Skip to content

Commit

Permalink
Merge pull request #7470 from kaleb-himes/SRTP-KDF-OPTEST
Browse files Browse the repository at this point in the history
Srtp kdf optest
  • Loading branch information
dgarske authored May 15, 2024
2 parents ca47d49 + 76527c3 commit db38351
Show file tree
Hide file tree
Showing 7 changed files with 68 additions and 11 deletions.
10 changes: 10 additions & 0 deletions wolfcrypt/benchmark/benchmark.c
Original file line number Diff line number Diff line change
Expand Up @@ -8158,6 +8158,7 @@ void bench_pbkdf2(void)
DECLARE_MULTI_VALUE_STATS_VARS()

bench_stats_start(&count, &start);
PRIVATE_KEY_UNLOCK();
do {
ret = wc_PBKDF2(derived, (const byte*)passwd32, (int)XSTRLEN(passwd32),
salt32, (int)sizeof(salt32), 1000, 32, WC_SHA256);
Expand All @@ -8168,6 +8169,7 @@ void bench_pbkdf2(void)
|| runs < minimum_runs
#endif
);
PRIVATE_KEY_LOCK();

bench_stats_sym_finish("PBKDF2", 32, count, 32, start, ret);
#ifdef MULTI_VALUE_STATISTICS
Expand Down Expand Up @@ -8248,6 +8250,7 @@ void bench_srtpkdf(void)
DECLARE_MULTI_VALUE_STATS_VARS()

bench_stats_start(&count, &start);
PRIVATE_KEY_UNLOCK();
do {
for (i = 0; i < numBlocks; i++) {
ret = wc_SRTP_KDF(key, AES_128_KEY_SIZE, salt, sizeof(salt),
Expand All @@ -8261,6 +8264,7 @@ void bench_srtpkdf(void)
|| runs < minimum_runs
#endif
);
PRIVATE_KEY_LOCK();
bench_stats_asym_finish("KDF", 128, "SRTP", 0, count, start, ret);
#ifdef MULTI_VALUE_STATISTICS
bench_multi_value_stats(max, min, sum, squareSum, runs);
Expand All @@ -8269,6 +8273,7 @@ void bench_srtpkdf(void)
RESET_MULTI_VALUE_STATS_VARS();

bench_stats_start(&count, &start);
PRIVATE_KEY_UNLOCK();
do {
for (i = 0; i < numBlocks; i++) {
ret = wc_SRTP_KDF(key, AES_256_KEY_SIZE, salt, sizeof(salt),
Expand All @@ -8282,6 +8287,7 @@ void bench_srtpkdf(void)
|| runs < minimum_runs
#endif
);
PRIVATE_KEY_LOCK();
bench_stats_asym_finish("KDF", 256, "SRTP", 0, count, start, ret);
#ifdef MULTI_VALUE_STATISTICS
bench_multi_value_stats(max, min, sum, squareSum, runs);
Expand All @@ -8290,6 +8296,7 @@ void bench_srtpkdf(void)
RESET_MULTI_VALUE_STATS_VARS();

bench_stats_start(&count, &start);
PRIVATE_KEY_UNLOCK();
do {
for (i = 0; i < numBlocks; i++) {
ret = wc_SRTCP_KDF(key, AES_128_KEY_SIZE, salt, sizeof(salt),
Expand All @@ -8303,6 +8310,7 @@ void bench_srtpkdf(void)
|| runs < minimum_runs
#endif
);
PRIVATE_KEY_LOCK();
bench_stats_asym_finish("KDF", 128, "SRTCP", 0, count, start, ret);
#ifdef MULTI_VALUE_STATISTICS
bench_multi_value_stats(max, min, sum, squareSum, runs);
Expand All @@ -8311,6 +8319,7 @@ void bench_srtpkdf(void)
RESET_MULTI_VALUE_STATS_VARS();

bench_stats_start(&count, &start);
PRIVATE_KEY_UNLOCK();
do {
for (i = 0; i < numBlocks; i++) {
ret = wc_SRTCP_KDF(key, AES_256_KEY_SIZE, salt, sizeof(salt),
Expand All @@ -8324,6 +8333,7 @@ void bench_srtpkdf(void)
|| runs < minimum_runs
#endif
);
PRIVATE_KEY_LOCK();
bench_stats_asym_finish("KDF", 256, "SRTCP", 0, count, start, ret);
#ifdef MULTI_VALUE_STATISTICS
bench_multi_value_stats(max, min, sum, squareSum, runs);
Expand Down
2 changes: 2 additions & 0 deletions wolfcrypt/src/aes.c
Original file line number Diff line number Diff line change
Expand Up @@ -6056,6 +6056,8 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
int ret = 0;
word32 processed;

