mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 07:40:54 +02:00
Rust wrapper: add FIPS support
This commit is contained in:
@@ -1147,7 +1147,7 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz,
|
||||
rng->drbg_scratch = NULL;
|
||||
#endif
|
||||
}
|
||||
/* else swc_RNG_HealthTestLocal was successful */
|
||||
/* else wc_RNG_HealthTestLocal was successful */
|
||||
|
||||
if (ret == DRBG_SUCCESS) {
|
||||
#ifdef WOLFSSL_CHECK_MEM_ZERO
|
||||
|
||||
@@ -6,6 +6,10 @@ all:
|
||||
test:
|
||||
+$(MAKE) -C wolfssl-wolfcrypt test
|
||||
|
||||
.PHONY: testfips
|
||||
testfips:
|
||||
+$(MAKE) -C wolfssl-wolfcrypt testfips
|
||||
|
||||
.PHONY: clean
|
||||
clean:
|
||||
+$(MAKE) -C wolfssl-wolfcrypt clean
|
||||
|
||||
@@ -6,7 +6,11 @@ all:
|
||||
|
||||
.PHONY: test
|
||||
test:
|
||||
cargo test
|
||||
cargo test -- --test-threads=1
|
||||
|
||||
.PHONY: testfips
|
||||
testfips:
|
||||
cargo test --lib --bins --tests -- --test-threads=1
|
||||
|
||||
.PHONY: clean
|
||||
clean:
|
||||
|
||||
@@ -19,6 +19,7 @@ fn main() {
|
||||
/// Returns `Ok(())` if successful, or an error if any step fails.
|
||||
fn run_build() -> Result<()> {
|
||||
generate_bindings()?;
|
||||
generate_fips_aliases()?;
|
||||
setup_wolfssl_link()?;
|
||||
scan_cfg()?;
|
||||
Ok(())
|
||||
@@ -64,6 +65,79 @@ fn generate_bindings() -> Result<()> {
|
||||
})
|
||||
}
|
||||
|
||||
/// Generate FIPS symbol aliases.
|
||||
///
|
||||
/// Since Rust can't use fips.h's #defines which map the "regular" wc function
|
||||
/// name to the _fips variant, and since bindgen has only seen the _fips
|
||||
/// variant, we will generate aliases that allow the non-_fips variant function
|
||||
/// name to be called without the _fips prefix by Rust sources in a manner
|
||||
/// similar to which C sources would be able to call the non-_fips variant
|
||||
/// function name.
|
||||
///
|
||||
/// Returns `Ok(())` if successful, or an error if generation fails.
|
||||
fn generate_fips_aliases() -> Result<()> {
|
||||
let binding = read_file(bindings_path())?;
|
||||
let out_dir = PathBuf::from(env::var("OUT_DIR").unwrap());
|
||||
let aliases_path = out_dir.join("fips_aliases.rs");
|
||||
|
||||
let mut aliases = String::new();
|
||||
|
||||
// Find all _fips symbol names
|
||||
let fips_sym_re = Regex::new(r"pub fn (wc_\w+)_fips\s*\(").unwrap();
|
||||
|
||||
for cap in fips_sym_re.captures_iter(&binding) {
|
||||
let mut base_name = &cap[1];
|
||||
let fips_name = format!("{}_fips", base_name);
|
||||
|
||||
// Exception mappings: (standard_name, fips_name)
|
||||
// For cases where FIPS name doesn't follow the simple <name>_fips pattern
|
||||
let exceptions: &[(&str, &str)] = &[
|
||||
// _ex suffix changed to Ex before _fips
|
||||
("wc_InitRsaKey_ex", "wc_InitRsaKeyEx_fips"),
|
||||
("wc_RsaPublicEncrypt_ex", "wc_RsaPublicEncryptEx_fips"),
|
||||
("wc_RsaPrivateDecryptInline_ex", "wc_RsaPrivateDecryptInlineEx_fips"),
|
||||
("wc_RsaPrivateDecrypt_ex", "wc_RsaPrivateDecryptEx_fips"),
|
||||
("wc_RsaPSS_Sign_ex", "wc_RsaPSS_SignEx_fips"),
|
||||
("wc_RsaPSS_VerifyInline_ex", "wc_RsaPSS_VerifyInlineEx_fips"),
