From c466e3c078ee40d8921925e7819ba9017a9d3f36 Mon Sep 17 00:00:00 2001 From: Go Hosohara Date: Fri, 7 Apr 2017 11:21:32 +0900 Subject: [PATCH 01/18] Implements wolfSSL_DES_ecb_encrypt function. --- src/ssl.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 2d5fb50a5..238c5fa4a 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -15796,11 +15796,21 @@ void wolfSSL_DES_set_odd_parity(WOLFSSL_DES_cblock* myDes) void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* desa, WOLFSSL_DES_cblock* desb, WOLFSSL_DES_key_schedule* key, int len) { - (void)desa; - (void)desb; - (void)key; - (void)len; - WOLFSSL_STUB("wolfSSL_DES_ecb_encrypt"); +#ifdef WOLFSSL_DES_ECB + WOLFSSL_ENTER("wolfSSL_DES_ecb_encrypt"); + + Des3 enc; + if (desa == NULL || key == NULL){ + WOLFSSL_MSG("Bad argument passed to wolfSSL_DES_ecb_encrypt"); + } else { + if (wc_Des3_SetKey(&enc, (const byte*) key, (const byte*) NULL, DES_ENCRYPTION) != 0){ + WOLFSSL_MSG("wc_Des3_SetKey return error."); + } + if (wc_Des3_EcbEncrypt(&enc, (byte*) desb, (const byte*) desa, len) != 0){ + WOLFSSL_MSG("wc_Des3_EcbEncrpyt return error."); + } + } +#endif } #endif /* NO_DES3 */ From b19cf2cfb88c518a3a05d5bc4f303610cde83dfe Mon Sep 17 00:00:00 2001 From: Go Hosohara Date: Sat, 8 Apr 2017 17:03:58 +0900 Subject: [PATCH 02/18] Add test_wolfSSL_DES_ecb_encrypt() --- src/ssl.c | 6 +++--- tests/api.c | 29 ++++++++++++++++++++++++++++- 2 files changed, 31 insertions(+), 4 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 238c5fa4a..b03d7dc49 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -15794,7 +15794,7 @@ void wolfSSL_DES_set_odd_parity(WOLFSSL_DES_cblock* myDes) void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* desa, - WOLFSSL_DES_cblock* desb, WOLFSSL_DES_key_schedule* key, int len) + WOLFSSL_DES_cblock* desb, WOLFSSL_DES_key_schedule* key, int dir) { #ifdef WOLFSSL_DES_ECB WOLFSSL_ENTER("wolfSSL_DES_ecb_encrypt"); @@ -15803,10 +15803,10 @@ void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* desa, if (desa == NULL || key == NULL){ WOLFSSL_MSG("Bad argument passed to wolfSSL_DES_ecb_encrypt"); } else { - if (wc_Des3_SetKey(&enc, (const byte*) key, (const byte*) NULL, DES_ENCRYPTION) != 0){ + if (wc_Des3_SetKey(&enc, (const byte*) key, (const byte*) NULL, dir) != 0){ WOLFSSL_MSG("wc_Des3_SetKey return error."); } - if (wc_Des3_EcbEncrypt(&enc, (byte*) desb, (const byte*) desa, len) != 0){ + if (wc_Des3_EcbEncrypt(&enc, (byte*) desb, (const byte*) desa, sizeof(desb)) != 0){ WOLFSSL_MSG("wc_Des3_EcbEncrpyt return error."); } } diff --git a/tests/api.c b/tests/api.c index 7fb55c6e1..c9f7221c1 100644 --- a/tests/api.c +++ b/tests/api.c @@ -3028,7 +3028,34 @@ static void test_wolfSSL_BIO(void) #endif } +static void test_wolfSSL_DES_ecb_encrypt(void) +{ + #if defined(OPENSSL_EXTRA) && !defined(NO_DES3) + WOLFSSL_DES_cblock input1,input2,output1,output2,back1,back2; + WOLFSSL_DES_key_schedule key; + memcpy(key,"12345678",sizeof(WOLFSSL_DES_key_schedule)); + memcpy(input1, "Iamhuman",sizeof(WOLFSSL_DES_cblock)); + memcpy(input2, "Whoisit?",sizeof(WOLFSSL_DES_cblock)); + memset(output1, 0, sizeof(WOLFSSL_DES_cblock)); + memset(output2, 0, sizeof(WOLFSSL_DES_cblock)); + memset(back1, 0, sizeof(WOLFSSL_DES_cblock)); + memset(back2, 0, sizeof(WOLFSSL_DES_cblock)); + + wolfSSL_DES_ecb_encrypt(&input1,&output1,&key,DES_ENCRYPT); + wolfSSL_DES_ecb_encrypt(&input2,&output2,&key,DES_ENCRYPT); + + // Decrypt messages + int ret1 = 0; + int ret2 = 0; + wolfSSL_DES_ecb_encrypt(&output1,&back1,&key,DES_DECRYPT); + ret1 = memcmp((unsigned char *) back1,(unsigned char *) input1,sizeof(WOLFSSL_DES_cblock)); + AssertIntEQ(ret1,0); + wolfSSL_DES_ecb_encrypt(&output2,&back2,&key,DES_DECRYPT); + ret2 = memcmp((unsigned char *) back2,(unsigned char *) input2,sizeof(WOLFSSL_DES_cblock)); + AssertIntEQ(ret2,0); + #endif +} /*----------------------------------------------------------------------------* | wolfCrypt ASN *----------------------------------------------------------------------------*/ @@ -3133,7 +3160,7 @@ void ApiTest(void) test_wolfSSL_set_options(); test_wolfSSL_PEM_read_bio(); test_wolfSSL_BIO(); - + test_wolfSSL_DES_ecb_encrypt(); AssertIntEQ(test_wolfSSL_Cleanup(), SSL_SUCCESS); /* wolfCrypt ASN tests */ From 27c6625bfecd497d1bff70d499ac8afefe31e3ed Mon Sep 17 00:00:00 2001 From: Go Hosohara Date: Mon, 10 Apr 2017 14:44:48 +0900 Subject: [PATCH 03/18] Fix #ifdef in WolfSSL_DES_ecb_encrypt and test_WolfSSL_DES_ecb_encrypt. --- src/ssl.c | 4 ++-- tests/api.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index b03d7dc49..392b91b3d 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -15793,10 +15793,10 @@ void wolfSSL_DES_set_odd_parity(WOLFSSL_DES_cblock* myDes) } +#ifdef WOLFSSL_DES_ECB void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* desa, WOLFSSL_DES_cblock* desb, WOLFSSL_DES_key_schedule* key, int dir) { -#ifdef WOLFSSL_DES_ECB WOLFSSL_ENTER("wolfSSL_DES_ecb_encrypt"); Des3 enc; @@ -15810,8 +15810,8 @@ void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* desa, WOLFSSL_MSG("wc_Des3_EcbEncrpyt return error."); } } -#endif } +#endif #endif /* NO_DES3 */ diff --git a/tests/api.c b/tests/api.c index c9f7221c1..a7a55e670 100644 --- a/tests/api.c +++ b/tests/api.c @@ -3030,7 +3030,7 @@ static void test_wolfSSL_BIO(void) static void test_wolfSSL_DES_ecb_encrypt(void) { - #if defined(OPENSSL_EXTRA) && !defined(NO_DES3) + #if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && defined(WOLFSSL_DES_ECB) WOLFSSL_DES_cblock input1,input2,output1,output2,back1,back2; WOLFSSL_DES_key_schedule key; From 97c22c88d821a5351641d444030b808d6f3e27ab Mon Sep 17 00:00:00 2001 From: Go Hosohara Date: Mon, 10 Apr 2017 15:37:47 +0900 Subject: [PATCH 04/18] Add test result message for test_wolfSSL_DES_ecb_encrypt(). --- tests/api.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/api.c b/tests/api.c index a7a55e670..49eec92d4 100644 --- a/tests/api.c +++ b/tests/api.c @@ -3034,6 +3034,8 @@ static void test_wolfSSL_DES_ecb_encrypt(void) WOLFSSL_DES_cblock input1,input2,output1,output2,back1,back2; WOLFSSL_DES_key_schedule key; + printf(testingFmt, "wolfSSL_DES_ecb_encrypt()"); + memcpy(key,"12345678",sizeof(WOLFSSL_DES_key_schedule)); memcpy(input1, "Iamhuman",sizeof(WOLFSSL_DES_cblock)); memcpy(input2, "Whoisit?",sizeof(WOLFSSL_DES_cblock)); @@ -3054,6 +3056,8 @@ static void test_wolfSSL_DES_ecb_encrypt(void) wolfSSL_DES_ecb_encrypt(&output2,&back2,&key,DES_DECRYPT); ret2 = memcmp((unsigned char *) back2,(unsigned char *) input2,sizeof(WOLFSSL_DES_cblock)); AssertIntEQ(ret2,0); + + printf(resultFmt, passed); #endif } /*----------------------------------------------------------------------------* From dccff615d5f90d89979e7d3e13a7c6ccfe5beb52 Mon Sep 17 00:00:00 2001 From: Go Hosohara Date: Mon, 10 Apr 2017 16:19:44 +0900 Subject: [PATCH 05/18] Add wolfSSL_DES_ecb_encrypt() encrypt/decrypt parameter check. --- src/ssl.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 392b91b3d..7bc974918 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -15800,10 +15800,16 @@ void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* desa, WOLFSSL_ENTER("wolfSSL_DES_ecb_encrypt"); Des3 enc; - if (desa == NULL || key == NULL){ + if (desa == NULL || key == NULL || desb == NULL || (dir != DES_ENCRYPT && dir != DES_DECRYPT)){ WOLFSSL_MSG("Bad argument passed to wolfSSL_DES_ecb_encrypt"); } else { - if (wc_Des3_SetKey(&enc, (const byte*) key, (const byte*) NULL, dir) != 0){ + int cdir; + if (dir == DES_ENCRYPT){ + cdir = DES_ENCRYPTION; + }else if (dir == DES_DECRYPT){ + cdir = DES_DECRYPTION; + } + if (wc_Des3_SetKey(&enc, (const byte*) key, (const byte*) NULL, cdir) != 0){ WOLFSSL_MSG("wc_Des3_SetKey return error."); } if (wc_Des3_EcbEncrypt(&enc, (byte*) desb, (const byte*) desa, sizeof(desb)) != 0){ From d399b51ba8c1bbc265c349b25b4e8e129d34c304 Mon Sep 17 00:00:00 2001 From: Go Hosohara Date: Tue, 11 Apr 2017 23:49:10 +0900 Subject: [PATCH 06/18] Fix WolfSSL_DES_ecb_encrypt(). --- src/ssl.