aboutsummaryrefslogtreecommitdiff
path: root/openssl/fips/fipsalgtest.pl
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/fips/fipsalgtest.pl')
-rw-r--r--openssl/fips/fipsalgtest.pl848
1 files changed, 848 insertions, 0 deletions
diff --git a/openssl/fips/fipsalgtest.pl b/openssl/fips/fipsalgtest.pl
new file mode 100644
index 000000000..44a5ccac7
--- /dev/null
+++ b/openssl/fips/fipsalgtest.pl
@@ -0,0 +1,848 @@
+#!/usr/bin/perl -w
+# Perl utility to run or verify FIPS 140-2 CMVP algorithm tests based on the
+# pathnames of input algorithm test files actually present (the unqualified
+# file names are consistent but the pathnames are not).
+#
+
+# FIPS test definitions
+# List of all the unqualified file names we expect and command lines to run
+
+# DSA tests
+my @fips_dsa_test_list = (
+
+ "DSA",
+
+ [ "PQGGen", "fips_dssvs pqg" ],
+ [ "KeyPair", "fips_dssvs keypair" ],
+ [ "SigGen", "fips_dssvs siggen" ],
+ [ "SigVer", "fips_dssvs sigver" ]
+
+);
+
+# RSA tests
+
+my @fips_rsa_test_list = (
+
+ "RSA",
+
+ [ "SigGen15", "fips_rsastest" ],
+ [ "SigVer15", "fips_rsavtest" ],
+ [ "SigVerRSA", "fips_rsavtest -x931" ],
+ [ "KeyGenRSA", "fips_rsagtest" ],
+ [ "SigGenRSA", "fips_rsastest -x931" ]
+
+);
+
+# Special cases for PSS. The filename itself is
+# not sufficient to determine the test. Addditionally we
+# need to examine the file contents to determine the salt length
+# In these cases the test filename has (saltlen) appended.
+
+# RSA PSS salt length 0 tests
+
+my @fips_rsa_pss0_test_list = (
+
+ [ "SigGenPSS(0)", "fips_rsastest -saltlen 0" ],
+ [ "SigVerPSS(0)", "fips_rsavtest -saltlen 0" ]
+
+);
+
+# RSA PSS salt length 62 tests
+
+my @fips_rsa_pss62_test_list = (
+ [ "SigGenPSS(62)", "fips_rsastest -saltlen 62" ],
+ [ "SigVerPSS(62)", "fips_rsavtest -saltlen 62" ]
+
+);
+
+# SHA tests
+
+my @fips_sha_test_list = (
+
+ "SHA",
+
+ [ "SHA1LongMsg", "fips_shatest" ],
+ [ "SHA1Monte", "fips_shatest" ],
+ [ "SHA1ShortMsg", "fips_shatest" ],
+ [ "SHA224LongMsg", "fips_shatest" ],
+ [ "SHA224Monte", "fips_shatest" ],
+ [ "SHA224ShortMsg", "fips_shatest" ],
+ [ "SHA256LongMsg", "fips_shatest" ],
+ [ "SHA256Monte", "fips_shatest" ],
+ [ "SHA256ShortMsg", "fips_shatest" ],
+ [ "SHA384LongMsg", "fips_shatest" ],
+ [ "SHA384Monte", "fips_shatest" ],
+ [ "SHA384ShortMsg", "fips_shatest" ],
+ [ "SHA512LongMsg", "fips_shatest" ],
+ [ "SHA512Monte", "fips_shatest" ],
+ [ "SHA512ShortMsg", "fips_shatest" ]
+
+);
+
+# HMAC
+
+my @fips_hmac_test_list = (
+
+ "HMAC",
+
+ [ "HMAC", "fips_hmactest" ]
+
+);
+
