Files
wolfssl/wolfcrypt/test/test.c
T
JacobBarthelmeh 64a4c7a7ae Merge pull request #10750 from night1rider/SHAKE-Callbacks
SHAKE 128/256 callback wiring and tests, along with fix to devCTX initialization
2026-07-01 10:53:57 -06:00

76112 lines
2.8 MiB
Plaintext

/* test.c
*
* Copyright (C) 2006-2026 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
* Some common, optional build settings:
* these can also be set in wolfssl/options.h or user_settings.h
* -------------------------------------------------------------
*
* set the default devId for cryptocb to the value instead of INVALID_DEVID
* WC_USE_DEVID=0x1234
*/
#define WOLFSSL_VIS_FOR_TESTS
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H)
#include <wolfssl/options.h>
#endif
#include <wolfssl/wolfcrypt/settings.h>
#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES
#define WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS
#endif
#if !defined(NO_CRYPT_TEST) || defined(WC_TEST_EXPORT_SUBTESTS)
#include <wolfssl/version.h>
#include <wolfssl/wolfcrypt/types.h>
#include <wolfssl/wolfcrypt/wc_port.h>
#include <wolfssl/wolfcrypt/mem_track.h>
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
#define WOLFSSL_MISC_INCLUDED
#include <wolfcrypt/src/misc.c>
#endif
#if defined(HAVE_WOLFCRYPT_TEST_OPTIONS)
#include <wolfssl/ssl.h>
#define err_sys err_sys_remap /* remap err_sys */
#include <wolfssl/test.h>
#undef err_sys
#endif
#ifdef WOLFSSL_SWDEV
#include "../../tests/swdev/swdev_loader.h"
#endif
#if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_PUBLIC_MP) && \
defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY) && \
!defined(NO_STDINT_H)
#include <stdint.h>
#endif
#ifdef HAVE_STACK_SIZE_VERBOSE
#ifdef WOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES
static WC_MAYBE_UNUSED ssize_t max_relative_stack =
WOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES;
#else
static WC_MAYBE_UNUSED ssize_t max_relative_stack = -1;
#endif
#endif
static const byte const_byte_array[] = "A+Gd\0\0\0";
#define CBPTR_EXPECTED 'A'
#if defined(WOLFSSL_TRACK_MEMORY_VERBOSE) && !defined(WOLFSSL_STATIC_MEMORY)
#ifdef WOLFSSL_TEST_MAX_RELATIVE_HEAP_ALLOCS
static ssize_t max_relative_heap_allocs = WOLFSSL_TEST_MAX_RELATIVE_HEAP_ALLOCS;
#else
static ssize_t max_relative_heap_allocs = -1;
#endif
#ifdef WOLFSSL_TEST_MAX_RELATIVE_HEAP_BYTES
static ssize_t max_relative_heap_bytes = WOLFSSL_TEST_MAX_RELATIVE_HEAP_BYTES;
#else
static ssize_t max_relative_heap_bytes = -1;
#endif
/* Optional breadcrumb string (b), and interaction, (i) not implemented */
#define PRINT_HEAP_CHECKPOINT(b, i) { \
const ssize_t _rha = wolfCrypt_heap_peakAllocs_checkpoint() - heap_baselineAllocs; \
const ssize_t _rhb = wolfCrypt_heap_peakBytes_checkpoint() - heap_baselineBytes; \
printf(" relative heap peak usage: %ld alloc%s, %ld bytes\n", \
(long int)_rha, \
_rha == 1 ? "" : "s", \
(long int)_rhb); \
if ((max_relative_heap_allocs > 0) && (_rha > max_relative_heap_allocs)) \
return err_sys("heap allocs exceed designated max.", \
WC_TEST_RET_ENC_NC); \
if ((max_relative_heap_bytes > 0) && (_rhb > max_relative_heap_bytes)) \
return err_sys("heap bytes exceed designated max.", \
WC_TEST_RET_ENC_NC); \
heap_baselineAllocs = wolfCrypt_heap_peakAllocs_checkpoint(); \
heap_baselineBytes = wolfCrypt_heap_peakBytes_checkpoint(); \
}
#define PRINT_HEAP_ADDRESS(p) \
printf("Allocated address: %p", (void *)(p));
#else
#define PRINT_HEAP_CHECKPOINT(b, i) WC_DO_NOTHING;
#define PRINT_HEAP_ADDRESS(p) WC_DO_NOTHING;
#endif /* WOLFSSL_TRACK_MEMORY_VERBOSE && !WOLFSSL_STATIC_MEMORY */
#ifdef WOLFSSL_ESPIDF
#undef PRINT_HEAP_CHECKPOINT
#undef PRINT_HEAP_ADDRESS
static int esp_start_heap = 0;
static int esp_last_heap = 0;
static int esp_this_heap = 0;
#ifdef DEBUG_WOLFSSL_ESP32_HEAP
#define PRINT_HEAP_CHECKPOINT(b, i) \
esp_last_heap = esp_this_heap; \
esp_this_heap = (int)heap_caps_get_free_size(MALLOC_CAP_8BIT); \
if (esp_start_heap == 0) { \
esp_start_heap = esp_this_heap; \
} \
ESP_LOGI(ESPIDF_TAG, "%s #%d; Heap free: %d", \
((b) ? (b) : ""), /* breadcumb string */ \
((i) ? (i) : 0), /* index */ \
esp_this_heap);
#define PRINT_HEAP_ADDRESS(p) \
ESP_LOGI(ESPIDF_TAG, "Allocated address: %p", (void *)(p));
#else
/* Even without verbose heap, we'll warn on anomalous values */
#define PRINT_HEAP_CHECKPOINT(b, i) \
esp_last_heap = esp_this_heap; \
esp_this_heap = (int)heap_caps_get_free_size(MALLOC_CAP_8BIT); \
if (esp_start_heap == 0) { \
esp_start_heap = esp_this_heap; \
esp_last_heap = esp_this_heap; \
} \
if (esp_this_heap == esp_last_heap) { \
ESP_LOGV(ESPIDF_TAG, "Heap constant: %d", esp_this_heap); \
} \
else { \
ESP_LOGI(ESPIDF_TAG, "Breadcrumb: %s", ((b) ? (b) : "")); \
ESP_LOGW(ESPIDF_TAG, "Warning: this heap %d != last %d", \
esp_this_heap, esp_last_heap); \
}
#define PRINT_HEAP_ADDRESS(p) WC_DO_NOTHING;
#endif
#endif /* WOLFSSL_ESPIDF */
#ifdef USE_FLAT_TEST_H
#ifdef HAVE_CONFIG_H
#include "test_paths.h"
#endif
#include "test.h"
#else
#ifdef HAVE_CONFIG_H
#include "wolfcrypt/test/test_paths.h"
#endif
#include "wolfcrypt/test/test.h"
#endif
/* printf mappings */
#ifndef WOLFSSL_LOG_PRINTF
#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
#include <mqx.h>
#include <stdlib.h>
/* see wc_port.h for fio.h and nio.h includes */
#elif defined(FREESCALE_KSDK_BM)
#include "fsl_debug_console.h"
#undef printf
#define printf PRINTF
#elif defined(WOLFSSL_APACHE_MYNEWT)
#include <assert.h>
#include <string.h>
#include "sysinit/sysinit.h"
#include "os/os.h"
#ifdef ARCH_sim
#include "mcu/mcu_sim.h"
#endif
#include "os/os_time.h"
#elif defined(WOLFSSL_ESPIDF)
#include <time.h>
#include <sys/time.h>
#include <esp_log.h>
#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
#define ESPIDF_TAG "wc_test"
#elif defined(WOLFSSL_ZEPHYR)
#include <stdio.h>
#define printf printk
#elif defined(MICRIUM)
#include <os.h>
#if (OS_VERSION < 50000)
#include <bsp_ser.h>
void BSP_Ser_Printf (CPU_CHAR* format, ...);
#undef printf
#define printf BSP_Ser_Printf
#else
#include <stdio.h>
#endif
#elif defined(WOLFSSL_PB)
#include <stdarg.h>
int wolfssl_pb_print(const char*, ...);
#undef printf
#define printf wolfssl_pb_print
#elif defined(WOLFSSL_TELIT_M2MB)
#include "wolfssl/wolfcrypt/wc_port.h" /* for m2mb headers */
#include "m2m_log.h" /* for M2M_LOG_INFO - not standard API */
/* remap printf */
#undef printf
#define printf M2M_LOG_INFO
/* OS requires occasional sleep() */
#ifndef TEST_SLEEP_MS
#define TEST_SLEEP_MS 50
#endif
#define TEST_SLEEP() m2mb_os_taskSleep(M2MB_OS_MS2TICKS(TEST_SLEEP_MS))
/* don't use file system for these tests, since ./certs dir isn't loaded */
#undef NO_FILESYSTEM
#define NO_FILESYSTEM
#elif defined(THREADX) && !defined(WOLFSSL_WICED) && \
!defined(THREADX_NO_DC_PRINTF)
#ifndef NETOS
/* since just testing, use THREADX log printf instead (NETOS prototypes
* this elsewhere) */
int dc_log_printf(char*, ...);
#endif
#undef printf
#define printf dc_log_printf
#elif defined(ANDROID)
#ifdef XMALLOC_USER
#include <stdlib.h> /* we're using malloc / free direct here */
#endif
#ifndef STRING_USER
#include <stdio.h>
#endif
#include <android/log.h>
#ifdef ANDROID_V454 /* See fips/android/wolfCrypt_v454_android */
#ifndef NO_FILESYSTEM
#define NO_FILESYSTEM /* Turn off tests that want to call SaveDerAndPem() */
#endif
#else
#define printf(...) \
__android_log_print(ANDROID_LOG_DEBUG, "[WOLFCRYPT]", __VA_ARGS__)
#define fprintf(fp, ...) \
__android_log_print(ANDROID_LOG_DEBUG, "[WOLFCRYPT]", __VA_ARGS__)
#endif
#elif defined(WOLFSSL_DEOS)
#include <printx.h>
#undef printf
#define printf printx
#elif defined(WOLFSSL_RENESAS_RSIP) || defined(WOLFSSL_RENESAS_RZN2L)
#ifndef TEST_SLEEP
#define TEST_SLEEP() vTaskDelay(50)
#endif
#undef vprintf
#define vprintf rsip_vprintf
#include <stdarg.h> /* for var args */
int rsip_vprintf(const char* restrict format, va_list args)
{
int ret;
char tmpBuf[80];
ret = XVSNPRINTF(tmpBuf, sizeof(tmpBuf), format, args);
printf(tmpBuf);
return ret;
}
#else
#ifdef XMALLOC_USER
#include <stdlib.h> /* we're using malloc / free direct here */
#endif
#if !defined(STRING_USER) && !defined(NO_STDIO_FILESYSTEM)
#include <stdio.h>
#endif
#if defined(WOLFSSL_KERNEL_MODE) && !defined(WOLFSSL_KERNEL_VERBOSE_DEBUG)
#undef printf
#define printf(...) ({})
#endif
/* enable way for customer to override test/bench printf */
#ifdef XPRINTF
#undef printf
#define printf XPRINTF
#elif !defined(printf) && !defined(NO_STDIO_FILESYSTEM)
/* arrange for printf() to flush after every message -- this assures
* redirected output (to a log file) records progress right up to the
* moment of a crash/abort(); otherwise anything queued in stdout would
* be lost.
*/
#define printf(...) ( printf(__VA_ARGS__), fflush(stdout) )
#endif
#endif
#endif /* !WOLFSSL_LOG_PRINTF */
#define TestDumpData(name, data, len) do { \
int _i; \
WOLFSSL_DEBUG_PRINTF("%s: %d bytes\n", name, (int)(len)); \
for (_i = 0; _i < (int)(len); _i++) { \
WOLFSSL_DEBUG_PRINTF("0x%02x,", ((byte*)(data))[_i]); \
if ((_i & 7) == 7) WOLFSSL_DEBUG_PRINTF("\n"); \
else WOLFSSL_DEBUG_PRINTF(" "); \
} \
if ((_i & 7) != 0) WOLFSSL_DEBUG_PRINTF("\n"); \
} while(0)
#include <wolfssl/wolfcrypt/memory.h>
#include <wolfssl/wolfcrypt/wc_port.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/types.h>
#include <wolfssl/wolfcrypt/asn.h>
#include <wolfssl/wolfcrypt/md2.h>
#include <wolfssl/wolfcrypt/md5.h>
#include <wolfssl/wolfcrypt/md4.h>
#include <wolfssl/wolfcrypt/sha.h>
#include <wolfssl/wolfcrypt/sha256.h>
#include <wolfssl/wolfcrypt/sha512.h>
#include <wolfssl/wolfcrypt/hash.h>
#include <wolfssl/wolfcrypt/rc2.h>
#include <wolfssl/wolfcrypt/arc4.h>
#if !defined(WC_NO_RNG)
#include <wolfssl/wolfcrypt/random.h>
#ifdef WC_RNG_BANK_SUPPORT
#include <wolfssl/wolfcrypt/rng_bank.h>
#endif
#endif
#include <wolfssl/wolfcrypt/wolfmath.h>
#include <wolfssl/wolfcrypt/coding.h>
#include <wolfssl/wolfcrypt/signature.h>
#include <wolfssl/wolfcrypt/rsa.h>
#include <wolfssl/wolfcrypt/des3.h>
#include <wolfssl/wolfcrypt/aes.h>
#include <wolfssl/wolfcrypt/wc_encrypt.h>
#include <wolfssl/wolfcrypt/cmac.h>
#ifdef WOLFSSL_SHE
#include <wolfssl/wolfcrypt/wc_she.h>
#endif
#include <wolfssl/wolfcrypt/siphash.h>
#include <wolfssl/wolfcrypt/poly1305.h>
#include <wolfssl/wolfcrypt/camellia.h>
#include <wolfssl/wolfcrypt/hmac.h>
#include <wolfssl/wolfcrypt/kdf.h>
#include <wolfssl/wolfcrypt/dh.h>
#include <wolfssl/wolfcrypt/dsa.h>
#include <wolfssl/wolfcrypt/srp.h>
#include <wolfssl/wolfcrypt/chacha.h>
#include <wolfssl/wolfcrypt/chacha20_poly1305.h>
#ifdef HAVE_ASCON
#include <wolfssl/wolfcrypt/ascon.h>
#endif
#include <wolfssl/wolfcrypt/pwdbased.h>
#include <wolfssl/wolfcrypt/ripemd.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#ifdef HAVE_ECC
#include <wolfssl/wolfcrypt/ecc.h>
#endif
#ifdef WOLFSSL_SM2
#include <wolfssl/wolfcrypt/sm2.h>
#endif
#ifdef HAVE_HPKE
#include <wolfssl/wolfcrypt/hpke.h>
#endif
#ifdef HAVE_CURVE25519
#include <wolfssl/wolfcrypt/curve25519.h>
#endif
#ifdef HAVE_ED25519
#include <wolfssl/wolfcrypt/ed25519.h>
#endif
#ifdef HAVE_CURVE448
#include <wolfssl/wolfcrypt/curve448.h>
#endif
#ifdef HAVE_ED448
#include <wolfssl/wolfcrypt/ed448.h>
#endif
#ifdef WOLFSSL_HAVE_MLKEM
#include <wolfssl/wolfcrypt/wc_mlkem.h>
#endif
#ifdef WOLFSSL_HAVE_MLDSA
#include <wolfssl/wolfcrypt/wc_mldsa.h>
#endif
#if defined(WOLFSSL_HAVE_XMSS)
#include <wolfssl/wolfcrypt/wc_xmss.h>
#endif
#if defined(WOLFSSL_HAVE_LMS)
#include <wolfssl/wolfcrypt/wc_lms.h>
#endif
#if defined(WOLFSSL_HAVE_SLHDSA)
#include <wolfssl/wolfcrypt/wc_slhdsa.h>
#endif
#ifdef WOLFCRYPT_HAVE_ECCSI
#include <wolfssl/wolfcrypt/eccsi.h>
#endif
#ifdef WOLFCRYPT_HAVE_SAKKE
#include <wolfssl/wolfcrypt/sakke.h>
#endif
#if defined(HAVE_BLAKE2B) || defined(HAVE_BLAKE2S)
#include <wolfssl/wolfcrypt/blake2.h>
#endif
#ifdef WOLFSSL_SHA3
#include <wolfssl/wolfcrypt/sha3.h>
#endif
#ifdef WOLFSSL_SM3
#include <wolfssl/wolfcrypt/sm3.h>
#endif
#ifdef WOLFSSL_SM4
#include <wolfssl/wolfcrypt/sm4.h>
#endif
#ifdef WOLFSSL_PUF
#include <wolfssl/wolfcrypt/puf.h>
#endif
#ifdef HAVE_LIBZ
#include <wolfssl/wolfcrypt/compress.h>
#endif
#ifdef HAVE_PKCS7
#include <wolfssl/wolfcrypt/pkcs7.h>
#endif
#ifdef HAVE_PKCS12
#include <wolfssl/wolfcrypt/pkcs12.h>
#endif
#ifdef HAVE_FIPS
#include <wolfssl/wolfcrypt/fips_test.h>
#endif
#ifdef HAVE_SELFTEST
#include <wolfssl/wolfcrypt/selftest.h>
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
#include <wolfssl/wolfcrypt/async.h>
#endif
#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
#include <wolfssl/wolfcrypt/logging.h>
#endif
#if defined(WOLFSSL_MICROCHIP_TA100)
#include <wolfssl/wolfcrypt/port/atmel/atmel.h>
#endif
#ifdef WOLFSSL_CAAM
#include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
#endif
#ifdef WOLF_CRYPTO_CB
#include <wolfssl/wolfcrypt/cryptocb.h>
#ifdef HAVE_INTEL_QA_SYNC
#include <wolfssl/wolfcrypt/port/intel/quickassist_sync.h>
#endif
#ifdef HAVE_CAVIUM_OCTEON_SYNC
#include <wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h>
#endif
#ifdef HAVE_RENESAS_SYNC
#include <wolfssl/wolfcrypt/port/renesas/renesas_sync.h>
#endif
#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)
#include <wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h>
#endif
#endif
#ifdef _MSC_VER
/* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
#pragma warning(disable: 4996)
#endif
#ifdef OPENSSL_EXTRA
#ifndef WOLFCRYPT_ONLY
#include <wolfssl/openssl/evp.h>
#include <wolfssl/openssl/hmac.h>
#endif
#include <wolfssl/openssl/rand.h>
#include <wolfssl/openssl/aes.h>
#include <wolfssl/openssl/des.h>
#endif
#if defined(NO_FILESYSTEM) || defined(WC_NO_RNG)
#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
!defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
#define USE_CERT_BUFFERS_2048
#endif
#if !defined(USE_CERT_BUFFERS_256)
#define USE_CERT_BUFFERS_256
#endif
#endif
#if defined(WOLFSSL_CERT_GEN) && (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES))
#define ENABLE_ECC384_CERT_GEN_TEST
#endif
#include <wolfssl/certs_test.h>
#ifdef DEVKITPRO
#include <wiiuse/wpad.h>
#endif
#ifdef WOLFSSL_NDS
#include <nds/ndstypes.h>
#include <nds/arm9/console.h>
#include <nds/arm9/input.h>
#include <nds/interrupts.h>
#include <fat.h>
#endif
#ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV
/* FIPS build has replaced ecc.h. */
#define wc_ecc_key_get_priv(key) (&((key)->k))
#define WOLFSSL_HAVE_ECC_KEY_GET_PRIV
#endif
#ifdef WOLFSSL_STATIC_MEMORY
static WOLFSSL_HEAP_HINT* HEAP_HINT;
#else
#define HEAP_HINT NULL
#endif /* WOLFSSL_STATIC_MEMORY */
/* these cases do not have intermediate hashing support */
#if (defined(WOLFSSL_AFALG_XILINX_SHA3) && !defined(WOLFSSL_AFALG_HASH_KEEP)) \
&& !defined(WOLFSSL_XILINX_CRYPT) || defined(WOLFSSL_XILINX_CRYPT_VERSAL)
#define NO_INTM_HASH_TEST
#endif
#if defined(WOLFSSL_RENESAS_TSIP) || defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) || \
defined(WOLFSSL_SECO_CAAM)
#define HASH_SIZE_LIMIT
#endif
#if defined(WOLFSSL_CERT_GEN) && (!defined(NO_RSA) || defined(HAVE_ECC)) || \
(defined(WOLFSSL_TEST_CERT) && (defined(HAVE_ED25519) || defined(HAVE_ED448)))
static void initDefaultName(void);
#endif
/* for async devices */
#ifdef WOLFSSL_CAAM_DEVID
static int devId = WOLFSSL_CAAM_DEVID;
#else
#ifdef WC_USE_DEVID
static int devId = WC_USE_DEVID;
#else
static int devId = INVALID_DEVID;
#endif
#endif
/* ============================================================================
* Test init helpers -- use id[] when WC_TEST_*_ID is defined, else plain init.
* Each algorithm has a static global id array (when defined) and a helper
* function that switches between wc_*Init_Id and the plain init.
* ========================================================================= */
/* --- AES CBC id[] and init helper --- */
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_AES_CBC_ID)
static unsigned char testAesCbcId[] = WC_TEST_AES_CBC_ID;
static int testAesCbcIdLen = (int)sizeof(testAesCbcId);
#endif
static WC_MAYBE_UNUSED int test_AesCbcInit(Aes* aes, void* heap,
int declaredDevId)
{
#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_AES_CBC_ID)
return wc_AesInit_Id(aes, testAesCbcId, testAesCbcIdLen, heap,
declaredDevId);
#else
return wc_AesInit(aes, heap, declaredDevId);
#endif
}
#endif /* !NO_AES && HAVE_AES_CBC */
/* --- AES ECB id[] and init helper --- */
#if !defined(NO_AES) && \
(defined(HAVE_AES_ECB) || defined(WOLFSSL_AES_DIRECT))
#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_AES_ECB_ID)
static unsigned char testAesEcbId[] = WC_TEST_AES_ECB_ID;
static int testAesEcbIdLen = (int)sizeof(testAesEcbId);
#endif
static WC_MAYBE_UNUSED int test_AesEcbInit(Aes* aes, void* heap,
int declaredDevId)
{
#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_AES_ECB_ID)
return wc_AesInit_Id(aes, testAesEcbId, testAesEcbIdLen, heap,
declaredDevId);
#else
return wc_AesInit(aes, heap, declaredDevId);
#endif
}
#endif /* !NO_AES && (HAVE_AES_ECB || WOLFSSL_AES_DIRECT) */
/* --- AES GCM id[] and init helper --- */
#if !defined(NO_AES) && defined(HAVE_AESGCM)
#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_AES_GCM_ID)
static unsigned char testAesGcmId[] = WC_TEST_AES_GCM_ID;
static int testAesGcmIdLen = (int)sizeof(testAesGcmId);
#endif
static WC_MAYBE_UNUSED int test_AesGcmInit(Aes* aes, void* heap,
int declaredDevId)
{
#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_AES_GCM_ID)
return wc_AesInit_Id(aes, testAesGcmId, testAesGcmIdLen, heap,
declaredDevId);
#else
return wc_AesInit(aes, heap, declaredDevId);
#endif
}
#endif /* !NO_AES && HAVE_AESGCM */
/* --- RSA id[] and init helper --- */
#if !defined(NO_RSA)
#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_RSA_PRIV_ID)
static unsigned char testRsaPrivId[] = WC_TEST_RSA_PRIV_ID;
static int testRsaPrivIdLen = (int)sizeof(testRsaPrivId);
#endif
#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_RSA_PUB_ID)
static unsigned char testRsaPubId[] = WC_TEST_RSA_PUB_ID;
static int testRsaPubIdLen = (int)sizeof(testRsaPubId);
#endif
static WC_MAYBE_UNUSED int test_RsaInit(RsaKey* key, void* heap,
int declaredDevId)
{
#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_RSA_PRIV_ID)
return wc_InitRsaKey_Id(key, testRsaPrivId, testRsaPrivIdLen, heap,
declaredDevId);
#else
return wc_InitRsaKey_ex(key, heap, declaredDevId);
#endif
}
static WC_MAYBE_UNUSED int test_RsaInit_Pub(RsaKey* key, void* heap,
int declaredDevId)
{
#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_RSA_PUB_ID)
return wc_InitRsaKey_Id(key, testRsaPubId, testRsaPubIdLen, heap,
declaredDevId);
#else
return wc_InitRsaKey_ex(key, heap, declaredDevId);
#endif
}
#endif /* !NO_RSA */
/* --- CMAC id[] and init helper --- */
#ifdef WOLFSSL_CMAC
#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_CMAC_ID)
static unsigned char testCmacId[] = WC_TEST_CMAC_ID;
static int testCmacIdLen = (int)sizeof(testCmacId);
#endif
static WC_MAYBE_UNUSED int test_CmacInit(Cmac* cmac, const byte* key,
word32 keySz, int type,
void* unused, void* heap,
int declaredDevId)
{
#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_CMAC_ID)
return wc_InitCmac_Id(cmac, key, keySz, type, unused,
testCmacId, testCmacIdLen, heap, declaredDevId);
#elif !defined(HAVE_FIPS)
return wc_InitCmac_ex(cmac, key, keySz, type, unused, heap, declaredDevId);
#else
(void)heap;
(void)declaredDevId;
return wc_InitCmac(cmac, key, keySz, type, unused);
#endif
}
#endif /* WOLFSSL_CMAC */
/* --- ECC id[] and init helpers --- */
#ifdef HAVE_ECC
#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_ECC_PAIR_P256_ID)
static unsigned char testEccPairP256Id[] = WC_TEST_ECC_PAIR_P256_ID;
static int testEccPairP256IdLen = (int)sizeof(testEccPairP256Id);
#endif
#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_ECC_PUB_P256_ID)
static unsigned char testEccPubP256Id[] = WC_TEST_ECC_PUB_P256_ID;
static int testEccPubP256IdLen = (int)sizeof(testEccPubP256Id);
#endif
#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_ECC_PAIR_P521_ID)
static unsigned char testEccPairP521Id[] = WC_TEST_ECC_PAIR_P521_ID;
static int testEccPairP521IdLen = (int)sizeof(testEccPairP521Id);
#endif
#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_ECC_PUB_P521_ID)
static unsigned char testEccPubP521Id[] = WC_TEST_ECC_PUB_P521_ID;
static int testEccPubP521IdLen = (int)sizeof(testEccPubP521Id);
#endif
static WC_MAYBE_UNUSED int test_EccInit_Pair(ecc_key* key, int keySize,
void* heap, int declaredDevId)
{
#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_ECC_PAIR_P256_ID)
if (keySize == 32) {
return wc_ecc_init_id(key, testEccPairP256Id,
testEccPairP256IdLen, heap, declaredDevId);
}
#endif
#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_ECC_PAIR_P521_ID)
if (keySize == 66) {
return wc_ecc_init_id(key, testEccPairP521Id,
testEccPairP521IdLen, heap, declaredDevId);
}
#endif
(void)keySize;
return wc_ecc_init_ex(key, heap, declaredDevId);
}
static WC_MAYBE_UNUSED int test_EccInit_Pub(ecc_key* key, int keySize,
void* heap, int declaredDevId)
{
#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_ECC_PUB_P256_ID)
if (keySize == 32) {
return wc_ecc_init_id(key, testEccPubP256Id,
testEccPubP256IdLen, heap, declaredDevId);
}
#endif
#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_ECC_PUB_P521_ID)
if (keySize == 66) {
return wc_ecc_init_id(key, testEccPubP521Id,
testEccPubP521IdLen, heap, declaredDevId);
}
#endif
(void)keySize;
return wc_ecc_init_ex(key, heap, declaredDevId);
}
#endif /* HAVE_ECC */
#ifdef HAVE_WNR
const char* wnrConfigFile = "wnr-example.conf";
#endif
#define TEST_STRING "Everyone gets Friday off."
#define TEST_STRING_SZ 25
typedef struct testVector {
const char* input;
const char* output;
size_t inLen;
size_t outLen;
} testVector;
#ifdef WOLFCRYPT_TEST_LINT
#define WOLFSSL_TEST_SUBROUTINE static
#else
PRAGMA_GCC("GCC diagnostic ignored \"-Wunused-function\"")
PRAGMA_CLANG("clang diagnostic ignored \"-Wunused-function\"")
#endif
#ifndef WOLFSSL_TEST_SUBROUTINE
#define WOLFSSL_TEST_SUBROUTINE
#endif
#ifndef WC_TEST_EXPORT_SUBTESTS
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t macro_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t error_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base16_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t asn_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md2_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md5_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md4_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha224_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha256_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_test(void);
#if !defined(WOLFSSL_NOSHA512_224) && \
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_224_test(void);
#endif
#if !defined(WOLFSSL_NOSHA512_256) && \
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_256_test(void);
#endif
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha384_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha3_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake128_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake256_test(void);
#ifdef WOLFSSL_SM3
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm3_test(void);
#endif
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_md5_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha224_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha256_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha384_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha512_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha3_test(void);
#if defined(HAVE_HKDF) && !defined(NO_HMAC)
#if defined(WOLFSSL_AFALG_XILINX) || defined(WOLFSSL_AFALG_XILINX_AES) || \
defined(WOLFSSL_AFALG_XILINX_SHA3) || defined(WOLFSSL_AFALG_HASH_KEEP) || \
defined(WOLFSSL_AFALG_XILINX_RSA)
/* hkdf_test has issue with WOLFSSL_TEST_SUBROUTINE set on Xilinx with afalg */
static wc_test_ret_t hkdf_test(void);
#else
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void);
#endif
#endif /* HAVE_HKDF && ! NO_HMAC */
#if defined(WOLFSSL_HAVE_PRF) && defined(HAVE_HKDF) && !defined(NO_HMAC) && \
defined(WOLFSSL_BASE16) && !defined(WOLFSSL_NO_TLS12)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls12_kdf_test(void);
#endif
#if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && \
defined(WOLFSSL_SHA384) && !defined(WOLFSSL_NO_TLS12)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prf_test(void);
#endif
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sshkdf_test(void);
#if defined(WOLFSSL_TLS13) && !defined(NO_HMAC)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls13_kdf_test(void);
#endif
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t x963kdf_test(void);
#if defined(HAVE_HPKE) && \
(defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
defined(HAVE_CURVE448)) && \
defined(HAVE_AESGCM)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void);
#endif
#ifdef WC_SRTP_KDF
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void);
#endif
#if defined(WC_KDF_NIST_SP_800_56C) && \
(!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0))
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t nist_sp80056c_kdf_test(void);
#endif
#if defined(HAVE_CMAC_KDF) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0))
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t nist_sp800108_cmac(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t nist_sp80056c_twostep_cmac(void);
#endif
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t arc4_test(void);
#ifdef WC_RC2
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rc2_test(void);
#endif
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha20_poly1305_aead_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha20Poly1305_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des3_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cbc_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_ctr_test(void);
#if defined(WOLFSSL_AES_CFB)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cfb_test(void);
#endif
#ifdef WOLFSSL_AES_XTS
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_xts_test(void);
#endif
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesofb_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void);
#ifdef WOLFSSL_SHE
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t she_test(void);
#endif
#ifdef HAVE_ASCON
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ascon_hash256_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ascon_aead128_test(void);
#endif
#if defined(WOLFSSL_SIPHASH)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t siphash_test(void);
#endif
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t poly1305_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_default_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t gmac_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesccm_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aeskeywrap_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t camellia_test(void);
#ifdef WOLFSSL_SM4
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm4_test(void);
#endif
#ifdef WOLFSSL_PUF
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t puf_test(void);
#endif
#ifdef WC_RSA_NO_PADDING
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void);
#endif
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dh_test(void);
#ifndef NO_DSA
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dsa_test(void);
#endif
#ifdef WOLFCRYPT_HAVE_SRP
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srp_test(void);
#endif
#ifndef WC_NO_RNG
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void);
#ifdef WC_RNG_BANK_SUPPORT
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_bank_test(void);
#endif
#endif /* WC_NO_RNG */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pwdbased_test(void);
#if defined(USE_CERT_BUFFERS_2048) && \
defined(HAVE_PKCS12) && \
!defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \
!defined(NO_CERTS) && !defined(NO_DES3) && !defined(NO_SHA)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void);
#endif
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ripemd_test(void);
#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void); /* test mini api */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey1_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openSSL_evpMD_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_evpSig_test(void);
#endif
#if defined(HAVE_PBKDF1) && !defined(NO_SHA)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf1_test(void);
#endif
#if defined(HAVE_PKCS12) && !defined(NO_SHA256)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void);
#endif
#if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf2_test(void);
#endif
#if !defined(NO_PWDBASED) && defined(HAVE_SCRYPT)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void);
#endif
#ifdef HAVE_ECC
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void);
#if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \
(defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_256))
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void);
#endif
#if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A) && !defined(WOLFSSL_MICROCHIP_TA100) && \
!defined(NO_ECC256) && \
defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \
(!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_SWDEV)) && !defined(NO_ECC_SECP) && \
!defined(WOLFSSL_SE050)
/* skip for ATECC508/608A (cannot import private key buffers) and
* SE050 (test vector uses a digest size SE050 does not accept) */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test_buffers(void);
#endif
#endif
#ifdef HAVE_CURVE25519
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void);
#endif
#ifdef HAVE_ED25519
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void);
#endif
#ifdef HAVE_CURVE448
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve448_test(void);
#endif
#ifdef HAVE_ED448
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void);
#endif
#ifdef WOLFSSL_HAVE_MLKEM
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mlkem_test(void);
#endif
#ifdef WOLFSSL_HAVE_MLDSA
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mldsa_test(void);
#endif
#if defined(WOLFSSL_HAVE_XMSS)
#if !defined(WOLFSSL_SMALL_STACK) && WOLFSSL_XMSS_MIN_HEIGHT <= 10
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test_verify_only(void);
#endif
#if !defined(WOLFSSL_XMSS_VERIFY_ONLY)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void);
#endif
#endif
#if defined(WOLFSSL_HAVE_LMS)
#if !defined(WOLFSSL_SMALL_STACK) && (LMS_MAX_HEIGHT >= 10) && \
!defined(WOLFSSL_NO_LMS_SHA256_256)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void);
#endif
#if !defined(WOLFSSL_LMS_VERIFY_ONLY)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void);
#endif
#endif
#if defined(WOLFSSL_HAVE_SLHDSA)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t slhdsa_test(void);
#endif
#ifdef WOLFCRYPT_HAVE_ECCSI
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t eccsi_test(void);
#endif
#ifdef WOLFCRYPT_HAVE_SAKKE
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sakke_test(void);
#endif
#ifdef HAVE_BLAKE2B
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2b_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2b_hmac_test(void);
#endif
#ifdef HAVE_BLAKE2S
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2s_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2s_hmac_test(void);
#endif
#ifdef HAVE_LIBZ
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t compress_test(void);
#endif
#ifdef HAVE_PKCS7
#ifndef NO_PKCS7_ENCRYPTED_DATA
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7encrypted_test(void);
#endif
#if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7compressed_test(void);
#endif
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7signed_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7enveloped_test(void);
#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7authenveloped_test(void);
#endif
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7callback_test(byte* cert, word32 certSz, byte* key,
word32 keySz);
#endif
#endif
#if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \
!defined(NO_FILESYSTEM)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cert_test(void);
static wc_test_ret_t fill_signer_twice_test(void);
#endif
#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(WOLFSSL_GEN_CERT)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void);
#endif
#if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void);
#endif
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void);
#if defined(WOLFSSL_PUBLIC_MP) && \
((defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
defined(USE_FAST_MATH))
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void);
#endif
#if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN) && \
(!defined(NO_DH) || !defined(NO_DSA)) && !defined(WC_NO_RNG)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prime_test(void);
#endif
#if defined(ASN_BER_TO_DER) && \
(defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL))
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void);
#endif
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t logging_test(void);
#if !defined(NO_ASN) && !defined(NO_ASN_TIME)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t time_test(void);
#endif
#if defined(__INCLUDE_NUTTX_CONFIG_H)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t wolfcrypt_mutex_test(void);
#else
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mutex_test(void);
#endif
#if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memcb_test(void);
#endif
#ifdef WOLFSSL_CAAM_BLOB
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blob_test(void);
#endif
#ifdef HAVE_ARIA
#include "wolfssl/wolfcrypt/port/aria/aria-crypt.h"
void printOutput(const char *strName, unsigned char *data, unsigned int dataSz);
WOLFSSL_TEST_SUBROUTINE int ariagcm_test(MC_ALGID);
#endif
#if defined(WOLF_CRYPTO_CB) && !defined(WC_TEST_NO_CRYPTOCB_SW_TEST)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void);
#endif
#ifdef WOLFSSL_CERT_PIV
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certpiv_test(void);
#endif
#if defined(WOLFSSL_AES_SIV) && defined(WOLFSSL_AES_128)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void);
#endif
#if defined(WOLFSSL_AES_EAX) && \
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_eax_test(void);
#endif /* WOLFSSL_AES_EAX */
#ifdef WOLFSSL_AES_CTS
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cts_test(void);
#endif
#ifdef REALLY_LONG_DRBG_CONTINUOUS_TEST
#ifdef WOLFSSL_PTHREADS
#include <wolfssl/wolfcrypt/wolfevent.h>
#include <wolfssl/wolfcrypt/types.h>
#endif
/* Prototypes */
void print_result(const char* test_name, int passed, int *all_passed);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t test_basic_rng(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t test_multiple_rngs(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t test_stress_rng(unsigned long iterations);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t test_reinit_rng(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t test_fips_status(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t drbg_continuous_main(void);
#endif
#endif /* !WC_TEST_EXPORT_SUBTESTS */
/* General big buffer size for many tests. */
#define FOURK_BUF 4096
/* If not defined in user_settings, the ERROR_OUT pause is 120 seconds. */
#ifndef WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION
#define WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION 120
#endif
#if defined(WOLFSSL_ESPIDF_ERROR_PAUSE)
#if defined(CONFIG_FREERTOS_HZ)
#define WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION_TICKS \
(WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION * CONFIG_FREERTOS_HZ)
#else
/* If not defined, assume RTOS is 1000 ticks per second. */
#define WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION_TICKS \
(WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION * 1000)
#endif
/* When defined, pause at error condition rather than exit with error. */
#define ERROR_OUT(err, eLabel) \
do { \
ret = (err); \
ESP_LOGE(ESPIDF_TAG, "Failed: Error = %d during %s, line %d", \
err, __func__, __LINE__); \
ESP_LOGI(ESPIDF_TAG, "Extended system info:"); \
esp_ShowExtendedSystemInfo(); \
ESP_LOGW(ESPIDF_TAG, "Paused for %d seconds! " \
"WOLFSSL_ESPIDF_ERROR_PAUSE is enabled.", \
WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION); \
vTaskDelay(WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION_TICKS); \
goto eLabel; \
} while (0)
#else
#define ERROR_OUT(err, eLabel) do { ret = (err); goto eLabel; } while (0)
#endif
/* Not all unexpected conditions are actually errors .*/
#define WARNING_OUT(err, eLabel) do { ret = (err); goto eLabel; } while (0)
void wc_test_render_error_message(const char* msg, wc_test_ret_t es)
{
(void)msg;
(void)es;
#ifdef WOLFSSL_KERNEL_MODE
#define err_sys_printf wc_km_printf
#else
#define err_sys_printf printf
#endif
switch (WC_TEST_RET_DEC_TAG(es)) {
case WC_TEST_RET_TAG_NC:
err_sys_printf("%s error L=%d\n", msg, WC_TEST_RET_DEC_LN(es));
break;
case WC_TEST_RET_TAG_EC:
#ifdef NO_ERROR_STRINGS
err_sys_printf("%s error L=%d code=%d\n", msg,
WC_TEST_RET_DEC_LN(es), -WC_TEST_RET_DEC_I(es));
#elif defined(WOLFCRYPT_ONLY) || !defined(WOLFSSL_TYPES_DEFINED)
err_sys_printf("%s error L=%d code=%d (%s)\n", msg,
WC_TEST_RET_DEC_LN(es), -WC_TEST_RET_DEC_I(es),
wc_GetErrorString(-WC_TEST_RET_DEC_I(es))
);
#else
err_sys_printf("%s error L=%d code=%d (%s)\n", msg,
WC_TEST_RET_DEC_LN(es), -WC_TEST_RET_DEC_I(es),
wolfSSL_ERR_reason_error_string((unsigned long)-WC_TEST_RET_DEC_I(es))
);
#endif
break;
case WC_TEST_RET_TAG_ERRNO:
{
/* strerror_r() comes in two mutually incompatible flavors, a native glibc
* flavor that always returns a non-null char pointer that must be used
* directly, and a POSIX flavor that returns an error int, and iff success,
* stores an error string in the supplied buffer. this is all most
* infelicitous...
*/
#if !defined(STRING_USER) && !defined(NO_ERROR_STRINGS) && \
(defined(__STDC_VERSION__) && (__STDC_VERSION__ > 199901L)) && \
((defined(__GLIBC__) && (__GLIBC__ >= 2) && defined(__USE_GNU)) || \
(defined(__USE_XOPEN2K) && \
defined(_POSIX_C_SOURCE) && \
(_POSIX_C_SOURCE >= 200112L)))
char errno_buf[64], *errno_string;
/* precisely mirror the gate used in glibc string.h */
#if defined __USE_XOPEN2K && !defined __USE_GNU
if (strerror_r(WC_TEST_RET_DEC_I(es),
errno_buf, sizeof(errno_buf)) != 0)
XSTRLCPY(errno_buf, "?", sizeof(errno_buf));
errno_string = errno_buf;
#else
errno_string = strerror_r(WC_TEST_RET_DEC_I(es),
errno_buf, sizeof(errno_buf));
#endif
err_sys_printf("%s error L=%d errno=%d (%s)\n", msg,
WC_TEST_RET_DEC_LN(es), WC_TEST_RET_DEC_I(es),
errno_string);
#else /* can't figure out how to strerror_r(), or don't want error strings */
err_sys_printf("%s error L=%d errno=%d\n", msg,
WC_TEST_RET_DEC_LN(es), WC_TEST_RET_DEC_I(es));
#endif
break;
}
case WC_TEST_RET_TAG_I:
err_sys_printf("%s error L=%d i=%d\n", msg,
WC_TEST_RET_DEC_LN(es), WC_TEST_RET_DEC_I(es));
break;
}
#undef err_sys_printf
}
static void print_fiducials(void);
#ifdef HAVE_STACK_SIZE
static THREAD_RETURN err_sys(const char* msg, int es)
#else
static wc_test_ret_t err_sys(const char* msg, wc_test_ret_t es)
#endif
{
wc_test_render_error_message(msg, es);
print_fiducials();
#ifdef WOLFSSL_KERNEL_MODE
EXIT_TEST(es);
#else
EXIT_TEST(-1);
#endif
}
#ifndef HAVE_WOLFCRYPT_TEST_OPTIONS
/* func_args from test.h, so don't have to pull in other stuff */
typedef struct func_args {
int argc;
char** argv;
wc_test_ret_t return_code;
} func_args;
#endif /* !HAVE_WOLFCRYPT_TEST_OPTIONS */
/* Kernel modules implement and install their own FIPS callback with similar
* functionality.
*/
#if defined(HAVE_FIPS) && !defined(WOLFSSL_KERNEL_MODE)
static void myFipsCb(int ok, int err, const char* hash)
{
static int rendered_fips_message = 0;
if (rendered_fips_message == 0) {
rendered_fips_message = 1;
printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
printf("message = %s\n", wc_GetErrorString(err));
printf("hash = %s\n", hash);
if (err == WC_NO_ERR_TRACE(IN_CORE_FIPS_E)) {
printf("In core integrity hash check failure, copy above hash\n");
printf("into verifyCore[] in fips_test.c and rebuild\n");
}
}
}
#endif /* HAVE_FIPS && !WOLFSSL_KERNEL_MODE */
/* Polyfill for old FIPS modules whose headers don't declare the
* constructor/destructor helpers. Skip when the current headers
* already provide them (WC_AES_NEW_API_AVAILABLE / WC_RSA_NEW_API_AVAILABLE). */
#if defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) && \
!defined(WC_NO_CONSTRUCTORS)
#if !defined(NO_AES) && !defined(WC_AES_NEW_API_AVAILABLE)
static WC_MAYBE_UNUSED Aes* wc_AesNew(void* heap, int thisDevId, int *result_code)
{
int ret;
Aes* aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_AES);
if (aes == NULL) {
ret = MEMORY_E;
}
else {
ret = wc_AesInit(aes, heap, thisDevId);
if (ret != 0) {
XFREE(aes, heap, DYNAMIC_TYPE_AES);
aes = NULL;
}
}
if (result_code != NULL)
*result_code = ret;
return aes;
}
static WC_MAYBE_UNUSED int wc_AesDelete(Aes *aes, Aes** aes_p)
{
if (aes == NULL)
return BAD_FUNC_ARG;
wc_AesFree(aes);
XFREE(aes, aes->heap, DYNAMIC_TYPE_AES);
if (aes_p != NULL)
*aes_p = NULL;
return 0;
}
#ifdef WOLF_PRIVATE_KEY_ID
static WC_MAYBE_UNUSED Aes* wc_AesNew_Id(unsigned char* id, int len,
void* heap, int thisDevId,
int *result_code)
{
int ret;
Aes* aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_AES);
if (aes == NULL) {
ret = MEMORY_E;
}
else {
ret = wc_AesInit_Id(aes, id, len, heap, thisDevId);
if (ret != 0) {
XFREE(aes, heap, DYNAMIC_TYPE_AES);
aes = NULL;
}
}
if (result_code != NULL) {
*result_code = ret;
}
return aes;
}
#endif /* WOLF_PRIVATE_KEY_ID */
#endif /* !NO_AES && !WC_AES_NEW_API_AVAILABLE */
#if !defined(NO_RSA) && !defined(WC_RSA_NEW_API_AVAILABLE)
static WC_MAYBE_UNUSED RsaKey* wc_NewRsaKey(void* heap, int thisDevId, int *result_code)
{
int ret;
RsaKey* key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap, DYNAMIC_TYPE_RSA);
if (key == NULL) {
ret = MEMORY_E;
}
else {
ret = wc_InitRsaKey_ex(key, heap, thisDevId);
if (ret != 0) {
XFREE(key, heap, DYNAMIC_TYPE_RSA);
key = NULL;
}
}
if (result_code != NULL)
*result_code = ret;
return key;
}
static WC_MAYBE_UNUSED int wc_DeleteRsaKey(RsaKey* key, RsaKey** key_p)
{
if (key == NULL)
return BAD_FUNC_ARG;
wc_FreeRsaKey(key);
XFREE(key, key->heap, DYNAMIC_TYPE_RSA);
if (key_p != NULL)
*key_p = NULL;
return 0;
}
#ifdef WOLF_PRIVATE_KEY_ID
static WC_MAYBE_UNUSED RsaKey* wc_NewRsaKey_Id(unsigned char* id, int len,
void* heap, int thisDevId,
int *result_code)
{
int ret;
RsaKey* key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap, DYNAMIC_TYPE_RSA);
if (key == NULL) {
ret = MEMORY_E;
}
else {
ret = wc_InitRsaKey_Id(key, id, len, heap, thisDevId);
if (ret != 0) {
XFREE(key, heap, DYNAMIC_TYPE_RSA);
key = NULL;
}
}
if (result_code != NULL) {
*result_code = ret;
}
return key;
}
#endif /* WOLF_PRIVATE_KEY_ID */
#endif /* !NO_RSA && !WC_RSA_NEW_API_AVAILABLE */
#endif /* HAVE_FIPS && FIPS_VERSION3_LT(6,0,0) && !WC_NO_CONSTRUCTORS */
/* AES New helpers -- placed after the FIPS polyfill block so wc_AesNew
* is visible from either the library or the polyfill above.
* Excluded from selftest builds which do not provide these functions. */
#if !defined(WC_NO_CONSTRUCTORS) && !defined(HAVE_SELFTEST)
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
static WC_MAYBE_UNUSED Aes* test_AesCbcNew(void* heap, int declaredDevId,
int* ret)
{
#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_AES_CBC_ID)
return wc_AesNew_Id(testAesCbcId, testAesCbcIdLen, heap, declaredDevId,
ret);
#else
return wc_AesNew(heap, declaredDevId, ret);
#endif
}
#endif /* !NO_AES && HAVE_AES_CBC */
#if !defined(NO_AES) && \
(defined(HAVE_AES_ECB) || defined(WOLFSSL_AES_DIRECT))
static WC_MAYBE_UNUSED Aes* test_AesEcbNew(void* heap, int declaredDevId,
int* ret)
{
#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_AES_ECB_ID)
return wc_AesNew_Id(testAesEcbId, testAesEcbIdLen, heap, declaredDevId,
ret);
#else
return wc_AesNew(heap, declaredDevId, ret);
#endif
}
#endif /* !NO_AES && (HAVE_AES_ECB || WOLFSSL_AES_DIRECT) */
#if !defined(NO_AES) && defined(HAVE_AESGCM)
static WC_MAYBE_UNUSED Aes* test_AesGcmNew(void* heap, int declaredDevId,
int* ret)
{
#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_AES_GCM_ID)
return wc_AesNew_Id(testAesGcmId, testAesGcmIdLen, heap, declaredDevId,
ret);
#else
return wc_AesNew(heap, declaredDevId, ret);
#endif
}
#endif /* !NO_AES && HAVE_AESGCM */
#if !defined(NO_RSA)
#endif /* !NO_RSA */
#endif /* !WC_NO_CONSTRUCTORS && !HAVE_SELFTEST */
#ifdef WOLFSSL_STATIC_MEMORY
#if defined(WOLFSSL_STATIC_MEMORY_TEST_SZ)
static byte gTestMemory[WOLFSSL_STATIC_MEMORY_TEST_SZ];
#elif defined(WOLFSSL_HAVE_MLDSA)
#if defined(WOLFSSL_MLDSA_VERIFY_SMALL_MEM) && \
defined(WOLFSSL_MLDSA_SIGN_SMALL_MEM) && \
defined(WOLFSSL_MLDSA_MAKE_KEY_SMALL_MEM) && \
defined(WOLFSSL_MLDSA_VERIFY_ONLY)
static byte gTestMemory[192*1024]; /* ML-DSA low mem */
#else
static byte gTestMemory[576*1024]; /* ML-DSA full mem */
#endif
#elif defined(BENCH_EMBEDDED)
static byte gTestMemory[14000];
#elif defined(WOLFSSL_CERT_EXT)
static byte gTestMemory[140000];
#elif (defined(WOLFSSL_SP_MATH_ALL) || defined(USE_FAST_MATH)) && \
!defined(ALT_ECC_SIZE)
static byte gTestMemory[160000];
#else
static byte gTestMemory[80000];
#endif
#endif
#ifdef WOLFSSL_PB
static int wolfssl_pb_print(const char* msg, ...)
{
int ret;
va_list args;
char tmpBuf[80];
va_start(args, msg);
ret = vsprint(tmpBuf, msg, args);
va_end(args);
fnDumpStringToSystemLog(tmpBuf);
return ret;
}
#endif /* WOLFSSL_PB */
#if defined(WOLF_CRYPTO_CB) && !defined(HAVE_HASHDRBG) && \
!defined(WC_NO_RNG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
/* Enable support for RNG with crypto callback */
static int rng_crypto_cb(int thisDevId, wc_CryptoInfo* info, void* ctx)
{
int rc = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
if (info->algo_type == WC_ALGO_TYPE_RNG) {
rc = wc_GenerateSeed(&info->rng.rng->seed, info->rng.out, info->rng.sz);
}
(void)ctx;
(void)thisDevId;
return rc;
}
#endif
#if defined(WC_KDF_NIST_SP_800_56C) && \
(!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0))
#define INIT_SP80056C_TEST_VECTOR(_z, _fixedInfo, _derivedKey, _hashType) \
{ \
.z = (const byte*)(_z), .zSz = sizeof(_z) - 1, \
.fixedInfo = (const byte*)(_fixedInfo), \
.fixedInfoSz = sizeof(_fixedInfo) - 1, \
.derivedKey = (const byte*)(_derivedKey), \
.derivedKeySz = sizeof(_derivedKey) - 1, .hashType = (_hashType), \
}
#define SP800_56C_MAX_OUT 128
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t nist_sp80056c_kdf_test(void)
{
struct sp800_56c_test_vector {
const byte* z;
word32 zSz;
const byte* fixedInfo;
word32 fixedInfoSz;
const byte* derivedKey;
word32 derivedKeySz;
enum wc_HashType hashType;
};
struct sp800_56c_test_vector* v;
byte output[SP800_56C_MAX_OUT];
word32 i;
int ret;
/* vectors from
* https://csrc.nist.gov/projects/cryptographic-standards-and-guidelines/example-values
*
* (KeyManagement) */
struct sp800_56c_test_vector vctors[] = {
#if !defined(NO_SHA)
/* SHA-1 */
INIT_SP80056C_TEST_VECTOR(
"\xad\x42\x01\x82\x63\x3f\x85\x26\xbf\xe9\x54\xac\xda\x37\x6f\x05"
"\xe5\xff\x4f\x83\x7f\x54\xfe\xbe\x0f\xb1\x2a\x1b\x3b\xeb\xf2\x63"
"\xee\x21\x64\x13\xed\x06\xa8\x4a\x12\xeb\x51\x11\x59\xf1\x33\x7d",
"\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
"\x42\x4f\x42\x42\x59\x34\x35\x36",
"\x6f\xef\x44\x2f\xc1\x7a\x7e\x2b\x0c\x9d\xec\xe0\xe4\x7a\x57\x48"
"\xac\xb4\x6a\xf1\x98\xd7\x67\x47\x0f\x28\xa1\x04\xb5\x61\x30\xae"
"\xb0\x10\x09\xa4\x56\x82\xa5\xe1",
WC_HASH_TYPE_SHA),
INIT_SP80056C_TEST_VECTOR(
"\xae\x64\xab\x2b\x2b\x75\xa9\x4c\xf8\xef\x24\xda\x24\x56\xbd\x3a"
"\xa3\x6d\xb6\x14\x29\xea\x55\x21",
"\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
"\x42\x4f\x42\x42\x59\x34\x35\x36",
"\xcc\x96\x5a\x52\xd0\x5c\x94\x9e\x52\xc0\x35\xfd\x03\x53\x0d\xb7"
"\xea\xa4\x08\x70\x2c\x9d\x35\x21\x1e\x67\x21\x54\x12\x45\x91\x51"
"\xba\x22\x62\xbd\x1e\x28\xe5\x6b",
WC_HASH_TYPE_SHA),
INIT_SP80056C_TEST_VECTOR(
"\x71\x5d\xc0\xea\x24\x6b\x46\x56\x63\xa8\x9c\xde\x04\x12\xc1\x92"
"\xe1\x9e\x58\xd5\xb0\xb6\x36\x6d\xa7\x89\xad\xbf\x44\x9a\x38\xaa"
"\x46\x69\xfe\x36\x30\xa2\x0f\x7f\xa3\x14\x9c\x9b\x4b\x0a\xb5\xcd"
"\x3e\x14\x18\x2b\x75\x04\xd5\xd2\x75\x2b\xf6\x58\x7a\xab\xc9\xf4"
"\xcb\x8f\xe5\x29\x23\x6a\xb8\x15\x36\xad\xd2\xbd\x25\xd6\xbf\x9d"
"\x5f\x1d\xf5\x76\x16\x5a\xa5\x5c\x24\x99\x61\xd8\xf8\x75\x00\xed"
"\x8d\xbf\xc5\xd2\x50\x53\x4c\x07\xd9\x9a\xc9\x17\xf9\x84\x60\x46"
"\xac\x5c\xb8\xa2\x98\x74\x26\x22\xd3\xc9\x86\x18\x06\x92\x46\xe8"
"\xad\x37\x11\x25\x57\xe0\xe6\x34\xb5\x81\x32\x7a\x4a\xd3\x2c\x7c"
"\x76\x4b\xe8\xf8\x08\x0d\x37\x2c\x63\x20\x93\xa7\x67\xf1\x55\xbd"
"\x22\xec\x00\x3c\xa6\x1c\x8b\x43\x32\x0f\x3a\xbe\xb5\xdd\xc4\xa3"
"\xb1\x89\x82\xfd\xd6\x51\x0f\x88\x3c\x8d\xc1\xe0\xb1\x57\xff\xb9"
"\xcf\xc0\xa5\x9c\xe2\xd4\x05\x5f\xfc\x73\xe7\x15\x2a\x6a\x95\x43"
"\xb9\x19\xe7\x94\xe9\x49\x61\x33\xbe\x2a\x23\x18\xd9\x05\x6e\xfd"
"\x74\x48\x2d\xc6\x3c\x0d\xb5\x8f\xe6\x42\x6b\x0f\xe7\x35\x45\x42"
"\xc2\x19\x7a\xb6\xbd\x35\xf1\xa9\x2d\xce\x90\xb1\xc4\x6d\x32\xc1",
"\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
"\x42\x4f\x42\x42\x59\x34\x35\x36",
"\x1b\x5f\xcc\x8d\x81\xa5\xd9\xa9\x36\x94\xe6\x47\x77\x88\xd8\x03"
"\x15\x84\xc3\xf5\x2e\x9f\x11\x7a\xe8\x18\x4d\xba\x56\x47\x9d\x87"
"\x66\x76\x92\xf1\x2d\x7b\xd3\x8b",
WC_HASH_TYPE_SHA),
INIT_SP80056C_TEST_VECTOR(
"\x33\xe0\x50\xbd\x20\x9f\x2d\xf2\x77\x19\x78\xfc\xd1\xd4\xc8\x2e"
"\x49\xd0\x1d\x65\xbb\x62\x03\x20\xd3\x0b\xfe\xa8\x7a\xa8\x69\xe1"
"\x07\xa5\x17\xa4\xc8\x5b\x69\x28\x45\x21\xca\x54\xb7\x7f\x59\xe9"
"\x4a\x85\x6d\xaa\x30\xa3\x85\xa5\x25\xd8\xa3\xf7\xe1\x5e\xe5\xe9"
"\xaa\x12\x8d\x45\xef\x63\xf9\x0c\x10\xe0\x8f\xc5\x26\x36\x13\x77"
"\x81\x54\x7a\x58\x9f\x97\x87\xf9\xd7\xdd\x61\x43\x41\x9a\x26\x16"
"\x80\x16\x82\x40\xaa\xb2\x01\x3d\x80\x20\xdb\xe8\x4b\x7e\x2b\xed"
"\xce\x67\x1b\x94\x03\xbd\x1f\x91\x71\xa2\x57\x90\xce\x66\x7d\xed",
"\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
"\x42\x4f\x42\x42\x59\x34\x35\x36",
"\x35\x10\x85\x85\xfc\x55\x62\xb5\xf1\x8f\x20\x7b\xa8\x35\x63\xe4"
"\x49\x28\x45\x6a\x5e\x53\x63\x7e\xae\x6b\xb5\xfc\x33\x88\xae\x02"
"\x91\x79\x0a\x1d\xc8\x31\x4e\x28",
WC_HASH_TYPE_SHA),
INIT_SP80056C_TEST_VECTOR(
"\x5c\x80\x4f\x45\x4d\x30\xd9\xc4\xdf\x85\x27\x1f\x93\x52\x8c\x91"
"\xdf\x6b\x48\xab\x5f\x80\xb3\xb5\x9c\xaa\xc1\xb2\x8f\x8a\xcb\xa9"
"\xcd\x3e\x39\xf3\xcb\x61\x45\x25\xd9\x52\x1d\x2e\x64\x4c\x53\xb8"
"\x07\xb8\x10\xf3\x40\x06\x2f\x25\x7d\x7d\x6f\xbf\xe8\xd5\xe8\xf0"
"\x72\xe9\xb6\xe9\xaf\xda\x94\x13\xea\xfb\x2e\x8b\x06\x99\xb1\xfb"
"\x5a\x0c\xac\xed\xde\xae\xad\x7e\x9c\xfb\xb3\x6a\xe2\xb4\x20\x83"
"\x5b\xd8\x3a\x19\xfb\x0b\x5e\x96\xbf\x8f\xa4\xd0\x9e\x34\x55\x25"
"\x16\x7e\xcd\x91\x55\x41\x6f\x46\xf4\x08\xed\x31\xb6\x3c\x6e\x6d",
"\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
"\x42\x4f\x42\x42\x59\x34\x35\x36",
"\xfa\xa0\x22\xce\x7f\xa9\xba\x95\xeb\xa3\x9f\x3f\x44\xf3\xee\x14"
"\x96\x0a\x0b\x23\x9d\x01\x4b\x57\x70\xe4\x71\xd7\x5a\x99\xea\x87"
"\x10\xe3\x8f\x0c\xef\x0f\xfc\x67",
WC_HASH_TYPE_SHA),
INIT_SP80056C_TEST_VECTOR(
"\xad\x42\x01\x82\x63\x3f\x85\x26\xbf\xe9\x54\xac\xda\x37\x6f\x05"
"\xe5\xff\x4f\x83\x7f\x54\xfe\xbe\x0f\xb1\x2a\x1b\x3b\xeb\xf2\x63"
"\xee\x21\x64\x13\xed\x06\xa8\x4a\x12\xeb\x51\x11\x59\xf1\x33\x7d",
"\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
"\x42\x4f\x42\x42\x59\x34\x35\x36",
"\x6f\xef\x44\x2f\xc1\x7a\x7e\x2b\x0c\x9d\xec\xe0\xe4\x7a\x57\x48"
"\xac\xb4\x6a\xf1\x98\xd7\x67\x47\x0f\x28\xa1\x04\xb5\x61\x30\xae"
"\xb0\x10\x09\xa4\x56\x82\xa5\xe1",
WC_HASH_TYPE_SHA),
#endif
#if defined(WOLFSSL_SHA224)
/* SHA-224*/
INIT_SP80056C_TEST_VECTOR(
"\x8c\x5d\x6e\x5d\x36\x06\x83\xba\x55\xb0\x9d\xb1\x69\x6d\x7c\x64"
"\x02\xff\x87\x88\x5f\xf5\x07\x70\xf2\x76\x7b\x75\x54\x60\x20\x7e"
"\xd5\xc7\x43\xfd\x27\xe7\xeb\x1d\x0c\xa5\x91\xf8\x56\x38\x93\x11"
"\x73\x07\x44\xf2\x04\xd2\xe5\x5b\x8b\xd4\x46\xce\xca\x03\x1f\x7b"
"\xac\xcf\xf1\xa7\x1b\x68\x34\x59\xcc\x54\xd5\x01\xda\xbf\x4a\x84"
"\xcd\xb8\x6d\xfa\xda\xff\x31\x0f\xbd\xba\xf7\x4d\xd5\x1b\xa1\xe1"
"\xe1\x19\x1a\xf1\x4c\x9b\xf8\x94\x43\xbf\x58\x8e\x9c\xe3\x30\x34"
"\xaf\x5e\x89\xbf\x6f\xfc\x47\xd7\xd9\xca\x4a\x5e\x8f\xf8\xa0\x50"
"\x20\xbb\x0f\x95\xbc\xde\x01\x56\xd8\x7f\xb8\x60\xbd\x40\x83\xfa"
"\x5b\x53\x1a\x08\xa4\xfb\x7e\xe0\x20\x1a\xe8\xb3\xcc\xff\xe9\x9f"
"\x27\x0b\xc3\x53\x4b\xaa\xcf\xc0\x01\xcd\xd8\x0a\xd8\x7c\xce\x71"
"\xf0\x91\xe7\x66\xca\x5c\xc2\x75\xcb\x49\x14\x5a\x5e\xe6\x16\x2e"
"\xcc\xf5\x58\xce\xc4\xd3\xee\x53\x1e\x91\xe9\xa5\x29\x69\x63\x4d"
"\x3a\xf8\xd2\x6f\x8d\x15\xdc\x0d\x6f\x6e\x0a\x97\x4b\xe4\x34\x1b"
"\x68\xa0\x19\x90\xdb\xb8\x64\x95\x89\x1a\xd3\xaf\xc1\xe4\xce\xdf"
"\x4c\x6a\xe1\xf1\xcd\x60\x81\xcd\xee\xd8\xe6\xb3\x26\x4e\xc3\xbe"
"\x24\x58\xd1\xc0\xca\x24\x43\x41\x0c\xf3\xb4\x7c\x0c\x25\x4c\x7d"
"\xc8\xec\xb4\x3e\x6c\x23\x64\xe1\xc0\x62\x19\xcc\x7e\xfb\xff\xbb"
"\x63\xd7\xff\xfc\x74\x58\x12\xfd\x24\x0c\x33\xd4\x96\xb9\x99\x2f"
"\x96\x80\xa6\x3c\x07\x96\x3c\x0c\x49\xf3\xc1\xba\xef\xec\xaf\x32"
"\xe2\xaa\x8a\x2f\x7c\xd3\x0d\x8f\x05\x1e\xe2\xf5\x0f\xbf\x05\xab"
"\x13\x96\xa4\xea\x87\x44\x7d\x7b\x98\x1b\x5e\x46\x14\x28\x18\x71"
"\xa6\xf0\xf6\xbf\x1f\xe0\x02\x2f\x7e\xa1\x32\xbe\x0a\xe9\x19\x26"
"\xab\x12\xaf\x6d\xc4\x50\x64\xaa\xd5\x6b\x84\xb9\x0c\x70\x08\x37"
"\x09\xcf\xf7\xe3\x1b\x54\x8f\xb7\xfb\x2c\xf7\x5a\xbf\x96\xe0\x1c"
"\xcd\x3e\x94\x2e\xed\x91\x48\x0d\x4c\x24\xc6\xb7\xf9\x79\xfb\xbe"
"\x5d\xa2\x39\xb3\x76\x16\x7d\x68\x57\x35\x24\xff\xcb\x50\x99\x54"
"\xcc\x80\xa0\xe1\xa7\x1c\x40\xc4\xda\x17\xb8\xd1\x57\x2b\x21\x58"
"\x7a\x8d\x66\xcc\x62\x1c\x7c\xd1\x0f\x49\xab\xd5\xef\x86\x31\x13"
"\xe6\x19\x21\x08\x6f\xac\x25\x31\x2b\x74\x1c\x11\xa8\xfb\xc1\xe3"
"\x3c\x34\xd9\xda\x14\xa8\x22\x47\x7f\xcc\x36\x66\x70\x25\xc4\xf1"
"\x30\xae\x10\x0e\x36\xf1\x5d\xa0\x03\x74\xce\x87\x41\x67\x9f\x61",
"\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
"\x42\x4f\x42\x42\x59\x34\x35\x36",
"\x4b\x99\x6a\x60\xc0\x4a\x35\xc5\xe6\xd4\x74\xb1\x0a\x25\x8d\x56"
"\x2e\xa6\xdc\x52\xf6\xc6\x9b\xf3\x9e\xf8\x8c\x89\xe3\xcc\x8a\x54"
"\xda\x2f\x3c\x0b\x56\x1b\x53\xfe\x76\x55\x13\x63\xd6\x9c\x3c\xef"
"\x74\xe3\x4f\xe8\x8e\xb3\xac\x51",
WC_HASH_TYPE_SHA224),
INIT_SP80056C_TEST_VECTOR(
"\x52\x27\x2f\x50\xf4\x6f\x4e\xdc\x91\x51\x56\x90\x92\xf4\x6d\xf2"
"\xd9\x6e\xcc\x3b\x6d\xc1\x71\x4a\x4e\xa9\x49\xfa\x9f\x18\xff\x54"
"\xf8\x87\x23\x07\x3f\x64\xa6\x95\x3d\x04\x91\x4f\x45\xa2\x3e\xee"
"\x7c\xfc\x46\x67\x08\x0a\xa0\xf9",
"\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
"\x42\x4f\x42\x42\x59\x34\x35\x36",
"\x77\x56\xbc\xfd\xef\x3e\xe6\x9f\x6a\xc2\x3c\xd2\xdc\x60\x7d\x01"
"\xfa\x8c\xe1\xb2\x4f\x5c\xaa\xaa\x48\xe0\x4b\x81\x63\xe1\x73\x3a"
"\xed\x7a\x04\x0e\x73\xf2\xb5\x42\x36\x8f\x00\x54\x8b\x16\x3c\x3d"
"\xc9\x6d\x70\x09\x99\x16\xf1\x6b",
WC_HASH_TYPE_SHA224),
#endif
#if !defined(NO_SHA256)
/* SHA-256 */
INIT_SP80056C_TEST_VECTOR(
"\xdd\x0f\x53\x96\x21\x9d\x1e\xa3\x93\x31\x04\x12\xd1\x9a\x08\xf1"
"\xf5\x81\x1e\x9d\xc8\xec\x8e\xea\x7f\x80\xd2\x1c\x82\x0c\x27\x88"
"\x22\x76\x84\xe7\x1f\x5c\x31\x3f\xad\xc9\x1e\x52\x98\x07\xe3\x14"
"\x7d\x53\x14\x5b\x15\xab\xd6\xed\x41\x6a\xd3\x5c\xd7\xe6\x83\x8f",
"\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
"\x42\x4f\x42\x42\x59\x34\x35\x36",
"\xc0\x8b\x3d\xe2\x4f\x1a\x38\x1e\x7a\x56\x75\xa2\xa6\x52\x3b\x08"
"\xf3\x54\x60\x5e\xee\x46\xb9\xf3\x9e\xad\xb1\xe9\x75\x34\x41\x6d"
"\x98\xb4\x3c\xae\x8a\xb0\x4a\xfd\x53\xde\xb3\x7f\x44\x02\x23\x52"
"\xc3\xfb\xde\x1e\x2f\x2c\xec\x53\x1c\xfc\x32\x4f\xdd\x0f\xcc\xa6",
WC_HASH_TYPE_SHA256),
INIT_SP80056C_TEST_VECTOR(
"\x44\xf4\x84\x09\xf3\x1b\xf3\x50\x94\x51\xdb\x4d\x30\x4b\xeb\xd8"
"\x3c\x2a\xd6\x50\x1c\x1b\x85\xe6\x32\xbc\x92\x58\x8e\x2d\x48\xb5"
"\xd2\xb8\x44\x44\x62\xad\x94\xe8\xa4\x44\x94\x1e\xd4\x97\x5c\x97"
"\x91\x17\xd7\x5a\x0a\x2b\xa8\x10\xdf\xa8\x80\x4a\x0f\xe9\x42\x6d"
"\xd7\xeb\x95\xf2\x9c\xa4\x30\xda\x37\xef\xa5\x2c\x42\xda\x1d\xe2"
"\x23\x76\x3b\xdd\xc9\x5e\x46\x6a\xa3\xb8\xd2\x06\xb8\x21\x8e\xdf"
"\x23\x97\x3d\x05\xf3\xc7\xc2\x2b\x22\x46\x53\xd4\xf9\x21\x85\x45"
"\x79\x83\x26\x2f\x27\xbc\x55\xa0\xa7\xae\xe5\x43\x54\x55\xd4\x3c"
"\x0e\x0c\x6d\x80\x67\xad\xaf\x90\x42\xb6\xb7\x77\x7e\x19\x8d\x67"
"\x60\x83\x0d\x96\xb2\x9a\x6a\xae\xf5\x74\xd7\x5e\x2d\x65\x43\x55"
"\x0f\x75\x55\xcf\x89\x82\xc8\x21\xc4\xec\x9b\x82\x66\x2b\x09\x36"
"\x69\xfd\x24\x6d\x4d\xcc\xbf\xf3\x1d\x98\x4e\xf6\x3c\x4f\x95\xd7"
"\x39\xc7\x7e\x66\xf6\x9b\x6d\xb0\xd9\xfc\x1a\x97\x3f\x52\x33\xd1"
"\x1f\xe7\x15\x4b\x8a\x6b\xe1\x50\x46\x7d\x92\xda\xf0\x91\x44\x34"
"\xf0\xcf\x17\x6e\x96\x1b\x31\x3f\xe3\xe2\x3b\xfe\x37\x8b\x87\xba"
"\xf2\x73\x93\x7f\xfa\xa6\x85\x65\x8b\x09\x78\x1d\x26\x97\x86\x4b"
"\x0d\x82\x48\x5c\xf7\xd6\x2f\xfc\xea\x34\x33\x88\xcf\xec\x15\x27"
"\x3a\x39\x4b\x84\x32\xee\xb6\x32\x1b\xe3\x1d\x4f\xcd\x16\x15\xc8"
"\x1c\x69\x37\xc0\x8d\x92\x41\x6e\xdb\xdd\x20\x10\xfa\x8b\x6e\x0a"
"\x8a\x60\x3d\xad\xe0\x10\xbc\x9c\xd7\x6b\x14\xe3\xe2\x19\x0e\x3b"
"\xa3\x00\xe7\x1a\xdd\xbf\x24\x4c\xf8\x06\x29\x49\x76\xea\xf0\x7d"
"\x02\x3b\xdb\x57\xfc\x5d\x19\x64\xc7\xd4\x20\x6e\x72\x06\x1b\xfe"
"\x1e\xe4\xee\xbc\x92\x00\xe1\x3a\x6c\xba\x32\x86\x9d\xbe\x80\x82"
"\xcd\xf3\x64\x5b\x5a\x72\x7d\xd2\x7c\xa5\x03\xf4\xed\xeb\x73\xe8"
"\x8a\x3a\x55\x2c\x7e\x00\xd4\xee\x72\x42\x13\x72\x36\xa0\x96\x5c"
"\x1e\xc3\xeb\xc0\xb4\x8c\x2b\x46\x7e\xb8\x42\x41\x5a\x28\x3f\x55"
"\xe2\x20\xff\xd1\x88\x19\x25\x6d\xa2\x47\x4d\x28\xfc\x3b\x04\xe0"
"\xc0\x7e\x4d\x25\xc1\x74\x93\x41\xd2\x22\x97\x01\x5c\xd8\x17\x8c"
"\x39\x18\xbe\x8c\x5c\xdf\x0f\xbf\xbb\x9a\x5a\xcc\xdd\x82\xaf\x07"
"\x83\xef\xe4\xdf\x64\xa8\xd8\x92\x82\x8f\x8d\xe5\x8c\x5d\x56\x9b"
"\x5b\x08\x45\x58\x96\xc4\xd3\xc3\x4f\xd3\xce\x93\xc4\x34\xc3\x8e"
"\xf5\x6c\xed\x30\x56\x1c\x37\x1a\xf9\xf2\xd8\x64\xfd\xc5\xb6\x2f",
"\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
"\x42\x4f\x42\x42\x59\x34\x35\x36",
"\x42\x35\xac\x89\xc9\xf3\x3e\x5d\xbb\x11\x60\x1a\x29\x83\xe3\x76"
"\xe2\x15\x39\x97\x87\xd8\x39\xa0\x38\x55\xfe\x04\x53\x3e\x1a\x67"
"\x66\x91\x5e\x67\xc2\x5e\xeb\x04\x08\x28\xe9\x6c\xd3\xd6\xef\x0a"
"\xb7\xd1\x7b\x43\x13\x43\xa7\xf3\xaa\xc6\x8f\x0c\x4a\x7e\x77\x9b",
WC_HASH_TYPE_SHA256),
/* slightly modified vector to test generation when derivedKeySz %
* hashOutSz != 0*/
INIT_SP80056C_TEST_VECTOR(
"\xdd\x0f\x53\x96\x21\x9d\x1e\xa3\x93\x31\x04\x12\xd1\x9a\x08\xf1"
"\xf5\x81\x1e\x9d\xc8\xec\x8e\xea\x7f\x80\xd2\x1c\x82\x0c\x27\x88"
"\x22\x76\x84\xe7\x1f\x5c\x31\x3f\xad\xc9\x1e\x52\x98\x07\xe3\x14"
"\x7d\x53\x14\x5b\x15\xab\xd6\xed\x41\x6a\xd3\x5c\xd7\xe6\x83\x8f",
"\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
"\x42\x4f\x42\x42\x59\x34\x35\x36",
"\xc0\x8b\x3d\xe2\x4f\x1a\x38\x1e\x7a\x56\x75\xa2\xa6\x52\x3b\x08"
"\xf3\x54\x60\x5e\xee\x46\xb9\xf3\x9e\xad\xb1\xe9\x75\x34\x41\x6d"
"\x98\xb4\x3c\xae\x8a\xb0\x4a\xfd\x53\xde\xb3\x7f\x44\x02\x23\x52"
"\xc3\xfb\xde\x1e\x2f\x2c\xec\x53\x1c\xfc\x32\x4f\xdd\x0f\xcc",
WC_HASH_TYPE_SHA256),
#endif
#if defined(WOLFSSL_SHA384)
/* SHA-384 */
INIT_SP80056C_TEST_VECTOR(
"\x5e\xa1\xfc\x4a\xf7\x25\x6d\x20\x55\x98\x1b\x11\x05\x75\xe0\xa8"
"\xca\xe5\x31\x60\x13\x7d\x90\x4c\x59\xd9\x26\xeb\x1b\x84\x56\xe4"
"\x27\xaa\x8a\x45\x40\x88\x4c\x37\xde\x15\x9a\x58\x02\x8a\xbc\x0e"
"\x88\x76\x9c\xb7\x2f\xc5\xac\x45\x7c\xd5\x8e\x89\x08\x9b\x19\x6a"
"\x70\xbf\x53\x3c\x6d\xc9\x1c\x9c\x7e\x17\x41\xdb\x5e\x7a\xb6\xb0"
"\x84\x9f\x01\xde\xa6\x5f\xed\xd0\x6c\x77\x18\x7c\xd8\x8e\xd0\x30",
"\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
"\x42\x4f\x42\x42\x59\x34\x35\x36",
"\x8e\x6e\x26\x5f\x20\x82\xf1\x4d\x34\xda\x23\xe1\x03\x2c\x90\x24"
"\x83\x4a\xf0\x15\x72\xb6\x64\x77\x82\x41\x1b\xdd\xcb\x84\xa5\xda"
"\xee\x11\x7b\xa6\xfb\xa6\xd0\xeb\x28\x08\xef\x8a\xb0\x70\x05\xee"
"\xab\xe5\x2d\x2e\xfd\x31\x12\x1c\x7b\xf9\xd5\xfa\xfc\x40\xe0\x0c"
"\x6d\x6d\xbf\x39\xef\x43\xfe\x97\x15\xc7\x20\x2c\xdc\x2d\xb7\xe8"
"\x2b\x88\xd7\x48\xeb\x84\x25\x8b\xf8\x4d\x85\x82\xf2\xbf\xd9\x40",
WC_HASH_TYPE_SHA384),
#endif
#if defined(WOLFSSL_SHA512)
/* SHA-512 */
INIT_SP80056C_TEST_VECTOR(
"\x00\xcd\xea\x89\x62\x1c\xfa\x46\xb1\x32\xf9\xe4\xcf\xe2\x26\x1c"
"\xde\x2d\x43\x68\xeb\x56\x56\x63\x4c\x7c\xc9\x8c\x7a\x00\xcd\xe5"
"\x4e\xd1\x86\x6a\x0d\xd3\xe6\x12\x6c\x9d\x2f\x84\x5d\xaf\xf8\x2c"
"\xeb\x1d\xa0\x8f\x5d\x87\x52\x1b\xb0\xeb\xec\xa7\x79\x11\x16\x9c"
"\x20\xcc\x01\x38\xa6\x72\xb6\x95\x8b\xd7\x84\xe5\xd7\xfa\x83\x73"
"\x8a\xc6\x8f\x9b\x34\x23\xb4\x83\xf9\xbf\x53\x9e\x71\x14\x1e\x45"
"\xdb\xfb\x7a\xfe\xd1\x8b\x11\xc0\x02\x8b\x13\xf1\xf8\x60\xef\x43"
"\xc4\x80\xf4\xda\xcd\xa2\x08\x10\x59\xd3\x97\x8c\x99\x9d\x5d\x1a"
"\xde\x34\x54\xe4",
"\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
"\x42\x4f\x42\x42\x59\x34\x35\x36",
"\x2d\x4a\x46\xa1\x70\x99\xba\xa8\x33\x0b\xc5\x9d\x4a\x1c\xf5\xae"
"\x3a\x30\x75\xb4\xc6\x2b\xb2\x6e\x7f\xc9\x89\x24\x72\x6d\x27\x4c"
"\x09\x64\x6f\x44\x08\xe6\x85\x8c\x43\xb4\x2d\xae\xd0\x15\xef\x26"
"\x17\x08\xd5\x5e\xf2\x4d\xaa\x7d\x3e\xa3\xd1\xc4\xa0\x8c\xfd\x24"
"\xdb\x60\x00\xa5\xb8\xa6\x7d\xe7\x46\xf3\xd3\xf4\xff\x34\x85\x15"
"\x8f\xd3\xb6\x91\x55\x79\x1d\xf4\x67\x47\xd4\xdb\xbe\x17\xc4\xb5"
"\x58\x46\x2e\x26\xbe\x5e\xd3\x5f\xe6\x80\xe2\x97\x14\x22\xc3\xb0"
"\x1b\x17\xe1\x67\xfc\x43\x7f\x84\x86\x9d\x85\x49\x53\x7b\x33\x38",
WC_HASH_TYPE_SHA512),
#endif
INIT_SP80056C_TEST_VECTOR(
"\x00\xcd\xea\x89\x62\x1c\xfa\x46\xb1\x32\xf9\xe4\xcf\xe2\x26\x1c"
"\xde\x2d\x43\x68\xeb\x56\x56\x63\x4c\x7c\xc9\x8c\x7a\x00\xcd\xe5"
"\x4e\xd1\x86\x6a\x0d\xd3\xe6\x12\x6c\x9d\x2f\x84\x5d\xaf\xf8\x2c"
"\xeb\x1d\xa0\x8f\x5d\x87\x52\x1b\xb0\xeb\xec\xa7\x79\x11\x16\x9c"
"\x20\xcc\x01\x38\xa6\x72\xb6\x95\x8b\xd7\x84\xe5\xd7\xfa\x83\x73"
"\x8a\xc6\x8f\x9b\x34\x23\xb4\x83\xf9\xbf\x53\x9e\x71\x14\x1e\x45"
"\xdb\xfb\x7a\xfe\xd1\x8b\x11\xc0\x02\x8b\x13\xf1\xf8\x60\xef\x43"
"\xc4\x80\xf4\xda\xcd\xa2\x08\x10\x59\xd3\x97\x8c\x99\x9d\x5d\x1a"
"\xde\x34\x54\xe4",
"\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33"
"\x42\x4f\x42\x42\x59\x34\x35\x36",
"\x2d\x4a",
WC_HASH_TYPE_SHA512),
};
for (i = 0; i < sizeof(vctors) / sizeof(vctors[0]); i++) {
v = &vctors[i];
ret = wc_KDA_KDF_onestep(v->z, v->zSz, v->fixedInfo, v->fixedInfoSz,
v->derivedKeySz, v->hashType, output,
/* use derivedKeySz to force the function to use a temporary buff
for the last block */
v->derivedKeySz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(output, v->derivedKey, v->derivedKeySz) != 0)
return WC_TEST_RET_ENC_NC;
}
/* negative tests */
ret = wc_KDA_KDF_onestep(NULL, 0, (byte*)"fixed_info",
sizeof("fixed_info"), 16, WC_HASH_TYPE_SHA256, output, 16);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_NC;
ret = wc_KDA_KDF_onestep((byte*)"secret", sizeof("secret"), NULL, 1, 16,
WC_HASH_TYPE_SHA256, output, 16);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_NC;
ret = wc_KDA_KDF_onestep((byte*)"secret", sizeof("secret"), NULL, 0, 16,
WC_HASH_TYPE_NONE, output, 16);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_NC;
/* allow empty FixedInfo */
ret = wc_KDA_KDF_onestep((byte*)"secret", sizeof("secret"), NULL, 0, 16,
WC_HASH_TYPE_SHA256, output, 16);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
return 0;
}
#endif /* WC_KDF_NIST_SP_800_56C && (!HAVE_FIPS || FIPS_VERSION3_GE(7,0,0)) */
#if defined(HAVE_CMAC_KDF) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0))
/* test vectors from:
* "SP 800-108 Key Derivation Using Pseudorandom Functions - Key-Based"
* - https://csrc.nist.rip/groups/STM/cavp/key-derivation.html
* - CounterMode/KDFCTR_gen.txt
* */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t nist_sp800108_cmac(void)
{
struct sp800_108_test_vector {
const byte Kin[32];
word32 KinSz;
const byte fixedInfo[60];
word32 fixedInfoSz;
const byte Kout[40];
word32 KoutSz;
};
struct sp800_108_test_vector * v = NULL;
struct sp800_108_test_vector vctors[] = {
#if !defined(NO_AES_128)
{
/* [PRF=CMAC_AES128]
* [CTRLOCATION=BEFORE_FIXED]
* [RLEN=32_BITS]
* COUNT=0
* L = 128
* */
{0xc1, 0x0b, 0x15, 0x2e, 0x8c, 0x97, 0xb7, 0x7e,
0x18, 0x70, 0x4e, 0x0f, 0x0b, 0xd3, 0x83, 0x05},
16,
{0x98, 0xcd, 0x4c, 0xbb, 0xbe, 0xbe, 0x15, 0xd1,
0x7d, 0xc8, 0x6e, 0x6d, 0xba, 0xd8, 0x00, 0xa2,
0xdc, 0xbd, 0x64, 0xf7, 0xc7, 0xad, 0x0e, 0x78,
0xe9, 0xcf, 0x94, 0xff, 0xdb, 0xa8, 0x9d, 0x03,
0xe9, 0x7e, 0xad, 0xf6, 0xc4, 0xf7, 0xb8, 0x06,
0xca, 0xf5, 0x2a, 0xa3, 0x8f, 0x09, 0xd0, 0xeb,
0x71, 0xd7, 0x1f, 0x49, 0x7b, 0xcc, 0x69, 0x06,
0xb4, 0x8d, 0x36, 0xc4},
60,
{0x26, 0xfa, 0xf6, 0x19, 0x08, 0xad, 0x9e, 0xe8,
0x81, 0xb8, 0x30, 0x5c, 0x22, 0x1d, 0xb5, 0x3f},
16
},
{
/* [PRF=CMAC_AES128]
* [CTRLOCATION=BEFORE_FIXED]
* [RLEN=32_BITS]
* COUNT=10
* L = 256
* */
{0x69, 0x5f, 0x1b, 0x1a, 0x16, 0xc9, 0x49, 0xce,
0xa5, 0x1c, 0xdf, 0x25, 0x54, 0xec, 0x9d, 0x42},
16,
{0x4f, 0xce, 0x59, 0x42, 0x83, 0x2a, 0x39, 0x0a,
0xa1, 0xcb, 0xe8, 0xa0, 0xbf, 0x9d, 0x20, 0x2c,
0xb7, 0x99, 0xe9, 0x86, 0xc9, 0xd6, 0xb5, 0x1f,
0x45, 0xe4, 0xd5, 0x97, 0xa6, 0xb5, 0x7f, 0x06,
0xa4, 0xeb, 0xfe, 0xc6, 0x46, 0x73, 0x35, 0xd1,
0x16, 0xb7, 0xf5, 0xf9, 0xc5, 0xb9, 0x54, 0x06,
0x2f, 0x66, 0x18, 0x20, 0xf5, 0xdb, 0x2a, 0x5b,
0xbb, 0x3e, 0x06, 0x25},
60,
{0xd3, 0x4b, 0x60, 0x1e, 0xc1, 0x8c, 0x34, 0xdf,
0xa0, 0xf9, 0xe0, 0xb7, 0x52, 0x3e, 0x21, 0x8b,
0xdd, 0xdb, 0x9b, 0xef, 0xe8, 0xd0, 0x8b, 0x6c,
0x02, 0x02, 0xd7, 0x5a, 0xce, 0x0d, 0xba, 0x89},
32
},
#endif /* !NO_AES_128 */
#if !defined(NO_AES_192)
{
/* [PRF=CMAC_AES192]
* [CTRLOCATION=BEFORE_FIXED]
* [RLEN=32_BITS]
* COUNT=39
* L = 320
* */
{0x4c, 0x51, 0xbe, 0xa8, 0x97, 0x5b, 0xe9, 0xe5,
0xa0, 0xe4, 0x29, 0xa7, 0xfa, 0xc4, 0x0b, 0x66,
0x3f, 0x32, 0x99, 0x15, 0x7d, 0x1f, 0x5d, 0x67},
24,
{0xf8, 0x6e, 0x42, 0xc6, 0x6d, 0x49, 0xa8, 0xbe,
0xda, 0x81, 0x8e, 0x54, 0xd7, 0xc5, 0xa8, 0x1d,
0x00, 0xd0, 0x2f, 0xc8, 0x9d, 0x2a, 0x54, 0xe8,
0x0f, 0x19, 0xa8, 0x03, 0x4a, 0xd5, 0xe7, 0x0b,
0xb7, 0x3d, 0x03, 0x27, 0x54, 0x5a, 0xa5, 0xd5,
0x38, 0x7d, 0xff, 0x0a, 0x60, 0x3e, 0x16, 0x09,
0x33, 0xf8, 0x94, 0x82, 0x97, 0x71, 0x4d, 0x11,
0x23, 0x58, 0x55, 0x8f},
60,
{0x03, 0xae, 0x7b, 0xa3, 0xd2, 0x05, 0x0b, 0x18,
0x65, 0xfc, 0x4a, 0x77, 0x91, 0x8a, 0xd4, 0x90,
0x3a, 0xd5, 0xba, 0xf2, 0x6c, 0x02, 0x29, 0xa4,
0xda, 0xe4, 0xcc, 0x3b, 0xa6, 0x22, 0x32, 0x54,
0x7d, 0xcf, 0xbe, 0x65, 0xc1, 0xa2, 0x1e, 0x89},
40
},
#endif /* !NO_AES_192 */
#if !defined(NO_AES_256)
{
/* [PRF=CMAC_AES256]
* [CTRLOCATION=BEFORE_FIXED]
* [RLEN=32_BITS]
* COUNT=39
* L = 320
* */
{0x3a, 0x65, 0x76, 0xa1, 0x54, 0x1e, 0x07, 0xea,
0xbd, 0x47, 0xc3, 0x53, 0x4a, 0x43, 0x46, 0xab,
0x39, 0xf1, 0x5e, 0xb0, 0x1d, 0x83, 0xec, 0xf2,
0x31, 0x90, 0x81, 0xf6, 0xe7, 0xad, 0xa7, 0xe9},
32,
{0xa2, 0x59, 0xca, 0xe2, 0xc4, 0xa3, 0x6b, 0x89,
0x56, 0x3c, 0xb1, 0x48, 0xc7, 0x82, 0x51, 0x34,
0x3b, 0xbf, 0xab, 0xdc, 0x13, 0xca, 0x7a, 0xc2,
0x17, 0x1c, 0x2e, 0xb6, 0x02, 0x1f, 0x44, 0x77,
0xfe, 0xa3, 0x3b, 0x28, 0x72, 0x4d, 0xa7, 0x21,
0xee, 0x08, 0x7b, 0xff, 0xd7, 0x94, 0xa1, 0x56,
0x37, 0x54, 0xb4, 0x25, 0xa8, 0xd0, 0x9b, 0x3e,
0x0d, 0xa5, 0xff, 0xed},
60,
{0x99, 0xb7, 0x87, 0xef, 0x90, 0xa1, 0x33, 0xe5,
0x73, 0x6f, 0xdc, 0xf1, 0x75, 0xc3, 0xa3, 0x80,
0x50, 0x1f, 0x45, 0xde, 0xc8, 0xf0, 0x93, 0xec,
0xdd, 0x40, 0x00, 0x65, 0x2f, 0x4f, 0xf1, 0xc6,
0x57, 0x52, 0x48, 0xa3, 0x63, 0xd4, 0x5d, 0x18},
40
},
#endif /* !NO_AES_256 */
};
size_t i = 0;
int ret = 0;
size_t num_vctors = sizeof(vctors) / sizeof(vctors[0]);
/* nist vectors tests */
for (i = 0; i < num_vctors; ++i) {
byte test_Kout[40];
int n_diff = 0;
v = &vctors[i];
XMEMSET(test_Kout, 0, sizeof(test_Kout));
ret = wc_KDA_KDF_PRF_cmac(v->Kin, v->KinSz, v->fixedInfo, v->fixedInfoSz,
test_Kout, v->KoutSz, WC_CMAC_AES,
HEAP_HINT, devId);
if (ret) {
return WC_TEST_RET_ENC_EC(ret);
}
n_diff = XMEMCMP(v->Kout, test_Kout, v->KoutSz);
if (n_diff) {
WOLFSSL_MSG_EX("error: nist_sp800108_cmac: %d", n_diff);
return WC_TEST_RET_ENC_NC;
}
}
/* misc tests */
{
byte dummy_var[WC_AES_BLOCK_SIZE];
XMEMSET(dummy_var, 0, sizeof(dummy_var));
/* test invalid options */
ret = wc_KDA_KDF_PRF_cmac(NULL, 0, NULL, 0, NULL, 0,
(enum CmacType)0, HEAP_HINT, devId);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
return WC_TEST_RET_ENC_NC;
}
ret = wc_KDA_KDF_PRF_cmac(dummy_var, 0, dummy_var, 0, dummy_var, 0,
(enum CmacType)0, HEAP_HINT, devId);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
return WC_TEST_RET_ENC_NC;
}
ret = wc_KDA_KDF_PRF_cmac(dummy_var, 15, dummy_var, 1, dummy_var, 15,
WC_CMAC_AES, HEAP_HINT, devId);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
return WC_TEST_RET_ENC_NC;
}
ret = wc_KDA_KDF_PRF_cmac(dummy_var, 16, NULL, 1, dummy_var, 1,
WC_CMAC_AES, HEAP_HINT, devId);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
return WC_TEST_RET_ENC_NC;
}
/* test valid options */
ret = wc_KDA_KDF_PRF_cmac(dummy_var, 16, dummy_var, 1, dummy_var, 1,
WC_CMAC_AES, HEAP_HINT, devId);
if (ret) {
return WC_TEST_RET_ENC_NC;
}
ret = wc_KDA_KDF_PRF_cmac(dummy_var, 16, NULL, 0, dummy_var, 1,
WC_CMAC_AES, HEAP_HINT, devId);
if (ret) {
return WC_TEST_RET_ENC_NC;
}
}
return 0;
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t nist_sp80056c_twostep_cmac(void)
{
int ret = 0;
#if !defined(NO_AES_192)
{
/* From CMACGenAES192.rsp
* https://csrc.nist.rip/groups/STM/cavp/block-cipher-modes.html
* Count = 40
* Klen = 24
* Mlen = 32
* Tlen = 16
* produces this intermediate
* K_kdk = {74f74608c04f0f4e47fa640433b6e6fb},
* and this Kout. */
const byte salt[AES_192_KEY_SIZE] =
{0x20, 0x51, 0xaf, 0x34, 0x76, 0x2e, 0xbe, 0x55,
0x6f, 0x72, 0xa5, 0xc6, 0xed, 0xc7, 0x77, 0x1e,
0xb9, 0x24, 0x5f, 0xad, 0x76, 0xf0, 0x34, 0xbe};
const byte z[2 * WC_AES_BLOCK_SIZE] =
{0xae, 0x8e, 0x93, 0xc9, 0xc9, 0x91, 0xcf, 0x89,
0x6a, 0x49, 0x1a, 0x89, 0x07, 0xdf, 0x4e, 0x4b,
0xe5, 0x18, 0x6a, 0xe4, 0x96, 0xcd, 0x34, 0x0d,
0xc1, 0x9b, 0x23, 0x78, 0x21, 0xdb, 0x7b, 0x60};
const byte fixedInfo[60] =
{0xa2, 0x59, 0xca, 0xe2, 0xc4, 0xa3, 0x6b, 0x89,
0x56, 0x3c, 0xb1, 0x48, 0xc7, 0x82, 0x51, 0x34,
0x3b, 0xbf, 0xab, 0xdc, 0x13, 0xca, 0x7a, 0xc2,
0x17, 0x1c, 0x2e, 0xb6, 0x02, 0x1f, 0x44, 0x77,
0xfe, 0xa3, 0x3b, 0x28, 0x72, 0x4d, 0xa7, 0x21,
0xee, 0x08, 0x7b, 0xff, 0xd7, 0x94, 0xa1, 0x56,
0x37, 0x54, 0xb4, 0x25, 0xa8, 0xd0, 0x9b, 0x3e,
0x0d, 0xa5, 0xff, 0xed};
const byte Kout[40] =
{0xb4, 0x0c, 0x32, 0xbe, 0x01, 0x27, 0x93, 0xba,
0xfd, 0xf7, 0x78, 0xc5, 0xf4, 0x54, 0x43, 0xf4,
0xc9, 0x71, 0x23, 0x93, 0x17, 0x63, 0xd8, 0x3a,
0x59, 0x27, 0x07, 0xbf, 0xf2, 0xd3, 0x60, 0x59,
0x50, 0x27, 0x29, 0xca, 0xb8, 0x8b, 0x29, 0x38};
byte test_Kout[40];
int n_diff = 0;
XMEMSET(test_Kout, 0, sizeof(Kout));
ret = wc_KDA_KDF_twostep_cmac(salt, sizeof(salt), z, sizeof(z),
fixedInfo, sizeof(fixedInfo),
test_Kout, sizeof(Kout),
HEAP_HINT, devId);
if (ret) {
return WC_TEST_RET_ENC_NC;
}
n_diff = XMEMCMP(Kout, test_Kout, sizeof(Kout));
if (n_diff) {
WOLFSSL_MSG_EX("error: nist_sp80056c_cmac: %d", n_diff);
return WC_TEST_RET_ENC_NC;
}
}
#endif /* !NO_AES_192 */
{
byte dummy_var[WC_AES_BLOCK_SIZE];
XMEMSET(dummy_var, 0, sizeof(dummy_var));
/* test invalid options */
ret = wc_KDA_KDF_twostep_cmac(NULL, 0, NULL, 0, NULL, 0, NULL, 0,
HEAP_HINT, devId);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
return WC_TEST_RET_ENC_NC;
}
ret = wc_KDA_KDF_twostep_cmac(dummy_var, 0, dummy_var, 0,
dummy_var, 0, dummy_var, 0,
HEAP_HINT, devId);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
return WC_TEST_RET_ENC_NC;
}
ret = wc_KDA_KDF_twostep_cmac(dummy_var, 15, dummy_var, 1,
dummy_var, 1, dummy_var, 1,
HEAP_HINT, devId);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
return WC_TEST_RET_ENC_NC;
}
ret = wc_KDA_KDF_twostep_cmac(dummy_var, 15, dummy_var, 1,
NULL, 1, dummy_var, 1,
HEAP_HINT, devId);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
return WC_TEST_RET_ENC_NC;
}
/* test valid options */
ret = wc_KDA_KDF_twostep_cmac(dummy_var, 16, dummy_var, 1,
dummy_var, 1, dummy_var, 1,
HEAP_HINT, devId);
if (ret) {
return WC_TEST_RET_ENC_NC;
}
ret = wc_KDA_KDF_twostep_cmac(dummy_var, 16, dummy_var, 1,
NULL, 0, dummy_var, 1,
HEAP_HINT, devId);
if (ret) {
return WC_TEST_RET_ENC_NC;
}
}
return 0;
}
#endif /* HAVE_CMAC_KDF && (!HAVE_FIPS || FIPS_VERSION3_GE(7,0,0)) */
/* optional macro to add sleep between tests */
#ifndef TEST_SLEEP
#define TEST_SLEEP() WC_DO_NOTHING
#else
#define TEST_PASS test_pass
#include <stdarg.h> /* for var args */
static WC_INLINE void test_pass(const char* fmt, ...)
{
va_list args;
va_start(args, fmt);
STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK(max_relative_stack, vprintf(fmt, args));
va_end(args);
PRINT_HEAP_CHECKPOINT("",0);
TEST_SLEEP();
ASSERT_RESTORED_VECTOR_REGISTERS(exit(1););
}
#endif
#ifdef TEST_ALWAYS_RUN_TO_END
#define TEST_PASS_stack_size_fail_clause last_failed_test_ret = \
WC_TEST_RET_ENC_EC(MEMORY_E)
#else
#define TEST_PASS_stack_size_fail_clause \
return err_sys("post-test check failed", WC_TEST_RET_ENC_NC)
#endif
/* set test pass output to printf if not overridden */
#ifndef TEST_PASS
/* redirect to printf */
#define TEST_PASS(...) { \
if (STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK \
(max_relative_stack, printf(__VA_ARGS__)) < 0) { \
TEST_PASS_stack_size_fail_clause; \
} \
PRINT_HEAP_CHECKPOINT("TEST_PASS", 0) \
ASSERT_RESTORED_VECTOR_REGISTERS(exit(1);); \
}
#endif
#ifdef TEST_ALWAYS_RUN_TO_END
#define TEST_FAIL(msg, retval) do { last_failed_test_ret = (retval); wc_test_render_error_message(msg, retval); } while (0)
#elif !defined(TEST_FAIL)
#define TEST_FAIL(msg, retval) return err_sys(msg, retval)
#endif
#ifdef HAVE_STACK_SIZE
THREAD_RETURN WOLFSSL_THREAD wolfcrypt_test(void* args)
#else
wc_test_ret_t wolfcrypt_test(void* args)
#endif
{
wc_test_ret_t ret;
#if defined(WOLFSSL_TRACK_MEMORY_VERBOSE) && !defined(WOLFSSL_STATIC_MEMORY)
long heap_baselineAllocs, heap_baselineBytes;
#endif
#ifdef TEST_ALWAYS_RUN_TO_END
int last_failed_test_ret = 0;
#endif
STACK_SIZE_INIT();
#if defined(WOLFSSL_TRACK_MEMORY_VERBOSE) && !defined(WOLFSSL_STATIC_MEMORY)
(void)wolfCrypt_heap_peakAllocs_checkpoint();
heap_baselineAllocs = wolfCrypt_heap_peakAllocs_checkpoint();
(void)wolfCrypt_heap_peakBytes_checkpoint();
heap_baselineBytes = wolfCrypt_heap_peakBytes_checkpoint();
#endif
#ifdef WC_RNG_SEED_CB
wc_SetSeed_Cb(WC_GENERATE_SEED_DEFAULT);
#endif
printf("------------------------------------------------------------------------------\n");
printf(" wolfSSL version %s\n", LIBWOLFSSL_VERSION_STRING);
#ifdef WOLF_CRYPTO_CB
if (devId != INVALID_DEVID)
printf(" CryptoCB with DevID:%X\n", devId);
#endif
printf("------------------------------------------------------------------------------\n");
if (args) {
#ifdef HAVE_WOLFCRYPT_TEST_OPTIONS
int ch;
#endif
((func_args*)args)->return_code = -1; /* error state */
#ifdef HAVE_WOLFCRYPT_TEST_OPTIONS
while ((ch = mygetopt(((func_args*)args)->argc, ((func_args*)args)->argv, "s:m:a:h")) != -1) {
switch(ch) {
case 's':
#ifdef HAVE_STACK_SIZE_VERBOSE
max_relative_stack = (ssize_t)atoi(myoptarg);
break;
#else
return err_sys("-s (max relative stack bytes) requires HAVE_STACK_SIZE_VERBOSE (--enable-stacksize=verbose).", WC_TEST_RET_ENC_NC);
#endif
case 'm':
#ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
max_relative_heap_bytes = (ssize_t)atoi(myoptarg);
break;
#else
return err_sys("-m (max relative heap memory bytes) requires WOLFSSL_TRACK_MEMORY_VERBOSE (--enable-trackmemory=verbose).", WC_TEST_RET_ENC_NC);
#endif
case 'a':
#ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
max_relative_heap_allocs = (ssize_t)atoi(myoptarg);
break;
#else
return err_sys("-a (max relative heap allocs) requires WOLFSSL_TRACK_MEMORY_VERBOSE (--enable-trackmemory=verbose).", WC_TEST_RET_ENC_NC);
#endif
case 'h':
return err_sys("\
options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
[-a max_relative_heap_allocs] [-h]\n", 0);
default:
return err_sys("unknown test option. try -h.", WC_TEST_RET_ENC_NC);
}
}
#endif
}
#ifdef WOLFSSL_STATIC_MEMORY
if (wc_LoadStaticMemory(&HEAP_HINT, gTestMemory, sizeof(gTestMemory),
WOLFMEM_GENERAL, 1) != 0) {
printf("unable to load static memory.\n");
return(EXIT_FAILURE);
}
#ifndef OPENSSL_EXTRA
wolfSSL_SetGlobalHeapHint(HEAP_HINT);
#endif
#endif
#if defined(DEBUG_WOLFSSL) && !defined(HAVE_VALGRIND)
wolfSSL_Debugging_ON();
#endif
#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
wc_SetLoggingHeap(HEAP_HINT);
#endif
#if defined(HAVE_FIPS) && !defined(WOLFSSL_KERNEL_MODE)
wolfCrypt_SetCb_fips(myFipsCb);
#if FIPS_VERSION3_GE(6,0,0)
printf("FIPS module version in use: %s\n",
wolfCrypt_GetVersion_fips());
#endif
#endif
#if !defined(NO_BIG_INT)
if (CheckCtcSettings() != 1) {
printf("Sizeof mismatch (build) %x != (run) %lx\n",
CTC_SETTINGS, (unsigned long)CheckRunTimeSettings());
return err_sys("Build vs runtime math mismatch\n", WC_TEST_RET_ENC_NC);
}
#if defined(USE_FAST_MATH) && \
(!defined(NO_RSA) || !defined(NO_DH) || defined(HAVE_ECC))
if (CheckFastMathSettings() != 1)
return err_sys("Build vs runtime fastmath FP_MAX_BITS mismatch\n",
WC_TEST_RET_ENC_NC);
#endif /* USE_FAST_MATH */
#endif /* !NO_BIG_INT */
#if defined(WOLFSSL_CERT_GEN) && (!defined(NO_RSA) || defined(HAVE_ECC)) || \
(defined(WOLFSSL_TEST_CERT) && (defined(HAVE_ED25519) || defined(HAVE_ED448)))
initDefaultName();
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wolfAsync_DevOpen(&devId);
if (ret < 0) {
printf("Async device open failed\nRunning without async\n");
}
#else
(void)devId;
#endif /* WOLFSSL_ASYNC_CRYPT */
#ifdef WOLF_CRYPTO_CB
#ifdef HAVE_INTEL_QA_SYNC
devId = wc_CryptoCb_InitIntelQa();
if (INVALID_DEVID == devId) {
printf("Couldn't init the Intel QA\n");
}
#endif
#ifdef HAVE_CAVIUM_OCTEON_SYNC
devId = wc_CryptoCb_InitOcteon();
if (INVALID_DEVID == devId) {
printf("Couldn't init the Cavium Octeon\n");
}
#endif
#ifdef HAVE_RENESAS_SYNC
devId = wc_CryptoCb_CryptInitRenesasCmn(NULL, &guser_PKCbInfo);
if (devId == INVALID_DEVID) {
printf("Couldn't get the Renesas device ID\n");
}
#endif
#endif
#if defined(WOLF_CRYPTO_CB) && !defined(HAVE_HASHDRBG) && \
!defined(WC_NO_RNG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
if (devId == INVALID_DEVID) {
/* for testing RNG with crypto callback register function */
devId = 100; /* any value beside -2 (INVALID_DEVID) */
wc_CryptoCb_RegisterDevice(devId, rng_crypto_cb, NULL);
}
#endif
#ifdef HAVE_SELFTEST
if ( (ret = wolfCrypt_SelfTest()) != 0)
TEST_FAIL("CAVP selftest failed!\n", ret);
else
TEST_PASS("CAVP selftest passed!\n");
#endif
#if defined(HAVE_FIPS) && FIPS_VERSION3_GT(5,2,0)
ret = wc_RunAllCast_fips();
if (ret != 0)
TEST_FAIL("wc_RunAllCast_fips failed.\n", ret);
else
TEST_PASS("wc_RunAllCast_fips passed.\n");
#endif
if ( (ret = macro_test()) != 0)
TEST_FAIL("macro test failed!\n", ret);
else
TEST_PASS("macro test passed!\n");
if ( (ret = error_test()) != 0)
TEST_FAIL("error test failed!\n", ret);
else
TEST_PASS("error test passed!\n");
if ( (ret = memory_test()) != 0)
TEST_FAIL("MEMORY test failed!\n", ret);
else
TEST_PASS("MEMORY test passed!\n");
#ifndef NO_CODING
if ( (ret = base64_test()) != 0)
TEST_FAIL("base64 test failed!\n", ret);
else
TEST_PASS("base64 test passed!\n");
#ifdef WOLFSSL_BASE16
if ( (ret = base16_test()) != 0)
TEST_FAIL("base16 test failed!\n", ret);
else
TEST_PASS("base16 test passed!\n");
#endif
#endif /* !NO_CODING */
#ifndef NO_ASN
if ( (ret = asn_test()) != 0)
TEST_FAIL("asn test failed!\n", ret);
else
TEST_PASS("asn test passed!\n");
#endif
#ifndef NO_MD5
if ( (ret = md5_test()) != 0)
TEST_FAIL("MD5 test failed!\n", ret);
else
TEST_PASS("MD5 test passed!\n");
#endif
#ifdef WOLFSSL_MD2
if ( (ret = md2_test()) != 0)
TEST_FAIL("MD2 test failed!\n", ret);
else
TEST_PASS("MD2 test passed!\n");
#endif
#ifndef NO_MD4
if ( (ret = md4_test()) != 0)
TEST_FAIL("MD4 test failed!\n", ret);
else
TEST_PASS("MD4 test passed!\n");
#endif
#ifndef NO_SHA
if ( (ret = sha_test()) != 0)
TEST_FAIL("SHA test failed!\n", ret);
else
TEST_PASS("SHA test passed!\n");
#endif
#ifdef WOLFSSL_SHA224
if ( (ret = sha224_test()) != 0)
TEST_FAIL("SHA-224 test failed!\n", ret);
else
TEST_PASS("SHA-224 test passed!\n");
#endif
#ifndef NO_SHA256
if ( (ret = sha256_test()) != 0)
TEST_FAIL("SHA-256 test failed!\n", ret);
else
TEST_PASS("SHA-256 test passed!\n");
#endif
#ifdef WOLFSSL_SHA384
if ( (ret = sha384_test()) != 0)
TEST_FAIL("SHA-384 test failed!\n", ret);
else
TEST_PASS("SHA-384 test passed!\n");
#endif
#ifdef WOLFSSL_SHA512
if ((ret = sha512_test()) != 0) {
TEST_FAIL("SHA-512 test failed!\n", ret);
}
else {
TEST_PASS("SHA-512 test passed!\n");
}
#if !defined(WOLFSSL_NOSHA512_224) && \
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
if ((ret = sha512_224_test()) != 0) {
TEST_FAIL("SHA-512/224 test failed!\n", ret);
}
else
TEST_PASS("SHA-512/224 test passed!\n");
#endif /* !defined(WOLFSSL_NOSHA512_224) && !FIPS ... */
#if !defined(WOLFSSL_NOSHA512_256) && \
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
if ((ret = sha512_256_test()) != 0) {
TEST_FAIL("SHA-512/256 test failed!\n", ret);
}
else
TEST_PASS("SHA-512/256 test passed!\n");
#endif /* !defined(WOLFSSL_NOSHA512_256) & !FIPS ... */
#endif /* WOLFSSL_SHA512 */
#ifdef WOLFSSL_SHA3
if ( (ret = sha3_test()) != 0)
TEST_FAIL("SHA-3 test failed!\n", ret);
else
TEST_PASS("SHA-3 test passed!\n");
#endif
#ifndef WC_NO_RNG
if ((ret = random_test()) != 0)
TEST_FAIL("RANDOM test failed!\n", ret);
else
TEST_PASS("RANDOM test passed!\n");
#ifdef WC_RNG_BANK_SUPPORT
if ((ret = random_bank_test()) != 0)
TEST_FAIL("RNGBANK test failed!\n", ret);
else
TEST_PASS("RNGBANK test passed!\n");
#endif
#endif /* WC_NO_RNG */
#ifdef WOLFSSL_SHAKE128
if ( (ret = shake128_test()) != 0)
TEST_FAIL("SHAKE128 test failed!\n", ret);
else
TEST_PASS("SHAKE128 test passed!\n");
#endif
#ifdef WOLFSSL_SHAKE256
if ( (ret = shake256_test()) != 0)
TEST_FAIL("SHAKE256 test failed!\n", ret);
else
TEST_PASS("SHAKE256 test passed!\n");
#endif
#ifdef WOLFSSL_SM3
if ( (ret = sm3_test()) != 0)
return err_sys("SM-3 test failed!\n", ret);
else
TEST_PASS("SM-3 test passed!\n");
#endif
#ifndef NO_HASH_WRAPPER
if ( (ret = hash_test()) != 0)
TEST_FAIL("Hash test failed!\n", ret);
else
TEST_PASS("Hash test passed!\n");
#endif
#ifdef WOLFSSL_RIPEMD
if ( (ret = ripemd_test()) != 0)
TEST_FAIL("RIPEMD test failed!\n", ret);
else
TEST_PASS("RIPEMD test passed!\n");
#endif
#ifdef HAVE_BLAKE2B
if ( (ret = blake2b_test()) != 0)
TEST_FAIL("BLAKE2b test failed!\n", ret);
else
TEST_PASS("BLAKE2b test passed!\n");
if ( (ret = blake2b_hmac_test()) != 0)
TEST_FAIL("HMAC-BLAKE2b test failed!\n", ret);
else
TEST_PASS("HMAC-BLAKE2b test passed!\n");
#endif
#ifdef HAVE_BLAKE2S
if ( (ret = blake2s_test()) != 0)
TEST_FAIL("BLAKE2s test failed!\n", ret);
else
TEST_PASS("BLAKE2s test passed!\n");
if ( (ret = blake2s_hmac_test()) != 0)
TEST_FAIL("HMAC-BLAKE2s test failed!\n", ret);
else
TEST_PASS("HMAC-BLAKE2s test passed!\n");
#endif
#ifndef NO_HMAC
#if !defined(NO_MD5) && !(defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) \
&& (HAVE_FIPS_VERSION >= 5))
if ( (ret = hmac_md5_test()) != 0)
TEST_FAIL("HMAC-MD5 test failed!\n", ret);
else
TEST_PASS("HMAC-MD5 test passed!\n");
#endif
#ifndef NO_SHA
if ( (ret = hmac_sha_test()) != 0)
TEST_FAIL("HMAC-SHA test failed!\n", ret);
else
TEST_PASS("HMAC-SHA test passed!\n");
#endif
#ifdef WOLFSSL_SHA224
if ( (ret = hmac_sha224_test()) != 0)
TEST_FAIL("HMAC-SHA224 test failed!\n", ret);
else
TEST_PASS("HMAC-SHA224 test passed!\n");
#endif
#ifndef NO_SHA256
if ( (ret = hmac_sha256_test()) != 0)
TEST_FAIL("HMAC-SHA256 test failed!\n", ret);
else
TEST_PASS("HMAC-SHA256 test passed!\n");
#endif
#ifdef WOLFSSL_SHA384
if ( (ret = hmac_sha384_test()) != 0)
TEST_FAIL("HMAC-SHA384 test failed!\n", ret);
else
TEST_PASS("HMAC-SHA384 test passed!\n");
#endif
#ifdef WOLFSSL_SHA512
if ( (ret = hmac_sha512_test()) != 0)
TEST_FAIL("HMAC-SHA512 test failed!\n", ret);
else
TEST_PASS("HMAC-SHA512 test passed!\n");
#endif
#if !defined(NO_HMAC) && defined(WOLFSSL_SHA3) && \
!defined(WOLFSSL_NOSHA3_224) && !defined(WOLFSSL_NOSHA3_256) && \
!defined(WOLFSSL_NOSHA3_384) && !defined(WOLFSSL_NOSHA3_512)
if ( (ret = hmac_sha3_test()) != 0)
TEST_FAIL("HMAC-SHA3 test failed!\n", ret);
else
TEST_PASS("HMAC-SHA3 test passed!\n");
#endif
#if defined(HAVE_HKDF) && !defined(NO_HMAC)
PRIVATE_KEY_UNLOCK();
if ( (ret = hkdf_test()) != 0)
TEST_FAIL("HMAC-KDF test failed!\n", ret);
else
TEST_PASS("HMAC-KDF test passed!\n");
PRIVATE_KEY_LOCK();
#endif
#endif /* !NO_HMAC */
#ifdef WOLFSSL_WOLFSSH
PRIVATE_KEY_UNLOCK();
if ( (ret = sshkdf_test()) != 0)
TEST_FAIL("SSH-KDF test failed!\n", ret);
else
TEST_PASS("SSH-KDF test passed!\n");
PRIVATE_KEY_LOCK();
#endif /* WOLFSSL_WOLFSSH */
#if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && \
defined(WOLFSSL_SHA384) && !defined(WOLFSSL_NO_TLS12)
PRIVATE_KEY_UNLOCK();
if ( (ret = prf_test()) != 0)
TEST_FAIL("PRF test failed!\n", ret);
else
TEST_PASS("PRF test passed!\n");
PRIVATE_KEY_LOCK();
#endif /* WOLFSSL_HAVE_PRF && !NO_HMAC && WOLFSSL_SHA384 && !WOLFSSL_NO_TLS12 */
#if defined(WOLFSSL_HAVE_PRF) && defined(HAVE_HKDF) && !defined(NO_HMAC) && \
defined(WOLFSSL_BASE16) && !defined(WOLFSSL_NO_TLS12)
PRIVATE_KEY_UNLOCK();
if ( (ret = tls12_kdf_test()) != 0)
TEST_FAIL("TLSv1.2 KDF test failed!\n", ret);
else
TEST_PASS("TLSv1.2 KDF test passed!\n");
PRIVATE_KEY_LOCK();
#endif /* WOLFSSL_HAVE_PRF && HAVE_HKDF && !NO_HMAC && */
/* WOLFSSL_BASE16 && !WOLFSSL_NO_TLS12 */
#if defined(WOLFSSL_TLS13) && !defined(NO_HMAC)
PRIVATE_KEY_UNLOCK();
if ( (ret = tls13_kdf_test()) != 0)
TEST_FAIL("TLSv1.3 KDF test failed!\n", ret);
else
TEST_PASS("TLSv1.3 KDF test passed!\n");
PRIVATE_KEY_LOCK();
#endif /* WOLFSSL_TLS13 && !NO_HMAC */
#if defined(HAVE_X963_KDF) && defined(HAVE_ECC)
if ( (ret = x963kdf_test()) != 0)
TEST_FAIL("X963-KDF test failed!\n", ret);
else
TEST_PASS("X963-KDF test passed!\n");
#endif
#if defined(HAVE_HPKE) && \
(defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
defined(HAVE_CURVE448)) && \
defined(HAVE_AESGCM)
PRIVATE_KEY_UNLOCK();
if ( (ret = hpke_test()) != 0)
TEST_FAIL("HPKE test failed!\n", ret);
else
TEST_PASS("HPKE test passed!\n");
PRIVATE_KEY_LOCK();
#endif
#if defined(WC_SRTP_KDF)
PRIVATE_KEY_UNLOCK();
if ( (ret = srtpkdf_test()) != 0)
TEST_FAIL("SRTP KDF test failed!\n", ret);
else
TEST_PASS("SRTP KDF test passed!\n");
PRIVATE_KEY_LOCK();
#endif
#if defined(WC_KDF_NIST_SP_800_56C) && \
(!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0))
if ( (ret = nist_sp80056c_kdf_test()) != 0)
TEST_FAIL("NIST SP 800-56C KDF test failed!\n", ret);
else
TEST_PASS("NIST SP 800-56C KDF test passed!\n");
#endif
#if defined(HAVE_CMAC_KDF) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0))
if ( (ret = nist_sp800108_cmac()) != 0)
TEST_FAIL("NIST SP 800-108 KDF test failed!\n", ret);
else
TEST_PASS("NIST SP 800-108 KDF test passed!\n");
if ( (ret = nist_sp80056c_twostep_cmac()) != 0)
TEST_FAIL("NIST SP 800-56C two-step KDF test failed!\n", ret);
else
TEST_PASS("NIST SP 800-56C two-step KDF test passed!\n");
#endif /* HAVE_CMAC_KDF && (!HAVE_FIPS || FIPS_VERSION3_GE(7,0,0)) */
#if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128) && \
!defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) && \
!defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
if ( (ret = gmac_test()) != 0)
TEST_FAIL("GMAC test failed!\n", ret);
else
TEST_PASS("GMAC test passed!\n");
#endif
#ifdef WC_RC2
if ( (ret = rc2_test()) != 0)
TEST_FAIL("RC2 test failed!\n", ret);
else
TEST_PASS("RC2 test passed!\n");
#endif
#ifndef NO_RC4
if ( (ret = arc4_test()) != 0)
TEST_FAIL("ARC4 test failed!\n", ret);
else
TEST_PASS("ARC4 test passed!\n");
#endif
#ifdef HAVE_CHACHA
if ( (ret = chacha_test()) != 0)
TEST_FAIL("Chacha test failed!\n", ret);
else
TEST_PASS("Chacha test passed!\n");
#endif
#ifdef HAVE_XCHACHA
if ( (ret = XChaCha_test()) != 0)
TEST_FAIL("XChacha test failed!\n", ret);
else
TEST_PASS("XChacha test passed!\n");
#endif
#ifdef HAVE_POLY1305
if ( (ret = poly1305_test()) != 0)
TEST_FAIL("POLY1305 test failed!\n", ret);
else
TEST_PASS("POLY1305 test passed!\n");
#endif
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
if ( (ret = chacha20_poly1305_aead_test()) != 0)
TEST_FAIL("ChaCha20-Poly1305 AEAD test failed!\n", ret);
else
TEST_PASS("ChaCha20-Poly1305 AEAD test passed!\n");
#endif
#ifdef HAVE_ASCON
if ( (ret = ascon_hash256_test()) != 0)
return err_sys("ASCON Hash test failed!\n", ret);
else
TEST_PASS("ASCON Hash test passed!\n");
if ( (ret = ascon_aead128_test()) != 0)
return err_sys("ASCON AEAD test failed!\n", ret);
else
TEST_PASS("ASCON AEAD test passed!\n");
#endif
#if defined(HAVE_XCHACHA) && defined(HAVE_POLY1305)
if ( (ret = XChaCha20Poly1305_test()) != 0)
TEST_FAIL("XChaCha20-Poly1305 AEAD test failed!\n", ret);
else
TEST_PASS("XChaCha20-Poly1305 AEAD test passed!\n");
#endif
#ifndef NO_DES3
if ( (ret = des_test()) != 0)
TEST_FAIL("DES test failed!\n", ret);
else
TEST_PASS("DES test passed!\n");
#endif
#ifndef NO_DES3
if ( (ret = des3_test()) != 0)
TEST_FAIL("DES3 test failed!\n", ret);
else
TEST_PASS("DES3 test passed!\n");
#endif
#ifndef NO_AES
/* key sizes, ECB and Direct tests */
if ( (ret = aes_test()) != 0)
TEST_FAIL("AES test failed!\n", ret);
else
TEST_PASS("AES test passed!\n");
#if defined(WOLFSSL_AES_192) && \
!defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
if ( (ret = aes192_test()) != 0)
TEST_FAIL("AES192 test failed!\n", ret);
else
TEST_PASS("AES192 test passed!\n");
#endif
#if defined(WOLFSSL_AES_256)
if ( (ret = aes256_test()) != 0)
TEST_FAIL("AES256 test failed!\n", ret);
else
TEST_PASS("AES256 test passed!\n");
#endif
#ifdef HAVE_AES_CBC
if ( (ret = aes_cbc_test()) != 0)
TEST_FAIL("AES-CBC test failed!\n", ret);
else
TEST_PASS("AES-CBC test passed!\n");
#endif
#ifdef WOLFSSL_AES_COUNTER
if ( (ret = aes_ctr_test()) != 0)
TEST_FAIL("AES-CTR test failed!\n", ret);
else
TEST_PASS("AES-CTR test passed!\n");
#endif
#ifdef WOLFSSL_AES_OFB
if ( (ret = aesofb_test()) != 0)
TEST_FAIL("AES-OFB test failed!\n", ret);
else
TEST_PASS("AES-OFB test passed!\n");
#endif
#ifdef HAVE_AESGCM
#if !defined(WOLFSSL_AFALG) && !defined(WOLFSSL_DEVCRYPTO)
if ( (ret = aesgcm_test()) != 0)
TEST_FAIL("AES-GCM test failed!\n", ret);
#endif
#if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) && \
!defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) && \
!defined(WOLFSSL_KCAPI_AES) && !(defined(WOLF_CRYPTO_CB) && \
(defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC)))
if ((ret = aesgcm_default_test()) != 0) {
TEST_FAIL("AES-GCM test failed!\n", ret);
}
#endif
if (ret == 0) {
TEST_PASS("AES-GCM test passed!\n");
}
#endif
#if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
if ( (ret = aesccm_test()) != 0)
TEST_FAIL("AES-CCM test failed!\n", ret);
else
TEST_PASS("AES-CCM test passed!\n");
#endif
#ifdef WOLFSSL_AES_CFB
if ( (ret = aes_cfb_test()) != 0)
TEST_FAIL("AES-CFB test failed!\n", ret);
else
TEST_PASS("AES-CFB test passed!\n");
#endif
#ifdef WOLFSSL_AES_XTS
if ( (ret = aes_xts_test()) != 0)
TEST_FAIL("AES-XTS test failed!\n", ret);
else
TEST_PASS("AES-XTS test passed!\n");
#endif
#ifdef HAVE_AES_KEYWRAP
if ( (ret = aeskeywrap_test()) != 0)
TEST_FAIL("AES Key Wrap test failed!\n", ret);
else
TEST_PASS("AES Key Wrap test passed!\n");
#endif
#if defined(WOLFSSL_AES_SIV) && defined(WOLFSSL_AES_128)
if ( (ret = aes_siv_test()) != 0)
TEST_FAIL("AES-SIV test failed!\n", ret);
else
TEST_PASS("AES-SIV test passed!\n");
#endif
#ifdef WOLFSSL_AES_CTS
if ( (ret = aes_cts_test()) != 0)
TEST_FAIL("AES-CTS test failed!\n", ret);
else
TEST_PASS("AES-CTS test passed!\n");
#endif
#endif /* !NO_AES */
#if defined(WOLFSSL_AES_EAX) && \
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
if ( (ret = aes_eax_test()) != 0)
TEST_FAIL("AES-EAX test failed!\n", ret);
else
TEST_PASS("AES-EAX test passed!\n");
#endif /* WOLFSSL_AES_EAX */
#ifdef HAVE_ARIA
if ( (ret = ariagcm_test(MC_ALGID_ARIA_128BITKEY)) != 0)
TEST_FAIL("ARIA128 test failed!\n", ret);
else
TEST_PASS("ARIA128 test passed!\n");
if ( (ret = ariagcm_test(MC_ALGID_ARIA_192BITKEY)) != 0)
TEST_FAIL("ARIA192 test failed!\n", ret);
else
TEST_PASS("ARIA192 test passed!\n");
if ( (ret = ariagcm_test(MC_ALGID_ARIA_256BITKEY)) != 0)
TEST_FAIL("ARIA256 test failed!\n", ret);
else
TEST_PASS("ARIA256 test passed!\n");
#endif
#ifdef HAVE_CAMELLIA
if ( (ret = camellia_test()) != 0)
TEST_FAIL("CAMELLIA test failed!\n", ret);
else
TEST_PASS("CAMELLIA test passed!\n");
#endif
#ifdef WOLFSSL_SM4
if ( (ret = sm4_test()) != 0)
return err_sys("SM-4 test failed!\n", ret);
else
TEST_PASS("SM-4 test passed!\n");
#endif
#ifdef WOLFSSL_PUF
if ( (ret = puf_test()) != 0)
return err_sys("PUF test failed!\n", ret);
else
TEST_PASS("PUF test passed!\n");
#endif
#if !defined(NO_RSA) && !defined(HAVE_RENESAS_SYNC)
#ifdef WC_RSA_NO_PADDING
if ( (ret = rsa_no_pad_test()) != 0)
TEST_FAIL("RSA NOPAD test failed!\n", ret);
else
TEST_PASS("RSA NOPAD test passed!\n");
#endif
if ( (ret = rsa_test()) != 0)
TEST_FAIL("RSA test failed!\n", ret);
else
TEST_PASS("RSA test passed!\n");
#endif
#ifndef NO_DH
PRIVATE_KEY_UNLOCK();
if ( (ret = dh_test()) != 0)
TEST_FAIL("DH test failed!\n", ret);
else
TEST_PASS("DH test passed!\n");
PRIVATE_KEY_LOCK();
#endif
#ifndef NO_DSA
if ( (ret = dsa_test()) != 0)
TEST_FAIL("DSA test failed!\n", ret);
else
TEST_PASS("DSA test passed!\n");
#endif
#ifdef WOLFCRYPT_HAVE_SRP
if ( (ret = srp_test()) != 0)
TEST_FAIL("SRP test failed!\n", ret);
else
TEST_PASS("SRP test passed!\n");
#endif
#ifndef NO_PWDBASED
PRIVATE_KEY_UNLOCK();
if ( (ret = pwdbased_test()) != 0)
TEST_FAIL("PWDBASED test failed!\n", ret);
else
TEST_PASS("PWDBASED test passed!\n");
PRIVATE_KEY_LOCK();
#endif
#if defined(USE_CERT_BUFFERS_2048) && \
defined(HAVE_PKCS12) && \
!defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \
!defined(NO_CERTS) && !defined(NO_DES3) && !defined(NO_SHA)
if ( (ret = pkcs12_test()) != 0)
TEST_FAIL("PKCS12 test failed!\n", ret);
else
TEST_PASS("PKCS12 test passed!\n");
#endif
#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
if ( (ret = openssl_test()) != 0)
TEST_FAIL("OPENSSL test failed!\n", ret);
else
TEST_PASS("OPENSSL test passed!\n");
if ( (ret = openSSL_evpMD_test()) != 0)
TEST_FAIL("OPENSSL (EVP MD) test failed!\n", ret);
else
TEST_PASS("OPENSSL (EVP MD) passed!\n");
if ( (ret = openssl_pkey0_test()) != 0)
TEST_FAIL("OPENSSL (PKEY0) test failed!\n", ret);
else
TEST_PASS("OPENSSL (PKEY0) passed!\n");
if ( (ret = openssl_pkey1_test()) != 0)
TEST_FAIL("OPENSSL (PKEY1) test failed!\n", ret);
else
TEST_PASS("OPENSSL (PKEY1) passed!\n");
#if (!defined(WOLF_CRYPTO_CB_ONLY_RSA) || defined(WOLFSSL_SWDEV)) && \
(!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_SWDEV))
if ( (ret = openssl_evpSig_test()) != 0)
TEST_FAIL("OPENSSL (EVP Sign/Verify) test failed!\n", ret);
else
TEST_PASS("OPENSSL (EVP Sign/Verify) passed!\n");
#endif
#endif
#if defined(HAVE_ECC)
PRIVATE_KEY_UNLOCK();
if ( (ret = ecc_test()) != 0)
TEST_FAIL("ECC test failed!\n", ret);
else
TEST_PASS("ECC test passed!\n");
PRIVATE_KEY_LOCK();
#if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \
(defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_256))
if ( (ret = ecc_encrypt_test()) != 0)
TEST_FAIL("ECC Enc test failed!\n", ret);
else
TEST_PASS("ECC Enc test passed!\n");
#endif
#if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A) && !defined(WOLFSSL_MICROCHIP_TA100) && \
!defined(NO_ECC256) && \
defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \
(!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_SWDEV)) && !defined(NO_ECC_SECP) && \
!defined(WOLFSSL_SE050)
/* skip for ATECC508/608A (cannot import private key buffers) and
* SE050 (test vector uses a digest size SE050 does not accept) */
if ( (ret = ecc_test_buffers()) != 0)
TEST_FAIL("ECC buffer test failed!\n", ret);
else
TEST_PASS("ECC buffer test passed!\n");
#endif
#endif
#if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \
!defined(NO_FILESYSTEM)
if ( (ret = cert_test()) != 0)
TEST_FAIL("CERT test failed!\n", ret);
else
TEST_PASS("CERT test passed!\n");
if ( (ret = fill_signer_twice_test()) != 0)
TEST_FAIL("FILL SIGNER test failed!\n", ret);
else
TEST_PASS("FILL SIGNER test passed!\n");
#endif
#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(WOLFSSL_GEN_CERT)
if ( (ret = certext_test()) != 0)
TEST_FAIL("CERT EXT test failed!\n", ret);
else
TEST_PASS("CERT EXT test passed!\n");
#endif
#if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
if ( (ret = decodedCertCache_test()) != 0)
TEST_FAIL("DECODED CERT CACHE test failed!\n", ret);
else
TEST_PASS("DECODED CERT CACHE test passed!\n");
#endif
#ifdef HAVE_CURVE25519
if ( (ret = curve25519_test()) != 0)
TEST_FAIL("CURVE25519 test failed!\n", ret);
else
TEST_PASS("CURVE25519 test passed!\n");
#endif
#ifdef HAVE_ED25519
PRIVATE_KEY_UNLOCK();
if ( (ret = ed25519_test()) != 0)
TEST_FAIL("ED25519 test failed!\n", ret);
else
TEST_PASS("ED25519 test passed!\n");
PRIVATE_KEY_LOCK();
#endif
#ifdef HAVE_CURVE448
if ( (ret = curve448_test()) != 0)
TEST_FAIL("CURVE448 test failed!\n", ret);
else
TEST_PASS("CURVE448 test passed!\n");
#endif
#ifdef HAVE_ED448
PRIVATE_KEY_UNLOCK();
if ( (ret = ed448_test()) != 0)
TEST_FAIL("ED448 test failed!\n", ret);
else
TEST_PASS("ED448 test passed!\n");
PRIVATE_KEY_LOCK();
#endif
#ifdef WOLFSSL_HAVE_MLKEM
PRIVATE_KEY_UNLOCK();
if ( (ret = mlkem_test()) != 0)
TEST_FAIL("MLKEM test failed!\n", ret);
else
TEST_PASS("MLKEM test passed!\n");
PRIVATE_KEY_LOCK();
#endif
#ifdef WOLFSSL_HAVE_MLDSA
PRIVATE_KEY_UNLOCK();
if ( (ret = mldsa_test()) != 0)
TEST_FAIL("ML-DSA test failed!\n", ret);
else
TEST_PASS("ML-DSA test passed!\n");
PRIVATE_KEY_LOCK();
#endif
#if defined(WOLFSSL_HAVE_XMSS)
#if !defined(WOLFSSL_SMALL_STACK) && WOLFSSL_XMSS_MIN_HEIGHT <= 10
if ( (ret = xmss_test_verify_only()) != 0)
TEST_FAIL("XMSS Vfy test failed!\n", ret);
else
TEST_PASS("XMSS Vfy test passed!\n");
#endif
#if !defined(WOLFSSL_XMSS_VERIFY_ONLY)
if ( (ret = xmss_test()) != 0)
TEST_FAIL("XMSS test failed!\n", ret);
else
TEST_PASS("XMSS test passed!\n");
#endif
#endif /* if defined(WOLFSSL_HAVE_XMSS) */
#if defined(WOLFSSL_HAVE_LMS)
#if !defined(WOLFSSL_SMALL_STACK) && (LMS_MAX_HEIGHT >= 10) && \
!defined(WOLFSSL_NO_LMS_SHA256_256)
if ( (ret = lms_test_verify_only()) != 0)
TEST_FAIL("LMS Vfy test failed!\n", ret);
else
TEST_PASS("LMS Vfy test passed!\n");
#endif
#if !defined(WOLFSSL_LMS_VERIFY_ONLY)
if ( (ret = lms_test()) != 0)
TEST_FAIL("LMS test failed!\n", ret);
else
TEST_PASS("LMS test passed!\n");
#endif
#endif /* if defined(WOLFSSL_HAVE_LMS) */
#if defined(WOLFSSL_HAVE_SLHDSA)
if ( (ret = slhdsa_test()) != 0)
TEST_FAIL("SLH-DSA test failed!\n", ret);
else
TEST_PASS("SLH-DSA test passed!\n");
#endif /* if defined(WOLFSSL_HAVE_SLHDSA) */
#ifdef WOLFCRYPT_HAVE_ECCSI
if ( (ret = eccsi_test()) != 0)
TEST_FAIL("ECCSI test failed!\n", ret);
else
TEST_PASS("ECCSI test passed!\n");
#endif
#ifdef WOLFCRYPT_HAVE_SAKKE
if ( (ret = sakke_test()) != 0)
TEST_FAIL("SAKKE test failed!\n", ret);
else
TEST_PASS("SAKKE test passed!\n");
#endif
#if defined(WOLFSSL_CMAC) && !defined(NO_AES)
if ( (ret = cmac_test()) != 0)
TEST_FAIL("CMAC test failed!\n", ret);
else
TEST_PASS("CMAC test passed!\n");
#endif
#if defined(WOLFSSL_SHE) && !defined(NO_AES)
if ( (ret = she_test()) != 0)
TEST_FAIL("SHE test failed!\n", ret);
else
TEST_PASS("SHE test passed!\n");
#endif
#if defined(WOLFSSL_SIPHASH)
if ( (ret = siphash_test()) != 0)
TEST_FAIL("SipHash test failed!\n", ret);
else
TEST_PASS("SipHash test passed!\n");
#endif
#ifdef HAVE_LIBZ
if ( (ret = compress_test()) != 0)
TEST_FAIL("COMPRESS test failed!\n", ret);
else
TEST_PASS("COMPRESS test passed!\n");
#endif
#ifdef HAVE_PKCS7
#ifndef NO_PKCS7_ENCRYPTED_DATA
if ( (ret = pkcs7encrypted_test()) != 0)
TEST_FAIL("PKCS7encrypted test failed!\n", ret);
else
TEST_PASS("PKCS7encrypted test passed!\n");
#endif
#if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
if ( (ret = pkcs7compressed_test()) != 0)
TEST_FAIL("PKCS7compressed test failed!\n", ret);
else
TEST_PASS("PKCS7compressed test passed!\n");
#endif
if ( (ret = pkcs7signed_test()) != 0)
TEST_FAIL("PKCS7signed test failed!\n", ret);
else
TEST_PASS("PKCS7signed test passed!\n");
PRIVATE_KEY_UNLOCK();
if ( (ret = pkcs7enveloped_test()) != 0)
TEST_FAIL("PKCS7enveloped test failed!\n", ret);
else
TEST_PASS("PKCS7enveloped test passed!\n");
PRIVATE_KEY_LOCK();
#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
PRIVATE_KEY_UNLOCK();
if ( (ret = pkcs7authenveloped_test()) != 0)
TEST_FAIL("PKCS7authenveloped test failed!\n", ret);
else
TEST_PASS("PKCS7authenveloped test passed!\n");
PRIVATE_KEY_LOCK();
#endif
#endif
#if defined(WOLFSSL_PUBLIC_MP) && \
((defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
defined(USE_FAST_MATH))
if ( (ret = mp_test()) != 0)
TEST_FAIL("mp test failed!\n", ret);
else
TEST_PASS("mp test passed!\n");
#endif
#if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN) && \
(!defined(NO_DH) || !defined(NO_DSA)) && !defined(WC_NO_RNG)
if ( (ret = prime_test()) != 0)
TEST_FAIL("prime test failed!\n", ret);
else
TEST_PASS("prime test passed!\n");
#endif
#if defined(ASN_BER_TO_DER) && \
(defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL))
if ( (ret = berder_test()) != 0)
TEST_FAIL("ber-der test failed!\n", ret);
else
TEST_PASS("ber-der test passed!\n");
#endif
if ( (ret = logging_test()) != 0)
TEST_FAIL("logging test failed!\n", ret);
else
TEST_PASS("logging test passed!\n");
#if !defined(NO_ASN) && !defined(NO_ASN_TIME)
if ( (ret = time_test()) != 0)
TEST_FAIL("time test failed!\n", ret);
else
TEST_PASS("time test passed!\n");
#endif
#if defined(__INCLUDE_NUTTX_CONFIG_H)
if ((ret = wolfcrypt_mutex_test()) != 0)
#else
if ((ret = mutex_test()) != 0)
#endif
TEST_FAIL("mutex test failed!\n", ret);
else
TEST_PASS("mutex test passed!\n");
#if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS)
if ( (ret = memcb_test()) != 0)
TEST_FAIL("memcb test failed!\n", ret);
else
TEST_PASS("memcb test passed!\n");
#endif
#ifdef WOLFSSL_CAAM_BLOB
if ( (ret = blob_test()) != 0)
TEST_FAIL("blob test failed!\n", ret);
else
TEST_PASS("blob test passed!\n");
#endif
#if defined(WOLF_CRYPTO_CB) && !defined(WC_TEST_NO_CRYPTOCB_SW_TEST) && \
!(defined(HAVE_INTEL_QAT_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC) || \
defined(WOLFSSL_QNX_CAAM) || defined(HAVE_RENESAS_SYNC))
if ( (ret = cryptocb_test()) != 0)
TEST_FAIL("crypto callback test failed!\n", ret);
else
TEST_PASS("crypto callback test passed!\n");
#endif
#ifdef WOLFSSL_CERT_PIV
if ( (ret = certpiv_test()) != 0)
TEST_FAIL("cert piv test failed!\n", ret);
else
TEST_PASS("cert piv test passed!\n");
#endif
#ifdef WOLF_CRYPTO_CB
#ifdef HAVE_INTEL_QA_SYNC
wc_CryptoCb_CleanupIntelQa(&devId);
#endif
#ifdef HAVE_CAVIUM_OCTEON_SYNC
wc_CryptoCb_CleanupOcteon(&devId);
#endif
#ifdef HAVE_RENESAS_SYNC
wc_CryptoCb_CleanupRenesasCmn(&devId);
#endif
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
wolfAsync_DevClose(&devId);
#endif
/* cleanup the thread if fixed point cache is enabled and have thread local */
#if defined(HAVE_THREAD_LS) && defined(HAVE_ECC) && defined(FP_ECC)
wc_ecc_fp_free();
#endif
#ifdef TEST_ALWAYS_RUN_TO_END
if (last_failed_test_ret != 0)
ret = last_failed_test_ret;
#endif
if (args)
((func_args*)args)->return_code = ret;
/* If hardware acceleration and respective metrics tracked, show results: */
#ifdef WOLFSSL_HW_METRICS
#if defined(WOLFSSL_ESP32_CRYPT_RSA_PRI) && defined(WOLFSSL_HW_METRICS)
esp_hw_show_mp_metrics();
#endif
#endif
#if defined(WOLFSSL_STATIC_MEMORY) && !defined(OPENSSL_EXTRA)
wolfSSL_SetGlobalHeapHint(NULL);
#endif
TEST_PASS("Test complete\n");
EXIT_TEST(ret);
} /* end of wolfcrypt_test() */
#ifndef NO_MAIN_DRIVER
#ifdef HAVE_WOLFCRYPT_TEST_OPTIONS
int myoptind = 0;
char* myoptarg = NULL;
#endif
/* so overall tests can pull in test function */
#if defined(WOLFSSL_ESPIDF) || defined(_WIN32_WCE)
wc_test_ret_t wolf_test_task(void)
#else
#ifndef NO_MAIN_FUNCTION
int main(int argc, char** argv)
{
if (wolfcrypt_test_main(argc, argv) >= 0)
return 0;
else
return 1;
}
#endif
wc_test_ret_t wolfcrypt_test_main(int argc, char** argv)
#endif
{
wc_test_ret_t ret;
func_args args = { 0, 0, 0 };
#if defined(WOLFSSL_ESPIDF) || defined(WOLFSSL_SE050)
/* set dummy wallclock time. */
struct timeval utctime;
struct timezone tz;
utctime.tv_sec = 1521725159; /* dummy time: 2018-03-22T13:25:59+00:00 */
utctime.tv_usec = 0;
tz.tz_minuteswest = 0;
tz.tz_dsttime = 0;
settimeofday(&utctime, &tz);
#endif
#ifdef WOLFSSL_APACHE_MYNEWT
#ifdef ARCH_sim
mcu_sim_parse_args(argc, argv);
#endif
sysinit();
/* set dummy wallclock time. */
struct os_timeval utctime;
struct os_timezone tz;
utctime.tv_sec = 1521725159; /* dummy time: 2018-03-22T13:25:59+00:00 */
utctime.tv_usec = 0;
tz.tz_minuteswest = 0;
tz.tz_dsttime = 0;
os_settimeofday(&utctime, &tz);
#endif
#ifdef WOLFSSL_ZEPHYR
/* set dummy wallclock time. */
struct timespec utctime;
utctime.tv_sec = 1521725159; /* dummy time: 2018-03-22T13:25:59+00:00 */
utctime.tv_nsec = 0;
clock_settime(CLOCK_REALTIME, &utctime);
#endif
#ifdef DEVKITPRO
void *framebuffer;
GXRModeObj *rmode = NULL;
VIDEO_Init();
WPAD_Init();
rmode = VIDEO_GetPreferredMode(NULL);
#pragma GCC diagnostic ignored "-Wbad-function-cast"
framebuffer = MEM_K0_TO_K1(SYS_AllocateFramebuffer(rmode));
#pragma GCC diagnostic pop
console_init(framebuffer,20,20,rmode->fbWidth,rmode->xfbHeight,rmode->fbWidth*VI_DISPLAY_PIX_SZ);
VIDEO_Configure(rmode);
VIDEO_SetNextFramebuffer(framebuffer);
VIDEO_SetBlack(FALSE);
VIDEO_Flush();
VIDEO_WaitVSync();
if(rmode->viTVMode&VI_NON_INTERLACE) VIDEO_WaitVSync();
#endif
#ifdef WOLFSSL_NDS
/* Init Console output */
consoleDemoInit();
/* Init the Filesystem */
fatInitDefault();
#endif
#ifdef HAVE_WNR
if ((ret = wc_InitNetRandom(wnrConfigFile, NULL, 5000)) != 0) {
err_sys("Whitewood netRandom global config failed",
WC_TEST_RET_ENC_EC(ret));
return WC_TEST_RET_ENC_EC(ret);
}
#endif
#ifndef WOLFSSL_ESPIDF
args.argc = argc;
args.argv = argv;
#endif
#if defined(HAVE_FIPS) && defined(HAVE_ENTROPY_MEMUSE) && \
!defined(WOLFSSL_KERNEL_MODE)
/* wolfEntropy's Entropy_Init() calls wc_InitSha3_256(), which
* ultimately fails if the FIPS integrity hash is wrong.
*/
wolfCrypt_SetCb_fips(myFipsCb);
#endif
if ((ret = wolfCrypt_Init()) != 0) {
printf("wolfCrypt_Init failed %d\n", (int)ret);
args.return_code = WC_TEST_RET_ENC_EC(ret);
err_sys("Error with wolfCrypt_Init!\n", args.return_code);
}
#ifdef WOLFSSL_SWDEV
if ((ret = wc_SwDev_Init()) != 0) {
printf("wc_SwDev_Init failed %d\n", (int)ret);
args.return_code = WC_TEST_RET_ENC_EC(ret);
err_sys("Error with wc_SwDev_Init!\n", args.return_code);
}
#endif
#ifdef HAVE_WC_INTROSPECTION
printf("Math: %s\n", wc_GetMathInfo());
#endif
if (ret == 0) {
#ifdef HAVE_STACK_SIZE
StackSizeCheck(&args, wolfcrypt_test);
#else
wolfcrypt_test(&args);
#endif
}
#ifdef WOLFSSL_SWDEV
wc_SwDev_Cleanup();
#endif
if ((ret = wolfCrypt_Cleanup()) != 0) {
printf("wolfCrypt_Cleanup failed %d\n", (int)ret);
args.return_code = WC_TEST_RET_ENC_EC(ret);
err_sys("Error with wolfCrypt_Cleanup!\n", args.return_code);
}
#ifdef HAVE_WNR
if ((ret = wc_FreeNetRandom()) < 0) {
args.return_code = WC_TEST_RET_ENC_EC(ret);
err_sys("Failed to free netRandom context",
args.return_code);
}
#endif /* HAVE_WNR */
#ifdef DOLPHIN_EMULATOR
/* Returning from main panics the emulator. Just hang
* and let the user force quit the emulator window. */
printf("args.return_code: %d\n", args.return_code);
printf("Testing complete. You may close the window now\n");
while (1);
#endif
#ifdef WOLFSSL_NDS
/* in Nintendo DS returning from main shuts down the Device without letting you see the Results. */
printf("args.return_code: %d\n", args.return_code);
printf("Testing complete. Press Start to exit the Program\n");
while(1) {
swiWaitForVBlank();
scanKeys();
int keys = keysDown();
if(keys & KEY_START) break;
}
#endif
#ifdef WOLFSSL_TRACK_MEMORY
if (wc_MemStats_Ptr && (wc_MemStats_Ptr->currentBytes > 0) &&
(args.return_code == 0))
{
args.return_code = WC_TEST_RET_ENC_EC(MEMORY_E);
}
#endif
#if defined(WOLFSSL_ESPIDF)
/* ESP_LOGI to print takes up a lot less memory than printf */
ESP_LOGI(ESPIDF_TAG, "Exiting main with return code: % d\n",
args.return_code);
#else
/* gate this for target platforms wishing to avoid printf reference */
printf("Exiting main with return code: %ld\n", (long int)args.return_code);
#endif
return args.return_code;
} /* wolfcrypt_test_main or wolf_test_task */
#endif /* NO_MAIN_DRIVER */
/* helper to save DER, convert to PEM and save PEM */
#if !defined(NO_ASN) && (defined(HAVE_ECC) || !defined(NO_DSA) || \
(!defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN))))
#if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
#define SaveDerAndPem(d, dSz, fD, fP, pT) _SaveDerAndPem(d, dSz, fD, fP, pT, WC_TEST_RET_LN)
#else
#define SaveDerAndPem(d, dSz, fD, fP, pT) _SaveDerAndPem(d, dSz, NULL, NULL, pT, WC_TEST_RET_LN)
#endif
static wc_test_ret_t _SaveDerAndPem(const byte* der, int derSz,
const char* fileDer, const char* filePem, int pemType, int calling_line)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
wc_test_ret_t ret;
XFILE derFile;
derFile = XFOPEN(fileDer, "wb");
if (!derFile) {
return WC_TEST_RET_ENC(calling_line, 0, WC_TEST_RET_TAG_I);
}
ret = (int)XFWRITE(der, 1, (size_t)derSz, derFile);
XFCLOSE(derFile);
if (ret != derSz) {
return WC_TEST_RET_ENC(calling_line, 1, WC_TEST_RET_TAG_I);
}
#endif
#if defined(WOLFSSL_DER_TO_PEM) && !defined(NO_CERTS)
if (filePem) {
#if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
XFILE pemFile;
#endif
#ifndef WOLFSSL_NO_MALLOC
byte* pem;
#else
byte pem[2048];
#endif
int pemSz;
/* calculate PEM size */
pemSz = wc_DerToPem(der, (word32)derSz, NULL, 0, pemType);
if (pemSz < 0) {
return WC_TEST_RET_ENC(calling_line, 2, WC_TEST_RET_TAG_I);
}
#ifndef WOLFSSL_NO_MALLOC
pem = (byte*)XMALLOC((word32)pemSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (pem == NULL) {
return WC_TEST_RET_ENC(calling_line, 3, WC_TEST_RET_TAG_I);
}
#else
if (pemSz > (int)sizeof(pem))
return WC_TEST_RET_ENC_EC(BAD_FUNC_ARG);
#endif
/* Convert to PEM */
pemSz = wc_DerToPem(der, (word32)derSz, pem, (word32)pemSz, pemType);
if (pemSz < 0) {
#ifndef WOLFSSL_NO_MALLOC
XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return WC_TEST_RET_ENC(calling_line, 4, WC_TEST_RET_TAG_I);
}
#if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
pemFile = XFOPEN(filePem, "wb");
if (!pemFile) {
#ifndef WOLFSSL_NO_MALLOC
XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return WC_TEST_RET_ENC(calling_line, 5, WC_TEST_RET_TAG_I);
}
ret = (int)XFWRITE(pem, 1, (size_t)pemSz, pemFile);
XFCLOSE(pemFile);
if (ret != pemSz) {
#ifndef WOLFSSL_NO_MALLOC
XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return WC_TEST_RET_ENC(calling_line, 6, WC_TEST_RET_TAG_I);
}
#endif
#ifndef WOLFSSL_NO_MALLOC
XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
}
#endif /* WOLFSSL_DER_TO_PEM */
/* suppress unused variable warnings */
(void)der;
(void)derSz;
(void)filePem;
(void)fileDer;
(void)pemType;
(void)calling_line;
return 0;
}
#endif /* WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN */
static wc_test_ret_t safe_sum_word32_test(void) {
word32 out;
int ret;
int i;
static const struct {
word32 a;
word32 b;
word32 e;
int t;
} cases[] = {
#define u_max 4294967295U
#define half (4294967295U / 2U)
{ 0, 0, 0, 1 },
{ 1, 1, 2, 1 },
{ u_max, 0, u_max, 1 },
{ u_max - 1, 1, u_max, 1 },
{ u_max, 1, u_max, 0 },
{ 0, u_max, u_max, 1 },
{ half, half, half * 2U, 1 },
{ u_max - 1, 2, u_max, 0 }
#undef half
#undef u_max
};
for (i = 0; i < (int)(sizeof(cases) / sizeof(cases[0])); ++i) {
ret = WC_SAFE_SUM_UNSIGNED_CLIP(word32, cases[i].a, cases[i].b, out);
if (out != cases[i].e || ret != cases[i].t)
return WC_TEST_RET_ENC_I(i);
out = 10;
ret = WC_SAFE_SUM_UNSIGNED(word32, cases[i].a, cases[i].b, out);
if ((ret != cases[i].t) || (ret && (out != cases[i].e)))
return WC_TEST_RET_ENC_I(i);
}
return 0;
}
static wc_test_ret_t safe_sub_word32_test(void) {
word32 out;
int ret;
int i;
static const struct {
word32 a;
word32 b;
word32 e;
int t;
} cases[] = {
#define u_max 4294967295U
{ 5, 3, 2, 1 },
{ 0, 0, 0, 1 },
{ 1, 0, 1, 1 },
{ 0, 1, 0, 0 },
{ u_max, u_max, 0, 1 },
{ u_max, 0, u_max, 1 },
{ u_max, 1, u_max - 1, 1 },
{ 1, 2, 0, 0 },
#undef u_max
};
for (i = 0; i < (int)(sizeof(cases) / sizeof(cases[0])); ++i) {
ret = WC_SAFE_SUB_UNSIGNED_CLIP(word32, cases[i].a, cases[i].b, out);
if (out != cases[i].e || ret != cases[i].t)
return WC_TEST_RET_ENC_I(i);
out = 10;
ret = WC_SAFE_SUB_UNSIGNED(word32, cases[i].a, cases[i].b, out);
if ((ret != cases[i].t) || (ret && (out != cases[i].e)))
return WC_TEST_RET_ENC_I(i);
}
return 0;
}
static wc_test_ret_t safe_sum_sword32_test(void) {
sword32 out;
int ret;
int i;
static const struct {
sword32 a;
sword32 b;
sword32 e;
int t;
} cases[] = {
#define i_max 2147483647
#define i_min (-i_max - 1)
#define half (i_max / 2)
{ 0, 0, 0, 1 },
{ 1, 1, 2, 1 },
{ i_max, 0, i_max, 1 },
{ i_max - 1, 1, i_max, 1 },
{ i_max, 1, i_max, 0 },
{ 0, i_max, i_max, 1 },
{ -1, -1, -2, 1 },
{ i_min, 0, i_min, 1 },
{ i_min + 1, -1, i_min, 1 },
{ i_min, -1, i_min, 0 },
{ 1, -1, 0, 1 },
{ -1, 1, 0, 1 },
{ half, half + 1, i_max, 1 },
{ half + 1, half + 1, i_max, 0 }
#undef half
#undef i_min
#undef i_max
};
for (i = 0; i < (int)(sizeof(cases) / sizeof(cases[0])); ++i) {
ret = WC_SAFE_SUM_SIGNED_CLIP(sword32, cases[i].a, cases[i].b, out);
if (out != cases[i].e || ret != cases[i].t)
return WC_TEST_RET_ENC_I(i);
out = 10;
ret = WC_SAFE_SUM_SIGNED(sword32, cases[i].a, cases[i].b, out);
if ((ret != cases[i].t) || (ret && (out != cases[i].e)))
return WC_TEST_RET_ENC_I(i);
}
return 0;
}
static wc_test_ret_t safe_sub_sword32_test(void) {
sword32 out;
int ret;
int i;
static const struct {
sword32 a;
sword32 b;
sword32 e;
int t;
} cases[] = {
#define i_max 2147483647
#define i_min (-i_max - 1)
{ 0, 0, 0, 1 },
{ 5, 3, 2, 1 },
{ 1, -1, 2, 1 },
{ i_max, 0, i_max, 1 },
{ i_max, -1, i_max, 0 },
{ -5, -3, -2, 1 },
{ 0, 1, -1, 1 },
{ i_min, 0, i_min, 1 },
{ i_min + 1, 1, i_min, 1 },
{ i_min, 1, i_min, 0 },
{ 1, 2, -1, 1 },
{ -1, -2, 1, 1 },
{ -1, i_min, i_max, 1 },
{ i_min, -1, i_min + 1, 1 },
{ 2, -3, 5, 1 }
#undef i_min
#undef i_max
};
for (i = 0; i < (int)(sizeof(cases) / sizeof(cases[0])); ++i) {
ret = WC_SAFE_SUB_SIGNED_CLIP(sword32, cases[i].a, cases[i].b, out);
if (out != cases[i].e || ret != cases[i].t)
return WC_TEST_RET_ENC_I(i);
out = 10;
ret = WC_SAFE_SUB_SIGNED(sword32, cases[i].a, cases[i].b, out);
if ((ret != cases[i].t) || (ret && (out != cases[i].e)))
return WC_TEST_RET_ENC_I(i);
}
return 0;
}
#ifdef WORD64_AVAILABLE
static wc_test_ret_t safe_sum_word64_test(void) {
word64 out;
int ret;
int i;
static const struct {
word64 a;
word64 b;
word64 e;
int t;
} cases[] = {
#define u_max W64LIT(18446744073709551615)
#define half (u_max / 2)
{ 0, 0, 0, 1 },
{ 1, 1, 2, 1 },
{ u_max, 0, u_max, 1 },
{ u_max - 1, 1, u_max, 1 },
{ u_max, 1, u_max, 0 },
{ 0, u_max, u_max, 1 },
{ half, half, half * 2ULL, 1 },
{ u_max - 1, 2, u_max, 0 }
#undef half
#undef u_max
};
for (i = 0; i < (int)(sizeof(cases) / sizeof(cases[0])); ++i) {
ret = WC_SAFE_SUM_UNSIGNED_CLIP(word64, cases[i].a, cases[i].b, out);
if (out != cases[i].e || ret != cases[i].t)
return WC_TEST_RET_ENC_I(i);
out = 10;
ret = WC_SAFE_SUM_UNSIGNED(word64, cases[i].a, cases[i].b, out);
if ((ret != cases[i].t) || (ret && (out != cases[i].e)))
return WC_TEST_RET_ENC_I(i);
}
return 0;
}
static wc_test_ret_t safe_sub_word64_test(void) {
word64 out;
int ret;
int i;
static const struct {
word64 a;
word64 b;
word64 e;
int t;
} cases[] = {
#define u_max W64LIT(18446744073709551615)
{ 5, 3, 2, 1 },
{ 0, 0, 0, 1 },
{ 1, 0, 1, 1 },
{ 0, 1, 0, 0 },
{ u_max, u_max, 0, 1 },
{ u_max, 0, u_max, 1 },
{ u_max, 1, u_max - 1, 1 },
{ 1, 2, 0, 0 }
#undef u_max
};
for (i = 0; i < (int)(sizeof(cases) / sizeof(cases[0])); ++i) {
ret = WC_SAFE_SUB_UNSIGNED_CLIP(word64, cases[i].a, cases[i].b, out);
if (out != cases[i].e || ret != cases[i].t)
return WC_TEST_RET_ENC_I(i);
out = 10;
ret = WC_SAFE_SUB_UNSIGNED(word64, cases[i].a, cases[i].b, out);
if ((ret != cases[i].t) || (ret && (out != cases[i].e)))
return WC_TEST_RET_ENC_I(i);
}
return 0;
}
static wc_test_ret_t safe_sum_sword64_test(void) {
sword64 out;
int ret;
int i;
static const struct {
sword64 a;
sword64 b;
sword64 e;
int t;
} cases[] = {
#define i_max SW64LIT(9223372036854775807)
#define i_min (-i_max-1)
#define half (i_max / 2)
{ 0, 0, 0, 1 },
{ 1, 1, 2, 1 },
{ i_max, 0, i_max, 1 },
{ i_max - 1, 1, i_max, 1 },
{ i_max, 1, i_max, 0 },
{ 0, i_max, i_max, 1 },
{ -1, -1, -2, 1 },
{ i_min, 0, i_min, 1 },
{ i_min + 1, -1, i_min, 1 },
{ i_min, -1, i_min, 0 },
{ 1, -1, 0, 1 },
{ -1, 1, 0, 1 },
{ half, half + 1, i_max, 1 },
{ half + 1, half + 1, i_max, 0 }
#undef half
#undef i_min
#undef i_max
};
for (i = 0; i < (int)(sizeof(cases) / sizeof(cases[0])); ++i) {
ret = WC_SAFE_SUM_SIGNED_CLIP(sword64, cases[i].a, cases[i].b, out);
if (out != cases[i].e || ret != cases[i].t)
return WC_TEST_RET_ENC_I(i);
out = 10;
ret = WC_SAFE_SUM_SIGNED(sword64, cases[i].a, cases[i].b, out);
if ((ret != cases[i].t) || (ret && (out != cases[i].e)))
return WC_TEST_RET_ENC_I(i);
}
return 0;
}
static wc_test_ret_t safe_sub_sword64_test(void) {
sword64 out;
int ret;
int i;
static const struct {
sword64 a;
sword64 b;
sword64 e;
int t;
} cases[] = {
#define i_max SW64LIT(9223372036854775807)
#define i_min (-i_max-1)
{ 0, 0, 0, 1 },
{ 5, 3, 2, 1 },
{ 1, -1, 2, 1 },
{ i_max, 0, i_max, 1 },
{ i_max, -1, i_max, 0 },
{ -5, -3, -2, 1 },
{ 0, 1, -1, 1 },
{ i_min, 0, i_min, 1 },
{ i_min + 1, 1, i_min, 1 },
{ i_min, 1, i_min, 0 },
{ 1, 2, -1, 1 },
{ -1, -2, 1, 1 },
{ -1, i_min, i_max, 1 },
{ i_min, -1, i_min + 1, 1 },
{ 2, -3, 5, 1 }
#undef i_min
#undef i_max
};
for (i = 0; i < (int)(sizeof(cases) / sizeof(cases[0])); ++i) {
ret = WC_SAFE_SUB_SIGNED_CLIP(sword64, cases[i].a, cases[i].b, out);
if (out != cases[i].e || ret != cases[i].t)
return WC_TEST_RET_ENC_I(i);
out = 10;
ret = WC_SAFE_SUB_SIGNED(sword64, cases[i].a, cases[i].b, out);
if ((ret != cases[i].t) || (ret && (out != cases[i].e)))
return WC_TEST_RET_ENC_I(i);
}
return 0;
}
#endif /* WORD64_AVAILABLE */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t macro_test(void)
{
wc_test_ret_t ret;
ret = safe_sum_word32_test();
if (ret == 0)
ret = safe_sub_word32_test();
if (ret == 0)
ret = safe_sum_sword32_test();
if (ret == 0)
ret = safe_sub_sword32_test();
#ifdef WORD64_AVAILABLE
if (ret == 0)
ret = safe_sum_word64_test();
if (ret == 0)
ret = safe_sub_word64_test();
if (ret == 0)
ret = safe_sum_sword64_test();
if (ret == 0)
ret = safe_sub_sword64_test();
#endif /* WORD64_AVAILABLE */
return ret;
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t error_test(void)
{
const char* errStr;
char out[WOLFSSL_MAX_ERROR_SZ]; /* test fails if too small, < 64 */
const char* unknownStr = wc_GetErrorString((int)WC_LAST_E - 1);
#ifdef NO_ERROR_STRINGS
/* Ensure a valid error code's string matches an invalid code's.
* The string is that error strings are not available.
*/
WOLFSSL_ENTER("error_test NO_ERROR_STRINGS");
errStr = wc_GetErrorString(WC_NO_ERR_TRACE(OPEN_RAN_E));
wc_ErrorString(WC_NO_ERR_TRACE(OPEN_RAN_E), out);
if (XSTRCMP(errStr, unknownStr) != 0)
return WC_TEST_RET_ENC_NC;
if (XSTRCMP(out, unknownStr) != 0)
return WC_TEST_RET_ENC_NC;
#else
int i;
int j = 0;
/* Values that are not or no longer error codes. */
static const struct {
int first;
int last;
} missing[] = {
{ WC_SPAN1_LAST_E - 1, WC_SPAN2_FIRST_E + 1 },
{ WC_SPAN2_LAST_E - 1, WC_SPAN2_MIN_CODE_E }
};
/* Check that all errors have a string and it's the same through the two
* APIs. Check that the values that are not errors map to the unknown
* string.
*/
for (i = WC_SPAN1_FIRST_E; i >= WC_SPAN2_MIN_CODE_E; i--) {
int this_missing = 0;
for (j = 0; j < (int)XELEM_CNT(missing); ++j) {
if ((i <= missing[j].first) && (i >= missing[j].last)) {
this_missing = 1;
break;
}
}
errStr = wc_GetErrorString(i);
wc_ErrorString(i, out);
if (! this_missing) {
if (XSTRCMP(errStr, unknownStr) == 0) {
WOLFSSL_MSG("errStr unknown");
return WC_TEST_RET_ENC_I(-i);
}
if (XSTRCMP(out, unknownStr) == 0) {
WOLFSSL_MSG("out unknown");
return WC_TEST_RET_ENC_I(-i);
}
if (XSTRCMP(errStr, out) != 0) {
WOLFSSL_MSG("errStr does not match output");
return WC_TEST_RET_ENC_I(-i);
}
if (XSTRLEN(errStr) >= WOLFSSL_MAX_ERROR_SZ) {
WOLFSSL_MSG("errStr too long");
return WC_TEST_RET_ENC_I(-i);
}
}
else {
j++;
if (XSTRCMP(errStr, unknownStr) != 0)
return WC_TEST_RET_ENC_I(-i);
if (XSTRCMP(out, unknownStr) != 0)
return WC_TEST_RET_ENC_I(-i);
}
}
/* Check if the next possible value has been given a string. */
errStr = wc_GetErrorString(i);
wc_ErrorString(i, out);
if (XSTRCMP(errStr, unknownStr) != 0)
return WC_TEST_RET_ENC_NC;
if (XSTRCMP(out, unknownStr) != 0)
return WC_TEST_RET_ENC_NC;
#endif
return 0;
}
#ifndef NO_CODING
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void)
{
wc_test_ret_t ret;
static const byte good[] = "A+Gd\0\0\0";
static const byte goodEnd[] = "A+Gd \r\n";
static const byte good_spaces[] = " A + G d \0";
byte out[128];
word32 outLen;
#ifdef WOLFSSL_BASE64_ENCODE
byte data[3];
word32 dataLen;
byte longData[79] = { 0 };
static const byte symbols[] = "+/A=";
#endif
static const byte badSmall[] = "AAA!Gdj=";
static const byte badLarge[] = "AAA~Gdj=";
static const byte badEOL[] = "A+Gd!AA";
static const byte badPadding[] = "AA=A";
static const byte badChar[] = ",-.:;<=>?@[\\]^_`";
static const byte goodChar[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrstuvwxyz"
"0123456789+/";
static const byte charTest[] = "A+Gd\0\0\0";
static const byte oneByteTest[] = "YQ==";
static const byte twoByteTest[] = "YWE=";
static const byte threeByteTest[] = "YWFh";
static const byte fourByteTest[] = "YWFhYQ==";
static const byte trailingLFTest[] = "YWFhYQ==\n\n";
static const byte trailingSpaceTest[] = "YWFhYQ== ";
static const byte trailingCodesTest1[] = "YWFhY";
static const byte trailingCodesTest2[] = "YWFhYW";
static const byte trailingCodesTest3[] = "YWFhYWF";
static const byte trailingJunkTest[] = "YWFhYQ==X";
static const byte byteTestOutput[] = "aaaa";
int i;
WOLFSSL_ENTER("base64_test");
/* Good Base64 encodings. */
outLen = sizeof(out);
ret = Base64_Decode(good, sizeof(good), out, &outLen);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
outLen = sizeof(out);
ret = Base64_Decode(goodEnd, sizeof(goodEnd), out, &outLen);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
outLen = sizeof(goodChar);
XMEMCPY(out, goodChar, sizeof(goodChar));
ret = Base64_Decode(out, sizeof(goodChar), out, &outLen);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (outLen != 64 / 4 * 3)
return WC_TEST_RET_ENC_NC;
outLen = sizeof(out);
ret = Base64_Decode(good_spaces, sizeof(good_spaces), out, &outLen);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* Bad parameters. */
outLen = 1;
ret = Base64_Decode(good, sizeof(good), out, &outLen);
if (ret != WC_NO_ERR_TRACE(BUFFER_E))
return WC_TEST_RET_ENC_EC(ret);
outLen = sizeof(out);
ret = Base64_Decode(badEOL, sizeof(badEOL), out, &outLen);
if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
return WC_TEST_RET_ENC_EC(ret);
outLen = sizeof(out);
ret = Base64_Decode(badPadding, sizeof(badPadding), out, &outLen);
if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
return WC_TEST_RET_ENC_EC(ret);
/* Bad character at each offset 0-3. */
for (i = 0; i < 4; i++) {
outLen = sizeof(out);
ret = Base64_Decode(badSmall + i, 4, out, &outLen);
if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
return WC_TEST_RET_ENC_I(i);
ret = Base64_Decode(badLarge + i, 4, out, &outLen);
if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
return WC_TEST_RET_ENC_I(i);
}
/* Invalid character less than 0x2b */
for (i = 1; i < 0x2b; i++) {
outLen = sizeof(out);
XMEMCPY(out, charTest, sizeof(charTest));
out[0] = (byte)i;
ret = Base64_Decode(out, sizeof(charTest), out, &outLen);
if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
return WC_TEST_RET_ENC_I(i);
}
/* Bad characters in range 0x2b - 0x7a. */
for (i = 0; i < (int)sizeof(badChar) - 1; i++) {
outLen = sizeof(out);
XMEMCPY(out, charTest, sizeof(charTest));
out[0] = badChar[i];
ret = Base64_Decode(out, sizeof(charTest), out, &outLen);
if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
return WC_TEST_RET_ENC_I(i);
}
/* Invalid character greater than 0x7a */
for (i = 0x7b; i < 0x100; i++) {
outLen = sizeof(out);
XMEMCPY(out, charTest, sizeof(charTest));
out[0] = (byte)i;
ret = Base64_Decode(out, sizeof(charTest), out, &outLen);
if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
return WC_TEST_RET_ENC_I(i);
}
/* overrun/right-sized tests */
#define N_BYTE_TEST(f, n, t) do { \
outLen = (n) - 1; \
ret = (f)(t, sizeof(t), out, &outLen); \
if (ret != WC_NO_ERR_TRACE(BUFFER_E)) \
return WC_TEST_RET_ENC_EC(ret); \
outLen = (n); \
ret = (f)(t, sizeof(t), out, &outLen); \
if (ret != 0) \
return WC_TEST_RET_ENC_EC(ret); \
if (outLen != (n)) \
return WC_TEST_RET_ENC_I(outLen); \
ret = XMEMCMP(out, byteTestOutput, (n)); \
if (ret != 0) \
return WC_TEST_RET_ENC_I(ret); \
ret = (f)(t, sizeof(t) - 1, out, &outLen); \
if (ret != 0) \
return WC_TEST_RET_ENC_EC(ret); \
if (outLen != (n)) \
return WC_TEST_RET_ENC_I(outLen); \
ret = XMEMCMP(out, byteTestOutput, (n)); \
if (ret != 0) \
return WC_TEST_RET_ENC_I(ret); \
outLen = (n) + 1; \
out[n] = 1; \
ret = (f)(t, sizeof(t), out, &outLen); \
if (ret != 0) \
return WC_TEST_RET_ENC_EC(ret); \
if (outLen != (n)) \
return WC_TEST_RET_ENC_I(outLen); \
ret = XMEMCMP(out, byteTestOutput, (n)); \
if (ret != 0) \
return WC_TEST_RET_ENC_I(ret); \
if (out[n] != 0) \
return WC_TEST_RET_ENC_NC; \
} while (0)
N_BYTE_TEST(Base64_Decode, 1, oneByteTest);
N_BYTE_TEST(Base64_Decode, 2, twoByteTest);
N_BYTE_TEST(Base64_Decode, 3, threeByteTest);
N_BYTE_TEST(Base64_Decode, 4, fourByteTest);
#define N_BYTE_TRAILING_TEST(f, n, t, e) do { \
outLen = (n); \
ret = (f)(t, sizeof(t), out, &outLen); \
if (ret != (e)) \
return WC_TEST_RET_ENC_EC(ret); \
else if (ret == 0) { \
if (outLen != (n)) \
return WC_TEST_RET_ENC_I(outLen); \
if (XMEMCMP(out, byteTestOutput, n) != 0) \
return WC_TEST_RET_ENC_NC; \
} \
} while (0)
N_BYTE_TRAILING_TEST(Base64_Decode, 4, trailingLFTest, 0);
N_BYTE_TRAILING_TEST(Base64_Decode, 4, trailingSpaceTest, 0);
N_BYTE_TRAILING_TEST(Base64_Decode, 4, trailingCodesTest1, WC_NO_ERR_TRACE(ASN_INPUT_E));
N_BYTE_TRAILING_TEST(Base64_Decode, 4, trailingCodesTest2, WC_NO_ERR_TRACE(ASN_INPUT_E));
N_BYTE_TRAILING_TEST(Base64_Decode, 4, trailingCodesTest3, WC_NO_ERR_TRACE(ASN_INPUT_E));
N_BYTE_TRAILING_TEST(Base64_Decode, 4, trailingJunkTest, WC_NO_ERR_TRACE(ASN_INPUT_E));
/* Same tests again, using Base64_Decode_nonCT() */
/* Good Base64 encodings. */
outLen = sizeof(out);
ret = Base64_Decode_nonCT(good, sizeof(good), out, &outLen);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
outLen = sizeof(out);
ret = Base64_Decode_nonCT(goodEnd, sizeof(goodEnd), out, &outLen);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
outLen = sizeof(goodChar);
XMEMCPY(out, goodChar, sizeof(goodChar));
ret = Base64_Decode_nonCT(out, sizeof(goodChar), out, &outLen);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (outLen != 64 / 4 * 3)
return WC_TEST_RET_ENC_NC;
outLen = sizeof(out);
ret = Base64_Decode_nonCT(good_spaces, sizeof(good_spaces), out, &outLen);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* Bad parameters. */
outLen = 1;
ret = Base64_Decode_nonCT(good, sizeof(good), out, &outLen);
if (ret != WC_NO_ERR_TRACE(BUFFER_E))
return WC_TEST_RET_ENC_EC(ret);
outLen = sizeof(out);
ret = Base64_Decode_nonCT(badEOL, sizeof(badEOL), out, &outLen);
if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
return WC_TEST_RET_ENC_EC(ret);
outLen = sizeof(out);
ret = Base64_Decode_nonCT(badPadding, sizeof(badPadding), out, &outLen);
if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
return WC_TEST_RET_ENC_EC(ret);
/* Bad character at each offset 0-3. */
for (i = 0; i < 4; i++) {
outLen = sizeof(out);
ret = Base64_Decode_nonCT(badSmall + i, 4, out, &outLen);
if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
return WC_TEST_RET_ENC_I(i);
ret = Base64_Decode_nonCT(badLarge + i, 4, out, &outLen);
if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
return WC_TEST_RET_ENC_I(i);
}
/* Invalid character less than 0x2b */
for (i = 1; i < 0x2b; i++) {
outLen = sizeof(out);
XMEMCPY(out, charTest, sizeof(charTest));
out[0] = (byte)i;
ret = Base64_Decode_nonCT(out, sizeof(charTest), out, &outLen);
if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
return WC_TEST_RET_ENC_I(i);
}
/* Bad characters in range 0x2b - 0x7a. */
for (i = 0; i < (int)sizeof(badChar) - 1; i++) {
outLen = sizeof(out);
XMEMCPY(out, charTest, sizeof(charTest));
out[0] = badChar[i];
ret = Base64_Decode_nonCT(out, sizeof(charTest), out, &outLen);
if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
return WC_TEST_RET_ENC_I(i);
}
/* Invalid character greater than 0x7a */
for (i = 0x7b; i < 0x100; i++) {
outLen = sizeof(out);
XMEMCPY(out, charTest, sizeof(charTest));
out[0] = (byte)i;
ret = Base64_Decode_nonCT(out, sizeof(charTest), out, &outLen);
if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E))
return WC_TEST_RET_ENC_I(i);
}
N_BYTE_TEST(Base64_Decode_nonCT, 1, oneByteTest);
N_BYTE_TEST(Base64_Decode_nonCT, 2, twoByteTest);
N_BYTE_TEST(Base64_Decode_nonCT, 3, threeByteTest);
N_BYTE_TEST(Base64_Decode_nonCT, 4, fourByteTest);
N_BYTE_TRAILING_TEST(Base64_Decode_nonCT, 4, trailingLFTest, 0);
N_BYTE_TRAILING_TEST(Base64_Decode_nonCT, 4, trailingSpaceTest, 0);
N_BYTE_TRAILING_TEST(Base64_Decode_nonCT, 4, trailingCodesTest1, WC_NO_ERR_TRACE(ASN_INPUT_E));
N_BYTE_TRAILING_TEST(Base64_Decode_nonCT, 4, trailingCodesTest2, WC_NO_ERR_TRACE(ASN_INPUT_E));
N_BYTE_TRAILING_TEST(Base64_Decode_nonCT, 4, trailingCodesTest3, WC_NO_ERR_TRACE(ASN_INPUT_E));
N_BYTE_TRAILING_TEST(Base64_Decode_nonCT, 4, trailingJunkTest, WC_NO_ERR_TRACE(ASN_INPUT_E));
#ifdef WOLFSSL_BASE64_ENCODE
/* Decode and encode all symbols - non-alphanumeric. */
dataLen = sizeof(data);
ret = Base64_Decode(symbols, sizeof(symbols), data, &dataLen);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
outLen = sizeof(out);
ret = Base64_Encode(data, dataLen, NULL, &outLen);
if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
return WC_TEST_RET_ENC_EC(ret);
outLen = sizeof(out);
ret = Base64_Encode(data, dataLen, out, &outLen);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
outLen = 7;
ret = Base64_EncodeEsc(data, dataLen, out, &outLen);
if (ret != WC_NO_ERR_TRACE(BUFFER_E))
return WC_TEST_RET_ENC_EC(ret);
outLen = sizeof(out);
ret = Base64_EncodeEsc(data, dataLen, NULL, &outLen);
if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
return WC_TEST_RET_ENC_EC(ret);
outLen = sizeof(out);
ret = Base64_EncodeEsc(data, dataLen, out, &outLen);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
outLen = sizeof(out);
ret = Base64_Encode_NoNl(data, dataLen, out, &outLen);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* Data that results in an encoding longer than one line. */
outLen = sizeof(out);
dataLen = sizeof(longData);
ret = Base64_Encode(longData, dataLen, out, &outLen);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
outLen = sizeof(out);
ret = Base64_EncodeEsc(longData, dataLen, out, &outLen);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
outLen = sizeof(out);
ret = Base64_Encode_NoNl(longData, dataLen, out, &outLen);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#endif
return 0;
}
#ifdef WOLFSSL_BASE16
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base16_test(void)
{
wc_test_ret_t ret;
WOLFSSL_SMALL_STACK_STATIC const byte testData[] = "SomeDataToEncode\n";
WOLFSSL_SMALL_STACK_STATIC const byte encodedTestData[] = "536F6D6544617461546F456E636F64650A00";
byte encoded[40];
word32 encodedLen;
byte plain[40];
word32 len;
WOLFSSL_ENTER("base16_test");
/* length returned includes null termination */
encodedLen = sizeof(encoded);
ret = Base16_Encode(testData, sizeof(testData), encoded, &encodedLen);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
len = (word32)XSTRLEN((char*)encoded);
if (len != encodedLen - 1)
return WC_TEST_RET_ENC_NC;
len = sizeof(plain);
ret = Base16_Decode(encoded, encodedLen - 1, plain, &len);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (len != sizeof(testData) || XMEMCMP(testData, plain, len) != 0)
return WC_TEST_RET_ENC_NC;
if (encodedLen != sizeof(encodedTestData) ||
XMEMCMP(encoded, encodedTestData, encodedLen) != 0) {
return WC_TEST_RET_ENC_NC;
}
return 0;
}
#endif /* WOLFSSL_BASE16 */
#endif /* !NO_CODING */
#ifndef NO_ASN
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t asn_test(void)
{
wc_test_ret_t ret;
/* ASN1 encoded date buffer */
WOLFSSL_SMALL_STACK_STATIC const byte dateBuf[] = {
0x17, 0x0d, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31,
0x32, 0x30, 0x30, 0x37, 0x33, 0x37, 0x5a
};
byte format;
int length;
const byte* datePart;
#ifndef NO_ASN_TIME
struct tm timearg;
time_t now;
#endif
int i;
unsigned char buf[16];
WOLFSSL_ENTER("asn_test");
ret = wc_GetDateInfo(dateBuf, (int)sizeof(dateBuf), &datePart, &format,
&length);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#ifndef NO_ASN_TIME
/* Parameter Validation tests. */
if ((ret = wc_GetTime(NULL, sizeof(now))) != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
if ((ret = wc_GetTime(&now, 0)) != WC_NO_ERR_TRACE(BUFFER_E))
return WC_TEST_RET_ENC_EC(ret);
now = 0;
if ((ret = wc_GetTime(&now, sizeof(now))) != 0) {
return WC_TEST_RET_ENC_EC(ret);
}
if (now == 0) {
printf("RTC/Time not set!\n");
return WC_TEST_RET_ENC_NC;
}
ret = wc_GetDateAsCalendarTime(datePart, length, format, &timearg);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#endif /* !NO_ASN_TIME */
/* Test that only calculating the length works. */
for (i = 16; i < 32; i++) {
ret = wc_PkcsPad(NULL, i, 16);
if (ret != i + (16 - (i % 16)))
return WC_TEST_RET_ENC_I(i);
}
/* Test that adding padding works. */
XMEMSET(buf, 0xa5, sizeof(buf));
for (i = 15; i >= 0; i--) {
int j;
ret = wc_PkcsPad(buf, i, 16);
if (ret != 16)
return WC_TEST_RET_ENC_I(i);
/* Check padded buffer. */
for (j = 0; j < 16; j++) {
/* Check buffer bytes haven't been modified. */
if ((j < i) && (buf[j] != 0xa5))
return WC_TEST_RET_ENC_I(i);
/* Check padding bytes are correct. */
if (j >= i && (buf[j] != (16 - i)))
return WC_TEST_RET_ENC_I(i);
}
}
return 0;
}
#endif /* !NO_ASN */
#ifdef WOLFSSL_MD2
static wc_test_ret_t md2_kat_test(void)
{
wc_test_ret_t ret = 0;
wc_Md2 md2;
byte hash[WC_MD2_DIGEST_SIZE];
testVector a, b, c, d, e, f, g;
testVector test_md2[7];
int times = sizeof(test_md2) / sizeof(testVector), i;
a.input = "";
a.output = "\x83\x50\xe5\xa3\xe2\x4c\x15\x3d\xf2\x27\x5c\x9f\x80\x69"
"\x27\x73";
a.inLen = XSTRLEN(a.input);
a.outLen = WC_MD2_DIGEST_SIZE;
b.input = "a";
b.output = "\x32\xec\x01\xec\x4a\x6d\xac\x72\xc0\xab\x96\xfb\x34\xc0"
"\xb5\xd1";
b.inLen = XSTRLEN(b.input);
b.outLen = WC_MD2_DIGEST_SIZE;
c.input = "abc";
c.output = "\xda\x85\x3b\x0d\x3f\x88\xd9\x9b\x30\x28\x3a\x69\xe6\xde"
"\xd6\xbb";
c.inLen = XSTRLEN(c.input);
c.outLen = WC_MD2_DIGEST_SIZE;
d.input = "message digest";
d.output = "\xab\x4f\x49\x6b\xfb\x2a\x53\x0b\x21\x9f\xf3\x30\x31\xfe"
"\x06\xb0";
d.inLen = XSTRLEN(d.input);
d.outLen = WC_MD2_DIGEST_SIZE;
e.input = "abcdefghijklmnopqrstuvwxyz";
e.output = "\x4e\x8d\xdf\xf3\x65\x02\x92\xab\x5a\x41\x08\xc3\xaa\x47"
"\x94\x0b";
e.inLen = XSTRLEN(e.input);
e.outLen = WC_MD2_DIGEST_SIZE;
f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
"6789";
f.output = "\xda\x33\xde\xf2\xa4\x2d\xf1\x39\x75\x35\x28\x46\xc3\x03"
"\x38\xcd";
f.inLen = XSTRLEN(f.input);
f.outLen = WC_MD2_DIGEST_SIZE;
g.input = "1234567890123456789012345678901234567890123456789012345678"
"9012345678901234567890";
g.output = "\xd5\x97\x6f\x79\xd8\x3d\x3a\x0d\xc9\x80\x6c\x3c\x66\xf3"
"\xef\xd8";
g.inLen = XSTRLEN(g.input);
g.outLen = WC_MD2_DIGEST_SIZE;
test_md2[0] = a;
test_md2[1] = b;
test_md2[2] = c;
test_md2[3] = d;
test_md2[4] = e;
test_md2[5] = f;
test_md2[6] = g;
ret = wc_InitMd2(&md2);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
for (i = 0; i < times; ++i) {
ret = wc_Md2Update(&md2, (byte*)test_md2[i].input,
(word32)test_md2[i].inLen);
if (ret != 0)
return WC_TEST_RET_ENC_I(i);
ret = wc_Md2Final(&md2, hash);
if (ret != 0)
return WC_TEST_RET_ENC_I(i);
if (XMEMCMP(hash, test_md2[i].output, WC_MD2_DIGEST_SIZE) != 0)
return WC_TEST_RET_ENC_I(i);
}
return 0;
}
static wc_test_ret_t md2_oneshot_test(void)
{
wc_test_ret_t ret = 0;
byte hash[WC_MD2_DIGEST_SIZE];
testVector a, b, c, d, e, f, g;
testVector test_md2[7];
int times = sizeof(test_md2) / sizeof(testVector), i;
a.input = "";
a.output = "\x83\x50\xe5\xa3\xe2\x4c\x15\x3d\xf2\x27\x5c\x9f\x80\x69"
"\x27\x73";
a.inLen = XSTRLEN(a.input);
a.outLen = WC_MD2_DIGEST_SIZE;
b.input = "a";
b.output = "\x32\xec\x01\xec\x4a\x6d\xac\x72\xc0\xab\x96\xfb\x34\xc0"
"\xb5\xd1";
b.inLen = XSTRLEN(b.input);
b.outLen = WC_MD2_DIGEST_SIZE;
c.input = "abc";
c.output = "\xda\x85\x3b\x0d\x3f\x88\xd9\x9b\x30\x28\x3a\x69\xe6\xde"
"\xd6\xbb";
c.inLen = XSTRLEN(c.input);
c.outLen = WC_MD2_DIGEST_SIZE;
d.input = "message digest";
d.output = "\xab\x4f\x49\x6b\xfb\x2a\x53\x0b\x21\x9f\xf3\x30\x31\xfe"
"\x06\xb0";
d.inLen = XSTRLEN(d.input);
d.outLen = WC_MD2_DIGEST_SIZE;
e.input = "abcdefghijklmnopqrstuvwxyz";
e.output = "\x4e\x8d\xdf\xf3\x65\x02\x92\xab\x5a\x41\x08\xc3\xaa\x47"
"\x94\x0b";
e.inLen = XSTRLEN(e.input);
e.outLen = WC_MD2_DIGEST_SIZE;
f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
"6789";
f.output = "\xda\x33\xde\xf2\xa4\x2d\xf1\x39\x75\x35\x28\x46\xc3\x03"
"\x38\xcd";
f.inLen = XSTRLEN(f.input);
f.outLen = WC_MD2_DIGEST_SIZE;
g.input = "1234567890123456789012345678901234567890123456789012345678"
"9012345678901234567890";
g.output = "\xd5\x97\x6f\x79\xd8\x3d\x3a\x0d\xc9\x80\x6c\x3c\x66\xf3"
"\xef\xd8";
g.inLen = XSTRLEN(g.input);
g.outLen = WC_MD2_DIGEST_SIZE;
test_md2[0] = a;
test_md2[1] = b;
test_md2[2] = c;
test_md2[3] = d;
test_md2[4] = e;
test_md2[5] = f;
test_md2[6] = g;
for (i = 0; i < times; ++i) {
ret = wc_Md2Hash((byte*)test_md2[i].input, (word32)test_md2[i].inLen, hash);
if (ret != 0) {
return WC_TEST_RET_ENC_I(i);
}
if (XMEMCMP(hash, test_md2[i].output, WC_MD2_DIGEST_SIZE) != 0) {
return WC_TEST_RET_ENC_I(i);
}
}
return 0;
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md2_test(void)
{
wc_test_ret_t ret;
WOLFSSL_ENTER("md2_test");
if ((ret = md2_kat_test()) != 0)
return ret;
if ((ret = md2_oneshot_test()) != 0)
return ret;
return 0;
}
#endif
#ifndef NO_MD5
static wc_test_ret_t md5_kat_test(wc_Md5* md5, wc_Md5* md5Copy)
{
wc_test_ret_t ret = 0;
byte hash[WC_MD5_DIGEST_SIZE];
byte hashcopy[WC_MD5_DIGEST_SIZE];
testVector a, b, c, d, e, f;
testVector test_md5[6];
int times = sizeof(test_md5) / sizeof(testVector), i;
a.input = "";
a.output = "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42"
"\x7e";
a.inLen = XSTRLEN(a.input);
a.outLen = WC_MD5_DIGEST_SIZE;
b.input = "abc";
b.output = "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f"
"\x72";
b.inLen = XSTRLEN(b.input);
b.outLen = WC_MD5_DIGEST_SIZE;
c.input = "message digest";
c.output = "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61"
"\xd0";
c.inLen = XSTRLEN(c.input);
c.outLen = WC_MD5_DIGEST_SIZE;
d.input = "abcdefghijklmnopqrstuvwxyz";
d.output = "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00\x7d\xfb\x49\x6c\xca\x67\xe1"
"\x3b";
d.inLen = XSTRLEN(d.input);
d.outLen = WC_MD5_DIGEST_SIZE;
e.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
"6789";
e.output = "\xd1\x74\xab\x98\xd2\x77\xd9\xf5\xa5\x61\x1c\x2c\x9f\x41\x9d"
"\x9f";
e.inLen = XSTRLEN(e.input);
e.outLen = WC_MD5_DIGEST_SIZE;
f.input = "1234567890123456789012345678901234567890123456789012345678"
"9012345678901234567890";
f.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6"
"\x7a";
f.inLen = XSTRLEN(f.input);
f.outLen = WC_MD5_DIGEST_SIZE;
test_md5[0] = a;
test_md5[1] = b;
test_md5[2] = c;
test_md5[3] = d;
test_md5[4] = e;
test_md5[5] = f;
ret = wc_InitMd5_ex(md5, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_InitMd5_ex(md5Copy, HEAP_HINT, devId);
if (ret != 0) {
wc_Md5Free(md5);
return WC_TEST_RET_ENC_EC(ret);
}
for (i = 0; i < times; ++i) {
ret = wc_Md5Update(md5, (byte*)test_md5[i].input,
(word32)test_md5[i].inLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
ret = wc_Md5GetHash(md5, hashcopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
ret = wc_Md5Copy(md5, md5Copy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
ret = wc_Md5Final(md5, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
wc_Md5Free(md5Copy);
if (XMEMCMP(hash, test_md5[i].output, WC_MD5_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
if (XMEMCMP(hash, hashcopy, WC_MD5_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
}
exit:
wc_Md5Free(md5);
wc_Md5Free(md5Copy);
return ret;
}
#ifndef NO_LARGE_HASH_TEST
static wc_test_ret_t md5_large_hash_test(wc_Md5* md5)
{
wc_test_ret_t ret = 0;
byte hash[WC_MD5_DIGEST_SIZE];
byte large_input[1024];
const char* large_digest =
"\x44\xd0\x88\xce\xf1\x36\xd1\x78\xe9\xc8\xba\x84\xc3\xfd\xf6\xca";
int i, times;
ret = wc_InitMd5_ex(md5, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
for (i = 0; i < (int)sizeof(large_input); i++) {
large_input[i] = (byte)(i & 0xFF);
}
times = 100;
#ifdef WOLFSSL_PIC32MZ_HASH
wc_Md5SizeSet(md5, times * sizeof(large_input));
#endif
for (i = 0; i < times; ++i) {
ret = wc_Md5Update(md5, (byte*)large_input,
(word32)sizeof(large_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
}
ret = wc_Md5Final(md5, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
if (XMEMCMP(hash, large_digest, WC_MD5_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
#ifndef NO_UNALIGNED_MEMORY_TEST
/* Unaligned memory access test */
for (i = 1; i < 16; i++) {
ret = wc_Md5Update(md5, (byte*)large_input + i,
(word32)sizeof(large_input) - (word32)i);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Md5Final(md5, hash);
}
#endif
exit:
wc_Md5Free(md5);
return ret;
}
#endif /* NO_LARGE_HASH_TEST */
static wc_test_ret_t md5_copy_test(wc_Md5* md5, wc_Md5* md5Copy)
{
wc_test_ret_t ret = 0;
byte hash[WC_MD5_DIGEST_SIZE];
const char* a_input = "";
const char* a_output = "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42"
"\x7e";
const char* b_input = "abc";
ret = wc_InitMd5_ex(md5, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_InitMd5_ex(md5Copy, HEAP_HINT, devId);
if (ret != 0) {
wc_Md5Free(md5);
return WC_TEST_RET_ENC_EC(ret);
}
ret = wc_Md5Update(md5Copy, (byte*)b_input, (word32)XSTRLEN(b_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Md5Update(md5, (byte*)a_input, (word32)XSTRLEN(a_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Md5Copy(md5, md5Copy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Md5Final(md5Copy, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
if (XMEMCMP(hash, a_output, WC_MD5_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
exit:
wc_Md5Free(md5);
wc_Md5Free(md5Copy);
return ret;
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md5_test(void)
{
wc_Md5 md5, md5Copy;
wc_test_ret_t ret;
WOLFSSL_ENTER("md5_test");
if ((ret = md5_kat_test(&md5, &md5Copy)) != 0)
return ret;
#ifndef NO_LARGE_HASH_TEST
if ((ret = md5_large_hash_test(&md5)) != 0)
return ret;
#endif
if ((ret = md5_copy_test(&md5, &md5Copy)) != 0)
return ret;
return 0;
}
#endif /* NO_MD5 */
#ifndef NO_MD4
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md4_test(void)
{
wc_test_ret_t ret = 0;
wc_Md4 md4;
byte hash[WC_MD4_DIGEST_SIZE];
testVector a, b, c, d, e, f, g;
testVector test_md4[7];
int times = sizeof(test_md4) / sizeof(testVector), i;
WOLFSSL_ENTER("md4_test");
a.input = "";
a.output = "\x31\xd6\xcf\xe0\xd1\x6a\xe9\x31\xb7\x3c\x59\xd7\xe0\xc0\x89"
"\xc0";
a.inLen = XSTRLEN(a.input);
a.outLen = WC_MD4_DIGEST_SIZE;
b.input = "a";
b.output = "\xbd\xe5\x2c\xb3\x1d\xe3\x3e\x46\x24\x5e\x05\xfb\xdb\xd6\xfb"
"\x24";
b.inLen = XSTRLEN(b.input);
b.outLen = WC_MD4_DIGEST_SIZE;
c.input = "abc";
c.output = "\xa4\x48\x01\x7a\xaf\x21\xd8\x52\x5f\xc1\x0a\xe8\x7a\xa6\x72"
"\x9d";
c.inLen = XSTRLEN(c.input);
c.outLen = WC_MD4_DIGEST_SIZE;
d.input = "message digest";
d.output = "\xd9\x13\x0a\x81\x64\x54\x9f\xe8\x18\x87\x48\x06\xe1\xc7\x01"
"\x4b";
d.inLen = XSTRLEN(d.input);
d.outLen = WC_MD4_DIGEST_SIZE;
e.input = "abcdefghijklmnopqrstuvwxyz";
e.output = "\xd7\x9e\x1c\x30\x8a\xa5\xbb\xcd\xee\xa8\xed\x63\xdf\x41\x2d"
"\xa9";
e.inLen = XSTRLEN(e.input);
e.outLen = WC_MD4_DIGEST_SIZE;
f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
"6789";
f.output = "\x04\x3f\x85\x82\xf2\x41\xdb\x35\x1c\xe6\x27\xe1\x53\xe7\xf0"
"\xe4";
f.inLen = XSTRLEN(f.input);
f.outLen = WC_MD4_DIGEST_SIZE;
g.input = "1234567890123456789012345678901234567890123456789012345678"
"9012345678901234567890";
g.output = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f\xcc\x05"
"\x36";
g.inLen = XSTRLEN(g.input);
g.outLen = WC_MD4_DIGEST_SIZE;
test_md4[0] = a;
test_md4[1] = b;
test_md4[2] = c;
test_md4[3] = d;
test_md4[4] = e;
test_md4[5] = f;
test_md4[6] = g;
ret = wc_InitMd4(&md4);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
for (i = 0; i < times; ++i) {
ret = wc_Md4Update(&md4, (byte*)test_md4[i].input,
(word32)test_md4[i].inLen);
if (ret != 0)
return WC_TEST_RET_ENC_I(i);
ret = wc_Md4Final(&md4, hash);
if (ret != 0)
return WC_TEST_RET_ENC_I(i);
if (XMEMCMP(hash, test_md4[i].output, WC_MD4_DIGEST_SIZE) != 0)
return WC_TEST_RET_ENC_I(i);
}
return 0;
}
#endif /* NO_MD4 */
#ifndef NO_SHA
static wc_test_ret_t sha_kat_test(wc_Sha* sha, wc_Sha* shaCopy)
{
wc_test_ret_t ret = 0;
byte hash[WC_SHA_DIGEST_SIZE];
byte hashcopy[WC_SHA_DIGEST_SIZE];
testVector a, b, c, d, e;
testVector test_sha[5];
int times = sizeof(test_sha) / sizeof(struct testVector), i;
a.input = "";
a.output = "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d\x32\x55\xbf\xef\x95\x60\x18"
"\x90\xaf\xd8\x07\x09";
a.inLen = XSTRLEN(a.input);
a.outLen = WC_SHA_DIGEST_SIZE;
b.input = "abc";
b.output = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2"
"\x6C\x9C\xD0\xD8\x9D";
b.inLen = XSTRLEN(b.input);
b.outLen = WC_SHA_DIGEST_SIZE;
c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
c.output = "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29"
"\xE5\xE5\x46\x70\xF1";
c.inLen = XSTRLEN(c.input);
c.outLen = WC_SHA_DIGEST_SIZE;
d.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
"aaaaaa";
d.output = "\x00\x98\xBA\x82\x4B\x5C\x16\x42\x7B\xD7\xA1\x12\x2A\x5A\x44"
"\x2A\x25\xEC\x64\x4D";
d.inLen = XSTRLEN(d.input);
d.outLen = WC_SHA_DIGEST_SIZE;
e.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
"aaaaaaaaaa";
e.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7"
"\x53\x99\x5E\x26\xA0";
e.inLen = XSTRLEN(e.input);
e.outLen = WC_SHA_DIGEST_SIZE;
test_sha[0] = a;
test_sha[1] = b;
test_sha[2] = c;
test_sha[3] = d;
test_sha[4] = e;
ret = wc_InitSha_ex(sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_InitSha_ex(shaCopy, HEAP_HINT, devId);
if (ret != 0) {
wc_ShaFree(sha);
return WC_TEST_RET_ENC_EC(ret);
}
for (i = 0; i < times; ++i) {
ret = wc_ShaUpdate(sha, (byte*)test_sha[i].input,
(word32)test_sha[i].inLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
ret = wc_ShaGetHash(sha, hashcopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
ret = wc_ShaCopy(sha, shaCopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
ret = wc_ShaFinal(sha, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
wc_ShaFree(shaCopy);
if (XMEMCMP(hash, test_sha[i].output, WC_SHA_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
if (XMEMCMP(hash, hashcopy, WC_SHA_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
}
exit:
wc_ShaFree(sha);
wc_ShaFree(shaCopy);
return ret;
}
#ifndef NO_LARGE_HASH_TEST
static wc_test_ret_t sha_large_hash_test(wc_Sha* sha)
{
wc_test_ret_t ret = 0;
byte hash[WC_SHA_DIGEST_SIZE];
byte large_input[1024];
#if defined(WOLFSSL_RENESAS_TSIP) || defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(HASH_SIZE_LIMIT)
const char* large_digest =
"\x1d\x6a\x5a\xf6\xe5\x7c\x86\xce\x7f\x7c\xaf\xd5\xdb\x08\xcd\x59"
"\x15\x8c\x6d\xb6";
#else
const char* large_digest =
"\x8b\x77\x02\x48\x39\xe8\xdb\xd3\x9a\xf4\x05\x24\x66\x12\x2d\x9e"
"\xc5\xd9\x0a\xac";
#endif
int i, times;
ret = wc_InitSha_ex(sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
for (i = 0; i < (int)sizeof(large_input); i++) {
large_input[i] = (byte)(i & 0xFF);
}
#if defined(WOLFSSL_RENESAS_TSIP) || defined(WOLFSSL_RENESAS_SCEPROTECT) || \
defined(HASH_SIZE_LIMIT)
times = 20;
#else
times = 100;
#endif
#ifdef WOLFSSL_PIC32MZ_HASH
wc_ShaSizeSet(sha, times * sizeof(large_input));
#endif
for (i = 0; i < times; ++i) {
ret = wc_ShaUpdate(sha, (byte*)large_input,
(word32)sizeof(large_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
}
ret = wc_ShaFinal(sha, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
if (XMEMCMP(hash, large_digest, WC_SHA_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
#ifndef NO_UNALIGNED_MEMORY_TEST
/* Unaligned memory access test */
for (i = 1; i < 16; i++) {
ret = wc_ShaUpdate(sha, (byte*)large_input + i,
(word32)sizeof(large_input) - (word32)i);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_ShaFinal(sha, hash);
}
#endif
exit:
wc_ShaFree(sha);
return ret;
}
#endif /* NO_LARGE_HASH_TEST */
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0))
static wc_test_ret_t sha_copy_test(wc_Sha* sha, wc_Sha* shaCopy)
{
wc_test_ret_t ret = 0;
byte hash[WC_SHA_DIGEST_SIZE];
const char* a_input = "";
const char* a_output = "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d\x32\x55\xbf\xef\x95\x60\x18"
"\x90\xaf\xd8\x07\x09";
const char* b_input = "abc";
ret = wc_InitSha_ex(sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_InitSha_ex(shaCopy, HEAP_HINT, devId);
if (ret != 0) {
wc_ShaFree(sha);
return WC_TEST_RET_ENC_EC(ret);
}
#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
ret = wc_ShaUpdate(shaCopy, (byte*)b_input, (word32)XSTRLEN(b_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
#endif
ret = wc_ShaUpdate(sha, (byte*)a_input, (word32)XSTRLEN(a_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_ShaCopy(sha, shaCopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_ShaFinal(shaCopy, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
if (XMEMCMP(hash, a_output, WC_SHA_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
exit:
wc_ShaFree(sha);
wc_ShaFree(shaCopy);
return ret;
}
#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION_GE(7, 0)) */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha_test(void)
{
wc_Sha sha, shaCopy;
wc_test_ret_t ret;
WOLFSSL_ENTER("sha_test");
if ((ret = sha_kat_test(&sha, &shaCopy)) != 0)
return ret;
#ifndef NO_LARGE_HASH_TEST
if ((ret = sha_large_hash_test(&sha)) != 0)
return ret;
#endif
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0))
if ((ret = sha_copy_test(&sha, &shaCopy)) != 0)
return ret;
#endif
return 0;
}
#endif /* NO_SHA */
#ifdef WOLFSSL_RIPEMD
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ripemd_test(void)
{
RipeMd ripemd;
wc_test_ret_t ret;
byte hash[RIPEMD_DIGEST_SIZE];
testVector a, b, c, d;
testVector test_ripemd[4];
int times = sizeof(test_ripemd) / sizeof(struct testVector), i;
WOLFSSL_ENTER("ripemd_test");
a.input = "abc";
a.output = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6"
"\xb0\x87\xf1\x5a\x0b\xfc";
a.inLen = XSTRLEN(a.input);
a.outLen = RIPEMD_DIGEST_SIZE;
b.input = "message digest";
b.output = "\x5d\x06\x89\xef\x49\xd2\xfa\xe5\x72\xb8\x81\xb1\x23\xa8"
"\x5f\xfa\x21\x59\x5f\x36";
b.inLen = XSTRLEN(b.input);
b.outLen = RIPEMD_DIGEST_SIZE;
c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
c.output = "\x12\xa0\x53\x38\x4a\x9c\x0c\x88\xe4\x05\xa0\x6c\x27\xdc"
"\xf4\x9a\xda\x62\xeb\x2b";
c.inLen = XSTRLEN(c.input);
c.outLen = RIPEMD_DIGEST_SIZE;
d.input = "12345678901234567890123456789012345678901234567890123456"
"789012345678901234567890";
d.output = "\x9b\x75\x2e\x45\x57\x3d\x4b\x39\xf4\xdb\xd3\x32\x3c\xab"
"\x82\xbf\x63\x32\x6b\xfb";
d.inLen = XSTRLEN(d.input);
d.outLen = RIPEMD_DIGEST_SIZE;
test_ripemd[0] = a;
test_ripemd[1] = b;
test_ripemd[2] = c;
test_ripemd[3] = d;
ret = wc_InitRipeMd(&ripemd);
if (ret != 0) {
return WC_TEST_RET_ENC_EC(ret);
}
for (i = 0; i < times; ++i) {
ret = wc_RipeMdUpdate(&ripemd, (byte*)test_ripemd[i].input,
(word32)test_ripemd[i].inLen);
if (ret != 0) {
return WC_TEST_RET_ENC_I(i);
}
ret = wc_RipeMdFinal(&ripemd, hash);
if (ret != 0) {
return WC_TEST_RET_ENC_I(i);
}
if (XMEMCMP(hash, test_ripemd[i].output, RIPEMD_DIGEST_SIZE) != 0)
return WC_TEST_RET_ENC_I(i);
}
return 0;
}
#endif /* WOLFSSL_RIPEMD */
#ifdef HAVE_BLAKE2B
#define BLAKE2B_TESTS 3
static const byte blake2b_vec[BLAKE2B_TESTS][BLAKE2B_OUTBYTES] =
{
{
0x78, 0x6A, 0x02, 0xF7, 0x42, 0x01, 0x59, 0x03,
0xC6, 0xC6, 0xFD, 0x85, 0x25, 0x52, 0xD2, 0x72,
0x91, 0x2F, 0x47, 0x40, 0xE1, 0x58, 0x47, 0x61,
0x8A, 0x86, 0xE2, 0x17, 0xF7, 0x1F, 0x54, 0x19,
0xD2, 0x5E, 0x10, 0x31, 0xAF, 0xEE, 0x58, 0x53,
0x13, 0x89, 0x64, 0x44, 0x93, 0x4E, 0xB0, 0x4B,
0x90, 0x3A, 0x68, 0x5B, 0x14, 0x48, 0xB7, 0x55,
0xD5, 0x6F, 0x70, 0x1A, 0xFE, 0x9B, 0xE2, 0xCE
},
{
0x2F, 0xA3, 0xF6, 0x86, 0xDF, 0x87, 0x69, 0x95,
0x16, 0x7E, 0x7C, 0x2E, 0x5D, 0x74, 0xC4, 0xC7,
0xB6, 0xE4, 0x8F, 0x80, 0x68, 0xFE, 0x0E, 0x44,
0x20, 0x83, 0x44, 0xD4, 0x80, 0xF7, 0x90, 0x4C,
0x36, 0x96, 0x3E, 0x44, 0x11, 0x5F, 0xE3, 0xEB,
0x2A, 0x3A, 0xC8, 0x69, 0x4C, 0x28, 0xBC, 0xB4,
0xF5, 0xA0, 0xF3, 0x27, 0x6F, 0x2E, 0x79, 0x48,
0x7D, 0x82, 0x19, 0x05, 0x7A, 0x50, 0x6E, 0x4B
},
{
0x1C, 0x08, 0x79, 0x8D, 0xC6, 0x41, 0xAB, 0xA9,
0xDE, 0xE4, 0x35, 0xE2, 0x25, 0x19, 0xA4, 0x72,
0x9A, 0x09, 0xB2, 0xBF, 0xE0, 0xFF, 0x00, 0xEF,
0x2D, 0xCD, 0x8E, 0xD6, 0xF8, 0xA0, 0x7D, 0x15,
0xEA, 0xF4, 0xAE, 0xE5, 0x2B, 0xBF, 0x18, 0xAB,
0x56, 0x08, 0xA6, 0x19, 0x0F, 0x70, 0xB9, 0x04,
0x86, 0xC8, 0xA7, 0xD4, 0x87, 0x37, 0x10, 0xB1,
0x11, 0x5D, 0x3D, 0xEB, 0xBB, 0x43, 0x27, 0xB5
}
};
static wc_test_ret_t blake2b_kat_test(void)
{
Blake2b b2b;
byte digest[64];
byte input[64];
int i, ret;
for (i = 0; i < (int)sizeof(input); i++)
input[i] = (byte)i;
for (i = 0; i < BLAKE2B_TESTS; i++) {
ret = wc_InitBlake2b(&b2b, 64);
if (ret != 0)
return WC_TEST_RET_ENC_I(i);
ret = wc_Blake2bUpdate(&b2b, input, (word32)i);
if (ret != 0)
return WC_TEST_RET_ENC_I(i);
ret = wc_Blake2bFinal(&b2b, digest, 64);
if (ret != 0)
return WC_TEST_RET_ENC_I(i);
if (XMEMCMP(digest, blake2b_vec[i], 64) != 0) {
return WC_TEST_RET_ENC_I(i);
}
}
return 0;
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2b_test(void)
{
wc_test_ret_t ret;
WOLFSSL_ENTER("blake2b_test");
if ((ret = blake2b_kat_test()) != 0)
return ret;
return 0;
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2b_hmac_test(void)
{
static const byte key1[] = {0x41, 0x42, 0x43, 0x44}; /* ABCD */
static const byte message1[] = {0x48, 0x65, 0x6c, 0x6c, 0x6f}; /* Hello */
static const byte expected1[] = {
0x46, 0x76, 0xbb, 0x0e, 0xf8, 0xa1, 0x56, 0x33,
0xde, 0xdc, 0x44, 0xe3, 0x2b, 0xf3, 0xee, 0x5b,
0x5f, 0x7f, 0x04, 0x00, 0x2c, 0xaa, 0xd4, 0x93,
0xc6, 0xa6, 0xb4, 0xf3, 0x14, 0x8d, 0x6d, 0x9c,
0x6a, 0x12, 0x02, 0x85, 0x66, 0xed, 0x9b, 0x5d,
0x8d, 0x0e, 0x3d, 0xf4, 0x78, 0xee, 0x5a, 0xf6,
0x2f, 0x97, 0xa5, 0x77, 0x88, 0x8c, 0xc4, 0x66,
0x46, 0xb1, 0xba, 0x51, 0x29, 0x19, 0xd7, 0xaa,
};
static const byte key2[] = {
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42,
0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, 0x33,
0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42,
0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, 0x33
}; /* 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123 */
static const byte message2[] = {
0x61, 0x62, 0x63, 0x64, 0x62, 0x63, 0x64, 0x65, 0x63, 0x64, 0x65, 0x66,
0x64, 0x65, 0x66, 0x67, 0x65, 0x66, 0x67, 0x68, 0x66, 0x67, 0x68, 0x69,
0x67, 0x68, 0x69, 0x6a, 0x68, 0x69, 0x6a, 0x6b, 0x69, 0x6a, 0x6b, 0x6c,
0x6a, 0x6b, 0x6c, 0x6d, 0x6b, 0x6c, 0x6d, 0x6e, 0x6c, 0x6d, 0x6e, 0x6f,
0x6d, 0x6e, 0x6f, 0x70, 0x6e, 0x6f, 0x70, 0x71
}; /* abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq */
static const byte expected2[] = {
0x2a, 0xda, 0xf6, 0x94, 0x79, 0xce, 0xe2, 0xd2,
0x5d, 0x89, 0x8b, 0xd7, 0x0d, 0xbc, 0x11, 0x1f,
0x98, 0x99, 0xe0, 0x17, 0x7c, 0x5b, 0x8f, 0x94,
0xf5, 0x95, 0xbc, 0x1b, 0xb1, 0x95, 0xe8, 0x60,
0xbb, 0x29, 0xa4, 0xd9, 0x27, 0x2e, 0x00, 0xea,
0xba, 0xc3, 0x3e, 0xe6, 0x9c, 0xc7, 0xd7, 0x8d,
0x69, 0xc7, 0xb4, 0xf7, 0x31, 0x4a, 0xb1, 0xf0,
0x3c, 0xed, 0x06, 0x49, 0x6f, 0x46, 0x99, 0xea,
};
byte out[BLAKE2B_OUTBYTES];
int ret;
Blake2b b2b;
ret = wc_Blake2bHmac(message1, sizeof(message1),
key1, sizeof(key1), out, sizeof(out));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(out, expected1, sizeof(out)) != 0)
return WC_TEST_RET_ENC_NC;
ret = wc_Blake2bHmac(message2, sizeof(message2),
key2, sizeof(key2), out, sizeof(out));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(out, expected2, sizeof(out)) != 0)
return WC_TEST_RET_ENC_NC;
ret = wc_Blake2bHmacInit(&b2b, key1, sizeof(key1));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Blake2bHmacUpdate(&b2b, message1, sizeof(message1) / 2U);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Blake2bHmacUpdate(&b2b, &message1[sizeof(message1) / 2U], sizeof(message1) - sizeof(message1) / 2U);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Blake2bHmacFinal(&b2b, key1, sizeof(key1), out, sizeof(out));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Blake2bHmacInit(&b2b, key2, sizeof(key2));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Blake2bHmacUpdate(&b2b, message2, sizeof(message2) / 2U);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Blake2bHmacUpdate(&b2b, &message2[sizeof(message2) / 2U], sizeof(message2) - sizeof(message2) / 2U);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Blake2bHmacFinal(&b2b, key2, sizeof(key2), out, sizeof(out));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
{
byte long_key[BLAKE2B_BLOCKBYTES + 72];
static const byte expected_long[] = {
0xb5, 0x17, 0xd2, 0x26, 0xcb, 0x6c, 0xa2, 0x09,
0xd2, 0x56, 0x30, 0xa2, 0x55, 0xe9, 0xfa, 0xfb,
0x1e, 0x0f, 0xbf, 0x60, 0x00, 0xbd, 0x44, 0x09,
0xb7, 0xf6, 0x25, 0x75, 0x90, 0x80, 0xb1, 0xde,
0x72, 0xa5, 0x8a, 0x15, 0x95, 0xd2, 0x49, 0x8d,
0x4c, 0xdc, 0xc8, 0x68, 0x68, 0xa5, 0x07, 0x62,
0x10, 0x64, 0x0b, 0x20, 0x0b, 0xe0, 0xb0, 0xb2,
0x13, 0xf4, 0x2d, 0x42, 0x15, 0x7a, 0x5c, 0xd6,
};
int i;
for (i = 0; i < (int)sizeof(long_key); ++i)
long_key[i] = (byte)i;
ret = wc_Blake2bHmac(message2, sizeof(message2),
long_key, sizeof(long_key), out, sizeof(out));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(out, expected_long, sizeof(out)) != 0)
return WC_TEST_RET_ENC_NC;
}
return 0;
}
#endif /* HAVE_BLAKE2B */
#ifdef HAVE_BLAKE2S
#define BLAKE2S_TESTS 3
static const byte blake2s_vec[BLAKE2S_TESTS][BLAKE2S_OUTBYTES] =
{
{
0x69, 0x21, 0x7a, 0x30, 0x79, 0x90, 0x80, 0x94,
0xe1, 0x11, 0x21, 0xd0, 0x42, 0x35, 0x4a, 0x7c,
0x1f, 0x55, 0xb6, 0x48, 0x2c, 0xa1, 0xa5, 0x1e,
0x1b, 0x25, 0x0d, 0xfd, 0x1e, 0xd0, 0xee, 0xf9,
},
{
0xe3, 0x4d, 0x74, 0xdb, 0xaf, 0x4f, 0xf4, 0xc6,
0xab, 0xd8, 0x71, 0xcc, 0x22, 0x04, 0x51, 0xd2,
0xea, 0x26, 0x48, 0x84, 0x6c, 0x77, 0x57, 0xfb,
0xaa, 0xc8, 0x2f, 0xe5, 0x1a, 0xd6, 0x4b, 0xea,
},
{
0xdd, 0xad, 0x9a, 0xb1, 0x5d, 0xac, 0x45, 0x49,
0xba, 0x42, 0xf4, 0x9d, 0x26, 0x24, 0x96, 0xbe,
0xf6, 0xc0, 0xba, 0xe1, 0xdd, 0x34, 0x2a, 0x88,
0x08, 0xf8, 0xea, 0x26, 0x7c, 0x6e, 0x21, 0x0c,
}
};
static wc_test_ret_t blake2s_kat_test(void)
{
Blake2s b2s;
byte digest[32];
byte input[64];
int i, ret;
for (i = 0; i < (int)sizeof(input); i++)
input[i] = (byte)i;
for (i = 0; i < BLAKE2S_TESTS; i++) {
ret = wc_InitBlake2s(&b2s, 32);
if (ret != 0)
return WC_TEST_RET_ENC_I(i);
ret = wc_Blake2sUpdate(&b2s, input, (word32)i);
if (ret != 0)
return WC_TEST_RET_ENC_I(i);
ret = wc_Blake2sFinal(&b2s, digest, 32);
if (ret != 0)
return WC_TEST_RET_ENC_I(i);
if (XMEMCMP(digest, blake2s_vec[i], 32) != 0) {
return WC_TEST_RET_ENC_I(i);
}
}
return 0;
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2s_test(void)
{
wc_test_ret_t ret;
WOLFSSL_ENTER("blake2s_test");
if ((ret = blake2s_kat_test()) != 0)
return ret;
return 0;
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2s_hmac_test(void)
{
static const byte key1[] = {0x41, 0x42, 0x43, 0x44}; /* ABCD */
static const byte message1[] = {0x48, 0x65, 0x6c, 0x6c, 0x6f}; /* Hello */
static const byte expected1[] = {
0x96, 0xca, 0x1d, 0xaa, 0x9a, 0x33, 0x97, 0x3d,
0xc5, 0x95, 0x3e, 0xce, 0x49, 0x93, 0x75, 0xc1,
0x2a, 0x7c, 0x8f, 0x5b, 0xf0, 0x28, 0xef, 0xc3,
0xfb, 0xc5, 0x97, 0xcd, 0xcc, 0x74, 0x44, 0x68,
};
static const byte key2[] = {
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42,
0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, 0x33
}; /* 0123456789ABCDEF0123456789ABCDEF0123 */
static const byte message2[] = {
0x61, 0x62, 0x63, 0x64, 0x62, 0x63, 0x64, 0x65, 0x63, 0x64, 0x65, 0x66,
0x64, 0x65, 0x66, 0x67, 0x65, 0x66, 0x67, 0x68, 0x66, 0x67, 0x68, 0x69,
0x67, 0x68, 0x69, 0x6a, 0x68, 0x69, 0x6a, 0x6b, 0x69, 0x6a, 0x6b, 0x6c,
0x6a, 0x6b, 0x6c, 0x6d, 0x6b, 0x6c, 0x6d, 0x6e, 0x6c, 0x6d, 0x6e, 0x6f,
0x6d, 0x6e, 0x6f, 0x70, 0x6e, 0x6f, 0x70, 0x71
}; /* abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq */
static const byte expected2[] = {
0xc4, 0x63, 0xdb, 0x28, 0x97, 0x60, 0x6a, 0xa7,
0x1e, 0xe6, 0xcf, 0x93, 0x85, 0x3c, 0x90, 0x71,
0xea, 0x76, 0x7f, 0x6a, 0xa7, 0x20, 0x80, 0x35,
0xe1, 0x68, 0x95, 0xfe, 0x65, 0x65, 0x43, 0x76,
};
byte out[BLAKE2S_OUTBYTES];
int ret;
Blake2s b2s;
ret = wc_Blake2sHmac(message1, sizeof(message1),
key1, sizeof(key1), out, sizeof(out));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(out, expected1, sizeof(out)) != 0)
return WC_TEST_RET_ENC_NC;
ret = wc_Blake2sHmac(message2, sizeof(message2),
key2, sizeof(key2), out, sizeof(out));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(out, expected2, sizeof(out)) != 0)
return WC_TEST_RET_ENC_NC;
ret = wc_Blake2sHmacInit(&b2s, key1, sizeof(key1));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Blake2sHmacUpdate(&b2s, message1, sizeof(message1) / 2U);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Blake2sHmacUpdate(&b2s, &message1[sizeof(message1) / 2U], sizeof(message1) - sizeof(message1) / 2U);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Blake2sHmacFinal(&b2s, key1, sizeof(key1), out, sizeof(out));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Blake2sHmacInit(&b2s, key2, sizeof(key2));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Blake2sHmacUpdate(&b2s, message2, sizeof(message2) / 2U);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Blake2sHmacUpdate(&b2s, &message2[sizeof(message2) / 2U], sizeof(message2) - sizeof(message2) / 2U);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Blake2sHmacFinal(&b2s, key2, sizeof(key2), out, sizeof(out));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
{
byte long_key[BLAKE2S_BLOCKBYTES + 36];
static const byte expected_long[] = {
0x1a, 0xd0, 0x73, 0xd7, 0xba, 0xab, 0x55, 0x83,
0x26, 0xa8, 0xc2, 0x71, 0xf2, 0x1a, 0xdf, 0x3e,
0x28, 0x57, 0x14, 0x49, 0x3a, 0x26, 0x33, 0xe7,
0x7f, 0xf4, 0xca, 0x1a, 0xfd, 0xa3, 0xe0, 0xd9,
};
int i;
for (i = 0; i < (int)sizeof(long_key); ++i)
long_key[i] = (byte)i;
ret = wc_Blake2sHmac(message2, sizeof(message2),
long_key, sizeof(long_key), out, sizeof(out));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(out, expected_long, sizeof(out)) != 0)
return WC_TEST_RET_ENC_NC;
}
return 0;
}
#endif /* HAVE_BLAKE2S */
#ifdef WOLFSSL_SHA224
static wc_test_ret_t sha224_kat_test(wc_Sha224* sha, wc_Sha224* shaCopy)
{
byte hash[WC_SHA224_DIGEST_SIZE];
byte hashcopy[WC_SHA224_DIGEST_SIZE];
wc_test_ret_t ret = 0;
testVector a, b, c;
testVector test_sha[3];
int times = sizeof(test_sha) / sizeof(struct testVector), i;
a.input = "";
a.output = "\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9\x47\x61\x02\xbb\x28\x82\x34"
"\xc4\x15\xa2\xb0\x1f\x82\x8e\xa6\x2a\xc5\xb3\xe4\x2f";
a.inLen = XSTRLEN(a.input);
a.outLen = WC_SHA224_DIGEST_SIZE;
b.input = "abc";
b.output = "\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2\x55"
"\xb3\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7";
b.inLen = XSTRLEN(b.input);
b.outLen = WC_SHA224_DIGEST_SIZE;
c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
c.output = "\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01"
"\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25";
c.inLen = XSTRLEN(c.input);
c.outLen = WC_SHA224_DIGEST_SIZE;
test_sha[0] = a;
test_sha[1] = b;
test_sha[2] = c;
ret = wc_InitSha224_ex(sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
XMEMSET(shaCopy, 0, sizeof(*shaCopy));
for (i = 0; i < times; ++i) {
ret = wc_Sha224Update(sha, (byte*)test_sha[i].input,
(word32)test_sha[i].inLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
ret = wc_Sha224GetHash(sha, hashcopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
ret = wc_Sha224Copy(sha, shaCopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
ret = wc_Sha224Final(sha, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
wc_Sha224Free(shaCopy);
if (XMEMCMP(hash, test_sha[i].output, WC_SHA224_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
if (XMEMCMP(hash, hashcopy, WC_SHA224_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
}
exit:
wc_Sha224Free(sha);
wc_Sha224Free(shaCopy);
return ret;
}
#ifndef NO_LARGE_HASH_TEST
static wc_test_ret_t sha224_large_hash_test(wc_Sha224* sha)
{
byte hash[WC_SHA224_DIGEST_SIZE];
byte large_input[1024];
wc_test_ret_t ret = 0;
int i, times;
#ifdef HASH_SIZE_LIMIT
const char* large_digest =
"\x57\x4c\xd3\x11\x0d\x7f\x96\xa1\x0c\x09\x4b\xff\xae\x12\xf7\xfc"
"\xf3\x5a\x90\x7b\xbf\x43\xfe\x4a\x24\xe4\x6d\xe9";
#else
const char* large_digest =
"\x7e\x14\xae\x87\xb1\xd8\x98\x4b\x5f\x44\xef\xa4\xa8\xe0\xc1\xe4"
"\x3d\x88\xf1\xfe\xdf\x4b\x5e\xe7\x6b\xd4\x18\x19";
#endif
ret = wc_InitSha224_ex(sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
for (i = 0; i < (int)sizeof(large_input); i++) {
large_input[i] = (byte)(i & 0xFF);
}
#ifdef HASH_SIZE_LIMIT
times = 20;
#else
times = 100;
#endif
for (i = 0; i < times; ++i) {
ret = wc_Sha224Update(sha, (byte*)large_input,
(word32)sizeof(large_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
}
ret = wc_Sha224Final(sha, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
if (XMEMCMP(hash, large_digest, WC_SHA224_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
#ifndef NO_UNALIGNED_MEMORY_TEST
/* Unaligned memory access test */
for (i = 1; i < 16; i++) {
ret = wc_Sha224Update(sha, (byte*)large_input + i,
(word32)sizeof(large_input) - (word32)i);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha224Final(sha, hash);
}
#endif
exit:
wc_Sha224Free(sha);
return ret;
}
#endif /* NO_LARGE_HASH_TEST */
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0))
static wc_test_ret_t sha224_copy_test(wc_Sha224* sha, wc_Sha224* shaCopy)
{
byte hash[WC_SHA224_DIGEST_SIZE];
wc_test_ret_t ret = 0;
const char* a_input = "";
const char* a_output = "\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9\x47\x61\x02\xbb\x28\x82\x34"
"\xc4\x15\xa2\xb0\x1f\x82\x8e\xa6\x2a\xc5\xb3\xe4\x2f";
const char* b_input = "abc";
ret = wc_InitSha224_ex(sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_InitSha224_ex(shaCopy, HEAP_HINT, devId);
if (ret != 0) {
wc_Sha224Free(sha);
return WC_TEST_RET_ENC_EC(ret);
}
ret = wc_Sha224Update(shaCopy, (byte*)b_input, (word32)XSTRLEN(b_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha224Update(sha, (byte*)a_input, (word32)XSTRLEN(a_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha224Copy(sha, shaCopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha224Final(shaCopy, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
if (XMEMCMP(hash, a_output, WC_SHA224_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
exit:
wc_Sha224Free(sha);
wc_Sha224Free(shaCopy);
return ret;
}
#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION_GE(7, 0)) */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha224_test(void)
{
wc_Sha224 sha, shaCopy;
wc_test_ret_t ret;
WOLFSSL_ENTER("sha224_test");
if ((ret = sha224_kat_test(&sha, &shaCopy)) != 0)
return ret;
#ifndef NO_LARGE_HASH_TEST
if ((ret = sha224_large_hash_test(&sha)) != 0)
return ret;
#endif
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0))
if ((ret = sha224_copy_test(&sha, &shaCopy)) != 0)
return ret;
#endif
return 0;
}
#endif
#ifndef NO_SHA256
static wc_test_ret_t sha256_kat_test(wc_Sha256* sha, wc_Sha256* shaCopy)
{
byte hash[WC_SHA256_DIGEST_SIZE];
byte hashcopy[WC_SHA256_DIGEST_SIZE];
#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
wc_Sha256 i_sha, i_shaCopy;
byte i_hash[WC_SHA256_DIGEST_SIZE];
byte i_hashcopy[WC_SHA256_DIGEST_SIZE];
#endif
wc_test_ret_t ret = 0;
testVector a, b, c, d;
testVector test_sha[4];
int times = sizeof(test_sha) / sizeof(struct testVector), i;
a.input = "";
a.output = "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14\x9a\xfb\xf4\xc8\x99\x6f\xb9"
"\x24\x27\xae\x41\xe4\x64\x9b\x93\x4c\xa4\x95\x99\x1b\x78\x52"
"\xb8\x55";
a.inLen = XSTRLEN(a.input);
a.outLen = WC_SHA256_DIGEST_SIZE;
b.input = "abc";
b.output = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
"\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
"\x15\xAD";
b.inLen = XSTRLEN(b.input);
b.outLen = WC_SHA256_DIGEST_SIZE;
c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
c.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
"\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
"\x06\xC1";
c.inLen = XSTRLEN(c.input);
c.outLen = WC_SHA256_DIGEST_SIZE;
d.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
"aaaaaa"; /* this is BLOCKSIZE length */
d.output = "\xFF\xE0\x54\xFE\x7A\xE0\xCB\x6D\xC6\x5C\x3A\xF9\xB6\x1D\x52"
"\x09\xF4\x39\x85\x1D\xB4\x3D\x0B\xA5\x99\x73\x37\xDF\x15\x46"
"\x68\xEB";
d.inLen = XSTRLEN(d.input);
d.outLen = WC_SHA256_DIGEST_SIZE;
test_sha[0] = a;
test_sha[1] = b;
test_sha[2] = c;
test_sha[3] = d;
ret = wc_InitSha256_ex(sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
XMEMSET(shaCopy, 0, sizeof(*shaCopy));
#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
ret = wc_InitSha256_ex(&i_sha, HEAP_HINT, devId);
if (ret != 0) {
wc_Sha256Free(sha);
return WC_TEST_RET_ENC_EC(ret);
}
XMEMSET(&i_shaCopy, 0, sizeof(i_shaCopy));
#endif
for (i = 0; i < times; ++i) {
ret = wc_Sha256Update(sha, (byte*)test_sha[i].input,
(word32)test_sha[i].inLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
ret = wc_Sha256Update(&i_sha, (byte*)test_sha[i].input,
(word32)test_sha[i].inLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
#endif
ret = wc_Sha256GetHash(sha, hashcopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
ret = wc_Sha256GetHash(&i_sha, i_hashcopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
#endif
ret = wc_Sha256Copy(sha, shaCopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
ret = wc_Sha256Copy(&i_sha, &i_shaCopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
#endif
ret = wc_Sha256Final(sha, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
ret = wc_Sha256Final(&i_sha, i_hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
#endif
wc_Sha256Free(shaCopy);
#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
wc_Sha256Free(&i_shaCopy);
#endif
if (XMEMCMP(hash, test_sha[i].output, WC_SHA256_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
if (XMEMCMP(hash, hashcopy, WC_SHA256_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
if (XMEMCMP(i_hash, test_sha[i].output, WC_SHA256_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
if (XMEMCMP(i_hash, i_hashcopy, WC_SHA256_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
if (XMEMCMP(i_hash, hash, WC_SHA256_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
#endif
}
exit:
wc_Sha256Free(sha);
wc_Sha256Free(shaCopy);
#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
wc_Sha256Free(&i_sha);
wc_Sha256Free(&i_shaCopy);
#endif
return ret;
}
#ifndef NO_LARGE_HASH_TEST
#define LARGE_HASH_TEST_INPUT_SZ 1024
static wc_test_ret_t sha256_large_hash_test(wc_Sha256* sha)
{
byte hash[WC_SHA256_DIGEST_SIZE];
wc_test_ret_t ret = 0;
WC_DECLARE_VAR(large_input, byte, LARGE_HASH_TEST_INPUT_SZ, 0);
int i, times;
#ifdef HASH_SIZE_LIMIT
WOLFSSL_SMALL_STACK_STATIC const char* large_digest =
"\xa4\x75\x9e\x7a\xa2\x03\x38\x32\x88\x66\xa2\xea\x17\xea\xf8\xc7"
"\xfe\x4e\xc6\xbb\xe3\xbb\x71\xce\xe7\xdf\x7c\x04\x61\xb3\xc2\x2f";
#else
WOLFSSL_SMALL_STACK_STATIC const char* large_digest =
"\x27\x78\x3e\x87\x96\x3a\x4e\xfb\x68\x29\xb5\x31\xc9\xba\x57\xb4"
"\x4f\x45\x79\x7f\x67\x70\xbd\x63\x7f\xbf\x0d\x80\x7c\xbd\xba\xe0";
#endif
ret = wc_InitSha256_ex(sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
WC_ALLOC_VAR_EX(large_input, byte, LARGE_HASH_TEST_INPUT_SZ, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER,
ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E),exit));
for (i = 0; i < LARGE_HASH_TEST_INPUT_SZ; i++) {
large_input[i] = (byte)(i & 0xFF);
}
#ifdef HASH_SIZE_LIMIT
times = 20;
#else
times = 100;
#endif
#ifdef WOLFSSL_PIC32MZ_HASH
wc_Sha256SizeSet(sha, times * LARGE_HASH_TEST_INPUT_SZ);
#endif
for (i = 0; i < times; ++i) {
ret = wc_Sha256Update(sha, (byte*)large_input,
LARGE_HASH_TEST_INPUT_SZ);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
}
ret = wc_Sha256Final(sha, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
if (XMEMCMP(hash, large_digest, WC_SHA256_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
#ifndef NO_UNALIGNED_MEMORY_TEST
/* Unaligned memory access test */
for (i = 1; i < 16; i++) {
ret = wc_Sha256Update(sha, (byte*)large_input + i,
LARGE_HASH_TEST_INPUT_SZ - (word32)i);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha256Final(sha, hash);
}
#endif
exit:
#ifdef WOLFSSL_SMALL_STACK
XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
wc_Sha256Free(sha);
return ret;
}
#undef LARGE_HASH_TEST_INPUT_SZ
#endif /* NO_LARGE_HASH_TEST */
#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_FULL_HASH) && \
!defined(WOLF_CRYPTO_CB_ONLY_SHA256)
static wc_test_ret_t sha256_lms_test(wc_Sha256* sha)
{
byte hash[WC_SHA256_DIGEST_SIZE];
wc_test_ret_t ret = 0;
WOLFSSL_SMALL_STACK_STATIC const unsigned char
data_hb[WC_SHA256_BLOCK_SIZE] = {
0x61, 0x62, 0x63, 0x80, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18
};
/* SHA-256("abc") */
WOLFSSL_SMALL_STACK_STATIC const char* b_output =
"\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
"\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
"\x15\xAD";
ret = wc_InitSha256_ex(sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Sha256HashBlock(sha, data_hb, hash);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
}
if (XMEMCMP(hash, b_output, WC_SHA256_DIGEST_SIZE) != 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
}
exit:
wc_Sha256Free(sha);
return ret;
}
#endif /* WOLFSSL_HAVE_LMS && !WOLFSSL_LMS_FULL_HASH */
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0))
static wc_test_ret_t sha256_copy_test(wc_Sha256* sha, wc_Sha256* shaCopy)
{
byte hash[WC_SHA256_DIGEST_SIZE];
wc_test_ret_t ret = 0;
const char* a_input = "";
const char* a_output = "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14\x9a\xfb\xf4\xc8\x99\x6f\xb9"
"\x24\x27\xae\x41\xe4\x64\x9b\x93\x4c\xa4\x95\x99\x1b\x78\x52"
"\xb8\x55";
const char* b_input = "abc";
ret = wc_InitSha256_ex(sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_InitSha256_ex(shaCopy, HEAP_HINT, devId);
if (ret != 0) {
wc_Sha256Free(sha);
return WC_TEST_RET_ENC_EC(ret);
}
#ifndef NO_WOLFSSL_SHA256_INTERLEAVE
ret = wc_Sha256Update(shaCopy, (byte*)b_input, (word32)XSTRLEN(b_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
#endif
ret = wc_Sha256Update(sha, (byte*)a_input, (word32)XSTRLEN(a_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha256Copy(sha, shaCopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha256Final(shaCopy, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
if (XMEMCMP(hash, a_output, WC_SHA256_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
exit:
wc_Sha256Free(sha);
wc_Sha256Free(shaCopy);
return ret;
}
#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION_GE(7, 0)) */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha256_test(void)
{
wc_Sha256 sha, shaCopy;
wc_test_ret_t ret;
WOLFSSL_ENTER("sha256_test");
if ((ret = sha256_kat_test(&sha, &shaCopy)) != 0)
return ret;
#ifndef NO_LARGE_HASH_TEST
if ((ret = sha256_large_hash_test(&sha)) != 0)
return ret;
#endif
#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_FULL_HASH) && \
!defined(WOLF_CRYPTO_CB_ONLY_SHA256)
if ((ret = sha256_lms_test(&sha)) != 0)
return ret;
#endif
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0))
if ((ret = sha256_copy_test(&sha, &shaCopy)) != 0)
return ret;
#endif
return 0;
}
#endif
#ifdef WOLFSSL_SHA512
static wc_test_ret_t sha512_kat_test(wc_Sha512* sha, wc_Sha512* shaCopy)
{
byte hash[WC_SHA512_DIGEST_SIZE];
byte hashcopy[WC_SHA512_DIGEST_SIZE];
#ifndef NO_WOLFSSL_SHA512_INTERLEAVE
wc_Sha512 i_sha, i_shaCopy;
byte i_hash[WC_SHA512_DIGEST_SIZE];
byte i_hashcopy[WC_SHA512_DIGEST_SIZE];
#endif
wc_test_ret_t ret = 0;
/*
** See https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA512.pdf
*/
testVector a, b, c;
testVector test_sha[3];
int times = sizeof(test_sha) / sizeof(struct testVector), i;
a.input = "";
a.output = "\xcf\x83\xe1\x35\x7e\xef\xb8\xbd\xf1\x54\x28\x50\xd6\x6d\x80"
"\x07\xd6\x20\xe4\x05\x0b\x57\x15\xdc\x83\xf4\xa9\x21\xd3\x6c"
"\xe9\xce\x47\xd0\xd1\x3c\x5d\x85\xf2\xb0\xff\x83\x18\xd2\x87"
"\x7e\xec\x2f\x63\xb9\x31\xbd\x47\x41\x7a\x81\xa5\x38\x32\x7a"
"\xf9\x27\xda\x3e";
a.inLen = XSTRLEN(a.input);
a.outLen = WC_SHA512_DIGEST_SIZE;
b.input = "abc";
b.output = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41"
"\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55"
"\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3"
"\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f"
"\xa5\x4c\xa4\x9f";
b.inLen = XSTRLEN(b.input);
b.outLen = WC_SHA512_DIGEST_SIZE;
c.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
"jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
c.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14"
"\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88"
"\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4"
"\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b"
"\x87\x4b\xe9\x09";
c.inLen = XSTRLEN(c.input);
c.outLen = WC_SHA512_DIGEST_SIZE;
test_sha[0] = a;
test_sha[1] = b;
test_sha[2] = c;
ret = wc_InitSha512_ex(sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
XMEMSET(shaCopy, 0, sizeof(*shaCopy));
#ifndef NO_WOLFSSL_SHA512_INTERLEAVE
ret = wc_InitSha512_ex(&i_sha, HEAP_HINT, devId);
if (ret != 0) {
wc_Sha512Free(sha);
return WC_TEST_RET_ENC_EC(ret);
}
XMEMSET(&i_shaCopy, 0, sizeof(i_shaCopy));
#endif
for (i = 0; i < times; ++i) {
ret = wc_Sha512Update(sha, (byte*)test_sha[i].input,
(word32)test_sha[i].inLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
#ifndef NO_WOLFSSL_SHA512_INTERLEAVE
ret = wc_Sha512Update(&i_sha, (byte*)test_sha[i].input,
(word32)test_sha[i].inLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
#endif
ret = wc_Sha512GetHash(sha, hashcopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
#ifndef NO_WOLFSSL_SHA512_INTERLEAVE
ret = wc_Sha512GetHash(&i_sha, i_hashcopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
#endif
ret = wc_Sha512Copy(sha, shaCopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
#ifndef NO_WOLFSSL_SHA512_INTERLEAVE
ret = wc_Sha512Copy(&i_sha, &i_shaCopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
#endif
ret = wc_Sha512Final(sha, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
#ifndef NO_WOLFSSL_SHA512_INTERLEAVE
ret = wc_Sha512Final(&i_sha, i_hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
#endif
wc_Sha512Free(shaCopy);
#ifndef NO_WOLFSSL_SHA512_INTERLEAVE
wc_Sha512Free(&i_shaCopy);
#endif
if (XMEMCMP(hash, test_sha[i].output, WC_SHA512_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
if (XMEMCMP(hash, hashcopy, WC_SHA512_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
#ifndef NO_WOLFSSL_SHA512_INTERLEAVE
if (XMEMCMP(i_hash, test_sha[i].output, WC_SHA512_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
if (XMEMCMP(i_hash, i_hashcopy, WC_SHA512_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
if (XMEMCMP(i_hash, hash, WC_SHA512_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
#endif
}
exit:
wc_Sha512Free(sha);
wc_Sha512Free(shaCopy);
#ifndef NO_WOLFSSL_SHA512_INTERLEAVE
wc_Sha512Free(&i_sha);
wc_Sha512Free(&i_shaCopy);
#endif
return ret;
}
#ifndef NO_LARGE_HASH_TEST
#define LARGE_HASH_TEST_INPUT_SZ 1024
static wc_test_ret_t sha512_large_hash_test(wc_Sha512* sha)
{
byte hash[WC_SHA512_DIGEST_SIZE];
wc_test_ret_t ret = 0;
WC_DECLARE_VAR(large_input, byte, LARGE_HASH_TEST_INPUT_SZ, 0);
int i, times;
#ifdef HASH_SIZE_LIMIT
WOLFSSL_SMALL_STACK_STATIC const char* large_digest =
"\x30\x9B\x96\xA6\xE9\x43\x78\x30\xA3\x71\x51\x61\xC1\xEB\xE1\xBE"
"\xC8\xA5\xF9\x13\x5A\xD6\x6D\x9E\x46\x31\x31\x67\x8D\xE2\xC0\x0B"
"\x2A\x1A\x03\xE1\xF3\x48\xA7\x33\xBD\x49\xF8\xFF\xF1\xC2\xC2\x95"
"\xCB\xF0\xAF\x87\x61\x85\x58\x63\x6A\xCA\x70\x9C\x8B\x83\x3F\x5D";
#else
WOLFSSL_SMALL_STACK_STATIC const char* large_digest =
"\x5a\x1f\x73\x90\xbd\x8c\xe4\x63\x54\xce\xa0\x9b\xef\x32\x78\x2d"
"\x2e\xe7\x0d\x5e\x2f\x9d\x15\x1b\xdd\x2d\xde\x65\x0c\x7b\xfa\x83"
"\x5e\x80\x02\x13\x84\xb8\x3f\xff\x71\x62\xb5\x09\x89\x63\xe1\xdc"
"\xa5\xdc\xfc\xfa\x9d\x1a\x4d\xc0\xfa\x3a\x14\xf6\x01\x51\x90\xa4";
#endif
ret = wc_InitSha512_ex(sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
WC_ALLOC_VAR_EX(large_input, byte, LARGE_HASH_TEST_INPUT_SZ, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER,
ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E),exit));
for (i = 0; i < LARGE_HASH_TEST_INPUT_SZ; i++) {
large_input[i] = (byte)(i & 0xFF);
}
#ifdef HASH_SIZE_LIMIT
times = 20;
#else
times = 100;
#endif
for (i = 0; i < times; ++i) {
ret = wc_Sha512Update(sha, (byte*)large_input,
LARGE_HASH_TEST_INPUT_SZ);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
}
ret = wc_Sha512Final(sha, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
if (XMEMCMP(hash, large_digest, WC_SHA512_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
#ifndef NO_UNALIGNED_MEMORY_TEST
/* Unaligned memory access test */
for (i = 1; i < 16; i++) {
ret = wc_Sha512Update(sha, (byte*)large_input + i,
LARGE_HASH_TEST_INPUT_SZ - (word32)i);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha512Final(sha, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
}
#endif
exit:
#ifdef WOLFSSL_SMALL_STACK
XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
wc_Sha512Free(sha);
return ret;
}
#undef LARGE_HASH_TEST_INPUT_SZ
#endif /* NO_LARGE_HASH_TEST */
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0))
static wc_test_ret_t sha512_copy_test(wc_Sha512* sha, wc_Sha512* shaCopy)
{
byte hash[WC_SHA512_DIGEST_SIZE];
wc_test_ret_t ret = 0;
const char* a_input = "";
const char* a_output = "\xcf\x83\xe1\x35\x7e\xef\xb8\xbd\xf1\x54\x28\x50\xd6\x6d\x80"
"\x07\xd6\x20\xe4\x05\x0b\x57\x15\xdc\x83\xf4\xa9\x21\xd3\x6c"
"\xe9\xce\x47\xd0\xd1\x3c\x5d\x85\xf2\xb0\xff\x83\x18\xd2\x87"
"\x7e\xec\x2f\x63\xb9\x31\xbd\x47\x41\x7a\x81\xa5\x38\x32\x7a"
"\xf9\x27\xda\x3e";
const char* b_input = "abc";
ret = wc_InitSha512_ex(sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_InitSha512_ex(shaCopy, HEAP_HINT, devId);
if (ret != 0) {
wc_Sha512Free(sha);
return WC_TEST_RET_ENC_EC(ret);
}
ret = wc_Sha512Update(shaCopy, (byte*)b_input, (word32)XSTRLEN(b_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha512Update(sha, (byte*)a_input, (word32)XSTRLEN(a_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha512Copy(sha, shaCopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha512Final(shaCopy, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
if (XMEMCMP(hash, a_output, WC_SHA512_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
exit:
wc_Sha512Free(sha);
wc_Sha512Free(shaCopy);
return ret;
}
#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION_GE(7, 0)) */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_test(void)
{
wc_Sha512 sha, shaCopy;
wc_test_ret_t ret;
WOLFSSL_ENTER("sha512_test");
if ((ret = sha512_kat_test(&sha, &shaCopy)) != 0)
return ret;
#ifndef NO_LARGE_HASH_TEST
if ((ret = sha512_large_hash_test(&sha)) != 0)
return ret;
#endif
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0))
if ((ret = sha512_copy_test(&sha, &shaCopy)) != 0)
return ret;
#endif
return 0;
}
#if !defined(WOLFSSL_NOSHA512_224) && \
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
static wc_test_ret_t sha512_224_kat_test(wc_Sha512* sha, wc_Sha512* shaCopy)
{
/*
** See https://csrc.nist.gov/Projects/cryptographic-standards-and-guidelines/example-values
**
** NIST SHA512/224 Document Example:
** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA512_224.pdf
*/
static const testVector test_sha[3] = {
{ "",
"\x6e\xd0\xdd\x02"
"\x80\x6f\xa8\x9e" "\x25\xde\x06\x0c"
"\x19\xd3\xac\x86" "\xca\xbb\x87\xd6"
"\xa0\xdd\xd0\x5c" "\x33\x3b\x84\xf4",
0, WC_SHA512_224_DIGEST_SIZE },
/* See page 1 in above document for the SHA512/224 "abc" test (digest). */
{ "abc",
"\x46\x34\x27\x0f"
"\x70\x7b\x6a\x54" "\xda\xae\x75\x30"
"\x46\x08\x42\xe2" "\x0e\x37\xed\x26"
"\x5c\xee\xe9\xa4" "\x3e\x89\x24\xaa",
3, WC_SHA512_224_DIGEST_SIZE },
/* See page 4/9 in above document for the 2-block test (digest). */
{ "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
"jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
"\x23\xfe\xc5\xbb"
"\x94\xd6\x0b\x23" "\x30\x81\x92\x64"
"\x0b\x0c\x45\x33" "\x35\xd6\x64\x73"
"\x4f\xe4\x0e\x72" "\x68\x67\x4a\xf9",
112, WC_SHA512_224_DIGEST_SIZE }
};
byte hash[WC_SHA512_224_DIGEST_SIZE];
byte hashcopy[WC_SHA512_224_DIGEST_SIZE];
wc_test_ret_t ret;
int i;
ret = wc_InitSha512_224_ex(sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
XMEMSET(shaCopy, 0, sizeof(*shaCopy));
for (i = 0; i < 3; ++i) {
ret = wc_Sha512_224Update(sha, (const byte*)test_sha[i].input,
(word32)test_sha[i].inLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
ret = wc_Sha512_224GetHash(sha, hashcopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
ret = wc_Sha512_224Copy(sha, shaCopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
ret = wc_Sha512_224Final(sha, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
wc_Sha512_224Free(shaCopy);
if (XMEMCMP(hash, test_sha[i].output, WC_SHA512_224_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
if (XMEMCMP(hash, hashcopy, WC_SHA512_224_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
}
exit:
wc_Sha512_224Free(sha);
wc_Sha512_224Free(shaCopy);
return ret;
}
#ifndef NO_LARGE_HASH_TEST
static wc_test_ret_t sha512_224_large_hash_test(wc_Sha512* sha)
{
#ifdef HASH_SIZE_LIMIT
static const char* large_digest =
"\x98\x68\xc3\xd9\xb9\xef\x17\x53"
"\x43\x66\x0e\x60\xdf\x29\xf8\xef"
"\x96\xe3\x93\x34\x8c\x6f\xc0\xeb"
"\x14\x6c\xcf\x6a";
int times = 20;
#else
static const char* large_digest =
"\x26\x5f\x98\xd1\x76\x49\x71\x4e"
"\x82\xb7\x9d\x52\x32\x67\x9d\x56"
"\x91\xf5\x88\xc3\x05\xbb\x3f\x90"
"\xe2\x4e\x85\x05";
int times = 100;
#endif
byte hash[WC_SHA512_224_DIGEST_SIZE];
byte large_input[1024];
wc_test_ret_t ret;
int i;
ret = wc_InitSha512_224_ex(sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
for (i = 0; i < (int)sizeof(large_input); i++) {
large_input[i] = (byte)(i & 0xFF);
}
for (i = 0; i < times; ++i) {
ret = wc_Sha512_224Update(sha, (byte*)large_input,
(word32)sizeof(large_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
}
ret = wc_Sha512_224Final(sha, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
if (XMEMCMP(hash, large_digest, WC_SHA512_224_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
#ifndef NO_UNALIGNED_MEMORY_TEST
/* Unaligned memory access test */
for (i = 1; i < 16; i++) {
ret = wc_Sha512_224Update(sha, (byte*)large_input + i,
(word32)sizeof(large_input) - (word32)i);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha512_224Final(sha, hash);
}
#endif
exit:
wc_Sha512_224Free(sha);
return ret;
}
#endif /* NO_LARGE_HASH_TEST */
#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0)
static wc_test_ret_t sha512_224_copy_test(wc_Sha512* sha, wc_Sha512* shaCopy)
{
static const char* a_input = "";
static const char* a_output = "\x6e\xd0\xdd\x02"
"\x80\x6f\xa8\x9e" "\x25\xde\x06\x0c"
"\x19\xd3\xac\x86" "\xca\xbb\x87\xd6"
"\xa0\xdd\xd0\x5c" "\x33\x3b\x84\xf4";
static const char* b_input = "abc";
byte hash[WC_SHA512_224_DIGEST_SIZE];
wc_test_ret_t ret;
ret = wc_InitSha512_224_ex(sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_InitSha512_224_ex(shaCopy, HEAP_HINT, devId);
if (ret != 0) {
wc_Sha512_224Free(sha);
return WC_TEST_RET_ENC_EC(ret);
}
ret = wc_Sha512_224Update(shaCopy, (const byte*)b_input,
(word32)XSTRLEN(b_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha512_224Update(sha, (const byte*)a_input,
(word32)XSTRLEN(a_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha512_224Copy(sha, shaCopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha512_224Final(shaCopy, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
if (XMEMCMP(hash, a_output, WC_SHA512_224_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
exit:
wc_Sha512_224Free(sha);
wc_Sha512_224Free(shaCopy);
return ret;
}
#endif /* !HAVE_FIPS || FIPS_VERSION_GE(7, 0) */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_224_test(void)
{
wc_Sha512 sha, shaCopy;
wc_test_ret_t ret;
WOLFSSL_ENTER("sha512_224_test");
if ((ret = sha512_224_kat_test(&sha, &shaCopy)) != 0)
return ret;
#ifndef NO_LARGE_HASH_TEST
if ((ret = sha512_224_large_hash_test(&sha)) != 0)
return ret;
#endif
#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0)
if ((ret = sha512_224_copy_test(&sha, &shaCopy)) != 0)
return ret;
#endif
return 0;
} /* sha512_224_test */
#endif /* !defined(WOLFSSL_NOSHA512_224) && !FIPS ... */
#if !defined(WOLFSSL_NOSHA512_256) && \
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
static wc_test_ret_t sha512_256_kat_test(wc_Sha512* sha, wc_Sha512* shaCopy)
{
/*
** See https://csrc.nist.gov/Projects/cryptographic-standards-and-guidelines/example-values
** NIST SHA512/256 Document Example:
** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA512_256.pdf
*/
static const testVector test_sha[3] = {
{ "",
"\xc6\x72\xb8\xd1" "\xef\x56\xed\x28"
"\xab\x87\xc3\x62" "\x2c\x51\x14\x06"
"\x9b\xdd\x3a\xd7" "\xb8\xf9\x73\x74"
"\x98\xd0\xc0\x1e" "\xce\xf0\x96\x7a",
0, WC_SHA512_256_DIGEST_SIZE },
/* See page 1/4 of above document for "abc" example (digest). */
{ "abc",
"\x53\x04\x8e\x26" "\x81\x94\x1e\xf9"
"\x9b\x2e\x29\xb7" "\x6b\x4c\x7d\xab"
"\xe4\xc2\xd0\xc6" "\x34\xfc\x6d\x46"
"\xe0\xe2\xf1\x31" "\x07\xe7\xaf\x23",
3, WC_SHA512_256_DIGEST_SIZE },
/* See page 4/10 of above document for Two Block Message Sample (digest).
