add FIPS pos errors and messages, better output for in core check and how to fix

This commit is contained in:
toddouska 2014-10-28 14:21:55 -07:00
parent 247bef6be3
commit a4228740f5
3 changed files with 32 additions and 0 deletions

View File

@ -286,6 +286,24 @@ const char* CTaoCryptGetErrorString(int error)
case LENGTH_ONLY_E:
return "Output length only set, not for other use error";
case IN_CORE_FIPS_E:
return "In Core Integrity check FIPS error";
case AES_KAT_FIPS_E:
return "AES Known Answer Test check FIPS error";
case DES3_KAT_FIPS_E:
return "DES3 Known Answer Test check FIPS error";
case HMAC_KAT_FIPS_E:
return "HMAC Known Answer Test check FIPS error";
case RSA_KAT_FIPS_E:
return "RSA Known Answer Test check FIPS error";
case DRBG_KAT_FIPS_E:
return "DRBG Known Answer Test check FIPS error";
default:
return "unknown error number";

View File

@ -58,6 +58,7 @@
#include <cyassl/ctaocrypt/chacha.h>
#include <cyassl/ctaocrypt/pwdbased.h>
#include <cyassl/ctaocrypt/ripemd.h>
#include <cyassl/ctaocrypt/error-crypt.h>
#ifdef HAVE_ECC
#include <cyassl/ctaocrypt/ecc.h>
#endif
@ -215,7 +216,13 @@ typedef struct func_args {
static void myFipsCb(int ok, int err, const char* hash)
{
printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
printf("message = %s\n", CTaoCryptGetErrorString(err));
printf("hash = %s\n", hash);
if (err == IN_CORE_FIPS_E) {
printf("In core integrity hash check failure, copy above hash\n");
printf("into verifyCore[] in fips_test.c and rebuild\n");
}
}
#endif /* HAVE_FIPS */

View File

@ -130,6 +130,13 @@ enum {
RSA_PAD_E = -201, /* RSA Padding Error */
LENGTH_ONLY_E = -202, /* Returning output length only */
IN_CORE_FIPS_E = -203, /* In Core Integrity check failure */
AES_KAT_FIPS_E = -204, /* AES KAT failure */
DES3_KAT_FIPS_E = -205, /* AES KAT failure */
HMAC_KAT_FIPS_E = -206, /* HMAC KAT failure */
RSA_KAT_FIPS_E = -207, /* RSA KAT failure */
DRBG_KAT_FIPS_E = -208, /* HASH DRBG KAT failure */
MIN_CODE_E = -300 /* errors -101 - -299 */
};