wolfRand

1. Add fips.h to the install if doing a wolfRand build.
wolfRand
2019-06-24 16:46:22 -07:00 · 2019-06-24 15:41:19 -07:00 · 2019-06-21 15:30:22 -07:00 · 2019-06-20 16:12:14 -07:00 · 2019-06-20 16:12:14 -07:00
3 changed files with 108 additions and 71 deletions
--- a/configure.ac
+++ b/configure.ac
@@ -2246,72 +2246,66 @@ fi
 # FIPS
 AC_ARG_ENABLE([fips],
    [AS_HELP_STRING([--enable-fips],[Enable FIPS 140-2, Will NOT work w/o FIPS license (default: disabled)])],
-    [ ENABLED_FIPS=$enableval ],
+    [ENABLED_FIPS=$enableval],
-    [ ENABLED_FIPS=no ]
+    [ENABLED_FIPS="no"])
    )
-if test "x$ENABLED_FIPS" != "xno"
+AS_CASE([$ENABLED_FIPS],
-then
+    ["v2"],[FIPS_VERSION="v2"
-    FIPS_VERSION=$ENABLED_FIPS
+        ENABLED_FIPS=yes
-    ENABLED_FIPS=yes
+        AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q"
-    # requires thread local storage
+        ENABLED_KEYGEN="yes"
-    if test "$thread_ls_on" = "no"
+        ENABLED_SHA224="yes"
-    then
+        AS_IF([test "x$ENABLED_AESCCM" != "xyes"],
-        AC_MSG_ERROR([FIPS requires Thread Local Storage])
+              [ENABLED_AESCCM="yes"
-    fi
+               AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"])
-    # requires SHA512
+        AS_IF([test "x$ENABLED_RSAPSS" != "xyes"],
-    if test "x$ENABLED_SHA512" = "xno"
+              [ENABLED_RSAPSS="yes"
-    then
+               AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"])
-        ENABLED_SHA512="yes"
+        AS_IF([test "x$ENABLED_ECC" != "xyes"],
-        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"
+              [ENABLED_ECC="yes"
-    fi
+               AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DWOLFSSL_VALIDATE_ECC_IMPORT"
-    # requires AESGCM
+               AS_IF([test "x$ENABLED_ECC_SHAMIR" = "xyes"],
-    if test "x$ENABLED_AESGCM" != "xyes"
+                     [AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])],
-    then
+              [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_ECC_IMPORT"])
-        ENABLED_AESGCM="yes"
+        AS_IF([test "x$ENABLED_AESCTR" != "xyes"],
-        AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"
+              [ENABLED_AESCTR="yes"
-    fi
+               AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"])
-    # requires DES3
+        AS_IF([test "x$ENABLED_CMAC" != "xyes"],
-    if test "x$ENABLED_DES3" = "xno"
+              [ENABLED_CMAC="yes"
-    then
+               AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC"])
-        ENABLED_DES3="yes"
+        AS_IF([test "x$ENABLED_HKDF" != "xyes"],
-    fi
+              [ENABLED_HKDF="yes"
-    AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
+               AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"])
-    # Add the FIPS flag.
+        AS_IF([test "x$ENABLED_INTELASM" = "xyes"],
-    AS_IF([test "x$FIPS_VERSION" = "xv2"],
+              [AM_CFLAGS="$AM_CFLAGS -DFORCE_FAILURE_RDSEED"])
-          [AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q"
+    ],
-           ENABLED_KEYGEN="yes"
+    ["rand"],[
-           ENABLED_SHA224="yes"
+        ENABLED_FIPS="yes"
-           AS_IF([test "x$ENABLED_AESCCM" != "xyes"],
+        FIPS_VERSION="rand"
-                 [ENABLED_AESCCM="yes"
+        AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_FIPS_RAND -DHAVE_FIPS -DHAVE_FIPS_VERSION=2"
-                  AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"])
+    ],
-           AS_IF([test "x$ENABLED_RSAPSS" != "xyes"],
+    ["no"],[FIPS_VERSION="none"],
-                 [ENABLED_RSAPSS="yes"
+    [
-                  AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"])
+        ENABLED_FIPS="yes"
-           AS_IF([test "x$ENABLED_ECC" != "xyes"],
+        FIPS_VERSION="v1"
-                 [ENABLED_ECC="yes"
+        AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
-                  AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DWOLFSSL_VALIDATE_ECC_IMPORT"
+    ])
-                  AS_IF([test "x$ENABLED_ECC_SHAMIR" = "xyes"],
+
-                        [AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])],
+AS_IF([test "x$ENABLED_FIPS" = "xyes" && test "x$thread_ls_on" = "xno"],
-                 [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_ECC_IMPORT"])
+    [AC_MSG_ERROR([FIPS requires Thread Local Storage])])
-           AS_IF([test "x$ENABLED_AESCTR" != "xyes"],
+
-                 [ENABLED_AESCTR="yes"
+AS_IF([test "x$ENABLED_FIPS" = "xyes" && test "x$FIPS_VERSION" != "xrand"],
-                  AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"])
+[
-           AS_IF([test "x$ENABLED_CMAC" != "xyes"],
+    # Force enable the prerequisites.
