@@ -64,31 +64,79 @@
static WC_RNG * wc_rng_init(void)
{
WC_RNG * ret;
+#ifdef CONFIG_FIPS
+ ret = os_zalloc(sizeof(WC_RNG));
+#else
ret = wc_rng_new(NULL, 0, NULL);
+#endif
if (!ret) {
+#ifdef CONFIG_FIPS
+ LOG_WOLF_ERROR_FUNC_NULL(os_zalloc);
+#else
LOG_WOLF_ERROR_FUNC_NULL(wc_rng_new);
+#endif
+ }
+#ifdef CONFIG_FIPS
+ else {
+ int err;
+ err = wc_InitRng(ret);
+ if (err != 0) {
+ LOG_WOLF_ERROR_FUNC(wc_InitRng, err);
+ os_free(ret);
+ ret = NULL;
+ }
}
+#endif /* CONFIG_FIPS */
return ret;
}
static void wc_rng_deinit(WC_RNG * rng)
{
+#ifdef CONFIG_FIPS
+ wc_FreeRng(rng);
+ os_free(rng);
+#else /* CONFIG_FIPS */
wc_rng_free(rng);
+#endif /* CONFIG_FIPS */
}
static ecc_key * ecc_key_init(void)
{
ecc_key * ret;
+#ifdef CONFIG_FIPS
+ int err;
+ ret = os_zalloc(sizeof(ecc_key));
+#else /* CONFIG_FIPS */
ret = wc_ecc_key_new(NULL);
+#endif /* CONFIG_FIPS */
if (!ret) {
+#ifdef CONFIG_FIPS
+ LOG_WOLF_ERROR_FUNC_NULL(os_zalloc);
+#else /* CONFIG_FIPS */
LOG_WOLF_ERROR_FUNC_NULL(wc_ecc_key_new);
+#endif /* CONFIG_FIPS */
+ }
+#ifdef CONFIG_FIPS
+ else {
+ err = wc_ecc_init_ex(ret, NULL, INVALID_DEVID);
+ if (err != 0) {
+ LOG_WOLF_ERROR("wc_ecc_init_ex failed");
+ os_free(ret);
+ ret = NULL;
+ }
}
+#endif /* CONFIG_FIPS */
return ret;
}
static void ecc_key_deinit(ecc_key * key)
{
+#ifdef CONFIG_FIPS
+ wc_ecc_free(key);
+ os_free(key);
+#else /* CONFIG_FIPS */
wc_ecc_key_free(key);
+#endif /* CONFIG_FIPS */
}
/* end of helper functions */
@@ -1606,11 +1654,34 @@ struct crypto_ec * crypto_ec_init(int group)
LOG_WOLF_ERROR_FUNC_NULL(wc_ecc_new_point);
goto done;
}
+#ifdef CONFIG_FIPS
+ /* Setup generator manually in FIPS mode */
+ if (!e->key->dp) {
+ LOG_WOLF_ERROR_FUNC_NULL(e->key->dp);
+ goto done;
+ }
+ err = mp_read_radix(e->g->x, e->key->dp->Gx, MP_RADIX_HEX);
+ if (err != MP_OKAY) {
+ LOG_WOLF_ERROR_FUNC(mp_read_radix, err);
+ goto done;
+ }
+ err = mp_read_radix(e->g->y, e->key->dp->Gy, MP_RADIX_HEX);
+ if (err != MP_OKAY) {
+ LOG_WOLF_ERROR_FUNC(mp_read_radix, err);
+ goto done;
+ }
+ err = mp_set(e->g->z, 1);
+ if (err != MP_OKAY) {
+ LOG_WOLF_ERROR_FUNC(mp_set, err);
+ goto done;
+ }
+#else
err = wc_ecc_get_generator(e->g, wc_ecc_get_curve_idx(curve_id));
if (err != MP_OKAY) {
LOG_WOLF_ERROR_FUNC(wc_ecc_get_generator, err);
goto done;
}
+#endif
#endif
err = mp_init_multi(&e->a, &e->prime, &e->order, &e->b, NULL, NULL);
if (err != MP_OKAY) {
@@ -1689,7 +1760,13 @@ void crypto_ec_point_deinit(struct crypto_ec_point *p, int clear)
return;
if (clear) {
+#ifndef CONFIG_FIPS
wc_ecc_forcezero_point(point);
+#else
+ mp_forcezero(point->x);
+ mp_forcezero(point->y);
+ mp_forcezero(point->z);
+#endif
}
wc_ecc_del_point(point);
}
Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com> --- src/crypto/crypto_wolfssl.c | 77 +++++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+)