Compare commits
No commits in common. "c8-beta" and "c8s" have entirely different histories.
@ -1 +0,0 @@
|
||||
949b3b68b929471e0060196d8a9dda08d11e662e SOURCES/fipscheck-1.5.0.tar.bz2
|
7
.gitignore
vendored
7
.gitignore
vendored
@ -1 +1,6 @@
|
||||
SOURCES/fipscheck-1.5.0.tar.bz2
|
||||
fipscheck-1.2.0.tar.bz2
|
||||
/fipscheck-1.3.0.tar.bz2
|
||||
/fipscheck-1.3.1.tar.bz2
|
||||
/fipscheck-1.4.0.tar.bz2
|
||||
/fipscheck-1.4.1.tar.bz2
|
||||
/fipscheck-1.5.0.tar.bz2
|
||||
|
9
gating.yaml
Normal file
9
gating.yaml
Normal file
@ -0,0 +1,9 @@
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- rhel-8
|
||||
decision_context: osci_compose_gate
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
|
||||
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
|
||||
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.userspace-fips-mode.functional}
|
||||
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tedude.validation}
|
1
sources
Normal file
1
sources
Normal file
@ -0,0 +1 @@
|
||||
SHA512 (fipscheck-1.5.0.tar.bz2) = 31920d45f7f7fe7deacd964b3f847c0caf76ca53452803443353994042a8c2ef1c2f494a029adc87a87ab69150a9823637f6a2f9b5a363a82bd2dbc6829c35c9
|
61
tests/fipscheck/Makefile
Normal file
61
tests/fipscheck/Makefile
Normal file
@ -0,0 +1,61 @@
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
# Makefile of /CoreOS/fipscheck/Sanity/fipscheck
|
||||
# Description: Test fipscheck helper tool
|
||||
# Author: Ondrej Moris <omoris@redhat.com>
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
export TEST=/CoreOS/fipscheck/Sanity/fipscheck
|
||||
export TESTVERSION=1.0
|
||||
|
||||
BUILT_FILES=
|
||||
|
||||
FILES=$(METADATA) runtest.sh Makefile PURPOSE
|
||||
|
||||
.PHONY: all install download clean
|
||||
|
||||
run: $(FILES) build
|
||||
./runtest.sh
|
||||
|
||||
build: $(BUILT_FILES)
|
||||
test -x runtest.sh || chmod a+x runtest.sh
|
||||
|
||||
clean:
|
||||
rm -f *~ $(BUILT_FILES)
|
||||
|
||||
|
||||
include /usr/share/rhts/lib/rhts-make.include
|
||||
|
||||
$(METADATA): Makefile
|
||||
@echo "Owner: Ondrej Moris <omoris@redhat.com>" > $(METADATA)
|
||||
@echo "Name: $(TEST)" >> $(METADATA)
|
||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||
@echo "Description: Test fipscheck helper tool" >> $(METADATA)
|
||||
@echo "Type: Sanity" >> $(METADATA)
|
||||
@echo "TestTime: 15m" >> $(METADATA)
|
||||
@echo "RunFor: fipscheck" >> $(METADATA)
|
||||
@echo "Requires: fipscheck fipscheck-lib" >> $(METADATA)
|
||||
@echo "Priority: Normal" >> $(METADATA)
|
||||
@echo "License: GPLv2" >> $(METADATA)
|
||||
@echo "Confidential: no" >> $(METADATA)
|
||||
@echo "Destructive: no" >> $(METADATA)
|
||||
|
||||
rhts-lint $(METADATA)
|
5
tests/fipscheck/PURPOSE
Normal file
5
tests/fipscheck/PURPOSE
Normal file
@ -0,0 +1,5 @@
|
||||
PURPOSE of /CoreOS/fipscheck/Sanity/fipscheck
|
||||
Description: Test fipscheck helper tool
|
||||
Author: Ondrej Moris <omoris@redhat.com>
|
||||
|
||||
Test fipscheck functionality, supported parameters as well as all return codes.
|
138
tests/fipscheck/runtest.sh
Executable file
138
tests/fipscheck/runtest.sh
Executable file
@ -0,0 +1,138 @@
|
||||
#!/bin/bash
|
||||
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# runtest.sh of /CoreOS/fipscheck/Sanity/fipscheck
|
||||
# Description: Test fipscheck helper tool.
|
||||
# Author: Ondrej Moris <omoris@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2014 Red Hat, Inc. All rights reserved.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
# Include Beaker environment
|
||||
. /usr/bin/rhts-environment.sh || exit 1
|
||||
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||
|
||||
PACKAGE="fipscheck"
|
||||
|
||||
rlJournalStart
|
||||
|
||||
rlPhaseStartSetup
|
||||
|
||||
rlCheckRpm "fipscheck" || rlDie
|
||||
rlCheckRpm "fipscheck-lib" || rlDie
|
||||
|
||||
tmpdir=$(mktemp -d)
|
||||
|
||||
rlRun "chmod a+rwx $tmpdir" 0
|
||||
rlRun "pushd $tmpdir" 0
|
||||
|
||||
echo 'hmac' >hmac
|
||||
echo 'suffixhmac' >suffixhmac
|
||||
echo 'incorrecthmac' >incorrecthmac
|
||||
echo 'emptyhmac' >emptyhmac
|
||||
|
||||
rlRun "fipshmac hmac" 0
|
||||
rlRun "fipshmac -s .suffix suffixhmac" 0
|
||||
rlRun "fipshmac incorrecthmac && echo 'X' >.incorrecthmac.hmac" 0
|
||||
rlRun "fipshmac emptyhmac && echo '' >.emptyhmac.hmac" 0
|
||||
|
||||
fipscheck_hmac=$(rpm -ql fipscheck | egrep '\.hmac')
|
||||
fipscheck_libs_all=$(rpm -ql fipscheck-lib | grep so | grep -v hmac | tr '\n' ' ')
|
||||
fipscheck_libs_some_hmac=$(rpm -ql fipscheck-lib | egrep '\.hmac' | head -1)
|
||||
|
||||
rlRun "useradd testuser" 0
|
||||
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "Integrity"
|
||||
|
||||
rlCheckRpm "prelink" && rlRun "prelink -ua" 0
|
||||
rlRun "fipscheck /usr/bin/fipscheck $fipscheck_libs_all" 0
|
||||
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "HMAC verification"
