2
0

fips-check.sh 1.6 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859
  1. #!/bin/bash
  2. # fips-check.sh
  3. # This script checks the current revision of the code against the
  4. # previous release of the FIPS code. While wolfSSL and wolfCrypt
  5. # may be advancing, they must work correctly with the last tested
  6. # copy of our FIPS approved code.
  7. FIPS_VERSION=v3.2.6
  8. FIPS_REPO=git@github.com:wolfSSL/fips.git
  9. FIPS_SRCS=( fips.c fips_test.c )
  10. WC_MODS=( aes des3 sha sha256 sha512 rsa hmac random )
  11. TEST_DIR=XXX-fips-test
  12. WC_INC_PATH=cyassl/ctaocrypt
  13. WC_SRC_PATH=ctaocrypt/src
  14. git clone . $TEST_DIR
  15. [ $? -ne 0 ] && echo -e "\n\nCouldn't duplicate current working directory.\n\n" && exit 1
  16. pushd $TEST_DIR
  17. # make a clone of the last FIPS release tag
  18. git clone -b $FIPS_VERSION . old-tree
  19. [ $? -ne 0 ] && echo -e "\n\nCouldn't checkout the FIPS release.\n\n" && exit 1
  20. for MOD in ${WC_MODS[@]}
  21. do
  22. cp old-tree/$WC_SRC_PATH/${MOD}.c $WC_SRC_PATH
  23. cp old-tree/$WC_INC_PATH/${MOD}.h $WC_INC_PATH
  24. done
  25. # clone the FIPS repository
  26. git clone -b $FIPS_VERSION $FIPS_REPO fips
  27. [ $? -ne 0 ] && echo -e "\n\nCouldn't checkout the FIPS repository.\n\n" && exit 1
  28. for SRC in ${FIPS_SRCS[@]}
  29. do
  30. cp fips/$SRC $WC_SRC_PATH
  31. done
  32. # run the make test
  33. ./autogen.sh
  34. ./configure --enable-fips
  35. make
  36. [ $? -ne 0 ] && echo -e "\n\nMake failed. Debris left for analysis." && exit 1
  37. NEWHASH=`./wolfcrypt/test/testwolfcrypt | sed -n 's/hash = \(.*\)/\1/p'`
  38. if [ -n "$NEWHASH" ]; then
  39. sed -i.bak "s/^\".*\";/\"${NEWHASH}\";/" $WC_SRC_PATH/fips_test.c
  40. make clean
  41. fi
  42. make test
  43. [ $? -ne 0 ] && echo -e "\n\nTest failed. Debris left for analysis." && exit 1
  44. # Clean up
  45. popd
  46. rm -rf $TEST_DIR