS_TEST_SIGNATURE;
fail_key = EVP_PKEY_EC;
} else if (!strcmp(argv[1], "rsa")) {
fail_id = FIPS_TEST_SIGNATURE;
fail_key = EVP_PKEY_RSA;
} else if (!strcmp(argv[1], "rsakey")) {
printf("RSA key generation and signature validation with corrupted key...\n");
bad_rsa = 1;
no_exit = 1;
} else if (!strcmp(argv[1], "rsakeygen")) {
fail_id = FIPS_TEST_PAIRWISE;
fail_key = EVP_PKEY_RSA;
no_exit = 1;
} else if (!strcmp(argv[1], "dsakey")) {
printf("DSA key generation and signature validation with corrupted key...\n");
bad_dsa = 1;
no_exit = 1;
} else if (!strcmp(argv[1], "dsakeygen")) {
fail_id = FIPS_TEST_PAIRWISE;
fail_key = EVP_PKEY_DSA;
no_exit = 1;
} else if (!strcmp(argv[1], "sha1")) {
fail_id = FIPS_TEST_DIGEST;
} else if (!strcmp(argv[1], "hmac")) {
fail_id = FIPS_TEST_HMAC;
} else if (!strcmp(argv[1], "cmac")) {
fail_id = FIPS_TEST_CMAC;
} else if (!strcmp(argv[1], "drbg")) {
fail_id = FIPS_TEST_DRBG;
} else if (!strcmp(argv[1], "rng")) {
fail_id = FIPS_TEST_X931;
} else if (!strcmp(argv[1], "post")) {
fail_id = -1;
} else if (!strcmp(argv[1], "rngstick")) {
do_rng_stick = 1;
no_exit = 1;
printf("RNG test with stuck continuous test...\n");
} else if (!strcmp(argv[1], "drbgentstick")) {
do_entropy_stick();
} else if (!strcmp(argv[1], "drbgstick")) {
do_drbg_stick = 1;
no_exit = 1;
printf("DRBG test with stuck continuous test...\n");
} else {
printf("Bad argument \"%s\"\n", argv[1]);
exit(1);
}
if (!no_exit) {
fips_algtest_init_nofips();
if (!FIPS_module_mode_set(1)) {
printf("Power-up self test failed\n");
exit(1);
}
printf("Power-up self test successful\n");
exit(0);
}
}
fips_algtest_init_nofips();
/* Non-Approved cryptographic operation
*/
printf("1. Non-Approved cryptographic operation test...\n");
test_msg("\ta. Included algorithm (D-H)...", dh_test());
/* Power-up self test
*/
ERR_clear_error();
test_msg("2. Automatic power-up self test", FIPS_module_mode_set(1));
if (!FIPS_module_mode())
exit(1);
if (do_drbg_stick)
FIPS_drbg_stick();
if (do_rng_stick)
FIPS_x931_stick();
/* AES encryption/decryption
*/
test_msg("3a. AES encryption/decryption", FIPS_aes_test());
/* AES GCM encryption/decryption
*/
test_msg("3b. AES-GCM encryption/decryption", FIPS_aes_gcm_test());
/* RSA key generation and encryption/decryption
*/
test_msg("4. RSA key generation and encryption/decryption",
FIPS_rsa_test(bad_rsa));
/* DES-CBC encryption/decryption
*/
test_msg("5. DES-ECB encryption/decryption", FIPS_des3_test());
/* DSA key generation and signature validation
*/
test_msg("6. DSA key generation and signature validation",
FIPS_dsa_test(bad_dsa));
/* SHA-1 hash
*/
test_msg("7a. SHA-1 hash", FIPS_sha1_test());
/* SHA-256 hash
*/
test_msg("7b. SHA-256 hash", FIPS_sha256_test());
/* SHA-512 hash
*/
test_msg("7c. SHA-512 hash", FIPS_sha512_test());
/* HMAC-SHA-1 hash
*/
test_msg("7d. HMAC-SHA-1 hash", FIPS_hmac_sha1_test());
/* HMAC-SHA-224 hash
*/
test_msg("7e. HMAC-SHA-224 hash", FIPS_hmac_sha224_test());
/* HMAC-SHA-256 hash
*/
test_msg("7f. HMAC-SHA-256 hash", FIPS_hmac_sha256_test());
/* HMAC-SHA-384 hash
*/
test_msg("7g. HMAC-SHA-384 hash", FIPS_hmac_sha384_test());
/* HMAC-SHA-512 hash
*/
test_msg("7h. HMAC-SHA-512 hash", FIPS_hmac_sha512_test());
/* CMAC-AES-128 hash
*/
test_msg("8a. CMAC-AES-128 hash", FIPS_cmac_aes128_test());
/* CMAC-AES-192 hash
*/
test_msg("8b. CMAC-AES-192 hash", FIPS_cmac_aes192_test());
/* CMAC-AES-256 hash
*/
test_msg("8c. CMAC-AES-256 hash", FIPS_cmac_aes256_test());
# if 0 /* Not a FIPS algorithm */
/* CMAC-TDEA-2 hash
*/
test_msg("8d. CMAC-TDEA-2 hash", FIPS_cmac_tdea2_test());
#endif
/* CMAC-TDEA-3 hash
*/
test_msg("8e. CMAC-TDEA-3 hash", FIPS_cmac_tdea3_test());
/* Non-Approved cryptographic operation
*/
printf("9. Non-Approved cryptographic operation test...\n");
printf("\ta. Included algorithm (D-H)...%s\n",
dh_test() ? "successful as expected"
: Fail("failed INCORRECTLY!") );
/* Zeroization
*/
printf("10. Zero-ization...\n\t%s\n",
Zeroize() ? "successful as expected"
