diff --git a/configure.ac b/configure.ac index e307cbf45..a544cd7e8 100644 --- a/configure.ac +++ b/configure.ac @@ -1826,6 +1826,12 @@ else then AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS -DNO_BIG_INT" ENABLED_ASN=no + else + if test "$ENABLED_ASN" = "nocrypt" + then + AM_CFLAGS="$AM_CFLAGS -DNO_ASN_CRYPT" + enable_pwdbased=no + fi fi fi @@ -1846,7 +1852,7 @@ then ENABLED_SLOWMATH=no fi -AM_CONDITIONAL([BUILD_ASN], [test "x$ENABLED_ASN" = "xyes"]) +AM_CONDITIONAL([BUILD_ASN], [test "x$ENABLED_ASN" != "xno"]) # AES diff --git a/src/internal.c b/src/internal.c index a9fe023cd..17f5c2673 100644 --- a/src/internal.c +++ b/src/internal.c @@ -15414,15 +15414,6 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e) case NTRU_DECRYPT_ERROR: return "NTRU decrypt error"; - case ZLIB_INIT_ERROR: - return "zlib init error"; - - case ZLIB_COMPRESS_ERROR: - return "zlib compress error"; - - case ZLIB_DECOMPRESS_ERROR: - return "zlib decompress error"; - case GETTIME_ERROR: return "gettimeofday() error"; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index c29a25460..689896a63 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -2336,7 +2336,7 @@ int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der) return BAD_FUNC_ARG; } - #if !defined(NO_RSA) + #if !defined(NO_RSA) && !defined(NO_ASN_CRYPT) /* test if RSA key */ if (der->keyOID == RSAk) { #ifdef WOLFSSL_SMALL_STACK @@ -2404,9 +2404,9 @@ int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der) #endif } else - #endif /* NO_RSA */ + #endif /* !NO_RSA && !NO_ASN_CRYPT */ - #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) + #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) if (der->keyOID == ECDSAk) { #ifdef WOLFSSL_SMALL_STACK ecc_key* key_pair = NULL; @@ -2469,9 +2469,9 @@ int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der) #endif } else - #endif /* HAVE_ECC */ + #endif /* HAVE_ECC && HAVE_ECC_KEY_EXPORT && !NO_ASN_CRYPT */ - #ifdef HAVE_ED25519 + #if defined(HAVE_ED25519) && !defined(NO_ASN_CRYPT) if (der->keyOID == ED25519k) { #ifdef WOLFSSL_SMALL_STACK ed25519_key* key_pair = NULL; @@ -2512,7 +2512,7 @@ int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der) #endif } else - #endif + #endif /* HAVE_ED25519 && !NO_ASN_CRYPT */ { ret = 0; } @@ -2624,7 +2624,7 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz, *algoID = 0; - #ifndef NO_RSA + #if !defined(NO_RSA) && !defined(NO_ASN_CRYPT) { RsaKey rsa; @@ -2637,8 +2637,8 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz, } wc_FreeRsaKey(&rsa); } - #endif /* NO_RSA */ - #ifdef HAVE_ECC + #endif /* !NO_RSA && !NO_ASN_CRYPT */ + #if defined(HAVE_ECC) && !defined(NO_ASN_CRYPT) if (*algoID == 0) { ecc_key ecc; @@ -2659,8 +2659,8 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz, } wc_ecc_free(&ecc); } -#endif /* HAVE_ECC */ -#ifdef HAVE_ED25519 +#endif /* HAVE_ECC && !NO_ASN_CRYPT */ +#if defined(HAVE_ED25519) && !defined(NO_ASN_CRYPT) if (*algoID != RSAk && *algoID != ECDSAk) { ed25519_key ed25519; @@ -2679,7 +2679,7 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz, WOLFSSL_MSG("GetKeyOID wc_ed25519_init failed"); } } -#endif +#endif /* HAVE_ED25519 && !NO_ASN_CRYPT */ /* if flag is not set then is neither RSA or ECC key that could be * found */ @@ -5382,6 +5382,7 @@ void FreeSignatureCtx(SignatureCtx* sigCtx) sigCtx->plain = NULL; } #endif +#ifndef NO_ASN_CRYPT if (sigCtx->key.ptr) { switch (sigCtx->keyOID) { #ifndef NO_RSA @@ -5407,11 +5408,13 @@ void FreeSignatureCtx(SignatureCtx* sigCtx) } /* switch (keyOID) */ sigCtx->key.ptr = NULL; } +#endif /* reset state, we are done */ sigCtx->state = SIG_STATE_BEGIN; } +#ifndef NO_ASN_CRYPT static int HashForSignature(const byte* buf, word32 bufSz, word32 sigOID, byte* digest, int* typeH, int* digestSz, int verify) { @@ -5498,6 +5501,7 @@ static int HashForSignature(const byte* buf, word32 bufSz, word32 sigOID, return ret; } +#endif /* !NO_ASN_CRYPT */ /* Return codes: 0=Success, Negative (see error-crypt.h), ASN_SIG_CONFIRM_E */ static int ConfirmSignature(SignatureCtx* sigCtx, @@ -5519,6 +5523,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, WOLFSSL_ENTER("ConfirmSignature"); +#ifndef NO_ASN_CRYPT switch (sigCtx->state) { case SIG_STATE_BEGIN: { @@ -5796,6 +5801,11 @@ static int ConfirmSignature(SignatureCtx* sigCtx, exit_cs: +#endif /* !NO_ASN_CRYPT */ + + (void)keyOID; + (void)sigOID; + WOLFSSL_LEAVE("ConfirmSignature", ret); if (ret != WC_PENDING_E) { @@ -7447,7 +7457,7 @@ int CheckCertSignature(const byte* cert, word32 certSz, void* heap, void* cm) #endif return ret; } -#endif +#endif /* WOLFSSL_SMALL_CERT_VERIFY */ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) { @@ -9348,7 +9358,7 @@ static word32 SetUTF8String(word32 len, byte* output) #endif /* WOLFSSL_CERT_REQ */ -#endif /*WOLFSSL_CERT_GEN */ +#endif /* WOLFSSL_CERT_GEN */ #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) @@ -9482,7 +9492,7 @@ int wc_EccPublicKeyToDer(ecc_key* key, byte* output, word32 inLen, return SetEccPublicKey(output, key, with_AlgCurve); } -#endif /* HAVE_ECC */ +#endif /* HAVE_ECC && HAVE_ECC_KEY_EXPORT */ #if defined(HAVE_ED25519) && (defined(WOLFSSL_CERT_GEN) || \ defined(WOLFSSL_KEY_GEN)) @@ -11769,7 +11779,7 @@ int wc_SetAuthKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey) } -#ifndef NO_FILESYSTEM +#if !defined(NO_FILESYSTEM) && !defined(NO_ASN_CRYPT) /* Set SKID from public key file in PEM */ int wc_SetSubjectKeyId(Cert *cert, const char* file) @@ -11869,7 +11879,7 @@ int wc_SetSubjectKeyId(Cert *cert, const char* file) return ret; } -#endif /* NO_FILESYSTEM */ +#endif /* !NO_FILESYSTEM && !NO_ASN_CRYPT */ /* Set AKID from certificate contains in buffer (DER encoded) */ int wc_SetAuthKeyIdFromCert(Cert *cert, const byte *der, int derSz) @@ -13015,7 +13025,7 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx, return 0; } -#if defined(HAVE_ECC_KEY_EXPORT) +#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) /* build DER formatted ECC key, include optional public key if requested, * return length on success, negative on error */ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 inLen, @@ -13133,7 +13143,7 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 inLen, return totalSz; } - +#ifndef NO_ASN_CRYPT /* Write a Private ecc key, including public to DER format, * length on success else < 0 */ int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen) @@ -13148,6 +13158,7 @@ int wc_EccPrivateKeyToDer(ecc_key* key, byte* output, word32 inLen) { return wc_BuildEccKeyDer(key, output, inLen, 0); } +#endif /* !NO_ASN_CRYPT */ /* Write only private ecc key to unencrypted PKCS#8 format. * @@ -14451,6 +14462,91 @@ int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, void* cm) #endif /* HAVE_CRL */ + + +#ifdef WOLFSSL_CERT_PIV + +int wc_ParseCertPIV(wc_CertPIV* piv, const byte* buf, word32 totalSz) +{ + int length = 0; + word32 idx = 0; + + WOLFSSL_ENTER("wc_ParseCertPIV"); + + if (piv == NULL || buf == NULL || totalSz == 0) + return BAD_FUNC_ARG; + + XMEMSET(piv, 0, sizeof(wc_CertPIV)); + + /* Detect Identiv PIV (with 0x0A, 0x0B and 0x0C sections) */ + /* Certificate (0A 82 05FA) */ + if (GetASNHeader(buf, ASN_PIV_CERT, &idx, &length, totalSz) >= 0) { + /* Identiv Type PIV card */ + piv->isIdentiv = 1; + + piv->cert = &buf[idx]; + piv->certSz = length; + idx += length; + + /* Nonce (0B 14) */ + if (GetASNHeader(buf, ASN_PIV_NONCE, &idx, &length, totalSz) >= 0) { + piv->nonce = &buf[idx]; + piv->nonceSz = length; + idx += length; + } + + /* Signed Nonce (0C 82 0100) */ + if (GetASNHeader(buf, ASN_PIV_SIGNED_NONCE, &idx, &length, totalSz) >= 0) { + piv->signedNonce = &buf[idx]; + piv->signedNonceSz = length; + idx += length; + } + + idx = 0; + buf = piv->cert; + totalSz = piv->certSz; + } + + /* Certificate Buffer Total Size (53 82 05F6) */ + if (GetASNHeader(buf, ASN_APPLICATION | ASN_PRINTABLE_STRING, &idx, + &length, totalSz) < 0) { + return ASN_PARSE_E; + } + /* PIV Certificate (70 82 05ED) */ + if (GetASNHeader(buf, ASN_PIV_TAG_CERT, &idx, &length, + totalSz) < 0) { + return ASN_PARSE_E; + } + + /* Capture certificate buffer pointer and length */ + piv->cert = &buf[idx]; + piv->certSz = length; + idx += length; + + /* PIV Certificate Info (71 01 00) */ + if (GetASNHeader(buf, ASN_PIV_TAG_CERT_INFO, &idx, &length, + totalSz) >= 0) { + if (length >= 1) { + piv->compression = (buf[idx] & ASN_PIV_CERT_INFO_COMPRESSED); + piv->isX509 = (buf[idx] & ASN_PIV_CERT_INFO_ISX509); + } + idx += length; + } + + /* PIV Error Detection (FE 00) */ + if (GetASNHeader(buf, ASN_PIV_TAG_ERR_DET, &idx, &length, + totalSz) >= 0) { + piv->certErrDet = &buf[idx]; + piv->certErrDetSz = length; + idx += length; + } + + return 0; +} + +#endif /* WOLFSSL_CERT_PIV */ + + #undef ERROR_OUT #endif /* !NO_ASN */ diff --git a/wolfcrypt/src/compress.c b/wolfcrypt/src/compress.c index 68eb4c0ef..f45f99dd5 100644 --- a/wolfcrypt/src/compress.c +++ b/wolfcrypt/src/compress.c @@ -67,7 +67,6 @@ static void myFree(void* opaque, void* memory) #endif -int wc_Compress(byte* out, word32 outSz, const byte* in, word32 inSz, word32 flags) /* * out - pointer to destination buffer * outSz - size of destination buffer @@ -84,6 +83,8 @@ int wc_Compress(byte* out, word32 outSz, const byte* in, word32 inSz, word32 fla * add to the size of the output. The libz code says the compressed * buffer should be srcSz + 0.1% + 12. */ +int wc_Compress_ex(byte* out, word32 outSz, const byte* in, word32 inSz, + word32 flags, word32 windowBits) { z_stream stream; int result = 0; @@ -103,7 +104,8 @@ int wc_Compress(byte* out, word32 outSz, const byte* in, word32 inSz, word32 fla stream.opaque = (voidpf)0; if (deflateInit2(&stream, Z_DEFAULT_COMPRESSION, Z_DEFLATED, - DEFLATE_DEFAULT_WINDOWBITS, DEFLATE_DEFAULT_MEMLEVEL, + DEFLATE_DEFAULT_WINDOWBITS | windowBits, + DEFLATE_DEFAULT_MEMLEVEL, flags ? Z_FIXED : Z_DEFAULT_STRATEGY) != Z_OK) return COMPRESS_INIT_E; @@ -120,14 +122,32 @@ int wc_Compress(byte* out, word32 outSz, const byte* in, word32 inSz, word32 fla return result; } +int wc_Compress(byte* out, word32 outSz, const byte* in, word32 inSz, word32 flags) +{ + return wc_Compress_ex(out, outSz, in, inSz, flags, 0); +} -int wc_DeCompress(byte* out, word32 outSz, const byte* in, word32 inSz) + +/* windowBits: +* deflateInit() and inflateInit(), as well as deflateInit2() and inflateInit2() + with windowBits in 0..15 all process zlib-wrapped deflate data. + (See RFC 1950 and RFC 1951.) +* deflateInit2() and inflateInit2() with negative windowBits in -1..-15 process + raw deflate data with no header or trailer. +* deflateInit2() and inflateInit2() with windowBits in 16..31, i.e. 16 + added to 0..15, process gzip-wrapped deflate data (RFC 1952). +* inflateInit2() with windowBits in 32..47 (32 added to 0..15) will + automatically detect either a gzip or zlib header (but not raw deflate + data), and decompress accordingly. +*/ +int wc_DeCompress_ex(byte* out, word32 outSz, const byte* in, word32 inSz, + int windowBits) /* * out - pointer to destination buffer * outSz - size of destination buffer * in - pointer to source buffer to compress * inSz - size of source to compress - * flags - flags to control how compress operates + * windowBits - flags to control how decompress operates * * return: * negative - error code @@ -150,10 +170,11 @@ int wc_DeCompress(byte* out, word32 outSz, const byte* in, word32 inSz) stream.zfree = (free_func)myFree; stream.opaque = (voidpf)0; - if (inflateInit2(&stream, DEFLATE_DEFAULT_WINDOWBITS) != Z_OK) + if (inflateInit2(&stream, DEFLATE_DEFAULT_WINDOWBITS | windowBits) != Z_OK) return DECOMPRESS_INIT_E; - if (inflate(&stream, Z_FINISH) != Z_STREAM_END) { + result = inflate(&stream, Z_FINISH); + if (result != Z_STREAM_END) { inflateEnd(&stream); return DECOMPRESS_E; } @@ -167,5 +188,11 @@ int wc_DeCompress(byte* out, word32 outSz, const byte* in, word32 inSz) } +int wc_DeCompress(byte* out, word32 outSz, const byte* in, word32 inSz) +{ + return wc_DeCompress_ex(out, outSz, in, inSz, 0); +} + + #endif /* HAVE_LIBZ */ diff --git a/wolfcrypt/src/cryptodev.c b/wolfcrypt/src/cryptodev.c index 6e88c850b..55b7f00fa 100644 --- a/wolfcrypt/src/cryptodev.c +++ b/wolfcrypt/src/cryptodev.c @@ -330,4 +330,13 @@ int wc_CryptoDev_AesGcmDecrypt(Aes* aes, byte* out, } #endif /* !NO_AES && HAVE_AESGCM */ +/* call to support callback for entire buffer hash */ +int wc_CryptoDev_Sha256Hash(const byte* data, word32 len, byte* hash) +{ + (void)data; + (void)len; + (void)hash; + return NOT_COMPILED_IN; +} + #endif /* WOLF_CRYPTO_DEV */ diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c index 87eb05d0c..cb5b07ab9 100644 --- a/wolfcrypt/src/error.c +++ b/wolfcrypt/src/error.c @@ -483,10 +483,19 @@ const char* wc_GetErrorString(int error) return "DH Check Private Key failure"; case WC_AFALG_SOCK_E: - return "AF_ALG socket error"; + return "AF_ALG socket error"; case WC_DEVCRYPTO_E: - return "Error with /dev/crypto"; + return "Error with /dev/crypto"; + + case ZLIB_INIT_ERROR: + return "zlib init error"; + + case ZLIB_COMPRESS_ERROR: + return "zlib compress error"; + + case ZLIB_DECOMPRESS_ERROR: + return "zlib decompress error"; default: return "unknown error number"; diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c index d54bbc200..6ee58c0b6 100644 --- a/wolfcrypt/src/tfm.c +++ b/wolfcrypt/src/tfm.c @@ -2324,7 +2324,7 @@ int fp_to_unsigned_bin(fp_int *a, unsigned char *b) #ifdef WOLFSSL_SMALL_STACK XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - return FP_OKAY; + return FP_OKAY; } int fp_unsigned_bin_size(fp_int *a) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index cd45670c7..73568ecb8 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -360,6 +360,9 @@ int blob_test(void); #ifdef WOLF_CRYPTO_DEV int cryptodev_test(void); #endif +#ifdef WOLFSSL_CERT_PIV +int certpiv_test(void); +#endif /* General big buffer size for many tests. */ #define FOURK_BUF 4096 @@ -1017,6 +1020,13 @@ initDefaultName(); printf( "crypto dev test passed!\n"); #endif +#ifdef WOLFSSL_CERT_PIV + if ( (ret = certpiv_test()) != 0) + return err_sys("cert piv test failed!\n", ret); + else + printf( "cert piv test passed!\n"); +#endif + #ifdef WOLFSSL_ASYNC_CRYPT wolfAsync_DevClose(&devId); #endif @@ -18287,6 +18297,158 @@ const byte sample_text[] = "swag consectetur et. Irure skateboard banjo, nulla deserunt messenger\n" "bag dolor terry richardson sapiente.\n"; +const byte sample_text_gz[] = { + 0x1F, 0x8B, 0x08, 0x08, 0xC5, 0x49, 0xB5, 0x5B, 0x00, 0x03, 0x63, 0x69, 0x70, + 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x2E, 0x74, 0x78, 0x74, 0x00, 0x8D, + 0x58, 0xCB, 0x92, 0xE4, 0xB6, 0x11, 0xBC, 0xE3, 0x2B, 0xEA, 0xA6, 0x83, 0xD9, + 0x1D, 0x72, 0xF8, 0x22, 0x1F, 0xB5, 0x96, 0xA5, 0xDD, 0x90, 0xBC, 0xAB, 0xD0, + 0x28, 0x36, 0x42, 0x47, 0x90, 0x2C, 0x36, 0xA1, 0x06, 0x09, 0x0A, 0x8F, 0xEE, + 0xE1, 0xDF, 0x3B, 0x0B, 0xE0, 0x73, 0x2C, 0x4B, 0xBA, 0xCD, 0xCE, 0x80, 0x78, + 0x64, 0x65, 0x65, 0x66, 0xED, 0x3B, 0xE3, 0x5A, 0xC3, 0x81, 0x2D, 0x35, 0x69, + 0x32, 0xAD, 0x8E, 0x3A, 0xD2, 0xA0, 0x7D, 0xA7, 0x2B, 0x6A, 0xAC, 0x69, 0x7A, + 0x26, 0x9D, 0x22, 0xD3, 0x94, 0x22, 0x69, 0xAA, 0x8D, 0x6F, 0xC9, 0x8D, 0x64, + 0x22, 0x99, 0xB1, 0x31, 0xAD, 0x69, 0xD3, 0x18, 0x89, 0xAD, 0x89, 0x6A, 0x72, + 0x56, 0x7B, 0x67, 0xDA, 0x2B, 0xBD, 0xC8, 0xEF, 0xB0, 0x4D, 0x74, 0x8E, 0x5B, + 0xAA, 0x39, 0x4C, 0xEE, 0xCE, 0xE4, 0x79, 0xF2, 0xDC, 0xF3, 0xD8, 0xB2, 0x37, + 0x11, 0x8B, 0x8C, 0x2C, 0x7A, 0x32, 0x93, 0xF3, 0x37, 0x3D, 0x9A, 0x86, 0x4C, + 0xAB, 0xF2, 0xB9, 0x57, 0xFA, 0x97, 0x1B, 0x06, 0xD7, 0x3A, 0x7A, 0xF0, 0x68, + 0xF4, 0x40, 0xBA, 0x25, 0x0E, 0x81, 0xE9, 0xA6, 0x43, 0xF4, 0x6E, 0x4A, 0xF5, + 0x95, 0xFE, 0x41, 0x4F, 0x67, 0x3B, 0x1A, 0x1C, 0xEE, 0x12, 0xB4, 0x8F, 0xCE, + 0x1B, 0x6D, 0xB1, 0xDE, 0xBB, 0x4A, 0x4D, 0x56, 0x9B, 0x96, 0x5A, 0xB6, 0xDC, + 0xC4, 0x14, 0x70, 0xE5, 0xF5, 0x7D, 0xE1, 0xB7, 0x84, 0x3F, 0xFC, 0xED, 0xEF, + 0xF4, 0x30, 0x0D, 0x5F, 0xE9, 0x47, 0x17, 0xE2, 0xC5, 0x78, 0x27, 0x67, 0xDF, + 0xB9, 0xEB, 0xCC, 0xCC, 0x3D, 0x59, 0xBE, 0xDD, 0xCC, 0x78, 0x0B, 0x0A, 0x1F, + 0x74, 0xF8, 0x8C, 0x1A, 0xAF, 0x67, 0xEA, 0xF4, 0x44, 0xBD, 0x93, 0x7D, 0x2A, + 0xEA, 0x9C, 0xD7, 0x37, 0x80, 0x32, 0x9A, 0x01, 0x37, 0xD5, 0xDE, 0xCA, 0xA2, + 0x0D, 0xB9, 0xD0, 0x3B, 0xCF, 0xAD, 0x89, 0x4D, 0x5F, 0xD1, 0xE7, 0xF7, 0x2F, + 0x2A, 0x0C, 0xDA, 0x5A, 0xAA, 0x35, 0x7E, 0x41, 0xC3, 0xB2, 0x37, 0xDD, 0xDD, + 0xCD, 0x50, 0xEB, 0x2C, 0x96, 0x62, 0x3B, 0xD7, 0x52, 0xF4, 0xA9, 0xB9, 0x6F, + 0x48, 0xED, 0xEF, 0x54, 0xEA, 0x67, 0xF6, 0x7E, 0x26, 0x8F, 0x3A, 0x68, 0xDF, + 0x06, 0xBC, 0x56, 0xB7, 0x66, 0x32, 0xC1, 0x34, 0xD8, 0x88, 0x34, 0x1E, 0x88, + 0xED, 0x67, 0x8A, 0xF3, 0xC4, 0x4F, 0xC0, 0xCA, 0x9E, 0x62, 0x1A, 0x6A, 0xEB, + 0xAB, 0x02, 0xED, 0xB3, 0xD7, 0x91, 0x81, 0x8A, 0xEA, 0x5C, 0xF2, 0x64, 0xDD, + 0xDD, 0xD1, 0xEC, 0x12, 0x4D, 0xDE, 0xD5, 0xBA, 0xC6, 0x77, 0xBD, 0x06, 0xC4, + 0x5F, 0x44, 0xEA, 0x59, 0x4B, 0x5D, 0x3B, 0x8A, 0x3D, 0x0F, 0xD4, 0x9B, 0x1B, + 0x80, 