*/
{ "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
"jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
"\x39\x28\xe1\x84" "\xfb\x86\x90\xf8"
"\x40\xda\x39\x88" "\x12\x1d\x31\xbe"
"\x65\xcb\x9d\x3e" "\xf8\x3e\xe6\x14"
"\x6f\xea\xc8\x61" "\xe1\x9b\x56\x3a",
112, WC_SHA512_256_DIGEST_SIZE }
};
byte hash[WC_SHA512_256_DIGEST_SIZE];
byte hashcopy[WC_SHA512_256_DIGEST_SIZE];
wc_test_ret_t ret;
int i;
ret = wc_InitSha512_256_ex(sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
XMEMSET(shaCopy, 0, sizeof(*shaCopy));
for (i = 0; i < 3; ++i) {
ret = wc_Sha512_256Update(sha, (const byte*)test_sha[i].input,
(word32)test_sha[i].inLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
ret = wc_Sha512_256GetHash(sha, hashcopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
ret = wc_Sha512_256Copy(sha, shaCopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
ret = wc_Sha512_256Final(sha, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
wc_Sha512_256Free(shaCopy);
if (XMEMCMP(hash, test_sha[i].output, WC_SHA512_256_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
if (XMEMCMP(hash, hashcopy, WC_SHA512_256_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
}
exit:
wc_Sha512_256Free(sha);
wc_Sha512_256Free(shaCopy);
return ret;
}
#ifndef NO_LARGE_HASH_TEST
static wc_test_ret_t sha512_256_large_hash_test(wc_Sha512* sha)
{
#ifdef HASH_SIZE_LIMIT
static const char* large_digest =
"\x49\xcc\xbc\x7a\x93\x0b\x02\xb8"
"\xad\x9a\x46\x51\x00\x1f\x13\x80"
"\x35\x84\x36\xf1\xf2\x3c\xeb\xd8"
"\x41\xd4\x06\x8b\x1d\x19\xad\x72";
int times = 20;
#else
static const char* large_digest =
"\x7a\xe3\x84\x05\xcb\x06\x22\x08"
"\x7e\x2c\x65\x89\x1f\x26\x45\xfd"
"\xad\xbc\x2e\x29\x83\x12\x84\x4b"
"\xf2\xa0\xde\xbe\x06\x11\xd7\x44";
int times = 100;
#endif
byte hash[WC_SHA512_256_DIGEST_SIZE];
byte large_input[1024];
wc_test_ret_t ret;
int i;
ret = wc_InitSha512_256_ex(sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
for (i = 0; i < (int)sizeof(large_input); i++) {
large_input[i] = (byte)(i & 0xFF);
}
for (i = 0; i < times; ++i) {
ret = wc_Sha512_256Update(sha, (byte*)large_input,
(word32)sizeof(large_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
}
ret = wc_Sha512_256Final(sha, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
if (XMEMCMP(hash, large_digest, WC_SHA512_256_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
#ifndef NO_UNALIGNED_MEMORY_TEST
/* Unaligned memory access test */
for (i = 1; i < 16; i++) {
ret = wc_Sha512_256Update(sha, (byte*)large_input + i,
(word32)sizeof(large_input) - (word32)i);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha512_256Final(sha, hash);
}
#endif
exit:
wc_Sha512_256Free(sha);
return ret;
}
#endif /* NO_LARGE_HASH_TEST */
#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0)
static wc_test_ret_t sha512_256_copy_test(wc_Sha512* sha, wc_Sha512* shaCopy)
{
static const char* a_input = "";
static const char* a_output = "\xc6\x72\xb8\xd1" "\xef\x56\xed\x28"
"\xab\x87\xc3\x62" "\x2c\x51\x14\x06"
"\x9b\xdd\x3a\xd7" "\xb8\xf9\x73\x74"
"\x98\xd0\xc0\x1e" "\xce\xf0\x96\x7a";
static const char* b_input = "abc";
byte hash[WC_SHA512_256_DIGEST_SIZE];
wc_test_ret_t ret;
ret = wc_InitSha512_256_ex(sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_InitSha512_256_ex(shaCopy, HEAP_HINT, devId);
if (ret != 0) {
wc_Sha512_256Free(sha);
return WC_TEST_RET_ENC_EC(ret);
}
ret = wc_Sha512_256Update(shaCopy, (const byte*)b_input,
(word32)XSTRLEN(b_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha512_256Update(sha, (const byte*)a_input,
(word32)XSTRLEN(a_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha512_256Copy(sha, shaCopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha512_256Final(shaCopy, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
if (XMEMCMP(hash, a_output, WC_SHA512_256_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
exit:
wc_Sha512_256Free(sha);
wc_Sha512_256Free(shaCopy);
return ret;
}
#endif /* !HAVE_FIPS || FIPS_VERSION_GE(7, 0) */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_256_test(void)
{
wc_Sha512 sha, shaCopy;
wc_test_ret_t ret;
WOLFSSL_ENTER("sha512_256_test");
if ((ret = sha512_256_kat_test(&sha, &shaCopy)) != 0)
return ret;
#ifndef NO_LARGE_HASH_TEST
if ((ret = sha512_256_large_hash_test(&sha)) != 0)
return ret;
#endif
#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0)
if ((ret = sha512_256_copy_test(&sha, &shaCopy)) != 0)
return ret;
#endif
return 0;
} /* sha512_256_test */
#endif /* !defined(WOLFSSL_NOSHA512_256) && !FIPS ... */
#endif /* WOLFSSL_SHA512 */
#ifdef WOLFSSL_SHA384
static wc_test_ret_t sha384_kat_test(wc_Sha384* sha, wc_Sha384* shaCopy)
{
byte hash[WC_SHA384_DIGEST_SIZE];
byte hashcopy[WC_SHA384_DIGEST_SIZE];
wc_test_ret_t ret = 0;
testVector a, b, c;
testVector test_sha[3];
int times = sizeof(test_sha) / sizeof(struct testVector), i;
a.input = "";
a.output = "\x38\xb0\x60\xa7\x51\xac\x96\x38\x4c\xd9\x32\x7e\xb1\xb1\xe3"
"\x6a\x21\xfd\xb7\x11\x14\xbe\x07\x43\x4c\x0c\xc7\xbf\x63\xf6"
"\xe1\xda\x27\x4e\xde\xbf\xe7\x6f\x65\xfb\xd5\x1a\xd2\xf1\x48"
"\x98\xb9\x5b";
a.inLen = XSTRLEN(a.input);
a.outLen = WC_SHA384_DIGEST_SIZE;
b.input = "abc";
b.output = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
"\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff"
"\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
"\xc8\x25\xa7";
b.inLen = XSTRLEN(b.input);
b.outLen = WC_SHA384_DIGEST_SIZE;
c.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
"jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
c.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b"
"\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0"
"\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91"
"\x74\x60\x39";
c.inLen = XSTRLEN(c.input);
c.outLen = WC_SHA384_DIGEST_SIZE;
test_sha[0] = a;
test_sha[1] = b;
test_sha[2] = c;
ret = wc_InitSha384_ex(sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
XMEMSET(shaCopy, 0, sizeof(*shaCopy));
for (i = 0; i < times; ++i) {
ret = wc_Sha384Update(sha, (byte*)test_sha[i].input,
(word32)test_sha[i].inLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
ret = wc_Sha384GetHash(sha, hashcopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
ret = wc_Sha384Copy(sha, shaCopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
ret = wc_Sha384Final(sha, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
wc_Sha384Free(shaCopy);
if (XMEMCMP(hash, test_sha[i].output, WC_SHA384_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
if (XMEMCMP(hash, hashcopy, WC_SHA384_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
}
exit:
wc_Sha384Free(sha);
wc_Sha384Free(shaCopy);
return ret;
}
#ifndef NO_LARGE_HASH_TEST
static wc_test_ret_t sha384_large_hash_test(wc_Sha384* sha)
{
byte hash[WC_SHA384_DIGEST_SIZE];
byte large_input[1024];
wc_test_ret_t ret = 0;
int i, times;
#ifdef HASH_SIZE_LIMIT
const char* large_digest =
"\xB5\xAD\x66\x6F\xD9\x58\x5E\x68\xDD\x5E\x30\xD3\x95\x72\x33\xA4"
"\xE9\x4B\x99\x3A\xEF\xF8\xE1\xBF\x1F\x05\x32\xAA\x16\x00\x82\xEC"
"\x15\xDA\xF2\x75\xEE\xE9\x06\xAF\x52\x8A\x5C\xEF\x72\x81\x80\xD6";
#else
const char* large_digest =
"\x37\x01\xdb\xff\x1e\x40\x4f\xe1\xe2\xea\x0b\x40\xbb\x3b\x39\x9a"
"\xcc\xe8\x44\x8e\x7e\xe5\x64\xb5\x6b\x7f\x56\x64\xa7\x2b\x84\xe3"
"\xc5\xd7\x79\x03\x25\x90\xf7\xa4\x58\xcb\x97\xa8\x8b\xb1\xa4\x81";
#endif
ret = wc_InitSha384_ex(sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
for (i = 0; i < (int)sizeof(large_input); i++) {
large_input[i] = (byte)(i & 0xFF);
}
#ifdef HASH_SIZE_LIMIT
times = 20;
#else
times = 100;
#endif
for (i = 0; i < times; ++i) {
ret = wc_Sha384Update(sha, (byte*)large_input,
(word32)sizeof(large_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
}
ret = wc_Sha384Final(sha, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
if (XMEMCMP(hash, large_digest, WC_SHA384_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
#ifndef NO_UNALIGNED_MEMORY_TEST
/* Unaligned memory access test */
for (i = 1; i < 16; i++) {
ret = wc_Sha384Update(sha, (byte*)large_input + i,
(word32)sizeof(large_input) - (word32)i);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha384Final(sha, hash);
}
#endif
exit:
wc_Sha384Free(sha);
return ret;
}
#endif /* NO_LARGE_HASH_TEST */
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0))
static wc_test_ret_t sha384_copy_test(wc_Sha384* sha, wc_Sha384* shaCopy)
{
byte hash[WC_SHA384_DIGEST_SIZE];
wc_test_ret_t ret = 0;
const char* a_input = "";
const char* a_output = "\x38\xb0\x60\xa7\x51\xac\x96\x38\x4c\xd9\x32\x7e\xb1\xb1\xe3"
"\x6a\x21\xfd\xb7\x11\x14\xbe\x07\x43\x4c\x0c\xc7\xbf\x63\xf6"
"\xe1\xda\x27\x4e\xde\xbf\xe7\x6f\x65\xfb\xd5\x1a\xd2\xf1\x48"
"\x98\xb9\x5b";
const char* b_input = "abc";
ret = wc_InitSha384_ex(sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_InitSha384_ex(shaCopy, HEAP_HINT, devId);
if (ret != 0) {
wc_Sha384Free(sha);
return WC_TEST_RET_ENC_EC(ret);
}
ret = wc_Sha384Update(shaCopy, (byte*)b_input, (word32)XSTRLEN(b_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha384Update(sha, (byte*)a_input, (word32)XSTRLEN(a_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha384Copy(sha, shaCopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha384Final(shaCopy, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
if (XMEMCMP(hash, a_output, WC_SHA384_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
exit:
wc_Sha384Free(sha);
wc_Sha384Free(shaCopy);
return ret;
}
#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION_GE(7, 0)) */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha384_test(void)
{
wc_Sha384 sha, shaCopy;
wc_test_ret_t ret;
WOLFSSL_ENTER("sha384_test");
if ((ret = sha384_kat_test(&sha, &shaCopy)) != 0)
return ret;
#ifndef NO_LARGE_HASH_TEST
if ((ret = sha384_large_hash_test(&sha)) != 0)
return ret;
#endif
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0))
if ((ret = sha384_copy_test(&sha, &shaCopy)) != 0)
return ret;
#endif
return 0;
}
#endif /* WOLFSSL_SHA384 */
#ifdef WOLFSSL_SHA3
#ifndef WOLFSSL_NOSHA3_224
static wc_test_ret_t sha3_224_kat_test(wc_Sha3* sha, wc_Sha3* shaCopy)
{
static const testVector test_sha[3] = {
{ "",
"\x6b\x4e\x03\x42\x36\x67\xdb\xb7\x3b\x6e\x15\x45\x4f\x0e\xb1"
"\xab\xd4\x59\x7f\x9a\x1b\x07\x8e\x3f\x5b\x5a\x6b\xc7",
0, WC_SHA3_224_DIGEST_SIZE },
{ "abc",
"\xe6\x42\x82\x4c\x3f\x8c\xf2\x4a\xd0\x92\x34\xee\x7d\x3c\x76"
"\x6f\xc9\xa3\xa5\x16\x8d\x0c\x94\xad\x73\xb4\x6f\xdf",
3, WC_SHA3_224_DIGEST_SIZE },
{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
"\x8a\x24\x10\x8b\x15\x4a\xda\x21\xc9\xfd\x55\x74\x49\x44\x79"
"\xba\x5c\x7e\x7a\xb7\x6e\xf2\x64\xea\xd0\xfc\xce\x33",
56, WC_SHA3_224_DIGEST_SIZE }
};
byte hash[WC_SHA3_224_DIGEST_SIZE];
byte hashcopy[WC_SHA3_224_DIGEST_SIZE];
wc_test_ret_t ret;
int i;
ret = wc_InitSha3_224(sha, HEAP_HINT, devId);
if (ret != 0) {
XMEMSET(sha, 0, sizeof(*sha));
return WC_TEST_RET_ENC_EC(ret);
}
for (i = 0; i < 3; ++i) {
ret = wc_Sha3_224_Update(sha, (const byte*)test_sha[i].input,
(word32)test_sha[i].inLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
ret = wc_Sha3_224_GetHash(sha, hashcopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
ret = wc_Sha3_224_Copy(sha, shaCopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
ret = wc_Sha3_224_Final(sha, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_224_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
if (XMEMCMP(hash, hashcopy, WC_SHA3_224_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
wc_Sha3_224_Free(shaCopy);
}
exit:
wc_Sha3_224_Free(sha);
wc_Sha3_224_Free(shaCopy);
return ret;
}
#ifndef NO_LARGE_HASH_TEST
static wc_test_ret_t sha3_224_large_hash_test(wc_Sha3* sha)
{
static const char* large_digest =
"\x13\xe5\xd3\x98\x7b\x94\xda\x41\x12\xc7\x1e\x92\x3a\x19"
"\x21\x20\x86\x6f\x24\xbf\x0a\x31\xbc\xfd\xd6\x70\x36\xf3";
byte hash[WC_SHA3_224_DIGEST_SIZE];
byte large_input[1024];
wc_test_ret_t ret;
int i;
ret = wc_InitSha3_224(sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
for (i = 0; i < (int)sizeof(large_input); i++) {
large_input[i] = (byte)(i & 0xFF);
}
for (i = 0; i < 100; ++i) {
ret = wc_Sha3_224_Update(sha, (byte*)large_input,
(word32)sizeof(large_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
}
ret = wc_Sha3_224_Final(sha, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
if (XMEMCMP(hash, large_digest, WC_SHA3_224_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
#ifndef NO_UNALIGNED_MEMORY_TEST
/* Unaligned memory access test */
for (i = 1; i < 16; i++) {
ret = wc_Sha3_224_Update(sha, (byte*)large_input + i,
(word32)sizeof(large_input) - (word32)i);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha3_224_Final(sha, hash);
}
#endif
exit:
wc_Sha3_224_Free(sha);
return ret;
}
#endif /* NO_LARGE_HASH_TEST */
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0))
static wc_test_ret_t sha3_224_copy_test(wc_Sha3* sha, wc_Sha3* shaCopy)
{
static const char* a_input = "";
static const char* a_output =
"\x6b\x4e\x03\x42\x36\x67\xdb\xb7\x3b\x6e\x15\x45\x4f\x0e\xb1"
"\xab\xd4\x59\x7f\x9a\x1b\x07\x8e\x3f\x5b\x5a\x6b\xc7";
static const char* b_input = "abc";
byte hash[WC_SHA3_224_DIGEST_SIZE];
wc_test_ret_t ret;
ret = wc_InitSha3_224(sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_InitSha3_224(shaCopy, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha3_224_Update(shaCopy, (const byte*)b_input,
(word32)XSTRLEN(b_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha3_224_Update(sha, (const byte*)a_input,
(word32)XSTRLEN(a_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha3_224_Copy(sha, shaCopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha3_224_Final(shaCopy, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
if (XMEMCMP(hash, a_output, WC_SHA3_224_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
exit:
wc_Sha3_224_Free(sha);
wc_Sha3_224_Free(shaCopy);
return ret;
}
#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION_GE(7, 0)) */
static wc_test_ret_t sha3_224_test(void)
{
wc_Sha3 sha;
WC_DECLARE_VAR(shaCopy, wc_Sha3, 1, HEAP_HINT);
wc_test_ret_t ret;
WC_ALLOC_VAR(shaCopy, wc_Sha3, 1, HEAP_HINT);
if (!WC_VAR_OK(shaCopy))
return WC_TEST_RET_ENC_EC(MEMORY_E);
XMEMSET(shaCopy, 0, sizeof(*shaCopy));
if ((ret = sha3_224_kat_test(&sha, shaCopy)) != 0)
goto out;
#ifndef NO_LARGE_HASH_TEST
if ((ret = sha3_224_large_hash_test(&sha)) != 0)
goto out;
#endif
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0))
if ((ret = sha3_224_copy_test(&sha, shaCopy)) != 0)
goto out;
#endif
ret = 0;
out:
WC_FREE_VAR(shaCopy, HEAP_HINT);
return ret;
}
#endif /* WOLFSSL_NOSHA3_224 */
#ifndef WOLFSSL_NOSHA3_256
static wc_test_ret_t sha3_256_kat_test(wc_Sha3* sha, wc_Sha3* shaCopy)
{
/*
** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA3-256_Msg0.pdf
*/
static const testVector test_sha[3] = {
{ "",
"\xa7\xff\xc6\xf8\xbf\x1e\xd7\x66\x51\xc1\x47\x56\xa0\x61\xd6"
"\x62\xf5\x80\xff\x4d\xe4\x3b\x49\xfa\x82\xd8\x0a\x4b\x80\xf8"
"\x43\x4a",
0, WC_SHA3_256_DIGEST_SIZE },
{ "abc",
"\x3a\x98\x5d\xa7\x4f\xe2\x25\xb2\x04\x5c\x17\x2d\x6b\xd3\x90"
"\xbd\x85\x5f\x08\x6e\x3e\x9d\x52\x5b\x46\xbf\xe2\x45\x11\x43"
"\x15\x32",
3, WC_SHA3_256_DIGEST_SIZE },
{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
"\x41\xc0\xdb\xa2\xa9\xd6\x24\x08\x49\x10\x03\x76\xa8\x23\x5e"
"\x2c\x82\xe1\xb9\x99\x8a\x99\x9e\x21\xdb\x32\xdd\x97\x49\x6d"
"\x33\x76",
56, WC_SHA3_256_DIGEST_SIZE }
};
byte hash[WC_SHA3_256_DIGEST_SIZE];
byte hashcopy[WC_SHA3_256_DIGEST_SIZE];
wc_test_ret_t ret;
int i;
ret = wc_InitSha3_256(sha, HEAP_HINT, devId);
if (ret != 0) {
XMEMSET(sha, 0, sizeof(*sha));
return WC_TEST_RET_ENC_EC(ret);
}
for (i = 0; i < 3; ++i) {
ret = wc_Sha3_256_Update(sha, (const byte*)test_sha[i].input,
(word32)test_sha[i].inLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
ret = wc_Sha3_256_GetHash(sha, hashcopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
ret = wc_Sha3_256_Copy(sha, shaCopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
ret = wc_Sha3_256_Final(sha, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_256_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
if (XMEMCMP(hash, hashcopy, WC_SHA3_256_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
wc_Sha3_256_Free(shaCopy);
}
exit:
wc_Sha3_256_Free(sha);
wc_Sha3_256_Free(shaCopy);
if (ret != 0)
return ret;
/* this is a software only variant of SHA3 not supported by external
* hardware devices */
#if defined(WOLFSSL_HASH_FLAGS) && !defined(WOLFSSL_ASYNC_CRYPT)
{
/* test vector with hash of empty string */
static const char* Keccak256EmptyOut =
"\xc5\xd2\x46\x01\x86\xf7\x23\x3c\x92\x7e\x7d\xb2\xdc\xc7\x03\xc0"
"\xe5\x00\xb6\x53\xca\x82\x27\x3b\x7b\xfa\xd8\x04\x5d\x85\xa4\x70";
wc_Sha3 ksha;
byte khash[WC_SHA3_256_DIGEST_SIZE];
ret = wc_InitSha3_256(&ksha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* Test for Keccak256 */
ret = wc_Sha3_SetFlags(&ksha, WC_HASH_SHA3_KECCAK256);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), keccak_exit);
}
ret = wc_Sha3_256_Update(&ksha, (byte*)"", 0);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), keccak_exit);
}
ret = wc_Sha3_256_Final(&ksha, khash);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), keccak_exit);
}
if (XMEMCMP(khash, Keccak256EmptyOut, WC_SHA3_256_DIGEST_SIZE) != 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, keccak_exit);
}
keccak_exit:
wc_Sha3_256_Free(&ksha);
}
#endif /* WOLFSSL_HASH_FLAGS && !WOLFSSL_ASYNC_CRYPT */
return ret;
}
#ifndef NO_LARGE_HASH_TEST
static wc_test_ret_t sha3_256_large_hash_test(wc_Sha3* sha)
{
static const char* large_digest =
"\xdc\x90\xc0\xb1\x25\xdb\x2c\x34\x81\xa3\xff\xbc\x1e\x2e\x87\xeb"
"\x6d\x70\x85\x61\xe0\xe9\x63\x61\xff\xe5\x84\x4b\x1f\x68\x05\x15";
byte hash[WC_SHA3_256_DIGEST_SIZE];
byte large_input[1024];
wc_test_ret_t ret;
int i;
ret = wc_InitSha3_256(sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
for (i = 0; i < (int)sizeof(large_input); i++) {
large_input[i] = (byte)(i & 0xFF);
}
for (i = 0; i < 100; ++i) {
ret = wc_Sha3_256_Update(sha, (byte*)large_input,
(word32)sizeof(large_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
}
ret = wc_Sha3_256_Final(sha, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
if (XMEMCMP(hash, large_digest, WC_SHA3_256_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
#ifndef NO_UNALIGNED_MEMORY_TEST
/* Unaligned memory access test */
for (i = 1; i < 16; i++) {
ret = wc_Sha3_256_Update(sha, (byte*)large_input + i,
(word32)sizeof(large_input) - (word32)i);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha3_256_Final(sha, hash);
}
#endif
exit:
wc_Sha3_256_Free(sha);
return ret;
}
#endif /* NO_LARGE_HASH_TEST */
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0))
static wc_test_ret_t sha3_256_copy_test(wc_Sha3* sha, wc_Sha3* shaCopy)
{
static const char* a_input = "";
static const char* a_output =
"\xa7\xff\xc6\xf8\xbf\x1e\xd7\x66\x51\xc1\x47\x56\xa0\x61\xd6"
"\x62\xf5\x80\xff\x4d\xe4\x3b\x49\xfa\x82\xd8\x0a\x4b\x80\xf8"
"\x43\x4a";
static const char* b_input = "abc";
byte hash[WC_SHA3_256_DIGEST_SIZE];
wc_test_ret_t ret;
ret = wc_InitSha3_256(sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_InitSha3_256(shaCopy, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha3_256_Update(shaCopy, (const byte*)b_input,
(word32)XSTRLEN(b_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha3_256_Update(sha, (const byte*)a_input,
(word32)XSTRLEN(a_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha3_256_Copy(sha, shaCopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha3_256_Final(shaCopy, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
if (XMEMCMP(hash, a_output, WC_SHA3_256_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
exit:
wc_Sha3_256_Free(sha);
wc_Sha3_256_Free(shaCopy);
return ret;
}
#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION_GE(7, 0)) */
static wc_test_ret_t sha3_256_test(void)
{
wc_Sha3 sha;
WC_DECLARE_VAR(shaCopy, wc_Sha3, 1, HEAP_HINT);
wc_test_ret_t ret;
WC_ALLOC_VAR(shaCopy, wc_Sha3, 1, HEAP_HINT);
if (!WC_VAR_OK(shaCopy))
return WC_TEST_RET_ENC_EC(MEMORY_E);
XMEMSET(shaCopy, 0, sizeof(*shaCopy));
if ((ret = sha3_256_kat_test(&sha, shaCopy)) != 0)
goto out;
#ifndef NO_LARGE_HASH_TEST
if ((ret = sha3_256_large_hash_test(&sha)) != 0)
goto out;
#endif
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0))
if ((ret = sha3_256_copy_test(&sha, shaCopy)) != 0)
goto out;
#endif
ret = 0;
out:
WC_FREE_VAR(shaCopy, HEAP_HINT);
return ret;
}
#endif /* WOLFSSL_NOSHA3_256 */
#ifndef WOLFSSL_NOSHA3_384
static wc_test_ret_t sha3_384_kat_test(wc_Sha3* sha, wc_Sha3* shaCopy)
{
byte hash[WC_SHA3_384_DIGEST_SIZE];
byte buf[64];
#ifndef NO_INTM_HASH_TEST
byte hashcopy[WC_SHA3_384_DIGEST_SIZE];
#endif
testVector a, b, c;
testVector test_sha[3];
wc_test_ret_t ret;
int times = sizeof(test_sha) / sizeof(struct testVector), i;
#ifdef NO_INTM_HASH_TEST
(void)shaCopy;
#endif
/*
** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA3-384_Msg0.pdf
*/
a.input = "";
a.output = "\x0c\x63\xa7\x5b\x84\x5e\x4f\x7d\x01\x10\x7d\x85\x2e\x4c\x24"
"\x85\xc5\x1a\x50\xaa\xaa\x94\xfc\x61\x99\x5e\x71\xbb\xee\x98"
"\x3a\x2a\xc3\x71\x38\x31\x26\x4a\xdb\x47\xfb\x6b\xd1\xe0\x58"
"\xd5\xf0\x04";
a.inLen = XSTRLEN(a.input);
a.outLen = WC_SHA3_384_DIGEST_SIZE;
#ifndef NO_INTM_HASH_TEST
/* NIST test vector with a length that is a multiple of 4 */
b.input = "\x7d\x80\xb1\x60\xc4\xb5\x36\xa3\xbe\xb7\x99\x80\x59\x93\x44"
"\x04\x7c\x5f\x82\xa1\xdf\xc3\xee\xd4";
b.output = "\x04\x1c\xc5\x86\x1b\xa3\x34\x56\x3c\x61\xd4\xef\x97\x10\xd4"
"\x89\x6c\x31\x1c\x92\xed\xbe\x0d\x7c\xd5\x3e\x80\x3b\xf2\xf4"
"\xeb\x60\x57\x23\x55\x70\x77\x0c\xe8\x7c\x55\x20\xd7\xec\x14"
"\x19\x87\x22";
b.inLen = XSTRLEN(b.input);
b.outLen = WC_SHA3_384_DIGEST_SIZE;
#else
b.input = "abc";
b.output = "\xec\x01\x49\x82\x88\x51\x6f\xc9\x26\x45\x9f\x58\xe2\xc6\xad"
"\x8d\xf9\xb4\x73\xcb\x0f\xc0\x8c\x25\x96\xda\x7c\xf0\xe4\x9b"
"\xe4\xb2\x98\xd8\x8c\xea\x92\x7a\xc7\xf5\x39\xf1\xed\xf2\x28"
"\x37\x6d\x25";
b.inLen = XSTRLEN(b.input);
b.outLen = WC_SHA3_384_DIGEST_SIZE;
#endif
c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
c.output = "\x99\x1c\x66\x57\x55\xeb\x3a\x4b\x6b\xbd\xfb\x75\xc7\x8a\x49"
"\x2e\x8c\x56\xa2\x2c\x5c\x4d\x7e\x42\x9b\xfd\xbc\x32\xb9\xd4"
"\xad\x5a\xa0\x4a\x1f\x07\x6e\x62\xfe\xa1\x9e\xef\x51\xac\xd0"
"\x65\x7c\x22";
c.inLen = XSTRLEN(c.input);
c.outLen = WC_SHA3_384_DIGEST_SIZE;
#ifndef NO_INTM_HASH_TEST
test_sha[0] = b; /* hardware acc. pre-Versal can not handle "" string */
#else
test_sha[0] = a;
#endif
test_sha[1] = b;
test_sha[2] = c;
ret = wc_InitSha3_384(sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
for (i = 0; i < times; ++i) {
XMEMCPY(buf, test_sha[i].input, test_sha[i].inLen);
ret = wc_Sha3_384_Update(sha, buf,
(word32)test_sha[i].inLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
#ifndef NO_INTM_HASH_TEST
ret = wc_Sha3_384_GetHash(sha, hashcopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
ret = wc_Sha3_384_Copy(sha, shaCopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
#endif
ret = wc_Sha3_384_Final(sha, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_384_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
#ifndef NO_INTM_HASH_TEST
if (XMEMCMP(hash, hashcopy, WC_SHA3_384_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
wc_Sha3_384_Free(shaCopy);
#endif
}
exit:
wc_Sha3_384_Free(sha);
#ifndef NO_INTM_HASH_TEST
wc_Sha3_384_Free(shaCopy);
#endif
return ret;
}
#ifndef NO_LARGE_HASH_TEST
static wc_test_ret_t sha3_384_large_hash_test(wc_Sha3* sha)
{
static const char* large_digest =
"\x30\x44\xec\x17\xef\x47\x9f\x55\x36\x11\xd6\x3f\x8a\x31\x5a\x71"
"\x8a\x71\xa7\x1d\x8e\x84\xe8\x6c\x24\x02\x2f\x7a\x08\x4e\xea\xd7"
"\x42\x36\x5d\xa8\xc2\xb7\x42\xad\xec\x19\xfb\xca\xc6\x64\xb3\xa4";
byte hash[WC_SHA3_384_DIGEST_SIZE];
byte large_input[1024];
wc_test_ret_t ret;
int i;
ret = wc_InitSha3_384(sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
for (i = 0; i < (int)sizeof(large_input); i++) {
large_input[i] = (byte)(i & 0xFF);
}
for (i = 0; i < 100; ++i) {
ret = wc_Sha3_384_Update(sha, (byte*)large_input,
(word32)sizeof(large_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
}
ret = wc_Sha3_384_Final(sha, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
if (XMEMCMP(hash, large_digest, WC_SHA3_384_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
#ifndef NO_UNALIGNED_MEMORY_TEST
/* Unaligned memory access test */
for (i = 1; i < 16; i++) {
ret = wc_Sha3_384_Update(sha, (byte*)large_input + i,
(word32)sizeof(large_input) - (word32)i);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha3_384_Final(sha, hash);
}
#endif
exit:
wc_Sha3_384_Free(sha);
return ret;
}
#endif /* NO_LARGE_HASH_TEST */
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0))
static wc_test_ret_t sha3_384_copy_test(wc_Sha3* sha, wc_Sha3* shaCopy)
{
static const char* a_input = "";
static const char* a_output =
"\x0c\x63\xa7\x5b\x84\x5e\x4f\x7d\x01\x10\x7d\x85\x2e\x4c\x24"
"\x85\xc5\x1a\x50\xaa\xaa\x94\xfc\x61\x99\x5e\x71\xbb\xee\x98"
"\x3a\x2a\xc3\x71\x38\x31\x26\x4a\xdb\x47\xfb\x6b\xd1\xe0\x58"
"\xd5\xf0\x04";
static const char* b_input =
"\x7d\x80\xb1\x60\xc4\xb5\x36\xa3\xbe\xb7\x99\x80\x59\x93\x44"
"\x04\x7c\x5f\x82\xa1\xdf\xc3\xee\xd4";
byte hash[WC_SHA3_384_DIGEST_SIZE];
wc_test_ret_t ret;
ret = wc_InitSha3_384(sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_InitSha3_384(shaCopy, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha3_384_Update(shaCopy, (const byte*)b_input,
(word32)XSTRLEN(b_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha3_384_Update(sha, (const byte*)a_input,
(word32)XSTRLEN(a_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha3_384_Copy(sha, shaCopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha3_384_Final(shaCopy, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
if (XMEMCMP(hash, a_output, WC_SHA3_384_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
exit:
wc_Sha3_384_Free(sha);
wc_Sha3_384_Free(shaCopy);
return ret;
}
#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION_GE(7, 0)) */
static wc_test_ret_t sha3_384_test(void)
{
wc_Sha3 sha;
WC_DECLARE_VAR(shaCopy, wc_Sha3, 1, HEAP_HINT);
wc_test_ret_t ret;
WC_ALLOC_VAR(shaCopy, wc_Sha3, 1, HEAP_HINT);
if (!WC_VAR_OK(shaCopy))
return WC_TEST_RET_ENC_EC(MEMORY_E);
XMEMSET(shaCopy, 0, sizeof(*shaCopy));
if ((ret = sha3_384_kat_test(&sha, shaCopy)) != 0)
goto out;
#ifndef NO_LARGE_HASH_TEST
if ((ret = sha3_384_large_hash_test(&sha)) != 0)
goto out;
#endif
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0))
if ((ret = sha3_384_copy_test(&sha, shaCopy)) != 0)
goto out;
#endif
ret = 0;
out:
WC_FREE_VAR(shaCopy, HEAP_HINT);
return ret;
}
#endif /* WOLFSSL_NOSHA3_384 */
#ifndef WOLFSSL_NOSHA3_512
static wc_test_ret_t sha3_512_kat_test(wc_Sha3* sha, wc_Sha3* shaCopy)
{
/*
** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA3-512_Msg0.pdf
*/
static const testVector test_sha[3] = {
{ "",
"\xa6\x9f\x73\xcc\xa2\x3a\x9a\xc5\xc8\xb5\x67\xdc\x18\x5a\x75"
"\x6e\x97\xc9\x82\x16\x4f\xe2\x58\x59\xe0\xd1\xdc\xc1\x47\x5c"
"\x80\xa6\x15\xb2\x12\x3a\xf1\xf5\xf9\x4c\x11\xe3\xe9\x40\x2c"
"\x3a\xc5\x58\xf5\x00\x19\x9d\x95\xb6\xd3\xe3\x01\x75\x85\x86"
"\x28\x1d\xcd\x26",
0, WC_SHA3_512_DIGEST_SIZE },
{ "abc",
"\xb7\x51\x85\x0b\x1a\x57\x16\x8a\x56\x93\xcd\x92\x4b\x6b\x09"
"\x6e\x08\xf6\x21\x82\x74\x44\xf7\x0d\x88\x4f\x5d\x02\x40\xd2"
"\x71\x2e\x10\xe1\x16\xe9\x19\x2a\xf3\xc9\x1a\x7e\xc5\x76\x47"
"\xe3\x93\x40\x57\x34\x0b\x4c\xf4\x08\xd5\xa5\x65\x92\xf8\x27"
"\x4e\xec\x53\xf0",
3, WC_SHA3_512_DIGEST_SIZE },
{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
"\x04\xa3\x71\xe8\x4e\xcf\xb5\xb8\xb7\x7c\xb4\x86\x10\xfc\xa8"
"\x18\x2d\xd4\x57\xce\x6f\x32\x6a\x0f\xd3\xd7\xec\x2f\x1e\x91"
"\x63\x6d\xee\x69\x1f\xbe\x0c\x98\x53\x02\xba\x1b\x0d\x8d\xc7"
"\x8c\x08\x63\x46\xb5\x33\xb4\x9c\x03\x0d\x99\xa2\x7d\xaf\x11"
"\x39\xd6\xe7\x5e",
56, WC_SHA3_512_DIGEST_SIZE }
};
byte hash[WC_SHA3_512_DIGEST_SIZE];
byte hashcopy[WC_SHA3_512_DIGEST_SIZE];
wc_test_ret_t ret;
int i;
ret = wc_InitSha3_512(sha, HEAP_HINT, devId);
if (ret != 0) {
XMEMSET(sha, 0, sizeof(*sha));
return WC_TEST_RET_ENC_EC(ret);
}
for (i = 0; i < 3; ++i) {
ret = wc_Sha3_512_Update(sha, (const byte*)test_sha[i].input,
(word32)test_sha[i].inLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
ret = wc_Sha3_512_GetHash(sha, hashcopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
ret = wc_Sha3_512_Copy(sha, shaCopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
ret = wc_Sha3_512_Final(sha, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_512_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
if (XMEMCMP(hash, hashcopy, WC_SHA3_512_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
wc_Sha3_512_Free(shaCopy);
}
exit:
wc_Sha3_512_Free(sha);
wc_Sha3_512_Free(shaCopy);
return ret;
}
#ifndef NO_LARGE_HASH_TEST
static wc_test_ret_t sha3_512_large_hash_test(wc_Sha3* sha)
{
static const char* large_digest =
"\x9c\x13\x26\xb6\x26\xb2\x94\x31\xbc\xf4\x34\xe9\x6f\xf2\xd6\x29"
"\x9a\xd0\x9b\x32\x63\x2f\x18\xa7\x5f\x23\xc9\x60\xc2\x32\x0c\xbc"
"\x57\x77\x33\xf1\x83\x81\x8a\xd3\x15\x7c\x93\xdc\x80\x9f\xed\x61"
"\x41\xa7\x5b\xfd\x32\x0e\x38\x15\xb0\x46\x3b\x7a\x4f\xfd\x44\x88";
byte hash[WC_SHA3_512_DIGEST_SIZE];
byte large_input[1024];
wc_test_ret_t ret;
int i;
ret = wc_InitSha3_512(sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
for (i = 0; i < (int)sizeof(large_input); i++) {
large_input[i] = (byte)(i & 0xFF);
}
for (i = 0; i < 100; ++i) {
ret = wc_Sha3_512_Update(sha, (byte*)large_input,
(word32)sizeof(large_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
}
ret = wc_Sha3_512_Final(sha, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
if (XMEMCMP(hash, large_digest, WC_SHA3_512_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
#ifndef NO_UNALIGNED_MEMORY_TEST
/* Unaligned memory access test */
for (i = 1; i < 16; i++) {
ret = wc_Sha3_512_Update(sha, (byte*)large_input + i,
(word32)sizeof(large_input) - (word32)i);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha3_512_Final(sha, hash);
}
#endif
exit:
wc_Sha3_512_Free(sha);
return ret;
}
#endif /* NO_LARGE_HASH_TEST */
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0))
static wc_test_ret_t sha3_512_copy_test(wc_Sha3* sha, wc_Sha3* shaCopy)
{
static const char* a_input = "";
static const char* a_output =
"\xa6\x9f\x73\xcc\xa2\x3a\x9a\xc5\xc8\xb5\x67\xdc\x18\x5a\x75"
"\x6e\x97\xc9\x82\x16\x4f\xe2\x58\x59\xe0\xd1\xdc\xc1\x47\x5c"
"\x80\xa6\x15\xb2\x12\x3a\xf1\xf5\xf9\x4c\x11\xe3\xe9\x40\x2c"
"\x3a\xc5\x58\xf5\x00\x19\x9d\x95\xb6\xd3\xe3\x01\x75\x85\x86"
"\x28\x1d\xcd\x26";
static const char* b_input = "abc";
byte hash[WC_SHA3_512_DIGEST_SIZE];
wc_test_ret_t ret;
ret = wc_InitSha3_512(sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_InitSha3_512(shaCopy, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha3_512_Update(shaCopy, (const byte*)b_input,
(word32)XSTRLEN(b_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha3_512_Update(sha, (const byte*)a_input,
(word32)XSTRLEN(a_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha3_512_Copy(sha, shaCopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Sha3_512_Final(shaCopy, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
if (XMEMCMP(hash, a_output, WC_SHA3_512_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
exit:
wc_Sha3_512_Free(sha);
wc_Sha3_512_Free(shaCopy);
return ret;
}
#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION_GE(7, 0)) */
static wc_test_ret_t sha3_512_test(void)
{
wc_Sha3 sha;
WC_DECLARE_VAR(shaCopy, wc_Sha3, 1, HEAP_HINT);
wc_test_ret_t ret;
WC_ALLOC_VAR(shaCopy, wc_Sha3, 1, HEAP_HINT);
if (!WC_VAR_OK(shaCopy))
return WC_TEST_RET_ENC_EC(MEMORY_E);
XMEMSET(shaCopy, 0, sizeof(*shaCopy));
if ((ret = sha3_512_kat_test(&sha, shaCopy)) != 0)
goto out;
#ifndef NO_LARGE_HASH_TEST
if ((ret = sha3_512_large_hash_test(&sha)) != 0)
goto out;
#endif
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0))
if ((ret = sha3_512_copy_test(&sha, shaCopy)) != 0)
goto out;
#endif
ret = 0;
out:
WC_FREE_VAR(shaCopy, HEAP_HINT);
return ret;
}
#endif /* WOLFSSL_NOSHA3_512 */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha3_test(void)
{
wc_test_ret_t ret;
(void)ret;
WOLFSSL_ENTER("sha3_test");
#ifndef WOLFSSL_NOSHA3_224
if ((ret = sha3_224_test()) != 0)
return ret;
#endif
#ifndef WOLFSSL_NOSHA3_256
if ((ret = sha3_256_test()) != 0)
return ret;
#endif
#ifndef WOLFSSL_NOSHA3_384
if ((ret = sha3_384_test()) != 0)
return ret;
#endif
#ifndef WOLFSSL_NOSHA3_512
if ((ret = sha3_512_test()) != 0)
return ret;
#endif
return 0;
}
#endif /* WOLFSSL_SHA3 */
#ifdef WOLFSSL_SHAKE128
static wc_test_ret_t shake128_absorb_test(wc_Shake* sha, byte *large_input_buf,
size_t large_input_buf_size)
{
wc_test_ret_t ret = 0;
int i;
static const char large_digest[] =
"\x2b\xd1\x69\x9f\xb3\x75\x40\x74\xb8\xb2\xd2\x0b\x92\x47\x9b\xfe"
"\xc9\x91\x48\xbe\xda\xa4\x09\xd7\x61\x35\x18\x05\x07\x71\xa5\x61"
"\x4d\xc4\x94\xad\xbe\x04\x7d\xad\x95\x2f\xeb\x2c\xc0\x10\x67\x43"
"\x40\xf1\x4a\x58\x1c\x54\xfa\x24\x1c\x1a\x4e\x8d\x9b\xbc\xea\xa7"
"\x32\xf2\x4c\xc7\x86\x05\x36\xdc\xb4\x42\xd8\x35\xd1\xb4\xa2\x79"
"\xa2\xe6\xee\x67\x4f\xbf\x2a\x93\x41\x88\x25\x56\x29\x90\x1a\x06"
"\xba\xfe\x9f\xa6\x1a\x74\xe8\x7e\x85\x4a\xc8\x58\x60\xb1\x7b\x18"
"\xdf\x77\x59\x46\x04\xc1\xff\x4b\x9b\xcb\xad\xfe\x91\x28\xf0\x01"
"\xc1\x33\xd0\x99\x99\x2e\x0c\x86\x84\x67\x4d\x37\xa4\x42\x45\x10"
"\xdc\x8f\xdb\x6f\xa6\x9b\xee\x8a\x60\xa5\x1f\x95\x3f\x8f\xf5\x31"
"\x4b\x1d\x48\x1e\x45\xff\x79\x5c\xbe\x72\xfc\x56\xed\x6d\x1a\x99"
"\x7f\x23\x7c\xd1\xa5\x50\x9e\xb0\x4d\x61\x37\xa5\xcb\x24\x71\x3b"
"\xa3\x60\x51\x2e\x80\x83\x8b\xe0\x55\x50\xa7\x1e\xcc\x9f\xac\x41"
"\x77\x2c\x79\x22\x30\x09\x1b\x1a\x83\x5b\x2c\x48\xdc\x09\x7d\x59"
"\x0d\xf0\x54\x17\xfb\x5e\x38\x68\xde\xdb\xc5\x93\xab\x17\x5f\x4b"
"\x4d\x6d\xf2\xc7\x4e\x15\x1e\x10\x76\xc4\xcb\x87\xd8\xb7\x9d\xa8"
"\xbf\xc5\x2e\x5e\xfc\xd3\x6c\x45\xd4\x5d\x72\x0f\x66\xeb\x67\x86"
"\xfa\x6c\xd6\x80\xa4\x23\xcb\x5d\xed\x3c\xde\xdc\x5b\x3d\xca\x95"
"\x43\x4b\xdc\xe8\x49\xd3\xe1\x01\xd4\xf1\xe4\x47\xcf\x56\xba\x71"
"\xb4\x69\xed\xe7\xdb\x0f\x89\xd6\xbb\xcd\x1a\xff\xb4\xbe\x72\x26"
"\xdc\x76\x79\xb3\x1a\x4b\xe6\x8d\x9b\x8e\xd9\xe9\xe6\xf9\xff\xa5";
byte hash[sizeof(large_digest) - 1];
testVector a, b, c, d, e;
testVector test_sha[5];
/*
** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHAKE128_Msg0.pdf
*/
a.input = "";
a.output = "\x7f\x9c\x2b\xa4\xe8\x8f\x82\x7d\x61\x60\x45\x50\x76\x05\x85"
"\x3e\xd7\x3b\x80\x93\xf6\xef\xbc\x88\xeb\x1a\x6e\xac\xfa\x66"
"\xef\x26\x3c\xb1\xee\xa9\x88\x00\x4b\x93\x10\x3c\xfb\x0a\xee"
"\xfd\x2a\x68\x6e\x01\xfa\x4a\x58\xe8\xa3\x63\x9c\xa8\xa1\xe3"
"\xf9\xae\x57\xe2\x35\xb8\xcc\x87\x3c\x23\xdc\x62\xb8\xd2\x60"
"\x16\x9a\xfa\x2f\x75\xab\x91\x6a\x58\xd9\x74\x91\x88\x35\xd2"
"\x5e\x6a\x43\x50\x85\xb2\xba\xdf\xd6\xdf\xaa\xc3\x59\xa5\xef"
"\xbb\x7b\xcc\x4b\x59\xd5\x38\xdf\x9a\x04\x30\x2e\x10\xc8\xbc"
"\x1c\xbf\x1a\x0b\x3a\x51\x20\xea\x17\xcd\xa7\xcf\xad\x76\x5f"
"\x56\x23\x47\x4d\x36\x8c\xcc\xa8\xaf\x00\x07\xcd\x9f\x5e\x4c"
"\x84\x9f\x16\x7a\x58\x0b\x14\xaa\xbd\xef\xae\xe7\xee\xf4\x7c"
"\xb0\xfc\xa9";
a.inLen = XSTRLEN(a.input);
a.outLen = WC_SHA3_128_BLOCK_SIZE;
b.input = "abc";
b.output = "\x58\x81\x09\x2d\xd8\x18\xbf\x5c\xf8\xa3\xdd\xb7\x93\xfb\xcb"
"\xa7\x40\x97\xd5\xc5\x26\xa6\xd3\x5f\x97\xb8\x33\x51\x94\x0f"
"\x2c\xc8\x44\xc5\x0a\xf3\x2a\xcd\x3f\x2c\xdd\x06\x65\x68\x70"
"\x6f\x50\x9b\xc1\xbd\xde\x58\x29\x5d\xae\x3f\x89\x1a\x9a\x0f"
"\xca\x57\x83\x78\x9a\x41\xf8\x61\x12\x14\xce\x61\x23\x94\xdf"
"\x28\x6a\x62\xd1\xa2\x25\x2a\xa9\x4d\xb9\xc5\x38\x95\x6c\x71"
"\x7d\xc2\xbe\xd4\xf2\x32\xa0\x29\x4c\x85\x7c\x73\x0a\xa1\x60"
"\x67\xac\x10\x62\xf1\x20\x1f\xb0\xd3\x77\xcf\xb9\xcd\xe4\xc6"
"\x35\x99\xb2\x7f\x34\x62\xbb\xa4\xa0\xed\x29\x6c\x80\x1f\x9f"
"\xf7\xf5\x73\x02\xbb\x30\x76\xee\x14\x5f\x97\xa3\x2a\xe6\x8e"
"\x76\xab\x66\xc4\x8d\x51\x67\x5b\xd4\x9a\xcc\x29\x08\x2f\x56"
"\x47\x58\x4e";
b.inLen = XSTRLEN(b.input);
b.outLen = WC_SHA3_128_BLOCK_SIZE;
c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
c.output = "\x1a\x96\x18\x2b\x50\xfb\x8c\x7e\x74\xe0\xa7\x07\x78\x8f\x55"
"\xe9\x82\x09\xb8\xd9\x1f\xad\xe8\xf3\x2f\x8d\xd5\xcf\xf7\xbf"
"\x21\xf5\x4e\xe5\xf1\x95\x50\x82\x5a\x6e\x07\x00\x30\x51\x9e"
"\x94\x42\x63\xac\x1c\x67\x65\x28\x70\x65\x62\x1f\x9f\xcb\x32"
"\x01\x72\x3e\x32\x23\xb6\x3a\x46\xc2\x93\x8a\xa9\x53\xba\x84"
"\x01\xd0\xea\x77\xb8\xd2\x64\x90\x77\x55\x66\x40\x7b\x95\x67"
"\x3c\x0f\x4c\xc1\xce\x9f\xd9\x66\x14\x8d\x7e\xfd\xff\x26\xbb"
"\xf9\xf4\x8a\x21\xc6\xda\x35\xbf\xaa\x54\x56\x54\xf7\x0a\xe5"
"\x86\xff\x10\x13\x14\x20\x77\x14\x83\xec\x92\xed\xab\x40\x8c"
"\x76\x7b\xf4\xc5\xb4\xff\xfa\xa8\x0c\x8c\xa2\x14\xd8\x4c\x4d"
"\xc7\x00\xd0\xc5\x06\x30\xb2\xff\xc3\x79\x3e\xa4\xd8\x72\x58"
"\xb4\xc9\x54";
c.inLen = XSTRLEN(c.input);
c.outLen = WC_SHA3_128_BLOCK_SIZE;
/* Taken from NIST CAVP test vectors - full rate output. */
d.input = "\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb"
"\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8"
"\x85\xe0";
d.output = "\x93\x68\xf0\x15\x10\x92\x44\xeb\x02\x47\xfa\x3a\x0e\x57\xf5"
"\x2e\xa7\xd9\xeb\xa2\x3d\xae\x7a\x19\x7f\x0a\x29\xe9\x22\x55"
"\x06\x05\x98\x16\xb7\x84\x48\xb6\x49\x7a\x76\xeb\x96\x2d\xb3"
"\xf8\x4d\x37\x60\xf1\xfe\xb4\xbd\xc1\xfd\x4a\xc9\x4e\x91\x7a"
"\xc2\xea\x5e\x4f\x38\x37\x4a\xa5\x6e\x4f\x47\x67\xb8\xd7\x83"
"\x1b\x2d\x51\x49\x5a\xb8\xea\xb7\xc9\x82\x20\xaf\x13\x41\x5a"
"\x59\xbb\x7c\x17\x7a\xcd\x62\x8e\xf0\xff\xe3\x6c\xeb\x18\x59"
"\x5d\x14\x4c\xbf\x25\xef\xc0\x6c\xd9\x56\xa5\x78\x20\x6e\xa8"
"\xf9\x14\x5e\xf9\xce\x19\x50\x6a\x9d\x04\x4e\xc7\x00\x79\x9f"
"\xa1\x41\x9b\xaf\x60\x52\xc0\xc1\xb4\x45\xf8\x35\x17\x57\xb0"
"\xd0\x22\x87\x21\x89\xe2\xc0\x27\x3f\x82\xd9\x69\x69\x66\x3e"
"\x55\x4d\x09";
d.inLen = 32;
d.outLen = WC_SHA3_128_BLOCK_SIZE;
/* Taken from NIST CAVP test vectors - more than one output block. */
e.input = "\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef"
"\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67"
"\x47\xe4";
e.output = "\xe1\x7e\xab\x0d\xa4\x04\xf9\xb6\xac\xc0\x84\x97\x2f\xc5\x79"
"\xe8\x6d\xaa\x76\x10\xa5\xe1\x7c\x23\x2f\x79\x19\x83\x96\xfd"
"\x01\xc2\x4c\x34\xbb\x54\xf4\xb0\x1e\xf7\x40\xb4\x25\x33\x4a"
"\x55\xdd\x24\x81\x3d\xc8\xea\x86\xf5\x6e\xf7\x27\x67\x26\x2b"
"\xf2\x25\x74\x8c\xcc\x3d\x9f\x48\x6f\xfb\x72\x8f\x4e\xad\x29"
"\x60\xc9\x6c\x3e\x44\x63\x86\xea\xce\x21\x9c\x84\x28\x16\x11"
"\x63\x58\xb0\xf4\x2d\x7d\xff\xf7\xdd\x24\x11\xfa\x2a\x56\x79"
"\xfd\x7a\x94\x77\x45\x75\xba\xf9\xfc\xad\x68\xa1\x9e\x30\xd1"
"\x49\xb0\x59\xb5\x9c\x44\x6c\x4e\xdc\xa5\x9b\xc5\xa4\x79\x9d"
"\xc4\x65\xaa\x9e\x78\x2c\xed\x9f\x21\xc5\x5d\xe2\x42\xdd\x25"
"\xd0\xd9\xde\x60\xd0\x9f\xf8\x6a\xba\xf3\xa0\x3a\x76\x71\xb3"
"\x05\x42\xdf\xbe\x72\xfc\x56\xed\x6d\x1a\x99\x7f\x23\x7c\xd1"
"\xa5\x50\x9e\xb0\x4d\x61\x37\xa5\xcb\x24\x71\x3b\xa3\x60\x51"
"\x2e\x80\x83\x8b\xe0\x55\x50\xa7\x1e\xcc\x9f\xac\x41\x77\x2c"
"\x79\x22\x30\x09\x1b\x1a\x83\x5b\x2c\x48\xdc\x09\x7d\x59\x0d"
"\xf0\x54\x17\xfb\x5e\x38\x68\xde\xdb\xc5\x93\xab\x17\x5f\x4b"
"\x4d\x6d\xf2\xc7\x4e\x15\x1e\x10\x76\xc4\xcb\x87\xd8\xb7\x9d"
"\xa8\xbf\xc5\x2e\x5e\xfc\xd3\x6c\x45\xd4\x5d\x72\x0f\x66\xeb"
"\x67\x86\xfa\x6c\xd6\x80\xa4\x23\xcb\x5d\xed\x3c\xde\xdc\x5b"
"\x3d\xca\x95\x43\x4b\xdc\xe8\x49\xd3\xe1\x01\xd4\xf1\xe4\x47"
"\xcf\x56\xba\x71\xb4\x69\xed\xe7\xdb\x0f\x89\xd6\xbb\xcd\x1a"
"\xff\xb4\xbe\x72\x26\xdc\x76\x79\xb3\x1a\x4b\xe6\x8d\x9b\x8e"
"\xd9\xe9\xe6\xf9\xff\xa5";
e.inLen = 32;
e.outLen = 2 * WC_SHA3_128_BLOCK_SIZE;
test_sha[0] = a;
test_sha[1] = b;
test_sha[2] = c;
test_sha[3] = d;
test_sha[4] = e;
for (i = 0; i < 5; ++i) {
ret = wc_InitShake128(sha, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
ret = wc_Shake128_Absorb(sha, (const byte*)test_sha[i].input,
(word32)test_sha[i].inLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
ret = wc_Shake128_SqueezeBlocks(sha, hash,
(word32)test_sha[i].outLen / WC_SHA3_128_BLOCK_SIZE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
if (XMEMCMP(hash, test_sha[i].output, (word32)test_sha[i].outLen) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
}
#ifndef NO_LARGE_HASH_TEST
/* BEGIN LARGE HASH TEST */ {
for (i = 0; i < (int)large_input_buf_size; i++) {
large_input_buf[i] = (byte)(i & 0xFF);
}
ret = wc_InitShake128(sha, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
/* Absorb is non-incremental. */
ret = wc_Shake128_Absorb(sha, large_input_buf,
(word32)large_input_buf_size);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
/* Able to squeeze out blocks incrementally. */
ret = wc_Shake128_SqueezeBlocks(sha, hash, 1);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Shake128_SqueezeBlocks(sha, hash,
((word32)sizeof(hash) / WC_SHA3_128_BLOCK_SIZE) - 1);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
if (XMEMCMP(hash, large_digest, sizeof(hash)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
} /* END LARGE HASH TEST */
#endif /* NO_LARGE_HASH_TEST */
exit:
return ret;
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake128_test(void)
{
byte hash[250];
#define SHAKE128_LARGE_INPUT_BUFSIZ 1024
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
byte *large_input = NULL;
#else
byte large_input[SHAKE128_LARGE_INPUT_BUFSIZ];
#endif
static const char large_digest[] =
"\x88\xd7\x0e\x86\x46\x72\x6b\x3d\x7d\x22\xe1\xa9\x2d\x02\xdb\x35"
"\x92\x4f\x1b\x03\x90\xee\xa3\xce\xd1\x3a\x08\x3a\xd7\x4e\x10\xdf"
"\x09\x67\x33\x35\x4f\xdd\x38\x50\x5b\xcb\x75\xc7\xba\x65\xe5\xe8"
"\xb8\x76\xde\xc5\xee\xd7\xf1\x65\x93\x4e\x5e\xc4\xb1\xd7\x6b\xee"
"\x4b\x57\x48\xf5\x38\x49\x9e\x45\xa0\xf7\x32\xe9\x05\x26\x6a\x10"
"\x70\xd4\x7c\x19\x01\x1f\x6d\x37\xba\x7b\x74\xc2\xbc\xb6\xbc\x74"
"\xa3\x66\x6c\x9b\x11\x84\x9d\x4a\x36\xbc\x8a\x0d\x4c\xe3\x39\xfa"
"\xfa\x1b";
/*
** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHAKE128_Msg0.pdf
** d/e: NIST CAVP - full rate / multi-block output.
*/
static const testVector test_sha[5] = {
{ "",
"\x7f\x9c\x2b\xa4\xe8\x8f\x82\x7d\x61\x60\x45\x50\x76\x05\x85"
"\x3e\xd7\x3b\x80\x93\xf6\xef\xbc\x88\xeb\x1a\x6e\xac\xfa\x66"
"\xef\x26\x3c\xb1\xee\xa9\x88\x00\x4b\x93\x10\x3c\xfb\x0a\xee"
"\xfd\x2a\x68\x6e\x01\xfa\x4a\x58\xe8\xa3\x63\x9c\xa8\xa1\xe3"
"\xf9\xae\x57\xe2\x35\xb8\xcc\x87\x3c\x23\xdc\x62\xb8\xd2\x60"
"\x16\x9a\xfa\x2f\x75\xab\x91\x6a\x58\xd9\x74\x91\x88\x35\xd2"
"\x5e\x6a\x43\x50\x85\xb2\xba\xdf\xd6\xdf\xaa\xc3\x59\xa5\xef"
"\xbb\x7b\xcc\x4b\x59\xd5\x38\xdf\x9a",
0, 114 },
{ "abc",
"\x58\x81\x09\x2d\xd8\x18\xbf\x5c\xf8\xa3\xdd\xb7\x93\xfb\xcb"
"\xa7\x40\x97\xd5\xc5\x26\xa6\xd3\x5f\x97\xb8\x33\x51\x94\x0f"
"\x2c\xc8\x44\xc5\x0a\xf3\x2a\xcd\x3f\x2c\xdd\x06\x65\x68\x70"
"\x6f\x50\x9b\xc1\xbd\xde\x58\x29\x5d\xae\x3f\x89\x1a\x9a\x0f"
"\xca\x57\x83\x78\x9a\x41\xf8\x61\x12\x14\xce\x61\x23\x94\xdf"
"\x28\x6a\x62\xd1\xa2\x25\x2a\xa9\x4d\xb9\xc5\x38\x95\x6c\x71"
"\x7d\xc2\xbe\xd4\xf2\x32\xa0\x29\x4c\x85\x7c\x73\x0a\xa1\x60"
"\x67\xac\x10\x62\xf1\x20\x1f\xb0\xd3",
3, 114 },
{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
"\x1a\x96\x18\x2b\x50\xfb\x8c\x7e\x74\xe0\xa7\x07\x78\x8f\x55"
"\xe9\x82\x09\xb8\xd9\x1f\xad\xe8\xf3\x2f\x8d\xd5\xcf\xf7\xbf"
"\x21\xf5\x4e\xe5\xf1\x95\x50\x82\x5a\x6e\x07\x00\x30\x51\x9e"
"\x94\x42\x63\xac\x1c\x67\x65\x28\x70\x65\x62\x1f\x9f\xcb\x32"
"\x01\x72\x3e\x32\x23\xb6\x3a\x46\xc2\x93\x8a\xa9\x53\xba\x84"
"\x01\xd0\xea\x77\xb8\xd2\x64\x90\x77\x55\x66\x40\x7b\x95\x67"
"\x3c\x0f\x4c\xc1\xce\x9f\xd9\x66\x14\x8d\x7e\xfd\xff\x26\xbb"
"\xf9\xf4\x8a\x21\xc6\xda\x35\xbf\xaa",
56, 114 },
{ "\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb"
"\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8"
"\x85\xe0",
"\x93\x68\xf0\x15\x10\x92\x44\xeb\x02\x47\xfa\x3a\x0e\x57\xf5"
"\x2e\xa7\xd9\xeb\xa2\x3d\xae\x7a\x19\x7f\x0a\x29\xe9\x22\x55"
"\x06\x05\x98\x16\xb7\x84\x48\xb6\x49\x7a\x76\xeb\x96\x2d\xb3"
"\xf8\x4d\x37\x60\xf1\xfe\xb4\xbd\xc1\xfd\x4a\xc9\x4e\x91\x7a"
"\xc2\xea\x5e\x4f\x38\x37\x4a\xa5\x6e\x4f\x47\x67\xb8\xd7\x83"
"\x1b\x2d\x51\x49\x5a\xb8\xea\xb7\xc9\x82\x20\xaf\x13\x41\x5a"
"\x59\xbb\x7c\x17\x7a\xcd\x62\x8e\xf0\xff\xe3\x6c\xeb\x18\x59"
"\x5d\x14\x4c\xbf\x25\xef\xc0\x6c\xd9\x56\xa5\x78\x20\x6e\xa8"
"\xf9\x14\x5e\xf9\xce\x19\x50\x6a\x9d\x04\x4e\xc7\x00\x79\x9f"
"\xa1",
32, 136 },
{ "\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef"
"\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67"
"\x47\xe4",
"\xe1\x7e\xab\x0d\xa4\x04\xf9\xb6\xac\xc0\x84\x97\x2f\xc5\x79"
"\xe8\x6d\xaa\x76\x10\xa5\xe1\x7c\x23\x2f\x79\x19\x83\x96\xfd"
"\x01\xc2\x4c\x34\xbb\x54\xf4\xb0\x1e\xf7\x40\xb4\x25\x33\x4a"
"\x55\xdd\x24\x81\x3d\xc8\xea\x86\xf5\x6e\xf7\x27\x67\x26\x2b"
"\xf2\x25\x74\x8c\xcc\x3d\x9f\x48\x6f\xfb\x72\x8f\x4e\xad\x29"
"\x60\xc9\x6c\x3e\x44\x63\x86\xea\xce\x21\x9c\x84\x28\x16\x11"
"\x63\x58\xb0\xf4\x2d\x7d\xff\xf7\xdd\x24\x11\xfa\x2a\x56\x79"
"\xfd\x7a\x94\x77\x45\x75\xba\xf9\xfc\xad\x68\xa1\x9e\x30\xd1"
"\x49\xb0\x59\xb5\x9c\x44\x6c\x4e\xdc\xa5\x9b\xc5\xa4\x79\x9d"
"\xc4\x65\xaa\x9e\x78\x2c\xed\x9f\x21\xc5\x5d\xe2\x42\xdd\x25"
"\xd0\xd9\xde\x60\xd0\x9f\xf8\x6a\xba\xf3\xa0\x3a\x76\x71\xb3"
"\x05\x42\xdf\xbe\x72\xfc\x56\xed\x6d\x1a\x99\x7f\x23\x7c\xd1"
"\xa5\x50\x9e\xb0\x4d\x61\x37\xa5\xcb\x24\x71\x3b\xa3\x60\x51"
"\x2e\x80\x83\x8b\xe0\x55\x50\xa7\x1e\xcc\x9f\xac\x41\x77\x2c"
"\x79\x22\x30\x09\x1b\x1a\x83\x5b\x2c\x48\xdc\x09\x7d\x59\x0d"
"\xf0\x54\x17\xfb\x5e\x38\x68\xde\xdb\xc5\x93\xab\x17\x5f\x4b"
"\x4d\x6d\xf2\xc7\x4e\x15\x1e\x10\x76\xc4",
32, 250 }
};
wc_Shake sha;
/* Heap-allocated when WOLFSSL_SMALL_STACK to avoid exceeding stack frame
* limit with two wc_Shake structs on the stack. */
WC_DECLARE_VAR(shaCopy, wc_Shake, 1, HEAP_HINT);
wc_test_ret_t ret = 0;
int i;
WOLFSSL_ENTER("shake128_test");
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
large_input = (byte *)XMALLOC(SHAKE128_LARGE_INPUT_BUFSIZ, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (large_input == NULL)
return WC_TEST_RET_ENC_ERRNO;
#endif
WC_ALLOC_VAR(shaCopy, wc_Shake, 1, HEAP_HINT);
if (!WC_VAR_OK(shaCopy)) {
ret = WC_TEST_RET_ENC_EC(MEMORY_E);
goto out;
}
ret = wc_InitShake128(&sha, HEAP_HINT, devId);
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret);
goto out;
}
for (i = 0; i < 5; ++i) {
ret = wc_Shake128_Update(&sha, (const byte*)test_sha[i].input,
(word32)test_sha[i].inLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
ret = wc_Shake128_Final(&sha, hash, (word32)test_sha[i].outLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
if (XMEMCMP(hash, test_sha[i].output, test_sha[i].outLen) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
}
#ifndef NO_LARGE_HASH_TEST
/* BEGIN LARGE HASH TEST */ {
int xtimes;
for (i = 0; i < (int)SHAKE128_LARGE_INPUT_BUFSIZ; i++) {
large_input[i] = (byte)(i & 0xFF);
}
xtimes = 100;
for (i = 0; i < xtimes; ++i) {
ret = wc_Shake128_Update(&sha, large_input, SHAKE128_LARGE_INPUT_BUFSIZ);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
}
ret = wc_Shake128_Final(&sha, hash, (word32)sizeof(hash));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
if (XMEMCMP(hash, large_digest, sizeof(large_digest) - 1) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
} /* END LARGE HASH TEST */
#endif /* NO_LARGE_HASH_TEST */
ret = shake128_absorb_test(&sha, large_input, SHAKE128_LARGE_INPUT_BUFSIZ);
if (ret != 0)
ERROR_OUT(ret, exit);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0))
/* Copy cleanup test: verify Copy into a previously-used dst does not leak
* resources (e.g., hardware contexts). Detectable by valgrind/ASAN. */
wc_Shake128_Free(&sha);
ret = wc_InitShake128(&sha, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_InitShake128(shaCopy, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
/* test_sha[1] is the "abc" vector, test_sha[0] is empty. */
ret = wc_Shake128_Update(shaCopy, (const byte*)test_sha[1].input,
(word32)test_sha[1].inLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Shake128_Update(&sha, (const byte*)test_sha[0].input,
(word32)test_sha[0].inLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Shake128_Copy(&sha, shaCopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Shake128_Final(shaCopy, hash, (word32)test_sha[0].outLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
if (XMEMCMP(hash, test_sha[0].output, test_sha[0].outLen) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION_GE(7, 0)) */
exit:
wc_Shake128_Free(&sha);
wc_Shake128_Free(shaCopy);
out:
WC_FREE_VAR(shaCopy, HEAP_HINT);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
#endif
#ifdef WOLFSSL_SHAKE256
static wc_test_ret_t shake256_absorb_test(wc_Shake* sha, byte *large_input_buf,
size_t large_input_buf_size)
{
wc_test_ret_t ret = 0;
int i;
static const char large_digest[] =
"\x21\x25\x8e\xae\x6e\x4f\xa7\xe1\xb9\x6d\xa7\xc9\x7d\x46\x03\x69"
"\x29\x0d\x81\x49\xba\x5d\xaf\x37\xfd\xeb\x25\x52\x1d\xd9\xbd\x65"
"\xfa\x99\xb9\xd1\x70\x6b\xeb\xd4\xc1\x2c\xea\x24\x20\x27\xa7\xcd"
"\xfa\xe1\x81\xd9\xd5\xc1\x1c\xc7\xe9\x70\xc3\xc7\x21\x6f\x32\x22"
"\xe3\x27\xdb\x58\x5e\xea\x18\x2d\x63\x4d\x14\x6c\x94\xcf\x2b\x7e"
"\x6e\x2a\x74\xf3\xe0\xac\xb3\xb2\xcc\xef\x38\xe9\xe7\x35\xb3\xc5"
"\x77\x9d\xff\xe3\x08\x8e\xf8\x2c\x89\xbb\x45\x22\x16\x99\x91\xc0"
"\xe7\x71\x57\x75\xc5\xb1\xc6\xaf\x27\xcb\x64\x8c\xc4\xee\x3d\x5f"
"\x4c\x35\xfb\x1c\xf3\xf8\x0e\xfd\x5e\xfc\x07\xd8\x4d\x55\x32\x49"
"\x45\x0d\xab\x4a\x49\xc4\x83\xde\xd2\x50\xc9\x33\x8f\x85\xcd\x93"
"\x7a\xe6\x6b\xb4\x36\xf3\xb4\x02\x6e\x85\x9f\xda\x1c\xa5\x71\x43"
"\x2f\x3b\xfc\x09\xe7\xc0\x3c\xa4\xd1\x83\xb7\x41\x11\x1c\xa0\x48"
"\x3d\x0e\xda\xbc\x03\xfe\xb2\x3b\x17\xee\x48\xe8\x44\xba\x24\x08"
"\xd9\xdc\xfd\x01\x39\xd2\xe8\xc7\x31\x01\x25\xae\xe8\x01\xc6\x1a"
"\xb7\x90\x0d\x1e\xfc\x47\xc0\x78\x28\x17\x66\xf3\x61\xc5\xe6\x11"
"\x13\x46\x23\x5e\x1d\xc3\x83\x25\x66\x6c\x68\x1b\x30\xdd\xc4\xe6"
"\x83\x8b\x0f\x23\x58\x7e\x06\x5f\x4a\x2b\xed\xc9\x6c\x97\x68\x44";
byte hash[sizeof(large_digest) - 1];
testVector a, b, c, d, e;
testVector test_sha[5];
/*
** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHAKE256_Msg0.pdf
*/
a.input = "";
a.output = "\x46\xb9\xdd\x2b\x0b\xa8\x8d\x13\x23\x3b\x3f\xeb\x74\x3e\xeb"
"\x24\x3f\xcd\x52\xea\x62\xb8\x1b\x82\xb5\x0c\x27\x64\x6e\xd5"
"\x76\x2f\xd7\x5d\xc4\xdd\xd8\xc0\xf2\x00\xcb\x05\x01\x9d\x67"
"\xb5\x92\xf6\xfc\x82\x1c\x49\x47\x9a\xb4\x86\x40\x29\x2e\xac"
"\xb3\xb7\xc4\xbe\x14\x1e\x96\x61\x6f\xb1\x39\x57\x69\x2c\xc7"
"\xed\xd0\xb4\x5a\xe3\xdc\x07\x22\x3c\x8e\x92\x93\x7b\xef\x84"
"\xbc\x0e\xab\x86\x28\x53\x34\x9e\xc7\x55\x46\xf5\x8f\xb7\xc2"
"\x77\x5c\x38\x46\x2c\x50\x10\xd8\x46\xc1\x85\xc1\x51\x11\xe5"
"\x95\x52\x2a\x6b\xcd\x16\xcf\x86\xf3\xd1\x22\x10\x9e\x3b\x1f"
"\xdd";
a.inLen = XSTRLEN(a.input);
a.outLen = WC_SHA3_256_BLOCK_SIZE;
b.input = "abc";
b.output = "\x48\x33\x66\x60\x13\x60\xa8\x77\x1c\x68\x63\x08\x0c\xc4\x11"
"\x4d\x8d\xb4\x45\x30\xf8\xf1\xe1\xee\x4f\x94\xea\x37\xe7\x8b"
"\x57\x39\xd5\xa1\x5b\xef\x18\x6a\x53\x86\xc7\x57\x44\xc0\x52"
"\x7e\x1f\xaa\x9f\x87\x26\xe4\x62\xa1\x2a\x4f\xeb\x06\xbd\x88"
"\x01\xe7\x51\xe4\x13\x85\x14\x12\x04\xf3\x29\x97\x9f\xd3\x04"
"\x7a\x13\xc5\x65\x77\x24\xad\xa6\x4d\x24\x70\x15\x7b\x3c\xdc"
"\x28\x86\x20\x94\x4d\x78\xdb\xcd\xdb\xd9\x12\x99\x3f\x09\x13"
"\xf1\x64\xfb\x2c\xe9\x51\x31\xa2\xd0\x9a\x3e\x6d\x51\xcb\xfc"
"\x62\x27\x20\xd7\xa7\x5c\x63\x34\xe8\xa2\xd7\xec\x71\xa7\xcc"
"\x29";
b.inLen = XSTRLEN(b.input);
b.outLen = WC_SHA3_256_BLOCK_SIZE;
c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
c.output = "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f\x6f\x87"
"\x13\x3a\x79\x11\xe1\x8d\x97\x9e\xe1\xae\x6b\xe5\xd4\xfd\x2e"
"\x33\x29\x40\xd8\x68\x8a\x4e\x6a\x59\xaa\x80\x60\xf1\xf9\xbc"
"\x99\x6c\x05\xac\xa3\xc6\x96\xa8\xb6\x62\x79\xdc\x67\x2c\x74"
"\x0b\xb2\x24\xec\x37\xa9\x2b\x65\xdb\x05\x39\xc0\x20\x34\x55"
"\xf5\x1d\x97\xcc\xe4\xcf\xc4\x91\x27\xd7\x26\x0a\xfc\x67\x3a"
"\xf2\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67\x60"
"\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4\x9d\xd3\xef\x7e\x18\x2b"
"\x15\x24\xdf\x82\xea\x1c\xef\xe1\xc6\xc3\x96\x61\x75\xf0\x22"
"\x8d";
c.inLen = XSTRLEN(c.input);
c.outLen = WC_SHA3_256_BLOCK_SIZE;
/* Taken from NIST CAVP test vectors - full rate output. */
d.input = "\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb"
"\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8"
"\x85\xe0";
d.output = "\x00\x64\x8a\xfb\xc5\xe6\x51\x64\x9d\xb1\xfd\x82\x93\x6b\x00"
"\xdb\xbc\x12\x2f\xb4\xc8\x77\x86\x0d\x38\x5c\x49\x50\xd5\x6d"
"\xe7\xe0\x96\xd6\x13\xd7\xa3\xf2\x7e\xd8\xf2\x63\x34\xb0\xcc"
"\xc1\x40\x7b\x41\xdc\xcb\x23\xdf\xaa\x52\x98\x18\xd1\x12\x5c"
"\xd5\x34\x80\x92\x52\x43\x66\xb8\x5f\xab\xb9\x7c\x6c\xd1\xe6"
"\x06\x6f\x45\x9b\xcc\x56\x6d\xa8\x7e\xc9\xb7\xba\x36\x79\x2d"
"\x11\x8a\xc3\x9a\x4c\xce\xf6\x19\x2b\xbf\x3a\x54\xaf\x18\xe5"
"\x7b\x0c\x14\x61\x01\xf6\xae\xaa\x82\x2b\xc4\xb4\xc9\x70\x8b"
"\x09\xf0\xb3\xba\xb4\x1b\xcc\xe9\x64\xd9\x99\xd1\x10\x7b\xd7"
"\xc2";
d.inLen = 32;
d.outLen = WC_SHA3_256_BLOCK_SIZE;
/* Taken from NIST CAVP test vectors - more than one output block. */
e.input = "\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef"
"\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67"
"\x47\xe4";
e.output = "\x2e\x97\x5f\x6a\x8a\x14\xf0\x70\x4d\x51\xb1\x36\x67\xd8\x19"
"\x5c\x21\x9f\x71\xe6\x34\x56\x96\xc4\x9f\xa4\xb9\xd0\x8e\x92"
"\x25\xd3\xd3\x93\x93\x42\x51\x52\xc9\x7e\x71\xdd\x24\x60\x1c"
"\x11\xab\xcf\xa0\xf1\x2f\x53\xc6\x80\xbd\x3a\xe7\x57\xb8\x13"
"\x4a\x9c\x10\xd4\x29\x61\x58\x69\x21\x7f\xdd\x58\x85\xc4\xdb"
"\x17\x49\x85\x70\x3a\x6d\x6d\xe9\x4a\x66\x7e\xac\x30\x23\x44"
"\x3a\x83\x37\xae\x1b\xc6\x01\xb7\x6d\x7d\x38\xec\x3c\x34\x46"
"\x31\x05\xf0\xd3\x94\x9d\x78\xe5\x62\xa0\x39\xe4\x46\x95\x48"
"\xb6\x09\x39\x5d\xe5\xa4\xfd\x43\xc4\x6c\xa9\xfd\x6e\xe2\x9a"
"\xda\x5e\xfc\x07\xd8\x4d\x55\x32\x49\x45\x0d\xab\x4a\x49\xc4"
"\x83\xde\xd2\x50\xc9\x33\x8f\x85\xcd\x93\x7a\xe6\x6b\xb4\x36"
"\xf3\xb4\x02\x6e\x85\x9f\xda\x1c\xa5\x71\x43\x2f\x3b\xfc\x09"
"\xe7\xc0\x3c\xa4\xd1\x83\xb7\x41\x11\x1c\xa0\x48\x3d\x0e\xda"
"\xbc\x03\xfe\xb2\x3b\x17\xee\x48\xe8\x44\xba\x24\x08\xd9\xdc"
"\xfd\x01\x39\xd2\xe8\xc7\x31\x01\x25\xae\xe8\x01\xc6\x1a\xb7"
"\x90\x0d\x1e\xfc\x47\xc0\x78\x28\x17\x66\xf3\x61\xc5\xe6\x11"
"\x13\x46\x23\x5e\x1d\xc3\x83\x25\x66\x6c\x68\x1b\x30\xdd\xc4"
"\xe6\x83\x8b\x0f\x23\x58\x7e\x06\x5f\x4a\x2b\xed\xc9\x6c\x97"
"\x68\x44";
e.inLen = 32;
e.outLen = 2 * WC_SHA3_256_BLOCK_SIZE;
test_sha[0] = a;
test_sha[1] = b;
test_sha[2] = c;
test_sha[3] = d;
test_sha[4] = e;
for (i = 0; i < 5; ++i) {
ret = wc_InitShake256(sha, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
ret = wc_Shake256_Absorb(sha, (const byte*)test_sha[i].input,
(word32)test_sha[i].inLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
ret = wc_Shake256_SqueezeBlocks(sha, hash,
(word32)test_sha[i].outLen / WC_SHA3_256_BLOCK_SIZE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
if (XMEMCMP(hash, test_sha[i].output, (word32)test_sha[i].outLen) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
}
#ifndef NO_LARGE_HASH_TEST
/* BEGIN LARGE HASH TEST */ {
for (i = 0; i < (int)large_input_buf_size; i++) {
large_input_buf[i] = (byte)(i & 0xFF);
}
ret = wc_InitShake256(sha, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
/* Absorb is non-incremental. */
ret = wc_Shake256_Absorb(sha, large_input_buf,
(word32)large_input_buf_size);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
/* Able to squeeze out blocks incrementally. */
ret = wc_Shake256_SqueezeBlocks(sha, hash, 1);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Shake256_SqueezeBlocks(sha, hash,
((word32)sizeof(hash) / WC_SHA3_256_BLOCK_SIZE) - 1);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
if (XMEMCMP(hash, large_digest, sizeof(hash)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
} /* END LARGE HASH TEST */
#endif /* NO_LARGE_HASH_TEST */
exit:
return ret;
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake256_test(void)
{
byte hash[250];
#define SHAKE256_LARGE_INPUT_BUFSIZ 1024
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
byte *large_input = NULL;
#else
byte large_input[SHAKE256_LARGE_INPUT_BUFSIZ];
#endif
static const char large_digest[] =
"\x90\x32\x4a\xcc\xd1\xdf\xb8\x0b\x79\x1f\xb8\xc8\x5b\x54\xc8\xe7"
"\x45\xf5\x60\x6b\x38\x26\xb2\x0a\xee\x38\x01\xf3\xd9\xfa\x96\x9f"
"\x6a\xd7\x15\xdf\xb6\xc2\xf4\x20\x33\x44\x55\xe8\x2a\x09\x2b\x68"
"\x2e\x18\x65\x5e\x65\x93\x28\xbc\xb1\x9e\xe2\xb1\x92\xea\x98\xac"
"\x21\xef\x4c\xe1\xb4\xb7\xbe\x81\x5c\x1d\xd3\xb7\x17\xe5\xbb\xc5"
"\x8c\x68\xb7\xfb\xac\x55\x8a\x9b\x4d\x91\xe4\x9f\x72\xbb\x6e\x38"
"\xaf\x21\x7d\x21\xaa\x98\x4e\x75\xc4\xb4\x1c\x7c\x50\x45\x54\xf9"
"\xea\x26";
/*
** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHAKE256_Msg0.pdf
** d/e: NIST CAVP - full rate / multi-block output.
*/
static const testVector test_sha[5] = {
{ "",
"\x46\xb9\xdd\x2b\x0b\xa8\x8d\x13\x23\x3b\x3f\xeb\x74\x3e\xeb"
"\x24\x3f\xcd\x52\xea\x62\xb8\x1b\x82\xb5\x0c\x27\x64\x6e\xd5"
"\x76\x2f\xd7\x5d\xc4\xdd\xd8\xc0\xf2\x00\xcb\x05\x01\x9d\x67"
"\xb5\x92\xf6\xfc\x82\x1c\x49\x47\x9a\xb4\x86\x40\x29\x2e\xac"
"\xb3\xb7\xc4\xbe\x14\x1e\x96\x61\x6f\xb1\x39\x57\x69\x2c\xc7"
"\xed\xd0\xb4\x5a\xe3\xdc\x07\x22\x3c\x8e\x92\x93\x7b\xef\x84"
"\xbc\x0e\xab\x86\x28\x53\x34\x9e\xc7\x55\x46\xf5\x8f\xb7\xc2"
"\x77\x5c\x38\x46\x2c\x50\x10\xd8\x46",
0, 114 },
{ "abc",
"\x48\x33\x66\x60\x13\x60\xa8\x77\x1c\x68\x63\x08\x0c\xc4\x11"
"\x4d\x8d\xb4\x45\x30\xf8\xf1\xe1\xee\x4f\x94\xea\x37\xe7\x8b"
"\x57\x39\xd5\xa1\x5b\xef\x18\x6a\x53\x86\xc7\x57\x44\xc0\x52"
"\x7e\x1f\xaa\x9f\x87\x26\xe4\x62\xa1\x2a\x4f\xeb\x06\xbd\x88"
"\x01\xe7\x51\xe4\x13\x85\x14\x12\x04\xf3\x29\x97\x9f\xd3\x04"
"\x7a\x13\xc5\x65\x77\x24\xad\xa6\x4d\x24\x70\x15\x7b\x3c\xdc"
"\x28\x86\x20\x94\x4d\x78\xdb\xcd\xdb\xd9\x12\x99\x3f\x09\x13"
"\xf1\x64\xfb\x2c\xe9\x51\x31\xa2\xd0",
3, 114 },
{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
"\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f\x6f\x87"
"\x13\x3a\x79\x11\xe1\x8d\x97\x9e\xe1\xae\x6b\xe5\xd4\xfd\x2e"
"\x33\x29\x40\xd8\x68\x8a\x4e\x6a\x59\xaa\x80\x60\xf1\xf9\xbc"
"\x99\x6c\x05\xac\xa3\xc6\x96\xa8\xb6\x62\x79\xdc\x67\x2c\x74"
"\x0b\xb2\x24\xec\x37\xa9\x2b\x65\xdb\x05\x39\xc0\x20\x34\x55"
"\xf5\x1d\x97\xcc\xe4\xcf\xc4\x91\x27\xd7\x26\x0a\xfc\x67\x3a"
"\xf2\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67\x60"
"\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4",
56, 114 },
{ "\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb"
"\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8"
"\x85\xe0",
"\x00\x64\x8a\xfb\xc5\xe6\x51\x64\x9d\xb1\xfd\x82\x93\x6b\x00"
"\xdb\xbc\x12\x2f\xb4\xc8\x77\x86\x0d\x38\x5c\x49\x50\xd5\x6d"
"\xe7\xe0\x96\xd6\x13\xd7\xa3\xf2\x7e\xd8\xf2\x63\x34\xb0\xcc"
"\xc1\x40\x7b\x41\xdc\xcb\x23\xdf\xaa\x52\x98\x18\xd1\x12\x5c"
"\xd5\x34\x80\x92\x52\x43\x66\xb8\x5f\xab\xb9\x7c\x6c\xd1\xe6"
"\x06\x6f\x45\x9b\xcc\x56\x6d\xa8\x7e\xc9\xb7\xba\x36\x79\x2d"
"\x11\x8a\xc3\x9a\x4c\xce\xf6\x19\x2b\xbf\x3a\x54\xaf\x18\xe5"
"\x7b\x0c\x14\x61\x01\xf6\xae\xaa\x82\x2b\xc4\xb4\xc9\x70\x8b"
"\x09\xf0\xb3\xba\xb4\x1b\xcc\xe9\x64\xd9\x99\xd1\x10\x7b\xd7"
"\xc2",
32, 136 },
{ "\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef"
"\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67"
"\x47\xe4",
"\x2e\x97\x5f\x6a\x8a\x14\xf0\x70\x4d\x51\xb1\x36\x67\xd8\x19"
"\x5c\x21\x9f\x71\xe6\x34\x56\x96\xc4\x9f\xa4\xb9\xd0\x8e\x92"
"\x25\xd3\xd3\x93\x93\x42\x51\x52\xc9\x7e\x71\xdd\x24\x60\x1c"
"\x11\xab\xcf\xa0\xf1\x2f\x53\xc6\x80\xbd\x3a\xe7\x57\xb8\x13"
"\x4a\x9c\x10\xd4\x29\x61\x58\x69\x21\x7f\xdd\x58\x85\xc4\xdb"
"\x17\x49\x85\x70\x3a\x6d\x6d\xe9\x4a\x66\x7e\xac\x30\x23\x44"
"\x3a\x83\x37\xae\x1b\xc6\x01\xb7\x6d\x7d\x38\xec\x3c\x34\x46"
"\x31\x05\xf0\xd3\x94\x9d\x78\xe5\x62\xa0\x39\xe4\x46\x95\x48"
"\xb6\x09\x39\x5d\xe5\xa4\xfd\x43\xc4\x6c\xa9\xfd\x6e\xe2\x9a"
"\xda\x5e\xfc\x07\xd8\x4d\x55\x32\x49\x45\x0d\xab\x4a\x49\xc4"
"\x83\xde\xd2\x50\xc9\x33\x8f\x85\xcd\x93\x7a\xe6\x6b\xb4\x36"
"\xf3\xb4\x02\x6e\x85\x9f\xda\x1c\xa5\x71\x43\x2f\x3b\xfc\x09"
"\xe7\xc0\x3c\xa4\xd1\x83\xb7\x41\x11\x1c\xa0\x48\x3d\x0e\xda"
"\xbc\x03\xfe\xb2\x3b\x17\xee\x48\xe8\x44\xba\x24\x08\xd9\xdc"
"\xfd\x01\x39\xd2\xe8\xc7\x31\x01\x25\xae\xe8\x01\xc6\x1a\xb7"
"\x90\x0d\x1e\xfc\x47\xc0\x78\x28\x17\x66\xf3\x61\xc5\xe6\x11"
"\x13\x46\x23\x5e\x1d\xc3\x83\x25\x66\x6c",
32, 250 }
};
wc_Shake sha;
/* Heap-allocated when WOLFSSL_SMALL_STACK to avoid exceeding stack frame
* limit with two wc_Shake structs on the stack. */
WC_DECLARE_VAR(shaCopy, wc_Shake, 1, HEAP_HINT);
wc_test_ret_t ret = 0;
int i;
WOLFSSL_ENTER("shake256_test");
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
large_input = (byte *)XMALLOC(SHAKE256_LARGE_INPUT_BUFSIZ, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (large_input == NULL)
return WC_TEST_RET_ENC_ERRNO;
#endif
WC_ALLOC_VAR(shaCopy, wc_Shake, 1, HEAP_HINT);
if (!WC_VAR_OK(shaCopy)) {
ret = WC_TEST_RET_ENC_EC(MEMORY_E);
goto out;
}
ret = wc_InitShake256(&sha, HEAP_HINT, devId);
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret);
goto out;
}
for (i = 0; i < 5; ++i) {
ret = wc_Shake256_Update(&sha, (const byte*)test_sha[i].input,
(word32)test_sha[i].inLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
ret = wc_Shake256_Final(&sha, hash, (word32)test_sha[i].outLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
if (XMEMCMP(hash, test_sha[i].output, test_sha[i].outLen) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
}
#ifndef NO_LARGE_HASH_TEST
/* BEGIN LARGE HASH TEST */ {
int xtimes;
for (i = 0; i < (int)SHAKE256_LARGE_INPUT_BUFSIZ; i++) {
large_input[i] = (byte)(i & 0xFF);
}
xtimes = 100;
for (i = 0; i < xtimes; ++i) {
ret = wc_Shake256_Update(&sha, large_input, SHAKE256_LARGE_INPUT_BUFSIZ);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
}
ret = wc_Shake256_Final(&sha, hash, (word32)sizeof(hash));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
/* Note: original SHAKE256 test only compared first 114 bytes of large
* digest after Update/Final (matching this digest's length). */
if (XMEMCMP(hash, large_digest, 114) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
} /* END LARGE HASH TEST */
#endif /* NO_LARGE_HASH_TEST */
ret = shake256_absorb_test(&sha, large_input, SHAKE256_LARGE_INPUT_BUFSIZ);
if (ret != 0)
ERROR_OUT(ret, exit);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0))
/* Copy cleanup test: verify Copy into a previously-used dst does not leak
* resources (e.g., hardware contexts). Detectable by valgrind/ASAN. */
wc_Shake256_Free(&sha);
ret = wc_InitShake256(&sha, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_InitShake256(shaCopy, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
/* test_sha[1] is the "abc" vector, test_sha[0] is empty. */
ret = wc_Shake256_Update(shaCopy, (const byte*)test_sha[1].input,
(word32)test_sha[1].inLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Shake256_Update(&sha, (const byte*)test_sha[0].input,
(word32)test_sha[0].inLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Shake256_Copy(&sha, shaCopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_Shake256_Final(shaCopy, hash, (word32)test_sha[0].outLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
if (XMEMCMP(hash, test_sha[0].output, test_sha[0].outLen) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION_GE(7, 0)) */
exit:
wc_Shake256_Free(&sha);
wc_Shake256_Free(shaCopy);
out:
WC_FREE_VAR(shaCopy, HEAP_HINT);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
#endif
#ifdef WOLFSSL_SM3
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm3_test(void)
{
wc_Sm3 sm3, sm3Copy;
byte hash[WC_SM3_DIGEST_SIZE];
byte hashGet[WC_SM3_DIGEST_SIZE];
byte hashCopy[WC_SM3_DIGEST_SIZE];
wc_test_ret_t ret = 0;
testVector a, b, c;
testVector test_sm3[3];
int times = sizeof(test_sm3) / sizeof(struct testVector), i;
WOLFSSL_ENTER("sm3_test");
a.input = "";
a.output = "\x1a\xb2\x1d\x83\x55\xcf\xa1\x7f\x8e\x61\x19\x48\x31\xe8\x1a"
"\x8f\x22\xbe\xc8\xc7\x28\xfe\xfb\x74\x7e\xd0\x35\xeb\x50\x82"
"\xaa\x2b";
a.inLen = XSTRLEN(a.input);
a.outLen = WC_SM3_DIGEST_SIZE;
b.input = "abc";
b.output = "\x66\xc7\xf0\xf4\x62\xee\xed\xd9\xd1\xf2\xd4\x6b\xdc\x10\xe4"
"\xe2\x41\x67\xc4\x87\x5c\xf2\xf7\xa2\x29\x7d\xa0\x2b\x8f\x4b"
"\xa8\xe0";
b.inLen = XSTRLEN(b.input);
b.outLen = WC_SM3_DIGEST_SIZE;
c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
c.output = "\x63\x9b\x6c\xc5\xe6\x4d\x9e\x37\xa3\x90\xb1\x92\xdf\x4f\xa1"
"\xea\x07\x20\xab\x74\x7f\xf6\x92\xb9\xf3\x8c\x4e\x66\xad\x7b"
"\x8c\x05";
c.inLen = XSTRLEN(c.input);
c.outLen = WC_SM3_DIGEST_SIZE;
test_sm3[0] = a;
test_sm3[1] = b;
test_sm3[2] = c;
ret = wc_InitSm3(&sm3, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_InitSm3(&sm3Copy, HEAP_HINT, devId);
if (ret != 0) {
wc_Sm3Free(&sm3);
return WC_TEST_RET_ENC_EC(ret);
}
/* Test all the KATs. */
for (i = 0; i < times; ++i) {
ret = wc_Sm3Update(&sm3, (byte*)test_sm3[i].input,
(word32)test_sm3[i].inLen);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
}
/* Get the final hash but leave ready for more updates. */
ret = wc_Sm3GetHash(&sm3, hashGet);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
/* Make a copy of the hash. */
ret = wc_Sm3Copy(&sm3, &sm3Copy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
/* Get the final hash with original. */
ret = wc_Sm3Final(&sm3, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
/* Get the final hash with copy. */
ret = wc_Sm3Final(&sm3Copy, hashCopy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
/* Dispose of copy. */
wc_Sm3Free(&sm3Copy);
/* Check hashes match expected. */
if (XMEMCMP(hash, test_sm3[i].output, WC_SM3_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
if (XMEMCMP(hash, hashGet, WC_SM3_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
if (XMEMCMP(hash, hashCopy, WC_SM3_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
}
#ifndef NO_LARGE_HASH_TEST
{
word32 sz;
byte large_input[1024];
#ifdef HASH_SIZE_LIMIT
const char* large_digest =
"\x6c\x42\x57\x64\x8e\x45\xf3\xb6\xc0\x83\xd3\x41\x83\x66\x51\xb4"
"\x50\xfe\x06\xb5\xb7\x1e\xd5\x0d\x41\xfc\x1e\xe5\xc6\x57\x95\x0f";
times = 20;
#else
const char* large_digest =
"\x34\x51\x3c\xde\x7c\x30\xb7\xc5\xaa\x97\x3b\xed\xb3\x16\xb9\x76"
"\x35\x46\x14\x80\x2a\x57\xca\xd9\x48\xf9\x93\xcc\x1f\xdd\xab\x79";
times = 100;
#endif
/* Set large input to something. */
for (i = 0; i < (int)sizeof(large_input); i++) {
large_input[i] = (byte)(i & 0xFF);
}
/* Hash a large number of times. */
for (i = 0; i < times; ++i) {
ret = wc_Sm3Update(&sm3, (byte*)large_input,
(word32)sizeof(large_input));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
}
/* Calculate hash and compare to expected. */
ret = wc_Sm3Final(&sm3, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
if (XMEMCMP(hash, large_digest, WC_SM3_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
/* Check updating with various sizes works. */
for (sz = 1; sz <= 64; sz++) {
/* Hash a large number of times. */
for (i = 0; i < times; ++i) {
word32 o;
/* Update sz bytes at a time from large input buffer. */
for (o = 0; o + sz <= (word32)sizeof(large_input); o += sz) {
ret = wc_Sm3Update(&sm3, (byte*)(large_input + o), sz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(o), exit);
}
/* Check for left-overs. */
if (o < (word32)sizeof(large_input)) {
ret = wc_Sm3Update(&sm3, (byte*)(large_input + o),
(word32)sizeof(large_input) - o);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
}
}
/* Calculate hash and compare to expected. */
ret = wc_Sm3Final(&sm3, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(sz), exit);
if (XMEMCMP(hash, large_digest, WC_SM3_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(sz), exit);
}
}
#endif /* NO_LARGE_HASH_TEST */
exit:
wc_Sm3Free(&sm3);
wc_Sm3Free(&sm3Copy);
return ret;
}
#endif
#ifndef NO_HASH_WRAPPER
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
wc_HashAlg *hash = NULL;
#else
wc_HashAlg hash[1];
#endif
int ret, exp_ret;
int i, j;
int digestSz;
byte data[] = "0123456789abcdef0123456789abcdef0123456";
byte out[WC_MAX_DIGEST_SIZE];
byte hashOut[WC_MAX_DIGEST_SIZE];
#if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
enum wc_HashType hashType;
#endif
enum wc_HashType typesGood[] = { WC_HASH_TYPE_MD5, WC_HASH_TYPE_SHA,
WC_HASH_TYPE_SHA224, WC_HASH_TYPE_SHA256,
WC_HASH_TYPE_SHA384, WC_HASH_TYPE_SHA512,
WC_HASH_TYPE_SHA3_224,
WC_HASH_TYPE_SHA3_256,
WC_HASH_TYPE_SHA3_384,
WC_HASH_TYPE_SHA3_512 };
enum wc_HashType typesNoImpl[] = {
#ifdef NO_MD5
WC_HASH_TYPE_MD5,
#endif
#ifdef NO_SHA
WC_HASH_TYPE_SHA,
#endif
#ifndef WOLFSSL_SHA224
WC_HASH_TYPE_SHA224,
#endif
#ifdef NO_SHA256
WC_HASH_TYPE_SHA256,
#endif
#ifndef WOLFSSL_SHA384
WC_HASH_TYPE_SHA384,
#endif
#ifndef WOLFSSL_SHA512
WC_HASH_TYPE_SHA512,
#endif
#if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_224)
WC_HASH_TYPE_SHA3_224,
#endif
#if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_256)
WC_HASH_TYPE_SHA3_256,
#endif
#if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_384)
WC_HASH_TYPE_SHA3_384,
#endif
#if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_512)
WC_HASH_TYPE_SHA3_512,
#endif
WC_HASH_TYPE_NONE
};
enum wc_HashType typesBad[] = { WC_HASH_TYPE_NONE };
enum wc_HashType typesHashBad[] = {
#ifndef WOLFSSL_MD2
WC_HASH_TYPE_MD2,
#endif
#ifdef NO_MD4
WC_HASH_TYPE_MD4,
#endif
#if defined(NO_MD5) || defined(NO_SHA)
WC_HASH_TYPE_MD5_SHA,
#endif
#if !defined(HAVE_BLAKE2B)
WC_HASH_TYPE_BLAKE2B,
#endif
#if !defined(HAVE_BLAKE2S)
WC_HASH_TYPE_BLAKE2S,
#endif
WC_HASH_TYPE_NONE };
WOLFSSL_ENTER("hash_test");
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
hash = wc_HashNew(WC_HASH_TYPE_SHA256, HEAP_HINT, devId, &ret);
if (hash == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
else {
PRINT_HEAP_ADDRESS(hash);
}
#else
XMEMSET(hash, 0, sizeof(wc_HashAlg));
#endif
/* Parameter Validation testing. */
ret = wc_HashInit(NULL, WC_HASH_TYPE_SHA256);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, NULL, sizeof(data));
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_HashUpdate(hash, WC_HASH_TYPE_SHA256, NULL, sizeof(data));
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, data, sizeof(data));
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_HashFinal(hash, WC_HASH_TYPE_SHA256, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, out);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
/* Delete the WC_HASH_TYPE_SHA256 type hash for the following tests */
ret = wc_HashDelete(hash, &hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
/* Try invalid hash algorithms. */
for (i = 0; i < (int)(sizeof(typesBad)/sizeof(*typesBad)); i++) {
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
hash = wc_HashNew(typesBad[i], HEAP_HINT, devId, &ret);
#endif
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
}
/* // NOLINTBEGIN(clang-analyzer-optin.core.EnumCastOutOfRange) */
ret = wc_HashInit(hash, (enum wc_HashType)typesBad[i]);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
ret = wc_HashUpdate(hash, (enum wc_HashType)typesBad[i],
data, sizeof(data));
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
ret = wc_HashFinal(hash, (enum wc_HashType)typesBad[i], out);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
ret = wc_HashFree(hash, (enum wc_HashType)typesBad[i]);
/* // NOLINTEND(clang-analyzer-optin.core.EnumCastOutOfRange) */
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
ret = wc_HashDelete(hash, &hash);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
WOLFSSL_MSG("ERROR: wc_HashDelete failed, expected BAD_FUNC_ARG.");
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
}
#endif
}
/* Try valid hash algorithms. */
for (i = 0; i < (int)(sizeof(typesGood)/sizeof(*typesGood)); i++) {
exp_ret = 0; /* For valid hash, we expect return result to be zero */
/* See if the current hash type is one of the known types that are
* not implemented or not compiled in (disabled): */
for(j = 0; j < (int)(sizeof(typesNoImpl) / sizeof(*typesNoImpl)); j++) {
if (typesGood[i] == typesNoImpl[j]) {
exp_ret = HASH_TYPE_E;
break; /* found one. don't keep looking.
* we won't test hashes not implemented */
}
}
/* If the expected return value is HASH_TYPE_E before we've even started
* it must be a hash type not implemented or disabled, so skip it. */
if (exp_ret == WC_NO_ERR_TRACE(HASH_TYPE_E)) {
continue; /* go fetch the next typesGood[i] */
}
/* Good type and implemented: */
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
hash = wc_HashNew(typesGood[i], HEAP_HINT, devId, &ret);
if (hash == NULL) {
WOLFSSL_MSG("ERROR: wc_HashNew failed.");
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(BAD_FUNC_ARG), out);
}
#else
ret = wc_HashInit(hash, typesGood[i]);
if (ret != exp_ret)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
#endif
ret = wc_HashUpdate(hash, typesGood[i], data, sizeof(data));
if (ret != exp_ret)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
ret = wc_HashFinal(hash, typesGood[i], out);
if (ret != exp_ret)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
ret = wc_HashFree(hash, typesGood[i]);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
digestSz = wc_HashGetDigestSize(typesGood[i]);
if (exp_ret == 0 && digestSz < 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
if (exp_ret == 0) {
ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut,
(word32)digestSz - 1);
if (ret != WC_NO_ERR_TRACE(BUFFER_E))
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
}
ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut, (word32)digestSz);
if (ret != exp_ret)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
if (exp_ret == 0 && XMEMCMP(out, hashOut, (word32)digestSz) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
ret = wc_HashGetBlockSize(typesGood[i]);
if (exp_ret == 0 && ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
#if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
ret = wc_HashGetOID(typesGood[i]);
if ( (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) && (exp_ret == 0)) ||
(ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) ) {
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
}
hashType = wc_OidGetHash(ret);
if (exp_ret == 0 && hashType != typesGood[i])
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
#endif /* !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) */
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
ret = wc_HashDelete(hash, &hash);
if (ret < 0) {
WOLFSSL_MSG("ERROR: Failed to delete hash.");
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
}
#endif
} /* Valid hash functions */
/* non wc_HashAlg hash object tests follow: */
for (i = 0; i < (int)(sizeof(typesHashBad)/sizeof(*typesHashBad)); i++) {
ret = wc_Hash(typesHashBad[i], data, sizeof(data), out, sizeof(out));
if ((ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) &&
(ret != WC_NO_ERR_TRACE(BUFFER_E)) &&
(ret != WC_NO_ERR_TRACE(HASH_TYPE_E)))
{
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
}
}
#if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
ret = wc_HashGetOID(WC_HASH_TYPE_MD2);
#ifdef WOLFSSL_MD2
if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
{
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
#else
if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#ifdef WOLFSSL_OLD_OID_SUM
hashType = wc_OidGetHash(646); /* Md2h */
#else
hashType = wc_OidGetHash(0x044a8bdd); /* Md2h */
#endif
#ifdef WOLFSSL_MD2
if (hashType != WC_HASH_TYPE_MD2)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
if (hashType != WC_HASH_TYPE_NONE)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
ret = wc_HashGetOID(WC_HASH_TYPE_MD5_SHA);
#if !defined(NO_MD5) && !defined(NO_SHA)
if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
{
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
#else
if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
ret = wc_HashGetOID(WC_HASH_TYPE_MD4);
if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_HashGetOID(WC_HASH_TYPE_NONE);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
hashType = wc_OidGetHash(0);
if (hashType != WC_HASH_TYPE_NONE)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) */
ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD2);
#ifdef WOLFSSL_MD2
if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
{
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
#else
if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD2);
#ifdef WOLFSSL_MD2
if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
{
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
#else
if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD4);
#ifndef NO_MD4
if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
{
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
#else
if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD4);
#ifndef NO_MD4
if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
{
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
#else
if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD5_SHA);
#if !defined(NO_MD5) && !defined(NO_SHA)
if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
{
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
#else
if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD5_SHA);
#if !defined(NO_MD5) && !defined(NO_SHA)
if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
{
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
#else
if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
ret = wc_HashGetBlockSize(WC_HASH_TYPE_BLAKE2S);
#if defined(HAVE_BLAKE2S)
if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
{
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
#else
if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
ret = wc_HashGetDigestSize(WC_HASH_TYPE_BLAKE2S);
#if defined(HAVE_BLAKE2S)
if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
{
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
#else
if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
ret = wc_HashGetBlockSize(WC_HASH_TYPE_BLAKE2B);
#if defined(HAVE_BLAKE2B)
if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
{
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
#else
if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
ret = wc_HashGetDigestSize(WC_HASH_TYPE_BLAKE2B);
#if defined(HAVE_BLAKE2B)
if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) ||
ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
{
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
#else
if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
ret = wc_HashGetBlockSize(WC_HASH_TYPE_NONE);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_HashGetDigestSize(WC_HASH_TYPE_NONE);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#if !defined(NO_CERTS) && !defined(NO_ASN)
#if defined(WOLFSSL_MD2) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
ret = wc_GetCTC_HashOID(WC_HASH_TYPE_MD2);
if (ret == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
#ifndef NO_MD5
ret = wc_GetCTC_HashOID(WC_MD5);
if (ret == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
#ifndef NO_SHA
ret = wc_GetCTC_HashOID(WC_SHA);
if (ret == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
#ifdef WOLFSSL_SHA224
ret = wc_GetCTC_HashOID(WC_SHA224);
if (ret == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
#ifndef NO_SHA256
ret = wc_GetCTC_HashOID(WC_SHA256);
if (ret == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
#ifdef WOLFSSL_SHA384
ret = wc_GetCTC_HashOID(WC_SHA384);
if (ret == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
#ifdef WOLFSSL_SHA512
ret = wc_GetCTC_HashOID(WC_SHA512);
if (ret == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
ret = wc_GetCTC_HashOID(-1);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
ret = 0;
out:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
(void)wc_HashDelete(hash, &hash);
#endif
return ret;
}
#endif /* !NO_HASH_WRAPPER */
#if !defined(NO_HMAC) && !defined(NO_MD5) && !(defined(HAVE_FIPS) && \
defined(HAVE_FIPS_VERSION) && \
(HAVE_FIPS_VERSION >= 5))
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_md5_test(void)
{
Hmac hmac;
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
WC_DECLARE_VAR(hmac_copy, Hmac, 1, HEAP_HINT);
#endif
byte hash[WC_MD5_DIGEST_SIZE];
const char* keys[]=
{
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
"Jefe",
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA",
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
};
testVector a, b, c, d;
testVector test_hmac[4];
wc_test_ret_t ret = WC_TEST_RET_ENC_NC;
int times = sizeof(test_hmac) / sizeof(testVector), i;
WOLFSSL_ENTER("hmac_md5_test");
/* Following test vectors are from RFC 2202 section 2 */
a.input = "Hi There";
a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc"
"\x9d";
a.inLen = XSTRLEN(a.input);
a.outLen = WC_MD5_DIGEST_SIZE;
b.input = "what do ya want for nothing?";
b.output = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7"
"\x38";
b.inLen = XSTRLEN(b.input);
b.outLen = WC_MD5_DIGEST_SIZE;
c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD";
c.output = "\x56\xbe\x34\x52\x1d\x14\x4c\x88\xdb\xb8\xc7\x33\xf0\xe8\xb3"
"\xf6";
c.inLen = XSTRLEN(c.input);
c.outLen = WC_MD5_DIGEST_SIZE;
d.input = "Test Using Larger Than Block-Size Key - Hash Key First";
d.output = "\x6b\x1a\xb7\xfe\x4b\xd7\xbf\x8f\x0b\x62\xe6\xce\x61\xb9\xd0"
"\xcd";
d.inLen = XSTRLEN(d.input);
d.outLen = WC_MD5_DIGEST_SIZE;
test_hmac[0] = a;
test_hmac[1] = b;
test_hmac[2] = c;
test_hmac[3] = d;
XMEMSET(&hmac, 0, sizeof(hmac));
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
WC_CALLOC_VAR_EX(hmac_copy, Hmac, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER,
return WC_TEST_RET_ENC_EC(MEMORY_E));
#endif
for (i = 0; i < times; ++i) {
#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
if (i == 1) {
continue; /* cavium can't handle short keys, fips not allowed */
}
#endif
ret = wc_HmacInit(&hmac, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[i],
(word32)XSTRLEN(keys[i]));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
ret = wc_HmacCopy(&hmac, hmac_copy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_HmacFinal(&hmac, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(hash, test_hmac[i].output, WC_MD5_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
wc_HmacFree(&hmac);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
ret = wc_HmacUpdate(hmac_copy, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_HmacFinal(hmac_copy, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(hash, test_hmac[i].output, WC_MD5_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
wc_HmacFree(hmac_copy);
#endif
}
out:
wc_HmacFree(&hmac);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
wc_HmacFree(hmac_copy);
WC_FREE_VAR_EX(hmac_copy, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
if (ret == 0) {
if ((ret = wc_HmacSizeByType(WC_MD5)) != WC_MD5_DIGEST_SIZE)
return WC_TEST_RET_ENC_EC(ret);
ret = 0;
}
#endif
return ret;
}
#endif /* !NO_HMAC && !NO_MD5 && (!HAVE_FIPS || (HAVE_FIPS_VERSION < 5)) */
#if !defined(NO_HMAC) && !defined(NO_SHA)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha_test(void)
{
Hmac hmac;
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
WC_DECLARE_VAR(hmac_copy, Hmac, 1, HEAP_HINT);
#endif
byte hash[WC_SHA_DIGEST_SIZE];
const char* keys[]=
{
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b",
"Jefe",
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA",
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
};
testVector a, b, c, d;
testVector test_hmac[4];
wc_test_ret_t ret = WC_TEST_RET_ENC_NC;
int times = sizeof(test_hmac) / sizeof(testVector), i;
#if FIPS_VERSION3_GE(6,0,0)
int allowShortKeyWithFips = 1;
#endif
WOLFSSL_ENTER("hmac_sha_test");
/* Following test vectors are from RFC 2202 section 3 */
a.input = "Hi There";
a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c"
"\x8e\xf1\x46\xbe\x00";
a.inLen = XSTRLEN(a.input);
a.outLen = WC_SHA_DIGEST_SIZE;
b.input = "what do ya want for nothing?";
b.output = "\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74\x16\xd5\xf1\x84\xdf"
"\x9c\x25\x9a\x7c\x79";
b.inLen = XSTRLEN(b.input);
b.outLen = WC_SHA_DIGEST_SIZE;
c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD";
c.output = "\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b"
"\x4f\x63\xf1\x75\xd3";
c.inLen = XSTRLEN(c.input);
c.outLen = WC_SHA_DIGEST_SIZE;
d.input = "Test Using Larger Than Block-Size Key - Hash Key First";
d.output = "\xaa\x4a\xe5\xe1\x52\x72\xd0\x0e\x95\x70\x56\x37\xce\x8a\x3b"
"\x55\xed\x40\x21\x12";
d.inLen = XSTRLEN(d.input);
d.outLen = WC_SHA_DIGEST_SIZE;
test_hmac[0] = a;
test_hmac[1] = b;
test_hmac[2] = c;
test_hmac[3] = d;
XMEMSET(&hmac, 0, sizeof(hmac));
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
WC_CALLOC_VAR_EX(hmac_copy, Hmac, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER,
return WC_TEST_RET_ENC_EC(MEMORY_E));
#endif
for (i = 0; i < times; ++i) {
#if defined(HAVE_CAVIUM) || (defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0))
if (i == 1)
continue; /* cavium can't handle short keys, fips not allowed */
#endif
if ((ret = wc_HmacInit(&hmac, HEAP_HINT, devId)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[i],
(word32)XSTRLEN(keys[i]));
#if FIPS_VERSION3_GE(6,0,0)
if (i == 1) {
if (ret != WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* Now use the ex and allow short keys with FIPS option */
ret = wc_HmacSetKey_ex(&hmac, WC_SHA, (byte*) keys[i],
(word32)XSTRLEN(keys[i]), allowShortKeyWithFips);
}
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
ret = wc_HmacCopy(&hmac, hmac_copy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_HmacFinal(&hmac, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(hash, test_hmac[i].output, WC_SHA_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
wc_HmacFree(&hmac);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
ret = wc_HmacUpdate(hmac_copy, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_HmacFinal(hmac_copy, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(hash, test_hmac[i].output, WC_SHA_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
wc_HmacFree(hmac_copy);
#endif
}
out:
wc_HmacFree(&hmac);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
wc_HmacFree(hmac_copy);
WC_FREE_VAR_EX(hmac_copy, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
if (ret == 0) {
if ((ret = wc_HmacSizeByType(WC_SHA)) != WC_SHA_DIGEST_SIZE)
return WC_TEST_RET_ENC_EC(ret);
ret = 0;
}
#endif
return ret;
}
#endif
#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha224_test(void)
{
Hmac hmac;
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
WC_DECLARE_VAR(hmac_copy, Hmac, 1, HEAP_HINT);
#endif
byte hash[WC_SHA224_DIGEST_SIZE];
const char* keys[]=
{
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b",
"Jefe",
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA",
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA"
};
testVector a, b, c, d;
testVector test_hmac[4];
wc_test_ret_t ret = WC_TEST_RET_ENC_NC;
int times = sizeof(test_hmac) / sizeof(testVector), i;
WOLFSSL_ENTER("hmac_sha224_test");
/* Following test vectors are from RFC 4231 section 4 */
a.input = "Hi There";
a.output = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3"
"\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22";
a.inLen = XSTRLEN(a.input);
a.outLen = WC_SHA224_DIGEST_SIZE;
b.input = "what do ya want for nothing?";
b.output = "\xa3\x0e\x01\x09\x8b\xc6\xdb\xbf\x45\x69\x0f\x3a\x7e\x9e\x6d"
"\x0f\x8b\xbe\xa2\xa3\x9e\x61\x48\x00\x8f\xd0\x5e\x44";
b.inLen = XSTRLEN(b.input);
b.outLen = WC_SHA224_DIGEST_SIZE;
c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD";
c.output = "\x7f\xb3\xcb\x35\x88\xc6\xc1\xf6\xff\xa9\x69\x4d\x7d\x6a\xd2"
"\x64\x93\x65\xb0\xc1\xf6\x5d\x69\xd1\xec\x83\x33\xea";
c.inLen = XSTRLEN(c.input);
c.outLen = WC_SHA224_DIGEST_SIZE;
d.input = "Test Using Larger Than Block-Size Key - Hash Key First";
d.output = "\x95\xe9\xa0\xdb\x96\x20\x95\xad\xae\xbe\x9b\x2d\x6f\x0d\xbc\xe2\xd4\x99\xf1\x12\xf2\xd2\xb7\x27\x3f\xa6\x87\x0e";
d.inLen = XSTRLEN(d.input);
d.outLen = WC_SHA224_DIGEST_SIZE;
test_hmac[0] = a;
test_hmac[1] = b;
test_hmac[2] = c;
test_hmac[3] = d;
XMEMSET(&hmac, 0, sizeof(hmac));
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
WC_CALLOC_VAR_EX(hmac_copy, Hmac, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER,
return WC_TEST_RET_ENC_EC(MEMORY_E));
#endif
for (i = 0; i < times; ++i) {
#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
if (i == 1)
continue; /* cavium can't handle short keys, fips not allowed */
#endif
if ((ret = wc_HmacInit(&hmac, HEAP_HINT, devId)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[i],
(word32)XSTRLEN(keys[i]));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
ret = wc_HmacCopy(&hmac, hmac_copy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_HmacFinal(&hmac, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(hash, test_hmac[i].output, WC_SHA224_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
wc_HmacFree(&hmac);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
ret = wc_HmacUpdate(hmac_copy, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_HmacFinal(hmac_copy, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(hash, test_hmac[i].output, WC_SHA224_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
wc_HmacFree(hmac_copy);
#endif
}
out:
wc_HmacFree(&hmac);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
wc_HmacFree(hmac_copy);
WC_FREE_VAR_EX(hmac_copy, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
if (ret == 0) {
if ((ret = wc_HmacSizeByType(WC_SHA224)) != WC_SHA224_DIGEST_SIZE)
return WC_TEST_RET_ENC_EC(ret);
ret = 0;
}
#endif
return ret;
}
#endif
#if !defined(NO_HMAC) && !defined(NO_SHA256)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha256_test(void)
{
Hmac hmac;
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
WC_DECLARE_VAR(hmac_copy, Hmac, 1, HEAP_HINT);
#endif
byte hash[WC_SHA256_DIGEST_SIZE];
const char* keys[]=
{
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b",
"Jefe",
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA",
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA",
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA"
};
testVector a, b, c, d, e;
testVector test_hmac[5];
wc_test_ret_t ret = WC_TEST_RET_ENC_NC;
int times = sizeof(test_hmac) / sizeof(testVector), i;
WOLFSSL_ENTER("hmac_sha256_test");
/* Following test vectors are from RFC 4231 section 4 */
a.input = "Hi There";
a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1"
"\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32"
"\xcf\xf7";
a.inLen = XSTRLEN(a.input);
a.outLen = WC_SHA256_DIGEST_SIZE;
b.input = "what do ya want for nothing?";
b.output = "\x5b\xdc\xc1\x46\xbf\x60\x75\x4e\x6a\x04\x24\x26\x08\x95\x75"
"\xc7\x5a\x00\x3f\x08\x9d\x27\x39\x83\x9d\xec\x58\xb9\x64\xec"
"\x38\x43";
b.inLen = XSTRLEN(b.input);
b.outLen = WC_SHA256_DIGEST_SIZE;
c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD";
c.output = "\x77\x3e\xa9\x1e\x36\x80\x0e\x46\x85\x4d\xb8\xeb\xd0\x91\x81"
"\xa7\x29\x59\x09\x8b\x3e\xf8\xc1\x22\xd9\x63\x55\x14\xce\xd5"
"\x65\xfe";
c.inLen = XSTRLEN(c.input);
c.outLen = WC_SHA256_DIGEST_SIZE;
d.input = 0;
d.output = "\x86\xe5\x4f\xd4\x48\x72\x5d\x7e\x5d\xcf\xe2\x23\x53\xc8\x28"
"\xaf\x48\x78\x1e\xb4\x8c\xae\x81\x06\xa7\xe1\xd4\x98\x94\x9f"
"\x3e\x46";
d.inLen = 0;
d.outLen = WC_SHA256_DIGEST_SIZE;
e.input = "Test Using Larger Than Block-Size Key - Hash Key First";
e.output = "\x60\xe4\x31\x59\x1e\xe0\xb6\x7f\x0d\x8a\x26\xaa\xcb\xf5\xb7"
"\x7f\x8e\x0b\xc6\x21\x37\x28\xc5\x14\x05\x46\x04\x0f\x0e\xe3"
"\x7f\x54";
e.inLen = XSTRLEN(e.input);;
e.outLen = WC_SHA256_DIGEST_SIZE;
test_hmac[0] = a;
test_hmac[1] = b;
test_hmac[2] = c;
test_hmac[3] = d;
test_hmac[4] = e;
XMEMSET(&hmac, 0, sizeof(hmac));
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
WC_CALLOC_VAR_EX(hmac_copy, Hmac, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER,
return WC_TEST_RET_ENC_EC(MEMORY_E));
#endif
for (i = 0; i < times; ++i) {
#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
if (i == 1)
continue; /* cavium can't handle short keys, fips not allowed */
#endif
#if defined(HAVE_INTEL_QA) || defined(HAVE_CAVIUM)
if (i == 3)
continue; /* QuickAssist can't handle empty HMAC */
#endif
if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[i],
(word32)XSTRLEN(keys[i]));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
ret = wc_HmacCopy(&hmac, hmac_copy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
if (test_hmac[i].input != NULL) {
ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
}
ret = wc_HmacFinal(&hmac, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
if (XMEMCMP(hash, test_hmac[i].output, WC_SHA256_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
wc_HmacFree(&hmac);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
if (test_hmac[i].input != NULL) {
ret = wc_HmacUpdate(hmac_copy, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
}
ret = wc_HmacFinal(hmac_copy, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
if (XMEMCMP(hash, test_hmac[i].output, WC_SHA256_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
wc_HmacFree(hmac_copy);
#endif
}
out:
wc_HmacFree(&hmac);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
wc_HmacFree(hmac_copy);
WC_FREE_VAR_EX(hmac_copy, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
if ((ret = wc_HmacSizeByType(WC_SHA256)) != WC_SHA256_DIGEST_SIZE)
return WC_TEST_RET_ENC_EC(ret);
#if FIPS_VERSION3_GE(6,0,0)
if ((ret = wc_HmacSizeByType(21)) != WC_NO_ERR_TRACE(HMAC_KAT_FIPS_E))
#else
if ((ret = wc_HmacSizeByType(21)) != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
#endif
{
return WC_TEST_RET_ENC_EC(ret);
}
#endif
if ((ret = wolfSSL_GetHmacMaxSize()) != WC_MAX_DIGEST_SIZE)
return WC_TEST_RET_ENC_EC(ret);
return 0;
}
#endif
#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha384_test(void)
{
Hmac hmac;
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
WC_DECLARE_VAR(hmac_copy, Hmac, 1, HEAP_HINT);
#endif
byte hash[WC_SHA384_DIGEST_SIZE];
const char* keys[]=
{
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b",
"Jefe",
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA",
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA"
};
testVector a, b, c, d;
testVector test_hmac[4];
wc_test_ret_t ret = WC_TEST_RET_ENC_NC;
int times = sizeof(test_hmac) / sizeof(testVector), i;
WOLFSSL_ENTER("hmac_sha384_test");
/* Following test vectors are from RFC 4231 section 4 */
a.input = "Hi There";
a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90"
"\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb"
"\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2"
"\xfa\x9c\xb6";
a.inLen = XSTRLEN(a.input);
a.outLen = WC_SHA384_DIGEST_SIZE;
b.input = "what do ya want for nothing?";
b.output = "\xaf\x45\xd2\xe3\x76\x48\x40\x31\x61\x7f\x78\xd2\xb5\x8a\x6b"
"\x1b\x9c\x7e\xf4\x64\xf5\xa0\x1b\x47\xe4\x2e\xc3\x73\x63\x22"
"\x44\x5e\x8e\x22\x40\xca\x5e\x69\xe2\xc7\x8b\x32\x39\xec\xfa"
"\xb2\x16\x49";
b.inLen = XSTRLEN(b.input);
b.outLen = WC_SHA384_DIGEST_SIZE;
c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD";
c.output = "\x88\x06\x26\x08\xd3\xe6\xad\x8a\x0a\xa2\xac\xe0\x14\xc8\xa8"
"\x6f\x0a\xa6\x35\xd9\x47\xac\x9f\xeb\xe8\x3e\xf4\xe5\x59\x66"
"\x14\x4b\x2a\x5a\xb3\x9d\xc1\x38\x14\xb9\x4e\x3a\xb6\xe1\x01"
"\xa3\x4f\x27";
c.inLen = XSTRLEN(c.input);
c.outLen = WC_SHA384_DIGEST_SIZE;
d.input = "Test Using Larger Than Block-Size Key - Hash Key First";
d.output = "\x4e\xce\x08\x44\x85\x81\x3e\x90\x88\xd2\xc6\x3a\x04\x1b\xc5"
"\xb4\x4f\x9e\xf1\x01\x2a\x2b\x58\x8f\x3c\xd1\x1f\x05\x03\x3a"
"\xc4\xc6\x0c\x2e\xf6\xab\x40\x30\xfe\x82\x96\x24\x8d\xf1\x63"
"\xf4\x49\x52";
d.inLen = XSTRLEN(d.input);
d.outLen = WC_SHA384_DIGEST_SIZE;
test_hmac[0] = a;
test_hmac[1] = b;
test_hmac[2] = c;
test_hmac[3] = d;
XMEMSET(&hmac, 0, sizeof(hmac));
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
WC_CALLOC_VAR_EX(hmac_copy, Hmac, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER,
return WC_TEST_RET_ENC_EC(MEMORY_E));
#endif
for (i = 0; i < times; ++i) {
#if defined(HAVE_FIPS)
if (i == 1)
continue; /* fips not allowed */
#endif
if ((ret = wc_HmacInit(&hmac, HEAP_HINT, devId)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[i],
(word32)XSTRLEN(keys[i]));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
ret = wc_HmacCopy(&hmac, hmac_copy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_HmacFinal(&hmac, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(hash, test_hmac[i].output, WC_SHA384_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
wc_HmacFree(&hmac);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
ret = wc_HmacUpdate(hmac_copy, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_HmacFinal(hmac_copy, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(hash, test_hmac[i].output, WC_SHA384_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
wc_HmacFree(hmac_copy);
#endif
}
out:
wc_HmacFree(&hmac);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
wc_HmacFree(hmac_copy);
WC_FREE_VAR_EX(hmac_copy, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
if (ret == 0) {
if ((ret = wc_HmacSizeByType(WC_SHA384)) != WC_SHA384_DIGEST_SIZE)
return WC_TEST_RET_ENC_EC(ret);
ret = 0;
}
#endif
return ret;
}
#endif
#if !defined(NO_HMAC) && defined(WOLFSSL_SHA512)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha512_test(void)
{
Hmac hmac;
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
WC_DECLARE_VAR(hmac_copy, Hmac, 1, HEAP_HINT);
#endif
byte hash[WC_SHA512_DIGEST_SIZE];
const char* keys[]=
{
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b",
"Jefe",
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA",
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA"
};
testVector a, b, c, d;
testVector test_hmac[4];
wc_test_ret_t ret = WC_TEST_RET_ENC_NC;
int times = sizeof(test_hmac) / sizeof(testVector), i;
WOLFSSL_ENTER("hmac_sha512_test");
/* Following test vectors are from RFC 4231 section 4 */
a.input = "Hi There";
a.output = "\x87\xaa\x7c\xde\xa5\xef\x61\x9d\x4f\xf0\xb4\x24\x1a\x1d\x6c"
"\xb0\x23\x79\xf4\xe2\xce\x4e\xc2\x78\x7a\xd0\xb3\x05\x45\xe1"
"\x7c\xde\xda\xa8\x33\xb7\xd6\xb8\xa7\x02\x03\x8b\x27\x4e\xae"
"\xa3\xf4\xe4\xbe\x9d\x91\x4e\xeb\x61\xf1\x70\x2e\x69\x6c\x20"
"\x3a\x12\x68\x54";
a.inLen = XSTRLEN(a.input);
a.outLen = WC_SHA512_DIGEST_SIZE;
b.input = "what do ya want for nothing?";
b.output = "\x16\x4b\x7a\x7b\xfc\xf8\x19\xe2\xe3\x95\xfb\xe7\x3b\x56\xe0"
"\xa3\x87\xbd\x64\x22\x2e\x83\x1f\xd6\x10\x27\x0c\xd7\xea\x25"
"\x05\x54\x97\x58\xbf\x75\xc0\x5a\x99\x4a\x6d\x03\x4f\x65\xf8"
"\xf0\xe6\xfd\xca\xea\xb1\xa3\x4d\x4a\x6b\x4b\x63\x6e\x07\x0a"
"\x38\xbc\xe7\x37";
b.inLen = XSTRLEN(b.input);
b.outLen = WC_SHA512_DIGEST_SIZE;
c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD";
c.output = "\xfa\x73\xb0\x08\x9d\x56\xa2\x84\xef\xb0\xf0\x75\x6c\x89\x0b"
"\xe9\xb1\xb5\xdb\xdd\x8e\xe8\x1a\x36\x55\xf8\x3e\x33\xb2\x27"
"\x9d\x39\xbf\x3e\x84\x82\x79\xa7\x22\xc8\x06\xb4\x85\xa4\x7e"
"\x67\xc8\x07\xb9\x46\xa3\x37\xbe\xe8\x94\x26\x74\x27\x88\x59"
"\xe1\x32\x92\xfb";
c.inLen = XSTRLEN(c.input);
c.outLen = WC_SHA512_DIGEST_SIZE;
d.input = "Test Using Larger Than Block-Size Key - Hash Key First";
d.output = "\x80\xb2\x42\x63\xc7\xc1\xa3\xeb\xb7\x14\x93\xc1\xdd\x7b\xe8"
"\xb4\x9b\x46\xd1\xf4\x1b\x4a\xee\xc1\x12\x1b\x01\x37\x83\xf8"
"\xf3\x52\x6b\x56\xd0\x37\xe0\x5f\x25\x98\xbd\x0f\xd2\x21\x5d"
"\x6a\x1e\x52\x95\xe6\x4f\x73\xf6\x3f\x0a\xec\x8b\x91\x5a\x98"
"\x5d\x78\x65\x98";
d.inLen = XSTRLEN(d.input);
d.outLen = WC_SHA512_DIGEST_SIZE;
test_hmac[0] = a;
test_hmac[1] = b;
test_hmac[2] = c;
test_hmac[3] = d;
XMEMSET(&hmac, 0, sizeof(hmac));
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
WC_CALLOC_VAR_EX(hmac_copy, Hmac, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER,
return WC_TEST_RET_ENC_EC(MEMORY_E));
#endif
for (i = 0; i < times; ++i) {
#if defined(HAVE_FIPS)
if (i == 1)
continue; /* fips not allowed */
#endif
if ((ret = wc_HmacInit(&hmac, HEAP_HINT, devId)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_HmacSetKey(&hmac, WC_SHA512, (byte*)keys[i],
(word32)XSTRLEN(keys[i]));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
ret = wc_HmacCopy(&hmac, hmac_copy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_HmacFinal(&hmac, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(hash, test_hmac[i].output, WC_SHA512_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
wc_HmacFree(&hmac);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
ret = wc_HmacUpdate(hmac_copy, (byte*)test_hmac[i].input,
(word32)test_hmac[i].inLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_HmacFinal(hmac_copy, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(hash, test_hmac[i].output, WC_SHA512_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
wc_HmacFree(hmac_copy);
#endif
}
out:
wc_HmacFree(&hmac);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
wc_HmacFree(hmac_copy);
WC_FREE_VAR_EX(hmac_copy, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
if (ret == 0) {
if ((ret = wc_HmacSizeByType(WC_SHA512)) != WC_SHA512_DIGEST_SIZE)
return WC_TEST_RET_ENC_EC(ret);
ret = 0;
}
#endif
return ret;
}
#endif
#if !defined(NO_HMAC) && defined(WOLFSSL_SHA3) && \
!defined(WOLFSSL_NOSHA3_224) && !defined(WOLFSSL_NOSHA3_256) && \
!defined(WOLFSSL_NOSHA3_384) && !defined(WOLFSSL_NOSHA3_512)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha3_test(void)
{
Hmac hmac;
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
WC_DECLARE_VAR(hmac_copy, Hmac, 1, HEAP_HINT);
#endif
byte hash[WC_SHA3_512_DIGEST_SIZE];
const char* key[4] =
{
"Jefe",
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
"\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
"\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
"\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
"\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
"\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
"\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
"\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
"\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
"\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
"\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
};
const char* input[4] =
{
"what do ya want for nothing?",
"Hi There",
"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd",
"Big Key Input"
};
const int hashType[4] =
{
WC_SHA3_224, WC_SHA3_256, WC_SHA3_384, WC_SHA3_512
};
const int hashSz[4] =
{
WC_SHA3_224_DIGEST_SIZE, WC_SHA3_256_DIGEST_SIZE,
WC_SHA3_384_DIGEST_SIZE, WC_SHA3_512_DIGEST_SIZE
};
const char* output[16] =
{
/* key = jefe, input = what do ya want for nothing? */
/* HMAC-SHA3-224 */
"\x7f\xdb\x8d\xd8\x8b\xd2\xf6\x0d\x1b\x79\x86\x34\xad\x38\x68\x11"
"\xc2\xcf\xc8\x5b\xfa\xf5\xd5\x2b\xba\xce\x5e\x66",
/* HMAC-SHA3-256 */
"\xc7\xd4\x07\x2e\x78\x88\x77\xae\x35\x96\xbb\xb0\xda\x73\xb8\x87"
"\xc9\x17\x1f\x93\x09\x5b\x29\x4a\xe8\x57\xfb\xe2\x64\x5e\x1b\xa5",
/* HMAC-SHA3-384 */
"\xf1\x10\x1f\x8c\xbf\x97\x66\xfd\x67\x64\xd2\xed\x61\x90\x3f\x21"
"\xca\x9b\x18\xf5\x7c\xf3\xe1\xa2\x3c\xa1\x35\x08\xa9\x32\x43\xce"
"\x48\xc0\x45\xdc\x00\x7f\x26\xa2\x1b\x3f\x5e\x0e\x9d\xf4\xc2\x0a",
/* HMAC-SHA3-512 */
"\x5a\x4b\xfe\xab\x61\x66\x42\x7c\x7a\x36\x47\xb7\x47\x29\x2b\x83"
"\x84\x53\x7c\xdb\x89\xaf\xb3\xbf\x56\x65\xe4\xc5\xe7\x09\x35\x0b"
"\x28\x7b\xae\xc9\x21\xfd\x7c\xa0\xee\x7a\x0c\x31\xd0\x22\xa9\x5e"
"\x1f\xc9\x2b\xa9\xd7\x7d\xf8\x83\x96\x02\x75\xbe\xb4\xe6\x20\x24",
/* key = 0b..., input = Hi There */
/* HMAC-SHA3-224 */
"\x3b\x16\x54\x6b\xbc\x7b\xe2\x70\x6a\x03\x1d\xca\xfd\x56\x37\x3d"
"\x98\x84\x36\x76\x41\xd8\xc5\x9a\xf3\xc8\x60\xf7",
/* HMAC-SHA3-256 */
"\xba\x85\x19\x23\x10\xdf\xfa\x96\xe2\xa3\xa4\x0e\x69\x77\x43\x51"
"\x14\x0b\xb7\x18\x5e\x12\x02\xcd\xcc\x91\x75\x89\xf9\x5e\x16\xbb",
/* HMAC-SHA3-384 */
"\x68\xd2\xdc\xf7\xfd\x4d\xdd\x0a\x22\x40\xc8\xa4\x37\x30\x5f\x61"
"\xfb\x73\x34\xcf\xb5\xd0\x22\x6e\x1b\xc2\x7d\xc1\x0a\x2e\x72\x3a"
"\x20\xd3\x70\xb4\x77\x43\x13\x0e\x26\xac\x7e\x3d\x53\x28\x86\xbd",
/* HMAC-SHA3-512 */
"\xeb\x3f\xbd\x4b\x2e\xaa\xb8\xf5\xc5\x04\xbd\x3a\x41\x46\x5a\xac"
"\xec\x15\x77\x0a\x7c\xab\xac\x53\x1e\x48\x2f\x86\x0b\x5e\xc7\xba"
"\x47\xcc\xb2\xc6\xf2\xaf\xce\x8f\x88\xd2\x2b\x6d\xc6\x13\x80\xf2"
"\x3a\x66\x8f\xd3\x88\x8b\xb8\x05\x37\xc0\xa0\xb8\x64\x07\x68\x9e",
/* key = aa..., output = dd... */
/* HMAC-SHA3-224 */
"\x67\x6c\xfc\x7d\x16\x15\x36\x38\x78\x03\x90\x69\x2b\xe1\x42\xd2"
"\xdf\x7c\xe9\x24\xb9\x09\xc0\xc0\x8d\xbf\xdc\x1a",
/* HMAC-SHA3-256 */
"\x84\xec\x79\x12\x4a\x27\x10\x78\x65\xce\xdd\x8b\xd8\x2d\xa9\x96"
"\x5e\x5e\xd8\xc3\x7b\x0a\xc9\x80\x05\xa7\xf3\x9e\xd5\x8a\x42\x07",
/* HMAC-SHA3-384 */
"\x27\x5c\xd0\xe6\x61\xbb\x8b\x15\x1c\x64\xd2\x88\xf1\xf7\x82\xfb"
"\x91\xa8\xab\xd5\x68\x58\xd7\x2b\xab\xb2\xd4\x76\xf0\x45\x83\x73"
"\xb4\x1b\x6a\xb5\xbf\x17\x4b\xec\x42\x2e\x53\xfc\x31\x35\xac\x6e",
/* HMAC-SHA3-512 */
"\x30\x9e\x99\xf9\xec\x07\x5e\xc6\xc6\xd4\x75\xed\xa1\x18\x06\x87"
"\xfc\xf1\x53\x11\x95\x80\x2a\x99\xb5\x67\x74\x49\xa8\x62\x51\x82"
"\x85\x1c\xb3\x32\xaf\xb6\xa8\x9c\x41\x13\x25\xfb\xcb\xcd\x42\xaf"
"\xcb\x7b\x6e\x5a\xab\x7e\xa4\x2c\x66\x0f\x97\xfd\x85\x84\xbf\x03",
/* key = big key, input = Big Key Input */
/* HMAC-SHA3-224 */
"\x29\xe0\x5e\x46\xc4\xa4\x5e\x46\x74\xbf\xd7\x2d\x1a\xd8\x66\xdb"
"\x2d\x0d\x10\x4e\x2b\xfa\xad\x53\x7d\x15\x69\x8b",
/* HMAC-SHA3-256 */
"\xb5\x5b\x8d\x64\xb6\x9c\x21\xd0\xbf\x20\x5c\xa2\xf7\xb9\xb1\x4e"
"\x88\x21\x61\x2c\x66\xc3\x91\xae\x6c\x95\x16\x85\x83\xe6\xf4\x9b",
/* HMAC-SHA3-384 */
"\xaa\x91\xb3\xa6\x2f\x56\xa1\xbe\x8c\x3e\x74\x38\xdb\x58\xd9\xd3"
"\x34\xde\xa0\x60\x6d\x8d\x46\xe0\xec\xa9\xf6\x06\x35\x14\xe6\xed"
"\x83\xe6\x7c\x77\x24\x6c\x11\xb5\x90\x82\xb5\x75\xda\x7b\x83\x2d",
/* HMAC-SHA3-512 */
"\x1c\xc3\xa9\x24\x4a\x4a\x3f\xbd\xc7\x20\x00\x16\x9b\x79\x47\x03"
"\x78\x75\x2c\xb5\xf1\x2e\x62\x7c\xbe\xef\x4e\x8f\x0b\x11\x2b\x32"
"\xa0\xee\xc9\xd0\x4d\x64\x64\x0b\x37\xf4\xdd\x66\xf7\x8b\xb3\xad"
"\x52\x52\x6b\x65\x12\xde\x0d\x7c\xc0\x8b\x60\x01\x6c\x37\xd7\xa8"
};
int i = 0, iMax = sizeof(input) / sizeof(input[0]),
j, jMax = sizeof(hashType) / sizeof(hashType[0]);
wc_test_ret_t ret = WC_TEST_RET_ENC_NC;
WOLFSSL_ENTER("hmac_sha3_test");
XMEMSET(&hmac, 0, sizeof(hmac));
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
WC_CALLOC_VAR_EX(hmac_copy, Hmac, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER,
return WC_TEST_RET_ENC_EC(MEMORY_E));
#endif
#ifdef HAVE_FIPS
/* FIPS requires a minimum length for HMAC keys, and "Jefe" is too
* short. Skip it in FIPS builds. */
i = 1;
#endif
for (; i < iMax; i++) {
for (j = 0; j < jMax; j++) {
if ((ret = wc_HmacInit(&hmac, HEAP_HINT, devId)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_HmacSetKey(&hmac, hashType[j], (byte*)key[i],
(word32)XSTRLEN(key[i]));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
ret = wc_HmacCopy(&hmac, hmac_copy);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
ret = wc_HmacUpdate(&hmac, (byte*)input[i],
(word32)XSTRLEN(input[i]));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_HmacFinal(&hmac, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(hash, output[(i*jMax) + j], (size_t)hashSz[j]) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
wc_HmacFree(&hmac);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
ret = wc_HmacUpdate(hmac_copy, (byte*)input[i],
(word32)XSTRLEN(input[i]));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_HmacFinal(hmac_copy, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(hash, output[(i*jMax) + j], (size_t)hashSz[j]) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
wc_HmacFree(hmac_copy);
#endif
if (i > 0)
continue;
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
ret = wc_HmacSizeByType(hashType[j]);
if (ret != hashSz[j])
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
}
}
out:
wc_HmacFree(&hmac);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0))
wc_HmacFree(hmac_copy);
WC_FREE_VAR_EX(hmac_copy, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
#endif
#ifdef WC_RC2
typedef struct rc2TestVector {
const char* input;
const char* output;
const char* key; /* Key, variable up to 128 bytes */
const char* iv; /* IV, 8-bytes */
int inLen;
int outLen;
int keyLen;
int effectiveKeyBits; /* Up to 1024 bits supported */
} rc2TestVector;
static wc_test_ret_t rc2_ecb_test(void)
{
wc_test_ret_t ret = 0;
byte cipher[RC2_BLOCK_SIZE];
byte plain[RC2_BLOCK_SIZE];
rc2TestVector a, b, c, d, e, f, g, h;
rc2TestVector test_rc2[8];
int times = sizeof(test_rc2) / sizeof(rc2TestVector), i;
a.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
a.output = "\xeb\xb7\x73\xf9\x93\x27\x8e\xff";
a.key = "\x00\x00\x00\x00\x00\x00\x00\x00";
a.inLen = RC2_BLOCK_SIZE;
a.outLen = RC2_BLOCK_SIZE;
a.keyLen = 8;
a.effectiveKeyBits = 63;
b.input = "\xff\xff\xff\xff\xff\xff\xff\xff";
b.output = "\x27\x8b\x27\xe4\x2e\x2f\x0d\x49";
b.key = "\xff\xff\xff\xff\xff\xff\xff\xff";
b.inLen = RC2_BLOCK_SIZE;
b.outLen = RC2_BLOCK_SIZE;
b.keyLen = 8;
b.effectiveKeyBits = 64;
c.input = "\x10\x00\x00\x00\x00\x00\x00\x01";
c.output = "\x30\x64\x9e\xdf\x9b\xe7\xd2\xc2";
c.key = "\x30\x00\x00\x00\x00\x00\x00\x00";
c.inLen = RC2_BLOCK_SIZE;
c.outLen = RC2_BLOCK_SIZE;
c.keyLen = 8;
c.effectiveKeyBits = 64;
d.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
d.output = "\x61\xa8\xa2\x44\xad\xac\xcc\xf0";
d.key = "\x88";
d.inLen = RC2_BLOCK_SIZE;
d.outLen = RC2_BLOCK_SIZE;
d.keyLen = 1;
d.effectiveKeyBits = 64;
e.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
e.output = "\x6c\xcf\x43\x08\x97\x4c\x26\x7f";
e.key = "\x88\xbc\xa9\x0e\x90\x87\x5a";
e.inLen = RC2_BLOCK_SIZE;
e.outLen = RC2_BLOCK_SIZE;
e.keyLen = 7;
e.effectiveKeyBits = 64;
f.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
f.output = "\x1a\x80\x7d\x27\x2b\xbe\x5d\xb1";
f.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
"\x0f\x79\xc3\x84\x62\x7b\xaf\xb2";
f.inLen = RC2_BLOCK_SIZE;
f.outLen = RC2_BLOCK_SIZE;
f.keyLen = 16;
f.effectiveKeyBits = 64;
g.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
g.output = "\x22\x69\x55\x2a\xb0\xf8\x5c\xa6";
g.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
"\x0f\x79\xc3\x84\x62\x7b\xaf\xb2";
g.inLen = RC2_BLOCK_SIZE;
g.outLen = RC2_BLOCK_SIZE;
g.keyLen = 16;
g.effectiveKeyBits = 128;
h.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
h.output = "\x5b\x78\xd3\xa4\x3d\xff\xf1\xf1";
h.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
"\x0f\x79\xc3\x84\x62\x7b\xaf\xb2"
"\x16\xf8\x0a\x6f\x85\x92\x05\x84"
"\xc4\x2f\xce\xb0\xbe\x25\x5d\xaf"
"\x1e";
h.inLen = RC2_BLOCK_SIZE;
h.outLen = RC2_BLOCK_SIZE;
h.keyLen = 33;
h.effectiveKeyBits = 129;
a.iv = b.iv = c.iv = d.iv = e.iv = f.iv = g.iv = h.iv = NULL;
test_rc2[0] = a;
test_rc2[1] = b;
test_rc2[2] = c;
test_rc2[3] = d;
test_rc2[4] = e;
test_rc2[5] = f;
test_rc2[6] = g;
test_rc2[7] = h;
for (i = 0; i < times; ++i) {
Rc2 enc;
XMEMSET(cipher, 0, RC2_BLOCK_SIZE);
XMEMSET(plain, 0, RC2_BLOCK_SIZE);
ret = wc_Rc2SetKey(&enc, (byte*)test_rc2[i].key, test_rc2[i].keyLen,
NULL, test_rc2[i].effectiveKeyBits);
if (ret != 0) {
return WC_TEST_RET_ENC_EC(ret);
}
/* ECB encrypt */
ret = wc_Rc2EcbEncrypt(&enc, cipher, (byte*)test_rc2[i].input,
(word32)test_rc2[i].outLen);
if (ret != 0) {
return WC_TEST_RET_ENC_EC(ret);
}
if (XMEMCMP(cipher, test_rc2[i].output, test_rc2[i].outLen)) {
return WC_TEST_RET_ENC_NC;
}
/* ECB decrypt */
ret = wc_Rc2EcbDecrypt(&enc, plain, cipher, RC2_BLOCK_SIZE);
if (ret != 0) {
return WC_TEST_RET_ENC_EC(ret);
}
if (XMEMCMP(plain, test_rc2[i].input, RC2_BLOCK_SIZE)) {
return WC_TEST_RET_ENC_NC;
}
}
return 0;
}
static wc_test_ret_t rc2_cbc_test(void)
{
wc_test_ret_t ret = 0;
byte cipher[128];
byte plain[128];
rc2TestVector a, b, c, d, e, f, g, h, i;
rc2TestVector test_rc2[9];
int times = sizeof(test_rc2) / sizeof(rc2TestVector), j;
/* key length = 7, effective key bits = 63 */
a.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00";
a.output = "\xEB\xB7\x73\xF9\x93\x27\x8E\xFF"
"\xF0\x51\x77\x8B\x65\xDB\x13\x57";
a.key = "\x00\x00\x00\x00\x00\x00\x00\x00";
a.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
a.inLen = RC2_BLOCK_SIZE*2;
a.outLen = RC2_BLOCK_SIZE*2;
a.keyLen = 8;
a.effectiveKeyBits = 63;
/* key length = 8, effective key bits = 64, all 0xFF */
b.input = "\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff";
b.output = "\xA3\xA1\x12\x65\x4F\x81\xC5\xCD"
"\xB6\x94\x3E\xEA\x3E\x8B\x9D\x1F";
b.key = "\xff\xff\xff\xff\xff\xff\xff\xff";
b.iv = "\xff\xff\xff\xff\xff\xff\xff\xff";
b.inLen = RC2_BLOCK_SIZE*2;
b.outLen = RC2_BLOCK_SIZE*2;
b.keyLen = 8;
b.effectiveKeyBits = 64;
/* key length = 8, effective key bits = 64 */
c.input = "\x10\x00\x00\x00\x00\x00\x00\x01"
"\x10\x00\x00\x00\x00\x00\x00\x01";
c.output = "\xB5\x70\x14\xA2\x5F\x40\xE3\x6D"
"\x81\x99\x8D\xE0\xB5\xD5\x3A\x05";
c.key = "\x30\x00\x00\x00\x00\x00\x00\x00";
c.iv = "\x30\x00\x00\x00\x00\x00\x00\x00";
c.inLen = RC2_BLOCK_SIZE*2;
c.outLen = RC2_BLOCK_SIZE*2;
c.keyLen = 8;
c.effectiveKeyBits = 64;
/* key length = 1, effective key bits = 64 */
d.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00";
d.output = "\x61\xA8\xA2\x44\xAD\xAC\xCC\xF0"
"\x6D\x19\xE8\xF1\xFC\xE7\x38\x87";
d.key = "\x88";
d.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
d.inLen = RC2_BLOCK_SIZE*2;
d.outLen = RC2_BLOCK_SIZE*2;
d.keyLen = 1;
d.effectiveKeyBits = 64;
/* key length = 7, effective key bits = 64 */
e.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00";
e.output = "\x6C\xCF\x43\x08\x97\x4C\x26\x7F"
"\xCC\x3C\x53\x57\x7C\xA1\xA4\x4B";
e.key = "\x88\xbc\xa9\x0e\x90\x87\x5a";
e.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
e.inLen = RC2_BLOCK_SIZE*2;
e.outLen = RC2_BLOCK_SIZE*2;
e.keyLen = 7;
e.effectiveKeyBits = 64;
/* key length = 16, effective key bits = 64 */
f.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00";
f.output = "\x1A\x80\x7D\x27\x2B\xBE\x5D\xB1"
"\x64\xEF\xE1\xC3\xB8\xAD\xFB\xBA";
f.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
"\x0f\x79\xc3\x84\x62\x7b\xaf\xb2";
f.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
f.inLen = RC2_BLOCK_SIZE*2;
f.outLen = RC2_BLOCK_SIZE*2;
f.keyLen = 16;
f.effectiveKeyBits = 64;
/* key length = 16, effective bits = 128 */
g.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00";
g.output = "\x22\x69\x55\x2A\xB0\xF8\x5C\xA6"
"\x53\x6E\xFD\x2D\x89\xE1\x2A\x73";
g.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
"\x0f\x79\xc3\x84\x62\x7b\xaf\xb2";
g.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
g.inLen = RC2_BLOCK_SIZE*2;
g.outLen = RC2_BLOCK_SIZE*2;
g.keyLen = 16;
g.effectiveKeyBits = 128;
/* key length = 33, effective bits = 129 */
h.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00";
h.output = "\x5B\x78\xD3\xA4\x3D\xFF\xF1\xF1"
"\x45\x30\xA8\xD5\xC7\x7C\x46\x19";
h.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
"\x0f\x79\xc3\x84\x62\x7b\xaf\xb2"
"\x16\xf8\x0a\x6f\x85\x92\x05\x84"
"\xc4\x2f\xce\xb0\xbe\x25\x5d\xaf"
"\x1e";
h.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
h.inLen = RC2_BLOCK_SIZE*2;
h.outLen = RC2_BLOCK_SIZE*2;
h.keyLen = 33;
h.effectiveKeyBits = 129;
/* key length = 10, effective bits = 40 */
i.input = "\x11\x22\x33\x44\x55\x66\x77\x88"
"\x99\xAA\xBB\xCC\xDD\xEE\xFF\x00"
"\x11\x22\x33\x44\x55\x66\x77\x88"
"\x99\xAA\xBB\xCC\xDD\xEE\xFF\x00";
i.output = "\x71\x2D\x11\x99\xC9\xA0\x78\x4F"
"\xCD\xF1\x1E\x3D\xFD\x21\x7E\xDB"
"\xB2\x6E\x0D\xA4\x72\xBC\x31\x51"
"\x48\xEF\x4E\x68\x3B\xDC\xCD\x7D";
i.key = "\x26\x1E\x57\x8E\xC9\x62\xBF\xB8"
"\x3E\x96";
i.iv = "\x01\x02\x03\x04\x05\x06\x07\x08";
i.inLen = RC2_BLOCK_SIZE*4;
i.outLen = RC2_BLOCK_SIZE*4;
i.keyLen = 10;
i.effectiveKeyBits = 40;
test_rc2[0] = a;
test_rc2[1] = b;
test_rc2[2] = c;
test_rc2[3] = d;
test_rc2[4] = e;
test_rc2[5] = f;
test_rc2[6] = g;
test_rc2[7] = h;
test_rc2[8] = i;
for (j = 0; j < times; ++j) {
Rc2 rc2;
XMEMSET(cipher, 0, sizeof(cipher));
XMEMSET(plain, 0, sizeof(plain));
ret = wc_Rc2SetKey(&rc2, (byte*)test_rc2[j].key, test_rc2[j].keyLen,
(byte*)test_rc2[j].iv, test_rc2[j].effectiveKeyBits);
if (ret != 0) {
return WC_TEST_RET_ENC_EC(ret);
}
ret = wc_Rc2CbcEncrypt(&rc2, cipher, (byte*)test_rc2[j].input,
test_rc2[j].inLen);
if (ret != 0) {
return WC_TEST_RET_ENC_EC(ret);
}
if (XMEMCMP(cipher, (byte*)test_rc2[j].output, test_rc2[j].outLen)) {
return WC_TEST_RET_ENC_NC;
}
/* reset IV for decrypt, since overridden by encrypt operation */
ret = wc_Rc2SetIV(&rc2, (byte*)test_rc2[j].iv);
if (ret != 0) {
return WC_TEST_RET_ENC_EC(ret);
}
ret = wc_Rc2CbcDecrypt(&rc2, plain, cipher, test_rc2[j].outLen);
if (ret != 0) {
return WC_TEST_RET_ENC_EC(ret);
}
if (XMEMCMP(plain, (byte*)test_rc2[j].input, test_rc2[j].inLen)) {
return WC_TEST_RET_ENC_NC;
}
}
return 0;
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rc2_test(void)
{
wc_test_ret_t ret = 0;
WOLFSSL_ENTER("rc2_test");
ret = rc2_ecb_test();
if (ret != 0) {
return ret;
}
return rc2_cbc_test();
}
#endif
#ifndef NO_RC4
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t arc4_test(void)
{
byte cipher[16];
byte plain[16];
wc_test_ret_t ret;
const char* keys[] =
{
"\x01\x23\x45\x67\x89\xab\xcd\xef",
"\x01\x23\x45\x67\x89\xab\xcd\xef",
"\x00\x00\x00\x00\x00\x00\x00\x00",
"\xef\x01\x23\x45"
};
testVector a, b, c, d;
testVector test_arc4[4];
int times = sizeof(test_arc4) / sizeof(testVector), i;
WOLFSSL_ENTER("arc4_test");
a.input = "\x01\x23\x45\x67\x89\xab\xcd\xef";
a.output = "\x75\xb7\x87\x80\x99\xe0\xc5\x96";
a.inLen = 8;
a.outLen = 8;
b.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
b.output = "\x74\x94\xc2\xe7\x10\x4b\x08\x79";
b.inLen = 8;
b.outLen = 8;
c.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
c.output = "\xde\x18\x89\x41\xa3\x37\x5d\x3a";
c.inLen = 8;
c.outLen = 8;
d.input = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
d.output = "\xd6\xa1\x41\xa7\xec\x3c\x38\xdf\xbd\x61";
d.inLen = 10;
d.outLen = 10;
test_arc4[0] = a;
test_arc4[1] = b;
test_arc4[2] = c;
test_arc4[3] = d;
for (i = 0; i < times; ++i) {
Arc4 enc;
Arc4 dec;
int keylen = 8; /* XSTRLEN with key 0x00 not good */
if (i == 3)
keylen = 4;
ret = wc_Arc4Init(&enc, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Arc4Init(&dec, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Arc4SetKey(&enc, (byte*)keys[i], (word32)keylen);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Arc4SetKey(&dec, (byte*)keys[i], (word32)keylen);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Arc4Process(&enc, cipher, (byte*)test_arc4[i].input,
(word32)test_arc4[i].outLen);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Arc4Process(&dec, plain, cipher, (word32)test_arc4[i].outLen);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(plain, test_arc4[i].input, test_arc4[i].outLen))
return WC_TEST_RET_ENC_I(i);
if (XMEMCMP(cipher, test_arc4[i].output, test_arc4[i].outLen))
return WC_TEST_RET_ENC_I(i);
wc_Arc4Free(&enc);
wc_Arc4Free(&dec);
}
return 0;
}
#endif
#ifdef HAVE_CHACHA
static wc_test_ret_t chacha_vector_test(ChaCha* enc, ChaCha* dec)
{
byte cipher[128];
byte plain[128];
byte sliver[64];
byte input[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
word32 keySz = 32;
wc_test_ret_t ret = 0;
int i;
int times = 4;
WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
};
WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
};
WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
};
/* 128 bit key */
WOLFSSL_SMALL_STACK_STATIC const byte key4[] =
{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
};
WOLFSSL_SMALL_STACK_STATIC const byte ivs1[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
WOLFSSL_SMALL_STACK_STATIC const byte ivs2[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
WOLFSSL_SMALL_STACK_STATIC const byte ivs3[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00};
WOLFSSL_SMALL_STACK_STATIC const byte ivs4[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
const byte a[] = {0x76,0xb8,0xe0,0xad,0xa0,0xf1,0x3d,0x90};
const byte b[] = {0x45,0x40,0xf0,0x5a,0x9f,0x1f,0xb2,0x96};
const byte c[] = {0xde,0x9c,0xba,0x7b,0xf3,0xd6,0x9e,0xf5};
const byte d[] = {0x89,0x67,0x09,0x52,0x60,0x83,0x64,0xfd};
const byte* test_chacha[4];
const byte* keys[4];
const byte* ivs[4];
test_chacha[0] = a;
test_chacha[1] = b;
test_chacha[2] = c;
test_chacha[3] = d;
keys[0] = key1;
keys[1] = key2;
keys[2] = key3;
keys[3] = key4;
ivs[0] = ivs1;
ivs[1] = ivs2;
ivs[2] = ivs3;
ivs[3] = ivs4;
for (i = 0; i < times; ++i) {
if (i < 3) {
keySz = 32;
}
else {
keySz = 16;
}
XMEMCPY(plain, keys[i], keySz);
XMEMSET(cipher, 0, 32);
XMEMCPY(cipher + 4, ivs[i], 8);
ret |= wc_Chacha_SetKey(enc, keys[i], keySz);
ret |= wc_Chacha_SetKey(dec, keys[i], keySz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret |= wc_Chacha_SetIV(enc, cipher, 0);
ret |= wc_Chacha_SetIV(dec, cipher, 0);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
XMEMCPY(plain, input, 8);
ret |= wc_Chacha_Process(enc, cipher, plain, (word32)8);
ret |= wc_Chacha_Process(dec, plain, cipher, (word32)8);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(test_chacha[i], cipher, 8))
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
if (XMEMCMP(plain, input, 8))
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
}
/* test of starting at a different counter
encrypts all of the information and decrypts starting at 2nd chunk */
XMEMSET(plain, 0, sizeof(plain));
XMEMSET(sliver, 1, sizeof(sliver)); /* set as 1's to not match plain */
XMEMSET(cipher, 0, sizeof(cipher));
XMEMCPY(cipher + 4, ivs[0], 8);
ret |= wc_Chacha_SetKey(enc, keys[0], keySz);
ret |= wc_Chacha_SetKey(dec, keys[0], keySz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret |= wc_Chacha_SetIV(enc, cipher, 0);
ret |= wc_Chacha_SetIV(dec, cipher, 1);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret |= wc_Chacha_Process(enc, cipher, plain, sizeof(plain));
ret |= wc_Chacha_Process(dec, sliver, cipher + 64, sizeof(sliver));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(plain + 64, sliver, 64))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
/* Test unaligned input buffer case */
{
ChaCha encAligned;
ChaCha encUnaligned;
byte keyBuf[32 + 1];
byte ivBuf[12 + 1];
byte pt[64];
byte ctAligned[64];
byte ctUnaligned[64];
XMEMCPY(keyBuf + 1, keys[0], 32);
XMEMCPY(ivBuf + 1, ivs[2], 12);
XMEMSET(pt, 0xa5, sizeof(pt));
ret = wc_Chacha_SetKey(&encAligned, keys[0], 32);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_Chacha_SetKey(&encUnaligned, keyBuf + 1, 32);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_Chacha_SetIV(&encAligned, ivs[2], 0);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_Chacha_SetIV(&encUnaligned, ivBuf + 1, 0);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_Chacha_Process(&encAligned, ctAligned, pt, sizeof(pt));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_Chacha_Process(&encUnaligned, ctUnaligned, pt, sizeof(pt));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(ctAligned, ctUnaligned, sizeof(ctAligned)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
out:
return ret;
}
#ifndef BENCH_EMBEDDED
static wc_test_ret_t chacha_large_msg_test(ChaCha* enc, ChaCha* dec)
{
WOLFSSL_SMALL_STACK_STATIC const byte key[] =
{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
};
WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00};
WOLFSSL_SMALL_STACK_STATIC const byte cipher_big_result[] = {
0x06, 0xa6, 0x5d, 0x31, 0x21, 0x6c, 0xdb, 0x37, 0x48, 0x7c, 0x01, 0x9d,
0x72, 0xdf, 0x0a, 0x5b, 0x64, 0x74, 0x20, 0xba, 0x9e, 0xe0, 0x26, 0x7a,
0xbf, 0xdf, 0x83, 0x34, 0x3b, 0x4f, 0x94, 0x3f, 0x37, 0x89, 0xaf, 0x00,
0xdf, 0x0f, 0x2e, 0x75, 0x16, 0x41, 0xf6, 0x7a, 0x86, 0x94, 0x9d, 0x32,
0x56, 0xf0, 0x79, 0x71, 0x68, 0x6f, 0xa6, 0x6b, 0xc6, 0x59, 0x49, 0xf6,
0x10, 0x34, 0x03, 0x03, 0x16, 0x53, 0x9a, 0x98, 0x2a, 0x46, 0xde, 0x17,
0x06, 0x65, 0x70, 0xca, 0x0a, 0x1f, 0xab, 0x80, 0x26, 0x96, 0x3f, 0x3e,
0x7a, 0x3c, 0xa8, 0x87, 0xbb, 0x65, 0xdd, 0x5e, 0x07, 0x7b, 0x34, 0xe0,
0x56, 0xda, 0x32, 0x13, 0x30, 0xc9, 0x0c, 0xd7, 0xba, 0xe4, 0x1f, 0xa6,
0x91, 0x4f, 0x72, 0x9f, 0xd9, 0x5c, 0x62, 0x7d, 0xa6, 0xc2, 0xbc, 0x87,
0xae, 0x64, 0x11, 0x94, 0x3b, 0xbc, 0x6c, 0x23, 0xbd, 0x7d, 0x00, 0xb4,
0x99, 0xf2, 0x68, 0xb5, 0x59, 0x70, 0x93, 0xad, 0x69, 0xd0, 0xb1, 0x28,
0x70, 0x92, 0xeb, 0xec, 0x39, 0x80, 0x82, 0xde, 0x44, 0xe2, 0x8a, 0x26,
0xb3, 0xe9, 0x45, 0xcf, 0x83, 0x76, 0x9f, 0x6a, 0xa0, 0x46, 0x4a, 0x3d,
0x26, 0x56, 0xaf, 0x49, 0x41, 0x26, 0x1b, 0x6a, 0x41, 0x37, 0x65, 0x91,
0x72, 0xc4, 0xe7, 0x3c, 0x17, 0x31, 0xae, 0x2e, 0x2b, 0x31, 0x45, 0xe4,
0x93, 0xd3, 0x10, 0xaa, 0xc5, 0x62, 0xd5, 0x11, 0x4b, 0x57, 0x1d, 0xad,
0x48, 0x06, 0xd0, 0x0d, 0x98, 0xa5, 0xc6, 0x5b, 0xd0, 0x9e, 0x22, 0xc0,
0x00, 0x32, 0x5a, 0xf5, 0x1c, 0x89, 0x6d, 0x54, 0x97, 0x55, 0x6b, 0x46,
0xc5, 0xc7, 0xc4, 0x48, 0x9c, 0xbf, 0x47, 0xdc, 0x03, 0xc4, 0x1b, 0xcb,
0x65, 0xa6, 0x91, 0x9d, 0x6d, 0xf1, 0xb0, 0x7a, 0x4d, 0x3b, 0x03, 0x95,
0xf4, 0x8b, 0x0b, 0xae, 0x39, 0xff, 0x3f, 0xf6, 0xc0, 0x14, 0x18, 0x8a,
0xe5, 0x19, 0xbd, 0xc1, 0xb4, 0x05, 0x4e, 0x29, 0x2f, 0x0b, 0x33, 0x76,
0x28, 0x16, 0xa4, 0xa6, 0x93, 0x04, 0xb5, 0x55, 0x6b, 0x89, 0x3d, 0xa5,
0x0f, 0xd3, 0xad, 0xfa, 0xd9, 0xfd, 0x05, 0x5d, 0x48, 0x94, 0x25, 0x5a,
0x2c, 0x9a, 0x94, 0x80, 0xb0, 0xe7, 0xcb, 0x4d, 0x77, 0xbf, 0xca, 0xd8,
0x55, 0x48, 0xbd, 0x66, 0xb1, 0x85, 0x81, 0xb1, 0x37, 0x79, 0xab, 0x52,
0x08, 0x14, 0x12, 0xac, 0xcd, 0x45, 0x4d, 0x53, 0x6b, 0xca, 0x96, 0xc7,
0x3b, 0x2f, 0x73, 0xb1, 0x5a, 0x23, 0xbd, 0x65, 0xd5, 0xea, 0x17, 0xb3,
0xdc, 0xa1, 0x17, 0x1b, 0x2d, 0xb3, 0x9c, 0xd0, 0xdb, 0x41, 0x77, 0xef,
0x93, 0x20, 0x52, 0x3e, 0x9d, 0xf5, 0xbf, 0x33, 0xf7, 0x52, 0xc1, 0x90,
0xa0, 0x15, 0x17, 0xce, 0xf7, 0xf7, 0xd0, 0x3a, 0x3b, 0xd1, 0x72, 0x56,
0x31, 0x81, 0xae, 0x60, 0xab, 0x40, 0xc1, 0xd1, 0x28, 0x77, 0x53, 0xac,
0x9f, 0x11, 0x0a, 0x88, 0x36, 0x4b, 0xda, 0x57, 0xa7, 0x28, 0x5c, 0x85,
0xd3, 0x85, 0x9b, 0x79, 0xad, 0x05, 0x1c, 0x37, 0x14, 0x5e, 0x0d, 0xd0,
0x23, 0x03, 0x42, 0x1d, 0x48, 0x5d, 0xc5, 0x3c, 0x5a, 0x08, 0xa9, 0x0d,
0x6e, 0x82, 0x7c, 0x2e, 0x3c, 0x41, 0xcc, 0x96, 0x8e, 0xad, 0xee, 0x2a,
0x61, 0x0b, 0x16, 0x0f, 0xa9, 0x24, 0x40, 0x85, 0xbc, 0x9f, 0x28, 0x8d,
0xe6, 0x68, 0x4d, 0x8f, 0x30, 0x48, 0xd9, 0x73, 0x73, 0x6c, 0x9a, 0x7f,
0x67, 0xf7, 0xde, 0x4c, 0x0a, 0x8b, 0xe4, 0xb3, 0x08, 0x2a, 0x52, 0xda,
0x54, 0xee, 0xcd, 0xb5, 0x62, 0x4a, 0x26, 0x20, 0xfb, 0x40, 0xbb, 0x39,
0x3a, 0x0f, 0x09, 0xe8, 0x00, 0xd1, 0x24, 0x97, 0x60, 0xe9, 0x83, 0x83,
0xfe, 0x9f, 0x9c, 0x15, 0xcf, 0x69, 0x03, 0x9f, 0x03, 0xe1, 0xe8, 0x6e,
0xbd, 0x87, 0x58, 0x68, 0xee, 0xec, 0xd8, 0x29, 0x46, 0x23, 0x49, 0x92,
0x72, 0x95, 0x5b, 0x49, 0xca, 0xe0, 0x45, 0x59, 0xb2, 0xca, 0xf4, 0xfc,
0xb7, 0x59, 0x37, 0x49, 0x28, 0xbc, 0xf3, 0xd7, 0x61, 0xbc, 0x4b, 0xf3,
0xa9, 0x4b, 0x2f, 0x05, 0xa8, 0x01, 0xa5, 0xdc, 0x00, 0x6e, 0x01, 0xb6,
0x45, 0x3c, 0xd5, 0x49, 0x7d, 0x5c, 0x25, 0xe8, 0x31, 0x87, 0xb2, 0xb9,
0xbf, 0xb3, 0x01, 0x62, 0x0c, 0xd0, 0x48, 0x77, 0xa2, 0x34, 0x0f, 0x16,
0x22, 0x28, 0xee, 0x54, 0x08, 0x93, 0x3b, 0xe4, 0xde, 0x7e, 0x63, 0xf7,
0x97, 0x16, 0x5d, 0x71, 0x58, 0xc2, 0x2e, 0xf2, 0x36, 0xa6, 0x12, 0x65,
0x94, 0x17, 0xac, 0x66, 0x23, 0x7e, 0xc6, 0x72, 0x79, 0x24, 0xce, 0x8f,
0x55, 0x19, 0x97, 0x44, 0xfc, 0x55, 0xec, 0x85, 0x26, 0x27, 0xdb, 0x38,
0xb1, 0x42, 0x0a, 0xdd, 0x05, 0x99, 0x28, 0xeb, 0x03, 0x6c, 0x9a, 0xe9,
0x17, 0xf6, 0x2c, 0xb0, 0xfe, 0xe7, 0xa4, 0xa7, 0x31, 0xda, 0x4d, 0xb0,
0x29, 0xdb, 0xdd, 0x8d, 0x12, 0x13, 0x9c, 0xb4, 0xcc, 0x83, 0x97, 0xfb,
0x1a, 0xdc, 0x08, 0xd6, 0x30, 0x62, 0xe8, 0xeb, 0x8b, 0x61, 0xcb, 0x1d,
0x06, 0xe3, 0xa5, 0x4d, 0x35, 0xdb, 0x59, 0xa8, 0x2d, 0x87, 0x27, 0x44,
0x6f, 0xc0, 0x38, 0x97, 0xe4, 0x85, 0x00, 0x02, 0x09, 0xf6, 0x69, 0x3a,
0xcf, 0x08, 0x1b, 0x21, 0xbb, 0x79, 0xb1, 0xa1, 0x34, 0x09, 0xe0, 0x80,
0xca, 0xb0, 0x78, 0x8a, 0x11, 0x97, 0xd4, 0x07, 0xbe, 0x1b, 0x6a, 0x5d,
0xdb, 0xd6, 0x1f, 0x76, 0x6b, 0x16, 0xf0, 0x58, 0x84, 0x5f, 0x59, 0xce,
0x62, 0x34, 0xc3, 0xdf, 0x94, 0xb8, 0x2f, 0x84, 0x68, 0xf0, 0xb8, 0x51,
0xd9, 0x6d, 0x8e, 0x4a, 0x1d, 0xe6, 0x5c, 0xd8, 0x86, 0x25, 0xe3, 0x24,
0xfd, 0x21, 0x61, 0x13, 0x48, 0x3e, 0xf6, 0x7d, 0xa6, 0x71, 0x9b, 0xd2,
0x6e, 0xe6, 0xd2, 0x08, 0x94, 0x62, 0x6c, 0x98, 0xfe, 0x2f, 0x9c, 0x88,
0x7e, 0x78, 0x15, 0x02, 0x00, 0xf0, 0xba, 0x24, 0x91, 0xf2, 0xdc, 0x47,
0x51, 0x4d, 0x15, 0x5e, 0x91, 0x5f, 0x57, 0x5b, 0x1d, 0x35, 0x24, 0x45,
0x75, 0x9b, 0x88, 0x75, 0xf1, 0x2f, 0x85, 0xe7, 0x89, 0xd1, 0x01, 0xb4,
0xc8, 0x18, 0xb7, 0x97, 0xef, 0x4b, 0x90, 0xf4, 0xbf, 0x10, 0x27, 0x3c,
0x60, 0xff, 0xc4, 0x94, 0x20, 0x2f, 0x93, 0x4b, 0x4d, 0xe3, 0x80, 0xf7,
0x2c, 0x71, 0xd9, 0xe3, 0x68, 0xb4, 0x77, 0x2b, 0xc7, 0x0d, 0x39, 0x92,
0xef, 0x91, 0x0d, 0xb2, 0x11, 0x50, 0x0e, 0xe8, 0xad, 0x3b, 0xf6, 0xb5,
0xc6, 0x14, 0x4d, 0x33, 0x53, 0xa7, 0x60, 0x15, 0xc7, 0x27, 0x51, 0xdc,
0x54, 0x29, 0xa7, 0x0d, 0x6a, 0x7b, 0x72, 0x13, 0xad, 0x7d, 0x41, 0x19,
0x4e, 0x42, 0x49, 0xcc, 0x42, 0xe4, 0xbd, 0x99, 0x13, 0xd9, 0x7f, 0xf3,
0x38, 0xa4, 0xb6, 0x33, 0xed, 0x07, 0x48, 0x7e, 0x8e, 0x82, 0xfe, 0x3a,
0x9d, 0x75, 0x93, 0xba, 0x25, 0x4e, 0x37, 0x3c, 0x0c, 0xd5, 0x69, 0xa9,
0x2d, 0x9e, 0xfd, 0xe8, 0xbb, 0xf5, 0x0c, 0xe2, 0x86, 0xb9, 0x5e, 0x6f,
0x28, 0xe4, 0x19, 0xb3, 0x0b, 0xa4, 0x86, 0xd7, 0x24, 0xd0, 0xb8, 0x89,
0x7b, 0x76, 0xec, 0x05, 0x10, 0x5b, 0x68, 0xe9, 0x58, 0x66, 0xa3, 0xc5,
0xb6, 0x63, 0x20, 0x0e, 0x0e, 0xea, 0x3d, 0x61, 0x5e, 0xda, 0x3d, 0x3c,
0xf9, 0xfd, 0xed, 0xa9, 0xdb, 0x52, 0x94, 0x8a, 0x00, 0xca, 0x3c, 0x8d,
0x66, 0x8f, 0xb0, 0xf0, 0x5a, 0xca, 0x3f, 0x63, 0x71, 0xbf, 0xca, 0x99,
0x37, 0x9b, 0x75, 0x97, 0x89, 0x10, 0x6e, 0xcf, 0xf2, 0xf5, 0xe3, 0xd5,
0x45, 0x9b, 0xad, 0x10, 0x71, 0x6c, 0x5f, 0x6f, 0x7f, 0x22, 0x77, 0x18,
0x2f, 0xf9, 0x99, 0xc5, 0x69, 0x58, 0x03, 0x12, 0x86, 0x82, 0x3e, 0xbf,
0xc2, 0x12, 0x35, 0x43, 0xa3, 0xd9, 0x18, 0x4f, 0x41, 0x11, 0x6b, 0xf3,
0x67, 0xaf, 0x3d, 0x78, 0xe4, 0x22, 0x2d, 0xb3, 0x48, 0x43, 0x31, 0x1d,
0xef, 0xa8, 0xba, 0x49, 0x8e, 0xa9, 0xa7, 0xb6, 0x18, 0x77, 0x84, 0xca,
0xbd, 0xa2, 0x02, 0x1b, 0x6a, 0xf8, 0x5f, 0xda, 0xff, 0xcf, 0x01, 0x6a,
0x86, 0x69, 0xa9, 0xe9, 0xcb, 0x60, 0x1e, 0x15, 0xdc, 0x8f, 0x5d, 0x39,
0xb5, 0xce, 0x55, 0x5f, 0x47, 0x97, 0xb1, 0x19, 0x6e, 0x21, 0xd6, 0x13,
0x39, 0xb2, 0x24, 0xe0, 0x62, 0x82, 0x9f, 0xed, 0x12, 0x81, 0xed, 0xee,
0xab, 0xd0, 0x2f, 0x19, 0x89, 0x3f, 0x57, 0x2e, 0xc2, 0xe2, 0x67, 0xe8,
0xae, 0x03, 0x56, 0xba, 0xd4, 0xd0, 0xa4, 0x89, 0x03, 0x06, 0x5b, 0xcc,
0xf2, 0x22, 0xb8, 0x0e, 0x76, 0x79, 0x4a, 0x42, 0x1d, 0x37, 0x51, 0x5a,
0xaa, 0x46, 0x6c, 0x2a, 0xdd, 0x66, 0xfe, 0xc6, 0x68, 0xc3, 0x38, 0xa2,
0xae, 0x5b, 0x98, 0x24, 0x5d, 0x43, 0x05, 0x82, 0x38, 0x12, 0xd3, 0xd1,
0x75, 0x2d, 0x4f, 0x61, 0xbd, 0xb9, 0x10, 0x87, 0x44, 0x2a, 0x78, 0x07,
0xff, 0xf4, 0x0f, 0xa1, 0xf3, 0x68, 0x9f, 0xbe, 0xae, 0xa2, 0x91, 0xf0,
0xc7, 0x55, 0x7a, 0x52, 0xd5, 0xa3, 0x8d, 0x6f, 0xe4, 0x90, 0x5c, 0xf3,
0x5f, 0xce, 0x3d, 0x23, 0xf9, 0x8e, 0xae, 0x14, 0xfb, 0x82, 0x9a, 0xa3,
0x04, 0x5f, 0xbf, 0xad, 0x3e, 0xf2, 0x97, 0x0a, 0x60, 0x40, 0x70, 0x19,
0x72, 0xad, 0x66, 0xfb, 0x78, 0x1b, 0x84, 0x6c, 0x98, 0xbc, 0x8c, 0xf8,
0x4f, 0xcb, 0xb5, 0xf6, 0xaf, 0x7a, 0xb7, 0x93, 0xef, 0x67, 0x48, 0x02,
0x2c, 0xcb, 0xe6, 0x77, 0x0f, 0x7b, 0xc1, 0xee, 0xc5, 0xb6, 0x2d, 0x7e,
0x62, 0xa0, 0xc0, 0xa7, 0xa5, 0x80, 0x31, 0x92, 0x50, 0xa1, 0x28, 0x22,
0x95, 0x03, 0x17, 0xd1, 0x0f, 0xf6, 0x08, 0xe5, 0xec
};
#define CHACHA_BIG_TEST_SIZE 1305
word32 keySz = 32;
wc_test_ret_t ret = 0;
int i;
int block_size;
#if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_NO_MALLOC)
byte cipher_big[CHACHA_BIG_TEST_SIZE] = {0};
byte plain_big[CHACHA_BIG_TEST_SIZE] = {0};
byte input_big[CHACHA_BIG_TEST_SIZE] = {0};
#else
byte* cipher_big = NULL;
byte* plain_big = NULL;
byte* input_big = NULL;
#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
cipher_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (cipher_big == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
}
plain_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (plain_big == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
}
input_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (input_big == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
}
XMEMSET(cipher_big, 0, CHACHA_BIG_TEST_SIZE);
XMEMSET(plain_big, 0, CHACHA_BIG_TEST_SIZE);
XMEMSET(input_big, 0, CHACHA_BIG_TEST_SIZE);
#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
/* test of encrypting more data */
ret |= wc_Chacha_SetKey(enc, key, keySz);
ret |= wc_Chacha_SetKey(dec, key, keySz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret |= wc_Chacha_SetIV(enc, iv, 0);
ret |= wc_Chacha_SetIV(dec, iv, 0);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret |= wc_Chacha_Process(enc, cipher_big, plain_big, CHACHA_BIG_TEST_SIZE);
ret |= wc_Chacha_Process(dec, plain_big, cipher_big,
CHACHA_BIG_TEST_SIZE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(plain_big, input_big, CHACHA_BIG_TEST_SIZE))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(cipher_big, cipher_big_result, CHACHA_BIG_TEST_SIZE))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
for (i = 0; i < 18; ++i) {
/* this will test all paths
* block sizes: 1 3 7 15 31 63 127 255 511 (i = 0- 8)
* 2 4 8 16 32 64 128 256 512 (i = 9-17)
*/
block_size = (2 << (i%9)) - (i<9?1:0);
keySz = 32;
ret |= wc_Chacha_SetKey(enc, key, keySz);
ret |= wc_Chacha_SetKey(dec, key, keySz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret |= wc_Chacha_SetIV(enc, iv, 0);
ret |= wc_Chacha_SetIV(dec, iv, 0);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret |= wc_Chacha_Process(enc, cipher_big, plain_big , (word32)block_size);
ret |= wc_Chacha_Process(dec, plain_big , cipher_big, (word32)block_size);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(plain_big, input_big, (word32)block_size))
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
if (XMEMCMP(cipher_big, cipher_big_result, (word32)block_size))
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
}
/* Streaming test */
for (i = 1; i <= (int)CHACHA_CHUNK_BYTES + 1; i++) {
int j, rem;
ret = wc_Chacha_SetKey(enc, key, keySz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_Chacha_SetKey(dec, key, keySz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_Chacha_SetIV(enc, iv, 0);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_Chacha_SetIV(dec, iv, 0);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
for (j = 0; j < CHACHA_BIG_TEST_SIZE - i; j+= i) {
ret = wc_Chacha_Process(enc, cipher_big + j, plain_big + j, (word32)i);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_Chacha_Process(dec, plain_big + j, cipher_big + j, (word32)i);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
rem = CHACHA_BIG_TEST_SIZE - j;
ret = wc_Chacha_Process(enc, cipher_big + j, plain_big + j, (word32)rem);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_Chacha_Process(dec, plain_big + j, cipher_big + j, (word32)rem);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(plain_big, input_big, CHACHA_BIG_TEST_SIZE))
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
if (XMEMCMP(cipher_big, cipher_big_result, CHACHA_BIG_TEST_SIZE))
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
}
ret = 0;
out:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(cipher_big, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(plain_big, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(input_big, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
return ret;
}
#endif /* BENCH_EMBEDDED */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void)
{
wc_test_ret_t ret;
ChaCha enc;
ChaCha dec;
WOLFSSL_ENTER("chacha_test");
ret = chacha_vector_test(&enc, &dec);
if (ret != 0)
return ret;
#ifndef BENCH_EMBEDDED
ret = chacha_large_msg_test(&enc, &dec);
if (ret != 0)
return ret;
#endif
return 0;
}
#endif /* HAVE_CHACHA */
#ifdef HAVE_POLY1305
static wc_test_ret_t poly1305_vector_test(Poly1305* enc)
{
byte tag[16];
int i;
wc_test_ret_t ret;
WOLFSSL_SMALL_STACK_STATIC const byte msg1[] = {
0x43,0x72,0x79,0x70,0x74,0x6f,0x67,0x72,
0x61,0x70,0x68,0x69,0x63,0x20,0x46,0x6f,
0x72,0x75,0x6d,0x20,0x52,0x65,0x73,0x65,
0x61,0x72,0x63,0x68,0x20,0x47,0x72,0x6f,
0x75,0x70
};
WOLFSSL_SMALL_STACK_STATIC const byte msg2[] = {
0x48,0x65,0x6c,0x6c,0x6f,0x20,0x77,0x6f,0x72,
0x6c,0x64,0x21
};
WOLFSSL_SMALL_STACK_STATIC const byte msg3[] = {
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
};
WOLFSSL_SMALL_STACK_STATIC const byte msg5[] = {
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
};
WOLFSSL_SMALL_STACK_STATIC const byte msg6[] = {
0xd3,0x1a,0x8d,0x34,0x64,0x8e,0x60,0xdb,
0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2,
0xa4,0xad,0xed,0x51,0x29,0x6e,0x08,0xfe,
0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6,
0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12,
0x82,0xfa,0xfb,0x69,0xda,0x92,0x72,0x8b,
0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
0x1a,0x71,0xde,0x0a,0x9e,0x06,0x0b,0x29,
0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6,
0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12,
0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
0x05,0xd6,0xa5,0xb6,0x7e,0xcd,0x3b,0x36,
0x92,0xdd,0xbd,0x7f,0x2d,0x77,0x8b,0x8c,
0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2,
0x98,0x03,0xae,0xe3,0x28,0x09,0x1b,0x58,
0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
0x55,0x85,0x80,0x8b,0x48,0x31,0xd7,0xbc,
0x3f,0xf4,0xde,0xf0,0x8e,0x4b,0x7a,0x9d,
0xe5,0x76,0xd2,0x65,0x86,0xce,0xc6,0x4b,
0x61,0x16
};
WOLFSSL_SMALL_STACK_STATIC const byte msg7[] = {
0xe8,0x8c,0x85,0x03,0x43,0xaf,0xa7,0x85,
0x21,0x6b,0xc3,0x45,0xc4,0x53,0x98,0xf8,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
};
WOLFSSL_SMALL_STACK_STATIC const byte correct0[] = {
0x01,0x03,0x80,0x8a,0xfb,0x0d,0xb2,0xfd,
0x4a,0xbf,0xf6,0xaf,0x41,0x49,0xf5,0x1b
};
WOLFSSL_SMALL_STACK_STATIC const byte correct1[] = {
0xa8,0x06,0x1d,0xc1,0x30,0x51,0x36,0xc6,
0xc2,0x2b,0x8b,0xaf,0x0c,0x01,0x27,0xa9
};
WOLFSSL_SMALL_STACK_STATIC const byte correct2[] = {
0xa6,0xf7,0x45,0x00,0x8f,0x81,0xc9,0x16,
0xa2,0x0d,0xcc,0x74,0xee,0xf2,0xb2,0xf0
};
WOLFSSL_SMALL_STACK_STATIC const byte correct3[] = {
0x49,0xec,0x78,0x09,0x0e,0x48,0x1e,0xc6,
0xc2,0x6b,0x33,0xb9,0x1c,0xcc,0x03,0x07
};
WOLFSSL_SMALL_STACK_STATIC const byte correct5[] = {
0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
};
WOLFSSL_SMALL_STACK_STATIC const byte correct6[] = {
0xea,0x11,0x5c,0x4f,0xd0,0xc0,0x10,0xae,
0xf7,0xdf,0xda,0x77,0xa2,0xe9,0xaf,0xca
};
WOLFSSL_SMALL_STACK_STATIC const byte correct7[] = {
0x14,0x00,0x00,0x88,0x5c,0x00,0x00,0x88,
0x5c,0x00,0x00,0x88,0x5c,0x00,0x00,0x88
};
WOLFSSL_SMALL_STACK_STATIC const byte key[] = {
0x85,0xd6,0xbe,0x78,0x57,0x55,0x6d,0x33,
0x7f,0x44,0x52,0xfe,0x42,0xd5,0x06,0xa8,
0x01,0x03,0x80,0x8a,0xfb,0x0d,0xb2,0xfd,
0x4a,0xbf,0xf6,0xaf,0x41,0x49,0xf5,0x1b
};
WOLFSSL_SMALL_STACK_STATIC const byte key2[] = {
0x74,0x68,0x69,0x73,0x20,0x69,0x73,0x20,
0x33,0x32,0x2d,0x62,0x79,0x74,0x65,0x20,
0x6b,0x65,0x79,0x20,0x66,0x6f,0x72,0x20,
0x50,0x6f,0x6c,0x79,0x31,0x33,0x30,0x35
};
WOLFSSL_SMALL_STACK_STATIC const byte key5[] = {
0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
};
WOLFSSL_SMALL_STACK_STATIC const byte key7[] = {
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
};
const byte* msgs[7];
const word32 szm[7] = {0, sizeof(msg1), sizeof(msg2),
sizeof(msg3), sizeof(msg5), sizeof(msg6),
sizeof(msg7)};
const byte* keys[7];
const byte* tests[7];
msgs[0] = NULL;
msgs[1] = msg1;
msgs[2] = msg2;
msgs[3] = msg3;
msgs[4] = msg5;
msgs[5] = msg6;
msgs[6] = msg7;
keys[0] = key;
keys[1] = key;
keys[2] = key2;
keys[3] = key2;
keys[4] = key5;
keys[5] = key;
keys[6] = key7;
tests[0] = correct0;
tests[1] = correct1;
tests[2] = correct2;
tests[3] = correct3;
tests[4] = correct5;
tests[5] = correct6;
tests[6] = correct7;
for (i = 0; i < 7; i++) {
ret = wc_Poly1305SetKey(enc, keys[i], 32);
if (ret != 0)
return WC_TEST_RET_ENC_I(i);
ret = wc_Poly1305Update(enc, msgs[i], szm[i]);
if (ret != 0)
return WC_TEST_RET_ENC_I(i);
ret = wc_Poly1305Final(enc, tag);
if (ret != 0)
return WC_TEST_RET_ENC_I(i);
if (XMEMCMP(tag, tests[i], sizeof(tag)))
return WC_TEST_RET_ENC_I(i);
}
return 0;
}
static wc_test_ret_t poly1305_update_test(Poly1305* enc)
{
byte tag[16];
int i;
wc_test_ret_t ret;
WOLFSSL_SMALL_STACK_STATIC const byte msg6[] = {
0xd3,0x1a,0x8d,0x34,0x64,0x8e,0x60,0xdb,
0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2,
0xa4,0xad,0xed,0x51,0x29,0x6e,0x08,0xfe,
0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6,
0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12,
0x82,0xfa,0xfb,0x69,0xda,0x92,0x72,0x8b,
0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
0x1a,0x71,0xde,0x0a,0x9e,0x06,0x0b,0x29,
0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6,
0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12,
0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
0x05,0xd6,0xa5,0xb6,0x7e,0xcd,0x3b,0x36,
0x92,0xdd,0xbd,0x7f,0x2d,0x77,0x8b,0x8c,
0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2,
0x98,0x03,0xae,0xe3,0x28,0x09,0x1b,0x58,
0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
0x55,0x85,0x80,0x8b,0x48,0x31,0xd7,0xbc,
0x3f,0xf4,0xde,0xf0,0x8e,0x4b,0x7a,0x9d,
0xe5,0x76,0xd2,0x65,0x86,0xce,0xc6,0x4b,
0x61,0x16
};
WOLFSSL_SMALL_STACK_STATIC const byte correct6[] = {
0xea,0x11,0x5c,0x4f,0xd0,0xc0,0x10,0xae,
0xf7,0xdf,0xda,0x77,0xa2,0xe9,0xaf,0xca
};
WOLFSSL_SMALL_STACK_STATIC const byte key[] = {
0x85,0xd6,0xbe,0x78,0x57,0x55,0x6d,0x33,
0x7f,0x44,0x52,0xfe,0x42,0xd5,0x06,0xa8,
0x01,0x03,0x80,0x8a,0xfb,0x0d,0xb2,0xfd,
0x4a,0xbf,0xf6,0xaf,0x41,0x49,0xf5,0x1b
};
/* Testing multiple updates with various sizes works. */
for (i = 1; i < (int)sizeof(msg6); i++) {
int j;
ret = wc_Poly1305SetKey(enc, key, 32);
if (ret != 0)
return WC_TEST_RET_ENC_I(i);
for (j = 0; j < (int)sizeof(msg6); j += i) {
int len = (int)sizeof(msg6) - j;
if (len > i)
len = i;
ret = wc_Poly1305Update(enc, msg6 + j, len);
if (ret != 0)
return WC_TEST_RET_ENC_I(j);
}
ret = wc_Poly1305Final(enc, tag);
if (ret != 0)
return WC_TEST_RET_ENC_I(i);
if (XMEMCMP(tag, correct6, sizeof(tag)))
return WC_TEST_RET_ENC_I(i);
}
return 0;
}
static wc_test_ret_t poly1305_mac_test(Poly1305* enc)
{
byte tag[16];
wc_test_ret_t ret;
WOLFSSL_SMALL_STACK_STATIC const byte msg4[] = {
0xd3,0x1a,0x8d,0x34,0x64,0x8e,0x60,0xdb,
0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2,
0xa4,0xad,0xed,0x51,0x29,0x6e,0x08,0xfe,
0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6,
0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12,
0x82,0xfa,0xfb,0x69,0xda,0x92,0x72,0x8b,
0x1a,0x71,0xde,0x0a,0x9e,0x06,0x0b,0x29,
0x05,0xd6,0xa5,0xb6,0x7e,0xcd,0x3b,0x36,
0x92,0xdd,0xbd,0x7f,0x2d,0x77,0x8b,0x8c,
0x98,0x03,0xae,0xe3,0x28,0x09,0x1b,0x58,
0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
0x55,0x85,0x80,0x8b,0x48,0x31,0xd7,0xbc,
0x3f,0xf4,0xde,0xf0,0x8e,0x4b,0x7a,0x9d,
0xe5,0x76,0xd2,0x65,0x86,0xce,0xc6,0x4b,
0x61,0x16
};
WOLFSSL_SMALL_STACK_STATIC const byte correct4[] = {
0x1a,0xe1,0x0b,0x59,0x4f,0x09,0xe2,0x6a,
0x7e,0x90,0x2e,0xcb,0xd0,0x60,0x06,0x91
};
WOLFSSL_SMALL_STACK_STATIC const byte key4[] = {
0x7b,0xac,0x2b,0x25,0x2d,0xb4,0x47,0xaf,
0x09,0xb6,0x7a,0x55,0xa4,0xe9,0x55,0x84,
0x0a,0xe1,0xd6,0x73,0x10,0x75,0xd9,0xeb,
0x2a,0x93,0x75,0x78,0x3e,0xd5,0x53,0xff
};
byte additional[] = {
0x50,0x51,0x52,0x53,0xc0,0xc1,0xc2,0xc3,
0xc4,0xc5,0xc6,0xc7
};
/* Check TLS MAC function from 2.8.2 https://tools.ietf.org/html/rfc7539 */
XMEMSET(tag, 0, sizeof(tag));
ret = wc_Poly1305SetKey(enc, key4, sizeof(key4));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Poly1305_MAC(enc, additional, sizeof(additional),
(byte*)msg4, sizeof(msg4), tag, sizeof(tag));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(tag, correct4, sizeof(tag)))
return WC_TEST_RET_ENC_NC;
/* Check fail of TLS MAC function if altering additional data */
XMEMSET(tag, 0, sizeof(tag));
additional[0]++;
ret = wc_Poly1305_MAC(enc, additional, sizeof(additional),
(byte*)msg4, sizeof(msg4), tag, sizeof(tag));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(tag, correct4, sizeof(tag)) == 0)
return WC_TEST_RET_ENC_NC;
return 0;
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t poly1305_test(void)
{
Poly1305 enc;
wc_test_ret_t ret;
WOLFSSL_ENTER("poly1305_test");
ret = poly1305_vector_test(&enc);
if (ret != 0)
return ret;
ret = poly1305_update_test(&enc);
if (ret != 0)
return ret;
ret = poly1305_mac_test(&enc);
if (ret != 0)
return ret;
return 0;
}
#endif /* HAVE_POLY1305 */
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
/* Test #1 from Section 2.8.2 of draft-irtf-cfrg-chacha20-poly1305-10 */
/* https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 */
WOLFSSL_SMALL_STACK_STATIC const byte chacha20_poly1305_test1_key[] = {
0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
};
WOLFSSL_SMALL_STACK_STATIC const byte chacha20_poly1305_test1_plaintext[] = {
0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61,
0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c,
0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73,
0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39,
0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66,
0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f,
0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20,
0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75,
0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f,
0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69,
0x74, 0x2e
};
WOLFSSL_SMALL_STACK_STATIC const byte chacha20_poly1305_test1_iv[] = {
0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43,
0x44, 0x45, 0x46, 0x47
};
WOLFSSL_SMALL_STACK_STATIC const byte chacha20_poly1305_test1_aad[] = {
0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3,
0xc4, 0xc5, 0xc6, 0xc7
};
WOLFSSL_SMALL_STACK_STATIC const byte chacha20_poly1305_test1_cipher[] = {
0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb,
0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2,
0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6,
0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12,
0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29,
0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36,
0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58,
0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94,
0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d,
0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b,
0x61, 0x16
};
WOLFSSL_SMALL_STACK_STATIC const byte chacha20_poly1305_test1_authTag[] = {
0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a,
0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91
};
/* Test #2 from Appendix A.2 in draft-irtf-cfrg-chacha20-poly1305-10 */
/* https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 */
WOLFSSL_SMALL_STACK_STATIC const byte chacha20_poly1305_test2_key[] = {
0x1c, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a,
0xf3, 0x33, 0x88, 0x86, 0x04, 0xf6, 0xb5, 0xf0,
0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b, 0x80, 0x09,
0x9d, 0xca, 0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0
};
WOLFSSL_SMALL_STACK_STATIC const byte chacha20_poly1305_test2_plaintext[] = {
0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74,
0x2d, 0x44, 0x72, 0x61, 0x66, 0x74, 0x73, 0x20,
0x61, 0x72, 0x65, 0x20, 0x64, 0x72, 0x61, 0x66,
0x74, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65,
0x6e, 0x74, 0x73, 0x20, 0x76, 0x61, 0x6c, 0x69,
0x64, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x20,
0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x20,
0x6f, 0x66, 0x20, 0x73, 0x69, 0x78, 0x20, 0x6d,
0x6f, 0x6e, 0x74, 0x68, 0x73, 0x20, 0x61, 0x6e,
0x64, 0x20, 0x6d, 0x61, 0x79, 0x20, 0x62, 0x65,
0x20, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64,
0x2c, 0x20, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63,
0x65, 0x64, 0x2c, 0x20, 0x6f, 0x72, 0x20, 0x6f,
0x62, 0x73, 0x6f, 0x6c, 0x65, 0x74, 0x65, 0x64,
0x20, 0x62, 0x79, 0x20, 0x6f, 0x74, 0x68, 0x65,
0x72, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65,
0x6e, 0x74, 0x73, 0x20, 0x61, 0x74, 0x20, 0x61,
0x6e, 0x79, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x2e,
0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x69,
0x6e, 0x61, 0x70, 0x70, 0x72, 0x6f, 0x70, 0x72,
0x69, 0x61, 0x74, 0x65, 0x20, 0x74, 0x6f, 0x20,
0x75, 0x73, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65,
0x72, 0x6e, 0x65, 0x74, 0x2d, 0x44, 0x72, 0x61,
0x66, 0x74, 0x73, 0x20, 0x61, 0x73, 0x20, 0x72,
0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65,
0x20, 0x6d, 0x61, 0x74, 0x65, 0x72, 0x69, 0x61,
0x6c, 0x20, 0x6f, 0x72, 0x20, 0x74, 0x6f, 0x20,
0x63, 0x69, 0x74, 0x65, 0x20, 0x74, 0x68, 0x65,
0x6d, 0x20, 0x6f, 0x74, 0x68, 0x65, 0x72, 0x20,
0x74, 0x68, 0x61, 0x6e, 0x20, 0x61, 0x73, 0x20,
0x2f, 0xe2, 0x80, 0x9c, 0x77, 0x6f, 0x72, 0x6b,
0x20, 0x69, 0x6e, 0x20, 0x70, 0x72, 0x6f, 0x67,
0x72, 0x65, 0x73, 0x73, 0x2e, 0x2f, 0xe2, 0x80,
0x9d
};
WOLFSSL_SMALL_STACK_STATIC const byte chacha20_poly1305_test2_iv[] = {
0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04,
0x05, 0x06, 0x07, 0x08
};
WOLFSSL_SMALL_STACK_STATIC const byte chacha20_poly1305_test2_aad[] = {
0xf3, 0x33, 0x88, 0x86, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x4e, 0x91
};
WOLFSSL_SMALL_STACK_STATIC const byte chacha20_poly1305_test2_cipher[] = {
0x64, 0xa0, 0x86, 0x15, 0x75, 0x86, 0x1a, 0xf4,
0x60, 0xf0, 0x62, 0xc7, 0x9b, 0xe6, 0x43, 0xbd,
0x5e, 0x80, 0x5c, 0xfd, 0x34, 0x5c, 0xf3, 0x89,
0xf1, 0x08, 0x67, 0x0a, 0xc7, 0x6c, 0x8c, 0xb2,
0x4c, 0x6c, 0xfc, 0x18, 0x75, 0x5d, 0x43, 0xee,
0xa0, 0x9e, 0xe9, 0x4e, 0x38, 0x2d, 0x26, 0xb0,
0xbd, 0xb7, 0xb7, 0x3c, 0x32, 0x1b, 0x01, 0x00,
0xd4, 0xf0, 0x3b, 0x7f, 0x35, 0x58, 0x94, 0xcf,
0x33, 0x2f, 0x83, 0x0e, 0x71, 0x0b, 0x97, 0xce,
0x98, 0xc8, 0xa8, 0x4a, 0xbd, 0x0b, 0x94, 0x81,
0x14, 0xad, 0x17, 0x6e, 0x00, 0x8d, 0x33, 0xbd,
0x60, 0xf9, 0x82, 0xb1, 0xff, 0x37, 0xc8, 0x55,
0x97, 0x97, 0xa0, 0x6e, 0xf4, 0xf0, 0xef, 0x61,
0xc1, 0x86, 0x32, 0x4e, 0x2b, 0x35, 0x06, 0x38,
0x36, 0x06, 0x90, 0x7b, 0x6a, 0x7c, 0x02, 0xb0,
0xf9, 0xf6, 0x15, 0x7b, 0x53, 0xc8, 0x67, 0xe4,
0xb9, 0x16, 0x6c, 0x76, 0x7b, 0x80, 0x4d, 0x46,
0xa5, 0x9b, 0x52, 0x16, 0xcd, 0xe7, 0xa4, 0xe9,
0x90, 0x40, 0xc5, 0xa4, 0x04, 0x33, 0x22, 0x5e,
0xe2, 0x82, 0xa1, 0xb0, 0xa0, 0x6c, 0x52, 0x3e,
0xaf, 0x45, 0x34, 0xd7, 0xf8, 0x3f, 0xa1, 0x15,
0x5b, 0x00, 0x47, 0x71, 0x8c, 0xbc, 0x54, 0x6a,
0x0d, 0x07, 0x2b, 0x04, 0xb3, 0x56, 0x4e, 0xea,
0x1b, 0x42, 0x22, 0x73, 0xf5, 0x48, 0x27, 0x1a,
0x0b, 0xb2, 0x31, 0x60, 0x53, 0xfa, 0x76, 0x99,
0x19, 0x55, 0xeb, 0xd6, 0x31, 0x59, 0x43, 0x4e,
0xce, 0xbb, 0x4e, 0x46, 0x6d, 0xae, 0x5a, 0x10,
0x73, 0xa6, 0x72, 0x76, 0x27, 0x09, 0x7a, 0x10,
0x49, 0xe6, 0x17, 0xd9, 0x1d, 0x36, 0x10, 0x94,
0xfa, 0x68, 0xf0, 0xff, 0x77, 0x98, 0x71, 0x30,
0x30, 0x5b, 0xea, 0xba, 0x2e, 0xda, 0x04, 0xdf,
0x99, 0x7b, 0x71, 0x4d, 0x6c, 0x6f, 0x2c, 0x29,
0xa6, 0xad, 0x5c, 0xb4, 0x02, 0x2b, 0x02, 0x70,
0x9b
};
WOLFSSL_SMALL_STACK_STATIC const byte chacha20_poly1305_test2_authTag[] = {
0xee, 0xad, 0x9d, 0x67, 0x89, 0x0c, 0xbb, 0x22,
0x39, 0x23, 0x36, 0xfe, 0xa1, 0x85, 0x1f, 0x38
};
/* Encrypt-and-verify followed by decrypt-and-verify against the given KAT. */
static wc_test_ret_t chacha20_poly1305_kat(
const byte* key, const byte* iv,
const byte* aad, word32 aadSz,
const byte* plaintext, const byte* cipher, word32 ptSz,
const byte* authTag,
byte* genCipher, byte* genPlain, byte* genTag, word32 bufSz)
{
wc_test_ret_t err;
XMEMSET(genCipher, 0, bufSz);
XMEMSET(genPlain, 0, bufSz);
XMEMSET(genTag, 0, CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE);
err = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, aadSz, plaintext, ptSz,
genCipher, genTag);
if (err)
return WC_TEST_RET_ENC_EC(err);
if (XMEMCMP(genCipher, cipher, ptSz))
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(genTag, authTag, CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE))
return WC_TEST_RET_ENC_NC;
err = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, aadSz, cipher, ptSz,
authTag, genPlain);
if (err)
return WC_TEST_RET_ENC_EC(err);
if (XMEMCMP(genPlain, plaintext, ptSz))
return WC_TEST_RET_ENC_NC;
return 0;
}
static wc_test_ret_t chacha20_poly1305_oneshot_test(void)
{
byte generatedCiphertext[265]; /* max plaintext2/cipher2 */
byte generatedPlaintext[265]; /* max plaintext2/cipher2 */
byte generatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
wc_test_ret_t err;
const byte* k1 = chacha20_poly1305_test1_key;
const byte* iv1 = chacha20_poly1305_test1_iv;
const byte* aad1 = chacha20_poly1305_test1_aad;
const byte* pt1 = chacha20_poly1305_test1_plaintext;
const word32 aad1Sz = (word32)sizeof(chacha20_poly1305_test1_aad);
const word32 pt1Sz = (word32)sizeof(chacha20_poly1305_test1_plaintext);
const byte* k2 = chacha20_poly1305_test2_key;
const byte* iv2 = chacha20_poly1305_test2_iv;
const byte* aad2 = chacha20_poly1305_test2_aad;
const byte* ct2 = chacha20_poly1305_test2_cipher;
const byte* tag2 = chacha20_poly1305_test2_authTag;
const word32 aad2Sz = (word32)sizeof(chacha20_poly1305_test2_aad);
const word32 ct2Sz = (word32)sizeof(chacha20_poly1305_test2_cipher);
XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext));
/* Parameter Validation testing */
/* Encrypt */
err = wc_ChaCha20Poly1305_Encrypt(NULL, iv1, aad1, aad1Sz, pt1, pt1Sz,
generatedCiphertext, generatedAuthTag);
if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(err);
err = wc_ChaCha20Poly1305_Encrypt(k1, NULL, aad1, aad1Sz, pt1, pt1Sz,
generatedCiphertext, generatedAuthTag);
if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(err);
err = wc_ChaCha20Poly1305_Encrypt(k1, iv1, aad1, aad1Sz, NULL, pt1Sz,
generatedCiphertext, generatedAuthTag);
if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(err);
err = wc_ChaCha20Poly1305_Encrypt(k1, iv1, aad1, aad1Sz, pt1, pt1Sz,
NULL, generatedAuthTag);
if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(err);
err = wc_ChaCha20Poly1305_Encrypt(k1, iv1, aad1, aad1Sz, pt1, pt1Sz,
generatedCiphertext, NULL);
if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(err);
/* Decrypt */
err = wc_ChaCha20Poly1305_Decrypt(NULL, iv2, aad2, aad2Sz, ct2, ct2Sz,
tag2, generatedPlaintext);
if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(err);
err = wc_ChaCha20Poly1305_Decrypt(k2, NULL, aad2, aad2Sz, ct2, ct2Sz,
tag2, generatedPlaintext);
if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(err);
err = wc_ChaCha20Poly1305_Decrypt(k2, iv2, aad2, aad2Sz, NULL, ct2Sz,
tag2, generatedPlaintext);
if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(err);
err = wc_ChaCha20Poly1305_Decrypt(k2, iv2, aad2, aad2Sz, ct2, ct2Sz,
NULL, generatedPlaintext);
if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(err);
err = wc_ChaCha20Poly1305_Decrypt(k2, iv2, aad2, aad2Sz, ct2, ct2Sz,
tag2, NULL);
if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(err);
/* Test #1 */
err = chacha20_poly1305_kat(
chacha20_poly1305_test1_key, chacha20_poly1305_test1_iv,
chacha20_poly1305_test1_aad,
(word32)sizeof(chacha20_poly1305_test1_aad),
chacha20_poly1305_test1_plaintext,
chacha20_poly1305_test1_cipher,
(word32)sizeof(chacha20_poly1305_test1_plaintext),
chacha20_poly1305_test1_authTag,
generatedCiphertext, generatedPlaintext, generatedAuthTag,
(word32)sizeof(generatedCiphertext));
if (err != 0)
return err;
/* Test #2 */
err = chacha20_poly1305_kat(
chacha20_poly1305_test2_key, chacha20_poly1305_test2_iv,
chacha20_poly1305_test2_aad,
(word32)sizeof(chacha20_poly1305_test2_aad),
chacha20_poly1305_test2_plaintext,
chacha20_poly1305_test2_cipher,
(word32)sizeof(chacha20_poly1305_test2_plaintext),
chacha20_poly1305_test2_authTag,
generatedCiphertext, generatedPlaintext, generatedAuthTag,
(word32)sizeof(generatedCiphertext));
if (err != 0)
return err;
return 0;
}
static wc_test_ret_t chacha20_poly1305_stream_param_test(void)
{
const byte* key1 = chacha20_poly1305_test1_key;
const byte* iv1 = chacha20_poly1305_test1_iv;
const byte* aad1 = chacha20_poly1305_test1_aad;
const word32 aad1Sz = (word32)sizeof(chacha20_poly1305_test1_aad);
const word32 plaintext1Sz =
(word32)sizeof(chacha20_poly1305_test1_plaintext);
byte generatedPlaintext[265];
byte generatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
ChaChaPoly_Aead aead;
wc_test_ret_t err;
/* AEAD init/update/final - bad argument tests */
err = wc_ChaCha20Poly1305_Init(NULL, key1, iv1,
CHACHA20_POLY1305_AEAD_DECRYPT);
if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(err);
err = wc_ChaCha20Poly1305_Init(&aead, NULL, iv1,
CHACHA20_POLY1305_AEAD_DECRYPT);
if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(err);
err = wc_ChaCha20Poly1305_Init(&aead, key1, NULL,
CHACHA20_POLY1305_AEAD_DECRYPT);
if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(err);
err = wc_ChaCha20Poly1305_UpdateAad(NULL, aad1, aad1Sz);
if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(err);
err = wc_ChaCha20Poly1305_UpdateAad(&aead, NULL, aad1Sz);
if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(err);
err = wc_ChaCha20Poly1305_UpdateData(NULL, generatedPlaintext,
generatedPlaintext, plaintext1Sz);
if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(err);
err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedPlaintext, NULL,
plaintext1Sz);
if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(err);
err = wc_ChaCha20Poly1305_UpdateData(&aead, NULL, generatedPlaintext,
plaintext1Sz);
if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(err);
err = wc_ChaCha20Poly1305_Final(NULL, generatedAuthTag);
if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(err);
err = wc_ChaCha20Poly1305_Final(&aead, NULL);
if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(err);
/* AEAD init/update/final - bad state tests */
/* clear struct - make valgrind happy to resolve
"Conditional jump or move depends on uninitialised value(s)".
The enum is "int" size and aead.state is "byte" */
/* The wc_ChaCha20Poly1305_Init function does this normally */
XMEMSET(&aead, 0, sizeof(aead));
aead.state = CHACHA20_POLY1305_STATE_INIT;
err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, aad1Sz);
if (err != WC_NO_ERR_TRACE(BAD_STATE_E))
return WC_TEST_RET_ENC_EC(err);
aead.state = CHACHA20_POLY1305_STATE_DATA;
err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, aad1Sz);
if (err != WC_NO_ERR_TRACE(BAD_STATE_E))
return WC_TEST_RET_ENC_EC(err);
aead.state = CHACHA20_POLY1305_STATE_INIT;
err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedPlaintext,
generatedPlaintext, plaintext1Sz);
if (err != WC_NO_ERR_TRACE(BAD_STATE_E))
return WC_TEST_RET_ENC_EC(err);
aead.state = CHACHA20_POLY1305_STATE_INIT;
err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
if (err != WC_NO_ERR_TRACE(BAD_STATE_E))
return WC_TEST_RET_ENC_EC(err);
aead.state = CHACHA20_POLY1305_STATE_READY;
err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
if (err != WC_NO_ERR_TRACE(BAD_STATE_E))
return WC_TEST_RET_ENC_EC(err);
return 0;
}
#if !defined(USE_INTEL_CHACHA_SPEEDUP) && !defined(WOLFSSL_ARMASM)
#define TEST_SMALL_CHACHA_CHUNKS 32
#else
#define TEST_SMALL_CHACHA_CHUNKS 64
#endif
/* Run one streaming AEAD pass: Init + UpdateAad + chunked UpdateData + Final
* + CheckTag against expectedTag, then memcmp out against expectedOut. */
static wc_test_ret_t chacha20_poly1305_stream_one(int direction,
const byte* key, const byte* iv,
const byte* aad, word32 aadSz,
const byte* in, byte* out, word32 dataSz,
const byte* expectedOut, const byte* expectedTag,
byte* genTag)
{
ChaChaPoly_Aead aead;
wc_test_ret_t err;
#ifdef TEST_SMALL_CHACHA_CHUNKS
word32 testLen;
#endif
err = wc_ChaCha20Poly1305_Init(&aead, key, iv, direction);
if (err != 0)
return WC_TEST_RET_ENC_EC(err);
err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad, aadSz);
if (err != 0)
return WC_TEST_RET_ENC_EC(err);
#ifdef TEST_SMALL_CHACHA_CHUNKS
/* test doing data in smaller chunks */
for (testLen = 0; testLen < dataSz; ) {
word32 dataLen = dataSz - testLen;
if (dataLen > TEST_SMALL_CHACHA_CHUNKS)
dataLen = TEST_SMALL_CHACHA_CHUNKS;
err = wc_ChaCha20Poly1305_UpdateData(&aead, &in[testLen],
&out[testLen], dataLen);
if (err != 0)
return WC_TEST_RET_ENC_EC(err);
testLen += dataLen;
}
#else
err = wc_ChaCha20Poly1305_UpdateData(&aead, in, out, dataSz);
#endif
err = wc_ChaCha20Poly1305_Final(&aead, genTag);
if (err != 0)
return WC_TEST_RET_ENC_EC(err);
err = wc_ChaCha20Poly1305_CheckTag(genTag, expectedTag);
if (err != 0)
return WC_TEST_RET_ENC_EC(err);
if (XMEMCMP(out, expectedOut, dataSz))
return WC_TEST_RET_ENC_NC;
return 0;
}
static wc_test_ret_t chacha20_poly1305_stream_test(void)
{
byte generatedCiphertext[265]; /* max plaintext2/cipher2 */
byte generatedPlaintext[265]; /* max plaintext2/cipher2 */
byte generatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
wc_test_ret_t err;
XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext));
/* Test 1 - Encrypt */
err = chacha20_poly1305_stream_one(CHACHA20_POLY1305_AEAD_ENCRYPT,
chacha20_poly1305_test1_key, chacha20_poly1305_test1_iv,
chacha20_poly1305_test1_aad,
(word32)sizeof(chacha20_poly1305_test1_aad),
chacha20_poly1305_test1_plaintext, generatedCiphertext,
(word32)sizeof(chacha20_poly1305_test1_plaintext),
chacha20_poly1305_test1_cipher, chacha20_poly1305_test1_authTag,
generatedAuthTag);
if (err != 0)
return err;
/* Test 1 - Decrypt */
err = chacha20_poly1305_stream_one(CHACHA20_POLY1305_AEAD_DECRYPT,
chacha20_poly1305_test1_key, chacha20_poly1305_test1_iv,
chacha20_poly1305_test1_aad,
(word32)sizeof(chacha20_poly1305_test1_aad),
generatedCiphertext, generatedPlaintext,
(word32)sizeof(chacha20_poly1305_test1_cipher),
chacha20_poly1305_test1_plaintext, chacha20_poly1305_test1_authTag,
generatedAuthTag);
if (err != 0)
return err;
XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext));
/* Test 2 - Encrypt */
err = chacha20_poly1305_stream_one(CHACHA20_POLY1305_AEAD_ENCRYPT,
chacha20_poly1305_test2_key, chacha20_poly1305_test2_iv,
chacha20_poly1305_test2_aad,
(word32)sizeof(chacha20_poly1305_test2_aad),
chacha20_poly1305_test2_plaintext, generatedCiphertext,
(word32)sizeof(chacha20_poly1305_test2_plaintext),
chacha20_poly1305_test2_cipher, chacha20_poly1305_test2_authTag,
generatedAuthTag);
if (err != 0)
return err;
/* Test 2 - Decrypt */
err = chacha20_poly1305_stream_one(CHACHA20_POLY1305_AEAD_DECRYPT,
chacha20_poly1305_test2_key, chacha20_poly1305_test2_iv,
chacha20_poly1305_test2_aad,
(word32)sizeof(chacha20_poly1305_test2_aad),
generatedCiphertext, generatedPlaintext,
(word32)sizeof(chacha20_poly1305_test2_cipher),
chacha20_poly1305_test2_plaintext, chacha20_poly1305_test2_authTag,
generatedAuthTag);
if (err != 0)
return err;
return 0;
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha20_poly1305_aead_test(void)
{
wc_test_ret_t ret;
WOLFSSL_ENTER("chacha20_poly1305_aead_test");
ret = chacha20_poly1305_oneshot_test();
if (ret != 0) return ret;
ret = chacha20_poly1305_stream_param_test();
if (ret != 0) return ret;
ret = chacha20_poly1305_stream_test();
if (ret != 0) return ret;
return 0;
}
#endif /* HAVE_CHACHA && HAVE_POLY1305 */
#ifdef HAVE_ASCON
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ascon_hash256_test(void)
{
WOLFSSL_SMALL_STACK_STATIC byte msg[1024];
byte mdOut[ASCON_HASH256_SZ];
/* KATs taken from https://github.com/ascon/ascon-c.
* Testing only a subset of KATs here. The rest are tested in
* tests/api/ascon.c. */
/* crypto_hash/asconhash256/LWC_HASH_KAT_256.txt
* The message is just the byte stream 00 01 02 03 ... */
WOLFSSL_SMALL_STACK_STATIC const byte hash_output[][32] = {
{ 0x0B, 0x3B, 0xE5, 0x85, 0x0F, 0x2F, 0x6B, 0x98, 0xCA, 0xF2, 0x9F, 0x8F, 0xDE, 0xA8, 0x9B, 0x64, 0xA1, 0xFA, 0x70, 0xAA, 0x24, 0x9B, 0x8F, 0x83, 0x9B, 0xD5, 0x3B, 0xAA, 0x30, 0x4D, 0x92, 0xB2 },
{ 0x07, 0x28, 0x62, 0x10, 0x35, 0xAF, 0x3E, 0xD2, 0xBC, 0xA0, 0x3B, 0xF6, 0xFD, 0xE9, 0x00, 0xF9, 0x45, 0x6F, 0x53, 0x30, 0xE4, 0xB5, 0xEE, 0x23, 0xE7, 0xF6, 0xA1, 0xE7, 0x02, 0x91, 0xBC, 0x80 },
{ 0x61, 0x15, 0xE7, 0xC9, 0xC4, 0x08, 0x1C, 0x27, 0x97, 0xFC, 0x8F, 0xE1, 0xBC, 0x57, 0xA8, 0x36, 0xAF, 0xA1, 0xC5, 0x38, 0x1E, 0x55, 0x6D, 0xD5, 0x83, 0x86, 0x0C, 0xA2, 0xDF, 0xB4, 0x8D, 0xD2 },
{ 0x26, 0x5A, 0xB8, 0x9A, 0x60, 0x9F, 0x5A, 0x05, 0xDC, 0xA5, 0x7E, 0x83, 0xFB, 0xBA, 0x70, 0x0F, 0x9A, 0x2D, 0x2C, 0x42, 0x11, 0xBA, 0x4C, 0xC9, 0xF0, 0xA1, 0xA3, 0x69, 0xE1, 0x7B, 0x91, 0x5C },
{ 0xD7, 0xE4, 0xC7, 0xED, 0x9B, 0x8A, 0x32, 0x5C, 0xD0, 0x8B, 0x9E, 0xF2, 0x59, 0xF8, 0x87, 0x70, 0x54, 0xEC, 0xD8, 0x30, 0x4F, 0xE1, 0xB2, 0xD7, 0xFD, 0x84, 0x71, 0x37, 0xDF, 0x67, 0x27, 0xEE },
};
wc_AsconHash256 asconHash;
int err;
word32 i;
/* init msg buffer */
for (i = 0; i < sizeof(msg); i++)
msg[i] = (byte)i;
for (i = 0; i < XELEM_CNT(hash_output); i++) {
XMEMSET(mdOut, 0, sizeof(mdOut));
err = wc_AsconHash256_Init(&asconHash);
if (err != 0)
return WC_TEST_RET_ENC_EC(err);
err = wc_AsconHash256_Update(&asconHash, msg, i);
if (err != 0)
return WC_TEST_RET_ENC_EC(err);
err = wc_AsconHash256_Final(&asconHash, mdOut);
if (err != 0)
return WC_TEST_RET_ENC_EC(err);
if (XMEMCMP(mdOut, hash_output[i], ASCON_HASH256_SZ) != 0)
return WC_TEST_RET_ENC_NC;
wc_AsconHash256_Clear(&asconHash);
}
/* Test separated update */
for (i = 0; i < XELEM_CNT(hash_output); i++) {
word32 half_i = i / 2;
XMEMSET(mdOut, 0, sizeof(mdOut));
err = wc_AsconHash256_Init(&asconHash);
if (err != 0)
return WC_TEST_RET_ENC_EC(err);
err = wc_AsconHash256_Update(&asconHash, msg, half_i);
if (err != 0)
return WC_TEST_RET_ENC_EC(err);
err = wc_AsconHash256_Update(&asconHash, msg + half_i, i - half_i);
if (err != 0)
return WC_TEST_RET_ENC_EC(err);
err = wc_AsconHash256_Final(&asconHash, mdOut);
if (err != 0)
return WC_TEST_RET_ENC_EC(err);
if (XMEMCMP(mdOut, hash_output[i], ASCON_HASH256_SZ) != 0)
return WC_TEST_RET_ENC_NC;
wc_AsconHash256_Clear(&asconHash);
}
return 0;
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ascon_aead128_test(void)
{
word32 i;
wc_AsconAEAD128 asconAEAD;
int err;
/* KATs taken from https://github.com/ascon/ascon-c.
* Testing only a subset of KATs here. The rest are tested in
* tests/api/ascon.c. */
/* crypto_hash/asconaead128/LWC_AEAD_KAT_128_128.txt */
static const char *aead_kat[][5] = {
{ /* Key = */ "000102030405060708090A0B0C0D0E0F",
/* Nonce = */ "000102030405060708090A0B0C0D0E0F",
/* PT = */ "",
/* AD = */ "",
/* CT = */ "4427D64B8E1E1451FC445960F0839BB0", },
{ /* Key = */ "000102030405060708090A0B0C0D0E0F",
/* Nonce = */ "000102030405060708090A0B0C0D0E0F",
/* PT = */ "",
/* AD = */ "00",
/* CT = */ "103AB79D913A0321287715A979BB8585", },
{ /* Key = */ "000102030405060708090A0B0C0D0E0F",
/* Nonce = */ "000102030405060708090A0B0C0D0E0F",
/* PT = */ "",
/* AD = */ "0001",
/* CT = */ "A50E88E30F923B90A9C810181230DF10", },
{ /* Key = */ "000102030405060708090A0B0C0D0E0F",
/* Nonce = */ "000102030405060708090A0B0C0D0E0F",
/* PT = */ "",
/* AD = */ "000102",
/* CT = */ "AE214C9F66630658ED8DC7D31131174C", },
{ /* Key = */ "000102030405060708090A0B0C0D0E0F",
/* Nonce = */ "000102030405060708090A0B0C0D0E0F",
/* PT = */ "",
/* AD = */ "00010203",
/* CT = */ "C6FF3CF70575B144B955820D9BC7685E", },
};
for (i = 0; i < XELEM_CNT(aead_kat); i++) {
byte key[ASCON_AEAD128_KEY_SZ];
byte nonce[ASCON_AEAD128_NONCE_SZ];
byte pt[32]; /* longest plaintext we test is 32 bytes */
word32 ptSz;
byte ad[32]; /* longest AD we test is 32 bytes */
word32 adSz;
byte ct[48]; /* longest ciphertext we test is 32 bytes + 16 bytes tag */
word32 ctSz;
word32 j;
byte tag[ASCON_AEAD128_TAG_SZ];
byte buf[32]; /* longest buffer we test is 32 bytes */
XMEMSET(key, 0, sizeof(key));
XMEMSET(nonce, 0, sizeof(nonce));
XMEMSET(pt, 0, sizeof(pt));
XMEMSET(ad, 0, sizeof(ad));
XMEMSET(ct, 0, sizeof(ct));
XMEMSET(tag, 0, sizeof(tag));
/* Convert HEX strings to byte stream */
for (j = 0; aead_kat[i][0][j] != '\0'; j += 2) {
key[j/2] = HexCharToByte(aead_kat[i][0][j]) << 4 |
HexCharToByte(aead_kat[i][0][j+1]);
}
for (j = 0; aead_kat[i][1][j] != '\0'; j += 2) {
nonce[j/2] = HexCharToByte(aead_kat[i][1][j]) << 4 |
HexCharToByte(aead_kat[i][1][j+1]);
}
for (j = 0; aead_kat[i][2][j] != '\0'; j += 2) {
pt[j/2] = HexCharToByte(aead_kat[i][2][j]) << 4 |
HexCharToByte(aead_kat[i][2][j+1]);
}
ptSz = j/2;
for (j = 0; aead_kat[i][3][j] != '\0'; j += 2) {
ad[j/2] = HexCharToByte(aead_kat[i][3][j]) << 4 |
HexCharToByte(aead_kat[i][3][j+1]);
}
adSz = j/2;
for (j = 0; aead_kat[i][4][j] != '\0'; j += 2) {
ct[j/2] = HexCharToByte(aead_kat[i][4][j]) << 4 |
HexCharToByte(aead_kat[i][4][j+1]);
}
ctSz = j/2 - ASCON_AEAD128_TAG_SZ;
for (j = 0; j < 4; j++) {
err = wc_AsconAEAD128_Init(&asconAEAD);
if (err != 0)
return WC_TEST_RET_ENC_EC(err);
err = wc_AsconAEAD128_SetKey(&asconAEAD, key);
if (err != 0)
return WC_TEST_RET_ENC_EC(err);
err = wc_AsconAEAD128_SetNonce(&asconAEAD, nonce);
if (err != 0)
return WC_TEST_RET_ENC_EC(err);
err = wc_AsconAEAD128_SetAD(&asconAEAD, ad, adSz);
if (err != 0)
return WC_TEST_RET_ENC_EC(err);
if (j == 0) {
/* Encryption test */
err = wc_AsconAEAD128_EncryptUpdate(&asconAEAD, buf, pt, ptSz);
if (err != 0)
return WC_TEST_RET_ENC_EC(err);
if (XMEMCMP(buf, ct, ptSz) != 0)
return WC_TEST_RET_ENC_NC;
err = wc_AsconAEAD128_EncryptFinal(&asconAEAD, tag);
if (err != 0)
return WC_TEST_RET_ENC_EC(err);
if (XMEMCMP(tag, ct + ptSz, ASCON_AEAD128_TAG_SZ) != 0)
return WC_TEST_RET_ENC_NC;
}
else if (j == 1) {
/* Decryption test */
err = wc_AsconAEAD128_DecryptUpdate(&asconAEAD, buf, ct, ctSz);
if (err != 0)
return WC_TEST_RET_ENC_EC(err);
if (XMEMCMP(buf, pt, ctSz) != 0)
return WC_TEST_RET_ENC_NC;
err = wc_AsconAEAD128_DecryptFinal(&asconAEAD, ct + ctSz);
if (err != 0)
return WC_TEST_RET_ENC_EC(err);
}
else if (j == 2) {
/* Split encryption test */
err = wc_AsconAEAD128_EncryptUpdate(&asconAEAD, buf, pt,
ptSz/2);
if (err != 0)
return WC_TEST_RET_ENC_EC(err);
err = wc_AsconAEAD128_EncryptUpdate(&asconAEAD, buf + (ptSz/2),
pt + (ptSz/2), ptSz - (ptSz/2));
if (err != 0)
return WC_TEST_RET_ENC_EC(err);
if (XMEMCMP(buf, ct, ptSz) != 0)
return WC_TEST_RET_ENC_NC;
err = wc_AsconAEAD128_EncryptFinal(&asconAEAD, tag);
if (err != 0)
return WC_TEST_RET_ENC_EC(err);
if (XMEMCMP(tag, ct + ptSz, ASCON_AEAD128_TAG_SZ) != 0)
return WC_TEST_RET_ENC_NC;
}
else if (j == 3) {
/* Split decryption test */
err = wc_AsconAEAD128_DecryptUpdate(&asconAEAD, buf, ct,
ctSz/2);
if (err != 0)
return WC_TEST_RET_ENC_EC(err);
err = wc_AsconAEAD128_DecryptUpdate(&asconAEAD, buf + (ctSz/2),
ct + (ctSz/2), ctSz - (ctSz/2));
if (err != 0)
return WC_TEST_RET_ENC_EC(err);
if (XMEMCMP(buf, pt, ctSz) != 0)
return WC_TEST_RET_ENC_NC;
err = wc_AsconAEAD128_DecryptFinal(&asconAEAD, ct + ctSz);
if (err != 0)
return WC_TEST_RET_ENC_EC(err);
}
wc_AsconAEAD128_Clear(&asconAEAD);
}
}
/* Negative test: corrupted tag must be rejected with ASCON_AUTH_E. */
{
byte tkey[ASCON_AEAD128_KEY_SZ];
byte tnonce[ASCON_AEAD128_NONCE_SZ];
byte tpt[4] = { 0x00, 0x01, 0x02, 0x03 };
byte tct[4];
byte ttag[ASCON_AEAD128_TAG_SZ];
byte tbuf[4];
XMEMSET(tkey, 0xAA, sizeof(tkey));
XMEMSET(tnonce, 0xBB, sizeof(tnonce));
err = wc_AsconAEAD128_Init(&asconAEAD);
if (err != 0) return WC_TEST_RET_ENC_EC(err);
err = wc_AsconAEAD128_SetKey(&asconAEAD, tkey);
if (err != 0) return WC_TEST_RET_ENC_EC(err);
err = wc_AsconAEAD128_SetNonce(&asconAEAD, tnonce);
if (err != 0) return WC_TEST_RET_ENC_EC(err);
err = wc_AsconAEAD128_SetAD(&asconAEAD, NULL, 0);
if (err != 0) return WC_TEST_RET_ENC_EC(err);
err = wc_AsconAEAD128_EncryptUpdate(&asconAEAD, tct, tpt, sizeof(tpt));
if (err != 0) return WC_TEST_RET_ENC_EC(err);
err = wc_AsconAEAD128_EncryptFinal(&asconAEAD, ttag);
if (err != 0) return WC_TEST_RET_ENC_EC(err);
/* Corrupt one byte of the tag. */
ttag[0] ^= 0x01;
err = wc_AsconAEAD128_Init(&asconAEAD);
if (err != 0) return WC_TEST_RET_ENC_EC(err);
err = wc_AsconAEAD128_SetKey(&asconAEAD, tkey);
if (err != 0) return WC_TEST_RET_ENC_EC(err);
err = wc_AsconAEAD128_SetNonce(&asconAEAD, tnonce);
if (err != 0) return WC_TEST_RET_ENC_EC(err);
err = wc_AsconAEAD128_SetAD(&asconAEAD, NULL, 0);
if (err != 0) return WC_TEST_RET_ENC_EC(err);
err = wc_AsconAEAD128_DecryptUpdate(&asconAEAD, tbuf, tct, sizeof(tct));
if (err != 0) return WC_TEST_RET_ENC_EC(err);
err = wc_AsconAEAD128_DecryptFinal(&asconAEAD, ttag);
if (err != WC_NO_ERR_TRACE(ASCON_AUTH_E)) {
return WC_TEST_RET_ENC_EC(err);
}
wc_AsconAEAD128_Clear(&asconAEAD);
}
return 0;
}
#endif /* HAVE_ASCON */
#ifndef NO_DES3
static wc_test_ret_t des_cbc_test(Des* enc, Des* dec)
{
WOLFSSL_SMALL_STACK_STATIC const byte vector[] = { /* "now is the time for all " w/o trailing 0 */
0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
};
byte plain[24];
byte cipher[24];
WOLFSSL_SMALL_STACK_STATIC const byte key[] =
{
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
};
WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
{
0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef
};
WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
{
0x8b,0x7c,0x52,0xb0,0x01,0x2b,0x6c,0xb8,
0x4f,0x0f,0xeb,0xf3,0xfb,0x5f,0x86,0x73,
0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b
};
wc_test_ret_t ret;
ret = wc_Des_SetKey(enc, key, iv, DES_ENCRYPTION);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Des_CbcEncrypt(enc, cipher, vector, sizeof(vector));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Des_SetKey(dec, key, iv, DES_DECRYPTION);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Des_CbcDecrypt(dec, plain, cipher, sizeof(cipher));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(plain, vector, sizeof(plain)))
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(cipher, verify, sizeof(cipher)))
return WC_TEST_RET_ENC_NC;
ret = wc_Des_CbcEncryptWithKey(cipher, vector, sizeof(vector), key, iv);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
return 0;
}
#ifdef WOLFSSL_DES_ECB
static wc_test_ret_t des_ecb_test(Des* enc, Des* dec)
{
/* "Stay strong and move on!"" */
WOLFSSL_SMALL_STACK_STATIC const byte vector_ecb[] =
{
0x53,0x74,0x61,0x79,0x20,0x73,0x74,0x72,
0x6F,0x6E,0x67,0x20,0x61,0x6E,0x64,0x20,
0x6D,0x6F,0x76,0x65,0x20,0x6F,0x6E,0x21
};
WOLFSSL_SMALL_STACK_STATIC const byte verify_ecb[] =
{
0x70,0x4F,0x20,0xF6,0x72,0xB4,0xD0,0x2A,
0xB5,0xA9,0x94,0x9F,0x11,0xCF,0x87,0xED,
0x13,0x33,0x82,0xCB,0x8B,0xF1,0x82,0x56
};
/* "Lemmings" */
WOLFSSL_SMALL_STACK_STATIC const byte key_ecb[] =
{
0x4C,0x65,0x6D,0x6D,0x69,0x6E,0x67,0x73
};
WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
{
0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef
};
byte plain[24];
byte cipher[24];
wc_test_ret_t ret;
ret = wc_Des_SetKey(enc, key_ecb, iv, DES_ENCRYPTION);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Des_EcbEncrypt(enc, cipher, vector_ecb, sizeof(vector_ecb));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Des_SetKey(dec, key_ecb, iv, DES_DECRYPTION);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Des_EcbDecrypt(dec, plain, cipher, sizeof(cipher));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(plain, vector_ecb, sizeof(plain)))
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(cipher, verify_ecb, sizeof(cipher)))
return WC_TEST_RET_ENC_NC;
return 0;
}
#endif /* WOLFSSL_DES_ECB */
#if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_SHA)
static wc_test_ret_t des_key_wrap_test(void)
{
WOLFSSL_SMALL_STACK_STATIC const byte key[] =
{
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
};
WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
{
0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef
};
byte cipher[24];
EncryptedInfo info;
wc_test_ret_t ret;
XMEMSET(&info, 0, sizeof(EncryptedInfo));
XMEMCPY(info.iv, iv, sizeof(iv));
info.ivSz = sizeof(iv);
info.keySz = sizeof(key);
info.cipherType = WC_CIPHER_DES;
ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key,
sizeof(key), WC_HASH_TYPE_SHA);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* Test invalid info ptr */
ret = wc_BufferKeyEncrypt(NULL, cipher, sizeof(cipher), key,
sizeof(key), WC_HASH_TYPE_SHA);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
#ifndef NO_PWDBASED
/* Test invalid hash type - only applies to wc_PBKDF1 call */
ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key,
sizeof(key), WC_HASH_TYPE_NONE);
if (ret == 0)
return WC_TEST_RET_ENC_EC(ret);
#endif /* !NO_PWDBASED */
return 0;
}
#endif /* WOLFSSL_ENCRYPTED_KEYS && !NO_SHA */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des_test(void)
{
wc_test_ret_t ret;
Des enc;
Des dec;
WOLFSSL_ENTER("des_test");
ret = des_cbc_test(&enc, &dec);
if (ret != 0)
return ret;
#ifdef WOLFSSL_DES_ECB
ret = des_ecb_test(&enc, &dec);
if (ret != 0)
return ret;
#endif
#if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_SHA)
ret = des_key_wrap_test();
if (ret != 0)
return ret;
#endif
return 0;
}
#endif /* !NO_DES3 */
#ifndef NO_DES3
static wc_test_ret_t des3_cbc_test(Des3* enc, Des3* dec)
{
WOLFSSL_SMALL_STACK_STATIC const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */
0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
};
byte plain[24];
byte cipher[24];
WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
{
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
};
WOLFSSL_SMALL_STACK_STATIC const byte iv3[] =
{
0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
};
WOLFSSL_SMALL_STACK_STATIC const byte verify3[] =
{
0x43,0xa0,0x29,0x7e,0xd1,0x84,0xf8,0x0e,
0x89,0x64,0x84,0x32,0x12,0xd5,0x08,0x98,
0x18,0x94,0x15,0x74,0x87,0x12,0x7d,0xb0
};
wc_test_ret_t ret;
ret = wc_Des3_SetKey(enc, key3, iv3, DES_ENCRYPTION);
if (ret != 0)
return ret;
ret = wc_Des3_SetKey(dec, key3, iv3, DES_DECRYPTION);
if (ret != 0)
return ret;
ret = wc_Des3_CbcEncrypt(enc, cipher, vector, sizeof(vector));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
return ret;
ret = wc_Des3_CbcDecrypt(dec, plain, cipher, sizeof(cipher));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
return ret;
if (XMEMCMP(plain, vector, sizeof(plain)))
ret = WC_TEST_RET_ENC_NC;
else if (XMEMCMP(cipher, verify3, sizeof(cipher)))
ret = WC_TEST_RET_ENC_NC;
return ret;
}
#ifdef WOLFSSL_DES_ECB
static wc_test_ret_t des3_ecb_test(Des3* enc, Des3* dec)
{
/* Stay strong and move on! */
WOLFSSL_SMALL_STACK_STATIC const byte vector_ecb[] =
{
0x53,0x74,0x61,0x79,0x20,0x73,0x74,0x72,
0x6F,0x6E,0x67,0x20,0x61,0x6E,0x64,0x20,
0x6D,0x6F,0x76,0x65,0x20,0x6F,0x6E,0x21
};
WOLFSSL_SMALL_STACK_STATIC const byte verify3_ecb[] =
{
0x45,0x7E,0xFA,0xA1,0x05,0xDD,0x48,0x86,
0x4D,0xB2,0xAB,0xE4,0xF9,0x63,0xD6,0x54,
0x7C,0x5A,0xB3,0x67,0x32,0x25,0x67,0x3D
};
/* "Life is what you make it" */
WOLFSSL_SMALL_STACK_STATIC const byte key3_ecb[] =
{
0x4C,0x69,0x66,0x65,0x20,0x69,0x73,0x20,
0x77,0x68,0x61,0x74,0x20,0x79,0x6F,0x75,
0x20,0x6D,0x61,0x6B,0x65,0x20,0x69,0x74
};
byte plain[24];
byte cipher[24];
wc_test_ret_t ret;
ret = wc_Des3_SetKey(enc, key3_ecb, NULL, DES_ENCRYPTION);
if (ret != 0)
return ret;
ret = wc_Des3_SetKey(dec, key3_ecb, NULL, DES_DECRYPTION);
if (ret != 0)
return ret;
ret = wc_Des3_EcbEncrypt(enc, cipher, vector_ecb, sizeof(vector_ecb));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
return ret;
ret = wc_Des3_EcbDecrypt(dec, plain, cipher, sizeof(cipher));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
return ret;
if (XMEMCMP(plain, vector_ecb, sizeof(plain)))
ret = WC_TEST_RET_ENC_NC;
else if (XMEMCMP(cipher, verify3_ecb, sizeof(cipher)))
ret = WC_TEST_RET_ENC_NC;
return ret;
}
#endif /* WOLFSSL_DES_ECB */
#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
static wc_test_ret_t des3_openssl_test(void)
{
WOLFSSL_SMALL_STACK_STATIC const byte vector[] = {
0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
};
WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
{
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
};
WOLFSSL_SMALL_STACK_STATIC const byte iv3[] =
{
0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
};
WOLFSSL_SMALL_STACK_STATIC const byte verify3[] =
{
0x43,0xa0,0x29,0x7e,0xd1,0x84,0xf8,0x0e,
0x89,0x64,0x84,0x32,0x12,0xd5,0x08,0x98,
0x18,0x94,0x15,0x74,0x87,0x12,0x7d,0xb0
};
byte plain[24];
byte cipher[24];
size_t i;
/* test the same vectors with using compatibility layer */
for (i = 0; i < sizeof(vector); i += DES_BLOCK_SIZE) {
WOLFSSL_DES_key_schedule ks1;
WOLFSSL_DES_key_schedule ks2;
WOLFSSL_DES_key_schedule ks3;
WOLFSSL_DES_cblock iv4;
byte tmp[sizeof(vector)];
XMEMCPY(ks1, key3, sizeof(WOLFSSL_DES_key_schedule));
XMEMCPY(ks2, key3 + 8, sizeof(WOLFSSL_DES_key_schedule));
XMEMCPY(ks3, key3 + 16, sizeof(WOLFSSL_DES_key_schedule));
XMEMSET(plain, 0, sizeof(plain));
XMEMSET(cipher, 0, sizeof(cipher));
/* Test in-place encrypt/decrypt */
XMEMCPY(tmp, vector, sizeof(vector));
/* Use i as the splitter */
XMEMCPY(iv4, iv3, sizeof(WOLFSSL_DES_cblock));
wolfSSL_DES_ede3_cbc_encrypt(tmp, tmp, (long)i, &ks1, &ks2, &ks3,
&iv4, WC_DES_ENCRYPT);
wolfSSL_DES_ede3_cbc_encrypt(tmp + i, tmp + i, (long)(sizeof(vector) - i),
&ks1, &ks2, &ks3, &iv4, WC_DES_ENCRYPT);
XMEMCPY(cipher, tmp, sizeof(cipher));
XMEMCPY(iv4, iv3, sizeof(WOLFSSL_DES_cblock));
wolfSSL_DES_ede3_cbc_encrypt(tmp, tmp, (long)i, &ks1, &ks2, &ks3,
&iv4, WC_DES_DECRYPT);
wolfSSL_DES_ede3_cbc_encrypt(tmp + i, tmp + i, (long)(sizeof(cipher) - i),
&ks1, &ks2, &ks3, &iv4, WC_DES_DECRYPT);
XMEMCPY(plain, tmp, sizeof(plain));
if (XMEMCMP(plain, vector, sizeof(plain)))
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(cipher, verify3, sizeof(cipher)))
return WC_TEST_RET_ENC_NC;
}
return 0;
}
#endif /* OPENSSL_EXTRA && !WOLFCRYPT_ONLY */
#if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_SHA)
static wc_test_ret_t des3_key_wrap_test(void)
{
WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
{
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
};
WOLFSSL_SMALL_STACK_STATIC const byte iv3[] =
{
0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
};
byte cipher[24];
EncryptedInfo info;
wc_test_ret_t ret;
XMEMSET(&info, 0, sizeof(EncryptedInfo));
XMEMCPY(info.iv, iv3, sizeof(iv3));
info.ivSz = sizeof(iv3);
info.keySz = sizeof(key3);
info.cipherType = WC_CIPHER_DES3;
ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key3,
sizeof(key3), WC_HASH_TYPE_SHA);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
return 0;
}
#endif /* WOLFSSL_ENCRYPTED_KEYS && !NO_SHA */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des3_test(void)
{
wc_test_ret_t ret;
Des3 enc;
Des3 dec;
WOLFSSL_ENTER("des3_test");
ret = wc_Des3Init(&enc, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Des3Init(&dec, HEAP_HINT, devId);
if (ret != 0) {
wc_Des3Free(&enc);
return WC_TEST_RET_ENC_EC(ret);
}
ret = des3_cbc_test(&enc, &dec);
if (ret != 0)
goto out;
#ifdef WOLFSSL_DES_ECB
ret = des3_ecb_test(&enc, &dec);
if (ret != 0)
goto out;
#endif
#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
ret = des3_openssl_test();
if (ret != 0)
goto out;
#endif
#if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_SHA)
ret = des3_key_wrap_test();
if (ret != 0)
goto out;
#endif
ret = 0;
out:
wc_Des3Free(&enc);
wc_Des3Free(&dec);
return ret;
}
#endif /* NO_DES3 */
/* source code reference point -- see print_fiducials() below. */
static WC_MAYBE_UNUSED const int fiducial1 = WC_TEST_RET_LN;
#ifndef NO_AES
#if defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_CFB) || \
defined(WOLFSSL_AES_XTS)
#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
&& !defined(HAVE_SELFTEST)
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
/* pass in the function, key, iv, plain text and expected and this function
* tests that the encryption and decryption is successful */
static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key,
const byte* iv, const byte* plain, int plainSz,
const byte* expected, int expectedSz)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
WOLFSSL_EVP_CIPHER_CTX *ctx = NULL;
#else
WOLFSSL_EVP_CIPHER_CTX ctx[1];
#endif
int ctx_inited = 0;
int idx, cipherSz;
wc_test_ret_t ret = 0;
byte* cipher;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if ((ctx = wolfSSL_EVP_CIPHER_CTX_new()) == NULL)
return MEMORY_E;
#endif
cipher = (byte*)XMALLOC((size_t)plainSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (cipher == NULL) {
ret = WC_TEST_RET_ENC_ERRNO;
goto EVP_TEST_END;
}
/* test encrypt */
wolfSSL_EVP_CIPHER_CTX_init(ctx);
ctx_inited = 1;
if (wolfSSL_EVP_CipherInit(ctx, type, key, iv, 1) == 0) {
ret = WC_TEST_RET_ENC_NC;
goto EVP_TEST_END;
}
if (wolfSSL_EVP_CipherUpdate(ctx, cipher, &idx, plain, expectedSz) == 0) {
ret = WC_TEST_RET_ENC_NC;
goto EVP_TEST_END;
}
cipherSz = idx;
if (wolfSSL_EVP_CipherFinal(ctx, cipher + cipherSz, &idx) == 0) {
ret = WC_TEST_RET_ENC_NC;
goto EVP_TEST_END;
}
cipherSz += idx;
if (XMEMCMP(cipher, expected, (size_t)plainSz)) {
ret = WC_TEST_RET_ENC_NC;
goto EVP_TEST_END;
}
ret = wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
ctx_inited = 0;
if (ret == WOLFSSL_SUCCESS)
ret = 0;
else {
ret = WC_TEST_RET_ENC_NC;
goto EVP_TEST_END;
}
/* test decrypt */
wolfSSL_EVP_CIPHER_CTX_init(ctx);
ctx_inited = 1;
if (wolfSSL_EVP_CipherInit(ctx, type, key, iv, 0) == 0) {
ret = WC_TEST_RET_ENC_NC;
goto EVP_TEST_END;
}
if (wolfSSL_EVP_CipherUpdate(ctx, cipher, &idx, cipher, expectedSz) == 0) {
ret = WC_TEST_RET_ENC_NC;
goto EVP_TEST_END;
}
cipherSz = idx;
if (wolfSSL_EVP_CipherFinal(ctx, cipher + cipherSz, &idx) == 0) {
ret = WC_TEST_RET_ENC_NC;
goto EVP_TEST_END;
}
cipherSz += idx;
if ((expectedSz != cipherSz) || XMEMCMP(plain, cipher, (size_t)plainSz)) {
ret = WC_TEST_RET_ENC_NC;
goto EVP_TEST_END;
}
EVP_TEST_END:
XFREE(cipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
(void)cipherSz;
if (ctx_inited) {
int cleanup_ret = wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
if (cleanup_ret != WOLFSSL_SUCCESS)
ret = WC_TEST_RET_ENC_NC;
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
wolfSSL_EVP_CIPHER_CTX_free(ctx);
#endif
return ret;
}
#endif /* !HAVE_FIPS || FIPS_VERSION3_GE(6,0,0) */
#endif /* OPENSSL_EXTRA && !WOLFCRYPT_ONLY && !HAVE_SELFTEST */
#endif /* WOLFSSL_AES_OFB || WOLFSSL_AES_CFB */
/* For tests that conditionally pass dec/plain only when HAVE_AES_DECRYPT is on. */
#ifdef HAVE_AES_DECRYPT
#define WC_TEST_AES_DEC(x) (x)
#else
#define WC_TEST_AES_DEC(x) NULL
#endif
#ifdef WOLFSSL_AES_OFB
/* test vectors from https://csrc.nist.gov/Projects/cryptographic-algorithm-validation-program/Block-Ciphers */
#ifdef WOLFSSL_AES_128
static wc_test_ret_t aes_ofb_128_test(Aes* enc, Aes* dec, byte* cipher,
byte* plain)
{
WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
{
0x10,0xa5,0x88,0x69,0xd7,0x4b,0xe5,0xa3,
0x74,0xcf,0x86,0x7c,0xfb,0x47,0x38,0x59
};
WOLFSSL_SMALL_STACK_STATIC const byte iv2[] =
{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
};
WOLFSSL_SMALL_STACK_STATIC const byte plain2[] =
{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
};
WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] =
{
0x6d,0x25,0x1e,0x69,0x44,0xb0,0x51,0xe0,
0x4e,0xaa,0x6f,0xb4,0xdb,0xf7,0x84,0x65
};
wc_test_ret_t ret;
#ifndef HAVE_AES_DECRYPT
(void)dec;
(void)plain;
#endif
#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
&& !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
ret = EVP_test(wolfSSL_EVP_aes_128_ofb(), key2, iv2, plain2, sizeof(plain2),
cipher2, sizeof(cipher2));
if (ret != 0)
return ret;
#endif
ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesSetKey(dec, key2, sizeof(key2), iv2, AES_ENCRYPTION);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#endif
XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE * 4);
ret = wc_AesOfbEncrypt(enc, cipher, plain2, WC_AES_BLOCK_SIZE);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(cipher, cipher2, WC_AES_BLOCK_SIZE))
return WC_TEST_RET_ENC_NC;
#ifdef HAVE_AES_DECRYPT
ret = wc_AesOfbDecrypt(dec, plain, cipher2, WC_AES_BLOCK_SIZE);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(plain, plain2, WC_AES_BLOCK_SIZE))
return WC_TEST_RET_ENC_NC;
#endif /* HAVE_AES_DECRYPT */
return 0;
}
static wc_test_ret_t aes_ofb_128_stream_test(Aes* enc, Aes* dec, byte* cipher,
byte* plain)
{
WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
{
0x10,0xa5,0x88,0x69,0xd7,0x4b,0xe5,0xa3,
0x74,0xcf,0x86,0x7c,0xfb,0x47,0x38,0x59
};
WOLFSSL_SMALL_STACK_STATIC const byte iv2[] =
{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
};
WOLFSSL_SMALL_STACK_STATIC const byte plain2[] =
{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
};
WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] =
{
0x6d,0x25,0x1e,0x69,0x44,0xb0,0x51,0xe0,
0x4e,0xaa,0x6f,0xb4,0xdb,0xf7,0x84,0x65
};
wc_test_ret_t ret;
#ifndef HAVE_AES_DECRYPT
(void)dec;
(void)plain;
#endif
/* Single block in two 8-byte calls */
ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesSetKey(dec, key2, sizeof(key2), iv2, AES_ENCRYPTION);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#endif
XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE * 4);
ret = wc_AesOfbEncrypt(enc, cipher, plain2, 8);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(cipher, cipher2, 8))
return WC_TEST_RET_ENC_NC;
ret = wc_AesOfbEncrypt(enc, cipher + 8, plain2 + 8, 8);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(cipher + 8, cipher2 + 8, 8))
return WC_TEST_RET_ENC_NC;
#ifdef HAVE_AES_DECRYPT
ret = wc_AesOfbDecrypt(dec, plain, cipher2, 8);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(plain, plain2, 8))
return WC_TEST_RET_ENC_NC;
ret = wc_AesOfbDecrypt(dec, plain + 8, cipher2 + 8, 8);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(plain + 8, plain2 + 8, 8))
return WC_TEST_RET_ENC_NC;
#endif /* HAVE_AES_DECRYPT */
return 0;
}
#endif /* WOLFSSL_AES_128 */
#ifdef WOLFSSL_AES_192
static wc_test_ret_t aes_ofb_192_test(Aes* enc, Aes* dec, byte* cipher,
byte* plain)
{
WOLFSSL_SMALL_STACK_STATIC const byte key3[] = {
0xd0,0x77,0xa0,0x3b,0xd8,0xa3,0x89,0x73,
0x92,0x8c,0xca,0xfe,0x4a,0x9d,0x2f,0x45,
0x51,0x30,0xbd,0x0a,0xf5,0xae,0x46,0xa9
};
WOLFSSL_SMALL_STACK_STATIC const byte iv3[] =
{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
};
WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] =
{
0xab,0xc7,0x86,0xfb,0x1e,0xdb,0x50,0x45,
0x80,0xc4,0xd8,0x82,0xef,0x29,0xa0,0xc7
};
WOLFSSL_SMALL_STACK_STATIC const byte plain3[] =
{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
};
wc_test_ret_t ret;
#ifndef HAVE_AES_DECRYPT
(void)dec;
(void)plain;
#endif
#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
&& !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
ret = EVP_test(wolfSSL_EVP_aes_192_ofb(), key3, iv3, plain3, sizeof(plain3),
cipher3, sizeof(cipher3));
if (ret != 0)
return ret;
#endif
ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesSetKey(dec, key3, sizeof(key3), iv3, AES_ENCRYPTION);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#endif
XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE * 4);
ret = wc_AesOfbEncrypt(enc, cipher, plain3, WC_AES_BLOCK_SIZE);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(cipher, cipher3, WC_AES_BLOCK_SIZE))
return WC_TEST_RET_ENC_NC;
#ifdef HAVE_AES_DECRYPT
ret = wc_AesOfbDecrypt(dec, plain, cipher3, WC_AES_BLOCK_SIZE);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(plain, plain3, WC_AES_BLOCK_SIZE))
return WC_TEST_RET_ENC_NC;
#endif /* HAVE_AES_DECRYPT */
return 0;
}
static wc_test_ret_t aes_ofb_192_stream_test(Aes* enc, Aes* dec, byte* cipher,
byte* plain)
{
WOLFSSL_SMALL_STACK_STATIC const byte key3[] = {
0xd0,0x77,0xa0,0x3b,0xd8,0xa3,0x89,0x73,
0x92,0x8c,0xca,0xfe,0x4a,0x9d,0x2f,0x45,
0x51,0x30,0xbd,0x0a,0xf5,0xae,0x46,0xa9
};
WOLFSSL_SMALL_STACK_STATIC const byte iv3[] =
{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
};
WOLFSSL_SMALL_STACK_STATIC const byte plain3[] =
{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
};
WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] =
{
0xab,0xc7,0x86,0xfb,0x1e,0xdb,0x50,0x45,
0x80,0xc4,0xd8,0x82,0xef,0x29,0xa0,0xc7
};
wc_test_ret_t ret;
#ifndef HAVE_AES_DECRYPT
(void)dec;
(void)plain;
#endif
/* Single block in two 8-byte calls */
ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesSetKey(dec, key3, sizeof(key3), iv3, AES_ENCRYPTION);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#endif
XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE * 4);
ret = wc_AesOfbEncrypt(enc, cipher, plain3, 8);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(cipher, cipher3, 8))
return WC_TEST_RET_ENC_NC;
ret = wc_AesOfbEncrypt(enc, cipher + 8, plain3 + 8, 8);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(cipher + 8, cipher3 + 8, 8))
return WC_TEST_RET_ENC_NC;
#ifdef HAVE_AES_DECRYPT
ret = wc_AesOfbDecrypt(dec, plain, cipher3, 8);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(plain, plain3, 8))
return WC_TEST_RET_ENC_NC;
ret = wc_AesOfbDecrypt(dec, plain + 8, cipher3 + 8, 8);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(plain + 8, plain3 + 8, 8))
return WC_TEST_RET_ENC_NC;
#endif /* HAVE_AES_DECRYPT */
return 0;
}
#endif /* WOLFSSL_AES_192 */
#ifdef WOLFSSL_AES_256
static wc_test_ret_t aes_ofb_256_test(Aes* enc, Aes* dec, byte* cipher,
byte* plain)
{
WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
{
0xc4,0xc7,0xfa,0xd6,0x53,0x5c,0xb8,0x71,
0x4a,0x5c,0x40,0x77,0x9a,0x8b,0xa1,0xd2,
0x53,0x3e,0x23,0xb4,0xb2,0x58,0x73,0x2a,
0x5b,0x78,0x01,0xf4,0xe3,0x71,0xa7,0x94
};
WOLFSSL_SMALL_STACK_STATIC const byte iv1[] =
{
0x5e,0xb9,0x33,0x13,0xb8,0x71,0xff,0x16,
0xb9,0x8a,0x9b,0xcb,0x43,0x33,0x0d,0x6f
};
WOLFSSL_SMALL_STACK_STATIC const byte plain1[] =
{
0x6d,0x0b,0xb0,0x79,0x63,0x84,0x71,0xe9,
0x39,0xd4,0x53,0x14,0x86,0xc1,0x4c,0x25,
0x9a,0xee,0xc6,0xf3,0xc0,0x0d,0xfd,0xd6,
0xc0,0x50,0xa8,0xba,0xa8,0x20,0xdb,0x71,
0xcc,0x12,0x2c,0x4e,0x0c,0x17,0x15,0xef,
0x55,0xf3,0x99,0x5a,0x6b,0xf0,0x2a,0x4c
};
WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
{
0x0f,0x54,0x61,0x71,0x59,0xd0,0x3f,0xfc,
0x1b,0xfa,0xfb,0x60,0x29,0x30,0xd7,0x00,
0xf4,0xa4,0xa8,0xe6,0xdd,0x93,0x94,0x46,
0x64,0xd2,0x19,0xc4,0xc5,0x4d,0xde,0x1b,
0x04,0x53,0xe1,0x73,0xf5,0x18,0x74,0xae,
0xfd,0x64,0xa2,0xe1,0xe2,0x76,0x13,0xb0
};
wc_test_ret_t ret;
#ifndef HAVE_AES_DECRYPT
(void)dec;
(void)plain;
#endif
#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
&& !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
ret = EVP_test(wolfSSL_EVP_aes_256_ofb(), key1, iv1, plain1, sizeof(plain1),
cipher1, sizeof(cipher1));
if (ret != 0)
return ret;
#endif
/* Single block, two separate calls */
ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#endif
XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE * 4);
ret = wc_AesOfbEncrypt(enc, cipher, plain1, WC_AES_BLOCK_SIZE);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(cipher, cipher1, WC_AES_BLOCK_SIZE))
return WC_TEST_RET_ENC_NC;
ret = wc_AesOfbEncrypt(enc, cipher + WC_AES_BLOCK_SIZE,
plain1 + WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#ifndef WOLFSSL_NXP_HASHCRYPT_AES
if (XMEMCMP(cipher + WC_AES_BLOCK_SIZE, cipher1 + WC_AES_BLOCK_SIZE,
WC_AES_BLOCK_SIZE))
return WC_TEST_RET_ENC_NC;
#endif /* !WOLFSSL_NXP_HASHCRYPT_AES */
#ifdef HAVE_AES_DECRYPT
ret = wc_AesOfbDecrypt(dec, plain, cipher1, WC_AES_BLOCK_SIZE);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(plain, plain1, WC_AES_BLOCK_SIZE))
return WC_TEST_RET_ENC_NC;
ret = wc_AesOfbDecrypt(dec, plain + WC_AES_BLOCK_SIZE,
cipher1 + WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#ifndef WOLFSSL_NXP_HASHCRYPT_AES
if (XMEMCMP(plain + WC_AES_BLOCK_SIZE, plain1 + WC_AES_BLOCK_SIZE,
WC_AES_BLOCK_SIZE))
return WC_TEST_RET_ENC_NC;
#endif /* !WOLFSSL_NXP_HASHCRYPT_AES */
#endif /* HAVE_AES_DECRYPT */
/* Multiple blocks at once */
ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#endif
XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE * 4);
ret = wc_AesOfbEncrypt(enc, cipher, plain1, WC_AES_BLOCK_SIZE * 3);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(cipher, cipher1, WC_AES_BLOCK_SIZE * 3))
return WC_TEST_RET_ENC_NC;
#ifdef HAVE_AES_DECRYPT
ret = wc_AesOfbDecrypt(dec, plain, cipher1, WC_AES_BLOCK_SIZE * 3);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(plain, plain1, WC_AES_BLOCK_SIZE * 3))
return WC_TEST_RET_ENC_NC;
#endif /* HAVE_AES_DECRYPT */
/* Inline decrypt/encrypt */
ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#endif
XMEMCPY(cipher, plain1, WC_AES_BLOCK_SIZE * 2);
ret = wc_AesOfbEncrypt(enc, cipher, cipher, WC_AES_BLOCK_SIZE * 2);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(cipher, cipher1, WC_AES_BLOCK_SIZE * 2))
return WC_TEST_RET_ENC_NC;
#ifdef HAVE_AES_DECRYPT
ret = wc_AesOfbDecrypt(dec, cipher, cipher, WC_AES_BLOCK_SIZE * 2);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(cipher, plain1, WC_AES_BLOCK_SIZE * 2))
return WC_TEST_RET_ENC_NC;
#endif /* HAVE_AES_DECRYPT */
/* Leftover (sub-block) support */
ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#endif
XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE * 4);
ret = wc_AesOfbEncrypt(enc, cipher, plain1, 3);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(cipher, cipher1, 3))
return WC_TEST_RET_ENC_NC;
ret = wc_AesOfbEncrypt(enc, cipher + 3, plain1 + 3, WC_AES_BLOCK_SIZE);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#ifndef WOLFSSL_NXP_HASHCRYPT_AES
if (XMEMCMP(cipher + 3, cipher1 + 3, WC_AES_BLOCK_SIZE))
return WC_TEST_RET_ENC_NC;
#endif /* !WOLFSSL_NXP_HASHCRYPT_AES */
#ifdef HAVE_AES_DECRYPT
ret = wc_AesOfbDecrypt(dec, plain, cipher1, 6);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(plain, plain1, 6))
return WC_TEST_RET_ENC_NC;
ret = wc_AesOfbDecrypt(dec, plain + 6, cipher1 + 6, WC_AES_BLOCK_SIZE);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#ifndef WOLFSSL_NXP_HASHCRYPT_AES
if (XMEMCMP(plain + 6, plain1 + 6, WC_AES_BLOCK_SIZE))
return WC_TEST_RET_ENC_NC;
#endif /* !WOLFSSL_NXP_HASHCRYPT_AES */
#endif /* HAVE_AES_DECRYPT */
return 0;
}
#endif /* WOLFSSL_AES_256 */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesofb_test(void)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
Aes *enc = NULL;
#else
Aes enc[1];
#endif
byte cipher[WC_AES_BLOCK_SIZE * 4];
#ifdef HAVE_AES_DECRYPT
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
Aes *dec = NULL;
#else
Aes dec[1];
#endif
byte plain[WC_AES_BLOCK_SIZE * 4];
#endif
wc_test_ret_t ret = 0;
WOLFSSL_ENTER("aesofb_test");
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
enc = wc_AesNew(HEAP_HINT, devId, &ret);
if (enc == NULL)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#else
XMEMSET(enc, 0, sizeof(Aes));
ret = wc_AesInit(enc, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#ifdef HAVE_AES_DECRYPT
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
dec = wc_AesNew(HEAP_HINT, devId, &ret);
if (dec == NULL)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#else
XMEMSET(dec, 0, sizeof(Aes));
ret = wc_AesInit(dec, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#endif
#ifdef WOLFSSL_AES_128
ret = aes_ofb_128_test(enc, WC_TEST_AES_DEC(dec), cipher,
WC_TEST_AES_DEC(plain));
if (ret != 0)
goto out;
ret = aes_ofb_128_stream_test(enc, WC_TEST_AES_DEC(dec), cipher,
WC_TEST_AES_DEC(plain));
if (ret != 0)
goto out;
#endif /* WOLFSSL_AES_128 */
#ifdef WOLFSSL_AES_192
ret = aes_ofb_192_test(enc, WC_TEST_AES_DEC(dec), cipher,
WC_TEST_AES_DEC(plain));
if (ret != 0)
goto out;
ret = aes_ofb_192_stream_test(enc, WC_TEST_AES_DEC(dec), cipher,
WC_TEST_AES_DEC(plain));
if (ret != 0)
goto out;
#endif /* WOLFSSL_AES_192 */
#ifdef WOLFSSL_AES_256
ret = aes_ofb_256_test(enc, WC_TEST_AES_DEC(dec), cipher,
WC_TEST_AES_DEC(plain));
if (ret != 0)
goto out;
#endif /* WOLFSSL_AES_256 */
out:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
wc_AesDelete(enc, &enc);
#else
wc_AesFree(enc);
#endif
#ifdef HAVE_AES_DECRYPT
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
wc_AesDelete(dec, &dec);
#else
wc_AesFree(dec);
#endif
#endif
return ret;
}
#endif /* WOLFSSL_AES_OFB */
#if defined(WOLFSSL_AES_CFB)
/* Test cases from NIST SP 800-38A, Recommendation for Block Cipher Modes of
* Operation Methods and Techniques
*/
#ifdef WOLFSSL_AES_192
static wc_test_ret_t aescfb_192_stream_test_0(Aes* enc, Aes* dec,
byte* cipher, byte* plain)
{
WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
};
WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
{
0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
};
WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] =
{
0xcd,0xc8,0x0d,0x6f,0xdd,0xf1,0x8c,0xab,
0x34,0xc2,0x59,0x09,0xc9,0x9a,0x41,0x74,
0x67,0xce,0x7f,0x7f,0x81,0x17,0x36,0x21,
0x96,0x1a,0x2b,0x70,0x17,0x1d,0x3d,0x7a,
0x2e,0x1e,0x8a,0x1d,0xd5,0x9b,0x88,0xb1,
0xc8,0xe6,0x0f,0xed,0x1e,0xfa,0xc4,0xc9,
0xc0,0x5f,0x9f,0x9c,0xa9,0x83,0x4f,0xa0,
0x42,0xae,0x8f,0xba,0x58,0x4b,0x09,0xff
};
WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
{
0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
};
wc_test_ret_t ret;
#ifndef HAVE_AES_DECRYPT
(void)dec;
(void)plain;
#endif
/* 4 blocks split into two 2-block calls */
ret = wc_AesSetKey(enc, key2, sizeof(key2), iv, AES_ENCRYPTION);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesSetKey(dec, key2, sizeof(key2), iv, AES_ENCRYPTION);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#endif
XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE * 4);
ret = wc_AesCfbEncrypt(enc, cipher, msg2, WC_AES_BLOCK_SIZE * 2);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(cipher, cipher2, WC_AES_BLOCK_SIZE * 2))
return WC_TEST_RET_ENC_NC;
ret = wc_AesCfbEncrypt(enc, cipher + WC_AES_BLOCK_SIZE * 2,
msg2 + WC_AES_BLOCK_SIZE * 2, WC_AES_BLOCK_SIZE * 2);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(cipher, cipher2, WC_AES_BLOCK_SIZE * 4))
return WC_TEST_RET_ENC_NC;
#ifdef HAVE_AES_DECRYPT
ret = wc_AesCfbDecrypt(dec, plain, cipher, WC_AES_BLOCK_SIZE * 2);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(plain, msg2, WC_AES_BLOCK_SIZE * 2))
return WC_TEST_RET_ENC_NC;
ret = wc_AesCfbDecrypt(dec, plain + WC_AES_BLOCK_SIZE * 2,
cipher + WC_AES_BLOCK_SIZE * 2, WC_AES_BLOCK_SIZE * 2);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(plain, msg2, WC_AES_BLOCK_SIZE * 4))
return WC_TEST_RET_ENC_NC;
#endif /* HAVE_AES_DECRYPT */
return 0;
}
#endif /* WOLFSSL_AES_192 */
static wc_test_ret_t aescfb_test_0(void)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
Aes *enc = NULL;
#else
Aes enc[1];
#endif
byte cipher[WC_AES_BLOCK_SIZE * 4];
/* dec and plain are used by the HAVE_AES_DECRYPT paths and are also passed to
* aescfb_192_stream_test_0() (which ignores them when HAVE_AES_DECRYPT is not
* defined). */
#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_192)
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
Aes *dec = NULL;
#else
Aes dec[1];
#endif
byte plain[WC_AES_BLOCK_SIZE * 4];
#endif /* HAVE_AES_DECRYPT || WOLFSSL_AES_192 */
wc_test_ret_t ret = 0;
WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
};
#ifdef WOLFSSL_AES_128
WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
{
0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
};
WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
{
0x3b,0x3f,0xd9,0x2e,0xb7,0x2d,0xad,0x20,
0x33,0x34,0x49,0xf8,0xe8,0x3c,0xfb,0x4a,
0xc8,0xa6,0x45,0x37,0xa0,0xb3,0xa9,0x3f,
0xcd,0xe3,0xcd,0xad,0x9f,0x1c,0xe5,0x8b,
0x26,0x75,0x1f,0x67,0xa3,0xcb,0xb1,0x40,
0xb1,0x80,0x8c,0xf1,0x87,0xa4,0xf4,0xdf
};
WOLFSSL_SMALL_STACK_STATIC const byte msg1[] =
{
0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef
};
#endif /* WOLFSSL_AES_128 */
#ifdef WOLFSSL_AES_192
/* 192 size key test */
WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
{
0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
};
WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] =
{
0xcd,0xc8,0x0d,0x6f,0xdd,0xf1,0x8c,0xab,
0x34,0xc2,0x59,0x09,0xc9,0x9a,0x41,0x74,
0x67,0xce,0x7f,0x7f,0x81,0x17,0x36,0x21,
0x96,0x1a,0x2b,0x70,0x17,0x1d,0x3d,0x7a,
0x2e,0x1e,0x8a,0x1d,0xd5,0x9b,0x88,0xb1,
0xc8,0xe6,0x0f,0xed,0x1e,0xfa,0xc4,0xc9,
0xc0,0x5f,0x9f,0x9c,0xa9,0x83,0x4f,0xa0,
0x42,0xae,0x8f,0xba,0x58,0x4b,0x09,0xff
};
WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
{
0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
};
#endif /* WOLFSSL_AES_192 */
#ifdef WOLFSSL_AES_256
/* 256 size key simple test */
WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
{
0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
};
WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] =
{
0xdc,0x7e,0x84,0xbf,0xda,0x79,0x16,0x4b,
0x7e,0xcd,0x84,0x86,0x98,0x5d,0x38,0x60,
0x39,0xff,0xed,0x14,0x3b,0x28,0xb1,0xc8,
0x32,0x11,0x3c,0x63,0x31,0xe5,0x40,0x7b,
0xdf,0x10,0x13,0x24,0x15,0xe5,0x4b,0x92,
0xa1,0x3e,0xd0,0xa8,0x26,0x7a,0xe2,0xf9,
0x75,0xa3,0x85,0x74,0x1a,0xb9,0xce,0xf8,
0x20,0x31,0x62,0x3d,0x55,0xb1,0xe4,0x71
};
WOLFSSL_SMALL_STACK_STATIC const byte msg3[] =
{
0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
};
#endif /* WOLFSSL_AES_256 */
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
enc = wc_AesNew(HEAP_HINT, devId, &ret);
if (enc == NULL)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#else
XMEMSET(enc, 0, sizeof(Aes));
ret = wc_AesInit(enc, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#ifdef HAVE_AES_DECRYPT
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
dec = wc_AesNew(HEAP_HINT, devId, &ret);
if (dec == NULL)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#else
XMEMSET(dec, 0, sizeof(Aes));
ret = wc_AesInit(dec, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#endif
#ifdef WOLFSSL_AES_128
/* 128 key tests */
#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
&& !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
ret = EVP_test(wolfSSL_EVP_aes_128_cfb128(), key1, iv, msg1, sizeof(msg1),
cipher1, sizeof(cipher1));
if (ret != 0) {
return ret;
}
#endif
ret = wc_AesSetKey(enc, key1, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifdef HAVE_AES_DECRYPT
/* decrypt uses AES_ENCRYPTION */
ret = wc_AesSetKey(dec, key1, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
XMEMSET(cipher, 0, sizeof(cipher));
ret = wc_AesCfbEncrypt(enc, cipher, msg1, WC_AES_BLOCK_SIZE * 2);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(cipher, cipher1, WC_AES_BLOCK_SIZE * 2))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
/* test restarting encryption process */
#ifndef WOLFSSL_NXP_HASHCRYPT_AES
ret = wc_AesCfbEncrypt(enc, cipher + (WC_AES_BLOCK_SIZE * 2),
msg1 + (WC_AES_BLOCK_SIZE * 2), WC_AES_BLOCK_SIZE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(cipher + (WC_AES_BLOCK_SIZE * 2),
cipher1 + (WC_AES_BLOCK_SIZE * 2), WC_AES_BLOCK_SIZE))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesCfbDecrypt(dec, plain, cipher, WC_AES_BLOCK_SIZE * 3);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(plain, msg1, WC_AES_BLOCK_SIZE * 3))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* HAVE_AES_DECRYPT */
#endif /* !WOLFSSL_NXP_HASHCRYPT_AES */
#endif /* WOLFSSL_AES_128 */
#ifdef WOLFSSL_AES_192
/* 192 key size test */
#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
&& !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
ret = EVP_test(wolfSSL_EVP_aes_192_cfb128(), key2, iv, msg2, sizeof(msg2),
cipher2, sizeof(cipher2));
if (ret != 0) {
return ret;
}
#endif
ret = wc_AesSetKey(enc, key2, sizeof(key2), iv, AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifdef HAVE_AES_DECRYPT
/* decrypt uses AES_ENCRYPTION */
ret = wc_AesSetKey(dec, key2, sizeof(key2), iv, AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
XMEMSET(cipher, 0, sizeof(cipher));
ret = wc_AesCfbEncrypt(enc, cipher, msg2, WC_AES_BLOCK_SIZE * 4);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(cipher, cipher2, WC_AES_BLOCK_SIZE * 4))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesCfbDecrypt(dec, plain, cipher, WC_AES_BLOCK_SIZE * 4);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(plain, msg2, WC_AES_BLOCK_SIZE * 4))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* HAVE_AES_DECRYPT */
ret = aescfb_192_stream_test_0(enc, dec, cipher, plain);
if (ret != 0)
ERROR_OUT(ret, out);
#endif /* WOLFSSL_AES_192 */
#ifdef WOLFSSL_AES_256
/* 256 key size test */
#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
&& !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
ret = EVP_test(wolfSSL_EVP_aes_256_cfb128(), key3, iv, msg3, sizeof(msg3),
cipher3, sizeof(cipher3));
if (ret != 0) {
return ret;
}
#endif
ret = wc_AesSetKey(enc, key3, sizeof(key3), iv, AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifdef HAVE_AES_DECRYPT
/* decrypt uses AES_ENCRYPTION */
ret = wc_AesSetKey(dec, key3, sizeof(key3), iv, AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#ifndef WOLFSSL_NXP_HASHCRYPT_AES
/* test with data left overs, magic lengths are checking near edges */
XMEMSET(cipher, 0, sizeof(cipher));
ret = wc_AesCfbEncrypt(enc, cipher, msg3, 4);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(cipher, cipher3, 4))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_AesCfbEncrypt(enc, cipher + 4, msg3 + 4, 27);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(cipher + 4, cipher3 + 4, 27))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_AesCfbEncrypt(enc, cipher + 31, msg3 + 31,
(WC_AES_BLOCK_SIZE * 4) - 31);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(cipher, cipher3, WC_AES_BLOCK_SIZE * 4))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesCfbDecrypt(dec, plain, cipher, 4);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(plain, msg3, 4))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_AesCfbDecrypt(dec, plain + 4, cipher + 4, 4);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesCfbDecrypt(dec, plain + 8, cipher + 8, 23);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(plain + 4, msg3 + 4, 27))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_AesCfbDecrypt(dec, plain + 31, cipher + 31,
(WC_AES_BLOCK_SIZE * 4) - 31);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(plain, msg3, WC_AES_BLOCK_SIZE * 4))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* HAVE_AES_DECRYPT */
#endif /* !WOLFSSL_NXP_HASHCRYPT_AES */
#endif /* WOLFSSL_AES_256 */
out:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
wc_AesDelete(enc, &enc);
#else
wc_AesFree(enc);
#endif
#ifdef HAVE_AES_DECRYPT
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
wc_AesDelete(dec, &dec);
#else
wc_AesFree(dec);
#endif
#endif
return ret;
}
#if !defined(WOLFSSL_NO_AES_CFB_1_8)
static wc_test_ret_t aescfb1_test(void)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
Aes *enc = NULL;
#else
Aes enc[1];
#endif
byte cipher[WC_AES_BLOCK_SIZE];
#ifdef HAVE_AES_DECRYPT
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
Aes *dec = NULL;
#else
Aes dec[1];
#endif
#ifdef WOLFSSL_AES_128
byte plain [WC_AES_BLOCK_SIZE];
#endif
#endif
wc_test_ret_t ret = 0;
#ifdef WOLFSSL_AES_128
WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
0x4d,0xbb,0xdc,0xaa,0x59,0xf3,0x63,0xc9,
0x2a,0x3b,0x98,0x43,0xad,0x20,0xe2,0xb7
};
WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
{
0xcd,0xef,0x9d,0x06,0x61,0xba,0xe4,0x73,
0x8d,0x1a,0x58,0xa2,0xa6,0x22,0x8b,0x66
};
WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
{
0x00
};
WOLFSSL_SMALL_STACK_STATIC const byte msg1[] =
{
0xC0
};
WOLFSSL_SMALL_STACK_STATIC const byte cipher1_7bit[] =
{
0x1C
};
#endif /* WOLFSSL_AES_128 */
#ifdef WOLFSSL_AES_192
WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = {
0x57,0xc6,0x89,0x7c,0x99,0x52,0x28,0x13,
0xbf,0x67,0x9c,0xe1,0x13,0x70,0xaf,0x5e
};
WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
{
0xba,0xa1,0x58,0xa1,0x6b,0x50,0x4a,0x10,
0x8e,0xd4,0x33,0x2e,0xe7,0xf2,0x9b,0xf6,
0xd1,0xac,0x46,0xa8,0xde,0x5a,0xfe,0x7a
};
WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] =
{
0x30
};
WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
{
0x80
};
#endif /* WOLFSSL_AES_192 */
#ifdef WOLFSSL_AES_256
WOLFSSL_SMALL_STACK_STATIC const byte iv3[] = {
0x63,0x2e,0x9f,0x83,0x1f,0xa3,0x80,0x5e,
0x52,0x02,0xbc,0xe0,0x6d,0x04,0xf9,0xa0
};
WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
{
0xf6,0xfa,0xe4,0xf1,0x5d,0x91,0xfc,0x50,
0x88,0x78,0x4f,0x84,0xa5,0x37,0x12,0x7e,
0x32,0x63,0x55,0x9c,0x62,0x73,0x88,0x20,
0xc2,0xcf,0x3d,0xe1,0x1c,0x2a,0x30,0x40
};
WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] =
{
0xF7, 0x00
};
WOLFSSL_SMALL_STACK_STATIC const byte msg3[] =
{
0x41, 0xC0
};
#endif /* WOLFSSL_AES_256 */
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
enc = wc_AesNew(HEAP_HINT, devId, &ret);
if (enc == NULL)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifdef HAVE_AES_DECRYPT
dec = wc_AesNew(HEAP_HINT, devId, &ret);
if (dec == NULL)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#else
XMEMSET(enc, 0, sizeof(Aes));
#ifdef HAVE_AES_DECRYPT
XMEMSET(dec, 0, sizeof(Aes));
#endif
ret = wc_AesInit(enc, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesInit(dec, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
#ifdef WOLFSSL_AES_128
/* 128 key tests */
ret = wc_AesSetKey(enc, key1, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifdef HAVE_AES_DECRYPT
/* decrypt uses AES_ENCRYPTION */
ret = wc_AesSetKey(dec, key1, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
XMEMSET(cipher, 0, sizeof(cipher));
ret = wc_AesCfb1Encrypt(enc, cipher, msg1, 2);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (cipher[0] != cipher1[0])
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesCfb1Decrypt(dec, plain, cipher, 2);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (plain[0] != msg1[0])
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* HAVE_AES_DECRYPT */
XMEMSET(cipher, 0, sizeof(cipher));
ret = wc_AesCfb1Encrypt(enc, cipher, msg1, 7);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (cipher[0] != cipher1_7bit[0])
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef OPENSSL_EXTRA
ret = wc_AesSetKey(enc, key1, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
XMEMSET(cipher, 0, sizeof(cipher));
ret = wc_AesCfb1Encrypt(enc, cipher, msg1,
sizeof(msg1) * WOLFSSL_BIT_SIZE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#if !defined(WOLFCRYPT_ONLY) && !defined(HAVE_FIPS)
ret = EVP_test(wolfSSL_EVP_aes_128_cfb1(), key1, iv, msg1, sizeof(msg1),
cipher, sizeof(msg1));
if (ret != 0) {
goto out;
}
#endif
#endif
#endif /* WOLFSSL_AES_128 */
#ifdef WOLFSSL_AES_192
/* 192 key tests */
ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
XMEMSET(cipher, 0, sizeof(cipher));
ret = wc_AesCfb1Encrypt(enc, cipher, msg2, 4);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(cipher, cipher2, sizeof(cipher2)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef OPENSSL_EXTRA
ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
XMEMSET(cipher, 0, sizeof(cipher));
ret = wc_AesCfb1Encrypt(enc, cipher, msg2,
sizeof(msg2) * WOLFSSL_BIT_SIZE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#if !defined(WOLFCRYPT_ONLY) && !defined(HAVE_FIPS)
ret = EVP_test(wolfSSL_EVP_aes_192_cfb1(), key2, iv2, msg2, sizeof(msg2),
cipher, sizeof(msg2));
if (ret != 0) {
goto out;
}
#endif
#endif
#endif /* WOLFSSL_AES_192 */
#ifdef WOLFSSL_AES_256
/* 256 key tests */
ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
XMEMSET(cipher, 0, sizeof(cipher));
ret = wc_AesCfb1Encrypt(enc, cipher, msg3, 10);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(cipher, cipher3, sizeof(cipher3)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef OPENSSL_EXTRA
ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
XMEMSET(cipher, 0, sizeof(cipher));
ret = wc_AesCfb1Encrypt(enc, cipher, msg3,
sizeof(msg3) * WOLFSSL_BIT_SIZE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#if !defined(WOLFCRYPT_ONLY) && !defined(HAVE_FIPS)
ret = EVP_test(wolfSSL_EVP_aes_256_cfb1(), key3, iv3, msg3, sizeof(msg3),
cipher, sizeof(msg3));
if (ret != 0) {
goto out;
}
#endif
#endif
#endif /* WOLFSSL_AES_256 */
out:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
wc_AesDelete(enc, &enc);
#else
wc_AesFree(enc);
#endif
#ifdef HAVE_AES_DECRYPT
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
wc_AesDelete(dec, &dec);
#else
wc_AesFree(dec);
#endif
#endif
return ret;
}
static wc_test_ret_t aescfb8_test(void)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
Aes *enc = NULL;
#else
Aes enc[1];
#endif
byte cipher[WC_AES_BLOCK_SIZE];
#ifdef HAVE_AES_DECRYPT
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
Aes *dec = NULL;
#else
Aes dec[1];
#endif
#ifdef WOLFSSL_AES_128
byte plain [WC_AES_BLOCK_SIZE];
#endif
#endif
wc_test_ret_t ret = 0;
#ifdef WOLFSSL_AES_128
WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
0xf4,0x75,0xc6,0x49,0x91,0xb2,0x0e,0xae,
0xe1,0x83,0xa2,0x26,0x29,0xe2,0x1e,0x22
};
WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
{
0xc8,0xfe,0x9b,0xf7,0x7b,0x93,0x0f,0x46,
0xd2,0x07,0x8b,0x8c,0x0e,0x65,0x7c,0xd4
};
WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
{
0xd2,0x76,0x91
};
WOLFSSL_SMALL_STACK_STATIC const byte msg1[] =
{
0xc9,0x06,0x35
};
#endif /* WOLFSSL_AES_128 */
#ifdef WOLFSSL_AES_192
WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = {
0x0a,0x02,0x84,0x6b,0x62,0xab,0xb6,0x93,
0xef,0x31,0xd7,0x54,0x84,0x2e,0xed,0x29
};
WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
{
0xba,0xf0,0x8b,0x76,0x31,0x7a,0x65,0xc5,
0xf0,0x7a,0xe6,0xf5,0x7e,0xb0,0xe6,0x54,
0x88,0x65,0x93,0x24,0xd2,0x97,0x09,0xe3
};
WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] =
{
0x72,0x9c,0x0b,0x6d,0xeb,0x75,0xfa,0x6e,
0xb5,0xe8
};
WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
{
0x98,0x95,0x93,0x24,0x02,0x39,0x3d,0xc3,
0x3a,0x60
};
#endif
#ifdef WOLFSSL_AES_256
WOLFSSL_SMALL_STACK_STATIC const byte iv3[] = {
0x33,0x8c,0x55,0x2f,0xf1,0xec,0xa1,0x44,
0x08,0xe0,0x5d,0x8c,0xf9,0xf3,0xb3,0x1b
};
WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
{
0x06,0x48,0x74,0x09,0x2f,0x7a,0x13,0xcc,
0x44,0x62,0x24,0x7a,0xd4,0x23,0xd0,0xe9,
0x6e,0xdf,0x42,0xe8,0xb6,0x7a,0x5a,0x23,
0xb7,0xa0,0xa6,0x47,0x7b,0x09,0x8e,0x66
};
WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] =
{
0x1c,0xff,0x95
};
WOLFSSL_SMALL_STACK_STATIC const byte msg3[] =
{
0xb9,0x74,0xfa
};
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
enc = wc_AesNew(HEAP_HINT, devId, &ret);
if (enc == NULL)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifdef HAVE_AES_DECRYPT
dec = wc_AesNew(HEAP_HINT, devId, &ret);
if (dec == NULL)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#else
XMEMSET(enc, 0, sizeof(Aes));
#ifdef HAVE_AES_DECRYPT
XMEMSET(dec, 0, sizeof(Aes));
#endif
ret = wc_AesInit(enc, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesInit(dec, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
#ifdef WOLFSSL_AES_128
/* 128 key tests */
#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) && \
!defined(HAVE_FIPS)
ret = EVP_test(wolfSSL_EVP_aes_128_cfb8(), key1, iv, msg1, sizeof(msg1),
cipher1, sizeof(cipher1));
if (ret != 0) {
ERROR_OUT(ret, out);
}
#endif
ret = wc_AesSetKey(enc, key1, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifdef HAVE_AES_DECRYPT
/* decrypt uses AES_ENCRYPTION */
ret = wc_AesSetKey(dec, key1, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
XMEMSET(cipher, 0, sizeof(cipher));
ret = wc_AesCfb8Encrypt(enc, cipher, msg1, sizeof(msg1));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(cipher, cipher1, sizeof(cipher1)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesCfb8Decrypt(dec, plain, cipher, sizeof(msg1));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(plain, msg1, sizeof(msg1)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* HAVE_AES_DECRYPT */
#endif /* WOLFSSL_AES_128 */
#ifdef WOLFSSL_AES_192
/* 192 key tests */
ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
XMEMSET(cipher, 0, sizeof(cipher));
ret = wc_AesCfb8Encrypt(enc, cipher, msg2, sizeof(msg2));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(cipher, cipher2, sizeof(msg2)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) && \
!defined(HAVE_FIPS)
ret = EVP_test(wolfSSL_EVP_aes_192_cfb8(), key2, iv2, msg2, sizeof(msg2),
cipher2, sizeof(msg2));
if (ret != 0) {
ERROR_OUT(ret, out);
}
#endif
#endif /* WOLFSSL_AES_192 */
#ifdef WOLFSSL_AES_256
/* 256 key tests */
ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
XMEMSET(cipher, 0, sizeof(cipher));
ret = wc_AesCfb8Encrypt(enc, cipher, msg3, sizeof(msg3));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(cipher, cipher3, sizeof(cipher3)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) && \
!defined(HAVE_FIPS)
ret = EVP_test(wolfSSL_EVP_aes_256_cfb8(), key3, iv3, msg3, sizeof(msg3),
cipher3, sizeof(msg3));
if (ret != 0) {
goto out;
}
#endif
#endif /* WOLFSSL_AES_256 */
out:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
wc_AesDelete(enc, &enc);
#else
wc_AesFree(enc);
#endif
#ifdef HAVE_AES_DECRYPT
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
wc_AesDelete(dec, &dec);
#else
wc_AesFree(dec);
#endif
#endif
return ret;
}
#endif /* !WOLFSSL_NO_AES_CFB_1_8 */
#endif /* WOLFSSL_AES_CFB */
#ifndef HAVE_RENESAS_SYNC
static wc_test_ret_t aes_key_size_test(void)
{
wc_test_ret_t ret;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
Aes *aes = NULL;
#else
Aes aes[1];
#endif
byte key16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 };
#ifndef WOLFSSL_CRYPTOCELL
byte key24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 };
#endif
byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 };
byte iv[] = "1234567890abcdef";
#ifndef HAVE_FIPS
word32 keySize;
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
aes = wc_AesNew(HEAP_HINT, devId, &ret);
if (aes == NULL)
return WC_TEST_RET_ENC_EC(ret);
#else
ret = wc_AesInit(aes, HEAP_HINT, devId);
/* 0 check OK for FIPSv1 */
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#if !defined(HAVE_FIPS) || \
defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
/* w/ FIPS v1 (cert 2425) wc_AesInit just returns 0 always as it's not
* supported with that FIPS version */
ret = wc_AesInit(NULL, HEAP_HINT, devId);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#ifndef HAVE_FIPS
/* Parameter Validation testing. */
ret = wc_AesGetKeySize(NULL, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesGetKeySize(aes, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesGetKeySize(NULL, &keySize);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* Crashes in FIPS */
ret = wc_AesSetKey(NULL, key16, sizeof(key16), iv, AES_ENCRYPTION);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
/* NULL IV indicates to use all zeros IV. */
ret = wc_AesSetKey(aes, key16, sizeof(key16), NULL, AES_ENCRYPTION);
#ifdef WOLFSSL_AES_128
if (ret != 0)
#else
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
#endif
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesSetKey(aes, key32, sizeof(key32) - 1, iv, AES_ENCRYPTION);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* CryptoCell handles rounds internally */
#if !defined(HAVE_FIPS) && !defined(WOLFSSL_CRYPTOCELL)
/* PSA don't use aes->rounds */
#if !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_AES)
/* Force invalid rounds */
aes->rounds = 16;
ret = wc_AesGetKeySize(aes, &keySize);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#endif
ret = wc_AesSetKey(aes, key16, sizeof(key16), iv, AES_ENCRYPTION);
#ifdef WOLFSSL_AES_128
if (ret != 0)
#else
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
#endif
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_128)
ret = wc_AesGetKeySize(aes, &keySize);
if (ret != 0 || keySize != sizeof(key16))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#ifndef WOLFSSL_CRYPTOCELL
/* Cryptocell only supports AES-128 key size */
ret = wc_AesSetKey(aes, key24, sizeof(key24), iv, AES_ENCRYPTION);
#ifdef WOLFSSL_AES_192
if (ret != 0)
#else
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
#endif
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_192)
ret = wc_AesGetKeySize(aes, &keySize);
if (ret != 0 || keySize != sizeof(key24))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
ret = wc_AesSetKey(aes, key32, sizeof(key32), iv, AES_ENCRYPTION);
#ifdef WOLFSSL_AES_256
if (ret != 0)
#else
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
#endif
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_256)
ret = wc_AesGetKeySize(aes, &keySize);
if (ret != 0 || keySize != sizeof(key32))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#endif /* !WOLFSSL_CRYPTOCELL */
ret = 0; /* success */
out:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
wc_AesDelete(aes, &aes);
#else
wc_AesFree(aes);
#endif
return ret;
}
#endif /* !HAVE_RENESAS_SYNC */
#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
!defined(HAVE_RENESAS_SYNC)
static wc_test_ret_t aes_cbc_oneshot_test(void)
{
byte cipher[WC_AES_BLOCK_SIZE];
byte plain[WC_AES_BLOCK_SIZE];
wc_test_ret_t ret;
WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
};
byte key[] = "0123456789abcdef "; /* align */
byte iv[] = "1234567890abcdef "; /* align */
XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE);
XMEMSET(plain, 0, WC_AES_BLOCK_SIZE);
/* Parameter Validation testing. */
ret = wc_AesCbcEncryptWithKey(cipher, msg, WC_AES_BLOCK_SIZE, key, 17, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesCbcDecryptWithKey(plain, cipher, WC_AES_BLOCK_SIZE, key, 17, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
#endif
ret = wc_AesCbcEncryptWithKey(cipher, msg, WC_AES_BLOCK_SIZE, key,
WC_AES_BLOCK_SIZE, iv);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesCbcDecryptWithKey(plain, cipher, WC_AES_BLOCK_SIZE, key,
WC_AES_BLOCK_SIZE, iv);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE) != 0)
return WC_TEST_RET_ENC_NC;
#endif /* HAVE_AES_DECRYPT */
(void)plain;
return 0;
}
#endif
#if defined(WOLFSSL_AES_COUNTER)
typedef struct {
const byte* key;
int keySz;
const byte* iv;
const byte* plain;
int len;
const byte* cipher;
} AesCtrTestVec;
static wc_test_ret_t aes_ctr_vector_test(const AesCtrTestVec *testVec,
int testVecLen, Aes *enc, Aes *dec, byte *cipher, byte *plain,
const byte *ctrPlain)
{
wc_test_ret_t ret = 0;
int i;
for (i = 0; i < testVecLen; i++) {
if (testVec[i].key != NULL) {
ret = wc_AesSetKeyDirect(enc, testVec[i].key, (word32)testVec[i].keySz,
testVec[i].iv, AES_ENCRYPTION);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
}
/* Ctr only uses encrypt, even on key setup */
ret = wc_AesSetKeyDirect(dec, testVec[i].key, (word32)testVec[i].keySz,
testVec[i].iv, AES_ENCRYPTION);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
}
}
ret = wc_AesCtrEncrypt(enc, cipher, testVec[i].plain, (word32)testVec[i].len);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
}
ret = wc_AesCtrEncrypt(dec, plain, cipher, (word32)testVec[i].len);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
}
if (XMEMCMP(plain, ctrPlain, (size_t)testVec[i].len)) {
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
}
#if !(FIPS_VERSION_EQ(2,0) && defined(WOLFSSL_ARMASM))
if (XMEMCMP(cipher, testVec[i].cipher, (size_t)testVec[i].len)) {
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
}
#endif
}
out:
return ret;
}
#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
static wc_test_ret_t aes_ctr_debug_fallback_test(const AesCtrTestVec *testVec,
int testVecLen, Aes *enc, Aes *dec, byte *cipher, byte *plain,
const byte *ctrPlain)
{
wc_test_ret_t ret = 0;
int i;
for (i = 0; i < testVecLen; i++) {
if (testVec[i].key != NULL) {
ret = wc_AesSetKeyDirect(enc, testVec[i].key, testVec[i].keySz,
testVec[i].iv, AES_ENCRYPTION);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
}
/* Ctr only uses encrypt, even on key setup */
ret = wc_AesSetKeyDirect(dec, testVec[i].key, testVec[i].keySz,
testVec[i].iv, AES_ENCRYPTION);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
}
}
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
ret = wc_AesCtrEncrypt(enc, cipher, testVec[i].plain, testVec[i].len);
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
}
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
ret = wc_AesCtrEncrypt(dec, plain, cipher, testVec[i].len);
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
}
if (XMEMCMP(plain, ctrPlain, testVec[i].len)) {
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
}
#if !(FIPS_VERSION_EQ(2,0) && defined(WOLFSSL_ARMASM))
if (XMEMCMP(cipher, testVec[i].cipher, testVec[i].len)) {
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
}
#endif
}
for (i = 0; i < testVecLen; i++) {
if (testVec[i].key != NULL) {
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
ret = wc_AesSetKeyDirect(enc, testVec[i].key, testVec[i].keySz,
testVec[i].iv, AES_ENCRYPTION);
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
}
/* Ctr only uses encrypt, even on key setup */
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
ret = wc_AesSetKeyDirect(dec, testVec[i].key, testVec[i].keySz,
testVec[i].iv, AES_ENCRYPTION);
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
}
}
ret = wc_AesCtrEncrypt(enc, cipher, testVec[i].plain, testVec[i].len);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
}
ret = wc_AesCtrEncrypt(dec, plain, cipher, testVec[i].len);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
}
if (XMEMCMP(plain, ctrPlain, testVec[i].len)) {
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
}
#if !(FIPS_VERSION_EQ(2,0) && defined(WOLFSSL_ARMASM))
if (XMEMCMP(cipher, testVec[i].cipher, testVec[i].len)) {
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
}
#endif
}
out:
return ret;
}
#endif /* DEBUG_VECTOR_REGISTER_ACCESS && WC_C_DYNAMIC_FALLBACK */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_ctr_test(void)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
Aes *enc = NULL;
#else
Aes enc[1];
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
Aes *dec = NULL;
#else
Aes dec[1];
#endif
byte cipher[WC_AES_BLOCK_SIZE * 4];
byte plain [WC_AES_BLOCK_SIZE * 4];
wc_test_ret_t ret = 0;
/* test vectors from "Recommendation for Block Cipher Modes of
* Operation" NIST Special Publication 800-38A */
WOLFSSL_SMALL_STACK_STATIC const byte ctrIv[] =
{
0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
};
WOLFSSL_SMALL_STACK_STATIC const byte ctrPlain[] =
{
0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
};
#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap32[] =
{
0xff,0xff,0xff,0xff,0x0f,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
};
WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap32_2[] =
{
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0x0f,0xff,0xff,0xfe
};
WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap64[] =
{
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0x0f,0xff,0xff,0xff,0xff,0xff,0xff,0xff
};
WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap64_2[] =
{
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf0,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe
};
WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap96[] =
{
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0x0f,0xff,0xff,0xff
};
WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap96_2[] =
{
0xff,0xff,0xff,0xf0,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe
};
#endif
WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap128[] =
{
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
};
#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap128_2[] =
{
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe
};
#endif
WOLFSSL_SMALL_STACK_STATIC const byte oddCipher[] =
{
0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0,
0xc2
};
#ifdef WOLFSSL_AES_128
WOLFSSL_SMALL_STACK_STATIC const byte ctr128Key[] =
{
0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr128Cipher[] =
{
0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
};
#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap32Cipher[] =
{
0xb3,0x8b,0x58,0xbc,0xce,0xf4,0x71,0x78,
0xf6,0x7c,0xdb,0xb4,0x27,0x2b,0x0a,0xbf,
0x7e,0xad,0xea,0x5c,0xd1
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap32CipherLong[] =
{
0xb3,0x8b,0x58,0xbc,0xce,0xf4,0x71,0x78,
0xf6,0x7c,0xdb,0xb4,0x27,0x2b,0x0a,0xbf,
0x7e,0xad,0xea,0x5c,0xd1,0xb7,0x98,0xf0,
0x22,0x20,0xfe,0x67,0xb0,0x02,0x23,0x50
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap32_2CipherLong[] =
{
0x6e,0xa1,0x27,0x4d,0xea,0x20,0x5f,0x39,
0x68,0xc8,0xb6,0x78,0xde,0xfc,0x53,0x5c,
0x90,0xc8,0xf6,0xc6,0xfa,0xe0,0x7b,0x09,
0x7c,0xf8,0x9c,0x6a,0x5a,0xa5,0x17,0x7f,
0x03,0x92,0x5f,0x4e,0x85,0xea,0x26,0xc9,
0x5a,0xc2,0x74,0xe2,0xbf,0xe4,0x1b,0xd4
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap64Cipher[] =
{
0xdd,0x17,0x10,0x7c,0x45,0x04,0xac,0x43,
0xef,0xa8,0xcc,0x32,0x34,0x87,0x88,0xd7,
0xae,0x74,0x94,0x72,0x8e
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap64CipherLong[] =
{
0xdd,0x17,0x10,0x7c,0x45,0x04,0xac,0x43,
0xef,0xa8,0xcc,0x32,0x34,0x87,0x88,0xd7,
0xae,0x74,0x94,0x72,0x8e,0xd0,0x71,0xc0,
0x89,0x8a,0xa1,0xb0,0x29,0xa0,0x10,0x9e
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap64_2CipherLong[] =
{
0x3f,0xe7,0xd5,0xf3,0xfa,0x09,0xfe,0x40,
0xa6,0xa1,0x32,0x8b,0x57,0x12,0xb9,0xfa,
0xf2,0x2d,0xe4,0x3c,0x66,0x1d,0x0a,0x8e,
0x46,0xf8,0x2e,0x33,0xce,0x8d,0x4e,0x3b,
0x17,0x67,0x9e,0x9f,0x76,0x9e,0xc2,0x99,
0xd5,0xd4,0x71,0xed,0xb4,0x33,0xb2,0xcd
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap96Cipher[] =
{
0x55,0x24,0xc2,0x73,0xca,0xa3,0x48,0x03,
0x0b,0x72,0x8d,0xd7,0x6c,0x99,0x8e,0x04,
0x9d,0x77,0xc9,0x5f,0x38
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap96CipherLong[] =
{
0x55,0x24,0xc2,0x73,0xca,0xa3,0x48,0x03,
0x0b,0x72,0x8d,0xd7,0x6c,0x99,0x8e,0x04,
0x9d,0x77,0xc9,0x5f,0x38,0xb5,0x6e,0x44,
0x21,0x8e,0xda,0x57,0xe0,0x41,0xc7,0x6a
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap96_2CipherLong[] =
{
0xc8,0x81,0x1a,0xbe,0xc7,0x5b,0x93,0x6f,
0xe6,0x52,0xe4,0xb1,0x2d,0x1c,0x39,0xbc,
0xeb,0x82,0x27,0x0a,0x7e,0xa5,0x0e,0x2d,
0x32,0xda,0xbe,0x10,0x7a,0x10,0xcc,0xd3,
0x6f,0xc6,0x83,0x28,0x05,0x57,0x8a,0x24,
0x44,0x76,0x17,0x81,0xb9,0x5c,0x94,0x81
};
#endif
WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap128Cipher[] =
{
0xe1,0x33,0x38,0xe3,0x6c,0xb7,0x19,0x62,
0xe0,0x0d,0x02,0x0b,0x4c,0xed,0xbd,0x86,
0xd3,0xda,0xe1,0x5b,0x04
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap128CipherLong[] =
{
0xe1,0x33,0x38,0xe3,0x6c,0xb7,0x19,0x62,
0xe0,0x0d,0x02,0x0b,0x4c,0xed,0xbd,0x86,
0xd3,0xda,0xe1,0x5b,0x04,0xbb,0x35,0x2f,
0xa0,0xf5,0x9f,0xeb,0xfc,0xb4,0xda,0x3e
};
#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap128_2CipherLong[] =
{
0xba,0x76,0xaa,0x54,0xd5,0xb5,0x60,0x67,
0xc1,0xa7,0x90,0x3b,0x3f,0xdd,0xfa,0x89,
0x24,0xdf,0x0c,0x56,0x5c,0xf4,0x2a,0x68,
0x97,0x87,0x13,0xb6,0x7a,0xd1,0x24,0xfd,
0x4d,0x3f,0x77,0x4a,0xb9,0xe4,0x7d,0xa2,
0xdb,0xb9,0x31,0x5e,0xa3,0x11,0x06,0x80
};
#endif
#endif /* WOLFSSL_AES_128 */
#ifdef WOLFSSL_AES_192
WOLFSSL_SMALL_STACK_STATIC const byte ctr192Key[] =
{
0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr192Cipher[] =
{
0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2,
0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b,
0x09,0x03,0x39,0xec,0x0a,0xa6,0xfa,0xef,
0xd5,0xcc,0xc2,0xc6,0xf4,0xce,0x8e,0x94,
0x1e,0x36,0xb2,0x6b,0xd1,0xeb,0xc6,0x70,
0xd1,0xbd,0x1d,0x66,0x56,0x20,0xab,0xf7,
0x4f,0x78,0xa7,0xf6,0xd2,0x98,0x09,0x58,
0x5a,0x97,0xda,0xec,0x58,0xc6,0xb0,0x50
};
#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap32Cipher[] =
{
0x28,0xaa,0xfa,0x90,0x72,0x74,0x86,0xaf,
0x72,0x73,0x35,0x17,0x70,0x4e,0x7d,0xca,
0x0c,0x33,0x97,0x06,0xc0
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap32CipherLong[] =
{
0x28,0xaa,0xfa,0x90,0x72,0x74,0x86,0xaf,
0x72,0x73,0x35,0x17,0x70,0x4e,0x7d,0xca,
0x0c,0x33,0x97,0x06,0xc0,0xbe,0x83,0x87,
0xdd,0xd3,0xff,0xd8,0xe4,0x6a,0x5b,0x84
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap32_2CipherLong[] =
{
0xf5,0x00,0xa2,0x91,0x54,0xa3,0x76,0xa2,
0xdd,0xad,0x16,0x89,0xe5,0xf0,0x1d,0x40,
0x84,0xcd,0x74,0x84,0xcb,0x8b,0x9e,0x29,
0xa9,0x8a,0x12,0x65,0xa0,0x79,0x5e,0xce,
0xd9,0x50,0x65,0x21,0x86,0xb0,0x85,0x0d,
0x98,0x2d,0x9a,0x5a,0x11,0xbe,0xa5,0x7f
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap64Cipher[] =
{
0xfe,0x39,0x27,0x97,0xac,0xe5,0xb8,0x74,
0xb9,0x8c,0xbf,0x58,0x71,0xa4,0x80,0x33,
0x3d,0xf7,0xb4,0xfd,0x8c
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap64CipherLong[] =
{
0xfe,0x39,0x27,0x97,0xac,0xe5,0xb8,0x74,
0xb9,0x8c,0xbf,0x58,0x71,0xa4,0x80,0x33,
0x3d,0xf7,0xb4,0xfd,0x8c,0x55,0x47,0x10,
0xd5,0x91,0x35,0xbe,0xd8,0x0d,0xa5,0x9e
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap64_2CipherLong[] =
{
0x59,0xf1,0xed,0x70,0x62,0x42,0xa8,0x06,
0x07,0x36,0xe1,0xc5,0x04,0x79,0xc3,0x9b,
0xd1,0x14,0x5c,0xcc,0x6f,0x81,0x5f,0x2f,
0xa0,0xde,0xcf,0x61,0x55,0x18,0x7a,0xac,
0xb0,0x59,0x37,0x90,0x53,0xb3,0x00,0x88,
0xb4,0x49,0x90,0x7b,0x96,0xcd,0xcc,0xc3
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap96Cipher[] =
{
0x41,0x21,0x40,0x31,0xfb,0xc8,0xad,0x23,
0xde,0x00,0x03,0xd8,0x96,0x45,0xc7,0xb5,
0x47,0xb5,0xf3,0x30,0x3b
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap96CipherLong[] =
{
0x41,0x21,0x40,0x31,0xfb,0xc8,0xad,0x23,
0xde,0x00,0x03,0xd8,0x96,0x45,0xc7,0xb5,
0x47,0xb5,0xf3,0x30,0x3b,0xef,0xcd,0x80,
0xe3,0x61,0x34,0xef,0x4e,0x1b,0x79,0xc1
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap96_2CipherLong[] =
{
0x3c,0xb2,0xff,0xc0,0x24,0xe1,0xf5,0xc4,
0x0f,0xd1,0x0a,0x1b,0xbe,0x1f,0x23,0xa1,
0x8e,0xbf,0x2b,0x96,0xb6,0x37,0xc8,0x25,
0x06,0x90,0xe2,0xca,0x71,0x24,0x52,0x95,
0xaa,0x8c,0x80,0xdf,0xb7,0xd7,0x30,0xb0,
0xcc,0x06,0x4f,0x28,0xa2,0x74,0x27,0xf8
};
#endif
WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap128Cipher[] =
{
0x5c,0xc3,0x8f,0xab,0x30,0xb6,0xac,0x67,
0xdc,0xc2,0x1e,0x7b,0x01,0x2e,0xcf,0x98,
0x8c,0x68,0xa7,0xd9,0x57
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap128CipherLong[] =
{
0x5c,0xc3,0x8f,0xab,0x30,0xb6,0xac,0x67,
0xdc,0xc2,0x1e,0x7b,0x01,0x2e,0xcf,0x98,
0x8c,0x68,0xa7,0xd9,0x57,0xab,0x09,0x0f,
0x01,0xc4,0x4e,0x62,0xaf,0xc2,0xdf,0x1a
};
#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap128_2CipherLong[] =
{
0x88,0x0a,0x26,0x4e,0xa8,0x26,0x21,0xe0,
0xfc,0xbc,0x63,0xdc,0xd9,0x60,0x52,0xb2,
0x99,0x2f,0xbb,0x1e,0x00,0xf5,0x9f,0x6d,
0xab,0x48,0x0f,0xc6,0x37,0x12,0x56,0xe3,
0x12,0x8d,0x31,0xc8,0xea,0xf4,0x41,0x82,
0x7a,0x88,0xe0,0xd7,0xf0,0x67,0x03,0xa4
};
#endif
#endif
#ifdef WOLFSSL_AES_256
WOLFSSL_SMALL_STACK_STATIC const byte ctr256Key[] =
{
0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr256Cipher[] =
{
0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5,
0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28,
0xf4,0x43,0xe3,0xca,0x4d,0x62,0xb5,0x9a,
0xca,0x84,0xe9,0x90,0xca,0xca,0xf5,0xc5,
0x2b,0x09,0x30,0xda,0xa2,0x3d,0xe9,0x4c,
0xe8,0x70,0x17,0xba,0x2d,0x84,0x98,0x8d,
0xdf,0xc9,0xc5,0x8d,0xb6,0x7a,0xad,0xa6,
0x13,0xc2,0xdd,0x08,0x45,0x79,0x41,0xa6
};
#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap32Cipher[] =
{
0xb0,0xa8,0xc0,0x65,0x85,0x20,0x0d,0x5c,
0x25,0xcf,0xe7,0x58,0x63,0xc8,0xd4,0xea,
0xa2,0x13,0x47,0x74,0xda
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap32CipherLong[] =
{
0xb0,0xa8,0xc0,0x65,0x85,0x20,0x0d,0x5c,
0x25,0xcf,0xe7,0x58,0x63,0xc8,0xd4,0xea,
0xa2,0x13,0x47,0x74,0xda,0x89,0x77,0x40,
0x28,0x9c,0xe8,0x19,0x26,0x32,0xd8,0x1f
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap32_2CipherLong[] =
{
0xf6,0xd9,0x22,0xc6,0x80,0x29,0xaf,0x14,
0x54,0x6c,0x0a,0xce,0x42,0xea,0x3c,0xa1,
0x7c,0xeb,0x36,0x0d,0x8e,0xd7,0x8c,0x59,
0xa8,0x09,0x9f,0x9e,0xba,0x5b,0x95,0xfa,
0x26,0x8c,0x37,0x59,0xf8,0xae,0x8e,0xaa,
0x4d,0xe4,0x1c,0xfe,0x51,0xc7,0xb7,0xcc
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap64Cipher[] =
{
0x74,0x1a,0x52,0x41,0x76,0xb4,0x11,0x8f,
0xfd,0x57,0x31,0xfd,0x3d,0x76,0x8f,0x07,
0xd4,0x94,0x4c,0xcd,0x4d
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap64CipherLong[] =
{
0x74,0x1a,0x52,0x41,0x76,0xb4,0x11,0x8f,
0xfd,0x57,0x31,0xfd,0x3d,0x76,0x8f,0x07,
0xd4,0x94,0x4c,0xcd,0x4d,0x47,0x5a,0x92,
0x26,0x49,0x81,0x7a,0xda,0x36,0x27,0x01
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap64_2CipherLong[] =
{
0xf7,0x9c,0xbf,0xf6,0xa2,0xaa,0x8a,0x0a,
0x63,0x8a,0x20,0x2f,0x12,0xf1,0x8e,0x49,
0x30,0xc0,0x8d,0x5c,0x5f,0x8b,0xbc,0x16,
0xdd,0x71,0xee,0x13,0x14,0x7b,0xe1,0x25,
0xcb,0x87,0x8a,0xc6,0xdc,0x1d,0x54,0x7a,
0xe1,0xe4,0x6f,0x0d,0x95,0x1b,0xd1,0x8b
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap96Cipher[] =
{
0xb9,0x07,0x02,0xb8,0xbe,0x94,0xbf,0x53,
0xdf,0x83,0x8e,0x23,0x8c,0x67,0x0c,0x81,
0xb8,0x69,0xa1,0x48,0x45
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap96CipherLong[] =
{
0xb9,0x07,0x02,0xb8,0xbe,0x94,0xbf,0x53,
0xdf,0x83,0x8e,0x23,0x8c,0x67,0x0c,0x81,
0xb8,0x69,0xa1,0x48,0x45,0xf1,0xc6,0x27,
0x36,0xa8,0xb2,0x4b,0x0e,0x62,0x6b,0x72
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap96_2CipherLong[] =
{
0xd5,0x56,0x73,0xaa,0xb8,0xe4,0x06,0xf6,
0x83,0x45,0x3a,0xb4,0xb9,0x63,0xec,0xad,
0x73,0xc5,0xab,0x78,0xb1,0x21,0xab,0xef,
0x69,0x15,0xb7,0x0c,0xe9,0xb4,0x3a,0xe7,
0xbc,0xc4,0x22,0xbd,0x93,0xba,0x52,0xe0,
0x91,0x2f,0x5e,0x8d,0x6d,0x59,0xf7,0xc2
};
#endif
WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap128Cipher[] =
{
0x50,0xfd,0x97,0xc3,0xe6,0x1a,0xbb,0x48,
0x73,0xfb,0x78,0xdf,0x1e,0x8e,0x77,0xe6,
0x4b,0x45,0x7c,0xd6,0x8a
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap128CipherLong[] =
{
0x50,0xfd,0x97,0xc3,0xe6,0x1a,0xbb,0x48,
0x73,0xfb,0x78,0xdf,0x1e,0x8e,0x77,0xe6,
0x4b,0x45,0x7c,0xd6,0x8a,0xcc,0xda,0x4a,
0x89,0xfa,0x23,0x6c,0x06,0xbf,0x26,0x05
};
#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap128_2CipherLong[] =
{
0x24,0x5c,0x09,0xa0,0x3b,0x1a,0x5a,0x94,
0x2b,0x93,0x56,0x13,0x48,0xa0,0x21,0xce,
0x95,0x11,0xa3,0x76,0xd6,0x59,0x88,0x42,
0x04,0x71,0x69,0x62,0x28,0xb2,0xee,0x9d,
0xd5,0xa0,0xea,0xc7,0x37,0x93,0x92,0xc7,
0xf2,0xb6,0x8d,0xd9,0x59,0x1a,0xfa,0xbb
};
#endif
#endif
AesCtrTestVec testVec[] = {
#ifdef WOLFSSL_AES_128
{ ctr128Key, (int)sizeof(ctr128Key), ctrIv,
ctrPlain, (int)sizeof(ctrPlain), ctr128Cipher },
/* let's try with just 9 bytes, non block size test */
{ ctr128Key, (int)sizeof(ctr128Key), ctrIv,
ctrPlain, (int)sizeof(oddCipher), ctr128Cipher },
/* and an additional 9 bytes to reuse tmp left buffer */
{ NULL, 0, NULL, ctrPlain, (int)sizeof(oddCipher), oddCipher },
/* Counter wrapping */
#ifndef WOLFSSL_NXP_HASHCRYPT_AES
{ ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128,
ctrPlain, (int)sizeof(ctr128Wrap128Cipher), ctr128Wrap128Cipher },
{ ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128,
ctrPlain, (int)sizeof(ctr128Wrap128CipherLong),
ctr128Wrap128CipherLong },
#endif /* !WOLFSSL_NXP_HASHCRYPT_AES */
#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
{ ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128_2,
ctrPlain, (int)sizeof(ctr128Wrap128_2CipherLong),
ctr128Wrap128_2CipherLong },
{ ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap96,
ctrPlain, (int)sizeof(ctr128Wrap96Cipher), ctr128Wrap96Cipher },
{ ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap96,
ctrPlain, (int)sizeof(ctr128Wrap96CipherLong),
ctr128Wrap96CipherLong },
{ ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap96_2,
ctrPlain, (int)sizeof(ctr128Wrap96_2CipherLong),
ctr128Wrap96_2CipherLong },
{ ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap64,
ctrPlain, (int)sizeof(ctr128Wrap64Cipher), ctr128Wrap64Cipher },
{ ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap64,
ctrPlain, (int)sizeof(ctr128Wrap64CipherLong),
ctr128Wrap64CipherLong },
{ ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap64_2,
ctrPlain, (int)sizeof(ctr128Wrap64_2CipherLong),
ctr128Wrap64_2CipherLong },
{ ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap32,
ctrPlain, (int)sizeof(ctr128Wrap32Cipher), ctr128Wrap32Cipher },
{ ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap32,
ctrPlain, (int)sizeof(ctr128Wrap32CipherLong),
ctr128Wrap32CipherLong },
{ ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap32_2,
ctrPlain, (int)sizeof(ctr128Wrap32_2CipherLong),
ctr128Wrap32_2CipherLong },
#endif
#endif
#ifdef WOLFSSL_AES_192
{ ctr192Key, (int)sizeof(ctr192Key), ctrIv,
ctrPlain, (int)sizeof(ctrPlain), ctr192Cipher },
/* let's try with just 9 bytes, non block size test */
{ ctr192Key, (int)sizeof(ctr192Key), ctrIv,
ctrPlain, (int)sizeof(oddCipher), ctr192Cipher },
/* Counter wrapping */
#ifndef WOLFSSL_NXP_HASHCRYPT_AES
{ ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap128,
ctrPlain, (int)sizeof(ctr192Wrap128Cipher), ctr192Wrap128Cipher },
{ ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap128,
ctrPlain, (int)sizeof(ctr192Wrap128CipherLong),
ctr192Wrap128CipherLong },
#endif /* !WOLFSSL_NXP_HASHCRYPT_AES */
#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
{ ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap128_2,
ctrPlain, (int)sizeof(ctr192Wrap128_2CipherLong),
ctr192Wrap128_2CipherLong },
{ ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap96,
ctrPlain, (int)sizeof(ctr192Wrap96Cipher), ctr192Wrap96Cipher },
{ ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap96,
ctrPlain, (int)sizeof(ctr192Wrap96CipherLong),
ctr192Wrap96CipherLong },
{ ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap96_2,
ctrPlain, (int)sizeof(ctr192Wrap96_2CipherLong),
ctr192Wrap96_2CipherLong },
{ ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap64,
ctrPlain, (int)sizeof(ctr192Wrap64Cipher), ctr192Wrap64Cipher },
{ ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap64,
ctrPlain, (int)sizeof(ctr192Wrap64CipherLong),
ctr192Wrap64CipherLong },
{ ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap64_2,
ctrPlain, (int)sizeof(ctr192Wrap64_2CipherLong),
ctr192Wrap64_2CipherLong },
{ ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap32,
ctrPlain, (int)sizeof(ctr192Wrap32Cipher), ctr192Wrap32Cipher },
{ ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap32,
ctrPlain, (int)sizeof(ctr192Wrap32CipherLong),
ctr192Wrap32CipherLong },
{ ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap32_2,
ctrPlain, (int)sizeof(ctr192Wrap32_2CipherLong),
ctr192Wrap32_2CipherLong },
#endif
#endif
#ifdef WOLFSSL_AES_256
{ ctr256Key, (int)sizeof(ctr256Key), ctrIv,
ctrPlain, (int)sizeof(ctrPlain), ctr256Cipher },
/* let's try with just 9 bytes, non block size test */
{ ctr256Key, (int)sizeof(ctr256Key), ctrIv,
ctrPlain, (int)sizeof(oddCipher), ctr256Cipher },
/* Counter wrapping */
#ifndef WOLFSSL_NXP_HASHCRYPT_AES
{ ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128,
ctrPlain, (int)sizeof(ctr256Wrap128Cipher), ctr256Wrap128Cipher },
{ ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128,
ctrPlain, (int)sizeof(ctr256Wrap128CipherLong),
ctr256Wrap128CipherLong },
#endif /* !WOLFSSL_NXP_HASHCRYPT_AES */
#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM)
{ ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128_2,
ctrPlain, (int)sizeof(ctr256Wrap128_2CipherLong),
ctr256Wrap128_2CipherLong },
{ ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap96,
ctrPlain, (int)sizeof(ctr256Wrap96Cipher), ctr256Wrap96Cipher },
{ ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap96,
ctrPlain, (int)sizeof(ctr256Wrap96CipherLong),
ctr256Wrap96CipherLong },
{ ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap96_2,
ctrPlain, (int)sizeof(ctr256Wrap96_2CipherLong),
ctr256Wrap96_2CipherLong },
{ ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap64,
ctrPlain, (int)sizeof(ctr256Wrap64Cipher), ctr256Wrap64Cipher },
{ ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap64,
ctrPlain, (int)sizeof(ctr256Wrap64CipherLong),
ctr256Wrap64CipherLong },
{ ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap64_2,
ctrPlain, (int)sizeof(ctr256Wrap64_2CipherLong),
ctr256Wrap64_2CipherLong },
{ ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap32,
ctrPlain, (int)sizeof(ctr256Wrap32Cipher), ctr256Wrap32Cipher },
{ ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap32,
ctrPlain, (int)sizeof(ctr256Wrap32CipherLong),
ctr256Wrap32CipherLong },
{ ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap32_2,
ctrPlain, (int)sizeof(ctr256Wrap32_2CipherLong),
ctr256Wrap32_2CipherLong },
#endif
#endif
};
#define AES_CTR_TEST_LEN (int)(sizeof(testVec) / sizeof(*testVec))
WOLFSSL_ENTER("aes_ctr_test");
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
enc = wc_AesNew(HEAP_HINT, devId, &ret);
if (enc == NULL)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#else
XMEMSET(enc, 0, sizeof(Aes));
ret = wc_AesInit(enc, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
dec = wc_AesNew(HEAP_HINT, devId, &ret);
if (dec == NULL)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#else
XMEMSET(dec, 0, sizeof(Aes));
ret = wc_AesInit(dec, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
ret = aes_ctr_vector_test(testVec, AES_CTR_TEST_LEN, enc, dec, cipher,
plain, ctrPlain);
if (ret != 0)
ERROR_OUT(ret, out);
#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
ret = aes_ctr_debug_fallback_test(testVec, AES_CTR_TEST_LEN, enc, dec,
cipher, plain, ctrPlain);
if (ret != 0)
ERROR_OUT(ret, out);
#endif /* DEBUG_VECTOR_REGISTER_ACCESS && WC_C_DYNAMIC_FALLBACK */
out:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
wc_AesDelete(enc, &enc);
#else
wc_AesFree(enc);
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
wc_AesDelete(dec, &dec);
#else
wc_AesFree(dec);
#endif
return ret;
}
#endif /* WOLFSSL_AES_COUNTER */
#ifdef HAVE_AES_ECB
static wc_test_ret_t aes_ecb_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
{
wc_test_ret_t ret = 0;
/* keys padded to block size (16 bytes) */
#ifdef WOLFSSL_AES_128
WOLFSSL_SMALL_STACK_STATIC const byte key_128[] =
"0123456789abcdef ";
#endif
#ifdef WOLFSSL_AES_192
WOLFSSL_SMALL_STACK_STATIC const byte key_192[] =
"0123456789abcdef01234567 ";
#endif
#ifdef WOLFSSL_AES_256
WOLFSSL_SMALL_STACK_STATIC const byte key_256[] =
"0123456789abcdef0123456789abcdef ";
#endif
WOLFSSL_SMALL_STACK_STATIC const byte iv[] = "1234567890abcdef ";
WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
0x6e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20
};
#ifdef WOLFSSL_AES_128
WOLFSSL_SMALL_STACK_STATIC const byte verify_ecb_128[WC_AES_BLOCK_SIZE] = {
0xd0, 0xc9, 0xd9, 0xc9, 0x40, 0xe8, 0x97, 0xb6,
0xc8, 0x8c, 0x33, 0x3b, 0xb5, 0x8f, 0x85, 0xd1
};
#endif
#ifdef WOLFSSL_AES_192
WOLFSSL_SMALL_STACK_STATIC const byte verify_ecb_192[WC_AES_BLOCK_SIZE] = {
0x06, 0x57, 0xee, 0x78, 0x3f, 0x96, 0x00, 0xb1,
0xec, 0x76, 0x94, 0x30, 0x29, 0xbe, 0x15, 0xab
};
#endif
#ifdef WOLFSSL_AES_256
WOLFSSL_SMALL_STACK_STATIC const byte verify_ecb_256[WC_AES_BLOCK_SIZE] = {
0xcd, 0xf2, 0x81, 0x3e, 0x73, 0x3e, 0xf7, 0x33,
0x3d, 0x18, 0xfd, 0x41, 0x85, 0x37, 0x04, 0x82
};
WOLFSSL_SMALL_STACK_STATIC const byte niKey[] = {
0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
};
WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] = {
0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
};
WOLFSSL_SMALL_STACK_STATIC const byte niCipher[] = {
0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
};
#endif
int i;
struct {
const byte* key;
int keySz;
const byte* iv; /* null uses 0's */
const byte* plain;
const byte* verify;
} testVec[] = {
#ifdef WOLFSSL_AES_128
{ key_128, 16, iv, msg, verify_ecb_128 },
#endif
#ifdef WOLFSSL_AES_192
{ key_192, 24, iv, msg, verify_ecb_192 },
#endif
#ifdef WOLFSSL_AES_256
{ key_256, 32, iv, msg, verify_ecb_256 },
{ niKey, 32, NULL, niPlain, niCipher }
#endif
};
#define AES_ECB_TEST_LEN (int)(sizeof(testVec) / sizeof(*testVec))
for (i = 0; i < AES_ECB_TEST_LEN; i++) {
ret = wc_AesSetKey(enc, testVec[i].key, testVec[i].keySz, testVec[i].iv,
AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesSetKey(dec, testVec[i].key, testVec[i].keySz, testVec[i].iv,
AES_DECRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE);
ret = wc_AesEcbEncrypt(enc, cipher, testVec[i].plain, WC_AES_BLOCK_SIZE);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(cipher, testVec[i].verify, WC_AES_BLOCK_SIZE)) {
WOLFSSL_MSG("aes_test cipher vs verify_ecb mismatch!");
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
}
#ifdef HAVE_AES_DECRYPT
XMEMSET(plain, 0, WC_AES_BLOCK_SIZE);
ret = wc_AesEcbDecrypt(dec, plain, cipher, WC_AES_BLOCK_SIZE);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(plain, testVec[i].plain, WC_AES_BLOCK_SIZE))
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
#endif /* HAVE_AES_DECRYPT */
(void)dec;
(void)plain;
}
out:
return ret;
}
#endif /* HAVE_AES_ECB */
#ifdef WOLFSSL_AES_DIRECT
static wc_test_ret_t aes_direct_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
{
wc_test_ret_t ret = 0;
WOLFSSL_ENTER("aes_direct_test");
#if defined(WOLFSSL_AES_256)
{
WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] =
{
0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
};
WOLFSSL_SMALL_STACK_STATIC const byte niCipher[] =
{
0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
};
WOLFSSL_SMALL_STACK_STATIC const byte niKey[] =
{
0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
};
XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE);
ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#if !defined(HAVE_SELFTEST) && \
(defined(WOLFSSL_KERNEL_MODE) || \
!defined(HAVE_FIPS) || \
(defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
ret = wc_AesEncryptDirect(enc, cipher, niPlain);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#else
wc_AesEncryptDirect(enc, cipher, niPlain);
#endif
if (XMEMCMP(cipher, niCipher, WC_AES_BLOCK_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef HAVE_AES_DECRYPT
XMEMSET(plain, 0, WC_AES_BLOCK_SIZE);
ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#if !defined(HAVE_SELFTEST) && \
(defined(WOLFSSL_KERNEL_MODE) || \
!defined(HAVE_FIPS) || \
(defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
ret = wc_AesDecryptDirect(dec, plain, niCipher);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#else
wc_AesDecryptDirect(dec, plain, niCipher);
#endif
if (XMEMCMP(plain, niPlain, WC_AES_BLOCK_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* HAVE_AES_DECRYPT */
}
out:
#endif /* WOLFSSL_AES_256 */
(void)enc;
(void)dec;
(void)cipher;
(void)plain;
return ret;
}
#endif /* WOLFSSL_AES_DIRECT */
#ifdef HAVE_AES_CBC
#ifdef WOLFSSL_AES_128
static wc_test_ret_t aes_cbc_vector_test(Aes* enc, Aes* dec, byte* cipher,
byte* plain)
{
/* "Now is the time for all " w/o trailing 0 */
WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
};
WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
{
0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
};
#ifdef HAVE_RENESAS_SYNC
const byte *key = (byte*)guser_PKCbInfo.wrapped_key_aes128;
#else
/* padded to 16-bytes */
WOLFSSL_SMALL_STACK_STATIC const byte key[] = "0123456789abcdef ";
#endif
/* padded to 16-bytes */
WOLFSSL_SMALL_STACK_STATIC const byte iv[] = "1234567890abcdef ";
wc_test_ret_t ret = 0;
ret = wc_AesSetKey(enc, key, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesSetKey(dec, key, WC_AES_BLOCK_SIZE, iv, AES_DECRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE * 4);
ret = wc_AesCbcEncrypt(enc, cipher, msg, WC_AES_BLOCK_SIZE);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifdef HAVE_AES_DECRYPT
XMEMSET(plain, 0, WC_AES_BLOCK_SIZE * 4);
ret = wc_AesCbcDecrypt(dec, plain, cipher, WC_AES_BLOCK_SIZE);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0) {
WOLFSSL_MSG("failed wc_AesCbcDecrypt");
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE)) {
WOLFSSL_MSG("wc_AesCbcDecrypt failed plain compare");
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#endif /* HAVE_AES_DECRYPT */
/* skipped because wrapped key use in case of renesas sm */
#ifndef HAVE_RENESAS_SYNC
if (XMEMCMP(cipher, verify, WC_AES_BLOCK_SIZE)) {
WOLFSSL_MSG("wc_AesCbcDecrypt failed cipher-verify compare");
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#endif
(void)dec;
(void)plain;
out:
return ret;
}
#endif /* WOLFSSL_AES_128 */
#if defined(WOLFSSL_AESNI) && defined(HAVE_AES_DECRYPT) && \
defined(WOLFSSL_AES_192) && defined(WOLFSSL_AES_256)
static wc_test_ret_t aes_cbc_large_msg_test(Aes* enc, Aes* dec)
{
WOLFSSL_SMALL_STACK_STATIC const byte bigMsg[] = {
/* "All work and no play makes Jack a dull boy. " */
0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20
};
WOLFSSL_SMALL_STACK_STATIC const byte bigKey[] =
"0123456789abcdeffedcba9876543210";
/* padded to 16-bytes */
WOLFSSL_SMALL_STACK_STATIC const byte iv[] = "1234567890abcdef ";
word32 keySz, msgSz;
wc_test_ret_t ret = 0;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
byte *bigCipher = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
byte *bigPlain = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if ((bigCipher == NULL) ||
(bigPlain == NULL)) {
XFREE(bigCipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(bigPlain, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#else
byte bigCipher[sizeof(bigMsg)];
byte bigPlain[sizeof(bigMsg)];
#endif
/* Iterate from one WC_AES_BLOCK_SIZE of bigMsg through the whole
* message by WC_AES_BLOCK_SIZE for each size of AES key. */
for (keySz = 16; keySz <= 32; keySz += 8) {
#ifdef NO_AES_128
if (keySz == 16)
continue;
#endif
#ifdef NO_AES_192
if (keySz == 24)
continue;
#endif
#ifdef NO_AES_256
if (keySz == 32)
continue;
#endif
for (msgSz = WC_AES_BLOCK_SIZE;
msgSz <= sizeof(bigMsg);
msgSz += WC_AES_BLOCK_SIZE) {
XMEMSET(bigCipher, 0, sizeof(bigMsg));
XMEMSET(bigPlain, 0, sizeof(bigMsg));
ret = wc_AesSetKey(enc, bigKey, keySz, iv, AES_ENCRYPTION);
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret);
break;
}
ret = wc_AesSetKey(dec, bigKey, keySz, iv, AES_DECRYPTION);
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret);
break;
}
ret = wc_AesCbcEncrypt(enc, bigCipher, bigMsg, msgSz);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret);
break;
}
ret = wc_AesCbcDecrypt(dec, bigPlain, bigCipher, msgSz);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret);
break;
}
if (XMEMCMP(bigPlain, bigMsg, msgSz)) {
ret = WC_TEST_RET_ENC_NC;
break;
}
}
if (ret != 0)
break;
}
#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
/* Iterate from one WC_AES_BLOCK_SIZE of bigMsg through the whole
* message by WC_AES_BLOCK_SIZE for each size of AES key. */
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
for (keySz = 16; keySz <= 32; keySz += 8) {
for (msgSz = WC_AES_BLOCK_SIZE;
msgSz <= sizeof(bigMsg);
msgSz += WC_AES_BLOCK_SIZE) {
XMEMSET(bigCipher, 0, sizeof(bigMsg));
XMEMSET(bigPlain, 0, sizeof(bigMsg));
ret = wc_AesSetKey(enc, bigKey, keySz, iv, AES_ENCRYPTION);
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret);
break;
}
ret = wc_AesSetKey(dec, bigKey, keySz, iv, AES_DECRYPTION);
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret);
break;
}
ret = wc_AesCbcEncrypt(enc, bigCipher, bigMsg, msgSz);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret);
break;
}
ret = wc_AesCbcDecrypt(dec, bigPlain, bigCipher, msgSz);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret);
break;
}
if (XMEMCMP(bigPlain, bigMsg, msgSz)) {
ret = WC_TEST_RET_ENC_NC;
break;
}
}
if (ret != 0)
break;
}
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
#endif /* DEBUG_VECTOR_REGISTER_ACCESS && WC_C_DYNAMIC_FALLBACK */
if (ret != 0)
goto out;
out:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(bigCipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(bigPlain, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
#endif /* WOLFSSL_AESNI && HAVE_AES_DECRYPT && WOLFSSL_AES_192 && WOLFSSL_AES_256 */
#if defined(WOLFSSL_AES_128) && !defined(HAVE_RENESAS_SYNC)
static wc_test_ret_t aes_cbc_iv_state_test(Aes* enc, Aes* dec, byte* cipher,
byte* plain)
{
/* Test Vector from "NIST Special Publication 800-38A, 2001 Edition"
* https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38a.pdf
*/
WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
{
0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51
};
WOLFSSL_SMALL_STACK_STATIC const byte verify2[] =
{
0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46,
0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d,
0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee,
0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2
};
WOLFSSL_SMALL_STACK_STATIC const byte key2[] = {
0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
};
WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
};
wc_test_ret_t ret = 0;
ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE * 2);
ret = wc_AesCbcEncrypt(enc, cipher, msg2, WC_AES_BLOCK_SIZE);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifndef HAVE_RENESAS_SYNC
if (XMEMCMP(cipher, verify2, WC_AES_BLOCK_SIZE))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
ret = wc_AesCbcEncrypt(enc, cipher + WC_AES_BLOCK_SIZE,
msg2 + WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(cipher + WC_AES_BLOCK_SIZE, verify2 + WC_AES_BLOCK_SIZE,
WC_AES_BLOCK_SIZE))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#if defined(HAVE_AES_DECRYPT)
ret = wc_AesSetKey(dec, key2, sizeof(key2), iv2, AES_DECRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
XMEMSET(plain, 0, WC_AES_BLOCK_SIZE * 2);
ret = wc_AesCbcDecrypt(dec, plain, verify2, WC_AES_BLOCK_SIZE);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(plain, msg2, WC_AES_BLOCK_SIZE))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_AesCbcDecrypt(dec, plain + WC_AES_BLOCK_SIZE,
verify2 + WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(plain + WC_AES_BLOCK_SIZE, msg2 + WC_AES_BLOCK_SIZE,
WC_AES_BLOCK_SIZE)) {
WOLFSSL_MSG("wc_AesCbcDecrypt failed plain-msg2 compare");
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#endif /* HAVE_AES_DECRYPT */
/* Multi-block streaming: exercises the IV-handoff path with sz > 16
* so that out[0] and out[sz-16] differ. Hardware backends that stash
* the wrong ciphertext block into aes->reg between calls (e.g. the
* first block instead of the last) will fail the second KAT. */
{
static const byte msg4[] = {
0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
};
static const byte verify4[] = {
0x76,0x49,0xab,0xac,0x81,0x19,0xb2,0x46,
0xce,0xe9,0x8e,0x9b,0x12,0xe9,0x19,0x7d,
0x50,0x86,0xcb,0x9b,0x50,0x72,0x19,0xee,
0x95,0xdb,0x11,0x3a,0x91,0x76,0x78,0xb2,
0x73,0xbe,0xd6,0xb8,0xe3,0xc1,0x74,0x3b,
0x71,0x16,0xe6,0x9e,0x22,0x22,0x95,0x16,
0x3f,0xf1,0xca,0xa1,0x68,0x1f,0xac,0x09,
0x12,0x0e,0xca,0x30,0x75,0x86,0xe1,0xa7
};
ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
XMEMSET(cipher, 0, sizeof(verify4));
ret = wc_AesCbcEncrypt(enc, cipher, msg4, WC_AES_BLOCK_SIZE * 2);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesCbcEncrypt(enc, cipher + WC_AES_BLOCK_SIZE * 2,
msg4 + WC_AES_BLOCK_SIZE * 2,
WC_AES_BLOCK_SIZE * 2);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(cipher, verify4, sizeof(verify4))) {
WOLFSSL_MSG("wc_AesCbcEncrypt streaming failed cipher compare");
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
/* In-place multi-block streaming encrypt: input and output
* overlap. The next-call IV is read from the output buffer,
* which always holds ciphertext post-call, so this must work
* for any correct backend regardless of aliasing. */
ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
XMEMCPY(cipher, msg4, sizeof(msg4));
ret = wc_AesCbcEncrypt(enc, cipher, cipher, WC_AES_BLOCK_SIZE * 2);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesCbcEncrypt(enc, cipher + WC_AES_BLOCK_SIZE * 2,
cipher + WC_AES_BLOCK_SIZE * 2,
WC_AES_BLOCK_SIZE * 2);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(cipher, verify4, sizeof(verify4))) {
WOLFSSL_MSG("wc_AesCbcEncrypt in-place streaming failed"
" cipher compare");
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#ifdef HAVE_AES_DECRYPT
ret = wc_AesSetKey(dec, key2, sizeof(key2), iv2, AES_DECRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
XMEMSET(plain, 0, sizeof(msg4));
ret = wc_AesCbcDecrypt(dec, plain, verify4, WC_AES_BLOCK_SIZE * 2);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesCbcDecrypt(dec, plain + WC_AES_BLOCK_SIZE * 2,
verify4 + WC_AES_BLOCK_SIZE * 2,
WC_AES_BLOCK_SIZE * 2);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(plain, msg4, sizeof(msg4))) {
WOLFSSL_MSG("wc_AesCbcDecrypt streaming failed plain compare");
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
/* In-place multi-block streaming decrypt: input and output
* overlap, so backends must snapshot the last ciphertext block
* BEFORE decrypting (it is clobbered by the plaintext write).
