Inicio Explorar Axuda
Iniciar sesión
RISCI_ATOM
/
wolfssl
réplica de https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Ficheiros Incidencias 14 Wiki
Árbore: dd3012682a
Ramas Etiquetas
wolfssl
/
fips-check.sh

fips-check.sh 19 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544 
  1. #!/usr/bin/env bash
    2. 

  2. 

  3. # fips-check.sh
    4. 

  4. # This script checks the current revision of the code against the
    5. 

  5. # previous release of the FIPS code. While wolfSSL and wolfCrypt
    6. 

  6. # may be advancing, they must work correctly with the last tested
    7. 

  7. # copy of our FIPS approved code.
    8. 

  8. #
    9. 

  9. # This should check out all the approved flavors. The command line
    10. 

  10. # option selects the flavor. The keep option keeps the output
    11. 

  11. # directory.
    12. 

  12. 

  13. # These variables may be overridden on the command line.
    14. 

  14. MAKE="${MAKE:-make}"
    15. 

  15. GIT="${GIT:-git -c advice.detachedHead=false}"
    16. 

  16. TEST_DIR="${TEST_DIR:-XXX-fips-test}"
    17. 

  17. FLAVOR="${FLAVOR:-linux}"
    18. 

  18. KEEP="${KEEP:-no}"
    19. 

  19. MAKECHECK=${MAKECHECK:-yes}
    20. 

  20. DOCONFIGURE=${DOCONFIGURE:-yes}
    21. 

  21. DOAUTOGEN=${DOAUTOGEN:-yes}
    22. 

  22. FIPS_REPO="${FIPS_REPO:-git@github.com:wolfssl/fips.git}"
    23. 

  23. WOLFSSL_REPO="${WOLFSSL_REPO:-origin}"
    24. 

  24. 

  25. Usage() {
    26. 

  26.     cat <<usageText
    27. 

  27. Usage: $0 [flavor] [keep]
    28. 

  28. Flavor is one of:
    29. 

  29.     linuxv2 (FIPSv2, use for Win10)
    30. 

  30.     fipsv2-OE-ready (ready FIPSv2)
    31. 

  31.     solaris
    32. 

  32.     netbsd-selftest
    33. 

  33.     marvell-linux-selftest
    34. 

  34.     linuxv5 (current FIPS 140-3)
    35. 

  35.     fips-ready (ready FIPS 140-3)
    36. 

  36.     fips-dev (dev FIPS 140-3)
    37. 

  37.     wolfrand
    38. 

  38.     wolfentropy
    39. 

  39.     v6.0.0
    40. 

  40. Keep (default off) retains the temp dir $TEST_DIR for inspection.
    41. 

  41. 

  42. Example:
    43. 

  43.     $0 windows keep
    44. 

  44. usageText
    45. 

  45. }
    46. 

  46. 

  47. while [ "$1" ]; do
    48. 

  48.   if [ "$1" = 'keep' ]; then KEEP='yes';
    49. 

  49.   elif [ "$1" = 'nomakecheck' ]; then MAKECHECK='no';
    50. 

  50.   elif [ "$1" = 'nodoconfigure' ]; then DOCONFIGURE='no';
    51. 

  51.   elif [ "$1" = 'noautogen' ]; then DOCONFIGURE='no'; DOAUTOGEN='no';
    52. 

  52.   else FLAVOR="$1"; fi
    53. 

  53.   shift
    54. 

  54. done
    55. 

  55. 

  56. case "$FLAVOR" in
    57. 

  57. linuxv2|fipsv2-OE-ready|solaris)
    58. 

  58.   FIPS_OPTION='v2'
    59. 

  59.   FIPS_FILES=(
    60. 

  60.     'wolfcrypt/src/fips.c:WCv4-stable'
    61. 

  61.     'wolfcrypt/src/fips_test.c:WCv4-stable'
    62. 

  62.     'wolfcrypt/src/wolfcrypt_first.c:WCv4-stable'
    63. 

  63.     'wolfcrypt/src/wolfcrypt_last.c:WCv4-stable'
    64. 

  64.     'wolfssl/wolfcrypt/fips.h:WCv4-stable'
    65. 

  65.   )
    66. 

  66.   WOLFCRYPT_FILES=(
    67. 

  67.     'wolfcrypt/src/aes.c:WCv4-stable'
    68. 

  68.     'wolfcrypt/src/aes_asm.asm:WCv4-stable'
    69. 

  69.     'wolfcrypt/src/aes_asm.S:WCv4-stable'
    70. 

  70.     'wolfcrypt/src/cmac.c:WCv4-stable'
    71. 

  71.     'wolfcrypt/src/des3.c:WCv4-stable'
    72. 

  72.     'wolfcrypt/src/dh.c:WCv4-stable'
    73. 

  73.     'wolfcrypt/src/ecc.c:WCv4-stable'
    74. 

  74.     'wolfcrypt/src/hmac.c:WCv4-stable'
    75. 

  75.     'wolfcrypt/src/random.c:WCv4-rng-stable'
    76. 

  76.     'wolfcrypt/src/rsa.c:WCv4-stable'
    77. 

  77.     'wolfcrypt/src/sha.c:WCv4-stable'
    78. 

  78.     'wolfcrypt/src/sha256.c:WCv4-stable'
    79. 

  79.     'wolfcrypt/src/sha3.c:WCv4-stable'
    80. 