|
||||
("wc_RsaPSS_Verify_ex", "wc_RsaPSS_VerifyEx_fips"),
|
||||
("wc_RsaPSS_CheckPadding_ex", "wc_RsaPSS_CheckPaddingEx_fips"),
|
||||
("wc_DhSetKey_ex", "wc_DhSetKeyEx_fips"),
|
||||
("wc_DhCheckPubKey_ex", "wc_DhCheckPubKeyEx_fips"),
|
||||
("wc_DhCheckPrivKey_ex", "wc_DhCheckPrivKeyEx_fips"),
|
||||
|
||||
// Name change
|
||||
("wc_PRF_TLS", "wc_PRF_TLSv12_fips"),
|
||||
];
|
||||
|
||||
// Handle exceptions
|
||||
for (exc_base_name, exc_fips_name) in exceptions {
|
||||
if fips_name == *exc_fips_name {
|
||||
base_name = exc_base_name;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
// Check if the non-_fips version exists in bindings
|
||||
let non_fips_pattern = format!(r"pub fn {}\s*\(", regex::escape(base_name));
|
||||
let non_fips_re = Regex::new(&non_fips_pattern).unwrap();
|
||||
|
||||
if non_fips_re.is_match(&binding) {
|
||||
// Add any new known names defined with both a _fips suffix and not
|
||||
// here. Warn if any new ones are discovered.
|
||||
if base_name != "wc_AesGcmEncrypt" {
|
||||
println!("cargo:warning=Skipping FIPS symbols alias for {}", base_name);
|
||||
}
|
||||
} else {
|
||||
// Only alias if the base name doesn't already exist
|
||||
aliases.push_str(&format!("pub use {} as {};\n", fips_name, base_name));
|
||||
}
|
||||
}
|
||||
|
||||
fs::write(&aliases_path, aliases)?;
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// Instruct cargo to link against wolfssl C library
|
||||
///
|
||||
/// Returns `Ok(())` if successful, or an error if any step fails.
|
||||
@@ -93,7 +167,7 @@ fn read_file(path: String) -> Result<String> {
|
||||
}
|
||||
|
||||
fn check_cfg(binding: &str, function_name: &str, cfg_name: &str) {
|
||||
let pattern = format!(r"\b{}\b", function_name);
|
||||
let pattern = format!(r"\b{}(_fips)?\b", function_name);
|
||||
let re = match Regex::new(&pattern) {
|
||||
Ok(r) => r,
|
||||
Err(e) => {
|
||||
@@ -181,6 +255,9 @@ fn scan_cfg() -> Result<()> {
|
||||
check_cfg(&binding, "wc_ed448_verify_msg_ex", "ed448_verify");
|
||||
check_cfg(&binding, "wc_ed448_verify_msg_init", "ed448_streaming_verify");
|
||||
|
||||
/* fips */
|
||||
check_cfg(&binding, "wc_SetSeed_Cb_fips", "fips");
|
||||
|
||||
/* hkdf */
|
||||
check_cfg(&binding, "wc_HKDF_Extract_ex", "hkdf");
|
||||
|
||||
@@ -213,6 +290,8 @@ fn scan_cfg() -> Result<()> {
|
||||
check_cfg(&binding, "wc_InitSha256", "sha256");
|
||||
check_cfg(&binding, "wc_InitSha384", "sha384");
|
||||
check_cfg(&binding, "wc_InitSha512", "sha512");
|
||||
check_cfg(&binding, "wc_HashType_WC_HASH_TYPE_SHA512_224", "sha512_224");
|
||||
check_cfg(&binding, "wc_HashType_WC_HASH_TYPE_SHA512_256", "sha512_256");
|
||||
check_cfg(&binding, "wc_InitSha3_224", "sha3");
|
||||
check_cfg(&binding, "wc_InitShake128", "shake128");
|
||||
check_cfg(&binding, "wc_InitShake256", "shake256");
|
||||
|
||||
@@ -711,7 +711,7 @@ impl ECC {
|
||||
}
|
||||
let mut wc_ecc_key = unsafe { wc_ecc_key.assume_init() };
|
||||
let priv_size = priv_buf.len() as u32;
|
||||
let pub_ptr = if pub_buf.len() == 0 {core::ptr::null()} else {pub_buf.as_ptr()};
|
||||
let pub_ptr = if pub_buf.is_empty() {core::ptr::null()} else {pub_buf.as_ptr()};
|
||||
let pub_size = pub_buf.len() as u32;
|
||||
let rc = unsafe {
|
||||
sys::wc_ecc_import_private_key(priv_buf.as_ptr(), priv_size,
|
||||
@@ -785,7 +785,7 @@ impl ECC {
|
||||
}
|
||||
let mut wc_ecc_key = unsafe { wc_ecc_key.assume_init() };
|
||||
let priv_size = priv_buf.len() as u32;
|
||||
let pub_ptr = if pub_buf.len() == 0 {core::ptr::null()} else {pub_buf.as_ptr()};
|
||||
let pub_ptr = if pub_buf.is_empty() {core::ptr::null()} else {pub_buf.as_ptr()};
|
||||
let pub_size = pub_buf.len() as u32;
|
||||
let rc = unsafe {
|
||||
sys::wc_ecc_import_private_key_ex(priv_buf.as_ptr(), priv_size,
|
||||
|
||||
@@ -0,0 +1,34 @@
|
||||
#![cfg(fips)]
|
||||
|
||||
use crate::sys;
|
||||
|
||||
/// Enables or disables the ability to read private key data in FIPS mode.
|
||||
///
|
||||
/// In FIPS mode, private keys are protected and cannot be read by default.
|
||||
/// This function allows temporarily enabling private key reads for operations
|
||||
/// that require access to the raw key material, such as key export or backup.
|
||||
///
|
||||
/// # Arguments
|
||||
///
|
||||
/// * `enabled` - Set to `1` to enable private key reads, or `0` to disable.
|
||||
///
|
||||
/// # Returns
|
||||
///
|
||||
/// * `Ok(())` - The operation succeeded.
|
||||
/// * `Err(i32)` - The operation failed, returning the wolfSSL error code.
|
||||
///
|
||||
/// # Note
|
||||
///
|
||||
/// This function applies to all key types (`WC_KEYTYPE_ALL`). Private key
|
||||
/// reading should be disabled again after the required operation is complete
|
||||
/// to maintain FIPS compliance.
|
||||
pub fn set_private_key_read_enable(enabled: i32) -> Result<(), i32> {
|
||||
let rc = unsafe {
|
||||
sys::wolfCrypt_SetPrivateKeyReadEnable_fips(enabled, sys::wc_KeyType_WC_KEYTYPE_ALL)
|
||||
};
|
||||
if rc != 0 {
|
||||
Err(rc)
|
||||
} else {
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
@@ -38,7 +38,9 @@ impl HMAC {
|
||||
pub const TYPE_SHA: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA as i32;
|
||||
pub const TYPE_SHA256: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA256 as i32;
|
||||
pub const TYPE_SHA512: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA512 as i32;
|
||||
#[cfg(sha512_224)]
|
||||
pub const TYPE_SHA512_224: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA512_224 as i32;
|
||||
#[cfg(sha512_256)]
|
||||
pub const TYPE_SHA512_256: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA512_256 as i32;
|
||||
pub const TYPE_SHA384: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA384 as i32;
|
||||
pub const TYPE_SHA224: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA224 as i32;
|
||||
|
||||
@@ -30,6 +30,7 @@ pub mod dh;
|
||||
pub mod ecc;
|
||||
pub mod ed25519;
|
||||
pub mod ed448;
|
||||
pub mod fips;
|
||||
pub mod hkdf;
|
||||
pub mod hmac;
|
||||
pub mod kdf;
|
||||
|
||||
@@ -87,6 +87,15 @@ impl RNG {
|
||||
/// A Result which is Ok(RNG) on success or an Err containing the wolfSSL
|
||||
/// library return code on failure.
|
||||
pub fn new_ex(heap: Option<*mut std::os::raw::c_void>, dev_id: Option<i32>) -> Result<Self, i32> {
|
||||
#[cfg(fips)]
|
||||
{
|
||||
let rc = unsafe {
|
||||
sys::wc_SetSeed_Cb_fips(Some(sys::wc_GenerateSeed))
|
||||
};
|
||||
if rc != 0 {
|
||||
return Err(rc);
|
||||
}
|
||||
}
|
||||
let mut rng: MaybeUninit<RNG> = MaybeUninit::uninit();
|
||||
let heap = match heap {
|
||||
Some(heap) => heap,
|
||||
@@ -137,6 +146,15 @@ impl RNG {
|
||||
/// A Result which is Ok(RNG) on success or an Err containing the wolfSSL
|
||||
/// library return code on failure.
|
||||
pub fn new_with_nonce_ex<T>(nonce: &mut [T], heap: Option<*mut std::os::raw::c_void>, dev_id: Option<i32>) -> Result<Self, i32> {
|
||||
#[cfg(fips)]
|
||||
{
|
||||
let rc = unsafe {
|
||||
sys::wc_SetSeed_Cb_fips(Some(sys::wc_GenerateSeed))
|
||||
};
|
||||
if rc != 0 {
|
||||
return Err(rc);
|
||||
}
|
||||
}
|
||||
let ptr = nonce.as_mut_ptr() as *mut u8;
|
||||
let size: u32 = size_of_val(nonce) as u32;
|
||||
let mut rng: MaybeUninit<RNG> = MaybeUninit::uninit();
|
||||
|
||||
@@ -100,7 +100,9 @@ impl RSA {
|
||||
pub const HASH_TYPE_SHA3_512 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHA3_512;
|
||||
pub const HASH_TYPE_BLAKE2B : u32 = sys::wc_HashType_WC_HASH_TYPE_BLAKE2B;
|
||||
pub const HASH_TYPE_BLAKE2S : u32 = sys::wc_HashType_WC_HASH_TYPE_BLAKE2S;
|
||||
#[cfg(sha512_224)]
|
||||
pub const HASH_TYPE_SHA512_224 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHA512_224;
|
||||
#[cfg(sha512_256)]
|
||||
pub const HASH_TYPE_SHA512_256 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHA512_256;
|
||||
#[cfg(shake128)]
|
||||
pub const HASH_TYPE_SHAKE128 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHAKE128;
|
||||
|
||||
@@ -14,3 +14,6 @@
|
||||
#![allow(unnecessary_transmutes)]
|
||||
#![allow(unsafe_op_in_unsafe_fn)]
|
||||
include!(concat!(env!("OUT_DIR"), "/bindings.rs"));
|
||||
|
||||
/* Include generated FIPS symbol aliases. */
|
||||
include!(concat!(env!("OUT_DIR"), "/fips_aliases.rs"));
|
||||
|
||||
@@ -0,0 +1,12 @@
|
||||
#[cfg(fips)]
|
||||
fn setup_fips()
|
||||
{
|
||||
use wolfssl_wolfcrypt::fips;
|
||||
fips::set_private_key_read_enable(1).expect("Error with set_private_key_read_enable()");
|
||||
}
|
||||
|
||||
pub fn setup()
|
||||
{
|
||||
#[cfg(fips)]
|
||||
setup_fips();
|
||||
}
|
||||
@@ -780,41 +780,39 @@ fn test_xts_consecutive_sectors() {
|
||||
#[cfg(aes_xts_stream)]
|
||||
fn test_xtsstream() {
|
||||
let keys: [u8; 32] = [
|
||||
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
|
||||
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
|
||||
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
|
||||
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
|
||||
0x39, 0x25, 0x79, 0x05, 0xdf, 0xcc, 0x77, 0x76,
|
||||
