1 /* fips_test.h
2  *
3  * Copyright (C) 2006-2021 wolfSSL Inc.
4  *
5  * This file is part of wolfSSL.
6  *
7  * wolfSSL is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 2 of the License, or
10  * (at your option) any later version.
11  *
12  * wolfSSL is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program; if not, write to the Free Software
19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20  */
21 
22 
23 
24 #ifndef WOLF_CRYPT_FIPS_TEST_H
25 #define WOLF_CRYPT_FIPS_TEST_H
26 
27 #include <wolfssl/wolfcrypt/types.h>
28 
29 
30 #ifdef __cplusplus
31     extern "C" {
32 #endif
33 
34 enum FipsCastId {
35     FIPS_CAST_AES_CBC,
36     FIPS_CAST_AES_GCM,
37     FIPS_CAST_HMAC_SHA1,
38     FIPS_CAST_HMAC_SHA2_256,
39     FIPS_CAST_HMAC_SHA2_512,
40     FIPS_CAST_HMAC_SHA3_256,
41     FIPS_CAST_DRBG,
42     FIPS_CAST_RSA_SIGN_PKCS1v15,
43     FIPS_CAST_ECC_CDH,
44     FIPS_CAST_ECC_PRIMITIVE_Z,
45     FIPS_CAST_DH_PRIMITIVE_Z,
46     FIPS_CAST_ECDSA,
47     FIPS_CAST_KDF_TLS12,
48     FIPS_CAST_KDF_TLS13,
49     FIPS_CAST_KDF_SSH,
50     FIPS_CAST_COUNT
51 };
52 
53 enum FipsCastStateId {
54     FIPS_CAST_STATE_INIT,
55     FIPS_CAST_STATE_PROCESSING,
56     FIPS_CAST_STATE_SUCCESS,
57     FIPS_CAST_STATE_FAILURE
58 };
59 
60 enum FipsModeId {
61     FIPS_MODE_INIT,
62     FIPS_MODE_NORMAL,
63     FIPS_MODE_DEGRADED,
64     FIPS_MODE_FAILED
65 };
66 
67 
68 /* FIPS failure callback */
69 typedef void(*wolfCrypt_fips_cb)(int ok, int err, const char* hash);
70 
71 /* Public set function */
72 WOLFSSL_API int wolfCrypt_SetCb_fips(wolfCrypt_fips_cb cbf);
73 
74 /* Public get status functions */
75 WOLFSSL_API int wolfCrypt_GetStatus_fips(void);
76 WOLFSSL_API const char* wolfCrypt_GetCoreHash_fips(void);
77 
78 #ifdef HAVE_FORCE_FIPS_FAILURE
79     /* Public function to force failure mode for operational testing */
80     WOLFSSL_API int wolfCrypt_SetStatus_fips(int);
81 #endif
82 
83 WOLFSSL_LOCAL int DoIntegrityTest(char*, int);
84 WOLFSSL_LOCAL int DoPOST(char*, int);
85 WOLFSSL_LOCAL int DoCAST(int);
86 WOLFSSL_LOCAL int DoKnownAnswerTests(char*, int); /* FIPSv1 and FIPSv2 */
87 
88 WOLFSSL_API int wc_RunCast_fips(int);
89 WOLFSSL_API int wc_GetCastStatus_fips(int);
90 
91 #ifdef __cplusplus
92     } /* extern "C" */
93 #endif
94 
95 #endif /* WOLF_CRYPT_FIPS_TEST_H */
96 
97