  80.     'wolfcrypt/src/sha512.c:WCv4-stable'
    81. 

  81.     'wolfssl/wolfcrypt/aes.h:WCv4-stable'
    82. 

  82.     'wolfssl/wolfcrypt/cmac.h:WCv4-stable'
    83. 

  83.     'wolfssl/wolfcrypt/des3.h:WCv4-stable'
    84. 

  84.     'wolfssl/wolfcrypt/dh.h:WCv4-stable'
    85. 

  85.     'wolfssl/wolfcrypt/ecc.h:WCv4-stable'
    86. 

  86.     'wolfssl/wolfcrypt/hmac.h:WCv4-stable'
    87. 

  87.     'wolfssl/wolfcrypt/random.h:WCv4-rng-stable'
    88. 

  88.     'wolfssl/wolfcrypt/rsa.h:WCv4-stable'
    89. 

  89.     'wolfssl/wolfcrypt/sha.h:WCv4-stable'
    90. 

  90.     'wolfssl/wolfcrypt/sha256.h:WCv4-stable'
    91. 

  91.     'wolfssl/wolfcrypt/sha3.h:WCv4-stable'
    92. 

  92.     'wolfssl/wolfcrypt/sha512.h:WCv4-stable'
    93. 

  93.   )
    94. 

  94.   if [ "$FLAVOR" = 'solaris' ]; then MAKE='gmake'; fi
    95. 

  95.   ;;
    96. 

  96. netbsd-selftest)
    97. 

  97.   # non-FIPS, CAVP only but pull in selftest
    98. 

  98.   FIPS_OPTION='cavp-selftest'
    99. 

  99.   FIPS_FILES=('wolfcrypt/src/selftest.c:v3.14.2b')
    100. 

  100.   WOLFCRYPT_FILES=(
    101. 

  101.     'wolfcrypt/src/aes.c:v3.14.2'
    102. 

  102.     'wolfcrypt/src/dh.c:v3.14.2'
    103. 

  103.     'wolfcrypt/src/dsa.c:v3.14.2'
    104. 

  104.     'wolfcrypt/src/ecc.c:v3.14.2'
    105. 

  105.     'wolfcrypt/src/hmac.c:v3.14.2'
    106. 

  106.     'wolfcrypt/src/random.c:v3.14.2'
    107. 

  107.     'wolfcrypt/src/rsa.c:v3.14.2'
    108. 

  108.     'wolfcrypt/src/sha.c:v3.14.2'
    109. 

  109.     'wolfcrypt/src/sha256.c:v3.14.2'
    110. 

  110.     'wolfcrypt/src/sha512.c:v3.14.2'
    111. 

  111.     'wolfssl/wolfcrypt/aes.h:v3.14.2'
    112. 

  112.     'wolfssl/wolfcrypt/dh.h:v3.14.2'
    113. 

  113.     'wolfssl/wolfcrypt/dsa.h:v3.14.2'
    114. 

  114.     'wolfssl/wolfcrypt/ecc.h:v3.14.2'
    115. 

  115.     'wolfssl/wolfcrypt/hmac.h:v3.14.2'
    116. 

  116.     'wolfssl/wolfcrypt/random.h:v3.14.2'
    117. 

  117.     'wolfssl/wolfcrypt/rsa.h:v3.14.2'
    118. 

  118.     'wolfssl/wolfcrypt/sha.h:v3.14.2'
    119. 

  119.     'wolfssl/wolfcrypt/sha256.h:v3.14.2'
    120. 

  120.     'wolfssl/wolfcrypt/sha512.h:v3.14.2'
    121. 

  121.   )
    122. 

  122.   ;;
    123. 

  123. marvell-linux-selftest)
    124. 

  124.   # non-FIPS, CAVP only but pull in selftest
    125. 

  125.   FIPS_OPTION='cavp-selftest-v2'
    126. 

  126.   FIPS_FILES=('wolfcrypt/src/selftest.c:v3.14.2b')
    127. 

  127.   WOLFCRYPT_FILES=(
    128. 

  128.     'wolfcrypt/src/aes.c:v4.1.0-stable'
    129. 

  129.     'wolfcrypt/src/dh.c:v4.1.0-stable'
    130. 

  130.     'wolfcrypt/src/dsa.c:v4.1.0-stable'
    131. 

  131.     'wolfcrypt/src/ecc.c:v4.1.0-stable'
    132. 

  132.     'wolfcrypt/src/hmac.c:v4.1.0-stable'
    133. 

  133.     'wolfcrypt/src/random.c:v4.1.0-stable'
    134. 

  134.     'wolfcrypt/src/rsa.c:v4.1.0-stable'
    135. 

  135.     'wolfcrypt/src/sha.c:v4.1.0-stable'
    136. 

  136.     'wolfcrypt/src/sha256.c:v4.1.0-stable'
    137. 

  137.     'wolfcrypt/src/sha512.c:v4.1.0-stable'
    138. 

  138.     'wolfssl/wolfcrypt/aes.h:v4.1.0-stable'
    139. 

  139.     'wolfssl/wolfcrypt/dh.h:v4.1.0-stable'
    140. 

  140.     'wolfssl/wolfcrypt/dsa.h:v4.1.0-stable'
    141. 

  141.     'wolfssl/wolfcrypt/ecc.h:v4.1.0-stable'
    142. 

