WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'master' into ti

pull/1/head
toddouska 2014-06-11 11:57:11 -07:00
parent 8237319d80 ddf5924b3b
commit e30e1c40f7
7 changed files with 141 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ctaocrypt/src/error.c
View File

@ -277,6 +277,9 @@ const char* CTaoCryptGetErrorString(int error)
case RNG_FAILURE_E:
return "Random Number Generator failed";
case HMAC_MIN_KEYLEN_E:
return "FIPS Mode HMAC Minimum Key Length error";
default:
return "unknown error number";

5
ctaocrypt/src/hmac.c
View File

@ -131,6 +131,11 @@ int HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
if (ret != 0)
return ret;
#ifdef HAVE_FIPS
if (length < HMAC_FIPS_MIN_KEY)
return HMAC_MIN_KEYLEN_E;
#endif
switch (hmac->macType) {
#ifndef NO_MD5
case MD5:

32
ctaocrypt/test/test.c
View File

@ -1149,9 +1149,11 @@ int hmac_md5_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
#ifdef HAVE_CAVIUM
#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
if (i == 1)
continue; /* driver can't handle keys <= bytes */
continue; /* cavium can't handle short keys, fips not allowed */
#endif
#ifdef HAVE_CAVIUM
if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
return -20009;
#endif
@ -1224,9 +1226,11 @@ int hmac_sha_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
#ifdef HAVE_CAVIUM
#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
if (i == 1)
continue; /* driver can't handle keys <= bytes */
continue; /* cavium can't handle short keys, fips not allowed */
#endif
#ifdef HAVE_CAVIUM
if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
return -20010;
#endif
@ -1303,9 +1307,11 @@ int hmac_sha256_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
#ifdef HAVE_CAVIUM
#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
if (i == 1)
continue; /* driver can't handle keys <= bytes */
continue; /* cavium can't handle short keys, fips not allowed */
#endif
#ifdef HAVE_CAVIUM
if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
return -20011;
#endif
@ -1382,9 +1388,11 @@ int hmac_blake2b_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
#ifdef HAVE_CAVIUM
#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
if (i == 1)
continue; /* driver can't handle keys <= bytes */
continue; /* cavium can't handle short keys, fips not allowed */
#endif
#ifdef HAVE_CAVIUM
if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
return -20011;
#endif
@ -1465,6 +1473,10 @@ int hmac_sha384_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
#if defined(HAVE_FIPS)
if (i == 1)
continue; /* fips not allowed */
#endif
ret = HmacSetKey(&hmac, SHA384, (byte*)keys[i],(word32)strlen(keys[i]));
if (ret != 0)
return -4027;
@ -1541,6 +1553,10 @@ int hmac_sha512_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
#if defined(HAVE_FIPS)
if (i == 1)
continue; /* fips not allowed */
#endif
ret = HmacSetKey(&hmac, SHA512, (byte*)keys[i],(word32)strlen(keys[i]));
if (ret != 0)
return -4030;

6
cyassl/ctaocrypt/error-crypt.h
View File

@ -33,7 +33,7 @@
/* error codes */
enum {
MAX_CODE_E = -100, /* errors -101 - -199 */
MAX_CODE_E = -100, /* errors -101 - -299 */
OPEN_RAN_E = -101, /* opening random device error */
READ_RAN_E = -102, /* reading random device error */
WINCRYPT_E = -103, /* windows crypt init error */
@ -127,7 +127,9 @@ enum {
RNG_FAILURE_E = -199, /* RNG Failed, Reinitialize */
MIN_CODE_E = -200 /* errors -101 - -199 */
HMAC_MIN_KEYLEN_E = -200, /* FIPS Mode HMAC Minimum Key Length error */
MIN_CODE_E = -300 /* errors -101 - -299 */
};

2
cyassl/ctaocrypt/hmac.h
View File

@ -60,6 +60,8 @@
#define CYASSL_HMAC_CAVIUM_MAGIC 0xBEEF0005
enum {
HMAC_FIPS_MIN_KEY = 14, /* 112 bit key length minimum */
IPAD = 0x36,
OPAD = 0x5C,

174
cyassl/error-ssl.h
View File

@ -30,99 +30,99 @@
#endif
enum CyaSSL_ErrorCodes {
INPUT_CASE_ERROR = -201, /* process input state error */
PREFIX_ERROR = -202, /* bad index to key rounds */
MEMORY_ERROR = -203, /* out of memory */
VERIFY_FINISHED_ERROR = -204, /* verify problem on finished */
VERIFY_MAC_ERROR = -205, /* verify mac problem */
PARSE_ERROR = -206, /* parse error on header */
UNKNOWN_HANDSHAKE_TYPE = -207, /* weird handshake type */
SOCKET_ERROR_E = -208, /* error state on socket */
SOCKET_NODATA = -209, /* expected data, not there */
INCOMPLETE_DATA = -210, /* don't have enough data to
INPUT_CASE_ERROR = -301, /* process input state error */
PREFIX_ERROR = -302, /* bad index to key rounds */
MEMORY_ERROR = -303, /* out of memory */
VERIFY_FINISHED_ERROR = -304, /* verify problem on finished */
VERIFY_MAC_ERROR = -305, /* verify mac problem */
PARSE_ERROR = -306, /* parse error on header */
UNKNOWN_HANDSHAKE_TYPE = -307, /* weird handshake type */
SOCKET_ERROR_E = -308, /* error state on socket */
SOCKET_NODATA = -309, /* expected data, not there */
INCOMPLETE_DATA = -310, /* don't have enough data to
complete task */
UNKNOWN_RECORD_TYPE = -211, /* unknown type in record hdr */
DECRYPT_ERROR = -212, /* error during decryption */
FATAL_ERROR = -213, /* recvd alert fatal error */
ENCRYPT_ERROR = -214, /* error during encryption */
FREAD_ERROR = -215, /* fread problem */
NO_PEER_KEY = -216, /* need peer's key */
NO_PRIVATE_KEY = -217, /* need the private key */
RSA_PRIVATE_ERROR = -218, /* error during rsa priv op */
NO_DH_PARAMS = -219, /* server missing DH params */
BUILD_MSG_ERROR = -220, /* build message failure */
UNKNOWN_RECORD_TYPE = -311, /* unknown type in record hdr */
DECRYPT_ERROR = -312, /* error during decryption */
FATAL_ERROR = -313, /* recvd alert fatal error */
ENCRYPT_ERROR = -314, /* error during encryption */
FREAD_ERROR = -315, /* fread problem */
NO_PEER_KEY = -316, /* need peer's key */
NO_PRIVATE_KEY = -317, /* need the private key */
RSA_PRIVATE_ERROR = -318, /* error during rsa priv op */
NO_DH_PARAMS = -319, /* server missing DH params */
BUILD_MSG_ERROR = -320, /* build message failure */
BAD_HELLO = -221, /* client hello malformed */
DOMAIN_NAME_MISMATCH = -222, /* peer subject name mismatch */
WANT_READ = -223, /* want read, call again */
NOT_READY_ERROR = -224, /* handshake layer not ready */
PMS_VERSION_ERROR = -225, /* pre m secret version error */
VERSION_ERROR = -226, /* record layer version error */
WANT_WRITE = -227, /* want write, call again */
BUFFER_ERROR = -228, /* malformed buffer input */
VERIFY_CERT_ERROR = -229, /* verify cert error */
VERIFY_SIGN_ERROR = -230, /* verify sign error */
CLIENT_ID_ERROR = -231, /* psk client identity error */
SERVER_HINT_ERROR = -232, /* psk server hint error */
PSK_KEY_ERROR = -233, /* psk key error */
ZLIB_INIT_ERROR = -234, /* zlib init error */
ZLIB_COMPRESS_ERROR = -235, /* zlib compression error */
ZLIB_DECOMPRESS_ERROR = -236, /* zlib decompression error */
BAD_HELLO = -321, /* client hello malformed */
DOMAIN_NAME_MISMATCH = -322, /* peer subject name mismatch */
WANT_READ = -323, /* want read, call again */
NOT_READY_ERROR = -324, /* handshake layer not ready */
PMS_VERSION_ERROR = -325, /* pre m secret version error */
VERSION_ERROR = -326, /* record layer version error */
WANT_WRITE = -327, /* want write, call again */
BUFFER_ERROR = -328, /* malformed buffer input */
VERIFY_CERT_ERROR = -329, /* verify cert error */
VERIFY_SIGN_ERROR = -330, /* verify sign error */
CLIENT_ID_ERROR = -331, /* psk client identity error */
SERVER_HINT_ERROR = -332, /* psk server hint error */
PSK_KEY_ERROR = -333, /* psk key error */
ZLIB_INIT_ERROR = -334, /* zlib init error */
ZLIB_COMPRESS_ERROR = -335, /* zlib compression error */
ZLIB_DECOMPRESS_ERROR = -336, /* zlib decompression error */
GETTIME_ERROR = -237, /* gettimeofday failed ??? */
GETITIMER_ERROR = -238, /* getitimer failed ??? */
SIGACT_ERROR = -239, /* sigaction failed ??? */
SETITIMER_ERROR = -240, /* setitimer failed ??? */
LENGTH_ERROR = -241, /* record layer length error */
PEER_KEY_ERROR = -242, /* can't decode peer key */
ZERO_RETURN = -243, /* peer sent close notify */
SIDE_ERROR = -244, /* wrong client/server type */
NO_PEER_CERT = -245, /* peer didn't send key */
NTRU_KEY_ERROR = -246, /* NTRU key error */
NTRU_DRBG_ERROR = -247, /* NTRU drbg error */
NTRU_ENCRYPT_ERROR = -248, /* NTRU encrypt error */
NTRU_DECRYPT_ERROR = -249, /* NTRU decrypt error */
ECC_CURVETYPE_ERROR = -250, /* Bad ECC Curve Type */
ECC_CURVE_ERROR = -251, /* Bad ECC Curve */
ECC_PEERKEY_ERROR = -252, /* Bad Peer ECC Key */
ECC_MAKEKEY_ERROR = -253, /* Bad Make ECC Key */
