int main(int argc, char **argv) { if (argc != 2) { fprintf(stderr, "%s [mct|vst]\n", argv[0]); exit(1); } if (!FIPS_mode_set(1)) { do_print_errors(); exit(1); } FIPS_rand_reset(); if (!FIPS_rand_test_mode()) { fprintf(stderr, "Error setting PRNG test mode\n"); do_print_errors(); exit(1); } if (!strcmp(argv[1], "mct")) mct(); else if (!strcmp(argv[1], "vst")) vst(); else { fprintf(stderr, "Don't know how to %s.\n", argv[1]); exit(1); } return 0; }
int main(int argc, char **argv) { FILE *in = NULL, *out = NULL; int ret = 1; if(!FIPS_mode_set(1)) { do_print_errors(); goto end; } if (argc == 1) in = stdin; else in = fopen(argv[1], "r"); if (argc < 2) out = stdout; else out = fopen(argv[2], "w"); if (!in) { fprintf(stderr, "FATAL input initialization error\n"); goto end; } if (!out) { fprintf(stderr, "FATAL output initialization error\n"); goto end; } if (!hmac_test(EVP_sha1(), out, in)) { fprintf(stderr, "FATAL hmac file processing error\n"); goto end; } else ret = 0; end: if (ret) do_print_errors(); if (in && (in != stdin)) fclose(in); if (out && (out != stdout)) fclose(out); return ret; }
int main(int argc, char **argv) { if (argc != 2) { fprintf(stderr, "%s [prime|pqg|pqgver|keypair|siggen|sigver]\n", argv[0]); exit(1); } if (!FIPS_mode_set(1)) { do_print_errors(); exit(1); } if (!strcmp(argv[1], "prime")) primes(); else if (!strcmp(argv[1], "pqg")) pqg(); else if (!strcmp(argv[1], "pqgver")) pqgver(); else if (!strcmp(argv[1], "keypair")) keypair(); else if (!strcmp(argv[1], "keyver")) keyver(); else if (!strcmp(argv[1], "siggen")) siggen(); else if (!strcmp(argv[1], "sigver")) sigver(); else { fprintf(stderr, "Don't know how to %s.\n", argv[1]); exit(1); } return 0; }
static void keypair() { char buf[1024]; char lbuf[1024]; char *keyword, *value; int nmod = 0; while (fgets(buf, sizeof buf, stdin) != NULL) { if (!parse_line(&keyword, &value, lbuf, buf)) { fputs(buf, stdout); continue; } if (!strcmp(keyword, "[mod")) nmod = atoi(value); else if (!strcmp(keyword, "N")) { DSA *dsa; int n = atoi(value); printf("[mod = %d]\n\n", nmod); dsa = FIPS_dsa_new(); if (!DSA_generate_parameters_ex (dsa, nmod, NULL, 0, NULL, NULL, NULL)) { do_print_errors(); exit(1); } pbn("P", dsa->p); pbn("Q", dsa->q); pbn("G", dsa->g); putc('\n', stdout); while (n--) { if (!DSA_generate_key(dsa)) { do_print_errors(); exit(1); } pbn("X", dsa->priv_key); pbn("Y", dsa->pub_key); putc('\n', stdout); } } } }
static void pqg() { char buf[1024]; char lbuf[1024]; char *keyword, *value; int nmod = 0; while (fgets(buf, sizeof buf, stdin) != NULL) { if (!parse_line(&keyword, &value, lbuf, buf)) { fputs(buf, stdout); continue; } if (!strcmp(keyword, "[mod")) nmod = atoi(value); else if (!strcmp(keyword, "N")) { int n = atoi(value); printf("[mod = %d]\n\n", nmod); while (n--) { unsigned char seed[20]; DSA *dsa; int counter; unsigned long h; dsa = FIPS_dsa_new(); if (!DSA_generate_parameters_ex (dsa, nmod, seed, 0, &counter, &h, NULL)) { do_print_errors(); exit(1); } pbn("P", dsa->p); pbn("Q", dsa->q); pbn("G", dsa->g); pv("Seed", seed, 20); printf("c = %d\n", counter); printf("H = %lx\n", h); putc('\n', stdout); } } else fputs(buf, stdout); } }
