#!/usr/bin/perl -w
-# Perl utility to run or verify FIPS 140-2 CMVP algorithm tests based on the
+# Perl utility to run or verify FIPS 140-2 CAVP algorithm tests based on the
# pathnames of input algorithm test files actually present (the unqualified
# file names are consistent but the pathnames are not).
#
my @fips_rsa_pss0_test_list = (
- [ "SigGenPSS(0)", "fips_rsastest -saltlen 0" ],
- [ "SigVerPSS(0)", "fips_rsavtest -saltlen 0" ]
+ [ "SigGenPSS(0)", "fips_rsastest -saltlen 0",
+ '^\s*#\s*salt\s+len:\s+0\s*$' ],
+ [ "SigVerPSS(0)", "fips_rsavtest -saltlen 0",
+ '^\s*#\s*salt\s+len:\s+0\s*$' ],
);
# RSA PSS salt length 62 tests
my @fips_rsa_pss62_test_list = (
- [ "SigGenPSS(62)", "fips_rsastest -saltlen 62" ],
- [ "SigVerPSS(62)", "fips_rsavtest -saltlen 62" ]
-
+ [ "SigGenPSS(62)", "fips_rsastest -saltlen 62",
+ '^\s*#\s*salt\s+len:\s+62\s*$' ],
+ [ "SigVerPSS(62)", "fips_rsavtest -saltlen 62",
+ '^\s*#\s*salt\s+len:\s+62\s*$' ],
);
# SHA tests
);
+my @fips_aes_ccm_test_list = (
+
+ # AES CCM tests
+
+ "AES CCM",
+
+ [ "DVPT128", "fips_gcmtest -ccm" ],
+ [ "DVPT192", "fips_gcmtest -ccm" ],
+ [ "DVPT256", "fips_gcmtest -ccm" ],
+ [ "VADT128", "fips_gcmtest -ccm" ],
+ [ "VADT192", "fips_gcmtest -ccm" ],
+ [ "VADT256", "fips_gcmtest -ccm" ],
+ [ "VNT128", "fips_gcmtest -ccm" ],
+ [ "VNT192", "fips_gcmtest -ccm" ],
+ [ "VNT256", "fips_gcmtest -ccm" ],
+ [ "VPT128", "fips_gcmtest -ccm" ],
+ [ "VPT192", "fips_gcmtest -ccm" ],
+ [ "VPT256", "fips_gcmtest -ccm" ],
+ [ "VTT128", "fips_gcmtest -ccm" ],
+ [ "VTT192", "fips_gcmtest -ccm" ],
+ [ "VTT256", "fips_gcmtest -ccm" ]
+
+);
+
+my @fips_aes_gcm_test_list = (
+
+ # AES GCM tests
+
+ "AES GCM",
+
+ [ "gcmDecrypt128", "fips_gcmtest -decrypt" ],
+ [ "gcmDecrypt192", "fips_gcmtest -decrypt" ],
+ [ "gcmDecrypt256", "fips_gcmtest -decrypt" ],
+
+);
+
+my @fips_aes_xts_test_list = (
+ # AES XTS tests
+
+ "AES XTS",
+
+ [ "XTSGenAES128", "fips_gcmtest -xts" ],
+ [ "XTSGenAES256", "fips_gcmtest -xts" ],
+
+);
+
# Triple DES tests
my @fips_des3_test_list = (
);
+my @fips_drbg_test_list = (
+
+ # SP800-90 DRBG tests
+ "SP800-90 DRBG",
+ [ "CTR_DRBG", "fips_drbgvs" ],
+ [ "Hash_DRBG", "fips_drbgvs" ]
+
+);
+
+my @fips_dh_test_list = (
+
+ # DH
+ "DH Ephemeral Primitives Only",
+ [ "KASValidityTest_FFCEphem_NOKC_ZZOnly_init", "fips_dhvs dhver" ],
+ [ "KASValidityTest_FFCEphem_NOKC_ZZOnly_resp", "fips_dhvs dhver" ],
+
+);
+
+my @fips_ecdh_test_list = (
+
+ # ECDH
+ "ECDH Ephemeral Primitives Only",
+ [ "KASValidityTest_ECCEphemeralUnified_NOKC_ZZOnly_init",
+ "fips_ecdhvs ecdhver" ],
+ [ "KASValidityTest_ECCEphemeralUnified_NOKC_ZZOnly_resp",
+ "fips_ecdhvs ecdhver" ],
+
+);