* Backends that read the IV for the next call from the output
* buffer after decrypt will stash plaintext and garble the
* first block of the next call. */
ret = wc_AesSetKey(dec, key2, sizeof(key2), iv2, AES_DECRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
XMEMCPY(plain, verify4, sizeof(verify4));
ret = wc_AesCbcDecrypt(dec, plain, plain, WC_AES_BLOCK_SIZE * 2);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesCbcDecrypt(dec, plain + WC_AES_BLOCK_SIZE * 2,
plain + WC_AES_BLOCK_SIZE * 2,
WC_AES_BLOCK_SIZE * 2);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(plain, msg4, sizeof(msg4))) {
WOLFSSL_MSG("wc_AesCbcDecrypt in-place streaming failed"
" plain compare");
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#endif /* HAVE_AES_DECRYPT */
}
(void)dec;
(void)plain;
out:
return ret;
}
#endif /* WOLFSSL_AES_128 && !HAVE_RENESAS_SYNC */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cbc_test(void)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
Aes *enc = NULL;
#else
Aes enc[1];
#endif
#ifdef HAVE_AES_DECRYPT
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
Aes *dec = NULL;
#else
Aes dec[1];
#endif
#endif
#ifdef WOLFSSL_AES_128
byte cipher[WC_AES_BLOCK_SIZE * 4];
byte plain [WC_AES_BLOCK_SIZE * 4];
#endif
wc_test_ret_t ret = 0;
WOLFSSL_ENTER("aes_cbc_test");
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
enc = test_AesCbcNew(HEAP_HINT, devId, &ret);
if (enc == NULL)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#else
XMEMSET(enc, 0, sizeof(Aes));
ret = test_AesCbcInit(enc, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#ifdef HAVE_AES_DECRYPT
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
dec = test_AesCbcNew(HEAP_HINT, devId, &ret);
if (dec == NULL)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#else
XMEMSET(dec, 0, sizeof(Aes));
ret = test_AesCbcInit(dec, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#endif
#ifdef WOLFSSL_AES_128
ret = aes_cbc_vector_test(enc, WC_TEST_AES_DEC(dec), cipher, plain);
if (ret != 0)
goto out;
#endif /* WOLFSSL_AES_128 */
#if defined(WOLFSSL_AESNI) && defined(HAVE_AES_DECRYPT) && \
defined(WOLFSSL_AES_192) && defined(WOLFSSL_AES_256)
ret = aes_cbc_large_msg_test(enc, dec);
if (ret != 0)
goto out;
#endif /* WOLFSSL_AESNI && HAVE_AES_DECRYPT && WOLFSSL_AES_192 && WOLFSSL_AES_256 */
/* Test of AES IV state with encrypt/decrypt */
#if defined(WOLFSSL_AES_128) && !defined(HAVE_RENESAS_SYNC)
ret = aes_cbc_iv_state_test(enc, WC_TEST_AES_DEC(dec), cipher, plain);
if (ret != 0)
goto out;
ret = aes_cbc_oneshot_test();
if (ret != 0)
goto out;
#endif /* WOLFSSL_AES_128 && !HAVE_RENESAS_SYNC */
out:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
wc_AesDelete(enc, &enc);
#else
wc_AesFree(enc);
#endif
#ifdef HAVE_AES_DECRYPT
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
wc_AesDelete(dec, &dec);
#else
wc_AesFree(dec);
#endif
#endif
return ret;
}
#endif /* HAVE_AES_CBC */
#if defined(HAVE_AES_ECB) || defined(WOLFSSL_AES_DIRECT)
static wc_test_ret_t aes_ecb_direct_test(void)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
Aes *enc = NULL;
#else
Aes enc[1];
#endif
#if !defined(HAVE_AES_DECRYPT) || \
(defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC))
Aes *dec = NULL;
#else
Aes dec[1];
#endif
byte cipher[WC_AES_BLOCK_SIZE];
byte plain [WC_AES_BLOCK_SIZE];
wc_test_ret_t ret = 0;
WOLFSSL_ENTER("aes_ecb/direct_test");
#if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_NO_MALLOC)
XMEMSET(enc, 0, sizeof(Aes));
#ifdef HAVE_AES_DECRYPT
XMEMSET(dec, 0, sizeof(Aes));
#endif
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
enc = test_AesEcbNew(HEAP_HINT, devId, &ret);
if (enc == NULL)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifdef HAVE_AES_DECRYPT
dec = test_AesEcbNew(HEAP_HINT, devId, &ret);
if (dec == NULL)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#else
ret = test_AesEcbInit(enc, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifdef HAVE_AES_DECRYPT
ret = test_AesEcbInit(dec, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
#ifdef HAVE_AES_ECB
ret = aes_ecb_test(enc, dec, cipher, plain);
if (ret != 0)
return ret;
#endif
#ifdef WOLFSSL_AES_DIRECT
ret = aes_direct_test(enc, dec, cipher, plain);
if (ret != 0)
return ret;
#endif
out:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
wc_AesDelete(enc, &enc);
wc_AesDelete(dec, &dec);
#else
wc_AesFree(enc);
wc_AesFree(dec);
#endif
return ret;
}
#endif /* HAVE_AES_ECB || WOLFSSL_AES_DIRECT */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
{
wc_test_ret_t ret = 0;
WOLFSSL_ENTER("aes_test");
#ifndef HAVE_RENESAS_SYNC
ret = aes_key_size_test();
if (ret != 0)
goto out;
#endif
#if defined(HAVE_AES_ECB) || defined(WOLFSSL_AES_DIRECT)
ret = aes_ecb_direct_test();
if (ret != 0)
return ret;
#endif
out:
return ret;
}
#if defined(WOLFSSL_AES_CFB)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cfb_test(void)
{
int ret;
WOLFSSL_ENTER("aes_cfb_test");
ret = aescfb_test_0();
if (ret != 0)
return ret;
#if !defined(WOLFSSL_NO_AES_CFB_1_8)
ret = aescfb1_test();
if (ret != 0)
return ret;
ret = aescfb8_test();
if (ret != 0)
return ret;
#endif
return 0;
}
#endif
#if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
#define LARGE_XTS_SZ 1024
/* Shared body of aes_xts_NNN_large_test() for all key sizes. The 128/192/256
* variants are structurally identical; only the key (k1) and IV (i1) differ.
* This helper takes them as parameters so the same code path is exercised for
* every supported AES key length.
*/
#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
!defined(WOLFSSL_AFALG)
static wc_test_ret_t aes_xts_large_test_common(XtsAes *aes,
const unsigned char *k1, word32 k1Sz,
const unsigned char *i1, word32 i1Sz)
{
wc_test_ret_t ret = 0;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
byte* large_input = NULL;
#else
byte large_input[LARGE_XTS_SZ];
#endif
int i;
int j;
#ifdef WOLFSSL_AESXTS_STREAM
int k;
struct XtsAesStreamData stream;
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
large_input = (byte *)XMALLOC(LARGE_XTS_SZ, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (large_input == NULL)
ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out);
#endif
for (i = 0; i < (int)LARGE_XTS_SZ; i++)
large_input[i] = (byte)i;
for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
ret = wc_AesXtsSetKeyNoInit(aes, k1, k1Sz, AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncrypt(aes, large_input, large_input, (word32)j, i1,
i1Sz);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesXtsSetKeyNoInit(aes, k1, k1Sz, AES_DECRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsDecrypt(aes, large_input, large_input, (word32)j, i1,
i1Sz);
#if defined(WOLFSSL_ASYNC_CRYPT)
#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
#else
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
for (i = 0; i < j; i++) {
if (large_input[i] != (byte)i) {
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
}
#endif /* HAVE_AES_DECRYPT */
}
#ifdef WOLFSSL_AESXTS_STREAM
for (i = 0; i < (int)LARGE_XTS_SZ; i++)
large_input[i] = (byte)i;
/* first, encrypt block by block then decrypt with a one-shot call. */
for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
ret = wc_AesXtsSetKeyNoInit(aes, k1, k1Sz, AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncryptInit(aes, i1, i1Sz, &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) {
if ((j - k) < WC_AES_BLOCK_SIZE*2)
ret = wc_AesXtsEncryptFinal(aes, large_input + k,
large_input + k, (word32)(j - k), &stream);
else
ret = wc_AesXtsEncryptUpdate(aes, large_input + k,
large_input + k, WC_AES_BLOCK_SIZE, &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if ((j - k) < WC_AES_BLOCK_SIZE*2)
break;
}
#ifdef HAVE_AES_DECRYPT
ret = wc_AesXtsSetKeyNoInit(aes, k1, k1Sz, AES_DECRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsDecrypt(aes, large_input, large_input, (word32)j, i1,
i1Sz);
#if defined(WOLFSSL_ASYNC_CRYPT)
#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
#else
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
for (i = 0; i < j; i++) {
if (large_input[i] != (byte)i) {
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
}
#endif /* HAVE_AES_DECRYPT */
}
#ifdef HAVE_AES_DECRYPT
/* second, encrypt with a one-shot call then decrypt block by block. */
for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
ret = wc_AesXtsSetKeyNoInit(aes, k1, k1Sz, AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncrypt(aes, large_input, large_input, (word32)j, i1,
i1Sz);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsSetKeyNoInit(aes, k1, k1Sz, AES_DECRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsDecryptInit(aes, i1, i1Sz, &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) {
if ((j - k) < WC_AES_BLOCK_SIZE*2)
ret = wc_AesXtsDecryptFinal(aes, large_input + k,
large_input + k, (word32)(j - k), &stream);
else
ret = wc_AesXtsDecryptUpdate(aes, large_input + k,
large_input + k, WC_AES_BLOCK_SIZE, &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
#else
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if ((j - k) < WC_AES_BLOCK_SIZE*2)
break;
}
for (i = 0; i < j; i++) {
if (large_input[i] != (byte)i) {
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
}
}
#endif /* HAVE_AES_DECRYPT */
#endif /* WOLFSSL_AESXTS_STREAM */
out:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
#endif /* !BENCH_EMBEDDED && !HAVE_CAVIUM && !WOLFSSL_AFALG */
/* Shared body of aes_xts_NNN_partial_test() for the 128- and 192-bit key
* variants. Both call sites are structurally identical and only differ in
* the key constants and expected ciphertexts, which are passed in here.
* The 256-bit variant uses a different test pattern and is not collapsed.
*/
static wc_test_ret_t aes_xts_partial_test_common(XtsAes *aes,
const unsigned char *k1, word32 k1Sz,
const unsigned char *i1, word32 i1Sz,
const unsigned char *pp, word32 ppSz,
const unsigned char *cp2, word32 cp2Sz,
const unsigned char *p1, word32 p1Sz,
const unsigned char *c1, word32 c1Sz,
const unsigned char *k2, word32 k2Sz,
const unsigned char *i2, word32 i2Sz,
const unsigned char *p2, word32 p2Sz,
const unsigned char *c2, word32 c2Sz)
{
wc_test_ret_t ret = 0;
#if defined(WOLFSSL_AESXTS_STREAM) || defined(HAVE_AES_DECRYPT)
byte buf[WC_AES_BLOCK_SIZE * 2 + 8];
#endif
byte cipher[WC_AES_BLOCK_SIZE * 2 + 8];
#ifdef WOLFSSL_AESXTS_STREAM
struct XtsAesStreamData stream;
#endif
/* partial block encryption test */
XMEMSET(cipher, 0, sizeof(cipher));
ret = wc_AesXtsSetKeyNoInit(aes, k1, k1Sz, AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncrypt(aes, cipher, pp, ppSz, i1, i1Sz);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(cp2, cipher, cp2Sz))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef WOLFSSL_AESXTS_STREAM
ret = wc_AesXtsEncryptInit(aes, i1, i1Sz, &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncryptFinal(aes, buf, pp, ppSz, &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncryptFinal(aes, buf, NULL, 0, &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(cp2, buf, cp2Sz))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* WOLFSSL_AESXTS_STREAM */
#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
defined(WC_C_DYNAMIC_FALLBACK)
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
XMEMSET(cipher, 0, sizeof(cipher));
ret = wc_AesXtsEncrypt(aes, cipher, pp, ppSz, i1, i1Sz);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(cp2, cipher, cp2Sz))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
#ifdef HAVE_AES_DECRYPT
/* partial block decrypt test */
XMEMSET(buf, 0, sizeof(buf));
ret = wc_AesXtsSetKeyNoInit(aes, k1, k1Sz, AES_DECRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsDecrypt(aes, buf, cipher, ppSz, i1, i1Sz);
#if defined(WOLFSSL_ASYNC_CRYPT)
#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
#else
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(pp, buf, ppSz))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef WOLFSSL_AESXTS_STREAM
ret = wc_AesXtsDecryptInit(aes, i1, i1Sz, &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsDecryptFinal(aes, buf, cipher, ppSz, &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(pp, buf, ppSz))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* WOLFSSL_AESXTS_STREAM */
#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
defined(WC_C_DYNAMIC_FALLBACK)
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
XMEMSET(buf, 0, sizeof(buf));
ret = wc_AesXtsDecrypt(aes, buf, cipher, ppSz, i1, i1Sz);
#if defined(WOLFSSL_ASYNC_CRYPT)
#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
#else
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
#endif
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(pp, buf, ppSz))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
/* NIST decrypt test vector */
XMEMSET(buf, 0, sizeof(buf));
ret = wc_AesXtsDecrypt(aes, buf, c1, c1Sz, i1, i1Sz);
#if defined(WOLFSSL_ASYNC_CRYPT)
#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
#else
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(p1, buf, p1Sz))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef WOLFSSL_AESXTS_STREAM
ret = wc_AesXtsDecryptInit(aes, i1, i1Sz, &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsDecryptFinal(aes, buf, c1, c1Sz, &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(p1, buf, p1Sz))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* WOLFSSL_AESXTS_STREAM */
#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
defined(WC_C_DYNAMIC_FALLBACK)
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
XMEMSET(buf, 0, sizeof(buf));
ret = wc_AesXtsDecrypt(aes, buf, c1, c1Sz, i1, i1Sz);
#if defined(WOLFSSL_ASYNC_CRYPT)
#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
#else
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
#endif
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(p1, buf, WC_AES_BLOCK_SIZE))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
/* fail case with decrypting using wrong key */
XMEMSET(buf, 0, sizeof(buf));
ret = wc_AesXtsDecrypt(aes, buf, c2, c2Sz, i2, i2Sz);
#if defined(WOLFSSL_ASYNC_CRYPT)
#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
#else
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(p2, buf, p2Sz) == 0) /* fail case with wrong key */
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
/* set correct key and retest */
XMEMSET(buf, 0, sizeof(buf));
ret = wc_AesXtsSetKeyNoInit(aes, k2, k2Sz, AES_DECRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsDecrypt(aes, buf, c2, c2Sz, i2, i2Sz);
#if defined(WOLFSSL_ASYNC_CRYPT)
#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
#else
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(p2, buf, p2Sz))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* HAVE_AES_DECRYPT */
out:
/* When HAVE_AES_DECRYPT is not defined some parameters go unused. */
(void)k2;
(void)k2Sz;
(void)i2;
(void)i2Sz;
(void)p2;
(void)p2Sz;
(void)c2;
(void)c2Sz;
(void)p1;
(void)p1Sz;
(void)c1;
(void)c1Sz;
return ret;
}
/* Shared body of aes_xts_NNN_inplace_test() for 128- and 192-bit key
* variants. 256-bit XTS has no inplace test variant. Both call sites are
* structurally identical and only differ in the key constants and expected
* ciphertext.
*/
static wc_test_ret_t aes_xts_inplace_test_common(XtsAes *aes,
const unsigned char *k3, word32 k3Sz,
const unsigned char *i3, word32 i3Sz,
const unsigned char *p3, word32 p3Sz,
const unsigned char *c3, word32 c3Sz)
{
wc_test_ret_t ret = 0;
byte buf[WC_AES_BLOCK_SIZE * 2 + 8];
#ifdef WOLFSSL_AESXTS_STREAM
struct XtsAesStreamData stream;
#endif
/* Test ciphertext stealing in-place. */
XMEMCPY(buf, p3, p3Sz);
ret = wc_AesXtsSetKeyNoInit(aes, k3, k3Sz, AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncrypt(aes, buf, buf, p3Sz, i3, i3Sz);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(c3, buf, c3Sz))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef WOLFSSL_AESXTS_STREAM
ret = wc_AesXtsEncryptInit(aes, i3, i3Sz, &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncryptUpdate(aes, buf, p3, WC_AES_BLOCK_SIZE, &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncryptFinal(aes, buf + WC_AES_BLOCK_SIZE,
p3 + WC_AES_BLOCK_SIZE, p3Sz - WC_AES_BLOCK_SIZE, &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(c3, buf, c3Sz))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* WOLFSSL_AESXTS_STREAM */
#ifdef HAVE_AES_DECRYPT
ret = wc_AesXtsSetKeyNoInit(aes, k3, k3Sz, AES_DECRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsDecrypt(aes, buf, buf, c3Sz, i3, i3Sz);
#if defined(WOLFSSL_ASYNC_CRYPT)
#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
#else
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(p3, buf, p3Sz))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef WOLFSSL_AESXTS_STREAM
ret = wc_AesXtsDecryptInit(aes, i3, i3Sz, &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsDecryptUpdate(aes, buf, c3, WC_AES_BLOCK_SIZE, &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsDecryptFinal(aes, buf + WC_AES_BLOCK_SIZE,
c3 + WC_AES_BLOCK_SIZE, c3Sz - WC_AES_BLOCK_SIZE, &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(p3, buf, p3Sz))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* WOLFSSL_AESXTS_STREAM */
#endif /* HAVE_AES_DECRYPT */
out:
return ret;
}
/* test vectors from http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html */
#ifdef WOLFSSL_AES_128
static wc_test_ret_t aes_xts_128_vector_test(XtsAes *aes)
{
wc_test_ret_t ret = 0;
byte buf[WC_AES_BLOCK_SIZE * 2 + 8];
#ifdef WOLFSSL_AESXTS_STREAM
struct XtsAesStreamData stream;
#endif
WOLFSSL_SMALL_STACK_STATIC const unsigned char k1[] = {
0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35,
0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62,
0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18,
0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char i1[] = {
0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6,
0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char p1[] = {
0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char c1[] = {
0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a,
0x82, 0x50, 0x81, 0xd5, 0xbe, 0x47, 0x1c, 0x63
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char k2[] = {
0x39, 0x25, 0x79, 0x05, 0xdf, 0xcc, 0x77, 0x76,
0x6c, 0x87, 0x0a, 0x80, 0x6a, 0x60, 0xe3, 0xc0,
0x93, 0xd1, 0x2a, 0xcf, 0xcb, 0x51, 0x42, 0xfa,
0x09, 0x69, 0x89, 0x62, 0x5b, 0x60, 0xdb, 0x16
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char i2[] = {
0x5c, 0xf7, 0x9d, 0xb6, 0xc5, 0xcd, 0x99, 0x1a,
0x1c, 0x78, 0x81, 0x42, 0x24, 0x95, 0x1e, 0x84
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char p2[] = {
0xbd, 0xc5, 0x46, 0x8f, 0xbc, 0x8d, 0x50, 0xa1,
0x0d, 0x1c, 0x85, 0x7f, 0x79, 0x1c, 0x5c, 0xba,
0xb3, 0x81, 0x0d, 0x0d, 0x73, 0xcf, 0x8f, 0x20,
0x46, 0xb1, 0xd1, 0x9e, 0x7d, 0x5d, 0x8a, 0x56
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char c2[] = {
0xd6, 0xbe, 0x04, 0x6d, 0x41, 0xf2, 0x3b, 0x5e,
0xd7, 0x0b, 0x6b, 0x3d, 0x5c, 0x8e, 0x66, 0x23,
0x2b, 0xe6, 0xb8, 0x07, 0xd4, 0xdc, 0xc6, 0x0e,
0xff, 0x8d, 0xbc, 0x1d, 0x9f, 0x7f, 0xc8, 0x22
};
XMEMSET(buf, 0, sizeof(buf));
ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(c2, buf, sizeof(c2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef WOLFSSL_AESXTS_STREAM
ret = wc_AesXtsEncryptInit(aes, i2, sizeof(i2), &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncryptUpdate(aes, buf, p2, WC_AES_BLOCK_SIZE, &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncryptFinal(aes, buf + WC_AES_BLOCK_SIZE,
p2 + WC_AES_BLOCK_SIZE, sizeof(p2) - WC_AES_BLOCK_SIZE, &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(c2, buf, sizeof(c2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* WOLFSSL_AESXTS_STREAM */
#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
defined(WC_C_DYNAMIC_FALLBACK)
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(c2, buf, sizeof(c2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
XMEMSET(buf, 0, sizeof(buf));
ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(c1, buf, WC_AES_BLOCK_SIZE))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef WOLFSSL_AESXTS_STREAM
ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i2), &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncryptUpdate(aes, buf, p1, sizeof(p1), &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncryptFinal(aes, buf, NULL, 0, &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(c1, buf, sizeof(c1)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* WOLFSSL_AESXTS_STREAM */
#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
defined(WC_C_DYNAMIC_FALLBACK)
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(c1, buf, WC_AES_BLOCK_SIZE))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
out:
return ret;
}
static wc_test_ret_t aes_xts_128_partial_test(XtsAes *aes)
{
WOLFSSL_SMALL_STACK_STATIC const unsigned char k1[] = {
0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35,
0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62,
0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18,
0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char i1[] = {
0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6,
0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
};
/* plain text test of partial block is not from NIST test vector list */
WOLFSSL_SMALL_STACK_STATIC const unsigned char pp[] = {
0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c,
0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char cp2[] = {
0x2b, 0xf7, 0x2c, 0xf3, 0xeb, 0x85, 0xef, 0x7b,
0x0b, 0x76, 0xa0, 0xaa, 0xf3, 0x3f, 0x25, 0x8b,
0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char p1[] = {
0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char c1[] = {
0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a,
0x82, 0x50, 0x81, 0xd5, 0xbe, 0x47, 0x1c, 0x63
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char k2[] = {
0x39, 0x25, 0x79, 0x05, 0xdf, 0xcc, 0x77, 0x76,
0x6c, 0x87, 0x0a, 0x80, 0x6a, 0x60, 0xe3, 0xc0,
0x93, 0xd1, 0x2a, 0xcf, 0xcb, 0x51, 0x42, 0xfa,
0x09, 0x69, 0x89, 0x62, 0x5b, 0x60, 0xdb, 0x16
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char i2[] = {
0x5c, 0xf7, 0x9d, 0xb6, 0xc5, 0xcd, 0x99, 0x1a,
0x1c, 0x78, 0x81, 0x42, 0x24, 0x95, 0x1e, 0x84
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char p2[] = {
0xbd, 0xc5, 0x46, 0x8f, 0xbc, 0x8d, 0x50, 0xa1,
0x0d, 0x1c, 0x85, 0x7f, 0x79, 0x1c, 0x5c, 0xba,
0xb3, 0x81, 0x0d, 0x0d, 0x73, 0xcf, 0x8f, 0x20,
0x46, 0xb1, 0xd1, 0x9e, 0x7d, 0x5d, 0x8a, 0x56
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char c2[] = {
0xd6, 0xbe, 0x04, 0x6d, 0x41, 0xf2, 0x3b, 0x5e,
0xd7, 0x0b, 0x6b, 0x3d, 0x5c, 0x8e, 0x66, 0x23,
0x2b, 0xe6, 0xb8, 0x07, 0xd4, 0xdc, 0xc6, 0x0e,
0xff, 0x8d, 0xbc, 0x1d, 0x9f, 0x7f, 0xc8, 0x22
};
return aes_xts_partial_test_common(aes,
k1, sizeof(k1), i1, sizeof(i1),
pp, sizeof(pp), cp2, sizeof(cp2),
p1, sizeof(p1), c1, sizeof(c1),
k2, sizeof(k2), i2, sizeof(i2),
p2, sizeof(p2), c2, sizeof(c2));
}
static wc_test_ret_t aes_xts_128_inplace_test(XtsAes *aes)
{
WOLFSSL_SMALL_STACK_STATIC const unsigned char k3[] = {
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x21
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char i3[] = {
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char p3[] = {
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0xff, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char c3[] = {
0x39, 0x06, 0xE7, 0xF3, 0x33, 0x0B, 0x1B, 0x1D,
0x2B, 0x11, 0xB0, 0xB7, 0xAF, 0x43, 0xB1, 0x8F,
0xE6, 0xBE, 0x79, 0x34, 0xBD, 0x31, 0x64, 0x3D,
0xA1, 0x16, 0xB5, 0xF0, 0x9B, 0x1D, 0x41, 0xF2,
0x3F, 0xED, 0x11, 0x37, 0xCB, 0x4D, 0xAD, 0xA4
};
return aes_xts_inplace_test_common(aes,
k3, sizeof(k3), i3, sizeof(i3),
p3, sizeof(p3), c3, sizeof(c3));
}
#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
!defined(WOLFSSL_AFALG)
static wc_test_ret_t aes_xts_128_large_test(XtsAes *aes)
{
WOLFSSL_SMALL_STACK_STATIC const unsigned char k1[] = {
0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35,
0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62,
0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18,
0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char i1[] = {
0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6,
0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
};
return aes_xts_large_test_common(aes, k1, sizeof(k1), i1, sizeof(i1));
}
#endif /* !BENCH_EMBEDDED && !HAVE_CAVIUM && !WOLFSSL_AFALG */
static wc_test_ret_t aes_xts_128_test(void)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XtsAes *aes = NULL;
#else
XtsAes aes[1];
#endif
int aes_inited = 0;
wc_test_ret_t ret = 0;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#endif
#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
&& !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
{
WOLFSSL_SMALL_STACK_STATIC const unsigned char k2[] = {
0x39, 0x25, 0x79, 0x05, 0xdf, 0xcc, 0x77, 0x76,
0x6c, 0x87, 0x0a, 0x80, 0x6a, 0x60, 0xe3, 0xc0,
0x93, 0xd1, 0x2a, 0xcf, 0xcb, 0x51, 0x42, 0xfa,
0x09, 0x69, 0x89, 0x62, 0x5b, 0x60, 0xdb, 0x16
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char i2[] = {
0x5c, 0xf7, 0x9d, 0xb6, 0xc5, 0xcd, 0x99, 0x1a,
0x1c, 0x78, 0x81, 0x42, 0x24, 0x95, 0x1e, 0x84
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char p2[] = {
0xbd, 0xc5, 0x46, 0x8f, 0xbc, 0x8d, 0x50, 0xa1,
0x0d, 0x1c, 0x85, 0x7f, 0x79, 0x1c, 0x5c, 0xba,
0xb3, 0x81, 0x0d, 0x0d, 0x73, 0xcf, 0x8f, 0x20,
0x46, 0xb1, 0xd1, 0x9e, 0x7d, 0x5d, 0x8a, 0x56
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char c2[] = {
0xd6, 0xbe, 0x04, 0x6d, 0x41, 0xf2, 0x3b, 0x5e,
0xd7, 0x0b, 0x6b, 0x3d, 0x5c, 0x8e, 0x66, 0x23,
0x2b, 0xe6, 0xb8, 0x07, 0xd4, 0xdc, 0xc6, 0x0e,
0xff, 0x8d, 0xbc, 0x1d, 0x9f, 0x7f, 0xc8, 0x22
};
ret = EVP_test(wolfSSL_EVP_aes_128_xts(), k2, i2, p2, sizeof(p2),
c2, sizeof(c2));
if (ret != 0) {
printf("EVP_aes_128_xts failed!\n");
goto out;
}
}
#endif
ret = wc_AesXtsInit(aes, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
else
aes_inited = 1;
ret = aes_xts_128_vector_test(aes);
if (ret != 0)
ERROR_OUT(ret, out);
ret = aes_xts_128_partial_test(aes);
if (ret != 0)
ERROR_OUT(ret, out);
ret = aes_xts_128_inplace_test(aes);
if (ret != 0)
ERROR_OUT(ret, out);
#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
!defined(WOLFSSL_AFALG)
ret = aes_xts_128_large_test(aes);
if (ret != 0)
ERROR_OUT(ret, out);
#endif /* !BENCH_EMBEDDED && !HAVE_CAVIUM && !WOLFSSL_AFALG */
out:
if (aes_inited)
wc_AesXtsFree(aes);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
#endif
return ret;
}
#endif /* WOLFSSL_AES_128 */
#ifndef HAVE_FIPS
/* FIPS won't allow for XTS-384 (two 192-bit keys) */
#ifdef WOLFSSL_AES_192
static wc_test_ret_t aes_xts_192_vector_test(XtsAes *aes)
{
wc_test_ret_t ret = 0;
byte buf[WC_AES_BLOCK_SIZE * 2 + 8];
#ifdef WOLFSSL_AESXTS_STREAM
struct XtsAesStreamData stream;
#endif
WOLFSSL_SMALL_STACK_STATIC const unsigned char k1[] = {
0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e,
0x48, 0x01, 0xe4, 0x2f, 0x4b, 0x09, 0x47, 0x14,
0x9e, 0x7f, 0x9f, 0x8e, 0x3e, 0x68, 0xd0, 0xc7,
0x50, 0x52, 0x10, 0xbd, 0x31, 0x1a, 0x0e, 0x7c,
0xd6, 0xe1, 0x3f, 0xfd, 0xf2, 0x41, 0x8d, 0x8d,
0x19, 0x11, 0xc0, 0x04, 0xcd, 0xa5, 0x8d, 0xa3
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char i1[] = {
0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6,
0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char p1[] = {
0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char c1[] = {
0x65, 0x37, 0x15, 0x53, 0xf1, 0x98, 0xab, 0xb4,
0xdb, 0x4e, 0xd3, 0x69, 0xdf, 0x8e, 0x3a, 0xe0
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char k2[] = {
0xad, 0x50, 0x4b, 0x85, 0xd7, 0x51, 0xbf, 0xba,
0x69, 0x13, 0xb4, 0xcc, 0x79, 0xb6, 0x5a, 0x62,
0xf7, 0xf3, 0x9d, 0x36, 0x0f, 0x35, 0xb5, 0xec,
0x4a, 0x7e, 0x95, 0xbd, 0x9b, 0xa5, 0xf2, 0xec,
0xc1, 0xd7, 0x7e, 0xa3, 0xc3, 0x74, 0xbd, 0x4b,
0x13, 0x1b, 0x07, 0x83, 0x87, 0xdd, 0x55, 0x5a
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char i2[] = {
0x5c, 0xf7, 0x9d, 0xb6, 0xc5, 0xcd, 0x99, 0x1a,
0x1c, 0x78, 0x81, 0x42, 0x24, 0x95, 0x1e, 0x84
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char p2[] = {
0xbd, 0xc5, 0x46, 0x8f, 0xbc, 0x8d, 0x50, 0xa1,
0x0d, 0x1c, 0x85, 0x7f, 0x79, 0x1c, 0x5c, 0xba,
0xb3, 0x81, 0x0d, 0x0d, 0x73, 0xcf, 0x8f, 0x20,
0x46, 0xb1, 0xd1, 0x9e, 0x7d, 0x5d, 0x8a, 0x56
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char c2[] = {
0x6c, 0xa6, 0xb5, 0x73, 0x48, 0xf1, 0x89, 0xfa,
0xdd, 0x80, 0x72, 0x1f, 0xb8, 0x56, 0x0c, 0xa2,
0x35, 0xd4, 0x08, 0xbf, 0x24, 0xcb, 0xec, 0xdb,
0x81, 0xe0, 0xe6, 0x4f, 0x3d, 0x1c, 0x5c, 0x46
};
XMEMSET(buf, 0, sizeof(buf));
ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(c2, buf, sizeof(c2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef WOLFSSL_AESXTS_STREAM
ret = wc_AesXtsEncryptInit(aes, i2, sizeof(i2), &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncryptUpdate(aes, buf, p2, WC_AES_BLOCK_SIZE, &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncryptFinal(aes, buf + WC_AES_BLOCK_SIZE,
p2 + WC_AES_BLOCK_SIZE, sizeof(p2) - WC_AES_BLOCK_SIZE, &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(c2, buf, sizeof(c2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* WOLFSSL_AESXTS_STREAM */
#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
defined(WC_C_DYNAMIC_FALLBACK)
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(c2, buf, sizeof(c2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
XMEMSET(buf, 0, sizeof(buf));
ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(c1, buf, WC_AES_BLOCK_SIZE))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef WOLFSSL_AESXTS_STREAM
ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncryptUpdate(aes, buf, p1, sizeof(p1), &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncryptFinal(aes, buf, NULL, 0, &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(c1, buf, sizeof(c1)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* WOLFSSL_AESXTS_STREAM */
#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \
defined(WC_C_DYNAMIC_FALLBACK)
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(c1, buf, WC_AES_BLOCK_SIZE))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
out:
return ret;
}
static wc_test_ret_t aes_xts_192_partial_test(XtsAes *aes)
{
WOLFSSL_SMALL_STACK_STATIC const unsigned char k1[] = {
0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e,
0x48, 0x01, 0xe4, 0x2f, 0x4b, 0x09, 0x47, 0x14,
0x9e, 0x7f, 0x9f, 0x8e, 0x3e, 0x68, 0xd0, 0xc7,
0x50, 0x52, 0x10, 0xbd, 0x31, 0x1a, 0x0e, 0x7c,
0xd6, 0xe1, 0x3f, 0xfd, 0xf2, 0x41, 0x8d, 0x8d,
0x19, 0x11, 0xc0, 0x04, 0xcd, 0xa5, 0x8d, 0xa3
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char i1[] = {
0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6,
0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
};
/* plain text test of partial block is not from NIST test vector list */
WOLFSSL_SMALL_STACK_STATIC const unsigned char pp[] = {
0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c,
0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char cp2[] = {
0xe9, 0x58, 0xfe, 0xab, 0x66, 0xb4, 0xf1, 0x79,
0x91, 0x3f, 0x91, 0xdc, 0x6f, 0xdf, 0xd6, 0xac,
0x65, 0x37, 0x15, 0x53, 0xf1, 0x98, 0xab, 0xb4
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char p1[] = {
0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char c1[] = {
0x65, 0x37, 0x15, 0x53, 0xf1, 0x98, 0xab, 0xb4,
0xdb, 0x4e, 0xd3, 0x69, 0xdf, 0x8e, 0x3a, 0xe0
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char k2[] = {
0xad, 0x50, 0x4b, 0x85, 0xd7, 0x51, 0xbf, 0xba,
0x69, 0x13, 0xb4, 0xcc, 0x79, 0xb6, 0x5a, 0x62,
0xf7, 0xf3, 0x9d, 0x36, 0x0f, 0x35, 0xb5, 0xec,
0x4a, 0x7e, 0x95, 0xbd, 0x9b, 0xa5, 0xf2, 0xec,
0xc1, 0xd7, 0x7e, 0xa3, 0xc3, 0x74, 0xbd, 0x4b,
0x13, 0x1b, 0x07, 0x83, 0x87, 0xdd, 0x55, 0x5a
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char i2[] = {
0x5c, 0xf7, 0x9d, 0xb6, 0xc5, 0xcd, 0x99, 0x1a,
0x1c, 0x78, 0x81, 0x42, 0x24, 0x95, 0x1e, 0x84
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char p2[] = {
0xbd, 0xc5, 0x46, 0x8f, 0xbc, 0x8d, 0x50, 0xa1,
0x0d, 0x1c, 0x85, 0x7f, 0x79, 0x1c, 0x5c, 0xba,
0xb3, 0x81, 0x0d, 0x0d, 0x73, 0xcf, 0x8f, 0x20,
0x46, 0xb1, 0xd1, 0x9e, 0x7d, 0x5d, 0x8a, 0x56
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char c2[] = {
0x6c, 0xa6, 0xb5, 0x73, 0x48, 0xf1, 0x89, 0xfa,
0xdd, 0x80, 0x72, 0x1f, 0xb8, 0x56, 0x0c, 0xa2,
0x35, 0xd4, 0x08, 0xbf, 0x24, 0xcb, 0xec, 0xdb,
0x81, 0xe0, 0xe6, 0x4f, 0x3d, 0x1c, 0x5c, 0x46
};
return aes_xts_partial_test_common(aes,
k1, sizeof(k1), i1, sizeof(i1),
pp, sizeof(pp), cp2, sizeof(cp2),
p1, sizeof(p1), c1, sizeof(c1),
k2, sizeof(k2), i2, sizeof(i2),
p2, sizeof(p2), c2, sizeof(c2));
}
static wc_test_ret_t aes_xts_192_inplace_test(XtsAes *aes)
{
WOLFSSL_SMALL_STACK_STATIC const unsigned char k3[] = {
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x21
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char i3[] = {
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char p3[] = {
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0xff, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char c3[] = {
0x72, 0x7A, 0xBC, 0x25, 0x37, 0x20, 0x65, 0x1E,
0xF8, 0x45, 0xB0, 0x16, 0xE7, 0xEE, 0xDA, 0x36,
0xAB, 0x4F, 0xF4, 0xDB, 0x3C, 0xFB, 0x75, 0x19,
0xA3, 0x01, 0x74, 0x28, 0xD5, 0x92, 0x09, 0x7A,
0xDB, 0x0D, 0x96, 0x9F, 0xB7, 0xA2, 0xB7, 0x57
};
return aes_xts_inplace_test_common(aes,
k3, sizeof(k3), i3, sizeof(i3),
p3, sizeof(p3), c3, sizeof(c3));
}
#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
!defined(WOLFSSL_AFALG)
static wc_test_ret_t aes_xts_192_large_test(XtsAes *aes)
{
WOLFSSL_SMALL_STACK_STATIC const unsigned char k1[] = {
0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e,
0x48, 0x01, 0xe4, 0x2f, 0x4b, 0x09, 0x47, 0x14,
0x9e, 0x7f, 0x9f, 0x8e, 0x3e, 0x68, 0xd0, 0xc7,
0x50, 0x52, 0x10, 0xbd, 0x31, 0x1a, 0x0e, 0x7c,
0xd6, 0xe1, 0x3f, 0xfd, 0xf2, 0x41, 0x8d, 0x8d,
0x19, 0x11, 0xc0, 0x04, 0xcd, 0xa5, 0x8d, 0xa3
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char i1[] = {
0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6,
0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
};
return aes_xts_large_test_common(aes, k1, sizeof(k1), i1, sizeof(i1));
}
#endif /* !BENCH_EMBEDDED && !HAVE_CAVIUM && !WOLFSSL_AFALG */
static wc_test_ret_t aes_xts_192_test(void)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XtsAes *aes = NULL;
#else
XtsAes aes[1];
#endif
int aes_inited = 0;
wc_test_ret_t ret = 0;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#endif
ret = wc_AesXtsInit(aes, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
else
aes_inited = 1;
ret = aes_xts_192_vector_test(aes);
if (ret != 0)
ERROR_OUT(ret, out);
ret = aes_xts_192_partial_test(aes);
if (ret != 0)
ERROR_OUT(ret, out);
ret = aes_xts_192_inplace_test(aes);
if (ret != 0)
ERROR_OUT(ret, out);
#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
!defined(WOLFSSL_AFALG)
ret = aes_xts_192_large_test(aes);
if (ret != 0)
ERROR_OUT(ret, out);
#endif /* !BENCH_EMBEDDED && !HAVE_CAVIUM && !WOLFSSL_AFALG */
out:
if (aes_inited)
wc_AesXtsFree(aes);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
#endif
return ret;
}
#endif /* WOLFSSL_AES_192 */
#endif /* HAVE_FIPS */
#ifdef WOLFSSL_AES_256
static wc_test_ret_t aes_xts_256_vector_test(XtsAes *aes)
{
wc_test_ret_t ret = 0;
byte buf[WC_AES_BLOCK_SIZE * 3];
#ifdef WOLFSSL_AESXTS_STREAM
struct XtsAesStreamData stream;
#endif
WOLFSSL_SMALL_STACK_STATIC const unsigned char k1[] = {
0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e,
0x48, 0x01, 0xe4, 0x2f, 0x4b, 0x09, 0x47, 0x14,
0x9e, 0x7f, 0x9f, 0x8e, 0x3e, 0x68, 0xd0, 0xc7,
0x50, 0x52, 0x10, 0xbd, 0x31, 0x1a, 0x0e, 0x7c,
0xd6, 0xe1, 0x3f, 0xfd, 0xf2, 0x41, 0x8d, 0x8d,
0x19, 0x11, 0xc0, 0x04, 0xcd, 0xa5, 0x8d, 0xa3,
0xd6, 0x19, 0xb7, 0xe2, 0xb9, 0x14, 0x1e, 0x58,
0x31, 0x8e, 0xea, 0x39, 0x2c, 0xf4, 0x1b, 0x08
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char i1[] = {
0xad, 0xf8, 0xd9, 0x26, 0x27, 0x46, 0x4a, 0xd2,
0xf0, 0x42, 0x8e, 0x84, 0xa9, 0xf8, 0x75, 0x64
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char p1[] = {
0x2e, 0xed, 0xea, 0x52, 0xcd, 0x82, 0x15, 0xe1,
0xac, 0xc6, 0x47, 0xe8, 0x10, 0xbb, 0xc3, 0x64,
0x2e, 0x87, 0x28, 0x7f, 0x8d, 0x2e, 0x57, 0xe3,
0x6c, 0x0a, 0x24, 0xfb, 0xc1, 0x2a, 0x20, 0x2e
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char c1[] = {
0xcb, 0xaa, 0xd0, 0xe2, 0xf6, 0xce, 0xa3, 0xf5,
0x0b, 0x37, 0xf9, 0x34, 0xd4, 0x6a, 0x9b, 0x13,
0x0b, 0x9d, 0x54, 0xf0, 0x7e, 0x34, 0xf3, 0x6a,
0xf7, 0x93, 0xe8, 0x6f, 0x73, 0xc6, 0xd7, 0xdb
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char k2[] = {
0xad, 0x50, 0x4b, 0x85, 0xd7, 0x51, 0xbf, 0xba,
0x69, 0x13, 0xb4, 0xcc, 0x79, 0xb6, 0x5a, 0x62,
0xf7, 0xf3, 0x9d, 0x36, 0x0f, 0x35, 0xb5, 0xec,
0x4a, 0x7e, 0x95, 0xbd, 0x9b, 0xa5, 0xf2, 0xec,
0xc1, 0xd7, 0x7e, 0xa3, 0xc3, 0x74, 0xbd, 0x4b,
0x13, 0x1b, 0x07, 0x83, 0x87, 0xdd, 0x55, 0x5a,
0xb5, 0xb0, 0xc7, 0xe5, 0x2d, 0xb5, 0x06, 0x12,
0xd2, 0xb5, 0x3a, 0xcb, 0x47, 0x8a, 0x53, 0xb4
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char i2[] = {
0xe6, 0x42, 0x19, 0xed, 0xe0, 0xe1, 0xc2, 0xa0,
0x0e, 0xf5, 0x58, 0x6a, 0xc4, 0x9b, 0xeb, 0x6f
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char p2[] = {
0x24, 0xcb, 0x76, 0x22, 0x55, 0xb5, 0xa8, 0x00,
0xf4, 0x6e, 0x80, 0x60, 0x56, 0x9e, 0x05, 0x53,
0xbc, 0xfe, 0x86, 0x55, 0x3b, 0xca, 0xd5, 0x89,
0xc7, 0x54, 0x1a, 0x73, 0xac, 0xc3, 0x9a, 0xbd,
0x53, 0xc4, 0x07, 0x76, 0xd8, 0xe8, 0x22, 0x61,
0x9e, 0xa9, 0xad, 0x77, 0xa0, 0x13, 0x4c, 0xfc
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char c2[] = {
0xa3, 0xc6, 0xf3, 0xf3, 0x82, 0x79, 0x5b, 0x10,
0x87, 0xd7, 0x02, 0x50, 0xdb, 0x2c, 0xd3, 0xb1,
0xa1, 0x62, 0xa8, 0xb6, 0xdc, 0x12, 0x60, 0x61,
0xc1, 0x0a, 0x84, 0xa5, 0x85, 0x3f, 0x3a, 0x89,
0xe6, 0x6c, 0xdb, 0xb7, 0x9a, 0xb4, 0x28, 0x9b,
0xc3, 0xea, 0xd8, 0x10, 0xe9, 0xc0, 0xaf, 0x92
};
XMEMSET(buf, 0, sizeof(buf));
ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(c2, buf, sizeof(c2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef WOLFSSL_AESXTS_STREAM
ret = wc_AesXtsEncryptInit(aes, i2, sizeof(i2), &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncryptUpdate(aes, buf, p2, WC_AES_BLOCK_SIZE, &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncryptFinal(aes, buf + WC_AES_BLOCK_SIZE,
p2 + WC_AES_BLOCK_SIZE, sizeof(p2) - WC_AES_BLOCK_SIZE, &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(c2, buf, sizeof(c2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* WOLFSSL_AESXTS_STREAM */
XMEMSET(buf, 0, sizeof(buf));
ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(c1, buf, WC_AES_BLOCK_SIZE))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef WOLFSSL_AESXTS_STREAM
ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncryptUpdate(aes, buf, p1, sizeof(p1), &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncryptFinal(aes, buf, NULL, 0, &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(c1, buf, sizeof(c1)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* WOLFSSL_AESXTS_STREAM */
out:
return ret;
}
static wc_test_ret_t aes_xts_256_partial_test(XtsAes *aes)
{
wc_test_ret_t ret = 0;
byte cipher[WC_AES_BLOCK_SIZE * 3];
#ifdef HAVE_AES_DECRYPT
byte buf[WC_AES_BLOCK_SIZE * 3];
#ifdef WOLFSSL_AESXTS_STREAM
struct XtsAesStreamData stream;
#endif
#endif
WOLFSSL_SMALL_STACK_STATIC const unsigned char k1[] = {
0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e,
0x48, 0x01, 0xe4, 0x2f, 0x4b, 0x09, 0x47, 0x14,
0x9e, 0x7f, 0x9f, 0x8e, 0x3e, 0x68, 0xd0, 0xc7,
0x50, 0x52, 0x10, 0xbd, 0x31, 0x1a, 0x0e, 0x7c,
0xd6, 0xe1, 0x3f, 0xfd, 0xf2, 0x41, 0x8d, 0x8d,
0x19, 0x11, 0xc0, 0x04, 0xcd, 0xa5, 0x8d, 0xa3,
0xd6, 0x19, 0xb7, 0xe2, 0xb9, 0x14, 0x1e, 0x58,
0x31, 0x8e, 0xea, 0x39, 0x2c, 0xf4, 0x1b, 0x08
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char i1[] = {
0xad, 0xf8, 0xd9, 0x26, 0x27, 0x46, 0x4a, 0xd2,
0xf0, 0x42, 0x8e, 0x84, 0xa9, 0xf8, 0x75, 0x64
};
/* plain text test of partial block is not from NIST test vector list */
WOLFSSL_SMALL_STACK_STATIC const unsigned char pp[] = {
0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c,
0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
};
#ifdef HAVE_AES_DECRYPT
WOLFSSL_SMALL_STACK_STATIC const unsigned char p1[] = {
0x2e, 0xed, 0xea, 0x52, 0xcd, 0x82, 0x15, 0xe1,
0xac, 0xc6, 0x47, 0xe8, 0x10, 0xbb, 0xc3, 0x64,
0x2e, 0x87, 0x28, 0x7f, 0x8d, 0x2e, 0x57, 0xe3,
0x6c, 0x0a, 0x24, 0xfb, 0xc1, 0x2a, 0x20, 0x2e
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char c1[] = {
0xcb, 0xaa, 0xd0, 0xe2, 0xf6, 0xce, 0xa3, 0xf5,
0x0b, 0x37, 0xf9, 0x34, 0xd4, 0x6a, 0x9b, 0x13,
0x0b, 0x9d, 0x54, 0xf0, 0x7e, 0x34, 0xf3, 0x6a,
0xf7, 0x93, 0xe8, 0x6f, 0x73, 0xc6, 0xd7, 0xdb
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char k2[] = {
0xad, 0x50, 0x4b, 0x85, 0xd7, 0x51, 0xbf, 0xba,
0x69, 0x13, 0xb4, 0xcc, 0x79, 0xb6, 0x5a, 0x62,
0xf7, 0xf3, 0x9d, 0x36, 0x0f, 0x35, 0xb5, 0xec,
0x4a, 0x7e, 0x95, 0xbd, 0x9b, 0xa5, 0xf2, 0xec,
0xc1, 0xd7, 0x7e, 0xa3, 0xc3, 0x74, 0xbd, 0x4b,
0x13, 0x1b, 0x07, 0x83, 0x87, 0xdd, 0x55, 0x5a,
0xb5, 0xb0, 0xc7, 0xe5, 0x2d, 0xb5, 0x06, 0x12,
0xd2, 0xb5, 0x3a, 0xcb, 0x47, 0x8a, 0x53, 0xb4
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char i2[] = {
0xe6, 0x42, 0x19, 0xed, 0xe0, 0xe1, 0xc2, 0xa0,
0x0e, 0xf5, 0x58, 0x6a, 0xc4, 0x9b, 0xeb, 0x6f
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char p2[] = {
0x24, 0xcb, 0x76, 0x22, 0x55, 0xb5, 0xa8, 0x00,
0xf4, 0x6e, 0x80, 0x60, 0x56, 0x9e, 0x05, 0x53,
0xbc, 0xfe, 0x86, 0x55, 0x3b, 0xca, 0xd5, 0x89,
0xc7, 0x54, 0x1a, 0x73, 0xac, 0xc3, 0x9a, 0xbd,
0x53, 0xc4, 0x07, 0x76, 0xd8, 0xe8, 0x22, 0x61,
0x9e, 0xa9, 0xad, 0x77, 0xa0, 0x13, 0x4c, 0xfc
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char c2[] = {
0xa3, 0xc6, 0xf3, 0xf3, 0x82, 0x79, 0x5b, 0x10,
0x87, 0xd7, 0x02, 0x50, 0xdb, 0x2c, 0xd3, 0xb1,
0xa1, 0x62, 0xa8, 0xb6, 0xdc, 0x12, 0x60, 0x61,
0xc1, 0x0a, 0x84, 0xa5, 0x85, 0x3f, 0x3a, 0x89,
0xe6, 0x6c, 0xdb, 0xb7, 0x9a, 0xb4, 0x28, 0x9b,
0xc3, 0xea, 0xd8, 0x10, 0xe9, 0xc0, 0xaf, 0x92
};
#endif
/* partial block encryption test */
XMEMSET(cipher, 0, sizeof(cipher));
ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifdef HAVE_AES_DECRYPT
/* partial block decrypt test */
XMEMSET(buf, 0, sizeof(buf));
ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
#if defined(WOLFSSL_ASYNC_CRYPT)
#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
#else
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(pp, buf, sizeof(pp)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
/* NIST decrypt test vector */
XMEMSET(buf, 0, sizeof(buf));
ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
#if defined(WOLFSSL_ASYNC_CRYPT)
#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
#else
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(p1, buf, sizeof(p1)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef WOLFSSL_AESXTS_STREAM
ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsDecryptFinal(aes, buf, c1, sizeof(c1), &stream);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(p1, buf, sizeof(p1)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* WOLFSSL_AESXTS_STREAM */
XMEMSET(buf, 0, sizeof(buf));
ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_DECRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
#if defined(WOLFSSL_ASYNC_CRYPT)
#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
#else
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(p2, buf, sizeof(p2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* HAVE_AES_DECRYPT */
out:
return ret;
}
#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
!defined(WOLFSSL_AFALG)
static wc_test_ret_t aes_xts_256_large_test(XtsAes *aes)
{
WOLFSSL_SMALL_STACK_STATIC const unsigned char k1[] = {
0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e,
0x48, 0x01, 0xe4, 0x2f, 0x4b, 0x09, 0x47, 0x14,
0x9e, 0x7f, 0x9f, 0x8e, 0x3e, 0x68, 0xd0, 0xc7,
0x50, 0x52, 0x10, 0xbd, 0x31, 0x1a, 0x0e, 0x7c,
0xd6, 0xe1, 0x3f, 0xfd, 0xf2, 0x41, 0x8d, 0x8d,
0x19, 0x11, 0xc0, 0x04, 0xcd, 0xa5, 0x8d, 0xa3,
0xd6, 0x19, 0xb7, 0xe2, 0xb9, 0x14, 0x1e, 0x58,
0x31, 0x8e, 0xea, 0x39, 0x2c, 0xf4, 0x1b, 0x08
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char i1[] = {
0xad, 0xf8, 0xd9, 0x26, 0x27, 0x46, 0x4a, 0xd2,
0xf0, 0x42, 0x8e, 0x84, 0xa9, 0xf8, 0x75, 0x64
};
return aes_xts_large_test_common(aes, k1, sizeof(k1), i1, sizeof(i1));
}
#endif /* !BENCH_EMBEDDED && !HAVE_CAVIUM && !WOLFSSL_AFALG */
static wc_test_ret_t aes_xts_256_test(void)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XtsAes *aes = NULL;
#else
XtsAes aes[1];
#endif
int aes_inited = 0;
wc_test_ret_t ret = 0;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#endif
#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
&& !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
{
WOLFSSL_SMALL_STACK_STATIC const unsigned char k2[] = {
0xad, 0x50, 0x4b, 0x85, 0xd7, 0x51, 0xbf, 0xba,
0x69, 0x13, 0xb4, 0xcc, 0x79, 0xb6, 0x5a, 0x62,
0xf7, 0xf3, 0x9d, 0x36, 0x0f, 0x35, 0xb5, 0xec,
0x4a, 0x7e, 0x95, 0xbd, 0x9b, 0xa5, 0xf2, 0xec,
0xc1, 0xd7, 0x7e, 0xa3, 0xc3, 0x74, 0xbd, 0x4b,
0x13, 0x1b, 0x07, 0x83, 0x87, 0xdd, 0x55, 0x5a,
0xb5, 0xb0, 0xc7, 0xe5, 0x2d, 0xb5, 0x06, 0x12,
0xd2, 0xb5, 0x3a, 0xcb, 0x47, 0x8a, 0x53, 0xb4
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char i2[] = {
0xe6, 0x42, 0x19, 0xed, 0xe0, 0xe1, 0xc2, 0xa0,
0x0e, 0xf5, 0x58, 0x6a, 0xc4, 0x9b, 0xeb, 0x6f
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char p2[] = {
0x24, 0xcb, 0x76, 0x22, 0x55, 0xb5, 0xa8, 0x00,
0xf4, 0x6e, 0x80, 0x60, 0x56, 0x9e, 0x05, 0x53,
0xbc, 0xfe, 0x86, 0x55, 0x3b, 0xca, 0xd5, 0x89,
0xc7, 0x54, 0x1a, 0x73, 0xac, 0xc3, 0x9a, 0xbd,
0x53, 0xc4, 0x07, 0x76, 0xd8, 0xe8, 0x22, 0x61,
0x9e, 0xa9, 0xad, 0x77, 0xa0, 0x13, 0x4c, 0xfc
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char c2[] = {
0xa3, 0xc6, 0xf3, 0xf3, 0x82, 0x79, 0x5b, 0x10,
0x87, 0xd7, 0x02, 0x50, 0xdb, 0x2c, 0xd3, 0xb1,
0xa1, 0x62, 0xa8, 0xb6, 0xdc, 0x12, 0x60, 0x61,
0xc1, 0x0a, 0x84, 0xa5, 0x85, 0x3f, 0x3a, 0x89,
0xe6, 0x6c, 0xdb, 0xb7, 0x9a, 0xb4, 0x28, 0x9b,
0xc3, 0xea, 0xd8, 0x10, 0xe9, 0xc0, 0xaf, 0x92
};
ret = EVP_test(wolfSSL_EVP_aes_256_xts(), k2, i2, p2, sizeof(p2),
c2, sizeof(c2));
if (ret != 0) {
printf("EVP_aes_256_xts failed\n");
goto out;
}
}
#endif
ret = wc_AesXtsInit(aes, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
else
aes_inited = 1;
ret = aes_xts_256_vector_test(aes);
if (ret != 0)
ERROR_OUT(ret, out);
ret = aes_xts_256_partial_test(aes);
if (ret != 0)
ERROR_OUT(ret, out);
#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
!defined(WOLFSSL_AFALG)
ret = aes_xts_256_large_test(aes);
if (ret != 0)
ERROR_OUT(ret, out);
#endif /* !BENCH_EMBEDDED && !HAVE_CAVIUM && !WOLFSSL_AFALG */
out:
if (aes_inited)
wc_AesXtsFree(aes);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
#endif
return ret;
}
#endif /* WOLFSSL_AES_256 */
#if defined(WOLFSSL_AES_128) && defined(WOLFSSL_AES_256)
/* both 128 and 256 bit key test */
static wc_test_ret_t aes_xts_sector_vector_test(XtsAes *aes)
{
wc_test_ret_t ret = 0;
unsigned char buf[WC_AES_BLOCK_SIZE * 2];
/* 128 key tests */
WOLFSSL_SMALL_STACK_STATIC const unsigned char k1[] = {
0xa3, 0xe4, 0x0d, 0x5b, 0xd4, 0xb6, 0xbb, 0xed,
0xb2, 0xd1, 0x8c, 0x70, 0x0a, 0xd2, 0xdb, 0x22,
0x10, 0xc8, 0x11, 0x90, 0x64, 0x6d, 0x67, 0x3c,
0xbc, 0xa5, 0x3f, 0x13, 0x3e, 0xab, 0x37, 0x3c
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char p1[] = {
0x20, 0xe0, 0x71, 0x94, 0x05, 0x99, 0x3f, 0x09,
0xa6, 0x6a, 0xe5, 0xbb, 0x50, 0x0e, 0x56, 0x2c
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char c1[] = {
0x74, 0x62, 0x35, 0x51, 0x21, 0x02, 0x16, 0xac,
0x92, 0x6b, 0x96, 0x50, 0xb6, 0xd3, 0xfa, 0x52
};
word64 s1 = 141;
/* 256 key tests */
WOLFSSL_SMALL_STACK_STATIC const unsigned char k2[] = {
0xef, 0x01, 0x0c, 0xa1, 0xa3, 0x66, 0x3e, 0x32,
0x53, 0x43, 0x49, 0xbc, 0x0b, 0xae, 0x62, 0x23,
0x2a, 0x15, 0x73, 0x34, 0x85, 0x68, 0xfb, 0x9e,
0xf4, 0x17, 0x68, 0xa7, 0x67, 0x4f, 0x50, 0x7a,
0x72, 0x7f, 0x98, 0x75, 0x53, 0x97, 0xd0, 0xe0,
0xaa, 0x32, 0xf8, 0x30, 0x33, 0x8c, 0xc7, 0xa9,
0x26, 0xc7, 0x73, 0xf0, 0x9e, 0x57, 0xb3, 0x57,
0xcd, 0x15, 0x6a, 0xfb, 0xca, 0x46, 0xe1, 0xa0
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char p2[] = {
0xed, 0x98, 0xe0, 0x17, 0x70, 0xa8, 0x53, 0xb4,
0x9d, 0xb9, 0xe6, 0xaa, 0xf8, 0x8f, 0x0a, 0x41,
0xb9, 0xb5, 0x6e, 0x91, 0xa5, 0xa2, 0xb1, 0x1d,
0x40, 0x52, 0x92, 0x54, 0xf5, 0x52, 0x3e, 0x75
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char c2[] = {
0xca, 0x20, 0xc5, 0x5e, 0x8d, 0xc1, 0x49, 0x68,
0x7d, 0x25, 0x41, 0xde, 0x39, 0xc3, 0xdf, 0x63,
0x00, 0xbb, 0x5a, 0x16, 0x3c, 0x10, 0xce, 0xd3,
0x66, 0x6b, 0x13, 0x57, 0xdb, 0x8b, 0xd3, 0x9d
};
word64 s2 = 187;
XMEMSET(buf, 0, sizeof(buf));
ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncryptSector(aes, buf, p1, sizeof(p1), s1);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(c1, buf, WC_AES_BLOCK_SIZE))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef HAVE_AES_DECRYPT
/* decrypt test */
XMEMSET(buf, 0, sizeof(buf));
ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsDecryptSector(aes, buf, c1, sizeof(c1), s1);
#if defined(WOLFSSL_ASYNC_CRYPT)
#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
#else
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(p1, buf, WC_AES_BLOCK_SIZE))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* HAVE_AES_DECRYPT */
/* 256 bit key tests */
XMEMSET(buf, 0, sizeof(buf));
ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncryptSector(aes, buf, p2, sizeof(p2), s2);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(c2, buf, sizeof(c2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef HAVE_AES_DECRYPT
/* decrypt test */
XMEMSET(buf, 0, sizeof(buf));
ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_DECRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsDecryptSector(aes, buf, c2, sizeof(c2), s2);
#if defined(WOLFSSL_ASYNC_CRYPT)
#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
#else
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(p2, buf, sizeof(p2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* HAVE_AES_DECRYPT */
out:
return ret;
}
#if !defined(BENCH_EMBEDDED) && \
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
static wc_test_ret_t aes_xts_sector_consecutive_test(XtsAes *aes)
{
wc_test_ret_t ret = 0;
word32 sectorSz = 512;
unsigned char data[550];
WOLFSSL_SMALL_STACK_STATIC const unsigned char k3[] = {
0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char p3[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b,
0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53,
0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83,
0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b,
0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, 0xb0, 0xb1, 0xb2, 0xb3,
0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb,
0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3,
0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb,
0xfc, 0xfd, 0xfe, 0xff,
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b,
0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53,
0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83,
0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b,
0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, 0xb0, 0xb1, 0xb2, 0xb3,
0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb,
0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3,
0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb,
0xfc, 0xfd, 0xfe, 0xff,
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
};
WOLFSSL_SMALL_STACK_STATIC const unsigned char c3[] = {
0xb9, 0x6b, 0x2b, 0xfd, 0x61, 0x87, 0x84, 0xd5, 0x26, 0xd2, 0x8c, 0x62,
0x63, 0x01, 0xca, 0x46, 0xb1, 0x82, 0xfa, 0xdc, 0xbc, 0x32, 0x18, 0xe9,
0xda, 0xe6, 0xda, 0xd1, 0x1a, 0x52, 0x77, 0xca, 0xdb, 0x0e, 0xbe, 0x37,
0x88, 0x36, 0x1c, 0x87, 0x16, 0x60, 0xfe, 0xa8, 0x9e, 0xf6, 0x48, 0x64,
0x94, 0x34, 0x64, 0xed, 0xf6, 0x9a, 0xc5, 0x28, 0xc9, 0xed, 0x64, 0x80,
0x85, 0xd8, 0x93, 0xa7, 0x50, 0xb1, 0x9d, 0x2f, 0x1e, 0x34, 0xcc, 0xb4,
0x03, 0xfb, 0x6b, 0x43, 0x21, 0xa8, 0x5b, 0xc6, 0x59, 0x13, 0xd2, 0xb5,
0xf5, 0x7b, 0xf6, 0xb2, 0xa4, 0x7a, 0xd2, 0x50, 0x26, 0xcb, 0xa4, 0x83,
0xc3, 0x56, 0xb0, 0xb1, 0x14, 0x34, 0x12, 0x1b, 0xea, 0x26, 0x97, 0x24,
0x54, 0xcc, 0x32, 0x4c, 0xa4, 0xc2, 0xa3, 0x07, 0xfa, 0x30, 0xa9, 0xf0,
0x91, 0x17, 0x60, 0x68, 0x88, 0x7f, 0x34, 0x7e, 0xbd, 0x20, 0x33, 0x95,
0x6e, 0xc0, 0xb6, 0x2b, 0xff, 0x7e, 0x61, 0x35, 0x9a, 0x88, 0xff, 0xd9,
0x69, 0x21, 0xe7, 0x8f, 0x45, 0x02, 0xf9, 0xd7, 0xeb, 0xa6, 0x53, 0xf1,
0x73, 0x04, 0xf1, 0x0b, 0x85, 0xc6, 0x1f, 0x4a, 0x51, 0x2f, 0x95, 0x87,
0x5a, 0x67, 0x37, 0xb2, 0x87, 0xf7, 0xbe, 0x2a, 0x17, 0x57, 0xca, 0xfc,
0xdd, 0x5f, 0x37, 0x48, 0x78, 0xbd, 0xfa, 0x75, 0xc9, 0xfa, 0x86, 0x7e,
0xc4, 0x0f, 0x60, 0x85, 0xce, 0x12, 0x44, 0x7c, 0xd9, 0xb2, 0x50, 0xd9,
0x57, 0x85, 0xa5, 0xd7, 0x68, 0x59, 0x03, 0x09, 0x97, 0x2e, 0x8e, 0xa5,
0xe3, 0x98, 0xac, 0x16, 0xfb, 0x6d, 0x54, 0xc5, 0x5d, 0x7a, 0x33, 0x44,
0x0a, 0x39, 0x91, 0xcc, 0x9f, 0x67, 0xf9, 0x89, 0xbb, 0x62, 0x02, 0xc4,
0x22, 0xec, 0xcf, 0x97, 0x69, 0x81, 0x3d, 0x00, 0xfd, 0xeb, 0x55, 0x08,
0xa2, 0xff, 0x97, 0xaa, 0x79, 0xde, 0x3c, 0x8a, 0x78, 0x71, 0x73, 0xa2,
0x98, 0x2f, 0xd8, 0x5c, 0x62, 0x1c, 0x5c, 0x23, 0x0a, 0xd1, 0xf1, 0x81,
0x8a, 0x12, 0xe7, 0x4d, 0xdd, 0x4f, 0xd4, 0xf1, 0xe8, 0x0f, 0x25, 0x79,
0x45, 0x4a, 0x49, 0x49, 0x7e, 0x56, 0x91, 0x4e, 0xaa, 0xba, 0x18, 0xe1,
0xe4, 0xbe, 0x21, 0xdc, 0x58, 0x60, 0x6f, 0x6a, 0x7f, 0xdc, 0x5e, 0x74,
0x47, 0xbf, 0xeb, 0x84, 0xc4, 0x1e, 0x5a, 0x61, 0x64, 0xc8, 0x63, 0x68,
0xfa, 0x17, 0x9c, 0xac, 0x60, 0x1c, 0xa5, 0x6e, 0x00, 0x21, 0x93, 0x3c,
0xd7, 0xbb, 0x73, 0x45, 0xf7, 0x34, 0x81, 0x6c, 0xfa, 0xf2, 0x33, 0xfd,
0xb1, 0x40, 0x30, 0x6b, 0x30, 0xd1, 0x83, 0x5e, 0x2e, 0x7a, 0xce, 0xa6,
0x12, 0x2a, 0x15, 0x03, 0x78, 0x29, 0xb9, 0x07, 0xae, 0xe7, 0xc2, 0x78,
0x74, 0x72, 0xa5, 0x0e, 0x6b, 0x1f, 0x78, 0xf2, 0x5a, 0x69, 0xb6, 0x2b,
0x99, 0x94, 0x1f, 0x89, 0xd1, 0x21, 0x14, 0x4a, 0x54, 0xab, 0x5a, 0x9f,
0xaa, 0xa7, 0x96, 0x0a, 0x21, 0xce, 0x30, 0xb6, 0x70, 0x81, 0xe9, 0xd3,
0x71, 0xc0, 0xf1, 0x15, 0xe2, 0xf6, 0xd3, 0xcc, 0x41, 0x15, 0x9d, 0xd5,
0xa3, 0xa4, 0xe0, 0xf8, 0x62, 0xc4, 0x76, 0x65, 0x63, 0x89, 0xa7, 0xe2,
0xfb, 0xf5, 0xc9, 0x80, 0x15, 0x5b, 0xc1, 0x59, 0xb2, 0xd0, 0x01, 0x3a,
0xf9, 0xab, 0x5b, 0x79, 0x54, 0xed, 0x6b, 0xf9, 0x1d, 0x9d, 0x87, 0x63,
0x80, 0x4f, 0xec, 0x9c, 0x4f, 0xad, 0x97, 0x04, 0xff, 0x62, 0x4a, 0x17,
0xc0, 0x09, 0x2a, 0x2c, 0x23, 0x4b, 0xc3, 0xb6, 0x6d, 0xed, 0xdb, 0x1a,
0x6f, 0x56, 0x2b, 0x78, 0x92, 0x3a, 0x5c, 0x7f, 0xb2, 0x63, 0xd3, 0xd5,
0x1a, 0xbe, 0xc2, 0x34, 0xc8, 0xad, 0x36, 0xb7, 0x12, 0xb8, 0xe1, 0xb7,
0x52, 0x7f, 0x16, 0x84, 0x2c, 0x47, 0x7e, 0xf2, 0xa5, 0x36, 0x2e, 0xad,
0xe7, 0xbb, 0xc0, 0x6f, 0x27, 0x8e, 0x41, 0x08, 0x75, 0xe5, 0xff, 0xde,
0x08, 0x9f, 0x8c, 0x91, 0xba, 0xc9, 0x9d, 0x9f, 0x27, 0x90, 0x50, 0x44,
0x24, 0xe7, 0x3d, 0x6f
};
word64 s3 = W64LIT(0x000000ffffffffff);
/* encrypt consecutive sectors test */
XMEMSET(data, 0, sizeof(data));
ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncryptConsecutiveSectors(aes, data, p3,
sizeof(p3), s3, sectorSz);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(c3, data, sizeof(c3)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef HAVE_AES_DECRYPT
/* decrypt consecutive sectors test */
XMEMSET(data, 0, sizeof(data));
ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_DECRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsDecryptConsecutiveSectors(aes, data, c3,
sizeof(c3), s3, sectorSz);
#if defined(WOLFSSL_ASYNC_CRYPT)
#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
#else
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(p3, data, sizeof(p3)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* HAVE_AES_DECRYPT */
out:
return ret;
}
#endif /* !BENCH_EMBEDDED && (!HAVE_FIPS || FIPS_VERSION_GE(5, 3)) && !HAVE_SELFTEST */
static wc_test_ret_t aes_xts_sector_test(void)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XtsAes *aes = NULL;
#else
XtsAes aes[1];
#endif
int aes_inited = 0;
wc_test_ret_t ret = 0;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#endif
ret = wc_AesXtsInit(aes, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
else
aes_inited = 1;
ret = aes_xts_sector_vector_test(aes);
if (ret != 0)
ERROR_OUT(ret, out);
#if !defined(BENCH_EMBEDDED) && \
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
ret = aes_xts_sector_consecutive_test(aes);
if (ret != 0)
ERROR_OUT(ret, out);
#endif /* !BENCH_EMBEDDED && (!HAVE_FIPS || FIPS_VERSION_GE(5, 3)) && !HAVE_SELFTEST */
out:
if (aes_inited)
wc_AesXtsFree(aes);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
#endif
return ret;
}
#endif /* WOLFSSL_AES_128 && WOLFSSL_AES_256 */
#ifdef WOLFSSL_AES_128
/* testing of bad arguments */
static wc_test_ret_t aes_xts_args_test(void)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XtsAes *aes = NULL;
#else
XtsAes aes[1];
#endif
int aes_inited = 0;
wc_test_ret_t ret;
unsigned char buf[WC_AES_BLOCK_SIZE * 2];
/* 128 key tests */
WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
0xa3, 0xe4, 0x0d, 0x5b, 0xd4, 0xb6, 0xbb, 0xed,
0xb2, 0xd1, 0x8c, 0x70, 0x0a, 0xd2, 0xdb, 0x22,
0x10, 0xc8, 0x11, 0x90, 0x64, 0x6d, 0x67, 0x3c,
0xbc, 0xa5, 0x3f, 0x13, 0x3e, 0xab, 0x37, 0x3c
};
WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = {
0x20, 0xe0, 0x71, 0x94, 0x05, 0x99, 0x3f, 0x09,
0xa6, 0x6a, 0xe5, 0xbb, 0x50, 0x0e, 0x56, 0x2c
};
#ifdef HAVE_AES_DECRYPT
WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = {
0x74, 0x62, 0x35, 0x51, 0x21, 0x02, 0x16, 0xac,
0x92, 0x6b, 0x96, 0x50, 0xb6, 0xd3, 0xfa, 0x52
};
#endif
word64 s1 = 141;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#endif
ret = wc_AesXtsInit(aes, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
else
aes_inited = 1;
if (wc_AesXtsSetKeyNoInit(NULL, k1, sizeof(k1), AES_ENCRYPTION) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wc_AesXtsSetKeyNoInit(aes, NULL, sizeof(k1), AES_ENCRYPTION) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
/* encryption operations */
ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsEncryptSector(NULL, buf, p1, sizeof(p1), s1);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_AesXtsEncryptSector(aes, NULL, p1, sizeof(p1), s1);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef HAVE_AES_DECRYPT
/* decryption operations */
ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesXtsDecryptSector(NULL, buf, c1, sizeof(c1), s1);
#if defined(WOLFSSL_ASYNC_CRYPT)
#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
#else
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
#endif
if (ret == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_AesXtsDecryptSector(aes, NULL, c1, sizeof(c1), s1);
#if defined(WOLFSSL_ASYNC_CRYPT)
#ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
#else
ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
#endif
if (ret == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
ret = 0;
out:
if (aes_inited)
wc_AesXtsFree(aes);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
#endif
return ret;
}
#endif /* WOLFSSL_AES_128 */
#if defined(WOLFSSL_AES_XTS)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_xts_test(void)
{
int ret = 0;
WOLFSSL_ENTER("aes_xts_test");
#ifdef WOLFSSL_AES_128
ret = aes_xts_128_test();
if (ret != 0)
return ret;
#endif
/* FIPS won't allow for XTS-384 (two 192-bit keys) */
#ifndef HAVE_FIPS
#ifdef WOLFSSL_AES_192
ret = aes_xts_192_test();
if (ret != 0)
return ret;
#endif
#endif
#ifdef WOLFSSL_AES_256
ret = aes_xts_256_test();
if (ret != 0)
return ret;
#endif
#if defined(WOLFSSL_AES_128) && defined(WOLFSSL_AES_256)
ret = aes_xts_sector_test();
if (ret != 0)
return ret;
#endif
#ifdef WOLFSSL_AES_128
ret = aes_xts_args_test();
if (ret != 0)
return ret;
#endif
return 0;
}
#endif
#endif
#ifdef WOLFSSL_AES_192
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void)
{
wc_test_ret_t ret = 0;
#ifdef HAVE_AES_CBC
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
Aes *enc = NULL;
#else
Aes enc[1];
#endif
byte cipher[WC_AES_BLOCK_SIZE];
#ifdef HAVE_AES_DECRYPT
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
Aes *dec = NULL;
#else
Aes dec[1];
#endif
byte plain[WC_AES_BLOCK_SIZE];
#endif
/* Test vectors from NIST Special Publication 800-38A, 2001 Edition
* Appendix F.2.3 */
WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
};
WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
{
0x4f,0x02,0x1d,0xb2,0x43,0xbc,0x63,0x3d,
0x71,0x78,0x18,0x3a,0x9f,0xa0,0x71,0xe8
};
WOLFSSL_SMALL_STACK_STATIC const byte key[] = {
0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
};
WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F
};
WOLFSSL_ENTER("aes192_test");
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
enc = test_AesCbcNew(HEAP_HINT, devId, &ret);
if (enc == NULL)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#else
XMEMSET(enc, 0, sizeof(Aes));
ret = test_AesCbcInit(enc, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#ifdef HAVE_AES_DECRYPT
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
dec = test_AesCbcNew(HEAP_HINT, devId, &ret);
if (dec == NULL)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#else
XMEMSET(dec, 0, sizeof(Aes));
ret = test_AesCbcInit(dec, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#endif
ret = wc_AesSetKey(enc, key, (int) sizeof(key), iv, AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesSetKey(dec, key, (int) sizeof(key), iv, AES_DECRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE);
ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(cipher, verify, (int) sizeof(cipher)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef HAVE_AES_DECRYPT
XMEMSET(plain, 0, WC_AES_BLOCK_SIZE);
ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(plain, msg, (int) sizeof(plain))) {
WOLFSSL_MSG("failed wc_AesCbcDecrypt plain-msg compare");
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#endif
out:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
wc_AesDelete(enc, &enc);
#else
wc_AesFree(enc);
#endif
#ifdef HAVE_AES_DECRYPT
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
wc_AesDelete(dec, &dec);
#else
wc_AesFree(dec);
#endif
#endif
#endif /* HAVE_AES_CBC */
return ret;
}
#endif /* WOLFSSL_AES_192 */
#ifdef WOLFSSL_AES_256
#ifdef HAVE_AES_CBC
static wc_test_ret_t aes256_cbc_vector_test(Aes* enc, Aes* dec, byte* cipher,
byte* plain)
{
/* Test vectors from NIST Special Publication 800-38A, 2001 Edition,
* Appendix F.2.5 */
WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
};
WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
{
0xf5,0x8c,0x4c,0x04,0xd6,0xe5,0xf1,0xba,
0x77,0x9e,0xab,0xfb,0x5f,0x7b,0xfb,0xd6
};
#ifdef HAVE_RENESAS_SYNC
byte *key = (byte*)guser_PKCbInfo.wrapped_key_aes256;
int keySz = (256/8);
#else
WOLFSSL_SMALL_STACK_STATIC const byte key[] = {
0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
};
int keySz = (int)sizeof(key);
#endif
WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F
};
wc_test_ret_t ret;
#ifndef HAVE_AES_DECRYPT
(void)dec;
(void)plain;
#endif
ret = wc_AesSetKey(enc, key, (word32)keySz, iv, AES_ENCRYPTION);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesSetKey(dec, key, (word32)keySz, iv, AES_DECRYPTION);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#endif
XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE);
ret = wc_AesCbcEncrypt(enc, cipher, msg, (int)sizeof(msg));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#ifdef HAVE_AES_DECRYPT
XMEMSET(plain, 0, WC_AES_BLOCK_SIZE);
ret = wc_AesCbcDecrypt(dec, plain, cipher, WC_AES_BLOCK_SIZE);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE))
return WC_TEST_RET_ENC_NC;
#endif
#ifndef HAVE_RENESAS_SYNC
if (XMEMCMP(cipher, verify, WC_AES_BLOCK_SIZE))
return WC_TEST_RET_ENC_NC;
#endif
return 0;
}
#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
static wc_test_ret_t aes256_cbc_debug_vector_test(Aes* enc, Aes* dec,
byte* cipher, byte* plain)
{
/* Test vectors from NIST Special Publication 800-38A, 2001 Edition,
* Appendix F.2.5 */
WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
};
WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
{
0xf5,0x8c,0x4c,0x04,0xd6,0xe5,0xf1,0xba,
0x77,0x9e,0xab,0xfb,0x5f,0x7b,0xfb,0xd6
};
#ifdef HAVE_RENESAS_SYNC
byte *key = (byte*)guser_PKCbInfo.wrapped_key_aes256;
int keySz = (256/8);
#else
WOLFSSL_SMALL_STACK_STATIC const byte key[] = {
0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
};
int keySz = (int)sizeof(key);
#endif
WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F
};
wc_test_ret_t ret;
#ifndef HAVE_AES_DECRYPT
(void)dec;
(void)plain;
#endif
/* Pass 1: SetKey succeeds, encrypt/decrypt uses simulated vector failure */
ret = wc_AesSetKey(enc, key, (word32)keySz, iv, AES_ENCRYPTION);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesSetKey(dec, key, (word32)keySz, iv, AES_DECRYPTION);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#endif
XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE);
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
ret = wc_AesCbcEncrypt(enc, cipher, msg, (int)sizeof(msg));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#ifdef HAVE_AES_DECRYPT
XMEMSET(plain, 0, WC_AES_BLOCK_SIZE);
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
ret = wc_AesCbcDecrypt(dec, plain, cipher, WC_AES_BLOCK_SIZE);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE))
return WC_TEST_RET_ENC_NC;
#endif
#ifndef HAVE_RENESAS_SYNC
if (XMEMCMP(cipher, verify, WC_AES_BLOCK_SIZE))
return WC_TEST_RET_ENC_NC;
#endif
/* Pass 2: SetKey uses simulated vector failure, encrypt/decrypt succeeds */
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
ret = wc_AesSetKey(enc, key, (word32)keySz, iv, AES_ENCRYPTION);
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#ifdef HAVE_AES_DECRYPT
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
ret = wc_AesSetKey(dec, key, (word32)keySz, iv, AES_DECRYPTION);
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#endif
XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE);
ret = wc_AesCbcEncrypt(enc, cipher, msg, (int)sizeof(msg));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#ifdef HAVE_AES_DECRYPT
XMEMSET(plain, 0, WC_AES_BLOCK_SIZE);
ret = wc_AesCbcDecrypt(dec, plain, cipher, WC_AES_BLOCK_SIZE);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE))
return WC_TEST_RET_ENC_NC;
#endif
#ifndef HAVE_RENESAS_SYNC
if (XMEMCMP(cipher, verify, WC_AES_BLOCK_SIZE))
return WC_TEST_RET_ENC_NC;
#endif
return 0;
}
#endif /* DEBUG_VECTOR_REGISTER_ACCESS && WC_C_DYNAMIC_FALLBACK */
#endif /* HAVE_AES_CBC */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
{
#ifdef HAVE_AES_CBC
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
Aes *enc = NULL;
#else
Aes enc[1];
#endif
byte cipher[WC_AES_BLOCK_SIZE];
#ifdef HAVE_AES_DECRYPT
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
Aes *dec = NULL;
#else
Aes dec[1];
#endif
byte plain[WC_AES_BLOCK_SIZE];
#endif
#endif /* HAVE_AES_CBC */
wc_test_ret_t ret = 0;
#ifdef HAVE_AES_CBC
WOLFSSL_ENTER("aes256_test");
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
enc = test_AesCbcNew(HEAP_HINT, devId, &ret);
if (enc == NULL)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#else
XMEMSET(enc, 0, sizeof(Aes));
ret = test_AesCbcInit(enc, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#ifdef HAVE_AES_DECRYPT
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
dec = test_AesCbcNew(HEAP_HINT, devId, &ret);
if (dec == NULL)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#else
XMEMSET(dec, 0, sizeof(Aes));
ret = test_AesCbcInit(dec, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#endif
ret = aes256_cbc_vector_test(enc, WC_TEST_AES_DEC(dec), cipher,
WC_TEST_AES_DEC(plain));
if (ret != 0)
goto out;
#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
ret = aes256_cbc_debug_vector_test(enc, WC_TEST_AES_DEC(dec), cipher,
WC_TEST_AES_DEC(plain));
if (ret != 0)
goto out;
#endif /* DEBUG_VECTOR_REGISTER_ACCESS && WC_C_DYNAMIC_FALLBACK */
out:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
wc_AesDelete(enc, &enc);
#else
wc_AesFree(enc);
#endif
#ifdef HAVE_AES_DECRYPT
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
wc_AesDelete(dec, &dec);
#else
wc_AesFree(dec);
#endif
#endif
#endif /* HAVE_AES_CBC */
return ret;
}
#endif /* WOLFSSL_AES_256 */
#ifdef HAVE_AESGCM
#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM)
#if !defined(BENCH_AESGCM_LARGE)
#define BENCH_AESGCM_LARGE 1024
#endif
#endif
#ifdef WOLFSSL_AES_128
static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv, int ivSz,
byte* plain, int plainSz, byte* cipher, int cipherSz,
byte* aad, int aadSz, byte* tag, int tagSz)
{
wc_test_ret_t ret;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
Aes *enc = NULL;
Aes *dec = NULL;
#else
Aes enc[1];
Aes dec[1];
#endif
byte resultT[WC_AES_BLOCK_SIZE];
byte resultP[WC_AES_BLOCK_SIZE * 3];
byte resultC[WC_AES_BLOCK_SIZE * 3];
XMEMSET(resultT, 0, sizeof(resultT));
XMEMSET(resultC, 0, sizeof(resultC));
XMEMSET(resultP, 0, sizeof(resultP));
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
enc = test_AesGcmNew(HEAP_HINT, devId, &ret);
if (enc == NULL)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
dec = test_AesGcmNew(HEAP_HINT, devId, &ret);
if (dec == NULL)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#else
XMEMSET(enc, 0, sizeof(Aes));
XMEMSET(dec, 0, sizeof(Aes));
ret = test_AesGcmInit(enc, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = test_AesGcmInit(dec, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
ret = wc_AesGcmSetKey(enc, key, (word32)keySz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* AES-GCM encrypt and decrypt both use AES encrypt internally */
ret = wc_AesGcmEncrypt(enc, resultC, plain, (word32)plainSz, iv, (word32)ivSz,
resultT, (word32)tagSz, aad, (word32)aadSz);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (cipher != NULL) {
if (XMEMCMP(cipher, resultC, (word32)cipherSz))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
if (XMEMCMP(tag, resultT, (unsigned long)tagSz))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
ret = wc_AesGcmEncrypt(enc, resultC, plain, plainSz, iv, ivSz,
resultT, tagSz, aad, aadSz);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (cipher != NULL) {
if (XMEMCMP(cipher, resultC, (unsigned long)cipherSz))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
if (XMEMCMP(tag, resultT, tagSz))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
#ifdef HAVE_AES_DECRYPT
ret = wc_AesGcmSetKey(dec, key, (word32)keySz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesGcmDecrypt(dec, resultP, resultC, (word32)cipherSz,
iv, (word32)ivSz, resultT, (word32)tagSz, aad, (word32)aadSz);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (plain != NULL) {
if (XMEMCMP(plain, resultP, (unsigned long)plainSz))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
ret = wc_AesGcmDecrypt(dec, resultP, resultC, cipherSz,
iv, ivSz, resultT, tagSz, aad, aadSz);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (plain != NULL) {
if (XMEMCMP(plain, resultP, (unsigned long)plainSz))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#endif
#endif /* HAVE_AES_DECRYPT */
ret = 0;
out:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
wc_AesDelete(enc, &enc);
wc_AesDelete(dec, &dec);
#else
wc_AesFree(enc);
wc_AesFree(dec);
#endif
return ret;
}
#endif
/* tests that only use 12 byte IV and 16 or less byte AAD
* test vectors are from NIST SP 800-38D
* https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/CAVP-TESTING-BLOCK-CIPHER-MODES*/
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_default_test(void)
{
#ifdef WOLFSSL_AES_128
byte key1[] = {
0x29, 0x8e, 0xfa, 0x1c, 0xcf, 0x29, 0xcf, 0x62,
0xae, 0x68, 0x24, 0xbf, 0xc1, 0x95, 0x57, 0xfc
};
byte iv1[] = {
0x6f, 0x58, 0xa9, 0x3f, 0xe1, 0xd2, 0x07, 0xfa,
0xe4, 0xed, 0x2f, 0x6d
};
ALIGN64 byte plain1[] = {
0xcc, 0x38, 0xbc, 0xcd, 0x6b, 0xc5, 0x36, 0xad,
0x91, 0x9b, 0x13, 0x95, 0xf5, 0xd6, 0x38, 0x01,
0xf9, 0x9f, 0x80, 0x68, 0xd6, 0x5c, 0xa5, 0xac,
0x63, 0x87, 0x2d, 0xaf, 0x16, 0xb9, 0x39, 0x01
};
byte aad1[] = {
0x02, 0x1f, 0xaf, 0xd2, 0x38, 0x46, 0x39, 0x73,
0xff, 0xe8, 0x02, 0x56, 0xe5, 0xb1, 0xc6, 0xb1
};
ALIGN64 byte cipher1[] = {
0xdf, 0xce, 0x4e, 0x9c, 0xd2, 0x91, 0x10, 0x3d,
0x7f, 0xe4, 0xe6, 0x33, 0x51, 0xd9, 0xe7, 0x9d,
0x3d, 0xfd, 0x39, 0x1e, 0x32, 0x67, 0x10, 0x46,
0x58, 0x21, 0x2d, 0xa9, 0x65, 0x21, 0xb7, 0xdb
};
byte tag1[] = {
0x54, 0x24, 0x65, 0xef, 0x59, 0x93, 0x16, 0xf7,
0x3a, 0x7a, 0x56, 0x05, 0x09, 0xa2, 0xd9, 0xf2
};
byte key2[] = {
0x01, 0x6d, 0xbb, 0x38, 0xda, 0xa7, 0x6d, 0xfe,
0x7d, 0xa3, 0x84, 0xeb, 0xf1, 0x24, 0x03, 0x64
};
byte iv2[] = {
0x07, 0x93, 0xef, 0x3a, 0xda, 0x78, 0x2f, 0x78,
0xc9, 0x8a, 0xff, 0xe3
};
ALIGN64 byte plain2[] = {
0x4b, 0x34, 0xa9, 0xec, 0x57, 0x63, 0x52, 0x4b,
0x19, 0x1d, 0x56, 0x16, 0xc5, 0x47, 0xf6, 0xb7
};
ALIGN64 byte cipher2[] = {
0x60, 0x9a, 0xa3, 0xf4, 0x54, 0x1b, 0xc0, 0xfe,
0x99, 0x31, 0xda, 0xad, 0x2e, 0xe1, 0x5d, 0x0c
};
byte tag2[] = {
0x33, 0xaf, 0xec, 0x59, 0xc4, 0x5b, 0xaf, 0x68,
0x9a, 0x5e, 0x1b, 0x13, 0xae, 0x42, 0x36, 0x19
};
byte key3[] = {
0xb0, 0x1e, 0x45, 0xcc, 0x30, 0x88, 0xaa, 0xba,
0x9f, 0xa4, 0x3d, 0x81, 0xd4, 0x81, 0x82, 0x3f
};
byte iv3[] = {
0x5a, 0x2c, 0x4a, 0x66, 0x46, 0x87, 0x13, 0x45,
0x6a, 0x4b, 0xd5, 0xe1
};
byte tag3[] = {
0x01, 0x42, 0x80, 0xf9, 0x44, 0xf5, 0x3c, 0x68,
0x11, 0x64, 0xb2, 0xff
};
wc_test_ret_t ret;
WOLFSSL_ENTER("aesgcm_default_test");
ret = aesgcm_default_test_helper(key1, sizeof(key1), iv1, sizeof(iv1),
plain1, sizeof(plain1), cipher1, sizeof(cipher1),
aad1, sizeof(aad1), tag1, sizeof(tag1));
if (ret != 0) {
return ret;
}
ret = aesgcm_default_test_helper(key2, sizeof(key2), iv2, sizeof(iv2),
plain2, sizeof(plain2), cipher2, sizeof(cipher2),
NULL, 0, tag2, sizeof(tag2));
if (ret != 0) {
return ret;
}
ret = aesgcm_default_test_helper(key3, sizeof(key3), iv3, sizeof(iv3),
NULL, 0, NULL, 0,
NULL, 0, tag3, sizeof(tag3));
if (ret != 0) {
return ret;
}
#endif
return 0;
}
#if !defined(HAVE_FIPS) && \
!defined(WOLFSSL_PIC32MZ_CRYPT) && \
!defined(FREESCALE_LTC) && !defined(FREESCALE_MMCAU) && \
!defined(WOLFSSL_XILINX_CRYPT) && !defined(WOLFSSL_AFALG_XILINX_AES) && \
!defined(WOLFSSL_SILABS_SE_ACCEL) && !defined(WOLFSSL_KCAPI_AES) && \
!(defined(WOLF_CRYPTO_CB) && \
(defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC)))
#define ENABLE_NON_12BYTE_IV_TEST
#endif
static wc_test_ret_t aesgcm_setiv_test(Aes* enc, Aes* dec)
{
wc_test_ret_t ret = 0;
#if defined(WOLFSSL_AES_256) && \
(!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
(HAVE_FIPS_VERSION >= 2))) && \
!(defined(WC_NO_RNG) || defined(HAVE_SELFTEST)) && \
!(defined(WOLF_CRYPTO_CB) && defined(HAVE_CAVIUM_OCTEON_SYNC))
WC_RNG rng;
int rngInited = 0;
byte randIV[12];
WOLFSSL_SMALL_STACK_STATIC const byte p[] =
{
0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
0xba, 0x63, 0x7b, 0x39
};
WOLFSSL_SMALL_STACK_STATIC const byte a[] =
{
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xab, 0xad, 0xda, 0xd2
};
#ifdef HAVE_RENESAS_SYNC
const byte *k1 = (byte*)guser_PKCbInfo.wrapped_key_aes256;
int k1Sz = (int)(256/8);
#else
WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
{
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
};
int k1Sz = (int)sizeof(k1);
#endif
byte resultT[16 + WC_AES_BLOCK_SIZE];
byte resultC[sizeof(p) + WC_AES_BLOCK_SIZE];
byte resultP[sizeof(p) + WC_AES_BLOCK_SIZE];
XMEMSET(randIV, 0, sizeof(randIV));
XMEMSET(resultT, 0, sizeof(resultT));
XMEMSET(resultC, 0, sizeof(resultC));
XMEMSET(resultP, 0, sizeof(resultP));
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
rngInited = 1;
wc_AesGcmSetKey(enc, k1, (word32)k1Sz);
ret = wc_AesGcmSetIV(enc, sizeof(randIV), NULL, 0, &rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesGcmEncrypt_ex(enc,
resultC, p, sizeof(p),
randIV, sizeof(randIV),
resultT, 16,
a, sizeof(a));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* Check the IV has been set. */
{
word32 i, ivSum = 0;
for (i = 0; i < sizeof(randIV); i++)
ivSum += randIV[i];
if (ivSum == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#ifdef HAVE_AES_DECRYPT
wc_AesGcmSetKey(dec, k1, (word32)k1Sz);
ret = wc_AesGcmSetIV(dec, sizeof(randIV), NULL, 0, &rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesGcmDecrypt(dec,
resultP, resultC, sizeof(p),
randIV, sizeof(randIV),
resultT, 16,
a, sizeof(a));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(p, resultP, sizeof(p)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* HAVE_AES_DECRYPT */
out:
if (rngInited)
wc_FreeRng(&rng);
#else
(void)enc;
#endif /* WOLFSSL_AES_256 && ... */
(void)dec;
return ret;
}
static wc_test_ret_t aesgcm_stream_test(Aes* enc)
{
wc_test_ret_t ret = 0;
#if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) && \
defined(WOLFSSL_AES_256) && defined(WOLFSSL_AESGCM_STREAM)
int alen;
int plen;
WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
{
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
};
WOLFSSL_SMALL_STACK_STATIC const byte iv1[] =
{
0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88
};
WOLFSSL_SMALL_STACK_STATIC const byte p[] =
{
0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
0xba, 0x63, 0x7b, 0x39
};
WOLFSSL_SMALL_STACK_STATIC const byte a[] =
{
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xab, 0xad, 0xda, 0xd2
};
WOLFSSL_SMALL_STACK_STATIC const byte c1[] =
{
0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
0xbc, 0xc9, 0xf6, 0x62
};
WOLFSSL_SMALL_STACK_STATIC const byte t1[] =
{
0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
};
byte resultT[sizeof(t1) + WC_AES_BLOCK_SIZE];
byte resultP[sizeof(p) + WC_AES_BLOCK_SIZE];
byte resultC[sizeof(p) + WC_AES_BLOCK_SIZE];
#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM)
#ifndef WOLFSSL_NO_MALLOC
byte *large_input = (byte *)XMALLOC(BENCH_AESGCM_LARGE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
byte *large_output = (byte *)XMALLOC(BENCH_AESGCM_LARGE + WC_AES_BLOCK_SIZE,
HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
byte *large_outdec = (byte *)XMALLOC(BENCH_AESGCM_LARGE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if ((! large_input) || (! large_output) || (! large_outdec))
ERROR_OUT(MEMORY_E, out);
#else
byte large_input[BENCH_AESGCM_LARGE];
byte large_output[BENCH_AESGCM_LARGE + WC_AES_BLOCK_SIZE];
byte large_outdec[BENCH_AESGCM_LARGE];
#endif
XMEMSET(large_input, 0, BENCH_AESGCM_LARGE);
XMEMSET(large_output, 0, BENCH_AESGCM_LARGE + WC_AES_BLOCK_SIZE);
XMEMSET(large_outdec, 0, BENCH_AESGCM_LARGE);
#endif /* !BENCH_EMBEDDED && !HAVE_CAVIUM */
XMEMSET(resultT, 0, sizeof(resultT));
XMEMSET(resultC, 0, sizeof(resultC));
XMEMSET(resultP, 0, sizeof(resultP));
ret = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesGcmEncryptUpdate(enc, resultC, p, sizeof(p), a, sizeof(a));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(7, 0, 0)
ret = wc_AesGcmEncryptUpdate(enc, resultC, p, WOLFSSL_MAX_32BIT,
NULL /* authIn */, 0 /* authInSz */);
if (ret != WC_NO_ERR_TRACE(AES_GCM_OVERFLOW_E)) {
if (ret == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
else
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
ret = wc_AesGcmEncryptUpdate(enc, resultC, (const byte *)"", 0,
(const byte *)"", WOLFSSL_MAX_32BIT);
if (ret != WC_NO_ERR_TRACE(AES_GCM_OVERFLOW_E)) {
if (ret == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
else
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
#endif /* !HAVE_FIPS || FIPS_VERSION3_GE(7, 0, 0) */
ret = wc_AesGcmEncryptFinal(enc, resultT, sizeof(t1));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(resultC, c1, sizeof(c1)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(resultT, t1, sizeof(t1)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesGcmDecryptUpdate(enc, resultP, c1, sizeof(c1), a, sizeof(a));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(7, 0, 0)
ret = wc_AesGcmDecryptUpdate(enc, resultP, c1, WOLFSSL_MAX_32BIT,
NULL /* authIn */, 0 /* authInSz */);
if (ret != WC_NO_ERR_TRACE(AES_GCM_OVERFLOW_E)) {
if (ret == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
else
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
ret = wc_AesGcmDecryptUpdate(enc, resultP, (const byte *)"", 0,
(const byte *)"", WOLFSSL_MAX_32BIT);
if (ret != WC_NO_ERR_TRACE(AES_GCM_OVERFLOW_E)) {
if (ret == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
else
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
#endif /* !HAVE_FIPS || FIPS_VERSION3_GE(7, 0, 0) */
ret = wc_AesGcmDecryptFinal(enc, t1, sizeof(t1));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(resultP, p, sizeof(p)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)
/* Regression test: wc_AesGcmDecryptFinal must reject authTagSz below
* WOLFSSL_MIN_AUTH_TAG_SZ, consistent with wc_AesGcmDecrypt and
* wc_AesGcmEncryptFinal. */
#if defined(HAVE_AES_DECRYPT) && WOLFSSL_MIN_AUTH_TAG_SZ > 1
ret = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesGcmDecryptUpdate(enc, resultP, c1, sizeof(c1), a, sizeof(a));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesGcmDecryptFinal(enc, t1, WOLFSSL_MIN_AUTH_TAG_SZ - 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif /* HAVE_AES_DECRYPT && WOLFSSL_MIN_AUTH_TAG_SZ > 1 */
#endif /* !HAVE_FIPS || FIPS_VERSION3_GE(7,0,0) */
/* alen is the size to pass in with each update. */
for (alen = 1; alen < WC_AES_BLOCK_SIZE + 1; alen++) {
ret = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* plen is the offset into AAD to update with. */
for (plen = 0; plen < (int)sizeof(a); plen += alen) {
int len = sizeof(a) - plen;
if (len > alen) len = alen;
ret = wc_AesGcmEncryptUpdate(enc, NULL, NULL, 0, a + plen, (word32)len);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
/* plen is the offset into plaintext to update with. */
for (plen = 0; plen < (int)sizeof(p); plen += alen) {
int len = sizeof(p) - plen;
if (len > alen) len = alen;
ret = wc_AesGcmEncryptUpdate(enc, resultC + plen, p + plen, (word32)len,
NULL, 0);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
ret = wc_AesGcmEncryptFinal(enc, resultT, sizeof(t1));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(resultC, c1, sizeof(c1)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(resultT, t1, sizeof(t1)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#ifdef HAVE_AES_DECRYPT
for (alen = 1; alen < WC_AES_BLOCK_SIZE + 1; alen++) {
ret = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* plen is the offset into AAD to update with. */
for (plen = 0; plen < (int)sizeof(a); plen += alen) {
int len = sizeof(a) - plen;
if (len > alen) len = alen;
ret = wc_AesGcmDecryptUpdate(enc, NULL, NULL, 0, a + plen, (word32)len);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
/* plen is the offset into cipher text to update with. */
for (plen = 0; plen < (int)sizeof(c1); plen += alen) {
int len = sizeof(c1) - plen;
if (len > alen) len = alen;
ret = wc_AesGcmDecryptUpdate(enc, resultP + plen, c1 + plen, (word32)len,
NULL, 0);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
ret = wc_AesGcmDecryptFinal(enc, t1, sizeof(t1));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(resultP, p, sizeof(p)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#endif /* HAVE_AES_DECRYPT */
#ifdef BENCH_AESGCM_LARGE
/* setup test buffer */
ret = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesGcmEncryptUpdate(enc, large_output, large_input,
BENCH_AESGCM_LARGE, a, sizeof(a));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesGcmEncryptFinal(enc, resultT, sizeof(t1));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesGcmDecryptUpdate(enc, large_outdec, large_output,
BENCH_AESGCM_LARGE, a, sizeof(a));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesGcmDecryptFinal(enc, resultT, sizeof(t1));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(large_input, large_outdec, BENCH_AESGCM_LARGE))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* HAVE_AES_DECRYPT */
#endif /* BENCH_AESGCM_LARGE */
ret = 0;
out:
#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
!defined(WOLFSSL_NO_MALLOC)
XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(large_output, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(large_outdec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#else
(void)enc;
#endif /* !WOLFSSL_AFALG_XILINX_AES && ... */
return ret;
}
static wc_test_ret_t aesgcm_non12iv_test(Aes* enc, Aes* dec)
{
wc_test_ret_t ret = 0;
#ifdef ENABLE_NON_12BYTE_IV_TEST
WOLFSSL_SMALL_STACK_STATIC const byte p[] =
{
0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
0xba, 0x63, 0x7b, 0x39
};
#if defined(WOLFSSL_AES_192) || \
(defined(WOLFSSL_AES_128) && defined(BENCH_AESGCM_LARGE))
WOLFSSL_SMALL_STACK_STATIC const byte a[] =
{
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xab, 0xad, 0xda, 0xd2
};
#endif
#if defined(BENCH_AESGCM_LARGE) && \
(defined(WOLFSSL_AES_192) || defined(WOLFSSL_AES_128))
WOLFSSL_SMALL_STACK_STATIC const byte iv1[] =
{
0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88
};
#endif
WOLFSSL_SMALL_STACK_STATIC const byte t1[] =
{
0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
};
#ifdef WOLFSSL_AES_192
/* Test Case 12, uses same plaintext and AAD data. */
WOLFSSL_SMALL_STACK_STATIC const byte k2[] =
{
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c
};
WOLFSSL_SMALL_STACK_STATIC const byte iv2[] =
{
0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
0xa6, 0x37, 0xb3, 0x9b
};
WOLFSSL_SMALL_STACK_STATIC const byte c2[] =
{
0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff,
0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef,
0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45,
0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9,
0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3,
0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7,
0xe9, 0xb7, 0x37, 0x3b
};
WOLFSSL_SMALL_STACK_STATIC const byte t2[] =
{
0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb,
0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9
};
#endif /* WOLFSSL_AES_192 */
#ifdef WOLFSSL_AES_128
WOLFSSL_SMALL_STACK_STATIC const byte iv3[] =
{
0xca
};
WOLFSSL_SMALL_STACK_STATIC const byte c3[] =
{
0x6b, 0x5f, 0xb3, 0x9d, 0xc1, 0xc5, 0x7a, 0x4f,
0xf3, 0x51, 0x4d, 0xc2, 0xd5, 0xf0, 0xd0, 0x07
};
WOLFSSL_SMALL_STACK_STATIC const byte a3[] =
{
0x40, 0xfc, 0xdc, 0xd7, 0x4a, 0xd7, 0x8b, 0xf1,
0x3e, 0x7c, 0x60, 0x55, 0x50, 0x51, 0xdd, 0x54
};
WOLFSSL_SMALL_STACK_STATIC const byte t3[] =
{
0x06, 0x90, 0xed, 0x01, 0x34, 0xdd, 0xc6, 0x95,
0x31, 0x2e, 0x2a, 0xf9, 0x57, 0x7a, 0x1e, 0xa6
};
#ifdef HAVE_RENESAS_SYNC
const byte *k3 =
(byte*)guser_PKCbInfo.wrapped_key_aes128;
int k3Sz = (int)(128/8);
#else
WOLFSSL_SMALL_STACK_STATIC const byte k3[] =
{
0xbb, 0x01, 0xd7, 0x03, 0x81, 0x1c, 0x10, 0x1a,
0x35, 0xe0, 0xff, 0xd2, 0x91, 0xba, 0xf2, 0x4b
};
int k3Sz = (int)sizeof(k3);
#endif
WOLFSSL_SMALL_STACK_STATIC const byte p3[] =
{
0x57, 0xce, 0x45, 0x1f, 0xa5, 0xe2, 0x35, 0xa5,
0x8e, 0x1a, 0xa2, 0x3b, 0x77, 0xcb, 0xaf, 0xe2
};
int tlen = 0;
#endif /* WOLFSSL_AES_128 */
byte resultT[sizeof(t1) + WC_AES_BLOCK_SIZE];
byte resultP[sizeof(p) + WC_AES_BLOCK_SIZE];
byte resultC[sizeof(p) + WC_AES_BLOCK_SIZE];
#if defined(BENCH_AESGCM_LARGE) && \
(defined(WOLFSSL_AES_192) || defined(WOLFSSL_AES_128))
int alen = 0;
#endif
#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM)
#ifndef WOLFSSL_NO_MALLOC
byte *large_input = (byte *)XMALLOC(BENCH_AESGCM_LARGE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
byte *large_output = (byte *)XMALLOC(BENCH_AESGCM_LARGE + WC_AES_BLOCK_SIZE,
HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
byte *large_outdec = (byte *)XMALLOC(BENCH_AESGCM_LARGE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if ((! large_input) || (! large_output) || (! large_outdec))
ERROR_OUT(MEMORY_E, out);
#else
byte large_input[BENCH_AESGCM_LARGE];
byte large_output[BENCH_AESGCM_LARGE + WC_AES_BLOCK_SIZE];
byte large_outdec[BENCH_AESGCM_LARGE];
#endif
XMEMSET(large_input, 0, BENCH_AESGCM_LARGE);
XMEMSET(large_output, 0, BENCH_AESGCM_LARGE + WC_AES_BLOCK_SIZE);
XMEMSET(large_outdec, 0, BENCH_AESGCM_LARGE);
#endif /* !BENCH_EMBEDDED && !HAVE_CAVIUM */
XMEMSET(resultT, 0, sizeof(resultT));
XMEMSET(resultC, 0, sizeof(resultC));
XMEMSET(resultP, 0, sizeof(resultP));
#ifdef WOLFSSL_AES_192
wc_AesGcmSetKey(enc, k2, sizeof(k2));
/* AES-GCM encrypt and decrypt both use AES encrypt internally */
ret = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv2, sizeof(iv2),
resultT, sizeof(t1), a, sizeof(a));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(c2, resultC, sizeof(c2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(t2, resultT, sizeof(t1)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(p),
iv2, sizeof(iv2), resultT, sizeof(t1), a, sizeof(a));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(p, resultP, sizeof(p)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* HAVE_AES_DECRYPT */
/* Large buffer test */
#ifdef BENCH_AESGCM_LARGE
wc_AesGcmSetKey(enc, k2, (word32)sizeof(k2));
wc_AesGcmSetKey(dec, k2, (word32)sizeof(k2));
/* setup test buffer */
for (alen=0; alen<BENCH_AESGCM_LARGE; alen++)
large_input[alen] = (byte)alen;
/* AES-GCM encrypt and decrypt both use AES encrypt internally */
ret = wc_AesGcmEncrypt(enc, large_output, large_input,
BENCH_AESGCM_LARGE, iv1, sizeof(iv1),
resultT, sizeof(t1), a, sizeof(a));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesGcmDecrypt(dec, large_outdec, large_output,
BENCH_AESGCM_LARGE, iv1, sizeof(iv1), resultT,
sizeof(t1), a, sizeof(a));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(large_input, large_outdec, BENCH_AESGCM_LARGE))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* HAVE_AES_DECRYPT */
#endif /* BENCH_AESGCM_LARGE */
XMEMSET(resultT, 0, sizeof(resultT));
XMEMSET(resultC, 0, sizeof(resultC));
XMEMSET(resultP, 0, sizeof(resultP));
#endif /* WOLFSSL_AES_192 */
#ifdef WOLFSSL_AES_128
wc_AesGcmSetKey(enc, k3, (word32)k3Sz);
/* AES-GCM encrypt and decrypt both use AES encrypt internally */
ret = wc_AesGcmEncrypt(enc, resultC, p3, sizeof(p3), iv3, sizeof(iv3),
resultT, sizeof(t3), a3, sizeof(a3));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifndef HAVE_RENESAS_SYNC
if (XMEMCMP(c3, resultC, sizeof(c3)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(t3, resultT, sizeof(t3)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
#ifdef HAVE_AES_DECRYPT
ret = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(c3),
iv3, sizeof(iv3), resultT, sizeof(t3), a3, sizeof(a3));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(p3, resultP, sizeof(p3)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* HAVE_AES_DECRYPT */
for (tlen = WOLFSSL_MIN_AUTH_TAG_SZ; tlen <= WC_AES_BLOCK_SIZE; tlen++) {
int ii;
#ifndef WC_AES_GCM_ALLOW_NONSTANDARD_TAG_LENGTH
switch (tlen) {
case 4:
case 8:
case 12:
case 13:
case 14:
case 15:
case 16:
break;
default:
continue;
}
#endif
XMEMSET(resultT, 0, sizeof(resultT));
wc_AesGcmSetKey(enc, k3, (word32)k3Sz);
/* AES-GCM encrypt and decrypt both use AES encrypt internally */
ret = wc_AesGcmEncrypt(enc, resultC, p3, sizeof(p3), iv3, sizeof(iv3),
resultT, tlen, a3, sizeof(a3));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifndef HAVE_RENESAS_SYNC
if (XMEMCMP(c3, resultC, sizeof(c3)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(t3, resultT, tlen))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
for (ii = tlen; ii < 16; ii++) {
if (resultT[ii] != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#endif
#ifdef HAVE_AES_DECRYPT
ret = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(c3),
iv3, sizeof(iv3), resultT, tlen, a3, sizeof(a3));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(p3, resultP, sizeof(p3)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
}
/* Large buffer test */
#ifdef BENCH_AESGCM_LARGE
wc_AesGcmSetKey(enc, k3, (word32)k3Sz);
wc_AesGcmSetKey(dec, k3, (word32)k3Sz);
/* setup test buffer */
for (alen=0; alen<BENCH_AESGCM_LARGE; alen++)
large_input[alen] = (byte)alen;
/* AES-GCM encrypt and decrypt both use AES encrypt internally */
ret = wc_AesGcmEncrypt(enc, large_output, large_input,
BENCH_AESGCM_LARGE, iv1, sizeof(iv1),
resultT, sizeof(t1), a, sizeof(a));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesGcmDecrypt(dec, large_outdec, large_output,
BENCH_AESGCM_LARGE, iv1, sizeof(iv1), resultT,
sizeof(t1), a, sizeof(a));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(large_input, large_outdec, BENCH_AESGCM_LARGE))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* HAVE_AES_DECRYPT */
#endif /* BENCH_AESGCM_LARGE */
#endif /* WOLFSSL_AES_128 */
ret = 0;
out:
#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
!defined(WOLFSSL_NO_MALLOC)
XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(large_output, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(large_outdec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#endif /* ENABLE_NON_12BYTE_IV_TEST */
(void)enc;
(void)dec;
return ret;
}
static wc_test_ret_t aesgcm_offtag_test(Aes* enc)
{
wc_test_ret_t ret = 0;
#if defined(WOLFSSL_AES_256) && !defined(WOLFSSL_AFALG_XILINX_AES) && \
!defined(WOLFSSL_XILINX_CRYPT) && \
!(defined(WOLF_CRYPTO_CB) && \
defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC))
#ifdef HAVE_RENESAS_SYNC
const byte *k1 = (byte*)guser_PKCbInfo.wrapped_key_aes256;
int k1Sz = (int)(256/8);
#else
WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
{
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
};
int k1Sz = (int)sizeof(k1);
#endif
WOLFSSL_SMALL_STACK_STATIC const byte p[] =
{
0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
0xba, 0x63, 0x7b, 0x39
};
WOLFSSL_SMALL_STACK_STATIC const byte a[] =
{
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xab, 0xad, 0xda, 0xd2
};
WOLFSSL_SMALL_STACK_STATIC const byte iv1[] =
{
0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88
};
WOLFSSL_SMALL_STACK_STATIC const byte t1[] =
{
0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
};
WOLFSSL_SMALL_STACK_STATIC const byte c1[] =
{
0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
0xbc, 0xc9, 0xf6, 0x62
};
byte resultT[sizeof(t1) + WC_AES_BLOCK_SIZE];
byte resultP[sizeof(p) + WC_AES_BLOCK_SIZE];
byte resultC[sizeof(p) + WC_AES_BLOCK_SIZE];
XMEMSET(resultT, 0, sizeof(resultT));
XMEMSET(resultC, 0, sizeof(resultC));
XMEMSET(resultP, 0, sizeof(resultP));
wc_AesGcmSetKey(enc, k1, (word32)k1Sz);
/* AES-GCM encrypt and decrypt both use AES encrypt internally */
ret = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1, sizeof(iv1),
resultT + 1, sizeof(t1) - 1, a, sizeof(a));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifndef HAVE_RENESAS_SYNC
if (XMEMCMP(c1, resultC, sizeof(c1)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(t1, resultT + 1, sizeof(t1) - 1))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
#ifdef HAVE_AES_DECRYPT
ret = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(p),
iv1, sizeof(iv1), resultT + 1, sizeof(t1) - 1, a, sizeof(a));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(p, resultP, sizeof(p)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* HAVE_AES_DECRYPT */
ret = 0;
out:
#else
(void)enc;
#endif /* WOLFSSL_AES_256 */
return ret;
}
#if defined(WOLFSSL_AES_128) && !defined(WOLFSSL_AFALG_XILINX_AES)
static wc_test_ret_t aesgcm_aes128_vector_test(Aes* enc, Aes* dec)
{
wc_test_ret_t ret = 0;
WOLFSSL_SMALL_STACK_STATIC const byte iv1[] =
{
0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88
};
#ifdef HAVE_RENESAS_SYNC
const byte *k3 = (byte*)guser_PKCbInfo.wrapped_key_aes128;
int k3Sz = (int)(128/8);
#else
WOLFSSL_SMALL_STACK_STATIC const byte k3[] =
{
0xbb, 0x01, 0xd7, 0x03, 0x81, 0x1c, 0x10, 0x1a,
0x35, 0xe0, 0xff, 0xd2, 0x91, 0xba, 0xf2, 0x4b
};
int k3Sz = (int)sizeof(k3);
#endif
WOLFSSL_SMALL_STACK_STATIC const byte p3[] =
{
0x57, 0xce, 0x45, 0x1f, 0xa5, 0xe2, 0x35, 0xa5,
0x8e, 0x1a, 0xa2, 0x3b, 0x77, 0xcb, 0xaf, 0xe2
};
WOLFSSL_SMALL_STACK_STATIC const byte c3_3[] =
{
0x79, 0xa7, 0x08, 0xd4, 0xad, 0x1f, 0x3b, 0xac,
0x70, 0x16, 0x64, 0x40, 0xde, 0x03, 0xed, 0xea
};
WOLFSSL_SMALL_STACK_STATIC const byte t3_3[] =
{
0x39, 0xb1, 0x1e, 0x73, 0x18, 0xda, 0x04, 0x75,
0xa1, 0xed, 0x52, 0xb9, 0x0d, 0x5c, 0xe7, 0x28
};
byte resultT[sizeof(t3_3) + WC_AES_BLOCK_SIZE];
byte resultC[sizeof(p3) + WC_AES_BLOCK_SIZE];
byte resultP[sizeof(p3) + WC_AES_BLOCK_SIZE];
XMEMSET(resultT, 0, sizeof(resultT));
XMEMSET(resultC, 0, sizeof(resultC));
XMEMSET(resultP, 0, sizeof(resultP));
ret = wc_AesGcmSetKey(enc, k3, (word32)k3Sz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* AES-GCM encrypt and decrypt both use AES encrypt internally */
ret = wc_AesGcmEncrypt(enc, resultC, p3, sizeof(p3), iv1, sizeof(iv1),
resultT, sizeof(t3_3), NULL, 0);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifndef HAVE_RENESAS_SYNC
if (XMEMCMP(c3_3, resultC, sizeof(c3_3)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(t3_3, resultT, sizeof(t3_3)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
#ifdef HAVE_AES_DECRYPT
ret = wc_AesGcmSetKey(dec, k3, (word32)k3Sz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c3_3),
iv1, sizeof(iv1), resultT, sizeof(t3_3), NULL, 0);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(p3, resultP, sizeof(p3)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* HAVE_AES_DECRYPT */
out:
(void)dec;
return ret;
}
#endif /* WOLFSSL_AES_128 && !WOLFSSL_AFALG_XILINX_AES */
#ifdef WOLFSSL_AES_256
static wc_test_ret_t aesgcm_aes256_vector_test(Aes* enc, Aes* dec)
{
wc_test_ret_t ret = 0;
/*
* This is Test Case 16 from the document Galois/
* Counter Mode of Operation (GCM) by McGrew and
* Viega.
*/
WOLFSSL_SMALL_STACK_STATIC const byte p[] =
{
0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
0xba, 0x63, 0x7b, 0x39
};
WOLFSSL_SMALL_STACK_STATIC const byte a[] =
{
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xab, 0xad, 0xda, 0xd2
};
#ifdef HAVE_RENESAS_SYNC
const byte *k1 = (byte*)guser_PKCbInfo.wrapped_key_aes256;
int k1Sz = (int)(256/8);
#else
WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
{
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
};
int k1Sz = (int)sizeof(k1);
#endif
WOLFSSL_SMALL_STACK_STATIC const byte iv1[] =
{
0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88
};
WOLFSSL_SMALL_STACK_STATIC const byte c1[] =
{
0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
0xbc, 0xc9, 0xf6, 0x62
};
WOLFSSL_SMALL_STACK_STATIC const byte t1[] =
{
0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
};
byte resultT[sizeof(t1) + WC_AES_BLOCK_SIZE];
byte resultC[sizeof(p) + WC_AES_BLOCK_SIZE];
byte resultP[sizeof(p) + WC_AES_BLOCK_SIZE];
XMEMSET(resultT, 0, sizeof(resultT));
XMEMSET(resultC, 0, sizeof(resultC));
XMEMSET(resultP, 0, sizeof(resultP));
ret = wc_AesGcmSetKey(enc, k1, (word32)k1Sz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* AES-GCM encrypt and decrypt both use AES encrypt internally */
ret = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1, sizeof(iv1),
resultT, sizeof(t1), a, sizeof(a));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifndef HAVE_RENESAS_SYNC
if (XMEMCMP(c1, resultC, sizeof(c1)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(t1, resultT, sizeof(t1)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
#ifdef HAVE_AES_DECRYPT
ret = wc_AesGcmSetKey(dec, k1, (word32)k1Sz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1),
iv1, sizeof(iv1), resultT, sizeof(t1), a, sizeof(a));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(p, resultP, sizeof(p)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* HAVE_AES_DECRYPT */
out:
(void)dec;
return ret;
}
static wc_test_ret_t aesgcm_aes256_large_test(Aes* enc, Aes* dec)
{
wc_test_ret_t ret = 0;
WOLFSSL_SMALL_STACK_STATIC const byte p[] =
{
0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
0xba, 0x63, 0x7b, 0x39
};
WOLFSSL_SMALL_STACK_STATIC const byte a[] =
{
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xab, 0xad, 0xda, 0xd2
};
#ifdef HAVE_RENESAS_SYNC
const byte *k1 = (byte*)guser_PKCbInfo.wrapped_key_aes256;
int k1Sz = (int)(256/8);
#else
WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
{
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
};
int k1Sz = (int)sizeof(k1);
#endif
WOLFSSL_SMALL_STACK_STATIC const byte iv1[] =
{
0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88
};
#ifdef HAVE_AES_DECRYPT
WOLFSSL_SMALL_STACK_STATIC const byte c1[] =
{
0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
0xbc, 0xc9, 0xf6, 0x62
};
#endif
WOLFSSL_SMALL_STACK_STATIC const byte t1[] =
{
0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
};
byte resultT[sizeof(t1) + WC_AES_BLOCK_SIZE];
byte resultC[sizeof(p) + WC_AES_BLOCK_SIZE];
byte resultP[sizeof(p) + WC_AES_BLOCK_SIZE];
int alen = 0;
int plen = 0;
#if defined(ENABLE_NON_12BYTE_IV_TEST)
int ivlen;
#endif
#if defined(WOLFSSL_XILINX_CRYPT_VERSAL)
byte buf[sizeof(p) + WC_AES_BLOCK_SIZE];
byte bufA[sizeof(a) + 1];
byte *large_aad = (byte*)XMALLOC((size_t)1024 + 16, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
#endif
#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM)
#ifndef WOLFSSL_NO_MALLOC
byte *large_input = (byte *)XMALLOC(BENCH_AESGCM_LARGE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
byte *large_output = (byte *)XMALLOC(BENCH_AESGCM_LARGE + WC_AES_BLOCK_SIZE,
HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
byte *large_outdec = (byte *)XMALLOC(BENCH_AESGCM_LARGE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if ((! large_input) || (! large_output) || (! large_outdec))
ERROR_OUT(MEMORY_E, out);
#else
byte large_input[BENCH_AESGCM_LARGE];
byte large_output[BENCH_AESGCM_LARGE + WC_AES_BLOCK_SIZE];
byte large_outdec[BENCH_AESGCM_LARGE];
#endif
XMEMSET(large_input, 0, BENCH_AESGCM_LARGE);
XMEMSET(large_output, 0, BENCH_AESGCM_LARGE + WC_AES_BLOCK_SIZE);
XMEMSET(large_outdec, 0, BENCH_AESGCM_LARGE);
#endif /* !BENCH_EMBEDDED && !HAVE_CAVIUM */
XMEMSET(resultT, 0, sizeof(resultT));
XMEMSET(resultC, 0, sizeof(resultC));
XMEMSET(resultP, 0, sizeof(resultP));
(void)alen;
(void)plen;
ret = wc_AesGcmSetKey(enc, k1, (word32)k1Sz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesGcmSetKey(dec, k1, (word32)k1Sz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
/* Large buffer test */
#ifdef BENCH_AESGCM_LARGE
/* setup test buffer */
for (alen=0; alen<BENCH_AESGCM_LARGE; alen++)
large_input[alen] = (byte)alen;
/* AES-GCM encrypt and decrypt both use AES encrypt internally */
ret = wc_AesGcmEncrypt(enc, large_output, large_input,
BENCH_AESGCM_LARGE, iv1, sizeof(iv1),
resultT, sizeof(t1), a, sizeof(a));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesGcmDecrypt(dec, large_outdec, large_output,
BENCH_AESGCM_LARGE, iv1, sizeof(iv1), resultT,
sizeof(t1), a, sizeof(a));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (XMEMCMP(large_input, large_outdec, BENCH_AESGCM_LARGE))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif /* HAVE_AES_DECRYPT */
#endif /* BENCH_AESGCM_LARGE */
#if defined(ENABLE_NON_12BYTE_IV_TEST)
/* Variable IV length test */
for (ivlen=1; ivlen<k1Sz; ivlen++) {
/* AES-GCM encrypt and decrypt both use AES encrypt internally */
ret = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), k1,
(word32)ivlen, resultT, sizeof(t1), a, sizeof(a));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1), k1,
(word32)ivlen, resultT, sizeof(t1), a, sizeof(a));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif /* HAVE_AES_DECRYPT */
}
#endif /* ENABLE_NON_12BYTE_IV_TEST */
#if !(defined(WOLF_CRYPTO_CB) && defined(HAVE_INTEL_QA_SYNC))
/* Variable authenticated data length test */
for (alen=0; alen<(int)sizeof(p); alen++) {
/* AES-GCM encrypt and decrypt both use AES encrypt internally */
ret = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1,
sizeof(iv1), resultT, sizeof(t1), p, (word32)alen);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1), iv1,
sizeof(iv1), resultT, sizeof(t1), p, (word32)alen);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif /* HAVE_AES_DECRYPT */
}
#if defined(WOLFSSL_XILINX_CRYPT_VERSAL)
if (! large_aad)
ERROR_OUT(MEMORY_E, out);
XMEMSET(large_aad, 0, 1024+16);
/* Variable authenticated data length test */
for (alen=0; alen<=1024; alen+=16) {
/* AES-GCM encrypt and decrypt both use AES encrypt internally */
ret = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1,
sizeof(iv1), resultT, sizeof(t1), large_aad, (word32)alen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1), iv1,
sizeof(iv1), resultT, sizeof(t1), large_aad, (word32)alen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif /* HAVE_AES_DECRYPT */
}
/* Test unaligned memory of all potential arguments */
ret = wc_AesGcmSetKey(enc, k1, k1Sz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* AES-GCM encrypt and decrypt both use AES encrypt internally */
XMEMCPY(&buf[1], p, sizeof(p));
XMEMCPY(&bufA[1], a, sizeof(a));
ret = wc_AesGcmEncrypt(enc, &resultC[1], &buf[1], sizeof(p), iv1, sizeof(iv1),
&resultT[1], sizeof(t1), &bufA[1], sizeof(a));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(c1, &resultC[1], sizeof(c1)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(t1, &resultT[1], sizeof(t1)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesGcmSetKey(dec, k1, k1Sz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesGcmDecrypt(dec, &resultP[1], &resultC[1], sizeof(c1),
iv1, sizeof(iv1), &resultT[1], sizeof(t1), &bufA[1], sizeof(a));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(p, &resultP[1], sizeof(p)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* HAVE_AES_DECRYPT */
#endif /* Xilinx Versal */
#endif /* !(WOLF_CRYPTO_CB && HAVE_INTEL_QA_SYNC) */
#if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT)
#ifdef BENCH_AESGCM_LARGE
/* Variable plain text length test */
for (plen=1; plen<BENCH_AESGCM_LARGE; plen++) {
/* AES-GCM encrypt and decrypt both use AES encrypt internally */
ret = wc_AesGcmEncrypt(enc, large_output, large_input,
(word32)plen, iv1, sizeof(iv1), resultT,
sizeof(t1), a, sizeof(a));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesGcmDecrypt(dec, large_outdec, large_output,
(word32)plen, iv1, sizeof(iv1), resultT,
sizeof(t1), a, sizeof(a));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif /* HAVE_AES_DECRYPT */
}
#else /* BENCH_AESGCM_LARGE */
/* Variable plain text length test */
for (plen=1; plen<(int)sizeof(p); plen++) {
/* AES-GCM encrypt and decrypt both use AES encrypt internally */
ret = wc_AesGcmEncrypt(enc, resultC, p, (word32)plen, iv1,
sizeof(iv1), resultT, sizeof(t1), a, sizeof(a));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesGcmDecrypt(dec, resultP, resultC, (word32)plen, iv1,
sizeof(iv1), resultT, sizeof(t1), a, sizeof(a));
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif /* HAVE_AES_DECRYPT */
}
#endif /* BENCH_AESGCM_LARGE */
#endif /* !WOLFSSL_AFALG_XILINX_AES && !WOLFSSL_XILINX_CRYPT */
out:
#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
!defined(WOLFSSL_NO_MALLOC)
XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(large_output, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(large_outdec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#if defined(WOLFSSL_XILINX_CRYPT_VERSAL)
XFREE(large_aad, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
(void)dec;
return ret;
}
#endif /* WOLFSSL_AES_256 */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
Aes *enc = NULL;
Aes *dec = NULL;
#else
Aes enc[1];
Aes dec[1];
#endif
wc_test_ret_t ret = 0;
WOLFSSL_ENTER("aesgcm_test");
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
enc = test_AesGcmNew(HEAP_HINT, devId, &ret);
if (enc == NULL)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
dec = test_AesGcmNew(HEAP_HINT, devId, &ret);
if (dec == NULL)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#else
ret = test_AesGcmInit(enc, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = test_AesGcmInit(dec, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#if defined(WOLFSSL_AES_128) && !defined(WOLFSSL_AFALG_XILINX_AES)
ret = aesgcm_aes128_vector_test(enc, dec);
if (ret != 0)
ERROR_OUT(ret, out);
#endif
#ifdef WOLFSSL_AES_256
ret = aesgcm_aes256_vector_test(enc, dec);
if (ret != 0)
ERROR_OUT(ret, out);
ret = aesgcm_aes256_large_test(enc, dec);
if (ret != 0)
ERROR_OUT(ret, out);
#endif /* WOLFSSL_AES_256 */
ret = aesgcm_non12iv_test(enc, dec);
if (ret != 0)
ERROR_OUT(ret, out);
ret = aesgcm_offtag_test(enc);
if (ret != 0)
ERROR_OUT(ret, out);
ret = aesgcm_setiv_test(enc, dec);
if (ret != 0)
ERROR_OUT(ret, out);
ret = aesgcm_stream_test(enc);
if (ret != 0)
ERROR_OUT(ret, out);
out:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
wc_AesDelete(enc, &enc);
wc_AesDelete(dec, &dec);
#else
wc_AesFree(enc);
wc_AesFree(dec);
#endif
return ret;
}
static wc_test_ret_t gmac_vector_test(Gmac* gmac)
{
wc_test_ret_t ret;
byte tag[16];
WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
{
0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01,
0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8
};
WOLFSSL_SMALL_STACK_STATIC const byte iv1[] =
{
0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94,
0xe2, 0x8c, 0x8f, 0x16
};
WOLFSSL_SMALL_STACK_STATIC const byte a1[] =
{
0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9,
0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77
};
WOLFSSL_SMALL_STACK_STATIC const byte t1[] =
{
0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43,
0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b
};
WOLFSSL_SMALL_STACK_STATIC const byte t1_15[] =
{
0x90, 0xda, 0xdf, 0xff, 0x3b, 0x24, 0x7d, 0x13,
0xbb, 0xb8, 0x1c, 0xca, 0x87, 0x9c, 0x9a, 0xa7
};
#if (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
WOLFSSL_SMALL_STACK_STATIC const byte k2[] =
{
0x40, 0xf7, 0xec, 0xb2, 0x52, 0x6d, 0xaa, 0xd4,
0x74, 0x25, 0x1d, 0xf4, 0x88, 0x9e, 0xf6, 0x5b
};
WOLFSSL_SMALL_STACK_STATIC const byte iv2[] =
{
0xee, 0x9c, 0x6e, 0x06, 0x15, 0x45, 0x45, 0x03,
0x1a, 0x60, 0x24, 0xa7
};
WOLFSSL_SMALL_STACK_STATIC const byte a2[] =
{
0x94, 0x81, 0x2c, 0x87, 0x07, 0x4e, 0x15, 0x18,
0x34, 0xb8, 0x35, 0xaf, 0x1c, 0xa5, 0x7e, 0x56
};
WOLFSSL_SMALL_STACK_STATIC const byte t2[] =
{
0xc6, 0x81, 0x79, 0x8e, 0x3d, 0xda, 0xb0, 0x9f,
0x8d, 0x83, 0xb0, 0xbb, 0x14, 0xb6, 0x91
};
#endif /* !HAVE_FIPS || FIPS_VERSION >= 2 */
XMEMSET(tag, 0, sizeof(tag));
wc_GmacSetKey(gmac, k1, sizeof(k1));
wc_GmacUpdate(gmac, iv1, sizeof(iv1), a1, sizeof(a1), tag, sizeof(t1));
if (XMEMCMP(t1, tag, sizeof(t1)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
XMEMSET(tag, 0, sizeof(tag));
wc_GmacSetKey(gmac, k1, sizeof(k1));
wc_GmacUpdate(gmac, iv1, sizeof(iv1), a1, sizeof(a1) - 1, tag, sizeof(t1));
if (XMEMCMP(t1_15, tag, sizeof(t1)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#if (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
XMEMSET(tag, 0, sizeof(tag));
wc_GmacSetKey(gmac, k2, sizeof(k2));
wc_GmacUpdate(gmac, iv2, sizeof(iv2), a2, sizeof(a2), tag, sizeof(t2));
if (XMEMCMP(t2, tag, sizeof(t2)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* !HAVE_FIPS || FIPS_VERSION >= 2 */
ret = 0;
out:
return ret;
}
#if (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \
!defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && !defined(NO_AES_DECRYPT)
static wc_test_ret_t gmac_verify_test(void)
{
wc_test_ret_t ret;
WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
{
0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01,
0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8
};
WOLFSSL_SMALL_STACK_STATIC const byte iv1[] =
{
0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94,
0xe2, 0x8c, 0x8f, 0x16
};
WOLFSSL_SMALL_STACK_STATIC const byte a1[] =
{
0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9,
0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77
};
WOLFSSL_SMALL_STACK_STATIC const byte t1[] =
{
0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43,
0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b
};
WOLFSSL_SMALL_STACK_STATIC const byte k2[] =
{
0x40, 0xf7, 0xec, 0xb2, 0x52, 0x6d, 0xaa, 0xd4,
0x74, 0x25, 0x1d, 0xf4, 0x88, 0x9e, 0xf6, 0x5b
};
WOLFSSL_SMALL_STACK_STATIC const byte iv2[] =
{
0xee, 0x9c, 0x6e, 0x06, 0x15, 0x45, 0x45, 0x03,
0x1a, 0x60, 0x24, 0xa7
};
WOLFSSL_SMALL_STACK_STATIC const byte a2[] =
{
0x94, 0x81, 0x2c, 0x87, 0x07, 0x4e, 0x15, 0x18,
0x34, 0xb8, 0x35, 0xaf, 0x1c, 0xa5, 0x7e, 0x56
};
WOLFSSL_SMALL_STACK_STATIC const byte t2[] =
{
0xc6, 0x81, 0x79, 0x8e, 0x3d, 0xda, 0xb0, 0x9f,
0x8d, 0x83, 0xb0, 0xbb, 0x14, 0xb6, 0x91
};
WOLFSSL_SMALL_STACK_STATIC const byte badT[] =
{
0xde, 0xad, 0xbe, 0xef, 0x17, 0x2e, 0xd0, 0x43,
0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b
};
WC_RNG rng;
byte iv[12];
byte tag[16];
XMEMSET(tag, 0, sizeof(tag));
XMEMSET(iv, 0, sizeof(iv));
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#else
ret = wc_InitRng(&rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
ret = wc_GmacVerify(k1, sizeof(k1), iv1, sizeof(iv1), a1, sizeof(a1),
t1, sizeof(t1));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_GmacVerify(k1, sizeof(k1), iv1, sizeof(iv1), a1, sizeof(a1),
badT, sizeof(badT));
if (ret != WC_NO_ERR_TRACE(AES_GCM_AUTH_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_GmacVerify(k2, sizeof(k2), iv2, sizeof(iv2), a2, sizeof(a2),
t2, sizeof(t2));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
XMEMSET(tag, 0, sizeof(tag));
XMEMSET(iv, 0, sizeof(iv));
ret = wc_Gmac(k1, sizeof(k1), iv, sizeof(iv), a1, sizeof(a1),
tag, sizeof(tag), &rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_GmacVerify(k1, sizeof(k1), iv, sizeof(iv), a1, sizeof(a1),
tag, sizeof(tag));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = 0;
out:
wc_FreeRng(&rng);
return ret;
}
#endif /* (!HAVE_FIPS || FIPS_VERSION >= 2) && !WC_NO_RNG && !HAVE_SELFTEST && !NO_AES_DECRYPT */
#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && !defined(WOLFSSL_KCAPI)
static wc_test_ret_t gmac_large_test(Gmac* gmac)
{
wc_test_ret_t ret;
byte tag[16];
WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
{
0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01,
0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8
};
WOLFSSL_SMALL_STACK_STATIC const byte iv1[] =
{
0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94,
0xe2, 0x8c, 0x8f, 0x16
};
#ifndef BENCH_GMAC_LARGE
#define BENCH_GMAC_LARGE 1024
#endif
WOLFSSL_SMALL_STACK_STATIC const byte t4_lb[16][16] = {
{
0x80, 0xb3, 0x59, 0x0c, 0xda, 0x18, 0x4c, 0x64,
0x6a, 0x30, 0x7c, 0xb6, 0xcc, 0x88, 0xd2, 0xae
},
{
0xa3, 0x28, 0x93, 0x97, 0x91, 0x91, 0xa1, 0x8d,
0xca, 0xdf, 0x58, 0xc7, 0x77, 0xa0, 0xa5, 0x6d
},
{
0x06, 0xcf, 0x52, 0x19, 0x15, 0x1e, 0x08, 0x62,
0x12, 0x93, 0xee, 0xbe, 0xf9, 0x41, 0x21, 0x2b
},
{
0x20, 0x5a, 0x0f, 0xbe, 0x18, 0x27, 0xce, 0xb4,
0x18, 0x0e, 0x31, 0x7a, 0x94, 0xee, 0x64, 0xd0
},
{
0xf5, 0xd6, 0xf3, 0xa2, 0x48, 0xff, 0xa7, 0x16,
0xda, 0xfc, 0x87, 0xa8, 0xda, 0x0a, 0xe7, 0x32
},
{
0x99, 0xd1, 0xd3, 0x24, 0x2d, 0x0e, 0xc7, 0x9f,
0x2c, 0x6c, 0xf7, 0x3c, 0x96, 0x49, 0x3d, 0xff
},
{
0x85, 0x9a, 0xf7, 0x59, 0x6b, 0xf1, 0x17, 0x0b,
0xf5, 0x1e, 0x7b, 0x2f, 0x87, 0xbb, 0x14, 0xfc
},
{
0xfe, 0x59, 0x87, 0x90, 0xbf, 0x6b, 0x43, 0xa6,
0x9e, 0x21, 0x22, 0x1e, 0xc2, 0x04, 0x6f, 0xe1
},
{
0xcd, 0xb1, 0x1a, 0x04, 0xa4, 0x3c, 0x39, 0x85,
0x21, 0x3d, 0x74, 0xaf, 0xe5, 0xb5, 0x38, 0xc0
},
{
0x4d, 0xfe, 0x5f, 0xbe, 0x48, 0x8c, 0x00, 0x56,
0xdd, 0x23, 0x4a, 0x1e, 0xf2, 0x63, 0xe6, 0xc8
},
{
0x9f, 0xc9, 0x6e, 0x0d, 0x51, 0x85, 0xe8, 0x82,
0x81, 0x05, 0x49, 0xb5, 0xa7, 0xa2, 0x1f, 0xf1
},
{
0xbe, 0xde, 0x0c, 0x37, 0xb6, 0xe5, 0xcb, 0x9c,
0x80, 0xde, 0xa6, 0x09, 0x40, 0xfa, 0xef, 0xf3
},
{
0x32, 0xa8, 0xb4, 0xb1, 0x5f, 0x65, 0x47, 0xfa,
0xf2, 0xc8, 0xe8, 0xdd, 0x32, 0x5c, 0x80, 0x28
},
{
0xa9, 0xa7, 0x01, 0x22, 0xdb, 0xd2, 0x62, 0xa2,
0x26, 0x82, 0xf2, 0x8b, 0xfb, 0xfd, 0x60, 0x4b
},
{
0x76, 0x59, 0xd6, 0x05, 0x4e, 0x69, 0xd0, 0xc1,
0x92, 0xf3, 0xdc, 0x1d, 0x96, 0xbc, 0xef, 0xba
},
{
0xd9, 0xbc, 0xb0, 0x33, 0x90, 0x6b, 0x2f, 0x63,
0xd9, 0x65, 0xe5, 0x07, 0x66, 0xbd, 0x7d, 0xcc
},
};
WOLFSSL_SMALL_STACK_STATIC const byte t4[7][16] = {
{
0xa6, 0xbd, 0x22, 0x9b, 0x37, 0x67, 0xd5, 0xd4,
0x43, 0x19, 0xe1, 0xec, 0xa0, 0xd1, 0x56, 0x01
},
{
0x3f, 0x09, 0x62, 0x3b, 0x04, 0x68, 0x31, 0x96,
0xd2, 0x1d, 0x99, 0x9c, 0xcb, 0xf1, 0x1d, 0xda
},
{
0x1d, 0xb2, 0x93, 0xfb, 0x6f, 0xce, 0x5d, 0x74,
0x0b, 0x91, 0x3b, 0x76, 0x5d, 0x6a, 0x51, 0x1d
},
{
0xe2, 0xfc, 0x83, 0x77, 0x86, 0xe5, 0x32, 0xcc,
0xcc, 0x3c, 0x86, 0x9f, 0x23, 0xa4, 0x2d, 0x96
},
{
0xb7, 0xbf, 0x08, 0x03, 0xde, 0x6c, 0x9a, 0x4e,
0xc0, 0xb5, 0xa5, 0xdb, 0x53, 0x92, 0x59, 0xab
},
{
0xd6, 0xce, 0x4b, 0x29, 0x05, 0x51, 0x10, 0x2d,
0x92, 0x35, 0x36, 0x97, 0x1a, 0xfa, 0x54, 0xf0
},
{
0xc9, 0xf6, 0x41, 0xd6, 0x4f, 0xb5, 0x08, 0x84,
0xcc, 0x6e, 0x47, 0x9c, 0x2a, 0xfa, 0xf5, 0x73
},
};
int i;
#ifdef WOLFSSL_NO_MALLOC
byte large_input[BENCH_GMAC_LARGE];
#else
byte *large_input = (byte *)XMALLOC(BENCH_GMAC_LARGE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (large_input == NULL)
ERROR_OUT(MEMORY_E, out);
#endif
for (i = 0; i < BENCH_GMAC_LARGE; i++) {
large_input[i] = (byte)i;
}
for (i = 0; i < 16; i++) {
XMEMSET(tag, 0, sizeof(tag));
wc_GmacSetKey(gmac, k1, sizeof(k1));
wc_GmacUpdate(gmac, iv1, sizeof(iv1), large_input, i, tag,
sizeof(t4[0]));
if (XMEMCMP(t4_lb[i], tag, sizeof(t4_lb[i])) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && !defined(NO_AES_DECRYPT)
ret = wc_GmacVerify(k1, sizeof(k1), iv1, sizeof(iv1), large_input, i,
tag, sizeof(t4_lb[i]));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
}
for (i = 0; i < 7; i++) {
XMEMSET(tag, 0, sizeof(tag));
wc_GmacSetKey(gmac, k1, sizeof(k1));
wc_GmacUpdate(gmac, iv1, sizeof(iv1), large_input, 1 << (i + 4), tag,
sizeof(t4[0]));
if (XMEMCMP(t4[i], tag, sizeof(t4[i])) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && !defined(NO_AES_DECRYPT)
ret = wc_GmacVerify(k1, sizeof(k1), iv1, sizeof(iv1), large_input,
1 << (i + 4), tag, sizeof(t4[i]));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
}
ret = 0;
out:
#ifndef WOLFSSL_NO_MALLOC
XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
#endif /* !BENCH_EMBEDDED && !HAVE_CAVIUM && !WOLFSSL_KCAPI */
#ifdef WOLFSSL_AES_128
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t gmac_test(void)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
Gmac *gmac = NULL;
#else
Gmac gmac[1];
#endif
wc_test_ret_t ret;
WOLFSSL_ENTER("gmac_test");
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if ((gmac = (Gmac *)XMALLOC(sizeof *gmac, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
return WC_TEST_RET_ENC_ERRNO;
#endif
XMEMSET(gmac, 0, sizeof *gmac); /* clear context */
(void)wc_AesInit(&gmac->aes, HEAP_HINT, devId); /* Make sure devId updated */
ret = gmac_vector_test(gmac);
if (ret != 0)
ERROR_OUT(ret, out);
#if (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \
!defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && !defined(NO_AES_DECRYPT)
ret = gmac_verify_test();
if (ret != 0)
ERROR_OUT(ret, out);
#endif
#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && !defined(WOLFSSL_KCAPI)
ret = gmac_large_test(gmac);
if (ret != 0)
ERROR_OUT(ret, out);
#endif
out:
wc_AesFree(&gmac->aes);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(gmac, HEAP_HINT, DYNAMIC_TYPE_AES);
#endif
return ret;
}
#endif /* WOLFSSL_AES_128 */
#endif /* HAVE_AESGCM */
#if defined(HAVE_AESCCM)
#if defined(WOLFSSL_AES_256)
static wc_test_ret_t aesccm_256_test(Aes* aes)
{
wc_test_ret_t ret = 0;
/* Test vectors from NIST AES CCM 256-bit CAST Example #1 */
WOLFSSL_SMALL_STACK_STATIC const byte in_key[32] = {
0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
0x48, 0x49, 0x4A, 0x4B, 0x4C, 0x4D, 0x4E, 0x4F,
0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
0x58, 0x59, 0x5A, 0x5B, 0x5C, 0x5D, 0x5E, 0x5F
};
WOLFSSL_SMALL_STACK_STATIC const byte in_nonce[7] = {
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16};
WOLFSSL_SMALL_STACK_STATIC const byte in_auth[8] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
WOLFSSL_SMALL_STACK_STATIC const byte in_plaintext[4] = {
0x20, 0x21, 0x22, 0x23};
WOLFSSL_SMALL_STACK_STATIC const byte exp_ciphertext[4] = {
0x8A, 0xB1, 0xA8, 0x74};
WOLFSSL_SMALL_STACK_STATIC const byte exp_tag[4] = {
0x95, 0xFC, 0x08, 0x20};
byte output[sizeof(in_plaintext)];
byte atag[sizeof(exp_tag)];
ret = wc_AesCcmSetKey(aes, in_key, sizeof(in_key));
if (ret == 0) {
ret = wc_AesCcmEncrypt(aes, output, in_plaintext, sizeof(in_plaintext),
in_nonce, sizeof(in_nonce),
atag, sizeof(atag),
in_auth, sizeof(in_auth));
}
/* Verify we produce the proper ciphertext and tag */
if (ret == 0 &&
(XMEMCMP(output, exp_ciphertext, sizeof(output)) ||
XMEMCMP(atag, exp_tag, sizeof(atag)))) {
ret = WC_TEST_RET_ENC_NC;
}
#ifdef HAVE_AES_DECRYPT
if (ret == 0) {
/* decrypt inline */
ret = wc_AesCcmDecrypt(aes, output, output, sizeof(output),
in_nonce, sizeof(in_nonce),
atag, sizeof(atag),
in_auth, sizeof(in_auth));
}
/* Verify decryption was successful */
if (ret == 0 &&
XMEMCMP(output, in_plaintext, sizeof(output))) {
ret = WC_TEST_RET_ENC_NC;
}
#endif
return ret;
}
#endif /* WOLFSSL_AES_256 */
#if defined(WOLFSSL_AES_128)
static wc_test_ret_t aesccm_128_vector_test(Aes* enc)
{
wc_test_ret_t ret;
WOLFSSL_SMALL_STACK_STATIC const byte k[] =
{
0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
};
WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
{
0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0,
0xa1, 0xa2, 0xa3, 0xa4, 0xa5
};
WOLFSSL_SMALL_STACK_STATIC const byte p[] =
{
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e
};
WOLFSSL_SMALL_STACK_STATIC const byte a[] =
{
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
};
WOLFSSL_SMALL_STACK_STATIC const byte c[] =
{
0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84
};
WOLFSSL_SMALL_STACK_STATIC const byte t[] =
{
0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0
};
byte t2[sizeof(t)];
byte p2[sizeof(p)];
byte c2[sizeof(c)];
XMEMSET(t2, 0, sizeof(t2));
XMEMSET(c2, 0, sizeof(c2));
XMEMSET(p2, 0, sizeof(p2));
ret = wc_AesCcmSetKey(enc, k, sizeof(k));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* AES-CCM encrypt and decrypt both use AES encrypt internally */
ret = wc_AesCcmEncrypt(enc, c2, p, sizeof(c2), iv, sizeof(iv),
t2, sizeof(t2), a, sizeof(a));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(c, c2, sizeof(c2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(t, t2, sizeof(t2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesCcmDecrypt(enc, p2, c2, sizeof(p2), iv, sizeof(iv),
t2, sizeof(t2), a, sizeof(a));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(p, p2, sizeof(p2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
/* Test the authentication failure */
t2[0]++; /* Corrupt the authentication tag. */
ret = wc_AesCcmDecrypt(enc, p2, c, sizeof(p2), iv, sizeof(iv),
t2, sizeof(t2), a, sizeof(a));
if (ret == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
/* Clear c2 to compare against p2. p2 should be set to zero in case of
* authentication fail. With ACVP_VECTOR_TESTING, this is not cleared */
#ifndef ACVP_VECTOR_TESTING
XMEMSET(c2, 0, sizeof(c2));
if (XMEMCMP(p2, c2, sizeof(p2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
#endif /* HAVE_AES_DECRYPT */
ret = 0;
out:
return ret;
}
#ifndef HAVE_SELFTEST
/* selftest build does not have wc_AesCcmSetNonce() or wc_AesCcmEncrypt_ex() */
static wc_test_ret_t aesccm_128_setnonce_test(Aes* enc)
{
wc_test_ret_t ret;
WOLFSSL_SMALL_STACK_STATIC const byte k[] =
{
0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
};
WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
{
0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0,
0xa1, 0xa2, 0xa3, 0xa4, 0xa5
};
WOLFSSL_SMALL_STACK_STATIC const byte p[] =
{
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e
};
WOLFSSL_SMALL_STACK_STATIC const byte a[] =
{
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
};
WOLFSSL_SMALL_STACK_STATIC const byte c[] =
{
0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84
};
WOLFSSL_SMALL_STACK_STATIC const byte t[] =
{
0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0
};
byte t2[sizeof(t)];
byte c2[sizeof(c)];
byte iv2[sizeof(iv)];
XMEMSET(t2, 0, sizeof(t2));
XMEMSET(c2, 0, sizeof(c2));
XMEMSET(iv2, 0, sizeof(iv2));
ret = wc_AesCcmSetKey(enc, k, sizeof(k));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesCcmSetNonce(enc, iv, sizeof(iv));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesCcmEncrypt_ex(enc, c2, p, sizeof(c2), iv2, sizeof(iv2),
t2, sizeof(t2), a, sizeof(a));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(iv, iv2, sizeof(iv2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(c, c2, sizeof(c2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(t, t2, sizeof(t2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = 0;
out:
return ret;
}
#endif /* !HAVE_SELFTEST */
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
static wc_test_ret_t aesccm_128_badiv_test(Aes* enc)
{
wc_test_ret_t ret;
WOLFSSL_SMALL_STACK_STATIC const byte k[] =
{
0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
};
WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
{
0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0,
0xa1, 0xa2, 0xa3, 0xa4, 0xa5
};
WOLFSSL_SMALL_STACK_STATIC const byte p[] =
{
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e
};
WOLFSSL_SMALL_STACK_STATIC const byte a[] =
{
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
};
byte t2[8]; /* tag buffer; tag size 1 is intentionally invalid */
byte c2[sizeof(p)];
/* test fail on invalid tag sizes */
ret = wc_AesCcmSetKey(enc, k, sizeof(k));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* AES-CCM encrypt and decrypt both use AES encrypt internally */
ret = wc_AesCcmEncrypt(enc, c2, p, sizeof(c2), iv, sizeof(iv),
t2, 1, a, sizeof(a));
if (ret == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = 0;
out:
return ret;
}
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
static wc_test_ret_t aesccm_128_large_test(Aes* enc)
{
wc_test_ret_t ret;
WOLFSSL_SMALL_STACK_STATIC const byte k[] =
{
0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
};
WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
{
0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0,
0xa1, 0xa2, 0xa3, 0xa4, 0xa5
};
WOLFSSL_SMALL_STACK_STATIC const byte a[] =
{
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
};
/* plaintext - long */
WOLFSSL_SMALL_STACK_STATIC const byte pl[] =
{
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
0x50
};
/* ciphertext - long */
WOLFSSL_SMALL_STACK_STATIC const byte cl[] =
{
0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84, 0xe0,
0x44, 0x2d, 0xbe, 0x25, 0xfa, 0x48, 0x2b, 0xa8,
0x36, 0x0b, 0xbf, 0x01, 0xc0, 0x12, 0x45, 0xa4,
0x82, 0x9f, 0x20, 0x6c, 0xc3, 0xd6, 0xae, 0x5b,
0x54, 0x8d, 0xd0, 0xb1, 0x69, 0x2c, 0xec, 0x5e,
0x95, 0xa5, 0x6b, 0x48, 0xc3, 0xc6, 0xc8, 0x9e,
0xc7, 0x92, 0x98, 0x9d, 0x26, 0x7d, 0x2a, 0x10,
0x0b
};
/* tag - authentication - long */
WOLFSSL_SMALL_STACK_STATIC const byte tl[] =
{
0x89, 0xd8, 0xd2, 0x02, 0xc5, 0xcf, 0xae, 0xf4
};
#ifdef HAVE_AES_DECRYPT
byte pl2[sizeof(pl)];
#endif
byte cl2[sizeof(cl)];
byte tl2[sizeof(tl)];
ret = wc_AesCcmSetKey(enc, k, sizeof(k));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* AES-CCM encrypt and decrypt both use AES encrypt internally */
ret = wc_AesCcmEncrypt(enc, cl2, pl, sizeof(cl2), iv, sizeof(iv),
tl2, sizeof(tl2), a, sizeof(a));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(cl, cl2, sizeof(cl2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(tl, tl2, sizeof(tl2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesCcmDecrypt(enc, pl2, cl2, sizeof(pl2), iv, sizeof(iv),
tl2, sizeof(tl2), a, sizeof(a));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(pl, pl2, sizeof(pl2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
ret = 0;
out:
return ret;
}
static wc_test_ret_t aesccm_128_badarg_test(Aes* enc)
{
wc_test_ret_t ret;
WOLFSSL_SMALL_STACK_STATIC const byte k[] =
{
0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
};
WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
{
0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0,
0xa1, 0xa2, 0xa3, 0xa4, 0xa5
};
WOLFSSL_SMALL_STACK_STATIC const byte a[] =
{
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
};
/* tag - authentication - empty plaintext */
WOLFSSL_SMALL_STACK_STATIC const byte t_empty[] =
{
0xe4, 0x28, 0x8a, 0xc3, 0x78, 0x00, 0x0f, 0xf5
};
byte t_empty2[sizeof(t_empty)];
byte buf[1]; /* output placeholder for bad-arg tests */
ret = wc_AesCcmSetKey(enc, k, sizeof(k));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* test empty message as null input or output with nonzero inSz. */
ret = wc_AesCcmEncrypt(enc, buf /* out */, NULL /* in */, 1 /* inSz */,
iv, sizeof(iv), t_empty2, sizeof(t_empty2),
a, sizeof(a));
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesCcmEncrypt(enc, NULL /* out */, (const byte *)"" /* in */, 1 /* inSz */,
iv, sizeof(iv), t_empty2, sizeof(t_empty2),
a, sizeof(a));
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesCcmDecrypt(enc, buf, NULL /* in */, 1 /* inSz */,
iv, sizeof(iv), t_empty2, sizeof(t_empty2), a,
sizeof(a));
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesCcmDecrypt(enc, NULL /* out */, (const byte *)"" /* in */, 1 /* inSz */,
iv, sizeof(iv), t_empty2, sizeof(t_empty2), a,
sizeof(a));
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
/* test empty message as null input and output with zero inSz --
* must either succeed, or fail early with BAD_FUNC_ARG.
*/
ret = wc_AesCcmEncrypt(enc, NULL /* out */, NULL /* in */, 0 /* inSz */,
iv, sizeof(iv), t_empty2, sizeof(t_empty2),
a, sizeof(a));
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(t_empty, t_empty2, sizeof(t_empty2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesCcmDecrypt(enc, NULL /* out */, NULL /* in */,
0 /* inSz */, iv, sizeof(iv), t_empty2,
sizeof(t_empty2), a, sizeof(a));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
}
/* test empty message as zero-length string -- must work. */
ret = wc_AesCcmEncrypt(enc, buf, (const byte *)"", 0 /* inSz */, iv,
sizeof(iv), t_empty2, sizeof(t_empty2), a,
sizeof(a));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(t_empty, t_empty2, sizeof(t_empty2)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesCcmDecrypt(enc, buf, (const byte *)"", 0 /* inSz */,
iv, sizeof(iv), t_empty2, sizeof(t_empty2), a,
sizeof(a));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#if !defined(BENCH_EMBEDDED) && !defined(WOLFSSL_NO_MALLOC)
/* Test 64k - 1 with full nonce -- must work. */
{
wc_static_assert(sizeof(iv) >= 13);
word32 clear_size = ((word32)1 << 16);
word32 cipher_size = ((word32)1 << 16);
byte *large_alloc = (byte *)XMALLOC(clear_size + cipher_size,
HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
byte *clear = large_alloc;
byte *cipher = large_alloc + clear_size;
if (large_alloc == NULL)
ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out);
XMEMSET(clear, 0, clear_size);
ret = wc_AesCcmEncrypt(enc, cipher, clear, clear_size - 1, iv,
13, t_empty2, sizeof(t_empty2), a,
sizeof(a));
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
#ifdef HAVE_AES_DECRYPT
if (ret == 0) {
word32 i;
XMEMSET(clear, 0xff, clear_size);
ret = wc_AesCcmDecrypt(enc, clear, cipher, cipher_size - 1,
iv, 13, t_empty2, sizeof(t_empty2), a,
sizeof(a));
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
else {
for (i = 0; i < clear_size - 1; ++i) {
if (clear[i] != 0) {
ret = WC_TEST_RET_ENC_I(i);
break;
}
}
}
}
#endif
XFREE(large_alloc, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (ret != 0)
goto out;
}
#endif /* !BENCH_EMBEDDED && !WOLFSSL_NO_MALLOC */
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7, 0, 0))
ret = wc_AesCcmEncrypt(enc, buf, (const byte *)"", (word32)1 << 16,
iv, 13, t_empty2, sizeof(t_empty2),
a, sizeof(a));
if (ret != WC_NO_ERR_TRACE(AES_CCM_OVERFLOW_E)) {
if (ret == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
else
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
#ifdef HAVE_AES_DECRYPT
ret = wc_AesCcmDecrypt(enc, buf, (const byte *)"",
(word32)1 << 16, iv, 13, t_empty2,
sizeof(t_empty2), a, sizeof(a));
if (ret != WC_NO_ERR_TRACE(AES_CCM_OVERFLOW_E)) {
if (ret == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
else
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
#endif
ret = wc_AesCcmEncrypt(enc, buf, (const byte *)"", (word32)1 << 24,
iv, 12, t_empty2, sizeof(t_empty2),
a, sizeof(a));
if (ret != WC_NO_ERR_TRACE(AES_CCM_OVERFLOW_E)) {
if (ret == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
else
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
#ifdef HAVE_AES_DECRYPT
ret = wc_AesCcmDecrypt(enc, buf, (const byte *)"",
(word32)1 << 24, iv, 12, t_empty2,
sizeof(t_empty2), a, sizeof(a));
if (ret != WC_NO_ERR_TRACE(AES_CCM_OVERFLOW_E)) {
if (ret == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
else
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
#endif
#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION3_GE(7, 0, 0)) */
ret = 0;
out:
return ret;
}
static wc_test_ret_t aesccm_128_test(Aes* enc)
{
wc_test_ret_t ret;
ret = aesccm_128_vector_test(enc);
if (ret != 0)
return ret;
#ifndef HAVE_SELFTEST
ret = aesccm_128_setnonce_test(enc);
if (ret != 0)
return ret;
#endif
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
ret = aesccm_128_badiv_test(enc);
if (ret != 0)
return ret;
#endif
ret = aesccm_128_large_test(enc);
if (ret != 0)
return ret;
ret = aesccm_128_badarg_test(enc);
if (ret != 0)
return ret;
return ret;
}
#endif /* WOLFSSL_AES_128 */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesccm_test(void)
{
wc_test_ret_t ret = 0;
#if defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_256)
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
Aes *enc = NULL;
#else
Aes enc[1];
#endif
#endif
WOLFSSL_ENTER("aesccm_test");
#if defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_256)
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
enc = wc_AesNew(HEAP_HINT, devId, &ret);
if (enc == NULL)
return WC_TEST_RET_ENC_EC(ret);
#else
XMEMSET(enc, 0, sizeof(Aes));
ret = wc_AesInit(enc, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#endif
#endif
#ifdef WOLFSSL_AES_128
if (ret == 0)
ret = aesccm_128_test(enc);
#endif
#ifdef WOLFSSL_AES_256
if (ret == 0)
ret = aesccm_256_test(enc);
#endif
#if defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_256)
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
wc_AesDelete(enc, &enc);
#else
wc_AesFree(enc);
#endif
#endif
return ret;
}
#endif /* HAVE_AESCCM */
#ifdef WOLFSSL_AES_CTS
#ifdef WOLFSSL_AES_192
static wc_test_ret_t aes_cts_192_stream_test(const byte* pt, const byte* iv_in)
{
WOLFSSL_SMALL_STACK_STATIC const byte key192[] = {
0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b
};
WOLFSSL_SMALL_STACK_STATIC const byte ct192_32[] = {
0xb4, 0xd9, 0xad, 0xa9, 0xad, 0x7d, 0xed, 0xf4,
0xe5, 0xe7, 0x38, 0x76, 0x3f, 0x69, 0x14, 0x5a,
0x4f, 0x02, 0x1d, 0xb2, 0x43, 0xbc, 0x63, 0x3d,
0x71, 0x78, 0x18, 0x3a, 0x9f, 0xa0, 0x71, 0xe8
};
byte out[WC_AES_BLOCK_SIZE * 2];
byte plain[WC_AES_BLOCK_SIZE * 2];
word32 outSz, totalSz = 0;
wc_test_ret_t ret = 0;
Aes* enc = wc_AesNew(HEAP_HINT, devId, &ret);
if (enc == NULL)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_AesSetKey(enc, key192, sizeof(key192), iv_in, AES_ENCRYPTION);
if (ret == 0) {
outSz = (word32)sizeof(out);
totalSz = 0;
ret = wc_AesCtsEncryptUpdate(enc, out, &outSz, pt, 16);
totalSz += outSz;
}
if (ret == 0) {
outSz = (word32)sizeof(out) - totalSz;
ret = wc_AesCtsEncryptUpdate(enc, out + totalSz, &outSz, pt + 16, 16);
totalSz += outSz;
}
if (ret == 0) {
outSz = (word32)sizeof(out) - totalSz;
ret = wc_AesCtsEncryptFinal(enc, out + totalSz, &outSz);
totalSz += outSz;
}
wc_AesDelete(enc, NULL);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (totalSz != 32 || XMEMCMP(out, ct192_32, 32) != 0)
return WC_TEST_RET_ENC_NC;
#ifdef HAVE_AES_DECRYPT
{
Aes* dec = wc_AesNew(HEAP_HINT, devId, &ret);
if (dec == NULL)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_AesSetKey(dec, key192, sizeof(key192), iv_in, AES_DECRYPTION);
if (ret == 0) {
outSz = (word32)sizeof(plain);
totalSz = 0;
ret = wc_AesCtsDecryptUpdate(dec, plain, &outSz, ct192_32, 16);
totalSz += outSz;
}
if (ret == 0) {
outSz = (word32)sizeof(plain) - totalSz;
ret = wc_AesCtsDecryptUpdate(dec, plain + totalSz, &outSz,
ct192_32 + 16, 16);
totalSz += outSz;
}
if (ret == 0) {
outSz = (word32)sizeof(plain) - totalSz;
ret = wc_AesCtsDecryptFinal(dec, plain + totalSz, &outSz);
totalSz += outSz;
}
wc_AesDelete(dec, NULL);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (totalSz != 32 || XMEMCMP(plain, pt, 32) != 0)
return WC_TEST_RET_ENC_NC;
}
#endif /* HAVE_AES_DECRYPT */
return 0;
}
#endif /* WOLFSSL_AES_192 */
#ifdef WOLFSSL_AES_256
static wc_test_ret_t aes_cts_256_stream_test(const byte* pt, const byte* iv_in)
{
WOLFSSL_SMALL_STACK_STATIC const byte key256[] = {
0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
};
WOLFSSL_SMALL_STACK_STATIC const byte ct256_32[] = {
0x9c, 0xfc, 0x4e, 0x96, 0x7e, 0xdb, 0x80, 0x8d,
0x67, 0x9f, 0x77, 0x7b, 0xc6, 0x70, 0x2c, 0x7d,
0xf5, 0x8c, 0x4c, 0x04, 0xd6, 0xe5, 0xf1, 0xba,
0x77, 0x9e, 0xab, 0xfb, 0x5f, 0x7b, 0xfb, 0xd6
};
byte out[WC_AES_BLOCK_SIZE * 2];
byte plain[WC_AES_BLOCK_SIZE * 2];
word32 outSz, totalSz = 0;
wc_test_ret_t ret = 0;
Aes* enc = wc_AesNew(HEAP_HINT, devId, &ret);
if (enc == NULL)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_AesSetKey(enc, key256, sizeof(key256), iv_in, AES_ENCRYPTION);
if (ret == 0) {
outSz = (word32)sizeof(out);
totalSz = 0;
ret = wc_AesCtsEncryptUpdate(enc, out, &outSz, pt, 16);
totalSz += outSz;
}
if (ret == 0) {
outSz = (word32)sizeof(out) - totalSz;
ret = wc_AesCtsEncryptUpdate(enc, out + totalSz, &outSz, pt + 16, 16);
totalSz += outSz;
}
if (ret == 0) {
outSz = (word32)sizeof(out) - totalSz;
ret = wc_AesCtsEncryptFinal(enc, out + totalSz, &outSz);
totalSz += outSz;
}
wc_AesDelete(enc, NULL);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (totalSz != 32 || XMEMCMP(out, ct256_32, 32) != 0)
return WC_TEST_RET_ENC_NC;
#ifdef HAVE_AES_DECRYPT
{
Aes* dec = wc_AesNew(HEAP_HINT, devId, &ret);
if (dec == NULL)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_AesSetKey(dec, key256, sizeof(key256), iv_in, AES_DECRYPTION);
if (ret == 0) {
outSz = (word32)sizeof(plain);
totalSz = 0;
ret = wc_AesCtsDecryptUpdate(dec, plain, &outSz, ct256_32, 16);
totalSz += outSz;
}
if (ret == 0) {
outSz = (word32)sizeof(plain) - totalSz;
ret = wc_AesCtsDecryptUpdate(dec, plain + totalSz, &outSz,
ct256_32 + 16, 16);
totalSz += outSz;
}
if (ret == 0) {
outSz = (word32)sizeof(plain) - totalSz;
ret = wc_AesCtsDecryptFinal(dec, plain + totalSz, &outSz);
totalSz += outSz;
}
wc_AesDelete(dec, NULL);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (totalSz != 32 || XMEMCMP(plain, pt, 32) != 0)
return WC_TEST_RET_ENC_NC;
}
#endif /* HAVE_AES_DECRYPT */
return 0;
}
#endif /* WOLFSSL_AES_256 */
/* One-shot CTS KAT: encrypt -> compare -> (HAVE_AES_DECRYPT) decrypt -> compare. */
static wc_test_ret_t aes_cts_kat(const byte* key, word32 keySz, const byte* iv,
const byte* pt, word32 ptLen,
const byte* ctExpected, byte* outBuf,
byte* plainBuf)
{
wc_test_ret_t ret;
#ifndef HAVE_AES_DECRYPT
(void)plainBuf;
#endif
ret = wc_AesCtsEncrypt(key, keySz, outBuf, pt, ptLen, iv);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(outBuf, ctExpected, ptLen) != 0)
return WC_TEST_RET_ENC_NC;
#ifdef HAVE_AES_DECRYPT
ret = wc_AesCtsDecrypt(key, keySz, plainBuf, ctExpected, ptLen, iv);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(plainBuf, pt, ptLen) != 0)
return WC_TEST_RET_ENC_NC;
#endif /* HAVE_AES_DECRYPT */
return 0;
}
/* Streaming CTS KAT: feed pt in two 16-byte chunks via Update, then Final.
* On HAVE_AES_DECRYPT, also stream-decrypt ctExpected and verify it round-trips
* to pt. Used for 2-block (32-byte) inputs. */
static wc_test_ret_t aes_cts_stream_kat(const byte* key, word32 keySz,
const byte* iv, const byte* pt,
const byte* ctExpected, byte* outBuf,
byte* plainBuf, word32 outBufSz,
word32 plainBufSz)
{
Aes* enc;
word32 outSz = 0, totalSz = 0;
wc_test_ret_t ret = 0;
#ifndef HAVE_AES_DECRYPT
(void)plainBuf;
(void)plainBufSz;
#endif
enc = wc_AesNew(HEAP_HINT, devId, &ret);
if (enc == NULL)
return WC_TEST_RET_ENC_EC(ret);
XMEMSET(outBuf, 0, outBufSz);
totalSz = 0;
ret = wc_AesSetKey(enc, key, keySz, iv, AES_ENCRYPTION);
if (ret == 0) {
outSz = outBufSz - totalSz;
ret = wc_AesCtsEncryptUpdate(enc, outBuf + totalSz, &outSz, pt, 16);
totalSz += outSz;
}
if (ret == 0) {
outSz = outBufSz - totalSz;
ret = wc_AesCtsEncryptUpdate(enc, outBuf + totalSz, &outSz, pt + 16, 16);
totalSz += outSz;
}
if (ret == 0) {
outSz = outBufSz - totalSz;
ret = wc_AesCtsEncryptFinal(enc, outBuf + totalSz, &outSz);
totalSz += outSz;
}
wc_AesDelete(enc, NULL);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (totalSz != 32 || XMEMCMP(outBuf, ctExpected, 32) != 0)
return WC_TEST_RET_ENC_NC;
#ifdef HAVE_AES_DECRYPT
{
Aes* dec = wc_AesNew(HEAP_HINT, devId, &ret);
if (dec == NULL)
return WC_TEST_RET_ENC_EC(ret);
XMEMSET(plainBuf, 0, plainBufSz);
totalSz = 0;
ret = wc_AesSetKey(dec, key, keySz, iv, AES_DECRYPTION);
if (ret == 0) {
outSz = plainBufSz - totalSz;
ret = wc_AesCtsDecryptUpdate(dec, plainBuf + totalSz, &outSz,
ctExpected, 16);
totalSz += outSz;
}
if (ret == 0) {
outSz = plainBufSz - totalSz;
ret = wc_AesCtsDecryptUpdate(dec, plainBuf + totalSz, &outSz,
ctExpected + 16, 16);
totalSz += outSz;
}
if (ret == 0) {
outSz = plainBufSz - totalSz;
ret = wc_AesCtsDecryptFinal(dec, plainBuf + totalSz, &outSz);
totalSz += outSz;
}
wc_AesDelete(dec, NULL);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (totalSz != 32 || XMEMCMP(plainBuf, pt, 32) != 0)
return WC_TEST_RET_ENC_NC;
}
#endif /* HAVE_AES_DECRYPT */
return 0;
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cts_test(void)
{
/* Test vectors derived from NIST SP 800-38A AES-CBC vectors.
* CTS (ciphertext stealing) swaps the last two ciphertext blocks relative
* to standard CBC, producing output of the same length as the input. */
wc_test_ret_t ret = 0;
byte out[WC_AES_BLOCK_SIZE * 3];
byte plain[WC_AES_BLOCK_SIZE * 3];
/* Shared IV: NIST SP 800-38A */
WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
};
/* Plaintext P1 || P2 || P3 from NIST SP 800-38A F.2.1 */
WOLFSSL_SMALL_STACK_STATIC const byte pt48[] = {
0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef
};
WOLFSSL_ENTER("aes_cts_test");
#ifdef WOLFSSL_AES_128
/* AES-128, key from NIST SP 800-38A F.2.1.
* CBC values: C1=764...7d, C2=508...b2, C3=73b...16.
* CTS for 2-block input outputs [C2 | C1]; for 3-block [C1 | C3 | C2]. */
{
WOLFSSL_SMALL_STACK_STATIC const byte key128[] = {
0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
};
WOLFSSL_SMALL_STACK_STATIC const byte ct128_32[] = {
0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee,
0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2,
0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46,
0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d
};
WOLFSSL_SMALL_STACK_STATIC const byte ct128_48[] = {
0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46,
0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d,
0x73, 0xbe, 0xd6, 0xb8, 0xe3, 0xc1, 0x74, 0x3b,
0x71, 0x16, 0xe6, 0x9e, 0x22, 0x22, 0x95, 0x16,
0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee,
0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2
};
/* One-shot KAT: 2 full blocks */
ret = aes_cts_kat(key128, sizeof(key128), iv, pt48, 32, ct128_32,
out, plain);
if (ret != 0)
return ret;
/* One-shot KAT: 3 full blocks */
ret = aes_cts_kat(key128, sizeof(key128), iv, pt48, 48, ct128_48,
out, plain);
if (ret != 0)
return ret;
/* Streaming KAT: 2 full blocks fed in two 16-byte chunks */
ret = aes_cts_stream_kat(key128, sizeof(key128), iv, pt48, ct128_32,
out, plain, (word32)sizeof(out), (word32)sizeof(plain));
if (ret != 0)
return ret;
/* Partial-block round-trip: 1 full block + 1 byte (17 bytes total).
* Encrypt then decrypt; verify round-trip matches. */
ret = wc_AesCtsEncrypt(key128, sizeof(key128), out, pt48, 17, iv);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#ifdef HAVE_AES_DECRYPT
ret = wc_AesCtsDecrypt(key128, sizeof(key128), plain, out, 17, iv);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(plain, pt48, 17) != 0)
return WC_TEST_RET_ENC_NC;
#endif
}
#endif /* WOLFSSL_AES_128 */
#ifdef WOLFSSL_AES_192
/* AES-192, key from NIST SP 800-38A F.2.3.
* CTS for 2-block input outputs [CBC_C2 | CBC_C1]. */
{
WOLFSSL_SMALL_STACK_STATIC const byte key192[] = {
0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b
};
WOLFSSL_SMALL_STACK_STATIC const byte ct192_32[] = {
0xb4, 0xd9, 0xad, 0xa9, 0xad, 0x7d, 0xed, 0xf4,
0xe5, 0xe7, 0x38, 0x76, 0x3f, 0x69, 0x14, 0x5a,
0x4f, 0x02, 0x1d, 0xb2, 0x43, 0xbc, 0x63, 0x3d,
0x71, 0x78, 0x18, 0x3a, 0x9f, 0xa0, 0x71, 0xe8
};
ret = aes_cts_kat(key192, sizeof(key192), iv, pt48, 32, ct192_32,
out, plain);
if (ret != 0)
return ret;
ret = aes_cts_192_stream_test(pt48, iv);
if (ret != 0)
return ret;
}
#endif /* WOLFSSL_AES_192 */
#ifdef WOLFSSL_AES_256
/* AES-256, key from NIST SP 800-38A F.2.5.
* CTS for 2-block input outputs [CBC_C2 | CBC_C1]. */
{
WOLFSSL_SMALL_STACK_STATIC const byte key256[] = {
0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
};
WOLFSSL_SMALL_STACK_STATIC const byte ct256_32[] = {
0x9c, 0xfc, 0x4e, 0x96, 0x7e, 0xdb, 0x80, 0x8d,
0x67, 0x9f, 0x77, 0x7b, 0xc6, 0x70, 0x2c, 0x7d,
0xf5, 0x8c, 0x4c, 0x04, 0xd6, 0xe5, 0xf1, 0xba,
0x77, 0x9e, 0xab, 0xfb, 0x5f, 0x7b, 0xfb, 0xd6
};
ret = aes_cts_kat(key256, sizeof(key256), iv, pt48, 32, ct256_32,
out, plain);
if (ret != 0)
return ret;
ret = aes_cts_256_stream_test(pt48, iv);
if (ret != 0)
return ret;
}
#endif /* WOLFSSL_AES_256 */
return ret;
}
#endif /* WOLFSSL_AES_CTS */
#if defined(WOLFSSL_AES_EAX) && \
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_eax_test(void)
{
typedef struct {
byte key[AES_256_KEY_SIZE];
int key_length;
byte iv[WC_AES_BLOCK_SIZE];
int iv_length;
byte aad[WC_AES_BLOCK_SIZE * 2];
int aad_length;
byte msg[WC_AES_BLOCK_SIZE * 2];
int msg_length;
byte ct[WC_AES_BLOCK_SIZE * 2];
int ct_length;
byte tag[WC_AES_BLOCK_SIZE];
int tag_length;
int valid;
} AadVector;
/* A small selection of Google wycheproof vectors that use vectors
* from the original paper: eprint.iacr.org/2003/069
* https://github.com/google/wycheproof/blob/master/testvectors/aes_eax_test.json
*/
WOLFSSL_SMALL_STACK_STATIC const AadVector vectors[] = {
/* Vector from paper - empty message with auth data */
#ifdef WOLFSSL_AES_128
{
/* key, key length */
{0x23, 0x39, 0x52, 0xde, 0xe4, 0xd5, 0xed, 0x5f,
0x9b, 0x9c, 0x6d, 0x6f, 0xf8, 0x0f, 0xf4, 0x78}, 16,
/* iv, iv length */
{0x62, 0xec, 0x67, 0xf9, 0xc3, 0xa4, 0xa4, 0x07,
0xfc, 0xb2, 0xa8, 0xc4, 0x90, 0x31, 0xa8, 0xb3}, 16,
/* aad, aad length */
{0x6b, 0xfb, 0x91, 0x4f, 0xd0, 0x7e, 0xae, 0x6b}, 8,
/* msg, msg length */
{0}, 0,
/* ct, ct length */
{0}, 0,
/* tag, tag length */
{0xe0, 0x37, 0x83, 0x0e, 0x83, 0x89, 0xf2,
0x7b, 0x02, 0x5a, 0x2d, 0x65, 0x27, 0xe7, 0x9d, 0x01}, 16,
/* valid */
1,
},
/* Vector from paper - no auth data, valid auth tag */
{
/* key, key length */
{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
/* iv , iv length */
{0x3c, 0x8c, 0xc2, 0x97, 0x0a, 0x00, 0x8f, 0x75,
0xcc, 0x5b, 0xea, 0xe2, 0x84, 0x72, 0x58, 0xc2}, 16,
/* aad, aad length */
{0}, 0,
/* msg, msg length */
{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32,
/* ct, ct length */
{0x3c, 0x44, 0x1f, 0x32, 0xce, 0x07, 0x82, 0x23,
0x64, 0xd7, 0xa2, 0x99, 0x0e, 0x50, 0xbb, 0x13,
0xd7, 0xb0, 0x2a, 0x26, 0x96, 0x9e, 0x4a, 0x93,
0x7e, 0x5e, 0x90, 0x73, 0xb0, 0xd9, 0xc9, 0x68}, 32,
/* tag, tag length */
{0xdb, 0x90, 0xbd, 0xb3, 0xda, 0x3d, 0x00, 0xaf,
0xd0, 0xfc, 0x6a, 0x83, 0x55, 0x1d, 0xa9, 0x5e}, 16,
/* valid */
1,
},
/* Vector from paper - no auth data with invalid auth tag */
{
/* key, key length */
{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
/* iv, iv length */
{0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
/* aad, aad length */
{0}, 0,
/* msg, msg length */
{0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
/* ct , ct length */
{0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
/* tag, tag length */
{0xe7, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
/* valid */
0,
},
#endif
#ifdef WOLFSSL_AES_192
{
/* key, key length */
{0x50, 0x19, 0xeb, 0x9f, 0xef, 0x82, 0xe5, 0x75,
0x0b, 0x63, 0x17, 0x58, 0xf0, 0x21, 0x3e, 0x3e,
0x5f, 0xcc, 0xa1, 0x27, 0x48, 0xb4, 0x0e, 0xb4}, 24,
/* iv, iv length */
{0xff, 0x0d, 0xdb, 0x0a, 0x0d, 0x7b, 0x36, 0xd2,
0x19, 0xda, 0x12, 0xb5}, 12,
/* aad, aad length */
{0}, 0,
/* msg, msg length */
{0}, 0,
/* ct, ct length */
{0}, 0,
/* tag, tag length */
{0xbc, 0xe2, 0x73, 0xd0, 0xe6, 0x81, 0x12, 0x37,
0x17, 0x45, 0xe6, 0x65, 0xec, 0xec, 0xa8, 0x23}, 16,
/* valid */
1,
},
{
/* key, key length */
{0x2b, 0xc9, 0x5c, 0x03, 0xe9, 0xc5, 0xb4, 0xb9,
0x5e, 0x30, 0xfb, 0x59, 0x7f, 0x7e, 0xa6, 0xdd,
0x1e, 0x8e, 0xaa, 0x68, 0x94, 0x0d, 0xa2, 0x36}, 24,
/* iv , iv length */
{0xa2, 0x35, 0x7e, 0x33, 0xef, 0x99, 0x92, 0xbe,
0x34, 0x14, 0x4d, 0x2e, 0x7e, 0x04, 0x32, 0x75}, 16,
/* aad, aad length */
{0}, 0,
/* msg, msg length */
{0x3a, 0xa2, 0x30, 0xf4, 0x52, 0x6b, 0x82, 0xff,
0x6e, 0xbc, 0x0b, 0x3b, 0x54, 0xe6, 0x10, 0x16,
0xad, 0x45, 0x9c, 0xa8, 0x68, 0x99}, 22,
/* ct, ct length */
{0xa4, 0xd8, 0x77, 0x92, 0xb6, 0x18, 0x83, 0x32,
0x27, 0x16, 0xb3, 0x45, 0xf9, 0xc2, 0x9b, 0x5a,
0x12, 0xa1, 0x04, 0x41, 0xd5, 0xe4}, 22,
/* tag, tag length */
{0x1c, 0xda, 0x87, 0xea, 0x66, 0xdf, 0xc3, 0x4a,
0x8d, 0x25, 0x58, 0xc0, 0x01, 0x99, 0x28, 0x63}, 16,
/* valid */
1,
},
{
/* key, key length */
{0xbf, 0xe0, 0x94, 0x53, 0x95, 0xca, 0x57, 0xa1,
0xc2, 0x36, 0x8f, 0x56, 0xbb, 0x60, 0x54, 0x75,
0x5f, 0x1f, 0x16, 0xe6, 0xd6, 0xdc, 0xe5, 0xdc}, 24,
/* iv, iv length */
{0xea, 0x8b, 0xc8, 0xbd, 0xe2, 0x9e, 0x05, 0x7e,
0xba, 0xa6, 0x7e, 0x35, 0x16, 0x29, 0x5d, 0x22}, 16,
/* aad, aad length */
{0x92, 0x2d, 0xc6, 0xf1, 0xed, 0x0d, 0xa9, 0xd2,
0x55, 0x00, 0xa0, 0xb7, 0x15, 0x7a, 0x10}, 15,
/* msg, msg length */
{0x21, 0x2b, 0x0b, 0x1f, 0x68, 0x53, 0x00, 0x65,
0x1e, 0xb4, 0x3b, 0x2e, 0xc0, 0x77, 0x91, 0x26}, 16,
/* ct , ct length */
{0x73, 0x42, 0x83, 0x85, 0x39, 0xec, 0x97, 0x5f,
0x2b, 0x4e, 0x3c, 0xf9, 0xa0, 0x8c, 0x86, 0x0e}, 16,
/* tag, tag length */
{0x1a, 0xb9, 0xc9, 0x2a, 0x3a, 0x2b, 0x2c, 0x0c,
0x79, 0x96, 0xc8, 0xa2, 0x57, 0x38, 0x95, 0x9c}, 16,
/* valid */
1,
},
#endif
#ifdef WOLFSSL_AES_256
{
/* key, key length */
{0x4c, 0x01, 0x0d, 0x95, 0x61, 0xc7, 0x23, 0x4c,
0x30, 0x8c, 0x01, 0xce, 0xa3, 0x04, 0x0c, 0x92,
0x5a, 0x9f, 0x32, 0x4d, 0xc9, 0x58, 0xff, 0x90,
0x4a, 0xe3, 0x9b, 0x37, 0xe6, 0x0e, 0x1e, 0x03}, 32,
/* iv, iv length */
{0x2a, 0x55, 0xca, 0xa1, 0x37, 0xc5, 0xb0, 0xb6,
0x6c, 0xf3, 0x80, 0x9e, 0xb8, 0xf7, 0x30, 0xc4}, 16,
/* aad, aad length */
{0}, 0,
/* msg, msg length */
{0x2a, 0x09, 0x3c, 0x9e, 0xd7, 0x2b, 0x8f, 0xf4,
0x99, 0x42, 0x01, 0xe9, 0xf9, 0xe0, 0x10}, 15,
/* ct, ct length */
{0xcb, 0xfc, 0xaa, 0x36, 0x34, 0xd6, 0xcf, 0xf5,
0x65, 0x6b, 0xc6, 0xbd, 0xa6, 0xab, 0x5f}, 15,
/* tag, tag length */
{0x01, 0x44, 0xbe, 0x06, 0x43, 0xb0, 0x36, 0xa8,
0x14, 0x7e, 0x19, 0xf4, 0xea, 0x9e, 0x7a, 0xf2}, 16,
/* valid */
1,
},
{
/* key, key length */
{0x2f, 0x6c, 0xfb, 0x7a, 0x21, 0x5a, 0x7b, 0xaf,
0xb6, 0x07, 0xc2, 0x73, 0xf7, 0xe6, 0x6f, 0x9a,
0x6d, 0x51, 0xd5, 0x7f, 0x9c, 0x29, 0x42, 0x2e,
0xc6, 0x46, 0x99, 0xba, 0xd0, 0xc6, 0xf3, 0x3b}, 32,
/* iv , iv length */
{0x21, 0xcb, 0xef, 0xf0, 0xb1, 0x23, 0x79, 0x9d,
0xa7, 0x4f, 0x4d, 0xaf, 0xf2, 0xe2, 0x79, 0xc5}, 16,
/* aad, aad length */
{0}, 0,
/* msg, msg length */
{0x39, 0xdb, 0xc7, 0x1f, 0x68, 0x38, 0xed, 0x6c,
0x6e, 0x58, 0x21, 0x37, 0x43, 0x6e, 0x1c, 0x61,
0xbb, 0xbf, 0xb8, 0x05, 0x31, 0xf4}, 22,
/* ct, ct length */
{0xf5, 0x31, 0x09, 0x7a, 0xa1, 0xbb, 0x35, 0xd9,
0xf4, 0x01, 0xd4, 0x59, 0x34, 0x0a, 0xfb, 0xd2,
0x7f, 0x9b, 0xdf, 0x72, 0xc5, 0x37}, 22,
/* tag, tag length */
{0xe4, 0xe1, 0x81, 0x70, 0xdc, 0xe4, 0xe1, 0xaf,
0x90, 0xb1, 0x5e, 0xae, 0x64, 0x35, 0x53, 0x31}, 16,
/* valid */
1,
},
{
/* key, key length */
{0x9f, 0x5c, 0x60, 0xfb, 0x5d, 0xf5, 0xcf, 0x2b,
0x1b, 0x39, 0x25, 0x4c, 0x3f, 0xa8, 0x0e, 0x51,
0xd3, 0x0d, 0x64, 0xe3, 0x44, 0xb3, 0xab, 0xa5,
0x95, 0x74, 0x30, 0x5b, 0x4d, 0x22, 0x12, 0xad}, 32,
/* iv, iv length */
{0xd4, 0xdf, 0x79, 0xc6, 0x9f, 0x73, 0xb2, 0x6a,
0x13, 0x59, 0x8a, 0xf0, 0x7e, 0xed, 0x6a, 0x77}, 16,
/* aad, aad length */
{0x81, 0x33, 0x99, 0xff, 0x1e, 0x1e, 0xf0, 0xb5,
0x8b, 0xb2, 0xbe, 0x13, 0x0c, 0xe5, 0xd4}, 15,
/* msg, msg length */
{0xa3, 0xca, 0x2e, 0xf9, 0xbd, 0x1f, 0xdb, 0xaa,
0x83, 0xdb, 0x4c, 0x7e, 0xae, 0x6d, 0xe9, 0x4e}, 16,
/* ct , ct length */
{0x65, 0x01, 0x92, 0x12, 0xcc, 0xbb, 0xd4, 0xcd,
0x2f, 0x99, 0x5c, 0xc5, 0x9d, 0x46, 0xfd, 0x27}, 16,
/* tag, tag length */
{0x40, 0x26, 0xc4, 0x86, 0x43, 0x0a, 0x1a, 0xe2,
0xa5, 0xfc, 0x40, 0x81, 0xcd, 0x66, 0x54, 0x68}, 16,
/* valid */
1,
},
#endif
};
WOLFSSL_SMALL_STACK_STATIC byte ciphertext[sizeof(vectors[0].ct)];
WOLFSSL_SMALL_STACK_STATIC byte authtag[sizeof(vectors[0].tag)];
int i;
int len;
wc_test_ret_t ret;
WOLFSSL_ENTER("aes_eax_test");
for (i = 0; i < (int)(sizeof(vectors)/sizeof(vectors[0])); i++) {
XMEMSET(ciphertext, 0, sizeof(ciphertext));
len = sizeof(authtag);
ret = wc_AesEaxEncryptAuth(vectors[i].key, (word32)vectors[i].key_length,
ciphertext,
vectors[i].msg, (word32)vectors[i].msg_length,
vectors[i].iv, (word32)vectors[i].iv_length,
authtag, (word32)len,
vectors[i].aad, (word32)vectors[i].aad_length);
if (ret != 0) {
return WC_TEST_RET_ENC_EC(ret);
}
/* check ciphertext matches vector */
if (XMEMCMP(ciphertext, vectors[i].ct, (size_t)vectors[i].ct_length)) {
return WC_TEST_RET_ENC_NC;
}
/* check that tag matches vector only for vectors marked as valid */
ret = XMEMCMP(authtag, vectors[i].tag, len);
if (vectors[i].valid == 1 && ret != 0 ) {
return WC_TEST_RET_ENC_NC;
}
else if (vectors[i].valid == 0 && ret == 0) {
return WC_TEST_RET_ENC_NC;
}
XMEMSET(ciphertext, 0, sizeof(ciphertext));
ret = wc_AesEaxDecryptAuth(vectors[i].key, (word32)vectors[i].key_length,
ciphertext,
vectors[i].ct, (word32)vectors[i].ct_length,
vectors[i].iv, (word32)vectors[i].iv_length,
authtag, (word32)len,
vectors[i].aad, (word32)vectors[i].aad_length);
if (ret != 0) {
return WC_TEST_RET_ENC_EC(ret);
}
/* check decrypted ciphertext matches vector plaintext */
if (XMEMCMP(ciphertext, vectors[i].msg, (size_t)vectors[i].msg_length)) {
return WC_TEST_RET_ENC_NC;
}
}
/* Regression test: wc_AesEaxDecryptAuth must reject authTagSz below
* WOLFSSL_MIN_AUTH_TAG_SZ (including zero), otherwise an attacker could
* bypass tag verification by supplying an empty tag. */
#if WOLFSSL_MIN_AUTH_TAG_SZ > 0
{
byte zero_ct[16];
byte zero_pt[16];
byte zero_tag[16];
XMEMSET(zero_ct, 0, sizeof(zero_ct));
XMEMSET(zero_tag, 0, sizeof(zero_tag));
ret = wc_AesEaxDecryptAuth(vectors[0].key,
(word32)vectors[0].key_length,
zero_pt,
zero_ct, (word32)sizeof(zero_ct),
vectors[0].iv,
(word32)vectors[0].iv_length,
zero_tag, 0,
vectors[0].aad,
(word32)vectors[0].aad_length);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
return WC_TEST_RET_ENC_EC(ret);
}
#if WOLFSSL_MIN_AUTH_TAG_SZ > 1
ret = wc_AesEaxDecryptAuth(vectors[0].key,
(word32)vectors[0].key_length,
zero_pt,
zero_ct, (word32)sizeof(zero_ct),
vectors[0].iv,
(word32)vectors[0].iv_length,
zero_tag, WOLFSSL_MIN_AUTH_TAG_SZ - 1,
vectors[0].aad,
(word32)vectors[0].aad_length);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
return WC_TEST_RET_ENC_EC(ret);
}
#endif
/* Upper bound: authTagSz > WC_AES_BLOCK_SIZE must be rejected.
* Pins the '>' operator in the validation against mutation to '>='
* and prevents an over-read of the caller-supplied tag buffer. */
ret = wc_AesEaxDecryptAuth(vectors[0].key,
(word32)vectors[0].key_length,
zero_pt,
zero_ct, (word32)sizeof(zero_ct),
vectors[0].iv,
(word32)vectors[0].iv_length,
zero_tag, WC_AES_BLOCK_SIZE + 1,
vectors[0].aad,
(word32)vectors[0].aad_length);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
return WC_TEST_RET_ENC_EC(ret);
}
/* Direct incremental-API coverage: wc_AesEaxDecryptFinal must also
* reject authInSz of zero and below WOLFSSL_MIN_AUTH_TAG_SZ. The
* one-shot API above is a separate code path. Heap-allocate the
* AesEax context to keep stack usage within Linux kernel limits. */
{
WC_DECLARE_VAR(eax, AesEax, 1, HEAP_HINT);
WC_ALLOC_VAR(eax, AesEax, 1, HEAP_HINT);
if (!WC_VAR_OK(eax))
return WC_TEST_RET_ENC_EC(MEMORY_E);
XMEMSET(eax, 0, sizeof(*eax));
ret = wc_AesEaxInit(eax,
vectors[0].key, (word32)vectors[0].key_length,
vectors[0].iv, (word32)vectors[0].iv_length,
vectors[0].aad,
(word32)vectors[0].aad_length);
if (ret != 0) {
WC_FREE_VAR(eax, HEAP_HINT);
return WC_TEST_RET_ENC_EC(ret);
}
ret = wc_AesEaxDecryptFinal(eax, zero_tag, 0);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
wc_AesEaxFree(eax);
WC_FREE_VAR(eax, HEAP_HINT);
return WC_TEST_RET_ENC_EC(ret);
}
#if WOLFSSL_MIN_AUTH_TAG_SZ > 1
ret = wc_AesEaxDecryptFinal(eax, zero_tag,
WOLFSSL_MIN_AUTH_TAG_SZ - 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
wc_AesEaxFree(eax);
WC_FREE_VAR(eax, HEAP_HINT);
return WC_TEST_RET_ENC_EC(ret);
}
#endif
/* Upper bound: authInSz > WC_AES_BLOCK_SIZE must be rejected. */
ret = wc_AesEaxDecryptFinal(eax, zero_tag, WC_AES_BLOCK_SIZE + 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
wc_AesEaxFree(eax);
WC_FREE_VAR(eax, HEAP_HINT);
return WC_TEST_RET_ENC_EC(ret);
}
wc_AesEaxFree(eax);
WC_FREE_VAR(eax, HEAP_HINT);
}
}
#endif /* WOLFSSL_MIN_AUTH_TAG_SZ > 0 */
return 0;
}
#endif /* WOLFSSL_AES_EAX */
#ifdef HAVE_AES_KEYWRAP
#define MAX_KEYWRAP_TEST_OUTLEN 40
#define MAX_KEYWRAP_TEST_PLAINLEN 32
typedef struct keywrapVector {
const byte* kek;
const byte* data;
const byte* verify;
word32 kekLen;
word32 dataLen;
word32 verifyLen;
} keywrapVector;
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aeskeywrap_test(void)
{
int wrapSz, plainSz, testSz, i;
/* test vectors from RFC 3394 (kek, data, verify) */
#ifdef WOLFSSL_AES_128
/* Wrap 128 bits of Key Data with a 128-bit KEK */
WOLFSSL_SMALL_STACK_STATIC const byte k1[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
};
WOLFSSL_SMALL_STACK_STATIC const byte d1[] = {
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
};
WOLFSSL_SMALL_STACK_STATIC const byte v1[] = {
0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47,
0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82,
0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5
};
#endif /* WOLFSSL_AES_128 */
#ifdef WOLFSSL_AES_192
/* Wrap 128 bits of Key Data with a 192-bit KEK */
WOLFSSL_SMALL_STACK_STATIC const byte k2[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
};
WOLFSSL_SMALL_STACK_STATIC const byte d2[] = {
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
};
WOLFSSL_SMALL_STACK_STATIC const byte v2[] = {
0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35,
0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2,
0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D
};
#endif
#ifdef WOLFSSL_AES_256
/* Wrap 128 bits of Key Data with a 256-bit KEK */
WOLFSSL_SMALL_STACK_STATIC const byte k3[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
};
WOLFSSL_SMALL_STACK_STATIC const byte d3[] = {
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
};
WOLFSSL_SMALL_STACK_STATIC const byte v3[] = {
0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2,
0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A,
0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7
};
#endif
#ifdef WOLFSSL_AES_192
/* Wrap 192 bits of Key Data with a 192-bit KEK */
WOLFSSL_SMALL_STACK_STATIC const byte k4[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
};
WOLFSSL_SMALL_STACK_STATIC const byte d4[] = {
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
};
WOLFSSL_SMALL_STACK_STATIC const byte v4[] = {
0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32,
0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC,
0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93,
0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2
};
#endif
#ifdef WOLFSSL_AES_256
/* Wrap 192 bits of Key Data with a 256-bit KEK */
WOLFSSL_SMALL_STACK_STATIC const byte k5[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
};
WOLFSSL_SMALL_STACK_STATIC const byte d5[] = {
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
};
WOLFSSL_SMALL_STACK_STATIC const byte v5[] = {
0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F,
0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4,
0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95,
0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1
};
/* Wrap 256 bits of Key Data with a 256-bit KEK */
WOLFSSL_SMALL_STACK_STATIC const byte k6[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
};
WOLFSSL_SMALL_STACK_STATIC const byte d6[] = {
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
};
WOLFSSL_SMALL_STACK_STATIC const byte v6[] = {
0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4,
0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26,
0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26,
0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B,
0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21
};
#endif /* WOLFSSL_AES_256 */
byte output[MAX_KEYWRAP_TEST_OUTLEN];
byte plain [MAX_KEYWRAP_TEST_PLAINLEN];
const keywrapVector test_wrap[] =
{
#ifdef WOLFSSL_AES_128
{k1, d1, v1, sizeof(k1), sizeof(d1), sizeof(v1)},
#endif
#ifdef WOLFSSL_AES_192
{k2, d2, v2, sizeof(k2), sizeof(d2), sizeof(v2)},
#endif
#ifdef WOLFSSL_AES_256
{k3, d3, v3, sizeof(k3), sizeof(d3), sizeof(v3)},
#endif
#ifdef WOLFSSL_AES_192
{k4, d4, v4, sizeof(k4), sizeof(d4), sizeof(v4)},
#endif
#ifdef WOLFSSL_AES_256
{k5, d5, v5, sizeof(k5), sizeof(d5), sizeof(v5)},
{k6, d6, v6, sizeof(k6), sizeof(d6), sizeof(v6)}
#endif
};
WOLFSSL_ENTER("aeskeywrap_test");
testSz = sizeof(test_wrap) / sizeof(keywrapVector);
XMEMSET(output, 0, sizeof(output));
XMEMSET(plain, 0, sizeof(plain));
for (i = 0; i < testSz; i++) {
wrapSz = wc_AesKeyWrap(test_wrap[i].kek, test_wrap[i].kekLen,
test_wrap[i].data, test_wrap[i].dataLen,
output, sizeof(output), NULL);
if ( (wrapSz < 0) || (wrapSz != (int)test_wrap[i].verifyLen) )
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(output, test_wrap[i].verify, test_wrap[i].verifyLen) != 0)
return WC_TEST_RET_ENC_NC;
plainSz = wc_AesKeyUnWrap((byte*)test_wrap[i].kek, test_wrap[i].kekLen,
output, (word32)wrapSz,
plain, sizeof(plain), NULL);
if ( (plainSz < 0) || (plainSz != (int)test_wrap[i].dataLen) )
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(plain, test_wrap[i].data, test_wrap[i].dataLen) != 0)
return WC_TEST_RET_ENC_I(i);
}
/* Negative test: corrupted wrapped data must be rejected with
* BAD_KEYWRAP_IV_E. */
{
wrapSz = wc_AesKeyWrap(test_wrap[0].kek, test_wrap[0].kekLen,
test_wrap[0].data, test_wrap[0].dataLen,
output, sizeof(output), NULL);
if (wrapSz < 0)
return WC_TEST_RET_ENC_EC(wrapSz);
/* Corrupt one byte of the wrapped data. */
output[0] ^= 0x01;
plainSz = wc_AesKeyUnWrap(test_wrap[0].kek, test_wrap[0].kekLen,
output, (word32)wrapSz,
plain, sizeof(plain), NULL);
if (plainSz != WC_NO_ERR_TRACE(BAD_KEYWRAP_IV_E))
return WC_TEST_RET_ENC_EC(plainSz);
}
return 0;
}
#endif /* HAVE_AES_KEYWRAP */
#endif /* !NO_AES */
#ifdef HAVE_ARIA
void printOutput(const char *strName, unsigned char *data, unsigned int dataSz)
{
#ifndef DEBUG_WOLFSSL
(void)strName;
(void)data;
(void)dataSz;
#else
WOLFSSL_MSG_EX("%s (%d):", strName,dataSz);
WOLFSSL_BUFFER(data,dataSz);
#endif
}
WOLFSSL_TEST_SUBROUTINE int ariagcm_test(MC_ALGID algo)
{
byte data[] = TEST_STRING;
word32 dataSz = TEST_STRING_SZ;
/* Arbitrarily random long key that we will truncate to the right size */
byte key[] = { 0x1E, 0xCC, 0x95, 0xCB, 0xD3, 0x74, 0x58, 0x4F,
0x6F, 0x8A, 0x70, 0x26, 0xF7, 0x3C, 0x8D, 0xB6,
0xDC, 0x32, 0x76, 0x20, 0xCF, 0x05, 0x4A, 0xCF,
0x11, 0x86, 0xCD, 0x23, 0x5E, 0xC1, 0x6E, 0x2B };
byte cipher[2*TEST_STRING_SZ], plain[TEST_STRING_SZ], ad[256], authTag[WC_AES_BLOCK_SIZE];
word32 keySz, adSz = 256, authTagSz = sizeof(authTag);
wc_Aria aria;
int ret = 0;
WOLFSSL_ENTER("ariagcm_test");
XMEMSET((void *)&aria, 0, sizeof(aria));
ret = wc_AriaInitCrypt(&aria, algo);
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret),out); }
ret = wc_AriaSetKey(&aria, key);
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret),out); }
MC_GetObjectValue(aria.hSession, aria.hKey, key, &keySz);
printOutput("Key", key, keySz);
WC_RNG rng;
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AriaGcmSetIV(&aria, GCM_NONCE_MID_SZ, NULL, 0, &rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
wc_FreeRng(&rng);
printOutput("Plaintext", data, sizeof(data));
XMEMSET(cipher, 0, sizeof(cipher));
ret = wc_AriaEncrypt(&aria, cipher, data, dataSz,
(byte *)aria.nonce, aria.nonceSz, ad, adSz,
authTag, authTagSz);
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret),out); }
printOutput("Ciphertext", cipher, sizeof(cipher));
printOutput("AuthTag", authTag, sizeof(authTag));
XMEMSET(plain, 0, sizeof(plain));
ret = wc_AriaDecrypt(&aria, plain, cipher, dataSz,
(byte *)aria.nonce, aria.nonceSz, ad, adSz,
authTag, authTagSz);
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret),out); }
printOutput("Plaintext", plain, sizeof(plain));
if (XMEMCMP(plain, data, dataSz) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC,out);
out:
if (ret != 0) { wc_AriaFreeCrypt(&aria); }
else { ret = wc_AriaFreeCrypt(&aria); }
return ret;
}
#endif /* HAVE_ARIA */
#ifdef HAVE_CAMELLIA
enum {
CAM_ECB_ENC, CAM_ECB_DEC, CAM_CBC_ENC, CAM_CBC_DEC
};
typedef struct {
int type;
const byte* plaintext;
const byte* iv;
const byte* ciphertext;
const byte* key;
word32 keySz;
int errorCode;
} test_vector_t;
static wc_test_ret_t camellia_vector_test(wc_Camellia* cam)
{
/* Camellia ECB Test Plaintext */
WOLFSSL_SMALL_STACK_STATIC const byte pte[] =
{
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
};
/* Camellia ECB Test Initialization Vector */
WOLFSSL_SMALL_STACK_STATIC const byte ive[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
/* Test 1: Camellia ECB 128-bit key */
WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
{
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
};
WOLFSSL_SMALL_STACK_STATIC const byte c1[] =
{
0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43
};
/* Test 2: Camellia ECB 192-bit key */
WOLFSSL_SMALL_STACK_STATIC const byte k2[] =
{
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
};
WOLFSSL_SMALL_STACK_STATIC const byte c2[] =
{
0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9
};
/* Test 3: Camellia ECB 256-bit key */
WOLFSSL_SMALL_STACK_STATIC const byte k3[] =
{
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
};
WOLFSSL_SMALL_STACK_STATIC const byte c3[] =
{
0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09
};
/* Camellia CBC Test Plaintext */
WOLFSSL_SMALL_STACK_STATIC const byte ptc[] =
{
0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
};
/* Camellia CBC Test Initialization Vector */
WOLFSSL_SMALL_STACK_STATIC const byte ivc[] =
{
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
};
/* Test 4: Camellia-CBC 128-bit key */
WOLFSSL_SMALL_STACK_STATIC const byte k4[] =
{
0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C
};
WOLFSSL_SMALL_STACK_STATIC const byte c4[] =
{
0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB
};
/* Test 5: Camellia-CBC 192-bit key */
WOLFSSL_SMALL_STACK_STATIC const byte k5[] =
{
0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B
};
WOLFSSL_SMALL_STACK_STATIC const byte c5[] =
{
0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93
};
/* Test 6: CBC 256-bit key */
WOLFSSL_SMALL_STACK_STATIC const byte k6[] =
{
0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4
};
WOLFSSL_SMALL_STACK_STATIC const byte c6[] =
{
0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA
};
byte out[WC_CAMELLIA_BLOCK_SIZE];
WOLFSSL_SMALL_STACK_STATIC const test_vector_t testVectors[] =
{
{CAM_ECB_ENC, pte, ive, c1, k1, sizeof(k1), 114},
{CAM_ECB_ENC, pte, ive, c2, k2, sizeof(k2), 115},
{CAM_ECB_ENC, pte, ive, c3, k3, sizeof(k3), 116},
{CAM_ECB_DEC, pte, ive, c1, k1, sizeof(k1), 117},
{CAM_ECB_DEC, pte, ive, c2, k2, sizeof(k2), 118},
{CAM_ECB_DEC, pte, ive, c3, k3, sizeof(k3), 119},
{CAM_CBC_ENC, ptc, ivc, c4, k4, sizeof(k4), 120},
{CAM_CBC_ENC, ptc, ivc, c5, k5, sizeof(k5), 121},
{CAM_CBC_ENC, ptc, ivc, c6, k6, sizeof(k6), 122},
{CAM_CBC_DEC, ptc, ivc, c4, k4, sizeof(k4), 123},
{CAM_CBC_DEC, ptc, ivc, c5, k5, sizeof(k5), 124},
{CAM_CBC_DEC, ptc, ivc, c6, k6, sizeof(k6), 125}
};
int i, testsSz;
int ret;
testsSz = sizeof(testVectors)/sizeof(test_vector_t);
for (i = 0; i < testsSz; i++) {
if (wc_CamelliaSetKey(cam, testVectors[i].key, testVectors[i].keySz,
testVectors[i].iv) != 0)
return WC_TEST_RET_ENC_I(testVectors[i].errorCode);
switch (testVectors[i].type) {
case CAM_ECB_ENC:
ret = wc_CamelliaEncryptDirect(cam, out,
testVectors[i].plaintext);
if (ret != 0 || XMEMCMP(out, testVectors[i].ciphertext,
WC_CAMELLIA_BLOCK_SIZE))
return WC_TEST_RET_ENC_I(testVectors[i].errorCode);
break;
case CAM_ECB_DEC:
ret = wc_CamelliaDecryptDirect(cam, out,
testVectors[i].ciphertext);
if (ret != 0 || XMEMCMP(out, testVectors[i].plaintext,
WC_CAMELLIA_BLOCK_SIZE))
return WC_TEST_RET_ENC_I(testVectors[i].errorCode);
break;
case CAM_CBC_ENC:
ret = wc_CamelliaCbcEncrypt(cam, out, testVectors[i].plaintext,
WC_CAMELLIA_BLOCK_SIZE);
if (ret != 0 || XMEMCMP(out, testVectors[i].ciphertext,
WC_CAMELLIA_BLOCK_SIZE))
return WC_TEST_RET_ENC_I(testVectors[i].errorCode);
break;
case CAM_CBC_DEC:
ret = wc_CamelliaCbcDecrypt(cam, out,
testVectors[i].ciphertext, WC_CAMELLIA_BLOCK_SIZE);
if (ret != 0 || XMEMCMP(out, testVectors[i].plaintext,
WC_CAMELLIA_BLOCK_SIZE))
return WC_TEST_RET_ENC_I(testVectors[i].errorCode);
break;
default:
break;
}
}
return 0;
}
static wc_test_ret_t camellia_iv_test(wc_Camellia* cam)
{
/* Camellia ECB Test Initialization Vector (all zeros) */
WOLFSSL_SMALL_STACK_STATIC const byte ive[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
/* Camellia CBC Test Initialization Vector */
WOLFSSL_SMALL_STACK_STATIC const byte ivc[] =
{
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
};
int ret;
/* Setting the IV and checking it was actually set. */
ret = wc_CamelliaSetIV(cam, ivc);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(cam->reg, ivc, WC_CAMELLIA_BLOCK_SIZE) != 0)
return WC_TEST_RET_ENC_NC;
/* Setting the IV to NULL should be same as all zeros IV */
ret = wc_CamelliaSetIV(cam, NULL);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(cam->reg, ive, WC_CAMELLIA_BLOCK_SIZE) != 0)
return WC_TEST_RET_ENC_NC;
/* First parameter should never be null */
if (wc_CamelliaSetIV(NULL, NULL) == 0)
return WC_TEST_RET_ENC_NC;
return 0;
}
static wc_test_ret_t camellia_param_test(wc_Camellia* cam)
{
/* Test 1: Camellia ECB 128-bit key (reused for parameter validation) */
WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
{
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
};
/* First parameter should never be null, check it fails */
if (wc_CamelliaSetKey(NULL, k1, sizeof(k1), NULL) == 0)
return WC_TEST_RET_ENC_NC;
/* Key should have a size of 16, 24, or 32 */
if (wc_CamelliaSetKey(cam, k1, 0, NULL) == 0)
return WC_TEST_RET_ENC_NC;
return 0;
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t camellia_test(void)
{
wc_test_ret_t ret;
wc_Camellia cam;
WOLFSSL_ENTER("camellia_test");
ret = camellia_vector_test(&cam);
if (ret != 0)
return ret;
ret = camellia_iv_test(&cam);
if (ret != 0)
return ret;
ret = camellia_param_test(&cam);
if (ret != 0)
return ret;
return 0;
}
#endif /* HAVE_CAMELLIA */
#ifdef WOLFSSL_SM4
#ifdef WOLFSSL_SM4_ECB
static int sm4_ecb_test(void)
{
/* draft-ribose-cfrg-sm4-10 A.2.1.1 */
WOLFSSL_SMALL_STACK_STATIC const byte k1[] = {
0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10
};
WOLFSSL_SMALL_STACK_STATIC const byte p1[] = {
0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB,
0xCC, 0xCC, 0xCC, 0xCC, 0xDD, 0xDD, 0xDD, 0xDD,
0xEE, 0xEE, 0xEE, 0xEE, 0xFF, 0xFF, 0xFF, 0xFF,
0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB
};
WOLFSSL_SMALL_STACK_STATIC const byte c1_ecb[] = {
0x5E, 0xC8, 0x14, 0x3D, 0xE5, 0x09, 0xCF, 0xF7,
0xB5, 0x17, 0x9F, 0x8F, 0x47, 0x4B, 0x86, 0x19,
0x2F, 0x1D, 0x30, 0x5A, 0x7F, 0xB1, 0x7D, 0xF9,
0x85, 0xF8, 0x1C, 0x84, 0x82, 0x19, 0x23, 0x04
};
wc_Sm4 sm4;
byte enc[SM4_BLOCK_SIZE * 4];
byte dec[SM4_BLOCK_SIZE * 4];
int ret;
ret = wc_Sm4Init(&sm4, NULL, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* Encrypt and decrypt with ECB. */
ret = wc_Sm4SetKey(&sm4, k1, sizeof(k1));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Sm4EcbEncrypt(&sm4, enc, p1, sizeof(p1));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(enc, c1_ecb, sizeof(c1_ecb)) != 0)
return WC_TEST_RET_ENC_NC;
ret = wc_Sm4EcbDecrypt(&sm4, dec, enc, sizeof(c1_ecb));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(dec, p1, sizeof(p1)) != 0)
return WC_TEST_RET_ENC_NC;
wc_Sm4Free(&sm4);
return 0;
}
#endif
#ifdef WOLFSSL_SM4_CBC
static int sm4_cbc_test(void)
{
/* draft-ribose-cfrg-sm4-10 A.2.2.1 */
WOLFSSL_SMALL_STACK_STATIC const byte k1[] = {
0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10
};
WOLFSSL_SMALL_STACK_STATIC const byte p1[] = {
0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB,
0xCC, 0xCC, 0xCC, 0xCC, 0xDD, 0xDD, 0xDD, 0xDD,
0xEE, 0xEE, 0xEE, 0xEE, 0xFF, 0xFF, 0xFF, 0xFF,
0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB
};
WOLFSSL_SMALL_STACK_STATIC const byte i1[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
};
WOLFSSL_SMALL_STACK_STATIC const byte c1_cbc[] = {
0x78, 0xEB, 0xB1, 0x1C, 0xC4, 0x0B, 0x0A, 0x48,
0x31, 0x2A, 0xAE, 0xB2, 0x04, 0x02, 0x44, 0xCB,
0x4C, 0xB7, 0x01, 0x69, 0x51, 0x90, 0x92, 0x26,
0x97, 0x9B, 0x0D, 0x15, 0xDC, 0x6A, 0x8F, 0x6D
};
wc_Sm4 sm4;
byte enc[SM4_BLOCK_SIZE * 4];
byte dec[SM4_BLOCK_SIZE * 4];
int ret;
ret = wc_Sm4Init(&sm4, NULL, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* Encrypt and decrypt with CBC. */
ret = wc_Sm4SetKey(&sm4, k1, sizeof(k1));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Sm4SetIV(&sm4, i1);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Sm4CbcEncrypt(&sm4, enc, p1, sizeof(p1));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(enc, c1_cbc, sizeof(c1_cbc)) != 0)
return WC_TEST_RET_ENC_NC;
ret = wc_Sm4SetIV(&sm4, i1);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Sm4CbcDecrypt(&sm4, dec, enc, sizeof(c1_cbc));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(dec, p1, sizeof(p1)) != 0)
return WC_TEST_RET_ENC_NC;
/* Encrypt and decrypt in-place with CBC. */
ret = wc_Sm4SetKey(&sm4, k1, sizeof(k1));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Sm4SetIV(&sm4, i1);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
XMEMCPY(enc, p1, sizeof(p1));
ret = wc_Sm4CbcEncrypt(&sm4, enc, enc, sizeof(p1));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(enc, c1_cbc, sizeof(c1_cbc)) != 0)
return WC_TEST_RET_ENC_NC;
ret = wc_Sm4SetIV(&sm4, i1);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Sm4CbcDecrypt(&sm4, enc, enc, sizeof(c1_cbc));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(enc, p1, sizeof(p1)) != 0)
return WC_TEST_RET_ENC_NC;
wc_Sm4Free(&sm4);
return 0;
}
#endif
#ifdef WOLFSSL_SM4_CTR
static int sm4_ctr_test(void)
{
/* draft-ribose-cfrg-sm4-10 A.2.5.1 */
WOLFSSL_SMALL_STACK_STATIC const byte k1[] = {
0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10
};
WOLFSSL_SMALL_STACK_STATIC const byte i1[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
};
WOLFSSL_SMALL_STACK_STATIC const byte p2[] = {
0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB,
0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC,
0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB
};
WOLFSSL_SMALL_STACK_STATIC const byte c2_ctr[] = {
0xAC, 0x32, 0x36, 0xCB, 0x97, 0x0C, 0xC2, 0x07,
0x91, 0x36, 0x4C, 0x39, 0x5A, 0x13, 0x42, 0xD1,
0xA3, 0xCB, 0xC1, 0x87, 0x8C, 0x6F, 0x30, 0xCD,
0x07, 0x4C, 0xCE, 0x38, 0x5C, 0xDD, 0x70, 0xC7,
0xF2, 0x34, 0xBC, 0x0E, 0x24, 0xC1, 0x19, 0x80,
0xFD, 0x12, 0x86, 0x31, 0x0C, 0xE3, 0x7B, 0x92,
0x6E, 0x02, 0xFC, 0xD0, 0xFA, 0xA0, 0xBA, 0xF3,
0x8B, 0x29, 0x33, 0x85, 0x1D, 0x82, 0x45, 0x14
};
wc_Sm4 sm4;
byte enc[SM4_BLOCK_SIZE * 4];
byte dec[SM4_BLOCK_SIZE * 4];
int chunk;
int i;
int ret;
ret = wc_Sm4Init(&sm4, NULL, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* Encrypt and decrypt using encrypt with CTR. */
ret = wc_Sm4SetKey(&sm4, k1, sizeof(k1));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Sm4SetIV(&sm4, i1);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Sm4CtrEncrypt(&sm4, enc, p2, sizeof(p2));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(enc, c2_ctr, sizeof(c2_ctr)) != 0)
return WC_TEST_RET_ENC_NC;
ret = wc_Sm4SetIV(&sm4, i1);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Sm4CtrEncrypt(&sm4, dec, enc, sizeof(c2_ctr));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(dec, p2, sizeof(p2)) != 0)
return WC_TEST_RET_ENC_NC;
for (chunk = 1; chunk <= SM4_BLOCK_SIZE + 1; chunk++) {
ret = wc_Sm4SetIV(&sm4, i1);
if (ret != 0)
return WC_TEST_RET_ENC_I(chunk);
XMEMSET(enc, 0, sizeof(enc));
for (i = 0; i + chunk <= (int)sizeof(p2); i += chunk) {
ret = wc_Sm4CtrEncrypt(&sm4, enc + i, p2 + i, chunk);
if (ret != 0)
return WC_TEST_RET_ENC_I(i);
}
if (i < (int)sizeof(p2)) {
ret = wc_Sm4CtrEncrypt(&sm4, enc + i, p2 + i, sizeof(p2) - i);
if (ret != 0)
return WC_TEST_RET_ENC_I(chunk);
}
if (XMEMCMP(enc, c2_ctr, sizeof(c2_ctr)) != 0)
return WC_TEST_RET_ENC_I(chunk);
}
wc_Sm4Free(&sm4);
return 0;
}
#endif
#ifdef WOLFSSL_SM4_GCM
static int sm4_gcm_test(void)
{
WOLFSSL_SMALL_STACK_STATIC const byte k1[] = {
0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10
};
WOLFSSL_SMALL_STACK_STATIC const byte p1[] = {
0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB,
0xCC, 0xCC, 0xCC, 0xCC, 0xDD, 0xDD, 0xDD, 0xDD,
0xEE, 0xEE, 0xEE, 0xEE, 0xFF, 0xFF, 0xFF, 0xFF,
0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB
};
WOLFSSL_SMALL_STACK_STATIC const byte i1[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B
};
WOLFSSL_SMALL_STACK_STATIC const byte a1[] = {
0xFF, 0xEE, 0xDD
};
WOLFSSL_SMALL_STACK_STATIC const byte tag1[] = {
0x83, 0xb2, 0x91, 0xcf, 0x22, 0xc9, 0x5f, 0x89,
0xde, 0x3d, 0x52, 0x8d, 0xd7, 0x13, 0x50, 0x89
};
WOLFSSL_SMALL_STACK_STATIC const byte c1[] = {
0xff, 0x8b, 0xb2, 0x3b, 0x0a, 0x0a, 0x12, 0xa4,
0xa8, 0x4c, 0x4f, 0x67, 0x06, 0x81, 0xbb, 0x88,
0x66, 0x17, 0xc7, 0x43, 0xbf, 0xae, 0x41, 0x40,
0xec, 0x1e, 0x03, 0x85, 0x2b, 0x56, 0xa8, 0xc0
};
/* RFC8998 A.1. */
WOLFSSL_SMALL_STACK_STATIC const byte i2[] = {
0x00, 0x00, 0x12, 0x34, 0x56, 0x78, 0x00, 0x00,
0x00, 0x00, 0xAB, 0xCD
};
WOLFSSL_SMALL_STACK_STATIC const byte k2[] = {
0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10
};
WOLFSSL_SMALL_STACK_STATIC const byte p2[] = {
0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB,
0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC,
0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE,
0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA
};
WOLFSSL_SMALL_STACK_STATIC const byte a2[] = {
0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, 0xEF,
0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, 0xEF,
0xAB, 0xAD, 0xDA, 0xD2
};
WOLFSSL_SMALL_STACK_STATIC const byte c2[] = {
0x17, 0xF3, 0x99, 0xF0, 0x8C, 0x67, 0xD5, 0xEE,
0x19, 0xD0, 0xDC, 0x99, 0x69, 0xC4, 0xBB, 0x7D,
0x5F, 0xD4, 0x6F, 0xD3, 0x75, 0x64, 0x89, 0x06,
0x91, 0x57, 0xB2, 0x82, 0xBB, 0x20, 0x07, 0x35,
0xD8, 0x27, 0x10, 0xCA, 0x5C, 0x22, 0xF0, 0xCC,
0xFA, 0x7C, 0xBF, 0x93, 0xD4, 0x96, 0xAC, 0x15,
0xA5, 0x68, 0x34, 0xCB, 0xCF, 0x98, 0xC3, 0x97,
0xB4, 0x02, 0x4A, 0x26, 0x91, 0x23, 0x3B, 0x8D
};
WOLFSSL_SMALL_STACK_STATIC const byte tag2[] = {
0x83, 0xDE, 0x35, 0x41, 0xE4, 0xC2, 0xB5, 0x81,
0x77, 0xE0, 0x65, 0xA9, 0xBF, 0x7B, 0x62, 0xEC
};
wc_Sm4 sm4;
byte enc[SM4_BLOCK_SIZE * 4];
byte dec[SM4_BLOCK_SIZE * 4];
byte tag[SM4_BLOCK_SIZE];
int ret;
ret = wc_Sm4Init(&sm4, NULL, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* Encrypt and decrypt using encrypt with GCM. */
ret = wc_Sm4GcmSetKey(&sm4, k1, sizeof(k1));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Sm4GcmEncrypt(&sm4, enc, p1, sizeof(p1), i1, sizeof(i1), tag,
sizeof(tag), a1, sizeof(a1));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(enc, c1, sizeof(c1)) != 0)
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(tag, tag1, sizeof(tag1)) != 0)
return WC_TEST_RET_ENC_NC;
ret = wc_Sm4GcmDecrypt(&sm4, dec, enc, sizeof(c1), i1, sizeof(i1), tag,
sizeof(tag), a1, sizeof(a1));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(dec, p1, sizeof(p1)) != 0)
return WC_TEST_RET_ENC_NC;
/* RFC8998 test vector. */
ret = wc_Sm4GcmSetKey(&sm4, k2, sizeof(k2));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Sm4GcmEncrypt(&sm4, enc, p2, sizeof(p2), i2, sizeof(i2), tag,
sizeof(tag), a2, sizeof(a2));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(enc, c2, sizeof(c2)) != 0)
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(tag, tag2, sizeof(tag2)) != 0)
return WC_TEST_RET_ENC_NC;
ret = wc_Sm4GcmDecrypt(&sm4, dec, enc, sizeof(c2), i2, sizeof(i2), tag,
sizeof(tag), a2, sizeof(a2));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(dec, p2, sizeof(p2)) != 0)
return WC_TEST_RET_ENC_NC;
wc_Sm4Free(&sm4);
return 0;
}
#endif
#ifdef WOLFSSL_SM4_CCM
static int sm4_ccm_test(void)
{
WOLFSSL_SMALL_STACK_STATIC const byte k1[] = {
0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10
};
WOLFSSL_SMALL_STACK_STATIC const byte p1[] = {
0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB,
0xCC, 0xCC, 0xCC, 0xCC, 0xDD, 0xDD, 0xDD, 0xDD,
0xEE, 0xEE, 0xEE, 0xEE, 0xFF, 0xFF, 0xFF, 0xFF,
0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB
};
WOLFSSL_SMALL_STACK_STATIC const byte i1[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B
};
WOLFSSL_SMALL_STACK_STATIC const byte a1[] = {
0xFF, 0xEE, 0xDD
};
WOLFSSL_SMALL_STACK_STATIC const byte tag1[] = {
0x9a, 0x98, 0x04, 0xb6, 0x0f, 0x19, 0x4a, 0x46,
0xba, 0xed, 0xe6, 0x89, 0x69, 0x34, 0xad, 0x61
};
WOLFSSL_SMALL_STACK_STATIC const byte c1[] = {
0xbd, 0xc0, 0x72, 0x60, 0xda, 0x2d, 0x11, 0xdc,
0x66, 0x33, 0xcc, 0xec, 0xb2, 0xf4, 0x53, 0x59,
0x9e, 0xb1, 0xb3, 0x6b, 0x1f, 0x1c, 0xfb, 0x29,
0xf5, 0x37, 0xfc, 0x00, 0xf2, 0x4e, 0x70, 0x6f
};
/* RFC8998 A.1. */
WOLFSSL_SMALL_STACK_STATIC const byte i2[] = {
0x00, 0x00, 0x12, 0x34, 0x56, 0x78, 0x00, 0x00,
0x00, 0x00, 0xAB, 0xCD
};
WOLFSSL_SMALL_STACK_STATIC const byte k2[] = {
0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10
};
WOLFSSL_SMALL_STACK_STATIC const byte p2[] = {
0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB,
0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC,
0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE,
0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA
};
WOLFSSL_SMALL_STACK_STATIC const byte a2[] = {
0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, 0xEF,
0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, 0xEF,
0xAB, 0xAD, 0xDA, 0xD2
};
WOLFSSL_SMALL_STACK_STATIC const byte c2[] = {
0x48, 0xAF, 0x93, 0x50, 0x1F, 0xA6, 0x2A, 0xDB,
0xCD, 0x41, 0x4C, 0xCE, 0x60, 0x34, 0xD8, 0x95,
0xDD, 0xA1, 0xBF, 0x8F, 0x13, 0x2F, 0x04, 0x20,
0x98, 0x66, 0x15, 0x72, 0xE7, 0x48, 0x30, 0x94,
0xFD, 0x12, 0xE5, 0x18, 0xCE, 0x06, 0x2C, 0x98,
0xAC, 0xEE, 0x28, 0xD9, 0x5D, 0xF4, 0x41, 0x6B,
0xED, 0x31, 0xA2, 0xF0, 0x44, 0x76, 0xC1, 0x8B,
0xB4, 0x0C, 0x84, 0xA7, 0x4B, 0x97, 0xDC, 0x5B
};
WOLFSSL_SMALL_STACK_STATIC const byte tag2[] = {
0x16, 0x84, 0x2D, 0x4F, 0xA1, 0x86, 0xF5, 0x6A,
0xB3, 0x32, 0x56, 0x97, 0x1F, 0xA1, 0x10, 0xF4
};
wc_Sm4 sm4;
byte enc[SM4_BLOCK_SIZE * 4];
byte dec[SM4_BLOCK_SIZE * 4];
byte tag[SM4_BLOCK_SIZE];
int ret;
ret = wc_Sm4Init(&sm4, NULL, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* Encrypt and decrypt using encrypt with CCM. */
ret = wc_Sm4SetKey(&sm4, k1, sizeof(k1));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Sm4CcmEncrypt(&sm4, enc, p1, sizeof(p1), i1, sizeof(i1), tag,
sizeof(tag), a1, sizeof(a1));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(enc, c1, sizeof(c1)) != 0)
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(tag, tag1, sizeof(tag1)) != 0)
return WC_TEST_RET_ENC_NC;
ret = wc_Sm4CcmDecrypt(&sm4, dec, enc, sizeof(c1), i1, sizeof(i1), tag,
sizeof(tag), a1, sizeof(a1));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(dec, p1, sizeof(p1)) != 0)
return WC_TEST_RET_ENC_NC;
/* RFC8998 test vector. */
ret = wc_Sm4SetKey(&sm4, k2, sizeof(k2));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_Sm4CcmEncrypt(&sm4, enc, p2, sizeof(p2), i2, sizeof(i2), tag,
sizeof(tag), a2, sizeof(a2));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(enc, c2, sizeof(c2)) != 0)
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(tag, tag2, sizeof(tag2)) != 0)
return WC_TEST_RET_ENC_NC;
ret = wc_Sm4CcmDecrypt(&sm4, dec, enc, sizeof(c2), i2, sizeof(i2), tag,
sizeof(tag), a2, sizeof(a2));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(dec, p2, sizeof(p2)) != 0)
return WC_TEST_RET_ENC_NC;
wc_Sm4Free(&sm4);
return 0;
}
#endif
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm4_test(void)
{
wc_test_ret_t ret;
WOLFSSL_ENTER("sm4_test");
#ifdef WOLFSSL_SM4_ECB
ret = sm4_ecb_test();
if (ret != 0)
return ret;
#endif
#ifdef WOLFSSL_SM4_CBC
ret = sm4_cbc_test();
if (ret != 0)
return ret;
#endif
#ifdef WOLFSSL_SM4_CTR
ret = sm4_ctr_test();
if (ret != 0)
return ret;
#endif
#ifdef WOLFSSL_SM4_GCM
ret = sm4_gcm_test();
if (ret != 0)
return ret;
#endif
#ifdef WOLFSSL_SM4_CCM
ret = sm4_ccm_test();
if (ret != 0)
return ret;
#endif
return 0;
}
#endif
#ifdef WOLFSSL_PUF
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t puf_test(void)
{
#if defined(WOLFSSL_PUF_TEST) && defined(HAVE_HKDF) && \
(!defined(NO_SHA256) || defined(WOLFSSL_SHA3))
wc_test_ret_t ret = 0;
wc_PufCtx ctx;
byte key1[WC_PUF_KEY_SZ];
byte key2[WC_PUF_KEY_SZ];
byte id1[WC_PUF_ID_SZ];
byte id2[WC_PUF_ID_SZ];
/* deterministic test SRAM pattern: 256 bytes */
WOLFSSL_SMALL_STACK_STATIC const byte testSram[WC_PUF_RAW_BYTES] = {
0xA5, 0x3C, 0x7E, 0x19, 0xF0, 0x82, 0x4D, 0xBB,
0x6A, 0xC1, 0x55, 0x93, 0xE7, 0x2F, 0xD8, 0x04,
0x91, 0x68, 0xAE, 0x3B, 0xFC, 0xD7, 0x42, 0x0E,
0x85, 0x5A, 0xC9, 0x76, 0x1D, 0xB3, 0xEF, 0x60,
0x4C, 0x87, 0xDA, 0x25, 0xF1, 0x6E, 0x09, 0xB2,
0x73, 0xAC, 0x58, 0xE4, 0x3F, 0x96, 0xCB, 0x17,
0x8D, 0x62, 0xA0, 0x4E, 0xFB, 0xD5, 0x31, 0x79,
0xC6, 0x14, 0xBE, 0x8A, 0x47, 0xF3, 0x2D, 0x98,
0x5B, 0xE6, 0x0C, 0xA7, 0x64, 0xDF, 0x39, 0x80,
0xB5, 0x52, 0xCD, 0x18, 0x7B, 0xE1, 0x46, 0x9F,
0x23, 0xAA, 0x6D, 0xD0, 0x84, 0xF7, 0x3E, 0xB9,
0x51, 0xC2, 0x0F, 0x75, 0xEC, 0x48, 0x97, 0x2A,
0xDE, 0x63, 0xBC, 0x10, 0x86, 0xF9, 0x43, 0xAD,
0x5E, 0xC8, 0x27, 0x94, 0x6B, 0xD1, 0x3A, 0xB0,
0x7C, 0xE5, 0x08, 0xA1, 0x56, 0xCF, 0x4A, 0x8E,
0x35, 0xFD, 0x61, 0xB7, 0x22, 0x99, 0xD4, 0x1C,
0x70, 0xEE, 0x4B, 0x83, 0x2E, 0xA6, 0x5D, 0xF4,
0x36, 0xBD, 0x69, 0xC0, 0x15, 0x9B, 0xE8, 0x41,
0x8C, 0x53, 0xAB, 0x07, 0x74, 0xDC, 0x28, 0x95,
0x6F, 0xD3, 0x3D, 0xBA, 0x50, 0xC4, 0x1E, 0x89,
0xF6, 0x44, 0xAE, 0x5F, 0xC7, 0x12, 0x9A, 0xE3,
0x37, 0xB1, 0x66, 0xDB, 0x29, 0x8B, 0x54, 0xA2,
0x0D, 0x78, 0xED, 0x40, 0x93, 0x2C, 0xBF, 0x67,
0xD6, 0x3C, 0xA9, 0x57, 0xCE, 0x1A, 0x81, 0xF5,
0x49, 0x9E, 0x24, 0xB8, 0x6C, 0xD2, 0x38, 0xA4,
0x5C, 0xE9, 0x01, 0x7A, 0xDD, 0x45, 0x90, 0x2B,
0xBB, 0x62, 0xC3, 0x16, 0x8F, 0xF8, 0x4E, 0xA3,
0x34, 0xB6, 0x6E, 0xD9, 0x20, 0x9C, 0x59, 0xE2,
0x0B, 0x77, 0xEA, 0x42, 0x8D, 0x33, 0xCA, 0x5B,
0xFE, 0x11, 0x7F, 0xA8, 0x46, 0xD4, 0x2F, 0x96,
0x65, 0xBC, 0x03, 0x9D, 0xE0, 0x58, 0xAF, 0x71,
0xC5, 0x1B, 0x87, 0xFA, 0x4D, 0xB4, 0x26, 0xDF
};
/* noisy SRAM: same as testSram but with a few flipped bits */
byte noisySram[WC_PUF_RAW_BYTES];
byte helperBuf[WC_PUF_HELPER_BYTES];
const byte info[] = "puf-test-context";
WOLFSSL_ENTER("puf_test");
/* ---- Test 1: Init ---- */
ret = wc_PufInit(&ctx);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* ---- Test 2: SetTestData + Enroll ---- */
ret = wc_PufSetTestData(&ctx, testSram, sizeof(testSram));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_PufEnroll(&ctx);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* save helper data and identity */
XMEMCPY(helperBuf, ctx.helperData, WC_PUF_HELPER_BYTES);
ret = wc_PufGetIdentity(&ctx, id1, sizeof(id1));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* derive a key */
ret = wc_PufDeriveKey(&ctx, info, sizeof(info), key1, sizeof(key1));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* ---- Test 3: Reconstruct with same data (no noise) ---- */
ret = wc_PufInit(&ctx);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_PufSetTestData(&ctx, testSram, sizeof(testSram));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* need to call ReadSram to populate rawSram (test data already set) */
ret = wc_PufReadSram(&ctx, testSram, sizeof(testSram));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_PufReconstruct(&ctx, helperBuf, WC_PUF_HELPER_BYTES);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_PufGetIdentity(&ctx, id2, sizeof(id2));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* identity must match */
if (XMEMCMP(id1, id2, WC_PUF_ID_SZ) != 0)
return WC_TEST_RET_ENC_NC;
/* derive key again - must match */
ret = wc_PufDeriveKey(&ctx, info, sizeof(info), key2, sizeof(key2));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(key1, key2, WC_PUF_KEY_SZ) != 0)
return WC_TEST_RET_ENC_NC;
/* ---- Test 4: Reconstruct with noisy data (few bit flips) ---- */
XMEMCPY(noisySram, testSram, sizeof(testSram));
/* flip a few bits in each 128-bit block (within BCH correction limit) */
noisySram[0] ^= 0x01; /* block 0: 1 bit flip */
noisySram[16] ^= 0x03; /* block 1: 2 bit flips */
noisySram[32] ^= 0x05; /* block 2: 2 bit flips */
noisySram[48] ^= 0x11; /* block 3: 2 bit flips */
noisySram[64] ^= 0x80; /* block 4: 1 bit flip */
ret = wc_PufInit(&ctx);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_PufSetTestData(&ctx, noisySram, sizeof(noisySram));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_PufReadSram(&ctx, noisySram, sizeof(noisySram));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_PufReconstruct(&ctx, helperBuf, WC_PUF_HELPER_BYTES);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* identity should still match after error correction */
ret = wc_PufGetIdentity(&ctx, id2, sizeof(id2));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(id1, id2, WC_PUF_ID_SZ) != 0)
return WC_TEST_RET_ENC_NC;
/* derived key should still match */
ret = wc_PufDeriveKey(&ctx, info, sizeof(info), key2, sizeof(key2));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(key1, key2, WC_PUF_KEY_SZ) != 0)
return WC_TEST_RET_ENC_NC;
/* ---- Test 4b: Reconstruct with too many bit errors (should fail) ---- */
{
byte tooNoisySram[WC_PUF_RAW_BYTES];
XMEMCPY(tooNoisySram, testSram, sizeof(testSram));
/* flip 12 bits in block 0 (exceeds t=10 correction limit) */
tooNoisySram[0] ^= 0xFF; /* 8 flips */
tooNoisySram[1] ^= 0x0F; /* 4 flips = 12 total > t=10 */
ret = wc_PufInit(&ctx);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_PufSetTestData(&ctx, tooNoisySram, sizeof(tooNoisySram));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_PufReadSram(&ctx, tooNoisySram, sizeof(tooNoisySram));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (wc_PufReconstruct(&ctx, helperBuf, WC_PUF_HELPER_BYTES)
!= WC_NO_ERR_TRACE(PUF_RECONSTRUCT_E))
return WC_TEST_RET_ENC_NC;
}
/* ---- Test 5: Bad argument checks ---- */
if (wc_PufInit(NULL) != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_NC;
if (wc_PufReadSram(NULL, testSram, sizeof(testSram))
!= WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_NC;
if (wc_PufDeriveKey(&ctx, info, sizeof(info), NULL, 32)
!= WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_NC;
if (wc_PufEnroll(NULL) != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_NC;
if (wc_PufReconstruct(NULL, helperBuf, WC_PUF_HELPER_BYTES)
!= WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_NC;
if (wc_PufZeroize(NULL) != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_NC;
/* too-small identity buffer */
if (wc_PufGetIdentity(&ctx, id1, WC_PUF_ID_SZ - 1)
!= WC_NO_ERR_TRACE(PUF_IDENTITY_E))
return WC_TEST_RET_ENC_NC;
/* ---- Test 6: Zeroize ---- */
ret = wc_PufZeroize(&ctx);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* after zeroize, derive should fail (not ready) */
if (wc_PufDeriveKey(&ctx, info, sizeof(info), key1, sizeof(key1))
!= WC_NO_ERR_TRACE(PUF_DERIVE_KEY_E))
return WC_TEST_RET_ENC_NC;
return 0;
#else
return 0;
#endif /* WOLFSSL_PUF_TEST && HAVE_HKDF && (!NO_SHA256 || WOLFSSL_SHA3) */
}
#endif /* WOLFSSL_PUF */
#ifdef HAVE_XCHACHA
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha_test(void) {
WOLFSSL_SMALL_STACK_STATIC const byte Plaintext[] = {
0x54, 0x68, 0x65, 0x20, 0x64, 0x68, 0x6f, 0x6c, 0x65, 0x20, 0x28, 0x70, 0x72, 0x6f, 0x6e, 0x6f, /* The dhole (prono */
0x75, 0x6e, 0x63, 0x65, 0x64, 0x20, 0x22, 0x64, 0x6f, 0x6c, 0x65, 0x22, 0x29, 0x20, 0x69, 0x73, /* unced "dole") is */
0x20, 0x61, 0x6c, 0x73, 0x6f, 0x20, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x20, 0x61, 0x73, 0x20, 0x74, /* also known as t */
0x68, 0x65, 0x20, 0x41, 0x73, 0x69, 0x61, 0x74, 0x69, 0x63, 0x20, 0x77, 0x69, 0x6c, 0x64, 0x20, /* he Asiatic wild */
0x64, 0x6f, 0x67, 0x2c, 0x20, 0x72, 0x65, 0x64, 0x20, 0x64, 0x6f, 0x67, 0x2c, 0x20, 0x61, 0x6e, /* dog, red dog, an */
0x64, 0x20, 0x77, 0x68, 0x69, 0x73, 0x74, 0x6c, 0x69, 0x6e, 0x67, 0x20, 0x64, 0x6f, 0x67, 0x2e, /* d whistling dog. */
0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x61, 0x62, 0x6f, 0x75, 0x74, 0x20, 0x74, 0x68, 0x65, /* It is about the */
0x20, 0x73, 0x69, 0x7a, 0x65, 0x20, 0x6f, 0x66, 0x20, 0x61, 0x20, 0x47, 0x65, 0x72, 0x6d, 0x61, /* size of a Germa */
0x6e, 0x20, 0x73, 0x68, 0x65, 0x70, 0x68, 0x65, 0x72, 0x64, 0x20, 0x62, 0x75, 0x74, 0x20, 0x6c, /* n shepherd but l */
0x6f, 0x6f, 0x6b, 0x73, 0x20, 0x6d, 0x6f, 0x72, 0x65, 0x20, 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x61, /* ooks more like a */
0x20, 0x6c, 0x6f, 0x6e, 0x67, 0x2d, 0x6c, 0x65, 0x67, 0x67, 0x65, 0x64, 0x20, 0x66, 0x6f, 0x78, /* long-legged fox */
0x2e, 0x20, 0x54, 0x68, 0x69, 0x73, 0x20, 0x68, 0x69, 0x67, 0x68, 0x6c, 0x79, 0x20, 0x65, 0x6c, /* . This highly el */
0x75, 0x73, 0x69, 0x76, 0x65, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x73, 0x6b, 0x69, 0x6c, 0x6c, 0x65, /* usive and skille */
0x64, 0x20, 0x6a, 0x75, 0x6d, 0x70, 0x65, 0x72, 0x20, 0x69, 0x73, 0x20, 0x63, 0x6c, 0x61, 0x73, /* d jumper is clas */
0x73, 0x69, 0x66, 0x69, 0x65, 0x64, 0x20, 0x77, 0x69, 0x74, 0x68, 0x20, 0x77, 0x6f, 0x6c, 0x76, /* sified with wolv */
0x65, 0x73, 0x2c, 0x20, 0x63, 0x6f, 0x79, 0x6f, 0x74, 0x65, 0x73, 0x2c, 0x20, 0x6a, 0x61, 0x63, /* es, coyotes, jac */
0x6b, 0x61, 0x6c, 0x73, 0x2c, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x66, 0x6f, 0x78, 0x65, 0x73, 0x20, /* kals, and foxes */
0x69, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x74, 0x61, 0x78, 0x6f, 0x6e, 0x6f, 0x6d, 0x69, 0x63, /* in the taxonomic */
0x20, 0x66, 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x20, 0x43, 0x61, 0x6e, 0x69, 0x64, 0x61, 0x65, 0x2e /* family Canidae. */
};
WOLFSSL_SMALL_STACK_STATIC const byte Key[] = {
0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
};
WOLFSSL_SMALL_STACK_STATIC const byte IV[] = {
0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, /* @ABCDEFGHIJKLMNO */
0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x58 }; /* PQRSTUVW */
WOLFSSL_SMALL_STACK_STATIC const byte Ciphertext[] = {
0x45, 0x59, 0xab, 0xba, 0x4e, 0x48, 0xc1, 0x61, 0x02, 0xe8, 0xbb, 0x2c, 0x05, 0xe6, 0x94, 0x7f,
0x50, 0xa7, 0x86, 0xde, 0x16, 0x2f, 0x9b, 0x0b, 0x7e, 0x59, 0x2a, 0x9b, 0x53, 0xd0, 0xd4, 0xe9,
0x8d, 0x8d, 0x64, 0x10, 0xd5, 0x40, 0xa1, 0xa6, 0x37, 0x5b, 0x26, 0xd8, 0x0d, 0xac, 0xe4, 0xfa,
0xb5, 0x23, 0x84, 0xc7, 0x31, 0xac, 0xbf, 0x16, 0xa5, 0x92, 0x3c, 0x0c, 0x48, 0xd3, 0x57, 0x5d,
0x4d, 0x0d, 0x2c, 0x67, 0x3b, 0x66, 0x6f, 0xaa, 0x73, 0x10, 0x61, 0x27, 0x77, 0x01, 0x09, 0x3a,
0x6b, 0xf7, 0xa1, 0x58, 0xa8, 0x86, 0x42, 0x92, 0xa4, 0x1c, 0x48, 0xe3, 0xa9, 0xb4, 0xc0, 0xda,
0xec, 0xe0, 0xf8, 0xd9, 0x8d, 0x0d, 0x7e, 0x05, 0xb3, 0x7a, 0x30, 0x7b, 0xbb, 0x66, 0x33, 0x31,
0x64, 0xec, 0x9e, 0x1b, 0x24, 0xea, 0x0d, 0x6c, 0x3f, 0xfd, 0xdc, 0xec, 0x4f, 0x68, 0xe7, 0x44,
0x30, 0x56, 0x19, 0x3a, 0x03, 0xc8, 0x10, 0xe1, 0x13, 0x44, 0xca, 0x06, 0xd8, 0xed, 0x8a, 0x2b,
0xfb, 0x1e, 0x8d, 0x48, 0xcf, 0xa6, 0xbc, 0x0e, 0xb4, 0xe2, 0x46, 0x4b, 0x74, 0x81, 0x42, 0x40,
0x7c, 0x9f, 0x43, 0x1a, 0xee, 0x76, 0x99, 0x60, 0xe1, 0x5b, 0xa8, 0xb9, 0x68, 0x90, 0x46, 0x6e,
0xf2, 0x45, 0x75, 0x99, 0x85, 0x23, 0x85, 0xc6, 0x61, 0xf7, 0x52, 0xce, 0x20, 0xf9, 0xda, 0x0c,
0x09, 0xab, 0x6b, 0x19, 0xdf, 0x74, 0xe7, 0x6a, 0x95, 0x96, 0x74, 0x46, 0xf8, 0xd0, 0xfd, 0x41,
0x5e, 0x7b, 0xee, 0x2a, 0x12, 0xa1, 0x14, 0xc2, 0x0e, 0xb5, 0x29, 0x2a, 0xe7, 0xa3, 0x49, 0xae,
0x57, 0x78, 0x20, 0xd5, 0x52, 0x0a, 0x1f, 0x3f, 0xb6, 0x2a, 0x17, 0xce, 0x6a, 0x7e, 0x68, 0xfa,
0x7c, 0x79, 0x11, 0x1d, 0x88, 0x60, 0x92, 0x0b, 0xc0, 0x48, 0xef, 0x43, 0xfe, 0x84, 0x48, 0x6c,
0xcb, 0x87, 0xc2, 0x5f, 0x0a, 0xe0, 0x45, 0xf0, 0xcc, 0xe1, 0xe7, 0x98, 0x9a, 0x9a, 0xa2, 0x20,
0xa2, 0x8b, 0xdd, 0x48, 0x27, 0xe7, 0x51, 0xa2, 0x4a, 0x6d, 0x5c, 0x62, 0xd7, 0x90, 0xa6, 0x63,
0x93, 0xb9, 0x31, 0x11, 0xc1, 0xa5, 0x5d, 0xd7, 0x42, 0x1a, 0x10, 0x18, 0x49, 0x74, 0xc7, 0xc5
};
wc_test_ret_t ret;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
struct ChaCha *chacha = (struct ChaCha *)XMALLOC(sizeof *chacha, HEAP_HINT, DYNAMIC_TYPE_CIPHER);
byte *buf1 = (byte *)XMALLOC(sizeof Plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
byte *buf2 = (byte *)XMALLOC(sizeof Plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
WOLFSSL_ENTER("XChaCha_test");
if ((chacha == NULL) || (buf1 == NULL) || (buf2 == NULL))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
struct ChaCha chacha[1];
byte buf1[sizeof Plaintext];
byte buf2[sizeof Plaintext];
WOLFSSL_ENTER("XChaCha_test");
#endif
ret = wc_XChacha_SetKey(chacha, Key, sizeof Key, IV, sizeof IV, 0);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_Chacha_Process(chacha, buf1, Plaintext, sizeof Plaintext);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(buf1, Ciphertext, sizeof Plaintext))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_XChacha_SetKey(chacha, Key, sizeof Key, IV, sizeof IV, 0);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_Chacha_Process(chacha, buf2, buf1, sizeof Plaintext);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(buf2, Plaintext, sizeof Plaintext))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
/* Test unaligned input buffer case */
{
byte keyBuf[sizeof Key + 1];
byte ivBuf[sizeof IV + 1];
XMEMCPY(keyBuf + 1, Key, sizeof Key);
XMEMCPY(ivBuf + 1, IV, sizeof IV);
ret = wc_XChacha_SetKey(chacha, keyBuf + 1, sizeof Key,
ivBuf + 1, sizeof IV, 0);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_Chacha_Process(chacha, buf2, Plaintext, sizeof Plaintext);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(buf2, Ciphertext, sizeof Plaintext))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
out:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(chacha, HEAP_HINT, DYNAMIC_TYPE_CIPHER);
XFREE(buf1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(buf2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
#endif /* HAVE_XCHACHA */
#if defined(HAVE_XCHACHA) && defined(HAVE_POLY1305)
static wc_test_ret_t xchacha20_poly1305_oneshot_test(void)
{
WOLFSSL_SMALL_STACK_STATIC const byte Plaintext[] = {
0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c, /* Ladies and Gentl */
0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, /* emen of the clas */
0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39, 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63, /* s of '99: If I c */
0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f, /* ould offer you o */
0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20, 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, /* nly one tip for */
0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73, /* the future, suns */
0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, /* creen would be i */
0x74, 0x2e }; /* t. */
WOLFSSL_SMALL_STACK_STATIC const byte AAD[] = { 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7 }; /* PQRS........ */
WOLFSSL_SMALL_STACK_STATIC const byte Key[] = {
0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
};
WOLFSSL_SMALL_STACK_STATIC const byte IV[] = {
0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, /* @ABCDEFGHIJKLMNO */
0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57 }; /* PQRSTUVW */
WOLFSSL_SMALL_STACK_STATIC const byte Ciphertext[] = {
0xbd, 0x6d, 0x17, 0x9d, 0x3e, 0x83, 0xd4, 0x3b, 0x95, 0x76, 0x57, 0x94, 0x93, 0xc0, 0xe9, 0x39,
0x57, 0x2a, 0x17, 0x00, 0x25, 0x2b, 0xfa, 0xcc, 0xbe, 0xd2, 0x90, 0x2c, 0x21, 0x39, 0x6c, 0xbb,
0x73, 0x1c, 0x7f, 0x1b, 0x0b, 0x4a, 0xa6, 0x44, 0x0b, 0xf3, 0xa8, 0x2f, 0x4e, 0xda, 0x7e, 0x39,
0xae, 0x64, 0xc6, 0x70, 0x8c, 0x54, 0xc2, 0x16, 0xcb, 0x96, 0xb7, 0x2e, 0x12, 0x13, 0xb4, 0x52,
0x2f, 0x8c, 0x9b, 0xa4, 0x0d, 0xb5, 0xd9, 0x45, 0xb1, 0x1b, 0x69, 0xb9, 0x82, 0xc1, 0xbb, 0x9e,
0x3f, 0x3f, 0xac, 0x2b, 0xc3, 0x69, 0x48, 0x8f, 0x76, 0xb2, 0x38, 0x35, 0x65, 0xd3, 0xff, 0xf9,
0x21, 0xf9, 0x66, 0x4c, 0x97, 0x63, 0x7d, 0xa9, 0x76, 0x88, 0x12, 0xf6, 0x15, 0xc6, 0x8b, 0x13,
0xb5, 0x2e };
WOLFSSL_SMALL_STACK_STATIC const byte Tag[] = {
0xc0, 0x87, 0x59, 0x24, 0xc1, 0xc7, 0x98, 0x79, 0x47, 0xde, 0xaf, 0xd8, 0x78, 0x0a, 0xcf, 0x49
};
wc_test_ret_t ret;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
byte *buf1 = (byte *)XMALLOC(sizeof Ciphertext + sizeof Tag, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
byte *buf2 = (byte *)XMALLOC(sizeof Plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if ((buf1 == NULL) || (buf2 == NULL))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
byte buf1[sizeof Ciphertext + sizeof Tag];
byte buf2[sizeof Plaintext];
#endif
ret = wc_XChaCha20Poly1305_Encrypt(buf1, sizeof Ciphertext + sizeof Tag,
Plaintext, sizeof Plaintext,
AAD, sizeof AAD,
IV, sizeof IV,
Key, sizeof Key);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(buf1, Ciphertext, sizeof Ciphertext))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(buf1 + sizeof Ciphertext, Tag, CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_XChaCha20Poly1305_Decrypt(buf2, sizeof Plaintext,
buf1, sizeof Ciphertext + sizeof Tag,
AAD, sizeof AAD,
IV, sizeof IV,
Key, sizeof Key);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(buf2, Plaintext, sizeof Plaintext))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = 0;
out:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(buf1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(buf2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
static wc_test_ret_t xchacha20_poly1305_param_test(void)
{
WOLFSSL_SMALL_STACK_STATIC const byte Plaintext[] = {
0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c, /* Ladies and Gentl */
0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, /* emen of the clas */
0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39, 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63, /* s of '99: If I c */
0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f, /* ould offer you o */
0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20, 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, /* nly one tip for */
0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73, /* the future, suns */
0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, /* creen would be i */
0x74, 0x2e }; /* t. */
WOLFSSL_SMALL_STACK_STATIC const byte AAD[] = { 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7 }; /* PQRS........ */
WOLFSSL_SMALL_STACK_STATIC const byte Key[] = {
0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
};
WOLFSSL_SMALL_STACK_STATIC const byte IV[] = {
0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, /* @ABCDEFGHIJKLMNO */
0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57 }; /* PQRSTUVW */
WOLFSSL_SMALL_STACK_STATIC const byte Ciphertext[] = {
0xbd, 0x6d, 0x17, 0x9d, 0x3e, 0x83, 0xd4, 0x3b, 0x95, 0x76, 0x57, 0x94, 0x93, 0xc0, 0xe9, 0x39,
0x57, 0x2a, 0x17, 0x00, 0x25, 0x2b, 0xfa, 0xcc, 0xbe, 0xd2, 0x90, 0x2c, 0x21, 0x39, 0x6c, 0xbb,
0x73, 0x1c, 0x7f, 0x1b, 0x0b, 0x4a, 0xa6, 0x44, 0x0b, 0xf3, 0xa8, 0x2f, 0x4e, 0xda, 0x7e, 0x39,
0xae, 0x64, 0xc6, 0x70, 0x8c, 0x54, 0xc2, 0x16, 0xcb, 0x96, 0xb7, 0x2e, 0x12, 0x13, 0xb4, 0x52,
0x2f, 0x8c, 0x9b, 0xa4, 0x0d, 0xb5, 0xd9, 0x45, 0xb1, 0x1b, 0x69, 0xb9, 0x82, 0xc1, 0xbb, 0x9e,
0x3f, 0x3f, 0xac, 0x2b, 0xc3, 0x69, 0x48, 0x8f, 0x76, 0xb2, 0x38, 0x35, 0x65, 0xd3, 0xff, 0xf9,
0x21, 0xf9, 0x66, 0x4c, 0x97, 0x63, 0x7d, 0xa9, 0x76, 0x88, 0x12, 0xf6, 0x15, 0xc6, 0x8b, 0x13,
0xb5, 0x2e };
WOLFSSL_SMALL_STACK_STATIC const byte Tag[] = {
0xc0, 0x87, 0x59, 0x24, 0xc1, 0xc7, 0x98, 0x79, 0x47, 0xde, 0xaf, 0xd8, 0x78, 0x0a, 0xcf, 0x49
};
ChaChaPoly_Aead aead;
wc_test_ret_t ret;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
byte *buf1 = (byte *)XMALLOC(sizeof Ciphertext + sizeof Tag, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
byte *buf2 = (byte *)XMALLOC(sizeof Plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if ((buf1 == NULL) || (buf2 == NULL))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
byte buf1[sizeof Ciphertext + sizeof Tag];
byte buf2[sizeof Plaintext];
#endif
/* Pre-fill buf1 with valid ciphertext for use in Decrypt parameter tests */
ret = wc_XChaCha20Poly1305_Encrypt(buf1, sizeof Ciphertext + sizeof Tag,
Plaintext, sizeof Plaintext,
AAD, sizeof AAD,
IV, sizeof IV,
Key, sizeof Key);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* Test wc_XChaCha20Poly1305_Init bad parameters */
ret = wc_XChaCha20Poly1305_Init(NULL, AAD, sizeof AAD,
IV, sizeof IV,
Key, sizeof Key, 1);
if (ret == 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_XChaCha20Poly1305_Init(&aead, AAD, sizeof AAD,
NULL, sizeof IV,
Key, sizeof Key, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_XChaCha20Poly1305_Init(&aead, AAD, sizeof AAD,
IV, sizeof IV,
NULL, sizeof Key, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* Wrong nonce size (12 instead of 24) */
ret = wc_XChaCha20Poly1305_Init(&aead, AAD, sizeof AAD,
IV, CHACHA20_POLY1305_AEAD_IV_SIZE,
Key, sizeof Key, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* Wrong key size (16 instead of 32) */
ret = wc_XChaCha20Poly1305_Init(&aead, AAD, sizeof AAD,
IV, sizeof IV,
Key, 16, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* Test wc_XChaCha20Poly1305_Encrypt bad parameters */
ret = wc_XChaCha20Poly1305_Encrypt(NULL, sizeof Ciphertext + sizeof Tag,
Plaintext, sizeof Plaintext,
AAD, sizeof AAD,
IV, sizeof IV,
Key, sizeof Key);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_XChaCha20Poly1305_Encrypt(buf1, sizeof Ciphertext + sizeof Tag,
NULL, sizeof Plaintext,
AAD, sizeof AAD,
IV, sizeof IV,
Key, sizeof Key);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_XChaCha20Poly1305_Encrypt(buf1, sizeof Ciphertext + sizeof Tag,
Plaintext, sizeof Plaintext,
NULL, sizeof AAD,
IV, sizeof IV,
Key, sizeof Key);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_XChaCha20Poly1305_Encrypt(buf1, sizeof Ciphertext + sizeof Tag,
Plaintext, sizeof Plaintext,
AAD, sizeof AAD,
NULL, sizeof IV,
Key, sizeof Key);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_XChaCha20Poly1305_Encrypt(buf1, sizeof Ciphertext + sizeof Tag,
Plaintext, sizeof Plaintext,
AAD, sizeof AAD,
IV, sizeof IV,
NULL, sizeof Key);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* Wrong nonce size (12 instead of 24) */
ret = wc_XChaCha20Poly1305_Encrypt(buf1, sizeof Ciphertext + sizeof Tag,
Plaintext, sizeof Plaintext,
AAD, sizeof AAD,
IV, CHACHA20_POLY1305_AEAD_IV_SIZE,
Key, sizeof Key);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* Wrong key size (16 instead of 32) */
ret = wc_XChaCha20Poly1305_Encrypt(buf1, sizeof Ciphertext + sizeof Tag,
Plaintext, sizeof Plaintext,
AAD, sizeof AAD,
IV, sizeof IV,
Key, 16);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* Insufficient buffer space */
ret = wc_XChaCha20Poly1305_Encrypt(buf1, sizeof Plaintext,
Plaintext, sizeof Plaintext,
AAD, sizeof AAD,
IV, sizeof IV,
Key, sizeof Key);
if (ret != WC_NO_ERR_TRACE(BUFFER_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* Test wc_XChaCha20Poly1305_Decrypt bad parameters */
ret = wc_XChaCha20Poly1305_Decrypt(NULL, sizeof Plaintext,
buf1, sizeof Ciphertext + sizeof Tag,
AAD, sizeof AAD,
IV, sizeof IV,
Key, sizeof Key);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_XChaCha20Poly1305_Decrypt(buf2, sizeof Plaintext,
NULL, sizeof Ciphertext + sizeof Tag,
AAD, sizeof AAD,
IV, sizeof IV,
Key, sizeof Key);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_XChaCha20Poly1305_Decrypt(buf2, sizeof Plaintext,
buf1, sizeof Ciphertext + sizeof Tag,
NULL, sizeof AAD,
IV, sizeof IV,
Key, sizeof Key);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_XChaCha20Poly1305_Decrypt(buf2, sizeof Plaintext,
buf1, sizeof Ciphertext + sizeof Tag,
AAD, sizeof AAD,
NULL, sizeof IV,
Key, sizeof Key);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_XChaCha20Poly1305_Decrypt(buf2, sizeof Plaintext,
buf1, sizeof Ciphertext + sizeof Tag,
AAD, sizeof AAD,
IV, sizeof IV,
NULL, sizeof Key);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* Wrong nonce size (12 instead of 24) */
ret = wc_XChaCha20Poly1305_Decrypt(buf2, sizeof Plaintext,
buf1, sizeof Ciphertext + sizeof Tag,
AAD, sizeof AAD,
IV, CHACHA20_POLY1305_AEAD_IV_SIZE,
Key, sizeof Key);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* Wrong key size (16 instead of 32) */
ret = wc_XChaCha20Poly1305_Decrypt(buf2, sizeof Plaintext,
buf1, sizeof Ciphertext + sizeof Tag,
AAD, sizeof AAD,
IV, sizeof IV,
Key, 16);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* Insufficient buffer space */
ret = wc_XChaCha20Poly1305_Decrypt(buf2, sizeof Plaintext - 1,
buf1, sizeof Ciphertext + sizeof Tag,
AAD, sizeof AAD,
IV, sizeof IV,
Key, sizeof Key);
if (ret != WC_NO_ERR_TRACE(BUFFER_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = 0;
out:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(buf1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(buf2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha20Poly1305_test(void)
{
wc_test_ret_t ret;
WOLFSSL_ENTER("XChaCha20Poly1305_test");
ret = xchacha20_poly1305_oneshot_test();
if (ret != 0)
return ret;
ret = xchacha20_poly1305_param_test();
if (ret != 0)
return ret;
return 0;
}
#endif /* defined(HAVE_XCHACHA) && defined(HAVE_POLY1305) */
#ifndef WC_NO_RNG
static wc_test_ret_t _rng_test(WC_RNG* rng)
{
byte block[32];
wc_test_ret_t ret;
int i;
#if defined(WOLFSSL_TRACK_MEMORY) && defined(WOLFSSL_SMALL_STACK_CACHE)
long current_totalAllocs = wc_MemStats_Ptr->totalAllocs;
#endif
XMEMSET(block, 0, sizeof(block));
ret = wc_RNG_GenerateBlock(rng, block, sizeof(block));
if (ret != 0) {
return WC_TEST_RET_ENC_EC(ret);
}
/* Check for 0's */
for (i=0; i<(int)sizeof(block); i++) {
if (block[i] == 0) {
ret++;
}
}
/* All zeros count check */
if (ret >= (int)sizeof(block)) {
return WC_TEST_RET_ENC_NC;
}
ret = wc_RNG_GenerateByte(rng, block);
if (ret != 0) {
return WC_TEST_RET_ENC_EC(ret);
}
#if defined(HAVE_HASHDRBG) && !defined(HAVE_INTEL_RDRAND) && \
!defined(CUSTOM_RAND_GENERATE_BLOCK) && \
!defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(5,0,0))
/* Test periodic reseed dynamics. */
#ifdef WOLF_CRYPTO_CB
if (wc_CryptoCb_RandomBlock(rng, block, sizeof(block)) ==
WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
{
#endif
/* The else-branch references the SHA-256 DRBG (rng->drbg /
* struct DRBG_internal) which only exists when SHA-256 is
* compiled in. Gate the else keyword and the SHA-256 fallback
* body together so a NO_SHA256 + WOLFSSL_DRBG_SHA512 build (in
* which drbgType is always WC_DRBG_SHA512) still compiles. */
#if defined(WOLFSSL_DRBG_SHA512) && !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0))
if (rng->drbgType == WC_DRBG_SHA512) {
((struct DRBG_SHA512_internal *)rng->drbg512)->reseedCtr =
WC_RESEED_INTERVAL;
}
#ifndef NO_SHA256
else
#endif
#endif
#ifndef NO_SHA256
{
((struct DRBG_internal *)rng->drbg)->reseedCtr =
WC_RESEED_INTERVAL;
}
#endif
ret = wc_RNG_GenerateBlock(rng, block, sizeof(block));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#if defined(WOLFSSL_DRBG_SHA512) && !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0))
if (rng->drbgType == WC_DRBG_SHA512) {
if (((struct DRBG_SHA512_internal *)rng->drbg512)->reseedCtr ==
WC_RESEED_INTERVAL)
return WC_TEST_RET_ENC_NC;
}
#ifndef NO_SHA256
else
#endif
#endif
#ifndef NO_SHA256
{
if (((struct DRBG_internal *)rng->drbg)->reseedCtr ==
WC_RESEED_INTERVAL)
return WC_TEST_RET_ENC_NC;
}
#endif
#ifdef WOLF_CRYPTO_CB
}
#endif
#endif /* HAVE_HASHDRBG && !CUSTOM_RAND_GENERATE_BLOCK && !HAVE_SELFTEST */
#if defined(WOLFSSL_TRACK_MEMORY) && defined(WOLFSSL_SMALL_STACK_CACHE)
/* wc_RNG_GenerateBlock() must not allocate any memory in
* WOLFSSL_SMALL_STACK_CACHE builds, even if it had to reseed.
* LINUXKM_DRBG_GET_RANDOM_BYTES depends on this --
* wolfssl_linuxkm_random_bytes_handlers (wc__get_random_bytes() and
* wc_crng_reseed()) can't call the heap, since the kernel heap will call
* them via get_random_u32().
*/
if (current_totalAllocs != wc_MemStats_Ptr->totalAllocs)
return WC_TEST_RET_ENC_NC;
#endif
/* Parameter validation testing. */
ret = wc_RNG_GenerateBlock(NULL, block, sizeof(block));
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
return WC_TEST_RET_ENC_EC(ret);
}
ret = wc_RNG_GenerateBlock(rng, NULL, sizeof(block));
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
return WC_TEST_RET_ENC_EC(ret);
}
ret = wc_RNG_GenerateByte(NULL, block);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
return WC_TEST_RET_ENC_EC(ret);
}
ret = wc_RNG_GenerateByte(rng, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
return WC_TEST_RET_ENC_EC(ret);
}
return 0;
}
static wc_test_ret_t random_rng_test(void)
{
WC_RNG localRng;
WC_RNG* rng;
wc_test_ret_t ret;
rng = &localRng;
/* Test stack based RNG. */
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(rng, HEAP_HINT, devId);
#else
ret = wc_InitRng(rng);
#endif
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = _rng_test(rng);
/* Make sure and free RNG */
wc_FreeRng(rng);
if (ret != 0)
return ret;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_NO_MALLOC)
{
byte nonce[8] = { 0 };
/* Test dynamic RNG */
rng = wc_rng_new(nonce, (word32)sizeof(nonce), HEAP_HINT);
if (rng == NULL)
return WC_TEST_RET_ENC_ERRNO;
ret = _rng_test(rng);
wc_rng_free(rng);
rng = NULL;
if (ret != 0)
return ret;
/* Test dynamic RNG using extended API */
ret = wc_rng_new_ex(&rng, nonce, (word32)sizeof(nonce),
HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = _rng_test(rng);
wc_rng_free(rng);
if (ret != 0)
return ret;
}
#endif
#ifdef REALLY_LONG_DRBG_CONTINUOUS_TEST
ret = drbg_continuous_main();
#endif
return ret;
}
#if defined(HAVE_HASHDRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK) && \
!defined(HAVE_INTEL_RDRAND)
#if defined(WC_RNG_SEED_CB) && \
!(defined(ENTROPY_SCALE_FACTOR) || defined(SEED_BLOCK_SZ))
static int seed_cb(OS_Seed* os, byte* output, word32 sz)
{
word32 i;
(void)os;
/* Known answer test. Set the seed to the same value every time. */
for (i = 0; i < sz; i++)
output[i] = (byte)i;
return 0;
}
static wc_test_ret_t rng_seed_test(void)
{
/* The expected PRNG block depends on ENTROPY_SCALE_FACTOR and
* SEED_BLOCK_SZ, which depend on which seed back end is configured.