|
||||
|
||||
# Verify HMAC.
|
||||
rlRun "fipscheck hmac" 0
|
||||
|
||||
# Verify HMAC with specific suffix.
|
||||
rlRun "fipscheck -s .suffix suffixhmac" 0
|
||||
|
||||
# Incorrect HMAC causes failure.
|
||||
rlRun "fipscheck incorrecthmac" 1
|
||||
|
||||
# Empty HMAC causes failure.
|
||||
rlRun "fipscheck emptyhmac" 1
|
||||
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "Return Codes"
|
||||
|
||||
# 0: Checksum OK.
|
||||
rlLog "0: Checksum OK"
|
||||
rlRun "fipscheck hmac" 0
|
||||
|
||||
# 1: Checksum mismatch.
|
||||
rlLog "1: Checksum mismatch"
|
||||
rlRun "fipscheck incorrecthmac" 1
|
||||
|
||||
# 2: Missing filename.
|
||||
rlLog "2: Missing filename"
|
||||
rlRun "fipscheck" 2
|
||||
|
||||
# 3: Cannot open the checksum file.
|
||||
rlLog "3: Cannot open the checksum file"
|
||||
rlRun "fipscheck runtest.sh" 3
|
||||
|
||||
# 4: Cannot read the file to be checksummed.
|
||||
rlLog "4: Cannot read the file to be checksummed"
|
||||
rlRun "chmod a-r hmac" 0
|
||||
rlRun "runuser -u testuser fipscheck hmac" 4
|
||||
rlRun "chmod a+r hmac" 0
|
||||
|
||||
# 5: Memory allocation error.
|
||||
# N/A
|
||||
|
||||
# 10 and higher: Failure during self-checking the libfipscheck.so shared library.
|
||||
rlLog "10 and higher: Failure during self-checking the libfipscheck.so shared library"
|
||||
rlRun "mv $fipscheck_libs_some_hmac ${fipscheck_libs_some_hmac}.backup" 0
|
||||
rlRun "fipscheck hmac" 10-19
|
||||
rlRun "mv ${fipscheck_libs_some_hmac}.backup $fipscheck_libs_some_hmac" 0
|
||||
|
||||
# 20 and higher: Failure during self-checking the fipscheck binary.
|
||||
rlRun "mv $fipscheck_hmac ${fipscheck_hmac}.backup" 0
|
||||
rlRun "fipscheck hmac" 20-255
|
||||
rlRun "mv ${fipscheck_hmac}.backup $fipscheck_hmac" 0
|
||||
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartCleanup
|
||||
|
||||
rlRun "popd" 0
|
||||
rlRun "rm -rf $tmpdir" 0
|
||||
rlRun "userdel testuser" 0
|
||||
|
||||
rlPhaseEnd
|
||||
|
||||
rlJournalPrintText
|
||||
|
||||
rlJournalEnd
|
61
tests/fipshmac/Makefile
Normal file
61
tests/fipshmac/Makefile
Normal file
@ -0,0 +1,61 @@
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
# Makefile of /CoreOS/fipscheck/Sanity/fipshmac
|
||||
# Description: Test fipshmac helper tool
|
||||
# Author: Ondrej Moris <omoris@redhat.com>
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
export TEST=/CoreOS/fipscheck/Sanity/fipshmac
|
||||
export TESTVERSION=1.0
|
||||
|
||||
BUILT_FILES=
|
||||
|
||||
FILES=$(METADATA) runtest.sh Makefile PURPOSE
|
||||
|
||||
.PHONY: all install download clean
|
||||
|
||||
run: $(FILES) build
|
||||
./runtest.sh
|
||||
|
||||
build: $(BUILT_FILES)
|
||||
test -x runtest.sh || chmod a+x runtest.sh
|
||||
|
||||
clean:
|
||||
rm -f *~ $(BUILT_FILES)
|
||||
|
||||
|
||||
include /usr/share/rhts/lib/rhts-make.include
|
||||
|
||||
$(METADATA): Makefile
|
||||
@echo "Owner: Ondrej Moris <omoris@redhat.com>" > $(METADATA)
|
||||
@echo "Name: $(TEST)" >> $(METADATA)
|
||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||
@echo "Description: Test fipshmac helper tool" >> $(METADATA)
|
||||
@echo "Type: Sanity" >> $(METADATA)
|
||||
@echo "TestTime: 15m" >> $(METADATA)
|
||||
@echo "RunFor: fipscheck" >> $(METADATA)
|
||||
@echo "Requires: fipscheck" >> $(METADATA)
|
||||
@echo "Priority: Normal" >> $(METADATA)
|
||||
@echo "License: GPLv2" >> $(METADATA)
|
||||
@echo "Confidential: no" >> $(METADATA)
|
||||
@echo "Destructive: no" >> $(METADATA)
|
||||
|
||||
rhts-lint $(METADATA)
|
5
tests/fipshmac/PURPOSE
Normal file
5
tests/fipshmac/PURPOSE
Normal file
@ -0,0 +1,5 @@
|
||||
PURPOSE of /CoreOS/fipscheck/Sanity/fipshmac
|
||||
Description: Test fipshmac helper tool
|
||||
Author: Ondrej Moris <omoris@redhat.com>
|
||||
|
||||
Test fipshmac functionality, supported parameters as well as all return codes.
