Enforce minimum key sizes in FIPS mode.
[oweals/openssl.git] / fips-1.0 / mkfipsscr.pl
1 #!/usr/local/bin/perl -w
2
3 my %fips_tests = (
4
5 # FIPS test definitions
6
7 # DSA tests
8
9 "PQGGen" => "fips_dssvs pqg",
10 "KeyPair" => "fips_dssvs keypair",
11 "SigGen" => "fips_dssvs siggen",
12 "SigVer" => "fips_dssvs sigver",
13
14 # SHA tests
15
16 "SHA1LongMsg" => "fips_shatest",
17 "SHA1Monte" => "fips_shatest",
18 "SHA1ShortMsg" => "fips_shatest",
19 "SHA224LongMsg" => "fips_shatest",
20 "SHA224Monte" => "fips_shatest",
21 "SHA224ShortMsg" => "fips_shatest",
22 "SHA256LongMsg" => "fips_shatest",
23 "SHA256Monte" => "fips_shatest",
24 "SHA256ShortMsg" => "fips_shatest",
25 "SHA384LongMsg" => "fips_shatest",
26 "SHA384Monte" => "fips_shatest",
27 "SHA384ShortMsg" => "fips_shatest",
28 "SHA512LongMsg" => "fips_shatest",
29 "SHA512Monte" => "fips_shatest",
30 "SHA512ShortMsg" => "fips_shatest",
31
32 # HMAC
33
34 "HMAC" => "fips_hmactest",
35
36 # RAND tests
37
38 "ANSI931_AES128MCT" => "fips_rngvs mct",
39 "ANSI931_AES192MCT" => "fips_rngvs mct",
40 "ANSI931_AES256MCT" => "fips_rngvs mct",
41 "ANSI931_AES128VST" => "fips_rngvs vst",
42 "ANSI931_AES192VST" => "fips_rngvs vst",
43 "ANSI931_AES256VST" => "fips_rngvs vst",
44
45 # RSA tests
46
47 "SigGen15" => "fips_rsastest",
48 "SigVer15" => "fips_rsavtest",
49 "SigGenPSS" => "fips_rsastest -saltlen SALT",
50 "SigVerPSS" => "fips_rsavtest -saltlen SALT",
51 "SigGenRSA" => "fips_rsastest -x931",
52 "SigVerRSA" => "fips_rsavtest -x931",
53 "KeyGenRSA" => "fips_rsagtest",
54
55 # AES tests
56
57 "CBCGFSbox128" => "fips_aesavs -f",
58 "CBCGFSbox192" => "fips_aesavs -f",
59 "CBCGFSbox256" => "fips_aesavs -f",
60 "CBCKeySbox128" => "fips_aesavs -f",
61 "CBCKeySbox192" => "fips_aesavs -f",
62 "CBCKeySbox256" => "fips_aesavs -f",
63 "CBCMCT128" => "fips_aesavs -f",
64 "CBCMCT192" => "fips_aesavs -f",
65 "CBCMCT256" => "fips_aesavs -f",
66 "CBCMMT128" => "fips_aesavs -f",
67 "CBCMMT192" => "fips_aesavs -f",
68 "CBCMMT256" => "fips_aesavs -f",
69 "CBCVarKey128" => "fips_aesavs -f",
70 "CBCVarKey192" => "fips_aesavs -f",
71 "CBCVarKey256" => "fips_aesavs -f",
72 "CBCVarTxt128" => "fips_aesavs -f",
73 "CBCVarTxt192" => "fips_aesavs -f",
74 "CBCVarTxt256" => "fips_aesavs -f",
75 "CFB128GFSbox128" => "fips_aesavs -f",
76 "CFB128GFSbox192" => "fips_aesavs -f",
77 "CFB128GFSbox256" => "fips_aesavs -f",
78 "CFB128KeySbox128" => "fips_aesavs -f",
79 "CFB128KeySbox192" => "fips_aesavs -f",
80 "CFB128KeySbox256" => "fips_aesavs -f",
81 "CFB128MCT128" => "fips_aesavs -f",
82 "CFB128MCT192" => "fips_aesavs -f",
83 "CFB128MCT256" => "fips_aesavs -f",
84 "CFB128MMT128" => "fips_aesavs -f",
85 "CFB128MMT192" => "fips_aesavs -f",
86 "CFB128MMT256" => "fips_aesavs -f",
87 "CFB128VarKey128" => "fips_aesavs -f",
88 "CFB128VarKey192" => "fips_aesavs -f",
89 "CFB128VarKey256" => "fips_aesavs -f",
90 "CFB128VarTxt128" => "fips_aesavs -f",
91 "CFB128VarTxt192" => "fips_aesavs -f",
92 "CFB128VarTxt256" => "fips_aesavs -f",
93 "CFB8GFSbox128" => "fips_aesavs -f",
94 "CFB8GFSbox192" => "fips_aesavs -f",
95 "CFB8GFSbox256" => "fips_aesavs -f",
96 "CFB8KeySbox128" => "fips_aesavs -f",
97 "CFB8KeySbox192" => "fips_aesavs -f",
98 "CFB8KeySbox256" => "fips_aesavs -f",
99 "CFB8MCT128" => "fips_aesavs -f",
100 "CFB8MCT192" => "fips_aesavs -f",
