📄 optest.c
字号:
if(testCount == 0)
{
#if PGP_SYMBIAN
sSDKintFlags = (kPGPFlags_ForceLocalExecution | kPGPFlags_SuppressCacheThread);
#endif
sLoadTestSet(sDefaultTests);
}
/* Setup default output dir */
if(!gOutputDirectory)
{
gOutputDirectory = malloc(strlen(kDefaultTestDirectory)+1);
strcpy(gOutputDirectory, kDefaultTestDirectory);
}
temp = strlen(gOutputDirectory);
if( gOutputDirectory[temp-1] == '/') gOutputDirectory[temp-1] = 0;
if(makeDirectory(gOutputDirectory) )
{
OPTESTPrintF("Failed to create test directory %s\n",gOutputDirectory);
exit(1);
}
if(!gTestKeysPath)
if( makeTestPath( kDefaultTestKeyFile, &gTestKeysPath))
{
OPTESTPrintF("Failed to find keys test file %s\n",kDefaultTestKeyFile);
exit(1);
}
if(!gTestVectorsDirectory)
if( makeTestPath( kDefaultTestVectors, &gTestVectorsDirectory))
{
OPTESTPrintF("Failed to find test vector directory %s\n",kDefaultTestVectors);
exit(1);
}
}
/*---------------------------------------------------------------------------------------
print a list of supported algorithms
---------------------------------------------------------------------------------------*/
static PGPError sListSdkFeatures(void)
{
PGPError err = kPGPError_NoErr;
PGPFlags flags;
PGPUInt32 numAlgs, i, cnt;
PGPSymmetricCipherInfo cipherInfo;
PGPPublicKeyAlgorithmInfo algorInfo;
PGPBoolean fipsMode;
/* check for FIPS mode */
err = PGPGetFeatureFlags(kPGPFeatures_GeneralSelector, &flags); CKERR;
fipsMode = PGPFeatureExists(flags, kPGPFeatureMask_FIPSmode);
OPTESTPrintF("\tSymmetric Ciphers %s\n", (fipsMode?"(FIPS Mode)":""));
OPTESTPrintF("\t-------------------------------");
err = PGPCountSymmetricCiphers (&numAlgs); CKERR;
for (cnt = 0, i = 0; i < numAlgs; i ++)
{
err = PGPGetIndexedSymmetricCipherInfo (i, &cipherInfo); CKERR;
/* if we are in FIPS mode, we ignore non FIPS ciphers */
if( fipsMode && ((cipherInfo.info.flags & kPGPAlgorithmInfoFlags_FIPS) == 0)) continue;
if((cnt++ & 0x3) == 0) OPTESTPrintF("\n\t");
OPTESTPrintF("%-10s", cipherInfo.info.longName);
}
OPTESTPrintF("\n\n\tPublic Key Algorithms %s\n", (fipsMode?"(FIPS Mode)":""));
OPTESTPrintF("\t-------------------------------\n");
err = PGPCountPublicKeyAlgorithms (&numAlgs); CKERR;
for (i = 0; i < numAlgs; i ++)
{
err = PGPGetIndexedPublicKeyAlgorithmInfo (i, &algorInfo); CKERR;
/* if we are in FIPS mode, we ignore non FIPS Algorithms */
if(fipsMode && ((algorInfo.info.flags & kPGPAlgorithmInfoFlags_FIPS) == 0)) continue;
OPTESTPrintF("\t%-10s | %c | %c | %c | %c\n",
algorInfo.info.shortName,
algorInfo.canEncrypt?'E':' ',
algorInfo.canDecrypt?'D':' ',
algorInfo.canSign?'S':' ',
algorInfo.canVerify?'V':' ');
}
OPTESTPrintF("\n");
done:
return err;
}
/*---------------------------------------------------------------------------------------
TE03.14.02 - Run self tests
---------------------------------------------------------------------------------------*/
static PGPError sRunSelfTests( )
{
PGPError err = kPGPError_NoErr;
