mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 15:10:48 +02:00
Merge pull request #10094 from sebastian-carpenter/GH-10068
Fixes: for GH #10068
This commit is contained in:
+3
-2
@@ -547,8 +547,9 @@ int SetEchConfigsEx(WOLFSSL_EchConfig** outputConfigs, void* heap,
|
||||
ato16(echConfig, &hpkePubkeyLen);
|
||||
echConfig += 2;
|
||||
|
||||
/* hpke public_key */
|
||||
if (hpkePubkeyLen > HPKE_Npk_MAX || hpkePubkeyLen == 0) {
|
||||
/* hpke public_key
|
||||
* KEM support will be checked along with the ciphersuites */
|
||||
if (hpkePubkeyLen != wc_HpkeKemGetEncLen(workingConfig->kemId)) {
|
||||
ret = BUFFER_E;
|
||||
break;
|
||||
}
|
||||
|
||||
@@ -13800,7 +13800,7 @@ static int TLSX_ECH_Write(WOLFSSL_ECH* ech, byte msgType, byte* writeBuf,
|
||||
writeBuf_p += ech->encLen;
|
||||
}
|
||||
/* innerClientHelloLen */
|
||||
c16toa(ech->innerClientHelloLen, writeBuf_p);
|
||||
c16toa((word16)ech->innerClientHelloLen, writeBuf_p);
|
||||
writeBuf_p += 2;
|
||||
/* set payload offset for when we finalize */
|
||||
ech->outerClientPayload = writeBuf_p;
|
||||
@@ -14195,6 +14195,9 @@ static int TLSX_ECH_ExpandOuterExtensions(WOLFSSL* ssl, WOLFSSL_ECH* ech,
|
||||
|
||||
newInnerChLen = innerChLen - echOuterExtLen + extraSize - sessionIdLen +
|
||||
ssl->session->sessionIDSz;
|
||||
if (newInnerChLen > 0xFFFF) {
|
||||
return BUFFER_E;
|
||||
}
|
||||
|
||||
if (!foundEchOuter && sessionIdLen == ssl->session->sessionIDSz) {
|
||||
/* no extensions + no sessionID to copy */
|
||||
@@ -14259,7 +14262,7 @@ static int TLSX_ECH_ExpandOuterExtensions(WOLFSSL* ssl, WOLFSSL_ECH* ech,
|
||||
if (ret == 0) {
|
||||
XFREE(ech->innerClientHello, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
ech->innerClientHello = newInnerCh;
|
||||
ech->innerClientHelloLen = (word16)newInnerChLen;
|
||||
ech->innerClientHelloLen = newInnerChLen;
|
||||
newInnerCh = NULL;
|
||||
}
|
||||
|
||||
@@ -14373,6 +14376,7 @@ static int TLSX_ECH_Parse(WOLFSSL* ssl, const byte* readBuf, word16 size,
|
||||
word32 offset = 0;
|
||||
word16 len;
|
||||
word16 tmpVal16;
|
||||
word16 lenCh;
|
||||
|
||||
WOLFSSL_MSG("TLSX_ECH_Parse");
|
||||
if (ssl->options.disableECH) {
|
||||
@@ -14489,7 +14493,8 @@ static int TLSX_ECH_Parse(WOLFSSL* ssl, const byte* readBuf, word16 size,
|
||||
readBuf_p += len;
|
||||
offset += len;
|
||||
/* read payload (encrypted CH) len */
|
||||
ato16(readBuf_p, &ech->innerClientHelloLen);
|
||||
ato16(readBuf_p, &lenCh);
|
||||
ech->innerClientHelloLen = lenCh;
|
||||
readBuf_p += 2;
|
||||
offset += 2;
|
||||
/* Check payload is no bigger than remaining bytes. */
|
||||
|
||||
+31
-10
@@ -3805,6 +3805,7 @@ int EchConfigGetSupportedCipherSuite(WOLFSSL_EchConfig* config)
|
||||
int i = 0;
|
||||
|
||||
if (!wc_HpkeKemIsSupported(config->kemId)) {
|
||||
WOLFSSL_MSG("ECH config: KEM not supported");
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
|
||||
@@ -3815,6 +3816,7 @@ int EchConfigGetSupportedCipherSuite(WOLFSSL_EchConfig* config)
|
||||
}
|
||||
}
|
||||
|
||||
WOLFSSL_MSG("ECH config: KDF or AEAD not supported");
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
|
||||
@@ -3937,10 +3939,14 @@ static int EchCalcAcceptance(WOLFSSL* ssl, byte* label, word16 labelSz,
|
||||
|
||||
if (isHrr) {
|
||||
/* the transcript hash of ClientHelloInner1 */
|
||||
hashSz = GetMsgHash(ssl, clientHelloInnerHash);
|
||||
if (hashSz > 0) {
|
||||
ret = GetMsgHash(ssl, clientHelloInnerHash);
|
||||
if (ret > 0) {
|
||||
hashSz = ret;
|
||||
ret = 0;
|
||||
}
|
||||
else if (ret == 0) {
|
||||
ret = HASH_TYPE_E;
|
||||
}
|
||||
|
||||
/* restart ECH transcript hash, similar to RestartHandshakeHash but
|
||||
* don't add a cookie */
|
||||
@@ -3980,6 +3986,9 @@ static int EchCalcAcceptance(WOLFSSL* ssl, byte* label, word16 labelSz,
|
||||
if (ret > 0) {
|
||||
ret = 0;
|
||||
}
|
||||
else if (ret == 0) {
|
||||
ret = HASH_TYPE_E;
|
||||
}
|
||||
}
|
||||
|
||||
/* pick the right type and size based on mac_algorithm */
|
||||
@@ -4765,15 +4774,18 @@ int SendTls13ClientHello(WOLFSSL* ssl)
|
||||
|
||||
/* get size for inner */
|
||||
ret = TLSX_GetRequestSize(ssl, client_hello, &args->length);
|
||||
|
||||
/* set the type to outer */
|
||||
args->ech->type = ECH_TYPE_OUTER;
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
/* set the type to outer */
|
||||
args->ech->type = 0;
|
||||
/* set innerClientHelloLen to ClientHelloInner + padding + tag */
|
||||
args->ech->paddingLen = 31 - ((args->length - 1) % 32);
|
||||
args->ech->innerClientHelloLen = (word16)(args->length +
|
||||
args->ech->paddingLen + args->ech->hpke->Nt);
|
||||
args->ech->innerClientHelloLen = args->length +
|
||||
args->ech->paddingLen + args->ech->hpke->Nt;
|
||||
if (args->ech->innerClientHelloLen > 0xFFFF)
|
||||
return BUFFER_E;
