"Fossies" - the Fresh Open Source Software Archive

Member "LinOTP-release-2.11/linotpd/src/linotp/lib/security/libfips/selfcheck.py" (12 Nov 2019, 3321 Bytes) of package /linux/misc/LinOTP-release-2.11.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Python source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. For more information about "selfcheck.py" see the Fossies "Dox" file reference documentation.

    1 # -*- coding: utf-8 -*-
    2 #
    3 #    LinOTP - the open source solution for two factor authentication
    4 #    Copyright (C) 2010 - 2019 KeyIdentity GmbH
    5 #
    6 #    This file is part of LinOTP server.
    7 #
    8 #    This program is free software: you can redistribute it and/or
    9 #    modify it under the terms of the GNU Affero General Public
   10 #    License, version 3, as published by the Free Software Foundation.
   11 #
   12 #    This program is distributed in the hope that it will be useful,
   13 #    but WITHOUT ANY WARRANTY; without even the implied warranty of
   14 #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   15 #    GNU Affero General Public License for more details.
   16 #
   17 #    You should have received a copy of the
   18 #               GNU Affero General Public License
   19 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
   20 #
   21 #
   22 #    E-mail: linotp@keyidentity.com
   23 #    Contact: www.linotp.org
   24 #    Support: www.keyidentity.com
   25 #
   26 """fips library self test"""
   27 
   28 import os
   29 from binascii import unhexlify
   30 
   31 from linotp.lib.security.libfips import FipsModule
   32 from linotp.lib.security.libfips import SSLError
   33 
   34 # assune the cryptolib is in the same directory as libfips
   35 
   36 Cryptolib_Location = os.path.dirname(os.path.abspath(__file__))
   37 Cryptolib = os.path.join(Cryptolib_Location, 'libcrypto.so')
   38 
   39 Fips = FipsModule(Cryptolib)
   40 
   41 
   42 #
   43 # check test vectors for HMAC-sha1 from RFC2202
   44 #
   45 
   46 # test case 1
   47 if (Fips.hmac_sha1(20 * b"\x0b", b"Hi There") !=
   48         unhexlify("b617318655057264e28bc0b6fb378c8ef146be00")):
   49     raise Exception("HMAC-sha1 self check number 1 failed")
   50 
   51 # test case 2
   52 if (Fips.hmac_sha1(b"Jefe", b"what do ya want for nothing?") !=
   53         unhexlify("effcdf6ae5eb2fa2d27416d5f184df9c259a7c79")):
   54     raise Exception("HMAC-sha1 self check number 2 failed")
   55 
   56 # test case 3
   57 if (Fips.hmac_sha1(20 * b"\xaa", 50 * b"\xdd") !=
   58         unhexlify("125d7342b9ac11cd91a39af48aa17b4f63f175d3")):
   59     raise Exception("HMAC-sha1 self check number 3 failed")
   60 
   61 # test case 4
   62 if (Fips.hmac_sha1(unhexlify("0102030405060708090a0b0c0d0e0f10111213141516"
   63                              "171819"), 50 * b"\xcd") !=
   64         unhexlify("4c9007f4026250c6bc8414f9bf50c86c2d7235da")):
   65     raise Exception("HMAC-sha1 self check number 4 failed")
   66 
   67 # test case 5
   68 if (Fips.hmac_sha1(20 * b"\x0c", b"Test With Truncation") !=
   69         unhexlify("4c1a03424b55e07fe7f27be1d58bb9324a9a5a04")):
   70     raise Exception("HMAC-sha1 self check number 5 failed")
   71 
   72 # test case 6
   73 if (Fips.hmac_sha1(80 * b"\xaa", b"Test Using Larger Than Block-Size Key"
   74                    " - Hash Key First") !=
   75         unhexlify("aa4ae5e15272d00e95705637ce8a3b55ed402112")):
   76     raise Exception("HMAC-sha1 self check number 6 failed")
   77 
   78 # test case 7
   79 if (Fips.hmac_sha1(80 * b"\xaa", b"Test Using Larger Than Block-Size Key "
   80                    "and Larger Than One Block-Size Data") !=
   81         unhexlify("e8e99d0f45237d786d6bbaa7965c7808bbff1a91")):
   82     raise Exception("HMAC-sha1 self check number 7 failed")
   83 
   84 
   85 #
   86 # now check if non-Fips algorithms are really disabled by trying to calculate
   87 # a HMAC-ripemd160
   88 #
   89 try:
   90     ripemd160 = Fips._libcrypto.EVP_ripemd160()
   91     Fips._HMAC(ripemd160, b"foo", b"bar")
   92     raise Exception("HMAC with ripemd160 hash should be "
   93                     "disabled by FIPS mode!")
   94 except SSLError:
   95     pass  # that is what we want
   96 
   97 # end of file