+# RAND tests, AES version
+
+my @fips_rand_aes_test_list = (
+
+ "RAND (AES)",
+
+ [ "ANSI931_AES128MCT", "fips_rngvs mct" ],
+ [ "ANSI931_AES192MCT", "fips_rngvs mct" ],
+ [ "ANSI931_AES256MCT", "fips_rngvs mct" ],
+ [ "ANSI931_AES128VST", "fips_rngvs vst" ],
+ [ "ANSI931_AES192VST", "fips_rngvs vst" ],
+ [ "ANSI931_AES256VST", "fips_rngvs vst" ]
+
+);
+
+# RAND tests, DES2 version
+
+my @fips_rand_des2_test_list = (
+
+ "RAND (DES2)",
+
+ [ "ANSI931_TDES2MCT", "fips_rngvs mct" ],
+ [ "ANSI931_TDES2VST", "fips_rngvs vst" ]
+
+);
+
+# AES tests
+
+my @fips_aes_test_list = (
+
+ "AES",
+
+ [ "CBCGFSbox128", "fips_aesavs -f" ],
+ [ "CBCGFSbox192", "fips_aesavs -f" ],
+ [ "CBCGFSbox256", "fips_aesavs -f" ],
+ [ "CBCKeySbox128", "fips_aesavs -f" ],
+ [ "CBCKeySbox192", "fips_aesavs -f" ],
+ [ "CBCKeySbox256", "fips_aesavs -f" ],
+ [ "CBCMCT128", "fips_aesavs -f" ],
+ [ "CBCMCT192", "fips_aesavs -f" ],
+ [ "CBCMCT256", "fips_aesavs -f" ],
+ [ "CBCMMT128", "fips_aesavs -f" ],
+ [ "CBCMMT192", "fips_aesavs -f" ],
+ [ "CBCMMT256", "fips_aesavs -f" ],
+ [ "CBCVarKey128", "fips_aesavs -f" ],
+ [ "CBCVarKey192", "fips_aesavs -f" ],
+ [ "CBCVarKey256", "fips_aesavs -f" ],
+ [ "CBCVarTxt128", "fips_aesavs -f" ],
+ [ "CBCVarTxt192", "fips_aesavs -f" ],
+ [ "CBCVarTxt256", "fips_aesavs -f" ],
+ [ "CFB128GFSbox128", "fips_aesavs -f" ],
+ [ "CFB128GFSbox192", "fips_aesavs -f" ],
+ [ "CFB128GFSbox256", "fips_aesavs -f" ],
+ [ "CFB128KeySbox128", "fips_aesavs -f" ],
+ [ "CFB128KeySbox192", "fips_aesavs -f" ],
+ [ "CFB128KeySbox256", "fips_aesavs -f" ],
+ [ "CFB128MCT128", "fips_aesavs -f" ],
+ [ "CFB128MCT192", "fips_aesavs -f" ],
+ [ "CFB128MCT256", "fips_aesavs -f" ],
+ [ "CFB128MMT128", "fips_aesavs -f" ],
+ [ "CFB128MMT192", "fips_aesavs -f" ],
+ [ "CFB128MMT256", "fips_aesavs -f" ],
+ [ "CFB128VarKey128", "fips_aesavs -f" ],
+ [ "CFB128VarKey192", "fips_aesavs -f" ],
+ [ "CFB128VarKey256", "fips_aesavs -f" ],
+ [ "CFB128VarTxt128", "fips_aesavs -f" ],
+ [ "CFB128VarTxt192", "fips_aesavs -f" ],
+ [ "CFB128VarTxt256", "fips_aesavs -f" ],
+ [ "CFB8GFSbox128", "fips_aesavs -f" ],
+ [ "CFB8GFSbox192", "fips_aesavs -f" ],
+ [ "CFB8GFSbox256", "fips_aesavs -f" ],
+ [ "CFB8KeySbox128", "fips_aesavs -f" ],
+ [ "CFB8KeySbox192", "fips_aesavs -f" ],
+ [ "CFB8KeySbox256", "fips_aesavs -f" ],
+ [ "CFB8MCT128", "fips_aesavs -f" ],
+ [ "CFB8MCT192", "fips_aesavs -f" ],
+ [ "CFB8MCT256", "fips_aesavs -f" ],
+ [ "CFB8MMT128", "fips_aesavs -f" ],
+ [ "CFB8MMT192", "fips_aesavs -f" ],
+ [ "CFB8MMT256", "fips_aesavs -f" ],
+ [ "CFB8VarKey128", "fips_aesavs -f" ],