|
||||
/* set the length back to before we computed ClientHelloInner size */
|
||||
args->length = (word32)args->preXLength;
|
||||
}
|
||||
@@ -4915,8 +4927,10 @@ int SendTls13ClientHello(WOLFSSL* ssl)
|
||||
args->ech->innerClientHello =
|
||||
(byte*)XMALLOC(args->ech->innerClientHelloLen - args->ech->hpke->Nt,
|
||||
ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (args->ech->innerClientHello == NULL)
|
||||
if (args->ech->innerClientHello == NULL) {
|
||||
args->ech->type = ECH_TYPE_OUTER;
|
||||
return MEMORY_E;
|
||||
}
|
||||
/* set the padding bytes to 0 */
|
||||
XMEMSET(args->ech->innerClientHello + args->ech->innerClientHelloLen -
|
||||
args->ech->hpke->Nt - args->ech->paddingLen, 0,
|
||||
@@ -4939,8 +4953,10 @@ int SendTls13ClientHello(WOLFSSL* ssl)
|
||||
/* change the outer client random */
|
||||
ret = wc_RNG_GenerateBlock(ssl->rng, args->output +
|
||||
args->clientRandomOffset, RAN_LEN);
|
||||
if (ret != 0)
|
||||
if (ret != 0) {
|
||||
args->ech->type = ECH_TYPE_OUTER;
|
||||
return ret;
|
||||
}
|
||||
/* copy the new client random */
|
||||
XMEMCPY(ssl->arrays->clientRandom, args->output +
|
||||
args->clientRandomOffset, RAN_LEN);
|
||||
@@ -4949,10 +4965,10 @@ int SendTls13ClientHello(WOLFSSL* ssl)
|
||||
ret = TLSX_WriteRequest(ssl, args->ech->innerClientHello + args->idx -
|
||||
(RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ), client_hello,
|
||||
&args->length);
|
||||
/* set the type to outer */
|
||||
args->ech->type = ECH_TYPE_OUTER;
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
/* set the type to outer */
|
||||
args->ech->type = 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -5707,6 +5723,9 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
/* check for acceptConfirmation */
|
||||
if (ssl->echConfigs != NULL && !ssl->options.disableECH) {
|
||||
args->echX = TLSX_Find(ssl->extensions, TLSX_ECH);
|
||||
if (args->echX == NULL || args->echX->data == NULL)
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
|
||||
/* account for hrr extension instead of server random */
|
||||
if (args->extMsgType == hello_retry_request) {
|
||||
args->acceptOffset =
|
||||
@@ -8815,6 +8834,8 @@ int CreateSigData(WOLFSSL* ssl, byte* sigData, word16* sigDataSz,
|
||||
ret = GetMsgHash(ssl, &sigData[idx]);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
if (ret == 0)
|
||||
return HASH_TYPE_E;
|
||||
|
||||
*sigDataSz = (word16)(idx + ret);
|
||||
ret = 0;
|
||||
|
||||
@@ -917,7 +917,7 @@ int wc_HpkeInitSealContext(Hpke* hpke, HpkeBaseContext* context,
|
||||
void* ephemeralKey, void* receiverKey, byte* info, word32 infoSz)
|
||||
{
|
||||
if (hpke == NULL || context == NULL || ephemeralKey == NULL ||
|
||||
receiverKey == NULL || (info == NULL && infoSz > 0)) {
|
||||
receiverKey == NULL || (info == NULL && infoSz != 0)) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
@@ -935,7 +935,7 @@ int wc_HpkeContextSealBase(Hpke* hpke, HpkeBaseContext* context,
|
||||
int ret;
|
||||
byte nonce[HPKE_Nn_MAX];
|
||||
WC_DECLARE_VAR(aes, Aes, 1, 0);
|
||||
if (hpke == NULL || context == NULL || (aad == NULL && aadSz > 0) ||
|
||||
if (hpke == NULL || context == NULL || (aad == NULL && aadSz != 0) ||
|
||||
plaintext == NULL || out == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
@@ -1160,7 +1160,7 @@ int wc_HpkeInitOpenContext(Hpke* hpke, HpkeBaseContext* context,
|
||||
word32 infoSz)
|
||||
{
|
||||
if (hpke == NULL || context == NULL || receiverKey == NULL || pubKey == NULL
|
||||
|| (info == NULL && infoSz > 0)) {
|
||||
|| (info == NULL && infoSz != 0)) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
@@ -1175,7 +1175,8 @@ int wc_HpkeContextOpenBase(Hpke* hpke, HpkeBaseContext* context, byte* aad,
|
||||
int ret;
|
||||
byte nonce[HPKE_Nn_MAX];
|
||||
WC_DECLARE_VAR(aes, Aes, 1, 0);
|
||||
if (hpke == NULL || context == NULL || ciphertext == NULL || out == NULL) {
|
||||
if (hpke == NULL || context == NULL || (aad == NULL && aadSz != 0) ||
|
||||
ciphertext == NULL || out == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
|
||||
+664
-91
@@ -32620,18 +32620,24 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t x963kdf_test(void)
|
||||
defined(HAVE_CURVE448)) && \
|
||||
defined(HAVE_AESGCM)
|
||||
|
||||
static wc_test_ret_t hpke_test_single(Hpke* hpke)
|
||||
/* test null/bad arguments for wc_HpkeInit, a one-shot seal/open round-trip
|
||||
* with wc_HpkeSealBase/wc_HpkeOpenBase, and auth failure cases (wrong info,
|
||||
* wrong AAD, tampered ciphertext, wrong receiver key) */
|
||||
static wc_test_ret_t hpke_test_single(Hpke* hpke, int kem, int kdf, int aead)
|
||||
{
|
||||
wc_test_ret_t ret = 0;
|
||||
int rngRet = 0;
|
||||
WC_RNG rng[1];
|
||||
const char* start_text = "this is a test";
|
||||
const char* info_text = "info";
|
