Rust wrapper: add FIPS support

This commit is contained in:
Josh Holtrop
2026-02-03 08:38:47 -05:00
parent 492ff386dc
commit f9cea09f5b
21 changed files with 240 additions and 27 deletions
+4
View File
@@ -6,6 +6,10 @@ all:
test:
+$(MAKE) -C wolfssl-wolfcrypt test
.PHONY: testfips
testfips:
+$(MAKE) -C wolfssl-wolfcrypt testfips
.PHONY: clean
clean:
+$(MAKE) -C wolfssl-wolfcrypt clean
+5 -1
View File
@@ -6,7 +6,11 @@ all:
.PHONY: test
test:
cargo test
cargo test -- --test-threads=1
.PHONY: testfips
testfips:
cargo test --lib --bins --tests -- --test-threads=1
.PHONY: clean
clean:
+80 -1
View File
@@ -19,6 +19,7 @@ fn main() {
/// Returns `Ok(())` if successful, or an error if any step fails.
fn run_build() -> Result<()> {
generate_bindings()?;
generate_fips_aliases()?;
setup_wolfssl_link()?;
scan_cfg()?;
Ok(())
@@ -64,6 +65,79 @@ fn generate_bindings() -> Result<()> {
})
}
/// Generate FIPS symbol aliases.
///
/// Since Rust can't use fips.h's #defines which map the "regular" wc function
/// name to the _fips variant, and since bindgen has only seen the _fips
/// variant, we will generate aliases that allow the non-_fips variant function
/// name to be called without the _fips prefix by Rust sources in a manner
/// similar to which C sources would be able to call the non-_fips variant
/// function name.
///
/// Returns `Ok(())` if successful, or an error if generation fails.
fn generate_fips_aliases() -> Result<()> {
let binding = read_file(bindings_path())?;
let out_dir = PathBuf::from(env::var("OUT_DIR").unwrap());
let aliases_path = out_dir.join("fips_aliases.rs");
let mut aliases = String::new();
// Find all _fips symbol names
let fips_sym_re = Regex::new(r"pub fn (wc_\w+)_fips\s*\(").unwrap();
for cap in fips_sym_re.captures_iter(&binding) {
let mut base_name = &cap[1];
let fips_name = format!("{}_fips", base_name);
// Exception mappings: (standard_name, fips_name)
// For cases where FIPS name doesn't follow the simple <name>_fips pattern
let exceptions: &[(&str, &str)] = &[
// _ex suffix changed to Ex before _fips
("wc_InitRsaKey_ex", "wc_InitRsaKeyEx_fips"),
("wc_RsaPublicEncrypt_ex", "wc_RsaPublicEncryptEx_fips"),
("wc_RsaPrivateDecryptInline_ex", "wc_RsaPrivateDecryptInlineEx_fips"),
("wc_RsaPrivateDecrypt_ex", "wc_RsaPrivateDecryptEx_fips"),
("wc_RsaPSS_Sign_ex", "wc_RsaPSS_SignEx_fips"),
("wc_RsaPSS_VerifyInline_ex", "wc_RsaPSS_VerifyInlineEx_fips"),
("wc_RsaPSS_Verify_ex", "wc_RsaPSS_VerifyEx_fips"),
("wc_RsaPSS_CheckPadding_ex", "wc_RsaPSS_CheckPaddingEx_fips"),
("wc_DhSetKey_ex", "wc_DhSetKeyEx_fips"),
("wc_DhCheckPubKey_ex", "wc_DhCheckPubKeyEx_fips"),
("wc_DhCheckPrivKey_ex", "wc_DhCheckPrivKeyEx_fips"),
// Name change
("wc_PRF_TLS", "wc_PRF_TLSv12_fips"),
];
// Handle exceptions
for (exc_base_name, exc_fips_name) in exceptions {
if fips_name == *exc_fips_name {
base_name = exc_base_name;
break;
}
}
// Check if the non-_fips version exists in bindings
let non_fips_pattern = format!(r"pub fn {}\s*\(", regex::escape(base_name));
let non_fips_re = Regex::new(&non_fips_pattern).unwrap();
if non_fips_re.is_match(&binding) {
// Add any new known names defined with both a _fips suffix and not
// here. Warn if any new ones are discovered.
if base_name != "wc_AesGcmEncrypt" {
println!("cargo:warning=Skipping FIPS symbols alias for {}", base_name);
}
} else {
// Only alias if the base name doesn't already exist
aliases.push_str(&format!("pub use {} as {};\n", fips_name, base_name));
}
}
fs::write(&aliases_path, aliases)?;
Ok(())
}
/// Instruct cargo to link against wolfssl C library
///
/// Returns `Ok(())` if successful, or an error if any step fails.
