Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .wolfssl_known_macro_extras
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,7 @@ CONFIG_CRYPTO_GCM
CONFIG_CRYPTO_HMAC
CONFIG_CRYPTO_MANAGER
CONFIG_CRYPTO_RSA
CONFIG_CRYPTO_SELFTESTS
Comment thread
dgarske marked this conversation as resolved.
CONFIG_CRYPTO_SELFTESTS_FULL
CONFIG_CRYPTO_SHA1
CONFIG_CRYPTO_SHA256
Expand Down
23 changes: 23 additions & 0 deletions linuxkm/linuxkm_wc_port.h
Original file line number Diff line number Diff line change
Expand Up @@ -371,6 +371,29 @@
#include <linux/kernel.h>
#include <linux/ctype.h>

#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 16, 0)
#if defined(CONFIG_CRYPTO_MANAGER) && !defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)
#define WC_LINUXKM_HAVE_SELFTEST
#endif
#if defined(WC_LINUXKM_HAVE_SELFTEST) && defined(CONFIG_CRYPTO_MANAGER_EXTRA_TESTS)
#define WC_LINUXKM_HAVE_SELFTEST_FULL
#endif
#else
/* see Linux 698de822780f */
#if defined(CONFIG_CRYPTO_MANAGER) && defined(CONFIG_CRYPTO_SELFTESTS)
#define WC_LINUXKM_HAVE_SELFTEST
#endif
/* see Linux ac90aad0e9 */
#if defined(WC_LINUXKM_HAVE_SELFTEST) && defined(CONFIG_CRYPTO_SELFTESTS_FULL)
#define WC_LINUXKM_HAVE_SELFTEST_FULL
#endif
#endif

/* Kernel non-FIPS self-test ("testmgr") has a KAT with all-zeros keys. */
#if defined(WC_LINUXKM_HAVE_SELFTEST) && !defined(HAVE_FIPS)
#define WC_AES_XTS_ALLOW_DUPLICATE_KEYS
#endif

#if defined(CONFIG_FORTIFY_SOURCE) || defined(DEBUG_LINUXKM_FORTIFY_OVERLAY)
#ifdef WC_CONTAINERIZE_THIS
/* the inline definitions in fortify-string.h use non-inline
Expand Down
18 changes: 6 additions & 12 deletions linuxkm/lkcapi_aes_glue.c
Original file line number Diff line number Diff line change
Expand Up @@ -3832,12 +3832,11 @@ static int aes_xts_128_test(void)
0xff, 0x8d, 0xbc, 0x1d, 0x9f, 0x7f, 0xc8, 0x22
};

#ifndef HAVE_FIPS /* FIPS requires different keys for main and tweak. */
static const unsigned char k3[] = {
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x21,
};
static const unsigned char i3[] = {
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
Expand All @@ -3851,13 +3850,12 @@ static int aes_xts_128_test(void)
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20
};
static const unsigned char c3[] = {
0xA2, 0x07, 0x47, 0x76, 0x3F, 0xEC, 0x0C, 0x23,
0x1B, 0xD0, 0xBD, 0x46, 0x9A, 0x27, 0x38, 0x12,
0x95, 0x02, 0x3D, 0x5D, 0xC6, 0x94, 0x51, 0x36,
0xA0, 0x85, 0xD2, 0x69, 0x6E, 0x87, 0x0A, 0xBF,
0xB5, 0x5A, 0xDD, 0xCB, 0x80, 0xE0, 0xFC, 0xCD
0x39, 0x06, 0xE7, 0xF3, 0x33, 0x0B, 0x1B, 0x1D,
0x2B, 0x11, 0xB0, 0xB7, 0xAF, 0x43, 0xB1, 0x8F,
0xE6, 0xBE, 0x79, 0x34, 0xBD, 0x31, 0x64, 0x3D,
0xA1, 0x16, 0xB5, 0xF0, 0x9B, 0x1D, 0x41, 0xF2,
0x3F, 0xED, 0x11, 0x37, 0xCB, 0x4D, 0xAD, 0xA4
};
#endif /* HAVE_FIPS */

if ((aes = (XtsAes *)XMALLOC(sizeof(*aes), NULL, DYNAMIC_TYPE_AES))
== NULL)
Expand Down Expand Up @@ -4048,8 +4046,6 @@ static int aes_xts_128_test(void)
goto out;
}