||||
const char* alt_info_text = "different info";
|
||||
const char* aad_text = "aad";
|
||||
const char* alt_aad_text = "different aad";
|
||||
byte ciphertext[MAX_HPKE_LABEL_SZ];
|
||||
byte plaintext[MAX_HPKE_LABEL_SZ];
|
||||
void* receiverKey = NULL;
|
||||
void* ephemeralKey = NULL;
|
||||
void* wrongKey = NULL;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
byte *pubKey = NULL; /* public key */
|
||||
word16 pubKeySz = (word16)HPKE_Npk_MAX;
|
||||
@@ -32640,20 +32646,62 @@ static wc_test_ret_t hpke_test_single(Hpke* hpke)
|
||||
word16 pubKeySz = (word16)sizeof(pubKey);
|
||||
#endif
|
||||
|
||||
rngRet = ret = wc_InitRng(rng);
|
||||
/* NULL hpke */
|
||||
ret = wc_HpkeInit(NULL, kem, kdf, aead, NULL);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
return WC_TEST_RET_ENC_EC(ret);
|
||||
/* bad kem */
|
||||
ret = wc_HpkeInit(hpke, 0, kdf, aead, NULL);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
return WC_TEST_RET_ENC_EC(ret);
|
||||
/* bad kdf */
|
||||
ret = wc_HpkeInit(hpke, kem, 0, aead, NULL);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
return WC_TEST_RET_ENC_EC(ret);
|
||||
/* bad aead */
|
||||
ret = wc_HpkeInit(hpke, kem, kdf, 0, NULL);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
return WC_TEST_RET_ENC_EC(ret);
|
||||
/* valid init */
|
||||
ret = wc_HpkeInit(hpke, kem, kdf, aead, NULL);
|
||||
if (ret != 0)
|
||||
return WC_TEST_RET_ENC_EC(ret);
|
||||
|
||||
rngRet = ret = wc_InitRng(rng);
|
||||
if (ret != 0)
|
||||
return WC_TEST_RET_ENC_EC(ret);
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if (ret == 0) {
|
||||
pubKey = (byte *)XMALLOC(pubKeySz, HEAP_HINT,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
pubKey = (byte *)XMALLOC(pubKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (pubKey == NULL)
|
||||
ret = WC_TEST_RET_ENC_EC(MEMORY_E);
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Negative test case with NULL argument */
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeGenerateKeyPair(NULL, &receiverKey, rng);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeGenerateKeyPair(hpke, NULL, rng);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeGenerateKeyPair(hpke, &receiverKey, NULL);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
|
||||
/* generate the keys */
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeGenerateKeyPair(hpke, &ephemeralKey, rng);
|
||||
@@ -32667,6 +32715,85 @@ static wc_test_ret_t hpke_test_single(Hpke* hpke)
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
}
|
||||
|
||||
/* Negative test case with NULL argument */
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeSealBase(NULL, ephemeralKey, receiverKey,
|
||||
(byte*)info_text, (word32)XSTRLEN(info_text),
|
||||
(byte*)aad_text, (word32)XSTRLEN(aad_text),
|
||||
(byte*)start_text, (word32)XSTRLEN(start_text),
|
||||
ciphertext);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeSealBase(hpke, NULL, receiverKey,
|
||||
(byte*)info_text, (word32)XSTRLEN(info_text),
|
||||
(byte*)aad_text, (word32)XSTRLEN(aad_text),
|
||||
(byte*)start_text, (word32)XSTRLEN(start_text),
|
||||
ciphertext);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeSealBase(hpke, ephemeralKey, NULL,
|
||||
(byte*)info_text, (word32)XSTRLEN(info_text),
|
||||
(byte*)aad_text, (word32)XSTRLEN(aad_text),
|
||||
(byte*)start_text, (word32)XSTRLEN(start_text),
|
||||
ciphertext);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeSealBase(hpke, ephemeralKey, receiverKey,
|
||||
(byte*)NULL, (word32)XSTRLEN(info_text),
|
||||
(byte*)aad_text, (word32)XSTRLEN(aad_text),
|
||||
(byte*)start_text, (word32)XSTRLEN(start_text),
|
||||
ciphertext);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeSealBase(hpke, ephemeralKey, receiverKey,
|
||||
(byte*)info_text, (word32)XSTRLEN(info_text),
|
||||
(byte*)NULL, (word32)XSTRLEN(aad_text),
|
||||
(byte*)start_text, (word32)XSTRLEN(start_text),
|
||||
ciphertext);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeSealBase(hpke, ephemeralKey, receiverKey,
|
||||
(byte*)info_text, (word32)XSTRLEN(info_text),
|
||||
(byte*)aad_text, (word32)XSTRLEN(aad_text),
|
||||
(byte*)NULL, (word32)XSTRLEN(start_text),
|
||||
ciphertext);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeSealBase(hpke, ephemeralKey, receiverKey,
|
||||
(byte*)info_text, (word32)XSTRLEN(info_text),
|
||||
(byte*)aad_text, (word32)XSTRLEN(aad_text),
|
||||
(byte*)start_text, (word32)XSTRLEN(start_text),
|
||||
NULL);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
|
||||
/* seal */
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeSealBase(hpke, ephemeralKey, receiverKey,
|
||||
@@ -32678,6 +32805,36 @@ static wc_test_ret_t hpke_test_single(Hpke* hpke)
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
}
|
||||
