wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-26 15:52:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

add FIPS protection to test.c usage of wc_HKDF_ex()

Browse Source
This commit is contained in:
Brett Nicholas
2025-09-29 11:12:13 -06:00
parent 26ed835ca1
commit 7b67dbaa31
1 changed files with 27 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
wolfcrypt/test/test.c
View File

@@ -27897,8 +27897,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void)
L = (int)sizeof(okm1);
#ifndef NO_SHA
#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)
ret = wc_HKDF_ex(WC_SHA, ikm1, (word32)sizeof(ikm1), NULL, 0, NULL, 0,
okm1, (word32)L, HEAP_HINT, devId);
okm1, (word32)L, HEAP_HINT, devId);
#else
ret = wc_HKDF(WC_SHA, ikm1, (word32)sizeof(ikm1), NULL, 0, NULL, 0,
okm1, (word32)L);
#endif
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
@@ -27908,8 +27913,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void)
#ifndef HAVE_FIPS
/* fips can't have key size under 14 bytes, salt is key too */
L = (int)sizeof(okm1);
ret = wc_HKDF_ex(WC_SHA, ikm1, 11, salt1, (word32)sizeof(salt1),
info1, (word32)sizeof(info1), okm1, (word32)L, HEAP_HINT, devId);
#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)
ret = wc_HKDF_ex(WC_SHA, ikm1, 11, salt1, (word32)sizeof(salt1), info1,
(word32)sizeof(info1), okm1, (word32)L, HEAP_HINT, devId);
#else
ret = wc_HKDF(WC_SHA, ikm1, 11, salt1, (word32)sizeof(salt1), info1,
(word32)sizeof(info1), okm1, (word32)L);
#endif
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
@@ -27919,8 +27929,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void)
#endif /* !NO_SHA */
#ifndef NO_SHA256
#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)
ret = wc_HKDF_ex(WC_SHA256, ikm1, (word32)sizeof(ikm1), NULL, 0, NULL, 0,
okm1, (word32)L, HEAP_HINT, devId);
#else
ret = wc_HKDF(WC_SHA256, ikm1, (word32)sizeof(ikm1), NULL, 0, NULL, 0,
okm1, (word32)L);
#endif
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
@@ -60810,12 +60825,21 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
else if (info->algo_type == WC_ALGO_TYPE_KDF) {
if (info->kdf.type == WC_KDF_TYPE_HKDF) {
/* Redirect to software implementation for testing */
#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)
ret = wc_HKDF_ex(info->kdf.hkdf.hashType,
info->kdf.hkdf.inKey, info->kdf.hkdf.inKeySz,
info->kdf.hkdf.salt, info->kdf.hkdf.saltSz,
info->kdf.hkdf.info, info->kdf.hkdf.infoSz,
info->kdf.hkdf.out, info->kdf.hkdf.outSz,
NULL, INVALID_DEVID);
#else
ret = wc_HKDF(info->kdf.hkdf.hashType,
info->kdf.hkdf.inKey, info->kdf.hkdf.inKeySz,
info->kdf.hkdf.salt, info->kdf.hkdf.saltSz,
info->kdf.hkdf.info, info->kdf.hkdf.infoSz,
info->kdf.hkdf.out, info->kdf.hkdf.outSz);
#endif
}
}
#endif /* HAVE_HKDF && !NO_HMAC */