]>
Commit | Line | Data |
---|---|---|
95214b43 SL |
1 | #! /usr/bin/env perl |
2 | # Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. | |
3 | # | |
4 | # Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | # this file except in compliance with the License. You can obtain a copy | |
6 | # in the file LICENSE in the source distribution or at | |
7 | # https://www.openssl.org/source/license.html | |
8 | ||
9 | use strict; | |
10 | use warnings; | |
11 | ||
12 | use File::Spec; | |
13 | use File::Copy; | |
14 | use OpenSSL::Glob; | |
15 | use OpenSSL::Test qw/:DEFAULT srctop_dir bldtop_dir bldtop_file/; | |
16 | use OpenSSL::Test::Utils; | |
17 | ||
18 | BEGIN { | |
19 | setup("test_fipsinstall"); | |
20 | } | |
21 | use lib srctop_dir('Configurations'); | |
22 | use lib bldtop_dir('.'); | |
23 | use platform; | |
24 | ||
25 | plan skip_all => "Test only supported in a fips build" if disabled("fips"); | |
26 | ||
980a880e | 27 | plan tests => 10; |
95214b43 SL |
28 | |
29 | my $infile = bldtop_file('providers', platform->dso('fips')); | |
30 | $ENV{OPENSSL_MODULES} = bldtop_dir("providers"); | |
31 | ||
be3acd79 | 32 | # fail if no module name |
95214b43 SL |
33 | ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', |
34 | '-provider_name', 'fips', | |
35 | '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', | |
36 | '-section_name', 'fips_install'])), | |
be3acd79 | 37 | "fipsinstall fail"); |
95214b43 | 38 | |
be3acd79 | 39 | # fail to verify if the configuration file is missing |
95214b43 SL |
40 | ok(!run(app(['openssl', 'fipsinstall', '-in', 'dummy.tmp', '-module', $infile, |
41 | '-provider_name', 'fips', '-mac_name', 'HMAC', | |
42 | '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', | |
43 | '-section_name', 'fips_install', '-verify'])), | |
be3acd79 | 44 | "fipsinstall verify fail"); |
95214b43 SL |
45 | |
46 | ||
47 | # output a fips.conf file containing mac data | |
48 | ok(run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile, | |
49 | '-provider_name', 'fips', '-mac_name', 'HMAC', | |
50 | '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', | |
51 | '-section_name', 'fips_install'])), | |
be3acd79 | 52 | "fipsinstall"); |
95214b43 | 53 | |
be3acd79 | 54 | # verify the fips.conf file |
95214b43 SL |
55 | ok(run(app(['openssl', 'fipsinstall', '-in', 'fips.conf', '-module', $infile, |
56 | '-provider_name', 'fips', '-mac_name', 'HMAC', | |
57 | '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', | |
58 | '-section_name', 'fips_install', '-verify'])), | |
be3acd79 | 59 | "fipsinstall verify"); |
95214b43 | 60 | |
be3acd79 | 61 | # fail to verify the fips.conf file if a different key is used |
95214b43 SL |
62 | ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.conf', '-module', $infile, |
63 | '-provider_name', 'fips', '-mac_name', 'HMAC', | |
64 | '-macopt', 'digest:SHA256', '-macopt', 'hexkey:01', | |
65 | '-section_name', 'fips_install', '-verify'])), | |
be3acd79 | 66 | "fipsinstall verify fail bad key"); |
95214b43 | 67 | |
be3acd79 | 68 | # fail to verify the fips.conf file if a different mac digest is used |
95214b43 SL |
69 | ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.conf', '-module', $infile, |
70 | '-provider_name', 'fips', '-mac_name', 'HMAC', | |
71 | '-macopt', 'digest:SHA512', '-macopt', 'hexkey:00', | |
72 | '-section_name', 'fips_install', '-verify'])), | |
be3acd79 | 73 | "fipsinstall verify fail incorrect digest"); |
36fc5fc6 SL |
74 | |
75 | # corrupt the module hmac | |
76 | ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile, | |
77 | '-provider_name', 'fips', '-mac_name', 'HMAC', | |
78 | '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', | |
79 | '-section_name', 'fips_install', '-corrupt_desc', 'HMAC'])), | |
80 | "fipsinstall fails when the module integrity is corrupted"); | |
81 | ||
82 | # corrupt the first digest | |
83 | ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile, | |
84 | '-provider_name', 'fips', '-mac_name', 'HMAC', | |
85 | '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', | |
86 | '-section_name', 'fips_install', '-corrupt_desc', 'SHA1'])), | |
87 | "fipsinstall fails when the digest result is corrupted"); | |
88 | ||
89 | # corrupt another digest | |
90 | ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile, | |
91 | '-provider_name', 'fips', '-mac_name', 'HMAC', | |
92 | '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', | |
93 | '-section_name', 'fips_install', '-corrupt_desc', 'SHA3'])), | |
94 | "fipsinstall fails when the digest result is corrupted"); | |
980a880e SL |
95 | |
96 | # corrupt DRBG | |
97 | ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile, | |
98 | '-provider_name', 'fips', '-mac_name', 'HMAC', | |
99 | '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', | |
100 | '-section_name', 'fips_install', '-corrupt_desc', 'CTR'])), | |
101 | "fipsinstall fails when the DRBG CTR result is corrupted"); |