From 432d5e375dc1377c3cc9962170befe97a6e234f1 Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Thu, 16 Jul 2026 11:03:07 -0600 Subject: [PATCH] Bare minimum change set to stabalize fips-ready --- fips-check.sh | 6 ++++-- fips-hash.sh | 6 ++++-- wolfcrypt/src/error.c | 15 +++++++++++++++ wolfssl/wolfcrypt/error-crypt.h | 14 ++++++++++++-- wolfssl/wolfcrypt/fips_test.h | 22 ++++++++++++++++++++-- 5 files changed, 55 insertions(+), 8 deletions(-) diff --git a/fips-check.sh b/fips-check.sh index fd7bad5ebfd..2cffedea60a 100755 --- a/fips-check.sh +++ b/fips-check.sh @@ -672,8 +672,10 @@ if [ "$DOCONFIGURE" = "yes" ]; then fi if [ -s wolfcrypt/src/fips_test.c ]; then - OUT=$(./wolfcrypt/test/testwolfcrypt | sed -n 's/hash = \(.*\)/\1/p') - NEWHASH=$(echo "$OUT" | cut -c1-64) + # Take the hash exactly as long as reported: the in core digest is + # SHA-256 (64 hex) up to FIPS v6.0.0 and SHA-512 (128 hex) from v7.0.0. + NEWHASH=$(./wolfcrypt/test/testwolfcrypt | \ + sed -n 's/^hash = \([0-9A-Fa-f][0-9A-Fa-f]*\).*$/\1/p' | head -1) if [ -n "$NEWHASH" ]; then cp wolfcrypt/src/fips_test.c wolfcrypt/src/fips_test.c.bak sed "s/^\".*\";/\"${NEWHASH}\";/" wolfcrypt/src/fips_test.c.bak > \ diff --git a/fips-hash.sh b/fips-hash.sh index 31a3f60755c..8585c4d6064 100755 --- a/fips-hash.sh +++ b/fips-hash.sh @@ -20,8 +20,10 @@ then exit 1 fi -OUT=$(./wolfcrypt/test/testwolfcrypt | sed -n 's/hash = \(.*\)/\1/p') -NEWHASH=$(echo "$OUT" | cut -c1-64) +# Take the hash exactly as long as reported: the in core digest is SHA-256 (64 +# hex) up to FIPS v6.0.0 and SHA-512 (128 hex) from v7.0.0 on. +NEWHASH=$(./wolfcrypt/test/testwolfcrypt | \ + sed -n 's/^hash = \([0-9A-Fa-f][0-9A-Fa-f]*\).*$/\1/p' | head -1) if test -n "$NEWHASH" then cp wolfcrypt/src/fips_test.c wolfcrypt/src/fips_test.c.bak diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c index 0cca67dc0cf..dbece3d4e37 100644 --- a/wolfcrypt/src/error.c +++ b/wolfcrypt/src/error.c @@ -695,6 +695,21 @@ const char* wc_GetErrorString(int error) case TSP_VERIFY_E: return "TSP token invalid or response doesn't match request error"; + case SLH_DSA_PCT_E: + return "wolfcrypt SLH-DSA Pairwise Consistency Test Failure"; + + case CMAC_KAT_FIPS_E: + return "wolfCrypt FIPS AES-CMAC Known Answer Test Failure"; + + case SHAKE_KAT_FIPS_E: + return "wolfCrypt FIPS SHAKE Known Answer Test Failure"; + + case DH_PCT_E: + return "wolfcrypt DH Pairwise Consistency Test Failure"; + + case AES_KW_KAT_FIPS_E: + return "wolfCrypt FIPS AES Key Wrap Known Answer Test Failure"; + case SEQ_OVERFLOW_E: return "Sequence counter would overflow"; diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h index 9bc5ff7bec9..f0172ed8c45 100644 --- a/wolfssl/wolfcrypt/error-crypt.h +++ b/wolfssl/wolfcrypt/error-crypt.h @@ -331,8 +331,18 @@ enum wolfCrypt_ErrorCodes { TSP_VERIFY_E = -1019, /* TSP token invalid or response doesn't * match request */ - WC_SPAN2_LAST_E = -1019, /* Update to indicate last used error code */ - WC_LAST_E = -1019, /* the last code used either here or in + SLH_DSA_PCT_E = -1020, /* SLH-DSA Pairwise Consistency Test failure */ + CMAC_KAT_FIPS_E = -1021, /* AES-CMAC KAT failure */ + SHAKE_KAT_FIPS_E = -1022, /* SHAKE KAT failure */ + DH_PCT_E = -1023, /* DH Pairwise Consistency Test failure. + * Retired in FIPS v7+ (classic DH left the + * module boundary); the code stays allocated + * so fips.c can report it as retired rather + * than unknown. */ + AES_KW_KAT_FIPS_E = -1024, /* AES Key Wrap KAT failure */ + + WC_SPAN2_LAST_E = -1024, /* Update to indicate last used error code */ + WC_LAST_E = -1024, /* the last code used either here or in * error-ssl.h */ WC_SPAN2_MIN_CODE_E = -1999, /* Last usable code in span 2 */ diff --git a/wolfssl/wolfcrypt/fips_test.h b/wolfssl/wolfcrypt/fips_test.h index de2b506df2c..67a703059ed 100644 --- a/wolfssl/wolfcrypt/fips_test.h +++ b/wolfssl/wolfcrypt/fips_test.h @@ -31,8 +31,21 @@ extern "C" { #endif +/* Added for FIPS v7.0.0 or later */ +#if defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(7,0) + /* The v7 integrity test is HMAC-SHA-512 keyed with a full SHA-512 + * block-size (128-byte) key, so the key is used as-is rather than being + * hashed down by HMAC. This makes FIPS_CAST_HMAC_SHA2_512 boot-critical; + * it was FIPS_CAST_HMAC_SHA2_256 through v6.0.0. */ + #ifndef WOLFSSL_SHA512 + #error FIPS v7 in core integrity check requires SHA2-512 + #endif + #define FIPS_IN_CORE_DIGEST_SIZE 64 + #define FIPS_IN_CORE_HASH_TYPE WC_SHA512 + #define FIPS_IN_CORE_KEY_SZ 128 + #define FIPS_IN_CORE_VERIFY_SZ FIPS_IN_CORE_KEY_SZ /* Added for FIPS v5.3 or later */ -#if defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3) +#elif defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3) /* Determine FIPS in core hash type and size */ #ifndef NO_SHA256 #define FIPS_IN_CORE_DIGEST_SIZE 32 @@ -80,7 +93,12 @@ enum FipsCastId { FIPS_CAST_XMSS = 23, FIPS_CAST_DRBG_SHA512 = 24, FIPS_CAST_SLH_DSA = 25, - FIPS_CAST_COUNT = 26 + /* Vendor-elected enhanced self-tests, appended so the ids above keep + * their v7.0.0 values. */ + FIPS_CAST_AES_CMAC = 26, + FIPS_CAST_SHAKE = 27, + FIPS_CAST_AES_KW = 28, + FIPS_CAST_COUNT = 29 }; enum FipsCastStateId {