"DSA",
- [ "PQGGen", "fips_dssvs pqg" ],
- [ "KeyPair", "fips_dssvs keypair" ],
- [ "SigGen", "fips_dssvs siggen" ],
- [ "SigVer", "fips_dssvs sigver" ]
+ [ "PQGGen", "fips_dssvs pqg", "path:[^C]DSA/.*PQGGen" ],
+ [ "KeyPair", "fips_dssvs keypair", "path:[^C]DSA/.*KeyPair" ],
+ [ "SigGen", "fips_dssvs siggen", "path:[^C]DSA/.*SigGen" ],
+ [ "SigVer", "fips_dssvs sigver", "path:[^C]DSA/.*SigVer" ]
);
my @fips_dsa_pqgver_test_list = (
- [ "PQGVer", "fips_dssvs pqgver" ]
+ [ "PQGVer", "fips_dssvs pqgver", "path:[^C]DSA/.*PQGVer" ]
+
+);
+
+# DSA2 tests
+my @fips_dsa2_test_list = (
+
+ "DSA2",
+
+ [ "PQGGen", "fips_dssvs pqg", "path:[^C]DSA2/.*PQGGen" ],
+ [ "KeyPair", "fips_dssvs keypair", "path:[^C]DSA2/.*KeyPair" ],
+ [ "SigGen", "fips_dssvs siggen", "path:[^C]DSA2/.*SigGen" ],
+ [ "SigVer", "fips_dssvs sigver", "path:[^C]DSA2/.*SigVer" ],
+ [ "PQGVer", "fips_dssvs pqgver", "path:[^C]DSA2/.*PQGVer" ]
+
+);
+
+# ECDSA and ECDSA2 tests
+my @fips_ecdsa_test_list = (
+
+ "ECDSA",
+
+ [ "KeyPair", "fips_ecdsavs KeyPair", "path:/ECDSA/.*KeyPair" ],
+ [ "PKV", "fips_ecdsavs PKV", "path:/ECDSA/.*PKV" ],
+ [ "SigGen", "fips_ecdsavs SigGen", "path:/ECDSA/.*SigGen" ],
+ [ "SigVer", "fips_ecdsavs SigVer", "path:/ECDSA/.*SigVer" ],
+
+ "ECDSA2",
+
+ [ "KeyPair", "fips_ecdsavs KeyPair", "path:/ECDSA2/.*KeyPair" ],
+ [ "PKV", "fips_ecdsavs PKV", "path:/ECDSA2/.*PKV" ],
+ [ "SigGen", "fips_ecdsavs SigGen", "path:/ECDSA2/.*SigGen" ],
+ [ "SigVer", "fips_ecdsavs SigVer", "path:/ECDSA2/.*SigVer" ],
);
my @fips_rsa_pss0_test_list = (
[ "SigGenPSS(0)", "fips_rsastest -saltlen 0",
- '^\s*#\s*salt\s+len:\s+0\s*$' ],
+ 'file:^\s*#\s*salt\s+len:\s+0\s*$' ],
[ "SigVerPSS(0)", "fips_rsavtest -saltlen 0",
- '^\s*#\s*salt\s+len:\s+0\s*$' ],
+ 'file:^\s*#\s*salt\s+len:\s+0\s*$' ],
);
my @fips_rsa_pss62_test_list = (
[ "SigGenPSS(62)", "fips_rsastest -saltlen 62",
- '^\s*#\s*salt\s+len:\s+62\s*$' ],
+ 'file:^\s*#\s*salt\s+len:\s+62\s*$' ],
[ "SigVerPSS(62)", "fips_rsavtest -saltlen 62",
- '^\s*#\s*salt\s+len:\s+62\s*$' ],
+ 'file:^\s*#\s*salt\s+len:\s+62\s*$' ],
);
# SHA tests
);
+my @fips_aes_ccm_test_list = (
+
+ # AES CCM tests
+
+ "AES CCM",
+
+ [ "DVPT128", "fips_gcmtest -ccm" ],
+ [ "DVPT192", "fips_gcmtest -ccm" ],
+ [ "DVPT256", "fips_gcmtest -ccm" ],
+ [ "VADT128", "fips_gcmtest -ccm" ],
+ [ "VADT192", "fips_gcmtest -ccm" ],
+ [ "VADT256", "fips_gcmtest -ccm" ],
+ [ "VNT128", "fips_gcmtest -ccm" ],
+ [ "VNT192", "fips_gcmtest -ccm" ],
+ [ "VNT256", "fips_gcmtest -ccm" ],
+ [ "VPT128", "fips_gcmtest -ccm" ],
+ [ "VPT192", "fips_gcmtest -ccm" ],
+ [ "VPT256", "fips_gcmtest -ccm" ],
+ [ "VTT128", "fips_gcmtest -ccm" ],
+ [ "VTT192", "fips_gcmtest -ccm" ],
+ [ "VTT256", "fips_gcmtest -ccm" ]
+
+);
+
+my @fips_aes_gcm_test_list = (
+
+ # AES GCM tests
+
+ "AES GCM",
+
+ [ "gcmDecrypt128", "fips_gcmtest -decrypt" ],
+ [ "gcmDecrypt192", "fips_gcmtest -decrypt" ],