*/
#if defined(HAVE_ENTROPY_MEMUSE) && defined(HAVE_AMD_RDSEED) && \
!(defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) && FIPS_VERSION3_NE(5,2,4))
#ifdef HAVE_FIPS
WOLFSSL_SMALL_STACK_STATIC const byte check[] =
{
0x35, 0x1e, 0xf9, 0xe8, 0x6b, 0x19, 0xe0, 0xe5,
0x32, 0xb3, 0x41, 0xe5, 0xc1, 0x35, 0x18, 0x35,
0x84, 0x2a, 0x3f, 0x84, 0x16, 0xc4, 0xf3, 0x50,
0xdd, 0x4b, 0xeb, 0xe4, 0xcd, 0xbe, 0x94, 0x84
};
#else
WOLFSSL_SMALL_STACK_STATIC const byte check[] =
{
0xb8, 0x3e, 0x23, 0xad, 0x34, 0xb6, 0x1e, 0xc7,
0x0f, 0xa6, 0x4a, 0x45, 0x12, 0x66, 0xfd, 0x4d,
0x97, 0xb2, 0x3d, 0xb3, 0xda, 0xcc, 0xed, 0x50,
0x2e, 0xe0, 0x51, 0x38, 0x1d, 0x0f, 0x81, 0x35
};
#endif
#elif defined(HAVE_ENTROPY_MEMUSE) && \
(defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND))
#ifdef HAVE_FIPS
WOLFSSL_SMALL_STACK_STATIC const byte check[] =
{
0xba, 0xc3, 0x2f, 0xcf, 0xd2, 0x0e, 0xe1, 0x16,
0x45, 0xdc, 0xc2, 0x87, 0x0d, 0x70, 0xde, 0x5e,
0x2e, 0x2f, 0x0c, 0x7a, 0x1d, 0x04, 0x89, 0x0d,
0x0b, 0x9a, 0x51, 0x00, 0x4f, 0x7e, 0xce, 0xd6
};
#else
WOLFSSL_SMALL_STACK_STATIC const byte check[] =
{
0xa6, 0xfa, 0x3e, 0xb7, 0x66, 0x85, 0x96, 0x79,
0xef, 0x91, 0x26, 0xa1, 0xe8, 0x71, 0xa7, 0x13,
0x03, 0xea, 0xe5, 0x7b, 0x36, 0x52, 0x02, 0x39,
0x83, 0xbf, 0x41, 0xd1, 0x3e, 0x8f, 0xc0, 0x45
};
#endif
#elif defined(HAVE_AMD_RDSEED) && \
!(defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) && FIPS_VERSION3_NE(5,2,4))
WOLFSSL_SMALL_STACK_STATIC const byte check[] =
{
0x2c, 0xd4, 0x9b, 0x1e, 0x1e, 0xe7, 0xb0, 0xb0,
0xf9, 0xa0, 0xa9, 0xd5, 0x8d, 0xf9, 0x6d, 0x10,
0xf4, 0x77, 0xaf, 0xac, 0x3d, 0x2f, 0x6b, 0x1f,
0xa2, 0xe7, 0xe5, 0x90, 0x6d, 0x1f, 0x88, 0x98
};
#elif (defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND)) && \
!(defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) && FIPS_VERSION3_NE(5,2,4))
#ifdef HAVE_FIPS
WOLFSSL_SMALL_STACK_STATIC const byte check[] =
{
0x27, 0xdd, 0xff, 0x5b, 0x21, 0x26, 0x0a, 0x48,
0xb3, 0x6b, 0xd8, 0x14, 0x00, 0x55, 0xe8, 0x39,
0x6d, 0x31, 0xf3, 0x6e, 0xe7, 0xbf, 0xce, 0x08,
0x1f, 0x61, 0x73, 0xe6, 0x3c, 0xb9, 0x12, 0xea
};
#else
WOLFSSL_SMALL_STACK_STATIC const byte check[] =
{
0x3b, 0x9d, 0x0d, 0xc8, 0x0e, 0xb4, 0x33, 0x0b,
0x50, 0x5f, 0x3a, 0xee, 0xc8, 0x68, 0x8d, 0x9f,
0xdf, 0x39, 0x06, 0x78, 0xf8, 0x6a, 0xd6, 0xc6,
0xd7, 0x63, 0x57, 0xe8, 0x6d, 0xf7, 0xc8, 0x6b
};
#endif
#elif defined(HAVE_INTEL_RDSEED) && \
defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) && FIPS_VERSION3_NE(5,2,4)
WOLFSSL_SMALL_STACK_STATIC const byte check[] =
{
0x27, 0xdd, 0xff, 0x5b, 0x21, 0x26, 0x0a, 0x48,
0xb3, 0x6b, 0xd8, 0x14, 0x00, 0x55, 0xe8, 0x39,
0x6d, 0x31, 0xf3, 0x6e, 0xe7, 0xbf, 0xce, 0x08,
0x1f, 0x61, 0x73, 0xe6, 0x3c, 0xb9, 0x12, 0xea
};
#elif defined(HAVE_FIPS)
WOLFSSL_SMALL_STACK_STATIC const byte check[] =
{
0xaf, 0x31, 0xcc, 0xef, 0xa9, 0x29, 0x4c, 0x24,
0xbd, 0xa5, 0xa3, 0x52, 0x69, 0xf3, 0xb9, 0xb2,
0x1e, 0xd4, 0x52, 0x3b, 0x9a, 0x96, 0x06, 0x20,
0xc0, 0x5f, 0x44, 0x06, 0x1f, 0x80, 0xdf, 0xe0
};
#else
WOLFSSL_SMALL_STACK_STATIC const byte check[] =
{
0x83, 0x46, 0x65, 0x2f, 0x5c, 0x44, 0x16, 0x5f,
0xb3, 0x89, 0x26, 0xde, 0x0b, 0x6b, 0xa2, 0x06,
0x7e, 0xa7, 0x9a, 0x55, 0x22, 0x01, 0xb0, 0x22,
0xf4, 0x7e, 0xa2, 0x66, 0xc4, 0x08, 0x6f, 0xba
};
#endif
byte output[WC_SHA256_DIGEST_SIZE];
WC_RNG rng;
wc_test_ret_t ret;
ret = wc_SetSeed_Cb(seed_cb);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
ret = wc_InitRng(&rng);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
ret = wc_RNG_GenerateBlock(&rng, output, sizeof(output));
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
ret = XMEMCMP(output, check, sizeof(output));
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
ret = wc_FreeRng(&rng);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
ret = wc_SetSeed_Cb(WC_GENERATE_SEED_DEFAULT);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
out:
return ret;
}
#endif /* WC_RNG_SEED_CB && !(ENTROPY_SCALE_FACTOR || SEED_BLOCK_SZ) */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void)
{
/* SHA-256 Hash_DRBG known-answer vectors. wc_RNG_HealthTest is
* gated on !NO_SHA256 in random.h (it operates on DRBG_internal),
* so the data and calls are gated together to keep SHA-512-only
* builds clean of unused-variable warnings. SHA-512 vectors below
* have their own WOLFSSL_DRBG_SHA512 guard. */
#ifndef NO_SHA256
WOLFSSL_SMALL_STACK_STATIC const byte test1Entropy[] =
{
0xa6, 0x5a, 0xd0, 0xf3, 0x45, 0xdb, 0x4e, 0x0e, 0xff, 0xe8, 0x75, 0xc3,
0xa2, 0xe7, 0x1f, 0x42, 0xc7, 0x12, 0x9d, 0x62, 0x0f, 0xf5, 0xc1, 0x19,
0xa9, 0xef, 0x55, 0xf0, 0x51, 0x85, 0xe0, 0xfb, 0x85, 0x81, 0xf9, 0x31,
0x75, 0x17, 0x27, 0x6e, 0x06, 0xe9, 0x60, 0x7d, 0xdb, 0xcb, 0xcc, 0x2e
};
WOLFSSL_SMALL_STACK_STATIC const byte test1Output[] =
{
0xd3, 0xe1, 0x60, 0xc3, 0x5b, 0x99, 0xf3, 0x40, 0xb2, 0x62, 0x82, 0x64,
0xd1, 0x75, 0x10, 0x60, 0xe0, 0x04, 0x5d, 0xa3, 0x83, 0xff, 0x57, 0xa5,
0x7d, 0x73, 0xa6, 0x73, 0xd2, 0xb8, 0xd8, 0x0d, 0xaa, 0xf6, 0xa6, 0xc3,
0x5a, 0x91, 0xbb, 0x45, 0x79, 0xd7, 0x3f, 0xd0, 0xc8, 0xfe, 0xd1, 0x11,
0xb0, 0x39, 0x13, 0x06, 0x82, 0x8a, 0xdf, 0xed, 0x52, 0x8f, 0x01, 0x81,
0x21, 0xb3, 0xfe, 0xbd, 0xc3, 0x43, 0xe7, 0x97, 0xb8, 0x7d, 0xbb, 0x63,
0xdb, 0x13, 0x33, 0xde, 0xd9, 0xd1, 0xec, 0xe1, 0x77, 0xcf, 0xa6, 0xb7,
0x1f, 0xe8, 0xab, 0x1d, 0xa4, 0x66, 0x24, 0xed, 0x64, 0x15, 0xe5, 0x1c,
0xcd, 0xe2, 0xc7, 0xca, 0x86, 0xe2, 0x83, 0x99, 0x0e, 0xea, 0xeb, 0x91,
0x12, 0x04, 0x15, 0x52, 0x8b, 0x22, 0x95, 0x91, 0x02, 0x81, 0xb0, 0x2d,
0xd4, 0x31, 0xf4, 0xc9, 0xf7, 0x04, 0x27, 0xdf
};
WOLFSSL_SMALL_STACK_STATIC const byte test2EntropyA[] =
{
0x63, 0x36, 0x33, 0x77, 0xe4, 0x1e, 0x86, 0x46, 0x8d, 0xeb, 0x0a, 0xb4,
0xa8, 0xed, 0x68, 0x3f, 0x6a, 0x13, 0x4e, 0x47, 0xe0, 0x14, 0xc7, 0x00,
0x45, 0x4e, 0x81, 0xe9, 0x53, 0x58, 0xa5, 0x69, 0x80, 0x8a, 0xa3, 0x8f,
0x2a, 0x72, 0xa6, 0x23, 0x59, 0x91, 0x5a, 0x9f, 0x8a, 0x04, 0xca, 0x68
};
WOLFSSL_SMALL_STACK_STATIC const byte test2EntropyB[] =
{
0xe6, 0x2b, 0x8a, 0x8e, 0xe8, 0xf1, 0x41, 0xb6, 0x98, 0x05, 0x66, 0xe3,
0xbf, 0xe3, 0xc0, 0x49, 0x03, 0xda, 0xd4, 0xac, 0x2c, 0xdf, 0x9f, 0x22,
0x80, 0x01, 0x0a, 0x67, 0x39, 0xbc, 0x83, 0xd3
};
WOLFSSL_SMALL_STACK_STATIC const byte test2Output[] =
{
0x04, 0xee, 0xc6, 0x3b, 0xb2, 0x31, 0xdf, 0x2c, 0x63, 0x0a, 0x1a, 0xfb,
0xe7, 0x24, 0x94, 0x9d, 0x00, 0x5a, 0x58, 0x78, 0x51, 0xe1, 0xaa, 0x79,
0x5e, 0x47, 0x73, 0x47, 0xc8, 0xb0, 0x56, 0x62, 0x1c, 0x18, 0xbd, 0xdc,
0xdd, 0x8d, 0x99, 0xfc, 0x5f, 0xc2, 0xb9, 0x20, 0x53, 0xd8, 0xcf, 0xac,
0xfb, 0x0b, 0xb8, 0x83, 0x12, 0x05, 0xfa, 0xd1, 0xdd, 0xd6, 0xc0, 0x71,
0x31, 0x8a, 0x60, 0x18, 0xf0, 0x3b, 0x73, 0xf5, 0xed, 0xe4, 0xd4, 0xd0,
0x71, 0xf9, 0xde, 0x03, 0xfd, 0x7a, 0xea, 0x10, 0x5d, 0x92, 0x99, 0xb8,
0xaf, 0x99, 0xaa, 0x07, 0x5b, 0xdb, 0x4d, 0xb9, 0xaa, 0x28, 0xc1, 0x8d,
0x17, 0x4b, 0x56, 0xee, 0x2a, 0x01, 0x4d, 0x09, 0x88, 0x96, 0xff, 0x22,
0x82, 0xc9, 0x55, 0xa8, 0x19, 0x69, 0xe0, 0x69, 0xfa, 0x8c, 0xe0, 0x07,
0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17
};
#endif /* !NO_SHA256 - SHA-256 DRBG KAT vector data */
byte output[32 * 4];
wc_test_ret_t ret;
WOLFSSL_ENTER("random_test");
#ifndef NO_SHA256
ret = wc_RNG_HealthTest(0, test1Entropy, sizeof(test1Entropy), NULL, 0,
output, sizeof(output));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(test1Output, output, sizeof(output)) != 0)
return WC_TEST_RET_ENC_NC;
ret = wc_RNG_HealthTest(1, test2EntropyA, sizeof(test2EntropyA),
test2EntropyB, sizeof(test2EntropyB),
output, sizeof(output));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(test2Output, output, sizeof(output)) != 0)
return WC_TEST_RET_ENC_NC;
#else
(void)ret; /* may not be reassigned before use under NO_SHA256 */
#endif /* !NO_SHA256 - SHA-256 DRBG KAT calls */
#if defined(WOLFSSL_DRBG_SHA512) && !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0))
/* SHA-512 DRBG Health Tests using NIST CAVP test vectors.
* Source: NIST CAVP drbgtestvectors.zip, Hash_DRBG.rsp, [SHA-512],
* https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-
* Validation-Program/documents/drbg/drbgtestvectors.zip */
{
/* No-reseed test: drbgvectors_no_reseed/Hash_DRBG.rsp, [SHA-512],
* PredictionResistance=False, EntropyInputLen=256, NonceLen=128,
* PersonalizationStringLen=0, AdditionalInputLen=0,
* ReturnedBitsLen=2048, COUNT=0.
* EntropyInput || Nonce concatenated as seedA. */
WOLFSSL_SMALL_STACK_STATIC const byte sha512test1Entropy[] =
{
/* EntropyInput (32 bytes) */
0x6b, 0x50, 0xa7, 0xd8, 0xf8, 0xa5, 0x5d, 0x7a,
0x3d, 0xf8, 0xbb, 0x40, 0xbc, 0xc3, 0xb7, 0x22,
0xd8, 0x70, 0x8d, 0xe6, 0x7f, 0xda, 0x01, 0x0b,
0x03, 0xc4, 0xc8, 0x4d, 0x72, 0x09, 0x6f, 0x8c,
/* Nonce (16 bytes) */
0x3e, 0xc6, 0x49, 0xcc, 0x62, 0x56, 0xd9, 0xfa,
0x31, 0xdb, 0x7a, 0x29, 0x04, 0xaa, 0xf0, 0x25
};
WOLFSSL_SMALL_STACK_STATIC const byte sha512test1Output[] =
{
0x95, 0xb7, 0xf1, 0x7e, 0x98, 0x02, 0xd3, 0x57,
0x73, 0x92, 0xc6, 0xa9, 0xc0, 0x80, 0x83, 0xb6,
0x7d, 0xd1, 0x29, 0x22, 0x65, 0xb5, 0xf4, 0x2d,
0x23, 0x7f, 0x1c, 0x55, 0xbb, 0x9b, 0x10, 0xbf,
0xcf, 0xd8, 0x2c, 0x77, 0xa3, 0x78, 0xb8, 0x26,
0x6a, 0x00, 0x99, 0x14, 0x3b, 0x3c, 0x2d, 0x64,
0x61, 0x1e, 0xee, 0xb6, 0x9a, 0xcd, 0xc0, 0x55,
0x95, 0x7c, 0x13, 0x9e, 0x8b, 0x19, 0x0c, 0x7a,
0x06, 0x95, 0x5f, 0x2c, 0x79, 0x7c, 0x27, 0x78,
0xde, 0x94, 0x03, 0x96, 0xa5, 0x01, 0xf4, 0x0e,
0x91, 0x39, 0x6a, 0xcf, 0x8d, 0x7e, 0x45, 0xeb,
0xdb, 0xb5, 0x3b, 0xbf, 0x8c, 0x97, 0x52, 0x30,
0xd2, 0xf0, 0xff, 0x91, 0x06, 0xc7, 0x61, 0x19,
0xae, 0x49, 0x8e, 0x7f, 0xbc, 0x03, 0xd9, 0x0f,
0x8e, 0x4c, 0x51, 0x62, 0x7a, 0xed, 0x5c, 0x8d,
0x42, 0x63, 0xd5, 0xd2, 0xb9, 0x78, 0x87, 0x3a,
0x0d, 0xe5, 0x96, 0xee, 0x6d, 0xc7, 0xf7, 0xc2,
0x9e, 0x37, 0xee, 0xe8, 0xb3, 0x4c, 0x90, 0xdd,
0x1c, 0xf6, 0xa9, 0xdd, 0xb2, 0x2b, 0x4c, 0xbd,
0x08, 0x6b, 0x14, 0xb3, 0x5d, 0xe9, 0x3d, 0xa2,
0xd5, 0xcb, 0x18, 0x06, 0x69, 0x8c, 0xbd, 0x7b,
0xbb, 0x67, 0xbf, 0xe3, 0xd3, 0x1f, 0xd2, 0xd1,
0xdb, 0xd2, 0xa1, 0xe0, 0x58, 0xa3, 0xeb, 0x99,
0xd7, 0xe5, 0x1f, 0x1a, 0x93, 0x8e, 0xed, 0x5e,
0x1c, 0x1d, 0xe2, 0x3a, 0x6b, 0x43, 0x45, 0xd3,
0x19, 0x14, 0x09, 0xf9, 0x2f, 0x39, 0xb3, 0x67,
0x0d, 0x8d, 0xbf, 0xb6, 0x35, 0xd8, 0xe6, 0xa3,
0x69, 0x32, 0xd8, 0x10, 0x33, 0xd1, 0x44, 0x8d,
0x63, 0xb4, 0x03, 0xdd, 0xf8, 0x8e, 0x12, 0x1b,
0x6e, 0x81, 0x9a, 0xc3, 0x81, 0x22, 0x6c, 0x13,
0x21, 0xe4, 0xb0, 0x86, 0x44, 0xf6, 0x72, 0x7c,
0x36, 0x8c, 0x5a, 0x9f, 0x7a, 0x4b, 0x3e, 0xe2
};
/* Reseed test: drbgvectors_pr_false/Hash_DRBG.rsp, [SHA-512],
* PredictionResistance=False, EntropyInputLen=256, NonceLen=128,
* PersonalizationStringLen=0, AdditionalInputLen=0,
* ReturnedBitsLen=2048, COUNT=0. */
WOLFSSL_SMALL_STACK_STATIC const byte sha512test2EntropyA[] =
{
/* EntropyInput (32 bytes) */
0x31, 0x44, 0xe1, 0x7a, 0x10, 0xc8, 0x56, 0x12,
0x97, 0x64, 0xf5, 0x8f, 0xd8, 0xe4, 0x23, 0x10,
0x20, 0x54, 0x69, 0x96, 0xc0, 0xbf, 0x6c, 0xff,
0x8e, 0x91, 0xc2, 0x4e, 0xe0, 0x9b, 0xe3, 0x33,
/* Nonce (16 bytes) */
0xb1, 0x6f, 0xcb, 0x1c, 0xf0, 0xc0, 0x10, 0xf3,
0x1f, 0xea, 0xb7, 0x33, 0x58, 0x8b, 0x8e, 0x04
};
WOLFSSL_SMALL_STACK_STATIC const byte sha512test2EntropyB[] =
{
/* EntropyInputReseed (32 bytes) */
0xa0, 0xb3, 0x58, 0x4c, 0x2c, 0x84, 0x12, 0xf6,
0x18, 0x40, 0x68, 0x34, 0x40, 0x4d, 0x1e, 0xb0,
0xce, 0x99, 0x9b, 0xa2, 0x89, 0x66, 0x05, 0x4d,
0x7e, 0x49, 0x7e, 0x0d, 0xb6, 0x08, 0xb9, 0x67
};
WOLFSSL_SMALL_STACK_STATIC const byte sha512test2Output[] =
{
0xef, 0xa3, 0x5d, 0xd0, 0x36, 0x2a, 0xdb, 0x76,
0x26, 0x45, 0x6b, 0x36, 0xfa, 0xc7, 0x4d, 0x3c,
0x28, 0xd0, 0x1d, 0x92, 0x64, 0x20, 0x27, 0x5a,
0x28, 0xbe, 0xa9, 0xc9, 0xdd, 0x75, 0x47, 0xc1,
0x5e, 0x79, 0x31, 0x85, 0x2a, 0xc1, 0x27, 0x70,
0x76, 0x56, 0x75, 0x35, 0x23, 0x9c, 0x1f, 0x42,
0x9c, 0x7f, 0x75, 0xcf, 0x74, 0xc2, 0x26, 0x7d,
0xeb, 0x6a, 0x3e, 0x59, 0x6c, 0xf3, 0x26, 0x15,
0x6c, 0x79, 0x69, 0x41, 0x28, 0x3b, 0x8d, 0x58,
0x3f, 0x17, 0x1c, 0x2f, 0x6e, 0x33, 0x23, 0xf7,
0x55, 0x5e, 0x1b, 0x18, 0x1f, 0xfd, 0xa3, 0x05,
0x07, 0x21, 0x0c, 0xb1, 0xf5, 0x89, 0xb2, 0x3c,
0xd7, 0x18, 0x80, 0xfd, 0x44, 0x37, 0x0c, 0xac,
0xf4, 0x33, 0x75, 0xb0, 0xdb, 0x7e, 0x33, 0x6f,
0x12, 0xb3, 0x09, 0xbf, 0xd4, 0xf6, 0x10, 0xbb,
0x8f, 0x20, 0xe1, 0xa1, 0x5e, 0x25, 0x3a, 0x4f,
0xe5, 0x11, 0xa0, 0x27, 0x96, 0x8d, 0xf0, 0xb1,
0x05, 0xa1, 0xd7, 0x3a, 0xff, 0x7c, 0x7a, 0x82,
0x6d, 0x39, 0xf6, 0x40, 0xdf, 0xb8, 0xf5, 0x22,
0x25, 0x9e, 0xd4, 0x02, 0x28, 0x2e, 0x2c, 0x2e,
0x9d, 0x3a, 0x49, 0x8f, 0x51, 0x72, 0x5f, 0xe4,
0x14, 0x1b, 0x06, 0xda, 0x55, 0x98, 0xa4, 0x2a,
0xc1, 0xe0, 0x49, 0x4e, 0x99, 0x7d, 0x56, 0x6a,
0x1a, 0x39, 0xb6, 0x76, 0xb9, 0x6a, 0x60, 0x03,
0xa4, 0xc5, 0xdb, 0x84, 0xf2, 0x46, 0x58, 0x4e,
0xe6, 0x5a, 0xf7, 0x0f, 0xf2, 0x16, 0x02, 0x78,
0x16, 0x6d, 0xa1, 0x6d, 0x91, 0xc9, 0xb8, 0xf2,
0xde, 0xb0, 0x27, 0x51, 0xa1, 0x08, 0x8a, 0xd6,
0xbe, 0x4e, 0x80, 0xef, 0x96, 0x6e, 0xb7, 0x3e,
0x66, 0xbc, 0x87, 0xca, 0xd8, 0x7c, 0x77, 0xc0,
0xb3, 0x4a, 0x21, 0xba, 0x1d, 0xa0, 0xba, 0x6d,
0x16, 0xca, 0x50, 0x46, 0xdc, 0x4a, 0xbd, 0xa0
};
byte output512[WC_SHA512_DIGEST_SIZE * 4]; /* 256 bytes */
/* Test 1: SHA-512 DRBG no-reseed */
ret = wc_RNG_HealthTest_SHA512(0,
sha512test1Entropy, sizeof(sha512test1Entropy),
NULL, 0,
output512, sizeof(output512));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(sha512test1Output, output512, sizeof(output512)) != 0)
return WC_TEST_RET_ENC_NC;
/* Test 2: SHA-512 DRBG with reseed */
ret = wc_RNG_HealthTest_SHA512(1,
sha512test2EntropyA, sizeof(sha512test2EntropyA),
sha512test2EntropyB, sizeof(sha512test2EntropyB),
output512, sizeof(output512));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(sha512test2Output, output512, sizeof(output512)) != 0)
return WC_TEST_RET_ENC_NC;
}
#endif /* WOLFSSL_DRBG_SHA512 && !HAVE_SELFTEST && FIPS v7+ */
/* Basic RNG generate block test */
if ((ret = random_rng_test()) != 0)
return ret;
/* Test the seed check function. */
#if !(defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
{
word32 i, outputSz;
/* Repeat the same byte over and over. Should fail. */
outputSz = sizeof(output);
XMEMSET(output, 1, outputSz);
ret = wc_RNG_TestSeed(output, outputSz);
if (ret == 0)
return WC_TEST_RET_ENC_NC;
/* Every byte of the entropy scratch is different,
* entropy is a single byte that shouldn't match. */
outputSz = (sizeof(output) / 2) + 1;
for (i = 0; i < outputSz; i++)
output[i] = (byte)i;
ret = wc_RNG_TestSeed(output, outputSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
outputSz = sizeof(output);
for (i = 0; i < outputSz; i++)
output[i] = (byte)i;
ret = wc_RNG_TestSeed(output, outputSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
}
#endif
/* Test the seed callback. */
#if defined(WC_RNG_SEED_CB) && \
!(defined(ENTROPY_SCALE_FACTOR) || defined(SEED_BLOCK_SZ))
if ((ret = rng_seed_test()) != 0)
return ret;
#endif
return 0;
}
#else /* !HAVE_HASHDRBG || CUSTOM_RAND_GENERATE_BLOCK || HAVE_INTEL_RDRAND */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void)
{
WOLFSSL_ENTER("random_test");
/* Basic RNG generate block test */
return random_rng_test();
}
#endif /* !HAVE_HASHDRBG || CUSTOM_RAND_GENERATE_BLOCK || HAVE_INTEL_RDRAND */
#ifdef WC_RNG_BANK_SUPPORT
static char *rng_bank_affinity_lock_lock;
static int rng_bank_affinity_lock(void *arg) {
rng_bank_affinity_lock_lock = (char *)arg;
return 0;
}
static int rng_bank_affinity_get_id_id;
static int rng_bank_affinity_get_id(void *arg, int *id) {
if (rng_bank_affinity_lock_lock != (char *)arg)
return BAD_STATE_E;
rng_bank_affinity_lock_lock = (char *)arg + 1;
*id = rng_bank_affinity_get_id_id;
return 0;
}
static int rng_bank_affinity_unlock(void *arg) {
rng_bank_affinity_lock_lock = (char *)arg + 2;
return 0;
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_bank_test(void)
{
int ret;
WC_DECLARE_VAR(bank, struct wc_rng_bank, 1, HEAP_HINT);
struct wc_rng_bank_inst *rng_inst = NULL;
#ifdef WC_DRBG_BANKREF
WC_DECLARE_VAR(rng, WC_RNG, 1, HEAP_HINT);
#endif
#ifndef WC_RNG_BANK_STATIC
struct wc_rng_bank *bank2 = NULL;
struct wc_rng_bank_inst *rng_inst2 = NULL;
#ifdef WC_DRBG_BANKREF
WC_RNG *rng2 = NULL;
#endif
#endif /* !WC_RNG_BANK_STATIC */
static const char bank_arg[] = "hi";
byte outbuf1[16], outbuf2[16];
int i;
WC_CALLOC_VAR_EX(bank, struct wc_rng_bank, 1, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER,
return WC_TEST_RET_ENC_EC(MEMORY_E));
#ifdef WC_DRBG_BANKREF
WC_ALLOC_VAR_EX(rng, WC_RNG, 1, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER,
ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out));
XMEMSET(rng, 0, sizeof(*rng));
#endif
ret = wc_rng_bank_init(NULL, WC_RNG_BANK_STATIC_SIZE, WC_RNG_BANK_FLAG_CAN_WAIT, 10, HEAP_HINT, INVALID_DEVID);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifdef WC_RNG_BANK_STATIC
ret = wc_rng_bank_init(bank, WC_RNG_BANK_STATIC_SIZE + 1, WC_RNG_BANK_FLAG_CAN_WAIT, 10, HEAP_HINT, INVALID_DEVID);
if (ret != WC_NO_ERR_TRACE(BAD_LENGTH_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
ret = wc_rng_bank_init(bank, WC_RNG_BANK_STATIC_SIZE,
WC_RNG_BANK_FLAG_NO_VECTOR_OPS |
WC_RNG_BANK_FLAG_CAN_WAIT,
10, HEAP_HINT, INVALID_DEVID);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_rng_bank_set_affinity_handlers(
bank,
rng_bank_affinity_lock,
rng_bank_affinity_get_id,
rng_bank_affinity_unlock,
(char *)bank_arg);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
rng_bank_affinity_get_id_id = 4;
ret = wc_rng_bank_checkout(bank, &rng_inst, -1, 10, WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST | WC_RNG_BANK_FLAG_AFFINITY_LOCK);
if (ret != WC_NO_ERR_TRACE(BAD_INDEX_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
rng_bank_affinity_get_id_id = 2;
ret = wc_rng_bank_checkout(bank, &rng_inst, -1, 10, WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST | WC_RNG_BANK_FLAG_AFFINITY_LOCK);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (rng_inst != bank->rngs + 2)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (rng_bank_affinity_lock_lock != bank_arg + 1)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
/* if we can, confirm that WC_RNG_BANK_FLAG_NO_VECTOR_OPS worked. */
#if defined(USE_INTEL_SPEEDUP) && \
defined(WOLFSSL_KERNEL_MODE) && \
defined(WOLFSSL_SMALL_STACK_CACHE) && \
defined(WC_C_DYNAMIC_FALLBACK) && \
defined(HAVE_HASHDRBG) && \
defined(WC_NO_INTERNAL_FUNCTION_POINTERS)
#ifdef WOLFSSL_DRBG_SHA512
if (rng_inst->rng.drbgType == WC_DRBG_SHA512) {
if (((struct DRBG_SHA512_internal *)rng_inst->rng.drbg512)->sha512.sha_method != 5 /* SHA512_C */)
ERROR_OUT(WC_TEST_RET_ENC_I(((struct DRBG_SHA512_internal *)rng_inst->rng.drbg512)->sha512.sha_method), out);
}
else
#endif /* WOLFSSL_DRBG_SHA512 */
{
if (((struct DRBG_internal *)rng_inst->rng.drbg)->sha256.sha_method != 7 /* SHA256_C */)
ERROR_OUT(WC_TEST_RET_ENC_I(((struct DRBG_internal *)rng_inst->rng.drbg)->sha256.sha_method), out);
}
#endif
ret = wc_RNG_GenerateBlock(WC_RNG_BANK_INST_TO_RNG(rng_inst), outbuf1, sizeof(outbuf1));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
{
struct wc_rng_bank_inst *bogus_inst = (struct wc_rng_bank_inst *)(wc_ptr_t)bank;
ret = wc_rng_bank_checkin(bank, &bogus_inst);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
ret = wc_rng_bank_checkin(bank, &rng_inst);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (rng_inst != NULL)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (rng_bank_affinity_lock_lock != bank_arg + 2)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_rng_bank_checkout(bank, &rng_inst, 3, 10, WC_RNG_BANK_FLAG_NONE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (rng_inst != bank->rngs + 3)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_rng_bank_checkin(bank, &rng_inst);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
rng_bank_affinity_get_id_id = 3;
ret = wc_rng_bank_checkout(bank, &rng_inst, -1, 10, WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST | WC_RNG_BANK_FLAG_AFFINITY_LOCK);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (rng_inst != bank->rngs + 3)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_RNG_GenerateBlock(WC_RNG_BANK_INST_TO_RNG(rng_inst), outbuf2, sizeof(outbuf2));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_rng_bank_checkin(bank, &rng_inst);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (rng_inst != NULL)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(outbuf1, outbuf2, sizeof(outbuf1)) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifdef WC_DRBG_BANKREF
ret = wc_InitRng_BankRef(NULL, rng);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_InitRng_BankRef(bank, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_InitRng_BankRef(bank, rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
rng_bank_affinity_get_id_id = 1;
ret = wc_RNG_GenerateBlock(rng, outbuf1, sizeof(outbuf1));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(outbuf1, outbuf2, sizeof(outbuf1)) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
ret = wc_rng_bank_reseed(NULL, 10, WC_RNG_BANK_FLAG_NONE);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_rng_bank_reseed(bank, 10, WC_RNG_BANK_FLAG_NONE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
for (i = 0; i < bank->n_rngs; ++i) {
#if defined(WOLFSSL_DRBG_SHA512) && !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0))
word64 bankReseedCtr;
if (bank->rngs[i].rng.drbgType == WC_DRBG_SHA512)
bankReseedCtr = ((struct DRBG_SHA512_internal *)
bank->rngs[i].rng.drbg512)->reseedCtr;
else
bankReseedCtr = ((struct DRBG_internal *)
bank->rngs[i].rng.drbg)->reseedCtr;
if (bankReseedCtr != WC_RESEED_INTERVAL)
#else
if (((struct DRBG_internal *)bank->rngs[i].rng.drbg)
->reseedCtr != WC_RESEED_INTERVAL)
#endif
{
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
}
}
rng_bank_affinity_get_id_id = 0;
/* WC_RNG_BANK_FLAG_CAN_WAIT needed to avoiding warning message that the
* instance needs reseed.
*/
ret = wc_rng_bank_checkout(bank, &rng_inst, -1, 10, WC_RNG_BANK_FLAG_CAN_WAIT | WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST | WC_RNG_BANK_FLAG_AFFINITY_LOCK);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_RNG_GenerateBlock(WC_RNG_BANK_INST_TO_RNG(rng_inst), outbuf1, sizeof(outbuf1));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_rng_bank_checkin(bank, &rng_inst);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
rng_bank_affinity_get_id_id = 1;
ret = wc_rng_bank_checkout(bank, &rng_inst, -1, 10, WC_RNG_BANK_FLAG_CAN_WAIT | WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST | WC_RNG_BANK_FLAG_AFFINITY_LOCK);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_RNG_GenerateBlock(WC_RNG_BANK_INST_TO_RNG(rng_inst), outbuf2, sizeof(outbuf2));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_rng_bank_checkin(bank, &rng_inst);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(outbuf1, outbuf2, sizeof(outbuf1)) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_rng_bank_seed(bank, (byte *)bank_arg, (word32)sizeof(bank_arg), 10, WC_RNG_BANK_FLAG_CAN_WAIT);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
rng_bank_affinity_get_id_id = 0;
ret = wc_rng_bank_checkout(bank, &rng_inst, -1, 10, WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST | WC_RNG_BANK_FLAG_AFFINITY_LOCK);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_RNG_GenerateBlock(WC_RNG_BANK_INST_TO_RNG(rng_inst), outbuf1, sizeof(outbuf1));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(outbuf1, outbuf2, sizeof(outbuf1)) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
/* can't wc_rng_bank_seed() while holding an inst (deadlock/timeout) --
* check in then check back out.
*/
ret = wc_rng_bank_checkin(bank, &rng_inst);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_rng_bank_seed(NULL, (byte *)bank_arg, (word32)sizeof(bank_arg), 10, WC_RNG_BANK_FLAG_CAN_WAIT);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_rng_bank_seed(bank, (byte *)bank_arg, (word32)sizeof(bank_arg), 10, WC_RNG_BANK_FLAG_CAN_WAIT);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_rng_bank_checkout(bank, &rng_inst, -1, 10, WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST | WC_RNG_BANK_FLAG_AFFINITY_LOCK);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_RNG_GenerateBlock(WC_RNG_BANK_INST_TO_RNG(rng_inst), outbuf2, sizeof(outbuf2));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* even though we passed in the same seed, the state is different, because
* Hash_DRBG_Reseed() chains in the previous state, and also churns in the
* "type" only on reseed.
*/
if (XMEMCMP(outbuf1, outbuf2, sizeof(outbuf1)) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_rng_bank_inst_reinit(NULL, rng_inst, 10, WC_RNG_BANK_FLAG_CAN_WAIT);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* bogus pointer test */
ret = wc_rng_bank_inst_reinit(bank, (struct wc_rng_bank_inst *)(wc_ptr_t)bank, 10, WC_RNG_BANK_FLAG_CAN_WAIT);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_rng_bank_inst_reinit(bank, rng_inst, 10, WC_RNG_BANK_FLAG_CAN_WAIT);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_RNG_GenerateBlock(WC_RNG_BANK_INST_TO_RNG(rng_inst), outbuf1, sizeof(outbuf1));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(outbuf1, outbuf2, sizeof(outbuf1)) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_rng_bank_checkin(NULL, &rng_inst);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_rng_bank_checkin(bank, &rng_inst);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_rng_bank_checkout(NULL, &rng_inst, -1, 10, WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST | WC_RNG_BANK_FLAG_AFFINITY_LOCK);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifdef WC_DRBG_BANKREF
if (wolfSSL_RefCur(bank->refcount) != 2)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_rng_bank_fini(bank);
if (ret != WC_NO_ERR_TRACE(BUSY_E))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
wc_FreeRng(rng);
if (wolfSSL_RefCur(bank->refcount) != 1)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
#ifdef WC_RNG_BANK_DEFAULT_SUPPORT
ret = wc_rng_bank_default_clear(NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_rng_bank_default_clear(bank);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_rng_bank_default_set(bank);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* When gated in, passing a NULL bank arg to wc_rng_bank_checkout(),
* wc_rng_bank_checkin(), wc_rng_bank_inst_reinit(), wc_rng_bank_seed(),
* wc_rng_bank_reseed(), wc_InitRng_BankRef(), or wc_rng_new_bankref()
* implicitly designates the default bank.
*/
ret = wc_rng_bank_checkout(NULL, &rng_inst, 3, 10, WC_RNG_BANK_FLAG_NONE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (rng_inst != bank->rngs + 3)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_rng_bank_inst_reinit(NULL, rng_inst, 10, WC_RNG_BANK_FLAG_CAN_WAIT);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifdef WC_DRBG_BANKREF
ret = wc_InitRng_BankRef(NULL, rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
wc_FreeRng(rng);
#ifndef WC_RNG_BANK_STATIC
ret = wc_rng_new_bankref(NULL, &rng2);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
wc_rng_free(rng2);
rng2 = NULL;
#endif
#endif
ret = wc_rng_bank_checkin(NULL, &rng_inst);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_rng_bank_seed(NULL, (byte *)bank_arg, (word32)sizeof(bank_arg), 10, WC_RNG_BANK_FLAG_CAN_WAIT);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_rng_bank_reseed(NULL, 10, WC_RNG_BANK_FLAG_NONE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_rng_bank_default_clear(bank);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif /* WC_RNG_BANK_DEFAULT_SUPPORT */
#ifdef WC_RNG_BANK_STATIC
ret = 0;
#else /* !WC_RNG_BANK_STATIC */
ret = wc_rng_bank_new(&bank2, WC_RNG_BANK_STATIC_SIZE + 1, WC_RNG_BANK_FLAG_NONE, 10, HEAP_HINT, INVALID_DEVID);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_rng_bank_set_affinity_handlers(
bank2,
rng_bank_affinity_lock,
rng_bank_affinity_get_id,
rng_bank_affinity_unlock,
(char *)bank_arg);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
rng_bank_affinity_get_id_id = WC_RNG_BANK_STATIC_SIZE;
ret = wc_rng_bank_checkout(bank2, &rng_inst2, -1, 10, WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST | WC_RNG_BANK_FLAG_AFFINITY_LOCK);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (rng_inst2 != bank2->rngs + WC_RNG_BANK_STATIC_SIZE)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_RNG_GenerateBlock(WC_RNG_BANK_INST_TO_RNG(rng_inst2), outbuf1, sizeof(outbuf1));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* can't wc_rng_bank_seed() while holding an inst (deadlock/timeout) --
* check in then check back out.
*/
ret = wc_rng_bank_checkin(bank2, &rng_inst2);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_rng_bank_seed(bank2, (byte *)bank_arg, (word32)sizeof(bank_arg), 10, WC_RNG_BANK_FLAG_CAN_WAIT);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_rng_bank_checkout(bank2, &rng_inst2, -1, 10, WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST | WC_RNG_BANK_FLAG_AFFINITY_LOCK);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_RNG_GenerateBlock(WC_RNG_BANK_INST_TO_RNG(rng_inst2), outbuf2, sizeof(outbuf2));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(outbuf1, outbuf2, sizeof(outbuf1)) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_rng_bank_checkin(bank2, &rng_inst2);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_rng_bank_seed(bank2, (byte *)bank_arg, (word32)sizeof(bank_arg), 10, WC_RNG_BANK_FLAG_CAN_WAIT);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_rng_bank_checkout(bank2, &rng_inst2, -1, 10, WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST | WC_RNG_BANK_FLAG_AFFINITY_LOCK);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_RNG_GenerateBlock(WC_RNG_BANK_INST_TO_RNG(rng_inst2), outbuf1, sizeof(outbuf1));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* even though we passed in the same seed, the state is different, because
* Hash_DRBG_Reseed() chains in the previous state, and also churns in the
* "type" only on reseed.
*/
if (XMEMCMP(outbuf1, outbuf2, sizeof(outbuf1)) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_rng_bank_inst_reinit(bank2, rng_inst2, 10, WC_RNG_BANK_FLAG_CAN_WAIT);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_RNG_GenerateBlock(WC_RNG_BANK_INST_TO_RNG(rng_inst2), outbuf1, sizeof(outbuf1));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(outbuf1, outbuf2, sizeof(outbuf1)) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_rng_bank_checkin(bank2, &rng_inst2);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifdef WC_DRBG_BANKREF
ret = wc_rng_new_bankref(NULL, &rng2);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_rng_new_bankref(bank2, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_rng_new_bankref(bank2, &rng2);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (rng2 == NULL)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
rng_bank_affinity_get_id_id = 1;
ret = wc_RNG_GenerateBlock(rng2, outbuf2, sizeof(outbuf2));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(outbuf1, outbuf2, sizeof(outbuf1)) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wolfSSL_RefCur(bank2->refcount) != 2)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_rng_bank_free(&bank2);
if (ret != WC_NO_ERR_TRACE(BUSY_E))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
wc_rng_free(rng2);
rng2 = NULL;
if (wolfSSL_RefCur(bank2->refcount) != 1)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* WC_DRBG_BANKREF */
ret = wc_rng_bank_free(&bank2);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (bank2 != NULL)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* !WC_RNG_BANK_STATIC */
out:
{
int cleanup_ret;
#ifdef WC_DRBG_BANKREF
cleanup_ret = wc_FreeRng(rng);
if ((cleanup_ret != 0) && (ret == 0))
ret = WC_TEST_RET_ENC_EC(cleanup_ret);
WC_FREE_VAR_EX(rng, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif /* WC_DRBG_BANKREF */
if (rng_inst) {
cleanup_ret = wc_rng_bank_checkin(bank, &rng_inst);
if ((cleanup_ret != 0) && (ret == 0))
ret = WC_TEST_RET_ENC_EC(cleanup_ret);
if ((rng_inst != NULL) && (ret == 0))
ret = WC_TEST_RET_ENC_NC;
}
cleanup_ret = wc_rng_bank_fini(bank);
if ((cleanup_ret != 0) && (ret == 0))
ret = WC_TEST_RET_ENC_EC(cleanup_ret);
WC_FREE_VAR_EX(bank, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#ifndef WC_RNG_BANK_STATIC
#ifdef WC_DRBG_BANKREF
if (rng2)
wc_rng_free(rng2);
#endif
if (rng_inst2) {
cleanup_ret = wc_rng_bank_checkin(bank2, &rng_inst2);
if ((cleanup_ret != 0) && (ret == 0))
ret = WC_TEST_RET_ENC_EC(cleanup_ret);
if ((rng_inst2 != NULL) && (ret == 0))
ret = WC_TEST_RET_ENC_NC;
}
cleanup_ret = wc_rng_bank_free(&bank2);
if ((cleanup_ret != 0) && (ret == 0))
ret = WC_TEST_RET_ENC_EC(cleanup_ret);
if ((bank2 != NULL) && (ret == 0))
ret = WC_TEST_RET_ENC_NC;
#endif /* !WC_RNG_BANK_STATIC */
}
return ret;
}
#endif /* WC_RNG_BANK_SUPPORT */
#endif /* !WC_NO_RNG */
#ifndef MEM_TEST_SZ
#define MEM_TEST_SZ 1024
#endif
#if defined(WOLFSSL_STATIC_MEMORY) || !defined(WOLFSSL_NO_MALLOC)
static int simple_mem_test(size_t sz)
{
int ret = 0;
byte* b;
int i;
b = (byte*)XMALLOC(sz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (b == NULL) {
return WC_TEST_RET_ENC_NC;
}
/* utilize memory */
for (i = 0; i < (int)sz; i++) {
b[i] = (byte)i;
}
/* read back and verify */
for (i = 0; i < (int)sz; i++) {
if (b[i] != (byte)i) {
ret = WC_TEST_RET_ENC_NC;
break;
}
}
XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
#endif
/* If successful, returns the first letter of the byte array `in`.
**
** This is a deceptively simple test of a read-only embedded Linux file system.
** (e.g CFLAGS `-mfdpic` and `-mforce-l32`) for Xtensa Linux ESP32. When the
** `-mforce-l32` is missing, access to `in` will fail with Illegal Instruction.
** Const is on read-only memory-mapped file system, *not* loaded in app memory.
**
** Edit with caution. See PR #6523. */
static wc_test_ret_t const_byte_ptr_test(const byte* in, word32 *outJ)
{
wc_test_ret_t ret = 0;
volatile word32 j = (word32)-1; /* must be volatile to properly detect error */
ret = (wc_test_ret_t)*in; /* accessed *in value. */
(void)ret;
j = *outJ; /* Found index to use in const array. */
if (j == 0) {
#ifdef DEBUG_WOLFSSL
printf("Testing const byte ptr reference...\n");
#endif
/* although j is zero, in[0] does not detect the Illegal instruction */
ret = in[j]; /* The big test: can we actually access the `in` data? */
}
else {
ret = WC_TEST_RET_ENC_I(j);
}
return ret;
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void)
{
wc_test_ret_t ret = 0;
word32 j = 0; /* used in embedded const pointer test */
#if defined(COMPLEX_MEM_TEST) || defined(WOLFSSL_STATIC_MEMORY)
int i;
#endif
#ifdef WOLFSSL_STATIC_MEMORY
word32 size[] = { WOLFMEM_BUCKETS };
word32 dist[] = { WOLFMEM_DIST };
byte buffer[30000]; /* make large enough to involve many bucket sizes */
int pad = -(int)((wc_ptr_t)buffer) & (WOLFSSL_STATIC_ALIGN - 1);
/* pad to account for if head of buffer is not at set memory
* alignment when tests are ran */
#endif
WOLFSSL_ENTER("memory_test");
#ifdef WOLFSSL_STATIC_MEMORY
/* check macro settings */
if (sizeof(size)/sizeof(word32) != WOLFMEM_DEF_BUCKETS) {
return WC_TEST_RET_ENC_NC;
}
if (sizeof(dist)/sizeof(word32) != WOLFMEM_DEF_BUCKETS) {
return WC_TEST_RET_ENC_NC;
}
if (WOLFMEM_DEF_BUCKETS > WOLFMEM_MAX_BUCKETS) {
return WC_TEST_RET_ENC_NC;
}
for (i = 0; i < WOLFMEM_DEF_BUCKETS; i++) {
if ((size[i] % WOLFSSL_STATIC_ALIGN) != 0) {
/* each element in array should be divisible by alignment size */
return WC_TEST_RET_ENC_NC;
}
}
for (i = 1; i < WOLFMEM_DEF_BUCKETS; i++) {
if (size[i - 1] >= size[i]) {
return WC_TEST_RET_ENC_NC; /* sizes should be in increasing order */
}
}
#ifndef WOLFSSL_STATIC_MEMORY_LEAN
/* check that padding size returned is possible */
if (wolfSSL_MemoryPaddingSz() < WOLFSSL_STATIC_ALIGN) {
return WC_TEST_RET_ENC_NC; /* no room for wc_Memory struct */
}
ret = wolfSSL_MemoryPaddingSz();
if (ret < 0) {
return WC_TEST_RET_ENC_EC(ret);
}
if (wolfSSL_MemoryPaddingSz() % WOLFSSL_STATIC_ALIGN != 0) {
return WC_TEST_RET_ENC_NC; /* not aligned! */
}
/* check function to return optimum buffer size (rounded down) */
ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_GENERAL);
if (ret < 0) {
return WC_TEST_RET_ENC_EC(ret);
}
if ((ret - pad) % WOLFSSL_STATIC_ALIGN != 0) {
return WC_TEST_RET_ENC_NC; /* not aligned! */
}
if ((unsigned int)ret > sizeof(buffer)) {
return WC_TEST_RET_ENC_NC; /* did not round down as expected */
}
if (ret != wolfSSL_StaticBufferSz(buffer, ret, WOLFMEM_GENERAL)) {
return WC_TEST_RET_ENC_NC; /* return value changed when using suggested
* value
*/
}
ret = wolfSSL_MemoryPaddingSz();
ret += pad; /* add space that is going to be needed if buffer not aligned */
if (wolfSSL_StaticBufferSz(buffer, size[0] + ret + 1, WOLFMEM_GENERAL) !=
(ret + (int)size[0])) {
return WC_TEST_RET_ENC_NC; /* did not round down to nearest bucket
* value
*/
}
ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_IO_POOL);
if ((ret - pad) < 0) {
return WC_TEST_RET_ENC_NC;
}
if (((ret - pad) % (WOLFMEM_IO_SZ + wolfSSL_MemoryPaddingSz())) != 0) {
return WC_TEST_RET_ENC_NC; /* not even chunks of memory for IO size */
}
if (((ret - pad) % WOLFSSL_STATIC_ALIGN) != 0) {
return WC_TEST_RET_ENC_NC; /* memory not aligned */
}
/* check for passing bad or unknown arguments to functions */
if (wolfSSL_StaticBufferSz(NULL, 1, WOLFMEM_GENERAL) > 0) {
return WC_TEST_RET_ENC_NC;
}
if (wolfSSL_StaticBufferSz(buffer, 1, WOLFMEM_GENERAL) != 0) {
return WC_TEST_RET_ENC_NC; /* should round to 0
since struct + bucket will not fit */
}
#endif
(void)pad;
(void)dist; /* avoid static analysis warning of variable not used */
#endif
#if defined(WOLFSSL_STATIC_MEMORY) || !defined(WOLFSSL_NO_MALLOC)
/* simple test */
ret = simple_mem_test((size_t)MEM_TEST_SZ);
if (ret != 0)
return ret;
#endif
#ifdef COMPLEX_MEM_TEST
/* test various size blocks */
for (i = 1; i < MEM_TEST_SZ; i*=2) {
ret = simple_mem_test((size_t)i);
if (ret != 0)
return ret;
}
#endif
#if !defined(USE_FAST_MATH) && !defined(WOLFSSL_NO_MALLOC) && defined(XREALLOC)
/* realloc test */
{
byte *b = (byte*)XMALLOC(MEM_TEST_SZ, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
#ifndef WOLFSSL_NO_REALLOC
byte *c = NULL;
if (b) {
c = (byte*)XREALLOC(b, MEM_TEST_SZ+sizeof(word32), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (c)
b = c;
}
#endif
XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (b == NULL
#ifndef WOLFSSL_NO_REALLOC
|| c == NULL
#endif
) {
return WC_TEST_RET_ENC_ERRNO;
}
}
#endif
if (ret == 0) {
/* This test is only interesting on embedded R/O Flash systems */
if (const_byte_ptr_test(const_byte_array, &j) != CBPTR_EXPECTED) {
ret = 1;
}
if (ret != 0)
return WC_TEST_RET_ENC_NC;
}
{
#ifdef WOLFSSL_NO_ATOMICS
int a_int = WOLFSSL_ATOMIC_INITIALIZER(-2);
unsigned int a_uint = WOLFSSL_ATOMIC_INITIALIZER(2);
#else
wolfSSL_Atomic_Int a_int = WOLFSSL_ATOMIC_INITIALIZER(-2);
wolfSSL_Atomic_Uint a_uint = WOLFSSL_ATOMIC_INITIALIZER(2);
#endif
int int_expected;
unsigned int uint_expected;
if (WOLFSSL_ATOMIC_LOAD(a_int) != -2)
return WC_TEST_RET_ENC_NC;
if (WOLFSSL_ATOMIC_LOAD(a_uint) != 2)
return WC_TEST_RET_ENC_NC;
wolfSSL_Atomic_Int_Init(&a_int, -3);
if (WOLFSSL_ATOMIC_LOAD(a_int) != -3)
return WC_TEST_RET_ENC_NC;
wolfSSL_Atomic_Uint_Init(&a_uint, 3);
if (WOLFSSL_ATOMIC_LOAD(a_uint) != 3)
return WC_TEST_RET_ENC_NC;
WOLFSSL_ATOMIC_STORE(a_int, -4);
if (WOLFSSL_ATOMIC_LOAD(a_int) != -4)
return WC_TEST_RET_ENC_NC;
WOLFSSL_ATOMIC_STORE(a_uint, 4);
if (WOLFSSL_ATOMIC_LOAD(a_uint) != 4)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_Atomic_Int_FetchAdd(&a_int, 2) != -4)
return WC_TEST_RET_ENC_NC;
if (WOLFSSL_ATOMIC_LOAD(a_int) != -2)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_Atomic_Uint_FetchAdd(&a_uint, 2) != 4)
return WC_TEST_RET_ENC_NC;
if (WOLFSSL_ATOMIC_LOAD(a_uint) != 6)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_Atomic_Int_FetchSub(&a_int, 2) != -2)
return WC_TEST_RET_ENC_NC;
if (WOLFSSL_ATOMIC_LOAD(a_int) != -4)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_Atomic_Uint_FetchSub(&a_uint, 2) != 6)
return WC_TEST_RET_ENC_NC;
if (WOLFSSL_ATOMIC_LOAD(a_uint) != 4)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_Atomic_Int_AddFetch(&a_int, 2) != -2)
return WC_TEST_RET_ENC_NC;
if (WOLFSSL_ATOMIC_LOAD(a_int) != -2)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_Atomic_Uint_AddFetch(&a_uint, 2) != 6)
return WC_TEST_RET_ENC_NC;
if (WOLFSSL_ATOMIC_LOAD(a_uint) != 6)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_Atomic_Int_SubFetch(&a_int, 2) != -4)
return WC_TEST_RET_ENC_NC;
if (WOLFSSL_ATOMIC_LOAD(a_int) != -4)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_Atomic_Uint_SubFetch(&a_uint, 2) != 4)
return WC_TEST_RET_ENC_NC;
if (WOLFSSL_ATOMIC_LOAD(a_uint) != 4)
return WC_TEST_RET_ENC_NC;
int_expected = -5;
if (wolfSSL_Atomic_Int_CompareExchange(&a_int, &int_expected, -7))
return WC_TEST_RET_ENC_NC;
if (int_expected != -4)
return WC_TEST_RET_ENC_NC;
if (! wolfSSL_Atomic_Int_CompareExchange(&a_int, &int_expected, -7))
return WC_TEST_RET_ENC_NC;
if (WOLFSSL_ATOMIC_LOAD(a_int) != -7)
return WC_TEST_RET_ENC_NC;
uint_expected = 5;
if (wolfSSL_Atomic_Uint_CompareExchange(&a_uint, &uint_expected, 7))
return WC_TEST_RET_ENC_NC;
if (uint_expected != 4)
return WC_TEST_RET_ENC_NC;
if (! wolfSSL_Atomic_Uint_CompareExchange(&a_uint, &uint_expected, 7))
return WC_TEST_RET_ENC_NC;
if (WOLFSSL_ATOMIC_LOAD(a_uint) != 7)
return WC_TEST_RET_ENC_NC;
{
void * volatile a_ptr = NULL;
void * ptr_expected = NULL;
static const char s[] = "";
if (! wolfSSL_Atomic_Ptr_CompareExchange(&a_ptr,
&ptr_expected,
(void *)&s))
return WC_TEST_RET_ENC_NC;
if (a_ptr != s)
return WC_TEST_RET_ENC_NC;
}
}
return ret;
}
#ifndef NO_FILESYSTEM
/* Cert Paths */
#ifdef FREESCALE_MQX
#define CERT_PREFIX "a:\\"
#define CERT_PATH_SEP "\\"
#elif defined(WOLFSSL_uTKERNEL2)
#define CERT_PREFIX "/uda/"
#define CERT_PATH_SEP "/"
#elif defined(_WIN32_WCE)
#define CERT_PREFIX "\\windows\\"
#define CERT_PATH_SEP "\\"
#elif defined(WOLFSSL_NDS)
#undef CERT_PREFIX
#ifndef WOLFSSL_MELONDS
#define CERT_PREFIX "fat:/_nds/"
#else
#define CERT_PREFIX "_nds/"
#endif
#define CERT_PATH_SEP "/"
#endif
#ifndef CERT_PREFIX
#define CERT_PREFIX "./"
#endif
#ifndef CERT_PATH_SEP
#define CERT_PATH_SEP "/"
#endif
#ifndef CERT_WRITE_TEMP_DIR
#define CERT_WRITE_TEMP_DIR CERT_PREFIX
#endif
#define CERT_ROOT CERT_PREFIX "certs" CERT_PATH_SEP
/* Generated Test Certs */
#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
!defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
#if !defined(NO_RSA) && !defined(NO_ASN)
static const char* clientKey = CERT_ROOT "client-key.der";
static const char* clientCert = CERT_ROOT "client-cert.der";
#ifdef WOLFSSL_CERT_EXT
static const char* clientKeyPub = CERT_ROOT "client-keyPub.der";
#endif
#endif /* !NO_RSA && !NO_ASN */
#endif
#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
#if !defined(NO_RSA) && !defined(NO_ASN)
#if defined(WOLFSSL_CERT_GEN) || defined(HAVE_PKCS7)
static const char* rsaCaKeyFile = CERT_ROOT "ca-key.der";
#ifdef WOLFSSL_CERT_GEN
static const char* rsaCaCertFile = CERT_ROOT "ca-cert.pem";
#endif
#if (defined(WOLFSSL_ALT_NAMES) && !defined(WOLFSSL_NO_MALLOC)) || \
defined(HAVE_PKCS7)
static const char* rsaCaCertDerFile = CERT_ROOT "ca-cert.der";
#endif
#ifdef HAVE_PKCS7
static const char* rsaServerCertDerFile =
CERT_ROOT "server-cert.der";
static const char* rsaServerKeyDerFile =
CERT_ROOT "server-key.der";
#endif
#endif
#endif /* !NO_RSA && !NO_ASN */
#endif /* !USE_CERT_BUFFER_* */
#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
!defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
#if !defined(NO_ASN) && !defined(NO_DH)
static const char* dhParamsFile = CERT_ROOT "dh2048.der";
#endif
#endif
#if !defined(NO_ASN) && !defined(NO_DH)
#if defined(WOLFSSL_DH_EXTRA) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
#if !defined(USE_CERT_BUFFERS_2048)
static const char* dhKeyFile = CERT_ROOT "statickeys/dh-ffdhe2048.der";
static const char* dhKeyPubFile = CERT_ROOT "statickeys/dh-ffdhe2048-pub.der";
#endif
#endif
#endif
#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
#ifndef NO_DSA
static const char* dsaKey = CERT_ROOT "dsa2048.der";
#endif
#endif /* !USE_CERT_BUFFER_* */
#if !defined(USE_CERT_BUFFERS_256) && !defined(NO_ECC256)
#ifdef HAVE_ECC
/* cert files to be used in rsa cert gen test, check if RSA enabled */
#ifdef HAVE_ECC_KEY_IMPORT
static const char* eccKeyDerFile = CERT_ROOT "ecc-key.der";
#endif
#endif
#if !defined(USE_CERT_BUFFERS_256) && !defined(NO_ASN)
#if defined(HAVE_ECC) && defined(WOLFSSL_CERT_GEN) && \
!defined(NO_ECC_SECP)
#ifndef NO_RSA
static const char* eccKeyPubFileDer = CERT_ROOT "ecc-keyPub.der";
#endif
#if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC)
static const char* eccCaKeyFile = CERT_ROOT "ca-ecc-key.der";
static const char* eccCaCertFile = CERT_ROOT "ca-ecc-cert.pem";
#ifdef ENABLE_ECC384_CERT_GEN_TEST
static const char* eccCaKey384File =
CERT_ROOT "ca-ecc384-key.der";
static const char* eccCaCert384File =
CERT_ROOT "ca-ecc384-cert.pem";
#endif
#endif
#endif
#if defined(HAVE_PKCS7) && defined(HAVE_ECC)
static const char* eccClientKey = CERT_ROOT "ecc-client-key.der";
static const char* eccClientCert = CERT_ROOT "client-ecc-cert.der";
#endif
#endif /* HAVE_ECC */
#ifdef HAVE_ED25519
#ifdef WOLFSSL_TEST_CERT
static const char* serverEd25519Cert =
CERT_ROOT "ed25519/server-ed25519.der";
static const char* caEd25519Cert =
CERT_ROOT "ed25519/ca-ed25519.der";
#endif
#endif
#ifdef HAVE_ED448
#ifdef WOLFSSL_TEST_CERT
static const char* serverEd448Cert =
CERT_ROOT "ed448/server-ed448.der";
static const char* caEd448Cert = CERT_ROOT "ed448/ca-ed448.der";
#endif
#endif
#endif /* !USE_CERT_BUFFER_* */
#if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \
!defined(NO_FILESYSTEM)
static const char* certExtNc =
CERT_ROOT "test" CERT_PATH_SEP "cert-ext-nc.der";
static const char* certExtIa =
CERT_ROOT "test" CERT_PATH_SEP "cert-ext-ia.der";
static const char* certExtNct =
CERT_ROOT "test" CERT_PATH_SEP "cert-ext-nct.der";
#ifndef WOLFSSL_ASN_INT_LEAD_0_ANY
static const char* certBadNegInt =
CERT_ROOT "test" CERT_PATH_SEP "cert-bad-neg-int.der";
#endif
static const char* certBadOid =
CERT_ROOT "test" CERT_PATH_SEP "cert-bad-oid.der";
#if defined(WOLFSSL_ASN_TEMPLATE) && !defined(WOLFSSL_NO_ASN_STRICT)
static const char* certBadUtf8 =
CERT_ROOT "test" CERT_PATH_SEP "cert-bad-utf8.der";
#endif
#endif
#ifndef NO_WRITE_TEMP_FILES
#ifdef HAVE_ECC
#ifndef NO_ECC_SECP
#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && \
!defined(WOLFSSL_NO_MALLOC)
static const char* certEccPemFile = CERT_WRITE_TEMP_DIR "certecc.pem";
static const char* certEccDerFile = CERT_WRITE_TEMP_DIR "certecc.der";
#endif
#if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA)
static const char* certEccRsaPemFile = CERT_WRITE_TEMP_DIR "certeccrsa.pem";
static const char* certEccRsaDerFile = CERT_WRITE_TEMP_DIR "certeccrsa.der";
#endif
#endif
#if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) && \
(!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_SWDEV)) && \
!defined(NO_ASN_CRYPT)
static const char* eccCaKeyPemFile = CERT_WRITE_TEMP_DIR "ecc-key.pem";
static const char* eccPubKeyDerFile = CERT_WRITE_TEMP_DIR "ecc-public-key.der";
static const char* eccCaKeyTempFile = CERT_WRITE_TEMP_DIR "ecc-key.der";
#if defined(HAVE_PKCS8) && !defined(WC_NO_RNG) && \
(!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_SWDEV))
static const char* eccPkcs8KeyDerFile = CERT_WRITE_TEMP_DIR "ecc-key-pkcs8.der";
#endif
#endif /* HAVE_ECC_KEY_EXPORT */
#endif /* HAVE_ECC */
#ifndef NO_RSA
#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && \
!defined(WOLFSSL_NO_MALLOC)
static const char* otherCertDerFile = CERT_WRITE_TEMP_DIR "othercert.der";
static const char* certDerFile = CERT_WRITE_TEMP_DIR "cert.der";
static const char* otherCertPemFile = CERT_WRITE_TEMP_DIR "othercert.pem";
static const char* certPemFile = CERT_WRITE_TEMP_DIR "cert.pem";
#if defined(WOLFSSL_CERT_REQ) && !defined(WOLFSSL_NO_MALLOC)
static const char* certReqDerFile = CERT_WRITE_TEMP_DIR "certreq.der";
static const char* certReqPemFile = CERT_WRITE_TEMP_DIR "certreq.pem";
#endif
#endif
#endif /* !NO_RSA */
#if !defined(NO_RSA) || !defined(NO_DSA)
#if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
!defined(WOLFSSL_MICROCHIP)
static const char* keyDerFile = CERT_WRITE_TEMP_DIR "key.der";
static const char* keyPemFile = CERT_WRITE_TEMP_DIR "key.pem";
#endif
#endif
#endif /* !NO_WRITE_TEMP_FILES */
#endif /* !NO_FILESYSTEM */
#if defined(WOLFSSL_CERT_GEN) && (!defined(NO_RSA) || defined(HAVE_ECC)) || \
(defined(WOLFSSL_TEST_CERT) && (defined(HAVE_ED25519) || defined(HAVE_ED448)))
static CertName certDefaultName;
static void initDefaultName(void)
{
#if defined(WOLFSSL_MULTI_ATTRIB) && defined(WOLFSSL_TEST_CERT)
NameAttrib* n;
#endif
XMEMCPY(certDefaultName.country, "US", sizeof("US"));
certDefaultName.countryEnc = CTC_PRINTABLE;
XMEMCPY(certDefaultName.state, "Oregon", sizeof("Oregon"));
certDefaultName.stateEnc = CTC_UTF8;
XMEMCPY(certDefaultName.street, "Main St", sizeof("Main St"));
certDefaultName.streetEnc = CTC_UTF8;
XMEMCPY(certDefaultName.locality, "Portland", sizeof("Portland"));
certDefaultName.localityEnc = CTC_UTF8;
XMEMCPY(certDefaultName.sur, "Test", sizeof("Test"));
certDefaultName.surEnc = CTC_UTF8;
XMEMCPY(certDefaultName.org, "wolfSSL", sizeof("wolfSSL"));
certDefaultName.orgEnc = CTC_UTF8;
XMEMCPY(certDefaultName.unit, "Development", sizeof("Development"));
certDefaultName.unitEnc = CTC_UTF8;
XMEMCPY(certDefaultName.commonName, "www.wolfssl.com", sizeof("www.wolfssl.com"));
certDefaultName.commonNameEnc = CTC_UTF8;
XMEMCPY(certDefaultName.serialDev, "wolfSSL12345", sizeof("wolfSSL12345"));
certDefaultName.serialDevEnc = CTC_PRINTABLE;
XMEMCPY(certDefaultName.postalCode, "12-456", sizeof("12-456"));
certDefaultName.postalCodeEnc = CTC_PRINTABLE;
#ifdef WOLFSSL_CERT_EXT
XMEMCPY(certDefaultName.busCat, "Private Organization", sizeof("Private Organization"));
certDefaultName.busCatEnc = CTC_UTF8;
XMEMCPY(certDefaultName.joiSt, "US", sizeof("US"));
certDefaultName.joiStEnc = CTC_PRINTABLE;
XMEMCPY(certDefaultName.joiC, "Oregon", sizeof("Oregon"));
certDefaultName.joiCEnc = CTC_PRINTABLE;
#endif
XMEMCPY(certDefaultName.email, "info@wolfssl.com", sizeof("info@wolfssl.com"));
XMEMCPY(certDefaultName.userId, "TestUserID", sizeof("TestUserID"));
certDefaultName.userIdEnc = CTC_PRINTABLE;
#if defined(WOLFSSL_MULTI_ATTRIB) && defined(WOLFSSL_TEST_CERT)
/* test having additional OUs and setting DC */
n = &certDefaultName.name[0];
n->id = ASN_ORGUNIT_NAME;
n->type = CTC_UTF8;
n->sz = XSTRLEN("Development-2");
XMEMCPY(n->value, "Development-2", sizeof("Development-2"));
#if CTC_MAX_ATTRIB > 3
n = &certDefaultName.name[1];
n->id = ASN_DOMAIN_COMPONENT;
n->type = CTC_UTF8;
n->sz = XSTRLEN("com");
XMEMCPY(n->value, "com", sizeof("com"));
n = &certDefaultName.name[2];
n->id = ASN_DOMAIN_COMPONENT;
n->type = CTC_UTF8;
n->sz = XSTRLEN("wolfssl");
XMEMCPY(n->value, "wolfssl", sizeof("wolfssl"));
#endif
#endif /* WOLFSSL_MULTI_ATTRIB && WOLFSSL_TEST_CERT */
#ifdef WOLFSSL_CUSTOM_OID
/* TODO: Add test case for custom OID's */
#endif
}
#ifdef WOLFSSL_CERT_EXT
#if ((defined(HAVE_ED25519) || defined(HAVE_ED448)) && \
defined(WOLFSSL_TEST_CERT)) || defined(HAVE_ECC)
WOLFSSL_SMALL_STACK_STATIC const char certKeyUsage[] =
"digitalSignature,nonRepudiation";
#endif
#if defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA) && !defined(NO_ASN_TIME)
WOLFSSL_SMALL_STACK_STATIC const char certKeyUsage2[] =
"digitalSignature,nonRepudiation,keyEncipherment,keyAgreement";
#endif
#endif /* WOLFSSL_CERT_EXT */
#endif /* WOLFSSL_CERT_GEN */
#ifndef NO_RSA
/* Run an RSA async-capable operation: loops while the call returns
* WC_PENDING_E, calling wc_AsyncWait() each pass. The expression is only
* evaluated when ret >= 0. Updates 'ret' in place; the caller checks 'ret'
* after the macro (using `< 0` or `<= 0` as appropriate for the API).
*
* Replaces the 9-line idiom
* do {
* #if defined(WOLFSSL_ASYNC_CRYPT)
* ret = wc_AsyncWait(ret, (asyncDev_), WC_ASYNC_FLAG_CALL_AGAIN);
* #endif
* if (ret >= 0) {
* ret = (expr_);
* }
* } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
* with a single statement. Used inside the RSA test functions where 'ret'
* is in scope. */
#if defined(WOLFSSL_ASYNC_CRYPT)
#define WC_TEST_RSA_ASYNC_DO(asyncDev_, expr_) do { \
do { \
ret = wc_AsyncWait(ret, (asyncDev_), WC_ASYNC_FLAG_CALL_AGAIN); \
if (ret >= 0) ret = (expr_); \
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); \
} while (0)
#else
/* asyncDev_ is intentionally not evaluated: in non-async builds the key
* struct has no asyncDev member, so &key->asyncDev would not compile. */
#define WC_TEST_RSA_ASYNC_DO(asyncDev_, expr_) do { \
do { \
if (ret >= 0) ret = (expr_); \
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); \
} while (0)
#endif
#if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \
!defined(NO_FILESYSTEM)
static const byte minSerial[] = { 0x02, 0x01, 0x01 };
static const byte minName[] = { 0x30, 0x00 };
static const byte nameBad[] = {
0x30, 0x08,
0x31, 0x06,
0x30, 0x04,
0x06, 0x02,
0x55, 0x04,
};
static const byte minDates[] = {
0x30, 0x1e,
0x17, 0x0d,
0x31, 0x38, 0x30, 0x34, 0x31, 0x33, 0x31, 0x35,
0x32, 0x33, 0x31, 0x30, 0x5a,
0x17, 0x0d,
0x32, 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35,
0x32, 0x33, 0x31, 0x30, 0x5a
};
static const byte minPubKey[] = {
0x30, 0x1c,
0x30, 0x0d,
0x06, 0x09,
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
0x01,
0x05, 0x00,
0x03, 0x0b,
0x00, 0x30, 0x08,
0x02, 0x01,
0x03,
0x02, 0x03,
0x01, 0x00, 0x01
};
static const byte minSigAlg[] = {
0x30, 0x0d,
0x06, 0x09,
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
0x0b,
0x05, 0x00
};
static const byte minSig[] = {
0x03, 0x01,
0x00
};
static int add_seq(byte* certData, int offset, byte* data, byte length)
{
XMEMMOVE(certData + offset + 2, data, length);
certData[offset++] = 0x30;
certData[offset++] = length;
return offset + length;
}
static int add_data(byte* certData, int offset, const byte* data, byte length)
{
XMEMCPY(certData + offset, data, length);
return offset + length;
}
static wc_test_ret_t cert_asn1_test(void)
{
wc_test_ret_t ret;
int len[3];
DecodedCert cert;
byte certData[114];
byte* badCert = NULL;
len[2] = add_data(certData, 0, minSerial, (byte)sizeof(minSerial));
len[2] = add_data(certData, len[2], minSigAlg, (byte)sizeof(minSigAlg));
len[2] = add_data(certData, len[2], minName, (byte)sizeof(minName));
len[2] = add_data(certData, len[2], minDates, (byte)sizeof(minDates));
len[2] = add_data(certData, len[2], minName, (byte)sizeof(minName));
len[2] = add_data(certData, len[2], minPubKey, (byte)sizeof(minPubKey));
len[1] = add_seq(certData, 0, certData, len[2]);
len[1] = add_data(certData, len[1], minSigAlg, (byte)sizeof(minSigAlg));
len[1] = add_data(certData, len[1], minSig, (byte)sizeof(minSig));
len[0] = add_seq(certData, 0, certData, len[1]);
/* Minimal good certificate */
InitDecodedCert(&cert, certData, len[0], 0);
ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
FreeDecodedCert(&cert);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
/* Bad issuer name */
len[2] = add_data(certData, 0, minSerial, (byte)sizeof(minSerial));
len[2] = add_data(certData, len[2], minSigAlg, (byte)sizeof(minSigAlg));
len[2] = add_data(certData, len[2], nameBad, (byte)sizeof(nameBad));
len[2] = add_data(certData, len[2], minDates, (byte)sizeof(minDates));
len[2] = add_data(certData, len[2], minName, (byte)sizeof(minName));
len[2] = add_data(certData, len[2], minPubKey, (byte)sizeof(minPubKey));
len[1] = add_seq(certData, 0, certData, len[2]);
len[1] = add_data(certData, len[1], minSigAlg, (byte)sizeof(minSigAlg));
len[1] = add_data(certData, len[1], minSig, (byte)sizeof(minSig));
len[0] = add_seq(certData, 0, certData, len[1]);
/* Put data into allocated buffer to allow access error checking. */
badCert = (byte*)XMALLOC(len[0], HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XMEMCPY(badCert, certData, len[0]);
InitDecodedCert(&cert, badCert, len[0], 0);
ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
FreeDecodedCert(&cert);
if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
}
XFREE(badCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
badCert = NULL;
ret = 0;
done:
XFREE(badCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
static wc_test_ret_t cert_load_bad(const char* fname, byte* tmp, int err)
{
wc_test_ret_t ret;
DecodedCert cert;
XFILE file;
size_t bytes;
if ((fname == NULL) || (tmp == NULL)) {
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
file = XFOPEN(fname, "rb");
if (!file) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
}
bytes = XFREAD(tmp, 1, FOURK_BUF, file);
XFCLOSE(file);
if (bytes == 0) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
}
InitDecodedCert(&cert, tmp, (word32)bytes, 0);
ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
FreeDecodedCert(&cert);
if (ret != err) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
}
ret = 0;
done:
return ret;
}
static wc_test_ret_t cert_bad_asn1_test(void)
{
wc_test_ret_t ret = 0;
byte* tmp;
tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp == NULL) {
ret = WC_TEST_RET_ENC_ERRNO;
}
#ifndef WOLFSSL_ASN_INT_LEAD_0_ANY
if (ret == 0) {
/* Serial number: 0xff 0xa8. 0xff and top bit set on next byte invalid.
*/
ret = cert_load_bad(certBadNegInt, tmp, ASN_EXPECT_0_E);
}
#endif
if (ret == 0) {
/* Subject name OID: 55 04 f4. Last byte with top bit set invalid. */
ret = cert_load_bad(certBadOid, tmp, ASN_PARSE_E);
}
#if defined(WOLFSSL_ASN_TEMPLATE) && !defined(WOLFSSL_NO_ASN_STRICT)
if (ret == 0) {
/* Issuer name UTF8STRING: df 52 4e 44. Top bit of second byte not set.
*/
ret = cert_load_bad(certBadUtf8, tmp, ASN_PARSE_E);
}
#endif
XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cert_test(void)
{
#if !defined(NO_FILESYSTEM)
DecodedCert cert;
byte* tmp;
size_t bytes;
XFILE file;
wc_test_ret_t ret;
WOLFSSL_ENTER("cert_test");
tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp == NULL)
return WC_TEST_RET_ENC_ERRNO;
/* Certificate with Name Constraints extension. */
file = XFOPEN(certExtNc, "rb");
if (!file) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
}
bytes = XFREAD(tmp, 1, FOURK_BUF, file);
XFCLOSE(file);
if (bytes == 0)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
InitDecodedCert(&cert, tmp, (word32)bytes, 0);
ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
FreeDecodedCert(&cert);
/* Certificate with Inhibit Any Policy extension. */
file = XFOPEN(certExtIa, "rb");
if (!file) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
}
bytes = XFREAD(tmp, 1, FOURK_BUF, file);
XFCLOSE(file);
if (bytes == 0)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
InitDecodedCert(&cert, tmp, (word32)bytes, 0);
ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
FreeDecodedCert(&cert);
/* Certificate with Netscape Certificate Type extension. */
file = XFOPEN(certExtNct, "rb");
if (!file) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
}
bytes = XFREAD(tmp, 1, FOURK_BUF, file);
XFCLOSE(file);
if (bytes == 0)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
InitDecodedCert(&cert, tmp, (word32)bytes, 0);
ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
#ifndef IGNORE_NETSCAPE_CERT_TYPE
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#else
if (ret != WC_NO_ERR_TRACE(ASN_CRIT_EXT_E)) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
}
ret = 0;
#endif
done:
FreeDecodedCert(&cert);
XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif /* !NO_FILESYSTEM */
if (ret == 0)
ret = cert_asn1_test();
if (ret == 0)
ret = cert_bad_asn1_test();
return ret;
}
#endif /* WOLFSSL_TEST_CERT */
#if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \
!defined(NO_FILESYSTEM)
/* Test that FillSigner clears pubKeyStored/subjectCNStored after transferring
* ownership, so a second call doesn't copy stale NULL pointers. */
static wc_test_ret_t fill_signer_twice_test(void)
{
DecodedCert cert;
Signer* signer1 = NULL;
Signer* signer2 = NULL;
DerBuffer* der = NULL;
byte* tmp = NULL;
size_t bytes;
XFILE file;
wc_test_ret_t ret;
WOLFSSL_ENTER("fill_signer_twice_test");
tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp == NULL)
return WC_TEST_RET_ENC_ERRNO;
/* Load a DER certificate. */
file = XFOPEN(certExtNc, "rb");
if (!file) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
}
bytes = XFREAD(tmp, 1, FOURK_BUF, file);
XFCLOSE(file);
if (bytes == 0)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
/* Create a DerBuffer for FillSigner (needed when WOLFSSL_SIGNER_DER_CERT
* is defined). */
ret = AllocDer(&der, (word32)bytes, CERT_TYPE, HEAP_HINT);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
XMEMCPY(der->buffer, tmp, bytes);
InitDecodedCert(&cert, tmp, (word32)bytes, 0);
ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
/* After parsing, pubKeyStored should be set and publicKey non-NULL. */
if (!cert.pubKeyStored || cert.publicKey == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
/* First FillSigner: transfers publicKey and subjectCN ownership. */
signer1 = MakeSigner(HEAP_HINT);
if (signer1 == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
ret = FillSigner(signer1, &cert, CA_TYPE, der);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
/* signer1 should have received the publicKey. */
if (signer1->publicKey == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
/* After FillSigner, cert->publicKey should be NULL. */
if (cert.publicKey != NULL) {
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
/* BUG CHECK: pubKeyStored should have been cleared to 0.
* If it is still set, a second FillSigner would copy a NULL pointer. */
if (cert.pubKeyStored != 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
/* Also check subjectCNStored is cleared. */
if (cert.subjectCNStored != 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
/* Second FillSigner on the same cert should not copy NULL pointers. */
signer2 = MakeSigner(HEAP_HINT);
if (signer2 == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
ret = FillSigner(signer2, &cert, CA_TYPE, der);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
/* signer2 should NOT have a publicKey (since cert no longer owns one). */
if (signer2->publicKey != NULL) {
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
done:
FreeDecodedCert(&cert);
if (signer1 != NULL)
FreeSigner(signer1, HEAP_HINT);
if (signer2 != NULL)
FreeSigner(signer2, HEAP_HINT);
FreeDer(&der);
XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
#endif /* !NO_ASN_TIME && !NO_RSA && WOLFSSL_TEST_CERT && !NO_FILESYSTEM */
#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(WOLFSSL_GEN_CERT)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void)
{
DecodedCert cert;
byte* tmp;
size_t bytes;
XFILE file;
wc_test_ret_t ret;
/* created from rsa_test : othercert.der */
byte skid_rsa[] = "\x33\xD8\x45\x66\xD7\x68\x87\x18\x7E\x54"
"\x0D\x70\x27\x91\xC7\x26\xD7\x85\x65\xC0";
/* created from rsa_test : othercert.der */
byte akid_rsa[] = "\x27\x8E\x67\x11\x74\xC3\x26\x1D\x3F\xED"
"\x33\x63\xB3\xA4\xD8\x1D\x30\xE5\xE8\xD5";
#ifdef HAVE_ECC
/* created from ecc_test_cert_gen : certecc.der */
#ifdef ENABLE_ECC384_CERT_GEN_TEST
/* Authority key id from ./certs/ca-ecc384-cert.pem */
byte akid_ecc[] = "\xAB\xE0\xC3\x26\x4C\x18\xD4\x72\xBB\xD2"
"\x84\x8C\x9C\x0A\x05\x92\x80\x12\x53\x52";
#else
/* Authority key id from ./certs/ca-ecc-cert.pem */
byte akid_ecc[] = "\x56\x8E\x9A\xC3\xF0\x42\xDE\x18\xB9\x45"
"\x55\x6E\xF9\x93\xCF\xEA\xC3\xF3\xA5\x21";
#endif
#endif /* HAVE_ECC */
/* created from rsa_test : cert.der */
byte kid_ca[] = "\x33\xD8\x45\x66\xD7\x68\x87\x18\x7E\x54"
"\x0D\x70\x27\x91\xC7\x26\xD7\x85\x65\xC0";
WOLFSSL_ENTER("certext_test");
tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp == NULL)
return WC_TEST_RET_ENC_ERRNO;
/* load othercert.der (Cert signed by an authority) */
file = XFOPEN(otherCertDerFile, "rb");
if (!file) {
XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return WC_TEST_RET_ENC_ERRNO;
}
bytes = XFREAD(tmp, 1, FOURK_BUF, file);
XFCLOSE(file);
if (bytes == 0)
return WC_TEST_RET_ENC_ERRNO;
InitDecodedCert(&cert, tmp, (word32)bytes, 0);
ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* check the SKID from a RSA certificate */
if ((sizeof(skid_rsa) - 1 != cert.extSubjKeyIdSz) ||
(XMEMCMP(skid_rsa, cert.extSubjKeyId, cert.extSubjKeyIdSz)))
return WC_TEST_RET_ENC_NC;
/* check the AKID from an RSA certificate */
if ((sizeof(akid_rsa) - 1 != cert.extAuthKeyIdSz) ||
(XMEMCMP(akid_rsa, cert.extAuthKeyId, cert.extAuthKeyIdSz)))
return WC_TEST_RET_ENC_NC;
/* check the Key Usage from an RSA certificate */
if (!cert.extKeyUsageSet)
return WC_TEST_RET_ENC_NC;
if (cert.extKeyUsage != (KEYUSE_KEY_ENCIPHER|KEYUSE_KEY_AGREE))
return WC_TEST_RET_ENC_NC;
/* check the CA Basic Constraints from an RSA certificate */
if (cert.isCA)
return WC_TEST_RET_ENC_NC;
#ifndef WOLFSSL_SEP /* test only if not using SEP policies */
/* check the Certificate Policies Id */
if (cert.extCertPoliciesNb != 1)
return WC_TEST_RET_ENC_NC;
if (strncmp(cert.extCertPolicies[0], "2.16.840.1.101.3.4.1.42", 23))
return WC_TEST_RET_ENC_NC;
#endif
FreeDecodedCert(&cert);
#ifdef HAVE_ECC
/* load certecc.der (Cert signed by our ECC CA test in ecc_test_cert_gen) */
file = XFOPEN(certEccDerFile, "rb");
if (!file) {
XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return WC_TEST_RET_ENC_ERRNO;
}
bytes = XFREAD(tmp, 1, FOURK_BUF, file);
XFCLOSE(file);
if (bytes == 0)
return WC_TEST_RET_ENC_ERRNO;
InitDecodedCert(&cert, tmp, (word32)bytes, 0);
ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* check the SKID from a ECC certificate - generated dynamically */
/* check the AKID from an ECC certificate */
if ((sizeof(akid_ecc) - 1 != cert.extAuthKeyIdSz) ||
(XMEMCMP(akid_ecc, cert.extAuthKeyId, cert.extAuthKeyIdSz)))
return WC_TEST_RET_ENC_NC;
/* check the Key Usage from an ECC certificate */
if (!cert.extKeyUsageSet)
return WC_TEST_RET_ENC_NC;
if (cert.extKeyUsage != (KEYUSE_DIGITAL_SIG|KEYUSE_CONTENT_COMMIT))
return WC_TEST_RET_ENC_NC;
/* check the CA Basic Constraints from an ECC certificate */
if (cert.isCA)
return WC_TEST_RET_ENC_NC;
#ifndef WOLFSSL_SEP /* test only if not using SEP policies */
/* check the Certificate Policies Id */
if (cert.extCertPoliciesNb != 2)
return WC_TEST_RET_ENC_NC;
if (strncmp(cert.extCertPolicies[0], "2.4.589440.587.101.2.1.9632587.1", 32))
return WC_TEST_RET_ENC_NC;
if (strncmp(cert.extCertPolicies[1], "1.2.13025.489.1.113549", 22))
return WC_TEST_RET_ENC_NC;
#endif
FreeDecodedCert(&cert);
#endif /* HAVE_ECC */
/* load cert.der (self signed certificate) */
file = XFOPEN(certDerFile, "rb");
if (!file) {
XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return WC_TEST_RET_ENC_ERRNO;
}
bytes = XFREAD(tmp, 1, FOURK_BUF, file);
XFCLOSE(file);
if (bytes == 0)
return WC_TEST_RET_ENC_ERRNO;
InitDecodedCert(&cert, tmp, (word32)bytes, 0);
ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* check the SKID from a CA certificate */
if ((sizeof(kid_ca) - 1 != cert.extSubjKeyIdSz) ||
(XMEMCMP(kid_ca, cert.extSubjKeyId, cert.extSubjKeyIdSz)))
return WC_TEST_RET_ENC_NC;
/* check the AKID from an CA certificate */
if ((sizeof(kid_ca) - 1 != cert.extAuthKeyIdSz) ||
(XMEMCMP(kid_ca, cert.extAuthKeyId, cert.extAuthKeyIdSz)))
return WC_TEST_RET_ENC_NC;
/* check the Key Usage from CA certificate */
if (!cert.extKeyUsageSet)
return WC_TEST_RET_ENC_NC;
if (cert.extKeyUsage != (KEYUSE_KEY_CERT_SIGN|KEYUSE_CRL_SIGN))
return WC_TEST_RET_ENC_NC;
/* check the CA Basic Constraints CA certificate */
if (!cert.isCA)
return WC_TEST_RET_ENC_NC;
#ifndef WOLFSSL_SEP /* test only if not using SEP policies */
/* check the Certificate Policies Id */
if (cert.extCertPoliciesNb != 2)
return WC_TEST_RET_ENC_NC;
if (strncmp(cert.extCertPolicies[0], "2.16.840.1.101.3.4.1.42", 23))
return WC_TEST_RET_ENC_NC;
if (strncmp(cert.extCertPolicies[1], "1.2.840.113549.1.9.16.6.5", 25))
return WC_TEST_RET_ENC_NC;
#endif
FreeDecodedCert(&cert);
XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return 0;
}
#endif /* WOLFSSL_CERT_EXT && WOLFSSL_TEST_CERT &&
!NO_FILESYSTEM && !NO_RSA && WOLFSSL_CERT_GEN */
#if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void)
{
wc_test_ret_t ret = 0;
Cert cert;
FILE* file;
byte* der;
word32 derSz;
WOLFSSL_ENTER("decodedCertCache_test");
derSz = FOURK_BUF;
der = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (der == NULL)
ret = WC_TEST_RET_ENC_NC;
if (ret == 0) {
/* load cert.der */
file = XFOPEN(certDerFile, "rb");
if (file != NULL) {
derSz = (word32)XFREAD(der, 1, FOURK_BUF, file);
XFCLOSE(file);
if (derSz == 0)
ret = WC_TEST_RET_ENC_ERRNO;
}
else
ret = WC_TEST_RET_ENC_ERRNO;
}
if (ret == 0) {
ret = wc_InitCert_ex(&cert, HEAP_HINT, devId);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
ret = wc_SetSubjectBuffer(&cert, der, derSz);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
ret = wc_SetSubjectBuffer(NULL, der, derSz);
if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = 0;
else
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
ret = wc_SetSubjectRaw(&cert, der, derSz);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
ret = wc_SetSubjectRaw(NULL, der, derSz);
if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = 0;
else
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
ret = wc_SetIssuerBuffer(&cert, der, derSz);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
ret = wc_SetIssuerBuffer(NULL, der, derSz);
if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = 0;
else
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
ret = wc_SetIssuerRaw(&cert, der, derSz);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
ret = wc_SetIssuerRaw(NULL, der, derSz);
if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = 0;
else
ret = WC_TEST_RET_ENC_EC(ret);
}
#ifdef WOLFSSL_ALT_NAMES
if (ret == 0) {
ret = wc_SetAltNamesBuffer(&cert, der, derSz);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
ret = wc_SetAltNamesBuffer(NULL, der, derSz);
if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = 0;
else
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
ret = wc_SetDatesBuffer(&cert, der, derSz);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
ret = wc_SetDatesBuffer(NULL, der, derSz);
if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = 0;
else
ret = WC_TEST_RET_ENC_EC(ret);
}
#endif
if (ret == 0) {
ret = wc_SetAuthKeyIdFromCert(&cert, der, derSz);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
ret = wc_SetAuthKeyIdFromCert(NULL, der, derSz);
if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = 0;
else
ret = WC_TEST_RET_ENC_NC;
}
wc_SetCert_Free(&cert);
if (ret == 0) {
if(cert.decodedCert != NULL)
ret = WC_TEST_RET_ENC_NC;
}
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
#endif /* defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) &&
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) */
#define RSA_TEST_BYTES (RSA_MAX_SIZE / 8)
#if !defined(NO_ASN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
!defined(WOLFSSL_RSA_VERIFY_ONLY)
static wc_test_ret_t rsa_flatten_test(RsaKey* key)
{
wc_test_ret_t ret;
#if !defined(WOLFSSL_NO_MALLOC)
byte* e = NULL;
byte* n = NULL;
#else
byte e[RSA_TEST_BYTES];
byte n[RSA_TEST_BYTES];
#endif
word32 eSz = RSA_TEST_BYTES;
word32 nSz = RSA_TEST_BYTES;
#if !defined(WOLFSSL_NO_MALLOC)
e = (byte*)XMALLOC(RSA_TEST_BYTES, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
n = (byte*)XMALLOC(RSA_TEST_BYTES, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (e == NULL || n == NULL)
ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit_rsa_flatten);
#endif
#ifdef WOLFSSL_MICROCHIP_TA100
/* TA100 keys are hardware-only; flattening isn't supported. */
if (key != NULL && (key->rKeyH != 0 || key->uKeyH != 0)) {
return 0;
}
#endif
/* Parameter Validation testing. */
ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_flatten);
ret = wc_RsaFlattenPublicKey(key, NULL, &eSz, n, &nSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_flatten);
ret = wc_RsaFlattenPublicKey(key, e, NULL, n, &nSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_flatten);
ret = wc_RsaFlattenPublicKey(key, e, &eSz, NULL, &nSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_flatten);
ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_flatten);
ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_flatten);
eSz = 0;
ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_flatten);
eSz = RSA_TEST_BYTES;
nSz = 0;
ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_flatten);
ret = 0;
exit_rsa_flatten:
#if !defined(WOLFSSL_NO_MALLOC)
XFREE(e, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(n, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
#endif /* NO_ASN */
#if !defined(HAVE_FIPS) && !defined(NO_ASN) \
&& !defined(WOLFSSL_RSA_VERIFY_ONLY)
static wc_test_ret_t rsa_export_key_test(RsaKey* key)
{
wc_test_ret_t ret;
byte e[3];
word32 eSz = sizeof(e);
#if !defined(WOLFSSL_NO_MALLOC)
byte* n = NULL;
byte* d = NULL;
byte* p = NULL;
byte* q = NULL;
#else
byte n[RSA_TEST_BYTES];
byte d[RSA_TEST_BYTES];
byte p[RSA_TEST_BYTES/2];
byte q[RSA_TEST_BYTES/2];
#endif
word32 nSz = RSA_TEST_BYTES;
word32 dSz = RSA_TEST_BYTES;
word32 pSz = RSA_TEST_BYTES/2;
word32 qSz = RSA_TEST_BYTES/2;
word32 zero = 0;
#ifdef WOLFSSL_MICROCHIP_TA100
/* TA100 keys are hardware-only; exporting components is not supported. */
if (key != NULL && (key->rKeyH != 0 || key->uKeyH != 0)) {
return 0;
}
#endif
#if !defined(WOLFSSL_NO_MALLOC)
n = (byte*)XMALLOC(RSA_TEST_BYTES, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
d = (byte*)XMALLOC(RSA_TEST_BYTES, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
p = (byte*)XMALLOC(RSA_TEST_BYTES/2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
q = (byte*)XMALLOC(RSA_TEST_BYTES/2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (n == NULL || d == NULL || p == NULL || q == NULL)
ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit_rsa_export);
#endif
ret = wc_RsaExportKey(NULL, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_export);
ret = wc_RsaExportKey(key, NULL, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_export);
ret = wc_RsaExportKey(key, e, NULL, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_export);
ret = wc_RsaExportKey(key, e, &eSz, NULL, &nSz, d, &dSz, p, &pSz, q, &qSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_export);
ret = wc_RsaExportKey(key, e, &eSz, n, NULL, d, &dSz, p, &pSz, q, &qSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_export);
ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, NULL, &dSz, p, &pSz, q, &qSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_export);
ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, NULL, p, &pSz, q, &qSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_export);
ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, NULL, &pSz, q, &qSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_export);
ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, NULL, q, &qSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_export);
ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, NULL, &qSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_export);
ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_export);
ret = wc_RsaExportKey(key, e, &zero, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_export);
ret = wc_RsaExportKey(key, e, &eSz, n, &zero, d, &dSz, p, &pSz, q, &qSz);
if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_export);
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &zero, p, &pSz, q, &qSz);
if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_export);
ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &zero, q, &qSz);
if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_export);
ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &zero);
if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_export);
#endif /* WOLFSSL_RSA_PUBLIC_ONLY */
ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_export);
ret = 0;
exit_rsa_export:
#if !defined(WOLFSSL_NO_MALLOC)
XFREE(n, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(d, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(p, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(q, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
#endif /* !HAVE_FIPS && !NO_ASN && !WOLFSSL_RSA_VERIFY_ONLY */
#if !defined(NO_SIG_WRAPPER) && !defined(NO_SHA256)
static wc_test_ret_t rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng)
{
wc_test_ret_t ret;
word32 sigSz;
WOLFSSL_SMALL_STACK_STATIC const byte in[] = TEST_STRING;
WOLFSSL_SMALL_STACK_STATIC const byte hash[] = {
0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59,
0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe,
0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83,
0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f
};
WOLFSSL_SMALL_STACK_STATIC const byte hashEnc[] = {
0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
0x00, 0x04, 0x20,
0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59,
0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe,
0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83,
0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f
};
word32 inLen = (word32)XSTRLEN((char*)in);
#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
word32 outSz = RSA_TEST_BYTES;
#endif
#if !defined(WOLFSSL_NO_MALLOC)
byte* out = NULL;
out = (byte*)XMALLOC(RSA_TEST_BYTES, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (out == NULL)
ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit_rsa_sig);
#else
byte out[RSA_TEST_BYTES];
#endif
/* Parameter Validation testing. */
ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_NONE, key, keyLen);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig);
ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, 0);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig);
sigSz = (word32)modLen;
ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL,
inLen, out, &sigSz, key, keyLen, rng);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig);
ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
0, out, &sigSz, key, keyLen, rng);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig);
ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
inLen, NULL, &sigSz, key, keyLen, rng);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig);
ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
inLen, out, NULL, key, keyLen, rng);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig);
ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
inLen, out, &sigSz, NULL, keyLen, rng);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig);
ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
inLen, out, &sigSz, key, 0, rng);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig);
ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
inLen, out, &sigSz, key, keyLen, NULL);
#if defined(WOLFSSL_AFALG_XILINX_RSA) || defined(WOLFSSL_XILINX_CRYPT)
/* blinding / rng handled with hardware acceleration */
if (ret != 0)
#elif defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
/* async may not require RNG */
#if defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLFSSL_SWDEV)
if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID))
#else
#if defined(WOLFSSL_MICROCHIP_TA100)
if (ret != 0 && ret != WC_NO_ERR_TRACE(MISSING_RNG_E) &&
ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
#else
if (ret != 0 && ret != WC_NO_ERR_TRACE(MISSING_RNG_E))
#endif
#endif
#elif defined(HAVE_FIPS) || !defined(WC_RSA_BLINDING)
/* FIPS140 implementation does not do blinding */
if (ret != 0)
#elif defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_RSA_VERIFY_ONLY)
if (ret != WC_NO_ERR_TRACE(SIG_TYPE_E))
#elif defined(WOLFSSL_CRYPTOCELL) || defined(WOLFSSL_SE050)
/* RNG is handled by hardware */
if (ret != 0)
#elif defined(WOLFSSL_MICROCHIP_TA100)
/* TA100 path doesn't require RNG, may report BAD_FUNC_ARG. */
if (ret != 0 && ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
#else
if (ret != WC_NO_ERR_TRACE(MISSING_RNG_E))
#endif
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig);
sigSz = 0;
ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
inLen, out, &sigSz, key, keyLen, rng);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig);
ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL,
inLen, out, (word32)modLen, key, keyLen);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig);
ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
0, out, (word32)modLen, key, keyLen);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig);
ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
inLen, NULL, (word32)modLen, key, keyLen);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig);
ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
inLen, out, 0, key, keyLen);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig);
ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
inLen, out, (word32)modLen, NULL, keyLen);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig);
ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
inLen, out, (word32)modLen, key, 0);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig);
#ifndef HAVE_ECC
ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_ECC, key, keyLen);
if (ret != WC_NO_ERR_TRACE(SIG_TYPE_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig);
#endif
#if defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLFSSL_SWDEV)
ret = 0;
goto exit_rsa_sig;
#endif
/* Use APIs. */
ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, keyLen);
if (ret != modLen)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig);
ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA_W_ENC, key, keyLen);
if (ret != modLen)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig);
sigSz = (word32)ret;
#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
XMEMSET(out, 0, outSz);
ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
inLen, out, &sigSz, key, keyLen, rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig);
ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
inLen, out, (word32)modLen, key, keyLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig);
sigSz = outSz;
ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
in, inLen, out, &sigSz, key, keyLen, rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig);
ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
in, inLen, out, (word32)modLen, key, keyLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig);
/* Wrong signature type. */
ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
inLen, out, (word32)modLen, key, keyLen);
if (ret == 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig);
/* check hash functions */
sigSz = outSz;
ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA,
hash, (int)sizeof(hash), out, &sigSz, key, keyLen, rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig);
ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA,
hash, (int)sizeof(hash), out, (word32)modLen, key, keyLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig);
sigSz = outSz;
ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
hashEnc, (int)sizeof(hashEnc), out, &sigSz, key, keyLen, rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig);
ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
hashEnc, (int)sizeof(hashEnc), out, (word32)modLen, key, keyLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig);
#else
(void)hash;
(void)hashEnc;
#endif /* !WOLFSSL_RSA_PUBLIC_ONLY && !WOLFSSL_RSA_VERIFY_ONLY */
ret = 0;
exit_rsa_sig:
#if !defined(WOLFSSL_NO_MALLOC)
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
#endif /* !NO_SIG_WRAPPER && !NO_SHA256 */
#ifdef WC_RSA_NONBLOCK
static wc_test_ret_t rsa_nb_test(RsaKey* key, const byte* in, word32 inLen, byte* out,
word32 outSz, byte* plain, word32 plainSz, WC_RNG* rng)
{
wc_test_ret_t ret = 0;
int count;
int signSz = 0;
RsaNb nb;
byte* inlinePlain = NULL;
/* Enable non-blocking RSA mode - provide context */
ret = wc_RsaSetNonBlock(key, &nb);
if (ret != 0)
return ret;
#if defined(WC_RSA_NONBLOCK_TIME) && defined(USE_FAST_MATH)
/* Enable time based RSA blocking. 8 microseconds max (3.1GHz).
* Only available with USE_FAST_MATH; SP-only WC_RSA_NONBLOCK
* builds do not expose this entry point. */
ret = wc_RsaSetNonBlockTime(key, 8, 3100);
if (ret != 0)
return ret;
#endif
count = 0;
do {
ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, rng);
count++; /* track number of would blocks */
if (ret == FP_WOULDBLOCK) {
/* do "other" work here */
}
} while (ret == FP_WOULDBLOCK);
if (ret < 0) {
return ret;
}
#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
printf("RSA non-block sign: %d times\n", count);
#endif
signSz = ret;
/* Test non-blocking verify */
XMEMSET(plain, 0, plainSz);
count = 0;
do {
ret = wc_RsaSSL_Verify(out, (word32)signSz, plain, plainSz, key);
count++; /* track number of would blocks */
if (ret == FP_WOULDBLOCK) {
/* do "other" work here */
}
} while (ret == FP_WOULDBLOCK);
if (ret < 0) {
return ret;
}
#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
printf("RSA non-block verify: %d times\n", count);
#endif
if (signSz == ret && XMEMCMP(plain, in, (size_t)ret)) {
return SIG_VERIFY_E;
}
/* Test inline non-blocking verify */
count = 0;
do {
ret = wc_RsaSSL_VerifyInline(out, (word32)signSz, &inlinePlain, key);
count++; /* track number of would blocks */
if (ret == FP_WOULDBLOCK) {
/* do "other" work here */
}
} while (ret == FP_WOULDBLOCK);
if (ret < 0) {
return ret;
}
#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
printf("RSA non-block inline verify: %d times\n", count);
#endif
if (signSz == ret && XMEMCMP(inlinePlain, in, (size_t)ret)) {
return SIG_VERIFY_E;
}
/* Disabling non-block RSA mode */
ret = wc_RsaSetNonBlock(key, NULL);
(void)count;
return 0;
}
#endif
#if !defined(NO_ASN)
static wc_test_ret_t rsa_decode_test(RsaKey* keyPub)
{
wc_test_ret_t ret;
word32 inSz;
word32 inOutIdx;
WOLFSSL_SMALL_STACK_STATIC const byte n[2] = { 0x00, 0x23 };
WOLFSSL_SMALL_STACK_STATIC const byte e[2] = { 0x00, 0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte good[] = { 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1,
0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte goodAlgId[] = {
0x30, 0x18, 0x30, 0x16,
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte goodAlgIdNull[] = {
0x30, 0x1a, 0x30, 0x18,
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23,
0x02, 0x1, 0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte badAlgIdNull[] = {
0x30, 0x1b, 0x30, 0x19,
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
0x05, 0x01, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23,
0x02, 0x1, 0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte badNotBitString[] = {
0x30, 0x18, 0x30, 0x16,
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
0x04, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte badBitStringLen[] = {
0x30, 0x18, 0x30, 0x16,
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
0x03, 0x0a, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03};
WOLFSSL_SMALL_STACK_STATIC const byte badNoSeq[] = {
0x30, 0x16, 0x30, 0x14,
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
0x07, 0x00, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte badNoObj[] = {
0x30, 0x0f, 0x30, 0x0d, 0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06,
0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte badIntN[] = {
0x30, 0x06, 0x02, 0x05, 0x23, 0x02, 0x1, 0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte badNotIntE[] = {
0x30, 0x06, 0x02, 0x01, 0x23, 0x04, 0x1, 0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte badLength[] = {
0x30, 0x04, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte badBitStrNoZero[] = {
0x30, 0x17, 0x30, 0x15,
0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
0x03, 0x08, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
ret = wc_InitRsaKey(keyPub, NULL);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* Parameter Validation testing. */
ret = wc_RsaPublicKeyDecodeRaw(NULL, sizeof(n), e, sizeof(e), keyPub);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), NULL, sizeof(e), keyPub);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
#if defined(USE_INTEGER_HEAP_MATH)
#define RSA_RAW_BADLEN_EXPECT 0
#else
#define RSA_RAW_BADLEN_EXPECT WC_NO_ERR_TRACE(ASN_GETINT_E)
#endif
ret = wc_RsaPublicKeyDecodeRaw(n, (word32)-1, e, sizeof(e), keyPub);
if (ret != RSA_RAW_BADLEN_EXPECT) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
wc_FreeRsaKey(keyPub);
ret = wc_InitRsaKey(keyPub, NULL);
if (ret != 0) return WC_TEST_RET_ENC_EC(ret);
ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, (word32)-1, keyPub);
if (ret != RSA_RAW_BADLEN_EXPECT) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
#undef RSA_RAW_BADLEN_EXPECT
wc_FreeRsaKey(keyPub);
ret = wc_InitRsaKey(keyPub, NULL);
if (ret != 0) return WC_TEST_RET_ENC_EC(ret);
/* Use API. */
ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), keyPub);
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
wc_FreeRsaKey(keyPub);
ret = wc_InitRsaKey(keyPub, NULL);
if (ret != 0) return WC_TEST_RET_ENC_EC(ret);
/* Parameter Validation testing. */
inSz = sizeof(good);
ret = wc_RsaPublicKeyDecode(NULL, &inOutIdx, keyPub, inSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
ret = wc_RsaPublicKeyDecode(good, NULL, keyPub, inSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
ret = wc_RsaPublicKeyDecode(good, &inOutIdx, NULL, inSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
/* Use good data and offset to bad data. */
inOutIdx = 2;
inSz = sizeof(good) - inOutIdx;
ret = wc_RsaPublicKeyDecode(good, &inOutIdx, keyPub, inSz);
if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
inOutIdx = 2;
inSz = sizeof(goodAlgId) - inOutIdx;
ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz);
if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
inOutIdx = 2;
inSz = sizeof(goodAlgId);
ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz);
#ifndef WOLFSSL_NO_DECODE_EXTRA
if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
#else
if (ret != WC_NO_ERR_TRACE(ASN_RSA_KEY_E))
#endif
{
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
/* Try different bad data. */
inSz = sizeof(badAlgIdNull); inOutIdx = 0;
ret = wc_RsaPublicKeyDecode(badAlgIdNull, &inOutIdx, keyPub, inSz);
if (ret != WC_NO_ERR_TRACE(ASN_EXPECT_0_E)) {
ret = WC_TEST_RET_ENC_EC(ret); goto done;
}
inSz = sizeof(badNotBitString); inOutIdx = 0;
ret = wc_RsaPublicKeyDecode(badNotBitString, &inOutIdx, keyPub, inSz);
if (ret != WC_NO_ERR_TRACE(ASN_BITSTR_E)) {
ret = WC_TEST_RET_ENC_EC(ret); goto done;
}
inSz = sizeof(badBitStringLen); inOutIdx = 0;
ret = wc_RsaPublicKeyDecode(badBitStringLen, &inOutIdx, keyPub, inSz);
if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
ret = WC_TEST_RET_ENC_EC(ret); goto done;
}
inSz = sizeof(badNoSeq); inOutIdx = 0;
ret = wc_RsaPublicKeyDecode(badNoSeq, &inOutIdx, keyPub, inSz);
if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
ret = WC_TEST_RET_ENC_EC(ret); goto done;
}
inSz = sizeof(badNoObj); inOutIdx = 0;
ret = wc_RsaPublicKeyDecode(badNoObj, &inOutIdx, keyPub, inSz);
if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E) &&
ret != WC_NO_ERR_TRACE(ASN_OBJECT_ID_E)) {
ret = WC_TEST_RET_ENC_EC(ret); goto done;
}
inSz = sizeof(badIntN); inOutIdx = 0;
ret = wc_RsaPublicKeyDecode(badIntN, &inOutIdx, keyPub, inSz);
if (ret != WC_NO_ERR_TRACE(ASN_RSA_KEY_E) &&
ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
ret = WC_TEST_RET_ENC_EC(ret); goto done;
}
inSz = sizeof(badNotIntE); inOutIdx = 0;
ret = wc_RsaPublicKeyDecode(badNotIntE, &inOutIdx, keyPub, inSz);
if (ret != WC_NO_ERR_TRACE(ASN_RSA_KEY_E) &&
ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
ret = WC_TEST_RET_ENC_EC(ret); goto done;
}
/* TODO: Shouldn't pass as the sequence length is too small. */
inSz = sizeof(badLength);
inOutIdx = 0;
ret = wc_RsaPublicKeyDecode(badLength, &inOutIdx, keyPub, inSz);
#ifndef WOLFSSL_ASN_TEMPLATE
if (ret != 0)
#else
if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
#endif
{
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
/* TODO: Shouldn't ignore object id's data. */
wc_FreeRsaKey(keyPub);
ret = wc_InitRsaKey(keyPub, NULL);
if (ret != 0) return WC_TEST_RET_ENC_EC(ret);
inSz = sizeof(badBitStrNoZero); inOutIdx = 0;
ret = wc_RsaPublicKeyDecode(badBitStrNoZero, &inOutIdx, keyPub, inSz);
if (ret != WC_NO_ERR_TRACE(ASN_EXPECT_0_E) &&
ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
ret = WC_TEST_RET_ENC_EC(ret); goto done;
}
wc_FreeRsaKey(keyPub);
ret = wc_InitRsaKey(keyPub, NULL);
if (ret != 0) return WC_TEST_RET_ENC_EC(ret);
/* Valid data cases. */
inSz = sizeof(good); inOutIdx = 0;
ret = wc_RsaPublicKeyDecode(good, &inOutIdx, keyPub, inSz);
if (ret != 0) { ret = WC_TEST_RET_ENC_EC(ret); goto done; }
if (inOutIdx != inSz) { ret = WC_TEST_RET_ENC_NC; goto done; }
wc_FreeRsaKey(keyPub);
ret = wc_InitRsaKey(keyPub, NULL);
if (ret != 0) return WC_TEST_RET_ENC_EC(ret);
inSz = sizeof(goodAlgId); inOutIdx = 0;
ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz);
if (ret != 0) { ret = WC_TEST_RET_ENC_EC(ret); goto done; }
if (inOutIdx != inSz) { ret = WC_TEST_RET_ENC_NC; goto done; }
wc_FreeRsaKey(keyPub);
ret = wc_InitRsaKey(keyPub, NULL);
if (ret != 0) return WC_TEST_RET_ENC_EC(ret);
inSz = sizeof(goodAlgIdNull); inOutIdx = 0;
ret = wc_RsaPublicKeyDecode(goodAlgIdNull, &inOutIdx, keyPub, inSz);
if (ret != 0) { ret = WC_TEST_RET_ENC_EC(ret); goto done; }
if (inOutIdx != inSz) { ret = WC_TEST_RET_ENC_NC; goto done; }
#ifdef USE_CERT_BUFFERS_2048
/* Test that public key decode rejects a private key */
wc_FreeRsaKey(keyPub);
ret = wc_InitRsaKey(keyPub, NULL);
if (ret != 0) return WC_TEST_RET_ENC_EC(ret);
inOutIdx = 0;
ret = wc_RsaPublicKeyDecode(client_key_der_2048, &inOutIdx, keyPub,
sizeof_client_key_der_2048);
if (ret != WC_NO_ERR_TRACE(ASN_RSA_KEY_E)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
ret = 0; /* success - public key decode correctly rejected private key */
#endif
done:
wc_FreeRsaKey(keyPub);
return ret;
}
#endif
#if defined(WC_RSA_PSS) && \
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,0)) && \
!defined(WC_NO_RNG)
/* Need to create known good signatures to test with this. */
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
(!defined(WOLF_CRYPTO_CB_ONLY_RSA) || defined(WOLFSSL_SWDEV))
static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
{
byte digest[WC_MAX_DIGEST_SIZE];
wc_test_ret_t ret = 0;
const char inStr[] = TEST_STRING;
word32 inLen = (word32)TEST_STRING_SZ;
word32 outSz;
word32 plainSz;
word32 digestSz;
int i, j;
#ifdef RSA_PSS_TEST_WRONG_PARAMS
int k, l;
#endif
#ifndef WOLFSSL_SE050
int len;
#endif
byte* plain;
#ifdef WOLFSSL_MICROCHIP_TA100
int mgf[] = { WC_MGF1SHA256 };
enum wc_HashType hash[] = { WC_HASH_TYPE_SHA256 };
#else
int mgf[] = {
#ifndef NO_SHA
WC_MGF1SHA1,
#endif
#ifdef WOLFSSL_SHA224
WC_MGF1SHA224,
#endif
#ifndef NO_SHA256
WC_MGF1SHA256,
#endif
#ifdef WOLFSSL_SHA384
WC_MGF1SHA384,
#endif
#ifdef WOLFSSL_SHA512
WC_MGF1SHA512
#endif
};
enum wc_HashType hash[] = {
#ifndef NO_SHA
WC_HASH_TYPE_SHA,
#endif
#ifdef WOLFSSL_SHA224
WC_HASH_TYPE_SHA224,
#endif
#ifndef NO_SHA256
WC_HASH_TYPE_SHA256,
#endif
#ifdef WOLFSSL_SHA384
WC_HASH_TYPE_SHA384,
#endif
#ifdef WOLFSSL_SHA512
WC_HASH_TYPE_SHA512,
#endif
};
#endif /* WOLFSSL_MICROCHIP_TA100 */
WC_DECLARE_VAR(in, byte, RSA_TEST_BYTES, HEAP_HINT);
WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
WC_DECLARE_VAR(sig, byte, RSA_TEST_BYTES, HEAP_HINT);
WC_ALLOC_VAR(in, byte, RSA_TEST_BYTES, HEAP_HINT);
WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
WC_ALLOC_VAR(sig, byte, RSA_TEST_BYTES, HEAP_HINT);
#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
if (in == NULL || out == NULL || sig == NULL)
ERROR_OUT(MEMORY_E, exit_rsa_pss);
#endif
XMEMCPY(in, inStr, inLen);
/* Test all combinations of hash and MGF. */
for (j = 0; j < (int)(sizeof(hash)/sizeof(*hash)); j++) {
/* Calculate hash of message. */
ret = wc_Hash(hash[j], in, inLen, digest, sizeof(digest));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
digestSz = (word32)wc_HashGetDigestSize(hash[j]);
#ifdef WOLFSSL_SE050
/* SE050 only supports MGF matched to same hash type */
i = j;
#else
for (i = 0; i < (int)(sizeof(mgf)/sizeof(*mgf)); i++) {
#endif
outSz = RSA_TEST_BYTES;
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz,
hash[j], mgf[i], -1, key, rng));
if (ret <= 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
outSz = (word32)ret;
XMEMCPY(sig, out, outSz);
plain = NULL;
TEST_SLEEP();
#if defined(WOLFSSL_MICROCHIP_TA100)
{
word32 sigSz = outSz;
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_RsaPSS_VerifyCheck(sig, sigSz, out, outSz,
digest, digestSz, hash[j], mgf[i], key));
if (ret <= 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
/* TA100 PSS verify done; skip remaining software-only variants. */
return 0;
}
#else
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[j],
mgf[i], -1, key));
if (ret <= 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
plainSz = (word32)ret;
TEST_SLEEP();
#if defined(HAVE_SELFTEST) && \
(!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
hash[j], -1);
#elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2)
ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
hash[j], -1, 0);
#else
ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, plain, plainSz,
hash[j], -1, wc_RsaEncryptSize(key)*8, HEAP_HINT);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
#endif /* WOLFSSL_MICROCHIP_TA100 */
#ifdef RSA_PSS_TEST_WRONG_PARAMS
for (k = 0; k < (int)(sizeof(mgf)/sizeof(*mgf)); k++) {
for (l = 0; l < (int)(sizeof(hash)/sizeof(*hash)); l++) {
if (i == k && j == l)
continue;
XMEMCPY(sig, out, outSz);
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_RsaPSS_VerifyInline_ex(sig, outSz,
(byte**)&plain, hash[l], mgf[k], -1, key));
if (ret >= 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
}
}
#endif
#ifndef WOLFSSL_SE050
} /* end mgf for loop */
#endif
}
/* SE050 generates salts internally only of hash length */
#ifndef WOLFSSL_SE050
/* Test that a salt length of zero works. */
digestSz = (word32)wc_HashGetDigestSize(hash[0]);
outSz = RSA_TEST_BYTES;
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
mgf[0], 0, key, rng));
if (ret <= 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
outSz = (word32)ret;
TEST_SLEEP();
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_RsaPSS_Verify_ex(out, outSz, sig, outSz, hash[0], mgf[0],
0, key));
if (ret <= 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
plainSz = (word32)ret;
TEST_SLEEP();
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key->asyncDev,
WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret >= 0) {
#if defined(HAVE_SELFTEST) && \
(!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, sig, plainSz,
hash[0], 0);
#elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2)
ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, sig, plainSz,
hash[0], 0, 0);
#else
ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, sig, plainSz,
hash[0], 0, 0, HEAP_HINT);
#endif
}
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
XMEMCPY(sig, out, outSz);
plain = NULL;
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], mgf[0],
0, key));
if (ret <= 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
plainSz = (word32)ret;
TEST_SLEEP();
#if defined(HAVE_SELFTEST) && \
(!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
hash[0], 0);
#elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2)
ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
hash[0], 0, 0);
#else
ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, plain, plainSz, hash[0],
0, 0, HEAP_HINT);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
/* Test bad salt lengths in various APIs. */
digestSz = (word32)wc_HashGetDigestSize(hash[0]);
outSz = RSA_TEST_BYTES;
#ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER
len = -2;
#else
len = -3;
#endif
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
mgf[0], len, key, rng));
if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
mgf[0], (int)digestSz + 1, key, rng));
if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
TEST_SLEEP();
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0],
mgf[0], -2, key));
if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
TEST_SLEEP();
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], mgf[0],
(int)digestSz + 1, key));
if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
TEST_SLEEP();
#ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER
len = -2;
#else
len = -3;
#endif
#if defined(HAVE_SELFTEST) && \
(!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
hash[0], len);
#elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2)
ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
hash[0], len, 0);
#else
ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, plain, plainSz, hash[0],
len, 0, HEAP_HINT);
#endif
if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
#ifndef WOLFSSL_PSS_LONG_SALT
len = (int)(digestSz + 1);
#else
len = (int)(plainSz - digestSz - 1);
#endif
#if defined(HAVE_SELFTEST) && \
(!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
hash[0], len);
if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
#elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2)
ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
hash[0], len, 0);
if (ret != WC_NO_ERR_TRACE(BAD_PADDING_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
#else
ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, plain, plainSz, hash[0],
len, 0, HEAP_HINT);
if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
#endif
ret = 0;
#endif /* WOLFSSL_SE050 */
exit_rsa_pss:
WC_FREE_VAR(sig, HEAP_HINT);
WC_FREE_VAR(in, HEAP_HINT);
WC_FREE_VAR(out, HEAP_HINT);
return ret;
}
#endif /* !WOLFSSL_RSA_VERIFY_ONLY && !WOLFSSL_RSA_PUBLIC_ONLY */
#endif /* WC_RSA_PSS && (!HAVE_FIPS || FIPS_VERSION_GE(5,0)) && !WC_NO_RNG */
#ifdef WC_RSA_NO_PADDING
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void)
{
WC_RNG rng;
byte* tmp = NULL;
size_t bytes;
wc_test_ret_t ret;
word32 inLen = 0;
word32 idx = 0;
word32 outSz = RSA_TEST_BYTES;
word32 plainSz = RSA_TEST_BYTES;
#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
!defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \
!defined(NO_FILESYSTEM)
XFILE file;
#endif
WC_DECLARE_VAR(key, RsaKey, 1, HEAP_HINT);
WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
WC_DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
WC_ALLOC_VAR(key, RsaKey, 1, HEAP_HINT);
WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
WC_ALLOC_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
WOLFSSL_ENTER("rsa_no_pad_test");
#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
if (key == NULL || out == NULL || plain == NULL)
ERROR_OUT(MEMORY_E, exit_rsa_nopadding);
#endif
/* initialize stack structures */
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(key, 0, sizeof(RsaKey));
#ifdef USE_CERT_BUFFERS_1024
bytes = (size_t)sizeof_client_key_der_1024;
if (bytes < (size_t)sizeof_client_cert_der_1024)
bytes = (size_t)sizeof_client_cert_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
bytes = (size_t)sizeof_client_key_der_2048;
if (bytes < (size_t)sizeof_client_cert_der_2048)
bytes = (size_t)sizeof_client_cert_der_2048;
#else
bytes = FOURK_BUF;
#endif
tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_nopadding);
}
#ifdef USE_CERT_BUFFERS_1024
XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024);
#elif defined(USE_CERT_BUFFERS_2048)
XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
#elif defined(USE_CERT_BUFFERS_3072)
XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072);
#elif defined(USE_CERT_BUFFERS_4096)
XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096);
#elif !defined(NO_FILESYSTEM)
file = XFOPEN(clientKey, "rb");
if (!file) {
err_sys("can't open clientKey, Please run from wolfSSL home dir",
WC_TEST_RET_ENC_ERRNO);
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa_nopadding);
}
bytes = XFREAD(tmp, 1, FOURK_BUF, file);
XFCLOSE(file);
if (bytes == 0)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa_nopadding);
#else
/* No key to use. */
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_nopadding);
#endif /* USE_CERT_BUFFERS */
ret = test_RsaInit(key, HEAP_HINT, devId);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
}
ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
}
/* after loading in key use tmp as the test buffer */
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
ret = wc_InitRng(&rng);
#endif
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
}
#ifndef WOLFSSL_RSA_VERIFY_ONLY
inLen = (word32)wc_RsaEncryptSize(key);
outSz = inLen;
plainSz = inLen;
XMEMSET(tmp, 7, inLen);
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_RsaDirect(tmp, inLen, out, &outSz, key,
RSA_PRIVATE_ENCRYPT, &rng));
if (ret <= 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
}
/* encrypted result should not be the same as input */
if (XMEMCMP(out, tmp, inLen) == 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_nopadding);
}
TEST_SLEEP();
/* decrypt with public key and compare result */
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_RsaDirect(out, outSz, plain, &plainSz, key,
RSA_PUBLIC_DECRYPT, &rng));
if (ret <= 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
}
if (XMEMCMP(plain, tmp, inLen) != 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_nopadding);
}
TEST_SLEEP();
#endif
#ifdef WC_RSA_BLINDING
ret = wc_RsaSetRNG(NULL, &rng);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
}
ret = wc_RsaSetRNG(key, &rng);
if (ret < 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
}
#endif
/* test encrypt and decrypt using WC_RSA_NO_PAD */
#ifndef WOLFSSL_RSA_VERIFY_ONLY
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_RsaPublicEncrypt_ex(tmp, inLen, out, outSz, key, &rng,
WC_RSA_NO_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0));
if (ret < 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
}
TEST_SLEEP();
#endif /* WOLFSSL_RSA_VERIFY_ONLY */
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_RsaPrivateDecrypt_ex(out, outSz, plain, plainSz, key,
WC_RSA_NO_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0));
if (ret < 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
}
if (XMEMCMP(plain, tmp, inLen) != 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_nopadding);
}
TEST_SLEEP();
#endif /* WOLFSSL_RSA_PUBLIC_ONLY */
/* test some bad arguments */
ret = wc_RsaDirect(out, outSz, plain, &plainSz, key, -1,
&rng);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
}
ret = wc_RsaDirect(out, outSz, plain, &plainSz, NULL, RSA_PUBLIC_DECRYPT,
&rng);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
}
ret = wc_RsaDirect(out, outSz, NULL, &plainSz, key, RSA_PUBLIC_DECRYPT,
&rng);
if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E) || plainSz != inLen) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
}
ret = wc_RsaDirect(out, outSz - 10, plain, &plainSz, key,
RSA_PUBLIC_DECRYPT, &rng);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
}
/* if making it to this point of code without hitting an ERROR_OUT then
* all tests have passed */
ret = 0;
exit_rsa_nopadding:
wc_FreeRsaKey(key);
XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
WC_FREE_VAR(key, HEAP_HINT);
WC_FREE_VAR(out, HEAP_HINT);
WC_FREE_VAR(plain, HEAP_HINT);
wc_FreeRng(&rng);
return ret;
}
#endif /* WC_RSA_NO_PADDING */
#if defined(WOLFSSL_HAVE_SP_RSA) && defined(USE_FAST_MATH)
static wc_test_ret_t rsa_even_mod_test(WC_RNG* rng, RsaKey* key)
{
byte* tmp = NULL;
size_t bytes;
wc_test_ret_t ret;
word32 inLen = 0;
#ifndef NO_ASN
word32 idx = 0;
#endif
word32 outSz = RSA_TEST_BYTES;
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
word32 plainSz = RSA_TEST_BYTES;
#endif
#if !defined(USE_CERT_BUFFERS_2048) && !defined(USE_CERT_BUFFERS_3072) && \
!defined(USE_CERT_BUFFERS_4096) && !defined(NO_FILESYSTEM)
XFILE file;
#endif
WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
WC_DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
#endif
WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
WC_ALLOC_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
#endif
#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
if (out == NULL
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
|| plain == NULL
#endif
) {
ERROR_OUT(MEMORY_E, exit_rsa_even_mod);
}
#endif
#if defined(USE_CERT_BUFFERS_2048)
bytes = (size_t)sizeof_client_key_der_2048;
if (bytes < (size_t)sizeof_client_cert_der_2048)
bytes = (size_t)sizeof_client_cert_der_2048;
#else
bytes = FOURK_BUF;
#endif
tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp == NULL
#ifdef WOLFSSL_ASYNC_CRYPT
|| out == NULL || plain == NULL
#endif
) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_even_mod);
}
#if defined(USE_CERT_BUFFERS_2048)
XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
#elif defined(USE_CERT_BUFFERS_3072)
XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072);
#elif defined(USE_CERT_BUFFERS_4096)
XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096);
#elif !defined(NO_FILESYSTEM)
file = XFOPEN(clientKey, "rb");
if (!file) {
err_sys("can't open ./certs/client-key.der, "
"Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO);
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa_even_mod);
}
bytes = XFREAD(tmp, 1, FOURK_BUF, file);
XFCLOSE(file);
if (bytes == 0)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa_even_mod);
#else
/* No key to use. */
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_even_mod);
#endif /* USE_CERT_BUFFERS */
#ifndef NO_ASN
ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
}
#else
#ifdef USE_CERT_BUFFERS_2048
ret = mp_read_unsigned_bin(&key->n, &tmp[12], 256);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
}
ret = mp_set_int(&key->e, WC_RSA_EXPONENT);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
}
#ifndef NO_SIG_WRAPPER
modLen = 2048;
#endif
#else
#error Not supported yet!
#endif
#endif
key->n.dp[0] &= (mp_digit)-2;
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
}
/* after loading in key use tmp as the test buffer */
#if !(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2) && \
(defined(WOLFSSL_SP_ARM64_ASM) || defined(WOLFSSL_SP_ARM32_ASM))) && \
!defined(WOLFSSL_XILINX_CRYPT)
/* The ARM64_ASM code that was FIPS validated did not return these expected
* failure codes. These tests cases were added after the assembly was
* in-lined in the module and validated, these tests will be available in
* the 140-3 module */
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
inLen = 32;
outSz = wc_RsaEncryptSize(key);
XMEMSET(tmp, 7, plainSz);
ret = wc_RsaSSL_Sign(tmp, inLen, out, outSz, key, rng);
if (ret != WC_NO_ERR_TRACE(MP_VAL) &&
ret != WC_NO_ERR_TRACE(MP_EXPTMOD_E) &&
ret != WC_NO_ERR_TRACE(MP_INVMOD_E))
{
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
}
ret = wc_RsaSSL_Verify(out, outSz, tmp, inLen, key);
if (ret != WC_NO_ERR_TRACE(MP_VAL) &&
ret != WC_NO_ERR_TRACE(MP_EXPTMOD_E))
{
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
}
#endif
#ifdef WC_RSA_BLINDING
ret = wc_RsaSetRNG(key, rng);
if (ret < 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
}
#endif
/* test encrypt and decrypt using WC_RSA_NO_PAD */
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
ret = wc_RsaPublicEncrypt(tmp, inLen, out, (int)outSz, key, rng);
if (ret != WC_NO_ERR_TRACE(MP_VAL) &&
ret != WC_NO_ERR_TRACE(MP_EXPTMOD_E))
{
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
}
#endif /* WOLFSSL_RSA_VERIFY_ONLY */
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
ret = wc_RsaPrivateDecrypt(out, outSz, plain, (int)plainSz, key);
if (ret != WC_NO_ERR_TRACE(MP_VAL) &&
ret != WC_NO_ERR_TRACE(MP_EXPTMOD_E) &&
ret != WC_NO_ERR_TRACE(MP_INVMOD_E))
{
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
}
#endif /* WOLFSSL_RSA_PUBLIC_ONLY */
#endif /* !(HAVE_FIPS_VERSION == 2 && WOLFSSL_SP_ARMxx_ASM) */
/* if making it to this point of code without hitting an ERROR_OUT then
* all tests have passed */
ret = 0;
exit_rsa_even_mod:
XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
WC_FREE_VAR(out, HEAP_HINT);
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
WC_FREE_VAR(plain, HEAP_HINT);
#endif
(void)out;
(void)outSz;
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
(void)plain;
(void)plainSz;
#endif
(void)inLen;
(void)rng;
return ret;
}
#endif /* WOLFSSL_HAVE_SP_RSA */
#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC)
static wc_test_ret_t rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
RsaKey *caKey = (RsaKey *)XMALLOC(sizeof *caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WOLFSSL_TEST_CERT
DecodedCert *decode = (DecodedCert *)XMALLOC(sizeof *decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#else
RsaKey caKey[1];
#ifdef WOLFSSL_TEST_CERT
DecodedCert decode[1];
#endif
#endif
byte* der = NULL;
wc_test_ret_t ret;
Cert* myCert = NULL;
int certSz;
size_t bytes3;
word32 idx3 = 0;
#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
XFILE file3;
#endif
#if defined(WOLFSSL_ALT_NAMES) && !defined(NO_ASN_TIME)
struct tm beforeTime;
struct tm afterTime;
#endif
const byte mySerial[8] = {1,2,3,4,5,6,7,8};
(void)keypub;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (caKey == NULL)
ERROR_OUT(MEMORY_E, exit_rsa);
#ifdef WOLFSSL_TEST_CERT
if (decode == NULL)
ERROR_OUT(MEMORY_E, exit_rsa);
#endif
#endif
XMEMSET(caKey, 0, sizeof *caKey);
der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (der == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
}
myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (myCert == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
}
/* self signed */
ret = wc_InitCert_ex(myCert, HEAP_HINT, devId);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
}
XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName));
XMEMCPY(myCert->serial, mySerial, sizeof(mySerial));
myCert->serialSz = (int)sizeof(mySerial);
myCert->isCA = 1;
#ifndef NO_SHA256
myCert->sigType = CTC_SHA256wRSA;
#elif defined(WOLFSSL_SHA384)
myCert->sigType = CTC_SHA384wRSA;
#elif defined(WOLFSSL_SHA512)
myCert->sigType = CTC_SHA512wRSA;
#elif defined(WOLFSSL_SHA224)
myCert->sigType = CTC_SHA224wRSA;
#elif !defined(NO_SHA)
myCert->sigType = CTC_SHAwRSA;
#else
#error "No signature type available"
#endif
#ifdef WOLFSSL_CERT_EXT
/* add Policies */
XSTRNCPY(myCert->certPolicies[0], "2.16.840.1.101.3.4.1.42",
CTC_MAX_CERTPOL_SZ);
XSTRNCPY(myCert->certPolicies[1], "1.2.840.113549.1.9.16.6.5",
CTC_MAX_CERTPOL_SZ);
myCert->certPoliciesNb = 2;
/* add SKID from the Public Key */
ret = wc_SetSubjectKeyIdFromPublicKey(myCert, keypub, NULL);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
}
/* add AKID from the Public Key */
ret = wc_SetAuthKeyIdFromPublicKey(myCert, keypub, NULL);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
}
/* add Key Usage */
ret = wc_SetKeyUsage(myCert,"cRLSign,keyCertSign");
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
}
#ifdef WOLFSSL_EKU_OID
{
const char unique[] = "2.16.840.1.111111.100.1.10.1";
ret = wc_SetExtKeyUsageOID(myCert, unique, sizeof(unique), 0,
HEAP_HINT);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
}
}
#endif /* WOLFSSL_EKU_OID */
#endif /* WOLFSSL_CERT_EXT */
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_MakeSelfCert(myCert, der, FOURK_BUF, key, rng));
if (ret < 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
}
certSz = (int)ret;
#ifdef WOLFSSL_TEST_CERT
InitDecodedCert(decode, der, certSz, HEAP_HINT);
ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0);
if (ret != 0) {
FreeDecodedCert(decode);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
}
FreeDecodedCert(decode);
#endif
ret = SaveDerAndPem(der, certSz, certDerFile, certPemFile,
CERT_TYPE);
if (ret != 0) {
goto exit_rsa;
}
/* Setup Certificate */
ret = wc_InitCert_ex(myCert, HEAP_HINT, devId);
if (ret < 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
}
#if defined(WOLFSSL_ALT_NAMES) || defined(HAVE_PKCS7)
/* Get CA Cert for testing */
#ifdef USE_CERT_BUFFERS_1024
XMEMCPY(tmp, ca_cert_der_1024, sizeof_ca_cert_der_1024);
bytes3 = sizeof_ca_cert_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
XMEMCPY(tmp, ca_cert_der_2048, sizeof_ca_cert_der_2048);
bytes3 = sizeof_ca_cert_der_2048;
#else
file3 = XFOPEN(rsaCaCertDerFile, "rb");
if (!file3) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
}
bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3);
XFCLOSE(file3);
if (bytes3 == 0)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
#endif /* USE_CERT_BUFFERS */
#if defined(WOLFSSL_ALT_NAMES)
#if !defined(NO_FILESYSTEM) && !defined(USE_CERT_BUFFERS_1024) && \
!defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN)
ret = wc_SetAltNames(myCert, rsaCaCertFile);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
#endif
/* get alt names from der */
ret = wc_SetAltNamesBuffer(myCert, tmp, (int)bytes3);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
/* get dates from der */
ret = wc_SetDatesBuffer(myCert, tmp, (int)bytes3);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
#ifndef NO_ASN_TIME
ret = wc_GetCertDates(myCert, &beforeTime, &afterTime);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
#endif
#endif /* WOLFSSL_ALT_NAMES */
#endif /* WOLFSSL_ALT_NAMES || HAVE_PKCS7 */
/* Get CA Key */
#ifdef USE_CERT_BUFFERS_1024
XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024);
bytes3 = sizeof_ca_key_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048);
bytes3 = sizeof_ca_key_der_2048;
#else
file3 = XFOPEN(rsaCaKeyFile, "rb");
if (!file3) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
}
bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3);
XFCLOSE(file3);
if (bytes3 == 0)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
#endif /* USE_CERT_BUFFERS */
ret = wc_InitRsaKey(caKey, HEAP_HINT);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
ret = wc_RsaPrivateKeyDecode(tmp, &idx3, caKey, (word32)bytes3);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
#ifndef NO_SHA256
myCert->sigType = CTC_SHA256wRSA;
#elif defined(WOLFSSL_SHA384)
myCert->sigType = CTC_SHA384wRSA;
#elif defined(WOLFSSL_SHA512)
myCert->sigType = CTC_SHA512wRSA;
#elif defined(WOLFSSL_SHA224)
myCert->sigType = CTC_SHA224wRSA;
#elif !defined(NO_SHA)
myCert->sigType = CTC_SHAwRSA;
#else
#error "No signature type available"
#endif
XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName));
#ifdef WOLFSSL_CERT_EXT
/* add Policies */
XSTRNCPY(myCert->certPolicies[0], "2.16.840.1.101.3.4.1.42",
CTC_MAX_CERTPOL_SZ);
myCert->certPoliciesNb =1;
/* add SKID from the Public Key */
ret = wc_SetSubjectKeyIdFromPublicKey(myCert, key, NULL);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
/* add AKID from the CA certificate */
#if defined(USE_CERT_BUFFERS_2048)
ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_2048,
sizeof_ca_cert_der_2048);
#elif defined(USE_CERT_BUFFERS_1024)
ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_1024,
sizeof_ca_cert_der_1024);
#else
ret = wc_SetAuthKeyId(myCert, rsaCaCertFile);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
/* add Key Usage */
ret = wc_SetKeyUsage(myCert,"keyEncipherment,keyAgreement");
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
#endif /* WOLFSSL_CERT_EXT */
#if defined(USE_CERT_BUFFERS_2048)
ret = wc_SetIssuerBuffer(myCert, ca_cert_der_2048,
sizeof_ca_cert_der_2048);
#elif defined(USE_CERT_BUFFERS_1024)
ret = wc_SetIssuerBuffer(myCert, ca_cert_der_1024,
sizeof_ca_cert_der_1024);
#else
ret = wc_SetIssuer(myCert, rsaCaCertFile);
#endif
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
certSz = wc_MakeCert(myCert, der, FOURK_BUF, key, NULL, rng);
if (certSz < 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(certSz), exit_rsa);
}
ret = 0;
WC_TEST_RSA_ASYNC_DO(&caKey->asyncDev,
wc_SignCert(myCert->bodySz, myCert->sigType, der, FOURK_BUF,
caKey, NULL, rng));
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
certSz = (int)ret;
#ifdef WOLFSSL_TEST_CERT
InitDecodedCert(decode, der, certSz, HEAP_HINT);
ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0);
if (ret != 0) {
FreeDecodedCert(decode);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
}
FreeDecodedCert(decode);
#endif
ret = SaveDerAndPem(der, certSz, otherCertDerFile, otherCertPemFile,
CERT_TYPE);
if (ret != 0) {
goto exit_rsa;
}
exit_rsa:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (caKey != NULL) {
wc_FreeRsaKey(caKey);
XFREE(caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#ifdef WOLFSSL_TEST_CERT
XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#else
wc_FreeRsaKey(caKey);
#endif
XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
#endif
#if !defined(NO_RSA) && defined(HAVE_ECC) && !defined(NO_ECC_SECP) && \
defined(WOLFSSL_CERT_GEN)
/* Make Cert / Sign example for ECC cert and RSA CA */
static wc_test_ret_t rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
RsaKey *caKey = (RsaKey *)XMALLOC(sizeof *caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
ecc_key *caEccKey = (ecc_key *)XMALLOC(sizeof *caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
ecc_key *caEccKeyPub = (ecc_key *)XMALLOC(sizeof *caEccKeyPub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WOLFSSL_TEST_CERT
DecodedCert *decode = (DecodedCert *)XMALLOC(sizeof *decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#else
RsaKey caKey[1];
ecc_key caEccKey[1];
ecc_key caEccKeyPub[1];
#ifdef WOLFSSL_TEST_CERT
DecodedCert decode[1];
#endif
#endif
byte* der = NULL;
Cert* myCert = NULL;
int certSz;
size_t bytes3;
word32 idx3 = 0;
#if (!defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)) \
|| !defined(USE_CERT_BUFFERS_256)
#ifndef NO_FILESYSTEM
XFILE file3;
#endif
#endif
wc_test_ret_t ret;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if ((caKey == NULL) || (caEccKey == NULL) || (caEccKeyPub == NULL)
#ifdef WOLFSSL_TEST_CERT
|| (decode == NULL)
#endif
)
ERROR_OUT(MEMORY_E, exit_rsa);
#endif
XMEMSET(caKey, 0, sizeof *caKey);
XMEMSET(caEccKey, 0, sizeof *caEccKey);
XMEMSET(caEccKeyPub, 0, sizeof *caEccKeyPub);
der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (der == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
}
myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (myCert == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
}
/* Get CA Key */
#ifdef USE_CERT_BUFFERS_1024
XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024);
bytes3 = sizeof_ca_key_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048);
bytes3 = sizeof_ca_key_der_2048;
#else
file3 = XFOPEN(rsaCaKeyFile, "rb");
if (!file3) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
}
bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3);
XFCLOSE(file3);
if (bytes3 == 0)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
#endif /* USE_CERT_BUFFERS */
ret = wc_InitRsaKey(caKey, HEAP_HINT);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
ret = wc_RsaPrivateKeyDecode(tmp, &idx3, caKey, (word32)bytes3);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
/* Get Cert Key */
#if defined(USE_CERT_BUFFERS_256)
{
XMEMCPY(tmp, ecc_key_pub_der_256, sizeof_ecc_key_pub_der_256);
bytes3 = sizeof_ecc_key_pub_der_256;
}
#elif !defined(NO_FILESYSTEM)
{
file3 = XFOPEN(eccKeyPubFileDer, "rb");
if (!file3) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
}
bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3);
XFCLOSE(file3);
if (bytes3 == 0)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
}
#else
{
WOLFSSL_MSG("No file system and USE_CERT_BUFFERS_256 not defined.(1)");
ERROR_OUT(ASN_PARSE_E, exit_rsa);
}
#endif
ret = wc_ecc_init_ex(caEccKeyPub, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
idx3 = 0;
ret = wc_EccPublicKeyDecode(tmp, &idx3, caEccKeyPub, (word32)bytes3);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
/* Setup Certificate */
ret = wc_InitCert_ex(myCert, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
#ifndef NO_SHA256
myCert->sigType = CTC_SHA256wRSA;
#elif defined(WOLFSSL_SHA384)
myCert->sigType = CTC_SHA384wRSA;
#elif defined(WOLFSSL_SHA512)
myCert->sigType = CTC_SHA512wRSA;
#elif defined(WOLFSSL_SHA224)
myCert->sigType = CTC_SHA224wRSA;
#elif !defined(NO_SHA)
myCert->sigType = CTC_SHAwRSA;
#else
#error "No signature type available"
#endif
XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName));
#ifdef WOLFSSL_CERT_EXT
/* add Policies */
XSTRNCPY(myCert->certPolicies[0], "2.4.589440.587.101.2.1.9632587.1",
CTC_MAX_CERTPOL_SZ);
XSTRNCPY(myCert->certPolicies[1], "1.2.13025.489.1.113549",
CTC_MAX_CERTPOL_SZ);
myCert->certPoliciesNb = 2;
/* add SKID from the Public Key */
ret = wc_SetSubjectKeyIdFromPublicKey(myCert, NULL, caEccKeyPub);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
/* add AKID from the CA certificate */
#if defined(USE_CERT_BUFFERS_2048)
ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_2048,
sizeof_ca_cert_der_2048);
#elif defined(USE_CERT_BUFFERS_1024)
ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_1024,
sizeof_ca_cert_der_1024);
#else
ret = wc_SetAuthKeyId(myCert, rsaCaCertFile);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
/* add Key Usage */
ret = wc_SetKeyUsage(myCert, certKeyUsage);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
#endif /* WOLFSSL_CERT_EXT */
#if defined(USE_CERT_BUFFERS_2048)
ret = wc_SetIssuerBuffer(myCert, ca_cert_der_2048,
sizeof_ca_cert_der_2048);
#elif defined(USE_CERT_BUFFERS_1024)
ret = wc_SetIssuerBuffer(myCert, ca_cert_der_1024,
sizeof_ca_cert_der_1024);
#else
ret = wc_SetIssuer(myCert, rsaCaCertFile);
#endif
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
certSz = wc_MakeCert(myCert, der, FOURK_BUF, NULL, caEccKeyPub, rng);
if (certSz < 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(certSz), exit_rsa);
}
ret = 0;
WC_TEST_RSA_ASYNC_DO(&caEccKey->asyncDev,
wc_SignCert(myCert->bodySz, myCert->sigType, der,
FOURK_BUF, caKey, NULL, rng));
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
certSz = (int)ret;
#ifdef WOLFSSL_TEST_CERT
InitDecodedCert(decode, der, certSz, 0);
ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0);
if (ret != 0) {
FreeDecodedCert(decode);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
}
FreeDecodedCert(decode);
#endif
ret = SaveDerAndPem(der, certSz, certEccRsaDerFile, certEccRsaPemFile,
CERT_TYPE);
if (ret != 0) {
goto exit_rsa;
}
exit_rsa:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (caKey != NULL) {
wc_FreeRsaKey(caKey);
XFREE(caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
if (caEccKey != NULL) {
wc_ecc_free(caEccKey);
XFREE(caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
if (caEccKeyPub != NULL) {
wc_ecc_free(caEccKeyPub);
XFREE(caEccKeyPub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#ifdef WOLFSSL_TEST_CERT
XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#else
wc_FreeRsaKey(caKey);
wc_ecc_free(caEccKey);
wc_ecc_free(caEccKeyPub);
#endif
XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
myCert = NULL;
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
der = NULL;
if (ret >= 0)
ret = 0;
return ret;
}
#endif /* !NO_RSA && HAVE_ECC && WOLFSSL_CERT_GEN */
#if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
!defined(WOLFSSL_MICROCHIP_TA100)
static wc_test_ret_t rsa_keygen_test(WC_RNG* rng)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
RsaKey *genKey = (RsaKey *)XMALLOC(sizeof *genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
RsaKey genKey[1];
#endif
wc_test_ret_t ret;
#ifndef WOLFSSL_NO_MALLOC
byte* der = NULL;
#else
byte der[1280];
#endif
#if !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050) && \
!defined(WOLFSSL_MICROCHIP)
word32 idx = 0;
#endif
#if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FIPS) && \
(defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024))
int keySz = 1024;
#else
int keySz = 2048;
#endif
#if !defined(WC_TEST_SKIP_RSA_PRIVATE_EXPORT) && !defined(WOLFSSL_MICROCHIP)
int derSz = 0;
#endif
#if defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLFSSL_SWDEV)
if (devId == INVALID_DEVID) {
/* must call keygen with devId */
return 0;
}
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (! genKey)
ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit_rsa);
#endif
XMEMSET(genKey, 0, sizeof *genKey);
ret = test_RsaInit(genKey, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
#ifdef HAVE_FIPS
for (;;) {
#endif
ret = wc_MakeRsaKey(genKey, keySz, WC_RSA_EXPONENT, rng);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &genKey->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
#ifdef HAVE_FIPS
if (ret == WC_NO_ERR_TRACE(PRIME_GEN_E))
continue;
break;
}
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
TEST_SLEEP();
#ifdef WOLFSSL_RSA_KEY_CHECK
ret = wc_CheckRsaKey(genKey);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
#endif
#if !defined(WC_TEST_SKIP_RSA_PRIVATE_EXPORT) && !defined(WOLFSSL_MICROCHIP)
#ifndef WOLFSSL_NO_MALLOC
der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (der == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
}
derSz = FOURK_BUF;
#else
derSz = sizeof(der);
#endif
derSz = wc_RsaKeyToDer(genKey, der, derSz);
if (derSz < 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(derSz), exit_rsa);
}
ret = SaveDerAndPem(der, derSz, keyDerFile, keyPemFile,
PRIVATEKEY_TYPE);
if (ret != 0) {
goto exit_rsa;
}
wc_FreeRsaKey(genKey);
ret = wc_InitRsaKey(genKey, HEAP_HINT);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
#if !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050) && \
!defined(WOLFSSL_MICROCHIP)
idx = 0;
/* The private key part of key pairs generated inside a secure element
* (CryptoCell, SE050, Microchip) stays in hardware and isn't available to
* wc_RsaKeyToDer, so the exported DER can't be parsed back as a
* complete RSAPrivateKey. */
ret = wc_RsaPrivateKeyDecode(der, &idx, genKey, (word32)derSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
#endif /* !WOLFSSL_CRYPTOCELL && !WOLFSSL_SE050 && !WOLFSSL_MICROCHIP */
#endif /* !WC_TEST_SKIP_RSA_PRIVATE_EXPORT && !WOLFSSL_MICROCHIP */
exit_rsa:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (genKey) {
wc_FreeRsaKey(genKey);
XFREE(genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#else
wc_FreeRsaKey(genKey);
#endif
#ifndef WOLFSSL_NO_MALLOC
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
der = NULL;
#endif
return ret;
}
#endif
#ifndef WOLFSSL_RSA_VERIFY_ONLY
#if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG) && \
(!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) \
&& (!defined(WOLF_CRYPTO_CB_ONLY_RSA) || defined(WOLFSSL_SWDEV))
static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
{
wc_test_ret_t ret = 0;
word32 idx = 0;
const char inStr[] = TEST_STRING;
const word32 inLen = (word32)TEST_STRING_SZ;
const word32 outSz = RSA_TEST_BYTES;
const word32 plainSz = RSA_TEST_BYTES;
byte* res = NULL;
WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT);
WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
WC_DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT);
WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
WC_ALLOC_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
if (in == NULL || out == NULL || plain == NULL)
ERROR_OUT(MEMORY_E, exit_rsa);
#endif
XMEMCPY(in, inStr, inLen);
#ifndef NO_SHA
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0));
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
TEST_SLEEP();
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
idx = (word32)ret;
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0));
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
if (XMEMCMP(plain, in, inLen)) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
}
TEST_SLEEP();
#endif /* NO_SHA */
#endif
#ifndef NO_SHA256
XMEMSET(plain, 0, plainSz);
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0));
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
TEST_SLEEP();
idx = (word32)ret;
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0));
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
if (XMEMCMP(plain, in, inLen)) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
}
TEST_SLEEP();
#endif /* WOLFSSL_RSA_PUBLIC_ONLY */
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_RsaPrivateDecryptInline_ex(out, idx, &res, key,
WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0));
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
if (ret != (int)inLen) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
}
if (XMEMCMP(res, in, inLen)) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
}
TEST_SLEEP();
#endif /* WOLFSSL_RSA_PUBLIC_ONLY */
/* check fails if not using the same optional label */
XMEMSET(plain, 0, plainSz);
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0));
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
TEST_SLEEP();
/* TODO: investigate why Cavium Nitrox doesn't detect decrypt error here */
#if !defined(HAVE_CAVIUM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050)
/* label is unused in cryptocell and SE050 so it won't detect decrypt error
* due to label */
idx = (word32)ret;
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen));
if (ret > 0) { /* in this case decrypt should fail */
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
}
ret = 0;
TEST_SLEEP();
#endif /* !HAVE_CAVIUM */
/* check using optional label with encrypt/decrypt */
XMEMSET(plain, 0, plainSz);
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen));
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
TEST_SLEEP();
idx = (word32)ret;
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen));
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
if (XMEMCMP(plain, in, inLen)) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
}
TEST_SLEEP();
#endif /* WOLFSSL_RSA_PUBLIC_ONLY */
#ifndef NO_SHA
/* check fail using mismatch hash algorithms */
XMEMSET(plain, 0, plainSz);
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, in, inLen));
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
TEST_SLEEP();
/* TODO: investigate why Cavium Nitrox doesn't detect decrypt error here */
#if !defined(HAVE_CAVIUM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050)
idx = (word32)ret;
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256,
in, inLen));
if (ret > 0) { /* should fail */
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
}
ret = 0;
TEST_SLEEP();
#endif /* !HAVE_CAVIUM */
#endif /* NO_SHA */
#endif /* NO_SHA256 */
#ifdef WOLFSSL_SHA512
/* Check valid RSA key size is used while using hash length of SHA512
If key size is less than (hash length * 2) + 2 then is invalid use
and test, since OAEP padding requires this.
BAD_FUNC_ARG is returned when this case is not met */
if (wc_RsaEncryptSize(key) > ((int)WC_SHA512_DIGEST_SIZE * 2) + 2) {
XMEMSET(plain, 0, plainSz);
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0));
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
TEST_SLEEP();
idx = (word32)ret;
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0));
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
if (XMEMCMP(plain, in, inLen)) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
}
TEST_SLEEP();
#endif /* WOLFSSL_RSA_PUBLIC_ONLY */
}
#endif /* WOLFSSL_SHA512 */
/* check using pkcsv15 padding with _ex API */
XMEMSET(plain, 0, plainSz);
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, 0, NULL, 0));
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
TEST_SLEEP();
idx = (word32)ret;
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, 0, NULL, 0));
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
if (XMEMCMP(plain, in, inLen)) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
}
TEST_SLEEP();
#endif /* WOLFSSL_RSA_PUBLIC_ONLY */
exit_rsa:
WC_FREE_VAR(in, HEAP_HINT);
WC_FREE_VAR(out, HEAP_HINT);
WC_FREE_VAR(plain, HEAP_HINT);
(void)idx;
(void)inStr;
(void)res;
if (ret >= 0)
ret = 0;
return ret;
}
#endif
#endif
static wc_test_ret_t rsa_pkcs1_test(RsaKey* key, WC_RNG* rng,
const byte* in, word32 inLen, byte* out, word32 outSz,
byte* plain, word32 plainSz, const byte* tmp, word32 bytes)
{
wc_test_ret_t ret = 0;
byte* res = NULL;
word32 idx = 0;
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
!defined(WC_NO_RNG) && (!defined(WOLF_CRYPTO_CB_ONLY_RSA) || defined(WOLFSSL_SWDEV))
/* Reload the key so the public-encrypt below is the first operation
* against it. Exercises backends that distinguish public-only material
* from full-keypair bindings: a public-encrypt on a freshly-loaded key
* must not prevent the subsequent private-decrypt from using the private
* key material the caller originally provided. */
#ifndef NO_ASN
wc_FreeRsaKey(key);
ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pkcs1);
idx = 0;
ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pkcs1);
#endif
#ifndef WOLFSSL_MICROCHIP_TA100
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_RsaPublicEncrypt(in, inLen, out, outSz, key, rng));
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pkcs1);
TEST_SLEEP();
#endif /* !WOLFSSL_MICROCHIP_TA100 */
#ifdef WC_RSA_BLINDING
{
wc_test_ret_t tmpret = ret;
ret = wc_RsaSetRNG(key, rng);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pkcs1);
ret = tmpret;
}
#endif
idx = (word32)ret; /* save off encrypted length */
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_RsaPrivateDecrypt(out, idx, plain, plainSz, key));
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pkcs1);
if (XMEMCMP(plain, in, inLen)) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_pkcs1);
}
TEST_SLEEP();
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_RsaPrivateDecryptInline(out, idx, &res, key));
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pkcs1);
if (ret != (int)inLen) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_pkcs1);
}
if (XMEMCMP(res, in, inLen)) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_pkcs1);
}
TEST_SLEEP();
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_RsaSSL_Sign(in, inLen, out, outSz, key, rng));
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pkcs1);
TEST_SLEEP();
#elif defined(WOLFSSL_PUBLIC_MP)
{
static const byte signature_2048[] = {
0x07, 0x6f, 0xc9, 0x85, 0x73, 0x9e, 0x21, 0x79,
0x47, 0xf1, 0xa3, 0xd7, 0xf4, 0x27, 0x29, 0xbe,
0x99, 0x5d, 0xac, 0xb2, 0x10, 0x3f, 0x95, 0xda,
0x89, 0x23, 0xb8, 0x96, 0x13, 0x57, 0x72, 0x30,
0xa1, 0xfe, 0x5a, 0x68, 0x9c, 0x99, 0x9d, 0x1e,
0x05, 0xa4, 0x80, 0xb0, 0xbb, 0xd9, 0xd9, 0xa1,
0x69, 0x97, 0x74, 0xb3, 0x41, 0x21, 0x3b, 0x47,
0xf5, 0x51, 0xb1, 0xfb, 0xc7, 0xaa, 0xcc, 0xdc,
0xcd, 0x76, 0xa0, 0x28, 0x4d, 0x27, 0x14, 0xa4,
0xb9, 0x41, 0x68, 0x7c, 0xb3, 0x66, 0xe6, 0x6f,
0x40, 0x76, 0xe4, 0x12, 0xfd, 0xae, 0x29, 0xb5,
0x63, 0x60, 0x87, 0xce, 0x49, 0x6b, 0xf3, 0x05,
0x9a, 0x14, 0xb5, 0xcc, 0xcd, 0xf7, 0x30, 0x95,
0xd2, 0x72, 0x52, 0x1d, 0x5b, 0x7e, 0xef, 0x4a,
0x02, 0x96, 0x21, 0x6c, 0x55, 0xa5, 0x15, 0xb1,
0x57, 0x63, 0x2c, 0xa3, 0x8e, 0x9d, 0x3d, 0x45,
0xcc, 0xb8, 0xe6, 0xa1, 0xc8, 0x59, 0xcd, 0xf5,
0xdc, 0x0a, 0x51, 0xb6, 0x9d, 0xfb, 0xf4, 0x6b,
0xfd, 0x32, 0x71, 0x6e, 0xcf, 0xcb, 0xb3, 0xd9,
0xe0, 0x4a, 0x77, 0x34, 0xd6, 0x61, 0xf5, 0x7c,
0xf9, 0xa9, 0xa4, 0xb0, 0x8e, 0x3b, 0xd6, 0x04,
0xe0, 0xde, 0x2b, 0x5b, 0x5a, 0xbf, 0xd9, 0xef,
0x8d, 0xa3, 0xf5, 0xb1, 0x67, 0xf3, 0xb9, 0x72,
0x0a, 0x37, 0x12, 0x35, 0x6c, 0x8e, 0x10, 0x8b,
0x38, 0x06, 0x16, 0x4b, 0x20, 0x20, 0x13, 0x00,
0x2e, 0x6d, 0xc2, 0x59, 0x23, 0x67, 0x4a, 0x6d,
0xa1, 0x46, 0x8b, 0xee, 0xcf, 0x44, 0xb4, 0x3e,
0x56, 0x75, 0x00, 0x68, 0xb5, 0x7d, 0x0f, 0x20,
0x79, 0x5d, 0x7f, 0x12, 0x15, 0x32, 0x89, 0x61,
0x6b, 0x29, 0xb7, 0x52, 0xf5, 0x25, 0xd8, 0x98,
0xe8, 0x6f, 0xf9, 0x22, 0xb4, 0xbb, 0xe5, 0xff,
0xd0, 0x92, 0x86, 0x9a, 0x88, 0xa2, 0xaf, 0x6b
};
ret = sizeof(signature_2048);
XMEMCPY(out, signature_2048, ret);
}
#endif
#if !defined(WC_NO_RNG) && !defined(WC_NO_RSA_OAEP) && \
!defined(WOLFSSL_RSA_VERIFY_ONLY) && defined(WOLFSSL_PUBLIC_MP) && \
(!defined(WOLF_CRYPTO_CB_ONLY_RSA) || defined(WOLFSSL_SWDEV))
idx = (word32)ret;
XMEMSET(plain, 0, plainSz);
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret >= 0) {
#ifndef WOLFSSL_RSA_VERIFY_INLINE
#if defined(WOLFSSL_CRYPTOCELL)
/*
Cryptocell requires the input data and signature byte array to verify.
first argument must be the input data
second argument must be the length of input data
third argument must be the signature byte array or the output from
wc_RsaSSL_Sign()
fourth argument must be the length of the signature byte array
*/
ret = wc_RsaSSL_Verify(in, inLen, out, outSz, key);
#else
ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, key);
#endif /* WOLFSSL_CRYPTOCELL */
#else
byte* dec = NULL;
ret = wc_RsaSSL_VerifyInline(out, idx, &dec, key);
if (ret > 0) {
XMEMCPY(plain, dec, ret);
}
#endif
}
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pkcs1);
if (XMEMCMP(plain, in, (size_t)ret)) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_pkcs1);
}
TEST_SLEEP();
#endif
#if (!defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
!defined(WC_NO_RNG) && \
(!defined(WOLF_CRYPTO_CB_ONLY_RSA) || defined(WOLFSSL_SWDEV))) || \
(!defined(WC_NO_RNG) && !defined(WC_NO_RSA_OAEP) && \
!defined(WOLFSSL_RSA_VERIFY_ONLY) && defined(WOLFSSL_PUBLIC_MP) && \
(!defined(WOLF_CRYPTO_CB_ONLY_RSA) || defined(WOLFSSL_SWDEV)))
exit_rsa_pkcs1:
#endif
(void)res;
(void)idx;
(void)tmp;
(void)bytes;
(void)key;
(void)rng;
(void)in;
(void)inLen;
(void)out;
(void)outSz;
(void)plain;
(void)plainSz;
if (ret >= 0)
ret = 0;
return ret;
}
#ifdef WOLFSSL_TEST_CERT
static wc_test_ret_t rsa_cert_parse_test(const byte* tmp)
{
wc_test_ret_t ret = 0;
size_t bytes;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
DecodedCert *cert = (DecodedCert *)XMALLOC(sizeof *cert, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
#else
DecodedCert cert[1];
#endif
#ifndef NO_ASN_TIME
struct tm timearg;
const byte* date;
byte dateFormat;
int dateLength;
#endif
#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
!defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \
!defined(NO_FILESYSTEM)
XFILE file2;
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (cert == NULL)
return WC_TEST_RET_ENC_EC(MEMORY_E);
#endif
#ifdef USE_CERT_BUFFERS_1024
XMEMCPY((byte*)tmp, client_cert_der_1024, (size_t)sizeof_client_cert_der_1024);
bytes = (size_t)sizeof_client_cert_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
XMEMCPY((byte*)tmp, client_cert_der_2048, (size_t)sizeof_client_cert_der_2048);
bytes = (size_t)sizeof_client_cert_der_2048;
#elif defined(USE_CERT_BUFFERS_3072)
XMEMCPY((byte*)tmp, client_cert_der_3072, (size_t)sizeof_client_cert_der_3072);
bytes = (size_t)sizeof_client_cert_der_3072;
#elif defined(USE_CERT_BUFFERS_4096)
XMEMCPY((byte*)tmp, client_cert_der_4096, (size_t)sizeof_client_cert_der_4096);
bytes = (size_t)sizeof_client_cert_der_4096;
#elif !defined(NO_FILESYSTEM)
file2 = XFOPEN(clientCert, "rb");
if (!file2) {
ret = WC_TEST_RET_ENC_ERRNO;
goto exit_rsa_cert_parse;
}
bytes = XFREAD((byte*)tmp, 1, FOURK_BUF, file2);
XFCLOSE(file2);
if (bytes == 0) {
ret = WC_TEST_RET_ENC_ERRNO;
goto exit_rsa_cert_parse;
}
#else
/* No certificate to use. */
ret = WC_TEST_RET_ENC_NC;
goto exit_rsa_cert_parse;
#endif
InitDecodedCert(cert, tmp, (word32)bytes, NULL);
ret = ParseCert(cert, CERT_TYPE, NO_VERIFY, NULL);
if (ret != 0) {
FreeDecodedCert(cert);
ret = WC_TEST_RET_ENC_EC(ret);
goto exit_rsa_cert_parse;
}
#ifndef NO_ASN_TIME
ret = wc_GetDateInfo(cert->afterDate, cert->afterDateLen, &date,
&dateFormat, &dateLength);
if (ret != 0) {
FreeDecodedCert(cert);
ret = WC_TEST_RET_ENC_EC(ret);
goto exit_rsa_cert_parse;
}
ret = wc_GetDateAsCalendarTime(date, dateLength, dateFormat, &timearg);
if (ret != 0) {
FreeDecodedCert(cert);
ret = WC_TEST_RET_ENC_EC(ret);
goto exit_rsa_cert_parse;
}
#endif
FreeDecodedCert(cert);
exit_rsa_cert_parse:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
#endif /* WOLFSSL_TEST_CERT */
#ifdef WOLFSSL_CERT_EXT
static wc_test_ret_t rsa_pub_key_decode_test(RsaKey* keypub,
const byte* tmp)
{
wc_test_ret_t ret = 0;
word32 idx = 0;
size_t bytes;
#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
!defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \
!defined(NO_FILESYSTEM)
XFILE file;
#endif
#ifdef USE_CERT_BUFFERS_1024
XMEMCPY((byte*)tmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
bytes = sizeof_client_keypub_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
XMEMCPY((byte*)tmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
bytes = sizeof_client_keypub_der_2048;
#elif defined(USE_CERT_BUFFERS_3072)
XMEMCPY((byte*)tmp, client_keypub_der_3072, sizeof_client_keypub_der_3072);
bytes = sizeof_client_keypub_der_3072;
#elif defined(USE_CERT_BUFFERS_4096)
XMEMCPY((byte*)tmp, client_keypub_der_4096, sizeof_client_keypub_der_4096);
bytes = sizeof_client_keypub_der_4096;
#else
file = XFOPEN(clientKeyPub, "rb");
if (!file) {
err_sys("can't open ./certs/client-keyPub.der, "
"Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO);
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa_pub_key_decode);
}
bytes = XFREAD((byte*)tmp, 1, FOURK_BUF, file);
XFCLOSE(file);
if (bytes == 0)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa_pub_key_decode);
#endif /* USE_CERT_BUFFERS */
ret = wc_InitRsaKey(keypub, HEAP_HINT);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pub_key_decode);
idx = 0;
ret = wc_RsaPublicKeyDecode(tmp, &idx, keypub, (word32)bytes);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pub_key_decode);
exit_rsa_pub_key_decode:
(void)idx;
(void)bytes;
return ret;
}
#endif /* WOLFSSL_CERT_EXT */
#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && \
!defined(WOLFSSL_NO_MALLOC) && defined(WOLFSSL_CERT_REQ) && \
!defined(WOLFSSL_NO_MALLOC)
static wc_test_ret_t rsa_certreq_test(RsaKey* key, RsaKey* keypub,
WC_RNG* rng)
{
wc_test_ret_t ret = 0;
int derSz;
Cert* req = NULL;
byte* der = NULL;
req = (Cert *)XMALLOC(sizeof *req, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (! req)
ERROR_OUT(MEMORY_E, exit_rsa_certreq);
der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (der == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa_certreq);
}
ret = wc_InitCert_ex(req, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_certreq);
req->version = 0;
req->isCA = 1;
XSTRNCPY(req->challengePw, "wolf123", CTC_NAME_SIZE);
XMEMCPY(&req->subject, &certDefaultName, sizeof(CertName));
#ifndef NO_SHA256
req->sigType = CTC_SHA256wRSA;
#elif defined(WOLFSSL_SHA384)
req->sigType = CTC_SHA384wRSA;
#elif defined(WOLFSSL_SHA512)
req->sigType = CTC_SHA512wRSA;
#elif defined(WOLFSSL_SHA224)
req->sigType = CTC_SHA224wRSA;
#elif !defined(NO_SHA)
req->sigType = CTC_SHAwRSA;
#else
#error "No signature type available"
#endif
#ifdef WOLFSSL_CERT_EXT
/* add SKID from the Public Key */
ret = wc_SetSubjectKeyIdFromPublicKey(req, keypub, NULL);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_certreq);
/* add Key Usage */
ret = wc_SetKeyUsage(req, certKeyUsage2);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_certreq);
/* add Extended Key Usage */
ret = wc_SetExtKeyUsage(req,
"serverAuth,clientAuth,codeSigning,"
"emailProtection,timeStamping,OCSPSigning");
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_certreq);
#ifdef WOLFSSL_EKU_OID
{
WOLFSSL_SMALL_STACK_STATIC const char unique[] =
"2.16.840.1.111111.100.1.10.1";
ret = wc_SetExtKeyUsageOID(req, unique, sizeof(unique), 0,
HEAP_HINT);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_certreq);
}
#endif /* WOLFSSL_EKU_OID */
#endif /* WOLFSSL_CERT_EXT */
derSz = wc_MakeCertReq(req, der, FOURK_BUF, key, NULL);
if (derSz < 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(derSz), exit_rsa_certreq);
}
#ifdef WOLFSSL_CERT_EXT
/* Try again with "any" flag set, will override all others */
ret = wc_SetExtKeyUsage(req, "any");
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_certreq);
derSz = wc_MakeCertReq(req, der, FOURK_BUF, key, NULL);
if (derSz < 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(derSz), exit_rsa_certreq);
}
#endif /* WOLFSSL_CERT_EXT */
ret = 0;
WC_TEST_RSA_ASYNC_DO(&key->asyncDev,
wc_SignCert(req->bodySz, req->sigType, der, FOURK_BUF,
key, NULL, rng));
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_certreq);
derSz = (int)ret;
ret = SaveDerAndPem(der, derSz, certReqDerFile, certReqPemFile,
CERTREQ_TYPE);
if (ret != 0) {
goto exit_rsa_certreq;
}
derSz = wc_MakeCertReq_ex(req, der, FOURK_BUF, RSA_TYPE, key);
if (derSz < 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(derSz), exit_rsa_certreq);
}
/* Test getting the size of the buffer without providing the buffer.
* derSz is set to the "largest buffer" we are willing to allocate. */
derSz = wc_MakeCertReq(req, NULL, 10000, key, NULL);
if (derSz < 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(derSz), exit_rsa_certreq);
}
exit_rsa_certreq:
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(req, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (ret >= 0)
ret = 0;
(void)keypub;
return ret;
}
#endif /* WOLFSSL_CERT_GEN && !NO_ASN_TIME && !WOLFSSL_NO_MALLOC &&
* WOLFSSL_CERT_REQ && !WOLFSSL_NO_MALLOC */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
{
wc_test_ret_t ret;
size_t bytes = 0;
WC_RNG rng;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
byte* tmp = NULL;
RsaKey *key = NULL;
#else
RsaKey key[1];
byte tmp[FOURK_BUF];
#endif
#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
RsaKey *keypub = NULL;
#else
RsaKey keypub[1];
#endif
#endif
word32 idx = 0;
const char inStr[] = TEST_STRING;
const word32 inLen = (word32)TEST_STRING_SZ;
const word32 outSz = RSA_TEST_BYTES;
const word32 plainSz = RSA_TEST_BYTES;
#ifndef NO_SIG_WRAPPER
int modLen;
#endif
#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
!defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \
!defined(NO_FILESYSTEM)
XFILE file;
#endif
WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT);
WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
WC_DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT);
WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
WC_ALLOC_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
WOLFSSL_ENTER("rsa_test");
#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
if (in == NULL || out == NULL || plain == NULL)
ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit_rsa);
#endif
XMEMCPY(in, inStr, inLen);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_RSA_PRIV_ID)
key = wc_NewRsaKey_Id(testRsaPrivId, testRsaPrivIdLen, HEAP_HINT, devId,
&ret);
#else
key = wc_NewRsaKey(HEAP_HINT, devId, &ret);
#endif
if (key == NULL)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_RSA_PUB_ID)
keypub = wc_NewRsaKey_Id(testRsaPubId, testRsaPubIdLen, HEAP_HINT, devId,
&ret);
#else
keypub = wc_NewRsaKey(HEAP_HINT, devId, &ret);
#endif
if (keypub == NULL)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
#endif
#else /* ! (WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC) */
ret = test_RsaInit(key, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
ret = test_RsaInit_Pub(keypub, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
#endif
#endif /* ! (WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC) */
/* initialize stack structures */
XMEMSET(&rng, 0, sizeof(rng));
#if !defined(NO_ASN) && !defined(WC_TEST_SKIP_RSA_PRIVATE_EXPORT)
ret = rsa_decode_test(key);
if (ret != 0)
ERROR_OUT(ret, exit_rsa);
#endif
#ifdef USE_CERT_BUFFERS_1024
bytes = (size_t)sizeof_client_key_der_1024;
if (bytes < (size_t)sizeof_client_cert_der_1024)
bytes = (size_t)sizeof_client_cert_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
bytes = (size_t)sizeof_client_key_der_2048;
if (bytes < (size_t)sizeof_client_cert_der_2048)
bytes = (size_t)sizeof_client_cert_der_2048;
#elif defined(USE_CERT_BUFFERS_3072)
bytes = (size_t)sizeof_client_key_der_3072;
if (bytes < (size_t)sizeof_client_cert_der_3072)
bytes = (size_t)sizeof_client_cert_der_3072;
#elif defined(USE_CERT_BUFFERS_4096)
bytes = (size_t)sizeof_client_key_der_4096;
if (bytes < (size_t)sizeof_client_cert_der_4096)
bytes = (size_t)sizeof_client_cert_der_4096;
#else
bytes = FOURK_BUF;
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
#endif
#ifdef USE_CERT_BUFFERS_1024
XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024);
#elif defined(USE_CERT_BUFFERS_2048)
XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
#elif defined(USE_CERT_BUFFERS_3072)
XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072);
#elif defined(USE_CERT_BUFFERS_4096)
XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096);
#elif !defined(NO_FILESYSTEM)
file = XFOPEN(clientKey, "rb");
if (!file) {
err_sys("can't open ./certs/client-key.der, "
"Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO);
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
}
bytes = XFREAD(tmp, 1, FOURK_BUF, file);
XFCLOSE(file);
if (bytes == 0)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
#else
/* No key to use. */
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
#endif /* USE_CERT_BUFFERS */
ret = test_RsaInit(key, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
#ifndef NO_ASN
ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
#ifndef NO_SIG_WRAPPER
modLen = wc_RsaEncryptSize(key);
#endif
#else
#ifdef USE_CERT_BUFFERS_2048
ret = mp_read_unsigned_bin(&key->n, &tmp[12], 256);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
ret = mp_set_int(&key->e, WC_RSA_EXPONENT);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
#ifndef NO_SIG_WRAPPER
modLen = 2048;
#endif
#else
#error Not supported yet!
#endif
#endif
#ifndef WC_NO_RNG
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
ret = wc_InitRng(&rng);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
#endif
#if defined(WOLFSSL_KEY_GEN) && defined(WOLFSSL_MICROCHIP_TA100)
/* Use TA100-generated key handles for RSA HW tests. */
wc_FreeRsaKey(key);
ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
ret = wc_MakeRsaKey(key, 2048, WC_RSA_EXPONENT, &rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
#ifndef NO_SIG_WRAPPER
modLen = wc_RsaEncryptSize(key);
#if defined(WOLFSSL_MICROCHIP_TA100)
if (modLen <= 0 && (key->rKeyH != 0 || key->uKeyH != 0)) {
modLen = 256;
}
#endif
#endif
#ifdef WOLFSSL_MICROCHIP_TA100
/* TA100 RSA tests are limited to PSS verify/sign with HW keys. */
goto ta100_rsa_pss_only;
#endif
#endif /* WOLFSSL_KEY_GEN && WOLFSSL_MICROCHIP_TA100 */
#ifndef NO_SIG_WRAPPER
#ifndef NO_SHA256
#if !defined(WOLFSSL_MICROCHIP_TA100)
ret = rsa_sig_test(key, sizeof *key, modLen, &rng);
if (ret != 0)
goto exit_rsa;
#else
(void)modLen;
#endif /* !WOLFSSL_MICROCHIP_TA100 */
#else /* NO_SHA256 */
(void)modLen;
#endif /* NO_SHA256 */
#endif /* !NO_SIG_WRAPPER */
#ifdef WC_RSA_NONBLOCK
ret = rsa_nb_test(key, in, inLen, out, outSz, plain, plainSz, &rng);
if (ret != 0)
goto exit_rsa;
#endif
ret = rsa_pkcs1_test(key, &rng, in, inLen, out, outSz, plain, plainSz,
tmp, (word32)bytes);
if (ret != 0)
goto exit_rsa;
#ifndef WOLFSSL_RSA_VERIFY_ONLY
#if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG)
#if (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) \
&& (!defined(WOLF_CRYPTO_CB_ONLY_RSA) || defined(WOLFSSL_SWDEV))
ret = rsa_oaep_padding_test(key, &rng);
if (ret != 0)
goto exit_rsa;
#endif /* !HAVE_FIPS */
#endif /* WC_NO_RSA_OAEP && !WC_NO_RNG */
#endif /* WOLFSSL_RSA_VERIFY_ONLY */
#if !defined(HAVE_FIPS) && !defined(NO_ASN) \
&& !defined(WOLFSSL_RSA_VERIFY_ONLY) \
&& !defined(WC_TEST_SKIP_RSA_PRIVATE_EXPORT)
ret = rsa_export_key_test(key);
if (ret != 0)
goto exit_rsa;
#endif
#if !defined(NO_ASN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
!defined(WOLFSSL_RSA_VERIFY_ONLY)
ret = rsa_flatten_test(key);
if (ret != 0)
goto exit_rsa;
#endif
#if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_ASN) && \
!defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
!defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
(void)clientCert;
#endif
#ifdef WOLFSSL_TEST_CERT
ret = rsa_cert_parse_test(tmp);
if (ret != 0)
goto exit_rsa;
#endif /* WOLFSSL_TEST_CERT */
#ifdef WOLFSSL_CERT_EXT
ret = rsa_pub_key_decode_test(keypub, tmp);
if (ret != 0)
goto exit_rsa;
#endif /* WOLFSSL_CERT_EXT */
#if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
!defined(WOLFSSL_MICROCHIP_TA100)
ret = rsa_keygen_test(&rng);
if (ret != 0)
goto exit_rsa;
#endif
#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && \
!defined(WOLFSSL_NO_MALLOC)
/* Make Cert / Sign example for RSA cert and RSA CA */
ret = rsa_certgen_test(key, keypub, &rng, tmp);
if (ret != 0)
goto exit_rsa;
#if !defined(NO_RSA) && defined(HAVE_ECC) && !defined(NO_ECC_SECP)
ret = rsa_ecc_certgen_test(&rng, tmp);
if (ret != 0)
goto exit_rsa;
#endif
#if defined(WOLFSSL_CERT_REQ) && !defined(WOLFSSL_NO_MALLOC)
ret = rsa_certreq_test(key, keypub, &rng);
if (ret != 0)
goto exit_rsa;
#endif /* WOLFSSL_CERT_REQ */
#endif /* WOLFSSL_CERT_GEN */
#ifdef WOLFSSL_MICROCHIP_TA100
ta100_rsa_pss_only:
#endif
#if defined(WC_RSA_PSS) && \
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,0)) && \
!defined(WC_NO_RNG)
/* Need to create known good signatures to test with this. */
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
(!defined(WOLF_CRYPTO_CB_ONLY_RSA) || defined(WOLFSSL_SWDEV))
ret = rsa_pss_test(&rng, key);
if (ret != 0)
goto exit_rsa;
#endif
#endif
#if defined(WOLFSSL_HAVE_SP_RSA) && defined(USE_FAST_MATH)
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
/* New key to be loaded in rsa_even_mod_test(). */
if (key != NULL)
#endif
wc_FreeRsaKey(key);
/* New key to be loaded in rsa_even_mod_test(). */
ret = rsa_even_mod_test(&rng, key);
#endif
exit_rsa:
(void)bytes;
(void)idx;
(void)in;
(void)out;
(void)plain;
(void)idx;
(void)inStr;
(void)inLen;
(void)outSz;
(void)plainSz;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
wc_DeleteRsaKey(key, &key);
#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
wc_DeleteRsaKey(keypub, &keypub);
#endif
XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
wc_FreeRsaKey(key);
#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
wc_FreeRsaKey(keypub);
#endif
#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
wc_FreeRng(&rng);
WC_FREE_VAR(in, HEAP_HINT);
WC_FREE_VAR(out, HEAP_HINT);
WC_FREE_VAR(plain, HEAP_HINT);
/* ret can be greater then 0 with certgen but all negative values should
* be returned and treated as an error */
if (ret >= 0) {
return 0;
}
else {
return ret;
}
}
#endif /* !NO_RSA */
#ifndef NO_DH
static wc_test_ret_t dh_fips_generate_test(WC_RNG *rng)
{
wc_test_ret_t ret = 0;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
DhKey *key = (DhKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
DhKey key[1];
#endif
WOLFSSL_SMALL_STACK_STATIC const byte p[] = {
0xc5, 0x7c, 0xa2, 0x4f, 0x4b, 0xd6, 0x8c, 0x3c,
0xda, 0xc7, 0xba, 0xaa, 0xea, 0x2e, 0x5c, 0x1e,
0x18, 0xb2, 0x7b, 0x8c, 0x55, 0x65, 0x9f, 0xea,
0xe0, 0xa1, 0x36, 0x53, 0x2b, 0x36, 0xe0, 0x4e,
0x3e, 0x64, 0xa9, 0xe4, 0xfc, 0x8f, 0x32, 0x62,
0x97, 0xe4, 0xbe, 0xf7, 0xc1, 0xde, 0x07, 0x5a,
0x89, 0x28, 0xf3, 0xfe, 0x4f, 0xfe, 0x68, 0xbc,
0xfb, 0x0a, 0x7c, 0xa4, 0xb3, 0x14, 0x48, 0x89,
0x9f, 0xaf, 0xb8, 0x43, 0xe2, 0xa0, 0x62, 0x5c,
0xb4, 0x88, 0x3f, 0x06, 0x50, 0x11, 0xfe, 0x65,
0x8d, 0x49, 0xd2, 0xf5, 0x4b, 0x74, 0x79, 0xdb,
0x06, 0x62, 0x92, 0x89, 0xed, 0xda, 0xcb, 0x87,
0x37, 0x16, 0xd2, 0xa1, 0x7a, 0xe8, 0xde, 0x92,
0xee, 0x3e, 0x41, 0x4a, 0x91, 0x5e, 0xed, 0xf3,
0x6c, 0x6b, 0x7e, 0xfd, 0x15, 0x92, 0x18, 0xfc,
0xa7, 0xac, 0x42, 0x85, 0x57, 0xe9, 0xdc, 0xda,
0x55, 0xc9, 0x8b, 0x28, 0x9e, 0xc1, 0xc4, 0x46,
0x4d, 0x88, 0xed, 0x62, 0x8e, 0xdb, 0x3f, 0xb9,
0xd7, 0xc8, 0xe3, 0xcf, 0xb8, 0x34, 0x2c, 0xd2,
0x6f, 0x28, 0x06, 0x41, 0xe3, 0x66, 0x8c, 0xfc,
0x72, 0xff, 0x26, 0x3b, 0x6b, 0x6c, 0x6f, 0x73,
0xde, 0xf2, 0x90, 0x29, 0xe0, 0x61, 0x32, 0xc4,
0x12, 0x74, 0x09, 0x52, 0xec, 0xf3, 0x1b, 0xa6,
0x45, 0x98, 0xac, 0xf9, 0x1c, 0x65, 0x8e, 0x3a,
0x91, 0x84, 0x4b, 0x23, 0x8a, 0xb2, 0x3c, 0xc9,
0xfa, 0xea, 0xf1, 0x38, 0xce, 0xd8, 0x05, 0xe0,
0xfa, 0x44, 0x68, 0x1f, 0xeb, 0xd9, 0x57, 0xb8,
0x4a, 0x97, 0x5b, 0x88, 0xc5, 0xf1, 0xbb, 0xb0,
0x49, 0xc3, 0x91, 0x7c, 0xd3, 0x13, 0xb9, 0x47,
0xbb, 0x91, 0x8f, 0xe5, 0x26, 0x07, 0xab, 0xa9,
0xc5, 0xd0, 0x3d, 0x95, 0x41, 0x26, 0x92, 0x9d,
0x13, 0x67, 0xf2, 0x7e, 0x11, 0x88, 0xdc, 0x2d
};
WOLFSSL_SMALL_STACK_STATIC const byte g[] = {
0x4a, 0x1a, 0xf3, 0xa4, 0x92, 0xe9, 0xee, 0x74,
0x6e, 0x57, 0xd5, 0x8c, 0x2c, 0x5b, 0x41, 0x41,
0x5e, 0xd4, 0x55, 0x19, 0xdc, 0xd9, 0x32, 0x91,
0xf7, 0xfd, 0xc2, 0x57, 0xff, 0x03, 0x14, 0xdb,
0xf1, 0xb7, 0x60, 0x0c, 0x43, 0x59, 0x3f, 0xff,
0xac, 0xf1, 0x80, 0x9a, 0x15, 0x6f, 0xd8, 0x6e,
0xb7, 0x85, 0x18, 0xc8, 0xec, 0x4e, 0x59, 0x4a,
0xe2, 0x91, 0x43, 0x4c, 0xeb, 0x95, 0xb6, 0x2e,
0x9a, 0xea, 0x53, 0x68, 0x80, 0x64, 0x69, 0x40,
0xf9, 0xec, 0xbd, 0x85, 0x89, 0x26, 0x97, 0x67,
0xaf, 0xb0, 0xad, 0x00, 0x1b, 0xd4, 0xfd, 0x94,
0xd3, 0xe9, 0x92, 0xb1, 0xb4, 0xbc, 0x5a, 0xaa,
0x92, 0x80, 0x89, 0x3b, 0x39, 0x05, 0x6c, 0x22,
0x26, 0xfe, 0x5a, 0x28, 0x6c, 0x37, 0x50, 0x5a,
0x38, 0x99, 0xcf, 0xf3, 0xc1, 0x96, 0x45, 0xdc,
0x01, 0xcb, 0x20, 0x87, 0xa5, 0x00, 0x8c, 0xf5,
0x4d, 0xc2, 0xef, 0xb8, 0x9b, 0xd1, 0x87, 0xbe,
0xed, 0xd5, 0x0a, 0x29, 0x15, 0x34, 0x59, 0x4c,
0x3a, 0x05, 0x22, 0x05, 0x44, 0x4f, 0x9f, 0xc8,
0x47, 0x12, 0x24, 0x8e, 0xa8, 0x79, 0xe4, 0x67,
0xba, 0x4d, 0x5b, 0x75, 0x56, 0x95, 0xeb, 0xe8,
0x8a, 0xfa, 0x8e, 0x01, 0x8c, 0x1b, 0x74, 0x63,
0xd9, 0x2f, 0xf7, 0xd3, 0x44, 0x8f, 0xa8, 0xf5,
0xaf, 0x6c, 0x4f, 0xdb, 0xe7, 0xc9, 0x6c, 0x71,
0x22, 0xa3, 0x1d, 0xf1, 0x40, 0xb2, 0xe0, 0x9a,
0xb6, 0x72, 0xc9, 0xc0, 0x13, 0x16, 0xa2, 0x4a,
0xe1, 0x92, 0xc7, 0x54, 0x23, 0xab, 0x9d, 0xa1,
0xa1, 0xe5, 0x0b, 0xed, 0xba, 0xe8, 0x84, 0x37,
0xb2, 0xe7, 0xfe, 0x32, 0x8d, 0xfa, 0x1c, 0x53,
0x77, 0x97, 0xc7, 0xf3, 0x48, 0xc9, 0xdb, 0x2d,
0x75, 0x52, 0x9d, 0x42, 0x51, 0x78, 0x62, 0x68,
0x05, 0x45, 0x15, 0xf8, 0xa2, 0x4e, 0xf3, 0x0b
};
WOLFSSL_SMALL_STACK_STATIC const byte q[] = {
0xe0, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e,
0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75,
0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5,
0x40, 0x52, 0xed, 0x41
};
WOLFSSL_SMALL_STACK_STATIC const byte q0[] = {
0x00,
0xe0, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e,
0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75,
0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5,
0x40, 0x52, 0xed, 0x41
};
byte priv[256];
byte pub[256];
word32 privSz = sizeof(priv);
word32 pubSz = sizeof(pub);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (key == NULL)
ERROR_OUT(MEMORY_E, exit_gen_test);
#endif
/* Parameter Validation testing. */
ret = wc_DhGenerateKeyPair(NULL, rng, priv, &privSz, pub, &pubSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
ret = wc_DhGenerateKeyPair(key, NULL, priv, &privSz, pub, &pubSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
ret = wc_DhGenerateKeyPair(key, rng, NULL, &privSz, pub, &pubSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
ret = wc_DhGenerateKeyPair(key, rng, priv, NULL, pub, &pubSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, NULL, &pubSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
ret = wc_DhSetKey_ex(key, p, sizeof(p), g, sizeof(g), q0, sizeof(q0));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
wc_FreeDhKey(key);
ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
ret = wc_DhSetKey_ex(key, p, sizeof(p), g, sizeof(g), q, sizeof(q));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
/* Use API. */
ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
ret = wc_DhCheckPubKey_ex(key, pub, pubSz, q0, sizeof(q0));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
#if !defined(WOLFSSL_NO_DH186) && !defined(HAVE_SELFTEST) && \
!defined(HAVE_FIPS)
/* Regression: an oversized *privSz must be rejected before
* GeneratePrivateDh186 writes (*privSz + 8) bytes of RNG output into the
* stack-allocated cBuf (sized DH_MAX_SIZE + 8 in non-WOLFSSL_SMALL_STACK
* builds). The key still has q set here, so the call dispatches through
* GeneratePrivateDh186. Only exercised when the local src/dh.c bound
* check is in play (not HAVE_SELFTEST / HAVE_FIPS builds, which use
* separate validated modules). */
{
word32 hugePrivSz = (word32)DH_MAX_SIZE + 1;
word32 outPubSz = sizeof(pub);
ret = wc_DhGenerateKeyPair(key, rng, priv, &hugePrivSz, pub, &outPubSz);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
}
#endif /* !WOLFSSL_NO_DH186 && !HAVE_SELFTEST && !HAVE_FIPS */
wc_FreeDhKey(key);
ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
ret = wc_DhSetKey(key, p, sizeof(p), g, sizeof(g));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
ret = wc_DhCheckPubKey_ex(key, pub, pubSz, q, sizeof(q));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
#ifndef HAVE_SELFTEST
ret = wc_DhCheckKeyPair(key, pub, pubSz, priv, privSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
/* Taint the public key so the check fails. */
pub[0]++;
ret = wc_DhCheckKeyPair(key, pub, pubSz, priv, privSz);
if (ret != WC_NO_ERR_TRACE(MP_CMP_E)) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
}
#ifdef WOLFSSL_KEY_GEN
wc_FreeDhKey(key);
ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
ret = wc_DhGenerateParams(rng, 2048, key);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
privSz = sizeof(priv);
pubSz = sizeof(pub);
ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
#endif /* WOLFSSL_KEY_GEN */
#endif /* HAVE_SELFTEST */
ret = 0;
exit_gen_test:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (key) {
wc_FreeDhKey(key);
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#else
wc_FreeDhKey(key);
#endif
return ret;
}
static wc_test_ret_t dh_generate_test(WC_RNG *rng)
{
wc_test_ret_t ret = 0;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
DhKey *smallKey = NULL;
#else
DhKey smallKey[1];
#endif
byte p[2] = { 1, 7 }; /* 263 in decimal */
byte g[2] = { 0, 2 };
#if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FFDHE)
#ifdef WOLFSSL_DH_CONST
/* the table for constant DH lookup will round to the lowest byte size 21 */
byte priv[21];
byte pub[21];
#else
byte priv[2];
byte pub[2];
#endif
word32 privSz = sizeof(priv);
word32 pubSz = sizeof(pub);
#endif
int smallKey_inited = 0;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if ((smallKey = (DhKey *)XMALLOC(sizeof(*smallKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
return WC_TEST_RET_ENC_ERRNO;
#endif
ret = wc_InitDhKey_ex(smallKey, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
smallKey_inited = 1;
/* Parameter Validation testing. */
ret = wc_InitDhKey_ex(NULL, HEAP_HINT, devId);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
wc_FreeDhKey(NULL);
ret = wc_DhSetKey(NULL, p, sizeof(p), g, sizeof(g));
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
}
ret = wc_DhSetKey(smallKey, NULL, sizeof(p), g, sizeof(g));
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
}
ret = wc_DhSetKey(smallKey, p, 0, g, sizeof(g));
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
}
ret = wc_DhSetKey(smallKey, p, sizeof(p), NULL, sizeof(g));
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
}
ret = wc_DhSetKey(smallKey, p, sizeof(p), g, 0);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
}
ret = wc_DhSetKey(smallKey, p, sizeof(p), g, sizeof(g));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
#if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FFDHE)
/* Use API. */
ret = wc_DhGenerateKeyPair(smallKey, rng, priv, &privSz, pub, &pubSz);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &smallKey->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret);
}
#else
(void)rng;
#if defined(HAVE_FIPS) || !defined(WOLFSSL_NO_DH186)
ret = 0;
#endif
#endif
#if !defined(HAVE_FIPS) && defined(WOLFSSL_NO_DH186)
{
byte priv[260];
byte pub[260];
word32 privSz = sizeof(priv);
word32 pubSz = sizeof(pub);
/* test odd ball param generation with DH */
wc_FreeDhKey(smallKey);
ret = wc_InitDhKey_ex(smallKey, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
/* should fail since modSz is 16 and group size is 20 */
ret = wc_DhGenerateParams(rng, 128, smallKey);
if (ret == 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
ret = wc_DhGenerateParams(rng, 2056, smallKey);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
privSz = sizeof(priv);
pubSz = sizeof(pub);
ret = wc_DhGenerateKeyPair(smallKey, rng, priv, &privSz, pub, &pubSz);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &smallKey->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
}
#endif /* !HAVE_FIPS and WOLFSSL_NO_DH186 */
exit_gen_test:
if (smallKey_inited)
wc_FreeDhKey(smallKey);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(smallKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
typedef struct dh_pubvalue_test {
const byte* data;
word32 len;
} dh_pubvalue_test;
static wc_test_ret_t dh_test_check_pubvalue(void)
{
wc_test_ret_t ret;
word32 i;
WOLFSSL_SMALL_STACK_STATIC const byte prime[] = {0x01, 0x00, 0x01};
WOLFSSL_SMALL_STACK_STATIC const byte pubValZero[] = { 0x00 };
WOLFSSL_SMALL_STACK_STATIC const byte pubValZeroLong[] = { 0x00, 0x00, 0x00 };
WOLFSSL_SMALL_STACK_STATIC const byte pubValOne[] = { 0x01 };
WOLFSSL_SMALL_STACK_STATIC const byte pubValOneLong[] = { 0x00, 0x00, 0x01 };
WOLFSSL_SMALL_STACK_STATIC const byte pubValPrimeMinusOne[] = { 0x01, 0x00, 0x00 };
WOLFSSL_SMALL_STACK_STATIC const byte pubValPrimeLong[] = {0x00, 0x01, 0x00, 0x01};
WOLFSSL_SMALL_STACK_STATIC const byte pubValPrimePlusOne[] = { 0x01, 0x00, 0x02 };
WOLFSSL_SMALL_STACK_STATIC const byte pubValTooBig0[] = { 0x02, 0x00, 0x01 };
WOLFSSL_SMALL_STACK_STATIC const byte pubValTooBig1[] = { 0x01, 0x01, 0x01 };
WOLFSSL_SMALL_STACK_STATIC const byte pubValTooLong[] = { 0x01, 0x00, 0x00, 0x01 };
WOLFSSL_SMALL_STACK_STATIC const byte pubValTwo[] = { 0x02 };
WOLFSSL_SMALL_STACK_STATIC const byte pubValTwoLong[] = { 0x00, 0x00, 0x02 };
WOLFSSL_SMALL_STACK_STATIC const byte pubValGood[] = { 0x12, 0x34 };
WOLFSSL_SMALL_STACK_STATIC const byte pubValGoodLen[] = { 0x00, 0x12, 0x34 };
WOLFSSL_SMALL_STACK_STATIC const byte pubValGoodLong[] = { 0x00, 0x00, 0x12, 0x34 };
dh_pubvalue_test dh_pubval_fail[11];
dh_pubvalue_test dh_pubval_pass[5];
#define INIT_PUBVAL_FAIL(i,y) dh_pubval_fail[i].data = y; dh_pubval_fail[i].len = sizeof(y)
#define INIT_PUBVAL_PASS(i,y) dh_pubval_pass[i].data = y; dh_pubval_pass[i].len = sizeof(y)
INIT_PUBVAL_FAIL(0, prime);
INIT_PUBVAL_FAIL(1, pubValZero);
INIT_PUBVAL_FAIL(2, pubValZeroLong);
INIT_PUBVAL_FAIL(3, pubValOne);
INIT_PUBVAL_FAIL(4, pubValOneLong);
INIT_PUBVAL_FAIL(5, pubValPrimeMinusOne);
INIT_PUBVAL_FAIL(6, pubValPrimeLong);
INIT_PUBVAL_FAIL(7, pubValPrimePlusOne);
INIT_PUBVAL_FAIL(8, pubValTooBig0);
INIT_PUBVAL_FAIL(9, pubValTooBig1);
INIT_PUBVAL_FAIL(10, pubValTooLong);
INIT_PUBVAL_PASS(0, pubValTwo);
INIT_PUBVAL_PASS(1, pubValTwoLong);
INIT_PUBVAL_PASS(2, pubValGood);
INIT_PUBVAL_PASS(3, pubValGoodLen);
INIT_PUBVAL_PASS(4, pubValGoodLong);
#undef INIT_PUBVAL_FAIL
#undef INIT_PUBVAL_PASS
for (i = 0; i < sizeof(dh_pubval_fail) / sizeof(*dh_pubval_fail); i++) {
ret = wc_DhCheckPubValue(prime, sizeof(prime), dh_pubval_fail[i].data,
dh_pubval_fail[i].len);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_I(i);
}
for (i = 0; i < sizeof(dh_pubval_pass) / sizeof(*dh_pubval_pass); i++) {
ret = wc_DhCheckPubValue(prime, sizeof(prime), dh_pubval_pass[i].data,
dh_pubval_pass[i].len);
if (ret != 0)
return WC_TEST_RET_ENC_I(i);
}
return 0;
}
#endif
#if defined(HAVE_FFDHE)
#if defined(HAVE_FFDHE_4096)
#define MAX_DH_PRIV_SZ 39
#define MAX_DH_KEY_SZ 512
#elif defined(HAVE_FFDHE_3072)
#define MAX_DH_PRIV_SZ 34
#define MAX_DH_KEY_SZ 384
#else
#define MAX_DH_PRIV_SZ 29
#define MAX_DH_KEY_SZ 256
#endif
#ifndef WC_NO_RNG
#if !(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2) && \
(defined(WOLFSSL_SP_ARM64_ASM) || defined(WOLFSSL_SP_ARM32_ASM)))
#ifdef HAVE_PUBLIC_FFDHE
static wc_test_ret_t dh_ffdhe_test(WC_RNG *rng, const DhParams* params)
#else
static wc_test_ret_t dh_ffdhe_test(WC_RNG *rng, int name)
#endif
{
wc_test_ret_t ret;
word32 privSz, pubSz, privSz2, pubSz2;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
byte *priv = (byte*)XMALLOC(MAX_DH_PRIV_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
byte *pub = (byte*)XMALLOC(MAX_DH_KEY_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
byte *priv2 = (byte*)XMALLOC(MAX_DH_PRIV_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
byte *pub2 = (byte*)XMALLOC(MAX_DH_KEY_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
byte *agree = (byte*)XMALLOC(MAX_DH_KEY_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
byte *agree2 = (byte*)XMALLOC(MAX_DH_KEY_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
DhKey *key = (DhKey*)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
DhKey *key2 = (DhKey*)XMALLOC(sizeof(*key2), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
byte priv[MAX_DH_PRIV_SZ];
byte pub[MAX_DH_KEY_SZ];
byte priv2[MAX_DH_PRIV_SZ];
byte pub2[MAX_DH_KEY_SZ];
byte agree[MAX_DH_KEY_SZ];
byte agree2[MAX_DH_KEY_SZ];
DhKey key[1];
DhKey key2[1];
#endif
word32 agreeSz = MAX_DH_KEY_SZ;
word32 agreeSz2 = MAX_DH_KEY_SZ;
#if defined(WC_DH_NONBLOCK) && defined(WOLFSSL_HAVE_SP_DH) && \
defined(WOLFSSL_SP_NONBLOCK) && defined(WOLFSSL_SP_SMALL) && \
!defined(WOLFSSL_SP_FAST_MODEXP)
DhNb dhNb;
word32 nbAgreeSz;
int nbCount;
wc_test_ret_t nb_ret;
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if ((priv == NULL) ||
(pub == NULL) ||
(priv2 == NULL) ||
(pub2 == NULL) ||
(agree == NULL) ||
(agree2 == NULL) ||
(key == NULL) ||
(key2 == NULL))
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
#endif
pubSz = MAX_DH_KEY_SZ;
pubSz2 = MAX_DH_KEY_SZ;
#ifdef HAVE_PUBLIC_FFDHE
privSz = MAX_DH_PRIV_SZ;
privSz2 = MAX_DH_PRIV_SZ;
#else
privSz = wc_DhGetNamedKeyMinSize(name);
privSz2 = privSz;
#endif
XMEMSET(key, 0, sizeof(*key));
XMEMSET(key2, 0, sizeof(*key2));
ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_InitDhKey_ex(key2, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#ifdef HAVE_PUBLIC_FFDHE
/* use wc_DhSetKey_ex(), not wc_DhSetKey(), so that trusted=0 is passed to
* _DhSetKey(), exercising the primality check on the modulus:
*/
ret = wc_DhSetKey_ex(key, params->p, params->p_len, params->g,
params->g_len, NULL /* q */, 0 /* qSz */);
#else
ret = wc_DhSetNamedKey(key, name);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#ifdef HAVE_PUBLIC_FFDHE
ret = wc_DhSetKey_ex(key2, params->p, params->p_len, params->g,
params->g_len, NULL /* q */, 0 /* qSz */);
#else
ret = wc_DhSetNamedKey(key2, name);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_DhGenerateKeyPair(key2, rng, priv2, &privSz2, pub2, &pubSz2);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_DhAgree(key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_DhAgree(key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) {
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
#if defined(WC_DH_NONBLOCK) && defined(WOLFSSL_HAVE_SP_DH) && \
defined(WOLFSSL_SP_NONBLOCK) && defined(WOLFSSL_SP_SMALL) && \
!defined(WOLFSSL_SP_FAST_MODEXP)
nbAgreeSz = MAX_DH_KEY_SZ;
nbCount = 0;
XMEMSET(agree2, 0, MAX_DH_KEY_SZ);
nb_ret = wc_DhSetNonBlock(key, &dhNb);
if (nb_ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(nb_ret), done);
do {
nb_ret = wc_DhAgree(key, agree2, &nbAgreeSz, priv, privSz,
pub2, pubSz2);
nbCount++;
#if defined(WOLFSSL_ASYNC_CRYPT)
/* When async crypt is enabled, the SW shim returns WC_PENDING_E
* on the first call (init phase) and wc_AsyncWait drives the SP
* non-block state machine to completion. wc_AsyncSimulate
* translates each per-yield MP_WOULDBLOCK from sp_DhExp_<size>_nb
* into WC_PENDING_E internally so the wait loop polls until the
* operation finishes. */
if (nb_ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
nb_ret = wc_AsyncWait(nb_ret, &key->asyncDev,
WC_ASYNC_FLAG_NONE);
}
#endif
} while (nb_ret == WC_NO_ERR_TRACE(MP_WOULDBLOCK) ||
nb_ret == WC_NO_ERR_TRACE(WC_PENDING_E));
if (nb_ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(nb_ret), done);
#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
printf("DH non-block agree: %d times\n", nbCount);
#endif
if (nbAgreeSz != agreeSz || XMEMCMP(agree, agree2, agreeSz))
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
nb_ret = wc_DhSetNonBlock(key, NULL);
if (nb_ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(nb_ret), done);
#endif /* WC_DH_NONBLOCK + SP nonblock */
/* wc_DhGeneratePublic_fips() was added in 5.2.3, but some customers are
* building with configure scripts that set version to 5.2.1, but with 5.2.3
* wolfCrypt sources. 5.3.0 is used for both fips-v5-ready and v5-kcapi,
* and are also missing wc_DhGeneratePublic().
*/
#if !(defined(HAVE_SELFTEST) || \
(defined(HAVE_FIPS) && FIPS_VERSION3_LT(5,2,3)) || \
FIPS_VERSION3_EQ(5,3,0) || \
FIPS_VERSION3_EQ(6,0,0) || \
defined(NO_WC_DHGENERATEPUBLIC))
/* additional test for wc_DhGeneratePublic:
* 1. reset key2.
* 2. using priv from dh key 1, generate pub2 with
* wc_DhGeneratePublic.
* 3. test equality pub2 == pub1. */
wc_FreeDhKey(key2);
pubSz2 = MAX_DH_KEY_SZ;
XMEMSET(pub2, 0, pubSz2);
ret = wc_InitDhKey_ex(key2, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#ifdef HAVE_PUBLIC_FFDHE
ret = wc_DhSetKey_ex(key2, params->p, params->p_len, params->g,
params->g_len, NULL /* q */, 0 /* qSz */);
#else
ret = wc_DhSetNamedKey(key2, name);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
/* using key 1 private, generate key2 public and test equality. */
ret = wc_DhGeneratePublic(key2, priv, privSz, pub2, &pubSz2);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
}
if (pubSz != pubSz2 || XMEMCMP(pub, pub2, pubSz)) {
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
#endif /* !(NO_WC_DHGENERATEPUBLIC || HAVE_SELFTEST || FIPS <5.2.3 || == 5.3.0 || == 6.0.0 */
#if (defined(WOLFSSL_HAVE_SP_DH) || defined(USE_FAST_MATH)) && \
!defined(HAVE_INTEL_QA)
/* Make p even */
key->p.dp[0] &= (mp_digit)-2;
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != WC_NO_ERR_TRACE(MP_VAL) &&
ret != WC_NO_ERR_TRACE(MP_EXPTMOD_E))
{
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
}
ret = wc_DhAgree(key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != WC_NO_ERR_TRACE(MP_VAL) &&
ret != WC_NO_ERR_TRACE(MP_EXPTMOD_E) &&
ret != WC_NO_ERR_TRACE(ASYNC_OP_E))
{
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
}
#ifndef HAVE_SELFTEST
ret = wc_DhCheckKeyPair(key, pub, pubSz, priv, privSz);
if (ret != WC_NO_ERR_TRACE(MP_VAL) &&
ret != WC_NO_ERR_TRACE(MP_EXPTMOD_E) &&
ret != WC_NO_ERR_TRACE(MP_CMP_E) &&
ret != WC_NO_ERR_TRACE(ASYNC_OP_E))
{
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
}
#endif
/* Getting here means success - set ret to 0. */
ret = 0;
#endif /* (SP DH or Fast Math) and not Intel QuickAssist */
done:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) && \
!defined(WC_NO_RNG)
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(agree, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(agree2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (key) {
wc_FreeDhKey(key);
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
if (key2) {
wc_FreeDhKey(key2);
XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#else
wc_FreeDhKey(key);
wc_FreeDhKey(key2);
#endif
return ret;
}
#endif /* !(HAVE_FIPS_VERSION == 2 && WOLFSSL_SP_ARMxx_ASM) */
#endif /* !WC_NO_RNG */
#endif /* HAVE_FFDHE */
#define DH_TEST_TMP_SIZE 1024
#if !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
#define DH_TEST_BUF_SIZE 256
#else
#define DH_TEST_BUF_SIZE 512
#endif
#ifndef WC_NO_RNG
static wc_test_ret_t dh_keyagree_test(DhKey* key, DhKey* key2, WC_RNG* rng,
byte* priv, word32* privSz, byte* pub, word32* pubSz,
byte* priv2, word32* privSz2, byte* pub2, word32* pubSz2,
byte* agree, word32 agreeBufSz, byte* agree2, word32 agreeBufSz2)
{
wc_test_ret_t ret;
word32 agreeSz = agreeBufSz;
word32 agreeSz2 = agreeBufSz2;
ret = wc_DhGenerateKeyPair(key, rng, priv, privSz, pub, pubSz);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_dh_keyagree);
ret = wc_DhGenerateKeyPair(key2, rng, priv2, privSz2, pub2, pubSz2);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_dh_keyagree);
ret = wc_DhAgree(key, agree, &agreeSz, priv, *privSz, pub2, *pubSz2);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_dh_keyagree);
ret = wc_DhAgree(key2, agree2, &agreeSz2, priv2, *privSz2, pub, *pubSz);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_dh_keyagree);
if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_dh_keyagree);
}
ret = 0;
exit_dh_keyagree:
return ret;
}
#endif /* !WC_NO_RNG */
#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
static wc_test_ret_t dh_check_priv_key_test(DhKey* key, const byte* priv,
word32 privSz)
{
wc_test_ret_t ret;
word32 pSz, qSz, gSz;
byte pBuf[DH_TEST_BUF_SIZE];
byte qBuf[DH_TEST_BUF_SIZE];
byte gBuf[DH_TEST_BUF_SIZE];
ret = wc_DhCheckPrivKey(NULL, NULL, 0);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_dh_check_priv);
ret = wc_DhCheckPrivKey(key, priv, privSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_dh_check_priv);
ret = wc_DhExportParamsRaw(NULL, NULL, NULL, NULL, NULL, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_dh_check_priv);
ret = wc_DhExportParamsRaw(key, NULL, &pSz, NULL, &qSz, NULL, &gSz);
if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_dh_check_priv);
/* Regression: the explicit prime argument to wc_DhCheckPrivKey_ex must be
* honored and not overwritten by key->q. This key is set with p and g
* only, so key->q is empty; supplying the modulus p as a generous bound
* must accept any valid priv (priv < p). The prior defect clobbered the
* loaded bound with the empty key->q and rejected a valid key. */
if (pSz <= (word32)sizeof(pBuf) && qSz <= (word32)sizeof(qBuf) &&
gSz <= (word32)sizeof(gBuf)) {
ret = wc_DhExportParamsRaw(key, pBuf, &pSz, qBuf, &qSz, gBuf, &gSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_dh_check_priv);
ret = wc_DhCheckPrivKey_ex(key, priv, privSz, pBuf, pSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_dh_check_priv);
}
ret = 0;
exit_dh_check_priv:
return ret;
}
#endif /* WOLFSSL_KEY_GEN && !HAVE_FIPS && !HAVE_SELFTEST */
#if !defined(WC_NO_RNG) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)) && \
!defined(HAVE_SELFTEST)
static wc_test_ret_t dh_agree_ct_test(DhKey* key, DhKey* key2,
const byte* priv, word32 privSz, const byte* pub, word32 pubSz,
const byte* priv2, word32 privSz2, const byte* pub2, word32 pubSz2,
byte* agree, byte* agree2, word32 bufSize)
{
wc_test_ret_t ret;
word32 agreeSz = bufSize;
word32 agreeSz2 = bufSize;
ret = wc_DhAgree_ct(key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_dh_agree_ct);
ret = wc_DhAgree_ct(key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_dh_agree_ct);
#ifdef WOLFSSL_PUBLIC_MP
if (agreeSz != (word32)mp_unsigned_bin_size(&key->p)) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_dh_agree_ct);
}
#endif
if (agreeSz != agreeSz2) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_dh_agree_ct);
}
if (XMEMCMP(agree, agree2, agreeSz) != 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_dh_agree_ct);
}
ret = 0;
exit_dh_agree_ct:
return ret;
}
#endif /* !WC_NO_RNG && (!HAVE_FIPS || FIPS_VERSION_GE(7,0)) && !HAVE_SELFTEST */
#if defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM) && \
(!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
static wc_test_ret_t dh_key_import_export_test(DhKey* key, DhKey* key2,
byte* tmp, byte* priv, word32* privSz, byte* pub, word32* pubSz)
{
wc_test_ret_t ret;
word32 idx = 0;
#ifndef NO_ASN
word32 bytes;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
byte* tmp2 = NULL;
#else
byte tmp2[DH_TEST_TMP_SIZE];
#endif
#endif
wc_FreeDhKey(key);
ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_dh_import_export);
#ifndef NO_ASN
{
/* DH Private - Key Export / Import */
#if defined(USE_CERT_BUFFERS_2048)
XMEMCPY(tmp, dh_ffdhe_statickey_der_2048, sizeof_dh_ffdhe_statickey_der_2048);
bytes = sizeof_dh_ffdhe_statickey_der_2048;
#else
XFILE file = XFOPEN(dhKeyFile, "rb");
if (!file)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_dh_import_export);
bytes = (word32)XFREAD(tmp, 1, DH_TEST_TMP_SIZE, file);
XFCLOSE(file);
if (bytes == 0)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_dh_import_export);
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
tmp2 = (byte*)XMALLOC(DH_TEST_TMP_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp2 == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_dh_import_export);
#endif
idx = 0;
XMEMSET(tmp2, 0, DH_TEST_TMP_SIZE);
/* Import DH Private key as DER */
ret = wc_DhKeyDecode(tmp, &idx, key, bytes);
if (ret == 0) {
/* Export as DER */
idx = DH_TEST_TMP_SIZE;
ret = wc_DhPrivKeyToDer(key, tmp2, &idx);
}
/* Verify export matches original */
if (ret <= 0 || bytes != idx || XMEMCMP(tmp, tmp2, bytes) != 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_dh_import_export);
}
/* DH Public Key - Export / Import */
#if defined(USE_CERT_BUFFERS_2048)
XMEMCPY(tmp, dh_ffdhe_pub_statickey_der_2048, sizeof_dh_ffdhe_pub_statickey_der_2048);
bytes = sizeof_dh_ffdhe_pub_statickey_der_2048;
#else
file = XFOPEN(dhKeyPubFile, "rb");
if (!file)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_dh_import_export);
bytes = (word32)XFREAD(tmp, 1, DH_TEST_TMP_SIZE, file);
XFCLOSE(file);
if (bytes == 0)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_dh_import_export);
#endif
/* for HAVE_WOLF_BIGINT prevent leak */
wc_FreeDhKey(key);
(void)wc_InitDhKey_ex(key, HEAP_HINT, devId);
idx = 0;
XMEMSET(tmp2, 0, DH_TEST_TMP_SIZE);
/* Import DH Public key as DER */
ret = wc_DhKeyDecode(tmp, &idx, key, bytes);
if (ret == 0) {
/* Export as DER */
idx = DH_TEST_TMP_SIZE;
ret = wc_DhPubKeyToDer(key, tmp2, &idx);
}
/* Verify export matches original */
if (ret <= 0 || bytes != idx || XMEMCMP(tmp, tmp2, bytes) != 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_dh_import_export);
}
}
#else
ret = wc_DhSetKey(key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_dh_import_export);
#endif /* !NO_ASN */
*privSz = DH_TEST_BUF_SIZE;
*pubSz = DH_TEST_BUF_SIZE;
ret = wc_DhExportKeyPair(key, priv, privSz, pub, pubSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_dh_import_export);
ret = wc_DhImportKeyPair(key2, priv, *privSz, pub, *pubSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_dh_import_export);
ret = 0;
exit_dh_import_export:
#if !defined(NO_ASN) && defined(WOLFSSL_SMALL_STACK) && \
!defined(WOLFSSL_NO_MALLOC)
XFREE(tmp2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
#endif /* WOLFSSL_DH_EXTRA && !NO_FILESYSTEM && !FIPS <= 2 */
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
!defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(WC_NO_RNG)
static wc_test_ret_t dh_set_check_key_test(DhKey* key, WC_RNG* rng,
int* keyInit)
{
wc_test_ret_t ret;
ret = wc_DhSetCheckKey(key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g),
NULL, 0, 0, rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_dh_set_check);
*keyInit = 1; /* DhSetCheckKey also initializes the key, free it */
ret = 0;
exit_dh_set_check:
return ret;
}
#endif /* !HAVE_FIPS && !HAVE_SELFTEST && !WOLFSSL_OLD_PRIME_CHECK && !WC_NO_RNG */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dh_test(void)
{
wc_test_ret_t ret;
word32 bytes;
word32 idx = 0;
word32 privSz = 0;
word32 pubSz = 0;
word32 privSz2 = 0;
word32 pubSz2 = 0;
#ifndef WC_NO_RNG
WC_RNG rng;
int rngInit = 0;
#endif
int keyInit = 0, key2Init = 0;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
DhKey *key = (DhKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
DhKey *key2 = (DhKey *)XMALLOC(sizeof *key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
byte *tmp = (byte *)XMALLOC(DH_TEST_TMP_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
DhKey key[1];
DhKey key2[1];
byte tmp[DH_TEST_TMP_SIZE];
#endif
#ifndef WC_NO_RNG
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
byte *priv = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
byte *pub = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
byte *priv2 = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
byte *pub2 = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
byte *agree = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
byte *agree2 = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (priv == NULL || pub == NULL || priv2 == NULL || pub2 == NULL ||
agree == NULL || agree2 == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
}
#else
byte priv[DH_TEST_BUF_SIZE];
byte pub[DH_TEST_BUF_SIZE];
byte priv2[DH_TEST_BUF_SIZE];
byte pub2[DH_TEST_BUF_SIZE];
byte agree[DH_TEST_BUF_SIZE];
byte agree2[DH_TEST_BUF_SIZE];
#endif
#endif /* !WC_NO_RNG */
WOLFSSL_ENTER("dh_test");
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (key == NULL || key2 == NULL || tmp == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
}
#endif
#ifdef USE_CERT_BUFFERS_1024
XMEMCPY(tmp, dh_key_der_1024, (size_t)sizeof_dh_key_der_1024);
bytes = (size_t)sizeof_dh_key_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
XMEMCPY(tmp, dh_key_der_2048, (size_t)sizeof_dh_key_der_2048);
bytes = (size_t)sizeof_dh_key_der_2048;
#elif defined(USE_CERT_BUFFERS_3072)
XMEMCPY(tmp, dh_key_der_3072, (size_t)sizeof_dh_key_der_3072);
bytes = (size_t)sizeof_dh_key_der_3072;
#elif defined(USE_CERT_BUFFERS_4096)
XMEMCPY(tmp, dh_key_der_4096, (size_t)sizeof_dh_key_der_4096);
bytes = (size_t)sizeof_dh_key_der_4096;
#elif defined(NO_ASN)
/* don't use file, no DER parsing */
#elif !defined(NO_FILESYSTEM)
{
XFILE file = XFOPEN(dhParamsFile, "rb");
if (! file)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
bytes = (word32) XFREAD(tmp, 1, DH_TEST_TMP_SIZE, file);
XFCLOSE(file);
if (bytes == 0)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
}
#else
/* No DH key to use. */
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
#endif /* USE_CERT_BUFFERS */
(void)idx;
(void)tmp;
(void)bytes;
pubSz = DH_TEST_BUF_SIZE;
pubSz2 = DH_TEST_BUF_SIZE;
privSz = DH_TEST_BUF_SIZE;
privSz2 = DH_TEST_BUF_SIZE;
#ifndef WC_NO_RNG
XMEMSET(&rng, 0, sizeof(rng));
#endif
/* Use API for coverage. */
ret = wc_InitDhKey(key);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
wc_FreeDhKey(key);
ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
keyInit = 1;
ret = wc_InitDhKey_ex(key2, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
key2Init = 1;
#ifdef NO_ASN
#ifndef WOLFSSL_SP_MATH
ret = wc_DhSetKey(key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_DhSetKey(key2, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#else
ret = wc_DhSetKey(key, dh2048_p, sizeof(dh2048_p), dh2048_g,
sizeof(dh2048_g));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_DhSetKey(key2, dh2048_p, sizeof(dh2048_p), dh2048_g,
sizeof(dh2048_g));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#endif
#else
ret = wc_DhKeyDecode(tmp, &idx, key, bytes);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
idx = 0;
ret = wc_DhKeyDecode(tmp, &idx, key2, bytes);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#endif
#ifndef WC_NO_RNG
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
ret = wc_InitRng(&rng);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
rngInit = 1;
ret = dh_keyagree_test(key, key2, &rng,
priv, &privSz, pub, &pubSz,
priv2, &privSz2, pub2, &pubSz2,
agree, DH_TEST_BUF_SIZE, agree2, DH_TEST_BUF_SIZE);
if (ret != 0)
ERROR_OUT(ret, done);
#endif /* !WC_NO_RNG */
#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
ret = dh_check_priv_key_test(key, priv, privSz);
if (ret != 0)
ERROR_OUT(ret, done);
#endif
#if !defined(WC_NO_RNG) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)) && \
!defined(HAVE_SELFTEST)
ret = dh_agree_ct_test(key, key2, priv, privSz, pub, pubSz,
priv2, privSz2, pub2, pubSz2, agree, agree2, DH_TEST_BUF_SIZE);
if (ret != 0)
ERROR_OUT(ret, done);
#endif /* !WC_NO_RNG && (!HAVE_FIPS || FIPS_VERSION_GE(7,0)) && !HAVE_SELFTEST */
/* Test DH key import / export */
#if defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM) && \
(!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
ret = dh_key_import_export_test(key, key2, tmp, priv, &privSz, pub, &pubSz);
if (ret != 0)
ERROR_OUT(ret, done);
#endif /* WOLFSSL_DH_EXTRA && !NO_FILESYSTEM && !FIPS <= 2 */
#ifndef WC_NO_RNG
ret = dh_generate_test(&rng);
if (ret != 0)
ERROR_OUT(ret, done);
ret = dh_fips_generate_test(&rng);
if (ret != 0)
ERROR_OUT(ret, done);
#endif /* !WC_NO_RNG */
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
ret = dh_test_check_pubvalue();
if (ret != 0)
ERROR_OUT(ret, done);
#endif
#if !(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2) && \
(defined(WOLFSSL_SP_ARM64_ASM) || defined(WOLFSSL_SP_ARM32_ASM)))
/* RNG with DH and SP_ASM code not supported in the in-lined FIPS ASM code,
* this will be available for testing in the 140-3 module */
#ifndef WC_NO_RNG
/* Specialized code for key gen when using FFDHE-2048, FFDHE-3072 and FFDHE-4096 */
#ifdef HAVE_FFDHE_2048
#ifdef HAVE_PUBLIC_FFDHE
ret = dh_ffdhe_test(&rng, wc_Dh_ffdhe2048_Get());
#else
ret = dh_ffdhe_test(&rng, WC_FFDHE_2048);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#endif
#ifdef HAVE_FFDHE_3072
#ifdef HAVE_PUBLIC_FFDHE
ret = dh_ffdhe_test(&rng, wc_Dh_ffdhe3072_Get());
#else
ret = dh_ffdhe_test(&rng, WC_FFDHE_3072);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#endif
#ifdef HAVE_FFDHE_4096
#ifdef HAVE_PUBLIC_FFDHE
ret = dh_ffdhe_test(&rng, wc_Dh_ffdhe4096_Get());
#else
ret = dh_ffdhe_test(&rng, WC_FFDHE_4096);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#endif
#endif /* !WC_NO_RNG */
#endif /* HAVE_FIPS_VERSION == 2 && !WOLFSSL_SP_ARM64_ASM */
wc_FreeDhKey(key);
keyInit = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
!defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(WC_NO_RNG)
/* Test Check Key */
ret = dh_set_check_key_test(key, &rng, &keyInit);
if (ret != 0)
ERROR_OUT(ret, done);
#endif
done:
#ifndef WC_NO_RNG
if (rngInit)
wc_FreeRng(&rng);
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (key) {
if (keyInit)
wc_FreeDhKey(key);
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
if (key2) {
if (key2Init)
wc_FreeDhKey(key2);
XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(agree, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(agree2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
if (keyInit)
wc_FreeDhKey(key);
if (key2Init)
wc_FreeDhKey(key2);
#endif
(void)privSz;
(void)pubSz;
(void)pubSz2;
(void)privSz2;
return ret;
}
#undef DH_TEST_BUF_SIZE
#undef DH_TEST_TMP_SIZE
#endif /* NO_DH */
#ifndef NO_DSA
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dsa_test(void)
{
wc_test_ret_t ret = 0;
word32 bytes;
word32 idx = 0;
WC_RNG rng;
int rng_inited = 0;
wc_Sha sha;
byte hash[WC_SHA_DIGEST_SIZE];
#ifndef WC_FIPS_186_5_PLUS
byte signature[40];
int answer;
#endif
int key_inited = 0;
#ifdef WOLFSSL_KEY_GEN
int derSz = 0;
int derIn_inited = 0;
int genKey_inited = 0;
#endif
#define DSA_TEST_TMP_SIZE 1024
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
byte *tmp = (byte*)XMALLOC(DSA_TEST_TMP_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
DsaKey *key = (DsaKey*)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WOLFSSL_KEY_GEN
DsaKey *derIn = (DsaKey*)XMALLOC(sizeof(*derIn), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
DsaKey *genKey = (DsaKey*)XMALLOC(sizeof(*genKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
byte* der = NULL;
#endif
#else
byte tmp[DSA_TEST_TMP_SIZE];
DsaKey key[1];
#ifdef WOLFSSL_KEY_GEN
DsaKey derIn[1];
DsaKey genKey[1];
byte der[FOURK_BUF];
#endif
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if ((tmp == NULL) ||
(key == NULL)
#ifdef WOLFSSL_KEY_GEN
|| (derIn == NULL)
|| (genKey == NULL)
#endif
) {
ret = WC_TEST_RET_ENC_NC;
goto out;
}
#endif
WOLFSSL_ENTER("dsa_test");
#ifdef USE_CERT_BUFFERS_1024
XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
bytes = sizeof_dsa_key_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
bytes = sizeof_dsa_key_der_2048;
#else
{
XFILE file = XFOPEN(dsaKey, "rb");
if (!file)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
bytes = (word32) XFREAD(tmp, 1, DSA_TEST_TMP_SIZE, file);
XFCLOSE(file);
if (bytes == 0)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
}
#endif /* USE_CERT_BUFFERS */
ret = wc_InitSha_ex(&sha, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
wc_ShaUpdate(&sha, tmp, bytes);
wc_ShaFinal(&sha, hash);
wc_ShaFree(&sha);
ret = wc_InitDsaKey(key);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
key_inited = 1;
ret = wc_DsaPrivateKeyDecode(tmp, &idx, key, bytes);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
ret = wc_InitRng(&rng);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
rng_inited = 1;
#ifndef WC_FIPS_186_5_PLUS
ret = wc_DsaSign(hash, signature, key, &rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_DsaVerify(hash, signature, key, &answer);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (answer != 1)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* !WC_FIPS_186_5_PLUS */
wc_FreeDsaKey(key);
key_inited = 0;
ret = wc_InitDsaKey_h(key, NULL);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
key_inited = 1;
#ifdef WOLFSSL_KEY_GEN
ret = wc_InitDsaKey(genKey);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
genKey_inited = 1;
ret = wc_MakeDsaParameters(&rng, 1024, genKey);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_MakeDsaKey(&rng, genKey);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (der == NULL)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
derSz = wc_DsaKeyToDer(genKey, der, FOURK_BUF);
if (derSz < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(derSz), out);
ret = SaveDerAndPem(der, derSz, keyDerFile, keyPemFile,
DSA_PRIVATEKEY_TYPE);
if (ret != 0)
goto out;
ret = wc_InitDsaKey(derIn);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
derIn_inited = 1;
idx = 0;
ret = wc_DsaPrivateKeyDecode(der, &idx, derIn, (word32)derSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif /* WOLFSSL_KEY_GEN */
out:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (key) {
if (key_inited)
wc_FreeDsaKey(key);
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#ifdef WOLFSSL_KEY_GEN
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (derIn) {
if (derIn_inited)
wc_FreeDsaKey(derIn);
XFREE(derIn, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
if (genKey) {
if (genKey_inited)
wc_FreeDsaKey(genKey);
XFREE(genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif
#else
if (key_inited)
wc_FreeDsaKey(key);
#ifdef WOLFSSL_KEY_GEN
if (derIn_inited)
wc_FreeDsaKey(derIn);
if (genKey_inited)
wc_FreeDsaKey(genKey);
#endif
#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
if (rng_inited)
wc_FreeRng(&rng);
return ret;
}
#endif /* !NO_DSA */
#ifdef WOLFCRYPT_HAVE_SRP
static wc_test_ret_t generate_random_salt(byte *buf, word32 size)
{
wc_test_ret_t ret = WC_TEST_RET_ENC_NC;
WC_RNG rng;
if(NULL == buf || !size)
return WC_TEST_RET_ENC_NC;
if (buf && size && wc_InitRng_ex(&rng, HEAP_HINT, devId) == 0) {
ret = wc_RNG_GenerateBlock(&rng, (byte *)buf, size);
wc_FreeRng(&rng);
}
return ret;
}
#if ((defined(FP_MAX_BITS) && (FP_MAX_BITS >= 3072)) \
|| (defined(SP_INT_BITS) && (SP_INT_BITS >= 3072)))
#define SRP_TEST_BUFFER_SIZE 192
#else
#define SRP_TEST_BUFFER_SIZE 128
#endif
static wc_test_ret_t srp_test_digest(SrpType dgstType)
{
wc_test_ret_t r;
byte clientPubKey[SRP_TEST_BUFFER_SIZE]; /* A */
byte serverPubKey[SRP_TEST_BUFFER_SIZE]; /* B */
word32 clientPubKeySz = SRP_TEST_BUFFER_SIZE;
word32 serverPubKeySz = SRP_TEST_BUFFER_SIZE;
byte username[] = "user";
word32 usernameSz = 4;
byte password[] = "password";
word32 passwordSz = 8;
#if SRP_TEST_BUFFER_SIZE == 128
WOLFSSL_SMALL_STACK_STATIC const byte N[] = {
0xEE, 0xAF, 0x0A, 0xB9, 0xAD, 0xB3, 0x8D, 0xD6,
0x9C, 0x33, 0xF8, 0x0A, 0xFA, 0x8F, 0xC5, 0xE8,
0x60, 0x72, 0x61, 0x87, 0x75, 0xFF, 0x3C, 0x0B,
0x9E, 0xA2, 0x31, 0x4C, 0x9C, 0x25, 0x65, 0x76,
0xD6, 0x74, 0xDF, 0x74, 0x96, 0xEA, 0x81, 0xD3,
0x38, 0x3B, 0x48, 0x13, 0xD6, 0x92, 0xC6, 0xE0,
0xE0, 0xD5, 0xD8, 0xE2, 0x50, 0xB9, 0x8B, 0xE4,
0x8E, 0x49, 0x5C, 0x1D, 0x60, 0x89, 0xDA, 0xD1,
0x5D, 0xC7, 0xD7, 0xB4, 0x61, 0x54, 0xD6, 0xB6,
0xCE, 0x8E, 0xF4, 0xAD, 0x69, 0xB1, 0x5D, 0x49,
0x82, 0x55, 0x9B, 0x29, 0x7B, 0xCF, 0x18, 0x85,
0xC5, 0x29, 0xF5, 0x66, 0x66, 0x0E, 0x57, 0xEC,
0x68, 0xED, 0xBC, 0x3C, 0x05, 0x72, 0x6C, 0xC0,
0x2F, 0xD4, 0xCB, 0xF4, 0x97, 0x6E, 0xAA, 0x9A,
0xFD, 0x51, 0x38, 0xFE, 0x83, 0x76, 0x43, 0x5B,
0x9F, 0xC6, 0x1D, 0x2F, 0xC0, 0xEB, 0x06, 0xE3
};
#else
WOLFSSL_SMALL_STACK_STATIC const byte N[] = {
0xfc, 0x58, 0x7a, 0x8a, 0x70, 0xfb, 0x5a, 0x9a,
0x5d, 0x39, 0x48, 0xbf, 0x1c, 0x46, 0xd8, 0x3b,
0x7a, 0xe9, 0x1f, 0x85, 0x36, 0x18, 0xc4, 0x35,
0x3f, 0xf8, 0x8a, 0x8f, 0x8c, 0x10, 0x2e, 0x01,
0x58, 0x1d, 0x41, 0xcb, 0xc4, 0x47, 0xa8, 0xaf,
0x9a, 0x6f, 0x58, 0x14, 0xa4, 0x68, 0xf0, 0x9c,
0xa6, 0xe7, 0xbf, 0x0d, 0xe9, 0x62, 0x0b, 0xd7,
0x26, 0x46, 0x5b, 0x27, 0xcb, 0x4c, 0xf9, 0x7e,
0x1e, 0x8b, 0xe6, 0xdd, 0x29, 0xb7, 0xb7, 0x15,
0x2e, 0xcf, 0x23, 0xa6, 0x4b, 0x97, 0x9f, 0x89,
0xd4, 0x86, 0xc4, 0x90, 0x63, 0x92, 0xf4, 0x30,
0x26, 0x69, 0x48, 0x9d, 0x7a, 0x4f, 0xad, 0xb5,
0x6a, 0x51, 0xad, 0xeb, 0xf9, 0x90, 0x31, 0x77,
0x53, 0x30, 0x2a, 0x85, 0xf7, 0x11, 0x21, 0x0c,
0xb8, 0x4b, 0x56, 0x03, 0x5e, 0xbb, 0x25, 0x33,
0x7c, 0xd9, 0x5a, 0xd1, 0x5c, 0xb2, 0xd4, 0x53,
0xc5, 0x16, 0x68, 0xf0, 0xdf, 0x48, 0x55, 0x3e,
0xd4, 0x59, 0x87, 0x64, 0x59, 0xaa, 0x39, 0x01,
0x45, 0x89, 0x9c, 0x72, 0xff, 0xdd, 0x8f, 0x6d,
0xa0, 0x42, 0xbc, 0x6f, 0x6e, 0x62, 0x18, 0x2d,
0x50, 0xe8, 0x18, 0x97, 0x87, 0xfc, 0xef, 0x1f,
0xf5, 0x53, 0x68, 0xe8, 0x49, 0xd1, 0xa2, 0xe8,
0xb9, 0x26, 0x03, 0xba, 0xb5, 0x58, 0x6f, 0x6c,
0x8b, 0x08, 0xa1, 0x7b, 0x6f, 0x42, 0xc9, 0x53
};
#endif
/* Generator is 2 for both cases. */
WOLFSSL_SMALL_STACK_STATIC const byte g[] = {
0x02
};
byte salt[10];
byte verifier[SRP_TEST_BUFFER_SIZE];
word32 v_size = (word32)sizeof(verifier);
word32 clientProofSz = SRP_MAX_DIGEST_SIZE;
word32 serverProofSz = SRP_MAX_DIGEST_SIZE;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
Srp *cli = (Srp *)XMALLOC(sizeof *cli, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
Srp *srv = (Srp *)XMALLOC(sizeof *srv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
byte *clientProof = (byte *)XMALLOC(SRP_MAX_DIGEST_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER); /* M1 */
byte *serverProof = (byte *)XMALLOC(SRP_MAX_DIGEST_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER); /* M2 */
if ((cli == NULL) ||
(srv == NULL) ||
(clientProof == NULL) ||
(serverProof == NULL)) {
r = WC_TEST_RET_ENC_NC;
goto out;
}
#else
Srp cli[1], srv[1];
byte clientProof[SRP_MAX_DIGEST_SIZE]; /* M1 */
byte serverProof[SRP_MAX_DIGEST_SIZE]; /* M2 */
#endif
/* set as 0's so if second init on srv not called SrpTerm is not on
* garbage values */
XMEMSET(srv, 0, sizeof *srv);
XMEMSET(cli, 0, sizeof *cli);
/* generating random salt */
r = generate_random_salt(salt, sizeof(salt));
/* client knows username and password. */
/* server knows N, g, salt and verifier. */
if (!r) r = wc_SrpInit_ex(cli, dgstType, SRP_CLIENT_SIDE, HEAP_HINT, devId);
if (!r) r = wc_SrpSetUsername(cli, username, usernameSz);
/* loading N, g and salt in advance to generate the verifier. */
if (!r) r = wc_SrpSetParams(cli, N, sizeof(N),
g, sizeof(g),
salt, sizeof(salt));
if (!r) r = wc_SrpSetPassword(cli, password, passwordSz);
if (!r) r = wc_SrpGetVerifier(cli, verifier, &v_size);
/* client sends username to server */
if (!r) r = wc_SrpInit_ex(srv, dgstType, SRP_SERVER_SIDE, HEAP_HINT, devId);
if (!r) r = wc_SrpSetUsername(srv, username, usernameSz);
if (!r) r = wc_SrpSetParams(srv, N, sizeof(N),
g, sizeof(g),
salt, sizeof(salt));
if (!r) r = wc_SrpSetVerifier(srv, verifier, v_size);
if (!r) r = wc_SrpGetPublic(srv, serverPubKey, &serverPubKeySz);
/* server sends N, g, salt and B to client */
if (!r) r = wc_SrpGetPublic(cli, clientPubKey, &clientPubKeySz);
if (!r) r = wc_SrpComputeKey(cli, clientPubKey, clientPubKeySz,
serverPubKey, serverPubKeySz);
if (!r) r = wc_SrpGetProof(cli, clientProof, &clientProofSz);
/* client sends A and M1 to server */
if (!r) r = wc_SrpComputeKey(srv, clientPubKey, clientPubKeySz,
serverPubKey, serverPubKeySz);
if (!r) r = wc_SrpVerifyPeersProof(srv, clientProof, clientProofSz);
if (!r) r = wc_SrpGetProof(srv, serverProof, &serverProofSz);
/* server sends M2 to client */
if (!r) r = wc_SrpVerifyPeersProof(cli, serverProof, serverProofSz);
/* Negative test: corrupted proof must be rejected with SRP_VERIFY_E. */
if (!r) {
int rNeg;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
Srp* cli2 = (Srp*)XMALLOC(sizeof *cli2, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (cli2 == NULL) {
r = WC_TEST_RET_ENC_NC;
}
#else
Srp cli2_buf[1];
Srp* cli2 = cli2_buf;
#endif
if (!r) {
XMEMSET(cli2, 0, sizeof *cli2);
/* Reset sizes consumed by the first exchange. */
clientPubKeySz = SRP_TEST_BUFFER_SIZE;
clientProofSz = SRP_MAX_DIGEST_SIZE;
rNeg = wc_SrpInit_ex(cli2, dgstType, SRP_CLIENT_SIDE, HEAP_HINT,
devId);
if (!rNeg) rNeg = wc_SrpSetUsername(cli2, username, usernameSz);
if (!rNeg) rNeg = wc_SrpSetParams(cli2, N, sizeof(N),
g, sizeof(g), salt,
sizeof(salt));
if (!rNeg) rNeg = wc_SrpSetPassword(cli2, password, passwordSz);
if (!rNeg) rNeg = wc_SrpGetPublic(cli2, clientPubKey,
&clientPubKeySz);
if (!rNeg) rNeg = wc_SrpComputeKey(cli2, clientPubKey,
clientPubKeySz, serverPubKey,
serverPubKeySz);
if (!rNeg) rNeg = wc_SrpGetProof(cli2, clientProof,
&clientProofSz);
/* Corrupt the server proof before verifying. */
serverProof[0] ^= 0x01;
if (!rNeg) {
rNeg = wc_SrpVerifyPeersProof(cli2, serverProof,
serverProofSz);
if (rNeg != WC_NO_ERR_TRACE(SRP_VERIFY_E)) {
r = WC_TEST_RET_ENC_EC(rNeg);
}
}
else {
r = WC_TEST_RET_ENC_EC(rNeg);
}
wc_SrpTerm(cli2);
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(cli2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
}
wc_SrpTerm(cli);
wc_SrpTerm(srv);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
out:
XFREE(cli, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(srv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(clientProof, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(serverProof, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return r;
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srp_test(void)
{
wc_test_ret_t ret;
WOLFSSL_ENTER("srp_test");
#ifndef NO_SHA
ret = srp_test_digest(SRP_TYPE_SHA);
if (ret != 0)
return ret;
#endif
#ifndef NO_SHA256
ret = srp_test_digest(SRP_TYPE_SHA256);
if (ret != 0)
return ret;
#endif
#ifdef WOLFSSL_SHA384
ret = srp_test_digest(SRP_TYPE_SHA384);
if (ret != 0)
return ret;
#endif
#ifdef WOLFSSL_SHA512
ret = srp_test_digest(SRP_TYPE_SHA512);
if (ret != 0)
return ret;
#endif
return ret;
}
#endif /* WOLFCRYPT_HAVE_SRP */
#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
#if !defined(NO_AES) && !defined(WOLFCRYPT_ONLY)
static wc_test_ret_t openssl_aes_cbc_test(void)
{
#ifdef HAVE_AES_CBC
#ifdef WOLFSSL_AES_128
{
/* EVP_CipherUpdate test */
WOLFSSL_SMALL_STACK_STATIC const byte cbcPlain[] =
{
0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
};
WOLFSSL_SMALL_STACK_STATIC const byte key[] =
"0123456789abcdef "; /* align */
WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
"1234567890abcdef "; /* align */
byte cipher[WC_AES_BLOCK_SIZE * 4];
byte plain [WC_AES_BLOCK_SIZE * 4];
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
WOLFSSL_EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
WOLFSSL_EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
#else
WOLFSSL_EVP_CIPHER_CTX en[1];
WOLFSSL_EVP_CIPHER_CTX de[1];
#endif
int outlen ;
int total = 0;
int i;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if ((en == NULL) || (de == NULL))
return MEMORY_E;
#endif
wolfSSL_EVP_CIPHER_CTX_init(en);
if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_cbc(),
(unsigned char*)key, (unsigned char*)iv, 1) == 0)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_CipherUpdate(en, (byte*)cipher, &outlen,
(byte*)cbcPlain, 9) == 0)
return WC_TEST_RET_ENC_NC;
if (outlen != 0)
return WC_TEST_RET_ENC_NC;
total += outlen;
if (wolfSSL_EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
(byte*)&cbcPlain[9] , 9) == 0)
return WC_TEST_RET_ENC_NC;
if (outlen != 16)
return WC_TEST_RET_ENC_NC;
total += outlen;
if (wolfSSL_EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
return WC_TEST_RET_ENC_NC;
if (outlen != 16)
return WC_TEST_RET_ENC_NC;
wolfSSL_EVP_CIPHER_CTX_cleanup(en);
total = 0;
wolfSSL_EVP_CIPHER_CTX_init(de);
if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_cbc(),
(unsigned char*)key, (unsigned char*)iv, 0) == 0)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
return WC_TEST_RET_ENC_NC;
if (outlen != 0)
return WC_TEST_RET_ENC_NC;
total += outlen;
if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
(byte*)&cipher[6], 12) == 0)
return WC_TEST_RET_ENC_NC;
if (outlen != 0)
total += outlen;
if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
(byte*)&cipher[6+12], 14) == 0)
return WC_TEST_RET_ENC_NC;
if (outlen != 16)
return WC_TEST_RET_ENC_NC;
total += outlen;
if (wolfSSL_EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
return WC_TEST_RET_ENC_NC;
if (outlen != 2)
return WC_TEST_RET_ENC_NC;
total += outlen;
if (total != 18)
return 3427;
if (XMEMCMP(plain, cbcPlain, 18))
return WC_TEST_RET_ENC_NC;
wolfSSL_EVP_CIPHER_CTX_cleanup(de);
/* test with encrypting/decrypting more than 16 bytes at once */
total = 0;
wolfSSL_EVP_CIPHER_CTX_init(en);
if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_cbc(),
(unsigned char*)key, (unsigned char*)iv, 1) == 0)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_CipherUpdate(en, (byte*)cipher, &outlen,
(byte*)cbcPlain, 17) == 0)
return WC_TEST_RET_ENC_NC;
if (outlen != 16)
return WC_TEST_RET_ENC_NC;
total += outlen;
if (wolfSSL_EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
(byte*)&cbcPlain[17] , 1) == 0)
return WC_TEST_RET_ENC_NC;
if (outlen != 0)
return WC_TEST_RET_ENC_NC;
total += outlen;
if (wolfSSL_EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
return WC_TEST_RET_ENC_NC;
if (outlen != 16)
return WC_TEST_RET_ENC_NC;
wolfSSL_EVP_CIPHER_CTX_cleanup(en);
total = 0;
wolfSSL_EVP_CIPHER_CTX_init(de);
if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_cbc(),
(unsigned char*)key, (unsigned char*)iv, 0) == 0)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 17) == 0)
return WC_TEST_RET_ENC_NC;
if (outlen != 16)
return WC_TEST_RET_ENC_NC;
total += outlen;
/* final call on non block size should fail */
if (wolfSSL_EVP_CipherFinal(de, (byte*)&plain[total], &outlen) != 0)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
(byte*)&cipher[17], 1) == 0)
return WC_TEST_RET_ENC_NC;
if (outlen != 0)
total += outlen;
if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
(byte*)&cipher[17+1], 14) == 0)
return WC_TEST_RET_ENC_NC;
if (outlen != 0)
return WC_TEST_RET_ENC_NC;
total += outlen;
if (wolfSSL_EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
return WC_TEST_RET_ENC_NC;
if (outlen != 2)
return WC_TEST_RET_ENC_NC;
total += outlen;
if (total != 18)
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(plain, cbcPlain, 18))
return WC_TEST_RET_ENC_NC;
/* test byte by byte decrypt */
for (i = 0; i < WC_AES_BLOCK_SIZE * 3; i++) {
plain[i] = i;
}
wolfSSL_EVP_CIPHER_CTX_cleanup(de);
total = 0;
wolfSSL_EVP_CIPHER_CTX_init(en);
if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_cbc(),
(unsigned char*)key, (unsigned char*)iv, 1) == 0)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_CipherUpdate(en, (byte*)cipher, &outlen,
(byte*)plain, WC_AES_BLOCK_SIZE * 3) == 0)
return WC_TEST_RET_ENC_NC;
if (outlen != WC_AES_BLOCK_SIZE * 3)
return WC_TEST_RET_ENC_NC;
total += outlen;
if (wolfSSL_EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
return WC_TEST_RET_ENC_NC;
if (outlen != WC_AES_BLOCK_SIZE)
return WC_TEST_RET_ENC_NC;
total += outlen;
if (total != sizeof(plain))
return WC_TEST_RET_ENC_NC;
wolfSSL_EVP_CIPHER_CTX_cleanup(en);
total = 0;
wolfSSL_EVP_CIPHER_CTX_init(de);
if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_cbc(),
(unsigned char*)key, (unsigned char*)iv, 0) == 0)
return WC_TEST_RET_ENC_NC;
for (i = 0; i < WC_AES_BLOCK_SIZE * 4; i++) {
if (wolfSSL_EVP_CipherUpdate(de, (byte*)plain + total, &outlen,
(byte*)cipher + i, 1) == 0)
return WC_TEST_RET_ENC_NC;
if (outlen > 0) {
int j;
total += outlen;
for (j = 0; j < total; j++) {
if (plain[j] != j) {
return WC_TEST_RET_ENC_NC;
}
}
}
}
if (wolfSSL_EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
return WC_TEST_RET_ENC_NC;
total += outlen;
if (total != WC_AES_BLOCK_SIZE * 3) {
return WC_TEST_RET_ENC_NC;
}
for (i = 0; i < WC_AES_BLOCK_SIZE * 3; i++) {
if (plain[i] != i) {
return WC_TEST_RET_ENC_NC;
}
}
wolfSSL_EVP_CIPHER_CTX_cleanup(de);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
wolfSSL_EVP_CIPHER_CTX_free(en);
wolfSSL_EVP_CIPHER_CTX_free(de);
#endif
}
/* set buffers to be exact size to catch potential over read/write */
{
/* EVP_CipherUpdate test */
WOLFSSL_SMALL_STACK_STATIC const byte cbcPlain[] =
{
0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
};
WOLFSSL_SMALL_STACK_STATIC const byte key[] =
"0123456789abcdef "; /* align */
WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
"1234567890abcdef "; /* align */
#define EVP_TEST_BUF_SZ 18
#define EVP_TEST_BUF_PAD 32
byte cipher[EVP_TEST_BUF_SZ];
byte plain [EVP_TEST_BUF_SZ];
byte padded[EVP_TEST_BUF_PAD];
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
WOLFSSL_EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
WOLFSSL_EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
#else
WOLFSSL_EVP_CIPHER_CTX en[1];
WOLFSSL_EVP_CIPHER_CTX de[1];
#endif
int outlen ;
int total = 0;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if ((en == NULL) || (de == NULL))
return MEMORY_E;
#endif
wolfSSL_EVP_CIPHER_CTX_init(en);
if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_cbc(),
(unsigned char*)key, (unsigned char*)iv, 1) == 0)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_CIPHER_CTX_set_padding(en, 0) != 1)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_CipherUpdate(en, (byte*)cipher, &outlen,
(byte*)cbcPlain, EVP_TEST_BUF_SZ) == 0)
return WC_TEST_RET_ENC_NC;
if (outlen != 16)
return WC_TEST_RET_ENC_NC;
total += outlen;
/* should fail here */
if (wolfSSL_EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) != 0)
return WC_TEST_RET_ENC_NC;
wolfSSL_EVP_CIPHER_CTX_cleanup(en);
/* turn padding back on and do successful encrypt */
total = 0;
wolfSSL_EVP_CIPHER_CTX_init(en);
if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_cbc(),
(unsigned char*)key, (unsigned char*)iv, 1) == 0)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_CIPHER_CTX_set_padding(en, 1) != 1)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_CipherUpdate(en, (byte*)padded, &outlen,
(byte*)cbcPlain, EVP_TEST_BUF_SZ) == 0)
return WC_TEST_RET_ENC_NC;
if (outlen != 16)
return WC_TEST_RET_ENC_NC;
total += outlen;
if (wolfSSL_EVP_CipherFinal(en, (byte*)&padded[total], &outlen) == 0)
return WC_TEST_RET_ENC_NC;
total += outlen;
if (total != 32)
return WC_TEST_RET_ENC_NC;
XMEMCPY(cipher, padded, EVP_TEST_BUF_SZ);
wolfSSL_EVP_CIPHER_CTX_cleanup(en);
/* test out of bounds read on buffers w/o padding during decryption */
total = 0;
wolfSSL_EVP_CIPHER_CTX_init(de);
if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_cbc(),
(unsigned char*)key, (unsigned char*)iv, 0) == 0)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_CIPHER_CTX_set_padding(de, 0) != 1)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher,
EVP_TEST_BUF_SZ) == 0)
return WC_TEST_RET_ENC_NC;
if (outlen != 16)
return WC_TEST_RET_ENC_NC;
total += outlen;
/* should fail since not using padding */
if (wolfSSL_EVP_CipherFinal(de, (byte*)&plain[total], &outlen) != 0)
return WC_TEST_RET_ENC_NC;
wolfSSL_EVP_CIPHER_CTX_cleanup(de);
total = 0;
wolfSSL_EVP_CIPHER_CTX_init(de);
if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_cbc(),
(unsigned char*)key, (unsigned char*)iv, 0) == 0)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_CIPHER_CTX_set_padding(de, 1) != 1)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_CipherUpdate(de, (byte*)padded, &outlen, (byte*)padded,
EVP_TEST_BUF_PAD) == 0)
return WC_TEST_RET_ENC_NC;
if (outlen != 16)
return WC_TEST_RET_ENC_NC;
total += outlen;
if (wolfSSL_EVP_CipherFinal(de, (byte*)&padded[total], &outlen) == 0)
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(padded, cbcPlain, EVP_TEST_BUF_SZ))
return WC_TEST_RET_ENC_NC;
wolfSSL_EVP_CIPHER_CTX_cleanup(de);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
wolfSSL_EVP_CIPHER_CTX_free(en);
wolfSSL_EVP_CIPHER_CTX_free(de);
#endif
}
{ /* evp_cipher test: EVP_aes_128_cbc */
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
WOLFSSL_EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
#else
WOLFSSL_EVP_CIPHER_CTX ctx[1];
#endif
WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
};
WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
{
0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
};
WOLFSSL_SMALL_STACK_STATIC const byte key[] =
"0123456789abcdef "; /* align */
WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
"1234567890abcdef "; /* align */
byte cipher[WC_AES_BLOCK_SIZE * 4];
byte plain [WC_AES_BLOCK_SIZE * 4];
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (ctx == NULL)
return MEMORY_E;
#endif
wolfSSL_EVP_CIPHER_CTX_init(ctx);
if (wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_128_cbc(), key, iv, 1) == 0)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_Cipher(ctx, cipher, (byte*)msg, 16) != 16)
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(cipher, verify, WC_AES_BLOCK_SIZE))
return WC_TEST_RET_ENC_NC;
wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
wolfSSL_EVP_CIPHER_CTX_init(ctx);
if (wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_128_cbc(), key, iv, 0) == 0)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_Cipher(ctx, plain, cipher, 16) != 16)
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE))
return WC_TEST_RET_ENC_NC;
wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
wolfSSL_EVP_CIPHER_CTX_free(ctx);
#endif
} /* end evp_cipher test: EVP_aes_128_cbc*/
#endif /* WOLFSSL_AES_128 */
#endif /* HAVE_AES_CBC */
return 0;
}
static wc_test_ret_t openssl_aes_ecb_direct_test(void)
{
#ifndef WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API
#if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_DIRECT) && \
defined(WOLFSSL_AES_256)
{ /* evp_cipher test: EVP_aes_256_ecb*/
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
WOLFSSL_EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
#else
WOLFSSL_EVP_CIPHER_CTX ctx[1];
#endif
WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
{
0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
};
WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
{
0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
};
WOLFSSL_SMALL_STACK_STATIC const byte key[] =
{
0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
};
byte cipher[WC_AES_BLOCK_SIZE * 4];
byte plain [WC_AES_BLOCK_SIZE * 4];
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (ctx == NULL)
return MEMORY_E;
#endif
wolfSSL_EVP_CIPHER_CTX_init(ctx);
if (wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1) == 0)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_Cipher(ctx, cipher, (byte*)msg, 16) != 16)
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(cipher, verify, WC_AES_BLOCK_SIZE))
return WC_TEST_RET_ENC_NC;
wolfSSL_EVP_CIPHER_CTX_init(ctx);
if (wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0) == 0)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_Cipher(ctx, plain, cipher, 16) != 16)
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE))
return WC_TEST_RET_ENC_NC;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
wolfSSL_EVP_CIPHER_CTX_free(ctx);
#endif
} /* end evp_cipher test */
#endif /* HAVE_AES_ECB && WOLFSSL_AES_256 */
#if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
/* enable HAVE_AES_DECRYPT for AES_encrypt/decrypt */
{
/* Test: AES_encrypt/decrypt/set Key */
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
WOLFSSL_AES_KEY *enc = (WOLFSSL_AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
#ifdef HAVE_AES_DECRYPT
WOLFSSL_AES_KEY *dec = (WOLFSSL_AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
#endif
#else
WOLFSSL_AES_KEY enc[1];
#ifdef HAVE_AES_DECRYPT
WOLFSSL_AES_KEY dec[1];
#endif
#endif
WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
{
0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
};
WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
{
0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
};
WOLFSSL_SMALL_STACK_STATIC const byte key[] =
{
0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
};
byte plain[sizeof(msg)];
byte cipher[sizeof(msg)];
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (enc == NULL)
return MEMORY_E;
#ifdef HAVE_AES_DECRYPT
if (dec == NULL)
return MEMORY_E;
#endif
#endif
wolfSSL_AES_set_encrypt_key(key, sizeof(key)*8, enc);
wolfSSL_AES_set_decrypt_key(key, sizeof(key)*8, dec);
wolfSSL_AES_encrypt(msg, cipher, enc);
#ifdef HAVE_AES_DECRYPT
wolfSSL_AES_decrypt(cipher, plain, dec);
if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE))
return WC_TEST_RET_ENC_NC;
#endif /* HAVE_AES_DECRYPT */
if (XMEMCMP(cipher, verify, WC_AES_BLOCK_SIZE))
return WC_TEST_RET_ENC_NC;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
#ifdef HAVE_AES_DECRYPT
XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
#endif
#endif
}
#endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */
#endif /* !WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API */
return 0;
}
static wc_test_ret_t openssl_aes_ctr_test(void)
{
/* EVP_Cipher with EVP_aes_xxx_ctr() */
#ifdef WOLFSSL_AES_COUNTER
{
byte plainBuff [64];
byte cipherBuff[64];
#ifdef WOLFSSL_AES_128
WOLFSSL_SMALL_STACK_STATIC const byte ctrKey[] =
{
0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
};
WOLFSSL_SMALL_STACK_STATIC const byte ctrIv[] =
{
0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
};
WOLFSSL_SMALL_STACK_STATIC const byte ctrPlain[] =
{
0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
};
WOLFSSL_SMALL_STACK_STATIC const byte ctrCipher[] =
{
0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
};
WOLFSSL_SMALL_STACK_STATIC const byte oddCipher[] =
{
0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0,
0xc2
};
#endif
/* test vector from "Recommendation for Block Cipher Modes of Operation"
* NIST Special Publication 800-38A */
#ifdef WOLFSSL_AES_192
WOLFSSL_SMALL_STACK_STATIC const byte ctr192Key[] =
{
0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr192Iv[] =
{
0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr192Plain[] =
{
0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr192Cipher[] =
{
0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2,
0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b
};
#endif /* WOLFSSL_AES_192 */
#ifdef WOLFSSL_AES_256
/* test vector from "Recommendation for Block Cipher Modes of Operation"
* NIST Special Publication 800-38A */
WOLFSSL_SMALL_STACK_STATIC const byte ctr256Key[] =
{
0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr256Iv[] =
{
0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr256Plain[] =
{
0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr256Cipher[] =
{
0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5,
0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28
};
#endif /* WOLFSSL_AES_256 */
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
WOLFSSL_EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
WOLFSSL_EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
#else
WOLFSSL_EVP_CIPHER_CTX en[1];
WOLFSSL_EVP_CIPHER_CTX de[1];
#endif
#ifdef WOLFSSL_AES_128
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
WOLFSSL_EVP_CIPHER_CTX *p_en;
WOLFSSL_EVP_CIPHER_CTX *p_de;
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if ((en == NULL) || (de == NULL))
return MEMORY_E;
#endif
wolfSSL_EVP_CIPHER_CTX_init(en);
if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_ctr(),
(unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain,
WC_AES_BLOCK_SIZE*4) != WC_AES_BLOCK_SIZE*4)
return WC_TEST_RET_ENC_NC;
wolfSSL_EVP_CIPHER_CTX_init(de);
if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_ctr(),
(unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
WC_AES_BLOCK_SIZE*4) != WC_AES_BLOCK_SIZE*4)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(cipherBuff, ctrCipher, WC_AES_BLOCK_SIZE*4))
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(plainBuff, ctrPlain, WC_AES_BLOCK_SIZE*4))
return WC_TEST_RET_ENC_NC;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
p_en = wolfSSL_EVP_CIPHER_CTX_new();
if (p_en == NULL)
return WC_TEST_RET_ENC_ERRNO;
p_de = wolfSSL_EVP_CIPHER_CTX_new();
if (p_de == NULL)
return WC_TEST_RET_ENC_ERRNO;
if (wolfSSL_EVP_CipherInit(p_en, wolfSSL_EVP_aes_128_ctr(),
(unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain,
WC_AES_BLOCK_SIZE*4) != WC_AES_BLOCK_SIZE*4)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_CipherInit(p_de, wolfSSL_EVP_aes_128_ctr(),
(unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff,
WC_AES_BLOCK_SIZE*4) != WC_AES_BLOCK_SIZE*4)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
return WC_TEST_RET_ENC_NC;
wolfSSL_EVP_CIPHER_CTX_free(p_en);
wolfSSL_EVP_CIPHER_CTX_free(p_de);
#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
if (XMEMCMP(cipherBuff, ctrCipher, WC_AES_BLOCK_SIZE*4))
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(plainBuff, ctrPlain, WC_AES_BLOCK_SIZE*4))
return WC_TEST_RET_ENC_NC;
wolfSSL_EVP_CIPHER_CTX_init(en);
if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_ctr(),
(unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
return WC_TEST_RET_ENC_NC;
wolfSSL_EVP_CIPHER_CTX_init(de);
if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_ctr(),
(unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(plainBuff, ctrPlain, 9))
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(cipherBuff, ctrCipher, 9))
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(plainBuff, ctrPlain, 9))
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(cipherBuff, oddCipher, 9))
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
return WC_TEST_RET_ENC_NC;
#endif /* WOLFSSL_AES_128 */
#ifdef WOLFSSL_AES_192
wolfSSL_EVP_CIPHER_CTX_init(en);
if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_192_ctr(),
(unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr192Plain,
WC_AES_BLOCK_SIZE) != WC_AES_BLOCK_SIZE)
return WC_TEST_RET_ENC_NC;
wolfSSL_EVP_CIPHER_CTX_init(de);
if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_192_ctr(),
(unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
return WC_TEST_RET_ENC_NC;
XMEMSET(plainBuff, 0, sizeof(plainBuff));
if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
WC_AES_BLOCK_SIZE) != WC_AES_BLOCK_SIZE)
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain)))
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher)))
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
return WC_TEST_RET_ENC_NC;
#endif /* WOLFSSL_AES_192 */
#ifdef WOLFSSL_AES_256
wolfSSL_EVP_CIPHER_CTX_init(en);
if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_256_ctr(),
(unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr256Plain,
WC_AES_BLOCK_SIZE) != WC_AES_BLOCK_SIZE)
return WC_TEST_RET_ENC_NC;
wolfSSL_EVP_CIPHER_CTX_init(de);
if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_256_ctr(),
(unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
return WC_TEST_RET_ENC_NC;
XMEMSET(plainBuff, 0, sizeof(plainBuff));
if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
WC_AES_BLOCK_SIZE) != WC_AES_BLOCK_SIZE)
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain)))
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher)))
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
return WC_TEST_RET_ENC_NC;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
wolfSSL_EVP_CIPHER_CTX_free(en);
wolfSSL_EVP_CIPHER_CTX_free(de);
#endif
#endif /* WOLFSSL_AES_256 */
}
#endif /* HAVE_AES_COUNTER */
return 0;
}
static wc_test_ret_t openssl_aes_cfb_test(void)
{
#ifndef WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API
#if defined(WOLFSSL_AES_CFB) && defined(WOLFSSL_AES_128)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
WOLFSSL_AES_KEY *enc = (WOLFSSL_AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
WOLFSSL_AES_KEY *dec = (WOLFSSL_AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
#else
WOLFSSL_AES_KEY enc[1];
WOLFSSL_AES_KEY dec[1];
#endif
WOLFSSL_SMALL_STACK_STATIC const byte setIv[] = {
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
};
WOLFSSL_SMALL_STACK_STATIC const byte key[] =
{
0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
};
WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
{
0x3b,0x3f,0xd9,0x2e,0xb7,0x2d,0xad,0x20,
0x33,0x34,0x49,0xf8,0xe8,0x3c,0xfb,0x4a,
0xc8,0xa6,0x45,0x37,0xa0,0xb3,0xa9,0x3f,
0xcd,0xe3,0xcd,0xad,0x9f,0x1c,0xe5,0x8b
};
WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
{
0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51
};
byte cipher[WC_AES_BLOCK_SIZE * 2];
byte iv[WC_AES_BLOCK_SIZE]; /* iv buffer is updeated by API */
int num = 0;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if ((enc == NULL) || (dec == NULL)) {
XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
return MEMORY_E;
}
#endif
XMEMCPY(iv, setIv, sizeof(setIv));
wolfSSL_AES_set_encrypt_key(key, sizeof(key) * 8, enc);
wolfSSL_AES_set_encrypt_key(key, sizeof(key) * 8, dec);
wolfSSL_AES_cfb128_encrypt(msg, cipher, WC_AES_BLOCK_SIZE - 1, enc, iv,
&num, AES_ENCRYPTION);
if (XMEMCMP(cipher, cipher1, WC_AES_BLOCK_SIZE - 1))
return WC_TEST_RET_ENC_NC;
if (num != 15) /* should have used 15 of the 16 bytes */
return WC_TEST_RET_ENC_NC;
wolfSSL_AES_cfb128_encrypt(msg + WC_AES_BLOCK_SIZE - 1,
cipher + WC_AES_BLOCK_SIZE - 1, WC_AES_BLOCK_SIZE + 1, enc, iv,
&num, AES_ENCRYPTION);
if (XMEMCMP(cipher, cipher1, WC_AES_BLOCK_SIZE * 2))
return WC_TEST_RET_ENC_NC;
if (num != 0)
return WC_TEST_RET_ENC_NC;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
#endif
}
#endif /* WOLFSSL_AES_CFB && WOLFSSL_AES_128 */
#endif /* !WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API */
return 0;
}
static wc_test_ret_t openssl_aes_test(void)
{
wc_test_ret_t ret;
ret = openssl_aes_cbc_test();
if (ret != 0) return ret;
ret = openssl_aes_ecb_direct_test();
if (ret != 0) return ret;
ret = openssl_aes_ctr_test();
if (ret != 0) return ret;
ret = openssl_aes_cfb_test();
if (ret != 0) return ret;
return 0;
}
#endif /* !NO_AES && !WOLFCRYPT_ONLY */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
{
wc_test_ret_t ret;
#ifdef WOLFSSL_SMALL_STACK
WOLFSSL_EVP_MD_CTX *md_ctx = (WOLFSSL_EVP_MD_CTX *)XMALLOC(sizeof(WOLFSSL_EVP_MD_CTX), NULL, DYNAMIC_TYPE_OPENSSL);
WOLFSSL_EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
WOLFSSL_EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
WOLFSSL_EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
WOLFSSL_EVP_CIPHER_CTX *p_en = wolfSSL_EVP_CIPHER_CTX_new();
WOLFSSL_EVP_CIPHER_CTX *p_de = wolfSSL_EVP_CIPHER_CTX_new();
#if !defined(NO_AES) && !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API) && \
defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
WOLFSSL_AES_KEY *enc = (WOLFSSL_AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
#ifdef HAVE_AES_DECRYPT
WOLFSSL_AES_KEY *dec = (WOLFSSL_AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
#endif
#endif /* !NO_AES && !WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API */
#else
WOLFSSL_EVP_MD_CTX md_ctx[1];
WOLFSSL_EVP_CIPHER_CTX ctx[1];
WOLFSSL_EVP_CIPHER_CTX en[1];
WOLFSSL_EVP_CIPHER_CTX de[1];
#if !defined(NO_AES) && !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API) && \
defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
WOLFSSL_AES_KEY enc[1];
#ifdef HAVE_AES_DECRYPT
WOLFSSL_AES_KEY dec[1];
#endif
#endif /* !NO_AES */
#endif
testVector a, b, c, d, e, f;
byte hash[WC_SHA256_DIGEST_SIZE*2]; /* max size */
#ifdef WOLFSSL_SMALL_STACK
if ((md_ctx == NULL) || (ctx == NULL) || (en == NULL) || (de == NULL) ||
(p_en == NULL) || (p_de == NULL)
#if !defined(NO_AES) && !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API) && \
defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
|| (enc == NULL)
#ifdef HAVE_AES_DECRYPT
|| (dec == NULL)
#endif
#endif
)
{
ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out);
}
#endif
WOLFSSL_ENTER("openssl_test");
a.inLen = 0;
b.inLen = c.inLen = d.inLen = e.inLen = f.inLen = a.inLen;
(void)a;
(void)b;
(void)c;
(void)d;
(void)e;
(void)f;
/* test malloc / free , 10 is an arbitrary amount of memory chosen */
{
byte* p;
p = (byte*)wolfSSL_CRYPTO_malloc(10, "", 0);
if (p == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
} else {
XMEMSET(p, 0, 10);
wolfSSL_CRYPTO_free(p, "", 0);
}
}
#ifndef NO_MD5
a.input = "1234567890123456789012345678901234567890123456789012345678"
"9012345678901234567890";
a.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6"
"\x7a";
a.inLen = XSTRLEN(a.input);
a.outLen = WC_MD5_DIGEST_SIZE;
wolfSSL_EVP_MD_CTX_init(md_ctx);
ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_md5());
if (ret == WOLFSSL_SUCCESS) {
ret = wolfSSL_EVP_DigestUpdate(md_ctx, a.input, (unsigned long)a.inLen);
}
if (ret == WOLFSSL_SUCCESS) {
ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
}
wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
if (ret != WOLFSSL_SUCCESS)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* NO_MD5 */
#ifndef NO_SHA
b.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
"aaaaaaaaaa";
b.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7"
"\x53\x99\x5E\x26\xA0";
b.inLen = XSTRLEN(b.input);
b.outLen = WC_SHA_DIGEST_SIZE;
wolfSSL_EVP_MD_CTX_init(md_ctx);
ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha1());
if (ret == WOLFSSL_SUCCESS) {
ret = wolfSSL_EVP_DigestUpdate(md_ctx, b.input, (unsigned long)b.inLen);
if (ret == WOLFSSL_SUCCESS)
ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
}
wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
if (ret != WOLFSSL_SUCCESS)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(hash, b.output, b.outLen) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* NO_SHA */
#ifdef WOLFSSL_SHA224
e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
"jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
e.output = "\xc9\x7c\xa9\xa5\x59\x85\x0c\xe9\x7a\x04\xa9\x6d\xef\x6d\x99"
"\xa9\xe0\xe0\xe2\xab\x14\xe6\xb8\xdf\x26\x5f\xc0\xb3";
e.inLen = XSTRLEN(e.input);
e.outLen = WC_SHA224_DIGEST_SIZE;
wolfSSL_EVP_MD_CTX_init(md_ctx);
ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha224());
if (ret == WOLFSSL_SUCCESS) {
ret = wolfSSL_EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen);
if (ret == WOLFSSL_SUCCESS)
ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
}
wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#endif /* WOLFSSL_SHA224 */
#ifndef NO_SHA256
d.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
d.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
"\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
"\x06\xC1";
d.inLen = XSTRLEN(d.input);
d.outLen = WC_SHA256_DIGEST_SIZE;
wolfSSL_EVP_MD_CTX_init(md_ctx);
ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha256());
if (ret == WOLFSSL_SUCCESS) {
ret = wolfSSL_EVP_DigestUpdate(md_ctx, d.input, (unsigned long)d.inLen);
if (ret == WOLFSSL_SUCCESS)
ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
}
wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, d.output, d.outLen) != 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#endif /* !NO_SHA256 */
#ifdef WOLFSSL_SHA384
e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
"jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
e.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b"
"\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0"
"\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91"
"\x74\x60\x39";
e.inLen = XSTRLEN(e.input);
e.outLen = WC_SHA384_DIGEST_SIZE;
wolfSSL_EVP_MD_CTX_init(md_ctx);
ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha384());
if (ret == WOLFSSL_SUCCESS) {
ret = wolfSSL_EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen);
if (ret == WOLFSSL_SUCCESS)
ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
}
wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#endif /* WOLFSSL_SHA384 */
#ifdef WOLFSSL_SHA512
f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
"jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
f.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14"
"\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88"
"\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4"
"\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b"
"\x87\x4b\xe9\x09";
f.inLen = XSTRLEN(f.input);
f.outLen = WC_SHA512_DIGEST_SIZE;
wolfSSL_EVP_MD_CTX_init(md_ctx);
ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha512());
if (ret == WOLFSSL_SUCCESS) {
ret = wolfSSL_EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen);
if (ret == WOLFSSL_SUCCESS)
ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
}
wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, f.output, f.outLen) != 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#if !defined(WOLFSSL_NOSHA512_224) && \
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
"jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
f.output = "\x23\xfe\xc5\xbb\x94\xd6\x0b\x23\x30\x81\x92\x64\x0b\x0c\x45"
"\x33\x35\xd6\x64\x73\x4f\xe4\x0e\x72\x68\x67\x4a\xf9";
f.inLen = XSTRLEN(f.input);
f.outLen = WC_SHA512_224_DIGEST_SIZE;
wolfSSL_EVP_MD_CTX_init(md_ctx);
ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha512_224());
if (ret == WOLFSSL_SUCCESS) {
ret = wolfSSL_EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen);
if (ret == WOLFSSL_SUCCESS)
ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
}
wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, f.output, f.outLen) != 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#endif /* !WOLFSSL_NOSHA512_224 && !FIPS ... */
#if !defined(WOLFSSL_NOSHA512_256) && \
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
"jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
f.output = "\x39\x28\xe1\x84\xfb\x86\x90\xf8\x40\xda\x39\x88\x12\x1d\x31"
"\xbe\x65\xcb\x9d\x3e\xf8\x3e\xe6\x14\x6f\xea\xc8\x61\xe1\x9b"
"\x56\x3a";
f.inLen = XSTRLEN(f.input);
f.outLen = WC_SHA512_256_DIGEST_SIZE;
wolfSSL_EVP_MD_CTX_init(md_ctx);
ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha512_256());
if (ret == WOLFSSL_SUCCESS) {
ret = wolfSSL_EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen);
if (ret == WOLFSSL_SUCCESS)
ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
}
wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, f.output, f.outLen) != 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#endif /* !WOLFSSL_NOSHA512_224 && !FIPS ... */
#endif /* WOLFSSL_SHA512 */
#ifdef WOLFSSL_SHA3
#ifndef WOLFSSL_NOSHA3_224
e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
"jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
e.output = "\x54\x3e\x68\x68\xe1\x66\x6c\x1a\x64\x36\x30\xdf\x77\x36\x7a"
"\xe5\xa6\x2a\x85\x07\x0a\x51\xc1\x4c\xbf\x66\x5c\xbc";
e.inLen = XSTRLEN(e.input);
e.outLen = WC_SHA3_224_DIGEST_SIZE;
wolfSSL_EVP_MD_CTX_init(md_ctx);
ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha3_224());
if (ret == WOLFSSL_SUCCESS) {
ret = wolfSSL_EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen);
if (ret == WOLFSSL_SUCCESS)
ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
}
wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#endif /* WOLFSSL_NOSHA3_224 */
#ifndef WOLFSSL_NOSHA3_256
d.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
"jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
d.output = "\x91\x6f\x60\x61\xfe\x87\x97\x41\xca\x64\x69\xb4\x39\x71\xdf"
"\xdb\x28\xb1\xa3\x2d\xc3\x6c\xb3\x25\x4e\x81\x2b\xe2\x7a\xad"
"\x1d\x18";
d.inLen = XSTRLEN(d.input);
d.outLen = WC_SHA3_256_DIGEST_SIZE;
wolfSSL_EVP_MD_CTX_init(md_ctx);
ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha3_256());
if (ret == WOLFSSL_SUCCESS) {
ret = wolfSSL_EVP_DigestUpdate(md_ctx, d.input, (unsigned long)d.inLen);
if (ret == WOLFSSL_SUCCESS)
ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
}
wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, d.output, d.outLen) != 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#endif /* WOLFSSL_NOSHA3_256 */
e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
"jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
e.output = "\x79\x40\x7d\x3b\x59\x16\xb5\x9c\x3e\x30\xb0\x98\x22\x97\x47"
"\x91\xc3\x13\xfb\x9e\xcc\x84\x9e\x40\x6f\x23\x59\x2d\x04\xf6"
"\x25\xdc\x8c\x70\x9b\x98\xb4\x3b\x38\x52\xb3\x37\x21\x61\x79"
"\xaa\x7f\xc7";
e.inLen = XSTRLEN(e.input);
e.outLen = WC_SHA3_384_DIGEST_SIZE;
wolfSSL_EVP_MD_CTX_init(md_ctx);
ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha3_384());
if (ret == WOLFSSL_SUCCESS) {
ret = wolfSSL_EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen);
if (ret == WOLFSSL_SUCCESS)
ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
}
wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#ifndef WOLFSSL_NOSHA3_512
f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
"jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
f.output = "\xaf\xeb\xb2\xef\x54\x2e\x65\x79\xc5\x0c\xad\x06\xd2\xe5\x78"
"\xf9\xf8\xdd\x68\x81\xd7\xdc\x82\x4d\x26\x36\x0f\xee\xbf\x18"
"\xa4\xfa\x73\xe3\x26\x11\x22\x94\x8e\xfc\xfd\x49\x2e\x74\xe8"
"\x2e\x21\x89\xed\x0f\xb4\x40\xd1\x87\xf3\x82\x27\x0c\xb4\x55"
"\xf2\x1d\xd1\x85";
f.inLen = XSTRLEN(f.input);
f.outLen = WC_SHA3_512_DIGEST_SIZE;
wolfSSL_EVP_MD_CTX_init(md_ctx);
ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha3_512());
if (ret == WOLFSSL_SUCCESS) {
ret = wolfSSL_EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen);
if (ret == WOLFSSL_SUCCESS)
ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0);
}
wolfSSL_EVP_MD_CTX_cleanup(md_ctx);
if (ret != WOLFSSL_SUCCESS ||
XMEMCMP(hash, f.output, f.outLen) != 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#endif /* WOLFSSL_NOSHA3_512 */
#endif /* WOLFSSL_SHA3 */
#ifndef WC_NO_RNG
if (wolfSSL_RAND_bytes(hash, sizeof(hash)) != WOLFSSL_SUCCESS)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
#ifndef NO_MD5
c.input = "what do ya want for nothing?";
c.output = "\x55\x78\xe8\x48\x4b\xcc\x93\x80\x93\xec\x53\xaf\x22\xd6\x14"
"\x76";
c.inLen = XSTRLEN(c.input);
c.outLen = WC_MD5_DIGEST_SIZE;
#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)
/* Expect failure with MD5 + HMAC when using FIPS 140-3. */
if (wolfSSL_HMAC(wolfSSL_EVP_md5(), "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen,
hash, 0) != NULL)
#else
if (wolfSSL_HMAC(wolfSSL_EVP_md5(), "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen,
hash, 0) == NULL ||
XMEMCMP(hash, c.output, c.outLen) != 0)
#endif
{
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#endif /* NO_MD5 */
#ifndef NO_DES3
{ /* des test */
WOLFSSL_SMALL_STACK_STATIC const byte vector[] = { /* "now is the time for all " w/o trailing 0 */
0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
};
byte plain[24];
byte cipher[24];
WOLFSSL_const_DES_cblock key = {
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
};
WOLFSSL_DES_cblock iv = {
0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef
};
WOLFSSL_DES_key_schedule sched;
WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
0x8b,0x7c,0x52,0xb0,0x01,0x2b,0x6c,0xb8,
0x4f,0x0f,0xeb,0xf3,0xfb,0x5f,0x86,0x73,
0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b
};
wolfSSL_DES_key_sched(&key, &sched);
wolfSSL_DES_cbc_encrypt(vector, cipher, sizeof(vector), &sched, &iv, WC_DES_ENCRYPT);
wolfSSL_DES_cbc_encrypt(cipher, plain, sizeof(vector), &sched, &iv, WC_DES_DECRYPT);
if (XMEMCMP(plain, vector, sizeof(vector)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(cipher, verify, sizeof(verify)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
/* test changing iv */
wolfSSL_DES_ncbc_encrypt(vector, cipher, 8, &sched, &iv, WC_DES_ENCRYPT);
wolfSSL_DES_ncbc_encrypt(vector + 8, cipher + 8, 16, &sched, &iv, WC_DES_ENCRYPT);
if (XMEMCMP(cipher, verify, sizeof(verify)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
} /* end des test */
#endif /* NO_DES3 */
#if !defined(NO_AES) && !defined(WOLFCRYPT_ONLY)
if ((ret = openssl_aes_test()) != 0) {
ERROR_OUT(ret, out);
}
#if defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC)
{ /* evp_cipher test: EVP_aes_128_cbc */
int idx, cipherSz, plainSz;
WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
};
WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb,
0x3b,0x5d,0x41,0x97,0x94,0x25,0xa4,0xb4,
0xae,0x7b,0x34,0xd0,0x3f,0x0c,0xbc,0x06
};
WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = {
0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb,
0x7d,0x37,0x7b,0x0b,0x44,0xaa,0xb5,0xf0,
0x5f,0x34,0xb4,0xde,0xb5,0xbd,0x2a,0xbb
};
WOLFSSL_SMALL_STACK_STATIC const byte key[] =
"0123456789abcdef "; /* align */
WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
"1234567890abcdef "; /* align */
byte cipher[WC_AES_BLOCK_SIZE * 4];
byte plain [WC_AES_BLOCK_SIZE * 4];
cipherSz = 0;
wolfSSL_EVP_CIPHER_CTX_init(ctx);
ret = wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_128_cbc(), key, iv, 1);
if (ret == WOLFSSL_SUCCESS) {
ret = wolfSSL_EVP_CipherUpdate(ctx, cipher, &idx, (byte*)msg, sizeof(msg));
if (ret == WOLFSSL_SUCCESS)
cipherSz += idx;
}
if (ret == WOLFSSL_SUCCESS) {
ret = wolfSSL_EVP_CipherFinal(ctx, cipher + cipherSz, &idx);
if (ret == WOLFSSL_SUCCESS)
cipherSz += idx;
}
wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
if (ret != WOLFSSL_SUCCESS)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (cipherSz != (int)sizeof(verify) || XMEMCMP(cipher, verify, cipherSz))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
/* check partial decrypt (not enough padding for full block) */
plainSz = 0;
wolfSSL_EVP_CIPHER_CTX_init(ctx);
ret = wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_128_cbc(), key, iv, 0);
if (ret == WOLFSSL_SUCCESS) {
ret = wolfSSL_EVP_CipherUpdate(ctx, plain, &idx, cipher, 1);
if (ret == WOLFSSL_SUCCESS)
plainSz += idx;
}
if (ret == WOLFSSL_SUCCESS) {
/* this test should fail... not enough padding for full block */
ret = wolfSSL_EVP_CipherFinal(ctx, plain + plainSz, &idx);
if (plainSz == 0 && ret != WOLFSSL_SUCCESS)
ret = WOLFSSL_SUCCESS;
else
ret = WC_TEST_RET_ENC_NC;
}
else
ret = WC_TEST_RET_ENC_NC;
wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
if (ret != WOLFSSL_SUCCESS)
ERROR_OUT(ret, out);
plainSz = 0;
wolfSSL_EVP_CIPHER_CTX_init(ctx);
ret = wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_128_cbc(), key, iv, 0);
if (ret == WOLFSSL_SUCCESS) {
ret = wolfSSL_EVP_CipherUpdate(ctx, plain, &idx, cipher, cipherSz);
if (ret == WOLFSSL_SUCCESS)
plainSz += idx;
}
if (ret == WOLFSSL_SUCCESS) {
ret = wolfSSL_EVP_CipherFinal(ctx, plain + plainSz, &idx);
if (ret == WOLFSSL_SUCCESS)
plainSz += idx;
}
wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
if (ret != WOLFSSL_SUCCESS)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (plainSz != (int)sizeof(msg) || XMEMCMP(plain, msg, sizeof(msg)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
cipherSz = 0;
wolfSSL_EVP_CIPHER_CTX_init(ctx);
ret = wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_128_cbc(), key, iv, 1);
if (ret == WOLFSSL_SUCCESS) {
ret = wolfSSL_EVP_CipherUpdate(ctx, cipher, &idx, msg, WC_AES_BLOCK_SIZE);
if (ret == WOLFSSL_SUCCESS)
cipherSz += idx;
}
if (ret == WOLFSSL_SUCCESS) {
ret = wolfSSL_EVP_CipherFinal(ctx, cipher + cipherSz, &idx);
if (ret == WOLFSSL_SUCCESS)
cipherSz += idx;
}
wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
if (ret != WOLFSSL_SUCCESS)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (cipherSz != (int)sizeof(verify2) || XMEMCMP(cipher, verify2, cipherSz))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
} /* end evp_cipher test: EVP_aes_128_cbc*/
#endif /* WOLFSSL_AES_128 && HAVE_AES_CBC */
#if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_DIRECT) && \
defined(WOLFSSL_AES_256)
{ /* evp_cipher test: EVP_aes_256_ecb*/
WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
};
WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
};
WOLFSSL_SMALL_STACK_STATIC const byte key[] = {
0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
};
byte cipher[WC_AES_BLOCK_SIZE * 4];
byte plain [WC_AES_BLOCK_SIZE * 4];
wolfSSL_EVP_CIPHER_CTX_init(ctx);
ret = wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1);
if (ret == WOLFSSL_SUCCESS)
ret = wolfSSL_EVP_Cipher(ctx, cipher, (byte*)msg, 16);
wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
if (ret != 16)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(cipher, verify, WC_AES_BLOCK_SIZE))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
wolfSSL_EVP_CIPHER_CTX_init(ctx);
ret = wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0);
if (ret == WOLFSSL_SUCCESS)
ret = wolfSSL_EVP_Cipher(ctx, plain, cipher, 16);
wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
if (ret != 16)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
} /* end evp_cipher test */
#endif /* HAVE_AES_ECB && WOLFSSL_AES_128 */
#ifndef WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API
#if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
/* enable HAVE_AES_DECRYPT for AES_encrypt/decrypt */
{
/* Test: AES_encrypt/decrypt/set Key */
WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
{
0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
};
WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
{
0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
};
WOLFSSL_SMALL_STACK_STATIC const byte key[] =
{
0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
};
byte plain[sizeof(msg)];
byte cipher[sizeof(msg)];
printf("openSSL extra test\n") ;
wolfSSL_AES_set_encrypt_key(key, sizeof(key)*8, enc);
wolfSSL_AES_set_decrypt_key(key, sizeof(key)*8, dec);
wolfSSL_AES_encrypt(msg, cipher, enc);
#ifdef HAVE_AES_DECRYPT
wolfSSL_AES_decrypt(cipher, plain, dec);
if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* HAVE_AES_DECRYPT */
if (XMEMCMP(cipher, verify, WC_AES_BLOCK_SIZE))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */
#endif /* !WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API */
/* EVP_Cipher with EVP_aes_xxx_ctr() */
#ifdef WOLFSSL_AES_COUNTER
{
byte plainBuff [64];
byte cipherBuff[64];
#ifdef WOLFSSL_AES_128
WOLFSSL_SMALL_STACK_STATIC const byte ctrKey[] =
{
0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
};
WOLFSSL_SMALL_STACK_STATIC const byte ctrIv[] =
{
0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
};
WOLFSSL_SMALL_STACK_STATIC const byte ctrPlain[] =
{
0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
};
WOLFSSL_SMALL_STACK_STATIC const byte ctrCipher[] =
{
0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
};
WOLFSSL_SMALL_STACK_STATIC const byte oddCipher[] =
{
0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0,
0xc2
};
#endif /* WOLFSSL_AES_128 */
#ifdef WOLFSSL_AES_192
/* test vector from "Recommendation for Block Cipher Modes of Operation"
* NIST Special Publication 800-38A */
WOLFSSL_SMALL_STACK_STATIC const byte ctr192Key[] =
{
0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr192Iv[] =
{
0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr192Plain[] =
{
0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr192Cipher[] =
{
0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2,
0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b
};
#endif /* WOLFSSL_AES_192 */
#ifdef WOLFSSL_AES_256
/* test vector from "Recommendation for Block Cipher Modes of Operation"
* NIST Special Publication 800-38A */
WOLFSSL_SMALL_STACK_STATIC const byte ctr256Key[] =
{
0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr256Iv[] =
{
0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr256Plain[] =
{
0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
};
WOLFSSL_SMALL_STACK_STATIC const byte ctr256Cipher[] =
{
0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5,
0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28
};
#endif /* WOLFSSL_AES_256 */
#ifdef WOLFSSL_AES_128
wolfSSL_EVP_CIPHER_CTX_init(en);
if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_ctr(),
(unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain,
WC_AES_BLOCK_SIZE*4) != WC_AES_BLOCK_SIZE*4)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
wolfSSL_EVP_CIPHER_CTX_init(de);
if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_ctr(),
(unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
WC_AES_BLOCK_SIZE*4) != WC_AES_BLOCK_SIZE*4)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(cipherBuff, ctrCipher, WC_AES_BLOCK_SIZE*4))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(plainBuff, ctrPlain, WC_AES_BLOCK_SIZE*4))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
wolfSSL_EVP_CIPHER_CTX_cleanup(en);
wolfSSL_EVP_CIPHER_CTX_cleanup(de);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (wolfSSL_EVP_CipherInit(p_en, wolfSSL_EVP_aes_128_ctr(),
(unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wolfSSL_EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain,
WC_AES_BLOCK_SIZE*4) != WC_AES_BLOCK_SIZE*4)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wolfSSL_EVP_CipherInit(p_de, wolfSSL_EVP_aes_128_ctr(),
(unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wolfSSL_EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff,
WC_AES_BLOCK_SIZE*4) != WC_AES_BLOCK_SIZE*4)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
wolfSSL_EVP_CIPHER_CTX_cleanup(p_en);
wolfSSL_EVP_CIPHER_CTX_cleanup(p_de);
#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
if (XMEMCMP(cipherBuff, ctrCipher, WC_AES_BLOCK_SIZE*4))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(plainBuff, ctrPlain, WC_AES_BLOCK_SIZE*4))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
wolfSSL_EVP_CIPHER_CTX_init(en);
if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_ctr(),
(unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
wolfSSL_EVP_CIPHER_CTX_init(de);
if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_ctr(),
(unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(plainBuff, ctrPlain, 9))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(cipherBuff, ctrCipher, 9))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(plainBuff, ctrPlain, 9))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(cipherBuff, oddCipher, 9))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
wolfSSL_EVP_CIPHER_CTX_cleanup(en);
wolfSSL_EVP_CIPHER_CTX_cleanup(de);
#endif /* WOLFSSL_AES_128 */
#ifdef WOLFSSL_AES_192
wolfSSL_EVP_CIPHER_CTX_init(en);
if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_192_ctr(),
(unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr192Plain,
WC_AES_BLOCK_SIZE) != WC_AES_BLOCK_SIZE)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
wolfSSL_EVP_CIPHER_CTX_init(de);
if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_192_ctr(),
(unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
XMEMSET(plainBuff, 0, sizeof(plainBuff));
if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
WC_AES_BLOCK_SIZE) != WC_AES_BLOCK_SIZE)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
wolfSSL_EVP_CIPHER_CTX_cleanup(en);
wolfSSL_EVP_CIPHER_CTX_cleanup(de);
#endif /* WOLFSSL_AES_192 */
#ifdef WOLFSSL_AES_256
wolfSSL_EVP_CIPHER_CTX_init(en);
if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_256_ctr(),
(unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr256Plain,
WC_AES_BLOCK_SIZE) != WC_AES_BLOCK_SIZE)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
wolfSSL_EVP_CIPHER_CTX_init(de);
if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_256_ctr(),
(unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
XMEMSET(plainBuff, 0, sizeof(plainBuff));
if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
WC_AES_BLOCK_SIZE) != WC_AES_BLOCK_SIZE)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher)))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
wolfSSL_EVP_CIPHER_CTX_cleanup(en);
wolfSSL_EVP_CIPHER_CTX_cleanup(de);
#endif /* WOLFSSL_AES_256 */
}
#endif /* HAVE_AES_COUNTER */
#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
{
/* EVP_CipherUpdate test */
WOLFSSL_SMALL_STACK_STATIC const byte cbcPlain[] =
{
0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
};
byte key[] = "0123456789abcdef "; /* align */
byte iv[] = "1234567890abcdef "; /* align */
byte cipher[WC_AES_BLOCK_SIZE * 4];
byte plain [WC_AES_BLOCK_SIZE * 4];
int outlen ;
int total = 0;
wolfSSL_EVP_CIPHER_CTX_init(en);
if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_cbc(),
(unsigned char*)key, (unsigned char*)iv, 1) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
/* openSSL compatibility, if(inlen == 0)return 1; */
if (wolfSSL_EVP_CipherUpdate(en, (byte*)cipher, &outlen,
(byte*)cbcPlain, 0) != 1)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
wolfSSL_EVP_CIPHER_CTX_init(en);
if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_cbc(),
(unsigned char*)key, (unsigned char*)iv, 1) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wolfSSL_EVP_CipherUpdate(en, (byte*)cipher, &outlen,
(byte*)cbcPlain, 9) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if(outlen != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
total += outlen;
if (wolfSSL_EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
(byte*)&cbcPlain[9] , 9) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if(outlen != 16)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
total += outlen;
if (wolfSSL_EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if(outlen != 16)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
total += outlen;
if(total != 32)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
total = 0;
wolfSSL_EVP_CIPHER_CTX_init(de);
if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_cbc(),
(unsigned char*)key, (unsigned char*)iv, 0) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wolfSSL_EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if(outlen != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
total += outlen;
if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
(byte*)&cipher[6], 12) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if(outlen != 0)
total += outlen;
if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
(byte*)&cipher[6+12], 14) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if(outlen != 16)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
total += outlen;
if (wolfSSL_EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if(outlen != 2)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
total += outlen;
if(total != 18)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(plain, cbcPlain, 18))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
total = 0;
if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
wolfSSL_EVP_CIPHER_CTX_init(en);
if (wolfSSL_EVP_EncryptInit(en, wolfSSL_EVP_aes_128_cbc(),
(unsigned char*)key, (unsigned char*)iv) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wolfSSL_EVP_CipherUpdate(en, (byte*)cipher, &outlen, (byte*)cbcPlain, 9) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if(outlen != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
total += outlen;
if (wolfSSL_EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen, (byte*)&cbcPlain[9] , 9) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if(outlen != 16)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
total += outlen;
if (wolfSSL_EVP_EncryptFinal(en, (byte*)&cipher[total], &outlen) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if(outlen != 16)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
total += outlen;
if (total != 32)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
total = 0;
if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
wolfSSL_EVP_CIPHER_CTX_init(de);
if (wolfSSL_EVP_DecryptInit(de, wolfSSL_EVP_aes_128_cbc(),
(unsigned char*)key, (unsigned char*)iv) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wolfSSL_EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if(outlen != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
total += outlen;
if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, (byte*)&cipher[6], 12) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if(outlen != 0)
total += outlen;
if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, (byte*)&cipher[6+12], 14) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if(outlen != 16)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
total += outlen;
if (wolfSSL_EVP_DecryptFinal(de, (byte*)&plain[total], &outlen) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if(outlen != 2)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
total += outlen;
if (total != 18)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(plain, cbcPlain, 18))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wolfSSL_EVP_Cipher_key_length(NULL) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wolfSSL_EVP_Cipher_key_length(wolfSSL_EVP_aes_128_cbc()) != 16)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wolfSSL_EVP_CIPHER_CTX_mode(NULL) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wolfSSL_EVP_CIPHER_CTX_mode(en) != (en->flags & WOLFSSL_EVP_CIPH_MODE))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
wolfSSL_EVP_CIPHER_CTX_init(en);
if (wolfSSL_EVP_CipherInit_ex(en, wolfSSL_EVP_aes_128_cbc(), NULL,
(unsigned char*)key, (unsigned char*)iv, 0) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
wolfSSL_EVP_CIPHER_CTX_init(en);
if (wolfSSL_EVP_EncryptInit_ex(en, wolfSSL_EVP_aes_128_cbc(), NULL,
(unsigned char*)key, (unsigned char*)iv) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wolfSSL_EVP_EncryptFinal_ex(NULL, NULL, NULL)
!= WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
{
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
if (wolfSSL_EVP_EncryptFinal(NULL, NULL, NULL)
!= WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
{
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
wolfSSL_EVP_CIPHER_CTX_init(de);
if (wolfSSL_EVP_DecryptInit_ex(de, wolfSSL_EVP_aes_128_cbc(), NULL,
(unsigned char*)key, (unsigned char*)iv) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wolfSSL_EVP_DecryptFinal(NULL, NULL, NULL)
!= WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
{
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
if (wolfSSL_EVP_DecryptFinal_ex(NULL, NULL, NULL)
!= WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
{
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
if (wolfSSL_EVP_CIPHER_CTX_block_size(NULL) != WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
wolfSSL_EVP_CIPHER_CTX_init(en);
wolfSSL_EVP_EncryptInit_ex(en, wolfSSL_EVP_aes_128_cbc(), NULL,
(unsigned char*)key, (unsigned char*)iv);
if (wolfSSL_EVP_CIPHER_CTX_block_size(en) != en->block_size)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wolfSSL_EVP_CIPHER_block_size(NULL) != WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wolfSSL_EVP_CIPHER_block_size(wolfSSL_EVP_aes_128_cbc()) != WC_AES_BLOCK_SIZE)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (WOLFSSL_EVP_CIPHER_mode(NULL) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wolfSSL_EVP_CIPHER_flags(wolfSSL_EVP_aes_128_cbc()) != WOLFSSL_EVP_CIPH_CBC_MODE)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
wolfSSL_EVP_CIPHER_CTX_clear_flags(en, 0xFFFFFFFF);
wolfSSL_EVP_CIPHER_CTX_set_flags(en, 42);
if (en->flags != 42)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wolfSSL_EVP_CIPHER_CTX_set_padding(NULL, 0) !=
WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wolfSSL_EVP_CIPHER_CTX_set_padding(en, 0) != WOLFSSL_SUCCESS)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wolfSSL_EVP_CIPHER_CTX_set_padding(en, 1) != WOLFSSL_SUCCESS)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#endif /* WOLFSSL_AES_128 && HAVE_AES_CBC */
#endif /* !NO_AES && !WOLFCRYPT_ONLY */
ret = 0;
out:
#ifdef WOLFSSL_SMALL_STACK
XFREE(md_ctx, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL_EVP_CIPHER_CTX_free(ctx);
wolfSSL_EVP_CIPHER_CTX_free(en);
wolfSSL_EVP_CIPHER_CTX_free(de);
wolfSSL_EVP_CIPHER_CTX_free(p_en);
wolfSSL_EVP_CIPHER_CTX_free(p_de);
#if !defined(NO_AES) && !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API) && \
defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
#ifdef HAVE_AES_DECRYPT
XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
#endif
#endif
#else
(void)en;
(void)de;
(void)ctx;
#endif
return ret;
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openSSL_evpMD_test(void)
{
wc_test_ret_t ret = 0;
#if !defined(NO_SHA256) && !defined(NO_SHA)
WOLFSSL_EVP_MD_CTX* ctx;
WOLFSSL_EVP_MD_CTX* ctx2;
WOLFSSL_ENTER("openSSL_evpMD_test");
ctx = wolfSSL_EVP_MD_CTX_new();
ctx2 = wolfSSL_EVP_MD_CTX_new();
ret = wolfSSL_EVP_DigestInit(ctx, wolfSSL_EVP_sha256());
if (ret != WOLFSSL_SUCCESS) {
ret = WC_TEST_RET_ENC_NC;
goto openSSL_evpMD_test_done;
}
ret = wolfSSL_EVP_MD_CTX_copy(ctx2, ctx);
if (ret != WOLFSSL_SUCCESS) {
ret = WC_TEST_RET_ENC_NC;
goto openSSL_evpMD_test_done;
}
if (wolfSSL_EVP_MD_type(wolfSSL_EVP_sha256()) != wolfSSL_EVP_MD_CTX_type(ctx2)) {
ret = WC_TEST_RET_ENC_NC;
goto openSSL_evpMD_test_done;
}
ret = wolfSSL_EVP_MD_CTX_cleanup(ctx);
if (ret != WOLFSSL_SUCCESS) {
ret = WC_TEST_RET_ENC_NC;
goto openSSL_evpMD_test_done;
}
ret = wolfSSL_EVP_DigestInit(ctx, wolfSSL_EVP_sha1());
if (ret != WOLFSSL_SUCCESS) {
ret = WC_TEST_RET_ENC_NC;
goto openSSL_evpMD_test_done;
}
if (wolfSSL_EVP_MD_type(wolfSSL_EVP_sha256()) != wolfSSL_EVP_MD_CTX_type(ctx2)) {
ret = WC_TEST_RET_ENC_NC;
goto openSSL_evpMD_test_done;
}
ret = wolfSSL_EVP_MD_CTX_copy_ex(ctx2, ctx);
if (ret != WOLFSSL_SUCCESS) {
ret = WC_TEST_RET_ENC_NC;
goto openSSL_evpMD_test_done;
}
if (wolfSSL_EVP_MD_type(wolfSSL_EVP_sha256()) == wolfSSL_EVP_MD_CTX_type(ctx2)) {
ret = WC_TEST_RET_ENC_NC;
goto openSSL_evpMD_test_done;
}
if (wolfSSL_EVP_MD_type(wolfSSL_EVP_sha1()) != wolfSSL_EVP_MD_CTX_type(ctx2)) {
ret = WC_TEST_RET_ENC_NC;
goto openSSL_evpMD_test_done;
}
ret = wolfSSL_EVP_MD_CTX_cleanup(ctx);
if (ret != WOLFSSL_SUCCESS) {
ret = WC_TEST_RET_ENC_NC;
goto openSSL_evpMD_test_done;
}
if (wolfSSL_EVP_DigestInit_ex(ctx, wolfSSL_EVP_sha1(), NULL) != WOLFSSL_SUCCESS) {
ret = WC_TEST_RET_ENC_NC;
goto openSSL_evpMD_test_done;
}
if (wolfSSL_EVP_add_digest(NULL) != 0) {
ret = WC_TEST_RET_ENC_NC;
goto openSSL_evpMD_test_done;
}
if (wolfSSL_EVP_add_cipher(NULL) != 0) {
ret = WC_TEST_RET_ENC_NC;
goto openSSL_evpMD_test_done;
}
ret = wolfSSL_EVP_MD_CTX_cleanup(ctx);
if (ret != WOLFSSL_SUCCESS) {
ret = WC_TEST_RET_ENC_NC;
goto openSSL_evpMD_test_done;
}
ret = 0; /* got to success state without jumping to end with a fail */
openSSL_evpMD_test_done:
wolfSSL_EVP_MD_CTX_free(ctx);
wolfSSL_EVP_MD_CTX_free(ctx2);
#endif /* NO_SHA256 */
return ret;
}
#ifdef DEBUG_SIGN
static void show(const char *title, const char *p, unsigned int s) {
char* i;
printf("%s: ", title);
for (i = p;
i < p + s;
printf("%c", *i), i++);
printf("\n");
}
#else
#define show(a,b,c) WC_DO_NOTHING
#endif
#define FOURK_BUFF 4096
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void)
{
wc_test_ret_t ret = 0;
#if !defined(NO_RSA) && !defined(NO_SHA)
byte* prvTmp;
byte* pubTmp;
int prvBytes;
int pubBytes;
WOLFSSL_RSA *prvRsa = NULL;
WOLFSSL_RSA *pubRsa = NULL;
WOLFSSL_EVP_PKEY *prvPkey = NULL;
WOLFSSL_EVP_PKEY *pubPkey = NULL;
WOLFSSL_EVP_PKEY_CTX *enc = NULL;
WOLFSSL_EVP_PKEY_CTX *dec = NULL;
byte in[] = TEST_STRING;
byte out[256];
size_t outlen;
size_t keySz;
byte plain[256];
#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
XFILE keyFile;
XFILE keypubFile;
char cliKey[] = "./certs/client-key.der";
char cliKeypub[] = "./certs/client-keyPub.der";
#endif
WOLFSSL_ENTER("openssl_pkey0_test");
prvTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (prvTmp == NULL)
return WC_TEST_RET_ENC_ERRNO;
pubTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (pubTmp == NULL) {
XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return WC_TEST_RET_ENC_NC;
}
#ifdef USE_CERT_BUFFERS_1024
XMEMCPY(prvTmp, client_key_der_1024, sizeof_client_key_der_1024);
prvBytes = sizeof_client_key_der_1024;
XMEMCPY(pubTmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
pubBytes = sizeof_client_keypub_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
XMEMCPY(prvTmp, client_key_der_2048, sizeof_client_key_der_2048);
prvBytes = sizeof_client_key_der_2048;
XMEMCPY(pubTmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
pubBytes = sizeof_client_keypub_der_2048;
#else
keyFile = XFOPEN(cliKey, "rb");
if (!keyFile) {
XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
err_sys("can't open ./certs/client-key.der, "
"Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO);
return WC_TEST_RET_ENC_ERRNO;
}
prvBytes = (int)XFREAD(prvTmp, 1, (int)FOURK_BUFF, keyFile);
XFCLOSE(keyFile);
if (prvBytes == 0) {
XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return WC_TEST_RET_ENC_ERRNO;
}
keypubFile = XFOPEN(cliKeypub, "rb");
if (!keypubFile) {
XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
err_sys("can't open ./certs/client-cert.der, "
"Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO);
return WC_TEST_RET_ENC_ERRNO;
}
pubBytes = (int)XFREAD(pubTmp, 1, (int)FOURK_BUFF, keypubFile);
XFCLOSE(keypubFile);
if (pubBytes == 0) {
XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return WC_TEST_RET_ENC_ERRNO;
}
#endif /* USE_CERT_BUFFERS */
prvRsa = wolfSSL_RSA_new();
pubRsa = wolfSSL_RSA_new();
if((prvRsa == NULL) || (pubRsa == NULL)){
printf("error with RSA_new\n");
ret = WC_TEST_RET_ENC_ERRNO;
goto openssl_pkey0_test_done;
}
ret = wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE);
if(ret != WOLFSSL_SUCCESS){
printf("error with RSA_LoadDer_ex\n");
ret = WC_TEST_RET_ENC_EC(ret);
goto openssl_pkey0_test_done;
}
ret = wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC);
if(ret != WOLFSSL_SUCCESS){
printf("error with RSA_LoadDer_ex\n");
ret = WC_TEST_RET_ENC_EC(ret);
goto openssl_pkey0_test_done;
}
keySz = (size_t)wolfSSL_RSA_size(pubRsa);
prvPkey = wolfSSL_EVP_PKEY_new();
pubPkey = wolfSSL_EVP_PKEY_new();
if((prvPkey == NULL) || (pubPkey == NULL)){
printf("error with PKEY_new\n");
ret = WC_TEST_RET_ENC_NC;
goto openssl_pkey0_test_done;
}
ret = wolfSSL_EVP_PKEY_set1_RSA(prvPkey, prvRsa);
ret += wolfSSL_EVP_PKEY_set1_RSA(pubPkey, pubRsa);
if(ret != 2){
printf("error with PKEY_set1_RSA\n");
ret = WC_TEST_RET_ENC_I(ret);
goto openssl_pkey0_test_done;
}
dec = wolfSSL_EVP_PKEY_CTX_new(prvPkey, NULL);
enc = wolfSSL_EVP_PKEY_CTX_new(pubPkey, NULL);
if((dec == NULL)||(enc==NULL)){
printf("error with EVP_PKEY_CTX_new\n");
ret = WC_TEST_RET_ENC_NC;
goto openssl_pkey0_test_done;
}
ret = wolfSSL_EVP_PKEY_decrypt_init(dec);
if (ret != 1) {
printf("error with decrypt init\n");
ret = WC_TEST_RET_ENC_NC;
goto openssl_pkey0_test_done;
}
ret = wolfSSL_EVP_PKEY_encrypt_init(enc);
if (ret != 1) {
printf("error with encrypt init\n");
ret = WC_TEST_RET_ENC_NC;
goto openssl_pkey0_test_done;
}
XMEMSET(out, 0, sizeof(out));
ret = wolfSSL_EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in));
if (ret != 1) {
printf("error encrypting msg\n");
ret = WC_TEST_RET_ENC_NC;
goto openssl_pkey0_test_done;
}
show("encrypted msg", out, outlen);
XMEMSET(plain, 0, sizeof(plain));
ret = wolfSSL_EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz);
if (ret != 1) {
printf("error decrypting msg\n");
ret = WC_TEST_RET_ENC_NC;
goto openssl_pkey0_test_done;
}
show("decrypted msg", plain, outlen);
/* RSA_PKCS1_OAEP_PADDING test */
ret = wolfSSL_EVP_PKEY_decrypt_init(dec);
if (ret != 1) {
printf("error with decrypt init\n");
ret = WC_TEST_RET_ENC_NC;
goto openssl_pkey0_test_done;
}
ret = wolfSSL_EVP_PKEY_encrypt_init(enc);
if (ret != 1) {
printf("error with encrypt init\n");
ret = WC_TEST_RET_ENC_NC;
goto openssl_pkey0_test_done;
}
if (wolfSSL_EVP_PKEY_CTX_set_rsa_padding(dec, WC_RSA_PKCS1_PADDING) <= 0) {
printf("first set rsa padding error\n");
ret = WC_TEST_RET_ENC_EC(ret);
goto openssl_pkey0_test_done;
}
#ifndef HAVE_FIPS
if (wolfSSL_EVP_PKEY_CTX_set_rsa_padding(dec, WC_RSA_PKCS1_OAEP_PADDING) <= 0){
printf("second set rsa padding error\n");
ret = WC_TEST_RET_ENC_EC(ret);
goto openssl_pkey0_test_done;
}
if (wolfSSL_EVP_PKEY_CTX_set_rsa_padding(enc, WC_RSA_PKCS1_OAEP_PADDING) <= 0) {
printf("third set rsa padding error\n");
ret = WC_TEST_RET_ENC_EC(ret);
goto openssl_pkey0_test_done;
}
#endif
XMEMSET(out, 0, sizeof(out));
ret = wolfSSL_EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in));
if (ret != 1) {
printf("error encrypting msg\n");
ret = WC_TEST_RET_ENC_NC;
goto openssl_pkey0_test_done;
}
show("encrypted msg", out, outlen);
XMEMSET(plain, 0, sizeof(plain));
ret = wolfSSL_EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz);
if (ret != 1) {
printf("error decrypting msg\n");
ret = WC_TEST_RET_ENC_NC;
goto openssl_pkey0_test_done;
}
show("decrypted msg", plain, outlen);
ret = 0; /* made it to this point without error then set success */
openssl_pkey0_test_done:
wolfSSL_RSA_free(prvRsa);
wolfSSL_RSA_free(pubRsa);
wolfSSL_EVP_PKEY_free(pubPkey);
wolfSSL_EVP_PKEY_free(prvPkey);
wolfSSL_EVP_PKEY_CTX_free(dec);
wolfSSL_EVP_PKEY_CTX_free(enc);
XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif /* NO_RSA */
return ret;
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey1_test(void)
{
wc_test_ret_t ret = 0;
#if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_SHA)
WOLFSSL_EVP_PKEY_CTX* dec = NULL;
WOLFSSL_EVP_PKEY_CTX* enc = NULL;
WOLFSSL_EVP_PKEY* pubKey = NULL;
WOLFSSL_EVP_PKEY* prvKey = NULL;
WOLFSSL_X509* x509 = NULL;
WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sugar slapped";
const unsigned char* clikey;
long cliKeySz;
size_t outlen;
int keyLenBits = 2048;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
unsigned char *tmp = (unsigned char *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
unsigned char *cipher = (unsigned char *)XMALLOC(RSA_TEST_BYTES, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
unsigned char *plain = (unsigned char *)XMALLOC(RSA_TEST_BYTES, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if ((tmp == NULL) ||
(cipher == NULL) ||
(plain == NULL)) {
ret = WC_TEST_RET_ENC_NC;
goto openssl_pkey1_test_done;
}
#else
unsigned char tmp[FOURK_BUF];
unsigned char cipher[RSA_TEST_BYTES];
unsigned char plain[RSA_TEST_BYTES];
#endif
WOLFSSL_ENTER("openssl_pkey1_test");
#if defined(USE_CERT_BUFFERS_1024)
XMEMCPY(tmp, client_key_der_1024, sizeof_client_key_der_1024);
cliKeySz = (long)sizeof_client_key_der_1024;
x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_1024,
sizeof_client_cert_der_1024, SSL_FILETYPE_ASN1);
keyLenBits = 1024;
#elif defined(USE_CERT_BUFFERS_2048)
XMEMCPY(tmp, client_key_der_2048, sizeof_client_key_der_2048);
cliKeySz = (long)sizeof_client_key_der_2048;
x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_2048,
sizeof_client_cert_der_2048, SSL_FILETYPE_ASN1);
#elif defined(USE_CERT_BUFFERS_3072)
XMEMCPY(tmp, client_key_der_3072, sizeof_client_key_der_3072);
cliKeySz = (long)sizeof_client_key_der_3072;
x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_3072,
sizeof_client_cert_der_3072, SSL_FILETYPE_ASN1);
keyLenBits = 3072;
#elif defined(USE_CERT_BUFFERS_4096)
XMEMCPY(tmp, client_key_der_4096, sizeof_client_key_der_4096);
cliKeySz = (long)sizeof_client_key_der_4096;
x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_4096,
sizeof_client_cert_der_4096, SSL_FILETYPE_ASN1);
keyLenBits = 4096;
#else
{
XFILE f;
f = XFOPEN(clientKey, "rb");
if (!f) {
err_sys("can't open ./certs/client-key.der, "
"Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO);
ret = WC_TEST_RET_ENC_ERRNO;
goto openssl_pkey1_test_done;
}
cliKeySz = (long)XFREAD(tmp, 1, FOURK_BUF, f);
XFCLOSE(f);
if (cliKeySz == 0)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, openssl_pkey1_test_done);
}
/* using existing wolfSSL api to get public and private key */
x509 = wolfSSL_X509_load_certificate_file(clientCert, WOLFSSL_FILETYPE_ASN1);
#endif /* USE_CERT_BUFFERS */
clikey = tmp;
if ((prvKey = wolfSSL_EVP_PKEY_new()) == NULL) {
ret = WC_TEST_RET_ENC_ERRNO;
goto openssl_pkey1_test_done;
}
wolfSSL_EVP_PKEY_free(prvKey);
prvKey = NULL;
if (x509 == NULL) {
ret = WC_TEST_RET_ENC_NC;
goto openssl_pkey1_test_done;
}
pubKey = wolfSSL_X509_get_pubkey(x509);
if (pubKey == NULL) {
ret = WC_TEST_RET_ENC_NC;
goto openssl_pkey1_test_done;
}
prvKey = wolfSSL_d2i_PrivateKey(WC_EVP_PKEY_RSA, NULL, &clikey, cliKeySz);
if (prvKey == NULL) {
ret = WC_TEST_RET_ENC_NC;
goto openssl_pkey1_test_done;
}
/* phase 2 API to create WOLFSSL_EVP_PKEY_CTX and encrypt/decrypt */
if (wolfSSL_EVP_PKEY_bits(prvKey) != keyLenBits) {
ret = WC_TEST_RET_ENC_NC;
goto openssl_pkey1_test_done;
}
if (wolfSSL_EVP_PKEY_size(prvKey) != keyLenBits/8) {
ret = WC_TEST_RET_ENC_NC;
goto openssl_pkey1_test_done;
}
dec = wolfSSL_EVP_PKEY_CTX_new(prvKey, NULL);
enc = wolfSSL_EVP_PKEY_CTX_new(pubKey, NULL);
if (dec == NULL || enc == NULL) {
ret = WC_TEST_RET_ENC_ERRNO;
goto openssl_pkey1_test_done;
}
if (wolfSSL_EVP_PKEY_decrypt_init(dec) != 1) {
ret = WC_TEST_RET_ENC_NC;
goto openssl_pkey1_test_done;
}
if (wolfSSL_EVP_PKEY_encrypt_init(enc) != 1) {
ret = WC_TEST_RET_ENC_NC;
goto openssl_pkey1_test_done;
}
if (wolfSSL_EVP_PKEY_CTX_set_rsa_padding(dec, WC_RSA_PKCS1_PADDING) <= 0) {
ret = WC_TEST_RET_ENC_NC;
goto openssl_pkey1_test_done;
}
#ifndef HAVE_FIPS
if (wolfSSL_EVP_PKEY_CTX_set_rsa_padding(dec, WC_RSA_PKCS1_OAEP_PADDING) <= 0){
ret = WC_TEST_RET_ENC_EC(ret);
goto openssl_pkey1_test_done;
}
if (wolfSSL_EVP_PKEY_CTX_set_rsa_padding(enc, WC_RSA_PKCS1_OAEP_PADDING) <= 0) {
ret = WC_TEST_RET_ENC_EC(ret);
goto openssl_pkey1_test_done;
}
#endif
XMEMSET(cipher, 0, RSA_TEST_BYTES);
outlen = (size_t)(keyLenBits/8);
if (wolfSSL_EVP_PKEY_encrypt(enc, cipher, &outlen, msg, sizeof(msg)) < 0) {
ret = WC_TEST_RET_ENC_EC(ret);
goto openssl_pkey1_test_done;
}
XMEMSET(plain, 0, RSA_TEST_BYTES);
if (wolfSSL_EVP_PKEY_decrypt(dec, plain, &outlen, cipher, outlen) != 1) {
ret = WC_TEST_RET_ENC_NC;
goto openssl_pkey1_test_done;
}
openssl_pkey1_test_done:
if (pubKey != NULL) {
wolfSSL_EVP_PKEY_free(pubKey);
}
if (prvKey != NULL) {
wolfSSL_EVP_PKEY_free(prvKey);
}
if (dec != NULL) {
wolfSSL_EVP_PKEY_CTX_free(dec);
}
if (enc != NULL) {
wolfSSL_EVP_PKEY_CTX_free(enc);
}
if (x509 != NULL) {
wolfSSL_X509_free(x509);
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(cipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(plain, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#endif
return ret;
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_evpSig_test(void)
{
#if !defined(NO_RSA) && !defined(NO_SHA)
byte* prvTmp;
byte* pubTmp;
int prvBytes;
int pubBytes;
WOLFSSL_RSA *prvRsa;
WOLFSSL_RSA *pubRsa;
WOLFSSL_EVP_PKEY *prvPkey;
WOLFSSL_EVP_PKEY *pubPkey;
WOLFSSL_EVP_MD_CTX* sign;
WOLFSSL_EVP_MD_CTX* verf;
char msg[] = "see spot run";
unsigned char sig[256];
unsigned int sigSz;
const void* pt;
unsigned int count;
wc_test_ret_t ret, ret1, ret2;
#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
XFILE keyFile;
XFILE keypubFile;
char cliKey[] = "./certs/client-key.der";
char cliKeypub[] = "./certs/client-keyPub.der";
#endif
WOLFSSL_ENTER("openssl_evpSig_test");
prvTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (prvTmp == NULL)
return WC_TEST_RET_ENC_ERRNO;
pubTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (pubTmp == NULL) {
XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return WC_TEST_RET_ENC_NC;
}
#ifdef USE_CERT_BUFFERS_1024
XMEMCPY(prvTmp, client_key_der_1024, sizeof_client_key_der_1024);
prvBytes = sizeof_client_key_der_1024;
XMEMCPY(pubTmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
pubBytes = sizeof_client_keypub_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
XMEMCPY(prvTmp, client_key_der_2048, sizeof_client_key_der_2048);
prvBytes = sizeof_client_key_der_2048;
XMEMCPY(pubTmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
pubBytes = sizeof_client_keypub_der_2048;
#else
keyFile = XFOPEN(cliKey, "rb");
if (!keyFile) {
XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
err_sys("can't open ./certs/client-key.der, "
"Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO);
return WC_TEST_RET_ENC_ERRNO;
}
prvBytes = (int)XFREAD(prvTmp, 1, (int)FOURK_BUFF, keyFile);
XFCLOSE(keyFile);
if (prvBytes == 0) {
XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return WC_TEST_RET_ENC_ERRNO;
}
keypubFile = XFOPEN(cliKeypub, "rb");
if (!keypubFile) {
XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
err_sys("can't open ./certs/client-cert.der, "
"Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO);
return WC_TEST_RET_ENC_ERRNO;
}
pubBytes = (int)XFREAD(pubTmp, 1, (int)FOURK_BUFF, keypubFile);
XFCLOSE(keypubFile);
if (pubBytes == 0) {
XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return WC_TEST_RET_ENC_ERRNO;
}
#endif /* USE_CERT_BUFFERS */
prvRsa = wolfSSL_RSA_new();
pubRsa = wolfSSL_RSA_new();
if((prvRsa == NULL) || (pubRsa == NULL)){
XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
err_sys("ERROR with RSA_new", WC_TEST_RET_ENC_NC);
return WC_TEST_RET_ENC_NC;
}
ret1 = wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE);
ret2 = wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC);
if((ret1 != WOLFSSL_SUCCESS) || (ret2 != WOLFSSL_SUCCESS)){
XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
printf("error with RSA_LoadDer_ex\n");
return WC_TEST_RET_ENC_NC;
}
prvPkey = wolfSSL_EVP_PKEY_new();
pubPkey = wolfSSL_EVP_PKEY_new();
if((prvPkey == NULL) || (pubPkey == NULL)){
XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
printf("error with KEY_new\n");
return WC_TEST_RET_ENC_NC;
}
ret1 = wolfSSL_EVP_PKEY_set1_RSA(prvPkey, prvRsa);
ret2 = wolfSSL_EVP_PKEY_set1_RSA(pubPkey, pubRsa);
if((ret1 != 1) || (ret2 != 1)){
XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
printf("error with WOLFSSL_EVP_PKEY_set1_RSA\n");
return WC_TEST_RET_ENC_NC;
}
/****************** sign and verify *******************/
sign = wolfSSL_EVP_MD_CTX_new();
verf = wolfSSL_EVP_MD_CTX_new();
if((sign == NULL)||(verf == NULL)){
printf("error with WOLFSSL_EVP_MD_CTX_create\n");
XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL_EVP_MD_CTX_free(sign);
wolfSSL_EVP_MD_CTX_free(verf);
return WC_TEST_RET_ENC_NC;
}
ret = wolfSSL_EVP_SignInit(sign, wolfSSL_EVP_sha1());
if (ret != WOLFSSL_SUCCESS){
printf("error with EVP_SignInit\n");
XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL_EVP_MD_CTX_free(sign);
wolfSSL_EVP_MD_CTX_free(verf);
return WC_TEST_RET_ENC_NC;
}
count = sizeof(msg);
show("message = ", (char *)msg, count);
/* sign */
XMEMSET(sig, 0, sizeof(sig));
pt = (const void*)msg;
ret1 = wolfSSL_EVP_SignUpdate(sign, pt, count);
ret2 = wolfSSL_EVP_SignFinal(sign, sig, &sigSz, prvPkey);
if((ret1 != WOLFSSL_SUCCESS) || (ret2 != WOLFSSL_SUCCESS)){
XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL_EVP_MD_CTX_free(sign);
wolfSSL_EVP_MD_CTX_free(verf);
printf("error with WOLFSSL_EVP_MD_CTX_create\n");
return WC_TEST_RET_ENC_NC;
}
show("signature = ", (char *)sig, sigSz);
/* verify */
pt = (const void*)msg;
ret1 = wolfSSL_EVP_VerifyInit(verf, wolfSSL_EVP_sha1());
ret2 = wolfSSL_EVP_VerifyUpdate(verf, pt, count);
if((ret1 != WOLFSSL_SUCCESS) || (ret2 != WOLFSSL_SUCCESS)){
XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL_EVP_MD_CTX_free(sign);
wolfSSL_EVP_MD_CTX_free(verf);
printf("error with EVP_Verify\n");
return WC_TEST_RET_ENC_NC;
}
if (wolfSSL_EVP_VerifyFinal(verf, sig, sigSz, pubPkey) != 1) {
XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL_EVP_MD_CTX_free(sign);
wolfSSL_EVP_MD_CTX_free(verf);
printf("error with EVP_VerifyFinal\n");
return WC_TEST_RET_ENC_NC;
}
/* expect fail without update */
wolfSSL_EVP_VerifyInit(verf, wolfSSL_EVP_sha1());
if (wolfSSL_EVP_VerifyFinal(verf, sig, sigSz, pubPkey) == 1) {
XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL_EVP_MD_CTX_free(sign);
wolfSSL_EVP_MD_CTX_free(verf);
printf("EVP_VerifyInit without update not detected\n");
return WC_TEST_RET_ENC_NC;
}
XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL_EVP_MD_CTX_free(sign);
wolfSSL_EVP_MD_CTX_free(verf);
wolfSSL_RSA_free(prvRsa);
wolfSSL_RSA_free(pubRsa);
wolfSSL_EVP_PKEY_free(pubPkey);
wolfSSL_EVP_PKEY_free(prvPkey);
#endif /* NO_RSA */
return 0;
}
#endif /* OPENSSL_EXTRA */
#ifndef NO_PWDBASED
#ifdef HAVE_SCRYPT
/* Test vectors taken from RFC 7914: scrypt PBKDF - Section 12. */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void)
{
#ifdef HAVE_FIPS
/* RFC 7914 test vector keys are too short for FIPS. */
#else
wc_test_ret_t ret;
byte derived[64];
WOLFSSL_SMALL_STACK_STATIC const byte verify1[] = {
0x77, 0xd6, 0x57, 0x62, 0x38, 0x65, 0x7b, 0x20,
0x3b, 0x19, 0xca, 0x42, 0xc1, 0x8a, 0x04, 0x97,
0xf1, 0x6b, 0x48, 0x44, 0xe3, 0x07, 0x4a, 0xe8,
0xdf, 0xdf, 0xfa, 0x3f, 0xed, 0xe2, 0x14, 0x42,
0xfc, 0xd0, 0x06, 0x9d, 0xed, 0x09, 0x48, 0xf8,
0x32, 0x6a, 0x75, 0x3a, 0x0f, 0xc8, 0x1f, 0x17,
0xe8, 0xd3, 0xe0, 0xfb, 0x2e, 0x0d, 0x36, 0x28,
0xcf, 0x35, 0xe2, 0x0c, 0x38, 0xd1, 0x89, 0x06
};
#if !defined(BENCH_EMBEDDED)
WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = {
0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
};
#endif
#if !defined(BENCH_EMBEDDED) && !defined(WOLFSSL_KERNEL_MODE) && !defined(HAVE_INTEL_QA)
WOLFSSL_SMALL_STACK_STATIC const byte verify3[] = {
0x70, 0x23, 0xbd, 0xcb, 0x3a, 0xfd, 0x73, 0x48,
0x46, 0x1c, 0x06, 0xcd, 0x81, 0xfd, 0x38, 0xeb,
0xfd, 0xa8, 0xfb, 0xba, 0x90, 0x4f, 0x8e, 0x3e,
0xa9, 0xb5, 0x43, 0xf6, 0x54, 0x5d, 0xa1, 0xf2,
0xd5, 0x43, 0x29, 0x55, 0x61, 0x3f, 0x0f, 0xcf,
0x62, 0xd4, 0x97, 0x05, 0x24, 0x2a, 0x9a, 0xf9,
0xe6, 0x1e, 0x85, 0xdc, 0x0d, 0x65, 0x1e, 0x40,
0xdf, 0xcf, 0x01, 0x7b, 0x45, 0x57, 0x58, 0x87
};
#endif
#ifdef SCRYPT_TEST_ALL
/* Test case is very slow.