@@ -93,7 +167,7 @@ fn read_file(path: String) -> Result<String> {
}
fn check_cfg(binding: &str, function_name: &str, cfg_name: &str) {
let pattern = format!(r"\b{}\b", function_name);
let pattern = format!(r"\b{}(_fips)?\b", function_name);
let re = match Regex::new(&pattern) {
Ok(r) => r,
Err(e) => {
@@ -181,6 +255,9 @@ fn scan_cfg() -> Result<()> {
check_cfg(&binding, "wc_ed448_verify_msg_ex", "ed448_verify");
check_cfg(&binding, "wc_ed448_verify_msg_init", "ed448_streaming_verify");
/* fips */
check_cfg(&binding, "wc_SetSeed_Cb_fips", "fips");
/* hkdf */
check_cfg(&binding, "wc_HKDF_Extract_ex", "hkdf");
@@ -213,6 +290,8 @@ fn scan_cfg() -> Result<()> {
check_cfg(&binding, "wc_InitSha256", "sha256");
check_cfg(&binding, "wc_InitSha384", "sha384");
check_cfg(&binding, "wc_InitSha512", "sha512");
check_cfg(&binding, "wc_HashType_WC_HASH_TYPE_SHA512_224", "sha512_224");
check_cfg(&binding, "wc_HashType_WC_HASH_TYPE_SHA512_256", "sha512_256");
check_cfg(&binding, "wc_InitSha3_224", "sha3");
check_cfg(&binding, "wc_InitShake128", "shake128");
check_cfg(&binding, "wc_InitShake256", "shake256");
+2 -2
View File
@@ -711,7 +711,7 @@ impl ECC {
}
let mut wc_ecc_key = unsafe { wc_ecc_key.assume_init() };
let priv_size = priv_buf.len() as u32;
let pub_ptr = if pub_buf.len() == 0 {core::ptr::null()} else {pub_buf.as_ptr()};
let pub_ptr = if pub_buf.is_empty() {core::ptr::null()} else {pub_buf.as_ptr()};
let pub_size = pub_buf.len() as u32;
let rc = unsafe {
sys::wc_ecc_import_private_key(priv_buf.as_ptr(), priv_size,
@@ -785,7 +785,7 @@ impl ECC {
}
let mut wc_ecc_key = unsafe { wc_ecc_key.assume_init() };
let priv_size = priv_buf.len() as u32;
let pub_ptr = if pub_buf.len() == 0 {core::ptr::null()} else {pub_buf.as_ptr()};
let pub_ptr = if pub_buf.is_empty() {core::ptr::null()} else {pub_buf.as_ptr()};
let pub_size = pub_buf.len() as u32;
let rc = unsafe {
sys::wc_ecc_import_private_key_ex(priv_buf.as_ptr(), priv_size,
@@ -0,0 +1,34 @@
#![cfg(fips)]
use crate::sys;
/// Enables or disables the ability to read private key data in FIPS mode.
///
/// In FIPS mode, private keys are protected and cannot be read by default.
/// This function allows temporarily enabling private key reads for operations
/// that require access to the raw key material, such as key export or backup.
///
/// # Arguments
///
/// * `enabled` - Set to `1` to enable private key reads, or `0` to disable.
///
/// # Returns
///
/// * `Ok(())` - The operation succeeded.
/// * `Err(i32)` - The operation failed, returning the wolfSSL error code.