|
129
tests/fipshmac/runtest.sh
Executable file
129
tests/fipshmac/runtest.sh
Executable file
@ -0,0 +1,129 @@
|
||||
#!/bin/bash
|
||||
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# runtest.sh of /CoreOS/fipscheck/Sanity/fipshmac
|
||||
# Description: Test fipshmac helper tool.
|
||||
# Author: Ondrej Moris <omoris@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2014 Red Hat, Inc. All rights reserved.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
# Include Beaker environment
|
||||
. /usr/bin/rhts-environment.sh || exit 1
|
||||
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||
|
||||
PACKAGE="fipscheck"
|
||||
|
||||
rlJournalStart
|
||||
|
||||
rlPhaseStartSetup
|
||||
|
||||
rlCheckRpm "fipscheck" || rlDie
|
||||
|
||||
testdir=$(mktemp -d)
|
||||
testpath=$(mktemp)
|
||||
testfile=$(basename $testpath)
|
||||
mountdir=$(mktemp -d)
|
||||
|
||||
rlRun "useradd testuser" 0
|
||||
rlRun "mount -t tmpfs -o size=512k tmpfs $mountdir" 0
|
||||
rlRun "dd if=/dev/urandom bs=512k count=1 of=${mountdir}/blob" 0
|
||||
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "HMAC generation"
|
||||
|
||||
# Create HMAC.
|
||||
rlRun "echo 'abc' > $testpath" 0
|
||||
rlRun "fipshmac $testpath" 0
|
||||
|
||||
# Create HMAC in specified directory.
|
||||
rlRun "fipshmac -d $testdir $testpath" 0
|
||||
|
||||
# Create HMAC with a specific suffix.
|
||||
rlRun "fipshmac -s .suffix $testpath" 0
|
||||
|
||||
# Check that HMAC files exist.
|
||||
rlAssertExists "/tmp/.${testfile}.hmac"
|
||||
rlAssertExists "/tmp/.${testfile}.suffix"
|
||||
rlAssertExists "$testdir/${testfile}.hmac"
|
||||
|
||||
# Verify HMAC.
|
||||
rlRun "fipscheck $testpath" 0
|
||||
|
||||
# Check that HMAC file is not empty.
|
||||
rlRun "test -s /tmp/.${testfile}.hmac" 0
|
||||
|
||||
# Check that HMAC file does not change when recomputed.
|
||||
old=$(cat /tmp/.${testfile}.hmac)
|
||||
rlRun "fipshmac $testpath" 0
|
||||
new=$(cat /tmp/.${testfile}.hmac)
|
||||
rlAssertEquals "Hashes should not differ" "$old" "$new"
|
||||
|
||||
# Check that HMAC file changes when recomputed and file changed.
|
||||
old=$(cat /tmp/.${testfile}.hmac)
|
||||
rlRun "echo 'efg' >> $testpath" 0
|
||||
rlRun "fipshmac $testpath" 0
|
||||
new=$(cat ./.test.hmac)
|
||||
rlAssertNotEquals "Hashes should differ" "$old" "$new"
|
||||
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "Return Codes"
|
||||
|
||||
# 0: OK.
|
||||
rlLog "0: OK"
|
||||
rlRun "fipshmac $testpath" 0
|
||||
|
||||
# 2: Missing filename.
|
||||
rlLog "2: Missing filename"
|
||||
rlRun "fipshmac" 2
|
||||
|
||||
# 3: Cannot open the checksum file for writing.
|
||||
rlLog "3: Cannot open the checksum file for writing"
|
||||
rlRun "chmod a-r $testpath" 0
|
||||
rlRun "runuser -u testuser fipshmac $testpath" 3
|
||||
rlRun "chmod a+r $testpath" 0
|
||||
|
||||
# 4: Cannot read the file to be checksummed.
|
||||
rlLog "4: Cannot read the file to be checksummed"