-                 [ENABLED_CMAC="yes"
+    AS_IF([test "x$ENABLED_SHA512" = "xno"],
-                  AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC"])
+        [ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])
-           AS_IF([test "x$ENABLED_HKDF" != "xyes"],
+    AS_IF([test "x$ENABLED_AESGCM" = "xno"],
-                 [ENABLED_HKDF="yes"
+        [ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"])
-                  AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"])
+    AS_IF([test "x$ENABLED_DES3" = "xno"],[ENABLED_DES3="yes"])
-           AS_IF([test "x$ENABLED_INTELASM" = "xyes"],
+],
-                 [AM_CFLAGS="$AM_CFLAGS -DFORCE_FAILURE_RDSEED"])
+[
-          ])
+    AS_IF([test "x$ENABLED_FORTRESS" = "xyes"],[ENABLED_DES3="yes"])
-else
+])
    if test "x$ENABLED_FORTRESS" = "xyes"
    then
        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB"
    fi
 fi
 # SELFTEST
@@ -3493,6 +3487,8 @@ AC_ARG_ENABLE([cryptonly],
    [ENABLED_CRYPTONLY=$enableval],
    [ENABLED_CRYPTONLY=no])
 AS_IF([test "x$FIPS_VERSION" = "xrand"],[ENABLED_CRYPTONLY="yes"])
 if test "$ENABLED_CRYPTONLY" = "yes"
 then
    AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_ONLY"
@@ -4667,7 +4663,9 @@ AM_CONDITIONAL([BUILD_SHA],[test "x$ENABLED_SHA" = "xyes"])
 AM_CONDITIONAL([BUILD_HC128],[test "x$ENABLED_HC128" = "xyes"])
 AM_CONDITIONAL([BUILD_RABBIT],[test "x$ENABLED_RABBIT" = "xyes"])
 AM_CONDITIONAL([BUILD_FIPS],[test "x$ENABLED_FIPS" = "xyes"])
 AM_CONDITIONAL([BUILD_FIPS_V1],[test "x$FIPS_VERSION" = "xv1"])
 AM_CONDITIONAL([BUILD_FIPS_V2],[test "x$FIPS_VERSION" = "xv2"])
 AM_CONDITIONAL([BUILD_FIPS_RAND],[test "x$FIPS_VERSION" = "xrand"])
 AM_CONDITIONAL([BUILD_CMAC],[test "x$ENABLED_CMAC" = "xyes"])
 AM_CONDITIONAL([BUILD_SELFTEST],[test "x$ENABLED_SELFTEST" = "xyes"])
 AM_CONDITIONAL([BUILD_SHA224],[test "x$ENABLED_SHA224" = "xyes"])
--- a/src/include.am
+++ b/src/include.am
@@ -24,7 +24,8 @@ include_HEADERS+=$(IPPHEADERS)
