optest.h

IBE是一种非对称密码技术

/* Copyright 2003-2006, Voltage Security, all rights reserved.
 */
#include "vibecrypto.h"


#ifndef _OP_TEST_H
#define _OP_TEST_H

#ifdef __cplusplus
extern "C" {
#endif

/* Make sure that this #define does not conflict with any of the
 * VOLT_BUILD #define's in envnames.h.
 */
#define VOLT_BUILD_OPTEST  128

#ifdef WIN32
#define ASM_SIGTRAP  _asm { int 3 }
#define VOLT_OP_TEST_BREAKPT_FILE_NAME \
    "..\\..\\crypto\\fips\\optest\\breakpoints.txt"
#else
#define  ASM_SIGTRAP  __asm__ ("int3")
#define  VOLT_OP_TEST_BREAKPT_FILE_NAME  \
    "crypto/fips/optest/breakpoints.txt"
#endif

/* Set a global flag to indicate whether the code should break (debug
 * break point) when entering the given state.
 * <p>The state argument is a number, pass in a predefined value
 * (#define) listed below (e.g. VOLT_FIPS_STATE_POWER_UP_SELF or
 * VOLT_FIPS_STATE_SW_INTEGRITY).
 * <p>The breakFlag is either VOLT_BREAK_AT_BREAKPOINT or
 * VOLT_NO_BREAK_AT_BREAKPOINT. If set to break, the code (in debug
 * mode) will break when entering the given state.
 *
 * @param state The state for which the break status is intended.
 * @param breakFlag Indicates whether the code should break or not when
 * entering the state.
 * @return none
 */
void VoltSetStateBreakpoint (
   int state,
   int breakFlag
);

/* Returns the flag indicating whether the code should break when
 * entering the given state.
 * <p>The state argument is a number, pass in a predefined value
 * (#define) listed below (e.g. VOLT_FIPS_STATE_POWER_UP_SELF or
 * VOLT_FIPS_STATE_SW_INTEGRITY).
 * <p>The return value is either VOLT_BREAK_AT_BREAKPOINT or
 * VOLT_NO_BREAK_AT_BREAKPOINT. This function only indicates what the
 * code should do when entering the given state in debug mode, it does
 * not break.
 *
 * @param state The state for which the break status is queried.
 * @return an int, the value of the break flag for the given state.
 */
int VoltGetStateBreakpoint (
   int state
);

/* Set a flag to indicate, when entering a state, whether that state
 * should be reported.
 */
void VoltSetStateReport (
   int state,
   int reportFlag
);

/* Should the state report for the given state be reported or not?
 */
int VoltGetStateReport (
   int state
);

/* Report the FIPS state.
 * <p>For FIPS certification we need to describe a finite state model.
 * Then we have to show in the code that we do indeed move from state
 * to state appropriately.
 * <p>Call this function to report entering and exiting states. The
 * implementation of this function may print out the state to the
 * screen or a file or do something else. It can change depending on
 * the situation. But all the code that needs to report state will
 * simply call this routine.
 * <p>The flag indicates whether the code is entering or exiting the
 * state. Pass in one of the two flags.
 * <code>
 * <pre>
 *    VOLT_ENTERING_STATE
 *    VOLT_EXITING_STATE
 * </pre>
 * </code>
 * <p>The state argument is a number, pass in a predefined value
 * (#define) listed below (e.g. VOLT_FIPS_STATE_POWER_UP_SELF or
 * VOLT_FIPS_STATE_SW_INTEGRITY).
 *
 * @param flag Indicates whether entering or exiting state.
 * @param state The state to report.
 */
void VoltReportFipsState (
   unsigned int flag,
   unsigned int state
);

/* This prints a string. It's simply printf, but put it into a wrapper
 * so that the system calls are in one file.
 */
void VoltOptestPrintString (
   char *theString
   );

/* This prints out status and fipsError as ints and strings.
 */
void VoltOptestPrintResults (
   char *testName,
   int status,
   int fipsError
);

/* Create and set a random object.
 * <p>If a seed is given, the function will add this seed material. If
 * NULL, it will use a "default" seed.
 * <p>This is useful for tests that need a random object, but the
 * object itself is not part of the test.
 */
int VoBuildRandomObj (
   VtLibCtx libCtx,
   VtMpIntCtx mpCtx,
   VtRandomObject *randomObj,
   unsigned char *seed,
   unsigned int seedLen
   );

/* Create and set a param object with a DSA parameter set.
 * <p>Then, if the pub and pri key args are not NULL, generate a new
 * key pair.
 * <p>This is useful for tests that need an "arbitrary" DSA parameter
 * set and/or an "arbitrary" key pair.
 */
int VoBuildDSAObjects (
   VtLibCtx libCtx,
   VtMpIntCtx mpCtx,
   VtParameterObject *paramObj,
   VtKeyObject *pubKey,
   VtKeyObject *priKey
   );

/* Create and set an RSA key pair.
 * <p>This is useful for tests that need an "arbitrary" RSA key pair.
 */
int VoBuildRSAObjects (
   VtLibCtx libCtx,
   VtMpIntCtx mpCtx,
   unsigned int usageFlag,
   VtKeyObject *pubKey,
   VtKeyObject *priKey
   );

/* Create and set a param object with a DH parameter set.
 * <p>Then, if the pub and pri key args are not NULL, generate two new
 * key pairs.
 * <p>This is useful for tests that need an "arbitrary" DH parameter
 * set and/or an "arbitrary" key pair.
 */
int VoBuildDHObjects (
   VtLibCtx libCtx,
   VtMpIntCtx mpCtx,
   VtParameterObject *paramObj,
   VtKeyObject *pubKey1,
   VtKeyObject *priKey1,
   VtKeyObject *pubKey2,
   VtKeyObject *priKey2
   );

/* Create and set a param object with an IBE parameter set.
 * <p>Then, if the pub and pri key args are not NULL, generate a new
 * key pair.
 * <p>This is useful for tests that need an "arbitrary" IBE parameter
 * set and/or an "arbitrary" key pair.
 */
int VoBuildIBEObjects (
   VtLibCtx libCtx,
   VtMpIntCtx mpCtx,
   VtParameterObject *paramObj,
   VtKeyObject *pubKey1,
   VtKeyObject *priKey1
   );

/* These are #define's related to whether the code should break at
 * breakpoints or not, and print out state info or not.
 * BREAKPOINTS_IGNORE means don't break at any state breakpoint, no
 * matter what some call to VoltSetStateBreakpoint says.
 * BREAKPOINTS_SPECIFIED means break at state breakpoints if a call to
 * VoltSetStateBreakpoint specified a breakpoint there.
 * REPORT_NONE means do not report a state (print out to screen,
 * whatever), no matter what some call to VoltSetStateReport says.
 * REPORT_ALL means report all states, no matter what some call to
 * VoltSetStateReport says.
 * REPORT_SPECIFIED means to report only those states which were
 * specified to report by calls to VoltSetStateReport.
 */
#define VOLT_BREAKPOINTS_IGNORE_FLAG     0x10
#define VOLT_BREAKPOINTS_MASK            1
#define VOLT_BREAKPOINTS_IGNORE          0
#define VOLT_BREAKPOINTS_SPECIFIED       1
#define VOLT_REPORT_MASK                 6
#define VOLT_REPORT_NONE                 0
#define VOLT_REPORT_ALL                  2
#define VOLT_REPORT_SPECIFIED            4

#define VOLT_BREAK_AT_BREAKPOINT         1
#define VOLT_NO_BREAK_AT_BREAKPOINT      0

#define VOLT_REPORT                      2
#define VOLT_NO_REPORT                   0

/* These are the values to pass for the flag in VoltReportFipsState.
 */
#define VOLT_ENTERING_FIPS_STATE         1
#define VOLT_EXITING_FIPS_STATE          0