///
/// # Note
///
/// This function applies to all key types (`WC_KEYTYPE_ALL`). Private key
/// reading should be disabled again after the required operation is complete
/// to maintain FIPS compliance.
pub fn set_private_key_read_enable(enabled: i32) -> Result<(), i32> {
let rc = unsafe {
sys::wolfCrypt_SetPrivateKeyReadEnable_fips(enabled, sys::wc_KeyType_WC_KEYTYPE_ALL)
};
if rc != 0 {
Err(rc)
} else {
Ok(())
}
}
@@ -38,7 +38,9 @@ impl HMAC {
pub const TYPE_SHA: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA as i32;
pub const TYPE_SHA256: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA256 as i32;
pub const TYPE_SHA512: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA512 as i32;
#[cfg(sha512_224)]
pub const TYPE_SHA512_224: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA512_224 as i32;
#[cfg(sha512_256)]
pub const TYPE_SHA512_256: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA512_256 as i32;
pub const TYPE_SHA384: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA384 as i32;
pub const TYPE_SHA224: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA224 as i32;
@@ -30,6 +30,7 @@ pub mod dh;
pub mod ecc;
pub mod ed25519;
pub mod ed448;
pub mod fips;
pub mod hkdf;
pub mod hmac;
pub mod kdf;
@@ -87,6 +87,15 @@ impl RNG {
/// A Result which is Ok(RNG) on success or an Err containing the wolfSSL
/// library return code on failure.
pub fn new_ex(heap: Option<*mut std::os::raw::c_void>, dev_id: Option<i32>) -> Result<Self, i32> {
#[cfg(fips)]
{
let rc = unsafe {
sys::wc_SetSeed_Cb_fips(Some(sys::wc_GenerateSeed))
};
if rc != 0 {
return Err(rc);
}
}
let mut rng: MaybeUninit<RNG> = MaybeUninit::uninit();
let heap = match heap {
Some(heap) => heap,
@@ -137,6 +146,15 @@ impl RNG {
/// A Result which is Ok(RNG) on success or an Err containing the wolfSSL
/// library return code on failure.
pub fn new_with_nonce_ex<T>(nonce: &mut [T], heap: Option<*mut std::os::raw::c_void>, dev_id: Option<i32>) -> Result<Self, i32> {
#[cfg(fips)]
{
let rc = unsafe {
sys::wc_SetSeed_Cb_fips(Some(sys::wc_GenerateSeed))
};
if rc != 0 {
return Err(rc);
}
}
let ptr = nonce.as_mut_ptr() as *mut u8;
let size: u32 = size_of_val(nonce) as u32;
let mut rng: MaybeUninit<RNG> = MaybeUninit::uninit();
@@ -100,7 +100,9 @@ impl RSA {
pub const HASH_TYPE_SHA3_512 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHA3_512;
pub const HASH_TYPE_BLAKE2B : u32 = sys::wc_HashType_WC_HASH_TYPE_BLAKE2B;
pub const HASH_TYPE_BLAKE2S : u32 = sys::wc_HashType_WC_HASH_TYPE_BLAKE2S;
#[cfg(sha512_224)]
pub const HASH_TYPE_SHA512_224 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHA512_224;
#[cfg(sha512_256)]
pub const HASH_TYPE_SHA512_256 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHA512_256;
#[cfg(shake128)]
pub const HASH_TYPE_SHAKE128 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHAKE128;
@@ -14,3 +14,6 @@
#![allow(unnecessary_transmutes)]
#![allow(unsafe_op_in_unsafe_fn)]
include!(concat!(env!("OUT_DIR"), "/bindings.rs"));
/* Include generated FIPS symbol aliases. */
include!(concat!(env!("OUT_DIR"), "/fips_aliases.rs"));
