From 4d94b8e8d5138051d3dc6ceb9d399f4fa6847b9f Mon Sep 17 00:00:00 2001 From: Tesfa Mael Date: Thu, 5 Mar 2026 15:06:03 -0800 Subject: [PATCH] [TA-100] Fix build/test regressions in non-TA100 builds --- tests/api.c | 1750 ----------------------------------------- tests/api/test_ecc.c | 2 +- wolfcrypt/test/test.c | 18 +- 3 files changed, 16 insertions(+), 1754 deletions(-) diff --git a/tests/api.c b/tests/api.c index 3bce0e440d..c8df1a9f36 100644 --- a/tests/api.c +++ b/tests/api.c @@ -26611,1756 +26611,6 @@ static int test_wolfSSL_PEM_read(void) return EXPECT_RESULT(); } -static int test_wolfssl_EVP_aes_gcm_AAD_2_parts(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \ - !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - const byte iv[12] = { 0 }; - const byte key[16] = { 0 }; - const byte cleartext[16] = { 0 }; - const byte aad[] = { - 0x01, 0x10, 0x00, 0x2a, 0x08, 0x00, 0x04, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, - 0x00, 0x00, 0xdc, 0x4d, 0xad, 0x6b, 0x06, 0x93, - 0x4f - }; - byte out1Part[16]; - byte outTag1Part[16]; - byte out2Part[16]; - byte outTag2Part[16]; - byte decryptBuf[16]; - int len = 0; - int tlen; - EVP_CIPHER_CTX* ctx = NULL; - - /* ENCRYPT */ - /* Send AAD and data in 1 part */ - ExpectNotNull(ctx = EVP_CIPHER_CTX_new()); - tlen = 0; - ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), - 1); - ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), 1); - ExpectIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad, sizeof(aad)), 1); - ExpectIntEQ(EVP_EncryptUpdate(ctx, out1Part, &len, cleartext, - sizeof(cleartext)), 1); - tlen += len; - ExpectIntEQ(EVP_EncryptFinal_ex(ctx, out1Part, &len), 1); - tlen += len; - ExpectIntEQ(tlen, sizeof(cleartext)); - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, - outTag1Part), 1); - EVP_CIPHER_CTX_free(ctx); - ctx = NULL; - - /* DECRYPT */ - /* Send AAD and data in 1 part */ - ExpectNotNull(ctx = EVP_CIPHER_CTX_new()); - tlen = 0; - ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), - 1); - ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), 1); - ExpectIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad, sizeof(aad)), 1); - ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptBuf, &len, out1Part, - sizeof(cleartext)), 1); - tlen += len; - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, - outTag1Part), 1); - ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptBuf, &len), 1); - tlen += len; - ExpectIntEQ(tlen, sizeof(cleartext)); - EVP_CIPHER_CTX_free(ctx); - ctx = NULL; - - ExpectIntEQ(XMEMCMP(decryptBuf, cleartext, len), 0); - - /* ENCRYPT */ - /* Send AAD and data in 2 parts */ - ExpectNotNull(ctx = EVP_CIPHER_CTX_new()); - tlen = 0; - ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), - 1); - ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), 1); - ExpectIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad, 1), 1); - ExpectIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad + 1, sizeof(aad) - 1), - 1); - ExpectIntEQ(EVP_EncryptUpdate(ctx, out2Part, &len, cleartext, 1), 1); - tlen += len; - ExpectIntEQ(EVP_EncryptUpdate(ctx, out2Part + tlen, &len, cleartext + 1, - sizeof(cleartext) - 1), 1); - tlen += len; - ExpectIntEQ(EVP_EncryptFinal_ex(ctx, out2Part + tlen, &len), 1); - tlen += len; - ExpectIntEQ(tlen, sizeof(cleartext)); - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, - outTag2Part), 1); - - ExpectIntEQ(XMEMCMP(out1Part, out2Part, sizeof(out1Part)), 0); - ExpectIntEQ(XMEMCMP(outTag1Part, outTag2Part, sizeof(outTag1Part)), 0); - EVP_CIPHER_CTX_free(ctx); - ctx = NULL; - - /* DECRYPT */ - /* Send AAD and data in 2 parts */ - ExpectNotNull(ctx = EVP_CIPHER_CTX_new()); - tlen = 0; - ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), - 1); - ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), 1); - ExpectIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad, 1), 1); - ExpectIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad + 1, sizeof(aad) - 1), - 1); - ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptBuf, &len, out1Part, 1), 1); - tlen += len; - ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptBuf + tlen, &len, out1Part + 1, - sizeof(cleartext) - 1), 1); - tlen += len; - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, - outTag1Part), 1); - ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptBuf + tlen, &len), 1); - tlen += len; - ExpectIntEQ(tlen, sizeof(cleartext)); - - ExpectIntEQ(XMEMCMP(decryptBuf, cleartext, len), 0); - - /* Test AAD reuse */ - EVP_CIPHER_CTX_free(ctx); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfssl_EVP_aes_gcm_zeroLen(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \ - !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) && defined(WOLFSSL_AES_256) - /* Zero length plain text */ - byte key[] = { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }; /* align */ - byte iv[] = { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }; /* align */ - byte plaintxt[1]; - int ivSz = 12; - int plaintxtSz = 0; - unsigned char tag[16]; - unsigned char tag_kat[] = { - 0x53,0x0f,0x8a,0xfb,0xc7,0x45,0x36,0xb9, - 0xa9,0x63,0xb4,0xf1,0xc4,0xcb,0x73,0x8b - }; - - byte ciphertxt[AES_BLOCK_SIZE * 4] = {0}; - byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0}; - int ciphertxtSz = 0; - int decryptedtxtSz = 0; - int len = 0; - - EVP_CIPHER_CTX *en = EVP_CIPHER_CTX_new(); - EVP_CIPHER_CTX *de = EVP_CIPHER_CTX_new(); - - ExpectIntEQ(1, EVP_EncryptInit_ex(en, EVP_aes_256_gcm(), NULL, key, iv)); - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); - ExpectIntEQ(1, EVP_EncryptUpdate(en, ciphertxt, &ciphertxtSz , plaintxt, - plaintxtSz)); - ExpectIntEQ(1, EVP_EncryptFinal_ex(en, ciphertxt, &len)); - ciphertxtSz += len; - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_GET_TAG, 16, tag)); - ExpectIntEQ(1, EVP_CIPHER_CTX_cleanup(en)); - - ExpectIntEQ(0, ciphertxtSz); - ExpectIntEQ(0, XMEMCMP(tag, tag_kat, sizeof(tag))); - - EVP_CIPHER_CTX_init(de); - ExpectIntEQ(1, EVP_DecryptInit_ex(de, EVP_aes_256_gcm(), NULL, key, iv)); - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); - ExpectIntEQ(1, EVP_DecryptUpdate(de, NULL, &len, ciphertxt, len)); - decryptedtxtSz = len; - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_GCM_SET_TAG, 16, tag)); - ExpectIntEQ(1, EVP_DecryptFinal_ex(de, decryptedtxt, &len)); - decryptedtxtSz += len; - ExpectIntEQ(0, decryptedtxtSz); - - EVP_CIPHER_CTX_free(en); - EVP_CIPHER_CTX_free(de); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfssl_EVP_aes_gcm(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \ - !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - /* A 256 bit key, AES_128 will use the first 128 bit*/ - byte *key = (byte*)"01234567890123456789012345678901"; - /* A 128 bit IV */ - byte *iv = (byte*)"0123456789012345"; - int ivSz = AES_BLOCK_SIZE; - /* Message to be encrypted */ - byte *plaintxt = (byte*)"for things to change you have to change"; - /* Additional non-confidential data */ - byte *aad = (byte*)"Don't spend major time on minor things."; - - unsigned char tag[AES_BLOCK_SIZE] = {0}; - int plaintxtSz = (int)XSTRLEN((char*)plaintxt); - int aadSz = (int)XSTRLEN((char*)aad); - byte ciphertxt[AES_BLOCK_SIZE * 4] = {0}; - byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0}; - int ciphertxtSz = 0; - int decryptedtxtSz = 0; - int len = 0; - int i = 0; - EVP_CIPHER_CTX en[2]; - EVP_CIPHER_CTX de[2]; - - for (i = 0; i < 2; i++) { - EVP_CIPHER_CTX_init(&en[i]); - if (i == 0) { - /* Default uses 96-bits IV length */ -#ifdef WOLFSSL_AES_128 - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_gcm(), NULL, - key, iv)); -#elif defined(WOLFSSL_AES_192) - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_gcm(), NULL, - key, iv)); -#elif defined(WOLFSSL_AES_256) - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_gcm(), NULL, - key, iv)); -#endif - } - else { -#ifdef WOLFSSL_AES_128 - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_gcm(), NULL, - NULL, NULL)); -#elif defined(WOLFSSL_AES_192) - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_gcm(), NULL, - NULL, NULL)); -#elif defined(WOLFSSL_AES_256) - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_gcm(), NULL, - NULL, NULL)); -#endif - /* non-default must to set the IV length first */ - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_SET_IVLEN, - ivSz, NULL)); - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv)); - } - ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz)); - ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt, - plaintxtSz)); - ciphertxtSz = len; - ExpectIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len)); - ciphertxtSz += len; - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_GET_TAG, - AES_BLOCK_SIZE, tag)); - wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]); - - EVP_CIPHER_CTX_init(&de[i]); - if (i == 0) { - /* Default uses 96-bits IV length */ -#ifdef WOLFSSL_AES_128 - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, - key, iv)); -#elif defined(WOLFSSL_AES_192) - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, - key, iv)); -#elif defined(WOLFSSL_AES_256) - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, - key, iv)); -#endif - } - else { -#ifdef WOLFSSL_AES_128 - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, - NULL, NULL)); -#elif defined(WOLFSSL_AES_192) - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, - NULL, NULL)); -#elif defined(WOLFSSL_AES_256) - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, - NULL, NULL)); -#endif - /* non-default must to set the IV length first */ - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, - ivSz, NULL)); - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv)); - - } - ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); - ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, - ciphertxtSz)); - decryptedtxtSz = len; - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, - AES_BLOCK_SIZE, tag)); - ExpectIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); - decryptedtxtSz += len; - ExpectIntEQ(ciphertxtSz, decryptedtxtSz); - ExpectIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz)); - - /* modify tag*/ - if (i == 0) { - /* Default uses 96-bits IV length */ -#ifdef WOLFSSL_AES_128 - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, - key, iv)); -#elif defined(WOLFSSL_AES_192) - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, - key, iv)); -#elif defined(WOLFSSL_AES_256) - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, - key, iv)); -#endif - } - else { -#ifdef WOLFSSL_AES_128 - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, - NULL, NULL)); -#elif defined(WOLFSSL_AES_192) - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, - NULL, NULL)); -#elif defined(WOLFSSL_AES_256) - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, - NULL, NULL)); -#endif - /* non-default must to set the IV length first */ - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, - ivSz, NULL)); - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv)); - - } - tag[AES_BLOCK_SIZE-1]+=0xBB; - ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, - AES_BLOCK_SIZE, tag)); - /* fail due to wrong tag */ - ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, - ciphertxtSz)); - ExpectIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); - ExpectIntEQ(0, len); - - wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]); - } -#endif /* OPENSSL_EXTRA && !NO_AES && HAVE_AESGCM */ - return EXPECT_RESULT(); -} - -static int test_wolfssl_EVP_aria_gcm(void) -{ - int res = TEST_SKIPPED; -#if defined(OPENSSL_EXTRA) && defined(HAVE_ARIA) && \ - !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - - /* A 256 bit key, AES_128 will use the first 128 bit*/ - byte *key = (byte*)"01234567890123456789012345678901"; - /* A 128 bit IV */ - byte *iv = (byte*)"0123456789012345"; - int ivSz = ARIA_BLOCK_SIZE; - /* Message to be encrypted */ - const int plaintxtSz = 40; - byte plaintxt[WC_ARIA_GCM_GET_CIPHERTEXT_SIZE(plaintxtSz)]; - XMEMCPY(plaintxt,"for things to change you have to change",plaintxtSz); - /* Additional non-confidential data */ - byte *aad = (byte*)"Don't spend major time on minor things."; - - unsigned char tag[ARIA_BLOCK_SIZE] = {0}; - int aadSz = (int)XSTRLEN((char*)aad); - byte ciphertxt[WC_ARIA_GCM_GET_CIPHERTEXT_SIZE(plaintxtSz)]; - byte decryptedtxt[plaintxtSz]; - int ciphertxtSz = 0; - int decryptedtxtSz = 0; - int len = 0; - int i = 0; - #define TEST_ARIA_GCM_COUNT 6 - EVP_CIPHER_CTX en[TEST_ARIA_GCM_COUNT]; - EVP_CIPHER_CTX de[TEST_ARIA_GCM_COUNT]; - - for (i = 0; i < TEST_ARIA_GCM_COUNT; i++) { - - EVP_CIPHER_CTX_init(&en[i]); - switch (i) { - case 0: - /* Default uses 96-bits IV length */ - AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_128_gcm(), NULL, key, iv)); - break; - case 1: - /* Default uses 96-bits IV length */ - AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_192_gcm(), NULL, key, iv)); - break; - case 2: - /* Default uses 96-bits IV length */ - AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_256_gcm(), NULL, key, iv)); - break; - case 3: - AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_128_gcm(), NULL, NULL, NULL)); - /* non-default must to set the IV length first */ - AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); - AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv)); - break; - case 4: - AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_192_gcm(), NULL, NULL, NULL)); - /* non-default must to set the IV length first */ - AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); - AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv)); - break; - case 5: - AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_256_gcm(), NULL, NULL, NULL)); - /* non-default must to set the IV length first */ - AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); - AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv)); - break; - } - XMEMSET(ciphertxt,0,sizeof(ciphertxt)); - AssertIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz)); - AssertIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt, plaintxtSz)); - ciphertxtSz = len; - AssertIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len)); - AssertIntNE(0, XMEMCMP(plaintxt, ciphertxt, plaintxtSz)); - ciphertxtSz += len; - AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_GET_TAG, ARIA_BLOCK_SIZE, tag)); - AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]), 1); - - EVP_CIPHER_CTX_init(&de[i]); - switch (i) { - case 0: - /* Default uses 96-bits IV length */ - AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_128_gcm(), NULL, key, iv)); - break; - case 1: - /* Default uses 96-bits IV length */ - AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_192_gcm(), NULL, key, iv)); - break; - case 2: - /* Default uses 96-bits IV length */ - AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_256_gcm(), NULL, key, iv)); - break; - case 3: - AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_128_gcm(), NULL, NULL, NULL)); - /* non-default must to set the IV length first */ - AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); - AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv)); - break; - case 4: - AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_192_gcm(), NULL, NULL, NULL)); - /* non-default must to set the IV length first */ - AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); - AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv)); - break; - case 5: - AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_256_gcm(), NULL, NULL, NULL)); - /* non-default must to set the IV length