commit 2c84a469b0e5500650c95c871a4cec9913ad989b
author Adam Langley <agl@google.com> Wed May 31 15:46:28 2017 -0700
committer Adam Langley <agl@google.com> Thu Jun 01 00:06:39 2017 +0000
tree 4592e270ee50735a2a20ff149777005302ff3841
parent c655cb7bf960f58eb810d005b1d771e13aef55dc

Make test_fips more chatty.

This tool exists to demo each of the supported FIPS actions in the
module. This change just makes it more chatty so that it's more obvious
what it's doing when you run it.

Change-Id: I99add6348afd3e3d6497e7111be2de73927d87af
Reviewed-on: https://boringssl-review.googlesource.com/16767
Reviewed-by: Adam Langley <agl@google.com>

fipstools/test_fips.c

diff --git a/fipstools/test_fips.c b/fipstools/test_fips.c
index 43de9b1..66359c5 100644
--- a/fipstools/test_fips.c
+++ b/fipstools/test_fips.c
@@ -33,6 +33,15 @@
 #include "../crypto/internal.h"
 
 
+static void hexdump(const void *a, size_t len) {
+  const unsigned char *in = (const unsigned char *)a;
+  for (size_t i = 0; i < len; i++) {
+    printf("%02x", in[i]);
+  }
+
+  printf("\n");
+}
+
 int main(int argc, char **argv) {
   CRYPTO_library_init();
 
@@ -64,8 +73,13 @@
     printf("AES_set_encrypt_key failed\n");
     goto err;
   }
+
+  printf("About to AES-CBC encrypt ");
+  hexdump(kPlaintext, sizeof(kPlaintext));
   AES_cbc_encrypt(kPlaintext, output, sizeof(kPlaintext), &aes_key, aes_iv,
                   AES_ENCRYPT);
+  printf("  got ");
+  hexdump(output, sizeof(kPlaintext));
 
   /* AES-CBC Decryption */
   memset(aes_iv, 0, sizeof(aes_iv));
@@ -73,8 +87,12 @@
     printf("AES decrypt failed\n");
     goto err;
   }
+  printf("About to AES-CBC decrypt ");
+  hexdump(output, sizeof(kPlaintext));
   AES_cbc_encrypt(output, output, sizeof(kPlaintext), &aes_key, aes_iv,
                   AES_DECRYPT);
+  printf("  got ");
+  hexdump(output, sizeof(kPlaintext));
 
   size_t out_len;
   uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH];
@@ -87,20 +105,28 @@
   }
 
   /* AES-GCM Encryption */
+  printf("About to AES-GCM seal ");
+  hexdump(output, sizeof(kPlaintext));
   if (!EVP_AEAD_CTX_seal(&aead_ctx, output, &out_len, sizeof(output), nonce,
                          EVP_AEAD_nonce_length(EVP_aead_aes_128_gcm()),
                          kPlaintext, sizeof(kPlaintext), NULL, 0)) {
     printf("AES-GCM encrypt failed\n");
     goto err;
   }
+  printf("  got ");
+  hexdump(output, out_len);
 
   /* AES-GCM Decryption */
+  printf("About to AES-GCM open ");
+  hexdump(output, out_len);
   if (!EVP_AEAD_CTX_open(&aead_ctx, output, &out_len, sizeof(output), nonce,
                          EVP_AEAD_nonce_length(EVP_aead_aes_128_gcm()),
                          output, out_len, NULL, 0)) {
     printf("AES-GCM decrypt failed\n");
     goto err;
   }
+  printf("  got ");
+  hexdump(output, out_len);
 
   EVP_AEAD_CTX_cleanup(&aead_ctx);
 
@@ -112,24 +138,45 @@
 
   /* 3DES Encryption */
   memcpy(&des_iv, &kDESIV, sizeof(des_iv));
+  printf("About to 3DES-CBC encrypt ");
+  hexdump(kPlaintext, sizeof(kPlaintext));
   DES_ede3_cbc_encrypt(kPlaintext, output, sizeof(kPlaintext), &des1, &des2,
                        &des3, &des_iv, DES_ENCRYPT);
+  printf("  got ");
+  hexdump(output, sizeof(kPlaintext));
 