#ifndef HAVE_FIPS

/* Test ciphertext stealing in-place. */
XMEMCPY(buf, p3, sizeof(p3));
ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_ENCRYPTION);
Expand All @@ -4075,8 +4071,6 @@ static int aes_xts_128_test(void)
goto out;
}

#endif /* HAVE_FIPS */

{
#define LARGE_XTS_SZ 1024
int i;
Expand Down
33 changes: 11 additions & 22 deletions linuxkm/lkcapi_glue.c
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,7 @@
#error LINUXKM_LKCAPI_REGISTER is supported only on Linux kernel versions >= 5.4.0.
#endif

#if defined(CONFIG_CRYPTO_MANAGER) && \
!defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)
#ifdef WC_LINUXKM_HAVE_SELFTEST
/* kernel crypto self-test includes test setups that have different expected
* results FIPS vs non-FIPS, and the required kernel exported symbol
* "fips_enabled" is only available in CONFIG_CRYPTO_FIPS kernels (otherwise
Expand Down Expand Up @@ -65,8 +64,7 @@
#define WOLFSSL_LINUXKM_LKCAPI_PRIORITY 100000
#endif

#if defined(CONFIG_CRYPTO_MANAGER_EXTRA_TESTS) || \
defined(CONFIG_CRYPTO_SELFTESTS_FULL)
#ifdef WC_LINUXKM_HAVE_SELFTEST_FULL
static int disable_setkey_warnings = 0;
#else
#define disable_setkey_warnings 0
Expand Down Expand Up @@ -227,8 +225,7 @@ static wolfSSL_Atomic_Int linuxkm_lkcapi_registering_now = WOLFSSL_ATOMIC_INITIA
static int linuxkm_lkcapi_register(void);
static int linuxkm_lkcapi_unregister(void);

#if defined(HAVE_FIPS) && defined(CONFIG_CRYPTO_MANAGER) && \
!defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)
#if defined(HAVE_FIPS) && defined(WC_LINUXKM_HAVE_SELFTEST)
static int enabled_fips = 0;
#endif

Expand Down Expand Up @@ -271,8 +268,7 @@ static ssize_t deinstall_algs_handler(struct kobject *kobj, struct kobj_attribut
if (ret != 0)
return ret;

#if defined(HAVE_FIPS) && defined(CONFIG_CRYPTO_MANAGER) && \
!defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)
#if defined(HAVE_FIPS) && defined(WC_LINUXKM_HAVE_SELFTEST)
if (enabled_fips) {
pr_info("wolfCrypt: restoring fips_enabled to off.\n");
enabled_fips = fips_enabled = 0;
Expand Down Expand Up @@ -343,17 +339,15 @@ static int linuxkm_lkcapi_register(void)
if (ret)
goto out;

#if defined(CONFIG_CRYPTO_MANAGER_EXTRA_TESTS) || \
defined(CONFIG_CRYPTO_SELFTESTS_FULL)
#ifdef WC_LINUXKM_HAVE_SELFTEST_FULL
/* temporarily disable warnings around setkey failures, which are expected
* from the crypto fuzzer in FIPS configs, and potentially in others.
* unexpected setkey failures are fatal errors returned by the fuzzer.
*/
disable_setkey_warnings = 1;
#endif
#if !defined(LINUXKM_DONT_FORCE_FIPS_ENABLED) && \
defined(HAVE_FIPS) && defined(CONFIG_CRYPTO_MANAGER) && \
!defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)
defined(HAVE_FIPS) && defined(WC_LINUXKM_HAVE_SELFTEST)
if (! fips_enabled) {
/* assert system-wide FIPS status, to disable FIPS-forbidden
* test vectors and fuzzing from the CRYPTO_MANAGER.
Expand Down Expand Up @@ -397,8 +391,7 @@ static int linuxkm_lkcapi_register(void)
} \
} while (0)