+
+
# Verification special cases.
# In most cases the output of a test is deterministic and
# it can be compared to a known good result. A few involve
my $filter = "";
my $tvdir;
my $tprefix;
-my $shwrap_prefix;
my $debug = 0;
my $quiet = 0;
my $notest = 0;
my $ignore_bogus = 0;
my $bufout = '';
my $list_tests = 0;
+my $minimal_script = 0;
+my $outfile = '';
+my $no_warn_missing = 0;
+my $no_warn_bogus = 0;
+my $rmcmd = "rm -rf";
+my $mkcmd = "mkdir";
my %fips_enabled = (
dsa => 1,
"rsa-pss62" => 1,
sha => 1,
hmac => 1,
- cmac => 1,
+ cmac => 0,
"rand-aes" => 1,
"rand-des2" => 0,
aes => 1,
"aes-cfb1" => 0,
des3 => 1,
- "des3-cfb1" => 0
+ "des3-cfb1" => 0,
+ drbg => 0,
+ ccm => 0,
+ "aes-xts" => 0,
+ gcm => 0,
+ dh => 0,
+ ecdh => 0,
);
foreach (@ARGV) {
elsif ( $_ eq "--debug" ) {
$debug = 1;
}
+ elsif ( $_ eq "--quiet-missing" ) {
+ $ignore_missing = 1;
+ $no_warn_missing = 1;
+ }
elsif ( $_ eq "--ignore-missing" ) {
$ignore_missing = 1;
}
+ elsif ( $_ eq "--quiet-bogus" ) {
+ $ignore_bogus = 1;
+ $no_warn_bogus = 1;
+ }
elsif ( $_ eq "--ignore-bogus" ) {
$ignore_bogus = 1;
}
- elsif ( $_ eq "--generate" ) {
+ elsif ( $_ eq "--minimal-script" ) {
+ $minimal_script = 1;
+ }
+ elsif (/--generate-script=(.*)$/) {
+ $outfile = $1;
+ $verify = 0;
+ } elsif ( $_ eq "--generate" ) {
$verify = 0;
}
elsif ( $_ eq "--notest" ) {
elsif (/--tprefix=(.*)$/) {
$tprefix = $1;
}
- elsif (/--shwrap_prefix=(.*)$/) {
- $shwrap_prefix = $1;
- }
elsif (/^--(enable|disable)-(.*)$/) {
if ( !exists $fips_enabled{$2} ) {
print STDERR "Unknown test $2\n";
+ exit(1);
}
if ( $1 eq "enable" ) {
$fips_enabled{$2} = 1;
elsif (/--filter=(.*)$/) {
$filter = $1;
}
+ elsif (/--rm=(.*)$/) {
+ $rmcmd = $1;
+ }
+ elsif (/--script-tprefix=(.*)$/) {
+ $stprefix = $1;
+ }
+ elsif (/--mkdir=(.*)$/) {
+ $mkcmd = $1;
+ }
elsif (/^--list-tests$/) {
$list_tests = 1;
}
push @fips_test_list, @fips_aes_cfb1_test_list if $fips_enabled{"aes-cfb1"};
push @fips_test_list, @fips_des3_test_list if $fips_enabled{"des3"};
push @fips_test_list, @fips_des3_cfb1_test_list if $fips_enabled{"des3-cfb1"};
+push @fips_test_list, @fips_drbg_test_list if $fips_enabled{"drbg"};
+push @fips_test_list, @fips_aes_ccm_test_list if $fips_enabled{"aes-ccm"};
+push @fips_test_list, @fips_aes_gcm_test_list if $fips_enabled{"aes-gcm"};
+push @fips_test_list, @fips_aes_xts_test_list if $fips_enabled{"aes-xts"};
+push @fips_test_list, @fips_dh_test_list if $fips_enabled{"dh"};
+push @fips_test_list, @fips_ecdh_test_list if $fips_enabled{"ecdh"};
if ($list_tests) {
my ( $test, $en );
foreach (@fips_test_list) {