XMEMSET(scratch, 0, sizeof(scratch));

if (aes == NULL || out == NULL || in == NULL) {
return BAD_FUNC_ARG;
}
Expand Down
10 changes: 10 additions & 0 deletions wolfcrypt/src/hmac.c
Original file line number Diff line number Diff line change
Expand Up @@ -1275,7 +1275,12 @@ int wolfSSL_GetHmacMaxSize(void)

ret = wc_HmacInit(myHmac, heap, devId);
if (ret == 0) {
#if FIPS_VERSION3_GE(6,0,0)
ret = wc_HmacSetKey_ex(myHmac, type, localSalt, saltSz,
FIPS_ALLOW_SHORT);
#else
ret = wc_HmacSetKey(myHmac, type, localSalt, saltSz);
#endif
if (ret == 0)
ret = wc_HmacUpdate(myHmac, inKey, inKeySz);
if (ret == 0)
Expand Down Expand Up @@ -1356,7 +1361,12 @@ int wolfSSL_GetHmacMaxSize(void)
word32 tmpSz = (n == 1) ? 0 : hashSz;
word32 left = outSz - outIdx;

#if FIPS_VERSION3_GE(6,0,0)
ret = wc_HmacSetKey_ex(myHmac, type, inKey, inKeySz,
FIPS_ALLOW_SHORT);
#else
ret = wc_HmacSetKey(myHmac, type, inKey, inKeySz);
#endif
if (ret != 0)
break;
ret = wc_HmacUpdate(myHmac, tmp, tmpSz);
Expand Down
22 changes: 22 additions & 0 deletions wolfcrypt/src/pwdbased.c
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,9 @@
#endif

#if FIPS_VERSION3_GE(6,0,0)
#ifdef DEBUG_WOLFSSL
#include <wolfssl/wolfcrypt/logging.h>
#endif
const unsigned int wolfCrypt_FIPS_pbkdf_ro_sanity[2] =
{ 0x1a2b3c4d, 0x00000010 };
int wolfCrypt_FIPS_PBKDF_sanity(void)
Expand Down Expand Up @@ -183,6 +186,7 @@ int wc_PBKDF1_ex(byte* key, int keyLen, byte* iv, int ivLen,
int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt,
int sLen, int iterations, int kLen, int hashType)
{

return wc_PBKDF1_ex(output, kLen, NULL, 0,
passwd, pLen, salt, sLen, iterations, hashType, NULL);
}
Expand All @@ -209,6 +213,24 @@ int wc_PBKDF2_ex(byte* output, const byte* passwd, int pLen, const byte* salt,
return BAD_FUNC_ARG;
}

#if FIPS_VERSION3_GE(6,0,0)
/* Per SP800-132 section 5 "The kLen value shall be at least 112 bits in
* length", ensure the returned bits for the derived master key are at a
* minimum 14-bytes or 112-bits after stretching and strengthening
* (iterations) */
if (kLen < HMAC_FIPS_MIN_KEY/8)
return BAD_LENGTH_E;
#endif

#if FIPS_VERSION3_GE(6,0,0) && defined(DEBUG_WOLFSSL)
/* SP800-132 section 5.2 recommends an iteration count of 1000 but this is
* not strictly enforceable and is listed in Appendix B Table 1 as a
* non-testable requirement. wolfCrypt will log it when appropriate but
* take no action */
if (iterations < 1000) {
WOLFSSL_MSG("WARNING: Iteration < 1,000, see SP800-132 section 5.2");
}
#endif
if (iterations <= 0)
iterations = 1;

Expand Down
8 changes: 5 additions & 3 deletions wolfcrypt/src/rsa.c
Original file line number Diff line number Diff line change
Expand Up @@ -4510,22 +4510,24 @@ static int _CheckProbablePrime(mp_int* p, mp_int* q, mp_int* e, int nlen,

if (q != NULL) {
int valid = 0;
/* 5.4 - check that |p-q| <= (2^(1/2))(2^((nlen/2)-1)) */
/* 5.4 (186-4) 5.5 (186-5) -
* check that |p-q| <= (2^(1/2))(2^((nlen/2)-1)) */
ret = wc_CompareDiffPQ(p, q, nlen, &valid);
if ((ret != MP_OKAY) || (!valid)) goto notOkay;
prime = q;
}
else
prime = p;