+ [ "CFB8VarKey192", "fips_aesavs -f" ],
+ [ "CFB8VarKey256", "fips_aesavs -f" ],
+ [ "CFB8VarTxt128", "fips_aesavs -f" ],
+ [ "CFB8VarTxt192", "fips_aesavs -f" ],
+ [ "CFB8VarTxt256", "fips_aesavs -f" ],
+
+ [ "ECBGFSbox128", "fips_aesavs -f" ],
+ [ "ECBGFSbox192", "fips_aesavs -f" ],
+ [ "ECBGFSbox256", "fips_aesavs -f" ],
+ [ "ECBKeySbox128", "fips_aesavs -f" ],
+ [ "ECBKeySbox192", "fips_aesavs -f" ],
+ [ "ECBKeySbox256", "fips_aesavs -f" ],
+ [ "ECBMCT128", "fips_aesavs -f" ],
+ [ "ECBMCT192", "fips_aesavs -f" ],
+ [ "ECBMCT256", "fips_aesavs -f" ],
+ [ "ECBMMT128", "fips_aesavs -f" ],
+ [ "ECBMMT192", "fips_aesavs -f" ],
+ [ "ECBMMT256", "fips_aesavs -f" ],
+ [ "ECBVarKey128", "fips_aesavs -f" ],
+ [ "ECBVarKey192", "fips_aesavs -f" ],
+ [ "ECBVarKey256", "fips_aesavs -f" ],
+ [ "ECBVarTxt128", "fips_aesavs -f" ],
+ [ "ECBVarTxt192", "fips_aesavs -f" ],
+ [ "ECBVarTxt256", "fips_aesavs -f" ],
+ [ "OFBGFSbox128", "fips_aesavs -f" ],
+ [ "OFBGFSbox192", "fips_aesavs -f" ],
+ [ "OFBGFSbox256", "fips_aesavs -f" ],
+ [ "OFBKeySbox128", "fips_aesavs -f" ],
+ [ "OFBKeySbox192", "fips_aesavs -f" ],
+ [ "OFBKeySbox256", "fips_aesavs -f" ],
+ [ "OFBMCT128", "fips_aesavs -f" ],
+ [ "OFBMCT192", "fips_aesavs -f" ],
+ [ "OFBMCT256", "fips_aesavs -f" ],
+ [ "OFBMMT128", "fips_aesavs -f" ],
+ [ "OFBMMT192", "fips_aesavs -f" ],
+ [ "OFBMMT256", "fips_aesavs -f" ],
+ [ "OFBVarKey128", "fips_aesavs -f" ],
+ [ "OFBVarKey192", "fips_aesavs -f" ],
+ [ "OFBVarKey256", "fips_aesavs -f" ],
+ [ "OFBVarTxt128", "fips_aesavs -f" ],
+ [ "OFBVarTxt192", "fips_aesavs -f" ],
+ [ "OFBVarTxt256", "fips_aesavs -f" ]
+
+);
+
+my @fips_aes_cfb1_test_list = (
+
+ # AES CFB1 tests
+
+ [ "CFB1GFSbox128", "fips_aesavs -f" ],
+ [ "CFB1GFSbox192", "fips_aesavs -f" ],
+ [ "CFB1GFSbox256", "fips_aesavs -f" ],
+ [ "CFB1KeySbox128", "fips_aesavs -f" ],
+ [ "CFB1KeySbox192", "fips_aesavs -f" ],
+ [ "CFB1KeySbox256", "fips_aesavs -f" ],
+ [ "CFB1MCT128", "fips_aesavs -f" ],
+ [ "CFB1MCT192", "fips_aesavs -f" ],
+ [ "CFB1MCT256", "fips_aesavs -f" ],
+ [ "CFB1MMT128", "fips_aesavs -f" ],
+ [ "CFB1MMT192", "fips_aesavs -f" ],
+ [ "CFB1MMT256", "fips_aesavs -f" ],
+ [ "CFB1VarKey128", "fips_aesavs -f" ],
+ [ "CFB1VarKey192", "fips_aesavs -f" ],
+ [ "CFB1VarKey256", "fips_aesavs -f" ],
+ [ "CFB1VarTxt128", "fips_aesavs -f" ],
+ [ "CFB1VarTxt192", "fips_aesavs -f" ],
+ [ "CFB1VarTxt256", "fips_aesavs -f" ]
+
+);
+
+# Triple DES tests
+
+my @fips_des3_test_list = (
+
+ "Triple DES",
+
+ [ "TCBCinvperm", "fips_desmovs -f" ],