first */ - AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); - AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv)); - break; - } - XMEMSET(decryptedtxt,0,sizeof(decryptedtxt)); - AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); - AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz)); - decryptedtxtSz = len; - AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, ARIA_BLOCK_SIZE, tag)); - AssertIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); - decryptedtxtSz += len; - AssertIntEQ(plaintxtSz, decryptedtxtSz); - AssertIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz)); - - XMEMSET(decryptedtxt,0,sizeof(decryptedtxt)); - /* modify tag*/ - tag[AES_BLOCK_SIZE-1]+=0xBB; - AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); - AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, ARIA_BLOCK_SIZE, tag)); - /* fail due to wrong tag */ - AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz)); - AssertIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); - AssertIntEQ(0, len); - AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]), 1); - } - - res = TEST_RES_CHECK(1); -#endif /* OPENSSL_EXTRA && !NO_AES && HAVE_AESGCM */ - return res; -} - -static int test_wolfssl_EVP_aes_ccm_zeroLen(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESCCM) && \ - !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) && defined(WOLFSSL_AES_256) - /* Zero length plain text */ - byte key[] = { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }; /* align */ - byte iv[] = { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }; /* align */ - byte plaintxt[1]; - int ivSz = 12; - int plaintxtSz = 0; - unsigned char tag[16]; - - byte ciphertxt[AES_BLOCK_SIZE * 4] = {0}; - byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0}; - int ciphertxtSz = 0; - int decryptedtxtSz = 0; - int len = 0; - - EVP_CIPHER_CTX *en = EVP_CIPHER_CTX_new(); - EVP_CIPHER_CTX *de = EVP_CIPHER_CTX_new(); - - ExpectIntEQ(1, EVP_EncryptInit_ex(en, EVP_aes_256_ccm(), NULL, key, iv)); - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_CCM_SET_IVLEN, ivSz, NULL)); - ExpectIntEQ(1, EVP_EncryptUpdate(en, ciphertxt, &ciphertxtSz , plaintxt, - plaintxtSz)); - ExpectIntEQ(1, EVP_EncryptFinal_ex(en, ciphertxt, &len)); - ciphertxtSz += len; - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_CCM_GET_TAG, 16, tag)); - ExpectIntEQ(1, EVP_CIPHER_CTX_cleanup(en)); - - ExpectIntEQ(0, ciphertxtSz); - - EVP_CIPHER_CTX_init(de); - ExpectIntEQ(1, EVP_DecryptInit_ex(de, EVP_aes_256_ccm(), NULL, key, iv)); - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_CCM_SET_IVLEN, ivSz, NULL)); - ExpectIntEQ(1, EVP_DecryptUpdate(de, NULL, &len, ciphertxt, len)); - decryptedtxtSz = len; - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_CCM_SET_TAG, 16, tag)); - ExpectIntEQ(1, EVP_DecryptFinal_ex(de, decryptedtxt, &len)); - decryptedtxtSz += len; - ExpectIntEQ(0, decryptedtxtSz); - - EVP_CIPHER_CTX_free(en); - EVP_CIPHER_CTX_free(de); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfssl_EVP_aes_ccm(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESCCM) && \ - !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - /* A 256 bit key, AES_128 will use the first 128 bit*/ - byte *key = (byte*)"01234567890123456789012345678901"; - /* A 128 bit IV */ - byte *iv = (byte*)"0123456789012"; - int ivSz = (int)XSTRLEN((char*)iv); - /* Message to be encrypted */ - byte *plaintxt = (byte*)"for things to change you have to change"; - /* Additional non-confidential data */ - byte *aad = (byte*)"Don't spend major time on minor things."; - - unsigned char tag[AES_BLOCK_SIZE] = {0}; - int plaintxtSz = (int)XSTRLEN((char*)plaintxt); - int aadSz = (int)XSTRLEN((char*)aad); - byte ciphertxt[AES_BLOCK_SIZE * 4] = {0}; - byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0}; - int ciphertxtSz = 0; - int decryptedtxtSz = 0; - int len = 0; - int i = 0; - int ret; - EVP_CIPHER_CTX en[2]; - EVP_CIPHER_CTX de[2]; - - for (i = 0; i < 2; i++) { - EVP_CIPHER_CTX_init(&en[i]); - - if (i == 0) { - /* Default uses 96-bits IV length */ -#ifdef WOLFSSL_AES_128 - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_ccm(), NULL, - key, iv)); -#elif defined(WOLFSSL_AES_192) - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_ccm(), NULL, - key, iv)); -#elif defined(WOLFSSL_AES_256) - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_ccm(), NULL, - key, iv)); -#endif - } - else { -#ifdef WOLFSSL_AES_128 - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_ccm(), NULL, - NULL, NULL)); -#elif defined(WOLFSSL_AES_192) - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_ccm(), NULL, - NULL, NULL)); -#elif defined(WOLFSSL_AES_256) - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_ccm(), NULL, - NULL, NULL)); -#endif - /* non-default must to set the IV length first */ - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_CCM_SET_IVLEN, - ivSz, NULL)); - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv)); - } - ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz)); - ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt, - plaintxtSz)); - ciphertxtSz = len; - ExpectIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len)); - ciphertxtSz += len; - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_CCM_GET_TAG, - AES_BLOCK_SIZE, tag)); - ret = wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]); - ExpectIntEQ(ret, 1); - - EVP_CIPHER_CTX_init(&de[i]); - if (i == 0) { - /* Default uses 96-bits IV length */ -#ifdef WOLFSSL_AES_128 - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_ccm(), NULL, - key, iv)); -#elif defined(WOLFSSL_AES_192) - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_ccm(), NULL, - key, iv)); -#elif defined(WOLFSSL_AES_256) - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_ccm(), NULL, - key, iv)); -#endif - } - else { -#ifdef WOLFSSL_AES_128 - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_ccm(), NULL, - NULL, NULL)); -#elif defined(WOLFSSL_AES_192) - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_ccm(), NULL, - NULL, NULL)); -#elif defined(WOLFSSL_AES_256) - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_ccm(), NULL, - NULL, NULL)); -#endif - /* non-default must to set the IV length first */ - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_IVLEN, - ivSz, NULL)); - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv)); - - } - ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); - ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, - ciphertxtSz)); - decryptedtxtSz = len; - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_TAG, - AES_BLOCK_SIZE, tag)); - ExpectIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); - decryptedtxtSz += len; - ExpectIntEQ(ciphertxtSz, decryptedtxtSz); - ExpectIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz)); - - /* modify tag*/ - tag[AES_BLOCK_SIZE-1]+=0xBB; - ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_TAG, - AES_BLOCK_SIZE, tag)); - /* fail due to wrong tag */ - ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, - ciphertxtSz)); - ExpectIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); - ExpectIntEQ(0, len); - ret = wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]); - ExpectIntEQ(ret, 1); - } -#endif /* OPENSSL_EXTRA && !NO_AES && HAVE_AESCCM */ - return EXPECT_RESULT(); -} - -static int test_wolfssl_EVP_chacha20_poly1305(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - byte key[CHACHA20_POLY1305_AEAD_KEYSIZE]; - byte iv [CHACHA20_POLY1305_AEAD_IV_SIZE]; - byte plainText[] = {0xDE, 0xAD, 0xBE, 0xEF}; - byte aad[] = {0xAA, 0XBB, 0xCC, 0xDD, 0xEE, 0xFF}; - byte cipherText[sizeof(plainText)]; - byte decryptedText[sizeof(plainText)]; - byte tag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]; - EVP_CIPHER_CTX* ctx = NULL; - int outSz; - - XMEMSET(key, 0, sizeof(key)); - XMEMSET(iv, 0, sizeof(iv)); - - /* Encrypt. */ - ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); - ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, NULL, - NULL), WOLFSSL_SUCCESS); - /* Invalid IV length. */ - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, - CHACHA20_POLY1305_AEAD_IV_SIZE-1, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - /* Valid IV length. */ - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, - CHACHA20_POLY1305_AEAD_IV_SIZE, NULL), WOLFSSL_SUCCESS); - /* Invalid tag length. */ - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, - CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE-1, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - /* Valid tag length. */ - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, - CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, NULL), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_EncryptUpdate(ctx, NULL, &outSz, aad, sizeof(aad)), - WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, sizeof(aad)); - ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText, - sizeof(plainText)), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, sizeof(plainText)); - ExpectIntEQ(EVP_EncryptFinal_ex(ctx, cipherText, &outSz), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, 0); - /* Invalid tag length. */ - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, - CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE-1, tag), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - /* Valid tag length. */ - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, - CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, tag), WOLFSSL_SUCCESS); - EVP_CIPHER_CTX_free(ctx); - ctx = NULL; - - /* Decrypt. */ - ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); - ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, NULL, - NULL), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, - CHACHA20_POLY1305_AEAD_IV_SIZE, NULL), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, - CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, tag), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DecryptUpdate(ctx, NULL, &outSz, aad, sizeof(aad)), - WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, sizeof(aad)); - ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, - sizeof(cipherText)), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, sizeof(cipherText)); - ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz), - WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, 0); - EVP_CIPHER_CTX_free(ctx); - ctx = NULL; - - /* Test partial Inits. CipherInit() allow setting of key and iv - * in separate calls. */ - ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); - ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, EVP_chacha20_poly1305(), - key, NULL, 1), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, 1), - WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_EVP_CipherUpdate(ctx, NULL, &outSz, - aad, sizeof(aad)), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, sizeof(aad)); - ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, - sizeof(cipherText)), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, sizeof(cipherText)); - ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz), - WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, 0); - EVP_CIPHER_CTX_free(ctx); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfssl_EVP_chacha20(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && defined(HAVE_CHACHA) - byte key[CHACHA_MAX_KEY_SZ]; - byte iv [WOLFSSL_EVP_CHACHA_IV_BYTES]; - byte plainText[] = {0xDE, 0xAD, 0xBE, 0xEF}; - byte cipherText[sizeof(plainText)]; - byte decryptedText[sizeof(plainText)]; - EVP_CIPHER_CTX* ctx = NULL; - int outSz; - - XMEMSET(key, 0, sizeof(key)); - XMEMSET(iv, 0, sizeof(iv)); - /* Encrypt. */ - ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); - ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_chacha20(), NULL, NULL, - NULL), WOLFSSL_SUCCESS); - /* Any tag length must fail - not an AEAD cipher. */ - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, - 16, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText, - sizeof(plainText)), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, sizeof(plainText)); - ExpectIntEQ(EVP_EncryptFinal_ex(ctx, cipherText, &outSz), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, 0); - EVP_CIPHER_CTX_free(ctx); - ctx = NULL; - - /* Decrypt. */ - ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); - ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_chacha20(), NULL, NULL, - NULL), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, - sizeof(cipherText)), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, sizeof(cipherText)); - ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz), - WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, 0); - EVP_CIPHER_CTX_free(ctx); - ctx = NULL; - - /* Test partial Inits. CipherInit() allow setting of key and iv - * in separate calls. */ - ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); - ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, EVP_chacha20(), - key, NULL, 1), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, 1), - WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, - sizeof(cipherText)), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, sizeof(cipherText)); - ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz), - WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, 0); - EVP_CIPHER_CTX_free(ctx); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfssl_EVP_sm4_ecb(void) -{ - int res = TEST_SKIPPED; -#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM4_ECB) - EXPECT_DECLS; - byte key[SM4_KEY_SIZE]; - byte plainText[SM4_BLOCK_SIZE] = { - 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, - 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF - }; - byte cipherText[sizeof(plainText) + SM4_BLOCK_SIZE]; - byte decryptedText[sizeof(plainText) + SM4_BLOCK_SIZE]; - EVP_CIPHER_CTX* ctx; - int outSz; - - XMEMSET(key, 0, sizeof(key)); - - /* Encrypt. */ - ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); - ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_sm4_ecb(), NULL, NULL, NULL), - WOLFSSL_SUCCESS); - /* Any tag length must fail - not an AEAD cipher. */ - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL), - WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText, - sizeof(plainText)), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, sizeof(plainText)); - ExpectIntEQ(EVP_EncryptFinal_ex(ctx, cipherText + outSz, &outSz), - WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, SM4_BLOCK_SIZE); - ExpectBufNE(cipherText, plainText, sizeof(plainText)); - EVP_CIPHER_CTX_free(ctx); - - /* Decrypt. */ - ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); - ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_sm4_ecb(), NULL, NULL, NULL), - WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, NULL), - WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, - sizeof(cipherText)), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, sizeof(plainText)); - ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText + outSz, &outSz), - WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, 0); - ExpectBufEQ(decryptedText, plainText, sizeof(plainText)); - EVP_CIPHER_CTX_free(ctx); - - res = EXPECT_RESULT(); -#endif - return res; -} - -static int test_wolfssl_EVP_sm4_cbc(void) -{ - int res = TEST_SKIPPED; -#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM4_CBC) - EXPECT_DECLS; - byte key[SM4_KEY_SIZE]; - byte iv[SM4_BLOCK_SIZE]; - byte plainText[SM4_BLOCK_SIZE] = { - 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, - 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF - }; - byte cipherText[sizeof(plainText) + SM4_BLOCK_SIZE]; - byte decryptedText[sizeof(plainText) + SM4_BLOCK_SIZE]; - EVP_CIPHER_CTX* ctx; - int outSz; - - XMEMSET(key, 0, sizeof(key)); - XMEMSET(iv, 0, sizeof(iv)); - - /* Encrypt. */ - ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); - ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_sm4_cbc(), NULL, NULL, NULL), - WOLFSSL_SUCCESS); - /* Any tag length must fail - not an AEAD cipher. */ - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText, - sizeof(plainText)), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, sizeof(plainText)); - ExpectIntEQ(EVP_EncryptFinal_ex(ctx, cipherText + outSz, &outSz), - WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, SM4_BLOCK_SIZE); - ExpectBufNE(cipherText, plainText, sizeof(plainText)); - EVP_CIPHER_CTX_free(ctx); - - /* Decrypt. */ - ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); - ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_sm4_cbc(), NULL, NULL, NULL), - WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, - sizeof(cipherText)), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, sizeof(plainText)); - ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText + outSz, &outSz), - WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, 0); - ExpectBufEQ(decryptedText, plainText, sizeof(plainText)); - EVP_CIPHER_CTX_free(ctx); - - /* Test partial Inits. CipherInit() allow setting of key and iv - * in separate calls. */ - ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); - ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, EVP_sm4_cbc(), key, NULL, 0), - WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, 0), - WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, - sizeof(cipherText)), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, sizeof(plainText)); - ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText + outSz, &outSz), - WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, 0); - ExpectBufEQ(decryptedText, plainText, sizeof(plainText)); - EVP_CIPHER_CTX_free(ctx); - - res = EXPECT_RESULT(); -#endif - return res; -} - -static int test_wolfssl_EVP_sm4_ctr(void) -{ - int res = TEST_SKIPPED; -#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM4_CTR) - EXPECT_DECLS; - byte key[SM4_KEY_SIZE]; - byte iv[SM4_BLOCK_SIZE]; - byte plainText[] = {0xDE, 0xAD, 0xBE, 0xEF}; - byte cipherText[sizeof(plainText)]; - byte decryptedText[sizeof(plainText)]; - EVP_CIPHER_CTX* ctx; - int outSz; - - XMEMSET(key, 0, sizeof(key)); - XMEMSET(iv, 0, sizeof(iv)); - - /* Encrypt. */ - ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); - ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_sm4_ctr(), NULL, NULL, NULL), - WOLFSSL_SUCCESS); - /* Any tag length must fail - not an AEAD cipher. */ - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText, - sizeof(plainText)), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, sizeof(plainText)); - ExpectIntEQ(EVP_EncryptFinal_ex(ctx, cipherText, &outSz), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, 0); - ExpectBufNE(cipherText, plainText, sizeof(plainText)); - EVP_CIPHER_CTX_free(ctx); - - /* Decrypt. */ - ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); - ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_sm4_ctr(), NULL, NULL, NULL), - WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, - sizeof(cipherText)), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, sizeof(cipherText)); - ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz), - WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, 0); - ExpectBufEQ(decryptedText, plainText, sizeof(plainText)); - EVP_CIPHER_CTX_free(ctx); - - /* Test partial Inits. CipherInit() allow setting of key and iv - * in separate calls. */ - ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); - ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, EVP_sm4_ctr(), key, NULL, 1), - WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, 1), - WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, - sizeof(cipherText)), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, sizeof(cipherText)); - ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz), - WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, 0); - ExpectBufEQ(decryptedText, plainText, sizeof(plainText)); - EVP_CIPHER_CTX_free(ctx); - - res = EXPECT_RESULT(); -#endif - return res; -} - -static int test_wolfssl_EVP_sm4_gcm_zeroLen(void) -{ - int res = TEST_SKIPPED; -#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM4_GCM) - /* Zero length plain text */ - EXPECT_DECLS; - byte key[] = { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }; /* align */ - byte iv[] = { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }; /* align */ - byte plaintxt[1]; - int ivSz = 12; - int plaintxtSz = 0; - unsigned char tag[16]; - unsigned char tag_kat[16] = { - 0x23,0x2f,0x0c,0xfe,0x30,0x8b,0x49,0xea, - 0x6f,0xc8,0x82,0x29,0xb5,0xdc,0x85,0x8d - }; - - byte ciphertxt[SM4_BLOCK_SIZE * 4] = {0}; - byte decryptedtxt[SM4_BLOCK_SIZE * 4] = {0}; - int ciphertxtSz = 0; - int decryptedtxtSz = 0; - int len = 0; - - EVP_CIPHER_CTX *en = EVP_CIPHER_CTX_new(); - EVP_CIPHER_CTX *de = EVP_CIPHER_CTX_new(); - - ExpectIntEQ(1, EVP_EncryptInit_ex(en, EVP_sm4_gcm(), NULL, key, iv)); - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); - ExpectIntEQ(1, EVP_EncryptUpdate(en, ciphertxt, &ciphertxtSz , plaintxt, - plaintxtSz)); - ExpectIntEQ(1, EVP_EncryptFinal_ex(en, ciphertxt, &len)); - ciphertxtSz += len; - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_GET_TAG, 16, tag)); - ExpectIntEQ(1, EVP_CIPHER_CTX_cleanup(en)); - - ExpectIntEQ(0, ciphertxtSz); - ExpectIntEQ(0, XMEMCMP(tag, tag_kat, sizeof(tag))); - - EVP_CIPHER_CTX_init(de); - ExpectIntEQ(1, EVP_DecryptInit_ex(de, EVP_sm4_gcm(), NULL, key, iv)); - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); - ExpectIntEQ(1, EVP_DecryptUpdate(de, NULL, &len, ciphertxt, len)); - decryptedtxtSz = len; - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_GCM_SET_TAG, 16, tag)); - ExpectIntEQ(1, EVP_DecryptFinal_ex(de, decryptedtxt, &len)); - decryptedtxtSz += len; - ExpectIntEQ(0, decryptedtxtSz); - - EVP_CIPHER_CTX_free(en); - EVP_CIPHER_CTX_free(de); - - res = EXPECT_RESULT(); -#endif /* OPENSSL_EXTRA && WOLFSSL_SM4_GCM */ - return res; -} - -static int test_wolfssl_EVP_sm4_gcm(void) -{ - int res = TEST_SKIPPED; -#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM4_GCM) - EXPECT_DECLS; - byte *key = (byte*)"0123456789012345"; - /* A 128 bit IV */ - byte *iv = (byte*)"0123456789012345"; - int ivSz = SM4_BLOCK_SIZE; - /* Message to be encrypted */ - byte *plaintxt = (byte*)"for things to change you have to change"; - /* Additional non-confidential data */ - byte *aad = (byte*)"Don't spend major time on minor things."; - - unsigned char tag[SM4_BLOCK_SIZE] = {0}; - int plaintxtSz = (int)XSTRLEN((char*)plaintxt); - int aadSz = (int)XSTRLEN((char*)aad); - byte ciphertxt[SM4_BLOCK_SIZE * 4] = {0}; - byte decryptedtxt[SM4_BLOCK_SIZE * 4] = {0}; - int ciphertxtSz = 0; - int decryptedtxtSz = 0; - int len = 0; - int i = 0; - EVP_CIPHER_CTX en[2]; - EVP_CIPHER_CTX de[2]; - - for (i = 0; i < 2; i++) { - EVP_CIPHER_CTX_init(&en[i]); - - if (i == 0) { - /* Default uses 96-bits IV length */ - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_sm4_gcm(), NULL, key, - iv)); - } - else { - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_sm4_gcm(), NULL, NULL, - NULL)); - /* non-default must to set the IV length first */ - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_SET_IVLEN, - ivSz, NULL)); - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv)); - } - ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz)); - ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt, - plaintxtSz)); - ciphertxtSz = len; - ExpectIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len)); - ciphertxtSz += len; - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_GET_TAG, - SM4_BLOCK_SIZE, tag)); - ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]), 1); - - EVP_CIPHER_CTX_init(&de[i]); - if (i == 0) { - /* Default uses 96-bits IV length */ - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_sm4_gcm(), NULL, key, - iv)); - } - else { - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_sm4_gcm(), NULL, NULL, - NULL)); - /* non-default must to set the IV length first */ - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, - ivSz, NULL)); - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv)); - - } - ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); - ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, - ciphertxtSz)); - decryptedtxtSz = len; - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, - SM4_BLOCK_SIZE, tag)); - ExpectIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); - decryptedtxtSz += len; - ExpectIntEQ(ciphertxtSz, decryptedtxtSz); - ExpectIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz)); - - /* modify tag*/ - tag[SM4_BLOCK_SIZE-1]+=0xBB; - ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, - SM4_BLOCK_SIZE, tag)); - /* fail due to wrong tag */ - ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, - ciphertxtSz)); - ExpectIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); - ExpectIntEQ(0, len); - ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]), 1); - } - - res = EXPECT_RESULT(); -#endif /* OPENSSL_EXTRA && WOLFSSL_SM4_GCM */ - return res; -} - -static int test_wolfssl_EVP_sm4_ccm_zeroLen(void) -{ - int res = TEST_SKIPPED; -#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM4_CCM) - /* Zero length plain text */ - EXPECT_DECLS; - byte key[] = { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }; /* align */ - byte iv[] = { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }; /* align */ - byte plaintxt[1]; - int ivSz = 12; - int plaintxtSz = 0; - unsigned char tag[16]; - - byte ciphertxt[SM4_BLOCK_SIZE * 4] = {0}; - byte decryptedtxt[SM4_BLOCK_SIZE * 4] = {0}; - int ciphertxtSz = 0; - int decryptedtxtSz = 0; - int len = 0; - - EVP_CIPHER_CTX *en = EVP_CIPHER_CTX_new(); - EVP_CIPHER_CTX *de = EVP_CIPHER_CTX_new(); - - ExpectIntEQ(1, EVP_EncryptInit_ex(en, EVP_sm4_ccm(), NULL, key, iv)); - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_CCM_SET_IVLEN, ivSz, NULL)); - ExpectIntEQ(1, EVP_EncryptUpdate(en, ciphertxt, &ciphertxtSz , plaintxt, - plaintxtSz)); - ExpectIntEQ(1, EVP_EncryptFinal_ex(en, ciphertxt, &len)); - ciphertxtSz += len; - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_CCM_GET_TAG, 16, tag)); - ExpectIntEQ(1, EVP_CIPHER_CTX_cleanup(en)); - - ExpectIntEQ(0, ciphertxtSz); - - EVP_CIPHER_CTX_init(de); - ExpectIntEQ(1, EVP_DecryptInit_ex(de, EVP_sm4_ccm(), NULL, key, iv)); - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_CCM_SET_IVLEN, ivSz, NULL)); - ExpectIntEQ(1, EVP_DecryptUpdate(de, NULL, &len, ciphertxt, len)); - decryptedtxtSz = len; - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_CCM_SET_TAG, 16, tag)); - ExpectIntEQ(1, EVP_DecryptFinal_ex(de, decryptedtxt, &len)); - decryptedtxtSz += len; - ExpectIntEQ(0, decryptedtxtSz); - - EVP_CIPHER_CTX_free(en); - EVP_CIPHER_CTX_free(de); - - res = EXPECT_RESULT(); -#endif /* OPENSSL_EXTRA && WOLFSSL_SM4_CCM */ - return res; -} - -static int test_wolfssl_EVP_sm4_ccm(void) -{ - int res = TEST_SKIPPED; -#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM4_CCM) - EXPECT_DECLS; - byte *key = (byte*)"0123456789012345"; - byte *iv = (byte*)"0123456789012"; - int ivSz = (int)XSTRLEN((char*)iv); - /* Message to be encrypted */ - byte *plaintxt = (byte*)"for things to change you have to change"; - /* Additional non-confidential data */ - byte *aad = (byte*)"Don't spend major time on minor things."; - - unsigned char tag[SM4_BLOCK_SIZE] = {0}; - int plaintxtSz = (int)XSTRLEN((char*)plaintxt); - int aadSz = (int)XSTRLEN((char*)aad); - byte ciphertxt[SM4_BLOCK_SIZE * 4] = {0}; - byte decryptedtxt[SM4_BLOCK_SIZE * 4] = {0}; - int ciphertxtSz = 0; - int decryptedtxtSz = 0; - int len = 0; - int i = 0; - EVP_CIPHER_CTX en[2]; - EVP_CIPHER_CTX de[2]; - - for (i = 0; i < 2; i++) { - EVP_CIPHER_CTX_init(&en[i]); - - if (i == 0) { - /* Default uses 96-bits IV length */ - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_sm4_ccm(), NULL, key, - iv)); - } - else { - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_sm4_ccm(), NULL, NULL, - NULL)); - /* non-default must to set the IV length first */ - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_CCM_SET_IVLEN, - ivSz, NULL)); - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv)); - } - ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz)); - ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt, - plaintxtSz)); - ciphertxtSz = len; - ExpectIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len)); - ciphertxtSz += len; - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_CCM_GET_TAG, - SM4_BLOCK_SIZE, tag)); - ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]), 1); - - EVP_CIPHER_CTX_init(&de[i]); - if (i == 0) { - /* Default uses 96-bits IV length */ - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_sm4_ccm(), NULL, key, - iv)); - } - else { - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_sm4_ccm(), NULL, NULL, - NULL)); - /* non-default must to set the IV length first */ - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_IVLEN, - ivSz, NULL)); - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv)); - - } - ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); - ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, - ciphertxtSz)); - decryptedtxtSz = len; - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_TAG, - SM4_BLOCK_SIZE, tag)); - ExpectIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); - decryptedtxtSz += len; - ExpectIntEQ(ciphertxtSz, decryptedtxtSz); - ExpectIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz)); - - /* modify tag*/ - tag[SM4_BLOCK_SIZE-1]+=0xBB; - ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_TAG, - SM4_BLOCK_SIZE, tag)); - /* fail due to wrong tag */ - ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, - ciphertxtSz)); - ExpectIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); - ExpectIntEQ(0, len); - ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]), 1); - } - - res = EXPECT_RESULT(); -#endif /* OPENSSL_EXTRA && WOLFSSL_SM4_CCM */ - return res; -} - -static int test_wolfSSL_EVP_PKEY_hkdf(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && defined(HAVE_HKDF) - EVP_PKEY_CTX* ctx = NULL; - byte salt[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F}; - byte key[] = {0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F}; - byte info[] = {0X01, 0x02, 0x03, 0x04, 0x05}; - byte info2[] = {0X06, 0x07, 0x08, 0x09, 0x0A}; - byte outKey[34]; - size_t outKeySz = sizeof(outKey); - /* These expected outputs were gathered by running the same test below using - * OpenSSL. */ - const byte extractAndExpand[] = { - 0x8B, 0xEB, 0x90, 0xA9, 0x04, 0xFF, 0x05, 0x10, 0xE4, 0xB5, 0xB1, 0x10, - 0x31, 0x34, 0xFF, 0x07, 0x5B, 0xE3, 0xC6, 0x93, 0xD4, 0xF8, 0xC7, 0xEE, - 0x96, 0xDA, 0x78, 0x7A, 0xE2, 0x9A, 0x2D, 0x05, 0x4B, 0xF6 - }; - const byte extractOnly[] = { - 0xE7, 0x6B, 0x9E, 0x0F, 0xE4, 0x02, 0x1D, 0x62, 0xEA, 0x97, 0x74, 0x5E, - 0xF4, 0x3C, 0x65, 0x4D, 0xC1, 0x46, 0x98, 0xAA, 0x79, 0x9A, 0xCB, 0x9C, - 0xCC, 0x3E, 0x7F, 0x2A, 0x2B, 0x41, 0xA1, 0x9E - }; - const byte expandOnly[] = { - 0xFF, 0x29, 0x29, 0x56, 0x9E, 0xA7, 0x66, 0x02, 0xDB, 0x4F, 0xDB, 0x53, - 0x7D, 0x21, 0x67, 0x52, 0xC3, 0x0E, 0xF3, 0xFC, 0x71, 0xCE, 0x67, 0x2B, - 0xEA, 0x3B, 0xE9, 0xFC, 0xDD, 0xC8, 0xCC, 0xB7, 0x42, 0x74 - }; - const byte extractAndExpandAddInfo[] = { - 0x5A, 0x74, 0x79, 0x83, 0xA3, 0xA4, 0x2E, 0xB7, 0xD4, 0x08, 0xC2, 0x6A, - 0x2F, 0xA5, 0xE3, 0x4E, 0xF1, 0xF4, 0x87, 0x3E, 0xA6, 0xC7, 0x88, 0x45, - 0xD7, 0xE2, 0x15, 0xBC, 0xB8, 0x10, 0xEF, 0x6C, 0x4D, 0x7A - }; - ExpectNotNull((ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL))); - ExpectIntEQ(EVP_PKEY_derive_init(ctx), WOLFSSL_SUCCESS); - /* NULL ctx. */ - ExpectIntEQ(EVP_PKEY_CTX_set_hkdf_md(NULL, EVP_sha256()), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - /* NULL md. */ - ExpectIntEQ(EVP_PKEY_CTX_set_hkdf_md(ctx, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(EVP_PKEY_CTX_set_hkdf_md(ctx, EVP_sha256()), WOLFSSL_SUCCESS); - /* NULL ctx. */ - ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(NULL, salt, sizeof(salt)), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - /* NULL salt is ok. */ - ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, NULL, sizeof(salt)), - WOLFSSL_SUCCESS); - /* Salt length <= 0. */ - /* Length 0 salt is ok. */ - ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, 0), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, -1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, sizeof(salt)), - WOLFSSL_SUCCESS); - /* NULL ctx. */ - ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(NULL, key, sizeof(key)), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - /* NULL key. */ - ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, NULL, sizeof(key)), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - /* Key length <= 0 */ - ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, -1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, sizeof(key)), - WOLFSSL_SUCCESS); - /* NULL ctx. */ - ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(NULL, info, sizeof(info)), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - /* NULL info is ok. */ - ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, NULL, sizeof(info)), - WOLFSSL_SUCCESS); - /* Info length <= 0 */ - /* Length 0 info is ok. */ - ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, 0), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, -1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, sizeof(info)), - WOLFSSL_SUCCESS); - /* NULL ctx. */ - ExpectIntEQ(EVP_PKEY_CTX_hkdf_mode(NULL, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - /* Extract and expand (default). */ - ExpectIntEQ(EVP_PKEY_derive(ctx, outKey, &outKeySz), WOLFSSL_SUCCESS); - ExpectIntEQ(outKeySz, sizeof(extractAndExpand)); - ExpectIntEQ(XMEMCMP(outKey, extractAndExpand, outKeySz), 0); - /* Extract only. */ - ExpectIntEQ(EVP_PKEY_CTX_hkdf_mode(ctx, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY), - WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_derive(ctx, outKey, &outKeySz), WOLFSSL_SUCCESS); - ExpectIntEQ(outKeySz, sizeof(extractOnly)); - ExpectIntEQ(XMEMCMP(outKey, extractOnly, outKeySz), 0); - outKeySz = sizeof(outKey); - /* Expand only. */ - ExpectIntEQ(EVP_PKEY_CTX_hkdf_mode(ctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY), - WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_derive(ctx, outKey, &outKeySz), WOLFSSL_SUCCESS); - ExpectIntEQ(outKeySz, sizeof(expandOnly)); - ExpectIntEQ(XMEMCMP(outKey, expandOnly, outKeySz), 0); - outKeySz = sizeof(outKey); - /* Extract and expand with appended additional info. */ - ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info2, sizeof(info2)), - WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_CTX_hkdf_mode(ctx, - EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_derive(ctx, outKey, &outKeySz), WOLFSSL_SUCCESS); - ExpectIntEQ(outKeySz, sizeof(extractAndExpandAddInfo)); - ExpectIntEQ(XMEMCMP(outKey, extractAndExpandAddInfo, outKeySz), 0); - - EVP_PKEY_CTX_free(ctx); -#endif /* OPENSSL_EXTRA && HAVE_HKDF */ - return EXPECT_RESULT(); -} - -#ifndef NO_BIO -static int test_wolfSSL_PEM_X509_INFO_read_bio(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) - BIO* bio = NULL; - X509_INFO* info = NULL; - STACK_OF(X509_INFO)* sk = NULL; - STACK_OF(X509_INFO)* sk2 = NULL; - char* subject = NULL; - char exp1[] = "/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/" - "CN=www.wolfssl.com/emailAddress=info@wolfssl.com"; - char exp2[] = "/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Support/" - "CN=www.wolfssl.com/emailAddress=info@wolfssl.com"; - - ExpectNotNull(bio = BIO_new(BIO_s_file())); - ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0); - ExpectNotNull(sk = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL)); - ExpectIntEQ(sk_X509_INFO_num(sk), 2); - - /* using dereference to maintain testing for Apache port*/ - ExpectNull(sk_X509_INFO_pop(NULL)); - ExpectNotNull(info = sk_X509_INFO_pop(sk)); - ExpectNotNull(subject = X509_NAME_oneline(X509_get_subject_name(info->x509), - 0, 0)); - - ExpectIntEQ(0, XSTRNCMP(subject, exp1, sizeof(exp1))); - XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); - subject = NULL; - X509_INFO_free(info); - info = NULL; - - ExpectNotNull(info = sk_X509_INFO_pop(sk)); - ExpectNotNull(subject = X509_NAME_oneline(X509_get_subject_name(info->x509), - 0, 0)); - - ExpectIntEQ(0, XSTRNCMP(subject, exp2, sizeof(exp2))); - XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); - subject = NULL; - X509_INFO_free(info); - ExpectNull(info = sk_X509_INFO_pop(sk)); - - sk_X509_INFO_pop_free(sk, X509_INFO_free); - sk = NULL; - BIO_free(bio); - bio = NULL; - - ExpectNotNull(sk = wolfSSL_sk_X509_INFO_new_null()); - ExpectNotNull(bio = BIO_new(BIO_s_file())); - ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0); - ExpectNotNull(sk2 = PEM_X509_INFO_read_bio(bio, sk, NULL, NULL)); - ExpectPtrEq(sk, sk2); - if (sk2 != sk) { - sk_X509_INFO_pop_free(sk, X509_INFO_free); - } - sk = NULL; - BIO_free(bio); - sk_X509_INFO_pop_free(sk2, X509_INFO_free); - - ExpectNotNull(sk = wolfSSL_sk_X509_INFO_new_null()); - sk_X509_INFO_free(sk); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_PEM_X509_INFO_read(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) - XFILE fp = XBADFILE; - STACK_OF(X509_INFO)* sk = NULL; - - ExpectTrue((fp = XFOPEN(svrCertFile, "rb")) != XBADFILE); - ExpectNull(wolfSSL_PEM_X509_INFO_read(XBADFILE, NULL, NULL, NULL)); - ExpectNotNull(sk = wolfSSL_PEM_X509_INFO_read(fp, NULL, NULL, NULL)); - - sk_X509_INFO_pop_free(sk, X509_INFO_free); - if (fp != XBADFILE) - XFCLOSE(fp); -#endif - return EXPECT_RESULT(); -} -#endif /* !NO_BIO */ - -static int test_wolfSSL_X509_NAME_ENTRY_get_object(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) - X509 *x509 = NULL; - X509_NAME* name = NULL; - int idx = 0; - X509_NAME_ENTRY *ne = NULL; - ASN1_OBJECT *object = NULL; - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, - WOLFSSL_FILETYPE_PEM)); - ExpectNotNull(name = X509_get_subject_name(x509)); - ExpectIntGE(X509_NAME_get_index_by_NID(NULL, NID_commonName, -1), - BAD_FUNC_ARG); - ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1), 0); - ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -2), 0); - - ExpectNotNull(ne = X509_NAME_get_entry(name, idx)); - ExpectNull(X509_NAME_ENTRY_get_object(NULL)); - ExpectNotNull(object = X509_NAME_ENTRY_get_object(ne)); - - X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_get1_certs(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SIGNER_DER_CERT) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) - X509_STORE_CTX *storeCtx = NULL; - X509_STORE *store = NULL; - X509 *caX509 = NULL; - X509 *svrX509 = NULL; - X509_NAME *subject = NULL; - WOLF_STACK_OF(WOLFSSL_X509) *certs = NULL; - - ExpectNotNull(caX509 = X509_load_certificate_file(caCertFile, - SSL_FILETYPE_PEM)); - ExpectNotNull((svrX509 = wolfSSL_X509_load_certificate_file(svrCertFile, - SSL_FILETYPE_PEM))); - ExpectNotNull(storeCtx = X509_STORE_CTX_new()); - ExpectNotNull(store = X509_STORE_new()); - ExpectNotNull(subject = X509_get_subject_name(caX509)); - - /* Errors */ - ExpectNull(X509_STORE_get1_certs(storeCtx, subject)); - ExpectNull(X509_STORE_get1_certs(NULL, subject)); - ExpectNull(X509_STORE_get1_certs(storeCtx, NULL)); - - ExpectIntEQ(X509_STORE_add_cert(store, caX509), SSL_SUCCESS); - ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, caX509, NULL), - SSL_SUCCESS); - - /* Should find the cert */ - ExpectNotNull(certs = X509_STORE_get1_certs(storeCtx, subject)); - ExpectIntEQ(1, wolfSSL_sk_X509_num(certs)); - - sk_X509_pop_free(certs, NULL); - certs = NULL; - - /* Should not find the cert */ - ExpectNotNull(subject = X509_get_subject_name(svrX509)); - ExpectNotNull(certs = X509_STORE_get1_certs(storeCtx, subject)); - ExpectIntEQ(0, wolfSSL_sk_X509_num(certs)); - - sk_X509_pop_free(certs, NULL); - certs = NULL; - - X509_STORE_free(store); - X509_STORE_CTX_free(storeCtx); - X509_free(svrX509); - X509_free(caX509); -#endif /* OPENSSL_EXTRA && WOLFSSL_SIGNER_DER_CERT && !NO_FILESYSTEM */ - return EXPECT_RESULT(); -} - -#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ - defined(WOLFSSL_LOCAL_X509_STORE) && \ - (defined(OPENSSL_ALL) || defined(WOLFSSL_QT)) && defined(HAVE_CRL) -static int test_wolfSSL_X509_STORE_set_get_crl_provider(X509_STORE_CTX* ctx, - X509_CRL** crl_out, X509* cert) { - X509_CRL *crl = NULL; - XFILE fp = XBADFILE; - char* cert_issuer = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); - int ret = 0; - - (void)ctx; - - if (cert_issuer == NULL) - return 0; - - if ((fp = XFOPEN("certs/crl/crl.pem", "rb")) != XBADFILE) { - PEM_read_X509_CRL(fp, &crl, NULL, NULL); - XFCLOSE(fp); - if (crl != NULL) { - char* crl_issuer = X509_NAME_oneline( - X509_CRL_get_issuer(crl), NULL, 0); - if ((crl_issuer != NULL) && - (XSTRCMP(cert_issuer, crl_issuer) == 0)) { - *crl_out = X509_CRL_dup(crl); - if (*crl_out != NULL) - ret = 1; - } - OPENSSL_free(crl_issuer); - } - } - - X509_CRL_free(crl); - OPENSSL_free(cert_issuer); - return ret; -} - -static int test_wolfSSL_X509_STORE_set_get_crl_provider2(X509_STORE_CTX* ctx, - X509_CRL** crl_out, X509* cert) { - (void)ctx; - (void)cert; - *crl_out = NULL; - return 1; -} - -#ifndef NO_WOLFSSL_STUB -static int test_wolfSSL_X509_STORE_set_get_crl_check(X509_STORE_CTX* ctx, - X509_CRL* crl) { - (void)ctx; - (void)crl; - return 1; -} -#endif - -static int test_wolfSSL_X509_STORE_set_get_crl_verify(int ok, - X509_STORE_CTX* ctx) { - int cert_error = X509_STORE_CTX_get_error(ctx); - X509_VERIFY_PARAM* param = X509_STORE_CTX_get0_param(ctx); - int flags = X509_VERIFY_PARAM_get_flags(param); - if ((flags & (X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL)) != - (X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL)) { - /* Make sure the flags are set */ - return 0; - } - /* Ignore CRL missing error */ -#ifndef OPENSSL_COMPATIBLE_DEFAULTS - if (cert_error == WC_NO_ERR_TRACE(CRL_MISSING)) -#else - if (cert_error == X509_V_ERR_UNABLE_TO_GET_CRL) -#endif - return 1; - return ok; -} - -static int test_wolfSSL_X509_STORE_set_get_crl_ctx_ready(WOLFSSL_CTX* ctx) -{ - EXPECT_DECLS; - X509_STORE* cert_store = NULL; - - ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL), - WOLFSSL_SUCCESS); - ExpectNotNull(cert_store = SSL_CTX_get_cert_store(ctx)); - X509_STORE_set_get_crl(cert_store, - test_wolfSSL_X509_STORE_set_get_crl_provider); -#ifndef NO_WOLFSSL_STUB - X509_STORE_set_check_crl(cert_store, - test_wolfSSL_X509_STORE_set_get_crl_check); -#endif - - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_set_get_crl_ctx_ready2(WOLFSSL_CTX* ctx) -{ - EXPECT_DECLS; - X509_STORE* cert_store = NULL; - X509_VERIFY_PARAM* param = NULL; - - SSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL); - ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL), - WOLFSSL_SUCCESS); - ExpectNotNull(cert_store = SSL_CTX_get_cert_store(ctx)); - X509_STORE_set_get_crl(cert_store, - test_wolfSSL_X509_STORE_set_get_crl_provider2); -#ifndef NO_WOLFSSL_STUB - X509_STORE_set_check_crl(cert_store, - test_wolfSSL_X509_STORE_set_get_crl_check); -#endif - X509_STORE_set_verify_cb(cert_store, - test_wolfSSL_X509_STORE_set_get_crl_verify); - ExpectNotNull(X509_STORE_get0_param(cert_store)); - ExpectNotNull(param = X509_VERIFY_PARAM_new()); - ExpectIntEQ(X509_VERIFY_PARAM_inherit(NULL, NULL) , WOLFSSL_SUCCESS); - ExpectIntEQ(X509_VERIFY_PARAM_inherit(param, NULL) , WOLFSSL_SUCCESS); - ExpectIntEQ(X509_VERIFY_PARAM_inherit(param, - X509_STORE_get0_param(cert_store)), WOLFSSL_SUCCESS); - ExpectIntEQ(X509_VERIFY_PARAM_inherit(param, - X509_STORE_get0_param(cert_store)), 1); - ExpectIntEQ(X509_VERIFY_PARAM_set_flags( - param, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL), 1); - ExpectIntEQ(X509_STORE_set1_param(cert_store, param), 1); - ExpectIntEQ(X509_STORE_set_flags(cert_store, - X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL), 1); - - - X509_VERIFY_PARAM_free(param); - return EXPECT_RESULT(); -} -#endif - -/* This test mimics the usage of the CRL provider in gRPC */ -static int test_wolfSSL_X509_STORE_set_get_crl(void) -{ - EXPECT_DECLS; -#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ - defined(WOLFSSL_LOCAL_X509_STORE) && \ - (defined(OPENSSL_ALL) || defined(WOLFSSL_QT)) && defined(HAVE_CRL) - test_ssl_cbf func_cb_client; - test_ssl_cbf func_cb_server; - - XMEMSET(&func_cb_client, 0, sizeof(func_cb_client)); - XMEMSET(&func_cb_server, 0, sizeof(func_cb_server)); - - func_cb_client.ctx_ready = test_wolfSSL_X509_STORE_set_get_crl_ctx_ready; - - ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, - &func_cb_server, NULL), TEST_SUCCESS); - - XMEMSET(&func_cb_client, 0, sizeof(func_cb_client)); - XMEMSET(&func_cb_server, 0, sizeof(func_cb_server)); - - func_cb_client.ctx_ready = test_wolfSSL_X509_STORE_set_get_crl_ctx_ready2; - - ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, - &func_cb_server, NULL), TEST_SUCCESS); -#endif - return EXPECT_RESULT(); -} - static int test_wolfSSL_dup_CA_list(void) { int res = TEST_SKIPPED; diff --git a/tests/api/test_ecc.c b/tests/api/test_ecc.c index 157fa4225d..f2d73a7b34 100644 --- a/tests/api/test_ecc.c +++ b/tests/api/test_ecc.c @@ -1572,7 +1572,7 @@ int test_wc_ecc_shared_secret_ssh(void) ExpectIntEQ(wc_ecc_set_rng(&key, &rng), 0); #endif - ExpectIntEQ(wc_ecc_shared_secret_ssh(&key, key2.pubkey, secret, + ExpectIntEQ(wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret, &secretLen), 0); /* Pass in bad args. */ ExpectIntEQ(wc_ecc_shared_secret_ssh(NULL, &key2.pubkey, secret, diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 35d727d08b..e6b088c9cc 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -24737,7 +24737,6 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key) const char inStr[] = TEST_STRING; word32 inLen = (word32)TEST_STRING_SZ; word32 outSz; - word32 sigSz; word32 plainSz; word32 digestSz; int i, j; @@ -24830,14 +24829,14 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key) if (ret <= 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss); outSz = (word32)ret; - /* Preserve signature length for TA100 verify. */ - sigSz = outSz; XMEMCPY(sig, out, outSz); plain = NULL; TEST_SLEEP(); #if defined(WOLFSSL_MICROCHIP_TA100) + { + word32 sigSz = outSz; do { #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key->asyncDev, @@ -24852,6 +24851,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss); /* TA100 PSS verify done; skip remaining software-only variants. */ return 0; + } #else do { #if defined(WOLFSSL_ASYNC_CRYPT) @@ -26888,6 +26888,18 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa); } TEST_SLEEP(); + + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, &rng); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + TEST_SLEEP(); #endif /* !WOLFSSL_MICROCHIP_TA100 */ #elif defined(WOLFSSL_PUBLIC_MP)