OPTESTPrintF("\tRun All SDK Self Tests ... ");
err = PGPRunAllSDKSelfTests(); CKERR;
OPTESTPrintF("\n");
OPTESTPrintF("\tTest 3DES\n");
err = PGPRunSDKSelfTest(kPGPsdkSelfTest_3DES); CKERR;
OPTESTPrintF("\tTest AES\n");
err = PGPRunSDKSelfTest(kPGPsdkSelfTest_AES); CKERR;
OPTESTPrintF("\tTest SHA\n ");
err = PGPRunSDKSelfTest(kPGPsdkSelfTest_SHA); CKERR;
OPTESTPrintF("\tTest HMAC\n ");
err = PGPRunSDKSelfTest(kPGPsdkSelfTest_HMAC); CKERR;
OPTESTPrintF("\tTest DSA/DH\n");
err = PGPRunSDKSelfTest(kPGPsdkSelfTest_DSA); CKERR;
OPTESTPrintF("\tTest RSA\n");
err = PGPRunSDKSelfTest(kPGPsdkSelfTest_RSA); CKERR;
OPTESTPrintF("\tTest PRNG\n");
err = PGPRunSDKSelfTest(kPGPsdkSelfTest_PRNG); CKERR;
OPTESTPrintF("\tTest SDK Integrity\n");
err = PGPRunSDKSelfTest(kPGPsdkSelfTest_Integrity); CKERR;
OPTESTPrintF("\n");
done:
return err;
};
/*---------------------------------------------------------------------------------------
Check for FIPS mode self test fail/reset
---------------------------------------------------------------------------------------*/
static PGPError sRunFailResetTest( )
{
PGPError err = kPGPError_NoErr;
char str[256];
/* cause error by running unsupported self test */
OPTESTPrintF("Cause cryptographic module to enter error state\n");
fflush(stdout);
err = PGPRunSDKSelfTest(kPGPsdkSelfTest_LastTest + 1);
if( IsPGPError( err ) )
{
/* Get and display the status output*/
OPTESTPrintF("\tExplicit check for Module Error State...\n ");
err = PGPGetSDKErrorState();\
PGPGetErrorString( err, 256, str);
OPTESTPrintF("\tModule State: Error %d - %s\n",err,str);
/* try a crypto operation without reset*/
OPTESTPrintF("\tAttempting crypto operation without reset\n");
err = PGPRunSDKSelfTest(kPGPsdkSelfTest_3DES);
if( IsPGPError( err ) )
{
PGPGetErrorString( err, 256, str);
OPTESTPrintF("\tModule State: Error %d - %s\n",err,str);
}
/* do reset */
OPTESTPrintF("\tReset Module Error State\n");
err = PGPResetSDKErrorState(); CKERR;
/* try again */
OPTESTPrintF("\tRe-Attempting crypto operation...");
err = PGPRunSDKSelfTest(kPGPsdkSelfTest_3DES);
if(IsPGPError( err ))
{
PGPGetErrorString( err, 256, str);
OPTESTPrintF("Error %d - %s\n",err,str);
}
else
OPTESTPrintF("OK\n");
}
else
{
OPTESTPrintF("FAILURE: Error did not occur.\n");
goto done;
}
OPTESTPrintF("\n");
done:
return err;
};
/*---------------------------------------------------------------------------------------
Operational test Main
---------------------------------------------------------------------------------------*/
int main (int argc, char **argv)
{
PGPError err = kPGPError_NoErr;
PGPContextRef context = kInvalidPGPContextRef;
PGPUInt32 poolSize, poolEntropy, minEntropy;
PGPFlags flags;
char str[256], osName[256], hwName[256];
time_t now;
int j;
/* process Test options */
sSetupTestOptions(argc, argv);
OPTESTPrintF("PGP SDK FIPS 140-2 Operational Test\n\n");
#if PGP_OSX
/* test for availibility of SDK */
if(PGPsdkInit == NULL)
{