|
||||
/* Negative test case with NULL argument */
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeSerializePublicKey(NULL, ephemeralKey, pubKey, &pubKeySz);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeSerializePublicKey(hpke, NULL, pubKey, &pubKeySz);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeSerializePublicKey(hpke, ephemeralKey, NULL, &pubKeySz);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeSerializePublicKey(hpke, ephemeralKey, pubKey, NULL);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
|
||||
/* export ephemeral key */
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeSerializePublicKey(hpke, ephemeralKey, pubKey, &pubKeySz);
|
||||
@@ -32685,6 +32842,149 @@ static wc_test_ret_t hpke_test_single(Hpke* hpke)
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
}
|
||||
|
||||
/* Negative test case with NULL argument */
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeOpenBase(NULL, receiverKey, pubKey, pubKeySz,
|
||||
(byte*)info_text, (word32)XSTRLEN(info_text),
|
||||
(byte*)aad_text, (word32)XSTRLEN(aad_text),
|
||||
ciphertext, (word32)XSTRLEN(start_text),
|
||||
plaintext);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeOpenBase(hpke, NULL, pubKey, pubKeySz,
|
||||
(byte*)info_text, (word32)XSTRLEN(info_text),
|
||||
(byte*)aad_text, (word32)XSTRLEN(aad_text),
|
||||
ciphertext, (word32)XSTRLEN(start_text),
|
||||
plaintext);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeOpenBase(hpke, receiverKey, NULL, pubKeySz,
|
||||
(byte*)info_text, (word32)XSTRLEN(info_text),
|
||||
(byte*)aad_text, (word32)XSTRLEN(aad_text),
|
||||
ciphertext, (word32)XSTRLEN(start_text),
|
||||
plaintext);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeOpenBase(hpke, receiverKey, pubKey, 0,
|
||||
(byte*)info_text, (word32)XSTRLEN(info_text),
|
||||
(byte*)aad_text, (word32)XSTRLEN(aad_text),
|
||||
ciphertext, (word32)XSTRLEN(start_text),
|
||||
plaintext);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeOpenBase(hpke, receiverKey, pubKey, pubKeySz,
|
||||
(byte*)NULL, (word32)XSTRLEN(info_text),
|
||||
(byte*)aad_text, (word32)XSTRLEN(aad_text),
|
||||
ciphertext, (word32)XSTRLEN(start_text),
|
||||
plaintext);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeOpenBase(hpke, receiverKey, pubKey, pubKeySz,
|
||||
(byte*)info_text, (word32)XSTRLEN(info_text),
|
||||
(byte*)NULL, (word32)XSTRLEN(aad_text),
|
||||
ciphertext, (word32)XSTRLEN(start_text),
|
||||
plaintext);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeOpenBase(hpke, receiverKey, pubKey, pubKeySz,
|
||||
(byte*)info_text, (word32)XSTRLEN(info_text),
|
||||
(byte*)aad_text, (word32)XSTRLEN(aad_text),
|
||||
NULL, (word32)XSTRLEN(start_text),
|
||||
plaintext);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeOpenBase(hpke, receiverKey, pubKey, pubKeySz,
|
||||
(byte*)info_text, (word32)XSTRLEN(info_text),
|
||||
(byte*)aad_text, (word32)XSTRLEN(aad_text),
|
||||
ciphertext, (word32)XSTRLEN(start_text),
|
||||
NULL);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
|
||||
/* wrong info */
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeOpenBase(hpke, receiverKey, pubKey, pubKeySz,
|
||||
(byte*)alt_info_text, (word32)XSTRLEN(alt_info_text),
|
||||
(byte*)aad_text, (word32)XSTRLEN(aad_text),
|
||||
ciphertext, (word32)XSTRLEN(start_text), plaintext);
|
||||
if (ret == 0)
|
||||
ret = WC_TEST_RET_ENC_NC;
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
/* wrong AAD */
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeOpenBase(hpke, receiverKey, pubKey, pubKeySz,
|
||||
(byte*)info_text, (word32)XSTRLEN(info_text),
|
||||
(byte*)alt_aad_text, (word32)XSTRLEN(alt_aad_text),
|
||||
ciphertext, (word32)XSTRLEN(start_text), plaintext);
|
||||
if (ret == 0)
|
||||
ret = WC_TEST_RET_ENC_NC;
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
/* tampered ciphertext */
|
||||
if (ret == 0) {
|
||||
ciphertext[0] ^= 0xFF;
|
||||
ret = wc_HpkeOpenBase(hpke, receiverKey, pubKey, pubKeySz,
|
||||
(byte*)info_text, (word32)XSTRLEN(info_text),
|
||||
(byte*)aad_text, (word32)XSTRLEN(aad_text),
|
||||
ciphertext, (word32)XSTRLEN(start_text), plaintext);
|
||||
ciphertext[0] ^= 0xFF;
|
||||
if (ret == 0)
|
||||
ret = WC_TEST_RET_ENC_NC;
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
/* wrong receiver key */
|
||||
if (ret == 0)
|
||||
ret = wc_HpkeGenerateKeyPair(hpke, &wrongKey, rng);
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeOpenBase(hpke, wrongKey, pubKey, pubKeySz,
|
||||
(byte*)info_text, (word32)XSTRLEN(info_text),
|
||||
(byte*)aad_text, (word32)XSTRLEN(aad_text),
|
||||
ciphertext, (word32)XSTRLEN(start_text), plaintext);
|
||||
if (ret == 0)
|
||||
ret = WC_TEST_RET_ENC_NC;
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
if (wrongKey != NULL) {
