• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* Copyright (c) 2017, Google Inc.
2  *
3  * Permission to use, copy, modify, and/or distribute this software for any
4  * purpose with or without fee is hereby granted, provided that the above
5  * copyright notice and this permission notice appear in all copies.
6  *
7  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14 
15 /* test_fips exercises various cryptographic primitives for demonstration
16  * purposes in the validation process only. */
17 
18 #include <stdio.h>
19 
20 #include <openssl/aead.h>
21 #include <openssl/aes.h>
22 #include <openssl/bn.h>
23 #include <openssl/crypto.h>
24 #include <openssl/ctrdrbg.h>
25 #include <openssl/des.h>
26 #include <openssl/dh.h>
27 #include <openssl/ecdsa.h>
28 #include <openssl/ec_key.h>
29 #include <openssl/hmac.h>
30 #include <openssl/nid.h>
31 #include <openssl/rsa.h>
32 #include <openssl/sha.h>
33 
34 #include "../../crypto/fipsmodule/rand/internal.h"
35 #include "../../crypto/fipsmodule/tls/internal.h"
36 #include "../../crypto/internal.h"
37 
38 
hexdump(const void * a,size_t len)39 static void hexdump(const void *a, size_t len) {
40   const unsigned char *in = (const unsigned char *)a;
41   for (size_t i = 0; i < len; i++) {
42     printf("%02x", in[i]);
43   }
44 
45   printf("\n");
46 }
47 
main(int argc,char ** argv)48 int main(int argc, char **argv) {
49   CRYPTO_library_init();
50 
51   const uint32_t module_version = FIPS_version();
52   if (module_version == 0) {
53     printf("No module version set\n");
54     goto err;
55   }
56   printf("Module version: %" PRIu32 "\n", module_version);
57 
58   static const uint8_t kAESKey[16] = "BoringCrypto Key";
59   static const uint8_t kPlaintext[64] =
60       "BoringCryptoModule FIPS KAT Encryption and Decryption Plaintext!";
61   static const DES_cblock kDESKey1 = {"BCMDESK1"};
62   static const DES_cblock kDESKey2 = {"BCMDESK2"};
63   static const DES_cblock kDESKey3 = {"BCMDESK3"};
64   static const DES_cblock kDESIV = {"BCMDESIV"};
65   static const uint8_t kPlaintextSHA256[32] = {
66       0x37, 0xbd, 0x70, 0x53, 0x72, 0xfc, 0xd4, 0x03, 0x79, 0x70, 0xfb,
67       0x06, 0x95, 0xb1, 0x2a, 0x82, 0x48, 0xe1, 0x3e, 0xf2, 0x33, 0xfb,
68       0xef, 0x29, 0x81, 0x22, 0x45, 0x40, 0x43, 0x70, 0xce, 0x0f};
69   const uint8_t kDRBGEntropy[48] =
70       "DBRG Initial Entropy                            ";
71   const uint8_t kDRBGPersonalization[18] = "BCMPersonalization";
72   const uint8_t kDRBGAD[16] = "BCM DRBG AD     ";
73   const uint8_t kDRBGEntropy2[48] =
74       "DBRG Reseed Entropy                             ";
75 
76   AES_KEY aes_key;
77   uint8_t aes_iv[16];
78   uint8_t output[256];
79 
80   /* AES-CBC Encryption */
81   memset(aes_iv, 0, sizeof(aes_iv));
82   if (AES_set_encrypt_key(kAESKey, 8 * sizeof(kAESKey), &aes_key) != 0) {
83     printf("AES_set_encrypt_key failed\n");
84     goto err;
85   }
86 
87   printf("About to AES-CBC encrypt ");
88   hexdump(kPlaintext, sizeof(kPlaintext));
89   AES_cbc_encrypt(kPlaintext, output, sizeof(kPlaintext), &aes_key, aes_iv,
90                   AES_ENCRYPT);
91   printf("  got ");
92   hexdump(output, sizeof(kPlaintext));
93 
94   /* AES-CBC Decryption */
95   memset(aes_iv, 0, sizeof(aes_iv));
96   if (AES_set_decrypt_key(kAESKey, 8 * sizeof(kAESKey), &aes_key) != 0) {
97     printf("AES decrypt failed\n");
98     goto err;
99   }
100   printf("About to AES-CBC decrypt ");
101   hexdump(output, sizeof(kPlaintext));
102   AES_cbc_encrypt(output, output, sizeof(kPlaintext), &aes_key, aes_iv,
103                   AES_DECRYPT);
104   printf("  got ");
105   hexdump(output, sizeof(kPlaintext));
106 
107   size_t out_len;