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 7bc974918..4af136dee 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -15795,27 +15795,27 @@ void wolfSSL_DES_set_odd_parity(WOLFSSL_DES_cblock* myDes) #ifdef WOLFSSL_DES_ECB void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* desa, - WOLFSSL_DES_cblock* desb, WOLFSSL_DES_key_schedule* key, int dir) + WOLFSSL_DES_cblock* desb, WOLFSSL_DES_key_schedule* key, int enc) { WOLFSSL_ENTER("wolfSSL_DES_ecb_encrypt"); - Des3 enc; - if (desa == NULL || key == NULL || desb == NULL || (dir != DES_ENCRYPT && dir != DES_DECRYPT)){ + Des3 myDes; + if (desa == NULL || key == NULL || desb == NULL || (enc != DES_ENCRYPT && enc != DES_DECRYPT)){ WOLFSSL_MSG("Bad argument passed to wolfSSL_DES_ecb_encrypt"); } else { - int cdir; - if (dir == DES_ENCRYPT){ - cdir = DES_ENCRYPTION; - }else if (dir == DES_DECRYPT){ - cdir = DES_DECRYPTION; - } - if (wc_Des3_SetKey(&enc, (const byte*) key, (const byte*) NULL, cdir) != 0){ + if (wc_Des3_SetKey(&myDes, (const byte*) key, (const byte*) NULL, enc) != 0){ WOLFSSL_MSG("wc_Des3_SetKey return error."); } - if (wc_Des3_EcbEncrypt(&enc, (byte*) desb, (const byte*) desa, sizeof(desb)) != 0){ - WOLFSSL_MSG("wc_Des3_EcbEncrpyt return error."); - } - } + if (enc){ + if (wc_Des3_EcbEncrypt(&myDes, (byte*) desb, (const byte*) desa, sizeof(desa)) != 0){ + WOLFSSL_MSG("wc_Des3_EcbEncrpyt return error."); + } + } else { + if (wc_Des3_EcbDecrypt(&myDes, (byte*) desb, (const byte*) desa, sizeof(desa)) != 0){ + WOLFSSL_MSG("wc_Des3_EcbDecrpyt return error."); + } + } + } } #endif From 0cebc2172c5721d74f27b778bedaeea51d4015bb Mon Sep 17 00:00:00 2001 From: Go Hosohara Date: Wed, 12 Apr 2017 00:03:35 +0900 Subject: [PATCH 07/18] Fix WolfSSL_DES_ecb_encrypt(). --- src/ssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index 4af136dee..f9833f368 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -15803,7 +15803,7 @@ void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* desa, if (desa == NULL || key == NULL || desb == NULL || (enc != DES_ENCRYPT && enc != DES_DECRYPT)){ WOLFSSL_MSG("Bad argument passed to wolfSSL_DES_ecb_encrypt"); } else { - if (wc_Des3_SetKey(&myDes, (const byte*) key, (const byte*) NULL, enc) != 0){ + if (wc_Des3_SetKey(&myDes, (const byte*) key, (const byte*) NULL, !enc) != 0){ WOLFSSL_MSG("wc_Des3_SetKey return error."); } if (enc){ From 26c8958d1ead97b97972c8960f5f81febd36b5ea Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 12 Apr 2017 15:56:45 -0600 Subject: [PATCH 08/18] testsuite time check on Windows system and fix dh_test if statement --- wolfcrypt/test/test.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index ce24a6511..c4ca0d7b2 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -1042,11 +1042,15 @@ int asn_test() if (wc_GetTime(&now, 0) != BUFFER_E) return -101; - now = 0; - if (wc_GetTime(&now, sizeof(now)) != 0) - return -102; - if (now == 0) - return -103; + if (sizeof(long) >= sizeof(time_t)) { + now = 0; + if (wc_GetTime(&now, sizeof(now)) != 0) { + return -102; + } + if (now == 0) { + return -103; + } + } #endif return 0; @@ -8071,8 +8075,9 @@ int dh_test(void) ret = -55; goto done; } - if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) + if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) { ret = -56; goto done; + } ret = dh_generate_test(&rng); if (ret != 0) From 460197a5e08559781efae5163e9009b679845272 