Skip to content

Commit 0fd96be

Browse files
ejohnstownejohnstown
committed
FIPS Check Script with Explicit Versioning
1. Add a test OE for trying out the new methods. 2. Add a temporary way to trigger using the new methods. 3. Add a function to check out different versions of files in the repo, and only adding a new branch when needed. 4. Remove the old checkout code.
1 parent ac90fa8 commit 0fd96be

1 file changed

Lines changed: 90 additions & 31 deletions

File tree

fips-check.sh

Lines changed: 90 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,8 @@ FLAVOR="${FLAVOR:-linux}"
3939
KEEP="${KEEP:-no}"
4040

4141
while [ "$1" ]; do
42-
if [ "$1" = 'keep' ]; then KEEP='yes'; else FLAVOR="$1"; fi
42+
if [ "$1" = 'new' ]; then DO_NEW_ACTION='yes'; else
43+
if [ "$1" = 'keep' ]; then KEEP='yes'; else FLAVOR="$1"; fi; fi
4344
shift
4445
done
4546

@@ -85,6 +86,49 @@ linuxv5)
8586
FIPS_INCS=('fips.h')
8687
COPY_DIRECT=('wolfcrypt/src/aes_gcm_asm.S')
8788
;;
89+
linuxv5a)
90+
FIPS_OPTION='v5'
91+
FIPS_FILES=(
92+
'fips.c:WCv5.0-RC12'
93+
'fips_test.c:WCv5.0-RC12'
94+
'wolfcrypt_first.c:WCv5.0-RC12'
95+
'wolfcrypt_last.c:WCv5.0-RC12'
96+
'fips.h:WCv5.0-RC12'
97+
)
98+
WC_C_FILES=(
99+
'wolfcrypt/src/aes.c:WCv5.0-RC12'
100+
'wolfcrypt/src/aes_asm.c:WCv5.0-RC12'
101+
'wolfcrypt/src/cmac.c:WCv5.0-RC12'
102+
'wolfcrypt/src/dh.c:WCv5.0-RC12'
103+
'wolfcrypt/src/ecc.c:WCv5.0-RC12'
104+
'wolfcrypt/src/hmac.c:WCv5.0-RC12'
105+
'wolfcrypt/src/kdf.c:WCv5.0-RC12'
106+
'wolfcrypt/src/random.c:WCv5.0-RC12'
107+
'wolfcrypt/src/rsa.c:WCv5.0-RC12'
108+
'wolfcrypt/src/sha.c:WCv5.0-RC12'
109+
'wolfcrypt/src/sha256.c:WCv5.0-RC12'
110+
'wolfcrypt/src/sha256_asm.c:WCv5.0-RC12'
111+
'wolfcrypt/src/sha3.c:WCv5.0-RC12'
112+
'wolfcrypt/src/sha512.c:WCv5.0-RC12'
113+
'wolfcrypt/src/sha512_asm.c:WCv5.0-RC12'
114+
'wolfcrypt/src/aes_gcm_asm.S:WCv5.0-RC12'
115+
'wolfssl/wolfcrypt/aes.h:WCv5.0-RC12'
116+
'wolfssl/wolfcrypt/aes_asm.h:WCv5.0-RC12'
117+
'wolfssl/wolfcrypt/cmac.h:WCv5.0-RC12'
118+
'wolfssl/wolfcrypt/dh.h:WCv5.0-RC12'
119+
'wolfssl/wolfcrypt/ecc.h:WCv5.0-RC12'
120+
'wolfssl/wolfcrypt/hmac.h:WCv5.0-RC12'
121+
'wolfssl/wolfcrypt/kdf.h:WCv5.0-RC12'
122+
'wolfssl/wolfcrypt/random.h:WCv5.0-RC12'
123+
'wolfssl/wolfcrypt/rsa.h:WCv5.0-RC12'
124+
'wolfssl/wolfcrypt/sha.h:WCv5.0-RC12'
125+
'wolfssl/wolfcrypt/sha256.h:WCv5.0-RC12'
126+
'wolfssl/wolfcrypt/sha256_asm.h:WCv5.0-RC12'
127+
'wolfssl/wolfcrypt/sha3.h:WCv5.0-RC12'
128+
'wolfssl/wolfcrypt/sha512.h:WCv5.0-RC12'
129+
'wolfssl/wolfcrypt/sha512_asm.h:WCv5.0-RC12'
130+
)
131+
;;
88132
fips-ready)
89133
FIPS_OPTION='ready'
90134
FIPS_VERSION='master'
@@ -121,6 +165,50 @@ solaris)
121165
exit 1
122166
esac
123167