@@ -0,0 +1,12 @@
#[cfg(fips)]
fn setup_fips()
{
use wolfssl_wolfcrypt::fips;
fips::set_private_key_read_enable(1).expect("Error with set_private_key_read_enable()");
}
pub fn setup()
{
#[cfg(fips)]
setup_fips();
}
@@ -780,41 +780,39 @@ fn test_xts_consecutive_sectors() {
#[cfg(aes_xts_stream)]
fn test_xtsstream() {
let keys: [u8; 32] = [
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x39, 0x25, 0x79, 0x05, 0xdf, 0xcc, 0x77, 0x76,
0x6c, 0x87, 0x0a, 0x80, 0x6a, 0x60, 0xe3, 0xc0,
0x93, 0xd1, 0x2a, 0xcf, 0xcb, 0x51, 0x42, 0xfa,
0x09, 0x69, 0x89, 0x62, 0x5b, 0x60, 0xdb, 0x16
];
let tweak: [u8; 16] = [
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x5c, 0xf7, 0x9d, 0xb6, 0xc5, 0xcd, 0x99, 0x1a,
0x1c, 0x78, 0x81, 0x42, 0x24, 0x95, 0x1e, 0x84
];
let plain: [u8; 40] = [
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0xff, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20
let plain: [u8; 32] = [
0xbd, 0xc5, 0x46, 0x8f, 0xbc, 0x8d, 0x50, 0xa1,
0x0d, 0x1c, 0x85, 0x7f, 0x79, 0x1c, 0x5c, 0xba,
0xb3, 0x81, 0x0d, 0x0d, 0x73, 0xcf, 0x8f, 0x20,
0x46, 0xb1, 0xd1, 0x9e, 0x7d, 0x5d, 0x8a, 0x56
];
let expected_cipher: [u8; 40] = [
0xA2, 0x07, 0x47, 0x76, 0x3F, 0xEC, 0x0C, 0x23,
0x1B, 0xD0, 0xBD, 0x46, 0x9A, 0x27, 0x38, 0x12,
0x95, 0x02, 0x3D, 0x5D, 0xC6, 0x94, 0x51, 0x36,
0xA0, 0x85, 0xD2, 0x69, 0x6E, 0x87, 0x0A, 0xBF,
0xB5, 0x5A, 0xDD, 0xCB, 0x80, 0xE0, 0xFC, 0xCD
let expected_cipher: [u8; 32] = [
0xd6, 0xbe, 0x04, 0x6d, 0x41, 0xf2, 0x3b, 0x5e,
0xd7, 0x0b, 0x6b, 0x3d, 0x5c, 0x8e, 0x66, 0x23,
0x2b, 0xe6, 0xb8, 0x07, 0xd4, 0xdc, 0xc6, 0x0e,
0xff, 0x8d, 0xbc, 0x1d, 0x9f, 0x7f, 0xc8, 0x22
];
let mut xtsstream = XTSStream::new().expect("Failed to create XTSStream");
xtsstream.init_encrypt(&keys, &tweak).expect("Error with init_encrypt()");
let mut cipher: [u8; 40] = [0; 40];
let mut cipher: [u8; 32] = [0; 32];
xtsstream.encrypt_update(&plain[0..16], &mut cipher[0..16]).expect("Error with encrypt_update()");
xtsstream.encrypt_final(&plain[16..40], &mut cipher[16..40]).expect("Error with encrypt_final()");
xtsstream.encrypt_final(&plain[16..32], &mut cipher[16..32]).expect("Error with encrypt_final()");
assert_eq!(cipher, expected_cipher);
xtsstream.init_decrypt(&keys, &tweak).expect("Error with init_decrypt()");
let mut plain_out: [u8; 40] = [0; 40];
let mut plain_out: [u8; 32] = [0; 32];
xtsstream.decrypt_update(&cipher[0..16], &mut plain_out[0..16]).expect("Error with decrypt_update()");
xtsstream.decrypt_final(&cipher[16..40], &mut plain_out[16..40]).expect("Error with decrypt_final()");
xtsstream.decrypt_final(&cipher[16..32], &mut plain_out[16..32]).expect("Error with decrypt_final()");
assert_eq!(plain_out, plain);
}
@@ -1,5 +1,7 @@
#![cfg(dh)]
mod common;
#[cfg(any(all(dh_keygen, dh_ffdhe_2048), random))]
use wolfssl_wolfcrypt::dh::DH;
#[cfg(random)]
@@ -31,6 +33,7 @@ fn test_dh_named_parameters() {
#[test]
#[cfg(all(dh_keygen, random))]
fn test_generate_params() {
common::setup();
let mut rng = RNG::new().expect("Error with RNG::new()");
let mut dh = DH::generate(&mut rng, 2048).expect("Error with generate()");