+ [ "TCBCMMT1", "fips_desmovs -f" ],
+ [ "TCBCMMT2", "fips_desmovs -f" ],
+ [ "TCBCMMT3", "fips_desmovs -f" ],
+ [ "TCBCMonte1", "fips_desmovs -f" ],
+ [ "TCBCMonte2", "fips_desmovs -f" ],
+ [ "TCBCMonte3", "fips_desmovs -f" ],
+ [ "TCBCpermop", "fips_desmovs -f" ],
+ [ "TCBCsubtab", "fips_desmovs -f" ],
+ [ "TCBCvarkey", "fips_desmovs -f" ],
+ [ "TCBCvartext", "fips_desmovs -f" ],
+ [ "TCFB64invperm", "fips_desmovs -f" ],
+ [ "TCFB64MMT1", "fips_desmovs -f" ],
+ [ "TCFB64MMT2", "fips_desmovs -f" ],
+ [ "TCFB64MMT3", "fips_desmovs -f" ],
+ [ "TCFB64Monte1", "fips_desmovs -f" ],
+ [ "TCFB64Monte2", "fips_desmovs -f" ],
+ [ "TCFB64Monte3", "fips_desmovs -f" ],
+ [ "TCFB64permop", "fips_desmovs -f" ],
+ [ "TCFB64subtab", "fips_desmovs -f" ],
+ [ "TCFB64varkey", "fips_desmovs -f" ],
+ [ "TCFB64vartext", "fips_desmovs -f" ],
+ [ "TCFB8invperm", "fips_desmovs -f" ],
+ [ "TCFB8MMT1", "fips_desmovs -f" ],
+ [ "TCFB8MMT2", "fips_desmovs -f" ],
+ [ "TCFB8MMT3", "fips_desmovs -f" ],
+ [ "TCFB8Monte1", "fips_desmovs -f" ],
+ [ "TCFB8Monte2", "fips_desmovs -f" ],
+ [ "TCFB8Monte3", "fips_desmovs -f" ],
+ [ "TCFB8permop", "fips_desmovs -f" ],
+ [ "TCFB8subtab", "fips_desmovs -f" ],
+ [ "TCFB8varkey", "fips_desmovs -f" ],
+ [ "TCFB8vartext", "fips_desmovs -f" ],
+ [ "TECBinvperm", "fips_desmovs -f" ],
+ [ "TECBMMT1", "fips_desmovs -f" ],
+ [ "TECBMMT2", "fips_desmovs -f" ],
+ [ "TECBMMT3", "fips_desmovs -f" ],
+ [ "TECBMonte1", "fips_desmovs -f" ],
+ [ "TECBMonte2", "fips_desmovs -f" ],
+ [ "TECBMonte3", "fips_desmovs -f" ],
+ [ "TECBpermop", "fips_desmovs -f" ],
+ [ "TECBsubtab", "fips_desmovs -f" ],
+ [ "TECBvarkey", "fips_desmovs -f" ],
+ [ "TECBvartext", "fips_desmovs -f" ],
+ [ "TOFBinvperm", "fips_desmovs -f" ],
+ [ "TOFBMMT1", "fips_desmovs -f" ],
+ [ "TOFBMMT2", "fips_desmovs -f" ],
+ [ "TOFBMMT3", "fips_desmovs -f" ],
+ [ "TOFBMonte1", "fips_desmovs -f" ],
+ [ "TOFBMonte2", "fips_desmovs -f" ],
+ [ "TOFBMonte3", "fips_desmovs -f" ],
+ [ "TOFBpermop", "fips_desmovs -f" ],
+ [ "TOFBsubtab", "fips_desmovs -f" ],
+ [ "TOFBvarkey", "fips_desmovs -f" ],
+ [ "TOFBvartext", "fips_desmovs -f" ]
+
+);
+
+# Verification special cases.
+# In most cases the output of a test is deterministic and
+# it can be compared to a known good result. A few involve
+# the genration and use of random keys and the output will
+# be different each time. In thoses cases we perform special tests
+# to simply check their consistency. For example signature generation
+# output will be run through signature verification to see if all outputs
+# show as valid.
