1 #include <config.h>
2 #include <stdint.h>
3 #include <stdio.h>
4 #include <string.h>
5 #include <utils.h>
6 #include <stdlib.h>
7 #include <gnutls/gnutls.h>
8 #include <gnutls/crypto.h>
9 #include <gnutls/abstract.h>
10 #include <gnutls/x509.h>
11
12 void _gnutls_lib_simulate_error(void);
13
14 /* This does check the FIPS140 support.
15 */
16
tls_log_func(int level,const char * str)17 static void tls_log_func(int level, const char *str)
18 {
19 fprintf(stderr, "<%d>| %s", level, str);
20 }
21
22 static uint8_t key16[16];
23 static uint8_t iv16[16];
24
doit(void)25 void doit(void)
26 {
27 int ret;
28 unsigned int mode;
29 gnutls_cipher_hd_t ch;
30 gnutls_hmac_hd_t mh;
31 gnutls_session_t session;
32 gnutls_pubkey_t pubkey;
33 gnutls_x509_privkey_t xprivkey;
34 gnutls_privkey_t privkey;
35 gnutls_datum_t key = { key16, sizeof(key16) };
36 gnutls_datum_t iv = { iv16, sizeof(iv16) };
37
38 fprintf(stderr,
39 "Please note that if in FIPS140 mode, you need to assure the library's integrity prior to running this test\n");
40
41 gnutls_global_set_log_function(tls_log_func);
42 if (debug)
43 gnutls_global_set_log_level(4711);
44
45 mode = gnutls_fips140_mode_enabled();
46 if (mode == 0) {
47 success("We are not in FIPS140 mode\n");
48 exit(77);
49 }
50
51 ret = global_init();
52 if (ret < 0) {
53 fail("Cannot initialize library\n");
54 }
55
56 /* Try crypto.h functionality */
57 ret =
58 gnutls_cipher_init(&ch, GNUTLS_CIPHER_AES_128_CBC, &key, &iv);
59 if (ret < 0) {
60 fail("gnutls_cipher_init failed\n");
61 }
62 gnutls_cipher_deinit(ch);
63
64 ret =
65 gnutls_cipher_init(&ch, GNUTLS_CIPHER_ARCFOUR_128, &key, &iv);
66 if (ret != GNUTLS_E_UNWANTED_ALGORITHM) {
67 fail("gnutls_cipher_init succeeded for arcfour\n");
68 }
69
70 ret = gnutls_hmac_init(&mh, GNUTLS_MAC_SHA1, key.data, key.size);
71 if (ret < 0) {
72 fail("gnutls_hmac_init failed\n");
73 }
74 gnutls_hmac_deinit(mh, NULL);
75
76 ret = gnutls_hmac_init(&mh, GNUTLS_MAC_MD5, key.data, key.size);
77 if (ret != GNUTLS_E_UNWANTED_ALGORITHM) {
78 fail("gnutls_hmac_init succeeded for md5\n");
79 }
80
81 ret = gnutls_rnd(GNUTLS_RND_NONCE, key16, sizeof(key16));
82 if (ret < 0) {
83 fail("gnutls_rnd failed\n");
84 }
85
86 ret = gnutls_pubkey_init(&pubkey);
87 if (ret < 0) {
88 fail("gnutls_pubkey_init failed\n");
89 }
90 gnutls_pubkey_deinit(pubkey);
91
92 ret = gnutls_privkey_init(&privkey);
93 if (ret < 0) {
94 fail("gnutls_privkey_init failed\n");
95 }
96 gnutls_privkey_deinit(privkey);
97
98 ret = gnutls_init(&session, 0);
99 if (ret < 0) {
100 fail("gnutls_init failed\n");
101 }
102 gnutls_deinit(session);
103
104 ret = gnutls_x509_privkey_init(&xprivkey);
105 if (ret < 0) {
106 fail("gnutls_privkey_init failed\n");
107 }
108 ret = gnutls_x509_privkey_generate(xprivkey, GNUTLS_PK_RSA, 512, 0);
109 if (ret != GNUTLS_E_PK_GENERATION_ERROR) {
110 fail("gnutls_x509_privkey_generate succeeded (%d) for 512-bit key\n", ret);
111 }
112 gnutls_x509_privkey_deinit(xprivkey);
113
114 /* Test when FIPS140 is set to error state */
115 _gnutls_lib_simulate_error();
116
117
118 /* Try crypto.h functionality */
119 ret =
120 gnutls_cipher_init(&ch, GNUTLS_CIPHER_AES_128_CBC, &key, &iv);
121 if (ret >= 0) {
122 fail("gnutls_cipher_init succeeded when in FIPS140 error state\n");
123 }
124
125 ret = gnutls_hmac_init(&mh, GNUTLS_MAC_SHA1, key.data, key.size);
126 if (ret >= 0) {
127 fail("gnutls_hmac_init succeeded when in FIPS140 error state\n");
128 }
129
130 ret = gnutls_rnd(GNUTLS_RND_NONCE, key16, sizeof(key16));
131 if (ret >= 0) {
132 fail("gnutls_rnd succeeded when in FIPS140 error state\n");
133 }
134
135 ret = gnutls_pubkey_init(&pubkey);
136 if (ret >= 0) {
137 fail("gnutls_pubkey_init succeeded when in FIPS140 error state\n");
138 }
139
140 ret = gnutls_privkey_init(&privkey);
141 if (ret >= 0) {
142 fail("gnutls_privkey_init succeeded when in FIPS140 error state\n");
143 }
144
145 ret = gnutls_x509_privkey_init(&xprivkey);
146 if (ret >= 0) {
147 fail("gnutls_x509_privkey_init succeeded when in FIPS140 error state\n");
148 }
149
150 ret = gnutls_init(&session, 0);
151 if (ret >= 0) {
152 fail("gnutls_init succeeded when in FIPS140 error state\n");
153 }
154
155 gnutls_global_deinit();
156 return;
157 }
158