# file names are consistent but the pathnames are not).
#
+# FIPS test definitions
# List of all the unqualified file names we expect and command lines to run
-my @fips_test_list = (
- # FIPS test definitions
-
- # DSA tests
+# DSA tests
+my @fips_dsa_test_list = (
"DSA",
[ "PQGGen", "fips_dssvs pqg" ],
[ "KeyPair", "fips_dssvs keypair" ],
[ "SigGen", "fips_dssvs siggen" ],
- [ "SigVer", "fips_dssvs sigver" ],
+ [ "SigVer", "fips_dssvs sigver" ]
+
+);
+
+# RSA tests
- # RSA tests
+my @fips_rsa_test_list = (
"RSA",
[ "SigVer15", "fips_rsavtest" ],
[ "SigVerRSA", "fips_rsavtest -x931" ],
[ "KeyGenRSA", "fips_rsagtest" ],
- [ "SigGenRSA", "fips_rsastest -x931" ],
+ [ "SigGenRSA", "fips_rsastest -x931" ]
+
+);
+
+# Special cases for PSS. The filename itself is
+# not sufficient to determine the test. Addditionally we
+# need to examine the file contents to determine the salt length
+# In these cases the test filename has (saltlen) appended.
- # Special cases for PSS. The filename itself is
- # not sufficient to determine the test. Addditionally we
- # need to examine the file contents to determine the salt length
- # In these cases the test filename has (saltlen) appended.
+# RSA PSS salt length 0 tests
- [ "SigGenPSS(0)", "fips_rsastest -saltlen 0" ],
- [ "SigVerPSS(0)", "fips_rsavtest -saltlen 0" ],
+my @fips_rsa_pss0_test_list = (
+
+ [ "SigGenPSS(0)", "fips_rsastest -saltlen 0" ],
+ [ "SigVerPSS(0)", "fips_rsavtest -saltlen 0" ]
+
+);
+
+# RSA PSS salt length 62 tests
+
+my @fips_rsa_pss62_test_list = (
[ "SigGenPSS(62)", "fips_rsastest -saltlen 62" ],
- [ "SigVerPSS(62)", "fips_rsavtest -saltlen 62" ],
+ [ "SigVerPSS(62)", "fips_rsavtest -saltlen 62" ]
+
+);
+
+# SHA tests
- # SHA tests
+my @fips_sha_test_list = (
"SHA",
[ "SHA384ShortMsg", "fips_shatest" ],
[ "SHA512LongMsg", "fips_shatest" ],
[ "SHA512Monte", "fips_shatest" ],
- [ "SHA512ShortMsg", "fips_shatest" ],
+ [ "SHA512ShortMsg", "fips_shatest" ]
+
+);
- # HMAC
+# HMAC
+
+my @fips_hmac_test_list = (
"HMAC",
- [ "HMAC", "fips_hmactest" ],
+ [ "HMAC", "fips_hmactest" ]
+
+);
- # RAND tests
+# RAND tests, AES version
- "RAND",
+my @fips_rand_aes_test_list = (
+
+ "RAND (AES)",
[ "ANSI931_AES128MCT", "fips_rngvs mct" ],
[ "ANSI931_AES192MCT", "fips_rngvs mct" ],
[ "ANSI931_AES256MCT", "fips_rngvs mct" ],
[ "ANSI931_AES128VST", "fips_rngvs vst" ],
[ "ANSI931_AES192VST", "fips_rngvs vst" ],
- [ "ANSI931_AES256VST", "fips_rngvs vst" ],
+ [ "ANSI931_AES256VST", "fips_rngvs vst" ]
+
+);
- # AES tests
+# AES tests
+
+my @fips_aes_test_list = (
"AES",
[ "OFBVarKey256", "fips_aesavs -f" ],
[ "OFBVarTxt128", "fips_aesavs -f" ],
[ "OFBVarTxt192", "fips_aesavs -f" ],
- [ "OFBVarTxt256", "fips_aesavs -f" ],
+ [ "OFBVarTxt256", "fips_aesavs -f" ]
+
+);
+
+my @fips_aes_cfb1_test_list = (
+
+ # AES CFB1 tests
+
+ [ "CFB1GFSbox128", "fips_aesavs -f" ],
+ [ "CFB1GFSbox192", "fips_aesavs -f" ],
+ [ "CFB1GFSbox256", "fips_aesavs -f" ],
+ [ "CFB1KeySbox128", "fips_aesavs -f" ],
+ [ "CFB1KeySbox192", "fips_aesavs -f" ],
+ [ "CFB1KeySbox256", "fips_aesavs -f" ],
+ [ "CFB1MCT128", "fips_aesavs -f" ],
+ [ "CFB1MCT192", "fips_aesavs -f" ],
+ [ "CFB1MCT256", "fips_aesavs -f" ],
+ [ "CFB1MMT128", "fips_aesavs -f" ],
+ [ "CFB1MMT192", "fips_aesavs -f" ],
+ [ "CFB1MMT256", "fips_aesavs -f" ],
+ [ "CFB1VarKey128", "fips_aesavs -f" ],
+ [ "CFB1VarKey192", "fips_aesavs -f" ],
+ [ "CFB1VarKey256", "fips_aesavs -f" ],
+ [ "CFB1VarTxt128", "fips_aesavs -f" ],
+ [ "CFB1VarTxt192", "fips_aesavs -f" ],
+ [ "CFB1VarTxt256", "fips_aesavs -f" ]
+
+);
+
+# Triple DES tests
- # Triple DES tests
