X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=fips%2Ffipsalgtest.pl;h=102cb20776739ed7cc68d238eb7c55ac44a30c64;hp=079b00624d1047aa4b56b20bf12e6d4487796293;hb=b38fd40db43d9eaa9739f128ce0a701d5850ace4;hpb=84c7a8f7dcbae24d0d80e21397f11904f86a4bd9;ds=sidebyside diff --git a/fips/fipsalgtest.pl b/fips/fipsalgtest.pl index 079b00624d..102cb20776 100644 --- a/fips/fipsalgtest.pl +++ b/fips/fipsalgtest.pl @@ -12,16 +12,48 @@ my @fips_dsa_test_list = ( "DSA", - [ "PQGGen", "fips_dssvs pqg" ], - [ "KeyPair", "fips_dssvs keypair" ], - [ "SigGen", "fips_dssvs siggen" ], - [ "SigVer", "fips_dssvs sigver" ] + [ "PQGGen", "fips_dssvs pqg", "path:/DSA/.*PQGGen" ], + [ "KeyPair", "fips_dssvs keypair", "path:/DSA/.*KeyPair" ], + [ "SigGen", "fips_dssvs siggen", "path:/DSA/.*SigGen" ], + [ "SigVer", "fips_dssvs sigver", "path:/DSA/.*SigVer" ] ); my @fips_dsa_pqgver_test_list = ( - [ "PQGVer", "fips_dssvs pqgver" ] + [ "PQGVer", "fips_dssvs pqgver", "path:/DSA/.*PQGVer" ] + +); + +# DSA2 tests +my @fips_dsa2_test_list = ( + + "DSA2", + + [ "PQGGen", "fips_dssvs pqg", "path:/DSA2/.*PQGGen" ], + [ "KeyPair", "fips_dssvs keypair", "path:/DSA2/.*KeyPair" ], + [ "SigGen", "fips_dssvs siggen", "path:/DSA2/.*SigGen" ], + [ "SigVer", "fips_dssvs sigver", "path:/DSA2/.*SigVer" ], + [ "PQGVer", "fips_dssvs pqgver", "path:/DSA2/.*PQGVer" ] + +); + +# ECDSA and ECDSA2 tests +my @fips_ecdsa_test_list = ( + + "ECDSA", + + [ "KeyPair", "fips_ecdsavs KeyPair", "path:/ECDSA/.*KeyPair" ], + [ "PKV", "fips_ecdsavs PKV", "path:/ECDSA/.*PKV" ], + [ "SigGen", "fips_ecdsavs SigGen", "path:/ECDSA/.*SigGen" ], + [ "SigVer", "fips_ecdsavs SigVer", "path:/ECDSA/.*SigVer" ], + + "ECDSA2", + + [ "KeyPair", "fips_ecdsavs KeyPair", "path:/ECDSA2/.*KeyPair" ], + [ "PKV", "fips_ecdsavs PKV", "path:/ECDSA2/.*PKV" ], + [ "SigGen", "fips_ecdsavs SigGen", "path:/ECDSA2/.*SigGen" ], + [ "SigVer", "fips_ecdsavs SigVer", "path:/ECDSA2/.*SigVer" ], ); @@ -49,9 +81,9 @@ my @fips_rsa_test_list = ( my @fips_rsa_pss0_test_list = ( [ "SigGenPSS(0)", "fips_rsastest -saltlen 0", - '^\s*#\s*salt\s+len:\s+0\s*$' ], + 'file:^\s*#\s*salt\s+len:\s+0\s*$' ], [ "SigVerPSS(0)", "fips_rsavtest -saltlen 0", - '^\s*#\s*salt\s+len:\s+0\s*$' ], + 'file:^\s*#\s*salt\s+len:\s+0\s*$' ], ); @@ -59,9 +91,9 @@ my @fips_rsa_pss0_test_list = ( my @fips_rsa_pss62_test_list = ( [ "SigGenPSS(62)", "fips_rsastest -saltlen 62", - '^\s*#\s*salt\s+len:\s+62\s*$' ], + 'file:^\s*#\s*salt\s+len:\s+62\s*$' ], [ "SigVerPSS(62)", "fips_rsavtest -saltlen 62", - '^\s*#\s*salt\s+len:\s+62\s*$' ], + 'file:^\s*#\s*salt\s+len:\s+62\s*$' ], ); # SHA tests @@ -290,6 +322,31 @@ my @fips_aes_ccm_test_list = ( ); +my @fips_aes_gcm_test_list = ( + + # AES GCM tests + + "AES GCM", + + [ "gcmDecrypt128", "fips_gcmtest -decrypt" ], + [ "gcmDecrypt192", "fips_gcmtest -decrypt" ], + [ "gcmDecrypt256", "fips_gcmtest -decrypt" ], + [ "gcmEncryptIntIV128", "fips_gcmtest -encrypt" ], + [ "gcmEncryptIntIV192", "fips_gcmtest -encrypt" ], + [ "gcmEncryptIntIV256", "fips_gcmtest -encrypt" ], + +); + +my @fips_aes_xts_test_list = ( + # AES XTS tests + + "AES XTS", + + [ "XTSGenAES128", "fips_gcmtest -xts" ], + [ "XTSGenAES256", "fips_gcmtest -xts" ], + +); + # Triple DES tests my @fips_des3_test_list = ( @@ -378,6 +435,28 @@ my @fips_drbg_test_list = ( "SP800-90 DRBG", [ "CTR_DRBG", "fips_drbgvs" ], [ "Hash_DRBG", "fips_drbgvs" ], + [ "HMAC_DRBG", "fips_drbgvs" ] + +); + +my @fips_dh_test_list = ( + + # DH + "DH Ephemeral Primitives Only", + [ "KASValidityTest_FFCEphem_NOKC_ZZOnly_init", "fips_dhvs dhver" ], + [ "KASValidityTest_FFCEphem_NOKC_ZZOnly_resp", "fips_dhvs dhver" ], + +); + +my @fips_ecdh_test_list = ( + + # ECDH + "ECDH Ephemeral Primitives Only", + [ "KAS_ECC_CDH_PrimitiveTest", "fips_ecdhvs WTF" ], +# [ "KASValidityTest_ECCEphemeralUnified_NOKC_ZZOnly_init", +# "fips_ecdhvs ecdhver" ], +# [ "KASValidityTest_ECCEphemeralUnified_NOKC_ZZOnly_resp", +# "fips_ecdhvs ecdhver" ], ); @@ -411,7 +490,7 @@ my $debug = 0; my $quiet = 0; my $notest = 0; my $verify = 1; -my $rspdir = "rsp"; +my $rspdir = "resp"; my $ignore_missing = 0; my $ignore_bogus = 0; my $bufout = ''; @@ -419,24 +498,34 @@ my $list_tests = 0; my $minimal_script = 0; my $outfile = ''; my $no_warn_missing = 0; +my $no_warn_bogus = 0; +my $rmcmd = "rm -rf"; +my $mkcmd = "mkdir"; my %fips_enabled = ( dsa => 1, - "dsa-pqgver" => 0, + dsa2 => 2, + "dsa-pqgver" => 2, + ecdsa => 2, rsa => 1, "rsa-pss0" => 0, "rsa-pss62" => 1, sha => 1, hmac => 1, - cmac => 0, + cmac => 2, "rand-aes" => 1, "rand-des2" => 0, aes => 1, - "aes-cfb1" => 0, + "aes-cfb1" => 2, des3 => 1, - "des3-cfb1" => 0, - drbg => 0, - ccm => 0, + "des3-cfb1" => 2, + drbg => 2, + "aes-ccm" => 2, + "aes-xts" => 2, + "aes-gcm" => 2, + dh => 0, + ecdh => 2, + v2 => 0, ); foreach (@ARGV) { @@ -456,6 +545,10 @@ foreach (@ARGV) { elsif ( $_ eq "--ignore-missing" ) { $ignore_missing = 1; } + elsif ( $_ eq "--quiet-bogus" ) { + $ignore_bogus = 1; + $no_warn_bogus = 1; + } elsif ( $_ eq "--ignore-bogus" ) { $ignore_bogus = 1; } @@ -486,6 +579,7 @@ foreach (@ARGV) { elsif (/^--(enable|disable)-(.*)$/) { if ( !exists $fips_enabled{$2} ) { print STDERR "Unknown test $2\n"; + exit(1); } if ( $1 eq "enable" ) { $fips_enabled{$2} = 1; @@ -497,6 +591,15 @@ foreach (@ARGV) { elsif (/--filter=(.*)$/) { $filter = $1; } + elsif (/--rm=(.*)$/) { + $rmcmd = $1; + } + elsif (/--script-tprefix=(.*)$/) { + $stprefix = $1; + } + elsif (/--mkdir=(.*)$/) { + $mkcmd = $1; + } elsif (/^--list-tests$/) { $list_tests = 1; } @@ -508,8 +611,17 @@ foreach (@ARGV) { my @fips_test_list; + +if (!$fips_enabled{"v2"}) { + foreach (keys %fips_enabled) { + $fips_enabled{$_} = 0 if $fips_enabled{$_} == 2; + } +} + push @fips_test_list, @fips_dsa_test_list if $fips_enabled{"dsa"}; +push @fips_test_list, @fips_dsa2_test_list if $fips_enabled{"dsa2"}; push @fips_test_list, @fips_dsa_pqgver_test_list if $fips_enabled{"dsa-pqgver"}; +push @fips_test_list, @fips_ecdsa_test_list if $fips_enabled{"ecdsa"}; push @fips_test_list, @fips_rsa_test_list if $fips_enabled{"rsa"}; push @fips_test_list, @fips_rsa_pss0_test_list if $fips_enabled{"rsa-pss0"}; push @fips_test_list, @fips_rsa_pss62_test_list if $fips_enabled{"rsa-pss62"}; @@ -524,6 +636,10 @@ push @fips_test_list, @fips_des3_test_list if $fips_enabled{"des3"}; push @fips_test_list, @fips_des3_cfb1_test_list if $fips_enabled{"des3-cfb1"}; push @fips_test_list, @fips_drbg_test_list if $fips_enabled{"drbg"}; push @fips_test_list, @fips_aes_ccm_test_list if $fips_enabled{"aes-ccm"}; +push @fips_test_list, @fips_aes_gcm_test_list if $fips_enabled{"aes-gcm"}; +push @fips_test_list, @fips_aes_xts_test_list if $fips_enabled{"aes-xts"}; +push @fips_test_list, @fips_dh_test_list if $fips_enabled{"dh"}; +push @fips_test_list, @fips_ecdh_test_list if $fips_enabled{"ecdh"}; if ($list_tests) { my ( $test, $en ); @@ -541,8 +657,6 @@ foreach (@fips_test_list) { my $nm = $$_[0]; $$_[3] = ""; $$_[4] = ""; - print STDERR "Duplicate test $nm\n" if exists $fips_tests{$nm}; - $fips_tests{$nm} = $_; } $tvdir = "." unless defined $tvdir; @@ -618,7 +732,7 @@ $cmd: generate run CAVP algorithm tests --dir= Optional root for *.req file search --filter= --onedir Assume all components in current directory - --rspdir= Name of subdirectories containing *.rsp files, default "rsp" + --rspdir= Name of subdirectories containing *.rsp files, default "resp" --tprefix= --ignore-bogus Ignore duplicate or bogus files --ignore-missing Ignore missing test files @@ -633,7 +747,7 @@ EOF while (my ($key, $value) = each %fips_enabled) { printf "\t\t%-20s(%s by default)\n", $key , - $value ? "enabled" : "disabled"; + $value == 1 ? "enabled" : "disabled"; } } @@ -691,7 +805,7 @@ sub find_files { } } else { - print STDERR "WARNING: bogus file $_\n"; + print STDERR "WARNING: bogus file $_\n" unless $no_warn_bogus; $nbogus++; } } @@ -711,7 +825,7 @@ sub find_files { } elsif ( !/SHAmix\.req$/ ) { - print STDERR "WARNING: unrecognized filename $_\n"; + print STDERR "WARNING: unrecognized filename $_\n" unless $no_warn_bogus; $nbogus++; } } @@ -731,9 +845,21 @@ sub find_test { my ( $test, $path ) = @_; foreach $tref (@fips_test_list) { next unless ref($tref); - my ( $tst, $cmd, $regexp, $req, $resp ) = @$tref; + my ( $tst, $cmd, $excmd, $req, $resp ) = @$tref; + my $regexp; $tst =~ s/\(.*$//; - if ($tst eq $test) { + $test =~ s/_186-2//; + if (defined $excmd) { + if ($excmd =~ /^path:(.*)$/) { + my $fmatch = $1; + return $tref if ($path =~ /$fmatch/); + next; + } + elsif ($excmd =~ /^file:(.*)$/) { + $regexp = $1; + } + } + if ($test eq $tst) { return $tref if (!defined $regexp); my $found = 0; my $line; @@ -805,7 +931,8 @@ echo Running Algorithm Tests END } else { - print OUT <<\END; + $stprefix = $tprefix unless defined $stprefix; + print OUT <