101 "CFB8MCT256" => "fips_aesavs -f",
102 "CFB8MMT128" => "fips_aesavs -f",
103 "CFB8MMT192" => "fips_aesavs -f",
104 "CFB8MMT256" => "fips_aesavs -f",
105 "CFB8VarKey128" => "fips_aesavs -f",
106 "CFB8VarKey192" => "fips_aesavs -f",
107 "CFB8VarKey256" => "fips_aesavs -f",
108 "CFB8VarTxt128" => "fips_aesavs -f",
109 "CFB8VarTxt192" => "fips_aesavs -f",
110 "CFB8VarTxt256" => "fips_aesavs -f",
111 "ECBGFSbox128" => "fips_aesavs -f",
112 "ECBGFSbox192" => "fips_aesavs -f",
113 "ECBGFSbox256" => "fips_aesavs -f",
114 "ECBKeySbox128" => "fips_aesavs -f",
115 "ECBKeySbox192" => "fips_aesavs -f",
116 "ECBKeySbox256" => "fips_aesavs -f",
117 "ECBMCT128" => "fips_aesavs -f",
118 "ECBMCT192" => "fips_aesavs -f",
119 "ECBMCT256" => "fips_aesavs -f",
120 "ECBMMT128" => "fips_aesavs -f",
121 "ECBMMT192" => "fips_aesavs -f",
122 "ECBMMT256" => "fips_aesavs -f",
123 "ECBVarKey128" => "fips_aesavs -f",
124 "ECBVarKey192" => "fips_aesavs -f",
125 "ECBVarKey256" => "fips_aesavs -f",
126 "ECBVarTxt128" => "fips_aesavs -f",
127 "ECBVarTxt192" => "fips_aesavs -f",
128 "ECBVarTxt256" => "fips_aesavs -f",
129 "OFBGFSbox128" => "fips_aesavs -f",
130 "OFBGFSbox192" => "fips_aesavs -f",
131 "OFBGFSbox256" => "fips_aesavs -f",
132 "OFBKeySbox128" => "fips_aesavs -f",
133 "OFBKeySbox192" => "fips_aesavs -f",
134 "OFBKeySbox256" => "fips_aesavs -f",
135 "OFBMCT128" => "fips_aesavs -f",
136 "OFBMCT192" => "fips_aesavs -f",
137 "OFBMCT256" => "fips_aesavs -f",
138 "OFBMMT128" => "fips_aesavs -f",
139 "OFBMMT192" => "fips_aesavs -f",
140 "OFBMMT256" => "fips_aesavs -f",
141 "OFBVarKey128" => "fips_aesavs -f",
142 "OFBVarKey192" => "fips_aesavs -f",
143 "OFBVarKey256" => "fips_aesavs -f",
144 "OFBVarTxt128" => "fips_aesavs -f",
145 "OFBVarTxt192" => "fips_aesavs -f",
146 "OFBVarTxt256" => "fips_aesavs -f",
147
148 # Triple DES tests
149
150 "TCBCinvperm" => "fips_desmovs -f",
151 "TCBCMMT1" => "fips_desmovs -f",
152 "TCBCMMT2" => "fips_desmovs -f",
153 "TCBCMMT3" => "fips_desmovs -f",
154 "TCBCMonte1" => "fips_desmovs -f",
155 "TCBCMonte2" => "fips_desmovs -f",
156 "TCBCMonte3" => "fips_desmovs -f",
157 "TCBCpermop" => "fips_desmovs -f",
158 "TCBCsubtab" => "fips_desmovs -f",
159 "TCBCvarkey" => "fips_desmovs -f",
160 "TCBCvartext" => "fips_desmovs -f",
161 "TCFB64invperm" => "fips_desmovs -f",
162 "TCFB64MMT1" => "fips_desmovs -f",
163 "TCFB64MMT2" => "fips_desmovs -f",
164 "TCFB64MMT3" => "fips_desmovs -f",
165 "TCFB64Monte1" => "fips_desmovs -f",
166 "TCFB64Monte2" => "fips_desmovs -f",
167 "TCFB64Monte3" => "fips_desmovs -f",
168 "TCFB64permop" => "fips_desmovs -f",
169 "TCFB64subtab" => "fips_desmovs -f",
170 "TCFB64varkey" => "fips_desmovs -f",
171 "TCFB64vartext" => "fips_desmovs -f",
172 "TCFB8invperm" => "fips_desmovs -f",
173 "TCFB8MMT1" => "fips_desmovs -f",
174 "TCFB8MMT2" => "fips_desmovs -f",
175 "TCFB8MMT3" => "fips_desmovs -f",
176 "TCFB8Monte1" => "fips_desmovs -f",
177 "TCFB8Monte2" => "fips_desmovs -f",
178 "TCFB8Monte3" => "fips_desmovs -f",
179 "TCFB8permop" => "fips_desmovs -f",
180 "TCFB8subtab" => "fips_desmovs -f",
181 "TCFB8varkey" => "fips_desmovs -f",
182 "TCFB8vartext" => "fips_desmovs -f",
183 "TECBinvperm" => "fips_desmovs -f",
184 "TECBMMT1" => "fips_desmovs -f",
185 "TECBMMT2" => "fips_desmovs -f",
186 "TECBMMT3" => "fips_desmovs -f",
187 "TECBMonte1" => "fips_desmovs -f",