  142.     'wolfssl/wolfcrypt/hmac.h:v4.1.0-stable'
    143. 

  143.     'wolfssl/wolfcrypt/random.h:v4.1.0-stable'
    144. 

  144.     'wolfssl/wolfcrypt/rsa.h:v4.1.0-stable'
    145. 

  145.     'wolfssl/wolfcrypt/sha.h:v4.1.0-stable'
    146. 

  146.     'wolfssl/wolfcrypt/sha256.h:v4.1.0-stable'
    147. 

  147.     'wolfssl/wolfcrypt/sha512.h:v4.1.0-stable'
    148. 

  148.   )
    149. 

  149.   ;;
    150. 

  150. linuxv5-RC12)
    151. 

  151.   FIPS_OPTION='v5-RC12'
    152. 

  152.   FIPS_FILES=(
    153. 

  153.     'wolfcrypt/src/fips.c:WCv5.2.0.1-RC01'
    154. 

  154.     'wolfcrypt/src/fips_test.c:WCv5.0-RC12'
    155. 

  155.     'wolfcrypt/src/wolfcrypt_first.c:WCv5.0-RC12'
    156. 

  156.     'wolfcrypt/src/wolfcrypt_last.c:WCv5.0-RC12'
    157. 

  157.     'wolfssl/wolfcrypt/fips.h:WCv5.0-RC12'
    158. 

  158.   )
    159. 

  159.   WOLFCRYPT_FILES=(
    160. 

  160.     'wolfcrypt/src/aes.c:WCv5.0-RC12'
    161. 

  161.     'wolfcrypt/src/aes_asm.asm:WCv5.0-RC12'
    162. 

  162.     'wolfcrypt/src/aes_asm.S:WCv5.0-RC12'
    163. 

  163.     'wolfcrypt/src/aes_gcm_asm.S:WCv5.0-RC12'
    164. 

  164.     'wolfcrypt/src/cmac.c:WCv5.0-RC12'
    165. 

  165.     'wolfcrypt/src/dh.c:WCv5.0-RC12'
    166. 

  166.     'wolfcrypt/src/ecc.c:WCv5.0-RC12'
    167. 

  167.     'wolfcrypt/src/hmac.c:WCv5.0-RC12'
    168. 

  168.     'wolfcrypt/src/kdf.c:WCv5.0-RC12'
    169. 

  169.     'wolfcrypt/src/random.c:WCv5.0-RC12'
    170. 

  170.     'wolfcrypt/src/rsa.c:WCv5.0-RC12'
    171. 

  171.     'wolfcrypt/src/sha.c:WCv5.0-RC12'
    172. 

  172.     'wolfcrypt/src/sha256.c:WCv5.0-RC12'
    173. 

  173.     'wolfcrypt/src/sha256_asm.S:WCv5.0-RC12'
    174. 

  174.     'wolfcrypt/src/sha3.c:WCv5.0-RC12'
    175. 

  175.     'wolfcrypt/src/sha512.c:WCv5.0-RC12'
    176. 

  176.     'wolfcrypt/src/sha512_asm.S:WCv5.0-RC12'
    177. 

  177.     'wolfssl/wolfcrypt/aes.h:WCv5.0-RC12'
    178. 

  178.     'wolfssl/wolfcrypt/cmac.h:WCv5.0-RC12'
    179. 

  179.     'wolfssl/wolfcrypt/dh.h:WCv5.0-RC12'
    180. 

  180.     'wolfssl/wolfcrypt/ecc.h:WCv5.0-RC12'
    181. 

  181.     'wolfssl/wolfcrypt/fips_test.h:WCv5.0-RC12'
    182. 

  182.     'wolfssl/wolfcrypt/hmac.h:WCv5.0-RC12'
    183. 

  183.     'wolfssl/wolfcrypt/kdf.h:WCv5.0-RC12'
    184. 

  184.     'wolfssl/wolfcrypt/random.h:WCv5.0-RC12'
    185. 

  185.     'wolfssl/wolfcrypt/rsa.h:WCv5.0-RC12'
    186. 

  186.     'wolfssl/wolfcrypt/sha.h:WCv5.0-RC12'
    187. 

  187.     'wolfssl/wolfcrypt/sha256.h:WCv5.0-RC12'
    188. 

  188.     'wolfssl/wolfcrypt/sha3.h:WCv5.0-RC12'
    189. 

  189.     'wolfssl/wolfcrypt/sha512.h:WCv5.0-RC12'
    190. 

  190.   )
    191. 

  191.   ;;
    192. 

  192. linuxv5|linuxv5.2.1)
    193. 

  193.   FIPS_OPTION='v5'
    194. 

  194.   FIPS_FILES=(
    195. 

  195.     'wolfcrypt/src/fips.c:v5.2.1-stable'
    196. 

  196.     'wolfcrypt/src/fips_test.c:v5.2.1-stable'
    197. 

  197.     'wolfcrypt/src/wolfcrypt_first.c:v5.2.1-stable'
    198. 

  198.     'wolfcrypt/src/wolfcrypt_last.c:v5.2.1-stable'
    199. 

  199.     'wolfssl/wolfcrypt/fips.h:v5.2.1-stable-OS_Seed-HdrOnly'
    200. 

  200.   )
    201. 

  201.   WOLFCRYPT_FILES=(
    202. 

  202.     'wolfcrypt/src/aes.c:v5.2.1-stable'
    203. 

