xref: /freebsd/crypto/openssl/util/mk-fipsmodule-cnf.pl (revision f73124b077d867990cbcb4d903b48be2ca55e4ca)
1#! /usr/bin/env perl
2# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
3#
4# Licensed under the Apache License 2.0 (the "License").  You may not use
5# this file except in compliance with the License.  You can obtain a copy
6# in the file LICENSE in the source distribution or at
7# https://www.openssl.org/source/license.html
8
9use Getopt::Long;
10
11my $activate = 1;
12my $conditional_errors = 1;
13my $security_checks = 1;
14my $mac_key;
15my $module_name;
16my $section_name = "fips_sect";
17
18GetOptions("key=s"              => \$mac_key,
19           "module=s"           => \$module_name,
20           "section_name=s"     => \$section_name)
21    or die "Error when getting command line arguments";
22
23my $mac_keylen = length($mac_key);
24
25use Digest::SHA qw(hmac_sha256_hex);
26my $module_size = [ stat($module_name) ]->[7];
27
28open my $fh, "<:raw", $module_name or die "Trying to open $module_name: $!";
29read $fh, my $data, $module_size or die "Trying to read $module_name: $!";
30close $fh;
31
32# Calculate HMAC-SHA256 in hex, and split it into a list of two character
33# chunks, and join the chunks with colons.
34my @module_mac
35    = ( uc(hmac_sha256_hex($data, pack("H$mac_keylen", $mac_key))) =~ m/../g );
36my $module_mac = join(':', @module_mac);
37
38print <<_____;
39[$section_name]
40activate = $activate
41conditional-errors = $conditional_errors
42security-checks = $security_checks
43module-mac = $module_mac
44_____
45