0x6c, 0x87, 0x0a, 0x80, 0x6a, 0x60, 0xe3, 0xc0,
|
||||
0x93, 0xd1, 0x2a, 0xcf, 0xcb, 0x51, 0x42, 0xfa,
|
||||
0x09, 0x69, 0x89, 0x62, 0x5b, 0x60, 0xdb, 0x16
|
||||
];
|
||||
let tweak: [u8; 16] = [
|
||||
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
|
||||
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
|
||||
0x5c, 0xf7, 0x9d, 0xb6, 0xc5, 0xcd, 0x99, 0x1a,
|
||||
0x1c, 0x78, 0x81, 0x42, 0x24, 0x95, 0x1e, 0x84
|
||||
];
|
||||
let plain: [u8; 40] = [
|
||||
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
|
||||
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
|
||||
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
|
||||
0x20, 0xff, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
|
||||
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20
|
||||
let plain: [u8; 32] = [
|
||||
0xbd, 0xc5, 0x46, 0x8f, 0xbc, 0x8d, 0x50, 0xa1,
|
||||
0x0d, 0x1c, 0x85, 0x7f, 0x79, 0x1c, 0x5c, 0xba,
|
||||
0xb3, 0x81, 0x0d, 0x0d, 0x73, 0xcf, 0x8f, 0x20,
|
||||
0x46, 0xb1, 0xd1, 0x9e, 0x7d, 0x5d, 0x8a, 0x56
|
||||
];
|
||||
let expected_cipher: [u8; 40] = [
|
||||
0xA2, 0x07, 0x47, 0x76, 0x3F, 0xEC, 0x0C, 0x23,
|
||||
0x1B, 0xD0, 0xBD, 0x46, 0x9A, 0x27, 0x38, 0x12,
|
||||
0x95, 0x02, 0x3D, 0x5D, 0xC6, 0x94, 0x51, 0x36,
|
||||
0xA0, 0x85, 0xD2, 0x69, 0x6E, 0x87, 0x0A, 0xBF,
|
||||
0xB5, 0x5A, 0xDD, 0xCB, 0x80, 0xE0, 0xFC, 0xCD
|
||||
let expected_cipher: [u8; 32] = [
|
||||
0xd6, 0xbe, 0x04, 0x6d, 0x41, 0xf2, 0x3b, 0x5e,
|
||||
0xd7, 0x0b, 0x6b, 0x3d, 0x5c, 0x8e, 0x66, 0x23,
|
||||
0x2b, 0xe6, 0xb8, 0x07, 0xd4, 0xdc, 0xc6, 0x0e,
|
||||
0xff, 0x8d, 0xbc, 0x1d, 0x9f, 0x7f, 0xc8, 0x22
|
||||
];
|
||||
|
||||
let mut xtsstream = XTSStream::new().expect("Failed to create XTSStream");
|
||||
xtsstream.init_encrypt(&keys, &tweak).expect("Error with init_encrypt()");
|
||||
let mut cipher: [u8; 40] = [0; 40];
|
||||
let mut cipher: [u8; 32] = [0; 32];
|
||||
xtsstream.encrypt_update(&plain[0..16], &mut cipher[0..16]).expect("Error with encrypt_update()");
|
||||
xtsstream.encrypt_final(&plain[16..40], &mut cipher[16..40]).expect("Error with encrypt_final()");
|
||||
xtsstream.encrypt_final(&plain[16..32], &mut cipher[16..32]).expect("Error with encrypt_final()");
|
||||
assert_eq!(cipher, expected_cipher);
|
||||
|
||||
xtsstream.init_decrypt(&keys, &tweak).expect("Error with init_decrypt()");
|
||||
let mut plain_out: [u8; 40] = [0; 40];
|
||||
let mut plain_out: [u8; 32] = [0; 32];
|
||||
xtsstream.decrypt_update(&cipher[0..16], &mut plain_out[0..16]).expect("Error with decrypt_update()");
|
||||
xtsstream.decrypt_final(&cipher[16..40], &mut plain_out[16..40]).expect("Error with decrypt_final()");
|
||||
xtsstream.decrypt_final(&cipher[16..32], &mut plain_out[16..32]).expect("Error with decrypt_final()");
|
||||
assert_eq!(plain_out, plain);
|
||||
}
|
||||