Mon Sep 17 00:00:00 2001 From: Nickolas Lapp Date: Wed, 12 Apr 2017 18:21:09 -0600 Subject: [PATCH 09/18] Add aes192 and aes256 tests Fix bug with AES decrypt for non-128 bit sizes on STM32F4 hardware crypto --- wolfcrypt/src/aes.c | 4 +- wolfcrypt/test/test.c | 162 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 163 insertions(+), 3 deletions(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 5d41c89c9..4577aa908 100755 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -2133,7 +2133,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) { int ret = 0; CRYP_HandleTypeDef hcryp; - + XMEMSET(&hcryp, 0, sizeof(CRYP_HandleTypeDef)); /* load key into correct registers */ switch(aes->rounds) { case 10: /* 128-bit key */ @@ -2148,8 +2148,6 @@ int wc_AesSetIV(Aes* aes, const byte* iv) default: break; } - - XMEMSET(&hcryp, 0, sizeof(CRYP_HandleTypeDef)); hcryp.Instance = CRYP; hcryp.Init.DataType = CRYP_DATATYPE_8B; hcryp.Init.pKey = (uint8_t*)aes->key; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index ce24a6511..243c5ad2f 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -222,6 +222,8 @@ int chacha20_poly1305_aead_test(void); int des_test(void); int des3_test(void); int aes_test(void); +int aes192_test(void); +int aes256_test(void); int cmac_test(void); int poly1305_test(void); int aesgcm_test(void); @@ -625,6 +627,16 @@ int wolfcrypt_test(void* args) else printf( "AES test passed!\n"); + if ( (ret = aes192_test()) != 0) + return err_sys("AES192 test failed!\n", ret); + else + printf( "AES192 test passed!\n"); + + if ( (ret = aes256_test()) != 0) + return err_sys("AES256 test failed!\n", ret); + else + printf( "AES256 test passed!\n"); + #ifdef HAVE_AESGCM if ( (ret = aesgcm_test()) != 0) return err_sys("AES-GCM test failed!\n", ret); @@ -4005,6 +4017,156 @@ int aes_test(void) return ret; } +int aes192_test(void) +{ +#ifdef HAVE_AES_CBC + Aes enc; + byte cipher[AES_BLOCK_SIZE]; +#ifdef HAVE_AES_DECRYPT + Aes dec; + byte plain [AES_BLOCK_SIZE]; +#endif +#endif /* HAVE_AES_CBC */ + int ret = 0; + +#ifdef HAVE_AES_CBC + /* + * http://www.inconteam.com/software-development/41-encryption/ + * 55-aes-test-vectors#aes-cbc-192 + */ + const byte msg[] = { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + + const byte verify[] = + { + 0x4f,0x02,0x1d,0xb2,0x43,0xbc,0x63,0x3d, + 0x71,0x78,0x18,0x3a,0x9f,0xa0,0x71,0xe8 + }; + + byte key[] = { + 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52, + 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5, + 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b + }; + byte iv[] = { + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, + 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F + }; + + + if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) + return -21000; +#ifdef HAVE_AES_DECRYPT + if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) + return -21001; +#endif + + + ret = wc_AesSetKey(&enc, key, (int) sizeof(key), iv, AES_ENCRYPTION); + if (ret != 0) + return -21002; +#ifdef HAVE_AES_DECRYPT + ret = wc_AesSetKey(&dec, key, (int) sizeof(key), iv, AES_DECRYPTION); + if (ret != 0) + return -21003; +#endif + + ret = wc_AesCbcEncrypt(&enc, cipher, msg, (int) sizeof(msg)); + if (ret != 0) + return -21005; +#ifdef HAVE_AES_DECRYPT + ret = wc_AesCbcDecrypt(&dec, plain, cipher, (int) sizeof(cipher)); + if (ret != 0) + return -21006; + if (XMEMCMP(plain, msg, (int) sizeof(plain))) { + return -21060; + } +#endif + + if (XMEMCMP(cipher, verify, (int) sizeof(cipher))) + return -21061; +#endif + + return ret; +} + +int aes256_test(void) +{ +#ifdef HAVE_AES_CBC + Aes enc; + byte cipher[AES_BLOCK_SIZE]; +#ifdef HAVE_AES_DECRYPT + Aes dec; + byte plain [AES_BLOCK_SIZE]; +#endif +#endif /* HAVE_AES_CBC */ + int ret = 0; + +#ifdef HAVE_AES_CBC + /* + * http://www.inconteam.com/software-development/41-encryption/ + * 55-aes-test-vectors#aes-cbc-256 + */ + const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */ + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + + const byte verify[] = + { + 0xf5,0x8c,0x4c,0x04,0xd6,0xe5,0xf1,0xba, + 0x77,0x9e,0xab,0xfb,0x5f,0x7b,0xfb,0xd6 + }; + + byte key[] = { + 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 + }; + byte iv[] = { + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, + 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F + }; + + + if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) + return -22000; +#ifdef HAVE_AES_DECRYPT + if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) + return -22001; +#endif + + + ret = wc_AesSetKey(&enc, key, (int) sizeof(key), iv, AES_ENCRYPTION); + if (ret != 0) + return -22003; +#ifdef HAVE_AES_DECRYPT + ret = wc_AesSetKey(&dec, key, (int) sizeof(key), iv, AES_DECRYPTION); + if (ret != 0) + return -22004; +#endif + + ret = wc_AesCbcEncrypt(&enc, cipher, msg, (int) sizeof(msg)); + if (ret != 0) + return -22005; +#ifdef HAVE_AES_DECRYPT + ret = wc_AesCbcDecrypt(&dec, plain, cipher, (int) sizeof(cipher)); + if (ret != 0) + return -22006; + if (XMEMCMP(plain, msg, (int) sizeof(plain))) { + return -22060; + } +#endif + + if (XMEMCMP(cipher, verify, (int) sizeof(cipher))) + return -22061; +#endif + return 0; +} + #ifdef HAVE_AESGCM int aesgcm_test(void) From fe215c4a579e4f943f8234d9b619a8bfeefafe33 Mon Sep 17 00:00:00 2001 From: Go Hosohara Date: Thu, 13 Apr 2017 12:31:52 +0900 Subject: [PATCH 10/18] Fix DES_ecb_encrypt function in terms of reviewing point. --- src/ssl.c | 39 ++++++++++++++++++++++++--------------- tests/api.c | 17 +++++++++-------- 2 files changed, 33 insertions(+), 23 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index f9833f368..0b4c2565a 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -15794,28 +15794,37 @@ void wolfSSL_DES_set_odd_parity(WOLFSSL_DES_cblock* myDes) #ifdef WOLFSSL_DES_ECB +/* Encrpyt or decrypt input message desa with key and get output in desb. + * if enc is DES_ENCRYPT,input message is encrypted or + * if enc is DES_DECRYPT,input message is decrypted. + * */ void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* desa, WOLFSSL_DES_cblock* desb, WOLFSSL_DES_key_schedule* key, int enc) { WOLFSSL_ENTER("wolfSSL_DES_ecb_encrypt"); - Des3 myDes; - if (desa == NULL || key == NULL || desb == NULL || (enc != DES_ENCRYPT && enc != DES_DECRYPT)){ + Des myDes; + if (desa == NULL || key == NULL || desb == NULL || + (enc != DES_ENCRYPT && enc != DES_DECRYPT)) { WOLFSSL_MSG("Bad argument passed to wolfSSL_DES_ecb_encrypt"); } else { - if (wc_Des3_SetKey(&myDes, (const byte*) key, (const byte*) NULL, !enc) != 0){ - WOLFSSL_MSG("wc_Des3_SetKey return error."); - } - if (enc){ - if (wc_Des3_EcbEncrypt(&myDes, (byte*) desb, (const byte*) desa, sizeof(desa)) != 0){ - WOLFSSL_MSG("wc_Des3_EcbEncrpyt return error."); - } - } else { - if (wc_Des3_EcbDecrypt(&myDes, (byte*) desb, (const byte*) desa, sizeof(desa)) != 0){ - WOLFSSL_MSG("wc_Des3_EcbDecrpyt return error."); - } - } - } + if (wc_Des_SetKey(&myDes, (const byte*) key, + (const byte*) NULL, !enc) != 0) { + WOLFSSL_MSG("wc_Des_SetKey return error."); + return; + } + if (enc){ + if (wc_Des_EcbEncrypt(&myDes, (byte*) desb, + (const byte*) desa, sizeof(desa)) != 0){ + WOLFSSL_MSG("wc_Des_EcbEncrpyt return error."); + } + } else { + if (wc_Des_EcbDecrypt(&myDes, (byte*) desb, + (const byte*) desa, sizeof(desa)) != 0){ + WOLFSSL_MSG("wc_Des_EcbDecrpyt return error."); + } + } + } } #endif diff --git a/tests/api.c b/tests/api.c index 49eec92d4..e22898583 100644 --- a/tests/api.c +++ b/tests/api.c @@ -3036,18 +3036,19 @@ static void