Add proper status indication APIs for all algorithms

Each algorithm type received a proper status API that may return
information about the given particular algorithm instance.

This update allows for FIPS that, say, lc_sha256 is marked as FIPS
approved algorithm, but any other implementation such as
lc_sha256_ahani on ARM (which would point to the C implementation
and thus would not point to the accelerated ARM implementation) are
not marked as FIPS-approved.

To complete the implementation, the following changes are applied
which all are not visible to the caller:

- add lc_*_null.c implementation which define a symbol in case the
associated algorithm is not compiled

- wrap ChaCha20 DRNG into an lc_rng structure

Signed-off-by: Stephan Mueller <smueller@chronox.de>

Author: smuellerDD

CHANGES.md

@@ -47,6 +47,10 @@ Changes 1.7.0-prerelease
 
 * Update of X.509 composite signatures with latest draft + cross testing with all IETF-Hackathon providers
 
+* Add proper status indication APIs for all algorithms
+
+* ChaCha20 DRNG wrapped in common wrapper
+
 Changes 1.6.0
 * ASN.1: use stack for small generator for small use cases
 

aead/api/lc_aead.h

@@ -22,6 +22,7 @@
 
 #include "lc_aes.h"
 #include "lc_memory_support.h"
+#include "lc_status.h"
 
 #ifdef __cplusplus
 extern "C" {
@@ -268,23 +269,23 @@ int lc_aead_dec_final(struct lc_aead_ctx *ctx, const uint8_t *tag,
 
 /**
  * @ingroup AEAD
- * @brief Obtain algorithm type usable with lc_alg_status
+ * @brief Obtain algorithm status
  *
  * @param [in] aead AEAD algorithm instance
  *
- * @return algorithm type
+ * @return algorithm status
  */
-uint64_t lc_aead_algorithm_type(const struct lc_aead *aead);
+enum lc_alg_status_val lc_aead_alg_status(const struct lc_aead *aead);
 
 /**
  * @ingroup AEAD
- * @brief Obtain algorithm type usable with lc_alg_status
+ * @brief Obtain algorithm status
  *
  * @param [in] ctx AEAD context handle
  *
- * @return algorithm type
+ * @return algorithm status
  */
-uint64_t lc_aead_ctx_algorithm_type(const struct lc_aead_ctx *ctx);
+enum lc_alg_status_val lc_aead_ctx_alg_status(const struct lc_aead_ctx *ctx);
 
 #ifdef __cplusplus
 }

aead/src/aead_api.c

@@ -20,6 +20,7 @@
 #include "ext_headers_internal.h"
 #include "lc_aead.h"
 #include "lc_memory_support.h"
+#include "status_algorithms.h"
 #include "visibility.h"
 
 LC_INTERFACE_FUNCTION(void, lc_aead_zero, struct lc_aead_ctx *ctx)
@@ -231,20 +232,21 @@ LC_INTERFACE_FUNCTION(int, lc_aead_dec_final, struct lc_aead_ctx *ctx,
 	return aead->dec_final(aead_state, tag, taglen);
 }
 
-LC_INTERFACE_FUNCTION(uint64_t, lc_aead_algorithm_type,
+LC_INTERFACE_FUNCTION(enum lc_alg_status_val, lc_aead_alg_status,
 		      const struct lc_aead *aead)
 {
 	if (!aead)
-		return 0;
+		return lc_alg_status_unknown;
 
-	return aead->algorithm_type;
+	/* No algorithm is ruled out a-priori for FIPS compliance */
+	return lc_alg_status(aead->algorithm_type | LC_ALG_STATUS_FIPS);
 }
 
-LC_INTERFACE_FUNCTION(uint64_t, lc_aead_ctx_algorithm_type,
+LC_INTERFACE_FUNCTION(enum lc_alg_status_val, lc_aead_ctx_alg_status,
 		      const struct lc_aead_ctx *ctx)
 {
 	if (!ctx)
-		return 0;
+		return lc_alg_status_unknown;
 
-	return lc_aead_algorithm_type(ctx->aead);
+	return lc_aead_alg_status(ctx->aead);
 }

aead/tests/aes_gcm_tester.c

@@ -210,7 +210,7 @@ LC_TEST_FUNC(int, main, int argc, char *argv[])
 
 	ret = lc_aes_gcm_test(argc);
 
-	ret = test_validate_status(ret, LC_ALG_STATUS_AES_GCM, 1);
+	ret = test_validate_status(ret, lc_aead_alg_status(lc_aes_gcm_aead), 1);
 	ret += test_print_status();
 
 	lc_cpu_feature_enable();

aead/tests/ascon_crypt_test.c

@@ -178,7 +178,7 @@ LC_TEST_FUNC(int, main, int argc, char *argv[])
 	ret += ascon_tester_128();
 	ret += ascon_tester_128_non_aligned();
 