next unless ref($_);
- my $nm = $_->[0];
- $_->[2] = "";
- $_->[3] = "";
+ my $nm = $$_[0];
+ $$_[3] = "";
+ $$_[4] = "";
print STDERR "Duplicate test $nm\n" if exists $fips_tests{$nm};
$fips_tests{$nm} = $_;
}
else {
if ($onedir) {
$tprefix = "./" unless defined $tprefix;
- $shwrap_prefix = "./" unless defined $shwrap_prefix;
}
else {
$tprefix = "../test/" unless defined $tprefix;
- $shwrap_prefix = "../util/" unless defined $shwrap_prefix;
}
}
-sanity_check_exe( $win32, $tprefix, $shwrap_prefix );
-
-my $cmd_prefix = $win32 ? "" : "${shwrap_prefix}shlib_wrap.sh ";
+sanity_check_exe( $win32, $tprefix) if $outfile eq "";
find_files( $filter, $tvdir );
= ( 0, 0, 0, 0, 0, 0, 0 );
exit(0) if $notest;
-
-run_tests( $verify, $win32, $tprefix, $filter, $tvdir );
+print "Outputting commands to $outfile\n" if $outfile ne "";
+run_tests( $verify, $win32, $tprefix, $filter, $tvdir, $outfile );
if ($verify) {
print "ALGORITHM TEST VERIFY SUMMARY REPORT:\n";
print "***ALL TESTS SUCCESSFUL***\n";
}
}
-else {
+elsif ($outfile eq "") {
print "ALGORITHM TEST SUMMARY REPORT:\n";
print "Tests skipped due to missing files: $skipcnt\n";
print "Algorithm test program execution failures: $runerr\n";
sub Help {
( my $cmd ) = ( $0 =~ m#([^/]+)$# );
print <<EOF;
-$cmd: generate run CMVP algorithm tests
+$cmd: generate run CAVP algorithm tests
--debug Enable debug output
--dir=<dirname> Optional root for *.req file search
--filter=<regexp>
--onedir <dirname> Assume all components in current directory
--rspdir=<dirname> Name of subdirectories containing *.rsp files, default "rsp"
- --shwrap_prefix=<prefix>
--tprefix=<prefix>
--ignore-bogus Ignore duplicate or bogus files
--ignore-missing Ignore missing test files
# Sanity check to see if all necessary executables exist
sub sanity_check_exe {
- my ( $win32, $tprefix, $shwrap_prefix ) = @_;
+ my ( $win32, $tprefix, ) = @_;
my %exe_list;
my $bad = 0;
- $exe_list{ $shwrap_prefix . "shlib_wrap.sh" } = 1 unless $win32;
foreach (@fips_test_list) {
next unless ref($_);
my $cmd = $_->[1];
sub find_files {
my ( $filter, $dir ) = @_;
- my ( $dirh, $testname );
+ my ( $dirh, $testname, $tref );
opendir( $dirh, $dir );
while ( $_ = readdir($dirh) ) {
next if ( $_ eq "." || $_ eq ".." );
$_ = "$dir/$_";
if ( -f "$_" ) {
if (/\/([^\/]*)\.rsp$/) {
- $testname = fix_pss( $1, $_ );
- if ( exists $fips_tests{$testname} ) {
- if ( $fips_tests{$testname}->[3] eq "" ) {
- $fips_tests{$testname}->[3] = $_;
+ $tref = find_test($1, $_);
+ if ( defined $tref ) {
+ $testname = $$tref[0];
+ if ( $$tref[4] eq "" ) {
+ $$tref[4] = $_;
}
else {