static void siggen() { char buf[1024]; char lbuf[1024]; char *keyword, *value; int nmod = 0; DSA *dsa = NULL; while (fgets(buf, sizeof buf, stdin) != NULL) { if (!parse_line(&keyword, &value, lbuf, buf)) { fputs(buf, stdout); continue; } if (!strcmp(keyword, "[mod")) { nmod = atoi(value); printf("[mod = %d]\n\n", nmod); if (dsa) FIPS_dsa_free(dsa); dsa = FIPS_dsa_new(); if (!DSA_generate_parameters_ex (dsa, nmod, NULL, 0, NULL, NULL, NULL)) { do_print_errors(); exit(1); } pbn("P", dsa->p); pbn("Q", dsa->q); pbn("G", dsa->g); putc('\n', stdout); } else if (!strcmp(keyword, "Msg")) { unsigned char msg[1024]; unsigned char sbuf[60]; unsigned int slen; int n; EVP_PKEY pk; EVP_MD_CTX mctx; DSA_SIG *sig; EVP_MD_CTX_init(&mctx); n = hex2bin(value, msg); pv("Msg", msg, n); if (!DSA_generate_key(dsa)) { do_print_errors(); exit(1); } pk.type = EVP_PKEY_DSA; pk.pkey.dsa = dsa; pbn("Y", dsa->pub_key); EVP_SignInit_ex(&mctx, EVP_dss1(), NULL); EVP_SignUpdate(&mctx, msg, n); EVP_SignFinal(&mctx, sbuf, &slen, &pk); sig = DSA_SIG_new(); FIPS_dsa_sig_decode(sig, sbuf, slen); pbn("R", sig->r); pbn("S", sig->s); putc('\n', stdout); DSA_SIG_free(sig); EVP_MD_CTX_cleanup(&mctx); } } if (dsa) FIPS_dsa_free(dsa); }
static void pqgver() { char buf[1024]; char lbuf[1024]; char *keyword, *value; BIGNUM *p = NULL, *q = NULL, *g = NULL; int counter, counter2; unsigned long h, h2; DSA *dsa = NULL; int nmod = 0; unsigned char seed[1024]; while (fgets(buf, sizeof buf, stdin) != NULL) { if (!parse_line(&keyword, &value, lbuf, buf)) { fputs(buf, stdout); continue; } fputs(buf, stdout); if (!strcmp(keyword, "[mod")) nmod = atoi(value); else if (!strcmp(keyword, "P")) p = hex2bn(value); else if (!strcmp(keyword, "Q")) q = hex2bn(value); else if (!strcmp(keyword, "G")) g = hex2bn(value); else if (!strcmp(keyword, "Seed")) { int slen = hex2bin(value, seed); if (slen != 20) { fprintf(stderr, "Seed parse length error\n"); exit(1); } } else if (!strcmp(keyword, "c")) counter = atoi(buf + 4); else if (!strcmp(keyword, "H")) { h = atoi(value); if (!p || !q || !g) { fprintf(stderr, "Parse Error\n"); exit(1); } dsa = FIPS_dsa_new(); if (!DSA_generate_parameters_ex (dsa, nmod, seed, 20, &counter2, &h2, NULL)) { do_print_errors(); exit(1); } if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) || BN_cmp(dsa->g, g) || (counter != counter2) || (h != h2)) printf("Result = F\n"); else printf("Result = P\n"); BN_free(p); BN_free(q); BN_free(g); p = NULL; q = NULL; g = NULL; FIPS_dsa_free(dsa); dsa = NULL; } } }
