FIPS: PCT enter error state upon 5 failures

smuellerDD · smuellerDD · commit 97043b8b5258 · 2025-03-01T14:10:03.000+01:00
Signed-off-by: Stephan Mueller &lt;smueller@chronox.de&gt;
diff --git a/curve25519/src/ed25519_pct.h b/curve25519/src/ed25519_pct.h
@@ -51,8 +51,8 @@ static inline int _lc_ed25519_pct_fips(const struct lc_ed25519_pk *pk,
 static inline int lc_ed25519_pct_fips(const struct lc_ed25519_pk *pk,
 				      const struct lc_ed25519_sk *sk)
 {
-	if (fips140_mode_enabled())
-		return _lc_ed25519_pct_fips(pk, sk);
+	FIPS140_PCT_LOOP(_lc_ed25519_pct_fips(pk, sk))
+
 	return 0;
 }
 
diff --git a/internal/api/fips_mode.h b/internal/api/fips_mode.h
@@ -31,6 +31,19 @@ extern "C" {
  */
 int fips140_mode_enabled(void);
 
+#define FIPS140_PCT_LOOP(func)                                                 \
+	if (fips140_mode_enabled()) {                                          \
+		unsigned int __i;                                              \
+		int __ret;                                                     \
+                                                                               \
+		for (__i = 0; __i < 5; __i++) {                                \
+			__ret = func;                                          \
+			if (!__ret)                                            \
+				return __ret;                                  \
+		}                                                              \
+		assert(0);                                                     \
+	}
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/ml-dsa/src/dilithium_pct.h b/ml-dsa/src/dilithium_pct.h
@@ -51,8 +51,8 @@ static inline int _lc_dilithium_pct_fips(const struct lc_dilithium_pk *pk,
 static inline int lc_dilithium_pct_fips(const struct lc_dilithium_pk *pk,
 					const struct lc_dilithium_sk *sk)
 {
-	if (fips140_mode_enabled())
-		return _lc_dilithium_pct_fips(pk, sk);
+	FIPS140_PCT_LOOP(_lc_dilithium_pct_fips(pk, sk))
+
 	return 0;
 }
 
diff --git a/ml-kem/src/kyber_pct.h b/ml-kem/src/kyber_pct.h
@@ -72,8 +72,7 @@ static inline int _lc_kyber_pct_fips(const struct lc_kyber_pk *pk,
 static inline int lc_kyber_pct_fips(const struct lc_kyber_pk *pk,
 				    const struct lc_kyber_sk *sk)
 {
-	if (fips140_mode_enabled())
-		return _lc_kyber_pct_fips(pk, sk);
+	FIPS140_PCT_LOOP(_lc_kyber_pct_fips(pk, sk))
 	return 0;
 }
 
diff --git a/slh-dsa/src/sphincs_pct.h b/slh-dsa/src/sphincs_pct.h
@@ -51,8 +51,8 @@ static inline int _lc_sphincs_pct_fips(const struct lc_sphincs_pk *pk,
 static inline int lc_sphincs_pct_fips(const struct lc_sphincs_pk *pk,
 				      const struct lc_sphincs_sk *sk)
 {
-	if (fips140_mode_enabled())
-		return _lc_sphincs_pct_fips(pk, sk);
+	FIPS140_PCT_LOOP(_lc_sphincs_pct_fips(pk, sk))
+
 	return 0;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -51,8 +51,8 @@ static inline int _lc_ed25519_pct_fips(const struct lc_ed25519_pk *pk,`
`51`	`51`	`static inline int lc_ed25519_pct_fips(const struct lc_ed25519_pk *pk,`
`52`	`52`	`const struct lc_ed25519_sk *sk)`
`53`	`53`	`{`
`54`		`- if (fips140_mode_enabled())`
`55`		`- return _lc_ed25519_pct_fips(pk, sk);`
	`54`	`+ FIPS140_PCT_LOOP(_lc_ed25519_pct_fips(pk, sk))`
	`55`	`+`
`56`	`56`	`return 0;`
`57`	`57`	`}`
`58`	`58`
Original file line number	Diff line number	Diff line change
`@@ -72,8 +72,7 @@ static inline int _lc_kyber_pct_fips(const struct lc_kyber_pk *pk,`
`72`	`72`	`static inline int lc_kyber_pct_fips(const struct lc_kyber_pk *pk,`
`73`	`73`	`const struct lc_kyber_sk *sk)`
`74`	`74`	`{`
`75`		`- if (fips140_mode_enabled())`
`76`		`- return _lc_kyber_pct_fips(pk, sk);`
	`75`	`+ FIPS140_PCT_LOOP(_lc_kyber_pct_fips(pk, sk))`
`77`	`76`	`return 0;`
`78`	`77`	`}`
`79`	`78`