|
Packit |
aea12f |
#include <config.h>
|
|
Packit |
aea12f |
#include <stdint.h>
|
|
Packit |
aea12f |
#include <stdio.h>
|
|
Packit |
aea12f |
#include <string.h>
|
|
Packit |
aea12f |
#include <utils.h>
|
|
Packit |
aea12f |
#include <stdlib.h>
|
|
Packit |
aea12f |
#include <gnutls/gnutls.h>
|
|
Packit |
aea12f |
#include <gnutls/crypto.h>
|
|
Packit |
aea12f |
#include <gnutls/abstract.h>
|
|
Packit |
aea12f |
#include <gnutls/x509.h>
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
void _gnutls_lib_simulate_error(void);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* This does check the FIPS140 support.
|
|
Packit |
aea12f |
*/
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static void tls_log_func(int level, const char *str)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
fprintf(stderr, "<%d>| %s", level, str);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static uint8_t key16[16];
|
|
Packit |
aea12f |
static uint8_t iv16[16];
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
void doit(void)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
int ret;
|
|
Packit |
aea12f |
unsigned int mode;
|
|
Packit |
aea12f |
gnutls_cipher_hd_t ch;
|
|
Packit |
aea12f |
gnutls_hmac_hd_t mh;
|
|
Packit |
aea12f |
gnutls_session_t session;
|
|
Packit |
aea12f |
gnutls_pubkey_t pubkey;
|
|
Packit |
aea12f |
gnutls_x509_privkey_t xprivkey;
|
|
Packit |
aea12f |
gnutls_privkey_t privkey;
|
|
Packit |
aea12f |
gnutls_datum_t key = { key16, sizeof(key16) };
|
|
Packit |
aea12f |
gnutls_datum_t iv = { iv16, sizeof(iv16) };
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
fprintf(stderr,
|
|
Packit |
aea12f |
"Please note that if in FIPS140 mode, you need to assure the library's integrity prior to running this test\n");
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_global_set_log_function(tls_log_func);
|
|
Packit |
aea12f |
if (debug)
|
|
Packit |
aea12f |
gnutls_global_set_log_level(4711);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
mode = gnutls_fips140_mode_enabled();
|
|
Packit |
aea12f |
if (mode == 0) {
|
|
Packit |
aea12f |
success("We are not in FIPS140 mode\n");
|
|
Packit |
aea12f |
exit(77);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = global_init();
|
|
Packit |
aea12f |
if (ret < 0) {
|
|
Packit |
aea12f |
fail("Cannot initialize library\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* Try crypto.h functionality */
|
|
Packit |
aea12f |
ret =
|
|
Packit |
aea12f |
gnutls_cipher_init(&ch, GNUTLS_CIPHER_AES_128_CBC, &key, &iv;;
|
|
Packit |
aea12f |
if (ret < 0) {
|
|
Packit |
aea12f |
fail("gnutls_cipher_init failed\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
gnutls_cipher_deinit(ch);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret =
|
|
Packit |
aea12f |
gnutls_cipher_init(&ch, GNUTLS_CIPHER_ARCFOUR_128, &key, &iv;;
|
|
Packit |
aea12f |
if (ret != GNUTLS_E_UNWANTED_ALGORITHM) {
|
|
Packit |
aea12f |
fail("gnutls_cipher_init succeeded for arcfour\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = gnutls_hmac_init(&mh, GNUTLS_MAC_SHA1, key.data, key.size);
|
|
Packit |
aea12f |
if (ret < 0) {
|
|
Packit |
aea12f |
fail("gnutls_hmac_init failed\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
gnutls_hmac_deinit(mh, NULL);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = gnutls_hmac_init(&mh, GNUTLS_MAC_MD5, key.data, key.size);
|
|
Packit |
aea12f |
if (ret != GNUTLS_E_UNWANTED_ALGORITHM) {
|
|
Packit |
aea12f |
fail("gnutls_hmac_init succeeded for md5\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = gnutls_rnd(GNUTLS_RND_NONCE, key16, sizeof(key16));
|
|
Packit |
aea12f |
if (ret < 0) {
|
|
Packit |
aea12f |
fail("gnutls_rnd failed\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = gnutls_pubkey_init(&pubkey);
|
|
Packit |
aea12f |
if (ret < 0) {
|
|
Packit |
aea12f |
fail("gnutls_pubkey_init failed\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
gnutls_pubkey_deinit(pubkey);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = gnutls_privkey_init(&privkey);
|
|
Packit |
aea12f |
if (ret < 0) {
|
|
Packit |
aea12f |
fail("gnutls_privkey_init failed\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
gnutls_privkey_deinit(privkey);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = gnutls_init(&session, 0);
|
|
Packit |
aea12f |
if (ret < 0) {
|
|
Packit |
aea12f |
fail("gnutls_init failed\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
gnutls_deinit(session);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = gnutls_x509_privkey_init(&xprivkey);
|
|
Packit |
aea12f |
if (ret < 0) {
|
|
Packit |
aea12f |
fail("gnutls_privkey_init failed\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
ret = gnutls_x509_privkey_generate(xprivkey, GNUTLS_PK_RSA, 512, 0);
|
|
Packit |
aea12f |
if (ret != GNUTLS_E_PK_GENERATION_ERROR) {
|
|
Packit |
aea12f |
fail("gnutls_x509_privkey_generate succeeded (%d) for 512-bit key\n", ret);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
gnutls_x509_privkey_deinit(xprivkey);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* Test when FIPS140 is set to error state */
|
|
Packit |
aea12f |
_gnutls_lib_simulate_error();
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* Try crypto.h functionality */
|
|
Packit |
aea12f |
ret =
|
|
Packit |
aea12f |
gnutls_cipher_init(&ch, GNUTLS_CIPHER_AES_128_CBC, &key, &iv;;
|
|
Packit |
aea12f |
if (ret >= 0) {
|
|
Packit |
aea12f |
fail("gnutls_cipher_init succeeded when in FIPS140 error state\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = gnutls_hmac_init(&mh, GNUTLS_MAC_SHA1, key.data, key.size);
|
|
Packit |
aea12f |
if (ret >= 0) {
|
|
Packit |
aea12f |
fail("gnutls_hmac_init succeeded when in FIPS140 error state\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = gnutls_rnd(GNUTLS_RND_NONCE, key16, sizeof(key16));
|
|
Packit |
aea12f |
if (ret >= 0) {
|
|
Packit |
aea12f |
fail("gnutls_rnd succeeded when in FIPS140 error state\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = gnutls_pubkey_init(&pubkey);
|
|
Packit |
aea12f |
if (ret >= 0) {
|
|
Packit |
aea12f |
fail("gnutls_pubkey_init succeeded when in FIPS140 error state\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = gnutls_privkey_init(&privkey);
|
|
Packit |
aea12f |
if (ret >= 0) {
|
|
Packit |
aea12f |
fail("gnutls_privkey_init succeeded when in FIPS140 error state\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = gnutls_x509_privkey_init(&xprivkey);
|
|
Packit |
aea12f |
if (ret >= 0) {
|
|
Packit |
aea12f |
fail("gnutls_x509_privkey_init succeeded when in FIPS140 error state\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = gnutls_init(&session, 0);
|
|
Packit |
aea12f |
if (ret >= 0) {
|
|
Packit |
aea12f |
fail("gnutls_init succeeded when in FIPS140 error state\n");
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_global_deinit();
|
|
Packit |
aea12f |
return;
|
|
Packit |
aea12f |
}
|