From 6724a3d005ab55d884d72b3a020c4ceb890a3174 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Thu, 17 Aug 2023 13:39:29 -0700 Subject: [PATCH] FIPS Check Script with Explicit Versioning 1. Remove the demo OE. 2. Update all OEs with the new file lists. 3. Merge OEs with same files and tags, and add a check for the difference to optionally update that. For example, solaris is the same file list and tags as linuxv2, but uses gmake instead of make. --- fips-check.sh | 178 ++++++++++++++++++++++++++++++++------------------ 1 file changed, 114 insertions(+), 64 deletions(-) diff --git a/fips-check.sh b/fips-check.sh index 1f3f17853..7820e637c 100755 --- a/fips-check.sh +++ b/fips-check.sh @@ -45,44 +45,99 @@ while [ "$1" ]; do done case "$FLAVOR" in -#linuxv2|fipsv2-OE-ready) -# FIPS_OPTION='v2' -# FIPS_VERSION='WCv4-stable' -# CRYPT_VERSION='WCv4-stable' -# RNG_VERSION='WCv4-rng-stable' -# WC_MODS=('aes' 'aes_asm' 'cmac' 'des3' 'dh' 'ecc' 'hmac' 'random' 'rsa' 'sha' 'sha256' 'sha3' 'sha512') -# FIPS_SRCS=('fips.c' 'fips_test.c' 'wolfcrypt_first.c' 'wolfcrypt_last.c') -# FIPS_INCS=('fips.h') -# ;; -#netbsd-selftest) -# # non-FIPS, CAVP only but pull in selftest -# FIPS_OPTION='cavp-selftest' -# FIPS_VERSION='v3.14.2b' -# CRYPT_VERSION='v3.14.2' -# RNG_VERSION='v3.14.2' -# WC_MODS=('aes' 'dh' 'dsa' 'ecc' 'hmac' 'random' 'rsa' 'sha' 'sha256' 'sha512') -# FIPS_SRCS=('selftest.c') -# ;; -#marvell-linux-selftest) -# # non-FIPS, CAVP only but pull in selftest -# FIPS_OPTION='cavp-selftest-v2' -# FIPS_VERSION='v3.14.2b' -# CRYPT_VERSION='v4.1.0-stable' -# RNG_VERSION='v4.1.0-stable' -# WC_MODS=('aes' 'dh' 'dsa' 'ecc' 'hmac' 'random' 'rsa' 'sha' 'sha256' 'sha512') -# FIPS_SRCS=('selftest.c') -# ;; -#linuxv5) -# FIPS_OPTION='v5' -# FIPS_VERSION='WCv5.0-RC12' -# CRYPT_VERSION='WCv5.0-RC12' -# RNG_VERSION='WCv5.0-RC12' -# WC_MODS=('aes' 'aes_asm' 'cmac' 'dh' 'ecc' 'hmac' 'kdf' 'random' 'rsa' 'sha' 'sha256' 'sha256_asm' 'sha3' 'sha512' 'sha512_asm') -# FIPS_SRCS=('fips.c' 'fips_test.c' 'wolfcrypt_first.c' 'wolfcrypt_last.c') -# FIPS_INCS=('fips.h') -# COPY_DIRECT=('wolfcrypt/src/aes_gcm_asm.S') -# ;; -linuxv5a) +linuxv2|fipsv2-OE-ready|solaris) + FIPS_OPTION='v2' + FIPS_FILES=('WCv4-stable' + 'wolfcrypt/src/fips.c' + 'wolfcrypt/src/fips_test.c' + 'wolfcrypt/src/wolfcrypt_first.c' + 'wolfcrypt/src/wolfcrypt_last.c' + 