Fixing up tests and preparing for SLH-DSA integration

Author: kaleb-himes

configure.ac

@@ -6230,6 +6230,16 @@ AS_CASE([$FIPS_VERSION],
         # LMS: enable SHA-256/192 and SHAKE256 parameter sets for FIPS v7
         AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LMS_SHA256_192 -DWOLFSSL_LMS_SHAKE256"
 
+        AS_IF([test "$ENABLED_SLHDSA" != "yes" &&
+               (test "$FIPS_VERSION" != "dev" || test "$enable_slhdsa" != "no")],
+            [ENABLED_SLHDSA="yes"
+             SLHDSA_PARAM_128S="yes"
+             SLHDSA_PARAM_128F="yes"
+             SLHDSA_PARAM_192S="yes"
+             SLHDSA_PARAM_192F="yes"
+             SLHDSA_PARAM_256S="yes"
+             SLHDSA_PARAM_256F="yes"])
+
 # SHA-256 DRBG -- cannot be disabled at build time in FIPS mode
         AS_IF([test "$enable_sha256_drbg" = "no"],
             [AC_MSG_WARN([Can not disable SHA256-DRBG at build time in FIPS mode, disable at run-time with wc_Sha256Drbg_Disable() or wc_Sha256Drbg_Disable_fips()])])
@@ -7352,11 +7362,16 @@ if test "x$ENABLED_HASHDRBG" != "xyes" && test "x$ENABLED_FIPS" = "xyes" && test
 then
     if test "$enable_hashdrbg" = "no"
     then
-        AC_MSG_WARN([SHA256-DRBG and SHA512-DRBG required in FIPS build, may be disabled at run-time with wc_Sha256Drbg_Disable_fips() or wc_Sha512Drbg_Disable_fips()])
+        AC_MSG_WARN([SHA256-DRBG required in FIPS build])
     fi
     ENABLED_HASHDRBG=yes
     ENABLED_SHA256_DRBG=yes
-    ENABLED_SHA512_DRBG=yes
+fi
+
+# SHA-512 DRBG and runtime DRBG disable/enable APIs are v7+ only
+if test "x$ENABLED_FIPS" = "xyes" && test $HAVE_FIPS_VERSION -lt 7
+then
+    ENABLED_SHA512_DRBG=no
 fi
 
 # Set Hash DRBG compiler flags

src/include.am

@@ -1140,6 +1140,10 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_xmss.c
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_xmss_impl.c
 endif
 
+if BUILD_WC_SLHDSA
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_slhdsa.c
+endif
+
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/fips.c \
                              wolfcrypt/src/fips_test.c
 
@@ -1809,9 +1813,11 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_xmss_impl.c
 endif
 endif !BUILD_FIPS_V7_PLUS
 
+if !BUILD_FIPS_V7_PLUS
 if BUILD_WC_SLHDSA
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_slhdsa.c
 endif
+endif !BUILD_FIPS_V7_PLUS
 
 if !BUILD_FIPS_V6_PLUS
 if BUILD_CURVE25519

tests/api/test_hash.c

@@ -68,6 +68,12 @@ static const enum wc_HashType supportedHash[] = {
     WC_HASH_TYPE_SHA3_256,
     WC_HASH_TYPE_SHA3_384,
     WC_HASH_TYPE_SHA3_512,
+#if defined(WOLFSSL_SHAKE128)
+    WC_HASH_TYPE_SHAKE128,
+#endif
+#if defined(WOLFSSL_SHAKE256)
+    WC_HASH_TYPE_SHAKE256,
+#endif
 #endif
 #ifdef WOLFSSL_SM3
     WC_HASH_TYPE_SM3,
@@ -101,19 +107,19 @@ static const enum wc_HashType notCompiledHash[] = {
     WC_HASH_TYPE_SHA3_256,
     WC_HASH_TYPE_SHA3_384,
     WC_HASH_TYPE_SHA3_512,
+#endif
+#if !defined(WOLFSSL_SHA3) || !defined(WOLFSSL_SHAKE128)
+    WC_HASH_TYPE_SHAKE128,
+#endif
+#if !defined(WOLFSSL_SHA3) || !defined(WOLFSSL_SHAKE256)
+    WC_HASH_TYPE_SHAKE256,
 #endif
     WC_HASH_TYPE_NONE   /* Dummy value to ensure list is non-zero. */
 };
 static const int notCompiledHashLen = (sizeof(notCompiledHash) /
                                        sizeof(enum wc_HashType)) - 1;
 
 static const enum wc_HashType notSupportedHash[] = {
-#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128)
-    WC_HASH_TYPE_SHAKE128,
-#endif
-#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256)
-    WC_HASH_TYPE_SHAKE256,
-#endif
     WC_HASH_TYPE_MD5_SHA,
     WC_HASH_TYPE_MD2,
     WC_HASH_TYPE_MD4,
@@ -137,6 +143,12 @@ static const enum wc_HashType sizeSupportedHash[] = {
 #if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
     WC_HASH_TYPE_BLAKE2B,
     WC_HASH_TYPE_BLAKE2S,
+#endif
+#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128)
+    WC_HASH_TYPE_SHAKE128,
+#endif
+#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256)
+    WC_HASH_TYPE_SHAKE256,
 #endif
     WC_HASH_TYPE_NONE   /* Dummy value to ensure list is non-zero. */
 };
@@ -155,18 +167,18 @@ static const enum wc_HashType sizeNotCompiledHash[] = {
 #if !defined(HAVE_BLAKE2) && !defined(HAVE_BLAKE2S)
     WC_HASH_TYPE_BLAKE2B,
     WC_HASH_TYPE_BLAKE2S,
+#endif
+#if !defined(WOLFSSL_SHA3) || !defined(WOLFSSL_SHAKE128)
+    WC_HASH_TYPE_SHAKE128,
+#endif
+#if !defined(WOLFSSL_SHA3) || !defined(WOLFSSL_SHAKE256)
+    WC_HASH_TYPE_SHAKE256,
 #endif
     WC_HASH_TYPE_NONE   /* Dummy value to ensure list is non-zero. */
 };
 static const int sizeNotCompiledHashLen = (sizeof(sizeNotCompiledHash) /
                                            sizeof(enum wc_HashType)) - 1;
 static const enum wc_HashType sizeNotSupportedHash[] = {
-#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128)
-    WC_HASH_TYPE_SHAKE128,
-#endif
-#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256)
-    WC_HASH_TYPE_SHAKE256,
-#endif
     WC_HASH_TYPE_NONE
 };
 static const int sizeNotSupportedHashLen = (sizeof(sizeNotSupportedHash) /