From: Dr. Stephen Henson Date: Sun, 15 Jul 2007 12:01:54 +0000 (+0000) Subject: Enhance mkfipsscr.pl to handle different testvector paths and perform X-Git-Tag: FIPS_098_TEST_2~14 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=1b8b2d9300d80fb96c7221e49a2392efcc812074;p=oweals%2Fopenssl.git Enhance mkfipsscr.pl to handle different testvector paths and perform sanity checks. Make AES/TDES algorithm test programs quiet if VERBOSE is zero. --- diff --git a/CHANGES b/CHANGES index 96a0188daf..fafdfde578 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,12 @@ Changes between 0.9.8e and 0.9.8f-fips [xx XXX xxxx] + *) Enhance mkfipsscr.pl to cope with different directory layouts. It now + relies on the filename and makes no assumptions about the pathname. + In the case of PSS it scans the file to determine the salt length. + Paths can be filtered. Also reports duplicate and missing files. + [Steve Henson] + *) Updates to WIN32 build system. Make use of AES assembly language routines. Use assembly language routines in FIPS compilation. [Steve Henson] diff --git a/fips-1.0/aes/fips_aesavs.c b/fips-1.0/aes/fips_aesavs.c index cc1d18182e..5344aba124 100644 --- a/fips-1.0/aes/fips_aesavs.c +++ b/fips-1.0/aes/fips_aesavs.c @@ -647,12 +647,14 @@ int proc_file(char *rqfile) strncpy(amode, xp+1, n); amode[n] = '\0'; /* amode[3] = '\0'; */ - printf("Test = %s, Mode = %s\n", atest, amode); + if (VERBOSE) + printf("Test = %s, Mode = %s\n", atest, amode); } else if (strncasecmp(pp, "Key Length : ", 13) == 0) { akeysz = atoi(pp+13); - printf("Key size = %d\n", akeysz); + if (VERBOSE) + printf("Key size = %d\n", akeysz); } } } @@ -899,7 +901,8 @@ int main(int argc, char **argv) { strtok(fn, "\r\n"); strcpy(rfn, fn); - printf("Processing: %s\n", rfn); + if (VERBOSE) + printf("Processing: %s\n", rfn); if (proc_file(rfn)) { printf(">>> Processing failed for: %s <<<\n", rfn); @@ -910,7 +913,8 @@ int main(int argc, char **argv) } else /* single file */ { - printf("Processing: %s\n", fn); + if (VERBOSE) + printf("Processing: %s\n", fn); if (proc_file(fn)) { printf(">>> Processing failed for: %s <<<\n", fn); diff --git a/fips-1.0/des/fips_desmovs.c b/fips-1.0/des/fips_desmovs.c index 4e6c9a78e5..836c4a0b09 100644 --- a/fips-1.0/des/fips_desmovs.c +++ b/fips-1.0/des/fips_desmovs.c @@ -379,7 +379,8 @@ int proc_file(char *rqfile) strncpy(amode, xp+1, n); amode[n] = '\0'; /* amode[3] = '\0'; */ - printf("Test=%s, Mode=%s\n",atest,amode); + if (VERBOSE) + printf("Test=%s, Mode=%s\n",atest,amode); } } } @@ -682,7 +683,8 @@ int main(int argc, char **argv) } else /* single file */ { - printf("Processing: %s\n", fn); + if (VERBOSE) + printf("Processing: %s\n", fn); if (proc_file(fn)) { printf(">>> Processing failed for: %s <<<\n", fn); diff --git a/fips-1.0/mkfipsscr.pl b/fips-1.0/mkfipsscr.pl index 6402bcc252..094a647a82 100644 --- a/fips-1.0/mkfipsscr.pl +++ b/fips-1.0/mkfipsscr.pl @@ -1,75 +1,273 @@ #!/usr/local/bin/perl -w -my @fips_tests = ( +my %fips_tests = ( -# FIPS test descriptions +# FIPS test definitions # DSA tests -["dsa", "PQGGen", "fips_dssvs pqg"], -["dsa", "KeyPair", "fips_dssvs keypair"], -["dsa", "SigGen", "fips_dssvs siggen"], -["dsa", "SigVer", "fips_dssvs sigver"], +"PQGGen" => "fips_dssvs pqg", +"KeyPair" => "fips_dssvs keypair", +"SigGen" => "fips_dssvs siggen", +"SigVer" => "fips_dssvs sigver", # SHA tests -["sha", "SHA1LongMsg", "fips_shatest"], -["sha", "SHA1Monte", "fips_shatest"], -["sha", "SHA1ShortMsg", "fips_shatest"], -["sha", "SHA224LongMsg", "fips_shatest"], -["sha", "SHA224Monte", "fips_shatest"], -["sha", "SHA224ShortMsg", "fips_shatest"], -["sha", "SHA256LongMsg", "fips_shatest"], -["sha", "SHA256Monte", "fips_shatest"], -["sha", "SHA256ShortMsg", "fips_shatest"], -["sha", "SHA384LongMsg", "fips_shatest"], -["sha", "SHA384Monte", "fips_shatest"], -["sha", "SHA384ShortMsg", "fips_shatest"], -["sha", "SHA512LongMsg", "fips_shatest"], -["sha", "SHA512Monte", "fips_shatest"], -["sha", "SHA512ShortMsg", "fips_shatest"], - -# AES tests, file search mode -["aes", "\@dir", "fips_aesavs -f"], - -# DES tests, file search mode -["tdes", "\@dir", "fips_desmovs -f"], +"SHA1LongMsg" => "fips_shatest", +"SHA1Monte" => "fips_shatest", +"SHA1ShortMsg" => "fips_shatest", +"SHA224LongMsg" => "fips_shatest", +"SHA224Monte" => "fips_shatest", +"SHA224ShortMsg" => "fips_shatest", +"SHA256LongMsg" => "fips_shatest", +"SHA256Monte" => "fips_shatest", +"SHA256ShortMsg" => "fips_shatest", +"SHA384LongMsg" => "fips_shatest", +"SHA384Monte" => "fips_shatest", +"SHA384ShortMsg" => "fips_shatest", +"SHA512LongMsg" => "fips_shatest", +"SHA512Monte" => "fips_shatest", +"SHA512ShortMsg" => "fips_shatest", # HMAC -["hmac", "HMAC", "fips_hmactest"], +"HMAC" => "fips_hmactest", # RAND tests -["rng", "ANSI931_AES128MCT", "fips_rngvs mct"], -["rng", "ANSI931_AES192MCT", "fips_rngvs mct"], -["rng", "ANSI931_AES256MCT", "fips_rngvs mct"], -["rng", "ANSI931_AES128VST", "fips_rngvs vst"], -["rng", "ANSI931_AES192VST", "fips_rngvs vst"], -["rng", "ANSI931_AES256VST", "fips_rngvs vst"], +"ANSI931_AES128MCT" => "fips_rngvs mct", +"ANSI931_AES192MCT" => "fips_rngvs mct", +"ANSI931_AES256MCT" => "fips_rngvs mct", +"ANSI931_AES128VST" => "fips_rngvs vst", +"ANSI931_AES192VST" => "fips_rngvs vst", +"ANSI931_AES256VST" => "fips_rngvs vst", # RSA tests -["rsa", "SigGen15", "fips_rsastest"], -["rsa", "SigVer15", "fips_rsavtest"], -["rsa", "SigGenPSS", "fips_rsastest -saltlen 0"], -["rsa", "SigVerPSS", "fips_rsavtest -saltlen 0"], -["rsa", "SigGenRSA", "fips_rsastest -x931"], -["rsa", "SigVerRSA", "fips_rsavtest -x931"], -["rsa", "KeyGenRSA", "fips_rsagtest"], -["rsa_salt_62", "SigGenPSS", "fips_rsastest -saltlen 62"], -["rsa_salt_62", "SigVerPSS", "fips_rsavtest -saltlen 62"] +"SigGen15" => "fips_rsastest", +"SigVer15" => "fips_rsavtest", +"SigGenPSS" => "fips_rsastest -saltlen SALT", +"SigVerPSS" => "fips_rsavtest -saltlen SALT", +"SigGenRSA" => "fips_rsastest -x931", +"SigVerRSA" => "fips_rsavtest -x931", +"KeyGenRSA" => "fips_rsagtest", + +# AES tests + +"CBCGFSbox128" => "fips_aesavs -f", +"CBCGFSbox192" => "fips_aesavs -f", +"CBCGFSbox256" => "fips_aesavs -f", +"CBCKeySbox128" => "fips_aesavs -f", +"CBCKeySbox192" => "fips_aesavs -f", +"CBCKeySbox256" => "fips_aesavs -f", +"CBCMCT128" => "fips_aesavs -f", +"CBCMCT192" => "fips_aesavs -f", +"CBCMCT256" => "fips_aesavs -f", +"CBCMMT128" => "fips_aesavs -f", +"CBCMMT192" => "fips_aesavs -f", +"CBCMMT256" => "fips_aesavs -f", +"CBCVarKey128" => "fips_aesavs -f", +"CBCVarKey192" => "fips_aesavs -f", +"CBCVarKey256" => "fips_aesavs -f", +"CBCVarTxt128" => "fips_aesavs -f", +"CBCVarTxt192" => "fips_aesavs -f", +"CBCVarTxt256" => "fips_aesavs -f", +"CFB128GFSbox128" => "fips_aesavs -f", +"CFB128GFSbox192" => "fips_aesavs -f", +"CFB128GFSbox256" => "fips_aesavs -f", +"CFB128KeySbox128" => "fips_aesavs -f", +"CFB128KeySbox192" => "fips_aesavs -f", +"CFB128KeySbox256" => "fips_aesavs -f", +"CFB128MCT128" => "fips_aesavs -f", +"CFB128MCT192" => "fips_aesavs -f", +"CFB128MCT256" => "fips_aesavs -f", +"CFB128MMT128" => "fips_aesavs -f", +"CFB128MMT192" => "fips_aesavs -f", +"CFB128MMT256" => "fips_aesavs -f", +"CFB128VarKey128" => "fips_aesavs -f", +"CFB128VarKey192" => "fips_aesavs -f", +"CFB128VarKey256" => "fips_aesavs -f", +"CFB128VarTxt128" => "fips_aesavs -f", +"CFB128VarTxt192" => "fips_aesavs -f", +"CFB128VarTxt256" => "fips_aesavs -f", +"CFB8GFSbox128" => "fips_aesavs -f", +"CFB8GFSbox192" => "fips_aesavs -f", +"CFB8GFSbox256" => "fips_aesavs -f", +"CFB8KeySbox128" => "fips_aesavs -f", +"CFB8KeySbox192" => "fips_aesavs -f", +"CFB8KeySbox256" => "fips_aesavs -f", +"CFB8MCT128" => "fips_aesavs -f", +"CFB8MCT192" => "fips_aesavs -f", +"CFB8MCT256" => "fips_aesavs -f", +"CFB8MMT128" => "fips_aesavs -f", +"CFB8MMT192" => "fips_aesavs -f", +"CFB8MMT256" => "fips_aesavs -f", +"CFB8VarKey128" => "fips_aesavs -f", +"CFB8VarKey192" => "fips_aesavs -f", +"CFB8VarKey256" => "fips_aesavs -f", +"CFB8VarTxt128" => "fips_aesavs -f", +"CFB8VarTxt192" => "fips_aesavs -f", +"CFB8VarTxt256" => "fips_aesavs -f", +"ECBGFSbox128" => "fips_aesavs -f", +"ECBGFSbox192" => "fips_aesavs -f", +"ECBGFSbox256" => "fips_aesavs -f", +"ECBKeySbox128" => "fips_aesavs -f", +"ECBKeySbox192" => "fips_aesavs -f", +"ECBKeySbox256" => "fips_aesavs -f", +"ECBMCT128" => "fips_aesavs -f", +"ECBMCT192" => "fips_aesavs -f", +"ECBMCT256" => "fips_aesavs -f", +"ECBMMT128" => "fips_aesavs -f", +"ECBMMT192" => "fips_aesavs -f", +"ECBMMT256" => "fips_aesavs -f", +"ECBVarKey128" => "fips_aesavs -f", +"ECBVarKey192" => "fips_aesavs -f", +"ECBVarKey256" => "fips_aesavs -f", +"ECBVarTxt128" => "fips_aesavs -f", +"ECBVarTxt192" => "fips_aesavs -f", +"ECBVarTxt256" => "fips_aesavs -f", +"OFBGFSbox128" => "fips_aesavs -f", +"OFBGFSbox192" => "fips_aesavs -f", +"OFBGFSbox256" => "fips_aesavs -f", +"OFBKeySbox128" => "fips_aesavs -f", +"OFBKeySbox192" => "fips_aesavs -f", +"OFBKeySbox256" => "fips_aesavs -f", +"OFBMCT128" => "fips_aesavs -f", +"OFBMCT192" => "fips_aesavs -f", +"OFBMCT256" => "fips_aesavs -f", +"OFBMMT128" => "fips_aesavs -f", +"OFBMMT192" => "fips_aesavs -f", +"OFBMMT256" => "fips_aesavs -f", +"OFBVarKey128" => "fips_aesavs -f", +"OFBVarKey192" => "fips_aesavs -f", +"OFBVarKey256" => "fips_aesavs -f", +"OFBVarTxt128" => "fips_aesavs -f", +"OFBVarTxt192" => "fips_aesavs -f", +"OFBVarTxt256" => "fips_aesavs -f", + +# Triple DES tests + +"TCBCinvperm" => "fips_desmovs -f", +"TCBCMMT1" => "fips_desmovs -f", +"TCBCMMT2" => "fips_desmovs -f", +"TCBCMMT3" => "fips_desmovs -f", +"TCBCMonte1" => "fips_desmovs -f", +"TCBCMonte2" => "fips_desmovs -f", +"TCBCMonte3" => "fips_desmovs -f", +"TCBCpermop" => "fips_desmovs -f", +"TCBCsubtab" => "fips_desmovs -f", +"TCBCvarkey" => "fips_desmovs -f", +"TCBCvartext" => "fips_desmovs -f", +"TCFB64invperm" => "fips_desmovs -f", +"TCFB64MMT1" => "fips_desmovs -f", +"TCFB64MMT2" => "fips_desmovs -f", +"TCFB64MMT3" => "fips_desmovs -f", +"TCFB64Monte1" => "fips_desmovs -f", +"TCFB64Monte2" => "fips_desmovs -f", +"TCFB64Monte3" => "fips_desmovs -f", +"TCFB64permop" => "fips_desmovs -f", +"TCFB64subtab" => "fips_desmovs -f", +"TCFB64varkey" => "fips_desmovs -f", +"TCFB64vartext" => "fips_desmovs -f", +"TCFB8invperm" => "fips_desmovs -f", +"TCFB8MMT1" => "fips_desmovs -f", +"TCFB8MMT2" => "fips_desmovs -f", +"TCFB8MMT3" => "fips_desmovs -f", +"TCFB8Monte1" => "fips_desmovs -f", +"TCFB8Monte2" => "fips_desmovs -f", +"TCFB8Monte3" => "fips_desmovs -f", +"TCFB8permop" => "fips_desmovs -f", +"TCFB8subtab" => "fips_desmovs -f", +"TCFB8varkey" => "fips_desmovs -f", +"TCFB8vartext" => "fips_desmovs -f", +"TECBinvperm" => "fips_desmovs -f", +"TECBMMT1" => "fips_desmovs -f", +"TECBMMT2" => "fips_desmovs -f", +"TECBMMT3" => "fips_desmovs -f", +"TECBMonte1" => "fips_desmovs -f", +"TECBMonte2" => "fips_desmovs -f", +"TECBMonte3" => "fips_desmovs -f", +"TECBpermop" => "fips_desmovs -f", +"TECBsubtab" => "fips_desmovs -f", +"TECBvarkey" => "fips_desmovs -f", +"TECBvartext" => "fips_desmovs -f", +"TOFBinvperm" => "fips_desmovs -f", +"TOFBMMT1" => "fips_desmovs -f", +"TOFBMMT2" => "fips_desmovs -f", +"TOFBMMT3" => "fips_desmovs -f", +"TOFBMonte1" => "fips_desmovs -f", +"TOFBMonte2" => "fips_desmovs -f", +"TOFBMonte3" => "fips_desmovs -f", +"TOFBpermop" => "fips_desmovs -f", +"TOFBsubtab" => "fips_desmovs -f", +"TOFBvarkey" => "fips_desmovs -f", +"TOFBvartext" => "fips_desmovs -f", +"TCBCinvperm" => "fips_desmovs -f", +"TCBCMMT1" => "fips_desmovs -f", +"TCBCMMT2" => "fips_desmovs -f", +"TCBCMMT3" => "fips_desmovs -f", +"TCBCMonte1" => "fips_desmovs -f", +"TCBCMonte2" => "fips_desmovs -f", +"TCBCMonte3" => "fips_desmovs -f", +"TCBCpermop" => "fips_desmovs -f", +"TCBCsubtab" => "fips_desmovs -f", +"TCBCvarkey" => "fips_desmovs -f", +"TCBCvartext" => "fips_desmovs -f", +"TCFB64invperm" => "fips_desmovs -f", +"TCFB64MMT1" => "fips_desmovs -f", +"TCFB64MMT2" => "fips_desmovs -f", +"TCFB64MMT3" => "fips_desmovs -f", +"TCFB64Monte1" => "fips_desmovs -f", +"TCFB64Monte2" => "fips_desmovs -f", +"TCFB64Monte3" => "fips_desmovs -f", +"TCFB64permop" => "fips_desmovs -f", +"TCFB64subtab" => "fips_desmovs -f", +"TCFB64varkey" => "fips_desmovs -f", +"TCFB64vartext" => "fips_desmovs -f", +"TCFB8invperm" => "fips_desmovs -f", +"TCFB8MMT1" => "fips_desmovs -f", +"TCFB8MMT2" => "fips_desmovs -f", +"TCFB8MMT3" => "fips_desmovs -f", +"TCFB8Monte1" => "fips_desmovs -f", +"TCFB8Monte2" => "fips_desmovs -f", +"TCFB8Monte3" => "fips_desmovs -f", +"TCFB8permop" => "fips_desmovs -f", +"TCFB8subtab" => "fips_desmovs -f", +"TCFB8varkey" => "fips_desmovs -f", +"TCFB8vartext" => "fips_desmovs -f", +"TECBinvperm" => "fips_desmovs -f", +"TECBMMT1" => "fips_desmovs -f", +"TECBMMT2" => "fips_desmovs -f", +"TECBMMT3" => "fips_desmovs -f", +"TECBMonte1" => "fips_desmovs -f", +"TECBMonte2" => "fips_desmovs -f", +"TECBMonte3" => "fips_desmovs -f", +"TECBpermop" => "fips_desmovs -f", +"TECBsubtab" => "fips_desmovs -f", +"TECBvarkey" => "fips_desmovs -f", +"TECBvartext" => "fips_desmovs -f", +"TOFBinvperm" => "fips_desmovs -f", +"TOFBMMT1" => "fips_desmovs -f", +"TOFBMMT2" => "fips_desmovs -f", +"TOFBMMT3" => "fips_desmovs -f", +"TOFBMonte1" => "fips_desmovs -f", +"TOFBMonte2" => "fips_desmovs -f", +"TOFBMonte3" => "fips_desmovs -f", +"TOFBpermop" => "fips_desmovs -f", +"TOFBsubtab" => "fips_desmovs -f", +"TOFBvarkey" => "fips_desmovs -f", +"TOFBvartext" => "fips_desmovs -f" ); -my $lnum = 0; my $win32 = 0; my $onedir = 0; -my $ltdir = ""; +my $filter = ""; my $tvdir; -my $tvprefix; my $tprefix; my $shwrap_prefix; +my $debug = 0; +my $quiet = 0; foreach (@ARGV) { @@ -81,40 +279,41 @@ foreach (@ARGV) { $onedir = 1; } + elsif ($_ eq "--debug") + { + $debug = 1; + } + elsif ($_ eq "--quiet") + { + $quiet = 1; + } elsif (/--dir=(.*)$/) { $tvdir = $1; + # $tvdir .= "/" unless $tvdir =~ /\/$/; } elsif (/--tprefix=(.*)$/) { $tprefix = $1; } - elsif (/--tvprefix=(.*)$/) - { - $tvprefix = $1; - } elsif (/--shwrap_prefix=(.*)$/) { $shwrap_prefix = $1; } + elsif (/--filter=(.*)$/) + { + $filter = $1; + } elsif (/--outfile=(.*)$/) { $outfile = $1; } } -$tvdir = "testvectors" unless defined $tvdir; +$tvdir = "." unless defined $tvdir; if ($win32) { - if ($onedir) - { - $tvprefix = "" unless defined $tvprefix; - } - else - { - $tvprefix = "..