/* These are the values to pass for the state  in VoltReportFipsState.
 * If you add a state, increment the NUMBER_OF_FIPS_STATES and add the
 * new STATE to VOLT_FIPS_STATE_LIST. Also add the state to the
 * VoltReportFipsState function.
 */
#define VOLT_NUMBER_OF_FIPS_STATES         46

/* State 2.2.1: Module Unloaded
 */
#define VOLT_FIPS_STATE_MODULE_UNLOADED    0x221

/* State 2.2.2: Power-Up Self-Test
 */
#define VOLT_FIPS_STATE_POWER_UP_SELF      0x222

/* State 2.2.4: Command Processing
 */
#define VOLT_FIPS_STATE_CMD_PROCESSING     0x224

/* State 2.2.5: FIPS error.
 */
#define VOLT_FIPS_STATE_FIPS_ERROR         0x225

/* State 2.2.6: Limited Processing.
 */
#define VOLT_FIPS_STATE_LIMITED_PROCESS    0x226

/* State 3.2.1: Software Integrity Test (DSA Signature Verification)
 */
#define VOLT_FIPS_STATE_SW_INTEGRITY       0x321

/* State 3.2.2: DSA Sign/Verify KAT
 */
#define VOLT_FIPS_STATE_DSA_SV_KAT         0x322

/* State 3.2.3: SHA-1 KAT
 */
#define VOLT_FIPS_STATE_SHA1_KAT           0x323

/* State 3.2.4: AES-CBC 128 KAT
 */
#define VOLT_FIPS_STATE_AES_CBC_KAT        0x324

/* State 3.2.6: TripleDES-CBC KAT
 */
#define VOLT_FIPS_STATE_3DES_CBC_KAT       0x326

/* State 3.2.7: DRNG Generate X KAT
 */
#define VOLT_FIPS_STATE_DRNG_X_KAT         0x327

/* State 3.2.8: DRNG Generate K KAT
 */
#define VOLT_FIPS_STATE_DRNG_K_KAT         0x328

/* State 3.2.9: SHA-2 KAT (SHA-224, SHA-256, SHA-384, SHA-512)
 */
#define VOLT_FIPS_STATE_SHA2_KAT           0x329

/* State 3.2.10: RSA Sign/Verify KAT
 */
#define VOLT_FIPS_STATE_RSA_SV_KAT         0x3210

/* State 3.2.11: RSA Encrypt/Decrypt KAT
 */
#define VOLT_FIPS_STATE_RSA_ENC_KAT        0x3211

/* State 3.2.12: DH Key Agree KAT
 */
#define VOLT_FIPS_STATE_DH_AGREE_KAT       0x3212

/* State 3.2.13: IBE Encrypt/Decrypt KAT
 */
#define VOLT_FIPS_STATE_IBE_ENC_KAT        0x3213

/* State 3.2.14: HMAC KAT
 */
#define VOLT_FIPS_STATE_HMAC_KAT           0x3214

/* State 3.2.15: MD5 KAT
 */
#define VOLT_FIPS_STATE_MD5_KAT            0x3215

/* State 4.2.1: Create Algorithm Object
 */
#define VOLT_FIPS_STATE_CREATE_ALG_OBJ     0x421

/* State 4.2.2: Destroy Algorithm Object
 */
#define VOLT_FIPS_STATE_DESTROY_ALG_OBJ    0x422

/* State 4.2.3: Create Random Object
 */
#define VOLT_FIPS_STATE_CREATE_RAND_OBJ    0x423

/* State 4.2.4: Destroy Random Object
 */
#define VOLT_FIPS_STATE_DESTROY_RAND_OBJ   0x424

/* State 4.2.5: Create Key Object
 */
#define VOLT_FIPS_STATE_CREATE_KEY_OBJ     0x425

/* State 4.2.6: Set Key Object
 */
#define VOLT_FIPS_STATE_SET_KEY_OBJ        0x426

/* State 4.2.7: Destroy Key Object
 */
#define VOLT_FIPS_STATE_DESTROY_KEY_OBJ    0x427

