forked from wolfSSL/wolfssl
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathfips-check.sh
executable file
·140 lines (118 loc) · 3.62 KB
/
fips-check.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
#!/bin/bash
# fips-check.sh
# This script checks the current revision of the code against the
# previous release of the FIPS code. While wolfSSL and wolfCrypt
# may be advancing, they must work correctly with the last tested
# copy of our FIPS approved code.
#
# This should check out all the approved versions. The command line
# option selects the version.
#
# $ ./fips-check [version]
#
# - version: linux (default), ios, android, windows, freertos
#
function Usage() {
echo "Usage: $0 [platform]"
echo "Where \"platform\" is one of linux (default), ios, android, windows, freertos"
}
LINUX_FIPS_VERSION=v3.2.6
[email protected]:wolfSSL/fips.git
LINUX_CTAO_VERSION=v3.2.6
[email protected]:cyassl/cyassl.git
IOS_FIPS_VERSION=v3.4.8a
[email protected]:wolfSSL/fips.git
IOS_CTAO_VERSION=v3.4.8.fips
[email protected]:cyassl/cyassl.git
ANDROID_FIPS_VERSION=v3.5.0
[email protected]:wolfSSL/fips.git
ANDROID_CTAO_VERSION=v3.5.0
[email protected]:cyassl/cyassl.git
WINDOWS_FIPS_VERSION=v3.6.6
[email protected]:wolfSSL/fips.git
WINDOWS_CTAO_VERSION=v3.6.6
[email protected]:cyassl/cyassl.git
FREERTOS_FIPS_VERSION=v3.6.1-FreeRTOS
[email protected]:wolfSSL/fips.git
FREERTOS_CTAO_VERSION=v3.6.1
[email protected]:cyassl/cyassl.git
FIPS_SRCS=( fips.c fips_test.c )
WC_MODS=( aes des3 sha sha256 sha512 rsa hmac random )
TEST_DIR=XXX-fips-test
WC_INC_PATH=cyassl/ctaocrypt
WC_SRC_PATH=ctaocrypt/src
if [ "x$1" == "x" ]; then PLATFORM="linux"; else PLATFORM=$1; fi
case $PLATFORM in
ios)
FIPS_VERSION=$IOS_FIPS_VERSION
FIPS_REPO=$IOS_FIPS_REPO
CTAO_VERSION=$IOS_CTAO_VERSION
CTAO_REPO=$IOS_CTAO_REPO
;;
android)
FIPS_VERSION=$ANDROID_FIPS_VERSION
FIPS_REPO=$ANDROID_FIPS_REPO
CTAO_VERSION=$ANDROID_CTAO_VERSION
CTAO_REPO=$ANDROID_CTAO_REPO
;;
windows)
FIPS_VERSION=$WINDOWS_FIPS_VERSION
FIPS_REPO=$WINDOWS_FIPS_REPO
CTAO_VERSION=$WINDOWS_CTAO_VERSION
CTAO_REPO=$WINDOWS_CTAO_REPO
;;
freertos)
FIPS_VERSION=$FREERTOS_FIPS_VERSION
FIPS_REPO=$FREERTOS_FIPS_REPO
CTAO_VERSION=$FREERTOS_CTAO_VERSION
CTAO_REPO=$FREERTOS_CTAO_REPO
;;
linux)
FIPS_VERSION=$LINUX_FIPS_VERSION
FIPS_REPO=$LINUX_FIPS_REPO
CTAO_VERSION=$LINUX_CTAO_VERSION
CTAO_REPO=$LINUX_CTAO_REPO
;;
*)
Usage
exit 1
esac
git clone . $TEST_DIR
[ $? -ne 0 ] && echo "\n\nCouldn't duplicate current working directory.\n\n" && exit 1
pushd $TEST_DIR
# make a clone of the last FIPS release tag
git clone -b $CTAO_VERSION $CTAO_REPO old-tree
[ $? -ne 0 ] && echo "\n\nCouldn't checkout the FIPS release.\n\n" && exit 1
for MOD in ${WC_MODS[@]}
do
cp old-tree/$WC_SRC_PATH/${MOD}.c $WC_SRC_PATH
cp old-tree/$WC_INC_PATH/${MOD}.h $WC_INC_PATH
done
# The following is temporary. We are using random.c from a separate release
pushd old-tree
git checkout v3.6.0
popd
cp old-tree/$WC_SRC_PATH/random.c $WC_SRC_PATH
cp old-tree/$WC_INC_PATH/random.h $WC_INC_PATH
# clone the FIPS repository
git clone -b $FIPS_VERSION $FIPS_REPO fips
[ $? -ne 0 ] && echo "\n\nCouldn't checkout the FIPS repository.\n\n" && exit 1
for SRC in ${FIPS_SRCS[@]}
do
cp fips/$SRC $WC_SRC_PATH
done
# run the make test
./autogen.sh
./configure --enable-fips
make
[ $? -ne 0 ] && echo "\n\nMake failed. Debris left for analysis." && exit 1
NEWHASH=`./wolfcrypt/test/testwolfcrypt | sed -n 's/hash = \(.*\)/\1/p'`
if [ -n "$NEWHASH" ]; then
sed -i.bak "s/^\".*\";/\"${NEWHASH}\";/" $WC_SRC_PATH/fips_test.c
make clean
fi
make test
[ $? -ne 0 ] && echo "\n\nTest failed. Debris left for analysis." && exit 1
# Clean up
popd
rm -rf $TEST_DIR