Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Srtp kdf optest #7470

Merged
merged 10 commits into from
May 15, 2024
Merged

Srtp kdf optest #7470

merged 10 commits into from
May 15, 2024

Conversation

kaleb-himes
Copy link
Contributor

Description

Exposing a service API for the new submission effort (module v6.0.0) makes these checks now being exposed passable while running in FIPS mode.

Testing

Using the operational test app

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

@kaleb-himes
Copy link
Contributor Author

NOTE: Do not merge this PR before merging #7462 (not sure what is taking so long on the other one?) This PR contains some of the same commits as work is progressing faster than merges are happening.

@kaleb-himes kaleb-himes marked this pull request as draft April 25, 2024 20:30
@kaleb-himes
Copy link
Contributor Author

rebased on master.

@kaleb-himes kaleb-himes force-pushed the SRTP-KDF-OPTEST branch 2 times, most recently from ac462a2 to 1ea3a9b Compare May 8, 2024 21:15
@kaleb-himes
Copy link
Contributor Author

kaleb-himes commented May 15, 2024
edited
Loading

retest this please

@kaleb-himes kaleb-himes marked this pull request as ready for review May 15, 2024 19:56
dgarske
dgarske requested changes May 15, 2024
View reviewed changes
wolfcrypt/src/pwdbased.c
* non-testable requirement. wolfCrypt will log it when appropriate but
* take no action */
if (iterations < 1000) {
WOLFSSL_MSG("WARNING: Iteration < 1,000, see SP800-132 section 5.2");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this "warning" sufficient? Won't be noticed unless DEBUG_WOLFSSL is set. Should it return a new error code?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes this is sufficient per the comment this is not enforceable.

wolfssl/wolfcrypt/hmac.h
@@ -43,6 +43,10 @@
WOLFSSL_LOCAL int wolfCrypt_FIPS_HMAC_sanity(void);
#endif

#if FIPS_VERSION3_GE(6,0,0)
#define FIPS_ALLOW_SHORT 1
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this new FIPS macro include HMAC in the name? Would be nice if wc_HmacSetKey_ex was unsigned and actually a flag / bit mask. Currently its 0 or non-zero only.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

By design.

@dgarske dgarske merged commit db38351 into wolfSSL:master May 15, 2024
99 checks passed
@kaleb-himes kaleb-himes deleted the SRTP-KDF-OPTEST branch May 20, 2024 14:25
jefferyq2 pushed a commit to jefferyq2/wolfssl that referenced this pull request Jun 9, 2024
@dgarske @jefferyq2
Merge pull request wolfSSL#7470 from kaleb-himes/SRTP-KDF-OPTEST
14fe7d3 
Srtp kdf optest
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dgarske dgarske dgarske approved these changes

@wolfSSL-Bot wolfSSL-Bot Awaiting requested review from wolfSSL-Bot

Assignees

@kaleb-himes kaleb-himes

@wolfSSL-Bot wolfSSL-Bot

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kaleb-himes @dgarske @wolfSSL-Bot