OPTESTPrintF("PGPsdk not installed!\n");
return(0);
}
#elif PGP_SYMBIAN
chdir("system/PGP");
#endif
OPTESTPrintF("%s Initialize SDK: (flags = %0x)\n%s",BORDER_TEXT,sSDKintFlags,BORDER_TEXT);
/* TE03.14.02 - Initialize SDK */
err = PGPsdkInit( sSDKintFlags ); CKERR;
/* check version info */
PGPGetPGPsdkVersionString(str);
err = PGPGetFeatureFlags(kPGPFeatures_ImplementationSelector, &flags); CKERR;
OPTESTPrintF("\t%14s: %s %s\n","Version",str,
PGPFeatureExists(flags, kPGPFeatureMask_IsDebugBuild)?"(Debug)":"" );
/* print info about platform */
getPlatformInfo(osName, hwName);
OPTESTPrintF("\t%14s: %s\n","OS Version", osName[0]?osName:"Unknown");
OPTESTPrintF("\t%14s: %s\n","Hardware", hwName[0]?hwName:"Unknown");
/* log start time */
now = PGPGetStdTimeFromPGPTime(PGPGetTime());
OPTESTPrintF("\t%14s: %s", "Time", ctime(&now));
/* TE03.14.02 - Module Status */
err = PGPGetFeatureFlags(kPGPFeatures_GeneralSelector, &flags); CKERR;
OPTESTPrintF("\t%14s: %s\n","FIPS Mode",
PGPFeatureExists(flags, kPGPFeatureMask_FIPSmode)?"Enabled":"Disabled");
OPTESTPrintF("\n");
/* check on Random Number entopy */
poolSize = PGPGlobalRandomPoolGetSize();
poolEntropy = PGPGlobalRandomPoolGetEntropy();
minEntropy = PGPGlobalRandomPoolGetMinimumEntropy();
OPTESTPrintF("\t%14s: %d bits\n","RNG Pool", poolSize);
OPTESTPrintF("\t%14s: %d bits (%s min entropy)\n","Entropy Avail", poolEntropy,
(PGPGlobalRandomPoolHasMinimumEntropy()?"has":"has not"));
OPTESTPrintF("\t%14s: %d bits\n","Entropy Req", minEntropy);
OPTESTPrintF("\t%14s: %s\n","Intel RNG HW", PGPGlobalRandomPoolHasIntelRNG()?"Available":"Not available");
poolEntropy = PGPGlobalRandomPoolMouseMoved();
poolEntropy = PGPGlobalRandomPoolAddKeystroke(0);
OPTESTPrintF("\n");
/* display information about this sdk configuration */
err = sListSdkFeatures(); CKERR;
/* TE03.14.02 - Create Context */
err = PGPNewContext( kPGPsdkAPIVersion, &context ); CKERR;
/* make sure we have enough entropy */
err = ConsoleAcquireEntropy(context, PGPGlobalRandomPoolGetMinimumEntropy()/8, NULL, FALSE); CKERR;
/* Run selected tests */
for( j = 0; j < OptestTableEntries; j ++)
if (sOpTestTable[j].enable )
{
if(sOpTestTable[j].longName)
OPTESTPrintF("%s Testing %s\n%s",BORDER_TEXT, sOpTestTable[j].longName, BORDER_TEXT);
switch(sOpTestTable[j].testID)
{
/* TE03.14.02 - Enable FIPS Mode */
case kTest_FipsMode:
err = PGPEnableFIPSMode();
if(IsntPGPError(err))
{
/* check for FIPS mode */
PGPGetFeatureFlags(kPGPFeatures_GeneralSelector, &flags);
OPTESTPrintF("\tFIPS Mode %s\n\n",
PGPFeatureExists(flags, kPGPFeatureMask_FIPSmode)?"Enabled":"Disabled");
/* Redisplay information about this sdk configuration */
sListSdkFeatures();
}
break;
/* Check for FIPS mode self test fail/reset */
case kTest_FailReset:
err = sRunFailResetTest();
break;
/* TE03.14.02 - Run self tests */
case kTest_SelfTests:
err = sRunSelfTests();
break;
/* Run RNG test */
case kTest_RNG:
err = TestRNG(context);
break;
/* Run SHA test */