+ [ "gcmDecrypt256", "fips_gcmtest -decrypt" ],
+ [ "gcmEncryptIntIV128", "fips_gcmtest -encrypt" ],
+ [ "gcmEncryptIntIV192", "fips_gcmtest -encrypt" ],
+ [ "gcmEncryptIntIV256", "fips_gcmtest -encrypt" ],
+
+);
+
+my @fips_aes_xts_test_list = (
+ # AES XTS tests
+
+ "AES XTS",
+
+ [ "XTSGenAES128", "fips_gcmtest -xts" ],
+ [ "XTSGenAES256", "fips_gcmtest -xts" ],
+
+);
+
# Triple DES tests
my @fips_des3_test_list = (
);
+my @fips_drbg_test_list = (
+
+ # SP800-90 DRBG tests
+ "SP800-90 DRBG",
+ [ "CTR_DRBG", "fips_drbgvs" ],
+ [ "Dual_EC_DRBG", "fips_drbgvs" ],
+ [ "Hash_DRBG", "fips_drbgvs" ],
+ [ "HMAC_DRBG", "fips_drbgvs" ]
+
+);
+
+my @fips_dh_test_list = (
+
+ # DH
+ "DH Ephemeral Primitives Only",
+ [ "KASValidityTest_FFCEphem_NOKC_ZZOnly_init", "fips_dhvs dhver" ],
+ [ "KASValidityTest_FFCEphem_NOKC_ZZOnly_resp", "fips_dhvs dhver" ],
+
+);
+
+my @fips_ecdh_test_list = (
+
+ # ECDH
+ "ECDH Ephemeral Primitives Only",
+ [ "KAS_ECC_CDH_PrimitiveTest", "fips_ecdhvs ecdhgen" ],
+# [ "KASValidityTest_ECCEphemeralUnified_NOKC_ZZOnly_init",
+# "fips_ecdhvs ecdhver" ],
+# [ "KASValidityTest_ECCEphemeralUnified_NOKC_ZZOnly_resp",
+# "fips_ecdhvs ecdhver" ],
+
+);
+
+
# Verification special cases.
# In most cases the output of a test is deterministic and
# it can be compared to a known good result. A few involve
#
my %verify_special = (
- "PQGGen" => "fips_dssvs pqgver",
- "KeyPair" => "fips_dssvs keyver",
- "SigGen" => "fips_dssvs sigver",
- "SigGen15" => "fips_rsavtest",
- "SigGenRSA" => "fips_rsavtest -x931",
- "SigGenPSS(0)" => "fips_rsavtest -saltlen 0",
- "SigGenPSS(62)" => "fips_rsavtest -saltlen 62",
+ "DSA:PQGGen" => "fips_dssvs pqgver",
+ "DSA:KeyPair" => "fips_dssvs keyver",
+ "DSA:SigGen" => "fips_dssvs sigver",
+ "DSA2:PQGGen" => "fips_dssvs pqgver",
+ "DSA2:KeyPair" => "fips_dssvs keyver",
+ "DSA2:SigGen" => "fips_dssvs sigver",
+ "ECDSA:KeyPair" => "fips_ecdsavs PKV",
+ "ECDSA:SigGen" => "fips_ecdsavs SigVer",
+ "ECDSA2:KeyPair" => "fips_ecdsavs PKV",
+ "ECDSA2:SigGen" => "fips_ecdsavs SigVer",
+ "RSA:SigGen15" => "fips_rsavtest",
+ "RSA:SigGenRSA" => "fips_rsavtest -x931",
+ "RSA:SigGenPSS(0)" => "fips_rsavtest -saltlen 0",
+ "RSA:SigGenPSS(62)" => "fips_rsavtest -saltlen 62",
+ "ECDH Ephemeral Primitives Only:KAS_ECC_CDH_PrimitiveTest" => "skip"
);
my $win32 = $^O =~ m/mswin/i;
my $quiet = 0;
my $notest = 0;
my $verify = 1;
-my $rspdir = "rsp";
+my $rspdir = "resp";
my $ignore_missing = 0;
my $ignore_bogus = 0;
my $bufout = '';
my $list_tests = 0;
my $minimal_script = 0;
my $outfile = '';
+my $no_warn_missing = 0;
+my $no_warn_bogus = 0;
+my $rmcmd = "rm -rf";
+my $mkcmd = "mkdir";
+my $cmpall = 0;
my %fips_enabled = (
dsa => 1,
- "dsa-pqgver" => 0,
+ dsa2 => 2,
+ "dsa-pqgver" => 2,
+ ecdsa => 2,
rsa => 1,
- "rsa-pss0" => 0,
+ "rsa-pss0" => 2,
"rsa-pss62" => 1,
sha => 1,
hmac => 1,
- cmac => 0,
+ cmac => 2,
"rand-aes" => 1,
"rand-des2" => 0,