0x30, 0x1D, 0x30, 0xFA, 0x8F, 0x00, 0x3F, 0xDE, 0xB0, 0x6F, 0xAD, 0x6F, + 0x6A, 0xDD, 0x6E, 0x2F, 0x6E, 0xCB, 0x3C, 0xD1, 0x83, 0x06, 0x7B, 0x0F, 0xFD, + 0xFD, 0x4A, 0xEF, 0xBC, 0x73, 0x77, 0x3B, 0x8F, 0x34, 0xA1, 0xBA, 0xEC, 0x39, + 0x80, 0x33, 0x21, 0xA4, 0x01, 0x55, 0xD7, 0xD4, 0xF4, 0xC6, 0xDA, 0x27, 0x4E, + 0x54, 0x1C, 0x2B, 0xEC, 0x37, 0xDE, 0xC3, 0x4C, 0xC9, 0x5A, 0x3D, 0x34, 0x0E, + 0xD8, 0x1C, 0x0E, 0xA2, 0x34, 0xE8, 0xC1, 0xD0, 0xA4, 0x51, 0xD5, 0x88, 0x8B, + 0xB7, 0xC6, 0xA3, 0x96, 0x40, 0x49, 0xB7, 0xBC, 0xE0, 0x7F, 0x55, 0x3F, 0xEF, + 0x6F, 0x6E, 0x92, 0x9D, 0x34, 0xFE, 0x3C, 0x5F, 0x04, 0xA5, 0x6A, 0xFF, 0x30, + 0x08, 0xC9, 0xEA, 0xF5, 0x52, 0x2B, 0xFE, 0x57, 0xFA, 0x8E, 0xC7, 0xE8, 0x4D, + 0x37, 0xAB, 0x03, 0xFA, 0x23, 0xBF, 0x46, 0x94, 0xFF, 0xC1, 0x16, 0xE0, 0xB9, + 0x14, 0x2C, 0x9E, 0x27, 0xEC, 0x98, 0x69, 0x14, 0x92, 0xF1, 0x60, 0x5C, 0x34, + 0x4D, 0xA0, 0x1F, 0xDF, 0xFD, 0x44, 0x1C, 0x7B, 0xD3, 0x80, 0x70, 0x42, 0x02, + 0x30, 0x84, 0x5B, 0xE5, 0x59, 0xB7, 0xF3, 0x80, 0xFB, 0x01, 0x33, 0xA9, 0x00, + 0x37, 0x52, 0xDC, 0xDA, 0xA7, 0x11, 0x85, 0xB7, 0x6E, 0x70, 0xE4, 0xDA, 0x96, + 0xBA, 0x84, 0x5B, 0x81, 0x43, 0x93, 0xF3, 0xD1, 0xEA, 0xB1, 0xDD, 0xB8, 0x1F, + 0xA5, 0xCC, 0xEA, 0x50, 0x66, 0x69, 0xA9, 0x8D, 0x8C, 0xA7, 0xA2, 0xF3, 0x38, + 0x26, 0x43, 0x5E, 0x3F, 0x01, 0xBE, 0x1C, 0x0F, 0x20, 0x7F, 0x75, 0xA8, 0x20, + 0x80, 0xC4, 0xC3, 0x5C, 0x8B, 0x0D, 0xD4, 0x60, 0x5E, 0xA3, 0x9E, 0xD0, 0xB4, + 0x4B, 0x4F, 0xE6, 0x13, 0x85, 0x60, 0x42, 0x96, 0xED, 0xAA, 0xDB, 0xE9, 0x99, + 0xE3, 0x07, 0x0E, 0x61, 0xB3, 0x07, 0xE3, 0xB1, 0xFA, 0xC0, 0x9B, 0xAD, 0xF6, + 0xE0, 0x26, 0x33, 0xEA, 0xEA, 0x23, 0xCD, 0x1E, 0x9D, 0xE1, 0x87, 0x4B, 0x74, + 0x97, 0x08, 0x3E, 0xA1, 0x28, 0xEA, 0xB3, 0x19, 0x67, 0x8B, 0x76, 0x9A, 0xA3, + 0xF6, 0xB9, 0xCF, 0x80, 0x65, 0x97, 0xAE, 0xF4, 0x83, 0x6B, 0xF4, 0x43, 0x20, + 0xF9, 0x0B, 0xFC, 0x9B, 0xD2, 0x4D, 0x4D, 0xA6, 0xB9, 0xA3, 0x02, 0x55, 0x79, + 0x18, 0x36, 0x19, 0x5F, 0xC9, 0xEA, 0x5A, 0x76, 0x40, 0xB9, 0xBA, 0x0E, 0x9A, + 0x44, 0xDF, 0x7C, 0xF8, 0x65, 0x61, 0x5E, 0x81, 0xAB, 0x71, 0xA1, 0x9E, 0x29, + 0x3C, 0x59, 0xCB, 0x23, 0xA4, 0xF6, 0x60, 0x1A, 0x0D, 0x5B, 0x39, 0xAE, 0xF4, + 0x6F, 0x59, 0x16, 0x9E, 0x60, 0xD8, 0x56, 0xCF, 0xEA, 0x2C, 0x4C, 0x79, 0xD3, + 0x5D, 0x51, 0x46, 0xA0, 0x4E, 0xE9, 0xD6, 0xAB, 0x91, 0x43, 0x63, 0x44, 0xD7, + 0x70, 0xB9, 0x23, 0x98, 0x4F, 0x3D, 0x03, 0x02, 0xF6, 0x81, 0x56, 0xC1, 0x58, + 0x85, 0x07, 0xA7, 0x2D, 0x2C, 0x29, 0xCA, 0x01, 0x45, 0x31, 0x51, 0x8F, 0xD4, + 0x19, 0xA1, 0x79, 0x88, 0x5A, 0xA4, 0xF5, 0xAE, 0x2D, 0x4B, 0x63, 0x4C, 0x58, + 0xFE, 0xBF, 0xAD, 0xEE, 0xA3, 0x09, 0xF8, 0xE2, 0x89, 0xBE, 0x81, 0x0E, 0x86, + 0x3A, 0xF9, 0x5B, 0xA5, 0xD8, 0xA4, 0x00, 0x75, 0x04, 0xF2, 0x23, 0xB8, 0x39, + 0x69, 0x50, 0xB7, 0xD0, 0x34, 0x63, 0x54, 0xD8, 0x61, 0xDD, 0xA5, 0x33, 0x47, + 0x85, 0x96, 0x22, 0xD0, 0x2F, 0x9F, 0x7E, 0xF8, 0x74, 0x24, 0xEA, 0x57, 0x97, + 0x5A, 0xE0, 0x00, 0xCF, 0xC1, 0x67, 0xE1, 0x41, 0xBD, 0x94, 0xA1, 0x03, 0xD3, + 0xB4, 0x08, 0x64, 0xF2, 0x17, 0x27, 0x35, 0x37, 0x53, 0xEF, 0x46, 0xCE, 0xD8, + 0xD4, 0x09, 0x52, 0xC6, 0x1E, 0xF7, 0x28, 0xDF, 0x08, 0x0F, 0xD0, 0x6F, 0x71, + 0xA6, 0xDF, 0xE4, 0x60, 0x8E, 0xC0, 0x1E, 0x78, 0x86, 0x50, 0xB0, 0x9B, 0x84, + 0x7E, 0xE8, 0x36, 0xFA, 0x95, 0xF1, 0x12, 0x51, 0xC7, 0x18, 0x96, 0xA2, 0x29, + 0xBB, 0x70, 0x02, 0xB4, 0xF9, 0xA8, 0x3D, 0x08, 0x66, 0xA9, 0xB3, 0xFC, 0x0A, + 0x94, 0x80, 0xFD, 0x78, 0xDC, 0xAB, 0x82, 0x5A, 0xD2, 0xCD, 0xC2, 0x87, 0xC6, + 0x4B, 0x07, 0xFA, 0xD1, 0xC3, 0xD9, 0x34, 0x41, 0x85, 0xF8, 0xD0, 0xB6, 0x0A, + 0x9D, 0x00, 0x91, 0x35, 0x05, 0x88, 0xC3, 0xE3, 0x9B, 0x22, 0xD2, 0xB8, 0xFD, + 0x95, 0x3E, 0x6D, 0x5D, 0x48, 0xA3, 0x68, 0xCF, 0x02, 0x42, 0x79, 0x79, 0x8A, + 0xAA, 0x01, 0xD6, 0x09, 0x14, 0x2C, 0xF4, 0x83, 0xA3, 0x80, 0x31, 0x55, 0x46, + 0x6E, 0xC5, 0xE5, 0x2F, 0x30, 0x58, 0x81, 0xA2, 0x90, 0xBE, 0x2E, 0xA1, 0xC3, + 0x0F, 0xA6, 0xF5, 0x51, 0x00, 0x39, 0xB6, 0xF2, 0x2A, 0xA3, 0x15, 0x7D, 0x8D, + 0xF5, 0x66, 0x5C, 0xD9, 0xFC, 0xCF, 0x2F, 0xBF, 0x08, 0x27, 0xE7, 0xD0, 0x03, + 0xB8, 0xD9, 0x00, 0x13, 0x3D, 0x01, 0x6B, 0xB6, 0xA8, 0xCD, 0x5B, 0x3B, 0x3E, + 0x93, 0xBF, 0xE6, 0x2E, 0xB7, 0x4A, 0xCF, 0xB3, 0x0A, 0xCE, 0x62, 0x11, 0xD6, + 0x1F, 0x68, 0x9B, 0x1D, 0x68, 0xD1, 0x8C, 0x97, 0xBD, 0xA1, 0x07, 0x67, 0x73, + 