From 7cccaa98b765fcc695661e19ab09dcd4ef431410 Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Fri, 10 Dec 2021 14:44:20 -0700 Subject: [PATCH] The minimal changes needed to add KCAPI support with fips-ready --- configure.ac | 45 +++++++++++++++++++++++++-- tests/unit.c | 39 ++++++++++++++++++++--- testsuite/testsuite.c | 4 +++ wolfcrypt/src/aes.c | 6 +++- wolfcrypt/src/port/kcapi/kcapi_hmac.c | 5 +++ 5 files changed, 92 insertions(+), 7 deletions(-) diff --git a/configure.ac b/configure.ac index c70dd4891..3a00dac8e 100644 --- a/configure.ac +++ b/configure.ac @@ -1850,7 +1850,7 @@ then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT" fi AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KCAPI_AES" - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KCAPI_HASH" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KCAPI_HASH -DWOLFSSL_KCAPI_HASH_KEEP" # Linux Kernel doesn't support truncated SHA512 algorithms AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KCAPI_HMAC" @@ -3425,7 +3425,7 @@ fi # FIPS AS_CASE([$FIPS_VERSION], - [v5*], [ # FIPS 140-3, including 140-3 ready + [v5], [ # FIPS 140-3 AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_ECDSA_SET_K" ENABLED_KEYGEN="yes"; ENABLED_SHA224="yes"; ENABLED_DES3="no" # Shake256 is a SHA-3 algorithm not in our FIPS algorithm list @@ -3466,6 +3466,47 @@ AS_CASE([$FIPS_VERSION], fi fi ], + [v5-ready], [ # FIPS 140-3 ready + AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR -DWOLFSSL_KEY_GEN -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_ECDSA_SET_K" + ENABLED_KEYGEN="yes"; ENABLED_SHA224="yes"; ENABLED_DES3="no" + # Shake256 is a SHA-3 algorithm not in our FIPS algorithm list + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE256" + ENABLED_SHAKE256=no + # SHA512-224 and SHA512-256 are SHA-2 algorithms not in our FIPS algorithm list + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256" + AS_IF([test "x$ENABLED_AESCCM" = "xyes"], # AESCCM optional with fips-ready + [AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"]) + AS_IF([test "x$ENABLED_RSAPSS" != "xyes"], + [ENABLED_RSAPSS="yes"; AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"]) + AS_IF([test "x$ENABLED_ECC" != "xyes"], + [ENABLED_ECC="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256" + AS_IF([test "x$ENABLED_ECC_SHAMIR" = "xyes"], + [AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])], + [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_ECC_IMPORT -DWOLFSSL_VALIDATE_ECC_KEYGEN"]) + AS_IF([test "x$ENABLED_AESCTR" = "xyes"], + [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"]) # AESCTR optional with fips-ready + AS_IF([test "x$ENABLED_CMAC" = "xyes"], + [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC"]) # CMAC optional with fips-ready + AS_IF([test "x$ENABLED_HKDF" != "xyes"], + [ENABLED_HKDF="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"]) + AS_IF([test "x$ENABLED_INTELASM" = "xyes"], + [AM_CFLAGS="$AM_CFLAGS -DFORCE_FAILURE_RDSEED"]) + AS_IF([test "x$ENABLED_SHA512" = "xno"], + [ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"]) + AS_IF([test "x$ENABLED_AESGCM" = "xyes"], + [AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"]) # GCM optional with fips-ready + AS_IF([test "x$ENABLED_MD5" = "xyes"],[ENABLED_MD5="no"; ENABLED_OLD_TLS="no"; AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS"]) + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_ECC_IMPORT -DECC_USER_CURVES -DHAVE_ECC192 -DHAVE_ECC224 -DHAVE_ECC256 -DHAVE_ECC384 -DHAVE_ECC521" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ECDSA_SET_K -DWC_RNG_SEED_CB" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q" + AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_3072 -DHAVE_FFDHE_4096 -DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192" + DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=8192 + if test $HAVE_FIPS_VERSION_MINOR -ge 2; then + if test "x$ENABLED_AESOFB" = "xyes"; then # AESOFB optional with fips-ready + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_OFB" + fi + fi + ], ["v3"],[ # FIPS 140-2 Ready AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q -DWOLFSSL_ECDSA_SET_K" ENABLED_KEYGEN="yes" diff --git a/tests/unit.c b/tests/unit.c index e3f29528b..d1a502b06 100644 --- a/tests/unit.c +++ b/tests/unit.c @@ -78,50 +78,81 @@ int unit_test(int argc, char** argv) #endif #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 5) +#if !defined(NO_AES) && !defined(NO_AES_CBC) if (wc_RunCast_fips(FIPS_CAST_AES_CBC) != 0) { err_sys("AES-CBC CAST failed"); } +#endif +#ifdef HAVE_AESGCM if (wc_RunCast_fips(FIPS_CAST_AES_GCM) != 0) { err_sys("AES-GCM CAST failed"); } +#endif +#ifndef NO_SHA if (wc_RunCast_fips(FIPS_CAST_HMAC_SHA1) != 0) { err_sys("HMAC-SHA1 CAST failed"); } +#endif + /* the only non-optional CAST */ if (wc_RunCast_fips(FIPS_CAST_HMAC_SHA2_256) != 0) { err_sys("HMAC-SHA2-256 CAST failed"); } +#ifdef WOLFSSL_SHA512 if (wc_RunCast_fips(FIPS_CAST_HMAC_SHA2_512) != 0) { err_sys("HMAC-SHA2-512 CAST failed"); } +#endif +#ifdef WOLFSSL_SHA3 if (wc_RunCast_fips(FIPS_CAST_HMAC_SHA3_256) != 0) { err_sys("HMAC-SHA3-256 CAST failed"); } +#endif +#ifdef HAVE_HASHDRBG if (wc_RunCast_fips(FIPS_CAST_DRBG) != 0) { err_sys("Hash_DRBG CAST failed"); } +#endif +#ifndef NO_RSA if (wc_RunCast_fips(FIPS_CAST_RSA_SIGN_PKCS1v15) != 0) { err_sys("RSA sign CAST failed"); } +#endif +#if defined(HAVE_ECC_CDH) && defined(HAVE_ECC_CDH_CAST) + if (wc_RunCast_fips(FIPS_CAST_ECC_CDH) != 0) { + err_sys("RSA sign CAST failed"); + } +#endif +#ifdef HAVE_ECC_DHE if (wc_RunCast_fips(FIPS_CAST_ECC_PRIMITIVE_Z) != 0) { err_sys("ECC Primitive Z CAST failed"); } - if (wc_RunCast_fips(FIPS_CAST_DH_PRIMITIVE_Z) != 0) { - err_sys("DH Primitive Z CAST failed"); - } +#endif +#ifdef HAVE_ECC if (wc_RunCast_fips(FIPS_CAST_ECDSA) != 0) { err_sys("ECDSA CAST failed"); } +#endif +#ifndef NO_DH + if (wc_RunCast_fips(FIPS_CAST_DH_PRIMITIVE_Z) != 0) { + err_sys("DH Primitive Z CAST failed"); + } +#endif +#ifdef WOLFSSL_HAVE_PRF if (wc_RunCast_fips(FIPS_CAST_KDF_TLS12) != 0) { err_sys("KDF TLSv1.2 CAST failed"); } +#endif +#if defined(WOLFSSL_HAVE_PRF) && defined(WOLFSSL_TLS13) if (wc_RunCast_fips(FIPS_CAST_KDF_TLS13) != 0) { err_sys("KDF TLSv1.3 CAST failed"); } +#endif +#ifdef WOLFSSL_WOLFSSH if (wc_RunCast_fips(FIPS_CAST_KDF_SSH) != 0) { err_sys("KDF SSHv2.0 CAST failed"); } #endif - +#endif /* HAVE_FIPS && HAVE_FIPS_VERSION == 5 */ #ifdef WOLFSSL_ALLOW_SKIP_UNIT_TESTS if (argc == 1) #endif diff --git a/testsuite/testsuite.c b/testsuite/testsuite.c index 5b16d1bfc..c7e2b2fd0 100644 --- a/testsuite/testsuite.c +++ b/testsuite/testsuite.c @@ -603,6 +603,10 @@ int main(int argc, char** argv) wolfcrypt_test_args.argc = argc; wolfcrypt_test_args.argv = argv; +#ifdef WC_RNG_SEED_CB + wc_SetSeed_Cb(wc_GenerateSeed); +#endif + wolfSSL_Init(); ChangeToWolfRoot(); diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 09d9ee65a..cf013f6d2 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -1034,7 +1034,11 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits #elif defined(WOLFSSL_KCAPI_AES) /* Only CBC and GCM that are in wolfcrypt/src/port/kcapi/kcapi_aes.c */ - + #if defined(WOLFSSL_AES_COUNTER) || defined(HAVE_AESCCM) || \ + defined(WOLFSSL_CMAC) || defined(WOLFSSL_AES_OFB) || \ + defined(WOLFSSL_AES_CFB) || defined(HAVE_AES_ECB) + #define NEED_AES_TABLES + #endif #else /* using wolfCrypt software implementation */ diff --git a/wolfcrypt/src/port/kcapi/kcapi_hmac.c b/wolfcrypt/src/port/kcapi/kcapi_hmac.c index 7b6ebb656..5d4538d3a 100644 --- a/wolfcrypt/src/port/kcapi/kcapi_hmac.c +++ b/wolfcrypt/src/port/kcapi/kcapi_hmac.c @@ -105,6 +105,11 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) ret = BAD_FUNC_ARG; } +#ifdef HAVE_FIPS + if (length < HMAC_FIPS_MIN_KEY) + return HMAC_MIN_KEYLEN_E; +#endif + if (ret == 0) { switch (type) { #ifndef NO_MD5