wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 20:24:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

fips-check.sh: remap fips-ready target to be ready flavor of 140-3, temporarily with FIPS_VERSION="master"; add fips-v3-ready target with FIPS_VERSION="v4.1.1"; add linuxv5|linuxv5-RC9 target to be updated after merge with tags.

Browse Source
This commit is contained in:
Daniel Pouzzner
2021-10-26 20:23:05 -05:00
parent d527b25034
commit d105256330
1 changed files with 39 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
fips-check.sh
View File

@@ -220,28 +220,25 @@ netos-7.6)
CRYPT_VERSION=$NETOS_7_6_CRYPT_VERSION CRYPT_VERSION=$NETOS_7_6_CRYPT_VERSION
CRYPT_REPO=$NETOS_7_6_CRYPT_REPO CRYPT_REPO=$NETOS_7_6_CRYPT_REPO
;; ;;
fips-ready) fips-v3-ready)
FIPS_REPO="git@github.com:wolfssl/fips.git" FIPS_REPO="git@github.com:wolfssl/fips.git"
CRYPT_REPO="git@github.com:wolfssl/wolfssl.git" FIPS_VERSION="v4.1.1"
CRYPT_INC_PATH=wolfssl/wolfcrypt CRYPT_INC_PATH=wolfssl/wolfcrypt
CRYPT_SRC_PATH=wolfcrypt/src CRYPT_SRC_PATH=wolfcrypt/src
FIPS_SRCS+=( wolfcrypt_first.c wolfcrypt_last.c ) FIPS_SRCS+=( wolfcrypt_first.c wolfcrypt_last.c )
FIPS_INCS=( fips.h ) FIPS_INCS=( fips.h )
FIPS_OPTION=ready FIPS_OPTION=v3-ready
;; ;;
fips-ready|fips-v5-ready|linuxv5-ready)
# note, "linuxv5" is temporarily an alias for "linuxv5-ready", while PR #4359 is in flight:
linuxv5-ready|linuxv5)
FIPS_REPO="git@github.com:wolfSSL/fips.git" FIPS_REPO="git@github.com:wolfSSL/fips.git"
FIPS_VERSION="douzzer-linuxkm-fips-140-3" FIPS_VERSION="master"
CRYPT_REPO="git@github.com:wolfssl/wolfssl.git"
CRYPT_INC_PATH=wolfssl/wolfcrypt CRYPT_INC_PATH=wolfssl/wolfcrypt
CRYPT_SRC_PATH=wolfcrypt/src CRYPT_SRC_PATH=wolfcrypt/src
FIPS_SRCS+=( wolfcrypt_first.c wolfcrypt_last.c ) FIPS_SRCS+=( wolfcrypt_first.c wolfcrypt_last.c )
FIPS_INCS=( fips.h ) FIPS_INCS=( fips.h )
FIPS_OPTION=v5-ready FIPS_OPTION=v5-ready
;; ;;
stm32l4-v2) stm32l4-v2)
FIPS_VERSION=$STM32L4_V2_FIPS_VERSION FIPS_VERSION=$STM32L4_V2_FIPS_VERSION
FIPS_REPO=$STM32L4_V2_FIPS_REPO FIPS_REPO=$STM32L4_V2_FIPS_REPO
@@ -296,6 +293,24 @@ linuxv5-RC8)
COPY_DIRECT=( wolfcrypt/src/aes_asm.S wolfcrypt/src/aes_asm.asm COPY_DIRECT=( wolfcrypt/src/aes_asm.S wolfcrypt/src/aes_asm.asm
wolfcrypt/src/sha256_asm.S wolfcrypt/src/sha512_asm.S ) wolfcrypt/src/sha256_asm.S wolfcrypt/src/sha512_asm.S )
;; ;;
# temporary values during transition
linuxv5|linuxv5-RC9)
FIPS_REPO="git@github.com:wolfSSL/fips.git"
FIPS_VERSION="master"
CRYPT_REPO="git@github.com:douzzer/wolfssl.git"
CRYPT_VERSION="fipsv3-rebased"
CRYPT_INC_PATH="wolfssl/wolfcrypt"