108   uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH];
109   OPENSSL_memset(nonce, 0, sizeof(nonce));
110   EVP_AEAD_CTX aead_ctx;
111   if (!EVP_AEAD_CTX_init(&aead_ctx, EVP_aead_aes_128_gcm(), kAESKey,
112                          sizeof(kAESKey), 0, NULL)) {
113     printf("EVP_AEAD_CTX_init failed\n");
114     goto err;
115   }
116 
117   /* AES-GCM Encryption */
118   printf("About to AES-GCM seal ");
119   hexdump(output, sizeof(kPlaintext));
120   if (!EVP_AEAD_CTX_seal(&aead_ctx, output, &out_len, sizeof(output), nonce,
121                          EVP_AEAD_nonce_length(EVP_aead_aes_128_gcm()),
122                          kPlaintext, sizeof(kPlaintext), NULL, 0)) {
123     printf("AES-GCM encrypt failed\n");
124     goto err;
125   }
126   printf("  got ");
127   hexdump(output, out_len);
128 
129   /* AES-GCM Decryption */
130   printf("About to AES-GCM open ");
131   hexdump(output, out_len);
132   if (!EVP_AEAD_CTX_open(&aead_ctx, output, &out_len, sizeof(output), nonce,
133                          EVP_AEAD_nonce_length(EVP_aead_aes_128_gcm()),
134                          output, out_len, NULL, 0)) {
135     printf("AES-GCM decrypt failed\n");
136     goto err;
137   }
138   printf("  got ");
139   hexdump(output, out_len);
140 
141   EVP_AEAD_CTX_cleanup(&aead_ctx);
142 
143   DES_key_schedule des1, des2, des3;
144   DES_cblock des_iv;
145   DES_set_key(&kDESKey1, &des1);
146   DES_set_key(&kDESKey2, &des2);
147   DES_set_key(&kDESKey3, &des3);
148 
149   /* 3DES Encryption */
150   memcpy(&des_iv, &kDESIV, sizeof(des_iv));
151   printf("About to 3DES-CBC encrypt ");
152   hexdump(kPlaintext, sizeof(kPlaintext));
153   DES_ede3_cbc_encrypt(kPlaintext, output, sizeof(kPlaintext), &des1, &des2,
154                        &des3, &des_iv, DES_ENCRYPT);
155   printf("  got ");
156   hexdump(output, sizeof(kPlaintext));
157 
158   /* 3DES Decryption */
159   memcpy(&des_iv, &kDESIV, sizeof(des_iv));
160   printf("About to 3DES-CBC decrypt ");
161   hexdump(kPlaintext, sizeof(kPlaintext));
162   DES_ede3_cbc_encrypt(output, output, sizeof(kPlaintext), &des1,
163                        &des2, &des3, &des_iv, DES_DECRYPT);
164   printf("  got ");
165   hexdump(output, sizeof(kPlaintext));
166 
167   /* SHA-1 */
168   printf("About to SHA-1 hash ");
169   hexdump(kPlaintext, sizeof(kPlaintext));
170   SHA1(kPlaintext, sizeof(kPlaintext), output);
171   printf("  got ");
172   hexdump(output, SHA_DIGEST_LENGTH);
173 
174   /* SHA-256 */
175   printf("About to SHA-256 hash ");
176   hexdump(kPlaintext, sizeof(kPlaintext));
177   SHA256(kPlaintext, sizeof(kPlaintext), output);
178   printf("  got ");
179   hexdump(output, SHA256_DIGEST_LENGTH);
180 
181   /* SHA-512 */
182   printf("About to SHA-512 hash ");
183   hexdump(kPlaintext, sizeof(kPlaintext));
184   SHA512(kPlaintext, sizeof(kPlaintext), output);
185   printf("  got ");
186   hexdump(output, SHA512_DIGEST_LENGTH);
187 
188   RSA *rsa_key = RSA_new();
189   printf("About to generate RSA key\n");
190   if (!RSA_generate_key_fips(rsa_key, 2048, NULL)) {
191     printf("RSA_generate_key_fips failed\n");
192     goto err;
193   }
194 
195   /* RSA Sign */
196   unsigned sig_len;
197   printf("About to RSA sign ");
198   hexdump(kPlaintextSHA256, sizeof(kPlaintextSHA256));
199   if (!RSA_sign(NID_sha256, kPlaintextSHA256, sizeof(kPlaintextSHA256), output,
200                 &sig_len, rsa_key)) {
201     printf("RSA Sign failed\n");
202     goto err;
203   }
204   printf("  got ");
205   hexdump(output, sig_len);
206 
207   /* RSA Verify */
208   printf("About to RSA verify ");
209   hexdump(output, sig_len);
210   if (!RSA_verify(NID_sha256, kPlaintextSHA256, sizeof(kPlaintextSHA256),