-	ret = test_validate_status(ret, LC_ALG_STATUS_ASCON_AEAD_128, 1);
+	ret = test_validate_status(ret, lc_aead_alg_status(lc_ascon_aead), 1);
 	ret += test_print_status();
 
 	return ret;

aead/tests/ascon_keccak_crypt_test.c

@@ -392,15 +392,16 @@ LC_TEST_FUNC(int, main, int argc, char *argv[])
 	LC_EXEC_ONE_TEST_256(lc_sha3_256_avx512);
 	LC_EXEC_ONE_TEST_256(lc_sha3_256_riscv_asm);
 
-	if (!(lc_alg_status(lc_aead_algorithm_type(lc_ascon_keccak_aead)) &
+	if (!(lc_aead_alg_status(lc_ascon_keccak_aead) &
 	      lc_alg_status_self_test_passed)) {
-		printf("lc_aead_algorithm_type failure\n");
+		printf("lc_aead_alg_status failure\n");
 		ret++;
 	} else {
-		printf("lc_aead_algorithm_type pass\n");
+		printf("lc_aead_alg_status pass\n");
 	}
 
-	ret = test_validate_status(ret, LC_ALG_STATUS_ASCON_KECCAK, 0);
+	ret = test_validate_status(ret,
+				   lc_aead_alg_status(lc_ascon_keccak_aead), 0);
 	ret += test_print_status();
 
 	return ret;

aead/tests/chacha20poly1305_tester.c

@@ -146,7 +146,8 @@ LC_TEST_FUNC(int, main, int argc, char *argv[])
 
 	ret = lc_chacha20_poly1305_test(argc);
 
-	ret = test_validate_status(ret, LC_ALG_STATUS_CHACHA20_POLY1305, 0);
+	ret = test_validate_status(
+		ret, lc_aead_alg_status(lc_chacha20_poly1305_aead), 0);
 	ret += test_print_status();
 
 	return ret;

aead/tests/cshake_crypt_test.c

@@ -245,7 +245,7 @@ LC_TEST_FUNC(int, main, int argc, char *argv[])
 	}
 	ret += ret2;
 
-	ret = test_validate_status(ret, LC_ALG_STATUS_CSHAKE_CRYPT, 0);
+	ret = test_validate_status(ret, lc_aead_alg_status(lc_cshake_aead), 0);
 	ret += test_print_status();
 
 out:

aead/tests/hash_crypt_test.c

@@ -20,6 +20,7 @@
 #include "compare.h"
 #include "ext_headers_internal.h"
 #include "lc_hash_crypt.h"
+#include "lc_sha256.h"
 #include "lc_sha512.h"
 #include "test_helper_common.h"
 #include "visibility.h"
@@ -175,16 +176,16 @@ LC_TEST_FUNC(int, main, int argc, char *argv[])
 
 	ret = hc_tester_sha512();
 
-	ret = test_validate_status(ret, LC_ALG_STATUS_HASH_CRYPT, 0);
-	ret = test_validate_status(ret, LC_ALG_STATUS_HASH_DRBG, 0);
-	ret = test_validate_status(ret, LC_ALG_STATUS_SHA512, 1);
+	ret = test_validate_status(ret, lc_aead_alg_status(lc_hash_aead), 0);
+	ret = test_validate_status(ret, lc_rng_alg_status(lc_hash_drbg), 0);
+	ret = test_validate_status(ret, lc_hash_alg_status(lc_sha512), 1);
 #ifndef LC_FIPS140_DEBUG
 	/*
 	 * These algos are not even triggered due to initialization errors
 	 * of the higher tests.
 	 */
-	ret = test_validate_status(ret, LC_ALG_STATUS_SHA256, 1);
-	ret = test_validate_status(ret, LC_ALG_STATUS_HMAC, 1);
+	ret = test_validate_status(ret, lc_hash_alg_status(lc_sha256), 1);
+	ret = test_validate_status(ret, lc_hmac_alg_status(lc_sha256), 1);
 #endif
 	ret += test_print_status();
 

aead/tests/kmac_crypt_test.c

@@ -243,9 +243,9 @@ LC_TEST_FUNC(int, main, int argc, char *argv[])
 	}
 	ret += ret2;
 
-	ret = test_validate_status(ret, LC_ALG_STATUS_KMAC_CRYPT, 0);
+	ret = test_validate_status(ret, lc_aead_alg_status(lc_kmac_aead), 0);
 #ifndef LC_FIPS140_DEBUG
-	ret = test_validate_status(ret, LC_ALG_STATUS_KMAC, 1);
+	ret = test_validate_status(ret, lc_kmac_alg_status(lc_cshake256), 1);
 #endif
 	ret += test_print_status();