\\fips-1.0\\" unless defined $tvprefix; - } $tprefix = ".\\" unless defined $tprefix; $outfile = "fipstests.bat" unless defined $outfile; open(OUT, ">$outfile"); @@ -130,7 +329,6 @@ END } else { - $tvprefix = "" unless defined $tvprefix; if ($onedir) { $tprefix = "./" unless defined $tprefix; @@ -154,40 +352,87 @@ else END } +my %fips_found; +foreach (keys %fips_tests) + { + $fips_found{$_} = 0; + } -foreach(@fips_tests) +recurse_test($win32, $tprefix, $filter, $tvdir); + +while (($key, $value) = each %fips_found) { - my ($tdir, $fprefix, $tcmd) = @$_; - $lnum++; - if ($tdir ne $ltdir) + if ($value == 0) + { + print STDERR "WARNING: test file $key not found\n" unless $quiet; + } + elsif ($value > 1) + { + print STDERR "WARNING: test file $key found $value times\n" unless $quiet; + } + else { - $ltdir = $tdir; - test_dir($win32, $ltdir); + print STDERR "Found test file $key\n" if $debug; } - test_line($win32, $tdir, $fprefix, $tcmd); + } + + +sub recurse_test + { + my ($win32, $tprefix, $filter, $dir) = @_; + my $dirh; + opendir($dirh, $dir); + while ($_ = readdir($dirh)) + { + next if ($_ eq "." || $_ eq ".."); + $_ = "$dir/$_"; + if (-f "$_") + { + next unless /$filter.*\.req$/i; + if (/\/([^\/]*)\.req$/ && exists $fips_tests{$1}) + { + $fips_found{$1}++; + test_line($win32, $_, $tprefix, $fips_tests{$1}); + } + else + { + print STDERR "WARNING: unrecognized filename $_\n"; + } + } + elsif (-d "$_") + { + if (/$filter.*req$/i) + { + test_dir($win32, $_); + } + recurse_test($win32, $tprefix, $filter, $_); + } + } + closedir($dirh); } sub test_dir { - my ($win32, $tdir) = @_; + my ($win32, $req) = @_; + my $rsp = $req; + $rsp =~ s/req$/rsp/; if ($win32) { - my $rsp = "$tvprefix$tvdir\\$tdir\\rsp"; + $rsp =~ tr|/|\\|; print OUT <) + if ($win32) { - if ($win32) - { - $_ =~ tr|/|\\|; - print OUT "$tprefix$tcmd $_\n"; - } - else - { - print OUT <) + { + if (/^\s*#\s*salt\s+len:\s+(\d+)\s+$/i) + { + my $sl = $1; + print STDERR "$req salt length $sl\n" if $debug; + $tcmd =~ s/SALT$/$sl/; + last; + } + } + close IN; + if ($tcmd =~ /SALT$/) + { + die "Can't detect salt length for $req"; + } + } + + my $rsp = $req; + $rsp =~ s/req\/([^\/]*).req$/rsp\/$1.rsp/; if ($win32) { - my $req = "$tvprefix$tvdir\\$tdir\\req\\$fprefix.req"; - my $rsp = "$tvprefix$tvdir\\$tdir\\rsp\\$fprefix.rsp"; - print OUT "$tprefix$tcmd < $req > $rsp\n"; + $req =~ tr|/|\\|; + $rsp =~ tr|/|\\|; + print OUT "$tprefix$tcmd < \"$req\" > \"$rsp\"\n"; } else { - my $req = "$tvdir/$tdir/req/$fprefix.req"; - my $rsp = "$tvdir/$tdir/rsp/$fprefix.rsp"; print OUT < $rsp || { echo $tcmd failure ; exit 1; } ; fi +${shwrap_prefix}shlib_wrap.sh $tprefix$tcmd < "$req" > "$rsp" || { echo "$req failure" ; exit 1; } END } } - +