|
||||
rlRun "fipshmac missing" 4
|
||||
|
||||
# 5: Memory allocation error
|
||||
# N/A
|
||||
|
||||
# 6,7: Cannot write to the checksum file.
|
||||
rlLog "6,7: Cannot write to the checksum file"
|
||||
rlRun "fipshmac -d $mountdir $testpath" 6,7
|
||||
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartCleanup
|
||||
|
||||
rlRun "rm -rf $testpath .${testfile}.hmac $testdir" 0
|
||||
rlRun "userdel testuser" 0
|
||||
rlRun "umount $mountdir" 0
|
||||
|
||||
rlPhaseEnd
|
||||
|
||||
rlJournalPrintText
|
||||
|
||||
rlJournalEnd
|
3
tests/inventory
Executable file
3
tests/inventory
Executable file
@ -0,0 +1,3 @@
|
||||
#!/bin/bash
|
||||
export TEST_DOCKER_EXTRA_ARGS="--privileged"
|
||||
exec merge-standard-inventory "$@"
|
64
tests/library/Makefile
Normal file
64
tests/library/Makefile
Normal file
@ -0,0 +1,64 @@
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Makefile of /CoreOS/fipscheck/Sanity/library
|
||||
#
|
||||
# Description: Test fipscheck API
|
||||
#
|
||||
# Author: Ondrej Moris <omoris@redhat.com>
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2017 Red Hat, Inc. All rights reserved.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
export TEST=/CoreOS/fipscheck/Sanity/library
|
||||
export TESTVERSION=1.0
|
||||
|
||||
BUILT_FILES=
|
||||
|
||||
FILES=$(METADATA) runtest.sh Makefile PURPOSE test.c
|
||||
|
||||
.PHONY: all install download clean
|
||||
|
||||
run: $(FILES) build
|
||||
./runtest.sh
|
||||
|
||||
build: $(BUILT_FILES)
|
||||
test -x runtest.sh || chmod a+x runtest.sh
|
||||
|
||||
clean:
|
||||
rm -f *~ $(BUILT_FILES)
|
||||
|
||||
|
||||
include /usr/share/rhts/lib/rhts-make.include
|
||||
|
||||
$(METADATA): Makefile
|
||||
@echo "Owner: Ondrej Moris <omoris@redhat.com>" > $(METADATA)
|
||||
@echo "Name: $(TEST)" >> $(METADATA)
|
||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||
@echo "Description: Test fipscheck API" >> $(METADATA)
|
||||
@echo "Type: Sanity" >> $(METADATA)
|
||||
@echo "TestTime: 15m" >> $(METADATA)
|
||||
@echo "RunFor: fipscheck" >> $(METADATA)
|
||||
@echo "Requires: fipscheck fipscheck-devel fipscheck-lib libgcrypt libreswan" >> $(METADATA)
|
||||
@echo "Priority: Normal" >> $(METADATA)
|
||||
@echo "License: GPLv2" >> $(METADATA)
|
||||
@echo "Confidential: no" >> $(METADATA)
|
||||
@echo "Destructive: no" >> $(METADATA)
|
||||
|
||||
rhts-lint $(METADATA)
|
10
tests/library/PURPOSE
Normal file
10
tests/library/PURPOSE
Normal file
@ -0,0 +1,10 @@
|
||||
PURPOSE of /CoreOS/fipscheck/Sanity/library
|
||||
|
||||
Test fipscheck library API:
|
||||
|
||||
* FIPSCHECK_verify()
|
||||
* FIPSCHECK_verify_ex()
|
||||
* FIPSCHECK_verify_files()
|
||||
* FIPSCHECK_verify_files_ex()
|
||||
* FIPSCHECK_kernel_fips_mode()
|
||||
* FIPSCHECK_fips_module_installed()
|
416
tests/library/runtest.sh
Executable file
416
tests/library/runtest.sh
Executable file
@ -0,0 +1,416 @@
|
||||
#!/bin/bash
|
||||
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# runtest.sh of /CoreOS/fipscheck/Sanity/library
|
||||
# Description: Test fipscheck API
|
||||
# Author: Ondrej Moris <omoris@redhat.com>
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# Copyright (c) 2014 Red Hat, Inc. All rights reserved.
|
||||
#
|
||||
# This copyrighted material is made available to anyone wishing
|
||||
# to use, modify, copy, or redistribute it subject to the terms
|
||||
# and conditions of the GNU General Public License version 2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be
|
||||
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
# PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public
|
||||
# License along with this program; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
# Include Beaker environment
|
||||
. /usr/bin/rhts-environment.sh || exit 1
|
||||
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||
|
||||
#PACKAGE="fipscheck"
|
||||
rlJournalStart
|
||||
|
||||
rlPhaseStartSetup
|
||||
|
||||
rlCheckMakefileRequires || rlDie
|
||||
|
||||
# Make sure nothing is prelinked (as expected in FIPS).
|
||||
rlCheckRpm "prelink" && rlRun "prelink -ua" 0
|
||||
|
||||
rlIsRHEL 6 && debug="-DRHEL6"
|
||||
rlRun "gcc $debug test.c -o test -lfipscheck -ldl"
|
||||
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "FIPSCHECK_verify()"
|
||||
|
||||
rlLog "Function should return 1 if checksum is valid for a given"
|
||||
rlLog "library (or a current process), 0 otherwise."
|
||||
|
||||
# TC1
|
||||
fipshmac "test"
|
||||
rlRun "./test --verify" 1 \
|
||||
"TC1: process, correct checksum, should return 1"
|
||||
rm -f ".test.hmac"
|
||||
|
||||
# TC2
|
||||
echo 'abc' > ".test.hmac"
|
||||
rlRun "./test --verify" 0 \
|
||||
"TC2: process, incorrect checksum, should return 0"
|
||||
rm -f ".test.hmac"
|
||||
|
||||
# TC3
|
||||
rm -f ".test.hmac"
|
||||
rlRun "./test --verify" 0 \
|
||||
"TC3: process, missing checksum, should return 0"
