source-git / fipscheck

Clone
Source Code
GIT

Blame README

c8 master
  1.   c8
  2.   README
Blob History Raw
Packit b66677 
FIPSCHECK project
Packit b66677 
=================
Packit b66677
Packit b66677 
This package contains library (libfipscheck) and helper binaries which
Packit b66677 
implement the integrity check of libraries and binaries as required by
Packit b66677 
FIPS-140-2 validated modules.
Packit b66677
Packit b66677 
The integrity check is only one of many requirements needed for validation
Packit b66677 
of a software cryptographic module.
Packit b66677
Packit b66677 
Dependencies
Packit b66677 
============
Packit b66677
Packit b66677 
The package depends on the OpenSSL library for its operation.
Packit b66677
Packit b66677 
Commands
Packit b66677 
========
Packit b66677
Packit b66677 
fipshmac [-d <path-to-destination-dir>] [-s <hmac-suffix>] <filenames-to-be-checksummed>
Packit b66677
Packit b66677 
This command will create a checksum file in the same directory as the file
Packit b66677 
which is being checksummed. It will prepend '.' and append <hmac-suffix> to the
Packit b66677 
original file name. If the suffix is not specified '.hmac' is used.
Packit b66677
Packit b66677 
* return values (exit codes): 0 - OK
Packit b66677 
  2 - Missing filename
Packit b66677 
  3 - Cannot open the checksum file
Packit b66677 
  4 - Cannot read the file to be checksummed, or the checksum computation failed
Packit b66677 
  5 - Memory allocation error
Packit b66677 
  6,7 - Cannot write to the checksum file
Packit b66677
Packit b66677 
If invoked correctly the fipshmac command will not print anything to the
Packit b66677 
standard output or error. Otherwise it will print an error message to stderr.
Packit b66677
Packit b66677 
If destination directory is specified with -d the resulting files will be put
Packit b66677 
into it and '.' will not be prepended to the file names.
Packit b66677
Packit b66677 
fipscheck [-s <hmac-suffix>] <filenames-to-be-checksummed>
Packit b66677
Packit b66677 
This command will verify a checksum of a file. The file containing the checksum
Packit b66677 
value is first looked up in the /usr/lib{64,}/fipscheck directory and if not
Packit b66677 
found there in the same directory as the file which is being checksummed.
Packit b66677 
The checksum file must have '.' prepended and <hmac-suffix> appended to the original
Packit b66677 
file name. The '.' must not be prepended to the file names in the
Packit b66677 
/usr/lib{64,}/fipscheck directory. If the suffix is not specified '.hmac' is used.
Packit b66677
Packit b66677 
* return values (exit codes): 0 - OK
Packit b66677 
  1 - Checksum mismatch
Packit b66677 
  2 - Missing filename
Packit b66677 
  3 - Cannot open the checksum file
Packit b66677 
  4 - Cannot read the file to be checksummed, or the checksum computation failed
Packit b66677 
  5 - Memory allocation error
Packit b66677 
  10 and higher - Failure during self-checking the libfipscheck.so shared library
Packit b66677 
  20 and higher - Failure during self-checking the fipscheck binary
Packit b66677
Packit b66677 
If invoked correctly the fipscheck command will not print anything to the
Packit b66677 
standard output or error. If you set an environment variable FIPSCHECK_DEBUG to
Packit b66677 
value "syslog", it will send eventual error messages to the syslog. If you set
Packit b66677 
it to value "error", it will send them to the stderr.
Packit b66677
Packit b66677 
Library API
Packit b66677 
===========
Packit b66677
Packit b66677 
See man 3 fipscheck.h manual page for description of the fipscheck library API.
Packit b66677
Packit b66677 
Format of the checksum file
Packit b66677 
===========================
Packit b66677
Packit b66677 
The file contains HMAC-SHA256 encoded in hexadecimal notation with
Packit b66677 
lowercase letters with one EOL character appended.

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation