From b9be5c2c24bd3b910834e61958546b626c9389e3 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 1 Jul 2022 12:33:08 -0700 Subject: [PATCH] =?UTF-8?q?Update=20to=20FIPS=20v5-ready=20will=20use=20la?= =?UTF-8?q?test=20master.=20Support=20for=20FIPS=20in=20core=20hash=20usin?= =?UTF-8?q?g=20SHA2-256=20and=20SHA2-384=20in=20fips=5Ftest.h.=20Fixes=20f?= =?UTF-8?q?or=20`MATH=5FINT=5FT`.=20Fix=20`error:=20=E2=80=98tls13=5Fkdf?= =?UTF-8?q?=5Ftest=E2=80=99=20declared=20=E2=80=98static=E2=80=99=20but=20?= =?UTF-8?q?never=20defined`.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- fips-check.sh | 2 +- wolfcrypt/src/port/cypress/psoc6_crypto.c | 2 +- wolfcrypt/src/port/nxp/se050_port.c | 2 +- wolfcrypt/test/test.c | 2 +- wolfssl/wolfcrypt/fips_test.h | 19 +++++++++++++++++++ wolfssl/wolfcrypt/port/nxp/se050_port.h | 2 +- wolfssl/wolfcrypt/port/st/stm32.h | 2 +- 7 files changed, 25 insertions(+), 6 deletions(-) diff --git a/fips-check.sh b/fips-check.sh index 407f95d69..f7c76a14f 100755 --- a/fips-check.sh +++ b/fips-check.sh @@ -240,7 +240,7 @@ linuxv5) ;; linuxv5-ready|fips-ready|fips-v5-ready) FIPS_REPO="git@github.com:wolfSSL/fips.git" - FIPS_VERSION="WCv5.0-RC12" + FIPS_VERSION="master" CRYPT_INC_PATH=wolfssl/wolfcrypt CRYPT_SRC_PATH=wolfcrypt/src FIPS_SRCS=( fips.c fips_test.c wolfcrypt_first.c wolfcrypt_last.c ) diff --git a/wolfcrypt/src/port/cypress/psoc6_crypto.c b/wolfcrypt/src/port/cypress/psoc6_crypto.c index b6d6afa54..1e48071aa 100644 --- a/wolfcrypt/src/port/cypress/psoc6_crypto.c +++ b/wolfcrypt/src/port/cypress/psoc6_crypto.c @@ -32,7 +32,7 @@ #endif #if defined(WOLFSSL_PSOC6_CRYPTO) -#ifdef WOLFSSL_SP_MATH +#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) struct sp_int; #define MATH_INT_T struct sp_int #elif defined(USE_FAST_MATH) diff --git a/wolfcrypt/src/port/nxp/se050_port.c b/wolfcrypt/src/port/nxp/se050_port.c index c80b7c8b6..f568aa67a 100644 --- a/wolfcrypt/src/port/nxp/se050_port.c +++ b/wolfcrypt/src/port/nxp/se050_port.c @@ -47,7 +47,7 @@ #include "ex_sss_boot.h" #endif -#ifdef WOLFSSL_SP_MATH +#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) struct sp_int; #define MATH_INT_T struct sp_int #elif defined(USE_FAST_MATH) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index ec7d34603..5da53e7fd 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -21002,7 +21002,7 @@ const char resMasterLabel[] = "res master"; const char derivedLabel[] = "derived"; -int tls13_kdf_test(void) +WOLFSSL_TEST_SUBROUTINE int tls13_kdf_test(void) { int ret = 0; word32 i; diff --git a/wolfssl/wolfcrypt/fips_test.h b/wolfssl/wolfcrypt/fips_test.h index 7c25f10c9..2f04231e9 100644 --- a/wolfssl/wolfcrypt/fips_test.h +++ b/wolfssl/wolfcrypt/fips_test.h @@ -31,6 +31,25 @@ extern "C" { #endif +/* Added for FIPS v5.3 or later */ +#if defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3) + /* Determine FIPS in core hash type and size */ + #ifndef NO_SHA256 + #define FIPS_IN_CORE_DIGEST_SIZE 32 + #define FIPS_IN_CORE_HASH_TYPE WC_SHA256 + #define FIPS_IN_CORE_KEY_SZ 32 + #define FIPS_IN_CORE_VERIFY_SZ FIPS_IN_CORE_KEY_SZ + #elif defined(WOLFSSL_SHA384) + #define FIPS_IN_CORE_DIGEST_SIZE 48 + #define FIPS_IN_CORE_HASH_TYPE WC_SHA384 + #define FIPS_IN_CORE_KEY_SZ 48 + #define FIPS_IN_CORE_VERIFY_SZ FIPS_IN_CORE_KEY_SZ + #else + #error No FIPS hash (SHA2-256 or SHA2-384) + #endif +#endif /* FIPS v5.3 or later */ + + enum FipsCastId { FIPS_CAST_AES_CBC, FIPS_CAST_AES_GCM, diff --git a/wolfssl/wolfcrypt/port/nxp/se050_port.h b/wolfssl/wolfcrypt/port/nxp/se050_port.h index be4630422..a58e97be6 100644 --- a/wolfssl/wolfcrypt/port/nxp/se050_port.h +++ b/wolfssl/wolfcrypt/port/nxp/se050_port.h @@ -118,7 +118,7 @@ WOLFSSL_LOCAL void se050_aes_free(struct Aes* aes); struct ecc_key; struct WC_RNG; -#ifdef WOLFSSL_SP_MATH +#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) struct sp_int; #define MATH_INT_T struct sp_int #elif defined(USE_FAST_MATH) diff --git a/wolfssl/wolfcrypt/port/st/stm32.h b/wolfssl/wolfcrypt/port/st/stm32.h index 5502a885c..0516458ca 100644 --- a/wolfssl/wolfcrypt/port/st/stm32.h +++ b/wolfssl/wolfcrypt/port/st/stm32.h @@ -152,7 +152,7 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo, #endif /* STM32_CRYPTO */ #if defined(WOLFSSL_STM32_PKA) && defined(HAVE_ECC) -#ifdef WOLFSSL_SP_MATH +#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) struct sp_int; #define MATH_INT_T struct sp_int #elif defined(USE_FAST_MATH)