@@ -75,6 +78,7 @@ fn test_generate_key_pair() {
#[test]
#[cfg(random)]
fn test_dh_checks() {
common::setup();
let p = [
0xc5u8, 0x7c, 0xa2, 0x4f, 0x4b, 0xd6, 0x8c, 0x3c,
0xda, 0xc7, 0xba, 0xaa, 0xea, 0x2e, 0x5c, 0x1e,
@@ -1,5 +1,7 @@
#![cfg(ecc)]
mod common;
#[cfg(any(all(ecc_import, ecc_export, ecc_sign, ecc_verify, random), random))]
use std::fs;
use wolfssl_wolfcrypt::ecc::*;
@@ -128,6 +130,8 @@ fn test_ecc_import_export_sign_verify() {
#[test]
#[cfg(all(ecc_dh, random))]
fn test_ecc_shared_secret() {
common::setup();
let mut rng = RNG::new().expect("Failed to create RNG");
let mut ecc0 = ECC::generate(32, &mut rng, None, None).expect("Error with generate()");
let mut ecc1 = ECC::generate(32, &mut rng, None, None).expect("Error with generate()");
@@ -152,6 +156,8 @@ fn test_ecc_shared_secret() {
#[test]
#[cfg(all(ecc_export, random))]
fn test_ecc_export() {
common::setup();
let mut rng = RNG::new().expect("Failed to create RNG");
let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()");
let mut qx = [0u8; 32];
@@ -166,6 +172,8 @@ fn test_ecc_export() {
#[test]
#[cfg(all(ecc_export, random))]
fn test_ecc_export_ex() {
common::setup();
let mut rng = RNG::new().expect("Failed to create RNG");
let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()");
let mut qx = [0u8; 32];
@@ -180,6 +188,8 @@ fn test_ecc_export_ex() {
#[test]
#[cfg(all(ecc_import, ecc_export, ecc_sign, ecc_verify, random))]
fn test_ecc_import_export_private() {
common::setup();
let mut rng = RNG::new().expect("Failed to create RNG");
let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()");
let hash = [0x42u8; 32];
@@ -204,6 +214,8 @@ fn test_ecc_import_export_private() {
#[test]
#[cfg(all(ecc_import, ecc_export, ecc_sign, ecc_verify, random))]
fn test_ecc_import_export_private_ex() {
common::setup();
let mut rng = RNG::new().expect("Failed to create RNG");
let curve_id = ECC::SECP256R1;
let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()");
@@ -242,6 +254,8 @@ fn test_ecc_export_public() {
#[test]
#[cfg(all(ecc_import, ecc_export, ecc_sign, ecc_verify, random))]
fn test_ecc_import_unsigned() {
common::setup();
let mut rng = RNG::new().expect("Failed to create RNG");
let curve_id = ECC::SECP256R1;
let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()");
@@ -1,11 +1,15 @@
#![cfg(ed25519)]
mod common;
use wolfssl_wolfcrypt::random::RNG;
use wolfssl_wolfcrypt::ed25519::*;
#[test]
#[cfg(all(ed25519_import, ed25519_export))]
fn test_make_public() {
common::setup();
let mut rng = RNG::new().expect("Error creating RNG");
let ed = Ed25519::generate(&mut rng).expect("Error with generate()");
let mut private = [0u8; Ed25519::KEY_SIZE];
@@ -210,6 +214,8 @@ fn test_ph_sign_verify() {
#[test]
#[cfg(all(ed25519_import, ed25519_export))]
fn test_import_export() {
common::setup();
let mut rng = RNG::new().expect("Error creating RNG");
let ed = Ed25519::generate(&mut rng).expect("Error with generate()");
@@ -1,11 +1,15 @@
#![cfg(ed448)]
mod common;
use wolfssl_wolfcrypt::random::RNG;
use wolfssl_wolfcrypt::ed448::*;
#[test]
#[cfg(all(ed448_import, ed448_export))]
