SHA512 fips mode

2014-03-27 14:03:12 -07:00
parent 74a6916606
commit e873d7998b
13 changed files with 71 additions and 21 deletions
--- a/configure.ac
+++ b/configure.ac
@@ -1067,10 +1067,18 @@ AC_ARG_ENABLE([fips],

 if test "x$ENABLED_FIPS" = "xyes"
 then
+    # requires thread local storage
    if test "$thread_ls_on" = "no"
    then
        AC_MSG_ERROR([FIPS requires Thread Local Storage])
    fi
+    # requires SHA512
+    if test "x$ENABLED_SHA512" = "xno"
+    then
+        ENABLED_SHA512="yes"
+        AM_CFLAGS="$AM_CFLAGS -DCYASSL_SHA512 -DCYASSL_SHA384"
+        AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"])
+    fi
    AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
 fi

--- a/ctaocrypt/benchmark/benchmark.c
+++ b/ctaocrypt/benchmark/benchmark.c
@@ -652,9 +652,13 @@ void bench_sha512(void)
    Sha512 hash;
    byte   digest[SHA512_DIGEST_SIZE];
    double start, total, persec;
-    int    i;
+    int    i, ret;
        
-    InitSha512(&hash);
+    ret = InitSha512(&hash);
+    if (ret != 0) {
+        printf("InitSha512 failed, ret = %d\n", ret);
+        return;
+    }
    start = current_time(1);
    
    for(i = 0; i < numBlocks; i++)
--- a/ctaocrypt/src/asn.c
+++ b/ctaocrypt/src/asn.c
@@ -2704,7 +2704,11 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
        case CTC_SHA512wECDSA:
        {
            Sha512 sha512;
-            InitSha512(&sha512);
+            ret = InitSha512(&sha512);
+            if (ret != 0) {
+                CYASSL_MSG("InitSha512 failed");
+                return 0;  /*  not confirmed */
+            }
            Sha512Update(&sha512, buf, bufSz);
            Sha512Final(&sha512, digest);
            typeH    = SHA512h;
--- a/ctaocrypt/src/hmac.c
+++ b/ctaocrypt/src/hmac.c
@@ -92,7 +92,7 @@ static int InitHmac(Hmac* hmac, int type)
        
        #ifdef CYASSL_SHA512
        case SHA512:
-            InitSha512(&hmac->hash.sha512);
+            ret = InitSha512(&hmac->hash.sha512);
        break;
        #endif
        
--- a/ctaocrypt/src/pwdbased.c
+++ b/ctaocrypt/src/pwdbased.c
@@ -302,7 +302,9 @@ int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt,
        else if (hashType == SHA512) {
            Sha512 sha512;

-            InitSha512(&sha512);
+            ret = InitSha512(&sha512);
+            if (ret != 0)
+                break;
            Sha512Update(&sha512, buffer, totalLen);
            Sha512Final(&sha512, Ai);

--- a/ctaocrypt/src/sha512.c
+++ b/ctaocrypt/src/sha512.c
@@ -27,6 +27,11 @@

 #ifdef CYASSL_SHA512

+#ifdef HAVE_FIPS
+    /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
+    #define FIPS_NO_WRAPPERS
+#endif
+
 #include <cyassl/ctaocrypt/sha512.h>
 #ifdef NO_INLINE
    #include <cyassl/ctaocrypt/misc.h>
@@ -45,7 +50,7 @@
 #endif /* min */


-void InitSha512(Sha512* sha512)
+int InitSha512(Sha512* sha512)
 {
    sha512->digest[0] = W64LIT(0x6a09e667f3bcc908);
    sha512->digest[1] = W64LIT(0xbb67ae8584caa73b);
@@ -59,6 +64,8 @@ void InitSha512(Sha512* sha512)
    sha512->buffLen = 0;
    sha512->loLen   = 0;
    sha512->hiLen   = 0;
+
+    return 0;
 }


@@ -190,7 +197,7 @@ static INLINE void AddLength(Sha512* sha512, word32 len)
 }


-void Sha512Update(Sha512* sha512, const byte* data, word32 len)
+int Sha512Update(Sha512* sha512, const byte* data, word32 len)
 {
    /* do block size increments */
    byte* local = (byte*)sha512->buffer;
@@ -213,10 +220,11 @@ void Sha512Update(Sha512* sha512, const byte* data, word32 len)
            sha512->buffLen = 0;
        }
    }
+    return 0;
 }


-void Sha512Final(Sha512* sha512, byte* hash)
+int Sha512Final(Sha512* sha512, byte* hash)
 {
    byte* local = (byte*)sha512->buffer;

@@ -256,7 +264,7 @@ void Sha512Final(Sha512* sha512, byte* hash)
    #endif
    XMEMCPY(hash, sha512->digest, SHA512_DIGEST_SIZE);

-    InitSha512(sha512);  /* reset state */
+    return InitSha512(sha512);  /* reset state */
 }