|
||||
wc_HpkeFreeKey(hpke, hpke->kem, wrongKey, hpke->heap);
|
||||
wrongKey = NULL;
|
||||
}
|
||||
|
||||
/* open with exported ephemeral key */
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeOpenBase(hpke, receiverKey, pubKey, pubKeySz,
|
||||
@@ -32702,34 +33002,8 @@ static wc_test_ret_t hpke_test_single(Hpke* hpke)
|
||||
ret = WC_TEST_RET_ENC_NC;
|
||||
}
|
||||
|
||||
/* Negative test case with NULL argument */
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeGenerateKeyPair(NULL, &receiverKey, rng);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeGenerateKeyPair(hpke, NULL, rng);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeGenerateKeyPair(hpke, &receiverKey, NULL);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
|
||||
if (ephemeralKey != NULL)
|
||||
wc_HpkeFreeKey(hpke, hpke->kem, ephemeralKey, hpke->heap);
|
||||
|
||||
if (receiverKey != NULL)
|
||||
wc_HpkeFreeKey(hpke, hpke->kem, receiverKey, hpke->heap);
|
||||
|
||||
@@ -32741,6 +33015,10 @@ static wc_test_ret_t hpke_test_single(Hpke* hpke)
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* test null/bad arguments for the context-based HPKE API
|
||||
* (wc_HpkeInitSealContext, wc_HpkeContextSealBase, wc_HpkeInitOpenContext,
|
||||
* wc_HpkeContextOpenBase) and wc_HpkeDeserializePublicKey, a two-message
|
||||
* seal/open round-trip, out-of-order open rejection, and seq overflow */
|
||||
static wc_test_ret_t hpke_test_multi(Hpke* hpke)
|
||||
{
|
||||
wc_test_ret_t ret = 0;
|
||||
@@ -32753,91 +33031,411 @@ static wc_test_ret_t hpke_test_multi(Hpke* hpke)
|
||||
byte plaintext[MAX_HPKE_LABEL_SZ];
|
||||
void* receiverKey = NULL;
|
||||
void* ephemeralKey = NULL;
|
||||
void* deserializedKey = NULL;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
HpkeBaseContext* context = NULL;
|
||||
byte *pubKey = NULL; /* public key */
|
||||
byte* pubKey = NULL;
|
||||
word16 pubKeySz = (word16)HPKE_Npk_MAX;
|
||||
#else
|
||||
HpkeBaseContext context[1];
|
||||
byte pubKey[HPKE_Npk_MAX]; /* public key */
|
||||
byte pubKey[HPKE_Npk_MAX];
|
||||
word16 pubKeySz = (word16)sizeof(pubKey);
|
||||
#endif
|
||||
|
||||
rngRet = ret = wc_InitRng(rng);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
return WC_TEST_RET_ENC_EC(ret);
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
pubKey = (byte *)XMALLOC(pubKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
pubKey = (byte*)XMALLOC(pubKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (pubKey == NULL)
|
||||
ret = MEMORY_E;
|
||||
if (ret == 0) {
|
||||
if (ret == 0)
|
||||
context = (HpkeBaseContext*)XMALLOC(sizeof(HpkeBaseContext), HEAP_HINT,
|
||||
DYNAMIC_TYPE_TMP_BUFFER);
|
||||
}
|
||||
if (context == NULL)
|
||||
ret = MEMORY_E;
|
||||
#endif
|
||||
|
||||
/* generate the keys */
|
||||
if (ret == 0)
|
||||
ret = wc_HpkeGenerateKeyPair(hpke, &ephemeralKey, rng);
|
||||
if (ret == 0)
|
||||
ret = wc_HpkeGenerateKeyPair(hpke, &receiverKey, rng);
|
||||
/* setup seal context */
|
||||
|
||||
/* Negative test case with NULL argument */
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeInitSealContext(NULL, context, ephemeralKey, receiverKey,
|
||||
(byte*)info_text, (word32)XSTRLEN(info_text));
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeInitSealContext(hpke, NULL, ephemeralKey, receiverKey,
|
||||
(byte*)info_text, (word32)XSTRLEN(info_text));
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeInitSealContext(hpke, context, NULL, receiverKey,
|
||||
(byte*)info_text, (word32)XSTRLEN(info_text));
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeInitSealContext(hpke, context, ephemeralKey, NULL,
|
||||
(byte*)info_text, (word32)XSTRLEN(info_text));
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
/* NULL info with non-zero infoSz */
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeInitSealContext(hpke, context, ephemeralKey, receiverKey,
|
||||
NULL, (word32)XSTRLEN(info_text));
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
/* infoSz too large to fit in labeled_ikm scratch buffer */
|
||||
if (ret == 0) {
|
||||
/* prefer ciphertexts[0] to info_text for this test since static
|
||||
* analysis may throw an error */
|
||||
ret = wc_HpkeInitSealContext(hpke, context, ephemeralKey, receiverKey,
|
||||
ciphertexts[0], MAX_HPKE_LABEL_SZ);
|
||||
if (ret != WC_NO_ERR_TRACE(BUFFER_E))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
|
||||
/* initialize a valid seal context for ContextSealBase tests */
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeInitSealContext(hpke, context, ephemeralKey, receiverKey,
|
||||
(byte*)info_text, (word32)XSTRLEN(info_text));
|
||||
if (ret != 0)
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
}
|
||||
|
||||
/* Negative test case with NULL argument */