|
||||
|
||||
# Setup for TC4 - TC8.
|
||||
hmac=$(rpm -ql libgcrypt | grep hmac | head -1)
|
||||
name=$(echo $hmac | sed 's|^.*/\.\(.\+\).hmac|\1|')
|
||||
path=$(echo $hmac | sed 's|^\(.\+\)/\..*$|\1/|')
|
||||
file=$(rpm -ql libgcrypt | egrep "/${name}\$")
|
||||
symb=$(objdump -T $file | grep .text | awk '{print $7}' | tail -1)
|
||||
echo "hmac=$hmac"
|
||||
echo "name=$name"
|
||||
echo "path=$path"
|
||||
echo "file=$file"
|
||||
echo "symb=$symb"
|
||||
|
||||
# TC4
|
||||
rlRun "LD_PRELOAD=$file ./test --verify=${file},${symb}" 1 \
|
||||
"TC4: library, correct checksum, should return 1"
|
||||
|
||||
# TC5
|
||||
temp=$(mktemp)
|
||||
mv $hmac $temp
|
||||
echo 'abc' >$hmac
|
||||
rlRun "LD_PRELOAD=$file ./test --verify=${file},${symb}" 0 \
|
||||
"TC5: library, incorrect checksum, should return 0"
|
||||
mv $temp $hmac
|
||||
|
||||
# TC6
|
||||
temp=$(mktemp)
|
||||
mv $hmac $temp
|
||||
rlRun "LD_PRELOAD=$file ./test --verify=${file},${symb}" 0 \
|
||||
"TC6: library, missing checksum, should return 0"
|
||||
mv $temp $hmac
|
||||
|
||||
# TC7
|
||||
rlRun "LD_PRELOAD=$file ./test --verify=${file}x,${symb}" 0 \
|
||||
"TC7: library, incorrect library, should return 0"
|
||||
|
||||
# TC8
|
||||
rlRun "LD_PRELOAD=$file ./test --verify=${file},${symb}x" 0 \
|
||||
"TC8: library, incorrect symbol, should return 0"
|
||||
|
||||
rlPhaseEnd
|
||||
|
||||
if !rlIsRHEL 6; then
|
||||
rlPhaseStartTest "FIPSCHECK_verify_ex()"
|
||||
|
||||
rlLog "Function should return 1 if checksum is valid for a current"
|
||||
rlLog "process or a given library and suffix (if fail_is_missing"
|
||||
rlLog "is set to 1), 0 otherwise."
|
||||
|
||||
# TC1
|
||||
fipshmac "test"
|
||||
rlRun "./test --verify-ex" 1 \
|
||||
"TC1: process, correct checksum, should return 1"
|
||||
rm -f ".test.hmac"
|
||||
|
||||
# TC2
|
||||
echo 'abc' > ".test.hmac"
|
||||
rlRun "./test --verify-ex" 0 \
|
||||
"TC2: process, incorrect checksum, should return 0"
|
||||
rm -f ".test.hmac"
|
||||
|
||||
# TC3
|
||||
rm -f ".test.hmac"
|
||||
rlRun "./test --verify-ex" 1 \
|
||||
"TC3: process, missing checksum (pass if missing), should return 1"
|
||||
|
||||
# Setup for TC4 - TC10.
|
||||
hmac=$(rpm -ql libgcrypt | grep hmac | head -1)
|
||||
name=$(echo $hmac | sed 's|^.*/\.\(.\+\).hmac|\1|')
|
||||
path=$(echo $hmac | sed 's|^\(.\+\)/\..*$|\1/|')
|
||||
file=$(rpm -ql libgcrypt | egrep "/${name}\$")
|
||||
symb=$(objdump -T $file | grep .text | awk '{print $7}' | tail -1)
|
||||
echo "hmac=$hmac"
|
||||
echo "name=$name"
|
||||
echo "path=$path"
|
||||
echo "file=$file"
|
||||
echo "symb=$symb"
|
||||
|
||||
# TC4
|
||||
rlRun "LD_PRELOAD=$file ./test --verify-ex=${file},${symb},.hmac,0" 1 \
|
||||
"TC4: library, correct checksum, should return 1"
|
||||
|
||||
# TC5
|
||||
temp=$(mktemp)
|
||||
mv $hmac $temp
|
||||
echo 'abc' >$hmac
|
||||
rlRun "LD_PRELOAD=$file ./test --verify-ex=${file},${symb},.hmac,0" 0 \
|
||||
"TC5: library, incorrect checksum, should return 0"
|
||||
mv $temp $hmac
|
||||
|
||||
# TC6
|
||||
temp=$(mktemp)
|
||||
mv $hmac $temp
|
||||
rlRun "LD_PRELOAD=$file ./test --verify-ex=${file},${symb},.hmac,0" 1 \
|
||||
"TC6: library, missing checksum (pass is missing), should return 1"
|
||||
mv $temp $hmac
|
||||
|
||||
# TC7
|
||||
temp=$(mktemp)
|
||||
mv $hmac $temp
|
||||
rlRun "LD_PRELOAD=$file ./test --verify-ex=${file},${symb},.hmac,1" 0 \
|
||||
"TC7: library, missing checksum (fail is missing), should return 0"
|
||||
mv $temp $hmac
|
||||
|
||||
# TC8
|
||||
rlRun "LD_PRELOAD=$file ./test --verify-ex=${file}x,${symb},.hmac,1" 0 \
|
||||
"TC8: library, incorrect library, should return 0"
|
||||
|
||||
# TC9
|
||||
rlRun "LD_PRELOAD=$file ./test --verify-ex=${file},${symb}x,.hmac,1" 0 \
|
||||
"TC9: library, incorrect symbol, should return 0"
|
||||
|
||||
# TC10
|
||||
rlRun "LD_PRELOAD=$file ./test --verify-ex=${file},${symb},.hmacx,1" 0 \
|
||||
"TC10: library, incorrect suffix, should return 0"
|
||||
|
||||
rlPhaseEnd
|
||||
fi
|
||||
|
||||
rlPhaseStartTest "FIPSCHECK_verify_files()"
|
||||
|
||||
rlLog "Function should return 1 if checksum is valid for given files"
|
||||
rlLog "otherwise."