#if defined(HAVE_FIPS) && defined(CONFIG_CRYPTO_MANAGER) && \
!defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)
#if defined(HAVE_FIPS) && defined(WC_LINUXKM_HAVE_SELFTEST)
/* Same as above, but allow for option to skip problematic algs that are
* not consistently labeled fips_allowed in crypto/testmgr.c, and hence
* may be rejected by the kernel at runtime if is_fips is true. */
Expand Down Expand Up @@ -560,8 +553,7 @@ static int linuxkm_lkcapi_register(void)
#ifdef LINUXKM_LKCAPI_REGISTER_ECDSA
#if (LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0)) && \
defined(HAVE_FIPS) && defined(CONFIG_CRYPTO_FIPS) && \
defined(CONFIG_CRYPTO_MANAGER) && \
!defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)
defined(WC_LINUXKM_HAVE_SELFTEST)
/*
* ecdsa was not recognized as fips_allowed before linux v6.3
* in kernel crypto/testmgr.c.
Expand Down Expand Up @@ -601,8 +593,7 @@ static int linuxkm_lkcapi_register(void)

#if (LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0)) && \
defined(HAVE_FIPS) && defined(CONFIG_CRYPTO_FIPS) && \
defined(CONFIG_CRYPTO_MANAGER) && \
!defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)
defined(WC_LINUXKM_HAVE_SELFTEST)
#endif

#endif /* LINUXKM_LKCAPI_REGISTER_ECDSA */
Expand All @@ -624,8 +615,7 @@ static int linuxkm_lkcapi_register(void)
* enabled. Failures because of !fips_allowed are skipped over.
*/
#if defined(HAVE_FIPS) && defined(CONFIG_CRYPTO_FIPS) && \
defined(CONFIG_CRYPTO_MANAGER) && \
!defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)
defined(WC_LINUXKM_HAVE_SELFTEST)
#if defined(LINUXKM_ECC192)
REGISTER_ALG_OPTIONAL(ecdh_nist_p192, kpp, linuxkm_test_ecdh_nist_p192);
#endif /* LINUXKM_ECC192 */
Expand Down Expand Up @@ -724,8 +714,7 @@ static int linuxkm_lkcapi_register(void)
#undef REGISTER_ALG
#undef REGISTER_ALG_OPTIONAL

#if defined(CONFIG_CRYPTO_MANAGER_EXTRA_TESTS) || \
defined(CONFIG_CRYPTO_SELFTESTS_FULL)
#ifdef WC_LINUXKM_HAVE_SELFTEST_FULL
disable_setkey_warnings = 0;
#endif

Expand Down
19 changes: 19 additions & 0 deletions tests/api/test_aes.c
Original file line number Diff line number Diff line change
Expand Up @@ -5132,6 +5132,9 @@ int test_wc_AesXtsSetKey(void)
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
};
#if defined(HAVE_FIPS) || !defined(WC_AES_XTS_ALLOW_DUPLICATE_KEYS)
static const byte dupKey32[AES_256_KEY_SIZE * 2] = { 0 };
#endif
byte* key;
word32 keyLen;

Expand Down Expand Up @@ -5177,6 +5180,22 @@ int test_wc_AesXtsSetKey(void)
AES_ENCRYPTION, NULL, INVALID_DEVID), WC_NO_ERR_TRACE(WC_KEY_SIZE_E));
ExpectIntEQ(wc_AesXtsSetKey(&aes, key, keyLen, -2, NULL, INVALID_DEVID),
WC_NO_ERR_TRACE(BAD_FUNC_ARG));

#if defined(HAVE_FIPS) || !defined(WC_AES_XTS_ALLOW_DUPLICATE_KEYS)
#ifdef WOLFSSL_AES_128
ExpectIntEQ(wc_AesXtsSetKey(&aes, dupKey32, AES_128_KEY_SIZE * 2,
AES_ENCRYPTION, NULL, INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
#endif
#if defined(WOLFSSL_AES_192) && !defined(HAVE_FIPS)
ExpectIntEQ(wc_AesXtsSetKey(&aes, dupKey32, AES_192_KEY_SIZE * 2,
AES_ENCRYPTION, NULL, INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
#endif
#ifdef WOLFSSL_AES_256
ExpectIntEQ(wc_AesXtsSetKey(&aes, dupKey32, AES_256_KEY_SIZE * 2,
AES_ENCRYPTION, NULL, INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
#endif
#endif /* HAVE_FIPS || !WC_AES_XTS_ALLOW_DUPLICATE_KEYS */

