From 221fd275fd892ef92ddb917e9196dd4bd1ebddf3 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 23 Sep 2022 14:15:22 -0700 Subject: [PATCH] Fixes for building without SHAKE. --- wolfcrypt/benchmark/benchmark.c | 18 +++++++++--------- wolfcrypt/src/rsa.c | 4 ++-- wolfssl/wolfcrypt/settings.h | 17 +++++++++++++++++ wolfssl/wolfcrypt/sha3.h | 14 ++++++++------ wolfssl/wolfcrypt/types.h | 23 ++++++++++------------- 5 files changed, 46 insertions(+), 30 deletions(-) diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 4e43229e3..f500cdbfa 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -632,13 +632,13 @@ static const bench_alg bench_digest_opt[] = { #ifndef WOLFSSL_NOSHA3_512 { "-sha3-512", BENCH_SHA3_512 }, #endif - #if !defined(WOLFSSL_NO_SHAKE128) || !defined(WOLFSSL_NO_SHAKE256) + #if defined(WOLFSSL_SHAKE128) || defined(WOLFSSL_SHAKE256) { "-shake", BENCH_SHAKE }, #endif - #ifndef WOLFSSL_NO_SHAKE128 + #ifdef WOLFSSL_SHAKE128 { "-shake128", BENCH_SHAKE128 }, #endif - #ifndef WOLFSSL_NO_SHAKE256 + #ifdef WOLFSSL_SHAKE256 { "-shake256", BENCH_SHAKE256 }, #endif #endif @@ -2096,7 +2096,7 @@ static void* benchmarks_do(void* args) #endif } #endif /* WOLFSSL_NOSHA3_512 */ - #ifndef WOLFSSL_NO_SHAKE128 + #ifdef WOLFSSL_SHAKE128 if (bench_all || (bench_digest_algs & BENCH_SHAKE128)) { #ifndef NO_SW_BENCH bench_shake128(0); @@ -2106,8 +2106,8 @@ static void* benchmarks_do(void* args) bench_shake128(1); #endif } - #endif /* WOLFSSL_NO_SHAKE128 */ - #ifndef WOLFSSL_NO_SHAKE256 + #endif /* WOLFSSL_SHAKE128 */ + #ifdef WOLFSSL_SHAKE256 if (bench_all || (bench_digest_algs & BENCH_SHAKE256)) { #ifndef NO_SW_BENCH bench_shake256(0); @@ -2117,7 +2117,7 @@ static void* benchmarks_do(void* args) bench_shake256(1); #endif } - #endif /* WOLFSSL_NO_SHAKE256 */ + #endif /* WOLFSSL_SHAKE256 */ #endif #ifdef WOLFSSL_RIPEMD if (bench_all || (bench_digest_algs & BENCH_RIPEMD)) @@ -4802,7 +4802,7 @@ exit: } #endif /* WOLFSSL_NO_SHAKE128 */ -#ifndef WOLFSSL_NO_SHAKE256 +#ifdef WOLFSSL_SHAKE256 void bench_shake256(int useDeviceID) { wc_Shake hash[BENCH_MAX_PENDING]; @@ -4889,7 +4889,7 @@ exit: WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT); } -#endif /* WOLFSSL_NO_SHAKE256 */ +#endif /* WOLFSSL_SHAKE256 */ #endif diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 366397734..ae2cf2879 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -1989,10 +1989,10 @@ int wc_hash2mgf(enum wc_HashType hType) case WC_HASH_TYPE_SHA3_512: case WC_HASH_TYPE_BLAKE2B: case WC_HASH_TYPE_BLAKE2S: - #ifndef WOLFSSL_NO_SHAKE128 + #ifdef WOLFSSL_SHAKE128 case WC_HASH_TYPE_SHAKE128: #endif - #ifndef WOLFSSL_NO_SHAKE256 + #ifdef WOLFSSL_SHAKE256 case WC_HASH_TYPE_SHAKE256: #endif default: diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index d9a854c6c..63210d055 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2806,6 +2806,23 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_RSA_KEY_CHECK #endif +/* SHAKE - Not allowed in FIPS */ +#if defined(WOLFSSL_SHA3) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + #ifndef WOLFSSL_NO_SHAKE128 + #undef WOLFSSL_SHAKE128 + #define WOLFSSL_SHAKE128 + #endif + #ifndef WOLFSSL_NO_SHAKE256 + #undef WOLFSSL_SHAKE256 + #define WOLFSSL_SHAKE256 + #endif +#else + #undef WOLFSSL_NO_SHAKE128 + #define WOLFSSL_NO_SHAKE128 + #undef WOLFSSL_NO_SHAKE256 + #define WOLFSSL_NO_SHAKE256 +#endif + diff --git a/wolfssl/wolfcrypt/sha3.h b/wolfssl/wolfcrypt/sha3.h index e14875a66..9d13f28f8 100644 --- a/wolfssl/wolfcrypt/sha3.h +++ b/wolfssl/wolfcrypt/sha3.h @@ -61,10 +61,10 @@ enum { WC_SHA3_512_DIGEST_SIZE = 64, WC_SHA3_512_COUNT = 9, - #ifndef WOLFSSL_NO_SHAKE128 + #ifdef WOLFSSL_SHAKE128 WC_SHAKE128 = WC_HASH_TYPE_SHAKE128, #endif - #ifndef WOLFSSL_NO_SHAKE256 + #ifdef WOLFSSL_SHAKE256 WC_SHAKE256 = WC_HASH_TYPE_SHAKE256, #endif @@ -90,8 +90,10 @@ enum { #define SHA3_512 WC_SHA3_512 #define SHA3_512_DIGEST_SIZE WC_SHA3_512_DIGEST_SIZE #define Sha3 wc_Sha3 - #ifndef WOLFSSL_NO_SHAKE256 + #ifdef WOLFSSL_SHAKE128 #define SHAKE128 WC_SHAKE128 + #endif + #ifdef WOLFSSL_SHAKE256 #define SHAKE256 WC_SHAKE256 #endif #endif @@ -130,7 +132,7 @@ struct wc_Sha3 { #endif -#if !defined(WOLFSSL_NO_SHAKE128) || !defined(WOLFSSL_NO_SHAKE256) +#if defined(WOLFSSL_SHAKE128) || defined(WOLFSSL_SHAKE256) typedef wc_Sha3 wc_Shake; #endif @@ -162,7 +164,7 @@ WOLFSSL_API void wc_Sha3_512_Free(wc_Sha3* sha3); WOLFSSL_API int wc_Sha3_512_GetHash(wc_Sha3* sha3, byte* hash); WOLFSSL_API int wc_Sha3_512_Copy(wc_Sha3* src, wc_Sha3* dst); -#ifndef WOLFSSL_NO_SHAKE128 +#ifdef WOLFSSL_SHAKE128 WOLFSSL_API int wc_InitShake128(wc_Shake* shake, void* heap, int devId); WOLFSSL_API int wc_Shake128_Update(wc_Shake* shake, const byte* data, word32 len); WOLFSSL_API int wc_Shake128_Final(wc_Shake* shake, byte* hash, word32 hashLen); @@ -174,7 +176,7 @@ WOLFSSL_API void wc_Shake128_Free(wc_Shake* shake); WOLFSSL_API int wc_Shake128_Copy(wc_Shake* src, wc_Sha3* dst); #endif -#ifndef WOLFSSL_NO_SHAKE256 +#ifdef WOLFSSL_SHAKE256 WOLFSSL_API int wc_InitShake256(wc_Shake* shake, void* heap, int devId); WOLFSSL_API int wc_Shake256_Update(wc_Shake* shake, const byte* data, word32 len); WOLFSSL_API int wc_Shake256_Final(wc_Shake* shake, byte* hash, word32 hashLen); diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 5da08120b..f862eef95 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -1011,9 +1011,6 @@ typedef struct w64wrapper { #ifndef WOLFSSL_NOSHA512_256 #define WOLFSSL_NOSHA512_256 #endif - #ifndef WOLFSSL_NO_SHAKE256 - #define WOLFSSL_NO_SHAKE256 - #endif #else WC_HASH_TYPE_NONE = 0, WC_HASH_TYPE_MD2 = 1, @@ -1031,27 +1028,27 @@ typedef struct w64wrapper { WC_HASH_TYPE_SHA3_512 = 13, WC_HASH_TYPE_BLAKE2B = 14, WC_HASH_TYPE_BLAKE2S = 15, -#define _WC_HASH_TYPE_MAX WC_HASH_TYPE_BLAKE2S + #define _WC_HASH_TYPE_MAX WC_HASH_TYPE_BLAKE2S #ifndef WOLFSSL_NOSHA512_224 WC_HASH_TYPE_SHA512_224 = 16, -#undef _WC_HASH_TYPE_MAX -#define _WC_HASH_TYPE_MAX WC_HASH_TYPE_SHA512_224 + #undef _WC_HASH_TYPE_MAX + #define _WC_HASH_TYPE_MAX WC_HASH_TYPE_SHA512_224 #endif #ifndef WOLFSSL_NOSHA512_256 WC_HASH_TYPE_SHA512_256 = 17, -#undef _WC_HASH_TYPE_MAX -#define _WC_HASH_TYPE_MAX WC_HASH_TYPE_SHA512_256 + #undef _WC_HASH_TYPE_MAX + #define _WC_HASH_TYPE_MAX WC_HASH_TYPE_SHA512_256 #endif - #ifndef WOLFSSL_NO_SHAKE128 + #ifdef WOLFSSL_SHAKE128 WC_HASH_TYPE_SHAKE128 = 18, #endif - #ifndef WOLFSSL_NO_SHAKE256 + #ifdef WOLFSSL_SHAKE256 WC_HASH_TYPE_SHAKE256 = 19, -#undef _WC_HASH_TYPE_MAX -#define _WC_HASH_TYPE_MAX WC_HASH_TYPE_SHAKE256 + #undef _WC_HASH_TYPE_MAX + #define _WC_HASH_TYPE_MAX WC_HASH_TYPE_SHAKE256 #endif WC_HASH_TYPE_MAX = _WC_HASH_TYPE_MAX -#undef _WC_HASH_TYPE_MAX + #undef _WC_HASH_TYPE_MAX #endif /* HAVE_SELFTEST */ };