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeContextSealBase(NULL, context,
|
||||
(byte*)aad_text, (word32)XSTRLEN(aad_text),
|
||||
(byte*)start_text, (word32)XSTRLEN(start_text), ciphertexts[0]);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeContextSealBase(hpke, NULL,
|
||||
(byte*)aad_text, (word32)XSTRLEN(aad_text),
|
||||
(byte*)start_text, (word32)XSTRLEN(start_text), ciphertexts[0]);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
/* NULL aad with non-zero aadSz */
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeContextSealBase(hpke, context,
|
||||
NULL, (word32)XSTRLEN(aad_text),
|
||||
(byte*)start_text, (word32)XSTRLEN(start_text), ciphertexts[0]);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeContextSealBase(hpke, context,
|
||||
(byte*)aad_text, (word32)XSTRLEN(aad_text),
|
||||
NULL, (word32)XSTRLEN(start_text), ciphertexts[0]);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeContextSealBase(hpke, context,
|
||||
(byte*)aad_text, (word32)XSTRLEN(aad_text),
|
||||
(byte*)start_text, (word32)XSTRLEN(start_text), NULL);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
|
||||
/* seal message 0 */
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeContextSealBase(hpke, context,
|
||||
(byte*)aad_text, (word32)XSTRLEN(aad_text),
|
||||
(byte*)start_text, (word32)XSTRLEN(start_text),
|
||||
ciphertexts[context->seq]);
|
||||
(byte*)start_text, (word32)XSTRLEN(start_text), ciphertexts[0]);
|
||||
if (ret != 0)
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
}
|
||||
/* seal message 1 */
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeContextSealBase(hpke, context,
|
||||
(byte*)aad_text, (word32)XSTRLEN(aad_text),
|
||||
(byte*)start_text, (word32)XSTRLEN(start_text),
|
||||
ciphertexts[context->seq]);
|
||||
(byte*)start_text, (word32)XSTRLEN(start_text), ciphertexts[1]);
|
||||
if (ret != 0)
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
}
|
||||
/* export ephemeral key */
|
||||
if (ret == 0)
|
||||
|
||||
/* Negative test case with NULL argument */
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeSerializePublicKey(hpke, ephemeralKey, pubKey, &pubKeySz);
|
||||
/* setup open context */
|
||||
if (ret != 0)
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeDeserializePublicKey(NULL, &deserializedKey, pubKey,
|
||||
pubKeySz);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeDeserializePublicKey(hpke, NULL, pubKey, pubKeySz);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeDeserializePublicKey(hpke, &deserializedKey, NULL,
|
||||
pubKeySz);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
/* inSz = 0 is less than Npk */
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeDeserializePublicKey(hpke, &deserializedKey, pubKey, 0);
|
||||
if (ret != WC_NO_ERR_TRACE(BUFFER_E))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
/* deserialize result must re-serialize identically */
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeDeserializePublicKey(hpke, &deserializedKey, pubKey,
|
||||
pubKeySz);
|
||||
if (ret != 0)
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
}
|
||||
if (ret == 0) {
|
||||
word16 reSz = (word16)sizeof(plaintext);
|
||||
ret = wc_HpkeSerializePublicKey(hpke, deserializedKey,
|
||||
plaintext, &reSz);
|
||||
if (ret != 0)
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else if (reSz != pubKeySz || XMEMCMP(plaintext, pubKey, pubKeySz) != 0)
|
||||
ret = WC_TEST_RET_ENC_NC;
|
||||
}
|
||||
if (deserializedKey != NULL) {
|
||||
wc_HpkeFreeKey(hpke, hpke->kem, deserializedKey, hpke->heap);
|
||||
deserializedKey = NULL;
|
||||
}
|
||||
|
||||
/* Negative test case with NULL argument */
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeInitOpenContext(NULL, context, receiverKey, pubKey,
|
||||
pubKeySz, (byte*)info_text, (word32)XSTRLEN(info_text));
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeInitOpenContext(hpke, NULL, receiverKey, pubKey,
|
||||
pubKeySz, (byte*)info_text, (word32)XSTRLEN(info_text));
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeInitOpenContext(hpke, context, NULL, pubKey,
|
||||
pubKeySz, (byte*)info_text, (word32)XSTRLEN(info_text));
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeInitOpenContext(hpke, context, receiverKey, NULL,
|
||||
pubKeySz, (byte*)info_text, (word32)XSTRLEN(info_text));
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeInitOpenContext(hpke, context, receiverKey, pubKey,
|
||||
pubKeySz, NULL, (word32)XSTRLEN(info_text));
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
|
||||
/* initialize a valid open context for ContextOpenBase tests */
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeInitOpenContext(hpke, context, receiverKey, pubKey,
|
||||
pubKeySz, (byte*)info_text, (word32)XSTRLEN(info_text));