  203.     'wolfcrypt/src/aes_asm.asm:v5.2.1-stable'
    204. 

  204.     'wolfcrypt/src/aes_asm.S:v5.2.1-stable'
    205. 

  205.     'wolfcrypt/src/aes_gcm_asm.S:v5.2.1-stable'
    206. 

  206.     'wolfcrypt/src/cmac.c:v5.2.1-stable'
    207. 

  207.     'wolfcrypt/src/dh.c:v5.2.1-stable'
    208. 

  208.     'wolfcrypt/src/ecc.c:v5.2.1-stable'
    209. 

  209.     'wolfcrypt/src/hmac.c:v5.2.1-stable'
    210. 

  210.     'wolfcrypt/src/kdf.c:v5.2.1-stable'
    211. 

  211.     'wolfcrypt/src/random.c:v5.2.1-stable'
    212. 

  212.     'wolfcrypt/src/rsa.c:v5.2.1-stable'
    213. 

  213.     'wolfcrypt/src/sha.c:v5.2.1-stable'
    214. 

  214.     'wolfcrypt/src/sha256.c:v5.2.1-stable'
    215. 

  215.     'wolfcrypt/src/sha256_asm.S:v5.2.1-stable'
    216. 

  216.     'wolfcrypt/src/sha3.c:v5.2.1-stable'
    217. 

  217.     'wolfcrypt/src/sha512.c:v5.2.1-stable'
    218. 

  218.     'wolfcrypt/src/sha512_asm.S:v5.2.1-stable'
    219. 

  219.     'wolfssl/wolfcrypt/aes.h:v5.2.1-stable'
    220. 

  220.     'wolfssl/wolfcrypt/cmac.h:v5.2.1-stable'
    221. 

  221.     'wolfssl/wolfcrypt/dh.h:v5.2.1-stable'
    222. 

  222.     'wolfssl/wolfcrypt/ecc.h:v5.2.1-stable'
    223. 

  223.     'wolfssl/wolfcrypt/fips_test.h:v5.2.1-stable'
    224. 

  224.     'wolfssl/wolfcrypt/hmac.h:v5.2.1-stable'
    225. 

  225.     'wolfssl/wolfcrypt/kdf.h:v5.2.1-stable'
    226. 

  226.     'wolfssl/wolfcrypt/random.h:v5.2.1-stable-OS_Seed-HdrOnly'
    227. 

  227.     'wolfssl/wolfcrypt/rsa.h:v5.2.1-stable'
    228. 

  228.     'wolfssl/wolfcrypt/sha.h:v5.2.1-stable'
    229. 

  229.     'wolfssl/wolfcrypt/sha256.h:v5.2.1-stable'
    230. 

  230.     'wolfssl/wolfcrypt/sha3.h:v5.2.1-stable'
    231. 

  231.     'wolfssl/wolfcrypt/sha512.h:v5.2.1-stable'
    232. 

  232.   )
    233. 

  233.   ;;
    234. 

  234. v6.0.0)
    235. 

  235.   WOLF_REPO_TAG='WCv6.0.0-RC1'
    236. 

  236.   FIPS_REPO_TAG='WCv6.0.0-RC1'
    237. 

  237.   ASM_PICKUPS_TAG='WCv6.0.0-RC2'
    238. 

  238.   FIPS_OPTION='v6'
    239. 

  239.   FIPS_FILES=(
    240. 

  240.     "wolfcrypt/src/fips.c:${FIPS_REPO_TAG}"
    241. 

  241.     "wolfcrypt/src/fips_test.c:${FIPS_REPO_TAG}"
    242. 

  242.     "wolfcrypt/src/wolfcrypt_first.c:${FIPS_REPO_TAG}"
    243. 

  243.     "wolfcrypt/src/wolfcrypt_last.c:${FIPS_REPO_TAG}"
    244. 

  244.     "wolfssl/wolfcrypt/fips.h:${FIPS_REPO_TAG}"
    245. 

  245.   )
    246. 

  246.   WOLFCRYPT_FILES=(
    247. 

  247.     "wolfcrypt/src/aes_asm.asm:${WOLF_REPO_TAG}"
    248. 

  248.     "wolfcrypt/src/aes_asm.S:${WOLF_REPO_TAG}"
    249. 

  249.     "wolfcrypt/src/aes_gcm_asm.S:${WOLF_REPO_TAG}"
    250. 

  250.     "wolfcrypt/src/aes_gcm_x86_asm.S:${WOLF_REPO_TAG}"
    251. 

  251.     "wolfcrypt/src/aes_xts_asm.S:${WOLF_REPO_TAG}"
    252. 

  252.     "wolfcrypt/src/aes.c:${WOLF_REPO_TAG}"
    253. 

  253.     "wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c:${ASM_PICKUPS_TAG}"
    254. 

  254.     "wolfcrypt/src/port/arm/armv8-32-aes-asm.S:${WOLF_REPO_TAG}"
    255. 

  255.     "wolfcrypt/src/port/arm/armv8-32-curve25519_c.c:${ASM_PICKUPS_TAG}"
    256. 

  256.     "wolfcrypt/src/port/arm/armv8-32-curve25519.S:${WOLF_REPO_TAG}"
    257. 

  257.     "wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c:${ASM_PICKUPS_TAG}"
    258. 