aes => 1,
- "aes-cfb1" => 0,
+ "aes-cfb1" => 2,
des3 => 1,
- "des3-cfb1" => 0
+ "des3-cfb1" => 2,
+ drbg => 2,
+ "aes-ccm" => 2,
+ "aes-xts" => 2,
+ "aes-gcm" => 2,
+ dh => 0,
+ ecdh => 2,
+ v2 => 1,
);
foreach (@ARGV) {
elsif ( $_ eq "--debug" ) {
$debug = 1;
}
+ elsif ( $_ eq "--quiet-missing" ) {
+ $ignore_missing = 1;
+ $no_warn_missing = 1;
+ }
elsif ( $_ eq "--ignore-missing" ) {
$ignore_missing = 1;
}
+ elsif ( $_ eq "--quiet-bogus" ) {
+ $ignore_bogus = 1;
+ $no_warn_bogus = 1;
+ }
elsif ( $_ eq "--ignore-bogus" ) {
$ignore_bogus = 1;
}
} elsif ( $_ eq "--generate" ) {
$verify = 0;
}
+ elsif ( $_ eq "--compare-all" ) {
+ $cmpall = 1;
+ }
elsif ( $_ eq "--notest" ) {
$notest = 1;
}
elsif (/--tprefix=(.*)$/) {
$tprefix = $1;
}
+ elsif (/^--disable-all$/) {
+ foreach (keys %fips_enabled) {
+ $fips_enabled{$_} = 0;
+ }
+ }
elsif (/^--(enable|disable)-(.*)$/) {
if ( !exists $fips_enabled{$2} ) {
print STDERR "Unknown test $2\n";
+ exit(1);
}
if ( $1 eq "enable" ) {
$fips_enabled{$2} = 1;
elsif (/--filter=(.*)$/) {
$filter = $1;
}
+ elsif (/--rm=(.*)$/) {
+ $rmcmd = $1;
+ }
+ elsif (/--script-tprefix=(.*)$/) {
+ $stprefix = $1;
+ }
+ elsif (/--mkdir=(.*)$/) {
+ $mkcmd = $1;
+ }
elsif (/^--list-tests$/) {
$list_tests = 1;
}
my @fips_test_list;
+
+if (!$fips_enabled{"v2"}) {
+ foreach (keys %fips_enabled) {
+ $fips_enabled{$_} = 0 if $fips_enabled{$_} == 2;
+ }
+}
+
push @fips_test_list, @fips_dsa_test_list if $fips_enabled{"dsa"};
push @fips_test_list, @fips_dsa_pqgver_test_list if $fips_enabled{"dsa-pqgver"};
+push @fips_test_list, @fips_dsa2_test_list if $fips_enabled{"dsa2"};
+push @fips_test_list, @fips_ecdsa_test_list if $fips_enabled{"ecdsa"};
push @fips_test_list, @fips_rsa_test_list if $fips_enabled{"rsa"};
push @fips_test_list, @fips_rsa_pss0_test_list if $fips_enabled{"rsa-pss0"};
push @fips_test_list, @fips_rsa_pss62_test_list if $fips_enabled{"rsa-pss62"};
push @fips_test_list, @fips_aes_cfb1_test_list if $fips_enabled{"aes-cfb1"};
push @fips_test_list, @fips_des3_test_list if $fips_enabled{"des3"};
push @fips_test_list, @fips_des3_cfb1_test_list if $fips_enabled{"des3-cfb1"};
+push @fips_test_list, @fips_drbg_test_list if $fips_enabled{"drbg"};
+push @fips_test_list, @fips_aes_ccm_test_list if $fips_enabled{"aes-ccm"};
+push @fips_test_list, @fips_aes_gcm_test_list if $fips_enabled{"aes-gcm"};
+push @fips_test_list, @fips_aes_xts_test_list if $fips_enabled{"aes-xts"};
+push @fips_test_list, @fips_dh_test_list if $fips_enabled{"dh"};
+push @fips_test_list, @fips_ecdh_test_list if $fips_enabled{"ecdh"};
if ($list_tests) {
my ( $test, $en );
my $nm = $$_[0];
$$_[3] = "";
$$_[4] = "";
- print STDERR "Duplicate test $nm\n" if exists $fips_tests{$nm};
- $fips_tests{$nm} = $_;
}
$tvdir = "." unless defined $tvdir;
( my $cmd ) = ( $0 =~ m#([^/]+)$# );
print <<EOF;
$cmd: generate run CAVP algorithm tests
- --debug Enable debug output