+#
+
+my %verify_special = (
+ "PQGGen" => "fips_dssvs pqgver",
+ "KeyPair" => "fips_dssvs keyver",
+ "SigGen" => "fips_dssvs sigver",
+ "SigGen15" => "fips_rsavtest",
+ "SigGenRSA" => "fips_rsavtest -x931",
+ "SigGenPSS(0)" => "fips_rsavtest -saltlen 0",
+ "SigGenPSS(62)" => "fips_rsavtest -saltlen 62",
+);
+
+my $win32 = $^O =~ m/mswin/i;
+my $onedir = 0;
+my $filter = "";
+my $tvdir;
+my $tprefix;
+my $shwrap_prefix;
+my $debug = 0;
+my $quiet = 0;
+my $notest = 0;
+my $verify = 1;
+my $rspdir = "rsp";
+my $ignore_missing = 0;
+my $ignore_bogus = 0;
+my $bufout = '';
+my $list_tests = 0;
+
+my %fips_enabled = (
+ dsa => 1,
+ rsa => 1,
+ "rsa-pss0" => 0,
+ "rsa-pss62" => 1,
+ sha => 1,
+ hmac => 1,
+ "rand-aes" => 1,
+ "rand-des2" => 0,
+ aes => 1,
+ "aes-cfb1" => 0,
+ des3 => 1
+);
+
+foreach (@ARGV) {
+ if ( $_ eq "--win32" ) {
+ $win32 = 1;
+ }
+ elsif ( $_ eq "--onedir" ) {
+ $onedir = 1;
+ }
+ elsif ( $_ eq "--debug" ) {
+ $debug = 1;
+ }
+ elsif ( $_ eq "--ignore-missing" ) {
+ $ignore_missing = 1;
+ }
+ elsif ( $_ eq "--ignore-bogus" ) {
+ $ignore_bogus = 1;
+ }
+ elsif ( $_ eq "--generate" ) {
+ $verify = 0;
+ }
+ elsif ( $_ eq "--notest" ) {
+ $notest = 1;
+ }
+ elsif ( $_ eq "--quiet" ) {
+ $quiet = 1;
+ }
+ elsif (/--dir=(.*)$/) {
+ $tvdir = $1;
+ }
+ elsif (/--rspdir=(.*)$/) {
+ $rspdir = $1;
+ }
+ elsif (/--tprefix=(.*)$/) {
+ $tprefix = $1;
+ }
+ elsif (/--shwrap_prefix=(.*)$/) {
+ $shwrap_prefix = $1;
+ }
+ elsif (/^--(enable|disable)-(.*)$/) {
+ if ( !exists $fips_enabled{$2} ) {
+ print STDERR "Unknown test $2\n";
+ }
+ if ( $1 eq "enable" ) {
+ $fips_enabled{$2} = 1;
+ }
+ else {
+ $fips_enabled{$2} = 0;
+ }
+ }
+ elsif (/--filter=(.*)$/) {
+ $filter = $1;
+ }
+ elsif (/^--list-tests$/) {
+ $list_tests = 1;
+ }
+ else {
+ Help();
+ exit(1);
+ }
+}
+
+my @fips_test_list;
+
+push @fips_test_list, @fips_dsa_test_list if $fips_enabled{"dsa"};
+push @fips_test_list, @fips_rsa_test_list if $fips_enabled{"rsa"};
+push @fips_test_list, @fips_rsa_pss0_test_list if $fips_enabled{"rsa-pss0"};
+push @fips_test_list, @fips_rsa_pss62_test_list if $fips_enabled{"rsa-pss62"};
+push @fips_test_list, @fips_sha_test_list if $fips_enabled{"sha"};
+push @fips_test_list, @fips_hmac_test_list if $fips_enabled{"hmac"};
+push @fips_test_list, @fips_rand_aes_test_list if $fips_enabled{"rand-aes"};
+push @fips_test_list, @fips_rand_des2_test_list if $fips_enabled{"rand-des2"};
+push @fips_test_list, @fips_aes_test_list if $fips_enabled{"aes"};
+push @fips_test_list, @fips_aes_cfb1_test_list if $fips_enabled{"aes-cfb1"};
+push @fips_test_list, @fips_des3_test_list if $fips_enabled{"des3"};
+
+if ($list_tests) {
+ my ( $test, $en );