  258.     "wolfcrypt/src/port/arm/armv8-32-sha256-asm.S:${WOLF_REPO_TAG}"
    259. 

  259.     "wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c:${ASM_PICKUPS_TAG}"
    260. 

  260.     "wolfcrypt/src/port/arm/armv8-32-sha512-asm.S:${WOLF_REPO_TAG}"
    261. 

  261.     "wolfcrypt/src/port/arm/armv8-aes.c:${ASM_PICKUPS_TAG}"
    262. 

  262.     "wolfcrypt/src/port/arm/armv8-curve25519_c.c:${ASM_PICKUPS_TAG}"
    263. 

  263.     "wolfcrypt/src/port/arm/armv8-curve25519.S:${WOLF_REPO_TAG}"
    264. 

  264.     "wolfcrypt/src/port/arm/armv8-sha256.c:${WOLF_REPO_TAG}"
    265. 

  265.     "wolfcrypt/src/port/arm/armv8-sha3-asm_c.c:${ASM_PICKUPS_TAG}"
    266. 

  266.     "wolfcrypt/src/port/arm/armv8-sha3-asm.S:${ASM_PICKUPS_TAG}"
    267. 

  267.     "wolfcrypt/src/port/arm/armv8-sha512-asm_c.c:${ASM_PICKUPS_TAG}"
    268. 

  268.     "wolfcrypt/src/port/arm/armv8-sha512-asm.S:${WOLF_REPO_TAG}"
    269. 

  269.     "wolfcrypt/src/port/arm/armv8-sha512.c:${WOLF_REPO_TAG}"
    270. 

  270.     "wolfcrypt/src/cmac.c:${WOLF_REPO_TAG}"
    271. 

  271.     "wolfcrypt/src/curve25519.c:${WOLF_REPO_TAG}"
    272. 

  272.     "wolfcrypt/src/curve448.c:${WOLF_REPO_TAG}"
    273. 

  273.     "wolfcrypt/src/dh.c:${WOLF_REPO_TAG}"
    274. 

  274.     "wolfcrypt/src/ecc.c:${WOLF_REPO_TAG}"
    275. 

  275.     "wolfcrypt/src/ed25519.c:${WOLF_REPO_TAG}"
    276. 

  276.     "wolfcrypt/src/ed448.c:${WOLF_REPO_TAG}"
    277. 

  277.     "wolfcrypt/src/hmac.c:${WOLF_REPO_TAG}"
    278. 

  278.     "wolfcrypt/src/kdf.c:${WOLF_REPO_TAG}"
    279. 

  279.     "wolfcrypt/src/pwdbased.c:${WOLF_REPO_TAG}"
    280. 

  280.     "wolfcrypt/src/random.c:${WOLF_REPO_TAG}"
    281. 

  281.     "wolfcrypt/src/rsa.c:${WOLF_REPO_TAG}"
    282. 

  282.     "wolfcrypt/src/sha.c:${WOLF_REPO_TAG}"
    283. 

  283.     "wolfcrypt/src/sha256_asm.S:${WOLF_REPO_TAG}"
    284. 

  284.     "wolfcrypt/src/sha256.c:${WOLF_REPO_TAG}"
    285. 

  285.     "wolfcrypt/src/sha3.c:${WOLF_REPO_TAG}"
    286. 

  286.     "wolfcrypt/src/sha3_asm.S:${WOLF_REPO_TAG}"
    287. 

  287.     "wolfcrypt/src/sha512_asm.S:${WOLF_REPO_TAG}"
    288. 

  288.     "wolfcrypt/src/sha512.c:${WOLF_REPO_TAG}"
    289. 

  289.     "wolfcrypt/src/sp_arm32.c:${ASM_PICKUPS_TAG}"
    290. 

  290.     "wolfcrypt/src/sp_arm64.c:${ASM_PICKUPS_TAG}"
    291. 

  291.     "wolfcrypt/src/sp_armthumb.c:${ASM_PICKUPS_TAG}"
    292. 

  292.     "wolfcrypt/src/sp_c32.c:${ASM_PICKUPS_TAG}"
    293. 

  293.     "wolfcrypt/src/sp_c64.c:${ASM_PICKUPS_TAG}"
    294. 

  294.     "wolfcrypt/src/sp_cortexm.c:${ASM_PICKUPS_TAG}"
    295. 

  295.     "wolfcrypt/src/sp_x86_64_asm.asm:${WOLF_REPO_TAG}"
    296. 

  296.     "wolfcrypt/src/sp_x86_64_asm.S:${WOLF_REPO_TAG}"
    297. 

  297.     "wolfcrypt/src/sp_x86_64.c:${ASM_PICKUPS_TAG}"
    298. 

  298.     "wolfcrypt/src/port/arm/thumb2-aes-asm_c.c:${WOLF_REPO_TAG}"
    299. 

  299.     "wolfcrypt/src/port/arm/thumb2-aes-asm.S:${WOLF_REPO_TAG}"
    300. 

  300.     "wolfcrypt/src/port/arm/thumb2-curve25519_c.c:${WOLF_REPO_TAG}"
    301. 

  301.     "wolfcrypt/src/port/arm/thumb2-curve25519.S:${WOLF_REPO_TAG}"
    302. 

  302.     "wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c:${WOLF_REPO_TAG}"
    303. 

  303.     "wolfcrypt/src/port/arm/thumb2-sha256-asm.S:${WOLF_REPO_TAG}"
    304. 

