]>
Commit | Line | Data |
---|---|---|
1 | #! /usr/bin/env perl | |
2 | # Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. | |
3 | # | |
4 | # Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | # this file except in compliance with the License. You can obtain a copy | |
6 | # in the file LICENSE in the source distribution or at | |
7 | # https://www.openssl.org/source/license.html | |
8 | ||
9 | use strict; | |
10 | use warnings; | |
11 | ||
12 | use File::Spec; | |
13 | use File::Copy; | |
14 | use OpenSSL::Glob; | |
15 | use OpenSSL::Test qw/:DEFAULT srctop_dir bldtop_dir bldtop_file/; | |
16 | use OpenSSL::Test::Utils; | |
17 | ||
18 | BEGIN { | |
19 | setup("test_fipsinstall"); | |
20 | } | |
21 | use lib srctop_dir('Configurations'); | |
22 | use lib bldtop_dir('.'); | |
23 | use platform; | |
24 | ||
25 | plan skip_all => "Test only supported in a fips build" if disabled("fips"); | |
26 | ||
27 | plan tests => 6; | |
28 | ||
29 | my $infile = bldtop_file('providers', platform->dso('fips')); | |
30 | $ENV{OPENSSL_MODULES} = bldtop_dir("providers"); | |
31 | ||
32 | #fail if no module name | |
33 | ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', | |
34 | '-provider_name', 'fips', | |
35 | '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', | |
36 | '-section_name', 'fips_install'])), | |
37 | "fipinstall fail"); | |
38 | ||
39 | # fail to Verify if the configuration file is missing | |
40 | ok(!run(app(['openssl', 'fipsinstall', '-in', 'dummy.tmp', '-module', $infile, | |
41 | '-provider_name', 'fips', '-mac_name', 'HMAC', | |
42 | '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', | |
43 | '-section_name', 'fips_install', '-verify'])), | |
44 | "fipinstall verify fail"); | |
45 | ||
46 | ||
47 | # output a fips.conf file containing mac data | |
48 | ok(run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile, | |
49 | '-provider_name', 'fips', '-mac_name', 'HMAC', | |
50 | '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', | |
51 | '-section_name', 'fips_install'])), | |
52 | "fipinstall"); | |
53 | ||
54 | # Verify the fips.conf file | |
55 | ok(run(app(['openssl', 'fipsinstall', '-in', 'fips.conf', '-module', $infile, | |
56 | '-provider_name', 'fips', '-mac_name', 'HMAC', | |
57 | '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', | |
58 | '-section_name', 'fips_install', '-verify'])), | |
59 | "fipinstall verify"); | |
60 | ||
61 | # Fail to Verify the fips.conf file if a different key is used | |
62 | ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.conf', '-module', $infile, | |
63 | '-provider_name', 'fips', '-mac_name', 'HMAC', | |
64 | '-macopt', 'digest:SHA256', '-macopt', 'hexkey:01', | |
65 | '-section_name', 'fips_install', '-verify'])), | |
66 | "fipinstall verify fail bad key"); | |
67 | ||
68 | # Fail to Verify the fips.conf file if a different mac digest is used | |
69 | ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.conf', '-module', $infile, | |
70 | '-provider_name', 'fips', '-mac_name', 'HMAC', | |
71 | '-macopt', 'digest:SHA512', '-macopt', 'hexkey:00', | |
72 | '-section_name', 'fips_install', '-verify'])), | |
73 | "fipinstall verify fail incorrect digest"); |