: Fail("failed INCORRECTLY!") );
printf("\nAll tests completed with %d errors\n", Error);
return Error ? 1 : 0;
}
int main(int argc,char **argv)
{
printf("\tFIPS-mode test application\n\n");
/* Load entropy from external file, if any */
RAND_load_file(".rnd", 1024);
if (argv[1]) {
/* Corrupted KAT tests */
if (!strcmp(argv[1], "aes")) {
FIPS_corrupt_aes();
printf("AES encryption/decryption with corrupted KAT...\n");
} else if (!strcmp(argv[1], "des")) {
FIPS_corrupt_des();
printf("DES-ECB encryption/decryption with corrupted KAT...\n");
} else if (!strcmp(argv[1], "dsa")) {
FIPS_corrupt_dsa();
printf("DSA key generation and signature validation with corrupted KAT...\n");
} else if (!strcmp(argv[1], "rsa")) {
FIPS_corrupt_rsa();
printf("RSA key generation and encryption/decryption with corrupted KAT...\n");
} else if (!strcmp(argv[1], "sha1")) {
FIPS_corrupt_sha1();
printf("SHA-1 hash with corrupted KAT...\n");
} else if (!strcmp(argv[1], "rng")) {
FIPS_corrupt_rng();
printf("RNG test with corrupted KAT...\n");
} else {
printf("Bad argument \"%s\"\n", argv[1]);
exit(1);
}
if (!FIPS_mode_set(1))
{
ERR_load_crypto_strings();
ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
printf("Power-up self test failed\n");
exit(1);
}
printf("Power-up self test successful\n");
exit(0);
}
/* Non-Approved cryptographic operation
*/
printf("1. Non-Approved cryptographic operation test...\n");
printf("\ta. Excluded algorithm (MD5)...");
printf( md5_test() ? "successful\n" : Fail("FAILED!\n") );
printf("\tb. Included algorithm (D-H)...");
printf( dh_test() ? "successful\n" : Fail("FAILED!\n") );
/* Power-up self test
*/
ERR_clear_error();
printf("2. Automatic power-up self test...");
if (!FIPS_mode_set(1))
{
ERR_load_crypto_strings();
ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
printf(Fail("FAILED!\n"));
exit(1);
}
printf("successful\n");
/* AES encryption/decryption
*/
printf("3. AES encryption/decryption...");
printf( FIPS_aes_test() ? "successful\n" : Fail("FAILED!\n") );
/* RSA key generation and encryption/decryption
*/
printf("4. RSA key generation and encryption/decryption...");
printf( FIPS_rsa_test() ? "successful\n" : Fail("FAILED!\n") );
/* DES-CBC encryption/decryption
*/
printf("5. DES-ECB encryption/decryption...");
printf( FIPS_des_test() ? "successful\n" : Fail("FAILED!\n") );
/* DSA key generation and signature validation
*/
printf("6. DSA key generation and signature validation...");
printf( FIPS_dsa_test() ? "successful\n" : Fail("FAILED!\n") );
/* SHA-1 hash
*/
printf("7a. SHA-1 hash...");
printf( FIPS_sha1_test() ? "successful\n" : Fail("FAILED!\n") );
/* SHA-256 hash
*/
printf("7b. SHA-256 hash...");
printf( FIPS_sha256_test() ? "successful\n" : Fail("FAILED!\n") );
/* SHA-512 hash
*/
printf("7c. SHA-512 hash...");
printf( FIPS_sha512_test() ? "successful\n" : Fail("FAILED!\n") );
/* HMAC-SHA-1 hash
*/
printf("7d. SHA-1 hash...");
printf( FIPS_hmac_sha1_test() ? "successful\n" : Fail("FAILED!\n") );
/* HMAC-SHA-224 hash
*/
printf("7e. SHA-224 hash...");
printf( FIPS_hmac_sha224_test() ? "successful\n" : Fail("FAILED!\n") );
/* HMAC-SHA-256 hash
*/
printf("7f. SHA-256 hash...");
printf( FIPS_hmac_sha256_test() ? "successful\n" : Fail("FAILED!\n") );
/* HMAC-SHA-384 hash
*/
printf("7g. SHA-384 hash...");
printf( FIPS_hmac_sha384_test() ? "successful\n" : Fail("FAILED!\n") );
/* HMAC-SHA-512 hash
*/
printf("7h. SHA-512 hash...");
printf( FIPS_hmac_sha512_test() ? "successful\n" : Fail("FAILED!\n") );
/* Non-Approved cryptographic operation
*/
printf("8. Non-Approved cryptographic operation test...\n");
printf("\ta. Excluded algorithm (MD5)...");
printf( md5_test() ? Fail("passed INCORRECTLY!\n")
: "failed as expected\n" );
printf("\tb. Included algorithm (D-H)...");
printf( dh_test() ? "successful as expected\n"
: Fail("failed INCORRECTLY!\n") );
/* Zeroization
*/
printf("9. Zero-ization...\n");
Zeroize();
printf("\nAll tests completed with %d errors\n", Error);
return 0;
}