/* State 4.2.8: Get Key Info
 */
#define VOLT_FIPS_STATE_GET_KEY_INFO       0x428

/* State 4.2.9: Create Parameter Object
 */
#define VOLT_FIPS_STATE_CREATE_PARAM_OBJ   0x429

/* State 4.2.10: Set Parameter Object
 */
#define VOLT_FIPS_STATE_SET_PARAM_OBJ      0x4210

/* State 4.2.11: Destroy Parameter Object
 */
#define VOLT_FIPS_STATE_DESTROY_PARAM_OBJ  0x4211

/* State 4.2.12: Get Parameter Info
 */
#define VOLT_FIPS_STATE_GET_PARAM_INFO     0x4212

/* State 4.2.13: Generate Parameters
 */
#define VOLT_FIPS_STATE_GENERATE_PARAMS    0x4213

/* State 4.2.14: Digest Data
 */
#define VOLT_FIPS_STATE_DIGEST_DATA        0x4214

/* State 4.2.15: Encrypt Data
 */
#define VOLT_FIPS_STATE_ENCRYPT_DATA       0x4215

/* State 4.2.16: Decrypt Data
 */
#define VOLT_FIPS_STATE_DECRYPT_DATA       0x4216

/* State 4.2.17: Seed Random
 */
#define VOLT_FIPS_STATE_SEED_RANDOM        0x4217

/* State 4.2.18: Generate Random Bytes
 */
#define VOLT_FIPS_STATE_GEN_RANDOM         0x4218

/* State 4.2.19: Sign
 */
#define VOLT_FIPS_STATE_SIGN               0x4219

/* State 4.2.20: Verify
 */
#define VOLT_FIPS_STATE_VERIFY             0x4220

/* State 4.2.21: Generate Key Pair
 */
#define VOLT_FIPS_STATE_GEN_KEY_PAIR       0x4221

/* State 4.2.22: Show Status
 */
#define VOLT_FIPS_STATE_SHOW_STATUS        0x4222

/* State 4.2.23: Module Self-Test
 */
#define VOLT_FIPS_STATE_MODULE_SELF_TEST   0x4223

/* State 4.2.24: Zeroize
 */
#define VOLT_FIPS_STATE_ZEROIZE            0x4224

/* State 4.2.25: MAC Data
 */
#define VOLT_FIPS_STATE_MAC_DATA           0x4225

/* State 4.2.26: Generate SharedSecret
 */
#define VOLT_FIPS_STATE_GEN_SHARED_SECRET  0x4226

/* State 4.2.27: Derive IBE Private Key
 */
#define VOLT_FIPS_STATE_DERIVE_IBE_PRI     0x4227