ECC_EXPORT_ERROR = -254, /* Bad ECC Export Key */
ECC_SHARED_ERROR = -255, /* Bad ECC Shared Secret */
NOT_CA_ERROR = -257, /* Not a CA cert error */
BAD_PATH_ERROR = -258, /* Bad path for opendir */
BAD_CERT_MANAGER_ERROR = -259, /* Bad Cert Manager */
OCSP_CERT_REVOKED = -260, /* OCSP Certificate revoked */
CRL_CERT_REVOKED = -261, /* CRL Certificate revoked */
CRL_MISSING = -262, /* CRL Not loaded */
MONITOR_RUNNING_E = -263, /* CRL Monitor already running */
THREAD_CREATE_E = -264, /* Thread Create Error */
OCSP_NEED_URL = -265, /* OCSP need an URL for lookup */
OCSP_CERT_UNKNOWN = -266, /* OCSP responder doesn't know */
OCSP_LOOKUP_FAIL = -267, /* OCSP lookup not successful */
MAX_CHAIN_ERROR = -268, /* max chain depth exceeded */
COOKIE_ERROR = -269, /* dtls cookie error */
SEQUENCE_ERROR = -270, /* dtls sequence error */
SUITES_ERROR = -271, /* suites pointer error */
SSL_NO_PEM_HEADER = -272, /* no PEM header found */
OUT_OF_ORDER_E = -273, /* out of order message */
BAD_KEA_TYPE_E = -274, /* bad KEA type found */
SANITY_CIPHER_E = -275, /* sanity check on cipher error */
RECV_OVERFLOW_E = -276, /* RXCB returned more than rqed */
GEN_COOKIE_E = -277, /* Generate Cookie Error */
NO_PEER_VERIFY = -278, /* Need peer cert verify Error */
FWRITE_ERROR = -279, /* fwrite problem */
CACHE_MATCH_ERROR = -280, /* chache hdr match error */
UNKNOWN_SNI_HOST_NAME_E = -281, /* Unrecognized host name Error */
UNKNOWN_MAX_FRAG_LEN_E = -282, /* Unrecognized max frag len Error */
KEYUSE_SIGNATURE_E = -283, /* KeyUse digSignature error */
KEYUSE_ENCIPHER_E = -285, /* KeyUse keyEncipher error */
EXTKEYUSE_AUTH_E = -286, /* ExtKeyUse server|client_auth */
SEND_OOB_READ_E = -287, /* Send Cb out of bounds read */
GETTIME_ERROR = -337, /* gettimeofday failed ??? */
GETITIMER_ERROR = -338, /* getitimer failed ??? */
SIGACT_ERROR = -339, /* sigaction failed ??? */
SETITIMER_ERROR = -340, /* setitimer failed ??? */
LENGTH_ERROR = -341, /* record layer length error */
PEER_KEY_ERROR = -342, /* can't decode peer key */
ZERO_RETURN = -343, /* peer sent close notify */
SIDE_ERROR = -344, /* wrong client/server type */
NO_PEER_CERT = -345, /* peer didn't send key */
NTRU_KEY_ERROR = -346, /* NTRU key error */
NTRU_DRBG_ERROR = -347, /* NTRU drbg error */
NTRU_ENCRYPT_ERROR = -348, /* NTRU encrypt error */
NTRU_DECRYPT_ERROR = -349, /* NTRU decrypt error */
ECC_CURVETYPE_ERROR = -350, /* Bad ECC Curve Type */
ECC_CURVE_ERROR = -351, /* Bad ECC Curve */
ECC_PEERKEY_ERROR = -352, /* Bad Peer ECC Key */
ECC_MAKEKEY_ERROR = -353, /* Bad Make ECC Key */
ECC_EXPORT_ERROR = -354, /* Bad ECC Export Key */
ECC_SHARED_ERROR = -355, /* Bad ECC Shared Secret */
NOT_CA_ERROR = -357, /* Not a CA cert error */
BAD_PATH_ERROR = -358, /* Bad path for opendir */
BAD_CERT_MANAGER_ERROR = -359, /* Bad Cert Manager */
OCSP_CERT_REVOKED = -360, /* OCSP Certificate revoked */
CRL_CERT_REVOKED = -361, /* CRL Certificate revoked */
CRL_MISSING = -362, /* CRL Not loaded */
MONITOR_RUNNING_E = -363, /* CRL Monitor already running */
THREAD_CREATE_E = -364, /* Thread Create Error */
OCSP_NEED_URL = -365, /* OCSP need an URL for lookup */
OCSP_CERT_UNKNOWN = -366, /* OCSP responder doesn't know */
OCSP_LOOKUP_FAIL = -367, /* OCSP lookup not successful */
MAX_CHAIN_ERROR = -368, /* max chain depth exceeded */
COOKIE_ERROR = -369, /* dtls cookie error */
SEQUENCE_ERROR = -370, /* dtls sequence error */
SUITES_ERROR = -371, /* suites pointer error */
SSL_NO_PEM_HEADER = -372, /* no PEM header found */
OUT_OF_ORDER_E = -373, /* out of order message */
BAD_KEA_TYPE_E = -374, /* bad KEA type found */
SANITY_CIPHER_E = -375, /* sanity check on cipher error */
RECV_OVERFLOW_E = -376, /* RXCB returned more than rqed */
GEN_COOKIE_E = -377, /* Generate Cookie Error */
NO_PEER_VERIFY = -378, /* Need peer cert verify Error */
FWRITE_ERROR = -379, /* fwrite problem */
CACHE_MATCH_ERROR = -380, /* chache hdr match error */
UNKNOWN_SNI_HOST_NAME_E = -381, /* Unrecognized host name Error */
UNKNOWN_MAX_FRAG_LEN_E = -382, /* Unrecognized max frag len Error */
KEYUSE_SIGNATURE_E = -383, /* KeyUse digSignature error */
KEYUSE_ENCIPHER_E = -385, /* KeyUse keyEncipher error */
EXTKEYUSE_AUTH_E = -386, /* ExtKeyUse server|client_auth */
SEND_OOB_READ_E = -387, /* Send Cb out of bounds read */
/* add strings to SetErrorString !!!!! */
/* begin negotiation parameter errors */
UNSUPPORTED_SUITE = -290, /* unsupported cipher suite */
MATCH_SUITE_ERROR = -291 /* can't match cipher suite */
UNSUPPORTED_SUITE = -390, /* unsupported cipher suite */
MATCH_SUITE_ERROR = -391 /* can't match cipher suite */
/* end negotiation parameter errors only 10 for now */
/* add strings to SetErrorString !!!!! */
};