test_wolfSSL_DES_ecb_encrypt(void) printf(testingFmt, "wolfSSL_DES_ecb_encrypt()"); - memcpy(key,"12345678",sizeof(WOLFSSL_DES_key_schedule)); - memcpy(input1, "Iamhuman",sizeof(WOLFSSL_DES_cblock)); - memcpy(input2, "Whoisit?",sizeof(WOLFSSL_DES_cblock)); - memset(output1, 0, sizeof(WOLFSSL_DES_cblock)); - memset(output2, 0, sizeof(WOLFSSL_DES_cblock)); - memset(back1, 0, sizeof(WOLFSSL_DES_cblock)); - memset(back2, 0, sizeof(WOLFSSL_DES_cblock)); + XMEMCPY(key,"12345678",sizeof(WOLFSSL_DES_key_schedule)); + XMEMCPY(input1, "Iamhuman",sizeof(WOLFSSL_DES_cblock)); + XMEMCPY(input2, "Whoisit?",sizeof(WOLFSSL_DES_cblock)); + XMEMSET(output1, 0, sizeof(WOLFSSL_DES_cblock)); + XMEMSET(output2, 0, sizeof(WOLFSSL_DES_cblock)); + XMEMSET(back1, 0, sizeof(WOLFSSL_DES_cblock)); + XMEMSET(back2, 0, sizeof(WOLFSSL_DES_cblock)); + /* Encrypt messages */ wolfSSL_DES_ecb_encrypt(&input1,&output1,&key,DES_ENCRYPT); wolfSSL_DES_ecb_encrypt(&input2,&output2,&key,DES_ENCRYPT); - // Decrypt messages + /* Decrypt messages */ int ret1 = 0; int ret2 = 0; wolfSSL_DES_ecb_encrypt(&output1,&back1,&key,DES_DECRYPT); From 3f067bccf0e339a7df1c7dada9790ca735a25b2a Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Fri, 14 Apr 2017 10:20:35 -0600 Subject: [PATCH 11/18] fix redefinition of PKCS12 version and PKCS12 struct when building w/ STUNNEL --- wolfcrypt/src/asn.c | 10 +++++----- wolfssl/wolfcrypt/asn.h | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 1b287cc57..d376c2426 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -2144,11 +2144,11 @@ static int CheckAlgo(int first, int second, int* id, int* version) switch (second) { case 1: *id = PBE_SHA1_RC4_128; - *version = PKCS12; + *version = PKCS12v1_1; return 0; case 3: *id = PBE_SHA1_DES3; - *version = PKCS12; + *version = PKCS12v1_1; return 0; default: return ALGO_ID_E; @@ -2256,7 +2256,7 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt, ret = wc_PBKDF1(key, (byte*)password, passwordSz, salt, saltSz, iterations, derivedLen, typeH); #endif - else if (version == PKCS12) { + else if (version == PKCS12v1_1) { int i, idx = 0; byte unicodePasswd[MAX_UNICODE_SZ]; @@ -2302,7 +2302,7 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt, Des dec; byte* desIv = key + 8; - if (version == PKCS5v2 || version == PKCS12) + if (version == PKCS5v2 || version == PKCS12v1_1) desIv = cbcIv; ret = wc_Des_SetKey(&dec, key, desIv, DES_DECRYPTION); @@ -2322,7 +2322,7 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt, Des3 dec; byte* desIv = key + 24; - if (version == PKCS5v2 || version == PKCS12) + if (version == PKCS5v2 || version == PKCS12v1_1) desIv = cbcIv; ret = wc_Des3_SetKey(&dec, key, desIv, DES_DECRYPTION); if (ret != 0) { diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index f4b0c5e0b..1319f5e45 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -130,7 +130,7 @@ enum Misc_ASN { PKCS5 = 5, /* PKCS oid tag */ PKCS5v2 = 6, /* PKCS #5 v2.0 */ PKCS8v0 = 0, /* default PKCS#8 version */ - PKCS12 = 12, /* PKCS #12 */ + PKCS12v1_1 = 12, /* PKCS #12 */ MAX_UNICODE_SZ = 256, ASN_BOOL_SIZE = 2, /* including type */ ASN_ECC_HEADER_SZ = 2, /* String type + 1 byte len */ From 53eca92cc07d8bc0231d633f0d8c3be6f0b6a1f5 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Fri, 14 Apr 2017 12:02:49 -0600 Subject: [PATCH 12/18] change type for test instead and add RSA blinding check --- wolfcrypt/test/test.c | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index c4ca0d7b2..b852d7369 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -1034,7 +1034,11 @@ int base64_test() int asn_test() { #ifndef NO_ASN_TIME - long now; + #ifdef WORD64_AVAILABLE + word64 now; + #else + word32 now; + #endif /* Parameter Validation tests. */ if (wc_GetTime(NULL, sizeof(now)) != BAD_FUNC_ARG) @@ -1042,14 +1046,12 @@ int asn_test() if (wc_GetTime(&now, 