#endif
return EXPECT_RESULT();
} /* END test_wc_AesXtsSetKey */
Expand Down
4 changes: 2 additions & 2 deletions wolfcrypt/src/aes.c
Original file line number Diff line number Diff line change
Expand Up @@ -15517,9 +15517,9 @@ int wc_AesXtsSetKeyNoInit(XtsAes* aes, const byte* key, word32 len, int dir)

keySz = len/2;

#ifdef HAVE_FIPS
#if defined(HAVE_FIPS) || !defined(WC_AES_XTS_ALLOW_DUPLICATE_KEYS)
if (XMEMCMP(key, key + keySz, keySz) == 0) {
WOLFSSL_MSG("FIPS AES-XTS main and tweak keys must differ");
WOLFSSL_MSG("AES-XTS main and tweak keys must differ");
return BAD_FUNC_ARG;
}
#endif
Expand Down
30 changes: 12 additions & 18 deletions wolfcrypt/test/test.c
Original file line number Diff line number Diff line change
Expand Up @@ -16604,7 +16604,6 @@ static wc_test_ret_t aes_xts_partial_test_common(XtsAes *aes,
* structurally identical and only differ in the key constants and expected
* ciphertext.
*/
#ifndef HAVE_FIPS
static wc_test_ret_t aes_xts_inplace_test_common(XtsAes *aes,
const unsigned char *k3, word32 k3Sz,
const unsigned char *i3, word32 i3Sz,
Expand Down Expand Up @@ -16707,7 +16706,6 @@ static wc_test_ret_t aes_xts_inplace_test_common(XtsAes *aes,
out:
return ret;
}
#endif /* !HAVE_FIPS */

/* test vectors from http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html */
#ifdef WOLFSSL_AES_128
Expand Down Expand Up @@ -16933,14 +16931,13 @@ static wc_test_ret_t aes_xts_128_partial_test(XtsAes *aes)
p2, sizeof(p2), c2, sizeof(c2));
}

#ifndef HAVE_FIPS
static wc_test_ret_t aes_xts_128_inplace_test(XtsAes *aes)
{
WOLFSSL_SMALL_STACK_STATIC const unsigned char k3[] = {
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x21
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char i3[] = {
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
Expand All @@ -16954,17 +16951,16 @@ static wc_test_ret_t aes_xts_128_inplace_test(XtsAes *aes)
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char c3[] = {
0xA2, 0x07, 0x47, 0x76, 0x3F, 0xEC, 0x0C, 0x23,
0x1B, 0xD0, 0xBD, 0x46, 0x9A, 0x27, 0x38, 0x12,
0x95, 0x02, 0x3D, 0x5D, 0xC6, 0x94, 0x51, 0x36,
0xA0, 0x85, 0xD2, 0x69, 0x6E, 0x87, 0x0A, 0xBF,
0xB5, 0x5A, 0xDD, 0xCB, 0x80, 0xE0, 0xFC, 0xCD
0x39, 0x06, 0xE7, 0xF3, 0x33, 0x0B, 0x1B, 0x1D,
0x2B, 0x11, 0xB0, 0xB7, 0xAF, 0x43, 0xB1, 0x8F,
0xE6, 0xBE, 0x79, 0x34, 0xBD, 0x31, 0x64, 0x3D,
0xA1, 0x16, 0xB5, 0xF0, 0x9B, 0x1D, 0x41, 0xF2,
0x3F, 0xED, 0x11, 0x37, 0xCB, 0x4D, 0xAD, 0xA4
};
return aes_xts_inplace_test_common(aes,
k3, sizeof(k3), i3, sizeof(i3),
p3, sizeof(p3), c3, sizeof(c3));
}
#endif /* !HAVE_FIPS */