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
#![cfg(dh)]
|
||||
|
||||
mod common;
|
||||
|
||||
#[cfg(any(all(dh_keygen, dh_ffdhe_2048), random))]
|
||||
use wolfssl_wolfcrypt::dh::DH;
|
||||
#[cfg(random)]
|
||||
@@ -31,6 +33,7 @@ fn test_dh_named_parameters() {
|
||||
#[test]
|
||||
#[cfg(all(dh_keygen, random))]
|
||||
fn test_generate_params() {
|
||||
common::setup();
|
||||
let mut rng = RNG::new().expect("Error with RNG::new()");
|
||||
let mut dh = DH::generate(&mut rng, 2048).expect("Error with generate()");
|
||||
|
||||
@@ -75,6 +78,7 @@ fn test_generate_key_pair() {
|
||||
#[test]
|
||||
#[cfg(random)]
|
||||
fn test_dh_checks() {
|
||||
common::setup();
|
||||
let p = [
|
||||
0xc5u8, 0x7c, 0xa2, 0x4f, 0x4b, 0xd6, 0x8c, 0x3c,
|
||||
0xda, 0xc7, 0xba, 0xaa, 0xea, 0x2e, 0x5c, 0x1e,
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
#![cfg(ecc)]
|
||||
|
||||
mod common;
|
||||
|
||||
#[cfg(any(all(ecc_import, ecc_export, ecc_sign, ecc_verify, random), random))]
|
||||
use std::fs;
|
||||
use wolfssl_wolfcrypt::ecc::*;
|
||||
@@ -128,6 +130,8 @@ fn test_ecc_import_export_sign_verify() {
|
||||
#[test]
|
||||
#[cfg(all(ecc_dh, random))]
|
||||
fn test_ecc_shared_secret() {
|
||||
common::setup();
|
||||
|
||||
let mut rng = RNG::new().expect("Failed to create RNG");
|
||||
let mut ecc0 = ECC::generate(32, &mut rng, None, None).expect("Error with generate()");
|
||||
let mut ecc1 = ECC::generate(32, &mut rng, None, None).expect("Error with generate()");
|
||||
@@ -152,6 +156,8 @@ fn test_ecc_shared_secret() {
|
||||
#[test]
|
||||
#[cfg(all(ecc_export, random))]
|
||||
fn test_ecc_export() {
|
||||
common::setup();
|
||||
|
||||
let mut rng = RNG::new().expect("Failed to create RNG");
|
||||
let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()");
|
||||
let mut qx = [0u8; 32];
|
||||
@@ -166,6 +172,8 @@ fn test_ecc_export() {
|
||||
#[test]
|
||||
#[cfg(all(ecc_export, random))]
|
||||
fn test_ecc_export_ex() {
|
||||
common::setup();
|
||||
|
||||
let mut rng = RNG::new().expect("Failed to create RNG");
|
||||
let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()");
|
||||
let mut qx = [0u8; 32];
|
||||
@@ -180,6 +188,8 @@ fn test_ecc_export_ex() {
|
||||
#[test]
|
||||
#[cfg(all(ecc_import, ecc_export, ecc_sign, ecc_verify, random))]
|
||||
fn test_ecc_import_export_private() {
|
||||
common::setup();
|
||||
|
||||
let mut rng = RNG::new().expect("Failed to create RNG");
|
||||
let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()");
|
||||
let hash = [0x42u8; 32];
|
||||
@@ -204,6 +214,8 @@ fn test_ecc_import_export_private() {
|
||||
#[test]
|
||||
#[cfg(all(ecc_import, ecc_export, ecc_sign, ecc_verify, random))]
|
||||
fn test_ecc_import_export_private_ex() {
|
||||
common::setup();
|
||||
|
||||
let mut rng = RNG::new().expect("Failed to create RNG");
