Sample FIPS object file integrity checking script.

diff --git a/ms/fipscheck.pl b/ms/fipscheck.pl
new file mode 100644 (file)
index 0000000..80ffbd1
--- /dev/null
+++ b/ms/fipscheck.pl
@@ -0,0 +1,38 @@
+#!/usr/bin/perl
+
+# fipscheck.pl
+# sample perl script to check integrity of critical FIPS files
+
+my ($fipsdir) = @ARGV;
+
+die "Directory $fipsdir not found or invalid" unless -d $fipsdir;
+
+die "Standalone SHA1 check program ${fipsdir}/fips_standalone_sha1.exe not found" unless -f "${fipsdir}/fips_standalone_sha1.exe";
+
+check_hash("fips_premain.c", $fipsdir);
+check_hash("fipscanister.o", $fipsdir);
+
+sub check_hash
+       {
+       my ($filename, $dir) = @_;
+       my ($hashfile, $hashval);
+
+       $filename = "$dir/$filename";
+
+       die "File $filename does not exist" unless -f $filename;
+       die "File ${filename}.sha1 does not exist" unless -f "${filename}.sha1";
+
+       open(IN, "${filename}.sha1") || die "Cannot open file hash file ${filename}.sha1";
+       $hashfile = <IN>;
+       close IN;
+       $hashval = `${dir}/fips_standalone_sha1.exe $filename`;
+       chomp $hashfile;
+       chomp $hashval;
+       $hashfile =~ s/^.*=\s+//;
+       $hashval =~ s/^.*=\s+//;
+       die "Invalid hash syntax in file" if (length($hashfile) != 40);
+       die "Invalid hash received for file" if (length($hashval) != 40);
+       die "*** HASH VALUE MISMATCH FOR FILE $filename ***" if ($hashval ne $hashfile); 
+       }
+
+