- --dir=<dirname> Optional root for *.req file search
- --filter=<regexp>
- --onedir <dirname> Assume all components in current directory
- --rspdir=<dirname> Name of subdirectories containing *.rsp files, default "rsp"
- --tprefix=<prefix>
- --ignore-bogus Ignore duplicate or bogus files
- --ignore-missing Ignore missing test files
- --quiet Shhh....
- --generate Generate algorithm test output
- --win32 Win32 environment
- --enable-<alg> Enable algorithm set <alg>.
- --disable-<alg> Disable algorithm set <alg>.
+ --debug Enable debug output
+ --dir=<dirname> Optional root for *.req file search
+ --filter=<regexp> Regex for input files of interest
+ --onedir <dirname> Assume all components in current directory
+ --rspdir=<dirname> Name of subdirectories containing *.rsp files, default "resp"
+ --tprefix=<prefix> Pathname prefix for directory containing test programs
+ --ignore-bogus Ignore duplicate or bogus files
+ --ignore-missing Ignore missing test files
+ --quiet Shhh....
+ --quiet-bogus Skip unrecognized file warnings
+ --quiet-missing Skip missing request file warnings
+ --generate Generate algorithm test output
+ --generate-script=<filename> Generate script to call algorithm programs
+ --minimal-script Simplest possible output for --generate-script
+ --win32 Win32 environment
+ --compare-all Verify unconditionally for all tests
+ --list-tests Show individual tests
+ --mkdir=<cmd> Specify "mkdir" command
+ --notest Exit before running tests
+ --rm=<cmd> Specify "rm" command
+ --script-tprefix Pathname prefix for --generate-script output
+ --enable-<alg> Enable algorithm set <alg>.
+ --disable-<alg> Disable algorithm set <alg>.
Where <alg> can be one of:
EOF
while (my ($key, $value) = each %fips_enabled)
{
printf "\t\t%-20s(%s by default)\n", $key ,
- $value ? "enabled" : "disabled";
+ $value == 1 ? "enabled" : "disabled";
}
}
}
}
else {
- print STDERR "WARNING: bogus file $_\n";
+ print STDERR "WARNING: bogus file $_\n" unless $no_warn_bogus;
$nbogus++;
}
}
}
elsif ( !/SHAmix\.req$/ ) {
- print STDERR "WARNING: unrecognized filename $_\n";
+ print STDERR "WARNING: unrecognized filename $_\n" unless $no_warn_bogus;
$nbogus++;
}
}
my ( $test, $path ) = @_;
foreach $tref (@fips_test_list) {
next unless ref($tref);
- my ( $tst, $cmd, $regexp, $req, $resp ) = @$tref;
+ my ( $tst, $cmd, $excmd, $req, $resp ) = @$tref;
+ my $regexp;
$tst =~ s/\(.*$//;
- if ($tst eq $test) {
+ $test =~ s/_186-2//;
+ if (defined $excmd) {
+ if ($excmd =~ /^path:(.*)$/) {
+ my $fmatch = $1;
+ return $tref if ($path =~ /$fmatch/);
+ next;
+ }
+ elsif ($excmd =~ /^file:(.*)$/) {
+ $regexp = $1;
+ }
+ }
+ if ($test eq $tst) {
return $tref if (!defined $regexp);
my $found = 0;
my $line;
#print STDERR "FILES $tst, $cmd, $req, $resp\n";
if ( $req eq "" ) {
- print STDERR "WARNING: missing request file for $tst\n";
+ print STDERR "WARNING: missing request file for $tst\n" unless $no_warn_missing;