'wolfssl/wolfcrypt/fips.h' + ) + WOLFCRYPT_FILES=( + 'wolfcrypt/src/aes.c:WCv4-stable' + 'wolfcrypt/src/aes_asm.S:WCv4-stable' + 'wolfcrypt/src/cmac.c:WCv4-stable' + 'wolfcrypt/src/des3.c:WCv4-stable' + 'wolfcrypt/src/dh.c:WCv4-stable' + 'wolfcrypt/src/ecc.c:WCv4-stable' + 'wolfcrypt/src/hmac.c:WCv4-stable' + 'wolfcrypt/src/random.c:WCv4-rng-stable' + 'wolfcrypt/src/rsa.c:WCv4-stable' + 'wolfcrypt/src/sha.c:WCv4-stable' + 'wolfcrypt/src/sha256.c:WCv4-stable' + 'wolfcrypt/src/sha3.c:WCv4-stable' + 'wolfcrypt/src/sha512.c:WCv4-stable' + 'wolfssl/wolfcrypt/aes.h:WCv4-stable' + 'wolfssl/wolfcrypt/cmac.h:WCv4-stable' + 'wolfssl/wolfcrypt/des3.h:WCv4-stable' + 'wolfssl/wolfcrypt/dh.h:WCv4-stable' + 'wolfssl/wolfcrypt/ecc.h:WCv4-stable' + 'wolfssl/wolfcrypt/hmac.h:WCv4-stable' + 'wolfssl/wolfcrypt/random.h:WCv4-rng-stable' + 'wolfssl/wolfcrypt/rsa.h:WCv4-stable' + 'wolfssl/wolfcrypt/sha.h:WCv4-stable' + 'wolfssl/wolfcrypt/sha256.h:WCv4-stable' + 'wolfssl/wolfcrypt/sha3.h:WCv4-stable' + 'wolfssl/wolfcrypt/sha512.h:WCv4-stable' + ) + if [ "$FLAVOR" = 'solaris' ]; then MAKE='gmake'; fi + ;; +netbsd-selftest) + # non-FIPS, CAVP only but pull in selftest + FIPS_OPTION='cavp-selftest' + FIPS_FILES=('v3.14.2b' 'wolfcrypt/src/selftest.c') + WOLFCRYPT_FILES=( + 'wolfcrypt/src/aes.c:v3.14.2' + 'wolfcrypt/src/dh.c:v3.14.2' + 'wolfcrypt/src/dsa.c:v3.14.2' + 'wolfcrypt/src/ecc.c:v3.14.2' + 'wolfcrypt/src/hmac.c:v3.14.2' + 'wolfcrypt/src/random.c:v3.14.2' + 'wolfcrypt/src/rsa.c:v3.14.2' + 'wolfcrypt/src/sha.c:v3.14.2' + 'wolfcrypt/src/sha256.c:v3.14.2' + 'wolfcrypt/src/sha512.c:v3.14.2' + 'wolfssl/wolfcrypt/aes.h:v3.14.2' + 'wolfssl/wolfcrypt/dh.h:v3.14.2' + 'wolfssl/wolfcrypt/dsa.h:v3.14.2' + 'wolfssl/wolfcrypt/ecc.h:v3.14.2' + 'wolfssl/wolfcrypt/hmac.h:v3.14.2' + 'wolfssl/wolfcrypt/random.h:v3.14.2' + 'wolfssl/wolfcrypt/rsa.h:v3.14.2' + 'wolfssl/wolfcrypt/sha.h:v3.14.2' + 'wolfssl/wolfcrypt/sha256.h:v3.14.2' + 'wolfssl/wolfcrypt/sha512.h:v3.14.2' + ) + ;; +marvell-linux-selftest) + # non-FIPS, CAVP only but pull in selftest + FIPS_OPTION='cavp-selftest-v2' + FIPS_FILES=('v3.14.2b' 'wolfcrypt/src/selftest.c') + WOLFCRYPT_FILES=( + 'wolfcrypt/src/aes.c:v4.1.0-stable' + 'wolfcrypt/src/dh.c:v4.1.0-stable' + 'wolfcrypt/src/dsa.c:v4.1.0-stable' + 'wolfcrypt/src/ecc.c:v4.1.0-stable' + 'wolfcrypt/src/hmac.c:v4.1.0-stable' + 