|
||||
if (ret != 0)
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
}
|
||||
|
||||
/* Negative test case with NULL argument */
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeContextOpenBase(NULL, context,
|
||||
(byte*)aad_text, (word32)XSTRLEN(aad_text),
|
||||
ciphertexts[0], (word32)XSTRLEN(start_text), plaintext);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeContextOpenBase(hpke, NULL,
|
||||
(byte*)aad_text, (word32)XSTRLEN(aad_text),
|
||||
ciphertexts[0], (word32)XSTRLEN(start_text), plaintext);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
/* NULL aad with non-zero aadSz */
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeContextOpenBase(hpke, context,
|
||||
NULL, (word32)XSTRLEN(aad_text),
|
||||
ciphertexts[0], (word32)XSTRLEN(start_text), plaintext);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeContextOpenBase(hpke, context,
|
||||
(byte*)aad_text, (word32)XSTRLEN(aad_text),
|
||||
NULL, (word32)XSTRLEN(start_text), plaintext);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeContextOpenBase(hpke, context,
|
||||
(byte*)aad_text, (word32)XSTRLEN(aad_text),
|
||||
ciphertexts[0], (word32)XSTRLEN(start_text), NULL);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
|
||||
/* out-of-order open: try msg1 first */
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeContextOpenBase(hpke, context,
|
||||
(byte*)aad_text, (word32)XSTRLEN(aad_text),
|
||||
ciphertexts[1], (word32)XSTRLEN(start_text), plaintext);
|
||||
if (ret == 0)
|
||||
ret = WC_TEST_RET_ENC_NC;
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
|
||||
/* open message 0 */
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeContextOpenBase(hpke, context, (byte*)aad_text,
|
||||
(word32)XSTRLEN(aad_text), ciphertexts[context->seq],
|
||||
(word32)XSTRLEN(start_text), plaintext);
|
||||
ret = wc_HpkeContextOpenBase(hpke, context,
|
||||
(byte*)aad_text, (word32)XSTRLEN(aad_text),
|
||||
ciphertexts[0], (word32)XSTRLEN(start_text), plaintext);
|
||||
if (ret != 0)
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
}
|
||||
/* check message 0 */
|
||||
if (ret == 0)
|
||||
if (ret == 0) {
|
||||
ret = XMEMCMP(plaintext, start_text, XSTRLEN(start_text));
|
||||
if (ret != 0)
|
||||
ret = WC_TEST_RET_ENC_NC;
|
||||
}
|
||||
/* open message 1 */
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeContextOpenBase(hpke, context, (byte*)aad_text,
|
||||
(word32)XSTRLEN(aad_text), ciphertexts[context->seq],
|
||||
(word32)XSTRLEN(start_text), plaintext);
|
||||
ret = wc_HpkeContextOpenBase(hpke, context,
|
||||
(byte*)aad_text, (word32)XSTRLEN(aad_text),
|
||||
ciphertexts[1], (word32)XSTRLEN(start_text), plaintext);
|
||||
if (ret != 0)
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
}
|
||||
/* check message 1 */
|
||||
if (ret == 0)
|
||||
if (ret == 0) {
|
||||
ret = XMEMCMP(plaintext, start_text, XSTRLEN(start_text));
|
||||
if (ret != 0)
|
||||
ret = WC_TEST_RET_ENC_NC;
|
||||
}
|
||||
|
||||
/* seal context overflowed */
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeInitSealContext(hpke, context, ephemeralKey, receiverKey,
|
||||
(byte*)info_text, (word32)XSTRLEN(info_text));
|
||||
if (ret != 0)
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
}
|
||||
if (ret == 0) {
|
||||
context->seq = WC_MAX_SINT_OF(int);
|
||||
ret = wc_HpkeContextSealBase(hpke, context,
|
||||
(byte*)aad_text, (word32)XSTRLEN(aad_text),
|
||||
(byte*)start_text, (word32)XSTRLEN(start_text), ciphertexts[0]);
|
||||
if (ret != WC_NO_ERR_TRACE(SEQ_OVERFLOW_E))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
/* open context overflowed */
|
||||
if (ret == 0) {
|
||||
ret = wc_HpkeInitOpenContext(hpke, context, receiverKey, pubKey,
|
||||
pubKeySz, (byte*)info_text, (word32)XSTRLEN(info_text));
|
||||
if (ret != 0)
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
}
|
||||
if (ret == 0) {
|
||||
context->seq = WC_MAX_SINT_OF(int);
|
||||
ret = wc_HpkeContextOpenBase(hpke, context,
|
||||
(byte*)aad_text, (word32)XSTRLEN(aad_text),
|
||||
ciphertexts[0], (word32)XSTRLEN(start_text), plaintext);
|
||||
if (ret != WC_NO_ERR_TRACE(SEQ_OVERFLOW_E))
|
||||
ret = WC_TEST_RET_ENC_EC(ret);
|
||||
else
|
||||
ret = 0;
|
||||
}
|
||||
|
||||
if (ephemeralKey != NULL)
|
||||
wc_HpkeFreeKey(hpke, hpke->kem, ephemeralKey, hpke->heap);
|
||||
if (receiverKey != NULL)
|
||||
wc_HpkeFreeKey(hpke, hpke->kem, receiverKey, hpke->heap);
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if (pubKey != NULL)
|
||||
XFREE(pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (context != NULL)
|
||||
XFREE(context, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
|
||||
if (rngRet == 0)
|
||||
wc_FreeRng(rng);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -32850,11 +33448,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void)