#define VOLT_FIPS_STATE_LIST \
    VOLT_FIPS_STATE_MODULE_UNLOADED, \
    VOLT_FIPS_STATE_POWER_UP_SELF, \
    VOLT_FIPS_STATE_CMD_PROCESSING, \
    VOLT_FIPS_STATE_FIPS_ERROR, \
    VOLT_FIPS_STATE_LIMITED_PROCESS, \
    VOLT_FIPS_STATE_SW_INTEGRITY, \
    VOLT_FIPS_STATE_DSA_SV_KAT, \
    VOLT_FIPS_STATE_SHA1_KAT, \
    VOLT_FIPS_STATE_AES_CBC_KAT, \
    VOLT_FIPS_STATE_3DES_CBC_KAT, \
    VOLT_FIPS_STATE_DRNG_X_KAT, \
    VOLT_FIPS_STATE_DRNG_K_KAT, \
    VOLT_FIPS_STATE_SHA2_KAT, \
    VOLT_FIPS_STATE_RSA_SV_KAT, \
    VOLT_FIPS_STATE_RSA_ENC_KAT, \
    VOLT_FIPS_STATE_DH_AGREE_KAT, \
    VOLT_FIPS_STATE_IBE_ENC_KAT, \
    VOLT_FIPS_STATE_MD5_KAT, \
    VOLT_FIPS_STATE_HMAC_KAT, \
    VOLT_FIPS_STATE_CREATE_ALG_OBJ, \
    VOLT_FIPS_STATE_DESTROY_ALG_OBJ, \
    VOLT_FIPS_STATE_CREATE_RAND_OBJ, \
    VOLT_FIPS_STATE_DESTROY_RAND_OBJ, \
    VOLT_FIPS_STATE_CREATE_KEY_OBJ, \
    VOLT_FIPS_STATE_SET_KEY_OBJ, \
    VOLT_FIPS_STATE_DESTROY_KEY_OBJ, \
    VOLT_FIPS_STATE_GET_KEY_INFO, \
    VOLT_FIPS_STATE_CREATE_PARAM_OBJ, \
    VOLT_FIPS_STATE_SET_PARAM_OBJ, \
    VOLT_FIPS_STATE_DESTROY_PARAM_OBJ, \
    VOLT_FIPS_STATE_GET_PARAM_INFO, \
    VOLT_FIPS_STATE_GENERATE_PARAMS, \
    VOLT_FIPS_STATE_DIGEST_DATA, \
    VOLT_FIPS_STATE_ENCRYPT_DATA, \
    VOLT_FIPS_STATE_DECRYPT_DATA, \
    VOLT_FIPS_STATE_SEED_RANDOM, \
    VOLT_FIPS_STATE_GEN_RANDOM, \
    VOLT_FIPS_STATE_SIGN, \
    VOLT_FIPS_STATE_VERIFY, \
    VOLT_FIPS_STATE_GEN_KEY_PAIR, \
    VOLT_FIPS_STATE_SHOW_STATUS, \
    VOLT_FIPS_STATE_MODULE_SELF_TEST, \
    VOLT_FIPS_STATE_ZEROIZE, \
    VOLT_FIPS_STATE_MAC_DATA, \
    VOLT_FIPS_STATE_GEN_SHARED_SECRET, \
    VOLT_FIPS_STATE_DERIVE_IBE_PRI

/* The following macro can expand to a call to VoltReportFipsState, or
 * it can expand to nothing. If the build is debug and FIPS_SHARED, make
 * the call to the Report function. Any other build, do nothing.
 */
#if   VOLT_BUILD == VOLT_BUILD_FIPS_SHARED      

#ifdef _DEBUG
#define VOLT_REPORT_FIPS_STATE_ENTER(_state) \
    if (VoltGetFipsError () != 0) \
      return (VT_ERROR_FIPS); \
    VoltReportFipsState (VOLT_ENTERING_FIPS_STATE, _state); \
    if (VoltGetStateBreakpoint (_state) == VOLT_BREAK_AT_BREAKPOINT) \
      ASM_SIGTRAP
#define VOLT_REPORT_FIPS_STATE_ENTER_SPECIAL(_state) \
    VoltReportFipsState (VOLT_ENTERING_FIPS_STATE, _state); \
    if (VoltGetStateBreakpoint (_state) == VOLT_BREAK_AT_BREAKPOINT) \
      ASM_SIGTRAP
#define VOLT_REPORT_FIPS_STATE_EXIT(_state) \
    VoltReportFipsState (VOLT_EXITING_FIPS_STATE, _state);

#else
#define VOLT_REPORT_FIPS_STATE_ENTER(_state) \
    if (VoltGetFipsError () != 0) \
      return (VT_ERROR_FIPS);
#define VOLT_REPORT_FIPS_STATE_ENTER_SPECIAL(_state)
#define VOLT_REPORT_FIPS_STATE_EXIT(_state)
#endif  /* _DEBUG */

#else
#define VOLT_REPORT_FIPS_STATE_ENTER(_state)
#define VOLT_REPORT_FIPS_STATE_ENTER_SPECIAL(_state)
#define VOLT_REPORT_FIPS_STATE_EXIT(_state)
#endif  /* VOLT_BUILD == VOLT_BUILD_FIPS_SHARED */

#ifdef __cplusplus
}
#endif

#endif /* _OP_TEST_H */