 endif # BUILD_FAST_RSA
 if BUILD_FIPS
-if !BUILD_FIPS_V2
+
 if BUILD_FIPS_V1
 # fips first  file
 src_libwolfssl_la_SOURCES += ctaocrypt/src/wolfcrypt_first.c
@@ -58,9 +59,9 @@ src_libwolfssl_la_SOURCES += ctaocrypt/src/fips_test.c
 # fips last file
 src_libwolfssl_la_SOURCES += ctaocrypt/src/wolfcrypt_last.c
 endif
-else
+if BUILD_FIPS_V2
 # FIPSv2 first file
 src_libwolfssl_la_SOURCES += \
 			   wolfcrypt/src/wolfcrypt_first.c
@@ -116,9 +117,26 @@ src_libwolfssl_la_SOURCES += wolfcrypt/src/fips.c \
 # fips last file
 src_libwolfssl_la_SOURCES += wolfcrypt/src/wolfcrypt_last.c
 endif
-endif
+
 if BUILD_FIPS_RAND
 src_libwolfssl_la_SOURCES += \
               wolfcrypt/src/wolfcrypt_first.c \
               wolfcrypt/src/hmac.c \
               wolfcrypt/src/random.c \
               wolfcrypt/src/sha256.c \
               wolfcrypt/src/sha256_asm.S \
               wolfcrypt/src/fips.c \
               wolfcrypt/src/fips_test.c \
               wolfcrypt/src/wolfcrypt_last.c
 endif BUILD_FIPS_RAND
 endif BUILD_FIPS
 # For wolfRand, exclude everything else.
 if !BUILD_FIPS_RAND
 # For FIPSV2, exclude the wolfCrypt files included above.
 # For wolfRand, exclude just a couple files.
 # For old FIPS, keep the wolfCrypt versions of the
 # CtaoCrypt files included above.
 if !BUILD_FIPS_V2
@@ -130,10 +148,14 @@ if BUILD_SELFTEST
 src_libwolfssl_la_SOURCES += wolfcrypt/src/selftest.c
 endif
 endif !BUILD_FIPS_RAND
 src_libwolfssl_la_SOURCES += \
               wolfcrypt/src/hash.c \
               wolfcrypt/src/cpuid.c
 if !BUILD_FIPS_RAND
 if !BUILD_FIPS_V2
 if BUILD_RNG
 src_libwolfssl_la_SOURCES += wolfcrypt/src/random.c
@@ -252,18 +274,25 @@ src_libwolfssl_la_SOURCES += wolfcrypt/src/sha3.c
 endif
 endif
 endif !BUILD_FIPS_RAND
 src_libwolfssl_la_SOURCES += \
               wolfcrypt/src/logging.c \
               wolfcrypt/src/wc_encrypt.c \
               wolfcrypt/src/wc_port.c \
-               wolfcrypt/src/error.c \
+               wolfcrypt/src/error.c
 if !BUILD_FIPS_RAND
 src_libwolfssl_la_SOURCES += \
               wolfcrypt/src/signature.c \
               wolfcrypt/src/wolfmath.c
 endif !BUILD_FIPS_RAND
 if BUILD_MEMORY
 src_libwolfssl_la_SOURCES += wolfcrypt/src/memory.c
 endif
 if !BUILD_FIPS_RAND
 if !BUILD_FIPS_V2
 if BUILD_DH
 src_libwolfssl_la_SOURCES += wolfcrypt/src/dh.c
@@ -274,10 +303,14 @@ if BUILD_ASN
 src_libwolfssl_la_SOURCES += wolfcrypt/src/asn.c
 endif
 endif !BUILD_FIPS_RAND
 if BUILD_CODING
 src_libwolfssl_la_SOURCES += wolfcrypt/src/coding.c
 endif
 if !BUILD_FIPS_RAND
 if BUILD_POLY1305
 src_libwolfssl_la_SOURCES += wolfcrypt/src/poly1305.c
 if BUILD_INTELASM
@@ -461,4 +494,6 @@ if BUILD_SNIFFER
 src_libwolfssl_la_SOURCES += src/sniffer.c
 endif
-endif # !BUILD_CRYPTONLY
+endif !BUILD_CRYPTONLY
 endif !BUILD_FIPS_RAND
--- a/wolfssl/wolfcrypt/include.am
+++ b/wolfssl/wolfcrypt/include.am
@@ -122,3 +122,7 @@ endif
 if BUILD_FIPS_V2
 nobase_include_HEADERS+= wolfssl/wolfcrypt/fips.h
 endif
 if BUILD_FIPS_RAND
 nobase_include_HEADERS+= wolfssl/wolfcrypt/fips.h
 endif
Author	SHA1	Message	Date
John Safranek	894a57d24d	wolfRand 1. Add fips.h to the install if doing a wolfRand build.	2019-06-24 16:46:22 -07:00
John Safranek	3f8981fbd5	wolfRand In configure.ac, 1. Change some whitespace in the FIPS enable section. 2. Reorganize the FIPS section a little bit. 3. When enabling wolfRand, also force cryptonly. 4. Treat wolfRand like FIPSv2 at build time. In the source include.am, 5. Add checks against BUILD_FIPS_RAND as appropriate. 6. Add the SHA-256 assembly to the wolfRand source list.	2019-06-24 15:41:19 -07:00
John Safranek	434fcc1012	wolfRand 1. Rearrange some of the macros in the FIPS section to separate out the different flavors of FIPS with their own flags to set them apart. 2. Add automake flags for FIPSv1 and wolfRand.	2019-06-21 15:30:22 -07:00
John Safranek	031cd27c1d	wolfRand 1. Refactored src/include.am to use the new changes in configure for multiple FIPS versions. 2. Added conditions for wolfRand.	2019-06-20 16:12:14 -07:00
John Safranek	52b5843cbb	wolfRand Refactor the configure.ac script to make adding additional FIPS options easier.	2019-06-20 16:12:14 -07:00