--- a/ctaocrypt/test/test.c
+++ b/ctaocrypt/test/test.c
@@ -991,6 +991,7 @@ int sha512_test(void)
 {
    Sha512 sha;
    byte   hash[SHA512_DIGEST_SIZE];
+    int    ret;

    testVector a, b;
    testVector test_sha[2];
@@ -1018,7 +1019,9 @@ int sha512_test(void)
    test_sha[0] = a;
    test_sha[1] = b;

-    InitSha512(&sha);
+    ret = InitSha512(&sha);
+    if (ret != 0)
+        return -4009;

    for (i = 0; i < times; ++i) {
        Sha512Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen);
--- a/cyassl/ctaocrypt/sha512.h
+++ b/cyassl/ctaocrypt/sha512.h
@@ -51,9 +51,9 @@ typedef struct Sha512 {
 } Sha512;


-CYASSL_API void InitSha512(Sha512*);
-CYASSL_API void Sha512Update(Sha512*, const byte*, word32);
-CYASSL_API void Sha512Final(Sha512*, byte*);
+CYASSL_API int InitSha512(Sha512*);
+CYASSL_API int Sha512Update(Sha512*, const byte*, word32);
+CYASSL_API int Sha512Final(Sha512*, byte*);


 #if defined(CYASSL_SHA384) || defined(HAVE_AESGCM)
@@ -81,6 +81,22 @@ CYASSL_API void InitSha384(Sha384*);
 CYASSL_API void Sha384Update(Sha384*, const byte*, word32);
 CYASSL_API void Sha384Final(Sha384*, byte*);

+
+#ifdef HAVE_FIPS
+    /* fips wrapper calls, user can call direct */
+    CYASSL_API int InitSha512_fips(Sha512*);
+    CYASSL_API int Sha512Update_fips(Sha512*, const byte*, word32);
+    CYASSL_API int Sha512Final_fips(Sha512*, byte*);
+    #ifndef FIPS_NO_WRAPPERS
+        /* if not impl or fips.c impl wrapper force fips calls if fips build */
+        #define InitSha512   InitSha512_fips
+        #define Sha512Update Sha512Update_fips
+        #define Sha512Final  Sha512Final_fips
+    #endif /* FIPS_NO_WRAPPERS */
+
+#endif /* HAVE_FIPS */
+
+
 #endif /* CYASSL_SHA384 */

 #ifdef __cplusplus
--- a/mcapi/crypto.c
+++ b/mcapi/crypto.c
@@ -207,9 +207,7 @@ int CRYPT_SHA512_Initialize(CRYPT_SHA512_CTX* sha512)
    if (sha512 == NULL)
        return BAD_FUNC_ARG;

-    InitSha512((Sha512*)sha512);
-
-    return 0;
+    return InitSha512((Sha512*)sha512);
 }


--- a/mcapi/mcapi_test.c
+++ b/mcapi/mcapi_test.c
@@ -279,7 +279,7 @@ static int check_sha256(void)
    CRYPT_SHA256_Initialize(&mcSha256);
    ret = InitSha256(&defSha256);
    if (ret != 0) {
-        printf("sha init default failed\n");
+        printf("sha256 init default failed\n");
        return -1;
    }

@@ -335,7 +335,11 @@ static int check_sha512(void)
    byte             defDigest[SHA512_DIGEST_SIZE];

    CRYPT_SHA512_Initialize(&mcSha512);
-    InitSha512(&defSha512);
+    ret = InitSha512(&defSha512);
+    if (ret != 0) {
+        printf("sha512 init default failed\n");
+        return -1;
+    }

    CRYPT_SHA512_DataAdd(&mcSha512, ourData, OUR_DATA_SIZE);
    Sha512Update(&defSha512, ourData, OUR_DATA_SIZE);
--- a/src/internal.c
+++ b/src/internal.c
@@ -4486,7 +4486,7 @@ static INLINE void Sha512Rounds(int rounds, const byte* data, int sz)
    Sha512 sha512;
    int i;

-    InitSha512(&sha512);
+    InitSha512(&sha512);  /* no error check on purpose, dummy round */

    for (i = 0; i < rounds; i++)
        Sha512Update(&sha512, data, sz);
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -6592,7 +6592,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
        (void)sizeof(sha_test);

        CYASSL_ENTER("SHA512_Init");
-        InitSha512((Sha512*)sha);
+        InitSha512((Sha512*)sha);  /* OpenSSL compat, no error */
    }


--- a/tests/hash.c
+++ b/tests/hash.c
@@ -402,6 +402,7 @@ int sha512_test(void)
 {
    Sha512 sha;
    byte   hash[SHA512_DIGEST_SIZE];
+    int    ret;

    testVector a, b;
    testVector test_sha[2];
@@ -429,7 +430,9 @@ int sha512_test(void)
    test_sha[0] = a;
    test_sha[1] = b;

-    InitSha512(&sha);
+    ret = InitSha512(&sha);
+    if (ret != 0)
+        return -4009;

    for (i = 0; i < times; ++i) {
        Sha512Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen);