X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=fips%2Ffipsalgtest.pl;h=1382d982b1a3dbe2333de65b2100e80801a702f2;hp=c3ac3608fb83090f110177b6dcf92f0a2d2b7387;hb=2bfeb7dc831f0bbe4ba6f9347f792a45d72d1e20;hpb=da9ead8db245e70b153faaa10f8fce3b704aa105 diff --git a/fips/fipsalgtest.pl b/fips/fipsalgtest.pl index c3ac3608fb..1382d982b1 100644 --- a/fips/fipsalgtest.pl +++ b/fips/fipsalgtest.pl @@ -12,16 +12,48 @@ my @fips_dsa_test_list = ( "DSA", - [ "PQGGen", "fips_dssvs pqg" ], - [ "KeyPair", "fips_dssvs keypair" ], - [ "SigGen", "fips_dssvs siggen" ], - [ "SigVer", "fips_dssvs sigver" ] + [ "PQGGen", "fips_dssvs pqg", "path:[^C]DSA/.*PQGGen" ], + [ "KeyPair", "fips_dssvs keypair", "path:[^C]DSA/.*KeyPair" ], + [ "SigGen", "fips_dssvs siggen", "path:[^C]DSA/.*SigGen" ], + [ "SigVer", "fips_dssvs sigver", "path:[^C]DSA/.*SigVer" ] ); my @fips_dsa_pqgver_test_list = ( - [ "PQGVer", "fips_dssvs pqgver" ] + [ "PQGVer", "fips_dssvs pqgver", "path:[^C]DSA/.*PQGVer" ] + +); + +# DSA2 tests +my @fips_dsa2_test_list = ( + + "DSA2", + + [ "PQGGen", "fips_dssvs pqg", "path:[^C]DSA2/.*PQGGen" ], + [ "KeyPair", "fips_dssvs keypair", "path:[^C]DSA2/.*KeyPair" ], + [ "SigGen", "fips_dssvs siggen", "path:[^C]DSA2/.*SigGen" ], + [ "SigVer", "fips_dssvs sigver", "path:[^C]DSA2/.*SigVer" ], + [ "PQGVer", "fips_dssvs pqgver", "path:[^C]DSA2/.*PQGVer" ] + +); + +# ECDSA and ECDSA2 tests +my @fips_ecdsa_test_list = ( + + "ECDSA", + + [ "KeyPair", "fips_ecdsavs KeyPair", "path:/ECDSA/.*KeyPair" ], + [ "PKV", "fips_ecdsavs PKV", "path:/ECDSA/.*PKV" ], + [ "SigGen", "fips_ecdsavs SigGen", "path:/ECDSA/.*SigGen" ], + [ "SigVer", "fips_ecdsavs SigVer", "path:/ECDSA/.*SigVer" ], + + "ECDSA2", + + [ "KeyPair", "fips_ecdsavs KeyPair", "path:/ECDSA2/.*KeyPair" ], + [ "PKV", "fips_ecdsavs PKV", "path:/ECDSA2/.*PKV" ], + [ "SigGen", "fips_ecdsavs SigGen", "path:/ECDSA2/.*SigGen" ], + [ "SigVer", "fips_ecdsavs SigVer", "path:/ECDSA2/.*SigVer" ], ); @@ -49,9 +81,9 @@ my @fips_rsa_test_list = ( my @fips_rsa_pss0_test_list = ( [ "SigGenPSS(0)", "fips_rsastest -saltlen 0", - '^\s*#\s*salt\s+len:\s+0\s*$' ], + 'file:^\s*#\s*salt\s+len:\s+0\s*$' ], [ "SigVerPSS(0)", "fips_rsavtest -saltlen 0", - '^\s*#\s*salt\s+len:\s+0\s*$' ], + 'file:^\s*#\s*salt\s+len:\s+0\s*$' ], ); @@ -59,9 +91,9 @@ my @fips_rsa_pss0_test_list = ( my @fips_rsa_pss62_test_list = ( [ "SigGenPSS(62)", "fips_rsastest -saltlen 62", - '^\s*#\s*salt\s+len:\s+62\s*$' ], + 'file:^\s*#\s*salt\s+len:\s+62\s*$' ], [ "SigVerPSS(62)", "fips_rsavtest -saltlen 62", - '^\s*#\s*salt\s+len:\s+62\s*$' ], + 'file:^\s*#\s*salt\s+len:\s+62\s*$' ], ); # SHA tests @@ -299,6 +331,9 @@ my @fips_aes_gcm_test_list = ( [ "gcmDecrypt128", "fips_gcmtest -decrypt" ], [ "gcmDecrypt192", "fips_gcmtest -decrypt" ], [ "gcmDecrypt256", "fips_gcmtest -decrypt" ], + [ "gcmEncryptIntIV128", "fips_gcmtest -encrypt" ], + [ "gcmEncryptIntIV192", "fips_gcmtest -encrypt" ], + [ "gcmEncryptIntIV256", "fips_gcmtest -encrypt" ], ); @@ -399,7 +434,9 @@ my @fips_drbg_test_list = ( # SP800-90 DRBG tests "SP800-90 DRBG", [ "CTR_DRBG", "fips_drbgvs" ], - [ "Hash_DRBG", "fips_drbgvs" ] + [ "Dual_EC_DRBG", "fips_drbgvs" ], + [ "Hash_DRBG", "fips_drbgvs" ], + [ "HMAC_DRBG", "fips_drbgvs" ] ); @@ -416,10 +453,11 @@ my @fips_ecdh_test_list = ( # ECDH "ECDH Ephemeral Primitives Only", - [ "KASValidityTest_ECCEphemeralUnified_NOKC_ZZOnly_init", - "fips_ecdhvs ecdhver" ], - [ "KASValidityTest_ECCEphemeralUnified_NOKC_ZZOnly_resp", - "fips_ecdhvs ecdhver" ], + [ "KAS_ECC_CDH_PrimitiveTest", "fips_ecdhvs ecdhgen" ], +# [ "KASValidityTest_ECCEphemeralUnified_NOKC_ZZOnly_init", +# "fips_ecdhvs ecdhver" ], +# [ "KASValidityTest_ECCEphemeralUnified_NOKC_ZZOnly_resp", +# "fips_ecdhvs ecdhver" ], ); @@ -453,7 +491,7 @@ my $debug = 0; my $quiet = 0; my $notest = 0; my $verify = 1; -my $rspdir = "rsp"; +my $rspdir = "resp"; my $ignore_missing = 0; my $ignore_bogus = 0; my $bufout = ''; @@ -461,28 +499,34 @@ my $list_tests = 0; my $minimal_script = 0; my $outfile = ''; my $no_warn_missing = 0; +my $no_warn_bogus = 0; +my $rmcmd = "rm -rf"; +my $mkcmd = "mkdir"; my %fips_enabled = ( dsa => 1, - "dsa-pqgver" => 0, + dsa2 => 2, + "dsa-pqgver" => 2, + ecdsa => 2, rsa => 1, "rsa-pss0" => 0, "rsa-pss62" => 1, sha => 1, hmac => 1, - cmac => 0, + cmac => 2, "rand-aes" => 1, "rand-des2" => 0, aes => 1, - "aes-cfb1" => 0, + "aes-cfb1" => 2, des3 => 1, - "des3-cfb1" => 0, - drbg => 0, - ccm => 0, - xts => 0, - gcm => 0, + "des3-cfb1" => 2, + drbg => 2, + "aes-ccm" => 2, + "aes-xts" => 2, + "aes-gcm" => 2, dh => 0, - ecdh => 0, + ecdh => 2, + v2 => 0, ); foreach (@ARGV) { @@ -502,6 +546,10 @@ foreach (@ARGV) { elsif ( $_ eq "--ignore-missing" ) { $ignore_missing = 1; } + elsif ( $_ eq "--quiet-bogus" ) { + $ignore_bogus = 1; + $no_warn_bogus = 1; + } elsif ( $_ eq "--ignore-bogus" ) { $ignore_bogus = 1; } @@ -529,9 +577,15 @@ foreach (@ARGV) { elsif (/--tprefix=(.*)$/) { $tprefix = $1; } + elsif (/^--disable-all$/) { + foreach (keys %fips_enabled) { + $fips_enabled{$_} = 0; + } + } elsif (/^--(enable|disable)-(.*)$/) { if ( !exists $fips_enabled{$2} ) { print STDERR "Unknown test $2\n"; + exit(1); } if ( $1 eq "enable" ) { $fips_enabled{$2} = 1; @@ -543,6 +597,15 @@ foreach (@ARGV) { elsif (/--filter=(.*)$/) { $filter = $1; } + elsif (/--rm=(.*)$/) { + $rmcmd = $1; + } + elsif (/--script-tprefix=(.*)$/) { + $stprefix = $1; + } + elsif (/--mkdir=(.