print STDERR
}
}
else {
- print STDERR "WARNING: bogus file $_\n";
+ print STDERR "WARNING: bogus file $_\n" unless $no_warn_bogus;
$nbogus++;
}
}
next unless /$filter.*\.req$/i;
if (/\/([^\/]*)\.req$/) {
- $testname = fix_pss( $1, $_ );
- if ( exists $fips_tests{$testname} ) {
- if ( $fips_tests{$testname}->[2] eq "" ) {
- $fips_tests{$testname}->[2] = $_;
+ $tref = find_test($1, $_);
+ if ( defined $tref ) {
+ $testname = $$tref[0];
+ if ( $$tref[3] eq "" ) {
+ $$tref[3] = $_;
}
else {
print STDERR
}
elsif ( !/SHAmix\.req$/ ) {
- print STDERR "WARNING: unrecognized filename $_\n";
+ print STDERR "WARNING: unrecognized filename $_\n" unless $no_warn_bogus;
$nbogus++;
}
}
}
closedir($dirh);
}
+#
+# Find test based on filename.
+# In ambiguous cases search file contents for a match
+#
-sub fix_pss {
+sub find_test {
my ( $test, $path ) = @_;
- my $sl = "";
- local $_;
- if ( $test =~ /PSS/ ) {
- open( IN, $path ) || die "Can't Open File $path";
- while (<IN>) {
- if (/^\s*#\s*salt\s+len:\s+(\d+)\s*$/i) {
- $sl = $1;
- last;
- }
- }
- close IN;
- if ( $sl eq "" ) {
- print STDERR "WARNING: No Salt length detected for file $path\n";
- }
- else {
- return $test . "($sl)";
- }
+ foreach $tref (@fips_test_list) {
+ next unless ref($tref);
+ my ( $tst, $cmd, $regexp, $req, $resp ) = @$tref;
+ $tst =~ s/\(.*$//;
+ if ($tst eq $test) {
+ return $tref if (!defined $regexp);
+ my $found = 0;
+ my $line;
+ open( IN, $path ) || die "Can't Open File $path";
+ while ($line = <IN>) {
+ if ($line =~ /$regexp/i) {
+ $found = 1;
+ last;
+ }
+ }
+ close IN;
+ return $tref if $found == 1;
+ }
}
- return $test;
+ return undef;
}
sub sanity_check_files {
my $bad = 0;
foreach (@fips_test_list) {
next unless ref($_);
- my ( $tst, $cmd, $req, $resp ) = @$_;
+ my ( $tst, $cmd, $regexp, $req, $resp ) = @$_;
#print STDERR "FILES $tst, $cmd, $req, $resp\n";
if ( $req eq "" ) {
- print STDERR "WARNING: missing request file for $tst\n";
+ print STDERR "WARNING: missing request file for $tst\n" unless $no_warn_missing;
$bad = 1;
next;
}
}
sub run_tests {
- my ( $verify, $win32, $tprefix, $filter, $tvdir ) = @_;
+ my ( $verify, $win32, $tprefix, $filter, $tvdir, $outfile ) = @_;
my ( $tname, $tref );
my $bad = 0;
+ my $lastdir = "";
+ if ($outfile ne "") {
+ open OUT, ">$outfile" || die "Can't open $outfile";
+ }
+ if ($outfile ne "" && !$minimal_script) {
+ if ($win32) {
+ print OUT <<\END;
+@echo off
+rem Test vector run script
+rem Auto generated by fipsalgtest.pl script
+rem Do not edit
+
+echo Running Algorithm Tests
+
+END
+ } else {
+ $stprefix = $tprefix unless defined $stprefix;