0x87, 0xE0, 0x36, 0xDA, 0x8C, 0xD2, 0xD2, 0xBB, 0x84, 0x28, 0xA9, 0xFE, 0x52, + 0x74, 0xD6, 0xB9, 0x0F, 0x0A, 0x6A, 0x2D, 0x28, 0x35, 0x34, 0x3A, 0xD3, 0xE2, + 0xCD, 0x35, 0x06, 0x7D, 0x1B, 0x35, 0x85, 0x86, 0xD1, 0x3E, 0xF2, 0x6F, 0xA1, + 0xC4, 0x55, 0xBD, 0x00, 0xD8, 0xC3, 0x5D, 0xC2, 0x1D, 0x6B, 0x6B, 0x27, 0x5B, + 0x95, 0xF3, 0xAB, 0xB5, 0xD3, 0x37, 0xF2, 0x2C, 0x9C, 0xC7, 0x5D, 0xBD, 0xF1, + 0x68, 0x1C, 0xAD, 0xF8, 0xB5, 0xE1, 0x29, 0x72, 0x7A, 0x73, 0x62, 0x55, 0x24, + 0xB9, 0x85, 0xDF, 0x7B, 0x29, 0x7D, 0xDE, 0x08, 0xF5, 0xE4, 0x44, 0xDA, 0x1A, + 0x30, 0x74, 0xDA, 0xB4, 0x9B, 0x23, 0x9A, 0x3A, 0xC1, 0x53, 0xB2, 0xA2, 0xA3, + 0x7B, 0x1F, 0xD9, 0x56, 0xD4, 0x4F, 0x9B, 0xB2, 0x1E, 0xEE, 0xB8, 0x6A, 0x4E, + 0xB5, 0xF4, 0x5A, 0xC9, 0x18, 0x27, 0x9C, 0xDE, 0x14, 0x44, 0xED, 0xC4, 0x3C, + 0x71, 0x9F, 0x5F, 0xD9, 0x37, 0xA0, 0x78, 0x34, 0x6E, 0xBC, 0xD2, 0x7B, 0x1D, + 0xFA, 0x08, 0x39, 0x5A, 0x04, 0x73, 0x15, 0xD9, 0x0A, 0x48, 0xC1, 0x2D, 0x15, + 0x4E, 0x84, 0x30, 0x45, 0x69, 0xB3, 0xE5, 0xF6, 0xAD, 0x09, 0x1E, 0xCC, 0x5F, + 0x1F, 0x06, 0xD5, 0x58, 0xAD, 0x78, 0xD7, 0x9F, 0xE5, 0xED, 0x3B, 0x09, 0xD5, + 0xA6, 0x52, 0x6F, 0x92, 0xD3, 0x3C, 0xC6, 0x1E, 0xF2, 0x93, 0x7C, 0xD3, 0x5F, + 0x70, 0x85, 0x5D, 0xF8, 0xAA, 0x9D, 0xB7, 0x7B, 0x24, 0x5A, 0xE9, 0x0A, 0x35, + 0x2F, 0xF5, 0xD9, 0x82, 0x02, 0x8A, 0x90, 0x13, 0x5B, 0xB5, 0x67, 0x9C, 0xDD, + 0xA0, 0x4E, 0x82, 0x27, 0xDA, 0x7E, 0xE8, 0x8E, 0xCD, 0xE1, 0x56, 0x71, 0x2C, + 0xE6, 0x4E, 0x1F, 0x91, 0xCD, 0x7C, 0x6A, 0xB7, 0x78, 0xD0, 0x26, 0xF3, 0x56, + 0xA9, 0xD5, 0xA1, 0xC3, 0x3B, 0x98, 0xE9, 0x28, 0x09, 0xEF, 0x50, 0x90, 0xCD, + 0xC4, 0x8E, 0x75, 0xCC, 0xAC, 0x2D, 0xC9, 0x03, 0x6D, 0xAC, 0xFE, 0xC4, 0x88, + 0x36, 0xD1, 0x3F, 0xBB, 0x1C, 0x7D, 0xB3, 0x14, 0x61, 0x2C, 0xB7, 0x54, 0x4B, + 0xDB, 0x64, 0xB6, 0x57, 0x14, 0x16, 0x8E, 0x1E, 0x6C, 0x64, 0xBB, 0x8B, 0x48, + 0x5D, 0x96, 0x9D, 0xDC, 0x80, 0xA7, 0xF7, 0x54, 0xC7, 0x46, 0x38, 0x3E, 0x44, + 0xDE, 0x7E, 0x92, 0x8D, 0x07, 0xF6, 0x07, 0x37, 0x4E, 0x16, 0x10, 0xB4, 0x7D, + 0x88, 0x66, 0x7F, 0xBB, 0xFF, 0xEA, 0x00, 0xF3, 0xFF, 0x97, 0x2C, 0xB5, 0xBE, + 0x35, 0x4B, 0x5C, 0x36, 0xEC, 0x4C, 0xBD, 0x2B, 0x7D, 0xBF, 0x46, 0xE2, 0x9C, + 0x0E, 0x8A, 0xA3, 0xEC, 0xB1, 0x0E, 0x9A, 0xDA, 0x9A, 0x9B, 0x28, 0x92, 0x10, + 0x53, 0x57, 0xEA, 0xEC, 0xA2, 0x32, 0x32, 0x20, 0x1D, 0x97, 0x5C, 0xB6, 0x84, + 0xA9, 0x93, 0x8D, 0x95, 0x11, 0xA3, 0x24, 0xA3, 0x2D, 0xC6, 0x4A, 0xEF, 0xAA, + 0x1D, 0x85, 0x2B, 0x7D, 0x28, 0xBE, 0x53, 0xCE, 0x10, 0x1F, 0xAE, 0x0E, 0x41, + 0x6C, 0x4B, 0x79, 0x12, 0xFB, 0xF7, 0x54, 0xA3, 0x96, 0x54, 0x83, 0x20, 0x96, + 0x8F, 0x28, 0xA9, 0x3F, 0x8B, 0x3D, 0xBA, 0x77, 0xDC, 0x24, 0xE1, 0xD4, 0x49, + 0x40, 0xD8, 0x78, 0x31, 0x85, 0x43, 0xF6, 0xFE, 0x5C, 0xA6, 0x8F, 0x90, 0x09, + 0xB0, 0xE7, 0xC4, 0x95, 0xB2, 0x55, 0x49, 0x97, 0x8F, 0x1C, 0x78, 0x30, 0x20, + 0xA0, 0xB4, 0xEF, 0x73, 0x56, 0x59, 0x82, 0xFD, 0xCE, 0xBA, 0x6A, 0x8F, 0x2C, + 0x8B, 0x15, 0xFD, 0xA1, 0x85, 0xA8, 0x5C, 0x0F, 0x11, 0xA5, 0x9D, 0xC2, 0x46, + 0xC6, 0x9C, 0xC9, 0x40, 0x0B, 0x58, 0x6A, 0x1C, 0x7A, 0x23, 0xF9, 0xE0, 0x95, + 0x05, 0x13, 0x58, 0x72, 0xE8, 0x9F, 0x30, 0xAC, 0xCD, 0x26, 0xD4, 0x66, 0x13, + 0xDF, 0x1E, 0x7B, 0x4F, 0x9C, 0xBE, 0x38, 0x79, 0x75, 0x92, 0xA4, 0xDA, 0x26, + 0x44, 0x55, 0x17, 0xA3, 0xE5, 0x62, 0xDA, 0xEB, 0x86, 0xEA, 0x68, 0xC7, 0xAB, + 0xFD, 0x2D, 0x43, 0x59, 0x51, 0xC0, 0x75, 0x64, 0x91, 0x01, 0x29, 0x33, 0x28, + 0xF3, 0x04, 0x83, 0x80, 0x75, 0x37, 0x75, 0x0C, 0x03, 0x7B, 0x0A, 0xAB, 0x8E, + 0x60, 0x62, 0x8B, 0x4C, 0xAF, 0x2D, 0xA3, 0x2F, 0xFE, 0xAB, 0x45, 0xCF, 0xDA, + 0xAB, 0xFA, 0xFA, 0x30, 0x3D, 0xE8, 0xA1, 0x96, 0xA5, 0x7B, 0xE2, 0x2A, 0xD0, + 0xAF, 0x59, 0xF7, 0xD0, 0x32, 0x57, 0x19, 0xBD, 0xCA, 0x9F, 0xD5, 0x1A, 0xC7, + 0xAA, 0x65, 0x4A, 0x38, 0xB2, 0x70, 0x33, 0xB7, 0x75, 0xD2, 0xCD, 0xD1, 0xF0, + 0xA8, 0x87, 0x59, 0x20, 0xA5, 0x57, 0x55, 0xB1, 0xB2, 0xC9, 0x4D, 0x97, 0x34, + 0x41, 0xF3, 0xF0, 0x30, 0xA1, 0x2C, 0x1C, 0x49, 0x3E, 0x89, 0x7D, 0x12, 0xE2, + 0xC3, 0x04, 0xC3, 0x92, 0xC0, 0xF6, 0x39, 0x10, 0x80, 0x81, 0x8F, 0x08, 0xB4, + 0xF8, 0xB9, 0x13, 0x4E, 0x2C, 0xAE, 0xB3, 0x71, 0x82, 0x63, 0x98, 0xAB, 0x5C, + 0x1C, 0x10, 0xEA, 0x66, 0xF9, 0x02, 0x3A, 0x82, 0x61, 0xD0, 0xD4, 0xAE, 0x43, + 0xD4, 0x01, 0x3E, 0x9D, 0x04, 0x14, 0xF6, 0x60, 0xD8, 0xA7, 0xD6, 0xB8, 0x53, + 0xC8, 0xDA, 0x80, 0x93, 0xA0, 0x02, 0xDD, 0xCC, 0xE2, 0xF2, 0xBB, 0xFB, 0xE0, + 0x27, 0xD7, 0x34, 0x9A, 0x71, 0x49, 0xB5, 0x4F, 0x42, 0x1F, 0xB2, 0x9D, 0x6D, + 0xAA, 0x9D, 0xD3, 0x50, 0xB5, 0x8F, 0x6A, 0x4B, 0xDF, 0x1F, 0xD5, 0x27, 0x8F, + 0x3B, 0x27, 0xCF, 0x2F, 0x8C, 0xF8, 0x9D, 0x4C, 0x52, 0xBC, 0x32, 0x0F, 0x73, + 0xD5, 0x51, 0x8E, 0x36, 0x7E, 0xAD, 0x09, 0xF0, 0x94, 0x83, 0x5F, 0x36, 0xFD, + 0x7C, 0x03, 0xED, 0xF1, 0x5E, 0x4B, 0xF7, 0xAA, 0x55, 0x5C, 0x4A, 0x14, 0x59, + 0x85, 0x38, 0x2D, 0x8C, 0xDF, 0xEC, 0x65, 0x1B, 0xB8, 0x76, 0x57, 0x96, 0x3C, + 0x86, 0xED, 0xF2, 0x7F, 0x2D, 0x28, 0x48, 0xDA, 0x49, 0x7F, 0xF7, 0x54, 0x2B, + 0xD5, 0x39, 0xD5, 0x57, 0x0A, 0x75, 0x7A, 0x3E, 0x5E, 0x5D, 0xBA, 0x4A, 0x15, + 0xFA, 0xB8, 0x31, 0x80, 0x71, 0x2C, 0xCA, 0xC4, 0x51, 0x10, 0x16, 0x5D, 0x39, + 0xEC, 0x9D, 0x07, 0xB6, 0x6A, 0x89, 0x9F, 0x9B, 0x5B, 0x6F, 0x03, 0xB0, 0x92, + 0x01, 0x38, 0x6B, 0x48, 0x99, 0x0A, 0x8F, 0x13, 0xC1, 0xA6, 0x01, 0xEA, 0xBF, + 0x6F, 0x86, 0x43, 0x51, 0xB6, 0x11, 0x00, 0x00 +}; int compress_test(void) { @@ -18315,11 +18477,46 @@ int compress_test(void) ERROR_OUT(-9202, exit); } - if (XMEMCMP(d, sample_text, dSz)) { + if (XMEMCMP(d, sample_text, dSz) != 0) { ERROR_OUT(-9203, exit); } ret = 0; + /* GZIP tests */ + cSz = (dSz + (word32)(dSz * 0.001) + 12); /* reset cSz */ + XMEMSET(c, 0, cSz); + XMEMSET(d, 0, dSz); + + ret = wc_Compress_ex(c, cSz, sample_text, dSz, 0, LIBZ_WINBITS_GZIP); + if (ret < 0) { + ERROR_OUT(-9204, exit); + } + cSz = (word32)ret; + + ret = wc_DeCompress_ex(d, dSz, c, cSz, LIBZ_WINBITS_GZIP); + if (ret < 0) { + ERROR_OUT(-9206, exit); + } + + if (XMEMCMP(d, sample_text, dSz) != 0) { + ERROR_OUT(-9207, exit); + } + + /* Try with gzip generated output */ + XMEMSET(d, 0, dSz); + ret = wc_DeCompress_ex(d, dSz, sample_text_gz, sizeof(sample_text_gz), + LIBZ_WINBITS_GZIP); + if (ret < 0) { + ERROR_OUT(-9208, exit); + } + dSz = (word32)ret; + + if (XMEMCMP(d, sample_text, dSz) != 0) { + ERROR_OUT(-9209, exit); + } + + ret = 0; /* success */ + exit: if (c) XFREE(c, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (d) XFREE(d, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -20318,6 +20515,43 @@ int cryptodev_test(void) } #endif /* WOLF_CRYPTO_DEV */ +#ifdef WOLFSSL_CERT_PIV +int certpiv_test(void) +{ + int ret; + wc_CertPIV piv; + + /* Template for Identiv PIV cert, nonce and signature */ + const byte pivCertIdentiv[] = { + 0x0A, 0x0D, + 0x53, 0x04, /* NIST PIV Cert */ + 0x70, 0x02, /* Certificate */ + 0x30, 0x00, + 0x71, 0x01, 0x00, /* Cert Info */ + 0xFE, 0x00, /* Error Detection */ + 0x0B, 0x01, 0x00, /* Nonce */ + 0x0C, 0x01, 0x00, /* Signed Nonce */ + }; + + const byte pivCert[] = { + 0x53, 0x04, /* NIST PIV Cert */ + 0x70, 0x02, /* Certificate */ + 0x30, 0x00, + 0x71, 0x01, 0x00, /* Cert Info */ + 0xFE, 0x00, /* Error Detection */ + }; + + /* Test with identiv 0x0A, 0x0B and 0x0C markers */ + ret = wc_ParseCertPIV(&piv, pivCertIdentiv, sizeof(pivCertIdentiv)); + if (ret == 0) { + /* Test with NIST PIV format */ + ret = wc_ParseCertPIV(&piv, pivCert, sizeof(pivCert)); + } + + return ret; +} +#endif /* WOLFSSL_CERT_PIV */ + #undef ERROR_OUT diff --git a/wolfssl/error-ssl.h b/wolfssl/error-ssl.h index 939fba8a3..04c4a8552 100644 --- a/wolfssl/error-ssl.h +++ b/wolfssl/error-ssl.h @@ -66,9 +66,6 @@ enum wolfSSL_ErrorCodes { CLIENT_ID_ERROR = -331, /* psk client identity error */ SERVER_HINT_ERROR = -332, /* psk server hint error */ PSK_KEY_ERROR = -333, /* psk key error */ - ZLIB_INIT_ERROR = -334, /* zlib init error */ - ZLIB_COMPRESS_ERROR = -335, /* zlib compression error */ - ZLIB_DECOMPRESS_ERROR = -336, /* zlib decompression error */ GETTIME_ERROR = -337, /* gettimeofday failed ??? */ GETITIMER_ERROR = -338, /* getitimer failed ??? */ diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 1c7d1b245..31ff20069 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -58,6 +58,9 @@ #include #include /* public interface */ +#if defined(NO_SHA) && defined(NO_SHA256) + #define WC_SHA256_DIGEST_SIZE 32 +#endif #ifdef __cplusplus extern "C" { @@ -85,6 +88,7 @@ enum ASN_Tags { ASN_UTF8STRING = 0x0c, ASN_SEQUENCE = 0x10, ASN_SET = 0x11, + ASN_PRINTABLE_STRING = 0x13, ASN_UTC_TIME = 0x17, ASN_OTHER_TYPE = 