'wolfcrypt/src/random.c:v4.1.0-stable' + 'wolfcrypt/src/rsa.c:v4.1.0-stable' + 'wolfcrypt/src/sha.c:v4.1.0-stable' + 'wolfcrypt/src/sha256.c:v4.1.0-stable' + 'wolfcrypt/src/sha512.c:v4.1.0-stable' + 'wolfssl/wolfcrypt/aes.h:v4.1.0-stable' + 'wolfssl/wolfcrypt/dh.h:v4.1.0-stable' + 'wolfssl/wolfcrypt/dsa.h:v4.1.0-stable' + 'wolfssl/wolfcrypt/ecc.h:v4.1.0-stable' + 'wolfssl/wolfcrypt/hmac.h:v4.1.0-stable' + 'wolfssl/wolfcrypt/random.h:v4.1.0-stable' + 'wolfssl/wolfcrypt/rsa.h:v4.1.0-stable' + 'wolfssl/wolfcrypt/sha.h:v4.1.0-stable' + 'wolfssl/wolfcrypt/sha256.h:v4.1.0-stable' + 'wolfssl/wolfcrypt/sha512.h:v4.1.0-stable' + ) + ;; +linuxv5) FIPS_OPTION='v5' FIPS_FILES=('WCv5.0-RC12' 'wolfcrypt/src/fips.c' @@ -122,7 +177,7 @@ linuxv5a) 'wolfssl/wolfcrypt/sha512.h:WCv5.0-RC12' ) ;; -fips-ready) +fips-ready|fips-dev) FIPS_OPTION='ready' FIPS_FILES=('master' 'wolfcrypt/src/fips.c' @@ -131,32 +186,27 @@ fips-ready) 'wolfcrypt/src/wolfcrypt_last.c' 'wolfssl/wolfcrypt/fips.h' ) + WOLFCRYPT_FILES=() + if [ "$FLAVOR" = 'fips-dev' ]; then FIPS_OPTION='dev'; fi + ;; +wolfrand) + FIPS_OPTION='rand' + FIPS_FILES=('WRv4-stable' + 'wolfcrypt/src/fips.c' + 'wolfcrypt/src/fips_test.c' + 'wolfcrypt/src/wolfcrypt_first.c' + 'wolfcrypt/src/wolfcrypt_last.c' + 'wolfssl/wolfcrypt/fips.h' + ) + WOLFCRYPT_FILES=( + 'wolfcrypt/src/hmac.c:WCv4-stable' + 'wolfcrypt/src/random.c:WCv4-rng-stable' + 'wolfcrypt/src/sha256.c:WCv4-stable' + 'wolfssl/wolfcrypt/hmac.h:WCv4-stable' + 'wolfssl/wolfcrypt/random.h:WCv4-rng-stable' + 'wolfssl/wolfcrypt/sha256.h:WCv4-stable' + ) ;; -#fips-dev) -# FIPS_OPTION='dev' -# FIPS_VERSION='master' -# FIPS_SRCS=('fips.c' 'fips_test.c' 'wolfcrypt_first.c' 'wolfcrypt_last.c') -# FIPS_INCS=('fips.h') -# ;; -#wolfrand) -# FIPS_OPTION='rand' -# FIPS_VERSION='WRv4-stable' -# CRYPT_VERSION='WCv4-stable' -# RNG_VERSION='WCv4-rng-stable' -# WC_MODS=('hmac' 'random' 'sha256') -# FIPS_SRCS=('fips.c' 'fips_test.c' 'wolfcrypt_first.c' 'wolfcrypt_last.c') -# FIPS_INCS=('fips.h') -# ;; -#solaris) -# FIPS_OPTION='v2' -# FIPS_VERSION='WCv4-stable' -# CRYPT_VERSION='WCv4-stable' -# RNG_VERSION='WCv4-rng-stable' -# WC_MODS=('aes' 'aes_asm' 'cmac' 'des3' 'dh' 'ecc' 'hmac' 'random' 'rsa' 'sha' 'sha256' 'sha3' 'sha512') -# FIPS_SRCS=('fips.c' 'fips_test.c' 'wolfcrypt_first.c' 'wolfcrypt_last.c') -# FIPS_INCS=('fips.h') -# MAKE='gmake' -# ;; *) Usage exit 1