/* ====================================================================
* Copyright (c) 2003 The OpenSSL Project. All rights reserved.
*
*
* This command is intended as a test driver for the FIPS-140 testing
* lab performing FIPS-140 validation. It demonstrates the use of the
* OpenSSL library ito perform a variety of common cryptographic
* functions. A power-up self test is demonstrated by deliberately
* pointing to an invalid executable hash
*
* Contributed by Steve Marquess.
*
*/
#define OPENSSL_FIPSAPI
#include <stdio.h>
#include <assert.h>
#include <ctype.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/cmac.h>
#include <openssl/sha.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/rand.h>
#ifndef OPENSSL_FIPS
int main(int argc, char *argv[])
{
printf("No FIPS support\n");
return(0);
}
#else
#define ERR_clear_error() while(0)
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include <openssl/dh.h>
#include <openssl/fips.h>
#include <openssl/fips_rand.h>
#include "fips_utl.h"
/* AES: encrypt and decrypt known plaintext, verify result matches original plaintext
*/
static int FIPS_aes_test(void)
{
int ret = 0;
unsigned char pltmp[16];
unsigned char citmp[16];
unsigned char key[16] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
unsigned char plaintext[16] = "etaonrishdlcu";
EVP_CIPHER_CTX ctx;
FIPS_cipher_ctx_init(&ctx);
if (FIPS_cipherinit(&ctx, EVP_aes_128_ecb(), key, NULL, 1) <= 0)
goto err;
FIPS_cipher(&ctx, citmp, plaintext, 16);
if (FIPS_cipherinit(&ctx, EVP_aes_128_ecb(), key, NULL, 0) <= 0)
goto err;
FIPS_cipher(&ctx, pltmp, citmp, 16);
if (memcmp(pltmp, plaintext, 16))
goto err;
ret = 1;
err:
FIPS_cipher_ctx_cleanup(&ctx);
return ret;
}
static int FIPS_aes_gcm_test(void)
{
int ret = 0;
unsigned char pltmp[16];
unsigned char citmp[16];
unsigned char tagtmp[16];
unsigned char key[16] = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
unsigned char iv[16] = {21,22,23,24,25,26,27,28,29,30,31,32};
unsigned char aad[] = "Some text AAD";
unsigned char plaintext[