CRYPT_SRC_PATH="wolfcrypt/src"
WC_MODS=( aes sha sha256 sha512 rsa hmac random cmac dh ecc sha3 kdf )
RNG_VERSION="fipsv3-rebased"
FIPS_SRCS=( fips.c fips_test.c wolfcrypt_first.c wolfcrypt_last.c )
FIPS_INCS=( fips.h )
FIPS_OPTION="v5-RC9"
COPY_DIRECT=( wolfcrypt/src/aes_asm.S wolfcrypt/src/aes_asm.asm
wolfcrypt/src/sha256_asm.S wolfcrypt/src/sha512_asm.S )
;;
*) *)
Usage Usage
exit 1 exit 1
@@ -308,8 +323,9 @@ fi
pushd $TEST_DIR || exit 2 pushd $TEST_DIR || exit 2
if [ "x$FIPS_OPTION" == "xv1" ]; case "$FIPS_OPTION" in
then
v1)
# make a clone of the last FIPS release tag # make a clone of the last FIPS release tag
if ! $GIT clone --depth 1 -b $CRYPT_VERSION $CRYPT_REPO old-tree; then if ! $GIT clone --depth 1 -b $CRYPT_VERSION $CRYPT_REPO old-tree; then
echo "fips-check: Couldn't checkout the FIPS release." echo "fips-check: Couldn't checkout the FIPS release."
@@ -335,8 +351,10 @@ then
cp "old-tree/$CRYPT_SRC_PATH/random.c" $CRYPT_SRC_PATH cp "old-tree/$CRYPT_SRC_PATH/random.c" $CRYPT_SRC_PATH
cp "old-tree/$CRYPT_INC_PATH/random.h" $CRYPT_INC_PATH cp "old-tree/$CRYPT_INC_PATH/random.h" $CRYPT_INC_PATH
fi fi
elif [ "x$FIPS_OPTION" == "xv2" ] || [ "x$FIPS_OPTION" == "xrand" ] || [ "x$FIPS_OPTION" == "xv5-RC8" ] ;;
then
v2|rand|v5-RC8|v5-RC9)
$GIT branch --no-track "my$CRYPT_VERSION" $CRYPT_VERSION || exit $? $GIT branch --no-track "my$CRYPT_VERSION" $CRYPT_VERSION || exit $?
# Checkout the fips versions of the wolfCrypt files from the repo. # Checkout the fips versions of the wolfCrypt files from the repo.
for MOD in "${WC_MODS[@]}" for MOD in "${WC_MODS[@]}"
@@ -352,13 +370,17 @@ then
$GIT branch --no-track "myrng$RNG_VERSION" $RNG_VERSION || exit $? $GIT branch --no-track "myrng$RNG_VERSION" $RNG_VERSION || exit $?
# Checkout the fips versions of the wolfCrypt files from the repo. # Checkout the fips versions of the wolfCrypt files from the repo.
$GIT checkout "myrng$RNG_VERSION" -- "$CRYPT_SRC_PATH/random.c" "$CRYPT_INC_PATH/random.h" || exit $? $GIT checkout "myrng$RNG_VERSION" -- "$CRYPT_SRC_PATH/random.c" "$CRYPT_INC_PATH/random.h" || exit $?
elif [ "x$FIPS_OPTION" == "xready" ] || [ "x$FIPS_OPTION" == "xv5-ready" ] ;;
then
*ready*)
echo "Don't need to copy anything in particular for FIPS Ready." echo "Don't need to copy anything in particular for FIPS Ready."
else ;;
*)
echo "fips-check: Invalid FIPS option \"${FIPS_OPTION}\"." echo "fips-check: Invalid FIPS option \"${FIPS_OPTION}\"."
exit 1 exit 1
fi ;;
esac
# clone the FIPS repository # clone the FIPS repository
if [ "x$FIPS_OPTION" = "xready" ] if [ "x$FIPS_OPTION" = "xready" ]