* Use for confirmation after code change or new platform.
*/
WOLFSSL_SMALL_STACK_STATIC const byte verify4[] = {
0x21, 0x01, 0xcb, 0x9b, 0x6a, 0x51, 0x1a, 0xae,
0xad, 0xdb, 0xbe, 0x09, 0xcf, 0x70, 0xf8, 0x81,
0xec, 0x56, 0x8d, 0x57, 0x4a, 0x2f, 0xfd, 0x4d,
0xab, 0xe5, 0xee, 0x98, 0x20, 0xad, 0xaa, 0x47,
0x8e, 0x56, 0xfd, 0x8f, 0x4b, 0xa5, 0xd0, 0x9f,
0xfa, 0x1c, 0x6d, 0x92, 0x7c, 0x40, 0xf4, 0xc3,
0x37, 0x30, 0x40, 0x49, 0xe8, 0xa9, 0x52, 0xfb,
0xcb, 0xf4, 0x5c, 0x6f, 0xa7, 0x7a, 0x41, 0xa4
};
#endif
WOLFSSL_ENTER("scrypt_test");
ret = wc_scrypt(derived, NULL, 0, NULL, 0, 4, 1, 1, sizeof(verify1));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(derived, verify1, sizeof(verify1)) != 0)
return WC_TEST_RET_ENC_NC;
#if !defined(BENCH_EMBEDDED)
ret = wc_scrypt(derived, (byte*)"password", 8, (byte*)"NaCl", 4, 10, 8, 16,
sizeof(verify2));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(derived, verify2, sizeof(verify2)) != 0)
return WC_TEST_RET_ENC_NC;
#endif
/* Test case with parallel overflowing */
ret = wc_scrypt(derived, (byte*)"password", 16, (byte*)"NaCl", 16, 2, 4, 8388608,
sizeof(verify1));
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
/* Don't run these test on embedded, since they use large mallocs */
#if !defined(BENCH_EMBEDDED) && !defined(WOLFSSL_KERNEL_MODE) && !defined(HAVE_INTEL_QA)
ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13,
(byte*)"SodiumChloride", 14, 14, 8, 1, sizeof(verify3));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(derived, verify3, sizeof(verify3)) != 0)
return WC_TEST_RET_ENC_NC;
#ifdef SCRYPT_TEST_ALL
ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13,
(byte*)"SodiumChloride", 14, 20, 8, 1, sizeof(verify4));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(derived, verify4, sizeof(verify4)) != 0)
return WC_TEST_RET_ENC_NC;
ret = wc_scrypt(derived,(byte*)"pleaseletmein", 13,
(byte*)"SodiumChloride", 14, 22, 8, 1, sizeof(derived));
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
#endif
#else
#ifdef SCRYPT_TEST_ALL
(void)verify4;
#endif
#endif /* !BENCH_EMBEDDED && !defined(WOLFSSL_KERNEL_MODE) && !HAVE_INTEL_QA */
#if !defined(BENCH_EMBEDDED)
ret = wc_scrypt_ex(derived, (byte*)"password", 8, (byte*)"NaCl", 4, 1<<10,
8, 16, sizeof(verify2));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(derived, verify2, sizeof(verify2)) != 0)
return WC_TEST_RET_ENC_NC;
#endif
#endif /* !HAVE_FIPS */
return 0;
}
#endif
#if defined(HAVE_PKCS12) && !defined(NO_SHA256)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void)
{
WOLFSSL_SMALL_STACK_STATIC const byte passwd[] = {
0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67,
0x00, 0x00
};
WOLFSSL_SMALL_STACK_STATIC const byte salt[] = {
0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f
};
WOLFSSL_SMALL_STACK_STATIC const byte passwd2[] = {
0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65,
0x00, 0x67, 0x00, 0x00
};
WOLFSSL_SMALL_STACK_STATIC const byte salt2[] = {
0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5
};
WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
0x27, 0xE9, 0x0D, 0x7E, 0xD5, 0xA1, 0xC4, 0x11,
0xBA, 0x87, 0x8B, 0xC0, 0x90, 0xF5, 0xCE, 0xBE,
0x5E, 0x9D, 0x5F, 0xE3, 0xD6, 0x2B, 0x73, 0xAA
};
WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = {
0x90, 0x1B, 0x49, 0x70, 0xF0, 0x94, 0xF0, 0xF8,
0x45, 0xC0, 0xF3, 0xF3, 0x13, 0x59, 0x18, 0x6A,
0x35, 0xE3, 0x67, 0xFE, 0xD3, 0x21, 0xFD, 0x7C
};
byte derived[64];
int id = 1;
int kLen = 24;
int iterations = 1;
wc_test_ret_t ret;
WOLFSSL_ENTER("pkcs12_pbkdf_test");
ret = wc_PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8,
iterations, kLen, WC_SHA256, id);
if (ret < 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(derived, verify, (unsigned long)kLen) != 0)
return WC_TEST_RET_ENC_NC;
iterations = 1000;
ret = wc_PKCS12_PBKDF(derived, passwd2, sizeof(passwd2), salt2, 8,
iterations, kLen, WC_SHA256, id);
if (ret < 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_PKCS12_PBKDF_ex(derived, passwd2, sizeof(passwd2), salt2, 8,
iterations, kLen, WC_SHA256, id, HEAP_HINT);
if (ret < 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(derived, verify2, 24) != 0)
return WC_TEST_RET_ENC_NC;
return 0;
}
#endif /* HAVE_PKCS12 && !NO_SHA256 */
#if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf2_test(void)
{
char passwd[] = "passwordpassword";
WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a,
0x5d, 0x63, 0xcb, 0x06 };
int iterations = 2048;
int kLen = 24;
byte derived[64];
WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
0x43, 0x6d, 0xb5, 0xe8, 0xd0, 0xfb, 0x3f, 0x35, 0x42, 0x48, 0x39, 0xbc,
0x2d, 0xd4, 0xf9, 0x37, 0xd4, 0x95, 0x16, 0xa7, 0x2a, 0x9a, 0x21, 0xd1
};
wc_test_ret_t ret;
WOLFSSL_ENTER("pbkdf2_test");
ret = wc_PBKDF2_ex(derived, (byte*)passwd, (int)XSTRLEN(passwd),
salt, (int)sizeof(salt), iterations,
kLen, WC_SHA256, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(derived, verify, sizeof(verify)) != 0)
return WC_TEST_RET_ENC_NC;
#if !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0))
{
int cur_pbkdf_limit = wc_PBKDF_max_iterations_set(iterations - 1);
if (cur_pbkdf_limit <= 0)
return WC_TEST_RET_ENC_EC(cur_pbkdf_limit);
ret = wc_PBKDF2_ex(derived, (byte*)passwd, (int)XSTRLEN(passwd),
salt, (int)sizeof(salt), iterations,
kLen, WC_SHA256, HEAP_HINT, devId);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_PBKDF_max_iterations_set(-1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_PBKDF_max_iterations_set(0);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_PBKDF_max_iterations_get();
if (ret != iterations - 1)
return WC_TEST_RET_ENC_NC;
ret = wc_PBKDF_max_iterations_set(cur_pbkdf_limit);
if (ret != iterations - 1)
return WC_TEST_RET_ENC_EC(ret);
ret = 0;
}
#endif /* !HAVE_SELFTEST) && (!HAVE_FIPS || FIPS_VERSION3_GE(7,0,0)) */
return ret;
}
#endif /* HAVE_PBKDF2 && !NO_SHA256 && !NO_HMAC */
#if defined(HAVE_PBKDF1) && !defined(NO_SHA)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf1_test(void)
{
char passwd[] = "password";
WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06 };
int iterations = 1000;
int kLen = 16;
byte derived[16];
WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
0xDC, 0x19, 0x84, 0x7E, 0x05, 0xC6, 0x4D, 0x2F,
0xAF, 0x10, 0xEB, 0xFB, 0x4A, 0x3D, 0x2A, 0x20
};
wc_test_ret_t ret;
WOLFSSL_ENTER("pbkdf1_test");
ret = wc_PBKDF1_ex(derived, kLen, NULL, 0, (byte*)passwd,
(int)XSTRLEN(passwd), salt, (int)sizeof(salt), iterations, WC_SHA,
HEAP_HINT);
if (ret != 0)
return ret;
if (XMEMCMP(derived, verify, sizeof(verify)) != 0)
return WC_TEST_RET_ENC_NC;
return 0;
}
#endif /* HAVE_PBKDF2 && !NO_SHA */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pwdbased_test(void)
{
wc_test_ret_t ret = 0;
WOLFSSL_ENTER("pwdbased_test");
#if defined(HAVE_PBKDF1) && !defined(NO_SHA)
ret = pbkdf1_test();
if (ret != 0)
return ret;
#endif
#if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC)
ret = pbkdf2_test();
if (ret != 0)
return ret;
#endif
#if defined(HAVE_PKCS12) && !defined(NO_SHA256)
ret = pkcs12_pbkdf_test();
if (ret != 0)
return ret;
#endif
#if defined(HAVE_PKCS12) && !defined(NO_ASN) && !defined(NO_PWDBASED) && \
!defined(NO_HMAC) && !defined(NO_CERTS) && !defined(WOLFSSL_NO_MALLOC) && \
!defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0))
/* Test that a crafted PKCS#12 with INT_MAX MAC iterations is rejected
* immediately rather than hanging in DoPKCS12Hash(). */
{
static const byte evil_p12[] = {
0x30, 0x58, 0x02, 0x01, 0x03, 0x30, 0x1e, 0x06,
0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
0x07, 0x01, 0xa0, 0x11, 0x04, 0x0f, 0x30, 0x0d,
0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
0xf7, 0x0d, 0x01, 0x07, 0x01, 0x30, 0x33, 0x30,
0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03,
0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x04, 0x08, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x02, 0x04, 0x7f, 0xff,
0xff, 0xff
};
WC_PKCS12* evilPkcs12 = wc_PKCS12_new_ex(HEAP_HINT);
if (evilPkcs12 == NULL)
return WC_TEST_RET_ENC_EC(MEMORY_E);
ret = wc_d2i_PKCS12(evil_p12, (word32)sizeof(evil_p12), evilPkcs12);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
else {
byte* evilKey = NULL;
byte* evilCert = NULL;
word32 evilKeySz = 0, evilCertSz = 0;
WC_DerCertList* evilCa = NULL;
ret = wc_PKCS12_parse(evilPkcs12, "test", &evilKey, &evilKeySz,
&evilCert, &evilCertSz, &evilCa);
/* Parse must fail (iteration cap), not succeed or hang */
if (ret == 0)
ret = WC_TEST_RET_ENC_NC;
else
ret = 0;
XFREE(evilKey, HEAP_HINT, DYNAMIC_TYPE_PKCS);
XFREE(evilCert, HEAP_HINT, DYNAMIC_TYPE_PKCS);
if (evilCa)
wc_FreeCertList(evilCa, HEAP_HINT);
}
wc_PKCS12_free(evilPkcs12);
if (ret != 0)
return ret;
}
#endif /* HAVE_PKCS12 && !NO_ASN && !NO_PWDBASED && !NO_HMAC && !NO_CERTS && */
/* !WOLFSSL_NO_MALLOC && */
/* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION_GE(7,0)) */
#ifdef HAVE_SCRYPT
ret = scrypt_test();
#endif
return ret;
}
#endif /* NO_PWDBASED */
#if defined(USE_CERT_BUFFERS_2048) && \
defined(HAVE_PKCS12) && \
!defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \
!defined(NO_CERTS) && !defined(NO_DES3) && !defined(NO_SHA)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void)
{
wc_test_ret_t ret = 0;
WC_PKCS12* pkcs12 = NULL;
/* Gen vars */
byte* pkcs12der = NULL;
int pkcs12derSz = 0;
WC_DerCertList derCaList = {
(byte*)ca_cert_der_2048, sizeof_ca_cert_der_2048, NULL
};
char* pass = (char*)"wolfSSL test";
/* Parsing vars */
WC_DerCertList* derCaListOut = NULL;
byte* keyDer = NULL;
byte* certDer = NULL;
word32 keySz;
word32 certSz;
WOLFSSL_ENTER("pkcs12_test");
pkcs12 = wc_PKCS12_create(pass, (word32)XSTRLEN(pass),
(char*)"friendlyName" /* not used currently */,
(byte*)server_key_der_2048, sizeof_server_key_der_2048,
(byte*)server_cert_der_2048, sizeof_server_cert_der_2048,
&derCaList, PBE_SHA1_DES3, PBE_SHA1_DES3, 100, 100,
0 /* not used currently */, HEAP_HINT);
if (pkcs12 == NULL) {
ret = WC_TEST_RET_ENC_EC(MEMORY_E);
goto out;
}
ret = wc_i2d_PKCS12(pkcs12, NULL, &pkcs12derSz);
if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
if (ret == 0)
ret = WC_TEST_RET_ENC_NC;
else
ret = WC_TEST_RET_ENC_I(ret);
goto out;
}
pkcs12der = (byte*)XMALLOC(pkcs12derSz, HEAP_HINT, DYNAMIC_TYPE_PKCS);
if (pkcs12der == NULL) {
ret = WC_TEST_RET_ENC_EC(MEMORY_E);
goto out;
}
{
/* Use tmp pointer to avoid advancing pkcs12der */
byte* tmp = pkcs12der;
ret = wc_i2d_PKCS12(pkcs12, &tmp, &pkcs12derSz);
if (ret <= 0) {
if (ret == 0)
ret = WC_TEST_RET_ENC_NC;
else
ret = WC_TEST_RET_ENC_I(ret);
goto out;
}
}
wc_PKCS12_free(pkcs12);
pkcs12 = wc_PKCS12_new_ex(HEAP_HINT);
if (pkcs12 == NULL) {
ret = WC_TEST_RET_ENC_EC(MEMORY_E);
goto out;
}
/* convert the DER file into an internal structure */
ret = wc_d2i_PKCS12(pkcs12der, pkcs12derSz, pkcs12);
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret);
goto out;
}
/* parse the internal structure into its parts */
ret = wc_PKCS12_parse(pkcs12, "wolfSSL test", &keyDer, &keySz,
&certDer, &certSz, &derCaListOut);
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret);
goto out;
}
if (keyDer == NULL || certDer == NULL || derCaListOut == NULL) {
ret = WC_TEST_RET_ENC_NC;
goto out;
}
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0))
/* Test that a crafted PKCS#12 with INT_MAX MAC iterations is rejected
* immediately rather than hanging in DoPKCS12Hash(). This is a 90-byte
* minimal PKCS#12 with mac->itt = 0x7FFFFFFF (2,147,483,647). */
{
static const byte evil_p12[] = {
0x30, 0x58, 0x02, 0x01, 0x03, 0x30, 0x1e, 0x06,
0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
0x07, 0x01, 0xa0, 0x11, 0x04, 0x0f, 0x30, 0x0d,
0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
0xf7, 0x0d, 0x01, 0x07, 0x01, 0x30, 0x33, 0x30,
0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03,
0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x04, 0x08, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x02, 0x04, 0x7f, 0xff,
0xff, 0xff
};
WC_PKCS12* evilPkcs12 = wc_PKCS12_new_ex(HEAP_HINT);
if (evilPkcs12 == NULL) {
ret = WC_TEST_RET_ENC_EC(MEMORY_E);
goto out;
}
ret = wc_d2i_PKCS12(evil_p12, (word32)sizeof(evil_p12), evilPkcs12);
if (ret == 0) {
byte* evilKey = NULL;
byte* evilCert = NULL;
word32 evilKeySz = 0, evilCertSz = 0;
WC_DerCertList* evilCa = NULL;
ret = wc_PKCS12_parse(evilPkcs12, "test", &evilKey, &evilKeySz,
&evilCert, &evilCertSz, &evilCa);
XFREE(evilKey, HEAP_HINT, DYNAMIC_TYPE_PKCS);
XFREE(evilCert, HEAP_HINT, DYNAMIC_TYPE_PKCS);
if (evilCa)
wc_FreeCertList(evilCa, HEAP_HINT);
wc_PKCS12_free(evilPkcs12);
/* Must have been rejected (not hung) */
if (ret == 0) {
ret = WC_TEST_RET_ENC_NC;
goto out;
}
ret = 0; /* rejection is the expected outcome */
}
}
#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION_GE(7,0)) */
out:
if (derCaListOut)
wc_FreeCertList(derCaListOut, HEAP_HINT);
XFREE(keyDer, HEAP_HINT, DYNAMIC_TYPE_PKCS);
XFREE(certDer, HEAP_HINT, DYNAMIC_TYPE_PKCS);
if (pkcs12)
wc_PKCS12_free(pkcs12);
XFREE(pkcs12der, HEAP_HINT, DYNAMIC_TYPE_PKCS);
return ret;
}
#endif
#if defined(HAVE_HKDF) && !defined(NO_HMAC)
#if defined(WOLFSSL_AFALG_XILINX) || defined(WOLFSSL_AFALG_XILINX_AES) || \
defined(WOLFSSL_AFALG_XILINX_SHA3) || defined(WOLFSSL_AFALG_HASH_KEEP) || \
defined(WOLFSSL_AFALG_XILINX_RSA)
/* hkdf_test has issue with WOLFSSL_TEST_SUBROUTINE set on Xilinx with afalg */
static wc_test_ret_t hkdf_test(void)
#else
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void)
#endif
{
wc_test_ret_t ret = 0;
#if !defined(NO_SHA) || !defined(NO_SHA256)
int L;
byte prk[WC_MAX_DIGEST_SIZE];
byte okm1[42];
byte ikm1[22] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b };
#ifndef HAVE_FIPS
byte salt1[13] ={ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c };
byte info1[10] ={ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
0xf8, 0xf9 };
#endif
#ifndef NO_SHA
byte res1[42] = { 0x0a, 0xc1, 0xaf, 0x70, 0x02, 0xb3, 0xd7, 0x61,
0xd1, 0xe5, 0x52, 0x98, 0xda, 0x9d, 0x05, 0x06,
0xb9, 0xae, 0x52, 0x05, 0x72, 0x20, 0xa3, 0x06,
0xe0, 0x7b, 0x6b, 0x87, 0xe8, 0xdf, 0x21, 0xd0,
0xea, 0x00, 0x03, 0x3d, 0xe0, 0x39, 0x84, 0xd3,
0x49, 0x18 };
#ifndef HAVE_FIPS
byte res2[42] = { 0x08, 0x5a, 0x01, 0xea, 0x1b, 0x10, 0xf3, 0x69,
0x33, 0x06, 0x8b, 0x56, 0xef, 0xa5, 0xad, 0x81,
0xa4, 0xf1, 0x4b, 0x82, 0x2f, 0x5b, 0x09, 0x15,
0x68, 0xa9, 0xcd, 0xd4, 0xf1, 0x55, 0xfd, 0xa2,
0xc2, 0x2e, 0x42, 0x24, 0x78, 0xd3, 0x05, 0xf3,
0xf8, 0x96 };
#endif
#endif /* !NO_SHA */
#ifndef NO_SHA256
byte res3[42] = { 0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f,
0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31,
0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e,
0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d,
0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a,
0x96, 0xc8 };
#ifndef HAVE_FIPS
byte res4[42] = { 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
0x58, 0x65 };
#endif
#endif /* !NO_SHA256 */
WOLFSSL_ENTER("hkdf_test");
XMEMSET(okm1, 0, sizeof(okm1));
L = (int)sizeof(okm1);
#ifndef NO_SHA
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0))
ret = wc_HKDF_ex(WC_SHA, ikm1, (word32)sizeof(ikm1), NULL, 0, NULL, 0,
okm1, (word32)L, HEAP_HINT, devId);
#else
ret = wc_HKDF(WC_SHA, ikm1, (word32)sizeof(ikm1), NULL, 0, NULL, 0,
okm1, (word32)L);
#endif
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(okm1, res1, (unsigned long)L) != 0)
return WC_TEST_RET_ENC_NC;
#ifndef HAVE_FIPS
/* fips can't have key size under 14 bytes, salt is key too */
L = (int)sizeof(okm1);
#if !defined(HAVE_SELFTEST)
ret = wc_HKDF_ex(WC_SHA, ikm1, 11, salt1, (word32)sizeof(salt1), info1,
(word32)sizeof(info1), okm1, (word32)L, HEAP_HINT, devId);
#else
ret = wc_HKDF(WC_SHA, ikm1, 11, salt1, (word32)sizeof(salt1), info1,
(word32)sizeof(info1), okm1, (word32)L);
#endif
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(okm1, res2, (unsigned long)L) != 0)
return WC_TEST_RET_ENC_NC;
#endif /* !HAVE_FIPS */
#endif /* !NO_SHA */
#ifndef NO_SHA256
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0))
ret = wc_HKDF_ex(WC_SHA256, ikm1, (word32)sizeof(ikm1), NULL, 0, NULL, 0,
okm1, (word32)L, HEAP_HINT, devId);
#else
ret = wc_HKDF(WC_SHA256, ikm1, (word32)sizeof(ikm1), NULL, 0, NULL, 0,
okm1, (word32)L);
#endif
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(okm1, res3, (unsigned long)L) != 0)
return WC_TEST_RET_ENC_NC;
#ifndef HAVE_FIPS
/* fips can't have key size under 14 bytes, salt is key too */
#if !defined(HAVE_SELFTEST)
ret = wc_HKDF_ex(WC_SHA256, ikm1, (word32)sizeof(ikm1),
salt1, (word32)sizeof(salt1), info1, (word32)sizeof(info1), okm1,
(word32)L, HEAP_HINT, devId);
#else
ret = wc_HKDF(WC_SHA256, ikm1, (word32)sizeof(ikm1), salt1,
(word32)sizeof(salt1), info1, (word32)sizeof(info1), okm1,
(word32)L);
#endif
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(okm1, res4, (unsigned long)L) != 0)
return WC_TEST_RET_ENC_NC;
#endif /* !HAVE_FIPS */
#endif /* !NO_SHA256 */
#ifndef NO_SHA
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0))
ret = wc_HKDF_Extract_ex(WC_SHA, NULL, 0, ikm1, (word32)sizeof(ikm1),
prk, HEAP_HINT, devId);
#else
ret = wc_HKDF_Extract(WC_SHA, NULL, 0, ikm1, (word32)sizeof(ikm1), prk);
#endif
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0))
ret = wc_HKDF_Expand_ex(WC_SHA, prk, WC_SHA_DIGEST_SIZE, NULL, 0,
okm1, (word32)L, HEAP_HINT, devId);
#else
ret = wc_HKDF_Expand(WC_SHA, prk, WC_SHA_DIGEST_SIZE, NULL, 0,
okm1, (word32)L);
#endif
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(okm1, res1, (unsigned long)L) != 0)
return WC_TEST_RET_ENC_NC;
#ifndef HAVE_FIPS
/* fips can't have key size under 14 bytes, salt is key too */
#if !defined(HAVE_SELFTEST)
ret = wc_HKDF_Extract_ex(WC_SHA, salt1, (word32)sizeof(salt1), ikm1, 11,
prk, HEAP_HINT, devId);
#else
ret = wc_HKDF_Extract(WC_SHA, salt1, (word32)sizeof(salt1), ikm1, 11, prk);
#endif
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#if !defined(HAVE_SELFTEST)
ret = wc_HKDF_Expand_ex(WC_SHA, prk, WC_SHA_DIGEST_SIZE, info1,
(word32)sizeof(info1), okm1, (word32)L, HEAP_HINT, devId);
#else
ret = wc_HKDF_Expand(WC_SHA, prk, WC_SHA_DIGEST_SIZE, info1,
(word32)sizeof(info1), okm1, (word32)L);
#endif
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(okm1, res2, (unsigned long)L) != 0)
return WC_TEST_RET_ENC_NC;
#endif /* !HAVE_FIPS */
#endif /* !NO_SHA */
#ifndef NO_SHA256
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0))
ret = wc_HKDF_Extract_ex(WC_SHA256, NULL, 0, ikm1, (word32)sizeof(ikm1),
prk, HEAP_HINT, devId);
#else
ret = wc_HKDF_Extract(WC_SHA256, NULL, 0, ikm1, (word32)sizeof(ikm1), prk);
#endif
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0))
ret = wc_HKDF_Expand_ex(WC_SHA256, prk, WC_SHA256_DIGEST_SIZE, NULL, 0,
okm1, (word32)L, HEAP_HINT, devId);
#else
ret = wc_HKDF_Expand(WC_SHA256, prk, WC_SHA256_DIGEST_SIZE, NULL, 0,
okm1, (word32)L);
#endif
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(okm1, res3, (unsigned long)L) != 0)
return WC_TEST_RET_ENC_NC;
#ifndef HAVE_FIPS
/* fips can't have key size under 14 bytes, salt is key too */
#if !defined(HAVE_SELFTEST)
ret = wc_HKDF_Extract_ex(WC_SHA256, salt1, (word32)sizeof(salt1), ikm1,
(word32)sizeof(ikm1), prk, HEAP_HINT, devId);
#else
ret = wc_HKDF_Extract(WC_SHA256, salt1, (word32)sizeof(salt1), ikm1,
(word32)sizeof(ikm1), prk);
#endif
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#if !defined(HAVE_SELFTEST)
ret = wc_HKDF_Expand_ex(WC_SHA256, prk, WC_SHA256_DIGEST_SIZE, info1,
(word32)sizeof(info1), okm1, (word32)L, HEAP_HINT, devId);
#else
ret = wc_HKDF_Expand(WC_SHA256, prk, WC_SHA256_DIGEST_SIZE, info1,
(word32)sizeof(info1), okm1, (word32)L);
#endif
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(okm1, res4, (unsigned long)L) != 0)
return WC_TEST_RET_ENC_NC;
#endif /* !HAVE_FIPS */
#endif /* !NO_SHA256 */
#endif /* !NO_SHA || !NO_SHA256 */
#if !defined(NO_SHA256) && !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0))
/* wc_HKDF_Extract bad arg: NULL out */
ret = wc_HKDF_Extract(WC_SHA256, NULL, 0, ikm1, (word32)sizeof(ikm1), NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
/* wc_HKDF_Extract bad arg: NULL inKey with non-zero inKeySz */
ret = wc_HKDF_Extract(WC_SHA256, NULL, 0, NULL, 5, okm1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
/* wc_HKDF_Expand bad arg: NULL out */
ret = wc_HKDF_Expand(WC_SHA256, prk, WC_SHA256_DIGEST_SIZE, NULL, 0,
NULL, (word32)L);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
/* wc_HKDF_Expand bad arg: NULL inKey with non-zero inKeySz */
ret = wc_HKDF_Expand(WC_SHA256, NULL, WC_SHA256_DIGEST_SIZE, NULL, 0,
okm1, (word32)L);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
#endif /* !NO_SHA256 && !HAVE_SELFTEST */
/* && (!HAVE_FIPS || FIPS_VERSION3_GE(7,0,0)) */
return 0;
}
#endif /* HAVE_HKDF */
#ifdef WOLFSSL_WOLFSSH
typedef struct {
byte hashId;
byte keyId;
const byte* k;
word32 kSz;
const byte* h;
word32 hSz;
const byte* sessionId;
word32 sessionIdSz;
const byte* expectedKey;
word32 expectedKeySz;
} SshKdfTestVector;
/** Test Vector Set #3: SHA-256 **/
static const byte sshKdfTvSet3k[] = {
0x6A, 0xC3, 0x82, 0xEA, 0xAC, 0xA0, 0x93, 0xE1,
0x25, 0xE2, 0x5C, 0x24, 0xBE, 0xBC, 0x84, 0x64,
0x0C, 0x11, 0x98, 0x75, 0x07, 0x34, 0x4B, 0x5C,
0x73, 0x9C, 0xEB, 0x84, 0xA9, 0xE0, 0xB2, 0x22,
0xB9, 0xA8, 0xB5, 0x1C, 0x83, 0x9E, 0x5E, 0xBE,
0x49, 0xCF, 0xAD, 0xBF, 0xB3, 0x95, 0x99, 0x76,
0x4E, 0xD5, 0x22, 0x09, 0x9D, 0xC9, 0x12, 0x75,
0x19, 0x50, 0xDC, 0x7D, 0xC9, 0x7F, 0xBD, 0xC0,
0x63, 0x28, 0xB6, 0x8F, 0x22, 0x78, 0x1F, 0xD3,
0x15, 0xAF, 0x56, 0x80, 0x09, 0xA5, 0x50, 0x9E,
0x5B, 0x87, 0xA1, 0x1B, 0xF5, 0x27, 0xC0, 0x56,
0xDA, 0xFF, 0xD8, 0x2A, 0xB6, 0xCB, 0xC2, 0x5C,
0xCA, 0x37, 0x14, 0x34, 0x59, 0xE7, 0xBC, 0x63,
0xBC, 0xDE, 0x52, 0x75, 0x7A, 0xDE, 0xB7, 0xDF,
0x01, 0xCF, 0x12, 0x17, 0x3F, 0x1F, 0xEF, 0x81,
0x02, 0xEC, 0x5A, 0xB1, 0x42, 0xC2, 0x13, 0xDD,
0x9D, 0x30, 0x69, 0x62, 0x78, 0xA8, 0xD8, 0xBC,
0x32, 0xDD, 0xE9, 0x59, 0x2D, 0x28, 0xC0, 0x78,
0xC6, 0xD9, 0x2B, 0x94, 0x7D, 0x82, 0x5A, 0xCA,
0xAB, 0x64, 0x94, 0x84, 0x6A, 0x49, 0xDE, 0x24,
0xB9, 0x62, 0x3F, 0x48, 0x89, 0xE8, 0xAD, 0xC3,
0x8E, 0x8C, 0x66, 0x9E, 0xFF, 0xEF, 0x17, 0x60,
0x40, 0xAD, 0x94, 0x5E, 0x90, 0xA7, 0xD3, 0xEE,
0xC1, 0x5E, 0xFE, 0xEE, 0x78, 0xAE, 0x71, 0x04,
0x3C, 0x96, 0x51, 0x11, 0x03, 0xA1, 0x6B, 0xA7,
0xCA, 0xF0, 0xAC, 0xD0, 0x64, 0x2E, 0xFD, 0xBE,
0x80, 0x99, 0x34, 0xFA, 0xA1, 0xA5, 0xF1, 0xBD,
0x11, 0x04, 0x36, 0x49, 0xB2, 0x5C, 0xCD, 0x1F,
0xEE, 0x2E, 0x38, 0x81, 0x5D, 0x4D, 0x5F, 0x5F,
0xC6, 0xB4, 0x10, 0x29, 0x69, 0xF2, 0x1C, 0x22,
0xAE, 0x1B, 0x0E, 0x7D, 0x36, 0x03, 0xA5, 0x56,
0xA1, 0x32, 0x62, 0xFF, 0x62, 0x8D, 0xE2, 0x22
};
static const byte sshKdfTvSet3h[] = {
0x7B, 0x70, 0x01, 0x18, 0x5E, 0x25, 0x6D, 0x44,
0x93, 0x44, 0x5F, 0x39, 0xA5, 0x5F, 0xB9, 0x05,
0xE6, 0x32, 0x1F, 0x4B, 0x5D, 0xD8, 0xBB, 0xF3,
0x10, 0x0D, 0x51, 0xBA, 0x0B, 0xDA, 0x3D, 0x2D
};
static const byte sshKdfTvSet3sid[] = {
0x7B, 0x70, 0x01, 0x18, 0x5E, 0x25, 0x6D, 0x44,
0x93, 0x44, 0x5F, 0x39, 0xA5, 0x5F, 0xB9, 0x05,
0xE6, 0x32, 0x1F, 0x4B, 0x5D, 0xD8, 0xBB, 0xF3,
0x10, 0x0D, 0x51, 0xBA, 0x0B, 0xDA, 0x3D, 0x2D
};
static const byte sshKdfTvSet3a[] = {
0x81, 0xF0, 0x33, 0x0E, 0xF6, 0xF0, 0x53, 0x61,
0xB3, 0x82, 0x3B, 0xFD, 0xED, 0x6E, 0x1D, 0xE9
};
static const byte sshKdfTvSet3b[] = {
0x3F, 0x6F, 0xD2, 0x06, 0x5E, 0xEB, 0x2B, 0x0B,
0x1D, 0x93, 0x19, 0x5A, 0x1F, 0xED, 0x48, 0xA5
};
static const byte sshKdfTvSet3c[] = {
0xC3, 0x54, 0x71, 0x03, 0x4E, 0x6F, 0xD6, 0x54,
0x76, 0x13, 0x17, 0x8E, 0x23, 0x43, 0x5F, 0x21
};
static const byte sshKdfTvSet3d[] = {
0x7E, 0x9D, 0x79, 0x03, 0x20, 0x90, 0xD9, 0x9F,
0x98, 0xB0, 0x15, 0x63, 0x4D, 0xD9, 0xF4, 0x62
};
static const byte sshKdfTvSet3e[] = {
0x24, 0xEE, 0x55, 0x9A, 0xD7, 0xCE, 0x71, 0x2B,
0x68, 0x5D, 0x0B, 0x22, 0x71, 0xE4, 0x43, 0xC1,
0x7A, 0xB1, 0xD1, 0xDC, 0xEB, 0x5A, 0x36, 0x05,
0x69, 0xD2, 0x5D, 0x5D, 0xC2, 0x43, 0x00, 0x2F
};
static const byte sshKdfTvSet3f[] = {
0xC3, 0x41, 0x9C, 0x2B, 0x96, 0x62, 0x35, 0x86,
0x9D, 0x71, 0x4B, 0xA5, 0xAC, 0x48, 0xDD, 0xB7,
0xD9, 0xE3, 0x5C, 0x8C, 0x19, 0xAA, 0xC7, 0x34,
0x22, 0x33, 0x7A, 0x37, 0x34, 0x53, 0x60, 0x7E
};
static const SshKdfTestVector sshKdfTestVectors[] = {
{WC_HASH_TYPE_SHA256, 'A',
sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
sshKdfTvSet3a, sizeof(sshKdfTvSet3a)},
{WC_HASH_TYPE_SHA256, 'B',
sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
sshKdfTvSet3b, sizeof(sshKdfTvSet3b)},
{WC_HASH_TYPE_SHA256, 'C',
sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
sshKdfTvSet3c, sizeof(sshKdfTvSet3c)},
{WC_HASH_TYPE_SHA256, 'D',
sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
sshKdfTvSet3d, sizeof(sshKdfTvSet3d)},
{WC_HASH_TYPE_SHA256, 'E',
sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
sshKdfTvSet3e, sizeof(sshKdfTvSet3e)},
{WC_HASH_TYPE_SHA256, 'F',
sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
sshKdfTvSet3f, sizeof(sshKdfTvSet3f)},
};
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sshkdf_test(void)
{
byte cKey[32]; /* Greater of SHA256_DIGEST_SIZE and WC_AES_BLOCK_SIZE */
word32 i;
word32 tc = sizeof(sshKdfTestVectors)/sizeof(SshKdfTestVector);
const SshKdfTestVector* tv = NULL;
wc_test_ret_t result = 0;
WOLFSSL_ENTER("sshkdf_test");
/* sId - Session ID, eKey - Expected Key, cKey - Calculated Key */
for (i = 0, tv = sshKdfTestVectors; i < tc; i++, tv++) {
result = wc_SSH_KDF(tv->hashId, tv->keyId,
cKey, tv->expectedKeySz,
tv->k, tv->kSz, tv->h, tv->hSz,
tv->sessionId, tv->sessionIdSz);
if (result != 0) {
printf("KDF: Could not derive key.\n");
result = WC_TEST_RET_ENC_EC(result);
}
else {
if (XMEMCMP(cKey, tv->expectedKey, tv->expectedKeySz) != 0) {
printf("KDF: Calculated Key does not match Expected Key.\n");
result = WC_TEST_RET_ENC_EC(result);
}
}
if (result != 0) break;
}
return result;
}
#endif /* WOLFSSL_WOLFSSH */
#if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && \
defined(WOLFSSL_SHA384) && !defined(WOLFSSL_NO_TLS12)
#define DIGL 12
#define SECL 48
#define LBSL 63
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prf_test(void)
{
int ret;
byte dig[DIGL] = {0};
byte secret[SECL] = {
0x10, 0xbc, 0xb4, 0xa2, 0xe8, 0xdc, 0xf1, 0x9b, 0x4c,
0x51, 0x9c, 0xed, 0x31, 0x1b, 0x51, 0x57, 0x02, 0x3f,
0xa1, 0x7d, 0xfb, 0x0e, 0xf3, 0x4e, 0x8f, 0x6f, 0x71,
0xa3, 0x67, 0x76, 0x6b, 0xfa, 0x5d, 0x46, 0x4a, 0xe8,
0x61, 0x18, 0x81, 0xc4, 0x66, 0xcc, 0x6f, 0x09, 0x99,
0x9d, 0xfc, 0x47
};
byte lablSd[LBSL] = {
0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x66, 0x69,
0x6e, 0x69, 0x73, 0x68, 0x65, 0x64, 0x0b, 0x46, 0xba,
0x56, 0xbf, 0x1f, 0x5d, 0x99, 0xff, 0xe9, 0xbb, 0x43,
0x01, 0xe7, 0xca, 0x2c, 0x00, 0xdf, 0x9a, 0x39, 0x6e,
0xcf, 0x6d, 0x15, 0x27, 0x4d, 0xf2, 0x93, 0x96, 0x4a,
0x91, 0xde, 0x5c, 0xc0, 0x47, 0x7c, 0xa8, 0xae, 0xcf,
0x5d, 0x93, 0x5f, 0x4c, 0x92, 0xcc, 0x98, 0x5b, 0x43
};
byte expected[DIGL] = {
0xee, 0xcb, 0xb1, 0x30, 0xf2, 0xcd, 0xb3, 0x4a,
0xbe, 0xda, 0xc1, 0xf6
};
int digL = DIGL;
int secL = SECL;
int lblsdL = LBSL;
int hash_type = sha384_mac;
ret = wc_PRF(dig, (word32)digL, secret, (word32)secL, lablSd,
(word32)lblsdL, hash_type,
HEAP_HINT, devId);
if (ret != 0) {
printf("Failed w/ code: %d\n", ret);
return WC_TEST_RET_ENC_EC(ret);
}
if (XMEMCMP(expected, dig, DIGL) != 0) {
printf("Got unexpected digest\n");
return WC_TEST_RET_ENC_NC;
}
return 0;
}
#endif /* WOLFSSL_HAVE_PRF && !NO_HMAC && WOLFSSL_SHA384 && !WOLFSSL_NO_TLS12 */
#if defined(WOLFSSL_HAVE_PRF) && defined(HAVE_HKDF) && !defined(NO_HMAC) && \
defined(WOLFSSL_BASE16) && !defined(WOLFSSL_NO_TLS12)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls12_kdf_test(void)
{
const char* preMasterSecret = "D06F9C19BFF49B1E91E4EFE97345D089"
"4E6C2E6C34A165B24540E2970875D641"
"2AA6515871B389B4C199BB8389C71CED";
const char* helloRandom = "162B81EDFBEAE4F25240320B87E7651C"
"865564191DD782DB0B9ECA275FBA1BB9"
"5A1DA3DF436D68DA86C5E7B4B4A36E46"
"B977C61767983A31BE270D74517BD0F6";
const char* masterSecret = "EB38B8D89B98B1C266DE44BB3CA14E83"
"C32F009F9955B1D994E61D3C51EE8760"
"90B4EF89CC7AF42F46E72201BFCC7977";
const char* label = "master secret";
byte pms[48] = {0};
byte seed[64] = {0};
byte ms[48] = {0};
byte result[48] = {0};
word32 pmsSz = (word32)sizeof(pms);
word32 seedSz = (word32)sizeof(seed);
word32 msSz = (word32)sizeof(ms);
int ret;
ret = Base16_Decode((const byte*)preMasterSecret,
(word32)XSTRLEN(preMasterSecret), pms, &pmsSz);
if (ret != 0)
return ret;
ret = Base16_Decode((const byte*)helloRandom,
(word32)XSTRLEN(helloRandom), seed, &seedSz);
if (ret != 0)
return ret;
ret = Base16_Decode((const byte*)masterSecret,
(word32)XSTRLEN(masterSecret), ms, &msSz);
if (ret != 0)
return ret;
ret = wc_PRF_TLS(result, msSz, pms, pmsSz,
(const byte*)label, (word32)XSTRLEN(label), seed, seedSz,
1, sha256_mac, NULL, devId);
if (ret != 0) {
if (ret == WC_NO_ERR_TRACE(FIPS_PRIVATE_KEY_LOCKED_E)) {
printf(" wc_PRF_TLSv12: Private key locked.\n");
}
return WC_TEST_RET_ENC_EC(ret);
}
if (XMEMCMP(result, ms, msSz) != 0)
return WC_TEST_RET_ENC_NC;
return 0;
}
#endif /* WOLFSSL_HAVE_PRF && HAVE_HKDF && !NO_HMAC && */
/* WOLFSSL_BASE16 && !WOLFSSL_NO_TLS12 */
#if defined(WOLFSSL_TLS13) && !defined(NO_HMAC)
#define TLSV13_PSK_DHE_SZ 40
typedef struct {
enum wc_HashType hashAlg;
word32 pskSz;
word32 dheSz;
byte psk[TLSV13_PSK_DHE_SZ];
byte dhe[TLSV13_PSK_DHE_SZ];
byte hashHello1[WC_MAX_DIGEST_SIZE];
byte hashHello2[WC_MAX_DIGEST_SIZE];
byte hashFinished1[WC_MAX_DIGEST_SIZE];
byte hashFinished2[WC_MAX_DIGEST_SIZE];
/* Expected */
byte clientEarlyTrafficSecret[WC_MAX_DIGEST_SIZE];
byte earlyExporterMasterSecret[WC_MAX_DIGEST_SIZE];
byte clientHandshakeTrafficSecret[WC_MAX_DIGEST_SIZE];
byte serverHandshakeTrafficSecret[WC_MAX_DIGEST_SIZE];
byte clientApplicationTrafficSecret[WC_MAX_DIGEST_SIZE];
byte serverApplicationTrafficSecret[WC_MAX_DIGEST_SIZE];
byte exporterMasterSecret[WC_MAX_DIGEST_SIZE];
byte resumptionMasterSecret[WC_MAX_DIGEST_SIZE];
} Tls13KdfTestVector;
/* The following tests come from the CAVP test vectors we used for
* our FIPS validation. The hash values used are the components from
* the test hashed together. hashHello1 is the hash of the
* clientHelloRandom value of the test vector. hashHello2 is the hash
* of the clientHelloRandom and serverHelloRandom values from the test
* vector. hashFinished1 is clientHelloRandom, serverHelloRandom, and
* serverFinishedRandom. hashFinished2 is clientHelloRandom,
* serverHelloRandom, serverFinishedRandom, and clietnFinishedRandom
* hashed together. */
static const Tls13KdfTestVector tls13KdfTestVectors[] = {
#ifndef NO_SHA256
{ /* 1 */
WC_HASH_TYPE_SHA256, 35, 35,
{ /* PSK */
0x7b, 0xf1, 0x05, 0x31, 0x36, 0xfa, 0x03, 0xdc,
0x31, 0x97, 0x88, 0x04, 0x9c, 0xbc, 0xee, 0xf7,
0x8d, 0x84, 0x95, 0x26, 0xaf, 0x1d, 0x68, 0xb0,
0x60, 0x7a, 0xcc, 0x4f, 0xc1, 0xd3, 0xa1, 0x68,
0x7f, 0x6d, 0xbe
},
{ /* DHE */
0x6e, 0xa1, 0x77, 0xab, 0x2f, 0x43, 0xd2, 0x4b,
0xe5, 0xa1, 0x09, 0xe0, 0x7a, 0xd0, 0x01, 0x35,
0x8d, 0xf8, 0xf2, 0x5c, 0x91, 0x02, 0xb0, 0x6c,
0x3f, 0xeb, 0xee, 0xa4, 0x42, 0x19, 0xce, 0xdc,
0x81, 0x26, 0x40
},
{ /* Hello 1 */
0xd9, 0x4b, 0xe4, 0x17, 0xef, 0x58, 0x73, 0x7d,
0x28, 0x3d, 0xf0, 0xcc, 0x05, 0x03, 0xaf, 0xac,
0x3d, 0x92, 0x79, 0x48, 0xe8, 0x8c, 0xdb, 0xce,
0x95, 0x82, 0x21, 0x31, 0x7b, 0x61, 0xd7, 0xc6
},
{ /* Hello 2 */
0xb7, 0x7f, 0x29, 0x91, 0xa4, 0x8b, 0x34, 0xdb,
0xbd, 0xc7, 0x54, 0x1c, 0x3b, 0x86, 0xa3, 0x69,
0xfe, 0x26, 0xe4, 0x7b, 0xac, 0x57, 0x71, 0xb3,
0x32, 0x97, 0xed, 0xd2, 0x0e, 0x95, 0xb8, 0x63
},
{ /* Finished 1 */
0x65, 0xdb, 0x6d, 0x71, 0x71, 0xd0, 0xd8, 0x49,
0xd0, 0x3c, 0x8e, 0x2b, 0x24, 0xdf, 0xc2, 0xe9,
0xd6, 0xfd, 0xea, 0x04, 0x95, 0x7c, 0xf0, 0x7e,
0x57, 0x74, 0x7c, 0xdd, 0xa3, 0x0b, 0x2b, 0x36
},
{ /* Finished 2 */
0x28, 0xf2, 0xf2, 0x79, 0xcf, 0x20, 0x52, 0x90,
0x1d, 0x91, 0x05, 0xad, 0x44, 0x26, 0x23, 0x96,
0x32, 0xce, 0xec, 0x61, 0xd1, 0xbf, 0x00, 0x48,
0x4a, 0xa5, 0x60, 0xcc, 0x28, 0xb5, 0x8d, 0x98
},
{ /* Client Early Traffic Secret */
0x07, 0x14, 0x6a, 0x26, 0x5b, 0x6c, 0x7f, 0x4d, 0x6b, 0x47, 0x3f, 0xd5,
0x03, 0x1d, 0xd2, 0x23, 0x3d, 0x89, 0x3e, 0xc6, 0x51, 0xd1, 0xac, 0xf8,
0x28, 0xae, 0x4b, 0x76, 0xc8, 0x10, 0x7e, 0xdd
},
{ /* Early Exporter Master Secret */
0xb8, 0xd3, 0x25, 0x7e, 0x2d, 0x41, 0x7b, 0xcb, 0x5e, 0x82, 0x49, 0xf5,
0x51, 0x3d, 0xb7, 0x59, 0x32, 0xb3, 0xdf, 0x99, 0x4e, 0x04, 0x69, 0xc6,
0x96, 0x8e, 0xe6, 0x3d, 0x91, 0xe4, 0x81, 0x11
},
{ /* Client Handshake Traffic Secret */
0xd9, 0x3b, 0x54, 0xe2, 0xb0, 0xd1, 0x85, 0xf0, 0xfd, 0xf3, 0x48, 0x4a,
0xf8, 0x0b, 0xa5, 0xdc, 0x4c, 0x37, 0xcb, 0xd4, 0x20, 0xaf, 0x60, 0xc7,
0xd5, 0x50, 0x5d, 0x0c, 0x77, 0x3b, 0x6f, 0xd2
},
{ /* Server Handshake Traffic Secret */
0x4d, 0x40, 0x2b, 0xd2, 0x8c, 0x33, 0x90, 0x39, 0x67, 0x67, 0x05, 0xf7,
0x5d, 0x37, 0x1e, 0xdc, 0x4a, 0x70, 0x6b, 0x9e, 0xf8, 0x06, 0x61, 0x89,
0x70, 0xe1, 0x3d, 0x36, 0xad, 0x88, 0x7e, 0x5b
},
{ /* Client Application Traffic Secret */
0x74, 0x6e, 0xa0, 0x13, 0x18, 0x34, 0x48, 0x4d, 0x23, 0x31, 0xf1, 0xf9,
0xee, 0x44, 0x6d, 0xad, 0xc1, 0xad, 0x92, 0x73, 0xca, 0x27, 0x16, 0x91,
0xa2, 0x50, 0x9a, 0xfc, 0xec, 0xf0, 0x6b, 0x24
},
{ /* Server Application Traffic Secret */
0x89, 0x18, 0x7e, 0x34, 0x8d, 0xfc, 0x14, 0xb1, 0x4f, 0x21, 0xd8, 0x29,
0xdb, 0x9b, 0xfb, 0x55, 0xcf, 0xa1, 0x4f, 0x95, 0xf8, 0xe0, 0xb0, 0x83,
0xd5, 0x34, 0x9e, 0x0b, 0x83, 0x37, 0x42, 0x93
},
{ /* Exporter Master Secret */
0x7d, 0xc8, 0x88, 0x46, 0xd5, 0x57, 0x15, 0xb6, 0x24, 0x25, 0x92, 0x61,
0xb1, 0x18, 0x86, 0x2a, 0x6d, 0xa5, 0x84, 0xeb, 0x59, 0xdf, 0x13, 0xbd,
0x73, 0xaa, 0x5d, 0x65, 0xab, 0xd9, 0xb4, 0x56
},
{ /* Resumption Master Secret */
0x20, 0xb7, 0xd0, 0xe3, 0x82, 0x01, 0xa1, 0x04, 0xb8, 0x13, 0x29, 0xed,
0x35, 0xe4, 0x2f, 0xbf, 0x58, 0x23, 0x7f, 0x21, 0xdb, 0x9f, 0xf8, 0xe0,
0xe8, 0xe4, 0xab, 0xc4, 0xa1, 0x61, 0xb9, 0xbb
}
},
{ /* 6 */
WC_HASH_TYPE_SHA256, 0, 33,
{ 0 }, /* PSK */
{ /* DHE */
0x7a, 0x46, 0x8c, 0x5a, 0xd1, 0x8e, 0x95, 0xba,
0x61, 0xe6, 0x6f, 0xe6, 0x76, 0x0c, 0x20, 0x43,
0x16, 0x82, 0x15, 0xfe, 0x54, 0xa3, 0xc7, 0xfd,
0x3b, 0x2c, 0x88, 0xb4, 0xd3, 0x42, 0x70, 0x12,
0x18
},
{ /* Hello 1 */
0x63, 0x83, 0x58, 0xab, 0x36, 0xcd, 0x0c, 0xf3,
0x26, 0x07, 0xb5, 0x5f, 0x0b, 0x8b, 0x45, 0xd6,
0x7d, 0x5b, 0x42, 0xdc, 0xa8, 0xaa, 0x06, 0xfb,
0x20, 0xa5, 0xbb, 0x85, 0xdb, 0x54, 0xd8, 0x8b
},
{ /* Hello 2 */
0xea, 0xfe, 0x9e, 0x8e, 0xff, 0x1f, 0x6f, 0x43,
0xf9, 0x5d, 0xfd, 0xbf, 0xe2, 0x5f, 0x02, 0x2f,
0x6d, 0x47, 0x60, 0x9a, 0x48, 0x9a, 0x75, 0xfb,
0xb5, 0x4a, 0xbf, 0x9c, 0x4e, 0xff, 0xbf, 0x0b
},
{ /* Finished 1 */
0xca, 0x25, 0xb3, 0x53, 0x8e, 0x6d, 0xc3, 0x36,
0x17, 0x30, 0x07, 0xdf, 0x0d, 0xd7, 0x79, 0xb0,
0x7f, 0xcb, 0xbe, 0x7a, 0xbc, 0x2d, 0x9f, 0x2d,
0x94, 0x44, 0x94, 0xe6, 0xa4, 0xf3, 0xe8, 0x53
},
{ /* Finished 2 */
0x2e, 0xa6, 0x5a, 0xaf, 0xb5, 0xba, 0x9f, 0x2f,
0x74, 0x83, 0x5d, 0xbf, 0x86, 0xa4, 0xa6, 0xf6,
0xb9, 0x89, 0xdf, 0x17, 0xe1, 0xa8, 0x14, 0xc0,
0xe1, 0x50, 0xfa, 0xec, 0xfa, 0xae, 0x8b, 0x7b
},
{
0x20, 0x18, 0x72, 0x7c, 0xde, 0x3a, 0x85, 0x17, 0x72, 0xdc, 0xd7, 0x72,
0xb0, 0xfc, 0x45, 0xd0, 0x62, 0xb9, 0xbb, 0x38, 0x69, 0x05, 0x7b, 0xb4,
0x5e, 0x58, 0x5d, 0xed, 0xcd, 0x0b, 0x96, 0xd3
},
{
0x68, 0x10, 0x20, 0xd1, 0x5e, 0xfc, 0x0c, 0x53, 0x85, 0xbb, 0xdb, 0x18,
0xa8, 0x78, 0xf1, 0x2b, 0x13, 0xba, 0x64, 0x1d, 0xe7, 0x09, 0xbe, 0x13,
0x49, 0x26, 0xf9, 0x98, 0x56, 0xf1, 0x43, 0xfb
},
{
0x24, 0x35, 0x3e, 0x10, 0x6f, 0x39, 0x50, 0xd6, 0xa2, 0x12, 0x99, 0xf2,
0xd5, 0xf5, 0x19, 0xf5, 0x84, 0xed, 0xee, 0x78, 0x2a, 0xa6, 0xfa, 0x3d,
0x06, 0xa8, 0xa7, 0x5d, 0x97, 0x78, 0xd6, 0x58
},
{
0xf4, 0x57, 0xac, 0x24, 0x7a, 0xfb, 0x7c, 0x3b, 0xb6, 0x39, 0x17, 0x14,
0xd9, 0xd4, 0x58, 0x4d, 0x46, 0xd5, 0x1b, 0xde, 0xf7, 0x9d, 0x06, 0xee,
0x8d, 0x1a, 0x2c, 0x25, 0x6d, 0x64, 0xde, 0x89
},
{
0xb6, 0x00, 0xce, 0x63, 0xed, 0x65, 0x8b, 0x66, 0x66, 0x42, 0xc6, 0xbd,
0x89, 0xc4, 0x71, 0x6f, 0xce, 0x28, 0xb2, 0xac, 0x97, 0x07, 0x5b, 0xea,
0xb8, 0x1d, 0x4c, 0xeb, 0x9e, 0x71, 0x07, 0x8f
},
{
0xf8, 0x92, 0xc8, 0xba, 0xe7, 0x83, 0xfe, 0x68, 0xe4, 0xd6, 0x5e, 0xcb,
0xb3, 0xef, 0x49, 0xd0, 0xe7, 0xb1, 0xac, 0xcb, 0x39, 0x19, 0xfd, 0xa7,
0xf7, 0xca, 0xab, 0x1e, 0x42, 0x14, 0xd8, 0xe7
},
{
0x32, 0x4a, 0x1a, 0xad, 0xe2, 0xbb, 0x55, 0x8a, 0xdd, 0xe9, 0xa5, 0x2a,
0x46, 0x5e, 0x6c, 0x83, 0x66, 0x27, 0x27, 0x94, 0xdd, 0x68, 0x59, 0xa0,
0xbb, 0xe8, 0x31, 0x7c, 0x39, 0xd7, 0xfd, 0x6d
},
{
0x58, 0xbc, 0x6c, 0x5b, 0x24, 0xad, 0x82, 0xb3, 0xcc, 0xc7, 0xd1, 0xa1,
0xaa, 0x2b, 0x98, 0x9f, 0x2f, 0x7e, 0xa9, 0x63, 0xc2, 0x8e, 0xb6, 0x06,
0xc2, 0x2b, 0x74, 0x4b, 0x79, 0x19, 0x7e, 0x2e
}
},
{ /* 11 */
WC_HASH_TYPE_SHA256, 33, 0,
{ /* PSK */
0x3d, 0x39, 0x49, 0x36, 0x98, 0xc5, 0xfd, 0xcd,
0xa0, 0x17, 0xbd, 0x65, 0x0a, 0xdb, 0xd4, 0x07,
0x56, 0xa2, 0x7b, 0xb8, 0x2a, 0x7e, 0xfb, 0x26,
0x74, 0xe1, 0xbc, 0x08, 0x4b, 0xf0, 0x30, 0x14,
0x12
},
{ 0 }, /* DHE */
{ /* Hello 1 */
0xb7, 0x44, 0x74, 0x6c, 0x57, 0x1f, 0xf3, 0x84,
0x8f, 0x63, 0xfb, 0x8c, 0x94, 0x6c, 0x16, 0x68,
0x4b, 0xe1, 0xb5, 0xb5, 0x2a, 0x4e, 0x5f, 0xdf,
0x4b, 0x53, 0xb2, 0x35, 0xfc, 0x30, 0xf1, 0x36
},
{ /* Hello 2 */
0xe6, 0x4f, 0x3a, 0x4f, 0xd7, 0xe0, 0x64, 0xd4,
0x69, 0x50, 0xe4, 0x8b, 0xba, 0xbc, 0x47, 0x74,
0xa7, 0x9b, 0x40, 0x91, 0x8f, 0xa8, 0x72, 0x22,
0x97, 0xad, 0x43, 0xa7, 0x11, 0x86, 0xb5, 0x72
},
{ /* Finished 1 */
0x5f, 0xa6, 0x10, 0xe2, 0xa3, 0x99, 0x0b, 0x5e,
0x57, 0xee, 0xc3, 0x3a, 0x8e, 0x04, 0xf3, 0x0e,
0x58, 0x02, 0x09, 0xb2, 0x7e, 0x2d, 0xc6, 0xd2,
0x08, 0xae, 0x68, 0x0a, 0x55, 0xa5, 0xda, 0x51
},
{ /* Finished 2 */
0xfc, 0x5b, 0xc0, 0x7e, 0x1b, 0xaa, 0xc0, 0xb4,
0x34, 0x85, 0x49, 0x8e, 0x16, 0x31, 0x98, 0xdf,
0x10, 0x54, 0x22, 0xda, 0x1e, 0x6b, 0x51, 0xf6,
0x97, 0x57, 0xa0, 0x7a, 0x92, 0xe7, 0x47, 0x52
},
{
0x80, 0xfa, 0x36, 0x30, 0xb8, 0x65, 0xb3, 0x2a, 0x1d, 0x68, 0x91, 0x06,
0x98, 0xa0, 0x17, 0x8f, 0xee, 0xb7, 0x9e, 0x3d, 0xd8, 0x84, 0x99, 0x30,
0xb9, 0xd6, 0x09, 0x25, 0x5e, 0xfb, 0x8f, 0xd3 },
{
0xa9, 0x89, 0x29, 0x70, 0xe4, 0x55, 0xec, 0x97, 0xfb, 0x24, 0x5b, 0xf9,
0xf1, 0xa3, 0x19, 0x3d, 0xf1, 0x31, 0x14, 0xcd, 0x2a, 0xed, 0x21, 0xc8,
0xb1, 0x53, 0xad, 0x11, 0x0b, 0x9e, 0x5a, 0xee },
{
0x72, 0xad, 0x8d, 0x7f, 0xfc, 0xb7, 0x68, 0xda, 0x27, 0x60, 0x37, 0xa3,
0x4a, 0x63, 0xe8, 0xa5, 0xc8, 0xcd, 0x36, 0x6a, 0x77, 0x99, 0x0d, 0xa9,
0xb1, 0x5b, 0x2f, 0x47, 0x2e, 0x22, 0xa7, 0x5e },
{
0x95, 0x6e, 0x85, 0x09, 0xe5, 0x04, 0x88, 0x14, 0x28, 0x8d, 0xdf, 0xe6,
0x0d, 0x0f, 0x0d, 0x6b, 0x4e, 0x66, 0x1c, 0x03, 0xb9, 0xaa, 0x2d, 0x45,
0x56, 0x67, 0x5c, 0x55, 0x29, 0xd6, 0x89, 0xd0 },
{
0xe8, 0xf2, 0x14, 0xf9, 0x9b, 0x2b, 0x9f, 0x24, 0x2b, 0x37, 0xbe, 0x86,
0xdb, 0x23, 0x4b, 0xbe, 0x39, 0x57, 0xe8, 0xa9, 0xa5, 0xee, 0x08, 0xf2,
0x75, 0x58, 0xdb, 0xd9, 0x51, 0xc1, 0x46, 0x02 },
{
0x3d, 0x19, 0xaf, 0xa3, 0x0b, 0x21, 0xf7, 0x3d, 0xe7, 0x37, 0x6e, 0x32,
0x13, 0x48, 0x9d, 0xea, 0xe0, 0x90, 0xbf, 0x64, 0x48, 0xf7, 0x1e, 0xcc,
0xf0, 0xbc, 0x92, 0xd7, 0x8a, 0x4a, 0xa8, 0xc1 },
{
0x16, 0x35, 0xb1, 0x66, 0x28, 0xa3, 0x3e, 0x19, 0xf5, 0x2d, 0x92, 0x22,
0x95, 0x48, 0xe8, 0x34, 0x7b, 0x30, 0x50, 0xa2, 0xa0, 0xd9, 0xc2, 0x59,
0x39, 0xf9, 0x8c, 0x69, 0xf2, 0x2a, 0xb9, 0xff },
{
0x32, 0x71, 0xa6, 0x87, 0x0c, 0x97, 0x42, 0x07, 0xdd, 0x5f, 0xc9, 0x44,
0xa5, 0x7c, 0x50, 0x14, 0xfd, 0xe7, 0x5f, 0x8b, 0xd3, 0x2f, 0xdc, 0x9b,
0xa9, 0x93, 0x22, 0x19, 0xe6, 0xf2, 0x0c, 0xd8 }
},
#endif
#ifdef WOLFSSL_SHA384
{ /* 26 */
WC_HASH_TYPE_SHA384, 35, 35,
{ /* PSK */
0x62, 0x83, 0x25, 0xc7, 0xcc, 0x08, 0x5e, 0x63,
0x64, 0x56, 0xf0, 0xc6, 0x88, 0x27, 0x5a, 0x5b,
0x68, 0x59, 0x0b, 0x14, 0x55, 0x13, 0x2e, 0xfd,
0x8f, 0x28, 0x5b, 0x3d, 0xe3, 0xad, 0x67, 0xe4,
0x68, 0xba, 0xf9
},
{ /* DHE */
0xa8, 0xb1, 0xab, 0xd8, 0xc8, 0x5b, 0x52, 0xdf,
0x7f, 0x49, 0x10, 0xf4, 0xa1, 0x31, 0xd1, 0x91,
0x36, 0xc1, 0x87, 0x5d, 0x42, 0x2a, 0xe7, 0x1d,
0x2c, 0x29, 0x3d, 0x40, 0x64, 0x61, 0x63, 0x76,
0xd8, 0x66, 0xac
},
{ /* Hello 1 */
0x6f, 0xc6, 0x4c, 0xe1, 0xc6, 0x68, 0x34, 0x8c,
0x0a, 0xe1, 0xf8, 0xb8, 0x3e, 0xd4, 0xf8, 0x0b,
0x54, 0x50, 0xe4, 0xc5, 0x4a, 0x33, 0x7d, 0xbd,
0x90, 0xd2, 0xa2, 0xb9, 0xb7, 0x92, 0xed, 0xab,
0x14, 0xf1, 0xe4, 0x86, 0x22, 0x67, 0xd7, 0x44,
0x03, 0x21, 0xdc, 0x51, 0x52, 0x7f, 0x35, 0x80
},
{ /* Hello 2 */
0x3e, 0xcf, 0x2f, 0xc3, 0x87, 0xba, 0xc5, 0xbd,
0x7c, 0xe8, 0x35, 0x5b, 0x95, 0x51, 0x30, 0x3b,
0x08, 0xcc, 0x2a, 0x7d, 0xb5, 0x74, 0x7c, 0x16,
0xb3, 0x0b, 0xe7, 0x61, 0xa3, 0x7c, 0x6c, 0xbd,
0x39, 0x74, 0xfd, 0x1e, 0x4c, 0xff, 0xc8, 0xcc,
0xa0, 0xef, 0x29, 0x4d, 0x94, 0xaa, 0x55, 0x6f,
},
{ /* Finished 1 */
0x06, 0xc1, 0x47, 0x78, 0x66, 0x53, 0x6f, 0x24,
0x94, 0x61, 0x69, 0xec, 0xd8, 0x60, 0x31, 0x2f,
0xbf, 0xd6, 0x8a, 0x29, 0x17, 0xff, 0xa3, 0x88,
0x13, 0x09, 0x8c, 0x9d, 0x6c, 0x64, 0x84, 0x48,
0x44, 0xdd, 0x2d, 0x29, 0x4d, 0xe6, 0x98, 0x2b,
0x45, 0x3b, 0x84, 0x33, 0x79, 0xb2, 0x75, 0x68
},
{ /* Finished 2 */
0x28, 0x1e, 0x18, 0xf7, 0x9c, 0x32, 0xa9, 0xbf,
0x0c, 0x24, 0x58, 0x21, 0xce, 0xbc, 0xf2, 0x44,
0xb1, 0x18, 0xaf, 0x9d, 0xd9, 0x20, 0xf9, 0xf4,
0xed, 0xcc, 0x53, 0x82, 0x66, 0x5c, 0x46, 0x94,
0x8c, 0x36, 0x5e, 0xca, 0x9f, 0xd8, 0x9a, 0xd3,
0xf0, 0xe1, 0x53, 0x71, 0xdd, 0x19, 0x1e, 0x59
},
{
0xd0, 0xef, 0xa8, 0xcb, 0x5b, 0x14, 0x0f, 0x0a, 0x62, 0xba, 0x5a, 0xb1,
0xc5, 0xb5, 0x3f, 0x11, 0xda, 0xa1, 0x0c, 0x9c, 0xb4, 0x32, 0x48, 0x4e,
0xfa, 0x84, 0x4f, 0xe4, 0xe7, 0x91, 0x8f, 0x42, 0x3f, 0xc7, 0x4e, 0xd3,
0x83, 0x3d, 0x7f, 0x70, 0x12, 0xee, 0x9a, 0x37, 0x01, 0xbb, 0x14, 0xd3
},
{
0x48, 0x6f, 0x77, 0x1d, 0x39, 0x1b, 0xa5, 0x9a, 0x76, 0xd9, 0x1d, 0x7d,
0xb3, 0xd9, 0xb9, 0x78, 0x35, 0x0f, 0xd0, 0xe1, 0x07, 0x1f, 0x8d, 0xe5,
0x75, 0x00, 0xda, 0xc0, 0x19, 0x01, 0xfb, 0x08, 0x35, 0xe7, 0x18, 0x8f,
0xf0, 0x19, 0xfb, 0x46, 0xf6, 0xa5, 0x77, 0x0e, 0x90, 0x38, 0x8b, 0x15
},
{
0x80, 0x8c, 0xa7, 0x24, 0x97, 0xf9, 0xd3, 0x52, 0xb0, 0x69, 0x9d, 0x4b,
0xa4, 0x19, 0x4a, 0xb1, 0x46, 0x53, 0x3a, 0xc8, 0xe4, 0x02, 0x69, 0xf2,
0xe7, 0xb6, 0x1d, 0x33, 0x51, 0xcc, 0x14, 0x40, 0x4a, 0xb0, 0xe7, 0x58,
0x84, 0xba, 0xc2, 0x14, 0x58, 0x6b, 0xb9, 0xdc, 0x50, 0x98, 0x67, 0x01
},
{
0xb1, 0xa8, 0xc0, 0x06, 0xb3, 0x2e, 0xa7, 0x8a, 0x6a, 0x12, 0x88, 0x00,
0x65, 0x88, 0x9c, 0x5d, 0x35, 0xee, 0xe5, 0x51, 0x0b, 0x62, 0xf8, 0x67,
0xe5, 0xef, 0x15, 0x1f, 0x23, 0x02, 0x74, 0x08, 0x9c, 0xc8, 0xba, 0x27,
0x5d, 0x32, 0x19, 0x6f, 0x6d, 0x5d, 0x72, 0x5e, 0x15, 0xde, 0x30, 0xc3
},
{
0xfd, 0xce, 0xf5, 0x65, 0x45, 0x84, 0xfb, 0x8c, 0x79, 0xa4, 0x6c, 0x1b,
0x0e, 0x1b, 0xfd, 0x26, 0xa2, 0x53, 0xf4, 0x4e, 0x00, 0x4d, 0x4b, 0x0b,
0x24, 0x6d, 0x35, 0x35, 0xd9, 0x97, 0x70, 0xc5, 0xf4, 0xee, 0xe3, 0xba,
0x31, 0x1e, 0x2a, 0x42, 0xcb, 0xdf, 0x40, 0xb1, 0x14, 0xb8, 0x53, 0xce
},
{
0xbb, 0xb3, 0x26, 0x7c, 0x22, 0x21, 0x9b, 0x72, 0x32, 0xa1, 0x97, 0xfb,
0x78, 0x8c, 0xbe, 0x3d, 0x71, 0x45, 0xb8, 0xf5, 0x24, 0x8f, 0x0f, 0xac,
0x42, 0x5b, 0x81, 0xe8, 0xd0, 0x71, 0x4a, 0xcb, 0x32, 0x3f, 0x03, 0xfb,
0xec, 0x6a, 0x1f, 0x76, 0x80, 0x65, 0x01, 0x7a, 0x3d, 0xce, 0xc4, 0xdf
},
{
0x3f, 0xcf, 0x2f, 0x63, 0x94, 0x94, 0x99, 0xfd, 0x04, 0x3a, 0x89, 0x83,
0xcf, 0x06, 0x05, 0xec, 0x20, 0x3e, 0x5f, 0x51, 0x9d, 0x6e, 0x4a, 0xc6,
0xf1, 0x2b, 0x37, 0x17, 0x34, 0x72, 0x6e, 0x1d, 0x2a, 0xfd, 0xc7, 0x73,
0xb5, 0x07, 0x22, 0x81, 0x32, 0x2e, 0x21, 0x85, 0xaf, 0x10, 0xb2, 0x73
},
{
0x52, 0x0c, 0x3d, 0x2e, 0x2d, 0x4a, 0x11, 0xae, 0x96, 0x78, 0xe9, 0x5b,
0xd8, 0x0f, 0x6c, 0xf4, 0xbd, 0x96, 0x13, 0x55, 0x88, 0xdd, 0xa3, 0x67,
0x36, 0x86, 0x1e, 0x0b, 0x36, 0x41, 0xec, 0xf6, 0x04, 0xb2, 0xc4, 0x16,
0xbc, 0x2c, 0xdb, 0x30, 0x02, 0x94, 0xd4, 0x42, 0xbf, 0x38, 0xee, 0x9d
}
},
{ /* 36 */
WC_HASH_TYPE_SHA384, 0, 33,
{ 0 }, /* PSK */
{ /* DHE */
0xd3, 0x00, 0x72, 0x9a, 0xa8, 0xc5, 0xf3, 0xc4,
0xf1, 0xa0, 0x26, 0x89, 0x65, 0x70, 0xc7, 0x0b,
0x77, 0xbb, 0xe1, 0x4b, 0x2b, 0xa8, 0x4f, 0xa6,
0x09, 0x4b, 0xba, 0x45, 0x36, 0x15, 0xee, 0x68,
0xfd
},
{ /* Hello 1 */
0x10, 0x9d, 0x8b, 0xa2, 0x93, 0xe7, 0xd3, 0xb9,
0xb4, 0x0f, 0xeb, 0x6a, 0xb9, 0x69, 0xcb, 0x39,
0x16, 0x29, 0xcc, 0xd3, 0xcc, 0x1a, 0x4c, 0x1b,
0x53, 0x7c, 0x33, 0x88, 0x06, 0xbc, 0x0a, 0x02,
0xa0, 0xbe, 0x62, 0xc0, 0xe6, 0x5e, 0x97, 0x5b,
0x6a, 0xa1, 0x98, 0xf3, 0xd2, 0x1e, 0xcd, 0xc5
},
{ /* Hello 2 */
0x74, 0xc0, 0x07, 0x2c, 0xc1, 0x63, 0xcc, 0x11,
0xad, 0x1a, 0x55, 0x63, 0xbc, 0x20, 0x77, 0x96,
0x30, 0x1c, 0x68, 0x45, 0x1e, 0x9b, 0xa7, 0xb4,
0xf3, 0x04, 0x45, 0x16, 0x76, 0x55, 0xf9, 0xdf,
0x4b, 0x2f, 0x1a, 0xdf, 0x5a, 0xb0, 0x93, 0xc9,
0xab, 0xf5, 0x32, 0x47, 0x79, 0x9c, 0x01, 0xeb
},
{ /* Finished 1 */
0x27, 0x08, 0x8e, 0xa5, 0xf1, 0x30, 0xe1, 0xd6,
0x4f, 0xa2, 0x9e, 0x3b, 0x03, 0x2d, 0x2e, 0xa3,
0x84, 0x75, 0x51, 0x3a, 0xc3, 0xf6, 0xee, 0x2e,
0x37, 0x0c, 0xe3, 0x28, 0x46, 0xa5, 0x2d, 0xc7,
0xf0, 0x64, 0x78, 0x53, 0x66, 0x43, 0x02, 0xa4,
0x7a, 0x43, 0x66, 0x4b, 0xa7, 0xcb, 0x97, 0x16
},
{ /* Finished 2 */
0x1d, 0x0d, 0xf8, 0xe1, 0x81, 0xa5, 0xbd, 0xa8,
0x6f, 0x9d, 0x01, 0xa4, 0x9a, 0x92, 0xe2, 0xef,
0x08, 0xab, 0xef, 0x3e, 0x2d, 0xd4, 0x82, 0xac,
0x68, 0x9d, 0xe0, 0x54, 0x17, 0xde, 0x1a, 0xed,
0x57, 0xcb, 0xd9, 0x2d, 0xc8, 0xbc, 0x93, 0xe6,
0xa3, 0xec, 0xde, 0xee, 0xa1, 0x1c, 0x41, 0x85
},
{
0x7f, 0x1f, 0xe6, 0x7b, 0xd8, 0xf5, 0x2b, 0x37, 0xbe, 0xb7, 0xd0, 0x37,
0xce, 0x46, 0xad, 0x04, 0x2f, 0xc7, 0xdb, 0xc9, 0x9a, 0xb6, 0x00, 0x3f,
0xc1, 0x97, 0xe9, 0x5c, 0x5e, 0x14, 0xd1, 0x38, 0x4d, 0x55, 0xe1, 0x07,
0xb5, 0x85, 0x6d, 0xfa, 0xa7, 0x66, 0xad, 0xfa, 0xb6, 0xad, 0x29, 0x44
},
{
0x4e, 0x6b, 0x20, 0x99, 0x55, 0x1b, 0x21, 0x89, 0xb6, 0x70, 0xdb, 0xe8,
0xa7, 0x16, 0x55, 0xf2, 0x93, 0x13, 0x90, 0x7d, 0xfa, 0x62, 0x65, 0x53,
0xa0, 0x97, 0xe9, 0xb4, 0xc0, 0xf1, 0xc9, 0x1a, 0x67, 0xdd, 0xca, 0x57,
0xbc, 0xca, 0x39, 0xe6, 0x39, 0x6b, 0x63, 0x47, 0x25, 0x08, 0x3a, 0xd7
},
{
0x35, 0x0d, 0xac, 0xd8, 0x10, 0x6a, 0x46, 0x50, 0x66, 0xae, 0x02, 0xc9,
0xde, 0x13, 0x48, 0xce, 0x53, 0xd4, 0x92, 0x62, 0xc5, 0x65, 0x10, 0x08,
0xc2, 0xc2, 0x82, 0xed, 0x9d, 0xc9, 0x6f, 0xa8, 0xc3, 0xc1, 0x0b, 0x7c,
0xe1, 0x97, 0x85, 0xd6, 0x46, 0x29, 0x0e, 0x42, 0x51, 0xc1, 0x35, 0xcf
},
{
0x3d, 0x5d, 0x84, 0xbd, 0x16, 0x46, 0x34, 0xb3, 0xf6, 0x31, 0x49, 0x3e,
0x8d, 0xdc, 0xcb, 0x8c, 0x6a, 0x42, 0xf4, 0x88, 0xfc, 0x19, 0xfa, 0xa2,
0x25, 0xc7, 0xa0, 0xa4, 0xca, 0xf0, 0xea, 0x2d, 0xe8, 0xc4, 0x02, 0x14,
0x63, 0xfb, 0xd3, 0x7b, 0x51, 0x1c, 0xce, 0xca, 0xa3, 0xc3, 0xe4, 0xa5
},
{
0x7c, 0x3a, 0x55, 0x92, 0x2e, 0xdd, 0x75, 0xdd, 0x76, 0x54, 0x4a, 0x9f,
0xd0, 0xa2, 0x88, 0x83, 0xe9, 0x27, 0xda, 0x30, 0xe9, 0x96, 0x58, 0xc5,
0xb7, 0x56, 0xfc, 0x4b, 0xb8, 0x5d, 0xee, 0x46, 0x70, 0x4e, 0x1b, 0x06,
0x86, 0xaf, 0x48, 0x5c, 0x17, 0x35, 0xfa, 0x69, 0xc2, 0x4d, 0xfb, 0x09
},
{
0x00, 0x0e, 0x28, 0x51, 0xc1, 0x7f, 0x41, 0x89, 0x6f, 0x9a, 0xca, 0x15,
0xee, 0xed, 0x43, 0xca, 0x6d, 0x65, 0x6f, 0x51, 0x18, 0x6c, 0x08, 0x4b,
0x77, 0xca, 0x75, 0xc4, 0xc3, 0xde, 0x29, 0x41, 0x8b, 0xaf, 0xa7, 0x1c,
0x28, 0x37, 0xa0, 0xa0, 0x74, 0x8e, 0x09, 0x42, 0x7a, 0x1b, 0x68, 0xdb
},
{
0x14, 0x8f, 0xab, 0x28, 0x64, 0xea, 0x45, 0x88, 0xdb, 0xc1, 0xc6, 0xa0,
0x48, 0xdf, 0x15, 0xd0, 0x28, 0x07, 0x2d, 0x6c, 0xb8, 0x42, 0xbb, 0x60,
0x02, 0x08, 0x9e, 0x29, 0x9b, 0x8d, 0xd6, 0x1c, 0xaf, 0xf2, 0x1a, 0xdc,
0xf0, 0x78, 0x0b, 0x4d, 0x90, 0xa1, 0x0c, 0xb3, 0x13, 0xde, 0xca, 0x5a
},
{
0x4d, 0x80, 0x7d, 0x0b, 0xb9, 0x00, 0x6f, 0x65, 0x51, 0x65, 0x23, 0xde,
0x72, 0xdc, 0x4f, 0x04, 0xa5, 0xa2, 0x90, 0x45, 0x51, 0x9e, 0xd0, 0x3a,
0xe4, 0xd7, 0x78, 0xa3, 0x0f, 0x2d, 0x65, 0x12, 0xad, 0xc8, 0x92, 0x30,
0x79, 0x9d, 0x9d, 0x08, 0x7a, 0x9c, 0x9f, 0x83, 0xb1, 0xca, 0x59, 0x56
}
},
{ /* 41 */
WC_HASH_TYPE_SHA384, 33, 0,
{ /* PSK */
0xa4, 0x8b, 0x1b, 0x5f, 0xd0, 0xea, 0x75, 0x62,
0x06, 0x4d, 0x68, 0x40, 0x85, 0x20, 0x45, 0x95,
0x4a, 0x00, 0xca, 0x05, 0xeb, 0xd4, 0x1d, 0x48,
0x81, 0x89, 0xe8, 0x86, 0x43, 0xfa, 0x28, 0x17,
0x12
},
{ 0 }, /* DHE */
{ /* Hello 1 */
0x03, 0x7c, 0x33, 0x75, 0xdc, 0xc5, 0x46, 0x3a,
0x0d, 0x56, 0xc6, 0xfb, 0xab, 0x1e, 0x1d, 0xda,
0x59, 0xc2, 0xb2, 0xb1, 0x7c, 0x48, 0x9b, 0x06,
0x0a, 0x5a, 0xbb, 0xf8, 0x98, 0x53, 0x78, 0x2d,
0xd2, 0xcc, 0x87, 0x68, 0x25, 0xdd, 0x88, 0x22,
0xcd, 0xb7, 0x74, 0x55, 0x21, 0xf9, 0x34, 0x98
},
{ /* Hello 2 */
0x03, 0xb4, 0xfb, 0xcc, 0x28, 0x2c, 0xc1, 0x70,
0x42, 0x73, 0x57, 0xac, 0xdb, 0x47, 0x71, 0xf6,
0x2e, 0x11, 0x8a, 0x5b, 0x47, 0x2f, 0x02, 0x54,
0x95, 0x34, 0xed, 0x5f, 0x19, 0xc1, 0x75, 0xe0,
0x76, 0xad, 0xb0, 0x90, 0x57, 0xcd, 0xfd, 0xd7,
0x58, 0x1f, 0x0d, 0x6b, 0x9e, 0x51, 0x3c, 0x08
},
{ /* Finished 1 */
0x2b, 0x50, 0xd9, 0xa7, 0x43, 0x24, 0xda, 0x2c,
0x7a, 0xaa, 0x0e, 0x37, 0xd7, 0x6b, 0x2c, 0xab,
0x8e, 0xb2, 0xfe, 0x31, 0x1b, 0xa8, 0x12, 0x59,
0x5b, 0x7b, 0xdc, 0x3e, 0xa7, 0x86, 0xa5, 0x48,
0xe4, 0x46, 0x2b, 0x4c, 0xc1, 0x66, 0x4b, 0xf3,
0x2a, 0x99, 0x93, 0x08, 0xbc, 0x3d, 0x08, 0x76
},
{ /* Finished 2 */
0x7c, 0x34, 0xc8, 0x56, 0x17, 0xf1, 0x62, 0x1c,
0x9f, 0x0b, 0xeb, 0xfd, 0x69, 0x72, 0x51, 0xc5,
0xfa, 0x74, 0x87, 0xc9, 0xbd, 0x50, 0xe9, 0x48,
0xa7, 0x3c, 0x94, 0x3e, 0x06, 0x7d, 0xe8, 0x8e,
0xc1, 0xd1, 0x08, 0x1f, 0x5d, 0x48, 0x8a, 0x25,
0xfc, 0xea, 0xe7, 0xd9, 0xd4, 0xd0, 0xf9, 0xad
},
{
0x4b, 0x0b, 0xed, 0xb9, 0xc8, 0xb8, 0xa8, 0x1e, 0xb0, 0x81, 0x76, 0xd5,
0x33, 0x22, 0x71, 0x33, 0x3a, 0x85, 0x19, 0x67, 0x7e, 0x91, 0x37, 0xf2,
0xa6, 0x11, 0x22, 0xdf, 0x41, 0x04, 0x3d, 0xa9, 0x13, 0xb9, 0xb2, 0xb1,
0xbb, 0xd8, 0xef, 0x23, 0x7c, 0xc2, 0xab, 0x70, 0x1b, 0x51, 0x9f, 0xc9
},
{
0xeb, 0x96, 0x10, 0x8c, 0x7d, 0x92, 0xea, 0x80, 0x86, 0xb2, 0xf8, 0x27,
0xf2, 0x9a, 0x09, 0xc1, 0x7c, 0x09, 0x43, 0xbc, 0xfe, 0xc8, 0x75, 0xe0,
0x97, 0xe7, 0x6d, 0xd5, 0xb2, 0x3c, 0xed, 0x12, 0xb7, 0x74, 0x0e, 0xe3,
0xb6, 0xe0, 0xba, 0xe1, 0x8d, 0x89, 0xcf, 0x4f, 0x57, 0xf6, 0x6d, 0x90
},
{
0x22, 0xb0, 0x39, 0x34, 0xb6, 0x6c, 0x2d, 0x7a, 0x97, 0x1c, 0x5d, 0xcc,
0x78, 0x84, 0x71, 0xbb, 0xc6, 0x7b, 0xb6, 0xbc, 0xcc, 0x0b, 0xf8, 0xac,
0x8e, 0xd7, 0x20, 0xbd, 0xbe, 0x32, 0xf0, 0xd6, 0xe9, 0x69, 0x13, 0xf2,
0x9a, 0xce, 0xfe, 0x86, 0xd3, 0xee, 0xba, 0x69, 0x51, 0xb6, 0x77, 0x56
},
{
0x16, 0xfd, 0xda, 0xf3, 0x5e, 0xb9, 0xa6, 0x17, 0x24, 0xb2, 0x16, 0x9f,
0xb6, 0x59, 0x13, 0x0f, 0x25, 0x5a, 0xf1, 0x5b, 0x5f, 0xe4, 0x54, 0x2a,
0xa7, 0xbf, 0x29, 0xaf, 0x5a, 0x77, 0xf4, 0x4f, 0x25, 0xba, 0x94, 0xad,
0x6b, 0x91, 0x3b, 0xe7, 0xd5, 0x73, 0x0d, 0xff, 0xaa, 0xe3, 0x72, 0x2c
},
{
0x22, 0xb4, 0x94, 0xc0, 0x53, 0xd7, 0x82, 0x06, 0x38, 0x9d, 0x4a, 0xa0,
0x3f, 0xf1, 0x5f, 0x6e, 0x23, 0x8d, 0x09, 0x62, 0xbf, 0x6f, 0x7c, 0x84,
0xc6, 0x3e, 0x15, 0xad, 0x18, 0x37, 0x76, 0x29, 0xc7, 0xd6, 0x68, 0x0c,
0x1e, 0xc6, 0x93, 0x31, 0xef, 0x85, 0x69, 0x30, 0x68, 0xf0, 0x1e, 0x37
},
{
0x6d, 0x4d, 0x20, 0xaf, 0x47, 0xe8, 0x1b, 0xfa, 0xd0, 0xb6, 0xc8, 0x97,
0xd1, 0x03, 0xfc, 0x9d, 0x59, 0xa0, 0x68, 0x9d, 0xe9, 0x17, 0x8b, 0xce,
0x48, 0x2c, 0x77, 0x8a, 0x22, 0x4b, 0x5c, 0x54, 0x22, 0xa1, 0x15, 0x12,
0xe1, 0x07, 0x8e, 0x15, 0xd8, 0x7b, 0x16, 0x65, 0x99, 0x6b, 0xcb, 0x71
},
{
0x79, 0x64, 0x79, 0xdd, 0x75, 0x5c, 0x6f, 0x98, 0xac, 0x03, 0xe0, 0xcd,
0x92, 0xba, 0x0e, 0x2d, 0xb4, 0xd1, 0x8b, 0x97, 0xd0, 0x85, 0xbb, 0x2e,
0x4f, 0x26, 0x93, 0xf5, 0x1d, 0xf3, 0xd2, 0x43, 0x4f, 0xd2, 0x47, 0xaa,
0x91, 0x1e, 0xf3, 0x67, 0x10, 0x18, 0x2c, 0xb9, 0x01, 0xba, 0x10, 0x9f
},
{
0x79, 0xb6, 0x9c, 0xbe, 0xf1, 0x6a, 0xb0, 0x92, 0xa0, 0x29, 0x52, 0x61,
0xf1, 0xcd, 0x3a, 0x67, 0xe1, 0x6b, 0xb8, 0x9d, 0x0d, 0x95, 0xb6, 0x03,
0x80, 0x1f, 0xd5, 0x75, 0xb6, 0x1d, 0x79, 0x02, 0x93, 0x43, 0x77, 0xa7,
0x9d, 0x2f, 0xc3, 0x84, 0xc6, 0x83, 0x76, 0x16, 0x06, 0x98, 0x7b, 0x79
}
},
#endif /* WOLFSSL_SHA384 */
};
static const char protocolLabel[] = "tls13 ";
static const char ceTrafficLabel[] = "c e traffic";
static const char eExpMasterLabel[] = "e exp master";
static const char cHsTrafficLabel[] = "c hs traffic";
static const char sHsTrafficLabel[] = "s hs traffic";
static const char cAppTrafficLabel[] = "c ap traffic";
static const char sAppTrafficLabel[] = "s ap traffic";
static const char expMasterLabel[] = "exp master";
static const char resMasterLabel[] = "res master";
static const char derivedLabel[] = "derived";
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls13_kdf_test(void)
{
wc_test_ret_t ret = 0;
word32 i;
word32 tc = sizeof(tls13KdfTestVectors)/sizeof(Tls13KdfTestVector);
const Tls13KdfTestVector* tv = NULL;
WOLFSSL_ENTER("tls13_kdf_test");
for (i = 0, tv = tls13KdfTestVectors; i < tc; i++, tv++) {
byte output[WC_MAX_DIGEST_SIZE];
byte secret[WC_MAX_DIGEST_SIZE];
byte salt[WC_MAX_DIGEST_SIZE];
byte zeroes[WC_MAX_DIGEST_SIZE];
byte hashZero[WC_MAX_DIGEST_SIZE];
int hashAlgSz;
XMEMSET(zeroes, 0, sizeof zeroes);
hashAlgSz = wc_HashGetDigestSize(tv->hashAlg);
if (hashAlgSz == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) break;
ret = wc_Hash(tv->hashAlg, NULL, 0, hashZero, (word32)hashAlgSz);
if (ret != 0) break;
ret = wc_Tls13_HKDF_Extract(secret, NULL, 0,
(tv->pskSz == 0) ? zeroes : (byte*)tv->psk,
tv->pskSz, (int)tv->hashAlg);
if (ret != 0) break;
ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
secret, (word32)hashAlgSz,
(byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
(byte*)ceTrafficLabel, (word32)XSTRLEN(ceTrafficLabel),
tv->hashHello1, (word32)hashAlgSz, (int)tv->hashAlg);
if (ret != 0) break;
ret = XMEMCMP(tv->clientEarlyTrafficSecret, output,
(unsigned long)hashAlgSz);
if (ret != 0) break;
ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
secret, (word32)hashAlgSz,
(byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
(byte*)eExpMasterLabel, (word32)XSTRLEN(eExpMasterLabel),
tv->hashHello1, (word32)hashAlgSz, (int)tv->hashAlg);
if (ret != 0) break;
ret = XMEMCMP(tv->earlyExporterMasterSecret, output,
(unsigned long)hashAlgSz);
if (ret != 0) break;
ret = wc_Tls13_HKDF_Expand_Label(salt, (word32)hashAlgSz,
secret, (word32)hashAlgSz,
(byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
(byte*)derivedLabel, (word32)XSTRLEN(derivedLabel),
hashZero, (word32)hashAlgSz, (int)tv->hashAlg);
if (ret != 0) break;
ret = wc_Tls13_HKDF_Extract(secret, salt, (word32)(word32)hashAlgSz,
(tv->dheSz == 0) ? zeroes : (byte*)tv->dhe,
tv->dheSz, (int)tv->hashAlg);
if (ret != 0) break;
ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
secret, (word32)hashAlgSz,
(byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
(byte*)cHsTrafficLabel, (word32)XSTRLEN(cHsTrafficLabel),
tv->hashHello2, (word32)hashAlgSz, (int)tv->hashAlg);
if (ret != 0) break;
ret = XMEMCMP(tv->clientHandshakeTrafficSecret,
output, (unsigned long)hashAlgSz);
if (ret != 0) break;
ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
secret, (word32)hashAlgSz,
(byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
(byte*)sHsTrafficLabel, (word32)XSTRLEN(sHsTrafficLabel),
tv->hashHello2, (word32)hashAlgSz, (int)tv->hashAlg);
if (ret != 0) break;
ret = XMEMCMP(tv->serverHandshakeTrafficSecret, output,
(unsigned long)hashAlgSz);
if (ret != 0) break;
ret = wc_Tls13_HKDF_Expand_Label(salt, (word32)hashAlgSz,
secret, (word32)hashAlgSz,
(byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
(byte*)derivedLabel, (word32)XSTRLEN(derivedLabel),
hashZero, (word32)hashAlgSz, (int)tv->hashAlg);
if (ret != 0) break;
ret = wc_Tls13_HKDF_Extract(secret, salt, (word32)(word32)hashAlgSz,
zeroes, (word32)(word32)hashAlgSz, (int)tv->hashAlg);
if (ret != 0) break;
ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
secret, (word32)hashAlgSz,
(byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
(byte*)cAppTrafficLabel, (word32)XSTRLEN(cAppTrafficLabel),
tv->hashFinished1, (word32)hashAlgSz, (int)tv->hashAlg);
if (ret != 0) break;
ret = XMEMCMP(tv->clientApplicationTrafficSecret, output,
(unsigned long)hashAlgSz);
if (ret != 0) break;
ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
secret, (word32)hashAlgSz,
(byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
(byte*)sAppTrafficLabel, (word32)XSTRLEN(sAppTrafficLabel),
tv->hashFinished1, (word32)hashAlgSz, (int)tv->hashAlg);
if (ret != 0) break;
ret = XMEMCMP(tv->serverApplicationTrafficSecret, output,
(unsigned long)hashAlgSz);
if (ret != 0) break;
ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
secret, (word32)hashAlgSz,
(byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
(byte*)expMasterLabel, (word32)XSTRLEN(expMasterLabel),
tv->hashFinished1, (word32)hashAlgSz, (int)tv->hashAlg);
if (ret != 0) break;
ret = XMEMCMP(tv->exporterMasterSecret, output, (unsigned long)hashAlgSz);
if (ret != 0) break;
ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz,
secret, (word32)hashAlgSz,
(byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
(byte*)resMasterLabel, (word32)XSTRLEN(resMasterLabel),
tv->hashFinished2, (word32)hashAlgSz, (int)tv->hashAlg);
if (ret != 0) break;
ret = XMEMCMP(tv->resumptionMasterSecret, output,
(unsigned long)hashAlgSz);
if (ret != 0) break;
}
return ret;
}
#endif /* WOLFSSL_TLS13 && !NO_HMAC */
/* source code reference point -- see print_fiducials() below. */
static WC_MAYBE_UNUSED const int fiducial2 = WC_TEST_RET_LN;
#if defined(HAVE_ECC) && defined(HAVE_X963_KDF)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t x963kdf_test(void)
{
wc_test_ret_t ret;
byte kek[128];
#ifndef NO_SHA
/* SHA-1, COUNT = 0
* shared secret length: 192
* SharedInfo length: 0
* key data length: 128
*/
WOLFSSL_SMALL_STACK_STATIC const byte Z[] = {
0x1c, 0x7d, 0x7b, 0x5f, 0x05, 0x97, 0xb0, 0x3d,
0x06, 0xa0, 0x18, 0x46, 0x6e, 0xd1, 0xa9, 0x3e,
0x30, 0xed, 0x4b, 0x04, 0xdc, 0x64, 0xcc, 0xdd
};
WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
0xbf, 0x71, 0xdf, 0xfd, 0x8f, 0x4d, 0x99, 0x22,
0x39, 0x36, 0xbe, 0xb4, 0x6f, 0xee, 0x8c, 0xcc
};
#endif
#ifndef NO_SHA256
/* SHA-256, COUNT = 3
* shared secret length: 192
* SharedInfo length: 0
* key data length: 128
*/
WOLFSSL_SMALL_STACK_STATIC const byte Z2[] = {
0xd3, 0x8b, 0xdb, 0xe5, 0xc4, 0xfc, 0x16, 0x4c,
0xdd, 0x96, 0x7f, 0x63, 0xc0, 0x4f, 0xe0, 0x7b,
0x60, 0xcd, 0xe8, 0x81, 0xc2, 0x46, 0x43, 0x8c
};
WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = {
0x5e, 0x67, 0x4d, 0xb9, 0x71, 0xba, 0xc2, 0x0a,
0x80, 0xba, 0xd0, 0xd4, 0x51, 0x4d, 0xc4, 0x84
};
#endif
#ifdef WOLFSSL_SHA512
/* SHA-512, COUNT = 0
* shared secret length: 192
* SharedInfo length: 0
* key data length: 128
*/
WOLFSSL_SMALL_STACK_STATIC const byte Z3[] = {
0x87, 0xfc, 0x0d, 0x8c, 0x44, 0x77, 0x48, 0x5b,
0xb5, 0x74, 0xf5, 0xfc, 0xea, 0x26, 0x4b, 0x30,
0x88, 0x5d, 0xc8, 0xd9, 0x0a, 0xd8, 0x27, 0x82
};
WOLFSSL_SMALL_STACK_STATIC const byte verify3[] = {
0x94, 0x76, 0x65, 0xfb, 0xb9, 0x15, 0x21, 0x53,
0xef, 0x46, 0x02, 0x38, 0x50, 0x6a, 0x02, 0x45
};
/* SHA-512, COUNT = 0
* shared secret length: 521
* SharedInfo length: 128
* key data length: 1024
*/
WOLFSSL_SMALL_STACK_STATIC const byte Z4[] = {
0x00, 0xaa, 0x5b, 0xb7, 0x9b, 0x33, 0xe3, 0x89,
0xfa, 0x58, 0xce, 0xad, 0xc0, 0x47, 0x19, 0x7f,
0x14, 0xe7, 0x37, 0x12, 0xf4, 0x52, 0xca, 0xa9,
0xfc, 0x4c, 0x9a, 0xdb, 0x36, 0x93, 0x48, 0xb8,
0x15, 0x07, 0x39, 0x2f, 0x1a, 0x86, 0xdd, 0xfd,
0xb7, 0xc4, 0xff, 0x82, 0x31, 0xc4, 0xbd, 0x0f,
0x44, 0xe4, 0x4a, 0x1b, 0x55, 0xb1, 0x40, 0x47,
0x47, 0xa9, 0xe2, 0xe7, 0x53, 0xf5, 0x5e, 0xf0,
0x5a, 0x2d
};
WOLFSSL_SMALL_STACK_STATIC const byte info4[] = {
0xe3, 0xb5, 0xb4, 0xc1, 0xb0, 0xd5, 0xcf, 0x1d,
0x2b, 0x3a, 0x2f, 0x99, 0x37, 0x89, 0x5d, 0x31
};
WOLFSSL_SMALL_STACK_STATIC const byte verify4[] = {
0x44, 0x63, 0xf8, 0x69, 0xf3, 0xcc, 0x18, 0x76,
0x9b, 0x52, 0x26, 0x4b, 0x01, 0x12, 0xb5, 0x85,
0x8f, 0x7a, 0xd3, 0x2a, 0x5a, 0x2d, 0x96, 0xd8,
0xcf, 0xfa, 0xbf, 0x7f, 0xa7, 0x33, 0x63, 0x3d,
0x6e, 0x4d, 0xd2, 0xa5, 0x99, 0xac, 0xce, 0xb3,
0xea, 0x54, 0xa6, 0x21, 0x7c, 0xe0, 0xb5, 0x0e,
0xef, 0x4f, 0x6b, 0x40, 0xa5, 0xc3, 0x02, 0x50,
0xa5, 0xa8, 0xee, 0xee, 0x20, 0x80, 0x02, 0x26,
0x70, 0x89, 0xdb, 0xf3, 0x51, 0xf3, 0xf5, 0x02,
0x2a, 0xa9, 0x63, 0x8b, 0xf1, 0xee, 0x41, 0x9d,
0xea, 0x9c, 0x4f, 0xf7, 0x45, 0xa2, 0x5a, 0xc2,
0x7b, 0xda, 0x33, 0xca, 0x08, 0xbd, 0x56, 0xdd,
0x1a, 0x59, 0xb4, 0x10, 0x6c, 0xf2, 0xdb, 0xbc,
0x0a, 0xb2, 0xaa, 0x8e, 0x2e, 0xfa, 0x7b, 0x17,
0x90, 0x2d, 0x34, 0x27, 0x69, 0x51, 0xce, 0xcc,
0xab, 0x87, 0xf9, 0x66, 0x1c, 0x3e, 0x88, 0x16
};
#endif
WOLFSSL_ENTER("x963kdf_test");
#ifndef NO_SHA
ret = wc_X963_KDF(WC_HASH_TYPE_SHA, Z, sizeof(Z), NULL, 0,
kek, sizeof(verify));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(verify, kek, sizeof(verify)) != 0)
return WC_TEST_RET_ENC_NC;
#endif
#ifndef NO_SHA256
ret = wc_X963_KDF(WC_HASH_TYPE_SHA256, Z2, sizeof(Z2), NULL, 0,
kek, sizeof(verify2));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(verify2, kek, sizeof(verify2)) != 0)
return WC_TEST_RET_ENC_NC;
#endif
#ifdef WOLFSSL_SHA512
ret = wc_X963_KDF(WC_HASH_TYPE_SHA512, Z3, sizeof(Z3), NULL, 0,
kek, sizeof(verify3));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(verify3, kek, sizeof(verify3)) != 0)
return WC_TEST_RET_ENC_NC;
ret = wc_X963_KDF(WC_HASH_TYPE_SHA512, Z4, sizeof(Z4), info4,
sizeof(info4), kek, sizeof(verify4));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(verify4, kek, sizeof(verify4)) != 0)
return WC_TEST_RET_ENC_NC;
#endif
return 0;
}
#endif /* HAVE_X963_KDF */
#if defined(HAVE_HPKE) && \
(defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
defined(HAVE_CURVE448)) && \
defined(HAVE_AESGCM)
/* test null/bad arguments for wc_HpkeInit, a one-shot seal/open round-trip
* with wc_HpkeSealBase/wc_HpkeOpenBase, and auth failure cases (wrong info,
* wrong AAD, tampered ciphertext, wrong receiver key) */
static wc_test_ret_t hpke_test_single(Hpke* hpke, int kem, int kdf, int aead)
{
wc_test_ret_t ret = 0;
int rngRet = 0;
WC_RNG rng[1];
const char* start_text = "this is a test";
const char* info_text = "info";
const char* alt_info_text = "different info";
const char* aad_text = "aad";
const char* alt_aad_text = "different aad";
byte ciphertext[MAX_HPKE_LABEL_SZ];
byte plaintext[MAX_HPKE_LABEL_SZ];
void* receiverKey = NULL;
void* ephemeralKey = NULL;
void* wrongKey = NULL;
#ifdef WOLFSSL_SMALL_STACK
byte *pubKey = NULL; /* public key */
word16 pubKeySz = (word16)HPKE_Npk_MAX;
#else
byte pubKey[HPKE_Npk_MAX]; /* public key */
word16 pubKeySz = (word16)sizeof(pubKey);
#endif
/* NULL hpke */
ret = wc_HpkeInit(NULL, kem, kdf, aead, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
/* bad kem */
ret = wc_HpkeInit(hpke, 0, kdf, aead, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
/* bad kdf */
ret = wc_HpkeInit(hpke, kem, 0, aead, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
/* bad aead */
ret = wc_HpkeInit(hpke, kem, kdf, 0, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
/* valid init */
ret = wc_HpkeInit(hpke, kem, kdf, aead, NULL);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
rngRet = ret = wc_InitRng(rng);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#ifdef WOLFSSL_SMALL_STACK
if (ret == 0) {
pubKey = (byte *)XMALLOC(pubKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (pubKey == NULL)
ret = WC_TEST_RET_ENC_EC(MEMORY_E);
}
#endif
/* Negative test case with NULL argument */
if (ret == 0) {
ret = wc_HpkeGenerateKeyPair(NULL, &receiverKey, rng);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
if (ret == 0) {
ret = wc_HpkeGenerateKeyPair(hpke, NULL, rng);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
if (ret == 0) {
ret = wc_HpkeGenerateKeyPair(hpke, &receiverKey, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
/* generate the keys */
if (ret == 0) {
ret = wc_HpkeGenerateKeyPair(hpke, &ephemeralKey, rng);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
ret = wc_HpkeGenerateKeyPair(hpke, &receiverKey, rng);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
/* Negative test case with NULL argument */
if (ret == 0) {
ret = wc_HpkeSealBase(NULL, ephemeralKey, receiverKey,
(byte*)info_text, (word32)XSTRLEN(info_text),
(byte*)aad_text, (word32)XSTRLEN(aad_text),
(byte*)start_text, (word32)XSTRLEN(start_text),
ciphertext);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
if (ret == 0) {
ret = wc_HpkeSealBase(hpke, NULL, receiverKey,
(byte*)info_text, (word32)XSTRLEN(info_text),
(byte*)aad_text, (word32)XSTRLEN(aad_text),
(byte*)start_text, (word32)XSTRLEN(start_text),
ciphertext);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
if (ret == 0) {
ret = wc_HpkeSealBase(hpke, ephemeralKey, NULL,
(byte*)info_text, (word32)XSTRLEN(info_text),
(byte*)aad_text, (word32)XSTRLEN(aad_text),
(byte*)start_text, (word32)XSTRLEN(start_text),
ciphertext);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
if (ret == 0) {
ret = wc_HpkeSealBase(hpke, ephemeralKey, receiverKey,
(byte*)NULL, (word32)XSTRLEN(info_text),
(byte*)aad_text, (word32)XSTRLEN(aad_text),
(byte*)start_text, (word32)XSTRLEN(start_text),
ciphertext);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
if (ret == 0) {
ret = wc_HpkeSealBase(hpke, ephemeralKey, receiverKey,
(byte*)info_text, (word32)XSTRLEN(info_text),
(byte*)NULL, (word32)XSTRLEN(aad_text),
(byte*)start_text, (word32)XSTRLEN(start_text),
ciphertext);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
if (ret == 0) {
ret = wc_HpkeSealBase(hpke, ephemeralKey, receiverKey,
(byte*)info_text, (word32)XSTRLEN(info_text),
(byte*)aad_text, (word32)XSTRLEN(aad_text),
(byte*)NULL, (word32)XSTRLEN(start_text),
ciphertext);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
if (ret == 0) {
ret = wc_HpkeSealBase(hpke, ephemeralKey, receiverKey,
(byte*)info_text, (word32)XSTRLEN(info_text),
(byte*)aad_text, (word32)XSTRLEN(aad_text),
(byte*)start_text, (word32)XSTRLEN(start_text),
NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
/* seal */
if (ret == 0) {
ret = wc_HpkeSealBase(hpke, ephemeralKey, receiverKey,
(byte*)info_text, (word32)XSTRLEN(info_text),
(byte*)aad_text, (word32)XSTRLEN(aad_text),
(byte*)start_text, (word32)XSTRLEN(start_text),
ciphertext);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
/* Negative test case with NULL argument */
if (ret == 0) {
ret = wc_HpkeSerializePublicKey(NULL, ephemeralKey, pubKey, &pubKeySz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
if (ret == 0) {
ret = wc_HpkeSerializePublicKey(hpke, NULL, pubKey, &pubKeySz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
if (ret == 0) {
ret = wc_HpkeSerializePublicKey(hpke, ephemeralKey, NULL, &pubKeySz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
if (ret == 0) {
ret = wc_HpkeSerializePublicKey(hpke, ephemeralKey, pubKey, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
/* export ephemeral key */
if (ret == 0) {
ret = wc_HpkeSerializePublicKey(hpke, ephemeralKey, pubKey, &pubKeySz);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
/* Negative test case with NULL argument */
if (ret == 0) {
ret = wc_HpkeOpenBase(NULL, receiverKey, pubKey, pubKeySz,
(byte*)info_text, (word32)XSTRLEN(info_text),
(byte*)aad_text, (word32)XSTRLEN(aad_text),
ciphertext, (word32)XSTRLEN(start_text),
plaintext);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
if (ret == 0) {
ret = wc_HpkeOpenBase(hpke, NULL, pubKey, pubKeySz,
(byte*)info_text, (word32)XSTRLEN(info_text),
(byte*)aad_text, (word32)XSTRLEN(aad_text),
ciphertext, (word32)XSTRLEN(start_text),
plaintext);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
if (ret == 0) {
ret = wc_HpkeOpenBase(hpke, receiverKey, NULL, pubKeySz,
(byte*)info_text, (word32)XSTRLEN(info_text),
(byte*)aad_text, (word32)XSTRLEN(aad_text),
ciphertext, (word32)XSTRLEN(start_text),
plaintext);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
if (ret == 0) {
ret = wc_HpkeOpenBase(hpke, receiverKey, pubKey, 0,
(byte*)info_text, (word32)XSTRLEN(info_text),
(byte*)aad_text, (word32)XSTRLEN(aad_text),
ciphertext, (word32)XSTRLEN(start_text),
plaintext);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
if (ret == 0) {
ret = wc_HpkeOpenBase(hpke, receiverKey, pubKey, pubKeySz,
(byte*)NULL, (word32)XSTRLEN(info_text),
(byte*)aad_text, (word32)XSTRLEN(aad_text),
ciphertext, (word32)XSTRLEN(start_text),
plaintext);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
if (ret == 0) {
ret = wc_HpkeOpenBase(hpke, receiverKey, pubKey, pubKeySz,
(byte*)info_text, (word32)XSTRLEN(info_text),
(byte*)NULL, (word32)XSTRLEN(aad_text),
ciphertext, (word32)XSTRLEN(start_text),
plaintext);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
if (ret == 0) {
ret = wc_HpkeOpenBase(hpke, receiverKey, pubKey, pubKeySz,
(byte*)info_text, (word32)XSTRLEN(info_text),
(byte*)aad_text, (word32)XSTRLEN(aad_text),
NULL, (word32)XSTRLEN(start_text),
plaintext);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
if (ret == 0) {
ret = wc_HpkeOpenBase(hpke, receiverKey, pubKey, pubKeySz,
(byte*)info_text, (word32)XSTRLEN(info_text),
(byte*)aad_text, (word32)XSTRLEN(aad_text),
ciphertext, (word32)XSTRLEN(start_text),
NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
/* wrong info */
if (ret == 0) {
ret = wc_HpkeOpenBase(hpke, receiverKey, pubKey, pubKeySz,
(byte*)alt_info_text, (word32)XSTRLEN(alt_info_text),
(byte*)aad_text, (word32)XSTRLEN(aad_text),
ciphertext, (word32)XSTRLEN(start_text), plaintext);
if (ret == 0)
ret = WC_TEST_RET_ENC_NC;
else
ret = 0;
}
/* wrong AAD */
if (ret == 0) {
ret = wc_HpkeOpenBase(hpke, receiverKey, pubKey, pubKeySz,
(byte*)info_text, (word32)XSTRLEN(info_text),
(byte*)alt_aad_text, (word32)XSTRLEN(alt_aad_text),
ciphertext, (word32)XSTRLEN(start_text), plaintext);
if (ret == 0)
ret = WC_TEST_RET_ENC_NC;
else
ret = 0;
}
/* tampered ciphertext */
if (ret == 0) {
ciphertext[0] ^= 0xFF;
ret = wc_HpkeOpenBase(hpke, receiverKey, pubKey, pubKeySz,
(byte*)info_text, (word32)XSTRLEN(info_text),
(byte*)aad_text, (word32)XSTRLEN(aad_text),
ciphertext, (word32)XSTRLEN(start_text), plaintext);
ciphertext[0] ^= 0xFF;
if (ret == 0)
ret = WC_TEST_RET_ENC_NC;
else
ret = 0;
}
/* wrong receiver key */
if (ret == 0)
ret = wc_HpkeGenerateKeyPair(hpke, &wrongKey, rng);
if (ret == 0) {
ret = wc_HpkeOpenBase(hpke, wrongKey, pubKey, pubKeySz,
(byte*)info_text, (word32)XSTRLEN(info_text),
(byte*)aad_text, (word32)XSTRLEN(aad_text),
ciphertext, (word32)XSTRLEN(start_text), plaintext);
if (ret == 0)
ret = WC_TEST_RET_ENC_NC;
else
ret = 0;
}
if (wrongKey != NULL) {
wc_HpkeFreeKey(hpke, hpke->kem, wrongKey, hpke->heap);
wrongKey = NULL;
}
/* open with exported ephemeral key */
if (ret == 0) {
ret = wc_HpkeOpenBase(hpke, receiverKey, pubKey, pubKeySz,
(byte*)info_text, (word32)XSTRLEN(info_text),
(byte*)aad_text, (word32)XSTRLEN(aad_text),
ciphertext, (word32)XSTRLEN(start_text),
plaintext);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
ret = XMEMCMP(plaintext, start_text, XSTRLEN(start_text));
if (ret != 0)
ret = WC_TEST_RET_ENC_NC;
}
if (ephemeralKey != NULL)
wc_HpkeFreeKey(hpke, hpke->kem, ephemeralKey, hpke->heap);
if (receiverKey != NULL)
wc_HpkeFreeKey(hpke, hpke->kem, receiverKey, hpke->heap);
WC_FREE_VAR_EX(pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (rngRet == 0)
wc_FreeRng(rng);
return ret;
}
/* test null/bad arguments for the context-based HPKE API
* (wc_HpkeInitSealContext, wc_HpkeContextSealBase, wc_HpkeInitOpenContext,
* wc_HpkeContextOpenBase) and wc_HpkeDeserializePublicKey, a two-message
* seal/open round-trip, out-of-order open rejection, and seq overflow */
static wc_test_ret_t hpke_test_multi(Hpke* hpke)
{
wc_test_ret_t ret = 0;
int rngRet = 0;
WC_RNG rng[1];
const char* start_text = "this is a test";
const char* info_text = "info";
const char* aad_text = "aad";
byte ciphertexts[2][MAX_HPKE_LABEL_SZ];
byte plaintext[MAX_HPKE_LABEL_SZ];
void* receiverKey = NULL;
void* ephemeralKey = NULL;
void* deserializedKey = NULL;
#ifdef WOLFSSL_SMALL_STACK
HpkeBaseContext* context = NULL;
byte* pubKey = NULL;
word16 pubKeySz = (word16)HPKE_Npk_MAX;
#else
HpkeBaseContext context[1];
byte pubKey[HPKE_Npk_MAX];
word16 pubKeySz = (word16)sizeof(pubKey);
#endif
rngRet = ret = wc_InitRng(rng);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#ifdef WOLFSSL_SMALL_STACK
pubKey = (byte*)XMALLOC(pubKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (pubKey == NULL)
ret = MEMORY_E;
if (ret == 0)
context = (HpkeBaseContext*)XMALLOC(sizeof(HpkeBaseContext), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (context == NULL)
ret = MEMORY_E;
#endif
/* generate the keys */
if (ret == 0)
ret = wc_HpkeGenerateKeyPair(hpke, &ephemeralKey, rng);
if (ret == 0)
ret = wc_HpkeGenerateKeyPair(hpke, &receiverKey, rng);
/* Negative test case with NULL argument */
if (ret == 0) {
ret = wc_HpkeInitSealContext(NULL, context, ephemeralKey, receiverKey,
(byte*)info_text, (word32)XSTRLEN(info_text));
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
if (ret == 0) {
ret = wc_HpkeInitSealContext(hpke, NULL, ephemeralKey, receiverKey,
(byte*)info_text, (word32)XSTRLEN(info_text));
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
if (ret == 0) {
ret = wc_HpkeInitSealContext(hpke, context, NULL, receiverKey,
(byte*)info_text, (word32)XSTRLEN(info_text));
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
if (ret == 0) {
ret = wc_HpkeInitSealContext(hpke, context, ephemeralKey, NULL,
(byte*)info_text, (word32)XSTRLEN(info_text));
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
/* NULL info with non-zero infoSz */
if (ret == 0) {
ret = wc_HpkeInitSealContext(hpke, context, ephemeralKey, receiverKey,
NULL, (word32)XSTRLEN(info_text));
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
/* infoSz too large to fit in labeled_ikm scratch buffer */
if (ret == 0) {
/* prefer ciphertexts[0] to info_text for this test since static
* analysis may throw an error */
ret = wc_HpkeInitSealContext(hpke, context, ephemeralKey, receiverKey,
ciphertexts[0], MAX_HPKE_LABEL_SZ);
if (ret != WC_NO_ERR_TRACE(BUFFER_E))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
/* initialize a valid seal context for ContextSealBase tests */
if (ret == 0) {
ret = wc_HpkeInitSealContext(hpke, context, ephemeralKey, receiverKey,
(byte*)info_text, (word32)XSTRLEN(info_text));
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
/* Negative test case with NULL argument */
if (ret == 0) {
ret = wc_HpkeContextSealBase(NULL, context,
(byte*)aad_text, (word32)XSTRLEN(aad_text),
(byte*)start_text, (word32)XSTRLEN(start_text), ciphertexts[0]);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
if (ret == 0) {
ret = wc_HpkeContextSealBase(hpke, NULL,
(byte*)aad_text, (word32)XSTRLEN(aad_text),
(byte*)start_text, (word32)XSTRLEN(start_text), ciphertexts[0]);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
/* NULL aad with non-zero aadSz */
if (ret == 0) {
ret = wc_HpkeContextSealBase(hpke, context,
NULL, (word32)XSTRLEN(aad_text),
(byte*)start_text, (word32)XSTRLEN(start_text), ciphertexts[0]);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
if (ret == 0) {
ret = wc_HpkeContextSealBase(hpke, context,
(byte*)aad_text, (word32)XSTRLEN(aad_text),
NULL, (word32)XSTRLEN(start_text), ciphertexts[0]);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
if (ret == 0) {
ret = wc_HpkeContextSealBase(hpke, context,
(byte*)aad_text, (word32)XSTRLEN(aad_text),
(byte*)start_text, (word32)XSTRLEN(start_text), NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
/* seal message 0 */
if (ret == 0) {
ret = wc_HpkeContextSealBase(hpke, context,
(byte*)aad_text, (word32)XSTRLEN(aad_text),
(byte*)start_text, (word32)XSTRLEN(start_text), ciphertexts[0]);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
/* seal message 1 */
if (ret == 0) {
ret = wc_HpkeContextSealBase(hpke, context,
(byte*)aad_text, (word32)XSTRLEN(aad_text),
(byte*)start_text, (word32)XSTRLEN(start_text), ciphertexts[1]);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
/* Negative test case with NULL argument */
if (ret == 0) {
ret = wc_HpkeSerializePublicKey(hpke, ephemeralKey, pubKey, &pubKeySz);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
ret = wc_HpkeDeserializePublicKey(NULL, &deserializedKey, pubKey,
pubKeySz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
if (ret == 0) {
ret = wc_HpkeDeserializePublicKey(hpke, NULL, pubKey, pubKeySz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
if (ret == 0) {
ret = wc_HpkeDeserializePublicKey(hpke, &deserializedKey, NULL,
pubKeySz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
/* inSz = 0 is less than Npk */
if (ret == 0) {
ret = wc_HpkeDeserializePublicKey(hpke, &deserializedKey, pubKey, 0);
if (ret != WC_NO_ERR_TRACE(BUFFER_E))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
/* deserialize result must re-serialize identically */
if (ret == 0) {
ret = wc_HpkeDeserializePublicKey(hpke, &deserializedKey, pubKey,
pubKeySz);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
word16 reSz = (word16)sizeof(plaintext);
ret = wc_HpkeSerializePublicKey(hpke, deserializedKey,
plaintext, &reSz);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
else if (reSz != pubKeySz || XMEMCMP(plaintext, pubKey, pubKeySz) != 0)
ret = WC_TEST_RET_ENC_NC;
}
if (deserializedKey != NULL) {
wc_HpkeFreeKey(hpke, hpke->kem, deserializedKey, hpke->heap);
deserializedKey = NULL;
}
/* Negative test case with NULL argument */
if (ret == 0) {
ret = wc_HpkeInitOpenContext(NULL, context, receiverKey, pubKey,
pubKeySz, (byte*)info_text, (word32)XSTRLEN(info_text));
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
if (ret == 0) {
ret = wc_HpkeInitOpenContext(hpke, NULL, receiverKey, pubKey,
pubKeySz, (byte*)info_text, (word32)XSTRLEN(info_text));
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
if (ret == 0) {
ret = wc_HpkeInitOpenContext(hpke, context, NULL, pubKey,
pubKeySz, (byte*)info_text, (word32)XSTRLEN(info_text));
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
if (ret == 0) {
ret = wc_HpkeInitOpenContext(hpke, context, receiverKey, NULL,
pubKeySz, (byte*)info_text, (word32)XSTRLEN(info_text));
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
if (ret == 0) {
ret = wc_HpkeInitOpenContext(hpke, context, receiverKey, pubKey,
pubKeySz, NULL, (word32)XSTRLEN(info_text));
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
/* initialize a valid open context for ContextOpenBase tests */
if (ret == 0) {
ret = wc_HpkeInitOpenContext(hpke, context, receiverKey, pubKey,
pubKeySz, (byte*)info_text, (word32)XSTRLEN(info_text));
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
/* Negative test case with NULL argument */
if (ret == 0) {
ret = wc_HpkeContextOpenBase(NULL, context,
(byte*)aad_text, (word32)XSTRLEN(aad_text),
ciphertexts[0], (word32)XSTRLEN(start_text), plaintext);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
if (ret == 0) {
ret = wc_HpkeContextOpenBase(hpke, NULL,
(byte*)aad_text, (word32)XSTRLEN(aad_text),
ciphertexts[0], (word32)XSTRLEN(start_text), plaintext);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
/* NULL aad with non-zero aadSz */
if (ret == 0) {
ret = wc_HpkeContextOpenBase(hpke, context,
NULL, (word32)XSTRLEN(aad_text),
ciphertexts[0], (word32)XSTRLEN(start_text), plaintext);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
if (ret == 0) {
ret = wc_HpkeContextOpenBase(hpke, context,
(byte*)aad_text, (word32)XSTRLEN(aad_text),
NULL, (word32)XSTRLEN(start_text), plaintext);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
if (ret == 0) {
ret = wc_HpkeContextOpenBase(hpke, context,
(byte*)aad_text, (word32)XSTRLEN(aad_text),
ciphertexts[0], (word32)XSTRLEN(start_text), NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
/* out-of-order open: try msg1 first */
if (ret == 0) {
ret = wc_HpkeContextOpenBase(hpke, context,
(byte*)aad_text, (word32)XSTRLEN(aad_text),
ciphertexts[1], (word32)XSTRLEN(start_text), plaintext);
if (ret == 0)
ret = WC_TEST_RET_ENC_NC;
else
ret = 0;
}
/* open message 0 */
if (ret == 0) {
ret = wc_HpkeContextOpenBase(hpke, context,
(byte*)aad_text, (word32)XSTRLEN(aad_text),
ciphertexts[0], (word32)XSTRLEN(start_text), plaintext);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
/* check message 0 */
if (ret == 0) {
ret = XMEMCMP(plaintext, start_text, XSTRLEN(start_text));
if (ret != 0)
ret = WC_TEST_RET_ENC_NC;
}
/* open message 1 */
if (ret == 0) {
ret = wc_HpkeContextOpenBase(hpke, context,
(byte*)aad_text, (word32)XSTRLEN(aad_text),
ciphertexts[1], (word32)XSTRLEN(start_text), plaintext);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
/* check message 1 */
if (ret == 0) {
ret = XMEMCMP(plaintext, start_text, XSTRLEN(start_text));
if (ret != 0)
ret = WC_TEST_RET_ENC_NC;
}
/* seal context overflowed */
if (ret == 0) {
ret = wc_HpkeInitSealContext(hpke, context, ephemeralKey, receiverKey,
(byte*)info_text, (word32)XSTRLEN(info_text));
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
context->seq = WC_MAX_SINT_OF(int);
ret = wc_HpkeContextSealBase(hpke, context,
(byte*)aad_text, (word32)XSTRLEN(aad_text),
(byte*)start_text, (word32)XSTRLEN(start_text), ciphertexts[0]);
if (ret != WC_NO_ERR_TRACE(SEQ_OVERFLOW_E))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
/* open context overflowed */
if (ret == 0) {
ret = wc_HpkeInitOpenContext(hpke, context, receiverKey, pubKey,
pubKeySz, (byte*)info_text, (word32)XSTRLEN(info_text));
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
context->seq = WC_MAX_SINT_OF(int);
ret = wc_HpkeContextOpenBase(hpke, context,
(byte*)aad_text, (word32)XSTRLEN(aad_text),
ciphertexts[0], (word32)XSTRLEN(start_text), plaintext);
if (ret != WC_NO_ERR_TRACE(SEQ_OVERFLOW_E))
ret = WC_TEST_RET_ENC_EC(ret);
else
ret = 0;
}
if (ephemeralKey != NULL)
wc_HpkeFreeKey(hpke, hpke->kem, ephemeralKey, hpke->heap);
if (receiverKey != NULL)
wc_HpkeFreeKey(hpke, hpke->kem, receiverKey, hpke->heap);
#ifdef WOLFSSL_SMALL_STACK
if (pubKey != NULL)
XFREE(pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (context != NULL)
XFREE(context, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
if (rngRet == 0)
wc_FreeRng(rng);
return ret;
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void)
{
wc_test_ret_t ret = 0;
Hpke hpke[1];
WOLFSSL_ENTER("hpke_test");
#if defined(HAVE_ECC) && defined(WOLFSSL_AES_128)
#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && !defined(NO_SHA256)
/* p256 */
ret = hpke_test_single(hpke, DHKEM_P256_HKDF_SHA256, HKDF_SHA256,
HPKE_AES_128_GCM);
if (ret != 0)
return ret;
ret = hpke_test_multi(hpke);
if (ret != 0)
return ret;
#endif
#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \
!defined(NO_SHA256) && defined(WOLFSSL_SHA512)
/* p256 with sha512 kdf */
ret = hpke_test_single(hpke, DHKEM_P256_HKDF_SHA256, HKDF_SHA512,
HPKE_AES_128_GCM);
if (ret != 0)
return ret;
ret = hpke_test_multi(hpke);
if (ret != 0)
return ret;
#endif
#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \
defined(WOLFSSL_SHA384)
/* p384 */
ret = hpke_test_single(hpke, DHKEM_P384_HKDF_SHA384, HKDF_SHA384,
HPKE_AES_128_GCM);
if (ret != 0)
return ret;
ret = hpke_test_multi(hpke);
if (ret != 0)
return ret;
#endif
#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \
defined(WOLFSSL_SHA512)
/* p521 */
ret = hpke_test_single(hpke, DHKEM_P521_HKDF_SHA512, HKDF_SHA512,
HPKE_AES_128_GCM);
if (ret != 0)
return ret;
ret = hpke_test_multi(hpke);
if (ret != 0)
return ret;
#endif
#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \
defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512)
/* p521 with sha384 kdf */
ret = hpke_test_single(hpke, DHKEM_P521_HKDF_SHA512, HKDF_SHA384,
HPKE_AES_128_GCM);
if (ret != 0)
return ret;
ret = hpke_test_multi(hpke);
if (ret != 0)
return ret;
#endif
#endif
#if defined(HAVE_CURVE25519) && !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
/* test with curve25519 and aes256 */
ret = hpke_test_single(hpke, DHKEM_X25519_HKDF_SHA256, HKDF_SHA256,
HPKE_AES_256_GCM);
if (ret != 0)
return ret;
ret = hpke_test_multi(hpke);
if (ret != 0)
return ret;
#endif
#if defined(HAVE_CURVE448) && defined(WOLFSSL_SHA512) && \
defined(WOLFSSL_AES_256)
ret = hpke_test_single(hpke, DHKEM_X448_HKDF_SHA512, HKDF_SHA512,
HPKE_AES_256_GCM);
/* HPKE does not support X448 yet, so expect failure */
if (WC_TEST_RET_DEC_EC(ret) != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return ret;
ret = 0; /* reset error code */
#endif
/* TODO: HPKE chacha20 is not implemented */
return ret;
}
#endif /* HAVE_HPKE && (HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448) &&
HAVE_AESGCM */
#if defined(WC_SRTP_KDF)
typedef struct Srtp_Kdf_Tv {
const unsigned char* key;
word32 keySz;
const unsigned char* salt;
word32 saltSz;
int kdfIdx;
const unsigned char* index;
const unsigned char* ke;
const unsigned char* ka;
const unsigned char* ks;
const unsigned char* index_c;
const unsigned char* ke_c;
const unsigned char* ka_c;
const unsigned char* ks_c;
word32 keSz;
word32 kaSz;
word32 ksSz;
} Srtp_Kdf_Tv;
#if !defined(BENCH_EMBEDDED) && !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0))
#define SRTP_KDF_LONG_KEY 5000
#endif
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void)
{
wc_test_ret_t ret = 0;
/* 128-bit key, kdrIdx = -1 */
WOLFSSL_SMALL_STACK_STATIC const byte key_0[] = {
0xc4, 0x80, 0x9f, 0x6d, 0x36, 0x98, 0x88, 0x72,
0x8e, 0x26, 0xad, 0xb5, 0x32, 0x12, 0x98, 0x90
};
WOLFSSL_SMALL_STACK_STATIC const byte salt_0[] = {
0x0e, 0x23, 0x00, 0x6c, 0x6c, 0x04, 0x4f, 0x56,
0x62, 0x40, 0x0e, 0x9d, 0x1b, 0xd6
};
WOLFSSL_SMALL_STACK_STATIC const byte index_0[] = {
0x48, 0x71, 0x65, 0x64, 0x9c, 0xca
};
WOLFSSL_SMALL_STACK_STATIC const byte ke_0[] = {
0xdc, 0x38, 0x21, 0x92, 0xab, 0x65, 0x10, 0x8a,
0x86, 0xb2, 0x59, 0xb6, 0x1b, 0x3a, 0xf4, 0x6f
};
WOLFSSL_SMALL_STACK_STATIC const byte ka_0[] = {
0xb8, 0x39, 0x37, 0xfb, 0x32, 0x17, 0x92, 0xee,
0x87, 0xb7, 0x88, 0x19, 0x3b, 0xe5, 0xa4, 0xe3,
0xbd, 0x32, 0x6e, 0xe4
};
WOLFSSL_SMALL_STACK_STATIC const byte ks_0[] = {
0xf1, 0xc0, 0x35, 0xc0, 0x0b, 0x5a, 0x54, 0xa6,
0x16, 0x92, 0xc0, 0x16, 0x27, 0x6c
};
WOLFSSL_SMALL_STACK_STATIC const byte index_c_0[] = {
0x56, 0xf3, 0xf1, 0x97
};
WOLFSSL_SMALL_STACK_STATIC const byte ke_c_0[] = {
0xab, 0x5b, 0xe0, 0xb4, 0x56, 0x23, 0x5d, 0xcf,
0x77, 0xd5, 0x08, 0x69, 0x29, 0xba, 0xfb, 0x38
};
WOLFSSL_SMALL_STACK_STATIC const byte ka_c_0[] = {
0xc5, 0x2f, 0xde, 0x0b, 0x80, 0xb0, 0xf0, 0xba,
0xd8, 0xd1, 0x56, 0x45, 0xcb, 0x86, 0xe7, 0xc7,
0xc3, 0xd8, 0x77, 0x0e
};
WOLFSSL_SMALL_STACK_STATIC const byte ks_c_0[] = {
0xde, 0xb5, 0xf8, 0x5f, 0x81, 0x33, 0x6a, 0x96,
0x5e, 0xd3, 0x2b, 0xb7, 0xed, 0xe8
};
/* 192-bit key, kdrIdx = 0 */
WOLFSSL_SMALL_STACK_STATIC const byte key_1[] = {
0xbb, 0x04, 0x5b, 0x1f, 0x53, 0xc6, 0x93, 0x2c,
0x2b, 0xa6, 0x88, 0xf5, 0xe3, 0xf2, 0x24, 0x70,
0xe1, 0x7d, 0x7d, 0xec, 0x8a, 0x93, 0x4d, 0xf2
};
WOLFSSL_SMALL_STACK_STATIC const byte salt_1[] = {
0xe7, 0x22, 0xab, 0x92, 0xfc, 0x7c, 0x89, 0xb6,
0x53, 0x8a, 0xf9, 0x3c, 0xb9, 0x52
};
WOLFSSL_SMALL_STACK_STATIC const byte index_1[] = {
0xd7, 0x87, 0x8f, 0x33, 0xb1, 0x76
};
WOLFSSL_SMALL_STACK_STATIC const byte ke_1[] = {
0x2c, 0xc8, 0x3e, 0x54, 0xb2, 0x33, 0x89, 0xb3,
0x71, 0x65, 0x0f, 0x51, 0x61, 0x65, 0xe4, 0x93,
0x07, 0x4e, 0xb3, 0x47, 0xba, 0x2d, 0x60, 0x60
};
WOLFSSL_SMALL_STACK_STATIC const byte ka_1[] = {
0x2e, 0x80, 0xe4, 0x82, 0x55, 0xa2, 0xbe, 0x6d,
0xe0, 0x46, 0xcc, 0xc1, 0x75, 0x78, 0x6e, 0x78,
0xd1, 0xd1, 0x47, 0x08
};
WOLFSSL_SMALL_STACK_STATIC const byte ks_1[] = {
0xe0, 0xc1, 0xe6, 0xaf, 0x1e, 0x8d, 0x8c, 0xfe,
0xe5, 0x60, 0x70, 0xb5, 0xe6, 0xea
};
WOLFSSL_SMALL_STACK_STATIC const byte index_c_1[] = {
0x40, 0xbf, 0xd4, 0xa9
};
WOLFSSL_SMALL_STACK_STATIC const byte ke_c_1[] = {
0x94, 0x0f, 0x55, 0xce, 0x58, 0xd8, 0x16, 0x65,
0xf0, 0xfa, 0x46, 0x40, 0x0c, 0xda, 0xb1, 0x11,
0x9e, 0x69, 0xa0, 0x93, 0x4e, 0xd7, 0xf2, 0x84
};
WOLFSSL_SMALL_STACK_STATIC const byte ka_c_1[] = {
0xf5, 0x41, 0x6f, 0xc2, 0x65, 0xc5, 0xb3, 0xef,
0xbb, 0x22, 0xc8, 0xfc, 0x6b, 0x00, 0x14, 0xb2,
0xf3, 0x3b, 0x8e, 0x29
};
WOLFSSL_SMALL_STACK_STATIC const byte ks_c_1[] = {
0x35, 0xb7, 0x42, 0x43, 0xf0, 0x01, 0x01, 0xb4,
0x68, 0xa1, 0x28, 0x80, 0x37, 0xf0
};
/* 256-bit key, kdrIdx = 1 */
WOLFSSL_SMALL_STACK_STATIC const byte key_2[] = {
0x10, 0x38, 0x0a, 0xcd, 0xd6, 0x47, 0xab, 0xee,
0xc0, 0xd4, 0x44, 0xf4, 0x7e, 0x51, 0x36, 0x02,
0x79, 0xa8, 0x94, 0x80, 0x35, 0x40, 0xed, 0x50,
0xf4, 0x45, 0x30, 0x3d, 0xb5, 0xf0, 0x2b, 0xbb
};
WOLFSSL_SMALL_STACK_STATIC const byte salt_2[] = {
0xc7, 0x31, 0xf2, 0xc8, 0x40, 0x43, 0xb8, 0x74,
0x8a, 0x61, 0x84, 0x7a, 0x25, 0x8a
};
WOLFSSL_SMALL_STACK_STATIC const byte index_2[] = {
0x82, 0xf1, 0x84, 0x8c, 0xac, 0x42
};
WOLFSSL_SMALL_STACK_STATIC const byte ke_2[] = {
0xb2, 0x26, 0x60, 0xaf, 0x08, 0x23, 0x14, 0x98,
0x91, 0xde, 0x5d, 0x87, 0x95, 0x61, 0xca, 0x8f,
0x0e, 0xce, 0xfb, 0x68, 0x4d, 0xd6, 0x28, 0xcb,
0x28, 0xe2, 0x27, 0x20, 0x2d, 0xff, 0x64, 0xbb
};
WOLFSSL_SMALL_STACK_STATIC const byte ka_2[] = {
0x12, 0x6f, 0x52, 0xe8, 0x07, 0x7f, 0x07, 0x84,
0xa0, 0x61, 0x96, 0xf8, 0xee, 0x4d, 0x05, 0x57,
0x65, 0xc7, 0x50, 0xc1
};
WOLFSSL_SMALL_STACK_STATIC const byte ks_2[] = {
0x18, 0x5a, 0x59, 0xe5, 0x91, 0x4d, 0xc9, 0x6c,
0xfa, 0x5b, 0x36, 0x06, 0x8c, 0x9a
};
WOLFSSL_SMALL_STACK_STATIC const byte index_c_2[] = {
0x31, 0x2d, 0x58, 0x15
};
WOLFSSL_SMALL_STACK_STATIC const byte ke_c_2[] = {
0x14, 0xf2, 0xc8, 0x25, 0x02, 0x79, 0x22, 0xa1,
0x96, 0xb6, 0xf7, 0x07, 0x76, 0xa6, 0xa3, 0xc4,
0x37, 0xdf, 0xa0, 0xf8, 0x78, 0x93, 0x2c, 0xfa,
0xea, 0x35, 0xf0, 0xf3, 0x3f, 0x32, 0x6e, 0xfd
};
WOLFSSL_SMALL_STACK_STATIC const byte ka_c_2[] = {
0x6e, 0x3d, 0x4a, 0x99, 0xea, 0x2f, 0x9d, 0x13,
0x4a, 0x1e, 0x71, 0x2e, 0x15, 0xc0, 0xca, 0xb6,
0x35, 0x78, 0xdf, 0xa4
};
WOLFSSL_SMALL_STACK_STATIC const byte ks_c_2[] = {
0xae, 0xe4, 0xec, 0x18, 0x31, 0x70, 0x5d, 0x3f,
0xdc, 0x97, 0x89, 0x88, 0xfd, 0xff
};
/* 128-bit key, kdrIdx = 8 */
WOLFSSL_SMALL_STACK_STATIC const byte key_3[] = {
0x36, 0xb4, 0xde, 0xcb, 0x2e, 0x51, 0x23, 0x76,
0xe0, 0x27, 0x7e, 0x3e, 0xc8, 0xf6, 0x54, 0x04
};
WOLFSSL_SMALL_STACK_STATIC const byte salt_3[] = {
0x73, 0x26, 0xf4, 0x3f, 0xc0, 0xd9, 0xc6, 0xe3,
0x2f, 0x92, 0x7d, 0x46, 0x12, 0x76
};
WOLFSSL_SMALL_STACK_STATIC const byte index_3[] = {
0x44, 0x73, 0xb2, 0x2d, 0xb2, 0x60
};
WOLFSSL_SMALL_STACK_STATIC const byte ke_3[] = {
0x79, 0x91, 0x3d, 0x7b, 0x20, 0x5d, 0xea, 0xe2,
0xeb, 0x46, 0x89, 0x68, 0x5a, 0x06, 0x73, 0x74
};
WOLFSSL_SMALL_STACK_STATIC const byte ka_3[] = {
0x2d, 0x2e, 0x97, 0x4e, 0x76, 0x8c, 0x62, 0xa6,
0x57, 0x80, 0x13, 0x42, 0x0b, 0x51, 0xa7, 0x66,
0xea, 0x31, 0x24, 0xe6
};
WOLFSSL_SMALL_STACK_STATIC const byte ks_3[] = {
0xcc, 0xd7, 0x31, 0xf6, 0x3b, 0xf3, 0x89, 0x8a,
0x5b, 0x7b, 0xb5, 0x8b, 0x4c, 0x3f
};
WOLFSSL_SMALL_STACK_STATIC const byte index_c_3[] = {
0x4a, 0x7d, 0xaa, 0x85
};
WOLFSSL_SMALL_STACK_STATIC const byte ke_c_3[] = {
0x34, 0x99, 0x71, 0xfe, 0x12, 0x93, 0xae, 0x8c,
0x4a, 0xe9, 0x84, 0xe4, 0x93, 0x53, 0x63, 0x88
};
WOLFSSL_SMALL_STACK_STATIC const byte ka_c_3[] = {
0xa4, 0x53, 0x5e, 0x0a, 0x9c, 0xf2, 0xce, 0x13,
0xef, 0x7a, 0x13, 0xee, 0x0a, 0xef, 0xba, 0x17,
0x05, 0x18, 0xe3, 0xed
};
WOLFSSL_SMALL_STACK_STATIC const byte ks_c_3[] = {
0xe1, 0x29, 0x4f, 0x61, 0x30, 0x3c, 0x4d, 0x46,
0x5f, 0x5c, 0x81, 0x3c, 0x38, 0xb6
};
/* SRTCP w/ 48-bit idx - KDR 0 (-1) */
WOLFSSL_SMALL_STACK_STATIC const byte mk48_1[] = {
0xFF, 0xB6, 0xCB, 0x09, 0x71, 0x3F, 0x63, 0x4D,
0x7F, 0x42, 0xED, 0xA8, 0x12, 0x81, 0x50, 0xE6
};
WOLFSSL_SMALL_STACK_STATIC const byte ms48_1[] = {
0x1F, 0x04, 0x76, 0xC8, 0x7F, 0x58, 0x23, 0xEF,
0xD3, 0x57, 0xB2, 0xBD, 0xF1, 0x32
};
WOLFSSL_SMALL_STACK_STATIC const byte srtcp48idx_1[] = {
0x00, 0x00, 0x08, 0x56, 0xBC, 0x39
};
WOLFSSL_SMALL_STACK_STATIC const byte srtcpKe_48_1[] = {
0xD2, 0xC3, 0xF3, 0x49, 0x00, 0x1A, 0x18, 0x0F,
0xB6, 0x05, 0x5A, 0x5A, 0x67, 0x8E, 0xE5, 0xB2
};
WOLFSSL_SMALL_STACK_STATIC const byte srtcpKa_48_1[] = {
0x8D, 0x54, 0xBE, 0xB5, 0x7B, 0x7F, 0x7A, 0xAB,
0xF5, 0x46, 0xCE, 0x5B, 0x45, 0x69, 0x4A, 0x75,
0x81, 0x2A, 0xE2, 0xCB
};
WOLFSSL_SMALL_STACK_STATIC const byte srtcpKs_48_1[] = {
0x76, 0x3C, 0x97, 0x6A, 0x45, 0x31, 0xA7, 0x79,
0x3C, 0x28, 0x4A, 0xA6, 0x82, 0x03
};
/* SRTCP w/ 48-bit idx - KDR 19 */
WOLFSSL_SMALL_STACK_STATIC const byte mk48_2[] = {
0xBD, 0x1D, 0x71, 0x6B, 0xDA, 0x28, 0xE3, 0xFC,
0xA5, 0xA0, 0x66, 0x3F, 0x2E, 0x34, 0xA8, 0x58
};
WOLFSSL_SMALL_STACK_STATIC const byte ms48_2[] = {
0x79, 0x06, 0xE5, 0xAB, 0x5C, 0x2B, 0x1B, 0x69,
0xFA, 0xEE, 0xD2, 0x29, 0x57, 0x3C
};
WOLFSSL_SMALL_STACK_STATIC const byte srtcp48idx_2[] = {
0x00, 0x00, 0x59, 0xD0, 0xC2, 0xE8
};
WOLFSSL_SMALL_STACK_STATIC const byte srtcpKe_48_2[] = {
0xB9, 0xD7, 0xAD, 0xD8, 0x90, 0x94, 0xC2, 0x92,
0xA5, 0x04, 0x87, 0xC4, 0x8C, 0xEF, 0xE2, 0xA3
};
WOLFSSL_SMALL_STACK_STATIC const byte srtcpKa_48_2[] = {
0x07, 0xD5, 0xC4, 0xD2, 0x06, 0xFB, 0x63, 0x15,
0xC2, 0x9C, 0x7F, 0x55, 0xD1, 0x16, 0x5C, 0xB5,
0xB7, 0x44, 0x54, 0xBD
};
WOLFSSL_SMALL_STACK_STATIC const byte srtcpKs_48_2[] = {
0x0C, 0x5E, 0x53, 0xC1, 0xD0, 0x75, 0xAD, 0x65,
0xBF, 0x51, 0x74, 0x50, 0x89, 0xD7
};
int kdr_48_1 = -1;
int kdr_48_2 = 19;
#define SRTP_TV_CNT 4
Srtp_Kdf_Tv tv[SRTP_TV_CNT] = {
{ key_0, (word32)sizeof(key_0), salt_0, (word32)sizeof(salt_0), -1,
index_0, ke_0, ka_0, ks_0, index_c_0, ke_c_0, ka_c_0, ks_c_0,
16, 20, 14 },
{ key_1, (word32)sizeof(key_1), salt_1, (word32)sizeof(salt_1), 0,
index_1, ke_1, ka_1, ks_1, index_c_1, ke_c_1, ka_c_1, ks_c_1,
24, 20, 14 },
{ key_2, (word32)sizeof(key_2), salt_2, (word32)sizeof(salt_2), 1,
index_2, ke_2, ka_2, ks_2, index_c_2, ke_c_2, ka_c_2, ks_c_2,
32, 20, 14 },
{ key_3, (word32)sizeof(key_3), salt_3, (word32)sizeof(salt_3), 8,
index_3, ke_3, ka_3, ks_3, index_c_3, ke_c_3, ka_c_3, ks_c_3,
16, 20, 14 },
};
int i;
int idx;
unsigned char keyE[32];
unsigned char keyA[20];
unsigned char keyS[14];
#ifdef SRTP_KDF_LONG_KEY
WC_DECLARE_VAR(keyELong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT);
WC_DECLARE_VAR(keyALong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT);
WC_DECLARE_VAR(keySLong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT);
#endif
#ifdef SRTP_KDF_LONG_KEY
WC_ALLOC_VAR(keyELong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT);
WC_ALLOC_VAR(keyALong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT);
WC_ALLOC_VAR(keySLong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT);
#endif
WOLFSSL_ENTER("srtpkdf_test");
for (i = 0; (ret == 0) && (i < SRTP_TV_CNT); i++) {
#ifndef WOLFSSL_AES_128
if (tv[i].keySz == AES_128_KEY_SIZE) {
continue;
}
#endif
#ifndef WOLFSSL_AES_192
if (tv[i].keySz == AES_192_KEY_SIZE) {
continue;
}
#endif
#ifndef WOLFSSL_AES_256
if (tv[i].keySz == AES_256_KEY_SIZE) {
continue;
}
#endif
ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(keyE, tv[i].ke, tv[i].keSz) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(keyA, tv[i].ka, tv[i].kaSz) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(keyS, tv[i].ks, tv[i].ksSz) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_SRTP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt,
tv[i].saltSz, tv[i].kdfIdx, tv[i].index, WC_SRTP_LABEL_ENCRYPTION,
keyE, tv[i].keSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(keyE, tv[i].ke, tv[i].keSz) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_SRTP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt,
tv[i].saltSz, tv[i].kdfIdx, tv[i].index, WC_SRTP_LABEL_MSG_AUTH,
keyA, tv[i].kaSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(keyA, tv[i].ka, tv[i].kaSz) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_SRTP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt,
tv[i].saltSz, tv[i].kdfIdx, tv[i].index, WC_SRTP_LABEL_SALT, keyS,
tv[i].ksSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(keyS, tv[i].ks, tv[i].ksSz) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(keyE, tv[i].ke_c, tv[i].keSz) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(keyA, tv[i].ka_c, tv[i].kaSz) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(keyS, tv[i].ks_c, tv[i].ksSz) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_SRTCP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt,
tv[i].saltSz, tv[i].kdfIdx, tv[i].index_c,
WC_SRTCP_LABEL_ENCRYPTION, keyE, tv[i].keSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(keyE, tv[i].ke_c, tv[i].keSz) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_SRTCP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt,
tv[i].saltSz, tv[i].kdfIdx, tv[i].index_c, WC_SRTCP_LABEL_MSG_AUTH,
keyA, tv[i].kaSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(keyA, tv[i].ka_c, tv[i].kaSz) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_SRTCP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt,
tv[i].saltSz, tv[i].kdfIdx, tv[i].index_c, WC_SRTCP_LABEL_SALT,
keyS, tv[i].ksSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(keyS, tv[i].ks_c, tv[i].ksSz) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#ifdef WOLFSSL_AES_128
i = 0;
#elif defined(WOLFSSL_AES_192)
i = 1;
#else
i = 2;
#endif
ret = wc_SRTP_KDF(tv[i].key, 33, tv[i].salt, tv[i].saltSz,
tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTCP_KDF(tv[i].key, 33, tv[i].salt, tv[i].saltSz,
tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTP_KDF(tv[i].key, 15, tv[i].salt, tv[i].saltSz,
tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTCP_KDF(tv[i].key, 15, tv[i].salt, tv[i].saltSz,
tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, 15,
tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, 15,
tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTP_KDF(NULL, tv[i].keySz, tv[i].salt, tv[i].saltSz,
tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTCP_KDF(NULL, tv[i].keySz, tv[i].salt, tv[i].saltSz,
tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, NULL, tv[i].saltSz,
tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, NULL, tv[i].saltSz,
tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
25, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
25, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
-2, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
-2, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0))
/* kdrIdx >= 0 requires non-NULL idx. */
ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
0, NULL, keyE, tv[i].keSz, keyA, tv[i].kaSz, keyS, tv[i].ksSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
0, NULL, keyE, tv[i].keSz, keyA, tv[i].kaSz, keyS, tv[i].ksSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
0, NULL, WC_SRTP_LABEL_ENCRYPTION, keyE, tv[i].keSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTCP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
0, NULL, WC_SRTCP_LABEL_ENCRYPTION, keyE, tv[i].keSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION3_GE(7,0,0)) */
ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
tv[i].kdfIdx, tv[i].index, NULL, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
tv[i].kdfIdx, tv[i].index_c, NULL, tv[i].keSz, keyA, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, NULL, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, NULL, tv[i].kaSz,
keyS, tv[i].ksSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
NULL, tv[i].ksSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
NULL, tv[i].ksSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
idx = wc_SRTP_KDF_kdr_to_idx(0);
if (idx != -1)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
for (i = 0; i < 32; i++) {
word32 kdr = 1U << i;
/* SRTCP w/ 48-bit IDX, 128-bit key test */
if (i == 0) {
ret = wc_SRTCP_KDF_ex(mk48_1, (word32)sizeof(mk48_1),
ms48_1, (word32)sizeof(ms48_1),
kdr_48_1, srtcp48idx_1, keyE, tv[i].keSz,
keyA, tv[i].kaSz, keyS, tv[i].ksSz,
WC_SRTCP_48BIT_IDX);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(keyE, srtcpKe_48_1, tv[i].keSz) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(keyA, srtcpKa_48_1, tv[i].kaSz) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(keyS, srtcpKs_48_1, tv[i].ksSz) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_SRTCP_KDF_ex(mk48_2, (word32)sizeof(mk48_2),
ms48_2, (word32)sizeof(ms48_2),
kdr_48_2, srtcp48idx_2, keyE, tv[i].keSz,
keyA, tv[i].kaSz, keyS, tv[i].ksSz,
WC_SRTCP_48BIT_IDX);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(keyE, srtcpKe_48_2, tv[i].keSz) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(keyA, srtcpKa_48_2, tv[i].kaSz) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(keyS, srtcpKs_48_2, tv[i].ksSz) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
idx = wc_SRTP_KDF_kdr_to_idx(kdr);
if (idx != i)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#ifdef SRTP_KDF_LONG_KEY
/* Check that long messages can be created. */
ret = wc_SRTP_KDF(tv[0].key, tv[0].keySz, tv[0].salt, tv[0].saltSz,
tv[0].kdfIdx, tv[0].index_c, keyELong, SRTP_KDF_LONG_KEY, keyALong,
SRTP_KDF_LONG_KEY, keySLong, SRTP_KDF_LONG_KEY);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* Check that two bytes of counter are being used. */
if (XMEMCMP(keyELong, keyELong + 4096, SRTP_KDF_LONG_KEY - 4096) == 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
if (XMEMCMP(keyELong, keyALong + 4096, SRTP_KDF_LONG_KEY - 4096) == 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
if (XMEMCMP(keyELong, keySLong + 4096, SRTP_KDF_LONG_KEY - 4096) == 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#endif /* SRTP_KDF_LONG_KEY */
out:
#ifdef SRTP_KDF_LONG_KEY
WC_FREE_VAR(keyELong, HEAP_HINT);
WC_FREE_VAR(keyALong, HEAP_HINT);
WC_FREE_VAR(keySLong, HEAP_HINT);
#endif
return ret;
}
#endif
#ifdef HAVE_ECC
/* size to use for ECC key gen tests */
#ifndef ECC_KEYGEN_SIZE
#if !defined(NO_ECC256) || defined(WOLFSSL_SM2)
#define ECC_KEYGEN_SIZE 32
#elif defined(HAVE_ECC384)
#define ECC_KEYGEN_SIZE 48
#elif defined(HAVE_ECC224)
#define ECC_KEYGEN_SIZE 28
#elif defined(HAVE_ECC521)
#define ECC_KEYGEN_SIZE 66
#else
#error No ECC keygen size defined for test
#endif
#endif
#ifdef BENCH_EMBEDDED
#define ECC_SHARED_SIZE 128
#else
#define ECC_SHARED_SIZE MAX_ECC_BYTES
#endif
#if defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)
#define HAVE_ECC_DETERMINISTIC_K
#define ECC_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
#else
#define ECC_DIGEST_SIZE WC_MAX_DIGEST_SIZE
#endif
#define ECC_SIG_SIZE ECC_MAX_SIG_SIZE
#ifdef NO_ECC_SECP
#define NO_ECC_VECTOR_TEST
#endif
#ifndef NO_ECC_VECTOR_TEST
#if (defined(HAVE_ECC192) || defined(HAVE_ECC224) ||\
!defined(NO_ECC256) || defined(HAVE_ECC384) ||\
defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES))
#define HAVE_ECC_VECTOR_TEST
#endif
#endif
#ifdef HAVE_ECC_VECTOR_TEST
typedef struct eccVector {
const char* msg; /* SHA-1 Encoded Message */
const char* Qx;
const char* Qy;
const char* d; /* Private Key */
const char* R;
const char* S;
const char* curveName;
word32 msgLen;
word32 keySize;
const byte* r;
word32 rSz;
const byte* s;
word32 sSz;
} eccVector;
#if !defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_SWDEV)
static wc_test_ret_t ecc_test_vector_item(const eccVector* vector)
{
wc_test_ret_t ret = 0;
int verify = 0;
word32 sigSz;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
ecc_key userA[1];
#endif
WC_DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
#if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
word32 sigRawSz, rSz = MAX_ECC_BYTES, sSz = MAX_ECC_BYTES;
WC_DECLARE_VAR(sigRaw, byte, ECC_SIG_SIZE, HEAP_HINT);
WC_DECLARE_VAR(r, byte, MAX_ECC_BYTES, HEAP_HINT);
WC_DECLARE_VAR(s, byte, MAX_ECC_BYTES, HEAP_HINT);
#endif
WC_ALLOC_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
#if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
WC_ALLOC_VAR(sigRaw, byte, ECC_SIG_SIZE, HEAP_HINT);
WC_ALLOC_VAR(r, byte, MAX_ECC_BYTES, HEAP_HINT);
WC_ALLOC_VAR(s, byte, MAX_ECC_BYTES, HEAP_HINT);
#endif
#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
if (sig == NULL)
ERROR_OUT(MEMORY_E, done);
#if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
if (sigRaw == NULL || r == NULL || s == NULL)
ERROR_OUT(MEMORY_E, done);
#endif
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (userA == NULL)
ERROR_OUT(MEMORY_E, done);
#endif
ret = test_EccInit_Pair(userA, (int)vector->keySize, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_ecc_import_raw(userA, vector->Qx, vector->Qy,
vector->d, vector->curveName);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#if !defined(NO_ASN)
XMEMSET(sig, 0, ECC_SIG_SIZE);
sigSz = ECC_SIG_SIZE;
ret = wc_ecc_rs_to_sig(vector->R, vector->S, sig, &sigSz);
if (ret != 0)
goto done;
#if !defined(HAVE_SELFTEST)
XMEMSET(sigRaw, 0, ECC_SIG_SIZE);
sigRawSz = ECC_SIG_SIZE;
ret = wc_ecc_rs_raw_to_sig(vector->r, vector->rSz, vector->s, vector->sSz,
sigRaw, &sigRawSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
if (sigSz != sigRawSz || XMEMCMP(sig, sigRaw, sigSz) != 0) {
ret = WC_TEST_RET_ENC_NC;
goto done;
}
ret = wc_ecc_sig_to_rs(sig, sigSz, r, &rSz, s, &sSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
if (rSz != vector->rSz || XMEMCMP(r, vector->r, rSz) != 0 ||
sSz != vector->sSz || XMEMCMP(s, vector->s, sSz) != 0) {
ret = WC_TEST_RET_ENC_NC;
goto done;
}
#endif /* !HAVE_SELFTEST */
#else
/* Signature will be R+S directly */
/* Make sure and zero pad if r or s is less than key size */
XMEMSET(sig, 0, ECC_SIG_SIZE);
sigSz = vector->keySize * 2;
XMEMCPY(sig + (vector->keySize - vector->rSz),
vector->r, vector->rSz);
XMEMCPY(sig + vector->keySize + (vector->keySize - vector->sSz),
vector->s, vector->sSz);
#endif /* !NO_ASN */
#ifdef HAVE_ECC_VERIFY
if (vector->msgLen >= WC_MIN_DIGEST_SIZE) {
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret == 0)
ret = wc_ecc_verify_hash(sig, sigSz, (byte*)vector->msg,
vector->msgLen, &verify, userA);
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
TEST_SLEEP();
if (verify != 1)
ret = WC_TEST_RET_ENC_NC;
}
#endif
done:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (userA != NULL) {
wc_ecc_free(userA);
XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#else
wc_ecc_free(userA);
#endif
#if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
WC_FREE_VAR(sigRaw, HEAP_HINT);
WC_FREE_VAR(r, HEAP_HINT);
WC_FREE_VAR(s, HEAP_HINT);
#endif
WC_FREE_VAR(sig, HEAP_HINT);
return ret;
}
static wc_test_ret_t ecc_test_vector(int keySize)
{
wc_test_ret_t ret;
eccVector vec;
XMEMSET(&vec, 0, sizeof(vec));
vec.keySize = (word32)keySize;
switch(keySize) {
#if defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)
case 14:
return 0;
#endif /* HAVE_ECC112 */
#if defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)
case 16:
return 0;
#endif /* HAVE_ECC128 */
#if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)
case 20:
return 0;
#endif /* HAVE_ECC160 */
#if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
case 24:
/* first [P-192,SHA-1] vector from FIPS 186-3 NIST vectors */
#if 1
vec.msg = "\x60\x80\x79\x42\x3f\x12\x42\x1d\xe6\x16\xb7\x49\x3e\xbe\x55\x1c\xf4\xd6\x5b\x92";
vec.msgLen = 20;
#else
/* This is the raw message prior to SHA-1 */
vec.msg =
"\xeb\xf7\x48\xd7\x48\xeb\xbc\xa7\xd2\x9f\xb4\x73\x69\x8a\x6e\x6b"
"\x4f\xb1\x0c\x86\x5d\x4a\xf0\x24\xcc\x39\xae\x3d\xf3\x46\x4b\xa4"
"\xf1\xd6\xd4\x0f\x32\xbf\x96\x18\xa9\x1b\xb5\x98\x6f\xa1\xa2\xaf"
"\x04\x8a\x0e\x14\xdc\x51\xe5\x26\x7e\xb0\x5e\x12\x7d\x68\x9d\x0a"
"\xc6\xf1\xa7\xf1\x56\xce\x06\x63\x16\xb9\x71\xcc\x7a\x11\xd0\xfd"
"\x7a\x20\x93\xe2\x7c\xf2\xd0\x87\x27\xa4\xe6\x74\x8c\xc3\x2f\xd5"
"\x9c\x78\x10\xc5\xb9\x01\x9d\xf2\x1c\xdc\xc0\xbc\xa4\x32\xc0\xa3"
"\xee\xd0\x78\x53\x87\x50\x88\x77\x11\x43\x59\xce\xe4\xa0\x71\xcf";
vec.msgLen = 128;
#endif
vec.Qx = "07008ea40b08dbe76432096e80a2494c94982d2d5bcf98e6";
vec.Qy = "76fab681d00b414ea636ba215de26d98c41bd7f2e4d65477";
vec.d = "e14f37b3d1374ff8b03f41b9b3fdd2f0ebccf275d660d7f3";
vec.R = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e";
vec.S = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41";
vec.curveName = "SECP192R1";
vec.r = (byte*)"\x69\x94\xd9\x62\xbd\xd0\xd7\x93\xff\xdd\xf8\x55"
"\xec\x5b\xf2\xf9\x1a\x96\x98\xb4\x62\x58\xa6\x3e";
vec.rSz = 24;
vec.s = (byte*)"\x02\xba\x64\x65\xa2\x34\x90\x37\x44\xab\x02\xbc"
"\x85\x21\x40\x5b\x73\xcf\x5f\xc0\x0e\x1a\x9f\x41";
vec.sSz = 24;
break;
#endif /* HAVE_ECC192 */
#if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && \
(!defined(NO_SHA) || defined(WOLFSSL_SHA224) || \
(defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)))
case 28:
#if defined(WC_FIPS_186_5_PLUS) || defined(NO_SHA)
/* FIPS 186-5 Example vector -- P-224, SHA-224 */
/* Unhashed message: "Example of ECDSA with P-224" */
vec.msg = "\x1F\x1E\x1C\xF8\x92\x92\x6C\xFC\xCF\xC5\xA2\x8F\xEE\xF3\xD8"
"\x07\xD2\x3F\x77\x80\x08\xDB\xA4\xB3\x5F\x04\xB2\xFD";
vec.msgLen = 28;
vec.Qx = "E84FB0B8E7000CB657D7973CF6B42ED78B301674276DF744AF130B3E";
vec.Qy = "4376675C6FC5612C21A0FF2D2A89D2987DF7A2BC52183B5982298555";
vec.d = "3F0C488E987C80BE0FEE521F8D90BE6034EC69AE11CA72AA777481E8";
vec.R = "C3A3F5B82712532004C6F6D1DB672F55D931C3409EA1216D0BE77380";
vec.S = "C5AA1EAE6095DEA34C9BD84DA3852CCA41A8BD9D5548F36DABDF6617";
vec.curveName = "SECP224R1";
vec.r = (const byte *)"\xC3\xA3\xF5\xB8\x27\x12\x53\x20\x04\xC6\xF6"
"\xD1\xDB\x67\x2F\x55\xD9\x31\xC3\x40\x9E\xA1\x21\x6D\x0B\xE7\x73\x80";
vec.rSz = 28;
vec.s = (const byte *)"\xC5\xAA\x1E\xAE\x60\x95\xDE\xA3\x4C\x9B\xD8"
"\x4D\xA3\x85\x2C\xCA\x41\xA8\xBD\x9D\x55\x48\xF3\x6D\xAB\xDF\x66\x17";
vec.sSz = 28;
#else /* !WC_FIPS_186_5_PLUS && !NO_SHA */
/* first [P-224,SHA-1] vector from FIPS 186-3 NIST vectors */
#if 1
vec.msg = "\xb9\xa3\xb8\x6d\xb0\xba\x99\xfd\xc6\xd2\x94\x6b\xfe\xbe\x9c\xe8\x3f\x10\x74\xfc";
vec.msgLen = 20;
#else
/* This is the raw message prior to SHA-1 */
vec.msg =
"\x36\xc8\xb2\x29\x86\x48\x7f\x67\x7c\x18\xd0\x97\x2a\x9e\x20\x47"
"\xb3\xaf\xa5\x9e\xc1\x62\x76\x4e\xc3\x0b\x5b\x69\xe0\x63\x0f\x99"
"\x0d\x4e\x05\xc2\x73\xb0\xe5\xa9\xd4\x28\x27\xb6\x95\xfc\x2d\x64"
"\xd9\x13\x8b\x1c\xf4\xc1\x21\x55\x89\x4c\x42\x13\x21\xa7\xbb\x97"
"\x0b\xdc\xe0\xfb\xf0\xd2\xae\x85\x61\xaa\xd8\x71\x7f\x2e\x46\xdf"
"\xe3\xff\x8d\xea\xb4\xd7\x93\x23\x56\x03\x2c\x15\x13\x0d\x59\x9e"
"\x26\xc1\x0f\x2f\xec\x96\x30\x31\xac\x69\x38\xa1\x8d\x66\x45\x38"
"\xb9\x4d\xac\x55\x34\xef\x7b\x59\x94\x24\xd6\x9b\xe1\xf7\x1c\x20";
vec.msgLen = 128;
#endif
vec.Qx = "8a4dca35136c4b70e588e23554637ae251077d1365a6ba5db9585de7";
vec.Qy = "ad3dee06de0be8279d4af435d7245f14f3b4f82eb578e519ee0057b1";
vec.d = "97c4b796e1639dd1035b708fc00dc7ba1682cec44a1002a1a820619f";
vec.R = "147b33758321e722a0360a4719738af848449e2c1d08defebc1671a7";
vec.S = "24fc7ed7f1352ca3872aa0916191289e2e04d454935d50fe6af3ad5b";
vec.curveName = "SECP224R1";
vec.r = (byte*)"\x14\x7b\x33\x75\x83\x21\xe7\x22\xa0\x36\x0a\x47"
"\x19\x73\x8a\xf8\x48\x44\x9e\x2c\x1d\x08\xde\xfe"
"\xbc\x16\x71\xa7";
vec.rSz = 28;
vec.s = (byte*)"\x24\xfc\x7e\xd7\xf1\x35\x2c\xa3\x87\x2a\xa0\x91"
"\x61\x91\x28\x9e\x2e\x04\xd4\x54\x93\x5d\x50\xfe"
"\x6a\xf3\xad\x5b";
vec.sSz = 28;
#endif /* !WC_FIPS_186_5_PLUS && !NO_SHA */
break;
#endif /* HAVE_ECC224 && (!NO_SHA || SHA224 || SHA3_224 */
#if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES)
case 30:
return 0;
#endif /* HAVE_ECC239 */
#if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
case 32:
#if defined(WC_FIPS_186_5_PLUS) || defined(NO_SHA)
/* FIPS 186-5 Example vector - P-256, SHA-256 */
/* Unhashed message: "Example of ECDSA with P-256" */
vec.msg = "\xA4\x1A\x41\xA1\x2A\x79\x95\x48\x21\x1C\x41\x0C\x65\xD8\x13"
"\x3A\xFD\xE3\x4D\x28\xBD\xD5\x42\xE4\xB6\x80\xCF\x28\x99\xC8"
"\xA8\xC4";
vec.msgLen = 32;
vec.Qx = "B7E08AFDFE94BAD3F1DC8C734798BA1C62B3A0AD1E9EA2A38201CD0889BC7A19";
vec.Qy = "3603F747959DBF7A4BB226E41928729063ADC7AE43529E61B563BBC606CC5E09";
vec.d = "C477F9F65C22CCE20657FAA5B2D1D8122336F851A508A1ED04E479C34985BF96";
vec.R = "2B42F576D07F4165FF65D1F3B1500F81E44C316F1F0B3EF57325B69ACA46104F";
vec.S = "DC42C2122D6392CD3E3A993A89502A8198C1886FE69D262C4B329BDB6B63FAF1";
vec.curveName = "SECP256R1";
vec.r = (const byte *)"\x2B\x42\xF5\x76\xD0\x7F\x41\x65\xFF\x65\xD1"
"\xF3\xB1\x50\x0F\x81\xE4\x4C\x31\x6F\x1F\x0B\x3E\xF5\x73\x25"
"\xB6\x9A\xCA\x46\x10\x4F";
vec.rSz = 32;
vec.s = (const byte *)"\xDC\x42\xC2\x12\x2D\x63\x92\xCD\x3E\x3A\x99"
"\x3A\x89\x50\x2A\x81\x98\xC1\x88\x6F\xE6\x9D\x26\x2C\x4B\x32"
"\x9B\xDB\x6B\x63\xFA\xF1";
vec.sSz = 32;
#else /* !WC_FIPS_186_5_PLUS && !NO_SHA */
/* first [P-256,SHA-1] vector from FIPS 186-3 NIST vectors */
#if 1
vec.msg = "\xa3\xf9\x1a\xe2\x1b\xa6\xb3\x03\x98\x64\x47\x2f\x18\x41\x44\xc6\xaf\x62\xcd\x0e";
vec.msgLen = 20;
#else
/* This is the raw message prior to SHA-1 */
vec.msg =
"\xa2\x4b\x21\x76\x2e\x6e\xdb\x15\x3c\xc1\x14\x38\xdb\x0e\x92\xcd"
"\xf5\x2b\x86\xb0\x6c\xa9\x70\x16\x06\x27\x59\xc7\x0d\x36\xd1\x56"
"\x2c\xc9\x63\x0d\x7f\xc7\xc7\x74\xb2\x8b\x54\xe3\x1e\xf5\x58\x72"
"\xb2\xa6\x5d\xf1\xd7\xec\x26\xde\xbb\x33\xe7\xd9\x27\xef\xcc\xf4"
"\x6b\x63\xde\x52\xa4\xf4\x31\xea\xca\x59\xb0\x5d\x2e\xde\xc4\x84"
"\x5f\xff\xc0\xee\x15\x03\x94\xd6\x1f\x3d\xfe\xcb\xcd\xbf\x6f\x5a"
"\x73\x38\xd0\xbe\x3f\x2a\x77\x34\x51\x98\x3e\xba\xeb\x48\xf6\x73"
"\x8f\xc8\x95\xdf\x35\x7e\x1a\x48\xa6\x53\xbb\x35\x5a\x31\xa1\xb4"
vec.msgLen = 128;
#endif
vec.Qx = "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0";
vec.Qy = "d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09";
vec.d = "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25";
vec.R = "2b826f5d44e2d0b6de531ad96b51e8f0c56fdfead3c236892e4d84eacfc3b75c";
vec.S = "a2248b62c03db35a7cd63e8a120a3521a89d3d2f61ff99035a2148ae32e3a248";
vec.r = (byte*)"\x2b\x82\x6f\x5d\x44\xe2\xd0\xb6\xde\x53\x1a\xd9"
"\x6b\x51\xe8\xf0\xc5\x6f\xdf\xea\xd3\xc2\x36\x89"
"\x2e\x4d\x84\xea\xcf\xc3\xb7\x5c";
vec.rSz = 32;
vec.s = (byte*)"\xa2\x24\x8b\x62\xc0\x3d\xb3\x5a\x7c\xd6\x3e\x8a"
"\x12\x0a\x35\x21\xa8\x9d\x3d\x2f\x61\xff\x99\x03"
"\x5a\x21\x48\xae\x32\xe3\xa2\x48";
vec.sSz = 32;
vec.curveName = "SECP256R1";
#endif /* !WC_FIPS_186_5_PLUS && !NO_SHA */
break;
#endif /* !NO_ECC256 */
#if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES)
case 40:
return 0;
#endif /* HAVE_ECC320 */
#if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
case 48:
#if defined(WC_FIPS_186_5_PLUS) || defined(NO_SHA)
/* FIPS 186-5 Example vector -- P-384, SHA-384 */
/* Unhashed message: "Example of ECDSA with P-384" */
vec.msg = "\x5A\xEA\x18\x7D\x1C\x4F\x6E\x1B\x35\x05\x7D\x20\x12\x6D\x83"
"\x6C\x6A\xDB\xBC\x70\x49\xEE\x02\x99\xC9\x52\x9F\x5E\x0B\x3F"
"\x8B\x5A\x74\x11\x14\x9D\x6C\x30\xD6\xCB\x2B\x8A\xF7\x0E\x0A"
"\x78\x1E\x89";
vec.msgLen = 48;
vec.Qx = "3BF701BC9E9D36B4D5F1455343F09126F2564390F2B487365071243C61E6"
"471FB9D2AB74657B82F9086489D9EF0F5CB5";
vec.Qy = "D1A358EAFBF952E68D533855CCBDAA6FF75B137A5101443199325583552A"
"6295FFE5382D00CFCDA30344A9B5B68DB855";
vec.d = "F92C02ED629E4B48C0584B1C6CE3A3E3B4FAAE4AFC6ACB0455E73DFC392E"
"6A0AE393A8565E6B9714D1224B57D83F8A08";
vec.R = "30EA514FC0D38D8208756F068113C7CADA9F66A3B40EA3B313D040D9B57D"
"D41A332795D02CC7D507FCEF9FAF01A27088";
vec.S = "CC808E504BE414F46C9027BCBF78ADF067A43922D6FCAA66C4476875FBB7"
"B94EFD1F7D5DBE620BFB821C46D549683AD8";
vec.curveName = "SECP384R1";
vec.r = (const byte *)"\x30\xEA\x51\x4F\xC0\xD3\x8D\x82\x08\x75\x6F"
"\x06\x81\x13\xC7\xCA\xDA\x9F\x66\xA3\xB4\x0E\xA3\xB3\x13\xD0"
"\x40\xD9\xB5\x7D\xD4\x1A\x33\x27\x95\xD0\x2C\xC7\xD5\x07\xFC"
"\xEF\x9F\xAF\x01\xA2\x70\x88";
vec.rSz = 48;
vec.s = (const byte *)"\xCC\x80\x8E\x50\x4B\xE4\x14\xF4\x6C\x90\x27"
"\xBC\xBF\x78\xAD\xF0\x67\xA4\x39\x22\xD6\xFC\xAA\x66\xC4\x47"
"\x68\x75\xFB\xB7\xB9\x4E\xFD\x1F\x7D\x5D\xBE\x62\x0B\xFB\x82"
"\x1C\x46\xD5\x49\x68\x3A\xD8";
vec.sSz = 48;
#else /* !WC_FIPS_186_5_PLUS && !NO_SHA */
/* first [P-384,SHA-1] vector from FIPS 186-3 NIST vectors */
#if 1
vec.msg = "\x9b\x9f\x8c\x95\x35\xa5\xca\x26\x60\x5d\xb7\xf2\xfa\x57\x3b\xdf\xc3\x2e\xab\x8b";
vec.msgLen = 20;
#else
/* This is the raw message prior to SHA-1 */
vec.msg =
"\xab\xe1\x0a\xce\x13\xe7\xe1\xd9\x18\x6c\x48\xf7\x88\x9d\x51\x47"
"\x3d\x3a\x09\x61\x98\x4b\xc8\x72\xdf\x70\x8e\xcc\x3e\xd3\xb8\x16"
"\x9d\x01\xe3\xd9\x6f\xc4\xf1\xd5\xea\x00\xa0\x36\x92\xbc\xc5\xcf"
"\xfd\x53\x78\x7c\x88\xb9\x34\xaf\x40\x4c\x03\x9d\x32\x89\xb5\xba"
"\xc5\xae\x7d\xb1\x49\x68\x75\xb5\xdc\x73\xc3\x09\xf9\x25\xc1\x3d"
"\x1c\x01\xab\xda\xaf\xeb\xcd\xac\x2c\xee\x43\x39\x39\xce\x8d\x4a"
"\x0a\x5d\x57\xbb\x70\x5f\x3b\xf6\xec\x08\x47\x95\x11\xd4\xb4\xa3"
"\x21\x1f\x61\x64\x9a\xd6\x27\x43\x14\xbf\x0d\x43\x8a\x81\xe0\x60"
vec.msgLen = 128;
#endif
vec.Qx = "e55fee6c49d8d523f5ce7bf9c0425ce4ff650708b7de5cfb095901523979a7f042602db30854735369813b5c3f5ef868";
vec.Qy = "28f59cc5dc509892a988d38a8e2519de3d0c4fd0fbdb0993e38f18506c17606c5e24249246f1ce94983a5361c5be983e";
vec.d = "a492ce8fa90084c227e1a32f7974d39e9ff67a7e8705ec3419b35fb607582bebd461e0b1520ac76ec2dd4e9b63ebae71";
vec.R = "6820b8585204648aed63bdff47f6d9acebdea62944774a7d14f0e14aa0b9a5b99545b2daee6b3c74ebf606667a3f39b7";
vec.S = "491af1d0cccd56ddd520b233775d0bc6b40a6255cc55207d8e9356741f23c96c14714221078dbd5c17f4fdd89b32a907";
vec.curveName = "SECP384R1";
vec.r = (byte*)"\x68\x20\xb8\x58\x52\x04\x64\x8a\xed\x63\xbd\xff"
"\x47\xf6\xd9\xac\xeb\xde\xa6\x29\x44\x77\x4a\x7d"
"\x14\xf0\xe1\x4a\xa0\xb9\xa5\xb9\x95\x45\xb2\xda"
"\xee\x6b\x3c\x74\xeb\xf6\x06\x66\x7a\x3f\x39\xb7";
vec.rSz = 48;
vec.s = (byte*)"\x49\x1a\xf1\xd0\xcc\xcd\x56\xdd\xd5\x20\xb2\x33"
"\x77\x5d\x0b\xc6\xb4\x0a\x62\x55\xcc\x55\x20\x7d"
"\x8e\x93\x56\x74\x1f\x23\xc9\x6c\x14\x71\x42\x21"
"\x07\x8d\xbd\x5c\x17\xf4\xfd\xd8\x9b\x32\xa9\x07";
vec.sSz = 48;
#endif /* !WC_FIPS_186_5_PLUS && !NO_SHA */
break;
#endif /* HAVE_ECC384 */
#if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
case 64:
return 0;
#endif /* HAVE_ECC512 */
#if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
case 66:
#if defined(WC_FIPS_186_5_PLUS) || defined(NO_SHA)
/* FIPS 186-5 Example vector -- P-521, SHA-512 */
/* Unhashed message: "Example of ECDSA with P-521" */
vec.msg = "\x9B\xF0\xE1\xDE\xED\xA3\x1E\x00\xF9\x25\xB7\x7F\x7C\xB6\xB1"
"\xCE\xD7\x36\x8D\xE1\xDC\x75\xBB\x9F\x94\x58\x2C\x1C\xA7\x09"
"\x20\x5D\x32\xAF\x90\x02\x5B\x02\xFA\x13\x2F\xBE\xBD\x6C\xDD"
"\xCD\x91\x72\xC0\xD6\x6D\x8E\x58\x17\x67\xA8\xB6\xF7\x1D\xE6"
"\x0B\xE1\xF9\x32";
vec.msgLen = 64;
vec.Qx = "98E91EEF9A68452822309C52FAB453F5F117C1DA8ED796B255E9AB8F6410"
"CCA16E59DF403A6BDC6CA467A37056B1E54B3005D8AC030DECFEB68DF18B"
"171885D5C4";
vec.Qy = "164350C321AECFC1CCA1BA4364C9B15656150B4B78D6A48D7D28E7F31985"
"EF17BE8554376B72900712C4B83AD668327231526E313F5F092999A4632F"
"D50D946BC2E";
vec.d = "100085F47B8E1B8B11B7EB33028C0B2888E304BFC98501955B45BBA1478D"
"C184EEEDF09B86A5F7C21994406072787205E69A63709FE35AA93BA33351"
"4B24F961722";
vec.R = "140C8EDCA57108CE3F7E7A240DDD3AD74D81E2DE62451FC1D558FDC79269"
"ADACD1C2526EEEEF32F8C0432A9D56E2B4A8A732891C37C9B96641A9254C"
"CFE5DC3E2BA";
vec.S = "D72F15229D0096376DA6651D9985BFD7C07F8D49583B545DB3EAB20E0A2C"
"1E8615BD9E298455BDEB6B61378E77AF1C54EEE2CE37B2C61F5C9A823295"
"1CB988B5B1";
vec.curveName = "SECP521R1";
vec.r = (const byte *)"\x01\x40\xC8\xED\xCA\x57\x10\x8C\xE3\xF7\xE7"
"\xA2\x40\xDD\xD3\xAD\x74\xD8\x1E\x2D\xE6\x24\x51\xFC\x1D\x55"
"\x8F\xDC\x79\x26\x9A\xDA\xCD\x1C\x25\x26\xEE\xEE\xF3\x2F\x8C"
"\x04\x32\xA9\xD5\x6E\x2B\x4A\x8A\x73\x28\x91\xC3\x7C\x9B\x96"
"\x64\x1A\x92\x54\xCC\xFE\x5D\xC3\xE2\xBA";
vec.rSz = 66;
vec.s = (const byte *)"\xD7\x2F\x15\x22\x9D\x00\x96\x37\x6D\xA6\x65"
"\x1D\x99\x85\xBF\xD7\xC0\x7F\x8D\x49\x58\x3B\x54\x5D\xB3\xEA"
"\xB2\x0E\x0A\x2C\x1E\x86\x15\xBD\x9E\x29\x84\x55\xBD\xEB\x6B"
"\x61\x37\x8E\x77\xAF\x1C\x54\xEE\xE2\xCE\x37\xB2\xC6\x1F\x5C"
"\x9A\x82\x32\x95\x1C\xB9\x88\xB5\xB1";
vec.sSz = 65;
#else /* !WC_FIPS_186_5_PLUS && !NO_SHA */
/* first [P-521,SHA-1] vector from FIPS 186-3 NIST vectors */
#if 1
vec.msg = "\x1b\xf7\x03\x9c\xca\x23\x94\x27\x3f\x11\xa1\xd4\x8d\xcc\xb4\x46\x6f\x31\x61\xdf";
vec.msgLen = 20;
#else
/* This is the raw message prior to SHA-1 */
vec.msg =
"\x50\x3f\x79\x39\x34\x0a\xc7\x23\xcd\x4a\x2f\x4e\x6c\xcc\x27\x33"
"\x38\x3a\xca\x2f\xba\x90\x02\x19\x9d\x9e\x1f\x94\x8b\xe0\x41\x21"
"\x07\xa3\xfd\xd5\x14\xd9\x0c\xd4\xf3\x7c\xc3\xac\x62\xef\x00\x3a"
"\x2d\xb1\xd9\x65\x7a\xb7\x7f\xe7\x55\xbf\x71\xfa\x59\xe4\xd9\x6e"
"\xa7\x2a\xe7\xbf\x9d\xe8\x7d\x79\x34\x3b\xc1\xa4\xbb\x14\x4d\x16"
"\x28\xd1\xe9\xe9\xc8\xed\x80\x8b\x96\x2c\x54\xe5\xf9\x6d\x53\xda"
"\x14\x7a\x96\x38\xf9\x4a\x91\x75\xd8\xed\x61\x05\x5f\x0b\xa5\x73"
"\xa8\x2b\xb7\xe0\x18\xee\xda\xc4\xea\x7b\x36\x2e\xc8\x9c\x38\x2b"
vec.msgLen = 128;
#endif
vec.Qx = "12fbcaeffa6a51f3ee4d3d2b51c5dec6d7c726ca353fc014ea2bf7cfbb9b910d32cbfa6a00fe39b6cdb8946f22775398b2e233c0cf144d78c8a7742b5c7a3bb5d23";
vec.Qy = "09cdef823dd7bf9a79e8cceacd2e4527c231d0ae5967af0958e931d7ddccf2805a3e618dc3039fec9febbd33052fe4c0fee98f033106064982d88f4e03549d4a64d";
vec.d = "1bd56bd106118eda246155bd43b42b8e13f0a6e25dd3bb376026fab4dc92b6157bc6dfec2d15dd3d0cf2a39aa68494042af48ba9601118da82c6f2108a3a203ad74";
vec.R = "0bd117b4807710898f9dd7778056485777668f0e78e6ddf5b000356121eb7a220e9493c7f9a57c077947f89ac45d5acb6661bbcd17abb3faea149ba0aa3bb1521be";
vec.S = "019cd2c5c3f9870ecdeb9b323abdf3a98cd5e231d85c6ddc5b71ab190739f7f226e6b134ba1d5889ddeb2751dabd97911dff90c34684cdbe7bb669b6c3d22f2480c";
vec.curveName = "SECP521R1";
vec.r = (byte*)"\xbd\x11\x7b\x48\x07\x71\x08\x98\xf9\xdd\x77\x78"
"\x05\x64\x85\x77\x76\x68\xf0\xe7\x8e\x6d\xdf\x5b"
"\x00\x03\x56\x12\x1e\xb7\xa2\x20\xe9\x49\x3c\x7f"
"\x9a\x57\xc0\x77\x94\x7f\x89\xac\x45\xd5\xac\xb6"
"\x66\x1b\xbc\xd1\x7a\xbb\x3f\xae\xa1\x49\xba\x0a"
"\xa3\xbb\x15\x21\xbe";
vec.rSz = 65;
vec.s = (byte*)"\x19\xcd\x2c\x5c\x3f\x98\x70\xec\xde\xb9\xb3\x23"
"\xab\xdf\x3a\x98\xcd\x5e\x23\x1d\x85\xc6\xdd\xc5"
"\xb7\x1a\xb1\x90\x73\x9f\x7f\x22\x6e\x6b\x13\x4b"
"\xa1\xd5\x88\x9d\xde\xb2\x75\x1d\xab\xd9\x79\x11"
"\xdf\xf9\x0c\x34\x68\x4c\xdb\xe7\xbb\x66\x9b\x6c"
"\x3d\x22\xf2\x48\x0c";
vec.sSz = 65;
#endif /* !WC_FIPS_186_5_PLUS && !NO_SHA */
break;
#endif /* HAVE_ECC521 */
default:
return WC_TEST_RET_ENC_EC(NOT_COMPILED_IN); /* Invalid key size /
* Not supported
*/
}; /* Switch */
ret = ecc_test_vector_item(&vec);
if (ret < 0) {
return ret;
}
return 0;
}
#endif /* WOLF_CRYPTO_CB_ONLY_ECC */
#if defined(HAVE_ECC_SIGN) && \
(defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)) && \
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
static wc_test_ret_t ecdsa_test_deterministic_k_sig(ecc_key *key,
enum wc_HashType hashType, const char* msg, WC_RNG* rng, const byte* expSig,
size_t expSigSz)
{
wc_test_ret_t ret;
int verify;
byte sig[ECC_MAX_SIG_SIZE];
word32 sigSz;
unsigned char hash[WC_MAX_DIGEST_SIZE];
ret = wc_Hash(hashType,
(byte*)msg, (word32)XSTRLEN(msg),
hash, sizeof(hash));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
/* Sign test */
sigSz = sizeof(sig);
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret == 0)
ret = wc_ecc_sign_hash(hash, wc_HashGetDigestSize(hashType),
sig, &sigSz, rng, key);
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
TEST_SLEEP();
/* Compare test vector */
if (sigSz != expSigSz) {
ret = WC_TEST_RET_ENC_NC;
goto done;
}
if (XMEMCMP(sig, expSig, sigSz) != 0) {
ret = WC_TEST_RET_ENC_NC;
goto done;
}
/* Verification */
verify = 0;
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret == 0)
ret = wc_ecc_verify_hash(sig, sigSz,
hash, wc_HashGetDigestSize(hashType), &verify, key);
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
if (verify != 1) {
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
done:
return ret;
}
static wc_test_ret_t ecc_test_deterministic_k(WC_RNG* rng)
{
wc_test_ret_t ret;
WC_DECLARE_VAR(key, ecc_key, 1, 0);
int key_inited = 0;
WOLFSSL_SMALL_STACK_STATIC const char* msg = "sample";
WOLFSSL_SMALL_STACK_STATIC const char* dIUT =
"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721";
WOLFSSL_SMALL_STACK_STATIC const char* QIUTx =
"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6";
WOLFSSL_SMALL_STACK_STATIC const char* QIUTy =
"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299";
#ifndef NO_SHA256
WOLFSSL_SMALL_STACK_STATIC const byte expSig256[] = {
0x30, 0x46, /* CONSTRUCTED SEQUENCE: (0x20 | 0x10) = 68 bytes */
0x02, 0x21, /* ASN_INTEGER = 0x02 (32 bytes) - SIG R */
0x00, 0xEF, 0xD4, 0x8B, 0x2A, 0xAC, 0xB6, 0xA8,
0xFD, 0x11, 0x40, 0xDD, 0x9C, 0xD4, 0x5E, 0x81,
0xD6, 0x9D, 0x2C, 0x87, 0x7B, 0x56, 0xAA, 0xF9,
0x91, 0xC3, 0x4D, 0x0E, 0xA8, 0x4E, 0xAF, 0x37,
0x16,
0x02, 0x21, /* ASN_INTEGER = 0x02 (32 bytes) - SIG S */
0x00, 0xF7, 0xCB, 0x1C, 0x94, 0x2D, 0x65, 0x7C,
0x41, 0xD4, 0x36, 0xC7, 0xA1, 0xB6, 0xE2, 0x9F,
0x65, 0xF3, 0xE9, 0x00, 0xDB, 0xB9, 0xAF, 0xF4,
0x06, 0x4D, 0xC4, 0xAB, 0x2F, 0x84, 0x3A, 0xCD,
0xA8
};
#endif
#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
WOLFSSL_SMALL_STACK_STATIC const byte expSig384[] = {
0x30, 0x44, /* CONSTRUCTED SEQUENCE: (0x20 | 0x10) = 68 bytes */
0x02, 0x20, /* ASN_INTEGER = 0x02 (32 bytes) - SIG R */
0x0e, 0xaf, 0xea, 0x03, 0x9b, 0x20, 0xe9, 0xb4,
0x23, 0x09, 0xfb, 0x1d, 0x89, 0xe2, 0x13, 0x05,
0x7c, 0xbf, 0x97, 0x3d, 0xc0, 0xcf, 0xc8, 0xf1,
0x29, 0xed, 0xdd, 0xc8, 0x00, 0xef, 0x77, 0x19,
0x02, 0x20, /* ASN_INTEGER = 0x02 (32 bytes) - SIG S */
0x48, 0x61, 0xf0, 0x49, 0x1e, 0x69, 0x98, 0xb9,
0x45, 0x51, 0x93, 0xe3, 0x4e, 0x7b, 0x0d, 0x28,
0x4d, 0xdd, 0x71, 0x49, 0xa7, 0x4b, 0x95, 0xb9,
0x26, 0x1f, 0x13, 0xab, 0xde, 0x94, 0x09, 0x54
};
#endif
#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
WOLFSSL_SMALL_STACK_STATIC const byte expSig512[] = {
0x30, 0x45, /* CONSTRUCTED SEQUENCE: (0x20 | 0x10) = 68 bytes */
0x02, 0x21, /* ASN_INTEGER = 0x02 (32 bytes) - SIG R */
0x00, 0x84, 0x96, 0xa6, 0x0b, 0x5e, 0x9b, 0x47,
0xc8, 0x25, 0x48, 0x88, 0x27, 0xe0, 0x49, 0x5b,
0x0e, 0x3f, 0xa1, 0x09, 0xec, 0x45, 0x68, 0xfd,
0x3f, 0x8d, 0x10, 0x97, 0x67, 0x8e, 0xb9, 0x7f,
0x00,
0x02, 0x20, /* ASN_INTEGER = 0x02 (32 bytes) - SIG S */
0x23, 0x62, 0xab, 0x1a, 0xdb, 0xe2, 0xb8, 0xad,
0xf9, 0xcb, 0x9e, 0xda, 0xb7, 0x40, 0xea, 0x60,
0x49, 0xc0, 0x28, 0x11, 0x4f, 0x24, 0x60, 0xf9,
0x65, 0x54, 0xf6, 0x1f, 0xae, 0x33, 0x02, 0xfe
};
#endif
WC_ALLOC_VAR_EX(key, ecc_key, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER,
return WC_TEST_RET_ENC_EC(MEMORY_E));
ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
key_inited = 1;
ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP256R1");
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_ecc_set_deterministic(key, 1);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#ifndef NO_SHA256
/* Test for SHA2-256 */
ret = ecdsa_test_deterministic_k_sig(key, WC_HASH_TYPE_SHA256, msg, rng,
expSig256, sizeof(expSig256));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#endif /* !NO_SHA256 */
#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
/* Test for SHA2-384 */
ret = ecdsa_test_deterministic_k_sig(key, WC_HASH_TYPE_SHA384, msg, rng,
expSig384, sizeof(expSig384));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#endif /* WOLFSSL_SHA384 */
#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
/* Test for SHA2-512 */
ret = ecdsa_test_deterministic_k_sig(key, WC_HASH_TYPE_SHA512, msg, rng,
expSig512, sizeof(expSig512));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#endif /* WOLFSSL_SHA512 */
done:
if (key_inited)
wc_ecc_free(key);
WC_FREE_VAR_EX(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
#endif /* NO_ECC256 || HAVE_ALL_CURVES */
#ifdef WOLFSSL_PUBLIC_MP
static WC_MAYBE_UNUSED wc_test_ret_t ecdsa_test_deterministic_k_rs(ecc_key *key,
enum wc_HashType hashType, const char* msg, WC_RNG* rng,
mp_int* r, mp_int* s,
mp_int* expR, mp_int* expS)
{
wc_test_ret_t ret;
unsigned char hash[WC_MAX_DIGEST_SIZE];
int verify;
ret = wc_Hash(hashType,
(byte*)msg, (word32)XSTRLEN(msg),
hash, sizeof(hash));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_ecc_sign_hash_ex(hash, wc_HashGetDigestSize(hashType), rng, key,
r, s);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
TEST_SLEEP();
if (mp_cmp(r, expR) != MP_EQ && mp_cmp(s, expS) != MP_EQ) {
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
/* Verification */
verify = 0;
ret = wc_ecc_verify_hash_ex(r, s, hash, wc_HashGetDigestSize(hashType),
&verify, key);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
if (verify != 1) {
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
done:
return ret;
}
#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384
/* KAT from RFC6979 */
static wc_test_ret_t ecc384_test_deterministic_k(WC_RNG* rng)
{
wc_test_ret_t ret;
#ifdef WOLFSSL_SMALL_STACK
ecc_key *key;
mp_int *r, *s, *expR, *expS;
#else
ecc_key key[1];
mp_int r[1], s[1], expR[1], expS[1];
#endif
int key_inited = 0,
tmp_mp_ints_inited = 0;
WOLFSSL_SMALL_STACK_STATIC const char* msg = "sample";
WOLFSSL_SMALL_STACK_STATIC const char* dIUT =
"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D8"
"96D5724E4C70A825F872C9EA60D2EDF5";
WOLFSSL_SMALL_STACK_STATIC const char* QIUTx =
"EC3A4E415B4E19A4568618029F427FA5DA9A8BC4AE92E02E06AAE5286B300C64"
"DEF8F0EA9055866064A254515480BC13";
WOLFSSL_SMALL_STACK_STATIC const char* QIUTy =
"8015D9B72D7D57244EA8EF9AC0C621896708A59367F9DFB9F54CA84B3F1C9DB1"
"288B231C3AE0D4FE7344FD2533264720";
#ifndef NO_SHA256
WOLFSSL_SMALL_STACK_STATIC const char* expRstr256 =
"21B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33"
"BDE1E888E63355D92FA2B3C36D8FB2CD";
WOLFSSL_SMALL_STACK_STATIC const char* expSstr256 =
"F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEB"
"EFDC63ECCD1AC42EC0CB8668A4FA0AB0";
#endif
#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
WOLFSSL_SMALL_STACK_STATIC const char* expRstr384 =
"94EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C"
"81A648152E44ACF96E36DD1E80FABE46";
WOLFSSL_SMALL_STACK_STATIC const char* expSstr384 =
"99EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94F"
"A329C145786E679E7B82C71A38628AC8";
#endif
#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
WOLFSSL_SMALL_STACK_STATIC const char* expRstr512 =
"ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799C"
"FE30F35CC900056D7C99CD7882433709";
WOLFSSL_SMALL_STACK_STATIC const char* expSstr512 =
"512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112"
"DC7CC3EF3446DEFCEB01A45C2667FDD5";
#endif
#ifdef WOLFSSL_SMALL_STACK
key = (ecc_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
r = (mp_int *)XMALLOC(sizeof(*r), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
s = (mp_int *)XMALLOC(sizeof(*s), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
expR = (mp_int *)XMALLOC(sizeof(*expR), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
expS = (mp_int *)XMALLOC(sizeof(*expS), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if ((key == NULL) ||
(r == NULL) ||
(s == NULL) ||
(expR == NULL) ||
(expS == NULL))
{
ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), done);
}
#endif
ret = mp_init_multi(r, s, expR, expS, NULL, NULL);
if (ret != MP_OKAY)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
tmp_mp_ints_inited = 1;
ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
key_inited = 1;
ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP384R1");
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_ecc_set_deterministic(key, 1);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#ifndef NO_SHA256
/* Test for SHA2-256 */
mp_read_radix(expR, expRstr256, MP_RADIX_HEX);
mp_read_radix(expS, expSstr256, MP_RADIX_HEX);
ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA256, msg, rng,
r, s, expR, expS);
if (ret != 0)
ERROR_OUT(ret, done);
#endif /* NO_SHA256 */
#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
/* Test for SHA2-384 */
mp_read_radix(expR, expRstr384, MP_RADIX_HEX);
mp_read_radix(expS, expSstr384, MP_RADIX_HEX);
ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA384, msg, rng,
r, s, expR, expS);
if (ret != 0)
ERROR_OUT(ret, done);
#endif /* WOLFSSL_SHA384 */
#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
/* Test for SHA2-512 */
mp_read_radix(expR, expRstr512, MP_RADIX_HEX);
mp_read_radix(expS, expSstr512, MP_RADIX_HEX);
ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA512, msg, rng,
r, s, expR, expS);
if (ret != 0)
ERROR_OUT(ret, done);
#endif /* WOLFSSL_SHA512 */
done:
if (key_inited)
wc_ecc_free(key);
if (tmp_mp_ints_inited) {
mp_free(r);
mp_free(s);
mp_free(expR);
mp_free(expS);
}
WC_FREE_VAR_EX(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
WC_FREE_VAR_EX(r, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
WC_FREE_VAR_EX(s, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
WC_FREE_VAR_EX(expR, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
WC_FREE_VAR_EX(expS, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
#endif /* HAVE_ECC384 */
#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521
/* KAT from RFC6979 */
static wc_test_ret_t ecc521_test_deterministic_k(WC_RNG* rng)
{
wc_test_ret_t ret;
#ifdef WOLFSSL_SMALL_STACK
ecc_key *key;
mp_int *r, *s, *expR, *expS;
#else
ecc_key key[1];
mp_int r[1], s[1], expR[1], expS[1];
#endif
int key_inited = 0,
tmp_mp_ints_inited = 0;
WOLFSSL_SMALL_STACK_STATIC const char* msg = "sample";
WOLFSSL_SMALL_STACK_STATIC const char* dIUT =
"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75C"
"AA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83"
"538";
WOLFSSL_SMALL_STACK_STATIC const char* QIUTx =
"1894550D0785932E00EAA23B694F213F8C3121F86DC97A04E5A7167DB4E5BCD3"
"71123D46E45DB6B5D5370A7F20FB633155D38FFA16D2BD761DCAC474B9A2F502"
"3A4";
WOLFSSL_SMALL_STACK_STATIC const char* QIUTy =
"0493101C962CD4D2FDDF782285E64584139C2F91B47F87FF82354D6630F746A2"
"8A0DB25741B5B34A828008B22ACC23F924FAAFBD4D33F81EA66956DFEAA2BFDF"
"CF5";
#ifndef NO_SHA256
WOLFSSL_SMALL_STACK_STATIC const char* expRstr256 =
"1511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659"
"D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E"
"1A7";
WOLFSSL_SMALL_STACK_STATIC const char* expSstr256 =
"04A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916"
"E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7E"
"CFC";
#endif
#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
WOLFSSL_SMALL_STACK_STATIC const char* expRstr384 =
"1EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4"
"B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C67"
"451";
WOLFSSL_SMALL_STACK_STATIC const char* expSstr384 =
"1F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5"
"FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65"
"D61";
#endif
#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
WOLFSSL_SMALL_STACK_STATIC const char* expRstr512 =
"0C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F1"
"74E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E37"
"7FA";
WOLFSSL_SMALL_STACK_STATIC const char* expSstr512 =
"0617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF2"
"82623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A"
"67A";
#endif
#ifdef WOLFSSL_SMALL_STACK
key = (ecc_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
r = (mp_int *)XMALLOC(sizeof(*r), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
s = (mp_int *)XMALLOC(sizeof(*s), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
expR = (mp_int *)XMALLOC(sizeof(*expR), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
expS = (mp_int *)XMALLOC(sizeof(*expS), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if ((key == NULL) ||
(r == NULL) ||
(s == NULL) ||
(expR == NULL) ||
(expS == NULL))
{
ret = WC_TEST_RET_ENC_EC(MEMORY_E);
goto done;
}
#endif
ret = mp_init_multi(r, s, expR, expS, NULL, NULL);
if (ret != MP_OKAY)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
tmp_mp_ints_inited = 1;
ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
key_inited = 1;
ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP521R1");
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_ecc_set_deterministic(key, 1);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#ifndef NO_SHA256
/* Test for SHA2-256 */
mp_read_radix(expR, expRstr256, MP_RADIX_HEX);
mp_read_radix(expS, expSstr256, MP_RADIX_HEX);
ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA256, msg, rng,
r, s, expR, expS);
if (ret != 0)
ERROR_OUT(ret, done);
#endif /* NO_SHA256 */
#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
/* Test for SHA2-384 */
mp_read_radix(expR, expRstr384, MP_RADIX_HEX);
mp_read_radix(expS, expSstr384, MP_RADIX_HEX);
ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA384, msg, rng,
r, s, expR, expS);
if (ret != 0)
ERROR_OUT(ret, done);
#endif /* WOLFSSL_SHA384 */
#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0))
/* Test for SHA2-512 */
mp_read_radix(expR, expRstr512, MP_RADIX_HEX);
mp_read_radix(expS, expSstr512, MP_RADIX_HEX);
ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA512, msg, rng,
r, s, expR, expS);
if (ret != 0)
ERROR_OUT(ret, done);
#endif /* WOLFSSL_SHA512 */
done:
if (key_inited)
wc_ecc_free(key);
if (tmp_mp_ints_inited) {
mp_free(r);
mp_free(s);
mp_free(expR);
mp_free(expS);
}
WC_FREE_VAR_EX(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
WC_FREE_VAR_EX(r, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
WC_FREE_VAR_EX(s, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
WC_FREE_VAR_EX(expR, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
WC_FREE_VAR_EX(expS, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
#endif /* HAVE_ECC521 */
#endif /* WOLFSSL_PUBLIC_MP */
#endif /* HAVE_ECC_SIGN && (WOLFSSL_ECDSA_DETERMINISTIC_K ||
WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)
&& (!HAVE_FIPS || FIPS_VERSION_GE(5,3)) */
#if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_SET_K) && \
!defined(WOLFSSL_KCAPI_ECC)
static wc_test_ret_t ecc_test_sign_vectors(WC_RNG* rng)
{
wc_test_ret_t ret;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
ecc_key *key = NULL;
#else
ecc_key key[1];
#endif
int key_inited = 0;
byte sig[72];
word32 sigSz;
WOLFSSL_SMALL_STACK_STATIC const unsigned char hash[32] = "test wolfSSL deterministic sign";
WOLFSSL_SMALL_STACK_STATIC const char* dIUT = "7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534";
WOLFSSL_SMALL_STACK_STATIC const char* QIUTx = "ead218590119e8876b29146ff89ca61770c4edbbf97d38ce385ed281d8a6b230";
WOLFSSL_SMALL_STACK_STATIC const char* QIUTy = "28af61281fd35e2fa7002523acc85a429cb06ee6648325389f59edfce1405141";
WOLFSSL_SMALL_STACK_STATIC const byte k[1] = { 0x02 };
WOLFSSL_SMALL_STACK_STATIC const byte expSig[71] = {
0x30, 0x45, 0x02, 0x20, 0x7c, 0xf2, 0x7b, 0x18,
0x8d, 0x03, 0x4f, 0x7e, 0x8a, 0x52, 0x38, 0x03,
0x04, 0xb5, 0x1a, 0xc3, 0xc0, 0x89, 0x69, 0xe2,
0x77, 0xf2, 0x1b, 0x35, 0xa6, 0x0b, 0x48, 0xfc,
0x47, 0x66, 0x99, 0x78, 0x02, 0x21, 0x00, 0xa8,
0x43, 0xa0, 0xce, 0x6c, 0x5e, 0x17, 0x8a, 0x53,
0x4d, 0xaf, 0xd2, 0x95, 0x78, 0x9f, 0x84, 0x4f,
0x94, 0xb8, 0x75, 0xa3, 0x19, 0xa5, 0xd4, 0xdf,
0xe1, 0xd4, 0x5e, 0x9d, 0x97, 0xfe, 0x81
};
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if ((key = (ecc_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
return MEMORY_E;
#endif
ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
key_inited = 1;
ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP256R1");
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#if (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) \
&& (HAVE_FIPS_VERSION > 2)))
wc_ecc_set_flags(key, WC_ECC_FLAG_DEC_SIGN);
#endif
ret = wc_ecc_sign_set_k(k, sizeof(k), key);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
sigSz = sizeof(sig);
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret == 0)
ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key);
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
TEST_SLEEP();
if (sigSz != sizeof(expSig)) {
ret = WC_TEST_RET_ENC_NC;
goto done;
}
if (XMEMCMP(sig, expSig, sigSz) != 0) {
ret = WC_TEST_RET_ENC_NC;
goto done;
}
sigSz = sizeof(sig);
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret == 0)
ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key);
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
TEST_SLEEP();
done:
if (key_inited)
wc_ecc_free(key);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
#endif
#if defined(HAVE_ECC_CDH) && defined(HAVE_ECC_DHE)
static wc_test_ret_t ecc_test_cdh_vectors(WC_RNG* rng)
{
wc_test_ret_t ret;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
ecc_key *pub_key = (ecc_key *)XMALLOC(sizeof *pub_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
ecc_key *priv_key = (ecc_key *)XMALLOC(sizeof *priv_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
ecc_key pub_key[1], priv_key[1];
#endif
byte sharedA[32] = {0}, sharedB[32] = {0};
word32 x, z;
WOLFSSL_SMALL_STACK_STATIC const char* QCAVSx = "700c48f77f56584c5cc632ca65640db91b6bacce3a4df6b42ce7cc838833d287";
WOLFSSL_SMALL_STACK_STATIC const char* QCAVSy = "db71e509e3fd9b060ddb20ba5c51dcc5948d46fbf640dfe0441782cab85fa4ac";
WOLFSSL_SMALL_STACK_STATIC const char* dIUT = "7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534";
WOLFSSL_SMALL_STACK_STATIC const char* QIUTx = "ead218590119e8876b29146ff89ca61770c4edbbf97d38ce385ed281d8a6b230";
WOLFSSL_SMALL_STACK_STATIC const char* QIUTy = "28af61281fd35e2fa7002523acc85a429cb06ee6648325389f59edfce1405141";
WOLFSSL_SMALL_STACK_STATIC const char* ZIUT = "46fc62106420ff012e54a434fbdd2d25ccc5852060561e68040dd7778997bd7b";
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if ((pub_key == NULL) ||
(priv_key == NULL)) {
ret = WC_TEST_RET_ENC_EC(MEMORY_E);
goto done;
}
#endif
XMEMSET(pub_key, 0, sizeof *pub_key);
XMEMSET(priv_key, 0, sizeof *priv_key);
/* setup private and public keys */
ret = wc_ecc_init_ex(pub_key, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_ecc_init_ex(priv_key, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
wc_ecc_set_flags(pub_key, WC_ECC_FLAG_COFACTOR);
wc_ecc_set_flags(priv_key, WC_ECC_FLAG_COFACTOR);
ret = wc_ecc_import_raw(pub_key, QCAVSx, QCAVSy, NULL, "SECP256R1");
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_ecc_import_raw(priv_key, QIUTx, QIUTy, dIUT, "SECP256R1");
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
!defined(HAVE_SELFTEST)
ret = wc_ecc_set_rng(priv_key, rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#else
(void)rng;
#endif
/* compute ECC Cofactor shared secret */
x = sizeof(sharedA);
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &priv_key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret == 0)
ret = wc_ecc_shared_secret(priv_key, pub_key, sharedA, &x);
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
TEST_SLEEP();
/* read in expected Z */
z = sizeof(sharedB);
ret = Base16_Decode((const byte*)ZIUT, (word32)XSTRLEN(ZIUT), sharedB, &z);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
/* compare results */
if (x != z || XMEMCMP(sharedA, sharedB, x)) {
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
done:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (priv_key) {
wc_ecc_free(priv_key);
XFREE(priv_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
if (pub_key) {
wc_ecc_free(pub_key);
XFREE(pub_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#else
wc_ecc_free(priv_key);
wc_ecc_free(pub_key);
#endif
return ret;
}
#endif /* HAVE_ECC_CDH && HAVE_ECC_DHE */
#endif /* HAVE_ECC_VECTOR_TEST */
#ifdef HAVE_ECC_KEY_IMPORT
/* returns 0 on success */
static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT)
ecc_key *pub = (ecc_key *)XMALLOC(sizeof *pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
byte *exportBuf = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
byte *tmp = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
ecc_key key[1];
#if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC)
ecc_key pub[1];
#endif
byte exportBuf[ECC_BUFSIZE];
byte tmp[ECC_BUFSIZE];
#endif
static const byte msg[] =
"All we have to decide is what to do with the time that is given ";
wc_static_assert(sizeof(msg) >= WC_MAX_DIGEST_SIZE);
word32 x;
word32 tmpSz;
wc_test_ret_t ret = 0;
ecc_point* pubPoint = NULL;
#ifdef HAVE_ECC_VERIFY
int verify = 0;
#endif
#ifdef NO_ASN
/* private d for eccKeyDerFile / ecc_key_der_256 */
const byte keyPriv[] = {
0x45, 0xB6, 0x69, 0x02, 0x73, 0x9C, 0x6C, 0x85,
0xA1, 0x38, 0x5B, 0x72, 0xE8, 0xE8, 0xC7, 0xAC,
0xC4, 0x03, 0x8D, 0x53, 0x35, 0x04, 0xFA, 0x6C,
0x28, 0xDC, 0x34, 0x8D, 0xE1, 0xA8, 0x09, 0x8C
};
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if ((key == NULL) ||
#if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT)
(pub == NULL) ||
#endif
(exportBuf == NULL) ||
(tmp == NULL))
ERROR_OUT(MEMORY_E, done);
#endif
(void)msg;
(void)verify;
(void)exportBuf;
(void)rng;
wc_ecc_init_ex(key, HEAP_HINT, devId);
#ifndef NO_ECC256
#if defined(USE_CERT_BUFFERS_256)
{
XMEMCPY(tmp, ecc_key_der_256, (size_t)sizeof_ecc_key_der_256);
tmpSz = (size_t)sizeof_ecc_key_der_256;
}
#elif !defined(NO_FILESYSTEM)
{
XFILE file = XFOPEN(eccKeyDerFile, "rb");
if (!file) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
}
tmpSz = (word32)XFREAD(tmp, 1, ECC_BUFSIZE, file);
XFCLOSE(file);
if (tmpSz == 0)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
}
#else
{
WOLFSSL_MSG("No file system and USE_CERT_BUFFERS_256 not defined.(2)");
ERROR_OUT(ASN_PARSE_E, done);
}
#endif /* USE_CERT_BUFFERS_256 */
/* import private only then test with */
ret = wc_ecc_import_private_key(tmp, tmpSz, NULL, 0, NULL);
if (ret == 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
ret = wc_ecc_import_private_key(NULL, tmpSz, NULL, 0, key);
if (ret == 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
#ifndef NO_ASN
x = 0;
ret = wc_EccPrivateKeyDecode(tmp, &x, key, tmpSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#ifdef HAVE_ECC_KEY_EXPORT
x = ECC_BUFSIZE;
ret = wc_ecc_export_private_only(key, exportBuf, &x);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
/* make private only key */
wc_ecc_free(key);
wc_ecc_init_ex(key, HEAP_HINT, devId);
ret = wc_ecc_import_private_key(exportBuf, x, NULL, 0, key);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
x = ECC_BUFSIZE;
ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0);
if (ret == 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
#endif /* HAVE_ECC_KEY_EXPORT */
#else
/* Load raw private d directly */
ret = wc_ecc_import_private_key(keyPriv, sizeof(keyPriv), NULL, 0, key);
#endif /* !NO_ASN */
ret = wc_ecc_make_pub(NULL, NULL);
if (ret == 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
TEST_SLEEP();
#ifndef WOLFSSL_NO_MALLOC
pubPoint = wc_ecc_new_point_h(HEAP_HINT);
if (pubPoint == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
}
#if !defined(WOLFSSL_CRYPTOCELL)
ret = wc_ecc_make_pub(key, pubPoint);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#endif /* !WOLFSSL_CRYPTOCELL */
TEST_SLEEP();
#ifdef HAVE_ECC_KEY_EXPORT
/* export should still fail, is private only key */
x = ECC_BUFSIZE;
ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0);
if (ret == 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
#endif /* HAVE_ECC_KEY_EXPORT */
#endif /* !WOLFSSL_NO_MALLOC */
#endif /* !NO_ECC256 */
/* create a new key since above test for loading key is not supported */
#if defined(WOLFSSL_CRYPTOCELL) || defined(NO_ECC256) || \
defined(WOLFSSL_QNX_CAAM) || defined(WOLFSSL_SE050) || \
defined(WOLFSSL_SECO_CAAM) || defined(WOLFSSL_IMXRT1170_CAAM)
ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#endif
#if defined(HAVE_ECC_SIGN) && !defined(WC_NO_RNG) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(HAVE_ECC_DETERMINISTIC_K)
tmpSz = ECC_BUFSIZE;
ret = 0;
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret == 0)
ret = wc_ecc_sign_hash(msg, WC_MAX_DIGEST_SIZE, tmp, &tmpSz, rng, key);
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
TEST_SLEEP();
#ifdef HAVE_ECC_VERIFY
/* try verify with private only key */
ret = 0;
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret == 0)
ret = wc_ecc_verify_hash(tmp, tmpSz, msg, WC_MAX_DIGEST_SIZE, &verify, key);
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
if (verify != 1) {
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
TEST_SLEEP();
#ifdef HAVE_ECC_KEY_EXPORT
/* exporting the public part should now work */
x = ECC_BUFSIZE;
ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#endif /* HAVE_ECC_KEY_EXPORT */
#endif /* HAVE_ECC_VERIFY */
#endif /* HAVE_ECC_SIGN */
#if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
/* now test private only key with creating a shared secret */
x = ECC_BUFSIZE;
ret = wc_ecc_export_private_only(key, exportBuf, &x);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#if !defined(WOLFSSL_QNX_CAAM) && !defined(WOLFSSL_SE050)
/* make private only key */
wc_ecc_free(key);
wc_ecc_init_ex(key, HEAP_HINT, devId);
ret = wc_ecc_import_private_key(exportBuf, x, NULL, 0, key);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
/* check that public export fails with private only key */
x = ECC_BUFSIZE;
ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0);
if (ret == 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
#endif /* WOLFSSL_QNX_CAAM */
#ifndef WOLF_CRYPTO_CB_ONLY_ECC
/* make public key for shared secret */
wc_ecc_init_ex(pub, HEAP_HINT, devId);
ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, pub);
#ifdef HAVE_ECC_CDH
wc_ecc_set_flags(key, WC_ECC_FLAG_COFACTOR);
#endif
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &pub->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
TEST_SLEEP();
#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
!defined(HAVE_SELFTEST)
ret = wc_ecc_set_rng(key, rng);
if (ret != 0)
goto done;
#endif
x = ECC_BUFSIZE;
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret == 0)
ret = wc_ecc_shared_secret(key, pub, exportBuf, &x);
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
wc_ecc_free(pub);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
TEST_SLEEP();
#endif /* HAVE_ECC_DHE && HAVE_ECC_KEY_EXPORT && !WC_NO_RNG */
#endif /* WOLF_CRYPTO_CB_ONLY_ECC */
ret = 0;
done:
wc_ecc_del_point_h(pubPoint, HEAP_HINT);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (key != NULL) {
wc_ecc_free(key);
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT)
XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
XFREE(exportBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
wc_ecc_free(key);
#endif
(void)tmpSz;
return ret;
}
#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && \
!defined(WC_NO_RNG) && (!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_SWDEV))
static wc_test_ret_t ecc_test_key_decode(WC_RNG* rng, int keySize)
{
wc_test_ret_t ret;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
ecc_key *eccKey = (ecc_key *)XMALLOC(sizeof *eccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
byte *tmpBuf = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
ecc_key eccKey[1];
byte tmpBuf[ECC_BUFSIZE];
#endif
word32 tmpSz;
word32 idx;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if ((eccKey == NULL) || (tmpBuf == NULL))
ERROR_OUT(MEMORY_E, done);
#endif
ret = wc_ecc_init(eccKey);
if (ret != 0) {
goto done;
}
ret = wc_ecc_make_key(rng, keySize, eccKey);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &eccKey->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0) {
goto done;
}
tmpSz = ECC_BUFSIZE;
ret = wc_EccKeyToDer(eccKey, tmpBuf, tmpSz);
wc_ecc_free(eccKey);
if (ret < 0) {
goto done;
}
tmpSz = (word32)ret;
ret = wc_ecc_init(eccKey);
if (ret != 0) {
goto done;
}
idx = 0;
ret = wc_EccPrivateKeyDecode(tmpBuf, &idx, eccKey, tmpSz);
if (ret != 0) {
goto done;
}
wc_ecc_free(eccKey);
ret = wc_ecc_init(eccKey);
if (ret != 0) {
goto done;
}
idx = 0;
ret = wc_EccPublicKeyDecode(tmpBuf, &idx, eccKey, tmpSz);
if (ret != 0) {
goto done;
}
ret = 0;
done:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (eccKey != NULL) {
wc_ecc_free(eccKey);
XFREE(eccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
XFREE(tmpBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
wc_ecc_free(eccKey);
#endif
return ret;
}
#endif /* HAVE_ECC_KEY_EXPORT && !NO_ASN_CRYPT */
#endif /* HAVE_ECC_KEY_IMPORT */
#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && \
!defined(WC_NO_RNG) && (!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_SWDEV))
static wc_test_ret_t ecc_test_key_gen(WC_RNG* rng, int keySize)
{
wc_test_ret_t ret = 0;
int derSz;
#ifdef HAVE_PKCS8
word32 pkcs8Sz;
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
byte *der = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
byte der[ECC_BUFSIZE];
ecc_key userA[1];
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if ((der == NULL) || (userA == NULL))
ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), done);
#endif
ret = test_EccInit_Pair(userA, keySize, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_ecc_make_key(rng, keySize, userA);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
TEST_SLEEP();
#ifndef WC_TEST_SKIP_ECC_CHECK_KEY
ret = wc_ecc_check_key(userA);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
TEST_SLEEP();
#endif
derSz = wc_EccKeyToDer(userA, der, ECC_BUFSIZE);
if (derSz < 0) {
ERROR_OUT(WC_TEST_RET_ENC_I(derSz), done);
}
ret = SaveDerAndPem(der, derSz, eccCaKeyTempFile, eccCaKeyPemFile,
ECC_PRIVATEKEY_TYPE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
/* test export of public key */
derSz = wc_EccPublicKeyToDer(userA, der, ECC_BUFSIZE, 1);
if (derSz < 0) {
ERROR_OUT(WC_TEST_RET_ENC_I(derSz), done);
}
if (derSz == 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
#ifdef HAVE_COMP_KEY
/* test export of compressed public key */
derSz = wc_EccPublicKeyToDer_ex(userA, der, ECC_BUFSIZE, 1, 1);
if (derSz < 0) {
ERROR_OUT(WC_TEST_RET_ENC_I(derSz), done);
}
if (derSz == 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
#endif
ret = SaveDerAndPem(der, derSz, eccPubKeyDerFile, NULL, 0);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#ifdef HAVE_PKCS8
/* test export of PKCS#8 unencrypted private key */
pkcs8Sz = FOURK_BUF;
derSz = wc_EccPrivateKeyToPKCS8(userA, der, &pkcs8Sz);
if (derSz < 0) {
ERROR_OUT(WC_TEST_RET_ENC_I(derSz), done);
}
if (derSz == 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
ret = SaveDerAndPem(der, derSz, eccPkcs8KeyDerFile, NULL, 0);
if (ret != 0) {
goto done;
}
#endif /* HAVE_PKCS8 */
done:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (userA != NULL) {
wc_ecc_free(userA);
XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#else
wc_ecc_free(userA);
#endif
return ret;
}
#endif /* HAVE_ECC_KEY_EXPORT && !NO_ASN_CRYPT */
static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
int curve_id, const ecc_set_type* dp)
{
#if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_MICROCHIP_TA100)
WC_DECLARE_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT);
WC_DECLARE_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT);
word32 y;
#endif
#ifndef WC_NO_RNG
#ifdef HAVE_ECC_KEY_EXPORT
#define ECC_KEY_EXPORT_BUF_SIZE (MAX_ECC_BYTES * 2 + 32)
WC_DECLARE_VAR(exportBuf, byte, ECC_KEY_EXPORT_BUF_SIZE, HEAP_HINT);
#endif
#if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \
!defined(WC_NO_RNG) && !defined(WOLFSSL_KCAPI_ECC)) && \
defined(HAVE_ECC_SIGN)
WC_DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
WC_DECLARE_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT);
int i;
#ifdef HAVE_ECC_VERIFY
int verify;
#endif /* HAVE_ECC_VERIFY */
#endif /* HAVE_ECC_SIGN */
#endif /* WC_NO_RNG */
wc_test_ret_t ret;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
ecc_key *userB = (ecc_key *)XMALLOC(sizeof *userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
ecc_key *pubKey = (ecc_key *)XMALLOC(sizeof *pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
ecc_key userA[1];
ecc_key userB[1];
ecc_key pubKey[1];
#endif
#ifndef WC_NO_RNG
int curveSize;
#endif
word32 x = 0;
#if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_MICROCHIP_TA100)
WC_ALLOC_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT);
WC_ALLOC_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT);
#endif
#ifdef HAVE_ECC_KEY_EXPORT
WC_ALLOC_VAR(exportBuf, byte, ECC_KEY_EXPORT_BUF_SIZE, HEAP_HINT);
#endif
#if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \
!defined(WC_NO_RNG) && !defined(WOLFSSL_KCAPI_ECC)) && \
defined(HAVE_ECC_SIGN)
WC_ALLOC_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
WC_ALLOC_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT);
#endif
#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
#if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_MICROCHIP_TA100)
if (sharedA == NULL || sharedB == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
#endif
#ifdef HAVE_ECC_KEY_EXPORT
if (exportBuf == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
#endif
#if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \
!defined(WC_NO_RNG) && !defined(WOLFSSL_KCAPI_ECC)) && \
defined(HAVE_ECC_SIGN)
if (sig == NULL || digest == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
#endif
#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
(void)testVerifyCount;
(void)dp;
(void)x;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if ((userA == NULL) ||
(userB == NULL) ||
(pubKey == NULL))
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
#endif
XMEMSET(userA, 0, sizeof *userA);
XMEMSET(userB, 0, sizeof *userB);
XMEMSET(pubKey, 0, sizeof *pubKey);
ret = test_EccInit_Pair(userA, keySize, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = test_EccInit_Pair(userB, keySize, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = test_EccInit_Pub(pubKey, keySize, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#ifdef WOLFSSL_CUSTOM_CURVES
if (dp != NULL) {
ret = wc_ecc_set_custom_curve(userA, dp);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_ecc_set_custom_curve(userB, dp);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
}
#endif
#ifndef WC_NO_RNG
#if defined(WOLFSSL_MICROCHIP_TA100)
userA->slot = atmel_ecc_alloc(ATMEL_SLOT_ECDHE_ALICE);
#endif
ret = wc_ecc_make_key_ex(rng, keySize, userA, curve_id);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
#ifdef WOLF_CRYPTO_CB_ONLY_ECC
if (ret == WC_NO_ERR_TRACE(NO_VALID_DEVID)) {
ret = 0;
goto done; /* no software case */
}
#endif
if (ret == WC_NO_ERR_TRACE(ECC_CURVE_OID_E))
goto done; /* catch case, where curve is not supported */
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
TEST_SLEEP();
if (wc_ecc_get_curve_idx(curve_id) != -1) {
curveSize = wc_ecc_get_curve_size_from_id(userA->dp->id);
if (curveSize != userA->dp->size)
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
#ifndef WC_TEST_SKIP_ECC_CHECK_KEY
ret = wc_ecc_check_key(userA);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
TEST_SLEEP();
#endif
#if defined(WOLFSSL_MICROCHIP_TA100)
userB->slot = atmel_ecc_alloc(ATMEL_SLOT_ECDHE_BOB);
#endif
/* ATECC508/608 configuration may not support more than one ECDH key */
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_MICROCHIP_TA100)
ret = wc_ecc_make_key_ex(rng, keySize, userB, curve_id);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
TEST_SLEEP();
/* only perform the below tests if the key size matches */
if (dp == NULL && keySize > 0 && wc_ecc_size(userA) != keySize)
/* Not an error, just not a key size match */
WARNING_OUT(ECC_CURVE_OID_E, done);
#ifdef HAVE_ECC_DHE
#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
!defined(HAVE_SELFTEST)
ret = wc_ecc_set_rng(userA, rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_ecc_set_rng(userB, rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#endif
x = ECC_SHARED_SIZE;
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret == 0)
ret = wc_ecc_shared_secret(userA, userB, sharedA, &x);
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
TEST_SLEEP();
y = ECC_SHARED_SIZE;
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret == 0)
ret = wc_ecc_shared_secret(userB, userA, sharedB, &y);
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
if (y != x)
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
if (XMEMCMP(sharedA, sharedB, x))
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
TEST_SLEEP();
#ifdef HAVE_ECC_CDH
/* add cofactor flag */
wc_ecc_set_flags(userA, WC_ECC_FLAG_COFACTOR);
wc_ecc_set_flags(userB, WC_ECC_FLAG_COFACTOR);
x = ECC_SHARED_SIZE;
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret == 0)
ret = wc_ecc_shared_secret(userA, userB, sharedA, &x);
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
TEST_SLEEP();
y = ECC_SHARED_SIZE;
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret == 0)
ret = wc_ecc_shared_secret(userB, userA, sharedB, &y);
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
if (y != x)
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
if (XMEMCMP(sharedA, sharedB, x))
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
TEST_SLEEP();
/* remove cofactor flag */
wc_ecc_set_flags(userA, 0);
wc_ecc_set_flags(userB, 0);
#endif /* HAVE_ECC_CDH */
#endif /* HAVE_ECC_DHE */
#endif /* !WOLFSSL_ATECC508A && WOLFSSL_ATECC608A */
#ifdef HAVE_ECC_KEY_EXPORT
x = ECC_KEY_EXPORT_BUF_SIZE;
ret = wc_ecc_export_x963_ex(userA, exportBuf, &x, 0);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#ifdef HAVE_ECC_KEY_IMPORT
#ifdef WOLFSSL_CUSTOM_CURVES
if (dp != NULL) {
ret = wc_ecc_set_custom_curve(pubKey, dp);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
}
#endif
ret = wc_ecc_import_x963_ex(exportBuf, x, pubKey, curve_id);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_MICROCHIP_TA100)
#ifdef HAVE_ECC_DHE
y = ECC_SHARED_SIZE;
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret == 0)
ret = wc_ecc_shared_secret(userB, pubKey, sharedB, &y);
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
if (XMEMCMP(sharedA, sharedB, y))
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
TEST_SLEEP();
#endif /* HAVE_ECC_DHE */
#ifdef HAVE_COMP_KEY
/* try compressed export / import too */
x = ECC_KEY_EXPORT_BUF_SIZE;
ret = wc_ecc_export_x963_ex(userA, exportBuf, &x, 1);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
wc_ecc_free(pubKey);
ret = test_EccInit_Pub(pubKey, keySize, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#ifdef WOLFSSL_CUSTOM_CURVES
if (dp != NULL) {
ret = wc_ecc_set_custom_curve(pubKey, dp);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
}
#endif
ret = wc_ecc_import_x963_ex(exportBuf, x, pubKey, curve_id);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#ifdef HAVE_ECC_DHE
y = ECC_SHARED_SIZE;
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret == 0)
ret = wc_ecc_shared_secret(userB, pubKey, sharedB, &y);
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
if (XMEMCMP(sharedA, sharedB, y))
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
TEST_SLEEP();
#endif /* HAVE_ECC_DHE */
#endif /* HAVE_COMP_KEY */
#endif /* !WOLFSSL_ATECC508A && !WOLFSSL_ATECC608A */
#endif /* HAVE_ECC_KEY_IMPORT */
#endif /* HAVE_ECC_KEY_EXPORT */
/* For KCAPI cannot sign using generated ECDH key */
#if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \
!defined(WC_NO_RNG) && !defined(WOLFSSL_KCAPI_ECC))
#ifdef HAVE_ECC_SIGN
/* WC_TEST_NO_ECC_SIGN_VERIFY_ZERO_DIGEST: build rejects all-zero digest,
* so test expects failure. */
#ifdef WOLFSSL_SM2
if (curve_id != ECC_SM2P256V1)
#endif
{
for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
digest[i] = 0;
}
x = ECC_SIG_SIZE;
XMEMSET(sig, 0, ECC_SIG_SIZE);
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret == 0)
ret = wc_ecc_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng, userA);
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
#ifdef WC_TEST_NO_ECC_SIGN_VERIFY_ZERO_DIGEST
if (ret == 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
}
else {
ret = 0;
}
#else
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#endif
TEST_SLEEP();
#ifdef HAVE_ECC_VERIFY
verify = 0;
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret == 0)
ret = wc_ecc_verify_hash(sig, x, digest, ECC_DIGEST_SIZE,
&verify, userA);
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
#ifdef WC_TEST_NO_ECC_SIGN_VERIFY_ZERO_DIGEST
if (ret == 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
}
else {
ret = 0;
}
if (verify == 1)
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
#else
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
if (verify != 1)
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
#endif
TEST_SLEEP();
#endif /* HAVE_ECC_VERIFY */
}
/* test DSA sign hash with sequence (0,1,2,3,4,...) */
for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
digest[i] = (byte)i;
}
x = ECC_SIG_SIZE;
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret == 0)
ret = wc_ecc_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng, userA);
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
TEST_SLEEP();
#ifdef HAVE_ECC_VERIFY
for (i=0; i<testVerifyCount; i++) {
verify = 0;
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret == 0)
ret = wc_ecc_verify_hash(sig, x, digest, ECC_DIGEST_SIZE,
&verify, userA);
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
if (verify != 1)
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
TEST_SLEEP();
}
#endif /* HAVE_ECC_VERIFY */
#endif /* HAVE_ECC_SIGN */
#endif /* !ECC_TIMING_RESISTANT || (ECC_TIMING_RESISTANT &&
* !WC_NO_RNG && !WOLFSSL_KCAPI_ECC) */
#if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) && \
!defined(WOLFSSL_ATECC508) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_KCAPI_ECC) && \
!defined(WC_TEST_SKIP_ECC_PRIVATE_EXPORT) && \
!defined(WOLFSSL_MICROCHIP_TA100)
x = ECC_KEY_EXPORT_BUF_SIZE;
ret = wc_ecc_export_private_only(userA, exportBuf, &x);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#elif defined(HAVE_ECC_KEY_EXPORT)
(void)exportBuf;
#endif /* HAVE_ECC_KEY_EXPORT */
#endif /* !WC_NO_RNG */
done:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (userA != NULL) {
wc_ecc_free(userA);
XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
if (userB != NULL) {
wc_ecc_free(userB);
XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
if (pubKey != NULL) {
wc_ecc_free(pubKey);
XFREE(pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#else
wc_ecc_free(pubKey);
wc_ecc_free(userB);
wc_ecc_free(userA);
#endif
#if defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)
WC_FREE_VAR(sharedA, HEAP_HINT);
WC_FREE_VAR(sharedB, HEAP_HINT);
#endif
#ifdef HAVE_ECC_KEY_EXPORT
WC_FREE_VAR(exportBuf, HEAP_HINT);
#endif
#ifdef HAVE_ECC_SIGN
WC_FREE_VAR(sig, HEAP_HINT);
WC_FREE_VAR(digest, HEAP_HINT);
#endif
/* Slot cleanup happens via wc_ecc_free(userA/userB) above; do not call
* atmel_ecc_free with the slot-type enum constants. */
(void)keySize;
(void)curve_id;
(void)rng;
return ret;
}
#undef ECC_TEST_VERIFY_COUNT
#define ECC_TEST_VERIFY_COUNT 2
static wc_test_ret_t ecc_test_curve(WC_RNG* rng, int keySize, int curve_id)
{
wc_test_ret_t ret;
WOLFSSL_MSG_EX("ecc_test_curve keySize = %d", keySize);
#if FIPS_VERSION3_GE(6,0,0)
#ifdef DEBUG_WOLFSSL
printf("keySize is %d\n", keySize);
#endif
if (keySize < WC_ECC_FIPS_GEN_MIN) {
goto skip_A;
}
#endif
ret = ecc_test_curve_size(rng, keySize, ECC_TEST_VERIFY_COUNT, curve_id,
NULL);
if (ret < 0) {
if (ret == WC_NO_ERR_TRACE(ECC_CURVE_OID_E)) {
/* ignore error for curves not found */
/* some curve sizes are only available with:
HAVE_ECC_SECPR2, HAVE_ECC_SECPR3, HAVE_ECC_BRAINPOOL
and HAVE_ECC_KOBLITZ */
}
else {
printf("ecc_test_curve_size %d failed!\n", keySize);
return ret;
}
}
#if (!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_SWDEV)) && \
!defined(WOLFSSL_MICROCHIP_TA100)
#if FIPS_VERSION3_GE(6,0,0)
skip_A:
#endif
#ifdef HAVE_ECC_VECTOR_TEST
ret = ecc_test_vector(keySize);
if (ret < 0) {
printf("ecc_test_vector %d failed!\n", keySize);
return ret;
}
#endif
#if FIPS_VERSION3_GE(6,0,0)
if (keySize < WC_ECC_FIPS_GEN_MIN) {
goto skip_B;
}
#endif
#if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
!defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
ret = ecc_test_key_decode(rng, keySize);
if (ret < 0) {
if (ret == WC_NO_ERR_TRACE(ECC_CURVE_OID_E)) {
/* ignore error for curves not found */
}
else {
printf("ecc_test_key_decode %d failed!\n", keySize);
return ret;
}
}
#endif
#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
ret = ecc_test_key_gen(rng, keySize);
if (ret < 0) {
if (ret == WC_NO_ERR_TRACE(ECC_CURVE_OID_E)) {
/* ignore error for curves not found */
}
else {
printf("ecc_test_key_gen %d failed!\n", keySize);
return ret;
}
}
#endif
#if FIPS_VERSION3_GE(6,0,0)
skip_B:
#endif
#endif /* WOLF_CRYPTO_CB_ONLY_ECC */
return 0;
}
#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_MICROCHIP_TA100) && \
defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
!defined(WOLFSSL_NO_MALLOC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
static wc_test_ret_t ecc_point_test(void)
{
wc_test_ret_t ret;
ecc_point* point;
ecc_point* point2;
#ifdef HAVE_COMP_KEY
ecc_point* point3;
ecc_point* point4;
#endif
word32 outLen;
byte out[65];
byte der[] = { 0x04, /* = Uncompressed */
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
#if defined(HAVE_COMP_KEY) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
(defined(FIPS_VERSION3_GE) && FIPS_VERSION3_GE(7,0,0)))
byte derComp0[] = { 0x02, /* = Compressed, y even */
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
byte derComp1[] = { 0x03, /* = Compressed, y odd */
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
#endif
byte altDer[] = { 0x04, /* = Uncompressed */
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
int curve_idx = wc_ecc_get_curve_idx(ECC_SECP256R1);
/* if curve P256 is not enabled then test should not fail */
if (curve_idx == ECC_CURVE_INVALID)
return 0;
outLen = sizeof(out);
point = wc_ecc_new_point();
if (point == NULL)
return WC_TEST_RET_ENC_ERRNO;
point2 = wc_ecc_new_point();
if (point2 == NULL) {
wc_ecc_del_point(point);
return WC_TEST_RET_ENC_NC;
}
#ifdef HAVE_COMP_KEY
point3 = wc_ecc_new_point();
if (point3 == NULL) {
wc_ecc_del_point(point2);
wc_ecc_del_point(point);
return WC_TEST_RET_ENC_NC;
}
point4 = wc_ecc_new_point();
if (point4 == NULL) {
wc_ecc_del_point(point3);
wc_ecc_del_point(point2);
wc_ecc_del_point(point);
return WC_TEST_RET_ENC_NC;
}
#endif
/* Parameter Validation testing. */
wc_ecc_del_point(NULL);
ret = wc_ecc_import_point_der(NULL, sizeof(der), curve_idx, point);
if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
ret = wc_ecc_import_point_der(der, sizeof(der), ECC_CURVE_INVALID, point);
if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
ret = wc_ecc_import_point_der(der, sizeof(der), curve_idx, NULL);
if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
ret = wc_ecc_export_point_der(-1, point, out, &outLen);
if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
ret = wc_ecc_export_point_der(curve_idx, NULL, out, &outLen);
if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
ret = wc_ecc_export_point_der(curve_idx, point, NULL, &outLen);
if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E) || outLen != sizeof(out)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
ret = wc_ecc_export_point_der(curve_idx, point, out, NULL);
if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
outLen = 0;
ret = wc_ecc_export_point_der(curve_idx, point, out, &outLen);
if (ret != WC_NO_ERR_TRACE(BUFFER_E)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
ret = wc_ecc_copy_point(NULL, NULL);
if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
ret = wc_ecc_copy_point(NULL, point2);
if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
ret = wc_ecc_copy_point(point, NULL);
if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
ret = wc_ecc_cmp_point(NULL, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
ret = wc_ecc_cmp_point(NULL, point2);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
ret = wc_ecc_cmp_point(point, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
/* Use API. */
ret = wc_ecc_import_point_der(der, sizeof(der), curve_idx, point);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
outLen = sizeof(out);
ret = wc_ecc_export_point_der(curve_idx, point, out, &outLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
if (outLen != sizeof(der)) {
ret = WC_TEST_RET_ENC_NC;
goto done;
}
if (XMEMCMP(out, der, outLen) != 0) {
ret = WC_TEST_RET_ENC_NC;
goto done;
}
ret = wc_ecc_copy_point(point2, point);
if (ret != MP_OKAY) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
ret = wc_ecc_cmp_point(point2, point);
if (ret != MP_EQ) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
ret = wc_ecc_import_point_der(altDer, sizeof(altDer), curve_idx, point2);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_ecc_cmp_point(point2, point);
if (ret != MP_GT) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
#if defined(HAVE_COMP_KEY) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
(defined(FIPS_VERSION3_GE) && FIPS_VERSION3_GE(7,0,0)))
/* Test compressed point with missing x coordinate bytes */
ret = wc_ecc_import_point_der(derComp0, 1, curve_idx, point3);
if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
ret = wc_ecc_import_point_der(derComp1, 1, curve_idx, point3);
if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
/* Full uncompressed P-256 length (65 bytes) but invalid prefix byte */
{
byte invalidType[65];
XMEMSET(invalidType, 0x42, sizeof(invalidType));
invalidType[0] = 0x01;
ret = wc_ecc_import_point_der_ex(invalidType, sizeof(invalidType),
curve_idx, point3, 0);
if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
}
ret = wc_ecc_import_point_der(derComp0, sizeof(derComp0)*2-1, curve_idx, point3);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_ecc_import_point_der_ex(derComp0, sizeof(derComp0), curve_idx, point4, 0);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_ecc_cmp_point(point3, point4);
if (ret != MP_EQ) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
ret = wc_ecc_import_point_der(derComp1, sizeof(derComp1)*2-1, curve_idx, point3);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_ecc_import_point_der_ex(derComp1, sizeof(derComp1), curve_idx, point4, 0);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_ecc_cmp_point(point3, point4);
if (ret != MP_EQ) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
#endif /* HAVE_COMP_KEY && ((!HAVE_FIPS && !HAVE_SELFTEST) || */
/* FIPS_VERSION3_GE(7,0,0)) */
done:
#ifdef HAVE_COMP_KEY
wc_ecc_del_point(point4);
wc_ecc_del_point(point3);
#endif
wc_ecc_del_point(point2);
wc_ecc_del_point(point);
return ret;
}
#endif /* !WOLFSSL_ATECC508A && HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */
#if !defined(NO_SIG_WRAPPER) && (!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_SWDEV)) && \
!defined(NO_ECC_SIGN)
static wc_test_ret_t ecc_sig_test(WC_RNG* rng, ecc_key* key)
{
#ifndef NO_SHA256
wc_test_ret_t ret;
word32 sigSz;
int size;
byte out[ECC_MAX_SIG_SIZE];
byte in[] = TEST_STRING;
WOLFSSL_SMALL_STACK_STATIC const byte hash[] = {
0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59,
0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe,
0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83,
0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f
};
word32 inLen = (word32)XSTRLEN((char*)in);
size = wc_ecc_sig_size(key);
ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_ECC, key, sizeof(*key));
if (ret != size)
return WC_TEST_RET_ENC_NC;
sigSz = (word32)ret;
ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC, in,
inLen, out, &sigSz, key, sizeof(*key), rng);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
TEST_SLEEP();
ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC, in,
inLen, out, sigSz, key, sizeof(*key));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
TEST_SLEEP();
sigSz = (word32)sizeof(out);
ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC,
hash, (int)sizeof(hash), out, &sigSz, key, sizeof(*key), rng);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
TEST_SLEEP();
ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC,
hash, (int)sizeof(hash), out, sigSz, key, sizeof(*key));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
TEST_SLEEP();
#else
(void)rng;
(void)key;
#endif
return 0;
}
#endif
#if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
(!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_SWDEV)) && \
!defined(WOLFSSL_MICROCHIP_TA100)
static wc_test_ret_t ecc_exp_imp_test(ecc_key* key)
{
wc_test_ret_t ret;
int curve_id;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
ecc_key *keyImp = (ecc_key *)XMALLOC(sizeof *keyImp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
ecc_key keyImp[1];
#endif
byte priv[32];
word32 privLen;
byte pub[65*2];
word32 pubLen, pubLenX, pubLenY;
const char qx[] = "7a4e287890a1a47ad3457e52f2f76a83"
"ce46cbc947616d0cbaa82323818a793d";
const char qy[] = "eec4084f5b29ebf29c44cce3b3059610"
"922f8b30ea6e8811742ac7238fe87308";
const char d[] = "8c14b793cb19137e323a6d2e2a870bca"
"2e7a493ec1153b3a95feb8a4873f8d08";
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (keyImp == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
#endif
wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
privLen = sizeof(priv);
ret = wc_ecc_export_private_only(key, priv, &privLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
pubLen = sizeof(pub);
ret = wc_ecc_export_point_der(key->idx, &key->pubkey, pub, &pubLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_ecc_import_private_key(priv, privLen, pub, pubLen, keyImp);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
wc_ecc_free(keyImp);
wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
ret = wc_ecc_import_raw_ex(keyImp, qx, qy, d, ECC_SECP256R1);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
wc_ecc_free(keyImp);
wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
curve_id = wc_ecc_get_curve_id(key->idx);
if (curve_id < 0) {
ret = WC_TEST_RET_ENC_EC(curve_id);
goto done;
}
/* test import private only */
ret = wc_ecc_import_private_key_ex(priv, privLen, NULL, 0, keyImp,
curve_id);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
wc_ecc_free(keyImp);
wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
/* test export public raw */
pubLenX = pubLenY = 32;
ret = wc_ecc_export_public_raw(key, pub, &pubLenX, &pub[32], &pubLenY);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#ifndef HAVE_SELFTEST
/* test import of public */
ret = wc_ecc_import_unsigned(keyImp, pub, &pub[32], NULL, ECC_SECP256R1);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#endif
wc_ecc_free(keyImp);
wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
/* test export private and public raw */
pubLenX = pubLenY = privLen = 32;
ret = wc_ecc_export_private_raw(key, pub, &pubLenX, &pub[32], &pubLenY,
priv, &privLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#ifndef HAVE_SELFTEST
/* test import of private and public */
ret = wc_ecc_import_unsigned(keyImp, pub, &pub[32], priv, ECC_SECP256R1);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#endif
done:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (keyImp != NULL) {
wc_ecc_free(keyImp);
XFREE(keyImp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#else
wc_ecc_free(keyImp);
#endif
return ret;
}
#endif /* HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */
/* wc_ecc_mulmod is a raw math primitive stripped by WOLF_CRYPTO_CB_ONLY_ECC;
* swdev operates at the cryptocb dispatch layer and cannot rescue it. */
#if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_MICROCHIP)
static wc_test_ret_t ecc_mulmod_test(ecc_key* key1)
{
wc_test_ret_t ret;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
ecc_key *key2 = (ecc_key *)XMALLOC(sizeof *key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
ecc_key *key3 = (ecc_key *)XMALLOC(sizeof *key3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
ecc_key key2[1];
ecc_key key3[1];
#endif
#ifdef WOLFSSL_PUBLIC_MP
mp_int* priv;
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if ((key2 == NULL) || (key3 == NULL))
ERROR_OUT(MEMORY_E, done);
#endif
wc_ecc_init_ex(key2, HEAP_HINT, devId);
wc_ecc_init_ex(key3, HEAP_HINT, devId);
/* TODO: Use test data, test with WOLFSSL_VALIDATE_ECC_IMPORT. */
/* Need base point (Gx,Gy) and parameter A - load them as the public and
* private key in key2.
*/
ret = wc_ecc_import_raw_ex(key2, key1->dp->Gx, key1->dp->Gy, key1->dp->Af,
ECC_SECP256R1);
if (ret != 0)
goto done;
/* Need a point (Gx,Gy) and prime - load them as the public and private key
* in key3.