188 "TECBMonte2" => "fips_desmovs -f",
189 "TECBMonte3" => "fips_desmovs -f",
190 "TECBpermop" => "fips_desmovs -f",
191 "TECBsubtab" => "fips_desmovs -f",
192 "TECBvarkey" => "fips_desmovs -f",
193 "TECBvartext" => "fips_desmovs -f",
194 "TOFBinvperm" => "fips_desmovs -f",
195 "TOFBMMT1" => "fips_desmovs -f",
196 "TOFBMMT2" => "fips_desmovs -f",
197 "TOFBMMT3" => "fips_desmovs -f",
198 "TOFBMonte1" => "fips_desmovs -f",
199 "TOFBMonte2" => "fips_desmovs -f",
200 "TOFBMonte3" => "fips_desmovs -f",
201 "TOFBpermop" => "fips_desmovs -f",
202 "TOFBsubtab" => "fips_desmovs -f",
203 "TOFBvarkey" => "fips_desmovs -f",
204 "TOFBvartext" => "fips_desmovs -f",
205 "TCBCinvperm" => "fips_desmovs -f",
206 "TCBCMMT1" => "fips_desmovs -f",
207 "TCBCMMT2" => "fips_desmovs -f",
208 "TCBCMMT3" => "fips_desmovs -f",
209 "TCBCMonte1" => "fips_desmovs -f",
210 "TCBCMonte2" => "fips_desmovs -f",
211 "TCBCMonte3" => "fips_desmovs -f",
212 "TCBCpermop" => "fips_desmovs -f",
213 "TCBCsubtab" => "fips_desmovs -f",
214 "TCBCvarkey" => "fips_desmovs -f",
215 "TCBCvartext" => "fips_desmovs -f",
216 "TCFB64invperm" => "fips_desmovs -f",
217 "TCFB64MMT1" => "fips_desmovs -f",
218 "TCFB64MMT2" => "fips_desmovs -f",
219 "TCFB64MMT3" => "fips_desmovs -f",
220 "TCFB64Monte1" => "fips_desmovs -f",
221 "TCFB64Monte2" => "fips_desmovs -f",
222 "TCFB64Monte3" => "fips_desmovs -f",
223 "TCFB64permop" => "fips_desmovs -f",
224 "TCFB64subtab" => "fips_desmovs -f",
225 "TCFB64varkey" => "fips_desmovs -f",
226 "TCFB64vartext" => "fips_desmovs -f",
227 "TCFB8invperm" => "fips_desmovs -f",
228 "TCFB8MMT1" => "fips_desmovs -f",
229 "TCFB8MMT2" => "fips_desmovs -f",
230 "TCFB8MMT3" => "fips_desmovs -f",
231 "TCFB8Monte1" => "fips_desmovs -f",
232 "TCFB8Monte2" => "fips_desmovs -f",
233 "TCFB8Monte3" => "fips_desmovs -f",
234 "TCFB8permop" => "fips_desmovs -f",
235 "TCFB8subtab" => "fips_desmovs -f",
236 "TCFB8varkey" => "fips_desmovs -f",
237 "TCFB8vartext" => "fips_desmovs -f",
238 "TECBinvperm" => "fips_desmovs -f",
239 "TECBMMT1" => "fips_desmovs -f",
240 "TECBMMT2" => "fips_desmovs -f",
241 "TECBMMT3" => "fips_desmovs -f",
242 "TECBMonte1" => "fips_desmovs -f",
243 "TECBMonte2" => "fips_desmovs -f",
244 "TECBMonte3" => "fips_desmovs -f",
245 "TECBpermop" => "fips_desmovs -f",
246 "TECBsubtab" => "fips_desmovs -f",
247 "TECBvarkey" => "fips_desmovs -f",
248 "TECBvartext" => "fips_desmovs -f",
249 "TOFBinvperm" => "fips_desmovs -f",
250 "TOFBMMT1" => "fips_desmovs -f",
251 "TOFBMMT2" => "fips_desmovs -f",
252 "TOFBMMT3" => "fips_desmovs -f",
253 "TOFBMonte1" => "fips_desmovs -f",
254 "TOFBMonte2" => "fips_desmovs -f",
255 "TOFBMonte3" => "fips_desmovs -f",
256 "TOFBpermop" => "fips_desmovs -f",
257 "TOFBsubtab" => "fips_desmovs -f",
258 "TOFBvarkey" => "fips_desmovs -f",
259 "TOFBvartext" => "fips_desmovs -f"
260
261 );
262
263 my $win32 = 0;
264 my $onedir = 0;
265 my $filter = "";
266 my $tvdir;
267 my $tprefix;
268 my $shwrap_prefix;
269 my $debug = 0;
270 my $quiet = 0;
271
272 foreach (@ARGV)
273         {
274         if ($_ eq "--win32")
275                 {
276                 $win32 = 1;
277                 }
278         elsif ($_ eq "--onedir")
279                 {
280                 $onedir = 1;
281                 }
282         elsif ($_ eq "--debug")
283                 {