+ print OUT <<END;
+#!/bin/sh
+
+# Test vector run script
+# Auto generated by fipsalgtest.pl script
+# Do not edit
+
+echo Running Algorithm Tests
+
+RM="$rmcmd";
+MKDIR="$mkcmd";
+TPREFIX=$stprefix
+
+END
+ }
+
+ }
+
foreach (@fips_test_list) {
if ( !ref($_) ) {
- print "Running $_ tests\n" unless $quiet;
+ if ($outfile ne "") {
+ print "Generating script for $_ tests\n";
+ print OUT "\n\n\necho \"Running $_ tests\"\n" unless $minimal_script;
+ } else {
+ print "Running $_ tests\n" unless $quiet;
+ }
next;
}
- my ( $tname, $tcmd, $req, $rsp ) = @$_;
+ my ( $tname, $tcmd, $regexp, $req, $rsp ) = @$_;
my $out = $rsp;
if ($verify) {
$out =~ s/\.rsp$/.tst/;
}
if ( $req eq "" ) {
print STDERR
- "WARNING: Request file for $tname missing: test skipped\n";
+ "WARNING: Request file for $tname missing: test skipped\n" unless $no_warn_missing;
$skipcnt++;
next;
}
$out =~ s|/req/(\S+)\.req|/$rspdir/$1.rsp|;
my $outdir = $out;
$outdir =~ s|/[^/]*$||;
- if ( !-d $outdir ) {
+ if ($outfile ne "") {
+ if ($win32) {
+ $outdir =~ tr|/|\\|;
+ $req =~ tr|/|\\|;
+ $out =~ tr|/|\\|;
+ }
+ if ($outdir ne $lastdir && !$minimal_script) {
+ if ($win32) {
+ print OUT <<END
+if exist \"$outdir\" rd /s /q "$outdir"
+md \"$outdir\"
+
+END
+ } else {
+ print OUT <<END
+\$RM \"$outdir\"
+\$MKDIR \"$outdir\"
+
+END
+ }
+ $lastdir = $outdir;
+ }
+ } elsif ( !-d $outdir ) {
print STDERR "DEBUG: Creating directory $outdir\n" if $debug;
mkdir($outdir) || die "Can't create directory $outdir";
}
}
- my $cmd = "$cmd_prefix$tprefix$tcmd ";
- if ( $tcmd =~ /-f$/ ) {
- $cmd .= "\"$req\" \"$out\"";
- }
- else {
- $cmd .= "\"$req\" \"$out\"";
- }
+ my $cmd = "$tcmd \"$req\" \"$out\"";
print STDERR "DEBUG: running test $tname\n" if ( $debug && !$verify );
- system($cmd);
- if ( $? != 0 ) {
- print STDERR
- "WARNING: error executing test $tname for command: $cmd\n";
- $runerr++;
- next;
+ if ($outfile ne "") {
+ print OUT "echo \" running $tname test\"\n" unless $minimal_script;
+ print OUT "\${TPREFIX}$cmd\n";
+ } else {
+ $cmd = "$tprefix$cmd";
+ system($cmd);
+ if ( $? != 0 ) {
+ print STDERR
+ "WARNING: error executing test $tname for command: $cmd\n";
+ $runerr++;
+ next;
+ }
}
if ($verify) {
if ( exists $verify_special{$tname} ) {
my $vout = $rsp;
$vout =~ s/\.rsp$/.ver/;
$tcmd = $verify_special{$tname};
- $cmd = "$cmd_prefix$tprefix$tcmd ";
+ $cmd = "$tprefix$tcmd ";
$cmd .= "\"$out\" \"$vout\"";
system($cmd);
if ( $? != 0 ) {
unlink $out;
}
}
+ if ($outfile ne "") {
+ print OUT "\n\necho All Tests Completed\n" unless $minimal_script;
+ close OUT;
+ }
}
sub cmp_file {