kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Make test_fips more chatty.

Browse Source 
This tool exists to demo each of the supported FIPS actions in the
module. This change just makes it more chatty so that it's more obvious
what it's doing when you run it.

Change-Id: I99add6348afd3e3d6497e7111be2de73927d87af
Reviewed-on: https://boringssl-review.googlesource.com/16767
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
Adam Langley 2017-05-31 15:46:28 -07:00
parent c655cb7bf9
commit 2c84a469b0
1 changed files with 60 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
fipstools/test_fips.c
View File

@ -33,6 +33,15 @@
#include "../crypto/internal.h"
static void hexdump(const void *a, size_t len) {
const unsigned char *in = (const unsigned char *)a;
for (size_t i = 0; i < len; i++) {
printf("%02x", in[i]);
}
printf("\n");
}
int main(int argc, char **argv) {
CRYPTO_library_init();
@ -64,8 +73,13 @@ int main(int argc, char **argv) {
printf("AES_set_encrypt_key failed\n");
goto err;
}
printf("About to AES-CBC encrypt ");
hexdump(kPlaintext, sizeof(kPlaintext));
AES_cbc_encrypt(kPlaintext, output, sizeof(kPlaintext), &aes_key, aes_iv,
AES_ENCRYPT);
printf(" got ");
hexdump(output, sizeof(kPlaintext));
/* AES-CBC Decryption */
memset(aes_iv, 0, sizeof(aes_iv));
@ -73,8 +87,12 @@ int main(int argc, char **argv) {
printf("AES decrypt failed\n");
goto err;
}
printf("About to AES-CBC decrypt ");
hexdump(output, sizeof(kPlaintext));
AES_cbc_encrypt(output, output, sizeof(kPlaintext), &aes_key, aes_iv,
AES_DECRYPT);
printf(" got ");
hexdump(output, sizeof(kPlaintext));
size_t out_len;
uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH];
@ -87,20 +105,28 @@ int main(int argc, char **argv) {
}
/* AES-GCM Encryption */
printf("About to AES-GCM seal ");
hexdump(output, sizeof(kPlaintext));
if (!EVP_AEAD_CTX_seal(&aead_ctx, output, &out_len, sizeof(output), nonce,
EVP_AEAD_nonce_length(EVP_aead_aes_128_gcm()),
kPlaintext, sizeof(kPlaintext), NULL, 0)) {
printf("AES-GCM encrypt failed\n");
goto err;
}
printf(" got ");
hexdump(output, out_len);
/* AES-GCM Decryption */
printf("About to AES-GCM open ");
hexdump(output, out_len);
if (!EVP_AEAD_CTX_open(&aead_ctx, output, &out_len, sizeof(output), nonce,
EVP_AEAD_nonce_length(EVP_aead_aes_128_gcm()),
output, out_len, NULL, 0)) {
printf("AES-GCM decrypt failed\n");
goto err;
}
printf(" got ");
hexdump(output, out_len);
EVP_AEAD_CTX_cleanup(&aead_ctx);
@ -112,24 +138,45 @@ int main(int argc, char **argv) {
/* 3DES Encryption */
memcpy(&des_iv, &kDESIV, sizeof(des_iv));
printf("About to 3DES-CBC encrypt ");
hexdump(kPlaintext, sizeof(kPlaintext));
DES_ede3_cbc_encrypt(kPlaintext, output, sizeof(kPlaintext), &des1, &des2,
&des3, &des_iv, DES_ENCRYPT);
printf(" got ");
hexdump(output, sizeof(kPlaintext));
/* 3DES Decryption */
memcpy(&des_iv, &kDESIV, sizeof(des_iv));
printf("About to 3DES-CBC decrypt ");
hexdump(kPlaintext, sizeof(kPlaintext));
DES_ede3_cbc_encrypt(output, output, sizeof(kPlaintext), &des1,
&des2, &des3, &des_iv, DES_DECRYPT);
printf(" got ");
hexdump(output, sizeof(kPlaintext));
/* SHA-1 */
printf("About to SHA-1 hash ");
hexdump(kPlaintext, sizeof(kPlaintext));
SHA1(kPlaintext, sizeof(kPlaintext), output);
printf(" got ");
hexdump(output, SHA_DIGEST_LENGTH);
/* SHA-256 */
printf("About to SHA-256 hash ");
hexdump(kPlaintext, sizeof(kPlaintext));
SHA256(kPlaintext, sizeof(kPlaintext), output);
printf(" got ");
hexdump(output, SHA256_DIGEST_LENGTH);
/* SHA-512 */
printf("About to SHA-512 hash ");
hexdump(kPlaintext, sizeof(kPlaintext));
SHA512(kPlaintext, sizeof(kPlaintext), output);
printf(" got ");
hexdump(output, SHA512_DIGEST_LENGTH);
RSA *rsa_key = RSA_new();
printf("About to generate RSA key\n");
if (!RSA_generate_key_fips(rsa_key, 2048, NULL)) {
printf("RSA_generate_key_fips failed\n");
goto err;
@ -137,13 +184,19 @@ int main(int argc, char **argv) {
/* RSA Sign */
unsigned sig_len;
printf("About to RSA sign ");
hexdump(kPlaintextSHA256, sizeof(kPlaintextSHA256));
if (!RSA_sign(NID_sha256, kPlaintextSHA256, sizeof(kPlaintextSHA256), output,
&sig_len, rsa_key)) {
printf("RSA Sign failed\n");
goto err;
}
printf(" got ");
hexdump(output, sig_len);
/* RSA Verify */
printf("About to RSA verify ");
hexdump(output, sig_len);
if (!RSA_verify(NID_sha256, kPlaintextSHA256, sizeof(kPlaintextSHA256),
output, sig_len, rsa_key)) {
printf("RSA Verify failed.\n");
@ -158,12 +211,15 @@ int main(int argc, char **argv) {
goto err;
}
printf("About to generate P-256 key\n");
if (!EC_KEY_generate_key_fips(ec_key)) {
printf("EC_KEY_generate_key_fips failed\n");
goto err;
}
/* ECDSA Sign/Verify PWCT */
printf("About to ECDSA sign ");
hexdump(kPlaintextSHA256, sizeof(kPlaintextSHA256));
ECDSA_SIG *sig =
ECDSA_do_sign(kPlaintextSHA256, sizeof(kPlaintextSHA256), ec_key);
if (sig == NULL ||
@ -178,6 +234,8 @@ int main(int argc, char **argv) {
/* DBRG */
CTR_DRBG_STATE drbg;
printf("About to seed CTR-DRBG with ");
hexdump(kDRBGEntropy, sizeof(kDRBGEntropy));
if (!CTR_DRBG_init(&drbg, kDRBGEntropy, kDRBGPersonalization,
sizeof(kDRBGPersonalization)) ||
!CTR_DRBG_generate(&drbg, output, sizeof(output), kDRBGAD,
@ -188,6 +246,8 @@ int main(int argc, char **argv) {
printf("DRBG failed\n");
goto err;
}
printf(" generated ");
hexdump(output, sizeof(output));
CTR_DRBG_clear(&drbg);
printf("PASS\n");