WolfSSL
/
wolfssl-examples
mirror of https://github.com/wolfSSL/wolfssl-examples.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Allow the X9.146 examples to build against fips-ready.

pull/451/head
Anthony Hu 2024-08-27 15:32:40 -04:00
parent f707ad83da
commit 38e80d18ea
6 changed files with 141 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
X9.146/README.md
View File

@ -65,7 +65,7 @@ the call to `DoTls13Certificate()`, please search for the following messages to
confirm that the alternative signature was verified:
```
Alternative signature has been verified!
Alt signature has been verified!
Verified Peer's cert
```

28
X9.146/gen_dual_keysig_cert.c
View File

@ -50,6 +50,22 @@
#define SUBJECT_EMAIL "server@YourDomain.com"
#endif
#ifdef HAVE_FIPS
#include <wolfssl/wolfcrypt/fips_test.h>
static void myFipsCb(int ok, int err, const char* hash)
{
printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
printf("message = %s\n", wc_GetErrorString(err));
printf("hash = %s\n", hash);
if (err == IN_CORE_FIPS_E) {
printf("In core integrity hash check failure, copy above hash\n");
printf("into verifyCore[] in fips_test.c and rebuild\n");
}
}
#endif
static int do_certgen(int argc, char** argv)
{
int ret = 0;
@ -111,6 +127,18 @@ static int do_certgen(int argc, char** argv)
wolfSSL_Debugging_ON();
#endif
#ifdef WC_RNG_SEED_CB
wc_SetSeed_Cb(wc_GenerateSeed);
#endif
#if defined(HAVE_FIPS)
wolfCrypt_SetCb_fips(myFipsCb);
#if FIPS_VERSION3_GE(6,0,0)
printf("FIPS module version in use: %s\n",
wolfCrypt_GetVersion_fips());
#endif
#endif
ret = wc_InitRng(&rng);
if (ret != 0) goto exit;
initRng = 1;

28
X9.146/gen_ecdsa_falcon_dual_keysig_cert.c
View File

@ -74,6 +74,22 @@ int readFileIntoBuffer(char *fname, byte *buf, int *sz)
return ret;
}
#ifdef HAVE_FIPS
#include <wolfssl/wolfcrypt/fips_test.h>
static void myFipsCb(int ok, int err, const char* hash)
{
printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
printf("message = %s\n", wc_GetErrorString(err));
printf("hash = %s\n", hash);
if (err == IN_CORE_FIPS_E) {
printf("In core integrity hash check failure, copy above hash\n");
printf("into verifyCore[] in fips_test.c and rebuild\n");
}
}
#endif
static int do_certgen(int argc, char** argv)
{
int ret = 0;
@ -141,6 +157,18 @@ static int do_certgen(int argc, char** argv)
wolfSSL_Debugging_ON();
#endif
#ifdef WC_RNG_SEED_CB
wc_SetSeed_Cb(wc_GenerateSeed);
#endif
#if defined(HAVE_FIPS)
wolfCrypt_SetCb_fips(myFipsCb);
#if FIPS_VERSION3_GE(6,0,0)
printf("FIPS module version in use: %s\n",
wolfCrypt_GetVersion_fips());
#endif
#endif
if (argc != 2)
usage(argv[0]);

28
X9.146/gen_ecdsa_mldsa_dual_keysig_cert.c
View File

@ -74,6 +74,22 @@ int readFileIntoBuffer(char *fname, byte *buf, int *sz)
return ret;
}
#ifdef HAVE_FIPS
#include <wolfssl/wolfcrypt/fips_test.h>
static void myFipsCb(int ok, int err, const char* hash)
{
printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
printf("message = %s\n", wc_GetErrorString(err));
printf("hash = %s\n", hash);
if (err == IN_CORE_FIPS_E) {
printf("In core integrity hash check failure, copy above hash\n");
printf("into verifyCore[] in fips_test.c and rebuild\n");
}
}
#endif
static int do_certgen(int argc, char** argv)
{
int ret = 0;
@ -144,6 +160,18 @@ static int do_certgen(int argc, char** argv)
wolfSSL_Debugging_ON();
#endif
#ifdef WC_RNG_SEED_CB
wc_SetSeed_Cb(wc_GenerateSeed);
#endif
#if defined(HAVE_FIPS)
wolfCrypt_SetCb_fips(myFipsCb);
#if FIPS_VERSION3_GE(6,0,0)
printf("FIPS module version in use: %s\n",
wolfCrypt_GetVersion_fips());
#endif
#endif
if (argc != 2)
usage(argv[0]);

28
X9.146/gen_rsa_falcon_dual_keysig_cert.c
View File

@ -67,6 +67,22 @@ int readFileIntoBuffer(char *fname, byte *buf, int *sz)
return ret;
}
#ifdef HAVE_FIPS
#include <wolfssl/wolfcrypt/fips_test.h>
static void myFipsCb(int ok, int err, const char* hash)
{
printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
printf("message = %s\n", wc_GetErrorString(err));
printf("hash = %s\n", hash);
if (err == IN_CORE_FIPS_E) {
printf("In core integrity hash check failure, copy above hash\n");
printf("into verifyCore[] in fips_test.c and rebuild\n");
}
}
#endif
static int do_certgen(int argc, char** argv)
{
int ret = 0;
@ -128,6 +144,18 @@ static int do_certgen(int argc, char** argv)
wolfSSL_Debugging_ON();
#endif
#ifdef WC_RNG_SEED_CB
wc_SetSeed_Cb(wc_GenerateSeed);
#endif
#if defined(HAVE_FIPS)
wolfCrypt_SetCb_fips(myFipsCb);
#if FIPS_VERSION3_GE(6,0,0)
printf("FIPS module version in use: %s\n",
wolfCrypt_GetVersion_fips());
#endif
#endif
ret = wc_InitRng(&rng);
if (ret != 0) goto exit;
initRng = 1;

28
X9.146/gen_rsa_mldsa_dual_keysig_cert.c
View File

@ -67,6 +67,22 @@ int readFileIntoBuffer(char *fname, byte *buf, int *sz)
return ret;
}
#ifdef HAVE_FIPS
#include <wolfssl/wolfcrypt/fips_test.h>
static void myFipsCb(int ok, int err, const char* hash)
{
printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
printf("message = %s\n", wc_GetErrorString(err));
printf("hash = %s\n", hash);
if (err == IN_CORE_FIPS_E) {
printf("In core integrity hash check failure, copy above hash\n");
printf("into verifyCore[] in fips_test.c and rebuild\n");
}
}
#endif
static int do_certgen(int argc, char** argv)
{
int ret = 0;
@ -128,6 +144,18 @@ static int do_certgen(int argc, char** argv)
wolfSSL_Debugging_ON();
#endif
#ifdef WC_RNG_SEED_CB
wc_SetSeed_Cb(wc_GenerateSeed);
#endif
#if defined(HAVE_FIPS)
wolfCrypt_SetCb_fips(myFipsCb);
#if FIPS_VERSION3_GE(6,0,0)
printf("FIPS module version in use: %s\n",
wolfCrypt_GetVersion_fips());
#endif
#endif
ret = wc_InitRng(&rng);
if (ret != 0) goto exit;
initRng = 1;