|
||||
|
||||
# Setup for TC1 - TC5.
|
||||
hmac1=$(rpm -ql libgcrypt | grep hmac | head -1)
|
||||
name1=$(echo $hmac1 | sed 's|^.*/\.\(.\+\).hmac|\1|')
|
||||
path1=$(echo $hmac1 | sed 's|^\(.\+\)/\..*$|\1/|')
|
||||
file1=$(rpm -ql libgcrypt | egrep "/${name1}\$")
|
||||
echo "hmac1=$hmac1"
|
||||
echo "name1=$name1"
|
||||
echo "path1=$path1"
|
||||
echo "file1=$file1"
|
||||
|
||||
hmac2=$(rpm -ql libreswan | grep pluto.hmac | head -1)
|
||||
name2=$(echo $hmac2 | sed 's|^.*/\(.\+\).hmac|\1|')
|
||||
path2=$(echo $hmac2 | sed 's|^\(.\+\)/.*$|\1/|')
|
||||
file2=$(rpm -ql libreswan | egrep "ipsec/${name2}\$")
|
||||
echo "hmac2=$hmac2"
|
||||
echo "name2=$name2"
|
||||
echo "path2=$path2"
|
||||
echo "file2=$file2"
|
||||
|
||||
# TC1
|
||||
rlRun "./test --verify-files ${file1},${file2}" 1 \
|
||||
"TC1: library, correct checksums, should return 1"
|
||||
|
||||
# TC2
|
||||
temp1=$(mktemp)
|
||||
mv $hmac1 $temp1
|
||||
echo 'abc' >$hmac1
|
||||
rlRun "./test --verify-files=${file1},${file2}" 0 \
|
||||
"TC2: library, correct and incorrect checksums, should return 0"
|
||||
mv $temp1 $hmac1
|
||||
|
||||
# TC3
|
||||
temp1=$(mktemp)
|
||||
temp2=$(mktemp)
|
||||
mv $hmac1 $temp1
|
||||
mv $hmac2 $temp2
|
||||
echo 'abc' >$hmac1
|
||||
echo 'abc' >$hmac2
|
||||
rlRun "./test --verify-files=${file1},${file2}" 0 \
|
||||
"TC3: library, incorrect checksums, should return 0"
|
||||
mv $temp1 $hmac1
|
||||
mv $temp2 $hmac2
|
||||
|
||||
# TC4
|
||||
temp1=$(mktemp)
|
||||
mv $hmac1 $temp1
|
||||
rlRun "./test --verify-files=${file1},${file2}" 0 \
|
||||
"TC4: library, one checksum missing, should return 0"
|
||||
mv $temp1 $hmac1
|
||||
|
||||
# TC5
|
||||
temp1=$(mktemp)
|
||||
temp2=$(mktemp)
|
||||
mv $hmac1 $temp1
|
||||
mv $hmac2 $temp2
|
||||
rlRun "./test --verify-files=${file1},${file2}" 0 \
|
||||
"TC5: library, both checksums missing, should return 0"
|
||||
mv $temp1 $hmac1
|
||||
mv $temp2 $hmac2
|
||||
|
||||
rlPhaseEnd
|
||||
|
||||
if !rlIsRHEL 6; then
|
||||
rlPhaseStartTest "FIPSCHECK_verify_files_ex()"
|
||||
|
||||
rlLog "Function should return 1 if checksum is valid for given files"
|
||||
rlLog "and fail_if_missing is set to 1, 0 otherwise."