|
||||
let curve_id = ECC::SECP256R1;
|
||||
let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()");
|
||||
@@ -242,6 +254,8 @@ fn test_ecc_export_public() {
|
||||
#[test]
|
||||
#[cfg(all(ecc_import, ecc_export, ecc_sign, ecc_verify, random))]
|
||||
fn test_ecc_import_unsigned() {
|
||||
common::setup();
|
||||
|
||||
let mut rng = RNG::new().expect("Failed to create RNG");
|
||||
let curve_id = ECC::SECP256R1;
|
||||
let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()");
|
||||
|
||||
@@ -1,11 +1,15 @@
|
||||
#![cfg(ed25519)]
|
||||
|
||||
mod common;
|
||||
|
||||
use wolfssl_wolfcrypt::random::RNG;
|
||||
use wolfssl_wolfcrypt::ed25519::*;
|
||||
|
||||
#[test]
|
||||
#[cfg(all(ed25519_import, ed25519_export))]
|
||||
fn test_make_public() {
|
||||
common::setup();
|
||||
|
||||
let mut rng = RNG::new().expect("Error creating RNG");
|
||||
let ed = Ed25519::generate(&mut rng).expect("Error with generate()");
|
||||
let mut private = [0u8; Ed25519::KEY_SIZE];
|
||||
@@ -210,6 +214,8 @@ fn test_ph_sign_verify() {
|
||||
#[test]
|
||||
#[cfg(all(ed25519_import, ed25519_export))]
|
||||
fn test_import_export() {
|
||||
common::setup();
|
||||
|
||||
let mut rng = RNG::new().expect("Error creating RNG");
|
||||
let ed = Ed25519::generate(&mut rng).expect("Error with generate()");
|
||||
|
||||
|
||||
@@ -1,11 +1,15 @@
|
||||
#![cfg(ed448)]
|
||||
|
||||
mod common;
|
||||
|
||||
use wolfssl_wolfcrypt::random::RNG;
|
||||
use wolfssl_wolfcrypt::ed448::*;
|
||||
|
||||
#[test]
|
||||
#[cfg(all(ed448_import, ed448_export))]
|
||||
fn test_make_public() {
|
||||
common::setup();
|
||||
|
||||
let mut rng = RNG::new().expect("Error creating RNG");
|
||||
let ed = Ed448::generate(&mut rng).expect("Error with generate()");
|
||||
let mut private = [0u8; Ed448::KEY_SIZE];
|
||||
@@ -214,6 +218,8 @@ fn test_ph_sign_verify() {
|
||||
#[test]
|
||||
#[cfg(all(ed448_import, ed448_export))]
|
||||
fn test_import_export() {
|
||||
common::setup();
|
||||
|
||||
let mut rng = RNG::new().expect("Error creating RNG");
|
||||
let ed = Ed448::generate(&mut rng).expect("Error with generate()");
|
||||
|
||||
|
||||
@@ -1,11 +1,15 @@
|
||||
#![cfg(hkdf)]
|
||||
|
||||
mod common;
|
||||
|
||||
use wolfssl_wolfcrypt::hkdf::*;
|
||||
use wolfssl_wolfcrypt::hmac::HMAC;
|
||||
use wolfssl_wolfcrypt::sha::SHA256;
|
||||
|
||||
#[test]
|
||||
fn test_hkdf_extract_expand() {
|
||||
common::setup();
|
||||
|
||||
let ikm = b"MyPassword0";
|
||||
let salt = b"12345678ABCDEFGH";
|
||||
let mut extract_out = [0u8; SHA256::DIGEST_SIZE];
|
||||
@@ -26,6 +30,8 @@ fn test_hkdf_extract_expand() {
|
||||
|
||||
#[test]
|
||||
fn test_hkdf_one_shot() {
|
||||
common::setup();
|
||||
|
||||
let ikm = b"MyPassword0";
|
||||
let salt = b"12345678ABCDEFGH";
|
||||
let info = b"0";
