Skip to content

Allow the X9.146 examples to build against fips-ready. #451

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
douzzer merged 1 commit into from
Aug 31, 2024
Merged

Allow the X9.146 examples to build against fips-ready. #451

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion X9.146/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ the call to `DoTls13Certificate()`, please search for the following messages to
confirm that the alternative signature was verified:

```
Alternative signature has been verified!
Alt signature has been verified!
Verified Peer's cert
```

Expand Down
28 changes: 28 additions & 0 deletions X9.146/gen_dual_keysig_cert.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,22 @@
#define SUBJECT_EMAIL "server@YourDomain.com"
#endif

#ifdef HAVE_FIPS
#include <wolfssl/wolfcrypt/fips_test.h>

static void myFipsCb(int ok, int err, const char* hash)
{
printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
printf("message = %s\n", wc_GetErrorString(err));
printf("hash = %s\n", hash);

if (err == IN_CORE_FIPS_E) {
printf("In core integrity hash check failure, copy above hash\n");
printf("into verifyCore[] in fips_test.c and rebuild\n");
}
}
#endif

static int do_certgen(int argc, char** argv)
{
int ret = 0;
Expand Down Expand Up @@ -111,6 +127,18 @@ static int do_certgen(int argc, char** argv)
wolfSSL_Debugging_ON();
#endif

#ifdef WC_RNG_SEED_CB
wc_SetSeed_Cb(wc_GenerateSeed);
#endif

#if defined(HAVE_FIPS)
wolfCrypt_SetCb_fips(myFipsCb);
#if FIPS_VERSION3_GE(6,0,0)
printf("FIPS module version in use: %s\n",
wolfCrypt_GetVersion_fips());
#endif
#endif

ret = wc_InitRng(&rng);
if (ret != 0) goto exit;
initRng = 1;
Expand Down
28 changes: 28 additions & 0 deletions X9.146/gen_ecdsa_falcon_dual_keysig_cert.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,22 @@ int readFileIntoBuffer(char *fname, byte *buf, int *sz)
return ret;
}

#ifdef HAVE_FIPS
#include <wolfssl/wolfcrypt/fips_test.h>

static void myFipsCb(int ok, int err, const char* hash)
{
printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
printf("message = %s\n", wc_GetErrorString(err));
printf("hash = %s\n", hash);

if (err == IN_CORE_FIPS_E) {
printf("In core integrity hash check failure, copy above hash\n");
printf("into verifyCore[] in fips_test.c and rebuild\n");
}
}
#endif

static int do_certgen(int argc, char** argv)
{
int ret = 0;
Expand Down Expand Up @@ -141,6 +157,18 @@ static int do_certgen(int argc, char** argv)
wolfSSL_Debugging_ON();
#endif

#ifdef WC_RNG_SEED_CB
wc_SetSeed_Cb(wc_GenerateSeed);
#endif

#if defined(HAVE_FIPS)
wolfCrypt_SetCb_fips(myFipsCb);
#if FIPS_VERSION3_GE(6,0,0)
printf("FIPS module version in use: %s\n",
wolfCrypt_GetVersion_fips());
#endif
#endif

if (argc != 2)
usage(argv[0]);

Expand Down
28 changes: 28 additions & 0 deletions X9.146/gen_ecdsa_mldsa_dual_keysig_cert.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,22 @@ int readFileIntoBuffer(char *fname, byte *buf, int *sz)
return ret;
}

#ifdef HAVE_FIPS
#include <wolfssl/wolfcrypt/fips_test.h>

static void myFipsCb(int ok, int err, const char* hash)
{
printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
printf("message = %s\n", wc_GetErrorString(err));
printf("hash = %s\n", hash);

if (err == IN_CORE_FIPS_E) {
printf("In core integrity hash check failure, copy above hash\n");
printf("into verifyCore[] in fips_test.c and rebuild\n");
}
}
#endif

static int do_certgen(int argc, char** argv)
{
int ret = 0;
Expand Down Expand Up @@ -144,6 +160,18 @@ static int do_certgen(int argc, char** argv)
wolfSSL_Debugging_ON();
#endif

#ifdef WC_RNG_SEED_CB
wc_SetSeed_Cb(wc_GenerateSeed);
#endif

#if defined(HAVE_FIPS)
wolfCrypt_SetCb_fips(myFipsCb);
#if FIPS_VERSION3_GE(6,0,0)
printf("FIPS module version in use: %s\n",
wolfCrypt_GetVersion_fips());
#endif
#endif

if (argc != 2)
usage(argv[0]);

Expand Down
28 changes: 28 additions & 0 deletions X9.146/gen_rsa_falcon_dual_keysig_cert.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,22 @@ int readFileIntoBuffer(char *fname, byte *buf, int *sz)
return ret;
}

#ifdef HAVE_FIPS
#include <wolfssl/wolfcrypt/fips_test.h>

static void myFipsCb(int ok, int err, const char* hash)
{
printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
printf("message = %s\n", wc_GetErrorString(err));
printf("hash = %s\n", hash);

if (err == IN_CORE_FIPS_E) {
printf("In core integrity hash check failure, copy above hash\n");
printf("into verifyCore[] in fips_test.c and rebuild\n");
}
}
#endif

static int do_certgen(int argc, char** argv)
{
int ret = 0;
Expand Down Expand Up @@ -128,6 +144,18 @@ static int do_certgen(int argc, char** argv)
wolfSSL_Debugging_ON();
#endif

#ifdef WC_RNG_SEED_CB
wc_SetSeed_Cb(wc_GenerateSeed);
#endif

#if defined(HAVE_FIPS)
wolfCrypt_SetCb_fips(myFipsCb);
#if FIPS_VERSION3_GE(6,0,0)
printf("FIPS module version in use: %s\n",
wolfCrypt_GetVersion_fips());
#endif
#endif

ret = wc_InitRng(&rng);
if (ret != 0) goto exit;
initRng = 1;
Expand Down
28 changes: 28 additions & 0 deletions X9.146/gen_rsa_mldsa_dual_keysig_cert.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,22 @@ int readFileIntoBuffer(char *fname, byte *buf, int *sz)
return ret;
}

#ifdef HAVE_FIPS
#include <wolfssl/wolfcrypt/fips_test.h>

static void myFipsCb(int ok, int err, const char* hash)
{
printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
printf("message = %s\n", wc_GetErrorString(err));
printf("hash = %s\n", hash);

if (err == IN_CORE_FIPS_E) {
printf("In core integrity hash check failure, copy above hash\n");
printf("into verifyCore[] in fips_test.c and rebuild\n");
}
}
#endif

static int do_certgen(int argc, char** argv)
{
int ret = 0;
Expand Down Expand Up @@ -128,6 +144,18 @@ static int do_certgen(int argc, char** argv)
wolfSSL_Debugging_ON();
#endif

#ifdef WC_RNG_SEED_CB
wc_SetSeed_Cb(wc_GenerateSeed);
#endif

#if defined(HAVE_FIPS)
wolfCrypt_SetCb_fips(myFipsCb);
#if FIPS_VERSION3_GE(6,0,0)
printf("FIPS module version in use: %s\n",
wolfCrypt_GetVersion_fips());
#endif
#endif

ret = wc_InitRng(&rng);
if (ret != 0) goto exit;
initRng = 1;
Expand Down