|
||||
|
||||
# Setup for TC1 - TC8.
|
||||
hmac1=$(rpm -ql libgcrypt | grep hmac | head -1)
|
||||
name1=$(echo $hmac1 | sed 's|^.*/\.\(.\+\).hmac|\1|')
|
||||
path1=$(echo $hmac1 | sed 's|^\(.\+\)/\..*$|\1/|')
|
||||
file1=$(rpm -ql libgcrypt | egrep "/${name1}\$")
|
||||
echo "hmac1=$hmac1"
|
||||
echo "name1=$name1"
|
||||
echo "path1=$path1"
|
||||
echo "file1=$file1"
|
||||
|
||||
hmac2=$(rpm -ql libreswan | grep hmac | head -1)
|
||||
name2=$(echo $hmac2 | sed 's|^.*/\(.\+\).hmac|\1|')
|
||||
path2=$(echo $hmac2 | sed 's|^\(.\+\)/.*$|\1/|')
|
||||
file2=$(rpm -ql libreswan | egrep "/${name2}\$")
|
||||
echo "hmac2=$hmac2"
|
||||
echo "name2=$name2"
|
||||
echo "path2=$path2"
|
||||
echo "file2=$file2"
|
||||
|
||||
# TC1
|
||||
rlRun "./test --verify-files-ex .hmac,1,${file1},${file2}" 1 \
|
||||
"TC1: library, correct checksums, should return 1"
|
||||
|
||||
# TC2
|
||||
temp1=$(mktemp)
|
||||
mv $hmac1 $temp1
|
||||
echo 'abc' >$hmac1
|
||||
rlRun "./test --verify-files-ex=.hmac,1,${file1},${file2}" 0 \
|
||||
"TC2: library, correct and incorrect checksums, should return 0"
|
||||
mv $temp1 $hmac1
|
||||
|
||||
# TC3
|
||||
temp1=$(mktemp)
|
||||
temp2=$(mktemp)
|
||||
mv $hmac1 $temp1
|
||||
mv $hmac2 $temp2
|
||||
echo 'abc' >$hmac1
|
||||
echo 'abc' >$hmac2
|
||||
rlRun "./test --verify-files-ex=.hmac,1,${file1},${file2}" 0 \
|
||||
"TC3: library, incorrect checksums, should return 0"
|
||||
mv $temp1 $hmac1
|
||||
mv $temp2 $hmac2
|
||||
|
||||
# TC4
|
||||
temp1=$(mktemp)
|
||||
mv $hmac1 $temp1
|
||||
rlRun "./test --verify-files-ex=.hnac,1,${file1},${file2}" 0 \
|
||||
"TC4: library, one checksum missing (fail if missing), should return 0"
|
||||
mv $temp1 $hmac1
|
||||
|
||||
# TC5
|
||||
temp1=$(mktemp)
|
||||
mv $hmac1 $temp1
|
||||
rlRun "./test --verify-files-ex=.hnac,0,${file1},${file2}" 1 \
|
||||
"TC5: library, one checksum missing (pass if missing), should return 1"
|
||||
mv $temp1 $hmac1
|
||||
|
||||
# TC6
|
||||
temp1=$(mktemp)
|
||||
temp2=$(mktemp)
|
||||
mv $hmac1 $temp1
|
||||
mv $hmac2 $temp2
|
||||
rlRun "./test --verify-files-ex=.hmac,1,${file1},${file2}" 0 \
|
||||
"TC6: library, both checksums missing (fail if missing), should return 0"
|
||||
mv $temp1 $hmac1
|
||||
mv $temp2 $hmac2
|
||||
|
||||
# TC7
|
||||
temp1=$(mktemp)
|
||||
temp2=$(mktemp)
|
||||
mv $hmac1 $temp1
|
||||
mv $hmac2 $temp2
|
||||
rlRun "./test --verify-files-ex=.hmac,0,${file1},${file2}" 1 \
|
||||
"TC7: library, both checksums missing (pass if missing), should return 1"
|
||||
mv $temp1 $hmac1
|
||||
mv $temp2 $hmac2
|
||||
|
||||
# TC8
|
||||
rlRun "./test --verify-files-ex=.hmacx,1,${file1},${file2}" 0 \
|
||||
"TC8: library, incorrect suffix, should return 0"
|
||||
|
||||
rlPhaseEnd
|
||||
fi
|
||||
|
||||
rlPhaseStartTest "FIPSCHECK_kernel_fips_mode()"
|
||||
|
||||
rlLog "Function should return 1 if kernel is in FIPS mode, 0 otherwise."
|
||||
|
||||
fips_mode=0
|
||||
grep 1 /proc/sys/crypto/fips_enabled && fips_mode=1
|
||||
rlRun "./test --kernel-fips-mode" $fips_mode
|
||||
|
||||
rlPhaseEnd
|
||||
|
||||
if !rlIsRHEL 6; then
|
||||
rlPhaseStartTest "FIPSCHECK_fips_module_installed()"
|
||||
|
||||
rlLog "Function should return 1 if checksum for given library"
|
||||
rlLog "(or a current process) is available, 0 otherwise."
|
||||
|
||||
# TC1
|
||||
touch ".test.hmac"
|
||||
rlRun "./test --fips-module-installed" 1 \
|
||||
"TC1: process, checksum exists, should return 1"
|
||||
rm -f ".test.hmac"
|
||||
|
||||
# TC2
|
||||
rm -f ".test.hmac"
|
||||
rlRun "./test --fips-module-installed" 0 \
|
||||
"TC2: process, checksum does not exist, should return 0"