+ print "=====TEST LIST=====\n";
+ foreach $test ( sort keys %fips_enabled ) {
+ $en = $fips_enabled{$test};
+ $test =~ tr/[a-z]/[A-Z]/;
+ printf "%-10s %s\n", $test, $en ? "enabled" : "disabled";
+ }
+ exit(0);
+}
+
+foreach (@fips_test_list) {
+ next unless ref($_);
+ my $nm = $_->[0];
+ $_->[2] = "";
+ $_->[3] = "";
+ print STDERR "Duplicate test $nm\n" if exists $fips_tests{$nm};
+ $fips_tests{$nm} = $_;
+}
+
+$tvdir = "." unless defined $tvdir;
+
+if ($win32) {
+ if ( !defined $tprefix ) {
+ if ($onedir) {
+ $tprefix = ".\\";
+ }
+ else {
+ $tprefix = "..\\out32dll\\";
+ }
+ }
+}
+else {
+ if ($onedir) {
+ $tprefix = "./" unless defined $tprefix;
+ $shwrap_prefix = "./" unless defined $shwrap_prefix;
+ }
+ else {
+ $tprefix = "../test/" unless defined $tprefix;
+ $shwrap_prefix = "../util/" unless defined $shwrap_prefix;
+ }
+}
+
+sanity_check_exe( $win32, $tprefix, $shwrap_prefix );
+
+my $cmd_prefix = $win32 ? "" : "${shwrap_prefix}shlib_wrap.sh ";
+
+find_files( $filter, $tvdir );
+
+sanity_check_files();
+
+my ( $runerr, $cmperr, $cmpok, $scheckrunerr, $scheckerr, $scheckok, $skipcnt )
+ = ( 0, 0, 0, 0, 0, 0, 0 );
+
+exit(0) if $notest;
+
+run_tests( $verify, $win32, $tprefix, $filter, $tvdir );
+
+if ($verify) {
+ print "ALGORITHM TEST VERIFY SUMMARY REPORT:\n";
+ print "Tests skipped due to missing files: $skipcnt\n";
+ print "Algorithm test program execution failures: $runerr\n";
+ print "Test comparisons successful: $cmpok\n";
+ print "Test comparisons failed: $cmperr\n";
+ print "Test sanity checks successful: $scheckok\n";
+ print "Test sanity checks failed: $scheckerr\n";
+ print "Sanity check program execution failures: $scheckrunerr\n";
+
+ if ( $runerr || $cmperr || $scheckrunerr || $scheckerr ) {
+ print "***TEST FAILURE***\n";
+ }
+ else {
+ print "***ALL TESTS SUCCESSFUL***\n";
+ }
+}
+else {
+ print "ALGORITHM TEST SUMMARY REPORT:\n";
+ print "Tests skipped due to missing files: $skipcnt\n";
+ print "Algorithm test program execution failures: $runerr\n";
+
+ if ($runerr) {
+ print "***TEST FAILURE***\n";
+ }
+ else {
+ print "***ALL TESTS SUCCESSFUL***\n";
+ }
+}
+
+#--------------------------------
+sub Help {
+ ( my $cmd ) = ( $0 =~ m#([^/]+)$# );
+ print <<EOF;
+$cmd: generate run CMVP algorithm tests
+ --debug Enable debug output
+ --dir=<dirname> Optional root for *.req file search
+ --filter=<regexp>
+ --onedir <dirname> Assume all components in current directory
+ --rspdir=<dirname> Name of subdirectories containing *.rsp files, default "resp"
+ --shwrap_prefix=<prefix>
+ --tprefix=<prefix>
+ --ignore-bogus Ignore duplicate or bogus files
+ --ignore-missing Ignore missing test files
+ --quiet Shhh....