   /* 3DES Decryption */
   memcpy(&des_iv, &kDESIV, sizeof(des_iv));
+  printf("About to 3DES-CBC decrypt ");
+  hexdump(kPlaintext, sizeof(kPlaintext));
   DES_ede3_cbc_encrypt(output, output, sizeof(kPlaintext), &des1,
                        &des2, &des3, &des_iv, DES_DECRYPT);
+  printf("  got ");
+  hexdump(output, sizeof(kPlaintext));
 
   /* SHA-1 */
+  printf("About to SHA-1 hash ");
+  hexdump(kPlaintext, sizeof(kPlaintext));
   SHA1(kPlaintext, sizeof(kPlaintext), output);
+  printf("  got ");
+  hexdump(output, SHA_DIGEST_LENGTH);
 
   /* SHA-256 */
+  printf("About to SHA-256 hash ");
+  hexdump(kPlaintext, sizeof(kPlaintext));
   SHA256(kPlaintext, sizeof(kPlaintext), output);
+  printf("  got ");
+  hexdump(output, SHA256_DIGEST_LENGTH);
 
   /* SHA-512 */
+  printf("About to SHA-512 hash ");
+  hexdump(kPlaintext, sizeof(kPlaintext));
   SHA512(kPlaintext, sizeof(kPlaintext), output);
+  printf("  got ");
+  hexdump(output, SHA512_DIGEST_LENGTH);
 
   RSA *rsa_key = RSA_new();
+  printf("About to generate RSA key\n");
   if (!RSA_generate_key_fips(rsa_key, 2048, NULL)) {
     printf("RSA_generate_key_fips failed\n");
     goto err;
@@ -137,13 +184,19 @@
 
   /* RSA Sign */
   unsigned sig_len;
+  printf("About to RSA sign ");
+  hexdump(kPlaintextSHA256, sizeof(kPlaintextSHA256));
   if (!RSA_sign(NID_sha256, kPlaintextSHA256, sizeof(kPlaintextSHA256), output,
                 &sig_len, rsa_key)) {
     printf("RSA Sign failed\n");
     goto err;
   }
+  printf("  got ");
+  hexdump(output, sig_len);
 
   /* RSA Verify */
+  printf("About to RSA verify ");
+  hexdump(output, sig_len);
   if (!RSA_verify(NID_sha256, kPlaintextSHA256, sizeof(kPlaintextSHA256),
                   output, sig_len, rsa_key)) {
     printf("RSA Verify failed.\n");
@@ -158,12 +211,15 @@
     goto err;
   }
 
+  printf("About to generate P-256 key\n");
   if (!EC_KEY_generate_key_fips(ec_key)) {
     printf("EC_KEY_generate_key_fips failed\n");
     goto err;
   }
 
   /* ECDSA Sign/Verify PWCT */
+  printf("About to ECDSA sign ");
+  hexdump(kPlaintextSHA256, sizeof(kPlaintextSHA256));
   ECDSA_SIG *sig =
       ECDSA_do_sign(kPlaintextSHA256, sizeof(kPlaintextSHA256), ec_key);
   if (sig == NULL ||
@@ -178,6 +234,8 @@
 
   /* DBRG */
   CTR_DRBG_STATE drbg;
+  printf("About to seed CTR-DRBG with ");
+  hexdump(kDRBGEntropy, sizeof(kDRBGEntropy));
   if (!CTR_DRBG_init(&drbg, kDRBGEntropy, kDRBGPersonalization,
                      sizeof(kDRBGPersonalization)) ||
       !CTR_DRBG_generate(&drbg, output, sizeof(output), kDRBGAD,
@@ -188,6 +246,8 @@
     printf("DRBG failed\n");
     goto err;
   }
+  printf("  generated ");
+  hexdump(output, sizeof(output));
   CTR_DRBG_clear(&drbg);
 
   printf("PASS\n");