int main(int argc, char **argv) { int do_corrupt_rsa_keygen = 0, do_corrupt_dsa_keygen = 0; int bad_rsa = 0, bad_dsa = 0; int do_rng_stick = 0; int no_exit = 0; printf("\tFIPS-mode test application\n\n"); /* Load entropy from external file, if any */ RAND_load_file(".rnd", 1024); if (argv[1]) { /* Corrupted KAT tests */ if (!strcmp(argv[1], "aes")) { FIPS_corrupt_aes(); printf("AES encryption/decryption with corrupted KAT...\n"); } else if (!strcmp(argv[1], "des")) { FIPS_corrupt_des(); printf("DES3-ECB encryption/decryption with corrupted KAT...\n"); } else if (!strcmp(argv[1], "dsa")) { FIPS_corrupt_dsa(); printf ("DSA key generation and signature validation with corrupted KAT...\n"); } else if (!strcmp(argv[1], "rsa")) { FIPS_corrupt_rsa(); printf ("RSA key generation and signature validation with corrupted KAT...\n"); } else if (!strcmp(argv[1], "rsakey")) { printf ("RSA key generation and signature validation with corrupted key...\n"); bad_rsa = 1; no_exit = 1; } else if (!strcmp(argv[1], "rsakeygen")) { do_corrupt_rsa_keygen = 1; no_exit = 1; printf ("RSA key generation and signature validation with corrupted keygen...\n"); } else if (!strcmp(argv[1], "dsakey")) { printf ("DSA key generation and signature validation with corrupted key...\n"); bad_dsa = 1; no_exit = 1; } else if (!strcmp(argv[1], "dsakeygen")) { do_corrupt_dsa_keygen = 1; no_exit = 1; printf ("DSA key generation and signature validation with corrupted keygen...\n"); } else if (!strcmp(argv[1], "sha1")) { FIPS_corrupt_sha1(); printf("SHA-1 hash with corrupted KAT...\n"); } else if (!strcmp(argv[1], "rng")) { FIPS_corrupt_rng(); } else if (!strcmp(argv[1], "rngstick")) { do_rng_stick = 1; no_exit = 1; printf("RNG test with stuck continuous test...\n"); } else { printf("Bad argument \"%s\"\n", argv[1]); exit(1); } if (!no_exit) { if (!FIPS_mode_set(1)) { do_print_errors(); printf("Power-up self test failed\n"); exit(1); } printf("Power-up self test successful\n"); exit(0); } } /* Non-Approved cryptographic operation */ printf("1. Non-Approved cryptographic operation test...\n"); printf("\ta. Included algorithm (D-H)..."); printf(dh_test()? "successful\n" : Fail("FAILED!\n")); /* Power-up self test */ ERR_clear_error(); printf("2. Automatic power-up self test..."); if (!FIPS_mode_set(1)) { do_print_errors(); printf(Fail("FAILED!\n")); exit(1); } printf("successful\n"); if (do_corrupt_dsa_keygen) FIPS_corrupt_dsa_keygen(); if (do_corrupt_rsa_keygen) FIPS_corrupt_rsa_keygen(); if (do_rng_stick) FIPS_rng_stick(); /* AES encryption/decryption */ printf("3. AES encryption/decryption..."); printf(FIPS_aes_test()? "successful\n" : Fail("FAILED!\n")); /* RSA key generation and encryption/decryption */ printf("4. RSA key generation and encryption/decryption..."); printf(FIPS_rsa_test(bad_rsa) ? "successful\n" : Fail("FAILED!\n")); /* DES-CBC encryption/decryption */ printf("5. DES-ECB encryption/decryption..."); printf(FIPS_des3_test()? "successful\n" : Fail("FAILED!\n")); /* DSA key generation and signature validation */ printf("6. DSA key generation and signature validation..."); printf(FIPS_dsa_test(bad_dsa) ? "successful\n" : Fail("FAILED!\n")); /* SHA-1 hash */ printf("7a. SHA-1 hash..."); printf(FIPS_sha1_test()? "successful\n" : Fail("FAILED!\n")); /* SHA-256 hash */ printf("7b. SHA-256 hash..."); printf(FIPS_sha256_test()? "successful\n" : Fail("FAILED!