|
||||
|
||||
# Setup for TC3 - TC7.
|
||||
hmac=$(rpm -ql libgcrypt | grep hmac | head -1)
|
||||
name=$(echo $hmac | sed 's|^.*/\.\(.\+\).hmac|\1|')
|
||||
path=$(echo $hmac | sed 's|^\(.\+\)/\..*$|\1/|')
|
||||
file=$(rpm -ql libgcrypt | egrep "/${name}\$")
|
||||
symb=$(objdump -T $file | grep .text | awk '{print $7}' | tail -1)
|
||||
echo "hmac=$hmac"
|
||||
echo "name=$name"
|
||||
echo "path=$path"
|
||||
echo "file=$file"
|
||||
echo "symb=$symb"
|
||||
|
||||
# TC3
|
||||
rlRun "LD_PRELOAD=$file ./test --fips-module-installed=${file},${symb},.hmac" 1 \
|
||||
"TC3: library, checksum exists, should return 1"
|
||||
|
||||
# TC4
|
||||
temp=$(mktemp)
|
||||
mv $hmac $temp
|
||||
rlRun "LD_PRELOAD=$file ./test --fips-module-installed=${file},${symb},.hmac" 0 \
|
||||
"TC4: library, checksum does not exists, should return 0"
|
||||
mv $temp $hmac
|
||||
|
||||
# TC5
|
||||
rlRun "LD_PRELOAD=$file ./test --fips-module-installed=${file}x,${symb},.hmac" 1 \
|
||||
"TC5: library, incorrect library, should return 1 (failsafe)"
|
||||
|
||||
# TC6
|
||||
rlRun "LD_PRELOAD=$file ./test --fips-module-installed=${file},${symb}x,.hmac" 1 \
|
||||
"TC6: library, incorrect symbol, should return 1 (failsafe)"
|
||||
|
||||
# TC7
|
||||
rlRun "LD_PRELOAD=$file ./test --fips-module-installed=${file},${symb},.hmacx" 0 \
|
||||
"TC7: library, incorrect suffix, should return 0"
|
||||
|
||||
rlPhaseEnd
|
||||
fi
|
||||
|
||||
rlPhaseStartCleanup
|
||||
rlRun "rm -f ./test" 0
|
||||
rlPhaseEnd
|
||||
|
||||
rlJournalPrintText
|
||||
|
||||
rlJournalEnd
|
81
tests/library/test.c
Normal file
81
tests/library/test.c
Normal file
@ -0,0 +1,81 @@
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <fipscheck.h>
|
||||
#include <dlfcn.h>
|
||||
#include <getopt.h>
|
||||
#include <string.h>
|
||||
|
||||
int main(int argc, char *argv[]) {
|
||||
|
||||
static struct option long_options[] = {
|
||||
{ "verify", optional_argument, 0, 1 },
|
||||
{ "verify-ex", optional_argument, 0, 2 },
|
||||
{ "verify-files", required_argument, 0, 3 },
|
||||
{ "verify-files-ex", required_argument, 0, 4 },
|
||||
{ "fips-module-installed", optional_argument, 0, 5 },
|
||||
{ "kernel-fips-mode", no_argument, 0, 6 },
|
||||
{0, 0, 0, 0}
|
||||
};
|
||||
|
||||
int rc = 0, option_index = 0, fail_if_missing;
|
||||
int c = getopt_long (argc, argv, "", long_options, &option_index);
|
||||
char *libname = NULL, *symbolname = NULL, *suffix = NULL, *files[3];
|
||||
|
||||
switch (c) {
|
||||
|
||||
case 1:
|
||||
if (optarg != NULL) {
|
||||
libname = strtok(optarg, ",");
|
||||
symbolname = strtok(NULL, ",");
|
||||
}
|
||||
rc = FIPSCHECK_verify(libname, symbolname);
|
||||
break;
|
||||
|
||||
case 2:
|
||||
if (optarg != NULL) {
|
||||
libname = strtok(optarg, ",");
|
||||
symbolname = strtok(NULL, ",");
|
||||
suffix = strtok(NULL, ",");
|
||||
fail_if_missing = atoi(strtok(NULL, ","));
|
||||
}
|
||||
#ifndef RHEL6
|
||||
rc = FIPSCHECK_verify_ex(libname, symbolname, suffix, fail_if_missing);
|
||||
#endif
|
||||
break;
|
||||
|
||||
case 3:
|
||||
files[0] = strtok(optarg, ",");
|
||||
files[1] = strtok(NULL, ",");
|
||||
files[2] = NULL;
|
||||
rc = FIPSCHECK_verify_files((const char **) files);
|
||||
break;
|
||||
|
||||
case 4:
|
||||
suffix = strtok(optarg, ",");
|
||||
fail_if_missing = atoi(strtok(NULL, ","));
|
||||
files[0] = strtok(NULL, ",");
|
||||
files[1] = strtok(NULL, ",");
|
||||
files[2] = NULL;
|
||||
#ifndef RHEL6
|
||||
rc = FIPSCHECK_verify_files_ex(suffix, fail_if_missing, (const char **) files);
|
||||
#endif
|
||||
break;
|
||||
|
||||
case 5:
|
||||
if (optarg != NULL) {
|
||||
libname = strtok(optarg, ",");
|
||||
symbolname = strtok(NULL, ",");
|
||||
suffix = strtok(NULL, ",");
|
||||
}
|
||||
#ifndef RHEL6
|
||||
rc = FIPSCHECK_fips_module_installed(libname, symbolname, suffix);
|
||||
#endif
|
||||
break;
|
||||
|
||||
case 6:
|
||||
rc = FIPSCHECK_kernel_fips_mode();
|
||||
break;
|
||||
}
|
||||
|
||||
return rc;
|
||||
}
|
28
tests/tests.yml
Normal file
28
tests/tests.yml
Normal file
@ -0,0 +1,28 @@
|
||||
---
|
||||
# Tests for classic and container
|
||||
- hosts: localhost
|
||||
roles:
|
||||
- role: standard-test-beakerlib
|
||||
tags:
|
||||
- classic
|
||||
- container
|
||||
tests:
|
||||
- library
|
||||
- fipscheck
|
||||
- fipshmac
|
||||
required_packages:
|
||||
- fipscheck # Required for library test
|
||||
- fipscheck-devel # Required for library test
|
||||
- fipscheck-lib # Required for library test
|
||||
- libgcrypt # Required for library test
|
||||
- libreswan # Required for library test
|
||||
- gcc # Required for library test
|
||||
|
||||
# Tests for Atomic Host
|
||||
- hosts: localhost
|
||||
roles:
|
||||
- role: standard-test-beakerlib
|
||||
tags:
|
||||
- atomic
|
||||
tests:
|
||||
- fipshmac
|
Loading…
Reference in New Issue
Block a user