wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/test/recipes/03-test_fipsinstall.t
Shane Lontis 95214b434f Add app for fips installation 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9634)
2019-08-24 18:56:34 +10:00

73 lines
2.8 KiB
Perl
Raw Permalink Blame History

#! /usr/bin/env perl
# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
use strict;
use warnings;
use File::Spec;
use File::Copy;
use OpenSSL::Glob;
use OpenSSL::Test qw/:DEFAULT srctop_dir bldtop_dir bldtop_file/;
use OpenSSL::Test::Utils;
BEGIN {
setup("test_fipsinstall");
}
use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
use platform;
plan skip_all => "Test only supported in a fips build" if disabled("fips");
plan tests => 6;
my $infile = bldtop_file('providers', platform->dso('fips'));
$ENV{OPENSSL_MODULES} = bldtop_dir("providers");
#fail if no module name
ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module',
'-provider_name', 'fips',
'-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
'-section_name', 'fips_install'])),
"fipinstall fail");
# fail to Verify if the configuration file is missing
ok(!run(app(['openssl', 'fipsinstall', '-in', 'dummy.tmp', '-module', $infile,
'-provider_name', 'fips', '-mac_name', 'HMAC',
'-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
'-section_name', 'fips_install', '-verify'])),
"fipinstall verify fail");
# output a fips.conf file containing mac data
ok(run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile,
'-provider_name', 'fips', '-mac_name', 'HMAC',
'-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
'-section_name', 'fips_install'])),
"fipinstall");
# Verify the fips.conf file
ok(run(app(['openssl', 'fipsinstall', '-in', 'fips.conf', '-module', $infile,
'-provider_name', 'fips', '-mac_name', 'HMAC',
'-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
'-section_name', 'fips_install', '-verify'])),
"fipinstall verify");
# Fail to Verify the fips.conf file if a different key is used
ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.conf', '-module', $infile,
'-provider_name', 'fips', '-mac_name', 'HMAC',
'-macopt', 'digest:SHA256', '-macopt', 'hexkey:01',
'-section_name', 'fips_install', '-verify'])),
"fipinstall verify fail bad key");
# Fail to Verify the fips.conf file if a different mac digest is used
ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.conf', '-module', $infile,
'-provider_name', 'fips', '-mac_name', 'HMAC',
'-macopt', 'digest:SHA512', '-macopt', 'hexkey:00',
'-section_name', 'fips_install', '-verify'])),
"fipinstall verify fail incorrect digest");
Reference in a new issue View git blame Copy permalink