|
||||
#if defined(HAVE_ECC) && defined(WOLFSSL_AES_128)
|
||||
#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && !defined(NO_SHA256)
|
||||
/* p256 */
|
||||
ret = wc_HpkeInit(hpke, DHKEM_P256_HKDF_SHA256, HKDF_SHA256,
|
||||
HPKE_AES_128_GCM, NULL);
|
||||
if (ret != 0)
|
||||
return WC_TEST_RET_ENC_EC(ret);
|
||||
ret = hpke_test_single(hpke);
|
||||
ret = hpke_test_single(hpke, DHKEM_P256_HKDF_SHA256, HKDF_SHA256,
|
||||
HPKE_AES_128_GCM);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
ret = hpke_test_multi(hpke);
|
||||
@@ -32865,11 +33460,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void)
|
||||
#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \
|
||||
!defined(NO_SHA256) && defined(WOLFSSL_SHA512)
|
||||
/* p256 with sha512 kdf */
|
||||
ret = wc_HpkeInit(hpke, DHKEM_P256_HKDF_SHA256, HKDF_SHA512,
|
||||
HPKE_AES_128_GCM, NULL);
|
||||
if (ret != 0)
|
||||
return WC_TEST_RET_ENC_EC(ret);
|
||||
ret = hpke_test_single(hpke);
|
||||
ret = hpke_test_single(hpke, DHKEM_P256_HKDF_SHA256, HKDF_SHA512,
|
||||
HPKE_AES_128_GCM);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
ret = hpke_test_multi(hpke);
|
||||
@@ -32881,11 +33473,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void)
|
||||
#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \
|
||||
defined(WOLFSSL_SHA384)
|
||||
/* p384 */
|
||||
ret = wc_HpkeInit(hpke, DHKEM_P384_HKDF_SHA384, HKDF_SHA384,
|
||||
HPKE_AES_128_GCM, NULL);
|
||||
if (ret != 0)
|
||||
return WC_TEST_RET_ENC_EC(ret);
|
||||
ret = hpke_test_single(hpke);
|
||||
ret = hpke_test_single(hpke, DHKEM_P384_HKDF_SHA384, HKDF_SHA384,
|
||||
HPKE_AES_128_GCM);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
ret = hpke_test_multi(hpke);
|
||||
@@ -32896,11 +33485,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void)
|
||||
#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \
|
||||
defined(WOLFSSL_SHA512)
|
||||
/* p521 */
|
||||
ret = wc_HpkeInit(hpke, DHKEM_P521_HKDF_SHA512, HKDF_SHA512,
|
||||
HPKE_AES_128_GCM, NULL);
|
||||
if (ret != 0)
|
||||
return WC_TEST_RET_ENC_EC(ret);
|
||||
ret = hpke_test_single(hpke);
|
||||
ret = hpke_test_single(hpke, DHKEM_P521_HKDF_SHA512, HKDF_SHA512,
|
||||
HPKE_AES_128_GCM);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
ret = hpke_test_multi(hpke);
|
||||
@@ -32911,11 +33497,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void)
|
||||
#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \
|
||||
defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512)
|
||||
/* p521 with sha384 kdf */
|
||||
ret = wc_HpkeInit(hpke, DHKEM_P521_HKDF_SHA512, HKDF_SHA384,
|
||||
HPKE_AES_128_GCM, NULL);
|
||||
if (ret != 0)
|
||||
return WC_TEST_RET_ENC_EC(ret);
|
||||
ret = hpke_test_single(hpke);
|
||||
ret = hpke_test_single(hpke, DHKEM_P521_HKDF_SHA512, HKDF_SHA384,
|
||||
HPKE_AES_128_GCM);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
ret = hpke_test_multi(hpke);
|
||||
@@ -32926,11 +33509,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void)
|
||||
|
||||
#if defined(HAVE_CURVE25519) && !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
|
||||
/* test with curve25519 and aes256 */
|
||||
ret = wc_HpkeInit(hpke, DHKEM_X25519_HKDF_SHA256, HKDF_SHA256,
|
||||
HPKE_AES_256_GCM, NULL);
|
||||
if (ret != 0)
|
||||
return WC_TEST_RET_ENC_EC(ret);
|
||||
ret = hpke_test_single(hpke);
|
||||
ret = hpke_test_single(hpke, DHKEM_X25519_HKDF_SHA256, HKDF_SHA256,
|
||||
HPKE_AES_256_GCM);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
ret = hpke_test_multi(hpke);
|
||||
@@ -32941,15 +33521,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void)
|
||||
|
||||
#if defined(HAVE_CURVE448) && defined(WOLFSSL_SHA512) && \
|
||||
defined(WOLFSSL_AES_256)
|
||||
/* test with curve448 and aes256 */
|
||||
ret = wc_HpkeInit(hpke, DHKEM_X448_HKDF_SHA512, HKDF_SHA512,
|
||||
HPKE_AES_256_GCM, NULL);
|
||||
|
||||
/* HPKE does not support X448 yet, so expect failure */
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
return WC_TEST_RET_ENC_EC(ret);
|
||||
|
||||
ret = hpke_test_single(hpke);
|
||||
ret = hpke_test_single(hpke, DHKEM_X448_HKDF_SHA512, HKDF_SHA512,
|
||||
HPKE_AES_256_GCM);
|
||||
|
||||
/* HPKE does not support X448 yet, so expect failure */
|
||||
if (WC_TEST_RET_DEC_EC(ret) != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
|
||||
+2
-2
@@ -3141,9 +3141,9 @@ typedef struct WOLFSSL_ECH {
|
||||
byte* outerClientPayload;
|
||||
byte* confBuf;
|
||||
EchCipherSuite cipherSuite;
|
||||
word16 aadLen;
|
||||
word32 aadLen;
|
||||
word32 innerClientHelloLen;
|
||||
word16 paddingLen;
|
||||
word16 innerClientHelloLen;
|
||||
word16 kemId;
|
||||
word16 encLen;
|
||||
EchState state;
|
||||
|
||||
Reference in New Issue
Block a user