*)$/) { + $mkcmd = $1; + } elsif (/^--list-tests$/) { $list_tests = 1; } @@ -554,8 +617,17 @@ foreach (@ARGV) { my @fips_test_list; + +if (!$fips_enabled{"v2"}) { + foreach (keys %fips_enabled) { + $fips_enabled{$_} = 0 if $fips_enabled{$_} == 2; + } +} + push @fips_test_list, @fips_dsa_test_list if $fips_enabled{"dsa"}; push @fips_test_list, @fips_dsa_pqgver_test_list if $fips_enabled{"dsa-pqgver"}; +push @fips_test_list, @fips_dsa2_test_list if $fips_enabled{"dsa2"}; +push @fips_test_list, @fips_ecdsa_test_list if $fips_enabled{"ecdsa"}; push @fips_test_list, @fips_rsa_test_list if $fips_enabled{"rsa"}; push @fips_test_list, @fips_rsa_pss0_test_list if $fips_enabled{"rsa-pss0"}; push @fips_test_list, @fips_rsa_pss62_test_list if $fips_enabled{"rsa-pss62"}; @@ -591,8 +663,6 @@ foreach (@fips_test_list) { my $nm = $$_[0]; $$_[3] = ""; $$_[4] = ""; - print STDERR "Duplicate test $nm\n" if exists $fips_tests{$nm}; - $fips_tests{$nm} = $_; } $tvdir = "." unless defined $tvdir; @@ -668,7 +738,7 @@ $cmd: generate run CAVP algorithm tests --dir= Optional root for *.req file search --filter= --onedir Assume all components in current directory - --rspdir= Name of subdirectories containing *.rsp files, default "rsp" + --rspdir= Name of subdirectories containing *.rsp files, default "resp" --tprefix= --ignore-bogus Ignore duplicate or bogus files --ignore-missing Ignore missing test files @@ -683,7 +753,7 @@ EOF while (my ($key, $value) = each %fips_enabled) { printf "\t\t%-20s(%s by default)\n", $key , - $value ? "enabled" : "disabled"; + $value == 1 ? "enabled" : "disabled"; } } @@ -741,7 +811,7 @@ sub find_files { } } else { - print STDERR "WARNING: bogus file $_\n"; + print STDERR "WARNING: bogus file $_\n" unless $no_warn_bogus; $nbogus++; } } @@ -761,7 +831,7 @@ sub find_files { } elsif ( !/SHAmix\.req$/ ) { - print STDERR "WARNING: unrecognized filename $_\n"; + print STDERR "WARNING: unrecognized filename $_\n" unless $no_warn_bogus; $nbogus++; } } @@ -781,9 +851,21 @@ sub find_test { my ( $test, $path ) = @_; foreach $tref (@fips_test_list) { next unless ref($tref); - my ( $tst, $cmd, $regexp, $req, $resp ) = @$tref; + my ( $tst, $cmd, $excmd, $req, $resp ) = @$tref; + my $regexp; $tst =~ s/\(.*$//; - if ($tst eq $test) { + $test =~ s/_186-2//; + if (defined $excmd) { + if ($excmd =~ /^path:(.*)$/) { + my $fmatch = $1; + return $tref if ($path =~ /$fmatch/); + next; + } + elsif ($excmd =~ /^file:(.*)$/) { + $regexp = $1; + } + } + if ($test eq $tst) { return $tref if (!defined $regexp); my $found = 0; my $line; @@ -855,7 +937,8 @@ echo Running Algorithm Tests END } else { - print OUT <<\END; + $stprefix = $tprefix unless defined $stprefix; + print OUT <