+ --generate Generate algorithm test output
+ --win32 Win32 environment
+EOF
+}
+
+# Sanity check to see if all necessary executables exist
+
+sub sanity_check_exe {
+ my ( $win32, $tprefix, $shwrap_prefix ) = @_;
+ my %exe_list;
+ my $bad = 0;
+ $exe_list{ $shwrap_prefix . "shlib_wrap.sh" } = 1 unless $win32;
+ foreach (@fips_test_list) {
+ next unless ref($_);
+ my $cmd = $_->[1];
+ $cmd =~ s/ .*$//;
+ $cmd = $tprefix . $cmd;
+ $cmd .= ".exe" if $win32;
+ $exe_list{$cmd} = 1;
+ }
+
+ foreach ( sort keys %exe_list ) {
+ if ( !-f $_ ) {
+ print STDERR "ERROR: can't find executable $_\n";
+ $bad = 1;
+ }
+ }
+ if ($bad) {
+ print STDERR "FATAL ERROR: executables missing\n";
+ exit(1);
+ }
+ elsif ($debug) {
+ print STDERR "Executable sanity check passed OK\n";
+ }
+}
+
+# Search for all request and response files
+
+sub find_files {
+ my ( $filter, $dir ) = @_;
+ my ( $dirh, $testname );
+ opendir( $dirh, $dir );
+ while ( $_ = readdir($dirh) ) {
+ next if ( $_ eq "." || $_ eq ".." );
+ $_ = "$dir/$_";
+ if ( -f "$_" ) {
+ if (/\/([^\/]*)\.rsp$/) {
+ $testname = fix_pss( $1, $_ );
+ if ( exists $fips_tests{$testname} ) {
+ if ( $fips_tests{$testname}->[3] eq "" ) {
+ $fips_tests{$testname}->[3] = $_;
+ }
+ else {
+ print STDERR
+"WARNING: duplicate response file $_ for test $testname\n";
+ $nbogus++;
+ }
+ }
+ else {
+ print STDERR "WARNING: bogus file $_\n";
+ $nbogus++;
+ }
+ }
+ next unless /$filter.*\.req$/i;
+ if (/\/([^\/]*)\.req$/) {
+ $testname = fix_pss( $1, $_ );
+ if ( exists $fips_tests{$testname} ) {
+ if ( $fips_tests{$testname}->[2] eq "" ) {
+ $fips_tests{$testname}->[2] = $_;
+ }
+ else {
+ print STDERR
+"WARNING: duplicate request file $_ for test $testname\n";
+ $nbogus++;
+ }
+
+ }
+ elsif ( !/SHAmix\.req$/ ) {
+ print STDERR "WARNING: unrecognized filename $_\n";
+ $nbogus++;
+ }
+ }
+ }
+ elsif ( -d "$_" ) {
+ find_files( $filter, $_ );
+ }
+ }
+ closedir($dirh);
+}
+
+sub fix_pss {
+ my ( $test, $path ) = @_;
+ my $sl = "";
+ local $_;
+ if ( $test =~ /PSS/ ) {
+ open( IN, $path ) || die "Can't Open File $path";
+ while (<IN>) {
+ if (/^\s*#\s*salt\s+len:\s+(\d+)\s*$/i) {
+ $sl = $1;
+ last;
+ }
+ }
+ close IN;
+ if ( $sl eq "" ) {
+ print STDERR "WARNING: No Salt length detected for file $path\n";
+ }
+ else {
+ return $test . "($sl)";
+ }
+ }
+ return $test;
+}
+
+sub sanity_check_files {
+ my $bad = 0;
+ foreach (@fips_test_list) {
+ next unless ref($_);
+ my ( $tst, $cmd, $req, $resp ) = @$_;
+
+ #print STDERR "FILES $tst, $cmd, $req, $resp\n";
+ if ( $req eq "" ) {
+ print STDERR "WARNING: missing request file for $tst\n";
+ $bad = 1;
+ next;
+ }
+ if ( $verify && $resp eq "" ) {
+ print STDERR "WARNING: no response file for test $tst\n";
+ $bad = 1;
+ }
+ elsif ( !$verify && $resp ne "" ) {
+ print STDERR "WARNING: response file $resp will be overwritten\n";
+ }
+ }
+ if ($bad) {
+ print STDERR "ERROR: test vector file set not complete\n";
+ exit(1) unless $ignore_missing;
+ }
+ if ($nbogus) {
+ print STDERR
+ "ERROR: $nbogus bogus or duplicate request and response files\n";
+ exit(1) unless $ignore_bogus;
+ }
+ if ( $debug && !$nbogus && !$bad ) {
+ print STDERR "test vector file set complete\n";
+ }
+}
+
+sub run_tests {
+ my ( $verify, $win32, $tprefix, $filter, $tvdir ) = @_;
+ my ( $tname, $tref );
+ my $bad = 0;