284                 $debug = 1;
285                 }
286         elsif ($_ eq "--quiet")
287                 {
288                 $quiet = 1;
289                 }
290         elsif (/--dir=(.*)$/)
291                 {
292                 $tvdir = $1;
293                 #       $tvdir .= "/" unless $tvdir =~ /\/$/;
294                 }
295         elsif (/--tprefix=(.*)$/)
296                 {
297                 $tprefix = $1;
298                 }
299         elsif (/--shwrap_prefix=(.*)$/)
300                 {
301                 $shwrap_prefix = $1;
302                 }
303         elsif (/--filter=(.*)$/)
304                 {
305                 $filter = $1;
306                 }
307         elsif (/--outfile=(.*)$/)
308                 {
309                 $outfile = $1;
310                 }
311         }
312
313 $tvdir = "." unless defined $tvdir;
314
315 if ($win32)
316         {
317         $tprefix = ".\\" unless defined $tprefix;
318         $outfile = "fipstests.bat" unless defined $outfile;
319         open(OUT, ">$outfile");
320
321         print OUT <<END;
322 \@echo off
323 rem Test vector run script
324 rem Auto generated by mkfipsscr.pl script
325 rem Do not edit
326
327 END
328
329         }
330 else
331         {
332         if ($onedir)
333                 {
334                 $tprefix = "./" unless defined $tprefix;
335                 $shwrap_prefix = "./" unless defined $shwrap_prefix;
336                 }
337         else
338                 {
339                 $tprefix = "../test/" unless defined $tprefix;
340                 $shwrap_prefix = "../util/" unless defined $shwrap_prefix;
341                 }
342         $outfile = "fipstests.sh" unless defined $outfile;
343         open(OUT, ">$outfile");
344
345         print OUT <<END;
346 #!/bin/sh
347
348 # Test vector run script
349 # Auto generated by mkfipsscr.pl script
350 # Do not edit
351
352 END
353
354         }
355 my %fips_found;
356 foreach (keys %fips_tests)
357         {
358         $fips_found{$_} = 0;
359         }
360
361 recurse_test($win32, $tprefix, $filter, $tvdir);
362
363 while (($key, $value) = each %fips_found)
364         {
365         if ($value == 0)
366                 {
367                 print STDERR "WARNING: test file $key not found\n" unless $quiet;
368                 }
369         elsif ($value > 1)
370                 {
371                 print STDERR "WARNING: test file $key found $value times\n" unless $quiet;
372                 }
373         else 
374                 {
375                 print STDERR "Found test file $key\n" if $debug;
376                 }
377         }
378
379
380 sub recurse_test
381         {
382         my ($win32, $tprefix, $filter, $dir) = @_;
383         my $dirh;
384         opendir($dirh, $dir);
385         while ($_ = readdir($dirh))
386                 {
387                 next if ($_ eq "." || $_ eq "..");
388                 $_ = "$dir/$_";
389                 if (-f "$_")
390                         {
391                         next unless /$filter.*\.req$/i;
392                         if (/\/([^\/]*)\.req$/ && exists $fips_tests{$1})
393                                 {
394                                 $fips_found{$1}++;
395                                 test_line($win32, $_, $tprefix, $fips_tests{$1});
