1 // Copyright 2021 The BoringSSL Authors
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 #include <inttypes.h>
16 #include <stdio.h>
17 #include <string.h>
18 #include <unistd.h>
19 #include <string>
20 #include <string_view>
21 
22 #include <openssl/crypto.h>
23 #include <openssl/span.h>
24 
25 #include "modulewrapper.h"
26 
27 
main(int argc,char ** argv)28 int main(int argc, char **argv) {
29   if (argc == 2 && strcmp(argv[1], "--version") == 0) {
30     printf("Built for architecture: ");
31 
32 #if defined(OPENSSL_X86_64)
33     puts("x86-64 (64-bit)");
34 #elif defined(OPENSSL_ARM)
35     puts("ARM (32-bit)");
36 #elif defined(OPENSSL_AARCH64)
37     puts("aarch64 (64-bit)");
38 #else
39 #error "FIPS build not supported on this architecture"
40 #endif
41 
42     if (!FIPS_mode()) {
43       printf("Module not in FIPS mode\n");
44       abort();
45     }
46     printf("Module is in FIPS mode\n");
47 
48     const uint32_t module_version = FIPS_version();
49     if (module_version == 0) {
50       printf("No module version set\n");
51       abort();
52     }
53     printf("Module: '%s', version: %" PRIu32 " hash:\n", FIPS_module_name(),
54            module_version);
55 
56 #if !defined(BORINGSSL_FIPS)
57     // |module_version| will be zero, so the non-FIPS build will never get
58     // this far.
59     printf("Non zero module version in non-FIPS build - should not happen!\n");
60     abort();
61 #elif defined(OPENSSL_ASAN)
62     printf("(not available when compiled for ASAN)");
63 #else
64     const uint8_t *module_hash = FIPS_module_hash();
65     for (size_t i = 0; i < SHA256_DIGEST_LENGTH; i++) {
66       printf("%02x", module_hash[i]);
67     }
68     printf("\n");
69 #endif
70     printf("Hardware acceleration enabled: %s\n",
71            CRYPTO_has_asm() ? "yes" : "no");
72 
73     return 0;
74   } else if (argc != 1) {
75     fprintf(stderr, "Usage: %s [--version]\n", argv[0]);
76     return 4;
77   }
78 
79   // modulewrapper buffers responses to the greatest degree allowed in order to
80   // fully exercise the async handling in acvptool.
81   std::unique_ptr<bssl::acvp::RequestBuffer> buffer =
82       bssl::acvp::RequestBuffer::New();
83   const bssl::acvp::ReplyCallback write_reply = std::bind(
84       bssl::acvp::WriteReplyToFd, STDOUT_FILENO, std::placeholders::_1);
85   const bssl::acvp::ReplyCallback buffer_reply =
86       std::bind(bssl::acvp::WriteReplyToBuffer, std::placeholders::_1);
87 
88   for (;;) {
89     const bssl::Span<const bssl::Span<const uint8_t>> args =
90         ParseArgsFromFd(STDIN_FILENO, buffer.get());
91     if (args.empty()) {
92       return 1;
93     }
94 
95     auto name = bssl::BytesAsStringView(args[0]);
96     if (name == "flush") {
97       if (!bssl::acvp::FlushBuffer(STDOUT_FILENO)) {
98         abort();
99       }
100       continue;
101     }
102 
103     const bssl::acvp::Handler handler = bssl::acvp::FindHandler(args);
104     if (!handler) {
105       return 2;
106     }
107 
108     auto &reply_callback = name == "getConfig" ? write_reply : buffer_reply;
109     if (!handler(args.subspan(1).data(), reply_callback)) {
110       fprintf(stderr, "\'%s\' operation failed.\n", std::string(name).c_str());
111       return 3;
112     }
113   }
114 }
115