\n")); /* SHA-512 hash */ printf("7c. SHA-512 hash..."); printf(FIPS_sha512_test()? "successful\n" : Fail("FAILED!\n")); /* HMAC-SHA-1 hash */ printf("7d. HMAC-SHA-1 hash..."); printf(FIPS_hmac_sha1_test()? "successful\n" : Fail("FAILED!\n")); /* HMAC-SHA-224 hash */ printf("7e. HMAC-SHA-224 hash..."); printf(FIPS_hmac_sha224_test()? "successful\n" : Fail("FAILED!\n")); /* HMAC-SHA-256 hash */ printf("7f. HMAC-SHA-256 hash..."); printf(FIPS_hmac_sha256_test()? "successful\n" : Fail("FAILED!\n")); /* HMAC-SHA-384 hash */ printf("7g. HMAC-SHA-384 hash..."); printf(FIPS_hmac_sha384_test()? "successful\n" : Fail("FAILED!\n")); /* HMAC-SHA-512 hash */ printf("7h. HMAC-SHA-512 hash..."); printf(FIPS_hmac_sha512_test()? "successful\n" : Fail("FAILED!\n")); /* Non-Approved cryptographic operation */ printf("8. Non-Approved cryptographic operation test...\n"); printf("\ta. Included algorithm (D-H)..."); printf(dh_test()? "successful as expected\n" : Fail("failed INCORRECTLY!\n")); /* Zeroization */ printf("9. Zero-ization...\n"); printf(Zeroize()? "\tsuccessful as expected\n" : Fail("\tfailed INCORRECTLY!\n")); printf("\nAll tests completed with %d errors\n", Error); return Error ? 1 : 0; }
const char *Fail(const char *msg) { do_print_errors(); Error++; return msg; }
int main(int argc, char **argv) { DSA *dsa=NULL; EVP_PKEY pk; int counter,ret=0,i,j; unsigned int slen; unsigned char buf[256]; unsigned long h; BN_GENCB cb; EVP_MD_CTX mctx; BN_GENCB_set(&cb, dsa_cb, stderr); EVP_MD_CTX_init(&mctx); if(!FIPS_mode_set(1)) { do_print_errors(); EXIT(1); } fprintf(stderr,"test generation of DSA parameters\n"); dsa = FIPS_dsa_new(); DSA_generate_parameters_ex(dsa, 1024,seed,20,&counter,&h,&cb); fprintf(stderr,"seed\n"); for (i=0; i<20; i+=4) { fprintf(stderr,"%02X%02X%02X%02X ", seed[i],seed[i+1],seed[i+2],seed[i+3]); } fprintf(stderr,"\ncounter=%d h=%ld\n",counter,h); if (dsa == NULL) goto end; if (counter != 16) { fprintf(stderr,"counter should be 105\n"); goto end; } if (h != 2) { fprintf(stderr,"h should be 2\n"); goto end; } i=BN_bn2bin(dsa->q,buf); j=sizeof(out_q); if ((i != j) || (memcmp(buf,out_q,i) != 0)) { fprintf(stderr,"q value is wrong\n"); goto end; } i=BN_bn2bin(dsa->p,buf); j=sizeof(out_p); if ((i != j) || (memcmp(buf,out_p,i) != 0)) { fprintf(stderr,"p value is wrong\n"); goto end; } i=BN_bn2bin(dsa->g,buf); j=sizeof(out_g); if ((i != j) || (memcmp(buf,out_g,i) != 0)) { fprintf(stderr,"g value is wrong\n"); goto end; } DSA_generate_key(dsa); pk.type = EVP_PKEY_DSA; pk.pkey.dsa = dsa; if (!EVP_SignInit_ex(&mctx, EVP_dss1(), NULL)) goto end; if (!EVP_SignUpdate(&mctx, str1, 20)) goto end; if (!EVP_SignFinal(&mctx, buf, &slen, &pk)) goto end; if (!EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL)) goto end; if (!EVP_VerifyUpdate(&mctx, str1, 20)) goto end; if (EVP_VerifyFinal(&mctx, buf, slen, &pk) != 1) goto end; ret = 1; end: if (!ret) do_print_errors(); if (dsa != NULL) FIPS_dsa_free(dsa); EVP_MD_CTX_cleanup(&mctx); #if 0 CRYPTO_mem_leaks(bio_err); #endif EXIT(!ret); return(!ret); }