*/
ret = wc_ecc_import_raw_ex(key3, key1->dp->Gx, key1->dp->Gy,
key1->dp->prime, ECC_SECP256R1);
if (ret != 0)
goto done;
ret = wc_ecc_mulmod(wc_ecc_key_get_priv(key1), &key2->pubkey, &key3->pubkey,
wc_ecc_key_get_priv(key2), wc_ecc_key_get_priv(key3),
1);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#ifdef WOLFSSL_PUBLIC_MP
priv = wc_ecc_key_get_priv(key1);
mp_zero(priv);
ret = wc_ecc_mulmod(wc_ecc_key_get_priv(key1), &key2->pubkey, &key3->pubkey,
wc_ecc_key_get_priv(key2), wc_ecc_key_get_priv(key3),
1);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
if (!wc_ecc_point_is_at_infinity(&key3->pubkey)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
if (mp_cmp_d(key3->pubkey.z, 1) != MP_EQ) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
#endif
done:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (key2 != NULL) {
wc_ecc_free(key2);
XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
if (key3 != NULL) {
wc_ecc_free(key3);
XFREE(key3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#else
wc_ecc_free(key3);
wc_ecc_free(key2);
#endif
return ret;
}
#endif
#if !defined(WOLFSSL_MICROCHIP) && \
defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A) && !defined(PLUTON_CRYPTO_ECC) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_MICROCHIP_TA100)
static wc_test_ret_t ecc_ssh_test(ecc_key* key, WC_RNG* rng)
{
wc_test_ret_t ret;
byte out[128];
word32 outLen = sizeof(out);
/* Parameter Validation testing. */
ret = wc_ecc_shared_secret_ssh(NULL, &key->pubkey, out, &outLen);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ecc_shared_secret_ssh(key, NULL, out, &outLen);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, NULL, &outLen);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
!defined(HAVE_SELFTEST)
ret = wc_ecc_set_rng(key, rng);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#else
(void)rng;
#endif
/* Use API. */
ret = 0;
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret == 0)
ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, &outLen);
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
TEST_SLEEP();
return 0;
}
#endif /* HAVE_ECC_DHE && !WC_NO_RNG */
static wc_test_ret_t ecc_def_curve_test(WC_RNG *rng)
{
wc_test_ret_t ret;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
ecc_key key[1];
#endif
#if !defined(NO_ECC_SECP) && !defined(NO_ASN) && \
((defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)) || \
(defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT)))
word32 idx = 0;
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (key == NULL)
ERROR_OUT(MEMORY_E, done);
#endif
wc_ecc_init_ex(key, HEAP_HINT, devId);
/* Use API */
ret = wc_ecc_set_flags(NULL, 0);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
ret = wc_ecc_set_flags(key, 0);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#if !defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_SWDEV)
#ifndef WC_NO_RNG
ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0) {
goto done;
}
#if !defined(NO_SIG_WRAPPER) && !defined(NO_ECC_SIGN)
ret = ecc_sig_test(rng, key);
if (ret < 0)
goto done;
#endif
TEST_SLEEP();
#if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A) && !defined(PLUTON_CRYPTO_ECC) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_MICROCHIP)
ret = ecc_ssh_test(key, rng);
if (ret < 0)
goto done;
#endif
wc_ecc_free(key);
#else
(void)rng;
#endif /* !WC_NO_RNG */
#if !defined(NO_ECC_SECP) && !defined(NO_ASN) && \
((defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)) || \
(defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT)))
/* Use test ECC key - ensure real private "d" exists */
#if defined(USE_CERT_BUFFERS_256)
{
ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, key,
sizeof_ecc_key_der_256);
}
#elif !defined(NO_FILESYSTEM)
{
XFILE file = XFOPEN(eccKeyDerFile, "rb");
byte der[128];
word32 derSz;
if (!file) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
}
derSz = (word32)XFREAD(der, 1, sizeof(der), file);
XFCLOSE(file);
if (derSz == 0)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
ret = wc_EccPrivateKeyDecode(der, &idx, key, derSz);
}
#else
{
(void)idx;
WOLFSSL_MSG("No file system and USE_CERT_BUFFERS_256 not defined.(3)");
ERROR_OUT(ASN_PARSE_E, done);
}
#endif
if (ret != 0) {
goto done;
}
#if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLFSSL_MICROCHIP_TA100)
ret = ecc_exp_imp_test(key);
if (ret < 0)
goto done;
#endif
#if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT) && \
!defined(WOLFSSL_CRYPTOCELL) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \
!defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_MICROCHIP)
ret = ecc_mulmod_test(key);
if (ret < 0)
goto done;
#endif
#endif
#else
(void)rng;
(void)idx;
#endif /* WOLF_CRYPTO_CB_ONLY_ECC */
done:
wc_ecc_free(key);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
#endif /* !NO_ECC256 || HAVE_ALL_CURVES */
#if defined(WOLFSSL_CERT_EXT) && \
(!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
static wc_test_ret_t ecc_decode_test(void)
{
wc_test_ret_t ret;
word32 inSz;
word32 inOutIdx;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
ecc_key key[1];
#endif
/* SECP256R1 OID: 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 */
/* This is ecc_clikeypub_der_256. */
WOLFSSL_SMALL_STACK_STATIC const byte good[] = {
0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce,
0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x55, 0xbf, 0xf4,
0x0f, 0x44, 0x50, 0x9a, 0x3d, 0xce, 0x9b, 0xb7, 0xf0, 0xc5,
0x4d, 0xf5, 0x70, 0x7b, 0xd4, 0xec, 0x24, 0x8e, 0x19, 0x80,
0xec, 0x5a, 0x4c, 0xa2, 0x24, 0x03, 0x62, 0x2c, 0x9b, 0xda,
0xef, 0xa2, 0x35, 0x12, 0x43, 0x84, 0x76, 0x16, 0xc6, 0x56,
0x95, 0x06, 0xcc, 0x01, 0xa9, 0xbd, 0xf6, 0x75, 0x1a, 0x42,
0xf7, 0xbd, 0xa9, 0xb2, 0x36, 0x22, 0x5f, 0xc7, 0x5d, 0x7f,
0xb4 };
WOLFSSL_SMALL_STACK_STATIC const byte badNoObjId[] = { 0x30, 0x08, 0x30, 0x06, 0x03, 0x04,
0x00, 0x04, 0x01, 0x01 };
WOLFSSL_SMALL_STACK_STATIC const byte badOneObjId[] = { 0x30, 0x0a, 0x30, 0x08, 0x06, 0x00,
0x03, 0x04, 0x00, 0x04, 0x01, 0x01 };
WOLFSSL_SMALL_STACK_STATIC const byte badObjId1Len[] = { 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x09,
0x06, 0x00, 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 };
WOLFSSL_SMALL_STACK_STATIC const byte badObj2d1Len[] = { 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x00,
0x06, 0x07, 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 };
WOLFSSL_SMALL_STACK_STATIC const byte badNotBitStr[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00,
0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
0x04, 0x04, 0x00, 0x04, 0x01, 0x01 };
WOLFSSL_SMALL_STACK_STATIC const byte badBitStrLen[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00,
0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
0x03, 0x05, 0x00, 0x04, 0x01, 0x01 };
WOLFSSL_SMALL_STACK_STATIC const byte badNoBitStrZero[] = { 0x30, 0x13, 0x30, 0x0a, 0x06, 0x00,
0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
0x03, 0x03, 0x04, 0x01, 0x01 };
WOLFSSL_SMALL_STACK_STATIC const byte badPoint[] = { 0x30, 0x12, 0x30, 0x09, 0x06, 0x00,
0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
0x03, 0x03, 0x00, 0x04, 0x01 };
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (key == NULL)
ERROR_OUT(MEMORY_E, done);
#endif
XMEMSET(key, 0, sizeof *key);
wc_ecc_init_ex(key, HEAP_HINT, devId);
inSz = sizeof(good);
ret = wc_EccPublicKeyDecode(NULL, &inOutIdx, key, inSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
ret = wc_EccPublicKeyDecode(good, NULL, key, inSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
ret = wc_EccPublicKeyDecode(good, &inOutIdx, NULL, inSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, 0);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
/* Change offset to produce bad input data. */
inOutIdx = 2;
inSz = sizeof(good) - inOutIdx;
ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz);
if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
inOutIdx = 4;
inSz = sizeof(good) - inOutIdx;
ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz);
if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
/* Bad data. */
inSz = sizeof(badNoObjId);
inOutIdx = 0;
ret = wc_EccPublicKeyDecode(badNoObjId, &inOutIdx, key, inSz);
if (ret != WC_NO_ERR_TRACE(ASN_OBJECT_ID_E) &&
ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
{
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
inSz = sizeof(badOneObjId);
inOutIdx = 0;
ret = wc_EccPublicKeyDecode(badOneObjId, &inOutIdx, key, inSz);
if (ret != WC_NO_ERR_TRACE(ASN_OBJECT_ID_E) &&
ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
{
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
inSz = sizeof(badObjId1Len);
inOutIdx = 0;
ret = wc_EccPublicKeyDecode(badObjId1Len, &inOutIdx, key, inSz);
if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
inSz = sizeof(badObj2d1Len);
inOutIdx = 0;
ret = wc_EccPublicKeyDecode(badObj2d1Len, &inOutIdx, key, inSz);
if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
inSz = sizeof(badNotBitStr);
inOutIdx = 0;
ret = wc_EccPublicKeyDecode(badNotBitStr, &inOutIdx, key, inSz);
if (ret != WC_NO_ERR_TRACE(ASN_BITSTR_E) &&
ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
{
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
inSz = sizeof(badBitStrLen);
inOutIdx = 0;
ret = wc_EccPublicKeyDecode(badBitStrLen, &inOutIdx, key, inSz);
if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
inSz = sizeof(badNoBitStrZero);
inOutIdx = 0;
ret = wc_EccPublicKeyDecode(badNoBitStrZero, &inOutIdx, key, inSz);
if (ret != WC_NO_ERR_TRACE(ASN_EXPECT_0_E) &&
ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
{
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
inSz = sizeof(badPoint);
inOutIdx = 0;
ret = wc_EccPublicKeyDecode(badPoint, &inOutIdx, key, inSz);
if (ret != WC_NO_ERR_TRACE(ASN_ECC_KEY_E) &&
ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
{
ret = WC_TEST_RET_ENC_EC(ret);
goto done;
}
inSz = sizeof(good);
inOutIdx = 0;
ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
done:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (key != NULL) {
wc_ecc_free(key);
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#else
wc_ecc_free(key);
#endif
return ret;
}
#endif /* WOLFSSL_CERT_EXT */
#ifdef WOLFSSL_CUSTOM_CURVES
static const byte eccKeyExplicitCurve[] = {
0x30, 0x81, 0xf5, 0x30, 0x81, 0xae, 0x06, 0x07,
0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x30,
0x81, 0xa2, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06,
0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01,
0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff,
0xff, 0xfc, 0x2f, 0x30, 0x06, 0x04, 0x01, 0x00,
0x04, 0x01, 0x07, 0x04, 0x41, 0x04, 0x79, 0xbe,
0x66, 0x7e, 0xf9, 0xdc, 0xbb, 0xac, 0x55, 0xa0,
0x62, 0x95, 0xce, 0x87, 0x0b, 0x07, 0x02, 0x9b,
0xfc, 0xdb, 0x2d, 0xce, 0x28, 0xd9, 0x59, 0xf2,
0x81, 0x5b, 0x16, 0xf8, 0x17, 0x98, 0x48, 0x3a,
0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4,
0xfb, 0xfc, 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17,
0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19, 0x9c, 0x47,
0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8, 0x02, 0x21,
0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xfe, 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0,
0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41,
0x41, 0x02, 0x01, 0x01, 0x03, 0x42, 0x00, 0x04,
0x3c, 0x4c, 0xc9, 0x5e, 0x2e, 0xa2, 0x3d, 0x49,
0xcc, 0x5b, 0xff, 0x4f, 0xc9, 0x2e, 0x1d, 0x4a,
0xc6, 0x21, 0xf6, 0xf3, 0xe6, 0x0b, 0x4f, 0xa9,
0x9d, 0x74, 0x99, 0xdd, 0x97, 0xc7, 0x6e, 0xbe,
0x14, 0x2b, 0x39, 0x9d, 0x63, 0xc7, 0x97, 0x0d,
0x45, 0x25, 0x40, 0x30, 0x77, 0x05, 0x76, 0x88,
0x38, 0x96, 0x29, 0x7d, 0x9c, 0xe1, 0x50, 0xbe,
0xac, 0xf0, 0x1d, 0x86, 0xf4, 0x2f, 0x65, 0x0b
};
static wc_test_ret_t ecc_test_custom_curves(WC_RNG* rng)
{
wc_test_ret_t ret;
word32 inOutIdx;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
ecc_key key[1];
#endif
/* test use of custom curve - using BRAINPOOLP256R1 for test */
#if defined(HAVE_ECC_BRAINPOOL) && !defined(HAVE_INTEL_QA)
#ifndef WOLFSSL_ECC_CURVE_STATIC
WOLFSSL_SMALL_STACK_STATIC const ecc_oid_t ecc_oid_brainpoolp256r1[] = {
0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07
};
#define ecc_oid_brainpoolp256r1_sz \
(sizeof(ecc_oid_brainpoolp256r1) / sizeof(ecc_oid_t))
#else
#define ecc_oid_brainpoolp256r1 { \
0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07 \
}
#define ecc_oid_brainpoolp256r1_sz 9
#endif
#define ecc_oid_brainpoolp256r1_sum 104
WOLFSSL_SMALL_STACK_STATIC const ecc_set_type ecc_dp_brainpool256r1 = {
32, /* size/bytes */
ECC_CURVE_CUSTOM, /* ID */
"BRAINPOOLP256R1", /* curve name */
"A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", /* prime */
"7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9", /* A */
"26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", /* B */
"A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", /* order */
"8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", /* Gx */
"547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", /* Gy */
ecc_oid_brainpoolp256r1, /* oid/oidSz */
ecc_oid_brainpoolp256r1_sz,
ecc_oid_brainpoolp256r1_sum, /* oid sum */
1, /* cofactor */
};
#endif /* HAVE_ECC_BRAINPOOL */
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (! key) {
ret = MEMORY_E;
goto done;
}
#endif
XMEMSET(key, 0, sizeof *key);
#if defined(HAVE_ECC_BRAINPOOL) && !defined(HAVE_INTEL_QA)
ret = ecc_test_curve_size(rng, 0, ECC_TEST_VERIFY_COUNT, ECC_CURVE_DEF,
&ecc_dp_brainpool256r1);
if (ret != 0) {
printf("ECC test for custom curve failed!\n");
goto done;
}
#endif
#if defined(HAVE_ECC_BRAINPOOL) || defined(HAVE_ECC_KOBLITZ)
{
int curve_id;
#ifdef HAVE_ECC_BRAINPOOL
curve_id = ECC_BRAINPOOLP256R1;
#else
curve_id = ECC_SECP256K1;
#endif
/* Test and demonstrate use of non-SECP curve */
ret = ecc_test_curve_size(rng, 0, ECC_TEST_VERIFY_COUNT, curve_id, NULL);
if (ret < 0) {
printf("ECC test for curve_id %d failed!\n", curve_id);
goto done;
}
}
#endif
ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
inOutIdx = 0;
ret = wc_EccPublicKeyDecode(eccKeyExplicitCurve, &inOutIdx, key,
sizeof(eccKeyExplicitCurve));
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
done:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (key) {
wc_ecc_free(key);
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#else
wc_ecc_free(key);
#endif
(void)rng;
return ret;
}
#endif /* WOLFSSL_CUSTOM_CURVES */
#ifdef WOLFSSL_SM2
#ifdef HAVE_ECC_VERIFY
#if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_CUSTOM_CURVES)
#ifdef HAVE_OID_ENCODING
#define CODED_SM2P256V1 {1,2,156,10197,1,301}
#define CODED_SM2P256V1_SZ 6
#else
#define CODED_SM2P256V1 {0x06,0x08,0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D}
#define CODED_SM2P256V1_SZ 10
#endif
#ifndef WOLFSSL_ECC_CURVE_STATIC
static const ecc_oid_t ecc_oid_sm2p256v1[] = CODED_SM2P256V1;
#else
#define ecc_oid_sm2p256v1 CODED_SM2P256V1
#endif
#define ecc_oid_sm2p256v1_sz CODED_SM2P256V1_SZ
#define ECC_SM2P256V1_TEST 102
static int test_sm2_verify_caseA2(void)
{
ecc_key key;
int ret, res;
mp_int r,s;
/* test key values */
const char qx[] = "0AE4C7798AA0F119471BEE11825BE46202BB79E2A5844495E97C04FF4DF2548A";
const char qy[] = "7C0240F88F1CD4E16352A73C17B7F16F07353E53A176D684A9FE0C6BB798E857";
const char d[] = "128B2FA8BD433C6C068C8D803DFF79792A519A55171B1B650C23661D15897263";
const ecc_set_type ecc_sm2_A2 = {
32, /* size/bytes */
ECC_SM2P256V1_TEST, /* ID */
"SM2P256V1_TEST", /* curve name */
/* from test case A.2 in draft-shen-sm2-ecdsa-02 */
"8542D69E4C044F18E8B92435BF6FF7DE457283915C45517D722EDB8B08F1DFC3", /* prime */
"787968B4FA32C3FD2417842E73BBFEFF2F3C848B6831D7E0EC65228B3937E498", /* A */
"63E4C6D3B23B0C849CF84241484BFE48F61D59A5B16BA06E6E12D1DA27C5249A", /* B */
"8542D69E4C044F18E8B92435BF6FF7DD297720630485628D5AE74EE7C32E79B7", /* order n */
"421DEBD61B62EAB6746434EBC3CC315E32220B3BADD50BDC4C4E6C147FEDD43D", /* Gx */
"0680512BCBB42C07D47349D2153B70C4E5D7FDFCBFA36EA1A85841B9E46E09A2", /* Gy */
ecc_oid_sm2p256v1, /* oid/oidSz */
ecc_oid_sm2p256v1_sz,
ECC_SM2P256V1_OID, /* oid sum */
1, /* cofactor */
};
/* use canned hash value hash = H(ZA||M) */
const byte hash[] = {
0xB5,0x24,0xF5,0x52,0xCD,0x82,0xB8,0xB0,
0x28,0x47,0x6E,0x00,0x5C,0x37,0x7F,0xB1,
0x9A,0x87,0xE6,0xFC,0x68,0x2D,0x48,0xBB,
0x5D,0x42,0xE3,0xD9,0xB9,0xEF,0xFE,0x76
};
/* canned r and s */
const byte rCan[] = {
0x40,0xF1,0xEC,0x59,0xF7,0x93,0xD9,0xF4,
0x9E,0x09,0xDC,0xEF,0x49,0x13,0x0D,0x41,
0x94,0xF7,0x9F,0xB1,0xEE,0xD2,0xCA,0xA5,
0x5B,0xAC,0xDB,0x49,0xC4,0xE7,0x55,0xD1
};
const byte sCan[] = {
0x6F,0xC6,0xDA,0xC3,0x2C,0x5D,0x5C,0xF1,
0x0C,0x77,0xDF,0xB2,0x0F,0x7C,0x2E,0xB6,
0x67,0xA4,0x57,0x87,0x2F,0xB0,0x9E,0xC5,
0x63,0x27,0xA6,0x7E,0xC7,0xDE,0xEB,0xE7
};
mp_init(&r);
mp_init(&s);
ret = wc_ecc_init_ex(&key, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_ecc_set_custom_curve(&key, &ecc_sm2_A2);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_ecc_import_raw_ex(&key, qx, qy, d, ECC_SM2P256V1_TEST);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
mp_read_unsigned_bin(&r, rCan, sizeof(rCan));
mp_read_unsigned_bin(&s, sCan, sizeof(sCan));
ret = wc_ecc_sm2_verify_hash_ex(&r, &s, hash, sizeof(hash), &res, &key);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
if (res != 1)
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
done:
mp_free(&r);
mp_free(&s);
wc_ecc_free(&key);
return ret;
}
#endif /* WOLFSSL_PUBLIC_MP && WOLFSSL_CUSTOM_CURVES */
static int test_sm2_verify_case(void)
{
ecc_key key;
int ret, res;
/* test key values */
const char qx[] = "637F1B135036C933DC3F7A8EBB1B7B2FD1DFBD268D4F894B5AD47DBDBECD558F";
const char qy[] = "E88101D08048E36CCBF61CA38DDF7ABA542B4486E99E49F3A7470A857A096433";
/* use canned hash value hash = H(ZA||M) */
const byte hash[] = {
0x3B,0xFA,0x5F,0xFB,0xC4,0x27,0x8C,0x9D,
0x02,0x3A,0x19,0xCB,0x1E,0xAA,0xD2,0xF1,
0x50,0x69,0x5B,0x20
};
const byte sig[] = {
0x30,0x45,0x02,0x21,0x00,0xD2,0xFC,0xA3,
0x88,0xE3,0xDF,0xA3,0x00,0x73,0x9B,0x3C,
0x2A,0x0D,0xAD,0x44,0xA2,0xFC,0x62,0xD5,
0x6B,0x84,0x54,0xD8,0x40,0x22,0x62,0x3D,
0x5C,0xA6,0x61,0x9B,0xE7,0x02,0x20,0x1D,
0xB5,0xB5,0xD9,0xD8,0xF1,0x20,0xDD,0x97,
0x92,0xBF,0x7E,0x9B,0x3F,0xE6,0x3C,0x4B,
0x03,0xD8,0x80,0xBD,0xB7,0x27,0x7E,0x6A,
0x84,0x23,0xDE,0x61,0x7C,0x8D,0xDC
};
const byte badSig[] = {
0x30,0x45,0x02,0x21,0x00,0xD2,0xFC,0xA3,
0x88,0xE3,0xDF,0xA3,0x00,0x73,0x9B,0x3C,
0x2A,0x0D,0xAD,0x44,0xA2,0xFC,0x62,0xD5,
0x6B,0x84,0x54,0xD8,0x40,0x22,0x62,0x3D,
0x5C,0xA6,0x61,0x9B,0xE7,0x02,0x20,0x1D,
0xB5,0xB5,0xE9,0xD8,0xF1,0x20,0xDD,0x97,
0x92,0xBF,0x7E,0x9B,0x3F,0xE6,0x3C,0x4B,
0x03,0xD8,0x80,0xBD,0xB7,0x27,0x7E,0x6A,
0x84,0x23,0xDE,0x61,0x7C,0x8D,0xDC
};
ret = wc_ecc_init_ex(&key, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_ecc_import_raw(&key, qx, qy, NULL, "SM2P256V1");
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_ecc_sm2_verify_hash(sig, sizeof(sig), hash, sizeof(hash), &res,
&key);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
if (res != 1)
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
/* now test a case that should fail */
ret = wc_ecc_sm2_verify_hash(badSig, sizeof(badSig), hash, sizeof(hash),
&res, &key);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
if (res == 1)
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
done:
wc_ecc_free(&key);
return ret;
}
static int ecc_sm2_test_curve(WC_RNG* rng, int testVerifyCount)
{
const ecc_set_type* dp = wc_ecc_get_curve_params(
wc_ecc_get_curve_idx(ECC_SM2P256V1));
int keySize = 32;
int curve_id = ECC_SM2P256V1;
#if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG)
WC_DECLARE_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT);
WC_DECLARE_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT);
#endif
#ifdef HAVE_ECC_KEY_EXPORT
#define ECC_KEY_EXPORT_BUF_SIZE (MAX_ECC_BYTES * 2 + 32)
WC_DECLARE_VAR(exportBuf, byte, ECC_KEY_EXPORT_BUF_SIZE, HEAP_HINT);
#endif
word32 x = 0;
#if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG)
word32 y;
#endif
#ifdef HAVE_ECC_SIGN
WC_DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
WC_DECLARE_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT);
int i;
int verify;
#endif /* HAVE_ECC_SIGN */
int ret;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
ecc_key *userB = (ecc_key *)XMALLOC(sizeof *userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
ecc_key *pubKey = (ecc_key *)XMALLOC(sizeof *pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
ecc_key userA[1];
ecc_key userB[1];
ecc_key pubKey[1];
#endif
#ifndef WC_NO_RNG
int curveSize;
#endif
#if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG)
WC_ALLOC_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT);
WC_ALLOC_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT);
#endif
#ifdef HAVE_ECC_KEY_EXPORT
WC_ALLOC_VAR(exportBuf, byte, ECC_KEY_EXPORT_BUF_SIZE, HEAP_HINT);
#endif
#ifdef HAVE_ECC_SIGN
WC_ALLOC_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
WC_ALLOC_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT);
#endif
#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
#if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG)
if (sharedA == NULL || sharedB == NULL)
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
#endif
#ifdef HAVE_ECC_KEY_EXPORT
if (exportBuf == NULL)
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
#endif
#ifdef HAVE_ECC_SIGN
if (sig == NULL || digest == NULL)
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
#endif
#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
(void)testVerifyCount;
(void)dp;
(void)x;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if ((userA == NULL) ||
(userB == NULL) ||
(pubKey == NULL))
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
#endif
XMEMSET(userA, 0, sizeof *userA);
XMEMSET(userB, 0, sizeof *userB);
XMEMSET(pubKey, 0, sizeof *pubKey);
ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_ecc_init_ex(userB, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_ecc_init_ex(pubKey, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#ifndef WC_NO_RNG
ret = wc_ecc_sm2_make_key(rng, userA, WC_ECC_FLAG_NONE);
if (ret == WC_NO_ERR_TRACE(ECC_CURVE_OID_E))
goto done; /* catch case, where curve is not supported */
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
TEST_SLEEP();
if (wc_ecc_get_curve_idx(curve_id) != -1) {
curveSize = wc_ecc_get_curve_size_from_id(userA->dp->id);
if (curveSize != userA->dp->size) {
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
}
ret = wc_ecc_check_key(userA);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
TEST_SLEEP();
ret = wc_ecc_sm2_make_key(rng, userB, WC_ECC_FLAG_NONE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
/* only perform the below tests if the key size matches */
if (dp == NULL && keySize > 0 && wc_ecc_size(userA) != keySize)
if (ret != 0) {
ret = ECC_CURVE_OID_E;
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
}
#ifdef HAVE_ECC_DHE
#if defined(ECC_TIMING_RESISTANT)
ret = wc_ecc_set_rng(userA, rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_ecc_set_rng(userB, rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#endif
x = ECC_SHARED_SIZE;
ret = wc_ecc_sm2_shared_secret(userA, userB, sharedA, &x);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
y = ECC_SHARED_SIZE;
ret = wc_ecc_sm2_shared_secret(userB, userA, sharedB, &y);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
if (y != x)
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
if (XMEMCMP(sharedA, sharedB, x))
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
#endif /* HAVE_ECC_DHE */
#ifdef HAVE_ECC_KEY_EXPORT
x = ECC_KEY_EXPORT_BUF_SIZE;
ret = wc_ecc_export_x963_ex(userA, exportBuf, &x, 0);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#ifdef HAVE_ECC_KEY_IMPORT
ret = wc_ecc_import_x963_ex(exportBuf, x, pubKey, curve_id);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#ifdef HAVE_ECC_DHE
y = ECC_SHARED_SIZE;
ret = wc_ecc_sm2_shared_secret(userB, pubKey, sharedB, &y);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
if (XMEMCMP(sharedA, sharedB, y))
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
#endif /* HAVE_ECC_DHE */
#ifdef HAVE_COMP_KEY
/* try compressed export / import too */
x = ECC_KEY_EXPORT_BUF_SIZE;
ret = wc_ecc_export_x963_ex(userA, exportBuf, &x, 1);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
wc_ecc_free(pubKey);
ret = wc_ecc_init_ex(pubKey, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#endif
ret = wc_ecc_import_x963_ex(exportBuf, x, pubKey, curve_id);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#ifdef HAVE_ECC_DHE
y = ECC_SHARED_SIZE;
ret = wc_ecc_sm2_shared_secret(userB, pubKey, sharedB, &y);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
if (XMEMCMP(sharedA, sharedB, y))
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
#endif /* HAVE_ECC_DHE */
#endif /* HAVE_ECC_KEY_IMPORT */
#endif /* HAVE_ECC_KEY_EXPORT */
#endif /* !WC_NO_RNG */
#if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \
!defined(WC_NO_RNG))
#ifdef HAVE_ECC_SIGN
/* ECC w/out Shamir has issue with all 0 digest */
/* WC_BIGINT doesn't have 0 len well on hardware */
/* Cryptocell has issues with all 0 digest */
#if defined(ECC_SHAMIR)
/* test DSA sign hash with zeros */
for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
digest[i] = 0;
}
x = ECC_SIG_SIZE;
ret = wc_ecc_sm2_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng, userA);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
for (i = 0; i < testVerifyCount; i++) {
verify = 0;
ret = wc_ecc_sm2_verify_hash(sig, x, digest, ECC_DIGEST_SIZE, &verify,
userA);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
if (verify != 1)
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
#endif /* ECC_SHAMIR */
/* test DSA sign hash with sequence (0,1,2,3,4,...) */
for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
digest[i] = (byte)i;
}
x = ECC_SIG_SIZE;
ret = wc_ecc_sm2_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng, userA);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
for (i = 0; i < testVerifyCount; i++) {
verify = 0;
ret = wc_ecc_sm2_verify_hash(sig, x, digest, ECC_DIGEST_SIZE, &verify,
userA);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
if (verify != 1)
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
#endif /* HAVE_ECC_SIGN */
#endif /* !ECC_TIMING_RESISTANT || (ECC_TIMING_RESISTANT && !WC_NO_RNG) */
#if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
x = ECC_KEY_EXPORT_BUF_SIZE;
ret = wc_ecc_export_private_only(userA, exportBuf, &x);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#elif defined(HAVE_ECC_KEY_EXPORT)
(void)exportBuf;
#endif /* HAVE_ECC_KEY_EXPORT */
done:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (userA != NULL) {
wc_ecc_free(userA);
XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
if (userB != NULL) {
wc_ecc_free(userB);
XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
if (pubKey != NULL) {
wc_ecc_free(pubKey);
XFREE(pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#else
wc_ecc_free(pubKey);
wc_ecc_free(userB);
wc_ecc_free(userA);
#endif
#if defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)
WC_FREE_VAR(sharedA, HEAP_HINT);
WC_FREE_VAR(sharedB, HEAP_HINT);
#endif
#ifdef HAVE_ECC_KEY_EXPORT
WC_FREE_VAR(exportBuf, HEAP_HINT);
#endif
#ifdef HAVE_ECC_SIGN
WC_FREE_VAR(sig, HEAP_HINT);
WC_FREE_VAR(digest, HEAP_HINT);
#endif
(void)keySize;
(void)curve_id;
(void)rng;
return ret;
}
#endif /* HAVE_ECC_VERIFY */
static int test_sm2_create_digest(void)
{
#ifndef WOLFSSL_SM3
const byte msg[] = "message to sign";
const byte id[] = "0123456789";
const byte badId[] = "0123556789";
byte expected[] = {
0xdd, 0x4d, 0x65, 0x49, 0xa3, 0x64, 0x76, 0xc0,
0x73, 0x05, 0xdc, 0x05, 0x16, 0xb5, 0xee, 0x9f,
0x82, 0xf9, 0xe9, 0x7d, 0x01, 0x1a, 0xdc, 0x88,
0x5a, 0x59, 0x9c, 0x44, 0xcc, 0x47, 0xa4, 0x78
};
ecc_key key;
int ret;
/* test key values */
const char qx[] =
"af178b7b8740cc9d5b493fbd22049c12621bc27dcc5802e75ff4d045a4158baf";
const char qy[] =
"89933faf7a4798f48c5b9b4cd3a7693d54c9e05449946eb489c0dd50a5294805";
const char d[] =
"b3e66c2dbfb50c6ff6830c1fac4b51293a2562f9e667052b03df2d4b43c1f34a";
int hash_type = WC_HASH_TYPE_SHA256;
byte digest[WC_SHA256_DIGEST_SIZE];
#else
ecc_key key;
int ret;
const byte msg[] = { 0x6D, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x20,
0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x00 };
const byte id[] = { 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
0x00 };
const byte badId[] = "0123556789";
const char qx[] =
"09F9DF311E5421A150DD7D161E4BC5C672179FAD1833FC076BB08FF356F35020";
const char qy[] =
"CCEA490CE26775A52DC6EA718CC1AA600AED05FBF35E084A6632F6072DA9AD13";
const char d[] =
"3945208F7B2144B13F36E38AC6D39F95889393692860B51A42FB81EF4DF7C5B8";
byte expected[] = {
0xf0, 0xb4, 0x3e, 0x94, 0xba, 0x45, 0xac, 0xca,
0xac, 0xe6, 0x92, 0xed, 0x53, 0x43, 0x82, 0xeb,
0x17, 0xe6, 0xab, 0x5a, 0x19, 0xce, 0x7b, 0x31,
0xf4, 0x48, 0x6f, 0xdf, 0xc0, 0xd2, 0x86, 0x40
};
int hash_type = WC_HASH_TYPE_SM3;
byte digest[WC_SM3_DIGEST_SIZE];
#endif
ret = wc_ecc_init_ex(&key, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_ecc_import_raw(&key, qx, qy, d, "SM2P256V1");
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_ecc_sm2_create_digest(id, (int)XSTRLEN((const char*)id),
msg, (int)XSTRLEN((const char*)msg), hash_type, digest, sizeof(digest),
&key);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
if (XMEMCMP(digest, expected, WC_SHA256_DIGEST_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
ret = wc_ecc_sm2_create_digest(badId, (int)XSTRLEN((const char*)badId),
msg, (int)XSTRLEN((const char*)msg), hash_type, digest, sizeof(digest),
&key);
if (ret != 0)
goto done;
/* should be different than the previous ID used */
if (XMEMCMP(digest, expected, WC_SHA256_DIGEST_SIZE) == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
done:
wc_ecc_free(&key);
return ret;
}
static int test_sm2_verify(void)
{
int ret = 0;
#ifdef HAVE_ECC_VERIFY
#if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_CUSTOM_CURVES)
ret = test_sm2_verify_caseA2();
if (ret != 0)
return ret;
#endif
ret = test_sm2_verify_case();
if (ret != 0)
return ret;
#endif /* HAVE_ECC_VERIFY */
ret = test_sm2_create_digest();
return ret;
}
#endif /* WOLFSSL_SM2 */
#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && \
!defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC)
/* Make Cert / Sign example for ECC cert and ECC CA */
static wc_test_ret_t ecc_test_cert_gen(WC_RNG* rng)
{
wc_test_ret_t ret;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
Cert *myCert = (Cert *)XMALLOC(sizeof *myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WOLFSSL_TEST_CERT
DecodedCert *decode = (DecodedCert *)XMALLOC(sizeof *decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
ecc_key *caEccKey = (ecc_key *)XMALLOC(sizeof *caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
ecc_key *certPubKey = (ecc_key *)XMALLOC(sizeof *certPubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
Cert myCert[1];
#ifdef WOLFSSL_TEST_CERT
DecodedCert decode[1];
#endif
ecc_key caEccKey[1];
ecc_key certPubKey[1];
#endif
int certSz;
size_t bytes = 0;
word32 idx = 0;
#if !defined(USE_CERT_BUFFERS_256) && !defined(NO_FILESYSTEM)
XFILE file;
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
byte* der = NULL;
#else
byte der[FOURK_BUF];
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if ((myCert == NULL)
#ifdef WOLFSSL_TEST_CERT
|| (decode == NULL)
#endif
|| (caEccKey == NULL) || (certPubKey == NULL))
ERROR_OUT(MEMORY_E, exit);
#endif
XMEMSET(caEccKey, 0, sizeof *caEccKey);
XMEMSET(certPubKey, 0, sizeof *certPubKey);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (der == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
}
#endif
/* Get cert private key */
#ifdef ENABLE_ECC384_CERT_GEN_TEST
/* Get Cert Key 384 */
#ifdef USE_CERT_BUFFERS_256
XMEMCPY(der, ca_ecc_key_der_384, sizeof_ca_ecc_key_der_384);
bytes = sizeof_ca_ecc_key_der_384;
#elif !defined(NO_FILESYSTEM)
file = XFOPEN(eccCaKey384File, "rb");
if (!file) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
}
bytes = XFREAD(der, 1, FOURK_BUF, file);
XFCLOSE(file);
if (bytes == 0)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
(void)eccCaKeyFile;
#else
WOLFSSL_MSG("No file system and USE_CERT_BUFFERS_256 not defined.(4)");
ERROR_OUT(ASN_PARSE_E, exit);
#endif /* USE_CERT_BUFFERS_256 */
/* end if ENABLE_ECC384_CERT_GEN_TEST */
#else
/* !ENABLE_ECC384_CERT_GEN_TEST */
#ifdef USE_CERT_BUFFERS_256
XMEMCPY(der, ca_ecc_key_der_256, sizeof_ca_ecc_key_der_256);
bytes = sizeof_ca_ecc_key_der_256;
#else
file = XFOPEN(eccCaKeyFile, "rb");
if (!file) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
}
bytes = XFREAD(der, 1, FOURK_BUF, file);
XFCLOSE(file);
if (bytes == 0)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
#ifdef ENABLE_ECC384_CERT_GEN_TEST
(void)eccCaKey384File;
#endif
#endif /* USE_CERT_BUFFERS_256 */
#endif /* ENABLE_ECC384_CERT_GEN_TEST */
/* Get CA Key */
ret = wc_ecc_init_ex(caEccKey, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_EccPrivateKeyDecode(der, &idx, caEccKey, (word32)bytes);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
/* Make a public key */
ret = wc_ecc_init_ex(certPubKey, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, certPubKey);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &certPubKey->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
TEST_SLEEP();
/* Setup Certificate */
ret = wc_InitCert_ex(myCert, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
#ifndef NO_SHA256
myCert->sigType = CTC_SHA256wECDSA;
#elif defined(WOLFSSL_SHA384)
myCert->sigType = CTC_SHA384wECDSA;
#elif defined(WOLFSSL_SHA512)
myCert->sigType = CTC_SHA512wECDSA;
#elif defined(WOLFSSL_SHA224)
myCert->sigType = CTC_SHA224wECDSA;
#elif !defined(NO_SHA)
myCert->sigType = CTC_SHAwECDSA;
#else
#error "No signature type available"
#endif
XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName));
#ifdef WOLFSSL_CERT_EXT
/* add Policies */
XSTRNCPY(myCert->certPolicies[0], "2.4.589440.587.101.2.1.9632587.1",
CTC_MAX_CERTPOL_SZ);
XSTRNCPY(myCert->certPolicies[1], "1.2.13025.489.1.113549",
CTC_MAX_CERTPOL_SZ);
myCert->certPoliciesNb = 2;
/* add SKID from the Public Key */
ret = wc_SetSubjectKeyIdFromPublicKey(myCert, NULL, certPubKey);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
/* add AKID from the Public Key */
ret = wc_SetAuthKeyIdFromPublicKey(myCert, NULL, caEccKey);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
/* add Key Usage */
ret = wc_SetKeyUsage(myCert, certKeyUsage);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
#endif /* WOLFSSL_CERT_EXT */
#ifdef ENABLE_ECC384_CERT_GEN_TEST
#if defined(USE_CERT_BUFFERS_256)
ret = wc_SetIssuerBuffer(myCert, ca_ecc_cert_der_384,
sizeof_ca_ecc_cert_der_384);
#elif !defined(NO_FILESYSTEM)
ret = wc_SetIssuer(myCert, eccCaCert384File);
(void)eccCaCertFile;
#else
/* not testing with embedded, no file system target */
ERROR_OUT(ASN_PARSE_E, exit);
#endif /* USE_CERT_BUFFERS_256 */
#else
/* not ENABLE_ECC384_CERT_GEN_TEST */
#if defined(USE_CERT_BUFFERS_256)
ret = wc_SetIssuerBuffer(myCert, ca_ecc_cert_der_256,
sizeof_ca_ecc_cert_der_256);
#else
ret = wc_SetIssuer(myCert, eccCaCertFile);
#ifdef ENABLE_ECC384_CERT_GEN_TEST
(void)eccCaCert384File;
#endif
#endif
#endif /* ENABLE_ECC384_CERT_GEN_TEST */
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
certSz = wc_MakeCert(myCert, der, FOURK_BUF, NULL, certPubKey, rng);
if (certSz < 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(certSz), exit);
}
ret = 0;
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &caEccKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret >= 0) {
ret = wc_SignCert(myCert->bodySz, myCert->sigType, der,
FOURK_BUF, NULL, caEccKey, rng);
}
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
certSz = (int)ret;
TEST_SLEEP();
#ifdef WOLFSSL_TEST_CERT
InitDecodedCert(decode, der, certSz, HEAP_HINT);
ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0);
if (ret != 0) {
FreeDecodedCert(decode);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
}
FreeDecodedCert(decode);
#endif
ret = SaveDerAndPem(der, certSz, certEccDerFile, certEccPemFile,
CERT_TYPE);
if (ret != 0) {
goto exit;
}
exit:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WOLFSSL_TEST_CERT
XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
if (caEccKey != NULL) {
wc_ecc_free(caEccKey);
XFREE(caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
if (certPubKey != NULL) {
wc_ecc_free(certPubKey);
XFREE(certPubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#else
wc_ecc_free(certPubKey);
wc_ecc_free(caEccKey);
#endif
return ret;
}
#endif /* WOLFSSL_CERT_GEN */
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
!defined(WOLFSSL_NO_MALLOC) && (!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_SWDEV)) && \
(!defined(NO_ECC_SECP) || defined(WOLFSSL_CUSTOM_CURVES))
/* Test for the wc_ecc_key_new() and wc_ecc_key_free() functions. */
static wc_test_ret_t ecc_test_allocator(WC_RNG* rng)
{
wc_test_ret_t ret = 0;
ecc_key* key;
#ifdef WC_NO_RNG
word32 idx = 0;
#endif
key = wc_ecc_key_new(HEAP_HINT);
if (key == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
}
#ifndef WC_NO_RNG
ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
#else
/* use test ECC key */
ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, key,
(word32)sizeof_ecc_key_der_256);
(void)rng;
#endif
exit:
wc_ecc_key_free(key);
return ret;
}
#endif
/* ECC Non-blocking tests for Sign and Verify */
/* Requires SP math and supports P384 or P256 */
/* ./configure --enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS="-DWOLFSSL_PUBLIC_MP" */
#if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_HAVE_SP_ECC) && \
defined(WOLFSSL_PUBLIC_MP)
#ifndef NO_ECC256
/* ECC Private Key "d" */
static const byte p256PrivKey[] = {
/* SECP256R1 */
/* d */
0x1e, 0xe7, 0x70, 0x07, 0xd3, 0x30, 0x94, 0x39,
0x28, 0x90, 0xdf, 0x23, 0x88, 0x2c, 0x4a, 0x34,
0x15, 0xdb, 0x4c, 0x43, 0xcd, 0xfa, 0xe5, 0x1f,
0x3d, 0x4c, 0x37, 0xfe, 0x59, 0x3b, 0x96, 0xd8
};
#endif
#ifdef HAVE_ECC384
static const byte p384PrivKey[] = {
/* SECP384R1 */
/* d */
0xa4, 0xe5, 0x06, 0xe8, 0x06, 0x16, 0x3e, 0xab,
0x89, 0xf8, 0x60, 0x43, 0xc0, 0x60, 0x25, 0xdb,
0xba, 0x7b, 0xfe, 0x19, 0x35, 0x08, 0x55, 0x65,
0x76, 0xe2, 0xdc, 0xe0, 0x01, 0x8b, 0x6b, 0x68,
0xdf, 0xcf, 0x6f, 0x80, 0x12, 0xce, 0x79, 0x37,
0xeb, 0x2b, 0x9c, 0x7b, 0xc4, 0x68, 0x1c, 0x74
};
#endif /* HAVE_ECC384 */
#ifdef HAVE_ECC521
static const byte p521PrivKey[] = {
/* SECP521R1 */
/* d */
0x01, 0x68, 0x91, 0x33, 0x53, 0xe2, 0x90, 0x68,
0x11, 0x8f, 0xaa, 0xa8, 0x76, 0x0c, 0xf7, 0x2a,
0x07, 0x1b, 0x92, 0x2a, 0xa7, 0x82, 0x3d, 0xfa,
0x83, 0xce, 0x70, 0xc8, 0xc2, 0x60, 0x82, 0xfe,
0x18, 0x88, 0x68, 0xda, 0x6a, 0x83, 0x46, 0x78,
0xe4, 0xe9, 0xe9, 0xcc, 0x51, 0x7f, 0xed, 0x81,
0x02, 0x32, 0xee, 0x26, 0x87, 0xcc, 0xed, 0x63,
0x3f, 0x39, 0x27, 0xf0, 0xd7, 0x17, 0x77, 0xa1,
0xa4, 0x36
};
#endif /* HAVE_ECC521 */
/* ECC public key Qx/Qy */
#ifndef NO_ECC256
static const byte p256PubKey[] = {
/* SECP256R1 */
/* Qx */
0x96, 0x93, 0x1c, 0x53, 0x0b, 0x43, 0x6c, 0x42,
0x0c, 0x52, 0x90, 0xe4, 0xa7, 0xec, 0x98, 0xb1,
0xaf, 0xd4, 0x14, 0x49, 0xd8, 0xc1, 0x42, 0x82,
0x04, 0x78, 0xd1, 0x90, 0xae, 0xa0, 0x6c, 0x07,
/* Qy */
0xf2, 0x3a, 0xb5, 0x10, 0x32, 0x8d, 0xce, 0x9e,
0x76, 0xa0, 0xd2, 0x8c, 0xf3, 0xfc, 0xa9, 0x94,
0x43, 0x24, 0xe6, 0x82, 0x00, 0x40, 0xc6, 0xdb,
0x1c, 0x2f, 0xcd, 0x38, 0x4b, 0x60, 0xdd, 0x61
};
#endif
#ifdef HAVE_ECC384
static const byte p384PubKey[] = {
/* SECP384R1 */
/* Qx */
0xea, 0xcf, 0x93, 0x4f, 0x2c, 0x09, 0xbb, 0x39,
0x14, 0x0f, 0x56, 0x64, 0xc3, 0x40, 0xb4, 0xdf,
0x0e, 0x63, 0xae, 0xe5, 0x71, 0x4b, 0x00, 0xcc,
0x04, 0x97, 0xff, 0xe1, 0xe9, 0x38, 0x96, 0xbb,
0x5f, 0x91, 0xb2, 0x6a, 0xcc, 0xb5, 0x39, 0x5f,
0x8f, 0x70, 0x59, 0xf1, 0x01, 0xf6, 0x5a, 0x2b,
/* Qy */
0x01, 0x6c, 0x68, 0x0b, 0xcf, 0x55, 0x25, 0xaf,
0x6d, 0x98, 0x48, 0x0a, 0xa8, 0x74, 0xc9, 0xa9,
0x17, 0xa0, 0x0c, 0xc3, 0xfb, 0xd3, 0x23, 0x68,
0xfe, 0x04, 0x3c, 0x63, 0x50, 0x88, 0x3b, 0xb9,
0x4f, 0x7c, 0x67, 0x34, 0xf7, 0x3b, 0xa9, 0x73,
0xe7, 0x1b, 0xc3, 0x51, 0x5e, 0x22, 0x18, 0xec
};
#endif
#ifdef HAVE_ECC521
static const byte p521PubKey[] = {
/* SECP521R1 */
/* Qx */
0x01, 0x62, 0x6e, 0xf1, 0x00, 0xec, 0xd8, 0x99,
0x58, 0x9b, 0x80, 0x6b, 0xfe, 0x2c, 0xf1, 0xb2,
0xf0, 0xc8, 0x48, 0xdf, 0xac, 0xd2, 0x3b, 0x71,
0x29, 0xab, 0xf0, 0x66, 0x63, 0xd8, 0x8e, 0xb5,
0xc8, 0xc2, 0xfc, 0x99, 0x44, 0xe2, 0x45, 0xb1,
0x5a, 0x7b, 0xb9, 0x73, 0x01, 0xda, 0x79, 0xec,
0x9c, 0x26, 0x27, 0x34, 0x45, 0x26, 0xd5, 0x89,
0x4b, 0x44, 0xfe, 0x69, 0x4e, 0x72, 0x14, 0xe3,
0x8b, 0xbc,
/* Qy */
0x00, 0x0f, 0x09, 0xa2, 0x03, 0xc3, 0x5a, 0xdc,
0x95, 0x82, 0xf6, 0xf9, 0xf6, 0x9c, 0xff, 0xb5,
0x6b, 0x75, 0x95, 0x4b, 0xa4, 0x28, 0x5d, 0x9e,
0x90, 0x04, 0xd1, 0xc0, 0x1e, 0xd5, 0xfd, 0x43,
0x9e, 0x1e, 0x83, 0xc0, 0x11, 0x2b, 0x2b, 0x07,
0x6d, 0xa9, 0x7a, 0x10, 0xd7, 0x67, 0xe7, 0x51,
0x37, 0x24, 0xd8, 0xbf, 0x03, 0x0d, 0x8b, 0xb5,
0x40, 0x5c, 0x4f, 0xd6, 0x13, 0x73, 0x42, 0xbc,
0x91, 0xd9
};
#endif
#if defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
/* perform verify of signature and hash using public key */
/* key is public Qx + public Qy */
/* sig is r + s */
static wc_test_ret_t crypto_ecc_verify(const byte *key, word32 keySz,
const byte *hash, word32 hashSz, const byte *sig, word32 sigSz,
word32 curveSz, int curveId)
{
wc_test_ret_t ret;
int verify_res = 0, count = 0;
mp_int r, s;
ecc_key ecc;
ecc_nb_ctx_t nb_ctx;
/* validate arguments */
if (key == NULL || hash == NULL || sig == NULL || curveSz == 0 ||
hashSz == 0 || keySz < (curveSz*2) || sigSz < (curveSz*2))
{
return WC_TEST_RET_ENC_NC;
}
/* Setup the ECC key */
ret = wc_ecc_init(&ecc);
if (ret < 0) {
return WC_TEST_RET_ENC_EC(ret);
}
ret = wc_ecc_set_nonblock(&ecc, &nb_ctx);
if (ret != MP_OKAY) {
wc_ecc_free(&ecc);
return WC_TEST_RET_ENC_EC(ret);
}
/* Setup the signature r/s variables */
ret = mp_init(&r);
if (ret != MP_OKAY) {
wc_ecc_free(&ecc);
return WC_TEST_RET_ENC_EC(ret);
}
ret = mp_init(&s);
if (ret != MP_OKAY) {
mp_clear(&r);
wc_ecc_free(&ecc);
return WC_TEST_RET_ENC_EC(ret);
}
/* Import public key x/y */
ret = wc_ecc_import_unsigned(
&ecc,
(byte*)key, /* Public "x" Coordinate */
(byte*)(key + curveSz), /* Public "y" Coordinate */
NULL, /* Private "d" (optional) */
curveId /* ECC Curve Id */
);
/* Make sure it was a public key imported */
if (ret == 0 && ecc.type != ECC_PUBLICKEY) {
ret = WC_TEST_RET_ENC_NC; /* ECC_BAD_ARG_E */
}
/* Import signature r/s */
if (ret == 0) {
ret = mp_read_unsigned_bin(&r, sig, curveSz);
if (ret < 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
ret = mp_read_unsigned_bin(&s, sig + curveSz, curveSz);
if (ret < 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
/* Verify ECC Signature */
if (ret == 0) {
do {
ret = wc_ecc_verify_hash_ex(
&r, &s, /* r/s as mp_int */
hash, hashSz, /* computed hash digest */
&verify_res, /* verification result 1=success */
&ecc
);
count++;
/* This is where real-time work could be called */
} while (ret == FP_WOULDBLOCK);
#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
printf("ECC non-block verify: %d times\n", count);
#endif
if (ret < 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
/* check verify result */
if (ret == 0 && verify_res == 0) {
ret = WC_TEST_RET_ENC_NC /* SIG_VERIFY_E */;
}
mp_clear(&r);
mp_clear(&s);
wc_ecc_free(&ecc);
(void)count;
return ret;
}
/* perform signature operation against hash using private key */
static wc_test_ret_t crypto_ecc_sign(const byte *key, word32 keySz,
const byte *hash, word32 hashSz, byte *sig, word32* sigSz,
word32 curveSz, int curveId, WC_RNG* rng)
{
wc_test_ret_t ret;
int count = 0;
mp_int r, s;
ecc_key ecc;
ecc_nb_ctx_t nb_ctx;
/* validate arguments */
if (key == NULL || hash == NULL || sig == NULL || sigSz == NULL ||
curveSz == 0 || hashSz == 0 || keySz < curveSz || *sigSz < (curveSz*2))
{
return WC_TEST_RET_ENC_NC /* BAD_FUNC_ARG */;
}
/* Initialize signature result */
memset(sig, 0, curveSz*2);
/* Setup the ECC key */
ret = wc_ecc_init(&ecc);
if (ret < 0) {
return WC_TEST_RET_ENC_EC(ret);
}
ret = wc_ecc_set_nonblock(&ecc, &nb_ctx);
if (ret != MP_OKAY) {
wc_ecc_free(&ecc);
return WC_TEST_RET_ENC_EC(ret);
}
/* Setup the signature r/s variables */
ret = mp_init(&r);
if (ret != MP_OKAY) {
wc_ecc_free(&ecc);
return WC_TEST_RET_ENC_EC(ret);
}
ret = mp_init(&s);
if (ret != MP_OKAY) {
mp_clear(&r);
wc_ecc_free(&ecc);
return WC_TEST_RET_ENC_EC(ret);
}
/* Import private key "k" */
ret = wc_ecc_import_private_key_ex(
key, keySz, /* private key "d" */
NULL, 0, /* public (optional) */
&ecc,
curveId /* ECC Curve Id */
);
if (ret < 0)
ret = WC_TEST_RET_ENC_EC(ret);
if (ret == 0) {
do {
/* Verify ECC Signature */
ret = wc_ecc_sign_hash_ex(
hash, hashSz, /* computed hash digest */
rng, &ecc, /* random and key context */
&r, &s /* r/s as mp_int */
);
count++;
/* This is where real-time work could be called */
} while (ret == FP_WOULDBLOCK);
#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
printf("ECC non-block sign: %d times\n", count);
#endif
if (ret < 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
/* export r/s */
mp_to_unsigned_bin_len(&r, sig, curveSz);
mp_to_unsigned_bin_len(&s, sig + curveSz, curveSz);
}
mp_clear(&r);
mp_clear(&s);
wc_ecc_free(&ecc);
(void)count;
return ret;
}
#endif /* HAVE_ECC_SIGN && HAVE_ECC_VERIFY */
/*
* This test doesn't work with WOLFSSL_VALIDATE_ECC_KEYGEN defined because we
* don't have non-blocking versions of the key checking functions, yet.
*/
#if defined(HAVE_ECC_DHE) && !defined(WOLFSSL_VALIDATE_ECC_KEYGEN)
static wc_test_ret_t ecc_test_nonblock_dhe(int curveId, word32 curveSz,
const byte* privKey, const byte* pubKey, WC_RNG* rng)
{
wc_test_ret_t ret;
ecc_key keyA;
ecc_key keyB;
ecc_nb_ctx_t nbCtxA;
ecc_nb_ctx_t nbCtxB;
byte secretA[ECC_SHARED_SIZE];
byte secretB[ECC_SHARED_SIZE];
word32 secretSzA = ECC_SHARED_SIZE;
word32 secretSzB = ECC_SHARED_SIZE;
int count = 0;
ret = wc_ecc_init(&keyA);
if (ret == 0) {
ret = wc_ecc_init(&keyB);
if (ret < 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
ret = wc_ecc_set_nonblock(&keyA, &nbCtxA);
if (ret < 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
ret = wc_ecc_set_nonblock(&keyB, &nbCtxB);
if (ret < 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
do {
ret = wc_ecc_make_key_ex(rng, curveSz, &keyA, curveId);
count++;
} while (ret == FP_WOULDBLOCK);
if (ret < 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
fprintf(stderr, "ECC non-block key gen: %d times\n", count);
#endif
(void)count;
if (ret == 0) {
ret = wc_ecc_check_key(&keyA);
if (ret < 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
ret = wc_ecc_import_unsigned(&keyB, pubKey, pubKey + curveSz,
privKey, curveId);
if (ret < 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
count = 0;
if (ret == 0) {
do {
ret = wc_ecc_shared_secret(&keyA, &keyB, secretA, &secretSzA);
count++;
} while (ret == FP_WOULDBLOCK);
if (ret < 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
fprintf(stderr, "ECC non-block shared secret: %d times\n", count);
#endif
if (ret == 0) {
do {
ret = wc_ecc_shared_secret(&keyB, &keyA, secretB, &secretSzB);
} while (ret == FP_WOULDBLOCK);
if (ret < 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
if (secretSzA != secretSzB ||
XMEMCMP(secretA, secretB, secretSzA) != 0) {
ret = WC_TEST_RET_ENC_NC;
}
}
wc_ecc_free(&keyA);
wc_ecc_free(&keyB);
return ret;
}
#endif /* HAVE_ECC_DHE && !WOLFSSL_VALIDATE_ECC_KEYGEN */
#if defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
static wc_test_ret_t ecc_test_nonblock_ecdsa(int curveId, word32 curveSz,
const byte* privKey, word32 privKeySz, const byte* pubKey, word32 pubKeySz,
WC_RNG* rng)
{
wc_test_ret_t ret = 0;
byte* sig = NULL;
word32 sigSz = curveSz * 2;
static const byte hash[] = {
0x8d, 0x28, 0xa3, 0x8b, 0x0b, 0xa9, 0xfe, 0xd4, 0x0e, 0x54, 0xc4, 0x17,
0x3d, 0x54, 0x66, 0x34, 0xbf, 0x5d, 0x6f, 0x46, 0xc2, 0x20, 0xcb, 0xc3,
0x22, 0xe9, 0xb0, 0xdf, 0xe7, 0x64, 0x3f, 0xd9
};
sig = (byte*)XMALLOC(sigSz, HEAP_HINT, DYNAMIC_TYPE_SIGNATURE);
if (sig == NULL) {
ret = WC_TEST_RET_ENC_ERRNO;
}
if (ret == 0) {
/* Sign hash using private key */
/* Note: result of an ECC sign varies for each call even with same
private key and hash. This is because a new random public key is
used for each operation. */
ret = crypto_ecc_sign(privKey, privKeySz, hash, sizeof(hash), sig,
&sigSz, curveSz, curveId, rng);
}
if (ret == 0) {
/* Verify generated signature is valid */
ret = crypto_ecc_verify(pubKey, pubKeySz, hash, sizeof(hash), sig,
sigSz, curveSz, curveId);
}
XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_SIGNATURE);
return ret;
}
#endif /* HAVE_ECC_SIGN && HAVE_ECC_VERIFY */
static wc_test_ret_t ecc_test_nonblock(WC_RNG* rng)
{
wc_test_ret_t ret = 0;
word32 i;
int curveIds[3] = {0, 0, 0};
word32 curveSzs[3] = {0, 0, 0};
const byte* privKeys[3] = {NULL, NULL, NULL};
word32 privKeySzs[3] = {0, 0, 0};
const byte* pubKeys[3] = {NULL, NULL, NULL};
word32 pubKeySzs[3] = {0, 0, 0};
#ifndef NO_ECC256
curveIds[0] = ECC_SECP256R1;
curveSzs[0] = 32;
privKeys[0] = p256PrivKey;
privKeySzs[0] = sizeof(p256PrivKey);
pubKeys[0] = p256PubKey;
pubKeySzs[0] = sizeof(p256PubKey);
#endif
#ifdef HAVE_ECC384
curveIds[1] = ECC_SECP384R1;
curveSzs[1] = 48;
privKeys[1] = p384PrivKey;
privKeySzs[1] = sizeof(p384PrivKey);
pubKeys[1] = p384PubKey;
pubKeySzs[1] = sizeof(p384PubKey);
#endif
#ifdef HAVE_ECC521
curveIds[2] = ECC_SECP521R1;
curveSzs[2] = 66;
privKeys[2] = p521PrivKey;
privKeySzs[2] = sizeof(p521PrivKey);
pubKeys[2] = p521PubKey;
pubKeySzs[2] = sizeof(p521PubKey);
#endif
for (i = 0; ret == 0 && i < sizeof(curveIds) / sizeof(curveIds[0]); ++i) {
if (curveIds[i] == 0) {
continue;
}
#if defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
ret = ecc_test_nonblock_ecdsa(curveIds[i], curveSzs[i], privKeys[i],
privKeySzs[i], pubKeys[i], pubKeySzs[i], rng);
#endif /* HAVE_ECC_SIGN && HAVE_ECC_VERIFY */
#if defined(HAVE_ECC_DHE) && !defined(WOLFSSL_VALIDATE_ECC_KEYGEN)
if (ret == 0) {
ret = ecc_test_nonblock_dhe(curveIds[i], curveSzs[i], privKeys[i],
pubKeys[i], rng);
}
#endif /* HAVE_ECC_DHE && !WOLFSSL_VALIDATE_ECC_KEYGEN */
}
return ret;
}
#endif /* WC_ECC_NONBLOCK && WOLFSSL_HAVE_SP_ECC && WOLFSSL_PUBLIC_MP */
#if !defined(NO_ASN) && !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
(HAVE_FIPS_VERSION > 2)))
static int ecc_test_raw_enc_dec(void)
{
int ret;
unsigned char r[1];
word32 rSz;
unsigned char s[1];
word32 sSz;
unsigned char rZero[] = { 0, 0, 0, 0 };
unsigned char sOne[] = { 0, 0, 1 };
unsigned char sigRaw[32];
word32 sigRawSz;
unsigned char expSig[] = { 0x30, 0x06, 0x02, 0x01, 0x00, 0x02, 0x01, 0x01 };
sigRawSz = sizeof(sigRaw);
ret = wc_ecc_rs_raw_to_sig(rZero, sizeof(rZero), sOne, sizeof(sOne),
sigRaw, &sigRawSz);
if (ret != 0) {
return WC_TEST_RET_ENC_EC(ret);
}
if (sigRawSz != sizeof(expSig)) {
return WC_TEST_RET_ENC_EC((int)sigRawSz);
}
if (XMEMCMP(sigRaw, expSig, sizeof(expSig)) != 0) {
return WC_TEST_RET_ENC_NC;
}
rSz = sizeof(r);
sSz = sizeof(s);
ret = wc_ecc_sig_to_rs(sigRaw, sigRawSz, r, &rSz, s, &sSz);
if (ret != 0) {
return WC_TEST_RET_ENC_EC(ret);
}
if (rSz != 1) {
return WC_TEST_RET_ENC_EC((int)rSz);
}
if (sSz != 1) {
return WC_TEST_RET_ENC_EC((int)sSz);
}
if (r[0] != 0) {
return WC_TEST_RET_ENC_EC(r[0]);
}
if (s[0] != 1) {
return WC_TEST_RET_ENC_EC(s[0]);
}
return ret;
}
#endif
static wc_test_ret_t ecc_test_all_curves(WC_RNG* rng)
{
wc_test_ret_t ret = 0;
#if (defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 112
ret = ecc_test_curve(rng, 14, ECC_CURVE_DEF);
if (ret < 0) {
printf("keySize=14, Default\n");
return ret;
}
#endif /* HAVE_ECC112 */
#if (defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 128
ret = ecc_test_curve(rng, 16, ECC_CURVE_DEF);
if (ret < 0) {
printf("keySize=16, Default\n");
return ret;
}
#endif /* HAVE_ECC128 */
#if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160
ret = ecc_test_curve(rng, 20, ECC_CURVE_DEF);
if (ret < 0) {
printf("keySize=20, Default\n");
return ret;
}
#endif /* HAVE_ECC160 */
#if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192
#if !FIPS_VERSION3_GE(6,0,0)
ret = ecc_test_curve(rng, 24, ECC_CURVE_DEF);
if (ret < 0) {
printf("keySize=24, Default\n");
return ret;
}
#endif
#endif /* HAVE_ECC192 */
#if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 224
ret = ecc_test_curve(rng, 28, ECC_CURVE_DEF);
if (ret < 0) {
printf("keySize=28, Default\n");
return ret;
}
#endif /* HAVE_ECC224 */
#if (defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 239
ret = ecc_test_curve(rng, 30, ECC_CURVE_DEF);
if (ret < 0) {
printf("keySize=30, Default\n");
return ret;
}
#endif /* HAVE_ECC239 */
#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
ret = ecc_test_curve(rng, 32, ECC_CURVE_DEF);
if (ret < 0) {
printf("keySize=32, Default\n");
return ret;
}
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_MICROCHIP_TA100) && \
defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
!defined(WOLFSSL_NO_MALLOC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
ret = ecc_point_test();
if (ret < 0) {
return ret;
}
#endif
#if !defined(NO_ECC_SECP) || defined(WOLFSSL_CUSTOM_CURVES)
ret = ecc_def_curve_test(rng);
if (ret < 0) {
printf("Default\n");
return ret;
}
#endif
#endif /* !NO_ECC256 */
#if (defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 320
ret = ecc_test_curve(rng, 40, ECC_CURVE_DEF);
if (ret < 0) {
printf("keySize=40, Default\n");
return ret;
}
#endif /* HAVE_ECC320 */
#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384
ret = ecc_test_curve(rng, 48, ECC_CURVE_DEF);
if (ret < 0) {
printf("keySize=48, Default\n");
return ret;
}
#endif /* HAVE_ECC384 */
#if (defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 512
ret = ecc_test_curve(rng, 64, ECC_CURVE_DEF);
if (ret < 0) {
printf("keySize=64, Default\n");
return ret;
}
#endif /* HAVE_ECC512 */
#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521
ret = ecc_test_curve(rng, 66, ECC_CURVE_DEF);
if (ret < 0) {
printf("keySize=66, Default\n");
return ret;
}
#endif /* HAVE_ECC521 */
#ifdef WOLFSSL_SM2
ret = ecc_test_curve(rng, 32, ECC_SM2P256V1);
if (ret < 0) {
printf("SM2\n");
return ret;
}
#endif
(void)rng;
return ret;
}
#if defined(HAVE_ECC_SIGN) && \
(defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)) && \
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
static wc_test_ret_t ecc_test_all_deterministic_k(WC_RNG* rng)
{
wc_test_ret_t ret = 0;
#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
ret = ecc_test_deterministic_k(rng);
if (ret != 0) {
printf("ecc_test_deterministic_k failed!\n");
return ret;
}
#endif
#ifdef WOLFSSL_PUBLIC_MP
#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \
ECC_MIN_KEY_SZ <= 384
ret = ecc384_test_deterministic_k(rng);
if (ret != 0) {
printf("ecc384_test_deterministic_k failed!\n");
return ret;
}
#endif
#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \
ECC_MIN_KEY_SZ <= 521
ret = ecc521_test_deterministic_k(rng);
if (ret != 0) {
printf("ecc521_test_deterministic_k failed!\n");
return ret;
}
#endif
#endif
(void)rng;
return ret;
}
#endif
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void)
{
wc_test_ret_t ret;
WC_RNG rng;
WOLFSSL_ENTER("ecc_test");
#if defined(ECC_MIN_KEY_SZ)
WOLFSSL_MSG_EX("ecc_test ECC_MIN_KEY_SZ = %d\n", ECC_MIN_KEY_SZ);
#else
WOLFSSL_MSG("ecc_test ECC_MIN_KEY_SZ not defined.");
#endif
#if defined(WOLFSSL_CERT_EXT) && \
(!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
ret = ecc_decode_test();
if (ret < 0)
return ret;
#endif
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
ret = wc_InitRng(&rng);
#endif
#ifndef WC_NO_RNG
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#else
(void)ret;
#endif
ret = ecc_test_all_curves(&rng);
if (ret < 0)
goto done;
#if !defined(NO_ASN) && !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
(HAVE_FIPS_VERSION > 2)))
ret = ecc_test_raw_enc_dec();
if (ret != 0) {
printf("raw sig encode/decode\n");
goto done;
}
#endif
#if defined(WOLFSSL_CUSTOM_CURVES) && !defined(WOLFSSL_NO_MALLOC)
/* custom curves requires allocation of ecc_set_type in asn.c */
ret = ecc_test_custom_curves(&rng);
if (ret != 0) {
printf("Custom\n");
goto done;
}
#endif
#if defined(WOLFSSL_SM2)
ret = test_sm2_verify();
if (ret != 0) {
printf("SM2 Verify\n");
goto done;
}
ret = ecc_sm2_test_curve(&rng, ECC_TEST_VERIFY_COUNT);
if (ret != 0) {
printf("SM2 test\n");
goto done;
}
#endif
#if defined(HAVE_ECC_SIGN) && \
(defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)) && \
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
ret = ecc_test_all_deterministic_k(&rng);
if (ret != 0)
goto done;
#endif
#if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_SET_K) && \
!defined(WOLFSSL_KCAPI_ECC)
ret = ecc_test_sign_vectors(&rng);
if (ret != 0) {
printf("ecc_test_sign_vectors failed!\n");
goto done;
}
#endif
#if defined(HAVE_ECC_VECTOR_TEST) && defined(HAVE_ECC_CDH) && \
defined(HAVE_ECC_DHE)
ret = ecc_test_cdh_vectors(&rng);
if (ret != 0) {
printf("ecc_test_cdh_vectors failed!\n");
goto done;
}
#endif
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(WOLFSSL_MICROCHIP_TA100) && \
!defined(WOLFSSL_STM32_PKA) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
!defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ECC_SECP)
ret = ecc_test_make_pub(&rng);
if (ret != 0) {
printf("ecc_test_make_pub failed!\n");
goto done;
}
#elif defined(HAVE_ECC_KEY_IMPORT)
(void)ecc_test_make_pub; /* for compiler warning */
#endif
#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && \
!defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC)
ret = ecc_test_cert_gen(&rng);
if (ret != 0) {
printf("ecc_test_cert_gen failed!\n");
goto done;
}
#endif
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_NO_MALLOC) && \
(!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_SWDEV)) && (!defined(NO_ECC_SECP) || \
defined(WOLFSSL_CUSTOM_CURVES))
ret = ecc_test_allocator(&rng);
if (ret != 0) {
printf("ecc_test_allocator failed!\n");
goto done;
}
#endif
#if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_PUBLIC_MP) && \
defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
ret = ecc_test_nonblock(&rng);
if (ret != 0) {
printf("ecc_test_nonblock failed!\n");
goto done;
}
#endif
done:
wc_FreeRng(&rng);
return ret;
}
#if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \
(defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_256))
#if !defined(WOLFSSL_NO_MALLOC)
#if ((! defined(HAVE_FIPS)) || FIPS_VERSION_GE(5,3))
/* maximum encrypted message:
* msgSz (14) + pad (2) + pubKeySz(1+66*2) + ivSz(16) + digestSz(32) = 197 */
#define MAX_ECIES_TEST_SZ 200
static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
byte* plaintext;
byte* encrypted;
byte* decrypted;
#else
byte plaintext[MAX_ECIES_TEST_SZ];
byte encrypted[MAX_ECIES_TEST_SZ];
byte decrypted[MAX_ECIES_TEST_SZ];
#endif
ecEncCtx* aCtx = NULL;
ecEncCtx* bCtx = NULL;
static const byte salt[16] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13,
14, 15};
wc_test_ret_t ret = 0;
static const char message[] = "Hello wolfSSL!";
word32 plaintextLen;
word32 encryptLen = MAX_ECIES_TEST_SZ;
word32 decryptLen = MAX_ECIES_TEST_SZ;
int aInit = 0;
int bInit = 0;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
plaintext = (byte*)XMALLOC(MAX_ECIES_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
encrypted = (byte*)XMALLOC(MAX_ECIES_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
decrypted = (byte*)XMALLOC(MAX_ECIES_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
wc_ecc_free(a);
wc_ecc_free(b);
ret = wc_ecc_init(a);
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret);
}
else {
aInit = 1;
}
if (ret == 0) {
ret = wc_ecc_init(b);
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret);
}
else {
bInit = 1;
}
}
if (ret == 0)
ret = wc_ecc_make_key(rng, 32, a);
if (ret == 0)
ret = wc_ecc_make_key(rng, 32, b);
/* create context */
if (ret == 0) {
aCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, rng);
if (aCtx == NULL)
ret = WC_TEST_RET_ENC_NC;
}
if (ret == 0) {
bCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, rng);
if (bCtx == NULL)
ret = WC_TEST_RET_ENC_NC;
}
/* set salt */
if (ret == 0) {
ret = wc_ecc_ctx_set_kdf_salt(aCtx, salt, sizeof(salt));
if (ret != 0)
ret = 10472;
}
if (ret == 0) {
ret = wc_ecc_ctx_set_kdf_salt(bCtx, salt, sizeof(salt));
if (ret != 0)
ret = 10473;
}
XMEMSET(plaintext, 0, MAX_ECIES_TEST_SZ);
XSTRLCPY((char *)plaintext, message, MAX_ECIES_TEST_SZ);
plaintextLen = (((word32)XSTRLEN(message) + WC_AES_BLOCK_SIZE - 1) /
WC_AES_BLOCK_SIZE) * WC_AES_BLOCK_SIZE;
/* encrypt */
if (ret == 0) {
ret = wc_ecc_encrypt(a, b, plaintext, plaintextLen, encrypted,
&encryptLen, aCtx);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
/* decrypt */
if (ret == 0) {
ret = wc_ecc_decrypt(b, a, encrypted, encryptLen, decrypted,
&decryptLen, bCtx);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
/* compare */
if (ret == 0 && XMEMCMP(decrypted, plaintext, plaintextLen) != 0)
ret = WC_TEST_RET_ENC_NC;
if (aInit) {
wc_ecc_free(a);
}
if (bInit) {
wc_ecc_free(b);
}
wc_ecc_ctx_free(aCtx);
wc_ecc_ctx_free(bCtx);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(encrypted, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(decrypted, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
#endif /* !HAVE_FIPS || FIPS_VERSION_GE(5,3) */
#endif /* !WOLFSSL_NO_MALLOC */
/* ecc_encrypt_e2e_test() uses wc_ecc_ctx_set_algo(), which was added in
* wolfFIPS 5.3.
* ecc_encrypt_kat() is used only by ecc_encrypt_e2e_test().
*/
#if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \
ECC_MIN_KEY_SZ <= 256 && defined(WOLFSSL_AES_128)
static wc_test_ret_t ecc_encrypt_kat(WC_RNG *rng)
{
wc_test_ret_t ret = 0;
#ifdef WOLFSSL_ECIES_OLD
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
ecc_key* userA = NULL;
#else
ecc_key userA[1];
#endif
int userAInit = 0;
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
ecc_key* userB = NULL;
#else
ecc_key userB[1];
#endif
int userBInit = 0;
ecc_key* tmpKey;
byte plain[48];
word32 plainSz = sizeof(plain);
WOLFSSL_SMALL_STACK_STATIC const byte privKey[] = {
0x04, 0x80, 0xef, 0x1d, 0xbe, 0x02, 0x0c, 0x20,
0x5b, 0xab, 0x80, 0x35, 0x5b, 0x2a, 0x0f, 0x6d,
0xd3, 0xb0, 0x7f, 0x7e, 0x7f, 0x86, 0x8a, 0x49,
0xee, 0xb4, 0xaa, 0x09, 0x2d, 0x1e, 0x1d, 0x02
};
#if defined(WOLFSSL_ECIES_OLD) || defined(WOLFSSL_QNX_CAAM)
WOLFSSL_SMALL_STACK_STATIC const byte pubKey[] = {
0x04,
/* X */
0x50, 0xf2, 0x93, 0xa2, 0x48, 0xa9, 0xc0, 0x5a,
0x9a, 0xa7, 0x70, 0x34, 0xb7, 0x7f, 0x4c, 0x3a,
0xad, 0xfc, 0xd8, 0xb6, 0x76, 0x0a, 0xe3, 0xc1,
0x87, 0x17, 0x07, 0x2d, 0x8d, 0xa3, 0x63, 0xa0,
/* X */
0xc1, 0x27, 0xb2, 0x97, 0x9b, 0x84, 0xe7, 0xcd,
0x20, 0x65, 0x8d, 0x2b, 0x6a, 0x93, 0x75, 0xaa,
0x8b, 0xe1, 0x3a, 0x7b, 0x24, 0x1a, 0xbe, 0xe8,
0x36, 0xd2, 0xe6, 0x34, 0x8a, 0x7a, 0xb3, 0x28
};
#endif
WOLFSSL_SMALL_STACK_STATIC const byte enc_msg[] = {
#ifdef WOLFSSL_ECIES_OLD
0x42, 0x70, 0xbf, 0xf9, 0xf4, 0x7e, 0x4b, 0x9b,
0xb5, 0x4c, 0xcc, 0xc5, 0x94, 0xa7, 0xef, 0xaa,
0xc3, 0x7c, 0x85, 0xa6, 0x51, 0x6e, 0xd3, 0xfa,
0x56, 0xc9, 0x10, 0x4d, 0x14, 0x32, 0x61, 0xb8,
0xbb, 0x66, 0x7a, 0xb5, 0xbc, 0x95, 0xf8, 0xca,
0xd1, 0x2a, 0x19, 0x51, 0x44, 0xd8, 0x0e, 0x57,
0x34, 0xed, 0x45, 0x89, 0x2e, 0x57, 0xbe, 0xd5,
0x06, 0x22, 0xd7, 0x13, 0x0a, 0x0e, 0x40, 0x36,
0x0d, 0x05, 0x0d, 0xb6, 0xae, 0x61, 0x37, 0x18,
0x83, 0x90, 0x0a, 0x27, 0x95, 0x41, 0x8c, 0x45
#elif defined(WOLFSSL_ECIES_ISO18033)
0x04, 0x50, 0xf2, 0x93, 0xa2, 0x48, 0xa9, 0xc0,
0x5a, 0x9a, 0xa7, 0x70, 0x34, 0xb7, 0x7f, 0x4c,
0x3a, 0xad, 0xfc, 0xd8, 0xb6, 0x76, 0x0a, 0xe3,
0xc1, 0x87, 0x17, 0x07, 0x2d, 0x8d, 0xa3, 0x63,
0xa0, 0xc1, 0x27, 0xb2, 0x97, 0x9b, 0x84, 0xe7,
0xcd, 0x20, 0x65, 0x8d, 0x2b, 0x6a, 0x93, 0x75,
0xaa, 0x8b, 0xe1, 0x3a, 0x7b, 0x24, 0x1a, 0xbe,
0xe8, 0x36, 0xd2, 0xe6, 0x34, 0x8a, 0x7a, 0xb3,
0x28, 0xbb, 0x9f, 0xa8, 0x2d, 0xe1, 0xf1, 0x67,
0x45, 0x02, 0x19, 0xdc, 0xc8, 0x24, 0x8b, 0x20,
0x02, 0xa0, 0x8f, 0x95, 0x12, 0x55, 0x51, 0xf8,
0x03, 0xc4, 0x54, 0x13, 0x98, 0x2d, 0xf0, 0x31,
0x51, 0x80, 0x45, 0x24, 0xcb, 0x8b, 0x48, 0xa6,
0x8b, 0x8e, 0x97, 0x9c, 0x56, 0x4d, 0x70, 0x00,
0x53, 0xd3, 0x47, 0x00, 0x5a, 0x23, 0x8c, 0xf9,
0xfd, 0xd2, 0x33, 0x2c, 0x43, 0x6e, 0x9e, 0xb2,
0xf4, 0x95, 0xd4, 0xcf, 0x30, 0xd6, 0xa2, 0xc5,
0x35, 0x96, 0x6a, 0xd4, 0x36, 0x15, 0xa9, 0xbd,
0x7f
#elif defined(WOLFSSL_ECIES_GEN_IV)
/* EC P-256 point */
0x04,
/* X */
0x50, 0xf2, 0x93, 0xa2, 0x48, 0xa9, 0xc0, 0x5a,
0x9a, 0xa7, 0x70, 0x34, 0xb7, 0x7f, 0x4c, 0x3a,
0xad, 0xfc, 0xd8, 0xb6, 0x76, 0x0a, 0xe3, 0xc1,
0x87, 0x17, 0x07, 0x2d, 0x8d, 0xa3, 0x63, 0xa0,
/* Y */
0xc1, 0x27, 0xb2, 0x97, 0x9b, 0x84, 0xe7, 0xcd,
0x20, 0x65, 0x8d, 0x2b, 0x6a, 0x93, 0x75, 0xaa,
0x8b, 0xe1, 0x3a, 0x7b, 0x24, 0x1a, 0xbe, 0xe8,
0x36, 0xd2, 0xe6, 0x34, 0x8a, 0x7a, 0xb3, 0x28,
/* IV */
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* Encrypted Msg */
0xe5, 0x17, 0xaf, 0x0d, 0x65, 0x4d, 0x3d, 0x50,
0x96, 0x05, 0xc9, 0x63, 0x2c, 0xef, 0x1c, 0x1f,
0x78, 0xc9, 0x90, 0x7a, 0x14, 0x00, 0xfc, 0x44,
0x71, 0x6d, 0x57, 0x8c, 0xdf, 0x23, 0xca, 0x65,
0xcf, 0x93, 0x06, 0xb6, 0x9a, 0xf4, 0x61, 0xbd,
0x44, 0x1a, 0xeb, 0x52, 0x68, 0x0f, 0xd1, 0xde,
/* HMAC */
0x5a, 0x22, 0xc1, 0x5d, 0x99, 0x66, 0x3f, 0x24,
0x35, 0x96, 0xac, 0xf7, 0xf6, 0x28, 0x45, 0x16,
0x52, 0x19, 0x0d, 0xe4, 0xb2, 0xca, 0x5b, 0x28,
0x4e, 0xbb, 0xf3, 0x98, 0x57, 0xd7, 0x3b, 0xe2
#else
0x04, 0x50, 0xf2, 0x93, 0xa2, 0x48, 0xa9, 0xc0,
0x5a, 0x9a, 0xa7, 0x70, 0x34, 0xb7, 0x7f, 0x4c,
0x3a, 0xad, 0xfc, 0xd8, 0xb6, 0x76, 0x0a, 0xe3,
0xc1, 0x87, 0x17, 0x07, 0x2d, 0x8d, 0xa3, 0x63,
0xa0, 0xc1, 0x27, 0xb2, 0x97, 0x9b, 0x84, 0xe7,
0xcd, 0x20, 0x65, 0x8d, 0x2b, 0x6a, 0x93, 0x75,
0xaa, 0x8b, 0xe1, 0x3a, 0x7b, 0x24, 0x1a, 0xbe,
0xe8, 0x36, 0xd2, 0xe6, 0x34, 0x8a, 0x7a, 0xb3,
0x28, 0xe5, 0x17, 0xaf, 0x0d, 0x65, 0x4d, 0x3d,
0x50, 0x96, 0x05, 0xc9, 0x63, 0x2c, 0xef, 0x1c,
0x1f, 0x78, 0xc9, 0x90, 0x7a, 0x14, 0x00, 0xfc,
0x44, 0x71, 0x6d, 0x57, 0x8c, 0xdf, 0x23, 0xca,
0x65, 0xcf, 0x93, 0x06, 0xb6, 0x9a, 0xf4, 0x61,
0xbd, 0x44, 0x1a, 0xeb, 0x52, 0x68, 0x0f, 0xd1,
0xde, 0xc7, 0x3f, 0x6f, 0xce, 0xbe, 0x49, 0x61,
0x48, 0x01, 0x77, 0x41, 0xd0, 0xd8, 0x5b, 0x48,
0xca, 0x4e, 0x47, 0x3e, 0x47, 0xbf, 0x1d, 0x28,
0x4c, 0x18, 0x1a, 0xfb, 0x96, 0x95, 0xda, 0xde,
0x55
#endif
};
WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f
};
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
userB = (ecc_key *)XMALLOC(sizeof(*userB), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (userB == NULL) {
ret = WC_TEST_RET_ENC_ERRNO;
}
#ifdef WOLFSSL_ECIES_OLD
if (ret == 0) {
userA = (ecc_key *)XMALLOC(sizeof(*userA), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (userA == NULL) {
ret = WC_TEST_RET_ENC_ERRNO;
}
}
#endif
#endif
if (ret == 0) {
ret = wc_ecc_init_ex(userB, HEAP_HINT, devId);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
userBInit = 1;
#ifdef WOLFSSL_ECIES_OLD
ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
userAInit = 1;
tmpKey = userA;
#else
tmpKey = NULL;
#endif
}
if (ret == 0) {
#ifdef WOLFSSL_QNX_CAAM
ret = wc_ecc_import_private_key_ex(privKey, sizeof(privKey), pubKey,
sizeof(pubKey), userB, ECC_SECP256R1);
#else
ret = wc_ecc_import_private_key_ex(privKey, sizeof(privKey), NULL, 0,
userB, ECC_SECP256R1);
#endif
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
#ifdef WOLFSSL_ECIES_OLD
if (ret == 0) {
ret = wc_ecc_import_x963_ex(pubKey, sizeof(pubKey), userA,
ECC_SECP256R1);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
#endif
#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
!defined(HAVE_SELFTEST)
if (ret == 0) {
ret = wc_ecc_set_rng(userB, rng);
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret);
}
}
#else
(void)rng;
#endif
if (ret == 0) {
ret = wc_ecc_decrypt(userB, tmpKey, enc_msg, sizeof(enc_msg), plain,
&plainSz, NULL);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
if (XMEMCMP(plain, msg, sizeof(msg)) != 0) {
ret = WC_TEST_RET_ENC_NC;
}
}
if (userBInit)
wc_ecc_free(userB);
#ifdef WOLFSSL_ECIES_OLD
if (userAInit)
wc_ecc_free(userA);
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WOLFSSL_ECIES_OLD
XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#endif
return ret;
}
#endif
#ifndef WOLFSSL_NO_MALLOC
static wc_test_ret_t ecc_encrypt_e2e_test(WC_RNG* rng, ecc_key* userA, ecc_key* userB,
byte encAlgo, byte kdfAlgo, byte macAlgo)
{
wc_test_ret_t ret = 0;
byte msg[48];
byte plain[48];
#ifdef WOLFSSL_ECIES_OLD
byte out[80];
#elif defined(WOLFSSL_ECIES_GEN_IV)
byte out[1 + ECC_KEYGEN_SIZE * 2 + 16 + 80];
#else
byte out[1 + ECC_KEYGEN_SIZE * 2 + 80];
#endif
word32 outSz = sizeof(out);
word32 plainSz = sizeof(plain);
int i;
ecEncCtx* cliCtx = NULL;
ecEncCtx* srvCtx = NULL;
byte cliSalt[EXCHANGE_SALT_SZ];
byte srvSalt[EXCHANGE_SALT_SZ];
const byte* tmpSalt;
byte msg2[48];
byte plain2[48];
#ifdef WOLFSSL_ECIES_OLD
byte out2[80];
#elif defined(WOLFSSL_ECIES_GEN_IV)
byte out2[1 + ECC_KEYGEN_SIZE * 2 + 16 + 80];
#else
byte out2[1 + ECC_KEYGEN_SIZE * 2 + 80];
#endif
word32 outSz2 = sizeof(out2);
word32 plainSz2 = sizeof(plain2);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
ecc_key *tmpKey = (ecc_key *)XMALLOC(sizeof(ecc_key), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
#else
ecc_key tmpKey[1];
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (tmpKey == NULL) {
ERROR_OUT(MEMORY_E, done);
}
#endif
ret = wc_ecc_init_ex(tmpKey, HEAP_HINT, devId);
if (ret != 0)
goto done;
/* set message to incrementing 0,1,2,etc... */
for (i = 0; i < (int)sizeof(msg); i++)
msg[i] = i;
/* encrypt msg to B */
ret = wc_ecc_encrypt(userA, userB, msg, sizeof(msg), out, &outSz, NULL);
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret); goto done;
}
#ifdef WOLFSSL_ECIES_OLD
tmpKey->dp = userA->dp;
tmpKey->idx = userA->idx;
ret = wc_ecc_copy_point(&userA->pubkey, &tmpKey->pubkey);
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret); goto done;
}
#endif
/* decrypt msg from A */
ret = wc_ecc_decrypt(userB, tmpKey, out, outSz, plain, &plainSz, NULL);
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret); goto done;
}
if (XMEMCMP(plain, msg, sizeof(msg)) != 0) {
ret = WC_TEST_RET_ENC_NC; goto done;
}
#ifndef WOLFSSL_ECIES_OLD
/* A decrypts msg (response) from B */
ret = wc_ecc_decrypt(userB, NULL, out, outSz, plain2, &plainSz2, NULL);
if (ret != 0)
goto done;
if (XMEMCMP(plain, msg, sizeof(msg)) != 0) {
ret = WC_TEST_RET_ENC_NC; goto done;
}
#endif
/* let's verify message exchange works, A is client, B is server */
cliCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, rng);
srvCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, rng);
if (cliCtx == NULL || srvCtx == NULL) {
ret = WC_TEST_RET_ENC_ERRNO; goto done;
}
ret = wc_ecc_ctx_set_algo(cliCtx, encAlgo, kdfAlgo, macAlgo);
if (ret != 0)
goto done;
ret = wc_ecc_ctx_set_algo(srvCtx, encAlgo, kdfAlgo, macAlgo);
if (ret != 0)
goto done;
/* get salt to send to peer */
tmpSalt = wc_ecc_ctx_get_own_salt(cliCtx);
if (tmpSalt == NULL) {
ret = WC_TEST_RET_ENC_NC; goto done;
}
XMEMCPY(cliSalt, tmpSalt, EXCHANGE_SALT_SZ);
tmpSalt = wc_ecc_ctx_get_own_salt(srvCtx);
if (tmpSalt == NULL) {
ret = WC_TEST_RET_ENC_NC; goto done;
}
XMEMCPY(srvSalt, tmpSalt, EXCHANGE_SALT_SZ);
/* in actual use, we'd get the peer's salt over the transport */
ret = wc_ecc_ctx_set_peer_salt(cliCtx, srvSalt);
if (ret != 0)
goto done;
ret = wc_ecc_ctx_set_peer_salt(srvCtx, cliSalt);
if (ret != 0)
goto done;
ret = wc_ecc_ctx_set_info(cliCtx, (byte*)"wolfSSL MSGE", 11);
if (ret != 0)
goto done;
ret = wc_ecc_ctx_set_info(srvCtx, (byte*)"wolfSSL MSGE", 11);
if (ret != 0)
goto done;
/* get encrypted msg (request) to send to B */
outSz = sizeof(out);
ret = wc_ecc_encrypt(userA, userB, msg, sizeof(msg), out, &outSz,cliCtx);
if (ret != 0)
goto done;
#ifndef WOLFSSL_ECIES_OLD
wc_ecc_free(tmpKey);
#endif
/* B decrypts msg (request) from A */
plainSz = sizeof(plain);
ret = wc_ecc_decrypt(userB, tmpKey, out, outSz, plain, &plainSz, srvCtx);
if (ret != 0)
goto done;
if (XMEMCMP(plain, msg, sizeof(msg)) != 0) {
ret = WC_TEST_RET_ENC_NC; goto done;
}
/* msg2 (response) from B to A */
for (i = 0; i < (int)sizeof(msg2); i++)
msg2[i] = i + sizeof(msg2);
/* get encrypted msg (response) to send to B */
ret = wc_ecc_encrypt(userB, userA, msg2, sizeof(msg2), out2,
&outSz2, srvCtx);
if (ret != 0)
goto done;
#ifdef WOLFSSL_ECIES_OLD
tmpKey->dp = userB->dp;
ret = wc_ecc_copy_point(&userB->pubkey, &tmpKey->pubkey);
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret); goto done;
}
#else
wc_ecc_free(tmpKey);
#endif
/* A decrypts msg (response) from B */
ret = wc_ecc_decrypt(userA, tmpKey, out2, outSz2, plain2, &plainSz2,
cliCtx);
if (ret != 0)
goto done;
if (XMEMCMP(plain2, msg2, sizeof(msg2)) != 0) {
ret = WC_TEST_RET_ENC_NC; goto done;
}
#if defined(HAVE_COMP_KEY) && \
(! defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
/* Create new client and server contexts. */
wc_ecc_ctx_free(srvCtx);
wc_ecc_ctx_free(cliCtx);
/* let's verify message exchange works, A is client, B is server */
cliCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, rng);
srvCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, rng);
if (cliCtx == NULL || srvCtx == NULL) {
ret = WC_TEST_RET_ENC_ERRNO; goto done;
}
ret = wc_ecc_ctx_set_algo(cliCtx, encAlgo, kdfAlgo, macAlgo);
if (ret != 0)
goto done;
ret = wc_ecc_ctx_set_algo(srvCtx, encAlgo, kdfAlgo, macAlgo);
if (ret != 0)
goto done;
/* get salt to send to peer */
tmpSalt = wc_ecc_ctx_get_own_salt(cliCtx);
if (tmpSalt == NULL) {
ret = WC_TEST_RET_ENC_NC; goto done;
}
XMEMCPY(cliSalt, tmpSalt, EXCHANGE_SALT_SZ);
tmpSalt = wc_ecc_ctx_get_own_salt(srvCtx);
if (tmpSalt == NULL) {
ret = WC_TEST_RET_ENC_NC; goto done;
}
XMEMCPY(srvSalt, tmpSalt, EXCHANGE_SALT_SZ);
/* in actual use, we'd get the peer's salt over the transport */
ret = wc_ecc_ctx_set_peer_salt(cliCtx, srvSalt);
if (ret != 0)
goto done;
ret = wc_ecc_ctx_set_peer_salt(srvCtx, cliSalt);
if (ret != 0)
goto done;
ret = wc_ecc_ctx_set_info(cliCtx, (byte*)"wolfSSL MSGE", 12);
if (ret != 0)
goto done;
ret = wc_ecc_ctx_set_info(srvCtx, (byte*)"wolfSSL MSGE", 12);
if (ret != 0)
goto done;
/* get encrypted msg (request) to send to B - compressed public key */
outSz = sizeof(out);
ret = wc_ecc_encrypt_ex(userA, userB, msg, sizeof(msg), out, &outSz, cliCtx,
1);
if (ret != 0)
goto done;
#ifndef WOLFSSL_ECIES_OLD
wc_ecc_free(tmpKey);
#endif
/* B decrypts msg (request) from A - out has a compressed public key */
plainSz = sizeof(plain);
ret = wc_ecc_decrypt(userB, tmpKey, out, outSz, plain, &plainSz, srvCtx);
if (ret != 0)
goto done;
if (XMEMCMP(plain, msg, sizeof(msg)) != 0) {
ret = WC_TEST_RET_ENC_NC; goto done;
}
#endif /* HAVE_COMP_KEY && (!FIPS || FIPS>=5.3) */
#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \
(ECC_MIN_KEY_SZ <= 256) && defined(WOLFSSL_AES_128)
ret = ecc_encrypt_kat(rng);
#endif
done:
/* cleanup */
wc_ecc_ctx_free(srvCtx);
wc_ecc_ctx_free(cliCtx);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (tmpKey != NULL) {
wc_ecc_free(tmpKey);
XFREE(tmpKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#else
wc_ecc_free(tmpKey);
#endif
return ret;
}
#endif
#endif /* !HAVE_FIPS || FIPS_VERSION_GE(5,3) */
#if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
static wc_test_ret_t ecc_encrypt_combos_test(WC_RNG* rng, ecc_key* userA,
ecc_key* userB)
{
wc_test_ret_t ret = 0;
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(WOLFSSL_NO_MALLOC)
#ifdef WOLFSSL_AES_128
if (ret == 0) {
ret = ecc_encrypt_e2e_test(rng, userA, userB, ecAES_128_CBC,
ecHKDF_SHA256, ecHMAC_SHA256);
if (ret != 0) {
printf("ECIES: AES_128_CBC, HKDF_SHA256, HMAC_SHA256\n");
}
}
#ifdef HAVE_X963_KDF
if (ret == 0) {
ret = ecc_encrypt_e2e_test(rng, userA, userB, ecAES_128_CBC,
ecKDF_X963_SHA256, ecHMAC_SHA256);
if (ret != 0) {
printf("ECIES: AES_128_CBC, KDF_X963_SHA256, HMAC_SHA256\n");
}
}
if (ret == 0) {
ret = ecc_encrypt_e2e_test(rng, userA, userB, ecAES_128_CBC,
ecKDF_SHA256, ecHMAC_SHA256);
if (ret != 0) {
printf("ECIES: AES_128_CBC, KDF_SHA256, HMAC_SHA256\n");
}
}
#endif
#endif
#ifdef WOLFSSL_AES_256
if (ret == 0) {
ret = ecc_encrypt_e2e_test(rng, userA, userB, ecAES_256_CBC,
ecHKDF_SHA256, ecHMAC_SHA256);
if (ret != 0) {
printf("ECIES: AES_256_CBC, HKDF_SHA256, HMAC_SHA256\n");
}
}
#endif
#endif
#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && !defined(WOLFSSL_NO_MALLOC)
#ifdef WOLFSSL_AES_128
if (ret == 0) {
ret = ecc_encrypt_e2e_test(rng, userA, userB, ecAES_128_CTR,
ecHKDF_SHA256, ecHMAC_SHA256);
if (ret != 0) {
printf("ECIES: AES_128_CTR, HKDF_SHA256, HMAC_SHA256\n");
}
}
#endif
#ifdef WOLFSSL_AES_256
if (ret == 0) {
ret = ecc_encrypt_e2e_test(rng, userA, userB, ecAES_256_CTR,
ecHKDF_SHA256, ecHMAC_SHA256);
if (ret != 0) {
printf("ECIES: AES_256_CTR, HKDF_SHA256, HMAC_SHA256\n");
}
}
#endif
#endif /* !NO_AES && WOLFSSL_AES_COUNTER */
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(WOLFSSL_NO_MALLOC)
if (ret == 0) {
ret = ecc_ctx_kdf_salt_test(rng, userA, userB);
}
#endif
(void)rng;
(void)userA;
(void)userB;
return ret;
}
#endif /* !HAVE_FIPS || FIPS_VERSION_GE(5,3) */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void)
{
WC_RNG rng;
wc_test_ret_t ret;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
ecc_key *userA;
ecc_key *userB;
#else
ecc_key userA[1];
ecc_key userB[1];
#endif
WOLFSSL_ENTER("ecc_encrypt_test");
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
ret = wc_InitRng(&rng);
#endif
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
userB = (ecc_key *)XMALLOC(sizeof *userB, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if ((userA == NULL) || (userB == NULL)) {
ERROR_OUT(MEMORY_E, done);
}
#endif
XMEMSET(userA, 0, sizeof *userA);
XMEMSET(userB, 0, sizeof *userB);
ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
if (ret != 0)
goto done;
ret = wc_ecc_init_ex(userB, HEAP_HINT, devId);
if (ret != 0)
goto done;
ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, userA);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0){
ret = WC_TEST_RET_ENC_EC(ret); goto done;
}
ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, userB);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0){
ret = WC_TEST_RET_ENC_EC(ret); goto done;
}
#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
!defined(HAVE_SELFTEST)
ret = wc_ecc_set_rng(userA, &rng);
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret); goto done;
}
ret = wc_ecc_set_rng(userB, &rng);
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret); goto done;
}
#endif
#if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
if (ret == 0)
ret = ecc_encrypt_combos_test(&rng, userA, userB);
#endif /* !HAVE_FIPS || FIPS_VERSION_GE(5,3) */
done:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (userA != NULL) {
wc_ecc_free(userA);
XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
if (userB != NULL) {
wc_ecc_free(userB);
XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#else
wc_ecc_free(userB);
wc_ecc_free(userA);
#endif
wc_FreeRng(&rng);
return ret;
}
#endif /* HAVE_ECC_ENCRYPT && HAVE_AES_CBC && WOLFSSL_AES_128 */
#if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A) && !defined(WOLFSSL_MICROCHIP_TA100) && \
!defined(NO_ECC256) && \
defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \
(!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_SWDEV)) && !defined(NO_ECC_SECP) && \
!defined(WOLFSSL_SE050)
#if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_HKDF) && \
defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
static wc_test_ret_t ecc_buffers_encrypt_test(ecc_key* cliKey, ecc_key* servKey,
ecc_key* tmpKey, const byte* in, word32 inSz, byte* out, byte* plain,
word32 inLen)
{
wc_test_ret_t ret;
word32 x;
word32 y;
/* test encrypt and decrypt if they're available */
x = 256;
ret = wc_ecc_encrypt(cliKey, servKey, in, inSz, out, &x, NULL);
if (ret < 0)
return WC_TEST_RET_ENC_EC(ret);
#ifdef WOLFSSL_ECIES_OLD
tmpKey->dp = cliKey->dp;
ret = wc_ecc_copy_point(&cliKey->pubkey, &tmpKey->pubkey);
if (ret != 0) {
return WC_TEST_RET_ENC_EC(ret);
}
#endif
y = 256;
ret = wc_ecc_decrypt(servKey, tmpKey, out, x, plain, &y, NULL);
if (ret < 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(plain, in, inLen))
return WC_TEST_RET_ENC_NC;
#if !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0))
/* Negative test: corrupt HMAC tag in encrypted msg, expect
* HASH_TYPE_E from wc_ecc_decrypt. */
out[x - 1] ^= 0x01;
y = 256;
ret = wc_ecc_decrypt(servKey, tmpKey, out, x, plain, &y, NULL);
if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))
return WC_TEST_RET_ENC_EC(ret);
#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION3_GE(6,0,0)) */
(void)tmpKey;
return 0;
}
#endif
#ifndef WC_NO_RNG
static wc_test_ret_t ecc_buffers_sign_verify_test(ecc_key* cliKey, WC_RNG* rng,
const byte* in, word32 inLen, byte* out, byte* plain)
{
wc_test_ret_t ret = 0;
word32 x;
int verify = 0;
x = 256;
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &cliKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret == 0)
ret = wc_ecc_sign_hash(in, inLen, out, &x, rng, cliKey);
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
if (ret < 0)
return WC_TEST_RET_ENC_EC(ret);
TEST_SLEEP();
XMEMSET(plain, 0, 256);
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &cliKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret == 0)
ret = wc_ecc_verify_hash(out, x, in, inLen, &verify, cliKey);
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
if (ret < 0)
return WC_TEST_RET_ENC_EC(ret);
if (verify != 1)
return WC_TEST_RET_ENC_NC;
TEST_SLEEP();
(void)plain;
return 0;
}
#endif
#ifdef WOLFSSL_CERT_EXT
static wc_test_ret_t ecc_buffers_pub_key_decode_test(ecc_key* cliKey)
{
wc_test_ret_t ret;
word32 idx = 0;
size_t bytes;
bytes = sizeof_ecc_clikeypub_der_256;
ret = wc_EccPublicKeyDecode(ecc_clikeypub_der_256, &idx, cliKey,
(word32) bytes);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
return 0;
}
#endif
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test_buffers(void)
{
size_t bytes;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
ecc_key *cliKey = (ecc_key *)XMALLOC(sizeof *cliKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
ecc_key *servKey = (ecc_key *)XMALLOC(sizeof *servKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
ecc_key *tmpKey = (ecc_key *)XMALLOC(sizeof *tmpKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
ecc_key cliKey[1];
ecc_key servKey[1];
ecc_key tmpKey[1];
#endif
WC_RNG rng;
wc_test_ret_t ret;
word32 idx = 0;
#ifndef WC_NO_RNG
/* pad our test message to 32 bytes so evenly divisible by AES_BLOCK_SZ */
byte in[] = "Everyone gets Friday off. ecc p";
word32 inLen = (word32)XSTRLEN((char*)in);
byte out[256];
byte plain[256];
WOLFSSL_ENTER("ecc_test_buffers");
#endif
XMEMSET(&rng, 0, sizeof(WC_RNG));
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if ((cliKey == NULL) || (servKey == NULL) || (tmpKey == NULL)) {
XFREE(cliKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(servKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(tmpKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return MEMORY_E;
}
#endif
XMEMSET(cliKey, 0, sizeof(*cliKey));
XMEMSET(servKey, 0, sizeof(*servKey));
XMEMSET(tmpKey, 0, sizeof(*tmpKey));
ret = wc_ecc_init_ex(cliKey, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_ecc_init_ex(servKey, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_ecc_init_ex(tmpKey, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
bytes = (size_t)sizeof_ecc_clikey_der_256;
/* place client key into ecc_key struct cliKey */
ret = wc_EccPrivateKeyDecode(ecc_clikey_der_256, &idx, cliKey,
(word32)bytes);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
idx = 0;
bytes = (size_t)sizeof_ecc_key_der_256;
/* place server key into ecc_key struct servKey */
ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, servKey,
(word32)bytes);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#ifndef WC_NO_RNG
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
ret = wc_InitRng(&rng);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
!defined(HAVE_SELFTEST)
ret = wc_ecc_set_rng(cliKey, &rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_ecc_set_rng(servKey, &rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#endif
#endif
#if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_HKDF) && \
defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
ret = ecc_buffers_encrypt_test(cliKey, servKey, tmpKey, in, sizeof(in), out,
plain, inLen);
if (ret != 0)
goto done;
#endif
#ifndef WC_NO_RNG
ret = ecc_buffers_sign_verify_test(cliKey, &rng, in, inLen, out, plain);
if (ret != 0)
goto done;
#endif
#ifdef WOLFSSL_CERT_EXT
ret = ecc_buffers_pub_key_decode_test(cliKey);
if (ret != 0)
goto done;
#endif
ret = 0;
done:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (cliKey != NULL) {
wc_ecc_free(cliKey);
XFREE(cliKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
if (servKey != NULL) {
wc_ecc_free(servKey);
XFREE(servKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
if (tmpKey != NULL) {
wc_ecc_free(tmpKey);
XFREE(tmpKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#else
wc_ecc_free(cliKey);
wc_ecc_free(servKey);
wc_ecc_free(tmpKey);
#endif
wc_FreeRng(&rng);
return ret;
}
#endif /* USE_CERT_BUFFERS_256 && !WOLFSSL_ATECCX08A && !NO_ECC256 */
#endif /* HAVE_ECC */
#ifdef HAVE_CURVE25519
#if defined(HAVE_CURVE25519_SHARED_SECRET) && \
defined(HAVE_CURVE25519_KEY_IMPORT)
#ifdef CURVE25519_OVERFLOW_ALL_TESTS
#define X25519_TEST_CNT 5
#else
#define X25519_TEST_CNT 1
#endif
static wc_test_ret_t curve25519_overflow_test(WC_RNG* rng)
{
/* secret key for party a */
byte sa[X25519_TEST_CNT][32] = {
{
0x8d,0xaf,0x6e,0x7a,0xc1,0xeb,0x8d,0x30,
0x99,0x86,0xd3,0x90,0x47,0x96,0x21,0x3c,
0x3a,0x75,0xc0,0x7b,0x75,0x01,0x75,0xa3,
0x81,0x4b,0xff,0x5a,0xbc,0x96,0x87,0x28
},
#ifdef CURVE25519_OVERFLOW_ALL_TESTS
{
0x9d,0x63,0x5f,0xce,0xe2,0xe8,0xd7,0xfb,
0x68,0x77,0x0e,0x44,0xd1,0xad,0x87,0x2b,
0xf4,0x65,0x06,0xb7,0xbb,0xdb,0xbe,0x6e,
0x02,0x43,0x24,0xc7,0x3d,0x7b,0x88,0x60
},
{
0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9,
0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52,
0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1,
0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0
},
{
0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9,
0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52,
0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1,
0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0
},
{
0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9,
0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52,
0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1,
0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0
}
#endif
};
/* public key for party b */
byte pb[X25519_TEST_CNT][32] = {
{
0x7f,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf0
},
#ifdef CURVE25519_OVERFLOW_ALL_TESTS
{
/* 0xff first byte in original - invalid! */
0x7f,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf0
},
{
0x36,0x1a,0x74,0x87,0x28,0x59,0xe0,0xb6,
0xe4,0x2b,0x17,0x9b,0x16,0xb0,0x3b,0xf8,
0xb8,0x9f,0x2a,0x8f,0xc5,0x33,0x68,0x4f,
0xde,0x4d,0xd8,0x80,0x63,0xe7,0xb4,0x0a
},
{
0x00,0x80,0x38,0x59,0x19,0x3a,0x66,0x12,
0xfd,0xa1,0xec,0x1c,0x40,0x84,0x40,0xbd,
0x64,0x10,0x8b,0x53,0x81,0x21,0x03,0x2d,
0x7d,0x33,0xb4,0x01,0x57,0x0d,0xe1,0x89
},
{
0x1d,0xf8,0xf8,0x33,0x89,0x6c,0xb7,0xba,
0x94,0x73,0xfa,0xc2,0x36,0xac,0xbe,0x49,
0xaf,0x85,0x3e,0x93,0x5f,0xae,0xb2,0xc0,
0xc8,0x80,0x8f,0x4a,0xaa,0xd3,0x55,0x2b
}
#endif
};
/* expected shared key */
byte ss[X25519_TEST_CNT][32] = {
{
0x5c,0x4c,0x85,0x5f,0xfb,0x20,0x38,0xcc,
0x55,0x16,0x5b,0x8a,0xa7,0xed,0x57,0x6e,
0x35,0xaa,0x71,0x67,0x85,0x1f,0xb6,0x28,
0x17,0x07,0x7b,0xda,0x76,0xdd,0xe0,0xb4
},
#ifdef CURVE25519_OVERFLOW_ALL_TESTS
{
0x33,0xf6,0xc1,0x34,0x62,0x92,0x06,0x02,
0x95,0xdb,0x91,0x4c,0x5d,0x52,0x54,0xc7,
0xd2,0x5b,0x24,0xb5,0x4f,0x33,0x59,0x79,
0x9f,0x6d,0x7e,0x4a,0x4c,0x30,0xd6,0x38
},
{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02
},
{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x09
},
{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x10
}
#endif
};
wc_test_ret_t ret = 0;
int i;
word32 y;
byte shared[32];
curve25519_key userA;
wc_curve25519_init_ex(&userA, HEAP_HINT, devId);
#ifdef WOLFSSL_CURVE25519_BLINDING
wc_curve25519_set_rng(&userA, rng);
#endif
(void)rng;
for (i = 0; i < X25519_TEST_CNT; i++) {
if (wc_curve25519_import_private_raw(sa[i], sizeof(sa[i]), pb[i],
sizeof(pb[i]), &userA) != 0) {
ret = WC_TEST_RET_ENC_I(i); break;
}
/* test against known test vector */
XMEMSET(shared, 0, sizeof(shared));
y = sizeof(shared);
ret = wc_curve25519_shared_secret(&userA, &userA, shared, &y);
#if defined(WOLFSSL_ASYNC_CRYPT)
if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0) {
ret = WC_TEST_RET_ENC_I(i); break;
}
if (XMEMCMP(ss[i], shared, y)) {
ret = WC_TEST_RET_ENC_I(i); break;
}
}
wc_curve25519_free(&userA);
return ret;
}
/* Test the wc_curve25519_check_public API.
*
* returns 0 on success and -ve on failure.
*/
static wc_test_ret_t curve25519_check_public_test(void)
{
wc_test_ret_t ret;
/* Little-endian values that will fail */
byte fail_le[][CURVE25519_KEYSIZE] = {
{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
},
{
0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
},
{
0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x81
},
};
/* Big-endian values that will fail */
byte fail_be[][CURVE25519_KEYSIZE] = {
{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
},
{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
},
{
0x81,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
},
};
/* Good or valid public value */
byte good[CURVE25519_KEYSIZE] = {
0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
};
int i;
/* Parameter checks */
/* NULL pointer */
ret = wc_curve25519_check_public(NULL, 0, EC25519_LITTLE_ENDIAN);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
return WC_TEST_RET_ENC_EC(ret);
}
ret = wc_curve25519_check_public(NULL, 0, EC25519_BIG_ENDIAN);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
return WC_TEST_RET_ENC_EC(ret);
}
/* Length of 0 treated differently to other invalid lengths for TLS */
ret = wc_curve25519_check_public(good, 0, EC25519_LITTLE_ENDIAN);
if (ret != WC_NO_ERR_TRACE(BUFFER_E))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_curve25519_check_public(good, 0, EC25519_BIG_ENDIAN);
if (ret != WC_NO_ERR_TRACE(BUFFER_E))
return WC_TEST_RET_ENC_EC(ret);
/* Length not CURVE25519_KEYSIZE */
for (i = 1; i < CURVE25519_KEYSIZE + 2; i++) {
if (i == CURVE25519_KEYSIZE)
continue;
if (wc_curve25519_check_public(good, (word32)i, EC25519_LITTLE_ENDIAN) !=
WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
return WC_TEST_RET_ENC_I(i);
}
if (wc_curve25519_check_public(good, (word32)i, EC25519_BIG_ENDIAN) !=
WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
return WC_TEST_RET_ENC_I(i);
}
}
/* Little-endian fail cases */
for (i = 0; i < (int)(sizeof(fail_le) / sizeof(*fail_le)); i++) {
if (wc_curve25519_check_public(fail_le[i], CURVE25519_KEYSIZE,
EC25519_LITTLE_ENDIAN) == 0) {
return WC_TEST_RET_ENC_I(i);
}
}
/* Big-endian fail cases */
for (i = 0; i < (int)(sizeof(fail_be) / sizeof(*fail_be)); i++) {
if (wc_curve25519_check_public(fail_be[i], CURVE25519_KEYSIZE,
EC25519_BIG_ENDIAN) == 0) {
return WC_TEST_RET_ENC_I(i);
}
}
/* Check a valid public value works! */
ret = wc_curve25519_check_public(good, CURVE25519_KEYSIZE,
EC25519_LITTLE_ENDIAN);
if (ret != 0) {
return WC_TEST_RET_ENC_EC(ret);
}
ret = wc_curve25519_check_public(good, CURVE25519_KEYSIZE,
EC25519_BIG_ENDIAN);
if (ret != 0) {
return WC_TEST_RET_ENC_EC(ret);
}
return 0;
}
#endif /* HAVE_CURVE25519_SHARED_SECRET && HAVE_CURVE25519_KEY_IMPORT */
#if !defined(NO_ASN) && defined(HAVE_CURVE25519_KEY_EXPORT) && \
defined(HAVE_CURVE25519_KEY_IMPORT)
static wc_test_ret_t curve255519_der_test(void)
{
wc_test_ret_t ret = 0;
/* certs/statickeys/x25519.der */
const byte kCurve25519PrivDer[] = {
0x30, 0x2E, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x6E,
0x04, 0x22, 0x04, 0x20, 0x78, 0x8E, 0x31, 0x5C, 0x33, 0xA9, 0x19, 0xC0,
0x5E, 0x36, 0x70, 0x1B, 0xA4, 0xE8, 0xEF, 0xC1, 0x89, 0x8C, 0xB3, 0x15,
0xC6, 0x79, 0xD3, 0xAC, 0x22, 0x00, 0xAE, 0xFA, 0xB3, 0xB7, 0x0F, 0x78
};
/* certs/statickeys/x25519-pub.der */
const byte kCurve25519PubDer[] = {
0x30, 0x2A, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x6E, 0x03, 0x21, 0x00,
0x09, 0xBC, 0x8C, 0xC7, 0x45, 0x0D, 0xC1, 0xC2, 0x02, 0x57, 0x9A, 0x68,
0x3A, 0xFD, 0x7A, 0xA8, 0xA5, 0x2F, 0xF0, 0x99, 0x39, 0x98, 0xEA, 0x26,
0xA2, 0x5B, 0x38, 0xFD, 0x96, 0xDB, 0x2A, 0x26
};
curve25519_key key;
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)
byte output[CURVE25519_MAX_KEY_TO_DER_SZ];
#else
byte output[128];
#endif
word32 outputSz = (word32)sizeof(output);
word32 idx;
ret = wc_curve25519_init_ex(&key, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* Test decode / encode of Curve25519 private key only */
if (ret == 0) {
idx = 0;
ret = wc_Curve25519PrivateKeyDecode(kCurve25519PrivDer, &idx, &key,
(word32)sizeof(kCurve25519PrivDer));
if (ret < 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
outputSz = (word32)sizeof(output);
ret = wc_Curve25519PrivateKeyToDer(&key, output, outputSz);
if (ret >= 0) {
outputSz = (word32)ret;
ret = 0;
}
else {
ret = WC_TEST_RET_ENC_EC(ret);
}
}
if (ret == 0 && (outputSz != (word32)sizeof(kCurve25519PrivDer) ||
XMEMCMP(output, kCurve25519PrivDer, outputSz) != 0)) {
ret = WC_TEST_RET_ENC_NC;
}
/* Test decode / encode of Curve25519 public key only */
if (ret == 0) {
idx = 0;
ret = wc_Curve25519PublicKeyDecode(kCurve25519PubDer, &idx, &key,
(word32)sizeof(kCurve25519PubDer));
if (ret < 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
outputSz = (word32)sizeof(output);
ret = wc_Curve25519PublicKeyToDer(&key, output, outputSz, 1);
if (ret >= 0) {
outputSz = (word32)ret;
ret = 0;
}
else {
ret = WC_TEST_RET_ENC_EC(ret);
}
}
if (ret == 0 && (outputSz != (word32)sizeof(kCurve25519PubDer) ||
XMEMCMP(output, kCurve25519PubDer, outputSz) != 0)) {
ret = WC_TEST_RET_ENC_NC;
}
/* Test decode/encode of Curve25519 private key (only) using generic API */
if (ret == 0) {
/* clear key, since generic API will try to decode all fields */
XMEMSET(&key, 0, sizeof(key));
idx = 0;
ret = wc_Curve25519KeyDecode(kCurve25519PrivDer, &idx, &key,
(word32)sizeof(kCurve25519PrivDer));
if (ret < 0) {
ret = WC_TEST_RET_ENC_EC(ret);
}
}
if (ret == 0) {
outputSz = (word32)sizeof(output);
ret = wc_Curve25519KeyToDer(&key, output, outputSz, 1);
if (ret >= 0) {
outputSz = (word32)ret;
ret = 0;
}
else {
ret = WC_TEST_RET_ENC_EC(ret);
}
}
if (ret == 0 && (outputSz != (word32)sizeof(kCurve25519PrivDer) ||
XMEMCMP(output, kCurve25519PrivDer, outputSz) != 0)) {
ret = WC_TEST_RET_ENC_NC;
}
/* Test decode/encode of Curve25519 public key (only) using generic API */
if (ret == 0) {
/* clear key, since generic API will try to decode all fields */
XMEMSET(&key, 0, sizeof(key));
idx = 0;
ret = wc_Curve25519KeyDecode(kCurve25519PubDer, &idx, &key,
(word32)sizeof(kCurve25519PubDer));
if (ret < 0) {
ret = WC_TEST_RET_ENC_EC(ret);
}
}
if (ret == 0) {
outputSz = (word32)sizeof(output);
ret = wc_Curve25519KeyToDer(&key, output, outputSz, 1);
if (ret >= 0) {
outputSz = (word32)ret;
ret = 0;
}
else {
ret = WC_TEST_RET_ENC_EC(ret);
}
}
if (ret == 0 && (outputSz != (word32)sizeof(kCurve25519PubDer) ||
XMEMCMP(output, kCurve25519PubDer, outputSz) != 0)) {
ret = WC_TEST_RET_ENC_NC;
}
/* Test decode/encode key data containing both public and private fields */
if (ret == 0) {
XMEMSET(&key, 0 , sizeof(key));
/* Decode public key */
idx = 0;
ret = wc_Curve25519KeyDecode(kCurve25519PubDer, &idx, &key,
(word32)sizeof(kCurve25519PubDer));
if (ret < 0) {
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
/* Decode private key */
idx = 0;
ret = wc_Curve25519KeyDecode(kCurve25519PrivDer, &idx, &key,
(word32)sizeof(kCurve25519PrivDer));
if (ret < 0) {
ret = WC_TEST_RET_ENC_EC(ret);
}
}
/* Both public and private flags should be set */
if ((ret == 0) && (!key.pubSet && !key.privSet)) {
ret = WC_TEST_RET_ENC_NC;
}
if (ret == 0) {
/* Export key to temporary DER */
outputSz = (word32)sizeof(output);
ret = wc_Curve25519KeyToDer(&key, output, outputSz, 1);
if (ret >= 0) {
outputSz = (word32)ret;
ret = 0;
}
else {
ret = WC_TEST_RET_ENC_EC(ret);
}
/* Re-import temporary DER */
if (ret == 0) {
idx = 0;
ret = wc_Curve25519KeyDecode(output, &idx, &key, sizeof(output));
if (ret < 0) {
ret = WC_TEST_RET_ENC_EC(ret);
}
}
/* Ensure public and private keys survived combined keypair
* export/import by re-exporting DER for private and public keys,
* individually, and re-checking output against known good vectors.
* This is slightly circuitous but does test the functionality
* without requiring the addition of new test keys */
if (ret == 0) {
idx = 0;
ret = wc_Curve25519PrivateKeyDecode(kCurve25519PrivDer, &idx,
&key, (word32)sizeof(kCurve25519PrivDer));
if (ret < 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
outputSz = (word32)sizeof(output);
ret = wc_Curve25519PrivateKeyToDer(&key, output, outputSz);
if (ret >= 0) {
outputSz = (word32)ret;
ret = 0;
}
else {
ret = WC_TEST_RET_ENC_EC(ret);
}
}
if ((ret == 0) &&
(outputSz != (word32)sizeof(kCurve25519PrivDer) ||
XMEMCMP(output, kCurve25519PrivDer, outputSz) != 0)) {
ret = WC_TEST_RET_ENC_NC;
}
if (ret == 0) {
idx = 0;
ret = wc_Curve25519PublicKeyDecode(kCurve25519PubDer, &idx,
&key, (word32)sizeof(kCurve25519PubDer));
if (ret < 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
outputSz = (word32)sizeof(output);
ret = wc_Curve25519PublicKeyToDer(&key, output, outputSz, 1);
if (ret >= 0) {
outputSz = (word32)ret;
ret = 0;
}
else {
ret = WC_TEST_RET_ENC_EC(ret);
}
}
if ((ret == 0) &&
(outputSz != (word32)sizeof(kCurve25519PubDer) ||
XMEMCMP(output, kCurve25519PubDer, outputSz) != 0)) {
ret = WC_TEST_RET_ENC_NC;
}
}
}
wc_curve25519_free(&key);
return ret;
}
#endif /* !NO_ASN && HAVE_CURVE25519_KEY_EXPORT && HAVE_CURVE25519_KEY_IMPORT */
#ifdef WC_X25519_NONBLOCK
/* build and test with:
* ./configure --enable-curve25519=nonblock CFLAGS="-DWOLFSSL_DEBUG_NONBLOCK"
* make
* ./wolfcrypt/test/testwolfcrypt
*/
static int x25519_nonblock_test(WC_RNG* rng)
{
int ret = 0;
x25519_nb_ctx_t nb_ctx;
curve25519_key userA;
curve25519_key userB;
#ifdef HAVE_CURVE25519_SHARED_SECRET
byte sharedA[32];
byte sharedB[32];
word32 x;
word32 y;
#endif
int count;
XMEMSET(&nb_ctx, 0, sizeof(nb_ctx));
ret = wc_curve25519_init(&userA);
if (ret != 0) {
printf("wc_curve25519_init 1 %d\n", ret);
return -10722;
}
ret = wc_curve25519_set_nonblock(&userA, &nb_ctx);
if (ret != 0) {
printf("wc_curve25519_set_nonblock 1 %d\n", ret);
wc_curve25519_free(&userA);
return -10723;
}
count = 0;
do {
ret = wc_curve25519_make_key(rng, 32, &userA);
count++;
} while (ret == FP_WOULDBLOCK);
if (ret != 0) {
printf("wc_curve25519_make_key_nb 1 %d\n", ret);
wc_curve25519_free(&userA);
return -10724;
}
#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
/* CURVE25519 non-block key gen: 5335 times */
printf("CURVE25519 non-block key gen: %d times\n", count);
#endif
ret = wc_curve25519_init(&userB);
if (ret != 0) {
printf("wc_curve25519_init 2 %d\n", ret);
wc_curve25519_free(&userA);
return -10724;
}
ret = wc_curve25519_set_nonblock(&userB, &nb_ctx);
if (ret != 0) {
printf("wc_curve25519_set_nonblock 2 %d\n", ret);
wc_curve25519_free(&userA);
wc_curve25519_free(&userB);
return -10725;
}
count = 0;
do {
ret = wc_curve25519_make_key(rng, 32, &userB);
count++;
} while (ret == FP_WOULDBLOCK);
if (ret != 0) {
printf("wc_curve25519_make_key_nb 2 %d\n", ret);
wc_curve25519_free(&userA);
wc_curve25519_free(&userB);
return -10726;
}
#ifdef HAVE_CURVE25519_SHARED_SECRET
x = sizeof(sharedA);
do {
ret = wc_curve25519_shared_secret(&userA, &userB, sharedA, &x);
} while (ret == FP_WOULDBLOCK);
if (ret != 0) {
printf("wc_curve25519_shared_secret_nb 1 %d\n", ret);
wc_curve25519_free(&userA);
wc_curve25519_free(&userB);
return -10727;
}
y = sizeof(sharedB);
count = 0;
do {
ret = wc_curve25519_shared_secret(&userB, &userA, sharedB, &y);
count++;
}
while (ret == FP_WOULDBLOCK);
if (ret != 0) {
printf("wc_curve25519_shared_secret_nb 2 %d\n", ret);
wc_curve25519_free(&userA);
wc_curve25519_free(&userB);
return -10728;
}
#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
/* CURVE25519 non-block shared secret: 5337 times */
printf("CURVE25519 non-block shared secret: %d times\n", count);
#endif
/* compare shared secret keys to test they are the same */
if (y != x) {
wc_curve25519_free(&userA);
wc_curve25519_free(&userB);
return -10729;
}
if (XMEMCMP(sharedA, sharedB, x) != 0) {
wc_curve25519_free(&userA);
wc_curve25519_free(&userB);
return -10730;
}
#endif /* HAVE_CURVE25519_SHARED_SECRET */
wc_curve25519_free(&userA);
wc_curve25519_free(&userB);
return 0;
}
#endif /* WC_X25519_NONBLOCK */
static wc_test_ret_t curve25519_keyagree_test(WC_RNG* rng,
curve25519_key* userA, curve25519_key* userB, curve25519_key* pubKey)
{
wc_test_ret_t ret;
#ifdef HAVE_CURVE25519_SHARED_SECRET
byte sharedA[32];
byte sharedB[32];
word32 y;
#endif
#ifdef HAVE_CURVE25519_KEY_EXPORT
byte exportBuf[32];
#endif
word32 x = 0;
(void)x;
(void)pubKey;
/* make curve25519 keys */
ret = wc_curve25519_make_key(rng, 32, userA);
#if defined(WOLFSSL_ASYNC_CRYPT)
if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_curve25519_make_key(rng, 32, userB);
#if defined(WOLFSSL_ASYNC_CRYPT)
if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#ifdef HAVE_CURVE25519_SHARED_SECRET
/* find shared secret key */
x = sizeof(sharedA);
ret = wc_curve25519_shared_secret(userA, userB, sharedA, &x);
#if defined(WOLFSSL_ASYNC_CRYPT)
if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0) {
printf("wc_curve25519_shared_secret 1 failed\n");
return WC_TEST_RET_ENC_EC(ret);
}
y = sizeof(sharedB);
ret = wc_curve25519_shared_secret(userB, userA, sharedB, &y);
#if defined(WOLFSSL_ASYNC_CRYPT)
if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0) {
printf("wc_curve25519_shared_secret 2 failed\n");
return WC_TEST_RET_ENC_EC(ret);
}
/* compare shared secret keys to test they are the same */
if (y != x)
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(sharedA, sharedB, x))
return WC_TEST_RET_ENC_NC;
#endif
#ifdef HAVE_CURVE25519_KEY_EXPORT
/* export a public key and import it for another user */
x = sizeof(exportBuf);
ret = wc_curve25519_export_public(userA, exportBuf, &x);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#ifdef HAVE_CURVE25519_KEY_IMPORT
ret = wc_curve25519_import_public(exportBuf, x, pubKey);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#endif
#endif
#if defined(HAVE_CURVE25519_SHARED_SECRET) && \
defined(HAVE_CURVE25519_KEY_IMPORT)
/* test shared key after importing a public key */
XMEMSET(sharedB, 0, sizeof(sharedB));
y = sizeof(sharedB);
ret = wc_curve25519_shared_secret(userB, pubKey, sharedB, &y);
#if defined(WOLFSSL_ASYNC_CRYPT)
if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0) {
return WC_TEST_RET_ENC_NC;
}
if (XMEMCMP(sharedA, sharedB, y))
return WC_TEST_RET_ENC_NC;
#endif
return 0;
}
#if defined(HAVE_CURVE25519_SHARED_SECRET) && \
defined(HAVE_CURVE25519_KEY_IMPORT)
static wc_test_ret_t curve25519_kat_test(WC_RNG* rng,
curve25519_key* userA, curve25519_key* userB)
{
wc_test_ret_t ret;
byte sharedA[32];
byte sharedB[32];
word32 x;
word32 y;
/* test vectors from
https://tools.ietf.org/html/draft-josefsson-tls-curve25519-03
*/
/* secret key for party a */
byte sa[] = {
0x5A,0xC9,0x9F,0x33,0x63,0x2E,0x5A,0x76,
0x8D,0xE7,0xE8,0x1B,0xF8,0x54,0xC2,0x7C,
0x46,0xE3,0xFB,0xF2,0xAB,0xBA,0xCD,0x29,
0xEC,0x4A,0xFF,0x51,0x73,0x69,0xC6,0x60
};
/* public key for party a */
byte pa[] = {
0x05,0x7E,0x23,0xEA,0x9F,0x1C,0xBE,0x8A,
0x27,0x16,0x8F,0x6E,0x69,0x6A,0x79,0x1D,
0xE6,0x1D,0xD3,0xAF,0x7A,0xCD,0x4E,0xEA,
0xCC,0x6E,0x7B,0xA5,0x14,0xFD,0xA8,0x63
};
/* secret key for party b */
byte sb[] = {
0x47,0xDC,0x3D,0x21,0x41,0x74,0x82,0x0E,
0x11,0x54,0xB4,0x9B,0xC6,0xCD,0xB2,0xAB,
0xD4,0x5E,0xE9,0x58,0x17,0x05,0x5D,0x25,
0x5A,0xA3,0x58,0x31,0xB7,0x0D,0x32,0x60
};
/* public key for party b */
byte pb[] = {
0x6E,0xB8,0x9D,0xA9,0x19,0x89,0xAE,0x37,
0xC7,0xEA,0xC7,0x61,0x8D,0x9E,0x5C,0x49,
0x51,0xDB,0xA1,0xD7,0x3C,0x28,0x5A,0xE1,
0xCD,0x26,0xA8,0x55,0x02,0x0E,0xEF,0x04
};
/* expected shared key */
byte ss[] = {
0x61,0x45,0x0C,0xD9,0x8E,0x36,0x01,0x6B,
0x58,0x77,0x6A,0x89,0x7A,0x9F,0x0A,0xEF,
0x73,0x8B,0x99,0xF0,0x94,0x68,0xB8,0xD6,
0xB8,0x51,0x11,0x84,0xD5,0x34,0x94,0xAB
};
/* import RFC test vectors and compare shared key */
ret = wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa),
userA);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_curve25519_import_private_raw(sb, sizeof(sb), pb, sizeof(pb),
userB);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* test against known test vector */
XMEMSET(sharedB, 0, sizeof(sharedB));
y = sizeof(sharedB);
ret = wc_curve25519_shared_secret(userA, userB, sharedB, &y);
#if defined(WOLFSSL_ASYNC_CRYPT)
if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(ss, sharedB, y))
return WC_TEST_RET_ENC_NC;
/* test swapping roles of keys and generating same shared key */
XMEMSET(sharedB, 0, sizeof(sharedB));
y = sizeof(sharedB);
ret = wc_curve25519_shared_secret(userB, userA, sharedB, &y);
#if defined(WOLFSSL_ASYNC_CRYPT)
if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(ss, sharedB, y))
return WC_TEST_RET_ENC_NC;
/* test with 1 generated key and 1 from known test vector */
ret = wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa),
userA);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
wc_curve25519_free(userB);
wc_curve25519_init_ex(userB, HEAP_HINT, devId);
#ifdef WOLFSSL_CURVE25519_BLINDING
wc_curve25519_set_rng(userB, rng);
#endif
ret = wc_curve25519_make_key(rng, 32, userB);
#if defined(WOLFSSL_ASYNC_CRYPT)
if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
x = sizeof(sharedA);
ret = wc_curve25519_shared_secret(userA, userB, sharedA, &x);
#if defined(WOLFSSL_ASYNC_CRYPT)
if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
y = sizeof(sharedB);
ret = wc_curve25519_shared_secret(userB, userA, sharedB, &y);
#if defined(WOLFSSL_ASYNC_CRYPT)
if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_NONE);
#endif
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* compare shared secret keys to test they are the same */
if (y != x)
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(sharedA, sharedB, x))
return WC_TEST_RET_ENC_NC;
return 0;
}
#endif /* HAVE_CURVE25519_SHARED_SECRET && HAVE_CURVE25519_KEY_IMPORT */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void)
{
WC_RNG rng;
wc_test_ret_t ret;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
curve25519_key *userA = NULL, *userB = NULL, *pubKey = NULL;
#else
curve25519_key userA[1], userB[1], pubKey[1];
#endif
WOLFSSL_ENTER("curve25519_test");
/* wc_FreeRng is always called on exit. Therefore wc_InitRng should be
* called before any exit goto's */
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
ret = wc_InitRng(&rng);
#endif
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
userA = wc_curve25519_new(HEAP_HINT, devId, &ret);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
userB = wc_curve25519_new(HEAP_HINT, devId, &ret);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
pubKey = wc_curve25519_new(HEAP_HINT, devId, &ret);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
#else
wc_curve25519_init_ex(userA, HEAP_HINT, devId);
wc_curve25519_init_ex(userB, HEAP_HINT, devId);
wc_curve25519_init_ex(pubKey, HEAP_HINT, devId);
#endif
#ifdef WOLFSSL_CURVE25519_BLINDING
wc_curve25519_set_rng(userA, &rng);
wc_curve25519_set_rng(userB, &rng);
#endif
ret = curve25519_keyagree_test(&rng, userA, userB, pubKey);
if (ret != 0)
goto cleanup;
#if defined(HAVE_CURVE25519_SHARED_SECRET) && \
defined(HAVE_CURVE25519_KEY_IMPORT)
ret = curve25519_kat_test(&rng, userA, userB);
if (ret != 0)
goto cleanup;
ret = curve25519_overflow_test(&rng);
if (ret != 0)
goto cleanup;
ret = curve25519_check_public_test();
if (ret != 0)
goto cleanup;
#endif /* HAVE_CURVE25519_SHARED_SECRET && HAVE_CURVE25519_KEY_IMPORT */
#if !defined(NO_ASN) && defined(HAVE_CURVE25519_KEY_EXPORT) && \
defined(HAVE_CURVE25519_KEY_IMPORT)
ret = curve255519_der_test();
if (ret != 0)
goto cleanup;
#endif
#ifdef WC_X25519_NONBLOCK
ret = x25519_nonblock_test(&rng);
if (ret != 0) {
goto cleanup;
}
#endif /* WC_X25519_NONBLOCK */
cleanup:
/* clean up keys when done */
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
wc_curve25519_delete(pubKey, &pubKey);
wc_curve25519_delete(userB, &userB);
wc_curve25519_delete(userA, &userA);
#else
wc_curve25519_free(pubKey);
wc_curve25519_free(userB);
wc_curve25519_free(userA);
#endif
wc_FreeRng(&rng);
return ret;
}
#endif /* HAVE_CURVE25519 */
#ifdef HAVE_ED25519
#ifdef WOLFSSL_TEST_CERT
static wc_test_ret_t ed25519_test_cert(void)
{
DecodedCert cert[2];
DecodedCert* serverCert = NULL;
DecodedCert* caCert = NULL;
#ifdef HAVE_ED25519_VERIFY
ed25519_key key;
ed25519_key* pubKey = NULL;
int verify;
#endif /* HAVE_ED25519_VERIFY */
wc_test_ret_t ret;
byte* tmp;
size_t bytes;
XFILE file;
tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
}
#ifdef USE_CERT_BUFFERS_256
XMEMCPY(tmp, ca_ed25519_cert, sizeof_ca_ed25519_cert);
bytes = sizeof_ca_ed25519_cert;
#elif !defined(NO_FILESYSTEM)
file = XFOPEN(caEd25519Cert, "rb");
if (file == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
}
bytes = XFREAD(tmp, 1, FOURK_BUF, file);
XFCLOSE(file);
if (bytes == 0)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
#else
/* No certificate to use. */
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
#endif
InitDecodedCert(&cert[0], tmp, (word32)bytes, 0);
caCert = &cert[0];
ret = ParseCert(caCert, CERT_TYPE, NO_VERIFY, NULL);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#ifdef USE_CERT_BUFFERS_256
XMEMCPY(tmp, server_ed25519_cert, sizeof_server_ed25519_cert);
bytes = sizeof_server_ed25519_cert;
#elif !defined(NO_FILESYSTEM)
file = XFOPEN(serverEd25519Cert, "rb");
if (file == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
}
bytes = XFREAD(tmp, 1, FOURK_BUF, file);
XFCLOSE(file);
if (bytes == 0)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
#else
/* No certificate to use. */
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
#endif
InitDecodedCert(&cert[1], tmp, (word32)bytes, 0);
serverCert = &cert[1];
ret = ParseCert(serverCert, CERT_TYPE, NO_VERIFY, NULL);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#ifdef HAVE_ED25519_VERIFY
ret = wc_ed25519_init(&key);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
pubKey = &key;
ret = wc_ed25519_import_public(caCert->publicKey, caCert->pubKeySize,
pubKey);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_ed25519_verify_msg(serverCert->signature, serverCert->sigLength,
serverCert->source + serverCert->certBegin,
serverCert->sigIndex - serverCert->certBegin,
&verify, pubKey);
if (ret < 0 || verify != 1)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#endif /* HAVE_ED25519_VERIFY */
done:
XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef HAVE_ED25519_VERIFY
wc_ed25519_free(pubKey);
#endif /* HAVE_ED25519_VERIFY */
if (caCert != NULL)
FreeDecodedCert(caCert);
if (serverCert != NULL)
FreeDecodedCert(serverCert);
return ret;
}
static wc_test_ret_t ed25519_test_make_cert(void)
{
WC_RNG rng;
Cert cert;
DecodedCert decode;
ed25519_key key;
ed25519_key* privKey = NULL;
wc_test_ret_t ret = 0;
byte* tmp = NULL;
wc_InitCert_ex(&cert, HEAP_HINT, devId);
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
ret = wc_InitRng(&rng);
#endif
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
wc_ed25519_init(&key);
privKey = &key;
wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, privKey);
cert.daysValid = 365 * 2;
cert.selfSigned = 1;
XMEMCPY(&cert.issuer, &certDefaultName, sizeof(CertName));
XMEMCPY(&cert.subject, &certDefaultName, sizeof(CertName));
cert.isCA = 0;
#ifdef WOLFSSL_CERT_EXT
ret = wc_SetKeyUsage(&cert, certKeyUsage);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, privKey);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, privKey);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#endif
tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
}
cert.sigType = CTC_ED25519;
ret = wc_MakeCert_ex(&cert, tmp, FOURK_BUF, ED25519_TYPE, privKey, &rng);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_SignCert_ex(cert.bodySz, cert.sigType, tmp, FOURK_BUF,
ED25519_TYPE, privKey, &rng);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
InitDecodedCert(&decode, tmp, (word32)ret, HEAP_HINT);
ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
FreeDecodedCert(&decode);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
done:
XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_ed25519_free(privKey);
wc_FreeRng(&rng);
return ret;
}
#endif /* WOLFSSL_TEST_CERT */
#if defined(HAVE_ED25519_KEY_IMPORT)
static wc_test_ret_t ed25519_test_check_key(void)
{
/* Fails to find x-ordinate from this y-ordinate. */
WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y[] = {
0x40,
0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
};
/* Y-ordinate value larger than prime. */
WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y_max[] = {
0x40,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7f,
};
/* Y-ordinate value equal to prime. */
WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y_is_p[] = {
0x40,
0xed,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7f,
};
/* Y-ordinate value equal to prime - 1. Older FIPS modules accept
* this as a valid key; the current source rejects it as an order-2
* point. */
WOLFSSL_SMALL_STACK_STATIC const byte key_y_is_p_minus_1[] = {
0x40,
0xec,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7f,
};
/* RFC 8032 section 7.1 test-vector public key: a genuinely valid
* Ed25519 point used as a positive control. */
WOLFSSL_SMALL_STACK_STATIC const byte key_good[] = {
0x40,
0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7,
0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a,
0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25,
0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a,
};
ed25519_key key;
int ret;
int res = 0;
/* Initialize key for use. */
ret = wc_ed25519_init_ex(&key, HEAP_HINT, devId);
if (ret != 0) {
return WC_TEST_RET_ENC_NC;
}
/* Load bad public key only and perform checks. */
ret = wc_ed25519_import_public(key_bad_y, ED25519_PUB_KEY_SIZE + 1, &key);
if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
res = WC_TEST_RET_ENC_NC;
}
if (res == 0) {
/* Load bad public key only and perform checks. */
ret = wc_ed25519_import_public(key_bad_y_max, ED25519_PUB_KEY_SIZE + 1,
&key);
if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
res = WC_TEST_RET_ENC_NC;
}
}
if (res == 0) {
/* Load bad public key only and perform checks. */
ret = wc_ed25519_import_public(key_bad_y_is_p, ED25519_PUB_KEY_SIZE + 1,
&key);
if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
res = WC_TEST_RET_ENC_NC;
}
}
if (res == 0) {
ret = wc_ed25519_import_public(key_y_is_p_minus_1,
ED25519_PUB_KEY_SIZE + 1, &key);
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)
/* y = p - 1 is an order-2 point; check_key rejects it because
* h*A is the neutral element for small-order public keys and
* forged signatures would otherwise verify. */
if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
res = WC_TEST_RET_ENC_NC;
}
#else
/* Older FIPS modules accept this order-2 point. */
if (ret != 0) {
res = WC_TEST_RET_ENC_NC;
}
#endif
}
if (res == 0) {
/* Positive control: a real Ed25519 public key must be accepted. */
ret = wc_ed25519_import_public(key_good, ED25519_PUB_KEY_SIZE + 1,
&key);
if (ret != 0) {
res = WC_TEST_RET_ENC_NC;
}
}
/* Dispose of key. */
wc_ed25519_free(&key);
return res;
}
#endif
#if defined(HAVE_ED25519_KEY_EXPORT) && defined(HAVE_ED25519_KEY_IMPORT)
/* When only the private key is set, the public part is unavailable.
* wc_ed25519_export_public() must report PUBLIC_KEY_E, and
* wc_ed25519_export_key() must propagate that error rather than silently
* succeeding (matches wc_ed448_export_key()). */
static wc_test_ret_t ed25519_export_key_no_pub_test(void)
{
int res = 0;
#if !(defined(HAVE_FIPS) && FIPS_VERSION3_LT(7,0,0))
/* RFC 8032 section 7.1 test-vector secret key. */
WOLFSSL_SMALL_STACK_STATIC const byte privKey[] = {
0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
};
ed25519_key key;
byte priv[ED25519_PRV_KEY_SIZE];
byte pub[ED25519_PUB_KEY_SIZE];
word32 privSz = (word32)sizeof(priv);
word32 pubSz = (word32)sizeof(pub);
int ret;
ret = wc_ed25519_init_ex(&key, HEAP_HINT, devId);
if (ret != 0) {
return WC_TEST_RET_ENC_NC;
}
/* Import the private key only; no public key is set. */
ret = wc_ed25519_import_private_only(privKey, (word32)sizeof(privKey),
&key);
if (ret != 0) {
res = WC_TEST_RET_ENC_NC;
}
/* With no public key, exporting the public part must fail. */
if (res == 0) {
ret = wc_ed25519_export_public(&key, pub, &pubSz);
if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
res = WC_TEST_RET_ENC_NC;
}
}
/* wc_ed25519_export_key() must propagate the missing-public-key error. */
if (res == 0) {
ret = wc_ed25519_export_key(&key, priv, &privSz, pub, &pubSz);
if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
res = WC_TEST_RET_ENC_NC;
}
}
wc_ed25519_free(&key);
#endif
return res;
}
#endif
#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \
defined(HAVE_ED25519_KEY_IMPORT)
static wc_test_ret_t ed25519ctx_test(void)
{
wc_test_ret_t ret;
byte out[ED25519_SIG_SIZE];
word32 outlen;
#ifdef HAVE_ED25519_VERIFY
int verify = 0;
#endif /* HAVE_ED25519_VERIFY */
ed25519_key key;
WOLFSSL_SMALL_STACK_STATIC const byte sKeyCtx[] = {
0x03,0x05,0x33,0x4e,0x38,0x1a,0xf7,0x8f,
0x14,0x1c,0xb6,0x66,0xf6,0x19,0x9f,0x57,
0xbc,0x34,0x95,0x33,0x5a,0x25,0x6a,0x95,
0xbd,0x2a,0x55,0xbf,0x54,0x66,0x63,0xf6
};
WOLFSSL_SMALL_STACK_STATIC const byte pKeyCtx[] = {
0xdf,0xc9,0x42,0x5e,0x4f,0x96,0x8f,0x7f,
0x0c,0x29,0xf0,0x25,0x9c,0xf5,0xf9,0xae,
0xd6,0x85,0x1c,0x2b,0xb4,0xad,0x8b,0xfb,
0x86,0x0c,0xfe,0xe0,0xab,0x24,0x82,0x92
};
WOLFSSL_SMALL_STACK_STATIC const byte sigCtx1[] = {
0x55,0xa4,0xcc,0x2f,0x70,0xa5,0x4e,0x04,
0x28,0x8c,0x5f,0x4c,0xd1,0xe4,0x5a,0x7b,
0xb5,0x20,0xb3,0x62,0x92,0x91,0x18,0x76,
0xca,0xda,0x73,0x23,0x19,0x8d,0xd8,0x7a,
0x8b,0x36,0x95,0x0b,0x95,0x13,0x00,0x22,
0x90,0x7a,0x7f,0xb7,0xc4,0xe9,0xb2,0xd5,
0xf6,0xcc,0xa6,0x85,0xa5,0x87,0xb4,0xb2,
0x1f,0x4b,0x88,0x8e,0x4e,0x7e,0xdb,0x0d
};
WOLFSSL_SMALL_STACK_STATIC const byte sigCtx2[] = {
0xcc,0x5e,0x63,0xa2,0x7e,0x94,0xaf,0xd3,
0x41,0x83,0x38,0xd2,0x48,0x6f,0xa9,0x2a,
0xf9,0x91,0x7c,0x2d,0x98,0x9e,0x06,0xe5,
0x02,0x77,0x72,0x1c,0x34,0x38,0x18,0xb4,
0x21,0x96,0xbc,0x29,0x2e,0x68,0xf3,0x4d,
0x85,0x9b,0xbe,0xad,0x17,0x9f,0x54,0x54,
0x2d,0x4b,0x04,0xdc,0xfb,0xfa,0x4a,0x68,
0x4e,0x39,0x50,0xfb,0x1c,0xcd,0x8d,0x0d
};
WOLFSSL_SMALL_STACK_STATIC const byte msgCtx[] = {
0xf7,0x26,0x93,0x6d,0x19,0xc8,0x00,0x49,
0x4e,0x3f,0xda,0xff,0x20,0xb2,0x76,0xa8
};
WOLFSSL_SMALL_STACK_STATIC const byte contextCtx[] = {
0x66,0x6f,0x6f
};
outlen = sizeof(out);
XMEMSET(out, 0, sizeof(out));
ret = wc_ed25519_init_ex(&key, HEAP_HINT, devId);
if (ret != 0)
return 10800;
ret = wc_ed25519_import_private_key(sKeyCtx, ED25519_KEY_SIZE, pKeyCtx,
sizeof(pKeyCtx), &key);
if (ret == 0)
ret = wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key,
contextCtx, sizeof(contextCtx));
if (ret == 0 && XMEMCMP(out, sigCtx1, 64) != 0)
ret = WC_TEST_RET_ENC_NC;
#if defined(HAVE_ED25519_VERIFY)
/* test verify on good msg */
if (ret == 0)
ret = wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx),
&verify, &key, contextCtx, sizeof(contextCtx));
if (ret == 0 && verify != 1)
ret = WC_TEST_RET_ENC_NC;
#endif
if (ret == 0)
ret = wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key,
NULL, 0);
if (ret == 0 && XMEMCMP(out, sigCtx2, 64) != 0)
ret = WC_TEST_RET_ENC_NC;
#if defined(HAVE_ED25519_VERIFY)
/* test verify on good msg */
if (ret == 0)
ret = wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx),
&verify, &key, NULL, 0);
if (ret == 0 && verify != 1)
ret = WC_TEST_RET_ENC_NC;
#endif
wc_ed25519_free(&key);
return ret;
}
static wc_test_ret_t ed25519ph_test(void)
{
wc_test_ret_t ret = 0;
byte out[ED25519_SIG_SIZE];
word32 outlen;
#ifdef HAVE_ED25519_VERIFY
int verify = 0;
#endif /* HAVE_ED25519_VERIFY */
ed25519_key key;
WOLFSSL_SMALL_STACK_STATIC const byte sKeyPh[] = {
0x83,0x3f,0xe6,0x24,0x09,0x23,0x7b,0x9d,
0x62,0xec,0x77,0x58,0x75,0x20,0x91,0x1e,
0x9a,0x75,0x9c,0xec,0x1d,0x19,0x75,0x5b,
0x7d,0xa9,0x01,0xb9,0x6d,0xca,0x3d,0x42
};
WOLFSSL_SMALL_STACK_STATIC const byte pKeyPh[] = {
0xec,0x17,0x2b,0x93,0xad,0x5e,0x56,0x3b,
0xf4,0x93,0x2c,0x70,0xe1,0x24,0x50,0x34,
0xc3,0x54,0x67,0xef,0x2e,0xfd,0x4d,0x64,
0xeb,0xf8,0x19,0x68,0x34,0x67,0xe2,0xbf
};
WOLFSSL_SMALL_STACK_STATIC const byte sigPh1[] = {
0x98,0xa7,0x02,0x22,0xf0,0xb8,0x12,0x1a,
0xa9,0xd3,0x0f,0x81,0x3d,0x68,0x3f,0x80,
0x9e,0x46,0x2b,0x46,0x9c,0x7f,0xf8,0x76,
0x39,0x49,0x9b,0xb9,0x4e,0x6d,0xae,0x41,
0x31,0xf8,0x50,0x42,0x46,0x3c,0x2a,0x35,
0x5a,0x20,0x03,0xd0,0x62,0xad,0xf5,0xaa,
0xa1,0x0b,0x8c,0x61,0xe6,0x36,0x06,0x2a,
0xaa,0xd1,0x1c,0x2a,0x26,0x08,0x34,0x06
};
WOLFSSL_SMALL_STACK_STATIC const byte sigPh2[] = {
0xe0,0x39,0x70,0x2b,0x4c,0x25,0x95,0xa6,
0xa5,0x41,0xac,0x85,0x09,0x23,0x6e,0x29,
0x90,0x47,0x47,0x95,0x33,0x0c,0x9b,0x34,
0xa7,0x5f,0x58,0xa6,0x60,0x12,0x9e,0x08,
0xfd,0x73,0x69,0x43,0xfb,0x19,0x43,0xa5,
0x57,0x20,0xb9,0xe0,0x95,0x7b,0x1e,0xd6,
0x73,0x48,0x16,0x61,0x9f,0x13,0x88,0xf4,
0x3f,0x73,0xe6,0xe3,0xba,0xa8,0x1c,0x0e
};
WOLFSSL_SMALL_STACK_STATIC const byte msgPh[] = {
0x61,0x62,0x63
};
/* SHA-512 hash of msgPh */
WOLFSSL_SMALL_STACK_STATIC const byte hashPh[] = {
0xdd,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba,
0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31,
0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2,
0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a,
0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8,
0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd,
0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e,
0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f
};
WOLFSSL_SMALL_STACK_STATIC const byte contextPh2[] = {
0x66,0x6f,0x6f
};
outlen = sizeof(out);
XMEMSET(out, 0, sizeof(out));
ret = wc_ed25519_init_ex(&key, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ed25519_import_private_key(sKeyPh, ED25519_KEY_SIZE, pKeyPh,
sizeof(pKeyPh), &key);
if (ret == 0)
ret = wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key,
NULL, 0);
if (ret == 0 && XMEMCMP(out, sigPh1, 64) != 0)
ret = WC_TEST_RET_ENC_NC;
#if defined(HAVE_ED25519_VERIFY)
/* test verify on good msg */
if (ret == 0)
ret = wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh),
&verify, &key, NULL, 0);
if (ret == 0 && verify != 1)
ret = WC_TEST_RET_ENC_NC;
#endif
if (ret == 0)
ret = wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key,
contextPh2, sizeof(contextPh2));
if (ret == 0 && XMEMCMP(out, sigPh2, 64) != 0)
ret = WC_TEST_RET_ENC_NC;
#if defined(HAVE_ED25519_VERIFY)
/* test verify on good msg */
if (ret == 0)
ret = wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify,
&key, contextPh2, sizeof(contextPh2));
if (ret == 0 && verify != 1)
ret = WC_TEST_RET_ENC_NC;
#endif
if (ret == 0)
ret = wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key,
NULL, 0);
if (ret == 0 && XMEMCMP(out, sigPh1, 64) != 0)
ret = WC_TEST_RET_ENC_NC;
#if defined(HAVE_ED25519_VERIFY)
if (ret == 0)
ret = wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh),
&verify, &key, NULL, 0);
if (ret == 0 && verify != 1)
ret = WC_TEST_RET_ENC_NC;
#endif
if (ret == 0)
ret = wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key,
contextPh2, sizeof(contextPh2));
if (ret == 0 && XMEMCMP(out, sigPh2, 64) != 0)
ret = WC_TEST_RET_ENC_NC;
#if defined(HAVE_ED25519_VERIFY)
if (ret == 0)
ret = wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify,
&key, contextPh2, sizeof(contextPh2));
if (ret == 0 && verify != 1)
ret = WC_TEST_RET_ENC_NC;
#endif
wc_ed25519_free(&key);
return ret;
}
#endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \
defined(HAVE_ED25519_KEY_IMPORT)
static wc_test_ret_t ed25519_kat_test(ed25519_key* key, ed25519_key* key2)
{
wc_test_ret_t ret = 0;
byte out[ED25519_SIG_SIZE];
byte exportPKey[ED25519_KEY_SIZE];
byte exportSKey[ED25519_KEY_SIZE];
word32 exportPSz;
word32 exportSSz;
int i;
word32 outlen;
#ifdef HAVE_ED25519_VERIFY
#ifdef WOLFSSL_ED25519_STREAMING_VERIFY
int j;
#endif
int verify;
#endif /* HAVE_ED25519_VERIFY */
/* test vectors from
https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-02
*/
WOLFSSL_SMALL_STACK_STATIC const byte sKey1[] = {
0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
};
WOLFSSL_SMALL_STACK_STATIC const byte sKey2[] = {
0x4c,0xcd,0x08,0x9b,0x28,0xff,0x96,0xda,
0x9d,0xb6,0xc3,0x46,0xec,0x11,0x4e,0x0f,
0x5b,0x8a,0x31,0x9f,0x35,0xab,0xa6,0x24,
0xda,0x8c,0xf6,0xed,0x4f,0xb8,0xa6,0xfb
};
WOLFSSL_SMALL_STACK_STATIC const byte sKey3[] = {
0xc5,0xaa,0x8d,0xf4,0x3f,0x9f,0x83,0x7b,
0xed,0xb7,0x44,0x2f,0x31,0xdc,0xb7,0xb1,
0x66,0xd3,0x85,0x35,0x07,0x6f,0x09,0x4b,
0x85,0xce,0x3a,0x2e,0x0b,0x44,0x58,0xf7
};
/* uncompressed test */
WOLFSSL_SMALL_STACK_STATIC const byte sKey4[] = {
0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
};
/* compressed prefix test */
WOLFSSL_SMALL_STACK_STATIC const byte sKey5[] = {
0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
};
WOLFSSL_SMALL_STACK_STATIC const byte sKey6[] = {
0xf5,0xe5,0x76,0x7c,0xf1,0x53,0x31,0x95,
0x17,0x63,0x0f,0x22,0x68,0x76,0xb8,0x6c,
0x81,0x60,0xcc,0x58,0x3b,0xc0,0x13,0x74,
0x4c,0x6b,0xf2,0x55,0xf5,0xcc,0x0e,0xe5
};
WOLFSSL_SMALL_STACK_STATIC const byte* sKeys[] = {sKey1, sKey2, sKey3, sKey4, sKey5, sKey6};
WOLFSSL_SMALL_STACK_STATIC const byte pKey1[] = {
0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7,
0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a,
0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25,
0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a
};
WOLFSSL_SMALL_STACK_STATIC const byte pKey2[] = {
0x3d,0x40,0x17,0xc3,0xe8,0x43,0x89,0x5a,
0x92,0xb7,0x0a,0xa7,0x4d,0x1b,0x7e,0xbc,
0x9c,0x98,0x2c,0xcf,0x2e,0xc4,0x96,0x8c,
0xc0,0xcd,0x55,0xf1,0x2a,0xf4,0x66,0x0c
};
WOLFSSL_SMALL_STACK_STATIC const byte pKey3[] = {
0xfc,0x51,0xcd,0x8e,0x62,0x18,0xa1,0xa3,
0x8d,0xa4,0x7e,0xd0,0x02,0x30,0xf0,0x58,
0x08,0x16,0xed,0x13,0xba,0x33,0x03,0xac,
0x5d,0xeb,0x91,0x15,0x48,0x90,0x80,0x25
};
/* uncompressed test */
WOLFSSL_SMALL_STACK_STATIC const byte pKey4[] = {
0x04,0x55,0xd0,0xe0,0x9a,0x2b,0x9d,0x34,
0x29,0x22,0x97,0xe0,0x8d,0x60,0xd0,0xf6,
0x20,0xc5,0x13,0xd4,0x72,0x53,0x18,0x7c,
0x24,0xb1,0x27,0x86,0xbd,0x77,0x76,0x45,
0xce,0x1a,0x51,0x07,0xf7,0x68,0x1a,0x02,
0xaf,0x25,0x23,0xa6,0xda,0xf3,0x72,0xe1,
0x0e,0x3a,0x07,0x64,0xc9,0xd3,0xfe,0x4b,
0xd5,0xb7,0x0a,0xb1,0x82,0x01,0x98,0x5a,
0xd7
};
/* compressed prefix */
WOLFSSL_SMALL_STACK_STATIC const byte pKey5[] = {
0x40,0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7,
0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a,
0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25,
0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a
};
WOLFSSL_SMALL_STACK_STATIC const byte pKey6[] = {
0x27,0x81,0x17,0xfc,0x14,0x4c,0x72,0x34,
0x0f,0x67,0xd0,0xf2,0x31,0x6e,0x83,0x86,
0xce,0xff,0xbf,0x2b,0x24,0x28,0xc9,0xc5,
0x1f,0xef,0x7c,0x59,0x7f,0x1d,0x42,0x6e
};
WOLFSSL_SMALL_STACK_STATIC const byte* pKeys[] = {pKey1, pKey2, pKey3, pKey4, pKey5, pKey6};
WOLFSSL_SMALL_STACK_STATIC const byte pKeySz[] = {sizeof(pKey1), sizeof(pKey2), sizeof(pKey3),
sizeof(pKey4), sizeof(pKey5), sizeof(pKey6)};
WOLFSSL_SMALL_STACK_STATIC const byte sig1[] = {
0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
};
WOLFSSL_SMALL_STACK_STATIC const byte sig2[] = {
0x92,0xa0,0x09,0xa9,0xf0,0xd4,0xca,0xb8,
0x72,0x0e,0x82,0x0b,0x5f,0x64,0x25,0x40,
0xa2,0xb2,0x7b,0x54,0x16,0x50,0x3f,0x8f,
0xb3,0x76,0x22,0x23,0xeb,0xdb,0x69,0xda,
0x08,0x5a,0xc1,0xe4,0x3e,0x15,0x99,0x6e,
0x45,0x8f,0x36,0x13,0xd0,0xf1,0x1d,0x8c,
0x38,0x7b,0x2e,0xae,0xb4,0x30,0x2a,0xee,
0xb0,0x0d,0x29,0x16,0x12,0xbb,0x0c,0x00
};
WOLFSSL_SMALL_STACK_STATIC const byte sig3[] = {
0x62,0x91,0xd6,0x57,0xde,0xec,0x24,0x02,
0x48,0x27,0xe6,0x9c,0x3a,0xbe,0x01,0xa3,
0x0c,0xe5,0x48,0xa2,0x84,0x74,0x3a,0x44,
0x5e,0x36,0x80,0xd7,0xdb,0x5a,0xc3,0xac,
0x18,0xff,0x9b,0x53,0x8d,0x16,0xf2,0x90,
0xae,0x67,0xf7,0x60,0x98,0x4d,0xc6,0x59,
0x4a,0x7c,0x15,0xe9,0x71,0x6e,0xd2,0x8d,
0xc0,0x27,0xbe,0xce,0xea,0x1e,0xc4,0x0a
};
/* uncompressed test */
WOLFSSL_SMALL_STACK_STATIC const byte sig4[] = {
0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
};
/* compressed prefix */
WOLFSSL_SMALL_STACK_STATIC const byte sig5[] = {
0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
};
WOLFSSL_SMALL_STACK_STATIC const byte sig6[] = {
0x0a,0xab,0x4c,0x90,0x05,0x01,0xb3,0xe2,
0x4d,0x7c,0xdf,0x46,0x63,0x32,0x6a,0x3a,
0x87,0xdf,0x5e,0x48,0x43,0xb2,0xcb,0xdb,
0x67,0xcb,0xf6,0xe4,0x60,0xfe,0xc3,0x50,
0xaa,0x53,0x71,0xb1,0x50,0x8f,0x9f,0x45,
0x28,0xec,0xea,0x23,0xc4,0x36,0xd9,0x4b,
0x5e,0x8f,0xcd,0x4f,0x68,0x1e,0x30,0xa6,
0xac,0x00,0xa9,0x70,0x4a,0x18,0x8a,0x03
};
WOLFSSL_SMALL_STACK_STATIC const byte* sigs[] = {sig1, sig2, sig3, sig4, sig5, sig6};
WOLFSSL_SMALL_STACK_STATIC const byte msg1[] = {0x0 };
WOLFSSL_SMALL_STACK_STATIC const byte msg2[] = {0x72};
WOLFSSL_SMALL_STACK_STATIC const byte msg3[] = {0xAF,0x82};
/* test of a 1024 byte long message */
WOLFSSL_SMALL_STACK_STATIC const byte msg4[] = {
0x08,0xb8,0xb2,0xb7,0x33,0x42,0x42,0x43,
0x76,0x0f,0xe4,0x26,0xa4,0xb5,0x49,0x08,
0x63,0x21,0x10,0xa6,0x6c,0x2f,0x65,0x91,
0xea,0xbd,0x33,0x45,0xe3,0xe4,0xeb,0x98,
0xfa,0x6e,0x26,0x4b,0xf0,0x9e,0xfe,0x12,
0xee,0x50,0xf8,0xf5,0x4e,0x9f,0x77,0xb1,
0xe3,0x55,0xf6,0xc5,0x05,0x44,0xe2,0x3f,
0xb1,0x43,0x3d,0xdf,0x73,0xbe,0x84,0xd8,
0x79,0xde,0x7c,0x00,0x46,0xdc,0x49,0x96,
0xd9,0xe7,0x73,0xf4,0xbc,0x9e,0xfe,0x57,
0x38,0x82,0x9a,0xdb,0x26,0xc8,0x1b,0x37,
0xc9,0x3a,0x1b,0x27,0x0b,0x20,0x32,0x9d,
0x65,0x86,0x75,0xfc,0x6e,0xa5,0x34,0xe0,
0x81,0x0a,0x44,0x32,0x82,0x6b,0xf5,0x8c,
0x94,0x1e,0xfb,0x65,0xd5,0x7a,0x33,0x8b,
0xbd,0x2e,0x26,0x64,0x0f,0x89,0xff,0xbc,
0x1a,0x85,0x8e,0xfc,0xb8,0x55,0x0e,0xe3,
0xa5,0xe1,0x99,0x8b,0xd1,0x77,0xe9,0x3a,
0x73,0x63,0xc3,0x44,0xfe,0x6b,0x19,0x9e,
0xe5,0xd0,0x2e,0x82,0xd5,0x22,0xc4,0xfe,
0xba,0x15,0x45,0x2f,0x80,0x28,0x8a,0x82,
0x1a,0x57,0x91,0x16,0xec,0x6d,0xad,0x2b,
0x3b,0x31,0x0d,0xa9,0x03,0x40,0x1a,0xa6,
0x21,0x00,0xab,0x5d,0x1a,0x36,0x55,0x3e,
0x06,0x20,0x3b,0x33,0x89,0x0c,0xc9,0xb8,
0x32,0xf7,0x9e,0xf8,0x05,0x60,0xcc,0xb9,
0xa3,0x9c,0xe7,0x67,0x96,0x7e,0xd6,0x28,
0xc6,0xad,0x57,0x3c,0xb1,0x16,0xdb,0xef,
0xef,0xd7,0x54,0x99,0xda,0x96,0xbd,0x68,
0xa8,0xa9,0x7b,0x92,0x8a,0x8b,0xbc,0x10,
0x3b,0x66,0x21,0xfc,0xde,0x2b,0xec,0xa1,
0x23,0x1d,0x20,0x6b,0xe6,0xcd,0x9e,0xc7,
0xaf,0xf6,0xf6,0xc9,0x4f,0xcd,0x72,0x04,
0xed,0x34,0x55,0xc6,0x8c,0x83,0xf4,0xa4,
0x1d,0xa4,0xaf,0x2b,0x74,0xef,0x5c,0x53,
0xf1,0xd8,0xac,0x70,0xbd,0xcb,0x7e,0xd1,
0x85,0xce,0x81,0xbd,0x84,0x35,0x9d,0x44,
0x25,0x4d,0x95,0x62,0x9e,0x98,0x55,0xa9,
0x4a,0x7c,0x19,0x58,0xd1,0xf8,0xad,0xa5,
0xd0,0x53,0x2e,0xd8,0xa5,0xaa,0x3f,0xb2,
0xd1,0x7b,0xa7,0x0e,0xb6,0x24,0x8e,0x59,
0x4e,0x1a,0x22,0x97,0xac,0xbb,0xb3,0x9d,
0x50,0x2f,0x1a,0x8c,0x6e,0xb6,0xf1,0xce,
0x22,0xb3,0xde,0x1a,0x1f,0x40,0xcc,0x24,
0x55,0x41,0x19,0xa8,0x31,0xa9,0xaa,0xd6,
0x07,0x9c,0xad,0x88,0x42,0x5d,0xe6,0xbd,
0xe1,0xa9,0x18,0x7e,0xbb,0x60,0x92,0xcf,
0x67,0xbf,0x2b,0x13,0xfd,0x65,0xf2,0x70,
0x88,0xd7,0x8b,0x7e,0x88,0x3c,0x87,0x59,
0xd2,0xc4,0xf5,0xc6,0x5a,0xdb,0x75,0x53,
0x87,0x8a,0xd5,0x75,0xf9,0xfa,0xd8,0x78,
0xe8,0x0a,0x0c,0x9b,0xa6,0x3b,0xcb,0xcc,
0x27,0x32,0xe6,0x94,0x85,0xbb,0xc9,0xc9,
0x0b,0xfb,0xd6,0x24,0x81,0xd9,0x08,0x9b,
0xec,0xcf,0x80,0xcf,0xe2,0xdf,0x16,0xa2,
0xcf,0x65,0xbd,0x92,0xdd,0x59,0x7b,0x07,
0x07,0xe0,0x91,0x7a,0xf4,0x8b,0xbb,0x75,
0xfe,0xd4,0x13,0xd2,0x38,0xf5,0x55,0x5a,
0x7a,0x56,0x9d,0x80,0xc3,0x41,0x4a,0x8d,
0x08,0x59,0xdc,0x65,0xa4,0x61,0x28,0xba,
0xb2,0x7a,0xf8,0x7a,0x71,0x31,0x4f,0x31,
0x8c,0x78,0x2b,0x23,0xeb,0xfe,0x80,0x8b,
0x82,0xb0,0xce,0x26,0x40,0x1d,0x2e,0x22,
0xf0,0x4d,0x83,0xd1,0x25,0x5d,0xc5,0x1a,
0xdd,0xd3,0xb7,0x5a,0x2b,0x1a,0xe0,0x78,
0x45,0x04,0xdf,0x54,0x3a,0xf8,0x96,0x9b,
0xe3,0xea,0x70,0x82,0xff,0x7f,0xc9,0x88,
0x8c,0x14,0x4d,0xa2,0xaf,0x58,0x42,0x9e,
0xc9,0x60,0x31,0xdb,0xca,0xd3,0xda,0xd9,
0xaf,0x0d,0xcb,0xaa,0xaf,0x26,0x8c,0xb8,
0xfc,0xff,0xea,0xd9,0x4f,0x3c,0x7c,0xa4,
0x95,0xe0,0x56,0xa9,0xb4,0x7a,0xcd,0xb7,
0x51,0xfb,0x73,0xe6,0x66,0xc6,0xc6,0x55,
0xad,0xe8,0x29,0x72,0x97,0xd0,0x7a,0xd1,
0xba,0x5e,0x43,0xf1,0xbc,0xa3,0x23,0x01,
0x65,0x13,0x39,0xe2,0x29,0x04,0xcc,0x8c,
0x42,0xf5,0x8c,0x30,0xc0,0x4a,0xaf,0xdb,
0x03,0x8d,0xda,0x08,0x47,0xdd,0x98,0x8d,
0xcd,0xa6,0xf3,0xbf,0xd1,0x5c,0x4b,0x4c,
0x45,0x25,0x00,0x4a,0xa0,0x6e,0xef,0xf8,
0xca,0x61,0x78,0x3a,0xac,0xec,0x57,0xfb,
0x3d,0x1f,0x92,0xb0,0xfe,0x2f,0xd1,0xa8,
0x5f,0x67,0x24,0x51,0x7b,0x65,0xe6,0x14,
0xad,0x68,0x08,0xd6,0xf6,0xee,0x34,0xdf,
0xf7,0x31,0x0f,0xdc,0x82,0xae,0xbf,0xd9,
0x04,0xb0,0x1e,0x1d,0xc5,0x4b,0x29,0x27,
0x09,0x4b,0x2d,0xb6,0x8d,0x6f,0x90,0x3b,
0x68,0x40,0x1a,0xde,0xbf,0x5a,0x7e,0x08,
0xd7,0x8f,0xf4,0xef,0x5d,0x63,0x65,0x3a,
0x65,0x04,0x0c,0xf9,0xbf,0xd4,0xac,0xa7,
0x98,0x4a,0x74,0xd3,0x71,0x45,0x98,0x67,
0x80,0xfc,0x0b,0x16,0xac,0x45,0x16,0x49,
0xde,0x61,0x88,0xa7,0xdb,0xdf,0x19,0x1f,
0x64,0xb5,0xfc,0x5e,0x2a,0xb4,0x7b,0x57,
0xf7,0xf7,0x27,0x6c,0xd4,0x19,0xc1,0x7a,
0x3c,0xa8,0xe1,0xb9,0x39,0xae,0x49,0xe4,
0x88,0xac,0xba,0x6b,0x96,0x56,0x10,0xb5,
0x48,0x01,0x09,0xc8,0xb1,0x7b,0x80,0xe1,
0xb7,0xb7,0x50,0xdf,0xc7,0x59,0x8d,0x5d,
0x50,0x11,0xfd,0x2d,0xcc,0x56,0x00,0xa3,
0x2e,0xf5,0xb5,0x2a,0x1e,0xcc,0x82,0x0e,
0x30,0x8a,0xa3,0x42,0x72,0x1a,0xac,0x09,
0x43,0xbf,0x66,0x86,0xb6,0x4b,0x25,0x79,
0x37,0x65,0x04,0xcc,0xc4,0x93,0xd9,0x7e,
0x6a,0xed,0x3f,0xb0,0xf9,0xcd,0x71,0xa4,
0x3d,0xd4,0x97,0xf0,0x1f,0x17,0xc0,0xe2,
0xcb,0x37,0x97,0xaa,0x2a,0x2f,0x25,0x66,
0x56,0x16,0x8e,0x6c,0x49,0x6a,0xfc,0x5f,
0xb9,0x32,0x46,0xf6,0xb1,0x11,0x63,0x98,
0xa3,0x46,0xf1,0xa6,0x41,0xf3,0xb0,0x41,
0xe9,0x89,0xf7,0x91,0x4f,0x90,0xcc,0x2c,
0x7f,0xff,0x35,0x78,0x76,0xe5,0x06,0xb5,
0x0d,0x33,0x4b,0xa7,0x7c,0x22,0x5b,0xc3,
0x07,0xba,0x53,0x71,0x52,0xf3,0xf1,0x61,
0x0e,0x4e,0xaf,0xe5,0x95,0xf6,0xd9,0xd9,
0x0d,0x11,0xfa,0xa9,0x33,0xa1,0x5e,0xf1,
0x36,0x95,0x46,0x86,0x8a,0x7f,0x3a,0x45,
0xa9,0x67,0x68,0xd4,0x0f,0xd9,0xd0,0x34,
0x12,0xc0,0x91,0xc6,0x31,0x5c,0xf4,0xfd,
0xe7,0xcb,0x68,0x60,0x69,0x37,0x38,0x0d,
0xb2,0xea,0xaa,0x70,0x7b,0x4c,0x41,0x85,
0xc3,0x2e,0xdd,0xcd,0xd3,0x06,0x70,0x5e,
0x4d,0xc1,0xff,0xc8,0x72,0xee,0xee,0x47,
0x5a,0x64,0xdf,0xac,0x86,0xab,0xa4,0x1c,
0x06,0x18,0x98,0x3f,0x87,0x41,0xc5,0xef,
0x68,0xd3,0xa1,0x01,0xe8,0xa3,0xb8,0xca,
0xc6,0x0c,0x90,0x5c,0x15,0xfc,0x91,0x08,
0x40,0xb9,0x4c,0x00,0xa0,0xb9,0xd0
};
WOLFSSL_SMALL_STACK_STATIC const byte* msgs[] = {msg1, msg2, msg3, msg1, msg1, msg4};
WOLFSSL_SMALL_STACK_STATIC const word16 msgSz[] = {0 /*sizeof(msg1)*/,
sizeof(msg2),
sizeof(msg3),
0 /*sizeof(msg1)*/,
0 /*sizeof(msg1)*/,
sizeof(msg4)
};
#ifdef WOLFSSL_SE050
/* Iter 5 uses RFC 8032 msg4 (~1023 bytes), which exceeds the NXP
* Plug&Trust SDK's SE05X_TLV_BUF_SIZE_CMD = 900 byte APDU buffer:
* EdDSASign fails with "Not enough buffer" before the command reaches
* the secure element. Cap at 5 iterations until the SDK buffer is
* enlarged upstream. */
for (i = 0; i < 5; i++) {
#else
for (i = 0; i < 6; i++) {
#endif
outlen = sizeof(out);
XMEMSET(out, 0, sizeof(out));
if (wc_ed25519_import_private_key(sKeys[i], ED25519_KEY_SIZE, pKeys[i],
pKeySz[i], key) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit_ed25519_kat);
if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, key) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit_ed25519_kat);
if (XMEMCMP(out, sigs[i], 64))
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit_ed25519_kat);
#if defined(HAVE_ED25519_VERIFY)
/* test verify on good msg */
if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
key) != 0 || verify != 1)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit_ed25519_kat);
#ifdef WOLFSSL_ED25519_STREAMING_VERIFY
/* test verify on good msg using streaming interface directly */
if (wc_ed25519_verify_msg_init(out, outlen,
key, (byte)Ed25519, NULL, 0) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit_ed25519_kat);
for (j = 0; j < msgSz[i]; j += i) {
if (wc_ed25519_verify_msg_update(msgs[i] + j, MIN(i, msgSz[i] - j), key) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit_ed25519_kat);
}
if (wc_ed25519_verify_msg_final(out, outlen, &verify,
key) != 0 || verify != 1)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit_ed25519_kat);
#endif /* WOLFSSL_ED25519_STREAMING_VERIFY */
/* test verify on bad msg */
out[outlen-1] = out[outlen-1] + 1;
if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
key) == 0 || verify == 1)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit_ed25519_kat);
#endif /* HAVE_ED25519_VERIFY */
/* test api for import/exporting keys */
exportPSz = sizeof(exportPKey);
exportSSz = sizeof(exportSKey);
if (wc_ed25519_export_public(key, exportPKey, &exportPSz) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit_ed25519_kat);
if (wc_ed25519_import_public_ex(exportPKey, exportPSz, key2, 1) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit_ed25519_kat);
if (wc_ed25519_export_private_only(key, exportSKey, &exportSSz) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit_ed25519_kat);
if (wc_ed25519_import_private_key(exportSKey, exportSSz,
exportPKey, exportPSz, key2) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit_ed25519_kat);
/* clear "out" buffer and test sign with imported keys */
outlen = sizeof(out);
XMEMSET(out, 0, sizeof(out));
if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, key2) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit_ed25519_kat);
#if defined(HAVE_ED25519_VERIFY)
if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
key2) != 0 || verify != 1)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit_ed25519_kat);
if (XMEMCMP(out, sigs[i], 64))
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit_ed25519_kat);
#endif /* HAVE_ED25519_VERIFY */
}
exit_ed25519_kat:
return ret;
}
#if defined(HAVE_ED25519_VERIFY)
static wc_test_ret_t ed25519_rare_sig_test(ed25519_key* key)
{
wc_test_ret_t ret;
int verify = 0;
/* These cases exercise host-side signature-encoding pre-validation (e.g.,
* sig == curve order). The SE050 port delegates verify to the secure
* element, which rejects all four inputs with WC_HW_E rather than the
* BAD_FUNC_ARG / SIG_VERIFY_E the host-side path produces -- so the
* expected error code differs below when built against an SE050. */
/* Reuse RFC 8032 vector 1 to load the key. */
WOLFSSL_SMALL_STACK_STATIC const byte sKey[] = {
0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
};
WOLFSSL_SMALL_STACK_STATIC const byte pKey[] = {
0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7,
0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a,
0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25,
0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a
};
WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { 0x0 };
/* Run tests for some rare code paths */
/* sig is exactly equal to the order */
static const byte rareEd1[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
};
/* sig is larger than the order before we get to the low part */
static const byte rareEd2[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x10
};
/* sig is larger than the order in the low part */
static const byte rareEd3[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
0xd6, 0x9c, 0xf9, 0xa2, 0xde, 0xf9, 0xde, 0x14,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
};
/* sig is smaller than the order */
static const byte rareEd4[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
0xd6, 0x9c, 0xf1, 0xa2, 0xde, 0xf9, 0xde, 0x14,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
};
ret = wc_ed25519_import_private_key(sKey, ED25519_KEY_SIZE,
pKey, sizeof(pKey), key);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#ifdef WOLFSSL_SE050
#define RARE_ED_BAD_ENC_E WC_NO_ERR_TRACE(WC_HW_E)
#define RARE_ED_BAD_SIG_E WC_NO_ERR_TRACE(WC_HW_E)
#else
#define RARE_ED_BAD_ENC_E WC_NO_ERR_TRACE(BAD_FUNC_ARG)
#define RARE_ED_BAD_SIG_E WC_NO_ERR_TRACE(SIG_VERIFY_E)
#endif
ret = wc_ed25519_verify_msg(rareEd1, sizeof(rareEd1), msg, 0,
&verify, key);
if (ret != RARE_ED_BAD_ENC_E)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ed25519_verify_msg(rareEd2, sizeof(rareEd2), msg, 0,
&verify, key);
if (ret != RARE_ED_BAD_ENC_E)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ed25519_verify_msg(rareEd3, sizeof(rareEd3), msg, 0,
&verify, key);
if (ret != RARE_ED_BAD_ENC_E)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ed25519_verify_msg(rareEd4, sizeof(rareEd4), msg, 0,
&verify, key);
if (ret != RARE_ED_BAD_SIG_E)
return WC_TEST_RET_ENC_EC(ret);
#undef RARE_ED_BAD_ENC_E
#undef RARE_ED_BAD_SIG_E
return 0;
}
#endif /* HAVE_ED25519_VERIFY */
#ifndef NO_ASN
static wc_test_ret_t ed25519_asn_test(ed25519_key* key3)
{
wc_test_ret_t ret;
byte out[ED25519_SIG_SIZE];
word32 outlen = sizeof(out);
word32 idx;
#ifdef HAVE_ED25519_VERIFY
int verify;
#endif
static const byte privateEd25519[] = {
0x30,0x2e,0x02,0x01,0x00,0x30,0x05,0x06,
0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20,
0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
};
static const byte badPrivateEd25519[] = {
0x30,0x52,0x02,0x01,0x00,0x30,0x05,0x06,
0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20,
0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60,
0xa1,0x22,0x04,0x21,0xd7,0x5a,0x98,0x01, /* octet len 0x20 -> 0x21 */
0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,
0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3,
0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68,
0xf7,0x07,0x51,0x1a,
0x00 /* add additional bytes to make the pubkey bigger */
};
static const byte publicEd25519[] = {
0x30,0x2a,0x30,0x05,0x06,0x03,0x2b,0x65,
0x70,0x03,0x21,0x00,0xd7,0x5a,0x98,0x01,
0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,
0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3,
0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68,
0xf7,0x07,0x51,0x1a
};
/* size has been altered to catch if sanity check is done */
static const byte badPublicEd25519[] = {
0x30,0x2a,0x30,0x05,0x06,0x03,0x2b,0x65,
0x70,0x03,0x21,0x00,0xd7,0x5a,0x98,0x01,
0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,
0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3,
0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68,
0xf7,0x07,0x51,0x1a,
0x00 /* add an additional byte to make the pubkey appear bigger */
};
static const byte privPubEd25519[] = {
0x30,0x50,0x02,0x01,0x00,0x30,0x05,0x06,
0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20,
0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60,
0x81,0x20,0xd7,0x5a,0x98,0x01,0x82,0xb1,
0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,0xc9,0x64,
0x07,0x3a,0x0e,0xe1,0x72,0xf3,0xda,0xa6,
0x23,0x25,0xaf,0x02,0x1a,0x68,0xf7,0x07,
0x51,0x1a
};
WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { 0x0 };
WOLFSSL_SMALL_STACK_STATIC const byte sig[] = {
0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
};
XMEMSET(out, 0, sizeof(out));
/* Try ASN.1 encoded private-only key and public key. */
idx = 0;
ret = wc_Ed25519PrivateKeyDecode(privateEd25519, &idx, key3,
sizeof(privateEd25519));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
idx = 0;
if (wc_Ed25519PrivateKeyDecode(badPrivateEd25519, &idx, key3,
sizeof(badPrivateEd25519)) == 0)
return WC_TEST_RET_ENC_NC;
/* Signing with a private-only key (no public loaded yet) is rejected on
* the host with BAD_FUNC_ARG. The SE050 port instead fails inside
* sss_se05x_key_store_set_ecc_keypair and returns WC_HW_E, so accept
* that alternate error code when built against an SE050. */
ret = wc_ed25519_sign_msg(msg, 0, out, &outlen, key3);
#ifdef WOLFSSL_SE050
if (ret != WC_NO_ERR_TRACE(WC_HW_E))
#else
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
#endif
return WC_TEST_RET_ENC_EC(ret);
/* try with a buffer size that is too large */
idx = 0;
if (wc_Ed25519PublicKeyDecode(badPublicEd25519, &idx, key3,
sizeof(badPublicEd25519)) == 0)
return WC_TEST_RET_ENC_NC;
idx = 0;
ret = wc_Ed25519PublicKeyDecode(publicEd25519, &idx, key3,
sizeof(publicEd25519));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ed25519_sign_msg(msg, 0, out, &outlen, key3);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(out, sig, 64))
return WC_TEST_RET_ENC_NC;
#if defined(HAVE_ED25519_VERIFY)
/* test verify on good msg */
ret = wc_ed25519_verify_msg(out, outlen, msg, 0, &verify, key3);
if (ret != 0 || verify != 1)
return WC_TEST_RET_ENC_EC(ret);
#endif /* HAVE_ED25519_VERIFY */
wc_ed25519_free(key3);
wc_ed25519_init_ex(key3, HEAP_HINT, devId);
idx = 0;
ret = wc_Ed25519PrivateKeyDecode(privPubEd25519, &idx, key3,
sizeof(privPubEd25519));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ed25519_sign_msg(msg, 0, out, &outlen, key3);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(out, sig, 64))
return WC_TEST_RET_ENC_NC;
return 0;
}
#endif /* NO_ASN */
#endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void)
{
wc_test_ret_t ret;
WC_RNG rng;
word32 keySz, sigSz;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
ed25519_key* key = NULL;
ed25519_key* key2 = NULL;
#else
ed25519_key key[1];
ed25519_key key2[1];
#endif
#if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN)
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
ed25519_key* key3 = NULL;
#else
ed25519_key key3[1];
#endif
#endif
WOLFSSL_ENTER("ed25519_test");
/* create ed25519 keys */
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
ret = wc_InitRng(&rng);
#endif
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
key = wc_ed25519_new(HEAP_HINT, devId, &ret);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
key2 = wc_ed25519_new(HEAP_HINT, devId, &ret);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
#if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN)
key3 = wc_ed25519_new(HEAP_HINT, devId, &ret);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
#endif
#else
ret = wc_ed25519_init_ex(key, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
ret = wc_ed25519_init_ex(key2, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
#if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN)
ret = wc_ed25519_init_ex(key3, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
#endif
#endif
#ifdef HAVE_ED25519_MAKE_KEY
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, key);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, key2);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup);
#endif
/* helper functions for signature and key size */
keySz = (word32)wc_ed25519_size(key);
sigSz = (word32)wc_ed25519_sig_size(key);
#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \
defined(HAVE_ED25519_KEY_IMPORT)
ret = ed25519_kat_test(key, key2);
if (ret != 0)
goto cleanup;
#if defined(HAVE_ED25519_VERIFY)
ret = ed25519_rare_sig_test(key);
if (ret != 0)
goto cleanup;
#endif /* HAVE_ED25519_VERIFY */
#ifndef WOLFSSL_SE050
/* Ed25519ctx and Ed25519ph require passing a context / prehash flag
* through to the signer. The SE050 port's se050_ed25519_sign_msg /
* _verify_msg drop those parameters and always do plain Ed25519, so the
* RFC 8032 ctx/ph test vectors cannot match. Skip these variants when
* built against an SE050. */
ret = ed25519ctx_test();
if (ret != 0)
goto cleanup;
ret = ed25519ph_test();
if (ret != 0)
goto cleanup;
#endif /* !WOLFSSL_SE050 */
#ifndef NO_ASN
ret = ed25519_asn_test(key3);
if (ret != 0)
goto cleanup;
#endif /* NO_ASN */
#endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
#if defined(HAVE_ED25519_KEY_IMPORT)
ret = ed25519_test_check_key();
if (ret < 0)
goto cleanup;
#endif
#if defined(HAVE_ED25519_KEY_EXPORT) && defined(HAVE_ED25519_KEY_IMPORT)
ret = ed25519_export_key_no_pub_test();
if (ret < 0)
goto cleanup;
#endif
#ifdef WOLFSSL_TEST_CERT
ret = ed25519_test_cert();
if (ret < 0)
goto cleanup;
#if defined(WOLFSSL_CERT_GEN) && defined(HAVE_ED25519_MAKE_KEY)
ret = ed25519_test_make_cert();
if (ret < 0)
goto cleanup;
#endif /* WOLFSSL_CERT_GEN */
#endif /* WOLFSSL_TEST_CERT */
cleanup:
/* clean up keys when done */
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
wc_ed25519_delete(key, &key);
wc_ed25519_delete(key2, &key2);
#if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN)
wc_ed25519_delete(key3, &key3);
#endif
#else
wc_ed25519_free(key);
wc_ed25519_free(key2);
#if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN)
wc_ed25519_free(key3);
#endif
#endif
#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
wc_FreeRng(&rng);
#endif
/* hush warnings of unused keySz and sigSz */
(void)keySz;
(void)sigSz;
return ret;
}
#endif /* HAVE_ED25519 */
#ifdef HAVE_CURVE448
#if defined(HAVE_CURVE448_SHARED_SECRET) && \
defined(HAVE_CURVE448_KEY_IMPORT)
/* Test the wc_curve448_check_public API.
*
* returns 0 on success and -ve on failure.
*/
static wc_test_ret_t curve448_check_public_test(void)
{
/* Little-endian values that will fail */
byte fail_le[][CURVE448_KEY_SIZE] = {
{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
},
{
0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
},
};
/* Big-endian values that will fail */
byte fail_be[][CURVE448_KEY_SIZE] = {
{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
},
{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
},
};
/* Good or valid public value */
byte good[CURVE448_KEY_SIZE] = {
0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
};
int i;
wc_test_ret_t ret;
/* Parameter checks */
/* NULL pointer */
ret = wc_curve448_check_public(NULL, 0, EC448_LITTLE_ENDIAN);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_curve448_check_public(NULL, 0, EC448_BIG_ENDIAN);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
/* Length of 0 treated differently to other invalid lengths for TLS */
ret = wc_curve448_check_public(good, 0, EC448_LITTLE_ENDIAN);
if (ret != WC_NO_ERR_TRACE(BUFFER_E))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_curve448_check_public(good, 0, EC448_BIG_ENDIAN);
if (ret != WC_NO_ERR_TRACE(BUFFER_E))
return WC_TEST_RET_ENC_EC(ret);
/* Length not CURVE448_KEY_SIZE */
for (i = 1; i < CURVE448_KEY_SIZE + 2; i++) {
if (i == CURVE448_KEY_SIZE)
continue;
if (wc_curve448_check_public(good, (word32)i, EC448_LITTLE_ENDIAN) !=
WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
return WC_TEST_RET_ENC_I(i);
}
if (wc_curve448_check_public(good, (word32)i, EC448_BIG_ENDIAN) !=
WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) {
return WC_TEST_RET_ENC_I(i);
}
}
/* Little-endian fail cases */
for (i = 0; i < (int)(sizeof(fail_le) / sizeof(*fail_le)); i++) {
if (wc_curve448_check_public(fail_le[i], CURVE448_KEY_SIZE,
EC448_LITTLE_ENDIAN) == 0) {
return WC_TEST_RET_ENC_I(i);
}
}
/* Big-endian fail cases */
for (i = 0; i < (int)(sizeof(fail_be) / sizeof(*fail_be)); i++) {
if (wc_curve448_check_public(fail_be[i], CURVE448_KEY_SIZE,
EC448_BIG_ENDIAN) == 0) {
return WC_TEST_RET_ENC_I(i);
}
}
/* Check a valid public value works! */
ret = wc_curve448_check_public(good, CURVE448_KEY_SIZE,
EC448_LITTLE_ENDIAN);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_curve448_check_public(good, CURVE448_KEY_SIZE, EC448_BIG_ENDIAN);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
return 0;
}
#endif /* HAVE_CURVE448_SHARED_SECRET && HAVE_CURVE448_KEY_IMPORT */
static wc_test_ret_t curve448_keyagree_test(WC_RNG* rng,
curve448_key* userA, curve448_key* userB, curve448_key* pubKey)
{
wc_test_ret_t ret;
#ifdef HAVE_CURVE448_SHARED_SECRET
byte sharedA[CURVE448_KEY_SIZE];
byte sharedB[CURVE448_KEY_SIZE];
word32 y;
#endif
#ifdef HAVE_CURVE448_KEY_EXPORT
byte exportBuf[CURVE448_KEY_SIZE];
#endif
word32 x = 0;
(void)x;
(void)pubKey;
/* make curve448 keys */
ret = wc_curve448_make_key(rng, CURVE448_KEY_SIZE, userA);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_curve448_make_key(rng, CURVE448_KEY_SIZE, userB);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#ifdef HAVE_CURVE448_SHARED_SECRET
/* find shared secret key */
x = sizeof(sharedA);
ret = wc_curve448_shared_secret(userA, userB, sharedA, &x);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
y = sizeof(sharedB);
ret = wc_curve448_shared_secret(userB, userA, sharedB, &y);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* compare shared secret keys to test they are the same */
if (y != x)
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(sharedA, sharedB, x))
return WC_TEST_RET_ENC_NC;
#endif
#ifdef HAVE_CURVE448_KEY_EXPORT
/* export a public key and import it for another user */
x = sizeof(exportBuf);
ret = wc_curve448_export_public(userA, exportBuf, &x);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#ifdef HAVE_CURVE448_KEY_IMPORT
ret = wc_curve448_import_public(exportBuf, x, pubKey);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#endif
#endif
#if defined(HAVE_CURVE448_SHARED_SECRET) && \
defined(HAVE_CURVE448_KEY_IMPORT)
/* test shared key after importing a public key */
XMEMSET(sharedB, 0, sizeof(sharedB));
y = sizeof(sharedB);
ret = wc_curve448_shared_secret(userB, pubKey, sharedB, &y);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(sharedA, sharedB, y))
return WC_TEST_RET_ENC_NC;
#endif
return 0;
}
#if defined(HAVE_CURVE448_SHARED_SECRET) && \
defined(HAVE_CURVE448_KEY_IMPORT)
static wc_test_ret_t curve448_kat_test(WC_RNG* rng,
curve448_key* userA, curve448_key* userB)
{
wc_test_ret_t ret;
byte sharedA[CURVE448_KEY_SIZE];
byte sharedB[CURVE448_KEY_SIZE];
word32 x;
word32 y;
/* test vectors from
https://www.rfc-editor.org/rfc/rfc7748.html
*/
/* secret key for party a */
byte sa[] = {
0x6b, 0x72, 0x98, 0xa5, 0xc0, 0xd8, 0xc2, 0x9a,
0x1d, 0xab, 0x27, 0xf1, 0xa6, 0x82, 0x63, 0x00,
0x91, 0x73, 0x89, 0x44, 0x97, 0x41, 0xa9, 0x74,
0xf5, 0xba, 0xc9, 0xd9, 0x8d, 0xc2, 0x98, 0xd4,
0x65, 0x55, 0xbc, 0xe8, 0xba, 0xe8, 0x9e, 0xee,
0xd4, 0x00, 0x58, 0x4b, 0xb0, 0x46, 0xcf, 0x75,
0x57, 0x9f, 0x51, 0xd1, 0x25, 0x49, 0x8f, 0x9a,
};
/* public key for party a */
byte pa[] = {
0xa0, 0x1f, 0xc4, 0x32, 0xe5, 0x80, 0x7f, 0x17,
0x53, 0x0d, 0x12, 0x88, 0xda, 0x12, 0x5b, 0x0c,
0xd4, 0x53, 0xd9, 0x41, 0x72, 0x64, 0x36, 0xc8,
0xbb, 0xd9, 0xc5, 0x22, 0x2c, 0x3d, 0xa7, 0xfa,
0x63, 0x9c, 0xe0, 0x3d, 0xb8, 0xd2, 0x3b, 0x27,
0x4a, 0x07, 0x21, 0xa1, 0xae, 0xd5, 0x22, 0x7d,
0xe6, 0xe3, 0xb7, 0x31, 0xcc, 0xf7, 0x08, 0x9b,
};
/* secret key for party b */
byte sb[] = {
0x2d, 0x99, 0x73, 0x51, 0xb6, 0x10, 0x6f, 0x36,
0xb0, 0xd1, 0x09, 0x1b, 0x92, 0x9c, 0x4c, 0x37,
0x21, 0x3e, 0x0d, 0x2b, 0x97, 0xe8, 0x5e, 0xbb,
0x20, 0xc1, 0x27, 0x69, 0x1d, 0x0d, 0xad, 0x8f,
0x1d, 0x81, 0x75, 0xb0, 0x72, 0x37, 0x45, 0xe6,
0x39, 0xa3, 0xcb, 0x70, 0x44, 0x29, 0x0b, 0x99,
0xe0, 0xe2, 0xa0, 0xc2, 0x7a, 0x6a, 0x30, 0x1c,
};
/* public key for party b */
byte pb[] = {
0x09, 0x36, 0xf3, 0x7b, 0xc6, 0xc1, 0xbd, 0x07,
0xae, 0x3d, 0xec, 0x7a, 0xb5, 0xdc, 0x06, 0xa7,
0x3c, 0xa1, 0x32, 0x42, 0xfb, 0x34, 0x3e, 0xfc,
0x72, 0xb9, 0xd8, 0x27, 0x30, 0xb4, 0x45, 0xf3,
0xd4, 0xb0, 0xbd, 0x07, 0x71, 0x62, 0xa4, 0x6d,
0xcf, 0xec, 0x6f, 0x9b, 0x59, 0x0b, 0xfc, 0xbc,
0xf5, 0x20, 0xcd, 0xb0, 0x29, 0xa8, 0xb7, 0x3e,
};
/* expected shared key */
byte ss[] = {
0x9d, 0x87, 0x4a, 0x51, 0x37, 0x50, 0x9a, 0x44,
0x9a, 0xd5, 0x85, 0x30, 0x40, 0x24, 0x1c, 0x52,
0x36, 0x39, 0x54, 0x35, 0xc3, 0x64, 0x24, 0xfd,
0x56, 0x0b, 0x0c, 0xb6, 0x2b, 0x28, 0x1d, 0x28,
0x52, 0x75, 0xa7, 0x40, 0xce, 0x32, 0xa2, 0x2d,
0xd1, 0x74, 0x0f, 0x4a, 0xa9, 0x16, 0x1c, 0xec,
0x95, 0xcc, 0xc6, 0x1a, 0x18, 0xf4, 0xff, 0x07,
};
/* import RFC test vectors and compare shared key */
ret = wc_curve448_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), userA);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_curve448_import_private_raw(sb, sizeof(sb), pb, sizeof(pb), userB);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* test against known test vector */
XMEMSET(sharedB, 0, sizeof(sharedB));
y = sizeof(sharedB);
ret = wc_curve448_shared_secret(userA, userB, sharedB, &y);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(ss, sharedB, y))
return WC_TEST_RET_ENC_NC;
/* test swapping roles of keys and generating same shared key */
XMEMSET(sharedB, 0, sizeof(sharedB));
y = sizeof(sharedB);
ret = wc_curve448_shared_secret(userB, userA, sharedB, &y);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(ss, sharedB, y))
return WC_TEST_RET_ENC_NC;
/* test with 1 generated key and 1 from known test vector */
ret = wc_curve448_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), userA);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_curve448_make_key(rng, 56, userB);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
x = sizeof(sharedA);
ret = wc_curve448_shared_secret(userA, userB, sharedA, &x);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
y = sizeof(sharedB);
ret = wc_curve448_shared_secret(userB, userA, sharedB, &y);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* compare shared secret keys to test they are the same */
if (y != x)
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(sharedA, sharedB, x))
return WC_TEST_RET_ENC_NC;
return 0;
}
#endif /* HAVE_CURVE448_SHARED_SECRET && HAVE_CURVE448_KEY_IMPORT */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve448_test(void)
{
WC_RNG rng;
wc_test_ret_t ret;
curve448_key userA, userB, pubKey;
WOLFSSL_ENTER("curve448_test");
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
ret = wc_InitRng(&rng);
#endif
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
wc_curve448_init(&userA);
wc_curve448_init(&userB);
wc_curve448_init(&pubKey);
ret = curve448_keyagree_test(&rng, &userA, &userB, &pubKey);
if (ret != 0)
return ret;
#if defined(HAVE_CURVE448_SHARED_SECRET) && \
defined(HAVE_CURVE448_KEY_IMPORT)
ret = curve448_kat_test(&rng, &userA, &userB);
if (ret != 0)
return ret;
ret = curve448_check_public_test();
if (ret != 0)
return ret;
#endif /* HAVE_CURVE448_SHARED_SECRET && HAVE_CURVE448_KEY_IMPORT */
/* clean up keys when done */
wc_curve448_free(&pubKey);
wc_curve448_free(&userB);
wc_curve448_free(&userA);
wc_FreeRng(&rng);
return 0;
}
#endif /* HAVE_CURVE448 */
#ifdef HAVE_ED448
#ifdef WOLFSSL_TEST_CERT
static wc_test_ret_t ed448_test_cert(void)
{
DecodedCert cert[2];
DecodedCert* serverCert = NULL;
DecodedCert* caCert = NULL;
#ifdef HAVE_ED448_VERIFY
ed448_key key;
ed448_key* pubKey = NULL;
int verify;
#endif /* HAVE_ED448_VERIFY */
wc_test_ret_t ret;
byte* tmp;
size_t bytes;
XFILE file;
tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
}
#ifdef USE_CERT_BUFFERS_256
XMEMCPY(tmp, ca_ed448_cert, sizeof_ca_ed448_cert);
bytes = sizeof_ca_ed448_cert;
#elif !defined(NO_FILESYSTEM)
file = XFOPEN(caEd448Cert, "rb");
if (file == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
}
bytes = XFREAD(tmp, 1, FOURK_BUF, file);
XFCLOSE(file);
if (bytes == 0)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
#else
/* No certificate to use. */
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
#endif
InitDecodedCert(&cert[0], tmp, (word32)bytes, 0);
caCert = &cert[0];
ret = ParseCert(caCert, CERT_TYPE, NO_VERIFY, NULL);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#ifdef USE_CERT_BUFFERS_256
XMEMCPY(tmp, server_ed448_cert, sizeof_server_ed448_cert);
bytes = sizeof_server_ed448_cert;
#elif !defined(NO_FILESYSTEM)
file = XFOPEN(serverEd448Cert, "rb");
if (file == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
}
bytes = XFREAD(tmp, 1, FOURK_BUF, file);
XFCLOSE(file);
if (bytes == 0)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
#else
/* No certificate to use. */
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
#endif
InitDecodedCert(&cert[1], tmp, (word32)bytes, 0);
serverCert = &cert[1];
ret = ParseCert(serverCert, CERT_TYPE, NO_VERIFY, NULL);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#ifdef HAVE_ED448_VERIFY
ret = wc_ed448_init(&key);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
pubKey = &key;
ret = wc_ed448_import_public(caCert->publicKey, caCert->pubKeySize, pubKey);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_ed448_verify_msg(serverCert->signature, serverCert->sigLength,
serverCert->source + serverCert->certBegin,
serverCert->sigIndex - serverCert->certBegin,
&verify, pubKey, NULL, 0);
if (ret < 0 || verify != 1) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
}
#endif /* HAVE_ED448_VERIFY */
done:
XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef HAVE_ED448_VERIFY
wc_ed448_free(pubKey);
#endif /* HAVE_ED448_VERIFY */
if (caCert != NULL)
FreeDecodedCert(caCert);
if (serverCert != NULL)
FreeDecodedCert(serverCert);
return ret;
}
static wc_test_ret_t ed448_test_make_cert(void)
{
WC_RNG rng;
Cert cert;
DecodedCert decode;
ed448_key key;
ed448_key* privKey = NULL;
wc_test_ret_t ret = 0;
byte* tmp = NULL;
wc_InitCert_ex(&cert, HEAP_HINT, devId);
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
ret = wc_InitRng(&rng);
#endif
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
wc_ed448_init(&key);
privKey = &key;
wc_ed448_make_key(&rng, ED448_KEY_SIZE, privKey);
cert.daysValid = 365 * 2;
cert.selfSigned = 1;
XMEMCPY(&cert.issuer, &certDefaultName, sizeof(CertName));
XMEMCPY(&cert.subject, &certDefaultName, sizeof(CertName));
cert.isCA = 0;
#ifdef WOLFSSL_CERT_EXT
ret = wc_SetKeyUsage(&cert, certKeyUsage);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED448_TYPE, privKey);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED448_TYPE, privKey);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#endif
tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
}
cert.sigType = CTC_ED448;
ret = wc_MakeCert_ex(&cert, tmp, FOURK_BUF, ED448_TYPE, privKey, &rng);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_SignCert_ex(cert.bodySz, cert.sigType, tmp, FOURK_BUF, ED448_TYPE,
privKey, &rng);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
InitDecodedCert(&decode, tmp, (word32)ret, HEAP_HINT);
ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
FreeDecodedCert(&decode);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
done:
XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_ed448_free(privKey);
wc_FreeRng(&rng);
return ret;
}
#endif /* WOLFSSL_TEST_CERT */
#if defined(HAVE_ED448_KEY_IMPORT)
static wc_test_ret_t ed448_test_check_key(void)
{
/* Fails to find x-ordinate from this y-ordinate. */
WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y[] = {
0x40,
0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00
};
/* Y-ordinate value larger than prime. */
WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y_max[] = {
0x40,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff
};
/* Y-ordinate value equal to prime. */
WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y_is_p[] = {
0x40,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff
};
/* Y-ordinate value equal to prime - 1. Older FIPS modules accept
* this as a valid key; the current source rejects it as an order-2
* point. */
WOLFSSL_SMALL_STACK_STATIC const byte key_y_is_p_minus_1[] = {
0x40,
0xfe,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff
};
/* RFC 8032 section 7.4 test-vector public key: a genuinely valid
* Ed448 point used as a positive control. */
WOLFSSL_SMALL_STACK_STATIC const byte key_good[] = {
0x40,
0x5f,0xd7,0x44,0x9b,0x59,0xb4,0x61,0xfd,
0x2c,0xe7,0x87,0xec,0x61,0x6a,0xd4,0x6a,
0x1d,0xa1,0x34,0x24,0x85,0xa7,0x0e,0x1f,
0x8a,0x0e,0xa7,0x5d,0x80,0xe9,0x67,0x78,
0xed,0xf1,0x24,0x76,0x9b,0x46,0xc7,0x06,
0x1b,0xd6,0x78,0x3d,0xf1,0xe5,0x0f,0x6c,
0xd1,0xfa,0x1a,0xbe,0xaf,0xe8,0x25,0x61,
0x80
};
ed448_key key;
int ret;
int res = 0;
/* Initialize key for use. */
ret = wc_ed448_init_ex(&key, HEAP_HINT, devId);
if (ret != 0) {
return WC_TEST_RET_ENC_NC;
}
/* Load bad public key only and perform checks. */
ret = wc_ed448_import_public(key_bad_y, ED448_PUB_KEY_SIZE + 1, &key);
if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
res = WC_TEST_RET_ENC_NC;
}
if (ret == 0) {
/* Load bad public key only and perform checks. */
ret = wc_ed448_import_public(key_bad_y_max, ED448_PUB_KEY_SIZE + 1,
&key);
if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
res = WC_TEST_RET_ENC_NC;
}
}
if (res == 0) {
/* Load bad public key only and perform checks. */
ret = wc_ed448_import_public(key_bad_y_is_p, ED448_PUB_KEY_SIZE + 1,
&key);
if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
res = WC_TEST_RET_ENC_NC;
}
}
if (res == 0) {
ret = wc_ed448_import_public(key_y_is_p_minus_1, ED448_PUB_KEY_SIZE + 1,
&key);
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)
/* y = p - 1 is an order-2 point; check_key rejects it because
* h*A is the neutral element for small-order public keys and
* forged signatures would otherwise verify. */
if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
res = WC_TEST_RET_ENC_NC;
}
#else
/* Older FIPS modules accept this order-2 point. */
if (ret != 0) {
res = WC_TEST_RET_ENC_NC;
}
#endif
}
if (res == 0) {
/* Positive control: a real Ed448 public key must be accepted. */
ret = wc_ed448_import_public(key_good, ED448_PUB_KEY_SIZE + 1, &key);
if (ret != 0) {
res = WC_TEST_RET_ENC_NC;
}
}
/* Dispose of key. */
wc_ed448_free(&key);
return res;
}
#endif
#if defined(HAVE_ED448_KEY_EXPORT) && defined(HAVE_ED448_KEY_IMPORT)
/* When only the private key is set, the public part is unavailable.
* wc_ed448_export_public() must report PUBLIC_KEY_E, and
* wc_ed448_export_key() must propagate that error rather than silently
* succeeding. */
static wc_test_ret_t ed448_export_key_no_pub_test(void)
{
int res = 0;
#if !(defined(HAVE_FIPS) && FIPS_VERSION3_LT(7,0,0))
/* RFC 8032 section 7.4 test-vector secret key. */
WOLFSSL_SMALL_STACK_STATIC const byte privKey[] = {
0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10,
0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf,
0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f,
0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3,
0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f,
0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9,
0x5b
};
ed448_key key;
byte priv[ED448_PRV_KEY_SIZE];
byte pub[ED448_PUB_KEY_SIZE];
word32 privSz = (word32)sizeof(priv);
word32 pubSz = (word32)sizeof(pub);
int ret;
ret = wc_ed448_init_ex(&key, HEAP_HINT, devId);
if (ret != 0) {
return WC_TEST_RET_ENC_NC;
}
/* Import the private key only; no public key is set. */
ret = wc_ed448_import_private_only(privKey, (word32)sizeof(privKey), &key);
if (ret != 0) {
res = WC_TEST_RET_ENC_NC;
}
/* With no public key, exporting the public part must fail. */
if (res == 0) {
ret = wc_ed448_export_public(&key, pub, &pubSz);
if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
res = WC_TEST_RET_ENC_NC;
}
}
/* wc_ed448_export_key() must propagate the missing-public-key error. */
if (res == 0) {
ret = wc_ed448_export_key(&key, priv, &privSz, pub, &pubSz);
if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
res = WC_TEST_RET_ENC_NC;
}
}
wc_ed448_free(&key);
#endif
return res;
}
#endif
#if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) && \
defined(HAVE_ED448_KEY_IMPORT)
static wc_test_ret_t ed448_ctx_test(void)
{
wc_test_ret_t ret;
byte out[ED448_SIG_SIZE];
word32 outlen;
#ifdef HAVE_ED448_VERIFY
int verify;
#endif /* HAVE_ED448_VERIFY */
ed448_key key;
WOLFSSL_SMALL_STACK_STATIC const byte sKeyCtx[] = {
0xc4, 0xea, 0xb0, 0x5d, 0x35, 0x70, 0x07, 0xc6,
0x32, 0xf3, 0xdb, 0xb4, 0x84, 0x89, 0x92, 0x4d,
