mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fips mode hmac min key length for 2014 requirements

Browse Source
This commit is contained in:
toddouska 2014-06-11 11:43:17 -07:00
parent 9c905b6519
commit aad204428f
4 changed files with 47 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ctaocrypt/src/hmac.c
View File

@ -131,6 +131,11 @@ int HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
if (ret != 0)
return ret;
#ifdef HAVE_FIPS
if (length < HMAC_FIPS_MIN_KEY)
return -1; /* TODO: next, fix wolfCrypt error range */
#endif
switch (hmac->macType) {
#ifndef NO_MD5
case MD5:

32
ctaocrypt/test/test.c
View File

@ -1149,9 +1149,11 @@ int hmac_md5_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
#ifdef HAVE_CAVIUM
#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
if (i == 1)
continue; /* driver can't handle keys <= bytes */
continue; /* cavium can't handle short keys, fips not allowed */
#endif
#ifdef HAVE_CAVIUM
if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
return -20009;
#endif
@ -1224,9 +1226,11 @@ int hmac_sha_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
#ifdef HAVE_CAVIUM
#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
if (i == 1)
continue; /* driver can't handle keys <= bytes */
continue; /* cavium can't handle short keys, fips not allowed */
#endif
#ifdef HAVE_CAVIUM
if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
return -20010;
#endif
@ -1303,9 +1307,11 @@ int hmac_sha256_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
#ifdef HAVE_CAVIUM
#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
if (i == 1)
continue; /* driver can't handle keys <= bytes */
continue; /* cavium can't handle short keys, fips not allowed */
#endif
#ifdef HAVE_CAVIUM
if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
return -20011;
#endif
@ -1382,9 +1388,11 @@ int hmac_blake2b_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
#ifdef HAVE_CAVIUM
#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
if (i == 1)
continue; /* driver can't handle keys <= bytes */
continue; /* cavium can't handle short keys, fips not allowed */
#endif
#ifdef HAVE_CAVIUM
if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
return -20011;
#endif
@ -1465,6 +1473,10 @@ int hmac_sha384_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
#if defined(HAVE_FIPS)
if (i == 1)
continue; /* fips not allowed */
#endif
ret = HmacSetKey(&hmac, SHA384, (byte*)keys[i],(word32)strlen(keys[i]));
if (ret != 0)
return -4027;
@ -1541,6 +1553,10 @@ int hmac_sha512_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
#if defined(HAVE_FIPS)
if (i == 1)
continue; /* fips not allowed */
#endif
ret = HmacSetKey(&hmac, SHA512, (byte*)keys[i],(word32)strlen(keys[i]));
if (ret != 0)
return -4030;

2
cyassl/ctaocrypt/hmac.h
View File

@ -60,6 +60,8 @@
#define CYASSL_HMAC_CAVIUM_MAGIC 0xBEEF0005
enum {
HMAC_FIPS_MIN_KEY = 14, /* 112 bit key length minimum */
IPAD = 0x36,
OPAD = 0x5C,

16
tests/hash.c
View File

@ -608,6 +608,10 @@ int hmac_md5_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
#if defined(HAVE_FIPS)
if (i == 1)
continue; /* fips not allowed */
#endif
ret = HmacSetKey(&hmac, MD5, (byte*)keys[i], (word32)strlen(keys[i]));
if (ret != 0)
return -4014;
@ -674,6 +678,10 @@ int hmac_sha_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
#if defined(HAVE_FIPS)
if (i == 1)
continue; /* fips not allowed */
#endif
ret = HmacSetKey(&hmac, SHA, (byte*)keys[i], (word32)strlen(keys[i]));
if (ret != 0)
return -4017;
@ -743,6 +751,10 @@ int hmac_sha256_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
#if defined(HAVE_FIPS)
if (i == 1)
continue; /* fips not allowed */
#endif
ret = HmacSetKey(&hmac,SHA256, (byte*)keys[i], (word32)strlen(keys[i]));
if (ret != 0)
return -4020;
@ -816,6 +828,10 @@ int hmac_sha384_test(void)
test_hmac[2] = c;
for (i = 0; i < times; ++i) {
#if defined(HAVE_FIPS)
if (i == 1)
continue; /* fips not allowed */
#endif
ret = HmacSetKey(&hmac,SHA384, (byte*)keys[i], (word32)strlen(keys[i]));
if (ret != 0)
return -4023;