Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
back out FIPS changes
  • Loading branch information
rjrelyea committed Sep 5, 2015
1 parent ec5e761 commit 48ffc84
Show file tree
Hide file tree
Showing 58 changed files with 3,732 additions and 5,747 deletions.
2 changes: 1 addition & 1 deletion cmd/bltest/blapitest.c
Expand Up @@ -3610,7 +3610,7 @@ int main(int argc, char **argv)

/* Do FIPS self-test */
if (bltest.commands[cmd_FIPS].activated) {
CK_RV ckrv = sftk_FIPSEntryOK();
CK_RV ckrv = sftk_fipsPowerUpSelfTest();
fprintf(stdout, "CK_RV: %ld.\n", ckrv);
PORT_Free(cipherInfo);
if (ckrv == CKR_OK)
Expand Down
40 changes: 13 additions & 27 deletions cmd/fipstest/aes.sh
@@ -1,9 +1,8 @@
#!/bin/sh
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#

#
# A Bourne shell script for running the NIST AES Algorithm Validation Suite
#
Expand All @@ -13,12 +12,6 @@
# directory where the REQUEST (.req) files reside. The script generates the
# RESPONSE (.rsp) files in the same directory.

BASEDIR=${1-.}
TESTDIR=${BASEDIR}/AES
COMMAND=${2-run}
REQDIR=${TESTDIR}/req
RSPDIR=${TESTDIR}/resp

cbc_kat_requests="
CBCGFSbox128.req
CBCGFSbox192.req
Expand Down Expand Up @@ -73,40 +66,33 @@ ECBMMT192.req
ECBMMT256.req
"

if [ ${COMMAND} = "verify" ]; then
for request in $cbc_kat_requests $cbc_mct_requests $cbc_mmt_requests $ecb_kat_requests $ecb_mct_requests $ecb_mmt_requests; do
sh ./validate1.sh ${TESTDIR} $request
done
exit 0
fi

for request in $cbc_kat_requests; do
for request in $ecb_kat_requests; do
response=`echo $request | sed -e "s/req/rsp/"`
echo $request $response
fipstest aes kat cbc ${REQDIR}/$request > ${RSPDIR}/$response
fipstest aes kat ecb $request > $response
done
for request in $cbc_mct_requests; do
for request in $ecb_mmt_requests; do
response=`echo $request | sed -e "s/req/rsp/"`
echo $request $response
fipstest aes mct cbc ${REQDIR}/$request > ${RSPDIR}/$response
fipstest aes mmt ecb $request > $response
done
for request in $cbc_mmt_requests; do
for request in $ecb_mct_requests; do
response=`echo $request | sed -e "s/req/rsp/"`
echo $request $response
fipstest aes mmt cbc ${REQDIR}/$request > ${RSPDIR}/$response
fipstest aes mct ecb $request > $response
done
for request in $ecb_kat_requests; do
for request in $cbc_kat_requests; do
response=`echo $request | sed -e "s/req/rsp/"`
echo $request $response
fipstest aes kat ecb ${REQDIR}/$request > ${RSPDIR}/$response
fipstest aes kat cbc $request > $response
done
for request in $ecb_mct_requests; do
for request in $cbc_mmt_requests; do
response=`echo $request | sed -e "s/req/rsp/"`
echo $request $response
fipstest aes mct ecb ${REQDIR}/$request > ${RSPDIR}/$response
fipstest aes mmt cbc $request > $response
done
for request in $ecb_mmt_requests; do
for request in $cbc_mct_requests; do
response=`echo $request | sed -e "s/req/rsp/"`
echo $request $response
fipstest aes mmt ecb ${REQDIR}/$request > ${RSPDIR}/$response
fipstest aes mct cbc $request > $response
done
67 changes: 0 additions & 67 deletions cmd/fipstest/aesgcm.sh

This file was deleted.

47 changes: 7 additions & 40 deletions cmd/fipstest/dsa.sh
@@ -1,8 +1,8 @@
#!/bin/sh
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

#
# A Bourne shell script for running the NIST DSA Validation System
#
Expand All @@ -11,61 +11,28 @@
# shared libraries/DLLs are on the search path. Then run this script in the
# directory where the REQUEST (.req) files reside. The script generates the
# RESPONSE (.rsp) files in the same directory.
BASEDIR=${1-.}
TESTDIR=${BASEDIR}/DSA2
COMMAND=${2-run}
REQDIR=${TESTDIR}/req
RSPDIR=${TESTDIR}/resp


#
# several of the DSA tests do use known answer tests to verify the result.
# in those cases, feed generated tests back into the fipstest tool and
# see if we can verify those value. NOTE: th PQGVer and SigVer tests verify
# the dsa pqgver and dsa sigver functions, so we know they can detect errors
# in those PQGGen and SigGen. Only the KeyPair verify is potentially circular.
#
if [ ${COMMAND} = "verify" ]; then
# verify generated keys
name=KeyPair
echo ">>>>> $name"
fipstest dsa keyver ${RSPDIR}/$name.rsp | grep ^Result.=.F
# verify generated pqg values
name=PQGGen
echo ">>>>> $name"
fipstest dsa pqgver ${RSPDIR}/$name.rsp | grep ^Result.=.F
# verify PQGVer with known answer
# sh ./validate1.sh ${TESTDIR} PQGVer.req ' ' '-e /^Result.=.F/s;.(.*);; -e /^Result.=.P/s;.(.*);;'
# verify signatures
name=SigGen
echo ">>>>> $name"
fipstest dsa sigver ${RSPDIR}/$name.rsp | grep ^Result.=.F
# verify SigVer with known answer
sh ./validate1.sh ${TESTDIR} SigVer.req ' ' '-e /^X.=/d -e /^Result.=.F/s;.(.*);;'
exit 0
fi

request=KeyPair.req
response=`echo $request | sed -e "s/req/rsp/"`
echo $request $response
fipstest dsa keypair ${REQDIR}/$request > ${RSPDIR}/$response
fipstest dsa keypair $request > $response

request=PQGGen.req
response=`echo $request | sed -e "s/req/rsp/"`
echo $request $response
fipstest dsa pqggen ${REQDIR}/$request > ${RSPDIR}/$response
fipstest dsa pqggen $request > $response

request=PQGVer1863.req
request=PQGVer.req
response=`echo $request | sed -e "s/req/rsp/"`
echo $request $response
fipstest dsa pqgver ${REQDIR}/$request > ${RSPDIR}/$response
fipstest dsa pqgver $request > $response

request=SigGen.req
response=`echo $request | sed -e "s/req/rsp/"`
echo $request $response
fipstest dsa siggen ${REQDIR}/$request > ${RSPDIR}/$response
fipstest dsa siggen $request > $response

request=SigVer.req
response=`echo $request | sed -e "s/req/rsp/"`
echo $request $response
fipstest dsa sigver ${REQDIR}/$request > ${RSPDIR}/$response
fipstest dsa sigver $request > $response
37 changes: 5 additions & 32 deletions cmd/fipstest/ecdsa.sh
@@ -1,8 +1,8 @@
#!/bin/sh
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

#
# A Bourne shell script for running the NIST ECDSA Validation System
#
Expand All @@ -11,50 +11,23 @@
# shared libraries/DLLs are on the search path. Then run this script in the
# directory where the REQUEST (.req) files reside. The script generates the
# RESPONSE (.rsp) files in the same directory.
BASEDIR=${1-.}
TESTDIR=${BASEDIR}/ECDSA2
COMMAND=${2-run}
REQDIR=${TESTDIR}/req
RSPDIR=${TESTDIR}/resp

#
# several of the ECDSA tests do not use known answer tests to verify the result.
# In those cases, feed generated tests back into the fipstest tool and
# see if we can verify those value. NOTE: PQGVer and SigVer tests verify
# the dsa pqgver and dsa sigver functions, so we know they can detect errors
# in those PQGGen and SigGen. Only the KeyPair verify is potentially circular.
#
if [ ${COMMAND} = "verify" ]; then
# verify generated keys
name=KeyPair
echo ">>>>> $name"
fipstest ecdsa keyver ${RSPDIR}/$name.rsp | grep ^Result.=.F
sh ./validate1.sh ${TESTDIR} PKV.req ' ' '-e /^X.=/d -e /^Result.=.F/s;.(.*);; -e /^Result.=.P/s;.(.*);;'
# verify signatures
name=SigGen
echo ">>>>> $name"
fipstest ecdsa sigver ${RSPDIR}/$name.rsp | grep ^Result.=.F
# verify SigVer with known answer
sh ./validate1.sh ${TESTDIR} SigVer.req ' ' '-e /^X.=/d -e /^Result.=.F/s;.(.*);; -e /^Result.=.P/s;.(.*);;'
exit 0
fi

request=KeyPair.req
response=`echo $request | sed -e "s/req/rsp/"`
echo $request $response
fipstest ecdsa keypair ${REQDIR}/$request > ${RSPDIR}/$response
fipstest ecdsa keypair $request > $response

request=PKV.req
response=`echo $request | sed -e "s/req/rsp/"`
echo $request $response
fipstest ecdsa pkv ${REQDIR}/$request > ${RSPDIR}/$response
fipstest ecdsa pkv $request > $response

request=SigGen.req
response=`echo $request | sed -e "s/req/rsp/"`
echo $request $response
fipstest ecdsa siggen ${REQDIR}/$request > ${RSPDIR}/$response
fipstest ecdsa siggen $request > $response

request=SigVer.req
response=`echo $request | sed -e "s/req/rsp/"`
echo $request $response
fipstest ecdsa sigver ${REQDIR}/$request > ${RSPDIR}/$response
fipstest ecdsa sigver $request > $response

0 comments on commit 48ffc84

Please sign in to comment.