0) != BUFFER_E) return -101; - if (sizeof(long) >= sizeof(time_t)) { - now = 0; - if (wc_GetTime(&now, sizeof(now)) != 0) { - return -102; - } - if (now == 0) { - return -103; - } + now = 0; + if (wc_GetTime(&now, sizeof(now)) != 0) { + return -102; + } + if (now == 0) { + return -103; } #endif @@ -5728,7 +5730,8 @@ static int rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng) #elif defined(WOLFSSL_ASYNC_CRYPT) /* async may not require RNG */ if (ret != 0 && ret != MISSING_RNG_E) -#elif defined(HAVE_FIPS) || defined(WOLFSSL_ASYNC_CRYPT) +#elif defined(HAVE_FIPS) || defined(WOLFSSL_ASYNC_CRYPT) || \ + !defined(WC_RSA_BLINDING) /* FIPS140 implementation does not do blinding */ if (ret != 0) #else From a8115d51fa12c65dfb11b0695382a4d84a2a1b03 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Tue, 18 Apr 2017 16:53:02 -0600 Subject: [PATCH 13/18] add back in haveTrustPeer variable and put macro guard on WC_RNG typedef --- src/internal.c | 4 ++++ wolfssl/wolfcrypt/asn_public.h | 5 ++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/internal.c b/src/internal.c index eec3a3db6..0aeb4f962 100755 --- a/src/internal.c +++ b/src/internal.c @@ -6763,6 +6763,10 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, DoCertArgs args[1]; #endif +#ifdef WOLFSSL_TRUST_PEER_CERT + byte haveTrustPeer = 0; /* was cert verified by loaded trusted peer cert */ +#endif + WOLFSSL_ENTER("DoCertificate"); #ifdef WOLFSSL_ASYNC_CRYPT diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index f70a4bca7..38496f369 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -33,7 +33,10 @@ /* Opaque keys. Only key pointers are used for arguments */ typedef struct ecc_key ecc_key; typedef struct RsaKey RsaKey; -typedef struct WC_RNG WC_RNG; +#ifndef WC_RNG_TYPE_DEFINED /* guard on redeclaration */ + typedef struct WC_RNG WC_RNG; + #define WC_RNG_TYPE_DEFINED +#endif /* Certificate file Type */ enum CertType { From 4eecaf257480f9b22a2885cd4dfb07b26029161c Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Tue, 18 Apr 2017 17:18:19 -0600 Subject: [PATCH 14/18] fix mutex allocation sanity checks --- wolfcrypt/src/wc_port.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 05feaac96..898e22684 100755 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -310,11 +310,17 @@ wolfSSL_Mutex* wc_InitAndAllocMutex() { wolfSSL_Mutex* m = (wolfSSL_Mutex*) XMALLOC(sizeof(wolfSSL_Mutex), NULL, DYNAMIC_TYPE_MUTEX); - if (m && wc_InitMutex(m) == 0) - return m; + if (m != NULL) { + if (wc_InitMutex(m) != 0) { + WOLFSSL_MSG("Init Mutex failed"); + XFREE(m, NULL, DYNAMIC_TYPE_MUTEX); + m = NULL; + } + } + else { + WOLFSSL_MSG("Memory error with Mutex allocation"); + } - XFREE(m, NULL, DYNAMIC_TYPE_MUTEX); - m = NULL; return m; } From 32e83cb55d31d297315efe2604db1b0f8b7b5861 Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Wed, 19 Apr 2017 11:53:58 -0600 Subject: [PATCH 15/18] Update ARDUINO script per issue #859 from @pasko-zh --- IDE/ARDUINO/wolfssl-arduino.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/IDE/ARDUINO/wolfssl-arduino.sh b/IDE/ARDUINO/wolfssl-arduino.sh index d076ea7a1..8ed12da60 100755 --- a/IDE/ARDUINO/wolfssl-arduino.sh +++ b/IDE/ARDUINO/wolfssl-arduino.sh @@ -13,3 +13,14 @@ if [ "$DIR" = "ARDUINO" ]; then else echo "ERROR: You must be in the IDE/ARDUINO directory to run this script" fi + +#UPDATED: 19 Apr 2017 to remove bio.c and evp.c from the root directory since +# they are included inline and should not be compiled directly + +PWD=${PWD} +cd ../../ +rm bio.c +rm evp.c +cd $PWD + +#End UPDATE: 19 Apr 2017 From 14e37cdc4cf937c820c3710e28568c06de5ce723 Mon Sep 17 00:00:00 2001 From: Kaleb Himes Date: Wed, 19 Apr 2017 13:10:55 -0600 Subject: [PATCH 16/18] Change variable name, add comment --- IDE/ARDUINO/wolfssl-arduino.