211                   output, sig_len, rsa_key)) {
212     printf("RSA Verify failed.\n");
213     goto err;
214   }
215 
216   RSA_free(rsa_key);
217 
218   EC_KEY *ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
219   if (ec_key == NULL) {
220     printf("invalid ECDSA key\n");
221     goto err;
222   }
223 
224   printf("About to generate P-256 key\n");
225   if (!EC_KEY_generate_key_fips(ec_key)) {
226     printf("EC_KEY_generate_key_fips failed\n");
227     goto err;
228   }
229 
230   /* Primitive Z Computation */
231   const EC_GROUP *const ec_group = EC_KEY_get0_group(ec_key);
232   EC_POINT *z_point = EC_POINT_new(ec_group);
233   uint8_t z_result[65];
234   printf("About to compute key-agreement Z with P-256:\n");
235   if (!EC_POINT_mul(ec_group, z_point, NULL, EC_KEY_get0_public_key(ec_key),
236                     EC_KEY_get0_private_key(ec_key), NULL) ||
237       EC_POINT_point2oct(ec_group, z_point, POINT_CONVERSION_UNCOMPRESSED,
238                          z_result, sizeof(z_result),
239                          NULL) != sizeof(z_result)) {
240     fprintf(stderr, "EC_POINT_mul failed.\n");
241     goto err;
242   }
243   EC_POINT_free(z_point);
244 
245   printf("  got ");
246   hexdump(z_result, sizeof(z_result));
247 
248   /* ECDSA Sign/Verify PWCT */
249   printf("About to ECDSA sign ");
250   hexdump(kPlaintextSHA256, sizeof(kPlaintextSHA256));
251   ECDSA_SIG *sig =
252       ECDSA_do_sign(kPlaintextSHA256, sizeof(kPlaintextSHA256), ec_key);
253   if (sig == NULL ||
254       !ECDSA_do_verify(kPlaintextSHA256, sizeof(kPlaintextSHA256), sig,
255                        ec_key)) {
256     printf("ECDSA Sign/Verify PWCT failed.\n");
257     goto err;
258   }
259 
260   ECDSA_SIG_free(sig);
261   EC_KEY_free(ec_key);
262 
263   /* DBRG */
264   CTR_DRBG_STATE drbg;
265   printf("About to seed CTR-DRBG with ");
266   hexdump(kDRBGEntropy, sizeof(kDRBGEntropy));
267   if (!CTR_DRBG_init(&drbg, kDRBGEntropy, kDRBGPersonalization,
268                      sizeof(kDRBGPersonalization)) ||
269       !CTR_DRBG_generate(&drbg, output, sizeof(output), kDRBGAD,
270                          sizeof(kDRBGAD)) ||
271       !CTR_DRBG_reseed(&drbg, kDRBGEntropy2, kDRBGAD, sizeof(kDRBGAD)) ||
272       !CTR_DRBG_generate(&drbg, output, sizeof(output), kDRBGAD,
273                          sizeof(kDRBGAD))) {
274     printf("DRBG failed\n");
275     goto err;
276   }
277   printf("  generated ");
278   hexdump(output, sizeof(output));
279   CTR_DRBG_clear(&drbg);
280 
281   /* TLS KDF */
282   printf("About to run TLS KDF\n");
283   uint8_t tls_output[32];
284   if (!CRYPTO_tls1_prf(EVP_sha256(), tls_output, sizeof(tls_output), kAESKey,
285                        sizeof(kAESKey), "foo", 3, kPlaintextSHA256,
286                        sizeof(kPlaintextSHA256), kPlaintextSHA256,
287                        sizeof(kPlaintextSHA256))) {
288     fprintf(stderr, "TLS KDF failed.\n");
289     goto err;
290   }
291   printf("  got ");
292   hexdump(tls_output, sizeof(tls_output));
293 
294   /* FFDH */
295   printf("About to compute FFDH key-agreement:\n");
296   DH *dh = DH_get_rfc7919_2048();
297   uint8_t dh_result[2048/8];
298   if (!dh ||
299       !DH_generate_key(dh) ||
300       sizeof(dh_result) != DH_size(dh) ||
301       DH_compute_key_padded(dh_result, DH_get0_pub_key(dh), dh) !=
302           sizeof(dh_result)) {
303     fprintf(stderr, "FFDH failed.\n");
304     goto err;
305   }
306   DH_free(dh);
307 
308   printf("  got ");
309   hexdump(dh_result, sizeof(dh_result));
310 
311   printf("PASS\n");
312   return 0;
313 
314 err:
315   printf("FAIL\n");
316   abort();
317 }
318