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
#![cfg(any(kdf_srtp, all(hmac, any(kdf_pbkdf2, kdf_ssh, kdf_tls13))))]
|
||||
|
||||
mod common;
|
||||
|
||||
#[cfg(all(hmac, any(kdf_pbkdf2, kdf_tls13)))]
|
||||
use wolfssl_wolfcrypt::hmac::HMAC;
|
||||
use wolfssl_wolfcrypt::kdf::*;
|
||||
@@ -9,6 +11,8 @@ use wolfssl_wolfcrypt::sha::SHA256;
|
||||
#[test]
|
||||
#[cfg(all(hmac, kdf_pbkdf2))]
|
||||
fn test_pbkdf2() {
|
||||
common::setup();
|
||||
|
||||
let password = b"passwordpassword";
|
||||
let salt = [0x78u8, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06];
|
||||
let iterations = 2048;
|
||||
@@ -50,6 +54,8 @@ fn test_pkcs12_pbkdf() {
|
||||
#[test]
|
||||
#[cfg(all(hmac, kdf_tls13))]
|
||||
fn test_tls13_hkdf_extract_expand() {
|
||||
common::setup();
|
||||
|
||||
let hash_hello1 = [
|
||||
0x63u8, 0x83, 0x58, 0xab, 0x36, 0xcd, 0x0c, 0xf3,
|
||||
0x26, 0x07, 0xb5, 0x5f, 0x0b, 0x8b, 0x45, 0xd6,
|
||||
@@ -84,6 +90,8 @@ fn test_tls13_hkdf_extract_expand() {
|
||||
#[test]
|
||||
#[cfg(all(hmac, kdf_ssh))]
|
||||
fn test_ssh_kdf() {
|
||||
common::setup();
|
||||
|
||||
let ssh_kdf_set3_k = [
|
||||
0x6Au8, 0xC3, 0x82, 0xEA, 0xAC, 0xA0, 0x93, 0xE1,
|
||||
0x25, 0xE2, 0x5C, 0x24, 0xBE, 0xBC, 0x84, 0x64,
|
||||
@@ -146,6 +154,8 @@ fn test_ssh_kdf() {
|
||||
#[test]
|
||||
#[cfg(kdf_srtp)]
|
||||
fn test_srtp_kdf() {
|
||||
common::setup();
|
||||
|
||||
let key = [
|
||||
0xc4u8, 0x80, 0x9f, 0x6d, 0x36, 0x98, 0x88, 0x72,
|
||||
0x8e, 0x26, 0xad, 0xb5, 0x32, 0x12, 0x98, 0x90
|
||||
@@ -194,6 +204,8 @@ fn test_srtp_kdf() {
|
||||
#[test]
|
||||
#[cfg(kdf_srtp)]
|
||||
fn test_srtcp_kdf() {
|
||||
common::setup();
|
||||
|
||||
let key = [
|
||||
0xc4u8, 0x80, 0x9f, 0x6d, 0x36, 0x98, 0x88, 0x72,
|
||||
0x8e, 0x26, 0xad, 0xb5, 0x32, 0x12, 0x98, 0x90
|
||||
|
||||
@@ -1,9 +1,13 @@
|
||||
#![cfg(all(prf, sha384))]
|
||||
|
||||
mod common;
|
||||
|
||||
use wolfssl_wolfcrypt::prf::*;
|
||||
|
||||
#[test]
|
||||
fn test_prf() {
|
||||
common::setup();
|
||||
|
||||
let secret = [0x10u8, 0xbc, 0xb4, 0xa2, 0xe8, 0xdc, 0xf1, 0x9b, 0x4c,
|
||||
0x51, 0x9c, 0xed, 0x31, 0x1b, 0x51, 0x57, 0x02, 0x3f,
|
||||
0xa1, 0x7d, 0xfb, 0x0e, 0xf3, 0x4e, 0x8f, 0x6f, 0x71,
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
#![cfg(rsa)]
|
||||
|
||||
mod common;
|
||||
|
||||
#[cfg(any(all(sha256, random, rsa_pss), random, rsa_direct))]
|
||||
use std::fs;
|
||||
#[cfg(random)]
|
||||
@@ -10,6 +12,8 @@ use wolfssl_wolfcrypt::rsa::*;
|
||||
#[test]
|
||||
#[cfg(rsa_keygen)]
|
||||
fn test_rsa_generate() {
|
||||
common::setup();
|
||||
|
||||
let mut rng = RNG::new().expect("Error creating RNG");
|
||||
let mut rsa = RSA::generate(2048, 65537, &mut rng).expect("Error with generate()");
|
||||
rsa.check().expect("Error with check()");
|
||||
|
||||
Reference in New Issue
Block a user