#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
!defined(WOLFSSL_AFALG)
Expand Down Expand Up @@ -17047,11 +17043,9 @@ static wc_test_ret_t aes_xts_128_test(void)
if (ret != 0)
ERROR_OUT(ret, out);

#ifndef HAVE_FIPS
ret = aes_xts_128_inplace_test(aes);
if (ret != 0)
ERROR_OUT(ret, out);
#endif /* !HAVE_FIPS */

#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
!defined(WOLFSSL_AFALG)
Expand Down Expand Up @@ -17313,7 +17307,7 @@ static wc_test_ret_t aes_xts_192_inplace_test(XtsAes *aes)
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x21
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char i3[] = {
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
Expand All @@ -17327,11 +17321,11 @@ static wc_test_ret_t aes_xts_192_inplace_test(XtsAes *aes)
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char c3[] = {
0xa4, 0xf2, 0x71, 0x5d, 0x80, 0x60, 0x68, 0xa0,
0x80, 0x61, 0xd7, 0xc1, 0x55, 0xc8, 0x3a, 0x2e,
0xd7, 0xf4, 0x62, 0xaf, 0xbd, 0x2d, 0xf9, 0x5f,
0xe8, 0xc5, 0x99, 0x3d, 0x58, 0x3c, 0xeb, 0xba,
0x86, 0xea, 0x2c, 0x7e, 0x1f, 0xba, 0x81, 0xde
0x72, 0x7A, 0xBC, 0x25, 0x37, 0x20, 0x65, 0x1E,
0xF8, 0x45, 0xB0, 0x16, 0xE7, 0xEE, 0xDA, 0x36,
0xAB, 0x4F, 0xF4, 0xDB, 0x3C, 0xFB, 0x75, 0x19,
0xA3, 0x01, 0x74, 0x28, 0xD5, 0x92, 0x09, 0x7A,
0xDB, 0x0D, 0x96, 0x9F, 0xB7, 0xA2, 0xB7, 0x57
};
return aes_xts_inplace_test_common(aes,
k3, sizeof(k3), i3, sizeof(i3),
Expand Down
12 changes: 6 additions & 6 deletions wrapper/rust/wolfssl-wolfcrypt/src/aes.rs
Original file line number Diff line number Diff line change
Expand Up @@ -2725,7 +2725,7 @@ impl Drop for XTS {
/// 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
/// 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
/// 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
/// 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
/// 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x21,
/// ];
/// let tweak: [u8; 16] = [
/// 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
Expand All @@ -2739,11 +2739,11 @@ impl Drop for XTS {
/// 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20
/// ];
/// let expected_cipher: [u8; 40] = [
/// 0xA2, 0x07, 0x47, 0x76, 0x3F, 0xEC, 0x0C, 0x23,
/// 0x1B, 0xD0, 0xBD, 0x46, 0x9A, 0x27, 0x38, 0x12,
/// 0x95, 0x02, 0x3D, 0x5D, 0xC6, 0x94, 0x51, 0x36,
/// 0xA0, 0x85, 0xD2, 0x69, 0x6E, 0x87, 0x0A, 0xBF,
/// 0xB5, 0x5A, 0xDD, 0xCB, 0x80, 0xE0, 0xFC, 0xCD
/// 0x39, 0x06, 0xE7, 0xF3, 0x33, 0x0B, 0x1B, 0x1D,
/// 0x2B, 0x11, 0xB0, 0xB7, 0xAF, 0x43, 0xB1, 0x8F,
/// 0xE6, 0xBE, 0x79, 0x34, 0xBD, 0x31, 0x64, 0x3D,
/// 0xA1, 0x16, 0xB5, 0xF0, 0x9B, 0x1D, 0x41, 0xF2,
/// 0x3F, 0xED, 0x11, 0x37, 0xCB, 0x4D, 0xAD, 0xA4
/// ];
///
/// let mut xtsstream = XTSStream::new().expect("Failed to create XTSStream");
Expand Down
Loading