+my @fips_des3_test_list = (
"Triple DES",
[ "TOFBpermop", "fips_desmovs -f" ],
[ "TOFBsubtab", "fips_desmovs -f" ],
[ "TOFBvarkey", "fips_desmovs -f" ],
- [ "TOFBvartext", "fips_desmovs -f" ],
+ [ "TOFBvartext", "fips_desmovs -f" ]
);
-my @fips_cfb1_tests = (
-
- # AES CFB1 tests
-
- [ "CFB1GFSbox128", "fips_aesavs -f" ],
- [ "CFB1GFSbox192", "fips_aesavs -f" ],
- [ "CFB1GFSbox256", "fips_aesavs -f" ],
- [ "CFB1KeySbox128", "fips_aesavs -f" ],
- [ "CFB1KeySbox192", "fips_aesavs -f" ],
- [ "CFB1KeySbox256", "fips_aesavs -f" ],
- [ "CFB1MCT128", "fips_aesavs -f" ],
- [ "CFB1MCT192", "fips_aesavs -f" ],
- [ "CFB1MCT256", "fips_aesavs -f" ],
- [ "CFB1MMT128", "fips_aesavs -f" ],
- [ "CFB1MMT192", "fips_aesavs -f" ],
- [ "CFB1MMT256", "fips_aesavs -f" ],
- [ "CFB1VarKey128", "fips_aesavs -f" ],
- [ "CFB1VarKey192", "fips_aesavs -f" ],
- [ "CFB1VarKey256", "fips_aesavs -f" ],
- [ "CFB1VarTxt128", "fips_aesavs -f" ],
- [ "CFB1VarTxt192", "fips_aesavs -f" ],
- [ "CFB1VarTxt256", "fips_aesavs -f" ]
-
-);
-
-foreach (@fips_test_list) {
- next unless ref($_);
- my $nm = $_->[0];
- $_->[2] = "";
- $_->[3] = "";
- print STDERR "Duplicate test $nm\n" if exists $fips_tests{$nm};
- $fips_tests{$nm} = $_;
-}
-
# Verification special cases.
# In most cases the output of a test is deterministic and
# it can be compared to a known good result. A few involve
my $verify = 1;
my $rspdir = "rsp";
my $ignore_missing = 0;
-my $ignore_bogus = 1;
+my $ignore_bogus = 0;
my $bufout = '';
+my $list_tests = 0;
+
+my %fips_enabled = (
+ dsa => 1,
+ rsa => 1,
+ "rsa-pss0" => 0,
+ "rsa-pss62" => 1,
+ sha => 1,
+ hmac => 1,
+ "rand-aes" => 1,
+ aes => 1,
+ "aes-cfb1" => 0,
+ des3 => 1
+);
foreach (@ARGV) {
if ( $_ eq "--win32" ) {
elsif (/--shwrap_prefix=(.*)$/) {
$shwrap_prefix = $1;
}
+ elsif (/^--(enable|disable)-(.*)$/) {
+ if ( !exists $fips_enabled{$2} ) {
+ print STDERR "Unknown test $2\n";
+ }
+ if ( $1 eq "enable" ) {
+ $fips_enabled{$2} = 1;
+ }
+ else {
+ $fips_enabled{$2} = 0;
+ }
+ }
elsif (/--filter=(.*)$/) {
$filter = $1;
}
+ elsif (/^--list-tests$/) {
+ $list_tests = 1;
+ }
else {
Help();
exit(1);
}
}
+my @fips_test_list;
+
+push @fips_test_list, @fips_dsa_test_list if $fips_enabled{"dsa"};
+push @fips_test_list, @fips_rsa_test_list if $fips_enabled{"rsa"};
+push @fips_test_list, @fips_rsa_pss0_test_list if $fips_enabled{"rsa-pss0"};
+push @fips_test_list, @fips_rsa_pss62_test_list if $fips_enabled{"rsa-pss62"};
+push @fips_test_list, @fips_sha_test_list if $fips_enabled{"sha"};
+push @fips_test_list, @fips_hmac_test_list if $fips_enabled{"hmac"};
+push @fips_test_list, @fips_rand_aes_test_list if $fips_enabled{"rand-aes"};
+push @fips_test_list, @fips_aes_test_list if $fips_enabled{"aes"};
+push @fips_test_list, @fips_aes_cfb1_test_list if $fips_enabled{"aes-cfb1"};
+push @fips_test_list, @fips_des3_test_list if $fips_enabled{"des3"};
+
+if ($list_tests) {
+ my ( $test, $en );
+ print "=====TEST LIST=====\n";
+ foreach $test ( sort keys %fips_enabled ) {
+ $en = $fips_enabled{$test};
+ $test =~ tr/[a-z]/[A-Z]/;
+ printf "%-10s %s\n", $test, $en ? "enabled" : "disabled";
+ }
+ exit(0);
+}
+
+foreach (@fips_test_list) {
+ next unless ref($_);
+ my $nm = $_->[0];
+ $_->[2] = "";
+ $_->[3] = "";
+ print STDERR "Duplicate test $nm\n" if exists $fips_tests{$nm};
+ $fips_tests{$nm} = $_;
+}
+
$tvdir = "." unless defined $tvdir;
if ($win32) {
sanity_check_files();
my ( $runerr, $cmperr, $cmpok, $scheckrunerr, $scheckerr, $scheckok, $skipcnt )
- = ( 0, 0, 0, 0, 0, 0 );
+ = ( 0, 0, 0, 0, 0, 0, 0 );
exit(0) if $notest;
projects / oweals / openssl.git / commitdiff