168+
function checkout_tag() {
169+
if ! $GIT branch --list | grep "my$1"
170+
then
171+
$GIT branch --no-track "my$1" "$1" || exit $?
172+
fi
173+
}
174+
175+
function checkout_files() {
176+
local repo_path="$1"
177+
shift
178+
pushd $repo_path
179+
for file_entry in "$@"
180+
do
181+
local name=${file_entry%%:*}
182+
local tag=${file_entry#*:}
183+
checkout_tag "$tag" || exit $?
184+
$GIT checkout "my$tag" -- "$name" || exit $?
185+
done
186+
popd
187+
}
188+
189+
function copy_files() {
190+
local repo_path="$1"
191+
shift
192+
pushd $repo_path
193+
for file_entry in "$@"
194+
do
195+
local name=${file_entry%%:*}
196+
local tag=${file_entry#*:}
197+
checkout_tag "$tag" || exit $?
198+
$GIT checkout "my$tag" -- "$name" || exit $?
199+
done
200+
popd
201+
}
202+
203+
if [ "$DO_NEW_ACTION" = 'yes' ]
204+
then
205+
checkout_files '.' "${WC_C_FILES[@]}"
206+
checkout_files './fips' "${FIPS_FILES[@]}"
207+
exit
208+
fi
209+
echo "Escaped!"
210+
exit
211+
124212
if ! $GIT clone . "$TEST_DIR"; then
125213
echo "fips-check: Couldn't duplicate current working directory."
126214
exit 1
@@ -139,36 +227,7 @@ case "$FIPS_OPTION" in
139227
;;
140228

141229
cavp-selftest*|v2|rand|v5*)
142-
$GIT branch --no-track "my$CRYPT_VERSION" "$CRYPT_VERSION" || exit $?
143-
# Checkout the fips versions of the wolfCrypt files from the repo.
144-
for MOD in "${WC_MODS[@]}"
145-
do
146-
if [ -f "$CRYPT_SRC_PATH/$MOD.c" ]; then
147-
$GIT checkout "my$CRYPT_VERSION" -- "$CRYPT_SRC_PATH/$MOD.c" || exit $?
148-
fi
149-
# aes_asm.S, sha256_asm.S sha512_asm.S
150-
if [ -f "$CRYPT_SRC_PATH/$MOD.S" ]; then
151-
echo "Checking out asm file: $MOD.S"
152-
$GIT checkout "my$CRYPT_VERSION" -- "$CRYPT_SRC_PATH/$MOD.S" || exit $?
153-
fi
154-
# aes_asm.asm
155-
if [ -f "$CRYPT_SRC_PATH/$MOD.asm" ]; then
156-
echo "Checking out asm file: $MOD.asm"
157-
$GIT checkout "my$CRYPT_VERSION" -- "$CRYPT_SRC_PATH/$MOD.asm" || exit $?
158-
fi
159-
if [ -f "$CRYPT_INC_PATH/$MOD.h" ]; then
160-
$GIT checkout "my$CRYPT_VERSION" -- "$CRYPT_INC_PATH/$MOD.h" || exit $?
161-
fi
162-
done
163-
164-
for MOD in "${COPY_DIRECT[@]}"
165-
do
166-
$GIT checkout "my$CRYPT_VERSION" -- "$MOD" || exit $?
167-
done
168-
169-
$GIT branch --no-track "myrng$RNG_VERSION" "$RNG_VERSION" || exit $?
170-
# Checkout the fips versions of the wolfCrypt files from the repo.
171-
$GIT checkout "myrng$RNG_VERSION" -- "$CRYPT_SRC_PATH/random.c" "$CRYPT_INC_PATH/random.h" || exit $?
230+
checkout_files '.' "${WC_C_FILES[@]}"
172231
;;
173232

174233
*)

0 commit comments

Comments
 (0)