0x00, ASN_RFC822_TYPE = 0x01, @@ -99,6 +103,7 @@ enum ASN_Tags { /* ASN_Flags - Bitmask */ ASN_CONSTRUCTED = 0x20, + ASN_APPLICATION = 0x40, ASN_CONTEXT_SPECIFIC = 0x80, }; @@ -137,7 +142,7 @@ enum DN_Tags { #define WOLFSSL_BUS_CAT "/businessCategory=" #define WOLFSSL_JOI_C "/jurisdictionC=" #define WOLFSSL_JOI_ST "/jurisdictionST=" -#define WOLFSSL_EMAIL_ADDR "/emailAddress=" +#define WOLFSSL_EMAIL_ADDR "/emailAddress=" /* NIDs */ enum @@ -186,6 +191,24 @@ enum ECC_TYPES ECC_PREFIX_1 = 161 }; +#ifdef WOLFSSL_CERT_PIV + enum PIV_Tags { + ASN_PIV_CERT = 0x0A, + ASN_PIV_NONCE = 0x0B, + ASN_PIV_SIGNED_NONCE = 0x0C, + + ASN_PIV_TAG_CERT = 0x70, + ASN_PIV_TAG_CERT_INFO = 0x71, + ASN_PIV_TAG_MSCUID = 0x72, + ASN_PIV_TAG_ERR_DET = 0xFE, + + /* certificate info masks */ + ASN_PIV_CERT_INFO_COMPRESSED = 0x03, + ASN_PIV_CERT_INFO_ISX509 = 0x04, + }; +#endif /* WOLFSSL_CERT_PIV */ + + #define ASN_JOI_PREFIX "\x2b\x06\x01\x04\x01\x82\x37\x3c\x02\x01" #define ASN_JOI_C 0x3 #define ASN_JOI_ST 0x2 @@ -896,11 +919,17 @@ struct TrustedPeerCert { #define WOLFSSL_ASN_API WOLFSSL_LOCAL #endif - -#ifdef NO_SHA - #define CalcHashId(data, len, hash) wc_Sha256Hash(data, len, hash) +/* Macro for calculating hashId */ +#if defined(NO_SHA) && defined(NO_SHA256) + #ifdef WOLF_CRYPTO_DEV + #define CalcHashId(data, len, hash) wc_CryptoDevSha256Hash(data, len, hash) + #else + #define CalcHashId(data, len, hash) NOT_COMPILED_IN + #endif +#elif defined(NO_SHA) + #define CalcHashId(data, len, hash) wc_Sha256Hash(data, len, hash) #else - #define CalcHashId(data, len, hash) wc_ShaHash(data, len, hash) + #define CalcHashId(data, len, hash) wc_ShaHash(data, len, hash) #endif diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index 1ace83395..066336367 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -479,6 +479,28 @@ WOLFSSL_API int wc_GetTime(void* timePtr, word32 timeSize); #endif +#ifdef WOLFSSL_CERT_PIV + +typedef struct _wc_CertPIV { + const byte* cert; + word32 certSz; + const byte* certErrDet; + word32 certErrDetSz; + const byte* nonce; /* Identiv Only */ + word32 nonceSz; /* Identiv Only */ + const byte* signedNonce; /* Identiv Only */ + word32 signedNonceSz; /* Identiv Only */ + + /* flags */ + word16 compression:2; + word16 isX509:1; + word16 isIdentiv:1; +} wc_CertPIV; + +WOLFSSL_API int wc_ParseCertPIV(wc_CertPIV* cert, const byte* buf, word32 totalSz); +#endif /* WOLFSSL_CERT_PIV */ + + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/wolfcrypt/compress.h b/wolfssl/wolfcrypt/compress.h index a35c3b0c9..c7fa243ff 100644 --- a/wolfssl/wolfcrypt/compress.h +++ b/wolfssl/wolfcrypt/compress.h @@ -38,10 +38,15 @@ #define COMPRESS_FIXED 1 +#define LIBZ_WINBITS_GZIP 16 + WOLFSSL_API int wc_Compress(byte*, word32, const byte*, word32, word32); +WOLFSSL_API int wc_Compress_ex(byte* out, word32 outSz, const byte* in, + word32 inSz, word32 flags, word32 windowBits); WOLFSSL_API int wc_DeCompress(byte*, word32, const byte*, word32); - +WOLFSSL_API int wc_DeCompress_ex(byte* out, word32 outSz, const byte* in, + word32 inSz, int windowBits); #ifdef __cplusplus } /* extern "C" */ diff --git a/wolfssl/wolfcrypt/cryptodev.h b/wolfssl/wolfcrypt/cryptodev.h index 1b717e6fa..7f3035fe2 100644 --- a/wolfssl/wolfcrypt/cryptodev.h +++ b/wolfssl/wolfcrypt/cryptodev.h @@ -175,6 +175,8 @@ WOLFSSL_LOCAL int wc_CryptoDev_AesGcmDecrypt(Aes* aes, byte* out, #endif /* !NO_AES && HAVE_AESGCM */ +WOLFSSL_LOCAL int wc_CryptoDev_Sha256Hash(const byte* data, word32 len, byte* hash); + #endif /* WOLF_CRYPTO_DEV */ #ifdef __cplusplus diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h index b55df1231..1efc4259b 100644 --- a/wolfssl/wolfcrypt/error-crypt.h +++ b/wolfssl/wolfcrypt/error-crypt.h @@ -216,7 +216,11 @@ enum { WC_AFALG_SOCK_E = -264, /* AF_ALG socket error */ WC_DEVCRYPTO_E = -265, /* /dev/crypto error */ - WC_LAST_E = -265, /* Update this to indicate last error */ + ZLIB_INIT_ERROR = -266, /* zlib init error */ + ZLIB_COMPRESS_ERROR = -267, /* zlib compression error */ + ZLIB_DECOMPRESS_ERROR = -268, /* zlib decompression error */ + + WC_LAST_E = -268, /* Update this to indicate last error */ MIN_CODE_E = -300 /* errors -101 - -299 */ /* add new companion error id strings for any new error codes