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/IDE/ARDUINO/wolfssl-arduino.sh b/IDE/ARDUINO/wolfssl-arduino.sh index 8ed12da60..4da3ff4b6 100755 --- a/IDE/ARDUINO/wolfssl-arduino.sh +++ b/IDE/ARDUINO/wolfssl-arduino.sh @@ -17,10 +17,10 @@ fi #UPDATED: 19 Apr 2017 to remove bio.c and evp.c from the root directory since # they are included inline and should not be compiled directly -PWD=${PWD} +ARDUINO_DIR=${PWD} cd ../../ rm bio.c rm evp.c -cd $PWD - +cd $ARDUINO_DIR +# end script in the origin directory for any future functionality that may be added. #End UPDATE: 19 Apr 2017 From a8eb2614f6c5cc32610c086ac9a644c0fc8493fe Mon Sep 17 00:00:00 2001 From: Nickolas Lapp Date: Wed, 19 Apr 2017 13:13:34 -0600 Subject: [PATCH 17/18] Update reference for aes192/256 test to remove bad url and give specific NIST reference document. --- wolfcrypt/test/test.c | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index a3a62fcb3..8f3a5543b 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -4036,10 +4036,9 @@ int aes192_test(void) int ret = 0; #ifdef HAVE_AES_CBC - /* - * http://www.inconteam.com/software-development/41-encryption/ - * 55-aes-test-vectors#aes-cbc-192 - */ + /* Test vectors from NIST Special Publication 800-38A, 2001 Edition + * Appendix F.2.3 */ + const byte msg[] = { 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a @@ -4111,11 +4110,9 @@ int aes256_test(void) int ret = 0; #ifdef HAVE_AES_CBC - /* - * http://www.inconteam.com/software-development/41-encryption/ - * 55-aes-test-vectors#aes-cbc-256 - */ - const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */ + /* Test vectors from NIST Special Publication 800-38A, 2001 Edition, + * Appendix F.2.5 */ + const byte msg[] = { 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a }; From 1dd16e67028392b25d5132492b16b0b8045868a8 Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Thu, 20 Apr 2017 10:05:12 -0600 Subject: [PATCH 18/18] Update enum name from peer review --- wolfcrypt/src/asn.c | 10 +++++----- wolfssl/wolfcrypt/asn.h | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index d376c2426..0d56df3f4 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -2144,11 +2144,11 @@ static int CheckAlgo(int first, int second, int* id, int* version) switch (second) { case 1: *id = PBE_SHA1_RC4_128; - *version = PKCS12v1_1; + *version = PKCS12v1; return 0; case 3: *id = PBE_SHA1_DES3; - *version = PKCS12v1_1; + *version = PKCS12v1; return 0; default: return ALGO_ID_E; @@ -2256,7 +2256,7 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt, ret = wc_PBKDF1(key, (byte*)password, passwordSz, salt, saltSz, iterations, derivedLen, typeH); #endif - else if (version == PKCS12v1_1) { + else if (version == PKCS12v1) { int i, idx = 0; byte unicodePasswd[MAX_UNICODE_SZ]; @@ -2302,7 +2302,7 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt, Des dec; byte* desIv = key + 8; - if (version == PKCS5v2 || version == PKCS12v1_1) + if (version == PKCS5v2 || version == PKCS12v1) desIv = cbcIv; ret = wc_Des_SetKey(&dec, key, desIv, DES_DECRYPTION); @@ -2322,7 +2322,7 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt, Des3 dec; byte* desIv = key + 24; - if (version == PKCS5v2 || version == PKCS12v1_1) + if (version == PKCS5v2 || version == PKCS12v1) desIv = cbcIv; ret = wc_Des3_SetKey(&dec, key, desIv, DES_DECRYPTION); if (ret != 0) { diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 1319f5e45..13b1e29db 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -130,7 +130,7 @@ enum Misc_ASN { PKCS5 = 5, /* PKCS oid tag */ PKCS5v2 = 6, /* PKCS #5 v2.0 */ PKCS8v0 = 0, /* default PKCS#8 version */ - PKCS12v1_1 = 12, /* PKCS #12 */ + PKCS12v1 = 12, /* PKCS #12 */ MAX_UNICODE_SZ = 256, ASN_BOOL_SIZE = 2, /* including type */ ASN_ECC_HEADER_SZ = 2, /* String type + 1 byte len */