7 #include <gnutls/gnutls.h>
8 #include <gnutls/crypto.h>
9 #include <gnutls/abstract.h>
10 #include <gnutls/x509.h>
12 void _gnutls_lib_simulate_error(void);
14 /* This does check the FIPS140 support.
17 static void tls_log_func(int level, const char *str)
19 fprintf(stderr, "<%d>| %s", level, str);
22 static uint8_t key16[16];
23 static uint8_t iv16[16];
29 gnutls_cipher_hd_t ch;
31 gnutls_session_t session;
32 gnutls_pubkey_t pubkey;
33 gnutls_x509_privkey_t xprivkey;
34 gnutls_privkey_t privkey;
35 gnutls_datum_t key = { key16, sizeof(key16) };
36 gnutls_datum_t iv = { iv16, sizeof(iv16) };
39 "Please note that if in FIPS140 mode, you need to assure the library's integrity prior to running this test\n");
41 gnutls_global_set_log_function(tls_log_func);
43 gnutls_global_set_log_level(4711);
45 mode = gnutls_fips140_mode_enabled();
47 success("We are not in FIPS140 mode\n");
53 fail("Cannot initialize library\n");
56 /* Try crypto.h functionality */
58 gnutls_cipher_init(&ch, GNUTLS_CIPHER_AES_128_CBC, &key, &iv);
60 fail("gnutls_cipher_init failed\n");
62 gnutls_cipher_deinit(ch);
64 ret = gnutls_hmac_init(&mh, GNUTLS_MAC_SHA1, key.data, key.size);
66 fail("gnutls_hmac_init failed\n");
68 gnutls_hmac_deinit(mh, NULL);
70 ret = gnutls_rnd(GNUTLS_RND_NONCE, key16, sizeof(key16));
72 fail("gnutls_rnd failed\n");
75 ret = gnutls_pubkey_init(&pubkey);
77 fail("gnutls_pubkey_init failed\n");
79 gnutls_pubkey_deinit(pubkey);
81 ret = gnutls_privkey_init(&privkey);
83 fail("gnutls_privkey_init failed\n");
85 gnutls_privkey_deinit(privkey);
87 ret = gnutls_x509_privkey_init(&xprivkey);
89 fail("gnutls_privkey_init failed\n");
91 gnutls_x509_privkey_deinit(xprivkey);
93 ret = gnutls_init(&session, 0);
95 fail("gnutls_init failed\n");
97 gnutls_deinit(session);
99 /* Test when FIPS140 is set to error state */
100 _gnutls_lib_simulate_error();
103 /* Try crypto.h functionality */
105 gnutls_cipher_init(&ch, GNUTLS_CIPHER_AES_128_CBC, &key, &iv);
107 fail("gnutls_cipher_init succeeded when in FIPS140 error state\n");
110 ret = gnutls_hmac_init(&mh, GNUTLS_MAC_SHA1, key.data, key.size);
112 fail("gnutls_hmac_init succeeded when in FIPS140 error state\n");
115 ret = gnutls_rnd(GNUTLS_RND_NONCE, key16, sizeof(key16));
117 fail("gnutls_rnd succeeded when in FIPS140 error state\n");
120 ret = gnutls_pubkey_init(&pubkey);
122 fail("gnutls_pubkey_init succeeded when in FIPS140 error state\n");
125 ret = gnutls_privkey_init(&privkey);
127 fail("gnutls_privkey_init succeeded when in FIPS140 error state\n");
130 ret = gnutls_x509_privkey_init(&xprivkey);
132 fail("gnutls_x509_privkey_init succeeded when in FIPS140 error state\n");
135 ret = gnutls_init(&session, 0);
137 fail("gnutls_init succeeded when in FIPS140 error state\n");
140 gnutls_global_deinit();