fn test_make_public() {
common::setup();
let mut rng = RNG::new().expect("Error creating RNG");
let ed = Ed448::generate(&mut rng).expect("Error with generate()");
let mut private = [0u8; Ed448::KEY_SIZE];
@@ -214,6 +218,8 @@ fn test_ph_sign_verify() {
#[test]
#[cfg(all(ed448_import, ed448_export))]
fn test_import_export() {
common::setup();
let mut rng = RNG::new().expect("Error creating RNG");
let ed = Ed448::generate(&mut rng).expect("Error with generate()");
@@ -1,11 +1,15 @@
#![cfg(hkdf)]
mod common;
use wolfssl_wolfcrypt::hkdf::*;
use wolfssl_wolfcrypt::hmac::HMAC;
use wolfssl_wolfcrypt::sha::SHA256;
#[test]
fn test_hkdf_extract_expand() {
common::setup();
let ikm = b"MyPassword0";
let salt = b"12345678ABCDEFGH";
let mut extract_out = [0u8; SHA256::DIGEST_SIZE];
@@ -26,6 +30,8 @@ fn test_hkdf_extract_expand() {
#[test]
fn test_hkdf_one_shot() {
common::setup();
let ikm = b"MyPassword0";
let salt = b"12345678ABCDEFGH";
let info = b"0";
@@ -1,5 +1,7 @@
#![cfg(any(kdf_srtp, all(hmac, any(kdf_pbkdf2, kdf_ssh, kdf_tls13))))]
mod common;
#[cfg(all(hmac, any(kdf_pbkdf2, kdf_tls13)))]
use wolfssl_wolfcrypt::hmac::HMAC;
use wolfssl_wolfcrypt::kdf::*;
@@ -9,6 +11,8 @@ use wolfssl_wolfcrypt::sha::SHA256;
#[test]
#[cfg(all(hmac, kdf_pbkdf2))]
fn test_pbkdf2() {
common::setup();
let password = b"passwordpassword";
let salt = [0x78u8, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06];
let iterations = 2048;
@@ -50,6 +54,8 @@ fn test_pkcs12_pbkdf() {
#[test]
#[cfg(all(hmac, kdf_tls13))]
fn test_tls13_hkdf_extract_expand() {
common::setup();
let hash_hello1 = [
0x63u8, 0x83, 0x58, 0xab, 0x36, 0xcd, 0x0c, 0xf3,
0x26, 0x07, 0xb5, 0x5f, 0x0b, 0x8b, 0x45, 0xd6,
@@ -84,6 +90,8 @@ fn test_tls13_hkdf_extract_expand() {
#[test]
#[cfg(all(hmac, kdf_ssh))]
fn test_ssh_kdf() {
common::setup();
let ssh_kdf_set3_k = [
0x6Au8, 0xC3, 0x82, 0xEA, 0xAC, 0xA0, 0x93, 0xE1,
0x25, 0xE2, 0x5C, 0x24, 0xBE, 0xBC, 0x84, 0x64,
@@ -146,6 +154,8 @@ fn test_ssh_kdf() {
#[test]
#[cfg(kdf_srtp)]
fn test_srtp_kdf() {
common::setup();
let key = [
0xc4u8, 0x80, 0x9f, 0x6d, 0x36, 0x98, 0x88, 0x72,
0x8e, 0x26, 0xad, 0xb5, 0x32, 0x12, 0x98, 0x90
@@ -194,6 +204,8 @@ fn test_srtp_kdf() {
#[test]
#[cfg(kdf_srtp)]
fn test_srtcp_kdf() {
common::setup();
let key = [
0xc4u8, 0x80, 0x9f, 0x6d, 0x36, 0x98, 0x88, 0x72,
0x8e, 0x26, 0xad, 0xb5, 0x32, 0x12, 0x98, 0x90
@@ -1,9 +1,13 @@
#![cfg(all(prf, sha384))]
mod common;
use wolfssl_wolfcrypt::prf::*;
#[test]
fn test_prf() {
common::setup();
let secret = [0x10u8, 0xbc, 0xb4, 0xa2, 0xe8, 0xdc, 0xf1, 0x9b, 0x4c,
0x51, 0x9c, 0xed, 0x31, 0x1b, 0x51, 0x57, 0x02, 0x3f,
0xa1, 0x7d, 0xfb, 0x0e, 0xf3, 0x4e, 0x8f, 0x6f, 0x71,
@@ -1,5 +1,7 @@
#![cfg(rsa)]
mod common;
#[cfg(any(all(sha256, random, rsa_pss), random, rsa_direct))]
use std::fs;
#[cfg(random)]
@@ -10,6 +12,8 @@ use wolfssl_wolfcrypt::rsa::*;
#[test]
#[cfg(rsa_keygen)]
fn test_rsa_generate() {
common::setup();
let mut rng = RNG::new().expect("Error creating RNG");
let mut rsa = RSA::generate(2048, 65537, &mut rng).expect("Error with generate()");
rsa.check().expect("Error with check()");