  304.     "wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c:${WOLF_REPO_TAG}"
    305. 

  305.     "wolfcrypt/src/port/arm/thumb2-sha512-asm.S:${WOLF_REPO_TAG}"
    306. 

  306.     "wolfssl/wolfcrypt/aes.h:${WOLF_REPO_TAG}"
    307. 

  307.     "wolfssl/wolfcrypt/cmac.h:${WOLF_REPO_TAG}"
    308. 

  308.     "wolfssl/wolfcrypt/curve25519.h:${WOLF_REPO_TAG}"
    309. 

  309.     "wolfssl/wolfcrypt/curve448.h:${WOLF_REPO_TAG}"
    310. 

  310.     "wolfssl/wolfcrypt/dh.h:${WOLF_REPO_TAG}"
    311. 

  311.     "wolfssl/wolfcrypt/ecc.h:${WOLF_REPO_TAG}"
    312. 

  312.     "wolfssl/wolfcrypt/ed25519.h:${WOLF_REPO_TAG}"
    313. 

  313.     "wolfssl/wolfcrypt/ed448.h:${WOLF_REPO_TAG}"
    314. 

  314.     "wolfssl/wolfcrypt/fips_test.h:${WOLF_REPO_TAG}"
    315. 

  315.     "wolfssl/wolfcrypt/hmac.h:${WOLF_REPO_TAG}"
    316. 

  316.     "wolfssl/wolfcrypt/kdf.h:${WOLF_REPO_TAG}"
    317. 

  317.     "wolfssl/wolfcrypt/pwdbased.h:${WOLF_REPO_TAG}"
    318. 

  318.     "wolfssl/wolfcrypt/random.h:${WOLF_REPO_TAG}"
    319. 

  319.     "wolfssl/wolfcrypt/rsa.h:${WOLF_REPO_TAG}"
    320. 

  320.     "wolfssl/wolfcrypt/sha.h:${WOLF_REPO_TAG}"
    321. 

  321.     "wolfssl/wolfcrypt/sha256.h:${WOLF_REPO_TAG}"
    322. 

  322.     "wolfssl/wolfcrypt/sha3.h:${WOLF_REPO_TAG}"
    323. 

  323.     "wolfssl/wolfcrypt/sha512.h:${WOLF_REPO_TAG}"
    324. 

  324.   )
    325. 

  325.   ;;
    326. 

  326. fips-ready|fips-dev)
    327. 

  327.   if [ "$FLAVOR" = 'fips-dev' ]; then
    328. 

  328.       FIPS_OPTION='dev'
    329. 

  329.   else
    330. 

  330.       FIPS_OPTION='ready'
    331. 

  331.   fi
    332. 

  332.   FIPS_FILES=(
    333. 

  333.     'wolfcrypt/src/fips.c:master'
    334. 

  334.     'wolfcrypt/src/fips_test.c:master'
    335. 

  335.     'wolfcrypt/src/wolfcrypt_first.c:master'
    336. 

  336.     'wolfcrypt/src/wolfcrypt_last.c:master'
    337. 

  337.     'wolfssl/wolfcrypt/fips.h:master'
    338. 

  338.   )
    339. 

  339.   WOLFCRYPT_FILES=()
    340. 

  340.   ;;
    341. 

  341. wolfrand)
    342. 

  342.   FIPS_OPTION='rand'
    343. 

  343.   FIPS_FILES=(
    344. 

  344.     'wolfcrypt/src/fips.c:WRv4-stable'
    345. 

  345.     'wolfcrypt/src/fips_test.c:WRv4-stable'
    346. 

  346.     'wolfcrypt/src/wolfcrypt_first.c:WRv4-stable'
    347. 

  347.     'wolfcrypt/src/wolfcrypt_last.c:WRv4-stable'
    348. 

  348.     'wolfssl/wolfcrypt/fips.h:WRv4-stable'
    349. 

  349.   )
    350. 

  350.   WOLFCRYPT_FILES=(
    351. 

  351.     'wolfcrypt/src/hmac.c:WCv4-stable'
    352. 

  352.     'wolfcrypt/src/random.c:WCv4-rng-stable'
    353. 

  353.     'wolfcrypt/src/sha256.c:WCv4-stable'
    354. 

  354.     'wolfssl/wolfcrypt/hmac.h:WCv4-stable'
    355. 

  355.     'wolfssl/wolfcrypt/random.h:WCv4-rng-stable'
    356. 

  356.     'wolfssl/wolfcrypt/sha256.h:WCv4-stable'
    357. 

  357.   )
    358. 

  358.   ;;
    359. 

  359. wolfentropy)
    360. 

  360.   FIPS_OPTION='v6'
    361. 

  361.   FIPS_FILES=(
    362. 

  362.     'wolfcrypt/src/fips.c:wolfEntropy1'
    363. 

  363.     'wolfcrypt/src/fips_test.c:wolfEntropy1'
    364. 

  364.     'wolfcrypt/src/wolfcrypt_first.c:wolfEntropy1'
    365. 

  365.     'wolfcrypt/src/wolfcrypt_last.c:wolfEntropy1'
    366. 

  366.     'wolfssl/wolfcrypt/fips.h:wolfEntropy1'
    367. 

  367.   )
    368. 

  368.   WOLFCRYPT_FILES=(
    369. 

  369.     'wolfcrypt/src/aes.c:wolfEntropy1'
    370. 