/* 4.4,5.5 - Check that prime >= (2^(1/2))(2^((nlen/2)-1))
/* 4.4,5.5 (186-4) 4.4,5.4 (186-5) -
* Check that prime >= (2^(1/2))(2^((nlen/2)-1))
* This is a comparison against lowerBound */
ret = mp_read_unsigned_bin(tmp1, lower_bound, (word32)nlen/16);
if (ret != MP_OKAY) goto notOkay;
ret = mp_cmp(prime, tmp1);
if (ret == MP_LT) goto exit;

/* 4.5,5.6 - Check that GCD(p-1, e) == 1 */
/* 4.5,5.6 (186-4 & 186-5) - Check that GCD(p-1, e) == 1 */
ret = mp_sub_d(prime, 1, tmp1); /* tmp1 = prime-1 */
if (ret != MP_OKAY) goto notOkay;
#ifdef WOLFSSL_CHECK_MEM_ZERO
Expand Down
23 changes: 15 additions & 8 deletions wolfcrypt/test/test.c
Original file line number Diff line number Diff line change
Expand Up @@ -5888,7 +5888,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_md5_test(void)
wc_HmacFree(&hmac);
}

#ifndef HAVE_FIPS
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
if ((ret = wc_HmacSizeByType(WC_MD5)) != WC_MD5_DIGEST_SIZE)
return WC_TEST_RET_ENC_EC(ret);
#endif
Expand Down Expand Up @@ -5996,7 +5996,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha_test(void)
wc_HmacFree(&hmac);
}

#ifndef HAVE_FIPS
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
if ((ret = wc_HmacSizeByType(WC_SHA)) != WC_SHA_DIGEST_SIZE)
return WC_TEST_RET_ENC_EC(ret);
#endif
Expand Down Expand Up @@ -6096,7 +6096,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha224_test(void)
wc_HmacFree(&hmac);
}

#ifndef HAVE_FIPS
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
if ((ret = wc_HmacSizeByType(WC_SHA224)) != WC_SHA224_DIGEST_SIZE)
return WC_TEST_RET_ENC_EC(ret);
#endif
Expand Down Expand Up @@ -6217,11 +6217,17 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha256_test(void)
wc_HmacFree(&hmac);
}

#ifndef HAVE_FIPS
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
if ((ret = wc_HmacSizeByType(WC_SHA256)) != WC_SHA256_DIGEST_SIZE)
return WC_TEST_RET_ENC_EC(ret);
#if FIPS_VERSION3_GE(6,0,0)
if ((ret = wc_HmacSizeByType(21)) != HMAC_KAT_FIPS_E)
#else
if ((ret = wc_HmacSizeByType(21)) != BAD_FUNC_ARG)
#endif
{
return WC_TEST_RET_ENC_EC(ret);
}
#endif
if ((ret = wolfSSL_GetHmacMaxSize()) != WC_MAX_DIGEST_SIZE)
return WC_TEST_RET_ENC_EC(ret);
Expand Down Expand Up @@ -6330,7 +6336,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha384_test(void)
wc_HmacFree(&hmac);
}

#ifndef HAVE_FIPS
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
if ((ret = wc_HmacSizeByType(WC_SHA384)) != WC_SHA384_DIGEST_SIZE)
return WC_TEST_RET_ENC_EC(ret);
#endif
Expand Down Expand Up @@ -6443,7 +6449,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha512_test(void)
wc_HmacFree(&hmac);
}

#ifndef HAVE_FIPS
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
if ((ret = wc_HmacSizeByType(WC_SHA512)) != WC_SHA512_DIGEST_SIZE)
return WC_TEST_RET_ENC_EC(ret);
#endif
Expand Down Expand Up @@ -6615,7 +6621,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha3_test(void)
if (i > 0)
continue;

#ifndef HAVE_FIPS
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
ret = wc_HmacSizeByType(hashType[j]);
if (ret != hashSz[j])
return WC_TEST_RET_ENC_EC(ret);
Expand Down Expand Up @@ -26039,7 +26045,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf2_test(void)
{
char passwd[] = "passwordpassword";
WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06 };
WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a,
0x5d, 0x63, 0xcb, 0x06 };
int iterations = 2048;
int kLen = 24;
byte derived[64];
Expand Down
4 changes: 4 additions & 0 deletions wolfssl/wolfcrypt/hmac.h
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,10 @@
WOLFSSL_LOCAL int wolfCrypt_FIPS_HMAC_sanity(void);
#endif

#if FIPS_VERSION3_GE(6,0,0)
#define FIPS_ALLOW_SHORT 1
#endif

/* avoid redefinition of structs */
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(2,0,0)

Expand Down

0 comments on commit db38351

Please sign in to comment.