16
tests/hash.c
View File

@ -608,6 +608,10 @@ int hmac_md5_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
#if defined(HAVE_FIPS)
if (i == 1)
continue; /* fips not allowed */
#endif
ret = HmacSetKey(&hmac, MD5, (byte*)keys[i], (word32)strlen(keys[i]));
if (ret != 0)
return -4014;
@ -674,6 +678,10 @@ int hmac_sha_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
#if defined(HAVE_FIPS)
if (i == 1)
continue; /* fips not allowed */
#endif
ret = HmacSetKey(&hmac, SHA, (byte*)keys[i], (word32)strlen(keys[i]));
if (ret != 0)
return -4017;
@ -743,6 +751,10 @@ int hmac_sha256_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
#if defined(HAVE_FIPS)
if (i == 1)
continue; /* fips not allowed */
#endif
ret = HmacSetKey(&hmac,SHA256, (byte*)keys[i], (word32)strlen(keys[i]));
if (ret != 0)
return -4020;
@ -816,6 +828,10 @@ int hmac_sha384_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
#if defined(HAVE_FIPS)
if (i == 1)
continue; /* fips not allowed */
#endif
ret = HmacSetKey(&hmac,SHA384, (byte*)keys[i], (word32)strlen(keys[i]));
if (ret != 0)
return -4023;