1# Copyright (c) 2018, Google Inc. 2# 3# Permission to use, copy, modify, and/or distribute this software for any 4# purpose with or without fee is hereby granted, provided that the above 5# copyright notice and this permission notice appear in all copies. 6# 7# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12# OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13# CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 15# This script exists to exercise breaking each of the FIPS tests. It builds 16# BoringSSL differently for each test and that can take a long time. Thus it's 17# run twice: once, from a BoringSSL source tree, with "build" as the sole 18# argument to run the builds, and then (from the same location) with no 19# arguments to run each script. 20# 21# Run it with /bin/bash, not /bin/sh, otherwise "read" may fail. 22 23set -x 24 25TESTS="NONE ECDSA_PWCT CRNG RSA_PWCT AES_CBC AES_GCM DES SHA_1 SHA_256 SHA_512 RSA_SIG DRBG ECDSA_SIG Z_COMPUTATION TLS_KDF FFC_DH" 26 27if [ "x$1" = "xbuild" ]; then 28 for test in $TESTS; do 29 rm -Rf build-$test 30 mkdir build-$test 31 pushd build-$test 32 cmake -GNinja -DCMAKE_TOOLCHAIN_FILE=${HOME}/toolchain -DFIPS=1 -DFIPS_BREAK_TEST=${test} -DCMAKE_BUILD_TYPE=Release .. 33 ninja test_fips 34 popd 35 done 36 37 exit 0 38fi 39 40for test in $TESTS; do 41 pushd build-$test 42 printf "\n\n\\x1b[1m$test\\x1b[0m\n" 43 ./util/fipstools/cavp/test_fips 44 echo "Waiting for keypress..." 45 read 46 popd 47done 48 49pushd build-NONE 50printf "\\x1b[1mIntegrity\\x1b[0m\n" 51go run ../util/fipstools/break-hash.go ./util/fipstools/cavp/test_fips ./util/fipstools/cavp/test_fips_broken 52./util/fipstools/cavp/test_fips_broken 53popd 54