396                                 }
397                         else
398                                 {
399                                 print STDERR "WARNING: unrecognized filename $_\n";
400                                 }
401                         }       
402                 elsif (-d "$_")
403                         {
404                         if (/$filter.*req$/i)
405                                 {
406                                 test_dir($win32, $_);
407                                 }
408                         recurse_test($win32, $tprefix, $filter, $_);
409                         }
410                 }
411         closedir($dirh);
412         }
413
414 sub test_dir
415         {
416         my ($win32, $req) = @_;
417         my $rsp = $req;
418         $rsp =~ s/req$/rsp/;
419         if ($win32)
420                 {
421                 $rsp =~ tr|/|\\|;
422                 $req =~ tr|/|\\|;
423                 print OUT <<END;
424
425 echo Running tests in $req
426 if exist "$rsp" rd /s /q "$rsp"
427 md "$rsp"
428 END
429                 }
430         else
431                 {
432                 print OUT <<END;
433
434 echo Running tests in "$req"
435 rm -rf "$rsp"
436 mkdir "$rsp"
437
438 END
439                 }
440         }
441
442 sub test_line
443         {
444         my ($win32, $req, $tprefix, $tcmd) = @_;
445         if ($tcmd =~ /-f$/)
446                 {
447                 if ($win32)
448                         {
449                         $req =~ tr|/|\\|;
450                         print OUT "$tprefix$tcmd \"$req\"\n";
451                         }
452                 else
453                         {
454                         print OUT <<END;
455 ${shwrap_prefix}shlib_wrap.sh $tprefix$tcmd "$req" || { echo "$req failure" ; exit 1 
456 }
457 END
458                         }
459                 return;
460                 }
461         if ($tcmd =~ /SALT$/)
462                 {
463                 open (IN, $req) || die "Can't Open File $req";
464                 my $saltlen;
465                 while (<IN>)
466                         {
467                         if (/^\s*#\s*salt\s+len:\s+(\d+)\s+$/i)
468                                 {
469                                 my $sl = $1;
470                                 print STDERR "$req salt length $sl\n" if $debug;
471                                 $tcmd =~ s/SALT$/$sl/;
472                                 last;
473                                 }
474                         }
475                 close IN;
476                 if ($tcmd =~ /SALT$/)
477                         {
478                         die "Can't detect salt length for $req";
479                         }
480                 }
481                 
482         my $rsp = $req;
483         $rsp =~ s/req\/([^\/]*).req$/rsp\/$1.rsp/;
484         if ($win32)
485                 {
486                 $req =~ tr|/|\\|;
487                 $rsp =~ tr|/|\\|;
488         print OUT "$tprefix$tcmd < \"$req\" > \"$rsp\"\n";
489                 }
490         else
491                 {
492                 print OUT <<END;
493 ${shwrap_prefix}shlib_wrap.sh $tprefix$tcmd < "$req" > "$rsp" || { echo "$req failure" ; exit 1; }
494 END
495                 }
496         }
497