diff --git a/tests/api.c b/tests/api.c index 5225240eb..322f4cef0 100644 --- a/tests/api.c +++ b/tests/api.c @@ -64,6 +64,10 @@ #ifdef WOLFSSL_RIPEMD #include #endif +#ifndef NO_DES3 + #include + #include +#endif #ifndef NO_HMAC #include @@ -4778,6 +4782,289 @@ static int test_wc_Sha384HmacFinal (void) +/* + * unit test for wc_Des3_SetIV() + */ +static int test_wc_Des3_SetIV (void) +{ +#ifndef NO_DES3 + Des3 des; + int ret; + const byte key[] = + { + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, + 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, + 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 + }; + + const byte iv[] = + { + 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 + }; + + printf(testingFmt, "wc_Des3_SetIV()"); + + /* DES_ENCRYPTION or DES_DECRYPTION */ + ret = wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION); + + if (ret == 0) { + if (XMEMCMP(iv, des.reg, DES_BLOCK_SIZE) != 0) { + ret = SSL_FATAL_ERROR; + } + } + + /* Test explicitly wc_Des3_SetIV() */ + if (ret == 0) { + ret = wc_Des3_SetIV(NULL, iv); + if (ret == BAD_FUNC_ARG) { + ret = wc_Des3_SetIV(&des, NULL); + } else if (ret == 0) { + ret = SSL_FATAL_ERROR; + } + } + + printf(resultFmt, ret == 0 ? passed : failed); + +#endif + return 0; + +} /* END test_wc_Des3_SetIV */ + +/* + * unit test for wc_Des3_SetKey() + */ +static int test_wc_Des3_SetKey (void) +{ +#ifndef NO_DES3 + Des3 des; + int ret; + const byte key[] = + { + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, + 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, + 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 + }; + + const byte iv[] = + { + 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 + }; + + printf(testingFmt, "wc_Des3_SetKey()"); + + /* DES_ENCRYPTION or DES_DECRYPTION */ + ret = wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION); + if (ret == 0) { + if (XMEMCMP(iv, des.reg, DES_BLOCK_SIZE) != 0) { + ret = SSL_FATAL_ERROR; + } + } + + /* Test bad args. */ + if (ret == 0) { + ret = wc_Des3_SetKey(NULL, key, iv, DES_ENCRYPTION); + if (ret == BAD_FUNC_ARG) { + ret = wc_Des3_SetKey(&des, NULL, iv, DES_ENCRYPTION); + } + if (ret == BAD_FUNC_ARG) { + ret = wc_Des3_SetKey(&des, key, iv, -1); + } + if (ret == BAD_FUNC_ARG) { + /* Default case. Should return 0. */ + ret = wc_Des3_SetKey(&des, key, NULL, DES_ENCRYPTION); + } + } /* END if ret != 0 */ + + printf(resultFmt, ret == 0 ? passed : failed); + +#endif + return 0; + +} /* END test_wc_Des3_SetKey */ + +/* + * Test function for wc_Des3_CbcEncrypt and wc_Des3_CbcDecrypt + */ +static int test_wc_Des3_CbcEncryptDecrypt (void) +{ +#ifndef NO_DES3 + Des3 des; + byte cipher[24]; + byte plain[24]; + int ret; + + const byte key[] = + { + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, + 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, + 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 + }; + + const byte iv[] = + { + 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 + }; + + const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */ + 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + + printf(testingFmt, "wc_Des3_CbcEncrypt()"); + + ret = wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION); + + if (ret == 0) { + ret = wc_Des3_CbcEncrypt(&des, cipher, vector, 24); + + if (ret == 0) { + ret = wc_Des3_SetKey(&des, key, iv, DES_DECRYPTION); + } + if (ret == 0) { + ret = wc_Des3_CbcDecrypt(&des, plain, cipher, 24); + } + } + + if (ret == 0) { + if (XMEMCMP(plain, vector, 24) != 0) { + ret = SSL_FATAL_ERROR; + } + } + + /* Pass in bad args. */ + if (ret == 0) { + ret = wc_Des3_CbcEncrypt(NULL, cipher, vector, 24); + if (ret == BAD_FUNC_ARG) { + ret = wc_Des3_CbcEncrypt(&des, NULL, vector, 24); + } + if (ret == BAD_FUNC_ARG) { + ret = wc_Des3_CbcEncrypt(&des, cipher, NULL, sizeof(vector)); + } + if (ret != BAD_FUNC_ARG) { + ret = SSL_FATAL_ERROR;; + } else { + ret = 0; + } + } + + if (ret == 0) { + ret = wc_Des3_CbcDecrypt(NULL, plain, cipher, 24); + if (ret == BAD_FUNC_ARG) { + ret = wc_Des3_CbcDecrypt(&des, NULL, cipher, 24); + } + if (ret == BAD_FUNC_ARG) { + ret = wc_Des3_CbcDecrypt(&des, plain, NULL, 24); + } + if (ret != BAD_FUNC_ARG) { + ret = SSL_FATAL_ERROR; + } else { + ret = 0; + } + } + + printf(resultFmt, ret == 0 ? passed : failed); + +#endif + return 0; + +} /* END wc_Des3_CbcEncrypt */ + +/* + * Unit test for wc_Des3_CbcEncryptWithKey and wc_Des3_CbcDecryptWithKey + */ +static int test_wc_Des3_CbcEncryptDecryptWithKey (void) +{ +#ifndef NO_DES3 + + word32 vectorSz, cipherSz; + byte cipher[24]; + byte plain[24]; + + byte vector[] = /* Now is the time for all w/o trailing 0 */ + { + 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + + byte key[] = + { + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, + 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, + 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 + }; + + byte iv[] = + { + 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 + }; + + int ret; + + vectorSz = sizeof(byte) * 24; + cipherSz = sizeof(byte) * 24; + + printf(testingFmt, "wc_Des3_CbcEncryptWithKey()"); + + ret = wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, key, iv); + if (ret == 0) { + ret = wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, key, iv); + if (ret == 0) { + if (XMEMCMP(plain, vector, 24) != 0) { + ret = SSL_FATAL_ERROR; + } + } + } + + /* pass in bad args. */ + if (ret == 0) { + ret = wc_Des3_CbcEncryptWithKey(NULL, vector, vectorSz, key, iv); + if (ret == BAD_FUNC_ARG) { + ret = wc_Des3_CbcEncryptWithKey(cipher, NULL, vectorSz, key, iv); + } + if (ret == BAD_FUNC_ARG) { + ret = wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, NULL, iv); + } + if (ret == BAD_FUNC_ARG) { + ret = wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, + key, NULL); + } else { + /* Return code catch. */ + ret = SSL_FAILURE; + } + } + + if (ret == 0) { + ret = wc_Des3_CbcDecryptWithKey(NULL, cipher, cipherSz, key, iv); + if (ret == BAD_FUNC_ARG) { + ret = wc_Des3_CbcDecryptWithKey(plain, NULL, cipherSz, key, iv); + } + if (ret == BAD_FUNC_ARG) { + ret = wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, NULL, iv); + } + if (ret == BAD_FUNC_ARG) { + ret = wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, key, NULL); + } else { + ret = SSL_FAILURE; + } + } + + printf(resultFmt, ret == 0 ? passed : failed); + +#endif + return 0; +} /* END test_wc_Des3_CbcEncryptDecryptWithKey */ + + /*----------------------------------------------------------------------------* | Compatibility Tests *----------------------------------------------------------------------------*/ @@ -6054,6 +6341,11 @@ void ApiTest(void) AssertFalse(test_wc_Sha384HmacUpdate()); AssertFalse(test_wc_Sha384HmacFinal()); + + AssertIntEQ(test_wc_Des3_SetIV(), 0); + AssertIntEQ(test_wc_Des3_SetKey(), 0); + AssertIntEQ(test_wc_Des3_CbcEncryptDecrypt(), 0); + AssertIntEQ(test_wc_Des3_CbcEncryptDecryptWithKey(), 0); printf(" End API Tests\n"); } diff --git a/wolfcrypt/src/des3.c b/wolfcrypt/src/des3.c index 739fb62d6..534f59d9a 100755 --- a/wolfcrypt/src/des3.c +++ b/wolfcrypt/src/des3.c @@ -25,6 +25,8 @@ #endif #include +#include +#include #ifndef NO_DES3 @@ -39,6 +41,10 @@ } int wc_Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir) { + if (des == NULL || key == NULL || dir < 0) { + return BAD_FUNC_ARG; + } + return Des3_SetKey_fips(des, key, iv, dir); } int wc_Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) @@ -51,10 +57,16 @@ } int wc_Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz) { + if (des == NULL || out == NULL || in == NULL) { + return BAD_FUNC_ARG; + } return Des3_CbcEncrypt_fips(des, out, in, sz); } int wc_Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz) { + if (des == NULL || out == NULL || in == NULL) { + return BAD_FUNC_ARG; + } return Des3_CbcDecrypt_fips(des, out, in, sz); } @@ -102,8 +114,6 @@ #include #else -#include -#include #ifdef NO_INLINE #include @@ -1395,6 +1405,10 @@ { int ret; + if (des == NULL || key == NULL || dir < 0) { + return BAD_FUNC_ARG; + } + #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_3DES) if (des->asyncDev.marker == WOLFSSL_ASYNC_MARKER_3DES) { /* key_raw holds orignal key copy */ @@ -1535,6 +1549,10 @@ { word32 blocks; + if (des == NULL || out == NULL || in == NULL) { + return BAD_FUNC_ARG; + } + #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_3DES) if (des->asyncDev.marker == WOLFSSL_ASYNC_MARKER_3DES && sz >= WC_ASYNC_THRESH_DES3_CBC) { @@ -1574,6 +1592,10 @@ { word32 blocks; + if (des == NULL || out == NULL || in == NULL) { + return BAD_FUNC_ARG; + } + #if defined(WOLFSSL_ASYNC_CRYPT) if (des->asyncDev.marker == WOLFSSL_ASYNC_MARKER_3DES && sz >= WC_ASYNC_THRESH_DES3_CBC) { @@ -1661,6 +1683,9 @@ void wc_Des_SetIV(Des* des, const byte* iv) int wc_Des3_SetIV(Des3* des, const byte* iv) { + if (des == NULL) { + return BAD_FUNC_ARG; + } if (des && iv) XMEMCPY(des->reg, iv, DES_BLOCK_SIZE); else if (des)