diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2020-01-15 10:48:01 +1000 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2020-01-15 10:48:01 +1000 |
| commit | 36fc5fc6bd5ca53fb30aabc38e3fefbab0005b2c (patch) | |
| tree | 16e416a148ab7e40d416977ab971e315f7b034f1 /test | |
| parent | 76123661a1db136b9ef368dc296a628818e7a4cc (diff) | |
Add FIPS Self test kats for digests
Added an API to optionally set a self test callback.
The callback has the following 2 purposes
(1) Output information about the KAT tests.
(2) Allow the ability to corrupt one of the KAT's
The fipsinstall program uses the API.
Some KATS are not included in this PR since the required functionality did not yet exist in the provider.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10374)
Diffstat (limited to 'test')
| -rw-r--r-- | test/recipes/03-test_fipsinstall.t | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t index 40a962253d..e77e09d550 100644 --- a/test/recipes/03-test_fipsinstall.t +++ b/test/recipes/03-test_fipsinstall.t @@ -24,7 +24,7 @@ use platform; plan skip_all => "Test only supported in a fips build" if disabled("fips"); -plan tests => 6; +plan tests => 9; my $infile = bldtop_file('providers', platform->dso('fips')); $ENV{OPENSSL_MODULES} = bldtop_dir("providers"); @@ -71,3 +71,24 @@ ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.conf', '-module', $infile, '-macopt', 'digest:SHA512', '-macopt', 'hexkey:00', '-section_name', 'fips_install', '-verify'])), "fipsinstall verify fail incorrect digest"); + +# corrupt the module hmac +ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', + '-section_name', 'fips_install', '-corrupt_desc', 'HMAC'])), + "fipsinstall fails when the module integrity is corrupted"); + +# corrupt the first digest +ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', + '-section_name', 'fips_install', '-corrupt_desc', 'SHA1'])), + "fipsinstall fails when the digest result is corrupted"); + +# corrupt another digest +ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', + '-section_name', 'fips_install', '-corrupt_desc', 'SHA3'])), + "fipsinstall fails when the digest result is corrupted"); |