  370.     'wolfcrypt/src/aes_asm.asm:wolfEntropy1'
    371. 

  371.     'wolfcrypt/src/aes_asm.S:wolfEntropy1'
    372. 

  372.     'wolfcrypt/src/aes_gcm_asm.S:wolfEntropy1'
    373. 

  373.     'wolfcrypt/src/ecc.c:wolfEntropy1'
    374. 

  374.     'wolfcrypt/src/hmac.c:wolfEntropy1'
    375. 

  375.     'wolfcrypt/src/kdf.c:wolfEntropy1'
    376. 

  376.     'wolfcrypt/src/random.c:wolfEntropy1'
    377. 

  377.     'wolfcrypt/src/sha256.c:wolfEntropy1'
    378. 

  378.     'wolfcrypt/src/sha256_asm.S:wolfEntropy1'
    379. 

  379.     'wolfcrypt/src/sha3.c:wolfEntropy1'
    380. 

  380.     'wolfcrypt/src/sha512.c:wolfEntropy1'
    381. 

  381.     'wolfcrypt/src/sha512_asm.S:wolfEntropy1'
    382. 

  382.     'wolfssl/wolfcrypt/aes.h:wolfEntropy1'
    383. 

  383.     'wolfssl/wolfcrypt/ecc.h:wolfEntropy1'
    384. 

  384.     'wolfssl/wolfcrypt/fips_test.h:wolfEntropy1'
    385. 

  385.     'wolfssl/wolfcrypt/hmac.h:wolfEntropy1'
    386. 

  386.     'wolfssl/wolfcrypt/kdf.h:wolfEntropy1'
    387. 

  387.     'wolfssl/wolfcrypt/random.h:wolfEntropy1'
    388. 

  388.     'wolfssl/wolfcrypt/sha256.h:wolfEntropy1'
    389. 

  389.     'wolfssl/wolfcrypt/sha3.h:wolfEntropy1'
    390. 

  390.     'wolfssl/wolfcrypt/sha512.h:wolfEntropy1'
    391. 

  391.   )
    392. 

  392.   ;;
    393. 

  393. 

  394. *)
    395. 

  395.   Usage
    396. 

  396.   exit 1
    397. 

  397. esac
    398. 

  398. 

  399. # checkout_files takes an array of pairs of file paths and git tags to
    400. 

  400. # checkout. It will check to see if mytag exists and if not will make that
    401. 

  401. # tag a branch.
    402. 

  402. function checkout_files() {
    403. 

  403.     local name
    404. 

  404.     local tag
    405. 

  405.     for file_entry in "$@"; do
    406. 

  406.         name=${file_entry%%:*}
    407. 

  407.         tag=${file_entry#*:}
    408. 

  408.         if ! $GIT rev-parse -q --verify "my$tag" >/dev/null
    409. 

  409.         then
    410. 

  410.             $GIT branch --no-track "my$tag" "$tag" || exit $?
    411. 

  411.         fi
    412. 

  412.         $GIT checkout "my$tag" -- "$name" || exit $?
    413. 

  413.     done
    414. 

  414. }
    415. 

  415. 

  416. # copy_fips_files takes an array of pairs of file paths and git tags to
    417. 

  417. # checkout. It will check to see if mytag exists and if now will make that
    418. 

  418. # tag a branch.  It breaks the filepath apart into file name and path, then
    419. 

  419. # copies it from the file from the fips directory to the path.
    420. 

  420. function copy_fips_files() {
    421. 

  421.     local name
    422. 

  422.     local bname
    423. 

  423.     local dname
    424. 

  424.     local tag
    425. 

  425.     for file_entry in "$@"; do
    426. 

  426.         name=${file_entry%%:*}
    427. 

  427.         tag=${file_entry#*:}
    428. 

  428.         bname=$(basename "$name")
    429. 

  429.         dname=$(dirname "$name")
    430. 

  430.         if ! $GIT rev-parse -q --verify "my$tag" >/dev/null; then
    431. 

  431.             $GIT branch --no-track "my$tag" "$tag" || exit $?
    432. 

  432.         fi
    433. 

  433.         $GIT checkout "my$tag" -- "$bname" || exit $?
    434. 

  434.         cp "$bname" "../$dname"
    435. 

  435.     done
    436. 

  436. }
    437. 

  437. 

  438. declare -A FIPS_TAGS_NEEDED WOLFCRYPT_TAGS_NEEDED
    439. 

  439. for file_entry in "${WOLFCRYPT_FILES[@]}"; do
    440. 

  440.     WOLFCRYPT_TAGS_NEEDED["${file_entry#*:}"]=1
    441. 

  441. done
    442. 

  442. for file_entry in "${FIPS_FILES[@]}"; do
    443. 

  443.     FIPS_TAGS_NEEDED["${file_entry#*:}"]=1
    444. 

  444. done
    445. 

  445. 

  446. echo "wolfCrypt tag$( [[ ${#WOLFCRYPT_TAGS_NEEDED[@]} != "1" ]] && echo -n 's'):"
    447. 

  447. for tag in "${!WOLFCRYPT_TAGS_NEEDED[@]}"; do
    448. 

  448.     if $GIT describe --exact-match --long "$tag" 2>/dev/null; then
    449. 

  449.         continue
    450. 

  450.     fi
    451. 

