From c194fb3bebf022bf3666a4e32cc7321172c9caee Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sat, 22 Aug 2020 00:32:32 -0500 Subject: [PATCH] lkm: add autodetection of kernel stack frame size; reactivate objtool scrutiny since _asm files are indeed not yet kernel-compatible; delete linuxkm/lkm_testcrypto.c and use wolfcrypt/test/test.c. --- linuxkm/Kbuild | 14 +- linuxkm/Makefile | 13 +- linuxkm/lkm_testcrypto.c | 29439 --------------------------------- wolfssl/wolfcrypt/settings.h | 1 + 4 files changed, 21 insertions(+), 29446 deletions(-) delete mode 100644 linuxkm/lkm_testcrypto.c diff --git a/linuxkm/Kbuild b/linuxkm/Kbuild index 6e46fc459..b7b37845c 100644 --- a/linuxkm/Kbuild +++ b/linuxkm/Kbuild @@ -1,3 +1,5 @@ +SHELL=/bin/bash + # libwolfssl Kbuild # wolfcrypto asm provokes many objtool complaints: @@ -6,7 +8,7 @@ # "indirect jump found in RETPOLINE build", # and "is missing an ELF size annotation" # see /usr/src/linux/tools/objtool/Documentation/stack-validation.txt -OBJECT_FILES_NON_STANDARD := y +#OBJECT_FILES_NON_STANDARD := y obj-m := libwolfssl.o @@ -18,9 +20,17 @@ ifeq "$(WOLFSSL_CFLAGS)" "" $(error $$WOLFSSL_CFLAGS is unset.) endif +hostprogs := linuxkm/get_thread_size +always-y := $(hostprogs) +HOST_EXTRACFLAGS += $(NOSTDINC_FLAGS) $(LINUXINCLUDE) $(KBUILD_CFLAGS) -static +$(patsubst %, $(obj)/%, $(WOLFSSL_OBJ_FILES)): $(obj)/linuxkm/get_thread_size +KERNEL_THREAD_STACK_SIZE=$(shell $(obj)/linuxkm/get_thread_size) +MAX_STACK_FRAME_SIZE=$(shell echo $$(( $(KERNEL_THREAD_STACK_SIZE) / 4))) + libwolfssl-y := $(WOLFSSL_OBJ_FILES) -ccflags-y := $(WOLFSSL_CFLAGS) +ccflags-y = $(WOLFSSL_CFLAGS) -Wframe-larger-than=$(MAX_STACK_FRAME_SIZE) -mpreferred-stack-boundary=4 + %/libwolfssl.mod.o: ccflags-y := %/lkm_testcrypto.o: ccflags-y += -DNO_MAIN_DRIVER diff --git a/linuxkm/Makefile b/linuxkm/Makefile index acd46dd6f..939e85d17 100644 --- a/linuxkm/Makefile +++ b/linuxkm/Makefile @@ -22,13 +22,17 @@ ifeq "$(src_libwolfssl_la_OBJECTS)" "" $(error $$src_libwolfssl_la_OBJECTS is unset.) endif -WOLFSSL_CFLAGS=-DHAVE_CONFIG_H -I$(SRC_TOP) -DBUILDING_WOLFSSL $(AM_CFLAGS) $(CFLAGS) -Wframe-larger-than=5000 -mpreferred-stack-boundary=4 +WOLFSSL_CFLAGS=-DHAVE_CONFIG_H -I$(SRC_TOP) -DBUILDING_WOLFSSL $(AM_CFLAGS) $(CFLAGS) +ifeq "$(KARCH)" "x86" +WOLFSSL_CFLAGS+=-msse -mmmx -msse2 -mavx -mavx2 +endif + WOLFSSL_ASFLAGS=-DHAVE_CONFIG_H -I$(SRC_TOP) -DBUILDING_WOLFSSL $(AM_CCASFLAGS) $(CCASFLAGS) WOLFSSL_OBJ_FILES=linuxkm/module_hooks.o $(patsubst %.lo, %.o, $(patsubst src/src_libwolfssl_la-%, src/%, $(patsubst src/libwolfssl_la-%, src/%, $(patsubst wolfcrypt/src/src_libwolfssl_la-%, wolfcrypt/src/%, $(src_libwolfssl_la_OBJECTS))))) ifeq "$(ENABLED_CRYPT_TESTS)" "yes" -WOLFSSL_OBJ_FILES+=linuxkm/lkm_testcrypto.o +WOLFSSL_OBJ_FILES+=wolfcrypt/test/test.o else WOLFSSL_CFLAGS+=-DNO_CRYPT_TEST endif @@ -36,11 +40,10 @@ endif export WOLFSSL_CFLAGS WOLFSSL_ASFLAGS WOLFSSL_OBJ_FILES libwolfssl.ko: - @mkdir -p linuxkm src wolfcrypt/src + @mkdir -p linuxkm src wolfcrypt/src wolfcrypt/test @if test ! -h $(SRC_TOP)/Kbuild; then ln -s $(MODULE_TOP)/Kbuild $(SRC_TOP)/Kbuild; fi +make -C $(KROOT) M=$(MODULE_TOP) src=$(SRC_TOP) .PHONY: clean - clean: - @cd $(MODULE_TOP) && rm -f libwolfssl.ko Module.symvers built-in.a modules.order libwolfssl.mod libwolfssl.mod.c src/*.o wolfcrypt/src/*.o + +make -C $(KROOT) M=$(MODULE_TOP) src=$(SRC_TOP) clean diff --git a/linuxkm/lkm_testcrypto.c b/linuxkm/lkm_testcrypto.c deleted file mode 100644 index 3ad6a548b..000000000 --- a/linuxkm/lkm_testcrypto.c +++ /dev/null @@ -1,29439 +0,0 @@ -/* test.c - * - * Copyright (C) 2006-2020 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - - -#ifdef HAVE_CONFIG_H - #include -#endif - -#ifndef WOLFSSL_USER_SETTINGS - #include -#endif -#include -#include -#include - -#ifndef NO_CRYPT_TEST - -/* only for stack size check */ -#ifdef HAVE_STACK_SIZE - #include - #define err_sys err_sys_remap /* remap err_sys */ - #include - #undef err_sys -#endif - -#ifdef __GNUC__ -_Pragma("GCC diagnostic ignored \"-Wunused-function\""); -#endif - -#ifdef USE_FLAT_TEST_H - #include "test.h" -#else - #include "wolfcrypt/test/test.h" -#endif - -/* printf mappings */ -#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) - #include - #include - /* see wc_port.h for fio.h and nio.h includes */ -#elif defined(FREESCALE_KSDK_BM) - #include "fsl_debug_console.h" - #undef printf - #define printf PRINTF -#elif defined(WOLFSSL_APACHE_MYNEWT) - #include - #include - #include "sysinit/sysinit.h" - #include "os/os.h" - #ifdef ARCH_sim - #include "mcu/mcu_sim.h" - #endif - #include "os/os_time.h" -#elif defined(WOLFSSL_ESPIDF) - #include - #include -#elif defined(WOLFSSL_ZEPHYR) - #include - - #define printf printk -#elif defined(MICRIUM) - #include - void BSP_Ser_Printf (CPU_CHAR* format, ...); - #undef printf - #define printf BSP_Ser_Printf -#elif defined(WOLFSSL_PB) - #include - int wolfssl_pb_print(const char*, ...); - #undef printf - #define printf wolfssl_pb_print -#elif defined(WOLFSSL_TELIT_M2MB) - #include "wolfssl/wolfcrypt/wc_port.h" /* for m2mb headers */ - #include "m2m_log.h" /* for M2M_LOG_INFO - not standard API */ - /* remap printf */ - #undef printf - #define printf M2M_LOG_INFO - /* OS requires occasional sleep() */ - #ifndef TEST_SLEEP_MS - #define TEST_SLEEP_MS 50 - #endif - #define TEST_SLEEP() m2mb_os_taskSleep(M2MB_OS_MS2TICKS(TEST_SLEEP_MS)) - /* don't use file system for these tests, since ./certs dir isn't loaded */ - #undef NO_FILESYSTEM - #define NO_FILESYSTEM -#elif defined(THREADX) && !defined(WOLFSSL_WICED) && !defined(THREADX_NO_DC_PRINTF) - /* since just testing, use THREADX log printf instead */ - int dc_log_printf(char*, ...); - #undef printf - #define printf dc_log_printf -#else - #ifdef XMALLOC_USER - #include /* we're using malloc / free direct here */ - #endif - #if !defined(STRING_USER) && !defined(WOLFSSL_LINUXKM) - #include - #endif - - #if defined(WOLFSSL_LINUXKM) && !defined(DEBUG_WOLFSSL_VERBOSE) - #undef printf - #define printf(...) ({}) - #endif - - /* enable way for customer to override test/bench printf */ - #ifdef XPRINTF - #undef printf - #define printf XPRINTF - #endif -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#if defined(WC_NO_RNG) - #include -#else - #include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifdef HAVE_ECC - #include -#endif -#ifdef HAVE_CURVE25519 - #include -#endif -#ifdef HAVE_ED25519 - #include -#endif -#ifdef HAVE_CURVE448 - #include -#endif -#ifdef HAVE_ED448 - #include -#endif -#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S) - #include -#endif -#ifdef WOLFSSL_SHA3 - #include -#endif -#ifdef HAVE_LIBZ - #include -#endif -#ifdef HAVE_PKCS7 - #include -#endif -#ifdef HAVE_FIPS - #include -#endif -#ifdef HAVE_SELFTEST - #include -#endif -#ifdef WOLFSSL_ASYNC_CRYPT - #include -#endif -#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) - #include -#endif -#ifdef WOLFSSL_IMX6_CAAM_BLOB - #include -#endif -#ifdef WOLF_CRYPTO_CB - #include - #ifdef HAVE_INTEL_QA_SYNC - #include - #endif - #ifdef HAVE_CAVIUM_OCTEON_SYNC - #include - #endif -#endif - -#ifdef _MSC_VER - /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ - #pragma warning(disable: 4996) -#endif - -#ifdef OPENSSL_EXTRA - #ifndef WOLFCRYPT_ONLY - #include - #endif - #include - #include - #include - #include -#endif - -#if defined(NO_FILESYSTEM) - #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ - !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) - #define USE_CERT_BUFFERS_2048 - #endif - #if !defined(USE_CERT_BUFFERS_256) - #define USE_CERT_BUFFERS_256 - #endif -#endif - -#if defined(WOLFSSL_CERT_GEN) && (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) - #define ENABLE_ECC384_CERT_GEN_TEST -#endif - -#include - -#ifdef HAVE_NTRU - #include "libntruencrypt/ntru_crypto.h" -#endif - -#ifdef WOLFSSL_STATIC_MEMORY - static WOLFSSL_HEAP_HINT* HEAP_HINT; -#else - #define HEAP_HINT NULL -#endif /* WOLFSSL_STATIC_MEMORY */ - -/* these cases do not have intermediate hashing support */ -#if (defined(WOLFSSL_AFALG_XILINX_SHA3) && !defined(WOLFSSL_AFALG_HASH_KEEP)) \ - && !defined(WOLFSSL_XILINX_CRYPT) - #define NO_INTM_HASH_TEST -#endif - -#if defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_MULTI_ATTRIB) -static void initDefaultName(void); -#endif - -/* for async devices */ -static int devId = INVALID_DEVID; - -#ifdef HAVE_WNR - const char* wnrConfigFile = "wnr-example.conf"; -#endif - -typedef struct testVector { - const char* input; - const char* output; - size_t inLen; - size_t outLen; -} testVector; - -static int error_test(void); -static int base64_test(void); -static int base16_test(void); -static int asn_test(void); -static int md2_test(void); -static int md5_test(void); -static int md4_test(void); -static int sha_test(void); -static int sha224_test(void); -static int sha256_test(void); -static int sha512_test(void); -static int sha384_test(void); -static int sha3_test(void); -static int shake256_test(void); -static int hash_test(void); -static int hmac_md5_test(void); -static int hmac_sha_test(void); -static int hmac_sha224_test(void); -static int hmac_sha256_test(void); -static int hmac_sha384_test(void); -static int hmac_sha512_test(void); -static int hmac_sha3_test(void); -static int hkdf_test(void); -static int x963kdf_test(void); -static int arc4_test(void); -static int hc128_test(void); -static int rabbit_test(void); -static int chacha_test(void); -static int chacha20_poly1305_aead_test(void); -static int des_test(void); -static int des3_test(void); -static int aes_test(void); -static int aes192_test(void); -static int aes256_test(void); -static int aesofb_test(void); -static int cmac_test(void); -static int poly1305_test(void); -static int aesgcm_test(void); -static int aesgcm_default_test(void); -static int gmac_test(void); -static int aesccm_test(void); -static int aeskeywrap_test(void); -static int camellia_test(void); -static int rsa_no_pad_test(void); -static int rsa_test(void); -static int dh_test(void); -static int dsa_test(void); -static int srp_test(void); -#ifndef WC_NO_RNG -static int random_test(void); -#endif /* WC_NO_RNG */ -static int pwdbased_test(void); -static int ripemd_test(void); -#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) -static int openssl_test(void); /* test mini api */ - -static int openssl_pkey_test(void); -static int openssl_pkey0_test(void); -static int openssl_pkey1_test(void); -static int openSSL_evpMD_test(void); -static int openssl_evpSig_test(void); -#endif - -static int pbkdf1_test(void); -static int pkcs12_test(void); -static int pbkdf2_test(void); -static int scrypt_test(void); -#ifdef HAVE_ECC - static int ecc_test(void); - #ifdef HAVE_ECC_ENCRYPT - static int ecc_encrypt_test(void); - #endif - #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \ - !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) - /* skip for ATECC508/608A, cannot import private key buffers */ - static int ecc_test_buffers(void); - #endif -#endif -#ifdef HAVE_CURVE25519 - static int curve25519_test(void); -#endif -#ifdef HAVE_ED25519 - static int ed25519_test(void); -#endif -#ifdef HAVE_CURVE448 - static int curve448_test(void); -#endif -#ifdef HAVE_ED448 - static int ed448_test(void); -#endif -#ifdef HAVE_BLAKE2 - static int blake2b_test(void); -#endif -#ifdef HAVE_BLAKE2S - static int blake2s_test(void); -#endif -#ifdef HAVE_LIBZ - static int compress_test(void); -#endif -#ifdef HAVE_PKCS7 - #ifndef NO_PKCS7_ENCRYPTED_DATA - static int pkcs7encrypted_test(void); - #endif - #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) - static int pkcs7compressed_test(void); - #endif - static int pkcs7signed_test(void); - static int pkcs7enveloped_test(void); - #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) - static int pkcs7authenveloped_test(void); - #endif - #ifndef NO_AES - static int pkcs7callback_test(byte* cert, word32 certSz, byte* key, - word32 keySz); - #endif -#endif -#if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \ - !defined(NO_FILESYSTEM) -static int cert_test(void); -#endif -#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \ - !defined(NO_FILESYSTEM) -static int certext_test(void); -#endif -#if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \ - defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) -static int decodedCertCache_test(void); -#endif -#ifdef HAVE_IDEA -static int idea_test(void); -#endif -static int memory_test(void); -#ifdef HAVE_VALGRIND -static int mp_test(void); -#endif -#if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN) -static int prime_test(void); -#endif -#ifdef ASN_BER_TO_DER -static int berder_test(void); -#endif -static int logging_test(void); -static int mutex_test(void); -#if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS) -static int memcb_test(void); -#endif -#ifdef WOLFSSL_IMX6_CAAM_BLOB -static int blob_test(void); -#endif - -#ifdef WOLF_CRYPTO_CB -static int cryptocb_test(void); -#endif -#ifdef WOLFSSL_CERT_PIV -static int certpiv_test(void); -#endif - -/* General big buffer size for many tests. */ -#define FOURK_BUF 4096 - - -#define ERROR_OUT(err, eLabel) { ret = (err); goto eLabel; } - -#ifdef HAVE_STACK_SIZE -static THREAD_RETURN err_sys(const char* msg, int es) -#else -static int err_sys(const char* msg, int es) -#endif -{ - (void)msg; - (void)es; - -#ifdef WOLFSSL_LINUXKM - lkm_printf("%s error = %d\n", msg, es); -#else - printf("%s error = %d\n", msg, es); -#endif - - EXIT_TEST(-1); -} - -#ifndef HAVE_STACK_SIZE -/* func_args from test.h, so don't have to pull in other stuff */ -typedef struct func_args { - int argc; - char** argv; - int return_code; -} func_args; -#endif /* !HAVE_STACK_SIZE */ - -#ifdef HAVE_FIPS - -static void myFipsCb(int ok, int err, const char* hash) -{ - printf("in my Fips callback, ok = %d, err = %d\n", ok, err); - printf("message = %s\n", wc_GetErrorString(err)); - printf("hash = %s\n", hash); - - if (err == IN_CORE_FIPS_E) { - printf("In core integrity hash check failure, copy above hash\n"); - printf("into verifyCore[] in fips_test.c and rebuild\n"); - } -} - -#endif /* HAVE_FIPS */ - -#ifdef WOLFSSL_STATIC_MEMORY - #ifdef BENCH_EMBEDDED - static byte gTestMemory[14000]; - #elif defined(WOLFSSL_CERT_EXT) - static byte gTestMemory[140000]; - #elif defined(USE_FAST_MATH) && !defined(ALT_ECC_SIZE) - static byte gTestMemory[160000]; - #else - static byte gTestMemory[80000]; - #endif -#endif - -#ifdef WOLFSSL_PB -static int wolfssl_pb_print(const char* msg, ...) -{ - int ret; - va_list args; - char tmpBuf[80]; - - va_start(args, msg); - ret = vsprint(tmpBuf, msg, args); - va_end(args); - - fnDumpStringToSystemLog(tmpBuf); - - return ret; -} -#endif /* WOLFSSL_PB */ - -/* optional macro to add sleep between tests */ -#ifdef TEST_SLEEP - #include /* for var args */ - static WC_INLINE void test_pass(const char* fmt, ...) - { - va_list args; - va_start(args, fmt); - printf(fmt, args); - va_end(args); - TEST_SLEEP(); - } -#else - /* redirect to printf */ - #define test_pass printf - /* stub the sleep macro */ - #define TEST_SLEEP() -#endif - -#ifdef HAVE_STACK_SIZE -THREAD_RETURN WOLFSSL_THREAD wolfcrypt_test(void* args) -#else -int wolfcrypt_test(void* args) -#endif -{ - int ret; - - printf("------------------------------------------------------------------------------\n"); - printf(" wolfSSL version %s\n", LIBWOLFSSL_VERSION_STRING); - printf("------------------------------------------------------------------------------\n"); - - if (args) - ((func_args*)args)->return_code = -1; /* error state */ - -#ifdef WOLFSSL_STATIC_MEMORY - if (wc_LoadStaticMemory(&HEAP_HINT, gTestMemory, sizeof(gTestMemory), - WOLFMEM_GENERAL, 1) != 0) { - printf("unable to load static memory"); - return(EXIT_FAILURE); - } -#endif - -#if defined(DEBUG_WOLFSSL) && !defined(HAVE_VALGRIND) - wolfSSL_Debugging_ON(); -#endif - -#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) - wc_SetLoggingHeap(HEAP_HINT); -#endif - -#ifdef HAVE_FIPS - wolfCrypt_SetCb_fips(myFipsCb); -#endif - -#if !defined(NO_BIG_INT) - if (CheckCtcSettings() != 1) { - printf("Sizeof mismatch (build) %x != (run) %x\n", - CTC_SETTINGS, CheckRunTimeSettings()); - return err_sys("Build vs runtime math mismatch\n", -1000); - } - -#if defined(USE_FAST_MATH) && \ - (!defined(NO_RSA) || !defined(NO_DH) || defined(HAVE_ECC)) - if (CheckFastMathSettings() != 1) - return err_sys("Build vs runtime fastmath FP_MAX_BITS mismatch\n", - -1001); -#endif /* USE_FAST_MATH */ -#endif /* !NO_BIG_INT */ - -#if defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_MULTI_ATTRIB) -initDefaultName(); -#endif - -#ifdef WOLFSSL_ASYNC_CRYPT - ret = wolfAsync_DevOpen(&devId); - if (ret < 0) { - printf("Async device open failed\nRunning without async\n"); - } -#else - (void)devId; -#endif /* WOLFSSL_ASYNC_CRYPT */ - -#ifdef WOLF_CRYPTO_CB -#ifdef HAVE_INTEL_QA_SYNC - devId = wc_CryptoCb_InitIntelQa(); - if (INVALID_DEVID == devId) { - printf("Couldn't init the Intel QA\n"); - } -#endif -#ifdef HAVE_CAVIUM_OCTEON_SYNC - devId = wc_CryptoCb_InitOcteon(); - if (INVALID_DEVID == devId) { - printf("Couldn't init the Cavium Octeon\n"); - } -#endif -#endif - -#ifdef HAVE_SELFTEST - if ( (ret = wolfCrypt_SelfTest()) != 0) - return err_sys("CAVP selftest failed!\n", ret); - else - test_pass("CAVP selftest passed!\n"); -#endif - - if ( (ret = error_test()) != 0) - return err_sys("error test failed!\n", ret); - else - test_pass("error test passed!\n"); - - if ( (ret = memory_test()) != 0) - return err_sys("MEMORY test failed!\n", ret); - else - test_pass("MEMORY test passed!\n"); - -#ifndef NO_CODING - if ( (ret = base64_test()) != 0) - return err_sys("base64 test failed!\n", ret); - else - test_pass("base64 test passed!\n"); -#ifdef WOLFSSL_BASE16 - if ( (ret = base16_test()) != 0) - return err_sys("base16 test failed!\n", ret); - else - test_pass("base16 test passed!\n"); -#endif -#endif /* !NO_CODING */ - -#ifndef NO_ASN - if ( (ret = asn_test()) != 0) - return err_sys("asn test failed!\n", ret); - else - test_pass("asn test passed!\n"); -#endif - -#ifndef WC_NO_RNG - if ( (ret = random_test()) != 0) - return err_sys("RANDOM test failed!\n", ret); - else - test_pass("RANDOM test passed!\n"); -#endif /* WC_NO_RNG */ - -#ifndef NO_MD5 - if ( (ret = md5_test()) != 0) - return err_sys("MD5 test failed!\n", ret); - else - test_pass("MD5 test passed!\n"); -#endif - -#ifdef WOLFSSL_MD2 - if ( (ret = md2_test()) != 0) - return err_sys("MD2 test failed!\n", ret); - else - test_pass("MD2 test passed!\n"); -#endif - -#ifndef NO_MD4 - if ( (ret = md4_test()) != 0) - return err_sys("MD4 test failed!\n", ret); - else - test_pass("MD4 test passed!\n"); -#endif - -#ifndef NO_SHA - if ( (ret = sha_test()) != 0) - return err_sys("SHA test failed!\n", ret); - else - test_pass("SHA test passed!\n"); -#endif - -#ifdef WOLFSSL_SHA224 - if ( (ret = sha224_test()) != 0) - return err_sys("SHA-224 test failed!\n", ret); - else - test_pass("SHA-224 test passed!\n"); -#endif - -#ifndef NO_SHA256 - if ( (ret = sha256_test()) != 0) - return err_sys("SHA-256 test failed!\n", ret); - else - test_pass("SHA-256 test passed!\n"); -#endif - -#ifdef WOLFSSL_SHA384 - if ( (ret = sha384_test()) != 0) - return err_sys("SHA-384 test failed!\n", ret); - else - test_pass("SHA-384 test passed!\n"); -#endif - -#ifdef WOLFSSL_SHA512 - if ( (ret = sha512_test()) != 0) - return err_sys("SHA-512 test failed!\n", ret); - else - test_pass("SHA-512 test passed!\n"); -#endif - -#ifdef WOLFSSL_SHA3 - if ( (ret = sha3_test()) != 0) - return err_sys("SHA-3 test failed!\n", ret); - else - test_pass("SHA-3 test passed!\n"); -#endif - -#ifdef WOLFSSL_SHAKE256 - if ( (ret = shake256_test()) != 0) - return err_sys("SHAKE256 test failed!\n", ret); - else - test_pass("SHAKE256 test passed!\n"); -#endif - - if ( (ret = hash_test()) != 0) - return err_sys("Hash test failed!\n", ret); - else - test_pass("Hash test passed!\n"); - -#ifdef WOLFSSL_RIPEMD - if ( (ret = ripemd_test()) != 0) - return err_sys("RIPEMD test failed!\n", ret); - else - test_pass("RIPEMD test passed!\n"); -#endif - -#ifdef HAVE_BLAKE2 - if ( (ret = blake2b_test()) != 0) - return err_sys("BLAKE2b test failed!\n", ret); - else - test_pass("BLAKE2b test passed!\n"); -#endif -#ifdef HAVE_BLAKE2S - if ( (ret = blake2s_test()) != 0) - return err_sys("BLAKE2s test failed!\n", ret); - else - test_pass("BLAKE2s test passed!\n"); -#endif - -#ifndef NO_HMAC - #ifndef NO_MD5 - if ( (ret = hmac_md5_test()) != 0) - return err_sys("HMAC-MD5 test failed!\n", ret); - else - test_pass("HMAC-MD5 test passed!\n"); - #endif - - #ifndef NO_SHA - if ( (ret = hmac_sha_test()) != 0) - return err_sys("HMAC-SHA test failed!\n", ret); - else - test_pass("HMAC-SHA test passed!\n"); - #endif - - #ifdef WOLFSSL_SHA224 - if ( (ret = hmac_sha224_test()) != 0) - return err_sys("HMAC-SHA224 test failed!\n", ret); - else - test_pass("HMAC-SHA224 test passed!\n"); - #endif - - #ifndef NO_SHA256 - if ( (ret = hmac_sha256_test()) != 0) - return err_sys("HMAC-SHA256 test failed!\n", ret); - else - test_pass("HMAC-SHA256 test passed!\n"); - #endif - - #ifdef WOLFSSL_SHA384 - if ( (ret = hmac_sha384_test()) != 0) - return err_sys("HMAC-SHA384 test failed!\n", ret); - else - test_pass("HMAC-SHA384 test passed!\n"); - #endif - - #ifdef WOLFSSL_SHA512 - if ( (ret = hmac_sha512_test()) != 0) - return err_sys("HMAC-SHA512 test failed!\n", ret); - else - test_pass("HMAC-SHA512 test passed!\n"); - #endif - - #if !defined(NO_HMAC) && defined(WOLFSSL_SHA3) && \ - !defined(WOLFSSL_NOSHA3_224) && !defined(WOLFSSL_NOSHA3_256) && \ - !defined(WOLFSSL_NOSHA3_384) && !defined(WOLFSSL_NOSHA3_512) - if ( (ret = hmac_sha3_test()) != 0) - return err_sys("HMAC-SHA3 test failed!\n", ret); - else - test_pass("HMAC-SHA3 test passed!\n"); - #endif - - #ifdef HAVE_HKDF - if ( (ret = hkdf_test()) != 0) - return err_sys("HMAC-KDF test failed!\n", ret); - else - test_pass("HMAC-KDF test passed!\n"); - #endif -#endif /* !NO_HMAC */ - -#if defined(HAVE_X963_KDF) && defined(HAVE_ECC) - if ( (ret = x963kdf_test()) != 0) - return err_sys("X963-KDF test failed!\n", ret); - else - test_pass("X963-KDF test passed!\n"); -#endif - -#if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128) && \ - !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) - if ( (ret = gmac_test()) != 0) - return err_sys("GMAC test failed!\n", ret); - else - test_pass("GMAC test passed!\n"); -#endif - -#ifndef NO_RC4 - if ( (ret = arc4_test()) != 0) - return err_sys("ARC4 test failed!\n", ret); - else - test_pass("ARC4 test passed!\n"); -#endif - -#ifndef NO_HC128 - if ( (ret = hc128_test()) != 0) - return err_sys("HC-128 test failed!\n", ret); - else - test_pass("HC-128 test passed!\n"); -#endif - -#ifndef NO_RABBIT - if ( (ret = rabbit_test()) != 0) - return err_sys("Rabbit test failed!\n", ret); - else - test_pass("Rabbit test passed!\n"); -#endif - -#ifdef HAVE_CHACHA - if ( (ret = chacha_test()) != 0) - return err_sys("Chacha test failed!\n", ret); - else - test_pass("Chacha test passed!\n"); -#endif - -#ifdef HAVE_POLY1305 - if ( (ret = poly1305_test()) != 0) - return err_sys("POLY1305 test failed!\n", ret); - else - test_pass("POLY1305 test passed!\n"); -#endif - -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - if ( (ret = chacha20_poly1305_aead_test()) != 0) - return err_sys("ChaCha20-Poly1305 AEAD test failed!\n", ret); - else - test_pass("ChaCha20-Poly1305 AEAD test passed!\n"); -#endif - -#ifndef NO_DES3 - if ( (ret = des_test()) != 0) - return err_sys("DES test failed!\n", ret); - else - test_pass("DES test passed!\n"); -#endif - -#ifndef NO_DES3 - if ( (ret = des3_test()) != 0) - return err_sys("DES3 test failed!\n", ret); - else - test_pass("DES3 test passed!\n"); -#endif - -#ifndef NO_AES - if ( (ret = aes_test()) != 0) - return err_sys("AES test failed!\n", ret); - else - test_pass("AES test passed!\n"); - -#ifdef WOLFSSL_AES_192 - if ( (ret = aes192_test()) != 0) - return err_sys("AES192 test failed!\n", ret); - else - test_pass("AES192 test passed!\n"); -#endif - -#ifdef WOLFSSL_AES_256 - if ( (ret = aes256_test()) != 0) - return err_sys("AES256 test failed!\n", ret); - else - test_pass("AES256 test passed!\n"); -#endif - -#ifdef WOLFSSL_AES_OFB - if ( (ret = aesofb_test()) != 0) - return err_sys("AES-OFB test failed!\n", ret); - else - test_pass("AESOFB test passed!\n"); -#endif - -#ifdef HAVE_AESGCM - #if !defined(WOLFSSL_AFALG) && !defined(WOLFSSL_DEVCRYPTO) - if ( (ret = aesgcm_test()) != 0) - return err_sys("AES-GCM test failed!\n", ret); - #endif - #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) && \ - !(defined(WOLF_CRYPTO_CB) && \ - (defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC))) - if ((ret = aesgcm_default_test()) != 0) { - return err_sys("AES-GCM test failed!\n", ret); - } - #endif - test_pass("AES-GCM test passed!\n"); -#endif - -#if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128) - if ( (ret = aesccm_test()) != 0) - return err_sys("AES-CCM test failed!\n", ret); - else - test_pass("AES-CCM test passed!\n"); -#endif -#ifdef HAVE_AES_KEYWRAP - if ( (ret = aeskeywrap_test()) != 0) - return err_sys("AES Key Wrap test failed!\n", ret); - else - test_pass("AES Key Wrap test passed!\n"); -#endif -#endif - -#ifdef HAVE_CAMELLIA - if ( (ret = camellia_test()) != 0) - return err_sys("CAMELLIA test failed!\n", ret); - else - test_pass("CAMELLIA test passed!\n"); -#endif - -#ifdef HAVE_IDEA - if ( (ret = idea_test()) != 0) - return err_sys("IDEA test failed!\n", ret); - else - test_pass("IDEA test passed!\n"); -#endif - -#ifndef NO_RSA - #ifdef WC_RSA_NO_PADDING - if ( (ret = rsa_no_pad_test()) != 0) - return err_sys("RSA NOPAD test failed!\n", ret); - else - test_pass("RSA NOPAD test passed!\n"); - #endif - if ( (ret = rsa_test()) != 0) - return err_sys("RSA test failed!\n", ret); - else - test_pass("RSA test passed!\n"); -#endif - -#ifndef NO_DH - if ( (ret = dh_test()) != 0) - return err_sys("DH test failed!\n", ret); - else - test_pass("DH test passed!\n"); -#endif - -#ifndef NO_DSA - if ( (ret = dsa_test()) != 0) - return err_sys("DSA test failed!\n", ret); - else - test_pass("DSA test passed!\n"); -#endif - -#ifdef WOLFCRYPT_HAVE_SRP - if ( (ret = srp_test()) != 0) - return err_sys("SRP test failed!\n", ret); - else - test_pass("SRP test passed!\n"); -#endif - -#ifndef NO_PWDBASED - if ( (ret = pwdbased_test()) != 0) - return err_sys("PWDBASED test failed!\n", ret); - else - test_pass("PWDBASED test passed!\n"); -#endif - -#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) - if ( (ret = openssl_test()) != 0) - return err_sys("OPENSSL test failed!\n", ret); - else - test_pass("OPENSSL test passed!\n"); - - if ( (ret = openSSL_evpMD_test()) != 0) - return err_sys("OPENSSL (EVP MD) test failed!\n", ret); - else - test_pass("OPENSSL (EVP MD) passed!\n"); - - if ( (ret = openssl_pkey0_test()) != 0) - return err_sys("OPENSSL (PKEY0) test failed!\n", ret); - else - test_pass("OPENSSL (PKEY0) passed!\n"); - - if ( (ret = openssl_pkey1_test()) != 0) - return err_sys("OPENSSL (PKEY1) test failed!\n", ret); - else - test_pass("OPENSSL (PKEY1) passed!\n"); - - if ( (ret = openssl_evpSig_test()) != 0) - return err_sys("OPENSSL (EVP Sign/Verify) test failed!\n", ret); - else - test_pass("OPENSSL (EVP Sign/Verify) passed!\n"); - -#endif - -#ifdef HAVE_ECC - if ( (ret = ecc_test()) != 0) - return err_sys("ECC test failed!\n", ret); - else - test_pass("ECC test passed!\n"); - #if defined(HAVE_ECC_ENCRYPT) && defined(WOLFSSL_AES_128) - if ( (ret = ecc_encrypt_test()) != 0) - return err_sys("ECC Enc test failed!\n", ret); - else - test_pass("ECC Enc test passed!\n"); - #endif - #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \ - !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) - /* skip for ATECC508/608A, cannot import private key buffers */ - if ( (ret = ecc_test_buffers()) != 0) - return err_sys("ECC buffer test failed!\n", ret); - else - test_pass("ECC buffer test passed!\n"); - #endif -#endif - -#if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \ - !defined(NO_FILESYSTEM) - if ( (ret = cert_test()) != 0) - return err_sys("CERT test failed!\n", ret); - else - test_pass("CERT test passed!\n"); -#endif - -#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \ - !defined(NO_FILESYSTEM) - if ( (ret = certext_test()) != 0) - return err_sys("CERT EXT test failed!\n", ret); - else - test_pass("CERT EXT test passed!\n"); -#endif - -#if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \ - defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) - if ( (ret = decodedCertCache_test()) != 0) - return err_sys("DECODED CERT CACHE test failed!\n", ret); - else - test_pass("DECODED CERT CACHE test passed!\n"); -#endif - -#ifdef HAVE_CURVE25519 - if ( (ret = curve25519_test()) != 0) - return err_sys("CURVE25519 test failed!\n", ret); - else - test_pass("CURVE25519 test passed!\n"); -#endif - -#ifdef HAVE_ED25519 - if ( (ret = ed25519_test()) != 0) - return err_sys("ED25519 test failed!\n", ret); - else - test_pass("ED25519 test passed!\n"); -#endif - -#ifdef HAVE_CURVE448 - if ( (ret = curve448_test()) != 0) - return err_sys("CURVE448 test failed!\n", ret); - else - test_pass("CURVE448 test passed!\n"); -#endif - -#ifdef HAVE_ED448 - if ( (ret = ed448_test()) != 0) - return err_sys("ED448 test failed!\n", ret); - else - test_pass("ED448 test passed!\n"); -#endif - -#if defined(WOLFSSL_CMAC) && !defined(NO_AES) - if ( (ret = cmac_test()) != 0) - return err_sys("CMAC test failed!\n", ret); - else - test_pass("CMAC test passed!\n"); -#endif - -#ifdef HAVE_LIBZ - if ( (ret = compress_test()) != 0) - return err_sys("COMPRESS test failed!\n", ret); - else - test_pass("COMPRESS test passed!\n"); -#endif - -#ifdef HAVE_PKCS7 - #ifndef NO_PKCS7_ENCRYPTED_DATA - if ( (ret = pkcs7encrypted_test()) != 0) - return err_sys("PKCS7encrypted test failed!\n", ret); - else - test_pass("PKCS7encrypted test passed!\n"); - #endif - #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) - if ( (ret = pkcs7compressed_test()) != 0) - return err_sys("PKCS7compressed test failed!\n", ret); - else - test_pass("PKCS7compressed test passed!\n"); - #endif - if ( (ret = pkcs7signed_test()) != 0) - return err_sys("PKCS7signed test failed!\n", ret); - else - test_pass("PKCS7signed test passed!\n"); - - if ( (ret = pkcs7enveloped_test()) != 0) - return err_sys("PKCS7enveloped test failed!\n", ret); - else - test_pass("PKCS7enveloped test passed!\n"); - - #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) - if ( (ret = pkcs7authenveloped_test()) != 0) - return err_sys("PKCS7authenveloped test failed!\n", ret); - else - test_pass("PKCS7authenveloped test passed!\n"); - #endif -#endif - -#ifdef HAVE_VALGRIND - if ( (ret = mp_test()) != 0) - return err_sys("mp test failed!\n", ret); - else - test_pass("mp test passed!\n"); -#endif - -#if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN) - if ( (ret = prime_test()) != 0) - return err_sys("prime test failed!\n", ret); - else - test_pass("prime test passed!\n"); -#endif - -#if defined(ASN_BER_TO_DER) && \ - (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL)) - if ( (ret = berder_test()) != 0) - return err_sys("ber-der test failed!\n", ret); - else - test_pass("ber-der test passed!\n"); -#endif - - if ( (ret = logging_test()) != 0) - return err_sys("logging test failed!\n", ret); - else - test_pass("logging test passed!\n"); - - if ( (ret = mutex_test()) != 0) - return err_sys("mutex test failed!\n", ret); - else - test_pass("mutex test passed!\n"); - -#if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS) - if ( (ret = memcb_test()) != 0) - return err_sys("memcb test failed!\n", ret); - else - test_pass("memcb test passed!\n"); -#endif - -#ifdef WOLFSSL_IMX6_CAAM_BLOB - if ( (ret = blob_test()) != 0) - return err_sys("blob test failed!\n", ret); - else - test_pass("blob test passed!\n"); -#endif - -#if defined(WOLF_CRYPTO_CB) && \ - !(defined(HAVE_INTEL_QAT_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC)) - if ( (ret = cryptocb_test()) != 0) - return err_sys("crypto callback test failed!\n", ret); - else - test_pass("crypto callback test passed!\n"); -#endif - -#ifdef WOLFSSL_CERT_PIV - if ( (ret = certpiv_test()) != 0) - return err_sys("cert piv test failed!\n", ret); - else - test_pass("cert piv test passed!\n"); -#endif - -#ifdef WOLF_CRYPTO_CB -#ifdef HAVE_INTEL_QA_SYNC - wc_CryptoCb_CleanupIntelQa(&devId); -#endif -#ifdef HAVE_CAVIUM_OCTEON_SYNC - wc_CryptoCb_CleanupOcteon(&devId); -#endif -#endif - -#ifdef WOLFSSL_ASYNC_CRYPT - wolfAsync_DevClose(&devId); -#endif - - /* cleanup the thread if fixed point cache is enabled and have thread local */ -#if defined(HAVE_THREAD_LS) && defined(HAVE_ECC) && defined(FP_ECC) - wc_ecc_fp_free(); -#endif - - if (args) - ((func_args*)args)->return_code = ret; - - test_pass("Test complete\n"); - - EXIT_TEST(ret); -} - - -#ifndef NO_MAIN_DRIVER - - /* so overall tests can pull in test function */ -#ifdef WOLFSSL_ESPIDF - void app_main( ) -#else - int main(int argc, char** argv) -#endif - { - int ret; - func_args args; -#ifdef WOLFSSL_ESPIDF - /* set dummy wallclock time. */ - struct timeval utctime; - struct timezone tz; - utctime.tv_sec = 1521725159; /* dummy time: 2018-03-22T13:25:59+00:00 */ - utctime.tv_usec = 0; - tz.tz_minuteswest = 0; - tz.tz_dsttime = 0; - settimeofday(&utctime, &tz); -#endif -#ifdef WOLFSSL_APACHE_MYNEWT - #ifdef ARCH_sim - mcu_sim_parse_args(argc, argv); - #endif - sysinit(); - - /* set dummy wallclock time. */ - struct os_timeval utctime; - struct os_timezone tz; - utctime.tv_sec = 1521725159; /* dummy time: 2018-03-22T13:25:59+00:00 */ - utctime.tv_usec = 0; - tz.tz_minuteswest = 0; - tz.tz_dsttime = 0; - os_settimeofday(&utctime, &tz); -#endif - -#ifdef HAVE_WNR - if (wc_InitNetRandom(wnrConfigFile, NULL, 5000) != 0) { - err_sys("Whitewood netRandom global config failed", -1001); - return -1002; - } -#endif -#ifndef WOLFSSL_ESPIDF - args.argc = argc; - args.argv = argv; -#endif - if ((ret = wolfCrypt_Init()) != 0) { - printf("wolfCrypt_Init failed %d\n", ret); - err_sys("Error with wolfCrypt_Init!\n", -1003); - } - - #ifdef HAVE_STACK_SIZE - StackSizeCheck(&args, wolfcrypt_test); - #else - wolfcrypt_test(&args); - #endif - - if ((ret = wolfCrypt_Cleanup()) != 0) { - printf("wolfCrypt_Cleanup failed %d\n", ret); - err_sys("Error with wolfCrypt_Cleanup!\n", -1004); - } - -#ifdef HAVE_WNR - if (wc_FreeNetRandom() < 0) - err_sys("Failed to free netRandom context", -1005); -#endif /* HAVE_WNR */ -#ifndef WOLFSSL_ESPIDF - return args.return_code; -#endif - } - -#endif /* NO_MAIN_DRIVER */ - -/* helper to save DER, convert to PEM and save PEM */ -#if !defined(NO_ASN) && (defined(HAVE_ECC) || \ - (!defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)))) - -#if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) -#define SaveDerAndPem(d, dSz, fD, fP, pT, eB) _SaveDerAndPem(d, dSz, fD, fP, pT, eB) -#else -#define SaveDerAndPem(d, dSz, fD, fP, pT, eB) _SaveDerAndPem(d, dSz, NULL, NULL, pT, eB) -#endif - -static int _SaveDerAndPem(const byte* der, int derSz, - const char* fileDer, const char* filePem, int pemType, int errBase) -{ -#if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) - int ret; - XFILE derFile; - - derFile = XFOPEN(fileDer, "wb"); - if (!derFile) { - return errBase + 0; - } - ret = (int)XFWRITE(der, 1, derSz, derFile); - XFCLOSE(derFile); - if (ret != derSz) { - return errBase + 1; - } -#endif - -#ifdef WOLFSSL_DER_TO_PEM - if (filePem) { - #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) - XFILE pemFile; - #endif - byte* pem; - int pemSz; - - /* calculate PEM size */ - pemSz = wc_DerToPem(der, derSz, NULL, 0, pemType); - if (pemSz < 0) { - return pemSz; - } - pem = (byte*)XMALLOC(pemSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pem == NULL) { - return MEMORY_E; - } - /* Convert to PEM */ - pemSz = wc_DerToPem(der, derSz, pem, pemSz, pemType); - if (pemSz < 0) { - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return errBase + 2; - } - #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) - pemFile = XFOPEN(filePem, "wb"); - if (!pemFile) { - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return errBase + 3; - } - ret = (int)XFWRITE(pem, 1, pemSz, pemFile); - XFCLOSE(pemFile); - if (ret != pemSz) { - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return errBase + 4; - } - #endif - XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - } -#endif /* WOLFSSL_DER_TO_PEM */ - - /* suppress unused variable warnings */ - (void)der; - (void)derSz; - (void)filePem; - (void)fileDer; - (void)pemType; - (void)errBase; - - return 0; -} -#endif /* WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN */ - -static int error_test(void) -{ - const char* errStr; - char out[WOLFSSL_MAX_ERROR_SZ]; - const char* unknownStr = wc_GetErrorString(0); - -#ifdef NO_ERROR_STRINGS - /* Ensure a valid error code's string matches an invalid code's. - * The string is that error strings are not available. - */ - errStr = wc_GetErrorString(OPEN_RAN_E); - wc_ErrorString(OPEN_RAN_E, out); - if (XSTRNCMP(errStr, unknownStr, XSTRLEN(unknownStr)) != 0) - return -1100; - if (XSTRNCMP(out, unknownStr, XSTRLEN(unknownStr)) != 0) - return -1101; -#else - int i; - int j = 0; - /* Values that are not or no longer error codes. */ - int missing[] = { -122, -123, -124, -127, -128, -129, - -163, -164, -165, -166, -167, -168, -169, - -179, -233, - 0 }; - - /* Check that all errors have a string and it's the same through the two - * APIs. Check that the values that are not errors map to the unknown - * string. - */ - for (i = MAX_CODE_E-1; i >= WC_LAST_E; i--) { - errStr = wc_GetErrorString(i); - wc_ErrorString(i, out); - - if (i != missing[j]) { - if (XSTRNCMP(errStr, unknownStr, XSTRLEN(unknownStr)) == 0) - return -1102; - if (XSTRNCMP(out, unknownStr, XSTRLEN(unknownStr)) == 0) - return -1103; - if (XSTRNCMP(errStr, out, XSTRLEN(errStr)) != 0) - return -1104; - if (XSTRLEN(errStr) >= WOLFSSL_MAX_ERROR_SZ) - return -1105; - } - else { - j++; - if (XSTRNCMP(errStr, unknownStr, XSTRLEN(unknownStr)) != 0) - return -1106; - if (XSTRNCMP(out, unknownStr, XSTRLEN(unknownStr)) != 0) - return -1107; - } - } - - /* Check if the next possible value has been given a string. */ - errStr = wc_GetErrorString(i); - wc_ErrorString(i, out); - if (XSTRNCMP(errStr, unknownStr, XSTRLEN(unknownStr)) != 0) - return -1108; - if (XSTRNCMP(out, unknownStr, XSTRLEN(unknownStr)) != 0) - return -1109; -#endif - - return 0; -} - -#ifndef NO_CODING - -static int base64_test(void) -{ - int ret; - const byte good[] = "A+Gd\0\0\0"; - const byte goodEnd[] = "A+Gd \r\n"; - byte out[128]; - word32 outLen; -#ifdef WOLFSSL_BASE64_ENCODE - byte data[3]; - word32 dataLen; - byte longData[79] = { 0 }; - const byte symbols[] = "+/A="; -#endif - const byte badSmall[] = "AAA Gdj="; - const byte badLarge[] = "AAA~Gdj="; - const byte badEOL[] = "A+Gd AA"; - int i; - - /* Good Base64 encodings. */ - outLen = sizeof(out); - ret = Base64_Decode(good, sizeof(good), out, &outLen); - if (ret != 0) - return -1200; - outLen = sizeof(out); - ret = Base64_Decode(goodEnd, sizeof(goodEnd), out, &outLen); - if (ret != 0) - return -1201; - - /* Bad parameters. */ - outLen = 1; - ret = Base64_Decode(good, sizeof(good), out, &outLen); - if (ret != BAD_FUNC_ARG) - return -1202; - - outLen = sizeof(out); - ret = Base64_Decode(badEOL, sizeof(badEOL), out, &outLen); - if (ret != ASN_INPUT_E) - return -1203; - /* Bad character at each offset 0-3. */ - for (i = 0; i < 4; i++) { - outLen = sizeof(out); - ret = Base64_Decode(badSmall + i, 4, out, &outLen); - if (ret != ASN_INPUT_E) - return -1204 - i; - ret = Base64_Decode(badLarge + i, 4, out, &outLen); - if (ret != ASN_INPUT_E) - return -1214 - i; - } - -#ifdef WOLFSSL_BASE64_ENCODE - /* Decode and encode all symbols - non-alphanumeric. */ - dataLen = sizeof(data); - ret = Base64_Decode(symbols, sizeof(symbols), data, &dataLen); - if (ret != 0) - return -1224; - outLen = sizeof(out); - ret = Base64_Encode(data, dataLen, NULL, &outLen); - if (ret != LENGTH_ONLY_E) - return -1225; - outLen = sizeof(out); - ret = Base64_Encode(data, dataLen, out, &outLen); - if (ret != 0) - return -1226; - outLen = 7; - ret = Base64_EncodeEsc(data, dataLen, out, &outLen); - if (ret != BUFFER_E) - return -1227; - outLen = sizeof(out); - ret = Base64_EncodeEsc(data, dataLen, NULL, &outLen); - if (ret != LENGTH_ONLY_E) - return -1228; - outLen = sizeof(out); - ret = Base64_EncodeEsc(data, dataLen, out, &outLen); - if (ret != 0) - return -1229; - outLen = sizeof(out); - ret = Base64_Encode_NoNl(data, dataLen, out, &outLen); - if (ret != 0) - return -1230; - - /* Data that results in an encoding longer than one line. */ - outLen = sizeof(out); - dataLen = sizeof(longData); - ret = Base64_Encode(longData, dataLen, out, &outLen); - if (ret != 0) - return -1231; - outLen = sizeof(out); - ret = Base64_EncodeEsc(longData, dataLen, out, &outLen); - if (ret != 0) - return -1232; - outLen = sizeof(out); - ret = Base64_Encode_NoNl(longData, dataLen, out, &outLen); - if (ret != 0) - return -1233; -#endif - - return 0; -} - -#ifdef WOLFSSL_BASE16 -static int base16_test(void) -{ - int ret; - const byte testData[] = "SomeDataToEncode\n"; - const byte encodedTestData[] = "536F6D6544617461546F456E636F64650A00"; - byte encoded[40]; - word32 encodedLen; - byte plain[40]; - word32 len; - - /* length returned includes null termination */ - encodedLen = sizeof(encoded); - ret = Base16_Encode(testData, sizeof(testData), encoded, &encodedLen); - if (ret != 0) - return -1300; - - len = (word32)XSTRLEN((char*)encoded); - if (len != encodedLen - 1) - return -1301; - - len = sizeof(plain); - ret = Base16_Decode(encoded, encodedLen - 1, plain, &len); - if (ret != 0) - return -1302; - - if (len != sizeof(testData) || XMEMCMP(testData, plain, len) != 0) - return -1303; - - if (encodedLen != sizeof(encodedTestData) || - XMEMCMP(encoded, encodedTestData, encodedLen) != 0) { - return -1304; - } - - return 0; -} -#endif /* WOLFSSL_BASE16 */ -#endif /* !NO_CODING */ - -#ifndef NO_ASN -static int asn_test(void) -{ - int ret; - /* ASN1 encoded date buffer */ - const byte dateBuf[] = {0x17, 0x0d, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31, - 0x32, 0x30, 0x30, 0x37, 0x33, 0x37, 0x5a}; - byte format; - int length; - const byte* datePart; -#ifndef NO_ASN_TIME - struct tm timearg; - time_t now; -#endif - - ret = wc_GetDateInfo(dateBuf, (int)sizeof(dateBuf), &datePart, &format, - &length); - if (ret != 0) - return -1400; - -#ifndef NO_ASN_TIME - /* Parameter Validation tests. */ - if (wc_GetTime(NULL, sizeof(now)) != BAD_FUNC_ARG) - return -1401; - if (wc_GetTime(&now, 0) != BUFFER_E) - return -1402; - - now = 0; - if (wc_GetTime(&now, sizeof(now)) != 0) { - return -1403; - } - if (now == 0) { - printf("RTC/Time not set!\n"); - return -1404; - } - - ret = wc_GetDateAsCalendarTime(datePart, length, format, &timearg); - if (ret != 0) - return -1405; -#endif /* !NO_ASN_TIME */ - - return 0; -} -#endif /* !NO_ASN */ - -#ifdef WOLFSSL_MD2 -static int md2_test(void) -{ - Md2 md2; - byte hash[MD2_DIGEST_SIZE]; - - testVector a, b, c, d, e, f, g; - testVector test_md2[7]; - int times = sizeof(test_md2) / sizeof(testVector), i; - - a.input = ""; - a.output = "\x83\x50\xe5\xa3\xe2\x4c\x15\x3d\xf2\x27\x5c\x9f\x80\x69" - "\x27\x73"; - a.inLen = XSTRLEN(a.input); - a.outLen = MD2_DIGEST_SIZE; - - b.input = "a"; - b.output = "\x32\xec\x01\xec\x4a\x6d\xac\x72\xc0\xab\x96\xfb\x34\xc0" - "\xb5\xd1"; - b.inLen = XSTRLEN(b.input); - b.outLen = MD2_DIGEST_SIZE; - - c.input = "abc"; - c.output = "\xda\x85\x3b\x0d\x3f\x88\xd9\x9b\x30\x28\x3a\x69\xe6\xde" - "\xd6\xbb"; - c.inLen = XSTRLEN(c.input); - c.outLen = MD2_DIGEST_SIZE; - - d.input = "message digest"; - d.output = "\xab\x4f\x49\x6b\xfb\x2a\x53\x0b\x21\x9f\xf3\x30\x31\xfe" - "\x06\xb0"; - d.inLen = XSTRLEN(d.input); - d.outLen = MD2_DIGEST_SIZE; - - e.input = "abcdefghijklmnopqrstuvwxyz"; - e.output = "\x4e\x8d\xdf\xf3\x65\x02\x92\xab\x5a\x41\x08\xc3\xaa\x47" - "\x94\x0b"; - e.inLen = XSTRLEN(e.input); - e.outLen = MD2_DIGEST_SIZE; - - f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345" - "6789"; - f.output = "\xda\x33\xde\xf2\xa4\x2d\xf1\x39\x75\x35\x28\x46\xc3\x03" - "\x38\xcd"; - f.inLen = XSTRLEN(f.input); - f.outLen = MD2_DIGEST_SIZE; - - g.input = "1234567890123456789012345678901234567890123456789012345678" - "9012345678901234567890"; - g.output = "\xd5\x97\x6f\x79\xd8\x3d\x3a\x0d\xc9\x80\x6c\x3c\x66\xf3" - "\xef\xd8"; - g.inLen = XSTRLEN(g.input); - g.outLen = MD2_DIGEST_SIZE; - - test_md2[0] = a; - test_md2[1] = b; - test_md2[2] = c; - test_md2[3] = d; - test_md2[4] = e; - test_md2[5] = f; - test_md2[6] = g; - - wc_InitMd2(&md2); - - for (i = 0; i < times; ++i) { - wc_Md2Update(&md2, (byte*)test_md2[i].input, (word32)test_md2[i].inLen); - wc_Md2Final(&md2, hash); - - if (XMEMCMP(hash, test_md2[i].output, MD2_DIGEST_SIZE) != 0) - return -1500 - i; - } - - return 0; -} -#endif - -#ifndef NO_MD5 -static int md5_test(void) -{ - int ret = 0; - wc_Md5 md5, md5Copy; - byte hash[WC_MD5_DIGEST_SIZE]; - byte hashcopy[WC_MD5_DIGEST_SIZE]; - testVector a, b, c, d, e, f; - testVector test_md5[6]; - int times = sizeof(test_md5) / sizeof(testVector), i; - - a.input = ""; - a.output = "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42" - "\x7e"; - a.inLen = XSTRLEN(a.input); - a.outLen = WC_MD5_DIGEST_SIZE; - - b.input = "abc"; - b.output = "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f" - "\x72"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_MD5_DIGEST_SIZE; - - c.input = "message digest"; - c.output = "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61" - "\xd0"; - c.inLen = XSTRLEN(c.input); - c.outLen = WC_MD5_DIGEST_SIZE; - - d.input = "abcdefghijklmnopqrstuvwxyz"; - d.output = "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00\x7d\xfb\x49\x6c\xca\x67\xe1" - "\x3b"; - d.inLen = XSTRLEN(d.input); - d.outLen = WC_MD5_DIGEST_SIZE; - - e.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345" - "6789"; - e.output = "\xd1\x74\xab\x98\xd2\x77\xd9\xf5\xa5\x61\x1c\x2c\x9f\x41\x9d" - "\x9f"; - e.inLen = XSTRLEN(e.input); - e.outLen = WC_MD5_DIGEST_SIZE; - - f.input = "1234567890123456789012345678901234567890123456789012345678" - "9012345678901234567890"; - f.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6" - "\x7a"; - f.inLen = XSTRLEN(f.input); - f.outLen = WC_MD5_DIGEST_SIZE; - - test_md5[0] = a; - test_md5[1] = b; - test_md5[2] = c; - test_md5[3] = d; - test_md5[4] = e; - test_md5[5] = f; - - ret = wc_InitMd5_ex(&md5, HEAP_HINT, devId); - if (ret != 0) - return -1600; - ret = wc_InitMd5_ex(&md5Copy, HEAP_HINT, devId); - if (ret != 0) { - wc_Md5Free(&md5); - return -1601; - } - - for (i = 0; i < times; ++i) { - ret = wc_Md5Update(&md5, (byte*)test_md5[i].input, - (word32)test_md5[i].inLen); - if (ret != 0) - ERROR_OUT(-1602 - i, exit); - - ret = wc_Md5GetHash(&md5, hashcopy); - if (ret != 0) - ERROR_OUT(-1603 - i, exit); - - ret = wc_Md5Copy(&md5, &md5Copy); - if (ret != 0) - ERROR_OUT(-1604 - i, exit); - - ret = wc_Md5Final(&md5, hash); - if (ret != 0) - ERROR_OUT(-1605 - i, exit); - - wc_Md5Free(&md5Copy); - - if (XMEMCMP(hash, test_md5[i].output, WC_MD5_DIGEST_SIZE) != 0) - ERROR_OUT(-1606 - i, exit); - - if (XMEMCMP(hash, hashcopy, WC_MD5_DIGEST_SIZE) != 0) - ERROR_OUT(-1607 - i, exit); - } - - /* BEGIN LARGE HASH TEST */ { - byte large_input[1024]; - const char* large_digest = - "\x44\xd0\x88\xce\xf1\x36\xd1\x78\xe9\xc8\xba\x84\xc3\xfd\xf6\xca"; - - for (i = 0; i < (int)sizeof(large_input); i++) { - large_input[i] = (byte)(i & 0xFF); - } - times = 100; -#ifdef WOLFSSL_PIC32MZ_HASH - wc_Md5SizeSet(&md5, times * sizeof(large_input)); -#endif - for (i = 0; i < times; ++i) { - ret = wc_Md5Update(&md5, (byte*)large_input, - (word32)sizeof(large_input)); - if (ret != 0) - ERROR_OUT(-1608, exit); - } - ret = wc_Md5Final(&md5, hash); - if (ret != 0) - ERROR_OUT(-1609, exit); - if (XMEMCMP(hash, large_digest, WC_MD5_DIGEST_SIZE) != 0) - ERROR_OUT(-1610, exit); - } /* END LARGE HASH TEST */ - -exit: - - wc_Md5Free(&md5); - wc_Md5Free(&md5Copy); - - return ret; -} -#endif /* NO_MD5 */ - - -#ifndef NO_MD4 - -static int md4_test(void) -{ - Md4 md4; - byte hash[MD4_DIGEST_SIZE]; - - testVector a, b, c, d, e, f, g; - testVector test_md4[7]; - int times = sizeof(test_md4) / sizeof(testVector), i; - - a.input = ""; - a.output = "\x31\xd6\xcf\xe0\xd1\x6a\xe9\x31\xb7\x3c\x59\xd7\xe0\xc0\x89" - "\xc0"; - a.inLen = XSTRLEN(a.input); - a.outLen = MD4_DIGEST_SIZE; - - b.input = "a"; - b.output = "\xbd\xe5\x2c\xb3\x1d\xe3\x3e\x46\x24\x5e\x05\xfb\xdb\xd6\xfb" - "\x24"; - b.inLen = XSTRLEN(b.input); - b.outLen = MD4_DIGEST_SIZE; - - c.input = "abc"; - c.output = "\xa4\x48\x01\x7a\xaf\x21\xd8\x52\x5f\xc1\x0a\xe8\x7a\xa6\x72" - "\x9d"; - c.inLen = XSTRLEN(c.input); - c.outLen = MD4_DIGEST_SIZE; - - d.input = "message digest"; - d.output = "\xd9\x13\x0a\x81\x64\x54\x9f\xe8\x18\x87\x48\x06\xe1\xc7\x01" - "\x4b"; - d.inLen = XSTRLEN(d.input); - d.outLen = MD4_DIGEST_SIZE; - - e.input = "abcdefghijklmnopqrstuvwxyz"; - e.output = "\xd7\x9e\x1c\x30\x8a\xa5\xbb\xcd\xee\xa8\xed\x63\xdf\x41\x2d" - "\xa9"; - e.inLen = XSTRLEN(e.input); - e.outLen = MD4_DIGEST_SIZE; - - f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345" - "6789"; - f.output = "\x04\x3f\x85\x82\xf2\x41\xdb\x35\x1c\xe6\x27\xe1\x53\xe7\xf0" - "\xe4"; - f.inLen = XSTRLEN(f.input); - f.outLen = MD4_DIGEST_SIZE; - - g.input = "1234567890123456789012345678901234567890123456789012345678" - "9012345678901234567890"; - g.output = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f\xcc\x05" - "\x36"; - g.inLen = XSTRLEN(g.input); - g.outLen = MD4_DIGEST_SIZE; - - test_md4[0] = a; - test_md4[1] = b; - test_md4[2] = c; - test_md4[3] = d; - test_md4[4] = e; - test_md4[5] = f; - test_md4[6] = g; - - wc_InitMd4(&md4); - - for (i = 0; i < times; ++i) { - wc_Md4Update(&md4, (byte*)test_md4[i].input, (word32)test_md4[i].inLen); - wc_Md4Final(&md4, hash); - - if (XMEMCMP(hash, test_md4[i].output, MD4_DIGEST_SIZE) != 0) - return -1700 - i; - } - - return 0; -} - -#endif /* NO_MD4 */ - -#ifndef NO_SHA - -static int sha_test(void) -{ - int ret = 0; - wc_Sha sha, shaCopy; - byte hash[WC_SHA_DIGEST_SIZE]; - byte hashcopy[WC_SHA_DIGEST_SIZE]; - testVector a, b, c, d, e; - testVector test_sha[5]; - int times = sizeof(test_sha) / sizeof(struct testVector), i; - - a.input = ""; - a.output = "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d\x32\x55\xbf\xef\x95\x60\x18" - "\x90\xaf\xd8\x07\x09"; - a.inLen = XSTRLEN(a.input); - a.outLen = WC_SHA_DIGEST_SIZE; - - b.input = "abc"; - b.output = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2" - "\x6C\x9C\xD0\xD8\x9D"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_SHA_DIGEST_SIZE; - - c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; - c.output = "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29" - "\xE5\xE5\x46\x70\xF1"; - c.inLen = XSTRLEN(c.input); - c.outLen = WC_SHA_DIGEST_SIZE; - - d.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaa"; - d.output = "\x00\x98\xBA\x82\x4B\x5C\x16\x42\x7B\xD7\xA1\x12\x2A\x5A\x44" - "\x2A\x25\xEC\x64\x4D"; - d.inLen = XSTRLEN(d.input); - d.outLen = WC_SHA_DIGEST_SIZE; - - e.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaa"; - e.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7" - "\x53\x99\x5E\x26\xA0"; - e.inLen = XSTRLEN(e.input); - e.outLen = WC_SHA_DIGEST_SIZE; - - test_sha[0] = a; - test_sha[1] = b; - test_sha[2] = c; - test_sha[3] = d; - test_sha[4] = e; - - ret = wc_InitSha_ex(&sha, HEAP_HINT, devId); - if (ret != 0) - return -1800; - ret = wc_InitSha_ex(&shaCopy, HEAP_HINT, devId); - if (ret != 0) { - wc_ShaFree(&sha); - return -1801; - } - - for (i = 0; i < times; ++i) { - ret = wc_ShaUpdate(&sha, (byte*)test_sha[i].input, - (word32)test_sha[i].inLen); - if (ret != 0) - ERROR_OUT(-1802 - i, exit); - ret = wc_ShaGetHash(&sha, hashcopy); - if (ret != 0) - ERROR_OUT(-1803 - i, exit); - ret = wc_ShaCopy(&sha, &shaCopy); - if (ret != 0) - ERROR_OUT(-1804 - i, exit); - ret = wc_ShaFinal(&sha, hash); - if (ret != 0) - ERROR_OUT(-1805 - i, exit); - wc_ShaFree(&shaCopy); - - if (XMEMCMP(hash, test_sha[i].output, WC_SHA_DIGEST_SIZE) != 0) - ERROR_OUT(-1806 - i, exit); - if (XMEMCMP(hash, hashcopy, WC_SHA_DIGEST_SIZE) != 0) - ERROR_OUT(-1807 - i, exit); - } - - /* BEGIN LARGE HASH TEST */ { - byte large_input[1024]; -#ifdef WOLFSSL_RENESAS_TSIP - const char* large_digest = - "\x1d\x6a\x5a\xf6\xe5\x7c\x86\xce\x7f\x7c\xaf\xd5\xdb\x08\xcd\x59" - "\x15\x8c\x6d\xb6"; -#else - const char* large_digest = - "\x8b\x77\x02\x48\x39\xe8\xdb\xd3\x9a\xf4\x05\x24\x66\x12\x2d\x9e" - "\xc5\xd9\x0a\xac"; -#endif - for (i = 0; i < (int)sizeof(large_input); i++) { - large_input[i] = (byte)(i & 0xFF); - } -#ifdef WOLFSSL_RENESAS_TSIP - times = 20; -#else - times = 100; -#endif -#ifdef WOLFSSL_PIC32MZ_HASH - wc_ShaSizeSet(&sha, times * sizeof(large_input)); -#endif - for (i = 0; i < times; ++i) { - ret = wc_ShaUpdate(&sha, (byte*)large_input, - (word32)sizeof(large_input)); - if (ret != 0) - ERROR_OUT(-1808, exit); - } - ret = wc_ShaFinal(&sha, hash); - if (ret != 0) - ERROR_OUT(-1809, exit); - if (XMEMCMP(hash, large_digest, WC_SHA_DIGEST_SIZE) != 0) - ERROR_OUT(-1810, exit); - } /* END LARGE HASH TEST */ - -exit: - - wc_ShaFree(&sha); - wc_ShaFree(&shaCopy); - - return ret; -} - -#endif /* NO_SHA */ - -#ifdef WOLFSSL_RIPEMD -static int ripemd_test(void) -{ - RipeMd ripemd; - int ret; - byte hash[RIPEMD_DIGEST_SIZE]; - - testVector a, b, c, d; - testVector test_ripemd[4]; - int times = sizeof(test_ripemd) / sizeof(struct testVector), i; - - a.input = "abc"; - a.output = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6" - "\xb0\x87\xf1\x5a\x0b\xfc"; - a.inLen = XSTRLEN(a.input); - a.outLen = RIPEMD_DIGEST_SIZE; - - b.input = "message digest"; - b.output = "\x5d\x06\x89\xef\x49\xd2\xfa\xe5\x72\xb8\x81\xb1\x23\xa8" - "\x5f\xfa\x21\x59\x5f\x36"; - b.inLen = XSTRLEN(b.input); - b.outLen = RIPEMD_DIGEST_SIZE; - - c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; - c.output = "\x12\xa0\x53\x38\x4a\x9c\x0c\x88\xe4\x05\xa0\x6c\x27\xdc" - "\xf4\x9a\xda\x62\xeb\x2b"; - c.inLen = XSTRLEN(c.input); - c.outLen = RIPEMD_DIGEST_SIZE; - - d.input = "12345678901234567890123456789012345678901234567890123456" - "789012345678901234567890"; - d.output = "\x9b\x75\x2e\x45\x57\x3d\x4b\x39\xf4\xdb\xd3\x32\x3c\xab" - "\x82\xbf\x63\x32\x6b\xfb"; - d.inLen = XSTRLEN(d.input); - d.outLen = RIPEMD_DIGEST_SIZE; - - test_ripemd[0] = a; - test_ripemd[1] = b; - test_ripemd[2] = c; - test_ripemd[3] = d; - - ret = wc_InitRipeMd(&ripemd); - if (ret != 0) { - return -1900; - } - - for (i = 0; i < times; ++i) { - ret = wc_RipeMdUpdate(&ripemd, (byte*)test_ripemd[i].input, - (word32)test_ripemd[i].inLen); - if (ret != 0) { - return -1901 - i; - } - - ret = wc_RipeMdFinal(&ripemd, hash); - if (ret != 0) { - return -1911 - i; - } - - if (XMEMCMP(hash, test_ripemd[i].output, RIPEMD_DIGEST_SIZE) != 0) - return -1921 - i; - } - - return 0; -} -#endif /* WOLFSSL_RIPEMD */ - - -#ifdef HAVE_BLAKE2 - - -#define BLAKE2B_TESTS 3 - -static const byte blake2b_vec[BLAKE2B_TESTS][BLAKE2B_OUTBYTES] = -{ - { - 0x78, 0x6A, 0x02, 0xF7, 0x42, 0x01, 0x59, 0x03, - 0xC6, 0xC6, 0xFD, 0x85, 0x25, 0x52, 0xD2, 0x72, - 0x91, 0x2F, 0x47, 0x40, 0xE1, 0x58, 0x47, 0x61, - 0x8A, 0x86, 0xE2, 0x17, 0xF7, 0x1F, 0x54, 0x19, - 0xD2, 0x5E, 0x10, 0x31, 0xAF, 0xEE, 0x58, 0x53, - 0x13, 0x89, 0x64, 0x44, 0x93, 0x4E, 0xB0, 0x4B, - 0x90, 0x3A, 0x68, 0x5B, 0x14, 0x48, 0xB7, 0x55, - 0xD5, 0x6F, 0x70, 0x1A, 0xFE, 0x9B, 0xE2, 0xCE - }, - { - 0x2F, 0xA3, 0xF6, 0x86, 0xDF, 0x87, 0x69, 0x95, - 0x16, 0x7E, 0x7C, 0x2E, 0x5D, 0x74, 0xC4, 0xC7, - 0xB6, 0xE4, 0x8F, 0x80, 0x68, 0xFE, 0x0E, 0x44, - 0x20, 0x83, 0x44, 0xD4, 0x80, 0xF7, 0x90, 0x4C, - 0x36, 0x96, 0x3E, 0x44, 0x11, 0x5F, 0xE3, 0xEB, - 0x2A, 0x3A, 0xC8, 0x69, 0x4C, 0x28, 0xBC, 0xB4, - 0xF5, 0xA0, 0xF3, 0x27, 0x6F, 0x2E, 0x79, 0x48, - 0x7D, 0x82, 0x19, 0x05, 0x7A, 0x50, 0x6E, 0x4B - }, - { - 0x1C, 0x08, 0x79, 0x8D, 0xC6, 0x41, 0xAB, 0xA9, - 0xDE, 0xE4, 0x35, 0xE2, 0x25, 0x19, 0xA4, 0x72, - 0x9A, 0x09, 0xB2, 0xBF, 0xE0, 0xFF, 0x00, 0xEF, - 0x2D, 0xCD, 0x8E, 0xD6, 0xF8, 0xA0, 0x7D, 0x15, - 0xEA, 0xF4, 0xAE, 0xE5, 0x2B, 0xBF, 0x18, 0xAB, - 0x56, 0x08, 0xA6, 0x19, 0x0F, 0x70, 0xB9, 0x04, - 0x86, 0xC8, 0xA7, 0xD4, 0x87, 0x37, 0x10, 0xB1, - 0x11, 0x5D, 0x3D, 0xEB, 0xBB, 0x43, 0x27, 0xB5 - } -}; - - - -static int blake2b_test(void) -{ - Blake2b b2b; - byte digest[64]; - byte input[64]; - int i, ret; - - for (i = 0; i < (int)sizeof(input); i++) - input[i] = (byte)i; - - for (i = 0; i < BLAKE2B_TESTS; i++) { - ret = wc_InitBlake2b(&b2b, 64); - if (ret != 0) - return -2000 - i; - - ret = wc_Blake2bUpdate(&b2b, input, i); - if (ret != 0) - return -2010 - 1; - - ret = wc_Blake2bFinal(&b2b, digest, 64); - if (ret != 0) - return -2020 - i; - - if (XMEMCMP(digest, blake2b_vec[i], 64) != 0) { - return -2030 - i; - } - } - - return 0; -} -#endif /* HAVE_BLAKE2 */ - -#ifdef HAVE_BLAKE2S - - -#define BLAKE2S_TESTS 3 - -static const byte blake2s_vec[BLAKE2S_TESTS][BLAKE2S_OUTBYTES] = -{ - { - 0x69, 0x21, 0x7a, 0x30, 0x79, 0x90, 0x80, 0x94, - 0xe1, 0x11, 0x21, 0xd0, 0x42, 0x35, 0x4a, 0x7c, - 0x1f, 0x55, 0xb6, 0x48, 0x2c, 0xa1, 0xa5, 0x1e, - 0x1b, 0x25, 0x0d, 0xfd, 0x1e, 0xd0, 0xee, 0xf9, - }, - { - 0xe3, 0x4d, 0x74, 0xdb, 0xaf, 0x4f, 0xf4, 0xc6, - 0xab, 0xd8, 0x71, 0xcc, 0x22, 0x04, 0x51, 0xd2, - 0xea, 0x26, 0x48, 0x84, 0x6c, 0x77, 0x57, 0xfb, - 0xaa, 0xc8, 0x2f, 0xe5, 0x1a, 0xd6, 0x4b, 0xea, - }, - { - 0xdd, 0xad, 0x9a, 0xb1, 0x5d, 0xac, 0x45, 0x49, - 0xba, 0x42, 0xf4, 0x9d, 0x26, 0x24, 0x96, 0xbe, - 0xf6, 0xc0, 0xba, 0xe1, 0xdd, 0x34, 0x2a, 0x88, - 0x08, 0xf8, 0xea, 0x26, 0x7c, 0x6e, 0x21, 0x0c, - } -}; - - - -static int blake2s_test(void) -{ - Blake2s b2s; - byte digest[32]; - byte input[64]; - int i, ret; - - for (i = 0; i < (int)sizeof(input); i++) - input[i] = (byte)i; - - for (i = 0; i < BLAKE2S_TESTS; i++) { - ret = wc_InitBlake2s(&b2s, 32); - if (ret != 0) - return -2100 - i; - - ret = wc_Blake2sUpdate(&b2s, input, i); - if (ret != 0) - return -2110 - 1; - - ret = wc_Blake2sFinal(&b2s, digest, 32); - if (ret != 0) - return -2120 - i; - - if (XMEMCMP(digest, blake2s_vec[i], 32) != 0) { - return -2130 - i; - } - } - - return 0; -} -#endif /* HAVE_BLAKE2S */ - - -#ifdef WOLFSSL_SHA224 -static int sha224_test(void) -{ - wc_Sha224 sha, shaCopy; - byte hash[WC_SHA224_DIGEST_SIZE]; - byte hashcopy[WC_SHA224_DIGEST_SIZE]; - int ret = 0; - - testVector a, b, c; - testVector test_sha[3]; - int times = sizeof(test_sha) / sizeof(struct testVector), i; - - a.input = ""; - a.output = "\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9\x47\x61\x02\xbb\x28\x82\x34" - "\xc4\x15\xa2\xb0\x1f\x82\x8e\xa6\x2a\xc5\xb3\xe4\x2f"; - a.inLen = XSTRLEN(a.input); - a.outLen = WC_SHA224_DIGEST_SIZE; - - b.input = "abc"; - b.output = "\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2\x55" - "\xb3\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_SHA224_DIGEST_SIZE; - - c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; - c.output = "\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01" - "\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25"; - c.inLen = XSTRLEN(c.input); - c.outLen = WC_SHA224_DIGEST_SIZE; - - test_sha[0] = a; - test_sha[1] = b; - test_sha[2] = c; - - ret = wc_InitSha224_ex(&sha, HEAP_HINT, devId); - if (ret != 0) - return -2200; - ret = wc_InitSha224_ex(&shaCopy, HEAP_HINT, devId); - if (ret != 0) { - wc_Sha224Free(&sha); - return -2201; - } - - for (i = 0; i < times; ++i) { - ret = wc_Sha224Update(&sha, (byte*)test_sha[i].input, - (word32)test_sha[i].inLen); - if (ret != 0) - ERROR_OUT(-2202 - i, exit); - ret = wc_Sha224GetHash(&sha, hashcopy); - if (ret != 0) - ERROR_OUT(-2203 - i, exit); - ret = wc_Sha224Copy(&sha, &shaCopy); - if (ret != 0) - ERROR_OUT(-2204 - i, exit); - ret = wc_Sha224Final(&sha, hash); - if (ret != 0) - ERROR_OUT(-2205 - i, exit); - wc_Sha224Free(&shaCopy); - - if (XMEMCMP(hash, test_sha[i].output, WC_SHA224_DIGEST_SIZE) != 0) - ERROR_OUT(-2206 - i, exit); - if (XMEMCMP(hash, hashcopy, WC_SHA224_DIGEST_SIZE) != 0) - ERROR_OUT(-2207 - i, exit); - } - -exit: - wc_Sha224Free(&sha); - wc_Sha224Free(&shaCopy); - - return ret; -} -#endif - - -#ifndef NO_SHA256 -static int sha256_test(void) -{ - wc_Sha256 sha, shaCopy; - byte hash[WC_SHA256_DIGEST_SIZE]; - byte hashcopy[WC_SHA256_DIGEST_SIZE]; - int ret = 0; - - testVector a, b, c; - testVector test_sha[3]; - int times = sizeof(test_sha) / sizeof(struct testVector), i; - - a.input = ""; - a.output = "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14\x9a\xfb\xf4\xc8\x99\x6f\xb9" - "\x24\x27\xae\x41\xe4\x64\x9b\x93\x4c\xa4\x95\x99\x1b\x78\x52" - "\xb8\x55"; - a.inLen = XSTRLEN(a.input); - a.outLen = WC_SHA256_DIGEST_SIZE; - - b.input = "abc"; - b.output = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22" - "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00" - "\x15\xAD"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_SHA256_DIGEST_SIZE; - - c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; - c.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60" - "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB" - "\x06\xC1"; - c.inLen = XSTRLEN(c.input); - c.outLen = WC_SHA256_DIGEST_SIZE; - - test_sha[0] = a; - test_sha[1] = b; - test_sha[2] = c; - - ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId); - if (ret != 0) - return -2300; - ret = wc_InitSha256_ex(&shaCopy, HEAP_HINT, devId); - if (ret != 0) { - wc_Sha256Free(&sha); - return -2301; - } - - for (i = 0; i < times; ++i) { - ret = wc_Sha256Update(&sha, (byte*)test_sha[i].input, - (word32)test_sha[i].inLen); - if (ret != 0) { - ERROR_OUT(-2302 - i, exit); - } - ret = wc_Sha256GetHash(&sha, hashcopy); - if (ret != 0) - ERROR_OUT(-2303 - i, exit); - ret = wc_Sha256Copy(&sha, &shaCopy); - if (ret != 0) - ERROR_OUT(-2304 - i, exit); - ret = wc_Sha256Final(&sha, hash); - if (ret != 0) - ERROR_OUT(-2305 - i, exit); - wc_Sha256Free(&shaCopy); - - if (XMEMCMP(hash, test_sha[i].output, WC_SHA256_DIGEST_SIZE) != 0) - ERROR_OUT(-2306 - i, exit); - if (XMEMCMP(hash, hashcopy, WC_SHA256_DIGEST_SIZE) != 0) - ERROR_OUT(-2307 - i, exit); - } - - /* BEGIN LARGE HASH TEST */ { - byte large_input[1024]; -#ifdef WOLFSSL_RENESAS_TSIP_CRYPT - const char* large_digest = - "\xa4\x75\x9e\x7a\xa2\x03\x38\x32\x88\x66\xa2\xea\x17\xea\xf8\xc7" - "\xfe\x4e\xc6\xbb\xe3\xbb\x71\xce\xe7\xdf\x7c\x04\x61\xb3\xc2\x2f"; -#else - const char* large_digest = - "\x27\x78\x3e\x87\x96\x3a\x4e\xfb\x68\x29\xb5\x31\xc9\xba\x57\xb4" - "\x4f\x45\x79\x7f\x67\x70\xbd\x63\x7f\xbf\x0d\x80\x7c\xbd\xba\xe0"; -#endif - for (i = 0; i < (int)sizeof(large_input); i++) { - large_input[i] = (byte)(i & 0xFF); - } -#ifdef WOLFSSL_RENESAS_TSIP - times = 20; -#else - times = 100; -#endif -#ifdef WOLFSSL_PIC32MZ_HASH - wc_Sha256SizeSet(&sha, times * sizeof(large_input)); -#endif - for (i = 0; i < times; ++i) { - ret = wc_Sha256Update(&sha, (byte*)large_input, - (word32)sizeof(large_input)); - if (ret != 0) - ERROR_OUT(-2308, exit); - } - ret = wc_Sha256Final(&sha, hash); - if (ret != 0) - ERROR_OUT(-2309, exit); - if (XMEMCMP(hash, large_digest, WC_SHA256_DIGEST_SIZE) != 0) - ERROR_OUT(-2310, exit); - } /* END LARGE HASH TEST */ - -exit: - - wc_Sha256Free(&sha); - wc_Sha256Free(&shaCopy); - - return ret; -} -#endif - - -#ifdef WOLFSSL_SHA512 -static int sha512_test(void) -{ - wc_Sha512 sha, shaCopy; - byte hash[WC_SHA512_DIGEST_SIZE]; - byte hashcopy[WC_SHA512_DIGEST_SIZE]; - int ret = 0; - - testVector a, b, c; - testVector test_sha[3]; - int times = sizeof(test_sha) / sizeof(struct testVector), i; - - a.input = ""; - a.output = "\xcf\x83\xe1\x35\x7e\xef\xb8\xbd\xf1\x54\x28\x50\xd6\x6d\x80" - "\x07\xd6\x20\xe4\x05\x0b\x57\x15\xdc\x83\xf4\xa9\x21\xd3\x6c" - "\xe9\xce\x47\xd0\xd1\x3c\x5d\x85\xf2\xb0\xff\x83\x18\xd2\x87" - "\x7e\xec\x2f\x63\xb9\x31\xbd\x47\x41\x7a\x81\xa5\x38\x32\x7a" - "\xf9\x27\xda\x3e"; - a.inLen = XSTRLEN(a.input); - a.outLen = WC_SHA512_DIGEST_SIZE; - - b.input = "abc"; - b.output = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41" - "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55" - "\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3" - "\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f" - "\xa5\x4c\xa4\x9f"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_SHA512_DIGEST_SIZE; - - c.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" - "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; - c.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14" - "\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88" - "\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4" - "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b" - "\x87\x4b\xe9\x09"; - c.inLen = XSTRLEN(c.input); - c.outLen = WC_SHA512_DIGEST_SIZE; - - test_sha[0] = a; - test_sha[1] = b; - test_sha[2] = c; - - ret = wc_InitSha512_ex(&sha, HEAP_HINT, devId); - if (ret != 0) - return -2400; - ret = wc_InitSha512_ex(&shaCopy, HEAP_HINT, devId); - if (ret != 0) { - wc_Sha512Free(&sha); - return -2401; - } - - for (i = 0; i < times; ++i) { - ret = wc_Sha512Update(&sha, (byte*)test_sha[i].input, - (word32)test_sha[i].inLen); - if (ret != 0) - ERROR_OUT(-2402 - i, exit); - ret = wc_Sha512GetHash(&sha, hashcopy); - if (ret != 0) - ERROR_OUT(-2403 - i, exit); - ret = wc_Sha512Copy(&sha, &shaCopy); - if (ret != 0) - ERROR_OUT(-2404 - i, exit); - ret = wc_Sha512Final(&sha, hash); - if (ret != 0) - ERROR_OUT(-2405 - i, exit); - wc_Sha512Free(&shaCopy); - - if (XMEMCMP(hash, test_sha[i].output, WC_SHA512_DIGEST_SIZE) != 0) - ERROR_OUT(-2406 - i, exit); - if (XMEMCMP(hash, hashcopy, WC_SHA512_DIGEST_SIZE) != 0) - ERROR_OUT(-2407 - i, exit); - } - - /* BEGIN LARGE HASH TEST */ { - byte large_input[1024]; - const char* large_digest = - "\x5a\x1f\x73\x90\xbd\x8c\xe4\x63\x54\xce\xa0\x9b\xef\x32\x78\x2d" - "\x2e\xe7\x0d\x5e\x2f\x9d\x15\x1b\xdd\x2d\xde\x65\x0c\x7b\xfa\x83" - "\x5e\x80\x02\x13\x84\xb8\x3f\xff\x71\x62\xb5\x09\x89\x63\xe1\xdc" - "\xa5\xdc\xfc\xfa\x9d\x1a\x4d\xc0\xfa\x3a\x14\xf6\x01\x51\x90\xa4"; - - for (i = 0; i < (int)sizeof(large_input); i++) { - large_input[i] = (byte)(i & 0xFF); - } - times = 100; - for (i = 0; i < times; ++i) { - ret = wc_Sha512Update(&sha, (byte*)large_input, - (word32)sizeof(large_input)); - if (ret != 0) - ERROR_OUT(-2408, exit); - } - ret = wc_Sha512Final(&sha, hash); - if (ret != 0) - ERROR_OUT(-2409, exit); - if (XMEMCMP(hash, large_digest, WC_SHA512_DIGEST_SIZE) != 0) - ERROR_OUT(-2410, exit); - } /* END LARGE HASH TEST */ - -exit: - wc_Sha512Free(&sha); - wc_Sha512Free(&shaCopy); - - return ret; -} -#endif - - -#ifdef WOLFSSL_SHA384 -static int sha384_test(void) -{ - wc_Sha384 sha, shaCopy; - byte hash[WC_SHA384_DIGEST_SIZE]; - byte hashcopy[WC_SHA384_DIGEST_SIZE]; - int ret = 0; - - testVector a, b, c; - testVector test_sha[3]; - int times = sizeof(test_sha) / sizeof(struct testVector), i; - - a.input = ""; - - a.output = "\x38\xb0\x60\xa7\x51\xac\x96\x38\x4c\xd9\x32\x7e\xb1\xb1\xe3" - "\x6a\x21\xfd\xb7\x11\x14\xbe\x07\x43\x4c\x0c\xc7\xbf\x63\xf6" - "\xe1\xda\x27\x4e\xde\xbf\xe7\x6f\x65\xfb\xd5\x1a\xd2\xf1\x48" - "\x98\xb9\x5b"; - a.inLen = XSTRLEN(a.input); - a.outLen = WC_SHA384_DIGEST_SIZE; - - b.input = "abc"; - b.output = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50" - "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff" - "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34" - "\xc8\x25\xa7"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_SHA384_DIGEST_SIZE; - - c.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" - "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; - c.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b" - "\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0" - "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91" - "\x74\x60\x39"; - c.inLen = XSTRLEN(c.input); - c.outLen = WC_SHA384_DIGEST_SIZE; - - test_sha[0] = a; - test_sha[1] = b; - test_sha[2] = c; - - ret = wc_InitSha384_ex(&sha, HEAP_HINT, devId); - if (ret != 0) - return -2500; - ret = wc_InitSha384_ex(&shaCopy, HEAP_HINT, devId); - if (ret != 0) { - wc_Sha384Free(&sha); - return -2501; - } - - for (i = 0; i < times; ++i) { - ret = wc_Sha384Update(&sha, (byte*)test_sha[i].input, - (word32)test_sha[i].inLen); - if (ret != 0) - ERROR_OUT(-2502 - i, exit); - ret = wc_Sha384GetHash(&sha, hashcopy); - if (ret != 0) - ERROR_OUT(-2503 - i, exit); - ret = wc_Sha384Copy(&sha, &shaCopy); - if (ret != 0) - ERROR_OUT(-2504 - i, exit); - ret = wc_Sha384Final(&sha, hash); - if (ret != 0) - ERROR_OUT(-2505 - i, exit); - wc_Sha384Free(&shaCopy); - - if (XMEMCMP(hash, test_sha[i].output, WC_SHA384_DIGEST_SIZE) != 0) - ERROR_OUT(-2506 - i, exit); - if (XMEMCMP(hash, hashcopy, WC_SHA384_DIGEST_SIZE) != 0) - ERROR_OUT(-2507 - i, exit); - } - - /* BEGIN LARGE HASH TEST */ { - byte large_input[1024]; - const char* large_digest = - "\x37\x01\xdb\xff\x1e\x40\x4f\xe1\xe2\xea\x0b\x40\xbb\x3b\x39\x9a" - "\xcc\xe8\x44\x8e\x7e\xe5\x64\xb5\x6b\x7f\x56\x64\xa7\x2b\x84\xe3" - "\xc5\xd7\x79\x03\x25\x90\xf7\xa4\x58\xcb\x97\xa8\x8b\xb1\xa4\x81"; - - for (i = 0; i < (int)sizeof(large_input); i++) { - large_input[i] = (byte)(i & 0xFF); - } - times = 100; - for (i = 0; i < times; ++i) { - ret = wc_Sha384Update(&sha, (byte*)large_input, - (word32)sizeof(large_input)); - if (ret != 0) - ERROR_OUT(-2508, exit); - } - ret = wc_Sha384Final(&sha, hash); - if (ret != 0) - ERROR_OUT(-2509, exit); - if (XMEMCMP(hash, large_digest, WC_SHA384_DIGEST_SIZE) != 0) - ERROR_OUT(-2510, exit); - } /* END LARGE HASH TEST */ - -exit: - - wc_Sha384Free(&sha); - wc_Sha384Free(&shaCopy); - - return ret; -} -#endif /* WOLFSSL_SHA384 */ - -#ifdef WOLFSSL_SHA3 -#ifndef WOLFSSL_NOSHA3_224 -static int sha3_224_test(void) -{ - wc_Sha3 sha; - byte hash[WC_SHA3_224_DIGEST_SIZE]; - byte hashcopy[WC_SHA3_224_DIGEST_SIZE]; - - testVector a, b, c; - testVector test_sha[3]; - int ret = 0; - int times = sizeof(test_sha) / sizeof(struct testVector), i; - - a.input = ""; - a.output = "\x6b\x4e\x03\x42\x36\x67\xdb\xb7\x3b\x6e\x15\x45\x4f\x0e\xb1" - "\xab\xd4\x59\x7f\x9a\x1b\x07\x8e\x3f\x5b\x5a\x6b\xc7"; - a.inLen = XSTRLEN(a.input); - a.outLen = WC_SHA3_224_DIGEST_SIZE; - - b.input = "abc"; - b.output = "\xe6\x42\x82\x4c\x3f\x8c\xf2\x4a\xd0\x92\x34\xee\x7d\x3c\x76" - "\x6f\xc9\xa3\xa5\x16\x8d\x0c\x94\xad\x73\xb4\x6f\xdf"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_SHA3_224_DIGEST_SIZE; - - c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; - c.output = "\x8a\x24\x10\x8b\x15\x4a\xda\x21\xc9\xfd\x55\x74\x49\x44\x79" - "\xba\x5c\x7e\x7a\xb7\x6e\xf2\x64\xea\xd0\xfc\xce\x33"; - c.inLen = XSTRLEN(c.input); - c.outLen = WC_SHA3_224_DIGEST_SIZE; - - test_sha[0] = a; - test_sha[1] = b; - test_sha[2] = c; - - ret = wc_InitSha3_224(&sha, HEAP_HINT, devId); - if (ret != 0) - return -2600; - - for (i = 0; i < times; ++i) { - ret = wc_Sha3_224_Update(&sha, (byte*)test_sha[i].input, - (word32)test_sha[i].inLen); - if (ret != 0) - ERROR_OUT(-2601 - i, exit); - ret = wc_Sha3_224_GetHash(&sha, hashcopy); - if (ret != 0) - ERROR_OUT(-2602 - i, exit); - ret = wc_Sha3_224_Final(&sha, hash); - if (ret != 0) - ERROR_OUT(-2603 - i, exit); - - if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_224_DIGEST_SIZE) != 0) - ERROR_OUT(-2604 - i, exit); - if (XMEMCMP(hash, hashcopy, WC_SHA3_224_DIGEST_SIZE) != 0) - ERROR_OUT(-2605 - i, exit); - } - - /* BEGIN LARGE HASH TEST */ { - byte large_input[1024]; - const char* large_digest = - "\x13\xe5\xd3\x98\x7b\x94\xda\x41\x12\xc7\x1e\x92\x3a\x19" - "\x21\x20\x86\x6f\x24\xbf\x0a\x31\xbc\xfd\xd6\x70\x36\xf3"; - - for (i = 0; i < (int)sizeof(large_input); i++) { - large_input[i] = (byte)(i & 0xFF); - } - times = 100; - for (i = 0; i < times; ++i) { - ret = wc_Sha3_224_Update(&sha, (byte*)large_input, - (word32)sizeof(large_input)); - if (ret != 0) - ERROR_OUT(-2606, exit); - } - ret = wc_Sha3_224_Final(&sha, hash); - if (ret != 0) - ERROR_OUT(-2607, exit); - if (XMEMCMP(hash, large_digest, WC_SHA3_224_DIGEST_SIZE) != 0) - ERROR_OUT(-2608, exit); - } /* END LARGE HASH TEST */ - -exit: - wc_Sha3_224_Free(&sha); - - return ret; -} -#endif /* WOLFSSL_NOSHA3_224 */ - -#ifndef WOLFSSL_NOSHA3_256 -static int sha3_256_test(void) -{ - wc_Sha3 sha; - byte hash[WC_SHA3_256_DIGEST_SIZE]; - byte hashcopy[WC_SHA3_256_DIGEST_SIZE]; - - testVector a, b, c; - testVector test_sha[3]; - int ret = 0; - int times = sizeof(test_sha) / sizeof(struct testVector), i; - - byte large_input[1024]; - const char* large_digest = - "\xdc\x90\xc0\xb1\x25\xdb\x2c\x34\x81\xa3\xff\xbc\x1e\x2e\x87\xeb" - "\x6d\x70\x85\x61\xe0\xe9\x63\x61\xff\xe5\x84\x4b\x1f\x68\x05\x15"; - -#if defined(WOLFSSL_HASH_FLAGS) && !defined(WOLFSSL_ASYNC_CRYPT) - /* test vector with hash of empty string */ - const char* Keccak256EmptyOut = - "\xc5\xd2\x46\x01\x86\xf7\x23\x3c\x92\x7e\x7d\xb2\xdc\xc7\x03\xc0" - "\xe5\x00\xb6\x53\xca\x82\x27\x3b\x7b\xfa\xd8\x04\x5d\x85\xa4\x70"; -#endif - - a.input = ""; - a.output = "\xa7\xff\xc6\xf8\xbf\x1e\xd7\x66\x51\xc1\x47\x56\xa0\x61\xd6" - "\x62\xf5\x80\xff\x4d\xe4\x3b\x49\xfa\x82\xd8\x0a\x4b\x80\xf8" - "\x43\x4a"; - a.inLen = XSTRLEN(a.input); - a.outLen = WC_SHA3_256_DIGEST_SIZE; - - b.input = "abc"; - b.output = "\x3a\x98\x5d\xa7\x4f\xe2\x25\xb2\x04\x5c\x17\x2d\x6b\xd3\x90" - "\xbd\x85\x5f\x08\x6e\x3e\x9d\x52\x5b\x46\xbf\xe2\x45\x11\x43" - "\x15\x32"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_SHA3_256_DIGEST_SIZE; - - c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; - c.output = "\x41\xc0\xdb\xa2\xa9\xd6\x24\x08\x49\x10\x03\x76\xa8\x23\x5e" - "\x2c\x82\xe1\xb9\x99\x8a\x99\x9e\x21\xdb\x32\xdd\x97\x49\x6d" - "\x33\x76"; - c.inLen = XSTRLEN(c.input); - c.outLen = WC_SHA3_256_DIGEST_SIZE; - - test_sha[0] = a; - test_sha[1] = b; - test_sha[2] = c; - - ret = wc_InitSha3_256(&sha, HEAP_HINT, devId); - if (ret != 0) - return -2700; - - for (i = 0; i < times; ++i) { - ret = wc_Sha3_256_Update(&sha, (byte*)test_sha[i].input, - (word32)test_sha[i].inLen); - if (ret != 0) - ERROR_OUT(-2701 - i, exit); - ret = wc_Sha3_256_GetHash(&sha, hashcopy); - if (ret != 0) - ERROR_OUT(-2702 - i, exit); - ret = wc_Sha3_256_Final(&sha, hash); - if (ret != 0) - ERROR_OUT(-2703 - i, exit); - - if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_256_DIGEST_SIZE) != 0) - ERROR_OUT(-2704 - i, exit); - if (XMEMCMP(hash, hashcopy, WC_SHA3_256_DIGEST_SIZE) != 0) - ERROR_OUT(-2705 - i, exit); - } - - /* BEGIN LARGE HASH TEST */ { - for (i = 0; i < (int)sizeof(large_input); i++) { - large_input[i] = (byte)(i & 0xFF); - } - times = 100; - for (i = 0; i < times; ++i) { - ret = wc_Sha3_256_Update(&sha, (byte*)large_input, - (word32)sizeof(large_input)); - if (ret != 0) - ERROR_OUT(-2706, exit); - } - ret = wc_Sha3_256_Final(&sha, hash); - if (ret != 0) - ERROR_OUT(-2707, exit); - if (XMEMCMP(hash, large_digest, WC_SHA3_256_DIGEST_SIZE) != 0) - ERROR_OUT(-2708, exit); - } /* END LARGE HASH TEST */ - - /* this is a software only variant of SHA3 not supported by external hardware devices */ -#if defined(WOLFSSL_HASH_FLAGS) && !defined(WOLFSSL_ASYNC_CRYPT) - /* Test for Keccak256 */ - ret = wc_Sha3_SetFlags(&sha, WC_HASH_SHA3_KECCAK256); - if (ret != 0) { - ERROR_OUT(-2709, exit); - } - ret = wc_Sha3_256_Update(&sha, (byte*)"", 0); - if (ret != 0) { - ERROR_OUT(-2710, exit); - } - ret = wc_Sha3_256_Final(&sha, hash); - if (ret != 0) { - ERROR_OUT(-2711, exit); - } - if (XMEMCMP(hash, Keccak256EmptyOut, WC_SHA3_256_DIGEST_SIZE) != 0) { - ERROR_OUT(-2712, exit); - } -#endif /* WOLFSSL_HASH_FLAGS && !WOLFSSL_ASYNC_CRYPT */ - -exit: - wc_Sha3_256_Free(&sha); - - return ret; -} -#endif /* WOLFSSL_NOSHA3_256 */ - -#ifndef WOLFSSL_NOSHA3_384 -static int sha3_384_test(void) -{ - wc_Sha3 sha; - byte hash[WC_SHA3_384_DIGEST_SIZE]; -#ifndef NO_INTM_HASH_TEST - byte hashcopy[WC_SHA3_384_DIGEST_SIZE]; -#endif - - testVector a, b, c; - testVector test_sha[3]; - int ret; - int times = sizeof(test_sha) / sizeof(struct testVector), i; - - a.input = ""; - a.output = "\x0c\x63\xa7\x5b\x84\x5e\x4f\x7d\x01\x10\x7d\x85\x2e\x4c\x24" - "\x85\xc5\x1a\x50\xaa\xaa\x94\xfc\x61\x99\x5e\x71\xbb\xee\x98" - "\x3a\x2a\xc3\x71\x38\x31\x26\x4a\xdb\x47\xfb\x6b\xd1\xe0\x58" - "\xd5\xf0\x04"; - a.inLen = XSTRLEN(a.input); - a.outLen = WC_SHA3_384_DIGEST_SIZE; - -#if defined(WOLFSSL_AFALG_XILINX_SHA3) || defined(WOLFSSL_XILINX_CRYPT) - /* NIST test vector with a length that is a multiple of 4 */ - b.input = "\x7d\x80\xb1\x60\xc4\xb5\x36\xa3\xbe\xb7\x99\x80\x59\x93\x44" - "\x04\x7c\x5f\x82\xa1\xdf\xc3\xee\xd4"; - b.output = "\x04\x1c\xc5\x86\x1b\xa3\x34\x56\x3c\x61\xd4\xef\x97\x10\xd4" - "\x89\x6c\x31\x1c\x92\xed\xbe\x0d\x7c\xd5\x3e\x80\x3b\xf2\xf4" - "\xeb\x60\x57\x23\x55\x70\x77\x0c\xe8\x7c\x55\x20\xd7\xec\x14" - "\x19\x87\x22"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_SHA3_384_DIGEST_SIZE; -#else - b.input = "abc"; - b.output = "\xec\x01\x49\x82\x88\x51\x6f\xc9\x26\x45\x9f\x58\xe2\xc6\xad" - "\x8d\xf9\xb4\x73\xcb\x0f\xc0\x8c\x25\x96\xda\x7c\xf0\xe4\x9b" - "\xe4\xb2\x98\xd8\x8c\xea\x92\x7a\xc7\xf5\x39\xf1\xed\xf2\x28" - "\x37\x6d\x25"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_SHA3_384_DIGEST_SIZE; -#endif - c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; - c.output = "\x99\x1c\x66\x57\x55\xeb\x3a\x4b\x6b\xbd\xfb\x75\xc7\x8a\x49" - "\x2e\x8c\x56\xa2\x2c\x5c\x4d\x7e\x42\x9b\xfd\xbc\x32\xb9\xd4" - "\xad\x5a\xa0\x4a\x1f\x07\x6e\x62\xfe\xa1\x9e\xef\x51\xac\xd0" - "\x65\x7c\x22"; - c.inLen = XSTRLEN(c.input); - c.outLen = WC_SHA3_384_DIGEST_SIZE; - -#ifdef WOLFSSL_XILINX_CRYPT - test_sha[0] = b; /* hardware acc. can not handle "" string */ -#else - test_sha[0] = a; -#endif - test_sha[1] = b; - test_sha[2] = c; - - ret = wc_InitSha3_384(&sha, HEAP_HINT, devId); - if (ret != 0) - return -2800; - - for (i = 0; i < times; ++i) { - ret = wc_Sha3_384_Update(&sha, (byte*)test_sha[i].input, - (word32)test_sha[i].inLen); - if (ret != 0) - ERROR_OUT(-2801 - i, exit); - #ifndef NO_INTM_HASH_TEST - ret = wc_Sha3_384_GetHash(&sha, hashcopy); - if (ret != 0) - ERROR_OUT(-2802 - i, exit); - #endif - ret = wc_Sha3_384_Final(&sha, hash); - if (ret != 0) - ERROR_OUT(-2803 - i, exit); - - if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_384_DIGEST_SIZE) != 0) - ERROR_OUT(-2804 - i, exit); - #ifndef NO_INTM_HASH_TEST - if (XMEMCMP(hash, hashcopy, WC_SHA3_384_DIGEST_SIZE) != 0) - ERROR_OUT(-2805 - i, exit); - #endif - } - - /* BEGIN LARGE HASH TEST */ { - byte large_input[1024]; - const char* large_digest = - "\x30\x44\xec\x17\xef\x47\x9f\x55\x36\x11\xd6\x3f\x8a\x31\x5a\x71" - "\x8a\x71\xa7\x1d\x8e\x84\xe8\x6c\x24\x02\x2f\x7a\x08\x4e\xea\xd7" - "\x42\x36\x5d\xa8\xc2\xb7\x42\xad\xec\x19\xfb\xca\xc6\x64\xb3\xa4"; - - for (i = 0; i < (int)sizeof(large_input); i++) { - large_input[i] = (byte)(i & 0xFF); - } - times = 100; - for (i = 0; i < times; ++i) { - ret = wc_Sha3_384_Update(&sha, (byte*)large_input, - (word32)sizeof(large_input)); - if (ret != 0) - ERROR_OUT(-2806, exit); - } - ret = wc_Sha3_384_Final(&sha, hash); - if (ret != 0) - ERROR_OUT(-2807, exit); - if (XMEMCMP(hash, large_digest, WC_SHA3_384_DIGEST_SIZE) != 0) - ERROR_OUT(-2808, exit); - } /* END LARGE HASH TEST */ - -exit: - wc_Sha3_384_Free(&sha); - - return ret; -} -#endif /* WOLFSSL_NOSHA3_384 */ - -#ifndef WOLFSSL_NOSHA3_512 -static int sha3_512_test(void) -{ - wc_Sha3 sha; - byte hash[WC_SHA3_512_DIGEST_SIZE]; - byte hashcopy[WC_SHA3_512_DIGEST_SIZE]; - - testVector a, b, c; - testVector test_sha[3]; - int ret; - int times = sizeof(test_sha) / sizeof(struct testVector), i; - - a.input = ""; - a.output = "\xa6\x9f\x73\xcc\xa2\x3a\x9a\xc5\xc8\xb5\x67\xdc\x18\x5a\x75" - "\x6e\x97\xc9\x82\x16\x4f\xe2\x58\x59\xe0\xd1\xdc\xc1\x47\x5c" - "\x80\xa6\x15\xb2\x12\x3a\xf1\xf5\xf9\x4c\x11\xe3\xe9\x40\x2c" - "\x3a\xc5\x58\xf5\x00\x19\x9d\x95\xb6\xd3\xe3\x01\x75\x85\x86" - "\x28\x1d\xcd\x26"; - a.inLen = XSTRLEN(a.input); - a.outLen = WC_SHA3_512_DIGEST_SIZE; - - b.input = "abc"; - b.output = "\xb7\x51\x85\x0b\x1a\x57\x16\x8a\x56\x93\xcd\x92\x4b\x6b\x09" - "\x6e\x08\xf6\x21\x82\x74\x44\xf7\x0d\x88\x4f\x5d\x02\x40\xd2" - "\x71\x2e\x10\xe1\x16\xe9\x19\x2a\xf3\xc9\x1a\x7e\xc5\x76\x47" - "\xe3\x93\x40\x57\x34\x0b\x4c\xf4\x08\xd5\xa5\x65\x92\xf8\x27" - "\x4e\xec\x53\xf0"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_SHA3_512_DIGEST_SIZE; - - c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; - c.output = "\x04\xa3\x71\xe8\x4e\xcf\xb5\xb8\xb7\x7c\xb4\x86\x10\xfc\xa8" - "\x18\x2d\xd4\x57\xce\x6f\x32\x6a\x0f\xd3\xd7\xec\x2f\x1e\x91" - "\x63\x6d\xee\x69\x1f\xbe\x0c\x98\x53\x02\xba\x1b\x0d\x8d\xc7" - "\x8c\x08\x63\x46\xb5\x33\xb4\x9c\x03\x0d\x99\xa2\x7d\xaf\x11" - "\x39\xd6\xe7\x5e"; - c.inLen = XSTRLEN(c.input); - c.outLen = WC_SHA3_512_DIGEST_SIZE; - - test_sha[0] = a; - test_sha[1] = b; - test_sha[2] = c; - - ret = wc_InitSha3_512(&sha, HEAP_HINT, devId); - if (ret != 0) - return -2900; - - for (i = 0; i < times; ++i) { - ret = wc_Sha3_512_Update(&sha, (byte*)test_sha[i].input, - (word32)test_sha[i].inLen); - if (ret != 0) - ERROR_OUT(-2901 - i, exit); - ret = wc_Sha3_512_GetHash(&sha, hashcopy); - if (ret != 0) - ERROR_OUT(-2902 - i, exit); - ret = wc_Sha3_512_Final(&sha, hash); - if (ret != 0) - ERROR_OUT(-2903 - i, exit); - - if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_512_DIGEST_SIZE) != 0) - ERROR_OUT(-2904 - i, exit); - if (XMEMCMP(hash, hashcopy, WC_SHA3_512_DIGEST_SIZE) != 0) - ERROR_OUT(-2905 - i, exit); - } - - /* BEGIN LARGE HASH TEST */ { - byte large_input[1024]; - const char* large_digest = - "\x9c\x13\x26\xb6\x26\xb2\x94\x31\xbc\xf4\x34\xe9\x6f\xf2\xd6\x29" - "\x9a\xd0\x9b\x32\x63\x2f\x18\xa7\x5f\x23\xc9\x60\xc2\x32\x0c\xbc" - "\x57\x77\x33\xf1\x83\x81\x8a\xd3\x15\x7c\x93\xdc\x80\x9f\xed\x61" - "\x41\xa7\x5b\xfd\x32\x0e\x38\x15\xb0\x46\x3b\x7a\x4f\xfd\x44\x88"; - - for (i = 0; i < (int)sizeof(large_input); i++) { - large_input[i] = (byte)(i & 0xFF); - } - times = 100; - for (i = 0; i < times; ++i) { - ret = wc_Sha3_512_Update(&sha, (byte*)large_input, - (word32)sizeof(large_input)); - if (ret != 0) - ERROR_OUT(-2906, exit); - } - ret = wc_Sha3_512_Final(&sha, hash); - if (ret != 0) - ERROR_OUT(-2907, exit); - if (XMEMCMP(hash, large_digest, WC_SHA3_512_DIGEST_SIZE) != 0) - ERROR_OUT(-2908, exit); - } /* END LARGE HASH TEST */ - -exit: - wc_Sha3_512_Free(&sha); - - return ret; -} -#endif /* WOLFSSL_NOSHA3_512 */ - -static int sha3_test(void) -{ - int ret; - - (void)ret; - -#ifndef WOLFSSL_NOSHA3_224 - if ((ret = sha3_224_test()) != 0) - return ret; -#endif -#ifndef WOLFSSL_NOSHA3_256 - if ((ret = sha3_256_test()) != 0) - return ret; -#endif -#ifndef WOLFSSL_NOSHA3_384 - if ((ret = sha3_384_test()) != 0) - return ret; -#endif -#ifndef WOLFSSL_NOSHA3_512 - if ((ret = sha3_512_test()) != 0) - return ret; -#endif - - return 0; -} -#endif /* WOLFSSL_SHA3 */ - -#ifdef WOLFSSL_SHAKE256 -static int shake256_test(void) -{ -#ifndef WOLFSSL_NO_SHAKE256 - wc_Shake sha; - byte hash[114]; - - testVector a, b, c; - testVector test_sha[3]; - int ret = 0; - int times = sizeof(test_sha) / sizeof(struct testVector), i; - - byte large_input[1024]; - const char* large_digest = - "\x90\x32\x4a\xcc\xd1\xdf\xb8\x0b\x79\x1f\xb8\xc8\x5b\x54\xc8\xe7" - "\x45\xf5\x60\x6b\x38\x26\xb2\x0a\xee\x38\x01\xf3\xd9\xfa\x96\x9f" - "\x6a\xd7\x15\xdf\xb6\xc2\xf4\x20\x33\x44\x55\xe8\x2a\x09\x2b\x68" - "\x2e\x18\x65\x5e\x65\x93\x28\xbc\xb1\x9e\xe2\xb1\x92\xea\x98\xac" - "\x21\xef\x4c\xe1\xb4\xb7\xbe\x81\x5c\x1d\xd3\xb7\x17\xe5\xbb\xc5" - "\x8c\x68\xb7\xfb\xac\x55\x8a\x9b\x4d\x91\xe4\x9f\x72\xbb\x6e\x38" - "\xaf\x21\x7d\x21\xaa\x98\x4e\x75\xc4\xb4\x1c\x7c\x50\x45\x54\xf9" - "\xea\x26"; - - a.input = ""; - a.output = "\x46\xb9\xdd\x2b\x0b\xa8\x8d\x13\x23\x3b\x3f\xeb\x74\x3e\xeb" - "\x24\x3f\xcd\x52\xea\x62\xb8\x1b\x82\xb5\x0c\x27\x64\x6e\xd5" - "\x76\x2f\xd7\x5d\xc4\xdd\xd8\xc0\xf2\x00\xcb\x05\x01\x9d\x67" - "\xb5\x92\xf6\xfc\x82\x1c\x49\x47\x9a\xb4\x86\x40\x29\x2e\xac" - "\xb3\xb7\xc4\xbe\x14\x1e\x96\x61\x6f\xb1\x39\x57\x69\x2c\xc7" - "\xed\xd0\xb4\x5a\xe3\xdc\x07\x22\x3c\x8e\x92\x93\x7b\xef\x84" - "\xbc\x0e\xab\x86\x28\x53\x34\x9e\xc7\x55\x46\xf5\x8f\xb7\xc2" - "\x77\x5c\x38\x46\x2c\x50\x10\xd8\x46"; - a.inLen = XSTRLEN(a.input); - a.outLen = sizeof(hash); - - b.input = "abc"; - b.output = "\x48\x33\x66\x60\x13\x60\xa8\x77\x1c\x68\x63\x08\x0c\xc4\x11" - "\x4d\x8d\xb4\x45\x30\xf8\xf1\xe1\xee\x4f\x94\xea\x37\xe7\x8b" - "\x57\x39\xd5\xa1\x5b\xef\x18\x6a\x53\x86\xc7\x57\x44\xc0\x52" - "\x7e\x1f\xaa\x9f\x87\x26\xe4\x62\xa1\x2a\x4f\xeb\x06\xbd\x88" - "\x01\xe7\x51\xe4\x13\x85\x14\x12\x04\xf3\x29\x97\x9f\xd3\x04" - "\x7a\x13\xc5\x65\x77\x24\xad\xa6\x4d\x24\x70\x15\x7b\x3c\xdc" - "\x28\x86\x20\x94\x4d\x78\xdb\xcd\xdb\xd9\x12\x99\x3f\x09\x13" - "\xf1\x64\xfb\x2c\xe9\x51\x31\xa2\xd0"; - b.inLen = XSTRLEN(b.input); - b.outLen = sizeof(hash); - - c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; - c.output = "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f\x6f\x87" - "\x13\x3a\x79\x11\xe1\x8d\x97\x9e\xe1\xae\x6b\xe5\xd4\xfd\x2e" - "\x33\x29\x40\xd8\x68\x8a\x4e\x6a\x59\xaa\x80\x60\xf1\xf9\xbc" - "\x99\x6c\x05\xac\xa3\xc6\x96\xa8\xb6\x62\x79\xdc\x67\x2c\x74" - "\x0b\xb2\x24\xec\x37\xa9\x2b\x65\xdb\x05\x39\xc0\x20\x34\x55" - "\xf5\x1d\x97\xcc\xe4\xcf\xc4\x91\x27\xd7\x26\x0a\xfc\x67\x3a" - "\xf2\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67\x60" - "\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4"; - c.inLen = XSTRLEN(c.input); - c.outLen = sizeof(hash); - - test_sha[0] = a; - test_sha[1] = b; - test_sha[2] = c; - - ret = wc_InitShake256(&sha, HEAP_HINT, devId); - if (ret != 0) - return -3100; - - for (i = 0; i < times; ++i) { - ret = wc_Shake256_Update(&sha, (byte*)test_sha[i].input, - (word32)test_sha[i].inLen); - if (ret != 0) - ERROR_OUT(-3101 - i, exit); - ret = wc_Shake256_Final(&sha, hash, (word32)test_sha[i].outLen); - if (ret != 0) - ERROR_OUT(-3102 - i, exit); - - if (XMEMCMP(hash, test_sha[i].output, test_sha[i].outLen) != 0) - ERROR_OUT(-3103 - i, exit); - } - - /* BEGIN LARGE HASH TEST */ { - for (i = 0; i < (int)sizeof(large_input); i++) { - large_input[i] = (byte)(i & 0xFF); - } - times = 100; - for (i = 0; i < times; ++i) { - ret = wc_Shake256_Update(&sha, (byte*)large_input, - (word32)sizeof(large_input)); - if (ret != 0) - ERROR_OUT(-3104, exit); - } - ret = wc_Shake256_Final(&sha, hash, (word32)sizeof(hash)); - if (ret != 0) - ERROR_OUT(-3105, exit); - if (XMEMCMP(hash, large_digest, sizeof(hash)) != 0) - ERROR_OUT(-3106, exit); - } /* END LARGE HASH TEST */ - -exit: - wc_Shake256_Free(&sha); - - return ret; -#else - return 0; -#endif -} -#endif - - -static int hash_test(void) -{ - wc_HashAlg hash; - int ret, exp_ret; - int i, j; - int digestSz; - byte data[] = "0123456789abcdef0123456789abcdef0123456"; - byte out[WC_MAX_DIGEST_SIZE]; - byte hashOut[WC_MAX_DIGEST_SIZE]; -#if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) - enum wc_HashType hashType; -#endif - enum wc_HashType typesGood[] = { WC_HASH_TYPE_MD5, WC_HASH_TYPE_SHA, - WC_HASH_TYPE_SHA224, WC_HASH_TYPE_SHA256, - WC_HASH_TYPE_SHA384, WC_HASH_TYPE_SHA512, - WC_HASH_TYPE_SHA3_224, - WC_HASH_TYPE_SHA3_256, - WC_HASH_TYPE_SHA3_384, - WC_HASH_TYPE_SHA3_512 }; - enum wc_HashType typesNoImpl[] = { -#ifdef NO_MD5 - WC_HASH_TYPE_MD5, -#endif -#ifdef NO_SHA - WC_HASH_TYPE_SHA, -#endif -#ifndef WOLFSSL_SHA224 - WC_HASH_TYPE_SHA224, -#endif -#ifdef NO_SHA256 - WC_HASH_TYPE_SHA256, -#endif -#ifndef WOLFSSL_SHA384 - WC_HASH_TYPE_SHA384, -#endif -#ifndef WOLFSSL_SHA512 - WC_HASH_TYPE_SHA512, -#endif -#if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_224) - WC_HASH_TYPE_SHA3_224, -#endif -#if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_256) - WC_HASH_TYPE_SHA3_256, -#endif -#if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_384) - WC_HASH_TYPE_SHA3_384, -#endif -#if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_512) - WC_HASH_TYPE_SHA3_512, -#endif - WC_HASH_TYPE_NONE - }; - enum wc_HashType typesBad[] = { WC_HASH_TYPE_NONE, WC_HASH_TYPE_MD5_SHA, - WC_HASH_TYPE_MD2, WC_HASH_TYPE_MD4 }; - enum wc_HashType typesHashBad[] = { WC_HASH_TYPE_MD2, WC_HASH_TYPE_MD4, - WC_HASH_TYPE_BLAKE2B, - WC_HASH_TYPE_NONE }; - - /* Parameter Validation testing. */ - ret = wc_HashInit(NULL, WC_HASH_TYPE_SHA256); - if (ret != BAD_FUNC_ARG) - return -3200; - ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, NULL, sizeof(data)); - if (ret != BAD_FUNC_ARG) - return -3201; - ret = wc_HashUpdate(&hash, WC_HASH_TYPE_SHA256, NULL, sizeof(data)); - if (ret != BAD_FUNC_ARG) - return -3202; - ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, data, sizeof(data)); - if (ret != BAD_FUNC_ARG) - return -3203; - ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, NULL); - if (ret != BAD_FUNC_ARG) - return -3204; - ret = wc_HashFinal(&hash, WC_HASH_TYPE_SHA256, NULL); - if (ret != BAD_FUNC_ARG) - return -3205; - ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, out); - if (ret != BAD_FUNC_ARG) - return -3206; - - /* Try invalid hash algorithms. */ - for (i = 0; i < (int)(sizeof(typesBad)/sizeof(*typesBad)); i++) { - ret = wc_HashInit(&hash, typesBad[i]); - if (ret != BAD_FUNC_ARG) - return -3207 - i; - ret = wc_HashUpdate(&hash, typesBad[i], data, sizeof(data)); - if (ret != BAD_FUNC_ARG) - return -3217 - i; - ret = wc_HashFinal(&hash, typesBad[i], out); - if (ret != BAD_FUNC_ARG) - return -3227 - i; - wc_HashFree(&hash, typesBad[i]); - } - - /* Try valid hash algorithms. */ - for (i = 0, j = 0; i < (int)(sizeof(typesGood)/sizeof(*typesGood)); i++) { - exp_ret = 0; - if (typesGood[i] == typesNoImpl[j]) { - /* Recognized but no implementation compiled in. */ - exp_ret = HASH_TYPE_E; - j++; - } - ret = wc_HashInit(&hash, typesGood[i]); - if (ret != exp_ret) - return -3237 - i; - ret = wc_HashUpdate(&hash, typesGood[i], data, sizeof(data)); - if (ret != exp_ret) - return -3247 - i; - ret = wc_HashFinal(&hash, typesGood[i], out); - if (ret != exp_ret) - return -3257 - i; - wc_HashFree(&hash, typesGood[i]); - - digestSz = wc_HashGetDigestSize(typesGood[i]); - if (exp_ret < 0 && digestSz != exp_ret) - return -3267 - i; - if (exp_ret == 0 && digestSz < 0) - return -3277 - i; - if (exp_ret == 0) { - ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut, - digestSz - 1); - if (ret != BUFFER_E) - return -3287 - i; - } - ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut, digestSz); - if (ret != exp_ret) - return -3297 - i; - if (exp_ret == 0 && XMEMCMP(out, hashOut, digestSz) != 0) - return -3307 -i; - - ret = wc_HashGetBlockSize(typesGood[i]); - if (exp_ret < 0 && ret != exp_ret) - return -3308 - i; - if (exp_ret == 0 && ret < 0) - return -3318 - i; - -#if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) - ret = wc_HashGetOID(typesGood[i]); - if (ret == BAD_FUNC_ARG || - (exp_ret == 0 && ret == HASH_TYPE_E) || - (exp_ret != 0 && ret != HASH_TYPE_E)) { - return -3328 - i; - } - - hashType = wc_OidGetHash(ret); - if (exp_ret == 0 && hashType != typesGood[i]) - return -3348 - i; -#endif /* !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) */ - } - - for (i = 0; i < (int)(sizeof(typesHashBad)/sizeof(*typesHashBad)); i++) { - ret = wc_Hash(typesHashBad[i], data, sizeof(data), out, sizeof(out)); - if (ret != BAD_FUNC_ARG && ret != BUFFER_E) - return -3358 - i; - } - -#if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) - ret = wc_HashGetOID(WC_HASH_TYPE_MD2); -#ifdef WOLFSSL_MD2 - if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) - return -3368; -#else - if (ret != HASH_TYPE_E) - return -3369; -#endif - hashType = wc_OidGetHash(646); /* Md2h */ -#ifdef WOLFSSL_MD2 - if (hashType != WC_HASH_TYPE_MD2) - return -3370; -#else - if (hashType != WC_HASH_TYPE_NONE) - return -3371; -#endif - - ret = wc_HashGetOID(WC_HASH_TYPE_MD5_SHA); -#ifndef NO_MD5 - if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) - return -3372; -#else - if (ret != HASH_TYPE_E) - return -3373; -#endif - ret = wc_HashGetOID(WC_HASH_TYPE_MD4); - if (ret != BAD_FUNC_ARG) - return -3374; - ret = wc_HashGetOID(WC_HASH_TYPE_NONE); - if (ret != BAD_FUNC_ARG) - return -3375; - - hashType = wc_OidGetHash(0); - if (hashType != WC_HASH_TYPE_NONE) - return -3376; -#endif /* !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) */ - - ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD2); -#ifdef WOLFSSL_MD2 - if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) - return -3377; -#else - if (ret != HASH_TYPE_E) - return -3378; -#endif - ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD2); -#ifdef WOLFSSL_MD2 - if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) - return -3379; -#else - if (ret != HASH_TYPE_E) - return -3380; -#endif - - ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD4); -#ifndef NO_MD4 - if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) - return -3381; -#else - if (ret != HASH_TYPE_E) - return -3382; -#endif - ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD4); -#ifndef NO_MD4 - if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) - return -3383; -#else - if (ret != HASH_TYPE_E) - return -3384; -#endif - ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD5_SHA); -#if !defined(NO_MD5) && !defined(NO_SHA) - if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) - return -3385; -#else - if (ret != HASH_TYPE_E) - return -3386; -#endif - - ret = wc_HashGetBlockSize(WC_HASH_TYPE_BLAKE2B); -#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S) - if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) - return -3387; -#else - if (ret != HASH_TYPE_E) - return -3388; -#endif - ret = wc_HashGetDigestSize(WC_HASH_TYPE_BLAKE2B); -#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S) - if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) - return -3389; -#else - if (ret != HASH_TYPE_E) - return -3390; -#endif - - ret = wc_HashGetBlockSize(WC_HASH_TYPE_NONE); - if (ret != BAD_FUNC_ARG) - return -3391; - ret = wc_HashGetDigestSize(WC_HASH_TYPE_NONE); - if (ret != BAD_FUNC_ARG) - return -3392; - -#ifndef NO_CERTS -#if defined(WOLFSSL_MD2) && !defined(HAVE_SELFTEST) - ret = wc_GetCTC_HashOID(MD2); - if (ret == 0) - return -3393; -#endif -#ifndef NO_MD5 - ret = wc_GetCTC_HashOID(WC_MD5); - if (ret == 0) - return -3394; -#endif -#ifndef NO_SHA - ret = wc_GetCTC_HashOID(WC_SHA); - if (ret == 0) - return -3395; -#endif -#ifdef WOLFSSL_SHA224 - ret = wc_GetCTC_HashOID(WC_SHA224); - if (ret == 0) - return -3396; -#endif -#ifndef NO_SHA256 - ret = wc_GetCTC_HashOID(WC_SHA256); - if (ret == 0) - return -3397; -#endif -#ifdef WOLFSSL_SHA384 - ret = wc_GetCTC_HashOID(WC_SHA384); - if (ret == 0) - return -3398; -#endif -#ifdef WOLFSSL_SHA512 - ret = wc_GetCTC_HashOID(WC_SHA512); - if (ret == 0) - return -3399; -#endif - ret = wc_GetCTC_HashOID(-1); - if (ret != 0) - return -3400; -#endif - - return 0; -} - -#if !defined(NO_HMAC) && !defined(NO_MD5) -static int hmac_md5_test(void) -{ - Hmac hmac; - byte hash[WC_MD5_DIGEST_SIZE]; - - const char* keys[]= - { - "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", - "Jefe", - "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" - }; - - testVector a, b, c; - testVector test_hmac[3]; - - int ret; - int times = sizeof(test_hmac) / sizeof(testVector), i; - - a.input = "Hi There"; - a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc" - "\x9d"; - a.inLen = XSTRLEN(a.input); - a.outLen = WC_MD5_DIGEST_SIZE; - - b.input = "what do ya want for nothing?"; - b.output = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7" - "\x38"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_MD5_DIGEST_SIZE; - - c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD"; - c.output = "\x56\xbe\x34\x52\x1d\x14\x4c\x88\xdb\xb8\xc7\x33\xf0\xe8\xb3" - "\xf6"; - c.inLen = XSTRLEN(c.input); - c.outLen = WC_MD5_DIGEST_SIZE; - - test_hmac[0] = a; - test_hmac[1] = b; - test_hmac[2] = c; - - for (i = 0; i < times; ++i) { - #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM) - if (i == 1) { - continue; /* cavium can't handle short keys, fips not allowed */ - } - #endif - - if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) { - return -3500; - } - - ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[i], - (word32)XSTRLEN(keys[i])); - if (ret != 0) - return -3501; - ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, - (word32)test_hmac[i].inLen); - if (ret != 0) - return -3502; - ret = wc_HmacFinal(&hmac, hash); - if (ret != 0) - return -3503; - - if (XMEMCMP(hash, test_hmac[i].output, WC_MD5_DIGEST_SIZE) != 0) - return -3504 - i; - - wc_HmacFree(&hmac); - } - -#ifndef HAVE_FIPS - if (wc_HmacSizeByType(WC_MD5) != WC_MD5_DIGEST_SIZE) - return -3514; -#endif - - return 0; -} -#endif /* NO_HMAC && NO_MD5 */ - -#if !defined(NO_HMAC) && !defined(NO_SHA) -static int hmac_sha_test(void) -{ - Hmac hmac; - byte hash[WC_SHA_DIGEST_SIZE]; - - const char* keys[]= - { - "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" - "\x0b\x0b\x0b", - "Jefe", - "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" - "\xAA\xAA\xAA" - }; - - testVector a, b, c; - testVector test_hmac[3]; - - int ret; - int times = sizeof(test_hmac) / sizeof(testVector), i; - - a.input = "Hi There"; - a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c" - "\x8e\xf1\x46\xbe\x00"; - a.inLen = XSTRLEN(a.input); - a.outLen = WC_SHA_DIGEST_SIZE; - - b.input = "what do ya want for nothing?"; - b.output = "\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74\x16\xd5\xf1\x84\xdf" - "\x9c\x25\x9a\x7c\x79"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_SHA_DIGEST_SIZE; - - c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD"; - c.output = "\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b" - "\x4f\x63\xf1\x75\xd3"; - c.inLen = XSTRLEN(c.input); - c.outLen = WC_SHA_DIGEST_SIZE; - - test_hmac[0] = a; - test_hmac[1] = b; - test_hmac[2] = c; - - for (i = 0; i < times; ++i) { -#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM) - if (i == 1) - continue; /* cavium can't handle short keys, fips not allowed */ -#endif - - if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) - return -3600; - - ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[i], - (word32)XSTRLEN(keys[i])); - if (ret != 0) - return -3601; - ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, - (word32)test_hmac[i].inLen); - if (ret != 0) - return -3602; - ret = wc_HmacFinal(&hmac, hash); - if (ret != 0) - return -3603; - - if (XMEMCMP(hash, test_hmac[i].output, WC_SHA_DIGEST_SIZE) != 0) - return -3604 - i; - - wc_HmacFree(&hmac); - } - -#ifndef HAVE_FIPS - if (wc_HmacSizeByType(WC_SHA) != WC_SHA_DIGEST_SIZE) - return -3614; -#endif - - return 0; -} -#endif - - -#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224) -static int hmac_sha224_test(void) -{ - Hmac hmac; - byte hash[WC_SHA224_DIGEST_SIZE]; - - const char* keys[]= - { - "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" - "\x0b\x0b\x0b", - "Jefe", - "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" - "\xAA\xAA\xAA", - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - }; - - testVector a, b, c, d; - testVector test_hmac[4]; - - int ret; - int times = sizeof(test_hmac) / sizeof(testVector), i; - - a.input = "Hi There"; - a.output = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3" - "\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22"; - a.inLen = XSTRLEN(a.input); - a.outLen = WC_SHA224_DIGEST_SIZE; - - b.input = "what do ya want for nothing?"; - b.output = "\xa3\x0e\x01\x09\x8b\xc6\xdb\xbf\x45\x69\x0f\x3a\x7e\x9e\x6d" - "\x0f\x8b\xbe\xa2\xa3\x9e\x61\x48\x00\x8f\xd0\x5e\x44"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_SHA224_DIGEST_SIZE; - - c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD"; - c.output = "\x7f\xb3\xcb\x35\x88\xc6\xc1\xf6\xff\xa9\x69\x4d\x7d\x6a\xd2" - "\x64\x93\x65\xb0\xc1\xf6\x5d\x69\xd1\xec\x83\x33\xea"; - c.inLen = XSTRLEN(c.input); - c.outLen = WC_SHA224_DIGEST_SIZE; - - d.input = "Big Key Input"; - d.output = "\xe7\x4e\x2b\x8a\xa9\xf0\x37\x2f\xed\xae\x70\x0c\x49\x47\xf1" - "\x46\x54\xa7\x32\x6b\x55\x01\x87\xd2\xc8\x02\x0e\x3a"; - d.inLen = XSTRLEN(d.input); - d.outLen = WC_SHA224_DIGEST_SIZE; - - test_hmac[0] = a; - test_hmac[1] = b; - test_hmac[2] = c; - test_hmac[3] = d; - - for (i = 0; i < times; ++i) { -#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM) - if (i == 1) - continue; /* cavium can't handle short keys, fips not allowed */ -#endif - - if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) - return -3700; - - ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[i], - (word32)XSTRLEN(keys[i])); - if (ret != 0) - return -3701; - ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, - (word32)test_hmac[i].inLen); - if (ret != 0) - return -3702; - ret = wc_HmacFinal(&hmac, hash); - if (ret != 0) - return -3703; - - if (XMEMCMP(hash, test_hmac[i].output, WC_SHA224_DIGEST_SIZE) != 0) - return -3704 - i; - - wc_HmacFree(&hmac); - } - -#ifndef HAVE_FIPS - if (wc_HmacSizeByType(WC_SHA224) != WC_SHA224_DIGEST_SIZE) - return -3714; -#endif - - return 0; -} -#endif - - -#if !defined(NO_HMAC) && !defined(NO_SHA256) -static int hmac_sha256_test(void) -{ - Hmac hmac; - byte hash[WC_SHA256_DIGEST_SIZE]; - - const char* keys[]= - { - "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" - "\x0b\x0b\x0b", - "Jefe", - "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" - "\xAA\xAA\xAA", - "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" - "\xAA\xAA\xAA", - }; - - testVector a, b, c, d; - testVector test_hmac[4]; - - int ret; - int times = sizeof(test_hmac) / sizeof(testVector), i; - - a.input = "Hi There"; - a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1" - "\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32" - "\xcf\xf7"; - a.inLen = XSTRLEN(a.input); - a.outLen = WC_SHA256_DIGEST_SIZE; - - b.input = "what do ya want for nothing?"; - b.output = "\x5b\xdc\xc1\x46\xbf\x60\x75\x4e\x6a\x04\x24\x26\x08\x95\x75" - "\xc7\x5a\x00\x3f\x08\x9d\x27\x39\x83\x9d\xec\x58\xb9\x64\xec" - "\x38\x43"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_SHA256_DIGEST_SIZE; - - c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD"; - c.output = "\x77\x3e\xa9\x1e\x36\x80\x0e\x46\x85\x4d\xb8\xeb\xd0\x91\x81" - "\xa7\x29\x59\x09\x8b\x3e\xf8\xc1\x22\xd9\x63\x55\x14\xce\xd5" - "\x65\xfe"; - c.inLen = XSTRLEN(c.input); - c.outLen = WC_SHA256_DIGEST_SIZE; - - d.input = 0; - d.output = "\x86\xe5\x4f\xd4\x48\x72\x5d\x7e\x5d\xcf\xe2\x23\x53\xc8\x28" - "\xaf\x48\x78\x1e\xb4\x8c\xae\x81\x06\xa7\xe1\xd4\x98\x94\x9f" - "\x3e\x46"; - d.inLen = 0; - d.outLen = WC_SHA256_DIGEST_SIZE; - - test_hmac[0] = a; - test_hmac[1] = b; - test_hmac[2] = c; - test_hmac[3] = d; - - for (i = 0; i < times; ++i) { -#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM) - if (i == 1) - continue; /* cavium can't handle short keys, fips not allowed */ -#endif -#if defined(HAVE_INTEL_QA) || defined(HAVE_CAVIUM) - if (i == 3) - continue; /* QuickAssist can't handle empty HMAC */ -#endif - - if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) - return -3800 - i; - - ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[i], - (word32)XSTRLEN(keys[i])); - if (ret != 0) - return -3810 - i; - if (test_hmac[i].input != NULL) { - ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, - (word32)test_hmac[i].inLen); - if (ret != 0) - return -3820 - i; - } - ret = wc_HmacFinal(&hmac, hash); - if (ret != 0) - return -3830 - i; - - if (XMEMCMP(hash, test_hmac[i].output, WC_SHA256_DIGEST_SIZE) != 0) - return -3840 - i; - - wc_HmacFree(&hmac); - } - -#ifndef HAVE_FIPS - if (wc_HmacSizeByType(WC_SHA256) != WC_SHA256_DIGEST_SIZE) - return -3850; - if (wc_HmacSizeByType(20) != BAD_FUNC_ARG) - return -3851; -#endif - if (wolfSSL_GetHmacMaxSize() != WC_MAX_DIGEST_SIZE) - return -3852; - - return 0; -} -#endif - - -#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384) -static int hmac_sha384_test(void) -{ - Hmac hmac; - byte hash[WC_SHA384_DIGEST_SIZE]; - - const char* keys[]= - { - "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" - "\x0b\x0b\x0b", - "Jefe", - "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" - "\xAA\xAA\xAA", - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - }; - - testVector a, b, c, d; - testVector test_hmac[4]; - - int ret; - int times = sizeof(test_hmac) / sizeof(testVector), i; - - a.input = "Hi There"; - a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90" - "\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb" - "\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2" - "\xfa\x9c\xb6"; - a.inLen = XSTRLEN(a.input); - a.outLen = WC_SHA384_DIGEST_SIZE; - - b.input = "what do ya want for nothing?"; - b.output = "\xaf\x45\xd2\xe3\x76\x48\x40\x31\x61\x7f\x78\xd2\xb5\x8a\x6b" - "\x1b\x9c\x7e\xf4\x64\xf5\xa0\x1b\x47\xe4\x2e\xc3\x73\x63\x22" - "\x44\x5e\x8e\x22\x40\xca\x5e\x69\xe2\xc7\x8b\x32\x39\xec\xfa" - "\xb2\x16\x49"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_SHA384_DIGEST_SIZE; - - c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD"; - c.output = "\x88\x06\x26\x08\xd3\xe6\xad\x8a\x0a\xa2\xac\xe0\x14\xc8\xa8" - "\x6f\x0a\xa6\x35\xd9\x47\xac\x9f\xeb\xe8\x3e\xf4\xe5\x59\x66" - "\x14\x4b\x2a\x5a\xb3\x9d\xc1\x38\x14\xb9\x4e\x3a\xb6\xe1\x01" - "\xa3\x4f\x27"; - c.inLen = XSTRLEN(c.input); - c.outLen = WC_SHA384_DIGEST_SIZE; - - d.input = "Big Key Input"; - d.output = "\xd2\x3d\x29\x6e\xf5\x1e\x23\x23\x49\x18\xb3\xbf\x4c\x38\x7b" - "\x31\x21\x17\xbb\x09\x73\x27\xf8\x12\x9d\xe9\xc6\x5d\xf9\x54" - "\xd6\x38\x5a\x68\x53\x14\xee\xe0\xa6\x4f\x36\x7e\xb2\xf3\x1a" - "\x57\x41\x69"; - d.inLen = XSTRLEN(d.input); - d.outLen = WC_SHA384_DIGEST_SIZE; - - test_hmac[0] = a; - test_hmac[1] = b; - test_hmac[2] = c; - test_hmac[3] = d; - - for (i = 0; i < times; ++i) { -#if defined(HAVE_FIPS) - if (i == 1) - continue; /* fips not allowed */ -#endif - - if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) - return -3900; - - ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[i], - (word32)XSTRLEN(keys[i])); - if (ret != 0) - return -3901; - ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, - (word32)test_hmac[i].inLen); - if (ret != 0) - return -3902; - ret = wc_HmacFinal(&hmac, hash); - if (ret != 0) - return -3903; - - if (XMEMCMP(hash, test_hmac[i].output, WC_SHA384_DIGEST_SIZE) != 0) - return -3904 - i; - - wc_HmacFree(&hmac); - } - -#ifndef HAVE_FIPS - if (wc_HmacSizeByType(WC_SHA384) != WC_SHA384_DIGEST_SIZE) - return -3914; -#endif - - return 0; -} -#endif - - -#if !defined(NO_HMAC) && defined(WOLFSSL_SHA512) -static int hmac_sha512_test(void) -{ - Hmac hmac; - byte hash[WC_SHA512_DIGEST_SIZE]; - - const char* keys[]= - { - "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" - "\x0b\x0b\x0b", - "Jefe", - "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" - "\xAA\xAA\xAA", - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - }; - - testVector a, b, c, d; - testVector test_hmac[4]; - - int ret; - int times = sizeof(test_hmac) / sizeof(testVector), i; - - a.input = "Hi There"; - a.output = "\x87\xaa\x7c\xde\xa5\xef\x61\x9d\x4f\xf0\xb4\x24\x1a\x1d\x6c" - "\xb0\x23\x79\xf4\xe2\xce\x4e\xc2\x78\x7a\xd0\xb3\x05\x45\xe1" - "\x7c\xde\xda\xa8\x33\xb7\xd6\xb8\xa7\x02\x03\x8b\x27\x4e\xae" - "\xa3\xf4\xe4\xbe\x9d\x91\x4e\xeb\x61\xf1\x70\x2e\x69\x6c\x20" - "\x3a\x12\x68\x54"; - a.inLen = XSTRLEN(a.input); - a.outLen = WC_SHA512_DIGEST_SIZE; - - b.input = "what do ya want for nothing?"; - b.output = "\x16\x4b\x7a\x7b\xfc\xf8\x19\xe2\xe3\x95\xfb\xe7\x3b\x56\xe0" - "\xa3\x87\xbd\x64\x22\x2e\x83\x1f\xd6\x10\x27\x0c\xd7\xea\x25" - "\x05\x54\x97\x58\xbf\x75\xc0\x5a\x99\x4a\x6d\x03\x4f\x65\xf8" - "\xf0\xe6\xfd\xca\xea\xb1\xa3\x4d\x4a\x6b\x4b\x63\x6e\x07\x0a" - "\x38\xbc\xe7\x37"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_SHA512_DIGEST_SIZE; - - c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" - "\xDD\xDD\xDD\xDD\xDD\xDD"; - c.output = "\xfa\x73\xb0\x08\x9d\x56\xa2\x84\xef\xb0\xf0\x75\x6c\x89\x0b" - "\xe9\xb1\xb5\xdb\xdd\x8e\xe8\x1a\x36\x55\xf8\x3e\x33\xb2\x27" - "\x9d\x39\xbf\x3e\x84\x82\x79\xa7\x22\xc8\x06\xb4\x85\xa4\x7e" - "\x67\xc8\x07\xb9\x46\xa3\x37\xbe\xe8\x94\x26\x74\x27\x88\x59" - "\xe1\x32\x92\xfb"; - c.inLen = XSTRLEN(c.input); - c.outLen = WC_SHA512_DIGEST_SIZE; - - d.input = "Big Key Input"; - d.output = "\x3f\xa9\xc9\xe1\xbd\xbb\x04\x55\x1f\xef\xcc\x92\x33\x08\xeb" - "\xcf\xc1\x9a\x5b\x5b\xc0\x7c\x86\x84\xae\x8c\x40\xaf\xb1\x27" - "\x87\x38\x92\x04\xa8\xed\xd7\xd7\x07\xa9\x85\xa0\xc2\xcd\x30" - "\xc0\x56\x14\x49\xbc\x2f\x69\x15\x6a\x97\xd8\x79\x2f\xb3\x3b" - "\x1e\x18\xfe\xfa"; - d.inLen = XSTRLEN(d.input); - d.outLen = WC_SHA512_DIGEST_SIZE; - - test_hmac[0] = a; - test_hmac[1] = b; - test_hmac[2] = c; - test_hmac[3] = d; - - for (i = 0; i < times; ++i) { -#if defined(HAVE_FIPS) - if (i == 1) - continue; /* fips not allowed */ -#endif - - if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) - return -4000; - - ret = wc_HmacSetKey(&hmac, WC_SHA512, (byte*)keys[i], - (word32)XSTRLEN(keys[i])); - if (ret != 0) - return -4001; - ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, - (word32)test_hmac[i].inLen); - if (ret != 0) - return -4002; - ret = wc_HmacFinal(&hmac, hash); - if (ret != 0) - return -4003; - - if (XMEMCMP(hash, test_hmac[i].output, WC_SHA512_DIGEST_SIZE) != 0) - return -4004 - i; - - wc_HmacFree(&hmac); - } - -#ifndef HAVE_FIPS - if (wc_HmacSizeByType(WC_SHA512) != WC_SHA512_DIGEST_SIZE) - return -4014; -#endif - - return 0; -} -#endif - - -#if !defined(NO_HMAC) && defined(WOLFSSL_SHA3) && \ - !defined(WOLFSSL_NOSHA3_224) && !defined(WOLFSSL_NOSHA3_256) && \ - !defined(WOLFSSL_NOSHA3_384) && !defined(WOLFSSL_NOSHA3_512) -static int hmac_sha3_test(void) -{ - Hmac hmac; - byte hash[WC_SHA3_512_DIGEST_SIZE]; - - const char* key[4] = - { - "Jefe", - - "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" - "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", - - "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" - "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa", - - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" - }; - - const char* input[4] = - { - "what do ya want for nothing?", - - "Hi There", - - "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" - "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" - "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" - "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" - "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd", - - "Big Key Input" - }; - - const int hashType[4] = - { - WC_SHA3_224, WC_SHA3_256, WC_SHA3_384, WC_SHA3_512 - }; - - const int hashSz[4] = - { - WC_SHA3_224_DIGEST_SIZE, WC_SHA3_256_DIGEST_SIZE, - WC_SHA3_384_DIGEST_SIZE, WC_SHA3_512_DIGEST_SIZE - }; - - const char* output[16] = - { - /* key = jefe, input = what do ya want for nothing? */ - /* HMAC-SHA3-224 */ - "\x7f\xdb\x8d\xd8\x8b\xd2\xf6\x0d\x1b\x79\x86\x34\xad\x38\x68\x11" - "\xc2\xcf\xc8\x5b\xfa\xf5\xd5\x2b\xba\xce\x5e\x66", - /* HMAC-SHA3-256 */ - "\xc7\xd4\x07\x2e\x78\x88\x77\xae\x35\x96\xbb\xb0\xda\x73\xb8\x87" - "\xc9\x17\x1f\x93\x09\x5b\x29\x4a\xe8\x57\xfb\xe2\x64\x5e\x1b\xa5", - /* HMAC-SHA3-384 */ - "\xf1\x10\x1f\x8c\xbf\x97\x66\xfd\x67\x64\xd2\xed\x61\x90\x3f\x21" - "\xca\x9b\x18\xf5\x7c\xf3\xe1\xa2\x3c\xa1\x35\x08\xa9\x32\x43\xce" - "\x48\xc0\x45\xdc\x00\x7f\x26\xa2\x1b\x3f\x5e\x0e\x9d\xf4\xc2\x0a", - /* HMAC-SHA3-512 */ - "\x5a\x4b\xfe\xab\x61\x66\x42\x7c\x7a\x36\x47\xb7\x47\x29\x2b\x83" - "\x84\x53\x7c\xdb\x89\xaf\xb3\xbf\x56\x65\xe4\xc5\xe7\x09\x35\x0b" - "\x28\x7b\xae\xc9\x21\xfd\x7c\xa0\xee\x7a\x0c\x31\xd0\x22\xa9\x5e" - "\x1f\xc9\x2b\xa9\xd7\x7d\xf8\x83\x96\x02\x75\xbe\xb4\xe6\x20\x24", - - /* key = 0b..., input = Hi There */ - /* HMAC-SHA3-224 */ - "\x3b\x16\x54\x6b\xbc\x7b\xe2\x70\x6a\x03\x1d\xca\xfd\x56\x37\x3d" - "\x98\x84\x36\x76\x41\xd8\xc5\x9a\xf3\xc8\x60\xf7", - /* HMAC-SHA3-256 */ - "\xba\x85\x19\x23\x10\xdf\xfa\x96\xe2\xa3\xa4\x0e\x69\x77\x43\x51" - "\x14\x0b\xb7\x18\x5e\x12\x02\xcd\xcc\x91\x75\x89\xf9\x5e\x16\xbb", - /* HMAC-SHA3-384 */ - "\x68\xd2\xdc\xf7\xfd\x4d\xdd\x0a\x22\x40\xc8\xa4\x37\x30\x5f\x61" - "\xfb\x73\x34\xcf\xb5\xd0\x22\x6e\x1b\xc2\x7d\xc1\x0a\x2e\x72\x3a" - "\x20\xd3\x70\xb4\x77\x43\x13\x0e\x26\xac\x7e\x3d\x53\x28\x86\xbd", - /* HMAC-SHA3-512 */ - "\xeb\x3f\xbd\x4b\x2e\xaa\xb8\xf5\xc5\x04\xbd\x3a\x41\x46\x5a\xac" - "\xec\x15\x77\x0a\x7c\xab\xac\x53\x1e\x48\x2f\x86\x0b\x5e\xc7\xba" - "\x47\xcc\xb2\xc6\xf2\xaf\xce\x8f\x88\xd2\x2b\x6d\xc6\x13\x80\xf2" - "\x3a\x66\x8f\xd3\x88\x8b\xb8\x05\x37\xc0\xa0\xb8\x64\x07\x68\x9e", - - /* key = aa..., output = dd... */ - /* HMAC-SHA3-224 */ - "\x67\x6c\xfc\x7d\x16\x15\x36\x38\x78\x03\x90\x69\x2b\xe1\x42\xd2" - "\xdf\x7c\xe9\x24\xb9\x09\xc0\xc0\x8d\xbf\xdc\x1a", - /* HMAC-SHA3-256 */ - "\x84\xec\x79\x12\x4a\x27\x10\x78\x65\xce\xdd\x8b\xd8\x2d\xa9\x96" - "\x5e\x5e\xd8\xc3\x7b\x0a\xc9\x80\x05\xa7\xf3\x9e\xd5\x8a\x42\x07", - /* HMAC-SHA3-384 */ - "\x27\x5c\xd0\xe6\x61\xbb\x8b\x15\x1c\x64\xd2\x88\xf1\xf7\x82\xfb" - "\x91\xa8\xab\xd5\x68\x58\xd7\x2b\xab\xb2\xd4\x76\xf0\x45\x83\x73" - "\xb4\x1b\x6a\xb5\xbf\x17\x4b\xec\x42\x2e\x53\xfc\x31\x35\xac\x6e", - /* HMAC-SHA3-512 */ - "\x30\x9e\x99\xf9\xec\x07\x5e\xc6\xc6\xd4\x75\xed\xa1\x18\x06\x87" - "\xfc\xf1\x53\x11\x95\x80\x2a\x99\xb5\x67\x74\x49\xa8\x62\x51\x82" - "\x85\x1c\xb3\x32\xaf\xb6\xa8\x9c\x41\x13\x25\xfb\xcb\xcd\x42\xaf" - "\xcb\x7b\x6e\x5a\xab\x7e\xa4\x2c\x66\x0f\x97\xfd\x85\x84\xbf\x03", - - /* key = big key, input = Big Key Input */ - /* HMAC-SHA3-224 */ - "\x29\xe0\x5e\x46\xc4\xa4\x5e\x46\x74\xbf\xd7\x2d\x1a\xd8\x66\xdb" - "\x2d\x0d\x10\x4e\x2b\xfa\xad\x53\x7d\x15\x69\x8b", - /* HMAC-SHA3-256 */ - "\xb5\x5b\x8d\x64\xb6\x9c\x21\xd0\xbf\x20\x5c\xa2\xf7\xb9\xb1\x4e" - "\x88\x21\x61\x2c\x66\xc3\x91\xae\x6c\x95\x16\x85\x83\xe6\xf4\x9b", - /* HMAC-SHA3-384 */ - "\xaa\x91\xb3\xa6\x2f\x56\xa1\xbe\x8c\x3e\x74\x38\xdb\x58\xd9\xd3" - "\x34\xde\xa0\x60\x6d\x8d\x46\xe0\xec\xa9\xf6\x06\x35\x14\xe6\xed" - "\x83\xe6\x7c\x77\x24\x6c\x11\xb5\x90\x82\xb5\x75\xda\x7b\x83\x2d", - /* HMAC-SHA3-512 */ - "\x1c\xc3\xa9\x24\x4a\x4a\x3f\xbd\xc7\x20\x00\x16\x9b\x79\x47\x03" - "\x78\x75\x2c\xb5\xf1\x2e\x62\x7c\xbe\xef\x4e\x8f\x0b\x11\x2b\x32" - "\xa0\xee\xc9\xd0\x4d\x64\x64\x0b\x37\xf4\xdd\x66\xf7\x8b\xb3\xad" - "\x52\x52\x6b\x65\x12\xde\x0d\x7c\xc0\x8b\x60\x01\x6c\x37\xd7\xa8" - - }; - - int i = 0, iMax = sizeof(input) / sizeof(input[0]), - j, jMax = sizeof(hashType) / sizeof(hashType[0]), - ret; - -#ifdef HAVE_FIPS - /* FIPS requires a minimum length for HMAC keys, and "Jefe" is too - * short. Skip it in FIPS builds. */ - i = 1; -#endif - for (; i < iMax; i++) { - for (j = 0; j < jMax; j++) { - if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) - return -4100; - - ret = wc_HmacSetKey(&hmac, hashType[j], (byte*)key[i], - (word32)XSTRLEN(key[i])); - if (ret != 0) - return -4101; - ret = wc_HmacUpdate(&hmac, (byte*)input[i], - (word32)XSTRLEN(input[i])); - if (ret != 0) - return -4102; - ret = wc_HmacFinal(&hmac, hash); - if (ret != 0) - return -4103; - if (XMEMCMP(hash, output[(i*jMax) + j], hashSz[j]) != 0) - return -4104; - - wc_HmacFree(&hmac); - - if (i > 0) - continue; - - #ifndef HAVE_FIPS - ret = wc_HmacSizeByType(hashType[j]); - if (ret != hashSz[j]) - return -4105; - #endif - } - } - - return 0; -} -#endif - - -#ifndef NO_RC4 -static int arc4_test(void) -{ - byte cipher[16]; - byte plain[16]; - - const char* keys[] = - { - "\x01\x23\x45\x67\x89\xab\xcd\xef", - "\x01\x23\x45\x67\x89\xab\xcd\xef", - "\x00\x00\x00\x00\x00\x00\x00\x00", - "\xef\x01\x23\x45" - }; - - testVector a, b, c, d; - testVector test_arc4[4]; - - int times = sizeof(test_arc4) / sizeof(testVector), i; - - a.input = "\x01\x23\x45\x67\x89\xab\xcd\xef"; - a.output = "\x75\xb7\x87\x80\x99\xe0\xc5\x96"; - a.inLen = 8; - a.outLen = 8; - - b.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; - b.output = "\x74\x94\xc2\xe7\x10\x4b\x08\x79"; - b.inLen = 8; - b.outLen = 8; - - c.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; - c.output = "\xde\x18\x89\x41\xa3\x37\x5d\x3a"; - c.inLen = 8; - c.outLen = 8; - - d.input = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; - d.output = "\xd6\xa1\x41\xa7\xec\x3c\x38\xdf\xbd\x61"; - d.inLen = 10; - d.outLen = 10; - - test_arc4[0] = a; - test_arc4[1] = b; - test_arc4[2] = c; - test_arc4[3] = d; - - for (i = 0; i < times; ++i) { - Arc4 enc; - Arc4 dec; - int keylen = 8; /* XSTRLEN with key 0x00 not good */ - if (i == 3) - keylen = 4; - - if (wc_Arc4Init(&enc, HEAP_HINT, devId) != 0) - return -4200; - if (wc_Arc4Init(&dec, HEAP_HINT, devId) != 0) - return -4201; - - wc_Arc4SetKey(&enc, (byte*)keys[i], keylen); - wc_Arc4SetKey(&dec, (byte*)keys[i], keylen); - - wc_Arc4Process(&enc, cipher, (byte*)test_arc4[i].input, - (word32)test_arc4[i].outLen); - wc_Arc4Process(&dec, plain, cipher, (word32)test_arc4[i].outLen); - - if (XMEMCMP(plain, test_arc4[i].input, test_arc4[i].outLen)) - return -4202 - i; - - if (XMEMCMP(cipher, test_arc4[i].output, test_arc4[i].outLen)) - return -4212 - i; - - wc_Arc4Free(&enc); - wc_Arc4Free(&dec); - } - - return 0; -} -#endif - - -static int hc128_test(void) -{ -#ifdef HAVE_HC128 - byte cipher[16]; - byte plain[16]; - - const char* keys[] = - { - "\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", - "\x00\x53\xA6\xF9\x4C\x9F\xF2\x45\x98\xEB\x3E\x91\xE4\x37\x8A\xDD", - "\x0F\x62\xB5\x08\x5B\xAE\x01\x54\xA7\xFA\x4D\xA0\xF3\x46\x99\xEC" - }; - - const char* ivs[] = - { - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", - "\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", - "\x0D\x74\xDB\x42\xA9\x10\x77\xDE\x45\xAC\x13\x7A\xE1\x48\xAF\x16", - "\x28\x8F\xF6\x5D\xC4\x2B\x92\xF9\x60\xC7\x2E\x95\xFC\x63\xCA\x31" - }; - - - testVector a, b, c, d; - testVector test_hc128[4]; - - int times = sizeof(test_hc128) / sizeof(testVector), i; - - int ret = 0; -#ifdef WOLFSSL_NO_MALLOC - HC128 enc_buffer, *enc = &enc_buffer, - dec_buffer, *dec = &dec_buffer; -#else - HC128 *enc = XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - HC128 *dec = XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if ((! enc) || (! dec)) { - ret = MEMORY_E; - goto out; - } -#endif - - a.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; - a.output = "\x37\x86\x02\xB9\x8F\x32\xA7\x48"; - a.inLen = 8; - a.outLen = 8; - - b.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; - b.output = "\x33\x7F\x86\x11\xC6\xED\x61\x5F"; - b.inLen = 8; - b.outLen = 8; - - c.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; - c.output = "\x2E\x1E\xD1\x2A\x85\x51\xC0\x5A"; - c.inLen = 8; - c.outLen = 8; - - d.input = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; - d.output = "\x1C\xD8\xAE\xDD\xFE\x52\xE2\x17\xE8\x35\xD0\xB7\xE8\x4E\x29"; - d.inLen = 15; - d.outLen = 15; - - test_hc128[0] = a; - test_hc128[1] = b; - test_hc128[2] = c; - test_hc128[3] = d; - - for (i = 0; i < times; ++i) { - /* align keys/ivs in plain/cipher buffers */ - XMEMCPY(plain, keys[i], 16); - XMEMCPY(cipher, ivs[i], 16); - - wc_Hc128_SetKey(enc, plain, cipher); - wc_Hc128_SetKey(dec, plain, cipher); - - /* align input */ - XMEMCPY(plain, test_hc128[i].input, test_hc128[i].outLen); - if (wc_Hc128_Process(enc, cipher, plain, - (word32)test_hc128[i].outLen) != 0) { - ret = -4300; - goto out; - } - if (wc_Hc128_Process(dec, plain, cipher, - (word32)test_hc128[i].outLen) != 0) { - ret = -4301; - goto out; - } - - if (XMEMCMP(plain, test_hc128[i].input, test_hc128[i].outLen)) { - ret = -4302 - i; - goto out; - } - - if (XMEMCMP(cipher, test_hc128[i].output, test_hc128[i].outLen)) { - ret = -4312 - i; - goto out; - } - } - - out: - -#ifndef WOLFSSL_NO_MALLOC - if (enc) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (dec) - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); -#endif - - return ret; -#else - return 0; -#endif /* HAVE_HC128 */ -} - - -#ifndef NO_RABBIT -static int rabbit_test(void) -{ - byte cipher[16]; - byte plain[16]; - - const char* keys[] = - { - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", - "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", - "\xAC\xC3\x51\xDC\xF1\x62\xFC\x3B\xFE\x36\x3D\x2E\x29\x13\x28\x91" - }; - - const char* ivs[] = - { - "\x00\x00\x00\x00\x00\x00\x00\x00", - "\x59\x7E\x26\xC1\x75\xF5\x73\xC3", - 0 - }; - - testVector a, b, c; - testVector test_rabbit[3]; - - int times = sizeof(test_rabbit) / sizeof(testVector), i; - - a.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; - a.output = "\xED\xB7\x05\x67\x37\x5D\xCD\x7C"; - a.inLen = 8; - a.outLen = 8; - - b.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; - b.output = "\x6D\x7D\x01\x22\x92\xCC\xDC\xE0"; - b.inLen = 8; - b.outLen = 8; - - c.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; - c.output = "\x04\xCE\xCA\x7A\x1A\x86\x6E\x77"; - c.inLen = 8; - c.outLen = 8; - - test_rabbit[0] = a; - test_rabbit[1] = b; - test_rabbit[2] = c; - - for (i = 0; i < times; ++i) { - Rabbit enc; - Rabbit dec; - byte* iv; - - /* align keys/ivs in plain/cipher buffers */ - XMEMCPY(plain, keys[i], 16); - if (ivs[i]) { - XMEMCPY(cipher, ivs[i], 8); - iv = cipher; - } else - iv = NULL; - wc_RabbitSetKey(&enc, plain, iv); - wc_RabbitSetKey(&dec, plain, iv); - - /* align input */ - XMEMCPY(plain, test_rabbit[i].input, test_rabbit[i].outLen); - wc_RabbitProcess(&enc, cipher, plain, (word32)test_rabbit[i].outLen); - wc_RabbitProcess(&dec, plain, cipher, (word32)test_rabbit[i].outLen); - - if (XMEMCMP(plain, test_rabbit[i].input, test_rabbit[i].outLen)) - return -4400 - i; - - if (XMEMCMP(cipher, test_rabbit[i].output, test_rabbit[i].outLen)) - return -4410 - i; - } - - return 0; -} -#endif /* NO_RABBIT */ - - -#ifdef HAVE_CHACHA -static int chacha_test(void) -{ - ChaCha enc; - ChaCha dec; - byte cipher[128]; - byte plain[128]; - byte sliver[64]; - byte input[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; - word32 keySz = 32; - int ret = 0; - int i; - int times = 4; - - static const byte key1[] = - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }; - - static const byte key2[] = - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 - }; - - static const byte key3[] = - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }; - - /* 128 bit key */ - static const byte key4[] = - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }; - - - const byte* keys[] = {key1, key2, key3, key4}; - - static const byte ivs1[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; - static const byte ivs2[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; - static const byte ivs3[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00}; - static const byte ivs4[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; - - - const byte* ivs[] = {ivs1, ivs2, ivs3, ivs4}; - -#ifndef BENCH_EMBEDDED - static const byte cipher_big_result[] = { - 0x06, 0xa6, 0x5d, 0x31, 0x21, 0x6c, 0xdb, 0x37, 0x48, 0x7c, 0x01, 0x9d, - 0x72, 0xdf, 0x0a, 0x5b, 0x64, 0x74, 0x20, 0xba, 0x9e, 0xe0, 0x26, 0x7a, - 0xbf, 0xdf, 0x83, 0x34, 0x3b, 0x4f, 0x94, 0x3f, 0x37, 0x89, 0xaf, 0x00, - 0xdf, 0x0f, 0x2e, 0x75, 0x16, 0x41, 0xf6, 0x7a, 0x86, 0x94, 0x9d, 0x32, - 0x56, 0xf0, 0x79, 0x71, 0x68, 0x6f, 0xa6, 0x6b, 0xc6, 0x59, 0x49, 0xf6, - 0x10, 0x34, 0x03, 0x03, 0x16, 0x53, 0x9a, 0x98, 0x2a, 0x46, 0xde, 0x17, - 0x06, 0x65, 0x70, 0xca, 0x0a, 0x1f, 0xab, 0x80, 0x26, 0x96, 0x3f, 0x3e, - 0x7a, 0x3c, 0xa8, 0x87, 0xbb, 0x65, 0xdd, 0x5e, 0x07, 0x7b, 0x34, 0xe0, - 0x56, 0xda, 0x32, 0x13, 0x30, 0xc9, 0x0c, 0xd7, 0xba, 0xe4, 0x1f, 0xa6, - 0x91, 0x4f, 0x72, 0x9f, 0xd9, 0x5c, 0x62, 0x7d, 0xa6, 0xc2, 0xbc, 0x87, - 0xae, 0x64, 0x11, 0x94, 0x3b, 0xbc, 0x6c, 0x23, 0xbd, 0x7d, 0x00, 0xb4, - 0x99, 0xf2, 0x68, 0xb5, 0x59, 0x70, 0x93, 0xad, 0x69, 0xd0, 0xb1, 0x28, - 0x70, 0x92, 0xeb, 0xec, 0x39, 0x80, 0x82, 0xde, 0x44, 0xe2, 0x8a, 0x26, - 0xb3, 0xe9, 0x45, 0xcf, 0x83, 0x76, 0x9f, 0x6a, 0xa0, 0x46, 0x4a, 0x3d, - 0x26, 0x56, 0xaf, 0x49, 0x41, 0x26, 0x1b, 0x6a, 0x41, 0x37, 0x65, 0x91, - 0x72, 0xc4, 0xe7, 0x3c, 0x17, 0x31, 0xae, 0x2e, 0x2b, 0x31, 0x45, 0xe4, - 0x93, 0xd3, 0x10, 0xaa, 0xc5, 0x62, 0xd5, 0x11, 0x4b, 0x57, 0x1d, 0xad, - 0x48, 0x06, 0xd0, 0x0d, 0x98, 0xa5, 0xc6, 0x5b, 0xd0, 0x9e, 0x22, 0xc0, - 0x00, 0x32, 0x5a, 0xf5, 0x1c, 0x89, 0x6d, 0x54, 0x97, 0x55, 0x6b, 0x46, - 0xc5, 0xc7, 0xc4, 0x48, 0x9c, 0xbf, 0x47, 0xdc, 0x03, 0xc4, 0x1b, 0xcb, - 0x65, 0xa6, 0x91, 0x9d, 0x6d, 0xf1, 0xb0, 0x7a, 0x4d, 0x3b, 0x03, 0x95, - 0xf4, 0x8b, 0x0b, 0xae, 0x39, 0xff, 0x3f, 0xf6, 0xc0, 0x14, 0x18, 0x8a, - 0xe5, 0x19, 0xbd, 0xc1, 0xb4, 0x05, 0x4e, 0x29, 0x2f, 0x0b, 0x33, 0x76, - 0x28, 0x16, 0xa4, 0xa6, 0x93, 0x04, 0xb5, 0x55, 0x6b, 0x89, 0x3d, 0xa5, - 0x0f, 0xd3, 0xad, 0xfa, 0xd9, 0xfd, 0x05, 0x5d, 0x48, 0x94, 0x25, 0x5a, - 0x2c, 0x9a, 0x94, 0x80, 0xb0, 0xe7, 0xcb, 0x4d, 0x77, 0xbf, 0xca, 0xd8, - 0x55, 0x48, 0xbd, 0x66, 0xb1, 0x85, 0x81, 0xb1, 0x37, 0x79, 0xab, 0x52, - 0x08, 0x14, 0x12, 0xac, 0xcd, 0x45, 0x4d, 0x53, 0x6b, 0xca, 0x96, 0xc7, - 0x3b, 0x2f, 0x73, 0xb1, 0x5a, 0x23, 0xbd, 0x65, 0xd5, 0xea, 0x17, 0xb3, - 0xdc, 0xa1, 0x17, 0x1b, 0x2d, 0xb3, 0x9c, 0xd0, 0xdb, 0x41, 0x77, 0xef, - 0x93, 0x20, 0x52, 0x3e, 0x9d, 0xf5, 0xbf, 0x33, 0xf7, 0x52, 0xc1, 0x90, - 0xa0, 0x15, 0x17, 0xce, 0xf7, 0xf7, 0xd0, 0x3a, 0x3b, 0xd1, 0x72, 0x56, - 0x31, 0x81, 0xae, 0x60, 0xab, 0x40, 0xc1, 0xd1, 0x28, 0x77, 0x53, 0xac, - 0x9f, 0x11, 0x0a, 0x88, 0x36, 0x4b, 0xda, 0x57, 0xa7, 0x28, 0x5c, 0x85, - 0xd3, 0x85, 0x9b, 0x79, 0xad, 0x05, 0x1c, 0x37, 0x14, 0x5e, 0x0d, 0xd0, - 0x23, 0x03, 0x42, 0x1d, 0x48, 0x5d, 0xc5, 0x3c, 0x5a, 0x08, 0xa9, 0x0d, - 0x6e, 0x82, 0x7c, 0x2e, 0x3c, 0x41, 0xcc, 0x96, 0x8e, 0xad, 0xee, 0x2a, - 0x61, 0x0b, 0x16, 0x0f, 0xa9, 0x24, 0x40, 0x85, 0xbc, 0x9f, 0x28, 0x8d, - 0xe6, 0x68, 0x4d, 0x8f, 0x30, 0x48, 0xd9, 0x73, 0x73, 0x6c, 0x9a, 0x7f, - 0x67, 0xf7, 0xde, 0x4c, 0x0a, 0x8b, 0xe4, 0xb3, 0x08, 0x2a, 0x52, 0xda, - 0x54, 0xee, 0xcd, 0xb5, 0x62, 0x4a, 0x26, 0x20, 0xfb, 0x40, 0xbb, 0x39, - 0x3a, 0x0f, 0x09, 0xe8, 0x00, 0xd1, 0x24, 0x97, 0x60, 0xe9, 0x83, 0x83, - 0xfe, 0x9f, 0x9c, 0x15, 0xcf, 0x69, 0x03, 0x9f, 0x03, 0xe1, 0xe8, 0x6e, - 0xbd, 0x87, 0x58, 0x68, 0xee, 0xec, 0xd8, 0x29, 0x46, 0x23, 0x49, 0x92, - 0x72, 0x95, 0x5b, 0x49, 0xca, 0xe0, 0x45, 0x59, 0xb2, 0xca, 0xf4, 0xfc, - 0xb7, 0x59, 0x37, 0x49, 0x28, 0xbc, 0xf3, 0xd7, 0x61, 0xbc, 0x4b, 0xf3, - 0xa9, 0x4b, 0x2f, 0x05, 0xa8, 0x01, 0xa5, 0xdc, 0x00, 0x6e, 0x01, 0xb6, - 0x45, 0x3c, 0xd5, 0x49, 0x7d, 0x5c, 0x25, 0xe8, 0x31, 0x87, 0xb2, 0xb9, - 0xbf, 0xb3, 0x01, 0x62, 0x0c, 0xd0, 0x48, 0x77, 0xa2, 0x34, 0x0f, 0x16, - 0x22, 0x28, 0xee, 0x54, 0x08, 0x93, 0x3b, 0xe4, 0xde, 0x7e, 0x63, 0xf7, - 0x97, 0x16, 0x5d, 0x71, 0x58, 0xc2, 0x2e, 0xf2, 0x36, 0xa6, 0x12, 0x65, - 0x94, 0x17, 0xac, 0x66, 0x23, 0x7e, 0xc6, 0x72, 0x79, 0x24, 0xce, 0x8f, - 0x55, 0x19, 0x97, 0x44, 0xfc, 0x55, 0xec, 0x85, 0x26, 0x27, 0xdb, 0x38, - 0xb1, 0x42, 0x0a, 0xdd, 0x05, 0x99, 0x28, 0xeb, 0x03, 0x6c, 0x9a, 0xe9, - 0x17, 0xf6, 0x2c, 0xb0, 0xfe, 0xe7, 0xa4, 0xa7, 0x31, 0xda, 0x4d, 0xb0, - 0x29, 0xdb, 0xdd, 0x8d, 0x12, 0x13, 0x9c, 0xb4, 0xcc, 0x83, 0x97, 0xfb, - 0x1a, 0xdc, 0x08, 0xd6, 0x30, 0x62, 0xe8, 0xeb, 0x8b, 0x61, 0xcb, 0x1d, - 0x06, 0xe3, 0xa5, 0x4d, 0x35, 0xdb, 0x59, 0xa8, 0x2d, 0x87, 0x27, 0x44, - 0x6f, 0xc0, 0x38, 0x97, 0xe4, 0x85, 0x00, 0x02, 0x09, 0xf6, 0x69, 0x3a, - 0xcf, 0x08, 0x1b, 0x21, 0xbb, 0x79, 0xb1, 0xa1, 0x34, 0x09, 0xe0, 0x80, - 0xca, 0xb0, 0x78, 0x8a, 0x11, 0x97, 0xd4, 0x07, 0xbe, 0x1b, 0x6a, 0x5d, - 0xdb, 0xd6, 0x1f, 0x76, 0x6b, 0x16, 0xf0, 0x58, 0x84, 0x5f, 0x59, 0xce, - 0x62, 0x34, 0xc3, 0xdf, 0x94, 0xb8, 0x2f, 0x84, 0x68, 0xf0, 0xb8, 0x51, - 0xd9, 0x6d, 0x8e, 0x4a, 0x1d, 0xe6, 0x5c, 0xd8, 0x86, 0x25, 0xe3, 0x24, - 0xfd, 0x21, 0x61, 0x13, 0x48, 0x3e, 0xf6, 0x7d, 0xa6, 0x71, 0x9b, 0xd2, - 0x6e, 0xe6, 0xd2, 0x08, 0x94, 0x62, 0x6c, 0x98, 0xfe, 0x2f, 0x9c, 0x88, - 0x7e, 0x78, 0x15, 0x02, 0x00, 0xf0, 0xba, 0x24, 0x91, 0xf2, 0xdc, 0x47, - 0x51, 0x4d, 0x15, 0x5e, 0x91, 0x5f, 0x57, 0x5b, 0x1d, 0x35, 0x24, 0x45, - 0x75, 0x9b, 0x88, 0x75, 0xf1, 0x2f, 0x85, 0xe7, 0x89, 0xd1, 0x01, 0xb4, - 0xc8, 0x18, 0xb7, 0x97, 0xef, 0x4b, 0x90, 0xf4, 0xbf, 0x10, 0x27, 0x3c, - 0x60, 0xff, 0xc4, 0x94, 0x20, 0x2f, 0x93, 0x4b, 0x4d, 0xe3, 0x80, 0xf7, - 0x2c, 0x71, 0xd9, 0xe3, 0x68, 0xb4, 0x77, 0x2b, 0xc7, 0x0d, 0x39, 0x92, - 0xef, 0x91, 0x0d, 0xb2, 0x11, 0x50, 0x0e, 0xe8, 0xad, 0x3b, 0xf6, 0xb5, - 0xc6, 0x14, 0x4d, 0x33, 0x53, 0xa7, 0x60, 0x15, 0xc7, 0x27, 0x51, 0xdc, - 0x54, 0x29, 0xa7, 0x0d, 0x6a, 0x7b, 0x72, 0x13, 0xad, 0x7d, 0x41, 0x19, - 0x4e, 0x42, 0x49, 0xcc, 0x42, 0xe4, 0xbd, 0x99, 0x13, 0xd9, 0x7f, 0xf3, - 0x38, 0xa4, 0xb6, 0x33, 0xed, 0x07, 0x48, 0x7e, 0x8e, 0x82, 0xfe, 0x3a, - 0x9d, 0x75, 0x93, 0xba, 0x25, 0x4e, 0x37, 0x3c, 0x0c, 0xd5, 0x69, 0xa9, - 0x2d, 0x9e, 0xfd, 0xe8, 0xbb, 0xf5, 0x0c, 0xe2, 0x86, 0xb9, 0x5e, 0x6f, - 0x28, 0xe4, 0x19, 0xb3, 0x0b, 0xa4, 0x86, 0xd7, 0x24, 0xd0, 0xb8, 0x89, - 0x7b, 0x76, 0xec, 0x05, 0x10, 0x5b, 0x68, 0xe9, 0x58, 0x66, 0xa3, 0xc5, - 0xb6, 0x63, 0x20, 0x0e, 0x0e, 0xea, 0x3d, 0x61, 0x5e, 0xda, 0x3d, 0x3c, - 0xf9, 0xfd, 0xed, 0xa9, 0xdb, 0x52, 0x94, 0x8a, 0x00, 0xca, 0x3c, 0x8d, - 0x66, 0x8f, 0xb0, 0xf0, 0x5a, 0xca, 0x3f, 0x63, 0x71, 0xbf, 0xca, 0x99, - 0x37, 0x9b, 0x75, 0x97, 0x89, 0x10, 0x6e, 0xcf, 0xf2, 0xf5, 0xe3, 0xd5, - 0x45, 0x9b, 0xad, 0x10, 0x71, 0x6c, 0x5f, 0x6f, 0x7f, 0x22, 0x77, 0x18, - 0x2f, 0xf9, 0x99, 0xc5, 0x69, 0x58, 0x03, 0x12, 0x86, 0x82, 0x3e, 0xbf, - 0xc2, 0x12, 0x35, 0x43, 0xa3, 0xd9, 0x18, 0x4f, 0x41, 0x11, 0x6b, 0xf3, - 0x67, 0xaf, 0x3d, 0x78, 0xe4, 0x22, 0x2d, 0xb3, 0x48, 0x43, 0x31, 0x1d, - 0xef, 0xa8, 0xba, 0x49, 0x8e, 0xa9, 0xa7, 0xb6, 0x18, 0x77, 0x84, 0xca, - 0xbd, 0xa2, 0x02, 0x1b, 0x6a, 0xf8, 0x5f, 0xda, 0xff, 0xcf, 0x01, 0x6a, - 0x86, 0x69, 0xa9, 0xe9, 0xcb, 0x60, 0x1e, 0x15, 0xdc, 0x8f, 0x5d, 0x39, - 0xb5, 0xce, 0x55, 0x5f, 0x47, 0x97, 0xb1, 0x19, 0x6e, 0x21, 0xd6, 0x13, - 0x39, 0xb2, 0x24, 0xe0, 0x62, 0x82, 0x9f, 0xed, 0x12, 0x81, 0xed, 0xee, - 0xab, 0xd0, 0x2f, 0x19, 0x89, 0x3f, 0x57, 0x2e, 0xc2, 0xe2, 0x67, 0xe8, - 0xae, 0x03, 0x56, 0xba, 0xd4, 0xd0, 0xa4, 0x89, 0x03, 0x06, 0x5b, 0xcc, - 0xf2, 0x22, 0xb8, 0x0e, 0x76, 0x79, 0x4a, 0x42, 0x1d, 0x37, 0x51, 0x5a, - 0xaa, 0x46, 0x6c, 0x2a, 0xdd, 0x66, 0xfe, 0xc6, 0x68, 0xc3, 0x38, 0xa2, - 0xae, 0x5b, 0x98, 0x24, 0x5d, 0x43, 0x05, 0x82, 0x38, 0x12, 0xd3, 0xd1, - 0x75, 0x2d, 0x4f, 0x61, 0xbd, 0xb9, 0x10, 0x87, 0x44, 0x2a, 0x78, 0x07, - 0xff, 0xf4, 0x0f, 0xa1, 0xf3, 0x68, 0x9f, 0xbe, 0xae, 0xa2, 0x91, 0xf0, - 0xc7, 0x55, 0x7a, 0x52, 0xd5, 0xa3, 0x8d, 0x6f, 0xe4, 0x90, 0x5c, 0xf3, - 0x5f, 0xce, 0x3d, 0x23, 0xf9, 0x8e, 0xae, 0x14, 0xfb, 0x82, 0x9a, 0xa3, - 0x04, 0x5f, 0xbf, 0xad, 0x3e, 0xf2, 0x97, 0x0a, 0x60, 0x40, 0x70, 0x19, - 0x72, 0xad, 0x66, 0xfb, 0x78, 0x1b, 0x84, 0x6c, 0x98, 0xbc, 0x8c, 0xf8, - 0x4f, 0xcb, 0xb5, 0xf6, 0xaf, 0x7a, 0xb7, 0x93, 0xef, 0x67, 0x48, 0x02, - 0x2c, 0xcb, 0xe6, 0x77, 0x0f, 0x7b, 0xc1, 0xee, 0xc5, 0xb6, 0x2d, 0x7e, - 0x62, 0xa0, 0xc0, 0xa7, 0xa5, 0x80, 0x31, 0x92, 0x50, 0xa1, 0x28, 0x22, - 0x95, 0x03, 0x17, 0xd1, 0x0f, 0xf6, 0x08, 0xe5, 0xec - }; -#define CHACHA_BIG_TEST_SIZE 1305 -#ifndef WOLFSSL_SMALL_STACK - byte cipher_big[CHACHA_BIG_TEST_SIZE] = {0}; - byte plain_big[CHACHA_BIG_TEST_SIZE] = {0}; - byte input_big[CHACHA_BIG_TEST_SIZE] = {0}; -#else - byte* cipher_big; - byte* plain_big; - byte* input_big; -#endif /* WOLFSSL_SMALL_STACK */ - int block_size; -#endif /* BENCH_EMBEDDED */ - - byte a[] = {0x76,0xb8,0xe0,0xad,0xa0,0xf1,0x3d,0x90}; - byte b[] = {0x45,0x40,0xf0,0x5a,0x9f,0x1f,0xb2,0x96}; - byte c[] = {0xde,0x9c,0xba,0x7b,0xf3,0xd6,0x9e,0xf5}; - byte d[] = {0x89,0x67,0x09,0x52,0x60,0x83,0x64,0xfd}; - - byte* test_chacha[4]; - - test_chacha[0] = a; - test_chacha[1] = b; - test_chacha[2] = c; - test_chacha[3] = d; - -#ifndef BENCH_EMBEDDED -#ifdef WOLFSSL_SMALL_STACK - cipher_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (cipher_big == NULL) { - return MEMORY_E; - } - plain_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (plain_big == NULL) { - return MEMORY_E; - } - input_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (input_big == NULL) { - return MEMORY_E; - } - XMEMSET(cipher_big, 0, CHACHA_BIG_TEST_SIZE); - XMEMSET(plain_big, 0, CHACHA_BIG_TEST_SIZE); - XMEMSET(input_big, 0, CHACHA_BIG_TEST_SIZE); -#endif /* WOLFSSL_SMALL_STACK */ -#endif /* BENCH_EMBEDDED */ - - for (i = 0; i < times; ++i) { - if (i < 3) { - keySz = 32; - } - else { - keySz = 16; - } - - XMEMCPY(plain, keys[i], keySz); - XMEMSET(cipher, 0, 32); - XMEMCPY(cipher + 4, ivs[i], 8); - - ret |= wc_Chacha_SetKey(&enc, keys[i], keySz); - ret |= wc_Chacha_SetKey(&dec, keys[i], keySz); - if (ret != 0) - return ret; - - ret |= wc_Chacha_SetIV(&enc, cipher, 0); - ret |= wc_Chacha_SetIV(&dec, cipher, 0); - if (ret != 0) - return ret; - XMEMCPY(plain, input, 8); - - ret |= wc_Chacha_Process(&enc, cipher, plain, (word32)8); - ret |= wc_Chacha_Process(&dec, plain, cipher, (word32)8); - if (ret != 0) - return ret; - - if (XMEMCMP(test_chacha[i], cipher, 8)) - return -4500 - i; - - if (XMEMCMP(plain, input, 8)) - return -4510 - i; - } - - /* test of starting at a different counter - encrypts all of the information and decrypts starting at 2nd chunk */ - XMEMSET(plain, 0, sizeof(plain)); - XMEMSET(sliver, 1, sizeof(sliver)); /* set as 1's to not match plain */ - XMEMSET(cipher, 0, sizeof(cipher)); - XMEMCPY(cipher + 4, ivs[0], 8); - - ret |= wc_Chacha_SetKey(&enc, keys[0], keySz); - ret |= wc_Chacha_SetKey(&dec, keys[0], keySz); - if (ret != 0) - return ret; - - ret |= wc_Chacha_SetIV(&enc, cipher, 0); - ret |= wc_Chacha_SetIV(&dec, cipher, 1); - if (ret != 0) - return ret; - - ret |= wc_Chacha_Process(&enc, cipher, plain, sizeof(plain)); - ret |= wc_Chacha_Process(&dec, sliver, cipher + 64, sizeof(sliver)); - if (ret != 0) - return ret; - - if (XMEMCMP(plain + 64, sliver, 64)) - return -4520; - -#ifndef BENCH_EMBEDDED - /* test of encrypting more data */ - keySz = 32; - - ret |= wc_Chacha_SetKey(&enc, keys[0], keySz); - ret |= wc_Chacha_SetKey(&dec, keys[0], keySz); - if (ret != 0) - return ret; - - ret |= wc_Chacha_SetIV(&enc, ivs[2], 0); - ret |= wc_Chacha_SetIV(&dec, ivs[2], 0); - if (ret != 0) - return ret; - - ret |= wc_Chacha_Process(&enc, cipher_big, plain_big, CHACHA_BIG_TEST_SIZE); - ret |= wc_Chacha_Process(&dec, plain_big, cipher_big, - CHACHA_BIG_TEST_SIZE); - if (ret != 0) - return ret; - - if (XMEMCMP(plain_big, input_big, CHACHA_BIG_TEST_SIZE)) - return -4521; - - if (XMEMCMP(cipher_big, cipher_big_result, CHACHA_BIG_TEST_SIZE)) - return -4522; - - for (i = 0; i < 18; ++i) { - /* this will test all paths */ - // block sizes: 1 2 3 4 7 8 15 16 31 32 63 64 127 128 255 256 511 512 - block_size = (2 << (i%9)) - (i<9?1:0); - keySz = 32; - - ret |= wc_Chacha_SetKey(&enc, keys[0], keySz); - ret |= wc_Chacha_SetKey(&dec, keys[0], keySz); - if (ret != 0) - return ret; - - ret |= wc_Chacha_SetIV(&enc, ivs[2], 0); - ret |= wc_Chacha_SetIV(&dec, ivs[2], 0); - if (ret != 0) - return ret; - - ret |= wc_Chacha_Process(&enc, cipher_big, plain_big, block_size); - ret |= wc_Chacha_Process(&dec, plain_big, cipher_big, block_size); - if (ret != 0) - return ret; - - if (XMEMCMP(plain_big, input_big, block_size)) - return -4523-i; - - if (XMEMCMP(cipher_big, cipher_big_result, block_size)) - return -4524-i; - } - -#ifdef WOLFSSL_SMALL_STACK - XFREE(cipher_big, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(plain_big, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(input_big, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif /* WOLFSSL_SMALL_STACK */ -#endif /* BENCH_EMBEDDED */ - - return 0; -} -#endif /* HAVE_CHACHA */ - - -#ifdef HAVE_POLY1305 -static int poly1305_test(void) -{ - int ret = 0; - int i; - byte tag[16]; - Poly1305 enc; - - static const byte msg1[] = - { - 0x43,0x72,0x79,0x70,0x74,0x6f,0x67,0x72, - 0x61,0x70,0x68,0x69,0x63,0x20,0x46,0x6f, - 0x72,0x75,0x6d,0x20,0x52,0x65,0x73,0x65, - 0x61,0x72,0x63,0x68,0x20,0x47,0x72,0x6f, - 0x75,0x70 - }; - - static const byte msg2[] = - { - 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x77,0x6f,0x72, - 0x6c,0x64,0x21 - }; - - static const byte msg3[] = - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }; - - static const byte msg4[] = - { - 0xd3,0x1a,0x8d,0x34,0x64,0x8e,0x60,0xdb, - 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2, - 0xa4,0xad,0xed,0x51,0x29,0x6e,0x08,0xfe, - 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6, - 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12, - 0x82,0xfa,0xfb,0x69,0xda,0x92,0x72,0x8b, - 0x1a,0x71,0xde,0x0a,0x9e,0x06,0x0b,0x29, - 0x05,0xd6,0xa5,0xb6,0x7e,0xcd,0x3b,0x36, - 0x92,0xdd,0xbd,0x7f,0x2d,0x77,0x8b,0x8c, - 0x98,0x03,0xae,0xe3,0x28,0x09,0x1b,0x58, - 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94, - 0x55,0x85,0x80,0x8b,0x48,0x31,0xd7,0xbc, - 0x3f,0xf4,0xde,0xf0,0x8e,0x4b,0x7a,0x9d, - 0xe5,0x76,0xd2,0x65,0x86,0xce,0xc6,0x4b, - 0x61,0x16 - }; - - static const byte msg5[] = - { - 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, - 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, - }; - - static const byte msg6[] = - { - 0xd3,0x1a,0x8d,0x34,0x64,0x8e,0x60,0xdb, - 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2, - 0xa4,0xad,0xed,0x51,0x29,0x6e,0x08,0xfe, - 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6, - 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12, - 0x82,0xfa,0xfb,0x69,0xda,0x92,0x72,0x8b, - 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94, - 0x1a,0x71,0xde,0x0a,0x9e,0x06,0x0b,0x29, - 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6, - 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12, - 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94, - 0x05,0xd6,0xa5,0xb6,0x7e,0xcd,0x3b,0x36, - 0x92,0xdd,0xbd,0x7f,0x2d,0x77,0x8b,0x8c, - 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2, - 0x98,0x03,0xae,0xe3,0x28,0x09,0x1b,0x58, - 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94, - 0x55,0x85,0x80,0x8b,0x48,0x31,0xd7,0xbc, - 0x3f,0xf4,0xde,0xf0,0x8e,0x4b,0x7a,0x9d, - 0xe5,0x76,0xd2,0x65,0x86,0xce,0xc6,0x4b, - 0x61,0x16 - }; - - byte additional[] = - { - 0x50,0x51,0x52,0x53,0xc0,0xc1,0xc2,0xc3, - 0xc4,0xc5,0xc6,0xc7 - }; - - static const byte correct0[] = - { - 0x01,0x03,0x80,0x8a,0xfb,0x0d,0xb2,0xfd, - 0x4a,0xbf,0xf6,0xaf,0x41,0x49,0xf5,0x1b - }; - - static const byte correct1[] = - { - 0xa8,0x06,0x1d,0xc1,0x30,0x51,0x36,0xc6, - 0xc2,0x2b,0x8b,0xaf,0x0c,0x01,0x27,0xa9 - }; - - static const byte correct2[] = - { - 0xa6,0xf7,0x45,0x00,0x8f,0x81,0xc9,0x16, - 0xa2,0x0d,0xcc,0x74,0xee,0xf2,0xb2,0xf0 - }; - - static const byte correct3[] = - { - 0x49,0xec,0x78,0x09,0x0e,0x48,0x1e,0xc6, - 0xc2,0x6b,0x33,0xb9,0x1c,0xcc,0x03,0x07 - }; - - static const byte correct4[] = - { - 0x1a,0xe1,0x0b,0x59,0x4f,0x09,0xe2,0x6a, - 0x7e,0x90,0x2e,0xcb,0xd0,0x60,0x06,0x91 - }; - - static const byte correct5[] = - { - 0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - }; - - static const byte correct6[] = - { - 0xea,0x11,0x5c,0x4f,0xd0,0xc0,0x10,0xae, - 0xf7,0xdf,0xda,0x77,0xa2,0xe9,0xaf,0xca - }; - - static const byte key[] = { - 0x85,0xd6,0xbe,0x78,0x57,0x55,0x6d,0x33, - 0x7f,0x44,0x52,0xfe,0x42,0xd5,0x06,0xa8, - 0x01,0x03,0x80,0x8a,0xfb,0x0d,0xb2,0xfd, - 0x4a,0xbf,0xf6,0xaf,0x41,0x49,0xf5,0x1b - }; - - static const byte key2[] = { - 0x74,0x68,0x69,0x73,0x20,0x69,0x73,0x20, - 0x33,0x32,0x2d,0x62,0x79,0x74,0x65,0x20, - 0x6b,0x65,0x79,0x20,0x66,0x6f,0x72,0x20, - 0x50,0x6f,0x6c,0x79,0x31,0x33,0x30,0x35 - }; - - static const byte key4[] = { - 0x7b,0xac,0x2b,0x25,0x2d,0xb4,0x47,0xaf, - 0x09,0xb6,0x7a,0x55,0xa4,0xe9,0x55,0x84, - 0x0a,0xe1,0xd6,0x73,0x10,0x75,0xd9,0xeb, - 0x2a,0x93,0x75,0x78,0x3e,0xd5,0x53,0xff - }; - - static const byte key5[] = { - 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }; - - const byte* msgs[] = {NULL, msg1, msg2, msg3, msg5, msg6}; - word32 szm[] = {0, sizeof(msg1), sizeof(msg2), - sizeof(msg3), sizeof(msg5), sizeof(msg6)}; - const byte* keys[] = {key, key, key2, key2, key5, key}; - const byte* tests[] = {correct0, correct1, correct2, correct3, correct5, - correct6}; - - for (i = 0; i < 6; i++) { - ret = wc_Poly1305SetKey(&enc, keys[i], 32); - if (ret != 0) - return -4600 - i; - - ret = wc_Poly1305Update(&enc, msgs[i], szm[i]); - if (ret != 0) - return -4610 - i; - - ret = wc_Poly1305Final(&enc, tag); - if (ret != 0) - return -4620 - i; - - if (XMEMCMP(tag, tests[i], sizeof(tag))) - return -4630 - i; - } - - /* Check TLS MAC function from 2.8.2 https://tools.ietf.org/html/rfc7539 */ - XMEMSET(tag, 0, sizeof(tag)); - ret = wc_Poly1305SetKey(&enc, key4, sizeof(key4)); - if (ret != 0) - return -4640; - - ret = wc_Poly1305_MAC(&enc, additional, sizeof(additional), - (byte*)msg4, sizeof(msg4), tag, sizeof(tag)); - if (ret != 0) - return -4641; - - if (XMEMCMP(tag, correct4, sizeof(tag))) - return -4642; - - /* Check fail of TLS MAC function if altering additional data */ - XMEMSET(tag, 0, sizeof(tag)); - additional[0]++; - ret = wc_Poly1305_MAC(&enc, additional, sizeof(additional), - (byte*)msg4, sizeof(msg4), tag, sizeof(tag)); - if (ret != 0) - return -4643; - - if (XMEMCMP(tag, correct4, sizeof(tag)) == 0) - return -4644; - - - return 0; -} -#endif /* HAVE_POLY1305 */ - - -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) -static int chacha20_poly1305_aead_test(void) -{ - /* Test #1 from Section 2.8.2 of draft-irtf-cfrg-chacha20-poly1305-10 */ - /* https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 */ - - const byte key1[] = { - 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, - 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, - 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, - 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f - }; - - const byte plaintext1[] = { - 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, - 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c, - 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20, - 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, - 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39, - 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63, - 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, - 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f, - 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20, - 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, - 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75, - 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73, - 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, - 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, - 0x74, 0x2e - }; - - const byte iv1[] = { - 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43, - 0x44, 0x45, 0x46, 0x47 - }; - - const byte aad1[] = { /* additional data */ - 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, - 0xc4, 0xc5, 0xc6, 0xc7 - }; - - const byte cipher1[] = { /* expected output from operation */ - 0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb, - 0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2, - 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe, - 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6, - 0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12, - 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b, - 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29, - 0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36, - 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c, - 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58, - 0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94, - 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc, - 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d, - 0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b, - 0x61, 0x16 - }; - - const byte authTag1[] = { /* expected output from operation */ - 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a, - 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91 - }; - - /* Test #2 from Appendix A.2 in draft-irtf-cfrg-chacha20-poly1305-10 */ - /* https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 */ - - const byte key2[] = { - 0x1c, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a, - 0xf3, 0x33, 0x88, 0x86, 0x04, 0xf6, 0xb5, 0xf0, - 0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b, 0x80, 0x09, - 0x9d, 0xca, 0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0 - }; - - const byte plaintext2[] = { - 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, - 0x2d, 0x44, 0x72, 0x61, 0x66, 0x74, 0x73, 0x20, - 0x61, 0x72, 0x65, 0x20, 0x64, 0x72, 0x61, 0x66, - 0x74, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, - 0x6e, 0x74, 0x73, 0x20, 0x76, 0x61, 0x6c, 0x69, - 0x64, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x20, - 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x20, - 0x6f, 0x66, 0x20, 0x73, 0x69, 0x78, 0x20, 0x6d, - 0x6f, 0x6e, 0x74, 0x68, 0x73, 0x20, 0x61, 0x6e, - 0x64, 0x20, 0x6d, 0x61, 0x79, 0x20, 0x62, 0x65, - 0x20, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, - 0x2c, 0x20, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63, - 0x65, 0x64, 0x2c, 0x20, 0x6f, 0x72, 0x20, 0x6f, - 0x62, 0x73, 0x6f, 0x6c, 0x65, 0x74, 0x65, 0x64, - 0x20, 0x62, 0x79, 0x20, 0x6f, 0x74, 0x68, 0x65, - 0x72, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, - 0x6e, 0x74, 0x73, 0x20, 0x61, 0x74, 0x20, 0x61, - 0x6e, 0x79, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x2e, - 0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x69, - 0x6e, 0x61, 0x70, 0x70, 0x72, 0x6f, 0x70, 0x72, - 0x69, 0x61, 0x74, 0x65, 0x20, 0x74, 0x6f, 0x20, - 0x75, 0x73, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65, - 0x72, 0x6e, 0x65, 0x74, 0x2d, 0x44, 0x72, 0x61, - 0x66, 0x74, 0x73, 0x20, 0x61, 0x73, 0x20, 0x72, - 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, - 0x20, 0x6d, 0x61, 0x74, 0x65, 0x72, 0x69, 0x61, - 0x6c, 0x20, 0x6f, 0x72, 0x20, 0x74, 0x6f, 0x20, - 0x63, 0x69, 0x74, 0x65, 0x20, 0x74, 0x68, 0x65, - 0x6d, 0x20, 0x6f, 0x74, 0x68, 0x65, 0x72, 0x20, - 0x74, 0x68, 0x61, 0x6e, 0x20, 0x61, 0x73, 0x20, - 0x2f, 0xe2, 0x80, 0x9c, 0x77, 0x6f, 0x72, 0x6b, - 0x20, 0x69, 0x6e, 0x20, 0x70, 0x72, 0x6f, 0x67, - 0x72, 0x65, 0x73, 0x73, 0x2e, 0x2f, 0xe2, 0x80, - 0x9d - }; - - const byte iv2[] = { - 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, - 0x05, 0x06, 0x07, 0x08 - }; - - const byte aad2[] = { /* additional data */ - 0xf3, 0x33, 0x88, 0x86, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x4e, 0x91 - }; - - const byte cipher2[] = { /* expected output from operation */ - 0x64, 0xa0, 0x86, 0x15, 0x75, 0x86, 0x1a, 0xf4, - 0x60, 0xf0, 0x62, 0xc7, 0x9b, 0xe6, 0x43, 0xbd, - 0x5e, 0x80, 0x5c, 0xfd, 0x34, 0x5c, 0xf3, 0x89, - 0xf1, 0x08, 0x67, 0x0a, 0xc7, 0x6c, 0x8c, 0xb2, - 0x4c, 0x6c, 0xfc, 0x18, 0x75, 0x5d, 0x43, 0xee, - 0xa0, 0x9e, 0xe9, 0x4e, 0x38, 0x2d, 0x26, 0xb0, - 0xbd, 0xb7, 0xb7, 0x3c, 0x32, 0x1b, 0x01, 0x00, - 0xd4, 0xf0, 0x3b, 0x7f, 0x35, 0x58, 0x94, 0xcf, - 0x33, 0x2f, 0x83, 0x0e, 0x71, 0x0b, 0x97, 0xce, - 0x98, 0xc8, 0xa8, 0x4a, 0xbd, 0x0b, 0x94, 0x81, - 0x14, 0xad, 0x17, 0x6e, 0x00, 0x8d, 0x33, 0xbd, - 0x60, 0xf9, 0x82, 0xb1, 0xff, 0x37, 0xc8, 0x55, - 0x97, 0x97, 0xa0, 0x6e, 0xf4, 0xf0, 0xef, 0x61, - 0xc1, 0x86, 0x32, 0x4e, 0x2b, 0x35, 0x06, 0x38, - 0x36, 0x06, 0x90, 0x7b, 0x6a, 0x7c, 0x02, 0xb0, - 0xf9, 0xf6, 0x15, 0x7b, 0x53, 0xc8, 0x67, 0xe4, - 0xb9, 0x16, 0x6c, 0x76, 0x7b, 0x80, 0x4d, 0x46, - 0xa5, 0x9b, 0x52, 0x16, 0xcd, 0xe7, 0xa4, 0xe9, - 0x90, 0x40, 0xc5, 0xa4, 0x04, 0x33, 0x22, 0x5e, - 0xe2, 0x82, 0xa1, 0xb0, 0xa0, 0x6c, 0x52, 0x3e, - 0xaf, 0x45, 0x34, 0xd7, 0xf8, 0x3f, 0xa1, 0x15, - 0x5b, 0x00, 0x47, 0x71, 0x8c, 0xbc, 0x54, 0x6a, - 0x0d, 0x07, 0x2b, 0x04, 0xb3, 0x56, 0x4e, 0xea, - 0x1b, 0x42, 0x22, 0x73, 0xf5, 0x48, 0x27, 0x1a, - 0x0b, 0xb2, 0x31, 0x60, 0x53, 0xfa, 0x76, 0x99, - 0x19, 0x55, 0xeb, 0xd6, 0x31, 0x59, 0x43, 0x4e, - 0xce, 0xbb, 0x4e, 0x46, 0x6d, 0xae, 0x5a, 0x10, - 0x73, 0xa6, 0x72, 0x76, 0x27, 0x09, 0x7a, 0x10, - 0x49, 0xe6, 0x17, 0xd9, 0x1d, 0x36, 0x10, 0x94, - 0xfa, 0x68, 0xf0, 0xff, 0x77, 0x98, 0x71, 0x30, - 0x30, 0x5b, 0xea, 0xba, 0x2e, 0xda, 0x04, 0xdf, - 0x99, 0x7b, 0x71, 0x4d, 0x6c, 0x6f, 0x2c, 0x29, - 0xa6, 0xad, 0x5c, 0xb4, 0x02, 0x2b, 0x02, 0x70, - 0x9b - }; - - const byte authTag2[] = { /* expected output from operation */ - 0xee, 0xad, 0x9d, 0x67, 0x89, 0x0c, 0xbb, 0x22, - 0x39, 0x23, 0x36, 0xfe, 0xa1, 0x85, 0x1f, 0x38 - }; - - byte generatedCiphertext[265]; /* max plaintext2/cipher2 */ - byte generatedPlaintext[265]; /* max plaintext2/cipher2 */ - byte generatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]; - int err; - - ChaChaPoly_Aead aead; - -#if !defined(USE_INTEL_CHACHA_SPEEDUP) && !defined(WOLFSSL_ARMASM) - #define TEST_SMALL_CHACHA_CHUNKS 32 -#else - #define TEST_SMALL_CHACHA_CHUNKS 64 -#endif - #ifdef TEST_SMALL_CHACHA_CHUNKS - word32 testLen; - #endif - - XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext)); - XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag)); - XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext)); - - /* Parameter Validation testing */ - /* Encrypt */ - err = wc_ChaCha20Poly1305_Encrypt(NULL, iv1, aad1, sizeof(aad1), plaintext1, - sizeof(plaintext1), generatedCiphertext, generatedAuthTag); - if (err != BAD_FUNC_ARG) - return -4700; - err = wc_ChaCha20Poly1305_Encrypt(key1, NULL, aad1, sizeof(aad1), - plaintext1, sizeof(plaintext1), generatedCiphertext, - generatedAuthTag); - if (err != BAD_FUNC_ARG) - return -4701; - err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), NULL, - sizeof(plaintext1), generatedCiphertext, generatedAuthTag); - if (err != BAD_FUNC_ARG) - return -4702; - err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1, - sizeof(plaintext1), NULL, generatedAuthTag); - if (err != BAD_FUNC_ARG) - return -4703; - err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1, - sizeof(plaintext1), generatedCiphertext, NULL); - if (err != BAD_FUNC_ARG) - return -4704; - err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1, - 0, generatedCiphertext, generatedAuthTag); - if (err != BAD_FUNC_ARG) - return -4705; - /* Decrypt */ - err = wc_ChaCha20Poly1305_Decrypt(NULL, iv2, aad2, sizeof(aad2), cipher2, - sizeof(cipher2), authTag2, generatedPlaintext); - if (err != BAD_FUNC_ARG) - return -4706; - err = wc_ChaCha20Poly1305_Decrypt(key2, NULL, aad2, sizeof(aad2), cipher2, - sizeof(cipher2), authTag2, generatedPlaintext); - if (err != BAD_FUNC_ARG) - return -4707; - err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), NULL, - sizeof(cipher2), authTag2, generatedPlaintext); - if (err != BAD_FUNC_ARG) - return -4708; - err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2, - sizeof(cipher2), NULL, generatedPlaintext); - if (err != BAD_FUNC_ARG) - return -4709; - err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2, - sizeof(cipher2), authTag2, NULL); - if (err != BAD_FUNC_ARG) - return -4710; - err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2, - 0, authTag2, generatedPlaintext); - if (err != BAD_FUNC_ARG) - return -4711; - - - /* Test #1 */ - err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, - aad1, sizeof(aad1), - plaintext1, sizeof(plaintext1), - generatedCiphertext, generatedAuthTag); - if (err) { - return err; - } - - /* -- Check the ciphertext and authtag */ - if (XMEMCMP(generatedCiphertext, cipher1, sizeof(cipher1))) { - return -4712; - } - if (XMEMCMP(generatedAuthTag, authTag1, sizeof(authTag1))) { - return -4713; - } - - /* -- Verify decryption works */ - err = wc_ChaCha20Poly1305_Decrypt(key1, iv1, - aad1, sizeof(aad1), - cipher1, sizeof(cipher1), - authTag1, generatedPlaintext); - if (err) { - return err; - } - if (XMEMCMP(generatedPlaintext, plaintext1, sizeof(plaintext1))) { - return -4714; - } - - - XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext)); - XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag)); - XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext)); - - /* Test #2 */ - err = wc_ChaCha20Poly1305_Encrypt(key2, iv2, - aad2, sizeof(aad2), - plaintext2, sizeof(plaintext2), - generatedCiphertext, generatedAuthTag); - if (err) { - return err; - } - - /* -- Check the ciphertext and authtag */ - if (XMEMCMP(generatedCiphertext, cipher2, sizeof(cipher2))) { - return -4715; - } - if (XMEMCMP(generatedAuthTag, authTag2, sizeof(authTag2))) { - return -4716; - } - - /* -- Verify decryption works */ - err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, - aad2, sizeof(aad2), - cipher2, sizeof(cipher2), - authTag2, generatedPlaintext); - if (err) { - return err; - } - - if (XMEMCMP(generatedPlaintext, plaintext2, sizeof(plaintext2))) { - return -4717; - } - - - /* AEAD init/update/final */ - err = wc_ChaCha20Poly1305_Init(NULL, key1, iv1, - CHACHA20_POLY1305_AEAD_DECRYPT); - if (err != BAD_FUNC_ARG) - return -4718; - err = wc_ChaCha20Poly1305_Init(&aead, NULL, iv1, - CHACHA20_POLY1305_AEAD_DECRYPT); - if (err != BAD_FUNC_ARG) - return -4719; - err = wc_ChaCha20Poly1305_Init(&aead, key1, NULL, - CHACHA20_POLY1305_AEAD_DECRYPT); - if (err != BAD_FUNC_ARG) - return -4720; - err = wc_ChaCha20Poly1305_UpdateAad(NULL, aad1, sizeof(aad1)); - if (err != BAD_FUNC_ARG) - return -4721; - err = wc_ChaCha20Poly1305_UpdateAad(&aead, NULL, sizeof(aad1)); - if (err != BAD_FUNC_ARG) - return -4722; - err = wc_ChaCha20Poly1305_UpdateData(NULL, generatedPlaintext, - generatedPlaintext, sizeof(plaintext1)); - if (err != BAD_FUNC_ARG) - return -4723; - err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedPlaintext, NULL, - sizeof(plaintext1)); - if (err != BAD_FUNC_ARG) - return -4724; - err = wc_ChaCha20Poly1305_UpdateData(&aead, NULL, generatedPlaintext, - sizeof(plaintext1)); - if (err != BAD_FUNC_ARG) - return -4725; - err = wc_ChaCha20Poly1305_Final(NULL, generatedAuthTag); - if (err != BAD_FUNC_ARG) - return -4726; - err = wc_ChaCha20Poly1305_Final(&aead, NULL); - if (err != BAD_FUNC_ARG) - return -4727; - - /* AEAD init/update/final - state tests */ - aead.state = CHACHA20_POLY1305_STATE_INIT; - err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1)); - if (err != BAD_STATE_E) - return -4728; - aead.state = CHACHA20_POLY1305_STATE_DATA; - err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1)); - if (err != BAD_STATE_E) - return -4729; - aead.state = CHACHA20_POLY1305_STATE_INIT; - err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedPlaintext, - generatedPlaintext, sizeof(plaintext1)); - if (err != BAD_STATE_E) - return -4730; - aead.state = CHACHA20_POLY1305_STATE_INIT; - err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag); - if (err != BAD_STATE_E) - return -4731; - aead.state = CHACHA20_POLY1305_STATE_READY; - err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag); - if (err != BAD_STATE_E) - return -4732; - - XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext)); - XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag)); - XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext)); - - /* Test 1 - Encrypt */ - err = wc_ChaCha20Poly1305_Init(&aead, key1, iv1, - CHACHA20_POLY1305_AEAD_ENCRYPT); - if (err != 0) - return -4733; - err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1)); - if (err != 0) - return -4734; -#ifdef TEST_SMALL_CHACHA_CHUNKS - /* test doing data in smaller chunks */ - for (testLen=0; testLen TEST_SMALL_CHACHA_CHUNKS) - dataLen = TEST_SMALL_CHACHA_CHUNKS; - err = wc_ChaCha20Poly1305_UpdateData(&aead, &plaintext1[testLen], - &generatedCiphertext[testLen], dataLen); - if (err != 0) - return -4735; - testLen += dataLen; - } -#else - err = wc_ChaCha20Poly1305_UpdateData(&aead, plaintext1, - generatedCiphertext, sizeof(plaintext1)); -#endif - err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag); - if (err != 0) - return -4736; - err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag1); - if (err != 0) - return -4737; - if (XMEMCMP(generatedCiphertext, cipher1, sizeof(cipher1))) { - return -4738; - } - - /* Test 1 - Decrypt */ - err = wc_ChaCha20Poly1305_Init(&aead, key1, iv1, - CHACHA20_POLY1305_AEAD_DECRYPT); - if (err != 0) - return -4739; - err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1)); - if (err != 0) - return -4740; -#ifdef TEST_SMALL_CHACHA_CHUNKS - /* test doing data in smaller chunks */ - for (testLen=0; testLen TEST_SMALL_CHACHA_CHUNKS) - dataLen = TEST_SMALL_CHACHA_CHUNKS; - err = wc_ChaCha20Poly1305_UpdateData(&aead, - &generatedCiphertext[testLen], &generatedPlaintext[testLen], - dataLen); - if (err != 0) - return -4741; - testLen += dataLen; - } -#else - err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedCiphertext, - generatedPlaintext, sizeof(cipher1)); -#endif - err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag); - if (err != 0) - return -4742; - err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag1); - if (err != 0) - return -4743; - if (XMEMCMP(generatedPlaintext, plaintext1, sizeof(plaintext1))) { - return -4744; - } - - XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext)); - XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag)); - XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext)); - - /* Test 2 - Encrypt */ - err = wc_ChaCha20Poly1305_Init(&aead, key2, iv2, - CHACHA20_POLY1305_AEAD_ENCRYPT); - if (err != 0) - return -4745; - err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad2, sizeof(aad2)); - if (err != 0) - return -4746; -#ifdef TEST_SMALL_CHACHA_CHUNKS - /* test doing data in smaller chunks */ - for (testLen=0; testLen TEST_SMALL_CHACHA_CHUNKS) - dataLen = TEST_SMALL_CHACHA_CHUNKS; - err = wc_ChaCha20Poly1305_UpdateData(&aead, &plaintext2[testLen], - &generatedCiphertext[testLen], dataLen); - if (err != 0) - return -4747; - testLen += dataLen; - } -#else - err = wc_ChaCha20Poly1305_UpdateData(&aead, plaintext2, generatedCiphertext, - sizeof(plaintext2)); -#endif - err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag); - if (err != 0) - return -4748; - err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag2); - if (err != 0) - return -4749; - if (XMEMCMP(generatedCiphertext, cipher2, sizeof(cipher2))) { - return -4750; - } - - /* Test 2 - Decrypt */ - err = wc_ChaCha20Poly1305_Init(&aead, key2, iv2, - CHACHA20_POLY1305_AEAD_DECRYPT); - if (err != 0) - return -4751; - err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad2, sizeof(aad2)); - if (err != 0) - return -4752; -#ifdef TEST_SMALL_CHACHA_CHUNKS - /* test doing data in smaller chunks */ - for (testLen=0; testLen TEST_SMALL_CHACHA_CHUNKS) - dataLen = TEST_SMALL_CHACHA_CHUNKS; - err = wc_ChaCha20Poly1305_UpdateData(&aead, - &generatedCiphertext[testLen], &generatedPlaintext[testLen], - dataLen); - if (err != 0) - return -4753; - testLen += dataLen; - } -#else - err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedCiphertext, - generatedPlaintext, sizeof(cipher2)); -#endif - err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag); - if (err != 0) - return -4754; - err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag2); - if (err != 0) - return -4755; - if (XMEMCMP(generatedPlaintext, plaintext2, sizeof(plaintext2))) { - return -4756; - } - - return err; -} -#endif /* HAVE_CHACHA && HAVE_POLY1305 */ - - -#ifndef NO_DES3 -static int des_test(void) -{ - const byte vector[] = { /* "now is the time for all " w/o trailing 0 */ - 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, - 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, - 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 - }; - - byte plain[24]; - byte cipher[24]; - - Des enc; - Des dec; - - const byte key[] = - { - 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef - }; - - const byte iv[] = - { - 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef - }; - - const byte verify[] = - { - 0x8b,0x7c,0x52,0xb0,0x01,0x2b,0x6c,0xb8, - 0x4f,0x0f,0xeb,0xf3,0xfb,0x5f,0x86,0x73, - 0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b - }; - - int ret; - - ret = wc_Des_SetKey(&enc, key, iv, DES_ENCRYPTION); - if (ret != 0) - return -4800; - - ret = wc_Des_CbcEncrypt(&enc, cipher, vector, sizeof(vector)); - if (ret != 0) - return -4801; - - ret = wc_Des_SetKey(&dec, key, iv, DES_DECRYPTION); - if (ret != 0) - return -4802; - - ret = wc_Des_CbcDecrypt(&dec, plain, cipher, sizeof(cipher)); - if (ret != 0) - return -4803; - - if (XMEMCMP(plain, vector, sizeof(plain))) - return -4804; - - if (XMEMCMP(cipher, verify, sizeof(cipher))) - return -4805; - - ret = wc_Des_CbcEncryptWithKey(cipher, vector, sizeof(vector), key, iv); - if (ret != 0) - return -4806; - -#if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_SHA) - { - EncryptedInfo info; - XMEMSET(&info, 0, sizeof(EncryptedInfo)); - XMEMCPY(info.iv, iv, sizeof(iv)); - info.ivSz = sizeof(iv); - info.keySz = sizeof(key); - info.cipherType = WC_CIPHER_DES; - - ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key, - sizeof(key), WC_HASH_TYPE_SHA); - if (ret != 0) - return -4807; - - /* Test invalid info ptr */ - ret = wc_BufferKeyEncrypt(NULL, cipher, sizeof(cipher), key, - sizeof(key), WC_HASH_TYPE_SHA); - if (ret != BAD_FUNC_ARG) - return -4808; - - /* Test invalid hash type */ - ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key, - sizeof(key), WC_HASH_TYPE_NONE); - if (ret == 0) - return -4809; - } -#endif - - return 0; -} -#endif /* NO_DES3 */ - - -#ifndef NO_DES3 -static int des3_test(void) -{ - const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */ - 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, - 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, - 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 - }; - - byte plain[24]; - byte cipher[24]; - - Des3 enc; - Des3 dec; - - const byte key3[] = - { - 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, - 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, - 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 - }; - const byte iv3[] = - { - 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 - - }; - - const byte verify3[] = - { - 0x43,0xa0,0x29,0x7e,0xd1,0x84,0xf8,0x0e, - 0x89,0x64,0x84,0x32,0x12,0xd5,0x08,0x98, - 0x18,0x94,0x15,0x74,0x87,0x12,0x7d,0xb0 - }; - - int ret; - - - if (wc_Des3Init(&enc, HEAP_HINT, devId) != 0) - return -4900; - if (wc_Des3Init(&dec, HEAP_HINT, devId) != 0) - return -4901; - - ret = wc_Des3_SetKey(&enc, key3, iv3, DES_ENCRYPTION); - if (ret != 0) - return -4902; - ret = wc_Des3_SetKey(&dec, key3, iv3, DES_DECRYPTION); - if (ret != 0) - return -4903; - ret = wc_Des3_CbcEncrypt(&enc, cipher, vector, sizeof(vector)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -4904; - ret = wc_Des3_CbcDecrypt(&dec, plain, cipher, sizeof(cipher)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -4905; - - if (XMEMCMP(plain, vector, sizeof(plain))) - return -4906; - - if (XMEMCMP(cipher, verify3, sizeof(cipher))) - return -4907; - -#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) - /* test the same vectors with using compatibility layer */ - { - DES_key_schedule ks1; - DES_key_schedule ks2; - DES_key_schedule ks3; - DES_cblock iv4; - - XMEMCPY(ks1, key3, sizeof(DES_key_schedule)); - XMEMCPY(ks2, key3 + 8, sizeof(DES_key_schedule)); - XMEMCPY(ks3, key3 + 16, sizeof(DES_key_schedule)); - XMEMCPY(iv4, iv3, sizeof(DES_cblock)); - - XMEMSET(plain, 0, sizeof(plain)); - XMEMSET(cipher, 0, sizeof(cipher)); - - DES_ede3_cbc_encrypt(vector, cipher, sizeof(vector), &ks1, &ks2, &ks3, - &iv4, DES_ENCRYPT); - DES_ede3_cbc_encrypt(cipher, plain, sizeof(cipher), &ks1, &ks2, &ks3, - &iv4, DES_DECRYPT); - - if (XMEMCMP(plain, vector, sizeof(plain))) - return -4908; - - if (XMEMCMP(cipher, verify3, sizeof(cipher))) - return -4909; - } -#endif /* OPENSSL_EXTRA */ - - wc_Des3Free(&enc); - wc_Des3Free(&dec); - -#if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_SHA) - { - EncryptedInfo info; - XMEMSET(&info, 0, sizeof(EncryptedInfo)); - XMEMCPY(info.iv, iv3, sizeof(iv3)); - info.ivSz = sizeof(iv3); - info.keySz = sizeof(key3); - info.cipherType = WC_CIPHER_DES3; - - ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key3, - sizeof(key3), WC_HASH_TYPE_SHA); - if (ret != 0) - return -4910; - } -#endif - - return 0; -} -#endif /* NO_DES */ - - -#ifndef NO_AES - -#if defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_CFB) || \ - defined(WOLFSSL_AES_XTS) -#if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) -/* pass in the function, key, iv, plain text and expected and this function - * tests that the encryption and decryption is successful */ -static int EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, - const byte* iv, const byte* plain, int plainSz, - const byte* expected, int expectedSz) -{ - EVP_CIPHER_CTX ctx; - int idx, ret = 0, cipherSz; - byte* cipher; - - cipher = (byte*)XMALLOC(plainSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (cipher == NULL) { - return -4911; - } - - /* test encrypt */ - EVP_CIPHER_CTX_init(&ctx); - if (EVP_CipherInit(&ctx, type, key, iv, 1) == 0) { - ret = -4912; - goto EVP_TEST_END; - } - - if (EVP_CipherUpdate(&ctx, cipher, &idx, plain, expectedSz) == 0) { - ret = -4913; - goto EVP_TEST_END; - } - - cipherSz = idx; - if (EVP_CipherFinal(&ctx, cipher + cipherSz, &idx) == 0) { - ret = -4914; - goto EVP_TEST_END; - } - cipherSz += idx; - - if (XMEMCMP(cipher, expected, plainSz)) { - ret = -4915; - goto EVP_TEST_END; - } - - /* test decrypt */ - EVP_CIPHER_CTX_init(&ctx); - if (EVP_CipherInit(&ctx, type, key, iv, 0) == 0) { - ret = -4916; - goto EVP_TEST_END; - } - - if (EVP_CipherUpdate(&ctx, cipher, &idx, cipher, expectedSz) == 0) { - ret = -4917; - goto EVP_TEST_END; - } - - cipherSz = idx; - if (EVP_CipherFinal(&ctx, cipher + cipherSz, &idx) == 0) { - ret = -4918; - goto EVP_TEST_END; - } - cipherSz += idx; - - if ((expectedSz != cipherSz) || XMEMCMP(plain, cipher, plainSz)) { - ret = -4919; - goto EVP_TEST_END; - } - -EVP_TEST_END: - XFREE(cipher, NULL, DYNAMIC_TYPE_TMP_BUFFER); - (void)cipherSz; - return ret; -} -#endif /* OPENSSL_EXTRA */ -#endif /* WOLFSSL_AES_OFB || WOLFSSL_AES_CFB */ - -#ifdef WOLFSSL_AES_OFB - /* test vector from https://csrc.nist.gov/Projects/cryptographic-algorithm-validation-program/Block-Ciphers */ - int aesofb_test(void) - { - #ifdef WOLFSSL_AES_256 - const byte key1[] = - { - 0xc4,0xc7,0xfa,0xd6,0x53,0x5c,0xb8,0x71, - 0x4a,0x5c,0x40,0x77,0x9a,0x8b,0xa1,0xd2, - 0x53,0x3e,0x23,0xb4,0xb2,0x58,0x73,0x2a, - 0x5b,0x78,0x01,0xf4,0xe3,0x71,0xa7,0x94 - }; - const byte iv1[] = - { - 0x5e,0xb9,0x33,0x13,0xb8,0x71,0xff,0x16, - 0xb9,0x8a,0x9b,0xcb,0x43,0x33,0x0d,0x6f - }; - const byte plain1[] = - { - 0x6d,0x0b,0xb0,0x79,0x63,0x84,0x71,0xe9, - 0x39,0xd4,0x53,0x14,0x86,0xc1,0x4c,0x25, - 0x9a,0xee,0xc6,0xf3,0xc0,0x0d,0xfd,0xd6, - 0xc0,0x50,0xa8,0xba,0xa8,0x20,0xdb,0x71, - 0xcc,0x12,0x2c,0x4e,0x0c,0x17,0x15,0xef, - 0x55,0xf3,0x99,0x5a,0x6b,0xf0,0x2a,0x4c - }; - const byte cipher1[] = - { - 0x0f,0x54,0x61,0x71,0x59,0xd0,0x3f,0xfc, - 0x1b,0xfa,0xfb,0x60,0x29,0x30,0xd7,0x00, - 0xf4,0xa4,0xa8,0xe6,0xdd,0x93,0x94,0x46, - 0x64,0xd2,0x19,0xc4,0xc5,0x4d,0xde,0x1b, - 0x04,0x53,0xe1,0x73,0xf5,0x18,0x74,0xae, - 0xfd,0x64,0xa2,0xe1,0xe2,0x76,0x13,0xb0 - }; - #endif /* WOLFSSL_AES_256 */ - - - #ifdef WOLFSSL_AES_128 - const byte key2[] = - { - 0x10,0xa5,0x88,0x69,0xd7,0x4b,0xe5,0xa3, - 0x74,0xcf,0x86,0x7c,0xfb,0x47,0x38,0x59 - }; - const byte iv2[] = - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }; - const byte plain2[] = - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }; - const byte cipher2[] = - { - 0x6d,0x25,0x1e,0x69,0x44,0xb0,0x51,0xe0, - 0x4e,0xaa,0x6f,0xb4,0xdb,0xf7,0x84,0x65 - }; - #endif /* WOLFSSL_AES_128 */ - - - #ifdef WOLFSSL_AES_192 - const byte key3[] = { - 0xd0,0x77,0xa0,0x3b,0xd8,0xa3,0x89,0x73, - 0x92,0x8c,0xca,0xfe,0x4a,0x9d,0x2f,0x45, - 0x51,0x30,0xbd,0x0a,0xf5,0xae,0x46,0xa9 - }; - const byte iv3[] = - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }; - const byte cipher3[] = - { - 0xab,0xc7,0x86,0xfb,0x1e,0xdb,0x50,0x45, - 0x80,0xc4,0xd8,0x82,0xef,0x29,0xa0,0xc7 - }; - const byte plain3[] = - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }; - #endif /* WOLFSSL_AES_192 */ - - Aes enc; - byte cipher[AES_BLOCK_SIZE * 4]; - #ifdef HAVE_AES_DECRYPT - Aes dec; - byte plain [AES_BLOCK_SIZE * 4]; - #endif - int ret = 0; - - (void)enc; - #ifdef HAVE_AES_DECRYPT - (void)dec; - #endif - -#ifdef WOLFSSL_AES_128 - /* 128 key size test */ - #ifdef OPENSSL_EXTRA - ret = EVP_test(EVP_aes_128_ofb(), key2, iv2, plain2, sizeof(plain2), - cipher2, sizeof(cipher2)); - if (ret != 0) { - return ret; - } - #endif - - ret = wc_AesSetKey(&enc, key2, sizeof(key2), iv2, AES_ENCRYPTION); - if (ret != 0) - return -4920; - #ifdef HAVE_AES_DECRYPT - /* decrypt uses AES_ENCRYPTION */ - ret = wc_AesSetKey(&dec, key2, sizeof(key2), iv2, AES_ENCRYPTION); - if (ret != 0) - return -4921; - #endif - - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesOfbEncrypt(&enc, cipher, plain2, AES_BLOCK_SIZE); - if (ret != 0) - return -4922; - - if (XMEMCMP(cipher, cipher2, AES_BLOCK_SIZE)) - return -4923; - - #ifdef HAVE_AES_DECRYPT - ret = wc_AesOfbDecrypt(&dec, plain, cipher2, AES_BLOCK_SIZE); - if (ret != 0) - return -4924; - - if (XMEMCMP(plain, plain2, AES_BLOCK_SIZE)) - return -4925; - #endif /* HAVE_AES_DECRYPT */ -#endif /* WOLFSSL_AES_128 */ - -#ifdef WOLFSSL_AES_192 - /* 192 key size test */ - #ifdef OPENSSL_EXTRA - ret = EVP_test(EVP_aes_192_ofb(), key3, iv3, plain3, sizeof(plain3), - cipher3, sizeof(cipher3)); - if (ret != 0) { - return ret; - } - #endif - - ret = wc_AesSetKey(&enc, key3, sizeof(key3), iv3, AES_ENCRYPTION); - if (ret != 0) - return -4926; - #ifdef HAVE_AES_DECRYPT - /* decrypt uses AES_ENCRYPTION */ - ret = wc_AesSetKey(&dec, key3, sizeof(key3), iv3, AES_ENCRYPTION); - if (ret != 0) - return -4927; - #endif - - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesOfbEncrypt(&enc, cipher, plain3, AES_BLOCK_SIZE); - if (ret != 0) - return -4928; - - if (XMEMCMP(cipher, cipher3, AES_BLOCK_SIZE)) - return -4929; - - #ifdef HAVE_AES_DECRYPT - ret = wc_AesOfbDecrypt(&dec, plain, cipher3, AES_BLOCK_SIZE); - if (ret != 0) - return -4930; - - if (XMEMCMP(plain, plain3, AES_BLOCK_SIZE)) - return -4931; - #endif /* HAVE_AES_DECRYPT */ -#endif /* WOLFSSL_AES_192 */ - -#ifdef WOLFSSL_AES_256 - /* 256 key size test */ - #ifdef OPENSSL_EXTRA - ret = EVP_test(EVP_aes_256_ofb(), key1, iv1, plain1, sizeof(plain1), - cipher1, sizeof(cipher1)); - if (ret != 0) { - return ret; - } - #endif - - ret = wc_AesSetKey(&enc, key1, sizeof(key1), iv1, AES_ENCRYPTION); - if (ret != 0) - return -4932; - #ifdef HAVE_AES_DECRYPT - /* decrypt uses AES_ENCRYPTION */ - ret = wc_AesSetKey(&dec, key1, sizeof(key1), iv1, AES_ENCRYPTION); - if (ret != 0) - return -4933; - #endif - - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesOfbEncrypt(&enc, cipher, plain1, AES_BLOCK_SIZE); - if (ret != 0) - return -4934; - - if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE)) - return -4935; - - ret = wc_AesOfbEncrypt(&enc, cipher + AES_BLOCK_SIZE, - plain1 + AES_BLOCK_SIZE, AES_BLOCK_SIZE); - if (ret != 0) - return -4936; - - if (XMEMCMP(cipher + AES_BLOCK_SIZE, cipher1 + AES_BLOCK_SIZE, - AES_BLOCK_SIZE)) - return -4937; - - #ifdef HAVE_AES_DECRYPT - ret = wc_AesOfbDecrypt(&dec, plain, cipher1, AES_BLOCK_SIZE); - if (ret != 0) - return -4938; - - if (XMEMCMP(plain, plain1, AES_BLOCK_SIZE)) - return -4939; - - ret = wc_AesOfbDecrypt(&dec, plain + AES_BLOCK_SIZE, - cipher1 + AES_BLOCK_SIZE, AES_BLOCK_SIZE); - if (ret != 0) - return -4940; - - if (XMEMCMP(plain + AES_BLOCK_SIZE, plain1 + AES_BLOCK_SIZE, - AES_BLOCK_SIZE)) - return -4941; - #endif /* HAVE_AES_DECRYPT */ - - /* multiple blocks at once */ - ret = wc_AesSetKey(&enc, key1, sizeof(key1), iv1, AES_ENCRYPTION); - if (ret != 0) - return -4942; - #ifdef HAVE_AES_DECRYPT - /* decrypt uses AES_ENCRYPTION */ - ret = wc_AesSetKey(&dec, key1, sizeof(key1), iv1, AES_ENCRYPTION); - if (ret != 0) - return -4943; - #endif - - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesOfbEncrypt(&enc, cipher, plain1, AES_BLOCK_SIZE * 3); - if (ret != 0) - return -4944; - - if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 3)) - return -4945; - - #ifdef HAVE_AES_DECRYPT - ret = wc_AesOfbDecrypt(&dec, plain, cipher1, AES_BLOCK_SIZE * 3); - if (ret != 0) - return -4946; - - if (XMEMCMP(plain, plain1, AES_BLOCK_SIZE * 3)) - return -4947; - #endif /* HAVE_AES_DECRYPT */ - - /* inline decrypt/encrypt*/ - ret = wc_AesSetKey(&enc, key1, sizeof(key1), iv1, AES_ENCRYPTION); - if (ret != 0) - return -4948; - #ifdef HAVE_AES_DECRYPT - /* decrypt uses AES_ENCRYPTION */ - ret = wc_AesSetKey(&dec, key1, sizeof(key1), iv1, AES_ENCRYPTION); - if (ret != 0) - return -4949; - #endif - - XMEMCPY(cipher, plain1, AES_BLOCK_SIZE * 2); - ret = wc_AesOfbEncrypt(&enc, cipher, cipher, AES_BLOCK_SIZE * 2); - if (ret != 0) - return -4950; - - if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2)) - return -4951; - - #ifdef HAVE_AES_DECRYPT - ret = wc_AesOfbDecrypt(&dec, cipher, cipher, AES_BLOCK_SIZE * 2); - if (ret != 0) - return -4952; - - if (XMEMCMP(cipher, plain1, AES_BLOCK_SIZE * 2)) - return -4953; - #endif /* HAVE_AES_DECRYPT */ - - /* 256 key size test leftover support */ - ret = wc_AesSetKey(&enc, key1, sizeof(key1), iv1, AES_ENCRYPTION); - if (ret != 0) - return -4954; - #ifdef HAVE_AES_DECRYPT - /* decrypt uses AES_ENCRYPTION */ - ret = wc_AesSetKey(&dec, key1, sizeof(key1), iv1, AES_ENCRYPTION); - if (ret != 0) - return -4955; - #endif - - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesOfbEncrypt(&enc, cipher, plain1, 3); - if (ret != 0) - return -4956; - - if (XMEMCMP(cipher, cipher1, 3)) - return -4957; - - ret = wc_AesOfbEncrypt(&enc, cipher + 3, plain1 + 3, AES_BLOCK_SIZE); - if (ret != 0) - return -4958; - - if (XMEMCMP(cipher + 3, cipher1 + 3, AES_BLOCK_SIZE)) - return -4959; - - #ifdef HAVE_AES_DECRYPT - ret = wc_AesOfbDecrypt(&dec, plain, cipher1, 6); - if (ret != 0) - return -4960; - - if (XMEMCMP(plain, plain1, 6)) - return -4961; - - ret = wc_AesOfbDecrypt(&dec, plain + 6, cipher1 + 6, AES_BLOCK_SIZE); - if (ret != 0) - return -4962; - - if (XMEMCMP(plain + 6, plain1 + 6, AES_BLOCK_SIZE)) - return -4963; - #endif /* HAVE_AES_DECRYPT */ -#endif /* WOLFSSL_AES_256 */ - - return 0; - } -#endif /* WOLFSSL_AES_OFB */ - -#if defined(WOLFSSL_AES_CFB) - /* Test cases from NIST SP 800-38A, Recommendation for Block Cipher Modes of Operation Methods an*/ - static int aescfb_test(void) - { - Aes enc; - byte cipher[AES_BLOCK_SIZE * 4]; - #ifdef HAVE_AES_DECRYPT - Aes dec; - byte plain [AES_BLOCK_SIZE * 4]; - #endif - int ret = 0; - - const byte iv[] = { - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f - }; - -#ifdef WOLFSSL_AES_128 - const byte key1[] = - { - 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, - 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c - }; - - const byte cipher1[] = - { - 0x3b,0x3f,0xd9,0x2e,0xb7,0x2d,0xad,0x20, - 0x33,0x34,0x49,0xf8,0xe8,0x3c,0xfb,0x4a, - 0xc8,0xa6,0x45,0x37,0xa0,0xb3,0xa9,0x3f, - 0xcd,0xe3,0xcd,0xad,0x9f,0x1c,0xe5,0x8b, - 0x26,0x75,0x1f,0x67,0xa3,0xcb,0xb1,0x40, - 0xb1,0x80,0x8c,0xf1,0x87,0xa4,0xf4,0xdf - }; - - const byte msg1[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, - 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, - 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, - 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, - 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef - }; -#endif /* WOLFSSL_AES_128 */ - -#ifdef WOLFSSL_AES_192 - /* 192 size key test */ - const byte key2[] = - { - 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52, - 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5, - 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b - }; - - const byte cipher2[] = - { - 0xcd,0xc8,0x0d,0x6f,0xdd,0xf1,0x8c,0xab, - 0x34,0xc2,0x59,0x09,0xc9,0x9a,0x41,0x74, - 0x67,0xce,0x7f,0x7f,0x81,0x17,0x36,0x21, - 0x96,0x1a,0x2b,0x70,0x17,0x1d,0x3d,0x7a, - 0x2e,0x1e,0x8a,0x1d,0xd5,0x9b,0x88,0xb1, - 0xc8,0xe6,0x0f,0xed,0x1e,0xfa,0xc4,0xc9, - 0xc0,0x5f,0x9f,0x9c,0xa9,0x83,0x4f,0xa0, - 0x42,0xae,0x8f,0xba,0x58,0x4b,0x09,0xff - }; - - const byte msg2[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, - 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, - 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, - 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, - 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, - 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, - 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 - }; -#endif /* WOLFSSL_AES_192 */ - -#ifdef WOLFSSL_AES_256 - /* 256 size key simple test */ - const byte key3[] = - { - 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, - 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, - 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, - 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 - }; - - const byte cipher3[] = - { - 0xdc,0x7e,0x84,0xbf,0xda,0x79,0x16,0x4b, - 0x7e,0xcd,0x84,0x86,0x98,0x5d,0x38,0x60, - 0x39,0xff,0xed,0x14,0x3b,0x28,0xb1,0xc8, - 0x32,0x11,0x3c,0x63,0x31,0xe5,0x40,0x7b, - 0xdf,0x10,0x13,0x24,0x15,0xe5,0x4b,0x92, - 0xa1,0x3e,0xd0,0xa8,0x26,0x7a,0xe2,0xf9, - 0x75,0xa3,0x85,0x74,0x1a,0xb9,0xce,0xf8, - 0x20,0x31,0x62,0x3d,0x55,0xb1,0xe4,0x71 - }; - - const byte msg3[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, - 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, - 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, - 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, - 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, - 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, - 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 - }; -#endif /* WOLFSSL_AES_256 */ - - - if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) - return -4964; -#ifdef HAVE_AES_DECRYPT - if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) - return -4965; -#endif - -#ifdef WOLFSSL_AES_128 - /* 128 key tests */ - #if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - ret = EVP_test(EVP_aes_128_cfb128(), key1, iv, msg1, sizeof(msg1), - cipher1, sizeof(cipher1)); - if (ret != 0) { - return ret; - } - #endif - - ret = wc_AesSetKey(&enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); - if (ret != 0) - return -4966; - #ifdef HAVE_AES_DECRYPT - /* decrypt uses AES_ENCRYPTION */ - ret = wc_AesSetKey(&dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); - if (ret != 0) - return -4967; - #endif - - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesCfbEncrypt(&enc, cipher, msg1, AES_BLOCK_SIZE * 2); - if (ret != 0) - return -4968; - - if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2)) - return -4969; - - /* test restarting encryption process */ - ret = wc_AesCfbEncrypt(&enc, cipher + (AES_BLOCK_SIZE * 2), - msg1 + (AES_BLOCK_SIZE * 2), AES_BLOCK_SIZE); - if (ret != 0) - return -4970; - - if (XMEMCMP(cipher + (AES_BLOCK_SIZE * 2), - cipher1 + (AES_BLOCK_SIZE * 2), AES_BLOCK_SIZE)) - return -4971; - - #ifdef HAVE_AES_DECRYPT - ret = wc_AesCfbDecrypt(&dec, plain, cipher, AES_BLOCK_SIZE * 3); - if (ret != 0) - return -4972; - - if (XMEMCMP(plain, msg1, AES_BLOCK_SIZE * 3)) - return -4973; - #endif /* HAVE_AES_DECRYPT */ -#endif /* WOLFSSL_AES_128 */ - -#ifdef WOLFSSL_AES_192 - /* 192 key size test */ - #if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - ret = EVP_test(EVP_aes_192_cfb128(), key2, iv, msg2, sizeof(msg2), - cipher2, sizeof(cipher2)); - if (ret != 0) { - return ret; - } - #endif - - ret = wc_AesSetKey(&enc, key2, sizeof(key2), iv, AES_ENCRYPTION); - if (ret != 0) - return -4974; - #ifdef HAVE_AES_DECRYPT - /* decrypt uses AES_ENCRYPTION */ - ret = wc_AesSetKey(&dec, key2, sizeof(key2), iv, AES_ENCRYPTION); - if (ret != 0) - return -4975; - #endif - - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesCfbEncrypt(&enc, cipher, msg2, AES_BLOCK_SIZE * 4); - if (ret != 0) - return -4976; - - if (XMEMCMP(cipher, cipher2, AES_BLOCK_SIZE * 4)) - return -4977; - - #ifdef HAVE_AES_DECRYPT - ret = wc_AesCfbDecrypt(&dec, plain, cipher, AES_BLOCK_SIZE * 4); - if (ret != 0) - return -4978; - - if (XMEMCMP(plain, msg2, AES_BLOCK_SIZE * 4)) - return -4979; - #endif /* HAVE_AES_DECRYPT */ -#endif /* WOLFSSL_AES_192 */ - -#ifdef WOLFSSL_AES_256 - /* 256 key size test */ - #if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - ret = EVP_test(EVP_aes_256_cfb128(), key3, iv, msg3, sizeof(msg3), - cipher3, sizeof(cipher3)); - if (ret != 0) { - return ret; - } - #endif - ret = wc_AesSetKey(&enc, key3, sizeof(key3), iv, AES_ENCRYPTION); - if (ret != 0) - return -4980; - #ifdef HAVE_AES_DECRYPT - /* decrypt uses AES_ENCRYPTION */ - ret = wc_AesSetKey(&dec, key3, sizeof(key3), iv, AES_ENCRYPTION); - if (ret != 0) - return -4981; - #endif - - /* test with data left overs, magic lengths are checking near edges */ - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesCfbEncrypt(&enc, cipher, msg3, 4); - if (ret != 0) - return -4982; - - if (XMEMCMP(cipher, cipher3, 4)) - return -4983; - - ret = wc_AesCfbEncrypt(&enc, cipher + 4, msg3 + 4, 27); - if (ret != 0) - return -4984; - - if (XMEMCMP(cipher + 4, cipher3 + 4, 27)) - return -4985; - - ret = wc_AesCfbEncrypt(&enc, cipher + 31, msg3 + 31, - (AES_BLOCK_SIZE * 4) - 31); - if (ret != 0) - return -4986; - - if (XMEMCMP(cipher, cipher3, AES_BLOCK_SIZE * 4)) - return -4987; - - #ifdef HAVE_AES_DECRYPT - ret = wc_AesCfbDecrypt(&dec, plain, cipher, 4); - if (ret != 0) - return -4988; - - if (XMEMCMP(plain, msg3, 4)) - return -4989; - - ret = wc_AesCfbDecrypt(&dec, plain + 4, cipher + 4, 4); - if (ret != 0) - return -4990; - - ret = wc_AesCfbDecrypt(&dec, plain + 8, cipher + 8, 23); - if (ret != 0) - return -4991; - - if (XMEMCMP(plain + 4, msg3 + 4, 27)) - return -4992; - - ret = wc_AesCfbDecrypt(&dec, plain + 31, cipher + 31, - (AES_BLOCK_SIZE * 4) - 31); - if (ret != 0) - return -4993; - - if (XMEMCMP(plain, msg3, AES_BLOCK_SIZE * 4)) - return -4994; - #endif /* HAVE_AES_DECRYPT */ -#endif /* WOLFSSL_AES_256 */ - - return ret; - } - -#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - static int aescfb1_test(void) - { - Aes enc; - byte cipher[AES_BLOCK_SIZE]; - #ifdef HAVE_AES_DECRYPT - Aes dec; - byte plain [AES_BLOCK_SIZE]; - #endif - int ret = 0; - -#ifdef WOLFSSL_AES_128 - const byte iv[] = { - 0x4d,0xbb,0xdc,0xaa,0x59,0xf3,0x63,0xc9, - 0x2a,0x3b,0x98,0x43,0xad,0x20,0xe2,0xb7 - }; - - const byte key1[] = - { - 0xcd,0xef,0x9d,0x06,0x61,0xba,0xe4,0x73, - 0x8d,0x1a,0x58,0xa2,0xa6,0x22,0x8b,0x66 - }; - - const byte cipher1[] = - { - 0x00 - }; - - const byte msg1[] = - { - 0xC0 - }; -#endif /* WOLFSSL_AES_128 */ -#ifdef WOLFSSL_AES_192 - const byte iv2[] = { - 0x57,0xc6,0x89,0x7c,0x99,0x52,0x28,0x13, - 0xbf,0x67,0x9c,0xe1,0x13,0x70,0xaf,0x5e - }; - - const byte key2[] = - { - 0xba,0xa1,0x58,0xa1,0x6b,0x50,0x4a,0x10, - 0x8e,0xd4,0x33,0x2e,0xe7,0xf2,0x9b,0xf6, - 0xd1,0xac,0x46,0xa8,0xde,0x5a,0xfe,0x7a - }; - - const byte cipher2[] = - { - 0x30 - }; - - const byte msg2[] = - { - 0x80 - }; -#endif /* WOLFSSL_AES_192 */ -#ifdef WOLFSSL_AES_256 - const byte iv3[] = { - 0x63,0x2e,0x9f,0x83,0x1f,0xa3,0x80,0x5e, - 0x52,0x02,0xbc,0xe0,0x6d,0x04,0xf9,0xa0 - }; - - const byte key3[] = - { - 0xf6,0xfa,0xe4,0xf1,0x5d,0x91,0xfc,0x50, - 0x88,0x78,0x4f,0x84,0xa5,0x37,0x12,0x7e, - 0x32,0x63,0x55,0x9c,0x62,0x73,0x88,0x20, - 0xc2,0xcf,0x3d,0xe1,0x1c,0x2a,0x30,0x40 - }; - - const byte cipher3[] = - { - 0xF7, 0x00 - }; - - const byte msg3[] = - { - 0x41, 0xC0 - }; -#endif /* WOLFSSL_AES_256 */ - - if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) - return -4995; -#ifdef HAVE_AES_DECRYPT - if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) - return -4996; -#endif - -#ifdef WOLFSSL_AES_128 - /* 128 key tests */ - ret = wc_AesSetKey(&enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); - if (ret != 0) - return -4997; - #ifdef HAVE_AES_DECRYPT - /* decrypt uses AES_ENCRYPTION */ - ret = wc_AesSetKey(&dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); - if (ret != 0) - return -4998; - #endif - - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesCfb1Encrypt(&enc, cipher, msg1, 2); - if (ret != 0) - return -4999; - - if (cipher[0] != cipher1[0]) - return -5000; - - #ifdef HAVE_AES_DECRYPT - ret = wc_AesCfb1Decrypt(&dec, plain, cipher, 2); - if (ret != 0) - return -5001; - - if (plain[0] != msg1[0]) - return -5002; - #endif /* HAVE_AES_DECRYPT */ - - #ifdef OPENSSL_EXTRA - ret = wc_AesSetKey(&enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); - if (ret != 0) - return -5003; - - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesCfb1Encrypt(&enc, cipher, msg1, - sizeof(msg1) * WOLFSSL_BIT_SIZE); - if (ret != 0) - return -5004; - - ret = EVP_test(EVP_aes_128_cfb1(), key1, iv, msg1, sizeof(msg1), - cipher, sizeof(msg1)); - if (ret != 0) { - return ret; - } - #endif -#endif /* WOLFSSL_AES_128 */ -#ifdef WOLFSSL_AES_192 - /* 192 key tests */ - ret = wc_AesSetKey(&enc, key2, sizeof(key2), iv2, AES_ENCRYPTION); - if (ret != 0) - return -5005; - - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesCfb1Encrypt(&enc, cipher, msg2, 4); - if (ret != 0) - return -5006; - if (XMEMCMP(cipher, cipher2, sizeof(cipher2)) != 0) - return -5007; - - #ifdef OPENSSL_EXTRA - ret = wc_AesSetKey(&enc, key2, sizeof(key2), iv2, AES_ENCRYPTION); - if (ret != 0) - return -5008; - - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesCfb1Encrypt(&enc, cipher, msg2, - sizeof(msg2) * WOLFSSL_BIT_SIZE); - if (ret != 0) - return -5009; - - ret = EVP_test(EVP_aes_192_cfb1(), key2, iv2, msg2, sizeof(msg2), - cipher, sizeof(msg2)); - if (ret != 0) { - return ret; - } - #endif -#endif /* WOLFSSL_AES_192 */ - -#ifdef WOLFSSL_AES_256 - /* 256 key tests */ - ret = wc_AesSetKey(&enc, key3, sizeof(key3), iv3, AES_ENCRYPTION); - if (ret != 0) - return -5010; - - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesCfb1Encrypt(&enc, cipher, msg3, 10); - if (ret != 0) - return -5011; - if (XMEMCMP(cipher, cipher3, sizeof(cipher3)) != 0) - return -5012; - - #ifdef OPENSSL_EXTRA - ret = wc_AesSetKey(&enc, key3, sizeof(key3), iv3, AES_ENCRYPTION); - if (ret != 0) - return -5013; - - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesCfb1Encrypt(&enc, cipher, msg3, - sizeof(msg3) * WOLFSSL_BIT_SIZE); - if (ret != 0) - return -5014; - - ret = EVP_test(EVP_aes_256_cfb1(), key3, iv3, msg3, sizeof(msg3), - cipher, sizeof(msg3)); - if (ret != 0) { - return ret; - } - #endif -#endif /* WOLFSSL_AES_256 */ - return ret; - } - - static int aescfb8_test(void) - { - Aes enc; - byte cipher[AES_BLOCK_SIZE]; - #ifdef HAVE_AES_DECRYPT - Aes dec; - byte plain [AES_BLOCK_SIZE]; - #endif - int ret = 0; - -#ifdef WOLFSSL_AES_128 - const byte iv[] = { - 0xf4,0x75,0xc6,0x49,0x91,0xb2,0x0e,0xae, - 0xe1,0x83,0xa2,0x26,0x29,0xe2,0x1e,0x22 - }; - - const byte key1[] = - { - 0xc8,0xfe,0x9b,0xf7,0x7b,0x93,0x0f,0x46, - 0xd2,0x07,0x8b,0x8c,0x0e,0x65,0x7c,0xd4 - }; - - const byte cipher1[] = - { - 0xd2,0x76,0x91 - }; - - const byte msg1[] = - { - 0xc9,0x06,0x35 - }; -#endif /* WOLFSSL_AES_128 */ -#ifdef WOLFSSL_AES_192 - const byte iv2[] = { - 0x0a,0x02,0x84,0x6b,0x62,0xab,0xb6,0x93, - 0xef,0x31,0xd7,0x54,0x84,0x2e,0xed,0x29 - }; - - const byte key2[] = - { - 0xba,0xf0,0x8b,0x76,0x31,0x7a,0x65,0xc5, - 0xf0,0x7a,0xe6,0xf5,0x7e,0xb0,0xe6,0x54, - 0x88,0x65,0x93,0x24,0xd2,0x97,0x09,0xe3 - }; - - const byte cipher2[] = - { - 0x72,0x9c,0x0b,0x6d,0xeb,0x75,0xfa,0x6e, - 0xb5,0xe8 - }; - - const byte msg2[] = - { - 0x98,0x95,0x93,0x24,0x02,0x39,0x3d,0xc3, - 0x3a,0x60 - }; -#endif -#ifdef WOLFSSL_AES_256 - const byte iv3[] = { - 0x33,0x8c,0x55,0x2f,0xf1,0xec,0xa1,0x44, - 0x08,0xe0,0x5d,0x8c,0xf9,0xf3,0xb3,0x1b - }; - - const byte key3[] = - { - 0x06,0x48,0x74,0x09,0x2f,0x7a,0x13,0xcc, - 0x44,0x62,0x24,0x7a,0xd4,0x23,0xd0,0xe9, - 0x6e,0xdf,0x42,0xe8,0xb6,0x7a,0x5a,0x23, - 0xb7,0xa0,0xa6,0x47,0x7b,0x09,0x8e,0x66 - }; - - const byte cipher3[] = - { - 0x1c,0xff,0x95 - }; - - const byte msg3[] = - { - 0xb9,0x74,0xfa - }; -#endif - - if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) - return -5015; -#ifdef HAVE_AES_DECRYPT - if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) - return -5016; -#endif - -#ifdef WOLFSSL_AES_128 - /* 128 key tests */ - #ifdef OPENSSL_EXTRA - ret = EVP_test(EVP_aes_128_cfb8(), key1, iv, msg1, sizeof(msg1), - cipher1, sizeof(cipher1)); - if (ret != 0) { - return ret; - } - #endif - ret = wc_AesSetKey(&enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); - if (ret != 0) - return -5017; - #ifdef HAVE_AES_DECRYPT - /* decrypt uses AES_ENCRYPTION */ - ret = wc_AesSetKey(&dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); - if (ret != 0) - return -5018; - #endif - - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesCfb8Encrypt(&enc, cipher, msg1, sizeof(msg1)); - if (ret != 0) - return -5019; - - if (XMEMCMP(cipher, cipher1, sizeof(cipher1)) != 0) - return -5020; - - #ifdef HAVE_AES_DECRYPT - ret = wc_AesCfb8Decrypt(&dec, plain, cipher, sizeof(msg1)); - if (ret != 0) - return -5021; - - if (XMEMCMP(plain, msg1, sizeof(msg1)) != 0) - return -5022; - #endif /* HAVE_AES_DECRYPT */ -#endif /* WOLFSSL_AES_128 */ -#ifdef WOLFSSL_AES_192 - /* 192 key tests */ - ret = wc_AesSetKey(&enc, key2, sizeof(key2), iv2, AES_ENCRYPTION); - if (ret != 0) - return -5023; - - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesCfb8Encrypt(&enc, cipher, msg2, sizeof(msg2)); - if (ret != 0) - return -5024; - if (XMEMCMP(cipher, cipher2, sizeof(msg2)) != 0) - return -5025; -#ifdef OPENSSL_EXTRA - ret = EVP_test(EVP_aes_192_cfb8(), key2, iv2, msg2, sizeof(msg2), - cipher2, sizeof(msg2)); - if (ret != 0) { - return ret; - } -#endif - -#endif /* WOLFSSL_AES_192 */ - -#ifdef WOLFSSL_AES_256 - /* 256 key tests */ - ret = wc_AesSetKey(&enc, key3, sizeof(key3), iv3, AES_ENCRYPTION); - if (ret != 0) - return -5026; - - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesCfb8Encrypt(&enc, cipher, msg3, sizeof(msg3)); - if (ret != 0) - return -5027; - if (XMEMCMP(cipher, cipher3, sizeof(cipher3)) != 0) - return -5028; - - #ifdef OPENSSL_EXTRA - ret = EVP_test(EVP_aes_256_cfb8(), key3, iv3, msg3, sizeof(msg3), - cipher3, sizeof(msg3)); - if (ret != 0) { - return ret; - } - #endif -#endif /* WOLFSSL_AES_256 */ - - return ret; - } -#endif /* !HAVE_SELFTEST && !HAVE_FIPS */ -#endif /* WOLFSSL_AES_CFB */ - - -static int aes_key_size_test(void) -{ - int ret; - Aes aes; - byte key16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; - byte key24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 }; - byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; - byte iv[] = "1234567890abcdef"; -#ifndef HAVE_FIPS - word32 keySize; -#endif - -#if !defined(HAVE_FIPS) || \ - defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) - /* w/ FIPS v1 (cert 2425) wc_AesInit just returns 0 always as it's not - * supported with that FIPS version */ - ret = wc_AesInit(NULL, HEAP_HINT, devId); - if (ret != BAD_FUNC_ARG) - return -5100; -#endif - - ret = wc_AesInit(&aes, HEAP_HINT, devId); - /* 0 check OK for FIPSv1 */ - if (ret != 0) - return -5101; - -#ifndef HAVE_FIPS - /* Parameter Validation testing. */ - ret = wc_AesGetKeySize(NULL, NULL); - if (ret != BAD_FUNC_ARG) - return -5102; - ret = wc_AesGetKeySize(&aes, NULL); - if (ret != BAD_FUNC_ARG) - return -5103; - ret = wc_AesGetKeySize(NULL, &keySize); - if (ret != BAD_FUNC_ARG) - return -5104; - /* Crashes in FIPS */ - ret = wc_AesSetKey(NULL, key16, sizeof(key16), iv, AES_ENCRYPTION); - if (ret != BAD_FUNC_ARG) - return -5105; -#endif - /* NULL IV indicates to use all zeros IV. */ - ret = wc_AesSetKey(&aes, key16, sizeof(key16), NULL, AES_ENCRYPTION); -#ifdef WOLFSSL_AES_128 - if (ret != 0) -#else - if (ret != BAD_FUNC_ARG) -#endif - return -5106; - ret = wc_AesSetKey(&aes, key32, sizeof(key32) - 1, iv, AES_ENCRYPTION); - if (ret != BAD_FUNC_ARG) - return -5107; -/* CryptoCell handles rounds internally */ -#if !defined(HAVE_FIPS) && !defined(WOLFSSL_CRYPTOCELL) - /* Force invalid rounds */ - aes.rounds = 16; - ret = wc_AesGetKeySize(&aes, &keySize); - if (ret != BAD_FUNC_ARG) - return -5108; -#endif - - ret = wc_AesSetKey(&aes, key16, sizeof(key16), iv, AES_ENCRYPTION); -#ifdef WOLFSSL_AES_128 - if (ret != 0) -#else - if (ret != BAD_FUNC_ARG) -#endif - return -5109; -#if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_128) - ret = wc_AesGetKeySize(&aes, &keySize); - if (ret != 0 || keySize != sizeof(key16)) - return -5110; -#endif - - ret = wc_AesSetKey(&aes, key24, sizeof(key24), iv, AES_ENCRYPTION); -#ifdef WOLFSSL_AES_192 - if (ret != 0) -#else - if (ret != BAD_FUNC_ARG) -#endif - return -5111; -#if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_192) - ret = wc_AesGetKeySize(&aes, &keySize); - if (ret != 0 || keySize != sizeof(key24)) - return -5112; -#endif - - ret = wc_AesSetKey(&aes, key32, sizeof(key32), iv, AES_ENCRYPTION); -#ifdef WOLFSSL_AES_256 - if (ret != 0) -#else - if (ret != BAD_FUNC_ARG) -#endif - return -5113; -#if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_256) - ret = wc_AesGetKeySize(&aes, &keySize); - if (ret != 0 || keySize != sizeof(key32)) - return -5114; -#endif - - return 0; -} - -#if defined(WOLFSSL_AES_XTS) -/* test vectors from http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html */ -#ifdef WOLFSSL_AES_128 -static int aes_xts_128_test(void) -{ - XtsAes aes; - int ret = 0; - unsigned char buf[AES_BLOCK_SIZE * 2]; - unsigned char cipher[AES_BLOCK_SIZE * 2]; - - /* 128 key tests */ - static unsigned char k1[] = { - 0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35, - 0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62, - 0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18, - 0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f - }; - - static unsigned char i1[] = { - 0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6, - 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5 - }; - - static unsigned char p1[] = { - 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d, - 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c - }; - - /* plain text test of partial block is not from NIST test vector list */ - static unsigned char pp[] = { - 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d, - 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c, - 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5 - }; - - static unsigned char c1[] = { - 0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a, - 0x82, 0x50, 0x81, 0xd5, 0xbe, 0x47, 0x1c, 0x63 - }; - - static unsigned char k2[] = { - 0x39, 0x25, 0x79, 0x05, 0xdf, 0xcc, 0x77, 0x76, - 0x6c, 0x87, 0x0a, 0x80, 0x6a, 0x60, 0xe3, 0xc0, - 0x93, 0xd1, 0x2a, 0xcf, 0xcb, 0x51, 0x42, 0xfa, - 0x09, 0x69, 0x89, 0x62, 0x5b, 0x60, 0xdb, 0x16 - }; - - static unsigned char i2[] = { - 0x5c, 0xf7, 0x9d, 0xb6, 0xc5, 0xcd, 0x99, 0x1a, - 0x1c, 0x78, 0x81, 0x42, 0x24, 0x95, 0x1e, 0x84 - }; - - static unsigned char p2[] = { - 0xbd, 0xc5, 0x46, 0x8f, 0xbc, 0x8d, 0x50, 0xa1, - 0x0d, 0x1c, 0x85, 0x7f, 0x79, 0x1c, 0x5c, 0xba, - 0xb3, 0x81, 0x0d, 0x0d, 0x73, 0xcf, 0x8f, 0x20, - 0x46, 0xb1, 0xd1, 0x9e, 0x7d, 0x5d, 0x8a, 0x56 - }; - - static unsigned char c2[] = { - 0xd6, 0xbe, 0x04, 0x6d, 0x41, 0xf2, 0x3b, 0x5e, - 0xd7, 0x0b, 0x6b, 0x3d, 0x5c, 0x8e, 0x66, 0x23, - 0x2b, 0xe6, 0xb8, 0x07, 0xd4, 0xdc, 0xc6, 0x0e, - 0xff, 0x8d, 0xbc, 0x1d, 0x9f, 0x7f, 0xc8, 0x22 - }; - -#ifdef OPENSSL_EXTRA - ret = EVP_test(EVP_aes_128_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2)); - if (ret != 0) { - printf("EVP_aes_128_xts failed!\n"); - return ret; - } -#endif - - XMEMSET(buf, 0, sizeof(buf)); - if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_ENCRYPTION, - HEAP_HINT, devId) != 0) - return -5200; - - ret = wc_AesXtsEncrypt(&aes, buf, p2, sizeof(p2), i2, sizeof(i2)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5201; - if (XMEMCMP(c2, buf, sizeof(c2))) - return -5202; - - XMEMSET(buf, 0, sizeof(buf)); - if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_ENCRYPTION, - HEAP_HINT, devId) != 0) - return -5203; - ret = wc_AesXtsEncrypt(&aes, buf, p1, sizeof(p1), i1, sizeof(i1)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5204; - if (XMEMCMP(c1, buf, AES_BLOCK_SIZE)) - return -5205; - - /* partial block encryption test */ - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesXtsEncrypt(&aes, cipher, pp, sizeof(pp), i1, sizeof(i1)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5206; - wc_AesXtsFree(&aes); - - /* partial block decrypt test */ - XMEMSET(buf, 0, sizeof(buf)); - if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_DECRYPTION, - HEAP_HINT, devId) != 0) - return -5207; - ret = wc_AesXtsDecrypt(&aes, buf, cipher, sizeof(pp), i1, sizeof(i1)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5208; - if (XMEMCMP(pp, buf, sizeof(pp))) - return -5209; - - /* NIST decrypt test vector */ - XMEMSET(buf, 0, sizeof(buf)); - ret = wc_AesXtsDecrypt(&aes, buf, c1, sizeof(c1), i1, sizeof(i1)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5210; - if (XMEMCMP(p1, buf, AES_BLOCK_SIZE)) - return -5211; - - /* fail case with decrypting using wrong key */ - XMEMSET(buf, 0, sizeof(buf)); - ret = wc_AesXtsDecrypt(&aes, buf, c2, sizeof(c2), i2, sizeof(i2)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5212; - if (XMEMCMP(p2, buf, sizeof(p2)) == 0) /* fail case with wrong key */ - return -5213; - - /* set correct key and retest */ - XMEMSET(buf, 0, sizeof(buf)); - if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_DECRYPTION, - HEAP_HINT, devId) != 0) - return -5214; - ret = wc_AesXtsDecrypt(&aes, buf, c2, sizeof(c2), i2, sizeof(i2)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5215; - if (XMEMCMP(p2, buf, sizeof(p2))) - return -5216; - wc_AesXtsFree(&aes); - - return ret; -} -#endif /* WOLFSSL_AES_128 */ - - -#ifdef WOLFSSL_AES_256 -static int aes_xts_256_test(void) -{ - XtsAes aes; - int ret = 0; - unsigned char buf[AES_BLOCK_SIZE * 3]; - unsigned char cipher[AES_BLOCK_SIZE * 3]; - - /* 256 key tests */ - static unsigned char k1[] = { - 0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e, - 0x48, 0x01, 0xe4, 0x2f, 0x4b, 0x09, 0x47, 0x14, - 0x9e, 0x7f, 0x9f, 0x8e, 0x3e, 0x68, 0xd0, 0xc7, - 0x50, 0x52, 0x10, 0xbd, 0x31, 0x1a, 0x0e, 0x7c, - 0xd6, 0xe1, 0x3f, 0xfd, 0xf2, 0x41, 0x8d, 0x8d, - 0x19, 0x11, 0xc0, 0x04, 0xcd, 0xa5, 0x8d, 0xa3, - 0xd6, 0x19, 0xb7, 0xe2, 0xb9, 0x14, 0x1e, 0x58, - 0x31, 0x8e, 0xea, 0x39, 0x2c, 0xf4, 0x1b, 0x08 - }; - - static unsigned char i1[] = { - 0xad, 0xf8, 0xd9, 0x26, 0x27, 0x46, 0x4a, 0xd2, - 0xf0, 0x42, 0x8e, 0x84, 0xa9, 0xf8, 0x75, 0x64 - }; - - static unsigned char p1[] = { - 0x2e, 0xed, 0xea, 0x52, 0xcd, 0x82, 0x15, 0xe1, - 0xac, 0xc6, 0x47, 0xe8, 0x10, 0xbb, 0xc3, 0x64, - 0x2e, 0x87, 0x28, 0x7f, 0x8d, 0x2e, 0x57, 0xe3, - 0x6c, 0x0a, 0x24, 0xfb, 0xc1, 0x2a, 0x20, 0x2e - }; - - /* plain text test of partial block is not from NIST test vector list */ - static unsigned char pp[] = { - 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d, - 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c, - 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5 - }; - - static unsigned char c1[] = { - 0xcb, 0xaa, 0xd0, 0xe2, 0xf6, 0xce, 0xa3, 0xf5, - 0x0b, 0x37, 0xf9, 0x34, 0xd4, 0x6a, 0x9b, 0x13, - 0x0b, 0x9d, 0x54, 0xf0, 0x7e, 0x34, 0xf3, 0x6a, - 0xf7, 0x93, 0xe8, 0x6f, 0x73, 0xc6, 0xd7, 0xdb - }; - - static unsigned char k2[] = { - 0xad, 0x50, 0x4b, 0x85, 0xd7, 0x51, 0xbf, 0xba, - 0x69, 0x13, 0xb4, 0xcc, 0x79, 0xb6, 0x5a, 0x62, - 0xf7, 0xf3, 0x9d, 0x36, 0x0f, 0x35, 0xb5, 0xec, - 0x4a, 0x7e, 0x95, 0xbd, 0x9b, 0xa5, 0xf2, 0xec, - 0xc1, 0xd7, 0x7e, 0xa3, 0xc3, 0x74, 0xbd, 0x4b, - 0x13, 0x1b, 0x07, 0x83, 0x87, 0xdd, 0x55, 0x5a, - 0xb5, 0xb0, 0xc7, 0xe5, 0x2d, 0xb5, 0x06, 0x12, - 0xd2, 0xb5, 0x3a, 0xcb, 0x47, 0x8a, 0x53, 0xb4 - }; - - static unsigned char i2[] = { - 0xe6, 0x42, 0x19, 0xed, 0xe0, 0xe1, 0xc2, 0xa0, - 0x0e, 0xf5, 0x58, 0x6a, 0xc4, 0x9b, 0xeb, 0x6f - }; - - static unsigned char p2[] = { - 0x24, 0xcb, 0x76, 0x22, 0x55, 0xb5, 0xa8, 0x00, - 0xf4, 0x6e, 0x80, 0x60, 0x56, 0x9e, 0x05, 0x53, - 0xbc, 0xfe, 0x86, 0x55, 0x3b, 0xca, 0xd5, 0x89, - 0xc7, 0x54, 0x1a, 0x73, 0xac, 0xc3, 0x9a, 0xbd, - 0x53, 0xc4, 0x07, 0x76, 0xd8, 0xe8, 0x22, 0x61, - 0x9e, 0xa9, 0xad, 0x77, 0xa0, 0x13, 0x4c, 0xfc - }; - - static unsigned char c2[] = { - 0xa3, 0xc6, 0xf3, 0xf3, 0x82, 0x79, 0x5b, 0x10, - 0x87, 0xd7, 0x02, 0x50, 0xdb, 0x2c, 0xd3, 0xb1, - 0xa1, 0x62, 0xa8, 0xb6, 0xdc, 0x12, 0x60, 0x61, - 0xc1, 0x0a, 0x84, 0xa5, 0x85, 0x3f, 0x3a, 0x89, - 0xe6, 0x6c, 0xdb, 0xb7, 0x9a, 0xb4, 0x28, 0x9b, - 0xc3, 0xea, 0xd8, 0x10, 0xe9, 0xc0, 0xaf, 0x92 - }; - -#ifdef OPENSSL_EXTRA - ret = EVP_test(EVP_aes_256_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2)); - if (ret != 0) { - printf("EVP_aes_256_xts failed\n"); - return ret; - } -#endif - - XMEMSET(buf, 0, sizeof(buf)); - if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_ENCRYPTION, - HEAP_HINT, devId) != 0) - return -5300; - ret = wc_AesXtsEncrypt(&aes, buf, p2, sizeof(p2), i2, sizeof(i2)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5301; - if (XMEMCMP(c2, buf, sizeof(c2))) - return -5302; - - XMEMSET(buf, 0, sizeof(buf)); - if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_ENCRYPTION, - HEAP_HINT, devId) != 0) - return -5303; - ret = wc_AesXtsEncrypt(&aes, buf, p1, sizeof(p1), i1, sizeof(i1)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5304; - if (XMEMCMP(c1, buf, AES_BLOCK_SIZE)) - return -5305; - - /* partial block encryption test */ - XMEMSET(cipher, 0, sizeof(cipher)); - ret = wc_AesXtsEncrypt(&aes, cipher, pp, sizeof(pp), i1, sizeof(i1)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5306; - wc_AesXtsFree(&aes); - - /* partial block decrypt test */ - XMEMSET(buf, 0, sizeof(buf)); - if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_DECRYPTION, - HEAP_HINT, devId) != 0) - return -5307; - ret = wc_AesXtsDecrypt(&aes, buf, cipher, sizeof(pp), i1, sizeof(i1)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5308; - if (XMEMCMP(pp, buf, sizeof(pp))) - return -5309; - - /* NIST decrypt test vector */ - XMEMSET(buf, 0, sizeof(buf)); - ret = wc_AesXtsDecrypt(&aes, buf, c1, sizeof(c1), i1, sizeof(i1)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5310; - if (XMEMCMP(p1, buf, AES_BLOCK_SIZE)) - return -5311; - - XMEMSET(buf, 0, sizeof(buf)); - if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_DECRYPTION, - HEAP_HINT, devId) != 0) - return -5312; - ret = wc_AesXtsDecrypt(&aes, buf, c2, sizeof(c2), i2, sizeof(i2)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5313; - if (XMEMCMP(p2, buf, sizeof(p2))) - return -5314; - wc_AesXtsFree(&aes); - - return ret; -} -#endif /* WOLFSSL_AES_256 */ - - -#if defined(WOLFSSL_AES_128) && defined(WOLFSSL_AES_256) -/* both 128 and 256 bit key test */ -static int aes_xts_sector_test(void) -{ - XtsAes aes; - int ret = 0; - unsigned char buf[AES_BLOCK_SIZE * 2]; - - /* 128 key tests */ - static unsigned char k1[] = { - 0xa3, 0xe4, 0x0d, 0x5b, 0xd4, 0xb6, 0xbb, 0xed, - 0xb2, 0xd1, 0x8c, 0x70, 0x0a, 0xd2, 0xdb, 0x22, - 0x10, 0xc8, 0x11, 0x90, 0x64, 0x6d, 0x67, 0x3c, - 0xbc, 0xa5, 0x3f, 0x13, 0x3e, 0xab, 0x37, 0x3c - }; - - static unsigned char p1[] = { - 0x20, 0xe0, 0x71, 0x94, 0x05, 0x99, 0x3f, 0x09, - 0xa6, 0x6a, 0xe5, 0xbb, 0x50, 0x0e, 0x56, 0x2c - }; - - static unsigned char c1[] = { - 0x74, 0x62, 0x35, 0x51, 0x21, 0x02, 0x16, 0xac, - 0x92, 0x6b, 0x96, 0x50, 0xb6, 0xd3, 0xfa, 0x52 - }; - word64 s1 = 141; - - /* 256 key tests */ - static unsigned char k2[] = { - 0xef, 0x01, 0x0c, 0xa1, 0xa3, 0x66, 0x3e, 0x32, - 0x53, 0x43, 0x49, 0xbc, 0x0b, 0xae, 0x62, 0x23, - 0x2a, 0x15, 0x73, 0x34, 0x85, 0x68, 0xfb, 0x9e, - 0xf4, 0x17, 0x68, 0xa7, 0x67, 0x4f, 0x50, 0x7a, - 0x72, 0x7f, 0x98, 0x75, 0x53, 0x97, 0xd0, 0xe0, - 0xaa, 0x32, 0xf8, 0x30, 0x33, 0x8c, 0xc7, 0xa9, - 0x26, 0xc7, 0x73, 0xf0, 0x9e, 0x57, 0xb3, 0x57, - 0xcd, 0x15, 0x6a, 0xfb, 0xca, 0x46, 0xe1, 0xa0 - }; - - static unsigned char p2[] = { - 0xed, 0x98, 0xe0, 0x17, 0x70, 0xa8, 0x53, 0xb4, - 0x9d, 0xb9, 0xe6, 0xaa, 0xf8, 0x8f, 0x0a, 0x41, - 0xb9, 0xb5, 0x6e, 0x91, 0xa5, 0xa2, 0xb1, 0x1d, - 0x40, 0x52, 0x92, 0x54, 0xf5, 0x52, 0x3e, 0x75 - }; - - static unsigned char c2[] = { - 0xca, 0x20, 0xc5, 0x5e, 0x8d, 0xc1, 0x49, 0x68, - 0x7d, 0x25, 0x41, 0xde, 0x39, 0xc3, 0xdf, 0x63, - 0x00, 0xbb, 0x5a, 0x16, 0x3c, 0x10, 0xce, 0xd3, - 0x66, 0x6b, 0x13, 0x57, 0xdb, 0x8b, 0xd3, 0x9d - }; - word64 s2 = 187; - - XMEMSET(buf, 0, sizeof(buf)); - if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_ENCRYPTION, - HEAP_HINT, devId) != 0) - return -5400; - ret = wc_AesXtsEncryptSector(&aes, buf, p1, sizeof(p1), s1); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5401; - if (XMEMCMP(c1, buf, AES_BLOCK_SIZE)) - return -5402; - - /* decrypt test */ - XMEMSET(buf, 0, sizeof(buf)); - if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_DECRYPTION, - HEAP_HINT, devId) != 0) - return -5403; - ret = wc_AesXtsDecryptSector(&aes, buf, c1, sizeof(c1), s1); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5404; - if (XMEMCMP(p1, buf, AES_BLOCK_SIZE)) - return -5405; - wc_AesXtsFree(&aes); - - /* 256 bit key tests */ - XMEMSET(buf, 0, sizeof(buf)); - if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_ENCRYPTION, - HEAP_HINT, devId) != 0) - return -5406; - ret = wc_AesXtsEncryptSector(&aes, buf, p2, sizeof(p2), s2); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5407; - if (XMEMCMP(c2, buf, sizeof(c2))) - return -5408; - - /* decrypt test */ - XMEMSET(buf, 0, sizeof(buf)); - if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_DECRYPTION, - HEAP_HINT, devId) != 0) - return -5409; - ret = wc_AesXtsDecryptSector(&aes, buf, c2, sizeof(c2), s2); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5410; - if (XMEMCMP(p2, buf, sizeof(p2))) - return -5411; - wc_AesXtsFree(&aes); - - return ret; -} -#endif /* WOLFSSL_AES_128 && WOLFSSL_AES_256 */ - - -#ifdef WOLFSSL_AES_128 -/* testing of bad arguments */ -static int aes_xts_args_test(void) -{ - XtsAes aes; - int ret = 0; - unsigned char buf[AES_BLOCK_SIZE * 2]; - - /* 128 key tests */ - static unsigned char k1[] = { - 0xa3, 0xe4, 0x0d, 0x5b, 0xd4, 0xb6, 0xbb, 0xed, - 0xb2, 0xd1, 0x8c, 0x70, 0x0a, 0xd2, 0xdb, 0x22, - 0x10, 0xc8, 0x11, 0x90, 0x64, 0x6d, 0x67, 0x3c, - 0xbc, 0xa5, 0x3f, 0x13, 0x3e, 0xab, 0x37, 0x3c - }; - - static unsigned char p1[] = { - 0x20, 0xe0, 0x71, 0x94, 0x05, 0x99, 0x3f, 0x09, - 0xa6, 0x6a, 0xe5, 0xbb, 0x50, 0x0e, 0x56, 0x2c - }; - - static unsigned char c1[] = { - 0x74, 0x62, 0x35, 0x51, 0x21, 0x02, 0x16, 0xac, - 0x92, 0x6b, 0x96, 0x50, 0xb6, 0xd3, 0xfa, 0x52 - }; - word64 s1 = 141; - - if (wc_AesXtsSetKey(NULL, k1, sizeof(k1), AES_ENCRYPTION, - HEAP_HINT, devId) == 0) - return -5500; - if (wc_AesXtsSetKey(&aes, NULL, sizeof(k1), AES_ENCRYPTION, - HEAP_HINT, devId) == 0) - return -5501; - - /* encryption operations */ - if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_ENCRYPTION, - HEAP_HINT, devId) != 0) - return -5502; - ret = wc_AesXtsEncryptSector(NULL, buf, p1, sizeof(p1), s1); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret == 0) - return -5503; - - ret = wc_AesXtsEncryptSector(&aes, NULL, p1, sizeof(p1), s1); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret == 0) - return -5504; - wc_AesXtsFree(&aes); - - /* decryption operations */ - if (wc_AesXtsSetKey(&aes, k1, sizeof(k1), AES_DECRYPTION, - HEAP_HINT, devId) != 0) - return -5505; - ret = wc_AesXtsDecryptSector(NULL, buf, c1, sizeof(c1), s1); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret == 0) - return -5506; - - ret = wc_AesXtsDecryptSector(&aes, NULL, c1, sizeof(c1), s1); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret == 0) - return -5507; - wc_AesXtsFree(&aes); - - return 0; -} -#endif /* WOLFSSL_AES_128 */ -#endif /* WOLFSSL_AES_XTS */ - -#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) -static int aes_cbc_test(void) -{ - byte cipher[AES_BLOCK_SIZE]; - byte plain[AES_BLOCK_SIZE]; - int ret; - const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */ - 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, - 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, - 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 - }; - byte key[] = "0123456789abcdef "; /* align */ - byte iv[] = "1234567890abcdef "; /* align */ - - XMEMSET(cipher, 0, AES_BLOCK_SIZE); - XMEMSET(plain, 0, AES_BLOCK_SIZE); - - /* Parameter Validation testing. */ - ret = wc_AesCbcEncryptWithKey(cipher, msg, AES_BLOCK_SIZE, key, 17, NULL); - if (ret != BAD_FUNC_ARG) - return -5600; -#ifdef HAVE_AES_DECRYPT - ret = wc_AesCbcDecryptWithKey(plain, cipher, AES_BLOCK_SIZE, key, 17, NULL); - if (ret != BAD_FUNC_ARG) - return -5601; -#endif - - ret = wc_AesCbcEncryptWithKey(cipher, msg, AES_BLOCK_SIZE, key, - AES_BLOCK_SIZE, iv); - if (ret != 0) - return -5602; -#ifdef HAVE_AES_DECRYPT - ret = wc_AesCbcDecryptWithKey(plain, cipher, AES_BLOCK_SIZE, key, - AES_BLOCK_SIZE, iv); - if (ret != 0) - return -5603; - if (XMEMCMP(plain, msg, AES_BLOCK_SIZE) != 0) - return -5604; -#endif /* HAVE_AES_DECRYPT */ - - (void)plain; - return 0; -} -#endif - -static int aes_test(void) -{ -#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT) - Aes enc; - byte cipher[AES_BLOCK_SIZE * 4]; -#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT) - Aes dec; - byte plain [AES_BLOCK_SIZE * 4]; -#endif -#endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER */ - int ret = 0; - -#ifdef HAVE_AES_CBC -#ifdef WOLFSSL_AES_128 - const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */ - 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, - 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, - 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 - }; - - const byte verify[] = - { - 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53, - 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb - }; - - byte key[] = "0123456789abcdef "; /* align */ - byte iv[] = "1234567890abcdef "; /* align */ - - if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) - return -5700; -#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) - if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) - return -5701; -#endif - ret = wc_AesSetKey(&enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); - if (ret != 0) - return -5702; -#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) - ret = wc_AesSetKey(&dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION); - if (ret != 0) - return -5703; -#endif - - XMEMSET(cipher, 0, AES_BLOCK_SIZE * 4); - ret = wc_AesCbcEncrypt(&enc, cipher, msg, AES_BLOCK_SIZE); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5704; -#ifdef HAVE_AES_DECRYPT - XMEMSET(plain, 0, AES_BLOCK_SIZE * 4); - ret = wc_AesCbcDecrypt(&dec, plain, cipher, AES_BLOCK_SIZE); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5705; - - if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) - return -5706; -#endif /* HAVE_AES_DECRYPT */ - if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) - return -5707; -#endif /* WOLFSSL_AES_128 */ - -#if defined(WOLFSSL_AESNI) && defined(HAVE_AES_DECRYPT) - { - const byte bigMsg[] = { - /* "All work and no play makes Jack a dull boy. " */ - 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b, - 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20, - 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, - 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20, - 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62, - 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20, - 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64, - 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79, - 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a, - 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75, - 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20, - 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b, - 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20, - 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, - 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20, - 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62, - 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20, - 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64, - 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79, - 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a, - 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75, - 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20, - 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b, - 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20, - 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, - 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20, - 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62, - 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20, - 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64, - 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79, - 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a, - 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75, - 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20, - 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b, - 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20, - 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, - 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20, - 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62, - 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20, - 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64, - 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79, - 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a, - 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75, - 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20, - 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b, - 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20, - 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, - 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20 - }; - const byte bigKey[] = "0123456789abcdeffedcba9876543210"; - byte bigCipher[sizeof(bigMsg)]; - byte bigPlain[sizeof(bigMsg)]; - word32 keySz, msgSz; - - /* Iterate from one AES_BLOCK_SIZE of bigMsg through the whole - * message by AES_BLOCK_SIZE for each size of AES key. */ - for (keySz = 16; keySz <= 32; keySz += 8) { - for (msgSz = AES_BLOCK_SIZE; - msgSz <= sizeof(bigMsg); - msgSz += AES_BLOCK_SIZE) { - - XMEMSET(bigCipher, 0, sizeof(bigCipher)); - XMEMSET(bigPlain, 0, sizeof(bigPlain)); - ret = wc_AesSetKey(&enc, bigKey, keySz, iv, AES_ENCRYPTION); - if (ret != 0) - return -5708; - ret = wc_AesSetKey(&dec, bigKey, keySz, iv, AES_DECRYPTION); - if (ret != 0) - return -5709; - - ret = wc_AesCbcEncrypt(&enc, bigCipher, bigMsg, msgSz); - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); - #endif - if (ret != 0) - return -5710; - - ret = wc_AesCbcDecrypt(&dec, bigPlain, bigCipher, msgSz); - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); - #endif - if (ret != 0) - return -5711; - - if (XMEMCMP(bigPlain, bigMsg, msgSz)) - return -5712; - } - } - } -#endif /* WOLFSSL_AESNI && HAVE_AES_DECRYPT */ - - /* Test of AES IV state with encrypt/decrypt */ -#ifdef WOLFSSL_AES_128 - { - /* Test Vector from "NIST Special Publication 800-38A, 2001 Edition" - * https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38a.pdf - */ - const byte msg2[] = - { - 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, - 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, - 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, - 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51 - }; - - const byte verify2[] = - { - 0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46, - 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d, - 0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee, - 0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2 - }; - byte key2[] = { - 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, - 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c - }; - byte iv2[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f - }; - - - ret = wc_AesSetKey(&enc, key2, sizeof(key2), iv2, AES_ENCRYPTION); - if (ret != 0) - return -5713; - XMEMSET(cipher, 0, AES_BLOCK_SIZE * 2); - ret = wc_AesCbcEncrypt(&enc, cipher, msg2, AES_BLOCK_SIZE); - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); - #endif - if (ret != 0) - return -5714; - if (XMEMCMP(cipher, verify2, AES_BLOCK_SIZE)) - return -5715; - - ret = wc_AesCbcEncrypt(&enc, cipher + AES_BLOCK_SIZE, - msg2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE); - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); - #endif - if (ret != 0) - return -5716; - if (XMEMCMP(cipher + AES_BLOCK_SIZE, verify2 + AES_BLOCK_SIZE, - AES_BLOCK_SIZE)) - return -5717; - - #if defined(HAVE_AES_DECRYPT) - ret = wc_AesSetKey(&dec, key2, sizeof(key2), iv2, AES_DECRYPTION); - if (ret != 0) - return -5718; - XMEMSET(plain, 0, AES_BLOCK_SIZE * 2); - ret = wc_AesCbcDecrypt(&dec, plain, verify2, AES_BLOCK_SIZE); - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); - #endif - if (ret != 0) - return -5719; - if (XMEMCMP(plain, msg2, AES_BLOCK_SIZE)) - return -5720; - - ret = wc_AesCbcDecrypt(&dec, plain + AES_BLOCK_SIZE, - verify2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE); - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); - #endif - if (ret != 0) - return -5721; - if (XMEMCMP(plain + AES_BLOCK_SIZE, msg2 + AES_BLOCK_SIZE, - AES_BLOCK_SIZE)) - return -5722; - - #endif /* HAVE_AES_DECRYPT */ - } -#endif /* WOLFSSL_AES_128 */ -#endif /* HAVE_AES_CBC */ - -#ifdef WOLFSSL_AES_COUNTER - { - /* test vectors from "Recommendation for Block Cipher Modes of - * Operation" NIST Special Publication 800-38A */ - - const byte ctrIv[] = - { - 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, - 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff - }; - - const byte ctrPlain[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, - 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, - 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, - 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, - 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, - 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, - 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 - }; - -#ifdef WOLFSSL_AES_128 - const byte oddCipher[] = - { - 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0, - 0xc2 - }; - - const byte ctr128Key[] = - { - 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, - 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c - }; - - const byte ctr128Cipher[] = - { - 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26, - 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce, - 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff, - 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff, - 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e, - 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab, - 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1, - 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee - }; -#endif /* WOLFSSL_AES_128 */ - -#ifdef WOLFSSL_AES_192 - const byte ctr192Key[] = - { - 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52, - 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5, - 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b - }; - - const byte ctr192Cipher[] = - { - 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2, - 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b, - 0x09,0x03,0x39,0xec,0x0a,0xa6,0xfa,0xef, - 0xd5,0xcc,0xc2,0xc6,0xf4,0xce,0x8e,0x94, - 0x1e,0x36,0xb2,0x6b,0xd1,0xeb,0xc6,0x70, - 0xd1,0xbd,0x1d,0x66,0x56,0x20,0xab,0xf7, - 0x4f,0x78,0xa7,0xf6,0xd2,0x98,0x09,0x58, - 0x5a,0x97,0xda,0xec,0x58,0xc6,0xb0,0x50 - }; -#endif -#ifdef WOLFSSL_AES_256 - const byte ctr256Key[] = - { - 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, - 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, - 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, - 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 - }; - - const byte ctr256Cipher[] = - { - 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5, - 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28, - 0xf4,0x43,0xe3,0xca,0x4d,0x62,0xb5,0x9a, - 0xca,0x84,0xe9,0x90,0xca,0xca,0xf5,0xc5, - 0x2b,0x09,0x30,0xda,0xa2,0x3d,0xe9,0x4c, - 0xe8,0x70,0x17,0xba,0x2d,0x84,0x98,0x8d, - 0xdf,0xc9,0xc5,0x8d,0xb6,0x7a,0xad,0xa6, - 0x13,0xc2,0xdd,0x08,0x45,0x79,0x41,0xa6 - }; -#endif - -#ifdef WOLFSSL_AES_128 - wc_AesSetKeyDirect(&enc, ctr128Key, sizeof(ctr128Key), - ctrIv, AES_ENCRYPTION); - /* Ctr only uses encrypt, even on key setup */ - wc_AesSetKeyDirect(&dec, ctr128Key, sizeof(ctr128Key), - ctrIv, AES_ENCRYPTION); - - ret = wc_AesCtrEncrypt(&enc, cipher, ctrPlain, sizeof(ctrPlain)); - if (ret != 0) { - return -5723; - } - ret = wc_AesCtrEncrypt(&dec, plain, cipher, sizeof(ctrPlain)); - if (ret != 0) { - return -5724; - } - if (XMEMCMP(plain, ctrPlain, sizeof(ctrPlain))) - return -5725; - - if (XMEMCMP(cipher, ctr128Cipher, sizeof(ctr128Cipher))) - return -5726; - - /* let's try with just 9 bytes, non block size test */ - wc_AesSetKeyDirect(&enc, ctr128Key, AES_BLOCK_SIZE, - ctrIv, AES_ENCRYPTION); - /* Ctr only uses encrypt, even on key setup */ - wc_AesSetKeyDirect(&dec, ctr128Key, AES_BLOCK_SIZE, - ctrIv, AES_ENCRYPTION); - - ret = wc_AesCtrEncrypt(&enc, cipher, ctrPlain, sizeof(oddCipher)); - if (ret != 0) { - return -5727; - } - ret = wc_AesCtrEncrypt(&dec, plain, cipher, sizeof(oddCipher)); - if (ret != 0) { - return -5728; - } - - if (XMEMCMP(plain, ctrPlain, sizeof(oddCipher))) - return -5729; - - if (XMEMCMP(cipher, ctr128Cipher, sizeof(oddCipher))) - return -5730; - - /* and an additional 9 bytes to reuse tmp left buffer */ - ret = wc_AesCtrEncrypt(&enc, cipher, ctrPlain, sizeof(oddCipher)); - if (ret != 0) { - return -5731; - } - ret = wc_AesCtrEncrypt(&dec, plain, cipher, sizeof(oddCipher)); - if (ret != 0) { - return -5732; - } - - if (XMEMCMP(plain, ctrPlain, sizeof(oddCipher))) - return -5733; - - if (XMEMCMP(cipher, oddCipher, sizeof(oddCipher))) - return -5734; -#endif /* WOLFSSL_AES_128 */ - -#ifdef WOLFSSL_AES_192 - /* 192 bit key */ - wc_AesSetKeyDirect(&enc, ctr192Key, sizeof(ctr192Key), - ctrIv, AES_ENCRYPTION); - /* Ctr only uses encrypt, even on key setup */ - wc_AesSetKeyDirect(&dec, ctr192Key, sizeof(ctr192Key), - ctrIv, AES_ENCRYPTION); - - XMEMSET(plain, 0, sizeof(plain)); - ret = wc_AesCtrEncrypt(&enc, plain, ctr192Cipher, sizeof(ctr192Cipher)); - if (ret != 0) { - return -5735; - } - - if (XMEMCMP(plain, ctrPlain, sizeof(ctr192Cipher))) - return -5736; - - ret = wc_AesCtrEncrypt(&dec, cipher, ctrPlain, sizeof(ctrPlain)); - if (ret != 0) { - return -5737; - } - if (XMEMCMP(ctr192Cipher, cipher, sizeof(ctr192Cipher))) - return -5738; -#endif /* WOLFSSL_AES_192 */ - -#ifdef WOLFSSL_AES_256 - /* 256 bit key */ - wc_AesSetKeyDirect(&enc, ctr256Key, sizeof(ctr256Key), - ctrIv, AES_ENCRYPTION); - /* Ctr only uses encrypt, even on key setup */ - wc_AesSetKeyDirect(&dec, ctr256Key, sizeof(ctr256Key), - ctrIv, AES_ENCRYPTION); - - XMEMSET(plain, 0, sizeof(plain)); - ret = wc_AesCtrEncrypt(&enc, plain, ctr256Cipher, sizeof(ctr256Cipher)); - if (ret != 0) { - return -5739; - } - - if (XMEMCMP(plain, ctrPlain, sizeof(ctrPlain))) - return -5740; - - ret = wc_AesCtrEncrypt(&dec, cipher, ctrPlain, sizeof(ctrPlain)); - if (ret != 0) { - return -5741; - } - if (XMEMCMP(ctr256Cipher, cipher, sizeof(ctr256Cipher))) - return -5742; -#endif /* WOLFSSL_AES_256 */ - } -#endif /* WOLFSSL_AES_COUNTER */ - -#if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256) - { - const byte niPlain[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a - }; - - const byte niCipher[] = - { - 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c, - 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 - }; - - const byte niKey[] = - { - 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, - 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, - 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, - 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 - }; - - XMEMSET(cipher, 0, AES_BLOCK_SIZE); - ret = wc_AesSetKey(&enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION); - if (ret != 0) - return -5743; - wc_AesEncryptDirect(&enc, cipher, niPlain); - if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0) - return -5744; - - XMEMSET(plain, 0, AES_BLOCK_SIZE); - ret = wc_AesSetKey(&dec, niKey, sizeof(niKey), plain, AES_DECRYPTION); - if (ret != 0) - return -5745; - wc_AesDecryptDirect(&dec, plain, niCipher); - if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0) - return -5746; - } -#endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */ - - ret = aes_key_size_test(); - if (ret != 0) - return ret; - -#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) - ret = aes_cbc_test(); - if (ret != 0) - return ret; -#endif - -#if defined(WOLFSSL_AES_XTS) - #ifdef WOLFSSL_AES_128 - ret = aes_xts_128_test(); - if (ret != 0) - return ret; - #endif - #ifdef WOLFSSL_AES_256 - ret = aes_xts_256_test(); - if (ret != 0) - return ret; - #endif - #if defined(WOLFSSL_AES_128) && defined(WOLFSSL_AES_256) - ret = aes_xts_sector_test(); - if (ret != 0) - return ret; - #endif - #ifdef WOLFSSL_AES_128 - ret = aes_xts_args_test(); - if (ret != 0) - return ret; - #endif -#endif - -#if defined(WOLFSSL_AES_CFB) - ret = aescfb_test(); - if (ret != 0) - return ret; -#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - ret = aescfb1_test(); - if (ret != 0) - return ret; - - ret = aescfb8_test(); - if (ret != 0) - return ret; -#endif -#endif - - -#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) - wc_AesFree(&enc); - (void)cipher; -#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) - wc_AesFree(&dec); - (void)plain; -#endif -#endif - - return ret; -} - -#ifdef WOLFSSL_AES_192 -static int aes192_test(void) -{ -#ifdef HAVE_AES_CBC - Aes enc; - byte cipher[AES_BLOCK_SIZE]; -#ifdef HAVE_AES_DECRYPT - Aes dec; - byte plain[AES_BLOCK_SIZE]; -#endif -#endif /* HAVE_AES_CBC */ - int ret = 0; - -#ifdef HAVE_AES_CBC - /* Test vectors from NIST Special Publication 800-38A, 2001 Edition - * Appendix F.2.3 */ - - const byte msg[] = { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a - }; - - const byte verify[] = - { - 0x4f,0x02,0x1d,0xb2,0x43,0xbc,0x63,0x3d, - 0x71,0x78,0x18,0x3a,0x9f,0xa0,0x71,0xe8 - }; - - byte key[] = { - 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52, - 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5, - 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b - }; - byte iv[] = { - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F - }; - - - if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) - return -5800; -#ifdef HAVE_AES_DECRYPT - if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) - return -5801; -#endif - - ret = wc_AesSetKey(&enc, key, (int) sizeof(key), iv, AES_ENCRYPTION); - if (ret != 0) - return -5802; -#ifdef HAVE_AES_DECRYPT - ret = wc_AesSetKey(&dec, key, (int) sizeof(key), iv, AES_DECRYPTION); - if (ret != 0) - return -5803; -#endif - - XMEMSET(cipher, 0, AES_BLOCK_SIZE); - ret = wc_AesCbcEncrypt(&enc, cipher, msg, (int) sizeof(msg)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5804; -#ifdef HAVE_AES_DECRYPT - XMEMSET(plain, 0, AES_BLOCK_SIZE); - ret = wc_AesCbcDecrypt(&dec, plain, cipher, (int) sizeof(cipher)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5805; - if (XMEMCMP(plain, msg, (int) sizeof(plain))) { - return -5806; - } -#endif - - if (XMEMCMP(cipher, verify, (int) sizeof(cipher))) - return -5807; - - wc_AesFree(&enc); -#ifdef HAVE_AES_DECRYPT - wc_AesFree(&dec); -#endif - -#endif /* HAVE_AES_CBC */ - - return ret; -} -#endif /* WOLFSSL_AES_192 */ - -#ifdef WOLFSSL_AES_256 -static int aes256_test(void) -{ -#ifdef HAVE_AES_CBC - Aes enc; - byte cipher[AES_BLOCK_SIZE]; -#ifdef HAVE_AES_DECRYPT - Aes dec; - byte plain[AES_BLOCK_SIZE]; -#endif -#endif /* HAVE_AES_CBC */ - int ret = 0; - -#ifdef HAVE_AES_CBC - /* Test vectors from NIST Special Publication 800-38A, 2001 Edition, - * Appendix F.2.5 */ - const byte msg[] = { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a - }; - - const byte verify[] = - { - 0xf5,0x8c,0x4c,0x04,0xd6,0xe5,0xf1,0xba, - 0x77,0x9e,0xab,0xfb,0x5f,0x7b,0xfb,0xd6 - }; - - byte key[] = { - 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, - 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, - 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, - 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 - }; - byte iv[] = { - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F - }; - - - if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) - return -5900; -#ifdef HAVE_AES_DECRYPT - if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) - return -5901; -#endif - - ret = wc_AesSetKey(&enc, key, (int) sizeof(key), iv, AES_ENCRYPTION); - if (ret != 0) - return -5902; -#ifdef HAVE_AES_DECRYPT - ret = wc_AesSetKey(&dec, key, (int) sizeof(key), iv, AES_DECRYPTION); - if (ret != 0) - return -5903; -#endif - - XMEMSET(cipher, 0, AES_BLOCK_SIZE); - ret = wc_AesCbcEncrypt(&enc, cipher, msg, (int) sizeof(msg)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5904; -#ifdef HAVE_AES_DECRYPT - XMEMSET(plain, 0, AES_BLOCK_SIZE); - ret = wc_AesCbcDecrypt(&dec, plain, cipher, (int) sizeof(cipher)); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - return -5905; - if (XMEMCMP(plain, msg, (int) sizeof(plain))) { - return -5906; - } -#endif - - if (XMEMCMP(cipher, verify, (int) sizeof(cipher))) - return -5907; - - wc_AesFree(&enc); -#ifdef HAVE_AES_DECRYPT - wc_AesFree(&dec); -#endif - -#endif /* HAVE_AES_CBC */ - - return ret; -} -#endif /* WOLFSSL_AES_256 */ - - -#ifdef HAVE_AESGCM - -static int aesgcm_default_test_helper(byte* key, int keySz, byte* iv, int ivSz, - byte* plain, int plainSz, byte* cipher, int cipherSz, - byte* aad, int aadSz, byte* tag, int tagSz) -{ - Aes enc; - Aes dec; - - byte resultT[AES_BLOCK_SIZE]; - byte resultP[AES_BLOCK_SIZE * 3]; - byte resultC[AES_BLOCK_SIZE * 3]; - int result; - - XMEMSET(resultT, 0, sizeof(resultT)); - XMEMSET(resultC, 0, sizeof(resultC)); - XMEMSET(resultP, 0, sizeof(resultP)); - - if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) { - return -5908; - } - if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) { - return -5909; - } - - result = wc_AesGcmSetKey(&enc, key, keySz); - if (result != 0) - return -5910; - - /* AES-GCM encrypt and decrypt both use AES encrypt internally */ - result = wc_AesGcmEncrypt(&enc, resultC, plain, plainSz, iv, ivSz, - resultT, tagSz, aad, aadSz); - -#if defined(WOLFSSL_ASYNC_CRYPT) - result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (result != 0) - return -5911; - if (cipher != NULL) { - if (XMEMCMP(cipher, resultC, cipherSz)) - return -5912; - } - if (XMEMCMP(tag, resultT, tagSz)) - return -5913; - - wc_AesFree(&enc); - -#ifdef HAVE_AES_DECRYPT - result = wc_AesGcmSetKey(&dec, key, keySz); - if (result != 0) - return -5914; - - result = wc_AesGcmDecrypt(&dec, resultP, resultC, cipherSz, - iv, ivSz, resultT, tagSz, aad, aadSz); -#if defined(WOLFSSL_ASYNC_CRYPT) - result = wc_AsyncWait(result, &dec.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (result != 0) - return -5915; - if (plain != NULL) { - if (XMEMCMP(plain, resultP, plainSz)) - return -5916; - } - - wc_AesFree(&dec); -#endif /* HAVE_AES_DECRYPT */ - - return 0; -} - - -/* tests that only use 12 byte IV and 16 or less byte AAD - * test vectors are from NIST SP 800-38D - * https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/CAVP-TESTING-BLOCK-CIPHER-MODES*/ -static int aesgcm_default_test(void) -{ - byte key1[] = { - 0x29, 0x8e, 0xfa, 0x1c, 0xcf, 0x29, 0xcf, 0x62, - 0xae, 0x68, 0x24, 0xbf, 0xc1, 0x95, 0x57, 0xfc - }; - - byte iv1[] = { - 0x6f, 0x58, 0xa9, 0x3f, 0xe1, 0xd2, 0x07, 0xfa, - 0xe4, 0xed, 0x2f, 0x6d - }; - - ALIGN64 byte plain1[] = { - 0xcc, 0x38, 0xbc, 0xcd, 0x6b, 0xc5, 0x36, 0xad, - 0x91, 0x9b, 0x13, 0x95, 0xf5, 0xd6, 0x38, 0x01, - 0xf9, 0x9f, 0x80, 0x68, 0xd6, 0x5c, 0xa5, 0xac, - 0x63, 0x87, 0x2d, 0xaf, 0x16, 0xb9, 0x39, 0x01 - }; - - byte aad1[] = { - 0x02, 0x1f, 0xaf, 0xd2, 0x38, 0x46, 0x39, 0x73, - 0xff, 0xe8, 0x02, 0x56, 0xe5, 0xb1, 0xc6, 0xb1 - }; - - ALIGN64 byte cipher1[] = { - 0xdf, 0xce, 0x4e, 0x9c, 0xd2, 0x91, 0x10, 0x3d, - 0x7f, 0xe4, 0xe6, 0x33, 0x51, 0xd9, 0xe7, 0x9d, - 0x3d, 0xfd, 0x39, 0x1e, 0x32, 0x67, 0x10, 0x46, - 0x58, 0x21, 0x2d, 0xa9, 0x65, 0x21, 0xb7, 0xdb - }; - - byte tag1[] = { - 0x54, 0x24, 0x65, 0xef, 0x59, 0x93, 0x16, 0xf7, - 0x3a, 0x7a, 0x56, 0x05, 0x09, 0xa2, 0xd9, 0xf2 - }; - - byte key2[] = { - 0x01, 0x6d, 0xbb, 0x38, 0xda, 0xa7, 0x6d, 0xfe, - 0x7d, 0xa3, 0x84, 0xeb, 0xf1, 0x24, 0x03, 0x64 - }; - - byte iv2[] = { - 0x07, 0x93, 0xef, 0x3a, 0xda, 0x78, 0x2f, 0x78, - 0xc9, 0x8a, 0xff, 0xe3 - }; - - ALIGN64 byte plain2[] = { - 0x4b, 0x34, 0xa9, 0xec, 0x57, 0x63, 0x52, 0x4b, - 0x19, 0x1d, 0x56, 0x16, 0xc5, 0x47, 0xf6, 0xb7 - }; - - ALIGN64 byte cipher2[] = { - 0x60, 0x9a, 0xa3, 0xf4, 0x54, 0x1b, 0xc0, 0xfe, - 0x99, 0x31, 0xda, 0xad, 0x2e, 0xe1, 0x5d, 0x0c - }; - - byte tag2[] = { - 0x33, 0xaf, 0xec, 0x59, 0xc4, 0x5b, 0xaf, 0x68, - 0x9a, 0x5e, 0x1b, 0x13, 0xae, 0x42, 0x36, 0x19 - }; - - byte key3[] = { - 0xb0, 0x1e, 0x45, 0xcc, 0x30, 0x88, 0xaa, 0xba, - 0x9f, 0xa4, 0x3d, 0x81, 0xd4, 0x81, 0x82, 0x3f - }; - - byte iv3[] = { - 0x5a, 0x2c, 0x4a, 0x66, 0x46, 0x87, 0x13, 0x45, - 0x6a, 0x4b, 0xd5, 0xe1 - }; - - byte tag3[] = { - 0x01, 0x42, 0x80, 0xf9, 0x44, 0xf5, 0x3c, 0x68, - 0x11, 0x64, 0xb2, 0xff - }; - - int ret; - ret = aesgcm_default_test_helper(key1, sizeof(key1), iv1, sizeof(iv1), - plain1, sizeof(plain1), cipher1, sizeof(cipher1), - aad1, sizeof(aad1), tag1, sizeof(tag1)); - if (ret != 0) { - return ret; - } - ret = aesgcm_default_test_helper(key2, sizeof(key2), iv2, sizeof(iv2), - plain2, sizeof(plain2), cipher2, sizeof(cipher2), - NULL, 0, tag2, sizeof(tag2)); - if (ret != 0) { - return ret; - } - ret = aesgcm_default_test_helper(key3, sizeof(key3), iv3, sizeof(iv3), - NULL, 0, NULL, 0, - NULL, 0, tag3, sizeof(tag3)); - if (ret != 0) { - return ret; - } - - return 0; -} - -static int aesgcm_test(void) -{ - Aes enc; - Aes dec; - - /* - * This is Test Case 16 from the document Galois/ - * Counter Mode of Operation (GCM) by McGrew and - * Viega. - */ - const byte p[] = - { - 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, - 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, - 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, - 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, - 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, - 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, - 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, - 0xba, 0x63, 0x7b, 0x39 - }; - -#if defined(WOLFSSL_AES_256) - const byte a[] = - { - 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, - 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, - 0xab, 0xad, 0xda, 0xd2 - }; -#endif - -#ifdef WOLFSSL_AES_256 - const byte k1[] = - { - 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, - 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, - 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, - 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 - }; - - const byte iv1[] = - { - 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, - 0xde, 0xca, 0xf8, 0x88 - }; - - const byte c1[] = - { - 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, - 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, - 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, - 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, - 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, - 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, - 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, - 0xbc, 0xc9, 0xf6, 0x62 - }; -#endif /* WOLFSSL_AES_256 */ - - const byte t1[] = - { - 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, - 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b - }; - - /* FIPS, QAT and PIC32MZ HW Crypto only support 12-byte IV */ -#if !defined(HAVE_FIPS) && \ - !defined(WOLFSSL_PIC32MZ_CRYPT) && \ - !defined(FREESCALE_LTC) && !defined(FREESCALE_MMCAU) && \ - !defined(WOLFSSL_XILINX_CRYPT) && !defined(WOLFSSL_AFALG_XILINX_AES) && \ - !(defined(WOLF_CRYPTO_CB) && \ - (defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC))) - - #define ENABLE_NON_12BYTE_IV_TEST -#ifdef WOLFSSL_AES_192 - /* Test Case 12, uses same plaintext and AAD data. */ - const byte k2[] = - { - 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, - 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, - 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c - }; - - const byte iv2[] = - { - 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, - 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, - 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1, - 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28, - 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39, - 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54, - 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57, - 0xa6, 0x37, 0xb3, 0x9b - }; - - const byte c2[] = - { - 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c, - 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff, - 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef, - 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45, - 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9, - 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3, - 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7, - 0xe9, 0xb7, 0x37, 0x3b - }; - - const byte t2[] = - { - 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb, - 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9 - }; -#endif /* WOLFSSL_AES_192 */ -#ifdef WOLFSSL_AES_128 - /* The following is an interesting test case from the example - * FIPS test vectors for AES-GCM. IVlen = 1 byte */ - const byte p3[] = - { - 0x57, 0xce, 0x45, 0x1f, 0xa5, 0xe2, 0x35, 0xa5, - 0x8e, 0x1a, 0xa2, 0x3b, 0x77, 0xcb, 0xaf, 0xe2 - }; - - const byte k3[] = - { - 0xbb, 0x01, 0xd7, 0x03, 0x81, 0x1c, 0x10, 0x1a, - 0x35, 0xe0, 0xff, 0xd2, 0x91, 0xba, 0xf2, 0x4b - }; - - const byte iv3[] = - { - 0xca - }; - - const byte c3[] = - { - 0x6b, 0x5f, 0xb3, 0x9d, 0xc1, 0xc5, 0x7a, 0x4f, - 0xf3, 0x51, 0x4d, 0xc2, 0xd5, 0xf0, 0xd0, 0x07 - }; - - const byte a3[] = - { - 0x40, 0xfc, 0xdc, 0xd7, 0x4a, 0xd7, 0x8b, 0xf1, - 0x3e, 0x7c, 0x60, 0x55, 0x50, 0x51, 0xdd, 0x54 - }; - - const byte t3[] = - { - 0x06, 0x90, 0xed, 0x01, 0x34, 0xdd, 0xc6, 0x95, - 0x31, 0x2e, 0x2a, 0xf9, 0x57, 0x7a, 0x1e, 0xa6 - }; -#endif /* WOLFSSL_AES_128 */ -#ifdef WOLFSSL_AES_256 - int ivlen; -#endif -#endif - - byte resultT[sizeof(t1)]; - byte resultP[sizeof(p) + AES_BLOCK_SIZE]; - byte resultC[sizeof(p) + AES_BLOCK_SIZE]; - int result = 0; -#ifdef WOLFSSL_AES_256 - int alen; - #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) - int plen; - #endif -#endif - -#if !defined(BENCH_EMBEDDED) - #ifndef BENCH_AESGCM_LARGE - #define BENCH_AESGCM_LARGE 1024 - #endif - byte large_input[BENCH_AESGCM_LARGE]; - byte large_output[BENCH_AESGCM_LARGE + AES_BLOCK_SIZE]; - byte large_outdec[BENCH_AESGCM_LARGE]; - - XMEMSET(large_input, 0, sizeof(large_input)); - XMEMSET(large_output, 0, sizeof(large_output)); - XMEMSET(large_outdec, 0, sizeof(large_outdec)); -#endif - - (void)result; - - XMEMSET(resultT, 0, sizeof(resultT)); - XMEMSET(resultC, 0, sizeof(resultC)); - XMEMSET(resultP, 0, sizeof(resultP)); - - if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) { - return -6100; - } - if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) { - return -6101; - } - -#ifdef WOLFSSL_AES_256 - result = wc_AesGcmSetKey(&enc, k1, sizeof(k1)); - if (result != 0) - return -6102; - - /* AES-GCM encrypt and decrypt both use AES encrypt internally */ - result = wc_AesGcmEncrypt(&enc, resultC, p, sizeof(p), iv1, sizeof(iv1), - resultT, sizeof(resultT), a, sizeof(a)); -#if defined(WOLFSSL_ASYNC_CRYPT) - result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (result != 0) - return -6103; - if (XMEMCMP(c1, resultC, sizeof(c1))) - return -6104; - if (XMEMCMP(t1, resultT, sizeof(resultT))) - return -6105; - -#ifdef HAVE_AES_DECRYPT - result = wc_AesGcmSetKey(&dec, k1, sizeof(k1)); - if (result != 0) - return -6106; - - result = wc_AesGcmDecrypt(&dec, resultP, resultC, sizeof(c1), - iv1, sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a)); -#if defined(WOLFSSL_ASYNC_CRYPT) - result = wc_AsyncWait(result, &dec.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (result != 0) - return -6107; - if (XMEMCMP(p, resultP, sizeof(p))) - return -6108; -#endif /* HAVE_AES_DECRYPT */ - - /* Large buffer test */ -#ifdef BENCH_AESGCM_LARGE - /* setup test buffer */ - for (alen=0; alen= 2)) - /* Test encrypt with internally generated IV */ -#if defined(WOLFSSL_AES_256) && !(defined(WC_NO_RNG) || defined(HAVE_SELFTEST)) \ - && !(defined(WOLF_CRYPTO_CB) && defined(HAVE_CAVIUM_OCTEON_SYNC)) - { - WC_RNG rng; - byte randIV[12]; - - result = wc_InitRng_ex(&rng, HEAP_HINT, devId); - if (result != 0) - return -6135; - - XMEMSET(randIV, 0, sizeof(randIV)); - XMEMSET(resultT, 0, sizeof(resultT)); - XMEMSET(resultC, 0, sizeof(resultC)); - XMEMSET(resultP, 0, sizeof(resultP)); - - wc_AesGcmSetKey(&enc, k1, sizeof(k1)); - result = wc_AesGcmSetIV(&enc, sizeof(randIV), NULL, 0, &rng); - if (result != 0) - return -6136; - - result = wc_AesGcmEncrypt_ex(&enc, - resultC, p, sizeof(p), - randIV, sizeof(randIV), - resultT, sizeof(resultT), - a, sizeof(a)); - #if defined(WOLFSSL_ASYNC_CRYPT) - result = wc_AsyncWait(result, &enc.asyncDev, WC_ASYNC_FLAG_NONE); - #endif - if (result != 0) - return -6137; - - /* Check the IV has been set. */ - { - word32 i, ivSum = 0; - - for (i = 0; i < sizeof(randIV); i++) - ivSum += randIV[i]; - if (ivSum == 0) - return -6138; - } - -#ifdef HAVE_AES_DECRYPT - wc_AesGcmSetKey(&dec, k1, sizeof(k1)); - result = wc_AesGcmSetIV(&dec, sizeof(randIV), NULL, 0, &rng); - if (result != 0) - return -6139; - - result = wc_AesGcmDecrypt(&dec, - resultP, resultC, sizeof(c1), - randIV, sizeof(randIV), - resultT, sizeof(resultT), - a, sizeof(a)); -#if defined(WOLFSSL_ASYNC_CRYPT) - result = wc_AsyncWait(result, &dec.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (result != 0) - return -6140; - if (XMEMCMP(p, resultP, sizeof(p))) - return -6141; -#endif /* HAVE_AES_DECRYPT */ - - wc_FreeRng(&rng); - } -#endif /* WOLFSSL_AES_256 && !(WC_NO_RNG || HAVE_SELFTEST) */ -#endif /* HAVE_FIPS_VERSION >= 2 */ - - wc_AesFree(&enc); - wc_AesFree(&dec); - - return 0; -} - -#ifdef WOLFSSL_AES_128 -static int gmac_test(void) -{ - Gmac gmac; - - const byte k1[] = - { - 0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01, - 0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8 - }; - const byte iv1[] = - { - 0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94, - 0xe2, 0x8c, 0x8f, 0x16 - }; - const byte a1[] = - { - 0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9, - 0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77 - }; - const byte t1[] = - { - 0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43, - 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b - }; - -#if !defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) - /* FIPS builds only allow 16-byte auth tags. */ - /* This sample uses a 15-byte auth tag. */ - const byte k2[] = - { - 0x40, 0xf7, 0xec, 0xb2, 0x52, 0x6d, 0xaa, 0xd4, - 0x74, 0x25, 0x1d, 0xf4, 0x88, 0x9e, 0xf6, 0x5b - }; - const byte iv2[] = - { - 0xee, 0x9c, 0x6e, 0x06, 0x15, 0x45, 0x45, 0x03, - 0x1a, 0x60, 0x24, 0xa7 - }; - const byte a2[] = - { - 0x94, 0x81, 0x2c, 0x87, 0x07, 0x4e, 0x15, 0x18, - 0x34, 0xb8, 0x35, 0xaf, 0x1c, 0xa5, 0x7e, 0x56 - }; - const byte t2[] = - { - 0xc6, 0x81, 0x79, 0x8e, 0x3d, 0xda, 0xb0, 0x9f, - 0x8d, 0x83, 0xb0, 0xbb, 0x14, 0xb6, 0x91 - }; -#endif - - byte tag[16]; - - XMEMSET(&gmac, 0, sizeof(Gmac)); /* clear context */ - (void)wc_AesInit((Aes*)&gmac, HEAP_HINT, INVALID_DEVID); /* Make sure devId updated */ - XMEMSET(tag, 0, sizeof(tag)); - wc_GmacSetKey(&gmac, k1, sizeof(k1)); - wc_GmacUpdate(&gmac, iv1, sizeof(iv1), a1, sizeof(a1), tag, sizeof(t1)); - if (XMEMCMP(t1, tag, sizeof(t1)) != 0) - return -6200; - -#if !defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) - XMEMSET(tag, 0, sizeof(tag)); - wc_GmacSetKey(&gmac, k2, sizeof(k2)); - wc_GmacUpdate(&gmac, iv2, sizeof(iv2), a2, sizeof(a2), tag, sizeof(t2)); - if (XMEMCMP(t2, tag, sizeof(t2)) != 0) - return -6201; - -#if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && !defined(NO_AES_DECRYPT) - { - const byte badT[] = - { - 0xde, 0xad, 0xbe, 0xef, 0x17, 0x2e, 0xd0, 0x43, - 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b - }; - - WC_RNG rng; - byte iv[12]; - - #ifndef HAVE_FIPS - if (wc_InitRng_ex(&rng, HEAP_HINT, devId) != 0) - return -6202; - #else - if (wc_InitRng(&rng) != 0) - return -6203; - #endif - - if (wc_GmacVerify(k1, sizeof(k1), iv1, sizeof(iv1), a1, sizeof(a1), - t1, sizeof(t1)) != 0) - return -6204; - if (wc_GmacVerify(k1, sizeof(k1), iv1, sizeof(iv1), a1, sizeof(a1), - badT, sizeof(badT)) != AES_GCM_AUTH_E) - return -6205; - if (wc_GmacVerify(k2, sizeof(k2), iv2, sizeof(iv2), a2, sizeof(a2), - t2, sizeof(t2)) != 0) - return -6206; - - XMEMSET(tag, 0, sizeof(tag)); - XMEMSET(iv, 0, sizeof(iv)); - if (wc_Gmac(k1, sizeof(k1), iv, sizeof(iv), a1, sizeof(a1), - tag, sizeof(tag), &rng) != 0) - return -6207; - if (wc_GmacVerify(k1, sizeof(k1), iv, sizeof(iv), a1, sizeof(a1), - tag, sizeof(tag)) != 0) - return -6208; - wc_FreeRng(&rng); - } -#endif /* !WC_NO_RNG && !HAVE_SELFTEST && !NO_AES_DECRYPT */ -#endif /* HAVE_FIPS */ - - return 0; -} -#endif /* WOLFSSL_AES_128 */ -#endif /* HAVE_AESGCM */ - -#if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128) -static int aesccm_test(void) -{ - Aes enc; - - /* key */ - const byte k[] = - { - 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, - 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf - }; - - /* nonce */ - const byte iv[] = - { - 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0, - 0xa1, 0xa2, 0xa3, 0xa4, 0xa5 - }; - - /* plaintext */ - const byte p[] = - { - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e - }; - /* plaintext - long */ - const byte pl[] = - { - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, - 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, - 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, - 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, - 0x50 - }; - - - const byte a[] = - { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 - }; - - /* ciphertext */ - const byte c[] = - { - 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2, - 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80, - 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84 - }; - /* tag - authentication */ - const byte t[] = - { - 0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0 - }; - /* ciphertext - long */ - const byte cl[] = - { - 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2, - 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80, - 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84, 0xe0, - 0x44, 0x2d, 0xbe, 0x25, 0xfa, 0x48, 0x2b, 0xa8, - 0x36, 0x0b, 0xbf, 0x01, 0xc0, 0x12, 0x45, 0xa4, - 0x82, 0x9f, 0x20, 0x6c, 0xc3, 0xd6, 0xae, 0x5b, - 0x54, 0x8d, 0xd0, 0xb1, 0x69, 0x2c, 0xec, 0x5e, - 0x95, 0xa5, 0x6b, 0x48, 0xc3, 0xc6, 0xc8, 0x9e, - 0xc7, 0x92, 0x98, 0x9d, 0x26, 0x7d, 0x2a, 0x10, - 0x0b - }; - /* tag - authentication - long */ - const byte tl[] = - { - 0x89, 0xd8, 0xd2, 0x02, 0xc5, 0xcf, 0xae, 0xf4 - }; - - byte t2[sizeof(t)]; - byte p2[sizeof(p)]; - byte c2[sizeof(c)]; - byte iv2[sizeof(iv)]; - byte pl2[sizeof(pl)]; - byte cl2[sizeof(cl)]; - byte tl2[sizeof(tl)]; - - int result; - - XMEMSET(&enc, 0, sizeof(Aes)); /* clear context */ - XMEMSET(t2, 0, sizeof(t2)); - XMEMSET(c2, 0, sizeof(c2)); - XMEMSET(p2, 0, sizeof(p2)); - - result = wc_AesCcmSetKey(&enc, k, sizeof(k)); - if (result != 0) - return -6300; - - /* AES-CCM encrypt and decrypt both use AES encrypt internally */ - result = wc_AesCcmEncrypt(&enc, c2, p, sizeof(c2), iv, sizeof(iv), - t2, sizeof(t2), a, sizeof(a)); - if (result != 0) - return -6301; - if (XMEMCMP(c, c2, sizeof(c2))) - return -6302; - if (XMEMCMP(t, t2, sizeof(t2))) - return -6303; - - result = wc_AesCcmDecrypt(&enc, p2, c2, sizeof(p2), iv, sizeof(iv), - t2, sizeof(t2), a, sizeof(a)); - if (result != 0) - return -6304; - if (XMEMCMP(p, p2, sizeof(p2))) - return -6305; - - /* Test the authentication failure */ - t2[0]++; /* Corrupt the authentication tag. */ - result = wc_AesCcmDecrypt(&enc, p2, c, sizeof(p2), iv, sizeof(iv), - t2, sizeof(t2), a, sizeof(a)); - if (result == 0) - return -6306; - - /* Clear c2 to compare against p2. p2 should be set to zero in case of - * authentication fail. */ - XMEMSET(c2, 0, sizeof(c2)); - if (XMEMCMP(p2, c2, sizeof(p2))) - return -6307; - - XMEMSET(&enc, 0, sizeof(Aes)); /* clear context */ - XMEMSET(t2, 0, sizeof(t2)); - XMEMSET(c2, 0, sizeof(c2)); - XMEMSET(p2, 0, sizeof(p2)); - XMEMSET(iv2, 0, sizeof(iv2)); - -#ifndef HAVE_SELFTEST - /* selftest build does not have wc_AesCcmSetNonce() or - * wc_AesCcmEncrypt_ex() */ - if (wc_AesCcmSetKey(&enc, k, sizeof(k)) != 0) - return -6308; - - if (wc_AesCcmSetNonce(&enc, iv, sizeof(iv)) != 0) - return -6309; - if (wc_AesCcmEncrypt_ex(&enc, c2, p, sizeof(c2), iv2, sizeof(iv2), - t2, sizeof(t2), a, sizeof(a)) != 0) - return -6310; - if (XMEMCMP(iv, iv2, sizeof(iv2))) - return -6311; - if (XMEMCMP(c, c2, sizeof(c2))) - return -6312; - if (XMEMCMP(t, t2, sizeof(t2))) - return -6313; -#endif - -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) - /* test fail on invalid IV sizes */ - result = wc_AesCcmSetKey(&enc, k, sizeof(k)); - if (result != 0) - return -6314; - - /* AES-CCM encrypt and decrypt both use AES encrypt internally */ - result = wc_AesCcmEncrypt(&enc, c2, p, sizeof(c2), iv, sizeof(iv), - t2, 1, a, sizeof(a)); - if (result == 0) { - return -6315; - } -#endif - - /* AES-CCM encrypt and decrypt both use AES encrypt internally */ - result = wc_AesCcmEncrypt(&enc, cl2, pl, sizeof(cl2), iv, sizeof(iv), - tl2, sizeof(tl2), a, sizeof(a)); - if (result != 0) - return -6301; - if (XMEMCMP(cl, cl2, sizeof(cl2))) - return -6302; - if (XMEMCMP(tl, tl2, sizeof(tl2))) - return -6303; - - result = wc_AesCcmDecrypt(&enc, pl2, cl2, sizeof(pl2), iv, sizeof(iv), - tl2, sizeof(tl2), a, sizeof(a)); - if (result != 0) - return -6304; - if (XMEMCMP(pl, pl2, sizeof(pl2))) - return -6305; - - return 0; -} -#endif /* HAVE_AESCCM WOLFSSL_AES_128 */ - - -#ifdef HAVE_AES_KEYWRAP - -#define MAX_KEYWRAP_TEST_OUTLEN 40 -#define MAX_KEYWRAP_TEST_PLAINLEN 32 - -typedef struct keywrapVector { - const byte* kek; - const byte* data; - const byte* verify; - word32 kekLen; - word32 dataLen; - word32 verifyLen; -} keywrapVector; - -static int aeskeywrap_test(void) -{ - int wrapSz, plainSz, testSz, i; - - /* test vectors from RFC 3394 (kek, data, verify) */ - -#ifdef WOLFSSL_AES_128 - /* Wrap 128 bits of Key Data with a 128-bit KEK */ - const byte k1[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F - }; - - const byte d1[] = { - 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, - 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF - }; - - const byte v1[] = { - 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47, - 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82, - 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5 - }; -#endif /* WOLFSSL_AES_128 */ - -#ifdef WOLFSSL_AES_192 - /* Wrap 128 bits of Key Data with a 192-bit KEK */ - const byte k2[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 - }; - - const byte d2[] = { - 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, - 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF - }; - - const byte v2[] = { - 0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35, - 0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2, - 0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D - }; -#endif - -#ifdef WOLFSSL_AES_256 - /* Wrap 128 bits of Key Data with a 256-bit KEK */ - const byte k3[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F - }; - - const byte d3[] = { - 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, - 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF - }; - - const byte v3[] = { - 0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2, - 0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A, - 0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7 - }; -#endif - -#ifdef WOLFSSL_AES_192 - /* Wrap 192 bits of Key Data with a 192-bit KEK */ - const byte k4[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 - }; - - const byte d4[] = { - 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, - 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 - }; - - const byte v4[] = { - 0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32, - 0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC, - 0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93, - 0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2 - }; -#endif - -#ifdef WOLFSSL_AES_256 - /* Wrap 192 bits of Key Data with a 256-bit KEK */ - const byte k5[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F - }; - - const byte d5[] = { - 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, - 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 - }; - - const byte v5[] = { - 0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F, - 0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4, - 0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95, - 0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1 - }; - - /* Wrap 256 bits of Key Data with a 256-bit KEK */ - const byte k6[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F - }; - - const byte d6[] = { - 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, - 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F - }; - - const byte v6[] = { - 0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4, - 0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26, - 0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26, - 0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B, - 0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21 - }; -#endif /* WOLFSSL_AES_256 */ - - byte output[MAX_KEYWRAP_TEST_OUTLEN]; - byte plain [MAX_KEYWRAP_TEST_PLAINLEN]; - - const keywrapVector test_wrap[] = - { - #ifdef WOLFSSL_AES_128 - {k1, d1, v1, sizeof(k1), sizeof(d1), sizeof(v1)}, - #endif - #ifdef WOLFSSL_AES_192 - {k2, d2, v2, sizeof(k2), sizeof(d2), sizeof(v2)}, - #endif - #ifdef WOLFSSL_AES_256 - {k3, d3, v3, sizeof(k3), sizeof(d3), sizeof(v3)}, - #endif - #ifdef WOLFSSL_AES_192 - {k4, d4, v4, sizeof(k4), sizeof(d4), sizeof(v4)}, - #endif - #ifdef WOLFSSL_AES_256 - {k5, d5, v5, sizeof(k5), sizeof(d5), sizeof(v5)}, - {k6, d6, v6, sizeof(k6), sizeof(d6), sizeof(v6)} - #endif - }; - testSz = sizeof(test_wrap) / sizeof(keywrapVector); - - XMEMSET(output, 0, sizeof(output)); - XMEMSET(plain, 0, sizeof(plain)); - - for (i = 0; i < testSz; i++) { - - wrapSz = wc_AesKeyWrap(test_wrap[i].kek, test_wrap[i].kekLen, - test_wrap[i].data, test_wrap[i].dataLen, - output, sizeof(output), NULL); - - if ( (wrapSz < 0) || (wrapSz != (int)test_wrap[i].verifyLen) ) - return -6400; - - if (XMEMCMP(output, test_wrap[i].verify, test_wrap[i].verifyLen) != 0) - return -6401; - - plainSz = wc_AesKeyUnWrap((byte*)test_wrap[i].kek, test_wrap[i].kekLen, - output, wrapSz, - plain, sizeof(plain), NULL); - - if ( (plainSz < 0) || (plainSz != (int)test_wrap[i].dataLen) ) - return -6402; - - if (XMEMCMP(plain, test_wrap[i].data, test_wrap[i].dataLen) != 0) - return -6403 - i; - } - - return 0; -} -#endif /* HAVE_AES_KEYWRAP */ - - -#endif /* NO_AES */ - - -#ifdef HAVE_CAMELLIA - -enum { - CAM_ECB_ENC, CAM_ECB_DEC, CAM_CBC_ENC, CAM_CBC_DEC -}; - -typedef struct { - int type; - const byte* plaintext; - const byte* iv; - const byte* ciphertext; - const byte* key; - word32 keySz; - int errorCode; -} test_vector_t; - -static int camellia_test(void) -{ - /* Camellia ECB Test Plaintext */ - static const byte pte[] = - { - 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, - 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 - }; - - /* Camellia ECB Test Initialization Vector */ - static const byte ive[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; - - /* Test 1: Camellia ECB 128-bit key */ - static const byte k1[] = - { - 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, - 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 - }; - static const byte c1[] = - { - 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73, - 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 - }; - - /* Test 2: Camellia ECB 192-bit key */ - static const byte k2[] = - { - 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, - 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, - 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 - }; - static const byte c2[] = - { - 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8, - 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 - }; - - /* Test 3: Camellia ECB 256-bit key */ - static const byte k3[] = - { - 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, - 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, - 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, - 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff - }; - static const byte c3[] = - { - 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c, - 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 - }; - - /* Camellia CBC Test Plaintext */ - static const byte ptc[] = - { - 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, - 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A - }; - - /* Camellia CBC Test Initialization Vector */ - static const byte ivc[] = - { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F - }; - - /* Test 4: Camellia-CBC 128-bit key */ - static const byte k4[] = - { - 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, - 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C - }; - static const byte c4[] = - { - 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0, - 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB - }; - - /* Test 5: Camellia-CBC 192-bit key */ - static const byte k5[] = - { - 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52, - 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5, - 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B - }; - static const byte c5[] = - { - 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2, - 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 - }; - - /* Test 6: CBC 256-bit key */ - static const byte k6[] = - { - 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE, - 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81, - 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7, - 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 - }; - static const byte c6[] = - { - 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A, - 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA - }; - - byte out[CAMELLIA_BLOCK_SIZE]; - Camellia cam; - int i, testsSz, ret; - const test_vector_t testVectors[] = - { - {CAM_ECB_ENC, pte, ive, c1, k1, sizeof(k1), -114}, - {CAM_ECB_ENC, pte, ive, c2, k2, sizeof(k2), -115}, - {CAM_ECB_ENC, pte, ive, c3, k3, sizeof(k3), -116}, - {CAM_ECB_DEC, pte, ive, c1, k1, sizeof(k1), -117}, - {CAM_ECB_DEC, pte, ive, c2, k2, sizeof(k2), -118}, - {CAM_ECB_DEC, pte, ive, c3, k3, sizeof(k3), -119}, - {CAM_CBC_ENC, ptc, ivc, c4, k4, sizeof(k4), -120}, - {CAM_CBC_ENC, ptc, ivc, c5, k5, sizeof(k5), -121}, - {CAM_CBC_ENC, ptc, ivc, c6, k6, sizeof(k6), -122}, - {CAM_CBC_DEC, ptc, ivc, c4, k4, sizeof(k4), -123}, - {CAM_CBC_DEC, ptc, ivc, c5, k5, sizeof(k5), -124}, - {CAM_CBC_DEC, ptc, ivc, c6, k6, sizeof(k6), -125} - }; - - testsSz = sizeof(testVectors)/sizeof(test_vector_t); - for (i = 0; i < testsSz; i++) { - if (wc_CamelliaSetKey(&cam, testVectors[i].key, testVectors[i].keySz, - testVectors[i].iv) != 0) - return testVectors[i].errorCode; - - switch (testVectors[i].type) { - case CAM_ECB_ENC: - ret = wc_CamelliaEncryptDirect(&cam, out, - testVectors[i].plaintext); - if (ret != 0 || XMEMCMP(out, testVectors[i].ciphertext, - CAMELLIA_BLOCK_SIZE)) - return testVectors[i].errorCode; - break; - case CAM_ECB_DEC: - ret = wc_CamelliaDecryptDirect(&cam, out, - testVectors[i].ciphertext); - if (ret != 0 || XMEMCMP(out, testVectors[i].plaintext, - CAMELLIA_BLOCK_SIZE)) - return testVectors[i].errorCode; - break; - case CAM_CBC_ENC: - ret = wc_CamelliaCbcEncrypt(&cam, out, testVectors[i].plaintext, - CAMELLIA_BLOCK_SIZE); - if (ret != 0 || XMEMCMP(out, testVectors[i].ciphertext, - CAMELLIA_BLOCK_SIZE)) - return testVectors[i].errorCode; - break; - case CAM_CBC_DEC: - ret = wc_CamelliaCbcDecrypt(&cam, out, - testVectors[i].ciphertext, CAMELLIA_BLOCK_SIZE); - if (ret != 0 || XMEMCMP(out, testVectors[i].plaintext, - CAMELLIA_BLOCK_SIZE)) - return testVectors[i].errorCode; - break; - default: - break; - } - } - - /* Setting the IV and checking it was actually set. */ - ret = wc_CamelliaSetIV(&cam, ivc); - if (ret != 0 || XMEMCMP(cam.reg, ivc, CAMELLIA_BLOCK_SIZE)) - return -6500; - - /* Setting the IV to NULL should be same as all zeros IV */ - if (wc_CamelliaSetIV(&cam, NULL) != 0 || - XMEMCMP(cam.reg, ive, CAMELLIA_BLOCK_SIZE)) - return -6501; - - /* First parameter should never be null */ - if (wc_CamelliaSetIV(NULL, NULL) == 0) - return -6502; - - /* First parameter should never be null, check it fails */ - if (wc_CamelliaSetKey(NULL, k1, sizeof(k1), NULL) == 0) - return -6503; - - /* Key should have a size of 16, 24, or 32 */ - if (wc_CamelliaSetKey(&cam, k1, 0, NULL) == 0) - return -6504; - - return 0; -} -#endif /* HAVE_CAMELLIA */ - -#ifdef HAVE_IDEA -static int idea_test(void) -{ - int ret; - word16 i, j; - - Idea idea; - byte data[IDEA_BLOCK_SIZE]; - - /* Project NESSIE test vectors */ -#define IDEA_NB_TESTS 6 -#define IDEA_NB_TESTS_EXTRA 4 - - const byte v_key[IDEA_NB_TESTS][IDEA_KEY_SIZE] = { - { 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, - 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37 }, - { 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, - 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57 }, - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }, - { 0x2B, 0xD6, 0x45, 0x9F, 0x82, 0xC5, 0xB3, 0x00, - 0x95, 0x2C, 0x49, 0x10, 0x48, 0x81, 0xFF, 0x48 }, - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }, - { 0x2B, 0xD6, 0x45, 0x9F, 0x82, 0xC5, 0xB3, 0x00, - 0x95, 0x2C, 0x49, 0x10, 0x48, 0x81, 0xFF, 0x48 }, - }; - - const byte v1_plain[IDEA_NB_TESTS][IDEA_BLOCK_SIZE] = { - { 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37 }, - { 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57 }, - { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 }, - { 0xEA, 0x02, 0x47, 0x14, 0xAD, 0x5C, 0x4D, 0x84 }, - { 0xDB, 0x2D, 0x4A, 0x92, 0xAA, 0x68, 0x27, 0x3F }, - { 0xF1, 0x29, 0xA6, 0x60, 0x1E, 0xF6, 0x2A, 0x47 }, - }; - - byte v1_cipher[IDEA_NB_TESTS][IDEA_BLOCK_SIZE] = { - { 0x54, 0xCF, 0x21, 0xE3, 0x89, 0xD8, 0x73, 0xEC }, - { 0x85, 0x52, 0x4D, 0x41, 0x0E, 0xB4, 0x28, 0xAE }, - { 0xF5, 0x26, 0xAB, 0x9A, 0x62, 0xC0, 0xD2, 0x58 }, - { 0xC8, 0xFB, 0x51, 0xD3, 0x51, 0x66, 0x27, 0xA8 }, - { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 }, - { 0xEA, 0x02, 0x47, 0x14, 0xAD, 0x5C, 0x4D, 0x84 }, - }; - - byte v1_cipher_100[IDEA_NB_TESTS_EXTRA][IDEA_BLOCK_SIZE] = { - { 0x12, 0x46, 0x2F, 0xD0, 0xFB, 0x3A, 0x63, 0x39 }, - { 0x15, 0x61, 0xE8, 0xC9, 0x04, 0x54, 0x8B, 0xE9 }, - { 0x42, 0x12, 0x2A, 0x94, 0xB0, 0xF6, 0xD2, 0x43 }, - { 0x53, 0x4D, 0xCD, 0x48, 0xDD, 0xD5, 0xF5, 0x9C }, - }; - - byte v1_cipher_1000[IDEA_NB_TESTS_EXTRA][IDEA_BLOCK_SIZE] = { - { 0x44, 0x1B, 0x38, 0x5C, 0x77, 0x29, 0x75, 0x34 }, - { 0xF0, 0x4E, 0x58, 0x88, 0x44, 0x99, 0x22, 0x2D }, - { 0xB3, 0x5F, 0x93, 0x7F, 0x6A, 0xA0, 0xCD, 0x1F }, - { 0x9A, 0xEA, 0x46, 0x8F, 0x42, 0x9B, 0xBA, 0x15 }, - }; - - /* CBC test */ - const char *message = "International Data Encryption Algorithm"; - byte msg_enc[40], msg_dec[40]; - - for (i = 0; i < IDEA_NB_TESTS; i++) { - /* Set encryption key */ - XMEMSET(&idea, 0, sizeof(Idea)); - ret = wc_IdeaSetKey(&idea, v_key[i], IDEA_KEY_SIZE, - NULL, IDEA_ENCRYPTION); - if (ret != 0) { - printf("wc_IdeaSetKey (enc) failed\n"); - return -6600; - } - - /* Data encryption */ - ret = wc_IdeaCipher(&idea, data, v1_plain[i]); - if (ret != 0 || XMEMCMP(&v1_cipher[i], data, IDEA_BLOCK_SIZE)) { - printf("Bad encryption\n"); - return -6601; - } - - /* Set decryption key */ - XMEMSET(&idea, 0, sizeof(Idea)); - ret = wc_IdeaSetKey(&idea, v_key[i], IDEA_KEY_SIZE, - NULL, IDEA_DECRYPTION); - if (ret != 0) { - printf("wc_IdeaSetKey (dec) failed\n"); - return -6602; - } - - /* Data decryption */ - ret = wc_IdeaCipher(&idea, data, data); - if (ret != 0 || XMEMCMP(v1_plain[i], data, IDEA_BLOCK_SIZE)) { - printf("Bad decryption\n"); - return -6603; - } - - /* Set encryption key */ - XMEMSET(&idea, 0, sizeof(Idea)); - ret = wc_IdeaSetKey(&idea, v_key[i], IDEA_KEY_SIZE, - v_key[i], IDEA_ENCRYPTION); - if (ret != 0) { - printf("wc_IdeaSetKey (enc) failed\n"); - return -6604; - } - - XMEMSET(msg_enc, 0, sizeof(msg_enc)); - ret = wc_IdeaCbcEncrypt(&idea, msg_enc, (byte *)message, - (word32)XSTRLEN(message)+1); - if (ret != 0) { - printf("wc_IdeaCbcEncrypt failed\n"); - return -6605; - } - - /* Set decryption key */ - XMEMSET(&idea, 0, sizeof(Idea)); - ret = wc_IdeaSetKey(&idea, v_key[i], IDEA_KEY_SIZE, - v_key[i], IDEA_DECRYPTION); - if (ret != 0) { - printf("wc_IdeaSetKey (dec) failed\n"); - return -6606; - } - - XMEMSET(msg_dec, 0, sizeof(msg_dec)); - ret = wc_IdeaCbcDecrypt(&idea, msg_dec, msg_enc, - (word32)XSTRLEN(message)+1); - if (ret != 0) { - printf("wc_IdeaCbcDecrypt failed\n"); - return -6607; - } - - if (XMEMCMP(message, msg_dec, (word32)XSTRLEN(message))) { - printf("Bad CBC decryption\n"); - return -6608; - } - } - - for (i = 0; i < IDEA_NB_TESTS_EXTRA; i++) { - /* Set encryption key */ - XMEMSET(&idea, 0, sizeof(Idea)); - ret = wc_IdeaSetKey(&idea, v_key[i], IDEA_KEY_SIZE, - NULL, IDEA_ENCRYPTION); - if (ret != 0) { - printf("wc_IdeaSetKey (enc) failed\n"); - return -6609; - } - - /* 100 times data encryption */ - XMEMCPY(data, v1_plain[i], IDEA_BLOCK_SIZE); - for (j = 0; j < 100; j++) { - ret = wc_IdeaCipher(&idea, data, data); - if (ret != 0) { - return -6610; - } - } - - if (XMEMCMP(v1_cipher_100[i], data, IDEA_BLOCK_SIZE)) { - printf("Bad encryption (100 times)\n"); - return -6611; - } - - /* 1000 times data encryption */ - XMEMCPY(data, v1_plain[i], IDEA_BLOCK_SIZE); - for (j = 0; j < 1000; j++) { - ret = wc_IdeaCipher(&idea, data, data); - if (ret != 0) { - return -6612; - } - } - - if (XMEMCMP(v1_cipher_1000[i], data, IDEA_BLOCK_SIZE)) { - printf("Bad encryption (100 times)\n"); - return -6613; - } - } - -#ifndef WC_NO_RNG - /* random test for CBC */ - { - WC_RNG rng; - byte key[IDEA_KEY_SIZE], iv[IDEA_BLOCK_SIZE], - rnd[1000], enc[1000], dec[1000]; - - /* random values */ - #ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); - #else - ret = wc_InitRng(&rng); - #endif - if (ret != 0) - return -6614; - - for (i = 0; i < 1000; i++) { - /* random key */ - ret = wc_RNG_GenerateBlock(&rng, key, sizeof(key)); - if (ret != 0) - return -6615; - - /* random iv */ - ret = wc_RNG_GenerateBlock(&rng, iv, sizeof(iv)); - if (ret != 0) - return -6616; - - /* random data */ - ret = wc_RNG_GenerateBlock(&rng, rnd, sizeof(rnd)); - if (ret != 0) - return -6617; - - /* Set encryption key */ - XMEMSET(&idea, 0, sizeof(Idea)); - ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, iv, IDEA_ENCRYPTION); - if (ret != 0) { - printf("wc_IdeaSetKey (enc) failed\n"); - return -6618; - } - - /* Data encryption */ - XMEMSET(enc, 0, sizeof(enc)); - ret = wc_IdeaCbcEncrypt(&idea, enc, rnd, sizeof(rnd)); - if (ret != 0) { - printf("wc_IdeaCbcEncrypt failed\n"); - return -6619; - } - - /* Set decryption key */ - XMEMSET(&idea, 0, sizeof(Idea)); - ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, iv, IDEA_DECRYPTION); - if (ret != 0) { - printf("wc_IdeaSetKey (enc) failed\n"); - return -6620; - } - - /* Data decryption */ - XMEMSET(dec, 0, sizeof(dec)); - ret = wc_IdeaCbcDecrypt(&idea, dec, enc, sizeof(enc)); - if (ret != 0) { - printf("wc_IdeaCbcDecrypt failed\n"); - return -6621; - } - - if (XMEMCMP(rnd, dec, sizeof(rnd))) { - printf("Bad CBC decryption\n"); - return -6622; - } - } - - wc_FreeRng(&rng); - } -#endif /* WC_NO_RNG */ - - return 0; -} -#endif /* HAVE_IDEA */ - - -#ifndef WC_NO_RNG -static int _rng_test(WC_RNG* rng, int errorOffset) -{ - byte block[32]; - int ret, i; - - XMEMSET(block, 0, sizeof(block)); - - ret = wc_RNG_GenerateBlock(rng, block, sizeof(block)); - if (ret != 0) { - ret = -6623; - goto exit; - } - - /* Check for 0's */ - for (i=0; i<(int)sizeof(block); i++) { - if (block[i] == 0) { - ret++; - } - } - /* All zeros count check */ - if (ret >= (int)sizeof(block)) { - ret = -6624; - goto exit; - } - - ret = wc_RNG_GenerateByte(rng, block); - if (ret != 0) { - ret = -6625; - goto exit; - } - - /* Parameter validation testing. */ - ret = wc_RNG_GenerateBlock(NULL, block, sizeof(block)); - if (ret != BAD_FUNC_ARG) { - ret = -6626; - goto exit; - } - ret = wc_RNG_GenerateBlock(rng, NULL, sizeof(block)); - if (ret != BAD_FUNC_ARG) { - ret = -6627; - goto exit; - } - - ret = wc_RNG_GenerateByte(NULL, block); - if (ret != BAD_FUNC_ARG) { - ret = -6628; - goto exit; - } - ret = wc_RNG_GenerateByte(rng, NULL); - if (ret != BAD_FUNC_ARG) { - ret = -6629; - goto exit; - } - - ret = 0; - -exit: - if (ret != 0) - ret += errorOffset; - - return ret; -} - - -static int random_rng_test(void) -{ - WC_RNG localRng; - WC_RNG* rng; - int ret; - - rng = &localRng; - /* Test stack based RNG. */ -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(rng); -#endif - if (ret != 0) return -6700; - - ret = _rng_test(rng, -6300); - - /* Make sure and free RNG */ - wc_FreeRng(rng); - - if (ret != 0) return ret; - -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) - { - byte nonce[8] = { 0 }; - /* Test dynamic RNG. */ - rng = wc_rng_new(nonce, (word32)sizeof(nonce), HEAP_HINT); - if (rng == NULL) return -6701; - - ret = _rng_test(rng, -6310); - - wc_rng_free(rng); - } -#endif - - return ret; -} - -#if defined(HAVE_HASHDRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK) - -static int random_test(void) -{ - const byte test1Entropy[] = - { - 0xa6, 0x5a, 0xd0, 0xf3, 0x45, 0xdb, 0x4e, 0x0e, 0xff, 0xe8, 0x75, 0xc3, - 0xa2, 0xe7, 0x1f, 0x42, 0xc7, 0x12, 0x9d, 0x62, 0x0f, 0xf5, 0xc1, 0x19, - 0xa9, 0xef, 0x55, 0xf0, 0x51, 0x85, 0xe0, 0xfb, 0x85, 0x81, 0xf9, 0x31, - 0x75, 0x17, 0x27, 0x6e, 0x06, 0xe9, 0x60, 0x7d, 0xdb, 0xcb, 0xcc, 0x2e - }; - const byte test1Output[] = - { - 0xd3, 0xe1, 0x60, 0xc3, 0x5b, 0x99, 0xf3, 0x40, 0xb2, 0x62, 0x82, 0x64, - 0xd1, 0x75, 0x10, 0x60, 0xe0, 0x04, 0x5d, 0xa3, 0x83, 0xff, 0x57, 0xa5, - 0x7d, 0x73, 0xa6, 0x73, 0xd2, 0xb8, 0xd8, 0x0d, 0xaa, 0xf6, 0xa6, 0xc3, - 0x5a, 0x91, 0xbb, 0x45, 0x79, 0xd7, 0x3f, 0xd0, 0xc8, 0xfe, 0xd1, 0x11, - 0xb0, 0x39, 0x13, 0x06, 0x82, 0x8a, 0xdf, 0xed, 0x52, 0x8f, 0x01, 0x81, - 0x21, 0xb3, 0xfe, 0xbd, 0xc3, 0x43, 0xe7, 0x97, 0xb8, 0x7d, 0xbb, 0x63, - 0xdb, 0x13, 0x33, 0xde, 0xd9, 0xd1, 0xec, 0xe1, 0x77, 0xcf, 0xa6, 0xb7, - 0x1f, 0xe8, 0xab, 0x1d, 0xa4, 0x66, 0x24, 0xed, 0x64, 0x15, 0xe5, 0x1c, - 0xcd, 0xe2, 0xc7, 0xca, 0x86, 0xe2, 0x83, 0x99, 0x0e, 0xea, 0xeb, 0x91, - 0x12, 0x04, 0x15, 0x52, 0x8b, 0x22, 0x95, 0x91, 0x02, 0x81, 0xb0, 0x2d, - 0xd4, 0x31, 0xf4, 0xc9, 0xf7, 0x04, 0x27, 0xdf - }; - const byte test2EntropyA[] = - { - 0x63, 0x36, 0x33, 0x77, 0xe4, 0x1e, 0x86, 0x46, 0x8d, 0xeb, 0x0a, 0xb4, - 0xa8, 0xed, 0x68, 0x3f, 0x6a, 0x13, 0x4e, 0x47, 0xe0, 0x14, 0xc7, 0x00, - 0x45, 0x4e, 0x81, 0xe9, 0x53, 0x58, 0xa5, 0x69, 0x80, 0x8a, 0xa3, 0x8f, - 0x2a, 0x72, 0xa6, 0x23, 0x59, 0x91, 0x5a, 0x9f, 0x8a, 0x04, 0xca, 0x68 - }; - const byte test2EntropyB[] = - { - 0xe6, 0x2b, 0x8a, 0x8e, 0xe8, 0xf1, 0x41, 0xb6, 0x98, 0x05, 0x66, 0xe3, - 0xbf, 0xe3, 0xc0, 0x49, 0x03, 0xda, 0xd4, 0xac, 0x2c, 0xdf, 0x9f, 0x22, - 0x80, 0x01, 0x0a, 0x67, 0x39, 0xbc, 0x83, 0xd3 - }; - const byte test2Output[] = - { - 0x04, 0xee, 0xc6, 0x3b, 0xb2, 0x31, 0xdf, 0x2c, 0x63, 0x0a, 0x1a, 0xfb, - 0xe7, 0x24, 0x94, 0x9d, 0x00, 0x5a, 0x58, 0x78, 0x51, 0xe1, 0xaa, 0x79, - 0x5e, 0x47, 0x73, 0x47, 0xc8, 0xb0, 0x56, 0x62, 0x1c, 0x18, 0xbd, 0xdc, - 0xdd, 0x8d, 0x99, 0xfc, 0x5f, 0xc2, 0xb9, 0x20, 0x53, 0xd8, 0xcf, 0xac, - 0xfb, 0x0b, 0xb8, 0x83, 0x12, 0x05, 0xfa, 0xd1, 0xdd, 0xd6, 0xc0, 0x71, - 0x31, 0x8a, 0x60, 0x18, 0xf0, 0x3b, 0x73, 0xf5, 0xed, 0xe4, 0xd4, 0xd0, - 0x71, 0xf9, 0xde, 0x03, 0xfd, 0x7a, 0xea, 0x10, 0x5d, 0x92, 0x99, 0xb8, - 0xaf, 0x99, 0xaa, 0x07, 0x5b, 0xdb, 0x4d, 0xb9, 0xaa, 0x28, 0xc1, 0x8d, - 0x17, 0x4b, 0x56, 0xee, 0x2a, 0x01, 0x4d, 0x09, 0x88, 0x96, 0xff, 0x22, - 0x82, 0xc9, 0x55, 0xa8, 0x19, 0x69, 0xe0, 0x69, 0xfa, 0x8c, 0xe0, 0x07, - 0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17 - }; - - byte output[WC_SHA256_DIGEST_SIZE * 4]; - int ret; - - ret = wc_RNG_HealthTest(0, test1Entropy, sizeof(test1Entropy), NULL, 0, - output, sizeof(output)); - if (ret != 0) - return -6800; - - if (XMEMCMP(test1Output, output, sizeof(output)) != 0) - return -6801; - - ret = wc_RNG_HealthTest(1, test2EntropyA, sizeof(test2EntropyA), - test2EntropyB, sizeof(test2EntropyB), - output, sizeof(output)); - if (ret != 0) - return -6802; - - if (XMEMCMP(test2Output, output, sizeof(output)) != 0) - return -6803; - - /* Basic RNG generate block test */ - if ((ret = random_rng_test()) != 0) - return ret; - - /* Test the seed check function. */ -#if !(defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) - { - word32 i, outputSz; - - /* Repeat the same byte over and over. Should fail. */ - outputSz = sizeof(output); - XMEMSET(output, 1, outputSz); - ret = wc_RNG_TestSeed(output, outputSz); - if (ret == 0) - return -6804; - - /* Every byte of the entropy scratch is different, - * entropy is a single byte that shouldn't match. */ - outputSz = (sizeof(word32) * 2) + 1; - for (i = 0; i < outputSz; i++) - output[i] = (byte)i; - ret = wc_RNG_TestSeed(output, outputSz); - if (ret != 0) - return -6805; - - outputSz = sizeof(output); - for (i = 0; i < outputSz; i++) - output[i] = (byte)i; - ret = wc_RNG_TestSeed(output, outputSz); - if (ret != 0) - return -6806; - } -#endif - return 0; -} - -#else - -static int random_test(void) -{ - /* Basic RNG generate block test */ - return random_rng_test(); -} - -#endif /* HAVE_HASHDRBG && !CUSTOM_RAND_GENERATE_BLOCK */ -#endif /* WC_NO_RNG */ - -#ifndef MEM_TEST_SZ - #define MEM_TEST_SZ 1024 -#endif - -#if defined(WOLFSSL_STATIC_MEMORY) || !defined(WOLFSSL_NO_MALLOC) -static int simple_mem_test(int sz) -{ - int ret = 0; - byte* b; - int i; - - b = (byte*)XMALLOC(sz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (b == NULL) { - return -6900; - } - /* utilize memory */ - for (i = 0; i < sz; i++) { - b[i] = (byte)i; - } - /* read back and verify */ - for (i = 0; i < sz; i++) { - if (b[i] != (byte)i) { - ret = -6901; - break; - } - } - XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return ret; -} -#endif - -static int memory_test(void) -{ - int ret = 0; -#ifndef USE_FAST_MATH - byte* b = NULL; -#endif -#if defined(COMPLEX_MEM_TEST) || defined(WOLFSSL_STATIC_MEMORY) - int i; -#endif -#ifdef WOLFSSL_STATIC_MEMORY - word32 size[] = { WOLFMEM_BUCKETS }; - word32 dist[] = { WOLFMEM_DIST }; - byte buffer[30000]; /* make large enough to involve many bucket sizes */ - int pad = -(int)((wolfssl_word)buffer) & (WOLFSSL_STATIC_ALIGN - 1); - /* pad to account for if head of buffer is not at set memory - * alignment when tests are ran */ -#endif - -#ifdef WOLFSSL_STATIC_MEMORY - /* check macro settings */ - if (sizeof(size)/sizeof(word32) != WOLFMEM_MAX_BUCKETS) { - return -7000; - } - - if (sizeof(dist)/sizeof(word32) != WOLFMEM_MAX_BUCKETS) { - return -7001; - } - - for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) { - if ((size[i] % WOLFSSL_STATIC_ALIGN) != 0) { - /* each element in array should be divisible by alignment size */ - return -7002; - } - } - - for (i = 1; i < WOLFMEM_MAX_BUCKETS; i++) { - if (size[i - 1] >= size[i]) { - return -7003; /* sizes should be in increasing order */ - } - } - - /* check that padding size returned is possible */ - if (wolfSSL_MemoryPaddingSz() < WOLFSSL_STATIC_ALIGN) { - return -7004; /* no room for wc_Memory struct */ - } - - if (wolfSSL_MemoryPaddingSz() < 0) { - return -7005; - } - - if (wolfSSL_MemoryPaddingSz() % WOLFSSL_STATIC_ALIGN != 0) { - return -7006; /* not aligned! */ - } - - /* check function to return optimum buffer size (rounded down) */ - ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_GENERAL); - if ((ret - pad) % WOLFSSL_STATIC_ALIGN != 0) { - return -7007; /* not aligned! */ - } - - if (ret < 0) { - return -7008; - } - - if ((unsigned int)ret > sizeof(buffer)) { - return -7009; /* did not round down as expected */ - } - - if (ret != wolfSSL_StaticBufferSz(buffer, ret, WOLFMEM_GENERAL)) { - return -7010; /* return value changed when using suggested value */ - } - - ret = wolfSSL_MemoryPaddingSz(); - ret += pad; /* add space that is going to be needed if buffer not aligned */ - if (wolfSSL_StaticBufferSz(buffer, size[0] + ret + 1, WOLFMEM_GENERAL) != - (ret + (int)size[0])) { - return -7011; /* did not round down to nearest bucket value */ - } - - ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_IO_POOL); - if ((ret - pad) < 0) { - return -7012; - } - - if (((ret - pad) % (WOLFMEM_IO_SZ + wolfSSL_MemoryPaddingSz())) != 0) { - return -7013; /* not even chunks of memory for IO size */ - } - - if (((ret - pad) % WOLFSSL_STATIC_ALIGN) != 0) { - return -7014; /* memory not aligned */ - } - - /* check for passing bad or unknown arguments to functions */ - if (wolfSSL_StaticBufferSz(NULL, 1, WOLFMEM_GENERAL) > 0) { - return -7015; - } - - if (wolfSSL_StaticBufferSz(buffer, 1, WOLFMEM_GENERAL) != 0) { - return -7016; /* should round to 0 since struct + bucket will not fit */ - } - - (void)dist; /* avoid static analysis warning of variable not used */ -#endif - -#if defined(WOLFSSL_STATIC_MEMORY) || !defined(WOLFSSL_NO_MALLOC) - /* simple test */ - ret = simple_mem_test(MEM_TEST_SZ); - if (ret != 0) - return ret; -#endif - -#ifdef COMPLEX_MEM_TEST - /* test various size blocks */ - for (i = 1; i < MEM_TEST_SZ; i*=2) { - ret = simple_mem_test(i); - if (ret != 0) - return ret; - } -#endif - -#ifndef USE_FAST_MATH - /* realloc test */ - b = (byte*)XMALLOC(MEM_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (b) { - b = (byte*)XREALLOC(b, MEM_TEST_SZ+sizeof(word32), HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); - } - if (b == NULL) { - return -7017; - } - XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); -#endif - - return ret; -} - - -#ifdef HAVE_NTRU - -byte GetEntropy(ENTROPY_CMD cmd, byte* out); - -byte GetEntropy(ENTROPY_CMD cmd, byte* out) -{ - static WC_RNG rng; - - if (cmd == INIT) - return (wc_InitRng(&rng) == 0) ? 1 : 0; - - if (out == NULL) - return 0; - - if (cmd == GET_BYTE_OF_ENTROPY) - return (wc_RNG_GenerateBlock(&rng, out, 1) == 0) ? 1 : 0; - - if (cmd == GET_NUM_BYTES_PER_BYTE_OF_ENTROPY) { - *out = 1; - return 1; - } - - return 0; -} - -#endif /* HAVE_NTRU */ - - -#ifndef NO_FILESYSTEM - -/* Cert Paths */ -#ifdef FREESCALE_MQX - #define CERT_PREFIX "a:\\" - #define CERT_PATH_SEP "\\" -#elif defined(WOLFSSL_uTKERNEL2) - #define CERT_PREFIX "/uda/" - #define CERT_PATH_SEP "/" -#else - #define CERT_PREFIX "./" - #define CERT_PATH_SEP "/" -#endif -#define CERT_ROOT CERT_PREFIX "certs" CERT_PATH_SEP - -/* Generated Test Certs */ -#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ - !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) - #if !defined(NO_RSA) && !defined(NO_ASN) - static const char* clientKey = CERT_ROOT "client-key.der"; - static const char* clientCert = CERT_ROOT "client-cert.der"; - #ifdef WOLFSSL_CERT_EXT - static const char* clientKeyPub = CERT_ROOT "client-keyPub.der"; - #endif - #endif /* !NO_RSA && !NO_ASN */ -#endif -#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) - #if !defined(NO_RSA) && !defined(NO_ASN) - #if defined(WOLFSSL_CERT_GEN) || defined(HAVE_PKCS7) - static const char* rsaCaKeyFile = CERT_ROOT "ca-key.der"; - #ifdef WOLFSSL_CERT_GEN - static const char* rsaCaCertFile = CERT_ROOT "ca-cert.pem"; - #endif - #if defined(WOLFSSL_ALT_NAMES) || defined(HAVE_PKCS7) - static const char* rsaCaCertDerFile = CERT_ROOT "ca-cert.der"; - #endif - #ifdef HAVE_PKCS7 - static const char* rsaServerCertDerFile = - CERT_ROOT "server-cert.der"; - static const char* rsaServerKeyDerFile = - CERT_ROOT "server-key.der"; - #endif - #endif - #endif /* !NO_RSA && !NO_ASN */ -#endif /* !USE_CERT_BUFFER_* */ -#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ - !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \ - !defined(NO_ASN) - #ifndef NO_DH - static const char* dhParamsFile = CERT_ROOT "dh2048.der"; - #ifdef WOLFSSL_DH_EXTRA - static const char* dhKeyFile = CERT_ROOT "statickeys/dh-ffdhe2048.der"; - #endif - #endif - #ifndef NO_DSA - static const char* dsaKey = CERT_ROOT "dsa2048.der"; - #endif -#endif /* !USE_CERT_BUFFER_* */ -#if !defined(USE_CERT_BUFFERS_256) - #ifdef HAVE_ECC - /* cert files to be used in rsa cert gen test, check if RSA enabled */ - #ifdef HAVE_ECC_KEY_IMPORT - static const char* eccKeyDerFile = CERT_ROOT "ecc-key.der"; - #endif -#endif -#if !defined(USE_CERT_BUFFERS_256) && !defined(NO_ASN) - #if defined(HAVE_ECC) && defined(WOLFSSL_CERT_GEN) - #ifndef NO_RSA - /* eccKeyPubFile is used in a test that requires RSA. */ - static const char* eccKeyPubFile = CERT_ROOT "ecc-keyPub.der"; - #endif - static const char* eccCaKeyFile = CERT_ROOT "ca-ecc-key.der"; - static const char* eccCaCertFile = CERT_ROOT "ca-ecc-cert.pem"; - #ifdef ENABLE_ECC384_CERT_GEN_TEST - static const char* eccCaKey384File = - CERT_ROOT "ca-ecc384-key.der"; - static const char* eccCaCert384File = - CERT_ROOT "ca-ecc384-cert.pem"; - #endif - #endif - #if defined(HAVE_PKCS7) && defined(HAVE_ECC) - static const char* eccClientKey = CERT_ROOT "ecc-client-key.der"; - static const char* eccClientCert = CERT_ROOT "client-ecc-cert.der"; - #endif - #endif /* HAVE_ECC */ - #ifdef HAVE_ED25519 - #ifdef WOLFSSL_TEST_CERT - static const char* serverEd25519Cert = - CERT_ROOT "ed25519/server-ed25519.der"; - static const char* caEd25519Cert = - CERT_ROOT "ed25519/ca-ed25519.der"; - #endif - #endif - #ifdef HAVE_ED448 - #ifdef WOLFSSL_TEST_CERT - static const char* serverEd448Cert = - CERT_ROOT "ed448/server-ed448.der"; - static const char* caEd448Cert = CERT_ROOT "ed448/ca-ed448.der"; - #endif - #endif -#endif /* !USE_CERT_BUFFER_* */ - -#ifndef NO_WRITE_TEMP_FILES -#ifdef HAVE_ECC - #ifdef WOLFSSL_CERT_GEN - static const char* certEccPemFile = CERT_PREFIX "certecc.pem"; - #endif - #if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA) - static const char* certEccRsaPemFile = CERT_PREFIX "certeccrsa.pem"; - static const char* certEccRsaDerFile = CERT_PREFIX "certeccrsa.der"; - #endif - static const char* eccCaKeyPemFile = CERT_PREFIX "ecc-key.pem"; - static const char* eccPubKeyDerFile = CERT_PREFIX "ecc-public-key.der"; - static const char* eccCaKeyTempFile = CERT_PREFIX "ecc-key.der"; - #ifdef HAVE_PKCS8 - static const char* eccPkcs8KeyDerFile = CERT_PREFIX "ecc-key-pkcs8.der"; - #endif - #if defined(WOLFSSL_CERT_GEN) || \ - (defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT)) - static const char* certEccDerFile = CERT_PREFIX "certecc.der"; - #endif -#endif /* HAVE_ECC */ - -#ifndef NO_RSA - #if defined(WOLFSSL_CERT_GEN) || \ - (defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT)) - static const char* otherCertDerFile = CERT_PREFIX "othercert.der"; - static const char* certDerFile = CERT_PREFIX "cert.der"; - #endif - #ifdef WOLFSSL_CERT_GEN - static const char* otherCertPemFile = CERT_PREFIX "othercert.pem"; - static const char* certPemFile = CERT_PREFIX "cert.pem"; - #endif - #ifdef WOLFSSL_CERT_REQ - static const char* certReqDerFile = CERT_PREFIX "certreq.der"; - static const char* certReqPemFile = CERT_PREFIX "certreq.pem"; - #endif -#endif /* !NO_RSA */ - -#if !defined(NO_RSA) || !defined(NO_DSA) - #ifdef WOLFSSL_KEY_GEN - static const char* keyDerFile = CERT_PREFIX "key.der"; - static const char* keyPemFile = CERT_PREFIX "key.pem"; - #endif -#endif - -#endif /* !NO_WRITE_TEMP_FILES */ -#endif /* !NO_FILESYSTEM */ - - -#if defined(WOLFSSL_CERT_GEN) && (!defined(NO_RSA) || defined(HAVE_ECC)) || \ - (defined(WOLFSSL_TEST_CERT) && (defined(HAVE_ED25519) || defined(HAVE_ED448))) -#ifdef WOLFSSL_MULTI_ATTRIB -static CertName certDefaultName; -static void initDefaultName(void) -{ - XMEMCPY(certDefaultName.country, "US", sizeof("US")); - certDefaultName.countryEnc = CTC_PRINTABLE; - XMEMCPY(certDefaultName.state, "Oregon", sizeof("Oregon")); - certDefaultName.stateEnc = CTC_UTF8; - XMEMCPY(certDefaultName.locality, "Portland", sizeof("Portland")); - certDefaultName.localityEnc = CTC_UTF8; - XMEMCPY(certDefaultName.sur, "Test", sizeof("Test")); - certDefaultName.surEnc = CTC_UTF8; - XMEMCPY(certDefaultName.org, "wolfSSL", sizeof("wolfSSL")); - certDefaultName.orgEnc = CTC_UTF8; - XMEMCPY(certDefaultName.unit, "Development", sizeof("Development")); - certDefaultName.unitEnc = CTC_UTF8; - XMEMCPY(certDefaultName.commonName, "www.wolfssl.com", sizeof("www.wolfssl.com")); - certDefaultName.commonNameEnc = CTC_UTF8; - XMEMCPY(certDefaultName.serialDev, "wolfSSL12345", sizeof("wolfSSL12345")); - certDefaultName.serialDevEnc = CTC_PRINTABLE; -#ifdef WOLFSSL_CERT_EXT - XMEMCPY(certDefaultName.busCat, "Private Organization", sizeof("Private Organization")); - certDefaultName.busCatEnc = CTC_UTF8; -#endif - XMEMCPY(certDefaultName.email, "info@wolfssl.com", sizeof("info@wolfssl.com")); - -#ifdef WOLFSSL_TEST_CERT - { - NameAttrib* n; - /* test having additional OUs and setting DC */ - n = &certDefaultName.name[0]; - n->id = ASN_ORGUNIT_NAME; - n->type = CTC_UTF8; - n->sz = sizeof("Development-2"); - XMEMCPY(n->value, "Development-2", sizeof("Development-2")); - - #if CTC_MAX_ATTRIB > 3 - n = &certDefaultName.name[1]; - n->id = ASN_DOMAIN_COMPONENT; - n->type = CTC_UTF8; - n->sz = sizeof("com"); - XMEMCPY(n->value, "com", sizeof("com")); - - n = &certDefaultName.name[2]; - n->id = ASN_DOMAIN_COMPONENT; - n->type = CTC_UTF8; - n->sz = sizeof("wolfssl"); - XMEMCPY(n->value, "wolfssl", sizeof("wolfssl")); - - #endif - } -#endif /* WOLFSSL_TEST_CERT */ -} -#else -static const CertName certDefaultName = { - "US", CTC_PRINTABLE, /* country */ - "Oregon", CTC_UTF8, /* state */ - "Portland", CTC_UTF8, /* locality */ - "Test", CTC_UTF8, /* sur */ - "wolfSSL", CTC_UTF8, /* org */ - "Development", CTC_UTF8, /* unit */ - "www.wolfssl.com", CTC_UTF8, /* commonName */ - "wolfSSL12345", CTC_PRINTABLE, /* serial number of device */ -#ifdef WOLFSSL_CERT_EXT - "Private Organization", CTC_UTF8, /* businessCategory */ - "US", CTC_PRINTABLE, /* jurisdiction country */ - "Oregon", CTC_PRINTABLE, /* jurisdiction state */ -#endif - "info@wolfssl.com" /* email */ -}; -#endif /* WOLFSSL_MULTI_ATTRIB */ - -#ifdef WOLFSSL_CERT_EXT - #if ((defined(HAVE_ED25519) || defined(HAVE_ED448)) && \ - defined(WOLFSSL_TEST_CERT)) || defined(HAVE_ECC) - static const char certKeyUsage[] = - "digitalSignature,nonRepudiation"; - #endif - #if (defined(WOLFSSL_CERT_REQ) || defined(HAVE_NTRU)) && !defined(NO_RSA) - static const char certKeyUsage2[] = - "digitalSignature,nonRepudiation,keyEncipherment,keyAgreement"; - #endif -#endif /* WOLFSSL_CERT_EXT */ -#endif /* WOLFSSL_CERT_GEN */ - -#ifndef NO_RSA - -#if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \ - !defined(NO_FILESYSTEM) -static byte minSerial[] = { 0x02, 0x01, 0x01 }; -static byte minName[] = { 0x30, 0x00 }; -static byte nameBad[] = { - 0x30, 0x08, - 0x31, 0x06, - 0x30, 0x04, - 0x06, 0x02, - 0x55, 0x04, -}; -static byte minDates[] = { - 0x30, 0x1e, - 0x17, 0x0d, - 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, 0x31, 0x35, - 0x32, 0x33, 0x31, 0x30, 0x5a, - 0x17, 0x0d, - 0x32, 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, - 0x32, 0x33, 0x31, 0x30, 0x5a -}; -static byte minPubKey[] = { - 0x30, 0x1b, - 0x30, 0x0d, - 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x01, - 0x05, 0x00, - 0x03, 0x0b, - 0x00, 0x30, 0x08, - 0x02, 0x01, - 0x03, - 0x02, 0x03, - 0x01, 0x00, 0x01 -}; -static byte minSigAlg[] = { - 0x30, 0x0d, - 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x0b, - 0x05, 0x00 -}; -static byte minSig[] = { - 0x03, 0x01, - 0x00 -}; - -static int add_seq(byte* certData, int offset, byte* data, byte length) -{ - XMEMMOVE(certData + offset + 2, data, length); - certData[offset++] = 0x30; - certData[offset++] = length; - return offset + length; -} -static int add_data(byte* certData, int offset, byte* data, byte length) -{ - XMEMCPY(certData + offset, data, length); - return offset + length; -} - -static int cert_asn1_test(void) -{ - int ret; - int len[3]; - DecodedCert cert; - byte certData[106]; - byte* badCert = NULL; - - len[2] = add_data(certData, 0, minSerial, (byte)sizeof(minSerial)); - len[2] = add_data(certData, len[2], minSigAlg, (byte)sizeof(minSigAlg)); - len[2] = add_data(certData, len[2], minName, (byte)sizeof(minName)); - len[2] = add_data(certData, len[2], minDates, (byte)sizeof(minDates)); - len[2] = add_data(certData, len[2], minName, (byte)sizeof(minName)); - len[2] = add_data(certData, len[2], minPubKey, (byte)sizeof(minPubKey)); - len[1] = add_seq(certData, 0, certData, len[2]); - len[1] = add_data(certData, len[1], minSigAlg, (byte)sizeof(minSigAlg)); - len[1] = add_data(certData, len[1], minSig, (byte)sizeof(minSig)); - len[0] = add_seq(certData, 0, certData, len[1]); - - /* Minimal good certificate */ - InitDecodedCert(&cert, certData, len[0], 0); - ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL); - FreeDecodedCert(&cert); - if (ret != 0) { - ERROR_OUT(-7100, done); - } - - /* Bad issuer name */ - len[2] = add_data(certData, 0, minSerial, (byte)sizeof(minSerial)); - len[2] = add_data(certData, len[2], minSigAlg, (byte)sizeof(minSigAlg)); - len[2] = add_data(certData, len[2], nameBad, (byte)sizeof(nameBad)); - len[1] = add_seq(certData, 0, certData, len[2]); - len[0] = add_seq(certData, 0, certData, len[1]); - /* Put data into allocated buffer to allow access error checking. */ - badCert = (byte*)XMALLOC(len[0], HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XMEMCPY(badCert, certData, len[0]); - InitDecodedCert(&cert, badCert, len[0], 0); - ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL); - FreeDecodedCert(&cert); - if (ret != ASN_PARSE_E) { - ERROR_OUT(-7101, done); - } - XFREE(badCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - badCert = NULL; - ret = 0; - -done: - if (badCert != NULL) - XFREE(badCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return ret; -} - -static int cert_test(void) -{ -#if !defined(NO_FILESYSTEM) - DecodedCert cert; - byte* tmp; - size_t bytes; - XFILE file; - int ret; - - tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (tmp == NULL) - return -7200; - - /* Certificate with Name Constraints extension. */ -#ifdef FREESCALE_MQX - file = XFOPEN(".\\certs\\test\\cert-ext-nc.der", "rb"); -#else - file = XFOPEN("./certs/test/cert-ext-nc.der", "rb"); -#endif - if (!file) { - ERROR_OUT(-7201, done); - } - bytes = XFREAD(tmp, 1, FOURK_BUF, file); - XFCLOSE(file); - InitDecodedCert(&cert, tmp, (word32)bytes, 0); - ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL); - if (ret != 0) { - ERROR_OUT(-7202, done); - } - FreeDecodedCert(&cert); - - /* Certificate with Inhibit Any Policy extension. */ -#ifdef FREESCALE_MQX - file = XFOPEN(".\\certs\\test\\cert-ext-ia.der", "rb"); -#else - file = XFOPEN("./certs/test/cert-ext-ia.der", "rb"); -#endif - if (!file) { - ERROR_OUT(-7203, done); - } - bytes = XFREAD(tmp, 1, FOURK_BUF, file); - XFCLOSE(file); - InitDecodedCert(&cert, tmp, (word32)bytes, 0); - ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL); - if (ret != 0) { - ERROR_OUT(-7204, done); - } - FreeDecodedCert(&cert); - - /* Certificate with Netscape Certificate Type extension. */ -#ifdef FREESCALE_MQX - file = XFOPEN(".\\certs\\test\\cert-ext-nct.der", "rb"); -#else - file = XFOPEN("./certs/test/cert-ext-nct.der", "rb"); -#endif - if (!file) { - ERROR_OUT(-7203, done); - } - bytes = XFREAD(tmp, 1, FOURK_BUF, file); - XFCLOSE(file); - InitDecodedCert(&cert, tmp, (word32)bytes, 0); - ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL); -#ifndef IGNORE_NETSCAPE_CERT_TYPE - if (ret != 0) { - ERROR_OUT(-7204, done); - } -#else - if (ret != ASN_CRIT_EXT_E) { - ERROR_OUT(-7205, done); - } - ret = 0; -#endif - -done: - FreeDecodedCert(&cert); - XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); -#endif /* !NO_FILESYSTEM */ - - if (ret == 0) - ret = cert_asn1_test(); - - return ret; -} -#endif /* WOLFSSL_TEST_CERT */ - -#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \ - !defined(NO_FILESYSTEM) -static int certext_test(void) -{ - DecodedCert cert; - byte* tmp; - size_t bytes; - XFILE file; - int ret; - - /* created from rsa_test : othercert.der */ - byte skid_rsa[] = "\x33\xD8\x45\x66\xD7\x68\x87\x18\x7E\x54" - "\x0D\x70\x27\x91\xC7\x26\xD7\x85\x65\xC0"; - - /* created from rsa_test : othercert.der */ - byte akid_rsa[] = "\x27\x8E\x67\x11\x74\xC3\x26\x1D\x3F\xED" - "\x33\x63\xB3\xA4\xD8\x1D\x30\xE5\xE8\xD5"; - -#ifdef HAVE_ECC - /* created from ecc_test_cert_gen : certecc.der */ -#ifdef ENABLE_ECC384_CERT_GEN_TEST - /* Authority key id from ./certs/ca-ecc384-cert.pem */ - byte akid_ecc[] = "\xAB\xE0\xC3\x26\x4C\x18\xD4\x72\xBB\xD2" - "\x84\x8C\x9C\x0A\x05\x92\x80\x12\x53\x52"; -#else - /* Authority key id from ./certs/ca-ecc-cert.pem */ - byte akid_ecc[] = "\x56\x8E\x9A\xC3\xF0\x42\xDE\x18\xB9\x45" - "\x55\x6E\xF9\x93\xCF\xEA\xC3\xF3\xA5\x21"; -#endif -#endif /* HAVE_ECC */ - - /* created from rsa_test : cert.der */ - byte kid_ca[] = "\x33\xD8\x45\x66\xD7\x68\x87\x18\x7E\x54" - "\x0D\x70\x27\x91\xC7\x26\xD7\x85\x65\xC0"; - - tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (tmp == NULL) - return -7300; - - /* load othercert.der (Cert signed by an authority) */ - file = XFOPEN(otherCertDerFile, "rb"); - if (!file) { - XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - return -7301; - } - - bytes = XFREAD(tmp, 1, FOURK_BUF, file); - XFCLOSE(file); - - InitDecodedCert(&cert, tmp, (word32)bytes, 0); - - ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0); - if (ret != 0) - return -7302; - - /* check the SKID from a RSA certificate */ - if (XMEMCMP(skid_rsa, cert.extSubjKeyId, sizeof(cert.extSubjKeyId))) - return -7303; - - /* check the AKID from an RSA certificate */ - if (XMEMCMP(akid_rsa, cert.extAuthKeyId, sizeof(cert.extAuthKeyId))) - return -7304; - - /* check the Key Usage from an RSA certificate */ - if (!cert.extKeyUsageSet) - return -7305; - - if (cert.extKeyUsage != (KEYUSE_KEY_ENCIPHER|KEYUSE_KEY_AGREE)) - return -7306; - - /* check the CA Basic Constraints from an RSA certificate */ - if (cert.isCA) - return -7307; - -#ifndef WOLFSSL_SEP /* test only if not using SEP policies */ - /* check the Certificate Policies Id */ - if (cert.extCertPoliciesNb != 1) - return -7308; - - if (strncmp(cert.extCertPolicies[0], "2.16.840.1.101.3.4.1.42", 23)) - return -7309; -#endif - - FreeDecodedCert(&cert); - -#ifdef HAVE_ECC - /* load certecc.der (Cert signed by our ECC CA test in ecc_test_cert_gen) */ - file = XFOPEN(certEccDerFile, "rb"); - if (!file) { - XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - return -7310; - } - - bytes = XFREAD(tmp, 1, FOURK_BUF, file); - XFCLOSE(file); - - InitDecodedCert(&cert, tmp, (word32)bytes, 0); - - ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0); - if (ret != 0) - return -7311; - - /* check the SKID from a ECC certificate - generated dynamically */ - - /* check the AKID from an ECC certificate */ - if (XMEMCMP(akid_ecc, cert.extAuthKeyId, sizeof(cert.extAuthKeyId))) - return -7312; - - /* check the Key Usage from an ECC certificate */ - if (!cert.extKeyUsageSet) - return -7313; - - if (cert.extKeyUsage != (KEYUSE_DIGITAL_SIG|KEYUSE_CONTENT_COMMIT)) - return -7314; - - /* check the CA Basic Constraints from an ECC certificate */ - if (cert.isCA) - return -7315; - -#ifndef WOLFSSL_SEP /* test only if not using SEP policies */ - /* check the Certificate Policies Id */ - if (cert.extCertPoliciesNb != 2) - return -7316; - - if (strncmp(cert.extCertPolicies[0], "2.4.589440.587.101.2.1.9632587.1", 32)) - return -7317; - - if (strncmp(cert.extCertPolicies[1], "1.2.13025.489.1.113549", 22)) - return -7318; -#endif - - FreeDecodedCert(&cert); -#endif /* HAVE_ECC */ - - /* load cert.der (self signed certificate) */ - file = XFOPEN(certDerFile, "rb"); - if (!file) { - XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - return -7319; - } - - bytes = XFREAD(tmp, 1, FOURK_BUF, file); - XFCLOSE(file); - - InitDecodedCert(&cert, tmp, (word32)bytes, 0); - - ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0); - if (ret != 0) - return -7320; - - /* check the SKID from a CA certificate */ - if (XMEMCMP(kid_ca, cert.extSubjKeyId, sizeof(cert.extSubjKeyId))) - return -7321; - - /* check the AKID from an CA certificate */ - if (XMEMCMP(kid_ca, cert.extAuthKeyId, sizeof(cert.extAuthKeyId))) - return -7322; - - /* check the Key Usage from CA certificate */ - if (!cert.extKeyUsageSet) - return -7323; - - if (cert.extKeyUsage != (KEYUSE_KEY_CERT_SIGN|KEYUSE_CRL_SIGN)) - return -7324; - - /* check the CA Basic Constraints CA certificate */ - if (!cert.isCA) - return -7325; - -#ifndef WOLFSSL_SEP /* test only if not using SEP policies */ - /* check the Certificate Policies Id */ - if (cert.extCertPoliciesNb != 2) - return -7326; - - if (strncmp(cert.extCertPolicies[0], "2.16.840.1.101.3.4.1.42", 23)) - return -7327; - - if (strncmp(cert.extCertPolicies[1], "1.2.840.113549.1.9.16.6.5", 25)) - return -7328; -#endif - - FreeDecodedCert(&cert); - XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - - return 0; -} -#endif /* WOLFSSL_CERT_EXT && WOLFSSL_TEST_CERT */ - -#if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \ - defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) -static int decodedCertCache_test(void) -{ - int ret = 0; - Cert cert; - FILE* file; - byte* der; - word32 derSz; - - derSz = FOURK_BUF; - der = XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (der == NULL) - ret = -7400; - - if (ret == 0) { - /* load cert.der */ - file = XFOPEN(certDerFile, "rb"); - if (file != NULL) { - derSz = XFREAD(der, 1, FOURK_BUF, file); - XFCLOSE(file); - } - else - ret = -7401; - } - - if (ret == 0) { - if (wc_InitCert(&cert)) { - ret = -7402; - } - } - - if (ret == 0) { - ret = wc_SetSubjectBuffer(&cert, der, derSz); - } - - if (ret == 0) { - if(wc_SetSubjectBuffer(NULL, der, derSz) != BAD_FUNC_ARG) - ret = -7403; - } - - if (ret == 0) { - if (wc_SetSubjectRaw(&cert, der, derSz) != 0) - ret = -7404; - } - - if (ret == 0) { - if(wc_SetSubjectRaw(NULL, der, derSz) != BAD_FUNC_ARG) - ret = -7405; - } - - if (ret == 0) { - if(wc_SetIssuerBuffer(&cert, der, derSz) != 0) - ret = -7406; - } - - if (ret == 0) { - if(wc_SetIssuerBuffer(NULL, der, derSz) != BAD_FUNC_ARG) - ret = -7407; - } - - if (ret == 0) { - if(wc_SetIssuerRaw(&cert, der, derSz) != 0) - ret = -7408; - } - - if (ret == 0) { - if(wc_SetIssuerRaw(NULL, der, derSz) != BAD_FUNC_ARG) - ret = -7409; - } - -#ifdef WOLFSSL_ALT_NAMES - if (ret == 0) { - if(wc_SetAltNamesBuffer(&cert, der, derSz) != 0) - ret = -7410; - } - - if (ret == 0) { - if(wc_SetAltNamesBuffer(NULL, der, derSz) != BAD_FUNC_ARG) - ret = -7411; - } - - if (ret == 0) { - if(wc_SetDatesBuffer(&cert, der, derSz) != 0) - ret = -7412; - } - - if (ret == 0) { - if(wc_SetDatesBuffer(NULL, der, derSz) != BAD_FUNC_ARG) - ret = -7413; - } -#endif - - if (ret == 0) { - if(wc_SetAuthKeyIdFromCert(&cert, der, derSz) != 0) - ret = -7414; - } - - if (ret == 0) { - if(wc_SetAuthKeyIdFromCert(NULL, der, derSz) != BAD_FUNC_ARG) - ret = -7415; - } - - wc_SetCert_Free(&cert); - if (ret == 0) { - if(cert.decodedCert != NULL) - ret = -7416; - } - - XFREE(der, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - - return ret; -} -#endif /* defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && - defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) */ - -#define RSA_TEST_BYTES 512 /* up to 4096-bit key */ - -#if !defined(NO_ASN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) -static int rsa_flatten_test(RsaKey* key) -{ - int ret; - byte e[RSA_TEST_BYTES]; - byte n[RSA_TEST_BYTES]; - word32 eSz = sizeof(e); - word32 nSz = sizeof(n); - - /* Parameter Validation testing. */ - ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz); -#ifdef HAVE_USER_RSA - /* Implementation using IPP Libraries returns: - * -101 = USER_CRYPTO_ERROR - */ - if (ret == 0) -#else - if (ret != BAD_FUNC_ARG) -#endif - return -7417; - ret = wc_RsaFlattenPublicKey(key, NULL, &eSz, n, &nSz); -#ifdef HAVE_USER_RSA - /* Implementation using IPP Libraries returns: - * -101 = USER_CRYPTO_ERROR - */ - if (ret == 0) -#else - if (ret != BAD_FUNC_ARG) -#endif - return -7418; - ret = wc_RsaFlattenPublicKey(key, e, NULL, n, &nSz); -#ifdef HAVE_USER_RSA - /* Implementation using IPP Libraries returns: - * -101 = USER_CRYPTO_ERROR - */ - if (ret == 0) -#else - if (ret != BAD_FUNC_ARG) -#endif - return -7419; - ret = wc_RsaFlattenPublicKey(key, e, &eSz, NULL, &nSz); -#ifdef HAVE_USER_RSA - /* Implementation using IPP Libraries returns: - * -101 = USER_CRYPTO_ERROR - */ - if (ret == 0) -#else - if (ret != BAD_FUNC_ARG) -#endif - return -7420; - ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, NULL); -#ifdef HAVE_USER_RSA - /* Implementation using IPP Libraries returns: - * -101 = USER_CRYPTO_ERROR - */ - if (ret == 0) -#else - if (ret != BAD_FUNC_ARG) -#endif - return -7421; - ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz); - if (ret != 0) - return -7422; - eSz = 0; - ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz); -#ifdef HAVE_USER_RSA - /* Implementation using IPP Libraries returns: - * -101 = USER_CRYPTO_ERROR - */ - if (ret == 0) -#elif defined(HAVE_FIPS) && \ - (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) - if (ret != 0) -#else - if (ret != RSA_BUFFER_E) -#endif - return -7423; - eSz = sizeof(e); - nSz = 0; - ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz); -#ifdef HAVE_USER_RSA - /* Implementation using IPP Libraries returns: - * -101 = USER_CRYPTO_ERROR - */ - if (ret == 0) -#else - if (ret != RSA_BUFFER_E) -#endif - return -7424; - - return 0; -} -#endif /* NO_ASN */ - -#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(NO_ASN) \ - && !defined(WOLFSSL_RSA_VERIFY_ONLY) -static int rsa_export_key_test(RsaKey* key) -{ - int ret; - byte e[3]; - word32 eSz = sizeof(e); - byte n[RSA_TEST_BYTES]; - word32 nSz = sizeof(n); - byte d[RSA_TEST_BYTES]; - word32 dSz = sizeof(d); - byte p[RSA_TEST_BYTES/2]; - word32 pSz = sizeof(p); - byte q[RSA_TEST_BYTES/2]; - word32 qSz = sizeof(q); - word32 zero = 0; - - ret = wc_RsaExportKey(NULL, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz); - if (ret != BAD_FUNC_ARG) - return -7425; - ret = wc_RsaExportKey(key, NULL, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz); - if (ret != BAD_FUNC_ARG) - return -7426; - ret = wc_RsaExportKey(key, e, NULL, n, &nSz, d, &dSz, p, &pSz, q, &qSz); - if (ret != BAD_FUNC_ARG) - return -7427; - ret = wc_RsaExportKey(key, e, &eSz, NULL, &nSz, d, &dSz, p, &pSz, q, &qSz); - if (ret != BAD_FUNC_ARG) - return -7428; - ret = wc_RsaExportKey(key, e, &eSz, n, NULL, d, &dSz, p, &pSz, q, &qSz); - if (ret != BAD_FUNC_ARG) - return -7429; - ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, NULL, &dSz, p, &pSz, q, &qSz); - if (ret != BAD_FUNC_ARG) - return -7430; - ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, NULL, p, &pSz, q, &qSz); - if (ret != BAD_FUNC_ARG) - return -7431; - ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, NULL, &pSz, q, &qSz); - if (ret != BAD_FUNC_ARG) - return -7432; - ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, NULL, q, &qSz); - if (ret != BAD_FUNC_ARG) - return -7433; - ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, NULL, &qSz); - if (ret != BAD_FUNC_ARG) - return -7434; - ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, NULL); - if (ret != BAD_FUNC_ARG) - return -7435; - - ret = wc_RsaExportKey(key, e, &zero, n, &nSz, d, &dSz, p, &pSz, q, &qSz); - if (ret != RSA_BUFFER_E) - return -7436; - ret = wc_RsaExportKey(key, e, &eSz, n, &zero, d, &dSz, p, &pSz, q, &qSz); - if (ret != RSA_BUFFER_E) - return -7437; -#ifndef WOLFSSL_RSA_PUBLIC_ONLY - ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &zero, p, &pSz, q, &qSz); - if (ret != RSA_BUFFER_E) - return -7438; - ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &zero, q, &qSz); - if (ret != RSA_BUFFER_E) - return -7439; - ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &zero); - if (ret != RSA_BUFFER_E) - return -7440; -#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ - - ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz); - if (ret != 0) - return -7441; - - return 0; -} -#endif /* !HAVE_FIPS && !USER_RSA && !NO_ASN */ - -#ifndef NO_SIG_WRAPPER -static int rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng) -{ - int ret; - word32 sigSz; - const byte in[] = "Everyone gets Friday off."; - const byte hash[] = { - 0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59, - 0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe, - 0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83, - 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f - }; - const byte hashEnc[] = { - 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, - 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, - 0x00, 0x04, 0x20, - - 0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59, - 0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe, - 0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83, - 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f - }; - word32 inLen = (word32)XSTRLEN((char*)in); - byte out[RSA_TEST_BYTES]; - - /* Parameter Validation testing. */ - ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_NONE, key, keyLen); - if (ret != BAD_FUNC_ARG) - return -7442; - ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, 0); - if (ret != BAD_FUNC_ARG) - return -7443; - - sigSz = (word32)modLen; - ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL, - inLen, out, &sigSz, key, keyLen, rng); - if (ret != BAD_FUNC_ARG) - return -7444; - ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, - 0, out, &sigSz, key, keyLen, rng); - if (ret != BAD_FUNC_ARG) - return -7445; - ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, - inLen, NULL, &sigSz, key, keyLen, rng); - if (ret != BAD_FUNC_ARG) - return -7446; - ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, - inLen, out, NULL, key, keyLen, rng); - if (ret != BAD_FUNC_ARG) - return -7447; - ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, - inLen, out, &sigSz, NULL, keyLen, rng); - if (ret != BAD_FUNC_ARG) - return -7448; - ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, - inLen, out, &sigSz, key, 0, rng); - if (ret != BAD_FUNC_ARG) - return -7449; - ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, - inLen, out, &sigSz, key, keyLen, NULL); -#ifdef HAVE_USER_RSA - /* Implementation using IPP Libraries returns: - * -101 = USER_CRYPTO_ERROR - */ - if (ret == 0) -#elif defined(WOLFSSL_AFALG_XILINX_RSA) || defined(WOLFSSL_XILINX_CRYPT) - /* blinding / rng handled with hardware acceleration */ - if (ret != 0) -#elif defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) - /* async may not require RNG */ - if (ret != 0 && ret != MISSING_RNG_E) -#elif defined(HAVE_FIPS) || defined(WOLFSSL_ASYNC_CRYPT) || \ - !defined(WC_RSA_BLINDING) - /* FIPS140 implementation does not do blinding */ - if (ret != 0) -#elif defined(WOLFSSL_RSA_PUBLIC_ONLY) - if (ret != SIG_TYPE_E) -#elif defined(WOLFSSL_CRYPTOCELL) - /* RNG is handled with the cryptocell */ - if (ret != 0) -#else - if (ret != MISSING_RNG_E) -#endif - return -7450; - sigSz = 0; - ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, - inLen, out, &sigSz, key, keyLen, rng); - if (ret != BAD_FUNC_ARG) - return -7451; - - ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL, - inLen, out, (word32)modLen, key, keyLen); - if (ret != BAD_FUNC_ARG) - return -7452; - ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, - 0, out, (word32)modLen, key, keyLen); - if (ret != BAD_FUNC_ARG) - return -7453; - ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, - inLen, NULL, (word32)modLen, key, keyLen); - if (ret != BAD_FUNC_ARG) - return -7454; - ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, - inLen, out, 0, key, keyLen); - if (ret != BAD_FUNC_ARG) - return -7455; - ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, - inLen, out, (word32)modLen, NULL, keyLen); - if (ret != BAD_FUNC_ARG) - return -7456; - ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, - inLen, out, (word32)modLen, key, 0); - if (ret != BAD_FUNC_ARG) - return -7457; - -#ifndef HAVE_ECC - ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_ECC, key, keyLen); - if (ret != SIG_TYPE_E) - return -7458; -#endif - - /* Use APIs. */ - ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, keyLen); - if (ret != modLen) - return -7459; - ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA_W_ENC, key, keyLen); - if (ret != modLen) - return -7460; - - sigSz = (word32)ret; -#ifndef WOLFSSL_RSA_PUBLIC_ONLY - XMEMSET(out, 0, sizeof(out)); - ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, - inLen, out, &sigSz, key, keyLen, rng); - if (ret != 0) - return -7461; - - ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, - inLen, out, (word32)modLen, key, keyLen); - if (ret != 0) - return -7462; - - sigSz = (word32)sizeof(out); - ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC, - in, inLen, out, &sigSz, key, keyLen, rng); - if (ret != 0) - return -7463; - - ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC, - in, inLen, out, (word32)modLen, key, keyLen); - if (ret != 0) - return -7464; - - /* Wrong signature type. */ - ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, - inLen, out, (word32)modLen, key, keyLen); - if (ret == 0) - return -7465; - - /* check hash functions */ - sigSz = (word32)sizeof(out); - ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, - hash, (int)sizeof(hash), out, &sigSz, key, keyLen, rng); - if (ret != 0) - return -7466; - - ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, - hash, (int)sizeof(hash), out, (word32)modLen, key, keyLen); - if (ret != 0) - return -7467; - - sigSz = (word32)sizeof(out); - ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC, - hashEnc, (int)sizeof(hashEnc), out, &sigSz, key, keyLen, rng); - if (ret != 0) - return -7468; - - ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC, - hashEnc, (int)sizeof(hashEnc), out, (word32)modLen, key, keyLen); - if (ret != 0) - return -7469; -#else - (void)hash; - (void)hashEnc; -#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ - - return 0; -} -#endif /* !NO_SIG_WRAPPER */ - -#ifdef WC_RSA_NONBLOCK -static int rsa_nb_test(RsaKey* key, const byte* in, word32 inLen, byte* out, - word32 outSz, byte* plain, word32 plainSz, WC_RNG* rng) -{ - int ret = 0, count; - int signSz = 0; - RsaNb nb; - byte* inlinePlain = NULL; - - /* Enable non-blocking RSA mode - provide context */ - ret = wc_RsaSetNonBlock(key, &nb); - if (ret != 0) - return ret; - -#ifdef WC_RSA_NONBLOCK_TIME - /* Enable time based RSA blocking. 8 microseconds max (3.1GHz) */ - ret = wc_RsaSetNonBlockTime(key, 8, 3100); - if (ret != 0) - return ret; -#endif - - count = 0; - do { - ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, rng); - count++; /* track number of would blocks */ - if (ret == FP_WOULDBLOCK) { - /* do "other" work here */ - } - } while (ret == FP_WOULDBLOCK); - if (ret < 0) { - return ret; - } -#ifdef DEBUG_WOLFSSL - printf("RSA non-block sign: %d times\n", count); -#endif - signSz = ret; - - /* Test non-blocking verify */ - XMEMSET(plain, 0, plainSz); - count = 0; - do { - ret = wc_RsaSSL_Verify(out, (word32)signSz, plain, plainSz, key); - count++; /* track number of would blocks */ - if (ret == FP_WOULDBLOCK) { - /* do "other" work here */ - } - } while (ret == FP_WOULDBLOCK); - if (ret < 0) { - return ret; - } -#ifdef DEBUG_WOLFSSL - printf("RSA non-block verify: %d times\n", count); -#endif - - if (signSz == ret && XMEMCMP(plain, in, (size_t)ret)) { - return SIG_VERIFY_E; - } - - /* Test inline non-blocking verify */ - count = 0; - do { - ret = wc_RsaSSL_VerifyInline(out, (word32)signSz, &inlinePlain, key); - count++; /* track number of would blocks */ - if (ret == FP_WOULDBLOCK) { - /* do "other" work here */ - } - } while (ret == FP_WOULDBLOCK); - if (ret < 0) { - return ret; - } -#ifdef DEBUG_WOLFSSL - printf("RSA non-block inline verify: %d times\n", count); -#endif - - if (signSz == ret && XMEMCMP(inlinePlain, in, (size_t)ret)) { - return SIG_VERIFY_E; - } - - /* Disabling non-block RSA mode */ - ret = wc_RsaSetNonBlock(key, NULL); - - (void)count; - - return 0; -} -#endif - -#if !defined(HAVE_USER_RSA) && !defined(NO_ASN) -static int rsa_decode_test(RsaKey* keyPub) -{ - int ret; - word32 inSz; - word32 inOutIdx; - static const byte n[2] = { 0x00, 0x23 }; - static const byte e[2] = { 0x00, 0x03 }; - static const byte good[] = { 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, - 0x03 }; - static const byte goodAlgId[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00, - 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; - static const byte goodAlgIdNull[] = { 0x30, 0x11, 0x30, 0x0f, 0x06, 0x00, - 0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, - 0x02, 0x1, 0x03 }; - static const byte badAlgIdNull[] = { 0x30, 0x12, 0x30, 0x10, 0x06, 0x00, - 0x05, 0x01, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, - 0x02, 0x1, 0x03 }; - static const byte badNotBitString[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00, - 0x04, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; - static const byte badBitStringLen[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00, - 0x03, 0x0a, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; - static const byte badNoSeq[] = { 0x30, 0x0d, 0x30, 0x0b, 0x06, 0x00, 0x03, - 0x07, 0x00, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; - static const byte badNoObj[] = { - 0x30, 0x0f, 0x30, 0x0d, 0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, - 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; - static const byte badIntN[] = { 0x30, 0x06, 0x02, 0x05, 0x23, 0x02, 0x1, - 0x03 }; - static const byte badNotIntE[] = { 0x30, 0x06, 0x02, 0x01, 0x23, 0x04, 0x1, - 0x03 }; - static const byte badLength[] = { 0x30, 0x04, 0x02, 0x01, 0x23, 0x02, 0x1, - 0x03 }; - static const byte badBitStrNoZero[] = { 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x00, - 0x03, 0x08, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; - - ret = wc_InitRsaKey(keyPub, NULL); - if (ret != 0) - return -7470; - - /* Parameter Validation testing. */ - ret = wc_RsaPublicKeyDecodeRaw(NULL, sizeof(n), e, sizeof(e), keyPub); - if (ret != BAD_FUNC_ARG) { - ret = -7471; - goto done; - } - ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), NULL, sizeof(e), keyPub); - if (ret != BAD_FUNC_ARG) { - ret = -7472; - goto done; - } - ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), NULL); - if (ret != BAD_FUNC_ARG) { - ret = -7473; - goto done; - } - ret = wc_RsaPublicKeyDecodeRaw(n, (word32)-1, e, sizeof(e), keyPub); -#ifndef WOLFSSL_SP_MATH - if (ret != 0) { -#else - if (ret != ASN_GETINT_E) { -#endif - ret = -7474; - goto done; - } - wc_FreeRsaKey(keyPub); - ret = wc_InitRsaKey(keyPub, NULL); - if (ret != 0) - return -7475; - ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, (word32)-1, keyPub); -#ifndef WOLFSSL_SP_MATH - if (ret != 0) { -#else - if (ret != ASN_GETINT_E) { -#endif - ret = -7476; - goto done; - } - wc_FreeRsaKey(keyPub); - ret = wc_InitRsaKey(keyPub, NULL); - if (ret != 0) - return -7477; - - /* Use API. */ - ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), keyPub); - if (ret != 0) { - ret = -7478; - goto done; - } - wc_FreeRsaKey(keyPub); - ret = wc_InitRsaKey(keyPub, NULL); - if (ret != 0) - return -7479; - - /* Parameter Validation testing. */ - inSz = sizeof(good); - ret = wc_RsaPublicKeyDecode(NULL, &inOutIdx, keyPub, inSz); - if (ret != BAD_FUNC_ARG) { - ret = -7480; - goto done; - } - ret = wc_RsaPublicKeyDecode(good, NULL, keyPub, inSz); - if (ret != BAD_FUNC_ARG) { - ret = -7481; - goto done; - } - ret = wc_RsaPublicKeyDecode(good, &inOutIdx, NULL, inSz); - if (ret != BAD_FUNC_ARG) { - ret = -7482; - goto done; - } - - /* Use good data and offset to bad data. */ - inOutIdx = 2; - inSz = sizeof(good) - inOutIdx; - ret = wc_RsaPublicKeyDecode(good, &inOutIdx, keyPub, inSz); - if (ret != ASN_PARSE_E) { - ret = -7483; - goto done; - } - inOutIdx = 2; - inSz = sizeof(goodAlgId) - inOutIdx; - ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz); - if (ret != ASN_PARSE_E) { - ret = -7484; - goto done; - } - inOutIdx = 2; - inSz = sizeof(goodAlgId); - ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz); -#ifndef WOLFSSL_NO_DECODE_EXTRA - if (ret != ASN_PARSE_E) -#else - if (ret != ASN_RSA_KEY_E) -#endif - { - ret = -7485; - goto done; - } - /* Try different bad data. */ - inSz = sizeof(badAlgIdNull); - inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badAlgIdNull, &inOutIdx, keyPub, inSz); - if (ret != ASN_EXPECT_0_E) { - ret = -7486; - goto done; - } - inSz = sizeof(badNotBitString); - inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badNotBitString, &inOutIdx, keyPub, inSz); - if (ret != ASN_BITSTR_E) { - ret = -7487; - goto done; - } - inSz = sizeof(badBitStringLen); - inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badBitStringLen, &inOutIdx, keyPub, inSz); - if (ret != ASN_PARSE_E) { - ret = -7488; - goto done; - } - inSz = sizeof(badNoSeq); - inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badNoSeq, &inOutIdx, keyPub, inSz); - if (ret != ASN_PARSE_E) { - ret = -7489; - goto done; - } - inSz = sizeof(badNoObj); - inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badNoObj, &inOutIdx, keyPub, inSz); - if (ret != ASN_PARSE_E) { - ret = -7490; - goto done; - } - inSz = sizeof(badIntN); - inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badIntN, &inOutIdx, keyPub, inSz); - if (ret != ASN_RSA_KEY_E) { - ret = -7491; - goto done; - } - inSz = sizeof(badNotIntE); - inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badNotIntE, &inOutIdx, keyPub, inSz); - if (ret != ASN_RSA_KEY_E) { - ret = -7492; - goto done; - } - /* TODO: Shouldn't pass as the sequence length is too small. */ - inSz = sizeof(badLength); - inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badLength, &inOutIdx, keyPub, inSz); - if (ret != 0) { - ret = -7493; - goto done; - } - /* TODO: Shouldn't ignore object id's data. */ - wc_FreeRsaKey(keyPub); - ret = wc_InitRsaKey(keyPub, NULL); - if (ret != 0) - return -7494; - - inSz = sizeof(badBitStrNoZero); - inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(badBitStrNoZero, &inOutIdx, keyPub, inSz); - if (ret != ASN_EXPECT_0_E) { - ret = -7495; - goto done; - } - wc_FreeRsaKey(keyPub); - ret = wc_InitRsaKey(keyPub, NULL); - if (ret != 0) - return -7496; - - /* Valid data cases. */ - inSz = sizeof(good); - inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(good, &inOutIdx, keyPub, inSz); - if (ret != 0) { - ret = -7497; - goto done; - } - if (inOutIdx != inSz) { - ret = -7498; - goto done; - } - wc_FreeRsaKey(keyPub); - ret = wc_InitRsaKey(keyPub, NULL); - if (ret != 0) - return -7499; - - inSz = sizeof(goodAlgId); - inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz); - if (ret != 0) { - ret = -7500; - goto done; - } - if (inOutIdx != inSz) { - ret = -7501; - goto done; - } - wc_FreeRsaKey(keyPub); - ret = wc_InitRsaKey(keyPub, NULL); - if (ret != 0) - return -7502; - - inSz = sizeof(goodAlgIdNull); - inOutIdx = 0; - ret = wc_RsaPublicKeyDecode(goodAlgIdNull, &inOutIdx, keyPub, inSz); - if (ret != 0) { - ret = -7503; - goto done; - } - if (inOutIdx != inSz) { - ret = -7504; - goto done; - } - -done: - wc_FreeRsaKey(keyPub); - return ret; -} -#endif - -#if defined(WC_RSA_PSS) && !defined(HAVE_FIPS_VERSION) /* not supported with FIPSv1 */ -/* Need to create known good signatures to test with this. */ -#ifndef WOLFSSL_RSA_VERIFY_ONLY -static int rsa_pss_test(WC_RNG* rng, RsaKey* key) -{ - byte digest[WC_MAX_DIGEST_SIZE]; - int ret = 0; - const char* inStr = "Everyone gets Friday off."; - word32 inLen = (word32)XSTRLEN((char*)inStr); - word32 outSz; - word32 plainSz; - word32 digestSz; - int i, j; -#ifdef RSA_PSS_TEST_WRONG_PARAMS - int k, l; -#endif - int len; - byte* plain; - int mgf[] = { -#ifndef NO_SHA - WC_MGF1SHA1, -#endif -#ifdef WOLFSSL_SHA224 - WC_MGF1SHA224, -#endif - WC_MGF1SHA256, -#ifdef WOLFSSL_SHA384 - WC_MGF1SHA384, -#endif -#ifdef WOLFSSL_SHA512 - WC_MGF1SHA512 -#endif - }; - enum wc_HashType hash[] = { -#ifndef NO_SHA - WC_HASH_TYPE_SHA, -#endif -#ifdef WOLFSSL_SHA224 - WC_HASH_TYPE_SHA224, -#endif - WC_HASH_TYPE_SHA256, -#ifdef WOLFSSL_SHA384 - WC_HASH_TYPE_SHA384, -#endif -#ifdef WOLFSSL_SHA512 - WC_HASH_TYPE_SHA512, -#endif - }; - - DECLARE_VAR_INIT(in, byte, inLen, inStr, HEAP_HINT); - DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT); - DECLARE_VAR(sig, byte, RSA_TEST_BYTES, HEAP_HINT); - - /* Test all combinations of hash and MGF. */ - for (j = 0; j < (int)(sizeof(hash)/sizeof(*hash)); j++) { - /* Calculate hash of message. */ - ret = wc_Hash(hash[j], in, inLen, digest, sizeof(digest)); - if (ret != 0) - ERROR_OUT(-7505, exit_rsa_pss); - digestSz = wc_HashGetDigestSize(hash[j]); - - for (i = 0; i < (int)(sizeof(mgf)/sizeof(*mgf)); i++) { - outSz = RSA_TEST_BYTES; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key->asyncDev, - WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, - hash[j], mgf[i], -1, key, rng); - } - } while (ret == WC_PENDING_E); - if (ret <= 0) - ERROR_OUT(-7506, exit_rsa_pss); - outSz = ret; - - XMEMCPY(sig, out, outSz); - plain = NULL; - TEST_SLEEP(); - - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key->asyncDev, - WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[j], - mgf[i], -1, key); - } - } while (ret == WC_PENDING_E); - if (ret <= 0) - ERROR_OUT(-7507, exit_rsa_pss); - plainSz = ret; - TEST_SLEEP(); - -#if defined(HAVE_SELFTEST) && \ - (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2)) - ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, - hash[j], -1); -#else - ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, - hash[j], -1, wc_RsaEncryptSize(key)*8); -#endif - if (ret != 0) - ERROR_OUT(-7508, exit_rsa_pss); - -#ifdef RSA_PSS_TEST_WRONG_PARAMS - for (k = 0; k < (int)(sizeof(mgf)/sizeof(*mgf)); k++) { - for (l = 0; l < (int)(sizeof(hash)/sizeof(*hash)); l++) { - if (i == k && j == l) - continue; - - XMEMCPY(sig, out, outSz); - - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key->asyncDev, - WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, - (byte**)&plain, hash[l], mgf[k], -1, key); - } - } while (ret == WC_PENDING_E); - if (ret >= 0) - ERROR_OUT(-7509, exit_rsa_pss); - } - } -#endif - } - } - - /* Test that a salt length of zero works. */ - digestSz = wc_HashGetDigestSize(hash[0]); - outSz = RSA_TEST_BYTES; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key->asyncDev, - WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0], - mgf[0], 0, key, rng); - } - } while (ret == WC_PENDING_E); - if (ret <= 0) - ERROR_OUT(-7510, exit_rsa_pss); - outSz = ret; - TEST_SLEEP(); - - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key->asyncDev, - WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaPSS_Verify_ex(out, outSz, sig, outSz, hash[0], mgf[0], - 0, key); - } - } while (ret == WC_PENDING_E); - if (ret <= 0) - ERROR_OUT(-7511, exit_rsa_pss); - plainSz = ret; - TEST_SLEEP(); - - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key->asyncDev, - WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { -#if defined(HAVE_SELFTEST) && \ - (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2)) - ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, sig, plainSz, - hash[0], 0); -#else - ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, sig, plainSz, - hash[0], 0, 0); -#endif - } - } while (ret == WC_PENDING_E); - if (ret != 0) - ERROR_OUT(-7512, exit_rsa_pss); - - XMEMCPY(sig, out, outSz); - plain = NULL; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key->asyncDev, - WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], mgf[0], - 0, key); - } - } while (ret == WC_PENDING_E); - if (ret <= 0) - ERROR_OUT(-7513, exit_rsa_pss); - plainSz = ret; - TEST_SLEEP(); - -#if defined(HAVE_SELFTEST) && \ - (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2)) - ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0], - 0); -#else - ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0], - 0, 0); -#endif - if (ret != 0) - ERROR_OUT(-7514, exit_rsa_pss); - - /* Test bad salt lengths in various APIs. */ - digestSz = wc_HashGetDigestSize(hash[0]); - outSz = RSA_TEST_BYTES; -#ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER - len = -2; -#else - len = -3; -#endif - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key->asyncDev, - WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0], - mgf[0], len, key, rng); - } - } while (ret == WC_PENDING_E); - if (ret != PSS_SALTLEN_E) - ERROR_OUT(-7515, exit_rsa_pss); - - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key->asyncDev, - WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0], - mgf[0], digestSz + 1, key, rng); - } - } while (ret == WC_PENDING_E); - if (ret != PSS_SALTLEN_E) - ERROR_OUT(-7516, exit_rsa_pss); - TEST_SLEEP(); - - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key->asyncDev, - WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], - mgf[0], -2, key); - } - } while (ret == WC_PENDING_E); - if (ret != PSS_SALTLEN_E) - ERROR_OUT(-7517, exit_rsa_pss); - TEST_SLEEP(); - - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key->asyncDev, - WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], mgf[0], - digestSz + 1, key); - } - } while (ret == WC_PENDING_E); - if (ret != PSS_SALTLEN_E) - ERROR_OUT(-7518, exit_rsa_pss); - TEST_SLEEP(); - -#ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER - len = -2; -#else - len = -3; -#endif -#if defined(HAVE_SELFTEST) && \ - (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2)) - ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0], - len); -#else - ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0], - len, 0); -#endif - if (ret != PSS_SALTLEN_E) - ERROR_OUT(-7519, exit_rsa_pss); -#ifndef WOLFSSL_PSS_LONG_SALT - len = digestSz + 1; -#else - len = plainSz - digestSz - 1; -#endif -#if defined(HAVE_SELFTEST) && \ - (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2)) - ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0], - len); -#else - ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0], - len, 0); -#endif - if (ret != PSS_SALTLEN_E) - ERROR_OUT(-7520, exit_rsa_pss); - - ret = 0; -exit_rsa_pss: - FREE_VAR(sig, HEAP_HINT); - FREE_VAR(in, HEAP_HINT); - FREE_VAR(out, HEAP_HINT); - - return ret; -} -#endif /* WOLFSSL_RSA_VERIFY_ONLY */ -#endif - -#ifdef WC_RSA_NO_PADDING -static int rsa_no_pad_test(void) -{ - WC_RNG rng; - RsaKey key; - byte* tmp; - size_t bytes; - int ret; - word32 inLen = 0; - word32 idx = 0; - word32 outSz = RSA_TEST_BYTES; - word32 plainSz = RSA_TEST_BYTES; -#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ - !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \ - !defined(NO_FILESYSTEM) - XFILE file; -#endif - DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT); - DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT); - - /* initialize stack structures */ - XMEMSET(&rng, 0, sizeof(rng)); - XMEMSET(&key, 0, sizeof(key)); -#ifdef USE_CERT_BUFFERS_1024 - bytes = (size_t)sizeof_client_key_der_1024; - if (bytes < (size_t)sizeof_client_cert_der_1024) - bytes = (size_t)sizeof_client_cert_der_1024; -#elif defined(USE_CERT_BUFFERS_2048) - bytes = (size_t)sizeof_client_key_der_2048; - if (bytes < (size_t)sizeof_client_cert_der_2048) - bytes = (size_t)sizeof_client_cert_der_2048; -#else - bytes = FOURK_BUF; -#endif - - tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (tmp == NULL - #ifdef WOLFSSL_ASYNC_CRYPT - || out == NULL || plain == NULL - #endif - ) { - ERROR_OUT(-7600, exit_rsa_nopadding); - } - -#ifdef USE_CERT_BUFFERS_1024 - XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024); -#elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048); -#elif defined(USE_CERT_BUFFERS_3072) - XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072); -#elif defined(USE_CERT_BUFFERS_4096) - XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096); -#elif !defined(NO_FILESYSTEM) - file = XFOPEN(clientKey, "rb"); - if (!file) { - err_sys("can't open ./certs/client-key.der, " - "Please run from wolfSSL home dir", -40); - ERROR_OUT(-7601, exit_rsa_nopadding); - } - - bytes = XFREAD(tmp, 1, FOURK_BUF, file); - XFCLOSE(file); -#else - /* No key to use. */ - ERROR_OUT(-7602, exit_rsa_nopadding); -#endif /* USE_CERT_BUFFERS */ - - ret = wc_InitRsaKey_ex(&key, HEAP_HINT, devId); - if (ret != 0) { - ERROR_OUT(-7603, exit_rsa_nopadding); - } - ret = wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes); - if (ret != 0) { - ERROR_OUT(-7604, exit_rsa_nopadding); - } - - /* after loading in key use tmp as the test buffer */ - -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) { - ERROR_OUT(-7605, exit_rsa_nopadding); - } - -#ifndef WOLFSSL_RSA_VERIFY_ONLY - inLen = wc_RsaEncryptSize(&key); - outSz = inLen; - plainSz = inLen; - XMEMSET(tmp, 7, inLen); - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaDirect(tmp, inLen, out, &outSz, &key, - RSA_PRIVATE_ENCRYPT, &rng); - } - } while (ret == WC_PENDING_E); - if (ret <= 0) { - ERROR_OUT(-7606, exit_rsa_nopadding); - } - - /* encrypted result should not be the same as input */ - if (XMEMCMP(out, tmp, inLen) == 0) { - ERROR_OUT(-7607, exit_rsa_nopadding); - } - TEST_SLEEP(); - - /* decrypt with public key and compare result */ - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaDirect(out, outSz, plain, &plainSz, &key, - RSA_PUBLIC_DECRYPT, &rng); - } - } while (ret == WC_PENDING_E); - if (ret <= 0) { - ERROR_OUT(-7608, exit_rsa_nopadding); - } - - if (XMEMCMP(plain, tmp, inLen) != 0) { - ERROR_OUT(-7609, exit_rsa_nopadding); - } - TEST_SLEEP(); -#endif - -#ifdef WC_RSA_BLINDING - ret = wc_RsaSetRNG(NULL, &rng); - if (ret != BAD_FUNC_ARG) { - ERROR_OUT(-7610, exit_rsa_nopadding); - } - - ret = wc_RsaSetRNG(&key, &rng); - if (ret < 0) { - ERROR_OUT(-7611, exit_rsa_nopadding); - } -#endif - - /* test encrypt and decrypt using WC_RSA_NO_PAD */ -#ifndef WOLFSSL_RSA_VERIFY_ONLY - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaPublicEncrypt_ex(tmp, inLen, out, (int)outSz, &key, &rng, - WC_RSA_NO_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7612, exit_rsa_nopadding); - } - TEST_SLEEP(); -#endif /* WOLFSSL_RSA_VERIFY_ONLY */ - -#ifndef WOLFSSL_RSA_PUBLIC_ONLY - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaPrivateDecrypt_ex(out, outSz, plain, (int)plainSz, &key, - WC_RSA_NO_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7613, exit_rsa_nopadding); - } - - if (XMEMCMP(plain, tmp, inLen) != 0) { - ERROR_OUT(-7614, exit_rsa_nopadding); - } - TEST_SLEEP(); -#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ - - /* test some bad arguments */ - ret = wc_RsaDirect(out, outSz, plain, &plainSz, &key, -1, - &rng); - if (ret != BAD_FUNC_ARG) { - ERROR_OUT(-7615, exit_rsa_nopadding); - } - - ret = wc_RsaDirect(out, outSz, plain, &plainSz, NULL, RSA_PUBLIC_DECRYPT, - &rng); - if (ret != BAD_FUNC_ARG) { - ERROR_OUT(-7616, exit_rsa_nopadding); - } - - ret = wc_RsaDirect(out, outSz, NULL, &plainSz, &key, RSA_PUBLIC_DECRYPT, - &rng); - if (ret != LENGTH_ONLY_E || plainSz != inLen) { - ERROR_OUT(-7617, exit_rsa_nopadding); - } - - ret = wc_RsaDirect(out, outSz - 10, plain, &plainSz, &key, - RSA_PUBLIC_DECRYPT, &rng); - if (ret != BAD_FUNC_ARG) { - ERROR_OUT(-7618, exit_rsa_nopadding); - } - - /* if making it to this point of code without hitting an ERROR_OUT then - * all tests have passed */ - ret = 0; - -exit_rsa_nopadding: - XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - FREE_VAR(out, HEAP_HINT); - FREE_VAR(plain, HEAP_HINT); - wc_FreeRsaKey(&key); - wc_FreeRng(&rng); - - return ret; -} -#endif /* WC_RSA_NO_PADDING */ - -#ifdef WOLFSSL_CERT_GEN -static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp) -{ - RsaKey caKey; - byte* der; - int ret; - Cert* myCert = NULL; - int certSz; - size_t bytes3; - word32 idx3 = 0; -#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) - XFILE file3; -#endif -#ifdef WOLFSSL_TEST_CERT - DecodedCert decode; -#endif -#if defined(WOLFSSL_ALT_NAMES) && !defined(NO_ASN_TIME) - struct tm beforeTime; - struct tm afterTime; -#endif - const byte mySerial[8] = {1,2,3,4,5,6,7,8}; - - (void)keypub; - - XMEMSET(&caKey, 0, sizeof(caKey)); - - der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (der == NULL) { - ERROR_OUT(-7619, exit_rsa); - } - myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (myCert == NULL) { - ERROR_OUT(-7621, exit_rsa); - } - - /* self signed */ - if (wc_InitCert(myCert)) { - ERROR_OUT(-7622, exit_rsa); - } - - XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName)); - XMEMCPY(myCert->serial, mySerial, sizeof(mySerial)); - myCert->serialSz = (int)sizeof(mySerial); - myCert->isCA = 1; -#ifndef NO_SHA256 - myCert->sigType = CTC_SHA256wRSA; -#else - myCert->sigType = CTC_SHAwRSA; -#endif - - -#ifdef WOLFSSL_CERT_EXT - /* add Policies */ - XSTRNCPY(myCert->certPolicies[0], "2.16.840.1.101.3.4.1.42", - CTC_MAX_CERTPOL_SZ); - XSTRNCPY(myCert->certPolicies[1], "1.2.840.113549.1.9.16.6.5", - CTC_MAX_CERTPOL_SZ); - myCert->certPoliciesNb = 2; - - /* add SKID from the Public Key */ - if (wc_SetSubjectKeyIdFromPublicKey(myCert, keypub, NULL) != 0) { - ERROR_OUT(-7623, exit_rsa); - } - - /* add AKID from the Public Key */ - if (wc_SetAuthKeyIdFromPublicKey(myCert, keypub, NULL) != 0) { - ERROR_OUT(-7624, exit_rsa); - } - - /* add Key Usage */ - if (wc_SetKeyUsage(myCert,"cRLSign,keyCertSign") != 0) { - ERROR_OUT(-7625, exit_rsa); - } -#ifdef WOLFSSL_EKU_OID - { - const char unique[] = "2.16.840.1.111111.100.1.10.1"; - if (wc_SetExtKeyUsageOID(myCert, unique, sizeof(unique), 0, - HEAP_HINT) != 0) { - ERROR_OUT(-7626, exit_rsa); - } - } -#endif /* WOLFSSL_EKU_OID */ -#endif /* WOLFSSL_CERT_EXT */ - - ret = 0; - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { - ret = wc_MakeSelfCert(myCert, der, FOURK_BUF, key, rng); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7627, exit_rsa); - } - certSz = ret; - -#ifdef WOLFSSL_TEST_CERT - InitDecodedCert(&decode, der, certSz, HEAP_HINT); - ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); - if (ret != 0) { - FreeDecodedCert(&decode); - ERROR_OUT(-7628, exit_rsa); - } - FreeDecodedCert(&decode); -#endif - - ret = SaveDerAndPem(der, certSz, certDerFile, certPemFile, - CERT_TYPE, -5578); - if (ret != 0) { - goto exit_rsa; - } - - /* Setup Certificate */ - if (wc_InitCert(myCert)) { - ERROR_OUT(-7629, exit_rsa); - } - -#ifdef WOLFSSL_ALT_NAMES - /* Get CA Cert for testing */ - #ifdef USE_CERT_BUFFERS_1024 - XMEMCPY(tmp, ca_cert_der_1024, sizeof_ca_cert_der_1024); - bytes3 = sizeof_ca_cert_der_1024; - #elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(tmp, ca_cert_der_2048, sizeof_ca_cert_der_2048); - bytes3 = sizeof_ca_cert_der_2048; - #else - file3 = XFOPEN(rsaCaCertDerFile, "rb"); - if (!file3) { - ERROR_OUT(-7630, exit_rsa); - } - bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3); - XFCLOSE(file3); - #endif /* USE_CERT_BUFFERS */ - - #if !defined(NO_FILESYSTEM) && !defined(USE_CERT_BUFFERS_1024) && \ - !defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN) - ret = wc_SetAltNames(myCert, rsaCaCertFile); - if (ret != 0) { - ERROR_OUT(-7631, exit_rsa); - } - #endif - /* get alt names from der */ - ret = wc_SetAltNamesBuffer(myCert, tmp, (int)bytes3); - if (ret != 0) { - ERROR_OUT(-7632, exit_rsa); - } - - /* get dates from der */ - ret = wc_SetDatesBuffer(myCert, tmp, (int)bytes3); - if (ret != 0) { - ERROR_OUT(-7633, exit_rsa); - } - - #ifndef NO_ASN_TIME - ret = wc_GetCertDates(myCert, &beforeTime, &afterTime); - if (ret < 0) { - ERROR_OUT(-7634, exit_rsa); - } - #endif -#endif /* WOLFSSL_ALT_NAMES */ - - /* Get CA Key */ -#ifdef USE_CERT_BUFFERS_1024 - XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024); - bytes3 = sizeof_ca_key_der_1024; -#elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048); - bytes3 = sizeof_ca_key_der_2048; -#else - file3 = XFOPEN(rsaCaKeyFile, "rb"); - if (!file3) { - ERROR_OUT(-7635, exit_rsa); - } - - bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3); - XFCLOSE(file3); -#endif /* USE_CERT_BUFFERS */ - - ret = wc_InitRsaKey(&caKey, HEAP_HINT); - if (ret != 0) { - ERROR_OUT(-7636, exit_rsa); - } - ret = wc_RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3); - if (ret != 0) { - ERROR_OUT(-7637, exit_rsa); - } - -#ifndef NO_SHA256 - myCert->sigType = CTC_SHA256wRSA; -#else - myCert->sigType = CTC_SHAwRSA; -#endif - - XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName)); - -#ifdef WOLFSSL_CERT_EXT - /* add Policies */ - XSTRNCPY(myCert->certPolicies[0], "2.16.840.1.101.3.4.1.42", - CTC_MAX_CERTPOL_SZ); - myCert->certPoliciesNb =1; - - /* add SKID from the Public Key */ - if (wc_SetSubjectKeyIdFromPublicKey(myCert, key, NULL) != 0) { - ERROR_OUT(-7638, exit_rsa); - } - - /* add AKID from the CA certificate */ -#if defined(USE_CERT_BUFFERS_2048) - ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_2048, - sizeof_ca_cert_der_2048); -#elif defined(USE_CERT_BUFFERS_1024) - ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_1024, - sizeof_ca_cert_der_1024); -#else - ret = wc_SetAuthKeyId(myCert, rsaCaCertFile); -#endif - if (ret != 0) { - ERROR_OUT(-7639, exit_rsa); - } - - /* add Key Usage */ - if (wc_SetKeyUsage(myCert,"keyEncipherment,keyAgreement") != 0) { - ERROR_OUT(-7640, exit_rsa); - } -#endif /* WOLFSSL_CERT_EXT */ - -#if defined(USE_CERT_BUFFERS_2048) - ret = wc_SetIssuerBuffer(myCert, ca_cert_der_2048, - sizeof_ca_cert_der_2048); -#elif defined(USE_CERT_BUFFERS_1024) - ret = wc_SetIssuerBuffer(myCert, ca_cert_der_1024, - sizeof_ca_cert_der_1024); -#else - ret = wc_SetIssuer(myCert, rsaCaCertFile); -#endif - if (ret < 0) { - ERROR_OUT(-7641, exit_rsa); - } - - certSz = wc_MakeCert(myCert, der, FOURK_BUF, key, NULL, rng); - if (certSz < 0) { - ERROR_OUT(-7642, exit_rsa); - } - - ret = 0; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &caKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_SignCert(myCert->bodySz, myCert->sigType, der, FOURK_BUF, - &caKey, NULL, rng); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7643, exit_rsa); - } - certSz = ret; - -#ifdef WOLFSSL_TEST_CERT - InitDecodedCert(&decode, der, certSz, HEAP_HINT); - ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); - if (ret != 0) { - FreeDecodedCert(&decode); - ERROR_OUT(-7644, exit_rsa); - } - FreeDecodedCert(&decode); -#endif - - ret = SaveDerAndPem(der, certSz, otherCertDerFile, otherCertPemFile, - CERT_TYPE, -5598); - if (ret != 0) { - goto exit_rsa; - } - -exit_rsa: - wc_FreeRsaKey(&caKey); - - XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - - return ret; -} -#endif - -#if !defined(NO_RSA) && defined(HAVE_ECC) && defined(WOLFSSL_CERT_GEN) -/* Make Cert / Sign example for ECC cert and RSA CA */ -static int rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp) -{ - RsaKey caKey; - ecc_key caEccKey; - ecc_key caEccKeyPub; - byte* der; - Cert* myCert = NULL; - int certSz; - size_t bytes3; - word32 idx3 = 0; -#if (!defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)) \ - || !defined(USE_CERT_BUFFERS_256) - XFILE file3; -#endif -#ifdef WOLFSSL_TEST_CERT - DecodedCert decode; -#endif - int ret; - - XMEMSET(&caKey, 0, sizeof(caKey)); - XMEMSET(&caEccKey, 0, sizeof(caEccKey)); - XMEMSET(&caEccKeyPub, 0, sizeof(caEccKeyPub)); - - der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (der == NULL) { - ERROR_OUT(-7645, exit_rsa); - } - myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (myCert == NULL) { - ERROR_OUT(-7647, exit_rsa); - } - - /* Get CA Key */ -#ifdef USE_CERT_BUFFERS_1024 - XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024); - bytes3 = sizeof_ca_key_der_1024; -#elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048); - bytes3 = sizeof_ca_key_der_2048; -#else - file3 = XFOPEN(rsaCaKeyFile, "rb"); - if (!file3) { - ERROR_OUT(-7648, exit_rsa); - } - - bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3); - XFCLOSE(file3); -#endif /* USE_CERT_BUFFERS */ - - ret = wc_InitRsaKey(&caKey, HEAP_HINT); - if (ret != 0) { - ERROR_OUT(-7649, exit_rsa); - } - ret = wc_RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3); - if (ret != 0) { - ERROR_OUT(-7650, exit_rsa); - } - - /* Get Cert Key */ -#ifdef USE_CERT_BUFFERS_256 - XMEMCPY(tmp, ecc_key_pub_der_256, sizeof_ecc_key_pub_der_256); - bytes3 = sizeof_ecc_key_pub_der_256; -#else - file3 = XFOPEN(eccKeyPubFile, "rb"); - if (!file3) { - ERROR_OUT(-7651, exit_rsa); - } - - bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3); - XFCLOSE(file3); -#endif - - ret = wc_ecc_init_ex(&caEccKeyPub, HEAP_HINT, devId); - if (ret != 0) { - ERROR_OUT(-7652, exit_rsa); - } - - idx3 = 0; - ret = wc_EccPublicKeyDecode(tmp, &idx3, &caEccKeyPub, (word32)bytes3); - if (ret != 0) { - ERROR_OUT(-7653, exit_rsa); - } - - /* Setup Certificate */ - if (wc_InitCert(myCert)) { - ERROR_OUT(-7654, exit_rsa); - } - -#ifndef NO_SHA256 - myCert->sigType = CTC_SHA256wRSA; -#else - myCert->sigType = CTC_SHAwRSA; -#endif - - XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName)); - -#ifdef WOLFSSL_CERT_EXT - /* add Policies */ - XSTRNCPY(myCert->certPolicies[0], "2.4.589440.587.101.2.1.9632587.1", - CTC_MAX_CERTPOL_SZ); - XSTRNCPY(myCert->certPolicies[1], "1.2.13025.489.1.113549", - CTC_MAX_CERTPOL_SZ); - myCert->certPoliciesNb = 2; - - /* add SKID from the Public Key */ - if (wc_SetSubjectKeyIdFromPublicKey(myCert, NULL, &caEccKeyPub) != 0) { - ERROR_OUT(-7655, exit_rsa); - } - - /* add AKID from the CA certificate */ -#if defined(USE_CERT_BUFFERS_2048) - ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_2048, - sizeof_ca_cert_der_2048); -#elif defined(USE_CERT_BUFFERS_1024) - ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_1024, - sizeof_ca_cert_der_1024); -#else - ret = wc_SetAuthKeyId(myCert, rsaCaCertFile); -#endif - if (ret != 0) { - ERROR_OUT(-7656, exit_rsa); - } - - /* add Key Usage */ - if (wc_SetKeyUsage(myCert, certKeyUsage) != 0) { - ERROR_OUT(-7657, exit_rsa); - } -#endif /* WOLFSSL_CERT_EXT */ - -#if defined(USE_CERT_BUFFERS_2048) - ret = wc_SetIssuerBuffer(myCert, ca_cert_der_2048, - sizeof_ca_cert_der_2048); -#elif defined(USE_CERT_BUFFERS_1024) - ret = wc_SetIssuerBuffer(myCert, ca_cert_der_1024, - sizeof_ca_cert_der_1024); -#else - ret = wc_SetIssuer(myCert, rsaCaCertFile); -#endif - if (ret < 0) { - ERROR_OUT(-7658, exit_rsa); - } - - certSz = wc_MakeCert(myCert, der, FOURK_BUF, NULL, &caEccKeyPub, rng); - if (certSz < 0) { - ERROR_OUT(-7659, exit_rsa); - } - - ret = 0; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &caEccKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_SignCert(myCert->bodySz, myCert->sigType, der, - FOURK_BUF, &caKey, NULL, rng); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7660, exit_rsa); - } - certSz = ret; - -#ifdef WOLFSSL_TEST_CERT - InitDecodedCert(&decode, der, certSz, 0); - ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); - if (ret != 0) { - FreeDecodedCert(&decode); - ERROR_OUT(-7661, exit_rsa); - - } - FreeDecodedCert(&decode); -#endif - - ret = SaveDerAndPem(der, certSz, certEccRsaDerFile, certEccRsaPemFile, - CERT_TYPE, -5616); - if (ret != 0) { - goto exit_rsa; - } - -exit_rsa: - wc_FreeRsaKey(&caKey); - wc_ecc_free(&caEccKey); - wc_ecc_free(&caEccKeyPub); - - XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - myCert = NULL; - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - der = NULL; - - if (ret >= 0) - ret = 0; - return ret; -} -#endif /* !NO_RSA && HAVE_ECC && WOLFSSL_CERT_GEN */ - -#ifdef WOLFSSL_KEY_GEN -static int rsa_keygen_test(WC_RNG* rng) -{ - RsaKey genKey; - int ret; - byte* der = NULL; - word32 idx = 0; - int derSz = 0; -#if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FIPS) - int keySz = 1024; -#else - int keySz = 2048; -#endif - - XMEMSET(&genKey, 0, sizeof(genKey)); - - ret = wc_InitRsaKey_ex(&genKey, HEAP_HINT, devId); - if (ret != 0) { - ERROR_OUT(-7662, exit_rsa); - } - - ret = wc_MakeRsaKey(&genKey, keySz, WC_RSA_EXPONENT, rng); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &genKey.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) { - ERROR_OUT(-7663, exit_rsa); - } - TEST_SLEEP(); - - /* If not using old FIPS, or not using FAST or USER RSA... */ - #if !defined(HAVE_FAST_RSA) && !defined(HAVE_USER_RSA) && \ - (!defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \ - !defined(HAVE_SELFTEST) && !defined(HAVE_INTEL_QA) - ret = wc_CheckRsaKey(&genKey); - if (ret != 0) { - ERROR_OUT(-7664, exit_rsa); - } - #endif - der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (der == NULL) { - ERROR_OUT(-7665, exit_rsa); - } - - derSz = wc_RsaKeyToDer(&genKey, der, FOURK_BUF); - if (derSz < 0) { - ERROR_OUT(-7667, exit_rsa); - } - - ret = SaveDerAndPem(der, derSz, keyDerFile, keyPemFile, - PRIVATEKEY_TYPE, -5555); - if (ret != 0) { - goto exit_rsa; - } - - wc_FreeRsaKey(&genKey); - ret = wc_InitRsaKey(&genKey, HEAP_HINT); - if (ret != 0) { - ERROR_OUT(-7668, exit_rsa); - } - idx = 0; -#if !defined(WOLFSSL_CRYPTOCELL) - /* The private key part of the key gen pairs from cryptocell can't be exported */ - ret = wc_RsaPrivateKeyDecode(der, &idx, &genKey, derSz); - if (ret != 0) { - ERROR_OUT(-7669, exit_rsa); - } -#endif /* WOLFSSL_CRYPTOCELL */ - -exit_rsa: - wc_FreeRsaKey(&genKey); - if (der != NULL) { - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - der = NULL; - } - - return ret; -} -#endif - -_Pragma("GCC diagnostic ignored \"-Wunused-variable\""); -static int rsa_test(void) -{ - int ret; - byte* tmp; - byte* der = NULL; - size_t bytes; - WC_RNG rng; - RsaKey key; -#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN) - RsaKey keypub; -#endif -#if defined(HAVE_NTRU) - RsaKey caKey; -#endif -#if !defined(NO_ASN) || !defined(WOLFSSL_RSA_PUBLIC_ONLY) \ - || defined(WOLFSSL_PUBLIC_MP) - word32 idx = 0; -#endif -#if (!defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_PUBLIC_MP)) && \ - !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG) - const char* inStr = "Everyone gets Friday off."; - word32 inLen = (word32)XSTRLEN((char*)inStr); - const word32 outSz = RSA_TEST_BYTES; - const word32 plainSz = RSA_TEST_BYTES; -#endif -#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_PUBLIC_MP) - byte* res; -#endif -#ifndef NO_SIG_WRAPPER - int modLen; -#endif -#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ - !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \ - !defined(NO_FILESYSTEM) - XFILE file; - XFILE file2; -#endif -#ifdef WOLFSSL_TEST_CERT - DecodedCert cert; -#endif - -#if (!defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_PUBLIC_MP)) && \ - !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG) - DECLARE_VAR_INIT(in, byte, inLen, inStr, HEAP_HINT); - DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT); - DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT); -#endif - -#ifdef WOLFSSL_ASYNC_CRYPT - if (in == NULL) - return MEMORY_E; -#endif - - /* initialize stack structures */ - XMEMSET(&rng, 0, sizeof(rng)); - XMEMSET(&key, 0, sizeof(key)); -#ifdef WOLFSSL_CERT_EXT - XMEMSET(&keypub, 0, sizeof(keypub)); -#endif -#if defined(HAVE_NTRU) - XMEMSET(&caKey, 0, sizeof(caKey)); -#endif - -#if !defined(HAVE_USER_RSA) && !defined(NO_ASN) - ret = rsa_decode_test(&key); - if (ret != 0) - return ret; -#endif - -#ifdef USE_CERT_BUFFERS_1024 - bytes = (size_t)sizeof_client_key_der_1024; - if (bytes < (size_t)sizeof_client_cert_der_1024) - bytes = (size_t)sizeof_client_cert_der_1024; -#elif defined(USE_CERT_BUFFERS_2048) - bytes = (size_t)sizeof_client_key_der_2048; - if (bytes < (size_t)sizeof_client_cert_der_2048) - bytes = (size_t)sizeof_client_cert_der_2048; -#elif defined(USE_CERT_BUFFERS_3072) - bytes = (size_t)sizeof_client_key_der_3072; - if (bytes < (size_t)sizeof_client_cert_der_3072) - bytes = (size_t)sizeof_client_cert_der_3072; -#elif defined(USE_CERT_BUFFERS_4096) - bytes = (size_t)sizeof_client_key_der_4096; - if (bytes < (size_t)sizeof_client_cert_der_4096) - bytes = (size_t)sizeof_client_cert_der_4096; -#else - bytes = FOURK_BUF; -#endif - - tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (tmp == NULL - #ifdef WOLFSSL_ASYNC_CRYPT - || out == NULL || plain == NULL - #endif - ) { - return -7700; - } - -#ifdef USE_CERT_BUFFERS_1024 - XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024); -#elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048); -#elif defined(USE_CERT_BUFFERS_3072) - XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072); -#elif defined(USE_CERT_BUFFERS_4096) - XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096); -#elif !defined(NO_FILESYSTEM) - file = XFOPEN(clientKey, "rb"); - if (!file) { - err_sys("can't open ./certs/client-key.der, " - "Please run from wolfSSL home dir", -40); - ERROR_OUT(-7701, exit_rsa); - } - - bytes = XFREAD(tmp, 1, FOURK_BUF, file); - XFCLOSE(file); -#else - /* No key to use. */ - ERROR_OUT(-7702, exit_rsa); -#endif /* USE_CERT_BUFFERS */ - - ret = wc_InitRsaKey_ex(&key, HEAP_HINT, devId); - if (ret != 0) { - ERROR_OUT(-7703, exit_rsa); - } -#ifndef NO_ASN - ret = wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes); - if (ret != 0) { - ERROR_OUT(-7704, exit_rsa); - } -#ifndef NO_SIG_WRAPPER - modLen = wc_RsaEncryptSize(&key); -#endif -#else - #ifdef USE_CERT_BUFFERS_2048 - ret = mp_read_unsigned_bin(&key.n, &tmp[12], 256); - if (ret != 0) { - ERROR_OUT(-7705, exit_rsa); - } - ret = mp_set_int(&key.e, WC_RSA_EXPONENT); - if (ret != 0) { - ERROR_OUT(-7706, exit_rsa); - } -#ifndef NO_SIG_WRAPPER - modLen = 2048; -#endif - #else - #error Not supported yet! - #endif -#endif - -#ifndef WC_NO_RNG -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) { - ERROR_OUT(-7707, exit_rsa); - } -#endif - -#ifndef NO_SIG_WRAPPER - ret = rsa_sig_test(&key, sizeof(RsaKey), modLen, &rng); - if (ret != 0) - goto exit_rsa; -#endif - -#ifdef WC_RSA_NONBLOCK - ret = rsa_nb_test(&key, in, inLen, out, outSz, plain, plainSz, &rng); - if (ret != 0) - goto exit_rsa; -#endif - -#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { - ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, &key, &rng); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7708, exit_rsa); - } - TEST_SLEEP(); - -#ifdef WC_RSA_BLINDING - { - int tmpret = ret; - ret = wc_RsaSetRNG(&key, &rng); - if (ret < 0) { - ERROR_OUT(-7709, exit_rsa); - } - ret = tmpret; - } -#endif - - idx = (word32)ret; /* save off encrypted length */ - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { - ret = wc_RsaPrivateDecrypt(out, idx, plain, plainSz, &key); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7710, exit_rsa); - } - - if (XMEMCMP(plain, in, inLen)) { - ERROR_OUT(-7711, exit_rsa); - } - TEST_SLEEP(); - - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { - ret = wc_RsaPrivateDecryptInline(out, idx, &res, &key); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7712, exit_rsa); - } - if (ret != (int)inLen) { - ERROR_OUT(-7713, exit_rsa); - } - if (XMEMCMP(res, in, inLen)) { - ERROR_OUT(-7714, exit_rsa); - } - TEST_SLEEP(); - - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { - ret = wc_RsaSSL_Sign(in, inLen, out, outSz, &key, &rng); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7715, exit_rsa); - } - TEST_SLEEP(); - -#elif defined(WOLFSSL_PUBLIC_MP) - (void)outSz; - (void)inLen; - (void)res; - { - byte signature_2048[] = { - 0x07, 0x6f, 0xc9, 0x85, 0x73, 0x9e, 0x21, 0x79, - 0x47, 0xf1, 0xa3, 0xd7, 0xf4, 0x27, 0x29, 0xbe, - 0x99, 0x5d, 0xac, 0xb2, 0x10, 0x3f, 0x95, 0xda, - 0x89, 0x23, 0xb8, 0x96, 0x13, 0x57, 0x72, 0x30, - 0xa1, 0xfe, 0x5a, 0x68, 0x9c, 0x99, 0x9d, 0x1e, - 0x05, 0xa4, 0x80, 0xb0, 0xbb, 0xd9, 0xd9, 0xa1, - 0x69, 0x97, 0x74, 0xb3, 0x41, 0x21, 0x3b, 0x47, - 0xf5, 0x51, 0xb1, 0xfb, 0xc7, 0xaa, 0xcc, 0xdc, - 0xcd, 0x76, 0xa0, 0x28, 0x4d, 0x27, 0x14, 0xa4, - 0xb9, 0x41, 0x68, 0x7c, 0xb3, 0x66, 0xe6, 0x6f, - 0x40, 0x76, 0xe4, 0x12, 0xfd, 0xae, 0x29, 0xb5, - 0x63, 0x60, 0x87, 0xce, 0x49, 0x6b, 0xf3, 0x05, - 0x9a, 0x14, 0xb5, 0xcc, 0xcd, 0xf7, 0x30, 0x95, - 0xd2, 0x72, 0x52, 0x1d, 0x5b, 0x7e, 0xef, 0x4a, - 0x02, 0x96, 0x21, 0x6c, 0x55, 0xa5, 0x15, 0xb1, - 0x57, 0x63, 0x2c, 0xa3, 0x8e, 0x9d, 0x3d, 0x45, - 0xcc, 0xb8, 0xe6, 0xa1, 0xc8, 0x59, 0xcd, 0xf5, - 0xdc, 0x0a, 0x51, 0xb6, 0x9d, 0xfb, 0xf4, 0x6b, - 0xfd, 0x32, 0x71, 0x6e, 0xcf, 0xcb, 0xb3, 0xd9, - 0xe0, 0x4a, 0x77, 0x34, 0xd6, 0x61, 0xf5, 0x7c, - 0xf9, 0xa9, 0xa4, 0xb0, 0x8e, 0x3b, 0xd6, 0x04, - 0xe0, 0xde, 0x2b, 0x5b, 0x5a, 0xbf, 0xd9, 0xef, - 0x8d, 0xa3, 0xf5, 0xb1, 0x67, 0xf3, 0xb9, 0x72, - 0x0a, 0x37, 0x12, 0x35, 0x6c, 0x8e, 0x10, 0x8b, - 0x38, 0x06, 0x16, 0x4b, 0x20, 0x20, 0x13, 0x00, - 0x2e, 0x6d, 0xc2, 0x59, 0x23, 0x67, 0x4a, 0x6d, - 0xa1, 0x46, 0x8b, 0xee, 0xcf, 0x44, 0xb4, 0x3e, - 0x56, 0x75, 0x00, 0x68, 0xb5, 0x7d, 0x0f, 0x20, - 0x79, 0x5d, 0x7f, 0x12, 0x15, 0x32, 0x89, 0x61, - 0x6b, 0x29, 0xb7, 0x52, 0xf5, 0x25, 0xd8, 0x98, - 0xe8, 0x6f, 0xf9, 0x22, 0xb4, 0xbb, 0xe5, 0xff, - 0xd0, 0x92, 0x86, 0x9a, 0x88, 0xa2, 0xaf, 0x6b - }; - ret = sizeof(signature_2048); - XMEMCPY(out, signature_2048, ret); - } -#endif - -#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_PUBLIC_MP) - idx = (word32)ret; - XMEMSET(plain, 0, plainSz); - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { -#ifndef WOLFSSL_RSA_VERIFY_INLINE - -#if defined(WOLFSSL_CRYPTOCELL) - /* - Cryptocell requires the input data and signature byte array to verify. - - first argument must be the input data - second argument must be the length of input data - third argument must be the signature byte array or the output from - wc_RsaSSL_Sign() - fourth argument must be the length of the signature byte array - */ - - ret = wc_RsaSSL_Verify(in, inLen, out, outSz, &key); -#else - ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, &key); -#endif /* WOLFSSL_CRYPTOCELL */ -#else - byte* dec = NULL; - ret = wc_RsaSSL_VerifyInline(out, idx, &dec, &key); - if (ret > 0) { - XMEMCPY(plain, dec, ret); - } -#endif - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7716, exit_rsa); - } - - if (XMEMCMP(plain, in, (size_t)ret)) { - ERROR_OUT(-7717, exit_rsa); - } - TEST_SLEEP(); -#endif - -#ifndef WOLFSSL_RSA_VERIFY_ONLY - #if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG) - /* OAEP padding testing */ - #if !defined(HAVE_FAST_RSA) && !defined(HAVE_USER_RSA) && \ - (!defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) - #ifndef NO_SHA - XMEMSET(plain, 0, plainSz); - - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { - ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, &key, &rng, - WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7718, exit_rsa); - } - TEST_SLEEP(); - -#ifndef WOLFSSL_RSA_PUBLIC_ONLY - idx = (word32)ret; - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { - ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, &key, - WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7719, exit_rsa); - } - - if (XMEMCMP(plain, in, inLen)) { - ERROR_OUT(-7720, exit_rsa); - } - TEST_SLEEP(); - #endif /* NO_SHA */ -#endif - - #ifndef NO_SHA256 - XMEMSET(plain, 0, plainSz); -#ifndef WOLFSSL_RSA_VERIFY_ONLY - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { - ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, &key, &rng, - WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7721, exit_rsa); - } - TEST_SLEEP(); -#endif /* WOLFSSL_RSA_VERIFY_ONLY */ - - idx = (word32)ret; -#ifndef WOLFSSL_RSA_PUBLIC_ONLY - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { - ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, &key, - WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7722, exit_rsa); - } - - if (XMEMCMP(plain, in, inLen)) { - ERROR_OUT(-7723, exit_rsa); - } - TEST_SLEEP(); -#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ - -#ifndef WOLFSSL_RSA_PUBLIC_ONLY - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { - ret = wc_RsaPrivateDecryptInline_ex(out, idx, &res, &key, - WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7724, exit_rsa); - } - if (ret != (int)inLen) { - ERROR_OUT(-7725, exit_rsa); - } - if (XMEMCMP(res, in, inLen)) { - ERROR_OUT(-7726, exit_rsa); - } - TEST_SLEEP(); -#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ - - /* check fails if not using the same optional label */ - XMEMSET(plain, 0, plainSz); -#ifndef WOLFSSL_RSA_VERIFY_ONLY - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { - ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, &key, &rng, - WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7727, exit_rsa); - } - TEST_SLEEP(); -#endif /* WOLFSSL_RSA_VERIFY_ONLY */ - -/* TODO: investigate why Cavium Nitrox doesn't detect decrypt error here */ -#if !defined(HAVE_CAVIUM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \ - !defined(WOLFSSL_CRYPTOCELL) -/* label is unused in cryptocell so it won't detect decrypt error due to label */ - idx = (word32)ret; - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { - ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, &key, - WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen); - } - } while (ret == WC_PENDING_E); - if (ret > 0) { /* in this case decrypt should fail */ - ERROR_OUT(-7728, exit_rsa); - } - ret = 0; - TEST_SLEEP(); -#endif /* !HAVE_CAVIUM */ - - /* check using optional label with encrypt/decrypt */ - XMEMSET(plain, 0, plainSz); -#ifndef WOLFSSL_RSA_VERIFY_ONLY - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { - ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, &key, &rng, - WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7729, exit_rsa); - } - TEST_SLEEP(); -#endif /* WOLFSSL_RSA_VERIFY_ONLY */ - - idx = (word32)ret; -#ifndef WOLFSSL_RSA_PUBLIC_ONLY - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { - ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, &key, - WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7730, exit_rsa); - } - - if (XMEMCMP(plain, in, inLen)) { - ERROR_OUT(-7731, exit_rsa); - } - TEST_SLEEP(); -#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ - -#ifndef WOLFSSL_RSA_VERIFY_ONLY - #ifndef NO_SHA - /* check fail using mismatch hash algorithms */ - XMEMSET(plain, 0, plainSz); - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, &key, &rng, - WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, in, inLen); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7732, exit_rsa); - } - TEST_SLEEP(); - -/* TODO: investigate why Cavium Nitrox doesn't detect decrypt error here */ -#if !defined(HAVE_CAVIUM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \ - !defined(WOLFSSL_CRYPTOCELL) - idx = (word32)ret; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, &key, - WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, - in, inLen); - } - } while (ret == WC_PENDING_E); - if (ret > 0) { /* should fail */ - ERROR_OUT(-7733, exit_rsa); - } - ret = 0; - TEST_SLEEP(); - #endif /* !HAVE_CAVIUM */ - #endif /* NO_SHA */ -#endif /* WOLFSSL_RSA_VERIFY_ONLY */ -#endif /* NO_SHA256 */ - -#ifdef WOLFSSL_SHA512 - /* Check valid RSA key size is used while using hash length of SHA512 - If key size is less than (hash length * 2) + 2 then is invalid use - and test, since OAEP padding requires this. - BAD_FUNC_ARG is returned when this case is not met */ - if (wc_RsaEncryptSize(&key) > ((int)WC_SHA512_DIGEST_SIZE * 2) + 2) { - XMEMSET(plain, 0, plainSz); - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, &key, &rng, - WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7734, exit_rsa); - } - TEST_SLEEP(); - - idx = ret; -#ifndef WOLFSSL_RSA_PUBLIC_ONLY - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, &key, - WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7735, exit_rsa); - } - - if (XMEMCMP(plain, in, inLen)) { - ERROR_OUT(-7736, exit_rsa); - } - TEST_SLEEP(); -#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ - } -#endif /* WOLFSSL_SHA512 */ - - /* check using pkcsv15 padding with _ex API */ - XMEMSET(plain, 0, plainSz); - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { - ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, &key, &rng, - WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, 0, NULL, 0); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7737, exit_rsa); - } - TEST_SLEEP(); - - idx = (word32)ret; -#ifndef WOLFSSL_RSA_PUBLIC_ONLY - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { - ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, &key, - WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, 0, NULL, 0); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7738, exit_rsa); - } - - if (XMEMCMP(plain, in, inLen)) { - ERROR_OUT(-7739, exit_rsa); - } - TEST_SLEEP(); -#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ - #endif /* !HAVE_FAST_RSA && !HAVE_FIPS */ - #endif /* WC_NO_RSA_OAEP && !WC_NO_RNG */ -#endif /* WOLFSSL_RSA_VERIFY_ONLY */ - -#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(NO_ASN) \ - && !defined(WOLFSSL_RSA_VERIFY_ONLY) - ret = rsa_export_key_test(&key); - if (ret != 0) - return ret; -#endif - -#if !defined(NO_ASN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) - ret = rsa_flatten_test(&key); - if (ret != 0) - return ret; -#endif - -#if defined(WOLFSSL_MDK_ARM) - #define sizeof(s) XSTRLEN((char *)(s)) -#endif - -#ifdef USE_CERT_BUFFERS_1024 - XMEMCPY(tmp, client_cert_der_1024, (size_t)sizeof_client_cert_der_1024); - bytes = (size_t)sizeof_client_cert_der_1024; -#elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(tmp, client_cert_der_2048, (size_t)sizeof_client_cert_der_2048); - bytes = (size_t)sizeof_client_cert_der_2048; -#elif defined(USE_CERT_BUFFERS_3072) - XMEMCPY(tmp, client_cert_der_3072, (size_t)sizeof_client_cert_der_3072); - bytes = (size_t)sizeof_client_cert_der_3072; -#elif defined(USE_CERT_BUFFERS_4096) - XMEMCPY(tmp, client_cert_der_4096, (size_t)sizeof_client_cert_der_4096); - bytes = (size_t)sizeof_client_cert_der_4096; -#elif !defined(NO_FILESYSTEM) - file2 = XFOPEN(clientCert, "rb"); - if (!file2) { - ERROR_OUT(-7740, exit_rsa); - } - - bytes = XFREAD(tmp, 1, FOURK_BUF, file2); - XFCLOSE(file2); -#else - /* No certificate to use. */ - ERROR_OUT(-7741, exit_rsa); -#endif - -#ifdef sizeof - #undef sizeof -#endif - -#ifdef WOLFSSL_TEST_CERT - InitDecodedCert(&cert, tmp, (word32)bytes, 0); - - ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0); - if (ret != 0) { - FreeDecodedCert(&cert); - ERROR_OUT(-7742, exit_rsa); - } - - FreeDecodedCert(&cert); -#else - (void)bytes; -#endif - -#ifdef WOLFSSL_CERT_EXT - -#ifdef USE_CERT_BUFFERS_1024 - XMEMCPY(tmp, client_keypub_der_1024, sizeof_client_keypub_der_1024); - bytes = sizeof_client_keypub_der_1024; -#elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(tmp, client_keypub_der_2048, sizeof_client_keypub_der_2048); - bytes = sizeof_client_keypub_der_2048; -#elif defined(USE_CERT_BUFFERS_3072) - XMEMCPY(tmp, client_keypub_der_3072, sizeof_client_keypub_der_3072); - bytes = sizeof_client_keypub_der_3072; -#elif defined(USE_CERT_BUFFERS_4096) - XMEMCPY(tmp, client_keypub_der_4096, sizeof_client_keypub_der_4096); - bytes = sizeof_client_keypub_der_4096; -#else - file = XFOPEN(clientKeyPub, "rb"); - if (!file) { - err_sys("can't open ./certs/client-keyPub.der, " - "Please run from wolfSSL home dir", -40); - ERROR_OUT(-7743, exit_rsa); - } - - bytes = XFREAD(tmp, 1, FOURK_BUF, file); - XFCLOSE(file); -#endif /* USE_CERT_BUFFERS */ - - ret = wc_InitRsaKey(&keypub, HEAP_HINT); - if (ret != 0) { - ERROR_OUT(-7744, exit_rsa); - } - idx = 0; - - ret = wc_RsaPublicKeyDecode(tmp, &idx, &keypub, (word32)bytes); - if (ret != 0) { - ERROR_OUT(-7745, exit_rsa); - } -#endif /* WOLFSSL_CERT_EXT */ - -#ifdef WOLFSSL_KEY_GEN - ret = rsa_keygen_test(&rng); - if (ret != 0) - goto exit_rsa; -#endif - -#ifdef WOLFSSL_CERT_GEN - /* Make Cert / Sign example for RSA cert and RSA CA */ - ret = rsa_certgen_test(&key, &keypub, &rng, tmp); - if (ret != 0) - goto exit_rsa; - -#if !defined(NO_RSA) && defined(HAVE_ECC) - ret = rsa_ecc_certgen_test(&rng, tmp); - if (ret != 0) - goto exit_rsa; -#endif - -#ifdef HAVE_NTRU - { - Cert myCert; - #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) - XFILE caFile; - #endif - #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) - XFILE ntruPrivFile; - #endif - int certSz; - word32 idx3 = 0; - #ifdef WOLFSSL_TEST_CERT - DecodedCert decode; - #endif - byte public_key[557]; /* sized for EES401EP2 */ - word16 public_key_len; /* no. of octets in public key */ - byte private_key[607]; /* sized for EES401EP2 */ - word16 private_key_len; /* no. of octets in private key */ - DRBG_HANDLE drbg; - static uint8_t const pers_str[] = { - 'C', 'y', 'a', 'S', 'S', 'L', ' ', 't', 'e', 's', 't' - }; - word32 rc = ntru_crypto_drbg_instantiate(112, pers_str, - sizeof(pers_str), GetEntropy, &drbg); - if (rc != DRBG_OK) { - ERROR_OUT(-7746, exit_rsa); - } - - rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, - &public_key_len, NULL, - &private_key_len, NULL); - if (rc != NTRU_OK) { - ERROR_OUT(-7747, exit_rsa); - } - - rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, - &public_key_len, public_key, - &private_key_len, private_key); - if (rc != NTRU_OK) { - ERROR_OUT(-7748, exit_rsa); - } - - rc = ntru_crypto_drbg_uninstantiate(drbg); - if (rc != NTRU_OK) { - ERROR_OUT(-7749, exit_rsa); - } - - #ifdef USE_CERT_BUFFERS_1024 - XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024); - bytes = sizeof_ca_key_der_1024; - #elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048); - bytes = sizeof_ca_key_der_2048; - #else - caFile = XFOPEN(rsaCaKeyFile, "rb"); - if (!caFile) { - ERROR_OUT(-7750, exit_rsa); - } - - bytes = XFREAD(tmp, 1, FOURK_BUF, caFile); - XFCLOSE(caFile); - #endif /* USE_CERT_BUFFERS */ - - ret = wc_InitRsaKey(&caKey, HEAP_HINT); - if (ret != 0) { - ERROR_OUT(-7751, exit_rsa); - } - ret = wc_RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes); - if (ret != 0) { - ERROR_OUT(-7752, exit_rsa); - } - - if (wc_InitCert(&myCert)) { - ERROR_OUT(-7753, exit_rsa); - } - - XMEMCPY(&myCert.subject, &certDefaultName, sizeof(CertName)); - myCert.daysValid = 1000; - - #ifdef WOLFSSL_CERT_EXT - /* add SKID from the Public Key */ - if (wc_SetSubjectKeyIdFromNtruPublicKey(&myCert, public_key, - public_key_len) != 0) { - ERROR_OUT(-7754, exit_rsa); - } - - /* add AKID from the CA certificate */ - #if defined(USE_CERT_BUFFERS_2048) - ret = wc_SetAuthKeyIdFromCert(&myCert, ca_cert_der_2048, - sizeof_ca_cert_der_2048); - #elif defined(USE_CERT_BUFFERS_1024) - ret = wc_SetAuthKeyIdFromCert(&myCert, ca_cert_der_1024, - sizeof_ca_cert_der_1024); - #else - ret = wc_SetAuthKeyId(&myCert, rsaCaCertFile); - #endif - if (ret != 0) { - ERROR_OUT(-7755, exit_rsa); - } - - /* add Key Usage */ - if (wc_SetKeyUsage(&myCert, certKeyUsage2) != 0) { - ERROR_OUT(-7756, exit_rsa); - } - #endif /* WOLFSSL_CERT_EXT */ - - #if defined(USE_CERT_BUFFERS_2048) - ret = wc_SetIssuerBuffer(&myCert, ca_cert_der_2048, - sizeof_ca_cert_der_2048); - #elif defined(USE_CERT_BUFFERS_1024) - ret = wc_SetIssuerBuffer(&myCert, ca_cert_der_1024, - sizeof_ca_cert_der_1024); - #else - ret = wc_SetIssuer(&myCert, rsaCaCertFile); - #endif - if (ret < 0) { - ERROR_OUT(-7757, exit_rsa); - } - - der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (der == NULL) { - ERROR_OUT(-7758, exit_rsa); - } - - certSz = wc_MakeNtruCert(&myCert, der, FOURK_BUF, public_key, - public_key_len, &rng); - if (certSz < 0) { - ERROR_OUT(-7760, exit_rsa); - } - - ret = 0; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &caKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_SignCert(myCert.bodySz, myCert.sigType, der, FOURK_BUF, - &caKey, NULL, &rng); - } - } while (ret == WC_PENDING_E); - wc_FreeRsaKey(&caKey); - if (ret < 0) { - ERROR_OUT(-7761, exit_rsa); - } - certSz = ret; - - #ifdef WOLFSSL_TEST_CERT - InitDecodedCert(&decode, der, certSz, HEAP_HINT); - ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); - if (ret != 0) { - FreeDecodedCert(&decode); - ERROR_OUT(-7762, exit_rsa); - } - FreeDecodedCert(&decode); - #endif - - ret = SaveDerAndPem(der, certSz, "./ntru-cert.der", "./ntru-cert.pem", - CERT_TYPE, -5637); - if (ret != 0) { - goto exit_rsa; - } - - #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) - ntruPrivFile = XFOPEN("./ntru-key.raw", "wb"); - if (!ntruPrivFile) { - ERROR_OUT(-7763, exit_rsa); - } - ret = (int)XFWRITE(private_key, 1, private_key_len, ntruPrivFile); - XFCLOSE(ntruPrivFile); - if (ret != private_key_len) { - ERROR_OUT(-7764, exit_rsa); - } - #endif - - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - der = NULL; - } -#endif /* HAVE_NTRU */ -#ifdef WOLFSSL_CERT_REQ - { - Cert *req; - int derSz; - - req = (Cert *)XMALLOC(sizeof *req, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (! req) - ERROR_OUT(MEMORY_E, exit_rsa); - der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); - if (der == NULL) { - ERROR_OUT(-7765, exit_rsa); - } - - if (wc_InitCert(req)) { - ERROR_OUT(-7767, exit_rsa); - } - - req->version = 0; - req->isCA = 1; - XSTRNCPY(req->challengePw, "wolf123", CTC_NAME_SIZE); - XMEMCPY(&req->subject, &certDefaultName, sizeof(CertName)); - - #ifndef NO_SHA256 - req->sigType = CTC_SHA256wRSA; - #else - req->sigType = CTC_SHAwRSA; - #endif - - #ifdef WOLFSSL_CERT_EXT - /* add SKID from the Public Key */ - if (wc_SetSubjectKeyIdFromPublicKey(req, &keypub, NULL) != 0) { - ERROR_OUT(-7768, exit_rsa); - } - - /* add Key Usage */ - if (wc_SetKeyUsage(req, certKeyUsage2) != 0) { - ERROR_OUT(-7769, exit_rsa); - } - - /* add Extended Key Usage */ - if (wc_SetExtKeyUsage(req, "serverAuth,clientAuth,codeSigning," - "emailProtection,timeStamping,OCSPSigning") != 0) { - ERROR_OUT(-7770, exit_rsa); - } - #ifdef WOLFSSL_EKU_OID - { - const char unique[] = "2.16.840.1.111111.100.1.10.1"; - if (wc_SetExtKeyUsageOID(req, unique, sizeof(unique), 0, - HEAP_HINT) != 0) { - ERROR_OUT(-7771, exit_rsa); - } - } - #endif /* WOLFSSL_EKU_OID */ - #endif /* WOLFSSL_CERT_EXT */ - - derSz = wc_MakeCertReq(req, der, FOURK_BUF, &key, NULL); - if (derSz < 0) { - ERROR_OUT(-7772, exit_rsa); - } - - #ifdef WOLFSSL_CERT_EXT - /* Try again with "any" flag set, will override all others */ - if (wc_SetExtKeyUsage(req, "any") != 0) { - ERROR_OUT(-7773, exit_rsa); - } - derSz = wc_MakeCertReq(req, der, FOURK_BUF, &key, NULL); - if (derSz < 0) { - ERROR_OUT(-7774, exit_rsa); - } - #endif /* WOLFSSL_CERT_EXT */ - - ret = 0; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_SignCert(req->bodySz, req->sigType, der, FOURK_BUF, - &key, NULL, &rng); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-7775, exit_rsa); - } - derSz = ret; - - ret = SaveDerAndPem(der, derSz, certReqDerFile, certReqPemFile, - CERTREQ_TYPE, -5650); - if (ret != 0) { - goto exit_rsa; - } - - derSz = wc_MakeCertReq_ex(req, der, FOURK_BUF, RSA_TYPE, &key); - if (derSz < 0) { - ERROR_OUT(-7776, exit_rsa); - } - - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(req, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - der = NULL; - } -#endif /* WOLFSSL_CERT_REQ */ -#endif /* WOLFSSL_CERT_GEN */ - -#if defined(WC_RSA_PSS) && !defined(HAVE_FIPS_VERSION) /* not supported with FIPSv1 */ -/* Need to create known good signatures to test with this. */ -#ifndef WOLFSSL_RSA_VERIFY_ONLY - ret = rsa_pss_test(&rng, &key); -#endif -#endif - -exit_rsa: - wc_FreeRsaKey(&key); -#ifdef WOLFSSL_CERT_EXT - wc_FreeRsaKey(&keypub); -#endif -#if defined(HAVE_NTRU) - wc_FreeRsaKey(&caKey); -#endif - - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_FreeRng(&rng); - - FREE_VAR(in, HEAP_HINT); - FREE_VAR(out, HEAP_HINT); - FREE_VAR(plain, HEAP_HINT); - - /* ret can be greater then 0 with certgen but all negative values should - * be returned and treated as an error */ - if (ret >= 0) { - return 0; - } - else { - return ret; - } -} - -#endif /* !NO_RSA */ - - -#ifndef NO_DH - -static int dh_fips_generate_test(WC_RNG *rng) -{ - int ret = 0; - DhKey key; - static byte p[] = { - 0xc5, 0x7c, 0xa2, 0x4f, 0x4b, 0xd6, 0x8c, 0x3c, - 0xda, 0xc7, 0xba, 0xaa, 0xea, 0x2e, 0x5c, 0x1e, - 0x18, 0xb2, 0x7b, 0x8c, 0x55, 0x65, 0x9f, 0xea, - 0xe0, 0xa1, 0x36, 0x53, 0x2b, 0x36, 0xe0, 0x4e, - 0x3e, 0x64, 0xa9, 0xe4, 0xfc, 0x8f, 0x32, 0x62, - 0x97, 0xe4, 0xbe, 0xf7, 0xc1, 0xde, 0x07, 0x5a, - 0x89, 0x28, 0xf3, 0xfe, 0x4f, 0xfe, 0x68, 0xbc, - 0xfb, 0x0a, 0x7c, 0xa4, 0xb3, 0x14, 0x48, 0x89, - 0x9f, 0xaf, 0xb8, 0x43, 0xe2, 0xa0, 0x62, 0x5c, - 0xb4, 0x88, 0x3f, 0x06, 0x50, 0x11, 0xfe, 0x65, - 0x8d, 0x49, 0xd2, 0xf5, 0x4b, 0x74, 0x79, 0xdb, - 0x06, 0x62, 0x92, 0x89, 0xed, 0xda, 0xcb, 0x87, - 0x37, 0x16, 0xd2, 0xa1, 0x7a, 0xe8, 0xde, 0x92, - 0xee, 0x3e, 0x41, 0x4a, 0x91, 0x5e, 0xed, 0xf3, - 0x6c, 0x6b, 0x7e, 0xfd, 0x15, 0x92, 0x18, 0xfc, - 0xa7, 0xac, 0x42, 0x85, 0x57, 0xe9, 0xdc, 0xda, - 0x55, 0xc9, 0x8b, 0x28, 0x9e, 0xc1, 0xc4, 0x46, - 0x4d, 0x88, 0xed, 0x62, 0x8e, 0xdb, 0x3f, 0xb9, - 0xd7, 0xc8, 0xe3, 0xcf, 0xb8, 0x34, 0x2c, 0xd2, - 0x6f, 0x28, 0x06, 0x41, 0xe3, 0x66, 0x8c, 0xfc, - 0x72, 0xff, 0x26, 0x3b, 0x6b, 0x6c, 0x6f, 0x73, - 0xde, 0xf2, 0x90, 0x29, 0xe0, 0x61, 0x32, 0xc4, - 0x12, 0x74, 0x09, 0x52, 0xec, 0xf3, 0x1b, 0xa6, - 0x45, 0x98, 0xac, 0xf9, 0x1c, 0x65, 0x8e, 0x3a, - 0x91, 0x84, 0x4b, 0x23, 0x8a, 0xb2, 0x3c, 0xc9, - 0xfa, 0xea, 0xf1, 0x38, 0xce, 0xd8, 0x05, 0xe0, - 0xfa, 0x44, 0x68, 0x1f, 0xeb, 0xd9, 0x57, 0xb8, - 0x4a, 0x97, 0x5b, 0x88, 0xc5, 0xf1, 0xbb, 0xb0, - 0x49, 0xc3, 0x91, 0x7c, 0xd3, 0x13, 0xb9, 0x47, - 0xbb, 0x91, 0x8f, 0xe5, 0x26, 0x07, 0xab, 0xa9, - 0xc5, 0xd0, 0x3d, 0x95, 0x41, 0x26, 0x92, 0x9d, - 0x13, 0x67, 0xf2, 0x7e, 0x11, 0x88, 0xdc, 0x2d - }; - static byte g[] = { - 0x4a, 0x1a, 0xf3, 0xa4, 0x92, 0xe9, 0xee, 0x74, - 0x6e, 0x57, 0xd5, 0x8c, 0x2c, 0x5b, 0x41, 0x41, - 0x5e, 0xd4, 0x55, 0x19, 0xdc, 0xd9, 0x32, 0x91, - 0xf7, 0xfd, 0xc2, 0x57, 0xff, 0x03, 0x14, 0xdb, - 0xf1, 0xb7, 0x60, 0x0c, 0x43, 0x59, 0x3f, 0xff, - 0xac, 0xf1, 0x80, 0x9a, 0x15, 0x6f, 0xd8, 0x6e, - 0xb7, 0x85, 0x18, 0xc8, 0xec, 0x4e, 0x59, 0x4a, - 0xe2, 0x91, 0x43, 0x4c, 0xeb, 0x95, 0xb6, 0x2e, - 0x9a, 0xea, 0x53, 0x68, 0x80, 0x64, 0x69, 0x40, - 0xf9, 0xec, 0xbd, 0x85, 0x89, 0x26, 0x97, 0x67, - 0xaf, 0xb0, 0xad, 0x00, 0x1b, 0xd4, 0xfd, 0x94, - 0xd3, 0xe9, 0x92, 0xb1, 0xb4, 0xbc, 0x5a, 0xaa, - 0x92, 0x80, 0x89, 0x3b, 0x39, 0x05, 0x6c, 0x22, - 0x26, 0xfe, 0x5a, 0x28, 0x6c, 0x37, 0x50, 0x5a, - 0x38, 0x99, 0xcf, 0xf3, 0xc1, 0x96, 0x45, 0xdc, - 0x01, 0xcb, 0x20, 0x87, 0xa5, 0x00, 0x8c, 0xf5, - 0x4d, 0xc2, 0xef, 0xb8, 0x9b, 0xd1, 0x87, 0xbe, - 0xed, 0xd5, 0x0a, 0x29, 0x15, 0x34, 0x59, 0x4c, - 0x3a, 0x05, 0x22, 0x05, 0x44, 0x4f, 0x9f, 0xc8, - 0x47, 0x12, 0x24, 0x8e, 0xa8, 0x79, 0xe4, 0x67, - 0xba, 0x4d, 0x5b, 0x75, 0x56, 0x95, 0xeb, 0xe8, - 0x8a, 0xfa, 0x8e, 0x01, 0x8c, 0x1b, 0x74, 0x63, - 0xd9, 0x2f, 0xf7, 0xd3, 0x44, 0x8f, 0xa8, 0xf5, - 0xaf, 0x6c, 0x4f, 0xdb, 0xe7, 0xc9, 0x6c, 0x71, - 0x22, 0xa3, 0x1d, 0xf1, 0x40, 0xb2, 0xe0, 0x9a, - 0xb6, 0x72, 0xc9, 0xc0, 0x13, 0x16, 0xa2, 0x4a, - 0xe1, 0x92, 0xc7, 0x54, 0x23, 0xab, 0x9d, 0xa1, - 0xa1, 0xe5, 0x0b, 0xed, 0xba, 0xe8, 0x84, 0x37, - 0xb2, 0xe7, 0xfe, 0x32, 0x8d, 0xfa, 0x1c, 0x53, - 0x77, 0x97, 0xc7, 0xf3, 0x48, 0xc9, 0xdb, 0x2d, - 0x75, 0x52, 0x9d, 0x42, 0x51, 0x78, 0x62, 0x68, - 0x05, 0x45, 0x15, 0xf8, 0xa2, 0x4e, 0xf3, 0x0b - }; - static byte q[] = { - 0xe0, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e, - 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75, - 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5, - 0x40, 0x52, 0xed, 0x41 - }; - static byte q0[] = { - 0x00, - 0xe0, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e, - 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75, - 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5, - 0x40, 0x52, 0xed, 0x41 - }; - byte priv[256]; - byte pub[256]; - word32 privSz = sizeof(priv); - word32 pubSz = sizeof(pub); - - /* Parameter Validation testing. */ - ret = wc_DhGenerateKeyPair(NULL, rng, priv, &privSz, pub, &pubSz); - if (ret != BAD_FUNC_ARG) - return -7777; - ret = wc_DhGenerateKeyPair(&key, NULL, priv, &privSz, pub, &pubSz); - if (ret != BAD_FUNC_ARG) - return -7778; - ret = wc_DhGenerateKeyPair(&key, rng, NULL, &privSz, pub, &pubSz); - if (ret != BAD_FUNC_ARG) - return -7779; - ret = wc_DhGenerateKeyPair(&key, rng, priv, NULL, pub, &pubSz); - if (ret != BAD_FUNC_ARG) - return -7780; - ret = wc_DhGenerateKeyPair(&key, rng, priv, &privSz, NULL, &pubSz); - if (ret != BAD_FUNC_ARG) - return -7781; - ret = wc_DhGenerateKeyPair(&key, rng, priv, &privSz, pub, NULL); - if (ret != BAD_FUNC_ARG) - return -7782; - - ret = wc_InitDhKey_ex(&key, HEAP_HINT, devId); - if (ret != 0) - return -7783; - - ret = wc_DhSetKey_ex(&key, p, sizeof(p), g, sizeof(g), q0, sizeof(q0)); - if (ret != 0) { - ERROR_OUT(-7784, exit_gen_test); - } - - wc_FreeDhKey(&key); - - ret = wc_InitDhKey_ex(&key, HEAP_HINT, devId); - if (ret != 0) - return -7785; - - ret = wc_DhSetKey_ex(&key, p, sizeof(p), g, sizeof(g), q, sizeof(q)); - if (ret != 0) { - ERROR_OUT(-7786, exit_gen_test); - } - - /* Use API. */ - ret = wc_DhGenerateKeyPair(&key, rng, priv, &privSz, pub, &pubSz); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) { - ERROR_OUT(-7787, exit_gen_test); - } - - ret = wc_DhCheckPubKey_ex(&key, pub, pubSz, q0, sizeof(q0)); - if (ret != 0) { - ERROR_OUT(-7788, exit_gen_test); - } - - wc_FreeDhKey(&key); - ret = wc_InitDhKey_ex(&key, HEAP_HINT, devId); - if (ret != 0) - return -7789; - - ret = wc_DhSetKey(&key, p, sizeof(p), g, sizeof(g)); - if (ret != 0) { - ERROR_OUT(-7790, exit_gen_test); - } - - ret = wc_DhCheckPubKey_ex(&key, pub, pubSz, q, sizeof(q)); - if (ret != 0) { - ERROR_OUT(-7791, exit_gen_test); - } - -#ifndef HAVE_SELFTEST - ret = wc_DhCheckKeyPair(&key, pub, pubSz, priv, privSz); - if (ret != 0) { - ERROR_OUT(-7792, exit_gen_test); - } - - /* Taint the public key so the check fails. */ - pub[0]++; - ret = wc_DhCheckKeyPair(&key, pub, pubSz, priv, privSz); - if (ret != MP_CMP_E) { - ERROR_OUT(-7793, exit_gen_test); - } - -#ifdef WOLFSSL_KEY_GEN - wc_FreeDhKey(&key); - ret = wc_InitDhKey_ex(&key, HEAP_HINT, devId); - if (ret != 0) - return -7794; - - ret = wc_DhGenerateParams(rng, 2048, &key); - if (ret != 0) { - ERROR_OUT(-7795, exit_gen_test); - } - - privSz = sizeof(priv); - pubSz = sizeof(pub); - - ret = wc_DhGenerateKeyPair(&key, rng, priv, &privSz, pub, &pubSz); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) { - ERROR_OUT(-7796, exit_gen_test); - } -#endif /* WOLFSSL_KEY_GEN */ -#endif /* HAVE_SELFTEST */ - - ret = 0; - -exit_gen_test: - wc_FreeDhKey(&key); - - return ret; -} - -static int dh_generate_test(WC_RNG *rng) -{ - int ret = 0; - DhKey smallKey; - byte p[2] = { 0, 5 }; - byte g[2] = { 0, 2 }; -#ifndef WOLFSSL_SP_MATH -#ifdef WOLFSSL_DH_CONST - /* the table for constant DH lookup will round to the lowest byte size 21 */ - byte priv[21]; - byte pub[21]; -#else - byte priv[2]; - byte pub[2]; -#endif - word32 privSz = sizeof(priv); - word32 pubSz = sizeof(pub); -#endif - - ret = wc_InitDhKey_ex(&smallKey, HEAP_HINT, devId); - if (ret != 0) - return -7797; - - /* Parameter Validation testing. */ - ret = wc_InitDhKey_ex(NULL, HEAP_HINT, devId); - if (ret != BAD_FUNC_ARG) - return -7798; - wc_FreeDhKey(NULL); - - ret = wc_DhSetKey(NULL, p, sizeof(p), g, sizeof(g)); - if (ret != BAD_FUNC_ARG) { - ERROR_OUT(-7799, exit_gen_test); - } - ret = wc_DhSetKey(&smallKey, NULL, sizeof(p), g, sizeof(g)); - if (ret != BAD_FUNC_ARG) { - ERROR_OUT(-7800, exit_gen_test); - } - ret = wc_DhSetKey(&smallKey, p, 0, g, sizeof(g)); - if (ret != BAD_FUNC_ARG) { - ERROR_OUT(-7801, exit_gen_test); - } - ret = wc_DhSetKey(&smallKey, p, sizeof(p), NULL, sizeof(g)); - if (ret != BAD_FUNC_ARG) { - ERROR_OUT(-7802, exit_gen_test); - } - ret = wc_DhSetKey(&smallKey, p, sizeof(p), g, 0); - if (ret != BAD_FUNC_ARG) { - ERROR_OUT(-7803, exit_gen_test); - } - ret = wc_DhSetKey(&smallKey, p, sizeof(p), g, sizeof(g)); - if (ret != 0) { - ERROR_OUT(-7804, exit_gen_test); - } - -#ifndef WOLFSSL_SP_MATH - /* Use API. */ - ret = wc_DhGenerateKeyPair(&smallKey, rng, priv, &privSz, pub, &pubSz); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &smallKey.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) { - ret = -7805; - } -#else - (void)rng; - ret = 0; -#endif - -exit_gen_test: - wc_FreeDhKey(&smallKey); - - return ret; -} - -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) -typedef struct dh_pubvalue_test { - const byte* data; - word32 len; -} dh_pubvalue_test; - -static int dh_test_check_pubvalue(void) -{ - int ret; - word32 i; - const byte prime[] = {0x01, 0x00, 0x01}; - const byte pubValZero[] = { 0x00 }; - const byte pubValZeroLong[] = { 0x00, 0x00, 0x00 }; - const byte pubValOne[] = { 0x01 }; - const byte pubValOneLong[] = { 0x00, 0x00, 0x01 }; - const byte pubValPrimeMinusOne[] = { 0x01, 0x00, 0x00 }; - const byte pubValPrimeLong[] = {0x00, 0x01, 0x00, 0x01}; - const byte pubValPrimePlusOne[] = { 0x01, 0x00, 0x02 }; - const byte pubValTooBig0[] = { 0x02, 0x00, 0x01 }; - const byte pubValTooBig1[] = { 0x01, 0x01, 0x01 }; - const byte pubValTooLong[] = { 0x01, 0x00, 0x00, 0x01 }; - const dh_pubvalue_test dh_pubval_fail[] = { - { prime, sizeof(prime) }, - { pubValZero, sizeof(pubValZero) }, - { pubValZeroLong, sizeof(pubValZeroLong) }, - { pubValOne, sizeof(pubValOne) }, - { pubValOneLong, sizeof(pubValOneLong) }, - { pubValPrimeMinusOne, sizeof(pubValPrimeMinusOne) }, - { pubValPrimeLong, sizeof(pubValPrimeLong) }, - { pubValPrimePlusOne, sizeof(pubValPrimePlusOne) }, - { pubValTooBig0, sizeof(pubValTooBig0) }, - { pubValTooBig1, sizeof(pubValTooBig1) }, - { pubValTooLong, sizeof(pubValTooLong) }, - }; - const byte pubValTwo[] = { 0x02 }; - const byte pubValTwoLong[] = { 0x00, 0x00, 0x02 }; - const byte pubValGood[] = { 0x12, 0x34 }; - const byte pubValGoodLen[] = { 0x00, 0x12, 0x34 }; - const byte pubValGoodLong[] = { 0x00, 0x00, 0x12, 0x34 }; - const dh_pubvalue_test dh_pubval_pass[] = { - { pubValTwo, sizeof(pubValTwo) }, - { pubValTwoLong, sizeof(pubValTwoLong) }, - { pubValGood, sizeof(pubValGood) }, - { pubValGoodLen, sizeof(pubValGoodLen) }, - { pubValGoodLong, sizeof(pubValGoodLong) }, - }; - - for (i = 0; i < sizeof(dh_pubval_fail) / sizeof(*dh_pubval_fail); i++) { - ret = wc_DhCheckPubValue(prime, sizeof(prime), dh_pubval_fail[i].data, - dh_pubval_fail[i].len); - if (ret != MP_VAL) - return -7806 - (int)i; - } - - for (i = 0; i < sizeof(dh_pubval_pass) / sizeof(*dh_pubval_pass); i++) { - ret = wc_DhCheckPubValue(prime, sizeof(prime), dh_pubval_pass[i].data, - dh_pubval_pass[i].len); - if (ret != 0) - return -7816 - (int)i; - } - - return 0; -} -#endif - -#if defined(HAVE_FFDHE) - -#ifdef HAVE_FFDHE_3072 - #define FFDHE_KEY_SIZE (3072/8) -#else - #define FFDHE_KEY_SIZE (2048/8) -#endif - -static int dh_test_ffdhe(WC_RNG *rng, const DhParams* params) -{ - int ret; - word32 privSz, pubSz, privSz2, pubSz2; - byte priv[FFDHE_KEY_SIZE]; - byte pub[FFDHE_KEY_SIZE]; - byte priv2[FFDHE_KEY_SIZE]; - byte pub2[FFDHE_KEY_SIZE]; - byte agree[FFDHE_KEY_SIZE]; - byte agree2[FFDHE_KEY_SIZE]; - word32 agreeSz = (word32)sizeof(agree); - word32 agreeSz2 = (word32)sizeof(agree2); - DhKey key; - DhKey key2; - - XMEMSET(&key, 0, sizeof(DhKey)); - XMEMSET(&key2, 0, sizeof(DhKey)); - - ret = wc_InitDhKey_ex(&key, HEAP_HINT, devId); - if (ret != 0) { - ERROR_OUT(-7826, done); - } - ret = wc_InitDhKey_ex(&key2, HEAP_HINT, devId); - if (ret != 0) { - ERROR_OUT(-7827, done); - } - - ret = wc_DhSetKey(&key, params->p, params->p_len, params->g, params->g_len); - if (ret != 0) { - ERROR_OUT(-7828, done); - } - - ret = wc_DhSetKey(&key2, params->p, params->p_len, params->g, - params->g_len); - if (ret != 0) { - ERROR_OUT(-7829, done); - } - - ret = wc_DhGenerateKeyPair(&key, rng, priv, &privSz, pub, &pubSz); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) { - ERROR_OUT(-7830, done); - } - - ret = wc_DhGenerateKeyPair(&key2, rng, priv2, &privSz2, pub2, &pubSz2); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key2.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) { - ERROR_OUT(-7831, done); - } - - ret = wc_DhAgree(&key, agree, &agreeSz, priv, privSz, pub2, pubSz2); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) { - ERROR_OUT(-7832, done); - } - - ret = wc_DhAgree(&key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key2.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) { - ERROR_OUT(-7833, done); - } - - if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) { - ERROR_OUT(-7834, done); - } - -done: - wc_FreeDhKey(&key); - wc_FreeDhKey(&key2); - return ret; -} - -#endif /* HAVE_FFDHE */ - -static int dh_test(void) -{ - int ret; - word32 bytes; - word32 idx = 0, privSz, pubSz, privSz2, pubSz2; - byte tmp[1024]; -#if !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) - byte priv[256]; - byte pub[256]; - byte priv2[256]; - byte pub2[256]; - byte agree[256]; - byte agree2[256]; -#else - byte priv[512]; - byte pub[512]; - byte priv2[512]; - byte pub2[512]; - byte agree[512]; - byte agree2[512]; -#endif - word32 agreeSz = (word32)sizeof(agree); - word32 agreeSz2 = (word32)sizeof(agree2); - DhKey key; - DhKey key2; - WC_RNG rng; - int keyInit = 0; - -#ifdef USE_CERT_BUFFERS_1024 - XMEMCPY(tmp, dh_key_der_1024, (size_t)sizeof_dh_key_der_1024); - bytes = (size_t)sizeof_dh_key_der_1024; -#elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(tmp, dh_key_der_2048, (size_t)sizeof_dh_key_der_2048); - bytes = (size_t)sizeof_dh_key_der_2048; -#elif defined(USE_CERT_BUFFERS_3072) - XMEMCPY(tmp, dh_key_der_3072, (size_t)sizeof_dh_key_der_3072); - bytes = (size_t)sizeof_dh_key_der_3072; -#elif defined(USE_CERT_BUFFERS_4096) - XMEMCPY(tmp, dh_key_der_4096, (size_t)sizeof_dh_key_der_4096); - bytes = (size_t)sizeof_dh_key_der_4096; -#elif defined(NO_ASN) - /* don't use file, no DER parsing */ -#elif !defined(NO_FILESYSTEM) - XFILE file = XFOPEN(dhParamsFile, "rb"); - if (!file) - return -7900; - - bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), file); - XFCLOSE(file); -#else - /* No DH key to use. */ - return -7901; -#endif /* USE_CERT_BUFFERS */ - - (void)idx; - (void)tmp; - (void)bytes; - - XMEMSET(&rng, 0, sizeof(rng)); - /* Use API for coverage. */ - ret = wc_InitDhKey(&key); - if (ret != 0) { - ERROR_OUT(-7902, done); - } - wc_FreeDhKey(&key); - - ret = wc_InitDhKey_ex(&key, HEAP_HINT, devId); - if (ret != 0) { - ERROR_OUT(-7903, done); - } - keyInit = 1; - ret = wc_InitDhKey_ex(&key2, HEAP_HINT, devId); - if (ret != 0) { - ERROR_OUT(-7904, done); - } - -#ifdef NO_ASN - ret = wc_DhSetKey(&key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g)); - if (ret != 0) { - ERROR_OUT(-7905, done); - } - - ret = wc_DhSetKey(&key2, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g)); - if (ret != 0) { - ERROR_OUT(-7906, done); - } -#else - ret = wc_DhKeyDecode(tmp, &idx, &key, bytes); - if (ret != 0) { - ERROR_OUT(-7907, done); - } - - idx = 0; - ret = wc_DhKeyDecode(tmp, &idx, &key2, bytes); - if (ret != 0) { - ERROR_OUT(-7908, done); - } -#endif - -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) { - ERROR_OUT(-7909, done); - } - - ret = wc_DhGenerateKeyPair(&key, &rng, priv, &privSz, pub, &pubSz); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) { - ERROR_OUT(-7910, done); - } - - ret = wc_DhGenerateKeyPair(&key2, &rng, priv2, &privSz2, pub2, &pubSz2); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key2.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) { - ERROR_OUT(-7911, done); - } - - ret = wc_DhAgree(&key, agree, &agreeSz, priv, privSz, pub2, pubSz2); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) { - ERROR_OUT(-7912, done); - } - - ret = wc_DhAgree(&key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key2.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) { - ERROR_OUT(-7913, done); - } - - if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) { - ERROR_OUT(-7914, done); - } - -#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) - if (wc_DhCheckPrivKey(NULL, NULL, 0) != BAD_FUNC_ARG) - return -7915; - - if (wc_DhCheckPrivKey(&key, priv, privSz) != 0) - return -7916; - - if (wc_DhExportParamsRaw(NULL, NULL, NULL, NULL, NULL, NULL, NULL) != BAD_FUNC_ARG) - return -7917; - { - word32 pSz, qSz, gSz; - if (wc_DhExportParamsRaw(&key, NULL, &pSz, NULL, &qSz, NULL, &gSz) != LENGTH_ONLY_E) - return -7918; - } -#endif - - - - /* Test DH key import / export */ -#ifdef WOLFSSL_DH_EXTRA -#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) - file = XFOPEN(dhKeyFile, "rb"); - if (!file) - return -7950; - bytes = (word32)XFREAD(tmp, 1, sizeof(tmp), file); - XFCLOSE(file); - - idx = 0; - ret = wc_DhKeyDecode(tmp, &idx, &key, bytes); - if (ret != 0) { - return -7951; - } -#endif - - privSz = sizeof(priv); - pubSz = sizeof(pub); - ret = wc_DhExportKeyPair(&key, priv, &privSz, pub, &pubSz); - if (ret != 0) { - return -7952; - } - ret = wc_DhImportKeyPair(&key2, priv, privSz, pub, pubSz); - if (ret != 0) { - return -7953; - } -#endif /* WOLFSSL_DH_EXTRA */ - - ret = dh_generate_test(&rng); - if (ret != 0) - ERROR_OUT(-7954, done); - - ret = dh_fips_generate_test(&rng); - if (ret != 0) - ERROR_OUT(-7955, done); - -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) - ret = dh_test_check_pubvalue(); - if (ret != 0) - ERROR_OUT(-7956, done); -#endif - - /* Specialized code for key gen when using FFDHE-2048 and FFDHE-3072. */ - #ifdef HAVE_FFDHE_2048 - ret = dh_test_ffdhe(&rng, wc_Dh_ffdhe2048_Get()); - if (ret != 0) - ERROR_OUT(-7957, done); - #endif - #ifdef HAVE_FFDHE_3072 - ret = dh_test_ffdhe(&rng, wc_Dh_ffdhe3072_Get()); - if (ret != 0) - ERROR_OUT(-7958, done); - #endif - - wc_FreeDhKey(&key); - keyInit = 0; - -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ - !defined(WOLFSSL_OLD_PRIME_CHECK) - /* Test Check Key */ - ret = wc_DhSetCheckKey(&key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g), - NULL, 0, 0, &rng); - if (ret != 0) - ERROR_OUT(-7959, done); - keyInit = 1; /* DhSetCheckKey also initializes the key, free it */ -#endif - -done: - - if (keyInit) - wc_FreeDhKey(&key); - wc_FreeDhKey(&key2); - wc_FreeRng(&rng); - - return ret; -} - -#endif /* NO_DH */ - - -#ifndef NO_DSA - -static int dsa_test(void) -{ - int ret, answer; - word32 bytes; - word32 idx = 0; - byte tmp[1024]; - DsaKey key; - WC_RNG rng; - wc_Sha sha; - byte hash[WC_SHA_DIGEST_SIZE]; - byte signature[40]; - -#ifdef USE_CERT_BUFFERS_1024 - XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024); - bytes = sizeof_dsa_key_der_1024; -#elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048); - bytes = sizeof_dsa_key_der_2048; -#else - XFILE file = XFOPEN(dsaKey, "rb"); - if (!file) - return -8000; - - bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), file); - XFCLOSE(file); -#endif /* USE_CERT_BUFFERS */ - - ret = wc_InitSha_ex(&sha, HEAP_HINT, devId); - if (ret != 0) - return -8001; - wc_ShaUpdate(&sha, tmp, bytes); - wc_ShaFinal(&sha, hash); - wc_ShaFree(&sha); - - ret = wc_InitDsaKey(&key); - if (ret != 0) return -8002; - - ret = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes); - if (ret != 0) return -8003; - -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) return -8004; - - ret = wc_DsaSign(hash, signature, &key, &rng); - if (ret != 0) return -8005; - - ret = wc_DsaVerify(hash, signature, &key, &answer); - if (ret != 0) return -8006; - if (answer != 1) return -8007; - - wc_FreeDsaKey(&key); - -#ifdef WOLFSSL_KEY_GEN - { - byte* der; - int derSz = 0; - DsaKey derIn; - DsaKey genKey; - - ret = wc_InitDsaKey(&genKey); - if (ret != 0) return -8008; - - ret = wc_MakeDsaParameters(&rng, 1024, &genKey); - if (ret != 0) { - wc_FreeDsaKey(&genKey); - return -8009; - } - - ret = wc_MakeDsaKey(&rng, &genKey); - if (ret != 0) { - wc_FreeDsaKey(&genKey); - return -8010; - } - - der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (der == NULL) { - wc_FreeDsaKey(&genKey); - return -8011; - } - - derSz = wc_DsaKeyToDer(&genKey, der, FOURK_BUF); - if (derSz < 0) { - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -8013; - } - - ret = SaveDerAndPem(der, derSz, keyDerFile, keyPemFile, - DSA_PRIVATEKEY_TYPE, -5814); - if (ret != 0) { - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_FreeDsaKey(&genKey); - return ret; - } - - ret = wc_InitDsaKey(&derIn); - if (ret != 0) { - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_FreeDsaKey(&genKey); - return -8014; - } - - idx = 0; - ret = wc_DsaPrivateKeyDecode(der, &idx, &derIn, derSz); - if (ret != 0) { - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_FreeDsaKey(&derIn); - wc_FreeDsaKey(&genKey); - return -8015; - } - - wc_FreeDsaKey(&derIn); - wc_FreeDsaKey(&genKey); - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - } -#endif /* WOLFSSL_KEY_GEN */ - - if (wc_InitDsaKey_h(&key, NULL) != 0) - return -8016; - - wc_FreeRng(&rng); - return 0; -} - -#endif /* NO_DSA */ - -#ifdef WOLFCRYPT_HAVE_SRP - -static int generate_random_salt(byte *buf, word32 size) -{ - int ret = -8017; - WC_RNG rng; - - if(NULL == buf || !size) - return -8018; - - if (buf && size && wc_InitRng_ex(&rng, HEAP_HINT, devId) == 0) { - ret = wc_RNG_GenerateBlock(&rng, (byte *)buf, size); - - wc_FreeRng(&rng); - } - - return ret; -} - -static int srp_test(void) -{ - Srp cli, srv; - int r; - - byte clientPubKey[80]; /* A */ - byte serverPubKey[80]; /* B */ - word32 clientPubKeySz = 80; - word32 serverPubKeySz = 80; - byte clientProof[SRP_MAX_DIGEST_SIZE]; /* M1 */ - byte serverProof[SRP_MAX_DIGEST_SIZE]; /* M2 */ - word32 clientProofSz = SRP_MAX_DIGEST_SIZE; - word32 serverProofSz = SRP_MAX_DIGEST_SIZE; - - byte username[] = "user"; - word32 usernameSz = 4; - - byte password[] = "password"; - word32 passwordSz = 8; - - byte N[] = { - 0xC9, 0x4D, 0x67, 0xEB, 0x5B, 0x1A, 0x23, 0x46, 0xE8, 0xAB, 0x42, 0x2F, - 0xC6, 0xA0, 0xED, 0xAE, 0xDA, 0x8C, 0x7F, 0x89, 0x4C, 0x9E, 0xEE, 0xC4, - 0x2F, 0x9E, 0xD2, 0x50, 0xFD, 0x7F, 0x00, 0x46, 0xE5, 0xAF, 0x2C, 0xF7, - 0x3D, 0x6B, 0x2F, 0xA2, 0x6B, 0xB0, 0x80, 0x33, 0xDA, 0x4D, 0xE3, 0x22, - 0xE1, 0x44, 0xE7, 0xA8, 0xE9, 0xB1, 0x2A, 0x0E, 0x46, 0x37, 0xF6, 0x37, - 0x1F, 0x34, 0xA2, 0x07, 0x1C, 0x4B, 0x38, 0x36, 0xCB, 0xEE, 0xAB, 0x15, - 0x03, 0x44, 0x60, 0xFA, 0xA7, 0xAD, 0xF4, 0x83 - }; - - byte g[] = { - 0x02 - }; - - byte salt[10]; - - byte verifier[80]; - word32 v_size = sizeof(verifier); - - /* set as 0's so if second init on srv not called SrpTerm is not on - * garbage values */ - XMEMSET(&srv, 0, sizeof(Srp)); - XMEMSET(&cli, 0, sizeof(Srp)); - - /* generating random salt */ - - r = generate_random_salt(salt, sizeof(salt)); - - /* client knows username and password. */ - /* server knows N, g, salt and verifier. */ - - if (!r) r = wc_SrpInit(&cli, SRP_TYPE_SHA, SRP_CLIENT_SIDE); - if (!r) r = wc_SrpSetUsername(&cli, username, usernameSz); - - /* loading N, g and salt in advance to generate the verifier. */ - - if (!r) r = wc_SrpSetParams(&cli, N, sizeof(N), - g, sizeof(g), - salt, sizeof(salt)); - if (!r) r = wc_SrpSetPassword(&cli, password, passwordSz); - if (!r) r = wc_SrpGetVerifier(&cli, verifier, &v_size); - - /* client sends username to server */ - - if (!r) r = wc_SrpInit(&srv, SRP_TYPE_SHA, SRP_SERVER_SIDE); - if (!r) r = wc_SrpSetUsername(&srv, username, usernameSz); - if (!r) r = wc_SrpSetParams(&srv, N, sizeof(N), - g, sizeof(g), - salt, sizeof(salt)); - if (!r) r = wc_SrpSetVerifier(&srv, verifier, v_size); - if (!r) r = wc_SrpGetPublic(&srv, serverPubKey, &serverPubKeySz); - - /* server sends N, g, salt and B to client */ - - if (!r) r = wc_SrpGetPublic(&cli, clientPubKey, &clientPubKeySz); - if (!r) r = wc_SrpComputeKey(&cli, clientPubKey, clientPubKeySz, - serverPubKey, serverPubKeySz); - if (!r) r = wc_SrpGetProof(&cli, clientProof, &clientProofSz); - - /* client sends A and M1 to server */ - - if (!r) r = wc_SrpComputeKey(&srv, clientPubKey, clientPubKeySz, - serverPubKey, serverPubKeySz); - if (!r) r = wc_SrpVerifyPeersProof(&srv, clientProof, clientProofSz); - if (!r) r = wc_SrpGetProof(&srv, serverProof, &serverProofSz); - - /* server sends M2 to client */ - - if (!r) r = wc_SrpVerifyPeersProof(&cli, serverProof, serverProofSz); - - wc_SrpTerm(&cli); - wc_SrpTerm(&srv); - - return r; -} - -#endif /* WOLFCRYPT_HAVE_SRP */ - -#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) - -#if !defined(NO_AES) && !defined(WOLFCRYPT_ONLY) -static int openssl_aes_test(void) -{ -#ifdef HAVE_AES_CBC -#ifdef WOLFSSL_AES_128 - { - /* EVP_CipherUpdate test */ - const byte cbcPlain[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, - 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, - 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, - 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, - 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, - 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, - 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 - }; - - byte key[] = "0123456789abcdef "; /* align */ - byte iv[] = "1234567890abcdef "; /* align */ - - byte cipher[AES_BLOCK_SIZE * 4]; - byte plain [AES_BLOCK_SIZE * 4]; - EVP_CIPHER_CTX en; - EVP_CIPHER_CTX de; - int outlen ; - int total = 0; - int i; - - EVP_CIPHER_CTX_init(&en); - if (EVP_CipherInit(&en, EVP_aes_128_cbc(), - (unsigned char*)key, (unsigned char*)iv, 1) == 0) - return -8200; - if (EVP_CipherUpdate(&en, (byte*)cipher, &outlen, - (byte*)cbcPlain, 9) == 0) - return -8201; - if (outlen != 0) - return -8202; - total += outlen; - - if (EVP_CipherUpdate(&en, (byte*)&cipher[total], &outlen, - (byte*)&cbcPlain[9] , 9) == 0) - return -8203; - if (outlen != 16) - return -8204; - total += outlen; - - if (EVP_CipherFinal(&en, (byte*)&cipher[total], &outlen) == 0) - return -8205; - if (outlen != 16) - return -8206; - total += outlen; - if (total != 32) - return 3408; - - total = 0; - EVP_CIPHER_CTX_init(&de); - if (EVP_CipherInit(&de, EVP_aes_128_cbc(), - (unsigned char*)key, (unsigned char*)iv, 0) == 0) - return -8207; - - if (EVP_CipherUpdate(&de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0) - return -8208; - if (outlen != 0) - return -8209; - total += outlen; - - if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, - (byte*)&cipher[6], 12) == 0) - return -8210; - if (outlen != 0) - total += outlen; - - if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, - (byte*)&cipher[6+12], 14) == 0) - return -8211; - if (outlen != 16) - return -8212; - total += outlen; - - if (EVP_CipherFinal(&de, (byte*)&plain[total], &outlen) == 0) - return -8213; - if (outlen != 2) - return -8214; - total += outlen; - - if (total != 18) - return 3427; - - if (XMEMCMP(plain, cbcPlain, 18)) - return -8215; - - /* test with encrypting/decrypting more than 16 bytes at once */ - total = 0; - EVP_CIPHER_CTX_init(&en); - if (EVP_CipherInit(&en, EVP_aes_128_cbc(), - (unsigned char*)key, (unsigned char*)iv, 1) == 0) - return -8216; - if (EVP_CipherUpdate(&en, (byte*)cipher, &outlen, - (byte*)cbcPlain, 17) == 0) - return -8217; - if (outlen != 16) - return -8218; - total += outlen; - - if (EVP_CipherUpdate(&en, (byte*)&cipher[total], &outlen, - (byte*)&cbcPlain[17] , 1) == 0) - return -8219; - if (outlen != 0) - return -8220; - total += outlen; - - if (EVP_CipherFinal(&en, (byte*)&cipher[total], &outlen) == 0) - return -8221; - if (outlen != 16) - return -8222; - total += outlen; - if (total != 32) - return -8223; - - total = 0; - EVP_CIPHER_CTX_init(&de); - if (EVP_CipherInit(&de, EVP_aes_128_cbc(), - (unsigned char*)key, (unsigned char*)iv, 0) == 0) - return -8224; - - if (EVP_CipherUpdate(&de, (byte*)plain, &outlen, (byte*)cipher, 17) == 0) - return -8225; - if (outlen != 16) - return -8226; - total += outlen; - - /* final call on non block size should fail */ - if (EVP_CipherFinal(&de, (byte*)&plain[total], &outlen) != 0) - return -8227; - - if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, - (byte*)&cipher[17], 1) == 0) - return -8228; - if (outlen != 0) - total += outlen; - - if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, - (byte*)&cipher[17+1], 14) == 0) - return -8229; - if (outlen != 0) - return -8230; - total += outlen; - - if (EVP_CipherFinal(&de, (byte*)&plain[total], &outlen) == 0) - return -8231; - if (outlen != 2) - return -8232; - total += outlen; - - if (total != 18) - return -8233; - - if (XMEMCMP(plain, cbcPlain, 18)) - return -8234; - - /* test byte by byte decrypt */ - for (i = 0; i < AES_BLOCK_SIZE * 3; i++) { - plain[i] = i; - } - - total = 0; - EVP_CIPHER_CTX_init(&en); - if (EVP_CipherInit(&en, EVP_aes_128_cbc(), - (unsigned char*)key, (unsigned char*)iv, 1) == 0) - return -8235; - if (EVP_CipherUpdate(&en, (byte*)cipher, &outlen, - (byte*)plain, AES_BLOCK_SIZE * 3) == 0) - return -8236; - if (outlen != AES_BLOCK_SIZE * 3) - return -8237; - total += outlen; - - if (EVP_CipherFinal(&en, (byte*)&cipher[total], &outlen) == 0) - return -8238; - if (outlen != AES_BLOCK_SIZE) - return -8239; - total += outlen; - if (total != sizeof(plain)) - return -8240; - - total = 0; - EVP_CIPHER_CTX_init(&de); - if (EVP_CipherInit(&de, EVP_aes_128_cbc(), - (unsigned char*)key, (unsigned char*)iv, 0) == 0) - return -8241; - - for (i = 0; i < AES_BLOCK_SIZE * 4; i++) { - if (EVP_CipherUpdate(&de, (byte*)plain + total, &outlen, - (byte*)cipher + i, 1) == 0) - return -8242; - - if (outlen > 0) { - int j; - - total += outlen; - for (j = 0; j < total; j++) { - if (plain[j] != j) { - return -8243; - } - } - } - } - - if (EVP_CipherFinal(&de, (byte*)&plain[total], &outlen) == 0) - return -8244; - total += outlen; - if (total != AES_BLOCK_SIZE * 3) { - return -8245; - } - for (i = 0; i < AES_BLOCK_SIZE * 3; i++) { - if (plain[i] != i) { - return -8246; - } - } - } - - /* set buffers to be exact size to catch potential over read/write */ - { - /* EVP_CipherUpdate test */ - const byte cbcPlain[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, - 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, - 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, - 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, - 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, - 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, - 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 - }; - - byte key[] = "0123456789abcdef "; /* align */ - byte iv[] = "1234567890abcdef "; /* align */ - - #define EVP_TEST_BUF_SZ 18 - #define EVP_TEST_BUF_PAD 32 - byte cipher[EVP_TEST_BUF_SZ]; - byte plain [EVP_TEST_BUF_SZ]; - byte padded[EVP_TEST_BUF_PAD]; - EVP_CIPHER_CTX en; - EVP_CIPHER_CTX de; - int outlen ; - int total = 0; - - EVP_CIPHER_CTX_init(&en); - if (EVP_CipherInit(&en, EVP_aes_128_cbc(), - (unsigned char*)key, (unsigned char*)iv, 1) == 0) - return -8247; - if (EVP_CIPHER_CTX_set_padding(&en, 0) != 1) - return -8248; - if (EVP_CipherUpdate(&en, (byte*)cipher, &outlen, - (byte*)cbcPlain, EVP_TEST_BUF_SZ) == 0) - return -8249; - if (outlen != 16) - return -8250; - total += outlen; - - /* should fail here */ - if (EVP_CipherFinal(&en, (byte*)&cipher[total], &outlen) != 0) - return -8251; - - /* turn padding back on and do successful encrypt */ - total = 0; - EVP_CIPHER_CTX_init(&en); - if (EVP_CipherInit(&en, EVP_aes_128_cbc(), - (unsigned char*)key, (unsigned char*)iv, 1) == 0) - return -8252; - if (EVP_CIPHER_CTX_set_padding(&en, 1) != 1) - return -8253; - if (EVP_CipherUpdate(&en, (byte*)padded, &outlen, - (byte*)cbcPlain, EVP_TEST_BUF_SZ) == 0) - return -8254; - if (outlen != 16) - return -8255; - total += outlen; - - if (EVP_CipherFinal(&en, (byte*)&padded[total], &outlen) == 0) - return -8256; - total += outlen; - if (total != 32) - return -8257; - XMEMCPY(cipher, padded, EVP_TEST_BUF_SZ); - - /* test out of bounds read on buffers w/o padding during decryption */ - total = 0; - EVP_CIPHER_CTX_init(&de); - if (EVP_CipherInit(&de, EVP_aes_128_cbc(), - (unsigned char*)key, (unsigned char*)iv, 0) == 0) - return -8258; - - if (EVP_CIPHER_CTX_set_padding(&de, 0) != 1) - return -8259; - if (EVP_CipherUpdate(&de, (byte*)plain, &outlen, (byte*)cipher, - EVP_TEST_BUF_SZ) == 0) - return -8260; - if (outlen != 16) - return -8261; - total += outlen; - - /* should fail since not using padding */ - if (EVP_CipherFinal(&de, (byte*)&plain[total], &outlen) != 0) - return -8262; - - total = 0; - EVP_CIPHER_CTX_init(&de); - if (EVP_CipherInit(&de, EVP_aes_128_cbc(), - (unsigned char*)key, (unsigned char*)iv, 0) == 0) - return -8263; - if (EVP_CIPHER_CTX_set_padding(&de, 1) != 1) - return -8264; - if (EVP_CipherUpdate(&de, (byte*)padded, &outlen, (byte*)padded, - EVP_TEST_BUF_PAD) == 0) - return -8265; - if (outlen != 16) - return -8266; - total += outlen; - - if (EVP_CipherFinal(&de, (byte*)&padded[total], &outlen) == 0) - return -8267; - if (XMEMCMP(padded, cbcPlain, EVP_TEST_BUF_SZ)) - return -8268; - } - - { /* evp_cipher test: EVP_aes_128_cbc */ - EVP_CIPHER_CTX ctx; - - const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */ - 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, - 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, - 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 - }; - - const byte verify[] = - { - 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53, - 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb - }; - - byte key[] = "0123456789abcdef "; /* align */ - byte iv[] = "1234567890abcdef "; /* align */ - - byte cipher[AES_BLOCK_SIZE * 4]; - byte plain [AES_BLOCK_SIZE * 4]; - - EVP_CIPHER_CTX_init(&ctx); - if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 1) == 0) - return -8269; - - if (EVP_Cipher(&ctx, cipher, (byte*)msg, 16) == 0) - return -8270; - - if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) - return -8271; - - EVP_CIPHER_CTX_init(&ctx); - if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 0) == 0) - return -8272; - - if (EVP_Cipher(&ctx, plain, cipher, 16) == 0) - return -8273; - - if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) - return -8274; - - - } /* end evp_cipher test: EVP_aes_128_cbc*/ -#endif /* WOLFSSL_AES_128 */ -#endif /* HAVE_AES_CBC */ - -#if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256) - { /* evp_cipher test: EVP_aes_256_ecb*/ - EVP_CIPHER_CTX ctx; - const byte msg[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a - }; - - const byte verify[] = - { - 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c, - 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 - }; - - const byte key[] = - { - 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, - 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, - 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, - 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 - }; - - - byte cipher[AES_BLOCK_SIZE * 4]; - byte plain [AES_BLOCK_SIZE * 4]; - - EVP_CIPHER_CTX_init(&ctx); - if (EVP_CipherInit(&ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1) == 0) - return -8275; - - if (EVP_Cipher(&ctx, cipher, (byte*)msg, 16) == 0) - return -8276; - - if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) - return -8277; - - EVP_CIPHER_CTX_init(&ctx); - if (EVP_CipherInit(&ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0) == 0) - return -8278; - - if (EVP_Cipher(&ctx, plain, cipher, 16) == 0) - return -8279; - - if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) - return -8280; - - } /* end evp_cipher test */ -#endif /* HAVE_AES_ECB && WOLFSSL_AES_256 */ - -#if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256) - /* enable HAVE_AES_DECRYPT for AES_encrypt/decrypt */ - { - /* Test: AES_encrypt/decrypt/set Key */ - AES_KEY enc; - #ifdef HAVE_AES_DECRYPT - AES_KEY dec; - #endif - - const byte msg[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a - }; - - const byte verify[] = - { - 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c, - 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 - }; - - const byte key[] = - { - 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, - 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, - 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, - 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 - }; - - byte plain[sizeof(msg)]; - byte cipher[sizeof(msg)]; - - AES_set_encrypt_key(key, sizeof(key)*8, &enc); - AES_set_decrypt_key(key, sizeof(key)*8, &dec); - - AES_encrypt(msg, cipher, &enc); - - #ifdef HAVE_AES_DECRYPT - AES_decrypt(cipher, plain, &dec); - if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) - return -8281; - #endif /* HAVE_AES_DECRYPT */ - - if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) - return -8282; - } -#endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */ - -/* EVP_Cipher with EVP_aes_xxx_ctr() */ -#ifdef WOLFSSL_AES_COUNTER - { - byte plainBuff [64]; - byte cipherBuff[64]; - -#ifdef WOLFSSL_AES_128 - const byte ctrKey[] = - { - 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, - 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c - }; - - const byte ctrIv[] = - { - 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, - 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff - }; - - - const byte ctrPlain[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, - 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, - 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, - 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, - 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, - 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, - 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 - }; - - const byte ctrCipher[] = - { - 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26, - 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce, - 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff, - 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff, - 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e, - 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab, - 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1, - 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee - }; - - const byte oddCipher[] = - { - 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0, - 0xc2 - }; -#endif - - /* test vector from "Recommendation for Block Cipher Modes of Operation" - * NIST Special Publication 800-38A */ -#ifdef WOLFSSL_AES_192 - const byte ctr192Key[] = - { - 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52, - 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5, - 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b - }; - - const byte ctr192Iv[] = - { - 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, - 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff - }; - - - const byte ctr192Plain[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a - }; - - const byte ctr192Cipher[] = - { - 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2, - 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b - }; -#endif /* WOLFSSL_AES_192 */ - -#ifdef WOLFSSL_AES_256 - /* test vector from "Recommendation for Block Cipher Modes of Operation" - * NIST Special Publication 800-38A */ - const byte ctr256Key[] = - { - 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, - 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, - 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, - 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 - }; - - const byte ctr256Iv[] = - { - 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, - 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff - }; - - - const byte ctr256Plain[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a - }; - - const byte ctr256Cipher[] = - { - 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5, - 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28 - }; -#endif /* WOLFSSL_AES_256 */ - - EVP_CIPHER_CTX en; - EVP_CIPHER_CTX de; -#ifdef WOLFSSL_AES_128 - EVP_CIPHER_CTX *p_en; - EVP_CIPHER_CTX *p_de; - - EVP_CIPHER_CTX_init(&en); - if (EVP_CipherInit(&en, EVP_aes_128_ctr(), - (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -8283; - if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, - AES_BLOCK_SIZE*4) == 0) - return -8284; - EVP_CIPHER_CTX_init(&de); - if (EVP_CipherInit(&de, EVP_aes_128_ctr(), - (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -8285; - - if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, - AES_BLOCK_SIZE*4) == 0) - return -8286; - - if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4)) - return -8287; - if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4)) - return -8288; - - p_en = wolfSSL_EVP_CIPHER_CTX_new(); - if (p_en == NULL) - return -8289; - p_de = wolfSSL_EVP_CIPHER_CTX_new(); - if (p_de == NULL) - return -8290; - - if (EVP_CipherInit(p_en, EVP_aes_128_ctr(), - (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -8291; - if (EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain, - AES_BLOCK_SIZE*4) == 0) - return -8292; - if (EVP_CipherInit(p_de, EVP_aes_128_ctr(), - (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -8293; - - if (EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff, - AES_BLOCK_SIZE*4) == 0) - return -8294; - - wolfSSL_EVP_CIPHER_CTX_free(p_en); - wolfSSL_EVP_CIPHER_CTX_free(p_de); - - if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4)) - return -8295; - if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4)) - return -8296; - - EVP_CIPHER_CTX_init(&en); - if (EVP_CipherInit(&en, EVP_aes_128_ctr(), - (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -8297; - if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, 9) == 0) - return -8298; - - EVP_CIPHER_CTX_init(&de); - if (EVP_CipherInit(&de, EVP_aes_128_ctr(), - (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -8299; - - if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, 9) == 0) - return -8300; - - if (XMEMCMP(plainBuff, ctrPlain, 9)) - return -8301; - if (XMEMCMP(cipherBuff, ctrCipher, 9)) - return -8302; - - if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, 9) == 0) - return -8303; - if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, 9) == 0) - return -8304; - - if (XMEMCMP(plainBuff, ctrPlain, 9)) - return -8305; - if (XMEMCMP(cipherBuff, oddCipher, 9)) - return -8306; -#endif /* WOLFSSL_AES_128 */ - -#ifdef WOLFSSL_AES_192 - EVP_CIPHER_CTX_init(&en); - if (EVP_CipherInit(&en, EVP_aes_192_ctr(), - (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0) - return -8307; - if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctr192Plain, - AES_BLOCK_SIZE) == 0) - return -8308; - EVP_CIPHER_CTX_init(&de); - if (EVP_CipherInit(&de, EVP_aes_192_ctr(), - (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0) - return -8309; - - XMEMSET(plainBuff, 0, sizeof(plainBuff)); - if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, - AES_BLOCK_SIZE) == 0) - return -8310; - - if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain))) - return -8311; - if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher))) - return -8312; -#endif /* WOLFSSL_AES_192 */ - -#ifdef WOLFSSL_AES_256 - EVP_CIPHER_CTX_init(&en); - if (EVP_CipherInit(&en, EVP_aes_256_ctr(), - (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0) - return -8313; - if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctr256Plain, - AES_BLOCK_SIZE) == 0) - return -8314; - EVP_CIPHER_CTX_init(&de); - if (EVP_CipherInit(&de, EVP_aes_256_ctr(), - (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0) - return -8315; - - XMEMSET(plainBuff, 0, sizeof(plainBuff)); - if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, - AES_BLOCK_SIZE) == 0) - return -8316; - - if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain))) - return -8317; - if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher))) - return -8318; -#endif /* WOLFSSL_AES_256 */ - } -#endif /* HAVE_AES_COUNTER */ - -#if defined(WOLFSSL_AES_CFB) && defined(WOLFSSL_AES_128) - { - AES_KEY enc; - AES_KEY dec; - - const byte setIv[] = { - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f - }; - - const byte key[] = - { - 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, - 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c - }; - - const byte cipher1[] = - { - 0x3b,0x3f,0xd9,0x2e,0xb7,0x2d,0xad,0x20, - 0x33,0x34,0x49,0xf8,0xe8,0x3c,0xfb,0x4a, - 0xc8,0xa6,0x45,0x37,0xa0,0xb3,0xa9,0x3f, - 0xcd,0xe3,0xcd,0xad,0x9f,0x1c,0xe5,0x8b - }; - - const byte msg[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, - 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, - 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51 - }; - - byte cipher[AES_BLOCK_SIZE * 2]; - byte iv[AES_BLOCK_SIZE]; /* iv buffer is updeated by API */ - int num = 0; - - XMEMCPY(iv, setIv, sizeof(setIv)); - wolfSSL_AES_set_encrypt_key(key, sizeof(key) * 8, &enc); - wolfSSL_AES_set_encrypt_key(key, sizeof(key) * 8, &dec); - - wolfSSL_AES_cfb128_encrypt(msg, cipher, AES_BLOCK_SIZE - 1, &enc, iv, - &num, AES_ENCRYPT); - - if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE - 1)) - return -8319; - - if (num != 15) /* should have used 15 of the 16 bytes */ - return -8320; - - wolfSSL_AES_cfb128_encrypt(msg + AES_BLOCK_SIZE - 1, - cipher + AES_BLOCK_SIZE - 1, AES_BLOCK_SIZE + 1, &enc, iv, - &num, AES_ENCRYPT); - - if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2)) - return -8321; - - if (num != 0) - return -8322; - } -#endif /* WOLFSSL_AES_CFB && WOLFSSL_AES_128 */ - return 0; -} - - -#endif /* !defined(NO_AES) && !defined(WOLFCRYPT_ONLY) */ - -static int openssl_test(void) -{ - EVP_MD_CTX md_ctx; - testVector a, b, c, d, e, f; - byte hash[WC_SHA256_DIGEST_SIZE*2]; /* max size */ - - a.inLen = 0; - b.inLen = c.inLen = d.inLen = e.inLen = f.inLen = a.inLen; - - (void)a; - (void)b; - (void)c; - (void)d; - (void)e; - (void)f; - - /* test malloc / free , 10 is an arbitrary amount of memory chosen */ - { - byte* p; - p = (byte*)CRYPTO_malloc(10); - if (p == NULL) { - return -8400; - } - XMEMSET(p, 0, 10); - CRYPTO_free(p); - } - -#ifndef NO_MD5 - - a.input = "1234567890123456789012345678901234567890123456789012345678" - "9012345678901234567890"; - a.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6" - "\x7a"; - a.inLen = XSTRLEN(a.input); - a.outLen = WC_MD5_DIGEST_SIZE; - - EVP_MD_CTX_init(&md_ctx); - EVP_DigestInit(&md_ctx, EVP_md5()); - - EVP_DigestUpdate(&md_ctx, a.input, (unsigned long)a.inLen); - EVP_DigestFinal(&md_ctx, hash, 0); - - if (XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0) - return -8401; - -#endif /* NO_MD5 */ - -#ifndef NO_SHA - - b.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - "aaaaaaaaaa"; - b.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7" - "\x53\x99\x5E\x26\xA0"; - b.inLen = XSTRLEN(b.input); - b.outLen = WC_SHA_DIGEST_SIZE; - - EVP_MD_CTX_init(&md_ctx); - EVP_DigestInit(&md_ctx, EVP_sha1()); - - EVP_DigestUpdate(&md_ctx, b.input, (unsigned long)b.inLen); - EVP_DigestFinal(&md_ctx, hash, 0); - - if (XMEMCMP(hash, b.output, WC_SHA_DIGEST_SIZE) != 0) - return -8402; - -#endif /* NO_SHA */ - -#ifdef WOLFSSL_SHA224 - - e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" - "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; - e.output = "\xc9\x7c\xa9\xa5\x59\x85\x0c\xe9\x7a\x04\xa9\x6d\xef\x6d\x99" - "\xa9\xe0\xe0\xe2\xab\x14\xe6\xb8\xdf\x26\x5f\xc0\xb3"; - e.inLen = XSTRLEN(e.input); - e.outLen = WC_SHA224_DIGEST_SIZE; - - EVP_MD_CTX_init(&md_ctx); - EVP_DigestInit(&md_ctx, EVP_sha224()); - - EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen); - EVP_DigestFinal(&md_ctx, hash, 0); - - if (XMEMCMP(hash, e.output, WC_SHA224_DIGEST_SIZE) != 0) - return -8403; - -#endif /* WOLFSSL_SHA224 */ - - - d.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; - d.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60" - "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB" - "\x06\xC1"; - d.inLen = XSTRLEN(d.input); - d.outLen = WC_SHA256_DIGEST_SIZE; - - EVP_MD_CTX_init(&md_ctx); - EVP_DigestInit(&md_ctx, EVP_sha256()); - - EVP_DigestUpdate(&md_ctx, d.input, (unsigned long)d.inLen); - EVP_DigestFinal(&md_ctx, hash, 0); - - if (XMEMCMP(hash, d.output, WC_SHA256_DIGEST_SIZE) != 0) - return -8404; - -#ifdef WOLFSSL_SHA384 - - e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" - "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; - e.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b" - "\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0" - "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91" - "\x74\x60\x39"; - e.inLen = XSTRLEN(e.input); - e.outLen = WC_SHA384_DIGEST_SIZE; - - EVP_MD_CTX_init(&md_ctx); - EVP_DigestInit(&md_ctx, EVP_sha384()); - - EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen); - EVP_DigestFinal(&md_ctx, hash, 0); - - if (XMEMCMP(hash, e.output, WC_SHA384_DIGEST_SIZE) != 0) - return -8405; - -#endif /* WOLFSSL_SHA384 */ - - -#ifdef WOLFSSL_SHA512 - - f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" - "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; - f.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14" - "\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88" - "\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4" - "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b" - "\x87\x4b\xe9\x09"; - f.inLen = XSTRLEN(f.input); - f.outLen = WC_SHA512_DIGEST_SIZE; - - EVP_MD_CTX_init(&md_ctx); - EVP_DigestInit(&md_ctx, EVP_sha512()); - - EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen); - EVP_DigestFinal(&md_ctx, hash, 0); - - if (XMEMCMP(hash, f.output, WC_SHA512_DIGEST_SIZE) != 0) - return -8406; - -#endif /* WOLFSSL_SHA512 */ -#ifdef WOLFSSL_SHA3 -#ifndef WOLFSSL_NOSHA3_224 - - e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" - "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; - e.output = "\x54\x3e\x68\x68\xe1\x66\x6c\x1a\x64\x36\x30\xdf\x77\x36\x7a\xe5\xa6\x2a\x85\x07\x0a\x51\xc1\x4c\xbf\x66\x5c\xbc"; - e.inLen = XSTRLEN(e.input); - e.outLen = WC_SHA3_224_DIGEST_SIZE; - - EVP_MD_CTX_init(&md_ctx); - EVP_DigestInit(&md_ctx, EVP_sha3_224()); - - EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen); - EVP_DigestFinal(&md_ctx, hash, 0); - - if (XMEMCMP(hash, e.output, WC_SHA3_224_DIGEST_SIZE) != 0) - return -8407; - -#endif /* WOLFSSL_NOSHA3_224 */ - - -#ifndef WOLFSSL_NOSHA3_256 - d.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" - "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; - d.output = "\x91\x6f\x60\x61\xfe\x87\x97\x41\xca\x64\x69\xb4\x39\x71\xdf" - "\xdb\x28\xb1\xa3\x2d\xc3\x6c\xb3\x25\x4e\x81\x2b\xe2\x7a\xad" - "\x1d\x18"; - d.inLen = XSTRLEN(d.input); - d.outLen = WC_SHA3_256_DIGEST_SIZE; - - EVP_MD_CTX_init(&md_ctx); - EVP_DigestInit(&md_ctx, EVP_sha3_256()); - - EVP_DigestUpdate(&md_ctx, d.input, (unsigned long)d.inLen); - EVP_DigestFinal(&md_ctx, hash, 0); - - if (XMEMCMP(hash, d.output, WC_SHA3_256_DIGEST_SIZE) != 0) - return -8408; -#endif /* WOLFSSL_NOSHA3_256 */ - - - e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" - "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; - e.output = "\x79\x40\x7d\x3b\x59\x16\xb5\x9c\x3e\x30\xb0\x98\x22\x97\x47\x91\xc3\x13\xfb\x9e\xcc\x84\x9e\x40\x6f\x23\x59\x2d\x04\xf6\x25\xdc\x8c\x70\x9b\x98\xb4\x3b\x38\x52\xb3\x37\x21\x61\x79\xaa\x7f\xc7"; - e.inLen = XSTRLEN(e.input); - e.outLen = WC_SHA3_384_DIGEST_SIZE; - - EVP_MD_CTX_init(&md_ctx); - EVP_DigestInit(&md_ctx, EVP_sha3_384()); - - EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen); - EVP_DigestFinal(&md_ctx, hash, 0); - - if (XMEMCMP(hash, e.output, WC_SHA3_384_DIGEST_SIZE) != 0) - return -8409; - - - -#ifndef WOLFSSL_NOSHA3_512 - - f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" - "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; - f.output = "\xaf\xeb\xb2\xef\x54\x2e\x65\x79\xc5\x0c\xad\x06\xd2\xe5\x78\xf9\xf8\xdd\x68\x81\xd7\xdc\x82\x4d\x26\x36\x0f\xee\xbf\x18\xa4\xfa\x73\xe3\x26\x11\x22\x94\x8e\xfc\xfd\x49\x2e\x74\xe8\x2e\x21\x89\xed\x0f\xb4\x40\xd1\x87\xf3\x82\x27\x0c\xb4\x55\xf2\x1d\xd1\x85"; - f.inLen = XSTRLEN(f.input); - f.outLen = WC_SHA3_512_DIGEST_SIZE; - - EVP_MD_CTX_init(&md_ctx); - EVP_DigestInit(&md_ctx, EVP_sha3_512()); - - EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen); - EVP_DigestFinal(&md_ctx, hash, 0); - - if (XMEMCMP(hash, f.output, WC_SHA3_512_DIGEST_SIZE) != 0) - return -8410; - -#endif /* WOLFSSL_NOSHA3_512 */ -#endif /* WOLFSSL_SHA3 */ - -#ifndef NO_MD5 - if (RAND_bytes(hash, sizeof(hash)) != 1) - return -8411; - - c.input = "what do ya want for nothing?"; - c.output = "\x55\x78\xe8\x48\x4b\xcc\x93\x80\x93\xec\x53\xaf\x22\xd6\x14" - "\x76"; - c.inLen = XSTRLEN(c.input); - c.outLen = WC_MD5_DIGEST_SIZE; - - HMAC(EVP_md5(), - "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen, hash, 0); - - if (XMEMCMP(hash, c.output, WC_MD5_DIGEST_SIZE) != 0) - return -8412; - -#endif /* NO_MD5 */ - -#ifndef NO_DES3 - { /* des test */ - const byte vector[] = { /* "now is the time for all " w/o trailing 0 */ - 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, - 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, - 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 - }; - - byte plain[24]; - byte cipher[24]; - - const_DES_cblock key = - { - 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef - }; - - DES_cblock iv = - { - 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef - }; - - DES_key_schedule sched; - - const byte verify[] = - { - 0x8b,0x7c,0x52,0xb0,0x01,0x2b,0x6c,0xb8, - 0x4f,0x0f,0xeb,0xf3,0xfb,0x5f,0x86,0x73, - 0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b - }; - - DES_key_sched(&key, &sched); - - DES_cbc_encrypt(vector, cipher, sizeof(vector), &sched, &iv, DES_ENCRYPT); - DES_cbc_encrypt(cipher, plain, sizeof(vector), &sched, &iv, DES_DECRYPT); - - if (XMEMCMP(plain, vector, sizeof(vector)) != 0) - return -8413; - - if (XMEMCMP(cipher, verify, sizeof(verify)) != 0) - return -8414; - - /* test changing iv */ - DES_ncbc_encrypt(vector, cipher, 8, &sched, &iv, DES_ENCRYPT); - DES_ncbc_encrypt(vector + 8, cipher + 8, 16, &sched, &iv, DES_ENCRYPT); - - if (XMEMCMP(cipher, verify, sizeof(verify)) != 0) - return -8415; - - } /* end des test */ - -#endif /* NO_DES3 */ - -#if !defined(NO_AES) && !defined(WOLFCRYPT_ONLY) - if (openssl_aes_test() != 0) { - return -8416; - } - -#if defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC) - { /* evp_cipher test: EVP_aes_128_cbc */ - EVP_CIPHER_CTX ctx; - int idx, cipherSz, plainSz; - - const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */ - 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, - 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, - 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 - }; - - const byte verify[] = - { - 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53, - 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb, - 0x3b,0x5d,0x41,0x97,0x94,0x25,0xa4,0xb4, - 0xae,0x7b,0x34,0xd0,0x3f,0x0c,0xbc,0x06 - }; - - const byte verify2[] = - { - 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53, - 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb, - 0x7d,0x37,0x7b,0x0b,0x44,0xaa,0xb5,0xf0, - 0x5f,0x34,0xb4,0xde,0xb5,0xbd,0x2a,0xbb - }; - - byte key[] = "0123456789abcdef "; /* align */ - byte iv[] = "1234567890abcdef "; /* align */ - - byte cipher[AES_BLOCK_SIZE * 4]; - byte plain [AES_BLOCK_SIZE * 4]; - - EVP_CIPHER_CTX_init(&ctx); - if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 1) == 0) - return -8417; - - if (EVP_CipherUpdate(&ctx, cipher, &idx, (byte*)msg, sizeof(msg)) == 0) - return -8418; - - cipherSz = idx; - if (EVP_CipherFinal(&ctx, cipher + cipherSz, &idx) == 0) - return -8419; - cipherSz += idx; - - if ((cipherSz != (int)sizeof(verify)) && - XMEMCMP(cipher, verify, cipherSz)) - return -8420; - - EVP_CIPHER_CTX_init(&ctx); - if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 0) == 0) - return -8421; - - /* check partial decrypt (not enough padding for full block) */ - if (EVP_CipherUpdate(&ctx, plain, &idx, cipher, 1) == 0) - return -8422; - - plainSz = idx; - if (EVP_CipherFinal(&ctx, plain + plainSz, &idx) != 0) - return -8423; - - EVP_CIPHER_CTX_init(&ctx); - if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 0) == 0) - return -8424; - - if (EVP_CipherUpdate(&ctx, plain, &idx, cipher, cipherSz) == 0) - return -8425; - - plainSz = idx; - if (EVP_CipherFinal(&ctx, plain + plainSz, &idx) == 0) - return -8426; - plainSz += idx; - - if ((plainSz != sizeof(msg)) || XMEMCMP(plain, msg, sizeof(msg))) - return -8427; - - EVP_CIPHER_CTX_init(&ctx); - if (EVP_CipherInit(&ctx, EVP_aes_128_cbc(), key, iv, 1) == 0) - return -8428; - - if (EVP_CipherUpdate(&ctx, cipher, &idx, msg, AES_BLOCK_SIZE) == 0) - return -8429; - - cipherSz = idx; - if (EVP_CipherFinal(&ctx, cipher + cipherSz, &idx) == 0) - return -8430; - cipherSz += idx; - - if ((cipherSz != (int)sizeof(verify2)) || - XMEMCMP(cipher, verify2, cipherSz)) - return -8431; - - } /* end evp_cipher test: EVP_aes_128_cbc*/ -#endif /* WOLFSSL_AES_128 && HAVE_AES_CBC */ - -#if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256) - { /* evp_cipher test: EVP_aes_256_ecb*/ - EVP_CIPHER_CTX ctx; - const byte msg[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a - }; - - const byte verify[] = - { - 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c, - 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 - }; - - const byte key[] = - { - 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, - 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, - 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, - 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 - }; - - - byte cipher[AES_BLOCK_SIZE * 4]; - byte plain [AES_BLOCK_SIZE * 4]; - - EVP_CIPHER_CTX_init(&ctx); - if (EVP_CipherInit(&ctx, EVP_aes_256_ecb(), (unsigned char*)key, - NULL, 1) == 0) - return -8432; - - if (EVP_Cipher(&ctx, cipher, (byte*)msg, 16) == 0) - return -8433; - - if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) - return -8434; - - EVP_CIPHER_CTX_init(&ctx); - if (EVP_CipherInit(&ctx, EVP_aes_256_ecb(), (unsigned char*)key, - NULL, 0) == 0) - return -8435; - - if (EVP_Cipher(&ctx, plain, cipher, 16) == 0) - return -8436; - - if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) - return -8437; - - } /* end evp_cipher test */ -#endif /* HAVE_AES_ECB && WOLFSSL_AES_128 */ - -#define OPENSSL_TEST_ERROR (-10000) - - -#if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256) - /* enable HAVE_AES_DECRYPT for AES_encrypt/decrypt */ -{ - - /* Test: AES_encrypt/decrypt/set Key */ - AES_KEY enc; -#ifdef HAVE_AES_DECRYPT - AES_KEY dec; -#endif - - const byte msg[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a - }; - - const byte verify[] = - { - 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c, - 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 - }; - - const byte key[] = - { - 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, - 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, - 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, - 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 - }; - - byte plain[sizeof(msg)]; - byte cipher[sizeof(msg)]; - - printf("openSSL extra test\n") ; - - - AES_set_encrypt_key(key, sizeof(key)*8, &enc); - AES_set_decrypt_key(key, sizeof(key)*8, &dec); - - AES_encrypt(msg, cipher, &enc); - -#ifdef HAVE_AES_DECRYPT - AES_decrypt(cipher, plain, &dec); - if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) - return OPENSSL_TEST_ERROR-60; -#endif /* HAVE_AES_DECRYPT */ - - if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) - return OPENSSL_TEST_ERROR-61; -} - -#endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */ - -/* EVP_Cipher with EVP_aes_xxx_ctr() */ -#ifdef WOLFSSL_AES_COUNTER -{ - byte plainBuff [64]; - byte cipherBuff[64]; - -#ifdef WOLFSSL_AES_128 - const byte ctrKey[] = - { - 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, - 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c - }; - - const byte ctrIv[] = - { - 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, - 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff - }; - - const byte ctrPlain[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, - 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, - 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, - 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, - 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, - 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, - 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 - }; - - const byte ctrCipher[] = - { - 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26, - 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce, - 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff, - 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff, - 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e, - 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab, - 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1, - 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee - }; - - const byte oddCipher[] = - { - 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0, - 0xc2 - }; -#endif /* WOLFSSL_AES_128 */ - -#ifdef WOLFSSL_AES_192 - /* test vector from "Recommendation for Block Cipher Modes of Operation" - * NIST Special Publication 800-38A */ - const byte ctr192Key[] = - { - 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52, - 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5, - 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b - }; - - const byte ctr192Iv[] = - { - 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, - 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff - }; - - - const byte ctr192Plain[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a - }; - - const byte ctr192Cipher[] = - { - 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2, - 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b - }; -#endif /* WOLFSSL_AES_192 */ - -#ifdef WOLFSSL_AES_256 - /* test vector from "Recommendation for Block Cipher Modes of Operation" - * NIST Special Publication 800-38A */ - const byte ctr256Key[] = - { - 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, - 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, - 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, - 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 - }; - - const byte ctr256Iv[] = - { - 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, - 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff - }; - - - const byte ctr256Plain[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a - }; - - const byte ctr256Cipher[] = - { - 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5, - 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28 - }; -#endif /* WOLFSSL_AES_256 */ - - EVP_CIPHER_CTX en; - EVP_CIPHER_CTX de; -#ifdef WOLFSSL_AES_128 - EVP_CIPHER_CTX *p_en; - EVP_CIPHER_CTX *p_de; - - EVP_CIPHER_CTX_init(&en); - if (EVP_CipherInit(&en, EVP_aes_128_ctr(), - (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -8438; - if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, - AES_BLOCK_SIZE*4) == 0) - return -8439; - EVP_CIPHER_CTX_init(&de); - if (EVP_CipherInit(&de, EVP_aes_128_ctr(), - (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -8440; - - if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, - AES_BLOCK_SIZE*4) == 0) - return -8441; - - if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4)) - return -8442; - if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4)) - return -8443; - - p_en = wolfSSL_EVP_CIPHER_CTX_new(); - if(p_en == NULL)return -8444; - p_de = wolfSSL_EVP_CIPHER_CTX_new(); - if(p_de == NULL)return -8445; - - if (EVP_CipherInit(p_en, EVP_aes_128_ctr(), - (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -8446; - if (EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain, - AES_BLOCK_SIZE*4) == 0) - return -8447; - if (EVP_CipherInit(p_de, EVP_aes_128_ctr(), - (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -8448; - - if (EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff, - AES_BLOCK_SIZE*4) == 0) - return -8449; - - wolfSSL_EVP_CIPHER_CTX_free(p_en); - wolfSSL_EVP_CIPHER_CTX_free(p_de); - - if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4)) - return -8450; - if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4)) - return -8451; - - EVP_CIPHER_CTX_init(&en); - if (EVP_CipherInit(&en, EVP_aes_128_ctr(), - (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -8452; - if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, 9) == 0) - return -8453; - - EVP_CIPHER_CTX_init(&de); - if (EVP_CipherInit(&de, EVP_aes_128_ctr(), - (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) - return -8454; - - if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, 9) == 0) - return -8455; - - if (XMEMCMP(plainBuff, ctrPlain, 9)) - return -8456; - if (XMEMCMP(cipherBuff, ctrCipher, 9)) - return -8457; - - if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctrPlain, 9) == 0) - return -8458; - if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, 9) == 0) - return -8459; - - if (XMEMCMP(plainBuff, ctrPlain, 9)) - return -8460; - if (XMEMCMP(cipherBuff, oddCipher, 9)) - return -8461; -#endif /* WOLFSSL_AES_128 */ - -#ifdef WOLFSSL_AES_192 - EVP_CIPHER_CTX_init(&en); - if (EVP_CipherInit(&en, EVP_aes_192_ctr(), - (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0) - return -8462; - if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctr192Plain, - AES_BLOCK_SIZE) == 0) - return -8463; - EVP_CIPHER_CTX_init(&de); - if (EVP_CipherInit(&de, EVP_aes_192_ctr(), - (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0) - return -8464; - - XMEMSET(plainBuff, 0, sizeof(plainBuff)); - if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, - AES_BLOCK_SIZE) == 0) - return -8465; - - if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain))) - return -8466; - if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher))) - return -8467; -#endif /* WOLFSSL_AES_192 */ - -#ifdef WOLFSSL_AES_256 - EVP_CIPHER_CTX_init(&en); - if (EVP_CipherInit(&en, EVP_aes_256_ctr(), - (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0) - return -8468; - if (EVP_Cipher(&en, (byte*)cipherBuff, (byte*)ctr256Plain, - AES_BLOCK_SIZE) == 0) - return -8469; - EVP_CIPHER_CTX_init(&de); - if (EVP_CipherInit(&de, EVP_aes_256_ctr(), - (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0) - return -8470; - - XMEMSET(plainBuff, 0, sizeof(plainBuff)); - if (EVP_Cipher(&de, (byte*)plainBuff, (byte*)cipherBuff, - AES_BLOCK_SIZE) == 0) - return -8471; - - if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain))) - return -8472; - if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher))) - return -8473; -#endif /* WOLFSSL_AES_256 */ -} -#endif /* HAVE_AES_COUNTER */ - -#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) -{ - /* EVP_CipherUpdate test */ - - - const byte cbcPlain[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, - 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, - 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, - 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, - 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, - 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, - 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 - }; - - byte key[] = "0123456789abcdef "; /* align */ - byte iv[] = "1234567890abcdef "; /* align */ - - byte cipher[AES_BLOCK_SIZE * 4]; - byte plain [AES_BLOCK_SIZE * 4]; - EVP_CIPHER_CTX en; - EVP_CIPHER_CTX de; - int outlen ; - int total = 0; - - EVP_CIPHER_CTX_init(&en); - if (EVP_CipherInit(&en, EVP_aes_128_cbc(), - (unsigned char*)key, (unsigned char*)iv, 1) == 0) - return -8474; - /* openSSL compatibility, if(inlen == 0)return 1; */ - if (EVP_CipherUpdate(&en, (byte*)cipher, &outlen, - (byte*)cbcPlain, 0) != 1) - return -8475; - - EVP_CIPHER_CTX_init(&en); - if (EVP_CipherInit(&en, EVP_aes_128_cbc(), - (unsigned char*)key, (unsigned char*)iv, 1) == 0) - return -8476; - if (EVP_CipherUpdate(&en, (byte*)cipher, &outlen, - (byte*)cbcPlain, 9) == 0) - return -8477; - if(outlen != 0) - return -8478; - total += outlen; - - if (EVP_CipherUpdate(&en, (byte*)&cipher[total], &outlen, - (byte*)&cbcPlain[9] , 9) == 0) - return -8479; - if(outlen != 16) - return -8480; - total += outlen; - - if (EVP_CipherFinal(&en, (byte*)&cipher[total], &outlen) == 0) - return -8481; - if(outlen != 16) - return -8482; - total += outlen; - if(total != 32) - return -8483; - - total = 0; - EVP_CIPHER_CTX_init(&de); - if (EVP_CipherInit(&de, EVP_aes_128_cbc(), - (unsigned char*)key, (unsigned char*)iv, 0) == 0) - return -8484; - - if (EVP_CipherUpdate(&de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0) - return -8485; - if(outlen != 0) - return -8486; - total += outlen; - - if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, - (byte*)&cipher[6], 12) == 0) - return -8487; - if(outlen != 0) - total += outlen; - - if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, - (byte*)&cipher[6+12], 14) == 0) - return -8488; - if(outlen != 16) - return -8489; - total += outlen; - - if (EVP_CipherFinal(&de, (byte*)&plain[total], &outlen) == 0) - return -8490; - if(outlen != 2) - return -8491; - total += outlen; - - if(total != 18) - return -8492; - - if (XMEMCMP(plain, cbcPlain, 18)) - return -8493; - - total = 0; - EVP_CIPHER_CTX_init(&en); - if (EVP_EncryptInit(&en, EVP_aes_128_cbc(), - (unsigned char*)key, (unsigned char*)iv) == 0) - return -8494; - if (EVP_CipherUpdate(&en, (byte*)cipher, &outlen, (byte*)cbcPlain, 9) == 0) - return -8495; - if(outlen != 0) - return -8496; - total += outlen; - - if (EVP_CipherUpdate(&en, (byte*)&cipher[total], &outlen, (byte*)&cbcPlain[9] , 9) == 0) - return -8497; - if(outlen != 16) - return -8498; - total += outlen; - - if (EVP_EncryptFinal(&en, (byte*)&cipher[total], &outlen) == 0) - return -8499; - if(outlen != 16) - return -8500; - total += outlen; - if(total != 32) - return 3438; - - total = 0; - EVP_CIPHER_CTX_init(&de); - if (EVP_DecryptInit(&de, EVP_aes_128_cbc(), - (unsigned char*)key, (unsigned char*)iv) == 0) - return -8501; - - if (EVP_CipherUpdate(&de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0) - return -8502; - if(outlen != 0) - return -8503; - total += outlen; - - if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, (byte*)&cipher[6], 12) == 0) - return -8504; - if(outlen != 0) - total += outlen; - - if (EVP_CipherUpdate(&de, (byte*)&plain[total], &outlen, (byte*)&cipher[6+12], 14) == 0) - return -8505; - if(outlen != 16) - return -8506; - total += outlen; - - if (EVP_DecryptFinal(&de, (byte*)&plain[total], &outlen) == 0) - return -8507; - if(outlen != 2) - return -8508; - total += outlen; - - if(total != 18) - return 3447; - - if (XMEMCMP(plain, cbcPlain, 18)) - return -8509; - - if (EVP_CIPHER_key_length(NULL) != 0) - return -8510; - - if (EVP_CIPHER_key_length(EVP_aes_128_cbc()) != 16) - return -8511; - - if (EVP_CIPHER_CTX_mode(NULL) != 0) - return -8512; - - if (EVP_CIPHER_CTX_mode(&en) != (en.flags & WOLFSSL_EVP_CIPH_MODE)) - return -8513; - - EVP_CIPHER_CTX_init(&en); - if (EVP_CipherInit_ex(&en, EVP_aes_128_cbc(), NULL, - (unsigned char*)key, (unsigned char*)iv, 0) == 0) - return -8514; - - EVP_CIPHER_CTX_init(&en); - if (EVP_EncryptInit_ex(&en, EVP_aes_128_cbc(), NULL, - (unsigned char*)key, (unsigned char*)iv) == 0) - return -8515; - - if (wolfSSL_EVP_EncryptFinal_ex(NULL, NULL, NULL) != WOLFSSL_FAILURE) - return -8516; - - if (wolfSSL_EVP_EncryptFinal(NULL, NULL, NULL) != WOLFSSL_FAILURE) - return -8517; - - EVP_CIPHER_CTX_init(&de); - if (EVP_DecryptInit_ex(&de, EVP_aes_128_cbc(), NULL, - (unsigned char*)key, (unsigned char*)iv) == 0) - return -8518; - - if (wolfSSL_EVP_DecryptFinal(NULL, NULL, NULL) != WOLFSSL_FAILURE) - return -8519; - - if (wolfSSL_EVP_DecryptFinal_ex(NULL, NULL, NULL) != WOLFSSL_FAILURE) - return -8520; - - if (EVP_CIPHER_CTX_block_size(NULL) != BAD_FUNC_ARG) - return -8521; - - EVP_CIPHER_CTX_init(&en); - EVP_EncryptInit_ex(&en, EVP_aes_128_cbc(), NULL, - (unsigned char*)key, (unsigned char*)iv); - if (EVP_CIPHER_CTX_block_size(&en) != en.block_size) - return -8522; - - if (EVP_CIPHER_block_size(NULL) != BAD_FUNC_ARG) - return -8523; - - if (EVP_CIPHER_block_size(EVP_aes_128_cbc()) != AES_BLOCK_SIZE) - return -8524; - - if (WOLFSSL_EVP_CIPHER_mode(NULL) != 0) - return -8525; - - if (EVP_CIPHER_flags(EVP_aes_128_cbc()) != WOLFSSL_EVP_CIPH_CBC_MODE) - return -8526; - - EVP_CIPHER_CTX_clear_flags(&en, 0xFFFFFFFF); - EVP_CIPHER_CTX_set_flags(&en, 42); - if (en.flags != 42) - return -8527; - - if (EVP_CIPHER_CTX_set_padding(NULL, 0) != BAD_FUNC_ARG) - return -8528; - if (EVP_CIPHER_CTX_set_padding(&en, 0) != WOLFSSL_SUCCESS) - return -8529; - if (EVP_CIPHER_CTX_set_padding(&en, 1) != WOLFSSL_SUCCESS) - return -8530; - - } -#endif /* WOLFSSL_AES_128 && HAVE_AES_CBC */ -#endif /* ifndef NO_AES */ - return 0; -} - -static int openSSL_evpMD_test(void) -{ - int ret = 0; -#if !defined(NO_SHA256) && !defined(NO_SHA) - WOLFSSL_EVP_MD_CTX* ctx; - WOLFSSL_EVP_MD_CTX* ctx2; - - ctx = EVP_MD_CTX_create(); - ctx2 = EVP_MD_CTX_create(); - - ret = EVP_DigestInit(ctx, EVP_sha256()); - if (ret != SSL_SUCCESS) { - ret = -8600; - goto openSSL_evpMD_test_done; - } - - ret = EVP_MD_CTX_copy(ctx2, ctx); - if (ret != SSL_SUCCESS) { - ret = -8601; - goto openSSL_evpMD_test_done; - } - - if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) { - ret = -8602; - goto openSSL_evpMD_test_done; - } - - ret = EVP_DigestInit(ctx, EVP_sha1()); - if (ret != SSL_SUCCESS) { - ret = -8603; - goto openSSL_evpMD_test_done; - } - - if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) { - ret = -8604; - goto openSSL_evpMD_test_done; - } - - ret = EVP_MD_CTX_copy_ex(ctx2, ctx); - if (ret != SSL_SUCCESS) { - ret = -8605; - goto openSSL_evpMD_test_done; - } - - if (EVP_MD_type(EVP_sha256()) == EVP_MD_CTX_type(ctx2)) { - ret = -8606; - goto openSSL_evpMD_test_done; - } - - if (EVP_MD_type(EVP_sha1()) != EVP_MD_CTX_type(ctx2)) { - ret = -8607; - goto openSSL_evpMD_test_done; - } - - if (EVP_DigestInit_ex(ctx, EVP_sha1(), NULL) != SSL_SUCCESS) { - ret = -8608; - goto openSSL_evpMD_test_done; - } - - if (EVP_add_digest(NULL) != 0) { - ret = -8609; - goto openSSL_evpMD_test_done; - } - - if (wolfSSL_EVP_add_cipher(NULL) != 0) { - ret = -8610; - goto openSSL_evpMD_test_done; - } - - ret = 0; /* got to success state without jumping to end with a fail */ - -openSSL_evpMD_test_done: - EVP_MD_CTX_destroy(ctx); - EVP_MD_CTX_destroy(ctx2); -#endif /* NO_SHA256 */ - - return ret; -} - -#ifdef DEBUG_SIGN -static void show(const char *title, const char *p, unsigned int s) { - char* i; - printf("%s: ", title); - for (i = p; - i < p + s; - printf("%c", *i), i++); - printf("\n"); -} -#else -#define show(a,b,c) -#endif - -#define FOURK_BUFF 4096 - -#define ERR_BASE_PKEY -5000 -static int openssl_pkey0_test(void) -{ - int ret = 0; -#if !defined(NO_RSA) && !defined(HAVE_USER_RSA) && !defined(NO_SHA) - byte* prvTmp; - byte* pubTmp; - int prvBytes; - int pubBytes; - RSA *prvRsa = NULL; - RSA *pubRsa = NULL; - EVP_PKEY *prvPkey = NULL; - EVP_PKEY *pubPkey = NULL; - EVP_PKEY_CTX *enc = NULL; - EVP_PKEY_CTX *dec = NULL; - - byte in[] = "Everyone gets Friday off."; - byte out[256]; - size_t outlen; - size_t keySz; - byte plain[256]; -#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) - XFILE keyFile; - XFILE keypubFile; - char cliKey[] = "./certs/client-key.der"; - char cliKeypub[] = "./certs/client-keyPub.der"; - -#endif - - prvTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (prvTmp == NULL) - return ERR_BASE_PKEY-1; - pubTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pubTmp == NULL) { - XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - return ERR_BASE_PKEY-2; - } - -#ifdef USE_CERT_BUFFERS_1024 - XMEMCPY(prvTmp, client_key_der_1024, sizeof_client_key_der_1024); - prvBytes = sizeof_client_key_der_1024; - XMEMCPY(pubTmp, client_keypub_der_1024, sizeof_client_keypub_der_1024); - pubBytes = sizeof_client_keypub_der_1024; -#elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(prvTmp, client_key_der_2048, sizeof_client_key_der_2048); - prvBytes = sizeof_client_key_der_2048; - XMEMCPY(pubTmp, client_keypub_der_2048, sizeof_client_keypub_der_2048); - pubBytes = sizeof_client_keypub_der_2048; -#else - keyFile = XFOPEN(cliKey, "rb"); - if (!keyFile) { - XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - err_sys("can't open ./certs/client-key.der, " - "Please run from wolfSSL home dir", ERR_BASE_PKEY-3); - return ERR_BASE_PKEY-3; - } - prvBytes = (int)XFREAD(prvTmp, 1, (int)FOURK_BUFF, keyFile); - XFCLOSE(keyFile); - keypubFile = XFOPEN(cliKeypub, "rb"); - if (!keypubFile) { - XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - err_sys("can't open ./certs/client-cert.der, " - "Please run from wolfSSL home dir", -4); - return ERR_BASE_PKEY-4; - } - pubBytes = (int)XFREAD(pubTmp, 1, (int)FOURK_BUFF, keypubFile); - XFCLOSE(keypubFile); -#endif /* USE_CERT_BUFFERS */ - - prvRsa = wolfSSL_RSA_new(); - pubRsa = wolfSSL_RSA_new(); - if((prvRsa == NULL) || (pubRsa == NULL)){ - printf("error with RSA_new\n"); - ret = ERR_BASE_PKEY-10; - goto openssl_pkey0_test_done; - } - - ret = wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE); - if(ret != SSL_SUCCESS){ - printf("error with RSA_LoadDer_ex\n"); - ret = ERR_BASE_PKEY-11; - goto openssl_pkey0_test_done; - } - - ret = wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC); - if(ret != SSL_SUCCESS){ - printf("error with RSA_LoadDer_ex\n"); - ret = ERR_BASE_PKEY-12; - goto openssl_pkey0_test_done; - } - keySz = (size_t)RSA_size(pubRsa); - - prvPkey = wolfSSL_EVP_PKEY_new(); - pubPkey = wolfSSL_EVP_PKEY_new(); - if((prvPkey == NULL) || (pubPkey == NULL)){ - printf("error with PKEY_new\n"); - ret = ERR_BASE_PKEY-13; - goto openssl_pkey0_test_done; - } - ret = wolfSSL_EVP_PKEY_set1_RSA(prvPkey, prvRsa); - ret += wolfSSL_EVP_PKEY_set1_RSA(pubPkey, pubRsa); - if(ret != 2){ - printf("error with PKEY_set1_RSA\n"); - ret = ERR_BASE_PKEY-14; - goto openssl_pkey0_test_done; - } - - dec = EVP_PKEY_CTX_new(prvPkey, NULL); - enc = EVP_PKEY_CTX_new(pubPkey, NULL); - if((dec == NULL)||(enc==NULL)){ - printf("error with EVP_PKEY_CTX_new\n"); - ret = ERR_BASE_PKEY-15; - goto openssl_pkey0_test_done; - } - - ret = EVP_PKEY_decrypt_init(dec); - if (ret != 1) { - printf("error with decrypt init\n"); - ret = ERR_BASE_PKEY-16; - goto openssl_pkey0_test_done; - } - ret = EVP_PKEY_encrypt_init(enc); - if (ret != 1) { - printf("error with encrypt init\n"); - ret = ERR_BASE_PKEY-17; - goto openssl_pkey0_test_done; - } - XMEMSET(out, 0, sizeof(out)); - ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in)); - if (ret != 1) { - printf("error encrypting msg\n"); - ret = ERR_BASE_PKEY-18; - goto openssl_pkey0_test_done; - } - - show("encrypted msg", out, outlen); - - XMEMSET(plain, 0, sizeof(plain)); - ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz); - if (ret != 1) { - printf("error decrypting msg\n"); - ret = ERR_BASE_PKEY-19; - goto openssl_pkey0_test_done; - } - show("decrypted msg", plain, outlen); - - /* RSA_PKCS1_OAEP_PADDING test */ - ret = EVP_PKEY_decrypt_init(dec); - if (ret != 1) { - printf("error with decrypt init\n"); - ret = ERR_BASE_PKEY-30; - goto openssl_pkey0_test_done; - } - ret = EVP_PKEY_encrypt_init(enc); - if (ret != 1) { - printf("error with encrypt init\n"); - ret = ERR_BASE_PKEY-31; - goto openssl_pkey0_test_done; - } - - if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_PADDING) <= 0) { - printf("first set rsa padding error\n"); - ret = ERR_BASE_PKEY-32; - goto openssl_pkey0_test_done; - } - -#ifndef HAVE_FIPS - if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){ - printf("second set rsa padding error\n"); - ret = ERR_BASE_PKEY-33; - goto openssl_pkey0_test_done; - } - - if (EVP_PKEY_CTX_set_rsa_padding(enc, RSA_PKCS1_OAEP_PADDING) <= 0) { - printf("third set rsa padding error\n"); - ret = ERR_BASE_PKEY-34; - goto openssl_pkey0_test_done; - } -#endif - - XMEMSET(out, 0, sizeof(out)); - ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in)); - if (ret != 1) { - printf("error encrypting msg\n"); - ret = ERR_BASE_PKEY-35; - goto openssl_pkey0_test_done; - } - - show("encrypted msg", out, outlen); - - XMEMSET(plain, 0, sizeof(plain)); - ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz); - if (ret != 1) { - printf("error decrypting msg\n"); - ret = ERR_BASE_PKEY-36; - goto openssl_pkey0_test_done; - } - - show("decrypted msg", plain, outlen); - - ret = 0; /* made it to this point without error then set success */ -openssl_pkey0_test_done: - - wolfSSL_RSA_free(prvRsa); - wolfSSL_RSA_free(pubRsa); - EVP_PKEY_free(pubPkey); - EVP_PKEY_free(prvPkey); - EVP_PKEY_CTX_free(dec); - EVP_PKEY_CTX_free(enc); - XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); -#endif /* NO_RSA */ - - return ret; -} - - -static int openssl_pkey1_test(void) -{ - int ret = 0; -#if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \ - !defined(NO_SHA) - EVP_PKEY_CTX* dec = NULL; - EVP_PKEY_CTX* enc = NULL; - EVP_PKEY* pubKey = NULL; - EVP_PKEY* prvKey = NULL; - X509* x509; - - const unsigned char msg[] = "sugar slapped"; - const unsigned char* clikey; - unsigned char tmp[FOURK_BUF]; - long cliKeySz; - unsigned char cipher[RSA_TEST_BYTES]; - unsigned char plain[RSA_TEST_BYTES]; - size_t outlen; - int keyLenBits = 2048; - -#if defined(USE_CERT_BUFFERS_1024) - XMEMCPY(tmp, client_key_der_1024, sizeof_client_key_der_1024); - cliKeySz = (long)sizeof_client_key_der_1024; - - x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_1024, - sizeof_client_cert_der_1024, SSL_FILETYPE_ASN1); - keyLenBits = 1024; -#elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(tmp, client_key_der_2048, sizeof_client_key_der_2048); - cliKeySz = (long)sizeof_client_key_der_2048; - - x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_2048, - sizeof_client_cert_der_2048, SSL_FILETYPE_ASN1); -#elif defined(USE_CERT_BUFFERS_3072) - XMEMCPY(tmp, client_key_der_3072, sizeof_client_key_der_3072); - cliKeySz = (long)sizeof_client_key_der_3072; - - x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_3072, - sizeof_client_cert_der_3072, SSL_FILETYPE_ASN1); - keyLenBits = 3072; -#elif defined(USE_CERT_BUFFERS_4096) - XMEMCPY(tmp, client_key_der_4096, sizeof_client_key_der_4096); - cliKeySz = (long)sizeof_client_key_der_4096; - - x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_4096, - sizeof_client_cert_der_4096, SSL_FILETYPE_ASN1); - keyLenBits = 4096; -#else - XFILE f; - - f = XFOPEN(clientKey, "rb"); - - if (!f) { - err_sys("can't open ./certs/client-key.der, " - "Please run from wolfSSL home dir", -41); - return -8800; - } - - cliKeySz = (long)XFREAD(tmp, 1, FOURK_BUF, f); - XFCLOSE(f); - - /* using existing wolfSSL api to get public and private key */ - x509 = wolfSSL_X509_load_certificate_file(clientCert, SSL_FILETYPE_ASN1); -#endif /* USE_CERT_BUFFERS */ - clikey = tmp; - - if ((prvKey = EVP_PKEY_new()) == NULL) { - return -8801; - } - EVP_PKEY_free(prvKey); - prvKey = NULL; - - if (x509 == NULL) { - ret = -8802; - goto openssl_pkey1_test_done; - } - - pubKey = X509_get_pubkey(x509); - if (pubKey == NULL) { - ret = -8803; - goto openssl_pkey1_test_done; - } - - prvKey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &clikey, cliKeySz); - if (prvKey == NULL) { - ret = -8804; - goto openssl_pkey1_test_done; - } - - /* phase 2 API to create EVP_PKEY_CTX and encrypt/decrypt */ - if (EVP_PKEY_bits(prvKey) != keyLenBits) { - ret = -8805; - goto openssl_pkey1_test_done; - } - - if (EVP_PKEY_size(prvKey) != keyLenBits/8) { - ret = -8806; - goto openssl_pkey1_test_done; - } - - dec = EVP_PKEY_CTX_new(prvKey, NULL); - enc = EVP_PKEY_CTX_new(pubKey, NULL); - if (dec == NULL || enc == NULL) { - ret = -8807; - goto openssl_pkey1_test_done; - } - - if (EVP_PKEY_decrypt_init(dec) != 1) { - ret = -8808; - goto openssl_pkey1_test_done; - } - - if (EVP_PKEY_encrypt_init(enc) != 1) { - ret = -8809; - goto openssl_pkey1_test_done; - } - - if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_PADDING) <= 0) { - ret = -8810; - goto openssl_pkey1_test_done; - } - -#ifndef HAVE_FIPS - if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){ - ret = -8811; - goto openssl_pkey1_test_done; - } - - if (EVP_PKEY_CTX_set_rsa_padding(enc, RSA_PKCS1_OAEP_PADDING) <= 0) { - ret = -8812; - goto openssl_pkey1_test_done; - } -#endif - - XMEMSET(cipher, 0, sizeof(cipher)); - outlen = keyLenBits/8; - if (EVP_PKEY_encrypt(enc, cipher, &outlen, msg, sizeof(msg)) < 0) { - ret = -8813; - goto openssl_pkey1_test_done; - } - - XMEMSET(plain, 0, sizeof(plain)); - if (EVP_PKEY_decrypt(dec, plain, &outlen, cipher, outlen) != 1) { - ret = -8814; - goto openssl_pkey1_test_done; - } - -openssl_pkey1_test_done: - if (pubKey != NULL) { - EVP_PKEY_free(pubKey); - } - if (prvKey != NULL) { - EVP_PKEY_free(prvKey); - } - if (dec != NULL) { - EVP_PKEY_CTX_free(dec); - } - if (enc != NULL) { - EVP_PKEY_CTX_free(enc); - } - if (x509 != NULL) { - X509_free(x509); - } - -#endif - return ret; -} - - -#define ERR_BASE_EVPSIG -5100 - -static int openssl_evpSig_test(void) -{ -#if !defined(NO_RSA) && !defined(NO_SHA) && !defined(HAVE_USER_RSA) - byte* prvTmp; - byte* pubTmp; - int prvBytes; - int pubBytes; - RSA *prvRsa; - RSA *pubRsa; - EVP_PKEY *prvPkey; - EVP_PKEY *pubPkey; - - EVP_MD_CTX* sign; - EVP_MD_CTX* verf; - char msg[] = "see spot run"; - unsigned char sig[256]; - unsigned int sigSz; - const void* pt; - unsigned int count; - int ret, ret1, ret2; - - #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) - XFILE keyFile; - XFILE keypubFile; - char cliKey[] = "./certs/client-key.der"; - char cliKeypub[] = "./certs/client-keyPub.der"; - #endif - - prvTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (prvTmp == NULL) - return ERR_BASE_EVPSIG-1; - pubTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pubTmp == NULL) { - XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return ERR_BASE_EVPSIG-2; - } - -#ifdef USE_CERT_BUFFERS_1024 - XMEMCPY(prvTmp, client_key_der_1024, sizeof_client_key_der_1024); - prvBytes = sizeof_client_key_der_1024; - XMEMCPY(pubTmp, client_keypub_der_1024, sizeof_client_keypub_der_1024); - pubBytes = sizeof_client_keypub_der_1024; -#elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(prvTmp, client_key_der_2048, sizeof_client_key_der_2048); - prvBytes = sizeof_client_key_der_2048; - XMEMCPY(pubTmp, client_keypub_der_2048, sizeof_client_keypub_der_2048); - pubBytes = sizeof_client_keypub_der_2048; -#else - keyFile = XFOPEN(cliKey, "rb"); - if (!keyFile) { - XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - err_sys("can't open ./certs/client-key.der, " - "Please run from wolfSSL home dir", -40); - return ERR_BASE_EVPSIG-3; - } - prvBytes = (int)XFREAD(prvTmp, 1, (int)FOURK_BUFF, keyFile); - XFCLOSE(keyFile); - keypubFile = XFOPEN(cliKeypub, "rb"); - if (!keypubFile) { - XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - err_sys("can't open ./certs/client-cert.der, " - "Please run from wolfSSL home dir", -41); - return ERR_BASE_EVPSIG-4; - } - pubBytes = (int)XFREAD(pubTmp, 1, (int)FOURK_BUFF, keypubFile); - XFCLOSE(keypubFile); - #endif /* USE_CERT_BUFFERS */ - - prvRsa = wolfSSL_RSA_new(); - pubRsa = wolfSSL_RSA_new(); - if((prvRsa == NULL) || (pubRsa == NULL)){ - XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - err_sys("ERROR with RSA_new", -8900); - return ERR_BASE_EVPSIG-5; - } - - ret1 = wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE); - ret2 = wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC); - if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){ - printf("error with RSA_LoadDer_ex\n"); - return ERR_BASE_EVPSIG-6; - } - - prvPkey = wolfSSL_EVP_PKEY_new(); - pubPkey = wolfSSL_EVP_PKEY_new(); - if((prvPkey == NULL) || (pubPkey == NULL)){ - XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - printf("error with KEY_new\n"); - return ERR_BASE_EVPSIG-7; - } - ret1 = wolfSSL_EVP_PKEY_set1_RSA(prvPkey, prvRsa); - ret2 = wolfSSL_EVP_PKEY_set1_RSA(pubPkey, pubRsa); - if((ret1 != 1) || (ret2 != 1)){ - XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - printf("error with EVP_PKEY_set1_RSA\n"); - return ERR_BASE_EVPSIG-8; - } - - /****************** sign and verify *******************/ - sign = EVP_MD_CTX_create(); - verf = EVP_MD_CTX_create(); - if((sign == NULL)||(verf == NULL)){ - printf("error with EVP_MD_CTX_create\n"); - EVP_MD_CTX_destroy(sign); - EVP_MD_CTX_destroy(verf); - return ERR_BASE_EVPSIG-10; - } - - ret = EVP_SignInit(sign, EVP_sha1()); - if (ret != SSL_SUCCESS){ - printf("error with EVP_SignInit\n"); - EVP_MD_CTX_destroy(sign); - EVP_MD_CTX_destroy(verf); - return ERR_BASE_EVPSIG-11; - } - - count = sizeof(msg); - show("message = ", (char *)msg, count); - - /* sign */ - XMEMSET(sig, 0, sizeof(sig)); - pt = (const void*)msg; - ret1 = EVP_SignUpdate(sign, pt, count); - ret2 = EVP_SignFinal(sign, sig, &sigSz, prvPkey); - if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){ - XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - EVP_MD_CTX_destroy(sign); - EVP_MD_CTX_destroy(verf); - printf("error with EVP_MD_CTX_create\n"); - return ERR_BASE_EVPSIG-12; - } - show("signature = ", (char *)sig, sigSz); - - /* verify */ - pt = (const void*)msg; - ret1 = EVP_VerifyInit(verf, EVP_sha1()); - ret2 = EVP_VerifyUpdate(verf, pt, count); - if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){ - XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - EVP_MD_CTX_destroy(sign); - EVP_MD_CTX_destroy(verf); - printf("error with EVP_Verify\n"); - return ERR_BASE_EVPSIG-13; - } - if (EVP_VerifyFinal(verf, sig, sigSz, pubPkey) != 1) { - XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - EVP_MD_CTX_destroy(sign); - EVP_MD_CTX_destroy(verf); - printf("error with EVP_VerifyFinal\n"); - return ERR_BASE_EVPSIG-14; - } - - /* expect fail without update */ - EVP_VerifyInit(verf, EVP_sha1()); - if (EVP_VerifyFinal(verf, sig, sigSz, pubPkey) == 1) { - XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - EVP_MD_CTX_destroy(sign); - EVP_MD_CTX_destroy(verf); - printf("EVP_VerifyInit without update not detected\n"); - return ERR_BASE_EVPSIG-15; - } - - XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - EVP_MD_CTX_destroy(sign); - EVP_MD_CTX_destroy(verf); - - wolfSSL_RSA_free(prvRsa); - wolfSSL_RSA_free(pubRsa); - EVP_PKEY_free(pubPkey); - EVP_PKEY_free(prvPkey); - -#endif /* NO_RSA */ - return 0; -} -#endif /* OPENSSL_EXTRA */ - - -#ifndef NO_PWDBASED -#ifdef HAVE_SCRYPT -/* Test vectors taken from RFC 7914: scrypt PBKDF - Section 12. */ -static int scrypt_test(void) -{ - int ret; - byte derived[64]; - - const byte verify1[] = { - 0x77, 0xd6, 0x57, 0x62, 0x38, 0x65, 0x7b, 0x20, - 0x3b, 0x19, 0xca, 0x42, 0xc1, 0x8a, 0x04, 0x97, - 0xf1, 0x6b, 0x48, 0x44, 0xe3, 0x07, 0x4a, 0xe8, - 0xdf, 0xdf, 0xfa, 0x3f, 0xed, 0xe2, 0x14, 0x42, - 0xfc, 0xd0, 0x06, 0x9d, 0xed, 0x09, 0x48, 0xf8, - 0x32, 0x6a, 0x75, 0x3a, 0x0f, 0xc8, 0x1f, 0x17, - 0xe8, 0xd3, 0xe0, 0xfb, 0x2e, 0x0d, 0x36, 0x28, - 0xcf, 0x35, 0xe2, 0x0c, 0x38, 0xd1, 0x89, 0x06 - }; - const byte verify2[] = { - 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00, - 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe, - 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30, - 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62, - 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88, - 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda, - 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d, - 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40 - }; -#if !defined(BENCH_EMBEDDED) && !defined(HAVE_INTEL_QA) - const byte verify3[] = { - 0x70, 0x23, 0xbd, 0xcb, 0x3a, 0xfd, 0x73, 0x48, - 0x46, 0x1c, 0x06, 0xcd, 0x81, 0xfd, 0x38, 0xeb, - 0xfd, 0xa8, 0xfb, 0xba, 0x90, 0x4f, 0x8e, 0x3e, - 0xa9, 0xb5, 0x43, 0xf6, 0x54, 0x5d, 0xa1, 0xf2, - 0xd5, 0x43, 0x29, 0x55, 0x61, 0x3f, 0x0f, 0xcf, - 0x62, 0xd4, 0x97, 0x05, 0x24, 0x2a, 0x9a, 0xf9, - 0xe6, 0x1e, 0x85, 0xdc, 0x0d, 0x65, 0x1e, 0x40, - 0xdf, 0xcf, 0x01, 0x7b, 0x45, 0x57, 0x58, 0x87 - }; -#endif -#ifdef SCRYPT_TEST_ALL - /* Test case is very slow. - * Use for confirmation after code change or new platform. - */ - const byte verify4[] = { - 0x21, 0x01, 0xcb, 0x9b, 0x6a, 0x51, 0x1a, 0xae, - 0xad, 0xdb, 0xbe, 0x09, 0xcf, 0x70, 0xf8, 0x81, - 0xec, 0x56, 0x8d, 0x57, 0x4a, 0x2f, 0xfd, 0x4d, - 0xab, 0xe5, 0xee, 0x98, 0x20, 0xad, 0xaa, 0x47, - 0x8e, 0x56, 0xfd, 0x8f, 0x4b, 0xa5, 0xd0, 0x9f, - 0xfa, 0x1c, 0x6d, 0x92, 0x7c, 0x40, 0xf4, 0xc3, - 0x37, 0x30, 0x40, 0x49, 0xe8, 0xa9, 0x52, 0xfb, - 0xcb, 0xf4, 0x5c, 0x6f, 0xa7, 0x7a, 0x41, 0xa4 - }; -#endif - - ret = wc_scrypt(derived, NULL, 0, NULL, 0, 4, 1, 1, sizeof(verify1)); - if (ret != 0) - return -9000; - if (XMEMCMP(derived, verify1, sizeof(verify1)) != 0) - return -9001; - - ret = wc_scrypt(derived, (byte*)"password", 8, (byte*)"NaCl", 4, 10, 8, 16, - sizeof(verify2)); - if (ret != 0) - return -9002; - if (XMEMCMP(derived, verify2, sizeof(verify2)) != 0) - return -9003; - - /* Don't run these test on embedded, since they use large mallocs */ -#if !defined(BENCH_EMBEDDED) && !defined(HAVE_INTEL_QA) - ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13, - (byte*)"SodiumChloride", 14, 14, 8, 1, sizeof(verify3)); - if (ret != 0) - return -9004; - if (XMEMCMP(derived, verify3, sizeof(verify3)) != 0) - return -9005; - -#ifdef SCRYPT_TEST_ALL - ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13, - (byte*)"SodiumChloride", 14, 20, 8, 1, sizeof(verify4)); - if (ret != 0) - return -9006; - if (XMEMCMP(derived, verify4, sizeof(verify4)) != 0) - return -9007; -#endif -#endif /* !BENCH_EMBEDDED && !HAVE_INTEL_QA */ - - ret = wc_scrypt_ex(derived, (byte*)"password", 8, (byte*)"NaCl", 4, 1<<10, - 8, 16, sizeof(verify2)); - if (ret != 0) - return -9008; - if (XMEMCMP(derived, verify2, sizeof(verify2)) != 0) - return -9009; - - return 0; -} -#endif - -#ifdef HAVE_PKCS12 -static int pkcs12_test(void) -{ - const byte passwd[] = { 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67, - 0x00, 0x00 }; - const byte salt[] = { 0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f }; - - const byte passwd2[] = { 0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65, - 0x00, 0x67, 0x00, 0x00 }; - const byte salt2[] = { 0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5 }; - byte derived[64]; - - const byte verify[] = { - 0x27, 0xE9, 0x0D, 0x7E, 0xD5, 0xA1, 0xC4, 0x11, - 0xBA, 0x87, 0x8B, 0xC0, 0x90, 0xF5, 0xCE, 0xBE, - 0x5E, 0x9D, 0x5F, 0xE3, 0xD6, 0x2B, 0x73, 0xAA - }; - - const byte verify2[] = { - 0x90, 0x1B, 0x49, 0x70, 0xF0, 0x94, 0xF0, 0xF8, - 0x45, 0xC0, 0xF3, 0xF3, 0x13, 0x59, 0x18, 0x6A, - 0x35, 0xE3, 0x67, 0xFE, 0xD3, 0x21, 0xFD, 0x7C - }; - - int id = 1; - int kLen = 24; - int iterations = 1; - int ret = wc_PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8, - iterations, kLen, WC_SHA256, id); - - if (ret < 0) - return -9100; - - if ( (ret = XMEMCMP(derived, verify, kLen)) != 0) - return -9101; - - iterations = 1000; - ret = wc_PKCS12_PBKDF(derived, passwd2, sizeof(passwd2), salt2, 8, - iterations, kLen, WC_SHA256, id); - if (ret < 0) - return -9102; - - ret = wc_PKCS12_PBKDF_ex(derived, passwd2, sizeof(passwd2), salt2, 8, - iterations, kLen, WC_SHA256, id, HEAP_HINT); - if (ret < 0) - return -9103; - - if ( (ret = XMEMCMP(derived, verify2, 24)) != 0) - return -9104; - - return 0; -} -#endif /* HAVE_PKCS12 */ - -#if defined(HAVE_PBKDF2) && !defined(NO_SHA256) -static int pbkdf2_test(void) -{ - char passwd[] = "passwordpassword"; - const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06 }; - int iterations = 2048; - int kLen = 24; - byte derived[64]; - - const byte verify[] = { - 0x43, 0x6d, 0xb5, 0xe8, 0xd0, 0xfb, 0x3f, 0x35, 0x42, 0x48, 0x39, 0xbc, - 0x2d, 0xd4, 0xf9, 0x37, 0xd4, 0x95, 0x16, 0xa7, 0x2a, 0x9a, 0x21, 0xd1 - }; - - int ret = wc_PBKDF2_ex(derived, (byte*)passwd, (int)XSTRLEN(passwd), salt, - (int)sizeof(salt), iterations, kLen, WC_SHA256, HEAP_HINT, devId); - if (ret != 0) - return ret; - - if (XMEMCMP(derived, verify, sizeof(verify)) != 0) - return -9200; - - return 0; - -} -#endif /* HAVE_PBKDF2 && !NO_SHA256 */ - -#if defined(HAVE_PBKDF1) && !defined(NO_SHA) -static int pbkdf1_test(void) -{ - char passwd[] = "password"; - const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06 }; - int iterations = 1000; - int kLen = 16; - byte derived[16]; - - const byte verify[] = { - 0xDC, 0x19, 0x84, 0x7E, 0x05, 0xC6, 0x4D, 0x2F, - 0xAF, 0x10, 0xEB, 0xFB, 0x4A, 0x3D, 0x2A, 0x20 - }; - - int ret = wc_PBKDF1_ex(derived, kLen, NULL, 0, (byte*)passwd, - (int)XSTRLEN(passwd), salt, (int)sizeof(salt), iterations, WC_SHA, - HEAP_HINT); - if (ret != 0) - return ret; - - if (XMEMCMP(derived, verify, sizeof(verify)) != 0) - return -9300; - - return 0; -} -#endif /* HAVE_PBKDF2 && !NO_SHA */ - -static int pwdbased_test(void) -{ - int ret = 0; - -#if defined(HAVE_PBKDF1) && !defined(NO_SHA) - ret = pbkdf1_test(); - if (ret != 0) - return ret; -#endif -#if defined(HAVE_PBKDF2) && !defined(NO_SHA256) - ret = pbkdf2_test(); - if (ret != 0) - return ret; -#endif -#ifdef HAVE_PKCS12 - ret = pkcs12_test(); - if (ret != 0) - return ret; -#endif -#ifdef HAVE_SCRYPT - ret = scrypt_test(); - if (ret != 0) - return ret; -#endif - return ret; -} - -#endif /* NO_PWDBASED */ - -#if defined(HAVE_HKDF) && (!defined(NO_SHA) || !defined(NO_SHA256)) - -static int hkdf_test(void) -{ - int ret; - int L = 42; - byte okm1[42]; - byte ikm1[22] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; - byte salt1[13] ={ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c }; - byte info1[10] ={ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, - 0xf8, 0xf9 }; - byte res1[42] = { 0x0a, 0xc1, 0xaf, 0x70, 0x02, 0xb3, 0xd7, 0x61, - 0xd1, 0xe5, 0x52, 0x98, 0xda, 0x9d, 0x05, 0x06, - 0xb9, 0xae, 0x52, 0x05, 0x72, 0x20, 0xa3, 0x06, - 0xe0, 0x7b, 0x6b, 0x87, 0xe8, 0xdf, 0x21, 0xd0, - 0xea, 0x00, 0x03, 0x3d, 0xe0, 0x39, 0x84, 0xd3, - 0x49, 0x18 }; - byte res2[42] = { 0x08, 0x5a, 0x01, 0xea, 0x1b, 0x10, 0xf3, 0x69, - 0x33, 0x06, 0x8b, 0x56, 0xef, 0xa5, 0xad, 0x81, - 0xa4, 0xf1, 0x4b, 0x82, 0x2f, 0x5b, 0x09, 0x15, - 0x68, 0xa9, 0xcd, 0xd4, 0xf1, 0x55, 0xfd, 0xa2, - 0xc2, 0x2e, 0x42, 0x24, 0x78, 0xd3, 0x05, 0xf3, - 0xf8, 0x96 }; - byte res3[42] = { 0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f, - 0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31, - 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e, - 0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d, - 0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a, - 0x96, 0xc8 }; - byte res4[42] = { 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, - 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a, - 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c, - 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf, - 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, - 0x58, 0x65 }; - - (void)res1; - (void)res2; - (void)res3; - (void)res4; - (void)salt1; - (void)info1; - -#ifndef NO_SHA - ret = wc_HKDF(WC_SHA, ikm1, 22, NULL, 0, NULL, 0, okm1, L); - if (ret != 0) - return -9500; - - if (XMEMCMP(okm1, res1, L) != 0) - return -9501; - -#ifndef HAVE_FIPS - /* fips can't have key size under 14 bytes, salt is key too */ - ret = wc_HKDF(WC_SHA, ikm1, 11, salt1, 13, info1, 10, okm1, L); - if (ret != 0) - return -9502; - - if (XMEMCMP(okm1, res2, L) != 0) - return -9503; -#endif /* HAVE_FIPS */ -#endif /* NO_SHA */ - -#ifndef NO_SHA256 - ret = wc_HKDF(WC_SHA256, ikm1, 22, NULL, 0, NULL, 0, okm1, L); - if (ret != 0) - return -9504; - - if (XMEMCMP(okm1, res3, L) != 0) - return -9505; - -#ifndef HAVE_FIPS - /* fips can't have key size under 14 bytes, salt is key too */ - ret = wc_HKDF(WC_SHA256, ikm1, 22, salt1, 13, info1, 10, okm1, L); - if (ret != 0) - return -9506; - - if (XMEMCMP(okm1, res4, L) != 0) - return -9507; -#endif /* HAVE_FIPS */ -#endif /* NO_SHA256 */ - - return 0; -} - -#endif /* HAVE_HKDF */ - - -#if defined(HAVE_ECC) && defined(HAVE_X963_KDF) - -static int x963kdf_test(void) -{ - int ret; - byte kek[128]; - -#ifndef NO_SHA - /* SHA-1, COUNT = 0 - * shared secret length: 192 - * SharedInfo length: 0 - * key data length: 128 - */ - const byte Z[] = { - 0x1c, 0x7d, 0x7b, 0x5f, 0x05, 0x97, 0xb0, 0x3d, - 0x06, 0xa0, 0x18, 0x46, 0x6e, 0xd1, 0xa9, 0x3e, - 0x30, 0xed, 0x4b, 0x04, 0xdc, 0x64, 0xcc, 0xdd - }; - - const byte verify[] = { - 0xbf, 0x71, 0xdf, 0xfd, 0x8f, 0x4d, 0x99, 0x22, - 0x39, 0x36, 0xbe, 0xb4, 0x6f, 0xee, 0x8c, 0xcc - }; -#endif - -#ifndef NO_SHA256 - /* SHA-256, COUNT = 3 - * shared secret length: 192 - * SharedInfo length: 0 - * key data length: 128 - */ - const byte Z2[] = { - 0xd3, 0x8b, 0xdb, 0xe5, 0xc4, 0xfc, 0x16, 0x4c, - 0xdd, 0x96, 0x7f, 0x63, 0xc0, 0x4f, 0xe0, 0x7b, - 0x60, 0xcd, 0xe8, 0x81, 0xc2, 0x46, 0x43, 0x8c - }; - - const byte verify2[] = { - 0x5e, 0x67, 0x4d, 0xb9, 0x71, 0xba, 0xc2, 0x0a, - 0x80, 0xba, 0xd0, 0xd4, 0x51, 0x4d, 0xc4, 0x84 - }; -#endif - -#ifdef WOLFSSL_SHA512 - /* SHA-512, COUNT = 0 - * shared secret length: 192 - * SharedInfo length: 0 - * key data length: 128 - */ - const byte Z3[] = { - 0x87, 0xfc, 0x0d, 0x8c, 0x44, 0x77, 0x48, 0x5b, - 0xb5, 0x74, 0xf5, 0xfc, 0xea, 0x26, 0x4b, 0x30, - 0x88, 0x5d, 0xc8, 0xd9, 0x0a, 0xd8, 0x27, 0x82 - }; - - const byte verify3[] = { - 0x94, 0x76, 0x65, 0xfb, 0xb9, 0x15, 0x21, 0x53, - 0xef, 0x46, 0x02, 0x38, 0x50, 0x6a, 0x02, 0x45 - }; - - /* SHA-512, COUNT = 0 - * shared secret length: 521 - * SharedInfo length: 128 - * key data length: 1024 - */ - const byte Z4[] = { - 0x00, 0xaa, 0x5b, 0xb7, 0x9b, 0x33, 0xe3, 0x89, - 0xfa, 0x58, 0xce, 0xad, 0xc0, 0x47, 0x19, 0x7f, - 0x14, 0xe7, 0x37, 0x12, 0xf4, 0x52, 0xca, 0xa9, - 0xfc, 0x4c, 0x9a, 0xdb, 0x36, 0x93, 0x48, 0xb8, - 0x15, 0x07, 0x39, 0x2f, 0x1a, 0x86, 0xdd, 0xfd, - 0xb7, 0xc4, 0xff, 0x82, 0x31, 0xc4, 0xbd, 0x0f, - 0x44, 0xe4, 0x4a, 0x1b, 0x55, 0xb1, 0x40, 0x47, - 0x47, 0xa9, 0xe2, 0xe7, 0x53, 0xf5, 0x5e, 0xf0, - 0x5a, 0x2d - }; - - const byte info4[] = { - 0xe3, 0xb5, 0xb4, 0xc1, 0xb0, 0xd5, 0xcf, 0x1d, - 0x2b, 0x3a, 0x2f, 0x99, 0x37, 0x89, 0x5d, 0x31 - }; - - const byte verify4[] = { - 0x44, 0x63, 0xf8, 0x69, 0xf3, 0xcc, 0x18, 0x76, - 0x9b, 0x52, 0x26, 0x4b, 0x01, 0x12, 0xb5, 0x85, - 0x8f, 0x7a, 0xd3, 0x2a, 0x5a, 0x2d, 0x96, 0xd8, - 0xcf, 0xfa, 0xbf, 0x7f, 0xa7, 0x33, 0x63, 0x3d, - 0x6e, 0x4d, 0xd2, 0xa5, 0x99, 0xac, 0xce, 0xb3, - 0xea, 0x54, 0xa6, 0x21, 0x7c, 0xe0, 0xb5, 0x0e, - 0xef, 0x4f, 0x6b, 0x40, 0xa5, 0xc3, 0x02, 0x50, - 0xa5, 0xa8, 0xee, 0xee, 0x20, 0x80, 0x02, 0x26, - 0x70, 0x89, 0xdb, 0xf3, 0x51, 0xf3, 0xf5, 0x02, - 0x2a, 0xa9, 0x63, 0x8b, 0xf1, 0xee, 0x41, 0x9d, - 0xea, 0x9c, 0x4f, 0xf7, 0x45, 0xa2, 0x5a, 0xc2, - 0x7b, 0xda, 0x33, 0xca, 0x08, 0xbd, 0x56, 0xdd, - 0x1a, 0x59, 0xb4, 0x10, 0x6c, 0xf2, 0xdb, 0xbc, - 0x0a, 0xb2, 0xaa, 0x8e, 0x2e, 0xfa, 0x7b, 0x17, - 0x90, 0x2d, 0x34, 0x27, 0x69, 0x51, 0xce, 0xcc, - 0xab, 0x87, 0xf9, 0x66, 0x1c, 0x3e, 0x88, 0x16 - }; -#endif - -#ifndef NO_SHA - ret = wc_X963_KDF(WC_HASH_TYPE_SHA, Z, sizeof(Z), NULL, 0, - kek, sizeof(verify)); - if (ret != 0) - return -9600; - - if (XMEMCMP(verify, kek, sizeof(verify)) != 0) - return -9601; -#endif - -#ifndef NO_SHA256 - ret = wc_X963_KDF(WC_HASH_TYPE_SHA256, Z2, sizeof(Z2), NULL, 0, - kek, sizeof(verify2)); - if (ret != 0) - return -9602; - - if (XMEMCMP(verify2, kek, sizeof(verify2)) != 0) - return -9603; -#endif - -#ifdef WOLFSSL_SHA512 - ret = wc_X963_KDF(WC_HASH_TYPE_SHA512, Z3, sizeof(Z3), NULL, 0, - kek, sizeof(verify3)); - if (ret != 0) - return -9604; - - if (XMEMCMP(verify3, kek, sizeof(verify3)) != 0) - return -9605; - - ret = wc_X963_KDF(WC_HASH_TYPE_SHA512, Z4, sizeof(Z4), info4, - sizeof(info4), kek, sizeof(verify4)); - if (ret != 0) - return -9606; - - if (XMEMCMP(verify4, kek, sizeof(verify4)) != 0) - return -9607; -#endif - - return 0; -} - -#endif /* HAVE_X963_KDF */ - - -#ifdef HAVE_ECC - -/* size to use for ECC key gen tests */ -#ifndef ECC_KEYGEN_SIZE - #ifndef NO_ECC256 - #define ECC_KEYGEN_SIZE 32 - #elif defined(HAVE_ECC384) - #define ECC_KEYGEN_SIZE 48 - #elif defined(HAVE_ECC224) - #define ECC_KEYGEN_SIZE 28 - #else - #error No ECC keygen size defined for test - #endif -#endif -#ifdef BENCH_EMBEDDED - #define ECC_SHARED_SIZE 128 -#else - #define ECC_SHARED_SIZE MAX_ECC_BYTES -#endif -#define ECC_DIGEST_SIZE MAX_ECC_BYTES -#define ECC_SIG_SIZE ECC_MAX_SIG_SIZE - -#ifndef NO_ECC_VECTOR_TEST - #if (defined(HAVE_ECC192) || defined(HAVE_ECC224) ||\ - !defined(NO_ECC256) || defined(HAVE_ECC384) ||\ - defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) - #define HAVE_ECC_VECTOR_TEST - #endif -#endif - -#ifdef HAVE_ECC_VECTOR_TEST -typedef struct eccVector { - const char* msg; /* SHA-1 Encoded Message */ - const char* Qx; - const char* Qy; - const char* d; /* Private Key */ - const char* R; - const char* S; - const char* curveName; - word32 msgLen; - word32 keySize; -#ifndef NO_ASN - const byte* r; - word32 rSz; - const byte* s; - word32 sSz; -#endif -} eccVector; - -static int ecc_test_vector_item(const eccVector* vector) -{ - int ret = 0, verify = 0; - word32 sigSz; - ecc_key userA; - DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT); -#if !defined(NO_ASN) && !defined(HAVE_SELFTEST) - word32 sigRawSz; - DECLARE_VAR(sigRaw, byte, ECC_SIG_SIZE, HEAP_HINT); -#endif - - ret = wc_ecc_init_ex(&userA, HEAP_HINT, devId); - if (ret != 0) { - FREE_VAR(sig, HEAP_HINT); - return ret; - } - - ret = wc_ecc_import_raw(&userA, vector->Qx, vector->Qy, - vector->d, vector->curveName); - if (ret != 0) - goto done; - - XMEMSET(sig, 0, ECC_SIG_SIZE); - sigSz = ECC_SIG_SIZE; - ret = wc_ecc_rs_to_sig(vector->R, vector->S, sig, &sigSz); - if (ret != 0) - goto done; - -#if !defined(NO_ASN) && !defined(HAVE_SELFTEST) - XMEMSET(sigRaw, 0, ECC_SIG_SIZE); - sigRawSz = ECC_SIG_SIZE; - ret = wc_ecc_rs_raw_to_sig(vector->r, vector->rSz, vector->s, vector->sSz, - sigRaw, &sigRawSz); - if (ret != 0) - goto done; - - if (sigSz != sigRawSz || XMEMCMP(sig, sigRaw, sigSz) != 0) { - ret = -9608; - goto done; - } -#endif - - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_verify_hash(sig, sigSz, (byte*)vector->msg, - vector->msgLen, &verify, &userA); - } while (ret == WC_PENDING_E); - if (ret != 0) - goto done; - TEST_SLEEP(); - - if (verify != 1) - ret = -9609; - -done: - wc_ecc_free(&userA); - -#if !defined(NO_ASN) && !defined(HAVE_SELFTEST) - FREE_VAR(sigRaw, HEAP_HINT); -#endif - FREE_VAR(sig, HEAP_HINT); - - return ret; -} - -static int ecc_test_vector(int keySize) -{ - int ret; - eccVector vec; - - XMEMSET(&vec, 0, sizeof(vec)); - vec.keySize = (word32)keySize; - - switch(keySize) { - -#if defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES) - case 14: - return 0; -#endif /* HAVE_ECC112 */ -#if defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES) - case 16: - return 0; -#endif /* HAVE_ECC128 */ -#if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES) - case 20: - return 0; -#endif /* HAVE_ECC160 */ - -#if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES) - case 24: - /* first [P-192,SHA-1] vector from FIPS 186-3 NIST vectors */ - #if 1 - vec.msg = "\x60\x80\x79\x42\x3f\x12\x42\x1d\xe6\x16\xb7\x49\x3e\xbe\x55\x1c\xf4\xd6\x5b\x92"; - vec.msgLen = 20; - #else - /* This is the raw message prior to SHA-1 */ - vec.msg = - "\xeb\xf7\x48\xd7\x48\xeb\xbc\xa7\xd2\x9f\xb4\x73\x69\x8a\x6e\x6b" - "\x4f\xb1\x0c\x86\x5d\x4a\xf0\x24\xcc\x39\xae\x3d\xf3\x46\x4b\xa4" - "\xf1\xd6\xd4\x0f\x32\xbf\x96\x18\xa9\x1b\xb5\x98\x6f\xa1\xa2\xaf" - "\x04\x8a\x0e\x14\xdc\x51\xe5\x26\x7e\xb0\x5e\x12\x7d\x68\x9d\x0a" - "\xc6\xf1\xa7\xf1\x56\xce\x06\x63\x16\xb9\x71\xcc\x7a\x11\xd0\xfd" - "\x7a\x20\x93\xe2\x7c\xf2\xd0\x87\x27\xa4\xe6\x74\x8c\xc3\x2f\xd5" - "\x9c\x78\x10\xc5\xb9\x01\x9d\xf2\x1c\xdc\xc0\xbc\xa4\x32\xc0\xa3" - "\xee\xd0\x78\x53\x87\x50\x88\x77\x11\x43\x59\xce\xe4\xa0\x71\xcf"; - vec.msgLen = 128; - #endif - vec.Qx = "07008ea40b08dbe76432096e80a2494c94982d2d5bcf98e6"; - vec.Qy = "76fab681d00b414ea636ba215de26d98c41bd7f2e4d65477"; - vec.d = "e14f37b3d1374ff8b03f41b9b3fdd2f0ebccf275d660d7f3"; - vec.R = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e"; - vec.S = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41"; - vec.curveName = "SECP192R1"; - #ifndef NO_ASN - vec.r = (byte*)"\x69\x94\xd9\x62\xbd\xd0\xd7\x93\xff\xdd\xf8\x55" - "\xec\x5b\xf2\xf9\x1a\x96\x98\xb4\x62\x58\xa6\x3e"; - vec.rSz = 24; - vec.s = (byte*)"\x02\xba\x64\x65\xa2\x34\x90\x37\x44\xab\x02\xbc" - "\x85\x21\x40\x5b\x73\xcf\x5f\xc0\x0e\x1a\x9f\x41"; - vec.sSz = 24; - #endif - break; -#endif /* HAVE_ECC192 */ - -#if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES) - case 28: - /* first [P-224,SHA-1] vector from FIPS 186-3 NIST vectors */ - #if 1 - vec.msg = "\xb9\xa3\xb8\x6d\xb0\xba\x99\xfd\xc6\xd2\x94\x6b\xfe\xbe\x9c\xe8\x3f\x10\x74\xfc"; - vec.msgLen = 20; - #else - /* This is the raw message prior to SHA-1 */ - vec.msg = - "\x36\xc8\xb2\x29\x86\x48\x7f\x67\x7c\x18\xd0\x97\x2a\x9e\x20\x47" - "\xb3\xaf\xa5\x9e\xc1\x62\x76\x4e\xc3\x0b\x5b\x69\xe0\x63\x0f\x99" - "\x0d\x4e\x05\xc2\x73\xb0\xe5\xa9\xd4\x28\x27\xb6\x95\xfc\x2d\x64" - "\xd9\x13\x8b\x1c\xf4\xc1\x21\x55\x89\x4c\x42\x13\x21\xa7\xbb\x97" - "\x0b\xdc\xe0\xfb\xf0\xd2\xae\x85\x61\xaa\xd8\x71\x7f\x2e\x46\xdf" - "\xe3\xff\x8d\xea\xb4\xd7\x93\x23\x56\x03\x2c\x15\x13\x0d\x59\x9e" - "\x26\xc1\x0f\x2f\xec\x96\x30\x31\xac\x69\x38\xa1\x8d\x66\x45\x38" - "\xb9\x4d\xac\x55\x34\xef\x7b\x59\x94\x24\xd6\x9b\xe1\xf7\x1c\x20"; - vec.msgLen = 128; - #endif - vec.Qx = "8a4dca35136c4b70e588e23554637ae251077d1365a6ba5db9585de7"; - vec.Qy = "ad3dee06de0be8279d4af435d7245f14f3b4f82eb578e519ee0057b1"; - vec.d = "97c4b796e1639dd1035b708fc00dc7ba1682cec44a1002a1a820619f"; - vec.R = "147b33758321e722a0360a4719738af848449e2c1d08defebc1671a7"; - vec.S = "24fc7ed7f1352ca3872aa0916191289e2e04d454935d50fe6af3ad5b"; - vec.curveName = "SECP224R1"; - #ifndef NO_ASN - vec.r = (byte*)"\x14\x7b\x33\x75\x83\x21\xe7\x22\xa0\x36\x0a\x47" - "\x19\x73\x8a\xf8\x48\x44\x9e\x2c\x1d\x08\xde\xfe" - "\xbc\x16\x71\xa7"; - vec.rSz = 28; - vec.s = (byte*)"\x24\xfc\x7e\xd7\xf1\x35\x2c\xa3\x87\x2a\xa0\x91" - "\x61\x91\x28\x9e\x2e\x04\xd4\x54\x93\x5d\x50\xfe" - "\x6a\xf3\xad\x5b"; - vec.sSz = 28; - #endif - break; -#endif /* HAVE_ECC224 */ - -#if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES) - case 30: - return 0; -#endif /* HAVE_ECC239 */ - -#if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) - case 32: - /* first [P-256,SHA-1] vector from FIPS 186-3 NIST vectors */ - #if 1 - vec.msg = "\xa3\xf9\x1a\xe2\x1b\xa6\xb3\x03\x98\x64\x47\x2f\x18\x41\x44\xc6\xaf\x62\xcd\x0e"; - vec.msgLen = 20; - #else - /* This is the raw message prior to SHA-1 */ - vec.msg = - "\xa2\x4b\x21\x76\x2e\x6e\xdb\x15\x3c\xc1\x14\x38\xdb\x0e\x92\xcd" - "\xf5\x2b\x86\xb0\x6c\xa9\x70\x16\x06\x27\x59\xc7\x0d\x36\xd1\x56" - "\x2c\xc9\x63\x0d\x7f\xc7\xc7\x74\xb2\x8b\x54\xe3\x1e\xf5\x58\x72" - "\xb2\xa6\x5d\xf1\xd7\xec\x26\xde\xbb\x33\xe7\xd9\x27\xef\xcc\xf4" - "\x6b\x63\xde\x52\xa4\xf4\x31\xea\xca\x59\xb0\x5d\x2e\xde\xc4\x84" - "\x5f\xff\xc0\xee\x15\x03\x94\xd6\x1f\x3d\xfe\xcb\xcd\xbf\x6f\x5a" - "\x73\x38\xd0\xbe\x3f\x2a\x77\x34\x51\x98\x3e\xba\xeb\x48\xf6\x73" - "\x8f\xc8\x95\xdf\x35\x7e\x1a\x48\xa6\x53\xbb\x35\x5a\x31\xa1\xb4" - vec.msgLen = 128; - #endif - vec.Qx = "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0"; - vec.Qy = "d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09"; - vec.d = "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25"; - vec.R = "2b826f5d44e2d0b6de531ad96b51e8f0c56fdfead3c236892e4d84eacfc3b75c"; - vec.S = "a2248b62c03db35a7cd63e8a120a3521a89d3d2f61ff99035a2148ae32e3a248"; - #ifndef NO_ASN - vec.r = (byte*)"\x2b\x82\x6f\x5d\x44\xe2\xd0\xb6\xde\x53\x1a\xd9" - "\x6b\x51\xe8\xf0\xc5\x6f\xdf\xea\xd3\xc2\x36\x89" - "\x2e\x4d\x84\xea\xcf\xc3\xb7\x5c"; - vec.rSz = 32; - vec.s = (byte*)"\xa2\x24\x8b\x62\xc0\x3d\xb3\x5a\x7c\xd6\x3e\x8a" - "\x12\x0a\x35\x21\xa8\x9d\x3d\x2f\x61\xff\x99\x03" - "\x5a\x21\x48\xae\x32\xe3\xa2\x48"; - vec.sSz = 32; - #endif - vec.curveName = "SECP256R1"; - break; -#endif /* !NO_ECC256 */ - -#if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES) - case 40: - return 0; -#endif /* HAVE_ECC320 */ - -#if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) - case 48: - /* first [P-384,SHA-1] vector from FIPS 186-3 NIST vectors */ - #if 1 - vec.msg = "\x9b\x9f\x8c\x95\x35\xa5\xca\x26\x60\x5d\xb7\xf2\xfa\x57\x3b\xdf\xc3\x2e\xab\x8b"; - vec.msgLen = 20; - #else - /* This is the raw message prior to SHA-1 */ - vec.msg = - "\xab\xe1\x0a\xce\x13\xe7\xe1\xd9\x18\x6c\x48\xf7\x88\x9d\x51\x47" - "\x3d\x3a\x09\x61\x98\x4b\xc8\x72\xdf\x70\x8e\xcc\x3e\xd3\xb8\x16" - "\x9d\x01\xe3\xd9\x6f\xc4\xf1\xd5\xea\x00\xa0\x36\x92\xbc\xc5\xcf" - "\xfd\x53\x78\x7c\x88\xb9\x34\xaf\x40\x4c\x03\x9d\x32\x89\xb5\xba" - "\xc5\xae\x7d\xb1\x49\x68\x75\xb5\xdc\x73\xc3\x09\xf9\x25\xc1\x3d" - "\x1c\x01\xab\xda\xaf\xeb\xcd\xac\x2c\xee\x43\x39\x39\xce\x8d\x4a" - "\x0a\x5d\x57\xbb\x70\x5f\x3b\xf6\xec\x08\x47\x95\x11\xd4\xb4\xa3" - "\x21\x1f\x61\x64\x9a\xd6\x27\x43\x14\xbf\x0d\x43\x8a\x81\xe0\x60" - vec.msgLen = 128; - #endif - vec.Qx = "e55fee6c49d8d523f5ce7bf9c0425ce4ff650708b7de5cfb095901523979a7f042602db30854735369813b5c3f5ef868"; - vec.Qy = "28f59cc5dc509892a988d38a8e2519de3d0c4fd0fbdb0993e38f18506c17606c5e24249246f1ce94983a5361c5be983e"; - vec.d = "a492ce8fa90084c227e1a32f7974d39e9ff67a7e8705ec3419b35fb607582bebd461e0b1520ac76ec2dd4e9b63ebae71"; - vec.R = "6820b8585204648aed63bdff47f6d9acebdea62944774a7d14f0e14aa0b9a5b99545b2daee6b3c74ebf606667a3f39b7"; - vec.S = "491af1d0cccd56ddd520b233775d0bc6b40a6255cc55207d8e9356741f23c96c14714221078dbd5c17f4fdd89b32a907"; - vec.curveName = "SECP384R1"; - #ifndef NO_ASN - vec.r = (byte*)"\x68\x20\xb8\x58\x52\x04\x64\x8a\xed\x63\xbd\xff" - "\x47\xf6\xd9\xac\xeb\xde\xa6\x29\x44\x77\x4a\x7d" - "\x14\xf0\xe1\x4a\xa0\xb9\xa5\xb9\x95\x45\xb2\xda" - "\xee\x6b\x3c\x74\xeb\xf6\x06\x66\x7a\x3f\x39\xb7"; - vec.rSz = 48; - vec.s = (byte*)"\x49\x1a\xf1\xd0\xcc\xcd\x56\xdd\xd5\x20\xb2\x33" - "\x77\x5d\x0b\xc6\xb4\x0a\x62\x55\xcc\x55\x20\x7d" - "\x8e\x93\x56\x74\x1f\x23\xc9\x6c\x14\x71\x42\x21" - "\x07\x8d\xbd\x5c\x17\xf4\xfd\xd8\x9b\x32\xa9\x07"; - vec.sSz = 48; - #endif - break; -#endif /* HAVE_ECC384 */ - -#if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES) - case 64: - return 0; -#endif /* HAVE_ECC512 */ - -#if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES) - case 66: - /* first [P-521,SHA-1] vector from FIPS 186-3 NIST vectors */ - #if 1 - vec.msg = "\x1b\xf7\x03\x9c\xca\x23\x94\x27\x3f\x11\xa1\xd4\x8d\xcc\xb4\x46\x6f\x31\x61\xdf"; - vec.msgLen = 20; - #else - /* This is the raw message prior to SHA-1 */ - vec.msg = - "\x50\x3f\x79\x39\x34\x0a\xc7\x23\xcd\x4a\x2f\x4e\x6c\xcc\x27\x33" - "\x38\x3a\xca\x2f\xba\x90\x02\x19\x9d\x9e\x1f\x94\x8b\xe0\x41\x21" - "\x07\xa3\xfd\xd5\x14\xd9\x0c\xd4\xf3\x7c\xc3\xac\x62\xef\x00\x3a" - "\x2d\xb1\xd9\x65\x7a\xb7\x7f\xe7\x55\xbf\x71\xfa\x59\xe4\xd9\x6e" - "\xa7\x2a\xe7\xbf\x9d\xe8\x7d\x79\x34\x3b\xc1\xa4\xbb\x14\x4d\x16" - "\x28\xd1\xe9\xe9\xc8\xed\x80\x8b\x96\x2c\x54\xe5\xf9\x6d\x53\xda" - "\x14\x7a\x96\x38\xf9\x4a\x91\x75\xd8\xed\x61\x05\x5f\x0b\xa5\x73" - "\xa8\x2b\xb7\xe0\x18\xee\xda\xc4\xea\x7b\x36\x2e\xc8\x9c\x38\x2b" - vec.msgLen = 128; - #endif - vec.Qx = "12fbcaeffa6a51f3ee4d3d2b51c5dec6d7c726ca353fc014ea2bf7cfbb9b910d32cbfa6a00fe39b6cdb8946f22775398b2e233c0cf144d78c8a7742b5c7a3bb5d23"; - vec.Qy = "09cdef823dd7bf9a79e8cceacd2e4527c231d0ae5967af0958e931d7ddccf2805a3e618dc3039fec9febbd33052fe4c0fee98f033106064982d88f4e03549d4a64d"; - vec.d = "1bd56bd106118eda246155bd43b42b8e13f0a6e25dd3bb376026fab4dc92b6157bc6dfec2d15dd3d0cf2a39aa68494042af48ba9601118da82c6f2108a3a203ad74"; - vec.R = "0bd117b4807710898f9dd7778056485777668f0e78e6ddf5b000356121eb7a220e9493c7f9a57c077947f89ac45d5acb6661bbcd17abb3faea149ba0aa3bb1521be"; - vec.S = "019cd2c5c3f9870ecdeb9b323abdf3a98cd5e231d85c6ddc5b71ab190739f7f226e6b134ba1d5889ddeb2751dabd97911dff90c34684cdbe7bb669b6c3d22f2480c"; - vec.curveName = "SECP521R1"; - #ifndef NO_ASN - vec.r = (byte*)"\x00\xbd\x11\x7b\x48\x07\x71\x08\x98\xf9\xdd\x77" - "\x78\x05\x64\x85\x77\x76\x68\xf0\xe7\x8e\x6d\xdf" - "\x5b\x00\x03\x56\x12\x1e\xb7\xa2\x20\xe9\x49\x3c" - "\x7f\x9a\x57\xc0\x77\x94\x7f\x89\xac\x45\xd5\xac" - "\xb6\x66\x1b\xbc\xd1\x7a\xbb\x3f\xae\xa1\x49\xba" - "\x0a\xa3\xbb\x15\x21\xbe"; - vec.rSz = 66; - vec.s = (byte*)"\x00\x19\xcd\x2c\x5c\x3f\x98\x70\xec\xde\xb9\xb3" - "\x23\xab\xdf\x3a\x98\xcd\x5e\x23\x1d\x85\xc6\xdd" - "\xc5\xb7\x1a\xb1\x90\x73\x9f\x7f\x22\x6e\x6b\x13" - "\x4b\xa1\xd5\x88\x9d\xde\xb2\x75\x1d\xab\xd9\x79" - "\x11\xdf\xf9\x0c\x34\x68\x4c\xdb\xe7\xbb\x66\x9b" - "\x6c\x3d\x22\xf2\x48\x0c"; - vec.sSz = 66; - #endif - break; -#endif /* HAVE_ECC521 */ - default: - return NOT_COMPILED_IN; /* Invalid key size / Not supported */ - }; /* Switch */ - - ret = ecc_test_vector_item(&vec); - if (ret < 0) { - return ret; - } - - return 0; -} - -#if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_SET_K) -static int ecc_test_sign_vectors(WC_RNG* rng) -{ - int ret; - ecc_key key; - byte sig[72]; - word32 sigSz; - unsigned char hash[32] = "test wolfSSL deterministic sign"; - const char* dIUT = "7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534"; - const char* QIUTx = "ead218590119e8876b29146ff89ca61770c4edbbf97d38ce385ed281d8a6b230"; - const char* QIUTy = "28af61281fd35e2fa7002523acc85a429cb06ee6648325389f59edfce1405141"; - const byte k[1] = { 0x02 }; - const byte expSig[71] = { - 0x30, 0x45, 0x02, 0x20, 0x7c, 0xf2, 0x7b, 0x18, - 0x8d, 0x03, 0x4f, 0x7e, 0x8a, 0x52, 0x38, 0x03, - 0x04, 0xb5, 0x1a, 0xc3, 0xc0, 0x89, 0x69, 0xe2, - 0x77, 0xf2, 0x1b, 0x35, 0xa6, 0x0b, 0x48, 0xfc, - 0x47, 0x66, 0x99, 0x78, 0x02, 0x21, 0x00, 0xa8, - 0x43, 0xa0, 0xce, 0x6c, 0x5e, 0x17, 0x8a, 0x53, - 0x4d, 0xaf, 0xd2, 0x95, 0x78, 0x9f, 0x84, 0x4f, - 0x94, 0xb8, 0x75, 0xa3, 0x19, 0xa5, 0xd4, 0xdf, - 0xe1, 0xd4, 0x5e, 0x9d, 0x97, 0xfe, 0x81 - }; - - ret = wc_ecc_init_ex(&key, HEAP_HINT, devId); - if (ret != 0) { - return ret; - } - ret = wc_ecc_import_raw(&key, QIUTx, QIUTy, dIUT, "SECP256R1"); - if (ret != 0) { - goto done; - } - - ret = wc_ecc_sign_set_k(k, sizeof(k), &key); - if (ret != 0) { - goto done; - } - - sigSz = sizeof(sig); - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, &key); - } while (ret == WC_PENDING_E); - if (ret != 0) { - goto done; - } - TEST_SLEEP(); - - if (sigSz != sizeof(expSig)) { - ret = -9610; - goto done; - } - if (XMEMCMP(sig, expSig, sigSz) != 0) { - ret = -9611; - goto done; - } - - sigSz = sizeof(sig); - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, &key); - } while (ret == WC_PENDING_E); - if (ret != 0) { - goto done; - } - TEST_SLEEP(); - -done: - wc_ecc_free(&key); - return ret; -} -#endif - -#ifdef HAVE_ECC_CDH -static int ecc_test_cdh_vectors(WC_RNG* rng) -{ - int ret; - ecc_key pub_key, priv_key; - byte sharedA[32] = {0}, sharedB[32] = {0}; - word32 x, z; - - const char* QCAVSx = "700c48f77f56584c5cc632ca65640db91b6bacce3a4df6b42ce7cc838833d287"; - const char* QCAVSy = "db71e509e3fd9b060ddb20ba5c51dcc5948d46fbf640dfe0441782cab85fa4ac"; - const char* dIUT = "7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534"; - const char* QIUTx = "ead218590119e8876b29146ff89ca61770c4edbbf97d38ce385ed281d8a6b230"; - const char* QIUTy = "28af61281fd35e2fa7002523acc85a429cb06ee6648325389f59edfce1405141"; - const char* ZIUT = "46fc62106420ff012e54a434fbdd2d25ccc5852060561e68040dd7778997bd7b"; - - /* setup private and public keys */ - ret = wc_ecc_init_ex(&pub_key, HEAP_HINT, devId); - if (ret != 0) - return ret; - ret = wc_ecc_init_ex(&priv_key, HEAP_HINT, devId); - if (ret != 0) { - wc_ecc_free(&pub_key); - return ret; - } - wc_ecc_set_flags(&pub_key, WC_ECC_FLAG_COFACTOR); - wc_ecc_set_flags(&priv_key, WC_ECC_FLAG_COFACTOR); - ret = wc_ecc_import_raw(&pub_key, QCAVSx, QCAVSy, NULL, "SECP256R1"); - if (ret != 0) - goto done; - ret = wc_ecc_import_raw(&priv_key, QIUTx, QIUTy, dIUT, "SECP256R1"); - if (ret != 0) - goto done; - -#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \ - (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \ - !defined(HAVE_SELFTEST) - ret = wc_ecc_set_rng(&priv_key, rng); - if (ret != 0) - goto done; -#else - (void)rng; -#endif - - /* compute ECC Cofactor shared secret */ - x = sizeof(sharedA); - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &priv_key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_shared_secret(&priv_key, &pub_key, sharedA, &x); - } while (ret == WC_PENDING_E); - if (ret != 0) { - goto done; - } - TEST_SLEEP(); - - /* read in expected Z */ - z = sizeof(sharedB); - ret = Base16_Decode((const byte*)ZIUT, (word32)XSTRLEN(ZIUT), sharedB, &z); - if (ret != 0) - goto done; - - /* compare results */ - if (x != z || XMEMCMP(sharedA, sharedB, x)) { - ERROR_OUT(-9612, done); - } - -done: - wc_ecc_free(&priv_key); - wc_ecc_free(&pub_key); - return ret; -} -#endif /* HAVE_ECC_CDH */ -#endif /* HAVE_ECC_VECTOR_TEST */ - -#ifdef HAVE_ECC_KEY_IMPORT -/* returns 0 on success */ -static int ecc_test_make_pub(WC_RNG* rng) -{ - ecc_key key; - byte exportBuf[ECC_BUFSIZE]; - byte tmp[ECC_BUFSIZE]; - const byte* msg = (const byte*)"test wolfSSL ECC public gen"; - word32 x, tmpSz; - int ret = 0; - ecc_point* pubPoint = NULL; -#if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) - ecc_key pub; -#endif -#ifdef HAVE_ECC_VERIFY - int verify = 0; -#endif -#ifndef USE_CERT_BUFFERS_256 - XFILE file; -#endif - - wc_ecc_init_ex(&key, HEAP_HINT, devId); - -#ifndef NO_ECC256 -#ifdef USE_CERT_BUFFERS_256 - XMEMCPY(tmp, ecc_key_der_256, (size_t)sizeof_ecc_key_der_256); - tmpSz = (size_t)sizeof_ecc_key_der_256; -#else - file = XFOPEN(eccKeyDerFile, "rb"); - if (!file) { - ERROR_OUT(-9617, done); - } - - tmpSz = (word32)XFREAD(tmp, 1, sizeof(tmp), file); - XFCLOSE(file); -#endif /* USE_CERT_BUFFERS_256 */ - - /* import private only then test with */ - ret = wc_ecc_import_private_key(tmp, tmpSz, NULL, 0, NULL); - if (ret == 0) { - ERROR_OUT(-9618, done); - } - - ret = wc_ecc_import_private_key(NULL, tmpSz, NULL, 0, &key); - if (ret == 0) { - ERROR_OUT(-9619, done); - } - - x = 0; - ret = wc_EccPrivateKeyDecode(tmp, &x, &key, tmpSz); - if (ret != 0) { - ERROR_OUT(-9620, done); - } - -#ifdef HAVE_ECC_KEY_EXPORT - x = sizeof(exportBuf); - ret = wc_ecc_export_private_only(&key, exportBuf, &x); - if (ret != 0) { - ERROR_OUT(-9621, done); - } - - /* make private only key */ - wc_ecc_free(&key); - wc_ecc_init_ex(&key, HEAP_HINT, devId); - ret = wc_ecc_import_private_key(exportBuf, x, NULL, 0, &key); - if (ret != 0) { - ERROR_OUT(-9622, done); - } - - x = sizeof(exportBuf); - ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0); - if (ret == 0) { - ERROR_OUT(-9623, done); - } - -#endif /* HAVE_ECC_KEY_EXPORT */ - - ret = wc_ecc_make_pub(NULL, NULL); - if (ret == 0) { - ERROR_OUT(-9624, done); - } - TEST_SLEEP(); - - pubPoint = wc_ecc_new_point_h(HEAP_HINT); - if (pubPoint == NULL) { - ERROR_OUT(-9625, done); - } - - ret = wc_ecc_make_pub(&key, pubPoint); - if (ret != 0) { - ERROR_OUT(-9626, done); - } - - TEST_SLEEP(); - -#ifdef HAVE_ECC_KEY_EXPORT - /* export should still fail, is private only key */ - x = sizeof(exportBuf); - ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0); - if (ret == 0) { - ERROR_OUT(-9627, done); - } -#endif /* HAVE_ECC_KEY_EXPORT */ -#endif /* !NO_ECC256 */ - - /* create a new key since above test for loading key is not supported */ -#if defined(WOLFSSL_CRYPTOCELL) || defined(NO_ECC256) - ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, &key); - if (ret != 0) { - ERROR_OUT(-9628, done); - } -#endif - -#ifdef HAVE_ECC_SIGN - tmpSz = sizeof(tmp); - ret = 0; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_sign_hash(msg, (word32)XSTRLEN((const char* )msg), tmp, &tmpSz, rng, &key); - } while (ret == WC_PENDING_E); - if (ret != 0) { - ERROR_OUT(-9629, done); - } - TEST_SLEEP(); - -#ifdef HAVE_ECC_VERIFY - /* try verify with private only key */ - ret = 0; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_verify_hash(tmp, tmpSz, msg, (word32)XSTRLEN((const char* )msg), &verify, &key); - } while (ret == WC_PENDING_E); - if (ret != 0) { - ERROR_OUT(-9630, done); - } - - if (verify != 1) { - ERROR_OUT(-9631, done); - } - TEST_SLEEP(); -#ifdef HAVE_ECC_KEY_EXPORT - /* exporting the public part should now work */ - x = sizeof(exportBuf); - ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0); - if (ret != 0) { - ERROR_OUT(-9632, done); - } -#endif /* HAVE_ECC_KEY_EXPORT */ -#endif /* HAVE_ECC_VERIFY */ - -#endif /* HAVE_ECC_SIGN */ - -#if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) - /* now test private only key with creating a shared secret */ - x = sizeof(exportBuf); - ret = wc_ecc_export_private_only(&key, exportBuf, &x); - if (ret != 0) { - ERROR_OUT(-9633, done); - } - - /* make private only key */ - wc_ecc_free(&key); - wc_ecc_init_ex(&key, HEAP_HINT, devId); - ret = wc_ecc_import_private_key(exportBuf, x, NULL, 0, &key); - if (ret != 0) { - ERROR_OUT(-9634, done); - } - - /* check that public export fails with private only key */ - x = sizeof(exportBuf); - ret = wc_ecc_export_x963_ex(&key, exportBuf, &x, 0); - if (ret == 0) { - ERROR_OUT(-9635, done); - } - - /* make public key for shared secret */ - wc_ecc_init_ex(&pub, HEAP_HINT, devId); - ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, &pub); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &pub.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) { - ERROR_OUT(-9636, done); - } - TEST_SLEEP(); - -#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \ - (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \ - !defined(HAVE_SELFTEST) - ret = wc_ecc_set_rng(&key, rng); - if (ret != 0) - goto done; -#endif - - x = sizeof(exportBuf); - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) { - ret = wc_ecc_shared_secret(&key, &pub, exportBuf, &x); - } - } while (ret == WC_PENDING_E); - wc_ecc_free(&pub); - if (ret != 0) { - ERROR_OUT(-9637, done); - } - TEST_SLEEP(); -#endif /* HAVE_ECC_DHE && HAVE_ECC_KEY_EXPORT */ - - ret = 0; - -done: - - wc_ecc_del_point_h(pubPoint, HEAP_HINT); - wc_ecc_free(&key); - - return ret; -} - -static int ecc_test_key_decode(WC_RNG* rng, int keySize) -{ - int ret; - ecc_key eccKey; - byte tmpBuf[ECC_BUFSIZE]; - word32 tmpSz; - word32 idx; - - ret = wc_ecc_init(&eccKey); - if (ret != 0) { - return ret; - } - ret = wc_ecc_make_key(rng, keySize, &eccKey); - if (ret != 0) { - wc_ecc_free(&eccKey); - return ret; - } - - tmpSz = sizeof(tmpBuf); - ret = wc_EccKeyToDer(&eccKey, tmpBuf, tmpSz); - wc_ecc_free(&eccKey); - if (ret < 0) { - return ret; - } - tmpSz = ret; - - ret = wc_ecc_init(&eccKey); - if (ret != 0) { - return ret; - } - idx = 0; - ret = wc_EccPrivateKeyDecode(tmpBuf, &idx, &eccKey, tmpSz); - wc_ecc_free(&eccKey); - if (ret != 0) { - return ret; - } - - ret = wc_ecc_init(&eccKey); - if (ret != 0) { - return 0; - } - - idx = 0; - ret = wc_EccPublicKeyDecode(tmpBuf, &idx, &eccKey, tmpSz); - wc_ecc_free(&eccKey); - - return ret; -} -#endif /* HAVE_ECC_KEY_IMPORT */ - -static int ecc_test_key_gen(WC_RNG* rng, int keySize) -{ - int ret = 0; - int derSz; -#ifdef HAVE_PKCS8 - word32 pkcs8Sz; -#endif - byte der[ECC_BUFSIZE]; - ecc_key userA; - - ret = wc_ecc_init_ex(&userA, HEAP_HINT, devId); - if (ret != 0) - goto done; - - ret = wc_ecc_make_key(rng, keySize, &userA); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - goto done; - TEST_SLEEP(); - - ret = wc_ecc_check_key(&userA); - if (ret != 0) - goto done; - TEST_SLEEP(); - - derSz = wc_EccKeyToDer(&userA, der, sizeof(der)); - if (derSz < 0) { - ERROR_OUT(derSz, done); - } - - ret = SaveDerAndPem(der, derSz, eccCaKeyTempFile, eccCaKeyPemFile, - ECC_PRIVATEKEY_TYPE, -8347); - if (ret != 0) { - goto done; - } - - /* test export of public key */ - derSz = wc_EccPublicKeyToDer(&userA, der, sizeof(der), 1); - if (derSz < 0) { - ERROR_OUT(derSz, done); - } - if (derSz == 0) { - ERROR_OUT(-9640, done); - } - - ret = SaveDerAndPem(der, derSz, eccPubKeyDerFile, NULL, 0, -8348); - if (ret != 0) { - goto done; - } - -#ifdef HAVE_PKCS8 - /* test export of PKCS#8 unencrypted private key */ - pkcs8Sz = FOURK_BUF; - derSz = wc_EccPrivateKeyToPKCS8(&userA, der, &pkcs8Sz); - if (derSz < 0) { - ERROR_OUT(derSz, done); - } - - if (derSz == 0) { - ERROR_OUT(-9641, done); - } - - ret = SaveDerAndPem(der, derSz, eccPkcs8KeyDerFile, NULL, 0, -8349); - if (ret != 0) { - goto done; - } -#endif /* HAVE_PKCS8 */ - -done: - - wc_ecc_free(&userA); - - return ret; -} - -static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, - int curve_id, const ecc_set_type* dp) -{ -#if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && \ - !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) - DECLARE_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT); - DECLARE_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT); -#endif -#ifdef HAVE_ECC_KEY_EXPORT - byte exportBuf[MAX_ECC_BYTES * 2 + 32]; -#endif - word32 x = 0; -#if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && \ - !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) - word32 y; -#endif -#ifdef HAVE_ECC_SIGN - DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT); - DECLARE_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT); - int i; -#ifdef HAVE_ECC_VERIFY - int verify; -#endif /* HAVE_ECC_VERIFY */ -#endif /* HAVE_ECC_SIGN */ - int ret; - ecc_key userA, userB, pubKey; - int curveSize; - - (void)testVerifyCount; - (void)dp; - (void)x; - - XMEMSET(&userA, 0, sizeof(ecc_key)); - XMEMSET(&userB, 0, sizeof(ecc_key)); - XMEMSET(&pubKey, 0, sizeof(ecc_key)); - - ret = wc_ecc_init_ex(&userA, HEAP_HINT, devId); - if (ret != 0) - goto done; - ret = wc_ecc_init_ex(&userB, HEAP_HINT, devId); - if (ret != 0) - goto done; - ret = wc_ecc_init_ex(&pubKey, HEAP_HINT, devId); - if (ret != 0) - goto done; - -#ifdef WOLFSSL_CUSTOM_CURVES - if (dp != NULL) { - ret = wc_ecc_set_custom_curve(&userA, dp); - if (ret != 0) - goto done; - ret = wc_ecc_set_custom_curve(&userB, dp); - if (ret != 0) - goto done; - } -#endif - - ret = wc_ecc_make_key_ex(rng, keySize, &userA, curve_id); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - goto done; - TEST_SLEEP(); - - if (wc_ecc_get_curve_idx(curve_id) != -1) { - curveSize = wc_ecc_get_curve_size_from_id(userA.dp->id); - if (curveSize != userA.dp->size) { - ret = -9642; - goto done; - } - } - - ret = wc_ecc_check_key(&userA); - if (ret != 0) - goto done; - TEST_SLEEP(); - -/* ATECC508/608 configuration may not support more than one ECDH key */ -#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) - - ret = wc_ecc_make_key_ex(rng, keySize, &userB, curve_id); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &userB.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) - goto done; - TEST_SLEEP(); - - /* only perform the below tests if the key size matches */ - if (dp == NULL && keySize > 0 && wc_ecc_size(&userA) != keySize) { - ret = ECC_CURVE_OID_E; - goto done; - } - -#ifdef HAVE_ECC_DHE -#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \ - (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \ - !defined(HAVE_SELFTEST) - ret = wc_ecc_set_rng(&userA, rng); - if (ret != 0) - goto done; - ret = wc_ecc_set_rng(&userB, rng); - if (ret != 0) - goto done; -#endif - - x = ECC_SHARED_SIZE; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_shared_secret(&userA, &userB, sharedA, &x); - } while (ret == WC_PENDING_E); - if (ret != 0) { - goto done; - } - TEST_SLEEP(); - - y = ECC_SHARED_SIZE; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &userB.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_shared_secret(&userB, &userA, sharedB, &y); - } while (ret == WC_PENDING_E); - if (ret != 0) - goto done; - - if (y != x) - ERROR_OUT(-9643, done); - - if (XMEMCMP(sharedA, sharedB, x)) - ERROR_OUT(-9644, done); - TEST_SLEEP(); -#endif /* HAVE_ECC_DHE */ - -#ifdef HAVE_ECC_CDH - /* add cofactor flag */ - wc_ecc_set_flags(&userA, WC_ECC_FLAG_COFACTOR); - wc_ecc_set_flags(&userB, WC_ECC_FLAG_COFACTOR); - - x = ECC_SHARED_SIZE; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_shared_secret(&userA, &userB, sharedA, &x); - } while (ret == WC_PENDING_E); - if (ret != 0) { - goto done; - } - TEST_SLEEP(); - - y = ECC_SHARED_SIZE; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &userB.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_shared_secret(&userB, &userA, sharedB, &y); - } while (ret == WC_PENDING_E); - if (ret != 0) - goto done; - - if (y != x) - ERROR_OUT(-9645, done); - - if (XMEMCMP(sharedA, sharedB, x)) - ERROR_OUT(-9646, done); - TEST_SLEEP(); - - /* remove cofactor flag */ - wc_ecc_set_flags(&userA, 0); - wc_ecc_set_flags(&userB, 0); -#endif /* HAVE_ECC_CDH */ -#endif /* WOLFSSL_ATECC508A */ - -#ifdef HAVE_ECC_KEY_EXPORT - x = sizeof(exportBuf); - ret = wc_ecc_export_x963_ex(&userA, exportBuf, &x, 0); - if (ret != 0) - goto done; - -#ifdef HAVE_ECC_KEY_IMPORT - #ifdef WOLFSSL_CUSTOM_CURVES - if (dp != NULL) { - ret = wc_ecc_set_custom_curve(&pubKey, dp); - if (ret != 0) goto done; - } - #endif - ret = wc_ecc_import_x963_ex(exportBuf, x, &pubKey, curve_id); - if (ret != 0) - goto done; - -#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) -#ifdef HAVE_ECC_DHE - y = ECC_SHARED_SIZE; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &userB.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_shared_secret(&userB, &pubKey, sharedB, &y); - } while (ret == WC_PENDING_E); - if (ret != 0) - goto done; - - if (XMEMCMP(sharedA, sharedB, y)) - ERROR_OUT(-9647, done); - TEST_SLEEP(); -#endif /* HAVE_ECC_DHE */ - - #ifdef HAVE_COMP_KEY - /* try compressed export / import too */ - x = sizeof(exportBuf); - ret = wc_ecc_export_x963_ex(&userA, exportBuf, &x, 1); - if (ret != 0) - goto done; - wc_ecc_free(&pubKey); - - ret = wc_ecc_init_ex(&pubKey, HEAP_HINT, devId); - if (ret != 0) - goto done; - #ifdef WOLFSSL_CUSTOM_CURVES - if (dp != NULL) { - ret = wc_ecc_set_custom_curve(&pubKey, dp); - if (ret != 0) goto done; - } - #endif - ret = wc_ecc_import_x963_ex(exportBuf, x, &pubKey, curve_id); - if (ret != 0) - goto done; - - #ifdef HAVE_ECC_DHE - y = ECC_SHARED_SIZE; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &userB.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_shared_secret(&userB, &pubKey, sharedB, &y); - } while (ret == WC_PENDING_E); - if (ret != 0) - goto done; - - if (XMEMCMP(sharedA, sharedB, y)) - ERROR_OUT(-9648, done); - TEST_SLEEP(); - #endif /* HAVE_ECC_DHE */ - #endif /* HAVE_COMP_KEY */ -#endif /* WOLFSSL_ATECC508A */ - -#endif /* HAVE_ECC_KEY_IMPORT */ -#endif /* HAVE_ECC_KEY_EXPORT */ - -#ifdef HAVE_ECC_SIGN - /* ECC w/out Shamir has issue with all 0 digest */ - /* WC_BIGINT doesn't have 0 len well on hardware */ -#if defined(ECC_SHAMIR) && !defined(WOLFSSL_ASYNC_CRYPT) - /* test DSA sign hash with zeros */ - for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) { - digest[i] = 0; - } - - x = ECC_SIG_SIZE; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng, - &userA); - } while (ret == WC_PENDING_E); - if (ret != 0) - goto done; - TEST_SLEEP(); - -#ifdef HAVE_ECC_VERIFY - for (i=0; iidx, &key->pubkey, pub, &pubLen); - if (ret != 0) { - ret = -9734; - goto done; - } - - ret = wc_ecc_import_private_key(priv, privLen, pub, pubLen, &keyImp); - if (ret != 0) { - ret = -9735; - goto done; - } - - wc_ecc_free(&keyImp); - wc_ecc_init_ex(&keyImp, HEAP_HINT, devId); - - ret = wc_ecc_import_raw_ex(&keyImp, qx, qy, d, ECC_SECP256R1); - if (ret != 0) { - ret = -9736; - goto done; - } - - wc_ecc_free(&keyImp); - wc_ecc_init_ex(&keyImp, HEAP_HINT, devId); - - curve_id = wc_ecc_get_curve_id(key->idx); - if (curve_id < 0) { - ret = -9737; - goto done; - } - - /* test import private only */ - ret = wc_ecc_import_private_key_ex(priv, privLen, NULL, 0, &keyImp, - curve_id); - if (ret != 0) { - ret = -9738; - goto done; - } - - wc_ecc_free(&keyImp); - wc_ecc_init_ex(&keyImp, HEAP_HINT, devId); - - /* test export public raw */ - pubLenX = pubLenY = 32; - ret = wc_ecc_export_public_raw(key, pub, &pubLenX, &pub[32], &pubLenY); - if (ret != 0) { - ret = -9739; - goto done; - } - -#ifndef HAVE_SELFTEST - /* test import of public */ - ret = wc_ecc_import_unsigned(&keyImp, pub, &pub[32], NULL, ECC_SECP256R1); - if (ret != 0) { - ret = -9740; - goto done; - } -#endif - - wc_ecc_free(&keyImp); - wc_ecc_init_ex(&keyImp, HEAP_HINT, devId); - - /* test export private and public raw */ - pubLenX = pubLenY = privLen = 32; - ret = wc_ecc_export_private_raw(key, pub, &pubLenX, &pub[32], &pubLenY, - priv, &privLen); - if (ret != 0) { - ret = -9741; - goto done; - } - -#ifndef HAVE_SELFTEST - /* test import of private and public */ - ret = wc_ecc_import_unsigned(&keyImp, pub, &pub[32], priv, ECC_SECP256R1); - if (ret != 0) { - ret = -9742; - goto done; - } -#endif - -done: - wc_ecc_free(&keyImp); - return ret; -} -#endif /* HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */ - -#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ - !defined(WOLFSSL_CRYPTOCELL) -#if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT) -static int ecc_mulmod_test(ecc_key* key1) -{ - int ret; - ecc_key key2; - ecc_key key3; - - wc_ecc_init_ex(&key2, HEAP_HINT, devId); - wc_ecc_init_ex(&key3, HEAP_HINT, devId); - - /* TODO: Use test data, test with WOLFSSL_VALIDATE_ECC_IMPORT. */ - /* Need base point (Gx,Gy) and parameter A - load them as the public and - * private key in key2. - */ - ret = wc_ecc_import_raw_ex(&key2, key1->dp->Gx, key1->dp->Gy, key1->dp->Af, - ECC_SECP256R1); - if (ret != 0) - goto done; - - /* Need a point (Gx,Gy) and prime - load them as the public and private key - * in key3. - */ - ret = wc_ecc_import_raw_ex(&key3, key1->dp->Gx, key1->dp->Gy, - key1->dp->prime, ECC_SECP256R1); - if (ret != 0) - goto done; - - ret = wc_ecc_mulmod(&key1->k, &key2.pubkey, &key3.pubkey, &key2.k, &key3.k, - 1); - if (ret != 0) { - ret = -9743; - goto done; - } - -done: - wc_ecc_free(&key3); - wc_ecc_free(&key2); - return ret; -} -#endif - -#ifdef HAVE_ECC_DHE -static int ecc_ssh_test(ecc_key* key, WC_RNG* rng) -{ - int ret; - byte out[128]; - word32 outLen = sizeof(out); - - /* Parameter Validation testing. */ - ret = wc_ecc_shared_secret_ssh(NULL, &key->pubkey, out, &outLen); - if (ret != BAD_FUNC_ARG) - return -9744; - ret = wc_ecc_shared_secret_ssh(key, NULL, out, &outLen); - if (ret != BAD_FUNC_ARG) - return -9745; - ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, NULL, &outLen); - if (ret != BAD_FUNC_ARG) - return -9746; - ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, NULL); - if (ret != BAD_FUNC_ARG) - return -9747; - -#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \ - (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \ - !defined(HAVE_SELFTEST) - ret = wc_ecc_set_rng(key, rng); - if (ret != 0) - return -9748; -#else - (void)rng; -#endif - - /* Use API. */ - ret = 0; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, &outLen); - } while (ret == WC_PENDING_E); - if (ret != 0) - return -9749; - TEST_SLEEP(); - return 0; -} -#endif /* HAVE_ECC_DHE */ -#endif - -static int ecc_def_curve_test(WC_RNG *rng) -{ - int ret; - ecc_key key; - - wc_ecc_init_ex(&key, HEAP_HINT, devId); - - /* Use API */ - ret = wc_ecc_set_flags(NULL, 0); - if (ret != BAD_FUNC_ARG) { - ret = -9749; - goto done; - } - ret = wc_ecc_set_flags(&key, 0); - if (ret != 0) { - ret = -9750; - goto done; - } - - ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, &key); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) { - ret = -9751; - goto done; - } - TEST_SLEEP(); - -#ifndef NO_SIG_WRAPPER - ret = ecc_sig_test(rng, &key); - if (ret < 0) - goto done; -#endif -#if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \ - !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) - ret = ecc_exp_imp_test(&key); - if (ret < 0) - goto done; -#endif -#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ - !defined(WOLFSSL_CRYPTOCELL) -#if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT) - ret = ecc_mulmod_test(&key); - if (ret < 0) - goto done; -#endif -#ifdef HAVE_ECC_DHE - ret = ecc_ssh_test(&key, rng); - if (ret < 0) - goto done; -#endif -#endif /* WOLFSSL_ATECC508A */ -done: - wc_ecc_free(&key); - return ret; -} -#endif /* !NO_ECC256 || HAVE_ALL_CURVES */ - -#ifdef WOLFSSL_CERT_EXT -static int ecc_decode_test(void) -{ - int ret; - word32 inSz; - word32 inOutIdx; - ecc_key key; - - /* SECP256R1 OID: 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 */ - - /* This is ecc_clikeypub_der_256. */ - static const byte good[] = { - 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, - 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, - 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x55, 0xbf, 0xf4, - 0x0f, 0x44, 0x50, 0x9a, 0x3d, 0xce, 0x9b, 0xb7, 0xf0, 0xc5, - 0x4d, 0xf5, 0x70, 0x7b, 0xd4, 0xec, 0x24, 0x8e, 0x19, 0x80, - 0xec, 0x5a, 0x4c, 0xa2, 0x24, 0x03, 0x62, 0x2c, 0x9b, 0xda, - 0xef, 0xa2, 0x35, 0x12, 0x43, 0x84, 0x76, 0x16, 0xc6, 0x56, - 0x95, 0x06, 0xcc, 0x01, 0xa9, 0xbd, 0xf6, 0x75, 0x1a, 0x42, - 0xf7, 0xbd, 0xa9, 0xb2, 0x36, 0x22, 0x5f, 0xc7, 0x5d, 0x7f, - 0xb4 }; - static const byte badNoObjId[] = { 0x30, 0x08, 0x30, 0x06, 0x03, 0x04, - 0x00, 0x04, 0x01, 0x01 }; - static const byte badOneObjId[] = { 0x30, 0x0a, 0x30, 0x08, 0x06, 0x00, - 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 }; - static const byte badObjId1Len[] = { 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x09, - 0x06, 0x00, 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 }; - static const byte badObj2d1Len[] = { 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x00, - 0x06, 0x07, 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 }; - static const byte badNotBitStr[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00, - 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, - 0x04, 0x04, 0x00, 0x04, 0x01, 0x01 }; - static const byte badBitStrLen[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00, - 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, - 0x03, 0x05, 0x00, 0x04, 0x01, 0x01 }; - static const byte badNoBitStrZero[] = { 0x30, 0x13, 0x30, 0x0a, 0x06, 0x00, - 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, - 0x03, 0x03, 0x04, 0x01, 0x01 }; - static const byte badPoint[] = { 0x30, 0x12, 0x30, 0x09, 0x06, 0x00, - 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, - 0x03, 0x03, 0x00, 0x04, 0x01 }; - - XMEMSET(&key, 0, sizeof(key)); - wc_ecc_init_ex(&key, HEAP_HINT, devId); - - inSz = sizeof(good); - ret = wc_EccPublicKeyDecode(NULL, &inOutIdx, &key, inSz); - if (ret != BAD_FUNC_ARG) { - ret = -9800; - goto done; - } - ret = wc_EccPublicKeyDecode(good, NULL, &key, inSz); - if (ret != BAD_FUNC_ARG) { - ret = -9801; - goto done; - } - ret = wc_EccPublicKeyDecode(good, &inOutIdx, NULL, inSz); - if (ret != BAD_FUNC_ARG) { - ret = -9802; - goto done; - } - ret = wc_EccPublicKeyDecode(good, &inOutIdx, &key, 0); - if (ret != BAD_FUNC_ARG) { - ret = -9803; - goto done; - } - - /* Change offset to produce bad input data. */ - inOutIdx = 2; - inSz = sizeof(good) - inOutIdx; - ret = wc_EccPublicKeyDecode(good, &inOutIdx, &key, inSz); - if (ret != ASN_PARSE_E) { - ret = -9804; - goto done; - } - inOutIdx = 4; - inSz = sizeof(good) - inOutIdx; - ret = wc_EccPublicKeyDecode(good, &inOutIdx, &key, inSz); - if (ret != ASN_PARSE_E) { - ret = -9805; - goto done; - } - /* Bad data. */ - inSz = sizeof(badNoObjId); - inOutIdx = 0; - ret = wc_EccPublicKeyDecode(badNoObjId, &inOutIdx, &key, inSz); - if (ret != ASN_OBJECT_ID_E) { - ret = -9806; - goto done; - } - inSz = sizeof(badOneObjId); - inOutIdx = 0; - ret = wc_EccPublicKeyDecode(badOneObjId, &inOutIdx, &key, inSz); - if (ret != ASN_OBJECT_ID_E) { - ret = -9807; - goto done; - } - inSz = sizeof(badObjId1Len); - inOutIdx = 0; - ret = wc_EccPublicKeyDecode(badObjId1Len, &inOutIdx, &key, inSz); - if (ret != ASN_PARSE_E) { - ret = -9808; - goto done; - } - inSz = sizeof(badObj2d1Len); - inOutIdx = 0; - ret = wc_EccPublicKeyDecode(badObj2d1Len, &inOutIdx, &key, inSz); - if (ret != ASN_PARSE_E) { - ret = -9809; - goto done; - } - inSz = sizeof(badNotBitStr); - inOutIdx = 0; - ret = wc_EccPublicKeyDecode(badNotBitStr, &inOutIdx, &key, inSz); - if (ret != ASN_BITSTR_E) { - ret = -9810; - goto done; - } - inSz = sizeof(badBitStrLen); - inOutIdx = 0; - ret = wc_EccPublicKeyDecode(badBitStrLen, &inOutIdx, &key, inSz); - if (ret != ASN_PARSE_E) { - ret = -9811; - goto done; - } - inSz = sizeof(badNoBitStrZero); - inOutIdx = 0; - ret = wc_EccPublicKeyDecode(badNoBitStrZero, &inOutIdx, &key, inSz); - if (ret != ASN_EXPECT_0_E) { - ret = -9812; - goto done; - } - inSz = sizeof(badPoint); - inOutIdx = 0; - ret = wc_EccPublicKeyDecode(badPoint, &inOutIdx, &key, inSz); - if (ret != ASN_ECC_KEY_E) { - ret = -9813; - goto done; - } - - inSz = sizeof(good); - inOutIdx = 0; - ret = wc_EccPublicKeyDecode(good, &inOutIdx, &key, inSz); - if (ret != 0) { - ret = -9814; - goto done; - } - -done: - wc_ecc_free(&key); - return ret; -} -#endif /* WOLFSSL_CERT_EXT */ - -#ifdef WOLFSSL_CUSTOM_CURVES -static const byte eccKeyExplicitCurve[] = { - 0x30, 0x81, 0xf5, 0x30, 0x81, 0xae, 0x06, 0x07, - 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x30, - 0x81, 0xa2, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06, - 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01, - 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, - 0xff, 0xfc, 0x2f, 0x30, 0x06, 0x04, 0x01, 0x00, - 0x04, 0x01, 0x07, 0x04, 0x41, 0x04, 0x79, 0xbe, - 0x66, 0x7e, 0xf9, 0xdc, 0xbb, 0xac, 0x55, 0xa0, - 0x62, 0x95, 0xce, 0x87, 0x0b, 0x07, 0x02, 0x9b, - 0xfc, 0xdb, 0x2d, 0xce, 0x28, 0xd9, 0x59, 0xf2, - 0x81, 0x5b, 0x16, 0xf8, 0x17, 0x98, 0x48, 0x3a, - 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4, - 0xfb, 0xfc, 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, - 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19, 0x9c, 0x47, - 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8, 0x02, 0x21, - 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xfe, 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, - 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, - 0x41, 0x02, 0x01, 0x01, 0x03, 0x42, 0x00, 0x04, - 0x3c, 0x4c, 0xc9, 0x5e, 0x2e, 0xa2, 0x3d, 0x49, - 0xcc, 0x5b, 0xff, 0x4f, 0xc9, 0x2e, 0x1d, 0x4a, - 0xc6, 0x21, 0xf6, 0xf3, 0xe6, 0x0b, 0x4f, 0xa9, - 0x9d, 0x74, 0x99, 0xdd, 0x97, 0xc7, 0x6e, 0xbe, - 0x14, 0x2b, 0x39, 0x9d, 0x63, 0xc7, 0x97, 0x0d, - 0x45, 0x25, 0x40, 0x30, 0x77, 0x05, 0x76, 0x88, - 0x38, 0x96, 0x29, 0x7d, 0x9c, 0xe1, 0x50, 0xbe, - 0xac, 0xf0, 0x1d, 0x86, 0xf4, 0x2f, 0x65, 0x0b -}; - -static int ecc_test_custom_curves(WC_RNG* rng) -{ - int ret; - word32 inOutIdx; - ecc_key key; - - /* test use of custom curve - using BRAINPOOLP256R1 for test */ - #ifndef WOLFSSL_ECC_CURVE_STATIC - const ecc_oid_t ecc_oid_brainpoolp256r1[] = { - 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07 - }; - const word32 ecc_oid_brainpoolp256r1_sz = - sizeof(ecc_oid_brainpoolp256r1) / sizeof(ecc_oid_t); - #else - #define ecc_oid_brainpoolp256r1 { \ - 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07 \ - } - #define ecc_oid_brainpoolp256r1_sz 9 - #endif - const word32 ecc_oid_brainpoolp256r1_sum = 104; - - const ecc_set_type ecc_dp_brainpool256r1 = { - 32, /* size/bytes */ - ECC_CURVE_CUSTOM, /* ID */ - "BRAINPOOLP256R1", /* curve name */ - "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", /* prime */ - "7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9", /* A */ - "26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", /* B */ - "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", /* order */ - "8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", /* Gx */ - "547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", /* Gy */ - ecc_oid_brainpoolp256r1, /* oid/oidSz */ - ecc_oid_brainpoolp256r1_sz, - ecc_oid_brainpoolp256r1_sum, /* oid sum */ - 1, /* cofactor */ - }; - - ret = ecc_test_curve_size(rng, 0, ECC_TEST_VERIFY_COUNT, ECC_CURVE_DEF, - &ecc_dp_brainpool256r1); - if (ret != 0) { - printf("ECC test for custom curve failed! %d\n", ret); - return ret; - } - - #if defined(HAVE_ECC_BRAINPOOL) || defined(HAVE_ECC_KOBLITZ) - { - int curve_id; - #ifdef HAVE_ECC_BRAINPOOL - curve_id = ECC_BRAINPOOLP256R1; - #else - curve_id = ECC_SECP256K1; - #endif - /* Test and demonstrate use of non-SECP curve */ - ret = ecc_test_curve_size(rng, 0, ECC_TEST_VERIFY_COUNT, curve_id, NULL); - if (ret < 0) { - printf("ECC test for curve_id %d failed! %d\n", curve_id, ret); - return ret; - } - } - #endif - - ret = wc_ecc_init_ex(&key, HEAP_HINT, devId); - if (ret != 0) { - return -9815; - } - - inOutIdx = 0; - ret = wc_EccPublicKeyDecode(eccKeyExplicitCurve, &inOutIdx, &key, - sizeof(eccKeyExplicitCurve)); - if (ret != 0) - return -9816; - - wc_ecc_free(&key); - - return ret; -} -#endif /* WOLFSSL_CUSTOM_CURVES */ - -#ifdef WOLFSSL_CERT_GEN - -/* Make Cert / Sign example for ECC cert and ECC CA */ -static int ecc_test_cert_gen(WC_RNG* rng) -{ - int ret; - Cert myCert; - int certSz; - size_t bytes; - word32 idx = 0; -#ifndef USE_CERT_BUFFERS_256 - XFILE file; -#endif -#ifdef WOLFSSL_TEST_CERT - DecodedCert decode; -#endif -#ifdef WOLFSSL_SMALL_STACK - byte* der = NULL; -#else - byte der[FOURK_BUF]; -#endif - ecc_key caEccKey; - ecc_key certPubKey; - - XMEMSET(&caEccKey, 0, sizeof(caEccKey)); - XMEMSET(&certPubKey, 0, sizeof(certPubKey)); - -#ifdef WOLFSSL_SMALL_STACK - der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (der == NULL) { - ERROR_OUT(-9818, exit); - } -#endif - - /* Get cert private key */ -#ifdef ENABLE_ECC384_CERT_GEN_TEST - /* Get Cert Key 384 */ -#ifdef USE_CERT_BUFFERS_256 - XMEMCPY(der, ca_ecc_key_der_384, sizeof_ca_ecc_key_der_384); - bytes = sizeof_ca_ecc_key_der_384; -#else - file = XFOPEN(eccCaKey384File, "rb"); - if (!file) { - ERROR_OUT(-9819, exit); - } - - bytes = XFREAD(der, 1, FOURK_BUF, file); - XFCLOSE(file); - (void)eccCaKeyFile; -#endif /* USE_CERT_BUFFERS_256 */ -#else -#ifdef USE_CERT_BUFFERS_256 - XMEMCPY(der, ca_ecc_key_der_256, sizeof_ca_ecc_key_der_256); - bytes = sizeof_ca_ecc_key_der_256; -#else - file = XFOPEN(eccCaKeyFile, "rb"); - if (!file) { - ERROR_OUT(-9820, exit); - } - bytes = XFREAD(der, 1, FOURK_BUF, file); - XFCLOSE(file); -#ifdef ENABLE_ECC384_CERT_GEN_TEST - (void)eccCaKey384File; -#endif -#endif /* USE_CERT_BUFFERS_256 */ -#endif /* ENABLE_ECC384_CERT_GEN_TEST */ - - /* Get CA Key */ - ret = wc_ecc_init_ex(&caEccKey, HEAP_HINT, devId); - if (ret != 0) { - ERROR_OUT(-9821, exit); - } - ret = wc_EccPrivateKeyDecode(der, &idx, &caEccKey, (word32)bytes); - if (ret != 0) { - ERROR_OUT(-9822, exit); - } - - /* Make a public key */ - ret = wc_ecc_init_ex(&certPubKey, HEAP_HINT, devId); - if (ret != 0) { - ERROR_OUT(-9823, exit); - } - - ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, &certPubKey); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &certPubKey.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0) { - ERROR_OUT(-9824, exit); - } - TEST_SLEEP(); - - /* Setup Certificate */ - if (wc_InitCert(&myCert)) { - ERROR_OUT(-9825, exit); - } - -#ifndef NO_SHA256 - myCert.sigType = CTC_SHA256wECDSA; -#else - myCert.sigType = CTC_SHAwECDSA; -#endif - XMEMCPY(&myCert.subject, &certDefaultName, sizeof(CertName)); - -#ifdef WOLFSSL_CERT_EXT - /* add Policies */ - XSTRNCPY(myCert.certPolicies[0], "2.4.589440.587.101.2.1.9632587.1", - CTC_MAX_CERTPOL_SZ); - XSTRNCPY(myCert.certPolicies[1], "1.2.13025.489.1.113549", - CTC_MAX_CERTPOL_SZ); - myCert.certPoliciesNb = 2; - - /* add SKID from the Public Key */ - if (wc_SetSubjectKeyIdFromPublicKey(&myCert, NULL, &certPubKey) != 0) { - ERROR_OUT(-9826, exit); - } - - /* add AKID from the Public Key */ - if (wc_SetAuthKeyIdFromPublicKey(&myCert, NULL, &caEccKey) != 0) { - ERROR_OUT(-9827, exit); - } - - /* add Key Usage */ - if (wc_SetKeyUsage(&myCert, certKeyUsage) != 0) { - ERROR_OUT(-9828, exit); - } -#endif /* WOLFSSL_CERT_EXT */ - -#ifdef ENABLE_ECC384_CERT_GEN_TEST - #if defined(USE_CERT_BUFFERS_256) - ret = wc_SetIssuerBuffer(&myCert, ca_ecc_cert_der_384, - sizeof_ca_ecc_cert_der_384); -#else - ret = wc_SetIssuer(&myCert, eccCaCert384File); - (void)eccCaCertFile; -#endif -#else -#if defined(USE_CERT_BUFFERS_256) - ret = wc_SetIssuerBuffer(&myCert, ca_ecc_cert_der_256, - sizeof_ca_ecc_cert_der_256); -#else - ret = wc_SetIssuer(&myCert, eccCaCertFile); -#ifdef ENABLE_ECC384_CERT_GEN_TEST - (void)eccCaCert384File; -#endif -#endif -#endif /* ENABLE_ECC384_CERT_GEN_TEST */ - if (ret < 0) { - ERROR_OUT(-9829, exit); - } - - certSz = wc_MakeCert(&myCert, der, FOURK_BUF, NULL, &certPubKey, rng); - if (certSz < 0) { - ERROR_OUT(-9830, exit); - } - - ret = 0; - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &caEccKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) { - ret = wc_SignCert(myCert.bodySz, myCert.sigType, der, - FOURK_BUF, NULL, &caEccKey, rng); - } - } while (ret == WC_PENDING_E); - if (ret < 0) { - ERROR_OUT(-9831, exit); - } - certSz = ret; - TEST_SLEEP(); - -#ifdef WOLFSSL_TEST_CERT - InitDecodedCert(&decode, der, certSz, 0); - ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); - if (ret != 0) { - FreeDecodedCert(&decode); - ERROR_OUT(-9832, exit); - - } - FreeDecodedCert(&decode); -#endif - - ret = SaveDerAndPem(der, certSz, certEccDerFile, certEccPemFile, - CERT_TYPE, -6735); - if (ret != 0) { - goto exit; - } - -exit: -#ifdef WOLFSSL_SMALL_STACK - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); -#endif - wc_ecc_free(&certPubKey); - wc_ecc_free(&caEccKey); - - return ret; -} -#endif /* WOLFSSL_CERT_GEN */ - -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) -/* Test for the wc_ecc_key_new() and wc_ecc_key_free() functions. */ -static int ecc_test_allocator(WC_RNG* rng) -{ - int ret = 0; - ecc_key* key; - - key = wc_ecc_key_new(HEAP_HINT); - if (key == NULL) { - ERROR_OUT(-9833, exit); - } - - ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key); - if (ret != 0) { - ERROR_OUT(-9834, exit); - } - -exit: - wc_ecc_key_free(key); - return ret; -} -#endif - -/* ECC Non-blocking tests for Sign and Verify */ -/* Requires SP math and supports P384 or P256 */ -/* ./configure --enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS="-DWOLFSSL_PUBLIC_MP" */ -#if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_PUBLIC_MP) && \ - defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY) -/* Test Data - Random */ -static const uint8_t kMsg[] = { - 0x69, 0xbc, 0x9f, 0xce, 0x68, 0x17, 0xc2, 0x10, 0xea, 0xfc, 0x10, 0x65, 0x67, 0x52, 0xed, 0x78, - 0x6e, 0xb8, 0x83, 0x9c, 0x9a, 0xb4, 0x56, 0x0d, 0xc1, 0x0d, 0x1f, 0x78, 0x6e, 0x75, 0xd7, 0xbe, - 0x92, 0x6b, 0x12, 0xf6, 0x76, 0x60, 0x8e, 0xb1, 0xf4, 0x19, 0x0c, 0x81, 0xe7, 0x54, 0x5e, 0xbc, - 0xe0, 0xae, 0xc2, 0x7d, 0x1b, 0xc4, 0x6e, 0xec, 0xb1, 0x99, 0x6c, 0xbf, 0x0e, 0x38, 0xa8, 0x01, - 0xa6, 0x9a, 0x48, 0x12, 0xe4, 0xc9, 0x3b, 0xf0, 0x63, 0x46, 0x15, 0xb4, 0x61, 0xa8, 0x1a, 0x60, - 0x71, 0x87, 0x98, 0xd7, 0x6f, 0x98, 0x7b, 0x2d, 0xb9, 0x19, 0x1b, 0x21, 0x9c, 0x70, 0x58, 0xe8, - 0x0d, 0x0f, 0xe9, 0x2d, 0x9a, 0x9a, 0xf1, 0x55, 0xa0, 0x4c, 0xd3, 0x07, 0xbd, 0x97, 0x48, 0xec, - 0x88, 0x0a, 0xaf, 0xb3, 0x80, 0x78, 0xa4, 0x59, 0x43, 0x57, 0xd3, 0xa7, 0x01, 0x66, 0x0e, 0xfc -}; - -/* ECC Private Key "d" */ -static const uint8_t kPrivKey[] = { -#ifdef HAVE_ECC384 - /* SECP384R1 */ - /* d */ - 0xa4, 0xe5, 0x06, 0xe8, 0x06, 0x16, 0x3e, 0xab, - 0x89, 0xf8, 0x60, 0x43, 0xc0, 0x60, 0x25, 0xdb, - 0xba, 0x7b, 0xfe, 0x19, 0x35, 0x08, 0x55, 0x65, - 0x76, 0xe2, 0xdc, 0xe0, 0x01, 0x8b, 0x6b, 0x68, - 0xdf, 0xcf, 0x6f, 0x80, 0x12, 0xce, 0x79, 0x37, - 0xeb, 0x2b, 0x9c, 0x7b, 0xc4, 0x68, 0x1c, 0x74 -#else - /* SECP256R1 */ - /* d */ - 0x1e, 0xe7, 0x70, 0x07, 0xd3, 0x30, 0x94, 0x39, - 0x28, 0x90, 0xdf, 0x23, 0x88, 0x2c, 0x4a, 0x34, - 0x15, 0xdb, 0x4c, 0x43, 0xcd, 0xfa, 0xe5, 0x1f, - 0x3d, 0x4c, 0x37, 0xfe, 0x59, 0x3b, 0x96, 0xd8 -#endif -}; - -/* ECC public key Qx/Qy */ -static const uint8_t kPubKey[] = { -#ifdef HAVE_ECC384 - /* SECP384R1 */ - /* Qx */ - 0xea, 0xcf, 0x93, 0x4f, 0x2c, 0x09, 0xbb, 0x39, - 0x14, 0x0f, 0x56, 0x64, 0xc3, 0x40, 0xb4, 0xdf, - 0x0e, 0x63, 0xae, 0xe5, 0x71, 0x4b, 0x00, 0xcc, - 0x04, 0x97, 0xff, 0xe1, 0xe9, 0x38, 0x96, 0xbb, - 0x5f, 0x91, 0xb2, 0x6a, 0xcc, 0xb5, 0x39, 0x5f, - 0x8f, 0x70, 0x59, 0xf1, 0x01, 0xf6, 0x5a, 0x2b, - /* Qy */ - 0x01, 0x6c, 0x68, 0x0b, 0xcf, 0x55, 0x25, 0xaf, - 0x6d, 0x98, 0x48, 0x0a, 0xa8, 0x74, 0xc9, 0xa9, - 0x17, 0xa0, 0x0c, 0xc3, 0xfb, 0xd3, 0x23, 0x68, - 0xfe, 0x04, 0x3c, 0x63, 0x50, 0x88, 0x3b, 0xb9, - 0x4f, 0x7c, 0x67, 0x34, 0xf7, 0x3b, 0xa9, 0x73, - 0xe7, 0x1b, 0xc3, 0x51, 0x5e, 0x22, 0x18, 0xec -#else - /* SECP256R1 */ - /* Qx */ - 0x96, 0x93, 0x1c, 0x53, 0x0b, 0x43, 0x6c, 0x42, - 0x0c, 0x52, 0x90, 0xe4, 0xa7, 0xec, 0x98, 0xb1, - 0xaf, 0xd4, 0x14, 0x49, 0xd8, 0xc1, 0x42, 0x82, - 0x04, 0x78, 0xd1, 0x90, 0xae, 0xa0, 0x6c, 0x07, - /* Qy */ - 0xf2, 0x3a, 0xb5, 0x10, 0x32, 0x8d, 0xce, 0x9e, - 0x76, 0xa0, 0xd2, 0x8c, 0xf3, 0xfc, 0xa9, 0x94, - 0x43, 0x24, 0xe6, 0x82, 0x00, 0x40, 0xc6, 0xdb, - 0x1c, 0x2f, 0xcd, 0x38, 0x4b, 0x60, 0xdd, 0x61 -#endif -}; - -/* ECC Curve */ -#ifdef HAVE_ECC384 - /* SECP384R1 */ - #define ECC_CURVE_SZ 48 - #define ECC_CURVE_ID ECC_SECP384R1 -#else - /* SECP256R1 */ - #define ECC_CURVE_SZ 32 - #define ECC_CURVE_ID ECC_SECP256R1 -#endif - -/* Hash Algorithm */ -#if defined(HAVE_ECC384) && defined(WOLFSSL_SHA3) - #define HASH_DIGEST_SZ WC_SHA3_384_DIGEST_SIZE - #define HASH_SHA_VER 3 - #define CRYPTO_HASH_FN crypto_sha3_384 -#elif defined(HAVE_ECC384) && defined(WOLFSSL_SHA384) - #define HASH_DIGEST_SZ WC_SHA384_DIGEST_SIZE - #define HASH_SHA_VER 2 - #define CRYPTO_HASH_FN crypto_sha2_384 -#elif !defined(NO_SHA256) - #define HASH_DIGEST_SZ WC_SHA256_DIGEST_SIZE - #define HASH_SHA_VER 2 - #define CRYPTO_HASH_FN crypto_sha2_256 -#else - #error test configuration not supported -#endif - -#if defined(HAVE_ECC384) && defined(WOLFSSL_SHA3) -/* helper to perform hashing block by block */ -static int crypto_sha3_384(const uint8_t *buf, uint32_t len, uint8_t *hash, - uint32_t hashSz, uint32_t blkSz) -{ - int ret; - uint32_t i = 0, chunk; - wc_Sha3 sha3; - - /* validate arguments */ - if ((buf == NULL && len > 0) || hash == NULL || - hashSz < WC_SHA3_384_DIGEST_SIZE || blkSz == 0) - { - return BAD_FUNC_ARG; - } - - /* Init Sha3_384 structure */ - ret = wc_InitSha3_384(&sha3, NULL, INVALID_DEVID); - if (ret != 0) { - return ret; - } - while (i < len) { - chunk = blkSz; - if ((chunk + i) > len) - chunk = len - i; - /* Perform chunked update */ - ret = wc_Sha3_384_Update(&sha3, (buf + i), chunk); - if (ret != 0) { - break; - } - i += chunk; - } - if (ret == 0) { - /* Get final digest result */ - ret = wc_Sha3_384_Final(&sha3, hash); - } - return ret; -} -#elif defined(HAVE_ECC384) && defined(WOLFSSL_SHA384) -/* helper to perform hashing block by block */ -static int crypto_sha2_384(const uint8_t *buf, uint32_t len, uint8_t *hash, - uint32_t hashSz, uint32_t blkSz) -{ - int ret; - uint32_t i = 0, chunk; - wc_Sha384 sha384; - - /* validate arguments */ - if ((buf == NULL && len > 0) || hash == NULL || - hashSz < WC_SHA384_DIGEST_SIZE || blkSz == 0) - { - return BAD_FUNC_ARG; - } - - /* Init Sha384 structure */ - ret = wc_InitSha384(&sha384); - if (ret != 0) { - return ret; - } - while (i < len) { - chunk = blkSz; - if ((chunk + i) > len) - chunk = len - i; - /* Perform chunked update */ - ret = wc_Sha384Update(&sha384, (buf + i), chunk); - if (ret != 0) { - break; - } - i += chunk; - } - if (ret == 0) { - /* Get final digest result */ - ret = wc_Sha384Final(&sha384, hash); - } - return ret; -} -#elif !defined(NO_SHA256) -/* helper to perform hashing block by block */ -static int crypto_sha2_256(const uint8_t *buf, uint32_t len, uint8_t *hash, - uint32_t hashSz, uint32_t blkSz) -{ - int ret; - uint32_t i = 0, chunk; - wc_Sha256 sha256; - - /* validate arguments */ - if ((buf == NULL && len > 0) || hash == NULL || - hashSz < WC_SHA256_DIGEST_SIZE || blkSz == 0) - { - return BAD_FUNC_ARG; - } - - /* Init Sha256 structure */ - ret = wc_InitSha256(&sha256); - if (ret != 0) { - return ret; - } - while (i < len) { - chunk = blkSz; - if ((chunk + i) > len) - chunk = len - i; - /* Perform chunked update */ - ret = wc_Sha256Update(&sha256, (buf + i), chunk); - if (ret != 0) { - break; - } - i += chunk; - } - if (ret == 0) { - /* Get final digest result */ - ret = wc_Sha256Final(&sha256, hash); - } - return ret; -} -#endif - -/* perform verify of signature and hash using public key */ -/* key is public Qx + public Qy */ -/* sig is r + s */ -static int crypto_ecc_verify(const uint8_t *key, uint32_t keySz, - const uint8_t *hash, uint32_t hashSz, const uint8_t *sig, uint32_t sigSz, - uint32_t curveSz, int curveId) -{ - int ret, verify_res = 0, count = 0; - mp_int r, s; - ecc_key ecc; - ecc_nb_ctx_t nb_ctx; - - /* validate arguments */ - if (key == NULL || hash == NULL || sig == NULL || curveSz == 0 || - hashSz == 0 || keySz < (curveSz*2) || sigSz < (curveSz*2)) - { - return BAD_FUNC_ARG; - } - - /* Setup the ECC key */ - ret = wc_ecc_init(&ecc); - if (ret < 0) { - return ret; - } - - ret = wc_ecc_set_nonblock(&ecc, &nb_ctx); - if (ret != MP_OKAY) { - wc_ecc_free(&ecc); - return ret; - } - - /* Setup the signature r/s variables */ - ret = mp_init(&r); - if (ret != MP_OKAY) { - wc_ecc_free(&ecc); - return ret; - } - ret = mp_init(&s); - if (ret != MP_OKAY) { - mp_clear(&r); - wc_ecc_free(&ecc); - return ret; - } - - /* Import public key x/y */ - ret = wc_ecc_import_unsigned( - &ecc, - (byte*)key, /* Public "x" Coordinate */ - (byte*)(key + curveSz), /* Public "y" Coordinate */ - NULL, /* Private "d" (optional) */ - curveId /* ECC Curve Id */ - ); - /* Make sure it was a public key imported */ - if (ret == 0 && ecc.type != ECC_PUBLICKEY) { - ret = ECC_BAD_ARG_E; - } - - /* Import signature r/s */ - if (ret == 0) { - ret = mp_read_unsigned_bin(&r, sig, curveSz); - } - if (ret == 0) { - ret = mp_read_unsigned_bin(&s, sig + curveSz, curveSz); - } - - /* Verify ECC Signature */ - if (ret == 0) { - do { - ret = wc_ecc_verify_hash_ex( - &r, &s, /* r/s as mp_int */ - hash, hashSz, /* computed hash digest */ - &verify_res, /* verification result 1=success */ - &ecc - ); - count++; - - /* TODO: Real-time work can be called here */ - } while (ret == FP_WOULDBLOCK); - #ifdef DEBUG_WOLFSSL - printf("ECC non-block verify: %d times\n", count); - #endif - } - - /* check verify result */ - if (ret == 0 && verify_res == 0) { - ret = SIG_VERIFY_E; - } - - mp_clear(&r); - mp_clear(&s); - wc_ecc_free(&ecc); - - (void)count; - - return ret; -} - -/* perform signature operation against hash using private key */ -static int crypto_ecc_sign(const uint8_t *key, uint32_t keySz, - const uint8_t *hash, uint32_t hashSz, uint8_t *sig, uint32_t* sigSz, - uint32_t curveSz, int curveId, WC_RNG* rng) -{ - int ret, count = 0; - mp_int r, s; - ecc_key ecc; - ecc_nb_ctx_t nb_ctx; - - /* validate arguments */ - if (key == NULL || hash == NULL || sig == NULL || sigSz == NULL || - curveSz == 0 || hashSz == 0 || keySz < curveSz || *sigSz < (curveSz*2)) - { - return BAD_FUNC_ARG; - } - - /* Initialize signature result */ - memset(sig, 0, curveSz*2); - - /* Setup the ECC key */ - ret = wc_ecc_init(&ecc); - if (ret < 0) { - return ret; - } - - ret = wc_ecc_set_nonblock(&ecc, &nb_ctx); - if (ret != MP_OKAY) { - wc_ecc_free(&ecc); - return ret; - } - - /* Setup the signature r/s variables */ - ret = mp_init(&r); - if (ret != MP_OKAY) { - wc_ecc_free(&ecc); - return ret; - } - ret = mp_init(&s); - if (ret != MP_OKAY) { - mp_clear(&r); - wc_ecc_free(&ecc); - return ret; - } - - /* Import private key "k" */ - ret = wc_ecc_import_private_key_ex( - key, keySz, /* private key "d" */ - NULL, 0, /* public (optional) */ - &ecc, - curveId /* ECC Curve Id */ - ); - - if (ret == 0) { - do { - /* Verify ECC Signature */ - ret = wc_ecc_sign_hash_ex( - hash, hashSz, /* computed hash digest */ - rng, &ecc, /* random and key context */ - &r, &s /* r/s as mp_int */ - ); - count++; - - /* TODO: Real-time work can be called here */ - } while (ret == FP_WOULDBLOCK); - - #ifdef DEBUG_WOLFSSL - printf("ECC non-block sign: %d times\n", count); - #endif - } - - if (ret == 0) { - /* export r/s */ - mp_to_unsigned_bin(&r, sig); - mp_to_unsigned_bin(&s, sig + curveSz); - } - - mp_clear(&r); - mp_clear(&s); - wc_ecc_free(&ecc); - - (void)count; - - return ret; -} - -static int ecc_test_nonblock(WC_RNG* rng) -{ - int ret; - uint8_t hash[HASH_DIGEST_SZ]; - uint8_t sig[ECC_CURVE_SZ*2]; - uint32_t sigSz = sizeof(sig); - - ret = CRYPTO_HASH_FN( - kMsg, sizeof(kMsg), /* input message */ - hash, sizeof(hash), /* hash digest result */ - 32 /* configurable block / chunk size */ - ); - if (ret == 0) { - /* Sign hash using private key */ - /* Note: result of an ECC sign varies for each call even with same - private key and hash. This is because a new random public key is - used for each operation. */ - ret = crypto_ecc_sign( - kPrivKey, sizeof(kPrivKey), /* private key */ - hash, sizeof(hash), /* computed hash digest */ - sig, &sigSz, /* signature r/s */ - ECC_CURVE_SZ, /* curve size in bytes */ - ECC_CURVE_ID, /* curve id */ - rng - ); - } - - if (ret == 0) { - /* Verify generated signature is valid */ - ret = crypto_ecc_verify( - kPubKey, sizeof(kPubKey), /* public key point x/y */ - hash, sizeof(hash), /* computed hash digest */ - sig, sigSz, /* signature r/s */ - ECC_CURVE_SZ, /* curve size in bytes */ - ECC_CURVE_ID /* curve id */ - ); - } - - return ret; -} -#endif /* WC_ECC_NONBLOCK && WOLFSSL_PUBLIC_MP && HAVE_ECC_SIGN && HAVE_ECC_VERIFY */ - -static int ecc_test(void) -{ - int ret; - WC_RNG rng; - -#ifdef WOLFSSL_CERT_EXT - ret = ecc_decode_test(); - if (ret < 0) - return ret; -#endif - -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) - return -9900; - -#if defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES) - ret = ecc_test_curve(&rng, 14); - if (ret < 0) { - goto done; - } -#endif /* HAVE_ECC112 */ -#if defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES) - ret = ecc_test_curve(&rng, 16); - if (ret < 0) { - goto done; - } -#endif /* HAVE_ECC128 */ -#if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES) - ret = ecc_test_curve(&rng, 20); - if (ret < 0) { - goto done; - } -#endif /* HAVE_ECC160 */ -#if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES) - ret = ecc_test_curve(&rng, 24); - if (ret < 0) { - goto done; - } -#endif /* HAVE_ECC192 */ -#if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES) - ret = ecc_test_curve(&rng, 28); - if (ret < 0) { - goto done; - } -#endif /* HAVE_ECC224 */ -#if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES) - ret = ecc_test_curve(&rng, 30); - if (ret < 0) { - goto done; - } -#endif /* HAVE_ECC239 */ -#if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) - ret = ecc_test_curve(&rng, 32); - if (ret < 0) { - goto done; - } -#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ - defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) - ret = ecc_point_test(); - if (ret < 0) { - goto done; - } -#endif - ret = ecc_def_curve_test(&rng); - if (ret < 0) { - goto done; - } -#endif /* !NO_ECC256 */ -#if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES) - ret = ecc_test_curve(&rng, 40); - if (ret < 0) { - goto done; - } -#endif /* HAVE_ECC320 */ -#if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) - ret = ecc_test_curve(&rng, 48); - if (ret < 0) { - goto done; - } -#endif /* HAVE_ECC384 */ -#if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES) - ret = ecc_test_curve(&rng, 64); - if (ret < 0) { - goto done; - } -#endif /* HAVE_ECC512 */ -#if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES) - ret = ecc_test_curve(&rng, 66); - if (ret < 0) { - goto done; - } -#endif /* HAVE_ECC521 */ - -#if defined(WOLFSSL_CUSTOM_CURVES) - ret = ecc_test_custom_curves(&rng); - if (ret != 0) { - goto done; - } -#endif - -#if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_SET_K) - ret = ecc_test_sign_vectors(&rng); - if (ret != 0) { - printf("ecc_test_sign_vectors failed! %d\n", ret); - goto done; - } -#endif -#ifdef HAVE_ECC_CDH - ret = ecc_test_cdh_vectors(&rng); - if (ret != 0) { - printf("ecc_test_cdh_vectors failed! %d\n", ret); - goto done; - } -#endif -#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ - !defined(WOLFSSL_STM32_PKA) - ret = ecc_test_make_pub(&rng); - if (ret != 0) { - printf("ecc_test_make_pub failed!: %d\n", ret); - goto done; - } -#elif defined(HAVE_ECC_KEY_IMPORT) - (void) ecc_test_make_pub;/* for compiler warning */ -#endif -#ifdef WOLFSSL_CERT_GEN - ret = ecc_test_cert_gen(&rng); - if (ret != 0) { - printf("ecc_test_cert_gen failed!: %d\n", ret); - goto done; - } -#endif -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) - ret = ecc_test_allocator(&rng); - if (ret != 0) { - printf("ecc_test_allocator failed!: %d\n", ret); - } -#endif - -#if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_PUBLIC_MP) && \ - defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY) - ret = ecc_test_nonblock(&rng); - if (ret != 0) { - printf("ecc_test_nonblock failed!: %d\n", ret); - } -#endif - -done: - wc_FreeRng(&rng); - - return ret; -} - -#if defined(HAVE_ECC_ENCRYPT) && defined(WOLFSSL_AES_128) - -static int ecc_encrypt_test(void) -{ - WC_RNG rng; - int ret = 0; - ecc_key userA, userB; - byte msg[48]; - byte plain[48]; - byte out[80]; - word32 outSz = sizeof(out); - word32 plainSz = sizeof(plain); - int i; - ecEncCtx* cliCtx = NULL; - ecEncCtx* srvCtx = NULL; - byte cliSalt[EXCHANGE_SALT_SZ]; - byte srvSalt[EXCHANGE_SALT_SZ]; - const byte* tmpSalt; - byte msg2[48]; - byte plain2[48]; - byte out2[80]; - word32 outSz2 = sizeof(out2); - word32 plainSz2 = sizeof(plain2); - -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) - return -10000; - - XMEMSET(&userA, 0, sizeof(userA)); - XMEMSET(&userB, 0, sizeof(userB)); - - ret = wc_ecc_init_ex(&userA, HEAP_HINT, devId); - if (ret != 0) - goto done; - ret = wc_ecc_init_ex(&userB, HEAP_HINT, devId); - if (ret != 0) - goto done; - - ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, &userA); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0){ - ret = -10001; goto done; - } - - ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, &userB); -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &userB.asyncDev, WC_ASYNC_FLAG_NONE); -#endif - if (ret != 0){ - ret = -10002; goto done; - } - - /* set message to incrementing 0,1,2,etc... */ - for (i = 0; i < (int)sizeof(msg); i++) - msg[i] = i; - -#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \ - (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \ - !defined(HAVE_SELFTEST) - ret = wc_ecc_set_rng(&userA, &rng); - if (ret != 0) { - ret = -10011; goto done; - } - ret = wc_ecc_set_rng(&userB, &rng); - if (ret != 0) { - ret = -10012; goto done; - } -#endif - - /* encrypt msg to B */ - ret = wc_ecc_encrypt(&userA, &userB, msg, sizeof(msg), out, &outSz, NULL); - if (ret != 0) { - ret = -10003; goto done; - } - - /* decrypt msg from A */ - ret = wc_ecc_decrypt(&userB, &userA, out, outSz, plain, &plainSz, NULL); - if (ret != 0) { - ret = -10004; goto done; - } - - if (XMEMCMP(plain, msg, sizeof(msg)) != 0) { - ret = -10005; goto done; - } - - /* let's verify message exchange works, A is client, B is server */ - cliCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng); - srvCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng); - if (cliCtx == NULL || srvCtx == NULL) { - ret = -10006; goto done; - } - - /* get salt to send to peer */ - tmpSalt = wc_ecc_ctx_get_own_salt(cliCtx); - if (tmpSalt == NULL) { - ret = -10007; goto done; - } - XMEMCPY(cliSalt, tmpSalt, EXCHANGE_SALT_SZ); - - tmpSalt = wc_ecc_ctx_get_own_salt(srvCtx); - if (tmpSalt == NULL) { - ret = -10008; goto done; - } - XMEMCPY(srvSalt, tmpSalt, EXCHANGE_SALT_SZ); - - /* in actual use, we'd get the peer's salt over the transport */ - ret = wc_ecc_ctx_set_peer_salt(cliCtx, srvSalt); - if (ret != 0) - goto done; - ret = wc_ecc_ctx_set_peer_salt(srvCtx, cliSalt); - if (ret != 0) - goto done; - - ret = wc_ecc_ctx_set_info(cliCtx, (byte*)"wolfSSL MSGE", 11); - if (ret != 0) - goto done; - ret = wc_ecc_ctx_set_info(srvCtx, (byte*)"wolfSSL MSGE", 11); - if (ret != 0) - goto done; - - /* get encrypted msg (request) to send to B */ - outSz = sizeof(out); - ret = wc_ecc_encrypt(&userA, &userB, msg, sizeof(msg), out, &outSz,cliCtx); - if (ret != 0) - goto done; - - /* B decrypts msg (request) from A */ - plainSz = sizeof(plain); - ret = wc_ecc_decrypt(&userB, &userA, out, outSz, plain, &plainSz, srvCtx); - if (ret != 0) - goto done; - - if (XMEMCMP(plain, msg, sizeof(msg)) != 0) { - ret = -10009; goto done; - } - - /* msg2 (response) from B to A */ - for (i = 0; i < (int)sizeof(msg2); i++) - msg2[i] = i + sizeof(msg2); - - /* get encrypted msg (response) to send to B */ - ret = wc_ecc_encrypt(&userB, &userA, msg2, sizeof(msg2), out2, - &outSz2, srvCtx); - if (ret != 0) - goto done; - - /* A decrypts msg (response) from B */ - ret = wc_ecc_decrypt(&userA, &userB, out2, outSz2, plain2, &plainSz2, - cliCtx); - if (ret != 0) - goto done; - - if (XMEMCMP(plain2, msg2, sizeof(msg2)) != 0) { - ret = -10010; goto done; - } - -done: - - /* cleanup */ - wc_ecc_ctx_free(srvCtx); - wc_ecc_ctx_free(cliCtx); - - wc_ecc_free(&userB); - wc_ecc_free(&userA); - wc_FreeRng(&rng); - - return ret; -} - -#endif /* HAVE_ECC_ENCRYPT */ - -#if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \ - !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) -static int ecc_test_buffers(void) { - size_t bytes; - ecc_key cliKey; - ecc_key servKey; - WC_RNG rng; - word32 idx = 0; - int ret; - /* pad our test message to 32 bytes so evenly divisible by AES_BLOCK_SZ */ - byte in[] = "Everyone gets Friday off. ecc p"; - word32 inLen = (word32)XSTRLEN((char*)in); - byte out[256]; - byte plain[256]; - int verify = 0; - word32 x; - - ret = wc_ecc_init_ex(&cliKey, HEAP_HINT, devId); - if (ret != 0) - return -10011; - ret = wc_ecc_init_ex(&servKey, HEAP_HINT, devId); - if (ret != 0) - return -10012; - - bytes = (size_t)sizeof_ecc_clikey_der_256; - /* place client key into ecc_key struct cliKey */ - ret = wc_EccPrivateKeyDecode(ecc_clikey_der_256, &idx, &cliKey, - (word32)bytes); - if (ret != 0) - return -10013; - - idx = 0; - bytes = (size_t)sizeof_ecc_key_der_256; - - /* place server key into ecc_key struct servKey */ - ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, &servKey, - (word32)bytes); - if (ret != 0) - return -10014; - -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) - return -10015; - -#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \ - (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \ - !defined(HAVE_SELFTEST) - ret = wc_ecc_set_rng(&cliKey, &rng); - if (ret != 0) { - return -10023; - } -#endif - -#if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_HKDF) - { - word32 y; - /* test encrypt and decrypt if they're available */ - x = sizeof(out); - ret = wc_ecc_encrypt(&cliKey, &servKey, in, sizeof(in), out, &x, NULL); - if (ret < 0) - return -10016; - - y = sizeof(plain); - ret = wc_ecc_decrypt(&cliKey, &servKey, out, x, plain, &y, NULL); - if (ret < 0) - return -10017; - - if (XMEMCMP(plain, in, inLen)) - return -10018; - } -#endif - - x = sizeof(out); - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &cliKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_sign_hash(in, inLen, out, &x, &rng, &cliKey); - } while (ret == WC_PENDING_E); - if (ret < 0) - return -10019; - TEST_SLEEP(); - - XMEMSET(plain, 0, sizeof(plain)); - - do { - #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &cliKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret == 0) - ret = wc_ecc_verify_hash(out, x, plain, sizeof(plain), &verify, - &cliKey); - } while (ret == WC_PENDING_E); - if (ret < 0) - return -10020; - - if (XMEMCMP(plain, in, (word32)ret)) - return -10021; - TEST_SLEEP(); - -#ifdef WOLFSSL_CERT_EXT - idx = 0; - - bytes = sizeof_ecc_clikeypub_der_256; - - ret = wc_EccPublicKeyDecode(ecc_clikeypub_der_256, &idx, &cliKey, - (word32) bytes); - if (ret != 0) - return -10022; -#endif - - wc_ecc_free(&cliKey); - wc_ecc_free(&servKey); - wc_FreeRng(&rng); - - return 0; -} -#endif /* USE_CERT_BUFFERS_256 && !WOLFSSL_ATECCX08A && !NO_ECC256 */ -#endif /* HAVE_ECC */ - - -#ifdef HAVE_CURVE25519 -#if defined(HAVE_CURVE25519_SHARED_SECRET) && \ - defined(HAVE_CURVE25519_KEY_IMPORT) -#ifdef CURVE25519_OVERFLOW_ALL_TESTS -#define X25519_TEST_CNT 5 -#else -#define X25519_TEST_CNT 1 -#endif -static int curve25519_overflow_test(void) -{ - /* secret key for party a */ - byte sa[X25519_TEST_CNT][32] = { - { - 0x8d,0xaf,0x6e,0x7a,0xc1,0xeb,0x8d,0x30, - 0x99,0x86,0xd3,0x90,0x47,0x96,0x21,0x3c, - 0x3a,0x75,0xc0,0x7b,0x75,0x01,0x75,0xa3, - 0x81,0x4b,0xff,0x5a,0xbc,0x96,0x87,0x28 - }, -#ifdef CURVE25519_OVERFLOW_ALL_TESTS - { - 0x9d,0x63,0x5f,0xce,0xe2,0xe8,0xd7,0xfb, - 0x68,0x77,0x0e,0x44,0xd1,0xad,0x87,0x2b, - 0xf4,0x65,0x06,0xb7,0xbb,0xdb,0xbe,0x6e, - 0x02,0x43,0x24,0xc7,0x3d,0x7b,0x88,0x60 - }, - { - 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9, - 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52, - 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1, - 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0 - }, - { - 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9, - 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52, - 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1, - 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0 - }, - { - 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9, - 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52, - 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1, - 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0 - } -#endif - }; - - /* public key for party b */ - byte pb[X25519_TEST_CNT][32] = { - { - 0x7f,0xff,0xff,0xff,0xff,0xff,0xff,0xff, - 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, - 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, - 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf0 - }, -#ifdef CURVE25519_OVERFLOW_ALL_TESTS - { - /* 0xff first byte in original - invalid! */ - 0x7f,0xff,0xff,0xff,0xff,0xff,0xff,0xff, - 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, - 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, - 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf0 - }, - { - 0x36,0x1a,0x74,0x87,0x28,0x59,0xe0,0xb6, - 0xe4,0x2b,0x17,0x9b,0x16,0xb0,0x3b,0xf8, - 0xb8,0x9f,0x2a,0x8f,0xc5,0x33,0x68,0x4f, - 0xde,0x4d,0xd8,0x80,0x63,0xe7,0xb4,0x0a - }, - { - 0x00,0x80,0x38,0x59,0x19,0x3a,0x66,0x12, - 0xfd,0xa1,0xec,0x1c,0x40,0x84,0x40,0xbd, - 0x64,0x10,0x8b,0x53,0x81,0x21,0x03,0x2d, - 0x7d,0x33,0xb4,0x01,0x57,0x0d,0xe1,0x89 - }, - { - 0x1d,0xf8,0xf8,0x33,0x89,0x6c,0xb7,0xba, - 0x94,0x73,0xfa,0xc2,0x36,0xac,0xbe,0x49, - 0xaf,0x85,0x3e,0x93,0x5f,0xae,0xb2,0xc0, - 0xc8,0x80,0x8f,0x4a,0xaa,0xd3,0x55,0x2b - } -#endif - }; - - /* expected shared key */ - byte ss[X25519_TEST_CNT][32] = { - { - 0x5c,0x4c,0x85,0x5f,0xfb,0x20,0x38,0xcc, - 0x55,0x16,0x5b,0x8a,0xa7,0xed,0x57,0x6e, - 0x35,0xaa,0x71,0x67,0x85,0x1f,0xb6,0x28, - 0x17,0x07,0x7b,0xda,0x76,0xdd,0xe0,0xb4 - }, -#ifdef CURVE25519_OVERFLOW_ALL_TESTS - { - 0x33,0xf6,0xc1,0x34,0x62,0x92,0x06,0x02, - 0x95,0xdb,0x91,0x4c,0x5d,0x52,0x54,0xc7, - 0xd2,0x5b,0x24,0xb5,0x4f,0x33,0x59,0x79, - 0x9f,0x6d,0x7e,0x4a,0x4c,0x30,0xd6,0x38 - }, - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02 - }, - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x09 - }, - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x10 - } -#endif - }; - - int i; - word32 y; - byte shared[32]; - curve25519_key userA; - - wc_curve25519_init(&userA); - - for (i = 0; i < X25519_TEST_CNT; i++) { - if (wc_curve25519_import_private_raw(sa[i], sizeof(sa[i]), pb[i], - sizeof(pb[i]), &userA) != 0) - return -10100 - i; - - /* test against known test vector */ - XMEMSET(shared, 0, sizeof(shared)); - y = sizeof(shared); - if (wc_curve25519_shared_secret(&userA, &userA, shared, &y) != 0) - return -10110 - i; - - if (XMEMCMP(ss[i], shared, y)) - return -10120 - i; - } - - return 0; -} - -/* Test the wc_curve25519_check_public API. - * - * returns 0 on success and -ve on failure. - */ -static int curve25519_check_public_test(void) -{ - /* Little-endian values that will fail */ - byte fail_le[][CURVE25519_KEYSIZE] = { - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }, - { - 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }, - { - 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x81 - }, - }; - /* Big-endian values that will fail */ - byte fail_be[][CURVE25519_KEYSIZE] = { - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }, - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 - }, - { - 0x81,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 - }, - }; - /* Good or valid public value */ - byte good[CURVE25519_KEYSIZE] = { - 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 - }; - int i; - - /* Parameter checks */ - /* NULL pointer */ - if (wc_curve25519_check_public(NULL, 0, EC25519_LITTLE_ENDIAN) != - BAD_FUNC_ARG) { - return -10200; - } - if (wc_curve25519_check_public(NULL, 0, EC25519_BIG_ENDIAN) != - BAD_FUNC_ARG) { - return -10201; - } - /* Length of 0 treated differently to other invalid lengths for TLS */ - if (wc_curve25519_check_public(good, 0, EC25519_LITTLE_ENDIAN) != BUFFER_E) - return -10202; - if (wc_curve25519_check_public(good, 0, EC25519_BIG_ENDIAN) != BUFFER_E) - return -10203; - - /* Length not CURVE25519_KEYSIZE */ - for (i = 1; i < CURVE25519_KEYSIZE + 2; i++) { - if (i == CURVE25519_KEYSIZE) - continue; - if (wc_curve25519_check_public(good, i, EC25519_LITTLE_ENDIAN) != - ECC_BAD_ARG_E) { - return -10204 - i; - } - if (wc_curve25519_check_public(good, i, EC25519_BIG_ENDIAN) != - ECC_BAD_ARG_E) { - return -10214 - i; - } - } - - /* Little-endian fail cases */ - for (i = 0; i < (int)(sizeof(fail_le) / sizeof(*fail_le)); i++) { - if (wc_curve25519_check_public(fail_le[i], CURVE25519_KEYSIZE, - EC25519_LITTLE_ENDIAN) == 0) { - return -10224 - i; - } - } - /* Big-endian fail cases */ - for (i = 0; i < (int)(sizeof(fail_be) / sizeof(*fail_be)); i++) { - if (wc_curve25519_check_public(fail_be[i], CURVE25519_KEYSIZE, - EC25519_BIG_ENDIAN) == 0) { - return -10234 - i; - } - } - - /* Check a valid public value works! */ - if (wc_curve25519_check_public(good, CURVE25519_KEYSIZE, - EC25519_LITTLE_ENDIAN) != 0) { - return -10244; - } - if (wc_curve25519_check_public(good, CURVE25519_KEYSIZE, - EC25519_BIG_ENDIAN) != 0) { - return -10245; - } - - return 0; -} - -#endif /* HAVE_CURVE25519_SHARED_SECRET && HAVE_CURVE25519_KEY_IMPORT */ - -static int curve25519_test(void) -{ - WC_RNG rng; - int ret; -#ifdef HAVE_CURVE25519_SHARED_SECRET - byte sharedA[32]; - byte sharedB[32]; - word32 y; -#endif -#ifdef HAVE_CURVE25519_KEY_EXPORT - byte exportBuf[32]; -#endif - word32 x = 0; - curve25519_key userA, userB, pubKey; - -#if defined(HAVE_CURVE25519_SHARED_SECRET) && \ - defined(HAVE_CURVE25519_KEY_IMPORT) - /* test vectors from - https://tools.ietf.org/html/draft-josefsson-tls-curve25519-03 - */ - - /* secret key for party a */ - byte sa[] = { - 0x5A,0xC9,0x9F,0x33,0x63,0x2E,0x5A,0x76, - 0x8D,0xE7,0xE8,0x1B,0xF8,0x54,0xC2,0x7C, - 0x46,0xE3,0xFB,0xF2,0xAB,0xBA,0xCD,0x29, - 0xEC,0x4A,0xFF,0x51,0x73,0x69,0xC6,0x60 - }; - - /* public key for party a */ - byte pa[] = { - 0x05,0x7E,0x23,0xEA,0x9F,0x1C,0xBE,0x8A, - 0x27,0x16,0x8F,0x6E,0x69,0x6A,0x79,0x1D, - 0xE6,0x1D,0xD3,0xAF,0x7A,0xCD,0x4E,0xEA, - 0xCC,0x6E,0x7B,0xA5,0x14,0xFD,0xA8,0x63 - }; - - /* secret key for party b */ - byte sb[] = { - 0x47,0xDC,0x3D,0x21,0x41,0x74,0x82,0x0E, - 0x11,0x54,0xB4,0x9B,0xC6,0xCD,0xB2,0xAB, - 0xD4,0x5E,0xE9,0x58,0x17,0x05,0x5D,0x25, - 0x5A,0xA3,0x58,0x31,0xB7,0x0D,0x32,0x60 - }; - - /* public key for party b */ - byte pb[] = { - 0x6E,0xB8,0x9D,0xA9,0x19,0x89,0xAE,0x37, - 0xC7,0xEA,0xC7,0x61,0x8D,0x9E,0x5C,0x49, - 0x51,0xDB,0xA1,0xD7,0x3C,0x28,0x5A,0xE1, - 0xCD,0x26,0xA8,0x55,0x02,0x0E,0xEF,0x04 - }; - - /* expected shared key */ - byte ss[] = { - 0x61,0x45,0x0C,0xD9,0x8E,0x36,0x01,0x6B, - 0x58,0x77,0x6A,0x89,0x7A,0x9F,0x0A,0xEF, - 0x73,0x8B,0x99,0xF0,0x94,0x68,0xB8,0xD6, - 0xB8,0x51,0x11,0x84,0xD5,0x34,0x94,0xAB - }; -#endif /* HAVE_CURVE25519_SHARED_SECRET */ - - (void)x; - -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) - return -10300; - - wc_curve25519_init(&userA); - wc_curve25519_init(&userB); - wc_curve25519_init(&pubKey); - - /* make curve25519 keys */ - if (wc_curve25519_make_key(&rng, 32, &userA) != 0) - return -10301; - - if (wc_curve25519_make_key(&rng, 32, &userB) != 0) - return -10302; - -#ifdef HAVE_CURVE25519_SHARED_SECRET - /* find shared secret key */ - x = sizeof(sharedA); - if (wc_curve25519_shared_secret(&userA, &userB, sharedA, &x) != 0) - return -10303; - - y = sizeof(sharedB); - if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0) - return -10304; - - /* compare shared secret keys to test they are the same */ - if (y != x) - return -10305; - - if (XMEMCMP(sharedA, sharedB, x)) - return -10306; -#endif - -#ifdef HAVE_CURVE25519_KEY_EXPORT - /* export a public key and import it for another user */ - x = sizeof(exportBuf); - if (wc_curve25519_export_public(&userA, exportBuf, &x) != 0) - return -10307; - -#ifdef HAVE_CURVE25519_KEY_IMPORT - if (wc_curve25519_import_public(exportBuf, x, &pubKey) != 0) - return -10308; -#endif -#endif - -#if defined(HAVE_CURVE25519_SHARED_SECRET) && \ - defined(HAVE_CURVE25519_KEY_IMPORT) - /* test shared key after importing a public key */ - XMEMSET(sharedB, 0, sizeof(sharedB)); - y = sizeof(sharedB); - if (wc_curve25519_shared_secret(&userB, &pubKey, sharedB, &y) != 0) - return -10309; - - if (XMEMCMP(sharedA, sharedB, y)) - return -10310; - - /* import RFC test vectors and compare shared key */ - if (wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA) - != 0) - return -10311; - - if (wc_curve25519_import_private_raw(sb, sizeof(sb), pb, sizeof(pb), &userB) - != 0) - return -10312; - - /* test against known test vector */ - XMEMSET(sharedB, 0, sizeof(sharedB)); - y = sizeof(sharedB); - if (wc_curve25519_shared_secret(&userA, &userB, sharedB, &y) != 0) - return -10313; - - if (XMEMCMP(ss, sharedB, y)) - return -10314; - - /* test swapping roles of keys and generating same shared key */ - XMEMSET(sharedB, 0, sizeof(sharedB)); - y = sizeof(sharedB); - if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0) - return -10315; - - if (XMEMCMP(ss, sharedB, y)) - return -10316; - - /* test with 1 generated key and 1 from known test vector */ - if (wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA) - != 0) - return -10317; - - if (wc_curve25519_make_key(&rng, 32, &userB) != 0) - return -10318; - - x = sizeof(sharedA); - if (wc_curve25519_shared_secret(&userA, &userB, sharedA, &x) != 0) - return -10319; - - y = sizeof(sharedB); - if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0) - return -10320; - - /* compare shared secret keys to test they are the same */ - if (y != x) - return -10321; - - if (XMEMCMP(sharedA, sharedB, x)) - return -10322; - - ret = curve25519_overflow_test(); - if (ret != 0) - return ret; - ret = curve25519_check_public_test(); - if (ret != 0) - return ret; -#endif /* HAVE_CURVE25519_SHARED_SECRET && HAVE_CURVE25519_KEY_IMPORT */ - - /* clean up keys when done */ - wc_curve25519_free(&pubKey); - wc_curve25519_free(&userB); - wc_curve25519_free(&userA); - - wc_FreeRng(&rng); - - return 0; -} -#endif /* HAVE_CURVE25519 */ - - -#ifdef HAVE_ED25519 -#ifdef WOLFSSL_TEST_CERT -static int ed25519_test_cert(void) -{ - DecodedCert cert[2]; - DecodedCert* serverCert = NULL; - DecodedCert* caCert = NULL; -#ifdef HAVE_ED25519_VERIFY - ed25519_key key; - ed25519_key* pubKey = NULL; - int verify; -#endif /* HAVE_ED25519_VERIFY */ - int ret; - byte* tmp; - size_t bytes; - XFILE file; - - tmp = XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (tmp == NULL) { - ERROR_OUT(-10323, done); - } - -#ifdef USE_CERT_BUFFERS_256 - XMEMCPY(tmp, ca_ed25519_cert, sizeof_ca_ed25519_cert); - bytes = sizeof_ca_ed25519_cert; -#elif !defined(NO_FILESYSTEM) - file = XFOPEN(caEd25519Cert, "rb"); - if (file == NULL) { - ERROR_OUT(-10324, done); - } - bytes = XFREAD(tmp, 1, FOURK_BUF, file); - XFCLOSE(file); -#else - /* No certificate to use. */ - ERROR_OUT(-10325, done); -#endif - - InitDecodedCert(&cert[0], tmp, (word32)bytes, 0); - caCert = &cert[0]; - ret = ParseCert(caCert, CERT_TYPE, NO_VERIFY, NULL); - if (ret != 0) { - ERROR_OUT(-10326, done); - } - -#ifdef USE_CERT_BUFFERS_256 - XMEMCPY(tmp, server_ed25519_cert, sizeof_server_ed25519_cert); - bytes = sizeof_server_ed25519_cert; -#elif !defined(NO_FILESYSTEM) - file = XFOPEN(serverEd25519Cert, "rb"); - if (file == NULL) { - ERROR_OUT(-10327, done); - } - bytes = XFREAD(tmp, 1, FOURK_BUF, file); - XFCLOSE(file); -#else - /* No certificate to use. */ - ERROR_OUT(-10328, done); -#endif - - InitDecodedCert(&cert[1], tmp, (word32)bytes, 0); - serverCert = &cert[1]; - ret = ParseCert(serverCert, CERT_TYPE, NO_VERIFY, NULL); - if (ret != 0) { - ERROR_OUT(-10329, done); - } - -#ifdef HAVE_ED25519_VERIFY - ret = wc_ed25519_init(&key); - if (ret < 0) { - ERROR_OUT(-10330, done); - } - pubKey = &key; - ret = wc_ed25519_import_public(caCert->publicKey, caCert->pubKeySize, - pubKey); - if (ret < 0) { - ERROR_OUT(-10331, done); - } - - if (wc_ed25519_verify_msg(serverCert->signature, serverCert->sigLength, - serverCert->source + serverCert->certBegin, - serverCert->sigIndex - serverCert->certBegin, - &verify, pubKey) < 0 || verify != 1) { - ERROR_OUT(-10332, done); - } -#endif /* HAVE_ED25519_VERIFY */ - -done: - if (tmp != NULL) - XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); -#ifdef HAVE_ED25519_VERIFY - wc_ed25519_free(pubKey); -#endif /* HAVE_ED25519_VERIFY */ - if (caCert != NULL) - FreeDecodedCert(caCert); - if (serverCert != NULL) - FreeDecodedCert(serverCert); - - return ret; -} - -static int ed25519_test_make_cert(void) -{ - WC_RNG rng; - Cert cert; - DecodedCert decode; - ed25519_key key; - ed25519_key* privKey = NULL; - int ret = 0; - byte* tmp = NULL; - - wc_InitCert(&cert); - -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) - return -10333; - - wc_ed25519_init(&key); - privKey = &key; - wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, privKey); - - cert.daysValid = 365 * 2; - cert.selfSigned = 1; - XMEMCPY(&cert.issuer, &certDefaultName, sizeof(CertName)); - XMEMCPY(&cert.subject, &certDefaultName, sizeof(CertName)); - cert.isCA = 0; -#ifdef WOLFSSL_CERT_EXT - ret = wc_SetKeyUsage(&cert, certKeyUsage); - if (ret < 0) { - ERROR_OUT(-10334, done); - } - ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, privKey); - if (ret < 0) { - ERROR_OUT(-10335, done); - } - ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, privKey); - if (ret < 0) { - ERROR_OUT(-10336, done); - } -#endif - tmp = XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (tmp == NULL) { - ERROR_OUT(-10337, done); - } - - cert.sigType = CTC_ED25519; - ret = wc_MakeCert_ex(&cert, tmp, FOURK_BUF, ED25519_TYPE, privKey, &rng); - if (ret < 0) { - ERROR_OUT(-10338, done); - } - ret = wc_SignCert_ex(cert.bodySz, cert.sigType, tmp, FOURK_BUF, - ED25519_TYPE, privKey, &rng); - if (ret < 0) { - ERROR_OUT(-10339, done); - } - - InitDecodedCert(&decode, tmp, ret, HEAP_HINT); - ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); - FreeDecodedCert(&decode); - if (ret != 0) { - ERROR_OUT(-10340, done); - } - -done: - if (tmp != NULL) - XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_ed25519_free(privKey); - wc_FreeRng(&rng); - return ret; -} -#endif /* WOLFSSL_TEST_CERT */ - -#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \ - defined(HAVE_ED25519_KEY_IMPORT) -static int ed25519ctx_test(void) -{ - byte out[ED25519_SIG_SIZE]; - word32 outlen; -#ifdef HAVE_ED25519_VERIFY - int verify; -#endif /* HAVE_ED25519_VERIFY */ - ed25519_key key; - - static const byte sKeyCtx[] = { - 0x03,0x05,0x33,0x4e,0x38,0x1a,0xf7,0x8f, - 0x14,0x1c,0xb6,0x66,0xf6,0x19,0x9f,0x57, - 0xbc,0x34,0x95,0x33,0x5a,0x25,0x6a,0x95, - 0xbd,0x2a,0x55,0xbf,0x54,0x66,0x63,0xf6 - }; - - static const byte pKeyCtx[] = { - 0xdf,0xc9,0x42,0x5e,0x4f,0x96,0x8f,0x7f, - 0x0c,0x29,0xf0,0x25,0x9c,0xf5,0xf9,0xae, - 0xd6,0x85,0x1c,0x2b,0xb4,0xad,0x8b,0xfb, - 0x86,0x0c,0xfe,0xe0,0xab,0x24,0x82,0x92 - }; - - static const byte sigCtx1[] = { - 0x55,0xa4,0xcc,0x2f,0x70,0xa5,0x4e,0x04, - 0x28,0x8c,0x5f,0x4c,0xd1,0xe4,0x5a,0x7b, - 0xb5,0x20,0xb3,0x62,0x92,0x91,0x18,0x76, - 0xca,0xda,0x73,0x23,0x19,0x8d,0xd8,0x7a, - 0x8b,0x36,0x95,0x0b,0x95,0x13,0x00,0x22, - 0x90,0x7a,0x7f,0xb7,0xc4,0xe9,0xb2,0xd5, - 0xf6,0xcc,0xa6,0x85,0xa5,0x87,0xb4,0xb2, - 0x1f,0x4b,0x88,0x8e,0x4e,0x7e,0xdb,0x0d - }; - - static const byte sigCtx2[] = { - 0xcc,0x5e,0x63,0xa2,0x7e,0x94,0xaf,0xd3, - 0x41,0x83,0x38,0xd2,0x48,0x6f,0xa9,0x2a, - 0xf9,0x91,0x7c,0x2d,0x98,0x9e,0x06,0xe5, - 0x02,0x77,0x72,0x1c,0x34,0x38,0x18,0xb4, - 0x21,0x96,0xbc,0x29,0x2e,0x68,0xf3,0x4d, - 0x85,0x9b,0xbe,0xad,0x17,0x9f,0x54,0x54, - 0x2d,0x4b,0x04,0xdc,0xfb,0xfa,0x4a,0x68, - 0x4e,0x39,0x50,0xfb,0x1c,0xcd,0x8d,0x0d - }; - - static const byte msgCtx[] = { - 0xf7,0x26,0x93,0x6d,0x19,0xc8,0x00,0x49, - 0x4e,0x3f,0xda,0xff,0x20,0xb2,0x76,0xa8 - }; - - static const byte contextCtx[] = { - 0x66,0x6f,0x6f - }; - - outlen = sizeof(out); - XMEMSET(out, 0, sizeof(out)); - - if (wc_ed25519_import_private_key(sKeyCtx, ED25519_KEY_SIZE, pKeyCtx, - sizeof(pKeyCtx), &key) != 0) - return -10400; - - if (wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key, - contextCtx, sizeof(contextCtx)) != 0) - return -10401; - - if (XMEMCMP(out, sigCtx1, 64)) - return -10402; - -#if defined(HAVE_ED25519_VERIFY) - /* test verify on good msg */ - if (wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), &verify, - &key, contextCtx, sizeof(contextCtx)) != 0 || - verify != 1) - return -10403; -#endif - - if (wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key, NULL, - 0) != 0) - return -10404; - - if (XMEMCMP(out, sigCtx2, 64)) - return -10405; - -#if defined(HAVE_ED25519_VERIFY) - /* test verify on good msg */ - if (wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), &verify, - &key, NULL, 0) != 0 || verify != 1) - return -10406; -#endif - - wc_ed25519_free(&key); - - return 0; -} - -static int ed25519ph_test(void) -{ - byte out[ED25519_SIG_SIZE]; - word32 outlen; -#ifdef HAVE_ED25519_VERIFY - int verify; -#endif /* HAVE_ED25519_VERIFY */ - ed25519_key key; - - static const byte sKeyPh[] = { - 0x83,0x3f,0xe6,0x24,0x09,0x23,0x7b,0x9d, - 0x62,0xec,0x77,0x58,0x75,0x20,0x91,0x1e, - 0x9a,0x75,0x9c,0xec,0x1d,0x19,0x75,0x5b, - 0x7d,0xa9,0x01,0xb9,0x6d,0xca,0x3d,0x42 - }; - - static const byte pKeyPh[] = { - 0xec,0x17,0x2b,0x93,0xad,0x5e,0x56,0x3b, - 0xf4,0x93,0x2c,0x70,0xe1,0x24,0x50,0x34, - 0xc3,0x54,0x67,0xef,0x2e,0xfd,0x4d,0x64, - 0xeb,0xf8,0x19,0x68,0x34,0x67,0xe2,0xbf - }; - - static const byte sigPh1[] = { - 0x98,0xa7,0x02,0x22,0xf0,0xb8,0x12,0x1a, - 0xa9,0xd3,0x0f,0x81,0x3d,0x68,0x3f,0x80, - 0x9e,0x46,0x2b,0x46,0x9c,0x7f,0xf8,0x76, - 0x39,0x49,0x9b,0xb9,0x4e,0x6d,0xae,0x41, - 0x31,0xf8,0x50,0x42,0x46,0x3c,0x2a,0x35, - 0x5a,0x20,0x03,0xd0,0x62,0xad,0xf5,0xaa, - 0xa1,0x0b,0x8c,0x61,0xe6,0x36,0x06,0x2a, - 0xaa,0xd1,0x1c,0x2a,0x26,0x08,0x34,0x06 - }; - - static const byte sigPh2[] = { - 0xe0,0x39,0x70,0x2b,0x4c,0x25,0x95,0xa6, - 0xa5,0x41,0xac,0x85,0x09,0x23,0x6e,0x29, - 0x90,0x47,0x47,0x95,0x33,0x0c,0x9b,0x34, - 0xa7,0x5f,0x58,0xa6,0x60,0x12,0x9e,0x08, - 0xfd,0x73,0x69,0x43,0xfb,0x19,0x43,0xa5, - 0x57,0x20,0xb9,0xe0,0x95,0x7b,0x1e,0xd6, - 0x73,0x48,0x16,0x61,0x9f,0x13,0x88,0xf4, - 0x3f,0x73,0xe6,0xe3,0xba,0xa8,0x1c,0x0e - }; - - static const byte msgPh[] = { - 0x61,0x62,0x63 - }; - - /* SHA-512 hash of msgPh */ - static const byte hashPh[] = { - 0xdd,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba, - 0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31, - 0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2, - 0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a, - 0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8, - 0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd, - 0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e, - 0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f - }; - - static const byte contextPh2[] = { - 0x66,0x6f,0x6f - }; - - outlen = sizeof(out); - XMEMSET(out, 0, sizeof(out)); - - if (wc_ed25519_import_private_key(sKeyPh, ED25519_KEY_SIZE, pKeyPh, - sizeof(pKeyPh), &key) != 0) { - return -10500; - } - - if (wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, NULL, - 0) != 0) { - return -10501; - } - - if (XMEMCMP(out, sigPh1, 64)) - return -10502; - -#if defined(HAVE_ED25519_VERIFY) - /* test verify on good msg */ - if (wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, - &key, NULL, 0) != 0 || - verify != 1) { - return -10503; - } -#endif - - if (wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, - contextPh2, sizeof(contextPh2)) != 0) { - return -10504; - } - - if (XMEMCMP(out, sigPh2, 64)) - return -10505; - -#if defined(HAVE_ED25519_VERIFY) - /* test verify on good msg */ - if (wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, - &key, contextPh2, sizeof(contextPh2)) != 0 || - verify != 1) { - return -10506; - } -#endif - - if (wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, NULL, - 0) != 0) { - return -10507; - } - - if (XMEMCMP(out, sigPh1, 64)) - return -10508; - -#if defined(HAVE_ED25519_VERIFY) - if (wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify, - &key, NULL, 0) != 0 || - verify != 1) { - return -10509; - } -#endif - - if (wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, - contextPh2, sizeof(contextPh2)) != 0) { - return -10510; - } - - if (XMEMCMP(out, sigPh2, 64)) - return -10511; - -#if defined(HAVE_ED25519_VERIFY) - if (wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify, - &key, contextPh2, sizeof(contextPh2)) != 0 || - verify != 1) { - return -10512; - } -#endif - - wc_ed25519_free(&key); - - return 0; -} -#endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */ - -static int ed25519_test(void) -{ - int ret; - WC_RNG rng; -#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) &&\ - defined(HAVE_ED25519_KEY_IMPORT) - byte out[ED25519_SIG_SIZE]; - byte exportPKey[ED25519_KEY_SIZE]; - byte exportSKey[ED25519_KEY_SIZE]; - word32 exportPSz; - word32 exportSSz; - int i; - word32 outlen; -#ifdef HAVE_ED25519_VERIFY - int verify; -#endif /* HAVE_ED25519_VERIFY */ -#endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */ - word32 keySz, sigSz; - ed25519_key key; - ed25519_key key2; - -#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \ - defined(HAVE_ED25519_KEY_IMPORT) - /* test vectors from - https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-02 - */ - - static const byte sKey1[] = { - 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60, - 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4, - 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19, - 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60 - }; - - static const byte sKey2[] = { - 0x4c,0xcd,0x08,0x9b,0x28,0xff,0x96,0xda, - 0x9d,0xb6,0xc3,0x46,0xec,0x11,0x4e,0x0f, - 0x5b,0x8a,0x31,0x9f,0x35,0xab,0xa6,0x24, - 0xda,0x8c,0xf6,0xed,0x4f,0xb8,0xa6,0xfb - }; - - static const byte sKey3[] = { - 0xc5,0xaa,0x8d,0xf4,0x3f,0x9f,0x83,0x7b, - 0xed,0xb7,0x44,0x2f,0x31,0xdc,0xb7,0xb1, - 0x66,0xd3,0x85,0x35,0x07,0x6f,0x09,0x4b, - 0x85,0xce,0x3a,0x2e,0x0b,0x44,0x58,0xf7 - }; - - /* uncompressed test */ - static const byte sKey4[] = { - 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60, - 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4, - 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19, - 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60 - }; - - /* compressed prefix test */ - static const byte sKey5[] = { - 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60, - 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4, - 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19, - 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60 - }; - - static const byte sKey6[] = { - 0xf5,0xe5,0x76,0x7c,0xf1,0x53,0x31,0x95, - 0x17,0x63,0x0f,0x22,0x68,0x76,0xb8,0x6c, - 0x81,0x60,0xcc,0x58,0x3b,0xc0,0x13,0x74, - 0x4c,0x6b,0xf2,0x55,0xf5,0xcc,0x0e,0xe5 - }; - - static const byte* sKeys[] = {sKey1, sKey2, sKey3, sKey4, sKey5, sKey6}; - - static const byte pKey1[] = { - 0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7, - 0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a, - 0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25, - 0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a - }; - - static const byte pKey2[] = { - 0x3d,0x40,0x17,0xc3,0xe8,0x43,0x89,0x5a, - 0x92,0xb7,0x0a,0xa7,0x4d,0x1b,0x7e,0xbc, - 0x9c,0x98,0x2c,0xcf,0x2e,0xc4,0x96,0x8c, - 0xc0,0xcd,0x55,0xf1,0x2a,0xf4,0x66,0x0c - }; - - static const byte pKey3[] = { - 0xfc,0x51,0xcd,0x8e,0x62,0x18,0xa1,0xa3, - 0x8d,0xa4,0x7e,0xd0,0x02,0x30,0xf0,0x58, - 0x08,0x16,0xed,0x13,0xba,0x33,0x03,0xac, - 0x5d,0xeb,0x91,0x15,0x48,0x90,0x80,0x25 - }; - - /* uncompressed test */ - static const byte pKey4[] = { - 0x04,0x55,0xd0,0xe0,0x9a,0x2b,0x9d,0x34, - 0x29,0x22,0x97,0xe0,0x8d,0x60,0xd0,0xf6, - 0x20,0xc5,0x13,0xd4,0x72,0x53,0x18,0x7c, - 0x24,0xb1,0x27,0x86,0xbd,0x77,0x76,0x45, - 0xce,0x1a,0x51,0x07,0xf7,0x68,0x1a,0x02, - 0xaf,0x25,0x23,0xa6,0xda,0xf3,0x72,0xe1, - 0x0e,0x3a,0x07,0x64,0xc9,0xd3,0xfe,0x4b, - 0xd5,0xb7,0x0a,0xb1,0x82,0x01,0x98,0x5a, - 0xd7 - }; - - /* compressed prefix */ - static const byte pKey5[] = { - 0x40,0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7, - 0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a, - 0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25, - 0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a - }; - - static const byte pKey6[] = { - 0x27,0x81,0x17,0xfc,0x14,0x4c,0x72,0x34, - 0x0f,0x67,0xd0,0xf2,0x31,0x6e,0x83,0x86, - 0xce,0xff,0xbf,0x2b,0x24,0x28,0xc9,0xc5, - 0x1f,0xef,0x7c,0x59,0x7f,0x1d,0x42,0x6e - }; - - static const byte* pKeys[] = {pKey1, pKey2, pKey3, pKey4, pKey5, pKey6}; - static const byte pKeySz[] = {sizeof(pKey1), sizeof(pKey2), sizeof(pKey3), - sizeof(pKey4), sizeof(pKey5), sizeof(pKey6)}; - - static const byte sig1[] = { - 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72, - 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a, - 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74, - 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55, - 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac, - 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b, - 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24, - 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b - }; - - static const byte sig2[] = { - 0x92,0xa0,0x09,0xa9,0xf0,0xd4,0xca,0xb8, - 0x72,0x0e,0x82,0x0b,0x5f,0x64,0x25,0x40, - 0xa2,0xb2,0x7b,0x54,0x16,0x50,0x3f,0x8f, - 0xb3,0x76,0x22,0x23,0xeb,0xdb,0x69,0xda, - 0x08,0x5a,0xc1,0xe4,0x3e,0x15,0x99,0x6e, - 0x45,0x8f,0x36,0x13,0xd0,0xf1,0x1d,0x8c, - 0x38,0x7b,0x2e,0xae,0xb4,0x30,0x2a,0xee, - 0xb0,0x0d,0x29,0x16,0x12,0xbb,0x0c,0x00 - }; - - static const byte sig3[] = { - 0x62,0x91,0xd6,0x57,0xde,0xec,0x24,0x02, - 0x48,0x27,0xe6,0x9c,0x3a,0xbe,0x01,0xa3, - 0x0c,0xe5,0x48,0xa2,0x84,0x74,0x3a,0x44, - 0x5e,0x36,0x80,0xd7,0xdb,0x5a,0xc3,0xac, - 0x18,0xff,0x9b,0x53,0x8d,0x16,0xf2,0x90, - 0xae,0x67,0xf7,0x60,0x98,0x4d,0xc6,0x59, - 0x4a,0x7c,0x15,0xe9,0x71,0x6e,0xd2,0x8d, - 0xc0,0x27,0xbe,0xce,0xea,0x1e,0xc4,0x0a - }; - - /* uncompressed test */ - static const byte sig4[] = { - 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72, - 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a, - 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74, - 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55, - 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac, - 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b, - 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24, - 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b - }; - - /* compressed prefix */ - static const byte sig5[] = { - 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72, - 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a, - 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74, - 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55, - 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac, - 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b, - 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24, - 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b - }; - - static const byte sig6[] = { - 0x0a,0xab,0x4c,0x90,0x05,0x01,0xb3,0xe2, - 0x4d,0x7c,0xdf,0x46,0x63,0x32,0x6a,0x3a, - 0x87,0xdf,0x5e,0x48,0x43,0xb2,0xcb,0xdb, - 0x67,0xcb,0xf6,0xe4,0x60,0xfe,0xc3,0x50, - 0xaa,0x53,0x71,0xb1,0x50,0x8f,0x9f,0x45, - 0x28,0xec,0xea,0x23,0xc4,0x36,0xd9,0x4b, - 0x5e,0x8f,0xcd,0x4f,0x68,0x1e,0x30,0xa6, - 0xac,0x00,0xa9,0x70,0x4a,0x18,0x8a,0x03 - }; - - static const byte* sigs[] = {sig1, sig2, sig3, sig4, sig5, sig6}; - - static const byte msg1[] = {0x0 }; - static const byte msg2[] = {0x72}; - static const byte msg3[] = {0xAF,0x82}; - - /* test of a 1024 byte long message */ - static const byte msg4[] = { - 0x08,0xb8,0xb2,0xb7,0x33,0x42,0x42,0x43, - 0x76,0x0f,0xe4,0x26,0xa4,0xb5,0x49,0x08, - 0x63,0x21,0x10,0xa6,0x6c,0x2f,0x65,0x91, - 0xea,0xbd,0x33,0x45,0xe3,0xe4,0xeb,0x98, - 0xfa,0x6e,0x26,0x4b,0xf0,0x9e,0xfe,0x12, - 0xee,0x50,0xf8,0xf5,0x4e,0x9f,0x77,0xb1, - 0xe3,0x55,0xf6,0xc5,0x05,0x44,0xe2,0x3f, - 0xb1,0x43,0x3d,0xdf,0x73,0xbe,0x84,0xd8, - 0x79,0xde,0x7c,0x00,0x46,0xdc,0x49,0x96, - 0xd9,0xe7,0x73,0xf4,0xbc,0x9e,0xfe,0x57, - 0x38,0x82,0x9a,0xdb,0x26,0xc8,0x1b,0x37, - 0xc9,0x3a,0x1b,0x27,0x0b,0x20,0x32,0x9d, - 0x65,0x86,0x75,0xfc,0x6e,0xa5,0x34,0xe0, - 0x81,0x0a,0x44,0x32,0x82,0x6b,0xf5,0x8c, - 0x94,0x1e,0xfb,0x65,0xd5,0x7a,0x33,0x8b, - 0xbd,0x2e,0x26,0x64,0x0f,0x89,0xff,0xbc, - 0x1a,0x85,0x8e,0xfc,0xb8,0x55,0x0e,0xe3, - 0xa5,0xe1,0x99,0x8b,0xd1,0x77,0xe9,0x3a, - 0x73,0x63,0xc3,0x44,0xfe,0x6b,0x19,0x9e, - 0xe5,0xd0,0x2e,0x82,0xd5,0x22,0xc4,0xfe, - 0xba,0x15,0x45,0x2f,0x80,0x28,0x8a,0x82, - 0x1a,0x57,0x91,0x16,0xec,0x6d,0xad,0x2b, - 0x3b,0x31,0x0d,0xa9,0x03,0x40,0x1a,0xa6, - 0x21,0x00,0xab,0x5d,0x1a,0x36,0x55,0x3e, - 0x06,0x20,0x3b,0x33,0x89,0x0c,0xc9,0xb8, - 0x32,0xf7,0x9e,0xf8,0x05,0x60,0xcc,0xb9, - 0xa3,0x9c,0xe7,0x67,0x96,0x7e,0xd6,0x28, - 0xc6,0xad,0x57,0x3c,0xb1,0x16,0xdb,0xef, - 0xef,0xd7,0x54,0x99,0xda,0x96,0xbd,0x68, - 0xa8,0xa9,0x7b,0x92,0x8a,0x8b,0xbc,0x10, - 0x3b,0x66,0x21,0xfc,0xde,0x2b,0xec,0xa1, - 0x23,0x1d,0x20,0x6b,0xe6,0xcd,0x9e,0xc7, - 0xaf,0xf6,0xf6,0xc9,0x4f,0xcd,0x72,0x04, - 0xed,0x34,0x55,0xc6,0x8c,0x83,0xf4,0xa4, - 0x1d,0xa4,0xaf,0x2b,0x74,0xef,0x5c,0x53, - 0xf1,0xd8,0xac,0x70,0xbd,0xcb,0x7e,0xd1, - 0x85,0xce,0x81,0xbd,0x84,0x35,0x9d,0x44, - 0x25,0x4d,0x95,0x62,0x9e,0x98,0x55,0xa9, - 0x4a,0x7c,0x19,0x58,0xd1,0xf8,0xad,0xa5, - 0xd0,0x53,0x2e,0xd8,0xa5,0xaa,0x3f,0xb2, - 0xd1,0x7b,0xa7,0x0e,0xb6,0x24,0x8e,0x59, - 0x4e,0x1a,0x22,0x97,0xac,0xbb,0xb3,0x9d, - 0x50,0x2f,0x1a,0x8c,0x6e,0xb6,0xf1,0xce, - 0x22,0xb3,0xde,0x1a,0x1f,0x40,0xcc,0x24, - 0x55,0x41,0x19,0xa8,0x31,0xa9,0xaa,0xd6, - 0x07,0x9c,0xad,0x88,0x42,0x5d,0xe6,0xbd, - 0xe1,0xa9,0x18,0x7e,0xbb,0x60,0x92,0xcf, - 0x67,0xbf,0x2b,0x13,0xfd,0x65,0xf2,0x70, - 0x88,0xd7,0x8b,0x7e,0x88,0x3c,0x87,0x59, - 0xd2,0xc4,0xf5,0xc6,0x5a,0xdb,0x75,0x53, - 0x87,0x8a,0xd5,0x75,0xf9,0xfa,0xd8,0x78, - 0xe8,0x0a,0x0c,0x9b,0xa6,0x3b,0xcb,0xcc, - 0x27,0x32,0xe6,0x94,0x85,0xbb,0xc9,0xc9, - 0x0b,0xfb,0xd6,0x24,0x81,0xd9,0x08,0x9b, - 0xec,0xcf,0x80,0xcf,0xe2,0xdf,0x16,0xa2, - 0xcf,0x65,0xbd,0x92,0xdd,0x59,0x7b,0x07, - 0x07,0xe0,0x91,0x7a,0xf4,0x8b,0xbb,0x75, - 0xfe,0xd4,0x13,0xd2,0x38,0xf5,0x55,0x5a, - 0x7a,0x56,0x9d,0x80,0xc3,0x41,0x4a,0x8d, - 0x08,0x59,0xdc,0x65,0xa4,0x61,0x28,0xba, - 0xb2,0x7a,0xf8,0x7a,0x71,0x31,0x4f,0x31, - 0x8c,0x78,0x2b,0x23,0xeb,0xfe,0x80,0x8b, - 0x82,0xb0,0xce,0x26,0x40,0x1d,0x2e,0x22, - 0xf0,0x4d,0x83,0xd1,0x25,0x5d,0xc5,0x1a, - 0xdd,0xd3,0xb7,0x5a,0x2b,0x1a,0xe0,0x78, - 0x45,0x04,0xdf,0x54,0x3a,0xf8,0x96,0x9b, - 0xe3,0xea,0x70,0x82,0xff,0x7f,0xc9,0x88, - 0x8c,0x14,0x4d,0xa2,0xaf,0x58,0x42,0x9e, - 0xc9,0x60,0x31,0xdb,0xca,0xd3,0xda,0xd9, - 0xaf,0x0d,0xcb,0xaa,0xaf,0x26,0x8c,0xb8, - 0xfc,0xff,0xea,0xd9,0x4f,0x3c,0x7c,0xa4, - 0x95,0xe0,0x56,0xa9,0xb4,0x7a,0xcd,0xb7, - 0x51,0xfb,0x73,0xe6,0x66,0xc6,0xc6,0x55, - 0xad,0xe8,0x29,0x72,0x97,0xd0,0x7a,0xd1, - 0xba,0x5e,0x43,0xf1,0xbc,0xa3,0x23,0x01, - 0x65,0x13,0x39,0xe2,0x29,0x04,0xcc,0x8c, - 0x42,0xf5,0x8c,0x30,0xc0,0x4a,0xaf,0xdb, - 0x03,0x8d,0xda,0x08,0x47,0xdd,0x98,0x8d, - 0xcd,0xa6,0xf3,0xbf,0xd1,0x5c,0x4b,0x4c, - 0x45,0x25,0x00,0x4a,0xa0,0x6e,0xef,0xf8, - 0xca,0x61,0x78,0x3a,0xac,0xec,0x57,0xfb, - 0x3d,0x1f,0x92,0xb0,0xfe,0x2f,0xd1,0xa8, - 0x5f,0x67,0x24,0x51,0x7b,0x65,0xe6,0x14, - 0xad,0x68,0x08,0xd6,0xf6,0xee,0x34,0xdf, - 0xf7,0x31,0x0f,0xdc,0x82,0xae,0xbf,0xd9, - 0x04,0xb0,0x1e,0x1d,0xc5,0x4b,0x29,0x27, - 0x09,0x4b,0x2d,0xb6,0x8d,0x6f,0x90,0x3b, - 0x68,0x40,0x1a,0xde,0xbf,0x5a,0x7e,0x08, - 0xd7,0x8f,0xf4,0xef,0x5d,0x63,0x65,0x3a, - 0x65,0x04,0x0c,0xf9,0xbf,0xd4,0xac,0xa7, - 0x98,0x4a,0x74,0xd3,0x71,0x45,0x98,0x67, - 0x80,0xfc,0x0b,0x16,0xac,0x45,0x16,0x49, - 0xde,0x61,0x88,0xa7,0xdb,0xdf,0x19,0x1f, - 0x64,0xb5,0xfc,0x5e,0x2a,0xb4,0x7b,0x57, - 0xf7,0xf7,0x27,0x6c,0xd4,0x19,0xc1,0x7a, - 0x3c,0xa8,0xe1,0xb9,0x39,0xae,0x49,0xe4, - 0x88,0xac,0xba,0x6b,0x96,0x56,0x10,0xb5, - 0x48,0x01,0x09,0xc8,0xb1,0x7b,0x80,0xe1, - 0xb7,0xb7,0x50,0xdf,0xc7,0x59,0x8d,0x5d, - 0x50,0x11,0xfd,0x2d,0xcc,0x56,0x00,0xa3, - 0x2e,0xf5,0xb5,0x2a,0x1e,0xcc,0x82,0x0e, - 0x30,0x8a,0xa3,0x42,0x72,0x1a,0xac,0x09, - 0x43,0xbf,0x66,0x86,0xb6,0x4b,0x25,0x79, - 0x37,0x65,0x04,0xcc,0xc4,0x93,0xd9,0x7e, - 0x6a,0xed,0x3f,0xb0,0xf9,0xcd,0x71,0xa4, - 0x3d,0xd4,0x97,0xf0,0x1f,0x17,0xc0,0xe2, - 0xcb,0x37,0x97,0xaa,0x2a,0x2f,0x25,0x66, - 0x56,0x16,0x8e,0x6c,0x49,0x6a,0xfc,0x5f, - 0xb9,0x32,0x46,0xf6,0xb1,0x11,0x63,0x98, - 0xa3,0x46,0xf1,0xa6,0x41,0xf3,0xb0,0x41, - 0xe9,0x89,0xf7,0x91,0x4f,0x90,0xcc,0x2c, - 0x7f,0xff,0x35,0x78,0x76,0xe5,0x06,0xb5, - 0x0d,0x33,0x4b,0xa7,0x7c,0x22,0x5b,0xc3, - 0x07,0xba,0x53,0x71,0x52,0xf3,0xf1,0x61, - 0x0e,0x4e,0xaf,0xe5,0x95,0xf6,0xd9,0xd9, - 0x0d,0x11,0xfa,0xa9,0x33,0xa1,0x5e,0xf1, - 0x36,0x95,0x46,0x86,0x8a,0x7f,0x3a,0x45, - 0xa9,0x67,0x68,0xd4,0x0f,0xd9,0xd0,0x34, - 0x12,0xc0,0x91,0xc6,0x31,0x5c,0xf4,0xfd, - 0xe7,0xcb,0x68,0x60,0x69,0x37,0x38,0x0d, - 0xb2,0xea,0xaa,0x70,0x7b,0x4c,0x41,0x85, - 0xc3,0x2e,0xdd,0xcd,0xd3,0x06,0x70,0x5e, - 0x4d,0xc1,0xff,0xc8,0x72,0xee,0xee,0x47, - 0x5a,0x64,0xdf,0xac,0x86,0xab,0xa4,0x1c, - 0x06,0x18,0x98,0x3f,0x87,0x41,0xc5,0xef, - 0x68,0xd3,0xa1,0x01,0xe8,0xa3,0xb8,0xca, - 0xc6,0x0c,0x90,0x5c,0x15,0xfc,0x91,0x08, - 0x40,0xb9,0x4c,0x00,0xa0,0xb9,0xd0 - }; - - static const byte* msgs[] = {msg1, msg2, msg3, msg1, msg1, msg4}; - static const word16 msgSz[] = {0 /*sizeof(msg1)*/, - sizeof(msg2), - sizeof(msg3), - 0 /*sizeof(msg1)*/, - 0 /*sizeof(msg1)*/, - sizeof(msg4) - }; -#ifndef NO_ASN - static byte privateEd25519[] = { - 0x30,0x2e,0x02,0x01,0x00,0x30,0x05,0x06, - 0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20, - 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60, - 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4, - 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19, - 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60 - }; - static byte publicEd25519[] = { - 0x30,0x2a,0x30,0x05,0x06,0x03,0x2b,0x65, - 0x70,0x03,0x21,0x00,0xd7,0x5a,0x98,0x01, - 0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3, - 0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3, - 0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68, - 0xf7,0x07,0x51,0x1a - }; - static byte privPubEd25519[] = { - 0x30,0x52,0x02,0x01,0x00,0x30,0x05,0x06, - 0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20, - 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60, - 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4, - 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19, - 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60, - 0xa1,0x22,0x04,0x20,0xd7,0x5a,0x98,0x01, - 0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3, - 0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3, - 0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68, - 0xf7,0x07,0x51,0x1a - }; - - word32 idx; - ed25519_key key3; -#endif /* NO_ASN */ -#endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */ - - /* create ed25519 keys */ -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) - return -10600; - - wc_ed25519_init(&key); - wc_ed25519_init(&key2); -#ifndef NO_ASN - wc_ed25519_init(&key3); -#endif - wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key); - wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key2); - - /* helper functions for signature and key size */ - keySz = wc_ed25519_size(&key); - sigSz = wc_ed25519_sig_size(&key); - -#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) &&\ - defined(HAVE_ED25519_KEY_IMPORT) - for (i = 0; i < 6; i++) { - outlen = sizeof(out); - XMEMSET(out, 0, sizeof(out)); - - if (wc_ed25519_import_private_key(sKeys[i], ED25519_KEY_SIZE, pKeys[i], - pKeySz[i], &key) != 0) - return -10601 - i; - - if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key) != 0) - return -10611 - i; - - if (XMEMCMP(out, sigs[i], 64)) - return -10621 - i; - -#if defined(HAVE_ED25519_VERIFY) - /* test verify on good msg */ - if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, - &key) != 0 || verify != 1) - return -10631 - i; - - /* test verify on bad msg */ - out[outlen-1] = out[outlen-1] + 1; - if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, - &key) == 0 || verify == 1) - return -10641 - i; -#endif /* HAVE_ED25519_VERIFY */ - - /* test api for import/exporting keys */ - exportPSz = sizeof(exportPKey); - exportSSz = sizeof(exportSKey); - if (wc_ed25519_export_public(&key, exportPKey, &exportPSz) != 0) - return -10651 - i; - - if (wc_ed25519_import_public(exportPKey, exportPSz, &key2) != 0) - return -10661 - i; - - if (wc_ed25519_export_private_only(&key, exportSKey, &exportSSz) != 0) - return -10671 - i; - - if (wc_ed25519_import_private_key(exportSKey, exportSSz, - exportPKey, exportPSz, &key2) != 0) - return -10681 - i; - - /* clear "out" buffer and test sign with imported keys */ - outlen = sizeof(out); - XMEMSET(out, 0, sizeof(out)); - if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key2) != 0) - return -10691 - i; - -#if defined(HAVE_ED25519_VERIFY) - if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, - &key2) != 0 || verify != 1) - return -10701 - i; - - if (XMEMCMP(out, sigs[i], 64)) - return -10711 - i; -#endif /* HAVE_ED25519_VERIFY */ - } - - ret = ed25519ctx_test(); - if (ret != 0) - return ret; - - ret = ed25519ph_test(); - if (ret != 0) - return ret; - -#ifndef NO_ASN - /* Try ASN.1 encoded private-only key and public key. */ - idx = 0; - if (wc_Ed25519PrivateKeyDecode(privateEd25519, &idx, &key3, - sizeof(privateEd25519)) != 0) - return -10721 - i; - - if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3) - != BAD_FUNC_ARG) - return -10731 - i; - - idx = 0; - if (wc_Ed25519PublicKeyDecode(publicEd25519, &idx, &key3, - sizeof(publicEd25519)) != 0) - return -10741 - i; - - if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3) != 0) - return -10751 - i; - - if (XMEMCMP(out, sigs[0], 64)) - return -10761 - i; - -#if defined(HAVE_ED25519_VERIFY) - /* test verify on good msg */ - if (wc_ed25519_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, &key3) - != 0 || verify != 1) - return -10771 - i; -#endif /* HAVE_ED25519_VERIFY */ - - wc_ed25519_free(&key3); - wc_ed25519_init(&key3); - - idx = 0; - if (wc_Ed25519PrivateKeyDecode(privPubEd25519, &idx, &key3, - sizeof(privPubEd25519)) != 0) - return -10781 - i; - - if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3) != 0) - return -10791 - i; - - if (XMEMCMP(out, sigs[0], 64)) - return -10801 - i; - - wc_ed25519_free(&key3); -#endif /* NO_ASN */ -#endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */ - - /* clean up keys when done */ - wc_ed25519_free(&key); - wc_ed25519_free(&key2); - -#if defined(HAVE_HASHDRBG) || defined(NO_RC4) - wc_FreeRng(&rng); -#endif - - /* hush warnings of unused keySz and sigSz */ - (void)keySz; - (void)sigSz; - -#ifdef WOLFSSL_TEST_CERT - ret = ed25519_test_cert(); - if (ret < 0) - return ret; -#ifdef WOLFSSL_CERT_GEN - ret = ed25519_test_make_cert(); - if (ret < 0) - return ret; -#endif /* WOLFSSL_CERT_GEN */ -#endif /* WOLFSSL_TEST_CERT */ - - return 0; -} -#endif /* HAVE_ED25519 */ - -#ifdef HAVE_CURVE448 -#if defined(HAVE_CURVE448_SHARED_SECRET) && \ - defined(HAVE_CURVE448_KEY_IMPORT) -/* Test the wc_curve448_check_public API. - * - * returns 0 on success and -ve on failure. - */ -static int curve448_check_public_test(void) -{ - /* Little-endian values that will fail */ - byte fail_le[][CURVE448_KEY_SIZE] = { - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }, - { - 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }, - }; - /* Big-endian values that will fail */ - byte fail_be[][CURVE448_KEY_SIZE] = { - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }, - { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 - }, - }; - /* Good or valid public value */ - byte good[CURVE448_KEY_SIZE] = { - 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 - }; - int i; - - /* Parameter checks */ - /* NULL pointer */ - if (wc_curve448_check_public(NULL, 0, EC448_LITTLE_ENDIAN) != - BAD_FUNC_ARG) { - return -10900; - } - if (wc_curve448_check_public(NULL, 0, EC448_BIG_ENDIAN) != BAD_FUNC_ARG) { - return -10901; - } - /* Length of 0 treated differently to other invalid lengths for TLS */ - if (wc_curve448_check_public(good, 0, EC448_LITTLE_ENDIAN) != BUFFER_E) - return -10902; - if (wc_curve448_check_public(good, 0, EC448_BIG_ENDIAN) != BUFFER_E) - return -10903; - - /* Length not CURVE448_KEY_SIZE */ - for (i = 1; i < CURVE448_KEY_SIZE + 2; i++) { - if (i == CURVE448_KEY_SIZE) - continue; - if (wc_curve448_check_public(good, i, EC448_LITTLE_ENDIAN) != - ECC_BAD_ARG_E) { - return -10904 - i; - } - if (wc_curve448_check_public(good, i, EC448_BIG_ENDIAN) != - ECC_BAD_ARG_E) { - return -10914 - i; - } - } - - /* Little-endian fail cases */ - for (i = 0; i < (int)(sizeof(fail_le) / sizeof(*fail_le)); i++) { - if (wc_curve448_check_public(fail_le[i], CURVE448_KEY_SIZE, - EC448_LITTLE_ENDIAN) == 0) { - return -10924 - i; - } - } - /* Big-endian fail cases */ - for (i = 0; i < (int)(sizeof(fail_be) / sizeof(*fail_be)); i++) { - if (wc_curve448_check_public(fail_be[i], CURVE448_KEY_SIZE, - EC448_BIG_ENDIAN) == 0) { - return -10934 - i; - } - } - - /* Check a valid public value works! */ - if (wc_curve448_check_public(good, CURVE448_KEY_SIZE, - EC448_LITTLE_ENDIAN) != 0) { - return -10944; - } - if (wc_curve448_check_public(good, CURVE448_KEY_SIZE, - EC448_BIG_ENDIAN) != 0) { - return -10945; - } - - return 0; -} - -#endif /* HAVE_CURVE448_SHARED_SECRET && HAVE_CURVE448_KEY_IMPORT */ - -static int curve448_test(void) -{ - WC_RNG rng; - int ret; -#ifdef HAVE_CURVE448_SHARED_SECRET - byte sharedA[CURVE448_KEY_SIZE]; - byte sharedB[CURVE448_KEY_SIZE]; - word32 y; -#endif -#ifdef HAVE_CURVE448_KEY_EXPORT - byte exportBuf[CURVE448_KEY_SIZE]; -#endif - word32 x; - curve448_key userA, userB, pubKey; - -#if defined(HAVE_CURVE448_SHARED_SECRET) && \ - defined(HAVE_CURVE448_KEY_IMPORT) - /* test vectors from - https://www.rfc-editor.org/rfc/rfc7748.html - */ - - /* secret key for party a */ - byte sa[] = { - 0x6b, 0x72, 0x98, 0xa5, 0xc0, 0xd8, 0xc2, 0x9a, - 0x1d, 0xab, 0x27, 0xf1, 0xa6, 0x82, 0x63, 0x00, - 0x91, 0x73, 0x89, 0x44, 0x97, 0x41, 0xa9, 0x74, - 0xf5, 0xba, 0xc9, 0xd9, 0x8d, 0xc2, 0x98, 0xd4, - 0x65, 0x55, 0xbc, 0xe8, 0xba, 0xe8, 0x9e, 0xee, - 0xd4, 0x00, 0x58, 0x4b, 0xb0, 0x46, 0xcf, 0x75, - 0x57, 0x9f, 0x51, 0xd1, 0x25, 0x49, 0x8f, 0x9a, - }; - - /* public key for party a */ - byte pa[] = { - 0xa0, 0x1f, 0xc4, 0x32, 0xe5, 0x80, 0x7f, 0x17, - 0x53, 0x0d, 0x12, 0x88, 0xda, 0x12, 0x5b, 0x0c, - 0xd4, 0x53, 0xd9, 0x41, 0x72, 0x64, 0x36, 0xc8, - 0xbb, 0xd9, 0xc5, 0x22, 0x2c, 0x3d, 0xa7, 0xfa, - 0x63, 0x9c, 0xe0, 0x3d, 0xb8, 0xd2, 0x3b, 0x27, - 0x4a, 0x07, 0x21, 0xa1, 0xae, 0xd5, 0x22, 0x7d, - 0xe6, 0xe3, 0xb7, 0x31, 0xcc, 0xf7, 0x08, 0x9b, - }; - - /* secret key for party b */ - byte sb[] = { - 0x2d, 0x99, 0x73, 0x51, 0xb6, 0x10, 0x6f, 0x36, - 0xb0, 0xd1, 0x09, 0x1b, 0x92, 0x9c, 0x4c, 0x37, - 0x21, 0x3e, 0x0d, 0x2b, 0x97, 0xe8, 0x5e, 0xbb, - 0x20, 0xc1, 0x27, 0x69, 0x1d, 0x0d, 0xad, 0x8f, - 0x1d, 0x81, 0x75, 0xb0, 0x72, 0x37, 0x45, 0xe6, - 0x39, 0xa3, 0xcb, 0x70, 0x44, 0x29, 0x0b, 0x99, - 0xe0, 0xe2, 0xa0, 0xc2, 0x7a, 0x6a, 0x30, 0x1c, - }; - - /* public key for party b */ - byte pb[] = { - 0x09, 0x36, 0xf3, 0x7b, 0xc6, 0xc1, 0xbd, 0x07, - 0xae, 0x3d, 0xec, 0x7a, 0xb5, 0xdc, 0x06, 0xa7, - 0x3c, 0xa1, 0x32, 0x42, 0xfb, 0x34, 0x3e, 0xfc, - 0x72, 0xb9, 0xd8, 0x27, 0x30, 0xb4, 0x45, 0xf3, - 0xd4, 0xb0, 0xbd, 0x07, 0x71, 0x62, 0xa4, 0x6d, - 0xcf, 0xec, 0x6f, 0x9b, 0x59, 0x0b, 0xfc, 0xbc, - 0xf5, 0x20, 0xcd, 0xb0, 0x29, 0xa8, 0xb7, 0x3e, - }; - - /* expected shared key */ - byte ss[] = { - 0x9d, 0x87, 0x4a, 0x51, 0x37, 0x50, 0x9a, 0x44, - 0x9a, 0xd5, 0x85, 0x30, 0x40, 0x24, 0x1c, 0x52, - 0x36, 0x39, 0x54, 0x35, 0xc3, 0x64, 0x24, 0xfd, - 0x56, 0x0b, 0x0c, 0xb6, 0x2b, 0x28, 0x1d, 0x28, - 0x52, 0x75, 0xa7, 0x40, 0xce, 0x32, 0xa2, 0x2d, - 0xd1, 0x74, 0x0f, 0x4a, 0xa9, 0x16, 0x1c, 0xec, - 0x95, 0xcc, 0xc6, 0x1a, 0x18, 0xf4, 0xff, 0x07, - }; -#endif /* HAVE_CURVE448_SHARED_SECRET */ - - (void)x; - -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) - return -11000; - - wc_curve448_init(&userA); - wc_curve448_init(&userB); - wc_curve448_init(&pubKey); - - /* make curve448 keys */ - if (wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &userA) != 0) - return -11001; - - if (wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &userB) != 0) - return -11002; - -#ifdef HAVE_CURVE448_SHARED_SECRET - /* find shared secret key */ - x = sizeof(sharedA); - if (wc_curve448_shared_secret(&userA, &userB, sharedA, &x) != 0) - return -11003; - - y = sizeof(sharedB); - if (wc_curve448_shared_secret(&userB, &userA, sharedB, &y) != 0) - return -11004; - - /* compare shared secret keys to test they are the same */ - if (y != x) - return -11005; - - if (XMEMCMP(sharedA, sharedB, x)) - return -11006; -#endif - -#ifdef HAVE_CURVE448_KEY_EXPORT - /* export a public key and import it for another user */ - x = sizeof(exportBuf); - if (wc_curve448_export_public(&userA, exportBuf, &x) != 0) - return -11007; - -#ifdef HAVE_CURVE448_KEY_IMPORT - if (wc_curve448_import_public(exportBuf, x, &pubKey) != 0) - return -11008; -#endif -#endif - -#if defined(HAVE_CURVE448_SHARED_SECRET) && \ - defined(HAVE_CURVE448_KEY_IMPORT) - /* test shared key after importing a public key */ - XMEMSET(sharedB, 0, sizeof(sharedB)); - y = sizeof(sharedB); - if (wc_curve448_shared_secret(&userB, &pubKey, sharedB, &y) != 0) - return -11009; - - if (XMEMCMP(sharedA, sharedB, y)) - return -11010; - - /* import RFC test vectors and compare shared key */ - if (wc_curve448_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA) - != 0) - return -11011; - - if (wc_curve448_import_private_raw(sb, sizeof(sb), pb, sizeof(pb), &userB) - != 0) - return -11012; - - /* test against known test vector */ - XMEMSET(sharedB, 0, sizeof(sharedB)); - y = sizeof(sharedB); - if (wc_curve448_shared_secret(&userA, &userB, sharedB, &y) != 0) - return -11013; - - if (XMEMCMP(ss, sharedB, y)) - return -11014; - - /* test swapping roles of keys and generating same shared key */ - XMEMSET(sharedB, 0, sizeof(sharedB)); - y = sizeof(sharedB); - if (wc_curve448_shared_secret(&userB, &userA, sharedB, &y) != 0) - return -11015; - - if (XMEMCMP(ss, sharedB, y)) - return -11016; - - /* test with 1 generated key and 1 from known test vector */ - if (wc_curve448_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA) - != 0) - return -11017; - - if (wc_curve448_make_key(&rng, 56, &userB) != 0) - return -11018; - - x = sizeof(sharedA); - if (wc_curve448_shared_secret(&userA, &userB, sharedA, &x) != 0) - return -11019; - - y = sizeof(sharedB); - if (wc_curve448_shared_secret(&userB, &userA, sharedB, &y) != 0) - return -11020; - - /* compare shared secret keys to test they are the same */ - if (y != x) - return -11021; - - if (XMEMCMP(sharedA, sharedB, x)) - return -11022; - - ret = curve448_check_public_test(); - if (ret != 0) - return ret; -#endif /* HAVE_CURVE448_SHARED_SECRET && HAVE_CURVE448_KEY_IMPORT */ - - /* clean up keys when done */ - wc_curve448_free(&pubKey); - wc_curve448_free(&userB); - wc_curve448_free(&userA); - - wc_FreeRng(&rng); - - return 0; -} -#endif /* HAVE_CURVE448 */ - -#ifdef HAVE_ED448 -#ifdef WOLFSSL_TEST_CERT -static int ed448_test_cert(void) -{ - DecodedCert cert[2]; - DecodedCert* serverCert = NULL; - DecodedCert* caCert = NULL; -#ifdef HAVE_ED448_VERIFY - ed448_key key; - ed448_key* pubKey = NULL; - int verify; -#endif /* HAVE_ED448_VERIFY */ - int ret; - byte* tmp; - size_t bytes; - XFILE file; - - tmp = XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (tmp == NULL) { - ERROR_OUT(-11023, done); - } - -#ifdef USE_CERT_BUFFERS_256 - XMEMCPY(tmp, ca_ed448_cert, sizeof_ca_ed448_cert); - bytes = sizeof_ca_ed448_cert; -#elif !defined(NO_FILESYSTEM) - file = XFOPEN(caEd448Cert, "rb"); - if (file == NULL) { - ERROR_OUT(-11024, done); - } - bytes = XFREAD(tmp, 1, FOURK_BUF, file); - XFCLOSE(file); -#else - /* No certificate to use. */ - ERROR_OUT(-11025, done); -#endif - - InitDecodedCert(&cert[0], tmp, (word32)bytes, 0); - caCert = &cert[0]; - ret = ParseCert(caCert, CERT_TYPE, NO_VERIFY, NULL); - if (ret != 0) { - ERROR_OUT(-11026, done); - } - -#ifdef USE_CERT_BUFFERS_256 - XMEMCPY(tmp, server_ed448_cert, sizeof_server_ed448_cert); - bytes = sizeof_server_ed448_cert; -#elif !defined(NO_FILESYSTEM) - file = XFOPEN(serverEd448Cert, "rb"); - if (file == NULL) { - ERROR_OUT(-11027, done); - } - bytes = XFREAD(tmp, 1, FOURK_BUF, file); - XFCLOSE(file); -#else - /* No certificate to use. */ - ERROR_OUT(-11028, done); -#endif - - InitDecodedCert(&cert[1], tmp, (word32)bytes, 0); - serverCert = &cert[1]; - ret = ParseCert(serverCert, CERT_TYPE, NO_VERIFY, NULL); - if (ret != 0) { - ERROR_OUT(-11029, done); - } - -#ifdef HAVE_ED448_VERIFY - ret = wc_ed448_init(&key); - if (ret < 0) { - ERROR_OUT(-11030, done); - } - pubKey = &key; - ret = wc_ed448_import_public(caCert->publicKey, caCert->pubKeySize, pubKey); - if (ret < 0) { - ERROR_OUT(-11031, done); - } - - if (wc_ed448_verify_msg(serverCert->signature, serverCert->sigLength, - serverCert->source + serverCert->certBegin, - serverCert->sigIndex - serverCert->certBegin, - &verify, pubKey, NULL, 0) < 0 || verify != 1) { - ERROR_OUT(-11032, done); - } -#endif /* HAVE_ED448_VERIFY */ - -done: - if (tmp != NULL) - XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); -#ifdef HAVE_ED448_VERIFY - wc_ed448_free(pubKey); -#endif /* HAVE_ED448_VERIFY */ - if (caCert != NULL) - FreeDecodedCert(caCert); - if (serverCert != NULL) - FreeDecodedCert(serverCert); - - return ret; -} - -static int ed448_test_make_cert(void) -{ - WC_RNG rng; - Cert cert; - DecodedCert decode; - ed448_key key; - ed448_key* privKey = NULL; - int ret = 0; - byte* tmp = NULL; - - wc_InitCert(&cert); - -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) - return -11033; - - wc_ed448_init(&key); - privKey = &key; - wc_ed448_make_key(&rng, ED448_KEY_SIZE, privKey); - - cert.daysValid = 365 * 2; - cert.selfSigned = 1; - XMEMCPY(&cert.issuer, &certDefaultName, sizeof(CertName)); - XMEMCPY(&cert.subject, &certDefaultName, sizeof(CertName)); - cert.isCA = 0; -#ifdef WOLFSSL_CERT_EXT - ret = wc_SetKeyUsage(&cert, certKeyUsage); - if (ret < 0) { - ERROR_OUT(-11034, done); - } - ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED448_TYPE, privKey); - if (ret < 0) { - ERROR_OUT(-11035, done); - } - ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED448_TYPE, privKey); - if (ret < 0) { - ERROR_OUT(-11036, done); - } -#endif - tmp = XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (tmp == NULL) { - ERROR_OUT(-11037, done); - } - - cert.sigType = CTC_ED448; - ret = wc_MakeCert_ex(&cert, tmp, FOURK_BUF, ED448_TYPE, privKey, &rng); - if (ret < 0) { - ERROR_OUT(-11038, done); - } - ret = wc_SignCert_ex(cert.bodySz, cert.sigType, tmp, FOURK_BUF, ED448_TYPE, - privKey, &rng); - if (ret < 0) { - ERROR_OUT(-11039, done); - } - - InitDecodedCert(&decode, tmp, ret, HEAP_HINT); - ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); - FreeDecodedCert(&decode); - if (ret != 0) { - ERROR_OUT(-11040, done); - } - -done: - if (tmp != NULL) - XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_ed448_free(privKey); - wc_FreeRng(&rng); - return ret; -} -#endif /* WOLFSSL_TEST_CERT */ - -#if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) && \ - defined(HAVE_ED448_KEY_IMPORT) -static int ed448_ctx_test(void) -{ - byte out[ED448_SIG_SIZE]; - word32 outlen; -#ifdef HAVE_ED448_VERIFY - int verify; -#endif /* HAVE_ED448_VERIFY */ - ed448_key key; - - static const byte sKeyCtx[] = { - 0xc4, 0xea, 0xb0, 0x5d, 0x35, 0x70, 0x07, 0xc6, - 0x32, 0xf3, 0xdb, 0xb4, 0x84, 0x89, 0x92, 0x4d, - 0x55, 0x2b, 0x08, 0xfe, 0x0c, 0x35, 0x3a, 0x0d, - 0x4a, 0x1f, 0x00, 0xac, 0xda, 0x2c, 0x46, 0x3a, - 0xfb, 0xea, 0x67, 0xc5, 0xe8, 0xd2, 0x87, 0x7c, - 0x5e, 0x3b, 0xc3, 0x97, 0xa6, 0x59, 0x94, 0x9e, - 0xf8, 0x02, 0x1e, 0x95, 0x4e, 0x0a, 0x12, 0x27, - 0x4e - }; - - static const byte pKeyCtx[] = { - 0x43, 0xba, 0x28, 0xf4, 0x30, 0xcd, 0xff, 0x45, - 0x6a, 0xe5, 0x31, 0x54, 0x5f, 0x7e, 0xcd, 0x0a, - 0xc8, 0x34, 0xa5, 0x5d, 0x93, 0x58, 0xc0, 0x37, - 0x2b, 0xfa, 0x0c, 0x6c, 0x67, 0x98, 0xc0, 0x86, - 0x6a, 0xea, 0x01, 0xeb, 0x00, 0x74, 0x28, 0x02, - 0xb8, 0x43, 0x8e, 0xa4, 0xcb, 0x82, 0x16, 0x9c, - 0x23, 0x51, 0x60, 0x62, 0x7b, 0x4c, 0x3a, 0x94, - 0x80 - }; - - static const byte sigCtx[] = { - 0xd4, 0xf8, 0xf6, 0x13, 0x17, 0x70, 0xdd, 0x46, - 0xf4, 0x08, 0x67, 0xd6, 0xfd, 0x5d, 0x50, 0x55, - 0xde, 0x43, 0x54, 0x1f, 0x8c, 0x5e, 0x35, 0xab, - 0xbc, 0xd0, 0x01, 0xb3, 0x2a, 0x89, 0xf7, 0xd2, - 0x15, 0x1f, 0x76, 0x47, 0xf1, 0x1d, 0x8c, 0xa2, - 0xae, 0x27, 0x9f, 0xb8, 0x42, 0xd6, 0x07, 0x21, - 0x7f, 0xce, 0x6e, 0x04, 0x2f, 0x68, 0x15, 0xea, - 0x00, 0x0c, 0x85, 0x74, 0x1d, 0xe5, 0xc8, 0xda, - 0x11, 0x44, 0xa6, 0xa1, 0xab, 0xa7, 0xf9, 0x6d, - 0xe4, 0x25, 0x05, 0xd7, 0xa7, 0x29, 0x85, 0x24, - 0xfd, 0xa5, 0x38, 0xfc, 0xcb, 0xbb, 0x75, 0x4f, - 0x57, 0x8c, 0x1c, 0xad, 0x10, 0xd5, 0x4d, 0x0d, - 0x54, 0x28, 0x40, 0x7e, 0x85, 0xdc, 0xbc, 0x98, - 0xa4, 0x91, 0x55, 0xc1, 0x37, 0x64, 0xe6, 0x6c, - 0x3c, 0x00 - }; - - static const byte msgCtx[] = { - 0x03 - }; - - static const byte contextCtx[] = { - 0x66,0x6f,0x6f - }; - - outlen = sizeof(out); - XMEMSET(out, 0, sizeof(out)); - - if (wc_ed448_import_private_key(sKeyCtx, ED448_KEY_SIZE, pKeyCtx, - sizeof(pKeyCtx), &key) != 0) - return -11100; - - if (wc_ed448_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key, - contextCtx, sizeof(contextCtx)) != 0) - return -11101; - - if (XMEMCMP(out, sigCtx, sizeof(sigCtx))) - return -11102; - -#if defined(HAVE_ED448_VERIFY) - /* test verify on good msg */ - if (wc_ed448_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), &verify, &key, - contextCtx, sizeof(contextCtx)) != 0 || verify != 1) - return -11103; -#endif - - wc_ed448_free(&key); - - return 0; -} - -static int ed448ph_test(void) -{ - byte out[ED448_SIG_SIZE]; - word32 outlen; -#ifdef HAVE_ED448_VERIFY - int verify; -#endif /* HAVE_ED448_VERIFY */ - ed448_key key; - - static const byte sKeyPh[] = { - 0x83, 0x3f, 0xe6, 0x24, 0x09, 0x23, 0x7b, 0x9d, - 0x62, 0xec, 0x77, 0x58, 0x75, 0x20, 0x91, 0x1e, - 0x9a, 0x75, 0x9c, 0xec, 0x1d, 0x19, 0x75, 0x5b, - 0x7d, 0xa9, 0x01, 0xb9, 0x6d, 0xca, 0x3d, 0x42, - 0xef, 0x78, 0x22, 0xe0, 0xd5, 0x10, 0x41, 0x27, - 0xdc, 0x05, 0xd6, 0xdb, 0xef, 0xde, 0x69, 0xe3, - 0xab, 0x2c, 0xec, 0x7c, 0x86, 0x7c, 0x6e, 0x2c, - 0x49 - }; - - static const byte pKeyPh[] = { - 0x25, 0x9b, 0x71, 0xc1, 0x9f, 0x83, 0xef, 0x77, - 0xa7, 0xab, 0xd2, 0x65, 0x24, 0xcb, 0xdb, 0x31, - 0x61, 0xb5, 0x90, 0xa4, 0x8f, 0x7d, 0x17, 0xde, - 0x3e, 0xe0, 0xba, 0x9c, 0x52, 0xbe, 0xb7, 0x43, - 0xc0, 0x94, 0x28, 0xa1, 0x31, 0xd6, 0xb1, 0xb5, - 0x73, 0x03, 0xd9, 0x0d, 0x81, 0x32, 0xc2, 0x76, - 0xd5, 0xed, 0x3d, 0x5d, 0x01, 0xc0, 0xf5, 0x38, - 0x80 - }; - - static const byte sigPh1[] = { - 0x82, 0x2f, 0x69, 0x01, 0xf7, 0x48, 0x0f, 0x3d, - 0x5f, 0x56, 0x2c, 0x59, 0x29, 0x94, 0xd9, 0x69, - 0x36, 0x02, 0x87, 0x56, 0x14, 0x48, 0x32, 0x56, - 0x50, 0x56, 0x00, 0xbb, 0xc2, 0x81, 0xae, 0x38, - 0x1f, 0x54, 0xd6, 0xbc, 0xe2, 0xea, 0x91, 0x15, - 0x74, 0x93, 0x2f, 0x52, 0xa4, 0xe6, 0xca, 0xdd, - 0x78, 0x76, 0x93, 0x75, 0xec, 0x3f, 0xfd, 0x1b, - 0x80, 0x1a, 0x0d, 0x9b, 0x3f, 0x40, 0x30, 0xcd, - 0x43, 0x39, 0x64, 0xb6, 0x45, 0x7e, 0xa3, 0x94, - 0x76, 0x51, 0x12, 0x14, 0xf9, 0x74, 0x69, 0xb5, - 0x7d, 0xd3, 0x2d, 0xbc, 0x56, 0x0a, 0x9a, 0x94, - 0xd0, 0x0b, 0xff, 0x07, 0x62, 0x04, 0x64, 0xa3, - 0xad, 0x20, 0x3d, 0xf7, 0xdc, 0x7c, 0xe3, 0x60, - 0xc3, 0xcd, 0x36, 0x96, 0xd9, 0xd9, 0xfa, 0xb9, - 0x0f, 0x00 - }; - - static const byte sigPh2[] = { - 0xc3, 0x22, 0x99, 0xd4, 0x6e, 0xc8, 0xff, 0x02, - 0xb5, 0x45, 0x40, 0x98, 0x28, 0x14, 0xdc, 0xe9, - 0xa0, 0x58, 0x12, 0xf8, 0x19, 0x62, 0xb6, 0x49, - 0xd5, 0x28, 0x09, 0x59, 0x16, 0xa2, 0xaa, 0x48, - 0x10, 0x65, 0xb1, 0x58, 0x04, 0x23, 0xef, 0x92, - 0x7e, 0xcf, 0x0a, 0xf5, 0x88, 0x8f, 0x90, 0xda, - 0x0f, 0x6a, 0x9a, 0x85, 0xad, 0x5d, 0xc3, 0xf2, - 0x80, 0xd9, 0x12, 0x24, 0xba, 0x99, 0x11, 0xa3, - 0x65, 0x3d, 0x00, 0xe4, 0x84, 0xe2, 0xce, 0x23, - 0x25, 0x21, 0x48, 0x1c, 0x86, 0x58, 0xdf, 0x30, - 0x4b, 0xb7, 0x74, 0x5a, 0x73, 0x51, 0x4c, 0xdb, - 0x9b, 0xf3, 0xe1, 0x57, 0x84, 0xab, 0x71, 0x28, - 0x4f, 0x8d, 0x07, 0x04, 0xa6, 0x08, 0xc5, 0x4a, - 0x6b, 0x62, 0xd9, 0x7b, 0xeb, 0x51, 0x1d, 0x13, - 0x21, 0x00 - }; - - static const byte msgPh[] = { - 0x61,0x62,0x63 - }; - - /* SHA-512 hash of msgPh */ - static const byte hashPh[] = { - 0x48, 0x33, 0x66, 0x60, 0x13, 0x60, 0xa8, 0x77, - 0x1c, 0x68, 0x63, 0x08, 0x0c, 0xc4, 0x11, 0x4d, - 0x8d, 0xb4, 0x45, 0x30, 0xf8, 0xf1, 0xe1, 0xee, - 0x4f, 0x94, 0xea, 0x37, 0xe7, 0x8b, 0x57, 0x39, - 0xd5, 0xa1, 0x5b, 0xef, 0x18, 0x6a, 0x53, 0x86, - 0xc7, 0x57, 0x44, 0xc0, 0x52, 0x7e, 0x1f, 0xaa, - 0x9f, 0x87, 0x26, 0xe4, 0x62, 0xa1, 0x2a, 0x4f, - 0xeb, 0x06, 0xbd, 0x88, 0x01, 0xe7, 0x51, 0xe4 - }; - - static const byte contextPh2[] = { - 0x66,0x6f,0x6f - }; - - outlen = sizeof(out); - XMEMSET(out, 0, sizeof(out)); - - if (wc_ed448_import_private_key(sKeyPh, ED448_KEY_SIZE, pKeyPh, - sizeof(pKeyPh), &key) != 0) { - return -11200; - } - - if (wc_ed448ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, NULL, - 0) != 0) { - return -11201; - } - - if (XMEMCMP(out, sigPh1, sizeof(sigPh1))) - return -11202; - -#if defined(HAVE_ED448_VERIFY) - /* test verify on good msg */ - if (wc_ed448ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, &key, - NULL, 0) != 0 || verify != 1) { - return -11203; - } -#endif - - if (wc_ed448ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, - contextPh2, sizeof(contextPh2)) != 0) { - return -11204; - } - - if (XMEMCMP(out, sigPh2, sizeof(sigPh2))) - return -11205; - -#if defined(HAVE_ED448_VERIFY) - /* test verify on good msg */ - if (wc_ed448ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, &key, - contextPh2, sizeof(contextPh2)) != 0 || - verify != 1) { - return -11206; - } -#endif - - if (wc_ed448ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, NULL, - 0) != 0) { - return -11207; - } - - if (XMEMCMP(out, sigPh1, sizeof(sigPh1))) - return -11208; - -#if defined(HAVE_ED448_VERIFY) - if (wc_ed448ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify, - &key, NULL, 0) != 0 || verify != 1) { - return -11209; - } -#endif - - if (wc_ed448ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, - contextPh2, sizeof(contextPh2)) != 0) { - return -11210; - } - - if (XMEMCMP(out, sigPh2, sizeof(sigPh2))) - return -11211; - -#if defined(HAVE_ED448_VERIFY) - if (wc_ed448ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify, - &key, contextPh2, sizeof(contextPh2)) != 0 || - verify != 1) { - return -11212; - } -#endif - - wc_ed448_free(&key); - - return 0; -} -#endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */ - -static int ed448_test(void) -{ - int ret; - WC_RNG rng; -#if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) &&\ - defined(HAVE_ED448_KEY_IMPORT) - byte out[ED448_SIG_SIZE]; - byte exportPKey[ED448_KEY_SIZE]; - byte exportSKey[ED448_KEY_SIZE]; - word32 exportPSz; - word32 exportSSz; - int i; - word32 outlen; -#ifdef HAVE_ED448_VERIFY - int verify; -#endif /* HAVE_ED448_VERIFY */ -#endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */ - word32 keySz, sigSz; - ed448_key key; - ed448_key key2; - -#if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) && \ - defined(HAVE_ED448_KEY_IMPORT) - /* test vectors from - https://tools.ietf.org/html/rfc8032 - */ - - static const byte sKey1[] = { - 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10, - 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf, - 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f, - 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3, - 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e, - 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f, - 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9, - 0x5b - }; - - static const byte sKey2[] = { - 0xc4, 0xea, 0xb0, 0x5d, 0x35, 0x70, 0x07, 0xc6, - 0x32, 0xf3, 0xdb, 0xb4, 0x84, 0x89, 0x92, 0x4d, - 0x55, 0x2b, 0x08, 0xfe, 0x0c, 0x35, 0x3a, 0x0d, - 0x4a, 0x1f, 0x00, 0xac, 0xda, 0x2c, 0x46, 0x3a, - 0xfb, 0xea, 0x67, 0xc5, 0xe8, 0xd2, 0x87, 0x7c, - 0x5e, 0x3b, 0xc3, 0x97, 0xa6, 0x59, 0x94, 0x9e, - 0xf8, 0x02, 0x1e, 0x95, 0x4e, 0x0a, 0x12, 0x27, - 0x4e - }; - - static const byte sKey3[] = { - 0x25, 0x8c, 0xdd, 0x4a, 0xda, 0x32, 0xed, 0x9c, - 0x9f, 0xf5, 0x4e, 0x63, 0x75, 0x6a, 0xe5, 0x82, - 0xfb, 0x8f, 0xab, 0x2a, 0xc7, 0x21, 0xf2, 0xc8, - 0xe6, 0x76, 0xa7, 0x27, 0x68, 0x51, 0x3d, 0x93, - 0x9f, 0x63, 0xdd, 0xdb, 0x55, 0x60, 0x91, 0x33, - 0xf2, 0x9a, 0xdf, 0x86, 0xec, 0x99, 0x29, 0xdc, - 0xcb, 0x52, 0xc1, 0xc5, 0xfd, 0x2f, 0xf7, 0xe2, - 0x1b - }; - - /* uncompressed test */ - static const byte sKey4[] = { - 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10, - 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf, - 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f, - 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3, - 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e, - 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f, - 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9, - 0x5b - }; - - /* compressed prefix test */ - static const byte sKey5[] = { - 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10, - 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf, - 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f, - 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3, - 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e, - 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f, - 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9, - 0x5b - }; - - static const byte sKey6[] = { - 0x87, 0x2d, 0x09, 0x37, 0x80, 0xf5, 0xd3, 0x73, - 0x0d, 0xf7, 0xc2, 0x12, 0x66, 0x4b, 0x37, 0xb8, - 0xa0, 0xf2, 0x4f, 0x56, 0x81, 0x0d, 0xaa, 0x83, - 0x82, 0xcd, 0x4f, 0xa3, 0xf7, 0x76, 0x34, 0xec, - 0x44, 0xdc, 0x54, 0xf1, 0xc2, 0xed, 0x9b, 0xea, - 0x86, 0xfa, 0xfb, 0x76, 0x32, 0xd8, 0xbe, 0x19, - 0x9e, 0xa1, 0x65, 0xf5, 0xad, 0x55, 0xdd, 0x9c, - 0xe8 - }; - - static const byte* sKeys[] = {sKey1, sKey2, sKey3, sKey4, sKey5, sKey6}; - - static const byte pKey1[] = { - 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd, - 0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a, - 0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f, - 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78, - 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06, - 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c, - 0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61, - 0x80 - }; - - static const byte pKey2[] = { - 0x43, 0xba, 0x28, 0xf4, 0x30, 0xcd, 0xff, 0x45, - 0x6a, 0xe5, 0x31, 0x54, 0x5f, 0x7e, 0xcd, 0x0a, - 0xc8, 0x34, 0xa5, 0x5d, 0x93, 0x58, 0xc0, 0x37, - 0x2b, 0xfa, 0x0c, 0x6c, 0x67, 0x98, 0xc0, 0x86, - 0x6a, 0xea, 0x01, 0xeb, 0x00, 0x74, 0x28, 0x02, - 0xb8, 0x43, 0x8e, 0xa4, 0xcb, 0x82, 0x16, 0x9c, - 0x23, 0x51, 0x60, 0x62, 0x7b, 0x4c, 0x3a, 0x94, - 0x80 - }; - - static const byte pKey3[] = { - 0x3b, 0xa1, 0x6d, 0xa0, 0xc6, 0xf2, 0xcc, 0x1f, - 0x30, 0x18, 0x77, 0x40, 0x75, 0x6f, 0x5e, 0x79, - 0x8d, 0x6b, 0xc5, 0xfc, 0x01, 0x5d, 0x7c, 0x63, - 0xcc, 0x95, 0x10, 0xee, 0x3f, 0xd4, 0x4a, 0xdc, - 0x24, 0xd8, 0xe9, 0x68, 0xb6, 0xe4, 0x6e, 0x6f, - 0x94, 0xd1, 0x9b, 0x94, 0x53, 0x61, 0x72, 0x6b, - 0xd7, 0x5e, 0x14, 0x9e, 0xf0, 0x98, 0x17, 0xf5, - 0x80 - }; - - /* uncompressed test */ - static const byte pKey4[] = { - 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd, - 0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a, - 0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f, - 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78, - 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06, - 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c, - 0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61, - 0x80 - }; - - /* compressed prefix */ - static const byte pKey5[] = { - 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd, - 0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a, - 0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f, - 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78, - 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06, - 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c, - 0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61, - 0x80 - }; - - static const byte pKey6[] = { - 0xa8, 0x1b, 0x2e, 0x8a, 0x70, 0xa5, 0xac, 0x94, - 0xff, 0xdb, 0xcc, 0x9b, 0xad, 0xfc, 0x3f, 0xeb, - 0x08, 0x01, 0xf2, 0x58, 0x57, 0x8b, 0xb1, 0x14, - 0xad, 0x44, 0xec, 0xe1, 0xec, 0x0e, 0x79, 0x9d, - 0xa0, 0x8e, 0xff, 0xb8, 0x1c, 0x5d, 0x68, 0x5c, - 0x0c, 0x56, 0xf6, 0x4e, 0xec, 0xae, 0xf8, 0xcd, - 0xf1, 0x1c, 0xc3, 0x87, 0x37, 0x83, 0x8c, 0xf4, - 0x00 - }; - - static const byte* pKeys[] = {pKey1, pKey2, pKey3, pKey4, pKey5, pKey6}; - static const byte pKeySz[] = {sizeof(pKey1), sizeof(pKey2), sizeof(pKey3), - sizeof(pKey4), sizeof(pKey5), sizeof(pKey6)}; - - static const byte sig1[] = { - 0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25, - 0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae, - 0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2, - 0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f, - 0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81, - 0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78, - 0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39, - 0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a, - 0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d, - 0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41, - 0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd, - 0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb, - 0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26, - 0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65, - 0x26, 0x00 - }; - - static const byte sig2[] = { - 0x26, 0xb8, 0xf9, 0x17, 0x27, 0xbd, 0x62, 0x89, - 0x7a, 0xf1, 0x5e, 0x41, 0xeb, 0x43, 0xc3, 0x77, - 0xef, 0xb9, 0xc6, 0x10, 0xd4, 0x8f, 0x23, 0x35, - 0xcb, 0x0b, 0xd0, 0x08, 0x78, 0x10, 0xf4, 0x35, - 0x25, 0x41, 0xb1, 0x43, 0xc4, 0xb9, 0x81, 0xb7, - 0xe1, 0x8f, 0x62, 0xde, 0x8c, 0xcd, 0xf6, 0x33, - 0xfc, 0x1b, 0xf0, 0x37, 0xab, 0x7c, 0xd7, 0x79, - 0x80, 0x5e, 0x0d, 0xbc, 0xc0, 0xaa, 0xe1, 0xcb, - 0xce, 0xe1, 0xaf, 0xb2, 0xe0, 0x27, 0xdf, 0x36, - 0xbc, 0x04, 0xdc, 0xec, 0xbf, 0x15, 0x43, 0x36, - 0xc1, 0x9f, 0x0a, 0xf7, 0xe0, 0xa6, 0x47, 0x29, - 0x05, 0xe7, 0x99, 0xf1, 0x95, 0x3d, 0x2a, 0x0f, - 0xf3, 0x34, 0x8a, 0xb2, 0x1a, 0xa4, 0xad, 0xaf, - 0xd1, 0xd2, 0x34, 0x44, 0x1c, 0xf8, 0x07, 0xc0, - 0x3a, 0x00 - }; - - static const byte sig3[] = { - 0x7e, 0xee, 0xab, 0x7c, 0x4e, 0x50, 0xfb, 0x79, - 0x9b, 0x41, 0x8e, 0xe5, 0xe3, 0x19, 0x7f, 0xf6, - 0xbf, 0x15, 0xd4, 0x3a, 0x14, 0xc3, 0x43, 0x89, - 0xb5, 0x9d, 0xd1, 0xa7, 0xb1, 0xb8, 0x5b, 0x4a, - 0xe9, 0x04, 0x38, 0xac, 0xa6, 0x34, 0xbe, 0xa4, - 0x5e, 0x3a, 0x26, 0x95, 0xf1, 0x27, 0x0f, 0x07, - 0xfd, 0xcd, 0xf7, 0xc6, 0x2b, 0x8e, 0xfe, 0xaf, - 0x00, 0xb4, 0x5c, 0x2c, 0x96, 0xba, 0x45, 0x7e, - 0xb1, 0xa8, 0xbf, 0x07, 0x5a, 0x3d, 0xb2, 0x8e, - 0x5c, 0x24, 0xf6, 0xb9, 0x23, 0xed, 0x4a, 0xd7, - 0x47, 0xc3, 0xc9, 0xe0, 0x3c, 0x70, 0x79, 0xef, - 0xb8, 0x7c, 0xb1, 0x10, 0xd3, 0xa9, 0x98, 0x61, - 0xe7, 0x20, 0x03, 0xcb, 0xae, 0x6d, 0x6b, 0x8b, - 0x82, 0x7e, 0x4e, 0x6c, 0x14, 0x30, 0x64, 0xff, - 0x3c, 0x00 - }; - - /* uncompressed test */ - static const byte sig4[] = { - 0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25, - 0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae, - 0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2, - 0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f, - 0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81, - 0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78, - 0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39, - 0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a, - 0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d, - 0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41, - 0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd, - 0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb, - 0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26, - 0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65, - 0x26, 0x00 - }; - - /* compressed prefix */ - static const byte sig5[] = { - 0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25, - 0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae, - 0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2, - 0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f, - 0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81, - 0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78, - 0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39, - 0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a, - 0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d, - 0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41, - 0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd, - 0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb, - 0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26, - 0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65, - 0x26, 0x00 - }; - - static const byte sig6[] = { - 0xe3, 0x01, 0x34, 0x5a, 0x41, 0xa3, 0x9a, 0x4d, - 0x72, 0xff, 0xf8, 0xdf, 0x69, 0xc9, 0x80, 0x75, - 0xa0, 0xcc, 0x08, 0x2b, 0x80, 0x2f, 0xc9, 0xb2, - 0xb6, 0xbc, 0x50, 0x3f, 0x92, 0x6b, 0x65, 0xbd, - 0xdf, 0x7f, 0x4c, 0x8f, 0x1c, 0xb4, 0x9f, 0x63, - 0x96, 0xaf, 0xc8, 0xa7, 0x0a, 0xbe, 0x6d, 0x8a, - 0xef, 0x0d, 0xb4, 0x78, 0xd4, 0xc6, 0xb2, 0x97, - 0x00, 0x76, 0xc6, 0xa0, 0x48, 0x4f, 0xe7, 0x6d, - 0x76, 0xb3, 0xa9, 0x76, 0x25, 0xd7, 0x9f, 0x1c, - 0xe2, 0x40, 0xe7, 0xc5, 0x76, 0x75, 0x0d, 0x29, - 0x55, 0x28, 0x28, 0x6f, 0x71, 0x9b, 0x41, 0x3d, - 0xe9, 0xad, 0xa3, 0xe8, 0xeb, 0x78, 0xed, 0x57, - 0x36, 0x03, 0xce, 0x30, 0xd8, 0xbb, 0x76, 0x17, - 0x85, 0xdc, 0x30, 0xdb, 0xc3, 0x20, 0x86, 0x9e, - 0x1a, 0x00 - }; - - static const byte* sigs[] = {sig1, sig2, sig3, sig4, sig5, sig6}; - #define SIGSZ sizeof(sig1) - - static const byte msg1[] = { }; - static const byte msg2[] = { 0x03 }; - static const byte msg3[] = { 0x64, 0xa6, 0x5f, 0x3c, 0xde, 0xdc, 0xdd, - 0x66, 0x81, 0x1e, 0x29, 0x15 }; - - /* test of a 1023 byte long message */ - static const byte msg4[] = { - 0x6d, 0xdf, 0x80, 0x2e, 0x1a, 0xae, 0x49, 0x86, - 0x93, 0x5f, 0x7f, 0x98, 0x1b, 0xa3, 0xf0, 0x35, - 0x1d, 0x62, 0x73, 0xc0, 0xa0, 0xc2, 0x2c, 0x9c, - 0x0e, 0x83, 0x39, 0x16, 0x8e, 0x67, 0x54, 0x12, - 0xa3, 0xde, 0xbf, 0xaf, 0x43, 0x5e, 0xd6, 0x51, - 0x55, 0x80, 0x07, 0xdb, 0x43, 0x84, 0xb6, 0x50, - 0xfc, 0xc0, 0x7e, 0x3b, 0x58, 0x6a, 0x27, 0xa4, - 0xf7, 0xa0, 0x0a, 0xc8, 0xa6, 0xfe, 0xc2, 0xcd, - 0x86, 0xae, 0x4b, 0xf1, 0x57, 0x0c, 0x41, 0xe6, - 0xa4, 0x0c, 0x93, 0x1d, 0xb2, 0x7b, 0x2f, 0xaa, - 0x15, 0xa8, 0xce, 0xdd, 0x52, 0xcf, 0xf7, 0x36, - 0x2c, 0x4e, 0x6e, 0x23, 0xda, 0xec, 0x0f, 0xbc, - 0x3a, 0x79, 0xb6, 0x80, 0x6e, 0x31, 0x6e, 0xfc, - 0xc7, 0xb6, 0x81, 0x19, 0xbf, 0x46, 0xbc, 0x76, - 0xa2, 0x60, 0x67, 0xa5, 0x3f, 0x29, 0x6d, 0xaf, - 0xdb, 0xdc, 0x11, 0xc7, 0x7f, 0x77, 0x77, 0xe9, - 0x72, 0x66, 0x0c, 0xf4, 0xb6, 0xa9, 0xb3, 0x69, - 0xa6, 0x66, 0x5f, 0x02, 0xe0, 0xcc, 0x9b, 0x6e, - 0xdf, 0xad, 0x13, 0x6b, 0x4f, 0xab, 0xe7, 0x23, - 0xd2, 0x81, 0x3d, 0xb3, 0x13, 0x6c, 0xfd, 0xe9, - 0xb6, 0xd0, 0x44, 0x32, 0x2f, 0xee, 0x29, 0x47, - 0x95, 0x2e, 0x03, 0x1b, 0x73, 0xab, 0x5c, 0x60, - 0x33, 0x49, 0xb3, 0x07, 0xbd, 0xc2, 0x7b, 0xc6, - 0xcb, 0x8b, 0x8b, 0xbd, 0x7b, 0xd3, 0x23, 0x21, - 0x9b, 0x80, 0x33, 0xa5, 0x81, 0xb5, 0x9e, 0xad, - 0xeb, 0xb0, 0x9b, 0x3c, 0x4f, 0x3d, 0x22, 0x77, - 0xd4, 0xf0, 0x34, 0x36, 0x24, 0xac, 0xc8, 0x17, - 0x80, 0x47, 0x28, 0xb2, 0x5a, 0xb7, 0x97, 0x17, - 0x2b, 0x4c, 0x5c, 0x21, 0xa2, 0x2f, 0x9c, 0x78, - 0x39, 0xd6, 0x43, 0x00, 0x23, 0x2e, 0xb6, 0x6e, - 0x53, 0xf3, 0x1c, 0x72, 0x3f, 0xa3, 0x7f, 0xe3, - 0x87, 0xc7, 0xd3, 0xe5, 0x0b, 0xdf, 0x98, 0x13, - 0xa3, 0x0e, 0x5b, 0xb1, 0x2c, 0xf4, 0xcd, 0x93, - 0x0c, 0x40, 0xcf, 0xb4, 0xe1, 0xfc, 0x62, 0x25, - 0x92, 0xa4, 0x95, 0x88, 0x79, 0x44, 0x94, 0xd5, - 0x6d, 0x24, 0xea, 0x4b, 0x40, 0xc8, 0x9f, 0xc0, - 0x59, 0x6c, 0xc9, 0xeb, 0xb9, 0x61, 0xc8, 0xcb, - 0x10, 0xad, 0xde, 0x97, 0x6a, 0x5d, 0x60, 0x2b, - 0x1c, 0x3f, 0x85, 0xb9, 0xb9, 0xa0, 0x01, 0xed, - 0x3c, 0x6a, 0x4d, 0x3b, 0x14, 0x37, 0xf5, 0x20, - 0x96, 0xcd, 0x19, 0x56, 0xd0, 0x42, 0xa5, 0x97, - 0xd5, 0x61, 0xa5, 0x96, 0xec, 0xd3, 0xd1, 0x73, - 0x5a, 0x8d, 0x57, 0x0e, 0xa0, 0xec, 0x27, 0x22, - 0x5a, 0x2c, 0x4a, 0xaf, 0xf2, 0x63, 0x06, 0xd1, - 0x52, 0x6c, 0x1a, 0xf3, 0xca, 0x6d, 0x9c, 0xf5, - 0xa2, 0xc9, 0x8f, 0x47, 0xe1, 0xc4, 0x6d, 0xb9, - 0xa3, 0x32, 0x34, 0xcf, 0xd4, 0xd8, 0x1f, 0x2c, - 0x98, 0x53, 0x8a, 0x09, 0xeb, 0xe7, 0x69, 0x98, - 0xd0, 0xd8, 0xfd, 0x25, 0x99, 0x7c, 0x7d, 0x25, - 0x5c, 0x6d, 0x66, 0xec, 0xe6, 0xfa, 0x56, 0xf1, - 0x11, 0x44, 0x95, 0x0f, 0x02, 0x77, 0x95, 0xe6, - 0x53, 0x00, 0x8f, 0x4b, 0xd7, 0xca, 0x2d, 0xee, - 0x85, 0xd8, 0xe9, 0x0f, 0x3d, 0xc3, 0x15, 0x13, - 0x0c, 0xe2, 0xa0, 0x03, 0x75, 0xa3, 0x18, 0xc7, - 0xc3, 0xd9, 0x7b, 0xe2, 0xc8, 0xce, 0x5b, 0x6d, - 0xb4, 0x1a, 0x62, 0x54, 0xff, 0x26, 0x4f, 0xa6, - 0x15, 0x5b, 0xae, 0xe3, 0xb0, 0x77, 0x3c, 0x0f, - 0x49, 0x7c, 0x57, 0x3f, 0x19, 0xbb, 0x4f, 0x42, - 0x40, 0x28, 0x1f, 0x0b, 0x1f, 0x4f, 0x7b, 0xe8, - 0x57, 0xa4, 0xe5, 0x9d, 0x41, 0x6c, 0x06, 0xb4, - 0xc5, 0x0f, 0xa0, 0x9e, 0x18, 0x10, 0xdd, 0xc6, - 0xb1, 0x46, 0x7b, 0xae, 0xac, 0x5a, 0x36, 0x68, - 0xd1, 0x1b, 0x6e, 0xca, 0xa9, 0x01, 0x44, 0x00, - 0x16, 0xf3, 0x89, 0xf8, 0x0a, 0xcc, 0x4d, 0xb9, - 0x77, 0x02, 0x5e, 0x7f, 0x59, 0x24, 0x38, 0x8c, - 0x7e, 0x34, 0x0a, 0x73, 0x2e, 0x55, 0x44, 0x40, - 0xe7, 0x65, 0x70, 0xf8, 0xdd, 0x71, 0xb7, 0xd6, - 0x40, 0xb3, 0x45, 0x0d, 0x1f, 0xd5, 0xf0, 0x41, - 0x0a, 0x18, 0xf9, 0xa3, 0x49, 0x4f, 0x70, 0x7c, - 0x71, 0x7b, 0x79, 0xb4, 0xbf, 0x75, 0xc9, 0x84, - 0x00, 0xb0, 0x96, 0xb2, 0x16, 0x53, 0xb5, 0xd2, - 0x17, 0xcf, 0x35, 0x65, 0xc9, 0x59, 0x74, 0x56, - 0xf7, 0x07, 0x03, 0x49, 0x7a, 0x07, 0x87, 0x63, - 0x82, 0x9b, 0xc0, 0x1b, 0xb1, 0xcb, 0xc8, 0xfa, - 0x04, 0xea, 0xdc, 0x9a, 0x6e, 0x3f, 0x66, 0x99, - 0x58, 0x7a, 0x9e, 0x75, 0xc9, 0x4e, 0x5b, 0xab, - 0x00, 0x36, 0xe0, 0xb2, 0xe7, 0x11, 0x39, 0x2c, - 0xff, 0x00, 0x47, 0xd0, 0xd6, 0xb0, 0x5b, 0xd2, - 0xa5, 0x88, 0xbc, 0x10, 0x97, 0x18, 0x95, 0x42, - 0x59, 0xf1, 0xd8, 0x66, 0x78, 0xa5, 0x79, 0xa3, - 0x12, 0x0f, 0x19, 0xcf, 0xb2, 0x96, 0x3f, 0x17, - 0x7a, 0xeb, 0x70, 0xf2, 0xd4, 0x84, 0x48, 0x26, - 0x26, 0x2e, 0x51, 0xb8, 0x02, 0x71, 0x27, 0x20, - 0x68, 0xef, 0x5b, 0x38, 0x56, 0xfa, 0x85, 0x35, - 0xaa, 0x2a, 0x88, 0xb2, 0xd4, 0x1f, 0x2a, 0x0e, - 0x2f, 0xda, 0x76, 0x24, 0xc2, 0x85, 0x02, 0x72, - 0xac, 0x4a, 0x2f, 0x56, 0x1f, 0x8f, 0x2f, 0x7a, - 0x31, 0x8b, 0xfd, 0x5c, 0xaf, 0x96, 0x96, 0x14, - 0x9e, 0x4a, 0xc8, 0x24, 0xad, 0x34, 0x60, 0x53, - 0x8f, 0xdc, 0x25, 0x42, 0x1b, 0xee, 0xc2, 0xcc, - 0x68, 0x18, 0x16, 0x2d, 0x06, 0xbb, 0xed, 0x0c, - 0x40, 0xa3, 0x87, 0x19, 0x23, 0x49, 0xdb, 0x67, - 0xa1, 0x18, 0xba, 0xda, 0x6c, 0xd5, 0xab, 0x01, - 0x40, 0xee, 0x27, 0x32, 0x04, 0xf6, 0x28, 0xaa, - 0xd1, 0xc1, 0x35, 0xf7, 0x70, 0x27, 0x9a, 0x65, - 0x1e, 0x24, 0xd8, 0xc1, 0x4d, 0x75, 0xa6, 0x05, - 0x9d, 0x76, 0xb9, 0x6a, 0x6f, 0xd8, 0x57, 0xde, - 0xf5, 0xe0, 0xb3, 0x54, 0xb2, 0x7a, 0xb9, 0x37, - 0xa5, 0x81, 0x5d, 0x16, 0xb5, 0xfa, 0xe4, 0x07, - 0xff, 0x18, 0x22, 0x2c, 0x6d, 0x1e, 0xd2, 0x63, - 0xbe, 0x68, 0xc9, 0x5f, 0x32, 0xd9, 0x08, 0xbd, - 0x89, 0x5c, 0xd7, 0x62, 0x07, 0xae, 0x72, 0x64, - 0x87, 0x56, 0x7f, 0x9a, 0x67, 0xda, 0xd7, 0x9a, - 0xbe, 0xc3, 0x16, 0xf6, 0x83, 0xb1, 0x7f, 0x2d, - 0x02, 0xbf, 0x07, 0xe0, 0xac, 0x8b, 0x5b, 0xc6, - 0x16, 0x2c, 0xf9, 0x46, 0x97, 0xb3, 0xc2, 0x7c, - 0xd1, 0xfe, 0xa4, 0x9b, 0x27, 0xf2, 0x3b, 0xa2, - 0x90, 0x18, 0x71, 0x96, 0x25, 0x06, 0x52, 0x0c, - 0x39, 0x2d, 0xa8, 0xb6, 0xad, 0x0d, 0x99, 0xf7, - 0x01, 0x3f, 0xbc, 0x06, 0xc2, 0xc1, 0x7a, 0x56, - 0x95, 0x00, 0xc8, 0xa7, 0x69, 0x64, 0x81, 0xc1, - 0xcd, 0x33, 0xe9, 0xb1, 0x4e, 0x40, 0xb8, 0x2e, - 0x79, 0xa5, 0xf5, 0xdb, 0x82, 0x57, 0x1b, 0xa9, - 0x7b, 0xae, 0x3a, 0xd3, 0xe0, 0x47, 0x95, 0x15, - 0xbb, 0x0e, 0x2b, 0x0f, 0x3b, 0xfc, 0xd1, 0xfd, - 0x33, 0x03, 0x4e, 0xfc, 0x62, 0x45, 0xed, 0xdd, - 0x7e, 0xe2, 0x08, 0x6d, 0xda, 0xe2, 0x60, 0x0d, - 0x8c, 0xa7, 0x3e, 0x21, 0x4e, 0x8c, 0x2b, 0x0b, - 0xdb, 0x2b, 0x04, 0x7c, 0x6a, 0x46, 0x4a, 0x56, - 0x2e, 0xd7, 0x7b, 0x73, 0xd2, 0xd8, 0x41, 0xc4, - 0xb3, 0x49, 0x73, 0x55, 0x12, 0x57, 0x71, 0x3b, - 0x75, 0x36, 0x32, 0xef, 0xba, 0x34, 0x81, 0x69, - 0xab, 0xc9, 0x0a, 0x68, 0xf4, 0x26, 0x11, 0xa4, - 0x01, 0x26, 0xd7, 0xcb, 0x21, 0xb5, 0x86, 0x95, - 0x56, 0x81, 0x86, 0xf7, 0xe5, 0x69, 0xd2, 0xff, - 0x0f, 0x9e, 0x74, 0x5d, 0x04, 0x87, 0xdd, 0x2e, - 0xb9, 0x97, 0xca, 0xfc, 0x5a, 0xbf, 0x9d, 0xd1, - 0x02, 0xe6, 0x2f, 0xf6, 0x6c, 0xba, 0x87 - }; - - static const byte* msgs[] = {msg1, msg2, msg3, msg1, msg1, msg4}; - static const word16 msgSz[] = {0 /*sizeof(msg1)*/, - sizeof(msg2), - sizeof(msg3), - 0 /*sizeof(msg1)*/, - 0 /*sizeof(msg1)*/, - sizeof(msg4) - }; -#ifndef NO_ASN - static byte privateEd448[] = { - 0x30, 0x47, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, - 0x03, 0x2b, 0x65, 0x71, 0x04, 0x3b, 0x04, 0x39, - 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10, - 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf, - 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f, - 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3, - 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e, - 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f, - 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9, - 0x5b - }; - static byte publicEd448[] = { - 0x30, 0x43, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, - 0x71, 0x03, 0x3a, 0x00, 0x5f, 0xd7, 0x44, 0x9b, - 0x59, 0xb4, 0x61, 0xfd, 0x2c, 0xe7, 0x87, 0xec, - 0x61, 0x6a, 0xd4, 0x6a, 0x1d, 0xa1, 0x34, 0x24, - 0x85, 0xa7, 0x0e, 0x1f, 0x8a, 0x0e, 0xa7, 0x5d, - 0x80, 0xe9, 0x67, 0x78, 0xed, 0xf1, 0x24, 0x76, - 0x9b, 0x46, 0xc7, 0x06, 0x1b, 0xd6, 0x78, 0x3d, - 0xf1, 0xe5, 0x0f, 0x6c, 0xd1, 0xfa, 0x1a, 0xbe, - 0xaf, 0xe8, 0x25, 0x61, 0x80 - }; - static byte privPubEd448[] = { - 0x30, 0x81, 0x84, 0x02, 0x01, 0x00, 0x30, 0x05, - 0x06, 0x03, 0x2b, 0x65, 0x71, 0x04, 0x3b, 0x04, - 0x39, 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, - 0x10, 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, - 0xbf, 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, - 0x9f, 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, - 0xa3, 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, - 0x4e, 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, - 0x8f, 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, - 0xf9, 0x5b, 0xa1, 0x3b, 0x04, 0x39, 0x5f, 0xd7, - 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd, 0x2c, 0xe7, - 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a, 0x1d, 0xa1, - 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f, 0x8a, 0x0e, - 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78, 0xed, 0xf1, - 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06, 0x1b, 0xd6, - 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c, 0xd1, 0xfa, - 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61, 0x80 - }; - - word32 idx; - ed448_key key3; -#endif /* NO_ASN */ -#endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */ - - /* create ed448 keys */ -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) - return -11300; - - wc_ed448_init(&key); - wc_ed448_init(&key2); -#ifndef NO_ASN - wc_ed448_init(&key3); -#endif - wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key); - wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key2); - - /* helper functions for signature and key size */ - keySz = wc_ed448_size(&key); - sigSz = wc_ed448_sig_size(&key); - -#if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) &&\ - defined(HAVE_ED448_KEY_IMPORT) - for (i = 0; i < 6; i++) { - outlen = sizeof(out); - XMEMSET(out, 0, sizeof(out)); - - if (wc_ed448_import_private_key(sKeys[i], ED448_KEY_SIZE, pKeys[i], - pKeySz[i], &key) != 0) - return -11301 - i; - - if (wc_ed448_sign_msg(msgs[i], msgSz[i], out, &outlen, &key, NULL, - 0) != 0) { - return -11311 - i; - } - - if (XMEMCMP(out, sigs[i], 114)) - return -11321 - i; - -#if defined(HAVE_ED448_VERIFY) - /* test verify on good msg */ - if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, &key, - NULL, 0) != 0 || verify != 1) { - return -11331 - i; - } - - /* test verify on bad msg */ - out[outlen-2] = out[outlen-2] + 1; - if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, &key, - NULL, 0) == 0 || verify == 1) { - return -11341 - i; - } -#endif /* HAVE_ED448_VERIFY */ - - /* test api for import/exporting keys */ - exportPSz = sizeof(exportPKey); - exportSSz = sizeof(exportSKey); - if (wc_ed448_export_public(&key, exportPKey, &exportPSz) != 0) - return -11351 - i; - - if (wc_ed448_import_public(exportPKey, exportPSz, &key2) != 0) - return -11361 - i; - - if (wc_ed448_export_private_only(&key, exportSKey, &exportSSz) != 0) - return -11371 - i; - - if (wc_ed448_import_private_key(exportSKey, exportSSz, - exportPKey, exportPSz, &key2) != 0) - return -11381 - i; - - /* clear "out" buffer and test sign with imported keys */ - outlen = sizeof(out); - XMEMSET(out, 0, sizeof(out)); - if (wc_ed448_sign_msg(msgs[i], msgSz[i], out, &outlen, &key2, NULL, - 0) != 0) { - return -11391 - i; - } - -#if defined(HAVE_ED448_VERIFY) - if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, &key2, - NULL, 0) != 0 || verify != 1) - return -11401 - i; - - if (XMEMCMP(out, sigs[i], SIGSZ)) - return -11411 - i; -#endif /* HAVE_ED448_VERIFY */ - } - - ret = ed448_ctx_test(); - if (ret != 0) - return ret; - - ret = ed448ph_test(); - if (ret != 0) - return ret; - -#ifndef NO_ASN - /* Try ASN.1 encoded private-only key and public key. */ - idx = 0; - if (wc_Ed448PrivateKeyDecode(privateEd448, &idx, &key3, - sizeof(privateEd448)) != 0) - return -11421 - i; - - if (wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3, NULL, 0) - != BAD_FUNC_ARG) - return -11431 - i; - - idx = 0; - if (wc_Ed448PublicKeyDecode(publicEd448, &idx, &key3, - sizeof(publicEd448)) != 0) - return -11441 - i; - - if (wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3, NULL, 0) != 0) - return -11451 - i; - - if (XMEMCMP(out, sigs[0], SIGSZ)) - return -11461 - i; - -#if defined(HAVE_ED448_VERIFY) - /* test verify on good msg */ - if (wc_ed448_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, &key3, - NULL, 0) != 0 || verify != 1) - return -11471 - i; -#endif /* HAVE_ED448_VERIFY */ - - wc_ed448_free(&key3); - wc_ed448_init(&key3); - - idx = 0; - if (wc_Ed448PrivateKeyDecode(privPubEd448, &idx, &key3, - sizeof(privPubEd448)) != 0) - return -11481 - i; - - if (wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3, NULL, 0) != 0) - return -11491 - i; - - if (XMEMCMP(out, sigs[0], SIGSZ)) - return -11501 - i; - - wc_ed448_free(&key3); -#endif /* NO_ASN */ -#endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */ - - /* clean up keys when done */ - wc_ed448_free(&key); - wc_ed448_free(&key2); - -#if defined(HAVE_HASHDRBG) || defined(NO_RC4) - wc_FreeRng(&rng); -#endif - - /* hush warnings of unused keySz and sigSz */ - (void)keySz; - (void)sigSz; - -#ifdef WOLFSSL_TEST_CERT - ret = ed448_test_cert(); - if (ret < 0) - return ret; -#ifdef WOLFSSL_CERT_GEN - ret = ed448_test_make_cert(); - if (ret < 0) - return ret; -#endif /* WOLFSSL_CERT_GEN */ -#endif /* WOLFSSL_TEST_CERT */ - - return 0; -} -#endif /* HAVE_ED448 */ - -#if defined(WOLFSSL_CMAC) && !defined(NO_AES) - -typedef struct CMAC_Test_Case { - int type; - int partial; - const byte* m; - word32 mSz; - const byte* k; - word32 kSz; - const byte* t; - word32 tSz; -} CMAC_Test_Case; - -static int cmac_test(void) -{ -#ifdef WOLFSSL_AES_128 - const byte k128[] = - { - 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, - 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c - }; - #define KLEN_128 (sizeof(k128)) -#endif -#ifdef WOLFSSL_AES_192 - const byte k192[] = - { - 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, - 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, - 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b - }; - #define KLEN_192 (sizeof(k192)) -#endif -#ifdef WOLFSSL_AES_256 - const byte k256[] = - { - 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, - 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, - 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, - 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 - }; - #define KLEN_256 (sizeof(k256)) -#endif - - const byte m[] = - { - 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, - 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, - 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, - 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, - 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, - 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, - 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, - 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 - }; - #define MLEN_0 (0) - #define MLEN_128 (128/8) - #define MLEN_320 (320/8) - #define MLEN_319 (MLEN_320 - 1) - #define MLEN_512 (512/8) - -#ifdef WOLFSSL_AES_128 - const byte t128_0[] = - { - 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, - 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 - }; - const byte t128_128[] = - { - 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, - 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c - }; - const byte t128_319[] = - { - 0x2c, 0x17, 0x84, 0x4c, 0x93, 0x1c, 0x07, 0x95, - 0x15, 0x92, 0x73, 0x0a, 0x34, 0xd0, 0xd9, 0xd2 - }; - const byte t128_320[] = - { - 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30, - 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 - }; - const byte t128_512[] = - { - 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, - 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe - }; -#endif -#ifdef WOLFSSL_AES_192 - const byte t192_0[] = - { - 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5, - 0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67 - }; - const byte t192_128[] = - { - 0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90, - 0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84 - }; - const byte t192_320[] = - { - 0x8a, 0x1d, 0xe5, 0xbe, 0x2e, 0xb3, 0x1a, 0xad, - 0x08, 0x9a, 0x82, 0xe6, 0xee, 0x90, 0x8b, 0x0e - }; - const byte t192_512[] = - { - 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79, - 0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11 - }; -#endif -#ifdef WOLFSSL_AES_256 - const byte t256_0[] = - { - 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e, - 0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83 - }; - const byte t256_128[] = - { - 0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82, - 0xbd, 0x4b, 0xf2, 0x8d, 0x8c, 0x37, 0xc3, 0x5c - }; - const byte t256_320[] = - { - 0xaa, 0xf3, 0xd8, 0xf1, 0xde, 0x56, 0x40, 0xc2, - 0x32, 0xf5, 0xb1, 0x69, 0xb9, 0xc9, 0x11, 0xe6 - }; - const byte t256_512[] = - { - 0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5, - 0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10 - }; -#endif - const CMAC_Test_Case testCases[] = - { -#ifdef WOLFSSL_AES_128 - {WC_CMAC_AES, 0, m, MLEN_0, k128, KLEN_128, t128_0, AES_BLOCK_SIZE}, - {WC_CMAC_AES, 0, m, MLEN_128, k128, KLEN_128, t128_128, AES_BLOCK_SIZE}, - {WC_CMAC_AES, 0, m, MLEN_320, k128, KLEN_128, t128_320, AES_BLOCK_SIZE}, - {WC_CMAC_AES, 0, m, MLEN_512, k128, KLEN_128, t128_512, AES_BLOCK_SIZE}, - {WC_CMAC_AES, 5, m, MLEN_512, k128, KLEN_128, t128_512, AES_BLOCK_SIZE}, -#endif -#ifdef WOLFSSL_AES_192 - {WC_CMAC_AES, 0, m, MLEN_0, k192, KLEN_192, t192_0, AES_BLOCK_SIZE}, - {WC_CMAC_AES, 0, m, MLEN_128, k192, KLEN_192, t192_128, AES_BLOCK_SIZE}, - {WC_CMAC_AES, 0, m, MLEN_320, k192, KLEN_192, t192_320, AES_BLOCK_SIZE}, - {WC_CMAC_AES, 0, m, MLEN_512, k192, KLEN_192, t192_512, AES_BLOCK_SIZE}, -#endif -#ifdef WOLFSSL_AES_256 - {WC_CMAC_AES, 0, m, MLEN_0, k256, KLEN_256, t256_0, AES_BLOCK_SIZE}, - {WC_CMAC_AES, 0, m, MLEN_128, k256, KLEN_256, t256_128, AES_BLOCK_SIZE}, - {WC_CMAC_AES, 0, m, MLEN_320, k256, KLEN_256, t256_320, AES_BLOCK_SIZE}, - {WC_CMAC_AES, 0, m, MLEN_512, k256, KLEN_256, t256_512, AES_BLOCK_SIZE}, -#endif -#ifdef WOLFSSL_AES_128 - {WC_CMAC_AES, 0, m, MLEN_319, k128, KLEN_128, t128_319, AES_BLOCK_SIZE} -#endif - }; - - Cmac cmac; - byte tag[AES_BLOCK_SIZE]; - const CMAC_Test_Case* tc; - word32 i, tagSz; - - for (i = 0, tc = testCases; - i < sizeof(testCases)/sizeof(CMAC_Test_Case); - i++, tc++) { - - XMEMSET(tag, 0, sizeof(tag)); - tagSz = AES_BLOCK_SIZE; - if (wc_InitCmac(&cmac, tc->k, tc->kSz, tc->type, NULL) != 0) - return -11600; - if (tc->partial) { - if (wc_CmacUpdate(&cmac, tc->m, - tc->mSz/2 - tc->partial) != 0) - return -11601; - if (wc_CmacUpdate(&cmac, tc->m + tc->mSz/2 - tc->partial, - tc->mSz/2 + tc->partial) != 0) - return -11602; - } - else { - if (wc_CmacUpdate(&cmac, tc->m, tc->mSz) != 0) - return -11603; - } - if (wc_CmacFinal(&cmac, tag, &tagSz) != 0) - return -11604; - if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0) - return -11605; - - XMEMSET(tag, 0, sizeof(tag)); - tagSz = sizeof(tag); - if (wc_AesCmacGenerate(tag, &tagSz, tc->m, tc->mSz, - tc->k, tc->kSz) != 0) - return -11606; - if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0) - return -11607; - if (wc_AesCmacVerify(tc->t, tc->tSz, tc->m, tc->mSz, - tc->k, tc->kSz) != 0) - return -11608; - } - - return 0; -} - -#endif /* NO_AES && WOLFSSL_CMAC */ - -#ifdef HAVE_LIBZ - -const byte sample_text[] = - "Biodiesel cupidatat marfa, cliche aute put a bird on it incididunt elit\n" - "polaroid. Sunt tattooed bespoke reprehenderit. Sint twee organic id\n" - "marfa. Commodo veniam ad esse gastropub. 3 wolf moon sartorial vero,\n" - "plaid delectus biodiesel squid +1 vice. Post-ironic keffiyeh leggings\n" - "selfies cray fap hoodie, forage anim. Carles cupidatat shoreditch, VHS\n" - "small batch meggings kogi dolore food truck bespoke gastropub.\n" - "\n" - "Terry richardson adipisicing actually typewriter tumblr, twee whatever\n" - "four loko you probably haven't heard of them high life. Messenger bag\n" - "whatever tattooed deep v mlkshk. Brooklyn pinterest assumenda chillwave\n" - "et, banksy ullamco messenger bag umami pariatur direct trade forage.\n" - "Typewriter culpa try-hard, pariatur sint brooklyn meggings. Gentrify\n" - "food truck next level, tousled irony non semiotics PBR ethical anim cred\n" - "readymade. Mumblecore brunch lomo odd future, portland organic terry\n" - "richardson elit leggings adipisicing ennui raw denim banjo hella. Godard\n" - "mixtape polaroid, pork belly readymade organic cray typewriter helvetica\n" - "four loko whatever street art yr farm-to-table.\n" - "\n" - "Vinyl keytar vice tofu. Locavore you probably haven't heard of them pug\n" - "pickled, hella tonx labore truffaut DIY mlkshk elit cosby sweater sint\n" - "et mumblecore. Elit swag semiotics, reprehenderit DIY sartorial nisi ugh\n" - "nesciunt pug pork belly wayfarers selfies delectus. Ethical hoodie\n" - "seitan fingerstache kale chips. Terry richardson artisan williamsburg,\n" - "eiusmod fanny pack irony tonx ennui lo-fi incididunt tofu YOLO\n" - "readymade. 8-bit sed ethnic beard officia. Pour-over iphone DIY butcher,\n" - "ethnic art party qui letterpress nisi proident jean shorts mlkshk\n" - "locavore.\n" - "\n" - "Narwhal flexitarian letterpress, do gluten-free voluptate next level\n" - "banh mi tonx incididunt carles DIY. Odd future nulla 8-bit beard ut\n" - "cillum pickled velit, YOLO officia you probably haven't heard of them\n" - "trust fund gastropub. Nisi adipisicing tattooed, Austin mlkshk 90's\n" - "small batch american apparel. Put a bird on it cosby sweater before they\n" - "sold out pork belly kogi hella. Street art mollit sustainable polaroid,\n" - "DIY ethnic ea pug beard dreamcatcher cosby sweater magna scenester nisi.\n" - "Sed pork belly skateboard mollit, labore proident eiusmod. Sriracha\n" - "excepteur cosby sweater, anim deserunt laborum eu aliquip ethical et\n" - "neutra PBR selvage.\n" - "\n" - "Raw denim pork belly truffaut, irony plaid sustainable put a bird on it\n" - "next level jean shorts exercitation. Hashtag keytar whatever, nihil\n" - "authentic aliquip disrupt laborum. Tattooed selfies deserunt trust fund\n" - "wayfarers. 3 wolf moon synth church-key sartorial, gastropub leggings\n" - "tattooed. Labore high life commodo, meggings raw denim fingerstache pug\n" - "trust fund leggings seitan forage. Nostrud ullamco duis, reprehenderit\n" - "incididunt flannel sustainable helvetica pork belly pug banksy you\n" - "probably haven't heard of them nesciunt farm-to-table. Disrupt nostrud\n" - "mollit magna, sriracha sartorial helvetica.\n" - "\n" - "Nulla kogi reprehenderit, skateboard sustainable duis adipisicing viral\n" - "ad fanny pack salvia. Fanny pack trust fund you probably haven't heard\n" - "of them YOLO vice nihil. Keffiyeh cray lo-fi pinterest cardigan aliqua,\n" - "reprehenderit aute. Culpa tousled williamsburg, marfa lomo actually anim\n" - "skateboard. Iphone aliqua ugh, semiotics pariatur vero readymade\n" - "organic. Marfa squid nulla, in laborum disrupt laboris irure gastropub.\n" - "Veniam sunt food truck leggings, sint vinyl fap.\n" - "\n" - "Hella dolore pork belly, truffaut carles you probably haven't heard of\n" - "them PBR helvetica in sapiente. Fashion axe ugh bushwick american\n" - "apparel. Fingerstache sed iphone, jean shorts blue bottle nisi bushwick\n" - "flexitarian officia veniam plaid bespoke fap YOLO lo-fi. Blog\n" - "letterpress mumblecore, food truck id cray brooklyn cillum ad sed.\n" - "Assumenda chambray wayfarers vinyl mixtape sustainable. VHS vinyl\n" - "delectus, culpa williamsburg polaroid cliche swag church-key synth kogi\n" - "magna pop-up literally. Swag thundercats ennui shoreditch vegan\n" - "pitchfork neutra truffaut etsy, sed single-origin coffee craft beer.\n" - "\n" - "Odio letterpress brooklyn elit. Nulla single-origin coffee in occaecat\n" - "meggings. Irony meggings 8-bit, chillwave lo-fi adipisicing cred\n" - "dreamcatcher veniam. Put a bird on it irony umami, trust fund bushwick\n" - "locavore kale chips. Sriracha swag thundercats, chillwave disrupt\n" - "tousled beard mollit mustache leggings portland next level. Nihil esse\n" - "est, skateboard art party etsy thundercats sed dreamcatcher ut iphone\n" - "swag consectetur et. Irure skateboard banjo, nulla deserunt messenger\n" - "bag dolor terry richardson sapiente.\n"; - -const byte sample_text_gz[] = { - 0x1F, 0x8B, 0x08, 0x08, 0xC5, 0x49, 0xB5, 0x5B, 0x00, 0x03, 0x63, 0x69, 0x70, - 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x2E, 0x74, 0x78, 0x74, 0x00, 0x8D, - 0x58, 0xCB, 0x92, 0xE4, 0xB6, 0x11, 0xBC, 0xE3, 0x2B, 0xEA, 0xA6, 0x83, 0xD9, - 0x1D, 0x72, 0xF8, 0x22, 0x1F, 0xB5, 0x96, 0xA5, 0xDD, 0x90, 0xBC, 0xAB, 0xD0, - 0x28, 0x36, 0x42, 0x47, 0x90, 0x2C, 0x36, 0xA1, 0x06, 0x09, 0x0A, 0x8F, 0xEE, - 0xE1, 0xDF, 0x3B, 0x0B, 0xE0, 0x73, 0x2C, 0x4B, 0xBA, 0xCD, 0xCE, 0x80, 0x78, - 0x64, 0x65, 0x65, 0x66, 0xED, 0x3B, 0xE3, 0x5A, 0xC3, 0x81, 0x2D, 0x35, 0x69, - 0x32, 0xAD, 0x8E, 0x3A, 0xD2, 0xA0, 0x7D, 0xA7, 0x2B, 0x6A, 0xAC, 0x69, 0x7A, - 0x26, 0x9D, 0x22, 0xD3, 0x94, 0x22, 0x69, 0xAA, 0x8D, 0x6F, 0xC9, 0x8D, 0x64, - 0x22, 0x99, 0xB1, 0x31, 0xAD, 0x69, 0xD3, 0x18, 0x89, 0xAD, 0x89, 0x6A, 0x72, - 0x56, 0x7B, 0x67, 0xDA, 0x2B, 0xBD, 0xC8, 0xEF, 0xB0, 0x4D, 0x74, 0x8E, 0x5B, - 0xAA, 0x39, 0x4C, 0xEE, 0xCE, 0xE4, 0x79, 0xF2, 0xDC, 0xF3, 0xD8, 0xB2, 0x37, - 0x11, 0x8B, 0x8C, 0x2C, 0x7A, 0x32, 0x93, 0xF3, 0x37, 0x3D, 0x9A, 0x86, 0x4C, - 0xAB, 0xF2, 0xB9, 0x57, 0xFA, 0x97, 0x1B, 0x06, 0xD7, 0x3A, 0x7A, 0xF0, 0x68, - 0xF4, 0x40, 0xBA, 0x25, 0x0E, 0x81, 0xE9, 0xA6, 0x43, 0xF4, 0x6E, 0x4A, 0xF5, - 0x95, 0xFE, 0x41, 0x4F, 0x67, 0x3B, 0x1A, 0x1C, 0xEE, 0x12, 0xB4, 0x8F, 0xCE, - 0x1B, 0x6D, 0xB1, 0xDE, 0xBB, 0x4A, 0x4D, 0x56, 0x9B, 0x96, 0x5A, 0xB6, 0xDC, - 0xC4, 0x14, 0x70, 0xE5, 0xF5, 0x7D, 0xE1, 0xB7, 0x84, 0x3F, 0xFC, 0xED, 0xEF, - 0xF4, 0x30, 0x0D, 0x5F, 0xE9, 0x47, 0x17, 0xE2, 0xC5, 0x78, 0x27, 0x67, 0xDF, - 0xB9, 0xEB, 0xCC, 0xCC, 0x3D, 0x59, 0xBE, 0xDD, 0xCC, 0x78, 0x0B, 0x0A, 0x1F, - 0x74, 0xF8, 0x8C, 0x1A, 0xAF, 0x67, 0xEA, 0xF4, 0x44, 0xBD, 0x93, 0x7D, 0x2A, - 0xEA, 0x9C, 0xD7, 0x37, 0x80, 0x32, 0x9A, 0x01, 0x37, 0xD5, 0xDE, 0xCA, 0xA2, - 0x0D, 0xB9, 0xD0, 0x3B, 0xCF, 0xAD, 0x89, 0x4D, 0x5F, 0xD1, 0xE7, 0xF7, 0x2F, - 0x2A, 0x0C, 0xDA, 0x5A, 0xAA, 0x35, 0x7E, 0x41, 0xC3, 0xB2, 0x37, 0xDD, 0xDD, - 0xCD, 0x50, 0xEB, 0x2C, 0x96, 0x62, 0x3B, 0xD7, 0x52, 0xF4, 0xA9, 0xB9, 0x6F, - 0x48, 0xED, 0xEF, 0x54, 0xEA, 0x67, 0xF6, 0x7E, 0x26, 0x8F, 0x3A, 0x68, 0xDF, - 0x06, 0xBC, 0x56, 0xB7, 0x66, 0x32, 0xC1, 0x34, 0xD8, 0x88, 0x34, 0x1E, 0x88, - 0xED, 0x67, 0x8A, 0xF3, 0xC4, 0x4F, 0xC0, 0xCA, 0x9E, 0x62, 0x1A, 0x6A, 0xEB, - 0xAB, 0x02, 0xED, 0xB3, 0xD7, 0x91, 0x81, 0x8A, 0xEA, 0x5C, 0xF2, 0x64, 0xDD, - 0xDD, 0xD1, 0xEC, 0x12, 0x4D, 0xDE, 0xD5, 0xBA, 0xC6, 0x77, 0xBD, 0x06, 0xC4, - 0x5F, 0x44, 0xEA, 0x59, 0x4B, 0x5D, 0x3B, 0x8A, 0x3D, 0x0F, 0xD4, 0x9B, 0x1B, - 0x80, 0x30, 0x1D, 0x30, 0xFA, 0x8F, 0x00, 0x3F, 0xDE, 0xB0, 0x6F, 0xAD, 0x6F, - 0x6A, 0xDD, 0x6E, 0x2F, 0x6E, 0xCB, 0x3C, 0xD1, 0x83, 0x06, 0x7B, 0x0F, 0xFD, - 0xFD, 0x4A, 0xEF, 0xBC, 0x73, 0x77, 0x3B, 0x8F, 0x34, 0xA1, 0xBA, 0xEC, 0x39, - 0x80, 0x33, 0x21, 0xA4, 0x01, 0x55, 0xD7, 0xD4, 0xF4, 0xC6, 0xDA, 0x27, 0x4E, - 0x54, 0x1C, 0x2B, 0xEC, 0x37, 0xDE, 0xC3, 0x4C, 0xC9, 0x5A, 0x3D, 0x34, 0x0E, - 0xD8, 0x1C, 0x0E, 0xA2, 0x34, 0xE8, 0xC1, 0xD0, 0xA4, 0x51, 0xD5, 0x88, 0x8B, - 0xB7, 0xC6, 0xA3, 0x96, 0x40, 0x49, 0xB7, 0xBC, 0xE0, 0x7F, 0x55, 0x3F, 0xEF, - 0x6F, 0x6E, 0x92, 0x9D, 0x34, 0xFE, 0x3C, 0x5F, 0x04, 0xA5, 0x6A, 0xFF, 0x30, - 0x08, 0xC9, 0xEA, 0xF5, 0x52, 0x2B, 0xFE, 0x57, 0xFA, 0x8E, 0xC7, 0xE8, 0x4D, - 0x37, 0xAB, 0x03, 0xFA, 0x23, 0xBF, 0x46, 0x94, 0xFF, 0xC1, 0x16, 0xE0, 0xB9, - 0x14, 0x2C, 0x9E, 0x27, 0xEC, 0x98, 0x69, 0x14, 0x92, 0xF1, 0x60, 0x5C, 0x34, - 0x4D, 0xA0, 0x1F, 0xDF, 0xFD, 0x44, 0x1C, 0x7B, 0xD3, 0x80, 0x70, 0x42, 0x02, - 0x30, 0x84, 0x5B, 0xE5, 0x59, 0xB7, 0xF3, 0x80, 0xFB, 0x01, 0x33, 0xA9, 0x00, - 0x37, 0x52, 0xDC, 0xDA, 0xA7, 0x11, 0x85, 0xB7, 0x6E, 0x70, 0xE4, 0xDA, 0x96, - 0xBA, 0x84, 0x5B, 0x81, 0x43, 0x93, 0xF3, 0xD1, 0xEA, 0xB1, 0xDD, 0xB8, 0x1F, - 0xA5, 0xCC, 0xEA, 0x50, 0x66, 0x69, 0xA9, 0x8D, 0x8C, 0xA7, 0xA2, 0xF3, 0x38, - 0x26, 0x43, 0x5E, 0x3F, 0x01, 0xBE, 0x1C, 0x0F, 0x20, 0x7F, 0x75, 0xA8, 0x20, - 0x80, 0xC4, 0xC3, 0x5C, 0x8B, 0x0D, 0xD4, 0x60, 0x5E, 0xA3, 0x9E, 0xD0, 0xB4, - 0x4B, 0x4F, 0xE6, 0x13, 0x85, 0x60, 0x42, 0x96, 0xED, 0xAA, 0xDB, 0xE9, 0x99, - 0xE3, 0x07, 0x0E, 0x61, 0xB3, 0x07, 0xE3, 0xB1, 0xFA, 0xC0, 0x9B, 0xAD, 0xF6, - 0xE0, 0x26, 0x33, 0xEA, 0xEA, 0x23, 0xCD, 0x1E, 0x9D, 0xE1, 0x87, 0x4B, 0x74, - 0x97, 0x08, 0x3E, 0xA1, 0x28, 0xEA, 0xB3, 0x19, 0x67, 0x8B, 0x76, 0x9A, 0xA3, - 0xF6, 0xB9, 0xCF, 0x80, 0x65, 0x97, 0xAE, 0xF4, 0x83, 0x6B, 0xF4, 0x43, 0x20, - 0xF9, 0x0B, 0xFC, 0x9B, 0xD2, 0x4D, 0x4D, 0xA6, 0xB9, 0xA3, 0x02, 0x55, 0x79, - 0x18, 0x36, 0x19, 0x5F, 0xC9, 0xEA, 0x5A, 0x76, 0x40, 0xB9, 0xBA, 0x0E, 0x9A, - 0x44, 0xDF, 0x7C, 0xF8, 0x65, 0x61, 0x5E, 0x81, 0xAB, 0x71, 0xA1, 0x9E, 0x29, - 0x3C, 0x59, 0xCB, 0x23, 0xA4, 0xF6, 0x60, 0x1A, 0x0D, 0x5B, 0x39, 0xAE, 0xF4, - 0x6F, 0x59, 0x16, 0x9E, 0x60, 0xD8, 0x56, 0xCF, 0xEA, 0x2C, 0x4C, 0x79, 0xD3, - 0x5D, 0x51, 0x46, 0xA0, 0x4E, 0xE9, 0xD6, 0xAB, 0x91, 0x43, 0x63, 0x44, 0xD7, - 0x70, 0xB9, 0x23, 0x98, 0x4F, 0x3D, 0x03, 0x02, 0xF6, 0x81, 0x56, 0xC1, 0x58, - 0x85, 0x07, 0xA7, 0x2D, 0x2C, 0x29, 0xCA, 0x01, 0x45, 0x31, 0x51, 0x8F, 0xD4, - 0x19, 0xA1, 0x79, 0x88, 0x5A, 0xA4, 0xF5, 0xAE, 0x2D, 0x4B, 0x63, 0x4C, 0x58, - 0xFE, 0xBF, 0xAD, 0xEE, 0xA3, 0x09, 0xF8, 0xE2, 0x89, 0xBE, 0x81, 0x0E, 0x86, - 0x3A, 0xF9, 0x5B, 0xA5, 0xD8, 0xA4, 0x00, 0x75, 0x04, 0xF2, 0x23, 0xB8, 0x39, - 0x69, 0x50, 0xB7, 0xD0, 0x34, 0x63, 0x54, 0xD8, 0x61, 0xDD, 0xA5, 0x33, 0x47, - 0x85, 0x96, 0x22, 0xD0, 0x2F, 0x9F, 0x7E, 0xF8, 0x74, 0x24, 0xEA, 0x57, 0x97, - 0x5A, 0xE0, 0x00, 0xCF, 0xC1, 0x67, 0xE1, 0x41, 0xBD, 0x94, 0xA1, 0x03, 0xD3, - 0xB4, 0x08, 0x64, 0xF2, 0x17, 0x27, 0x35, 0x37, 0x53, 0xEF, 0x46, 0xCE, 0xD8, - 0xD4, 0x09, 0x52, 0xC6, 0x1E, 0xF7, 0x28, 0xDF, 0x08, 0x0F, 0xD0, 0x6F, 0x71, - 0xA6, 0xDF, 0xE4, 0x60, 0x8E, 0xC0, 0x1E, 0x78, 0x86, 0x50, 0xB0, 0x9B, 0x84, - 0x7E, 0xE8, 0x36, 0xFA, 0x95, 0xF1, 0x12, 0x51, 0xC7, 0x18, 0x96, 0xA2, 0x29, - 0xBB, 0x70, 0x02, 0xB4, 0xF9, 0xA8, 0x3D, 0x08, 0x66, 0xA9, 0xB3, 0xFC, 0x0A, - 0x94, 0x80, 0xFD, 0x78, 0xDC, 0xAB, 0x82, 0x5A, 0xD2, 0xCD, 0xC2, 0x87, 0xC6, - 0x4B, 0x07, 0xFA, 0xD1, 0xC3, 0xD9, 0x34, 0x41, 0x85, 0xF8, 0xD0, 0xB6, 0x0A, - 0x9D, 0x00, 0x91, 0x35, 0x05, 0x88, 0xC3, 0xE3, 0x9B, 0x22, 0xD2, 0xB8, 0xFD, - 0x95, 0x3E, 0x6D, 0x5D, 0x48, 0xA3, 0x68, 0xCF, 0x02, 0x42, 0x79, 0x79, 0x8A, - 0xAA, 0x01, 0xD6, 0x09, 0x14, 0x2C, 0xF4, 0x83, 0xA3, 0x80, 0x31, 0x55, 0x46, - 0x6E, 0xC5, 0xE5, 0x2F, 0x30, 0x58, 0x81, 0xA2, 0x90, 0xBE, 0x2E, 0xA1, 0xC3, - 0x0F, 0xA6, 0xF5, 0x51, 0x00, 0x39, 0xB6, 0xF2, 0x2A, 0xA3, 0x15, 0x7D, 0x8D, - 0xF5, 0x66, 0x5C, 0xD9, 0xFC, 0xCF, 0x2F, 0xBF, 0x08, 0x27, 0xE7, 0xD0, 0x03, - 0xB8, 0xD9, 0x00, 0x13, 0x3D, 0x01, 0x6B, 0xB6, 0xA8, 0xCD, 0x5B, 0x3B, 0x3E, - 0x93, 0xBF, 0xE6, 0x2E, 0xB7, 0x4A, 0xCF, 0xB3, 0x0A, 0xCE, 0x62, 0x11, 0xD6, - 0x1F, 0x68, 0x9B, 0x1D, 0x68, 0xD1, 0x8C, 0x97, 0xBD, 0xA1, 0x07, 0x67, 0x73, - 0x87, 0xE0, 0x36, 0xDA, 0x8C, 0xD2, 0xD2, 0xBB, 0x84, 0x28, 0xA9, 0xFE, 0x52, - 0x74, 0xD6, 0xB9, 0x0F, 0x0A, 0x6A, 0x2D, 0x28, 0x35, 0x34, 0x3A, 0xD3, 0xE2, - 0xCD, 0x35, 0x06, 0x7D, 0x1B, 0x35, 0x85, 0x86, 0xD1, 0x3E, 0xF2, 0x6F, 0xA1, - 0xC4, 0x55, 0xBD, 0x00, 0xD8, 0xC3, 0x5D, 0xC2, 0x1D, 0x6B, 0x6B, 0x27, 0x5B, - 0x95, 0xF3, 0xAB, 0xB5, 0xD3, 0x37, 0xF2, 0x2C, 0x9C, 0xC7, 0x5D, 0xBD, 0xF1, - 0x68, 0x1C, 0xAD, 0xF8, 0xB5, 0xE1, 0x29, 0x72, 0x7A, 0x73, 0x62, 0x55, 0x24, - 0xB9, 0x85, 0xDF, 0x7B, 0x29, 0x7D, 0xDE, 0x08, 0xF5, 0xE4, 0x44, 0xDA, 0x1A, - 0x30, 0x74, 0xDA, 0xB4, 0x9B, 0x23, 0x9A, 0x3A, 0xC1, 0x53, 0xB2, 0xA2, 0xA3, - 0x7B, 0x1F, 0xD9, 0x56, 0xD4, 0x4F, 0x9B, 0xB2, 0x1E, 0xEE, 0xB8, 0x6A, 0x4E, - 0xB5, 0xF4, 0x5A, 0xC9, 0x18, 0x27, 0x9C, 0xDE, 0x14, 0x44, 0xED, 0xC4, 0x3C, - 0x71, 0x9F, 0x5F, 0xD9, 0x37, 0xA0, 0x78, 0x34, 0x6E, 0xBC, 0xD2, 0x7B, 0x1D, - 0xFA, 0x08, 0x39, 0x5A, 0x04, 0x73, 0x15, 0xD9, 0x0A, 0x48, 0xC1, 0x2D, 0x15, - 0x4E, 0x84, 0x30, 0x45, 0x69, 0xB3, 0xE5, 0xF6, 0xAD, 0x09, 0x1E, 0xCC, 0x5F, - 0x1F, 0x06, 0xD5, 0x58, 0xAD, 0x78, 0xD7, 0x9F, 0xE5, 0xED, 0x3B, 0x09, 0xD5, - 0xA6, 0x52, 0x6F, 0x92, 0xD3, 0x3C, 0xC6, 0x1E, 0xF2, 0x93, 0x7C, 0xD3, 0x5F, - 0x70, 0x85, 0x5D, 0xF8, 0xAA, 0x9D, 0xB7, 0x7B, 0x24, 0x5A, 0xE9, 0x0A, 0x35, - 0x2F, 0xF5, 0xD9, 0x82, 0x02, 0x8A, 0x90, 0x13, 0x5B, 0xB5, 0x67, 0x9C, 0xDD, - 0xA0, 0x4E, 0x82, 0x27, 0xDA, 0x7E, 0xE8, 0x8E, 0xCD, 0xE1, 0x56, 0x71, 0x2C, - 0xE6, 0x4E, 0x1F, 0x91, 0xCD, 0x7C, 0x6A, 0xB7, 0x78, 0xD0, 0x26, 0xF3, 0x56, - 0xA9, 0xD5, 0xA1, 0xC3, 0x3B, 0x98, 0xE9, 0x28, 0x09, 0xEF, 0x50, 0x90, 0xCD, - 0xC4, 0x8E, 0x75, 0xCC, 0xAC, 0x2D, 0xC9, 0x03, 0x6D, 0xAC, 0xFE, 0xC4, 0x88, - 0x36, 0xD1, 0x3F, 0xBB, 0x1C, 0x7D, 0xB3, 0x14, 0x61, 0x2C, 0xB7, 0x54, 0x4B, - 0xDB, 0x64, 0xB6, 0x57, 0x14, 0x16, 0x8E, 0x1E, 0x6C, 0x64, 0xBB, 0x8B, 0x48, - 0x5D, 0x96, 0x9D, 0xDC, 0x80, 0xA7, 0xF7, 0x54, 0xC7, 0x46, 0x38, 0x3E, 0x44, - 0xDE, 0x7E, 0x92, 0x8D, 0x07, 0xF6, 0x07, 0x37, 0x4E, 0x16, 0x10, 0xB4, 0x7D, - 0x88, 0x66, 0x7F, 0xBB, 0xFF, 0xEA, 0x00, 0xF3, 0xFF, 0x97, 0x2C, 0xB5, 0xBE, - 0x35, 0x4B, 0x5C, 0x36, 0xEC, 0x4C, 0xBD, 0x2B, 0x7D, 0xBF, 0x46, 0xE2, 0x9C, - 0x0E, 0x8A, 0xA3, 0xEC, 0xB1, 0x0E, 0x9A, 0xDA, 0x9A, 0x9B, 0x28, 0x92, 0x10, - 0x53, 0x57, 0xEA, 0xEC, 0xA2, 0x32, 0x32, 0x20, 0x1D, 0x97, 0x5C, 0xB6, 0x84, - 0xA9, 0x93, 0x8D, 0x95, 0x11, 0xA3, 0x24, 0xA3, 0x2D, 0xC6, 0x4A, 0xEF, 0xAA, - 0x1D, 0x85, 0x2B, 0x7D, 0x28, 0xBE, 0x53, 0xCE, 0x10, 0x1F, 0xAE, 0x0E, 0x41, - 0x6C, 0x4B, 0x79, 0x12, 0xFB, 0xF7, 0x54, 0xA3, 0x96, 0x54, 0x83, 0x20, 0x96, - 0x8F, 0x28, 0xA9, 0x3F, 0x8B, 0x3D, 0xBA, 0x77, 0xDC, 0x24, 0xE1, 0xD4, 0x49, - 0x40, 0xD8, 0x78, 0x31, 0x85, 0x43, 0xF6, 0xFE, 0x5C, 0xA6, 0x8F, 0x90, 0x09, - 0xB0, 0xE7, 0xC4, 0x95, 0xB2, 0x55, 0x49, 0x97, 0x8F, 0x1C, 0x78, 0x30, 0x20, - 0xA0, 0xB4, 0xEF, 0x73, 0x56, 0x59, 0x82, 0xFD, 0xCE, 0xBA, 0x6A, 0x8F, 0x2C, - 0x8B, 0x15, 0xFD, 0xA1, 0x85, 0xA8, 0x5C, 0x0F, 0x11, 0xA5, 0x9D, 0xC2, 0x46, - 0xC6, 0x9C, 0xC9, 0x40, 0x0B, 0x58, 0x6A, 0x1C, 0x7A, 0x23, 0xF9, 0xE0, 0x95, - 0x05, 0x13, 0x58, 0x72, 0xE8, 0x9F, 0x30, 0xAC, 0xCD, 0x26, 0xD4, 0x66, 0x13, - 0xDF, 0x1E, 0x7B, 0x4F, 0x9C, 0xBE, 0x38, 0x79, 0x75, 0x92, 0xA4, 0xDA, 0x26, - 0x44, 0x55, 0x17, 0xA3, 0xE5, 0x62, 0xDA, 0xEB, 0x86, 0xEA, 0x68, 0xC7, 0xAB, - 0xFD, 0x2D, 0x43, 0x59, 0x51, 0xC0, 0x75, 0x64, 0x91, 0x01, 0x29, 0x33, 0x28, - 0xF3, 0x04, 0x83, 0x80, 0x75, 0x37, 0x75, 0x0C, 0x03, 0x7B, 0x0A, 0xAB, 0x8E, - 0x60, 0x62, 0x8B, 0x4C, 0xAF, 0x2D, 0xA3, 0x2F, 0xFE, 0xAB, 0x45, 0xCF, 0xDA, - 0xAB, 0xFA, 0xFA, 0x30, 0x3D, 0xE8, 0xA1, 0x96, 0xA5, 0x7B, 0xE2, 0x2A, 0xD0, - 0xAF, 0x59, 0xF7, 0xD0, 0x32, 0x57, 0x19, 0xBD, 0xCA, 0x9F, 0xD5, 0x1A, 0xC7, - 0xAA, 0x65, 0x4A, 0x38, 0xB2, 0x70, 0x33, 0xB7, 0x75, 0xD2, 0xCD, 0xD1, 0xF0, - 0xA8, 0x87, 0x59, 0x20, 0xA5, 0x57, 0x55, 0xB1, 0xB2, 0xC9, 0x4D, 0x97, 0x34, - 0x41, 0xF3, 0xF0, 0x30, 0xA1, 0x2C, 0x1C, 0x49, 0x3E, 0x89, 0x7D, 0x12, 0xE2, - 0xC3, 0x04, 0xC3, 0x92, 0xC0, 0xF6, 0x39, 0x10, 0x80, 0x81, 0x8F, 0x08, 0xB4, - 0xF8, 0xB9, 0x13, 0x4E, 0x2C, 0xAE, 0xB3, 0x71, 0x82, 0x63, 0x98, 0xAB, 0x5C, - 0x1C, 0x10, 0xEA, 0x66, 0xF9, 0x02, 0x3A, 0x82, 0x61, 0xD0, 0xD4, 0xAE, 0x43, - 0xD4, 0x01, 0x3E, 0x9D, 0x04, 0x14, 0xF6, 0x60, 0xD8, 0xA7, 0xD6, 0xB8, 0x53, - 0xC8, 0xDA, 0x80, 0x93, 0xA0, 0x02, 0xDD, 0xCC, 0xE2, 0xF2, 0xBB, 0xFB, 0xE0, - 0x27, 0xD7, 0x34, 0x9A, 0x71, 0x49, 0xB5, 0x4F, 0x42, 0x1F, 0xB2, 0x9D, 0x6D, - 0xAA, 0x9D, 0xD3, 0x50, 0xB5, 0x8F, 0x6A, 0x4B, 0xDF, 0x1F, 0xD5, 0x27, 0x8F, - 0x3B, 0x27, 0xCF, 0x2F, 0x8C, 0xF8, 0x9D, 0x4C, 0x52, 0xBC, 0x32, 0x0F, 0x73, - 0xD5, 0x51, 0x8E, 0x36, 0x7E, 0xAD, 0x09, 0xF0, 0x94, 0x83, 0x5F, 0x36, 0xFD, - 0x7C, 0x03, 0xED, 0xF1, 0x5E, 0x4B, 0xF7, 0xAA, 0x55, 0x5C, 0x4A, 0x14, 0x59, - 0x85, 0x38, 0x2D, 0x8C, 0xDF, 0xEC, 0x65, 0x1B, 0xB8, 0x76, 0x57, 0x96, 0x3C, - 0x86, 0xED, 0xF2, 0x7F, 0x2D, 0x28, 0x48, 0xDA, 0x49, 0x7F, 0xF7, 0x54, 0x2B, - 0xD5, 0x39, 0xD5, 0x57, 0x0A, 0x75, 0x7A, 0x3E, 0x5E, 0x5D, 0xBA, 0x4A, 0x15, - 0xFA, 0xB8, 0x31, 0x80, 0x71, 0x2C, 0xCA, 0xC4, 0x51, 0x10, 0x16, 0x5D, 0x39, - 0xEC, 0x9D, 0x07, 0xB6, 0x6A, 0x89, 0x9F, 0x9B, 0x5B, 0x6F, 0x03, 0xB0, 0x92, - 0x01, 0x38, 0x6B, 0x48, 0x99, 0x0A, 0x8F, 0x13, 0xC1, 0xA6, 0x01, 0xEA, 0xBF, - 0x6F, 0x86, 0x43, 0x51, 0xB6, 0x11, 0x00, 0x00 -}; - -static int compress_test(void) -{ - int ret = 0; - word32 dSz = sizeof(sample_text); - word32 cSz = (dSz + (word32)(dSz * 0.001) + 12); - byte *c; - byte *d; - - c = XMALLOC(cSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - d = XMALLOC(dSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (c == NULL || d == NULL) { - ERROR_OUT(-11700, exit); - } - - /* follow calloc and initialize to 0 */ - XMEMSET(c, 0, cSz); - XMEMSET(d, 0, dSz); - - if ((ret = wc_Compress(c, cSz, sample_text, dSz, 0)) < 0) { - ERROR_OUT(-11701, exit); - } - cSz = (word32)ret; - - if ((ret = wc_DeCompress(d, dSz, c, cSz)) != (int)dSz) { - ERROR_OUT(-11702, exit); - } - - if (XMEMCMP(d, sample_text, dSz) != 0) { - ERROR_OUT(-11703, exit); - } - - /* GZIP tests */ - cSz = (dSz + (word32)(dSz * 0.001) + 12); /* reset cSz */ - XMEMSET(c, 0, cSz); - XMEMSET(d, 0, dSz); - - ret = wc_Compress_ex(c, cSz, sample_text, dSz, 0, LIBZ_WINBITS_GZIP); - if (ret < 0) { - ERROR_OUT(-11704, exit); - } - cSz = (word32)ret; - - ret = wc_DeCompress_ex(d, dSz, c, cSz, LIBZ_WINBITS_GZIP); - if (ret < 0) { - ERROR_OUT(-11705, exit); - } - - if (XMEMCMP(d, sample_text, dSz) != 0) { - ERROR_OUT(-11706, exit); - } - - /* Try with gzip generated output */ - XMEMSET(d, 0, dSz); - ret = wc_DeCompress_ex(d, dSz, sample_text_gz, sizeof(sample_text_gz), - LIBZ_WINBITS_GZIP); - if (ret < 0) { - ERROR_OUT(-11707, exit); - } - dSz = (word32)ret; - - if (XMEMCMP(d, sample_text, dSz) != 0) { - ERROR_OUT(-11708, exit); - } - - ret = 0; /* success */ - -exit: - if (c) XFREE(c, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (d) XFREE(d, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - - return ret; -} - -#endif /* HAVE_LIBZ */ - -#ifdef HAVE_PKCS7 - -/* External Debugging/Testing Note: - * - * PKCS#7 test functions can output generated PKCS#7/CMS bundles for - * additional testing. To dump bundles to files DER encoded files, please - * define: - * - * #define PKCS7_OUTPUT_TEST_BUNDLES - */ - - -/* Loads certs and keys for use with PKCS7 tests, from either files - * or buffers. - * - * rsaClientCertBuf - output buffer for RSA client cert - * rsaClientCertBufSz - IN/OUT size of output buffer, size of RSA client cert - * rsaClientPrivKeyBuf - output buffer for RSA client private key - * rsaClientPrivKeyBufSz - IN/OUT size of output buffer, size of RSA client key - * - * rsaServerCertBuf - output buffer for RSA server cert - * rsaServerCertBufSz - IN/OUT size of output buffer, size of RSA server cert - * rsaServerPrivKeyBuf - output buffer for RSA server private key - * rsaServerPrivKeyBufSz - IN/OUT size of output buffer, size of RSA server key - * - * rsaCaCertBuf - output buffer for RSA CA cert - * rsaCaCertBufSz - IN/OUT size of output buffer, size of RSA ca cert - * rsaCaPrivKeyBuf - output buffer for RSA CA private key - * rsaCaPrivKeyBufSz - IN/OUT size of output buffer, size of RSA CA key - * - * eccClientCertBuf - output buffer for ECC cert - * eccClientCertBufSz - IN/OUT size of output buffer, size of ECC cert - * eccClientPrivKeyBuf - output buffer for ECC private key - * eccClientPrivKeyBufSz - IN/OUT size of output buffer, size of ECC private key - * - * Returns 0 on success, negative on error - */ -static int pkcs7_load_certs_keys( - byte* rsaClientCertBuf, word32* rsaClientCertBufSz, - byte* rsaClientPrivKeyBuf, word32* rsaClientPrivKeyBufSz, - byte* rsaServerCertBuf, word32* rsaServerCertBufSz, - byte* rsaServerPrivKeyBuf, word32* rsaServerPrivKeyBufSz, - byte* rsaCaCertBuf, word32* rsaCaCertBufSz, - byte* rsaCaPrivKeyBuf, word32* rsaCaPrivKeyBufSz, - byte* eccClientCertBuf, word32* eccClientCertBufSz, - byte* eccClientPrivKeyBuf, word32* eccClientPrivKeyBufSz) -{ -#ifndef NO_FILESYSTEM - XFILE certFile; - XFILE keyFile; - - (void)certFile; - (void)keyFile; -#endif - -#ifndef NO_RSA - if (rsaClientCertBuf == NULL || rsaClientCertBufSz == NULL || - rsaClientPrivKeyBuf == NULL || rsaClientPrivKeyBufSz == NULL) - return BAD_FUNC_ARG; -#endif - -#ifdef HAVE_ECC - if (eccClientCertBuf == NULL || eccClientCertBufSz == NULL || - eccClientPrivKeyBuf == NULL || eccClientPrivKeyBufSz == NULL) - return BAD_FUNC_ARG; -#endif - -/* RSA */ -#ifndef NO_RSA - -#ifdef USE_CERT_BUFFERS_1024 - if (*rsaClientCertBufSz < (word32)sizeof_client_cert_der_1024) - return -11709; - - XMEMCPY(rsaClientCertBuf, client_cert_der_1024, - sizeof_client_cert_der_1024); - *rsaClientCertBufSz = sizeof_client_cert_der_1024; - - if (rsaServerCertBuf != NULL) { - if (*rsaServerCertBufSz < (word32)sizeof_server_cert_der_1024) - return -11710; - - XMEMCPY(rsaServerCertBuf, server_cert_der_1024, - sizeof_server_cert_der_1024); - *rsaServerCertBufSz = sizeof_server_cert_der_1024; - } - - if (rsaCaCertBuf != NULL) { - if (*rsaCaCertBufSz < (word32)sizeof_ca_cert_der_1024) - return -11711; - - XMEMCPY(rsaCaCertBuf, ca_cert_der_1024, sizeof_ca_cert_der_1024); - *rsaCaCertBufSz = sizeof_ca_cert_der_1024; - } -#elif defined(USE_CERT_BUFFERS_2048) - if (*rsaClientCertBufSz < (word32)sizeof_client_cert_der_2048) - return -11712; - - XMEMCPY(rsaClientCertBuf, client_cert_der_2048, - sizeof_client_cert_der_2048); - *rsaClientCertBufSz = sizeof_client_cert_der_2048; - - if (rsaServerCertBuf != NULL) { - if (*rsaServerCertBufSz < (word32)sizeof_server_cert_der_2048) - return -11713; - - XMEMCPY(rsaServerCertBuf, server_cert_der_2048, - sizeof_server_cert_der_2048); - *rsaServerCertBufSz = sizeof_server_cert_der_2048; - } - - if (rsaCaCertBuf != NULL) { - if (*rsaCaCertBufSz < (word32)sizeof_ca_cert_der_2048) - return -11714; - - XMEMCPY(rsaCaCertBuf, ca_cert_der_2048, sizeof_ca_cert_der_2048); - *rsaCaCertBufSz = sizeof_ca_cert_der_2048; - } -#else - certFile = XFOPEN(clientCert, "rb"); - if (!certFile) - return -11715; - - *rsaClientCertBufSz = (word32)XFREAD(rsaClientCertBuf, 1, - *rsaClientCertBufSz, certFile); - XFCLOSE(certFile); - - if (rsaServerCertBuf != NULL) { - certFile = XFOPEN(rsaServerCertDerFile, "rb"); - if (!certFile) - return -11716; - - *rsaServerCertBufSz = (word32)XFREAD(rsaServerCertBuf, 1, - *rsaServerCertBufSz, certFile); - XFCLOSE(certFile); - } - - if (rsaCaCertBuf != NULL) { - certFile = XFOPEN(rsaCaCertDerFile, "rb"); - if (!certFile) - return -11717; - - *rsaCaCertBufSz = (word32)XFREAD(rsaCaCertBuf, 1, *rsaCaCertBufSz, - certFile); - XFCLOSE(certFile); - } -#endif - -#ifdef USE_CERT_BUFFERS_1024 - if (*rsaClientPrivKeyBufSz < (word32)sizeof_client_key_der_1024) - return -11718; - - XMEMCPY(rsaClientPrivKeyBuf, client_key_der_1024, - sizeof_client_key_der_1024); - *rsaClientPrivKeyBufSz = sizeof_client_key_der_1024; - - if (rsaServerPrivKeyBuf != NULL) { - if (*rsaServerPrivKeyBufSz < (word32)sizeof_server_key_der_1024) - return -11719; - - XMEMCPY(rsaServerPrivKeyBuf, server_key_der_1024, - sizeof_server_key_der_1024); - *rsaServerPrivKeyBufSz = sizeof_server_key_der_1024; - } - - if (rsaCaPrivKeyBuf != NULL) { - if (*rsaCaPrivKeyBufSz < (word32)sizeof_ca_key_der_1024) - return -11720; - - XMEMCPY(rsaCaPrivKeyBuf, ca_key_der_1024, sizeof_ca_key_der_1024); - *rsaCaPrivKeyBufSz = sizeof_ca_key_der_1024; - } -#elif defined(USE_CERT_BUFFERS_2048) - if (*rsaClientPrivKeyBufSz < (word32)sizeof_client_key_der_2048) - return -11721; - - XMEMCPY(rsaClientPrivKeyBuf, client_key_der_2048, - sizeof_client_key_der_2048); - *rsaClientPrivKeyBufSz = sizeof_client_key_der_2048; - - if (rsaServerPrivKeyBuf != NULL) { - if (*rsaServerPrivKeyBufSz < (word32)sizeof_server_key_der_2048) - return -11722; - - XMEMCPY(rsaServerPrivKeyBuf, server_key_der_2048, - sizeof_server_key_der_2048); - *rsaServerPrivKeyBufSz = sizeof_server_key_der_2048; - } - - if (rsaCaPrivKeyBuf != NULL) { - if (*rsaCaPrivKeyBufSz < (word32)sizeof_ca_key_der_2048) - return -11723; - - XMEMCPY(rsaCaPrivKeyBuf, ca_key_der_2048, sizeof_ca_key_der_2048); - *rsaCaPrivKeyBufSz = sizeof_ca_key_der_2048; - } -#else - keyFile = XFOPEN(clientKey, "rb"); - if (!keyFile) - return -11724; - - *rsaClientPrivKeyBufSz = (word32)XFREAD(rsaClientPrivKeyBuf, 1, - *rsaClientPrivKeyBufSz, keyFile); - XFCLOSE(keyFile); - - if (rsaServerPrivKeyBuf != NULL) { - keyFile = XFOPEN(rsaServerKeyDerFile, "rb"); - if (!keyFile) - return -11725; - - *rsaServerPrivKeyBufSz = (word32)XFREAD(rsaServerPrivKeyBuf, 1, - *rsaServerPrivKeyBufSz, keyFile); - XFCLOSE(keyFile); - } - - if (rsaCaPrivKeyBuf != NULL) { - keyFile = XFOPEN(rsaCaKeyFile, "rb"); - if (!keyFile) - return -11726; - - *rsaCaPrivKeyBufSz = (word32)XFREAD(rsaCaPrivKeyBuf, 1, - *rsaCaPrivKeyBufSz, keyFile); - XFCLOSE(keyFile); - } -#endif /* USE_CERT_BUFFERS */ - -#endif /* NO_RSA */ - -/* ECC */ -#ifdef HAVE_ECC - -#ifdef USE_CERT_BUFFERS_256 - if (*eccClientCertBufSz < (word32)sizeof_cliecc_cert_der_256) - return -11727; - - XMEMCPY(eccClientCertBuf, cliecc_cert_der_256, sizeof_cliecc_cert_der_256); - *eccClientCertBufSz = sizeof_cliecc_cert_der_256; -#else - certFile = XFOPEN(eccClientCert, "rb"); - if (!certFile) - return -11728; - - *eccClientCertBufSz = (word32)XFREAD(eccClientCertBuf, 1, - *eccClientCertBufSz, certFile); - XFCLOSE(certFile); -#endif /* USE_CERT_BUFFERS_256 */ - -#ifdef USE_CERT_BUFFERS_256 - if (*eccClientPrivKeyBufSz < (word32)sizeof_ecc_clikey_der_256) - return -11729; - - XMEMCPY(eccClientPrivKeyBuf, ecc_clikey_der_256, sizeof_ecc_clikey_der_256); - *eccClientPrivKeyBufSz = sizeof_ecc_clikey_der_256; -#else - keyFile = XFOPEN(eccClientKey, "rb"); - if (!keyFile) - return -11730; - - *eccClientPrivKeyBufSz = (word32)XFREAD(eccClientPrivKeyBuf, 1, - *eccClientPrivKeyBufSz, keyFile); - XFCLOSE(keyFile); -#endif /* USE_CERT_BUFFERS_256 */ -#endif /* HAVE_ECC */ - -#ifdef NO_RSA - (void)rsaClientCertBuf; - (void)rsaClientCertBufSz; - (void)rsaClientPrivKeyBuf; - (void)rsaClientPrivKeyBufSz; - (void)rsaServerCertBuf; - (void)rsaServerCertBufSz; - (void)rsaServerPrivKeyBuf; - (void)rsaServerPrivKeyBufSz; - (void)rsaCaCertBuf; - (void)rsaCaCertBufSz; - (void)rsaCaPrivKeyBuf; - (void)rsaCaPrivKeyBufSz; -#endif -#ifndef HAVE_ECC - (void)eccClientCertBuf; - (void)eccClientCertBufSz; - (void)eccClientPrivKeyBuf; - (void)eccClientPrivKeyBufSz; -#endif -#ifndef NO_FILESYSTEM - (void)certFile; - (void)keyFile; -#endif - return 0; -} - - -typedef struct { - const byte* content; - word32 contentSz; - int contentOID; - int encryptOID; - int keyWrapOID; - int keyAgreeOID; - byte* cert; - size_t certSz; - byte* privateKey; - word32 privateKeySz; - byte* optionalUkm; - word32 optionalUkmSz; - int ktriOptions; /* KTRI options flags */ - int kariOptions; /* KARI options flags */ - - /* KEKRI specific */ - byte* secretKey; /* key, only for kekri RecipientInfo types */ - word32 secretKeySz; /* size of secretKey, bytes */ - byte* secretKeyId; /* key identifier */ - word32 secretKeyIdSz; /* size of key identifier, bytes */ - void* timePtr; /* time_t pointer */ - byte* otherAttrOID; /* OPTIONAL, other attribute OID */ - word32 otherAttrOIDSz; /* size of otherAttrOID, bytes */ - byte* otherAttr; /* OPTIONAL, other attribute, ASN.1 encoded */ - word32 otherAttrSz; /* size of otherAttr, bytes */ - int kekriOptions; /* KEKRI options flags */ - - /* PWRI specific */ - char* password; - word32 passwordSz; - byte* salt; - word32 saltSz; - int kdfOID; - int hashOID; - int kdfIterations; - int pwriOptions; /* PWRI options flags */ - - /* ORI specific */ - int isOri; - int oriOptions; /* ORI options flags */ - - const char* outFileName; -} pkcs7EnvelopedVector; - - -static const byte asnDataOid[] = { - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01 -}; - -/* ORI encrypt callback, responsible for encrypting content-encryption key (CEK) - * and giving wolfCrypt the value for oriOID and oriValue to place in - * OtherRecipientInfo. - * - * Returns 0 on success, negative upon error. */ -static int myOriEncryptCb(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* oriType, - word32* oriTypeSz, byte* oriValue, word32* oriValueSz, - void* ctx) -{ - int i; - - /* make sure buffers are large enough */ - if ((*oriValueSz < (2 + cekSz)) || (*oriTypeSz < sizeof(oriType))) - return -11731; - - /* our simple encryption algorithm will be take the bitwise complement */ - oriValue[0] = 0x04; /*ASN OCTET STRING */ - oriValue[1] = (byte)cekSz; /* length */ - for (i = 0; i < (int)cekSz; i++) { - oriValue[2 + i] = ~cek[i]; - } - *oriValueSz = 2 + cekSz; - - /* set oriType to ASN.1 encoded data OID */ - XMEMCPY(oriType, asnDataOid, sizeof(asnDataOid)); - *oriTypeSz = sizeof(asnDataOid); - - (void)pkcs7; - (void)ctx; - - return 0; -} - - -/* ORI decrypt callback, responsible for providing a decrypted content - * encryption key (CEK) placed into decryptedKey and size placed into - * decryptedKeySz. oriOID and oriValue are given to the callback to help - * in decrypting the encrypted CEK. - * - * Returns 0 on success, negative upon error. */ -static int myOriDecryptCb(PKCS7* pkcs7, byte* oriType, word32 oriTypeSz, - byte* oriValue, word32 oriValueSz, byte* decryptedKey, - word32* decryptedKeySz, void* ctx) -{ - int i; - - /* make sure oriType matches what we expect */ - if (oriTypeSz != sizeof(asnDataOid)) - return -11732; - - if (XMEMCMP(oriType, asnDataOid, sizeof(asnDataOid)) != 0) - return -11733; - - /* make sure decrypted buffer is large enough */ - if (*decryptedKeySz < oriValueSz) - return -11734; - - /* decrypt encrypted CEK using simple bitwise complement, - only for example */ - for (i = 0; i < (int)oriValueSz - 2; i++) { - decryptedKey[i] = ~oriValue[2 + i]; - } - - *decryptedKeySz = oriValueSz - 2; - - (void)pkcs7; - (void)ctx; - - return 0; -} - - -#ifndef NO_AES -/* returns 0 on success */ -static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz, - byte* aad, word32 aadSz, byte* authTag, word32 authTagSz, - byte* in, int inSz, byte* out, void* usrCtx) -{ - int keyId = -1, ret, keySz; - word32 keyIdSz = 8; - const byte* key; - byte keyIdRaw[8]; - Aes aes; - - /* looking for KEY ID - * fwDecryptKeyID OID "1.2.840.113549.1.9.16.2.37 - */ - const unsigned char OID[] = { - /* 0x06, 0x0B do not pass in tag and length */ - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, - 0x01, 0x09, 0x10, 0x02, 0x25 - }; - - const byte defKey[] = { - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 - }; - - const byte altKey[] = { - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 - }; - - /* test user context passed in */ - if (usrCtx == NULL || *(int*)usrCtx != 1) { - return -11735; - } - - /* if needing to find keyIdSz can call with NULL */ - ret = wc_PKCS7_GetAttributeValue(pkcs7, OID, sizeof(OID), NULL, - &keyIdSz); - if (ret != LENGTH_ONLY_E) { - printf("Unexpected error %d when getting keyIdSz\n", ret); - printf("Possibly no KEY ID attribute set\n"); - return -11736; - } - else { - XMEMSET(keyIdRaw, 0, sizeof(keyIdRaw)); - ret = wc_PKCS7_GetAttributeValue(pkcs7, OID, sizeof(OID), keyIdRaw, - &keyIdSz); - if (ret < 0) { - return ret; - } - - if (keyIdSz < 3) { - printf("keyIdSz is smaller than expected\n"); - return -11737; - } - if (keyIdSz > 2 + sizeof(int)) { - printf("example case was only expecting a keyId of int size\n"); - return -11738; - } - - /* keyIdRaw[0] OCTET TAG */ - /* keyIdRaw[1] Length */ -#ifdef BIG_ENDIAN_ORDER - if (keyIdRaw[1] == 0x01) { - keyId = 1; - } -#else - keyId = *(int*)(keyIdRaw + 2); -#endif - } - - - /* Use keyID here if found to select key and decrypt in HSM or in this - * example just select key and do software decryption */ - if (keyId == 1) { - key = altKey; - keySz = sizeof(altKey); - } - else { - key = defKey; - keySz = sizeof(defKey); - } - - switch (encryptOID) { - case AES256CBCb: - if ((keySz != 32 ) || (ivSz != AES_BLOCK_SIZE)) - return BAD_FUNC_ARG; - break; - - case AES128CBCb: - if ((keySz != 16 ) || (ivSz != AES_BLOCK_SIZE)) - return BAD_FUNC_ARG; - break; - - default: - printf("Unsupported content cipher type for example"); - return ALGO_ID_E; - }; - - ret = wc_AesInit(&aes, HEAP_HINT, INVALID_DEVID); - if (ret == 0) { - ret = wc_AesSetKey(&aes, key, keySz, iv, AES_DECRYPTION); - if (ret == 0) - ret = wc_AesCbcDecrypt(&aes, out, in, inSz); - wc_AesFree(&aes); - } - - (void)aad; - (void)aadSz; - (void)authTag; - (void)authTagSz; - return ret; -} -#endif /* NO_AES */ - - -#define PKCS7_BUF_SIZE 2048 - -static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, - byte* rsaPrivKey, word32 rsaPrivKeySz, - byte* eccCert, word32 eccCertSz, - byte* eccPrivKey, word32 eccPrivKeySz) -{ - int ret = 0, testSz, i; - int envelopedSz, decodedSz; - - byte *enveloped; - byte *decoded; - PKCS7* pkcs7; - WC_RNG rng; -#ifdef PKCS7_OUTPUT_TEST_BUNDLES - XFILE pkcs7File; -#endif - - const byte data[] = { /* Hello World */ - 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, - 0x72,0x6c,0x64 - }; - -#if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \ - defined(WOLFSSL_SHA512) - byte optionalUkm[] = { - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 - }; -#endif /* NO_AES */ - -#if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) - /* encryption key for kekri recipient types */ - byte secretKey[] = { - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 - }; - - /* encryption key identifier */ - byte secretKeyId[] = { - 0x02,0x02,0x03,0x04 - }; -#endif - -#if !defined(NO_PWDBASED) && !defined(NO_AES) && \ - !defined(NO_SHA) && defined(WOLFSSL_AES_128) - - #ifndef HAVE_FIPS - char password[] = "password"; /* NOTE: Password is too short for FIPS */ - #else - char password[] = "passwordFIPS_MODE"; - #endif - - byte salt[] = { - 0x12, 0x34, 0x56, 0x78, 0x78, 0x56, 0x34, 0x12 - }; -#endif - - const pkcs7EnvelopedVector testVectors[] = - { - /* key transport key encryption technique */ -#ifndef NO_RSA - #ifndef NO_DES3 - {data, (word32)sizeof(data), DATA, DES3b, 0, 0, rsaCert, rsaCertSz, - rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, - 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, - "pkcs7envelopedDataDES3.der"}, - #endif - - #ifndef NO_AES - #ifdef WOLFSSL_AES_128 - {data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, rsaCert, rsaCertSz, - rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, - 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, - "pkcs7envelopedDataAES128CBC.der"}, - #endif - #ifdef WOLFSSL_AES_192 - {data, (word32)sizeof(data), DATA, AES192CBCb, 0, 0, rsaCert, rsaCertSz, - rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, - 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, - "pkcs7envelopedDataAES192CBC.der"}, - #endif - #ifdef WOLFSSL_AES_256 - {data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz, - rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, - 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, - "pkcs7envelopedDataAES256CBC.der"}, - - /* explicitly using SKID for SubjectKeyIdentifier */ - {data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz, - rsaPrivKey, rsaPrivKeySz, NULL, 0, CMS_SKID, 0, NULL, 0, NULL, 0, NULL, - NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, - "pkcs7envelopedDataAES256CBC_SKID.der"}, - - /* explicitly using IssuerAndSerialNumber for SubjectKeyIdentifier */ - {data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz, - rsaPrivKey, rsaPrivKeySz, NULL, 0, CMS_ISSUER_AND_SERIAL_NUMBER, 0, - NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, - 0, 0, 0, 0, "pkcs7envelopedDataAES256CBC_IANDS.der"}, - #endif - #endif /* NO_AES */ -#endif - - /* key agreement key encryption technique*/ -#ifdef HAVE_ECC - #ifndef NO_AES - #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) - {data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP, - dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey, - eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, - 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, - "pkcs7envelopedDataAES128CBC_ECDH_SHA1KDF.der"}, - #endif - - #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256) - {data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP, - dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey, - eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, - 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, - "pkcs7envelopedDataAES256CBC_ECDH_SHA256KDF.der"}, - #endif /* NO_SHA256 && WOLFSSL_AES_256 */ - - #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_AES_256) - {data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP, - dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey, - eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, - 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, - "pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF.der"}, - - /* with optional user keying material (ukm) */ - {data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP, - dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey, - eccPrivKeySz, optionalUkm, sizeof(optionalUkm), 0, 0, NULL, 0, - NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, - "pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF_ukm.der"}, - #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */ - #endif /* NO_AES */ -#endif - - /* kekri (KEKRecipientInfo) recipient types */ -#ifndef NO_AES - #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) - {data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP, 0, - NULL, 0, NULL, 0, NULL, 0, 0, 0, secretKey, sizeof(secretKey), - secretKeyId, sizeof(secretKeyId), NULL, NULL, 0, NULL, 0, - 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, - "pkcs7envelopedDataAES128CBC_KEKRI.der"}, - #endif -#endif - - /* pwri (PasswordRecipientInfo) recipient types */ -#if !defined(NO_PWDBASED) && !defined(NO_AES) - #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) - {data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, - NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, - NULL, 0, NULL, NULL, 0, NULL, 0, 0, password, - (word32)XSTRLEN(password), salt, sizeof(salt), PBKDF2_OID, WC_SHA, 5, - 0, 0, 0, "pkcs7envelopedDataAES128CBC_PWRI.der"}, - #endif -#endif - -#if !defined(NO_AES) && !defined(NO_AES_128) - /* ori (OtherRecipientInfo) recipient types */ - {data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, NULL, 0, NULL, 0, - NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, - NULL, 0, 0, 0, 0, 0, 1, 0, "pkcs7envelopedDataAES128CBC_ORI.der"}, -#endif - }; - - enveloped = XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - decoded = XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if ((! enveloped) || (! decoded)) { - ret = MEMORY_E; - goto out; - } - - testSz = sizeof(testVectors) / sizeof(pkcs7EnvelopedVector); - -#ifdef ECC_TIMING_RESISTANT -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) { - ret = -11760; - goto out; - } -#endif - - for (i = 0; i < testSz; i++) { - pkcs7 = wc_PKCS7_New(HEAP_HINT, - #ifdef WOLFSSL_ASYNC_CRYPT - INVALID_DEVID /* async PKCS7 is not supported */ - #else - devId - #endif - ); - if (pkcs7 == NULL) { - ret = -11739; - goto out; - } - - if (testVectors[i].secretKey != NULL) { - /* KEKRI recipient type */ - - ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId); - if (ret != 0) { - ret = -11740; - goto out; - } - - pkcs7->content = (byte*)testVectors[i].content; - pkcs7->contentSz = testVectors[i].contentSz; - pkcs7->contentOID = testVectors[i].contentOID; - pkcs7->encryptOID = testVectors[i].encryptOID; - pkcs7->ukm = testVectors[i].optionalUkm; - pkcs7->ukmSz = testVectors[i].optionalUkmSz; - - ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, testVectors[i].keyWrapOID, - testVectors[i].secretKey, testVectors[i].secretKeySz, - testVectors[i].secretKeyId, testVectors[i].secretKeyIdSz, - testVectors[i].timePtr, testVectors[i].otherAttrOID, - testVectors[i].otherAttrOIDSz, testVectors[i].otherAttr, - testVectors[i].otherAttrSz, testVectors[i].kekriOptions); - - if (ret < 0) { - wc_PKCS7_Free(pkcs7); - ret = -11741; - goto out; - } - - /* set key, for decryption */ - ret = wc_PKCS7_SetKey(pkcs7, testVectors[i].secretKey, - testVectors[i].secretKeySz); - - if (ret != 0) { - wc_PKCS7_Free(pkcs7); - ret = -11742; - goto out; - } - - } else if (testVectors[i].password != NULL) { - #ifndef NO_PWDBASED - /* PWRI recipient type */ - - ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId); - if (ret != 0) { - ret = -11743; - goto out; - } - - pkcs7->content = (byte*)testVectors[i].content; - pkcs7->contentSz = testVectors[i].contentSz; - pkcs7->contentOID = testVectors[i].contentOID; - pkcs7->encryptOID = testVectors[i].encryptOID; - pkcs7->ukm = testVectors[i].optionalUkm; - pkcs7->ukmSz = testVectors[i].optionalUkmSz; - - ret = wc_PKCS7_AddRecipient_PWRI(pkcs7, - (byte*)testVectors[i].password, - testVectors[i].passwordSz, testVectors[i].salt, - testVectors[i].saltSz, testVectors[i].kdfOID, - testVectors[i].hashOID, testVectors[i].kdfIterations, - testVectors[i].encryptOID, testVectors[i].pwriOptions); - - if (ret < 0) { - wc_PKCS7_Free(pkcs7); - ret = -11744; - goto out; - } - - /* set password, for decryption */ - ret = wc_PKCS7_SetPassword(pkcs7, (byte*)testVectors[i].password, - testVectors[i].passwordSz); - - if (ret < 0) { - wc_PKCS7_Free(pkcs7); - ret = -11745; - goto out; - } - #endif /* NO_PWDBASED */ - - } else if (testVectors[i].isOri == 1) { - /* ORI recipient type */ - - ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId); - if (ret != 0) { - ret = -11746; - goto out; - } - - pkcs7->content = (byte*)testVectors[i].content; - pkcs7->contentSz = testVectors[i].contentSz; - pkcs7->contentOID = testVectors[i].contentOID; - pkcs7->encryptOID = testVectors[i].encryptOID; - - ret = wc_PKCS7_AddRecipient_ORI(pkcs7, myOriEncryptCb, - testVectors[i].oriOptions); - - if (ret < 0) { - wc_PKCS7_Free(pkcs7); - ret = -11747; - goto out; - } - - /* set decrypt callback for decryption */ - ret = wc_PKCS7_SetOriDecryptCb(pkcs7, myOriDecryptCb); - - if (ret < 0) { - wc_PKCS7_Free(pkcs7); - ret = -11748; - goto out; - } - - } else { - /* KTRI or KARI recipient types */ - - ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId); - if (ret != 0) { - ret = -11749; - goto out; - } - - ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert, - (word32)testVectors[i].certSz); - if (ret != 0) { - wc_PKCS7_Free(pkcs7); - ret = -11750; - goto out; - } - - pkcs7->keyWrapOID = testVectors[i].keyWrapOID; - pkcs7->keyAgreeOID = testVectors[i].keyAgreeOID; - pkcs7->privateKey = testVectors[i].privateKey; - pkcs7->privateKeySz = testVectors[i].privateKeySz; - pkcs7->content = (byte*)testVectors[i].content; - pkcs7->contentSz = testVectors[i].contentSz; - pkcs7->contentOID = testVectors[i].contentOID; - pkcs7->encryptOID = testVectors[i].encryptOID; - pkcs7->ukm = testVectors[i].optionalUkm; - pkcs7->ukmSz = testVectors[i].optionalUkmSz; - - /* set SubjectIdentifier type for KTRI types */ - if (testVectors[i].ktriOptions & CMS_SKID) { - - ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID); - if (ret != 0) { - wc_PKCS7_Free(pkcs7); - ret = -11751; - goto out; - } - } else if (testVectors[i].ktriOptions & - CMS_ISSUER_AND_SERIAL_NUMBER) { - - ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, - CMS_ISSUER_AND_SERIAL_NUMBER); - if (ret != 0) { - wc_PKCS7_Free(pkcs7); - ret = -11752; - goto out; - } - } - } - -#ifdef ECC_TIMING_RESISTANT - pkcs7->rng = &rng; -#endif - /* encode envelopedData */ - envelopedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, enveloped, - PKCS7_BUF_SIZE); - if (envelopedSz <= 0) { - wc_PKCS7_Free(pkcs7); - ret = -11753; - goto out; - } - - /* decode envelopedData */ - decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped, envelopedSz, - decoded, PKCS7_BUF_SIZE); - if (decodedSz <= 0) { - wc_PKCS7_Free(pkcs7); - ret = -11754; - goto out; - } - - /* test decode result */ - if (XMEMCMP(decoded, data, sizeof(data)) != 0){ - wc_PKCS7_Free(pkcs7); - ret = -11755; - goto out; - } - -#ifndef NO_PKCS7_STREAM - { /* test reading byte by byte */ - int z; - for (z = 0; z < envelopedSz; z++) { - decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped + z, 1, - decoded, PKCS7_BUF_SIZE); - if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) { - printf("unexpected error %d\n", decodedSz); - ret = -11756; - goto out; - } - } - /* test decode result */ - if (XMEMCMP(decoded, data, sizeof(data)) != 0) { - printf("stream read compare failed\n"); - wc_PKCS7_Free(pkcs7); - ret = -11757; - goto out; - } - } -#endif -#ifdef PKCS7_OUTPUT_TEST_BUNDLES - /* output pkcs7 envelopedData for external testing */ - pkcs7File = XFOPEN(testVectors[i].outFileName, "wb"); - if (!pkcs7File) { - wc_PKCS7_Free(pkcs7); - ret = -11758; - goto out; - } - - ret = (int)XFWRITE(enveloped, 1, envelopedSz, pkcs7File); - XFCLOSE(pkcs7File); - if (ret != envelopedSz) { - wc_PKCS7_Free(pkcs7); - ret -11759; - goto out; - } -#endif /* PKCS7_OUTPUT_TEST_BUNDLES */ - - wc_PKCS7_Free(pkcs7); - pkcs7 = NULL; - } - -#ifdef ECC_TIMING_RESISTANT - wc_FreeRng(&rng); -#endif - - (void)eccCert; - (void)eccCertSz; - (void)eccPrivKey; - (void)eccPrivKeySz; - (void)rsaCert; - (void)rsaCertSz; - (void)rsaPrivKey; - (void)rsaPrivKeySz; - - out: - if (enveloped) - XFREE(enveloped, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (decoded) - XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - - return ret; -} - - -static int pkcs7enveloped_test(void) -{ - int ret = 0; - - byte* rsaCert = NULL; - byte* rsaPrivKey = NULL; - word32 rsaCertSz = 0; - word32 rsaPrivKeySz = 0; - - byte* eccCert = NULL; - byte* eccPrivKey = NULL; - word32 eccCertSz = 0; - word32 eccPrivKeySz = 0; - -#ifndef NO_RSA - /* read client RSA cert and key in DER format */ - rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (rsaCert == NULL) - return -11800; - - rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (rsaPrivKey == NULL) { - XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -11801; - } - - rsaCertSz = FOURK_BUF; - rsaPrivKeySz = FOURK_BUF; -#endif /* NO_RSA */ - -#ifdef HAVE_ECC - /* read client ECC cert and key in DER format */ - eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (eccCert == NULL) { - #ifndef NO_RSA - XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - #endif - return -11802; - } - - eccPrivKey =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (eccPrivKey == NULL) { - #ifndef NO_RSA - XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - #endif - XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -11803; - } - - eccCertSz = FOURK_BUF; - eccPrivKeySz = FOURK_BUF; -#endif /* HAVE_ECC */ - - ret = pkcs7_load_certs_keys(rsaCert, &rsaCertSz, rsaPrivKey, - &rsaPrivKeySz, NULL, NULL, NULL, NULL, - NULL, NULL, NULL, NULL, eccCert, &eccCertSz, - eccPrivKey, &eccPrivKeySz); - if (ret < 0) { - #ifndef NO_RSA - XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - #endif - #ifdef HAVE_ECC - XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - #endif - return -11804; - } - - ret = pkcs7enveloped_run_vectors(rsaCert, (word32)rsaCertSz, - rsaPrivKey, (word32)rsaPrivKeySz, - eccCert, (word32)eccCertSz, - eccPrivKey, (word32)eccPrivKeySz); - -#ifndef NO_RSA - XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); -#endif -#ifdef HAVE_ECC - XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); -#endif - - return ret; -} - - -#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) - -typedef struct { - const byte* content; - word32 contentSz; - int contentOID; - int encryptOID; - int keyWrapOID; - int keyAgreeOID; - byte* cert; - size_t certSz; - byte* privateKey; - word32 privateKeySz; - PKCS7Attrib* authAttribs; - word32 authAttribsSz; - PKCS7Attrib* unauthAttribs; - word32 unauthAttribsSz; - - /* KARI / KTRI specific */ - byte* optionalUkm; - word32 optionalUkmSz; - int ktriOptions; /* KTRI options flags */ - int kariOptions; /* KARI options flags */ - - /* KEKRI specific */ - byte* secretKey; /* key, only for kekri RecipientInfo types */ - word32 secretKeySz; /* size of secretKey, bytes */ - byte* secretKeyId; /* key identifier */ - word32 secretKeyIdSz; /* size of key identifier, bytes */ - void* timePtr; /* time_t pointer */ - byte* otherAttrOID; /* OPTIONAL, other attribute OID */ - word32 otherAttrOIDSz; /* size of otherAttrOID, bytes */ - byte* otherAttr; /* OPTIONAL, other attribute, ASN.1 encoded */ - word32 otherAttrSz; /* size of otherAttr, bytes */ - int kekriOptions; /* KEKRI options flags */ - - /* PWRI specific */ - char* password; /* password */ - word32 passwordSz; /* password size, bytes */ - byte* salt; /* KDF salt */ - word32 saltSz; /* KDF salt size, bytes */ - int kdfOID; /* KDF OID */ - int hashOID; /* KDF hash algorithm OID */ - int kdfIterations; /* KDF iterations */ - int kekEncryptOID; /* KEK encryption algorithm OID */ - int pwriOptions; /* PWRI options flags */ - - /* ORI specific */ - int isOri; - int oriOptions; /* ORI options flags */ - - const char* outFileName; -} pkcs7AuthEnvelopedVector; - - -static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, - byte* rsaPrivKey, word32 rsaPrivKeySz, - byte* eccCert, word32 eccCertSz, - byte* eccPrivKey, word32 eccPrivKeySz) -{ - int ret = 0, testSz, i; - int envelopedSz, decodedSz; - - byte *enveloped; - byte *decoded; - WC_RNG rng; - PKCS7* pkcs7; -#ifdef PKCS7_OUTPUT_TEST_BUNDLES - XFILE pkcs7File; -#endif - - const byte data[] = { /* Hello World */ - 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, - 0x72,0x6c,0x64 - }; - byte senderNonce[PKCS7_NONCE_SZ + 2]; - -#ifdef HAVE_ECC - byte senderNonceOid[] = - { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, - 0x09, 0x05 }; - - PKCS7Attrib attribs[] = - { - { senderNonceOid, sizeof(senderNonceOid), senderNonce, - sizeof(senderNonce) } - }; -#endif - -#if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \ - defined(WOLFSSL_SHA512) - byte optionalUkm[] = { - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 - }; -#endif /* NO_AES */ - -#if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) - /* encryption key for kekri recipient types */ - byte secretKey[] = { - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 - }; - - /* encryption key identifier */ - byte secretKeyId[] = { - 0x02,0x02,0x03,0x04 - }; -#endif - -#if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) && \ - !defined(NO_SHA) && defined(WOLFSSL_AES_128) - - #ifndef HAVE_FIPS - char password[] = "password"; - #else - char password[] = "passwordFIPS_MODE"; - #endif - - byte salt[] = { - 0x12, 0x34, 0x56, 0x78, 0x78, 0x56, 0x34, 0x12 - }; -#endif - - const pkcs7AuthEnvelopedVector testVectors[] = - { - /* key transport key encryption technique */ -#ifndef NO_RSA - #if !defined(NO_AES) && defined(HAVE_AESGCM) - #ifdef WOLFSSL_AES_128 - {data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, rsaCert, rsaCertSz, - rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, - NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, - 0, 0, "pkcs7authEnvelopedDataAES128GCM.der"}, - #endif - #ifdef WOLFSSL_AES_192 - {data, (word32)sizeof(data), DATA, AES192GCMb, 0, 0, rsaCert, rsaCertSz, - rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, - NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, - 0, 0, "pkcs7authEnvelopedDataAES192GCM.der"}, - #endif - #ifdef WOLFSSL_AES_256 - {data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz, - rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, - NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, - 0, 0, "pkcs7authEnvelopedDataAES256GCM.der"}, - - /* test with contentType set to FirmwarePkgData */ - {data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256GCMb, 0, 0, - rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, - 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, - 0, 0, 0, 0, 0, 0, 0, 0, - "pkcs7authEnvelopedDataAES256GCM_firmwarePkgData.der"}, - - /* explicitly using SKID for SubjectKeyIdentifier */ - {data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz, - rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, CMS_SKID, 0, - NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, - 0, 0, 0, 0, 0, "pkcs7authEnvelopedDataAES256GCM_SKID.der"}, - - /* explicitly using IssuerAndSerialNumber for SubjectKeyIdentifier */ - {data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz, - rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, - CMS_ISSUER_AND_SERIAL_NUMBER, 0, NULL, 0, NULL, 0, NULL, NULL, 0, - NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, - "pkcs7authEnvelopedDataAES256GCM_IANDS.der"}, - #endif - #endif /* NO_AES */ -#endif - - /* key agreement key encryption technique*/ -#ifdef HAVE_ECC - #if !defined(NO_AES) && defined(HAVE_AESGCM) - #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) - {data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP, - dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey, - eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, - NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, - "pkcs7authEnvelopedDataAES128GCM_ECDH_SHA1KDF.der"}, - #endif - - #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256) - {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP, - dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey, - eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, - NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, - "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF.der"}, - - /* with authenticated attributes */ - {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP, - dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey, - eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), - NULL, 0, NULL, 0, 0, 0, NULL, 0, - NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, - 0, 0, 0, - "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_authAttribs.der"}, - - /* with unauthenticated attributes */ - {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP, - dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey, - eccPrivKeySz, NULL, 0, attribs, - (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0, NULL, 0, - NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, - 0, 0, 0, - "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_unauthAttribs.der"}, - - /* with authenticated AND unauthenticated attributes */ - {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP, - dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey, - eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), - attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0, - NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, - 0, 0, 0, 0, 0, 0, - "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_bothAttribs.der"}, - - /* with authenticated AND unauthenticated attributes AND - * contentType of FirmwarePkgData */ - {data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256GCMb, AES256_WRAP, - dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey, - eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), - attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0, - NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, - 0, 0, 0, 0, 0, 0, - "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_fw_bothAttribs.der"}, - #endif /* NO_SHA256 && WOLFSSL_AES_256 */ - - #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_AES_256) - {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP, - dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey, - eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, - NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, - "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF.der"}, - - /* with optional user keying material (ukm) */ - {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP, - dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey, - eccPrivKeySz, NULL, 0, NULL, 0, optionalUkm, sizeof(optionalUkm), 0, - 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, - 0, 0, 0, 0, 0, 0, - "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF_ukm.der"}, - #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */ - #endif /* NO_AES */ -#endif - - /* kekri (KEKRecipientInfo) recipient types */ -#if !defined(NO_AES) && defined(HAVE_AESGCM) - #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) - {data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP, 0, - NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, - secretKey, sizeof(secretKey), secretKeyId, sizeof(secretKeyId), - NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, - "pkcs7authEnvelopedDataAES128GCM_KEKRI.der"}, - #endif -#endif - - /* pwri (PasswordRecipientInfo) recipient types */ -#if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) - #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) - {data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, - NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, - NULL, 0, NULL, NULL, 0, NULL, 0, 0, password, - (word32)XSTRLEN(password), salt, sizeof(salt), PBKDF2_OID, WC_SHA, 5, - AES128CBCb, 0, 0, 0, "pkcs7authEnvelopedDataAES128GCM_PWRI.der"}, - #endif -#endif - -#if !defined(NO_AES) && defined(HAVE_AESGCM) - #ifdef WOLFSSL_AES_128 - /* ori (OtherRecipientInfo) recipient types */ - {data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, NULL, 0, NULL, 0, - NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, - NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 1, 0, - "pkcs7authEnvelopedDataAES128GCM_ORI.der"}, - #endif -#endif - }; - - enveloped = XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - decoded = XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if ((! enveloped) || (! decoded)) { - ret = MEMORY_E; - goto out; - } - - testSz = sizeof(testVectors) / sizeof(pkcs7AuthEnvelopedVector); - - - /* generate senderNonce */ - { -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) { - ret = -11805; - goto out; - } - - senderNonce[0] = 0x04; - senderNonce[1] = PKCS7_NONCE_SZ; - - ret = wc_RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ); - if (ret != 0) { - wc_FreeRng(&rng); - ret = -11806; - goto out; - } - } - - for (i = 0; i < testSz; i++) { - pkcs7 = wc_PKCS7_New(HEAP_HINT, - #ifdef WOLFSSL_ASYNC_CRYPT - INVALID_DEVID /* async PKCS7 is not supported */ - #else - devId - #endif - ); - if (pkcs7 == NULL) { - ret = -11807; - goto out; - } - - if (testVectors[i].secretKey != NULL) { - /* KEKRI recipient type */ - - ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId); - if (ret != 0) { - ret = -11808; - goto out; - } - - pkcs7->content = (byte*)testVectors[i].content; - pkcs7->contentSz = testVectors[i].contentSz; - pkcs7->contentOID = testVectors[i].contentOID; - pkcs7->encryptOID = testVectors[i].encryptOID; - pkcs7->ukm = testVectors[i].optionalUkm; - pkcs7->ukmSz = testVectors[i].optionalUkmSz; - pkcs7->authAttribs = testVectors[i].authAttribs; - pkcs7->authAttribsSz = testVectors[i].authAttribsSz; - pkcs7->unauthAttribs = testVectors[i].unauthAttribs; - pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz; - - ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, testVectors[i].keyWrapOID, - testVectors[i].secretKey, testVectors[i].secretKeySz, - testVectors[i].secretKeyId, testVectors[i].secretKeyIdSz, - testVectors[i].timePtr, testVectors[i].otherAttrOID, - testVectors[i].otherAttrOIDSz, testVectors[i].otherAttr, - testVectors[i].otherAttrSz, testVectors[i].kekriOptions); - - if (ret < 0) { - wc_PKCS7_Free(pkcs7); - ret = -11809; - goto out; - } - - /* set key, for decryption */ - ret = wc_PKCS7_SetKey(pkcs7, testVectors[i].secretKey, - testVectors[i].secretKeySz); - - if (ret != 0) { - wc_PKCS7_Free(pkcs7); - ret = -11810; - goto out; - } - - } else if (testVectors[i].password != NULL) { - #ifndef NO_PWDBASED - /* PWRI recipient type */ - - ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId); - if (ret != 0) { - ret = -11811; - goto out; - } - - pkcs7->content = (byte*)testVectors[i].content; - pkcs7->contentSz = testVectors[i].contentSz; - pkcs7->contentOID = testVectors[i].contentOID; - pkcs7->encryptOID = testVectors[i].encryptOID; - pkcs7->ukm = testVectors[i].optionalUkm; - pkcs7->ukmSz = testVectors[i].optionalUkmSz; - pkcs7->authAttribs = testVectors[i].authAttribs; - pkcs7->authAttribsSz = testVectors[i].authAttribsSz; - pkcs7->unauthAttribs = testVectors[i].unauthAttribs; - pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz; - - ret = wc_PKCS7_AddRecipient_PWRI(pkcs7, - (byte*)testVectors[i].password, - testVectors[i].passwordSz, testVectors[i].salt, - testVectors[i].saltSz, testVectors[i].kdfOID, - testVectors[i].hashOID, testVectors[i].kdfIterations, - testVectors[i].kekEncryptOID, testVectors[i].pwriOptions); - - if (ret < 0) { - wc_PKCS7_Free(pkcs7); - ret = -11812; - goto out; - } - - /* set password, for decryption */ - ret = wc_PKCS7_SetPassword(pkcs7, (byte*)testVectors[i].password, - testVectors[i].passwordSz); - - if (ret < 0) { - wc_PKCS7_Free(pkcs7); - ret = -11813; - goto out; - } - - #endif /* NO_PWDBASED */ - } else if (testVectors[i].isOri == 1) { - /* ORI recipient type */ - - ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId); - if (ret != 0) { - ret = -11814; - goto out; - } - - pkcs7->content = (byte*)testVectors[i].content; - pkcs7->contentSz = testVectors[i].contentSz; - pkcs7->contentOID = testVectors[i].contentOID; - pkcs7->encryptOID = testVectors[i].encryptOID; - pkcs7->authAttribs = testVectors[i].authAttribs; - pkcs7->authAttribsSz = testVectors[i].authAttribsSz; - pkcs7->unauthAttribs = testVectors[i].unauthAttribs; - pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz; - - ret = wc_PKCS7_AddRecipient_ORI(pkcs7, myOriEncryptCb, - testVectors[i].oriOptions); - - if (ret < 0) { - wc_PKCS7_Free(pkcs7); - ret = -11815; - goto out; - } - - /* set decrypt callback for decryption */ - ret = wc_PKCS7_SetOriDecryptCb(pkcs7, myOriDecryptCb); - - if (ret < 0) { - wc_PKCS7_Free(pkcs7); - ret = -11816; - goto out; - } - - } else { - /* KTRI or KARI recipient types */ - - ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert, - (word32)testVectors[i].certSz); - if (ret != 0) { - wc_PKCS7_Free(pkcs7); - ret = -11817; - goto out; - } - - pkcs7->keyWrapOID = testVectors[i].keyWrapOID; - pkcs7->keyAgreeOID = testVectors[i].keyAgreeOID; - pkcs7->privateKey = testVectors[i].privateKey; - pkcs7->privateKeySz = testVectors[i].privateKeySz; - pkcs7->content = (byte*)testVectors[i].content; - pkcs7->contentSz = testVectors[i].contentSz; - pkcs7->contentOID = testVectors[i].contentOID; - pkcs7->encryptOID = testVectors[i].encryptOID; - pkcs7->ukm = testVectors[i].optionalUkm; - pkcs7->ukmSz = testVectors[i].optionalUkmSz; - pkcs7->authAttribs = testVectors[i].authAttribs; - pkcs7->authAttribsSz = testVectors[i].authAttribsSz; - pkcs7->unauthAttribs = testVectors[i].unauthAttribs; - pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz; - - /* set SubjectIdentifier type for KTRI types */ - if (testVectors[i].ktriOptions & CMS_SKID) { - - ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID); - if (ret != 0) { - wc_PKCS7_Free(pkcs7); - ret = -11818; - goto out; - } - } else if (testVectors[i].ktriOptions & - CMS_ISSUER_AND_SERIAL_NUMBER) { - - ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, - CMS_ISSUER_AND_SERIAL_NUMBER); - if (ret != 0) { - wc_PKCS7_Free(pkcs7); - ret = -11819; - goto out; - } - } - } - -#ifdef ECC_TIMING_RESISTANT - pkcs7->rng = &rng; -#endif - - /* encode envelopedData */ - envelopedSz = wc_PKCS7_EncodeAuthEnvelopedData(pkcs7, enveloped, - PKCS7_BUF_SIZE); - if (envelopedSz <= 0) { - wc_PKCS7_Free(pkcs7); - ret = -11820; - goto out; - } -#ifndef NO_PKCS7_STREAM - { /* test reading byte by byte */ - int z; - for (z = 0; z < envelopedSz; z++) { - decodedSz = wc_PKCS7_DecodeAuthEnvelopedData(pkcs7, - enveloped + z, 1, decoded, PKCS7_BUF_SIZE); - if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) { - printf("unexpected error %d\n", decodedSz); - ret = -11821; - goto out; - } - } - /* test decode result */ - if (XMEMCMP(decoded, data, sizeof(data)) != 0) { - printf("stream read compare failed\n"); - wc_PKCS7_Free(pkcs7); - ret = -11822; - goto out; - } - } -#endif - /* decode envelopedData */ - decodedSz = wc_PKCS7_DecodeAuthEnvelopedData(pkcs7, enveloped, - envelopedSz, decoded, - PKCS7_BUF_SIZE); - if (decodedSz <= 0) { - wc_PKCS7_Free(pkcs7); - ret = -11823; - goto out; - } - - /* test decode result */ - if (XMEMCMP(decoded, data, sizeof(data)) != 0){ - wc_PKCS7_Free(pkcs7); - ret = -11824; - goto out; - } - -#ifdef PKCS7_OUTPUT_TEST_BUNDLES - /* output pkcs7 envelopedData for external testing */ - pkcs7File = XFOPEN(testVectors[i].outFileName, "wb"); - if (!pkcs7File) { - wc_PKCS7_Free(pkcs7); - ret = -11825; - goto out; - } - - ret = (int)XFWRITE(enveloped, 1, envelopedSz, pkcs7File); - XFCLOSE(pkcs7File); - if (ret != envelopedSz) { - wc_PKCS7_Free(pkcs7); - ret = -11826; - goto out; - } -#endif /* PKCS7_OUTPUT_TEST_BUNDLES */ - - wc_PKCS7_Free(pkcs7); - pkcs7 = NULL; - } - - wc_FreeRng(&rng); - -#if !defined(HAVE_ECC) || defined(NO_AES) - (void)eccCert; - (void)eccCertSz; - (void)eccPrivKey; - (void)eccPrivKeySz; - (void)secretKey; - (void)secretKeyId; -#endif -#ifdef NO_RSA - (void)rsaCert; - (void)rsaCertSz; - (void)rsaPrivKey; - (void)rsaPrivKeySz; -#endif - - out: - if (enveloped) - XFREE(enveloped, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (decoded) - XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - - return ret; -} - - -static int pkcs7authenveloped_test(void) -{ - int ret = 0; - - byte* rsaCert = NULL; - byte* rsaPrivKey = NULL; - word32 rsaCertSz = 0; - word32 rsaPrivKeySz = 0; - - byte* eccCert = NULL; - byte* eccPrivKey = NULL; - word32 eccCertSz = 0; - word32 eccPrivKeySz = 0; - -#ifndef NO_RSA - /* read client RSA cert and key in DER format */ - rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (rsaCert == NULL) - return -11900; - - rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (rsaPrivKey == NULL) { - XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -11901; - } - - rsaCertSz = FOURK_BUF; - rsaPrivKeySz = FOURK_BUF; -#endif /* NO_RSA */ - -#ifdef HAVE_ECC - /* read client ECC cert and key in DER format */ - eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (eccCert == NULL) { - #ifndef NO_RSA - XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - #endif - return -11902; - } - - eccPrivKey =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (eccPrivKey == NULL) { - #ifndef NO_RSA - XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - #endif - XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -11903; - } - - eccCertSz = FOURK_BUF; - eccPrivKeySz = FOURK_BUF; -#endif /* HAVE_ECC */ - - ret = pkcs7_load_certs_keys(rsaCert, &rsaCertSz, rsaPrivKey, - &rsaPrivKeySz, NULL, NULL, NULL, NULL, - NULL, NULL, NULL, NULL, eccCert, &eccCertSz, - eccPrivKey, &eccPrivKeySz); - if (ret < 0) { - #ifndef NO_RSA - XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - #endif - #ifdef HAVE_ECC - XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - #endif - return -11904; - } - - ret = pkcs7authenveloped_run_vectors(rsaCert, (word32)rsaCertSz, - rsaPrivKey, (word32)rsaPrivKeySz, - eccCert, (word32)eccCertSz, - eccPrivKey, (word32)eccPrivKeySz); - -#ifndef NO_RSA - XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); -#endif -#ifdef HAVE_ECC - XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); -#endif - - return ret; -} - -#endif /* HAVE_AESGCM || HAVE_AESCCM */ -#ifndef NO_AES -static const byte p7DefKey[] = { - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 -}; - -static const byte p7AltKey[] = { - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 -}; - -static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId, - word32 keyIdSz, byte* orginKey, word32 orginKeySz, - byte* out, word32 outSz, int keyWrapAlgo, int type, int direction) -{ - int ret; - - if (cek == NULL || out == NULL) - return BAD_FUNC_ARG; - - /* test case sanity checks */ - if (keyIdSz != 1) { - return -11905; - } - - if (keyId[0] != 0x00) { - return -11906; - } - - if (type != (int)PKCS7_KEKRI) { - return -11907; - } - - switch (keyWrapAlgo) { - case AES256_WRAP: - ret = wc_AesKeyUnWrap(p7DefKey, sizeof(p7DefKey), cek, cekSz, - out, outSz, NULL); - if (ret <= 0) - return ret; - break; - - default: - WOLFSSL_MSG("Unsupported key wrap algorithm in example"); - return BAD_KEYWRAP_ALG_E; - }; - - (void)pkcs7; - (void)direction; - (void)orginKey; /* used with KAKRI */ - (void)orginKeySz; - return ret; -} - - -/* returns key size on success */ -static int getFirmwareKey(PKCS7* pkcs7, byte* key, word32 keySz) -{ - int ret; - word32 atrSz; - byte atr[256]; - - /* Additionally can look for fwWrappedFirmwareKey - * 1.2.840.113529.1.9.16.1.16 */ - const unsigned char fwWrappedFirmwareKey[] = { - /* 0x06, 0x0B */ - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, - 0x01, 0x09, 0x10, 0x02, 0x27 - }; - - /* find keyID in fwWrappedFirmwareKey */ - ret = wc_PKCS7_GetAttributeValue(pkcs7, fwWrappedFirmwareKey, - sizeof(fwWrappedFirmwareKey), NULL, &atrSz); - if (ret == LENGTH_ONLY_E) { - XMEMSET(atr, 0, sizeof(atr)); - ret = wc_PKCS7_GetAttributeValue(pkcs7, fwWrappedFirmwareKey, - sizeof(fwWrappedFirmwareKey), atr, &atrSz); - - /* keyIdRaw[0] OCTET TAG */ - /* keyIdRaw[1] Length */ - - if (ret > 0) { - PKCS7* envPkcs7; - - envPkcs7 = wc_PKCS7_New(NULL, 0); - if (envPkcs7 == NULL) { - return MEMORY_E; - } - - wc_PKCS7_Init(envPkcs7, NULL, 0); - ret = wc_PKCS7_SetWrapCEKCb(envPkcs7, myCEKwrapFunc); - if (ret == 0) { - /* expecting FIRMWARE_PKG_DATA content */ - envPkcs7->contentOID = FIRMWARE_PKG_DATA; - ret = wc_PKCS7_DecodeEnvelopedData(envPkcs7, atr, atrSz, - key, keySz); - } - wc_PKCS7_Free(envPkcs7); - } - } - - return ret; -} - -/* create a KEKRI enveloped data - * return size on success */ -static int envelopedData_encrypt(byte* in, word32 inSz, byte* out, - word32 outSz) -{ - int ret; - PKCS7* pkcs7; - const byte keyId[] = { 0x00 }; - - pkcs7 = wc_PKCS7_New(NULL, INVALID_DEVID); - if (pkcs7 == NULL) - return -11908; - - pkcs7->content = in; - pkcs7->contentSz = inSz; - pkcs7->contentOID = FIRMWARE_PKG_DATA; - pkcs7->encryptOID = AES256CBCb; - pkcs7->ukm = NULL; - pkcs7->ukmSz = 0; - - /* add recipient (KEKRI type) */ - ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, AES256_WRAP, (byte*)p7DefKey, - sizeof(p7DefKey), (byte*)keyId, - sizeof(keyId), NULL, NULL, 0, NULL, 0, 0); - if (ret < 0) { - printf("wc_PKCS7_AddRecipient_KEKRI() failed, ret = %d\n", ret); - wc_PKCS7_Free(pkcs7); - return -11909; - } - - /* encode envelopedData, returns size */ - ret = wc_PKCS7_EncodeEnvelopedData(pkcs7, out, outSz); - if (ret <= 0) { - printf("wc_PKCS7_EncodeEnvelopedData() failed, ret = %d\n", ret); - wc_PKCS7_Free(pkcs7); - return -11910; - - } - - wc_PKCS7_Free(pkcs7); - - return ret; -} - - -/* - * keyHint is the KeyID to be set in the fwDecryptKeyID attribute - * returns size of buffer output on success - */ -static int generateBundle(byte* out, word32 *outSz, const byte* encryptKey, - word32 encryptKeySz, byte keyHint, byte* cert, word32 certSz, - byte* key, word32 keySz) -{ - int ret, attribNum = 1; - PKCS7* pkcs7; - - /* KEY ID - * fwDecryptKeyID OID 1.2.840.113549.1.9.16.2.37 - */ - const unsigned char fwDecryptKeyID[] = { - 0x06, 0x0B, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, - 0x01, 0x09, 0x10, 0x02, 0x25 - }; - - /* fwWrappedFirmwareKey 1.2.840.113529.1.9.16.1.16 */ - const unsigned char fwWrappedFirmwareKey[] = { - 0x06, 0x0B, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, - 0x01, 0x09, 0x10, 0x02, 0x27 - }; - - byte keyID[] = { 0x04, 0x01, 0x00 }; - byte env[256]; - char data[] = "Test of wolfSSL PKCS7 decrypt callback"; - - PKCS7Attrib attribs[] = - { - { fwDecryptKeyID, sizeof(fwDecryptKeyID), keyID, sizeof(keyID) }, - { fwWrappedFirmwareKey, sizeof(fwWrappedFirmwareKey), env, 0 } - }; - - keyID[2] = keyHint; - - /* If using keyHint 0 then create a bundle with fwWrappedFirmwareKey */ - if (keyHint == 0) { - ret = envelopedData_encrypt((byte*)p7DefKey, sizeof(p7DefKey), env, - sizeof(env)); - if (ret <= 0) { - return ret; - } - attribs[1].valueSz = ret; - attribNum++; - } - - /* init PKCS7 */ - pkcs7 = wc_PKCS7_New(NULL, INVALID_DEVID); - if (pkcs7 == NULL) - return -11911; - - ret = wc_PKCS7_InitWithCert(pkcs7, cert, certSz); - if (ret != 0) { - printf("ERROR: wc_PKCS7_InitWithCert() failed, ret = %d\n", ret); - wc_PKCS7_Free(pkcs7); - return -11912; - } - - ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID); - if (ret != 0) { - wc_PKCS7_Free(pkcs7); - return -11913; - } - - /* encode Signed Encrypted FirmwarePkgData */ - if (encryptKeySz == 16) { - ret = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7, (byte*)encryptKey, - encryptKeySz, key, keySz, AES128CBCb, RSAk, SHA256h, - (byte*)data, sizeof(data), NULL, 0, - attribs, attribNum, out, *outSz); - } - else { - ret = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7, (byte*)encryptKey, - encryptKeySz, key, keySz, AES256CBCb, RSAk, SHA256h, - (byte*)data, sizeof(data), NULL, 0, - attribs, attribNum, out, *outSz); - } - if (ret <= 0) { - printf("ERROR: wc_PKCS7_EncodeSignedEncryptedFPD() failed, " - "ret = %d\n", ret); - wc_PKCS7_Free(pkcs7); - return -11914; - - } else { - *outSz = ret; - } - - wc_PKCS7_Free(pkcs7); - - return ret; -} - - -/* test verification and decryption of PKCS7 bundle - * return 0 on success - */ -static int verifyBundle(byte* derBuf, word32 derSz, int keyHint) -{ - int ret = 0; - int usrCtx = 1; /* test value to pass as user context to callback */ - PKCS7* pkcs7; - byte* sid; - word32 sidSz; - byte key[256]; - word32 keySz = sizeof(key); - - byte decoded[FOURK_BUF/2]; - int decodedSz = FOURK_BUF/2; - - const byte expectedSid[] = { - 0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 0x87, 0x18, - 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, - 0xD7, 0x85, 0x65, 0xC0 - }; - - pkcs7 = wc_PKCS7_New(HEAP_HINT, INVALID_DEVID); - if (pkcs7 == NULL) { - return MEMORY_E; - } - - /* Test verify */ - ret = wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID); - if (ret != 0) { - wc_PKCS7_Free(pkcs7); - return ret; - } - ret = wc_PKCS7_InitWithCert(pkcs7, NULL, 0); - if (ret != 0) { - wc_PKCS7_Free(pkcs7); - return ret; - } - ret = wc_PKCS7_VerifySignedData(pkcs7, derBuf, derSz); - if (ret != 0) { - wc_PKCS7_Free(pkcs7); - return ret; - } - - /* Get size of SID and print it out */ - ret = wc_PKCS7_GetSignerSID(pkcs7, NULL, &sidSz); - if (ret != LENGTH_ONLY_E) { - wc_PKCS7_Free(pkcs7); - return ret; - } - - sid = (byte*)XMALLOC(sidSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (sid == NULL) { - wc_PKCS7_Free(pkcs7); - return ret; - } - - ret = wc_PKCS7_GetSignerSID(pkcs7, sid, &sidSz); - if (ret != 0) { - wc_PKCS7_Free(pkcs7); - XFREE(sid, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return ret; - } - ret = XMEMCMP(sid, expectedSid, sidSz); - XFREE(sid, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (ret != 0) { - wc_PKCS7_Free(pkcs7); - return ret; - } - - /* get expected fwWrappedFirmwareKey */ - if (keyHint == 0) { - ret = getFirmwareKey(pkcs7, key, keySz); - if (ret < 0) { - wc_PKCS7_Free(pkcs7); - return ret; - } - pkcs7->encryptionKey = key; - pkcs7->encryptionKeySz = ret; - } - else { - decodedSz = PKCS7_BUF_SIZE; - ret = wc_PKCS7_SetDecodeEncryptedCb(pkcs7, myDecryptionFunc); - if (ret != 0) { - wc_PKCS7_Free(pkcs7); - return ret; - } - - ret = wc_PKCS7_SetDecodeEncryptedCtx(pkcs7, (void*)&usrCtx); - if (ret != 0) { - wc_PKCS7_Free(pkcs7); - return ret; - } - } - - decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content, - pkcs7->contentSz, decoded, decodedSz); - if (decodedSz < 0) { - ret = decodedSz; - wc_PKCS7_Free(pkcs7); - return ret; - } - - wc_PKCS7_Free(pkcs7); - return 0; -} - - -static int pkcs7callback_test(byte* cert, word32 certSz, byte* key, word32 keySz) -{ - - int ret = 0; - byte derBuf[FOURK_BUF]; - word32 derSz = sizeof(derBuf); - - /* Doing default generation and verify */ - ret = generateBundle(derBuf, &derSz, p7DefKey, sizeof(p7DefKey), 0, cert, - certSz, key, keySz); - if (ret <= 0) { - return -11915; - } - - ret = verifyBundle(derBuf, derSz, 0); - if (ret != 0) { - return -11916; - } - - /* test choosing other key with keyID */ - derSz = sizeof(derBuf); - ret = generateBundle(derBuf, &derSz, p7AltKey, sizeof(p7AltKey), 1, - cert, certSz, key, keySz); - if (ret <= 0) { - return -11917; - } - - ret = verifyBundle(derBuf, derSz, 1); - if (ret != 0) { - return -11918; - } - - /* test fail case with wrong keyID */ - derSz = sizeof(derBuf); - ret = generateBundle(derBuf, &derSz, p7DefKey, sizeof(p7DefKey), 1, - cert, certSz, key, keySz); - if (ret <= 0) { - return -11919; - } - - ret = verifyBundle(derBuf, derSz, 1); - if (ret == 0) { - return -11920; - } - - return 0; -} -#endif /* NO_AES */ - -#ifndef NO_PKCS7_ENCRYPTED_DATA - -typedef struct { - const byte* content; - word32 contentSz; - int contentOID; - int encryptOID; - byte* encryptionKey; - word32 encryptionKeySz; - PKCS7Attrib* attribs; - word32 attribsSz; - const char* outFileName; -} pkcs7EncryptedVector; - - -static int pkcs7encrypted_test(void) -{ - int ret = 0; - int i, testSz; - int encryptedSz, decodedSz, attribIdx; - PKCS7* pkcs7; - byte *encrypted; - byte *decoded; -#ifdef PKCS7_OUTPUT_TEST_BUNDLES - XFILE pkcs7File; -#endif - - PKCS7Attrib* expectedAttrib; - PKCS7DecodedAttrib* decodedAttrib; - - const byte data[] = { /* Hello World */ - 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, - 0x72,0x6c,0x64 - }; - -#ifndef NO_DES3 - byte desKey[] = { - 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef - }; - byte des3Key[] = { - 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, - 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, - 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 - }; -#endif - -#ifndef NO_AES -#ifdef WOLFSSL_AES_128 - byte aes128Key[] = { - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 - }; -#endif -#ifdef WOLFSSL_AES_192 - byte aes192Key[] = { - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 - }; -#endif -#ifdef WOLFSSL_AES_256 - byte aes256Key[] = { - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 - }; -#endif - -#ifdef WOLFSSL_AES_256 - /* Attribute example from RFC 4134, Section 7.2 - * OID = 1.2.5555 - * OCTET STRING = 'This is a test General ASN Attribute, number 1.' */ - static byte genAttrOid[] = { 0x06, 0x03, 0x2a, 0xab, 0x33 }; - static byte genAttr[] = { 0x04, 47, - 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, - 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x47, - 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 0x20, 0x41, - 0x53, 0x4e, 0x20, 0x41, 0x74, 0x74, 0x72, 0x69, - 0x62, 0x75, 0x74, 0x65, 0x2c, 0x20, 0x6e, 0x75, - 0x6d, 0x62, 0x65, 0x72, 0x20, 0x31, 0x2e }; - - static byte genAttrOid2[] = { 0x06, 0x03, 0x2a, 0xab, 0x34 }; - static byte genAttr2[] = { 0x04, 47, - 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, - 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x47, - 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 0x20, 0x41, - 0x53, 0x4e, 0x20, 0x41, 0x74, 0x74, 0x72, 0x69, - 0x62, 0x75, 0x74, 0x65, 0x2c, 0x20, 0x6e, 0x75, - 0x6d, 0x62, 0x65, 0x72, 0x20, 0x32, 0x2e }; - - PKCS7Attrib attribs[] = - { - { genAttrOid, sizeof(genAttrOid), genAttr, sizeof(genAttr) } - }; - - PKCS7Attrib multiAttribs[] = - { - { genAttrOid, sizeof(genAttrOid), genAttr, sizeof(genAttr) }, - { genAttrOid2, sizeof(genAttrOid2), genAttr2, sizeof(genAttr2) } - }; -#endif -#endif /* NO_AES */ - - const pkcs7EncryptedVector testVectors[] = - { -#ifndef NO_DES3 - {data, (word32)sizeof(data), DATA, DES3b, des3Key, sizeof(des3Key), - NULL, 0, "pkcs7encryptedDataDES3.der"}, - - {data, (word32)sizeof(data), DATA, DESb, desKey, sizeof(desKey), - NULL, 0, "pkcs7encryptedDataDES.der"}, -#endif /* NO_DES3 */ - -#ifndef NO_AES - #ifdef WOLFSSL_AES_128 - {data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key, - sizeof(aes128Key), NULL, 0, "pkcs7encryptedDataAES128CBC.der"}, - #endif - #ifdef WOLFSSL_AES_192 - {data, (word32)sizeof(data), DATA, AES192CBCb, aes192Key, - sizeof(aes192Key), NULL, 0, "pkcs7encryptedDataAES192CBC.der"}, - #endif - #ifdef WOLFSSL_AES_256 - {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key, - sizeof(aes256Key), NULL, 0, "pkcs7encryptedDataAES256CBC.der"}, - - /* test with optional unprotected attributes */ - {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key, - sizeof(aes256Key), attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7encryptedDataAES256CBC_attribs.der"}, - - /* test with multiple optional unprotected attributes */ - {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key, - sizeof(aes256Key), multiAttribs, - (sizeof(multiAttribs)/sizeof(PKCS7Attrib)), - "pkcs7encryptedDataAES256CBC_multi_attribs.der"}, - - /* test with contentType set to FirmwarePkgData */ - {data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256CBCb, aes256Key, - sizeof(aes256Key), NULL, 0, - "pkcs7encryptedDataAES256CBC_firmwarePkgData.der"}, - #endif -#endif /* NO_AES */ - }; - - encrypted = XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - decoded = XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if ((! encrypted) || (! decoded)) { - ret = MEMORY_E; - goto out; - } - - testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector); - - for (i = 0; i < testSz; i++) { - pkcs7 = wc_PKCS7_New(HEAP_HINT, devId); - if (pkcs7 == NULL) { - ret = -12000; - goto out; - } - - pkcs7->content = (byte*)testVectors[i].content; - pkcs7->contentSz = testVectors[i].contentSz; - pkcs7->contentOID = testVectors[i].contentOID; - pkcs7->encryptOID = testVectors[i].encryptOID; - pkcs7->encryptionKey = testVectors[i].encryptionKey; - pkcs7->encryptionKeySz = testVectors[i].encryptionKeySz; - pkcs7->unprotectedAttribs = testVectors[i].attribs; - pkcs7->unprotectedAttribsSz = testVectors[i].attribsSz; - - /* encode encryptedData */ - encryptedSz = wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted, - PKCS7_BUF_SIZE); - if (encryptedSz <= 0) { - wc_PKCS7_Free(pkcs7); - ret = -12001; - goto out; - } - - /* decode encryptedData */ -#ifndef NO_PKCS7_STREAM - { /* test reading byte by byte */ - int z; - for (z = 0; z < encryptedSz; z++) { - decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted + z, 1, - decoded, PKCS7_BUF_SIZE); - if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) { - printf("unexpected error %d\n", decodedSz); - ret = -12002; - goto out; - } - } - /* test decode result */ - if (XMEMCMP(decoded, data, sizeof(data)) != 0) { - printf("stream read failed\n"); - wc_PKCS7_Free(pkcs7); - ret = -12003; - goto out; - } - } -#endif - decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz, - decoded, PKCS7_BUF_SIZE); - if (decodedSz <= 0){ - wc_PKCS7_Free(pkcs7); - ret = -12004; - goto out; - } - - /* test decode result */ - if (XMEMCMP(decoded, data, sizeof(data)) != 0) { - wc_PKCS7_Free(pkcs7); - ret = -12005; - goto out; - } - - /* verify decoded unprotected attributes */ - if (pkcs7->decodedAttrib != NULL) { - decodedAttrib = pkcs7->decodedAttrib; - attribIdx = 1; - - while (decodedAttrib != NULL) { - - /* expected attribute, stored list is reversed */ - expectedAttrib = &(pkcs7->unprotectedAttribs - [pkcs7->unprotectedAttribsSz - attribIdx]); - - /* verify oid */ - if (XMEMCMP(decodedAttrib->oid, expectedAttrib->oid, - decodedAttrib->oidSz) != 0) { - wc_PKCS7_Free(pkcs7); - ret = -12006; - goto out; - } - - /* verify value */ - if (XMEMCMP(decodedAttrib->value, expectedAttrib->value, - decodedAttrib->valueSz) != 0) { - wc_PKCS7_Free(pkcs7); - ret = -12007; - goto out; - } - - decodedAttrib = decodedAttrib->next; - attribIdx++; - } - } - -#ifdef PKCS7_OUTPUT_TEST_BUNDLES - /* output pkcs7 envelopedData for external testing */ - pkcs7File = XFOPEN(testVectors[i].outFileName, "wb"); - if (!pkcs7File) { - wc_PKCS7_Free(pkcs7); - ret = -12008; - goto out; - } - - ret = (int)XFWRITE(encrypted, encryptedSz, 1, pkcs7File); - XFCLOSE(pkcs7File); - - if (ret > 0) - ret = 0; -#endif - - wc_PKCS7_Free(pkcs7); - } - - out: - if (encrypted) - XFREE(encrypted, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (decoded) - XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - - return ret; -} - -#endif /* NO_PKCS7_ENCRYPTED_DATA */ - - -#if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) - -typedef struct { - const byte* content; - word32 contentSz; - int contentOID; - const char* outFileName; -} pkcs7CompressedVector; - - -static int pkcs7compressed_test(void) -{ - int ret = 0; - int i, testSz; - int compressedSz, decodedSz; - PKCS7* pkcs7; - byte *compressed; - byte *decoded; -#ifdef PKCS7_OUTPUT_TEST_BUNDLES - XFILE pkcs7File; -#endif - - const byte data[] = { /* Hello World */ - 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, - 0x72,0x6c,0x64 - }; - - const pkcs7CompressedVector testVectors[] = - { - {data, (word32)sizeof(data), DATA, - "pkcs7compressedData_data_zlib.der"}, - {data, (word32)sizeof(data), FIRMWARE_PKG_DATA, - "pkcs7compressedData_firmwarePkgData_zlib.der"}, - }; - - enveloped = XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - decoded = XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if ((! enveloped) || (! decoded)) { - ret = MEMORY_E; - goto out; - } - - testSz = sizeof(testVectors) / sizeof(pkcs7CompressedVector); - - for (i = 0; i < testSz; i++) { - pkcs7 = wc_PKCS7_New(HEAP_HINT, devId); - if (pkcs7 == NULL) { - ret = -12100; - goto out; - } - - pkcs7->content = (byte*)testVectors[i].content; - pkcs7->contentSz = testVectors[i].contentSz; - pkcs7->contentOID = testVectors[i].contentOID; - - /* encode compressedData */ - compressedSz = wc_PKCS7_EncodeCompressedData(pkcs7, compressed, - sizeof(compressed)); - if (compressedSz <= 0) { - wc_PKCS7_Free(pkcs7); - ret = -12101; - goto out; - } - - /* decode compressedData */ - decodedSz = wc_PKCS7_DecodeCompressedData(pkcs7, compressed, - compressedSz, decoded, - PKCS7_BUF_SIZE); - if (decodedSz <= 0){ - wc_PKCS7_Free(pkcs7); - ret = -12102; - goto out; - } - - /* test decode result */ - if (XMEMCMP(decoded, testVectors[i].content, - testVectors[i].contentSz) != 0) { - wc_PKCS7_Free(pkcs7); - ret = -12103; - goto out; - } - - /* make sure content type is the same */ - if (testVectors[i].contentOID != pkcs7->contentOID) { - ret = -12104; - goto out; - } - -#ifdef PKCS7_OUTPUT_TEST_BUNDLES - /* output pkcs7 compressedData for external testing */ - pkcs7File = XFOPEN(testVectors[i].outFileName, "wb"); - if (!pkcs7File) { - wc_PKCS7_Free(pkcs7); - ret = -12105; - goto out; - } - - ret = (int)XFWRITE(compressed, compressedSz, 1, pkcs7File); - XFCLOSE(pkcs7File); - - if (ret > 0) - ret = 0; -#endif - - wc_PKCS7_Free(pkcs7); - } - - out: - if (enveloped) - XFREE(enveloped, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (decoded) - XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - - return ret; -} /* pkcs7compressed_test() */ - -#undef PKCS7_BUF_SIZE - -#endif /* HAVE_LIBZ */ - - -typedef struct { - const byte* content; - word32 contentSz; - int hashOID; - int signOID; - byte* privateKey; - word32 privateKeySz; - byte* cert; - size_t certSz; - byte* caCert; - size_t caCertSz; - PKCS7Attrib* signedAttribs; - word32 signedAttribsSz; - const char* outFileName; - int contentOID; - byte* contentType; - word32 contentTypeSz; - int sidType; - int encryptOID; /* for single-shot encrypt alg OID */ - int encCompFlag; /* for single-shot. 1 = enc, 2 = comp, 3 = both*/ - byte* encryptKey; /* for single-shot, encryptedData */ - word32 encryptKeySz; /* for single-shot, encryptedData */ - PKCS7Attrib* unprotectedAttribs; /* for single-shot, encryptedData */ - word32 unprotectedAttribsSz; /* for single-shot, encryptedData */ - word16 detachedSignature; /* generate detached signature (0:1) */ -} pkcs7SignedVector; - - -static int pkcs7signed_run_vectors( - byte* rsaClientCertBuf, word32 rsaClientCertBufSz, - byte* rsaClientPrivKeyBuf, word32 rsaClientPrivKeyBufSz, - byte* rsaServerCertBuf, word32 rsaServerCertBufSz, - byte* rsaServerPrivKeyBuf, word32 rsaServerPrivKeyBufSz, - byte* rsaCaCertBuf, word32 rsaCaCertBufSz, - byte* rsaCaPrivKeyBuf, word32 rsaCaPrivKeyBufSz, - byte* eccClientCertBuf, word32 eccClientCertBufSz, - byte* eccClientPrivKeyBuf, word32 eccClientPrivKeyBufSz) -{ - int ret, testSz, i; - int encodedSz; - byte* out; - word32 outSz; - WC_RNG rng; - PKCS7* pkcs7; -#ifdef PKCS7_OUTPUT_TEST_BUNDLES - XFILE file; -#endif - - const byte data[] = { /* Hello World */ - 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, - 0x72,0x6c,0x64 - }; - - static byte transIdOid[] = - { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, - 0x09, 0x07 }; - static byte messageTypeOid[] = - { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, - 0x09, 0x02 }; - static byte senderNonceOid[] = - { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, - 0x09, 0x05 }; -#ifndef NO_SHA - static byte transId[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1]; -#else - static byte transId[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1]; -#endif - static byte messageType[] = { 0x13, 2, '1', '9' }; - static byte senderNonce[PKCS7_NONCE_SZ + 2]; - - PKCS7Attrib attribs[] = - { - { transIdOid, sizeof(transIdOid), transId, - sizeof(transId) - 1 }, /* take off the null */ - { messageTypeOid, sizeof(messageTypeOid), messageType, - sizeof(messageType) }, - { senderNonceOid, sizeof(senderNonceOid), senderNonce, - sizeof(senderNonce) } - }; - - /* for testing custom contentType, FirmwarePkgData */ - byte customContentType[] = { 0x06, 0x0B, 0x2A, 0x86, - 0x48, 0x86, 0xF7, 0x0D, - 0x01, 0x09, 0x10, 0x01, 0x10 }; - - const pkcs7SignedVector testVectors[] = - { -#ifndef NO_RSA - #ifndef NO_SHA - /* RSA with SHA */ - {data, (word32)sizeof(data), SHAh, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_RSA_SHA.der", 0, NULL, 0, 0, 0, 0, NULL, 0, NULL, - 0, 0}, - - /* RSA with SHA, no signed attributes */ - {data, (word32)sizeof(data), SHAh, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, - NULL, 0, NULL, 0, - "pkcs7signedData_RSA_SHA_noattr.der", 0, NULL, 0, 0, 0, 0, NULL, 0, - NULL, 0, 0}, - #endif - #ifdef WOLFSSL_SHA224 - /* RSA with SHA224 */ - {data, (word32)sizeof(data), SHA224h, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_RSA_SHA224.der", 0, NULL, 0, 0, 0, 0, NULL, 0, - NULL, 0, 0}, - #endif - #ifndef NO_SHA256 - /* RSA with SHA256 */ - {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_RSA_SHA256.der", 0, NULL, 0, 0, 0, 0, NULL, 0, - NULL, 0, 0}, - - /* RSA with SHA256, detached signature */ - {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_RSA_SHA256_detachedSig.der", 0, NULL, 0, 0, 0, 0, - NULL, 0, NULL, 0, 1}, - - /* RSA with SHA256 and SubjectKeyIdentifier in SignerIdentifier */ - {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_RSA_SHA256_SKID.der", 0, NULL, 0, CMS_SKID, 0, 0, - NULL, 0, NULL, 0, 0}, - - /* RSA with SHA256 and custom contentType */ - {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_RSA_SHA256_custom_contentType.der", 0, - customContentType, sizeof(customContentType), 0, 0, 0, NULL, 0, - NULL, 0, 0}, - - /* RSA with SHA256 and FirmwarePkgData contentType */ - {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_RSA_SHA256_firmwarePkgData.der", - FIRMWARE_PKG_DATA, NULL, 0, 0, 0, 0, NULL, 0, NULL, 0, 0}, - - /* RSA with SHA256 using server cert and ca cert */ - {data, (word32)sizeof(data), SHA256h, RSAk, rsaServerPrivKeyBuf, - rsaServerPrivKeyBufSz, rsaServerCertBuf, rsaServerCertBufSz, - rsaCaCertBuf, rsaCaCertBufSz, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_RSA_SHA256_with_ca_cert.der", 0, NULL, 0, 0, 0, 0, - NULL, 0, NULL, 0, 0}, - #endif - #if defined(WOLFSSL_SHA384) - /* RSA with SHA384 */ - {data, (word32)sizeof(data), SHA384h, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_RSA_SHA384.der", 0, NULL, 0, 0, 0, 0, NULL, 0, - NULL, 0, 0}, - #endif - #if defined(WOLFSSL_SHA512) - /* RSA with SHA512 */ - {data, (word32)sizeof(data), SHA512h, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_RSA_SHA512.der", 0, NULL, 0, 0, 0, 0, NULL, 0, - NULL, 0, 0}, - #endif -#endif /* NO_RSA */ - -#ifdef HAVE_ECC - #ifndef NO_SHA - /* ECDSA with SHA */ - {data, (word32)sizeof(data), SHAh, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_ECDSA_SHA.der", 0, NULL, 0, 0, 0, 0, NULL, 0, - NULL, 0, 0}, - - /* ECDSA with SHA, no signed attributes */ - {data, (word32)sizeof(data), SHAh, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, - NULL, 0, NULL, 0, - "pkcs7signedData_ECDSA_SHA_noattr.der", 0, NULL, 0, 0, 0, 0, NULL, 0, - NULL, 0, 0}, - #endif - #ifdef WOLFSSL_SHA224 - /* ECDSA with SHA224 */ - {data, (word32)sizeof(data), SHA224h, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_ECDSA_SHA224.der", 0, NULL, 0, 0, 0, 0, NULL, 0, - NULL, 0, 0}, - #endif - #ifndef NO_SHA256 - /* ECDSA with SHA256 */ - {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_ECDSA_SHA256.der", 0, NULL, 0, 0, 0, 0, NULL, 0, - NULL, 0, 0}, - - /* ECDSA with SHA256 and SubjectKeyIdentifier in SigherIdentifier */ - {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_ECDSA_SHA256_SKID.der", 0, NULL, 0, CMS_SKID, 0, 0, - NULL, 0, NULL, 0, 0}, - - /* ECDSA with SHA256 and custom contentType */ - {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_ECDSA_SHA256_custom_contentType.der", 0, - customContentType, sizeof(customContentType), 0, 0, 0, NULL, 0, - NULL, 0, 0}, - - /* ECDSA with SHA256 and FirmwarePkgData contentType */ - {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_ECDSA_SHA256_firmwarePkgData.der", - FIRMWARE_PKG_DATA, NULL, 0, 0, 0, 0, NULL, 0, NULL, 0, 0}, - #endif - #ifdef WOLFSSL_SHA384 - /* ECDSA with SHA384 */ - {data, (word32)sizeof(data), SHA384h, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_ECDSA_SHA384.der", 0, NULL, 0, 0, 0, 0, NULL, 0, - NULL, 0, 0}, - #endif - #ifdef WOLFSSL_SHA512 - /* ECDSA with SHA512 */ - {data, (word32)sizeof(data), SHA512h, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedData_ECDSA_SHA512.der", 0, NULL, 0, 0, 0, 0, NULL, 0, - NULL, 0, 0}, - #endif -#endif /* HAVE_ECC */ - }; - - testSz = sizeof(testVectors) / sizeof(pkcs7SignedVector); - - outSz = FOURK_BUF; - out = (byte*)XMALLOC(outSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (out == NULL) - return -12106; - - XMEMSET(out, 0, outSz); - - ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 16); - if (ret < 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -12107; - } - -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -12108; - } - - for (i = 0; i < testSz; i++) { - pkcs7 = wc_PKCS7_New(HEAP_HINT, devId); - if (pkcs7 == NULL) - return -12109; - - ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert, - (word32)testVectors[i].certSz); - - if (ret != 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12110; - } - - /* load CA certificate, if present */ - if (testVectors[i].caCert != NULL) { - ret = wc_PKCS7_AddCertificate(pkcs7, testVectors[i].caCert, - (word32)testVectors[i].caCertSz); - if (ret != 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12111; - } - } - - pkcs7->rng = &rng; - pkcs7->content = (byte*)testVectors[i].content; - pkcs7->contentSz = testVectors[i].contentSz; - pkcs7->contentOID = testVectors[i].contentOID; - pkcs7->hashOID = testVectors[i].hashOID; - pkcs7->encryptOID = testVectors[i].signOID; - pkcs7->privateKey = testVectors[i].privateKey; - pkcs7->privateKeySz = testVectors[i].privateKeySz; - pkcs7->signedAttribs = testVectors[i].signedAttribs; - pkcs7->signedAttribsSz = testVectors[i].signedAttribsSz; - - /* optional custom contentType, default is DATA, - overrides contentOID if set */ - if (testVectors[i].contentType != NULL) { - ret = wc_PKCS7_SetContentType(pkcs7, testVectors[i].contentType, - testVectors[i].contentTypeSz); - if (ret != 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12112; - } - } - - /* set SignerIdentifier to use SubjectKeyIdentifier if desired, - default is IssuerAndSerialNumber */ - if (testVectors[i].sidType == CMS_SKID) { - ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID); - if (ret != 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12113; - } - } - - /* generate senderNonce */ - { - senderNonce[0] = 0x04; - senderNonce[1] = PKCS7_NONCE_SZ; - - ret = wc_RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ); - if (ret != 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12114; - } - } - - /* generate transactionID (used with SCEP) */ - { - #ifndef NO_SHA - wc_Sha sha; - byte digest[WC_SHA_DIGEST_SIZE]; - #else - wc_Sha256 sha; - byte digest[WC_SHA256_DIGEST_SIZE]; - #endif - int j,k; - - transId[0] = 0x13; - transId[1] = sizeof(digest) * 2; - - #ifndef NO_SHA - ret = wc_InitSha_ex(&sha, HEAP_HINT, devId); - if (ret != 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12115; - } - wc_ShaUpdate(&sha, pkcs7->publicKey, pkcs7->publicKeySz); - wc_ShaFinal(&sha, digest); - wc_ShaFree(&sha); - #else - ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId); - if (ret != 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12116; - } - wc_Sha256Update(&sha, pkcs7->publicKey, pkcs7->publicKeySz); - wc_Sha256Final(&sha, digest); - wc_Sha256Free(&sha); - #endif - - for (j = 0, k = 2; j < (int)sizeof(digest); j++, k += 2) { - XSNPRINTF((char*)&transId[k], 3, "%02x", digest[j]); - } - } - - /* enable detached signature generation, if set */ - if (testVectors[i].detachedSignature == 1) { - ret = wc_PKCS7_SetDetached(pkcs7, 1); - if (ret != 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12117; - } - } - - encodedSz = wc_PKCS7_EncodeSignedData(pkcs7, out, outSz); - if (encodedSz < 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12118; - } - - #ifdef PKCS7_OUTPUT_TEST_BUNDLES - /* write PKCS#7 to output file for more testing */ - file = XFOPEN(testVectors[i].outFileName, "wb"); - if (!file) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12119; - } - ret = (int)XFWRITE(out, 1, encodedSz, file); - XFCLOSE(file); - if (ret != (int)encodedSz) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12120; - } - #endif /* PKCS7_OUTPUT_TEST_BUNDLES */ - - wc_PKCS7_Free(pkcs7); - - pkcs7 = wc_PKCS7_New(HEAP_HINT, devId); - if (pkcs7 == NULL) - return -12121; - wc_PKCS7_InitWithCert(pkcs7, NULL, 0); - - if (testVectors[i].detachedSignature == 1) { - /* set content for verifying detached signatures */ - pkcs7->content = (byte*)testVectors[i].content; - pkcs7->contentSz = testVectors[i].contentSz; - } - - ret = wc_PKCS7_VerifySignedData(pkcs7, out, outSz); - if (ret < 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12122; - } - - /* verify contentType extracted successfully for custom content types */ - if (testVectors[i].contentTypeSz > 0) { - if (pkcs7->contentTypeSz != testVectors[i].contentTypeSz) { - return -12123; - } else if (XMEMCMP(pkcs7->contentType, testVectors[i].contentType, - pkcs7->contentTypeSz) != 0) { - return -12124; - } - } - - if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12125; - } - - { - /* check getting signed attributes */ - #ifndef NO_SHA - byte buf[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1]; - #else - byte buf[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1]; - #endif - byte* oidPt = transIdOid + 2; /* skip object id tag and size */ - int oidSz = (int)sizeof(transIdOid) - 2; - int bufSz = 0; - - if (testVectors[i].signedAttribs != NULL && - wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz, - NULL, (word32*)&bufSz) != LENGTH_ONLY_E) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12126; - } - - if (bufSz > (int)sizeof(buf)) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12127; - } - - bufSz = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz, - buf, (word32*)&bufSz); - if ((testVectors[i].signedAttribs != NULL && bufSz < 0) || - (testVectors[i].signedAttribs == NULL && bufSz > 0)) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12128; - } - } - - #ifdef PKCS7_OUTPUT_TEST_BUNDLES - file = XFOPEN("./pkcs7cert.der", "wb"); - if (!file) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12129; - } - ret = (int)XFWRITE(pkcs7->singleCert, 1, pkcs7->singleCertSz, file); - XFCLOSE(file); - #endif /* PKCS7_OUTPUT_TEST_BUNDLES */ - - wc_PKCS7_Free(pkcs7); - } - - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_FreeRng(&rng); - - if (ret > 0) - return 0; - - (void)rsaClientCertBuf; - (void)rsaClientCertBufSz; - (void)rsaClientPrivKeyBuf; - (void)rsaClientPrivKeyBufSz; - (void)rsaServerCertBuf; - (void)rsaServerCertBufSz; - (void)rsaServerPrivKeyBuf; - (void)rsaServerPrivKeyBufSz; - (void)rsaCaCertBuf; - (void)rsaCaCertBufSz; - (void)rsaCaPrivKeyBuf; - (void)rsaCaPrivKeyBufSz; - (void)eccClientCertBuf; - (void)eccClientCertBufSz; - (void)eccClientPrivKeyBuf; - (void)eccClientPrivKeyBufSz; - - return ret; -} - - -static int pkcs7signed_run_SingleShotVectors( - byte* rsaClientCertBuf, word32 rsaClientCertBufSz, - byte* rsaClientPrivKeyBuf, word32 rsaClientPrivKeyBufSz, - byte* rsaServerCertBuf, word32 rsaServerCertBufSz, - byte* rsaServerPrivKeyBuf, word32 rsaServerPrivKeyBufSz, - byte* rsaCaCertBuf, word32 rsaCaCertBufSz, - byte* rsaCaPrivKeyBuf, word32 rsaCaPrivKeyBufSz, - byte* eccClientCertBuf, word32 eccClientCertBufSz, - byte* eccClientPrivKeyBuf, word32 eccClientPrivKeyBufSz) -{ - int ret, testSz, i; - int encodedSz; - byte* out; - word32 outSz; - WC_RNG rng; - PKCS7* pkcs7; -#ifdef PKCS7_OUTPUT_TEST_BUNDLES - XFILE file; -#endif - - const byte data[] = { /* Hello World */ - 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, - 0x72,0x6c,0x64 - }; - -#if defined(WOLFSSL_AES_256) && !defined(NO_PKCS7_ENCRYPTED_DATA) - byte aes256Key[] = { - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, - 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 - }; -#endif - - static byte messageTypeOid[] = - { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, - 0x09, 0x02 }; - static byte messageType[] = { 0x13, 2, '1', '9' }; - - PKCS7Attrib attribs[] = - { - { messageTypeOid, sizeof(messageTypeOid), messageType, - sizeof(messageType) }, - }; - - const pkcs7SignedVector testVectors[] = - { -#ifndef NO_RSA - #ifndef NO_SHA256 - /* Signed FirmwarePkgData, RSA, SHA256, no attribs */ - {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - NULL, 0, - "pkcs7signedFirmwarePkgData_RSA_SHA256_noattr.der", 0, NULL, 0, 0, - 0, 0, NULL, 0, NULL, 0, 0}, - - /* Signed FirmwarePkgData, RSA, SHA256, attrs */ - {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedFirmwarePkgData_RSA_SHA256.der", 0, NULL, 0, 0, 0, 0, - NULL, 0, NULL, 0, 0}, - - /* Signed FirmwarePkgData, RSA, SHA256, SubjectKeyIdentifier, attrs */ - {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedFirmwarePkgData_RSA_SHA256_SKID.der", 0, NULL, - 0, CMS_SKID, 0, 0, NULL, 0, NULL, 0, 0}, - - /* Signed FirmwraePkgData, RSA, SHA256, server cert and ca cert, attr */ - {data, (word32)sizeof(data), SHA256h, RSAk, rsaServerPrivKeyBuf, - rsaServerPrivKeyBufSz, rsaServerCertBuf, rsaServerCertBufSz, - rsaCaCertBuf, rsaCaCertBufSz, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedFirmwarePkgData_RSA_SHA256_with_ca_cert.der", 0, NULL, - 0, 0, 0, 0, NULL, 0, NULL, 0, 0}, - - #if defined(WOLFSSL_AES_256) && !defined(NO_PKCS7_ENCRYPTED_DATA) - /* Signed Encrypted FirmwarePkgData, RSA, SHA256, no attribs */ - {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - NULL, 0, - "pkcs7signedEncryptedFirmwarePkgData_RSA_SHA256_noattr.der", 0, - NULL, 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), NULL, 0, 0}, - - /* Signed Encrypted FirmwarePkgData, RSA, SHA256, attribs */ - {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedEncryptedFirmwarePkgData_RSA_SHA256.der", 0, - NULL, 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0}, - #endif /* WOLFSSL_AES_256 && !NO_PKCS7_ENCRYPTED_DATA */ - - #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) - /* Signed Compressed FirmwarePkgData, RSA, SHA256, no attribs */ - {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - NULL, 0, - "pkcs7signedCompressedFirmwarePkgData_RSA_SHA256_noattr.der", 0, - NULL, 0, 0, 0, 2, NULL, 0, NULL, 0, 0}, - - /* Signed Compressed FirmwarePkgData, RSA, SHA256, attribs */ - {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedCompressedFirmwarePkgData_RSA_SHA256.der", 0, - NULL, 0, 0, 0, 2, NULL, 0, NULL, 0, 0}, - - #ifndef NO_PKCS7_ENCRYPTED_DATA - /* Signed Encrypted Compressed FirmwarePkgData, RSA, SHA256, - no attribs */ - {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - NULL, 0, - "pkcs7signedEncryptedCompressedFirmwarePkgData_RSA_SHA256_noattr.der", - 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), NULL, - 0, 0}, - - /* Signed Encrypted Compressed FirmwarePkgData, RSA, SHA256, - attribs */ - {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, - rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedEncryptedCompressedFirmwarePkgData_RSA_SHA256.der", - 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0}, - #endif /* !NO_PKCS7_ENCRYPTED_DATA */ - - #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */ - - #endif /* NO_SHA256 */ -#endif /* NO_RSA */ - -#ifdef HAVE_ECC - #ifndef NO_SHA256 - /* Signed FirmwarePkgData, ECDSA, SHA256, no attribs */ - {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, - NULL, 0, - "pkcs7signedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL, - 0, 0, 0, 0, NULL, 0, NULL, 0, 0}, - - /* Signed FirmwarePkgData, ECDSA, SHA256, attribs */ - {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL, - 0, 0, 0, 0, NULL, 0, NULL, 0, 0}, - - /* Signed FirmwarePkgData, ECDSA, SHA256, SubjectKeyIdentifier, attr */ - {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedFirmwarePkgData_ECDSA_SHA256_SKID.der", 0, NULL, - 0, CMS_SKID, 0, 0, NULL, 0, NULL, 0, 0}, - - #if defined(WOLFSSL_AES_256) && !defined(NO_PKCS7_ENCRYPTED_DATA) - /* Signed Encrypted FirmwarePkgData, ECDSA, SHA256, no attribs */ - {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, - NULL, 0, - "pkcs7signedEncryptedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL, - 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), NULL, 0, 0}, - - /* Signed Encrypted FirmwarePkgData, ECDSA, SHA256, attribs */ - {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedEncryptedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL, - 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0}, - #endif /* WOLFSSL_AES_256 && !NO_PKCS7_ENCRYPTED_DATA */ - - #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) - /* Signed Compressed FirmwarePkgData, ECDSA, SHA256, no attribs */ - {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, - NULL, 0, - "pkcs7signedCompressedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL, - 0, 0, 0, 2, NULL, 0, NULL, 0, 0}, - - /* Signed Compressed FirmwarePkgData, ECDSA, SHA256, attrib */ - {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedCompressedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL, - 0, 0, 0, 2, NULL, 0, NULL, 0, 0}, - - #ifndef NO_PKCS7_ENCRYPTED_DATA - /* Signed Encrypted Compressed FirmwarePkgData, ECDSA, SHA256, - no attribs */ - {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, - NULL, 0, - "pkcs7signedEncryptedCompressedFirmwarePkgData_ECDSA_SHA256_noattr.der", - 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), NULL, - 0, 0}, - - /* Signed Encrypted Compressed FirmwarePkgData, ECDSA, SHA256, - attribs */ - {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, - eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), - "pkcs7signedEncryptedCompressedFirmwarePkgData_ECDSA_SHA256.der", - 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), - attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0}, - #endif /* !NO_PKCS7_ENCRYPTED_DATA */ - - #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */ - - #endif /* NO_SHA256 */ -#endif /* HAVE_ECC */ - }; - - testSz = sizeof(testVectors) / sizeof(pkcs7SignedVector); - - outSz = FOURK_BUF; - out = (byte*)XMALLOC(outSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (out == NULL) - return -12130; - - XMEMSET(out, 0, outSz); - - ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 16); - if (ret < 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -12131; - } - -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return -12132; - } - - for (i = 0; i < testSz; i++) { - pkcs7 = wc_PKCS7_New(HEAP_HINT, devId); - if (pkcs7 == NULL) - return -12133; - - ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert, - (word32)testVectors[i].certSz); - - if (ret != 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12134; - } - - /* load CA certificate, if present */ - if (testVectors[i].caCert != NULL) { - ret = wc_PKCS7_AddCertificate(pkcs7, testVectors[i].caCert, - (word32)testVectors[i].caCertSz); - if (ret != 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12135; - } - } - - /* set SignerIdentifier to use SubjectKeyIdentifier if desired, - default is IssuerAndSerialNumber */ - if (testVectors[i].sidType == CMS_SKID) { - ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID); - if (ret != 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12136; - } - } - - if (testVectors[i].encCompFlag == 0) { - - /* encode Signed FirmwarePkgData */ - encodedSz = wc_PKCS7_EncodeSignedFPD(pkcs7, - testVectors[i].privateKey, testVectors[i].privateKeySz, - testVectors[i].signOID, testVectors[i].hashOID, - (byte*)testVectors[i].content, testVectors[i].contentSz, - testVectors[i].signedAttribs, - testVectors[i].signedAttribsSz, out, outSz); - - if (encodedSz < 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12137; - } - - #ifndef NO_PKCS7_ENCRYPTED_DATA - - } else if (testVectors[i].encCompFlag == 1) { - - /* encode Signed Encrypted FirmwarePkgData */ - encodedSz = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7, - testVectors[i].encryptKey, testVectors[i].encryptKeySz, - testVectors[i].privateKey, testVectors[i].privateKeySz, - testVectors[i].encryptOID, testVectors[i].signOID, - testVectors[i].hashOID, (byte*)testVectors[i].content, - testVectors[i].contentSz, testVectors[i].unprotectedAttribs, - testVectors[i].unprotectedAttribsSz, - testVectors[i].signedAttribs, - testVectors[i].signedAttribsSz, out, outSz); - - if (encodedSz <= 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12138; - } - #endif - - #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) - } else if (testVectors[i].encCompFlag == 2) { - - /* encode Signed Compressed FirmwarePkgData */ - encodedSz = wc_PKCS7_EncodeSignedCompressedFPD(pkcs7, - testVectors[i].privateKey, testVectors[i].privateKeySz, - testVectors[i].signOID, testVectors[i].hashOID, - (byte*)testVectors[i].content, testVectors[i].contentSz, - testVectors[i].signedAttribs, - testVectors[i].signedAttribsSz, out, outSz); - - if (encodedSz <= 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12139; - } - - #ifndef NO_PKCS7_ENCRYPTED_DATA - } else if (testVectors[i].encCompFlag == 3) { - - /* encode Signed Encrypted Compressed FirmwarePkgData */ - encodedSz = wc_PKCS7_EncodeSignedEncryptedCompressedFPD(pkcs7, - testVectors[i].encryptKey, testVectors[i].encryptKeySz, - testVectors[i].privateKey, testVectors[i].privateKeySz, - testVectors[i].encryptOID, testVectors[i].signOID, - testVectors[i].hashOID, (byte*)testVectors[i].content, - testVectors[i].contentSz, testVectors[i].unprotectedAttribs, - testVectors[i].unprotectedAttribsSz, - testVectors[i].signedAttribs, - testVectors[i].signedAttribsSz, out, outSz); - - if (encodedSz <= 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12140; - } - - #endif /* NO_PKCS7_ENCRYPTED_DATA */ - #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */ - - } else { - /* unsupported SignedData single-shot combination */ - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12141; - } - - #ifdef PKCS7_OUTPUT_TEST_BUNDLES - /* write PKCS#7 to output file for more testing */ - file = XFOPEN(testVectors[i].outFileName, "wb"); - if (!file) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12142; - } - ret = (int)XFWRITE(out, 1, encodedSz, file); - XFCLOSE(file); - if (ret != (int)encodedSz) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12143; - } - #endif /* PKCS7_OUTPUT_TEST_BUNDLES */ - - wc_PKCS7_Free(pkcs7); - - pkcs7 = wc_PKCS7_New(HEAP_HINT, devId); - if (pkcs7 == NULL) - return -12144; - wc_PKCS7_InitWithCert(pkcs7, NULL, 0); - - ret = wc_PKCS7_VerifySignedData(pkcs7, out, outSz); - if (ret < 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12145; - } -#ifndef NO_PKCS7_STREAM - { - word32 z; - for (z = 0; z < outSz && ret != 0; z++) { - ret = wc_PKCS7_VerifySignedData(pkcs7, out + z, 1); - if (ret < 0 && ret != WC_PKCS7_WANT_READ_E) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - printf("unexpected error %d\n", ret); - return -12146; - } - } - } -#endif - - if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12147; - } - - if (testVectors[i].encCompFlag == 0) { - /* verify decoded content matches expected */ - if ((pkcs7->contentSz != testVectors[i].contentSz) || - XMEMCMP(pkcs7->content, testVectors[i].content, - pkcs7->contentSz)) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12148; - } - - } - #ifndef NO_PKCS7_ENCRYPTED_DATA - else if (testVectors[i].encCompFlag == 1) { - - /* decrypt inner encryptedData */ - pkcs7->encryptionKey = testVectors[i].encryptKey; - pkcs7->encryptionKeySz = testVectors[i].encryptKeySz; - - ret = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content, - pkcs7->contentSz, out, outSz); - if (ret < 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12149; - } - - /* compare decrypted to expected */ - if (((word32)ret != testVectors[i].contentSz) || - XMEMCMP(out, testVectors[i].content, ret)) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12150; - } - } - #endif - #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) - else if (testVectors[i].encCompFlag == 2) { - - /* decompress inner compressedData */ - ret = wc_PKCS7_DecodeCompressedData(pkcs7, pkcs7->content, - pkcs7->contentSz, out, outSz); - if (ret < 0) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12151; - } - - /* compare decompressed to expected */ - if (((word32)ret != testVectors[i].contentSz) || - XMEMCMP(out, testVectors[i].content, ret)) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12152; - } - } - #ifndef NO_PKCS7_ENCRYPTED_DATA - else if (testVectors[i].encCompFlag == 3) { - - byte* encryptedTmp; - int encryptedTmpSz; - - encryptedTmpSz = FOURK_BUF; - encryptedTmp = (byte*)XMALLOC(encryptedTmpSz, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); - if (encryptedTmp == NULL) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12153; - } - - XMEMSET(encryptedTmp, 0, encryptedTmpSz); - - /* decrypt inner encryptedData */ - pkcs7->encryptionKey = testVectors[i].encryptKey; - pkcs7->encryptionKeySz = testVectors[i].encryptKeySz; - - encryptedTmpSz = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content, - pkcs7->contentSz, encryptedTmp, - encryptedTmpSz); - - if (encryptedTmpSz < 0) { - XFREE(encryptedTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12154; - } - - /* decompress inner compressedData */ - ret = wc_PKCS7_DecodeCompressedData(pkcs7, encryptedTmp, - encryptedTmpSz, out, outSz); - if (ret < 0) { - XFREE(encryptedTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12155; - } - - XFREE(encryptedTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - - /* compare decompressed to expected */ - if (((word32)ret != testVectors[i].contentSz) || - XMEMCMP(out, testVectors[i].content, ret)) { - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(pkcs7); - return -12156; - } - } - #endif /* NO_PKCS7_ENCRYPTED_DATA */ - #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */ - - wc_PKCS7_Free(pkcs7); - } - - XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_FreeRng(&rng); - - if (ret > 0) - return 0; - - (void)eccClientCertBuf; - (void)eccClientCertBufSz; - (void)eccClientPrivKeyBuf; - (void)eccClientPrivKeyBufSz; - - (void)rsaClientCertBuf; - (void)rsaClientCertBufSz; - (void)rsaClientPrivKeyBuf; - (void)rsaClientPrivKeyBufSz; - (void)rsaServerCertBuf; - (void)rsaServerCertBufSz; - (void)rsaServerPrivKeyBuf; - (void)rsaServerPrivKeyBufSz; - (void)rsaCaCertBuf; - (void)rsaCaCertBufSz; - (void)rsaCaPrivKeyBuf; - (void)rsaCaPrivKeyBufSz; - - return ret; -} - - -static int pkcs7signed_test(void) -{ - int ret = 0; - - byte* rsaClientCertBuf = NULL; - byte* rsaServerCertBuf = NULL; - byte* rsaCaCertBuf = NULL; - byte* eccClientCertBuf = NULL; - byte* rsaClientPrivKeyBuf = NULL; - byte* rsaServerPrivKeyBuf = NULL; - byte* rsaCaPrivKeyBuf = NULL; - byte* eccClientPrivKeyBuf = NULL; - - word32 rsaClientCertBufSz = 0; - word32 rsaServerCertBufSz = 0; - word32 rsaCaCertBufSz = 0; - word32 eccClientCertBufSz = 0; - word32 rsaClientPrivKeyBufSz = 0; - word32 rsaServerPrivKeyBufSz = 0; - word32 rsaCaPrivKeyBufSz = 0; - word32 eccClientPrivKeyBufSz = 0; - -#ifndef NO_RSA - /* read client RSA cert and key in DER format */ - rsaClientCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); - if (rsaClientCertBuf == NULL) - ret = -12200; - - rsaClientPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); - if (ret == 0 && rsaClientPrivKeyBuf == NULL) { - ret = -12201; - } - - rsaClientCertBufSz = FOURK_BUF; - rsaClientPrivKeyBufSz = FOURK_BUF; - - /* read server RSA cert and key in DER format */ - rsaServerCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); - if (ret == 0 && rsaServerCertBuf == NULL) - ret = -12202; - - rsaServerPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); - if (ret == 0 && rsaServerPrivKeyBuf == NULL) { - ret = -12203; - } - - rsaServerCertBufSz = FOURK_BUF; - rsaServerPrivKeyBufSz = FOURK_BUF; - - /* read CA RSA cert and key in DER format, for use with server cert */ - rsaCaCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); - if (ret == 0 && rsaCaCertBuf == NULL) - ret = -12204; - - rsaCaPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); - if (ret == 0 && rsaCaPrivKeyBuf == NULL) { - ret = -12205; - } - - rsaCaCertBufSz = FOURK_BUF; - rsaCaPrivKeyBufSz = FOURK_BUF; -#endif /* NO_RSA */ - -#ifdef HAVE_ECC - /* read client ECC cert and key in DER format */ - eccClientCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); - if (ret == 0 && eccClientCertBuf == NULL) { - ret = -12206; - } - - eccClientPrivKeyBuf =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); - if (ret == 0 && eccClientPrivKeyBuf == NULL) { - ret = -12207; - } - - eccClientCertBufSz = FOURK_BUF; - eccClientPrivKeyBufSz = FOURK_BUF; -#endif /* HAVE_ECC */ - - if (ret >= 0) - ret = pkcs7_load_certs_keys(rsaClientCertBuf, &rsaClientCertBufSz, - rsaClientPrivKeyBuf, &rsaClientPrivKeyBufSz, - rsaServerCertBuf, &rsaServerCertBufSz, - rsaServerPrivKeyBuf, &rsaServerPrivKeyBufSz, - rsaCaCertBuf, &rsaCaCertBufSz, - rsaCaPrivKeyBuf, &rsaCaPrivKeyBufSz, - eccClientCertBuf, &eccClientCertBufSz, - eccClientPrivKeyBuf, &eccClientPrivKeyBufSz); - if (ret < 0) { - ret = -12208; - } - - if (ret >= 0) - ret = pkcs7signed_run_vectors(rsaClientCertBuf, (word32)rsaClientCertBufSz, - rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz, - rsaServerCertBuf, (word32)rsaServerCertBufSz, - rsaServerPrivKeyBuf, (word32)rsaServerPrivKeyBufSz, - rsaCaCertBuf, (word32)rsaCaCertBufSz, - rsaCaPrivKeyBuf, (word32)rsaCaPrivKeyBufSz, - eccClientCertBuf, (word32)eccClientCertBufSz, - eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz); - - if (ret >= 0) - ret = pkcs7signed_run_SingleShotVectors( - rsaClientCertBuf, (word32)rsaClientCertBufSz, - rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz, - rsaServerCertBuf, (word32)rsaServerCertBufSz, - rsaServerPrivKeyBuf, (word32)rsaServerPrivKeyBufSz, - rsaCaCertBuf, (word32)rsaCaCertBufSz, - rsaCaPrivKeyBuf, (word32)rsaCaPrivKeyBufSz, - eccClientCertBuf, (word32)eccClientCertBufSz, - eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz); - -#ifndef NO_AES - if (ret >= 0) - ret = pkcs7callback_test( - rsaClientCertBuf, (word32)rsaClientCertBufSz, - rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz); -#endif - - XFREE(rsaClientCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(rsaClientPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(rsaServerCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(rsaServerPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(rsaCaCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(rsaCaPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(eccClientCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(eccClientPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - - return ret; -} - -#endif /* HAVE_PKCS7 */ - -#ifdef HAVE_VALGRIND -/* Need a static build to have access to symbols. */ - -/* Maximum number of bytes in a number to test. */ -#define MP_MAX_TEST_BYTE_LEN 16 - -#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) -static int randNum(mp_int* n, int len, WC_RNG* rng, void* heap) -{ - byte d[MP_MAX_TEST_BYTE_LEN]; - int ret; - - (void)heap; - - do { - ret = wc_RNG_GenerateBlock(rng, d, len); - if (ret != 0) - return ret; - ret = mp_read_unsigned_bin(n, d, len); - if (ret != 0) - return ret; - } while (mp_iszero(n)); - - return 0; -} -#endif - -static int mp_test(void) -{ - WC_RNG rng; - int ret; -#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) - int i, j, k; - mp_digit d; -#endif - mp_int a, b, r1, r2, p; - - ret = mp_init_multi(&a, &b, &r1, &r2, NULL, NULL); - if (ret != 0) - return -12300; - - mp_init_copy(&p, &a); - -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) - goto done; - -#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) - mp_set_int(&a, 0); - if (a.used != 0 || a.dp[0] != 0) - return -12301; - - for (j = 1; j <= MP_MAX_TEST_BYTE_LEN; j++) { - for (i = 0; i < 4 * j; i++) { - /* New values to use. */ - ret = randNum(&p, j, &rng, NULL); - if (ret != 0) - return -12302; - ret = randNum(&a, j, &rng, NULL); - if (ret != 0) - return -12303; - ret = randNum(&b, j, &rng, NULL); - if (ret != 0) - return -12304; - ret = wc_RNG_GenerateBlock(&rng, (byte*)&d, sizeof(d)); - if (ret != 0) - return -12305; - d &= MP_MASK; - - /* Ensure sqrmod produce same result as mulmod. */ - ret = mp_sqrmod(&a, &p, &r1); - if (ret != 0) - return -12306; - ret = mp_mulmod(&a, &a, &p, &r2); - if (ret != 0) - return -12307; - if (mp_cmp(&r1, &r2) != 0) - return -12308; - - /* Ensure add with mod produce same result as sub with mod. */ - ret = mp_addmod(&a, &b, &p, &r1); - if (ret != 0) - return -12309; - b.sign ^= 1; - ret = mp_submod(&a, &b, &p, &r2); - if (ret != 0) - return -12310; - if (mp_cmp(&r1, &r2) != 0) - return -12311; - - /* Ensure add digit produce same result as sub digit. */ - ret = mp_add_d(&a, d, &r1); - if (ret != 0) - return -12312; - ret = mp_sub_d(&r1, d, &r2); - if (ret != 0) - return -12313; - if (mp_cmp(&a, &r2) != 0) - return -12314; - - /* Invert - if p is even it will use the slow impl. - * - if p and a are even it will fail. - */ - ret = mp_invmod(&a, &p, &r1); - if (ret != 0 && ret != MP_VAL) - return -12315; - ret = 0; - - /* Shift up and down number all bits in a digit. */ - for (k = 0; k < DIGIT_BIT; k++) { - mp_mul_2d(&a, k, &r1); - mp_div_2d(&r1, k, &r2, &p); - if (mp_cmp(&a, &r2) != 0) - return -12316; - if (!mp_iszero(&p)) - return -12317; - mp_rshb(&r1, k); - if (mp_cmp(&a, &r1) != 0) - return -12318; - } - } - } - - /* Check that setting a 32-bit digit works. */ - d &= 0xffffffff; - mp_set_int(&a, d); - if (a.used != 1 || a.dp[0] != d) - return -12319; - - /* Check setting a bit and testing a bit works. */ - for (i = 0; i < MP_MAX_TEST_BYTE_LEN * 8; i++) { - mp_zero(&a); - mp_set_bit(&a, i); - if (!mp_is_bit_set(&a, i)) - return -12320; - } -#endif - -done: - mp_clear(&p); - mp_clear(&r2); - mp_clear(&r1); - mp_clear(&b); - mp_clear(&a); - wc_FreeRng(&rng); - return ret; -} -#endif - - -#if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN) - -typedef struct pairs_t { - const unsigned char* coeff; - int coeffSz; - int exp; -} pairs_t; - - -/* -n =p1p2p3, where pi = ki(p1−1)+1 with (k2,k3) = (173,293) -p1 = 2^192 * 0x000000000000e24fd4f6d6363200bf2323ec46285cac1d3a - + 2^0 * 0x0b2488b0c29d96c5e67f8bec15b54b189ae5636efe89b45b -*/ - -static const unsigned char c192a[] = -{ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe2, 0x4f, - 0xd4, 0xf6, 0xd6, 0x36, 0x32, 0x00, 0xbf, 0x23, - 0x23, 0xec, 0x46, 0x28, 0x5c, 0xac, 0x1d, 0x3a -}; -static const unsigned char c0a[] = -{ - 0x0b, 0x24, 0x88, 0xb0, 0xc2, 0x9d, 0x96, 0xc5, - 0xe6, 0x7f, 0x8b, 0xec, 0x15, 0xb5, 0x4b, 0x18, - 0x9a, 0xe5, 0x63, 0x6e, 0xfe, 0x89, 0xb4, 0x5b -}; - -static const pairs_t ecPairsA[] = -{ - {c192a, sizeof(c192a), 192}, - {c0a, sizeof(c0a), 0} -}; - -static const int kA[] = {173, 293}; - -static const unsigned char controlPrime[] = { - 0xe1, 0x76, 0x45, 0x80, 0x59, 0xb6, 0xd3, 0x49, - 0xdf, 0x0a, 0xef, 0x12, 0xd6, 0x0f, 0xf0, 0xb7, - 0xcb, 0x2a, 0x37, 0xbf, 0xa7, 0xf8, 0xb5, 0x4d, - 0xf5, 0x31, 0x35, 0xad, 0xe4, 0xa3, 0x94, 0xa1, - 0xdb, 0xf1, 0x96, 0xad, 0xb5, 0x05, 0x64, 0x85, - 0x83, 0xfc, 0x1b, 0x5b, 0x29, 0xaa, 0xbe, 0xf8, - 0x26, 0x3f, 0x76, 0x7e, 0xad, 0x1c, 0xf0, 0xcb, - 0xd7, 0x26, 0xb4, 0x1b, 0x05, 0x8e, 0x56, 0x86, - 0x7e, 0x08, 0x62, 0x21, 0xc1, 0x86, 0xd6, 0x47, - 0x79, 0x3e, 0xb7, 0x5d, 0xa4, 0xc6, 0x3a, 0xd7, - 0xb1, 0x74, 0x20, 0xf6, 0x50, 0x97, 0x41, 0x04, - 0x53, 0xed, 0x3f, 0x26, 0xd6, 0x6f, 0x91, 0xfa, - 0x68, 0x26, 0xec, 0x2a, 0xdc, 0x9a, 0xf1, 0xe7, - 0xdc, 0xfb, 0x73, 0xf0, 0x79, 0x43, 0x1b, 0x21, - 0xa3, 0x59, 0x04, 0x63, 0x52, 0x07, 0xc9, 0xd7, - 0xe6, 0xd1, 0x1b, 0x5d, 0x5e, 0x96, 0xfa, 0x53 -}; - -static const unsigned char testOne[] = { 1 }; - - -static int GenerateNextP(mp_int* p1, mp_int* p2, int k) -{ - int ret; - mp_int ki; - - ret = mp_init(&ki); - if (ret == 0) - ret = mp_set(&ki, k); - if (ret == 0) - ret = mp_sub_d(p1, 1, p2); - if (ret == 0) - ret = mp_mul(p2, &ki, p2); - if (ret == 0) - ret = mp_add_d(p2, 1, p2); - mp_clear(&ki); - - return ret; -} - - -static int GenerateP(mp_int* p1, mp_int* p2, mp_int* p3, - const pairs_t* ecPairs, int ecPairsSz, - const int* k) -{ - mp_int x,y; - int ret, i; - - ret = mp_init(&x); - if (ret == 0) { - ret = mp_init(&y); - if (ret != 0) { - mp_clear(&x); - return MP_MEM; - } - } - for (i = 0; ret == 0 && i < ecPairsSz; i++) { - ret = mp_read_unsigned_bin(&x, ecPairs[i].coeff, ecPairs[i].coeffSz); - /* p1 = 2^exp */ - if (ret == 0) - ret = mp_2expt(&y, ecPairs[i].exp); - /* p1 = p1 * m */ - if (ret == 0) - ret = mp_mul(&x, &y, &x); - /* p1 += */ - if (ret == 0) - ret = mp_add(p1, &x, p1); - mp_zero(&x); - mp_zero(&y); - } - mp_clear(&x); - mp_clear(&y); - - if (ret == 0) - ret = GenerateNextP(p1, p2, k[0]); - if (ret == 0) - ret = GenerateNextP(p1, p3, k[1]); - - return ret; -} - -static int prime_test(void) -{ - mp_int n, p1, p2, p3; - int ret, isPrime = 0; - WC_RNG rng; - - ret = wc_InitRng(&rng); - if (ret == 0) - ret = mp_init_multi(&n, &p1, &p2, &p3, NULL, NULL); - if (ret == 0) - ret = GenerateP(&p1, &p2, &p3, - ecPairsA, sizeof(ecPairsA) / sizeof(ecPairsA[0]), kA); - if (ret == 0) - ret = mp_mul(&p1, &p2, &n); - if (ret == 0) - ret = mp_mul(&n, &p3, &n); - if (ret != 0) - return -12400; - - /* Check the old prime test using the number that false positives. - * This test result should indicate as not prime. */ - ret = mp_prime_is_prime(&n, 40, &isPrime); - if (ret != 0) - return -12401; - if (isPrime) - return -12402; - - /* This test result should fail. It should indicate the value as prime. */ - ret = mp_prime_is_prime(&n, 8, &isPrime); - if (ret != 0) - return -12403; - if (!isPrime) - return -12404; - - /* This test result should indicate the value as not prime. */ - ret = mp_prime_is_prime_ex(&n, 8, &isPrime, &rng); - if (ret != 0) - return -12405; - if (isPrime) - return -12406; - - ret = mp_read_unsigned_bin(&n, controlPrime, sizeof(controlPrime)); - if (ret != 0) - return -12407; - - /* This test result should indicate the value as prime. */ - ret = mp_prime_is_prime_ex(&n, 8, &isPrime, &rng); - if (ret != 0) - return -12408; - if (!isPrime) - return -12409; - - /* This test result should indicate the value as prime. */ - isPrime = -1; - ret = mp_prime_is_prime(&n, 8, &isPrime); - if (ret != 0) - return -12410; - if (!isPrime) - return -12411; - - ret = mp_read_unsigned_bin(&n, testOne, sizeof(testOne)); - if (ret != 0) - return -12412; - - /* This test result should indicate the value as not prime. */ - ret = mp_prime_is_prime_ex(&n, 8, &isPrime, &rng); - if (ret != 0) - return -12413; - if (isPrime) - return -12414; - - ret = mp_prime_is_prime(&n, 8, &isPrime); - if (ret != 0) - return -12415; - if (isPrime) - return -12416; - - mp_clear(&p3); - mp_clear(&p2); - mp_clear(&p1); - mp_clear(&n); - wc_FreeRng(&rng); - - return 0; -} - -#endif /* WOLFSSL_PUBLIC_MP */ - - -#if defined(ASN_BER_TO_DER) && \ - (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL)) -/* wc_BerToDer is only public facing in the case of test cert or opensslextra */ -typedef struct berDerTestData { - const byte *in; - word32 inSz; - const byte *out; - word32 outSz; -} berDerTestData; - -static int berder_test(void) -{ - int ret; - int i; - word32 len = 0, l; - byte out[32]; - static const byte good1_in[] = { 0x30, 0x80, 0x00, 0x00 }; - static const byte good1_out[] = { 0x30, 0x00 }; - static const byte good2_in[] = { 0x30, 0x80, 0x02, 0x01, 0x01, 0x00, 0x00 }; - static const byte good2_out[] = { 0x30, 0x03, 0x02, 0x01, 0x01 }; - static const byte good3_in[] = { - 0x24, 0x80, 0x04, 0x01, 0x01, 0x00, 0x00 - }; - static const byte good3_out[] = { 0x04, 0x1, 0x01 }; - static const byte good4_in[] = { - 0x30, 0x80, - 0x02, 0x01, 0x01, - 0x30, 0x80, - 0x24, 0x80, - 0x04, 0x01, 0x01, - 0x04, 0x02, 0x02, 0x03, - 0x00, 0x00, - 0x06, 0x01, 0x01, - 0x00, 0x00, - 0x31, 0x80, - 0x06, 0x01, 0x01, - 0x00, 0x00, - 0x00, 0x00, - }; - static const byte good4_out[] = { - 0x30, 0x12, - 0x02, 0x01, 0x01, - 0x30, 0x08, - 0x04, 0x03, 0x01, 0x02, 0x03, - 0x06, 0x01, 0x01, - 0x31, 0x03, - 0x06, 0x01, 0x01 - }; - static const byte good5_in[] = { 0x30, 0x03, 0x02, 0x01, 0x01 }; - - berDerTestData testData[] = { - { good1_in, sizeof(good1_in), good1_out, sizeof(good1_out) }, - { good2_in, sizeof(good2_in), good2_out, sizeof(good2_out) }, - { good3_in, sizeof(good3_in), good3_out, sizeof(good3_out) }, - { good4_in, sizeof(good4_in), good4_out, sizeof(good4_out) }, - { good5_in, sizeof(good5_in), good5_in , sizeof(good5_in ) }, - }; - - for (i = 0; i < (int)(sizeof(testData) / sizeof(*testData)); i++) { - ret = wc_BerToDer(testData[i].in, testData[i].inSz, NULL, &len); - if (ret != LENGTH_ONLY_E) - return -12500 - i; - if (len != testData[i].outSz) - return -12510 - i; - len = testData[i].outSz; - ret = wc_BerToDer(testData[i].in, testData[i].inSz, out, &len); - if (ret != 0) - return -12520 - i; - if (XMEMCMP(out, testData[i].out, len) != 0) - return -12530 - i; - - for (l = 1; l < testData[i].inSz; l++) { - ret = wc_BerToDer(testData[i].in, l, NULL, &len); - if (ret != ASN_PARSE_E) - return -12540; - len = testData[i].outSz; - ret = wc_BerToDer(testData[i].in, l, out, &len); - if (ret != ASN_PARSE_E) - return -12541; - } - - for (l = 0; l < testData[i].outSz-1; l++) { - ret = wc_BerToDer(testData[i].in, testData[i].inSz, out, &l); - if (ret != BUFFER_E) - return -12542; - } - } - - ret = wc_BerToDer(NULL, 4, NULL, NULL); - if (ret != BAD_FUNC_ARG) - return -12543; - ret = wc_BerToDer(out, 4, NULL, NULL); - if (ret != BAD_FUNC_ARG) - return -12544; - ret = wc_BerToDer(NULL, 4, NULL, &len); - if (ret != BAD_FUNC_ARG) - return -12545; - ret = wc_BerToDer(NULL, 4, out, NULL); - if (ret != BAD_FUNC_ARG) - return -12546; - ret = wc_BerToDer(out, 4, out, NULL); - if (ret != BAD_FUNC_ARG) - return -12547; - ret = wc_BerToDer(NULL, 4, out, &len); - if (ret != BAD_FUNC_ARG) - return -12548; - - for (l = 1; l < sizeof(good4_out); l++) { - len = l; - ret = wc_BerToDer(good4_in, sizeof(good4_in), out, &len); - if (ret != BUFFER_E) - return -12549; - } - - return 0; -} -#endif - -#ifdef DEBUG_WOLFSSL -static THREAD_LS_T int log_cnt = 0; -static void my_Logging_cb(const int logLevel, const char *const logMessage) -{ - (void)logLevel; - (void)logMessage; - log_cnt++; -} -#endif /* DEBUG_WOLFSSL */ - -static int logging_test(void) -{ -#ifdef DEBUG_WOLFSSL - const char* msg = "Testing, testing. 1, 2, 3, 4 ..."; - byte a[8] = { 1, 2, 3, 4, 5, 6, 7, 8 }; - byte b[256]; - int i; - - for (i = 0; i < (int)sizeof(b); i++) - b[i] = i; - - if (wolfSSL_Debugging_ON() != 0) - return -12600; - - if (wolfSSL_SetLoggingCb(my_Logging_cb) != 0) - return -12601; - - WOLFSSL_MSG(msg); - WOLFSSL_BUFFER(a, sizeof(a)); - WOLFSSL_BUFFER(b, sizeof(b)); - WOLFSSL_BUFFER(NULL, 0); - WOLFSSL_ERROR(MEMORY_E); - WOLFSSL_ERROR_MSG(msg); - - /* turn off logs */ - wolfSSL_Debugging_OFF(); - - /* capture log count */ - i = log_cnt; - - /* validate no logs are output when disabled */ - WOLFSSL_MSG(msg); - WOLFSSL_BUFFER(a, sizeof(a)); - WOLFSSL_BUFFER(b, sizeof(b)); - WOLFSSL_BUFFER(NULL, 0); - WOLFSSL_ERROR(MEMORY_E); - WOLFSSL_ERROR_MSG(msg); - - /* check the logs were disabled */ - if (i != log_cnt) - return -12602; - - /* restore callback and leave logging enabled */ - wolfSSL_SetLoggingCb(NULL); - wolfSSL_Debugging_ON(); - - /* suppress unused args */ - (void)a; - (void)b; - -#else - if (wolfSSL_Debugging_ON() != NOT_COMPILED_IN) - return -12603; - wolfSSL_Debugging_OFF(); - if (wolfSSL_SetLoggingCb(NULL) != NOT_COMPILED_IN) - return -12604; -#endif /* DEBUG_WOLFSSL */ - return 0; -} - - -static int mutex_test(void) -{ -#ifdef WOLFSSL_PTHREADS - wolfSSL_Mutex m; -#endif -#ifndef WOLFSSL_NO_MALLOC - wolfSSL_Mutex *mm = wc_InitAndAllocMutex(); - if (mm == NULL) - return -12700; - wc_FreeMutex(mm); - XFREE(mm, NULL, DYNAMIC_TYPE_MUTEX); -#endif - - /* Can optionally enable advanced pthread tests using "ENABLE_PTHREAD_LOCKFREE_TESTS" */ -#ifdef WOLFSSL_PTHREADS - if (wc_InitMutex(&m) != 0) - return -12701; - if (wc_LockMutex(&m) != 0) - return -12702; -#if !defined(WOLFSSL_SOLARIS) && defined(ENABLE_PTHREAD_LOCKFREE_TESTS) - /* trying to free a locked mutex is not portable behavior with pthread */ - /* Attempting to destroy a locked mutex results in undefined behavior */ - if (wc_FreeMutex(&m) != BAD_MUTEX_E) - return -12703; -#endif - if (wc_UnLockMutex(&m) != 0) - return -12704; - if (wc_FreeMutex(&m) != 0) - return -12705; -#if !defined(WOLFSSL_SOLARIS) && defined(ENABLE_PTHREAD_LOCKFREE_TESTS) - /* Trying to use a pthread after free'ing is not portable behavior */ - if (wc_LockMutex(&m) != BAD_MUTEX_E) - return -12706; - if (wc_UnLockMutex(&m) != BAD_MUTEX_E) - return -12707; -#endif -#endif - - return 0; -} - -#if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS) - -#ifndef WOLFSSL_NO_MALLOC -static int malloc_cnt = 0; -static int realloc_cnt = 0; -static int free_cnt = 0; - -static void *my_Malloc_cb(size_t size) -{ - malloc_cnt++; - #ifndef WOLFSSL_NO_MALLOC - return malloc(size); - #else - WOLFSSL_MSG("No malloc available"); - (void)size; - return NULL; - #endif -} -static void my_Free_cb(void *ptr) -{ - free_cnt++; - #ifndef WOLFSSL_NO_MALLOC - free(ptr); - #else - WOLFSSL_MSG("No free available"); - (void)ptr; - #endif -} -static void *my_Realloc_cb(void *ptr, size_t size) -{ - realloc_cnt++; - #ifndef WOLFSSL_NO_MALLOC - return realloc(ptr, size); - #else - WOLFSSL_MSG("No realloc available"); - (void)ptr; - (void)size; - return NULL; - #endif -} -#endif /* !WOLFSSL_NO_MALLOC */ - -static int memcb_test(void) -{ - int ret = 0; -#if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM) - byte* b = NULL; -#endif - wolfSSL_Malloc_cb mc; - wolfSSL_Free_cb fc; - wolfSSL_Realloc_cb rc; - - /* Save existing memory callbacks */ - if (wolfSSL_GetAllocators(&mc, &fc, &rc) != 0) - return -12800; - -#if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM) - /* test realloc */ - b = (byte*)XREALLOC(b, 1024, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (b == NULL) { - ERROR_OUT(-12801, exit_memcb); - } - XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); - b = NULL; - - /* Use API. */ - if (wolfSSL_SetAllocators((wolfSSL_Malloc_cb)(void*)&my_Malloc_cb, - (wolfSSL_Free_cb)(void*)&my_Free_cb, - (wolfSSL_Realloc_cb)(void*)&my_Realloc_cb) != 0) { - ERROR_OUT(-12802, exit_memcb); - } - - b = (byte*)XMALLOC(1024, NULL, DYNAMIC_TYPE_TMP_BUFFER); - b = (byte*)XREALLOC(b, 1024, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); - -#ifndef WOLFSSL_STATIC_MEMORY - if (malloc_cnt != 1 || free_cnt != 1 || realloc_cnt != 1) -#else - if (malloc_cnt != 0 || free_cnt != 0 || realloc_cnt != 0) -#endif - ret = -12803; -#endif /* !WOLFSSL_NO_MALLOC */ - -#if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM) -exit_memcb: -#endif - - /* restore memory callbacks */ - wolfSSL_SetAllocators(mc, fc, rc); - - return ret; -} -#endif /* USE_WOLFSSL_MEMORY && !WOLFSSL_NO_MALLOC */ - - -#ifdef WOLFSSL_IMX6_CAAM_BLOB -static int blob_test(void) -{ - int ret = 0; - byte out[112]; - byte blob[112]; - word32 outSz; - - const byte iv[] = - { - 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, - 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff - }; - - const byte text[] = - { - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, - 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, - 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, - 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, - 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, - 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, - 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 - }; - - - XMEMSET(blob, 0, sizeof(blob)); - outSz = sizeof(blob); - ret = wc_caamCreateBlob((byte*)iv, sizeof(iv), blob, &outSz); - if (ret != 0) { - ERROR_OUT(-12900, exit_blob); - } - - blob[outSz - 2] += 1; - ret = wc_caamOpenBlob(blob, outSz, out, &outSz); - if (ret == 0) { /* should fail with altered blob */ - ERROR_OUT(-12901, exit_blob); - } - - XMEMSET(blob, 0, sizeof(blob)); - outSz = sizeof(blob); - ret = wc_caamCreateBlob((byte*)iv, sizeof(iv), blob, &outSz); - if (ret != 0) { - ERROR_OUT(-12902, exit_blob); - } - - ret = wc_caamOpenBlob(blob, outSz, out, &outSz); - if (ret != 0) { - ERROR_OUT(-12903, exit_blob); - } - - if (XMEMCMP(out, iv, sizeof(iv))) { - ERROR_OUT(-12904, exit_blob); - } - - XMEMSET(blob, 0, sizeof(blob)); - outSz = sizeof(blob); - ret = wc_caamCreateBlob((byte*)text, sizeof(text), blob, &outSz); - if (ret != 0) { - ERROR_OUT(-12905, exit_blob); - } - - ret = wc_caamOpenBlob(blob, outSz, out, &outSz); - if (ret != 0) { - ERROR_OUT(-12906, exit_blob); - } - - if (XMEMCMP(out, text, sizeof(text))) { - ERROR_OUT(-12907, exit_blob); - } - - exit_blob: - - return ret; -} -#endif /* WOLFSSL_IMX6_CAAM_BLOB */ - -#ifdef WOLF_CRYPTO_CB - -/* Example custom context for crypto callback */ -typedef struct { - int exampleVar; /* example, not used */ -} myCryptoDevCtx; - - -/* Example crypto dev callback function that calls software version */ -static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) -{ - int ret = NOT_COMPILED_IN; /* return this to bypass HW and use SW */ - myCryptoDevCtx* myCtx = (myCryptoDevCtx*)ctx; - - if (info == NULL) - return BAD_FUNC_ARG; - -#ifdef DEBUG_WOLFSSL - printf("CryptoDevCb: Algo Type %d\n", info->algo_type); -#endif - - if (info->algo_type == WC_ALGO_TYPE_RNG) { - #ifndef WC_NO_RNG - /* set devId to invalid, so software is used */ - info->rng.rng->devId = INVALID_DEVID; - - ret = wc_RNG_GenerateBlock(info->rng.rng, - info->rng.out, info->rng.sz); - - /* reset devId */ - info->rng.rng->devId = devIdArg; - #endif - } - else if (info->algo_type == WC_ALGO_TYPE_SEED) { - #ifndef WC_NO_RNG - static byte seed[sizeof(word32)] = { 0x00, 0x00, 0x00, 0x01 }; - word32* seedWord32 = (word32*)seed; - word32 len; - - /* wc_GenerateSeed is a local symbol so we need to fake the entropy. */ - while (info->seed.sz > 0) { - len = (word32)sizeof(seed); - if (info->seed.sz < len) - len = info->seed.sz; - XMEMCPY(info->seed.seed, seed, sizeof(seed)); - info->seed.seed += len; - info->seed.sz -= len; - (*seedWord32)++; - } - - ret = 0; - #endif - } - else if (info->algo_type == WC_ALGO_TYPE_PK) { - #ifdef DEBUG_WOLFSSL - printf("CryptoDevCb: Pk Type %d\n", info->pk.type); - #endif - - #ifndef NO_RSA - if (info->pk.type == WC_PK_TYPE_RSA) { - /* set devId to invalid, so software is used */ - info->pk.rsa.key->devId = INVALID_DEVID; - - switch (info->pk.rsa.type) { - case RSA_PUBLIC_ENCRYPT: - case RSA_PUBLIC_DECRYPT: - /* perform software based RSA public op */ - ret = wc_RsaFunction( - info->pk.rsa.in, info->pk.rsa.inLen, - info->pk.rsa.out, info->pk.rsa.outLen, - info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng); - break; - case RSA_PRIVATE_ENCRYPT: - case RSA_PRIVATE_DECRYPT: - /* perform software based RSA private op */ - ret = wc_RsaFunction( - info->pk.rsa.in, info->pk.rsa.inLen, - info->pk.rsa.out, info->pk.rsa.outLen, - info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng); - break; - } - - /* reset devId */ - info->pk.rsa.key->devId = devIdArg; - } - #ifdef WOLFSSL_KEY_GEN - else if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN) { - info->pk.rsakg.key->devId = INVALID_DEVID; - - ret = wc_MakeRsaKey(info->pk.rsakg.key, info->pk.rsakg.size, - info->pk.rsakg.e, info->pk.rsakg.rng); - - /* reset devId */ - info->pk.rsakg.key->devId = devIdArg; - } - #endif - #endif /* !NO_RSA */ - #ifdef HAVE_ECC - if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) { - /* set devId to invalid, so software is used */ - info->pk.eckg.key->devId = INVALID_DEVID; - - ret = wc_ecc_make_key_ex(info->pk.eckg.rng, info->pk.eckg.size, - info->pk.eckg.key, info->pk.eckg.curveId); - - /* reset devId */ - info->pk.eckg.key->devId = devIdArg; - } - else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) { - /* set devId to invalid, so software is used */ - info->pk.eccsign.key->devId = INVALID_DEVID; - - ret = wc_ecc_sign_hash( - info->pk.eccsign.in, info->pk.eccsign.inlen, - info->pk.eccsign.out, info->pk.eccsign.outlen, - info->pk.eccsign.rng, info->pk.eccsign.key); - - /* reset devId */ - info->pk.eccsign.key->devId = devIdArg; - } - else if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) { - /* set devId to invalid, so software is used */ - info->pk.eccverify.key->devId = INVALID_DEVID; - - ret = wc_ecc_verify_hash( - info->pk.eccverify.sig, info->pk.eccverify.siglen, - info->pk.eccverify.hash, info->pk.eccverify.hashlen, - info->pk.eccverify.res, info->pk.eccverify.key); - - /* reset devId */ - info->pk.eccverify.key->devId = devIdArg; - } - else if (info->pk.type == WC_PK_TYPE_ECDH) { - /* set devId to invalid, so software is used */ - info->pk.ecdh.private_key->devId = INVALID_DEVID; - - ret = wc_ecc_shared_secret( - info->pk.ecdh.private_key, info->pk.ecdh.public_key, - info->pk.ecdh.out, info->pk.ecdh.outlen); - - /* reset devId */ - info->pk.ecdh.private_key->devId = devIdArg; - } - #endif /* HAVE_ECC */ - } - else if (info->algo_type == WC_ALGO_TYPE_CIPHER) { -#if !defined(NO_AES) || !defined(NO_DES3) - #ifdef HAVE_AESGCM - if (info->cipher.type == WC_CIPHER_AES_GCM) { - if (info->cipher.enc) { - /* set devId to invalid, so software is used */ - info->cipher.aesgcm_enc.aes->devId = INVALID_DEVID; - - ret = wc_AesGcmEncrypt( - info->cipher.aesgcm_enc.aes, - info->cipher.aesgcm_enc.out, - info->cipher.aesgcm_enc.in, - info->cipher.aesgcm_enc.sz, - info->cipher.aesgcm_enc.iv, - info->cipher.aesgcm_enc.ivSz, - info->cipher.aesgcm_enc.authTag, - info->cipher.aesgcm_enc.authTagSz, - info->cipher.aesgcm_enc.authIn, - info->cipher.aesgcm_enc.authInSz); - - /* reset devId */ - info->cipher.aesgcm_enc.aes->devId = devIdArg; - } - else { - /* set devId to invalid, so software is used */ - info->cipher.aesgcm_dec.aes->devId = INVALID_DEVID; - - ret = wc_AesGcmDecrypt( - info->cipher.aesgcm_dec.aes, - info->cipher.aesgcm_dec.out, - info->cipher.aesgcm_dec.in, - info->cipher.aesgcm_dec.sz, - info->cipher.aesgcm_dec.iv, - info->cipher.aesgcm_dec.ivSz, - info->cipher.aesgcm_dec.authTag, - info->cipher.aesgcm_dec.authTagSz, - info->cipher.aesgcm_dec.authIn, - info->cipher.aesgcm_dec.authInSz); - - /* reset devId */ - info->cipher.aesgcm_dec.aes->devId = devIdArg; - } - } - #endif /* HAVE_AESGCM */ - #ifdef HAVE_AES_CBC - if (info->cipher.type == WC_CIPHER_AES_CBC) { - if (info->cipher.enc) { - /* set devId to invalid, so software is used */ - info->cipher.aescbc.aes->devId = INVALID_DEVID; - - ret = wc_AesCbcEncrypt( - info->cipher.aescbc.aes, - info->cipher.aescbc.out, - info->cipher.aescbc.in, - info->cipher.aescbc.sz); - - /* reset devId */ - info->cipher.aescbc.aes->devId = devIdArg; - } - else { - /* set devId to invalid, so software is used */ - info->cipher.aescbc.aes->devId = INVALID_DEVID; - - ret = wc_AesCbcDecrypt( - info->cipher.aescbc.aes, - info->cipher.aescbc.out, - info->cipher.aescbc.in, - info->cipher.aescbc.sz); - - /* reset devId */ - info->cipher.aescbc.aes->devId = devIdArg; - } - } - #endif /* HAVE_AES_CBC */ - #ifndef NO_DES3 - if (info->cipher.type == WC_CIPHER_DES3) { - if (info->cipher.enc) { - /* set devId to invalid, so software is used */ - info->cipher.des3.des->devId = INVALID_DEVID; - - ret = wc_Des3_CbcEncrypt( - info->cipher.des3.des, - info->cipher.des3.out, - info->cipher.des3.in, - info->cipher.des3.sz); - - /* reset devId */ - info->cipher.des3.des->devId = devIdArg; - } - else { - /* set devId to invalid, so software is used */ - info->cipher.des3.des->devId = INVALID_DEVID; - - ret = wc_Des3_CbcDecrypt( - info->cipher.des3.des, - info->cipher.des3.out, - info->cipher.des3.in, - info->cipher.des3.sz); - - /* reset devId */ - info->cipher.des3.des->devId = devIdArg; - } - } - #endif /* !NO_DES3 */ -#endif /* !NO_AES || !NO_DES3 */ - } -#if !defined(NO_SHA) || !defined(NO_SHA256) - else if (info->algo_type == WC_ALGO_TYPE_HASH) { - #if !defined(NO_SHA) - if (info->hash.type == WC_HASH_TYPE_SHA) { - if (info->hash.sha1 == NULL) - return NOT_COMPILED_IN; - - /* set devId to invalid, so software is used */ - info->hash.sha1->devId = INVALID_DEVID; - - if (info->hash.in != NULL) { - ret = wc_ShaUpdate( - info->hash.sha1, - info->hash.in, - info->hash.inSz); - } - if (info->hash.digest != NULL) { - ret = wc_ShaFinal( - info->hash.sha1, - info->hash.digest); - } - - /* reset devId */ - info->hash.sha1->devId = devIdArg; - } - else - #endif - #if !defined(NO_SHA256) - if (info->hash.type == WC_HASH_TYPE_SHA256) { - if (info->hash.sha256 == NULL) - return NOT_COMPILED_IN; - - /* set devId to invalid, so software is used */ - info->hash.sha256->devId = INVALID_DEVID; - - if (info->hash.in != NULL) { - ret = wc_Sha256Update( - info->hash.sha256, - info->hash.in, - info->hash.inSz); - } - if (info->hash.digest != NULL) { - ret = wc_Sha256Final( - info->hash.sha256, - info->hash.digest); - } - - /* reset devId */ - info->hash.sha256->devId = devIdArg; - } - else - #endif - { - } - } -#endif /* !NO_SHA || !NO_SHA256 */ -#ifndef NO_HMAC - else if (info->algo_type == WC_ALGO_TYPE_HMAC) { - if (info->hmac.hmac == NULL) - return NOT_COMPILED_IN; - - /* set devId to invalid, so software is used */ - info->hmac.hmac->devId = INVALID_DEVID; - - if (info->hash.in != NULL) { - ret = wc_HmacUpdate( - info->hmac.hmac, - info->hmac.in, - info->hmac.inSz); - } - else if (info->hash.digest != NULL) { - ret = wc_HmacFinal( - info->hmac.hmac, - info->hmac.digest); - } - - /* reset devId */ - info->hmac.hmac->devId = devIdArg; - } -#endif - - (void)devIdArg; - (void)myCtx; - - return ret; -} - -static int cryptocb_test(void) -{ - int ret = 0; - myCryptoDevCtx myCtx; - - /* example data for callback */ - myCtx.exampleVar = 1; - - /* set devId to something other than INVALID_DEVID */ - devId = 1; - ret = wc_CryptoCb_RegisterDevice(devId, myCryptoDevCb, &myCtx); - -#ifndef WC_NO_RNG - if (ret == 0) - ret = random_test(); -#endif /* WC_NO_RNG */ -#ifndef NO_RSA - if (ret == 0) - ret = rsa_test(); -#endif -#ifdef HAVE_ECC - if (ret == 0) - ret = ecc_test(); -#endif -#ifndef NO_AES - #ifdef HAVE_AESGCM - if (ret == 0) - ret = aesgcm_test(); - #endif - #ifdef HAVE_AES_CBC - if (ret == 0) - ret = aes_test(); - #endif -#endif /* !NO_AES */ -#ifndef NO_DES3 - if (ret == 0) - ret = des3_test(); -#endif /* !NO_DES3 */ -#if !defined(NO_SHA) || !defined(NO_SHA256) - #ifndef NO_SHA - if (ret == 0) - ret = sha_test(); - #endif - #ifndef NO_SHA256 - if (ret == 0) - ret = sha256_test(); - #endif -#endif -#ifndef NO_HMAC - #ifndef NO_SHA - if (ret == 0) - ret = hmac_sha_test(); - #endif - #ifndef NO_SHA256 - if (ret == 0) - ret = hmac_sha256_test(); - #endif -#endif -#ifndef NO_PWDBASED - #if defined(HAVE_PBKDF2) && !defined(NO_SHA256) - if (ret == 0) - ret = pbkdf2_test(); - #endif -#endif - - /* reset devId */ - devId = INVALID_DEVID; - - return ret; -} -#endif /* WOLF_CRYPTO_CB */ - -#ifdef WOLFSSL_CERT_PIV -static int certpiv_test(void) -{ - int ret; - wc_CertPIV piv; - - /* Template for Identiv PIV cert, nonce and signature */ - const byte pivCertIdentiv[] = { - 0x0A, 0x0D, - 0x53, 0x04, /* NIST PIV Cert */ - 0x70, 0x02, /* Certificate */ - 0x30, 0x00, - 0x71, 0x01, 0x00, /* Cert Info */ - 0xFE, 0x00, /* Error Detection */ - 0x0B, 0x01, 0x00, /* Nonce */ - 0x0C, 0x01, 0x00, /* Signed Nonce */ - }; - - const byte pivCert[] = { - 0x53, 0x04, /* NIST PIV Cert */ - 0x70, 0x02, /* Certificate */ - 0x30, 0x00, - 0x71, 0x01, 0x00, /* Cert Info */ - 0xFE, 0x00, /* Error Detection */ - }; - - /* Test with identiv 0x0A, 0x0B and 0x0C markers */ - ret = wc_ParseCertPIV(&piv, pivCertIdentiv, sizeof(pivCertIdentiv)); - if (ret == 0) { - /* Test with NIST PIV format */ - ret = wc_ParseCertPIV(&piv, pivCert, sizeof(pivCert)); - } - - return ret; -} -#endif /* WOLFSSL_CERT_PIV */ - - -#undef ERROR_OUT - -#else - #ifndef NO_MAIN_DRIVER - int main() { return 0; } - #endif -#endif /* NO_CRYPT_TEST */ diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index ea8067eee..9906d287e 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2104,6 +2104,7 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_USER_IO 1 #define USE_WOLF_STRTOK #define WOLFSSL_SP_DIV_64 + #define WOLFSSL_OLD_PRIME_CHECK #endif