diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2019-08-24 18:56:34 +1000 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2019-08-24 18:56:34 +1000 |
commit | 95214b434fe969e9508b6b9f38d0ea931d7e6415 (patch) | |
tree | 96a0684ba1c18233a9bf12f03a8177852c343523 /test/recipes | |
parent | e1f8584d47a499301fba781086af6885fcf21fec (diff) |
Add app for fips installation
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9634)
Diffstat (limited to 'test/recipes')
-rw-r--r-- | test/recipes/03-test_fipsinstall.t | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t new file mode 100644 index 0000000000..6f7c38a124 --- /dev/null +++ b/test/recipes/03-test_fipsinstall.t @@ -0,0 +1,73 @@ +#! /usr/bin/env perl +# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use warnings; + +use File::Spec; +use File::Copy; +use OpenSSL::Glob; +use OpenSSL::Test qw/:DEFAULT srctop_dir bldtop_dir bldtop_file/; +use OpenSSL::Test::Utils; + +BEGIN { + setup("test_fipsinstall"); +} +use lib srctop_dir('Configurations'); +use lib bldtop_dir('.'); +use platform; + +plan skip_all => "Test only supported in a fips build" if disabled("fips"); + +plan tests => 6; + +my $infile = bldtop_file('providers', platform->dso('fips')); +$ENV{OPENSSL_MODULES} = bldtop_dir("providers"); + +#fail if no module name +ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', + '-provider_name', 'fips', + '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', + '-section_name', 'fips_install'])), + "fipinstall fail"); + +# fail to Verify if the configuration file is missing +ok(!run(app(['openssl', 'fipsinstall', '-in', 'dummy.tmp', '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', + '-section_name', 'fips_install', '-verify'])), + "fipinstall verify fail"); + + +# output a fips.conf file containing mac data +ok(run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', + '-section_name', 'fips_install'])), + "fipinstall"); + +# Verify the fips.conf file +ok(run(app(['openssl', 'fipsinstall', '-in', 'fips.conf', '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', + '-section_name', 'fips_install', '-verify'])), + "fipinstall verify"); + +# Fail to Verify the fips.conf file if a different key is used +ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.conf', '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', 'hexkey:01', + '-section_name', 'fips_install', '-verify'])), + "fipinstall verify fail bad key"); + +# Fail to Verify the fips.conf file if a different mac digest is used +ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.conf', '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA512', '-macopt', 'hexkey:00', + '-section_name', 'fips_install', '-verify'])), + "fipinstall verify fail incorrect digest"); |