$bad = 1;
next;
}
my ( $tname, $tref );
my $bad = 0;
my $lastdir = "";
+ $stprefix = $tprefix unless defined $stprefix;
if ($outfile ne "") {
open OUT, ">$outfile" || die "Can't open $outfile";
}
END
} else {
- print OUT <<\END;
+ print OUT <<END;
#!/bin/sh
# Test vector run script
echo Running Algorithm Tests
+RM="$rmcmd";
+MKDIR="$mkcmd";
+TPREFIX=$stprefix
+
END
}
}
+ my $ttype = "";
+
foreach (@fips_test_list) {
if ( !ref($_) ) {
if ($outfile ne "") {
} else {
print "Running $_ tests\n" unless $quiet;
}
+ $ttype = $_;
next;
}
my ( $tname, $tcmd, $regexp, $req, $rsp ) = @$_;
}
if ( $req eq "" ) {
print STDERR
- "WARNING: Request file for $tname missing: test skipped\n";
+ "WARNING: Request file for $tname missing: test skipped\n" unless $no_warn_missing;
$skipcnt++;
next;
}
END
} else {
print OUT <<END
-rm -rf \"$outdir\"
-mkdir \"$outdir\"
+\$RM \"$outdir\"
+\$MKDIR \"$outdir\"
END
}
mkdir($outdir) || die "Can't create directory $outdir";
}
}
- my $cmd = "$tprefix$tcmd \"$req\" \"$out\"";
+ my $cmd = "$tcmd \"$req\" \"$out\"";
print STDERR "DEBUG: running test $tname\n" if ( $debug && !$verify );
if ($outfile ne "") {
- print OUT "echo \" running $tname test\"\n" unless $minimal_script;
- print OUT "$cmd\n";
+ if ($minimal_script) {
+ print OUT "$stprefix$cmd\n";
+ } else {
+ print OUT "echo \" running $tname test\"\n" unless $minimal_script;
+ print OUT "\${TPREFIX}$cmd\n";
+ }
} else {
+ $cmd = "$tprefix$cmd";
system($cmd);
if ( $? != 0 ) {
print STDERR
}
}
if ($verify) {
- if ( exists $verify_special{$tname} ) {
+ if ( exists $verify_special{"$ttype:$tname"} && !$cmpall) {
my $vout = $rsp;
$vout =~ s/\.rsp$/.ver/;
- $tcmd = $verify_special{$tname};
+ $tcmd = $verify_special{"$ttype:$tname"};
+ if ($tcmd eq "skip") {
+ print STDERR "DEBUG: No verify possible: skipped.\n" if $debug;
+ $scheckok++;
+ next;
+ }
$cmd = "$tprefix$tcmd ";
$cmd .= "\"$out\" \"$vout\"";
system($cmd);
my ( $tname, $rsp, $tst ) = @_;
my ( $rspf, $tstf );
my ( $rspline, $tstline );
+ my $monte = 0;
if ( !open( $rspf, $rsp ) ) {
print STDERR "ERROR: can't open request file $rsp\n";
return 0;
print STDERR "ERROR: can't open output file $tst\n";
return 0;
}
+ $monte = 1 if ($rsp =~ /Monte[123]/);
for ( ; ; ) {
$rspline = next_line($rspf);
$tstline = next_line($tstf);
print STDERR "DEBUG: $tname file comparison OK\n" if $debug;
return 1;
}
+ # Workaround for old broken DES3 MCT format which added bogus
+ # extra lines: after [ENCRYPT] or [DECRYPT] skip until first
+ # COUNT line.
+ if ($monte) {
+ if ($rspline =~ /CRYPT/) {
+ do {
+ $rspline = next_line($rspf);
+ } while (defined($rspline) && $rspline !~ /COUNT/);
+ }
+ if ($tstline =~ /CRYPT/) {
+ do {
+ $tstline = next_line($tstf);
+ } while (defined($tstline) && $tstline !~ /COUNT/);
+ }
+ }
if ( !defined($rspline) ) {
print STDERR "ERROR: $tname EOF on $rsp\n";
return 0;
projects / openssl.git / blobdiff