case kTest_SHA:
err = TestSHA(context);
break;
/* Run HMAC test */
case kTest_Hmac:
err = TestHMAC(context);
break;
/* Run Low Level Encryption test */
case kTest_Ciphers:
err = TestCiphers(context);
break;
/* Run RSA - DSA/DH test */
case kTest_KeyCert:
err = TestKeys(context);
break;
/* Run Key Generation test */
case kTest_KeyGen:
err = TestKeyGen(context);
break;
/* Run High Level Encode/Decode test */
case kTest_Encode:
err = TestEncodeDecode(context);
break;
/* Run Expired Keys test */
case kTest_Expire:
err = TestExpiredKey(context);
break;
/* Run Key Usage test */
case kTest_KeyUsage:
err = TestKeyUsage(context);
break;
/* Run PGPzip test */
case kTest_Tar:
err = TestTarEncode(context);
break;
/* Run Key Management test */
case kTest_KeyMgmt:
err = TestKeyMgmt(context);
break;
/* Run Secret Sharing test */
case kTest_Share:
err = TestSecretSharing(context);
break;
/* Run X9.31 test */
case kTest_X931:
err = TestX9_31(context);
break;
/* RUN Tokens / Smartcards test */
case kTest_Tokens:
err = TestTokens(context, sTokenTestFlags);
break;
#if !PGP_SYMBIAN
/* Run Keyserver test */
case kTest_Keyserver:
err = PGPsdkNetworkLibInit(sSDKintFlags); CKERR;
err = PGPKeyServerInit(); CKERR;
err = TestKeyServer(context);
PGPKeyServerCleanup();
PGPsdkNetworkLibCleanup();
break;
#endif
/* Run X.509 Functionality test */
case kTest_X509:
err = TestX509(context);
break;
/* Run Key Reconstruction test */
case kTest_Recon:
err = TestRecon(context);
break;
default:;
}
CKERR;
}
done:
if( IsPGPError( err ) )
{
/* FYI: Failing FIPS selftest causes language change to fail also */
if(err == kPGPError_SelfTestFailed)
{
PGPGetErrorString( err, sizeof(str), str);
OPTESTPrintF("\nError %6d - %s\n",err,str);
}
else
{
if(IsntPGPError(PGPsdkSetLanguage(NULL, kPGPLanguage_Default)))
{
PGPGetErrorString( err, sizeof(str), str);
OPTESTPrintF("\nError %6d - %s\n",err,str);
}
if(IsntPGPError(PGPsdkSetLanguage(NULL, kPGPLanguage_Japanese)))
{
PGPGetErrorString( err, sizeof(str), str);
OPTESTPrintF(" - %s\n",str);
}
if(IsntPGPError(PGPsdkSetLanguage(NULL, kPGPLanguage_German)))
{
PGPGetErrorString( err, sizeof(str), str);
OPTESTPrintF(" - %s\n",str);
}
}
OPTESTPrintF("FIPS Self-Test operations Failed\n ");
}
else
{
OPTESTPrintF("%s",BORDER_TEXT);
OPTESTPrintF("\n");
OPTESTPrintF("FIPS Self-Test operations Successful\n ");
}
/* TE03.14.02 - Free Context */
if( PGPContextRefIsValid( context ) )
PGPFreeContext(context);
if(gOutputDirectory)
free(gOutputDirectory);
if(gTestKeysPath)
free(gTestKeysPath);
if(gTestVectorsDirectory)
free(gTestVectorsDirectory);
if(gP11Module)
free(gP11Module);
if(gTokenSOPIN)
free(gTokenSOPIN);
if(gTokenUserPIN)
free(gTokenUserPIN);
/* TE03.14.02 - Cleanup SDK */
PGPsdkCleanup();
return (IsPGPError( err )? EXIT_FAILURE:EXIT_SUCCESS);
}
#if PGP_MOBILE
DWORD WINAPI
TestMain (LPVOID lpvoid)
{
char *dummy[4];
return main(0,dummy);
}
#endif
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -