diff --git a/IDE/ARDUINO/wolfssl-arduino.sh b/IDE/ARDUINO/wolfssl-arduino.sh index d076ea7a1..4da3ff4b6 100755 --- a/IDE/ARDUINO/wolfssl-arduino.sh +++ b/IDE/ARDUINO/wolfssl-arduino.sh @@ -13,3 +13,14 @@ if [ "$DIR" = "ARDUINO" ]; then else echo "ERROR: You must be in the IDE/ARDUINO directory to run this script" fi + +#UPDATED: 19 Apr 2017 to remove bio.c and evp.c from the root directory since +# they are included inline and should not be compiled directly + +ARDUINO_DIR=${PWD} +cd ../../ +rm bio.c +rm evp.c +cd $ARDUINO_DIR +# end script in the origin directory for any future functionality that may be added. +#End UPDATE: 19 Apr 2017 diff --git a/src/internal.c b/src/internal.c index 2f0b68ff9..1dc540159 100755 --- a/src/internal.c +++ b/src/internal.c @@ -6763,6 +6763,10 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, DoCertArgs args[1]; #endif +#ifdef WOLFSSL_TRUST_PEER_CERT + byte haveTrustPeer = 0; /* was cert verified by loaded trusted peer cert */ +#endif + WOLFSSL_ENTER("DoCertificate"); #ifdef WOLFSSL_ASYNC_CRYPT diff --git a/src/ssl.c b/src/ssl.c index 8ce202b88..bd30a2947 100755 --- a/src/ssl.c +++ b/src/ssl.c @@ -16312,15 +16312,40 @@ void wolfSSL_DES_set_odd_parity(WOLFSSL_DES_cblock* myDes) } +#ifdef WOLFSSL_DES_ECB +/* Encrpyt or decrypt input message desa with key and get output in desb. + * if enc is DES_ENCRYPT,input message is encrypted or + * if enc is DES_DECRYPT,input message is decrypted. + * */ void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* desa, - WOLFSSL_DES_cblock* desb, WOLFSSL_DES_key_schedule* key, int len) + WOLFSSL_DES_cblock* desb, WOLFSSL_DES_key_schedule* key, int enc) { - (void)desa; - (void)desb; - (void)key; - (void)len; - WOLFSSL_STUB("wolfSSL_DES_ecb_encrypt"); + WOLFSSL_ENTER("wolfSSL_DES_ecb_encrypt"); + + Des myDes; + if (desa == NULL || key == NULL || desb == NULL || + (enc != DES_ENCRYPT && enc != DES_DECRYPT)) { + WOLFSSL_MSG("Bad argument passed to wolfSSL_DES_ecb_encrypt"); + } else { + if (wc_Des_SetKey(&myDes, (const byte*) key, + (const byte*) NULL, !enc) != 0) { + WOLFSSL_MSG("wc_Des_SetKey return error."); + return; + } + if (enc){ + if (wc_Des_EcbEncrypt(&myDes, (byte*) desb, + (const byte*) desa, sizeof(desa)) != 0){ + WOLFSSL_MSG("wc_Des_EcbEncrpyt return error."); + } + } else { + if (wc_Des_EcbDecrypt(&myDes, (byte*) desb, + (const byte*) desa, sizeof(desa)) != 0){ + WOLFSSL_MSG("wc_Des_EcbDecrpyt return error."); + } + } + } } +#endif #endif /* NO_DES3 */ diff --git a/tests/api.c b/tests/api.c index d489c52c4..dd7b1c0aa 100644 --- a/tests/api.c +++ b/tests/api.c @@ -3038,7 +3038,39 @@ static void test_wolfSSL_BIO(void) #endif } +static void test_wolfSSL_DES_ecb_encrypt(void) +{ + #if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && defined(WOLFSSL_DES_ECB) + WOLFSSL_DES_cblock input1,input2,output1,output2,back1,back2; + WOLFSSL_DES_key_schedule key; + printf(testingFmt, "wolfSSL_DES_ecb_encrypt()"); + + XMEMCPY(key,"12345678",sizeof(WOLFSSL_DES_key_schedule)); + XMEMCPY(input1, "Iamhuman",sizeof(WOLFSSL_DES_cblock)); + XMEMCPY(input2, "Whoisit?",sizeof(WOLFSSL_DES_cblock)); + XMEMSET(output1, 0, sizeof(WOLFSSL_DES_cblock)); + XMEMSET(output2, 0, sizeof(WOLFSSL_DES_cblock)); + XMEMSET(back1, 0, sizeof(WOLFSSL_DES_cblock)); + XMEMSET(back2, 0, sizeof(WOLFSSL_DES_cblock)); + + /* Encrypt messages */ + wolfSSL_DES_ecb_encrypt(&input1,&output1,&key,DES_ENCRYPT); + wolfSSL_DES_ecb_encrypt(&input2,&output2,&key,DES_ENCRYPT); + + /* Decrypt messages */ + int ret1 = 0; + int ret2 = 0; + wolfSSL_DES_ecb_encrypt(&output1,&back1,&key,DES_DECRYPT); + ret1 = memcmp((unsigned char *) back1,(unsigned char *) input1,sizeof(WOLFSSL_DES_cblock)); + AssertIntEQ(ret1,0); + wolfSSL_DES_ecb_encrypt(&output2,&back2,&key,DES_DECRYPT); + ret2 = memcmp((unsigned char *) back2,(unsigned char *) input2,sizeof(WOLFSSL_DES_cblock)); + AssertIntEQ(ret2,0); + + printf(resultFmt, passed); + #endif +} /*----------------------------------------------------------------------------* | wolfCrypt ASN *----------------------------------------------------------------------------*/ @@ -3397,7 +3429,7 @@ void ApiTest(void) test_wolfSSL_set_options(); test_wolfSSL_PEM_read_bio(); test_wolfSSL_BIO(); - + test_wolfSSL_DES_ecb_encrypt(); AssertIntEQ(test_wolfSSL_Cleanup(), SSL_SUCCESS); /* wolfCrypt ASN tests */ diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 5d41c89c9..4577aa908 100755 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -2133,7 +2133,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) { int ret = 0; CRYP_HandleTypeDef hcryp; - + XMEMSET(&hcryp, 0, sizeof(CRYP_HandleTypeDef)); /* load key into correct registers */ switch(aes->rounds) { case 10: /* 128-bit key */ @@ -2148,8 +2148,6 @@ int wc_AesSetIV(Aes* aes, const byte* iv) default: break; } - - XMEMSET(&hcryp, 0, sizeof(CRYP_HandleTypeDef)); hcryp.Instance = CRYP; hcryp.Init.DataType = CRYP_DATATYPE_8B; hcryp.Init.pKey = (uint8_t*)aes->key; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 63b486737..7a5cf2c30 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -2144,11 +2144,11 @@ static int CheckAlgo(int first, int second, int* id, int* version) switch (second) { case 1: *id = PBE_SHA1_RC4_128; - *version = PKCS12; + *version = PKCS12v1; return 0; case 3: *id = PBE_SHA1_DES3; - *version = PKCS12; + *version = PKCS12v1; return 0; default: return ALGO_ID_E; @@ -2256,7 +2256,7 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt, ret = wc_PBKDF1(key, (byte*)password, passwordSz, salt, saltSz, iterations, derivedLen, typeH); #endif - else if (version == PKCS12) { + else if (version == PKCS12v1) { int i, idx = 0; byte unicodePasswd[MAX_UNICODE_SZ]; @@ -2302,7 +2302,7 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt, Des dec; byte* desIv = key + 8; - if (version == PKCS5v2 || version == PKCS12) + if (version == PKCS5v2 || version == PKCS12v1) desIv = cbcIv; ret = wc_Des_SetKey(&dec, key, desIv, DES_DECRYPTION); @@ -2322,7 +2322,7 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt, Des3 dec; byte* desIv = key + 24; - if (version == PKCS5v2 || version == PKCS12) + if (version == PKCS5v2 || version == PKCS12v1) desIv = cbcIv; ret = wc_Des3_SetKey(&dec, key, desIv, DES_DECRYPTION); if (ret != 0) { diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 05feaac96..898e22684 100755 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -310,11 +310,17 @@ wolfSSL_Mutex* wc_InitAndAllocMutex() { wolfSSL_Mutex* m = (wolfSSL_Mutex*) XMALLOC(sizeof(wolfSSL_Mutex), NULL, DYNAMIC_TYPE_MUTEX); - if (m && wc_InitMutex(m) == 0) - return m; + if (m != NULL) { + if (wc_InitMutex(m) != 0) { + WOLFSSL_MSG("Init Mutex failed"); + XFREE(m, NULL, DYNAMIC_TYPE_MUTEX); + m = NULL; + } + } + else { + WOLFSSL_MSG("Memory error with Mutex allocation"); + } - XFREE(m, NULL, DYNAMIC_TYPE_MUTEX); - m = NULL; return m; } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 79aafb9d5..8f3a5543b 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -222,6 +222,8 @@ int chacha20_poly1305_aead_test(void); int des_test(void); int des3_test(void); int aes_test(void); +int aes192_test(void); +int aes256_test(void); int cmac_test(void); int poly1305_test(void); int aesgcm_test(void); @@ -625,6 +627,16 @@ int wolfcrypt_test(void* args) else printf( "AES test passed!\n"); + if ( (ret = aes192_test()) != 0) + return err_sys("AES192 test failed!\n", ret); + else + printf( "AES192 test passed!\n"); + + if ( (ret = aes256_test()) != 0) + return err_sys("AES256 test failed!\n", ret); + else + printf( "AES256 test passed!\n"); + #ifdef HAVE_AESGCM if ( (ret = aesgcm_test()) != 0) return err_sys("AES-GCM test failed!\n", ret); @@ -1034,7 +1046,11 @@ int base64_test() int asn_test() { #ifndef NO_ASN_TIME - long now; + #ifdef WORD64_AVAILABLE + word64 now; + #else + word32 now; + #endif /* Parameter Validation tests. */ if (wc_GetTime(NULL, sizeof(now)) != BAD_FUNC_ARG) @@ -1043,10 +1059,12 @@ int asn_test() return -101; now = 0; - if (wc_GetTime(&now, sizeof(now)) != 0) + if (wc_GetTime(&now, sizeof(now)) != 0) { return -102; - if (now == 0) + } + if (now == 0) { return -103; + } #endif return 0; @@ -4005,6 +4023,153 @@ int aes_test(void) return ret; } +int aes192_test(void) +{ +#ifdef HAVE_AES_CBC + Aes enc; + byte cipher[AES_BLOCK_SIZE]; +#ifdef HAVE_AES_DECRYPT + Aes dec; + byte plain [AES_BLOCK_SIZE]; +#endif +#endif /* HAVE_AES_CBC */ + int ret = 0; + +#ifdef HAVE_AES_CBC + /* Test vectors from NIST Special Publication 800-38A, 2001 Edition + * Appendix F.2.3 */ + + const byte msg[] = { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + + const byte verify[] = + { + 0x4f,0x02,0x1d,0xb2,0x43,0xbc,0x63,0x3d, + 0x71,0x78,0x18,0x3a,0x9f,0xa0,0x71,0xe8 + }; + + byte key[] = { + 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52, + 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5, + 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b + }; + byte iv[] = { + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, + 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F + }; + + + if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) + return -21000; +#ifdef HAVE_AES_DECRYPT + if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) + return -21001; +#endif + + + ret = wc_AesSetKey(&enc, key, (int) sizeof(key), iv, AES_ENCRYPTION); + if (ret != 0) + return -21002; +#ifdef HAVE_AES_DECRYPT + ret = wc_AesSetKey(&dec, key, (int) sizeof(key), iv, AES_DECRYPTION); + if (ret != 0) + return -21003; +#endif + + ret = wc_AesCbcEncrypt(&enc, cipher, msg, (int) sizeof(msg)); + if (ret != 0) + return -21005; +#ifdef HAVE_AES_DECRYPT + ret = wc_AesCbcDecrypt(&dec, plain, cipher, (int) sizeof(cipher)); + if (ret != 0) + return -21006; + if (XMEMCMP(plain, msg, (int) sizeof(plain))) { + return -21060; + } +#endif + + if (XMEMCMP(cipher, verify, (int) sizeof(cipher))) + return -21061; +#endif + + return ret; +} + +int aes256_test(void) +{ +#ifdef HAVE_AES_CBC + Aes enc; + byte cipher[AES_BLOCK_SIZE]; +#ifdef HAVE_AES_DECRYPT + Aes dec; + byte plain [AES_BLOCK_SIZE]; +#endif +#endif /* HAVE_AES_CBC */ + int ret = 0; + +#ifdef HAVE_AES_CBC + /* Test vectors from NIST Special Publication 800-38A, 2001 Edition, + * Appendix F.2.5 */ + const byte msg[] = { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + + const byte verify[] = + { + 0xf5,0x8c,0x4c,0x04,0xd6,0xe5,0xf1,0xba, + 0x77,0x9e,0xab,0xfb,0x5f,0x7b,0xfb,0xd6 + }; + + byte key[] = { + 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 + }; + byte iv[] = { + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, + 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F + }; + + + if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) + return -22000; +#ifdef HAVE_AES_DECRYPT + if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) + return -22001; +#endif + + + ret = wc_AesSetKey(&enc, key, (int) sizeof(key), iv, AES_ENCRYPTION); + if (ret != 0) + return -22003; +#ifdef HAVE_AES_DECRYPT + ret = wc_AesSetKey(&dec, key, (int) sizeof(key), iv, AES_DECRYPTION); + if (ret != 0) + return -22004; +#endif + + ret = wc_AesCbcEncrypt(&enc, cipher, msg, (int) sizeof(msg)); + if (ret != 0) + return -22005; +#ifdef HAVE_AES_DECRYPT + ret = wc_AesCbcDecrypt(&dec, plain, cipher, (int) sizeof(cipher)); + if (ret != 0) + return -22006; + if (XMEMCMP(plain, msg, (int) sizeof(plain))) { + return -22060; + } +#endif + + if (XMEMCMP(cipher, verify, (int) sizeof(cipher))) + return -22061; +#endif + return 0; +} + #ifdef HAVE_AESGCM int aesgcm_test(void) @@ -5724,7 +5889,8 @@ static int rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng) #elif defined(WOLFSSL_ASYNC_CRYPT) /* async may not require RNG */ if (ret != 0 && ret != MISSING_RNG_E) -#elif defined(HAVE_FIPS) || defined(WOLFSSL_ASYNC_CRYPT) +#elif defined(HAVE_FIPS) || defined(WOLFSSL_ASYNC_CRYPT) || \ + !defined(WC_RSA_BLINDING) /* FIPS140 implementation does not do blinding */ if (ret != 0) #else diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 9bc5d5d45..d456818cf 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -130,7 +130,7 @@ enum Misc_ASN { PKCS5 = 5, /* PKCS oid tag */ PKCS5v2 = 6, /* PKCS #5 v2.0 */ PKCS8v0 = 0, /* default PKCS#8 version */ - PKCS12 = 12, /* PKCS #12 */ + PKCS12v1 = 12, /* PKCS #12 */ MAX_UNICODE_SZ = 256, ASN_BOOL_SIZE = 2, /* including type */ ASN_ECC_HEADER_SZ = 2, /* String type + 1 byte len */ diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index f70a4bca7..38496f369 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -33,7 +33,10 @@ /* Opaque keys. Only key pointers are used for arguments */ typedef struct ecc_key ecc_key; typedef struct RsaKey RsaKey; -typedef struct WC_RNG WC_RNG; +#ifndef WC_RNG_TYPE_DEFINED /* guard on redeclaration */ + typedef struct WC_RNG WC_RNG; + #define WC_RNG_TYPE_DEFINED +#endif /* Certificate file Type */ enum CertType {