Check-in fips_test.h changes to master as well

kaleb-himes · kaleb-himes · commit 3a5e1716363b · 2023-08-28T14:22:37.000-07:00
diff --git a/wolfssl/wolfcrypt/fips_test.h b/wolfssl/wolfcrypt/fips_test.h
@@ -31,6 +31,25 @@
     extern "C" {
 #endif
 
+/* Added for FIPS v5.3 or later */
+#if defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)
+    /* Determine FIPS in core hash type and size */
+    #ifndef NO_SHA256
+        #define FIPS_IN_CORE_DIGEST_SIZE 32
+        #define FIPS_IN_CORE_HASH_TYPE   WC_SHA256
+        #define FIPS_IN_CORE_KEY_SZ      32
+        #define FIPS_IN_CORE_VERIFY_SZ   FIPS_IN_CORE_KEY_SZ
+    #elif defined(WOLFSSL_SHA384)
+        #define FIPS_IN_CORE_DIGEST_SIZE 48
+        #define FIPS_IN_CORE_HASH_TYPE   WC_SHA384
+        #define FIPS_IN_CORE_KEY_SZ      48
+        #define FIPS_IN_CORE_VERIFY_SZ   FIPS_IN_CORE_KEY_SZ
+    #else
+        #error No FIPS hash (SHA2-256 or SHA2-384)
+    #endif
+#endif /* FIPS v5.3 or later */
+
+
 enum FipsCastId {
     FIPS_CAST_AES_CBC,
     FIPS_CAST_AES_GCM,
@@ -58,10 +77,10 @@ enum FipsCastStateId {
 };
 
 enum FipsModeId {
-    FIPS_MODE_INIT,
-    FIPS_MODE_NORMAL,
-    FIPS_MODE_DEGRADED,
-    FIPS_MODE_FAILED
+    FIPS_MODE_INIT = 0,
+    FIPS_MODE_NORMAL = 1,
+    FIPS_MODE_DEGRADED = 2,
+    FIPS_MODE_FAILED = 3
 };
 
 
@@ -73,20 +92,21 @@ WOLFSSL_API int wolfCrypt_SetCb_fips(wolfCrypt_fips_cb cbf);
 
 /* Public get status functions */
 WOLFSSL_API int wolfCrypt_GetStatus_fips(void);
+WOLFSSL_API int wolfCrypt_GetMode_fips(void);
 WOLFSSL_API const char* wolfCrypt_GetCoreHash_fips(void);
 
 #ifdef HAVE_FORCE_FIPS_FAILURE
     /* Public function to force failure mode for operational testing */
-    WOLFSSL_API int wolfCrypt_SetStatus_fips(int);
+    WOLFSSL_API int wolfCrypt_SetStatus_fips(int status);
 #endif
 
-WOLFSSL_LOCAL int DoIntegrityTest(char*, int);
-WOLFSSL_LOCAL int DoPOST(char*, int);
-WOLFSSL_LOCAL int DoCAST(int);
-WOLFSSL_LOCAL int DoKnownAnswerTests(char*, int); /* FIPSv1 and FIPSv2 */
+WOLFSSL_LOCAL int DoPOST(char* base16_hash, int base16_hashSz);
+WOLFSSL_LOCAL int DoCAST(int type);
+WOLFSSL_LOCAL int DoKnownAnswerTests(char* base16_hash, int base16_hashSz); /* FIPSv1 and FIPSv2 */
 
-WOLFSSL_API int wc_RunCast_fips(int);
-WOLFSSL_API int wc_GetCastStatus_fips(int);
+WOLFSSL_API int wc_RunCast_fips(int type);
+WOLFSSL_API int wc_GetCastStatus_fips(int type);
+WOLFSSL_API int wc_RunAllCast_fips(void);
 
 #ifdef __cplusplus
     } /* extern "C" */