0x55, 0x2b, 0x08, 0xfe, 0x0c, 0x35, 0x3a, 0x0d,
0x4a, 0x1f, 0x00, 0xac, 0xda, 0x2c, 0x46, 0x3a,
0xfb, 0xea, 0x67, 0xc5, 0xe8, 0xd2, 0x87, 0x7c,
0x5e, 0x3b, 0xc3, 0x97, 0xa6, 0x59, 0x94, 0x9e,
0xf8, 0x02, 0x1e, 0x95, 0x4e, 0x0a, 0x12, 0x27,
0x4e
};
WOLFSSL_SMALL_STACK_STATIC const byte pKeyCtx[] = {
0x43, 0xba, 0x28, 0xf4, 0x30, 0xcd, 0xff, 0x45,
0x6a, 0xe5, 0x31, 0x54, 0x5f, 0x7e, 0xcd, 0x0a,
0xc8, 0x34, 0xa5, 0x5d, 0x93, 0x58, 0xc0, 0x37,
0x2b, 0xfa, 0x0c, 0x6c, 0x67, 0x98, 0xc0, 0x86,
0x6a, 0xea, 0x01, 0xeb, 0x00, 0x74, 0x28, 0x02,
0xb8, 0x43, 0x8e, 0xa4, 0xcb, 0x82, 0x16, 0x9c,
0x23, 0x51, 0x60, 0x62, 0x7b, 0x4c, 0x3a, 0x94,
0x80
};
WOLFSSL_SMALL_STACK_STATIC const byte sigCtx[] = {
0xd4, 0xf8, 0xf6, 0x13, 0x17, 0x70, 0xdd, 0x46,
0xf4, 0x08, 0x67, 0xd6, 0xfd, 0x5d, 0x50, 0x55,
0xde, 0x43, 0x54, 0x1f, 0x8c, 0x5e, 0x35, 0xab,
0xbc, 0xd0, 0x01, 0xb3, 0x2a, 0x89, 0xf7, 0xd2,
0x15, 0x1f, 0x76, 0x47, 0xf1, 0x1d, 0x8c, 0xa2,
0xae, 0x27, 0x9f, 0xb8, 0x42, 0xd6, 0x07, 0x21,
0x7f, 0xce, 0x6e, 0x04, 0x2f, 0x68, 0x15, 0xea,
0x00, 0x0c, 0x85, 0x74, 0x1d, 0xe5, 0xc8, 0xda,
0x11, 0x44, 0xa6, 0xa1, 0xab, 0xa7, 0xf9, 0x6d,
0xe4, 0x25, 0x05, 0xd7, 0xa7, 0x29, 0x85, 0x24,
0xfd, 0xa5, 0x38, 0xfc, 0xcb, 0xbb, 0x75, 0x4f,
0x57, 0x8c, 0x1c, 0xad, 0x10, 0xd5, 0x4d, 0x0d,
0x54, 0x28, 0x40, 0x7e, 0x85, 0xdc, 0xbc, 0x98,
0xa4, 0x91, 0x55, 0xc1, 0x37, 0x64, 0xe6, 0x6c,
0x3c, 0x00
};
WOLFSSL_SMALL_STACK_STATIC const byte msgCtx[] = {
0x03
};
WOLFSSL_SMALL_STACK_STATIC const byte contextCtx[] = {
0x66,0x6f,0x6f
};
outlen = sizeof(out);
XMEMSET(out, 0, sizeof(out));
ret = wc_ed448_init_ex(&key, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ed448_import_private_key(sKeyCtx, ED448_KEY_SIZE, pKeyCtx,
sizeof(pKeyCtx), &key);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ed448_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key,
contextCtx, sizeof(contextCtx));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(out, sigCtx, sizeof(sigCtx)))
return WC_TEST_RET_ENC_NC;
#if defined(HAVE_ED448_VERIFY)
/* test verify on good msg */
ret = wc_ed448_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), &verify, &key,
contextCtx, sizeof(contextCtx));
if (ret != 0 || verify != 1)
return WC_TEST_RET_ENC_EC(ret);
#endif
wc_ed448_free(&key);
return 0;
}
static wc_test_ret_t ed448ph_test(void)
{
wc_test_ret_t ret;
byte out[ED448_SIG_SIZE];
word32 outlen;
#ifdef HAVE_ED448_VERIFY
int verify;
#endif /* HAVE_ED448_VERIFY */
ed448_key key;
WOLFSSL_SMALL_STACK_STATIC const byte sKeyPh[] = {
0x83, 0x3f, 0xe6, 0x24, 0x09, 0x23, 0x7b, 0x9d,
0x62, 0xec, 0x77, 0x58, 0x75, 0x20, 0x91, 0x1e,
0x9a, 0x75, 0x9c, 0xec, 0x1d, 0x19, 0x75, 0x5b,
0x7d, 0xa9, 0x01, 0xb9, 0x6d, 0xca, 0x3d, 0x42,
0xef, 0x78, 0x22, 0xe0, 0xd5, 0x10, 0x41, 0x27,
0xdc, 0x05, 0xd6, 0xdb, 0xef, 0xde, 0x69, 0xe3,
0xab, 0x2c, 0xec, 0x7c, 0x86, 0x7c, 0x6e, 0x2c,
0x49
};
WOLFSSL_SMALL_STACK_STATIC const byte pKeyPh[] = {
0x25, 0x9b, 0x71, 0xc1, 0x9f, 0x83, 0xef, 0x77,
0xa7, 0xab, 0xd2, 0x65, 0x24, 0xcb, 0xdb, 0x31,
0x61, 0xb5, 0x90, 0xa4, 0x8f, 0x7d, 0x17, 0xde,
0x3e, 0xe0, 0xba, 0x9c, 0x52, 0xbe, 0xb7, 0x43,
0xc0, 0x94, 0x28, 0xa1, 0x31, 0xd6, 0xb1, 0xb5,
0x73, 0x03, 0xd9, 0x0d, 0x81, 0x32, 0xc2, 0x76,
0xd5, 0xed, 0x3d, 0x5d, 0x01, 0xc0, 0xf5, 0x38,
0x80
};
WOLFSSL_SMALL_STACK_STATIC const byte sigPh1[] = {
0x82, 0x2f, 0x69, 0x01, 0xf7, 0x48, 0x0f, 0x3d,
0x5f, 0x56, 0x2c, 0x59, 0x29, 0x94, 0xd9, 0x69,
0x36, 0x02, 0x87, 0x56, 0x14, 0x48, 0x32, 0x56,
0x50, 0x56, 0x00, 0xbb, 0xc2, 0x81, 0xae, 0x38,
0x1f, 0x54, 0xd6, 0xbc, 0xe2, 0xea, 0x91, 0x15,
0x74, 0x93, 0x2f, 0x52, 0xa4, 0xe6, 0xca, 0xdd,
0x78, 0x76, 0x93, 0x75, 0xec, 0x3f, 0xfd, 0x1b,
0x80, 0x1a, 0x0d, 0x9b, 0x3f, 0x40, 0x30, 0xcd,
0x43, 0x39, 0x64, 0xb6, 0x45, 0x7e, 0xa3, 0x94,
0x76, 0x51, 0x12, 0x14, 0xf9, 0x74, 0x69, 0xb5,
0x7d, 0xd3, 0x2d, 0xbc, 0x56, 0x0a, 0x9a, 0x94,
0xd0, 0x0b, 0xff, 0x07, 0x62, 0x04, 0x64, 0xa3,
0xad, 0x20, 0x3d, 0xf7, 0xdc, 0x7c, 0xe3, 0x60,
0xc3, 0xcd, 0x36, 0x96, 0xd9, 0xd9, 0xfa, 0xb9,
0x0f, 0x00
};
WOLFSSL_SMALL_STACK_STATIC const byte sigPh2[] = {
0xc3, 0x22, 0x99, 0xd4, 0x6e, 0xc8, 0xff, 0x02,
0xb5, 0x45, 0x40, 0x98, 0x28, 0x14, 0xdc, 0xe9,
0xa0, 0x58, 0x12, 0xf8, 0x19, 0x62, 0xb6, 0x49,
0xd5, 0x28, 0x09, 0x59, 0x16, 0xa2, 0xaa, 0x48,
0x10, 0x65, 0xb1, 0x58, 0x04, 0x23, 0xef, 0x92,
0x7e, 0xcf, 0x0a, 0xf5, 0x88, 0x8f, 0x90, 0xda,
0x0f, 0x6a, 0x9a, 0x85, 0xad, 0x5d, 0xc3, 0xf2,
0x80, 0xd9, 0x12, 0x24, 0xba, 0x99, 0x11, 0xa3,
0x65, 0x3d, 0x00, 0xe4, 0x84, 0xe2, 0xce, 0x23,
0x25, 0x21, 0x48, 0x1c, 0x86, 0x58, 0xdf, 0x30,
0x4b, 0xb7, 0x74, 0x5a, 0x73, 0x51, 0x4c, 0xdb,
0x9b, 0xf3, 0xe1, 0x57, 0x84, 0xab, 0x71, 0x28,
0x4f, 0x8d, 0x07, 0x04, 0xa6, 0x08, 0xc5, 0x4a,
0x6b, 0x62, 0xd9, 0x7b, 0xeb, 0x51, 0x1d, 0x13,
0x21, 0x00
};
WOLFSSL_SMALL_STACK_STATIC const byte msgPh[] = {
0x61,0x62,0x63
};
/* SHA-512 hash of msgPh */
WOLFSSL_SMALL_STACK_STATIC const byte hashPh[] = {
0x48, 0x33, 0x66, 0x60, 0x13, 0x60, 0xa8, 0x77,
0x1c, 0x68, 0x63, 0x08, 0x0c, 0xc4, 0x11, 0x4d,
0x8d, 0xb4, 0x45, 0x30, 0xf8, 0xf1, 0xe1, 0xee,
0x4f, 0x94, 0xea, 0x37, 0xe7, 0x8b, 0x57, 0x39,
0xd5, 0xa1, 0x5b, 0xef, 0x18, 0x6a, 0x53, 0x86,
0xc7, 0x57, 0x44, 0xc0, 0x52, 0x7e, 0x1f, 0xaa,
0x9f, 0x87, 0x26, 0xe4, 0x62, 0xa1, 0x2a, 0x4f,
0xeb, 0x06, 0xbd, 0x88, 0x01, 0xe7, 0x51, 0xe4
};
WOLFSSL_SMALL_STACK_STATIC const byte contextPh2[] = {
0x66,0x6f,0x6f
};
outlen = sizeof(out);
XMEMSET(out, 0, sizeof(out));
ret = wc_ed448_init_ex(&key, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ed448_import_private_key(sKeyPh, ED448_KEY_SIZE, pKeyPh,
sizeof(pKeyPh), &key);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ed448ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, NULL,
0);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(out, sigPh1, sizeof(sigPh1)))
return WC_TEST_RET_ENC_NC;
#if defined(HAVE_ED448_VERIFY)
/* test verify on good msg */
ret = wc_ed448ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, &key,
NULL, 0);
if (ret != 0 || verify != 1) {
return WC_TEST_RET_ENC_EC(ret);
}
#endif
ret = wc_ed448ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key,
contextPh2, sizeof(contextPh2));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(out, sigPh2, sizeof(sigPh2)))
return WC_TEST_RET_ENC_NC;
#if defined(HAVE_ED448_VERIFY)
/* test verify on good msg */
ret = wc_ed448ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, &key,
contextPh2, sizeof(contextPh2));
if (ret != 0 || verify != 1) {
return WC_TEST_RET_ENC_EC(ret);
}
#endif
ret = wc_ed448ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, NULL,
0);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(out, sigPh1, sizeof(sigPh1)))
return WC_TEST_RET_ENC_NC;
#if defined(HAVE_ED448_VERIFY)
ret = wc_ed448ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify,
&key, NULL, 0);
if (ret != 0 || verify != 1) {
return WC_TEST_RET_ENC_EC(ret);
}
#endif
ret = wc_ed448ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key,
contextPh2, sizeof(contextPh2));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(out, sigPh2, sizeof(sigPh2)))
return WC_TEST_RET_ENC_NC;
#if defined(HAVE_ED448_VERIFY)
ret = wc_ed448ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify,
&key, contextPh2, sizeof(contextPh2));
if (ret != 0 || verify != 1) {
return WC_TEST_RET_ENC_EC(ret);
}
#endif
wc_ed448_free(&key);
return 0;
}
#endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */
#if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) && \
defined(HAVE_ED448_KEY_IMPORT)
static wc_test_ret_t ed448_kat_test(ed448_key* key, ed448_key* key2)
{
wc_test_ret_t ret = 0;
byte out[ED448_SIG_SIZE];
int i;
word32 outlen;
#ifdef HAVE_ED448_VERIFY
#ifdef WOLFSSL_ED448_STREAMING_VERIFY
int j;
#endif /* WOLFSSL_ED448_STREAMING_VERIFY */
int verify;
#endif /* HAVE_ED448_VERIFY */
/* test vectors from
https://tools.ietf.org/html/rfc8032
*/
WOLFSSL_SMALL_STACK_STATIC const byte sKey1[] = {
0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10,
0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf,
0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f,
0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3,
0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f,
0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9,
0x5b
};
WOLFSSL_SMALL_STACK_STATIC const byte sKey2[] = {
0xc4, 0xea, 0xb0, 0x5d, 0x35, 0x70, 0x07, 0xc6,
0x32, 0xf3, 0xdb, 0xb4, 0x84, 0x89, 0x92, 0x4d,
0x55, 0x2b, 0x08, 0xfe, 0x0c, 0x35, 0x3a, 0x0d,
0x4a, 0x1f, 0x00, 0xac, 0xda, 0x2c, 0x46, 0x3a,
0xfb, 0xea, 0x67, 0xc5, 0xe8, 0xd2, 0x87, 0x7c,
0x5e, 0x3b, 0xc3, 0x97, 0xa6, 0x59, 0x94, 0x9e,
0xf8, 0x02, 0x1e, 0x95, 0x4e, 0x0a, 0x12, 0x27,
0x4e
};
WOLFSSL_SMALL_STACK_STATIC const byte sKey3[] = {
0x25, 0x8c, 0xdd, 0x4a, 0xda, 0x32, 0xed, 0x9c,
0x9f, 0xf5, 0x4e, 0x63, 0x75, 0x6a, 0xe5, 0x82,
0xfb, 0x8f, 0xab, 0x2a, 0xc7, 0x21, 0xf2, 0xc8,
0xe6, 0x76, 0xa7, 0x27, 0x68, 0x51, 0x3d, 0x93,
0x9f, 0x63, 0xdd, 0xdb, 0x55, 0x60, 0x91, 0x33,
0xf2, 0x9a, 0xdf, 0x86, 0xec, 0x99, 0x29, 0xdc,
0xcb, 0x52, 0xc1, 0xc5, 0xfd, 0x2f, 0xf7, 0xe2,
0x1b
};
/* uncompressed test */
WOLFSSL_SMALL_STACK_STATIC const byte sKey4[] = {
0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10,
0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf,
0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f,
0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3,
0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f,
0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9,
0x5b
};
/* compressed prefix test */
WOLFSSL_SMALL_STACK_STATIC const byte sKey5[] = {
0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10,
0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf,
0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f,
0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3,
0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f,
0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9,
0x5b
};
WOLFSSL_SMALL_STACK_STATIC const byte sKey6[] = {
0x87, 0x2d, 0x09, 0x37, 0x80, 0xf5, 0xd3, 0x73,
0x0d, 0xf7, 0xc2, 0x12, 0x66, 0x4b, 0x37, 0xb8,
0xa0, 0xf2, 0x4f, 0x56, 0x81, 0x0d, 0xaa, 0x83,
0x82, 0xcd, 0x4f, 0xa3, 0xf7, 0x76, 0x34, 0xec,
0x44, 0xdc, 0x54, 0xf1, 0xc2, 0xed, 0x9b, 0xea,
0x86, 0xfa, 0xfb, 0x76, 0x32, 0xd8, 0xbe, 0x19,
0x9e, 0xa1, 0x65, 0xf5, 0xad, 0x55, 0xdd, 0x9c,
0xe8
};
WOLFSSL_SMALL_STACK_STATIC const byte* sKeys[] = {sKey1, sKey2, sKey3, sKey4, sKey5, sKey6};
WOLFSSL_SMALL_STACK_STATIC const byte pKey1[] = {
0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd,
0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a,
0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f,
0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78,
0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06,
0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c,
0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61,
0x80
};
WOLFSSL_SMALL_STACK_STATIC const byte pKey2[] = {
0x43, 0xba, 0x28, 0xf4, 0x30, 0xcd, 0xff, 0x45,
0x6a, 0xe5, 0x31, 0x54, 0x5f, 0x7e, 0xcd, 0x0a,
0xc8, 0x34, 0xa5, 0x5d, 0x93, 0x58, 0xc0, 0x37,
0x2b, 0xfa, 0x0c, 0x6c, 0x67, 0x98, 0xc0, 0x86,
0x6a, 0xea, 0x01, 0xeb, 0x00, 0x74, 0x28, 0x02,
0xb8, 0x43, 0x8e, 0xa4, 0xcb, 0x82, 0x16, 0x9c,
0x23, 0x51, 0x60, 0x62, 0x7b, 0x4c, 0x3a, 0x94,
0x80
};
WOLFSSL_SMALL_STACK_STATIC const byte pKey3[] = {
0x3b, 0xa1, 0x6d, 0xa0, 0xc6, 0xf2, 0xcc, 0x1f,
0x30, 0x18, 0x77, 0x40, 0x75, 0x6f, 0x5e, 0x79,
0x8d, 0x6b, 0xc5, 0xfc, 0x01, 0x5d, 0x7c, 0x63,
0xcc, 0x95, 0x10, 0xee, 0x3f, 0xd4, 0x4a, 0xdc,
0x24, 0xd8, 0xe9, 0x68, 0xb6, 0xe4, 0x6e, 0x6f,
0x94, 0xd1, 0x9b, 0x94, 0x53, 0x61, 0x72, 0x6b,
0xd7, 0x5e, 0x14, 0x9e, 0xf0, 0x98, 0x17, 0xf5,
0x80
};
/* uncompressed test */
WOLFSSL_SMALL_STACK_STATIC const byte pKey4[] = {
0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd,
0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a,
0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f,
0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78,
0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06,
0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c,
0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61,
0x80
};
/* compressed prefix */
WOLFSSL_SMALL_STACK_STATIC const byte pKey5[] = {
0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd,
0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a,
0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f,
0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78,
0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06,
0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c,
0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61,
0x80
};
WOLFSSL_SMALL_STACK_STATIC const byte pKey6[] = {
0xa8, 0x1b, 0x2e, 0x8a, 0x70, 0xa5, 0xac, 0x94,
0xff, 0xdb, 0xcc, 0x9b, 0xad, 0xfc, 0x3f, 0xeb,
0x08, 0x01, 0xf2, 0x58, 0x57, 0x8b, 0xb1, 0x14,
0xad, 0x44, 0xec, 0xe1, 0xec, 0x0e, 0x79, 0x9d,
0xa0, 0x8e, 0xff, 0xb8, 0x1c, 0x5d, 0x68, 0x5c,
0x0c, 0x56, 0xf6, 0x4e, 0xec, 0xae, 0xf8, 0xcd,
0xf1, 0x1c, 0xc3, 0x87, 0x37, 0x83, 0x8c, 0xf4,
0x00
};
WOLFSSL_SMALL_STACK_STATIC const byte* pKeys[] = {pKey1, pKey2, pKey3, pKey4, pKey5, pKey6};
WOLFSSL_SMALL_STACK_STATIC const byte pKeySz[] = {sizeof(pKey1), sizeof(pKey2), sizeof(pKey3),
sizeof(pKey4), sizeof(pKey5), sizeof(pKey6)};
WOLFSSL_SMALL_STACK_STATIC const byte sig1[] = {
0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25,
0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae,
0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2,
0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f,
0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81,
0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78,
0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39,
0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a,
0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d,
0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41,
0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd,
0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb,
0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26,
0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65,
0x26, 0x00
};
WOLFSSL_SMALL_STACK_STATIC const byte sig2[] = {
0x26, 0xb8, 0xf9, 0x17, 0x27, 0xbd, 0x62, 0x89,
0x7a, 0xf1, 0x5e, 0x41, 0xeb, 0x43, 0xc3, 0x77,
0xef, 0xb9, 0xc6, 0x10, 0xd4, 0x8f, 0x23, 0x35,
0xcb, 0x0b, 0xd0, 0x08, 0x78, 0x10, 0xf4, 0x35,
0x25, 0x41, 0xb1, 0x43, 0xc4, 0xb9, 0x81, 0xb7,
0xe1, 0x8f, 0x62, 0xde, 0x8c, 0xcd, 0xf6, 0x33,
0xfc, 0x1b, 0xf0, 0x37, 0xab, 0x7c, 0xd7, 0x79,
0x80, 0x5e, 0x0d, 0xbc, 0xc0, 0xaa, 0xe1, 0xcb,
0xce, 0xe1, 0xaf, 0xb2, 0xe0, 0x27, 0xdf, 0x36,
0xbc, 0x04, 0xdc, 0xec, 0xbf, 0x15, 0x43, 0x36,
0xc1, 0x9f, 0x0a, 0xf7, 0xe0, 0xa6, 0x47, 0x29,
0x05, 0xe7, 0x99, 0xf1, 0x95, 0x3d, 0x2a, 0x0f,
0xf3, 0x34, 0x8a, 0xb2, 0x1a, 0xa4, 0xad, 0xaf,
0xd1, 0xd2, 0x34, 0x44, 0x1c, 0xf8, 0x07, 0xc0,
0x3a, 0x00
};
WOLFSSL_SMALL_STACK_STATIC const byte sig3[] = {
0x7e, 0xee, 0xab, 0x7c, 0x4e, 0x50, 0xfb, 0x79,
0x9b, 0x41, 0x8e, 0xe5, 0xe3, 0x19, 0x7f, 0xf6,
0xbf, 0x15, 0xd4, 0x3a, 0x14, 0xc3, 0x43, 0x89,
0xb5, 0x9d, 0xd1, 0xa7, 0xb1, 0xb8, 0x5b, 0x4a,
0xe9, 0x04, 0x38, 0xac, 0xa6, 0x34, 0xbe, 0xa4,
0x5e, 0x3a, 0x26, 0x95, 0xf1, 0x27, 0x0f, 0x07,
0xfd, 0xcd, 0xf7, 0xc6, 0x2b, 0x8e, 0xfe, 0xaf,
0x00, 0xb4, 0x5c, 0x2c, 0x96, 0xba, 0x45, 0x7e,
0xb1, 0xa8, 0xbf, 0x07, 0x5a, 0x3d, 0xb2, 0x8e,
0x5c, 0x24, 0xf6, 0xb9, 0x23, 0xed, 0x4a, 0xd7,
0x47, 0xc3, 0xc9, 0xe0, 0x3c, 0x70, 0x79, 0xef,
0xb8, 0x7c, 0xb1, 0x10, 0xd3, 0xa9, 0x98, 0x61,
0xe7, 0x20, 0x03, 0xcb, 0xae, 0x6d, 0x6b, 0x8b,
0x82, 0x7e, 0x4e, 0x6c, 0x14, 0x30, 0x64, 0xff,
0x3c, 0x00
};
/* uncompressed test */
WOLFSSL_SMALL_STACK_STATIC const byte sig4[] = {
0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25,
0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae,
0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2,
0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f,
0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81,
0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78,
0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39,
0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a,
0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d,
0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41,
0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd,
0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb,
0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26,
0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65,
0x26, 0x00
};
/* compressed prefix */
WOLFSSL_SMALL_STACK_STATIC const byte sig5[] = {
0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25,
0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae,
0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2,
0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f,
0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81,
0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78,
0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39,
0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a,
0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d,
0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41,
0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd,
0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb,
0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26,
0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65,
0x26, 0x00
};
WOLFSSL_SMALL_STACK_STATIC const byte sig6[] = {
0xe3, 0x01, 0x34, 0x5a, 0x41, 0xa3, 0x9a, 0x4d,
0x72, 0xff, 0xf8, 0xdf, 0x69, 0xc9, 0x80, 0x75,
0xa0, 0xcc, 0x08, 0x2b, 0x80, 0x2f, 0xc9, 0xb2,
0xb6, 0xbc, 0x50, 0x3f, 0x92, 0x6b, 0x65, 0xbd,
0xdf, 0x7f, 0x4c, 0x8f, 0x1c, 0xb4, 0x9f, 0x63,
0x96, 0xaf, 0xc8, 0xa7, 0x0a, 0xbe, 0x6d, 0x8a,
0xef, 0x0d, 0xb4, 0x78, 0xd4, 0xc6, 0xb2, 0x97,
0x00, 0x76, 0xc6, 0xa0, 0x48, 0x4f, 0xe7, 0x6d,
0x76, 0xb3, 0xa9, 0x76, 0x25, 0xd7, 0x9f, 0x1c,
0xe2, 0x40, 0xe7, 0xc5, 0x76, 0x75, 0x0d, 0x29,
0x55, 0x28, 0x28, 0x6f, 0x71, 0x9b, 0x41, 0x3d,
0xe9, 0xad, 0xa3, 0xe8, 0xeb, 0x78, 0xed, 0x57,
0x36, 0x03, 0xce, 0x30, 0xd8, 0xbb, 0x76, 0x17,
0x85, 0xdc, 0x30, 0xdb, 0xc3, 0x20, 0x86, 0x9e,
0x1a, 0x00
};
WOLFSSL_SMALL_STACK_STATIC const byte* sigs[] = {sig1, sig2, sig3, sig4, sig5, sig6};
#define SIGSZ sizeof(sig1)
PEDANTIC_EXTENSION WOLFSSL_SMALL_STACK_STATIC const byte msg1[] = { 0 };
WOLFSSL_SMALL_STACK_STATIC const byte msg2[] = { 0x03 };
WOLFSSL_SMALL_STACK_STATIC const byte msg3[] = { 0x64, 0xa6, 0x5f, 0x3c, 0xde, 0xdc, 0xdd,
0x66, 0x81, 0x1e, 0x29, 0x15 };
/* test of a 1023 byte long message */
WOLFSSL_SMALL_STACK_STATIC const byte msg4[] = {
0x6d, 0xdf, 0x80, 0x2e, 0x1a, 0xae, 0x49, 0x86,
0x93, 0x5f, 0x7f, 0x98, 0x1b, 0xa3, 0xf0, 0x35,
0x1d, 0x62, 0x73, 0xc0, 0xa0, 0xc2, 0x2c, 0x9c,
0x0e, 0x83, 0x39, 0x16, 0x8e, 0x67, 0x54, 0x12,
0xa3, 0xde, 0xbf, 0xaf, 0x43, 0x5e, 0xd6, 0x51,
0x55, 0x80, 0x07, 0xdb, 0x43, 0x84, 0xb6, 0x50,
0xfc, 0xc0, 0x7e, 0x3b, 0x58, 0x6a, 0x27, 0xa4,
0xf7, 0xa0, 0x0a, 0xc8, 0xa6, 0xfe, 0xc2, 0xcd,
0x86, 0xae, 0x4b, 0xf1, 0x57, 0x0c, 0x41, 0xe6,
0xa4, 0x0c, 0x93, 0x1d, 0xb2, 0x7b, 0x2f, 0xaa,
0x15, 0xa8, 0xce, 0xdd, 0x52, 0xcf, 0xf7, 0x36,
0x2c, 0x4e, 0x6e, 0x23, 0xda, 0xec, 0x0f, 0xbc,
0x3a, 0x79, 0xb6, 0x80, 0x6e, 0x31, 0x6e, 0xfc,
0xc7, 0xb6, 0x81, 0x19, 0xbf, 0x46, 0xbc, 0x76,
0xa2, 0x60, 0x67, 0xa5, 0x3f, 0x29, 0x6d, 0xaf,
0xdb, 0xdc, 0x11, 0xc7, 0x7f, 0x77, 0x77, 0xe9,
0x72, 0x66, 0x0c, 0xf4, 0xb6, 0xa9, 0xb3, 0x69,
0xa6, 0x66, 0x5f, 0x02, 0xe0, 0xcc, 0x9b, 0x6e,
0xdf, 0xad, 0x13, 0x6b, 0x4f, 0xab, 0xe7, 0x23,
0xd2, 0x81, 0x3d, 0xb3, 0x13, 0x6c, 0xfd, 0xe9,
0xb6, 0xd0, 0x44, 0x32, 0x2f, 0xee, 0x29, 0x47,
0x95, 0x2e, 0x03, 0x1b, 0x73, 0xab, 0x5c, 0x60,
0x33, 0x49, 0xb3, 0x07, 0xbd, 0xc2, 0x7b, 0xc6,
0xcb, 0x8b, 0x8b, 0xbd, 0x7b, 0xd3, 0x23, 0x21,
0x9b, 0x80, 0x33, 0xa5, 0x81, 0xb5, 0x9e, 0xad,
0xeb, 0xb0, 0x9b, 0x3c, 0x4f, 0x3d, 0x22, 0x77,
0xd4, 0xf0, 0x34, 0x36, 0x24, 0xac, 0xc8, 0x17,
0x80, 0x47, 0x28, 0xb2, 0x5a, 0xb7, 0x97, 0x17,
0x2b, 0x4c, 0x5c, 0x21, 0xa2, 0x2f, 0x9c, 0x78,
0x39, 0xd6, 0x43, 0x00, 0x23, 0x2e, 0xb6, 0x6e,
0x53, 0xf3, 0x1c, 0x72, 0x3f, 0xa3, 0x7f, 0xe3,
0x87, 0xc7, 0xd3, 0xe5, 0x0b, 0xdf, 0x98, 0x13,
0xa3, 0x0e, 0x5b, 0xb1, 0x2c, 0xf4, 0xcd, 0x93,
0x0c, 0x40, 0xcf, 0xb4, 0xe1, 0xfc, 0x62, 0x25,
0x92, 0xa4, 0x95, 0x88, 0x79, 0x44, 0x94, 0xd5,
0x6d, 0x24, 0xea, 0x4b, 0x40, 0xc8, 0x9f, 0xc0,
0x59, 0x6c, 0xc9, 0xeb, 0xb9, 0x61, 0xc8, 0xcb,
0x10, 0xad, 0xde, 0x97, 0x6a, 0x5d, 0x60, 0x2b,
0x1c, 0x3f, 0x85, 0xb9, 0xb9, 0xa0, 0x01, 0xed,
0x3c, 0x6a, 0x4d, 0x3b, 0x14, 0x37, 0xf5, 0x20,
0x96, 0xcd, 0x19, 0x56, 0xd0, 0x42, 0xa5, 0x97,
0xd5, 0x61, 0xa5, 0x96, 0xec, 0xd3, 0xd1, 0x73,
0x5a, 0x8d, 0x57, 0x0e, 0xa0, 0xec, 0x27, 0x22,
0x5a, 0x2c, 0x4a, 0xaf, 0xf2, 0x63, 0x06, 0xd1,
0x52, 0x6c, 0x1a, 0xf3, 0xca, 0x6d, 0x9c, 0xf5,
0xa2, 0xc9, 0x8f, 0x47, 0xe1, 0xc4, 0x6d, 0xb9,
0xa3, 0x32, 0x34, 0xcf, 0xd4, 0xd8, 0x1f, 0x2c,
0x98, 0x53, 0x8a, 0x09, 0xeb, 0xe7, 0x69, 0x98,
0xd0, 0xd8, 0xfd, 0x25, 0x99, 0x7c, 0x7d, 0x25,
0x5c, 0x6d, 0x66, 0xec, 0xe6, 0xfa, 0x56, 0xf1,
0x11, 0x44, 0x95, 0x0f, 0x02, 0x77, 0x95, 0xe6,
0x53, 0x00, 0x8f, 0x4b, 0xd7, 0xca, 0x2d, 0xee,
0x85, 0xd8, 0xe9, 0x0f, 0x3d, 0xc3, 0x15, 0x13,
0x0c, 0xe2, 0xa0, 0x03, 0x75, 0xa3, 0x18, 0xc7,
0xc3, 0xd9, 0x7b, 0xe2, 0xc8, 0xce, 0x5b, 0x6d,
0xb4, 0x1a, 0x62, 0x54, 0xff, 0x26, 0x4f, 0xa6,
0x15, 0x5b, 0xae, 0xe3, 0xb0, 0x77, 0x3c, 0x0f,
0x49, 0x7c, 0x57, 0x3f, 0x19, 0xbb, 0x4f, 0x42,
0x40, 0x28, 0x1f, 0x0b, 0x1f, 0x4f, 0x7b, 0xe8,
0x57, 0xa4, 0xe5, 0x9d, 0x41, 0x6c, 0x06, 0xb4,
0xc5, 0x0f, 0xa0, 0x9e, 0x18, 0x10, 0xdd, 0xc6,
0xb1, 0x46, 0x7b, 0xae, 0xac, 0x5a, 0x36, 0x68,
0xd1, 0x1b, 0x6e, 0xca, 0xa9, 0x01, 0x44, 0x00,
0x16, 0xf3, 0x89, 0xf8, 0x0a, 0xcc, 0x4d, 0xb9,
0x77, 0x02, 0x5e, 0x7f, 0x59, 0x24, 0x38, 0x8c,
0x7e, 0x34, 0x0a, 0x73, 0x2e, 0x55, 0x44, 0x40,
0xe7, 0x65, 0x70, 0xf8, 0xdd, 0x71, 0xb7, 0xd6,
0x40, 0xb3, 0x45, 0x0d, 0x1f, 0xd5, 0xf0, 0x41,
0x0a, 0x18, 0xf9, 0xa3, 0x49, 0x4f, 0x70, 0x7c,
0x71, 0x7b, 0x79, 0xb4, 0xbf, 0x75, 0xc9, 0x84,
0x00, 0xb0, 0x96, 0xb2, 0x16, 0x53, 0xb5, 0xd2,
0x17, 0xcf, 0x35, 0x65, 0xc9, 0x59, 0x74, 0x56,
0xf7, 0x07, 0x03, 0x49, 0x7a, 0x07, 0x87, 0x63,
0x82, 0x9b, 0xc0, 0x1b, 0xb1, 0xcb, 0xc8, 0xfa,
0x04, 0xea, 0xdc, 0x9a, 0x6e, 0x3f, 0x66, 0x99,
0x58, 0x7a, 0x9e, 0x75, 0xc9, 0x4e, 0x5b, 0xab,
0x00, 0x36, 0xe0, 0xb2, 0xe7, 0x11, 0x39, 0x2c,
0xff, 0x00, 0x47, 0xd0, 0xd6, 0xb0, 0x5b, 0xd2,
0xa5, 0x88, 0xbc, 0x10, 0x97, 0x18, 0x95, 0x42,
0x59, 0xf1, 0xd8, 0x66, 0x78, 0xa5, 0x79, 0xa3,
0x12, 0x0f, 0x19, 0xcf, 0xb2, 0x96, 0x3f, 0x17,
0x7a, 0xeb, 0x70, 0xf2, 0xd4, 0x84, 0x48, 0x26,
0x26, 0x2e, 0x51, 0xb8, 0x02, 0x71, 0x27, 0x20,
0x68, 0xef, 0x5b, 0x38, 0x56, 0xfa, 0x85, 0x35,
0xaa, 0x2a, 0x88, 0xb2, 0xd4, 0x1f, 0x2a, 0x0e,
0x2f, 0xda, 0x76, 0x24, 0xc2, 0x85, 0x02, 0x72,
0xac, 0x4a, 0x2f, 0x56, 0x1f, 0x8f, 0x2f, 0x7a,
0x31, 0x8b, 0xfd, 0x5c, 0xaf, 0x96, 0x96, 0x14,
0x9e, 0x4a, 0xc8, 0x24, 0xad, 0x34, 0x60, 0x53,
0x8f, 0xdc, 0x25, 0x42, 0x1b, 0xee, 0xc2, 0xcc,
0x68, 0x18, 0x16, 0x2d, 0x06, 0xbb, 0xed, 0x0c,
0x40, 0xa3, 0x87, 0x19, 0x23, 0x49, 0xdb, 0x67,
0xa1, 0x18, 0xba, 0xda, 0x6c, 0xd5, 0xab, 0x01,
0x40, 0xee, 0x27, 0x32, 0x04, 0xf6, 0x28, 0xaa,
0xd1, 0xc1, 0x35, 0xf7, 0x70, 0x27, 0x9a, 0x65,
0x1e, 0x24, 0xd8, 0xc1, 0x4d, 0x75, 0xa6, 0x05,
0x9d, 0x76, 0xb9, 0x6a, 0x6f, 0xd8, 0x57, 0xde,
0xf5, 0xe0, 0xb3, 0x54, 0xb2, 0x7a, 0xb9, 0x37,
0xa5, 0x81, 0x5d, 0x16, 0xb5, 0xfa, 0xe4, 0x07,
0xff, 0x18, 0x22, 0x2c, 0x6d, 0x1e, 0xd2, 0x63,
0xbe, 0x68, 0xc9, 0x5f, 0x32, 0xd9, 0x08, 0xbd,
0x89, 0x5c, 0xd7, 0x62, 0x07, 0xae, 0x72, 0x64,
0x87, 0x56, 0x7f, 0x9a, 0x67, 0xda, 0xd7, 0x9a,
0xbe, 0xc3, 0x16, 0xf6, 0x83, 0xb1, 0x7f, 0x2d,
0x02, 0xbf, 0x07, 0xe0, 0xac, 0x8b, 0x5b, 0xc6,
0x16, 0x2c, 0xf9, 0x46, 0x97, 0xb3, 0xc2, 0x7c,
0xd1, 0xfe, 0xa4, 0x9b, 0x27, 0xf2, 0x3b, 0xa2,
0x90, 0x18, 0x71, 0x96, 0x25, 0x06, 0x52, 0x0c,
0x39, 0x2d, 0xa8, 0xb6, 0xad, 0x0d, 0x99, 0xf7,
0x01, 0x3f, 0xbc, 0x06, 0xc2, 0xc1, 0x7a, 0x56,
0x95, 0x00, 0xc8, 0xa7, 0x69, 0x64, 0x81, 0xc1,
0xcd, 0x33, 0xe9, 0xb1, 0x4e, 0x40, 0xb8, 0x2e,
0x79, 0xa5, 0xf5, 0xdb, 0x82, 0x57, 0x1b, 0xa9,
0x7b, 0xae, 0x3a, 0xd3, 0xe0, 0x47, 0x95, 0x15,
0xbb, 0x0e, 0x2b, 0x0f, 0x3b, 0xfc, 0xd1, 0xfd,
0x33, 0x03, 0x4e, 0xfc, 0x62, 0x45, 0xed, 0xdd,
0x7e, 0xe2, 0x08, 0x6d, 0xda, 0xe2, 0x60, 0x0d,
0x8c, 0xa7, 0x3e, 0x21, 0x4e, 0x8c, 0x2b, 0x0b,
0xdb, 0x2b, 0x04, 0x7c, 0x6a, 0x46, 0x4a, 0x56,
0x2e, 0xd7, 0x7b, 0x73, 0xd2, 0xd8, 0x41, 0xc4,
0xb3, 0x49, 0x73, 0x55, 0x12, 0x57, 0x71, 0x3b,
0x75, 0x36, 0x32, 0xef, 0xba, 0x34, 0x81, 0x69,
0xab, 0xc9, 0x0a, 0x68, 0xf4, 0x26, 0x11, 0xa4,
0x01, 0x26, 0xd7, 0xcb, 0x21, 0xb5, 0x86, 0x95,
0x56, 0x81, 0x86, 0xf7, 0xe5, 0x69, 0xd2, 0xff,
0x0f, 0x9e, 0x74, 0x5d, 0x04, 0x87, 0xdd, 0x2e,
0xb9, 0x97, 0xca, 0xfc, 0x5a, 0xbf, 0x9d, 0xd1,
0x02, 0xe6, 0x2f, 0xf6, 0x6c, 0xba, 0x87
};
WOLFSSL_SMALL_STACK_STATIC const byte* msgs[] = {msg1, msg2, msg3, msg1, msg1, msg4};
WOLFSSL_SMALL_STACK_STATIC const word16 msgSz[] = {0 /*sizeof(msg1)*/,
sizeof(msg2),
sizeof(msg3),
0 /*sizeof(msg1)*/,
0 /*sizeof(msg1)*/,
sizeof(msg4)
};
for (i = 0; i < 6; i++) {
outlen = sizeof(out);
XMEMSET(out, 0, sizeof(out));
if (wc_ed448_import_private_key(sKeys[i], ED448_KEY_SIZE, pKeys[i],
pKeySz[i], key) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit_ed448_kat);
if (wc_ed448_sign_msg(msgs[i], msgSz[i], out, &outlen, key, NULL,
0) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit_ed448_kat);
if (XMEMCMP(out, sigs[i], 114))
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit_ed448_kat);
#if defined(HAVE_ED448_VERIFY)
/* test verify on good msg */
if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, key,
NULL, 0) != 0 || verify != 1)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit_ed448_kat);
#ifdef WOLFSSL_ED448_STREAMING_VERIFY
/* test verify on good msg using streaming interface directly */
if (wc_ed448_verify_msg_init(out, outlen,
key, (byte)Ed448, NULL, 0) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit_ed448_kat);
for (j = 0; j < msgSz[i]; j += i) {
if (wc_ed448_verify_msg_update(msgs[i] + j, MIN(i, msgSz[i] - j), key) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit_ed448_kat);
}
if (wc_ed448_verify_msg_final(out, outlen, &verify,
key) != 0 || verify != 1)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit_ed448_kat);
#endif /* WOLFSSL_ED448_STREAMING_VERIFY */
/* test verify on bad msg */
out[outlen-2] = out[outlen-2] + 1;
if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, key,
NULL, 0) == 0 || verify == 1)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit_ed448_kat);
#endif /* HAVE_ED448_VERIFY */
/* test api for import/exporting keys */
{
word32 exportPSz = ED448_KEY_SIZE;
word32 exportSSz = ED448_KEY_SIZE;
#ifdef WOLFSSL_NO_MALLOC
byte exportPKey[exportPSz];
byte exportSKey[exportSSz];
#else
byte *exportPKey = NULL;
byte *exportSKey = NULL;
exportPKey = (byte *)XMALLOC(exportPSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
exportSKey = (byte *)XMALLOC(exportSSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if ((exportPKey == NULL) || (exportSKey == NULL)) {
XFREE(exportPKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(exportSKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_ed448_kat);
}
#endif
ret = 0;
do {
if (wc_ed448_export_public(key, exportPKey, &exportPSz) != 0) {
ret = WC_TEST_RET_ENC_I(i);
break;
}
if (wc_ed448_import_public_ex(exportPKey, exportPSz, key2, 1) != 0) {
ret = WC_TEST_RET_ENC_I(i);
break;
}
if (wc_ed448_export_private_only(key, exportSKey, &exportSSz) != 0) {
ret = WC_TEST_RET_ENC_I(i);
break;
}
if (wc_ed448_import_private_key(exportSKey, exportSSz,
exportPKey, exportPSz, key2) != 0) {
ret = WC_TEST_RET_ENC_I(i);
break;
}
/* clear "out" buffer and test sign with imported keys */
outlen = sizeof(out);
XMEMSET(out, 0, sizeof(out));
if (wc_ed448_sign_msg(msgs[i], msgSz[i], out, &outlen, key2, NULL,
0) != 0) {
ret = WC_TEST_RET_ENC_I(i);
break;
}
} while(0);
#ifndef WOLFSSL_NO_MALLOC
XFREE(exportPKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(exportSKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
if (ret != 0)
goto exit_ed448_kat;
}
#if defined(HAVE_ED448_VERIFY)
if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, key2,
NULL, 0) != 0 || verify != 1)
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit_ed448_kat);
if (XMEMCMP(out, sigs[i], SIGSZ))
ERROR_OUT(WC_TEST_RET_ENC_I(i), exit_ed448_kat);
#endif /* HAVE_ED448_VERIFY */
}
exit_ed448_kat:
return ret;
}
#ifndef NO_ASN
static wc_test_ret_t ed448_asn_test(ed448_key* key3)
{
wc_test_ret_t ret;
byte out[ED448_SIG_SIZE];
word32 outlen = sizeof(out);
word32 idx;
#ifdef HAVE_ED448_VERIFY
int verify;
#endif
static const byte privateEd448[] = {
0x30, 0x47, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06,
0x03, 0x2b, 0x65, 0x71, 0x04, 0x3b, 0x04, 0x39,
0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10,
0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf,
0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f,
0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3,
0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f,
0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9,
0x5b
};
static const byte publicEd448[] = {
0x30, 0x43, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
0x71, 0x03, 0x3a, 0x00, 0x5f, 0xd7, 0x44, 0x9b,
0x59, 0xb4, 0x61, 0xfd, 0x2c, 0xe7, 0x87, 0xec,
0x61, 0x6a, 0xd4, 0x6a, 0x1d, 0xa1, 0x34, 0x24,
0x85, 0xa7, 0x0e, 0x1f, 0x8a, 0x0e, 0xa7, 0x5d,
0x80, 0xe9, 0x67, 0x78, 0xed, 0xf1, 0x24, 0x76,
0x9b, 0x46, 0xc7, 0x06, 0x1b, 0xd6, 0x78, 0x3d,
0xf1, 0xe5, 0x0f, 0x6c, 0xd1, 0xfa, 0x1a, 0xbe,
0xaf, 0xe8, 0x25, 0x61, 0x80
};
static const byte privPubEd448[] = {
0x30, 0x81, 0x82, 0x02, 0x01, 0x00, 0x30, 0x05,
0x06, 0x03, 0x2b, 0x65, 0x71, 0x04, 0x3b, 0x04,
0x39, 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d,
0x10, 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e,
0xbf, 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c,
0x9f, 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48,
0xa3, 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04,
0x4e, 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f,
0x8f, 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98,
0xf9, 0x5b, 0x81, 0x39, 0x5f, 0xd7, 0x44, 0x9b,
0x59, 0xb4, 0x61, 0xfd, 0x2c, 0xe7, 0x87, 0xec,
0x61, 0x6a, 0xd4, 0x6a, 0x1d, 0xa1, 0x34, 0x24,
0x85, 0xa7, 0x0e, 0x1f, 0x8a, 0x0e, 0xa7, 0x5d,
0x80, 0xe9, 0x67, 0x78, 0xed, 0xf1, 0x24, 0x76,
0x9b, 0x46, 0xc7, 0x06, 0x1b, 0xd6, 0x78, 0x3d,
0xf1, 0xe5, 0x0f, 0x6c, 0xd1, 0xfa, 0x1a, 0xbe,
0xaf, 0xe8, 0x25, 0x61, 0x80
};
PEDANTIC_EXTENSION WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { 0 };
WOLFSSL_SMALL_STACK_STATIC const byte sig[] = {
0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25,
0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae,
0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2,
0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f,
0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81,
0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78,
0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39,
0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a,
0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d,
0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41,
0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd,
0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb,
0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26,
0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65,
0x26, 0x00
};
XMEMSET(out, 0, sizeof(out));
/* Try ASN.1 encoded private-only key and public key. */
idx = 0;
ret = wc_Ed448PrivateKeyDecode(privateEd448, &idx, key3,
sizeof(privateEd448));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ed448_sign_msg(msg, 0, out, &outlen, key3, NULL, 0);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
idx = 0;
ret = wc_Ed448PublicKeyDecode(publicEd448, &idx, key3, sizeof(publicEd448));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ed448_sign_msg(msg, 0, out, &outlen, key3, NULL, 0);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(out, sig, sizeof(sig)))
return WC_TEST_RET_ENC_NC;
#if defined(HAVE_ED448_VERIFY)
/* test verify on good msg */
ret = wc_ed448_verify_msg(out, outlen, msg, 0, &verify, key3,
NULL, 0);
if (ret != 0 || verify != 1)
return WC_TEST_RET_ENC_EC(ret);
#endif /* HAVE_ED448_VERIFY */
wc_ed448_free(key3);
ret = wc_ed448_init(key3);
if (ret < 0)
return WC_TEST_RET_ENC_EC(ret);
idx = 0;
ret = wc_Ed448PrivateKeyDecode(privPubEd448, &idx, key3,
sizeof(privPubEd448));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ed448_sign_msg(msg, 0, out, &outlen, key3, NULL, 0);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(out, sig, sizeof(sig)))
return WC_TEST_RET_ENC_NC;
return 0;
}
#endif /* NO_ASN */
#endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void)
{
wc_test_ret_t ret;
WC_RNG rng;
word32 keySz, sigSz;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
ed448_key *key = NULL;
ed448_key *key2 = NULL;
#else
ed448_key key[1];
ed448_key key2[1];
#endif
#if !defined(NO_ASN) && defined(HAVE_ED448_SIGN)
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
ed448_key *key3 = NULL;
#else
ed448_key key3[1];
#endif
#endif
WOLFSSL_ENTER("ed448_test");
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
key = (ed448_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
key2 = (ed448_key *)XMALLOC(sizeof(*key2), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#if !defined(NO_ASN) && defined(HAVE_ED448_SIGN)
key3 = (ed448_key *)XMALLOC(sizeof(*key3), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#endif
/* create ed448 keys */
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
ret = wc_InitRng(&rng);
#endif
if (ret != 0) {
XMEMSET(&rng, 0, sizeof(rng));
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
ret = wc_ed448_init(key);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_ed448_init(key2);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#if !defined(NO_ASN) && defined(HAVE_ED448_SIGN)
ret = wc_ed448_init(key3);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, key);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, key2);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* helper functions for signature and key size */
keySz = (word32)wc_ed448_size(key);
sigSz = (word32)wc_ed448_sig_size(key);
#if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) &&\
defined(HAVE_ED448_KEY_IMPORT)
ret = ed448_kat_test(key, key2);
if (ret != 0)
goto out;
ret = ed448_ctx_test();
if (ret != 0)
goto out;
ret = ed448ph_test();
if (ret != 0)
goto out;
#ifndef NO_ASN
ret = ed448_asn_test(key3);
if (ret != 0)
goto out;
#endif /* NO_ASN */
#endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */
ret = 0;
out:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (key) {
wc_ed448_free(key);
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
if (key2) {
wc_ed448_free(key2);
XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#if !defined(NO_ASN) && defined(HAVE_ED448_SIGN)
if (key3) {
wc_ed448_free(key3);
XFREE(key3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif
#else
wc_ed448_free(key);
wc_ed448_free(key2);
#if !defined(NO_ASN) && defined(HAVE_ED448_SIGN)
wc_ed448_free(key3);
#endif
#endif
#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
wc_FreeRng(&rng);
#endif
if (ret < 0)
return ret;
/* hush warnings of unused keySz and sigSz */
(void)keySz;
(void)sigSz;
#if defined(HAVE_ED448_KEY_IMPORT)
ret = ed448_test_check_key();
if (ret < 0)
return ret;
#endif
#if defined(HAVE_ED448_KEY_EXPORT) && defined(HAVE_ED448_KEY_IMPORT)
ret = ed448_export_key_no_pub_test();
if (ret < 0)
return ret;
#endif
#ifdef WOLFSSL_TEST_CERT
ret = ed448_test_cert();
if (ret < 0)
return ret;
#ifdef WOLFSSL_CERT_GEN
ret = ed448_test_make_cert();
if (ret < 0)
return ret;
#endif /* WOLFSSL_CERT_GEN */
#endif /* WOLFSSL_TEST_CERT */
return 0;
}
#endif /* HAVE_ED448 */
#ifdef WOLFSSL_HAVE_MLKEM
#if !defined(WOLFSSL_NO_KYBER512) && !defined(WOLFSSL_NO_ML_KEM_512)
static wc_test_ret_t mlkem512_kat(void)
{
wc_test_ret_t ret;
#ifdef WOLFSSL_SMALL_STACK
MlKemKey *key = NULL;
#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
byte *priv = NULL;
byte *pub = NULL;
#endif
#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
byte *ct = NULL;
byte *ss = NULL;
#endif
#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
byte *ss_dec = NULL;
#endif
#else
MlKemKey key[1];
#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
byte priv[KYBER512_PRIVATE_KEY_SIZE];
byte pub[KYBER512_PUBLIC_KEY_SIZE];
#endif
#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
byte ct[KYBER512_CIPHER_TEXT_SIZE];
byte ss[KYBER_SS_SZ];
#endif
#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
byte ss_dec[KYBER_SS_SZ];
#endif
#endif
int key_inited = 0;
const int katDevId = INVALID_DEVID;
WOLFSSL_SMALL_STACK_STATIC const byte kyber512_rand[] = {
0x7c, 0x99, 0x35, 0xa0, 0xb0, 0x76, 0x94, 0xaa,
0x0c, 0x6d, 0x10, 0xe4, 0xdb, 0x6b, 0x1a, 0xdd,
0x2f, 0xd8, 0x1a, 0x25, 0xcc, 0xb1, 0x48, 0x03,
0x2d, 0xcd, 0x73, 0x99, 0x36, 0x73, 0x7f, 0x2d,
0x86, 0x26, 0xED, 0x79, 0xD4, 0x51, 0x14, 0x08,
0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21,
0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
};
WOLFSSL_SMALL_STACK_STATIC const byte kyber512enc_rand[] = {
0x14, 0x7c, 0x03, 0xf7, 0xa5, 0xbe, 0xbb, 0xa4,
0x06, 0xc8, 0xfa, 0xe1, 0x87, 0x4d, 0x7f, 0x13,
0xc8, 0x0e, 0xfe, 0x79, 0xa3, 0xa9, 0xa8, 0x74,
0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15
};
#ifdef WOLFSSL_MLKEM_KYBER
WOLFSSL_SMALL_STACK_STATIC const byte kyber512_pk[] = {
0x11, 0x5A, 0xCE, 0x0E, 0x64, 0x67, 0x7C, 0xBB,
0x7D, 0xCF, 0xC9, 0x3C, 0x16, 0xD3, 0xA3, 0x05,
0xF6, 0x76, 0x15, 0xA4, 0x88, 0xD7, 0x11, 0xAA,
0x56, 0x69, 0x8C, 0x56, 0x63, 0xAB, 0x7A, 0xC9,
0xCE, 0x66, 0xD5, 0x47, 0xC0, 0x59, 0x5F, 0x98,
0xA4, 0x3F, 0x46, 0x50, 0xBB, 0xE0, 0x8C, 0x36,
0x4D, 0x97, 0x67, 0x89, 0x11, 0x7D, 0x34, 0xF6,
0xAE, 0x51, 0xAC, 0x06, 0x3C, 0xB5, 0x5C, 0x6C,
0xA3, 0x25, 0x58, 0x22, 0x7D, 0xFE, 0xF8, 0x07,
0xD1, 0x9C, 0x30, 0xDE, 0x41, 0x44, 0x24, 0x09,
0x7F, 0x6A, 0xA2, 0x36, 0xA1, 0x05, 0x3B, 0x4A,
0x07, 0xA7, 0x6B, 0xE3, 0x72, 0xA5, 0xC6, 0xB6,
0x00, 0x27, 0x91, 0xEB, 0xE0, 0xAF, 0xDA, 0xF5,
0x4E, 0x1C, 0xA2, 0x37, 0xFF, 0x54, 0x5B, 0xA6,
0x83, 0x43, 0xE7, 0x45, 0xC0, 0x4A, 0xD1, 0x63,
0x9D, 0xBC, 0x59, 0x03, 0x46, 0xB6, 0xB9, 0x56,
0x9B, 0x56, 0xDB, 0xBF, 0xE5, 0x31, 0x51, 0x91,
0x30, 0x66, 0xE5, 0xC8, 0x55, 0x27, 0xDC, 0x94,
0x68, 0x11, 0x0A, 0x13, 0x6A, 0x41, 0x14, 0x97,
0xC2, 0x27, 0xDC, 0xB8, 0xC9, 0xB2, 0x55, 0x70,
0xB7, 0xA0, 0xE4, 0x2A, 0xAD, 0xA6, 0x70, 0x9F,
0x23, 0x20, 0x8F, 0x5D, 0x49, 0x6E, 0xBA, 0xB7,
0x84, 0x3F, 0x64, 0x83, 0xBF, 0x0C, 0x0C, 0x73,
0xA4, 0x02, 0x96, 0xEC, 0x2C, 0x64, 0x40, 0x00,
0x13, 0x94, 0xC9, 0x9C, 0xA1, 0x73, 0xD5, 0xC7,
0x75, 0xB7, 0xF4, 0x15, 0xD0, 0x2A, 0x5A, 0x26,
0xA0, 0x74, 0x07, 0x91, 0x85, 0x87, 0xC4, 0x11,
0x69, 0xF2, 0xB7, 0x17, 0x87, 0x55, 0xAC, 0xC2,
0x7F, 0xC8, 0xB1, 0x9C, 0x4C, 0x4B, 0x3F, 0xCD,
0x41, 0x05, 0x3F, 0x2C, 0x74, 0xC8, 0xA1, 0x0A,
0x83, 0x21, 0x24, 0x1B, 0x28, 0x02, 0x43, 0x28,
0x75, 0xAE, 0x80, 0x8B, 0x9E, 0xF1, 0x36, 0x5C,
0x7B, 0x8A, 0x52, 0x90, 0x2F, 0x13, 0x17, 0xBA,
0x2F, 0xB0, 0x26, 0x9F, 0x47, 0x93, 0x06, 0x72,
0x10, 0x7B, 0x47, 0x26, 0xFE, 0xF6, 0x45, 0x47,
0x39, 0x4D, 0x33, 0x20, 0xC8, 0xF1, 0x20, 0xB3,
0xC2, 0xF4, 0x72, 0x5B, 0x03, 0x05, 0xFA, 0xB8,
0x8C, 0xC7, 0x98, 0x1F, 0xCB, 0x09, 0xA7, 0x6A,
0x1C, 0xBF, 0x7F, 0x17, 0x9F, 0x43, 0xBB, 0x0A,
0x4C, 0x8B, 0x05, 0x90, 0x85, 0x7F, 0x1E, 0x69,
0x70, 0x84, 0x66, 0xC7, 0xF8, 0x60, 0x73, 0x91,
0xE7, 0xBC, 0x52, 0x68, 0xBF, 0xD3, 0xD7, 0xA1,
0xDF, 0xFC, 0xB4, 0xEC, 0xA2, 0xA1, 0xC9, 0xB5,
0x97, 0x59, 0x30, 0x13, 0xD5, 0xFC, 0x42, 0x02,
0xEC, 0x2B, 0x74, 0xE5, 0x7A, 0xB7, 0x6B, 0xBC,
0xF3, 0x63, 0x2B, 0xBA, 0xF9, 0x7C, 0xDC, 0x41,
0x8A, 0x6F, 0x16, 0x39, 0x28, 0x38, 0xCA, 0x9B,
0xF4, 0x5D, 0xDF, 0x02, 0x37, 0x77, 0xB7, 0x56,
0x18, 0x33, 0xC1, 0x05, 0x19, 0x0F, 0x94, 0xF3,
0x02, 0xC5, 0x9B, 0x53, 0x19, 0x00, 0xBB, 0xC8,
0x16, 0x36, 0x1F, 0xAA, 0x5B, 0x33, 0x80, 0xCA,
0x3A, 0x89, 0x31, 0x04, 0xCA, 0x73, 0x88, 0xB1,
0x85, 0x67, 0x1B, 0x3E, 0x5F, 0xE3, 0x79, 0x0E,
0x9A, 0x62, 0x6E, 0xC4, 0x6D, 0x9B, 0x0B, 0x33,
0xC7, 0xA4, 0x19, 0xAF, 0x7B, 0x32, 0xB6, 0x85,
0x98, 0x94, 0xF5, 0x75, 0xD8, 0x2A, 0xC5, 0x45,
0x6B, 0x54, 0x90, 0xA7, 0xAF, 0x8F, 0xE6, 0x10,
0x46, 0x36, 0x05, 0x89, 0xEC, 0xBA, 0x72, 0x44,
0x23, 0x6F, 0x41, 0x23, 0x11, 0x6B, 0x61, 0x74,
0xAA, 0x17, 0x92, 0x49, 0xA4, 0x91, 0x95, 0xB3,
0x56, 0xC7, 0x2F, 0xC6, 0x64, 0x1F, 0x02, 0x51,
0x81, 0x2E, 0xAA, 0x98, 0x57, 0x0B, 0x04, 0x66,
0x99, 0x07, 0x0E, 0x08, 0x19, 0xDC, 0x27, 0x13,
0xF4, 0x69, 0x13, 0x7D, 0xFC, 0x6A, 0x3D, 0x7B,
0x92, 0xB2, 0x98, 0x99, 0x5E, 0xE7, 0x80, 0x36,
0x91, 0x53, 0xAC, 0x36, 0x6B, 0x06, 0xD7, 0x24,
0x9C, 0xD0, 0x9E, 0x1B, 0x33, 0x78, 0xFB, 0x04,
0x39, 0x9C, 0xEC, 0xB8, 0x65, 0x05, 0x81, 0xD6,
0x37, 0xC7, 0x9A, 0xE6, 0x7D, 0x6F, 0x2C, 0xAF,
0x6A, 0xBA, 0xCF, 0x59, 0x81, 0x59, 0xA7, 0x79,
0x2C, 0xB3, 0xC9, 0x71, 0xD1, 0x49, 0x9D, 0x23,
0x73, 0xAD, 0x20, 0xF6, 0x3F, 0x03, 0xBB, 0x59,
0xED, 0x13, 0x73, 0x84, 0xAC, 0x61, 0xA7, 0x15,
0x51, 0x43, 0xB8, 0xCA, 0x49, 0x32, 0x61, 0x2E,
0xC9, 0x15, 0xE4, 0xCA, 0x34, 0x6A, 0x9B, 0xCE,
0x5D, 0xD6, 0x04, 0x17, 0xC6, 0xB2, 0xA8, 0x9B,
0x1C, 0xC4, 0x35, 0x64, 0x3F, 0x87, 0x5B, 0xDC,
0x5A, 0x7E, 0x5B, 0x34, 0x81, 0xCF, 0x91, 0x9E,
0xA0, 0x91, 0x72, 0xFE, 0xBC, 0x46, 0xD4, 0xFC,
0x3F, 0xB0, 0xCB, 0x95, 0x91, 0x70, 0x4E, 0xE2,
0xDB, 0xB6, 0x18, 0x44, 0xB2, 0xF3, 0x31, 0x4A,
0x06, 0xBB, 0x6C, 0x6D, 0x34, 0x00, 0x5E, 0x48,
0x5C, 0xE6, 0x67, 0xBD, 0xC7, 0xD0, 0x98, 0x58,
0x69, 0x28, 0xD2, 0xD9, 0x13, 0x40, 0xF0, 0x04,
0x19, 0xEA, 0x40, 0x13, 0x51, 0xA2, 0x40, 0xA0,
0xB0, 0x41, 0x05, 0x8B, 0xEF, 0xB0, 0xC2, 0xFD,
0x32, 0x64, 0x5B, 0x7A, 0x2D, 0xF8, 0xF5, 0xCB,
0xFD, 0x87, 0x33, 0x27, 0xC9, 0x78, 0xD7, 0xB3,
0x51, 0xA2, 0x80, 0x88, 0x43, 0x88, 0x37, 0x02,
0x4C, 0x52, 0xB9, 0xC2, 0x95, 0xCD, 0x71, 0x36,
0x46, 0xFB, 0x5D, 0x6C, 0x0C, 0xCF, 0xB4, 0x70,
0x73, 0x4A, 0xC2, 0xB2, 0xBC, 0x81, 0x23, 0xC2,
0xC1, 0x3D, 0xF6, 0x93, 0x8E, 0x92, 0x45, 0x5A,
0x86, 0x26, 0x39, 0xFE, 0xB8, 0xA6, 0x4B, 0x85,
0x16, 0x3E, 0x32, 0x70, 0x7E, 0x03, 0x7B, 0x38,
0xD8, 0xAC, 0x39, 0x22, 0xB4, 0x51, 0x87, 0xBB,
0x65, 0xEA, 0xFD, 0x46, 0x5F, 0xC6, 0x4A, 0x0C,
0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15,
0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22
};
#endif
#ifndef WOLFSSL_NO_ML_KEM
WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_512_pk[] = {
0x40, 0x08, 0x65, 0xed, 0x10, 0xb6, 0x19, 0xaa,
0x58, 0x11, 0x13, 0x9b, 0xc0, 0x86, 0x82, 0x57,
0x82, 0xb2, 0xb7, 0x12, 0x4f, 0x75, 0x7c, 0x83,
0xae, 0x79, 0x44, 0x44, 0xbc, 0x78, 0xa4, 0x78,
0x96, 0xac, 0xf1, 0x26, 0x2c, 0x81, 0x35, 0x10,
0x77, 0x89, 0x3b, 0xfc, 0x56, 0xf9, 0x04, 0x49,
0xc2, 0xfa, 0x5f, 0x6e, 0x58, 0x6d, 0xd3, 0x7c,
0x0b, 0x9b, 0x58, 0x19, 0x92, 0x63, 0x8c, 0xb7,
0xe7, 0xbc, 0xbb, 0xb9, 0x9a, 0xfe, 0x47, 0x81,
0xd8, 0x0a, 0x50, 0xe6, 0x94, 0x63, 0xfb, 0xd9,
0x88, 0x72, 0x2c, 0x36, 0x35, 0x42, 0x3e, 0x27,
0x46, 0x6c, 0x71, 0xdc, 0xc6, 0x74, 0x52, 0x7c,
0xcd, 0x72, 0x89, 0x68, 0xcb, 0xcd, 0xc0, 0x0c,
0x5c, 0x90, 0x35, 0xbb, 0x0a, 0xf2, 0xc9, 0x92,
0x2c, 0x78, 0x81, 0xa4, 0x1d, 0xd2, 0x87, 0x52,
0x73, 0x92, 0x51, 0x31, 0x23, 0x0f, 0x6c, 0xa5,
0x9e, 0x91, 0x36, 0xb3, 0x9f, 0x95, 0x6c, 0x93,
0xb3, 0xb2, 0xd1, 0x4c, 0x64, 0x1b, 0x08, 0x9e,
0x07, 0xd0, 0xa8, 0x40, 0xc8, 0x93, 0xec, 0xd7,
0x6b, 0xbf, 0x92, 0xc8, 0x05, 0x45, 0x66, 0x68,
0xd0, 0x7c, 0x62, 0x14, 0x91, 0xc5, 0xc0, 0x54,
0x99, 0x1a, 0x65, 0x6f, 0x51, 0x16, 0x19, 0x55,
0x6e, 0xb9, 0x77, 0x82, 0xe2, 0x7a, 0x3c, 0x78,
0x51, 0x24, 0xc7, 0x0b, 0x0d, 0xab, 0xa6, 0xc6,
0x24, 0xd1, 0x8e, 0x0f, 0x97, 0x93, 0xf9, 0x6b,
0xa9, 0xe1, 0x59, 0x9b, 0x17, 0xb3, 0x0d, 0xcc,
0xc0, 0xb4, 0xf3, 0x76, 0x6a, 0x07, 0xb2, 0x3b,
0x25, 0x73, 0x09, 0xcd, 0x76, 0xab, 0xa0, 0x72,
0xc2, 0xb9, 0xc9, 0x74, 0x43, 0x94, 0xc6, 0xab,
0x9c, 0xb6, 0xc5, 0x4a, 0x97, 0xb5, 0xc5, 0x78,
0x61, 0xa5, 0x8d, 0xc0, 0xa0, 0x35, 0x19, 0x83,
0x2e, 0xe3, 0x2a, 0x07, 0x65, 0x4a, 0x07, 0x0c,
0x0c, 0x8c, 0x4e, 0x86, 0x48, 0xad, 0xdc, 0x35,
0x5f, 0x27, 0x4f, 0xc6, 0xb9, 0x2a, 0x08, 0x7b,
0x3f, 0x97, 0x51, 0x92, 0x3e, 0x44, 0x27, 0x4f,
0x85, 0x8c, 0x49, 0xca, 0xba, 0x72, 0xb6, 0x58,
0x51, 0xb3, 0xad, 0xc4, 0x89, 0x36, 0x95, 0x50,
0x97, 0xca, 0xd9, 0x55, 0x3f, 0x5a, 0x26, 0x3f,
0x18, 0x44, 0xb5, 0x2a, 0x02, 0x0f, 0xf7, 0xca,
0x89, 0xe8, 0x81, 0xa0, 0x1b, 0x95, 0xd9, 0x57,
0xa3, 0x15, 0x3c, 0x0a, 0x5e, 0x0a, 0x1c, 0xcd,
0x66, 0xb1, 0x82, 0x1a, 0x2b, 0x86, 0x32, 0x54,
0x6e, 0x24, 0xc7, 0xcb, 0xbc, 0x4c, 0xb0, 0x88,
0x08, 0xca, 0xc3, 0x7f, 0x7d, 0xa6, 0xb1, 0x6f,
0x8a, 0xce, 0xd0, 0x52, 0xcd, 0xb2, 0x56, 0x49,
0x48, 0xf1, 0xab, 0x0f, 0x76, 0x8a, 0x0d, 0x32,
0x86, 0xcc, 0xc7, 0xc3, 0x74, 0x9c, 0x63, 0xc7,
0x81, 0x53, 0x0f, 0xa1, 0xae, 0x67, 0x05, 0x42,
0x85, 0x50, 0x04, 0xa6, 0x45, 0xb5, 0x22, 0x88,
0x1e, 0xc1, 0x41, 0x2b, 0xda, 0xe3, 0x42, 0x08,
0x5a, 0x9d, 0xd5, 0xf8, 0x12, 0x6a, 0xf9, 0x6b,
0xbd, 0xb0, 0xc1, 0xaf, 0x69, 0xa1, 0x55, 0x62,
0xcb, 0x2a, 0x15, 0x5a, 0x10, 0x03, 0x09, 0xd1,
0xb6, 0x41, 0xd0, 0x8b, 0x2d, 0x4e, 0xd1, 0x7b,
0xfb, 0xf0, 0xbc, 0x04, 0x26, 0x5f, 0x9b, 0x10,
0xc1, 0x08, 0xf8, 0x50, 0x30, 0x95, 0x04, 0xd7,
0x72, 0x81, 0x1b, 0xba, 0x8e, 0x2b, 0xe1, 0x62,
0x49, 0xaa, 0x73, 0x7d, 0x87, 0x9f, 0xc7, 0xfb,
0x25, 0x5e, 0xe7, 0xa6, 0xa0, 0xa7, 0x53, 0xbd,
0x93, 0x74, 0x1c, 0x61, 0x65, 0x8e, 0xc0, 0x74,
0xf6, 0xe0, 0x02, 0xb0, 0x19, 0x34, 0x57, 0x69,
0x11, 0x3c, 0xc0, 0x13, 0xff, 0x74, 0x94, 0xba,
0x83, 0x78, 0xb1, 0x1a, 0x17, 0x22, 0x60, 0xaa,
0xa5, 0x34, 0x21, 0xbd, 0xe0, 0x3a, 0x35, 0x58,
0x9d, 0x57, 0xe3, 0x22, 0xfe, 0xfa, 0x41, 0x00,
0xa4, 0x74, 0x39, 0x26, 0xab, 0x7d, 0x62, 0x25,
0x8b, 0x87, 0xb3, 0x1c, 0xcb, 0xb5, 0xe6, 0xb8,
0x9c, 0xb1, 0x0b, 0x27, 0x1a, 0xa0, 0x5d, 0x99,
0x4b, 0xb5, 0x70, 0x8b, 0x23, 0xab, 0x32, 0x7e,
0xcb, 0x93, 0xc0, 0xf3, 0x15, 0x68, 0x69, 0xf0,
0x88, 0x3d, 0xa2, 0x06, 0x4f, 0x79, 0x5e, 0x0e,
0x2a, 0xb7, 0xd3, 0xc6, 0x4d, 0x61, 0xd2, 0x30,
0x3f, 0xc3, 0xa2, 0x9e, 0x16, 0x19, 0x92, 0x3c,
0xa8, 0x01, 0xe5, 0x9f, 0xd7, 0x52, 0xca, 0x6e,
0x76, 0x49, 0xd3, 0x03, 0xc9, 0xd2, 0x07, 0x88,
0xe1, 0x21, 0x46, 0x51, 0xb0, 0x69, 0x95, 0xeb,
0x26, 0x0c, 0x92, 0x9a, 0x13, 0x44, 0xa8, 0x49,
0xb2, 0x5c, 0xa0, 0xa0, 0x1f, 0x1e, 0xb5, 0x29,
0x13, 0x68, 0x6b, 0xba, 0x61, 0x9e, 0x23, 0x71,
0x44, 0x64, 0x03, 0x1a, 0x78, 0x43, 0x92, 0x87,
0xfc, 0xa7, 0x8f, 0x4c, 0x04, 0x76, 0x22, 0x3e,
0xea, 0x61, 0xb7, 0xf2, 0x5a, 0x7c, 0xe4, 0x2c,
0xca, 0x90, 0x1b, 0x2a, 0xea, 0x12, 0x98, 0x17,
0x89, 0x4b, 0xa3, 0x47, 0x08, 0x23, 0x85, 0x4f,
0x3e, 0x5b, 0x28, 0xd8, 0x6b, 0xa9, 0x79, 0xe5,
0x46, 0x71, 0x86, 0x2d, 0x90, 0x47, 0x0b, 0x1e,
0x78, 0x38, 0x97, 0x2a, 0x81, 0xa4, 0x81, 0x07,
0xd6, 0xac, 0x06, 0x11, 0x40, 0x6b, 0x21, 0xfb,
0xcc, 0xe1, 0xdb, 0x77, 0x02, 0xea, 0x9d, 0xd6,
0xba, 0x6e, 0x40, 0x52, 0x7b, 0x9d, 0xc6, 0x63,
0xf3, 0xc9, 0x3b, 0xad, 0x05, 0x6d, 0xc2, 0x85,
0x11, 0xf6, 0x6c, 0x3e, 0x0b, 0x92, 0x8d, 0xb8,
0x87, 0x9d, 0x22, 0xc5, 0x92, 0x68, 0x5c, 0xc7,
0x75, 0xa6, 0xcd, 0x57, 0x4a, 0xc3, 0xbc, 0xe3,
0xb2, 0x75, 0x91, 0xc8, 0x21, 0x92, 0x90, 0x76,
0x35, 0x8a, 0x22, 0x00, 0xb3, 0x77, 0x36, 0x5f,
0x7e, 0xfb, 0x9e, 0x40, 0xc3, 0xbf, 0x0f, 0xf0,
0x43, 0x29, 0x86, 0xae, 0x4b, 0xc1, 0xa2, 0x42,
0xce, 0x99, 0x21, 0xaa, 0x9e, 0x22, 0x44, 0x88,
0x19, 0x58, 0x5d, 0xea, 0x30, 0x8e, 0xb0, 0x39
};
#endif
#ifdef WOLFSSL_MLKEM_KYBER
WOLFSSL_SMALL_STACK_STATIC const byte kyber512_sk[] = {
0x6C, 0x89, 0x2B, 0x02, 0x97, 0xA9, 0xC7, 0x64,
0x14, 0x93, 0xF8, 0x7D, 0xAF, 0x35, 0x33, 0xEE,
0xD6, 0x1F, 0x07, 0xF4, 0x65, 0x20, 0x66, 0x33,
0x7E, 0xD7, 0x40, 0x46, 0xDC, 0xC7, 0x1B, 0xA0,
0x3F, 0x30, 0x96, 0x01, 0x03, 0x16, 0x1F, 0x7D,
0xEB, 0x53, 0xA7, 0x1B, 0x11, 0x61, 0x72, 0x63,
0xFE, 0x2A, 0x80, 0x97, 0x69, 0xCE, 0x6D, 0x70,
0xA8, 0x5F, 0xE6, 0x00, 0xEC, 0xE2, 0x9D, 0x7F,
0x36, 0xA1, 0x6D, 0x33, 0x1B, 0x8B, 0x2A, 0x9E,
0x1D, 0xB8, 0xC0, 0x90, 0x74, 0x2D, 0xF0, 0x73,
0x9F, 0xF0, 0x60, 0xCE, 0xB4, 0xEC, 0xC5, 0xAB,
0x1C, 0x5E, 0x55, 0xAC, 0x97, 0xBB, 0x66, 0xA7,
0xF8, 0x95, 0x10, 0x5D, 0x57, 0x78, 0x2B, 0x22,
0x95, 0x38, 0xE3, 0x42, 0x15, 0x44, 0xA3, 0x42,
0x14, 0x08, 0xDB, 0xF4, 0x49, 0x10, 0x93, 0x4C,
0xC4, 0x23, 0x77, 0x4F, 0x16, 0x76, 0xFF, 0x1C,
0x30, 0x6F, 0x97, 0x55, 0x5F, 0x57, 0xB4, 0xAE,
0xD7, 0xA6, 0xBA, 0xB9, 0x50, 0xA8, 0x16, 0x3C,
0x8D, 0x31, 0x8D, 0xEA, 0x62, 0x75, 0x1B, 0xD6,
0xAB, 0xC5, 0x06, 0x9C, 0x06, 0xC8, 0x8F, 0x33,
0x00, 0x26, 0xA1, 0x98, 0x06, 0xA0, 0x3B, 0x97,
0xA7, 0x69, 0x6B, 0x56, 0xDA, 0x21, 0x82, 0x7B,
0xB4, 0xE8, 0xDC, 0x03, 0x11, 0x52, 0xB4, 0x1B,
0x89, 0x2A, 0x9E, 0x99, 0xAD, 0xF6, 0xE1, 0x96,
0x3E, 0x96, 0x57, 0x88, 0x28, 0x15, 0x4F, 0x46,
0x70, 0x33, 0x84, 0x69, 0x20, 0xFB, 0xB4, 0xB8,
0x05, 0x44, 0xE7, 0xE8, 0xA8, 0x1A, 0xE9, 0x63,
0xCF, 0x36, 0x8C, 0x9B, 0xA0, 0x37, 0xA8, 0xC2,
0xAD, 0x62, 0xE3, 0x2B, 0x6E, 0x61, 0xC9, 0x1D,
0x75, 0xCE, 0x00, 0x5A, 0xB3, 0x0F, 0x80, 0x99,
0xA1, 0xF2, 0x9D, 0x7B, 0x63, 0x05, 0xB4, 0xDC,
0x06, 0xE2, 0x56, 0x80, 0xBB, 0x00, 0x99, 0x2F,
0x71, 0x7F, 0xE6, 0xC1, 0x15, 0xA8, 0x08, 0x42,
0x31, 0xCC, 0x79, 0xDD, 0x70, 0x0E, 0xA6, 0x91,
0x2A, 0xC7, 0xFA, 0x0D, 0x93, 0x7B, 0xB6, 0xA7,
0x56, 0x66, 0x22, 0x30, 0x47, 0x0C, 0x18, 0x9B,
0x5A, 0xA1, 0x65, 0x3D, 0xEB, 0x93, 0x7D, 0x5A,
0x9C, 0x25, 0xA2, 0x1D, 0x93, 0xB1, 0x90, 0x74,
0xFC, 0x23, 0x9D, 0x81, 0x53, 0x53, 0x97, 0x97,
0xC7, 0xD4, 0xAB, 0x62, 0x64, 0x9D, 0x76, 0xAA,
0x55, 0x37, 0x36, 0xA9, 0x49, 0x02, 0x2C, 0x22,
0xC5, 0x2B, 0xAE, 0xEC, 0x60, 0x5B, 0x32, 0xCE,
0x9E, 0x5B, 0x93, 0x84, 0x90, 0x35, 0x58, 0xCA,
0x9D, 0x6A, 0x3A, 0xBA, 0x90, 0x42, 0x3E, 0xED,
0xA0, 0x1C, 0x94, 0x19, 0x8B, 0x19, 0x2A, 0x8B,
0xA9, 0x06, 0x34, 0x97, 0xA0, 0xC5, 0x01, 0x33,
0x07, 0xDD, 0xD8, 0x63, 0x52, 0x64, 0x71, 0xA4,
0xD9, 0x95, 0x23, 0xEB, 0x41, 0x7F, 0x29, 0x1A,
0xAC, 0x0C, 0x3A, 0x58, 0x1B, 0x6D, 0xA0, 0x07,
0x32, 0xE5, 0xE8, 0x1B, 0x1F, 0x7C, 0x87, 0x9B,
0x16, 0x93, 0xC1, 0x3B, 0x6F, 0x9F, 0x79, 0x31,
0x62, 0x24, 0x29, 0xE5, 0x42, 0xAF, 0x40, 0x69,
0x22, 0x2F, 0x04, 0x55, 0x44, 0xE0, 0xCC, 0x4F,
0xB2, 0x4D, 0x44, 0x48, 0xCF, 0x2C, 0x65, 0x96,
0xF5, 0xCB, 0x08, 0x62, 0x4B, 0x11, 0x85, 0x01,
0x3B, 0x6B, 0x02, 0x08, 0x92, 0xF9, 0x6B, 0xDF,
0xD4, 0xAD, 0xA9, 0x17, 0x9D, 0xE7, 0x27, 0xB8,
0xD9, 0x42, 0x6E, 0x09, 0x96, 0xB5, 0xD3, 0x49,
0x48, 0xCE, 0x02, 0xD0, 0xC3, 0x69, 0xB3, 0x7C,
0xBB, 0x54, 0xD3, 0x47, 0x9E, 0xD8, 0xB5, 0x82,
0xE9, 0xE7, 0x28, 0x92, 0x9B, 0x4C, 0x71, 0xC9,
0xBE, 0x11, 0xD4, 0x5B, 0x20, 0xC4, 0xBD, 0xC3,
0xC7, 0x43, 0x13, 0x22, 0x3F, 0x58, 0x27, 0x4E,
0x8B, 0xA5, 0x24, 0x44, 0x47, 0xC4, 0x95, 0x95,
0x0B, 0x84, 0xCB, 0x0C, 0x3C, 0x27, 0x36, 0x40,
0x10, 0x8A, 0x33, 0x97, 0x94, 0x45, 0x73, 0x27,
0x93, 0x28, 0x99, 0x6C, 0xDC, 0x0C, 0x91, 0x3C,
0x95, 0x8A, 0xD6, 0x20, 0xBA, 0x8B, 0x5E, 0x5E,
0xCB, 0xBB, 0x7E, 0x13, 0xCB, 0x9C, 0x70, 0xBD,
0x5A, 0xB3, 0x0E, 0xB7, 0x48, 0x8C, 0x97, 0x00,
0x1C, 0x20, 0x49, 0x8F, 0x1D, 0x7C, 0xC0, 0x6D,
0xA7, 0x6B, 0xF5, 0x20, 0xC6, 0x58, 0xCC, 0xAD,
0xFA, 0x29, 0x56, 0x42, 0x45, 0x57, 0xAB, 0xEA,
0x8A, 0xB8, 0x92, 0x39, 0xC1, 0x78, 0x33, 0xDC,
0x3A, 0x49, 0xB3, 0x6A, 0x9A, 0xE9, 0xA4, 0x86,
0x94, 0x05, 0x40, 0xEB, 0x44, 0x4F, 0x97, 0x15,
0x23, 0x57, 0xE0, 0x20, 0x35, 0x93, 0x9D, 0x75,
0xA3, 0xC0, 0x25, 0xF4, 0x1A, 0x40, 0x08, 0x23,
0x82, 0xA0, 0x73, 0x3C, 0x39, 0xB0, 0x62, 0x2B,
0x74, 0x0E, 0x40, 0x75, 0x92, 0xC6, 0x2E, 0xCA,
0xEB, 0x14, 0x32, 0xC4, 0x45, 0xB3, 0x70, 0x3A,
0x86, 0xF6, 0x98, 0x1A, 0x27, 0x81, 0x57, 0xEA,
0x95, 0xA6, 0xE9, 0x2D, 0x55, 0xE4, 0xB9, 0x72,
0xF9, 0x36, 0xC2, 0xF0, 0xA6, 0x58, 0x28, 0x0E,
0xA2, 0xB0, 0x7A, 0x48, 0x99, 0x2D, 0xF8, 0x93,
0x7E, 0x0A, 0x2A, 0xC1, 0xDC, 0xC9, 0x74, 0xFE,
0x00, 0xAA, 0xE1, 0xF5, 0x61, 0xFA, 0x25, 0x8E,
0x2D, 0x25, 0x9C, 0x3E, 0x86, 0x1D, 0xCE, 0x23,
0x60, 0x39, 0x12, 0x76, 0x06, 0xFC, 0x1C, 0xE0,
0x09, 0x00, 0x3A, 0x7B, 0xAC, 0x94, 0x21, 0x01,
0xDC, 0xB8, 0x22, 0xB1, 0xF3, 0xC1, 0x2B, 0xF7,
0x32, 0x38, 0xF5, 0x46, 0xE0, 0x1C, 0x36, 0xB5,
0xA6, 0x93, 0x61, 0x92, 0x99, 0x5C, 0xC6, 0x9C,
0x63, 0x23, 0x74, 0x09, 0xCB, 0x53, 0xC2, 0xE3,
0x5D, 0x74, 0x89, 0x0D, 0x18, 0x88, 0x53, 0x76,
0xFA, 0x55, 0x03, 0xB1, 0x07, 0xA2, 0xA3, 0x92,
0x11, 0x5A, 0xCE, 0x0E, 0x64, 0x67, 0x7C, 0xBB,
0x7D, 0xCF, 0xC9, 0x3C, 0x16, 0xD3, 0xA3, 0x05,
0xF6, 0x76, 0x15, 0xA4, 0x88, 0xD7, 0x11, 0xAA,
0x56, 0x69, 0x8C, 0x56, 0x63, 0xAB, 0x7A, 0xC9,
0xCE, 0x66, 0xD5, 0x47, 0xC0, 0x59, 0x5F, 0x98,
0xA4, 0x3F, 0x46, 0x50, 0xBB, 0xE0, 0x8C, 0x36,
0x4D, 0x97, 0x67, 0x89, 0x11, 0x7D, 0x34, 0xF6,
0xAE, 0x51, 0xAC, 0x06, 0x3C, 0xB5, 0x5C, 0x6C,
0xA3, 0x25, 0x58, 0x22, 0x7D, 0xFE, 0xF8, 0x07,
0xD1, 0x9C, 0x30, 0xDE, 0x41, 0x44, 0x24, 0x09,
0x7F, 0x6A, 0xA2, 0x36, 0xA1, 0x05, 0x3B, 0x4A,
0x07, 0xA7, 0x6B, 0xE3, 0x72, 0xA5, 0xC6, 0xB6,
0x00, 0x27, 0x91, 0xEB, 0xE0, 0xAF, 0xDA, 0xF5,
0x4E, 0x1C, 0xA2, 0x37, 0xFF, 0x54, 0x5B, 0xA6,
0x83, 0x43, 0xE7, 0x45, 0xC0, 0x4A, 0xD1, 0x63,
0x9D, 0xBC, 0x59, 0x03, 0x46, 0xB6, 0xB9, 0x56,
0x9B, 0x56, 0xDB, 0xBF, 0xE5, 0x31, 0x51, 0x91,
0x30, 0x66, 0xE5, 0xC8, 0x55, 0x27, 0xDC, 0x94,
0x68, 0x11, 0x0A, 0x13, 0x6A, 0x41, 0x14, 0x97,
0xC2, 0x27, 0xDC, 0xB8, 0xC9, 0xB2, 0x55, 0x70,
0xB7, 0xA0, 0xE4, 0x2A, 0xAD, 0xA6, 0x70, 0x9F,
0x23, 0x20, 0x8F, 0x5D, 0x49, 0x6E, 0xBA, 0xB7,
0x84, 0x3F, 0x64, 0x83, 0xBF, 0x0C, 0x0C, 0x73,
0xA4, 0x02, 0x96, 0xEC, 0x2C, 0x64, 0x40, 0x00,
0x13, 0x94, 0xC9, 0x9C, 0xA1, 0x73, 0xD5, 0xC7,
0x75, 0xB7, 0xF4, 0x15, 0xD0, 0x2A, 0x5A, 0x26,
0xA0, 0x74, 0x07, 0x91, 0x85, 0x87, 0xC4, 0x11,
0x69, 0xF2, 0xB7, 0x17, 0x87, 0x55, 0xAC, 0xC2,
0x7F, 0xC8, 0xB1, 0x9C, 0x4C, 0x4B, 0x3F, 0xCD,
0x41, 0x05, 0x3F, 0x2C, 0x74, 0xC8, 0xA1, 0x0A,
0x83, 0x21, 0x24, 0x1B, 0x28, 0x02, 0x43, 0x28,
0x75, 0xAE, 0x80, 0x8B, 0x9E, 0xF1, 0x36, 0x5C,
0x7B, 0x8A, 0x52, 0x90, 0x2F, 0x13, 0x17, 0xBA,
0x2F, 0xB0, 0x26, 0x9F, 0x47, 0x93, 0x06, 0x72,
0x10, 0x7B, 0x47, 0x26, 0xFE, 0xF6, 0x45, 0x47,
0x39, 0x4D, 0x33, 0x20, 0xC8, 0xF1, 0x20, 0xB3,
0xC2, 0xF4, 0x72, 0x5B, 0x03, 0x05, 0xFA, 0xB8,
0x8C, 0xC7, 0x98, 0x1F, 0xCB, 0x09, 0xA7, 0x6A,
0x1C, 0xBF, 0x7F, 0x17, 0x9F, 0x43, 0xBB, 0x0A,
0x4C, 0x8B, 0x05, 0x90, 0x85, 0x7F, 0x1E, 0x69,
0x70, 0x84, 0x66, 0xC7, 0xF8, 0x60, 0x73, 0x91,
0xE7, 0xBC, 0x52, 0x68, 0xBF, 0xD3, 0xD7, 0xA1,
0xDF, 0xFC, 0xB4, 0xEC, 0xA2, 0xA1, 0xC9, 0xB5,
0x97, 0x59, 0x30, 0x13, 0xD5, 0xFC, 0x42, 0x02,
0xEC, 0x2B, 0x74, 0xE5, 0x7A, 0xB7, 0x6B, 0xBC,
0xF3, 0x63, 0x2B, 0xBA, 0xF9, 0x7C, 0xDC, 0x41,
0x8A, 0x6F, 0x16, 0x39, 0x28, 0x38, 0xCA, 0x9B,
0xF4, 0x5D, 0xDF, 0x02, 0x37, 0x77, 0xB7, 0x56,
0x18, 0x33, 0xC1, 0x05, 0x19, 0x0F, 0x94, 0xF3,
0x02, 0xC5, 0x9B, 0x53, 0x19, 0x00, 0xBB, 0xC8,
0x16, 0x36, 0x1F, 0xAA, 0x5B, 0x33, 0x80, 0xCA,
0x3A, 0x89, 0x31, 0x04, 0xCA, 0x73, 0x88, 0xB1,
0x85, 0x67, 0x1B, 0x3E, 0x5F, 0xE3, 0x79, 0x0E,
0x9A, 0x62, 0x6E, 0xC4, 0x6D, 0x9B, 0x0B, 0x33,
0xC7, 0xA4, 0x19, 0xAF, 0x7B, 0x32, 0xB6, 0x85,
0x98, 0x94, 0xF5, 0x75, 0xD8, 0x2A, 0xC5, 0x45,
0x6B, 0x54, 0x90, 0xA7, 0xAF, 0x8F, 0xE6, 0x10,
0x46, 0x36, 0x05, 0x89, 0xEC, 0xBA, 0x72, 0x44,
0x23, 0x6F, 0x41, 0x23, 0x11, 0x6B, 0x61, 0x74,
0xAA, 0x17, 0x92, 0x49, 0xA4, 0x91, 0x95, 0xB3,
0x56, 0xC7, 0x2F, 0xC6, 0x64, 0x1F, 0x02, 0x51,
0x81, 0x2E, 0xAA, 0x98, 0x57, 0x0B, 0x04, 0x66,
0x99, 0x07, 0x0E, 0x08, 0x19, 0xDC, 0x27, 0x13,
0xF4, 0x69, 0x13, 0x7D, 0xFC, 0x6A, 0x3D, 0x7B,
0x92, 0xB2, 0x98, 0x99, 0x5E, 0xE7, 0x80, 0x36,
0x91, 0x53, 0xAC, 0x36, 0x6B, 0x06, 0xD7, 0x24,
0x9C, 0xD0, 0x9E, 0x1B, 0x33, 0x78, 0xFB, 0x04,
0x39, 0x9C, 0xEC, 0xB8, 0x65, 0x05, 0x81, 0xD6,
0x37, 0xC7, 0x9A, 0xE6, 0x7D, 0x6F, 0x2C, 0xAF,
0x6A, 0xBA, 0xCF, 0x59, 0x81, 0x59, 0xA7, 0x79,
0x2C, 0xB3, 0xC9, 0x71, 0xD1, 0x49, 0x9D, 0x23,
0x73, 0xAD, 0x20, 0xF6, 0x3F, 0x03, 0xBB, 0x59,
0xED, 0x13, 0x73, 0x84, 0xAC, 0x61, 0xA7, 0x15,
0x51, 0x43, 0xB8, 0xCA, 0x49, 0x32, 0x61, 0x2E,
0xC9, 0x15, 0xE4, 0xCA, 0x34, 0x6A, 0x9B, 0xCE,
0x5D, 0xD6, 0x04, 0x17, 0xC6, 0xB2, 0xA8, 0x9B,
0x1C, 0xC4, 0x35, 0x64, 0x3F, 0x87, 0x5B, 0xDC,
0x5A, 0x7E, 0x5B, 0x34, 0x81, 0xCF, 0x91, 0x9E,
0xA0, 0x91, 0x72, 0xFE, 0xBC, 0x46, 0xD4, 0xFC,
0x3F, 0xB0, 0xCB, 0x95, 0x91, 0x70, 0x4E, 0xE2,
0xDB, 0xB6, 0x18, 0x44, 0xB2, 0xF3, 0x31, 0x4A,
0x06, 0xBB, 0x6C, 0x6D, 0x34, 0x00, 0x5E, 0x48,
0x5C, 0xE6, 0x67, 0xBD, 0xC7, 0xD0, 0x98, 0x58,
0x69, 0x28, 0xD2, 0xD9, 0x13, 0x40, 0xF0, 0x04,
0x19, 0xEA, 0x40, 0x13, 0x51, 0xA2, 0x40, 0xA0,
0xB0, 0x41, 0x05, 0x8B, 0xEF, 0xB0, 0xC2, 0xFD,
0x32, 0x64, 0x5B, 0x7A, 0x2D, 0xF8, 0xF5, 0xCB,
0xFD, 0x87, 0x33, 0x27, 0xC9, 0x78, 0xD7, 0xB3,
0x51, 0xA2, 0x80, 0x88, 0x43, 0x88, 0x37, 0x02,
0x4C, 0x52, 0xB9, 0xC2, 0x95, 0xCD, 0x71, 0x36,
0x46, 0xFB, 0x5D, 0x6C, 0x0C, 0xCF, 0xB4, 0x70,
0x73, 0x4A, 0xC2, 0xB2, 0xBC, 0x81, 0x23, 0xC2,
0xC1, 0x3D, 0xF6, 0x93, 0x8E, 0x92, 0x45, 0x5A,
0x86, 0x26, 0x39, 0xFE, 0xB8, 0xA6, 0x4B, 0x85,
0x16, 0x3E, 0x32, 0x70, 0x7E, 0x03, 0x7B, 0x38,
0xD8, 0xAC, 0x39, 0x22, 0xB4, 0x51, 0x87, 0xBB,
0x65, 0xEA, 0xFD, 0x46, 0x5F, 0xC6, 0x4A, 0x0C,
0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15,
0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22,
0x7F, 0xFA, 0xD1, 0xBC, 0x8A, 0xF7, 0x3B, 0x7E,
0x87, 0x49, 0x56, 0xB8, 0x1C, 0x2A, 0x2E, 0xF0,
0xBF, 0xAB, 0xE8, 0xDC, 0x93, 0xD7, 0x7B, 0x2F,
0xBC, 0x9E, 0x0C, 0x64, 0xEF, 0xA0, 0x1E, 0x84,
0x86, 0x26, 0xED, 0x79, 0xD4, 0x51, 0x14, 0x08,
0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21,
0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
};
#endif
#ifndef WOLFSSL_NO_ML_KEM
WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_512_sk[] = {
0x9c, 0xda, 0x16, 0x86, 0xa3, 0x39, 0x6a, 0x7c,
0x10, 0x9b, 0x41, 0x52, 0x89, 0xf5, 0x6a, 0x9e,
0xc4, 0x4c, 0xd5, 0xb9, 0xb6, 0x74, 0xc3, 0x8a,
0x3b, 0xba, 0xb3, 0x0a, 0x2c, 0x90, 0xf0, 0x04,
0x37, 0xa2, 0x64, 0xb0, 0xbe, 0x9a, 0x1e, 0x8b,
0xa8, 0x87, 0xd3, 0xc3, 0xb1, 0x00, 0x89, 0x80,
0x54, 0x27, 0x2f, 0x94, 0x1c, 0x88, 0xa1, 0xf2,
0x08, 0xf1, 0xc9, 0x14, 0xf9, 0x64, 0xc1, 0xaa,
0xd6, 0x13, 0xa6, 0xa8, 0x4f, 0x88, 0xe4, 0x2d,
0x35, 0x56, 0x83, 0x5f, 0xb1, 0x61, 0xfd, 0xc5,
0xcd, 0x15, 0xa3, 0xbc, 0x7e, 0x74, 0xb6, 0xf2,
0x61, 0x2f, 0xa8, 0x27, 0x1c, 0x7e, 0xa1, 0x12,
0xb0, 0x5c, 0x2a, 0x36, 0xcc, 0x70, 0x7c, 0xe3,
0x8d, 0x5d, 0x1a, 0xcc, 0x51, 0x15, 0x46, 0x2a,
0x8c, 0x1a, 0xab, 0xf0, 0x72, 0x76, 0xc7, 0x23,
0x18, 0x33, 0x7f, 0x74, 0xb5, 0xcb, 0xef, 0xea,
0x7a, 0x80, 0x37, 0x90, 0xbc, 0x03, 0x93, 0xf3,
0xa5, 0x4c, 0x72, 0x4a, 0x57, 0x65, 0xa4, 0x8f,
0x29, 0x6b, 0x03, 0xf4, 0x84, 0x37, 0x60, 0x23,
0x62, 0x69, 0x30, 0x22, 0x27, 0x04, 0xc0, 0x8f,
0xd3, 0xbc, 0x72, 0x93, 0x15, 0xd1, 0xfc, 0x70,
0xeb, 0x79, 0x75, 0xa9, 0x7b, 0x9d, 0xee, 0xd1,
0x62, 0xf4, 0x86, 0xbb, 0xc6, 0x4a, 0x09, 0x71,
0x11, 0x95, 0x2d, 0x89, 0xb5, 0x7d, 0x76, 0x5e,
0x8a, 0x99, 0x1a, 0x2e, 0x56, 0x42, 0x06, 0xea,
0x7b, 0xf5, 0xe4, 0x00, 0x7a, 0x66, 0x35, 0x88,
0x31, 0xca, 0x0e, 0x34, 0xb2, 0xf6, 0xa8, 0x4d,
0x10, 0xf7, 0x9c, 0x47, 0x7c, 0xb6, 0x6a, 0x8a,
0x95, 0x25, 0x69, 0x36, 0x73, 0x88, 0x13, 0x0d,
0x7b, 0x97, 0x4a, 0x63, 0xaa, 0x51, 0x99, 0x6c,
0x97, 0x70, 0x9b, 0xb8, 0xea, 0xbc, 0x94, 0xe6,
0xa5, 0x35, 0xd7, 0x92, 0xd2, 0x90, 0x54, 0x74,
0x95, 0x2d, 0x6b, 0x8c, 0x22, 0x22, 0xb2, 0xae,
0x56, 0xdc, 0x66, 0xfb, 0x04, 0x61, 0x19, 0x20,
0x66, 0xcd, 0xdb, 0x43, 0xec, 0x05, 0x98, 0x4f,
0xb4, 0x98, 0x26, 0x49, 0x77, 0x13, 0x97, 0xc6,
0xa8, 0x37, 0x9f, 0x3b, 0x56, 0x43, 0x06, 0x98,
0x48, 0x87, 0x59, 0x19, 0xe8, 0x9c, 0xc4, 0x39,
0xa3, 0xbe, 0x2f, 0x08, 0x14, 0x90, 0xf3, 0x41,
0xbd, 0x12, 0x40, 0xad, 0xd8, 0x0d, 0xdb, 0x8c,
0x99, 0x63, 0xb4, 0x7a, 0x2a, 0x09, 0x92, 0x29,
0x03, 0x38, 0xda, 0x9c, 0x3b, 0x72, 0x5c, 0x6d,
0xa4, 0x47, 0x18, 0xc0, 0x10, 0x46, 0x81, 0x25,
0x62, 0xaf, 0xb0, 0x84, 0x83, 0x7a, 0xcb, 0x3c,
0x57, 0x5e, 0x4f, 0x93, 0x93, 0x6c, 0x35, 0x2a,
0xc0, 0xe7, 0x0a, 0xa3, 0x84, 0x5e, 0xe4, 0x85,
0x29, 0x6e, 0x6b, 0x02, 0xde, 0x0b, 0x47, 0xb5,
0xc4, 0xc9, 0x6b, 0x0b, 0x7c, 0xf9, 0x4c, 0x4a,
0xbe, 0x95, 0x48, 0x61, 0x53, 0x11, 0x8e, 0x43,
0xc2, 0xb9, 0xc8, 0x4d, 0x9d, 0xa9, 0x1c, 0x6c,
0x5a, 0xcd, 0x5a, 0x57, 0x00, 0x2d, 0x05, 0x84,
0x97, 0x99, 0x27, 0x99, 0xe5, 0xba, 0x1c, 0xe6,
0xc2, 0x5e, 0xb2, 0x98, 0x44, 0xd8, 0x58, 0xba,
0x1c, 0x37, 0x85, 0x0c, 0x0c, 0x2f, 0x57, 0xc6,
0x0d, 0xe3, 0x7f, 0x77, 0xc0, 0x82, 0xec, 0x14,
0x49, 0x4e, 0xba, 0x28, 0x8a, 0x65, 0x91, 0x51,
0x16, 0xc2, 0x0a, 0x32, 0x5d, 0xe3, 0x1a, 0xaa,
0xdd, 0x68, 0x0d, 0xb1, 0x9c, 0x0c, 0xfc, 0xc3,
0x46, 0x0f, 0x0a, 0xa0, 0x1a, 0x87, 0xa6, 0xa5,
0x80, 0xc6, 0xca, 0x29, 0x1f, 0xae, 0xf0, 0xcc,
0xc4, 0x9b, 0x76, 0xa8, 0xda, 0xc4, 0xf9, 0xd4,
0x16, 0x40, 0x50, 0x9d, 0xbd, 0x0b, 0x40, 0x45,
0xc1, 0x53, 0x0e, 0xd3, 0x47, 0x55, 0xd4, 0x74,
0x62, 0x70, 0x0f, 0x2a, 0x8c, 0xaf, 0x96, 0x80,
0xa6, 0xd7, 0xe3, 0x8a, 0x7e, 0x2a, 0x63, 0xe9,
0x37, 0x65, 0x0a, 0x23, 0x30, 0x6d, 0x85, 0x5d,
0xa2, 0xa2, 0xb7, 0xef, 0x50, 0x5c, 0xa5, 0x96,
0xab, 0x04, 0x85, 0x01, 0x3e, 0xa9, 0x27, 0xc7,
0x34, 0x23, 0x43, 0x61, 0x36, 0x43, 0xba, 0x40,
0x07, 0xd6, 0xc8, 0x74, 0xb9, 0x80, 0xc7, 0x9c,
0x3a, 0xa1, 0xc7, 0x4f, 0x85, 0x81, 0xc3, 0x48,
0x49, 0xb3, 0x6e, 0xa7, 0x98, 0x15, 0xfb, 0xb4,
0xcc, 0xf9, 0x61, 0x05, 0x83, 0x08, 0x1d, 0x7c,
0x5b, 0x44, 0x09, 0xb8, 0xd0, 0x53, 0x1c, 0x04,
0xbc, 0xaf, 0x7c, 0xc7, 0x51, 0x10, 0x3a, 0x5f,
0xd1, 0xba, 0x44, 0x70, 0x83, 0x3e, 0x89, 0x77,
0x5a, 0xde, 0xd9, 0x70, 0xb5, 0x47, 0x18, 0x59,
0x25, 0x0f, 0xe7, 0x26, 0x71, 0x05, 0x83, 0x5f,
0x39, 0x00, 0x30, 0xc5, 0xe7, 0xcd, 0x3f, 0x96,
0x10, 0x19, 0xea, 0xae, 0xa2, 0x37, 0x77, 0xd3,
0x47, 0xbb, 0x2a, 0xdc, 0xb6, 0x73, 0xc0, 0x20,
0x34, 0xf3, 0x94, 0x34, 0x22, 0x71, 0xbc, 0xea,
0x64, 0x14, 0xe5, 0x46, 0xc3, 0xb2, 0x0b, 0xd5,
0x74, 0x81, 0xc7, 0xea, 0x14, 0xc7, 0x7c, 0x38,
0x8c, 0xc8, 0x62, 0x51, 0xc1, 0x25, 0x58, 0xb1,
0x00, 0xf8, 0xc5, 0xb3, 0xd0, 0x3c, 0xa2, 0xc7,
0x07, 0x13, 0x90, 0x96, 0x59, 0xc8, 0xba, 0x26,
0xd0, 0xd1, 0x76, 0x5e, 0x0b, 0xc8, 0x23, 0xd6,
0x8c, 0xa5, 0x57, 0x0d, 0xe6, 0x00, 0xcd, 0x09,
0x41, 0x72, 0x5d, 0x38, 0x6e, 0x14, 0xc1, 0x01,
0x2d, 0xf5, 0x95, 0x1b, 0xeb, 0x8d, 0x82, 0x81,
0xa4, 0xf6, 0x81, 0x5d, 0x37, 0x60, 0xb7, 0x64,
0x29, 0x5a, 0xd0, 0x40, 0x6c, 0x2b, 0xf7, 0x92,
0x8a, 0xd6, 0x50, 0x32, 0xb6, 0x5f, 0x14, 0xb7,
0x7c, 0xcb, 0x89, 0x17, 0xc9, 0x3a, 0x29, 0xd6,
0x28, 0x7d, 0x8a, 0x60, 0x62, 0x39, 0x9c, 0xb6,
0x40, 0x08, 0x65, 0xed, 0x10, 0xb6, 0x19, 0xaa,
0x58, 0x11, 0x13, 0x9b, 0xc0, 0x86, 0x82, 0x57,
0x82, 0xb2, 0xb7, 0x12, 0x4f, 0x75, 0x7c, 0x83,
0xae, 0x79, 0x44, 0x44, 0xbc, 0x78, 0xa4, 0x78,
0x96, 0xac, 0xf1, 0x26, 0x2c, 0x81, 0x35, 0x10,
0x77, 0x89, 0x3b, 0xfc, 0x56, 0xf9, 0x04, 0x49,
0xc2, 0xfa, 0x5f, 0x6e, 0x58, 0x6d, 0xd3, 0x7c,
0x0b, 0x9b, 0x58, 0x19, 0x92, 0x63, 0x8c, 0xb7,
0xe7, 0xbc, 0xbb, 0xb9, 0x9a, 0xfe, 0x47, 0x81,
0xd8, 0x0a, 0x50, 0xe6, 0x94, 0x63, 0xfb, 0xd9,
0x88, 0x72, 0x2c, 0x36, 0x35, 0x42, 0x3e, 0x27,
0x46, 0x6c, 0x71, 0xdc, 0xc6, 0x74, 0x52, 0x7c,
0xcd, 0x72, 0x89, 0x68, 0xcb, 0xcd, 0xc0, 0x0c,
0x5c, 0x90, 0x35, 0xbb, 0x0a, 0xf2, 0xc9, 0x92,
0x2c, 0x78, 0x81, 0xa4, 0x1d, 0xd2, 0x87, 0x52,
0x73, 0x92, 0x51, 0x31, 0x23, 0x0f, 0x6c, 0xa5,
0x9e, 0x91, 0x36, 0xb3, 0x9f, 0x95, 0x6c, 0x93,
0xb3, 0xb2, 0xd1, 0x4c, 0x64, 0x1b, 0x08, 0x9e,
0x07, 0xd0, 0xa8, 0x40, 0xc8, 0x93, 0xec, 0xd7,
0x6b, 0xbf, 0x92, 0xc8, 0x05, 0x45, 0x66, 0x68,
0xd0, 0x7c, 0x62, 0x14, 0x91, 0xc5, 0xc0, 0x54,
0x99, 0x1a, 0x65, 0x6f, 0x51, 0x16, 0x19, 0x55,
0x6e, 0xb9, 0x77, 0x82, 0xe2, 0x7a, 0x3c, 0x78,
0x51, 0x24, 0xc7, 0x0b, 0x0d, 0xab, 0xa6, 0xc6,
0x24, 0xd1, 0x8e, 0x0f, 0x97, 0x93, 0xf9, 0x6b,
0xa9, 0xe1, 0x59, 0x9b, 0x17, 0xb3, 0x0d, 0xcc,
0xc0, 0xb4, 0xf3, 0x76, 0x6a, 0x07, 0xb2, 0x3b,
0x25, 0x73, 0x09, 0xcd, 0x76, 0xab, 0xa0, 0x72,
0xc2, 0xb9, 0xc9, 0x74, 0x43, 0x94, 0xc6, 0xab,
0x9c, 0xb6, 0xc5, 0x4a, 0x97, 0xb5, 0xc5, 0x78,
0x61, 0xa5, 0x8d, 0xc0, 0xa0, 0x35, 0x19, 0x83,
0x2e, 0xe3, 0x2a, 0x07, 0x65, 0x4a, 0x07, 0x0c,
0x0c, 0x8c, 0x4e, 0x86, 0x48, 0xad, 0xdc, 0x35,
0x5f, 0x27, 0x4f, 0xc6, 0xb9, 0x2a, 0x08, 0x7b,
0x3f, 0x97, 0x51, 0x92, 0x3e, 0x44, 0x27, 0x4f,
0x85, 0x8c, 0x49, 0xca, 0xba, 0x72, 0xb6, 0x58,
0x51, 0xb3, 0xad, 0xc4, 0x89, 0x36, 0x95, 0x50,
0x97, 0xca, 0xd9, 0x55, 0x3f, 0x5a, 0x26, 0x3f,
0x18, 0x44, 0xb5, 0x2a, 0x02, 0x0f, 0xf7, 0xca,
0x89, 0xe8, 0x81, 0xa0, 0x1b, 0x95, 0xd9, 0x57,
0xa3, 0x15, 0x3c, 0x0a, 0x5e, 0x0a, 0x1c, 0xcd,
0x66, 0xb1, 0x82, 0x1a, 0x2b, 0x86, 0x32, 0x54,
0x6e, 0x24, 0xc7, 0xcb, 0xbc, 0x4c, 0xb0, 0x88,
0x08, 0xca, 0xc3, 0x7f, 0x7d, 0xa6, 0xb1, 0x6f,
0x8a, 0xce, 0xd0, 0x52, 0xcd, 0xb2, 0x56, 0x49,
0x48, 0xf1, 0xab, 0x0f, 0x76, 0x8a, 0x0d, 0x32,
0x86, 0xcc, 0xc7, 0xc3, 0x74, 0x9c, 0x63, 0xc7,
0x81, 0x53, 0x0f, 0xa1, 0xae, 0x67, 0x05, 0x42,
0x85, 0x50, 0x04, 0xa6, 0x45, 0xb5, 0x22, 0x88,
0x1e, 0xc1, 0x41, 0x2b, 0xda, 0xe3, 0x42, 0x08,
0x5a, 0x9d, 0xd5, 0xf8, 0x12, 0x6a, 0xf9, 0x6b,
0xbd, 0xb0, 0xc1, 0xaf, 0x69, 0xa1, 0x55, 0x62,
0xcb, 0x2a, 0x15, 0x5a, 0x10, 0x03, 0x09, 0xd1,
0xb6, 0x41, 0xd0, 0x8b, 0x2d, 0x4e, 0xd1, 0x7b,
0xfb, 0xf0, 0xbc, 0x04, 0x26, 0x5f, 0x9b, 0x10,
0xc1, 0x08, 0xf8, 0x50, 0x30, 0x95, 0x04, 0xd7,
0x72, 0x81, 0x1b, 0xba, 0x8e, 0x2b, 0xe1, 0x62,
0x49, 0xaa, 0x73, 0x7d, 0x87, 0x9f, 0xc7, 0xfb,
0x25, 0x5e, 0xe7, 0xa6, 0xa0, 0xa7, 0x53, 0xbd,
0x93, 0x74, 0x1c, 0x61, 0x65, 0x8e, 0xc0, 0x74,
0xf6, 0xe0, 0x02, 0xb0, 0x19, 0x34, 0x57, 0x69,
0x11, 0x3c, 0xc0, 0x13, 0xff, 0x74, 0x94, 0xba,
0x83, 0x78, 0xb1, 0x1a, 0x17, 0x22, 0x60, 0xaa,
0xa5, 0x34, 0x21, 0xbd, 0xe0, 0x3a, 0x35, 0x58,
0x9d, 0x57, 0xe3, 0x22, 0xfe, 0xfa, 0x41, 0x00,
0xa4, 0x74, 0x39, 0x26, 0xab, 0x7d, 0x62, 0x25,
0x8b, 0x87, 0xb3, 0x1c, 0xcb, 0xb5, 0xe6, 0xb8,
0x9c, 0xb1, 0x0b, 0x27, 0x1a, 0xa0, 0x5d, 0x99,
0x4b, 0xb5, 0x70, 0x8b, 0x23, 0xab, 0x32, 0x7e,
0xcb, 0x93, 0xc0, 0xf3, 0x15, 0x68, 0x69, 0xf0,
0x88, 0x3d, 0xa2, 0x06, 0x4f, 0x79, 0x5e, 0x0e,
0x2a, 0xb7, 0xd3, 0xc6, 0x4d, 0x61, 0xd2, 0x30,
0x3f, 0xc3, 0xa2, 0x9e, 0x16, 0x19, 0x92, 0x3c,
0xa8, 0x01, 0xe5, 0x9f, 0xd7, 0x52, 0xca, 0x6e,
0x76, 0x49, 0xd3, 0x03, 0xc9, 0xd2, 0x07, 0x88,
0xe1, 0x21, 0x46, 0x51, 0xb0, 0x69, 0x95, 0xeb,
0x26, 0x0c, 0x92, 0x9a, 0x13, 0x44, 0xa8, 0x49,
0xb2, 0x5c, 0xa0, 0xa0, 0x1f, 0x1e, 0xb5, 0x29,
0x13, 0x68, 0x6b, 0xba, 0x61, 0x9e, 0x23, 0x71,
0x44, 0x64, 0x03, 0x1a, 0x78, 0x43, 0x92, 0x87,
0xfc, 0xa7, 0x8f, 0x4c, 0x04, 0x76, 0x22, 0x3e,
0xea, 0x61, 0xb7, 0xf2, 0x5a, 0x7c, 0xe4, 0x2c,
0xca, 0x90, 0x1b, 0x2a, 0xea, 0x12, 0x98, 0x17,
0x89, 0x4b, 0xa3, 0x47, 0x08, 0x23, 0x85, 0x4f,
0x3e, 0x5b, 0x28, 0xd8, 0x6b, 0xa9, 0x79, 0xe5,
0x46, 0x71, 0x86, 0x2d, 0x90, 0x47, 0x0b, 0x1e,
0x78, 0x38, 0x97, 0x2a, 0x81, 0xa4, 0x81, 0x07,
0xd6, 0xac, 0x06, 0x11, 0x40, 0x6b, 0x21, 0xfb,
0xcc, 0xe1, 0xdb, 0x77, 0x02, 0xea, 0x9d, 0xd6,
0xba, 0x6e, 0x40, 0x52, 0x7b, 0x9d, 0xc6, 0x63,
0xf3, 0xc9, 0x3b, 0xad, 0x05, 0x6d, 0xc2, 0x85,
0x11, 0xf6, 0x6c, 0x3e, 0x0b, 0x92, 0x8d, 0xb8,
0x87, 0x9d, 0x22, 0xc5, 0x92, 0x68, 0x5c, 0xc7,
0x75, 0xa6, 0xcd, 0x57, 0x4a, 0xc3, 0xbc, 0xe3,
0xb2, 0x75, 0x91, 0xc8, 0x21, 0x92, 0x90, 0x76,
0x35, 0x8a, 0x22, 0x00, 0xb3, 0x77, 0x36, 0x5f,
0x7e, 0xfb, 0x9e, 0x40, 0xc3, 0xbf, 0x0f, 0xf0,
0x43, 0x29, 0x86, 0xae, 0x4b, 0xc1, 0xa2, 0x42,
0xce, 0x99, 0x21, 0xaa, 0x9e, 0x22, 0x44, 0x88,
0x19, 0x58, 0x5d, 0xea, 0x30, 0x8e, 0xb0, 0x39,
0x50, 0xc8, 0xdd, 0x15, 0x2a, 0x45, 0x31, 0xaa,
0xb5, 0x60, 0xd2, 0xfc, 0x7c, 0xa9, 0xa4, 0x0a,
0xd8, 0xaf, 0x25, 0xad, 0x1d, 0xd0, 0x8c, 0x6d,
0x79, 0xaf, 0xe4, 0xdd, 0x4d, 0x1e, 0xee, 0x5a,
0x86, 0x26, 0xed, 0x79, 0xd4, 0x51, 0x14, 0x08,
0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21,
0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc,
0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f
};
#endif
#ifdef WOLFSSL_MLKEM_KYBER
WOLFSSL_SMALL_STACK_STATIC const byte kyber512_ct[] = {
0xED, 0xF2, 0x41, 0x45, 0xE4, 0x3B, 0x4F, 0x6D,
0xC6, 0xBF, 0x83, 0x32, 0xF5, 0x4E, 0x02, 0xCA,
0xB0, 0x2D, 0xBF, 0x3B, 0x56, 0x05, 0xDD, 0xC9,
0x0A, 0x15, 0xC8, 0x86, 0xAD, 0x3E, 0xD4, 0x89,
0x46, 0x26, 0x99, 0xE4, 0xAB, 0xED, 0x44, 0x35,
0x0B, 0xC3, 0x75, 0x7E, 0x26, 0x96, 0xFB, 0xFB,
0x25, 0x34, 0x41, 0x2E, 0x8D, 0xD2, 0x01, 0xF1,
0xE4, 0x54, 0x0A, 0x39, 0x70, 0xB0, 0x55, 0xFE,
0x3B, 0x0B, 0xEC, 0x3A, 0x71, 0xF9, 0xE1, 0x15,
0xB3, 0xF9, 0xF3, 0x91, 0x02, 0x06, 0x5B, 0x1C,
0xCA, 0x83, 0x14, 0xDC, 0xC7, 0x95, 0xE3, 0xC0,
0xE8, 0xFA, 0x98, 0xEE, 0x83, 0xCA, 0x66, 0x28,
0x45, 0x70, 0x28, 0xA4, 0xD0, 0x9E, 0x83, 0x9E,
0x55, 0x48, 0x62, 0xCF, 0x0B, 0x7B, 0xF5, 0x6C,
0x5C, 0x0A, 0x82, 0x9E, 0x86, 0x57, 0x94, 0x79,
0x45, 0xFE, 0x9C, 0x22, 0x56, 0x4F, 0xBA, 0xEB,
0xC1, 0xB3, 0xAF, 0x35, 0x0D, 0x79, 0x55, 0x50,
0x8A, 0x26, 0xD8, 0xA8, 0xEB, 0x54, 0x7B, 0x8B,
0x1A, 0x2C, 0xF0, 0x3C, 0xCA, 0x1A, 0xAB, 0xCE,
0x6C, 0x34, 0x97, 0x78, 0x3B, 0x64, 0x65, 0xBA,
0x0B, 0x6E, 0x7A, 0xCB, 0xA8, 0x21, 0x19, 0x51,
0x24, 0xAE, 0xF0, 0x9E, 0x62, 0x83, 0x82, 0xA1,
0xF9, 0x14, 0x04, 0x3B, 0xE7, 0x09, 0x6E, 0x95,
0x2C, 0xBC, 0x4F, 0xB4, 0xAF, 0xED, 0x13, 0x60,
0x90, 0x46, 0x11, 0x7C, 0x01, 0x1F, 0xD7, 0x41,
0xEE, 0x28, 0x6C, 0x83, 0x77, 0x16, 0x90, 0xF0,
0xAE, 0xB5, 0x0D, 0xA0, 0xD7, 0x12, 0x85, 0xA1,
0x79, 0xB2, 0x15, 0xC6, 0x03, 0x6D, 0xEB, 0x78,
0x0F, 0x4D, 0x16, 0x76, 0x9F, 0x72, 0xDE, 0x16,
0xFD, 0xAD, 0xAC, 0x73, 0xBE, 0xFA, 0x5B, 0xEF,
0x89, 0x43, 0x19, 0x7F, 0x44, 0xC5, 0x95, 0x89,
0xDC, 0x9F, 0x49, 0x73, 0xDE, 0x14, 0x50, 0xBA,
0x1D, 0x0C, 0x32, 0x90, 0xD6, 0xB1, 0xD6, 0x83,
0xF2, 0x94, 0xE7, 0x59, 0xC9, 0x54, 0xAB, 0xE8,
0xA7, 0xDA, 0x5B, 0x10, 0x54, 0xFD, 0x6D, 0x21,
0x32, 0x9B, 0x8E, 0x73, 0xD3, 0x75, 0x6A, 0xFD,
0xA0, 0xDC, 0xB1, 0xFC, 0x8B, 0x15, 0x82, 0xD1,
0xF9, 0x0C, 0xF2, 0x75, 0xA1, 0x02, 0xAB, 0xC6,
0xAC, 0x69, 0x9D, 0xF0, 0xC5, 0x87, 0x0E, 0x50,
0xA1, 0xF9, 0x89, 0xE4, 0xE6, 0x24, 0x1B, 0x60,
0xAA, 0xA2, 0xEC, 0xF9, 0xE8, 0xE3, 0x3E, 0x0F,
0xFC, 0xF4, 0x0F, 0xE8, 0x31, 0xE8, 0xFD, 0xC2,
0xE8, 0x3B, 0x52, 0xCA, 0x7A, 0xB6, 0xD9, 0x3F,
0x14, 0x6D, 0x29, 0xDC, 0xA5, 0x3C, 0x7D, 0xA1,
0xDB, 0x4A, 0xC4, 0xF2, 0xDB, 0x39, 0xEA, 0x12,
0x0D, 0x90, 0xFA, 0x60, 0xF4, 0xD4, 0x37, 0xC6,
0xD0, 0x0E, 0xF4, 0x83, 0xBC, 0x94, 0xA3, 0x17,
0x5C, 0xDA, 0x16, 0x3F, 0xC1, 0xC2, 0x82, 0x8B,
0xE4, 0xDB, 0xD6, 0x43, 0x05, 0x07, 0xB5, 0x84,
0xBB, 0x51, 0x77, 0xE1, 0x71, 0xB8, 0xDD, 0xA9,
0xA4, 0x29, 0x3C, 0x32, 0x00, 0x29, 0x5C, 0x80,
0x3A, 0x86, 0x5D, 0x6D, 0x21, 0x66, 0xF6, 0x6B,
0xA5, 0x40, 0x1F, 0xB7, 0xA0, 0xE8, 0x53, 0x16,
0x86, 0x00, 0xA2, 0x94, 0x84, 0x37, 0xE0, 0x36,
0xE3, 0xBF, 0x19, 0xE1, 0x2F, 0xD3, 0xF2, 0xA2,
0xB8, 0xB3, 0x43, 0xF7, 0x84, 0x24, 0x8E, 0x8D,
0x68, 0x5E, 0xB0, 0xAF, 0xDE, 0x63, 0x15, 0x33,
0x87, 0x30, 0xE7, 0xA1, 0x00, 0x1C, 0x27, 0xD8,
0xD2, 0xA7, 0x6F, 0xA6, 0x9D, 0x15, 0x7B, 0xA1,
0xAC, 0x7A, 0xD5, 0x6D, 0xA5, 0xA8, 0xC7, 0x0F,
0xE4, 0xB5, 0xB8, 0xD7, 0x86, 0xDC, 0x6F, 0xC0,
0x56, 0x6B, 0xA8, 0xE1, 0xB8, 0x81, 0x63, 0x34,
0xD3, 0x2A, 0x3F, 0xB1, 0xCE, 0x7D, 0x4D, 0x5E,
0x4C, 0x33, 0x2A, 0xF7, 0xB0, 0x03, 0xD0, 0x91,
0x74, 0x1A, 0x3D, 0x5C, 0x96, 0x52, 0x92, 0x25,
0x5D, 0xFF, 0x8E, 0xD2, 0xBB, 0xF1, 0xF9, 0x11,
0x6B, 0xE5, 0x0C, 0x17, 0xB8, 0xE5, 0x48, 0x74,
0x8A, 0xD4, 0xB2, 0xE9, 0x57, 0xBB, 0xD1, 0x95,
0x34, 0x82, 0xA2, 0xE1, 0x71, 0x8C, 0xEC, 0x66,
0xCD, 0x2C, 0x81, 0xF5, 0x72, 0xD5, 0x52, 0xB7,
0x18, 0x78, 0x85, 0xE6, 0xB8, 0x94, 0x3D, 0x64,
0x31, 0x41, 0x3C, 0x59, 0xEB, 0xB7, 0xE0, 0x36,
0x04, 0x84, 0x90, 0xBE, 0x52, 0x89, 0xE9, 0x5B,
0x20, 0xA8, 0x9E, 0x8B, 0x15, 0x9F, 0x61, 0xA9,
0xA9, 0x88, 0x6E, 0x14, 0x75, 0x68, 0xF4, 0xC9,
0x02, 0x1F, 0x36, 0x2F, 0x02, 0x68, 0x8A, 0x1C,
0x8C, 0x3B, 0xB0, 0xD2, 0x40, 0x86, 0x88, 0x0E,
0x55, 0xB6, 0xED, 0xB4, 0x3F, 0x37, 0x45, 0xD2,
0xC1, 0x66, 0xDC, 0x1C, 0xB7, 0x43, 0xC7, 0x6F,
0xE6, 0xBE, 0x52, 0x3A, 0x89, 0x3C, 0xC7, 0x64,
0xD1, 0x64, 0x35, 0xC3, 0x78, 0x51, 0x25, 0x2A,
0x81, 0xE2, 0xFF, 0xBA, 0x0F, 0x18, 0x97, 0x1A,
0x3D, 0xEE, 0x37, 0xD4, 0x87, 0x7C, 0xB9, 0x28,
0xE3, 0x6E, 0x52, 0x35, 0x03, 0x7A, 0x6B, 0x20,
0x57, 0x89, 0x7D, 0x51, 0x8A, 0x5F, 0x0E, 0x34,
0x8E, 0x3A, 0xB6, 0xD5, 0xB5, 0x2D, 0xFC, 0x60,
0x75, 0x7F, 0x3B, 0x41, 0xA4, 0xFE, 0xC7, 0x82,
0x8F, 0x1D, 0xEE, 0xAF, 0x45, 0x87, 0xCC, 0xC8,
0xEA, 0xDF, 0x64, 0x7F, 0x4D, 0x20, 0x3B, 0x2F,
0xAA, 0x05, 0xA6, 0x49, 0xB5, 0x82, 0x34, 0x0C,
0xB4, 0xCA, 0xCE, 0x57, 0xA3, 0x07, 0x11, 0xBE,
0x75, 0x2F, 0xAC, 0xF0, 0x22, 0x7D, 0x0A, 0x80,
0xC4, 0x12, 0x84, 0x42, 0xDD, 0xC5, 0x44, 0xBE,
0x80, 0x5B, 0x9C, 0xFE, 0x8F, 0xE9, 0xB1, 0x23,
0x7C, 0x80, 0xF9, 0x67, 0x87, 0xCD, 0x92, 0x81,
0xCC, 0xF2, 0x70, 0xC1, 0xAF, 0xC0, 0x67, 0x0D
};
#endif
#ifndef WOLFSSL_NO_ML_KEM
WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_512_ct[] = {
0x11, 0x3d, 0xb2, 0xdd, 0x06, 0x87, 0x12, 0x35,
0xe7, 0xbc, 0x36, 0xc9, 0xdc, 0xaa, 0x52, 0x8f,
0xc2, 0x6c, 0xe5, 0xdb, 0x9e, 0xcc, 0x1d, 0xc3,
0x2e, 0x95, 0x7d, 0x7f, 0xfb, 0x3c, 0x74, 0x29,
0xd5, 0x0c, 0x3c, 0x35, 0x77, 0xa5, 0x15, 0xd3,
0x18, 0x3a, 0x1b, 0x9d, 0x26, 0x7b, 0x93, 0x6b,
0x7e, 0xb8, 0xf5, 0x43, 0xa3, 0xaf, 0xb7, 0x77,
0x65, 0xca, 0x79, 0x38, 0xf7, 0x8a, 0xa6, 0x43,
0x8c, 0xe8, 0x0a, 0x06, 0xa6, 0x96, 0x6d, 0x0d,
0x06, 0xaf, 0x75, 0xba, 0x3e, 0x0d, 0x4f, 0x37,
0xba, 0xc7, 0x33, 0x69, 0xf5, 0xa7, 0x29, 0xf7,
0x3e, 0x85, 0x72, 0x9e, 0xdd, 0x97, 0xc8, 0xc2,
0xa8, 0xcc, 0x26, 0x19, 0xe4, 0xcf, 0x7b, 0x60,
0x91, 0x86, 0x9e, 0x90, 0x9f, 0xd4, 0x7d, 0x97,
0x09, 0x14, 0x92, 0x04, 0xb0, 0x83, 0x7d, 0x8d,
0x6f, 0x25, 0xd2, 0x67, 0x97, 0x2b, 0xe6, 0x3b,
0xad, 0x34, 0xb5, 0x44, 0x52, 0x3c, 0x01, 0xc0,
0x9d, 0xe3, 0xb1, 0xfa, 0x1d, 0x6b, 0x7b, 0x05,
0x9e, 0xee, 0x9e, 0x65, 0x20, 0x62, 0xfe, 0x87,
0x0f, 0x68, 0xc6, 0x80, 0x05, 0x33, 0x9e, 0xa1,
0x81, 0xe1, 0xd0, 0x76, 0x7c, 0x15, 0x2a, 0xeb,
0x38, 0xfa, 0xf0, 0xf9, 0x24, 0x5a, 0xe5, 0x9d,
0x5c, 0xb0, 0xd2, 0xb7, 0xf2, 0x01, 0x22, 0x9e,
0xd9, 0x70, 0x20, 0xd0, 0x62, 0x3a, 0x46, 0x10,
0x0d, 0x09, 0x7b, 0x0c, 0xe1, 0x15, 0x4e, 0x02,
0x8a, 0xe6, 0x19, 0x4d, 0xe0, 0x5d, 0xe9, 0x7d,
0xd9, 0xae, 0x2e, 0x85, 0xff, 0xd2, 0x5d, 0x95,
0xeb, 0x22, 0xef, 0xfe, 0x5b, 0xa1, 0x9c, 0xd8,
0x07, 0xc5, 0x30, 0xeb, 0xaa, 0x9f, 0xe9, 0xf6,
0x42, 0xcc, 0xac, 0xff, 0x47, 0xed, 0x15, 0xc2,
0x2b, 0xfe, 0x30, 0x36, 0xeb, 0xf8, 0xad, 0x9c,
0x8e, 0xd2, 0x32, 0x40, 0xae, 0xeb, 0xaa, 0x24,
0xd1, 0x35, 0x75, 0x51, 0x00, 0xb8, 0x5e, 0xce,
0xe3, 0x17, 0x49, 0x06, 0xe4, 0x63, 0x12, 0x06,
0x2c, 0xee, 0xca, 0xc7, 0x5d, 0xe5, 0x27, 0x52,
0x56, 0xc2, 0xc1, 0xa6, 0x53, 0xfd, 0x69, 0x15,
0xb1, 0xb3, 0x0c, 0x8e, 0xcb, 0xb6, 0xfd, 0x42,
0x80, 0x43, 0x74, 0x53, 0x17, 0x3a, 0x96, 0x23,
0x8b, 0xc7, 0xd1, 0x08, 0x89, 0x23, 0x43, 0xe0,
0x33, 0xbc, 0xd9, 0x8e, 0x43, 0x7e, 0x78, 0x9f,
0xc5, 0xbe, 0xba, 0xa1, 0x2b, 0x26, 0x34, 0xb5,
0x1e, 0xd0, 0xd5, 0x89, 0xf1, 0x11, 0x43, 0xa0,
0x21, 0xd8, 0xec, 0xce, 0x59, 0x4f, 0xdd, 0x48,
0xda, 0xe8, 0x4c, 0x80, 0x63, 0xef, 0x35, 0x81,
0xbc, 0x37, 0x8a, 0x48, 0xda, 0x4e, 0x51, 0xbb,
0x17, 0x5b, 0x0d, 0xb4, 0x7f, 0x9d, 0xcf, 0x99,
0x31, 0x8c, 0x30, 0x22, 0x5c, 0xa7, 0xfa, 0x79,
0xc8, 0x79, 0xbf, 0x1c, 0x93, 0x97, 0xb5, 0xcc,
0xc5, 0xef, 0xad, 0x94, 0xc5, 0x00, 0xed, 0x7f,
0x9f, 0x38, 0x5d, 0x08, 0x8e, 0x34, 0x93, 0x22,
0x21, 0xfc, 0x0f, 0xc9, 0xaf, 0xe5, 0x1f, 0x68,
0x75, 0x54, 0x81, 0x31, 0x69, 0x76, 0x95, 0x47,
0x8a, 0xbd, 0xc8, 0x73, 0x6f, 0x10, 0x09, 0x5a,
0x6b, 0x92, 0xec, 0x67, 0x9f, 0xe0, 0xe2, 0xae,
0x5d, 0x8b, 0x33, 0x53, 0x55, 0xd5, 0x8d, 0xae,
0x4d, 0x4f, 0x0b, 0x17, 0xaa, 0x5d, 0x1e, 0x52,
0xf1, 0xd4, 0x55, 0x84, 0xa8, 0x92, 0xc3, 0x4c,
0xe4, 0xb0, 0x4f, 0xcd, 0x00, 0x98, 0x1d, 0x51,
0xca, 0xa1, 0x60, 0x64, 0xba, 0xd9, 0x2d, 0x01,
0x9d, 0xc3, 0xad, 0xed, 0x91, 0x96, 0x84, 0x11,
0x2b, 0x29, 0xda, 0xa2, 0x8b, 0x9d, 0xae, 0x09,
0xb8, 0x6b, 0x21, 0xa9, 0x33, 0x10, 0xd5, 0xfb,
0xc6, 0x52, 0x7b, 0x22, 0x4b, 0x9c, 0xe8, 0x7d,
0x27, 0x82, 0xbb, 0x29, 0x46, 0x73, 0xf0, 0xec,
0x06, 0xf2, 0x6b, 0x08, 0x76, 0x52, 0xa1, 0x8d,
0x6a, 0xd7, 0xb1, 0xc9, 0x33, 0x03, 0xef, 0x05,
0x61, 0xc0, 0xfc, 0x9c, 0xd4, 0xf6, 0x78, 0xf6,
0x06, 0xf1, 0x92, 0xcf, 0x5d, 0xf9, 0x2b, 0x15,
0x48, 0xf5, 0xdd, 0x26, 0x87, 0xed, 0xbe, 0xcc,
0xfc, 0x6d, 0x4e, 0x9d, 0xe4, 0xbd, 0x50, 0xd3,
0xc7, 0x4f, 0xb2, 0x75, 0xab, 0xd9, 0xb3, 0xe9,
0x02, 0x77, 0xdb, 0x4a, 0x00, 0x69, 0xc0, 0xa2,
0xa7, 0x13, 0x6f, 0x50, 0xce, 0xad, 0x4b, 0x2f,
0x19, 0x95, 0xfa, 0xaf, 0x16, 0x80, 0x40, 0xe9,
0xe4, 0xbe, 0xb7, 0xc5, 0x72, 0x20, 0x49, 0xd6,
0xda, 0x64, 0x02, 0x99, 0x2f, 0xce, 0xa4, 0x50,
0x97, 0xdf, 0x7c, 0x1c, 0x20, 0xfb, 0x06, 0x82,
0x22, 0x00, 0x05, 0x76, 0x93, 0x5a, 0x08, 0x06,
0x77, 0x34, 0x51, 0x92, 0x1f, 0x54, 0xc5, 0x5f,
0xbf, 0x59, 0x3a, 0x4f, 0x14, 0x7c, 0x1f, 0xef,
0x3a, 0xca, 0xf0, 0xcf, 0xa9, 0x07, 0xae, 0x48,
0xc8, 0xc0, 0x63, 0x12, 0xcf, 0xdf, 0x51, 0x86,
0x90, 0x4b, 0xec, 0x7f, 0xed, 0x4e, 0xd9, 0x33,
0xc9, 0x25, 0x6a, 0xb0, 0x4c, 0xbf, 0xa0, 0x3a,
0x96, 0x7c, 0x1f, 0x7e, 0xad, 0x4a, 0xb4, 0x0d,
0xf1, 0x16, 0xbe, 0x66, 0x0e, 0x27, 0xca, 0x2b,
0x54, 0x35, 0x26, 0xd4, 0xb9, 0x68, 0x4c, 0x31,
0xe1, 0xe4, 0x23, 0x83, 0xb9, 0x69, 0xf8, 0x96,
0x29, 0x9d, 0x71, 0x39, 0x0c, 0xc8, 0x5b, 0x70,
0x32, 0x02, 0xac, 0xad, 0xec, 0xfa, 0x8c, 0x40,
0x96, 0x5c, 0x08, 0xc5, 0x3b, 0x56, 0x71, 0xe0,
0xd5, 0x94, 0x55, 0xbc, 0x5a, 0x85, 0x86, 0xc6,
0x55, 0xdb, 0x8c, 0x2a, 0xde, 0x4b, 0xa8, 0x87,
0x7f, 0x19, 0xb6, 0x00, 0x0e, 0x18, 0xf8, 0xfe,
0xad, 0xda, 0x7e, 0xde, 0x8f, 0xe8, 0x0a, 0xa6,
0x62, 0xd6, 0x94, 0xc6, 0xd8, 0xc3, 0x3b, 0x52
};
#endif
#ifdef WOLFSSL_MLKEM_KYBER
WOLFSSL_SMALL_STACK_STATIC const byte kyber512_ss[] = {
0x0A, 0x69, 0x25, 0x67, 0x6F, 0x24, 0xB2, 0x2C,
0x28, 0x6F, 0x4C, 0x81, 0xA4, 0x22, 0x4C, 0xEC,
0x50, 0x6C, 0x9B, 0x25, 0x7D, 0x48, 0x0E, 0x02,
0xE3, 0xB4, 0x9F, 0x44, 0xCA, 0xA3, 0x23, 0x7F
};
#endif
#ifndef WOLFSSL_NO_ML_KEM
WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_512_ss[] = {
0x31, 0x98, 0x39, 0xe8, 0x2a, 0xb6, 0xb2, 0x22,
0xde, 0x7b, 0x61, 0x9e, 0x80, 0xda, 0x83, 0x91,
0x52, 0x2b, 0xbb, 0x37, 0x67, 0x70, 0x18, 0x49,
0x4a, 0x47, 0x42, 0xc5, 0x3f, 0x9a, 0xbf, 0xdf
};
#endif
#ifdef WOLFSSL_SMALL_STACK
key = (MlKemKey *)XMALLOC(sizeof(MlKemKey), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
priv = (byte *)XMALLOC(WC_ML_KEM_512_PRIVATE_KEY_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
pub = (byte *)XMALLOC(WC_ML_KEM_512_PUBLIC_KEY_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (pub == NULL || priv == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#endif
#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
ct = (byte *)XMALLOC(WC_ML_KEM_512_CIPHER_TEXT_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
ss = (byte *)XMALLOC(WC_ML_KEM_SS_SZ, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (ct == NULL || ss == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#endif
#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
ss_dec = (byte *)XMALLOC(WC_ML_KEM_SS_SZ, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (ss_dec == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#endif
#endif
#ifdef WOLFSSL_MLKEM_KYBER
ret = wc_MlKemKey_Init(key, KYBER512, HEAP_HINT, katDevId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
else
key_inited = 1;
#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
ret = wc_MlKemKey_MakeKeyWithRandom(key, kyber512_rand,
sizeof(kyber512_rand));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_MlKemKey_EncodePublicKey(key, pub, KYBER512_PUBLIC_KEY_SIZE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_MlKemKey_EncodePrivateKey(key, priv, KYBER512_PRIVATE_KEY_SIZE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(pub, kyber512_pk, sizeof(kyber512_pk)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(priv, kyber512_sk, sizeof(kyber512_sk)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
(void)kyber512_rand;
(void)kyber512_pk;
ret = wc_MlKemKey_DecodePrivateKey(key, kyber512_sk,
KYBER512_PRIVATE_KEY_SIZE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
ret = wc_MlKemKey_EncapsulateWithRandom(key, ct, ss, kyber512enc_rand,
sizeof(kyber512enc_rand));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(ct, kyber512_ct, sizeof(kyber512_ct)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(ss, kyber512_ss, sizeof(kyber512_ss)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
(void)kyber512enc_rand;
#endif
#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
ret = wc_MlKemKey_Decapsulate(key, ss_dec, kyber512_ct,
sizeof(kyber512_ct));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(ss_dec, kyber512_ss, sizeof(kyber512_ss)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
(void)kyber512_ct;
(void)kyber512_ss;
#endif
#endif
#ifndef WOLFSSL_NO_ML_KEM
ret = wc_MlKemKey_Init(key, WC_ML_KEM_512, HEAP_HINT, katDevId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
else
key_inited = 1;
#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
ret = wc_MlKemKey_MakeKeyWithRandom(key, kyber512_rand,
sizeof(kyber512_rand));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_MlKemKey_EncodePublicKey(key, pub, WC_ML_KEM_512_PUBLIC_KEY_SIZE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_MlKemKey_EncodePrivateKey(key, priv,
WC_ML_KEM_512_PRIVATE_KEY_SIZE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(pub, ml_kem_512_pk, sizeof(ml_kem_512_pk)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(priv, ml_kem_512_sk, sizeof(ml_kem_512_sk)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
(void)kyber512_rand;
(void)ml_kem_512_pk;
ret = wc_MlKemKey_DecodePrivateKey(key, ml_kem_512_sk,
WC_ML_KEM_512_PRIVATE_KEY_SIZE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
ret = wc_MlKemKey_EncapsulateWithRandom(key, ct, ss, kyber512enc_rand,
sizeof(kyber512enc_rand));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(ct, ml_kem_512_ct, sizeof(ml_kem_512_ct)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(ss, ml_kem_512_ss, sizeof(ml_kem_512_ss)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
(void)kyber512enc_rand;
#endif
#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
ret = wc_MlKemKey_Decapsulate(key, ss_dec, ml_kem_512_ct,
sizeof(ml_kem_512_ct));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(ss_dec, ml_kem_512_ss, sizeof(ml_kem_512_ss)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
wc_MlKemKey_Free(key);
XMEMSET(key, 0, sizeof(MlKemKey));
key_inited = 0;
ret = wc_MlKemKey_Init(key, WC_ML_KEM_512, HEAP_HINT, katDevId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
else
key_inited = 1;
ret = wc_MlKemKey_MakeKeyWithRandom(key, kyber512_rand,
sizeof(kyber512_rand));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_MlKemKey_Decapsulate(key, ss_dec, ml_kem_512_ct,
sizeof(ml_kem_512_ct));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(ss_dec, ml_kem_512_ss, sizeof(ml_kem_512_ss)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif
#else
(void)ml_kem_512_ct;
(void)ml_kem_512_ss;
#endif
#endif
out:
if (key_inited)
wc_MlKemKey_Free(key);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#endif
return ret;
}
#endif /* !WOLFSSL_NO_KYBER512 && !WOLFSSL_NO_ML_KEM_512 */
#if !defined(WOLFSSL_NO_KYBER768) && !defined(WOLFSSL_NO_ML_KEM_768)
static wc_test_ret_t mlkem768_kat(void)
{
wc_test_ret_t ret;
#ifdef WOLFSSL_SMALL_STACK
MlKemKey *key = NULL;
#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
byte *priv = NULL;
byte *pub = NULL;
#endif
#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
byte *ct = NULL;
byte *ss = NULL;
#endif
#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
byte *ss_dec = NULL;
#endif
#else
MlKemKey key[1];
#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
byte priv[KYBER768_PRIVATE_KEY_SIZE];
byte pub[KYBER768_PUBLIC_KEY_SIZE];
#endif
#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
byte ct[KYBER768_CIPHER_TEXT_SIZE];
byte ss[KYBER_SS_SZ];
#endif
#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
byte ss_dec[KYBER_SS_SZ];
#endif
#endif
int key_inited = 0;
const int katDevId = INVALID_DEVID;
WOLFSSL_SMALL_STACK_STATIC const byte kyber768_rand[] = {
0x7c, 0x99, 0x35, 0xa0, 0xb0, 0x76, 0x94, 0xaa,
0x0c, 0x6d, 0x10, 0xe4, 0xdb, 0x6b, 0x1a, 0xdd,
0x2f, 0xd8, 0x1a, 0x25, 0xcc, 0xb1, 0x48, 0x03,
0x2d, 0xcd, 0x73, 0x99, 0x36, 0x73, 0x7f, 0x2d,
0x86, 0x26, 0xED, 0x79, 0xD4, 0x51, 0x14, 0x08,
0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21,
0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
};
WOLFSSL_SMALL_STACK_STATIC const byte kyber768enc_rand[] = {
0x14, 0x7c, 0x03, 0xf7, 0xa5, 0xbe, 0xbb, 0xa4,
0x06, 0xc8, 0xfa, 0xe1, 0x87, 0x4d, 0x7f, 0x13,
0xc8, 0x0e, 0xfe, 0x79, 0xa3, 0xa9, 0xa8, 0x74,
0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15
};
#ifdef WOLFSSL_MLKEM_KYBER
WOLFSSL_SMALL_STACK_STATIC const byte kyber768_pk[] = {
0xA7, 0x2C, 0x2D, 0x9C, 0x84, 0x3E, 0xE9, 0xF8,
0x31, 0x3E, 0xCC, 0x7F, 0x86, 0xD6, 0x29, 0x4D,
0x59, 0x15, 0x9D, 0x9A, 0x87, 0x9A, 0x54, 0x2E,
0x26, 0x09, 0x22, 0xAD, 0xF9, 0x99, 0x05, 0x1C,
0xC4, 0x52, 0x00, 0xC9, 0xFF, 0xDB, 0x60, 0x44,
0x9C, 0x49, 0x46, 0x59, 0x79, 0x27, 0x23, 0x67,
0xC0, 0x83, 0xA7, 0xD6, 0x26, 0x7A, 0x3E, 0xD7,
0xA7, 0xFD, 0x47, 0x95, 0x7C, 0x21, 0x93, 0x27,
0xF7, 0xCA, 0x73, 0xA4, 0x00, 0x7E, 0x16, 0x27,
0xF0, 0x0B, 0x11, 0xCC, 0x80, 0x57, 0x3C, 0x15,
0xAE, 0xE6, 0x64, 0x0F, 0xB8, 0x56, 0x2D, 0xFA,
0x6B, 0x24, 0x0C, 0xA0, 0xAD, 0x35, 0x1A, 0xC4,
0xAC, 0x15, 0x5B, 0x96, 0xC1, 0x4C, 0x8A, 0xB1,
0x3D, 0xD2, 0x62, 0xCD, 0xFD, 0x51, 0xC4, 0xBB,
0x55, 0x72, 0xFD, 0x61, 0x65, 0x53, 0xD1, 0x7B,
0xDD, 0x43, 0x0A, 0xCB, 0xEA, 0x3E, 0x95, 0xF0,
0xB6, 0x98, 0xD6, 0x69, 0x90, 0xAB, 0x51, 0xE5,
0xD0, 0x37, 0x83, 0xA8, 0xB3, 0xD2, 0x78, 0xA5,
0x72, 0x04, 0x54, 0xCF, 0x96, 0x95, 0xCF, 0xDC,
0xA0, 0x84, 0x85, 0xBA, 0x09, 0x9C, 0x51, 0xCD,
0x92, 0xA7, 0xEA, 0x75, 0x87, 0xC1, 0xD1, 0x5C,
0x28, 0xE6, 0x09, 0xA8, 0x18, 0x52, 0x60, 0x1B,
0x06, 0x04, 0x01, 0x06, 0x79, 0xAA, 0x48, 0x2D,
0x51, 0x26, 0x1E, 0xC3, 0x6E, 0x36, 0xB8, 0x71,
0x96, 0x76, 0x21, 0x7F, 0xD7, 0x4C, 0x54, 0x78,
0x64, 0x88, 0xF4, 0xB4, 0x96, 0x9C, 0x05, 0xA8,
0xBA, 0x27, 0xCA, 0x3A, 0x77, 0xCC, 0xE7, 0x3B,
0x96, 0x59, 0x23, 0xCA, 0x55, 0x4E, 0x42, 0x2B,
0x9B, 0x61, 0xF4, 0x75, 0x46, 0x41, 0x60, 0x8A,
0xC1, 0x6C, 0x9B, 0x85, 0x87, 0xA3, 0x2C, 0x1C,
0x5D, 0xD7, 0x88, 0xF8, 0x8B, 0x36, 0xB7, 0x17,
0xA4, 0x69, 0x65, 0x63, 0x5D, 0xEB, 0x67, 0xF4,
0x5B, 0x12, 0x9B, 0x99, 0x07, 0x09, 0x09, 0xC9,
0x3E, 0xB8, 0x0B, 0x42, 0xC2, 0xB3, 0xF3, 0xF7,
0x03, 0x43, 0xA7, 0xCF, 0x37, 0xE8, 0x52, 0x0E,
0x7B, 0xCF, 0xC4, 0x16, 0xAC, 0xA4, 0xF1, 0x8C,
0x79, 0x81, 0x26, 0x2B, 0xA2, 0xBF, 0xC7, 0x56,
0xAE, 0x03, 0x27, 0x8F, 0x0E, 0xC6, 0x6D, 0xC2,
0x05, 0x76, 0x96, 0x82, 0x4B, 0xA6, 0x76, 0x98,
0x65, 0xA6, 0x01, 0xD7, 0x14, 0x8E, 0xF6, 0xF5,
0x4E, 0x5A, 0xF5, 0x68, 0x6A, 0xA2, 0x90, 0x6F,
0x99, 0x4C, 0xE3, 0x8A, 0x5E, 0x0B, 0x93, 0x8F,
0x23, 0x90, 0x07, 0x00, 0x30, 0x22, 0xC0, 0x33,
0x92, 0xDF, 0x34, 0x01, 0xB1, 0xE4, 0xA3, 0xA7,
0xEB, 0xC6, 0x16, 0x14, 0x49, 0xF7, 0x33, 0x74,
0xC8, 0xB0, 0x14, 0x03, 0x69, 0x34, 0x3D, 0x92,
0x95, 0xFD, 0xF5, 0x11, 0x84, 0x5C, 0x4A, 0x46,
0xEB, 0xAA, 0xB6, 0xCA, 0x54, 0x92, 0xF6, 0x80,
0x0B, 0x98, 0xC0, 0xCC, 0x80, 0x36, 0x53, 0xA4,
0xB1, 0xD6, 0xE6, 0xAA, 0xED, 0x19, 0x32, 0xBA,
0xCC, 0x5F, 0xEF, 0xAA, 0x81, 0x8B, 0xA5, 0x02,
0x85, 0x9B, 0xA5, 0x49, 0x4C, 0x5F, 0x54, 0x02,
0xC8, 0x53, 0x6A, 0x9C, 0x4C, 0x18, 0x88, 0x15,
0x06, 0x17, 0xF8, 0x00, 0x98, 0xF6, 0xB2, 0xA9,
0x9C, 0x39, 0xBC, 0x5D, 0xC7, 0xCF, 0x3B, 0x59,
0x00, 0xA2, 0x13, 0x29, 0xAB, 0x59, 0x05, 0x3A,
0xBA, 0xA6, 0x4E, 0xD1, 0x63, 0xE8, 0x59, 0xA8,
0xB3, 0xB3, 0xCA, 0x33, 0x59, 0xB7, 0x50, 0xCC,
0xC3, 0xE7, 0x10, 0xC7, 0xAC, 0x43, 0xC8, 0x19,
0x1C, 0xB5, 0xD6, 0x88, 0x70, 0xC0, 0x63, 0x91,
0xC0, 0xCB, 0x8A, 0xEC, 0x72, 0xB8, 0x97, 0xAC,
0x6B, 0xE7, 0xFB, 0xAA, 0xCC, 0x67, 0x6E, 0xD6,
0x63, 0x14, 0xC8, 0x36, 0x30, 0xE8, 0x94, 0x48,
0xC8, 0x8A, 0x1D, 0xF0, 0x4A, 0xCE, 0xB2, 0x3A,
0xBF, 0x2E, 0x40, 0x9E, 0xF3, 0x33, 0xC6, 0x22,
0x28, 0x9C, 0x18, 0xA2, 0x13, 0x4E, 0x65, 0x0C,
0x45, 0x25, 0x7E, 0x47, 0x47, 0x5F, 0xA3, 0x3A,
0xA5, 0x37, 0xA5, 0xA8, 0xF7, 0x68, 0x02, 0x14,
0x71, 0x6C, 0x50, 0xD4, 0x70, 0xE3, 0x28, 0x49,
0x63, 0xCA, 0x64, 0xF5, 0x46, 0x77, 0xAE, 0xC5,
0x4B, 0x52, 0x72, 0x16, 0x2B, 0xF5, 0x2B, 0xC8,
0x14, 0x2E, 0x1D, 0x41, 0x83, 0xFC, 0x01, 0x74,
0x54, 0xA6, 0xB5, 0xA4, 0x96, 0x83, 0x17, 0x59,
0x06, 0x40, 0x24, 0x74, 0x59, 0x78, 0xCB, 0xD5,
0x1A, 0x6C, 0xED, 0xC8, 0x95, 0x5D, 0xE4, 0xCC,
0x6D, 0x36, 0x36, 0x70, 0xA4, 0x74, 0x66, 0xE8,
0x2B, 0xE5, 0xC2, 0x36, 0x03, 0xA1, 0x7B, 0xF2,
0x2A, 0xCD, 0xB7, 0xCC, 0x98, 0x4A, 0xF0, 0x8C,
0x87, 0xE1, 0x4E, 0x27, 0x75, 0x3C, 0xF5, 0x87,
0xA8, 0xEC, 0x34, 0x47, 0xE6, 0x2C, 0x64, 0x9E,
0x88, 0x7A, 0x67, 0xC3, 0x6C, 0x9C, 0xE9, 0x87,
0x21, 0xB6, 0x97, 0x21, 0x32, 0x75, 0x64, 0x6B,
0x19, 0x4F, 0x36, 0x75, 0x86, 0x73, 0xA8, 0xED,
0x11, 0x28, 0x44, 0x55, 0xAF, 0xC7, 0xA8, 0x52,
0x9F, 0x69, 0xC9, 0x7A, 0x3C, 0x2D, 0x7B, 0x8C,
0x63, 0x6C, 0x0B, 0xA5, 0x56, 0x14, 0xB7, 0x68,
0xE6, 0x24, 0xE7, 0x12, 0x93, 0x0F, 0x77, 0x61,
0x69, 0xB0, 0x17, 0x15, 0x72, 0x53, 0x51, 0xBC,
0x74, 0xB4, 0x73, 0x95, 0xED, 0x52, 0xB2, 0x5A,
0x13, 0x13, 0xC9, 0x51, 0x64, 0x81, 0x4C, 0x34,
0xC9, 0x79, 0xCB, 0xDF, 0xAB, 0x85, 0x95, 0x46,
0x62, 0xCA, 0xB4, 0x85, 0xE7, 0x50, 0x87, 0xA9,
0x8C, 0xC7, 0x4B, 0xB8, 0x2C, 0xA2, 0xD1, 0xB5,
0xBF, 0x28, 0x03, 0x23, 0x84, 0x80, 0x63, 0x8C,
0x40, 0xE9, 0x0B, 0x43, 0xC7, 0x46, 0x0E, 0x7A,
0xA9, 0x17, 0xF0, 0x10, 0x15, 0x1F, 0xAB, 0x11,
0x69, 0x98, 0x7B, 0x37, 0x2A, 0xBB, 0x59, 0x27,
0x1F, 0x70, 0x06, 0xC2, 0x4E, 0x60, 0x23, 0x6B,
0x84, 0xB9, 0xDD, 0xD6, 0x00, 0x62, 0x37, 0x04,
0x25, 0x46, 0x17, 0xFB, 0x49, 0x8D, 0x89, 0xE5,
0x8B, 0x03, 0x68, 0xBC, 0xB2, 0x10, 0x3E, 0x79,
0x35, 0x3E, 0xB5, 0x87, 0x86, 0x0C, 0x14, 0x22,
0xE4, 0x76, 0x16, 0x2E, 0x42, 0x5B, 0xC2, 0x38,
0x1D, 0xB8, 0x2C, 0x65, 0x92, 0x73, 0x7E, 0x1D,
0xD6, 0x02, 0x86, 0x4B, 0x01, 0x67, 0xA7, 0x1E,
0xC1, 0xF2, 0x23, 0x30, 0x5C, 0x02, 0xFE, 0x25,
0x05, 0x2A, 0xF2, 0xB3, 0xB5, 0xA5, 0x5A, 0x0D,
0x7A, 0x20, 0x22, 0xD9, 0xA7, 0x98, 0xDC, 0x0C,
0x58, 0x74, 0xA9, 0x87, 0x02, 0xAA, 0xF4, 0x05,
0x4C, 0x5D, 0x80, 0x33, 0x8A, 0x52, 0x48, 0xB5,
0xB7, 0xBD, 0x09, 0xC5, 0x3B, 0x5E, 0x2A, 0x08,
0x4B, 0x04, 0x7D, 0x27, 0x7A, 0x86, 0x1B, 0x1A,
0x73, 0xBB, 0x51, 0x48, 0x8D, 0xE0, 0x4E, 0xF5,
0x73, 0xC8, 0x52, 0x30, 0xA0, 0x47, 0x0B, 0x73,
0x17, 0x5C, 0x9F, 0xA5, 0x05, 0x94, 0xF6, 0x6A,
0x5F, 0x50, 0xB4, 0x15, 0x00, 0x54, 0xC9, 0x3B,
0x68, 0x18, 0x6F, 0x8B, 0x5C, 0xBC, 0x49, 0x31,
0x6C, 0x85, 0x48, 0xA6, 0x42, 0xB2, 0xB3, 0x6A,
0x1D, 0x45, 0x4C, 0x74, 0x89, 0xAC, 0x33, 0xB2,
0xD2, 0xCE, 0x66, 0x68, 0x09, 0x67, 0x82, 0xA2,
0xC1, 0xE0, 0x86, 0x6D, 0x21, 0xA6, 0x5E, 0x16,
0xB5, 0x85, 0xE7, 0xAF, 0x86, 0x18, 0xBD, 0xF3,
0x18, 0x4C, 0x19, 0x86, 0x87, 0x85, 0x08, 0x91,
0x72, 0x77, 0xB9, 0x3E, 0x10, 0x70, 0x6B, 0x16,
0x14, 0x97, 0x2B, 0x2A, 0x94, 0xC7, 0x31, 0x0F,
0xE9, 0xC7, 0x08, 0xC2, 0x31, 0xA1, 0xA8, 0xAC,
0x8D, 0x93, 0x14, 0xA5, 0x29, 0xA9, 0x7F, 0x46,
0x9B, 0xF6, 0x49, 0x62, 0xD8, 0x20, 0x64, 0x84,
0x43, 0x09, 0x9A, 0x07, 0x6D, 0x55, 0xD4, 0xCE,
0xA8, 0x24, 0xA5, 0x83, 0x04, 0x84, 0x4F, 0x99,
0x49, 0x7C, 0x10, 0xA2, 0x51, 0x48, 0x61, 0x8A,
0x31, 0x5D, 0x72, 0xCA, 0x85, 0x7D, 0x1B, 0x04,
0xD5, 0x75, 0xB9, 0x4F, 0x85, 0xC0, 0x1D, 0x19,
0xBE, 0xF2, 0x11, 0xBF, 0x0A, 0xA3, 0x36, 0x2E,
0x70, 0x41, 0xFD, 0x16, 0x59, 0x6D, 0x80, 0x8E,
0x86, 0x7B, 0x44, 0xC4, 0xC0, 0x0D, 0x1C, 0xDA,
0x34, 0x18, 0x96, 0x77, 0x17, 0xF1, 0x47, 0xD0,
0xEB, 0x21, 0xB4, 0x2A, 0xAE, 0xE7, 0x4A, 0xC3,
0x5D, 0x0B, 0x92, 0x41, 0x4B, 0x95, 0x85, 0x31,
0xAA, 0xDF, 0x46, 0x3E, 0xC6, 0x30, 0x5A, 0xE5,
0xEC, 0xAF, 0x79, 0x17, 0x40, 0x02, 0xF2, 0x6D,
0xDE, 0xCC, 0x81, 0x3B, 0xF3, 0x26, 0x72, 0xE8,
0x52, 0x9D, 0x95, 0xA4, 0xE7, 0x30, 0xA7, 0xAB,
0x4A, 0x3E, 0x8F, 0x8A, 0x8A, 0xF9, 0x79, 0xA6,
0x65, 0xEA, 0xFD, 0x46, 0x5F, 0xC6, 0x4A, 0x0C,
0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15,
0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22
};
#endif
#ifndef WOLFSSL_NO_ML_KEM
WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_768_pk[] = {
0xa8, 0xe6, 0x51, 0xa1, 0xe6, 0x85, 0xf2, 0x24,
0x78, 0xa8, 0x95, 0x4f, 0x00, 0x7b, 0xc7, 0x71,
0x1b, 0x93, 0x07, 0x72, 0xc7, 0x8f, 0x09, 0x2e,
0x82, 0x87, 0x8e, 0x3e, 0x93, 0x7f, 0x36, 0x79,
0x67, 0x53, 0x29, 0x13, 0xa8, 0xd5, 0x3d, 0xfd,
0xf4, 0xbf, 0xb1, 0xf8, 0x84, 0x67, 0x46, 0x59,
0x67, 0x05, 0xcf, 0x34, 0x51, 0x42, 0xb9, 0x72,
0xa3, 0xf1, 0x63, 0x25, 0xc4, 0x0c, 0x29, 0x52,
0xa3, 0x7b, 0x25, 0x89, 0x7e, 0x5e, 0xf3, 0x5f,
0xba, 0xeb, 0x73, 0xa4, 0xac, 0xbe, 0xb6, 0xa0,
0xb8, 0x99, 0x42, 0xce, 0xb1, 0x95, 0x53, 0x1c,
0xfc, 0x0a, 0x07, 0x99, 0x39, 0x54, 0x48, 0x3e,
0x6c, 0xbc, 0x87, 0xc0, 0x6a, 0xa7, 0x4f, 0xf0,
0xca, 0xc5, 0x20, 0x7e, 0x53, 0x5b, 0x26, 0x0a,
0xa9, 0x8d, 0x11, 0x98, 0xc0, 0x7d, 0xa6, 0x05,
0xc4, 0xd1, 0x10, 0x20, 0xf6, 0xc9, 0xf7, 0xbb,
0x68, 0xbb, 0x34, 0x56, 0xc7, 0x3a, 0x01, 0xb7,
0x10, 0xbc, 0x99, 0xd1, 0x77, 0x39, 0xa5, 0x17,
0x16, 0xaa, 0x01, 0x66, 0x0c, 0x8b, 0x62, 0x8b,
0x2f, 0x56, 0x02, 0xba, 0x65, 0xf0, 0x7e, 0xa9,
0x93, 0x33, 0x6e, 0x89, 0x6e, 0x83, 0xf2, 0xc5,
0x73, 0x1b, 0xbf, 0x03, 0x46, 0x0c, 0x5b, 0x6c,
0x8a, 0xfe, 0xcb, 0x74, 0x8e, 0xe3, 0x91, 0xe9,
0x89, 0x34, 0xa2, 0xc5, 0x7d, 0x4d, 0x06, 0x9f,
0x50, 0xd8, 0x8b, 0x30, 0xd6, 0x96, 0x6f, 0x38,
0xc3, 0x7b, 0xc6, 0x49, 0xb8, 0x26, 0x34, 0xce,
0x77, 0x22, 0x64, 0x5c, 0xcd, 0x62, 0x50, 0x63,
0x36, 0x46, 0x46, 0xd6, 0xd6, 0x99, 0xdb, 0x57,
0xb4, 0x5e, 0xb6, 0x74, 0x65, 0xe1, 0x6d, 0xe4,
0xd4, 0x06, 0xa8, 0x18, 0xb9, 0xea, 0xe1, 0xca,
0x91, 0x6a, 0x25, 0x94, 0x48, 0x97, 0x08, 0xa4,
0x3c, 0xea, 0x88, 0xb0, 0x2a, 0x4c, 0x03, 0xd0,
0x9b, 0x44, 0x81, 0x5c, 0x97, 0x10, 0x1c, 0xaf,
0x50, 0x48, 0xbb, 0xcb, 0x24, 0x7a, 0xe2, 0x36,
0x6c, 0xdc, 0x25, 0x4b, 0xa2, 0x21, 0x29, 0xf4,
0x5b, 0x3b, 0x0e, 0xb3, 0x99, 0xca, 0x91, 0xa3,
0x03, 0x40, 0x28, 0x30, 0xec, 0x01, 0xdb, 0x7b,
0x2c, 0xa4, 0x80, 0xcf, 0x35, 0x04, 0x09, 0xb2,
0x16, 0x09, 0x4b, 0x7b, 0x0c, 0x3a, 0xe3, 0x3c,
0xe1, 0x0a, 0x91, 0x24, 0xe8, 0x96, 0x51, 0xab,
0x90, 0x1e, 0xa2, 0x53, 0xc8, 0x41, 0x5b, 0xd7,
0x82, 0x5f, 0x02, 0xbb, 0x22, 0x93, 0x69, 0xaf,
0x97, 0x20, 0x28, 0xf2, 0x28, 0x75, 0xea, 0x55,
0xaf, 0x16, 0xd3, 0xbc, 0x69, 0xf7, 0x0c, 0x2e,
0xe8, 0xb7, 0x5f, 0x28, 0xb4, 0x7d, 0xd3, 0x91,
0xf9, 0x89, 0xad, 0xe3, 0x14, 0x72, 0x9c, 0x33,
0x1f, 0xa0, 0x4c, 0x19, 0x17, 0xb2, 0x78, 0xc3,
0xeb, 0x60, 0x28, 0x68, 0x51, 0x28, 0x21, 0xad,
0xc8, 0x25, 0xc6, 0x45, 0x77, 0xce, 0x1e, 0x63,
0xb1, 0xd9, 0x64, 0x4a, 0x61, 0x29, 0x48, 0xa3,
0x48, 0x3c, 0x7f, 0x1b, 0x9a, 0x25, 0x80, 0x00,
0xe3, 0x01, 0x96, 0x94, 0x4a, 0x40, 0x36, 0x27,
0x60, 0x9c, 0x76, 0xc7, 0xea, 0x6b, 0x5d, 0xe0,
0x17, 0x64, 0xd2, 0x43, 0x79, 0x11, 0x7b, 0x9e,
0xa2, 0x98, 0x48, 0xdc, 0x55, 0x5c, 0x45, 0x4b,
0xce, 0xae, 0x1b, 0xa5, 0xcc, 0x72, 0xc7, 0x4a,
0xb9, 0x6b, 0x9c, 0x91, 0xb9, 0x10, 0xd2, 0x6b,
0x88, 0xb2, 0x56, 0x39, 0xd4, 0x77, 0x8a, 0xe2,
0x6c, 0x7c, 0x61, 0x51, 0xa1, 0x9c, 0x6c, 0xd7,
0x93, 0x84, 0x54, 0x37, 0x24, 0x65, 0xe4, 0xc5,
0xec, 0x29, 0x24, 0x5a, 0xcb, 0x3d, 0xb5, 0x37,
0x9d, 0xe3, 0xda, 0xbf, 0xa6, 0x29, 0xa7, 0xc0,
0x4a, 0x83, 0x53, 0xa8, 0x53, 0x0c, 0x95, 0xac,
0xb7, 0x32, 0xbb, 0x4b, 0xb8, 0x19, 0x32, 0xbb,
0x2c, 0xa7, 0xa8, 0x48, 0xcd, 0x36, 0x68, 0x01,
0x44, 0x4a, 0xbe, 0x23, 0xc8, 0x3b, 0x36, 0x6a,
0x87, 0xd6, 0xa3, 0xcf, 0x36, 0x09, 0x24, 0xc0,
0x02, 0xba, 0xe9, 0x0a, 0xf6, 0x5c, 0x48, 0x06,
0x0b, 0x37, 0x52, 0xf2, 0xba, 0xdf, 0x1a, 0xb2,
0x72, 0x20, 0x72, 0x55, 0x4a, 0x50, 0x59, 0x75,
0x35, 0x94, 0xe6, 0xa7, 0x02, 0x76, 0x1f, 0xc9,
0x76, 0x84, 0xc8, 0xc4, 0xa7, 0x54, 0x0a, 0x6b,
0x07, 0xfb, 0xc9, 0xde, 0x87, 0xc9, 0x74, 0xaa,
0x88, 0x09, 0xd9, 0x28, 0xc7, 0xf4, 0xcb, 0xbf,
0x80, 0x45, 0xae, 0xa5, 0xbc, 0x66, 0x78, 0x25,
0xfd, 0x05, 0xa5, 0x21, 0xf1, 0xa4, 0xbf, 0x53,
0x92, 0x10, 0xc7, 0x11, 0x3b, 0xc3, 0x7b, 0x3e,
0x58, 0xb0, 0xcb, 0xfc, 0x53, 0xc8, 0x41, 0xcb,
0xb0, 0x37, 0x1d, 0xe2, 0xe5, 0x11, 0xb9, 0x89,
0xcb, 0x7c, 0x70, 0xc0, 0x23, 0x36, 0x6d, 0x78,
0xf9, 0xc3, 0x7e, 0xf0, 0x47, 0xf8, 0x72, 0x0b,
0xe1, 0xc7, 0x59, 0xa8, 0xd9, 0x6b, 0x93, 0xf6,
0x5a, 0x94, 0x11, 0x4f, 0xfa, 0xf6, 0x0d, 0x9a,
0x81, 0x79, 0x5e, 0x99, 0x5c, 0x71, 0x15, 0x2a,
0x46, 0x91, 0xa5, 0xa6, 0x02, 0xa9, 0xe1, 0xf3,
0x59, 0x9e, 0x37, 0xc7, 0x68, 0xc7, 0xbc, 0x10,
0x89, 0x94, 0xc0, 0x66, 0x9f, 0x3a, 0xdc, 0x95,
0x7d, 0x46, 0xb4, 0xb6, 0x25, 0x69, 0x68, 0xe2,
0x90, 0xd7, 0x89, 0x2e, 0xa8, 0x54, 0x64, 0xee,
0x7a, 0x75, 0x0f, 0x39, 0xc5, 0xe3, 0x15, 0x2c,
0x2d, 0xfc, 0x56, 0xd8, 0xb0, 0xc9, 0x24, 0xba,
0x8a, 0x95, 0x9a, 0x68, 0x09, 0x65, 0x47, 0xf6,
0x64, 0x23, 0xc8, 0x38, 0x98, 0x2a, 0x57, 0x94,
0xb9, 0xe1, 0x53, 0x37, 0x71, 0x33, 0x1a, 0x9a,
0x65, 0x6c, 0x28, 0x82, 0x8b, 0xeb, 0x91, 0x26,
0xa6, 0x0e, 0x95, 0xe8, 0xc5, 0xd9, 0x06, 0x83,
0x2c, 0x77, 0x10, 0x70, 0x55, 0x76, 0xb1, 0xfb,
0x95, 0x07, 0x26, 0x9d, 0xda, 0xf8, 0xc9, 0x5c,
0xe9, 0x71, 0x9b, 0x2c, 0xa8, 0xdd, 0x11, 0x2b,
0xe1, 0x0b, 0xcc, 0x9f, 0x4a, 0x37, 0xbd, 0x1b,
0x1e, 0xee, 0xb3, 0x3e, 0xcd, 0xa7, 0x6a, 0xe9,
0xf6, 0x9a, 0x5d, 0x4b, 0x29, 0x23, 0xa8, 0x69,
0x57, 0x67, 0x1d, 0x61, 0x93, 0x35, 0xbe, 0x1c,
0x4c, 0x2c, 0x77, 0xce, 0x87, 0xc4, 0x1f, 0x98,
0xa8, 0xcc, 0x46, 0x64, 0x60, 0xfa, 0x30, 0x0a,
0xaf, 0x5b, 0x30, 0x1f, 0x0a, 0x1d, 0x09, 0xc8,
0x8e, 0x65, 0xda, 0x4d, 0x8e, 0xe6, 0x4f, 0x68,
0xc0, 0x21, 0x89, 0xbb, 0xb3, 0x58, 0x4b, 0xaf,
0xf7, 0x16, 0xc8, 0x5d, 0xb6, 0x54, 0x04, 0x8a,
0x00, 0x43, 0x33, 0x48, 0x93, 0x93, 0xa0, 0x74,
0x27, 0xcd, 0x3e, 0x21, 0x7e, 0x6a, 0x34, 0x5f,
0x6c, 0x2c, 0x2b, 0x13, 0xc2, 0x7b, 0x33, 0x72,
0x71, 0xc0, 0xb2, 0x7b, 0x2d, 0xba, 0xa0, 0x0d,
0x23, 0x76, 0x00, 0xb5, 0xb5, 0x94, 0xe8, 0xcf,
0x2d, 0xd6, 0x25, 0xea, 0x76, 0xcf, 0x0e, 0xd8,
0x99, 0x12, 0x2c, 0x97, 0x96, 0xb4, 0xb0, 0x18,
0x70, 0x04, 0x25, 0x80, 0x49, 0xa4, 0x77, 0xcd,
0x11, 0xd6, 0x8c, 0x49, 0xb9, 0xa0, 0xe7, 0xb0,
0x0b, 0xce, 0x8c, 0xac, 0x78, 0x64, 0xcb, 0xb3,
0x75, 0x14, 0x00, 0x84, 0x74, 0x4c, 0x93, 0x06,
0x26, 0x94, 0xca, 0x79, 0x5c, 0x4f, 0x40, 0xe7,
0xac, 0xc9, 0xc5, 0xa1, 0x88, 0x40, 0x72, 0xd8,
0xc3, 0x8d, 0xaf, 0xb5, 0x01, 0xee, 0x41, 0x84,
0xdd, 0x5a, 0x81, 0x9e, 0xc2, 0x4e, 0xc1, 0x65,
0x12, 0x61, 0xf9, 0x62, 0xb1, 0x7a, 0x72, 0x15,
0xaa, 0x4a, 0x74, 0x8c, 0x15, 0x83, 0x6c, 0x38,
0x91, 0x37, 0x67, 0x82, 0x04, 0x83, 0x8d, 0x71,
0x95, 0xa8, 0x5b, 0x4f, 0x98, 0xa1, 0xb5, 0x74,
0xc4, 0xcd, 0x79, 0x09, 0xcd, 0x1f, 0x83, 0x3e,
0xff, 0xd1, 0x48, 0x55, 0x43, 0x22, 0x9d, 0x37,
0x48, 0xd9, 0xb5, 0xcd, 0x6c, 0x17, 0xb9, 0xb3,
0xb8, 0x4a, 0xef, 0x8b, 0xce, 0x13, 0xe6, 0x83,
0x73, 0x36, 0x59, 0xc7, 0x95, 0x42, 0xd6, 0x15,
0x78, 0x2a, 0x71, 0xcd, 0xee, 0xe7, 0x92, 0xba,
0xb5, 0x1b, 0xdc, 0x4b, 0xbf, 0xe8, 0x30, 0x8e,
0x66, 0x31, 0x44, 0xed, 0xe8, 0x49, 0x18, 0x30,
0xad, 0x98, 0xb4, 0x63, 0x4f, 0x64, 0xab, 0xa8,
0xb9, 0xc0, 0x42, 0x27, 0x26, 0x53, 0x92, 0x0f,
0x38, 0x0c, 0x1a, 0x17, 0xca, 0x87, 0xce, 0xd7,
0xaa, 0xc4, 0x1c, 0x82, 0x88, 0x87, 0x93, 0x18,
0x1a, 0x6f, 0x76, 0xe1, 0x97, 0xb7, 0xb9, 0x0e,
0xf9, 0x09, 0x43, 0xbb, 0x38, 0x44, 0x91, 0x29,
0x11, 0xd8, 0x55, 0x1e, 0x54, 0x66, 0xc5, 0x76,
0x7a, 0xb0, 0xbc, 0x61, 0xa1, 0xa3, 0xf7, 0x36,
0x16, 0x2e, 0xc0, 0x98, 0xa9, 0x00, 0xb1, 0x2d,
0xd8, 0xfa, 0xbb, 0xfb, 0x3f, 0xe8, 0xcb, 0x1d,
0xc4, 0xe8, 0x31, 0x5f, 0x2a, 0xf0, 0xd3, 0x2f,
0x00, 0x17, 0xae, 0x13, 0x6e, 0x19, 0xf0, 0x28
};
#endif
#ifdef WOLFSSL_MLKEM_KYBER
WOLFSSL_SMALL_STACK_STATIC const byte kyber768_sk[] = {
0x07, 0x63, 0x8F, 0xB6, 0x98, 0x68, 0xF3, 0xD3,
0x20, 0xE5, 0x86, 0x2B, 0xD9, 0x69, 0x33, 0xFE,
0xB3, 0x11, 0xB3, 0x62, 0x09, 0x3C, 0x9B, 0x5D,
0x50, 0x17, 0x0B, 0xCE, 0xD4, 0x3F, 0x1B, 0x53,
0x6D, 0x9A, 0x20, 0x4B, 0xB1, 0xF2, 0x26, 0x95,
0x95, 0x0B, 0xA1, 0xF2, 0xA9, 0xE8, 0xEB, 0x82,
0x8B, 0x28, 0x44, 0x88, 0x76, 0x0B, 0x3F, 0xC8,
0x4F, 0xAB, 0xA0, 0x42, 0x75, 0xD5, 0x62, 0x8E,
0x39, 0xC5, 0xB2, 0x47, 0x13, 0x74, 0x28, 0x3C,
0x50, 0x32, 0x99, 0xC0, 0xAB, 0x49, 0xB6, 0x6B,
0x8B, 0xBB, 0x56, 0xA4, 0x18, 0x66, 0x24, 0xF9,
0x19, 0xA2, 0xBA, 0x59, 0xBB, 0x08, 0xD8, 0x55,
0x18, 0x80, 0xC2, 0xBE, 0xFC, 0x4F, 0x87, 0xF2,
0x5F, 0x59, 0xAB, 0x58, 0x7A, 0x79, 0xC3, 0x27,
0xD7, 0x92, 0xD5, 0x4C, 0x97, 0x4A, 0x69, 0x26,
0x2F, 0xF8, 0xA7, 0x89, 0x38, 0x28, 0x9E, 0x9A,
0x87, 0xB6, 0x88, 0xB0, 0x83, 0xE0, 0x59, 0x5F,
0xE2, 0x18, 0xB6, 0xBB, 0x15, 0x05, 0x94, 0x1C,
0xE2, 0xE8, 0x1A, 0x5A, 0x64, 0xC5, 0xAA, 0xC6,
0x04, 0x17, 0x25, 0x69, 0x85, 0x34, 0x9E, 0xE4,
0x7A, 0x52, 0x42, 0x0A, 0x5F, 0x97, 0x47, 0x7B,
0x72, 0x36, 0xAC, 0x76, 0xBC, 0x70, 0xE8, 0x28,
0x87, 0x29, 0x28, 0x7E, 0xE3, 0xE3, 0x4A, 0x3D,
0xBC, 0x36, 0x83, 0xC0, 0xB7, 0xB1, 0x00, 0x29,
0xFC, 0x20, 0x34, 0x18, 0x53, 0x7E, 0x74, 0x66,
0xBA, 0x63, 0x85, 0xA8, 0xFF, 0x30, 0x1E, 0xE1,
0x27, 0x08, 0xF8, 0x2A, 0xAA, 0x1E, 0x38, 0x0F,
0xC7, 0xA8, 0x8F, 0x8F, 0x20, 0x5A, 0xB7, 0xE8,
0x8D, 0x7E, 0x95, 0x95, 0x2A, 0x55, 0xBA, 0x20,
0xD0, 0x9B, 0x79, 0xA4, 0x71, 0x41, 0xD6, 0x2B,
0xF6, 0xEB, 0x7D, 0xD3, 0x07, 0xB0, 0x8E, 0xCA,
0x13, 0xA5, 0xBC, 0x5F, 0x6B, 0x68, 0x58, 0x1C,
0x68, 0x65, 0xB2, 0x7B, 0xBC, 0xDD, 0xAB, 0x14,
0x2F, 0x4B, 0x2C, 0xBF, 0xF4, 0x88, 0xC8, 0xA2,
0x27, 0x05, 0xFA, 0xA9, 0x8A, 0x2B, 0x9E, 0xEA,
0x35, 0x30, 0xC7, 0x66, 0x62, 0x33, 0x5C, 0xC7,
0xEA, 0x3A, 0x00, 0x77, 0x77, 0x25, 0xEB, 0xCC,
0xCD, 0x2A, 0x46, 0x36, 0xB2, 0xD9, 0x12, 0x2F,
0xF3, 0xAB, 0x77, 0x12, 0x3C, 0xE0, 0x88, 0x3C,
0x19, 0x11, 0x11, 0x5E, 0x50, 0xC9, 0xE8, 0xA9,
0x41, 0x94, 0xE4, 0x8D, 0xD0, 0xD0, 0x9C, 0xFF,
0xB3, 0xAD, 0xCD, 0x2C, 0x1E, 0x92, 0x43, 0x09,
0x03, 0xD0, 0x7A, 0xDB, 0xF0, 0x05, 0x32, 0x03,
0x15, 0x75, 0xAA, 0x7F, 0x9E, 0x7B, 0x5A, 0x1F,
0x33, 0x62, 0xDE, 0xC9, 0x36, 0xD4, 0x04, 0x3C,
0x05, 0xF2, 0x47, 0x6C, 0x07, 0x57, 0x8B, 0xC9,
0xCB, 0xAF, 0x2A, 0xB4, 0xE3, 0x82, 0x72, 0x7A,
0xD4, 0x16, 0x86, 0xA9, 0x6B, 0x25, 0x48, 0x82,
0x0B, 0xB0, 0x3B, 0x32, 0xF1, 0x1B, 0x28, 0x11,
0xAD, 0x62, 0xF4, 0x89, 0xE9, 0x51, 0x63, 0x2A,
0xBA, 0x0D, 0x1D, 0xF8, 0x96, 0x80, 0xCC, 0x8A,
0x8B, 0x53, 0xB4, 0x81, 0xD9, 0x2A, 0x68, 0xD7,
0x0B, 0x4E, 0xA1, 0xC3, 0xA6, 0xA5, 0x61, 0xC0,
0x69, 0x28, 0x82, 0xB5, 0xCA, 0x8C, 0xC9, 0x42,
0xA8, 0xD4, 0x95, 0xAF, 0xCB, 0x06, 0xDE, 0x89,
0x49, 0x8F, 0xB9, 0x35, 0xB7, 0x75, 0x90, 0x8F,
0xE7, 0xA0, 0x3E, 0x32, 0x4D, 0x54, 0xCC, 0x19,
0xD4, 0xE1, 0xAA, 0xBD, 0x35, 0x93, 0xB3, 0x8B,
0x19, 0xEE, 0x13, 0x88, 0xFE, 0x49, 0x2B, 0x43,
0x12, 0x7E, 0x5A, 0x50, 0x42, 0x53, 0x78, 0x6A,
0x0D, 0x69, 0xAD, 0x32, 0x60, 0x1C, 0x28, 0xE2,
0xC8, 0x85, 0x04, 0xA5, 0xBA, 0x59, 0x97, 0x06,
0x02, 0x3A, 0x61, 0x36, 0x3E, 0x17, 0xC6, 0xB9,
0xBB, 0x59, 0xBD, 0xC6, 0x97, 0x45, 0x2C, 0xD0,
0x59, 0x45, 0x19, 0x83, 0xD7, 0x38, 0xCA, 0x3F,
0xD0, 0x34, 0xE3, 0xF5, 0x98, 0x88, 0x54, 0xCA,
0x05, 0x03, 0x1D, 0xB0, 0x96, 0x11, 0x49, 0x89,
0x88, 0x19, 0x7C, 0x6B, 0x30, 0xD2, 0x58, 0xDF,
0xE2, 0x62, 0x65, 0x54, 0x1C, 0x89, 0xA4, 0xB3,
0x1D, 0x68, 0x64, 0xE9, 0x38, 0x9B, 0x03, 0xCB,
0x74, 0xF7, 0xEC, 0x43, 0x23, 0xFB, 0x94, 0x21,
0xA4, 0xB9, 0x79, 0x0A, 0x26, 0xD1, 0x7B, 0x03,
0x98, 0xA2, 0x67, 0x67, 0x35, 0x09, 0x09, 0xF8,
0x4D, 0x57, 0xB6, 0x69, 0x4D, 0xF8, 0x30, 0x66,
0x4C, 0xA8, 0xB3, 0xC3, 0xC0, 0x3E, 0xD2, 0xAE,
0x67, 0xB8, 0x90, 0x06, 0x86, 0x8A, 0x68, 0x52,
0x7C, 0xCD, 0x66, 0x64, 0x59, 0xAB, 0x7F, 0x05,
0x66, 0x71, 0x00, 0x0C, 0x61, 0x64, 0xD3, 0xA7,
0xF2, 0x66, 0xA1, 0x4D, 0x97, 0xCB, 0xD7, 0x00,
0x4D, 0x6C, 0x92, 0xCA, 0xCA, 0x77, 0x0B, 0x84,
0x4A, 0x4F, 0xA9, 0xB1, 0x82, 0xE7, 0xB1, 0x8C,
0xA8, 0x85, 0x08, 0x2A, 0xC5, 0x64, 0x6F, 0xCB,
0x4A, 0x14, 0xE1, 0x68, 0x5F, 0xEB, 0x0C, 0x9C,
0xE3, 0x37, 0x2A, 0xB9, 0x53, 0x65, 0xC0, 0x4F,
0xD8, 0x30, 0x84, 0xF8, 0x0A, 0x23, 0xFF, 0x10,
0xA0, 0x5B, 0xF1, 0x5F, 0x7F, 0xA5, 0xAC, 0xC6,
0xC0, 0xCB, 0x46, 0x2C, 0x33, 0xCA, 0x52, 0x4F,
0xA6, 0xB8, 0xBB, 0x35, 0x90, 0x43, 0xBA, 0x68,
0x60, 0x9E, 0xAA, 0x25, 0x36, 0xE8, 0x1D, 0x08,
0x46, 0x3B, 0x19, 0x65, 0x3B, 0x54, 0x35, 0xBA,
0x94, 0x6C, 0x9A, 0xDD, 0xEB, 0x20, 0x2B, 0x04,
0xB0, 0x31, 0xCC, 0x96, 0x0D, 0xCC, 0x12, 0xE4,
0x51, 0x8D, 0x42, 0x8B, 0x32, 0xB2, 0x57, 0xA4,
0xFC, 0x73, 0x13, 0xD3, 0xA7, 0x98, 0x0D, 0x80,
0x08, 0x2E, 0x93, 0x4F, 0x9D, 0x95, 0xC3, 0x2B,
0x0A, 0x01, 0x91, 0xA2, 0x36, 0x04, 0x38, 0x4D,
0xD9, 0xE0, 0x79, 0xBB, 0xBA, 0xA2, 0x66, 0xD1,
0x4C, 0x3F, 0x75, 0x6B, 0x9F, 0x21, 0x33, 0x10,
0x74, 0x33, 0xA4, 0xE8, 0x3F, 0xA7, 0x18, 0x72,
0x82, 0xA8, 0x09, 0x20, 0x3A, 0x4F, 0xAF, 0x84,
0x18, 0x51, 0x83, 0x3D, 0x12, 0x1A, 0xC3, 0x83,
0x84, 0x3A, 0x5E, 0x55, 0xBC, 0x23, 0x81, 0x42,
0x5E, 0x16, 0xC7, 0xDB, 0x4C, 0xC9, 0xAB, 0x5C,
0x1B, 0x0D, 0x91, 0xA4, 0x7E, 0x2B, 0x8D, 0xE0,
0xE5, 0x82, 0xC8, 0x6B, 0x6B, 0x0D, 0x90, 0x7B,
0xB3, 0x60, 0xB9, 0x7F, 0x40, 0xAB, 0x5D, 0x03,
0x8F, 0x6B, 0x75, 0xC8, 0x14, 0xB2, 0x7D, 0x9B,
0x96, 0x8D, 0x41, 0x98, 0x32, 0xBC, 0x8C, 0x2B,
0xEE, 0x60, 0x5E, 0xF6, 0xE5, 0x05, 0x9D, 0x33,
0x10, 0x0D, 0x90, 0x48, 0x5D, 0x37, 0x84, 0x50,
0x01, 0x42, 0x21, 0x73, 0x6C, 0x07, 0x40, 0x7C,
0xAC, 0x26, 0x04, 0x08, 0xAA, 0x64, 0x92, 0x66,
0x19, 0x78, 0x8B, 0x86, 0x01, 0xC2, 0xA7, 0x52,
0xD1, 0xA6, 0xCB, 0xF8, 0x20, 0xD7, 0xC7, 0xA0,
0x47, 0x16, 0x20, 0x32, 0x25, 0xB3, 0x89, 0x5B,
0x93, 0x42, 0xD1, 0x47, 0xA8, 0x18, 0x5C, 0xFC,
0x1B, 0xB6, 0x5B, 0xA0, 0x6B, 0x41, 0x42, 0x33,
0x99, 0x03, 0xC0, 0xAC, 0x46, 0x51, 0x38, 0x5B,
0x45, 0xD9, 0x8A, 0x8B, 0x19, 0xD2, 0x8C, 0xD6,
0xBA, 0xB0, 0x88, 0x78, 0x7F, 0x7E, 0xE1, 0xB1,
0x24, 0x61, 0x76, 0x6B, 0x43, 0xCB, 0xCC, 0xB9,
0x64, 0x34, 0x42, 0x7D, 0x93, 0xC0, 0x65, 0x55,
0x06, 0x88, 0xF6, 0x94, 0x8E, 0xD1, 0xB5, 0x47,
0x5A, 0x42, 0x5F, 0x1B, 0x85, 0x20, 0x9D, 0x06,
0x1C, 0x08, 0xB5, 0x6C, 0x1C, 0xC0, 0x69, 0xF6,
0xC0, 0xA7, 0xC6, 0xF2, 0x93, 0x58, 0xCA, 0xB9,
0x11, 0x08, 0x77, 0x32, 0xA6, 0x49, 0xD2, 0x7C,
0x9B, 0x98, 0xF9, 0xA4, 0x88, 0x79, 0x38, 0x7D,
0x9B, 0x00, 0xC2, 0x59, 0x59, 0xA7, 0x16, 0x54,
0xD6, 0xF6, 0xA9, 0x46, 0x16, 0x45, 0x13, 0xE4,
0x7A, 0x75, 0xD0, 0x05, 0x98, 0x6C, 0x23, 0x63,
0xC0, 0x9F, 0x6B, 0x53, 0x7E, 0xCA, 0x78, 0xB9,
0x30, 0x3A, 0x5F, 0xA4, 0x57, 0x60, 0x8A, 0x58,
0x6A, 0x65, 0x3A, 0x34, 0x7D, 0xB0, 0x4D, 0xFC,
0xC1, 0x91, 0x75, 0xB3, 0xA3, 0x01, 0x17, 0x25,
0x36, 0x06, 0x2A, 0x65, 0x8A, 0x95, 0x27, 0x75,
0x70, 0xC8, 0x85, 0x2C, 0xA8, 0x97, 0x3F, 0x4A,
0xE1, 0x23, 0xA3, 0x34, 0x04, 0x7D, 0xD7, 0x11,
0xC8, 0x92, 0x7A, 0x63, 0x4A, 0x03, 0x38, 0x8A,
0x52, 0x7B, 0x03, 0x4B, 0xF7, 0xA8, 0x17, 0x0F,
0xA7, 0x02, 0xC1, 0xF7, 0xC2, 0x3E, 0xC3, 0x2D,
0x18, 0xA2, 0x37, 0x48, 0x90, 0xBE, 0x9C, 0x78,
0x7A, 0x94, 0x09, 0xC8, 0x2D, 0x19, 0x2C, 0x4B,
0xB7, 0x05, 0xA2, 0xF9, 0x96, 0xCE, 0x40, 0x5D,
0xA7, 0x2C, 0x2D, 0x9C, 0x84, 0x3E, 0xE9, 0xF8,
0x31, 0x3E, 0xCC, 0x7F, 0x86, 0xD6, 0x29, 0x4D,
0x59, 0x15, 0x9D, 0x9A, 0x87, 0x9A, 0x54, 0x2E,
0x26, 0x09, 0x22, 0xAD, 0xF9, 0x99, 0x05, 0x1C,
0xC4, 0x52, 0x00, 0xC9, 0xFF, 0xDB, 0x60, 0x44,
0x9C, 0x49, 0x46, 0x59, 0x79, 0x27, 0x23, 0x67,
0xC0, 0x83, 0xA7, 0xD6, 0x26, 0x7A, 0x3E, 0xD7,
0xA7, 0xFD, 0x47, 0x95, 0x7C, 0x21, 0x93, 0x27,
0xF7, 0xCA, 0x73, 0xA4, 0x00, 0x7E, 0x16, 0x27,
0xF0, 0x0B, 0x11, 0xCC, 0x80, 0x57, 0x3C, 0x15,
0xAE, 0xE6, 0x64, 0x0F, 0xB8, 0x56, 0x2D, 0xFA,
0x6B, 0x24, 0x0C, 0xA0, 0xAD, 0x35, 0x1A, 0xC4,
0xAC, 0x15, 0x5B, 0x96, 0xC1, 0x4C, 0x8A, 0xB1,
0x3D, 0xD2, 0x62, 0xCD, 0xFD, 0x51, 0xC4, 0xBB,
0x55, 0x72, 0xFD, 0x61, 0x65, 0x53, 0xD1, 0x7B,
0xDD, 0x43, 0x0A, 0xCB, 0xEA, 0x3E, 0x95, 0xF0,
0xB6, 0x98, 0xD6, 0x69, 0x90, 0xAB, 0x51, 0xE5,
0xD0, 0x37, 0x83, 0xA8, 0xB3, 0xD2, 0x78, 0xA5,
0x72, 0x04, 0x54, 0xCF, 0x96, 0x95, 0xCF, 0xDC,
0xA0, 0x84, 0x85, 0xBA, 0x09, 0x9C, 0x51, 0xCD,
0x92, 0xA7, 0xEA, 0x75, 0x87, 0xC1, 0xD1, 0x5C,
0x28, 0xE6, 0x09, 0xA8, 0x18, 0x52, 0x60, 0x1B,
0x06, 0x04, 0x01, 0x06, 0x79, 0xAA, 0x48, 0x2D,
0x51, 0x26, 0x1E, 0xC3, 0x6E, 0x36, 0xB8, 0x71,
0x96, 0x76, 0x21, 0x7F, 0xD7, 0x4C, 0x54, 0x78,
0x64, 0x88, 0xF4, 0xB4, 0x96, 0x9C, 0x05, 0xA8,
0xBA, 0x27, 0xCA, 0x3A, 0x77, 0xCC, 0xE7, 0x3B,
0x96, 0x59, 0x23, 0xCA, 0x55, 0x4E, 0x42, 0x2B,
0x9B, 0x61, 0xF4, 0x75, 0x46, 0x41, 0x60, 0x8A,
0xC1, 0x6C, 0x9B, 0x85, 0x87, 0xA3, 0x2C, 0x1C,
0x5D, 0xD7, 0x88, 0xF8, 0x8B, 0x36, 0xB7, 0x17,
0xA4, 0x69, 0x65, 0x63, 0x5D, 0xEB, 0x67, 0xF4,
0x5B, 0x12, 0x9B, 0x99, 0x07, 0x09, 0x09, 0xC9,
0x3E, 0xB8, 0x0B, 0x42, 0xC2, 0xB3, 0xF3, 0xF7,
0x03, 0x43, 0xA7, 0xCF, 0x37, 0xE8, 0x52, 0x0E,
0x7B, 0xCF, 0xC4, 0x16, 0xAC, 0xA4, 0xF1, 0x8C,
0x79, 0x81, 0x26, 0x2B, 0xA2, 0xBF, 0xC7, 0x56,
0xAE, 0x03, 0x27, 0x8F, 0x0E, 0xC6, 0x6D, 0xC2,
0x05, 0x76, 0x96, 0x82, 0x4B, 0xA6, 0x76, 0x98,
0x65, 0xA6, 0x01, 0xD7, 0x14, 0x8E, 0xF6, 0xF5,
0x4E, 0x5A, 0xF5, 0x68, 0x6A, 0xA2, 0x90, 0x6F,
0x99, 0x4C, 0xE3, 0x8A, 0x5E, 0x0B, 0x93, 0x8F,
0x23, 0x90, 0x07, 0x00, 0x30, 0x22, 0xC0, 0x33,
0x92, 0xDF, 0x34, 0x01, 0xB1, 0xE4, 0xA3, 0xA7,
0xEB, 0xC6, 0x16, 0x14, 0x49, 0xF7, 0x33, 0x74,
0xC8, 0xB0, 0x14, 0x03, 0x69, 0x34, 0x3D, 0x92,
0x95, 0xFD, 0xF5, 0x11, 0x84, 0x5C, 0x4A, 0x46,
0xEB, 0xAA, 0xB6, 0xCA, 0x54, 0x92, 0xF6, 0x80,
0x0B, 0x98, 0xC0, 0xCC, 0x80, 0x36, 0x53, 0xA4,
0xB1, 0xD6, 0xE6, 0xAA, 0xED, 0x19, 0x32, 0xBA,
0xCC, 0x5F, 0xEF, 0xAA, 0x81, 0x8B, 0xA5, 0x02,
0x85, 0x9B, 0xA5, 0x49, 0x4C, 0x5F, 0x54, 0x02,
0xC8, 0x53, 0x6A, 0x9C, 0x4C, 0x18, 0x88, 0x15,
0x06, 0x17, 0xF8, 0x00, 0x98, 0xF6, 0xB2, 0xA9,
0x9C, 0x39, 0xBC, 0x5D, 0xC7, 0xCF, 0x3B, 0x59,
0x00, 0xA2, 0x13, 0x29, 0xAB, 0x59, 0x05, 0x3A,
0xBA, 0xA6, 0x4E, 0xD1, 0x63, 0xE8, 0x59, 0xA8,
0xB3, 0xB3, 0xCA, 0x33, 0x59, 0xB7, 0x50, 0xCC,
0xC3, 0xE7, 0x10, 0xC7, 0xAC, 0x43, 0xC8, 0x19,
0x1C, 0xB5, 0xD6, 0x88, 0x70, 0xC0, 0x63, 0x91,
0xC0, 0xCB, 0x8A, 0xEC, 0x72, 0xB8, 0x97, 0xAC,
0x6B, 0xE7, 0xFB, 0xAA, 0xCC, 0x67, 0x6E, 0xD6,
0x63, 0x14, 0xC8, 0x36, 0x30, 0xE8, 0x94, 0x48,
0xC8, 0x8A, 0x1D, 0xF0, 0x4A, 0xCE, 0xB2, 0x3A,
0xBF, 0x2E, 0x40, 0x9E, 0xF3, 0x33, 0xC6, 0x22,
0x28, 0x9C, 0x18, 0xA2, 0x13, 0x4E, 0x65, 0x0C,
0x45, 0x25, 0x7E, 0x47, 0x47, 0x5F, 0xA3, 0x3A,
0xA5, 0x37, 0xA5, 0xA8, 0xF7, 0x68, 0x02, 0x14,
0x71, 0x6C, 0x50, 0xD4, 0x70, 0xE3, 0x28, 0x49,
0x63, 0xCA, 0x64, 0xF5, 0x46, 0x77, 0xAE, 0xC5,
0x4B, 0x52, 0x72, 0x16, 0x2B, 0xF5, 0x2B, 0xC8,
0x14, 0x2E, 0x1D, 0x41, 0x83, 0xFC, 0x01, 0x74,
0x54, 0xA6, 0xB5, 0xA4, 0x96, 0x83, 0x17, 0x59,
0x06, 0x40, 0x24, 0x74, 0x59, 0x78, 0xCB, 0xD5,
0x1A, 0x6C, 0xED, 0xC8, 0x95, 0x5D, 0xE4, 0xCC,
0x6D, 0x36, 0x36, 0x70, 0xA4, 0x74, 0x66, 0xE8,
0x2B, 0xE5, 0xC2, 0x36, 0x03, 0xA1, 0x7B, 0xF2,
0x2A, 0xCD, 0xB7, 0xCC, 0x98, 0x4A, 0xF0, 0x8C,
0x87, 0xE1, 0x4E, 0x27, 0x75, 0x3C, 0xF5, 0x87,
0xA8, 0xEC, 0x34, 0x47, 0xE6, 0x2C, 0x64, 0x9E,
0x88, 0x7A, 0x67, 0xC3, 0x6C, 0x9C, 0xE9, 0x87,
0x21, 0xB6, 0x97, 0x21, 0x32, 0x75, 0x64, 0x6B,
0x19, 0x4F, 0x36, 0x75, 0x86, 0x73, 0xA8, 0xED,
0x11, 0x28, 0x44, 0x55, 0xAF, 0xC7, 0xA8, 0x52,
0x9F, 0x69, 0xC9, 0x7A, 0x3C, 0x2D, 0x7B, 0x8C,
0x63, 0x6C, 0x0B, 0xA5, 0x56, 0x14, 0xB7, 0x68,
0xE6, 0x24, 0xE7, 0x12, 0x93, 0x0F, 0x77, 0x61,
0x69, 0xB0, 0x17, 0x15, 0x72, 0x53, 0x51, 0xBC,
0x74, 0xB4, 0x73, 0x95, 0xED, 0x52, 0xB2, 0x5A,
0x13, 0x13, 0xC9, 0x51, 0x64, 0x81, 0x4C, 0x34,
0xC9, 0x79, 0xCB, 0xDF, 0xAB, 0x85, 0x95, 0x46,
0x62, 0xCA, 0xB4, 0x85, 0xE7, 0x50, 0x87, 0xA9,
0x8C, 0xC7, 0x4B, 0xB8, 0x2C, 0xA2, 0xD1, 0xB5,
0xBF, 0x28, 0x03, 0x23, 0x84, 0x80, 0x63, 0x8C,
0x40, 0xE9, 0x0B, 0x43, 0xC7, 0x46, 0x0E, 0x7A,
0xA9, 0x17, 0xF0, 0x10, 0x15, 0x1F, 0xAB, 0x11,
0x69, 0x98, 0x7B, 0x37, 0x2A, 0xBB, 0x59, 0x27,
0x1F, 0x70, 0x06, 0xC2, 0x4E, 0x60, 0x23, 0x6B,
0x84, 0xB9, 0xDD, 0xD6, 0x00, 0x62, 0x37, 0x04,
0x25, 0x46, 0x17, 0xFB, 0x49, 0x8D, 0x89, 0xE5,
0x8B, 0x03, 0x68, 0xBC, 0xB2, 0x10, 0x3E, 0x79,
0x35, 0x3E, 0xB5, 0x87, 0x86, 0x0C, 0x14, 0x22,
0xE4, 0x76, 0x16, 0x2E, 0x42, 0x5B, 0xC2, 0x38,
0x1D, 0xB8, 0x2C, 0x65, 0x92, 0x73, 0x7E, 0x1D,
0xD6, 0x02, 0x86, 0x4B, 0x01, 0x67, 0xA7, 0x1E,
0xC1, 0xF2, 0x23, 0x30, 0x5C, 0x02, 0xFE, 0x25,
0x05, 0x2A, 0xF2, 0xB3, 0xB5, 0xA5, 0x5A, 0x0D,
0x7A, 0x20, 0x22, 0xD9, 0xA7, 0x98, 0xDC, 0x0C,
0x58, 0x74, 0xA9, 0x87, 0x02, 0xAA, 0xF4, 0x05,
0x4C, 0x5D, 0x80, 0x33, 0x8A, 0x52, 0x48, 0xB5,
0xB7, 0xBD, 0x09, 0xC5, 0x3B, 0x5E, 0x2A, 0x08,
0x4B, 0x04, 0x7D, 0x27, 0x7A, 0x86, 0x1B, 0x1A,
0x73, 0xBB, 0x51, 0x48, 0x8D, 0xE0, 0x4E, 0xF5,
0x73, 0xC8, 0x52, 0x30, 0xA0, 0x47, 0x0B, 0x73,
0x17, 0x5C, 0x9F, 0xA5, 0x05, 0x94, 0xF6, 0x6A,
0x5F, 0x50, 0xB4, 0x15, 0x00, 0x54, 0xC9, 0x3B,
0x68, 0x18, 0x6F, 0x8B, 0x5C, 0xBC, 0x49, 0x31,
0x6C, 0x85, 0x48, 0xA6, 0x42, 0xB2, 0xB3, 0x6A,
0x1D, 0x45, 0x4C, 0x74, 0x89, 0xAC, 0x33, 0xB2,
0xD2, 0xCE, 0x66, 0x68, 0x09, 0x67, 0x82, 0xA2,
0xC1, 0xE0, 0x86, 0x6D, 0x21, 0xA6, 0x5E, 0x16,
0xB5, 0x85, 0xE7, 0xAF, 0x86, 0x18, 0xBD, 0xF3,
0x18, 0x4C, 0x19, 0x86, 0x87, 0x85, 0x08, 0x91,
0x72, 0x77, 0xB9, 0x3E, 0x10, 0x70, 0x6B, 0x16,
0x14, 0x97, 0x2B, 0x2A, 0x94, 0xC7, 0x31, 0x0F,
0xE9, 0xC7, 0x08, 0xC2, 0x31, 0xA1, 0xA8, 0xAC,
0x8D, 0x93, 0x14, 0xA5, 0x29, 0xA9, 0x7F, 0x46,
0x9B, 0xF6, 0x49, 0x62, 0xD8, 0x20, 0x64, 0x84,
0x43, 0x09, 0x9A, 0x07, 0x6D, 0x55, 0xD4, 0xCE,
0xA8, 0x24, 0xA5, 0x83, 0x04, 0x84, 0x4F, 0x99,
0x49, 0x7C, 0x10, 0xA2, 0x51, 0x48, 0x61, 0x8A,
0x31, 0x5D, 0x72, 0xCA, 0x85, 0x7D, 0x1B, 0x04,
0xD5, 0x75, 0xB9, 0x4F, 0x85, 0xC0, 0x1D, 0x19,
0xBE, 0xF2, 0x11, 0xBF, 0x0A, 0xA3, 0x36, 0x2E,
0x70, 0x41, 0xFD, 0x16, 0x59, 0x6D, 0x80, 0x8E,
0x86, 0x7B, 0x44, 0xC4, 0xC0, 0x0D, 0x1C, 0xDA,
0x34, 0x18, 0x96, 0x77, 0x17, 0xF1, 0x47, 0xD0,
0xEB, 0x21, 0xB4, 0x2A, 0xAE, 0xE7, 0x4A, 0xC3,
0x5D, 0x0B, 0x92, 0x41, 0x4B, 0x95, 0x85, 0x31,
0xAA, 0xDF, 0x46, 0x3E, 0xC6, 0x30, 0x5A, 0xE5,
0xEC, 0xAF, 0x79, 0x17, 0x40, 0x02, 0xF2, 0x6D,
0xDE, 0xCC, 0x81, 0x3B, 0xF3, 0x26, 0x72, 0xE8,
0x52, 0x9D, 0x95, 0xA4, 0xE7, 0x30, 0xA7, 0xAB,
0x4A, 0x3E, 0x8F, 0x8A, 0x8A, 0xF9, 0x79, 0xA6,
0x65, 0xEA, 0xFD, 0x46, 0x5F, 0xC6, 0x4A, 0x0C,
0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15,
0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22,
0xD4, 0xEC, 0x14, 0x3B, 0x50, 0xF0, 0x14, 0x23,
0xB1, 0x77, 0x89, 0x5E, 0xDE, 0xE2, 0x2B, 0xB7,
0x39, 0xF6, 0x47, 0xEC, 0xF8, 0x5F, 0x50, 0xBC,
0x25, 0xEF, 0x7B, 0x5A, 0x72, 0x5D, 0xEE, 0x86,
0x86, 0x26, 0xED, 0x79, 0xD4, 0x51, 0x14, 0x08,
0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21,
0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
};
#endif
#ifndef WOLFSSL_NO_ML_KEM
WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_768_sk[] = {
0xda, 0x0a, 0xc7, 0xb6, 0x60, 0x40, 0x4e, 0x61,
0x3a, 0xa1, 0xf9, 0x80, 0x38, 0x0c, 0xb3, 0x6d,
0xba, 0x18, 0xd2, 0x32, 0x56, 0xc7, 0x26, 0x7a,
0x00, 0xa6, 0x7b, 0xa6, 0xc2, 0xa2, 0xb1, 0x4c,
0x41, 0x42, 0x39, 0x66, 0x2f, 0x68, 0xbd, 0x44,
0x6c, 0x8e, 0xfd, 0xf3, 0x66, 0x56, 0xa0, 0x89,
0x1a, 0x3c, 0xc6, 0x23, 0xfc, 0x68, 0xb6, 0x57,
0x2f, 0x7b, 0x29, 0xa6, 0xde, 0x12, 0x80, 0x14,
0x41, 0x1e, 0xe4, 0x19, 0x06, 0xd0, 0x80, 0x71,
0xf9, 0x48, 0x56, 0xe3, 0x6a, 0x83, 0x2b, 0x40,
0x33, 0x8d, 0x74, 0x35, 0x16, 0x65, 0x9b, 0xd2,
0x58, 0x79, 0xc0, 0x07, 0xa5, 0x2b, 0xc9, 0x58,
0x6f, 0x79, 0x87, 0x6a, 0xfa, 0xc6, 0xc9, 0xa3,
0x0d, 0x8f, 0xac, 0x24, 0x3b, 0xd2, 0x24, 0x25,
0xd6, 0xad, 0xce, 0x42, 0xab, 0x7e, 0xd3, 0x90,
0x14, 0x75, 0x7a, 0x95, 0x8b, 0xc8, 0xa7, 0x45,
0x65, 0xf0, 0x19, 0x23, 0x4f, 0xf0, 0x4b, 0x34,
0x89, 0x3e, 0xd6, 0xd0, 0x55, 0x01, 0xc3, 0x72,
0x55, 0x23, 0x9a, 0xae, 0x2a, 0xc1, 0x9f, 0x8c,
0x75, 0xac, 0x59, 0x00, 0xda, 0xe8, 0x30, 0x0d,
0xbb, 0xa7, 0x10, 0xdc, 0x2c, 0xaa, 0xe1, 0xbc,
0xa3, 0xa3, 0x8c, 0x58, 0x34, 0x2b, 0x28, 0x6b,
0x85, 0x18, 0xf1, 0x36, 0xad, 0x15, 0xb9, 0xf7,
0xbc, 0xbb, 0x06, 0xa5, 0x60, 0x7d, 0xb3, 0x75,
0xdb, 0xe9, 0x76, 0x45, 0x7c, 0x26, 0xc6, 0x59,
0x82, 0x57, 0x53, 0x1b, 0x2c, 0xfb, 0x6e, 0xe7,
0xf5, 0x15, 0x91, 0x84, 0x08, 0x04, 0xc3, 0x83,
0x88, 0x37, 0x6c, 0x27, 0x14, 0x84, 0x13, 0xda,
0x9e, 0x92, 0x92, 0x0b, 0xfd, 0x9a, 0x06, 0x9e,
0x01, 0x8b, 0xd2, 0x72, 0x05, 0x3d, 0xa8, 0x77,
0x5c, 0x0b, 0x73, 0x9f, 0x76, 0x1d, 0xb2, 0x10,
0x7c, 0xf3, 0x5a, 0x43, 0x4d, 0x69, 0xb0, 0x7e,
0x5b, 0xcd, 0xb8, 0x74, 0x34, 0x13, 0x8b, 0x0c,
0xb5, 0x56, 0x76, 0x1b, 0xa5, 0x22, 0xa5, 0x74,
0x7b, 0x28, 0x74, 0x7d, 0x80, 0xeb, 0x9d, 0x6c,
0xc6, 0x73, 0xbe, 0xe5, 0x76, 0x93, 0x77, 0xb9,
0x96, 0xd3, 0x6c, 0xeb, 0x0c, 0x0c, 0x7e, 0xd9,
0xa6, 0x58, 0x53, 0x33, 0x24, 0x86, 0x9c, 0x18,
0xa1, 0xa3, 0x6f, 0x31, 0x47, 0x0f, 0x14, 0xc5,
0xae, 0x49, 0xab, 0x07, 0x05, 0x07, 0xf8, 0x24,
0x9c, 0xe4, 0x04, 0xb4, 0x9c, 0x0a, 0x8c, 0x3e,
0xe4, 0x2f, 0xea, 0x96, 0x31, 0xfa, 0x1a, 0x0d,
0x10, 0xd8, 0x6b, 0x93, 0xf9, 0x86, 0xe0, 0xe3,
0xa8, 0x2e, 0x70, 0x3b, 0x74, 0xe5, 0xae, 0x61,
0x01, 0x24, 0x24, 0x21, 0xa8, 0x9a, 0xa0, 0x7f,
0xe6, 0x85, 0x88, 0x46, 0x0b, 0xaa, 0x36, 0x87,
0x86, 0x48, 0x6a, 0x72, 0xe4, 0xf2, 0x4d, 0x2d,
0xd7, 0x6c, 0xfc, 0x03, 0xb6, 0x94, 0xa5, 0xba,
0x91, 0xa7, 0x55, 0xa0, 0xb9, 0x8f, 0x3b, 0xf9,
0x33, 0x07, 0xc0, 0xab, 0x64, 0x63, 0x9a, 0xea,
0x7a, 0x64, 0x98, 0xa3, 0xc3, 0xdd, 0xc5, 0x71,
0x14, 0x1a, 0xbc, 0xa4, 0x67, 0x8c, 0xd2, 0xe2,
0xb8, 0x57, 0xfb, 0x88, 0xf6, 0x00, 0xca, 0xa5,
0x96, 0xb4, 0x4b, 0xc4, 0x22, 0x25, 0x0b, 0x28,
0x19, 0xe0, 0x51, 0x5f, 0x04, 0x72, 0x39, 0x18,
0x53, 0x70, 0x0b, 0x01, 0xef, 0xf9, 0x45, 0x3f,
0xd1, 0x18, 0x76, 0xb7, 0xc7, 0x59, 0xa0, 0x7d,
0xd8, 0x45, 0xca, 0xba, 0x45, 0x55, 0x26, 0x4a,
0x82, 0x76, 0x51, 0x93, 0xfd, 0xf8, 0x1b, 0x62,
0x0a, 0x1e, 0x1f, 0x92, 0x3f, 0xb2, 0x44, 0x42,
0xcd, 0x1c, 0xbe, 0x94, 0x17, 0x50, 0x03, 0xec,
0x06, 0xce, 0x77, 0xa3, 0xc6, 0x44, 0x93, 0xc1,
0x99, 0x98, 0x7a, 0x30, 0x0c, 0x95, 0xc5, 0x3c,
0x00, 0x89, 0xb5, 0xd6, 0x5c, 0x92, 0xea, 0x97,
0x1b, 0x2f, 0xfa, 0x93, 0xb5, 0x2a, 0x46, 0x1e,
0xa2, 0xac, 0x8c, 0x19, 0x9c, 0x2f, 0x4c, 0x2b,
0x70, 0x42, 0x97, 0xce, 0x3c, 0x39, 0x49, 0xe0,
0x73, 0x5e, 0xa8, 0xa1, 0x4a, 0xa5, 0x9e, 0x8d,
0xec, 0x0c, 0x87, 0x83, 0x99, 0xff, 0x70, 0x74,
0x7a, 0xb2, 0x44, 0xce, 0x46, 0xb5, 0xf2, 0x23,
0x04, 0x73, 0x32, 0x3d, 0x25, 0xc6, 0x6f, 0xe6,
0xb4, 0x19, 0xb1, 0xf4, 0xa1, 0x12, 0xe5, 0x21,
0x40, 0x35, 0x25, 0x6b, 0xc4, 0x3f, 0xfd, 0x2b,
0x6b, 0x7b, 0x37, 0x87, 0x69, 0xa6, 0xb4, 0x70,
0x00, 0xbf, 0xb6, 0x35, 0x7d, 0x45, 0x81, 0x4b,
0xae, 0xf3, 0x85, 0x7d, 0x37, 0x9e, 0x2f, 0xb8,
0xb5, 0xe5, 0x20, 0x1a, 0xb2, 0x62, 0x74, 0xbb,
0x1b, 0x70, 0xad, 0x32, 0x2c, 0xd0, 0x43, 0x9b,
0x2d, 0xb1, 0x09, 0xcf, 0xf0, 0xa2, 0xf8, 0xe6,
0x00, 0x99, 0x55, 0x71, 0xff, 0xc3, 0x8c, 0x59,
0x0b, 0xc4, 0xc7, 0x61, 0x5c, 0x69, 0xd0, 0xc9,
0x8e, 0xf4, 0x30, 0xf3, 0x08, 0x61, 0xa7, 0x72,
0x38, 0xff, 0xc0, 0x70, 0x61, 0xe4, 0x75, 0xd6,
0xa3, 0x0a, 0xd1, 0xb4, 0x7f, 0xd0, 0x39, 0xc3,
0xa4, 0x47, 0x76, 0x2d, 0xb2, 0x21, 0x1d, 0xc3,
0x1d, 0x0a, 0xca, 0xcf, 0xd5, 0x58, 0x90, 0xa5,
0x82, 0x47, 0x98, 0xf9, 0xae, 0xad, 0x74, 0x13,
0xdf, 0xe0, 0x28, 0xb1, 0x01, 0x2b, 0xe8, 0xb6,
0xca, 0x10, 0x26, 0x66, 0x6a, 0xc6, 0xbc, 0x94,
0x40, 0xa4, 0x49, 0xb5, 0x1a, 0xd8, 0xbb, 0xa7,
0xb0, 0x92, 0x1d, 0xd4, 0xd8, 0xb4, 0xa5, 0x78,
0x13, 0x6d, 0x1a, 0x05, 0xdb, 0x38, 0xcc, 0x85,
0x84, 0x37, 0xb2, 0x51, 0x61, 0xd1, 0xc3, 0xc2,
0x8e, 0xe0, 0x7b, 0xbc, 0xf2, 0xb2, 0x49, 0x11,
0x0d, 0x22, 0x78, 0x1d, 0xc3, 0x05, 0x0d, 0x8c,
0xc0, 0x09, 0x00, 0x96, 0xb3, 0x8a, 0x85, 0x06,
0x96, 0xf8, 0x6e, 0x9e, 0x6b, 0xab, 0x32, 0x52,
0x71, 0xb2, 0x24, 0x86, 0x75, 0x01, 0x19, 0x68,
0x50, 0x28, 0x81, 0x09, 0x04, 0x97, 0xfa, 0xc0,
0xaf, 0x84, 0x3c, 0x1a, 0xea, 0x76, 0xdd, 0x81,
0xcf, 0x29, 0xc0, 0x12, 0xc6, 0x62, 0x27, 0xb7,
0xf0, 0x6d, 0x99, 0x61, 0x30, 0x9b, 0x02, 0x62,
0xf7, 0x32, 0xc9, 0xa4, 0xd0, 0xbb, 0xd0, 0x67,
0x27, 0xab, 0xb8, 0x37, 0x1f, 0xf2, 0xc1, 0x18,
0x99, 0xa0, 0x98, 0x37, 0x5c, 0x46, 0x05, 0x16,
0xb2, 0xcc, 0x88, 0xbc, 0xf6, 0x28, 0xed, 0xe3,
0x7d, 0x8f, 0x3b, 0x33, 0x42, 0xe4, 0x49, 0x0a,
0x85, 0x60, 0x6e, 0xc0, 0x3d, 0xa2, 0x9b, 0x02,
0x56, 0x27, 0x53, 0x82, 0xa3, 0x31, 0x3d, 0xc0,
0x41, 0x11, 0x48, 0x01, 0x03, 0x2c, 0x51, 0x9f,
0x35, 0x0c, 0x3e, 0x6a, 0xba, 0xc3, 0xe3, 0x3b,
0x93, 0xb4, 0xa1, 0x9f, 0x7c, 0x54, 0x66, 0xe5,
0x8c, 0xb1, 0xdc, 0x14, 0xb4, 0xa9, 0x6c, 0x47,
0x57, 0x29, 0xf9, 0x71, 0xbd, 0xf1, 0x73, 0xcd,
0xf3, 0x54, 0x82, 0x4d, 0x01, 0x94, 0x27, 0xf9,
0x5b, 0x3b, 0x4a, 0x4a, 0x4a, 0x95, 0x8e, 0x47,
0x6a, 0x6e, 0x69, 0x91, 0xce, 0x6f, 0x06, 0xcb,
0x5d, 0xfc, 0xa7, 0xd4, 0x38, 0x0c, 0x3d, 0x92,
0x0b, 0x57, 0x11, 0xac, 0x1f, 0xcb, 0xaf, 0x4b,
0x9a, 0xc8, 0x00, 0xb9, 0x76, 0xd1, 0xec, 0x76,
0x6a, 0x62, 0x6c, 0xc1, 0x90, 0x0b, 0x66, 0xb3,
0xa9, 0xdc, 0x62, 0xc5, 0xc1, 0x44, 0x52, 0x7a,
0x29, 0x6b, 0xaf, 0x70, 0x43, 0x3b, 0xf6, 0x57,
0xc0, 0x43, 0x7f, 0x87, 0x59, 0x7b, 0xd7, 0xc8,
0xbb, 0xbe, 0x9a, 0xbc, 0x37, 0x05, 0x09, 0x31,
0xa4, 0xa8, 0x69, 0x82, 0xa2, 0x02, 0x8a, 0x74,
0x45, 0x4c, 0x9b, 0x81, 0x0c, 0x88, 0xd1, 0x70,
0x1c, 0x8c, 0xc9, 0x8a, 0x1d, 0x4c, 0xa1, 0x07,
0xa6, 0xb2, 0x5e, 0x96, 0x2f, 0xe4, 0xb6, 0xb0,
0x3c, 0x95, 0x45, 0x32, 0x60, 0xb8, 0x07, 0x22,
0x86, 0x37, 0xcc, 0x9e, 0xb1, 0x2a, 0xcc, 0x09,
0x54, 0x95, 0x9a, 0x52, 0xae, 0x54, 0xd1, 0x97,
0x73, 0x00, 0xab, 0xa0, 0xba, 0x2c, 0x14, 0x60,
0x9b, 0xb2, 0x8c, 0x11, 0xd5, 0xfa, 0xc5, 0xca,
0xc8, 0x82, 0x97, 0x60, 0x32, 0x83, 0xe8, 0x67,
0xa3, 0x64, 0x83, 0x66, 0xc7, 0x24, 0xd9, 0x35,
0x4c, 0xd7, 0xa1, 0x96, 0xdb, 0xd9, 0x80, 0x2f,
0x7b, 0x88, 0xd3, 0xfa, 0x00, 0x1f, 0x9c, 0x97,
0x73, 0x22, 0x54, 0x62, 0x23, 0x5e, 0x91, 0x35,
0x2a, 0x20, 0x79, 0x1f, 0xd8, 0xb8, 0x7f, 0xe3,
0x37, 0x7e, 0xc6, 0xa3, 0x94, 0x0b, 0x11, 0x30,
0xa0, 0xbb, 0x04, 0xe7, 0x41, 0x0a, 0x34, 0xe2,
0x58, 0x0d, 0x07, 0x1d, 0x6c, 0x56, 0x20, 0x20,
0x86, 0x78, 0x7a, 0x65, 0x90, 0xf8, 0x43, 0x93,
0xa8, 0xe6, 0x51, 0xa1, 0xe6, 0x85, 0xf2, 0x24,
0x78, 0xa8, 0x95, 0x4f, 0x00, 0x7b, 0xc7, 0x71,
0x1b, 0x93, 0x07, 0x72, 0xc7, 0x8f, 0x09, 0x2e,
0x82, 0x87, 0x8e, 0x3e, 0x93, 0x7f, 0x36, 0x79,
0x67, 0x53, 0x29, 0x13, 0xa8, 0xd5, 0x3d, 0xfd,
0xf4, 0xbf, 0xb1, 0xf8, 0x84, 0x67, 0x46, 0x59,
0x67, 0x05, 0xcf, 0x34, 0x51, 0x42, 0xb9, 0x72,
0xa3, 0xf1, 0x63, 0x25, 0xc4, 0x0c, 0x29, 0x52,
0xa3, 0x7b, 0x25, 0x89, 0x7e, 0x5e, 0xf3, 0x5f,
0xba, 0xeb, 0x73, 0xa4, 0xac, 0xbe, 0xb6, 0xa0,
0xb8, 0x99, 0x42, 0xce, 0xb1, 0x95, 0x53, 0x1c,
0xfc, 0x0a, 0x07, 0x99, 0x39, 0x54, 0x48, 0x3e,
0x6c, 0xbc, 0x87, 0xc0, 0x6a, 0xa7, 0x4f, 0xf0,
0xca, 0xc5, 0x20, 0x7e, 0x53, 0x5b, 0x26, 0x0a,
0xa9, 0x8d, 0x11, 0x98, 0xc0, 0x7d, 0xa6, 0x05,
0xc4, 0xd1, 0x10, 0x20, 0xf6, 0xc9, 0xf7, 0xbb,
0x68, 0xbb, 0x34, 0x56, 0xc7, 0x3a, 0x01, 0xb7,
0x10, 0xbc, 0x99, 0xd1, 0x77, 0x39, 0xa5, 0x17,
0x16, 0xaa, 0x01, 0x66, 0x0c, 0x8b, 0x62, 0x8b,
0x2f, 0x56, 0x02, 0xba, 0x65, 0xf0, 0x7e, 0xa9,
0x93, 0x33, 0x6e, 0x89, 0x6e, 0x83, 0xf2, 0xc5,
0x73, 0x1b, 0xbf, 0x03, 0x46, 0x0c, 0x5b, 0x6c,
0x8a, 0xfe, 0xcb, 0x74, 0x8e, 0xe3, 0x91, 0xe9,
0x89, 0x34, 0xa2, 0xc5, 0x7d, 0x4d, 0x06, 0x9f,
0x50, 0xd8, 0x8b, 0x30, 0xd6, 0x96, 0x6f, 0x38,
0xc3, 0x7b, 0xc6, 0x49, 0xb8, 0x26, 0x34, 0xce,
0x77, 0x22, 0x64, 0x5c, 0xcd, 0x62, 0x50, 0x63,
0x36, 0x46, 0x46, 0xd6, 0xd6, 0x99, 0xdb, 0x57,
0xb4, 0x5e, 0xb6, 0x74, 0x65, 0xe1, 0x6d, 0xe4,
0xd4, 0x06, 0xa8, 0x18, 0xb9, 0xea, 0xe1, 0xca,
0x91, 0x6a, 0x25, 0x94, 0x48, 0x97, 0x08, 0xa4,
0x3c, 0xea, 0x88, 0xb0, 0x2a, 0x4c, 0x03, 0xd0,
0x9b, 0x44, 0x81, 0x5c, 0x97, 0x10, 0x1c, 0xaf,
0x50, 0x48, 0xbb, 0xcb, 0x24, 0x7a, 0xe2, 0x36,
0x6c, 0xdc, 0x25, 0x4b, 0xa2, 0x21, 0x29, 0xf4,
0x5b, 0x3b, 0x0e, 0xb3, 0x99, 0xca, 0x91, 0xa3,
0x03, 0x40, 0x28, 0x30, 0xec, 0x01, 0xdb, 0x7b,
0x2c, 0xa4, 0x80, 0xcf, 0x35, 0x04, 0x09, 0xb2,
0x16, 0x09, 0x4b, 0x7b, 0x0c, 0x3a, 0xe3, 0x3c,
0xe1, 0x0a, 0x91, 0x24, 0xe8, 0x96, 0x51, 0xab,
0x90, 0x1e, 0xa2, 0x53, 0xc8, 0x41, 0x5b, 0xd7,
0x82, 0x5f, 0x02, 0xbb, 0x22, 0x93, 0x69, 0xaf,
0x97, 0x20, 0x28, 0xf2, 0x28, 0x75, 0xea, 0x55,
0xaf, 0x16, 0xd3, 0xbc, 0x69, 0xf7, 0x0c, 0x2e,
0xe8, 0xb7, 0x5f, 0x28, 0xb4, 0x7d, 0xd3, 0x91,
0xf9, 0x89, 0xad, 0xe3, 0x14, 0x72, 0x9c, 0x33,
0x1f, 0xa0, 0x4c, 0x19, 0x17, 0xb2, 0x78, 0xc3,
0xeb, 0x60, 0x28, 0x68, 0x51, 0x28, 0x21, 0xad,
0xc8, 0x25, 0xc6, 0x45, 0x77, 0xce, 0x1e, 0x63,
0xb1, 0xd9, 0x64, 0x4a, 0x61, 0x29, 0x48, 0xa3,
0x48, 0x3c, 0x7f, 0x1b, 0x9a, 0x25, 0x80, 0x00,
0xe3, 0x01, 0x96, 0x94, 0x4a, 0x40, 0x36, 0x27,
0x60, 0x9c, 0x76, 0xc7, 0xea, 0x6b, 0x5d, 0xe0,
0x17, 0x64, 0xd2, 0x43, 0x79, 0x11, 0x7b, 0x9e,
0xa2, 0x98, 0x48, 0xdc, 0x55, 0x5c, 0x45, 0x4b,
0xce, 0xae, 0x1b, 0xa5, 0xcc, 0x72, 0xc7, 0x4a,
0xb9, 0x6b, 0x9c, 0x91, 0xb9, 0x10, 0xd2, 0x6b,
0x88, 0xb2, 0x56, 0x39, 0xd4, 0x77, 0x8a, 0xe2,
0x6c, 0x7c, 0x61, 0x51, 0xa1, 0x9c, 0x6c, 0xd7,
0x93, 0x84, 0x54, 0x37, 0x24, 0x65, 0xe4, 0xc5,
0xec, 0x29, 0x24, 0x5a, 0xcb, 0x3d, 0xb5, 0x37,
0x9d, 0xe3, 0xda, 0xbf, 0xa6, 0x29, 0xa7, 0xc0,
0x4a, 0x83, 0x53, 0xa8, 0x53, 0x0c, 0x95, 0xac,
0xb7, 0x32, 0xbb, 0x4b, 0xb8, 0x19, 0x32, 0xbb,
0x2c, 0xa7, 0xa8, 0x48, 0xcd, 0x36, 0x68, 0x01,
0x44, 0x4a, 0xbe, 0x23, 0xc8, 0x3b, 0x36, 0x6a,
0x87, 0xd6, 0xa3, 0xcf, 0x36, 0x09, 0x24, 0xc0,
0x02, 0xba, 0xe9, 0x0a, 0xf6, 0x5c, 0x48, 0x06,
0x0b, 0x37, 0x52, 0xf2, 0xba, 0xdf, 0x1a, 0xb2,
0x72, 0x20, 0x72, 0x55, 0x4a, 0x50, 0x59, 0x75,
0x35, 0x94, 0xe6, 0xa7, 0x02, 0x76, 0x1f, 0xc9,
0x76, 0x84, 0xc8, 0xc4, 0xa7, 0x54, 0x0a, 0x6b,
0x07, 0xfb, 0xc9, 0xde, 0x87, 0xc9, 0x74, 0xaa,
0x88, 0x09, 0xd9, 0x28, 0xc7, 0xf4, 0xcb, 0xbf,
0x80, 0x45, 0xae, 0xa5, 0xbc, 0x66, 0x78, 0x25,
0xfd, 0x05, 0xa5, 0x21, 0xf1, 0xa4, 0xbf, 0x53,
0x92, 0x10, 0xc7, 0x11, 0x3b, 0xc3, 0x7b, 0x3e,
0x58, 0xb0, 0xcb, 0xfc, 0x53, 0xc8, 0x41, 0xcb,
0xb0, 0x37, 0x1d, 0xe2, 0xe5, 0x11, 0xb9, 0x89,
0xcb, 0x7c, 0x70, 0xc0, 0x23, 0x36, 0x6d, 0x78,
0xf9, 0xc3, 0x7e, 0xf0, 0x47, 0xf8, 0x72, 0x0b,
0xe1, 0xc7, 0x59, 0xa8, 0xd9, 0x6b, 0x93, 0xf6,
0x5a, 0x94, 0x11, 0x4f, 0xfa, 0xf6, 0x0d, 0x9a,
0x81, 0x79, 0x5e, 0x99, 0x5c, 0x71, 0x15, 0x2a,
0x46, 0x91, 0xa5, 0xa6, 0x02, 0xa9, 0xe1, 0xf3,
0x59, 0x9e, 0x37, 0xc7, 0x68, 0xc7, 0xbc, 0x10,
0x89, 0x94, 0xc0, 0x66, 0x9f, 0x3a, 0xdc, 0x95,
0x7d, 0x46, 0xb4, 0xb6, 0x25, 0x69, 0x68, 0xe2,
0x90, 0xd7, 0x89, 0x2e, 0xa8, 0x54, 0x64, 0xee,
0x7a, 0x75, 0x0f, 0x39, 0xc5, 0xe3, 0x15, 0x2c,
0x2d, 0xfc, 0x56, 0xd8, 0xb0, 0xc9, 0x24, 0xba,
0x8a, 0x95, 0x9a, 0x68, 0x09, 0x65, 0x47, 0xf6,
0x64, 0x23, 0xc8, 0x38, 0x98, 0x2a, 0x57, 0x94,
0xb9, 0xe1, 0x53, 0x37, 0x71, 0x33, 0x1a, 0x9a,
0x65, 0x6c, 0x28, 0x82, 0x8b, 0xeb, 0x91, 0x26,
0xa6, 0x0e, 0x95, 0xe8, 0xc5, 0xd9, 0x06, 0x83,
0x2c, 0x77, 0x10, 0x70, 0x55, 0x76, 0xb1, 0xfb,
0x95, 0x07, 0x26, 0x9d, 0xda, 0xf8, 0xc9, 0x5c,
0xe9, 0x71, 0x9b, 0x2c, 0xa8, 0xdd, 0x11, 0x2b,
0xe1, 0x0b, 0xcc, 0x9f, 0x4a, 0x37, 0xbd, 0x1b,
0x1e, 0xee, 0xb3, 0x3e, 0xcd, 0xa7, 0x6a, 0xe9,
0xf6, 0x9a, 0x5d, 0x4b, 0x29, 0x23, 0xa8, 0x69,
0x57, 0x67, 0x1d, 0x61, 0x93, 0x35, 0xbe, 0x1c,
0x4c, 0x2c, 0x77, 0xce, 0x87, 0xc4, 0x1f, 0x98,
0xa8, 0xcc, 0x46, 0x64, 0x60, 0xfa, 0x30, 0x0a,
0xaf, 0x5b, 0x30, 0x1f, 0x0a, 0x1d, 0x09, 0xc8,
0x8e, 0x65, 0xda, 0x4d, 0x8e, 0xe6, 0x4f, 0x68,
0xc0, 0x21, 0x89, 0xbb, 0xb3, 0x58, 0x4b, 0xaf,
0xf7, 0x16, 0xc8, 0x5d, 0xb6, 0x54, 0x04, 0x8a,
0x00, 0x43, 0x33, 0x48, 0x93, 0x93, 0xa0, 0x74,
0x27, 0xcd, 0x3e, 0x21, 0x7e, 0x6a, 0x34, 0x5f,
0x6c, 0x2c, 0x2b, 0x13, 0xc2, 0x7b, 0x33, 0x72,
0x71, 0xc0, 0xb2, 0x7b, 0x2d, 0xba, 0xa0, 0x0d,
0x23, 0x76, 0x00, 0xb5, 0xb5, 0x94, 0xe8, 0xcf,
0x2d, 0xd6, 0x25, 0xea, 0x76, 0xcf, 0x0e, 0xd8,
0x99, 0x12, 0x2c, 0x97, 0x96, 0xb4, 0xb0, 0x18,
0x70, 0x04, 0x25, 0x80, 0x49, 0xa4, 0x77, 0xcd,
0x11, 0xd6, 0x8c, 0x49, 0xb9, 0xa0, 0xe7, 0xb0,
0x0b, 0xce, 0x8c, 0xac, 0x78, 0x64, 0xcb, 0xb3,
0x75, 0x14, 0x00, 0x84, 0x74, 0x4c, 0x93, 0x06,
0x26, 0x94, 0xca, 0x79, 0x5c, 0x4f, 0x40, 0xe7,
0xac, 0xc9, 0xc5, 0xa1, 0x88, 0x40, 0x72, 0xd8,
0xc3, 0x8d, 0xaf, 0xb5, 0x01, 0xee, 0x41, 0x84,
0xdd, 0x5a, 0x81, 0x9e, 0xc2, 0x4e, 0xc1, 0x65,
0x12, 0x61, 0xf9, 0x62, 0xb1, 0x7a, 0x72, 0x15,
0xaa, 0x4a, 0x74, 0x8c, 0x15, 0x83, 0x6c, 0x38,
0x91, 0x37, 0x67, 0x82, 0x04, 0x83, 0x8d, 0x71,
0x95, 0xa8, 0x5b, 0x4f, 0x98, 0xa1, 0xb5, 0x74,
0xc4, 0xcd, 0x79, 0x09, 0xcd, 0x1f, 0x83, 0x3e,
0xff, 0xd1, 0x48, 0x55, 0x43, 0x22, 0x9d, 0x37,
0x48, 0xd9, 0xb5, 0xcd, 0x6c, 0x17, 0xb9, 0xb3,
0xb8, 0x4a, 0xef, 0x8b, 0xce, 0x13, 0xe6, 0x83,
0x73, 0x36, 0x59, 0xc7, 0x95, 0x42, 0xd6, 0x15,
0x78, 0x2a, 0x71, 0xcd, 0xee, 0xe7, 0x92, 0xba,
0xb5, 0x1b, 0xdc, 0x4b, 0xbf, 0xe8, 0x30, 0x8e,
0x66, 0x31, 0x44, 0xed, 0xe8, 0x49, 0x18, 0x30,
0xad, 0x98, 0xb4, 0x63, 0x4f, 0x64, 0xab, 0xa8,
0xb9, 0xc0, 0x42, 0x27, 0x26, 0x53, 0x92, 0x0f,
0x38, 0x0c, 0x1a, 0x17, 0xca, 0x87, 0xce, 0xd7,
0xaa, 0xc4, 0x1c, 0x82, 0x88, 0x87, 0x93, 0x18,
0x1a, 0x6f, 0x76, 0xe1, 0x97, 0xb7, 0xb9, 0x0e,
0xf9, 0x09, 0x43, 0xbb, 0x38, 0x44, 0x91, 0x29,
0x11, 0xd8, 0x55, 0x1e, 0x54, 0x66, 0xc5, 0x76,
0x7a, 0xb0, 0xbc, 0x61, 0xa1, 0xa3, 0xf7, 0x36,
0x16, 0x2e, 0xc0, 0x98, 0xa9, 0x00, 0xb1, 0x2d,
0xd8, 0xfa, 0xbb, 0xfb, 0x3f, 0xe8, 0xcb, 0x1d,
0xc4, 0xe8, 0x31, 0x5f, 0x2a, 0xf0, 0xd3, 0x2f,
0x00, 0x17, 0xae, 0x13, 0x6e, 0x19, 0xf0, 0x28,
0xf5, 0x72, 0x62, 0x66, 0x13, 0x58, 0xcd, 0xe8,
0xd3, 0xeb, 0xf9, 0x90, 0xe5, 0xfd, 0x1d, 0x5b,
0x89, 0x6c, 0x99, 0x2c, 0xcf, 0xaa, 0xdb, 0x52,
0x56, 0xb6, 0x8b, 0xbf, 0x59, 0x43, 0xb1, 0x32,
0x86, 0x26, 0xed, 0x79, 0xd4, 0x51, 0x14, 0x08,
0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21,
0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc,
0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f
};
#endif
#ifdef WOLFSSL_MLKEM_KYBER
WOLFSSL_SMALL_STACK_STATIC const byte kyber768_ct[] = {
0xB5, 0x2C, 0x56, 0xB9, 0x2A, 0x4B, 0x7C, 0xE9,
0xE4, 0xCB, 0x7C, 0x5B, 0x1B, 0x16, 0x31, 0x67,
0xA8, 0xA1, 0x67, 0x5B, 0x2F, 0xDE, 0xF8, 0x4A,
0x5B, 0x67, 0xCA, 0x15, 0xDB, 0x69, 0x4C, 0x9F,
0x11, 0xBD, 0x02, 0x7C, 0x30, 0xAE, 0x22, 0xEC,
0x92, 0x1A, 0x1D, 0x91, 0x15, 0x99, 0xAF, 0x05,
0x85, 0xE4, 0x8D, 0x20, 0xDA, 0x70, 0xDF, 0x9F,
0x39, 0xE3, 0x2E, 0xF9, 0x5D, 0x4C, 0x8F, 0x44,
0xBF, 0xEF, 0xDA, 0xA5, 0xDA, 0x64, 0xF1, 0x05,
0x46, 0x31, 0xD0, 0x4D, 0x6D, 0x3C, 0xFD, 0x0A,
0x54, 0x0D, 0xD7, 0xBA, 0x38, 0x86, 0xE4, 0xB5,
0xF1, 0x3E, 0x87, 0x87, 0x88, 0x60, 0x4C, 0x95,
0xC0, 0x96, 0xEA, 0xB3, 0x91, 0x9F, 0x42, 0x75,
0x21, 0x41, 0x9A, 0x94, 0x6C, 0x26, 0xCC, 0x04,
0x14, 0x75, 0xD7, 0x12, 0x4C, 0xDC, 0x01, 0xD0,
0x37, 0x3E, 0x5B, 0x09, 0xC7, 0xA7, 0x06, 0x03,
0xCF, 0xDB, 0x4F, 0xB3, 0x40, 0x50, 0x23, 0xF2,
0x26, 0x4D, 0xC3, 0xF9, 0x83, 0xC4, 0xFC, 0x02,
0xA2, 0xD1, 0xB2, 0x68, 0xF2, 0x20, 0x8A, 0x1F,
0x6E, 0x2A, 0x62, 0x09, 0xBF, 0xF1, 0x2F, 0x6F,
0x46, 0x5F, 0x0B, 0x06, 0x9C, 0x3A, 0x7F, 0x84,
0xF6, 0x06, 0xD8, 0xA9, 0x40, 0x64, 0x00, 0x3D,
0x6E, 0xC1, 0x14, 0xC8, 0xE8, 0x08, 0xD3, 0x05,
0x38, 0x84, 0xC1, 0xD5, 0xA1, 0x42, 0xFB, 0xF2,
0x01, 0x12, 0xEB, 0x36, 0x0F, 0xDA, 0x3F, 0x0F,
0x28, 0xB1, 0x72, 0xAE, 0x50, 0xF5, 0xE7, 0xD8,
0x38, 0x01, 0xFB, 0x3F, 0x00, 0x64, 0xB6, 0x87,
0x18, 0x70, 0x74, 0xBD, 0x7F, 0xE3, 0x0E, 0xDD,
0xAA, 0x33, 0x4C, 0xF8, 0xFC, 0x04, 0xFA, 0x8C,
0xED, 0x89, 0x9C, 0xEA, 0xDE, 0x4B, 0x4F, 0x28,
0xB6, 0x83, 0x72, 0xBA, 0xF9, 0x8F, 0xF4, 0x82,
0xA4, 0x15, 0xB7, 0x31, 0x15, 0x5B, 0x75, 0xCE,
0xB9, 0x76, 0xBE, 0x0E, 0xA0, 0x28, 0x5B, 0xA0,
0x1A, 0x27, 0xF1, 0x85, 0x7A, 0x8F, 0xB3, 0x77,
0xA3, 0xAE, 0x0C, 0x23, 0xB2, 0xAA, 0x9A, 0x07,
0x9B, 0xFA, 0xBF, 0xF0, 0xD5, 0xB2, 0xF1, 0xCD,
0x9B, 0x71, 0x8B, 0xEA, 0x03, 0xC4, 0x2F, 0x34,
0x3A, 0x39, 0xB4, 0xF1, 0x42, 0xD0, 0x1A, 0xD8,
0xAC, 0xBB, 0x50, 0xE3, 0x88, 0x53, 0xCF, 0x9A,
0x50, 0xC8, 0xB4, 0x4C, 0x3C, 0xF6, 0x71, 0xA4,
0xA9, 0x04, 0x3B, 0x26, 0xDD, 0xBB, 0x24, 0x95,
0x9A, 0xD6, 0x71, 0x5C, 0x08, 0x52, 0x18, 0x55,
0xC7, 0x9A, 0x23, 0xB9, 0xC3, 0xD6, 0x47, 0x17,
0x49, 0xC4, 0x07, 0x25, 0xBD, 0xD5, 0xC2, 0x77,
0x6D, 0x43, 0xAE, 0xD2, 0x02, 0x04, 0xBA, 0xA1,
0x41, 0xEF, 0xB3, 0x30, 0x49, 0x17, 0x47, 0x4B,
0x7F, 0x9F, 0x7A, 0x4B, 0x08, 0xB1, 0xA9, 0x3D,
0xAE, 0xD9, 0x8C, 0x67, 0x49, 0x53, 0x59, 0xD3,
0x7D, 0x67, 0xF7, 0x43, 0x8B, 0xEE, 0x5E, 0x43,
0x58, 0x56, 0x34, 0xB2, 0x6C, 0x6B, 0x38, 0x10,
0xD7, 0xCD, 0xCB, 0xC0, 0xF6, 0xEB, 0x87, 0x7A,
0x60, 0x87, 0xE6, 0x8A, 0xCB, 0x84, 0x80, 0xD3,
0xA8, 0xCF, 0x69, 0x00, 0x44, 0x7E, 0x49, 0xB4,
0x17, 0xF1, 0x5A, 0x53, 0xB6, 0x07, 0xA0, 0xE2,
0x16, 0xB8, 0x55, 0x97, 0x0D, 0x37, 0x40, 0x68,
0x70, 0xB4, 0x56, 0x87, 0x22, 0xDA, 0x77, 0xA4,
0x08, 0x47, 0x03, 0x81, 0x67, 0x84, 0xE2, 0xF1,
0x6B, 0xED, 0x18, 0x99, 0x65, 0x32, 0xC5, 0xD8,
0xB7, 0xF5, 0xD2, 0x14, 0x46, 0x4E, 0x5F, 0x3F,
0x6E, 0x90, 0x58, 0x67, 0xB0, 0xCE, 0x11, 0x9E,
0x25, 0x2A, 0x66, 0x71, 0x32, 0x53, 0x54, 0x46,
0x85, 0xD2, 0x08, 0xE1, 0x72, 0x39, 0x08, 0xA0,
0xCE, 0x97, 0x83, 0x46, 0x52, 0xE0, 0x8A, 0xE7,
0xBD, 0xC8, 0x81, 0xA1, 0x31, 0xB7, 0x3C, 0x71,
0xE8, 0x4D, 0x20, 0xD6, 0x8F, 0xDE, 0xFF, 0x4F,
0x5D, 0x70, 0xCD, 0x1A, 0xF5, 0x7B, 0x78, 0xE3,
0x49, 0x1A, 0x98, 0x65, 0x94, 0x23, 0x21, 0x80,
0x0A, 0x20, 0x3C, 0x05, 0xED, 0x1F, 0xEE, 0xB5,
0xA2, 0x8E, 0x58, 0x4E, 0x19, 0xF6, 0x53, 0x5E,
0x7F, 0x84, 0xE4, 0xA2, 0x4F, 0x84, 0xA7, 0x2D,
0xCA, 0xF5, 0x64, 0x8B, 0x4A, 0x42, 0x35, 0xDD,
0x66, 0x44, 0x64, 0x48, 0x2F, 0x03, 0x17, 0x6E,
0x88, 0x8C, 0x28, 0xBF, 0xC6, 0xC1, 0xCB, 0x23,
0x8C, 0xFF, 0xA3, 0x5A, 0x32, 0x1E, 0x71, 0x79,
0x1D, 0x9E, 0xA8, 0xED, 0x08, 0x78, 0xC6, 0x11,
0x21, 0xBF, 0x8D, 0x2A, 0x4A, 0xB2, 0xC1, 0xA5,
0xE1, 0x20, 0xBC, 0x40, 0xAB, 0xB1, 0x89, 0x2D,
0x17, 0x15, 0x09, 0x0A, 0x0E, 0xE4, 0x82, 0x52,
0xCA, 0x29, 0x7A, 0x99, 0xAA, 0x0E, 0x51, 0x0C,
0xF2, 0x6B, 0x1A, 0xDD, 0x06, 0xCA, 0x54, 0x3E,
0x1C, 0x5D, 0x6B, 0xDC, 0xD3, 0xB9, 0xC5, 0x85,
0xC8, 0x53, 0x80, 0x45, 0xDB, 0x5C, 0x25, 0x2E,
0xC3, 0xC8, 0xC3, 0xC9, 0x54, 0xD9, 0xBE, 0x59,
0x07, 0x09, 0x4A, 0x89, 0x4E, 0x60, 0xEA, 0xB4,
0x35, 0x38, 0xCF, 0xEE, 0x82, 0xE8, 0xFF, 0xC0,
0x79, 0x1B, 0x0D, 0x0F, 0x43, 0xAC, 0x16, 0x27,
0x83, 0x0A, 0x61, 0xD5, 0x6D, 0xAD, 0x96, 0xC6,
0x29, 0x58, 0xB0, 0xDE, 0x78, 0x0B, 0x78, 0xBD,
0x47, 0xA6, 0x04, 0x55, 0x0D, 0xAB, 0x83, 0xFF,
0xF2, 0x27, 0xC3, 0x24, 0x04, 0x94, 0x71, 0xF3,
0x52, 0x48, 0xCF, 0xB8, 0x49, 0xB2, 0x57, 0x24,
0xFF, 0x70, 0x4D, 0x52, 0x77, 0xAA, 0x35, 0x2D,
0x55, 0x09, 0x58, 0xBE, 0x3B, 0x23, 0x7D, 0xFF,
0x47, 0x3E, 0xC2, 0xAD, 0xBA, 0xEA, 0x48, 0xCA,
0x26, 0x58, 0xAE, 0xFC, 0xC7, 0x7B, 0xBD, 0x42,
0x64, 0xAB, 0x37, 0x4D, 0x70, 0xEA, 0xE5, 0xB9,
0x64, 0x41, 0x6C, 0xE8, 0x22, 0x6A, 0x7E, 0x32,
0x55, 0xA0, 0xF8, 0xD7, 0xE2, 0xAD, 0xCA, 0x06,
0x2B, 0xCD, 0x6D, 0x78, 0xD6, 0x0D, 0x1B, 0x32,
0xE1, 0x14, 0x05, 0xBE, 0x54, 0xB6, 0x6E, 0xF0,
0xFD, 0xDD, 0x56, 0x77, 0x02, 0xA3, 0xBC, 0xCF,
0xED, 0xE3, 0xC5, 0x84, 0x70, 0x12, 0x69, 0xED,
0x14, 0x80, 0x9F, 0x06, 0xF8, 0x96, 0x83, 0x56,
0xBB, 0x92, 0x67, 0xFE, 0x86, 0xE5, 0x14, 0x25,
0x2E, 0x88, 0xBB, 0x5C, 0x30, 0xA7, 0xEC, 0xB3,
0xD0, 0xE6, 0x21, 0x02, 0x1E, 0xE0, 0xFB, 0xF7,
0x87, 0x1B, 0x09, 0x34, 0x2B, 0xF8, 0x4F, 0x55,
0xC9, 0x7E, 0xAF, 0x86, 0xC4, 0x81, 0x89, 0xC7,
0xFF, 0x4D, 0xF3, 0x89, 0xF0, 0x77, 0xE2, 0x80,
0x6E, 0x5F, 0xA7, 0x3B, 0x3E, 0x94, 0x58, 0xA1,
0x6C, 0x7E, 0x27, 0x5F, 0x4F, 0x60, 0x22, 0x75,
0x58, 0x0E, 0xB7, 0xB7, 0x13, 0x5F, 0xB5, 0x37,
0xFA, 0x0C, 0xD9, 0x5D, 0x6E, 0xA5, 0x8C, 0x10,
0x8C, 0xD8, 0x94, 0x3D, 0x70, 0xC1, 0x64, 0x31,
0x11, 0xF4, 0xF0, 0x1C, 0xA8, 0xA8, 0x27, 0x6A,
0x90, 0x26, 0x66, 0xED, 0x81, 0xB7, 0x8D, 0x16,
0x8B, 0x00, 0x6F, 0x16, 0xAA, 0xA3, 0xD8, 0xE4,
0xCE, 0x4F, 0x4D, 0x0F, 0xB0, 0x99, 0x7E, 0x41,
0xAE, 0xFF, 0xB5, 0xB3, 0xDA, 0xA8, 0x38, 0x73,
0x2F, 0x35, 0x73, 0x49, 0x44, 0x7F, 0x38, 0x77,
0x76, 0xC7, 0x93, 0xC0, 0x47, 0x9D, 0xE9, 0xE9,
0x94, 0x98, 0xCC, 0x35, 0x6F, 0xDB, 0x00, 0x75,
0xA7, 0x03, 0xF2, 0x3C, 0x55, 0xD4, 0x7B, 0x55,
0x0E, 0xC8, 0x9B, 0x02, 0xAD, 0xE8, 0x93, 0x29,
0x08, 0x6A, 0x50, 0x84, 0x34, 0x56, 0xFE, 0xDC,
0x37, 0x88, 0xAC, 0x8D, 0x97, 0x23, 0x3C, 0x54,
0x56, 0x04, 0x67, 0xEE, 0x1D, 0x0F, 0x02, 0x4B,
0x18, 0x42, 0x8F, 0x0D, 0x73, 0xB3, 0x0E, 0x19,
0xF5, 0xC6, 0x3B, 0x9A, 0xBF, 0x11, 0x41, 0x5B,
0xEA, 0x4D, 0x01, 0x70, 0x13, 0x0B, 0xAA, 0xBD,
0x33, 0xC0, 0x5E, 0x65, 0x24, 0xE5, 0xFB, 0x55,
0x81, 0xB2, 0x2B, 0x04, 0x33, 0x34, 0x22, 0x48,
0x26, 0x6D, 0x0F, 0x10, 0x53, 0xB2, 0x45, 0xCC,
0x24, 0x62, 0xDC, 0x44, 0xD3, 0x49, 0x65, 0x10,
0x24, 0x82, 0xA8, 0xED, 0x9E, 0x4E, 0x96, 0x4D,
0x56, 0x83, 0xE5, 0xD4, 0x5D, 0x0C, 0x82, 0x69
};
#endif
#ifndef WOLFSSL_NO_ML_KEM
WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_768_ct[] = {
0xc8, 0x39, 0x10, 0x85, 0xb8, 0xd3, 0xea, 0x97,
0x94, 0x21, 0x25, 0x41, 0xb2, 0x91, 0x4f, 0x08,
0x96, 0x4d, 0x33, 0x52, 0x1d, 0x3f, 0x67, 0xad,
0x66, 0x09, 0x6e, 0xbf, 0xb1, 0xf7, 0x06, 0x42,
0x4b, 0x49, 0x55, 0x8f, 0x75, 0x5b, 0x56, 0x25,
0xba, 0xe2, 0x36, 0xf2, 0xe0, 0x07, 0x96, 0x01,
0xc7, 0x66, 0xf7, 0xd9, 0x60, 0x80, 0x8f, 0x7e,
0x2b, 0xb0, 0xc7, 0xa5, 0xe0, 0x66, 0xed, 0x34,
0x6d, 0xe6, 0x28, 0xf8, 0xc5, 0x7e, 0xeb, 0xab,
0xbb, 0x0c, 0x22, 0xd9, 0x11, 0x54, 0x84, 0x63,
0x69, 0x3e, 0xf3, 0xce, 0x52, 0xa5, 0x3f, 0x7f,
0xf4, 0x15, 0xf0, 0x0e, 0x65, 0x7a, 0xe1, 0xc5,
0xa4, 0x8f, 0xa5, 0xec, 0x6e, 0x4b, 0xe5, 0xcf,
0x46, 0x2d, 0xaf, 0xfc, 0x84, 0xd2, 0xf6, 0xd5,
0xff, 0x55, 0xdc, 0x9b, 0xbe, 0x8b, 0xb0, 0xd7,
0x25, 0xec, 0x64, 0xfd, 0x4c, 0xd4, 0xbd, 0x8d,
0xba, 0x0a, 0x84, 0x4e, 0x8b, 0x5c, 0xe4, 0xb6,
0xa2, 0x89, 0x34, 0xd7, 0xf7, 0xa0, 0x50, 0x99,
0x1f, 0xe1, 0x85, 0xb5, 0x06, 0xb4, 0x51, 0xda,
0xbf, 0xad, 0x52, 0xd5, 0x2c, 0xb2, 0x11, 0x4c,
0xa7, 0xd9, 0xa5, 0xcf, 0x98, 0x6c, 0x8f, 0xdc,
0x1b, 0xc1, 0x0e, 0xc0, 0xc1, 0x86, 0x9e, 0x50,
0xc0, 0x3c, 0x55, 0xa7, 0x61, 0x92, 0xa1, 0x04,
0x9a, 0xca, 0x63, 0x6b, 0xa9, 0x02, 0x0b, 0xda,
0xa8, 0xd0, 0xf5, 0x8c, 0x76, 0x3b, 0x0b, 0x89,
0x84, 0x5c, 0xa0, 0x6d, 0x4c, 0x4d, 0xdc, 0x21,
0x43, 0x3e, 0x16, 0xb9, 0xc6, 0x2e, 0x44, 0x87,
0x1f, 0xdb, 0xc0, 0x5b, 0xa2, 0x18, 0xaf, 0x87,
0x1f, 0xdd, 0x7d, 0xcf, 0xa4, 0x64, 0xe6, 0x0f,
0xaa, 0x52, 0x65, 0x26, 0x4c, 0xe1, 0x39, 0x1b,
0xd9, 0xa8, 0xc5, 0xfa, 0xa7, 0x62, 0x6d, 0x5f,
0x15, 0x9b, 0x98, 0x05, 0xb9, 0x75, 0x71, 0x0a,
0x35, 0x03, 0xa0, 0xb8, 0x58, 0xa1, 0x1c, 0x6a,
0x64, 0x7c, 0xc0, 0xe1, 0x9a, 0xc8, 0x8b, 0x1b,
0xe9, 0x05, 0x6c, 0x95, 0xb4, 0xd2, 0x08, 0x7d,
0x09, 0x51, 0xd1, 0xd2, 0xf4, 0x99, 0x24, 0x91,
0x11, 0x7e, 0x63, 0x47, 0x79, 0x4b, 0xa5, 0x45,
0x71, 0xec, 0x49, 0xbb, 0xa7, 0x1a, 0xf3, 0x41,
0x3d, 0x38, 0xa3, 0x0b, 0xf5, 0x87, 0x22, 0x48,
0xd1, 0xf6, 0xd0, 0x7c, 0x86, 0xba, 0xf7, 0x82,
0xe7, 0x3d, 0x26, 0x37, 0xf0, 0x43, 0xd3, 0x41,
0xa0, 0x09, 0x21, 0x85, 0x7d, 0x8b, 0x21, 0xdd,
0xf3, 0xe1, 0xd6, 0x31, 0x00, 0x36, 0xed, 0x27,
0xaf, 0x49, 0xe5, 0xde, 0x1b, 0x90, 0x0f, 0xe4,
0xde, 0x79, 0x80, 0x8f, 0xf2, 0x9f, 0x95, 0x70,
0x85, 0x96, 0x12, 0xb1, 0x5a, 0xdc, 0x01, 0xfb,
0xb2, 0x65, 0xb3, 0x05, 0xb1, 0xe3, 0xa1, 0x2a,
0xe4, 0x19, 0xda, 0x5b, 0x74, 0x26, 0x1f, 0xa2,
0x84, 0xc1, 0x01, 0xda, 0x3d, 0x8d, 0xca, 0x8b,
0x2e, 0x45, 0x21, 0xac, 0xa5, 0x71, 0xef, 0x44,
0xa0, 0x58, 0xe8, 0x44, 0xff, 0x32, 0xb1, 0x6d,
0x5a, 0xae, 0xa0, 0x5f, 0x7f, 0x3a, 0xf8, 0xe2,
0xab, 0x16, 0x22, 0x2e, 0x34, 0x76, 0x62, 0xed,
0xdf, 0xb8, 0x91, 0xd0, 0xec, 0xc2, 0xa5, 0x5c,
0x56, 0x38, 0xf9, 0xdd, 0xe9, 0x2d, 0x9a, 0x3d,
0x54, 0x4a, 0x5f, 0x90, 0x1a, 0xc5, 0x01, 0xac,
0xd1, 0xea, 0x6a, 0x01, 0x02, 0x01, 0xfc, 0xb1,
0x0a, 0xd7, 0x02, 0xc4, 0x25, 0xa9, 0x4b, 0xdf,
0x58, 0x90, 0xd5, 0x00, 0xa2, 0xa1, 0x47, 0xee,
0xe1, 0xd1, 0xfc, 0xba, 0x8c, 0x3a, 0xbe, 0x7c,
0x2d, 0xfe, 0x70, 0xf3, 0x46, 0xf0, 0x33, 0xd8,
0x16, 0xa0, 0xb2, 0x79, 0x1b, 0x4f, 0x0b, 0x2d,
0x95, 0x6d, 0x9e, 0xe5, 0x97, 0x17, 0x15, 0x39,
0x9a, 0x56, 0x88, 0x30, 0x24, 0x95, 0xe2, 0xe0,
0x7c, 0x1c, 0x8c, 0x01, 0x52, 0x71, 0x84, 0xbc,
0xd0, 0xc2, 0x08, 0xbc, 0x15, 0x9f, 0x2e, 0x13,
0x31, 0x8c, 0x0b, 0xb3, 0xdd, 0x24, 0xa6, 0xa7,
0xfc, 0x84, 0x9f, 0x83, 0x38, 0x5e, 0xd4, 0xdb,
0xa0, 0x7f, 0xe1, 0xd7, 0xbd, 0x56, 0x40, 0xcc,
0x9e, 0xd5, 0xcc, 0xfd, 0xd6, 0x87, 0x63, 0xcb,
0x0d, 0x0e, 0xdf, 0x61, 0xb2, 0x92, 0x17, 0x7f,
0xc1, 0xd2, 0xd3, 0xc1, 0x1d, 0xd0, 0x49, 0x50,
0x56, 0xbc, 0xb1, 0x25, 0x58, 0xae, 0xbc, 0xfd,
0xde, 0xf9, 0xfe, 0xb4, 0xae, 0xbc, 0x57, 0xaf,
0xd9, 0x02, 0x3c, 0x65, 0xcf, 0xe6, 0x5a, 0x24,
0xe3, 0x3f, 0x1b, 0x00, 0x11, 0x1e, 0x92, 0xe6,
0x3e, 0x01, 0x1e, 0xaf, 0x0b, 0x21, 0x2c, 0xf9,
0x57, 0x43, 0xcd, 0x07, 0xf5, 0x18, 0x9e, 0xce,
0x1f, 0x20, 0x5b, 0x7f, 0x6f, 0xcb, 0x2e, 0x6b,
0x19, 0x61, 0xb5, 0x40, 0x4c, 0xeb, 0xe4, 0x7c,
0x8c, 0xd1, 0x3b, 0x85, 0x99, 0xd5, 0xb4, 0x9e,
0x6d, 0x87, 0xee, 0xda, 0x36, 0xe9, 0xb8, 0xfc,
0x4c, 0x00, 0x63, 0x58, 0x96, 0xaa, 0x2b, 0x75,
0x89, 0x6e, 0x33, 0x6d, 0x1b, 0x61, 0x2e, 0xe1,
0x3d, 0xb8, 0x11, 0xe1, 0xf0, 0x7e, 0x61, 0x74,
0x8d, 0x92, 0x0f, 0x48, 0x65, 0xf3, 0xf1, 0x17,
0x41, 0x39, 0x9d, 0xc6, 0x16, 0x2c, 0x91, 0xca,
0x16, 0x8a, 0x02, 0x32, 0x9d, 0xff, 0x82, 0x1d,
0x58, 0x19, 0x87, 0x12, 0xdd, 0x55, 0x8a, 0xbb,
0x09, 0x9b, 0x3a, 0x0b, 0xaf, 0x9d, 0xa1, 0xb7,
0x30, 0xb2, 0xaa, 0x73, 0xbc, 0xf5, 0x8d, 0x74,
0xf3, 0x57, 0xb0, 0x6f, 0x72, 0x11, 0xc8, 0x04,
0xb6, 0xc8, 0xaf, 0x16, 0xff, 0x35, 0x09, 0xfa,
0xd1, 0xd3, 0x5b, 0x14, 0xbf, 0xdc, 0xed, 0x7d,
0xb8, 0xa6, 0xa2, 0x5c, 0x48, 0xe5, 0x95, 0x64,
0x80, 0x72, 0x4d, 0xaa, 0x05, 0x7c, 0xd6, 0x60,
0xb6, 0x7e, 0xe3, 0xe4, 0x72, 0x57, 0x41, 0x82,
0x67, 0x9d, 0x48, 0x58, 0x38, 0xa6, 0x47, 0x6e,
0xac, 0x02, 0x14, 0x10, 0x75, 0xc8, 0x12, 0xaf,
0x79, 0x67, 0xba, 0x7c, 0x91, 0x85, 0xcc, 0x2a,
0xbd, 0x2a, 0x45, 0x45, 0xb8, 0x0f, 0x3d, 0x31,
0x04, 0xd5, 0x8d, 0x65, 0x4a, 0x57, 0x79, 0x2d,
0xcf, 0xab, 0xbe, 0x9c, 0x07, 0x15, 0xe8, 0xde,
0x2e, 0xf8, 0x1e, 0xf4, 0x04, 0xc8, 0x16, 0x8f,
0xd7, 0xa4, 0x3e, 0xfa, 0xb3, 0xd4, 0x48, 0xe6,
0x86, 0xa0, 0x88, 0xef, 0xd2, 0x6a, 0x26, 0x15,
0x99, 0x48, 0x92, 0x67, 0x23, 0xd7, 0xec, 0xcc,
0x39, 0xe3, 0xc1, 0xb7, 0x19, 0xcf, 0x8b, 0xec,
0xb7, 0xbe, 0x7e, 0x96, 0x4f, 0x22, 0xcd, 0x8c,
0xb1, 0xb7, 0xe2, 0x5e, 0x80, 0x0e, 0xa9, 0x7d,
0x60, 0xa6, 0x4c, 0xc0, 0xbb, 0xd9, 0xcb, 0x40,
0x7a, 0x3a, 0xb9, 0xf8, 0x8f, 0x5e, 0x29, 0x16,
0x9e, 0xea, 0xfd, 0x4e, 0x03, 0x22, 0xfd, 0xe6,
0x59, 0x0a, 0xe0, 0x93, 0xce, 0x8f, 0xee, 0xae,
0x98, 0xb6, 0x22, 0xca, 0xa7, 0x55, 0x6f, 0xf4,
0x26, 0xc9, 0xe7, 0xa4, 0x04, 0xce, 0x69, 0x35,
0x58, 0x30, 0xa7, 0xa6, 0x77, 0x67, 0xa7, 0x6c,
0x7d, 0x9a, 0x97, 0xb8, 0x4b, 0xfc, 0xf5, 0x0a,
0x02, 0xf7, 0x5c, 0x23, 0x5d, 0x2f, 0x9c, 0x67,
0x11, 0x38, 0x04, 0x9f, 0xfc, 0x7c, 0x80, 0x55,
0x92, 0x6c, 0x03, 0xeb, 0x3f, 0xb8, 0x7f, 0x96,
0x95, 0x18, 0x5a, 0x42, 0xec, 0xa9, 0xa4, 0x16,
0x55, 0x87, 0x3d, 0x30, 0xa6, 0xb3, 0xbf, 0x42,
0x8b, 0x24, 0x62, 0x23, 0x48, 0x4a, 0x8f, 0xf6,
0x1e, 0xe3, 0xee, 0xaf, 0xff, 0x10, 0xe9, 0x9c,
0x2c, 0x13, 0xa7, 0x62, 0x84, 0xd0, 0x63, 0xe5,
0x6a, 0xb7, 0x11, 0xa3, 0x5a, 0x85, 0xb5, 0x38,
0x3d, 0xf8, 0x1d, 0xa2, 0x34, 0x90, 0xf6, 0x6e,
0x8e, 0xa3, 0xfc, 0xba, 0x06, 0x7f, 0x55, 0x30,
0xc6, 0x54, 0x1c, 0x2b, 0x8f, 0x74, 0x71, 0x7c,
0x35, 0x02, 0x3e, 0x7b, 0x9b, 0x39, 0x56, 0xc3,
0xee, 0x2f, 0xf8, 0x4b, 0xa0, 0x3c, 0xcf, 0x4b,
0x4b, 0x53, 0x21, 0xb9, 0x24, 0x08, 0x95, 0x48,
0x1b, 0xc6, 0xd6, 0x3c, 0x16, 0x93, 0xc1, 0x84,
0x78, 0x52, 0xf8, 0xe9, 0x7f, 0x50, 0xa1, 0x33,
0x53, 0x2a, 0xc3, 0xee, 0x1e, 0x52, 0xd4, 0x64
};
#endif
#ifdef WOLFSSL_MLKEM_KYBER
WOLFSSL_SMALL_STACK_STATIC const byte kyber768_ss[] = {
0x91, 0x4C, 0xB6, 0x7F, 0xE5, 0xC3, 0x8E, 0x73,
0xBF, 0x74, 0x18, 0x1C, 0x0A, 0xC5, 0x04, 0x28,
0xDE, 0xDF, 0x77, 0x50, 0xA9, 0x80, 0x58, 0xF7,
0xD5, 0x36, 0x70, 0x87, 0x74, 0x53, 0x5B, 0x29
};
#endif
#ifndef WOLFSSL_NO_ML_KEM
WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_768_ss[] = {
0xe7, 0x18, 0x4a, 0x09, 0x75, 0xee, 0x34, 0x70,
0x87, 0x8d, 0x2d, 0x15, 0x9e, 0xc8, 0x31, 0x29,
0xc8, 0xae, 0xc2, 0x53, 0xd4, 0xee, 0x17, 0xb4,
0x81, 0x03, 0x11, 0xd1, 0x98, 0xcd, 0x03, 0x68
};
#endif
#ifdef WOLFSSL_SMALL_STACK
key = (MlKemKey *)XMALLOC(sizeof(MlKemKey), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
priv = (byte *)XMALLOC(WC_ML_KEM_768_PRIVATE_KEY_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
pub = (byte *)XMALLOC(WC_ML_KEM_768_PUBLIC_KEY_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (priv == NULL || pub == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#endif
#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
ct = (byte *)XMALLOC(WC_ML_KEM_768_CIPHER_TEXT_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
ss = (byte *)XMALLOC(WC_ML_KEM_SS_SZ, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (ct == NULL || ss == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#endif
#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
ss_dec = (byte *)XMALLOC(WC_ML_KEM_SS_SZ, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (ss_dec == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#endif
#endif
#ifdef WOLFSSL_MLKEM_KYBER
ret = wc_MlKemKey_Init(key, KYBER768, HEAP_HINT, katDevId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
else
key_inited = 1;
#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
ret = wc_MlKemKey_MakeKeyWithRandom(key, kyber768_rand,
sizeof(kyber768_rand));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_MlKemKey_EncodePublicKey(key, pub, KYBER768_PUBLIC_KEY_SIZE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_MlKemKey_EncodePrivateKey(key, priv, KYBER768_PRIVATE_KEY_SIZE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(pub, kyber768_pk, sizeof(kyber768_pk)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(priv, kyber768_sk, sizeof(kyber768_sk)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
(void)kyber768_rand;
(void)kyber768_pk;
ret = wc_MlKemKey_DecodePrivateKey(key, kyber768_sk,
KYBER768_PRIVATE_KEY_SIZE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
ret = wc_MlKemKey_EncapsulateWithRandom(key, ct, ss, kyber768enc_rand,
sizeof(kyber768enc_rand));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(ct, kyber768_ct, sizeof(kyber768_ct)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(ss, kyber768_ss, sizeof(kyber768_ss)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
(void)kyber768enc_rand;
#endif
#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
ret = wc_MlKemKey_Decapsulate(key, ss_dec, kyber768_ct,
sizeof(kyber768_ct));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(ss_dec, kyber768_ss, sizeof(kyber768_ss)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
(void)kyber768_ct;
(void)kyber768_ss;
#endif
#endif
#ifndef WOLFSSL_NO_ML_KEM
ret = wc_MlKemKey_Init(key, WC_ML_KEM_768, HEAP_HINT, katDevId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
else
key_inited = 1;
#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
ret = wc_MlKemKey_MakeKeyWithRandom(key, kyber768_rand,
sizeof(kyber768_rand));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_MlKemKey_EncodePublicKey(key, pub, WC_ML_KEM_768_PUBLIC_KEY_SIZE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_MlKemKey_EncodePrivateKey(key, priv,
WC_ML_KEM_768_PRIVATE_KEY_SIZE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(pub, ml_kem_768_pk, sizeof(ml_kem_768_pk)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(priv, ml_kem_768_sk, sizeof(ml_kem_768_sk)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
(void)kyber768_rand;
(void)ml_kem_768_pk;
ret = wc_MlKemKey_DecodePrivateKey(key, ml_kem_768_sk,
WC_ML_KEM_768_PRIVATE_KEY_SIZE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
ret = wc_MlKemKey_EncapsulateWithRandom(key, ct, ss, kyber768enc_rand,
sizeof(kyber768enc_rand));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(ct, ml_kem_768_ct, sizeof(ml_kem_768_ct)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(ss, ml_kem_768_ss, sizeof(ml_kem_768_ss)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
(void)kyber768enc_rand;
#endif
#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
ret = wc_MlKemKey_Decapsulate(key, ss_dec, ml_kem_768_ct,
sizeof(ml_kem_768_ct));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(ss_dec, ml_kem_768_ss, sizeof(ml_kem_768_ss)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
(void)ml_kem_768_ct;
(void)ml_kem_768_ss;
#endif
#endif
out:
if (key_inited)
wc_MlKemKey_Free(key);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#endif
return ret;
}
#endif /* !WOLFSSL_NO_KYBER768 && !WOLFSSL_NO_ML_KEM_768 */
#if !defined(WOLFSSL_NO_KYBER1024) && !defined(WOLFSSL_NO_ML_KEM_1024)
static wc_test_ret_t mlkem1024_kat(void)
{
wc_test_ret_t ret;
#ifdef WOLFSSL_SMALL_STACK
MlKemKey *key = NULL;
#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
byte *priv = NULL;
byte *pub = NULL;
#endif
#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
byte *ct = NULL;
byte *ss = NULL;
#endif
#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
byte *ss_dec = NULL;
#endif
#else
MlKemKey key[1];
#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
byte priv[WC_ML_KEM_1024_PRIVATE_KEY_SIZE];
byte pub[WC_ML_KEM_1024_PUBLIC_KEY_SIZE];
#endif
#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
byte ct[WC_ML_KEM_1024_CIPHER_TEXT_SIZE];
byte ss[WC_ML_KEM_SS_SZ];
#endif
#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
byte ss_dec[WC_ML_KEM_SS_SZ];
#endif
#endif
int key_inited = 0;
const int katDevId = INVALID_DEVID;
WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_rand[] = {
0x7c, 0x99, 0x35, 0xa0, 0xb0, 0x76, 0x94, 0xaa,
0x0c, 0x6d, 0x10, 0xe4, 0xdb, 0x6b, 0x1a, 0xdd,
0x2f, 0xd8, 0x1a, 0x25, 0xcc, 0xb1, 0x48, 0x03,
0x2d, 0xcd, 0x73, 0x99, 0x36, 0x73, 0x7f, 0x2d,
0x86, 0x26, 0xED, 0x79, 0xD4, 0x51, 0x14, 0x08,
0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21,
0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
};
WOLFSSL_SMALL_STACK_STATIC const byte kyber1024enc_rand[] = {
0x14, 0x7c, 0x03, 0xf7, 0xa5, 0xbe, 0xbb, 0xa4,
0x06, 0xc8, 0xfa, 0xe1, 0x87, 0x4d, 0x7f, 0x13,
0xc8, 0x0e, 0xfe, 0x79, 0xa3, 0xa9, 0xa8, 0x74,
0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15
};
#ifdef WOLFSSL_MLKEM_KYBER
WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_pk[] = {
0xD2, 0x23, 0x02, 0xCB, 0xD3, 0x39, 0x9F, 0xAC,
0xC6, 0x30, 0x99, 0x1F, 0xC8, 0xF2, 0x8B, 0xDB,
0x43, 0x54, 0x76, 0x25, 0x41, 0x52, 0x76, 0x78,
0xBC, 0xF6, 0x1F, 0x65, 0xC2, 0x41, 0x14, 0x6C,
0x42, 0x6D, 0x23, 0xB9, 0xBF, 0xAA, 0x6B, 0x7D,
0xF1, 0x8C, 0x97, 0xF2, 0x0C, 0x1B, 0x61, 0x25,
0xBF, 0x87, 0x4B, 0x1D, 0x89, 0x47, 0x58, 0x52,
0xC4, 0x48, 0x21, 0x5D, 0xB0, 0xEB, 0x77, 0x37,
0xF9, 0x14, 0x80, 0xE8, 0xCE, 0xBD, 0x9A, 0x08,
0x71, 0x57, 0x4F, 0x5A, 0xB6, 0x2D, 0x90, 0x20,
0x17, 0x5E, 0xC6, 0x92, 0x7C, 0xA0, 0xB5, 0x4C,
0x09, 0x81, 0x8E, 0x42, 0xCF, 0x92, 0xA3, 0x83,
0x17, 0x24, 0x22, 0xC7, 0xDC, 0x18, 0x31, 0xD6,
0x3B, 0x0C, 0x29, 0x5D, 0xE7, 0x51, 0x59, 0xDB,
0x80, 0x34, 0xE9, 0xE0, 0x7F, 0x7B, 0x0B, 0x91,
0x0C, 0x3C, 0x1E, 0x5F, 0xB6, 0x6B, 0x3D, 0xC5,
0x23, 0xF1, 0xFA, 0x6E, 0xB4, 0x91, 0x0C, 0xB8,
0x9A, 0x6C, 0x17, 0x56, 0x2C, 0x83, 0xAB, 0x4C,
0x18, 0xD0, 0xCD, 0x7E, 0x07, 0x96, 0x59, 0x2A,
0x37, 0x2A, 0xA4, 0x09, 0xB1, 0xC5, 0x57, 0x34,
0x7C, 0xCA, 0xCD, 0xC4, 0x64, 0x4A, 0x11, 0x90,
0x64, 0xD0, 0x6D, 0xD4, 0x74, 0x92, 0x9D, 0x1C,
0x6F, 0xB4, 0xD6, 0x86, 0xE5, 0x49, 0x1C, 0xE4,
0xBC, 0x89, 0xA3, 0x0B, 0xB4, 0xB8, 0xC4, 0x1B,
0xCE, 0x51, 0x57, 0xDF, 0xC1, 0x36, 0x08, 0x23,
0xB1, 0xAB, 0x61, 0x8C, 0x14, 0xB1, 0x0F, 0x98,
0xC2, 0x50, 0x67, 0x39, 0x8E, 0xA7, 0x01, 0x8C,
0x27, 0x8A, 0x4B, 0x3D, 0xF3, 0x13, 0x34, 0xD6,
0x03, 0xB2, 0x04, 0x4E, 0xF1, 0x87, 0xCD, 0x9B,
0xC6, 0xCE, 0x42, 0x72, 0x5B, 0xD9, 0x62, 0xC2,
0x64, 0x98, 0x3E, 0x9E, 0x18, 0x15, 0x5A, 0x8B,
0x9C, 0x47, 0x14, 0x3D, 0x70, 0x46, 0x0A, 0x26,
0xA5, 0x6F, 0xE7, 0x65, 0x8C, 0x1F, 0x15, 0x03,
0x48, 0xC6, 0x08, 0x7E, 0xF7, 0x58, 0xAD, 0x16,
0x78, 0x87, 0x86, 0x0A, 0x00, 0x7A, 0x5F, 0xC3,
0x73, 0x58, 0xD4, 0x3B, 0x5E, 0xBE, 0xE8, 0x20,
0xAC, 0xEA, 0x47, 0x4F, 0x0A, 0xC0, 0x7B, 0x76,
0x80, 0x28, 0x66, 0x19, 0x9C, 0x61, 0x23, 0x1D,
0x5C, 0x74, 0x7C, 0x93, 0x77, 0x4D, 0x2C, 0x1E,
0x0C, 0x1C, 0x67, 0xE6, 0xC8, 0x1B, 0x82, 0x75,
0x21, 0x73, 0xE1, 0x25, 0xBA, 0xF3, 0x9B, 0x4F,
0xD1, 0x9A, 0x4F, 0x45, 0x3D, 0xC5, 0x79, 0x76,
0xB1, 0xD9, 0x7F, 0xE6, 0x99, 0x69, 0x92, 0xBB,
0xB6, 0x5B, 0x7C, 0xB2, 0x5D, 0x07, 0x7B, 0xBA,
0xA6, 0xA1, 0x33, 0x22, 0x89, 0x9A, 0xF6, 0x59,
0xCF, 0x1B, 0x35, 0x58, 0xC1, 0xB5, 0x00, 0x11,
0x54, 0xB6, 0x25, 0x80, 0x9E, 0xD8, 0x9A, 0xEE,
0xBB, 0x89, 0xE6, 0xEA, 0x7D, 0x67, 0xF7, 0x23,
0xD0, 0x45, 0xAB, 0x05, 0x71, 0x5C, 0x42, 0x35,
0x5D, 0xA6, 0xA5, 0xC8, 0xDD, 0x39, 0xC8, 0xAB,
0xE3, 0x03, 0x77, 0x51, 0xA0, 0x1E, 0xD1, 0xC7,
0x37, 0x49, 0x19, 0xF3, 0x12, 0x1B, 0x5A, 0x52,
0xC5, 0x3D, 0x14, 0x87, 0x31, 0x67, 0x69, 0xF8,
0x07, 0x21, 0xDE, 0xEA, 0xAA, 0xD3, 0xC9, 0x0F,
0x76, 0xE7, 0xAE, 0x9E, 0x12, 0xBA, 0x92, 0xB3,
0x2B, 0x5F, 0xD4, 0x57, 0xE3, 0xC7, 0x52, 0xC2,
0x65, 0x0D, 0xFB, 0x88, 0x57, 0x71, 0xCB, 0x77,
0xAC, 0x3C, 0x78, 0x5A, 0x8C, 0x56, 0x2E, 0x6A,
0x1C, 0x63, 0xC2, 0xA5, 0x5E, 0xA4, 0x7C, 0xF8,
0xB9, 0x0E, 0xB8, 0x22, 0x5C, 0x12, 0x3C, 0x34,
0x64, 0x52, 0x56, 0x62, 0x35, 0xB2, 0xF3, 0x18,
0x23, 0xA3, 0x35, 0x21, 0xE0, 0x87, 0x93, 0x7A,
0x34, 0x5D, 0x8D, 0x66, 0x3E, 0xEA, 0xA0, 0x56,
0x58, 0x91, 0x7B, 0xBA, 0xA0, 0x08, 0xC2, 0xE3,
0x35, 0xF8, 0x85, 0x0A, 0x90, 0xA3, 0x26, 0xD0,
0xE6, 0x64, 0x32, 0xF4, 0x4C, 0xEB, 0x82, 0x89,
0xE4, 0xEC, 0xB2, 0xD1, 0x29, 0x58, 0xE9, 0x84,
0x07, 0x2E, 0xCA, 0xCB, 0x88, 0xE1, 0x34, 0x8F,
0xF0, 0xB5, 0x56, 0x54, 0xAC, 0xBA, 0x5B, 0x54,
0x97, 0x1C, 0xBA, 0xEB, 0xA8, 0x8E, 0xC4, 0xB9,
0x1A, 0x94, 0xC3, 0x71, 0x92, 0xFA, 0x98, 0x2B,
0xEC, 0xB9, 0xF3, 0xDA, 0x42, 0x16, 0x03, 0xB6,
0x1A, 0x51, 0xBC, 0x8E, 0x36, 0xCB, 0xD0, 0x53,
0x85, 0x1C, 0x77, 0xB1, 0xB9, 0x26, 0xB1, 0x7A,
0x27, 0x2A, 0xA9, 0x02, 0x32, 0x46, 0xB0, 0x2B,
0x3E, 0xD4, 0x7F, 0x66, 0xA0, 0x0B, 0xD5, 0x68,
0x48, 0x23, 0x63, 0x4E, 0x7C, 0xE5, 0x8C, 0xF8,
0xF3, 0x06, 0xE3, 0x5B, 0x1E, 0x53, 0x22, 0x82,
0x4D, 0x90, 0x48, 0x01, 0xF0, 0xA2, 0xFA, 0x7C,
0x2B, 0xC9, 0xC2, 0x52, 0xB0, 0xA5, 0x6B, 0x7B,
0xA2, 0xAB, 0x0F, 0x63, 0x60, 0x21, 0x74, 0x5A,
0x70, 0xA9, 0xA4, 0x3E, 0x2B, 0x0A, 0x8D, 0x61,
0x59, 0x70, 0xB6, 0x53, 0x09, 0x62, 0x4B, 0x51,
0x84, 0xBC, 0xC3, 0x0B, 0x91, 0x16, 0x79, 0xAE,
0xDD, 0x76, 0x02, 0x5F, 0xE3, 0x90, 0x8F, 0xD6,
0x78, 0x97, 0xB0, 0xCF, 0x4B, 0xE5, 0xA6, 0xF5,
0x41, 0x3D, 0x7D, 0xD9, 0x85, 0x64, 0xB2, 0x3E,
0x42, 0xA9, 0x3E, 0x4A, 0xA8, 0x82, 0x1C, 0xD4,
0x50, 0x54, 0xC6, 0x43, 0xED, 0xC1, 0x15, 0x8D,
0xB6, 0xB3, 0xDE, 0xB1, 0x3F, 0xB5, 0xA5, 0x1E,
0xBD, 0x1A, 0x8A, 0x78, 0xB8, 0x72, 0x25, 0xA7,
0x33, 0x8E, 0x10, 0x11, 0x04, 0xC4, 0xA2, 0x20,
0xD9, 0xBD, 0xED, 0xD4, 0x8C, 0x85, 0xA1, 0xC2,
0xDA, 0xE7, 0x81, 0xA8, 0x0C, 0x40, 0xE1, 0x3B,
0x87, 0xEA, 0xC7, 0x3A, 0x76, 0x42, 0x01, 0xC9,
0xB7, 0x60, 0xCC, 0xFB, 0x1A, 0xE3, 0x92, 0x69,
0x9C, 0x70, 0x39, 0xD2, 0x7C, 0x39, 0x36, 0x2B,
0x27, 0xB8, 0xFC, 0x6F, 0x07, 0xA8, 0xA3, 0xD4,
0x41, 0x0F, 0x15, 0x47, 0xC4, 0x8A, 0x99, 0x97,
0xF6, 0x2C, 0x61, 0x07, 0x44, 0x52, 0xEF, 0x15,
0x15, 0xF8, 0xA6, 0x49, 0xEB, 0xCA, 0x94, 0x37,
0x20, 0x5A, 0x4E, 0x8A, 0x61, 0x60, 0x6B, 0x41,
0xDA, 0xF6, 0x83, 0x4D, 0x67, 0x1F, 0x4D, 0x85,
0x2C, 0x0C, 0x9C, 0x40, 0x96, 0x61, 0x16, 0x48,
0xC6, 0xA3, 0x17, 0x06, 0x78, 0xB1, 0x53, 0x7C,
0xC1, 0x82, 0x8D, 0x93, 0x58, 0x0C, 0x9E, 0x58,
0x49, 0xA9, 0x65, 0x31, 0x75, 0xAC, 0xB7, 0x53,
0xF2, 0xBE, 0x74, 0x37, 0xBE, 0x45, 0xF6, 0xC6,
0x03, 0xE4, 0x85, 0xF2, 0xEC, 0x30, 0x1B, 0xB4,
0x2B, 0x6C, 0x37, 0xC2, 0x25, 0xD7, 0x49, 0x5A,
0x58, 0x4A, 0xE2, 0x31, 0x89, 0x0A, 0xB5, 0xC8,
0xC3, 0x5C, 0x26, 0x8C, 0xF4, 0xBB, 0xB0, 0x21,
0x3C, 0x09, 0x60, 0x19, 0x31, 0x95, 0x61, 0xA8,
0xA6, 0x94, 0x76, 0x37, 0xAA, 0x40, 0xD0, 0x06,
0xB4, 0x15, 0xBB, 0x2C, 0xFA, 0x22, 0x37, 0xE0,
0x89, 0x0B, 0x6A, 0x3B, 0xC1, 0x34, 0xAB, 0xF8,
0xF6, 0x58, 0x5E, 0x10, 0x8D, 0x15, 0x94, 0x0F,
0x91, 0xF4, 0xBF, 0x5B, 0x0C, 0x81, 0x80, 0x55,
0xB2, 0x1D, 0xEA, 0x6E, 0x63, 0xB5, 0x53, 0x98,
0x8C, 0x47, 0xF4, 0xB9, 0x4E, 0x7C, 0xF8, 0x00,
0xA4, 0x93, 0xB4, 0x73, 0x47, 0x05, 0xED, 0xC5,
0x6A, 0x4B, 0x60, 0x21, 0xC6, 0x29, 0x50, 0x06,
0x75, 0x87, 0x68, 0x04, 0xCF, 0x0B, 0x95, 0x1F,
0x03, 0x8A, 0x5C, 0x7F, 0xE5, 0x8E, 0x89, 0x77,
0x4E, 0xF2, 0x99, 0x2F, 0xD7, 0xC6, 0x30, 0x99,
0xD3, 0x52, 0xA7, 0xD2, 0x15, 0x60, 0xB7, 0x88,
0xB4, 0x05, 0x70, 0x98, 0x61, 0x81, 0x7E, 0x59,
0xA9, 0x6B, 0x3A, 0x3A, 0x83, 0xCB, 0xA8, 0x03,
0xB1, 0x69, 0x34, 0x33, 0x10, 0x71, 0x90, 0x5B,
0xBE, 0xC6, 0x53, 0x29, 0x00, 0x15, 0x5D, 0x8A,
0xC8, 0x8C, 0xB3, 0x2E, 0x4E, 0x21, 0xA3, 0xBD,
0x3A, 0x03, 0xFD, 0xEC, 0x32, 0x5A, 0x51, 0xCD,
0x27, 0x73, 0x96, 0x4E, 0x67, 0x84, 0xFC, 0xF1,
0x85, 0x37, 0x37, 0xAA, 0x64, 0xEB, 0x67, 0x56,
0x47, 0x27, 0x27, 0x26, 0x61, 0xAB, 0xF8, 0x43,
0x13, 0xA5, 0x7A, 0x44, 0xB1, 0x23, 0xC6, 0x55,
0x09, 0xCF, 0xB7, 0xA6, 0xF6, 0x64, 0x1C, 0xDC,
0xC3, 0xB5, 0x7F, 0xE6, 0x28, 0xC7, 0xB8, 0x19,
0x2D, 0xB4, 0x4F, 0xFB, 0xF5, 0x79, 0x6A, 0x86,
0x13, 0xB1, 0xFA, 0x12, 0x6F, 0x60, 0x76, 0x88,
0x3C, 0x78, 0x3D, 0xC2, 0x4E, 0x2A, 0x44, 0x64,
0xC4, 0x0B, 0x3A, 0x41, 0xCA, 0x70, 0xAE, 0x87,
0x62, 0x08, 0x66, 0xCF, 0x4F, 0xCB, 0x2B, 0xD2,
0x04, 0xBF, 0x5C, 0x28, 0x38, 0x12, 0xBA, 0x05,
0x6A, 0xC0, 0xC3, 0x45, 0xE3, 0x79, 0xC4, 0xBA,
0x24, 0xD7, 0x50, 0x90, 0x12, 0x79, 0xBB, 0x2F,
0x3A, 0x16, 0xF6, 0x12, 0xBF, 0xAD, 0xB3, 0x57,
0x03, 0x33, 0x2C, 0x7C, 0x13, 0x6F, 0x68, 0xEA,
0xB6, 0x75, 0x5C, 0x66, 0xB6, 0xA4, 0xAD, 0x1A,
0xAB, 0xA7, 0xB7, 0x68, 0xA5, 0x8A, 0xCA, 0xAC,
0xC1, 0x0A, 0x45, 0x9A, 0x1C, 0xC8, 0xEF, 0x29,
0x37, 0x7B, 0xC2, 0x00, 0xE4, 0xD3, 0x15, 0xA3,
0x0A, 0x6B, 0xCC, 0x32, 0x56, 0xF9, 0x73, 0x4D,
0x06, 0xE9, 0x77, 0x9C, 0xAA, 0x54, 0x42, 0xA9,
0xA1, 0x60, 0x69, 0x08, 0x13, 0x77, 0xC7, 0x6E,
0x75, 0x15, 0x43, 0x68, 0x07, 0x2D, 0xC4, 0x46,
0xED, 0x6C, 0x8B, 0x8E, 0x62, 0x2A, 0x21, 0xE3,
0x83, 0xCF, 0x9B, 0xA1, 0xFB, 0x43, 0x4E, 0x2E,
0xCC, 0x81, 0xE7, 0xB7, 0x8C, 0xEE, 0x98, 0x6B,
0x8F, 0xF7, 0x98, 0xAB, 0x18, 0xCF, 0x96, 0x34,
0x54, 0x35, 0x46, 0x28, 0x4E, 0xDA, 0x2A, 0x26,
0xB4, 0x7F, 0x05, 0xB7, 0x35, 0xBC, 0xDB, 0x12,
0x02, 0x22, 0x00, 0x76, 0xDC, 0x8B, 0x4E, 0x4B,
0x9F, 0x85, 0x35, 0x33, 0xC8, 0xF6, 0xC7, 0xFF,
0x38, 0x81, 0x7B, 0xA4, 0x97, 0x12, 0x83, 0x57,
0x85, 0xF1, 0x7F, 0x14, 0xCA, 0x01, 0xD0, 0xC1,
0xC1, 0xE9, 0x88, 0x10, 0xFE, 0x0B, 0x36, 0xE5,
0xB4, 0x27, 0x15, 0x7B, 0x94, 0x18, 0x44, 0x9C,
0xED, 0xD6, 0x41, 0xA4, 0x29, 0x3C, 0x85, 0xC3,
0x27, 0x00, 0x10, 0x2A, 0xCE, 0xC2, 0x2E, 0xBA,
0xD9, 0x8E, 0xD1, 0x60, 0xA5, 0xF0, 0x27, 0xBD,
0x4C, 0xDA, 0x57, 0xF1, 0xF3, 0x72, 0x0A, 0x12,
0xC1, 0x34, 0x65, 0x4D, 0xD5, 0xE7, 0x3F, 0x82,
0x96, 0x76, 0x49, 0x53, 0x90, 0xD0, 0xE7, 0x92,
0x9D, 0x60, 0x34, 0xE9, 0xC5, 0x5F, 0x7D, 0x55,
0xBA, 0x65, 0x8B, 0xC5, 0x87, 0x98, 0x8E, 0x8A,
0xF9, 0x49, 0x60, 0xF6, 0xCF, 0xB8, 0xD5, 0xAF,
0x7A, 0x00, 0x21, 0x53, 0x5A, 0x6E, 0x25, 0xE4,
0x37, 0xD4, 0x9A, 0x78, 0x06, 0x98, 0xBE, 0x22,
0xAC, 0x99, 0x53, 0x94, 0x9F, 0x57, 0x1B, 0x85,
0xA6, 0x85, 0x72, 0x5F, 0x82, 0x07, 0xA2, 0xB0,
0xAE, 0x84, 0x9B, 0x60, 0x1A, 0xB9, 0x1B, 0x15,
0x9B, 0x3D, 0xF4, 0xA1, 0x54, 0xC2, 0x04, 0x1E,
0x77, 0x60, 0x70, 0xAF, 0xC4, 0x29, 0x69, 0x32,
0x23, 0x80, 0x91, 0x7C, 0x97, 0x51, 0x07, 0x99,
0xF3, 0x14, 0x91, 0x31, 0x47, 0x7E, 0x16, 0x66,
0x3D, 0x31, 0x74, 0xC7, 0xC1, 0xCA, 0xEA, 0x78,
0x85, 0x35, 0xC6, 0xC0, 0x05, 0xA6, 0x4F, 0x28,
0x68, 0x63, 0x1B, 0x31, 0xB6, 0x6E, 0x20, 0x5F,
0xD3, 0x8C, 0x1D, 0x84, 0x54, 0x2D, 0x0F, 0x1B,
0x57, 0x8F, 0x58, 0xC9, 0xBF, 0x5A, 0x0F, 0xAE,
0xAB, 0x6A, 0xB6, 0x49, 0x48, 0x93, 0x05, 0x31,
0x65, 0xEA, 0xFD, 0x46, 0x5F, 0xC6, 0x4A, 0x0C,
0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15,
0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22
};
#endif
#ifndef WOLFSSL_NO_ML_KEM
WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_1024_pk[] = {
0x53, 0x79, 0x11, 0x95, 0x7c, 0x12, 0x51, 0x48,
0xa8, 0x7f, 0x41, 0x58, 0x9c, 0xb2, 0x22, 0xd0,
0xd1, 0x92, 0x29, 0xe2, 0xcb, 0x55, 0xe1, 0xa0,
0x44, 0x79, 0x1e, 0x7c, 0xa6, 0x11, 0x92, 0xa4,
0x64, 0x60, 0xc3, 0x18, 0x3d, 0x2b, 0xcd, 0x6d,
0xe0, 0x8a, 0x5e, 0x76, 0x51, 0x60, 0x3a, 0xcc,
0x34, 0x9c, 0xa1, 0x6c, 0xba, 0x18, 0xab, 0xb2,
0x3a, 0x3e, 0x8c, 0x33, 0x0d, 0x74, 0x21, 0x59,
0x8a, 0x62, 0x78, 0xec, 0x7e, 0xbf, 0xab, 0xca,
0x0e, 0xf4, 0x88, 0xb2, 0x29, 0x05, 0x54, 0x75,
0x34, 0x99, 0xc0, 0x45, 0x2e, 0x45, 0x38, 0x15,
0x30, 0x99, 0x55, 0xb8, 0x15, 0x0f, 0xa1, 0xa1,
0xe3, 0x93, 0x38, 0x6d, 0xc1, 0x2f, 0xdb, 0x27,
0xb3, 0x8c, 0x67, 0x45, 0xf2, 0x94, 0x40, 0x16,
0xec, 0x45, 0x7f, 0x39, 0xb1, 0x8d, 0x60, 0x4a,
0x07, 0xa1, 0xab, 0xe0, 0x7b, 0xc8, 0x44, 0x05,
0x0f, 0xfa, 0x8a, 0x06, 0xfa, 0x15, 0x4a, 0x49,
0xd8, 0x8f, 0xac, 0x77, 0x54, 0x52, 0xd6, 0xa7,
0xc0, 0xe5, 0x89, 0xbf, 0xb5, 0xc3, 0x70, 0xc2,
0xc4, 0xb6, 0x20, 0x1d, 0xda, 0x80, 0xc9, 0xab,
0x20, 0x76, 0xec, 0xc0, 0x8b, 0x44, 0x52, 0x2f,
0xda, 0x33, 0x26, 0xf0, 0x33, 0x80, 0x6d, 0xd2,
0x69, 0x3f, 0x31, 0x97, 0x39, 0xf4, 0x0c, 0x4f,
0x42, 0xb2, 0x4a, 0xca, 0x70, 0x98, 0xfb, 0x8f,
0xf5, 0xf9, 0xac, 0x20, 0x29, 0x2d, 0x02, 0xb5,
0x6a, 0xc7, 0x46, 0x80, 0x1a, 0xcc, 0xcc, 0x84,
0x86, 0x3d, 0xee, 0x32, 0x87, 0x84, 0x97, 0xb6,
0x94, 0x38, 0xbf, 0x99, 0x17, 0x76, 0x28, 0x66,
0x50, 0x48, 0x2c, 0x8d, 0x9d, 0x95, 0x87, 0xbc,
0x6a, 0x55, 0xb8, 0x5c, 0x4d, 0x7f, 0xa7, 0x4d,
0x02, 0x65, 0x6b, 0x42, 0x1c, 0x9e, 0x23, 0xe0,
0x3a, 0x48, 0xd4, 0xb7, 0x44, 0x25, 0xc2, 0x6e,
0x4a, 0x20, 0xdd, 0x95, 0x62, 0xa4, 0xda, 0x07,
0x93, 0xf3, 0xa3, 0x52, 0xcc, 0xc0, 0xf1, 0x82,
0x17, 0xd8, 0x68, 0xc7, 0xf5, 0x00, 0x2a, 0xbe,
0x76, 0x8b, 0x1f, 0xc7, 0x3f, 0x05, 0x74, 0x4e,
0x7c, 0xc2, 0x8f, 0x10, 0x34, 0x40, 0x62, 0xc1,
0x0e, 0x08, 0xec, 0xcc, 0xed, 0x3c, 0x1f, 0x7d,
0x39, 0x2c, 0x01, 0xd9, 0x79, 0xdd, 0x71, 0x8d,
0x83, 0x98, 0x37, 0x46, 0x65, 0xa1, 0x6a, 0x98,
0x70, 0x58, 0x5c, 0x39, 0xd5, 0x58, 0x9a, 0x50,
0xe1, 0x33, 0x38, 0x9c, 0x9b, 0x9a, 0x27, 0x6c,
0x02, 0x42, 0x60, 0xd9, 0xfc, 0x77, 0x11, 0xc8,
0x1b, 0x63, 0x37, 0xb5, 0x7d, 0xa3, 0xc3, 0x76,
0xd0, 0xcd, 0x74, 0xe1, 0x4c, 0x73, 0x72, 0x7b,
0x27, 0x66, 0x56, 0xb9, 0xd8, 0xa4, 0xeb, 0x71,
0x89, 0x6f, 0xf5, 0x89, 0xd4, 0xb8, 0x93, 0xe7,
0x11, 0x0f, 0x3b, 0xb9, 0x48, 0xec, 0xe2, 0x91,
0xdd, 0x86, 0xc0, 0xb7, 0x46, 0x8a, 0x67, 0x8c,
0x74, 0x69, 0x80, 0xc1, 0x2a, 0xa6, 0xb9, 0x5e,
0x2b, 0x0c, 0xbe, 0x43, 0x31, 0xbb, 0x24, 0xa3,
0x3a, 0x27, 0x01, 0x53, 0xaa, 0x47, 0x2c, 0x47,
0x31, 0x23, 0x82, 0xca, 0x36, 0x5c, 0x5f, 0x35,
0x25, 0x9d, 0x02, 0x57, 0x46, 0xfc, 0x65, 0x95,
0xfe, 0x63, 0x6c, 0x76, 0x75, 0x10, 0xa6, 0x9c,
0x1e, 0x8a, 0x17, 0x6b, 0x79, 0x49, 0x95, 0x8f,
0x26, 0x97, 0x39, 0x94, 0x97, 0xa2, 0xfc, 0x73,
0x64, 0xa1, 0x2c, 0x81, 0x98, 0x29, 0x52, 0x39,
0xc8, 0x26, 0xcb, 0x50, 0x82, 0x08, 0x60, 0x77,
0x28, 0x2e, 0xd6, 0x28, 0x65, 0x1f, 0xc0, 0x4c,
0x63, 0x9b, 0x43, 0x85, 0x22, 0xa9, 0xde, 0x30,
0x9b, 0x14, 0xb0, 0x86, 0xd6, 0xe9, 0x23, 0xc5,
0x51, 0x62, 0x3b, 0xd7, 0x2a, 0x73, 0x3c, 0xb0,
0xda, 0xbc, 0x54, 0xa9, 0x41, 0x6a, 0x99, 0xe7,
0x2c, 0x9f, 0xda, 0x1c, 0xb3, 0xfb, 0x9b, 0xa0,
0x6b, 0x8a, 0xdb, 0x24, 0x22, 0xd6, 0x8c, 0xad,
0xc5, 0x53, 0xc9, 0x82, 0x02, 0xa1, 0x76, 0x56,
0x47, 0x8a, 0xc0, 0x44, 0xef, 0x34, 0x56, 0x37,
0x8a, 0xbc, 0xe9, 0x99, 0x1e, 0x01, 0x41, 0xba,
0x79, 0x09, 0x4f, 0xa8, 0xf7, 0x7a, 0x30, 0x08,
0x05, 0xd2, 0xd3, 0x2f, 0xfc, 0x62, 0xbf, 0x0c,
0xa4, 0x55, 0x4c, 0x33, 0x0c, 0x2b, 0xb7, 0x04,
0x2d, 0xb3, 0x51, 0x02, 0xf6, 0x8b, 0x1a, 0x00,
0x62, 0x58, 0x38, 0x65, 0x38, 0x1c, 0x74, 0xdd,
0x91, 0x3a, 0xf7, 0x0b, 0x26, 0xcf, 0x09, 0x23,
0xd0, 0xc4, 0xcb, 0x97, 0x16, 0x92, 0x22, 0x25,
0x52, 0xa8, 0xf4, 0xb7, 0x88, 0xb4, 0xaf, 0xd1,
0x34, 0x1a, 0x9d, 0xf4, 0x15, 0xcf, 0x20, 0x39,
0x00, 0xf5, 0xcc, 0xf7, 0xf6, 0x59, 0x88, 0x94,
0x9a, 0x75, 0x58, 0x0d, 0x04, 0x96, 0x39, 0x85,
0x31, 0x00, 0x85, 0x4b, 0x21, 0xf4, 0x01, 0x80,
0x03, 0x50, 0x2b, 0xb1, 0xba, 0x95, 0xf5, 0x56,
0xa5, 0xd6, 0x7c, 0x7e, 0xb5, 0x24, 0x10, 0xeb,
0xa2, 0x88, 0xa6, 0xd0, 0x63, 0x5c, 0xa8, 0xa4,
0xf6, 0xd6, 0x96, 0xd0, 0xa0, 0x20, 0xc8, 0x26,
0x93, 0x8d, 0x34, 0x94, 0x3c, 0x38, 0x08, 0xc7,
0x9c, 0xc0, 0x07, 0x76, 0x85, 0x33, 0x21, 0x6b,
0xc1, 0xb2, 0x9d, 0xa6, 0xc8, 0x12, 0xef, 0xf3,
0x34, 0x0b, 0xaa, 0x8d, 0x2e, 0x65, 0x34, 0x4f,
0x09, 0xbd, 0x47, 0x89, 0x4f, 0x5a, 0x3a, 0x41,
0x18, 0x71, 0x5b, 0x3c, 0x50, 0x20, 0x67, 0x93,
0x27, 0xf9, 0x18, 0x9f, 0x7e, 0x10, 0x85, 0x6b,
0x23, 0x8b, 0xb9, 0xb0, 0xab, 0x4c, 0xa8, 0x5a,
0xbf, 0x4b, 0x21, 0xf5, 0xc7, 0x6b, 0xcc, 0xd7,
0x18, 0x50, 0xb2, 0x2e, 0x04, 0x59, 0x28, 0x27,
0x6a, 0x0f, 0x2e, 0x95, 0x1d, 0xb0, 0x70, 0x7c,
0x6a, 0x11, 0x6d, 0xc1, 0x91, 0x13, 0xfa, 0x76,
0x2d, 0xc5, 0xf2, 0x0b, 0xd5, 0xd2, 0xab, 0x5b,
0xe7, 0x17, 0x44, 0xdc, 0x9c, 0xbd, 0xb5, 0x1e,
0xa7, 0x57, 0x96, 0x3a, 0xac, 0x56, 0xa9, 0x0a,
0x0d, 0x80, 0x23, 0xbe, 0xd1, 0xf5, 0xca, 0xe8,
0xa6, 0x4d, 0xa0, 0x47, 0x27, 0x9b, 0x35, 0x3a,
0x09, 0x6a, 0x83, 0x5b, 0x0b, 0x2b, 0x02, 0x3b,
0x6a, 0xa0, 0x48, 0x98, 0x92, 0x33, 0x07, 0x9a,
0xeb, 0x46, 0x7e, 0x52, 0x2f, 0xa2, 0x7a, 0x58,
0x22, 0x92, 0x1e, 0x5c, 0x55, 0x1b, 0x4f, 0x53,
0x75, 0x36, 0xe4, 0x6f, 0x3a, 0x6a, 0x97, 0xe7,
0x2c, 0x3b, 0x06, 0x31, 0x04, 0xe0, 0x9a, 0x04,
0x05, 0x98, 0x94, 0x0d, 0x87, 0x2f, 0x6d, 0x87,
0x1f, 0x5e, 0xf9, 0xb4, 0x35, 0x50, 0x73, 0xb5,
0x47, 0x69, 0xe4, 0x54, 0x54, 0xe6, 0xa0, 0x81,
0x95, 0x99, 0x40, 0x86, 0x21, 0xab, 0x44, 0x13,
0xb3, 0x55, 0x07, 0xb0, 0xdf, 0x57, 0x8c, 0xe2,
0xd5, 0x11, 0xd5, 0x20, 0x58, 0xd5, 0x74, 0x9d,
0xf3, 0x8b, 0x29, 0xd6, 0xcc, 0x58, 0x87, 0x0c,
0xaf, 0x92, 0xf6, 0x9a, 0x75, 0x16, 0x14, 0x06,
0xe7, 0x1c, 0x5f, 0xf9, 0x24, 0x51, 0xa7, 0x75,
0x22, 0xb8, 0xb2, 0x96, 0x7a, 0x2d, 0x58, 0xa4,
0x9a, 0x81, 0x66, 0x1a, 0xa6, 0x5a, 0xc0, 0x9b,
0x08, 0xc9, 0xfe, 0x45, 0xab, 0xc3, 0x85, 0x1f,
0x99, 0xc7, 0x30, 0xc4, 0x50, 0x03, 0xac, 0xa2,
0xbf, 0x0f, 0x84, 0x24, 0xa1, 0x9b, 0x74, 0x08,
0xa5, 0x37, 0xd5, 0x41, 0xc1, 0x6f, 0x56, 0x82,
0xbf, 0xe3, 0xa7, 0xfa, 0xea, 0x56, 0x4f, 0x12,
0x98, 0x61, 0x1a, 0x7f, 0x5f, 0x60, 0x92, 0x2b,
0xa1, 0x9d, 0xe7, 0x3b, 0x19, 0x17, 0xf1, 0x85,
0x32, 0x73, 0x55, 0x51, 0x99, 0xa6, 0x49, 0x31,
0x8b, 0x50, 0x77, 0x33, 0x45, 0xc9, 0x97, 0x46,
0x08, 0x56, 0x97, 0x2a, 0xcb, 0x43, 0xfc, 0x81,
0xab, 0x63, 0x21, 0xb1, 0xc3, 0x3c, 0x2b, 0xb5,
0x09, 0x8b, 0xd4, 0x89, 0xd6, 0x96, 0xa0, 0xf7,
0x06, 0x79, 0xc1, 0x21, 0x38, 0x73, 0xd0, 0x8b,
0xda, 0xd4, 0x28, 0x44, 0x92, 0x72, 0x16, 0x04,
0x72, 0x05, 0x63, 0x32, 0x12, 0x31, 0x0e, 0xe9,
0xa0, 0x6c, 0xb1, 0x00, 0x16, 0xc8, 0x05, 0x50,
0x3c, 0x34, 0x1a, 0x36, 0xd8, 0x7e, 0x56, 0x07,
0x2e, 0xab, 0xe2, 0x37, 0x31, 0xe3, 0x4a, 0xf7,
0xe2, 0x32, 0x8f, 0x85, 0xcd, 0xb3, 0x70, 0xcc,
0xaf, 0x00, 0x51, 0x5b, 0x64, 0xc9, 0xc5, 0x4b,
0xc8, 0x37, 0x57, 0x84, 0x47, 0xaa, 0xcf, 0xae,
0xd5, 0x96, 0x9a, 0xa3, 0x51, 0xe7, 0xda, 0x4e,
0xfa, 0x7b, 0x11, 0x5c, 0x4c, 0x51, 0xf4, 0xa6,
0x99, 0x77, 0x98, 0x50, 0x29, 0x5c, 0xa7, 0x2d,
0x78, 0x1a, 0xd4, 0x1b, 0xc6, 0x80, 0x53, 0x2b,
0x89, 0xe7, 0x10, 0xe2, 0x18, 0x9e, 0xb3, 0xc5,
0x08, 0x17, 0xba, 0x25, 0x5c, 0x74, 0x74, 0xc9,
0x5c, 0xa9, 0x11, 0x0c, 0xc4, 0x3b, 0x8b, 0xa8,
0xe6, 0x82, 0xc7, 0xfb, 0x7b, 0x0f, 0xdc, 0x26,
0x5c, 0x04, 0x83, 0xa6, 0x5c, 0xa4, 0x51, 0x4e,
0xe4, 0xb8, 0x32, 0xaa, 0xc5, 0x80, 0x0c, 0x3b,
0x08, 0xe7, 0x4f, 0x56, 0x39, 0x51, 0xc1, 0xfb,
0xb2, 0x10, 0x35, 0x3e, 0xfa, 0x1a, 0xa8, 0x66,
0x85, 0x6b, 0xc1, 0xe0, 0x34, 0x73, 0x3b, 0x04,
0x85, 0xda, 0xb1, 0xd0, 0x20, 0xc6, 0xbf, 0x76,
0x5f, 0xf6, 0x0b, 0x3b, 0x80, 0x19, 0x84, 0xa9,
0x0c, 0x2f, 0xe9, 0x70, 0xbf, 0x1d, 0xe9, 0x70,
0x04, 0xa6, 0xcf, 0x44, 0xb4, 0x98, 0x4a, 0xb5,
0x82, 0x58, 0xb4, 0xaf, 0x71, 0x22, 0x1c, 0xd1,
0x75, 0x30, 0xa7, 0x00, 0xc3, 0x29, 0x59, 0xc9,
0x43, 0x63, 0x44, 0xb5, 0x31, 0x6f, 0x09, 0xcc,
0xca, 0x70, 0x29, 0xa2, 0x30, 0xd6, 0x39, 0xdc,
0xb0, 0x22, 0xd8, 0xba, 0x79, 0xba, 0x91, 0xcd,
0x6a, 0xb1, 0x2a, 0xe1, 0x57, 0x9c, 0x50, 0xc7,
0xbb, 0x10, 0xe3, 0x03, 0x01, 0xa6, 0x5c, 0xae,
0x31, 0x01, 0xd4, 0x0c, 0x7b, 0xa9, 0x27, 0xbb,
0x55, 0x31, 0x48, 0xd1, 0x64, 0x70, 0x24, 0xd4,
0xa0, 0x6c, 0x81, 0x66, 0xd0, 0xb0, 0xb8, 0x12,
0x69, 0xb7, 0xd5, 0xf4, 0xb3, 0x4f, 0xb0, 0x22,
0xf6, 0x91, 0x52, 0xf5, 0x14, 0x00, 0x4a, 0x7c,
0x68, 0x53, 0x68, 0x55, 0x23, 0x43, 0xbb, 0x60,
0x36, 0x0f, 0xbb, 0x99, 0x45, 0xed, 0xf4, 0x46,
0xd3, 0x45, 0xbd, 0xca, 0xa7, 0x45, 0x5c, 0x74,
0xba, 0x0a, 0x55, 0x1e, 0x18, 0x46, 0x20, 0xfe,
0xf9, 0x76, 0x88, 0x77, 0x3d, 0x50, 0xb6, 0x43,
0x3c, 0xa7, 0xa7, 0xac, 0x5c, 0xb6, 0xb7, 0xf6,
0x71, 0xa1, 0x53, 0x76, 0xe5, 0xa6, 0x74, 0x7a,
0x62, 0x3f, 0xa7, 0xbc, 0x66, 0x30, 0x37, 0x3f,
0x5b, 0x1b, 0x51, 0x26, 0x90, 0xa6, 0x61, 0x37,
0x78, 0x70, 0xa6, 0x0a, 0x7a, 0x18, 0x96, 0x83,
0xf9, 0xb0, 0xcf, 0x04, 0x66, 0xe1, 0xf7, 0x50,
0x76, 0x26, 0x31, 0xc4, 0xab, 0x09, 0xf5, 0x05,
0xc4, 0x2d, 0xd2, 0x86, 0x33, 0x56, 0x94, 0x72,
0x73, 0x54, 0x42, 0x85, 0x1e, 0x32, 0x16, 0x16,
0xd4, 0x00, 0x98, 0x10, 0x77, 0x7b, 0x6b, 0xd4,
0x6f, 0xa7, 0x22, 0x44, 0x61, 0xa5, 0xcc, 0x27,
0x40, 0x5d, 0xfb, 0xac, 0x0d, 0x39, 0xb0, 0x02,
0xca, 0xb3, 0x34, 0x33, 0xf2, 0xa8, 0x6e, 0xb8,
0xce, 0x91, 0xc1, 0x34, 0xa6, 0x38, 0x6f, 0x86,
0x0a, 0x19, 0x94, 0xeb, 0x4b, 0x68, 0x75, 0xa4,
0x6d, 0x19, 0x55, 0x81, 0xd1, 0x73, 0x85, 0x4b,
0x53, 0xd2, 0x29, 0x3d, 0xf3, 0xe9, 0xa8, 0x22,
0x75, 0x6c, 0xd8, 0xf2, 0x12, 0xb3, 0x25, 0xca,
0x29, 0xb4, 0xf9, 0xf8, 0xcf, 0xba, 0xdf, 0x2e,
0x41, 0x86, 0x9a, 0xbf, 0xba, 0xd1, 0x07, 0x38,
0xad, 0x04, 0xcc, 0x75, 0x2b, 0xc2, 0x0c, 0x39,
0x47, 0x46, 0x85, 0x0e, 0x0c, 0x48, 0x47, 0xdb
};
#endif
#ifdef WOLFSSL_MLKEM_KYBER
WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_sk[] = {
0x07, 0x63, 0x8F, 0xB6, 0x98, 0x68, 0xF3, 0xD3,
0x20, 0xE5, 0x86, 0x2B, 0xD9, 0x69, 0x33, 0xFE,
0xB3, 0x11, 0xB3, 0x62, 0x09, 0x3C, 0x9B, 0x5D,
0x50, 0x17, 0x0B, 0xCE, 0xD4, 0x3F, 0x1B, 0x53,
0x6D, 0x9A, 0x20, 0x4B, 0xB1, 0xF2, 0x26, 0x95,
0x95, 0x0B, 0xA1, 0xF2, 0xA9, 0xE8, 0xEB, 0x82,
0x8B, 0x28, 0x44, 0x88, 0x76, 0x0B, 0x3F, 0xC8,
0x4F, 0xAB, 0xA0, 0x42, 0x75, 0xD5, 0x62, 0x8E,
0x39, 0xC5, 0xB2, 0x47, 0x13, 0x74, 0x28, 0x3C,
0x50, 0x32, 0x99, 0xC0, 0xAB, 0x49, 0xB6, 0x6B,
0x8B, 0xBB, 0x56, 0xA4, 0x18, 0x66, 0x24, 0xF9,
0x19, 0xA2, 0xBA, 0x59, 0xBB, 0x08, 0xD8, 0x55,
0x18, 0x80, 0xC2, 0xBE, 0xFC, 0x4F, 0x87, 0xF2,
0x5F, 0x59, 0xAB, 0x58, 0x7A, 0x79, 0xC3, 0x27,
0xD7, 0x92, 0xD5, 0x4C, 0x97, 0x4A, 0x69, 0x26,
0x2F, 0xF8, 0xA7, 0x89, 0x38, 0x28, 0x9E, 0x9A,
0x87, 0xB6, 0x88, 0xB0, 0x83, 0xE0, 0x59, 0x5F,
0xE2, 0x18, 0xB6, 0xBB, 0x15, 0x05, 0x94, 0x1C,
0xE2, 0xE8, 0x1A, 0x5A, 0x64, 0xC5, 0xAA, 0xC6,
0x04, 0x17, 0x25, 0x69, 0x85, 0x34, 0x9E, 0xE4,
0x7A, 0x52, 0x42, 0x0A, 0x5F, 0x97, 0x47, 0x7B,
0x72, 0x36, 0xAC, 0x76, 0xBC, 0x70, 0xE8, 0x28,
0x87, 0x29, 0x28, 0x7E, 0xE3, 0xE3, 0x4A, 0x3D,
0xBC, 0x36, 0x83, 0xC0, 0xB7, 0xB1, 0x00, 0x29,
0xFC, 0x20, 0x34, 0x18, 0x53, 0x7E, 0x74, 0x66,
0xBA, 0x63, 0x85, 0xA8, 0xFF, 0x30, 0x1E, 0xE1,
0x27, 0x08, 0xF8, 0x2A, 0xAA, 0x1E, 0x38, 0x0F,