  451.     if ! $GIT fetch --depth 1 "$WOLFSSL_REPO" tag "$tag"; then
    452. 

  452.         echo "Can't fetch wolfCrypt tag: $tag"
    453. 

  453.         exit 1
    454. 

  454.     fi
    455. 

  455. done
    456. 

  456. 

  457. if ! $GIT clone . "$TEST_DIR"; then
    458. 

  458.     echo "fips-check: Couldn't duplicate current working directory."
    459. 

  459.     exit 1
    460. 

  460. fi
    461. 

  461. 

  462. pushd "$TEST_DIR" 1>/dev/null || exit 2
    463. 

  463. 

  464. if ! $GIT clone "$FIPS_REPO" fips; then
    465. 

  465.     echo "fips-check: Couldn't check out FIPS repository."
    466. 

  466.     exit 1
    467. 

  467. fi
    468. 

  468. 

  469. pushd fips 1>/dev/null || exit 2
    470. 

  470. 

  471. echo "FIPS tag$( [[ ${#FIPS_TAGS_NEEDED[@]} != "1" ]] && echo -n 's'):"
    472. 

  472. for tag in "${!FIPS_TAGS_NEEDED[@]}"; do
    473. 

  473.     if $GIT describe "$tag" 2>/dev/null; then
    474. 

  474.         continue
    475. 

  475.     fi
    476. 

  476.     if ! $GIT fetch --depth 1 "$FIPS_REPO" tag "$tag"; then
    477. 

  477.         echo "Can't fetch FIPS tag: $tag"
    478. 

  478.         exit 1
    479. 

  479.     fi
    480. 

  480. done
    481. 

  481. 

  482. popd 1>/dev/null || exit 2
    483. 

  483. 

  484. checkout_files "${WOLFCRYPT_FILES[@]}" || exit 3
    485. 

  485. pushd fips 1>/dev/null || exit 2
    486. 

  486. copy_fips_files "${FIPS_FILES[@]}" || exit 3
    487. 

  487. popd 1>/dev/null || exit 2
    488. 

  488. 

  489. # When checking out cert 3389 ready code, NIST will no longer perform
    490. 

  490. # new certifications on 140-2 modules. If we were to use the latest files from
    491. 

  491. # master that would require re-cert due to changes in the module boundary.
    492. 

  492. # Since OE additions can still be processed for cert3389 we will call 140-2
    493. 

  493. # ready "fipsv2-OE-ready" indicating it is ready to use for an OE addition but
    494. 

  494. # would not be good for a new certification effort with the latest files.
    495. 

  495. if [ "$FLAVOR" = 'fipsv2-OE-ready' ] && [ -s wolfcrypt/src/fips.c ]; then
    496. 

  496.     cp wolfcrypt/src/fips.c wolfcrypt/src/fips.c.bak
    497. 

  497.     sed "s/v4.0.0-alpha/fipsv2-OE-ready/" wolfcrypt/src/fips.c.bak >wolfcrypt/src/fips.c
    498. 

  498. fi
    499. 

  499. 

  500. # run the make test
    501. 

  501. if [ "$DOAUTOGEN" = "yes" ]; then
    502. 

  502.     ./autogen.sh
    503. 

  503. fi
    504. 

  504. 

  505. if [ "$DOCONFIGURE" = "yes" ]; then
    506. 

  506.     case "$FIPS_OPTION" in
    507. 

  507.     cavp-selftest)
    508. 

  508.         ./configure --enable-selftest
    509. 

  509.         ;;
    510. 

  510.     cavp-selftest-v2)
    511. 

  511.         ./configure --enable-selftest=v2
    512. 

  512.         ;;
    513. 

  513.     *)
    514. 

  514.         ./configure --enable-fips=$FIPS_OPTION
    515. 

  515.         ;;
    516. 

  516.     esac
    517. 

  517. 

  518.     if ! $MAKE; then
    519. 

  519.         echo 'fips-check: Make failed. Debris left for analysis.'
    520. 

  520.         exit 3
    521. 

  521.     fi
    522. 

  522. 

  523.     if [ -s wolfcrypt/src/fips_test.c ]; then
    524. 

  524.         NEWHASH=$(./wolfcrypt/test/testwolfcrypt | sed -n 's/hash = \(.*\)/\1/p')
    525. 

  525.         if [ -n "$NEWHASH" ]; then
    526. 

  526.             cp wolfcrypt/src/fips_test.c wolfcrypt/src/fips_test.c.bak
    527. 

  527.             sed "s/^\".*\";/\"${NEWHASH}\";/" wolfcrypt/src/fips_test.c.bak >wolfcrypt/src/fips_test.c
    528. 

  528.             make clean
    529. 

  529.         fi
    530. 

  530.     fi
    531. 

  531. 

  532.     if [ "$MAKECHECK" = "yes" ]; then
    533. 

  533.         if ! $MAKE check; then
    534. 

  534.             echo 'fips-check: Test failed. Debris left for analysis.'
    535. 

  535.             exit 3
    536. 

  536.         fi
    537. 

  537.     fi
    538. 

  538. fi
    539. 

  539. 

  540. # Clean up
    541. 

  541. popd 1>/dev/null || exit 2
    542. 

  542. if [ "$KEEP" = 'no' ]; then
    543. 

  543.     rm -rf "$TEST_DIR"
    544. 

  544. fi
    545.