+ foreach (@fips_test_list) {
+ if ( !ref($_) ) {
+ print "Running $_ tests\n" unless $quiet;
+ next;
+ }
+ my ( $tname, $tcmd, $req, $rsp ) = @$_;
+ my $out = $rsp;
+ if ($verify) {
+ $out =~ s/\.rsp$/.tst/;
+ }
+ if ( $req eq "" ) {
+ print STDERR
+ "WARNING: Request file for $tname missing: test skipped\n";
+ $skipcnt++;
+ next;
+ }
+ if ( $verify && $rsp eq "" ) {
+ print STDERR
+ "WARNING: Response file for $tname missing: test skipped\n";
+ $skipcnt++;
+ next;
+ }
+ elsif ( !$verify ) {
+ if ( $rsp ne "" ) {
+ print STDERR "WARNING: Response file for $tname deleted\n";
+ unlink $rsp;
+ }
+ $out = $req;
+ $out =~ s|/req/(\S+)\.req|/$rspdir/$1.rsp|;
+ my $outdir = $out;
+ $outdir =~ s|/[^/]*$||;
+ if ( !-d $outdir ) {
+ print STDERR "DEBUG: Creating directory $outdir\n" if $debug;
+ mkdir($outdir) || die "Can't create directory $outdir";
+ }
+ }
+ my $cmd = "$cmd_prefix$tprefix$tcmd ";
+ if ( $tcmd =~ /-f$/ ) {
+ $cmd .= "$req $out";
+ }
+ else {
+ $cmd .= "<$req >$out";
+ }
+ print STDERR "DEBUG: running test $tname\n" if ( $debug && !$verify );
+ system($cmd);
+ if ( $? != 0 ) {
+ print STDERR
+ "WARNING: error executing test $tname for command: $cmd\n";
+ $runerr++;
+ next;
+ }
+ if ($verify) {
+ if ( exists $verify_special{$tname} ) {
+ my $vout = $rsp;
+ $vout =~ s/\.rsp$/.ver/;
+ $tcmd = $verify_special{$tname};
+ $cmd = "$cmd_prefix$tprefix$tcmd ";
+ $cmd .= "<$out >$vout";
+ system($cmd);
+ if ( $? != 0 ) {
+ print STDERR
+ "WARNING: error executing verify test $tname $cmd\n";
+ $scheckrunerr++;
+ next;
+ }
+ my ( $fcount, $pcount ) = ( 0, 0 );
+ open VER, "$vout";
+ while (<VER>) {
+ if (/^Result\s*=\s*(\S*)\s*$/i)
+
+ {
+ if ( $1 eq "F" ) {
+ $fcount++;
+ }
+ else {
+ $pcount++;
+ }
+ }
+ }
+ close VER;
+
+ unlink $vout;
+ if ( $fcount || $debug ) {
+ print STDERR "DEBUG: $tname, Pass=$pcount, Fail=$fcount\n";
+ }
+ if ( $fcount || !$pcount ) {
+ $scheckerr++;
+ }
+ else {
+ $scheckok++;
+ }
+
+ }
+ elsif ( !cmp_file( $tname, $rsp, $out ) ) {
+ $cmperr++;
+ }
+ else {
+ $cmpok++;
+ }
+ unlink $out;
+ }
+ }
+}
+
+sub cmp_file {
+ my ( $tname, $rsp, $tst ) = @_;
+ my ( $rspf, $tstf );
+ my ( $rspline, $tstline );
+ if ( !open( $rspf, $rsp ) ) {
+ print STDERR "ERROR: can't open request file $rsp\n";
+ return 0;
+ }
+ if ( !open( $tstf, $tst ) ) {
+ print STDERR "ERROR: can't open output file $tst\n";
+ return 0;
+ }
+ for ( ; ; ) {
+ $rspline = next_line($rspf);
+ $tstline = next_line($tstf);
+ if ( !defined($rspline) && !defined($tstline) ) {
+ print STDERR "DEBUG: $tname file comparison OK\n" if $debug;
+ return 1;
+ }
+ if ( !defined($rspline) ) {
+ print STDERR "ERROR: $tname EOF on $rspf\n";
+ return 0;
+ }
+ if ( !defined($tstline) ) {
+ print STDERR "ERROR: $tname EOF on $tstf\n";
+ return 0;
+ }
+
+ # Workaround for bug in RAND des2 test output */
+ if ( $tstline =~ /^Key2 =/ && $rspline =~ /^Key1 =/ ) {
+ $rspline =~ s/^Key1/Key2/;
+ }
+
+ if ( $tstline ne $rspline ) {
+ print STDERR "ERROR: $tname mismatch:\n";
+ print STDERR "\t $tstline != $rspline\n";
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub next_line {
+ my ($in) = @_;
+
+ while (<$in>) {
+ chomp;
+
+ # Delete comments
+ s/#.*$//;
+
+ # Ignore blank lines
+ next if (/^\s*$/);
+
+ # Translate multiple space into one
+ s/\s+/ /g;
+ return $_;
+ }
+ return undef;
+}