0xC7, 0xA8, 0x8F, 0x8F, 0x20, 0x5A, 0xB7, 0xE8,
0x8D, 0x7E, 0x95, 0x95, 0x2A, 0x55, 0xBA, 0x20,
0xD0, 0x9B, 0x79, 0xA4, 0x71, 0x41, 0xD6, 0x2B,
0xF6, 0xEB, 0x7D, 0xD3, 0x07, 0xB0, 0x8E, 0xCA,
0x13, 0xA5, 0xBC, 0x5F, 0x6B, 0x68, 0x58, 0x1C,
0x68, 0x65, 0xB2, 0x7B, 0xBC, 0xDD, 0xAB, 0x14,
0x2F, 0x4B, 0x2C, 0xBF, 0xF4, 0x88, 0xC8, 0xA2,
0x27, 0x05, 0xFA, 0xA9, 0x8A, 0x2B, 0x9E, 0xEA,
0x35, 0x30, 0xC7, 0x66, 0x62, 0x33, 0x5C, 0xC7,
0xEA, 0x3A, 0x00, 0x77, 0x77, 0x25, 0xEB, 0xCC,
0xCD, 0x2A, 0x46, 0x36, 0xB2, 0xD9, 0x12, 0x2F,
0xF3, 0xAB, 0x77, 0x12, 0x3C, 0xE0, 0x88, 0x3C,
0x19, 0x11, 0x11, 0x5E, 0x50, 0xC9, 0xE8, 0xA9,
0x41, 0x94, 0xE4, 0x8D, 0xD0, 0xD0, 0x9C, 0xFF,
0xB3, 0xAD, 0xCD, 0x2C, 0x1E, 0x92, 0x43, 0x09,
0x03, 0xD0, 0x7A, 0xDB, 0xF0, 0x05, 0x32, 0x03,
0x15, 0x75, 0xAA, 0x7F, 0x9E, 0x7B, 0x5A, 0x1F,
0x33, 0x62, 0xDE, 0xC9, 0x36, 0xD4, 0x04, 0x3C,
0x05, 0xF2, 0x47, 0x6C, 0x07, 0x57, 0x8B, 0xC9,
0xCB, 0xAF, 0x2A, 0xB4, 0xE3, 0x82, 0x72, 0x7A,
0xD4, 0x16, 0x86, 0xA9, 0x6B, 0x25, 0x48, 0x82,
0x0B, 0xB0, 0x3B, 0x32, 0xF1, 0x1B, 0x28, 0x11,
0xAD, 0x62, 0xF4, 0x89, 0xE9, 0x51, 0x63, 0x2A,
0xBA, 0x0D, 0x1D, 0xF8, 0x96, 0x80, 0xCC, 0x8A,
0x8B, 0x53, 0xB4, 0x81, 0xD9, 0x2A, 0x68, 0xD7,
0x0B, 0x4E, 0xA1, 0xC3, 0xA6, 0xA5, 0x61, 0xC0,
0x69, 0x28, 0x82, 0xB5, 0xCA, 0x8C, 0xC9, 0x42,
0xA8, 0xD4, 0x95, 0xAF, 0xCB, 0x06, 0xDE, 0x89,
0x49, 0x8F, 0xB9, 0x35, 0xB7, 0x75, 0x90, 0x8F,
0xE7, 0xA0, 0x3E, 0x32, 0x4D, 0x54, 0xCC, 0x19,
0xD4, 0xE1, 0xAA, 0xBD, 0x35, 0x93, 0xB3, 0x8B,
0x19, 0xEE, 0x13, 0x88, 0xFE, 0x49, 0x2B, 0x43,
0x12, 0x7E, 0x5A, 0x50, 0x42, 0x53, 0x78, 0x6A,
0x0D, 0x69, 0xAD, 0x32, 0x60, 0x1C, 0x28, 0xE2,
0xC8, 0x85, 0x04, 0xA5, 0xBA, 0x59, 0x97, 0x06,
0x02, 0x3A, 0x61, 0x36, 0x3E, 0x17, 0xC6, 0xB9,
0xBB, 0x59, 0xBD, 0xC6, 0x97, 0x45, 0x2C, 0xD0,
0x59, 0x45, 0x19, 0x83, 0xD7, 0x38, 0xCA, 0x3F,
0xD0, 0x34, 0xE3, 0xF5, 0x98, 0x88, 0x54, 0xCA,
0x05, 0x03, 0x1D, 0xB0, 0x96, 0x11, 0x49, 0x89,
0x88, 0x19, 0x7C, 0x6B, 0x30, 0xD2, 0x58, 0xDF,
0xE2, 0x62, 0x65, 0x54, 0x1C, 0x89, 0xA4, 0xB3,
0x1D, 0x68, 0x64, 0xE9, 0x38, 0x9B, 0x03, 0xCB,
0x74, 0xF7, 0xEC, 0x43, 0x23, 0xFB, 0x94, 0x21,
0xA4, 0xB9, 0x79, 0x0A, 0x26, 0xD1, 0x7B, 0x03,
0x98, 0xA2, 0x67, 0x67, 0x35, 0x09, 0x09, 0xF8,
0x4D, 0x57, 0xB6, 0x69, 0x4D, 0xF8, 0x30, 0x66,
0x4C, 0xA8, 0xB3, 0xC3, 0xC0, 0x3E, 0xD2, 0xAE,
0x67, 0xB8, 0x90, 0x06, 0x86, 0x8A, 0x68, 0x52,
0x7C, 0xCD, 0x66, 0x64, 0x59, 0xAB, 0x7F, 0x05,
0x66, 0x71, 0x00, 0x0C, 0x61, 0x64, 0xD3, 0xA7,
0xF2, 0x66, 0xA1, 0x4D, 0x97, 0xCB, 0xD7, 0x00,
0x4D, 0x6C, 0x92, 0xCA, 0xCA, 0x77, 0x0B, 0x84,
0x4A, 0x4F, 0xA9, 0xB1, 0x82, 0xE7, 0xB1, 0x8C,
0xA8, 0x85, 0x08, 0x2A, 0xC5, 0x64, 0x6F, 0xCB,
0x4A, 0x14, 0xE1, 0x68, 0x5F, 0xEB, 0x0C, 0x9C,
0xE3, 0x37, 0x2A, 0xB9, 0x53, 0x65, 0xC0, 0x4F,
0xD8, 0x30, 0x84, 0xF8, 0x0A, 0x23, 0xFF, 0x10,
0xA0, 0x5B, 0xF1, 0x5F, 0x7F, 0xA5, 0xAC, 0xC6,
0xC0, 0xCB, 0x46, 0x2C, 0x33, 0xCA, 0x52, 0x4F,
0xA6, 0xB8, 0xBB, 0x35, 0x90, 0x43, 0xBA, 0x68,
0x60, 0x9E, 0xAA, 0x25, 0x36, 0xE8, 0x1D, 0x08,
0x46, 0x3B, 0x19, 0x65, 0x3B, 0x54, 0x35, 0xBA,
0x94, 0x6C, 0x9A, 0xDD, 0xEB, 0x20, 0x2B, 0x04,
0xB0, 0x31, 0xCC, 0x96, 0x0D, 0xCC, 0x12, 0xE4,
0x51, 0x8D, 0x42, 0x8B, 0x32, 0xB2, 0x57, 0xA4,
0xFC, 0x73, 0x13, 0xD3, 0xA7, 0x98, 0x0D, 0x80,
0x08, 0x2E, 0x93, 0x4F, 0x9D, 0x95, 0xC3, 0x2B,
0x0A, 0x01, 0x91, 0xA2, 0x36, 0x04, 0x38, 0x4D,
0xD9, 0xE0, 0x79, 0xBB, 0xBA, 0xA2, 0x66, 0xD1,
0x4C, 0x3F, 0x75, 0x6B, 0x9F, 0x21, 0x33, 0x10,
0x74, 0x33, 0xA4, 0xE8, 0x3F, 0xA7, 0x18, 0x72,
0x82, 0xA8, 0x09, 0x20, 0x3A, 0x4F, 0xAF, 0x84,
0x18, 0x51, 0x83, 0x3D, 0x12, 0x1A, 0xC3, 0x83,
0x84, 0x3A, 0x5E, 0x55, 0xBC, 0x23, 0x81, 0x42,
0x5E, 0x16, 0xC7, 0xDB, 0x4C, 0xC9, 0xAB, 0x5C,
0x1B, 0x0D, 0x91, 0xA4, 0x7E, 0x2B, 0x8D, 0xE0,
0xE5, 0x82, 0xC8, 0x6B, 0x6B, 0x0D, 0x90, 0x7B,
0xB3, 0x60, 0xB9, 0x7F, 0x40, 0xAB, 0x5D, 0x03,
0x8F, 0x6B, 0x75, 0xC8, 0x14, 0xB2, 0x7D, 0x9B,
0x96, 0x8D, 0x41, 0x98, 0x32, 0xBC, 0x8C, 0x2B,
0xEE, 0x60, 0x5E, 0xF6, 0xE5, 0x05, 0x9D, 0x33,
0x10, 0x0D, 0x90, 0x48, 0x5D, 0x37, 0x84, 0x50,
0x01, 0x42, 0x21, 0x73, 0x6C, 0x07, 0x40, 0x7C,
0xAC, 0x26, 0x04, 0x08, 0xAA, 0x64, 0x92, 0x66,
0x19, 0x78, 0x8B, 0x86, 0x01, 0xC2, 0xA7, 0x52,
0xD1, 0xA6, 0xCB, 0xF8, 0x20, 0xD7, 0xC7, 0xA0,
0x47, 0x16, 0x20, 0x32, 0x25, 0xB3, 0x89, 0x5B,
0x93, 0x42, 0xD1, 0x47, 0xA8, 0x18, 0x5C, 0xFC,
0x1B, 0xB6, 0x5B, 0xA0, 0x6B, 0x41, 0x42, 0x33,
0x99, 0x03, 0xC0, 0xAC, 0x46, 0x51, 0x38, 0x5B,
0x45, 0xD9, 0x8A, 0x8B, 0x19, 0xD2, 0x8C, 0xD6,
0xBA, 0xB0, 0x88, 0x78, 0x7F, 0x7E, 0xE1, 0xB1,
0x24, 0x61, 0x76, 0x6B, 0x43, 0xCB, 0xCC, 0xB9,
0x64, 0x34, 0x42, 0x7D, 0x93, 0xC0, 0x65, 0x55,
0x06, 0x88, 0xF6, 0x94, 0x8E, 0xD1, 0xB5, 0x47,
0x5A, 0x42, 0x5F, 0x1B, 0x85, 0x20, 0x9D, 0x06,
0x1C, 0x08, 0xB5, 0x6C, 0x1C, 0xC0, 0x69, 0xF6,
0xC0, 0xA7, 0xC6, 0xF2, 0x93, 0x58, 0xCA, 0xB9,
0x11, 0x08, 0x77, 0x32, 0xA6, 0x49, 0xD2, 0x7C,
0x9B, 0x98, 0xF9, 0xA4, 0x88, 0x79, 0x38, 0x7D,
0x9B, 0x00, 0xC2, 0x59, 0x59, 0xA7, 0x16, 0x54,
0xD6, 0xF6, 0xA9, 0x46, 0x16, 0x45, 0x13, 0xE4,
0x7A, 0x75, 0xD0, 0x05, 0x98, 0x6C, 0x23, 0x63,
0xC0, 0x9F, 0x6B, 0x53, 0x7E, 0xCA, 0x78, 0xB9,
0x30, 0x3A, 0x5F, 0xA4, 0x57, 0x60, 0x8A, 0x58,
0x6A, 0x65, 0x3A, 0x34, 0x7D, 0xB0, 0x4D, 0xFC,
0xC1, 0x91, 0x75, 0xB3, 0xA3, 0x01, 0x17, 0x25,
0x36, 0x06, 0x2A, 0x65, 0x8A, 0x95, 0x27, 0x75,
0x70, 0xC8, 0x85, 0x2C, 0xA8, 0x97, 0x3F, 0x4A,
0xE1, 0x23, 0xA3, 0x34, 0x04, 0x7D, 0xD7, 0x11,
0xC8, 0x92, 0x7A, 0x63, 0x4A, 0x03, 0x38, 0x8A,
0x52, 0x7B, 0x03, 0x4B, 0xF7, 0xA8, 0x17, 0x0F,
0xA7, 0x02, 0xC1, 0xF7, 0xC2, 0x3E, 0xC3, 0x2D,
0x18, 0xA2, 0x37, 0x48, 0x90, 0xBE, 0x9C, 0x78,
0x7A, 0x94, 0x09, 0xC8, 0x2D, 0x19, 0x2C, 0x4B,
0xB7, 0x05, 0xA2, 0xF9, 0x96, 0xCE, 0x40, 0x5D,
0x85, 0xA4, 0xC1, 0xA1, 0xAB, 0x9B, 0x6A, 0xEB,
0x49, 0xCC, 0xE1, 0xC2, 0xF8, 0xA9, 0x7C, 0x35,
0x16, 0xC7, 0x2A, 0x00, 0xA4, 0x62, 0x63, 0xBA,
0xA6, 0x96, 0xBF, 0x25, 0x72, 0x77, 0x19, 0xC3,
0x21, 0x64, 0x23, 0x61, 0x8F, 0xF3, 0x33, 0x80,
0x93, 0x4A, 0x6C, 0x10, 0x54, 0x5C, 0x4C, 0x5C,
0x51, 0x55, 0xB1, 0x24, 0x86, 0x18, 0x1F, 0xC7,
0xA2, 0x31, 0x98, 0x73, 0x97, 0x8B, 0x6A, 0x2A,
0x67, 0x49, 0x0F, 0x82, 0x56, 0xBD, 0x21, 0x96,
0xFE, 0x17, 0x92, 0xA4, 0xC0, 0x00, 0x77, 0xB8,
0x12, 0xEA, 0xE8, 0xBE, 0xD3, 0x57, 0x24, 0x99,
0x68, 0x4A, 0xB3, 0x37, 0x18, 0x76, 0x76, 0x1E,
0x45, 0x0C, 0x9F, 0x9D, 0x27, 0x68, 0xA3, 0x68,
0x06, 0xD7, 0xAB, 0x20, 0x46, 0xC9, 0x1F, 0x17,
0x59, 0x9E, 0x9A, 0xC5, 0x92, 0x99, 0x08, 0x08,
0xDC, 0xD7, 0xB4, 0xD0, 0x91, 0x90, 0x72, 0xF1,
0x4E, 0xC3, 0x61, 0x77, 0x3B, 0x72, 0x52, 0x44,
0x4C, 0x32, 0x3C, 0x30, 0x83, 0x26, 0xF4, 0xA3,
0x0F, 0x86, 0x80, 0xD2, 0xF7, 0x48, 0xF5, 0x6A,
0x13, 0x2B, 0x82, 0x67, 0x4E, 0xD0, 0x18, 0x46,
0x20, 0xB8, 0x2A, 0xD2, 0xCB, 0x18, 0x2C, 0x97,
0xB4, 0x81, 0x62, 0x66, 0x47, 0x49, 0x12, 0x90,
0xA0, 0x11, 0xCC, 0x73, 0x82, 0x86, 0x85, 0xA8,
0xC3, 0x67, 0xA5, 0xB9, 0xCF, 0x8D, 0x62, 0x1B,
0x0D, 0x5C, 0x1E, 0xFF, 0x03, 0x17, 0x27, 0x58,
0xBD, 0x00, 0x49, 0x78, 0xC2, 0x51, 0xCD, 0x51,
0x34, 0x22, 0x28, 0x98, 0x9C, 0xAE, 0x63, 0x32,
0xAC, 0x48, 0x64, 0x37, 0xCB, 0x5C, 0x57, 0xD4,
0x30, 0x74, 0x62, 0x86, 0x52, 0x53, 0xBE, 0x21,
0x7B, 0x35, 0x15, 0xC7, 0x3D, 0xF4, 0x05, 0xB7,
0xF2, 0x82, 0x17, 0xAD, 0x0B, 0x8C, 0xF6, 0x0C,
0x2F, 0xFF, 0xAA, 0x0A, 0x00, 0x48, 0xB1, 0xFB,
0x4A, 0xCD, 0xCD, 0xC3, 0x8B, 0x52, 0x50, 0xCF,
0xEC, 0x35, 0x6A, 0x6D, 0xE2, 0x6C, 0xFA, 0x7A,
0x58, 0x8F, 0xDC, 0x86, 0xF9, 0x8C, 0x85, 0x4A,
0xC6, 0x4C, 0x7B, 0xFA, 0xA9, 0x6F, 0x5A, 0x32,
0xCC, 0x06, 0x10, 0x93, 0x4B, 0xAA, 0x6A, 0x58,
0x6B, 0x9A, 0x20, 0x54, 0xF1, 0x3B, 0xA2, 0x74,
0x17, 0x4A, 0xA0, 0xD2, 0xB3, 0xA8, 0x1B, 0x96,
0xA9, 0x40, 0x66, 0x6F, 0x78, 0x9B, 0x5A, 0x6B,
0xCD, 0xC0, 0xA6, 0xA0, 0x17, 0x8A, 0x0C, 0x9A,
0x02, 0x57, 0x8A, 0x49, 0x3F, 0x6E, 0xEA, 0x0D,
0x2E, 0x6C, 0x13, 0x95, 0x1C, 0x9F, 0x24, 0x9A,
0x5E, 0x8D, 0xD7, 0x1D, 0xD4, 0x9A, 0x74, 0x2D,
0x45, 0x1F, 0x1A, 0xBB, 0xA1, 0x9A, 0xF8, 0xC5,
0x47, 0x85, 0x5E, 0x0A, 0xFC, 0x72, 0x8E, 0x90,
0xAB, 0xB4, 0x99, 0xC9, 0xBE, 0xEB, 0x76, 0x6F,
0x47, 0x29, 0xCD, 0xA2, 0x22, 0x63, 0xE3, 0x24,
0xD2, 0x23, 0x02, 0xCB, 0xD3, 0x39, 0x9F, 0xAC,
0xC6, 0x30, 0x99, 0x1F, 0xC8, 0xF2, 0x8B, 0xDB,
0x43, 0x54, 0x76, 0x25, 0x41, 0x52, 0x76, 0x78,
0xBC, 0xF6, 0x1F, 0x65, 0xC2, 0x41, 0x14, 0x6C,
0x42, 0x6D, 0x23, 0xB9, 0xBF, 0xAA, 0x6B, 0x7D,
0xF1, 0x8C, 0x97, 0xF2, 0x0C, 0x1B, 0x61, 0x25,
0xBF, 0x87, 0x4B, 0x1D, 0x89, 0x47, 0x58, 0x52,
0xC4, 0x48, 0x21, 0x5D, 0xB0, 0xEB, 0x77, 0x37,
0xF9, 0x14, 0x80, 0xE8, 0xCE, 0xBD, 0x9A, 0x08,
0x71, 0x57, 0x4F, 0x5A, 0xB6, 0x2D, 0x90, 0x20,
0x17, 0x5E, 0xC6, 0x92, 0x7C, 0xA0, 0xB5, 0x4C,
0x09, 0x81, 0x8E, 0x42, 0xCF, 0x92, 0xA3, 0x83,
0x17, 0x24, 0x22, 0xC7, 0xDC, 0x18, 0x31, 0xD6,
0x3B, 0x0C, 0x29, 0x5D, 0xE7, 0x51, 0x59, 0xDB,
0x80, 0x34, 0xE9, 0xE0, 0x7F, 0x7B, 0x0B, 0x91,
0x0C, 0x3C, 0x1E, 0x5F, 0xB6, 0x6B, 0x3D, 0xC5,
0x23, 0xF1, 0xFA, 0x6E, 0xB4, 0x91, 0x0C, 0xB8,
0x9A, 0x6C, 0x17, 0x56, 0x2C, 0x83, 0xAB, 0x4C,
0x18, 0xD0, 0xCD, 0x7E, 0x07, 0x96, 0x59, 0x2A,
0x37, 0x2A, 0xA4, 0x09, 0xB1, 0xC5, 0x57, 0x34,
0x7C, 0xCA, 0xCD, 0xC4, 0x64, 0x4A, 0x11, 0x90,
0x64, 0xD0, 0x6D, 0xD4, 0x74, 0x92, 0x9D, 0x1C,
0x6F, 0xB4, 0xD6, 0x86, 0xE5, 0x49, 0x1C, 0xE4,
0xBC, 0x89, 0xA3, 0x0B, 0xB4, 0xB8, 0xC4, 0x1B,
0xCE, 0x51, 0x57, 0xDF, 0xC1, 0x36, 0x08, 0x23,
0xB1, 0xAB, 0x61, 0x8C, 0x14, 0xB1, 0x0F, 0x98,
0xC2, 0x50, 0x67, 0x39, 0x8E, 0xA7, 0x01, 0x8C,
0x27, 0x8A, 0x4B, 0x3D, 0xF3, 0x13, 0x34, 0xD6,
0x03, 0xB2, 0x04, 0x4E, 0xF1, 0x87, 0xCD, 0x9B,
0xC6, 0xCE, 0x42, 0x72, 0x5B, 0xD9, 0x62, 0xC2,
0x64, 0x98, 0x3E, 0x9E, 0x18, 0x15, 0x5A, 0x8B,
0x9C, 0x47, 0x14, 0x3D, 0x70, 0x46, 0x0A, 0x26,
0xA5, 0x6F, 0xE7, 0x65, 0x8C, 0x1F, 0x15, 0x03,
0x48, 0xC6, 0x08, 0x7E, 0xF7, 0x58, 0xAD, 0x16,
0x78, 0x87, 0x86, 0x0A, 0x00, 0x7A, 0x5F, 0xC3,
0x73, 0x58, 0xD4, 0x3B, 0x5E, 0xBE, 0xE8, 0x20,
0xAC, 0xEA, 0x47, 0x4F, 0x0A, 0xC0, 0x7B, 0x76,
0x80, 0x28, 0x66, 0x19, 0x9C, 0x61, 0x23, 0x1D,
0x5C, 0x74, 0x7C, 0x93, 0x77, 0x4D, 0x2C, 0x1E,
0x0C, 0x1C, 0x67, 0xE6, 0xC8, 0x1B, 0x82, 0x75,
0x21, 0x73, 0xE1, 0x25, 0xBA, 0xF3, 0x9B, 0x4F,
0xD1, 0x9A, 0x4F, 0x45, 0x3D, 0xC5, 0x79, 0x76,
0xB1, 0xD9, 0x7F, 0xE6, 0x99, 0x69, 0x92, 0xBB,
0xB6, 0x5B, 0x7C, 0xB2, 0x5D, 0x07, 0x7B, 0xBA,
0xA6, 0xA1, 0x33, 0x22, 0x89, 0x9A, 0xF6, 0x59,
0xCF, 0x1B, 0x35, 0x58, 0xC1, 0xB5, 0x00, 0x11,
0x54, 0xB6, 0x25, 0x80, 0x9E, 0xD8, 0x9A, 0xEE,
0xBB, 0x89, 0xE6, 0xEA, 0x7D, 0x67, 0xF7, 0x23,
0xD0, 0x45, 0xAB, 0x05, 0x71, 0x5C, 0x42, 0x35,
0x5D, 0xA6, 0xA5, 0xC8, 0xDD, 0x39, 0xC8, 0xAB,
0xE3, 0x03, 0x77, 0x51, 0xA0, 0x1E, 0xD1, 0xC7,
0x37, 0x49, 0x19, 0xF3, 0x12, 0x1B, 0x5A, 0x52,
0xC5, 0x3D, 0x14, 0x87, 0x31, 0x67, 0x69, 0xF8,
0x07, 0x21, 0xDE, 0xEA, 0xAA, 0xD3, 0xC9, 0x0F,
0x76, 0xE7, 0xAE, 0x9E, 0x12, 0xBA, 0x92, 0xB3,
0x2B, 0x5F, 0xD4, 0x57, 0xE3, 0xC7, 0x52, 0xC2,
0x65, 0x0D, 0xFB, 0x88, 0x57, 0x71, 0xCB, 0x77,
0xAC, 0x3C, 0x78, 0x5A, 0x8C, 0x56, 0x2E, 0x6A,
0x1C, 0x63, 0xC2, 0xA5, 0x5E, 0xA4, 0x7C, 0xF8,
0xB9, 0x0E, 0xB8, 0x22, 0x5C, 0x12, 0x3C, 0x34,
0x64, 0x52, 0x56, 0x62, 0x35, 0xB2, 0xF3, 0x18,
0x23, 0xA3, 0x35, 0x21, 0xE0, 0x87, 0x93, 0x7A,
0x34, 0x5D, 0x8D, 0x66, 0x3E, 0xEA, 0xA0, 0x56,
0x58, 0x91, 0x7B, 0xBA, 0xA0, 0x08, 0xC2, 0xE3,
0x35, 0xF8, 0x85, 0x0A, 0x90, 0xA3, 0x26, 0xD0,
0xE6, 0x64, 0x32, 0xF4, 0x4C, 0xEB, 0x82, 0x89,
0xE4, 0xEC, 0xB2, 0xD1, 0x29, 0x58, 0xE9, 0x84,
0x07, 0x2E, 0xCA, 0xCB, 0x88, 0xE1, 0x34, 0x8F,
0xF0, 0xB5, 0x56, 0x54, 0xAC, 0xBA, 0x5B, 0x54,
0x97, 0x1C, 0xBA, 0xEB, 0xA8, 0x8E, 0xC4, 0xB9,
0x1A, 0x94, 0xC3, 0x71, 0x92, 0xFA, 0x98, 0x2B,
0xEC, 0xB9, 0xF3, 0xDA, 0x42, 0x16, 0x03, 0xB6,
0x1A, 0x51, 0xBC, 0x8E, 0x36, 0xCB, 0xD0, 0x53,
0x85, 0x1C, 0x77, 0xB1, 0xB9, 0x26, 0xB1, 0x7A,
0x27, 0x2A, 0xA9, 0x02, 0x32, 0x46, 0xB0, 0x2B,
0x3E, 0xD4, 0x7F, 0x66, 0xA0, 0x0B, 0xD5, 0x68,
0x48, 0x23, 0x63, 0x4E, 0x7C, 0xE5, 0x8C, 0xF8,
0xF3, 0x06, 0xE3, 0x5B, 0x1E, 0x53, 0x22, 0x82,
0x4D, 0x90, 0x48, 0x01, 0xF0, 0xA2, 0xFA, 0x7C,
0x2B, 0xC9, 0xC2, 0x52, 0xB0, 0xA5, 0x6B, 0x7B,
0xA2, 0xAB, 0x0F, 0x63, 0x60, 0x21, 0x74, 0x5A,
0x70, 0xA9, 0xA4, 0x3E, 0x2B, 0x0A, 0x8D, 0x61,
0x59, 0x70, 0xB6, 0x53, 0x09, 0x62, 0x4B, 0x51,
0x84, 0xBC, 0xC3, 0x0B, 0x91, 0x16, 0x79, 0xAE,
0xDD, 0x76, 0x02, 0x5F, 0xE3, 0x90, 0x8F, 0xD6,
0x78, 0x97, 0xB0, 0xCF, 0x4B, 0xE5, 0xA6, 0xF5,
0x41, 0x3D, 0x7D, 0xD9, 0x85, 0x64, 0xB2, 0x3E,
0x42, 0xA9, 0x3E, 0x4A, 0xA8, 0x82, 0x1C, 0xD4,
0x50, 0x54, 0xC6, 0x43, 0xED, 0xC1, 0x15, 0x8D,
0xB6, 0xB3, 0xDE, 0xB1, 0x3F, 0xB5, 0xA5, 0x1E,
0xBD, 0x1A, 0x8A, 0x78, 0xB8, 0x72, 0x25, 0xA7,
0x33, 0x8E, 0x10, 0x11, 0x04, 0xC4, 0xA2, 0x20,
0xD9, 0xBD, 0xED, 0xD4, 0x8C, 0x85, 0xA1, 0xC2,
0xDA, 0xE7, 0x81, 0xA8, 0x0C, 0x40, 0xE1, 0x3B,
0x87, 0xEA, 0xC7, 0x3A, 0x76, 0x42, 0x01, 0xC9,
0xB7, 0x60, 0xCC, 0xFB, 0x1A, 0xE3, 0x92, 0x69,
0x9C, 0x70, 0x39, 0xD2, 0x7C, 0x39, 0x36, 0x2B,
0x27, 0xB8, 0xFC, 0x6F, 0x07, 0xA8, 0xA3, 0xD4,
0x41, 0x0F, 0x15, 0x47, 0xC4, 0x8A, 0x99, 0x97,
0xF6, 0x2C, 0x61, 0x07, 0x44, 0x52, 0xEF, 0x15,
0x15, 0xF8, 0xA6, 0x49, 0xEB, 0xCA, 0x94, 0x37,
0x20, 0x5A, 0x4E, 0x8A, 0x61, 0x60, 0x6B, 0x41,
0xDA, 0xF6, 0x83, 0x4D, 0x67, 0x1F, 0x4D, 0x85,
0x2C, 0x0C, 0x9C, 0x40, 0x96, 0x61, 0x16, 0x48,
0xC6, 0xA3, 0x17, 0x06, 0x78, 0xB1, 0x53, 0x7C,
0xC1, 0x82, 0x8D, 0x93, 0x58, 0x0C, 0x9E, 0x58,
0x49, 0xA9, 0x65, 0x31, 0x75, 0xAC, 0xB7, 0x53,
0xF2, 0xBE, 0x74, 0x37, 0xBE, 0x45, 0xF6, 0xC6,
0x03, 0xE4, 0x85, 0xF2, 0xEC, 0x30, 0x1B, 0xB4,
0x2B, 0x6C, 0x37, 0xC2, 0x25, 0xD7, 0x49, 0x5A,
0x58, 0x4A, 0xE2, 0x31, 0x89, 0x0A, 0xB5, 0xC8,
0xC3, 0x5C, 0x26, 0x8C, 0xF4, 0xBB, 0xB0, 0x21,
0x3C, 0x09, 0x60, 0x19, 0x31, 0x95, 0x61, 0xA8,
0xA6, 0x94, 0x76, 0x37, 0xAA, 0x40, 0xD0, 0x06,
0xB4, 0x15, 0xBB, 0x2C, 0xFA, 0x22, 0x37, 0xE0,
0x89, 0x0B, 0x6A, 0x3B, 0xC1, 0x34, 0xAB, 0xF8,
0xF6, 0x58, 0x5E, 0x10, 0x8D, 0x15, 0x94, 0x0F,
0x91, 0xF4, 0xBF, 0x5B, 0x0C, 0x81, 0x80, 0x55,
0xB2, 0x1D, 0xEA, 0x6E, 0x63, 0xB5, 0x53, 0x98,
0x8C, 0x47, 0xF4, 0xB9, 0x4E, 0x7C, 0xF8, 0x00,
0xA4, 0x93, 0xB4, 0x73, 0x47, 0x05, 0xED, 0xC5,
0x6A, 0x4B, 0x60, 0x21, 0xC6, 0x29, 0x50, 0x06,
0x75, 0x87, 0x68, 0x04, 0xCF, 0x0B, 0x95, 0x1F,
0x03, 0x8A, 0x5C, 0x7F, 0xE5, 0x8E, 0x89, 0x77,
0x4E, 0xF2, 0x99, 0x2F, 0xD7, 0xC6, 0x30, 0x99,
0xD3, 0x52, 0xA7, 0xD2, 0x15, 0x60, 0xB7, 0x88,
0xB4, 0x05, 0x70, 0x98, 0x61, 0x81, 0x7E, 0x59,
0xA9, 0x6B, 0x3A, 0x3A, 0x83, 0xCB, 0xA8, 0x03,
0xB1, 0x69, 0x34, 0x33, 0x10, 0x71, 0x90, 0x5B,
0xBE, 0xC6, 0x53, 0x29, 0x00, 0x15, 0x5D, 0x8A,
0xC8, 0x8C, 0xB3, 0x2E, 0x4E, 0x21, 0xA3, 0xBD,
0x3A, 0x03, 0xFD, 0xEC, 0x32, 0x5A, 0x51, 0xCD,
0x27, 0x73, 0x96, 0x4E, 0x67, 0x84, 0xFC, 0xF1,
0x85, 0x37, 0x37, 0xAA, 0x64, 0xEB, 0x67, 0x56,
0x47, 0x27, 0x27, 0x26, 0x61, 0xAB, 0xF8, 0x43,
0x13, 0xA5, 0x7A, 0x44, 0xB1, 0x23, 0xC6, 0x55,
0x09, 0xCF, 0xB7, 0xA6, 0xF6, 0x64, 0x1C, 0xDC,
0xC3, 0xB5, 0x7F, 0xE6, 0x28, 0xC7, 0xB8, 0x19,
0x2D, 0xB4, 0x4F, 0xFB, 0xF5, 0x79, 0x6A, 0x86,
0x13, 0xB1, 0xFA, 0x12, 0x6F, 0x60, 0x76, 0x88,
0x3C, 0x78, 0x3D, 0xC2, 0x4E, 0x2A, 0x44, 0x64,
0xC4, 0x0B, 0x3A, 0x41, 0xCA, 0x70, 0xAE, 0x87,
0x62, 0x08, 0x66, 0xCF, 0x4F, 0xCB, 0x2B, 0xD2,
0x04, 0xBF, 0x5C, 0x28, 0x38, 0x12, 0xBA, 0x05,
0x6A, 0xC0, 0xC3, 0x45, 0xE3, 0x79, 0xC4, 0xBA,
0x24, 0xD7, 0x50, 0x90, 0x12, 0x79, 0xBB, 0x2F,
0x3A, 0x16, 0xF6, 0x12, 0xBF, 0xAD, 0xB3, 0x57,
0x03, 0x33, 0x2C, 0x7C, 0x13, 0x6F, 0x68, 0xEA,
0xB6, 0x75, 0x5C, 0x66, 0xB6, 0xA4, 0xAD, 0x1A,
0xAB, 0xA7, 0xB7, 0x68, 0xA5, 0x8A, 0xCA, 0xAC,
0xC1, 0x0A, 0x45, 0x9A, 0x1C, 0xC8, 0xEF, 0x29,
0x37, 0x7B, 0xC2, 0x00, 0xE4, 0xD3, 0x15, 0xA3,
0x0A, 0x6B, 0xCC, 0x32, 0x56, 0xF9, 0x73, 0x4D,
0x06, 0xE9, 0x77, 0x9C, 0xAA, 0x54, 0x42, 0xA9,
0xA1, 0x60, 0x69, 0x08, 0x13, 0x77, 0xC7, 0x6E,
0x75, 0x15, 0x43, 0x68, 0x07, 0x2D, 0xC4, 0x46,
0xED, 0x6C, 0x8B, 0x8E, 0x62, 0x2A, 0x21, 0xE3,
0x83, 0xCF, 0x9B, 0xA1, 0xFB, 0x43, 0x4E, 0x2E,
0xCC, 0x81, 0xE7, 0xB7, 0x8C, 0xEE, 0x98, 0x6B,
0x8F, 0xF7, 0x98, 0xAB, 0x18, 0xCF, 0x96, 0x34,
0x54, 0x35, 0x46, 0x28, 0x4E, 0xDA, 0x2A, 0x26,
0xB4, 0x7F, 0x05, 0xB7, 0x35, 0xBC, 0xDB, 0x12,
0x02, 0x22, 0x00, 0x76, 0xDC, 0x8B, 0x4E, 0x4B,
0x9F, 0x85, 0x35, 0x33, 0xC8, 0xF6, 0xC7, 0xFF,
0x38, 0x81, 0x7B, 0xA4, 0x97, 0x12, 0x83, 0x57,
0x85, 0xF1, 0x7F, 0x14, 0xCA, 0x01, 0xD0, 0xC1,
0xC1, 0xE9, 0x88, 0x10, 0xFE, 0x0B, 0x36, 0xE5,
0xB4, 0x27, 0x15, 0x7B, 0x94, 0x18, 0x44, 0x9C,
0xED, 0xD6, 0x41, 0xA4, 0x29, 0x3C, 0x85, 0xC3,
0x27, 0x00, 0x10, 0x2A, 0xCE, 0xC2, 0x2E, 0xBA,
0xD9, 0x8E, 0xD1, 0x60, 0xA5, 0xF0, 0x27, 0xBD,
0x4C, 0xDA, 0x57, 0xF1, 0xF3, 0x72, 0x0A, 0x12,
0xC1, 0x34, 0x65, 0x4D, 0xD5, 0xE7, 0x3F, 0x82,
0x96, 0x76, 0x49, 0x53, 0x90, 0xD0, 0xE7, 0x92,
0x9D, 0x60, 0x34, 0xE9, 0xC5, 0x5F, 0x7D, 0x55,
0xBA, 0x65, 0x8B, 0xC5, 0x87, 0x98, 0x8E, 0x8A,
0xF9, 0x49, 0x60, 0xF6, 0xCF, 0xB8, 0xD5, 0xAF,
0x7A, 0x00, 0x21, 0x53, 0x5A, 0x6E, 0x25, 0xE4,
0x37, 0xD4, 0x9A, 0x78, 0x06, 0x98, 0xBE, 0x22,
0xAC, 0x99, 0x53, 0x94, 0x9F, 0x57, 0x1B, 0x85,
0xA6, 0x85, 0x72, 0x5F, 0x82, 0x07, 0xA2, 0xB0,
0xAE, 0x84, 0x9B, 0x60, 0x1A, 0xB9, 0x1B, 0x15,
0x9B, 0x3D, 0xF4, 0xA1, 0x54, 0xC2, 0x04, 0x1E,
0x77, 0x60, 0x70, 0xAF, 0xC4, 0x29, 0x69, 0x32,
0x23, 0x80, 0x91, 0x7C, 0x97, 0x51, 0x07, 0x99,
0xF3, 0x14, 0x91, 0x31, 0x47, 0x7E, 0x16, 0x66,
0x3D, 0x31, 0x74, 0xC7, 0xC1, 0xCA, 0xEA, 0x78,
0x85, 0x35, 0xC6, 0xC0, 0x05, 0xA6, 0x4F, 0x28,
0x68, 0x63, 0x1B, 0x31, 0xB6, 0x6E, 0x20, 0x5F,
0xD3, 0x8C, 0x1D, 0x84, 0x54, 0x2D, 0x0F, 0x1B,
0x57, 0x8F, 0x58, 0xC9, 0xBF, 0x5A, 0x0F, 0xAE,
0xAB, 0x6A, 0xB6, 0x49, 0x48, 0x93, 0x05, 0x31,
0x65, 0xEA, 0xFD, 0x46, 0x5F, 0xC6, 0x4A, 0x0C,
0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15,
0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22,
0x8A, 0x39, 0xE8, 0x7D, 0x53, 0x1F, 0x35, 0x27,
0xC2, 0x07, 0xED, 0xCC, 0x1D, 0xB7, 0xFA, 0xDD,
0xCF, 0x96, 0x28, 0x39, 0x18, 0x79, 0xB3, 0x35,
0xC7, 0x07, 0x83, 0x9A, 0x0D, 0xB0, 0x51, 0xA8,
0x86, 0x26, 0xED, 0x79, 0xD4, 0x51, 0x14, 0x08,
0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21,
0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
};
#endif
#ifndef WOLFSSL_NO_ML_KEM
WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_1024_sk[] = {
0x43, 0x3a, 0x70, 0xee, 0x69, 0x50, 0xf9, 0x88,
0x2a, 0xcd, 0xd5, 0xa4, 0x78, 0x20, 0xa6, 0xa8,
0x16, 0x37, 0x08, 0xf0, 0x4d, 0x45, 0x7c, 0x77,
0x99, 0x79, 0xb8, 0x3f, 0xe1, 0x17, 0x22, 0x47,
0x01, 0x49, 0x08, 0x30, 0x38, 0x66, 0x37, 0xda,
0x33, 0x2e, 0x74, 0xb1, 0xae, 0xda, 0x0b, 0x2f,
0x81, 0xca, 0x4f, 0x9b, 0xb2, 0xc2, 0xb0, 0x2b,
0x0c, 0xfd, 0x68, 0x0c, 0x11, 0x48, 0x2f, 0x33,
0x5a, 0xcf, 0x7b, 0x91, 0x39, 0xb5, 0xb8, 0x8a,
0x34, 0xe3, 0x54, 0x2c, 0x68, 0x61, 0x37, 0x75,
0x45, 0x98, 0x33, 0x43, 0xcd, 0x82, 0x94, 0x14,
0xe4, 0x78, 0x64, 0x21, 0x2e, 0x78, 0xf8, 0x55,
0xf5, 0x23, 0x90, 0x37, 0x9a, 0xcc, 0x3a, 0x62,
0x95, 0x31, 0x31, 0xb6, 0x3e, 0xe8, 0x32, 0xad,
0xb3, 0xbf, 0x4b, 0xf5, 0x8e, 0x24, 0x73, 0x49,
0xb5, 0xe0, 0x97, 0xe5, 0x5a, 0xbe, 0x49, 0x7b,
0x15, 0x98, 0x23, 0x73, 0xae, 0x73, 0x2e, 0x04,
0x39, 0xac, 0x67, 0xd0, 0x5c, 0x7f, 0x03, 0x7c,
0x8a, 0x73, 0x9b, 0x18, 0x14, 0x0e, 0x14, 0x4c,
0x85, 0x1d, 0xc9, 0x61, 0x1f, 0x4b, 0xcf, 0x04,
0xf3, 0xa2, 0x09, 0x3c, 0x19, 0x7b, 0xd6, 0x3b,
0xb5, 0xe6, 0x19, 0x01, 0x00, 0x54, 0x5f, 0xf8,
0x1d, 0xb7, 0xfc, 0xcd, 0xdd, 0x9a, 0x32, 0x4b,
0x0b, 0xac, 0x3c, 0x2c, 0x23, 0x82, 0x28, 0x40,
0x58, 0xf0, 0x8b, 0x96, 0x19, 0x52, 0xc0, 0x94,
0x01, 0x9c, 0x10, 0xbe, 0x37, 0xa5, 0x3d, 0x5a,
0xc7, 0x94, 0xc0, 0x10, 0xa9, 0xd0, 0x82, 0x1f,
0x15, 0x02, 0x7a, 0x1c, 0x41, 0x9c, 0x3c, 0x71,
0xc9, 0xa1, 0xd2, 0x8a, 0xed, 0x02, 0x59, 0x7a,
0xb7, 0x9b, 0x87, 0x53, 0x94, 0x62, 0x6b, 0xa3,
0x9a, 0xdc, 0x09, 0x0c, 0x3a, 0x90, 0xcf, 0x75,
0x87, 0x1a, 0x65, 0x27, 0x5e, 0xb1, 0xc5, 0xb0,
0x33, 0x72, 0xe1, 0x3a, 0x1a, 0x23, 0xd0, 0xcf,
0x93, 0x74, 0x11, 0x1f, 0x80, 0xcc, 0x83, 0xa9,
0x05, 0x62, 0x2b, 0x83, 0xfc, 0x51, 0x39, 0x71,
0xec, 0x84, 0x19, 0xf0, 0x88, 0x0c, 0x30, 0x67,
0x63, 0x36, 0x71, 0xb0, 0x9b, 0x54, 0x56, 0xab,
0x60, 0x57, 0x93, 0x6d, 0x19, 0xa4, 0xa2, 0xa2,
0x67, 0x91, 0x1b, 0x00, 0x0a, 0x13, 0x95, 0x6f,
0xbd, 0x49, 0x38, 0x21, 0xda, 0x07, 0x2c, 0x04,
0x64, 0x2b, 0x0c, 0x20, 0xda, 0x6c, 0xc0, 0xd9,
0xd8, 0x64, 0xa3, 0x93, 0x65, 0xdf, 0xd6, 0x4f,
0x10, 0x18, 0x78, 0x25, 0xfa, 0x33, 0x25, 0x07,
0x49, 0xcb, 0xc0, 0xc9, 0x05, 0xd7, 0xb1, 0xff,
0x3c, 0xae, 0x24, 0x12, 0xbf, 0x86, 0xb8, 0x1a,
0x81, 0x7b, 0x86, 0xba, 0xa3, 0x0e, 0xdf, 0x78,
0x62, 0xe5, 0xf6, 0xba, 0xc9, 0x87, 0x26, 0xe5,
0x6b, 0x3c, 0xec, 0x60, 0x66, 0x4c, 0xaa, 0x2a,
0x7d, 0xf6, 0x70, 0xc5, 0xe2, 0x07, 0xdf, 0xac,
0x03, 0x82, 0x4c, 0x89, 0x89, 0x7c, 0xb4, 0x90,
0xea, 0xa7, 0x65, 0x21, 0x22, 0x2c, 0x86, 0x20,
0x51, 0x69, 0xc9, 0x1c, 0x32, 0x9c, 0x4a, 0x18,
0x4d, 0x78, 0x72, 0x1a, 0xf8, 0x36, 0xad, 0x4d,
0xb0, 0xca, 0x78, 0x46, 0x4d, 0x41, 0x71, 0x47,
0x30, 0x12, 0xb7, 0xd1, 0x83, 0xba, 0xfa, 0x62,
0x75, 0x85, 0xc6, 0x4b, 0xe3, 0x80, 0x9d, 0x7e,
0x60, 0x04, 0xcb, 0xdc, 0x79, 0xa5, 0x46, 0x0f,
0x0a, 0xd6, 0x77, 0xcb, 0x71, 0x65, 0x12, 0x40,
0x7d, 0x3a, 0x61, 0x9a, 0xd0, 0x95, 0x43, 0xb7,
0x39, 0x54, 0x74, 0x72, 0xa7, 0x06, 0xb3, 0x17,
0xa5, 0x09, 0xbe, 0x5d, 0x86, 0x1f, 0xd6, 0x6c,
0x7d, 0x0e, 0xd9, 0x4c, 0xd5, 0x00, 0x47, 0x95,
0xc1, 0x81, 0x59, 0xe3, 0xa3, 0x3d, 0x79, 0x87,
0x11, 0x52, 0x5f, 0x16, 0x35, 0xa6, 0x84, 0x28,
0x17, 0x29, 0x23, 0x24, 0x96, 0x35, 0xaa, 0xd0,
0x32, 0xb9, 0xe5, 0x66, 0x64, 0xbd, 0xd4, 0x8e,
0xd2, 0x4a, 0xc7, 0x5c, 0x64, 0x68, 0xd1, 0x90,
0x3e, 0x47, 0x10, 0x86, 0xc5, 0xf1, 0x56, 0x7e,
0x83, 0x1a, 0x05, 0x08, 0xc5, 0x39, 0x63, 0x25,
0x91, 0xab, 0x57, 0x7d, 0x32, 0x4a, 0x82, 0x42,
0x97, 0x25, 0x80, 0x99, 0x50, 0x76, 0x1d, 0x84,
0x34, 0x28, 0x8c, 0x14, 0x03, 0x4f, 0x1c, 0x06,
0xc1, 0xd0, 0xaa, 0xe0, 0x9a, 0x71, 0xc7, 0x40,
0xa5, 0x57, 0x01, 0xc2, 0x8f, 0xf8, 0x44, 0x99,
0xf2, 0xbb, 0x18, 0xb6, 0x62, 0x8c, 0xaa, 0xa3,
0xfe, 0x75, 0xac, 0x4d, 0xe0, 0x4c, 0x6f, 0x91,
0x39, 0x00, 0xd8, 0x6c, 0x88, 0x12, 0x62, 0x52,
0xa1, 0x7c, 0x4d, 0x30, 0x39, 0x91, 0xdb, 0x02,
0x87, 0x12, 0x08, 0x81, 0xbb, 0x88, 0x47, 0x8a,
0xaa, 0x9a, 0xf9, 0xbc, 0x53, 0xd3, 0x72, 0x98,
0x43, 0x85, 0x8f, 0xdb, 0x46, 0x48, 0x05, 0x9c,
0xac, 0x82, 0xc1, 0xa1, 0x08, 0x78, 0xba, 0x39,
0x82, 0x3b, 0x04, 0x1b, 0xd0, 0xe2, 0x58, 0x48,
0x7b, 0x56, 0xcc, 0x8a, 0x32, 0x20, 0xc1, 0xa5,
0x8b, 0xf6, 0x6a, 0x17, 0x2b, 0x5b, 0x9a, 0x0c,
0x63, 0x2d, 0x67, 0x4e, 0xae, 0x88, 0x5a, 0x01,
0x5c, 0x4e, 0x37, 0xba, 0x07, 0x36, 0x80, 0xbe,
0xde, 0x75, 0x34, 0xf3, 0xe3, 0x4b, 0x60, 0x50,
0xc8, 0x6b, 0x21, 0xc3, 0xc0, 0x90, 0x94, 0x1f,
0x23, 0xb7, 0xf6, 0x73, 0x1e, 0x2b, 0xda, 0x0e,
0x6e, 0xa4, 0x64, 0x67, 0x71, 0xce, 0xc5, 0x72,
0xb9, 0x8c, 0xa0, 0xa1, 0x58, 0x91, 0x9a, 0xdb,
0xeb, 0x84, 0xce, 0x58, 0x5f, 0xf9, 0xf2, 0x5e,
0xbd, 0xda, 0x6c, 0xb6, 0xf0, 0x7a, 0x8f, 0x81,
0x12, 0x32, 0x60, 0x7e, 0x72, 0x17, 0xbb, 0x03,
0x9b, 0xab, 0xd0, 0xd9, 0x19, 0x34, 0xa8, 0x59,
0x40, 0x59, 0xc9, 0x68, 0x77, 0x23, 0xc0, 0x43,
0x81, 0xbf, 0xd6, 0x27, 0xa1, 0x05, 0x17, 0xf5,
0xf4, 0xbf, 0xc7, 0x77, 0x77, 0xaa, 0x26, 0x71,
0xae, 0x12, 0x4f, 0x2b, 0x7a, 0x5f, 0x4d, 0x56,
0x14, 0x02, 0x91, 0x97, 0xe6, 0x58, 0x6f, 0xa8,
0xc1, 0x7e, 0x0a, 0xd9, 0x07, 0x81, 0xbc, 0x7b,
0xb1, 0x9a, 0x77, 0x2d, 0x5a, 0x4e, 0xfe, 0x32,
0xca, 0xc8, 0x9b, 0x76, 0xc4, 0x2a, 0x5e, 0xde,
0x9b, 0xcc, 0x20, 0xc1, 0x89, 0x8c, 0x08, 0xa5,
0xb0, 0xc0, 0x7e, 0x47, 0x8b, 0x1b, 0xbc, 0x22,
0x6e, 0xfa, 0xd1, 0x5f, 0x2a, 0xc7, 0x37, 0x51,
0x4b, 0x8c, 0x61, 0x49, 0x81, 0x07, 0x79, 0x22,
0x24, 0x16, 0x53, 0x7e, 0xd0, 0x0d, 0xae, 0xab,
0x17, 0x7e, 0x90, 0x3e, 0xad, 0x6b, 0x4a, 0xc4,
0x23, 0x70, 0xaf, 0x1b, 0x1f, 0x50, 0xeb, 0xaf,
0xaa, 0x1c, 0x6e, 0x64, 0x7b, 0xba, 0xcc, 0xe7,
0x2c, 0x7d, 0x0b, 0x88, 0xae, 0xb0, 0xb0, 0x6f,
0xc1, 0xa4, 0x54, 0x57, 0xa9, 0xc1, 0x87, 0x57,
0x9b, 0xf1, 0x84, 0x57, 0x9c, 0xc3, 0x51, 0xc4,
0x3d, 0xff, 0x94, 0x26, 0x05, 0xaa, 0x56, 0x04,
0xfc, 0x85, 0xfc, 0x55, 0x83, 0xf6, 0xf1, 0x49,
0x6f, 0xe6, 0x1d, 0x70, 0xd6, 0xcd, 0xe2, 0x32,
0x7f, 0xee, 0x71, 0x3d, 0x86, 0xf2, 0x9b, 0x3a,
0xfc, 0xbb, 0x54, 0xe9, 0xa9, 0x2a, 0x33, 0xa6,
0xc1, 0xea, 0x6f, 0xfa, 0x30, 0x95, 0x66, 0xb0,
0x68, 0x62, 0x33, 0xc0, 0xf3, 0xb1, 0xc3, 0x14,
0x48, 0x90, 0xe4, 0xf0, 0x82, 0x9a, 0x60, 0x99,
0xc5, 0x74, 0x9c, 0xde, 0xc8, 0x43, 0x28, 0xec,
0x2c, 0xb6, 0x4a, 0x73, 0x85, 0xa7, 0x61, 0xd6,
0x4b, 0x3a, 0x23, 0xc4, 0x89, 0x34, 0x33, 0x43,
0xb9, 0x77, 0x23, 0xae, 0x78, 0xc7, 0xd8, 0x05,
0x45, 0x8e, 0x16, 0x20, 0xf0, 0x29, 0x28, 0x97,
0x69, 0x17, 0x04, 0xcb, 0x76, 0xe3, 0xb0, 0xb2,
0x81, 0xa8, 0x3c, 0xf6, 0x44, 0x90, 0x49, 0x8c,
0xbc, 0xaf, 0x04, 0x80, 0x24, 0x16, 0xb3, 0x3c,
0x56, 0x51, 0x71, 0xd7, 0x72, 0xd3, 0xb9, 0x35,
0x40, 0x37, 0x58, 0x76, 0x29, 0xae, 0x14, 0xa5,
0xc5, 0x03, 0x1a, 0xc3, 0x66, 0x71, 0xa0, 0xd0,
0xc9, 0x1c, 0xc0, 0xb4, 0xcd, 0x69, 0xd8, 0x40,
0x2e, 0x33, 0xb9, 0xbc, 0xc2, 0xbb, 0xaf, 0x6b,
0x97, 0x1e, 0x30, 0x3f, 0xa1, 0x37, 0xbe, 0x23,
0x25, 0x98, 0xa4, 0x99, 0x9b, 0xc0, 0x12, 0x57,
0x4c, 0x81, 0x65, 0x1b, 0x38, 0xb3, 0x83, 0x96,
0xc1, 0xc3, 0x65, 0x30, 0x3a, 0xd2, 0x5d, 0x49,
0xfc, 0x6b, 0x68, 0x99, 0x51, 0xa1, 0xcc, 0x4c,
0x60, 0x07, 0x61, 0x30, 0x65, 0x49, 0x5f, 0x97,
0x91, 0x0f, 0x97, 0x35, 0xd4, 0xea, 0x4e, 0x44,
0x2a, 0xcb, 0x2f, 0xab, 0xae, 0xcf, 0xe1, 0xad,
0xef, 0x06, 0x67, 0xba, 0x42, 0x2c, 0x95, 0x4a,
0x05, 0xd1, 0xb6, 0x16, 0x7a, 0x26, 0x3e, 0x12,
0x75, 0xc6, 0xad, 0xa8, 0x38, 0x59, 0x65, 0x30,
0x4b, 0x30, 0x32, 0x40, 0x40, 0x54, 0x2c, 0xf5,
0xa4, 0x51, 0xbc, 0xaf, 0xc7, 0x47, 0x88, 0xbe,
0x3b, 0x9b, 0x9f, 0xcc, 0x45, 0xd4, 0x79, 0x0e,
0x2d, 0x73, 0x35, 0xc6, 0x0a, 0x14, 0xf0, 0xa4,
0x9d, 0x13, 0x05, 0x3f, 0x26, 0x26, 0xa6, 0x27,
0xca, 0x19, 0x55, 0x3c, 0xb3, 0x36, 0xa2, 0xcb,
0x4a, 0x45, 0x5d, 0x8e, 0xf3, 0x98, 0x94, 0x91,
0x47, 0x2b, 0xa0, 0x05, 0x1e, 0xf7, 0x41, 0x6e,
0x0b, 0xbf, 0x1a, 0x61, 0x08, 0xfa, 0x07, 0xc1,
0x61, 0x54, 0x8e, 0x7c, 0x62, 0x33, 0x1a, 0xe5,
0xa2, 0xb4, 0xe4, 0xa1, 0x08, 0xa5, 0x10, 0x93,
0xd3, 0x15, 0x08, 0x21, 0xa2, 0xfb, 0x54, 0x71,
0x70, 0xa1, 0xb7, 0x3c, 0x43, 0xc5, 0x50, 0xc6,
0x55, 0x7a, 0x40, 0x48, 0xa5, 0x8a, 0x2c, 0xd7,
0x7a, 0x24, 0x42, 0x34, 0xb2, 0x23, 0x51, 0x75,
0xa0, 0x89, 0x7d, 0x50, 0x61, 0xb4, 0x61, 0x34,
0x82, 0xdc, 0x13, 0x64, 0x14, 0x04, 0x8c, 0x11,
0xdb, 0x37, 0xea, 0xe0, 0xa5, 0xdf, 0x87, 0xc1,
0x93, 0x14, 0xb0, 0xe8, 0x23, 0x97, 0xa0, 0xd3,
0x38, 0xdc, 0x21, 0x53, 0x8a, 0xf3, 0x61, 0x49,
0xd9, 0x3f, 0x8b, 0x1a, 0x11, 0xc5, 0x3b, 0xb5,
0xde, 0xf8, 0xb7, 0xa2, 0xcc, 0xa3, 0x36, 0x2b,
0x7f, 0xe3, 0xa1, 0x40, 0x8a, 0x25, 0x47, 0xe2,
0x09, 0x05, 0x8c, 0x67, 0x3a, 0x75, 0x66, 0xc2,
0x61, 0x23, 0xa6, 0xd8, 0xb6, 0x92, 0xa5, 0xf3,
0x3e, 0xbd, 0xcb, 0x26, 0x24, 0xb7, 0x9d, 0x87,
0x7b, 0xce, 0x5f, 0xa1, 0x4e, 0x42, 0xe8, 0x3f,
0xaa, 0xd8, 0x2e, 0x99, 0x00, 0x55, 0x3a, 0x3c,
0x60, 0x45, 0xca, 0x32, 0x9f, 0xea, 0x4a, 0x50,
0x65, 0x58, 0xc4, 0x91, 0xb6, 0xa6, 0x16, 0xc6,
0xfd, 0x40, 0x0b, 0x42, 0x13, 0x6f, 0x44, 0xcb,
0x0d, 0x02, 0x57, 0x65, 0x08, 0x19, 0x01, 0x8d,
0x3c, 0x56, 0x8e, 0xf6, 0xc6, 0x0c, 0x6c, 0x40,
0x9e, 0x70, 0xa8, 0x29, 0x28, 0x71, 0x08, 0xc1,
0xb6, 0xa4, 0xd3, 0x2f, 0x76, 0xe5, 0xcc, 0x4d,
0x10, 0x4b, 0x02, 0x43, 0x8e, 0xf7, 0xa4, 0x67,
0x91, 0x23, 0x98, 0xea, 0x9c, 0x7c, 0xbd, 0x99,
0x81, 0x58, 0x9a, 0x34, 0x18, 0x97, 0x68, 0x7b,
0x51, 0x6a, 0x13, 0x30, 0x7d, 0x66, 0xc0, 0x68,
0xc4, 0x44, 0xb4, 0xb9, 0x49, 0xa1, 0x74, 0x12,
0x41, 0x33, 0x15, 0xcc, 0xf4, 0x9b, 0x99, 0x98,
0x00, 0x34, 0xb5, 0xb8, 0xcf, 0xde, 0xc4, 0xa6,
0x0b, 0x9c, 0x1e, 0x74, 0x55, 0xaa, 0xfb, 0xf3,
0xa7, 0x57, 0x34, 0x69, 0x90, 0xcc, 0x32, 0xb0,
0x59, 0x9b, 0xa2, 0x17, 0xa6, 0xc5, 0xfc, 0x39,
0x53, 0x79, 0x11, 0x95, 0x7c, 0x12, 0x51, 0x48,
0xa8, 0x7f, 0x41, 0x58, 0x9c, 0xb2, 0x22, 0xd0,
0xd1, 0x92, 0x29, 0xe2, 0xcb, 0x55, 0xe1, 0xa0,
0x44, 0x79, 0x1e, 0x7c, 0xa6, 0x11, 0x92, 0xa4,
0x64, 0x60, 0xc3, 0x18, 0x3d, 0x2b, 0xcd, 0x6d,
0xe0, 0x8a, 0x5e, 0x76, 0x51, 0x60, 0x3a, 0xcc,
0x34, 0x9c, 0xa1, 0x6c, 0xba, 0x18, 0xab, 0xb2,
0x3a, 0x3e, 0x8c, 0x33, 0x0d, 0x74, 0x21, 0x59,
0x8a, 0x62, 0x78, 0xec, 0x7e, 0xbf, 0xab, 0xca,
0x0e, 0xf4, 0x88, 0xb2, 0x29, 0x05, 0x54, 0x75,
0x34, 0x99, 0xc0, 0x45, 0x2e, 0x45, 0x38, 0x15,
0x30, 0x99, 0x55, 0xb8, 0x15, 0x0f, 0xa1, 0xa1,
0xe3, 0x93, 0x38, 0x6d, 0xc1, 0x2f, 0xdb, 0x27,
0xb3, 0x8c, 0x67, 0x45, 0xf2, 0x94, 0x40, 0x16,
0xec, 0x45, 0x7f, 0x39, 0xb1, 0x8d, 0x60, 0x4a,
0x07, 0xa1, 0xab, 0xe0, 0x7b, 0xc8, 0x44, 0x05,
0x0f, 0xfa, 0x8a, 0x06, 0xfa, 0x15, 0x4a, 0x49,
0xd8, 0x8f, 0xac, 0x77, 0x54, 0x52, 0xd6, 0xa7,
0xc0, 0xe5, 0x89, 0xbf, 0xb5, 0xc3, 0x70, 0xc2,
0xc4, 0xb6, 0x20, 0x1d, 0xda, 0x80, 0xc9, 0xab,
0x20, 0x76, 0xec, 0xc0, 0x8b, 0x44, 0x52, 0x2f,
0xda, 0x33, 0x26, 0xf0, 0x33, 0x80, 0x6d, 0xd2,
0x69, 0x3f, 0x31, 0x97, 0x39, 0xf4, 0x0c, 0x4f,
0x42, 0xb2, 0x4a, 0xca, 0x70, 0x98, 0xfb, 0x8f,
0xf5, 0xf9, 0xac, 0x20, 0x29, 0x2d, 0x02, 0xb5,
0x6a, 0xc7, 0x46, 0x80, 0x1a, 0xcc, 0xcc, 0x84,
0x86, 0x3d, 0xee, 0x32, 0x87, 0x84, 0x97, 0xb6,
0x94, 0x38, 0xbf, 0x99, 0x17, 0x76, 0x28, 0x66,
0x50, 0x48, 0x2c, 0x8d, 0x9d, 0x95, 0x87, 0xbc,
0x6a, 0x55, 0xb8, 0x5c, 0x4d, 0x7f, 0xa7, 0x4d,
0x02, 0x65, 0x6b, 0x42, 0x1c, 0x9e, 0x23, 0xe0,
0x3a, 0x48, 0xd4, 0xb7, 0x44, 0x25, 0xc2, 0x6e,
0x4a, 0x20, 0xdd, 0x95, 0x62, 0xa4, 0xda, 0x07,
0x93, 0xf3, 0xa3, 0x52, 0xcc, 0xc0, 0xf1, 0x82,
0x17, 0xd8, 0x68, 0xc7, 0xf5, 0x00, 0x2a, 0xbe,
0x76, 0x8b, 0x1f, 0xc7, 0x3f, 0x05, 0x74, 0x4e,
0x7c, 0xc2, 0x8f, 0x10, 0x34, 0x40, 0x62, 0xc1,
0x0e, 0x08, 0xec, 0xcc, 0xed, 0x3c, 0x1f, 0x7d,
0x39, 0x2c, 0x01, 0xd9, 0x79, 0xdd, 0x71, 0x8d,
0x83, 0x98, 0x37, 0x46, 0x65, 0xa1, 0x6a, 0x98,
0x70, 0x58, 0x5c, 0x39, 0xd5, 0x58, 0x9a, 0x50,
0xe1, 0x33, 0x38, 0x9c, 0x9b, 0x9a, 0x27, 0x6c,
0x02, 0x42, 0x60, 0xd9, 0xfc, 0x77, 0x11, 0xc8,
0x1b, 0x63, 0x37, 0xb5, 0x7d, 0xa3, 0xc3, 0x76,
0xd0, 0xcd, 0x74, 0xe1, 0x4c, 0x73, 0x72, 0x7b,
0x27, 0x66, 0x56, 0xb9, 0xd8, 0xa4, 0xeb, 0x71,
0x89, 0x6f, 0xf5, 0x89, 0xd4, 0xb8, 0x93, 0xe7,
0x11, 0x0f, 0x3b, 0xb9, 0x48, 0xec, 0xe2, 0x91,
0xdd, 0x86, 0xc0, 0xb7, 0x46, 0x8a, 0x67, 0x8c,
0x74, 0x69, 0x80, 0xc1, 0x2a, 0xa6, 0xb9, 0x5e,
0x2b, 0x0c, 0xbe, 0x43, 0x31, 0xbb, 0x24, 0xa3,
0x3a, 0x27, 0x01, 0x53, 0xaa, 0x47, 0x2c, 0x47,
0x31, 0x23, 0x82, 0xca, 0x36, 0x5c, 0x5f, 0x35,
0x25, 0x9d, 0x02, 0x57, 0x46, 0xfc, 0x65, 0x95,
0xfe, 0x63, 0x6c, 0x76, 0x75, 0x10, 0xa6, 0x9c,
0x1e, 0x8a, 0x17, 0x6b, 0x79, 0x49, 0x95, 0x8f,
0x26, 0x97, 0x39, 0x94, 0x97, 0xa2, 0xfc, 0x73,
0x64, 0xa1, 0x2c, 0x81, 0x98, 0x29, 0x52, 0x39,
0xc8, 0x26, 0xcb, 0x50, 0x82, 0x08, 0x60, 0x77,
0x28, 0x2e, 0xd6, 0x28, 0x65, 0x1f, 0xc0, 0x4c,
0x63, 0x9b, 0x43, 0x85, 0x22, 0xa9, 0xde, 0x30,
0x9b, 0x14, 0xb0, 0x86, 0xd6, 0xe9, 0x23, 0xc5,
0x51, 0x62, 0x3b, 0xd7, 0x2a, 0x73, 0x3c, 0xb0,
0xda, 0xbc, 0x54, 0xa9, 0x41, 0x6a, 0x99, 0xe7,
0x2c, 0x9f, 0xda, 0x1c, 0xb3, 0xfb, 0x9b, 0xa0,
0x6b, 0x8a, 0xdb, 0x24, 0x22, 0xd6, 0x8c, 0xad,
0xc5, 0x53, 0xc9, 0x82, 0x02, 0xa1, 0x76, 0x56,
0x47, 0x8a, 0xc0, 0x44, 0xef, 0x34, 0x56, 0x37,
0x8a, 0xbc, 0xe9, 0x99, 0x1e, 0x01, 0x41, 0xba,
0x79, 0x09, 0x4f, 0xa8, 0xf7, 0x7a, 0x30, 0x08,
0x05, 0xd2, 0xd3, 0x2f, 0xfc, 0x62, 0xbf, 0x0c,
0xa4, 0x55, 0x4c, 0x33, 0x0c, 0x2b, 0xb7, 0x04,
0x2d, 0xb3, 0x51, 0x02, 0xf6, 0x8b, 0x1a, 0x00,
0x62, 0x58, 0x38, 0x65, 0x38, 0x1c, 0x74, 0xdd,
0x91, 0x3a, 0xf7, 0x0b, 0x26, 0xcf, 0x09, 0x23,
0xd0, 0xc4, 0xcb, 0x97, 0x16, 0x92, 0x22, 0x25,
0x52, 0xa8, 0xf4, 0xb7, 0x88, 0xb4, 0xaf, 0xd1,
0x34, 0x1a, 0x9d, 0xf4, 0x15, 0xcf, 0x20, 0x39,
0x00, 0xf5, 0xcc, 0xf7, 0xf6, 0x59, 0x88, 0x94,
0x9a, 0x75, 0x58, 0x0d, 0x04, 0x96, 0x39, 0x85,
0x31, 0x00, 0x85, 0x4b, 0x21, 0xf4, 0x01, 0x80,
0x03, 0x50, 0x2b, 0xb1, 0xba, 0x95, 0xf5, 0x56,
0xa5, 0xd6, 0x7c, 0x7e, 0xb5, 0x24, 0x10, 0xeb,
0xa2, 0x88, 0xa6, 0xd0, 0x63, 0x5c, 0xa8, 0xa4,
0xf6, 0xd6, 0x96, 0xd0, 0xa0, 0x20, 0xc8, 0x26,
0x93, 0x8d, 0x34, 0x94, 0x3c, 0x38, 0x08, 0xc7,
0x9c, 0xc0, 0x07, 0x76, 0x85, 0x33, 0x21, 0x6b,
0xc1, 0xb2, 0x9d, 0xa6, 0xc8, 0x12, 0xef, 0xf3,
0x34, 0x0b, 0xaa, 0x8d, 0x2e, 0x65, 0x34, 0x4f,
0x09, 0xbd, 0x47, 0x89, 0x4f, 0x5a, 0x3a, 0x41,
0x18, 0x71, 0x5b, 0x3c, 0x50, 0x20, 0x67, 0x93,
0x27, 0xf9, 0x18, 0x9f, 0x7e, 0x10, 0x85, 0x6b,
0x23, 0x8b, 0xb9, 0xb0, 0xab, 0x4c, 0xa8, 0x5a,
0xbf, 0x4b, 0x21, 0xf5, 0xc7, 0x6b, 0xcc, 0xd7,
0x18, 0x50, 0xb2, 0x2e, 0x04, 0x59, 0x28, 0x27,
0x6a, 0x0f, 0x2e, 0x95, 0x1d, 0xb0, 0x70, 0x7c,
0x6a, 0x11, 0x6d, 0xc1, 0x91, 0x13, 0xfa, 0x76,
0x2d, 0xc5, 0xf2, 0x0b, 0xd5, 0xd2, 0xab, 0x5b,
0xe7, 0x17, 0x44, 0xdc, 0x9c, 0xbd, 0xb5, 0x1e,
0xa7, 0x57, 0x96, 0x3a, 0xac, 0x56, 0xa9, 0x0a,
0x0d, 0x80, 0x23, 0xbe, 0xd1, 0xf5, 0xca, 0xe8,
0xa6, 0x4d, 0xa0, 0x47, 0x27, 0x9b, 0x35, 0x3a,
0x09, 0x6a, 0x83, 0x5b, 0x0b, 0x2b, 0x02, 0x3b,
0x6a, 0xa0, 0x48, 0x98, 0x92, 0x33, 0x07, 0x9a,
0xeb, 0x46, 0x7e, 0x52, 0x2f, 0xa2, 0x7a, 0x58,
0x22, 0x92, 0x1e, 0x5c, 0x55, 0x1b, 0x4f, 0x53,
0x75, 0x36, 0xe4, 0x6f, 0x3a, 0x6a, 0x97, 0xe7,
0x2c, 0x3b, 0x06, 0x31, 0x04, 0xe0, 0x9a, 0x04,
0x05, 0x98, 0x94, 0x0d, 0x87, 0x2f, 0x6d, 0x87,
0x1f, 0x5e, 0xf9, 0xb4, 0x35, 0x50, 0x73, 0xb5,
0x47, 0x69, 0xe4, 0x54, 0x54, 0xe6, 0xa0, 0x81,
0x95, 0x99, 0x40, 0x86, 0x21, 0xab, 0x44, 0x13,
0xb3, 0x55, 0x07, 0xb0, 0xdf, 0x57, 0x8c, 0xe2,
0xd5, 0x11, 0xd5, 0x20, 0x58, 0xd5, 0x74, 0x9d,
0xf3, 0x8b, 0x29, 0xd6, 0xcc, 0x58, 0x87, 0x0c,
0xaf, 0x92, 0xf6, 0x9a, 0x75, 0x16, 0x14, 0x06,
0xe7, 0x1c, 0x5f, 0xf9, 0x24, 0x51, 0xa7, 0x75,
0x22, 0xb8, 0xb2, 0x96, 0x7a, 0x2d, 0x58, 0xa4,
0x9a, 0x81, 0x66, 0x1a, 0xa6, 0x5a, 0xc0, 0x9b,
0x08, 0xc9, 0xfe, 0x45, 0xab, 0xc3, 0x85, 0x1f,
0x99, 0xc7, 0x30, 0xc4, 0x50, 0x03, 0xac, 0xa2,
0xbf, 0x0f, 0x84, 0x24, 0xa1, 0x9b, 0x74, 0x08,
0xa5, 0x37, 0xd5, 0x41, 0xc1, 0x6f, 0x56, 0x82,
0xbf, 0xe3, 0xa7, 0xfa, 0xea, 0x56, 0x4f, 0x12,
0x98, 0x61, 0x1a, 0x7f, 0x5f, 0x60, 0x92, 0x2b,
0xa1, 0x9d, 0xe7, 0x3b, 0x19, 0x17, 0xf1, 0x85,
0x32, 0x73, 0x55, 0x51, 0x99, 0xa6, 0x49, 0x31,
0x8b, 0x50, 0x77, 0x33, 0x45, 0xc9, 0x97, 0x46,
0x08, 0x56, 0x97, 0x2a, 0xcb, 0x43, 0xfc, 0x81,
0xab, 0x63, 0x21, 0xb1, 0xc3, 0x3c, 0x2b, 0xb5,
0x09, 0x8b, 0xd4, 0x89, 0xd6, 0x96, 0xa0, 0xf7,
0x06, 0x79, 0xc1, 0x21, 0x38, 0x73, 0xd0, 0x8b,
0xda, 0xd4, 0x28, 0x44, 0x92, 0x72, 0x16, 0x04,
0x72, 0x05, 0x63, 0x32, 0x12, 0x31, 0x0e, 0xe9,
0xa0, 0x6c, 0xb1, 0x00, 0x16, 0xc8, 0x05, 0x50,
0x3c, 0x34, 0x1a, 0x36, 0xd8, 0x7e, 0x56, 0x07,
0x2e, 0xab, 0xe2, 0x37, 0x31, 0xe3, 0x4a, 0xf7,
0xe2, 0x32, 0x8f, 0x85, 0xcd, 0xb3, 0x70, 0xcc,
0xaf, 0x00, 0x51, 0x5b, 0x64, 0xc9, 0xc5, 0x4b,
0xc8, 0x37, 0x57, 0x84, 0x47, 0xaa, 0xcf, 0xae,
0xd5, 0x96, 0x9a, 0xa3, 0x51, 0xe7, 0xda, 0x4e,
0xfa, 0x7b, 0x11, 0x5c, 0x4c, 0x51, 0xf4, 0xa6,
0x99, 0x77, 0x98, 0x50, 0x29, 0x5c, 0xa7, 0x2d,
0x78, 0x1a, 0xd4, 0x1b, 0xc6, 0x80, 0x53, 0x2b,
0x89, 0xe7, 0x10, 0xe2, 0x18, 0x9e, 0xb3, 0xc5,
0x08, 0x17, 0xba, 0x25, 0x5c, 0x74, 0x74, 0xc9,
0x5c, 0xa9, 0x11, 0x0c, 0xc4, 0x3b, 0x8b, 0xa8,
0xe6, 0x82, 0xc7, 0xfb, 0x7b, 0x0f, 0xdc, 0x26,
0x5c, 0x04, 0x83, 0xa6, 0x5c, 0xa4, 0x51, 0x4e,
0xe4, 0xb8, 0x32, 0xaa, 0xc5, 0x80, 0x0c, 0x3b,
0x08, 0xe7, 0x4f, 0x56, 0x39, 0x51, 0xc1, 0xfb,
0xb2, 0x10, 0x35, 0x3e, 0xfa, 0x1a, 0xa8, 0x66,
0x85, 0x6b, 0xc1, 0xe0, 0x34, 0x73, 0x3b, 0x04,
0x85, 0xda, 0xb1, 0xd0, 0x20, 0xc6, 0xbf, 0x76,
0x5f, 0xf6, 0x0b, 0x3b, 0x80, 0x19, 0x84, 0xa9,
0x0c, 0x2f, 0xe9, 0x70, 0xbf, 0x1d, 0xe9, 0x70,
0x04, 0xa6, 0xcf, 0x44, 0xb4, 0x98, 0x4a, 0xb5,
0x82, 0x58, 0xb4, 0xaf, 0x71, 0x22, 0x1c, 0xd1,
0x75, 0x30, 0xa7, 0x00, 0xc3, 0x29, 0x59, 0xc9,
0x43, 0x63, 0x44, 0xb5, 0x31, 0x6f, 0x09, 0xcc,
0xca, 0x70, 0x29, 0xa2, 0x30, 0xd6, 0x39, 0xdc,
0xb0, 0x22, 0xd8, 0xba, 0x79, 0xba, 0x91, 0xcd,
0x6a, 0xb1, 0x2a, 0xe1, 0x57, 0x9c, 0x50, 0xc7,
0xbb, 0x10, 0xe3, 0x03, 0x01, 0xa6, 0x5c, 0xae,
0x31, 0x01, 0xd4, 0x0c, 0x7b, 0xa9, 0x27, 0xbb,
0x55, 0x31, 0x48, 0xd1, 0x64, 0x70, 0x24, 0xd4,
0xa0, 0x6c, 0x81, 0x66, 0xd0, 0xb0, 0xb8, 0x12,
0x69, 0xb7, 0xd5, 0xf4, 0xb3, 0x4f, 0xb0, 0x22,
0xf6, 0x91, 0x52, 0xf5, 0x14, 0x00, 0x4a, 0x7c,
0x68, 0x53, 0x68, 0x55, 0x23, 0x43, 0xbb, 0x60,
0x36, 0x0f, 0xbb, 0x99, 0x45, 0xed, 0xf4, 0x46,
0xd3, 0x45, 0xbd, 0xca, 0xa7, 0x45, 0x5c, 0x74,
0xba, 0x0a, 0x55, 0x1e, 0x18, 0x46, 0x20, 0xfe,
0xf9, 0x76, 0x88, 0x77, 0x3d, 0x50, 0xb6, 0x43,
0x3c, 0xa7, 0xa7, 0xac, 0x5c, 0xb6, 0xb7, 0xf6,
0x71, 0xa1, 0x53, 0x76, 0xe5, 0xa6, 0x74, 0x7a,
0x62, 0x3f, 0xa7, 0xbc, 0x66, 0x30, 0x37, 0x3f,
0x5b, 0x1b, 0x51, 0x26, 0x90, 0xa6, 0x61, 0x37,
0x78, 0x70, 0xa6, 0x0a, 0x7a, 0x18, 0x96, 0x83,
0xf9, 0xb0, 0xcf, 0x04, 0x66, 0xe1, 0xf7, 0x50,
0x76, 0x26, 0x31, 0xc4, 0xab, 0x09, 0xf5, 0x05,
0xc4, 0x2d, 0xd2, 0x86, 0x33, 0x56, 0x94, 0x72,
0x73, 0x54, 0x42, 0x85, 0x1e, 0x32, 0x16, 0x16,
0xd4, 0x00, 0x98, 0x10, 0x77, 0x7b, 0x6b, 0xd4,
0x6f, 0xa7, 0x22, 0x44, 0x61, 0xa5, 0xcc, 0x27,
0x40, 0x5d, 0xfb, 0xac, 0x0d, 0x39, 0xb0, 0x02,
0xca, 0xb3, 0x34, 0x33, 0xf2, 0xa8, 0x6e, 0xb8,
0xce, 0x91, 0xc1, 0x34, 0xa6, 0x38, 0x6f, 0x86,
0x0a, 0x19, 0x94, 0xeb, 0x4b, 0x68, 0x75, 0xa4,
0x6d, 0x19, 0x55, 0x81, 0xd1, 0x73, 0x85, 0x4b,
0x53, 0xd2, 0x29, 0x3d, 0xf3, 0xe9, 0xa8, 0x22,
0x75, 0x6c, 0xd8, 0xf2, 0x12, 0xb3, 0x25, 0xca,
0x29, 0xb4, 0xf9, 0xf8, 0xcf, 0xba, 0xdf, 0x2e,
0x41, 0x86, 0x9a, 0xbf, 0xba, 0xd1, 0x07, 0x38,
0xad, 0x04, 0xcc, 0x75, 0x2b, 0xc2, 0x0c, 0x39,
0x47, 0x46, 0x85, 0x0e, 0x0c, 0x48, 0x47, 0xdb,
0xeb, 0xbe, 0x41, 0xcd, 0x4d, 0xea, 0x48, 0x9d,
0xed, 0xd0, 0x0e, 0x76, 0xae, 0x0b, 0xcf, 0x54,
0xaa, 0x85, 0x50, 0x20, 0x29, 0x20, 0xeb, 0x64,
0xd5, 0x89, 0x2a, 0xd0, 0x2b, 0x13, 0xf2, 0xe5,
0x86, 0x26, 0xed, 0x79, 0xd4, 0x51, 0x14, 0x08,
0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21,
0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc,
0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f
};
#endif
#ifdef WOLFSSL_MLKEM_KYBER
WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_ct[] = {
0xA6, 0xAF, 0x29, 0xD5, 0xF5, 0xB8, 0x0B, 0xD1,
0x30, 0xF5, 0x18, 0xBA, 0xDD, 0xD6, 0xC8, 0xF1,
0x75, 0x45, 0x41, 0x3D, 0x86, 0x0F, 0xB3, 0xDE,
0x45, 0x19, 0x79, 0xEB, 0xFA, 0x5E, 0x4E, 0x31,
0x12, 0xC7, 0xC0, 0xAD, 0xF9, 0x98, 0x24, 0xBB,
0x52, 0x6F, 0x2C, 0x35, 0x50, 0x74, 0x8E, 0xD0,
0xE1, 0x34, 0xF0, 0x45, 0x7A, 0x7C, 0x61, 0xF9,
0xF5, 0x26, 0xF0, 0x02, 0xBA, 0xAD, 0xC0, 0x3F,
0xC1, 0x3E, 0x38, 0x13, 0x12, 0x19, 0x51, 0x3C,
0x3E, 0xDE, 0x06, 0x16, 0x61, 0xE7, 0x4F, 0x60,
0x3C, 0x4F, 0xCF, 0x79, 0x51, 0xC8, 0xE5, 0x2C,
0x9C, 0x21, 0x3B, 0x0D, 0x22, 0xD9, 0x29, 0x36,
0x63, 0xD6, 0x69, 0xA6, 0xB5, 0x8E, 0xD8, 0xFC,
0xEF, 0xCF, 0x82, 0x49, 0xD7, 0xBB, 0x52, 0x98,
0xF5, 0x57, 0x61, 0x44, 0x5B, 0x2B, 0x83, 0xCE,
0x7F, 0x00, 0x5C, 0xB0, 0x42, 0x48, 0xAE, 0xC8,
0xBD, 0xA2, 0x2F, 0xD2, 0xD4, 0x2A, 0xA7, 0x66,
0x32, 0x20, 0x14, 0xEA, 0x03, 0x8C, 0xC3, 0x2C,
0x55, 0xC8, 0xE4, 0xB9, 0xE2, 0x8E, 0xC9, 0x11,
0x9F, 0x52, 0x73, 0x41, 0xE4, 0xF6, 0x6A, 0x03,
0x51, 0x21, 0x07, 0x3B, 0x85, 0xDE, 0x67, 0x06,
0xDA, 0x19, 0xE0, 0x83, 0x8A, 0x9F, 0x33, 0xB7,
0x19, 0xA6, 0x8F, 0x03, 0x9B, 0x66, 0x4D, 0xC0,
0x02, 0x65, 0x9E, 0xAB, 0xFC, 0x39, 0x86, 0x79,
0xAA, 0x70, 0x09, 0xCE, 0x0C, 0xD0, 0x1C, 0xDA,
0xFB, 0x6C, 0xD2, 0xA2, 0x6F, 0xE4, 0x10, 0x16,
0x72, 0xC9, 0x8F, 0xF5, 0x8F, 0x7C, 0x47, 0xD5,
0xBD, 0xA2, 0x90, 0x66, 0x53, 0xB3, 0xA6, 0xF9,
0x65, 0x1F, 0x7A, 0x12, 0x1E, 0xA7, 0x7E, 0xA7,
0x47, 0x23, 0xFA, 0xE5, 0xB8, 0x73, 0xF9, 0xBB,
0x7B, 0x66, 0x4F, 0x0C, 0x8A, 0x93, 0x83, 0x1E,
0xF9, 0xD5, 0x1C, 0x7C, 0xC1, 0xEF, 0x44, 0xAC,
0x0E, 0x55, 0xA5, 0x5C, 0xA7, 0x6D, 0x13, 0x7F,
0xE9, 0xB7, 0x5F, 0x40, 0x50, 0x9C, 0xEF, 0x15,
0x6E, 0x5A, 0xD1, 0x8F, 0x9F, 0xB9, 0x99, 0x68,
0x00, 0x08, 0xE5, 0x47, 0xD5, 0x5E, 0xEC, 0xD5,
0xB4, 0xD1, 0xCB, 0x1D, 0x9F, 0x07, 0x6C, 0xEC,
0x21, 0x50, 0x1C, 0x74, 0x02, 0x50, 0x9E, 0xCB,
0x77, 0xAF, 0xB2, 0xCB, 0x9A, 0x61, 0x34, 0x0A,
0x8B, 0xD1, 0x51, 0x4C, 0x6E, 0x71, 0xB4, 0xAA,
0x45, 0xE4, 0x7E, 0xC3, 0x75, 0x12, 0x27, 0x1B,
0x91, 0x1F, 0x8F, 0xB4, 0x6C, 0x90, 0x82, 0xC9,
0xDF, 0x07, 0x20, 0x4A, 0xBB, 0x5A, 0x50, 0xE6,
0xE3, 0x64, 0x7A, 0x8A, 0xD4, 0xD8, 0xD5, 0xD7,
0xBF, 0xF1, 0x9C, 0x8A, 0x50, 0x93, 0x08, 0xBC,
0xFB, 0x89, 0x55, 0x36, 0xD0, 0x45, 0xCA, 0x2B,
0x97, 0xCB, 0x16, 0xA2, 0x9B, 0xB7, 0x18, 0x1C,
0xAD, 0x05, 0x09, 0xDD, 0xB9, 0x17, 0x35, 0x02,
0x8E, 0xBA, 0x8C, 0x31, 0xD7, 0x4B, 0xD2, 0x75,
0xEA, 0xA6, 0x5B, 0x53, 0x40, 0xB3, 0xA4, 0x3F,
0xBF, 0xE0, 0xB3, 0x06, 0x1D, 0x6B, 0xAE, 0x7E,
0x75, 0xB7, 0x09, 0x8C, 0xDA, 0xBE, 0x91, 0xD4,
0xB3, 0x1E, 0x36, 0xC9, 0xAA, 0x7A, 0x82, 0x98,
0x86, 0x2A, 0xD6, 0x3C, 0x8F, 0xD2, 0x82, 0xE0,
0x3B, 0x46, 0x0B, 0x3A, 0xB4, 0x64, 0xCE, 0x0F,
0x27, 0xB1, 0xC3, 0xD1, 0x11, 0x55, 0xAC, 0xAA,
0x01, 0x1E, 0xB9, 0xE2, 0xAE, 0x3E, 0x6D, 0xDA,
0x07, 0xD6, 0xF4, 0x91, 0x73, 0x7C, 0xBC, 0xE9,
0xB0, 0x5F, 0x9B, 0xC5, 0x6B, 0xE2, 0x0E, 0x8D,
0x32, 0x6B, 0xA1, 0x32, 0xC5, 0x7F, 0xB2, 0x35,
0x16, 0x11, 0x44, 0x51, 0x9C, 0xDF, 0x40, 0x56,
0x0F, 0xBE, 0x27, 0x9B, 0xDE, 0x41, 0x1E, 0x11,
0x25, 0x31, 0xF8, 0x26, 0xD6, 0xAB, 0x10, 0xD4,
0x54, 0x73, 0x50, 0xAD, 0xD2, 0xA9, 0xDE, 0x8D,
0x62, 0xC2, 0xAC, 0x82, 0xCA, 0xBE, 0x68, 0x15,
0x64, 0x6F, 0x4D, 0xC9, 0x74, 0x2B, 0xB0, 0xC2,
0xA3, 0xF7, 0x7E, 0xC7, 0xB4, 0x6C, 0x6B, 0x53,
0x76, 0x05, 0xFA, 0x31, 0x79, 0x8C, 0xD8, 0x92,
0x81, 0x22, 0x1A, 0x33, 0xDF, 0xB9, 0x79, 0x6E,
0x64, 0x43, 0x05, 0x63, 0x03, 0x32, 0xC2, 0xCB,
0x93, 0x14, 0x08, 0xAB, 0x48, 0x1A, 0x16, 0xD9,
0x53, 0xF6, 0xBE, 0xAE, 0x38, 0x91, 0xD6, 0xD9,
0xAC, 0x1F, 0xAB, 0x38, 0x22, 0x2D, 0x92, 0x71,
0x87, 0x2D, 0x9D, 0x0C, 0xAD, 0xB9, 0x1A, 0xBE,
0x9B, 0x4E, 0x26, 0x5F, 0x75, 0xC6, 0xE5, 0xE8,
0x29, 0xE1, 0x46, 0xC3, 0xD8, 0xCE, 0x1E, 0x9D,
0x12, 0xE0, 0xD1, 0x29, 0x80, 0x19, 0x57, 0xF4,
0x6B, 0x0D, 0x2D, 0xBE, 0x1F, 0x74, 0x9B, 0x1D,
0x08, 0xE2, 0x34, 0x5F, 0x62, 0x39, 0xA7, 0x31,
0x34, 0x2E, 0xB7, 0x5B, 0x0C, 0xF1, 0xBF, 0x41,
0x17, 0x49, 0xBC, 0x2C, 0xAF, 0x28, 0x10, 0xB7,
0x88, 0xC6, 0xB7, 0x23, 0x8B, 0x4D, 0x3D, 0xA2,
0xD6, 0x31, 0x5C, 0xE9, 0x54, 0x2E, 0x24, 0x40,
0x4F, 0x14, 0x57, 0x55, 0xA3, 0x0A, 0xB8, 0x51,
0xE4, 0x44, 0x58, 0x41, 0xBD, 0x33, 0xF7, 0x16,
0xA5, 0x86, 0x88, 0x48, 0x88, 0xEC, 0xC6, 0xBC,
0x64, 0x98, 0xAA, 0x32, 0x91, 0x9A, 0xE8, 0x1D,
0x20, 0xC2, 0x69, 0x73, 0xC2, 0xBD, 0x54, 0x58,
0x2A, 0x0F, 0x6A, 0xD9, 0x8A, 0xBF, 0xD2, 0x62,
0x7E, 0x15, 0x69, 0x0A, 0x72, 0x7E, 0x69, 0xF5,
0x81, 0xDD, 0x2A, 0x71, 0x27, 0x98, 0x2A, 0x90,
0xE3, 0x3E, 0x2D, 0x4A, 0x03, 0xFE, 0x33, 0x91,
0x42, 0xC7, 0xE4, 0x4C, 0x32, 0x6A, 0xC4, 0x6E,
0xD3, 0x95, 0xA2, 0x25, 0xD3, 0x03, 0x33, 0x89,
0x91, 0x73, 0x28, 0xB4, 0x53, 0x16, 0xB1, 0x58,
0x5A, 0x01, 0xB2, 0xC3, 0x04, 0xB2, 0x94, 0x4E,
0x90, 0x3A, 0xBB, 0xB3, 0xEC, 0x56, 0x19, 0x44,
0x1C, 0xFC, 0x89, 0x65, 0xA4, 0x46, 0xDF, 0x75,
0xDE, 0xFA, 0x80, 0xC6, 0xE1, 0x5A, 0xDB, 0xD5,
0x06, 0xB7, 0xAB, 0x2D, 0xE1, 0x2D, 0xDA, 0x9B,
0xC8, 0x14, 0x41, 0xCF, 0xC8, 0x90, 0x52, 0xE2,
0xE5, 0x80, 0x8F, 0x71, 0x26, 0xC6, 0xFD, 0x3A,
0xC6, 0xAC, 0x80, 0x81, 0x25, 0x8A, 0x84, 0xA0,
0x9A, 0xE5, 0x0F, 0x6C, 0xD7, 0xCC, 0x0F, 0x4A,
0xF3, 0x36, 0xFD, 0x1D, 0x64, 0x3E, 0x99, 0x07,
0x99, 0x96, 0x26, 0x8C, 0x2D, 0x32, 0xD9, 0x09,
0xF2, 0x2E, 0x35, 0x04, 0xF0, 0x7F, 0xBB, 0x56,
0x31, 0x96, 0xD4, 0x31, 0x2F, 0xDD, 0xB9, 0x33,
0x5D, 0x5C, 0x1D, 0x36, 0xE8, 0xC5, 0xEE, 0xA2,
0x27, 0x8D, 0xBA, 0x23, 0xB9, 0x4D, 0x19, 0x3C,
0x94, 0x7C, 0xC4, 0x1C, 0xA9, 0x93, 0xDC, 0x7D,
0xB1, 0x39, 0x63, 0x40, 0xAD, 0x9C, 0x4F, 0xE6,
0x87, 0xDD, 0x7B, 0x8D, 0x0C, 0x7A, 0x51, 0x20,
0xAE, 0x02, 0x04, 0xF2, 0xC6, 0x65, 0xBD, 0x5F,
0x47, 0x3D, 0x64, 0x4C, 0x7F, 0xF2, 0x6B, 0xFF,
0xBA, 0x7A, 0x36, 0x98, 0x08, 0x30, 0x70, 0x21,
0x28, 0xA7, 0xE6, 0x61, 0xD6, 0x77, 0xA0, 0x92,
0xA3, 0x6E, 0x74, 0x28, 0xA4, 0x13, 0x9F, 0xB2,
0x9B, 0x00, 0x95, 0xCC, 0x11, 0x08, 0x6F, 0x44,
0x7D, 0x2A, 0x9E, 0xF6, 0xC9, 0xB1, 0x61, 0xF1,
0x89, 0xC6, 0x29, 0x9E, 0x08, 0x4C, 0xB7, 0xAA,
0x00, 0xFA, 0xF7, 0x87, 0x79, 0x7B, 0xFB, 0x06,
0x9F, 0xBC, 0x08, 0x7F, 0xDE, 0x26, 0x25, 0x2A,
0x16, 0x64, 0xF1, 0x9C, 0x5A, 0x8A, 0x22, 0xEC,
0x5E, 0xE1, 0xAE, 0xB0, 0x76, 0x35, 0x7B, 0x7D,
0xC3, 0x7E, 0x6B, 0x0F, 0x15, 0x20, 0xF9, 0x58,
0xF7, 0x85, 0x1B, 0xAC, 0xB9, 0x2C, 0x89, 0xFD,
0x11, 0x4A, 0x72, 0xFE, 0xAC, 0x54, 0x65, 0x2D,
0x45, 0xB0, 0x9E, 0x1A, 0xE7, 0x65, 0x1A, 0xBD,
0x16, 0x4B, 0xCD, 0x53, 0x7D, 0x58, 0xFA, 0x39,
0xD3, 0xEC, 0x8A, 0xCD, 0xCD, 0xF9, 0x84, 0x25,
0x00, 0x58, 0x62, 0xFA, 0x59, 0x69, 0x2D, 0xE1,
0x62, 0xB7, 0x7E, 0x62, 0x97, 0xC6, 0x62, 0x33,
0x34, 0x84, 0x08, 0xA8, 0xAB, 0x69, 0x5C, 0xE2,
0xF2, 0x72, 0x8D, 0xB9, 0xFB, 0xE2, 0x7E, 0x95,
0x89, 0x67, 0xEC, 0x59, 0x74, 0x76, 0x7C, 0x5A,
0x66, 0x02, 0x30, 0x74, 0xB4, 0xA7, 0x1A, 0xFD,
0x26, 0x4A, 0xD2, 0x89, 0x0E, 0x97, 0x0A, 0x1F,
0x31, 0xD6, 0xE3, 0x31, 0x1B, 0x73, 0x6F, 0x9F,
0x94, 0x88, 0x79, 0x3D, 0xDC, 0x88, 0xF2, 0x34,
0x58, 0x06, 0x42, 0x54, 0xC8, 0x2A, 0x1D, 0x9E,
0x59, 0xEA, 0xD2, 0xFC, 0xEC, 0x40, 0xB4, 0x30,
0x68, 0x7C, 0x4B, 0x7E, 0x28, 0x96, 0x09, 0x26,
0xAF, 0xCA, 0xCC, 0x9B, 0xD7, 0x56, 0xA7, 0x10,
0x88, 0xC7, 0x84, 0x50, 0xE2, 0x0A, 0x2E, 0x98,
0x0A, 0xED, 0xE9, 0xEB, 0xED, 0xFE, 0x7F, 0xAB,
0xD6, 0xAB, 0xFE, 0x96, 0xF9, 0x34, 0xC4, 0xB0,
0x2C, 0x01, 0xCA, 0x19, 0x4D, 0x01, 0xB7, 0x3C,
0x25, 0xD5, 0x99, 0x70, 0x39, 0xD3, 0xFC, 0xD0,
0xF0, 0x99, 0x52, 0x1F, 0x70, 0xCA, 0xEE, 0x69,
0x11, 0x0A, 0xC1, 0xFC, 0x5A, 0x99, 0x91, 0x7A,
0xD7, 0x52, 0xFC, 0x96, 0xAD, 0xFA, 0xD7, 0x18,
0x6D, 0x0A, 0x7C, 0x9C, 0xFE, 0x56, 0x01, 0xC0,
0x75, 0x14, 0xEA, 0x64, 0x48, 0xD6, 0x61, 0xC5,
0x7A, 0xA2, 0x02, 0x42, 0x10, 0x3C, 0x42, 0x76,
0xA0, 0x70, 0xA4, 0x89, 0xA4, 0xCB, 0x6B, 0xCA,
0x0F, 0x9E, 0xCC, 0x43, 0x79, 0xFB, 0x22, 0x02,
0x15, 0xFD, 0x91, 0xF8, 0x10, 0x19, 0xD5, 0xB0,
0xAE, 0x61, 0x93, 0x58, 0xB5, 0x24, 0x68, 0xF2,
0x72, 0xC1, 0x78, 0xE3, 0xA7, 0x4C, 0xF6, 0x77,
0x5A, 0xA9, 0x24, 0xFE, 0x32, 0x9C, 0x31, 0x75,
0xD9, 0xE4, 0xC3, 0xE2, 0x1A, 0xB9, 0xEC, 0x83,
0x6E, 0xDC, 0x3A, 0xCA, 0xB2, 0xE3, 0x89, 0x1E,
0xE8, 0xDE, 0xDA, 0x51, 0x5D, 0x39, 0xAF, 0x9B,
0x8D, 0xDD, 0x0E, 0xE7, 0xB0, 0x16, 0x4F, 0x80,
0x5C, 0x38, 0x35, 0xF6, 0xD2, 0xBA, 0xBD, 0xB3,
0x0E, 0xAB, 0x47, 0x56, 0xE7, 0xEC, 0x7F, 0x82,
0x9E, 0xCE, 0x01, 0xE8, 0xEA, 0xDF, 0xBB, 0xED,
0x12, 0xFC, 0x28, 0x3B, 0x3D, 0x4C, 0x69, 0xF5,
0x75, 0xE7, 0xF8, 0x04, 0x17, 0x68, 0x9F, 0xDF,
0xCF, 0xC7, 0xBE, 0x27, 0xEE, 0x3B, 0x8C, 0xDF,
0x57, 0xAA, 0xEB, 0xEC, 0x4A, 0x95, 0xB7, 0xE5,
0xBB, 0x58, 0x5B, 0x85, 0x22, 0x7F, 0x7C, 0x32,
0xBE, 0x30, 0xDB, 0x3E, 0x65, 0xE4, 0x2E, 0x30,
0xDC, 0xF5, 0xA5, 0xFA, 0x07, 0x3D, 0xBA, 0x39,
0x9D, 0x94, 0x2F, 0x22, 0x22, 0xAD, 0xB9, 0xB9,
0x89, 0x81, 0x02, 0xAF, 0xE5, 0x43, 0x2E, 0xDC,
0x7F, 0x04, 0xAE, 0x34, 0xA8, 0xFE, 0xC2, 0xD8,
0x1C, 0xB4, 0x9A, 0x9A, 0x9B, 0x43, 0x81, 0x4C,
0xE7, 0x1D, 0x97, 0xF7, 0x26, 0xE2, 0xB1, 0xE8,
0xF6, 0x4B, 0x50, 0xE6, 0x5D, 0xFB, 0x48, 0x16,
0xE1, 0x2E, 0x82, 0xA3, 0x19, 0x74, 0x84, 0xA4,
0xE9, 0xBB, 0xA4, 0xD2, 0xD6, 0x9E, 0x3F, 0x19,
0xD0, 0xB7, 0x5C, 0x21, 0xE2, 0xBF, 0xFE, 0x9F,
0xC0, 0xC9, 0x8C, 0xF4, 0x8A, 0x3A, 0xAF, 0x08,
0xD4, 0x67, 0xF7, 0x26, 0x87, 0xDF, 0x01, 0x78,
0x17, 0x4B, 0x78, 0x97, 0xF7, 0x34, 0x34, 0x9B,
0x18, 0x1E, 0xCA, 0x86, 0xA5, 0x98, 0xA0, 0xC5,
0xE8, 0xC2, 0x59, 0x46, 0xF2, 0x4D, 0xC5, 0x57,
0x2B, 0xD3, 0x24, 0xA4, 0x04, 0x58, 0xA7, 0x88,
0xE5, 0x13, 0x7F, 0x3C, 0x7A, 0x7C, 0x97, 0xFC,
0x9F, 0x12, 0xA3, 0xC4, 0x63, 0xA8, 0xFE, 0x94,
0x49, 0x10, 0x1C, 0xCE, 0x96, 0x6D, 0x7C, 0x00,
0x93, 0x23, 0x93, 0x29, 0x98, 0xD5, 0x6E, 0xF4,
0x30, 0xC7, 0x3B, 0xC2, 0x4F, 0x5D, 0x95, 0xF7,
0x37, 0x85, 0x8D, 0xDC, 0x4F, 0x32, 0xC0, 0x13
};
#endif
#ifndef WOLFSSL_NO_ML_KEM
WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_1024_ct[] = {
0xc9, 0xbe, 0xad, 0x6b, 0x0c, 0x11, 0x14, 0x38,
0x9b, 0xd4, 0x76, 0x1c, 0x73, 0xab, 0x90, 0x95,
0xb5, 0x80, 0x9d, 0xaa, 0xc9, 0xf6, 0x59, 0xbb,
0x56, 0x4a, 0xf2, 0x26, 0x17, 0x30, 0x52, 0xa4,
0xa3, 0xe7, 0xf2, 0xe5, 0xfd, 0x47, 0xd2, 0xb0,
0x2a, 0xae, 0xb5, 0x18, 0x9e, 0x06, 0xb9, 0xf4,
0xae, 0x98, 0xb6, 0x19, 0xcb, 0x63, 0xef, 0xbd,
0xf3, 0x98, 0x9a, 0x94, 0xb3, 0x6e, 0x8e, 0xa0,
0xd7, 0x00, 0x63, 0x3b, 0x95, 0x0a, 0x0a, 0xe2,
0xa7, 0x8e, 0xd9, 0x2e, 0x85, 0xc8, 0x5c, 0x70,
0xe1, 0x3e, 0x62, 0x6f, 0xb2, 0x63, 0xfa, 0xc9,
0x68, 0x15, 0x21, 0xc3, 0xab, 0x22, 0xfd, 0xab,
0x29, 0x17, 0x3c, 0x96, 0x16, 0xa2, 0xb0, 0x37,
0x08, 0x3f, 0xf7, 0xb2, 0xe0, 0x19, 0xb5, 0xbc,
0xde, 0x06, 0x8f, 0xac, 0x25, 0x7e, 0xf8, 0xf1,
0x27, 0x98, 0x41, 0x16, 0x93, 0xc1, 0xbd, 0xcc,
0x65, 0x42, 0x09, 0x97, 0xa5, 0x13, 0xa8, 0xa6,
0x95, 0x02, 0x62, 0x0b, 0xe8, 0xe4, 0xce, 0x73,
0x62, 0xe4, 0x12, 0xa7, 0x6c, 0xf5, 0x1c, 0x1f,
0x24, 0x33, 0xf1, 0xab, 0x64, 0xce, 0x0e, 0x5d,
0x2f, 0x56, 0xd7, 0xc9, 0xad, 0xe9, 0x94, 0xd0,
0xe3, 0x5d, 0x0a, 0xee, 0xf3, 0xac, 0x51, 0x5b,
0x48, 0x24, 0x37, 0x66, 0x4d, 0x8c, 0x1d, 0x25,
0xe5, 0xa5, 0x50, 0x7c, 0xf8, 0x0f, 0x97, 0x0d,
0x3e, 0xa7, 0x22, 0x6a, 0xac, 0xdc, 0x45, 0x7c,
0xbf, 0x88, 0xa0, 0x56, 0x0a, 0xa3, 0x5b, 0xb2,
0xc5, 0xc4, 0x55, 0x86, 0x7e, 0x21, 0x59, 0x91,
0x0a, 0x35, 0x81, 0x0b, 0xef, 0xe3, 0xaa, 0x10,
0xeb, 0x04, 0xd8, 0xd5, 0x71, 0x47, 0xcb, 0x8f,
0x66, 0xd2, 0xb0, 0x70, 0xba, 0xc4, 0x3d, 0x1f,
0x1f, 0xfd, 0xd5, 0x7a, 0x93, 0x99, 0x95, 0x1f,
0x64, 0x96, 0x57, 0x27, 0xbc, 0xb9, 0xf6, 0x6a,
0xd4, 0x23, 0x09, 0xda, 0xfc, 0x79, 0x9c, 0x1c,
0x54, 0x0a, 0xf1, 0xaf, 0x93, 0xef, 0xf6, 0x8a,
0x86, 0xd6, 0x1f, 0x51, 0x15, 0xdb, 0x66, 0x2d,
0xee, 0x7a, 0xc9, 0xa3, 0x62, 0x67, 0x77, 0x62,
0xb6, 0xa1, 0x64, 0xa0, 0xfa, 0x0a, 0x4d, 0x85,
0x9e, 0x4b, 0x8c, 0x8d, 0xbd, 0xb4, 0xe1, 0x83,
0xf5, 0xe6, 0x80, 0x8f, 0xc5, 0x22, 0x29, 0x65,
0x0c, 0xaf, 0x7c, 0xf3, 0xe1, 0x6d, 0xe3, 0xd8,
0x95, 0xd1, 0x48, 0xc3, 0x54, 0x48, 0xab, 0x8c,
0x27, 0x53, 0xc9, 0x83, 0x1b, 0x24, 0xbd, 0x49,
0x21, 0x49, 0x7e, 0xaa, 0x19, 0x25, 0x65, 0xca,
0xbf, 0xd8, 0x3c, 0x0c, 0x68, 0xdf, 0xe7, 0xd3,
0x92, 0xab, 0xf5, 0xe5, 0xe6, 0xf8, 0x4b, 0xb9,
0xf5, 0xaf, 0x4b, 0x71, 0x18, 0xc0, 0xb5, 0x58,
0x10, 0x5f, 0x9c, 0x10, 0xc9, 0xb6, 0xd7, 0x06,
0x82, 0xe1, 0xde, 0x6e, 0x06, 0x89, 0xd7, 0x10,
0x6a, 0x63, 0x74, 0xbd, 0x34, 0xae, 0xd7, 0x22,
0x9e, 0x6c, 0xb3, 0x56, 0xf2, 0xea, 0x65, 0xe6,
0x80, 0xce, 0x7b, 0x1e, 0x2c, 0x37, 0x04, 0xe1,
0x16, 0xa3, 0x85, 0x42, 0x82, 0x6e, 0x8a, 0x00,
0x11, 0x41, 0xba, 0xf2, 0xe3, 0x4d, 0xe3, 0x7a,
0x03, 0x04, 0x09, 0x86, 0xd4, 0xc0, 0xcd, 0x5d,
0x57, 0xf0, 0x70, 0x1c, 0xe9, 0x30, 0x98, 0x6f,
0xd9, 0x52, 0x5b, 0x58, 0xe2, 0xe5, 0x9f, 0x45,
0xb8, 0xdd, 0x04, 0xc0, 0xf3, 0x5b, 0x0f, 0x47,
0x97, 0x0c, 0xc6, 0x70, 0x79, 0x61, 0x8e, 0xb9,
0xe6, 0xd9, 0x1e, 0x9b, 0x0f, 0x8c, 0x6d, 0x2e,
0x16, 0x5c, 0xf4, 0x48, 0xa2, 0xc1, 0xeb, 0xf7,
0x1b, 0x65, 0x37, 0xe0, 0xf3, 0x75, 0x18, 0x5d,
0xfa, 0xfe, 0xf6, 0x98, 0xb6, 0x23, 0x9b, 0xb3,
0x55, 0x80, 0xb3, 0x15, 0xbc, 0xb5, 0xed, 0x40,
0x8c, 0x35, 0x7f, 0x19, 0x2d, 0xef, 0x89, 0xbc,
0x1b, 0x75, 0xcd, 0xd6, 0xaa, 0xe8, 0xb5, 0xfa,
0xf0, 0xc3, 0xe1, 0x38, 0x03, 0xf6, 0xbd, 0xfa,
0x76, 0xfb, 0x40, 0x7f, 0xcb, 0xda, 0x79, 0x0c,
0x32, 0x9b, 0x3e, 0xe4, 0x2f, 0xd3, 0xd3, 0xb0,
0x3b, 0xd5, 0x00, 0x3f, 0x0b, 0xc4, 0x32, 0xf7,
0xba, 0x39, 0x63, 0x11, 0x12, 0x45, 0x2d, 0xfd,
0x12, 0x14, 0x04, 0x33, 0xff, 0x89, 0x80, 0xeb,
0x6a, 0x52, 0x6b, 0xa8, 0x5e, 0xf9, 0x94, 0x77,
0x37, 0x8b, 0x4d, 0xc7, 0x66, 0x35, 0xa5, 0xcd,
0x50, 0x40, 0xe4, 0x3b, 0x8c, 0x1f, 0xe4, 0xee,
0x5e, 0x15, 0x8e, 0x42, 0x3b, 0xfc, 0x0c, 0x89,
0x3c, 0x1d, 0x56, 0x13, 0xbe, 0xd0, 0x8d, 0xa7,
0x19, 0xc9, 0x07, 0x31, 0x84, 0xee, 0xb3, 0x6f,
0xd3, 0x57, 0x38, 0x0f, 0xb1, 0x87, 0x3d, 0x8c,
0xbd, 0x36, 0xe2, 0x25, 0x5e, 0x98, 0x5b, 0x1b,
0x76, 0x81, 0x97, 0x43, 0xa6, 0x58, 0x4a, 0x9b,
0x3a, 0x58, 0x09, 0x96, 0xc9, 0xc2, 0xee, 0xd9,
0xbb, 0xbf, 0xff, 0x78, 0xa6, 0x20, 0x4b, 0x5e,
0x5e, 0xea, 0xe5, 0xf4, 0xef, 0xd2, 0x66, 0x00,
0x78, 0xb3, 0x7f, 0x07, 0x54, 0xab, 0x5d, 0xa8,
0x62, 0xe6, 0x66, 0xb1, 0x45, 0xb5, 0xf2, 0x3f,
0x3d, 0x09, 0x77, 0x79, 0x99, 0x29, 0xdf, 0xa2,
0xae, 0xdd, 0xa5, 0x3d, 0x15, 0x2e, 0xda, 0x1d,
0x0d, 0x0e, 0x4e, 0xa4, 0x3f, 0x6e, 0xd8, 0x89,
0xbb, 0x96, 0x5e, 0xef, 0xe0, 0xa7, 0xc6, 0x85,
0xbb, 0x36, 0x77, 0x0e, 0xaa, 0x87, 0x42, 0x42,
0xc0, 0xe2, 0x29, 0xcf, 0x6c, 0xe5, 0x6d, 0xef,
0xa5, 0xae, 0xae, 0x64, 0xd0, 0xc4, 0x0d, 0xda,
0x8a, 0xa2, 0x6e, 0xae, 0xb3, 0x14, 0x58, 0xf0,
0x70, 0xa3, 0xbc, 0x72, 0xe1, 0x61, 0x9e, 0xe9,
0xb5, 0xf6, 0x42, 0x29, 0x1c, 0x56, 0xdf, 0x5b,
0x7e, 0x43, 0xdb, 0x6c, 0x80, 0x2f, 0xc7, 0x4f,
0x4f, 0x3f, 0x9b, 0x5c, 0x0d, 0x35, 0x5c, 0x3a,
0xae, 0x52, 0x0a, 0xa3, 0x12, 0x29, 0xd1, 0x2f,
0x3e, 0x7c, 0xc5, 0xd4, 0x8e, 0x69, 0x11, 0x91,
0xa3, 0x6b, 0x28, 0x37, 0x65, 0xf4, 0x13, 0x3f,
0x0f, 0xf1, 0xfe, 0x2f, 0x01, 0xc6, 0x64, 0x8b,
0x27, 0x98, 0xa7, 0x4e, 0xb5, 0xd8, 0x42, 0xa2,
0x48, 0xf5, 0x24, 0xa7, 0xe7, 0xf8, 0x97, 0x42,
0x11, 0x29, 0x7b, 0x44, 0xf0, 0xdd, 0x19, 0xf3,
0x86, 0xe8, 0x6b, 0xe6, 0xba, 0x78, 0x2d, 0xe7,
0x7f, 0xde, 0x88, 0x72, 0x26, 0xf3, 0x7a, 0x1c,
0x77, 0xbc, 0x5e, 0xdd, 0xee, 0xe5, 0xbf, 0x46,
0xb6, 0x7f, 0xb7, 0x47, 0x8d, 0x55, 0x98, 0x65,
0xf2, 0x62, 0xca, 0xa8, 0x4d, 0x64, 0xa8, 0xce,
0x59, 0xe4, 0xdf, 0x08, 0x18, 0xe1, 0x48, 0x61,
0x52, 0x6a, 0xcd, 0x34, 0x83, 0x60, 0x0f, 0x3d,
0xae, 0x79, 0x59, 0xd3, 0x5d, 0x81, 0x81, 0xca,
0x6a, 0x81, 0xce, 0x79, 0x1b, 0xe0, 0x07, 0x52,
0xda, 0x77, 0x59, 0x44, 0x6a, 0x2c, 0xfb, 0xe0,
0x0b, 0x82, 0x48, 0xb9, 0x34, 0x91, 0xde, 0xbd,
0x52, 0x02, 0x20, 0xb7, 0x55, 0x41, 0x6d, 0x2f,
0xc6, 0xb7, 0xc8, 0xaf, 0x2f, 0xf7, 0x5e, 0x5b,
0xcb, 0xb8, 0xe7, 0x53, 0x73, 0x80, 0xa5, 0x72,
0x1c, 0x77, 0x48, 0x49, 0x57, 0xa6, 0x92, 0x71,
0xd8, 0xba, 0xfc, 0xe0, 0xf1, 0x66, 0x73, 0x5f,
0xf8, 0x69, 0x23, 0x2d, 0xe5, 0xd3, 0x81, 0xaf,
0xbf, 0x0e, 0x44, 0xd6, 0x91, 0x72, 0xb7, 0x9a,
0x35, 0x19, 0x19, 0x49, 0xde, 0x09, 0x70, 0x3b,
0x94, 0x22, 0x2b, 0x13, 0xc3, 0x85, 0xc6, 0x08,
0x1e, 0x6d, 0x2e, 0xde, 0x1e, 0x57, 0xfe, 0x18,
0x4e, 0xf8, 0xf6, 0x01, 0x96, 0xb9, 0xa3, 0xa7,
0xb7, 0xef, 0xf7, 0x49, 0x71, 0x91, 0xca, 0x87,
0x41, 0xb5, 0xa0, 0x1e, 0x79, 0xcb, 0x69, 0xa6,
0x11, 0x42, 0xe6, 0xf5, 0xd0, 0x80, 0xfb, 0xb3,
0xe5, 0x66, 0xf7, 0x9e, 0x14, 0x6f, 0x75, 0xc8,
0xa1, 0x09, 0x78, 0x60, 0x84, 0x1b, 0x47, 0x47,
0xdf, 0x60, 0x4d, 0xba, 0x95, 0x4e, 0x4a, 0x8d,
0x9e, 0x0d, 0xcc, 0xc1, 0xf6, 0x09, 0xd0, 0x5c,
0xf8, 0xd3, 0x12, 0x19, 0xec, 0xd6, 0x0c, 0x31,
0x2d, 0xe6, 0x84, 0x55, 0x2f, 0x09, 0x22, 0x7c,
0xb8, 0x29, 0x29, 0x1c, 0x64, 0x57, 0x32, 0xc5,
0xf5, 0xd4, 0xd7, 0x11, 0x63, 0x9f, 0x42, 0xa2,
0x30, 0x80, 0xaa, 0x34, 0xfe, 0x14, 0x20, 0xf2,
0x19, 0xbd, 0x6b, 0xcf, 0x4e, 0x3b, 0x29, 0xb9,
0xd0, 0x22, 0x93, 0xb2, 0xda, 0x81, 0x38, 0x3e,
0x0a, 0x51, 0xd2, 0xbb, 0x18, 0x6c, 0x7b, 0x0a,
0x21, 0x1a, 0x0c, 0xd6, 0x3a, 0xcb, 0xfc, 0x02,
0x10, 0x40, 0x1e, 0x98, 0x5d, 0x43, 0x6b, 0x38,
0x03, 0xd5, 0x60, 0x1c, 0x24, 0x13, 0x6a, 0xfd,
0x15, 0x62, 0x52, 0x2e, 0x45, 0xb4, 0x57, 0xcb,
0x43, 0x91, 0x78, 0xbe, 0x4a, 0x87, 0xcc, 0xe4,
0x03, 0x46, 0xd3, 0x4a, 0xe0, 0xf3, 0xc3, 0x91,
0x03, 0xc8, 0xa3, 0xeb, 0xc9, 0xc8, 0x6c, 0x8d,
0xb8, 0xfc, 0x55, 0x61, 0xeb, 0x0f, 0x3a, 0x14,
0x3d, 0x4e, 0x9f, 0xe9, 0x3a, 0x5c, 0xba, 0x6f,
0x6f, 0xca, 0xe5, 0x65, 0x0d, 0x3f, 0x43, 0xd2,
0x66, 0x8a, 0x59, 0x56, 0xc9, 0x22, 0x89, 0x3b,
0x81, 0x66, 0x47, 0xde, 0xd0, 0xaf, 0xc0, 0x52,
0xa6, 0xc3, 0xd9, 0xd0, 0x1a, 0x3d, 0x3a, 0xf0,
0xf1, 0xba, 0x80, 0x7f, 0xf1, 0x04, 0x91, 0xe1,
0x31, 0xdc, 0x15, 0xe1, 0x65, 0xcf, 0xd0, 0x65,
0x0a, 0x1f, 0x2c, 0x31, 0x3d, 0x79, 0x56, 0x14,
0x1e, 0xdc, 0xc6, 0x1c, 0xb9, 0x0e, 0x9e, 0x7a,
0xbf, 0x2f, 0xe3, 0x5f, 0xc9, 0xdc, 0x1b, 0xde,
0x88, 0x93, 0x9f, 0xa1, 0x1f, 0x7b, 0xbe, 0x3e,
0xb4, 0xd8, 0xff, 0xa6, 0x43, 0xb0, 0x74, 0xd7,
0x4f, 0x45, 0x11, 0x35, 0x86, 0xe9, 0xbb, 0x12,
0x06, 0x00, 0x03, 0xd7, 0x19, 0x41, 0xf2, 0xda,
0x09, 0x8d, 0xc0, 0xe9, 0x6c, 0xad, 0x32, 0x55,
0xcf, 0x32, 0x8e, 0xa2, 0xd3, 0x30, 0x8c, 0x1f,
0x45, 0x85, 0xe8, 0x9c, 0x61, 0x3c, 0x42, 0x6b,
0x7e, 0x79, 0x8e, 0x1e, 0xc4, 0xe9, 0x8f, 0xe6,
0xc7, 0x1e, 0x74, 0x91, 0xf5, 0xec, 0xa0, 0xcd,
0x05, 0x11, 0x58, 0x61, 0xbd, 0x16, 0x0e, 0x3f,
0xe7, 0x3a, 0x58, 0xa0, 0x26, 0xba, 0x53, 0x8e,
0x0e, 0x25, 0x6b, 0x92, 0xf1, 0xd7, 0xa2, 0x49,
0x75, 0x70, 0x59, 0x48, 0x56, 0x86, 0x0f, 0xfd,
0x06, 0xb6, 0x01, 0xac, 0x57, 0x55, 0x92, 0xf4,
0xac, 0x61, 0x2b, 0x5d, 0xe7, 0x86, 0x60, 0x42,
0x12, 0x3e, 0xbc, 0x60, 0xc5, 0x57, 0x68, 0xe3,
0xa7, 0x60, 0x0a, 0x32, 0x60, 0x55, 0x1f, 0x2b,
0xea, 0x22, 0xbb, 0xf6, 0xb6, 0xc8, 0x24, 0x6e,
0x80, 0xf9, 0x12, 0x5c, 0x4b, 0xb9, 0xdb, 0x35,
0x4d, 0xd6, 0x4a, 0xe6, 0x95, 0xc1, 0x5f, 0x50,
0x71, 0xf4, 0xab, 0xb9, 0x63, 0x92, 0x07, 0xca,
0xc7, 0x33, 0x1b, 0x31, 0x0f, 0x69, 0xa0, 0x5f,
0x54, 0xb9, 0x95, 0xde, 0x52, 0x9a, 0x02, 0x3f,
0x03, 0x3b, 0x05, 0x5d, 0xb9, 0x52, 0x87, 0xa1,
0x4b, 0xa3, 0x0a, 0x7c, 0xc5, 0x26, 0xbb, 0x72,
0x4c, 0x41, 0x7f, 0xba, 0x29, 0x06, 0x36, 0xa9,
0x96, 0xf2, 0x86, 0xe3, 0xe9, 0xe9, 0x39, 0xe4,
0xfe, 0x1c, 0x39, 0x8b, 0x5c, 0x65, 0x99, 0x95,
0x9d, 0x0b, 0x44, 0x45, 0xa3, 0x27, 0xec, 0x46,
0x9a, 0x16, 0x53, 0xcf, 0xae, 0xa7, 0x55, 0x2c,
0xec, 0xec, 0x08, 0x5c, 0xca, 0xa6, 0x89, 0x38,
0xae, 0x4a, 0xc3, 0xc4, 0x24, 0xf7, 0xe4, 0x80,
0x43, 0x9e, 0xbd, 0x2c, 0x99, 0x2b, 0x5f, 0x6f,
0x95, 0xec, 0x24, 0x4b, 0x65, 0x7d, 0xbd, 0xea,
0xa9, 0xae, 0x11, 0x0a, 0xaf, 0x4d, 0x68, 0xbf,
0x4e, 0x27, 0x41, 0x0d, 0x43, 0xce, 0xef, 0x3e,
0x88, 0xe9, 0xc7, 0x17, 0xdd, 0x44, 0xc9, 0xee
};
#endif
#ifdef WOLFSSL_MLKEM_KYBER
WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_ss[] = {
0xB1, 0x0F, 0x73, 0x94, 0x92, 0x6A, 0xD3, 0xB4,
0x9C, 0x5D, 0x62, 0xD5, 0xAE, 0xB5, 0x31, 0xD5,
0x75, 0x75, 0x38, 0xBC, 0xC0, 0xDA, 0x9E, 0x55,
0x0D, 0x43, 0x8F, 0x1B, 0x61, 0xBD, 0x74, 0x19
};
#endif
#ifndef WOLFSSL_NO_ML_KEM
WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_1024_ss[] = {
0x48, 0x9d, 0xd1, 0xe9, 0xc2, 0xbe, 0x4a, 0xf3,
0x48, 0x2b, 0xdb, 0x35, 0xbb, 0x26, 0xce, 0x76,
0x0e, 0x6e, 0x41, 0x4d, 0xa6, 0xec, 0xbe, 0x48,
0x99, 0x85, 0x74, 0x8a, 0x82, 0x5f, 0x1c, 0xd6
};
#endif
#ifdef WOLFSSL_SMALL_STACK
key = (MlKemKey *)XMALLOC(sizeof(MlKemKey), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
priv = (byte *)XMALLOC(WC_ML_KEM_1024_PRIVATE_KEY_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
pub = (byte *)XMALLOC(WC_ML_KEM_1024_PUBLIC_KEY_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (priv == NULL || pub == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#endif
#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
ct = (byte *)XMALLOC(WC_ML_KEM_1024_CIPHER_TEXT_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
ss = (byte *)XMALLOC(WC_ML_KEM_SS_SZ, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (ct == NULL || ss == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#endif
#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
ss_dec = (byte *)XMALLOC(WC_ML_KEM_SS_SZ, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (ss_dec == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#endif
#endif
#ifdef WOLFSSL_MLKEM_KYBER
ret = wc_MlKemKey_Init(key, KYBER1024, HEAP_HINT, katDevId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
else
key_inited = 1;
#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
ret = wc_MlKemKey_MakeKeyWithRandom(key, kyber1024_rand,
sizeof(kyber1024_rand));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_MlKemKey_EncodePublicKey(key, pub, KYBER_MAX_PUBLIC_KEY_SIZE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_MlKemKey_EncodePrivateKey(key, priv, KYBER_MAX_PRIVATE_KEY_SIZE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(pub, kyber1024_pk, sizeof(kyber1024_pk)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(priv, kyber1024_sk, sizeof(kyber1024_sk)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
(void)kyber1024_rand;
(void)kyber1024_pk;
ret = wc_MlKemKey_DecodePrivateKey(key, kyber1024_sk,
KYBER1024_PRIVATE_KEY_SIZE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
ret = wc_MlKemKey_EncapsulateWithRandom(key, ct, ss, kyber1024enc_rand,
sizeof(kyber1024enc_rand));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(ct, kyber1024_ct, sizeof(kyber1024_ct)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(ss, kyber1024_ss, sizeof(kyber1024_ss)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
(void)kyber1024enc_rand;
#endif
#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
ret = wc_MlKemKey_Decapsulate(key, ss_dec, kyber1024_ct,
sizeof(kyber1024_ct));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(ss_dec, kyber1024_ss, sizeof(kyber1024_ss)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
(void)kyber1024_ct;
(void)kyber1024_ss;
#endif
#endif
#ifndef WOLFSSL_NO_ML_KEM
ret = wc_MlKemKey_Init(key, WC_ML_KEM_1024, HEAP_HINT, katDevId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
else
key_inited = 1;
#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
ret = wc_MlKemKey_MakeKeyWithRandom(key, kyber1024_rand,
sizeof(kyber1024_rand));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_MlKemKey_EncodePublicKey(key, pub, WC_ML_KEM_MAX_PUBLIC_KEY_SIZE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_MlKemKey_EncodePrivateKey(key, priv,
WC_ML_KEM_MAX_PRIVATE_KEY_SIZE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(pub, ml_kem_1024_pk, sizeof(ml_kem_1024_pk)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(priv, ml_kem_1024_sk, sizeof(ml_kem_1024_sk)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
(void)kyber1024_rand;
(void)ml_kem_1024_pk;
ret = wc_MlKemKey_DecodePrivateKey(key, ml_kem_1024_sk,
WC_ML_KEM_1024_PRIVATE_KEY_SIZE);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
ret = wc_MlKemKey_EncapsulateWithRandom(key, ct, ss, kyber1024enc_rand,
sizeof(kyber1024enc_rand));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(ct, ml_kem_1024_ct, sizeof(ml_kem_1024_ct)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (XMEMCMP(ss, ml_kem_1024_ss, sizeof(ml_kem_1024_ss)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
(void)kyber1024enc_rand;
#endif
#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
ret = wc_MlKemKey_Decapsulate(key, ss_dec, ml_kem_1024_ct,
sizeof(ml_kem_1024_ct));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(ss_dec, ml_kem_1024_ss, sizeof(ml_kem_1024_ss)) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
(void)ml_kem_1024_ct;
(void)ml_kem_1024_ss;
#endif
#endif
out:
if (key_inited)
wc_MlKemKey_Free(key);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#endif
return ret;
}
#endif /* !WOLFSSL_NO_KYBER1024 && !WOLFSSL_NO_ML_KEM_1024 */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mlkem_test(void)
{
wc_test_ret_t ret;
int i;
#ifndef WC_NO_RNG
WC_RNG rng;
int rng_inited = 0;
#endif
#ifdef WOLFSSL_SMALL_STACK
MlKemKey *key = NULL;
#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
byte *priv = NULL;
byte *pub = NULL;
byte *priv2 = NULL;
byte *pub2 = NULL;
#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
byte *ct = NULL;
byte *ss = NULL;
#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
byte *ss_dec = NULL;
#endif
#endif
#endif
#else
MlKemKey key[1];
#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
byte priv[WC_ML_KEM_MAX_PRIVATE_KEY_SIZE];
byte pub[WC_ML_KEM_MAX_PUBLIC_KEY_SIZE];
byte priv2[WC_ML_KEM_MAX_PRIVATE_KEY_SIZE];
byte pub2[WC_ML_KEM_MAX_PUBLIC_KEY_SIZE];
#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
byte ct[WC_ML_KEM_MAX_CIPHER_TEXT_SIZE];
byte ss[WC_ML_KEM_SS_SZ];
#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
byte ss_dec[WC_ML_KEM_SS_SZ];
#endif
#endif
#endif
#endif
#if !defined(WOLFSSL_NO_MALLOC) && !defined(WC_NO_CONSTRUCTORS) && \
!defined(WOLFSSL_MLKEM_NO_MAKE_KEY)
MlKemKey *tmpKey = NULL;
#endif
int key_inited = 0;
static const int testData[][4] = {
#ifndef WOLFSSL_NO_ML_KEM
#ifdef WOLFSSL_WC_ML_KEM_512
{ WC_ML_KEM_512, WC_ML_KEM_512_PRIVATE_KEY_SIZE,
WC_ML_KEM_512_PUBLIC_KEY_SIZE, WC_ML_KEM_512_CIPHER_TEXT_SIZE },
#endif
#ifdef WOLFSSL_WC_ML_KEM_768
{ WC_ML_KEM_768, WC_ML_KEM_768_PRIVATE_KEY_SIZE,
WC_ML_KEM_768_PUBLIC_KEY_SIZE, WC_ML_KEM_768_CIPHER_TEXT_SIZE },
#endif
#ifdef WOLFSSL_WC_ML_KEM_1024
{ WC_ML_KEM_1024, WC_ML_KEM_1024_PRIVATE_KEY_SIZE,
WC_ML_KEM_1024_PUBLIC_KEY_SIZE, WC_ML_KEM_1024_CIPHER_TEXT_SIZE },
#endif
#endif
#ifdef WOLFSSL_MLKEM_KYBER
#ifdef WOLFSSL_KYBER512
{ KYBER512, KYBER512_PRIVATE_KEY_SIZE, KYBER512_PUBLIC_KEY_SIZE,
KYBER512_CIPHER_TEXT_SIZE },
#endif
#ifdef WOLFSSL_KYBER768
{ KYBER768, KYBER768_PRIVATE_KEY_SIZE, KYBER768_PUBLIC_KEY_SIZE,
KYBER768_CIPHER_TEXT_SIZE },
#endif
#ifdef WOLFSSL_KYBER1024
{ KYBER1024, KYBER1024_PRIVATE_KEY_SIZE, KYBER1024_PUBLIC_KEY_SIZE,
KYBER1024_CIPHER_TEXT_SIZE },
#endif
#endif
};
#ifdef WC_NO_RNG
#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
/* Fake random data for testing (from mlkem768_kat) */
WOLFSSL_SMALL_STACK_STATIC const byte make_key_rand[] = {
0x7c, 0x99, 0x35, 0xa0, 0xb0, 0x76, 0x94, 0xaa,
0x0c, 0x6d, 0x10, 0xe4, 0xdb, 0x6b, 0x1a, 0xdd,
0x2f, 0xd8, 0x1a, 0x25, 0xcc, 0xb1, 0x48, 0x03,
0x2d, 0xcd, 0x73, 0x99, 0x36, 0x73, 0x7f, 0x2d,
0x86, 0x26, 0xED, 0x79, 0xD4, 0x51, 0x14, 0x08,
0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21,
0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
};
#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
WOLFSSL_SMALL_STACK_STATIC const byte encap_rand[] = {
0x14, 0x7c, 0x03, 0xf7, 0xa5, 0xbe, 0xbb, 0xa4,
0x06, 0xc8, 0xfa, 0xe1, 0x87, 0x4d, 0x7f, 0x13,
0xc8, 0x0e, 0xfe, 0x79, 0xa3, 0xa9, 0xa8, 0x74,
0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15
};
#endif
#endif
#endif
WOLFSSL_ENTER("mlkem_test");
#ifdef WOLFSSL_SMALL_STACK
key = (MlKemKey *)XMALLOC(sizeof(MlKemKey), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
priv = (byte *)XMALLOC(WC_ML_KEM_MAX_PRIVATE_KEY_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (priv == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
pub = (byte *)XMALLOC(WC_ML_KEM_MAX_PUBLIC_KEY_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (pub == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
priv2 = (byte *)XMALLOC(WC_ML_KEM_MAX_PRIVATE_KEY_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (priv2 == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
pub2 = (byte *)XMALLOC(WC_ML_KEM_MAX_PUBLIC_KEY_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (pub2 == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
ct = (byte *)XMALLOC(WC_ML_KEM_MAX_CIPHER_TEXT_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (ct == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
ss = (byte *)XMALLOC(WC_ML_KEM_SS_SZ, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (ss == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
ss_dec = (byte *)XMALLOC(WC_ML_KEM_SS_SZ, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (ss_dec == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#endif
#endif
#endif
#endif
#ifndef WC_NO_RNG
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
ret = wc_InitRng(&rng);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
rng_inited = 1;
#endif /* WC_NO_RNG */
for (i = 0; i < (int)(sizeof(testData) / sizeof(*testData)); i++) {
ret = wc_MlKemKey_Init(key, testData[i][0], HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
else
key_inited = 1;
#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
#ifndef WC_NO_RNG
ret = wc_MlKemKey_MakeKey(key, &rng);
#else
ret = wc_MlKemKey_MakeKeyWithRandom(key, make_key_rand,
sizeof(make_key_rand));
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
ret = wc_MlKemKey_EncodePublicKey(key, pub, testData[i][2]);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
ret = wc_MlKemKey_EncodePrivateKey(key, priv, testData[i][1]);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
ret = wc_MlKemKey_Init(key, testData[i][0], HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
ret = wc_MlKemKey_DecodePublicKey(key, pub, testData[i][2]);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
#ifndef WC_NO_RNG
ret = wc_MlKemKey_Encapsulate(key, ct, ss, &rng);
#else
ret = wc_MlKemKey_EncapsulateWithRandom(key, ct, ss, encap_rand,
sizeof(encap_rand));
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
#endif
ret = wc_MlKemKey_EncodePublicKey(key, pub2, testData[i][2]);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
if (XMEMCMP(pub, pub2, testData[i][2]) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
ret = wc_MlKemKey_Init(key, testData[i][0], HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
ret = wc_MlKemKey_DecodePrivateKey(key, priv, testData[i][1]);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
#if !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \
!defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
ret = wc_MlKemKey_Decapsulate(key, ss_dec, ct, testData[i][3]);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
if (XMEMCMP(ss, ss_dec, WC_ML_KEM_SS_SZ) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
#endif
ret = wc_MlKemKey_EncodePrivateKey(key, priv2, testData[i][1]);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
if (XMEMCMP(priv, priv2, testData[i][1]) != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
/* FIPS 203 modulus check: a private key whose first coefficient is
* not reduced (>= q) must be rejected on decode. Free first so the
* reinit does not leak the decoded dynamic priv/pub buffers. */
wc_MlKemKey_Free(key);
ret = wc_MlKemKey_Init(key, testData[i][0], HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
priv[0] = 0xff;
priv[1] |= 0x0f;
ret = wc_MlKemKey_DecodePrivateKey(key, priv, testData[i][1]);
if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E))
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
ret = 0;
#if !defined(WOLFSSL_NO_MALLOC) && !defined(WC_NO_CONSTRUCTORS)
tmpKey = wc_MlKemKey_New(testData[i][0], HEAP_HINT, devId);
if (tmpKey == NULL)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_MlKemKey_Delete(tmpKey, &tmpKey);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
#endif
#endif
}
#if !defined(WOLFSSL_NO_KYBER512) && !defined(WOLFSSL_NO_ML_KEM_512)
ret = mlkem512_kat();
if (ret != 0)
goto out;
#endif
#if !defined(WOLFSSL_NO_KYBER768) && !defined(WOLFSSL_NO_ML_KEM_768)
ret = mlkem768_kat();
if (ret != 0)
goto out;
#endif
#if !defined(WOLFSSL_NO_KYBER1024) && !defined(WOLFSSL_NO_ML_KEM_1024)
ret = mlkem1024_kat();
if (ret != 0)
goto out;
#endif
out:
if (key_inited)
wc_MlKemKey_Free(key);
#ifndef WC_NO_RNG
if (rng_inited)
wc_FreeRng(&rng);
#endif
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE
XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE
XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#endif
#endif
#endif
return ret;
}
#endif /* WOLFSSL_HAVE_MLKEM */
#ifdef WOLFSSL_HAVE_MLDSA
#ifndef WOLFSSL_MLDSA_NO_VERIFY
static wc_test_ret_t mldsa_param_vfy_test(int param, const byte* pubKey,
word32 pubKeyLen, const byte* sig, word32 sigLen)
{
#ifndef WC_MLDSA_TEST_MSG_SZ
#define WC_MLDSA_TEST_MSG_SZ 512
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
byte* msg = NULL;
wc_MlDsaKey* key = NULL;
byte* pubExported = NULL;
#else
byte msg[WC_MLDSA_TEST_MSG_SZ];
wc_MlDsaKey key[1];
byte pubExported[MLDSA_MAX_PUB_KEY_SIZE];
#endif
wc_test_ret_t ret;
int i;
int res = 0;
word32 lenExported = pubKeyLen;
int n_diff = 0;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
msg = (byte*)XMALLOC(WC_MLDSA_TEST_MSG_SZ, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
key = (wc_MlDsaKey*)XMALLOC(sizeof(*key), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
pubExported = (byte*)XMALLOC(pubKeyLen, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (msg == NULL || key == NULL || pubExported == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
}
#endif
/* make dummy msg */
for (i = 0; i < WC_MLDSA_TEST_MSG_SZ; i++) {
msg[i] = (byte)i;
}
ret = wc_MlDsaKey_Init(key, NULL, devId);
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret);
return ret;
}
ret = wc_MlDsaKey_SetParams(key, param);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_MlDsaKey_ImportPubRaw(key, pubKey, pubKeyLen);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
if (param >= WC_ML_DSA_DRAFT) {
ret = wc_MlDsaKey_Verify(key, sig, sigLen, msg, WC_MLDSA_TEST_MSG_SZ,
&res);
}
else
#endif
{
ret = wc_MlDsaKey_VerifyCtx(key, sig, sigLen, NULL, 0, msg,
WC_MLDSA_TEST_MSG_SZ, &res);
}
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (res != 1)
ERROR_OUT(WC_TEST_RET_ENC_EC(res), out);
/* Now test the export pub raw API, verify we recover the original pub. */
ret = wc_MlDsaKey_ExportPubRaw(key, pubExported, &lenExported);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
if (lenExported <= 0 || lenExported != pubKeyLen) {
ERROR_OUT(WC_TEST_RET_ENC_EC(lenExported), out);
}
n_diff = XMEMCMP(pubExported, pubKey, pubKeyLen);
if (n_diff) {
ERROR_OUT(WC_TEST_RET_ENC_EC(n_diff), out);
}
out:
wc_MlDsaKey_Free(key);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(msg, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(pubExported, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
#ifndef WOLFSSL_NO_ML_DSA_44
static wc_test_ret_t mldsa_param_44_vfy_test(void)
{
WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_pub_key[] = {
0xd8, 0xac, 0xaf, 0xd8, 0x2e, 0x14, 0x23, 0x78, 0xf7, 0x0d, 0x9a, 0x04,
0x2b, 0x92, 0x48, 0x67, 0x60, 0x55, 0x34, 0xd9, 0xac, 0x0b, 0xc4, 0x1f,
0x46, 0xe8, 0x85, 0xb9, 0x2e, 0x1b, 0x10, 0x3a, 0x75, 0x7a, 0xc2, 0xbc,
0x76, 0xf0, 0x6d, 0x05, 0xa4, 0x78, 0x48, 0x84, 0x26, 0x69, 0xbd, 0x26,
0x1d, 0x73, 0x60, 0xaa, 0x57, 0x9d, 0x8c, 0x66, 0xb1, 0x19, 0xea, 0x11,
0xff, 0xbb, 0xf6, 0xeb, 0x26, 0x26, 0xac, 0x78, 0x74, 0x46, 0x6d, 0x51,
0x6e, 0x92, 0xdf, 0x6a, 0x98, 0x41, 0xe9, 0x10, 0xf2, 0xcc, 0xa8, 0x7a,
0x50, 0xdb, 0x1f, 0x4c, 0x42, 0x19, 0xd5, 0xbc, 0x76, 0x20, 0x6f, 0x2f,
0xbf, 0xc2, 0xc9, 0x1b, 0x02, 0xb5, 0xb1, 0x09, 0x46, 0x06, 0x87, 0x02,
0xac, 0x3d, 0xcf, 0xc3, 0xa5, 0x1b, 0xf0, 0xce, 0xd4, 0x9e, 0x84, 0x34,
0x3c, 0x24, 0x7d, 0x89, 0xf3, 0xbf, 0x9c, 0x18, 0x9d, 0x1b, 0x1d, 0xd4,
0xf6, 0xda, 0xc9, 0xa4, 0x14, 0xc4, 0x6b, 0xd7, 0x05, 0x6d, 0xed, 0x54,
0x42, 0x6b, 0x5f, 0x6d, 0x1e, 0xda, 0x6b, 0x47, 0x70, 0xe5, 0x4e, 0xe7,
0x25, 0x06, 0xf8, 0x28, 0x24, 0x34, 0xd6, 0xe5, 0xbe, 0xc5, 0x4f, 0x9e,
0x5d, 0x33, 0xfc, 0xef, 0xe4, 0xe9, 0x55, 0x67, 0x93, 0x1f, 0x2e, 0x11,
0x3a, 0x2e, 0xf2, 0xbb, 0x82, 0x09, 0x8d, 0xb2, 0x09, 0xf3, 0x2f, 0xef,
0x6f, 0x38, 0xc6, 0x56, 0xf2, 0x23, 0x08, 0x63, 0x99, 0x7f, 0x4e, 0xc0,
0x9d, 0x08, 0x9d, 0xa1, 0x59, 0x6e, 0xe1, 0x00, 0x2c, 0x99, 0xec, 0x83,
0x2f, 0x12, 0x97, 0x2f, 0x75, 0x04, 0x67, 0x44, 0xb5, 0x95, 0xce, 0xc6,
0x3e, 0x7a, 0x10, 0x77, 0x5e, 0xbe, 0x9c, 0x0f, 0xb3, 0xc7, 0x38, 0xbf,
0x9e, 0x35, 0x8f, 0xe4, 0x8d, 0x19, 0xc3, 0x41, 0xb1, 0x0b, 0x8c, 0x10,
0x9a, 0x58, 0xec, 0x4f, 0xb3, 0xe9, 0x5b, 0x72, 0x4b, 0xb8, 0x99, 0x34,
0x9a, 0xcd, 0xb0, 0x69, 0xd0, 0x67, 0xef, 0x96, 0xb9, 0xe5, 0x54, 0x92,
0xb7, 0x1a, 0x52, 0xf6, 0x0a, 0xc2, 0x23, 0x8d, 0x4f, 0xad, 0x00, 0xae,
0x0f, 0x97, 0xfa, 0xce, 0x96, 0xba, 0xe7, 0x74, 0x55, 0xd4, 0xaf, 0xbf,
0xa1, 0x32, 0x91, 0x2d, 0x03, 0x9f, 0xe3, 0x10, 0x8c, 0x77, 0x5d, 0x26,
0x76, 0xf1, 0x87, 0x90, 0xf0, 0x20, 0xd1, 0xea, 0xf7, 0xa4, 0xe8, 0x2c,
0x32, 0x1c, 0x55, 0xc0, 0x5d, 0xc9, 0xcd, 0x4e, 0x8f, 0x0d, 0xef, 0x0a,
0x27, 0xb6, 0x4f, 0xa4, 0xd3, 0xa4, 0xed, 0x33, 0x22, 0xa1, 0xd3, 0x15,
0xac, 0x1a, 0x20, 0x4e, 0x28, 0x8c, 0x8c, 0xd0, 0x71, 0xd1, 0xf2, 0xdb,
0x33, 0x63, 0xb6, 0xa4, 0xf2, 0x17, 0x3c, 0x12, 0xb0, 0xad, 0xef, 0x31,
0x91, 0xfe, 0xe5, 0x53, 0x99, 0xb6, 0x85, 0x63, 0xfa, 0xe6, 0xcd, 0xf6,
0xb9, 0xce, 0x4a, 0x7d, 0x4a, 0x49, 0x29, 0xd2, 0xd9, 0xc9, 0x47, 0x4a,
0x8a, 0x5c, 0x14, 0x5e, 0x0f, 0x7c, 0xc3, 0x91, 0xb0, 0xab, 0x37, 0xf5,
0x26, 0x8d, 0x46, 0x74, 0x49, 0xad, 0x51, 0xc3, 0x11, 0xfa, 0x85, 0x15,
0xa5, 0x84, 0xc1, 0xe0, 0x3c, 0x13, 0x6d, 0x13, 0xa3, 0xe6, 0xa8, 0x3c,
0x22, 0xac, 0x17, 0x48, 0x57, 0x7c, 0x81, 0xe2, 0x4e, 0xd8, 0x33, 0x5d,
0x4d, 0x65, 0xf7, 0xe1, 0xb8, 0x00, 0x78, 0x09, 0x16, 0xb0, 0x0b, 0xca,
0x15, 0x0d, 0xcd, 0x9a, 0xd8, 0x47, 0x4c, 0x9b, 0x69, 0xb2, 0xa0, 0x9d,
0x96, 0x96, 0x52, 0x6d, 0x89, 0xad, 0xff, 0x55, 0xde, 0x7b, 0xd6, 0x3d,
0x1d, 0x5e, 0x8d, 0xf1, 0xfc, 0x48, 0x1c, 0x50, 0x59, 0x55, 0xb9, 0x07,
0xfd, 0x6b, 0xcb, 0x95, 0xa6, 0x14, 0x73, 0xdb, 0x40, 0x40, 0x1c, 0x44,
0xe6, 0x79, 0x30, 0x88, 0xbd, 0xa0, 0xde, 0x9b, 0xb8, 0x76, 0xf8, 0x98,
0x56, 0x4b, 0xb9, 0x7a, 0xf6, 0xd4, 0x73, 0x89, 0x6b, 0xf7, 0x7d, 0x05,
0x33, 0xbe, 0xb6, 0x1c, 0x4d, 0xa7, 0x12, 0x3b, 0x3f, 0xed, 0x4a, 0x0f,
0xae, 0xa7, 0x6a, 0x26, 0x0d, 0x01, 0x84, 0x84, 0xa8, 0x0e, 0xc1, 0xc1,
0xfd, 0xe4, 0xa9, 0xe2, 0x3f, 0xab, 0xce, 0x20, 0x90, 0x86, 0x79, 0xa2,
0x40, 0xd0, 0xef, 0x79, 0x34, 0x2b, 0xe8, 0xc9, 0x54, 0xa7, 0x19, 0x62,
0xcc, 0x20, 0x79, 0x3f, 0x5b, 0x9c, 0x61, 0xc2, 0xc1, 0xd2, 0x36, 0x7c,
0x8e, 0xe3, 0x01, 0xbe, 0xc4, 0xb2, 0xb8, 0x07, 0x51, 0x23, 0x5b, 0x5d,
0x00, 0xe6, 0x7f, 0xd6, 0xbb, 0x32, 0xa9, 0x7e, 0xb4, 0x30, 0xeb, 0x5e,
0x6d, 0xed, 0xb2, 0xc3, 0x88, 0x81, 0xa3, 0x3b, 0x1f, 0x1e, 0xf9, 0x48,
0x10, 0xd6, 0x01, 0x65, 0x5f, 0x6d, 0xc5, 0xeb, 0x76, 0x5f, 0x10, 0x79,
0xaa, 0xc0, 0x86, 0xe7, 0x44, 0x95, 0x44, 0x4b, 0x54, 0x0c, 0x46, 0x2a,
0x98, 0x01, 0x6e, 0xc0, 0xb9, 0x59, 0x2a, 0xff, 0x8f, 0xb3, 0x80, 0x15,
0xec, 0xcd, 0x39, 0x36, 0xd7, 0x2f, 0x20, 0x9e, 0x3a, 0xc1, 0x90, 0xe5,
0x99, 0x27, 0x16, 0xd7, 0x6c, 0x30, 0x10, 0x12, 0x03, 0x3e, 0xdc, 0xb9,
0x03, 0x25, 0xb0, 0x8a, 0x27, 0x4d, 0x1a, 0x32, 0x36, 0x54, 0xc0, 0xba,
0x22, 0xb2, 0xe2, 0xf6, 0x39, 0x23, 0x03, 0xc4, 0xc9, 0xe4, 0x0d, 0x99,
0xfb, 0x98, 0xa5, 0x9b, 0x12, 0x9b, 0x58, 0x44, 0x74, 0x9f, 0x65, 0x61,
0x51, 0xba, 0x31, 0x60, 0x9c, 0xec, 0xf8, 0x4d, 0x36, 0x61, 0xd1, 0x33,
0x6d, 0xa6, 0x28, 0x75, 0xba, 0x7c, 0x82, 0xcb, 0x7e, 0xbe, 0x8f, 0x2d,
0x21, 0x84, 0xb9, 0xf2, 0x4e, 0x7b, 0x95, 0x99, 0x11, 0xf3, 0xe1, 0xc0,
0x6a, 0x44, 0xae, 0x11, 0xcb, 0x04, 0xa0, 0xf2, 0x3e, 0x17, 0xdf, 0xb2,
0x6a, 0xdf, 0x5c, 0xf3, 0x8a, 0xf8, 0x90, 0x86, 0x64, 0xea, 0x0a, 0x32,
0x7f, 0x9f, 0x90, 0xa8, 0x9d, 0x33, 0x12, 0xa6, 0xa4, 0xe7, 0x74, 0xa0,
0x75, 0xa9, 0x65, 0xf8, 0x39, 0xae, 0x14, 0x32, 0x79, 0xcc, 0xaa, 0x34,
0x86, 0x55, 0xcc, 0x99, 0xb7, 0x00, 0x05, 0x8b, 0xe3, 0x76, 0x28, 0x12,
0xb6, 0x2a, 0x3e, 0x44, 0x8d, 0xf4, 0xba, 0xef, 0xf6, 0xdc, 0x29, 0x08,
0x29, 0x7d, 0xd1, 0x1d, 0x17, 0x15, 0xb6, 0xb6, 0x58, 0x67, 0xd5, 0xd3,
0x12, 0x05, 0x4e, 0xb0, 0xc3, 0x83, 0xe0, 0x35, 0x30, 0x60, 0x59, 0xa0,
0xc5, 0x97, 0x5b, 0x81, 0xd3, 0x68, 0x6c, 0x8c, 0x17, 0x28, 0xa9, 0x24,
0x4f, 0x80, 0x20, 0xa5, 0x21, 0x9f, 0x8f, 0x15, 0x89, 0x2d, 0x87, 0xae,
0x2e, 0xcc, 0x73, 0x3e, 0x06, 0x43, 0xbc, 0xb3, 0x1b, 0xa6, 0x72, 0xaa,
0xa3, 0xaa, 0xbb, 0x6f, 0x2d, 0x68, 0x60, 0xcf, 0x05, 0x94, 0x25, 0x3e,
0x59, 0xf3, 0x64, 0x61, 0x5e, 0x78, 0x9a, 0x7e, 0x0d, 0x50, 0x45, 0x78,
0x51, 0xab, 0x11, 0xb1, 0xc6, 0x95, 0xfc, 0x29, 0x28, 0x10, 0x9c, 0x1a,
0x8c, 0x37, 0xb5, 0x4f, 0x0e, 0xed, 0x4a, 0x28, 0x6c, 0xaa, 0xb7, 0x0d,
0x12, 0xfa, 0x87, 0x5d, 0xd4, 0x9a, 0xb7, 0x2b, 0x46, 0x90, 0x58, 0x4e,
0xd7, 0x8b, 0x41, 0x1b, 0xf8, 0xc4, 0xc2, 0xde, 0xda, 0xec, 0x61, 0xe7,
0xbf, 0x11, 0xdd, 0x6e, 0x4e, 0x6a, 0xd4, 0x87, 0x01, 0xe4, 0xac, 0xe8,
0xaf, 0x2b, 0x01, 0xe1, 0x09, 0x20, 0xe0, 0xbd, 0x7d, 0x03, 0x73, 0x23,
0xdf, 0x77, 0x71, 0xa4, 0x25, 0x8b, 0x0a, 0x93, 0x49, 0x32, 0x45, 0x1a,
0xa4, 0x94, 0x31, 0x61, 0x2e, 0x17, 0x39, 0x8a, 0x66, 0xc9, 0xf9, 0x20,
0x2d, 0x6a, 0x97, 0x2f, 0xe7, 0x26, 0xd8, 0x01, 0x42, 0x65, 0xcf, 0xce,
0xd4, 0x24, 0x41, 0xfb, 0x9b, 0x6f, 0xf1, 0xc2, 0x9e, 0xd5, 0x08, 0x0c,
0xdc, 0x4d, 0x8e, 0xae, 0xcb, 0x5f, 0xd4, 0xcd, 0x7c, 0xf6, 0x82, 0xc6,
0xee, 0xf9, 0x88, 0x3a, 0x34, 0x07, 0x04, 0xb4, 0x84, 0x69, 0xb3, 0xa4,
0x67, 0xab, 0x09, 0xc0, 0x83, 0xfe, 0x59, 0xaf, 0x18, 0x2c, 0xc8, 0x09,
0xc1, 0xbb, 0x13, 0x7c, 0xce, 0x01, 0x5d, 0x85, 0xaa, 0x10, 0x28, 0xa2,
0x96, 0x98, 0x69, 0x23, 0xa3, 0xe7, 0x67, 0xbc, 0x7c, 0x7e, 0xde, 0x4b,
0x36, 0xab, 0x94, 0xd2, 0xb8, 0xf9, 0xdf, 0xee, 0xa1, 0x69, 0xa1, 0xc8,
0xe9, 0x83, 0x21, 0xac, 0x1b, 0x39, 0xf7, 0x6d, 0xbf, 0x8c, 0xdb, 0xd6,
0x2f, 0xc9, 0x3c, 0x3d, 0x50, 0xcf, 0x7f, 0xbe, 0x4a, 0x8d, 0xd8, 0x14,
0xad, 0x69, 0xb0, 0x3e, 0x8a, 0xaf, 0xeb, 0xd9, 0x1a, 0x15, 0x4a, 0xe4,
0xdd, 0xd9, 0xb2, 0xf8, 0x6b, 0xe2, 0x42, 0x9e, 0x29, 0x16, 0xfc, 0x85,
0x9c, 0x47, 0x4b, 0x1f, 0x3d, 0x7b, 0x8c, 0xe1, 0x6d, 0xa3, 0xb8, 0x0a,
0xe6, 0xfa, 0x27, 0xfe, 0x52, 0x72, 0xab, 0x3a, 0xa6, 0x58, 0xd7, 0x53,
0xaf, 0x9f, 0xee, 0x03, 0x85, 0xfc, 0xa4, 0x7a, 0x72, 0x29, 0x7e, 0x62,
0x28, 0x08, 0x79, 0xa8, 0xb8, 0xc7, 0x51, 0x8d, 0xaa, 0x40, 0x2d, 0x4a,
0xd9, 0x47, 0xb4, 0xa8, 0xa2, 0x0a, 0x43, 0xd0, 0xe0, 0x4a, 0x39, 0xa3,
0x06, 0x08, 0x9a, 0xe2, 0xf3, 0xf2, 0xf8, 0xb9, 0x9f, 0x63, 0x32, 0xa0,
0x65, 0x0b, 0xb0, 0x50, 0x96, 0xa6, 0xa8, 0x7a, 0x18, 0xdd, 0x6c, 0xd1,
0x9b, 0xd9, 0x4e, 0x76, 0x8f, 0xfb, 0x22, 0xa6, 0x1d, 0x29, 0xfc, 0xb8,
0x47, 0x29, 0xb6, 0xd1, 0xb1, 0x63, 0x4a, 0x36, 0x1b, 0x10, 0xe6, 0x4c,
0x65, 0x68, 0x1f, 0xad, 0x4f, 0x7d, 0x6b, 0x01, 0x41, 0x18, 0x5f, 0xba,
0x3d, 0xa6, 0x54, 0x28, 0x58, 0xd5, 0x81, 0x60, 0xdf, 0x84, 0x76, 0x00,
0x21, 0x53, 0xeb, 0xd3, 0xa6, 0xec, 0x7d, 0x3c, 0xb8, 0xcd, 0x91, 0x4c,
0x2f, 0x4b, 0x2e, 0x23, 0x4c, 0x0f, 0x0f, 0xe0, 0x14, 0xa5, 0xe7, 0xe5,
0x70, 0x8d, 0x8b, 0x9c
};
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_draft_pub_key[] = {
0xea, 0x05, 0x24, 0x0d, 0x80, 0x72, 0x25, 0x55, 0xf4, 0x5b,
0xc2, 0x13, 0x8b, 0x87, 0x5d, 0x31, 0x99, 0x2f, 0x1d, 0xa9,
0x41, 0x09, 0x05, 0x76, 0xa7, 0xb7, 0x5e, 0x8c, 0x44, 0xe2,
0x64, 0x79, 0xa0, 0xec, 0x1f, 0x24, 0xb6, 0xc8, 0x05, 0x5b,
0xc1, 0x18, 0xb0, 0xb7, 0xcf, 0x8c, 0x60, 0x67, 0x6b, 0x81,
0x44, 0x27, 0xb6, 0x0e, 0xfd, 0x9b, 0xc3, 0xcb, 0x52, 0x31,
0xfa, 0xc9, 0x34, 0x8d, 0x22, 0x1e, 0x07, 0x9d, 0x96, 0x6a,
0x63, 0x83, 0x5c, 0xd7, 0x83, 0x2d, 0x7f, 0x48, 0x64, 0x79,
0xca, 0xb4, 0x9f, 0xa2, 0x02, 0xb7, 0x86, 0x1d, 0x0e, 0xc7,
0xf9, 0x6c, 0x07, 0xc0, 0x35, 0x6a, 0x34, 0x79, 0x7c, 0xb8,
0x0f, 0xed, 0x98, 0x50, 0xfb, 0x51, 0xe0, 0x36, 0x44, 0x4c,
0xc6, 0x35, 0xa2, 0xbb, 0x55, 0xb0, 0x5c, 0x39, 0x08, 0x02,
0x20, 0x35, 0x5c, 0x56, 0x6d, 0x2e, 0xb9, 0xef, 0x21, 0x26,
0x87, 0x87, 0x85, 0x8a, 0x32, 0xb5, 0xa7, 0x68, 0x70, 0x3a,
0xfd, 0x0d, 0x21, 0x48, 0x91, 0xa3, 0x29, 0xc1, 0x2a, 0x38,
0xe5, 0x26, 0x31, 0x1f, 0x42, 0xde, 0x0b, 0x25, 0xff, 0x1d,
0x6b, 0xb4, 0xe0, 0x5d, 0x2d, 0xcf, 0x44, 0xd5, 0x7d, 0xc4,
0xf6, 0x95, 0xf2, 0x06, 0x4f, 0x83, 0x88, 0x9d, 0x1e, 0xeb,
0x1c, 0x09, 0x45, 0x62, 0x67, 0x3d, 0xff, 0x51, 0x47, 0xe8,
0xbc, 0x9b, 0x03, 0x1f, 0xc7, 0x72, 0x65, 0xce, 0xa8, 0x8c,
0xc2, 0xa0, 0xc2, 0xbd, 0x5b, 0x7c, 0x17, 0x16, 0x8b, 0x72,
0xfa, 0xb1, 0xbd, 0xdf, 0x49, 0xd6, 0xa1, 0x00, 0x65, 0xbe,
0x82, 0xe7, 0x68, 0xc7, 0xe7, 0xbc, 0xc2, 0xa4, 0xdb, 0xaa,
0xcc, 0xea, 0x41, 0x52, 0x7f, 0x56, 0xb4, 0x68, 0x1f, 0x92,
0x96, 0x0f, 0xce, 0xd4, 0xd0, 0x87, 0x4c, 0x4a, 0x73, 0xb5,
0x6c, 0xd4, 0x69, 0x55, 0x15, 0x47, 0xdc, 0x94, 0x7f, 0xd2,
0x54, 0x5e, 0xb2, 0x90, 0xc2, 0x47, 0xe4, 0xf5, 0xde, 0x8b,
0x9b, 0xc6, 0x5d, 0x50, 0x95, 0x60, 0xe0, 0xf0, 0xa7, 0x4e,
0xe0, 0xcd, 0x41, 0x09, 0xef, 0xb3, 0x3d, 0x90, 0x5c, 0x77,
0x54, 0xec, 0x9e, 0x5d, 0x8a, 0xe7, 0x09, 0x5c, 0xc9, 0x58,
0x0c, 0xd0, 0x42, 0x35, 0xd2, 0x14, 0x59, 0x38, 0x69, 0xad,
0xf9, 0xb5, 0xbf, 0x8a, 0x8e, 0x33, 0xd8, 0x5e, 0x7a, 0x55,
0xd0, 0x53, 0x15, 0x40, 0x4e, 0xc5, 0x86, 0xd7, 0x8f, 0x5f,
0x2f, 0x55, 0x82, 0xc2, 0x4f, 0x16, 0xe5, 0xea, 0x1c, 0xbc,
0xff, 0x5e, 0x1f, 0x39, 0x46, 0x70, 0x54, 0x7a, 0x3a, 0x27,
0x16, 0x1a, 0x2b, 0x6c, 0xd2, 0xb7, 0x80, 0xd3, 0xd1, 0x9d,
0x25, 0x59, 0xed, 0xe6, 0x51, 0xb1, 0xf2, 0xad, 0x7e, 0x51,
0x78, 0x14, 0x2b, 0x19, 0xae, 0x64, 0x72, 0x0f, 0xd8, 0x18,
0x79, 0x8e, 0x66, 0x88, 0xd3, 0xa4, 0xa3, 0xc3, 0x76, 0x21,
0xcb, 0xe4, 0x79, 0x5e, 0x95, 0x74, 0xe3, 0x31, 0x18, 0x79,
0xed, 0xc7, 0xe7, 0xfb, 0x86, 0x48, 0x1b, 0x7b, 0x75, 0x5b,
0x7f, 0x7c, 0x82, 0xc5, 0xab, 0x11, 0xb4, 0x5d, 0x59, 0x6f,
0x78, 0xb2, 0xa5, 0x39, 0xc6, 0x63, 0x38, 0x6c, 0xeb, 0x50,
0x06, 0x14, 0x76, 0xf0, 0xe8, 0xfb, 0x11, 0x95, 0x1f, 0x9d,
0x9c, 0xa6, 0xe1, 0xe2, 0x0d, 0xa3, 0x66, 0xfc, 0x20, 0x83,
0x50, 0x0e, 0x53, 0x75, 0xb5, 0x12, 0xf4, 0xdf, 0x31, 0x46,
0x83, 0xac, 0x5b, 0xf3, 0x99, 0xa6, 0xd1, 0x7b, 0x2b, 0xc5,
0xdc, 0x71, 0x07, 0x27, 0x33, 0x35, 0x34, 0xf5, 0x30, 0x19,
0xc1, 0x3b, 0xba, 0x8a, 0xaf, 0x7e, 0x49, 0x93, 0x48, 0x5b,
0x38, 0xc0, 0xbc, 0x2e, 0xc7, 0x59, 0x1b, 0xd9, 0xf5, 0xcc,
0x86, 0xf5, 0x7b, 0x4d, 0xd7, 0x39, 0xa7, 0xa2, 0x56, 0x20,
0x48, 0x98, 0x7d, 0x4f, 0x75, 0x56, 0x9b, 0xb8, 0x95, 0x45,
0x17, 0xf3, 0x86, 0x3d, 0x97, 0x0a, 0x49, 0x1b, 0xca, 0xff,
0x20, 0xc0, 0x24, 0x2c, 0x51, 0xc2, 0x0a, 0x3c, 0xbf, 0x07,
0x60, 0x1c, 0x88, 0x85, 0x9b, 0x85, 0x2d, 0x4a, 0xfe, 0x5a,
0x1c, 0x90, 0xf5, 0x90, 0x12, 0xd3, 0x03, 0x3c, 0x8c, 0x2e,
0x95, 0x4a, 0x47, 0x76, 0x0f, 0x1f, 0x5d, 0x9e, 0xed, 0xc5,
0x64, 0xc4, 0x9b, 0xbf, 0x86, 0xc5, 0x63, 0x84, 0x33, 0x00,
0xf1, 0x26, 0x18, 0x21, 0xf3, 0x88, 0x1a, 0x08, 0x18, 0x6d,
0x2f, 0xef, 0xd5, 0xeb, 0x2f, 0x69, 0xc8, 0x6e, 0x92, 0x34,
0xfc, 0x72, 0x3d, 0x9a, 0xa7, 0x9e, 0x51, 0xfb, 0x56, 0xe3,
0xdc, 0xf4, 0x8f, 0x9b, 0x6d, 0x0d, 0x2a, 0xec, 0x66, 0x12,
0x26, 0x35, 0xbd, 0x61, 0xc2, 0x67, 0x19, 0xf5, 0x7e, 0xa1,
0x67, 0xa2, 0x9c, 0x3b, 0x67, 0xb0, 0xc2, 0x51, 0x6a, 0x37,
0x7c, 0x48, 0xe9, 0x4b, 0xb9, 0xa3, 0x38, 0x2f, 0xfc, 0xde,
0xb4, 0x7c, 0xda, 0x52, 0x84, 0x0b, 0xb0, 0xd9, 0x08, 0xe9,
0x7a, 0x4a, 0x6f, 0x79, 0x29, 0x3d, 0xc4, 0x5c, 0x78, 0xee,
0x63, 0xb6, 0x96, 0x68, 0xd9, 0x82, 0x4e, 0xc1, 0x1b, 0x6f,
0x52, 0xf5, 0xb3, 0xfb, 0xe8, 0xc4, 0x2a, 0x07, 0xc6, 0x3b,
0x85, 0x0d, 0xf4, 0xbf, 0xb0, 0x6b, 0xfb, 0xce, 0x1d, 0xb4,
0xbf, 0x63, 0x0b, 0x91, 0x67, 0xc4, 0xa3, 0x06, 0xa4, 0xaf,
0x6c, 0xd3, 0xe5, 0x8b, 0x87, 0x4e, 0x64, 0x9c, 0xb1, 0xf3,
0x70, 0x7c, 0x68, 0x43, 0x46, 0x13, 0x46, 0xee, 0x27, 0x75,
0x12, 0x45, 0x42, 0xde, 0xa5, 0x8d, 0xcf, 0xf7, 0x09, 0x87,
0xa8, 0x80, 0x3d, 0xb6, 0x45, 0xee, 0x41, 0x2d, 0x7c, 0x45,
0x01, 0x9d, 0xaa, 0x78, 0xa8, 0x10, 0xa4, 0xfd, 0xb5, 0x5f,
0xee, 0x0f, 0x77, 0xba, 0x73, 0xff, 0x49, 0xdc, 0xfa, 0x39,
0xd6, 0xa3, 0x6f, 0x25, 0xb9, 0x63, 0x2c, 0x92, 0xc5, 0xdf,
0xfb, 0xba, 0x89, 0xf9, 0xfa, 0x94, 0x5b, 0x6f, 0x5a, 0x4d,
0x1c, 0xe4, 0xc9, 0x10, 0xf9, 0xa0, 0xe8, 0xc4, 0xcb, 0x55,
0x1a, 0xdb, 0x56, 0x5f, 0x8e, 0x91, 0x03, 0x23, 0xca, 0xb0,
0x1f, 0xef, 0xb8, 0x6c, 0x13, 0x5a, 0x99, 0x25, 0xf0, 0x49,
0xa9, 0x5a, 0x45, 0xf7, 0xfd, 0x1a, 0xc2, 0x71, 0x06, 0xe3,
0x2d, 0x25, 0x64, 0xb0, 0x52, 0x12, 0x03, 0x62, 0xc7, 0xb6,
0xf9, 0xdc, 0x1f, 0x78, 0xff, 0x8b, 0xfa, 0xde, 0x7f, 0x71,
0xa6, 0x35, 0x3e, 0xac, 0x20, 0x54, 0x94, 0xa7, 0x2e, 0x9d,
0x47, 0x17, 0x4b, 0xad, 0x92, 0xb3, 0x14, 0x26, 0x8c, 0x5a,
0xd0, 0x16, 0x4b, 0x22, 0xe9, 0x0c, 0x79, 0x6b, 0x8e, 0xac,
0x0d, 0x12, 0xf5, 0x66, 0x8e, 0x82, 0x1a, 0x44, 0xf3, 0xe9,
0x56, 0x5a, 0xcd, 0x1c, 0x1b, 0x81, 0x7b, 0x63, 0x59, 0xfe,
0xc8, 0xc0, 0xe3, 0xda, 0x16, 0x6b, 0x6f, 0x0d, 0xba, 0x0e,
0x47, 0x12, 0x86, 0x9e, 0xf0, 0x3b, 0x4d, 0x87, 0x3b, 0xf2,
0x75, 0x73, 0x2d, 0xdf, 0xca, 0x76, 0x0b, 0xbd, 0xe7, 0xb7,
0x74, 0x24, 0xf3, 0xc6, 0xe6, 0x75, 0x3f, 0x8b, 0x6a, 0xd9,
0xad, 0xed, 0xc0, 0x70, 0x04, 0x1e, 0x0b, 0x8e, 0x8b, 0x7f,
0xea, 0xbc, 0x39, 0x6b, 0x8a, 0x44, 0xa6, 0x9a, 0x2d, 0x0d,
0x8c, 0x21, 0x60, 0x09, 0xd2, 0x4a, 0xe0, 0x62, 0xcf, 0xfa,
0xe8, 0x9b, 0x35, 0x6f, 0x23, 0x2f, 0xb5, 0x65, 0x08, 0x60,
0x92, 0x15, 0xd0, 0x5b, 0x63, 0xcc, 0x65, 0x05, 0xd1, 0xef,
0x0f, 0x7e, 0x1b, 0xb3, 0x8e, 0xc6, 0x12, 0x85, 0xc9, 0x82,
0x53, 0x79, 0x2e, 0x80, 0x5f, 0x0c, 0x7b, 0xc7, 0x1c, 0x83,
0x41, 0x06, 0xd8, 0x41, 0xc9, 0xe7, 0xb9, 0x4b, 0xa1, 0x61,
0xc6, 0x86, 0x67, 0xf5, 0x10, 0xf7, 0x34, 0x0d, 0x39, 0x9e,
0x2b, 0x5f, 0x19, 0x06, 0x02, 0xa5, 0x02, 0x23, 0x71, 0xc2,
0x12, 0x65, 0xcc, 0x81, 0x06, 0xfd, 0x8d, 0x09, 0x68, 0x37,
0x06, 0x3b, 0xff, 0xc4, 0x24, 0xb3, 0x1f, 0xd6, 0xe6, 0x8f,
0x9c, 0x74, 0x2c, 0x5e, 0xc5, 0xf4, 0xe9, 0xeb, 0xca, 0xd3,
0x04, 0x5b, 0x92, 0x9e, 0x5c, 0x1a, 0x1d, 0xa1, 0xa7, 0x34,
0xd2, 0x05, 0xae, 0xdb, 0x3d, 0x71, 0x10, 0x6e, 0x30, 0xd9,
0xa3, 0x44, 0xa0, 0xbd, 0x9e, 0x7b, 0xb5, 0x12, 0x8a, 0x12,
0x07, 0x60, 0xd7, 0x1f, 0x92, 0xe6, 0xfe, 0x04, 0xa9, 0x3e,
0x62, 0x64, 0x00, 0x5f, 0x7c, 0x7b, 0x34, 0x09, 0xeb, 0x4a,
0x18, 0x9e, 0x77, 0x72, 0x3a, 0x31, 0x1a, 0x62, 0x2a, 0xb5,
0xcb, 0x4e, 0x53, 0xce, 0xad, 0x8b, 0x5a, 0x20, 0x4f, 0xd7,
0x3e, 0x16, 0xf8, 0x10, 0xe2, 0xae, 0xbd, 0x3f, 0x02, 0xa9,
0x18, 0xa0, 0x01, 0x18, 0x84, 0x95, 0x22, 0x2e, 0x93, 0x76,
0x44, 0x4e, 0x11, 0x7b, 0x03, 0x51, 0x50, 0x19, 0x79, 0xe7,
0xbb, 0x5c, 0x7b, 0xca, 0x74, 0xb4, 0x25, 0x26, 0xdb, 0x66,
0xaa, 0x0b, 0x21, 0x07, 0xfb, 0x7a, 0x96, 0x10, 0x7d, 0x99,
0xa9, 0x16, 0xcb, 0x0e, 0xba, 0x63, 0xab, 0x95, 0xfc, 0x5a,
0xbe, 0xa6, 0x7f, 0xd8, 0xb4, 0xcd, 0x7c, 0xc5, 0xd0, 0xb1,
0x1b, 0x48, 0x40, 0xfb, 0xe6, 0x2f, 0x2b, 0x94, 0xfe, 0x68,
0xa2, 0xc4, 0x36, 0xd9, 0xcd, 0xc1, 0x93, 0x6d, 0xef, 0x39,
0x5e, 0x43, 0x30, 0x5a, 0x2e, 0x66, 0xb6, 0xf2, 0xed, 0x9a,
0x8d, 0x12, 0xdf, 0x5c, 0xae, 0xad, 0x16, 0x12, 0x7e, 0x81,
0x82, 0x91, 0x7d, 0x2b, 0x12, 0xe9, 0x96, 0xb8, 0xb7, 0x42,
0xcb, 0x1f, 0xf8, 0xd1, 0xfd, 0x83, 0x7a, 0xe4, 0x36, 0x1d,
0x04, 0x27, 0x4c, 0xe5, 0xbd, 0x75, 0x24, 0xf7, 0xbd, 0xb6,
0x6a, 0x68, 0x4e, 0x2c, 0x1b, 0x56, 0x3e, 0x60, 0xa4, 0x42,
0xca, 0x7a, 0x54, 0xe5, 0x06, 0xe3, 0xda, 0x05, 0xf7, 0x77,
0x36, 0x8b, 0x81, 0x26, 0x99, 0x92, 0x42, 0xda, 0x45, 0xb1,
0xfe, 0x4b
};
#endif
WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_sig[] = {
0x27, 0x3b, 0x58, 0xa0, 0xcf, 0x00, 0x29, 0x5e, 0x1a, 0x63, 0xbf, 0xb4,
0x97, 0x16, 0xa1, 0x9c, 0x78, 0xd1, 0x33, 0xdc, 0x72, 0xde, 0xa3, 0xfc,
0xf4, 0x09, 0xb1, 0x09, 0x16, 0x3f, 0x80, 0x72, 0x22, 0x68, 0x65, 0x68,
0xb9, 0x80, 0x5a, 0x4a, 0x0d, 0x73, 0x49, 0xe1, 0xc6, 0xde, 0xca, 0x08,
0x4f, 0xca, 0xf8, 0xb2, 0xf8, 0x45, 0x3b, 0x6b, 0x8c, 0x6c, 0xfd, 0x3a,
0xf4, 0xde, 0xde, 0x82, 0xd8, 0x04, 0xbe, 0x4f, 0x4a, 0xdb, 0x92, 0x47,
0x83, 0x2d, 0xc4, 0x55, 0xed, 0x20, 0x4f, 0x71, 0xb1, 0x58, 0xd9, 0x70,
0x73, 0xbd, 0xb0, 0x3a, 0xb4, 0x8f, 0xd6, 0x9e, 0x32, 0x98, 0x2b, 0x9e,
0xff, 0x2a, 0x7c, 0xcb, 0x05, 0x1b, 0x8e, 0xe6, 0x3a, 0x45, 0xc6, 0x7a,
0xc8, 0xaf, 0x62, 0xd3, 0x04, 0xfa, 0x69, 0x4f, 0xda, 0x1b, 0x74, 0x16,
0x0d, 0xb3, 0x1a, 0xee, 0x71, 0xd7, 0xb0, 0xef, 0x69, 0xf5, 0xe2, 0xe9,
0xc2, 0xcc, 0x15, 0x66, 0x28, 0x0a, 0xac, 0xe2, 0x63, 0x06, 0xb7, 0x21,
0x0d, 0xd8, 0x5c, 0x94, 0x63, 0xfd, 0x51, 0x18, 0x9f, 0x07, 0x19, 0x3d,
0xa2, 0x50, 0x40, 0xd3, 0xe9, 0x05, 0xd4, 0x11, 0x13, 0x15, 0xaa, 0x46,
0xda, 0x3e, 0x5f, 0xcd, 0x3c, 0xfa, 0x42, 0xba, 0x79, 0x4a, 0xb7, 0x43,
0x91, 0xa5, 0xcb, 0xbc, 0xeb, 0x37, 0x94, 0xf1, 0x9c, 0xb9, 0xdb, 0x41,
0x06, 0xd8, 0x7b, 0x5e, 0x90, 0xe3, 0x3c, 0x8a, 0x10, 0x62, 0x9a, 0x15,
0x27, 0x78, 0xed, 0x69, 0x11, 0x2c, 0xb5, 0xb4, 0xdb, 0xc8, 0x70, 0x50,
0x62, 0x47, 0x96, 0xcb, 0xd9, 0xb2, 0x3e, 0x59, 0x2f, 0x1c, 0xac, 0xcb,
0xcf, 0x22, 0xc2, 0x9b, 0xc7, 0x92, 0xe9, 0x4d, 0x8d, 0x5d, 0xcf, 0x06,
0x53, 0x7e, 0xf4, 0x4e, 0xfe, 0x9e, 0x41, 0x5d, 0x00, 0x8c, 0x08, 0xf4,
0x02, 0x79, 0x33, 0x1c, 0x27, 0x1d, 0xe3, 0x94, 0xac, 0xe6, 0x87, 0xa0,
0x08, 0xb4, 0x60, 0x0c, 0xff, 0x47, 0xdc, 0x16, 0x3a, 0x1d, 0x89, 0xc0,
0x6a, 0xa4, 0x3d, 0x71, 0x33, 0xdd, 0x1e, 0x70, 0xfe, 0xd4, 0x8b, 0xed,
0x7c, 0x91, 0xe4, 0xe2, 0x15, 0x06, 0xc1, 0x83, 0x24, 0x55, 0xa7, 0x2a,
0x9f, 0x4e, 0xd9, 0x56, 0x7a, 0x95, 0xa8, 0xdd, 0xc4, 0xf0, 0x71, 0x3a,
0x99, 0x65, 0x31, 0x4b, 0xb7, 0x96, 0x2c, 0x53, 0x54, 0x83, 0xec, 0xc9,
0x97, 0x2f, 0x0c, 0xa4, 0x8f, 0xbb, 0x93, 0x9d, 0xea, 0xae, 0xf9, 0xcb,
0xb2, 0xb9, 0xa3, 0x61, 0x5f, 0x77, 0x8c, 0xb6, 0x5a, 0x56, 0xbe, 0x5f,
0x85, 0xd1, 0xb5, 0x0a, 0x53, 0xe2, 0xc7, 0xbf, 0x76, 0x8b, 0x97, 0x6f,
0x10, 0xdd, 0x1f, 0x44, 0x69, 0x66, 0x03, 0xc4, 0x6b, 0x59, 0xf7, 0xb4,
0xc1, 0x12, 0xcc, 0x00, 0x70, 0xe8, 0xbd, 0x44, 0x28, 0xf5, 0xfa, 0x96,
0xf3, 0x59, 0xed, 0x81, 0x67, 0xe0, 0xbe, 0x47, 0x75, 0xb3, 0xa8, 0x9f,
0x21, 0x70, 0x2e, 0x6f, 0xef, 0x54, 0x11, 0x3f, 0x34, 0xaf, 0x0d, 0x73,
0x5b, 0x9e, 0x6d, 0x86, 0x58, 0xb7, 0x34, 0xc2, 0xc2, 0xb3, 0x64, 0xd5,
0x9b, 0x6e, 0xb9, 0x99, 0x6a, 0xe4, 0xfd, 0xc3, 0x17, 0xf3, 0x10, 0xfc,
0x6e, 0xf5, 0x65, 0xe1, 0x9c, 0x59, 0x15, 0x11, 0x00, 0xea, 0x96, 0x81,
0x69, 0x9b, 0x05, 0x4d, 0xf3, 0xce, 0xf3, 0xf0, 0xa9, 0x01, 0x3f, 0x13,
0xbb, 0xb0, 0xac, 0xc3, 0x92, 0x1c, 0x2b, 0x61, 0xe3, 0x01, 0x22, 0x45,
0x4a, 0x23, 0x19, 0x80, 0xca, 0xb9, 0xef, 0x4e, 0x76, 0x52, 0xc5, 0x9d,
0x91, 0x33, 0x17, 0xc4, 0x28, 0x83, 0x55, 0x61, 0x49, 0x72, 0x04, 0xaa,
0xf8, 0xe3, 0x4b, 0x20, 0xf7, 0x6a, 0x74, 0x56, 0x64, 0xf9, 0xb3, 0xc9,
0x67, 0x5b, 0x55, 0x29, 0x9a, 0x89, 0xa5, 0x14, 0x67, 0xea, 0x6d, 0x6a,
0xde, 0x98, 0x58, 0x73, 0x25, 0xa3, 0xdb, 0xed, 0x3d, 0x62, 0xaa, 0xe0,
0x79, 0x7f, 0xa3, 0xd9, 0xb5, 0x4c, 0xe9, 0xa8, 0xdf, 0xfd, 0x59, 0x31,
0x42, 0x81, 0x9e, 0xb7, 0x81, 0x3f, 0x0e, 0xfb, 0xef, 0x80, 0x71, 0x9d,
0xb7, 0xa5, 0xfc, 0xb1, 0x80, 0xc9, 0x7e, 0x31, 0xd9, 0x47, 0xe2, 0xca,
0x10, 0x7b, 0xd1, 0xa1, 0x1c, 0x28, 0xc7, 0x7f, 0x51, 0x26, 0xb1, 0x4e,
0x57, 0xdd, 0x7d, 0x76, 0x5c, 0x5a, 0x85, 0xa7, 0x7b, 0x8c, 0xc5, 0x6e,
0xac, 0x20, 0xf8, 0x49, 0x16, 0xd6, 0x64, 0xf5, 0xf4, 0x2c, 0x32, 0xa1,
0x5d, 0xfb, 0x87, 0xb6, 0x14, 0xfe, 0x68, 0x7c, 0x4d, 0xce, 0xd7, 0x94,
0xf9, 0x8b, 0xf0, 0x61, 0xfd, 0xe0, 0x83, 0x7f, 0x13, 0xec, 0x7a, 0xb7,
0x41, 0x04, 0x51, 0x6e, 0x30, 0xa2, 0x01, 0xf7, 0x30, 0x12, 0xec, 0xd2,
0x8f, 0x73, 0xe7, 0x8e, 0x12, 0xb4, 0xe5, 0xc1, 0xff, 0xdf, 0x67, 0x14,
0xb1, 0xe9, 0xba, 0x36, 0x19, 0x18, 0xf4, 0xaa, 0xe0, 0xe4, 0x9d, 0xcd,
0xe8, 0xe7, 0x2b, 0x33, 0xb3, 0xdc, 0xb9, 0x19, 0xd7, 0xad, 0xa4, 0x68,
0xcd, 0x83, 0x77, 0x98, 0x36, 0x49, 0xd9, 0x32, 0x20, 0xfd, 0xfc, 0x34,
0xe7, 0x54, 0xd9, 0xb5, 0x05, 0xab, 0x0e, 0x08, 0x0e, 0x16, 0x8a, 0x7d,
0x91, 0x4c, 0xaa, 0x19, 0x04, 0x37, 0x35, 0xa5, 0xab, 0x6c, 0xee, 0xc4,
0x90, 0xf0, 0x5f, 0xc7, 0xae, 0x82, 0xfd, 0x59, 0x53, 0xe5, 0x36, 0x5a,
0x56, 0x37, 0x61, 0x69, 0xda, 0xe5, 0x8f, 0xfd, 0x2e, 0xd4, 0x9c, 0x7f,
0xb6, 0x39, 0xa4, 0x8d, 0x0a, 0xab, 0x82, 0x0f, 0xfe, 0x84, 0x69, 0x44,
0x8a, 0xa6, 0xd0, 0x39, 0xf9, 0x72, 0x68, 0xe7, 0x97, 0xd8, 0x6c, 0x7b,
0xec, 0x85, 0x8c, 0x52, 0xc9, 0x97, 0xbb, 0xc4, 0x7a, 0x67, 0x22, 0x60,
0x46, 0x9f, 0x16, 0xf1, 0x67, 0x0e, 0x1b, 0x50, 0x7c, 0xc4, 0x29, 0x15,
0xbc, 0x55, 0x6a, 0x67, 0xf6, 0xa8, 0x85, 0x66, 0x89, 0x9f, 0xff, 0x38,
0x28, 0xaa, 0x87, 0x91, 0xce, 0xde, 0x8d, 0x45, 0x5c, 0xa1, 0x25, 0x95,
0xe2, 0x86, 0xdd, 0xa1, 0x87, 0x6a, 0x0a, 0xa8, 0x3e, 0x63, 0x0e, 0x21,
0xa5, 0x6e, 0x08, 0x4d, 0x07, 0xb6, 0x26, 0xa8, 0x92, 0xdb, 0xed, 0x13,
0x01, 0xc3, 0xba, 0xcf, 0xad, 0x01, 0xbc, 0xe5, 0xc0, 0xba, 0xbe, 0x7c,
0x75, 0xf1, 0xb9, 0xfe, 0xd3, 0xf0, 0xa5, 0x2c, 0x8e, 0x10, 0xff, 0x99,
0xcb, 0xe2, 0x2d, 0xdc, 0x2f, 0x76, 0x00, 0xf8, 0x51, 0x7c, 0xcc, 0x52,
0x16, 0x0f, 0x18, 0x98, 0xea, 0x34, 0x06, 0x7f, 0xb7, 0x2e, 0xe9, 0x40,
0xf0, 0x2d, 0x30, 0x3d, 0xc0, 0x67, 0x4c, 0xe6, 0x63, 0x40, 0x41, 0x42,
0x96, 0xbb, 0x0b, 0xd6, 0xc9, 0x1c, 0x22, 0x7a, 0xa9, 0x4d, 0xcc, 0x5b,
0xaa, 0x03, 0xc6, 0x3b, 0x1e, 0x2f, 0x11, 0xae, 0x34, 0x6f, 0x0c, 0xe9,
0x16, 0x9c, 0x82, 0x3b, 0x90, 0x4c, 0x0e, 0xf0, 0xf9, 0x7f, 0x02, 0xca,
0xb9, 0xa9, 0x49, 0x6d, 0x27, 0x73, 0xd0, 0xbf, 0x15, 0x61, 0x52, 0xbc,
0xd6, 0x31, 0x59, 0x2b, 0x52, 0x5b, 0xaf, 0x3c, 0xc0, 0x8f, 0xdc, 0xd5,
0x2c, 0x1d, 0xe4, 0xe9, 0x41, 0xe8, 0xd3, 0x35, 0xd6, 0xb1, 0xf3, 0x32,
0xe0, 0x52, 0x08, 0x73, 0x99, 0xb6, 0x6b, 0xbc, 0x26, 0xfb, 0x2e, 0xa7,
0xb7, 0xcd, 0x14, 0xf0, 0xf9, 0xe5, 0x3a, 0xd0, 0x05, 0x5b, 0x2b, 0x38,
0xbd, 0x7c, 0xda, 0xd4, 0x15, 0x45, 0xfa, 0x3b, 0x6f, 0x94, 0x8e, 0x22,
0xce, 0xfa, 0x53, 0xe0, 0x5f, 0xa6, 0x9d, 0x1c, 0x26, 0x91, 0x8a, 0xab,
0x72, 0x5b, 0x18, 0x78, 0x69, 0x98, 0x3f, 0x8d, 0x33, 0x7c, 0x21, 0x93,
0x9e, 0xf0, 0xaf, 0xb7, 0x30, 0xc8, 0xac, 0xbc, 0xdb, 0x9c, 0x29, 0x17,
0x6b, 0x9d, 0x0f, 0x16, 0xd6, 0xc0, 0xcc, 0x3b, 0xce, 0x11, 0xe9, 0x64,
0xc8, 0xd4, 0x4c, 0x98, 0x7c, 0x8f, 0xf1, 0x5e, 0x84, 0xe4, 0x72, 0xf9,
0x69, 0xf5, 0x9d, 0xad, 0x95, 0x3b, 0xfb, 0x6d, 0x30, 0x7e, 0x0a, 0x47,
0x5b, 0x26, 0xb2, 0x4e, 0xeb, 0x1a, 0xc3, 0x37, 0x16, 0x28, 0x79, 0x62,
0xb4, 0x36, 0x85, 0x4a, 0x15, 0x5a, 0xc3, 0x6e, 0xbe, 0x7e, 0x00, 0xe9,
0x4a, 0xa5, 0xd7, 0x90, 0xcf, 0x59, 0x63, 0x2d, 0x2b, 0xc2, 0xc6, 0x47,
0xe6, 0x77, 0xb7, 0x6e, 0x9b, 0xc8, 0x0d, 0x18, 0x2b, 0x45, 0x2b, 0xc9,
0x5a, 0x6e, 0xb4, 0x50, 0xa5, 0x23, 0x7d, 0x17, 0xcc, 0x49, 0xe2, 0xb3,
0xf4, 0x6d, 0xb4, 0xb7, 0xbb, 0x9e, 0xdd, 0x20, 0x99, 0x19, 0xf5, 0x53,
0x1f, 0xd0, 0xff, 0x67, 0xf3, 0x8e, 0x6a, 0xcd, 0x2a, 0x6e, 0x2b, 0x0a,
0x90, 0xd7, 0xdb, 0xe1, 0xff, 0x1c, 0x40, 0xa1, 0xb0, 0x5d, 0x94, 0x4d,
0x20, 0x14, 0x01, 0xa1, 0xa8, 0xd1, 0x15, 0xd2, 0xd9, 0x1b, 0xbf, 0xc2,
0x8a, 0xd0, 0x02, 0xf6, 0x16, 0xa1, 0xb7, 0x40, 0xe0, 0x36, 0x88, 0xc8,
0x17, 0x0a, 0xf0, 0xb6, 0x0d, 0x3c, 0x53, 0xb9, 0x51, 0xed, 0xef, 0x20,
0x6f, 0xf3, 0x0c, 0xb5, 0xce, 0x0e, 0x9e, 0xfd, 0x0f, 0x5e, 0x3f, 0x8f,
0x3c, 0xb7, 0x2a, 0xdb, 0xc6, 0xa7, 0xf2, 0x11, 0x6e, 0xdc, 0x05, 0x33,
0xd4, 0xd8, 0xb0, 0x2d, 0x8a, 0xe5, 0x39, 0x82, 0x00, 0x49, 0x7d, 0xfd,
0x32, 0x29, 0xbb, 0x79, 0x5d, 0xcb, 0x21, 0x7b, 0x2d, 0x36, 0x58, 0x73,
0x52, 0x57, 0x52, 0x96, 0x4d, 0x89, 0x61, 0xf4, 0xad, 0x1f, 0x48, 0xd5,
0x7a, 0x4a, 0xaa, 0x1c, 0xa1, 0xf4, 0xb4, 0x9c, 0x43, 0x3b, 0x95, 0x72,
0xd0, 0x0e, 0x35, 0x82, 0x26, 0xd4, 0x2e, 0xe3, 0x83, 0x96, 0x97, 0x5a,
0x7b, 0xfc, 0x48, 0x17, 0x3c, 0xba, 0x9e, 0x5f, 0x46, 0x1a, 0x53, 0xe3,
0x2e, 0x78, 0x79, 0x80, 0xf6, 0x2d, 0x24, 0xcf, 0x62, 0xb6, 0x86, 0xeb,
0xee, 0xec, 0xf2, 0x1d, 0x00, 0xc8, 0x28, 0x9d, 0x93, 0x16, 0xa7, 0xd9,
0x11, 0x47, 0xe3, 0xc4, 0xb6, 0xc4, 0xa0, 0x99, 0x83, 0xc1, 0x17, 0xd8,
0x8e, 0xde, 0x69, 0x1d, 0xcb, 0xdd, 0xe7, 0x86, 0x6f, 0xf2, 0x36, 0x07,
0x23, 0x86, 0x0d, 0xe9, 0xad, 0x87, 0xae, 0x76, 0x98, 0x95, 0x51, 0xf2,
0xb3, 0x11, 0xc5, 0x34, 0xf0, 0x0c, 0xf8, 0x29, 0x9c, 0x84, 0x4f, 0x81,
0x49, 0x85, 0x63, 0x25, 0x16, 0xb0, 0xc3, 0xaa, 0xd7, 0x8a, 0x2e, 0x4b,
0x97, 0x60, 0x74, 0xf8, 0xa7, 0x39, 0xec, 0x6c, 0x2c, 0x9b, 0x33, 0x3a,
0x11, 0xbd, 0xa6, 0x90, 0x48, 0x65, 0xb1, 0xe7, 0x38, 0x53, 0x47, 0x1b,
0x62, 0xd5, 0xb7, 0xa8, 0xd4, 0xae, 0xf5, 0x12, 0x06, 0x12, 0x54, 0xa2,
0xce, 0xf1, 0x6b, 0x3a, 0xda, 0x63, 0x2e, 0x37, 0x2a, 0x25, 0x89, 0x30,
0x98, 0x77, 0x1d, 0x4b, 0x5a, 0x1e, 0xb7, 0x3d, 0xed, 0x19, 0xec, 0x9f,
0x64, 0x46, 0xa8, 0x2a, 0x79, 0xf3, 0x70, 0x39, 0x9f, 0x8c, 0xc3, 0x28,
0xcc, 0x2a, 0xc0, 0xd0, 0xe6, 0x80, 0xf5, 0x01, 0x78, 0x72, 0x7f, 0xe7,
0x2e, 0x7b, 0x5f, 0x05, 0xc3, 0x41, 0x33, 0x07, 0xdb, 0x9c, 0xa8, 0x96,
0xa7, 0x21, 0x20, 0x23, 0xd0, 0x59, 0x39, 0x06, 0x19, 0xa4, 0x29, 0xe5,
0x72, 0x39, 0x69, 0x23, 0xe3, 0xfa, 0x28, 0x63, 0xf5, 0x42, 0x3b, 0xca,
0x88, 0x5d, 0x7e, 0x47, 0x93, 0xa8, 0x8c, 0x75, 0xf2, 0x19, 0x44, 0x43,
0x15, 0x39, 0x03, 0x42, 0xd8, 0x1d, 0x81, 0x30, 0x8e, 0x84, 0x31, 0x24,
0x75, 0x67, 0x4e, 0xbe, 0xfe, 0x0a, 0xd8, 0xc3, 0xe7, 0x5b, 0xe1, 0xd5,
0x12, 0x6a, 0x69, 0x99, 0xcd, 0x35, 0xca, 0x22, 0x02, 0x65, 0xb3, 0x0f,
0x50, 0xb6, 0xaa, 0xc6, 0x91, 0x5c, 0x4d, 0xd4, 0x07, 0x93, 0x46, 0xf0,
0xcc, 0xe1, 0x92, 0x14, 0x91, 0x21, 0x43, 0xc4, 0xba, 0x45, 0x1c, 0x47,
0x29, 0xdf, 0xff, 0x89, 0x60, 0xee, 0x89, 0x1e, 0xc3, 0xb4, 0xb9, 0x0b,
0xc9, 0x7e, 0xd9, 0x15, 0xb0, 0x80, 0x91, 0xbe, 0xb9, 0x43, 0x48, 0x12,
0x86, 0x8e, 0x79, 0x38, 0x4d, 0xce, 0x36, 0x7f, 0xc3, 0xe8, 0xb7, 0xb9,
0x92, 0xbf, 0x27, 0x20, 0x54, 0xc8, 0x05, 0x63, 0x3b, 0xf5, 0x48, 0x1a,
0xa9, 0x04, 0x6c, 0xb6, 0x0e, 0x11, 0xea, 0xf3, 0x59, 0xb9, 0xa6, 0xf6,
0xf8, 0x0b, 0x15, 0xed, 0x30, 0xf9, 0xe4, 0xe5, 0x26, 0x2d, 0xbb, 0xc6,
0x5b, 0x36, 0xbb, 0x73, 0xa6, 0x4f, 0xf5, 0x43, 0x9f, 0xd7, 0xb9, 0x0f,
0xbc, 0x4f, 0x8d, 0xb8, 0xec, 0x1d, 0x42, 0x19, 0x56, 0x37, 0xc4, 0xcb,
0xd0, 0x16, 0x85, 0xff, 0xd3, 0x9b, 0xef, 0xc8, 0x75, 0x37, 0xd1, 0x92,
0xad, 0x21, 0x94, 0x1e, 0x9a, 0xf6, 0x2f, 0x6d, 0x30, 0xba, 0x37, 0xc3,
0xdc, 0x11, 0xe0, 0x79, 0xa4, 0x92, 0x1f, 0xe4, 0xaa, 0x7a, 0x6b, 0x2a,
0xe4, 0x04, 0xb7, 0xf9, 0x86, 0x95, 0xdb, 0xa8, 0xfc, 0x8a, 0x53, 0x21,
0x31, 0x14, 0xf7, 0x40, 0x01, 0x78, 0x4e, 0x73, 0x18, 0xb3, 0x54, 0xd7,
0xa6, 0x93, 0xf0, 0x70, 0x04, 0x1c, 0xe0, 0x2b, 0xef, 0xee, 0xd4, 0x64,
0xa7, 0xd9, 0x9f, 0x81, 0x4f, 0xe5, 0x1e, 0xbe, 0x6e, 0xd2, 0xf6, 0x3a,
0xba, 0xcf, 0x8c, 0x96, 0x2a, 0x3d, 0xf7, 0xe5, 0x5c, 0x59, 0x40, 0x9c,
0xe3, 0xf9, 0x2b, 0x6d, 0x3d, 0xf2, 0x6f, 0x81, 0xd6, 0xab, 0x9c, 0xab,
0xc6, 0xf7, 0x8f, 0xaa, 0xe5, 0x71, 0xe3, 0xc9, 0x8c, 0x1a, 0xeb, 0xc5,
0x87, 0xe7, 0xb0, 0xde, 0x18, 0xba, 0xaa, 0x1e, 0xda, 0x12, 0x32, 0x16,
0x94, 0x3a, 0x6e, 0x4f, 0x84, 0x06, 0x8e, 0x33, 0xf7, 0xfa, 0x35, 0xb8,
0x45, 0xe4, 0x5e, 0x9e, 0x46, 0x05, 0x7a, 0xf7, 0xf4, 0x99, 0xad, 0xb9,
0xdd, 0x55, 0xd9, 0x52, 0x3b, 0x93, 0xe3, 0x9b, 0x54, 0x1b, 0xe6, 0xa9,
0x70, 0xd3, 0x48, 0xf9, 0x3d, 0xdb, 0x88, 0x63, 0x66, 0xa0, 0xab, 0x72,
0x83, 0x6e, 0x8f, 0x78, 0x9d, 0x55, 0x46, 0x21, 0xca, 0x7c, 0xb7, 0x5d,
0x16, 0xe8, 0x66, 0x3b, 0x7b, 0xaa, 0xfe, 0x9c, 0x9c, 0x33, 0xc9, 0xc2,
0xa4, 0x3c, 0x78, 0x97, 0xf3, 0x5b, 0xc2, 0x29, 0x36, 0x98, 0x68, 0x28,
0xfe, 0x0a, 0xae, 0x6f, 0xe5, 0xf7, 0xfb, 0x9d, 0xf8, 0x8c, 0xd9, 0xd0,
0x4d, 0xfe, 0xc7, 0xd0, 0xb0, 0xe3, 0x9c, 0xdb, 0xac, 0x9e, 0x1b, 0x55,
0x7e, 0x24, 0xfe, 0xc4, 0x12, 0xcb, 0xc2, 0xdd, 0x0a, 0xda, 0x31, 0x40,
0x41, 0xb7, 0xfc, 0x3f, 0x6d, 0xe2, 0xd3, 0x8a, 0x0f, 0x21, 0x33, 0x3a,
0xbc, 0xa7, 0x62, 0x18, 0xb3, 0xaf, 0x48, 0xc6, 0xe2, 0xa3, 0xdd, 0x1d,
0x20, 0x62, 0xe4, 0x4b, 0x81, 0x6b, 0x3a, 0xc5, 0xb1, 0x07, 0xe1, 0xf1,
0xe1, 0xba, 0xf6, 0x01, 0xc6, 0xf2, 0xea, 0xc0, 0x97, 0x73, 0x79, 0x19,
0x06, 0xaa, 0x62, 0x42, 0xcb, 0x21, 0x5f, 0x08, 0x97, 0x7d, 0x72, 0xb5,
0x39, 0x4d, 0x99, 0xe3, 0xa2, 0x3f, 0xb9, 0xb4, 0xed, 0xf4, 0x61, 0x35,
0xe1, 0x50, 0xfb, 0x56, 0x7c, 0x35, 0xfd, 0x44, 0x8a, 0x57, 0x22, 0xed,
0x30, 0x33, 0xc3, 0x0b, 0xf1, 0x88, 0xe4, 0x44, 0x46, 0xf5, 0x73, 0x6d,
0x9b, 0x98, 0x88, 0x92, 0xf5, 0x34, 0x85, 0x18, 0x66, 0xef, 0x70, 0xbe,
0x7b, 0xc1, 0x0f, 0x1c, 0x78, 0x2d, 0x42, 0x13, 0x2d, 0x2f, 0x4d, 0x40,
0x8e, 0xe2, 0x6f, 0xe0, 0x04, 0xdb, 0x58, 0xbc, 0x65, 0x80, 0xba, 0xfc,
0x89, 0xee, 0xf3, 0x78, 0xb2, 0xd9, 0x78, 0x93, 0x6d, 0xbf, 0xd4, 0x74,
0x24, 0xf4, 0x5c, 0x37, 0x89, 0x0c, 0x14, 0xd5, 0xbd, 0xc5, 0xfc, 0x37,
0xe8, 0x8b, 0xe0, 0xc5, 0x89, 0xc9, 0x70, 0xb3, 0x76, 0x46, 0xce, 0x0d,
0x7c, 0x3d, 0xa4, 0x5d, 0x02, 0x95, 0x03, 0xba, 0x24, 0xaa, 0xf7, 0xd0,
0x75, 0x35, 0x78, 0x27, 0x9c, 0x6d, 0x2a, 0xef, 0xaa, 0xac, 0x85, 0xef,
0x8d, 0xfc, 0xc0, 0xfc, 0x72, 0x02, 0xf4, 0xa3, 0xd3, 0x87, 0xfc, 0x4d,
0xce, 0x3d, 0xcb, 0xc2, 0x74, 0x5b, 0xb0, 0x83, 0xc5, 0x72, 0x72, 0xd6,
0xa1, 0x67, 0x4d, 0xa1, 0xd6, 0xaa, 0xe7, 0x9b, 0xe7, 0xc0, 0xfd, 0x86,
0x91, 0x08, 0xfa, 0x48, 0x2f, 0x50, 0xce, 0x17, 0xea, 0x1c, 0xe3, 0x90,
0x35, 0xe6, 0x6c, 0xc9, 0x66, 0x7d, 0x51, 0x32, 0x20, 0x0c, 0x2d, 0x4b,
0xa1, 0xbf, 0x78, 0x87, 0xe1, 0x5a, 0x28, 0x0e, 0x9a, 0x85, 0xf6, 0x7e,
0x39, 0x60, 0xbc, 0x64, 0x42, 0x5d, 0xf0, 0x0a, 0xd7, 0x3e, 0xbb, 0xa0,
0x6d, 0x7c, 0xfa, 0x75, 0xee, 0x34, 0x39, 0x23, 0x0e, 0xbd, 0x50, 0x19,
0x7a, 0x2a, 0xb7, 0x17, 0x3a, 0x8b, 0xb7, 0xb6, 0xf4, 0xd8, 0x47, 0x71,
0x6b, 0x21, 0x1b, 0x56, 0xcc, 0xfb, 0x7b, 0x81, 0x99, 0x46, 0x88, 0x23,
0x40, 0x49, 0x66, 0x8b, 0xac, 0x84, 0x16, 0x8a, 0x86, 0xae, 0x38, 0xc4,
0x5b, 0x1f, 0x2b, 0xfa, 0xf2, 0x8b, 0x81, 0xc1, 0x22, 0x61, 0x61, 0x6c,
0x43, 0x16, 0x8c, 0x1d, 0x37, 0xb2, 0xaf, 0x3c, 0x3a, 0x90, 0x33, 0xed,
0xf5, 0x08, 0x78, 0xfd, 0x5a, 0xde, 0xd3, 0x38, 0x6d, 0xd7, 0x1c, 0x23,
0xeb, 0xb4, 0x9b, 0x8e, 0xc2, 0x48, 0x47, 0x8e, 0x84, 0xbb, 0xc4, 0xd0,
0xcc, 0xf9, 0x55, 0x5a, 0x57, 0xb9, 0x99, 0x52, 0x82, 0x21, 0x3b, 0x83,
0xda, 0x8f, 0xa3, 0x88, 0x9c, 0x57, 0xe0, 0x4b, 0xc1, 0xce, 0xbe, 0xd3,
0xea, 0xdd, 0xf2, 0x07, 0xc1, 0x73, 0x6f, 0xc0, 0x5e, 0x8e, 0x85, 0x72,
0xab, 0x2f, 0xa9, 0xac, 0x39, 0xee, 0x05, 0x34, 0x13, 0x16, 0x1b, 0x1c,
0x21, 0x24, 0x41, 0x49, 0x78, 0x87, 0x8b, 0x97, 0x9c, 0x9f, 0xa3, 0xa8,
0xb9, 0xbc, 0xc6, 0xcc, 0xf2, 0xfd, 0x18, 0x2a, 0x46, 0x58, 0x5a, 0x88,
0xa2, 0xb5, 0xcc, 0xd2, 0xda, 0xe1, 0xe3, 0x0d, 0x20, 0x23, 0x2b, 0x2f,
0x47, 0x57, 0x5e, 0x64, 0x87, 0x97, 0x9c, 0xa7, 0xaa, 0xbc, 0xc1, 0xe4,
0xe5, 0xea, 0x0b, 0x16, 0x3b, 0x3c, 0x3e, 0x45, 0x58, 0x63, 0x6a, 0x6f,
0x7c, 0x8c, 0x8d, 0x92, 0x99, 0x9c, 0xad, 0xb5, 0xb7, 0xce, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x16, 0x23, 0x36, 0x4a
};
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_draft_sig[] = {
0x5e, 0xc1, 0xce, 0x0e, 0x31, 0xea, 0x10, 0x52, 0xa3, 0x7a,
0xfe, 0x4d, 0xac, 0x07, 0x89, 0x5a, 0x45, 0xbd, 0x5a, 0xe5,
0x22, 0xed, 0x98, 0x4d, 0x2f, 0xc8, 0x27, 0x00, 0x99, 0x40,
0x00, 0x79, 0xcd, 0x93, 0x27, 0xd0, 0x40, 0x33, 0x79, 0x4f,
0xe5, 0x16, 0x89, 0x9f, 0xbd, 0xa6, 0x3f, 0xdd, 0x68, 0x74,
0x73, 0xc3, 0x97, 0x54, 0x11, 0x1d, 0xc8, 0xb8, 0xc8, 0xfd,
0x3a, 0xbe, 0xca, 0x17, 0x0f, 0x10, 0x6d, 0x89, 0x6d, 0xe0,
0xb2, 0xff, 0x3b, 0xe5, 0xa1, 0x75, 0xea, 0x35, 0x16, 0xa3,
0x0c, 0x6e, 0x4a, 0x7b, 0xdb, 0x28, 0xc6, 0x2a, 0x76, 0x0e,
0x78, 0x78, 0xa0, 0x4f, 0x4e, 0xf8, 0x99, 0xff, 0xe7, 0x47,
0x7e, 0xc4, 0x62, 0xa7, 0xb4, 0xb9, 0x2b, 0xc1, 0xc7, 0xd0,
0x00, 0xb6, 0xaa, 0xa7, 0x37, 0xd5, 0x1e, 0x19, 0xc4, 0xc4,
0x59, 0x2f, 0xa5, 0x09, 0xa3, 0xda, 0x5d, 0xd4, 0x48, 0x64,
0x16, 0x0e, 0x92, 0xdf, 0x61, 0xb7, 0x25, 0x3b, 0x90, 0x5a,
0x08, 0xb5, 0x88, 0xe8, 0x64, 0x80, 0x63, 0xee, 0xbf, 0x59,
0x0f, 0x4a, 0x48, 0x1e, 0x77, 0xa9, 0x46, 0xc6, 0x9c, 0x0b,
0x83, 0xad, 0xb5, 0xbf, 0xb5, 0x5b, 0x99, 0xf3, 0x55, 0xe8,
0xe5, 0xe7, 0x5c, 0x12, 0xac, 0x06, 0x06, 0xe0, 0xc0, 0x32,
0x5d, 0xb6, 0x9f, 0x2b, 0x8e, 0x19, 0x5c, 0x2a, 0x58, 0xbb,
0x37, 0xf1, 0x68, 0x56, 0x8b, 0x74, 0x94, 0x58, 0x48, 0x28,
0xee, 0xf7, 0x0a, 0x8f, 0xad, 0x43, 0x67, 0xe1, 0xa3, 0x8c,
0x3b, 0x35, 0x48, 0xcc, 0x52, 0x14, 0x36, 0x99, 0x18, 0x71,
0x1c, 0xb2, 0xfc, 0x82, 0xda, 0xac, 0xd5, 0x55, 0x0a, 0x77,
0x44, 0x6a, 0x48, 0xed, 0xfc, 0x5a, 0x68, 0xa6, 0x4d, 0x65,
0xe7, 0x30, 0xaa, 0x23, 0x66, 0x84, 0xdf, 0x83, 0xf1, 0x17,
0x5c, 0x46, 0xfe, 0x63, 0xcb, 0xc3, 0x6e, 0x4e, 0x47, 0x8d,
0x30, 0x48, 0x06, 0xda, 0x97, 0x6b, 0x04, 0x5d, 0x44, 0xf3,
0xb7, 0x2a, 0x6d, 0x2b, 0xbb, 0xcd, 0x97, 0x4e, 0x26, 0x8e,
0xc9, 0x03, 0x0b, 0x5d, 0x68, 0xed, 0x81, 0xf7, 0x19, 0x61,
0x81, 0xe9, 0xac, 0x3a, 0x35, 0xcd, 0xe8, 0xfd, 0x99, 0xdb,
0x89, 0x83, 0x7d, 0x23, 0x6a, 0xc1, 0xc1, 0x10, 0xe9, 0xd3,
0xfa, 0x9e, 0x5a, 0xcd, 0x73, 0xa3, 0x0a, 0x37, 0xa3, 0x12,
0xef, 0x72, 0xa2, 0x28, 0xd4, 0x3d, 0x67, 0x53, 0x24, 0x0d,
0x61, 0x98, 0xbb, 0x07, 0xf3, 0xa7, 0x79, 0x22, 0x74, 0x57,
0x99, 0xe8, 0x7a, 0xbf, 0x90, 0x84, 0xa2, 0x6b, 0x29, 0x34,
0xac, 0xc9, 0xff, 0x67, 0x82, 0xd0, 0xd2, 0x7d, 0x69, 0xc0,
0xf3, 0xd7, 0x4b, 0x5c, 0xf2, 0xa8, 0x53, 0x8b, 0x78, 0x57,
0xfc, 0x74, 0xf5, 0x81, 0x6e, 0xc2, 0x5b, 0x32, 0x52, 0x9e,
0x58, 0x84, 0xa1, 0x71, 0xd5, 0x8c, 0xf5, 0x16, 0x36, 0x4d,
0x11, 0xd4, 0xb5, 0xc2, 0x05, 0xc4, 0x03, 0xce, 0x83, 0xea,
0x0b, 0x6a, 0x2e, 0xf6, 0x28, 0x5e, 0xb2, 0x40, 0x8c, 0xa3,
0x6a, 0xc7, 0xee, 0x04, 0x54, 0x93, 0x0f, 0x3b, 0xf9, 0x57,
0x92, 0x00, 0xf1, 0xc7, 0x1b, 0x48, 0x63, 0xcb, 0xd3, 0xdd,
0x40, 0x90, 0x46, 0xb0, 0x87, 0x2a, 0xb8, 0xec, 0xbc, 0x07,
0x09, 0x83, 0x25, 0xb1, 0x88, 0x2c, 0xa0, 0x0a, 0x40, 0x4f,
0xfd, 0xec, 0xfd, 0xbe, 0x18, 0xae, 0xdd, 0x83, 0x89, 0x83,
0x2d, 0x10, 0xb4, 0x14, 0x30, 0xac, 0x6c, 0xd9, 0xc9, 0xaa,
0xbc, 0xdb, 0x5e, 0x14, 0xab, 0x19, 0x64, 0xaa, 0xb1, 0x9c,
0xc3, 0xf5, 0xdc, 0x2b, 0xcd, 0x26, 0x0b, 0x81, 0x1a, 0x0e,
0x0a, 0xd6, 0x39, 0x79, 0x10, 0x06, 0xbf, 0xe0, 0xc1, 0x8b,
0x20, 0x24, 0x90, 0x8b, 0x0f, 0xa4, 0x2d, 0x2d, 0x46, 0x2a,
0xd4, 0xf3, 0xa9, 0x58, 0x4b, 0xd9, 0xa6, 0x6c, 0x75, 0x3d,
0xbc, 0x36, 0x76, 0x7f, 0xef, 0x1b, 0xa1, 0x41, 0xba, 0xd0,
0xfe, 0x16, 0x19, 0xc3, 0x92, 0xe3, 0x59, 0x07, 0x3f, 0x48,
0x11, 0x70, 0xe0, 0x8a, 0xff, 0x97, 0xbc, 0x71, 0xd5, 0xb9,
0x4a, 0x9b, 0x4c, 0xb8, 0x4b, 0x50, 0xd6, 0x43, 0xe8, 0x84,
0x0a, 0x95, 0xd0, 0x20, 0x28, 0xd3, 0x20, 0x4a, 0x0e, 0x1b,
0xe6, 0x5d, 0x2f, 0x0c, 0xdb, 0x76, 0xab, 0xa3, 0xc2, 0xad,
0xd5, 0x86, 0xae, 0xb9, 0x26, 0xb2, 0x5d, 0x72, 0x27, 0xbb,
0xec, 0x23, 0x9f, 0x42, 0x90, 0x58, 0xe1, 0xf8, 0xe9, 0x63,
0xdf, 0x1a, 0x46, 0x53, 0x65, 0x05, 0xfb, 0x20, 0x21, 0xa6,
0x64, 0xc8, 0x5c, 0x67, 0x6b, 0x41, 0x6c, 0x04, 0x34, 0xeb,
0x05, 0x71, 0xeb, 0xbe, 0xed, 0x6d, 0xa2, 0x96, 0x67, 0x45,
0xe7, 0x47, 0x22, 0x64, 0xaf, 0x82, 0xf8, 0x78, 0x0e, 0xe6,
0xa1, 0x4a, 0x2d, 0x82, 0x1e, 0xd0, 0xc2, 0x79, 0x4e, 0x29,
0x89, 0xd9, 0xf3, 0x3f, 0xb6, 0xc4, 0xee, 0x69, 0xb2, 0x8f,
0x8b, 0xd9, 0x13, 0xd9, 0x6e, 0x3a, 0xc5, 0x9f, 0xdf, 0x25,
0xb7, 0xc3, 0x16, 0xb8, 0xa2, 0x85, 0x17, 0xae, 0xe9, 0x95,
0x5d, 0xb8, 0x1d, 0x21, 0xbb, 0xd9, 0x38, 0x11, 0x8f, 0x44,
0xea, 0xe8, 0x4c, 0x91, 0x82, 0xf5, 0x45, 0xee, 0x8f, 0xf5,
0x6a, 0x0d, 0x08, 0xe7, 0x6b, 0xb0, 0x91, 0xd5, 0x42, 0x17,
0x8c, 0x37, 0x6a, 0x5a, 0x0a, 0x87, 0x53, 0x76, 0xc3, 0x59,
0x35, 0x13, 0x1c, 0xf1, 0x72, 0x2c, 0x2b, 0xb2, 0x9e, 0xda,
0x10, 0x2a, 0xce, 0x38, 0xb4, 0x67, 0x8c, 0x4b, 0x08, 0xa1,
0xb6, 0xa3, 0x08, 0x9c, 0xeb, 0xd8, 0x93, 0x1b, 0x29, 0x5a,
0xa7, 0x03, 0x17, 0x7e, 0xec, 0x58, 0x6b, 0x5b, 0xc5, 0x46,
0x03, 0x33, 0x7f, 0x0e, 0x93, 0x9a, 0xdd, 0xb5, 0x89, 0xb1,
0x16, 0x4c, 0xa7, 0xd8, 0x0e, 0x73, 0xd8, 0xc3, 0xd2, 0x36,
0x85, 0x66, 0xcb, 0x5b, 0x64, 0xf2, 0xdc, 0xba, 0x39, 0xcc,
0xa5, 0xe0, 0x9b, 0xaa, 0x2a, 0x95, 0x6d, 0xdc, 0x49, 0xde,
0x3b, 0x61, 0xa2, 0x3b, 0x1f, 0xed, 0x32, 0xfa, 0x10, 0xe4,
0x88, 0x59, 0xca, 0x5a, 0xe4, 0xf9, 0x5e, 0xe2, 0xca, 0x21,
0x5a, 0xdc, 0x02, 0x73, 0x7a, 0xc8, 0x90, 0x7a, 0x8e, 0x91,
0x19, 0x04, 0x53, 0x3c, 0x50, 0x15, 0x8a, 0x84, 0x93, 0x8f,
0xac, 0x99, 0x82, 0xdd, 0xc6, 0xce, 0xfb, 0x18, 0x84, 0x29,
0x2a, 0x8d, 0xa2, 0xc5, 0x7f, 0x87, 0xce, 0x4c, 0xf5, 0xdf,
0x73, 0xd2, 0xba, 0xc2, 0x4f, 0xe3, 0x74, 0xa5, 0x8f, 0xc3,
0xf4, 0x99, 0xd1, 0xe8, 0x4e, 0xb8, 0xe0, 0x2e, 0xef, 0xd6,
0x87, 0x70, 0xcf, 0x45, 0x3b, 0xff, 0x03, 0xfd, 0x59, 0x7f,
0x7c, 0xd0, 0x4e, 0x49, 0xf7, 0xd5, 0x08, 0xd9, 0x06, 0x53,
0x90, 0x0a, 0x5a, 0x1b, 0x2e, 0xf5, 0xb0, 0x85, 0xb6, 0xb6,
0x61, 0xa5, 0x71, 0x47, 0xbf, 0x4a, 0xf6, 0xae, 0x9a, 0x19,
0x6c, 0xd8, 0x2d, 0x9b, 0xb4, 0x40, 0x9e, 0x15, 0x77, 0x2e,
0x7e, 0xe9, 0xb4, 0x3d, 0x0f, 0x1b, 0xb5, 0x1c, 0xc2, 0x58,
0x4e, 0x4b, 0xf6, 0x53, 0x9e, 0x6f, 0x09, 0x55, 0xa0, 0xb8,
0x73, 0x11, 0x64, 0x70, 0x54, 0xb4, 0xcb, 0xb7, 0x27, 0xe5,
0xdf, 0x58, 0x67, 0x5b, 0xc0, 0xd6, 0xf5, 0x64, 0xa6, 0x66,
0x6d, 0xdf, 0xd8, 0xf8, 0xd6, 0x85, 0xba, 0xba, 0x30, 0xa7,
0xca, 0x34, 0xf4, 0x9a, 0xba, 0x0a, 0xfb, 0x0e, 0xa0, 0x65,
0x98, 0x78, 0xee, 0xaa, 0x14, 0x6a, 0x99, 0x77, 0x67, 0xad,
0x01, 0x95, 0x5e, 0x50, 0x22, 0xe9, 0x74, 0x95, 0xa7, 0x13,
0x3f, 0xdd, 0xa6, 0x69, 0x64, 0xf6, 0x50, 0x06, 0x6d, 0xba,
0x90, 0x5a, 0x8c, 0x81, 0xa0, 0xda, 0x55, 0xe9, 0x97, 0x0e,
0xd7, 0x10, 0x8e, 0x1f, 0x23, 0x65, 0xd9, 0x14, 0xd4, 0xde,
0xa5, 0xf9, 0xec, 0xb6, 0xad, 0x65, 0xce, 0x0b, 0x1b, 0x0a,
0x4c, 0x7d, 0xb0, 0x97, 0xa6, 0xfe, 0x67, 0xfb, 0x4f, 0x8f,
0x00, 0x92, 0xb6, 0x0d, 0x20, 0x78, 0x65, 0x1d, 0x9a, 0x56,
0x57, 0xc6, 0x15, 0x88, 0xba, 0x55, 0x02, 0x7a, 0x9a, 0xac,
0x50, 0x4c, 0xc7, 0x9e, 0x66, 0x8b, 0xfc, 0xf3, 0x67, 0x48,
0x07, 0xbf, 0x84, 0x94, 0x9b, 0x22, 0x2a, 0xae, 0x1b, 0x25,
0xe9, 0x94, 0x06, 0xa7, 0xe8, 0x61, 0x52, 0x89, 0xdc, 0x93,
0x6e, 0x89, 0xdc, 0x30, 0x6e, 0xd9, 0xee, 0xcb, 0x12, 0x38,
0x58, 0x9d, 0x8b, 0xc5, 0x05, 0x2c, 0x50, 0x4e, 0xc8, 0xc2,
0xe0, 0x65, 0xb6, 0x49, 0xc4, 0xf0, 0x1e, 0x5c, 0x8e, 0x3c,
0xe9, 0x77, 0xd2, 0x9e, 0xa8, 0xd5, 0xf5, 0xd9, 0xc5, 0xad,
0x5b, 0x74, 0x48, 0x08, 0x3a, 0x30, 0x84, 0x57, 0x71, 0x1e,
0x69, 0x45, 0x09, 0xdd, 0xea, 0x62, 0xec, 0x7c, 0xa3, 0xf9,
0x92, 0xee, 0x16, 0xdc, 0xe5, 0x9d, 0xcf, 0xb7, 0x08, 0x51,
0x8a, 0x76, 0x3a, 0x23, 0x94, 0x50, 0x8e, 0x4d, 0x3a, 0xea,
0xf3, 0xc1, 0x53, 0x2c, 0x65, 0x9c, 0x36, 0x8c, 0x10, 0xe3,
0x9c, 0x01, 0xa4, 0xe6, 0x45, 0x77, 0xa6, 0x5d, 0x7e, 0x37,
0x31, 0x95, 0x2f, 0xec, 0x61, 0x92, 0x69, 0x65, 0x53, 0x54,
0x6d, 0xbe, 0x9e, 0x5a, 0x68, 0x12, 0xc4, 0xe7, 0xe4, 0x06,
0x51, 0x5a, 0xc0, 0x63, 0xb9, 0x69, 0xb8, 0x3c, 0xd8, 0xae,
0x8b, 0xff, 0x96, 0x4d, 0x55, 0xce, 0x25, 0x2b, 0x8b, 0x89,
0xc9, 0x3a, 0x16, 0x48, 0x2a, 0x73, 0xb2, 0x70, 0x8b, 0x62,
0xd5, 0xb1, 0xa0, 0x30, 0xe5, 0x46, 0xab, 0x8b, 0xc3, 0xeb,
0x37, 0x2f, 0xbd, 0xb8, 0x4e, 0x6c, 0x30, 0xdc, 0x6c, 0x8a,
0xf1, 0x89, 0x06, 0xce, 0x64, 0x0a, 0x3e, 0xb2, 0x16, 0x31,
0xa1, 0xe4, 0x4b, 0x98, 0xe7, 0xf1, 0x99, 0x76, 0x00, 0x5f,
0xd2, 0xd3, 0x30, 0xf0, 0xbf, 0xa7, 0x4a, 0xf6, 0x9e, 0xa5,
0x75, 0x74, 0x78, 0xfe, 0xec, 0x72, 0x7c, 0x89, 0xe9, 0xf6,
0x0d, 0x7e, 0x15, 0xd6, 0xd8, 0x79, 0x85, 0x3c, 0xcf, 0xb0,
0x21, 0xc8, 0x9c, 0x54, 0x87, 0x63, 0xb3, 0x05, 0xbb, 0x8a,
0x02, 0xe4, 0x79, 0xdc, 0xa1, 0xa2, 0xd3, 0x19, 0xd8, 0x86,
0xff, 0x8a, 0x0e, 0x82, 0x89, 0xaf, 0xaa, 0x62, 0x2e, 0xd4,
0xb2, 0xd0, 0x5d, 0x0d, 0x4f, 0x2a, 0xda, 0x0e, 0x9f, 0x8a,
0x2b, 0x32, 0xe9, 0x09, 0xf5, 0x55, 0x51, 0xe7, 0xd5, 0x69,
0x12, 0xdd, 0x33, 0x6b, 0x3d, 0xd7, 0xe9, 0xfd, 0xb2, 0xa7,
0xf5, 0x97, 0x2a, 0x6d, 0x89, 0x30, 0x65, 0x2a, 0x0d, 0xf2,
0x00, 0x81, 0xbe, 0xfb, 0xd9, 0xd7, 0x1b, 0xc2, 0x48, 0x7a,
0x22, 0x30, 0xae, 0x35, 0xf6, 0x32, 0x41, 0x9d, 0xd9, 0x12,
0xb3, 0xa7, 0x6d, 0xba, 0x74, 0x93, 0x2d, 0x0d, 0xb2, 0xb6,
0xdc, 0xa9, 0x98, 0x5b, 0x3b, 0xaa, 0x2b, 0x47, 0x06, 0xc4,
0x36, 0xfd, 0x04, 0x10, 0x94, 0x61, 0x61, 0x47, 0x1c, 0x02,
0x54, 0x85, 0x4a, 0xcb, 0x75, 0x6b, 0x75, 0xf5, 0xb4, 0x61,
0x26, 0xb3, 0x12, 0x43, 0x31, 0x55, 0xb5, 0xda, 0x4b, 0xb5,
0x11, 0xb4, 0xb8, 0xfb, 0x0a, 0xd9, 0xa7, 0x0e, 0x9f, 0x2a,
0x74, 0x01, 0xf6, 0x1a, 0x33, 0x10, 0x9e, 0x66, 0xff, 0x82,
0xfa, 0xa9, 0xa4, 0xa0, 0x9b, 0x25, 0x2d, 0x16, 0xbf, 0x60,
0x0d, 0x87, 0xea, 0x94, 0xad, 0xdd, 0xc4, 0xd0, 0xa8, 0xdd,
0x2d, 0xc7, 0xc8, 0xac, 0x39, 0x9e, 0x87, 0x69, 0xc4, 0x3a,
0xbc, 0x28, 0x7e, 0x36, 0x69, 0xfd, 0x20, 0x25, 0xac, 0xa3,
0xa7, 0x37, 0x96, 0xe9, 0x8a, 0x65, 0xe4, 0xb0, 0x2a, 0x61,
0x23, 0x28, 0x64, 0xff, 0x17, 0x6c, 0x36, 0x9e, 0x0a, 0xba,
0xe4, 0x4b, 0xeb, 0x84, 0x24, 0x20, 0x57, 0x0f, 0x34, 0x05,
0x95, 0x56, 0xc3, 0x2f, 0x2b, 0xf0, 0x36, 0xef, 0xca, 0x68,
0xfe, 0x78, 0xf8, 0x98, 0x09, 0x4a, 0x25, 0xcc, 0x17, 0xbe,
0x05, 0x00, 0xff, 0xf9, 0xa5, 0x5b, 0xe6, 0xaa, 0x5b, 0x56,
0xb6, 0x89, 0x64, 0x9c, 0x16, 0x48, 0xe1, 0xcd, 0x67, 0x87,
0xdd, 0xba, 0xbd, 0x02, 0x0d, 0xd8, 0xb4, 0xc9, 0x7c, 0x37,
0x92, 0xd0, 0x39, 0x46, 0xd2, 0xc4, 0x78, 0x13, 0xf0, 0x76,
0x45, 0x5f, 0xeb, 0x52, 0xd2, 0x3f, 0x61, 0x87, 0x34, 0x09,
0xb7, 0x24, 0x4e, 0x93, 0xf3, 0xc5, 0x10, 0x19, 0x66, 0x66,
0x3f, 0x15, 0xe3, 0x05, 0x55, 0x43, 0xb7, 0xf4, 0x62, 0x57,
0xb4, 0xd9, 0xef, 0x46, 0x47, 0xb5, 0xfb, 0x79, 0xc9, 0x67,
0xc5, 0xc3, 0x18, 0x91, 0x73, 0x75, 0xec, 0xd5, 0x68, 0x2b,
0xf6, 0x42, 0xb4, 0xff, 0xfb, 0x27, 0x61, 0x77, 0x28, 0x10,
0x6b, 0xce, 0x19, 0xad, 0x87, 0xc3, 0x85, 0xe3, 0x78, 0x00,
0xdb, 0x21, 0xee, 0xd8, 0xfa, 0x9c, 0x81, 0x11, 0x97, 0xac,
0xd0, 0x50, 0x89, 0x45, 0x23, 0xf6, 0x85, 0x7d, 0x60, 0xb2,
0xad, 0x0c, 0x5d, 0xd8, 0x9e, 0xe4, 0xe1, 0x25, 0xb2, 0x13,
0x1a, 0x54, 0x54, 0xfd, 0x7b, 0xab, 0x85, 0x20, 0xe8, 0xda,
0x52, 0x0f, 0xac, 0x49, 0x70, 0xf1, 0x4c, 0x66, 0x74, 0x8c,
0x87, 0x6e, 0xca, 0xc1, 0x0d, 0x92, 0xc0, 0xa8, 0x08, 0xfd,
0x0f, 0x60, 0x55, 0xaf, 0x24, 0xcb, 0x04, 0xb7, 0xff, 0xa9,
0xc5, 0x07, 0x26, 0xf6, 0xe2, 0x1e, 0x2f, 0xd1, 0x99, 0x6d,
0xef, 0xc0, 0xdb, 0x5b, 0xf7, 0x06, 0x80, 0x92, 0x5f, 0x56,
0x54, 0xdb, 0x2e, 0xba, 0x93, 0xb2, 0x94, 0xf2, 0xad, 0xbc,
0x91, 0x6e, 0x4e, 0xce, 0x21, 0xc4, 0x8b, 0x18, 0xc4, 0xfc,
0xab, 0xb4, 0x4f, 0xd7, 0xa2, 0xef, 0x55, 0x00, 0x6d, 0x34,
0x17, 0x59, 0x8d, 0x79, 0x75, 0x02, 0xa3, 0x7a, 0x52, 0x57,
0x5c, 0x26, 0xb9, 0xae, 0xd6, 0x19, 0x2e, 0x31, 0x02, 0x98,
0x98, 0xe5, 0x3d, 0xc2, 0xa5, 0x56, 0xb6, 0x02, 0xae, 0x0d,
0x3b, 0x35, 0x97, 0xd2, 0x43, 0x38, 0x8a, 0x65, 0xfa, 0x86,
0x20, 0xb7, 0xb5, 0xb0, 0xda, 0x19, 0x01, 0x2f, 0x13, 0xb5,
0x6d, 0xbd, 0xb2, 0x34, 0xa7, 0xff, 0xae, 0x7e, 0x8f, 0x98,
0x1b, 0xc4, 0x27, 0xbd, 0xa9, 0x64, 0xdc, 0xab, 0x2a, 0xd2,
0xb4, 0x27, 0xd0, 0x25, 0xdd, 0xff, 0xdc, 0x0a, 0x96, 0xd3,
0x85, 0x3e, 0xc5, 0x11, 0x34, 0x60, 0xa2, 0x33, 0x92, 0x90,
0xbb, 0x4c, 0x86, 0xdd, 0xd6, 0x1e, 0xcb, 0x0a, 0x17, 0xc6,
0x87, 0x4e, 0x3e, 0x7a, 0x4b, 0xab, 0xef, 0x0a, 0x00, 0x3d,
0x94, 0x34, 0x8b, 0x63, 0x36, 0xd9, 0xaf, 0x5d, 0x63, 0x40,
0xbb, 0x32, 0x4b, 0x64, 0xf0, 0x31, 0x48, 0xdb, 0x44, 0x2b,
0x48, 0x60, 0x6a, 0xea, 0xa4, 0x8c, 0xdd, 0xaf, 0x81, 0x3f,
0x86, 0x81, 0x99, 0x7a, 0x98, 0xe1, 0xff, 0x21, 0x7a, 0x28,
0xbc, 0x33, 0xe6, 0x4e, 0xb0, 0x85, 0x6b, 0xec, 0x11, 0x37,
0x81, 0x7f, 0xf9, 0xdc, 0xbf, 0x1a, 0xa6, 0x6d, 0x4d, 0x0f,
0x5b, 0x99, 0x73, 0xb8, 0xd2, 0x6e, 0x37, 0xf0, 0x71, 0xf1,
0x1a, 0xc3, 0x5c, 0xea, 0x12, 0x5f, 0x2e, 0x85, 0x3f, 0xfd,
0xd5, 0x87, 0x67, 0x9f, 0x67, 0x9f, 0xd7, 0xef, 0x9f, 0x81,
0xa4, 0xbc, 0x63, 0x1d, 0x00, 0x81, 0xf6, 0x20, 0x77, 0xae,
0x0b, 0x90, 0xe5, 0x9c, 0xa9, 0x44, 0xb5, 0xd7, 0xb1, 0x61,
0x33, 0x4f, 0x75, 0xa9, 0xb7, 0xf4, 0xa4, 0x72, 0x9e, 0x72,
0xec, 0x7b, 0xcd, 0x83, 0xb3, 0xd6, 0x22, 0x50, 0x50, 0x97,
0x0f, 0x63, 0x0f, 0xe1, 0x15, 0xb3, 0x07, 0xb6, 0xa3, 0xfa,
0x2f, 0xb5, 0xf3, 0x5b, 0x5d, 0x7f, 0x90, 0x20, 0xcd, 0x5f,
0x40, 0x48, 0x87, 0x43, 0xfd, 0xa3, 0x69, 0xdc, 0xf8, 0x51,
0x08, 0x67, 0xc2, 0x2d, 0xff, 0xfe, 0xbf, 0x85, 0x3e, 0x80,
0xff, 0x91, 0x62, 0xc5, 0x83, 0xe0, 0x80, 0xeb, 0xce, 0xdc,
0xff, 0xb1, 0xdb, 0x02, 0xb7, 0x01, 0x1e, 0xa6, 0xf0, 0x32,
0xfb, 0x95, 0x6a, 0x47, 0x44, 0x84, 0x42, 0x6e, 0x3a, 0xb1,
0xcf, 0xf9, 0x28, 0xb4, 0x3a, 0x8e, 0xa7, 0x8d, 0x48, 0x81,
0x1c, 0x7e, 0xf5, 0x0b, 0x46, 0x7e, 0x92, 0x4e, 0xb9, 0xa8,
0x36, 0xb8, 0x81, 0x6d, 0x8c, 0x70, 0x59, 0x33, 0x12, 0x61,
0xbb, 0xe6, 0x10, 0x8a, 0xe4, 0xc1, 0x2c, 0x50, 0x12, 0xbf,
0xd3, 0xc6, 0x3c, 0x53, 0x91, 0x50, 0x07, 0xc8, 0x85, 0x32,
0x3c, 0xe1, 0x67, 0x99, 0x68, 0xc1, 0xf4, 0x74, 0x86, 0x35,
0x8a, 0x6c, 0x75, 0x1d, 0x8f, 0x8a, 0x60, 0xe1, 0xc7, 0x59,
0x4e, 0xb0, 0xe0, 0x45, 0x5a, 0x11, 0x05, 0x24, 0xa7, 0x8d,
0x39, 0x93, 0x60, 0x4c, 0xc5, 0x9e, 0x8a, 0x70, 0xcc, 0x44,
0x96, 0x92, 0xc8, 0xf7, 0x23, 0x14, 0xc7, 0xf4, 0x82, 0x9d,
0x5b, 0x1c, 0x26, 0xd0, 0x3c, 0x76, 0x36, 0xe9, 0x98, 0x8a,
0xbb, 0xe6, 0xa0, 0xad, 0xed, 0xf7, 0xd9, 0x06, 0x50, 0x67,
0x79, 0x50, 0x4e, 0xd5, 0x80, 0x4e, 0x59, 0x72, 0x5d, 0x8b,
0xcb, 0x86, 0x3b, 0x57, 0xc4, 0xb2, 0x3d, 0xbc, 0x35, 0x6d,
0xb1, 0x50, 0xf5, 0x8c, 0xf2, 0x89, 0x72, 0x20, 0xd0, 0x47,
0x68, 0x13, 0x42, 0x25, 0x1a, 0xb6, 0xc5, 0x07, 0xdf, 0x45,
0x11, 0xa9, 0x05, 0x5d, 0xad, 0xf0, 0x49, 0x9e, 0x70, 0x78,
0xed, 0xe7, 0xf9, 0x00, 0x1f, 0x62, 0x76, 0x47, 0xb5, 0x48,
0x4f, 0x2c, 0x2e, 0xe3, 0x78, 0x6a, 0x44, 0x46, 0x1e, 0x6b,
0x00, 0x74, 0x54, 0xb9, 0xd1, 0x4f, 0x6d, 0x45, 0xc1, 0xa6,
0x45, 0x2e, 0x1a, 0xaf, 0x94, 0x3f, 0xd0, 0x72, 0x67, 0x0d,
0x2e, 0xa9, 0x8d, 0x16, 0xc4, 0x05, 0x01, 0x07, 0x13, 0x1b,
0x1c, 0x3d, 0x43, 0x71, 0x91, 0x95, 0x9a, 0xae, 0xaf, 0xc4,
0xe5, 0xe6, 0xe9, 0xff, 0x02, 0x0c, 0x0f, 0x3e, 0x62, 0x67,
0x68, 0x81, 0xc7, 0xd0, 0xd8, 0xdd, 0xe0, 0xf5, 0x0b, 0x25,
0x35, 0x45, 0x4a, 0x4b, 0x63, 0x74, 0x79, 0x7e, 0x82, 0xa2,
0xaf, 0xc6, 0xc7, 0xcc, 0xd2, 0xfa, 0x2a, 0x2d, 0x2f, 0x32,
0x35, 0x38, 0x3f, 0x4c, 0x7f, 0x80, 0x81, 0x8b, 0x9b, 0x9c,
0x9d, 0xa7, 0xa9, 0xcb, 0xe9, 0xf0, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x20, 0x32, 0x46
};
#endif
wc_test_ret_t ret;
ret = mldsa_param_vfy_test(WC_ML_DSA_44, ml_dsa_44_pub_key,
(word32)sizeof(ml_dsa_44_pub_key), ml_dsa_44_sig,
(word32)sizeof(ml_dsa_44_sig));
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
if (ret == 0) {
ret = mldsa_param_vfy_test(WC_ML_DSA_44_DRAFT,
ml_dsa_44_draft_pub_key, (word32)sizeof(ml_dsa_44_draft_pub_key),
ml_dsa_44_draft_sig, (word32)sizeof(ml_dsa_44_draft_sig));
}
#endif
return ret;
}
#endif
#ifndef WOLFSSL_NO_ML_DSA_65
static wc_test_ret_t mldsa_param_65_vfy_test(void)
{
WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_pub_key[] = {
0x2c, 0x32, 0xfa, 0x59, 0x71, 0x16, 0x4a, 0x0e, 0x45, 0x0f, 0x21, 0xfd,
0x65, 0xee, 0x50, 0xb0, 0xbf, 0xea, 0x8e, 0x4e, 0xa2, 0x55, 0x71, 0xa6,
0x65, 0x48, 0x56, 0x20, 0x8a, 0x48, 0x9d, 0xd7, 0xc9, 0x2c, 0x80, 0x62,
0x88, 0x68, 0x4d, 0x5f, 0xbe, 0x5f, 0xe5, 0xf5, 0xa4, 0x75, 0xb6, 0x88,
0x26, 0xae, 0x7d, 0x11, 0x43, 0x89, 0xcd, 0xe9, 0x67, 0x0c, 0x91, 0x0b,
0xd1, 0xd8, 0x8b, 0x7b, 0x73, 0x75, 0x94, 0xc1, 0xc9, 0x61, 0xc7, 0x35,
0x21, 0x99, 0x2e, 0xab, 0xe0, 0xdf, 0x4d, 0xac, 0x0d, 0xd0, 0xa2, 0x61,
0x5f, 0x04, 0x08, 0x83, 0x66, 0x5c, 0x67, 0x47, 0x0c, 0xab, 0x2c, 0xb7,
0x6d, 0x0e, 0x32, 0x4c, 0x8c, 0x25, 0x80, 0xf5, 0xe5, 0x7e, 0x3b, 0xa1,
0xc6, 0xc5, 0x87, 0xd8, 0x68, 0xb2, 0xd5, 0x67, 0xf9, 0x5a, 0x8b, 0x88,
0xf8, 0xcd, 0x0c, 0xda, 0x4f, 0xfc, 0xd2, 0xaf, 0xb2, 0xa2, 0x38, 0x21,
0xf9, 0xd8, 0xf1, 0x1c, 0x8d, 0xb4, 0xe8, 0xfb, 0x76, 0x36, 0x87, 0xf4,
0x7d, 0x03, 0xc4, 0x06, 0xab, 0x87, 0xac, 0x52, 0xe8, 0xd5, 0xf7, 0x63,
0xf0, 0xa8, 0x0b, 0x95, 0xbd, 0x07, 0xf1, 0x1d, 0x33, 0x7b, 0x8a, 0x2c,
0xef, 0x85, 0xbe, 0xf8, 0xc1, 0x4b, 0xa2, 0xb0, 0xe0, 0x7a, 0x85, 0xfa,
0x52, 0x36, 0x05, 0xa7, 0x65, 0x4a, 0x0c, 0x21, 0x5c, 0xc0, 0x4f, 0x18,
0xb8, 0x66, 0x02, 0xe6, 0xd0, 0x45, 0x60, 0x56, 0xfc, 0x40, 0x94, 0xb5,
0xa5, 0x2b, 0xc7, 0x57, 0xc3, 0xc5, 0x30, 0x72, 0x1c, 0x4c, 0x2a, 0xd5,
0x75, 0xae, 0x43, 0x9f, 0x01, 0x71, 0xac, 0x5c, 0xdf, 0x9c, 0x0a, 0x3c,
0xb5, 0x89, 0x07, 0x9b, 0x28, 0x25, 0x31, 0x31, 0xc5, 0xb7, 0x24, 0x53,
0x2c, 0x3c, 0x2a, 0x96, 0xe5, 0x0d, 0xa2, 0x97, 0xa7, 0x08, 0x9d, 0x31,
0xc0, 0xcd, 0x53, 0xd5, 0xa8, 0x58, 0xa6, 0xac, 0x43, 0x2d, 0xac, 0x39,
0x01, 0x2c, 0x60, 0xf6, 0x82, 0x86, 0xd0, 0xaf, 0xad, 0x61, 0x3f, 0x82,
0x80, 0xa1, 0xe1, 0x12, 0x83, 0x6e, 0x1d, 0x5e, 0xfe, 0xc6, 0x1e, 0x2a,
0x7a, 0x44, 0xcd, 0xc2, 0x0a, 0xf5, 0xc8, 0x72, 0x3e, 0x29, 0xc7, 0x0a,
0xd1, 0x4c, 0x17, 0xdd, 0x1f, 0xb6, 0x95, 0x34, 0xc2, 0x6c, 0xdc, 0x63,
0xd1, 0x7e, 0xb0, 0x52, 0x06, 0x18, 0x6c, 0xb1, 0x99, 0x6a, 0xbe, 0x42,
0xa9, 0xc0, 0x22, 0xcc, 0x09, 0x11, 0x84, 0x1f, 0x16, 0x9a, 0x0e, 0xdd,
0x18, 0x7a, 0x39, 0x34, 0xb0, 0x49, 0x44, 0xcb, 0x88, 0x1f, 0x91, 0x93,
0x49, 0x3f, 0xcc, 0x62, 0x56, 0x33, 0x15, 0xcb, 0x02, 0x9b, 0x33, 0xe8,
0xd7, 0xab, 0x51, 0xc0, 0x91, 0xe0, 0x9c, 0xd2, 0xf9, 0x52, 0x05, 0x0c,
0xbf, 0xf1, 0x97, 0x42, 0xfe, 0xd0, 0x32, 0x27, 0x34, 0xf8, 0x82, 0x2d,
0x65, 0x3a, 0x36, 0xce, 0xd1, 0x07, 0x82, 0x3a, 0x6a, 0xaa, 0x56, 0xf1,
0x9b, 0x98, 0xca, 0x8e, 0x55, 0xff, 0xa0, 0x74, 0xd6, 0x6a, 0x42, 0xaa,
0x0a, 0xd4, 0x59, 0x74, 0xfb, 0xd4, 0xdb, 0x14, 0x10, 0xee, 0xca, 0x78,
0x83, 0x83, 0x95, 0x9b, 0x77, 0xf1, 0x9a, 0x48, 0xe0, 0x8f, 0xa4, 0x5a,
0x4d, 0xa9, 0x3f, 0x32, 0x78, 0x4a, 0x25, 0x96, 0x9c, 0x20, 0x0a, 0xcc,
0x5b, 0xd8, 0xca, 0x19, 0x47, 0x77, 0xb8, 0x7c, 0x51, 0x3e, 0xd6, 0x30,
0xdb, 0x45, 0xb0, 0xe6, 0x9d, 0x6f, 0xc5, 0x0a, 0x5d, 0x5f, 0x55, 0xcd,
0x0f, 0x20, 0x22, 0x7e, 0x09, 0x99, 0xac, 0xb8, 0x9c, 0x9d, 0xf7, 0x3e,
0x7e, 0x07, 0xd7, 0xbc, 0x21, 0x76, 0x8c, 0x27, 0x81, 0x94, 0xab, 0x57,
0x4a, 0xe2, 0x91, 0x1c, 0xa4, 0x77, 0x4a, 0xd2, 0x96, 0x52, 0x9d, 0x33,
0xb5, 0x58, 0x70, 0xd7, 0xff, 0x22, 0xe8, 0x14, 0xea, 0xd0, 0x8c, 0xd4,
0x06, 0x08, 0xd8, 0x73, 0x66, 0x4b, 0x93, 0x41, 0xc9, 0x73, 0x5b, 0x07,
0x5f, 0x31, 0xc5, 0x25, 0x98, 0x7b, 0x7b, 0xa5, 0x26, 0x83, 0x94, 0x22,
0x42, 0x1c, 0x51, 0xe6, 0x80, 0x48, 0xca, 0xd4, 0x53, 0x40, 0x3a, 0xee,
0x2c, 0x29, 0x07, 0xed, 0xdf, 0x97, 0x44, 0x19, 0xe5, 0xe5, 0x35, 0x66,
0x1f, 0xbd, 0x29, 0x77, 0x0c, 0x15, 0x6c, 0x95, 0x08, 0x81, 0xe0, 0x76,
0x86, 0x5e, 0x6d, 0x77, 0x78, 0x76, 0x07, 0xdd, 0x21, 0x97, 0x59, 0xdb,
0xd4, 0xbd, 0xb6, 0x4c, 0x3f, 0x07, 0x93, 0xb6, 0x4a, 0xce, 0xf7, 0x08,
0x86, 0xfd, 0x9c, 0x03, 0x08, 0x94, 0x00, 0xea, 0x4b, 0xd6, 0x1e, 0x17,
0xfb, 0xb5, 0xba, 0xde, 0x25, 0x95, 0xe7, 0xf8, 0x97, 0x9e, 0x99, 0xae,
0x5d, 0xdd, 0xf6, 0x32, 0x1a, 0xf2, 0x4f, 0xcf, 0x0c, 0x17, 0x55, 0xb8,
0xfb, 0xae, 0xc8, 0x46, 0xb0, 0x3e, 0x86, 0x2b, 0x5e, 0xef, 0x36, 0xca,
0x24, 0xed, 0x32, 0x5b, 0xc8, 0xfb, 0x88, 0x35, 0x6a, 0x26, 0xfe, 0x06,
0x54, 0x0c, 0x3e, 0x2c, 0x71, 0xdf, 0x98, 0xf0, 0xbb, 0xb2, 0xe0, 0x9d,
0xf7, 0xeb, 0xce, 0x07, 0xfa, 0xc4, 0xab, 0x88, 0xc3, 0x14, 0x33, 0x60,
0x48, 0xcf, 0x39, 0x26, 0x90, 0xac, 0xfa, 0x39, 0x6f, 0x2d, 0x9d, 0x6d,
0x15, 0x7f, 0x84, 0x6b, 0x0a, 0x1c, 0xf4, 0x6c, 0x78, 0x62, 0x52, 0x93,
0x2c, 0x7e, 0x9f, 0x4a, 0x51, 0x7a, 0x2e, 0xad, 0xea, 0xe4, 0xe5, 0x9c,
0x15, 0x15, 0x28, 0x4d, 0x3e, 0x5e, 0xb4, 0x3b, 0xff, 0x81, 0xe0, 0x56,
0x44, 0x33, 0x33, 0xd9, 0x4b, 0xb2, 0x23, 0x60, 0xed, 0x0d, 0xa5, 0x4e,
0x9f, 0x7d, 0xbc, 0x6e, 0x3a, 0xf9, 0x7e, 0x16, 0x47, 0x66, 0xb1, 0x6c,
0xc7, 0x26, 0x62, 0x9b, 0x3c, 0x53, 0xb3, 0xa1, 0x16, 0x62, 0x31, 0x64,
0xd2, 0xbb, 0x28, 0x5c, 0xe8, 0x21, 0xc3, 0xfc, 0xc3, 0x6d, 0xa7, 0x35,
0x4d, 0x57, 0xe0, 0xbd, 0x54, 0x1a, 0x84, 0xf7, 0x9c, 0x8a, 0x54, 0x3d,
0x59, 0xb3, 0xa2, 0x46, 0x3b, 0x16, 0x48, 0x3b, 0x3a, 0x3c, 0x5e, 0x88,
0xc3, 0x60, 0x63, 0x7e, 0xca, 0x68, 0xb7, 0x2f, 0x2b, 0xb5, 0x62, 0x2e,
0x51, 0x89, 0xbe, 0x78, 0xf7, 0xfa, 0x19, 0xcc, 0xca, 0x87, 0x9a, 0xf5,
0xef, 0x0d, 0x21, 0x08, 0x3b, 0xd6, 0x9a, 0x94, 0xc5, 0xd1, 0x1b, 0xa9,
0x7c, 0xc8, 0x9f, 0x9a, 0xb0, 0xb8, 0xf7, 0x02, 0x12, 0x31, 0x70, 0x52,
0x52, 0xda, 0xb5, 0x9a, 0x08, 0x20, 0xc3, 0xc4, 0x0c, 0x6a, 0x34, 0x58,
0x75, 0x9b, 0xdc, 0x1a, 0x6a, 0x37, 0x42, 0x9f, 0x16, 0x70, 0xbb, 0x39,
0x86, 0xbd, 0x09, 0x9c, 0x04, 0x44, 0xbe, 0x1a, 0xe5, 0xe9, 0x50, 0x9b,
0x14, 0x50, 0x4f, 0x00, 0xba, 0xb0, 0xf6, 0x36, 0x4d, 0x69, 0x16, 0x11,
0x40, 0x5a, 0x4e, 0x8b, 0x39, 0xb4, 0xf1, 0xb2, 0x11, 0x36, 0x2f, 0x02,
0x15, 0xca, 0x78, 0xde, 0x75, 0x07, 0x64, 0x72, 0xfd, 0xd4, 0x48, 0xdd,
0xfb, 0xf5, 0x8a, 0x3d, 0xa8, 0x8e, 0x14, 0xd1, 0x69, 0xe3, 0x21, 0x50,
0x39, 0xfd, 0xd0, 0x3b, 0xa0, 0x22, 0x61, 0x5c, 0x7e, 0x88, 0x91, 0xe1,
0xf0, 0xf6, 0x16, 0x23, 0xdb, 0xdb, 0x50, 0x0e, 0x39, 0xcc, 0x86, 0xf1,
0xab, 0x89, 0x60, 0xb0, 0xac, 0x28, 0xc6, 0x57, 0xe4, 0xee, 0xa9, 0x1b,
0xae, 0x78, 0xc5, 0x67, 0x1a, 0xeb, 0xb3, 0x43, 0xbc, 0xea, 0x11, 0x0c,
0x64, 0xf6, 0xd2, 0x52, 0xa0, 0x7e, 0xcd, 0x6d, 0x84, 0x8c, 0xf8, 0x80,
0xb7, 0xdb, 0x26, 0x91, 0x4a, 0xa0, 0x61, 0x69, 0x2f, 0x6f, 0x1c, 0x9d,
0x2a, 0x20, 0x44, 0xdc, 0x58, 0xaf, 0x7d, 0xfe, 0x4d, 0xa2, 0x10, 0x21,
0x88, 0xef, 0x42, 0x2e, 0x8e, 0xfb, 0x63, 0xbc, 0xc8, 0x26, 0xe7, 0x80,
0xa5, 0xbf, 0xe0, 0x7a, 0xcb, 0xf3, 0x31, 0x1c, 0xd9, 0xa3, 0x12, 0x00,
0x2f, 0x20, 0xc6, 0xc1, 0x15, 0xfd, 0x5b, 0x0d, 0x8a, 0x4d, 0xfb, 0x84,
0x4d, 0xb4, 0x64, 0xeb, 0x12, 0xf3, 0x78, 0x6b, 0x4d, 0xc6, 0x98, 0x46,
0x4c, 0xb3, 0xb4, 0x59, 0xdc, 0xb7, 0xdc, 0xbb, 0x56, 0x0f, 0x09, 0x14,
0x28, 0x43, 0x9f, 0xb8, 0x75, 0xed, 0xcb, 0x97, 0x25, 0xaf, 0xa5, 0xeb,
0x46, 0x14, 0xa6, 0x38, 0x68, 0x06, 0xe0, 0x6e, 0x55, 0x68, 0x6b, 0xf3,
0xd8, 0x6d, 0x59, 0x65, 0x65, 0xff, 0x48, 0xfd, 0xdb, 0x3d, 0xe2, 0x21,
0xb4, 0x7b, 0x78, 0x6a, 0x2e, 0x28, 0xb8, 0x21, 0xc4, 0x72, 0xf4, 0xef,
0xfb, 0x74, 0x43, 0x29, 0xf2, 0x30, 0xc9, 0xca, 0x78, 0x93, 0x72, 0xfd,
0x84, 0xa4, 0x95, 0xe0, 0xcd, 0xb1, 0x48, 0x29, 0xe7, 0xd1, 0x27, 0xf7,
0xdc, 0x31, 0x6e, 0x00, 0x04, 0xd7, 0x7c, 0xfd, 0x2d, 0x25, 0xe9, 0xdb,
0xc2, 0xb8, 0x14, 0x26, 0xed, 0x63, 0xb1, 0x50, 0x0a, 0x3c, 0xb2, 0x79,
0x98, 0x79, 0x81, 0x2d, 0xdb, 0x60, 0x97, 0x99, 0xc0, 0x0a, 0x89, 0x9f,
0x90, 0x19, 0x0b, 0xb3, 0x97, 0xd2, 0xf7, 0x50, 0xa5, 0x1d, 0x7d, 0x71,
0x75, 0xe6, 0x58, 0x62, 0x53, 0x95, 0x40, 0x9e, 0xc7, 0xd3, 0x72, 0xa1,
0xae, 0x07, 0xb3, 0x8a, 0x56, 0x61, 0x99, 0x81, 0x3e, 0xe4, 0x5e, 0x78,
0x57, 0xd1, 0x8a, 0xc4, 0x04, 0x38, 0x13, 0xa0, 0x5d, 0x68, 0x6d, 0x22,
0xae, 0xda, 0xfc, 0x67, 0xbb, 0xfb, 0x8e, 0x1a, 0xdc, 0x24, 0xf7, 0xc8,
0xf9, 0x92, 0x6f, 0x4e, 0xb5, 0xe7, 0x6d, 0x13, 0x88, 0x05, 0x5c, 0xbb,
0xe0, 0x24, 0x2a, 0x96, 0xc6, 0x70, 0x52, 0x14, 0xd0, 0xd9, 0xd8, 0xb2,
0x5b, 0xdc, 0x85, 0xcf, 0x62, 0xb4, 0xcf, 0x77, 0xf1, 0xe5, 0x51, 0xeb,
0xef, 0xe9, 0x3e, 0xf0, 0x16, 0xd2, 0xcc, 0x38, 0x0a, 0x47, 0x91, 0xc0,
0xe0, 0x14, 0x1a, 0xf9, 0x74, 0xd1, 0x32, 0x8b, 0x02, 0x36, 0x05, 0x55,
0x62, 0xa7, 0xae, 0x77, 0xb0, 0x01, 0x3d, 0x2c, 0x91, 0xbe, 0xfa, 0xdd,
0x9c, 0x17, 0x42, 0xc1, 0x01, 0x4d, 0xd8, 0x27, 0x3c, 0x10, 0x82, 0x66,
0x11, 0x91, 0x8b, 0xc8, 0x52, 0xd5, 0xc1, 0x1d, 0xee, 0xb2, 0x90, 0x17,
0xed, 0xf3, 0xad, 0xa5, 0xd5, 0xeb, 0xf2, 0x9b, 0x78, 0xbf, 0x2d, 0x5a,
0xad, 0xe5, 0x53, 0xe6, 0xc1, 0x3b, 0xd8, 0xf3, 0x6b, 0xc5, 0x4c, 0x87,
0x0a, 0xe3, 0xc8, 0xc7, 0xe5, 0x42, 0x2c, 0xe2, 0x13, 0x1a, 0xe7, 0x27,
0x20, 0x3e, 0x95, 0x13, 0x1e, 0xbb, 0x03, 0xae, 0xc0, 0x84, 0x14, 0x6d,
0x7b, 0xf7, 0x98, 0x08, 0x18, 0x12, 0xb4, 0x4f, 0x99, 0x4a, 0xcf, 0xd0,
0x4a, 0x5d, 0x21, 0x16, 0xf6, 0xdf, 0x10, 0xc7, 0xbe, 0xe6, 0x79, 0x3b,
0x35, 0x2a, 0xa6, 0xd6, 0x19, 0x9c, 0xde, 0xbd, 0xaf, 0x72, 0xd2, 0x25,
0xe0, 0xa4, 0xde, 0x99, 0x44, 0x18, 0x66, 0x41, 0xc7, 0x56, 0xf7, 0xdc,
0x32, 0x56, 0x57, 0x39, 0x18, 0x31, 0xc8, 0x75, 0x01, 0xc3, 0xf3, 0x46,
0xcf, 0xbf, 0xc6, 0x10, 0xb5, 0x1c, 0x38, 0xf9, 0xa4, 0xa5, 0x44, 0xa1,
0x0b, 0x25, 0x48, 0x9c, 0xd3, 0x1c, 0x55, 0x54, 0x15, 0x9f, 0xe3, 0x74,
0x5b, 0xb1, 0x92, 0xb6, 0x52, 0x61, 0xba, 0x2f, 0x53, 0x91, 0x17, 0x44,
0x94, 0x00, 0xe4, 0x43, 0xa0, 0xe7, 0x0d, 0xaa, 0x8a, 0x5b, 0x81, 0x43,
0xad, 0xfb, 0x50, 0xfe, 0xcf, 0x85, 0x2d, 0xfa, 0xc8, 0x1d, 0xad, 0xc8,
0x7a, 0x7c, 0x5e, 0xf3, 0x90, 0x35, 0x5e, 0x67, 0xce, 0x57, 0x4d, 0xa0,
0x22, 0x9e, 0x07, 0x4a, 0xf5, 0x9e, 0x5f, 0x91, 0x45, 0xd8, 0x62, 0xe0,
0xf3, 0x87, 0x3b, 0xb7, 0x89, 0x2f, 0xdf, 0x8b, 0x82, 0xb1, 0x86, 0xc3,
0xa4, 0xa3, 0x68, 0xc7, 0x73, 0x9e, 0x68, 0x8d, 0x24, 0x6a, 0x29, 0x94,
0x58, 0x57, 0x4b, 0x81, 0x00, 0xe2, 0x2b, 0x94, 0x0a, 0xf5, 0x96, 0xa3,
0x23, 0x9a, 0x7b, 0xd0, 0x2d, 0xcb, 0x6a, 0x8e, 0xae, 0x1b, 0x1c, 0x34,
0xed, 0x30, 0x4e, 0xca, 0x29, 0x21, 0xfc, 0x3d, 0x70, 0x11, 0xc1, 0x5f,
0x3e, 0xc2, 0x9e, 0x88, 0x71, 0x29, 0xa3, 0x8f, 0x92, 0xf5, 0x46, 0x77,
0xd5, 0x47, 0x2d, 0x2b, 0x66, 0x1c, 0x07, 0xf0, 0xfc, 0x7b, 0xa0, 0x13,
0x00, 0xae, 0xa5, 0x61, 0x92, 0x36, 0xeb, 0x7e, 0x43, 0x91, 0x20, 0x72,
0xe5, 0xba, 0x7f, 0x79, 0x23, 0x12, 0x3e, 0xb2, 0x4b, 0x13, 0xa1, 0x8c,
0x84, 0x72, 0x3b, 0x45, 0x62, 0xcf, 0x2e, 0x78, 0xc4, 0x9c, 0x22, 0x09,
0xfa, 0x59, 0x9d, 0xdf, 0x13, 0x54, 0x66, 0xe2, 0x6f, 0xfa, 0xb5, 0x2a,
0x27, 0x3e, 0x17, 0x82, 0xf3, 0x2a, 0x4d, 0x36, 0xd3, 0xf0, 0x8d, 0x43,
0x40, 0x2c, 0x84, 0x68, 0xbe, 0x40, 0x50, 0x7d, 0xa3, 0x27, 0x5e, 0xde,
0x4d, 0x04, 0x6f, 0xe8, 0x96, 0x9c, 0x7a, 0x1d, 0xb8, 0x2b, 0x8a, 0xb1,
0x6e, 0xe2, 0x36, 0x07, 0x22, 0x50, 0xd9, 0x71, 0x93, 0x48, 0xb5, 0x51,
0xce, 0x2a, 0x64, 0x6b, 0x11, 0xa6, 0xb9, 0x40, 0x2d, 0x6c, 0xd2, 0x76,
0x52, 0xc6, 0xe3, 0xa6, 0x6b, 0xd2, 0x3f, 0x39, 0xd2, 0x13, 0x28, 0xa4,
0xa9, 0x58, 0x99, 0xe8, 0x3d, 0x08, 0xfa, 0x3c, 0x34, 0x39, 0x4d, 0x7d,
0x5e, 0x10, 0x72, 0x51, 0x96, 0x1d, 0x4b, 0xd9, 0x3e, 0xc9, 0x22, 0x4c,
0x72, 0x63, 0xf8, 0x87, 0x4b, 0xe7, 0x41, 0xac, 0xcd, 0xd6, 0x34, 0xa2,
0xe1, 0xe8, 0x66, 0x81, 0x04, 0x7d, 0x70, 0x95, 0xba, 0x37, 0x86, 0x9e,
0x1f, 0x9a, 0x1b, 0xe4, 0x35, 0xac, 0xe6, 0xcf, 0x48, 0x55, 0x6e, 0xbb,
0x9d, 0x40, 0x79, 0x96, 0xdd, 0xac, 0xf8, 0xf5, 0x99, 0xad, 0x43, 0x0d,
0xad, 0xa9, 0x62, 0xc0, 0x70, 0x8b, 0x50, 0x9b, 0xca, 0x0d, 0x3e, 0x54,
0x9c, 0x27, 0xd5, 0x9e, 0x20, 0xe2, 0xe0, 0xb0, 0xb0, 0xbe, 0x8e, 0x56,
0x43, 0x95, 0x9b, 0x34, 0xd1, 0x05, 0x28, 0xa0, 0xee, 0xd9, 0xab, 0x6a,
0xa7, 0xbb, 0xb7, 0x1b, 0x3a, 0x5d, 0x33, 0x97, 0x25, 0x54, 0xe4, 0x0e,
0x64, 0x79, 0xed, 0x16, 0x62, 0x89, 0x70, 0x4a, 0xa6, 0x47, 0x40, 0xd7,
0xa3, 0xd2, 0x6f, 0x28, 0xdd, 0xc5, 0x04, 0xab, 0x7e, 0x7e, 0x1e, 0xb0,
0x19, 0x02, 0x48, 0xb5, 0x88, 0x82, 0x75, 0xaf, 0x66, 0x74, 0xca, 0xf6,
0xd7, 0xe8, 0x6d, 0xfa, 0x5e, 0xfa, 0xaf, 0xa8, 0x04, 0xaa, 0x2c, 0x09,
0xf1, 0x4c, 0x36, 0x75, 0xb5, 0xdc, 0xe8, 0x04, 0x80, 0xd3, 0x14, 0x78,
0x09, 0x5b, 0xfd, 0x52, 0x6f, 0xd9, 0x3c, 0x1c, 0x02, 0x3b, 0x77, 0xb8,
0xa1, 0xe9, 0xa4, 0xb7, 0x42, 0x62, 0xee, 0xea, 0x43, 0xf3, 0xd8, 0xd0,
0x7a, 0x53, 0x91, 0x34, 0x7f, 0xe7, 0x9a, 0xc6
};
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_draft_pub_key[] = {
0x15, 0xc9, 0xe5, 0x53, 0x2f, 0xd8, 0x1f, 0xb4, 0xa3, 0x9f,
0xae, 0xad, 0xb3, 0x10, 0xd0, 0x72, 0x69, 0xd3, 0x02, 0xf3,
0xdf, 0x67, 0x5a, 0x31, 0x52, 0x19, 0xca, 0x39, 0x27, 0x77,
0x61, 0x6d, 0x0f, 0xc1, 0x33, 0x26, 0x09, 0xf0, 0xf9, 0x4d,
0x12, 0x7a, 0xef, 0xf7, 0x21, 0x26, 0x2c, 0xe0, 0xe2, 0x92,
0x1f, 0x9d, 0xd1, 0xaa, 0xaf, 0x08, 0x14, 0xf2, 0xaa, 0x24,
0x99, 0x0f, 0x20, 0x57, 0x35, 0x04, 0x32, 0x96, 0x8e, 0x6e,
0x10, 0x64, 0xe3, 0xe3, 0x57, 0x26, 0x33, 0x32, 0x7b, 0xe4,
0x18, 0x41, 0x77, 0xd3, 0x24, 0x63, 0x3d, 0x11, 0xea, 0xdc,
0xbe, 0x59, 0xff, 0x8d, 0xc2, 0xe4, 0xc7, 0x04, 0xf3, 0xd4,
0xe0, 0x1d, 0x5e, 0x09, 0x46, 0xbf, 0x02, 0x05, 0xc7, 0xa6,
0xb7, 0x82, 0x40, 0x1f, 0x55, 0xe9, 0x77, 0x82, 0xc0, 0xcc,
0x86, 0x99, 0x19, 0x99, 0xa2, 0xc9, 0x1b, 0x4f, 0xdd, 0x49,
0x4c, 0x78, 0x0a, 0x58, 0xb8, 0xf0, 0x23, 0xac, 0x1a, 0x71,
0x57, 0x6d, 0xd6, 0x3a, 0x3a, 0x6f, 0x93, 0xb3, 0x2b, 0x09,
0xbe, 0xec, 0x7b, 0x5b, 0xf7, 0x3a, 0xed, 0xf9, 0xd0, 0xb1,
0xfe, 0x9f, 0x9b, 0xec, 0x11, 0xb6, 0x6b, 0xd1, 0xb6, 0x00,
0x72, 0x7f, 0x68, 0x9a, 0x61, 0xa5, 0xf5, 0x6e, 0xe9, 0x46,
0xa4, 0x82, 0x08, 0x9f, 0x50, 0x4c, 0x75, 0xc3, 0x48, 0x85,
0x76, 0x39, 0xea, 0x0c, 0xf2, 0xe8, 0x7e, 0x48, 0x69, 0xd9,
0x6f, 0x9a, 0x89, 0x7d, 0x98, 0xc1, 0x16, 0xdc, 0x2f, 0xc7,
0x0a, 0x11, 0xa8, 0xbb, 0xe7, 0x91, 0xb1, 0x0f, 0x0e, 0xf0,
0xb4, 0xc8, 0x41, 0x7e, 0x62, 0x9e, 0x3c, 0x30, 0x4c, 0xbc,
0x4c, 0xeb, 0x37, 0xaf, 0x48, 0x72, 0x59, 0x64, 0x8e, 0xfb,
0x77, 0x11, 0x28, 0xdd, 0x30, 0x52, 0x8e, 0x69, 0x8c, 0x9f,
0x3d, 0xec, 0xdf, 0xa7, 0x5f, 0x42, 0x18, 0xda, 0xba, 0x1a,
0x96, 0x91, 0x7d, 0x62, 0xd5, 0x52, 0xff, 0x44, 0xc9, 0x1d,
0x29, 0xa6, 0xb9, 0x03, 0x9a, 0x26, 0x26, 0xcf, 0x57, 0x40,
0x70, 0x7e, 0x2b, 0xbd, 0xf0, 0x81, 0x71, 0x0f, 0x0b, 0x2e,
0x9b, 0x03, 0xba, 0x31, 0x41, 0x68, 0x37, 0xc8, 0xff, 0xea,
0xc4, 0x73, 0xa5, 0xf9, 0xc2, 0x92, 0x78, 0x0c, 0xe7, 0xfd,
0x5d, 0xb2, 0x01, 0xb5, 0x8d, 0xeb, 0x64, 0xd4, 0x14, 0xea,
0x7a, 0xd1, 0x42, 0xc8, 0x99, 0xe4, 0x7d, 0x5b, 0x7e, 0x3b,
0x8f, 0xab, 0x82, 0x12, 0xdf, 0xbb, 0xa1, 0x45, 0x30, 0xc9,
0x0f, 0xb9, 0xe5, 0xba, 0xe6, 0x8a, 0xf3, 0x78, 0x61, 0xcc,
0x9f, 0xe1, 0x46, 0x2a, 0x9a, 0x18, 0x0e, 0x2a, 0x57, 0xf3,
0xe5, 0x56, 0xd1, 0x42, 0x48, 0xe1, 0x5a, 0x8e, 0x33, 0xce,
0x19, 0xe5, 0x3e, 0x7f, 0x00, 0x70, 0x9c, 0x4c, 0xd3, 0xe1,
0x0c, 0xa1, 0x7e, 0xd4, 0xa9, 0x9e, 0x8b, 0xe2, 0xf0, 0xac,
0xdb, 0xa6, 0x72, 0x75, 0x67, 0xa6, 0x57, 0xed, 0x79, 0x2e,
0xca, 0x8d, 0xeb, 0x9b, 0x9e, 0xb7, 0xbf, 0x30, 0x02, 0x2b,
0xb3, 0x43, 0x89, 0x9b, 0xa8, 0x88, 0xa5, 0xbb, 0x33, 0xd9,
0x99, 0x30, 0x7c, 0xc7, 0xd4, 0x28, 0x5e, 0x5e, 0x3f, 0x9d,
0x6d, 0x35, 0x75, 0x33, 0x8e, 0xff, 0x84, 0x2e, 0x2d, 0xda,
0xf0, 0xff, 0x70, 0xe5, 0xb5, 0x62, 0x96, 0x33, 0x3a, 0xd9,
0xb5, 0x82, 0x25, 0x81, 0x81, 0x40, 0x5d, 0x4f, 0x11, 0x86,
0x63, 0x1a, 0x06, 0xc1, 0x67, 0xc7, 0x49, 0x03, 0xc7, 0xe4,
0x6f, 0xb4, 0x13, 0x3e, 0x57, 0x62, 0xfd, 0x8a, 0xc6, 0x2b,
0x65, 0x5b, 0xa4, 0x29, 0x57, 0x8d, 0xde, 0xa5, 0xee, 0x32,
0xc2, 0x76, 0x03, 0xca, 0xce, 0xc1, 0x48, 0xec, 0x45, 0xcf,
0x30, 0x21, 0x28, 0x7f, 0x10, 0x47, 0xd2, 0xdb, 0xee, 0xca,
0x5b, 0x0f, 0xd5, 0x39, 0x3a, 0xc3, 0xa6, 0x78, 0xb2, 0x15,
0xaf, 0x82, 0x3c, 0x2f, 0xc4, 0x51, 0x5c, 0x52, 0xad, 0xf2,
0x89, 0x92, 0x8e, 0xf3, 0x50, 0x38, 0xed, 0xf8, 0xc9, 0x14,
0x4c, 0xe4, 0xa3, 0x9a, 0xaf, 0xc4, 0x5c, 0xf3, 0x9f, 0xc3,
0xa3, 0xc0, 0xbe, 0x45, 0x1b, 0x21, 0x63, 0xfa, 0xe0, 0xe0,
0x91, 0x2b, 0x42, 0xca, 0x91, 0xfb, 0x5e, 0x97, 0x9a, 0x0a,
0xd4, 0x88, 0xba, 0xb8, 0x22, 0xc6, 0xbf, 0x56, 0x58, 0x1e,
0x92, 0xa9, 0x9d, 0xa7, 0xed, 0xc9, 0xab, 0x54, 0x4f, 0x75,
0x8d, 0x42, 0xc1, 0xe1, 0x61, 0xd0, 0x91, 0x9a, 0x3a, 0x40,
0x9a, 0xa3, 0xfb, 0x7b, 0x4e, 0xf0, 0x85, 0xf0, 0xdc, 0x40,
0x72, 0x9f, 0x05, 0xa8, 0xbe, 0x95, 0x5a, 0x7f, 0xba, 0x75,
0x00, 0x6e, 0x95, 0x76, 0xbd, 0xb2, 0x40, 0xf5, 0xb0, 0x64,
0x0a, 0x2f, 0x06, 0x3d, 0x9f, 0xac, 0x6a, 0xa5, 0x46, 0x5a,
0x85, 0xa4, 0x6f, 0xee, 0x27, 0xa0, 0xeb, 0x5f, 0x1f, 0x91,
0xbd, 0x2b, 0x02, 0x16, 0xdf, 0x74, 0x97, 0x2c, 0xd0, 0xa8,
0x9f, 0x3a, 0x7b, 0xdf, 0x3e, 0x98, 0x4a, 0x91, 0xdc, 0x19,
0x96, 0x88, 0x75, 0x21, 0x1a, 0x6a, 0xa8, 0x4b, 0x1f, 0x35,
0xd1, 0x92, 0xf5, 0x76, 0xf4, 0x72, 0x55, 0x13, 0xdb, 0x5d,
0x07, 0x8d, 0xd9, 0x72, 0xe4, 0x75, 0xde, 0x80, 0xbc, 0xe9,
0x9c, 0xf0, 0x5c, 0x6a, 0x8a, 0x0e, 0x34, 0xf6, 0x3f, 0x5c,
0xef, 0x0e, 0xcc, 0x52, 0x38, 0x2d, 0x7b, 0xc2, 0x1b, 0x69,
0x9f, 0xe5, 0xed, 0x14, 0xb0, 0x91, 0x0b, 0xe9, 0x4d, 0x34,
0xd5, 0xaa, 0xd4, 0xd2, 0x46, 0x39, 0x45, 0x7e, 0x85, 0x2f,
0xdb, 0x89, 0xf4, 0xff, 0x05, 0x74, 0x51, 0xba, 0xdd, 0xee,
0xf6, 0xc2, 0xc1, 0x0a, 0x8f, 0xd9, 0xeb, 0xc7, 0x61, 0x30,
0x8f, 0x86, 0x8b, 0x1f, 0x82, 0xc1, 0x22, 0xfd, 0x83, 0xf4,
0x5d, 0xc5, 0x94, 0xf5, 0xd7, 0x17, 0xc7, 0x7b, 0x71, 0xf5,
0x5e, 0x15, 0x49, 0x70, 0xb2, 0x57, 0xa0, 0xc0, 0x57, 0x63,
0x53, 0x35, 0xb6, 0x52, 0x20, 0x7b, 0x83, 0xd4, 0x57, 0x63,
0x25, 0x8e, 0x83, 0xb3, 0x8e, 0x26, 0x1f, 0x09, 0xde, 0x14,
0xd6, 0xa6, 0xfc, 0xe5, 0x93, 0x3c, 0x88, 0x8e, 0xf5, 0x10,
0x57, 0xb9, 0xc9, 0x9b, 0xff, 0x72, 0x9d, 0x3d, 0x3f, 0x97,
0xd9, 0x3c, 0x20, 0xe2, 0x57, 0xfd, 0x2a, 0x5c, 0x17, 0x12,
0xe6, 0x08, 0xaf, 0xe4, 0x26, 0x96, 0xb9, 0x6d, 0xc3, 0xac,
0x22, 0xf3, 0x8b, 0x89, 0xde, 0xc7, 0x8a, 0x93, 0x06, 0xf7,
0x1d, 0x08, 0x21, 0x36, 0x16, 0x74, 0x2b, 0x97, 0x23, 0xe4,
0x79, 0x31, 0x08, 0x23, 0x62, 0x30, 0x67, 0xe2, 0xed, 0x30,
0x9b, 0x0c, 0xf9, 0x08, 0x7a, 0x29, 0x73, 0xc6, 0x77, 0x8a,
0xbb, 0x2a, 0x1c, 0x66, 0xd0, 0xdd, 0x9e, 0xa3, 0xe9, 0x62,
0xcc, 0xb7, 0x88, 0x25, 0x4a, 0x5f, 0xbc, 0xaa, 0xe3, 0xe4,
0x4f, 0xec, 0xa6, 0x8e, 0xa6, 0xa4, 0x1b, 0x22, 0x2b, 0x2c,
0x8f, 0x57, 0x7f, 0xb7, 0x33, 0xfe, 0x16, 0x43, 0x85, 0xc5,
0xd2, 0x95, 0xe6, 0xb9, 0x21, 0x68, 0x88, 0x98, 0x33, 0x8c,
0x1d, 0x15, 0x9c, 0x4d, 0x62, 0x1f, 0x6b, 0xe8, 0x7a, 0x2d,
0x6b, 0x0e, 0xc3, 0xde, 0x1a, 0xa8, 0xed, 0x67, 0xb3, 0xb3,
0x36, 0x5b, 0x4b, 0xcb, 0xe8, 0xa8, 0x5c, 0x0b, 0x2f, 0xca,
0xd7, 0x71, 0xe8, 0x85, 0xe7, 0x4d, 0xe5, 0x7b, 0x45, 0xed,
0xb2, 0x4c, 0x69, 0x04, 0x7e, 0x4f, 0xc0, 0xef, 0x1a, 0xca,
0x0d, 0xa6, 0xc4, 0x79, 0x15, 0x78, 0x9c, 0xd2, 0x91, 0x3c,
0x32, 0x55, 0x40, 0xe7, 0xcb, 0x7e, 0xde, 0x07, 0xa6, 0x97,
0x00, 0x2d, 0x70, 0xf6, 0x3d, 0x15, 0xdf, 0x29, 0x8e, 0xa3,
0x96, 0x6d, 0xf2, 0xbb, 0xa5, 0x1b, 0x7b, 0x58, 0x30, 0xf6,
0x17, 0xbd, 0xda, 0x13, 0xf7, 0x33, 0xc2, 0x62, 0x32, 0xd4,
0x1c, 0x2e, 0x31, 0x74, 0x92, 0xad, 0x99, 0x8c, 0x0e, 0x7c,
0x50, 0x21, 0xcd, 0xff, 0x41, 0xeb, 0xd1, 0xca, 0x14, 0xb7,
0xb2, 0x31, 0x2f, 0xbe, 0x16, 0xce, 0x4f, 0x26, 0x16, 0x04,
0xc2, 0xaf, 0xbe, 0x0d, 0x24, 0xab, 0x9a, 0x21, 0x37, 0x06,
0xac, 0x50, 0x23, 0xf1, 0xbe, 0x5c, 0xbb, 0x64, 0xf3, 0xd3,
0x66, 0xa3, 0xb8, 0xbe, 0x8b, 0x49, 0x8d, 0xf6, 0xc7, 0xb9,
0x8f, 0x4e, 0x31, 0x06, 0x51, 0xe5, 0xf3, 0x0e, 0x56, 0xc4,
0x24, 0x30, 0xf5, 0xe9, 0x36, 0x71, 0xbc, 0xc9, 0x70, 0x2c,
0x6c, 0x4c, 0x15, 0x43, 0x44, 0xa4, 0xfc, 0xf1, 0xd2, 0x71,
0x6c, 0x4c, 0xce, 0x30, 0x6c, 0x05, 0x7d, 0x2e, 0xb7, 0xbc,
0xe4, 0x65, 0x76, 0x24, 0x75, 0x36, 0xdf, 0x28, 0xfc, 0xcd,
0x9a, 0xba, 0xc2, 0xcd, 0xb0, 0x30, 0xdb, 0xe7, 0x2e, 0x3c,
0x92, 0x63, 0x1d, 0x30, 0x23, 0x74, 0xb1, 0xb8, 0xcc, 0xd7,
0xb6, 0x90, 0x65, 0x73, 0xa2, 0x2a, 0x6e, 0x49, 0x95, 0x0d,
0xab, 0x24, 0xdf, 0x2d, 0xbf, 0x76, 0x46, 0x01, 0x44, 0xe4,
0x18, 0x8e, 0xd5, 0x9a, 0x76, 0xc9, 0xc6, 0xbc, 0xdb, 0x7f,
0x80, 0x52, 0xc6, 0x40, 0x41, 0x12, 0x36, 0x7c, 0x80, 0x69,
0xce, 0x7b, 0xe1, 0xa0, 0x53, 0xa2, 0xd6, 0x8f, 0x3f, 0xf7,
0xd7, 0x61, 0x09, 0x70, 0xa2, 0xa0, 0xc6, 0xaf, 0xa0, 0xd0,
0xfa, 0x13, 0xbf, 0xc0, 0x69, 0x15, 0xce, 0x15, 0xec, 0x24,
0x4b, 0x6b, 0xdc, 0x93, 0x51, 0xc6, 0x82, 0x19, 0x92, 0x84,
0x5d, 0x99, 0xb0, 0x90, 0x2c, 0xcc, 0x2a, 0x81, 0x6b, 0x22,
0x64, 0x0a, 0xcb, 0x51, 0x25, 0x82, 0x50, 0x02, 0x2d, 0x3e,
0xd4, 0x72, 0xb3, 0x0c, 0x15, 0x77, 0xd2, 0xca, 0x98, 0x2f,
0x41, 0x93, 0x14, 0xb2, 0x7f, 0xa1, 0x97, 0xa3, 0xb8, 0x8a,
0x56, 0x24, 0x38, 0xa7, 0x36, 0xc5, 0x01, 0xc0, 0x9f, 0x3f,
0x3e, 0x9a, 0xf6, 0xe9, 0x16, 0x82, 0x01, 0x58, 0x70, 0x0e,
0x0d, 0xbc, 0xfa, 0x03, 0x57, 0x65, 0xa8, 0x5a, 0x3d, 0x57,
0x81, 0x23, 0xbe, 0x6e, 0xa9, 0xe8, 0x22, 0xdf, 0x2f, 0x70,
0xeb, 0x0a, 0x03, 0x96, 0x6b, 0xef, 0x20, 0x9f, 0xf2, 0x62,
0xe7, 0xb2, 0x6e, 0x3a, 0x1e, 0x40, 0x1f, 0xd2, 0x97, 0x48,
0xd1, 0x18, 0xf0, 0xeb, 0x52, 0x58, 0x02, 0x26, 0xce, 0x75,
0xb1, 0x3a, 0x9d, 0x5b, 0x52, 0x94, 0xb2, 0x6e, 0x0e, 0x3f,
0x39, 0xb6, 0xd9, 0x8a, 0x9d, 0xe8, 0x7c, 0x83, 0x32, 0xcc,
0x43, 0x35, 0x9b, 0x7a, 0xed, 0xb2, 0x1e, 0x51, 0x37, 0x6c,
0x14, 0xd8, 0xb8, 0x55, 0xb3, 0x91, 0xef, 0x0c, 0x3a, 0xe5,
0x77, 0xd0, 0xbd, 0xb0, 0x7d, 0x38, 0x84, 0x2a, 0x47, 0xb2,
0xb6, 0xda, 0xd7, 0x75, 0xd6, 0x2e, 0x60, 0xc7, 0x10, 0x52,
0xf7, 0xdd, 0x09, 0x15, 0x6f, 0x04, 0x31, 0xc3, 0x5a, 0x6b,
0x0c, 0x60, 0x10, 0xa8, 0x6e, 0x20, 0xa9, 0xdd, 0xb7, 0x72,
0xc3, 0x9e, 0x85, 0xd2, 0x8f, 0x16, 0x7e, 0x3d, 0xe0, 0x63,
0x81, 0x32, 0xfd, 0xca, 0xbc, 0x0f, 0xef, 0x3e, 0x74, 0x6a,
0xb1, 0x60, 0xc1, 0x10, 0x50, 0x7c, 0x67, 0xa4, 0x19, 0xa7,
0xb8, 0xed, 0xe6, 0xf5, 0x4e, 0x41, 0x53, 0xa6, 0x72, 0x1b,
0x2c, 0x33, 0x6a, 0x37, 0xf1, 0xb5, 0x1c, 0x01, 0x7d, 0xa2,
0x1f, 0x2c, 0x4e, 0x0a, 0xbf, 0xd4, 0x2c, 0x24, 0x91, 0x58,
0x62, 0xfb, 0xf8, 0x63, 0xd9, 0xf8, 0x78, 0xf5, 0xc7, 0x78,
0x32, 0xda, 0x99, 0xeb, 0x58, 0x20, 0x25, 0x19, 0xb1, 0x06,
0x7f, 0x6a, 0x29, 0x20, 0xdb, 0xc8, 0x22, 0x48, 0xa9, 0x7f,
0x24, 0x54, 0x8d, 0x7d, 0x8d, 0xb1, 0x69, 0xb2, 0xa3, 0x98,
0x14, 0x0f, 0xba, 0xfa, 0xb6, 0x15, 0xe8, 0x28, 0x99, 0x3f,
0x30, 0x04, 0x50, 0xab, 0x5a, 0x3c, 0xf1, 0x97, 0xe1, 0xc8,
0x0f, 0x0e, 0xb4, 0x11, 0x63, 0x5a, 0x79, 0x08, 0x48, 0x75,
0xaf, 0x9b, 0xca, 0xd9, 0x13, 0x18, 0xcc, 0xb1, 0xb3, 0xee,
0xdd, 0x63, 0xdd, 0xf4, 0x21, 0x98, 0x76, 0xe2, 0x3e, 0xd5,
0x86, 0x23, 0x33, 0x7e, 0xc7, 0xb4, 0x35, 0x4b, 0xc2, 0x2d,
0xe1, 0xe2, 0xb0, 0x6c, 0x8b, 0x9b, 0x20, 0x3d, 0x48, 0x24,
0x7c, 0xea, 0xa1, 0x75, 0x27, 0xe5, 0xf4, 0x70, 0xeb, 0x3b,
0xc7, 0x26, 0x37, 0x04, 0xff, 0x8a, 0x7a, 0xd0, 0xc2, 0xb7,
0x84, 0xb7, 0x29, 0xfb, 0x0e, 0xa3, 0xa8, 0x71, 0xcd, 0x58,
0x06, 0x36, 0xe2, 0xf2, 0x77, 0xcc, 0x0f, 0x78, 0x08, 0x2b,
0xbb, 0xe3, 0x53, 0x05, 0x71, 0xdc, 0x6c, 0x37, 0x32, 0x91,
0x46, 0x42, 0x4f, 0x21, 0xe0, 0x34, 0xad, 0x3f, 0x30, 0x5a,
0xc7, 0x0d, 0x17, 0x19, 0x39, 0x31, 0x58, 0x69, 0x3c, 0x8c,
0xbe, 0xe7, 0xa6, 0x3b, 0xad, 0xfb, 0x46, 0x89, 0x06, 0xc1,
0x8c, 0x16, 0x9a, 0x06, 0x3a, 0xd0, 0x7e, 0xd6, 0xb0, 0x7b,
0x7d, 0xf8, 0x91, 0x7c, 0xfa, 0xd9, 0x66, 0x39, 0xfa, 0xbc,
0x57, 0xa7, 0x78, 0x8b, 0x36, 0x78, 0xc0, 0x1c, 0x0e, 0x23,
0x05, 0x0e, 0x04, 0x61, 0x16, 0x34, 0xf9, 0xc6, 0x63, 0x58,
0xdf, 0xf4, 0x52, 0xce, 0xd0, 0x0f, 0x0c, 0xec, 0xb1, 0x82,
0xf4, 0x72, 0x73, 0x72, 0x3f, 0x02, 0xbe, 0xe3, 0x9c, 0x63,
0x73, 0xc8, 0x21, 0x65, 0xba, 0x57, 0x52, 0xa9, 0x19, 0xac,
0x68, 0x50, 0xbd, 0x2d, 0x72, 0x5b, 0x93, 0x0f, 0x1c, 0x81,
0x77, 0xd7, 0x2e, 0xc3, 0x93, 0x52, 0x6e, 0xdc, 0x79, 0x52,
0x9f, 0xe3, 0xde, 0xe1, 0xba, 0x58, 0x55, 0xab, 0x8a, 0xf2,
0x35, 0x6a, 0xcf, 0x94, 0x1f, 0x17, 0xa4, 0x23, 0x2e, 0x8e,
0x18, 0x21, 0xbe, 0x14, 0xfa, 0xe7, 0x59, 0xc5, 0x44, 0x34,
0xce, 0x03, 0xf4, 0xb7, 0x75, 0xd3, 0x51, 0x55, 0xdf, 0xff,
0xcf, 0x4f, 0x44, 0xee, 0x13, 0x9b, 0xcb, 0x12, 0xae, 0xe5,
0x5b, 0x44, 0x65, 0x28, 0xcb, 0x6a, 0x9c, 0x24, 0x1d, 0xea,
0x2d, 0x5e, 0xa5, 0xc3, 0x78, 0xad, 0xed, 0x0c, 0x05, 0xa6,
0xaf, 0x95, 0x04, 0xd2, 0xb5, 0x91, 0x0e, 0xa0, 0x06, 0x77,
0xc5, 0x82, 0xf6, 0xdd, 0x72, 0x83, 0x04, 0xcc, 0xb0, 0xab,
0x7a, 0xf0, 0xb4, 0x4d, 0x36, 0x71, 0x72, 0x1a, 0x9a, 0x0d,
0xcd, 0xa3, 0x11, 0xa8, 0x0d, 0x7d, 0x49, 0xce, 0x9c, 0x09,
0x1d, 0x08, 0xa4, 0x39, 0x2e, 0x03, 0xdf, 0x3a, 0xc8, 0xfe,
0x6a, 0x2b, 0x0b, 0x07, 0x80, 0x55, 0x8a, 0xa8, 0xe6, 0x0e,
0xc9, 0x7e, 0x83, 0xce, 0x3a, 0x98, 0x98, 0x4e, 0x3e, 0x08,
0x20, 0x8f, 0x10, 0xfc, 0xc1, 0xc4, 0xcf, 0x37, 0x8d, 0x69,
0xd8, 0x57, 0x9d, 0x48, 0x80, 0x6a, 0xef, 0x0c, 0xdd, 0x27,
0x99, 0xf9, 0xe7, 0xd0, 0xd2, 0x36, 0xd8, 0xed, 0x41, 0x14,
0x1b, 0x10
};
#endif
WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_sig[] = {
0xb1, 0xd1, 0x8e, 0x83, 0x0b, 0x0d, 0xd2, 0x71, 0xb2, 0xaa, 0x31, 0x38,
0x16, 0xf0, 0xb4, 0xbc, 0x64, 0x2b, 0x97, 0xa1, 0x08, 0x19, 0x4f, 0x52,
0xfe, 0x99, 0x1a, 0xa9, 0xd4, 0x08, 0x93, 0x99, 0x88, 0xfd, 0x6a, 0xd6,
0xd8, 0xdb, 0xf0, 0x71, 0x2a, 0xc9, 0x04, 0x83, 0xc9, 0x45, 0x59, 0x5d,
0xe0, 0x36, 0x59, 0x53, 0x1b, 0xb8, 0x5a, 0xa6, 0x1f, 0xb4, 0x1b, 0x0a,
0xfb, 0x3a, 0xba, 0xe3, 0xb7, 0x5e, 0x04, 0x14, 0x59, 0x09, 0x9a, 0x8e,
0xc2, 0x77, 0x5a, 0x3d, 0xf1, 0x43, 0x67, 0x74, 0x78, 0xfc, 0xcd, 0x34,
0xed, 0x35, 0x16, 0x38, 0x04, 0xe6, 0xe7, 0xd6, 0xd2, 0x90, 0x1b, 0x28,
0xb6, 0x66, 0x1b, 0x57, 0x85, 0x5e, 0xa7, 0x9f, 0x86, 0x1a, 0x0d, 0xc3,
0x7e, 0xed, 0xbd, 0x32, 0x8a, 0x35, 0xe1, 0xb3, 0x01, 0xdc, 0x9b, 0x44,
0x88, 0xa1, 0x0b, 0x87, 0x6e, 0x55, 0x31, 0xb1, 0x27, 0xcb, 0x85, 0xa4,
0x27, 0x56, 0x33, 0xb0, 0x39, 0x0d, 0xd3, 0x4b, 0xd1, 0xa2, 0x47, 0x07,
0xc6, 0xf4, 0xe6, 0x1f, 0x88, 0x70, 0x70, 0x13, 0x7e, 0x2e, 0x17, 0x32,
0x0a, 0x6b, 0x38, 0x34, 0xcf, 0x2f, 0x00, 0x36, 0x58, 0x8d, 0xe1, 0xdd,
0xa7, 0x94, 0x2a, 0x8f, 0x87, 0x99, 0x67, 0x02, 0x4d, 0x5b, 0x56, 0xaf,
0xef, 0xc4, 0x3c, 0xff, 0x72, 0x53, 0x95, 0x27, 0x03, 0x49, 0x94, 0x4f,
0x94, 0x87, 0x1f, 0x52, 0x33, 0xed, 0xb9, 0x14, 0x7b, 0xe5, 0x6c, 0xef,
0x7a, 0x17, 0x5a, 0xa4, 0x89, 0x2a, 0xfe, 0x68, 0xda, 0xdd, 0x48, 0xc2,
0xf0, 0x92, 0xf4, 0xe4, 0xd6, 0xa6, 0x48, 0x08, 0x2c, 0xe8, 0xcd, 0x72,
0xf6, 0x94, 0x3e, 0xc1, 0x82, 0xb8, 0x01, 0x58, 0xb2, 0xef, 0xef, 0xf4,
0xcb, 0x93, 0x63, 0x2e, 0x33, 0x5b, 0xc9, 0xd6, 0x6a, 0xde, 0xad, 0xe8,
0x1e, 0x3f, 0xa3, 0xf2, 0x35, 0x87, 0xc1, 0xc9, 0x48, 0x2f, 0x1b, 0x00,
0xea, 0x3d, 0x04, 0x29, 0xd5, 0xc0, 0xe9, 0x1a, 0xc5, 0xce, 0x5e, 0xdb,
0xd1, 0xee, 0x16, 0x9c, 0x05, 0x40, 0xf9, 0x21, 0x13, 0x72, 0x08, 0x39,
0x6b, 0x63, 0x19, 0xcd, 0x6f, 0x64, 0xa0, 0xc3, 0x77, 0xb7, 0x50, 0xed,
0xe9, 0x2d, 0xd5, 0x72, 0xea, 0xa6, 0xc1, 0x97, 0xb9, 0x6b, 0xe5, 0x81,
0x91, 0x8e, 0xd1, 0x36, 0x11, 0xee, 0xfb, 0x2b, 0x66, 0xba, 0xe4, 0x3e,
0xd0, 0xdd, 0x17, 0xc5, 0x24, 0x3b, 0xc3, 0x5b, 0x75, 0xfc, 0xd5, 0xb6,
0x8c, 0xba, 0x8c, 0x66, 0xb2, 0xee, 0x40, 0x45, 0x8c, 0x23, 0xbb, 0xe0,
0xc8, 0xd6, 0x05, 0xfd, 0x71, 0x5b, 0x24, 0xbb, 0x37, 0x65, 0x5f, 0x57,
0x92, 0x22, 0x13, 0xb2, 0x9a, 0x70, 0x22, 0x4b, 0xbe, 0x03, 0xd1, 0x54,
0xb0, 0x3a, 0x30, 0x50, 0x71, 0x24, 0xf7, 0x81, 0x8c, 0x20, 0x67, 0x74,
0x5a, 0xef, 0xa1, 0x6a, 0xe3, 0xd0, 0x04, 0xd6, 0xa5, 0x6e, 0xad, 0xa7,
0x15, 0x41, 0xf3, 0x21, 0xe8, 0xd9, 0xe6, 0xe5, 0x97, 0xbd, 0xc2, 0x1b,
0xbb, 0xd1, 0x4e, 0x7e, 0x5a, 0xd6, 0xe4, 0x19, 0xa5, 0xe4, 0x76, 0xf4,
0xce, 0x00, 0x94, 0x76, 0xef, 0x1b, 0xb3, 0x47, 0xb9, 0xa3, 0x32, 0xf7,
0x45, 0x6d, 0x32, 0x73, 0x06, 0xc0, 0xb9, 0xaf, 0x9c, 0x46, 0x99, 0xbe,
0x14, 0x06, 0xcd, 0x35, 0x7c, 0x90, 0x7c, 0xe7, 0x97, 0x0a, 0x9f, 0xb4,
0x21, 0xff, 0xf0, 0xea, 0x83, 0xc0, 0x86, 0x68, 0x9f, 0x36, 0xb0, 0xad,
0xe1, 0x8d, 0xc5, 0x76, 0x55, 0xb5, 0xb6, 0x7e, 0x1f, 0xa7, 0x5b, 0x26,
0x6c, 0xb5, 0xf9, 0x54, 0x1f, 0x76, 0xc1, 0x9c, 0xfc, 0x57, 0xc8, 0x86,
0xc1, 0x7d, 0x59, 0x55, 0x92, 0xa5, 0xb8, 0x03, 0xfa, 0xa5, 0x72, 0xd1,
0x5c, 0x8d, 0x9b, 0x2e, 0x84, 0x07, 0x18, 0xee, 0x49, 0xc5, 0x99, 0x8e,
0x15, 0x7c, 0xbf, 0xad, 0x8b, 0x13, 0xcd, 0x97, 0xf9, 0x3c, 0xa2, 0x89,
0x9c, 0x9c, 0x89, 0xc9, 0x7a, 0x46, 0xb3, 0x42, 0x7b, 0xd4, 0x28, 0x0d,
0x55, 0x63, 0x28, 0xd6, 0xc1, 0x65, 0xf5, 0x34, 0x6e, 0x38, 0x2a, 0xb4,
0x35, 0x40, 0xed, 0x7e, 0x80, 0x61, 0x9d, 0x8f, 0x68, 0x4f, 0x74, 0x0c,
0x30, 0x35, 0x0e, 0xb3, 0x07, 0xf4, 0x92, 0xed, 0x9c, 0x7f, 0xf5, 0xed,
0x3e, 0x17, 0x5b, 0x6e, 0x91, 0x46, 0xa1, 0x25, 0x1d, 0x83, 0x50, 0x93,
0x35, 0x06, 0x6c, 0x2f, 0x99, 0x8b, 0x21, 0x4c, 0x5c, 0x34, 0xb1, 0xa7,
0x82, 0xbc, 0x70, 0x28, 0x56, 0x61, 0x29, 0x35, 0x89, 0x0b, 0x41, 0x21,
0xf0, 0xf7, 0xff, 0x69, 0x3d, 0xa4, 0x28, 0x1e, 0x0d, 0x5d, 0xa7, 0x0e,
0xaa, 0xd3, 0x4a, 0x95, 0x49, 0xfe, 0x35, 0x5f, 0xa9, 0xc0, 0xe4, 0xe1,
0x9a, 0x03, 0xd4, 0xac, 0x96, 0xe3, 0xea, 0x7e, 0xa6, 0x85, 0x7e, 0xb0,
0xb8, 0xc2, 0xe8, 0x07, 0xd6, 0xd3, 0x1a, 0x84, 0x90, 0x24, 0x04, 0xef,
0x7c, 0x93, 0x15, 0x83, 0xea, 0xe2, 0x42, 0xc6, 0xe7, 0x13, 0x45, 0xbf,
0x35, 0xae, 0x5d, 0x50, 0x79, 0x16, 0xbb, 0x11, 0x17, 0x1b, 0xf4, 0x08,
0x88, 0x9d, 0x66, 0x14, 0x6a, 0xa0, 0x71, 0x76, 0x80, 0x51, 0x73, 0x7c,
0x1d, 0xb0, 0xc1, 0xad, 0x58, 0xfb, 0xbe, 0xcf, 0x73, 0xe0, 0xd9, 0xf8,
0xd5, 0xac, 0xd7, 0x49, 0xd9, 0xc9, 0x59, 0xbf, 0xfa, 0xf5, 0xb1, 0xd2,
0x5a, 0x01, 0xcd, 0x8b, 0x07, 0x8b, 0x59, 0x37, 0xc0, 0x8c, 0x7d, 0xa9,
0x71, 0x83, 0xf9, 0x7c, 0x58, 0xa9, 0x77, 0x01, 0x3d, 0x39, 0x56, 0x5c,
0x93, 0xfe, 0x40, 0x87, 0x5a, 0x31, 0x81, 0x53, 0x8e, 0x0d, 0x99, 0x7e,
0xdf, 0x37, 0xd9, 0xe3, 0x91, 0xb8, 0x60, 0x3a, 0x5b, 0xca, 0xe8, 0x91,
0x56, 0x89, 0x59, 0x61, 0xc6, 0x31, 0xe2, 0x6c, 0x81, 0xda, 0xc7, 0x5c,
0x04, 0x9d, 0xe4, 0x23, 0x12, 0x73, 0xfc, 0x48, 0xfb, 0xa5, 0xce, 0x87,
0x37, 0x47, 0x71, 0x5c, 0xd1, 0x2a, 0x63, 0x89, 0xdc, 0x07, 0xe7, 0x7f,
0x5d, 0x48, 0xe6, 0xd2, 0x96, 0xc6, 0x6f, 0xed, 0xee, 0x8c, 0xed, 0x5e,
0x41, 0x38, 0xbd, 0xdf, 0x21, 0xaa, 0x9e, 0x51, 0x16, 0x22, 0x4a, 0xdc,
0xd8, 0x12, 0xdf, 0x5a, 0x83, 0xd6, 0xd0, 0x07, 0xa4, 0x42, 0x41, 0x13,
0xe1, 0x08, 0xc9, 0x00, 0x0f, 0x37, 0xc0, 0x7d, 0xda, 0xb2, 0x25, 0xfc,
0xc9, 0xbc, 0xa8, 0x86, 0xcc, 0x38, 0x0e, 0x06, 0x51, 0x1b, 0x37, 0xc1,
0x0e, 0x2a, 0x58, 0x49, 0xbc, 0x7c, 0xa7, 0xf0, 0xda, 0xd7, 0x74, 0x34,
0xf5, 0xd8, 0x99, 0x8c, 0x94, 0x86, 0xe3, 0x1e, 0x6b, 0xf5, 0x68, 0xfa,
0xa6, 0x69, 0x63, 0x22, 0x5a, 0x3c, 0x6f, 0x29, 0xc9, 0x40, 0xc0, 0xbe,
0x8d, 0xb5, 0xcc, 0x82, 0x6e, 0x9d, 0xd1, 0x1f, 0x13, 0x63, 0xd8, 0x24,
0x63, 0x38, 0x59, 0xf0, 0x4a, 0x8c, 0x0f, 0x28, 0x8a, 0x77, 0x81, 0xa2,
0xa0, 0x23, 0x11, 0x59, 0xa9, 0x5a, 0x2d, 0x71, 0x8f, 0x82, 0xa7, 0xbd,
0x85, 0x26, 0x4d, 0xc2, 0x2f, 0x11, 0xe8, 0xff, 0x96, 0xa1, 0x2d, 0xf2,
0xd5, 0xf3, 0x1d, 0x54, 0xd0, 0x5f, 0x71, 0x07, 0xaf, 0x22, 0xa0, 0xcd,
0x78, 0xb3, 0x47, 0xb1, 0x40, 0x3d, 0x6b, 0xfd, 0x10, 0x1b, 0xc6, 0x60,
0xef, 0x5c, 0x24, 0xa3, 0x1f, 0xee, 0xc0, 0x0b, 0xed, 0x1d, 0x38, 0xc8,
0xf2, 0x8c, 0xec, 0x5e, 0xd9, 0x70, 0x1a, 0x2b, 0x25, 0xe6, 0xed, 0xa9,
0x0c, 0xb3, 0x78, 0xe1, 0x91, 0x01, 0x41, 0x2e, 0xfe, 0x7d, 0xbd, 0xfe,
0xcf, 0x48, 0x6d, 0x2e, 0x05, 0x31, 0x89, 0x24, 0xc4, 0xd7, 0xc4, 0x26,
0x2f, 0x64, 0x43, 0xa3, 0xdd, 0x56, 0x11, 0x5c, 0x65, 0x76, 0x96, 0xcc,
0x3c, 0x12, 0x42, 0xf2, 0x6b, 0x20, 0xc2, 0xe6, 0xc3, 0x5c, 0xfa, 0x91,
0xb1, 0xbd, 0x3b, 0xd3, 0x99, 0xde, 0x59, 0x7a, 0x34, 0x40, 0x56, 0xb0,
0x88, 0x02, 0x19, 0xc8, 0xf9, 0xf9, 0x8f, 0xe7, 0x60, 0xfb, 0x42, 0x87,
0x57, 0xb4, 0x42, 0xb4, 0x65, 0x94, 0x0a, 0x5f, 0xdb, 0xf5, 0x32, 0xe9,
0x49, 0x28, 0xbe, 0xa6, 0x64, 0x0d, 0x6d, 0x08, 0x43, 0x91, 0x16, 0x7a,
0x6c, 0xa9, 0x02, 0xe4, 0x84, 0x03, 0x39, 0x48, 0x08, 0xcc, 0xcb, 0x56,
0xad, 0x52, 0x95, 0x9e, 0x9a, 0x2b, 0xf1, 0x6d, 0x3f, 0x4b, 0x02, 0xc6,
0x52, 0xc7, 0x09, 0x6b, 0x3f, 0xa9, 0x60, 0xe2, 0x19, 0x5d, 0x0a, 0x61,
0xcd, 0xc8, 0x36, 0xdb, 0x8e, 0x57, 0xd2, 0x11, 0x49, 0x1c, 0x26, 0x58,
0x04, 0x07, 0x32, 0x2a, 0x34, 0xf0, 0x6a, 0x88, 0xcf, 0x63, 0xb7, 0xef,
0x7e, 0x93, 0xcc, 0x64, 0x07, 0x14, 0xfa, 0x63, 0x38, 0xdd, 0xc0, 0xf0,
0xaa, 0x56, 0xa1, 0xed, 0x16, 0xaa, 0x53, 0x8c, 0x99, 0xc0, 0xd4, 0xda,
0x94, 0x58, 0x13, 0xd9, 0x5f, 0x98, 0x9a, 0xa1, 0x57, 0xbd, 0x89, 0xca,
0x9d, 0x3e, 0xdf, 0x75, 0x26, 0x29, 0x0f, 0xb2, 0x33, 0x4b, 0x83, 0xb3,
0x99, 0x1f, 0x06, 0x5d, 0x10, 0xf5, 0x1c, 0x75, 0x97, 0xec, 0x5b, 0x87,
0xc7, 0xf1, 0xd8, 0xbd, 0x0e, 0x4c, 0x1a, 0xb0, 0x59, 0x3b, 0x27, 0x73,
0xdc, 0xde, 0xca, 0x0c, 0x2e, 0x1f, 0x42, 0x7f, 0xd8, 0x0f, 0x9b, 0x3f,
0x49, 0x3f, 0x63, 0x7d, 0x71, 0xe3, 0x77, 0x79, 0xcc, 0x9c, 0xbf, 0xff,
0x23, 0xa9, 0x74, 0xa2, 0xda, 0xb7, 0xca, 0x86, 0x7f, 0x12, 0xc1, 0x1b,
0x41, 0x35, 0xb5, 0xc7, 0x10, 0x09, 0xc0, 0xa2, 0x1b, 0x41, 0x31, 0x5e,
0x6c, 0x35, 0xb5, 0x63, 0x13, 0x19, 0x61, 0x8e, 0xbd, 0x89, 0xf6, 0x0a,
0xbd, 0x16, 0x15, 0xd8, 0xfa, 0xcc, 0x9f, 0x97, 0x02, 0x8f, 0x1b, 0x34,
0x40, 0xbc, 0x4a, 0xb1, 0x39, 0x12, 0xf8, 0x66, 0xda, 0x34, 0x03, 0xf2,
0x5c, 0x33, 0x9c, 0x63, 0x0b, 0xb6, 0x8f, 0xca, 0x81, 0xa2, 0x4a, 0x43,
0xe7, 0xe7, 0x66, 0x41, 0x45, 0x6b, 0x7c, 0xd1, 0x1d, 0xbc, 0x4f, 0x91,
0xab, 0x24, 0x0b, 0x9f, 0x60, 0x47, 0x36, 0x04, 0x8b, 0x72, 0xb6, 0x65,
0x35, 0xfc, 0xbf, 0xc9, 0x26, 0xaf, 0x84, 0x04, 0x30, 0x32, 0x02, 0xc0,
0x94, 0x98, 0xbc, 0x17, 0x33, 0x99, 0xac, 0xb1, 0x4e, 0xdd, 0xf0, 0x46,
0x68, 0x6a, 0xac, 0x6d, 0xdb, 0x85, 0xfd, 0xc6, 0x3b, 0xc8, 0x93, 0x89,
0xbf, 0xd7, 0xd9, 0x94, 0xe4, 0xa4, 0x37, 0xb9, 0x67, 0x52, 0x84, 0xcf,
0x88, 0xba, 0x01, 0x8b, 0xe4, 0xd4, 0x3e, 0xde, 0x94, 0xa1, 0xa9, 0xd8,
0x15, 0xb5, 0x6e, 0xa0, 0x62, 0x92, 0x5c, 0xb1, 0x1b, 0xbf, 0x4f, 0xaf,
0xf5, 0x99, 0x35, 0xce, 0x7d, 0xa9, 0x4b, 0xa8, 0x60, 0x31, 0xf5, 0x0a,
0x83, 0x58, 0xf5, 0x83, 0xde, 0xb2, 0xfe, 0xf3, 0x12, 0x08, 0x3d, 0xe3,
0x14, 0x89, 0x17, 0x93, 0x5c, 0x87, 0xe4, 0x89, 0xcb, 0xb7, 0x67, 0x3e,
0xea, 0x0e, 0x08, 0x57, 0xf1, 0xca, 0xe0, 0x18, 0xd7, 0xae, 0x5f, 0x9e,
0x62, 0x5c, 0xd7, 0x6a, 0x2f, 0xd6, 0x30, 0x67, 0xfb, 0x5e, 0xed, 0xcf,
0xa9, 0x88, 0x04, 0x0a, 0xf2, 0x62, 0x50, 0xc5, 0x39, 0xc6, 0xa1, 0x3c,
0xe4, 0x9a, 0x81, 0x55, 0x96, 0xca, 0x60, 0xb2, 0x53, 0x62, 0xee, 0xa1,
0x1d, 0xfc, 0xd9, 0x5c, 0x51, 0xbf, 0x55, 0x65, 0x1d, 0x13, 0x2a, 0x13,
0x58, 0xa3, 0x18, 0x52, 0x6b, 0xb4, 0xae, 0x60, 0x1c, 0x26, 0x3e, 0xb1,
0x4c, 0xb1, 0x72, 0x1b, 0x8a, 0x4c, 0xaa, 0xb5, 0x5b, 0x8a, 0x3b, 0x2f,
0x1f, 0xc3, 0x29, 0x41, 0xe6, 0x6d, 0xd7, 0x96, 0x26, 0xdd, 0x37, 0x67,
0x4f, 0x9d, 0x31, 0xc6, 0x54, 0x51, 0xaa, 0xba, 0x73, 0xae, 0xd2, 0x00,
0x0b, 0x05, 0x98, 0x73, 0xd6, 0x9c, 0xb4, 0x2e, 0x23, 0xd0, 0xc3, 0xac,
0x46, 0x6f, 0x3e, 0x05, 0x43, 0xf8, 0x96, 0xa0, 0xe0, 0xfe, 0x17, 0x3f,
0xfa, 0xc2, 0xc3, 0xf6, 0x1a, 0x46, 0xd0, 0x05, 0x53, 0x0e, 0xea, 0xd8,
0xba, 0xa3, 0xab, 0xb6, 0x58, 0xd1, 0x40, 0x1c, 0x97, 0x38, 0xd4, 0x77,
0x58, 0x03, 0xf5, 0x8a, 0xc7, 0x48, 0x19, 0x71, 0x71, 0xb5, 0x4b, 0x08,
0x85, 0x35, 0x1c, 0xdf, 0xbd, 0xa9, 0xc9, 0xd1, 0x40, 0x62, 0xa3, 0xd6,
0x3b, 0xa1, 0xf7, 0x4e, 0xc6, 0xfe, 0xc4, 0x07, 0x2f, 0xf5, 0xc9, 0x0c,
0xb6, 0xa0, 0xb3, 0x25, 0x3e, 0x2a, 0x07, 0xe3, 0x63, 0xe3, 0x9e, 0x8d,
0x0d, 0x7a, 0x70, 0x1e, 0x65, 0x95, 0x47, 0x37, 0xa8, 0xd2, 0x35, 0x09,
0x09, 0x70, 0xf5, 0xc9, 0xc9, 0x30, 0x95, 0xd9, 0xf2, 0x5d, 0x10, 0x3c,
0xc3, 0x66, 0x66, 0xb6, 0xdc, 0x14, 0xf6, 0x91, 0xc2, 0x7b, 0x4b, 0x71,
0x42, 0xf9, 0x35, 0xe7, 0x08, 0x1e, 0xb6, 0x9a, 0x5c, 0x0e, 0x8b, 0x41,
0x44, 0x7f, 0xad, 0xca, 0x8a, 0x4b, 0x6a, 0x02, 0x81, 0x96, 0xe7, 0xe1,
0xb0, 0x5b, 0xaf, 0xf2, 0x17, 0x44, 0x7f, 0xd1, 0x49, 0x77, 0xfd, 0x07,
0x59, 0x53, 0x8e, 0x51, 0xac, 0x0f, 0x0c, 0xb4, 0xa3, 0xf6, 0x24, 0x16,
0x47, 0xf3, 0xa4, 0x36, 0x17, 0x3e, 0x01, 0x1e, 0xf1, 0xec, 0x78, 0x4a,
0xcb, 0xbd, 0x2a, 0xfd, 0x01, 0xdd, 0xa5, 0xad, 0x7b, 0xef, 0x5e, 0x56,
0xb2, 0x60, 0xb4, 0xf2, 0x27, 0xc8, 0x9b, 0x5b, 0x31, 0x49, 0x54, 0xbc,
0x69, 0x9b, 0xc6, 0x1a, 0x79, 0xe7, 0xd4, 0x46, 0xc8, 0x50, 0xc3, 0xaa,
0xfc, 0xb5, 0x28, 0x87, 0x1e, 0xa0, 0x0c, 0xc6, 0x1a, 0xa7, 0x34, 0xd6,
0xbb, 0x9d, 0x9c, 0x0d, 0x90, 0x6f, 0x1a, 0x3c, 0xdc, 0x3b, 0x95, 0xc4,
0x38, 0x25, 0x7a, 0xc6, 0x46, 0x82, 0x9f, 0x68, 0xca, 0x6a, 0x63, 0xa7,
0x99, 0xfe, 0x64, 0xe6, 0x6f, 0x11, 0xcd, 0x2c, 0x76, 0x1e, 0xe6, 0x08,
0xb8, 0x33, 0x64, 0x43, 0x51, 0xbd, 0x52, 0xf7, 0x05, 0x06, 0xd5, 0xcc,
0x6a, 0xde, 0x1a, 0xa2, 0xbe, 0xf8, 0x8c, 0x44, 0x5e, 0x2d, 0xc2, 0x28,
0xcd, 0x9a, 0x53, 0x04, 0x96, 0xcc, 0x1e, 0xbb, 0x96, 0x07, 0xc9, 0x17,
0x04, 0xf8, 0xd8, 0xd9, 0xdd, 0x35, 0x35, 0x3d, 0x53, 0x30, 0x60, 0xb3,
0x87, 0x5d, 0xf3, 0xe5, 0xa7, 0x20, 0x30, 0x9d, 0xb0, 0x5b, 0xc4, 0x36,
0xf7, 0xd7, 0xb6, 0x3e, 0x44, 0x98, 0x99, 0xe7, 0xc3, 0x29, 0xcb, 0x70,
0xc4, 0x91, 0x8b, 0xfc, 0x63, 0x60, 0x29, 0x95, 0xeb, 0x61, 0x7f, 0xdf,
0xf7, 0x3a, 0x69, 0x3a, 0xeb, 0xa1, 0x73, 0x1d, 0x13, 0x18, 0x29, 0x2c,
0x89, 0x82, 0x56, 0x42, 0xe7, 0xa3, 0xba, 0xe9, 0x59, 0x2e, 0xfd, 0xff,
0xb6, 0xf7, 0xbd, 0x2a, 0xc9, 0xff, 0x4c, 0x63, 0xef, 0x54, 0x63, 0x82,
0x7c, 0xa5, 0x11, 0x44, 0xc7, 0x68, 0xf5, 0x7b, 0x44, 0x2c, 0xee, 0xab,
0xa3, 0x84, 0x5a, 0x99, 0x28, 0x98, 0x97, 0x2e, 0x8b, 0x07, 0x09, 0x6c,
0xea, 0xc1, 0x81, 0x0b, 0xe0, 0xc4, 0xb7, 0xc2, 0x73, 0xbe, 0x8b, 0x72,
0xf8, 0xc9, 0x8d, 0x50, 0x28, 0xf2, 0x95, 0x54, 0x8a, 0x3b, 0x23, 0x86,
0xc4, 0xe8, 0xe8, 0xe5, 0x45, 0x0d, 0xdf, 0xa3, 0xe6, 0x00, 0x71, 0xe8,
0x20, 0xd2, 0x6d, 0x22, 0x23, 0xaf, 0x37, 0x04, 0x55, 0x05, 0x8d, 0xc9,
0x38, 0x38, 0x12, 0x4c, 0x9f, 0x28, 0x56, 0x14, 0x76, 0xe5, 0x10, 0x54,
0xd9, 0x68, 0xca, 0xc3, 0x97, 0x9f, 0xd2, 0x25, 0x2c, 0x0d, 0xa0, 0xff,
0xea, 0xab, 0x61, 0xd2, 0xb2, 0x06, 0xc2, 0x93, 0xfd, 0x5a, 0xfe, 0xe3,
0x98, 0xbf, 0x37, 0x2e, 0xa5, 0x74, 0x56, 0xd0, 0x7a, 0x5a, 0x23, 0x3b,
0xd2, 0xa0, 0x1f, 0x4b, 0xeb, 0x7f, 0x5a, 0xc5, 0x51, 0x79, 0xf6, 0x95,
0x19, 0x50, 0xb1, 0x6a, 0x80, 0xcb, 0xcf, 0x19, 0xa4, 0x67, 0xf4, 0x08,
0x0f, 0x6a, 0xd9, 0x3f, 0x15, 0x96, 0x2c, 0x6d, 0xd5, 0x69, 0x7a, 0x56,
0x4d, 0x17, 0xc8, 0xcb, 0xba, 0x9b, 0x6e, 0x65, 0xa2, 0x3d, 0x66, 0xed,
0xea, 0xe2, 0x54, 0x88, 0x6c, 0xc1, 0x1a, 0x11, 0xde, 0x4e, 0x0c, 0x8a,
0x42, 0x04, 0xe1, 0x77, 0xc3, 0x0c, 0xff, 0x10, 0x7d, 0x4a, 0x45, 0x3f,
0xb8, 0x40, 0xf9, 0x75, 0x76, 0x9f, 0x65, 0x42, 0x2f, 0x78, 0x5b, 0x0b,
0x32, 0xbc, 0x45, 0xfc, 0xd4, 0x29, 0x49, 0x34, 0x76, 0xda, 0x5f, 0xe8,
0x39, 0x35, 0x9e, 0xba, 0x7f, 0x19, 0x7e, 0x14, 0xe6, 0x71, 0x9c, 0x72,
0x6a, 0xce, 0xcc, 0xa6, 0x72, 0x73, 0x3f, 0x4e, 0x9b, 0x9e, 0x94, 0x0c,
0xce, 0x00, 0x15, 0xb4, 0x50, 0xff, 0xcf, 0xcd, 0x78, 0xd3, 0x08, 0x0e,
0x95, 0x48, 0x24, 0x13, 0x16, 0x54, 0xb4, 0xe0, 0xa9, 0x29, 0xa3, 0x05,
0x77, 0x2f, 0x5d, 0x47, 0x6a, 0xa5, 0xb0, 0x4e, 0xf3, 0xa9, 0x4a, 0x82,
0xb9, 0x2c, 0x26, 0x07, 0x9c, 0x33, 0xc6, 0x68, 0xc2, 0xe0, 0xc0, 0x7d,
0x70, 0x48, 0x74, 0xb9, 0xf5, 0x1e, 0x6c, 0x15, 0x7f, 0xba, 0xe5, 0xa1,
0xb4, 0x36, 0x41, 0x20, 0xf4, 0x2d, 0x97, 0x27, 0x0b, 0x10, 0x30, 0x57,
0x7f, 0x38, 0x66, 0xe1, 0xc4, 0xf6, 0xa4, 0xc9, 0x8d, 0xbc, 0x2b, 0x4f,
0x14, 0xb3, 0xf0, 0x1e, 0x80, 0x70, 0xc0, 0x0f, 0x69, 0x06, 0xe7, 0x95,
0xd1, 0x53, 0x65, 0x49, 0x1c, 0xa8, 0xfa, 0x9e, 0x2b, 0xcc, 0x33, 0x71,
0x76, 0xa4, 0x0b, 0x4a, 0xc7, 0xea, 0xa0, 0xfa, 0x1b, 0x2b, 0xfb, 0xa5,
0x59, 0x06, 0x2a, 0xef, 0x4b, 0xbf, 0x05, 0x4b, 0x87, 0x70, 0x3c, 0xde,
0xc7, 0xb2, 0x4f, 0xf2, 0x5b, 0x1a, 0xbe, 0xda, 0x04, 0x31, 0x57, 0xff,
0xf2, 0xa5, 0x43, 0x12, 0xff, 0x8d, 0xf4, 0x99, 0x05, 0xe1, 0x34, 0xa9,
0xb9, 0x0a, 0xb3, 0x1f, 0x3d, 0x6d, 0x0d, 0xb7, 0xd3, 0x35, 0x0b, 0x04,
0x44, 0x77, 0x60, 0xc0, 0x96, 0x99, 0x7b, 0xa8, 0x8e, 0x79, 0x4a, 0x96,
0x24, 0xef, 0xb1, 0xf4, 0x8a, 0x2f, 0x3e, 0x08, 0xf3, 0x3d, 0xf2, 0xfe,
0x5f, 0x0a, 0xf7, 0x0a, 0xf5, 0xd8, 0xf2, 0xa0, 0x1b, 0xe7, 0x9e, 0xc9,
0x0b, 0xcf, 0x58, 0x97, 0x92, 0x90, 0xad, 0x3d, 0xfc, 0x42, 0xc1, 0x7f,
0x39, 0xe8, 0xd1, 0x35, 0x14, 0x8a, 0xb3, 0x77, 0xb1, 0xa9, 0xdb, 0xb4,
0x3a, 0x3d, 0xeb, 0x59, 0x0b, 0x5b, 0x3a, 0x63, 0x54, 0x70, 0xda, 0xf0,
0xf0, 0xb9, 0xe6, 0x07, 0x69, 0x27, 0x9d, 0xc6, 0xb6, 0x00, 0x2d, 0xd6,
0xc7, 0xd7, 0x2e, 0xf8, 0x9c, 0xfe, 0x4c, 0xfb, 0xc0, 0x7b, 0xbf, 0xa2,
0x25, 0xb8, 0x2a, 0x5c, 0x06, 0xca, 0x12, 0x2c, 0x96, 0xa4, 0x27, 0xa6,
0x73, 0x0b, 0xb8, 0x42, 0x93, 0x51, 0x87, 0xfe, 0xe6, 0x8f, 0xca, 0x00,
0x53, 0xdc, 0xc0, 0x38, 0x03, 0x9e, 0x66, 0x13, 0x84, 0x68, 0xe7, 0x04,
0x93, 0x79, 0x0c, 0x3e, 0x4c, 0x90, 0xe2, 0xf7, 0x81, 0x15, 0x49, 0x05,
0xe1, 0x8f, 0xe6, 0xfc, 0xc8, 0x40, 0xae, 0x3d, 0x7a, 0x16, 0xec, 0xc6,
0x39, 0xa5, 0x04, 0x95, 0x35, 0xac, 0xdd, 0x0d, 0x19, 0xd6, 0xa9, 0xd9,
0xd2, 0x53, 0x71, 0x31, 0x38, 0xa2, 0xf1, 0x9c, 0x13, 0x2c, 0x8c, 0x21,
0x9c, 0x3a, 0x1b, 0xf2, 0xd8, 0x4c, 0xeb, 0xe9, 0x8b, 0x27, 0x52, 0xd3,
0x6c, 0x01, 0xc0, 0x60, 0x32, 0x8c, 0x6e, 0xfb, 0xd6, 0xd6, 0x1b, 0xc6,
0x93, 0xff, 0xdc, 0xdb, 0x38, 0xf5, 0x0e, 0xd5, 0x15, 0xcd, 0x65, 0x76,
0x78, 0x42, 0x13, 0x37, 0x6b, 0x2e, 0xe8, 0xe2, 0x54, 0x4d, 0x45, 0x34,
0x73, 0x1b, 0x61, 0x35, 0x2c, 0xf7, 0x20, 0x3e, 0xe9, 0x7c, 0xf0, 0xf3,
0xba, 0x41, 0xfc, 0x49, 0xe4, 0x5d, 0xd4, 0xb8, 0x07, 0x15, 0x7b, 0x16,
0xc7, 0x7f, 0x78, 0xef, 0xd6, 0x53, 0x3f, 0xe4, 0xa6, 0x33, 0xcf, 0xcc,
0x78, 0x53, 0x0c, 0x59, 0xf7, 0x28, 0xa5, 0x83, 0x2b, 0x5a, 0xd3, 0xd6,
0xb7, 0xb2, 0xd1, 0x73, 0x63, 0xa9, 0xad, 0x16, 0xf2, 0xed, 0x48, 0x6e,
0x88, 0x22, 0xbd, 0x16, 0x9d, 0x6a, 0xc2, 0x48, 0x83, 0xdf, 0x40, 0xb7,
0x0a, 0x50, 0x23, 0x3d, 0x58, 0x50, 0x00, 0x02, 0x04, 0xd2, 0x31, 0x72,
0x28, 0x7b, 0x10, 0x96, 0xe0, 0xe7, 0x3f, 0xe0, 0xd0, 0x61, 0x70, 0x5c,
0x0a, 0xdb, 0xc0, 0x7b, 0xea, 0xef, 0xba, 0xc0, 0x90, 0xe0, 0xf9, 0x0e,
0x83, 0x8c, 0x3b, 0x05, 0x2b, 0xb6, 0xcb, 0xbb, 0x37, 0xa1, 0xd3, 0x28,
0x02, 0x40, 0xe3, 0x76, 0xbf, 0x27, 0x0b, 0x4f, 0x82, 0xb9, 0x22, 0xee,
0x0b, 0x3a, 0xcb, 0xcc, 0x56, 0x13, 0x51, 0xb8, 0xb6, 0x2d, 0xd3, 0x6c,
0x96, 0x10, 0xd9, 0x51, 0x24, 0x7b, 0x2b, 0xb8, 0x7b, 0xbd, 0x8d, 0xd9,
0xf2, 0x50, 0x61, 0xbb, 0x0c, 0xb7, 0x71, 0x65, 0x3a, 0x25, 0x18, 0x09,
0x1a, 0x9d, 0x41, 0xf4, 0xdb, 0x5a, 0x1c, 0x61, 0x0a, 0xbb, 0x43, 0x27,
0x8a, 0xa8, 0x83, 0x60, 0x8c, 0x5d, 0x4c, 0x9b, 0xa9, 0xe5, 0xa7, 0x67,
0x99, 0x98, 0xdc, 0x7a, 0x3a, 0x55, 0x0d, 0x25, 0x69, 0x47, 0x21, 0xb1,
0xd7, 0x0c, 0x0c, 0x43, 0x58, 0xc9, 0xbf, 0x74, 0x91, 0x1b, 0x2b, 0xf3,
0x29, 0x8d, 0x10, 0x41, 0xaf, 0xdd, 0x42, 0x0a, 0x71, 0xe3, 0xb8, 0x4d,
0x3a, 0xf3, 0x9c, 0x5a, 0x46, 0x4e, 0x70, 0xbe, 0xdb, 0x0d, 0x03, 0xee,
0xcb, 0xfb, 0x61, 0x45, 0xbd, 0x25, 0xb4, 0x72, 0xd1, 0x51, 0x03, 0x19,
0x82, 0x53, 0x83, 0x18, 0xab, 0xa3, 0x6c, 0x9e, 0xa2, 0xe9, 0x15, 0xb1,
0x74, 0x61, 0xa1, 0xaf, 0x09, 0x4b, 0x4a, 0x34, 0x9b, 0xd0, 0xd2, 0x80,
0x43, 0xd9, 0x90, 0x53, 0x71, 0x38, 0xb9, 0x80, 0x58, 0x1b, 0x9f, 0x9e,
0xfe, 0x07, 0x1b, 0x33, 0x24, 0xb2, 0x58, 0x7f, 0x01, 0xbe, 0xe8, 0x25,
0x53, 0x08, 0x06, 0x77, 0x7d, 0x5a, 0x16, 0x83, 0x67, 0x91, 0x0b, 0xa2,
0xd2, 0x1e, 0x5f, 0x9c, 0x39, 0xda, 0x57, 0xbc, 0x67, 0xc5, 0x39, 0xbe,
0xb9, 0x73, 0x03, 0x19, 0x97, 0x34, 0x4f, 0x1e, 0x6b, 0x4d, 0x87, 0xef,
0x79, 0x4f, 0xd1, 0xdd, 0x80, 0x13, 0xbe, 0x3b, 0x0f, 0xea, 0x77, 0x9a,
0x1a, 0x46, 0x63, 0xc5, 0x2f, 0x93, 0xfe, 0x18, 0x71, 0xfb, 0x70, 0xbf,
0x85, 0x3b, 0x3e, 0x54, 0xe6, 0xf8, 0xe0, 0xb9, 0xd0, 0x9d, 0xf5, 0x2b,
0x12, 0x22, 0x39, 0x6a, 0x8d, 0x13, 0xa1, 0x3a, 0x95, 0xd0, 0xe7, 0x07,
0xa4, 0x2c, 0x33, 0xba, 0x43, 0x1d, 0xd8, 0xb5, 0xd0, 0x8e, 0x6c, 0x85,
0x6f, 0xf8, 0x8f, 0xd3, 0x72, 0x65, 0xc1, 0xff, 0x8f, 0xf6, 0xb5, 0x19,
0x59, 0x34, 0xf9, 0xe8, 0xdb, 0xf3, 0x10, 0x68, 0xbd, 0xd5, 0x59, 0xf7,
0xe5, 0xf2, 0x84, 0x98, 0x8d, 0xd6, 0x6f, 0xcc, 0xde, 0xc5, 0xee, 0xf7,
0x16, 0xca, 0xec, 0xc4, 0x00, 0x89, 0x2e, 0x0d, 0x0d, 0xb6, 0xa8, 0xe0,
0x9a, 0xb0, 0xe5, 0x8e, 0xb6, 0x64, 0x47, 0x7d, 0x01, 0x59, 0x8a, 0x90,
0xa6, 0x9b, 0x2b, 0x63, 0xad, 0x70, 0xc8, 0x07, 0x36, 0x3e, 0xa9, 0x8f,
0xd9, 0xc2, 0xf7, 0x4b, 0xec, 0x95, 0x53, 0xec, 0x6b, 0x2d, 0x1f, 0xb5,
0x91, 0xbf, 0x9f, 0xc5, 0x85, 0x61, 0x3a, 0xc7, 0x5c, 0x15, 0x2a, 0x0b,
0x4b, 0x3c, 0x38, 0x6d, 0xc9, 0x2c, 0x91, 0x11, 0xc6, 0x6b, 0x44, 0x71,
0x9f, 0x89, 0xd5, 0xde, 0x27, 0x99, 0x81, 0xa2, 0x59, 0x8b, 0x57, 0x97,
0x83, 0x46, 0x33, 0xe1, 0x8c, 0xdf, 0xcf, 0x5b, 0x6b, 0xb3, 0x0e, 0x17,
0x1a, 0xb8, 0x7d, 0x6e, 0x71, 0xe5, 0xc8, 0x4c, 0xa9, 0xe2, 0x52, 0x81,
0xf6, 0x2f, 0x3a, 0xef, 0x5a, 0x1b, 0x6b, 0x7b, 0x61, 0x51, 0xcb, 0xd5,
0x7b, 0x5f, 0xf0, 0x1c, 0xb8, 0xeb, 0x9a, 0xe4, 0x0a, 0x6e, 0x53, 0x59,
0x2e, 0x2d, 0x78, 0x27, 0xb7, 0x47, 0x35, 0x1a, 0x01, 0x25, 0x0a, 0xcc,
0x67, 0xae, 0xda, 0xaf, 0xfe, 0x22, 0x63, 0xe8, 0xa2, 0x1c, 0x34, 0xe6,
0x6b, 0x73, 0xcf, 0x6f, 0x3e, 0x0a, 0x4a, 0x36, 0xbc, 0xda, 0x43, 0xbc,
0x5e, 0x9c, 0x91, 0xe4, 0x8b, 0x34, 0x2e, 0x09, 0x87, 0x69, 0x96, 0x93,
0xb4, 0xff, 0x97, 0xbc, 0x4e, 0xd6, 0xa2, 0xb4, 0x16, 0x78, 0x7c, 0x62,
0xd0, 0x78, 0x3f, 0x37, 0xdb, 0xf2, 0x92, 0xad, 0x9b, 0x51, 0x77, 0x08,
0x19, 0xd2, 0x09, 0x12, 0xf7, 0x52, 0xe8, 0xc8, 0xb2, 0xfb, 0x6f, 0xcd,
0x05, 0x5b, 0xd2, 0x8e, 0x0d, 0x6e, 0x0c, 0x16, 0x5b, 0x8a, 0xc2, 0x09,
0x13, 0x3b, 0x69, 0x85, 0xbd, 0xc0, 0xcc, 0x2b, 0x48, 0x65, 0xa7, 0xc1,
0xc3, 0xe0, 0xea, 0x14, 0x67, 0x6f, 0xa4, 0xb8, 0xc6, 0xf0, 0x12, 0x3e,
0x96, 0x0d, 0x23, 0x2b, 0x37, 0x87, 0x8d, 0xc8, 0xf7, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x03, 0x0b, 0x13, 0x1a, 0x1d, 0x25
};
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_draft_sig[] = {
0x3e, 0xff, 0xf4, 0x48, 0x80, 0x2d, 0x88, 0x87, 0xf4, 0xcc,
0xa4, 0x61, 0xe1, 0x27, 0x20, 0x55, 0x66, 0xc8, 0xfe, 0x3e,
0xdd, 0xf5, 0x5c, 0x70, 0x6c, 0x54, 0xba, 0x50, 0x8a, 0xa2,
0x4b, 0x88, 0xbc, 0xb8, 0x87, 0xf9, 0x4e, 0x50, 0x3a, 0x04,
0x18, 0xb3, 0xf4, 0x5f, 0x77, 0x4a, 0x7e, 0xa8, 0xf5, 0xca,
0x49, 0x00, 0xdc, 0x24, 0xaa, 0x05, 0x35, 0x0f, 0x34, 0xf7,
0xbf, 0x09, 0xa6, 0xcf, 0x75, 0x37, 0x07, 0xcd, 0x07, 0x99,
0x92, 0x1d, 0xc7, 0xc9, 0x17, 0x1c, 0xdd, 0x27, 0x8c, 0x66,
0xf2, 0x8b, 0x75, 0xb0, 0x86, 0x2d, 0xbd, 0x51, 0x16, 0xc2,
0x50, 0xe0, 0x7e, 0x0a, 0x21, 0x58, 0x93, 0x22, 0x06, 0xcb,
0x85, 0x8b, 0xfd, 0x97, 0x61, 0xc0, 0xdb, 0xab, 0xfa, 0x4a,
0x69, 0xef, 0x9c, 0xc1, 0x4e, 0xae, 0xb2, 0xb3, 0xa2, 0x74,
0xa4, 0x94, 0x0a, 0xed, 0x39, 0x9e, 0xe8, 0x58, 0xeb, 0xfd,
0x43, 0x05, 0x73, 0x38, 0xd6, 0xbb, 0xeb, 0xb9, 0x9d, 0x3b,
0xf8, 0x85, 0xb4, 0x4b, 0x16, 0x5c, 0x9e, 0xfe, 0xb8, 0x13,
0xf8, 0x68, 0x44, 0x90, 0x05, 0x61, 0xb3, 0xed, 0x6f, 0x47,
0xc9, 0x50, 0xcf, 0x6c, 0xc0, 0xac, 0xdf, 0x4c, 0x4c, 0x1b,
0x42, 0xce, 0x0a, 0x32, 0x69, 0xb0, 0xfd, 0x87, 0xef, 0xf3,
0x9c, 0xcc, 0xba, 0x2f, 0x03, 0xd7, 0xdb, 0x76, 0xee, 0xa0,
0x71, 0x4a, 0x80, 0xcb, 0x90, 0x9e, 0xbb, 0x8f, 0x00, 0x46,
0x81, 0xe0, 0xde, 0xa6, 0x43, 0xb5, 0x37, 0x79, 0xf2, 0x35,
0xce, 0x9e, 0xd2, 0xb1, 0x5b, 0xff, 0x91, 0xfb, 0x98, 0xc1,
0xe1, 0x66, 0x2c, 0x00, 0x1b, 0x89, 0xf2, 0x57, 0x81, 0x73,
0x7e, 0x9f, 0x8d, 0x50, 0xd0, 0xe0, 0xe3, 0x93, 0xf2, 0x87,
0x41, 0x64, 0x6c, 0xb7, 0x09, 0x60, 0x91, 0x4e, 0x0b, 0xbe,
0xbe, 0xd4, 0x98, 0xfa, 0x14, 0x8c, 0x46, 0x09, 0xfa, 0xaa,
0x82, 0xd6, 0xdd, 0x65, 0x93, 0x39, 0x45, 0x50, 0x90, 0x10,
0xae, 0x1b, 0xff, 0xab, 0x7e, 0x86, 0xda, 0xb9, 0x4d, 0xf1,
0xc2, 0x00, 0x54, 0x66, 0xee, 0x40, 0xc0, 0x56, 0x2f, 0xe8,
0x43, 0x89, 0xbb, 0xb8, 0x59, 0x24, 0x63, 0x45, 0x9a, 0xde,
0x08, 0xf3, 0x16, 0x94, 0xd2, 0x8d, 0xee, 0xf9, 0xbe, 0x4f,
0x29, 0xe1, 0x4b, 0x5e, 0x2b, 0x14, 0xef, 0x66, 0xe2, 0x12,
0xf8, 0x87, 0x2e, 0xb1, 0x75, 0x8b, 0x21, 0xb5, 0x8f, 0x8e,
0xc5, 0x0e, 0x60, 0x27, 0x15, 0xbd, 0x72, 0xe4, 0x26, 0x4e,
0x62, 0x7d, 0x3a, 0x46, 0x49, 0x93, 0xa9, 0x52, 0x7f, 0xc2,
0x27, 0xb9, 0x55, 0x6a, 0x45, 0x9f, 0x2c, 0x7a, 0x5a, 0xc9,
0xf4, 0x55, 0xaf, 0x49, 0xb3, 0xd5, 0xc0, 0x84, 0xdb, 0x89,
0x5f, 0x21, 0x04, 0xf5, 0x4c, 0x66, 0x1e, 0x2e, 0x69, 0xdf,
0x5b, 0x14, 0x60, 0x89, 0x84, 0xf8, 0xa3, 0xaf, 0xdf, 0xb9,
0x18, 0x5e, 0xbf, 0x81, 0x95, 0x9a, 0x5e, 0x4f, 0x24, 0x45,
0xad, 0xab, 0xe2, 0x36, 0x7c, 0x19, 0xde, 0xc0, 0xf4, 0x1a,
0x42, 0xb2, 0xc2, 0x58, 0x2f, 0x5f, 0xd0, 0x2e, 0x28, 0x33,
0x59, 0x75, 0xc2, 0xde, 0x41, 0xe3, 0x9b, 0x85, 0x46, 0xad,
0x6d, 0xf1, 0x06, 0xf0, 0x6a, 0xb9, 0xed, 0x71, 0x7b, 0xfd,
0xf1, 0xc4, 0x56, 0xd8, 0xb3, 0x1a, 0x5f, 0x04, 0xae, 0xe8,
0xce, 0xde, 0xa1, 0x6d, 0x46, 0x2a, 0x4f, 0x62, 0xee, 0x25,
0xdf, 0x22, 0x21, 0xb2, 0x8f, 0x5f, 0x26, 0x33, 0x5a, 0xdd,
0xbe, 0x08, 0xb3, 0x93, 0x16, 0x16, 0xad, 0x2e, 0x00, 0xb8,
0x14, 0x0c, 0x10, 0xa3, 0x29, 0x89, 0x1f, 0xd7, 0x06, 0x7a,
0x09, 0xf3, 0x84, 0xf9, 0x18, 0x04, 0x56, 0x2f, 0x7f, 0xbd,
0x8e, 0x12, 0xdf, 0x4d, 0x58, 0x5c, 0x1d, 0x81, 0x0c, 0x7d,
0x62, 0x02, 0xe0, 0xf9, 0x1b, 0x69, 0xe9, 0x38, 0x45, 0x84,
0x2d, 0x9a, 0x4a, 0x3d, 0x7b, 0x48, 0xd5, 0x0d, 0x76, 0xba,
0xff, 0x20, 0x00, 0xf8, 0x42, 0x7f, 0xd2, 0x25, 0x70, 0x90,
0x88, 0xb3, 0x98, 0xac, 0xe9, 0xd9, 0xac, 0x58, 0xa6, 0x49,
0xcc, 0x93, 0xa5, 0x04, 0x0c, 0x68, 0x53, 0x64, 0x72, 0x8c,
0xfc, 0x8d, 0x61, 0xeb, 0x3f, 0x93, 0x8b, 0x85, 0x98, 0x05,
0xce, 0x06, 0xd7, 0xbf, 0xbb, 0xa5, 0x22, 0xda, 0xe9, 0x8a,
0x29, 0x30, 0x5e, 0x82, 0xe4, 0x46, 0x7c, 0x36, 0x5e, 0xf5,
0xc7, 0xe3, 0x09, 0xdf, 0x20, 0x76, 0x73, 0x33, 0x31, 0x75,
0xc2, 0x99, 0xe9, 0x74, 0x43, 0x82, 0xb1, 0xeb, 0x74, 0x6f,
0xad, 0x59, 0x48, 0x12, 0xa0, 0x24, 0xe3, 0x38, 0x48, 0x61,
0x0c, 0xf6, 0x38, 0x83, 0x3a, 0xcd, 0xd6, 0x45, 0x10, 0x0e,
0x09, 0x79, 0x31, 0x30, 0x80, 0xfb, 0x34, 0x60, 0x1e, 0x72,
0x98, 0xe9, 0x5c, 0xbf, 0xab, 0x21, 0x7f, 0xa3, 0x19, 0x7e,
0x8c, 0xa9, 0xa7, 0xfc, 0x25, 0xe0, 0x8e, 0x6d, 0xa1, 0xb9,
0x7b, 0x5b, 0x37, 0x33, 0x96, 0xd8, 0x6e, 0x7a, 0xce, 0xa6,
0x1a, 0xbd, 0xe6, 0x6e, 0x62, 0xc4, 0x8c, 0x69, 0xfe, 0xe4,
0xcb, 0x0a, 0xa1, 0x6c, 0x66, 0x0e, 0x1a, 0x5e, 0xb9, 0xd1,
0x4a, 0xa3, 0x91, 0x39, 0xcf, 0x85, 0x07, 0x5b, 0xaf, 0x99,
0x11, 0xca, 0xee, 0x6f, 0x2e, 0x33, 0xda, 0x60, 0xbf, 0xd6,
0xa0, 0x7a, 0xdb, 0x91, 0x13, 0xb7, 0xa3, 0x5d, 0x0e, 0x1e,
0x3b, 0xf9, 0x7a, 0x3e, 0x4f, 0x8d, 0xb3, 0x81, 0xe8, 0x0c,
0x4d, 0x48, 0x61, 0x06, 0x14, 0x0f, 0x3e, 0x33, 0x9e, 0xea,
0xa6, 0xd8, 0xd8, 0x4d, 0x9b, 0x00, 0x34, 0x0d, 0x31, 0x62,
0x54, 0x93, 0x04, 0xd2, 0x02, 0x21, 0x38, 0x91, 0x58, 0xca,
0x77, 0xd3, 0x6c, 0xd1, 0x94, 0x05, 0xfa, 0x30, 0x6a, 0x0b,
0xf0, 0x52, 0x52, 0xb7, 0xdb, 0x34, 0xff, 0x18, 0x5c, 0x78,
0x25, 0x44, 0x39, 0xe4, 0x54, 0x8a, 0xf1, 0x49, 0x04, 0xab,
0x8a, 0x5f, 0x87, 0xe1, 0x6e, 0x1a, 0xf2, 0xba, 0x39, 0xb4,
0x7c, 0x71, 0x5b, 0xbe, 0x8d, 0xbb, 0xed, 0x3b, 0xed, 0x20,
0x95, 0xdf, 0xa7, 0x50, 0xb5, 0x66, 0xff, 0xd0, 0x3a, 0x92,
0xde, 0xf2, 0xa3, 0xf2, 0xd6, 0x48, 0x6b, 0xd8, 0xef, 0x80,
0x4d, 0xc2, 0x3c, 0xc7, 0xc6, 0x6e, 0xdf, 0xd1, 0x54, 0xfb,
0x22, 0xac, 0x1a, 0x11, 0x81, 0x02, 0xc7, 0x66, 0xe0, 0xf3,
0xad, 0x0b, 0xd0, 0xec, 0xae, 0x93, 0x53, 0xa5, 0xbf, 0xa5,
0x17, 0x59, 0x14, 0x7d, 0x7e, 0x1e, 0x26, 0x15, 0x7a, 0x74,
0xfb, 0xb1, 0x7a, 0x0e, 0xd3, 0xb5, 0x7c, 0x8c, 0x3a, 0xd7,
0x45, 0x38, 0x55, 0xae, 0x4b, 0xe1, 0xfe, 0x5b, 0x57, 0x20,
0x73, 0x38, 0xb9, 0x67, 0x34, 0xb1, 0xf3, 0x15, 0xb0, 0xb7,
0x46, 0xa7, 0x1b, 0x19, 0x6d, 0xaf, 0x5e, 0x2c, 0x9c, 0x02,
0x3f, 0x0f, 0xa3, 0x56, 0x2f, 0x9f, 0x1a, 0x82, 0x0e, 0xb4,
0x46, 0xf5, 0x69, 0x89, 0x91, 0xf9, 0x2d, 0x99, 0x45, 0xa6,
0x3c, 0x82, 0x74, 0xac, 0xeb, 0x58, 0x4a, 0xdd, 0x03, 0xaf,
0xd1, 0x0a, 0xca, 0x4b, 0xe8, 0x4c, 0x63, 0xd4, 0x73, 0x94,
0xbf, 0xd1, 0xc5, 0x8a, 0x3f, 0x6e, 0x58, 0xfc, 0x70, 0x76,
0x69, 0x92, 0x05, 0xe0, 0xb9, 0xed, 0x5f, 0x19, 0xd7, 0x6f,
0xd0, 0x35, 0xbb, 0x5a, 0x8d, 0x45, 0xac, 0x43, 0xcb, 0x74,
0xcc, 0x92, 0xc3, 0x62, 0x56, 0x02, 0xb0, 0x0a, 0xb6, 0x88,
0x40, 0x6f, 0x76, 0x1b, 0x89, 0xe4, 0x51, 0xeb, 0x7e, 0x08,
0x8c, 0xce, 0x24, 0xc8, 0xd8, 0x58, 0xbd, 0x0e, 0x48, 0x57,
0xc8, 0x9f, 0xad, 0x64, 0xcf, 0x69, 0x72, 0x35, 0xbf, 0x04,
0x09, 0xfb, 0x0e, 0x62, 0x92, 0x76, 0x8b, 0x8d, 0xd5, 0x16,
0xa2, 0x51, 0xdb, 0x71, 0xa9, 0x08, 0xb2, 0xf9, 0x1e, 0x07,
0xe7, 0xf8, 0xf4, 0x79, 0x59, 0x2f, 0x8f, 0xf1, 0x5b, 0x45,
0xe1, 0xb8, 0xb7, 0xef, 0x86, 0x69, 0x71, 0x51, 0x1c, 0xe5,
0x61, 0xee, 0xb8, 0x1d, 0xa7, 0xdc, 0x48, 0xba, 0x51, 0xa5,
0x70, 0x4d, 0xfd, 0x2c, 0x46, 0x21, 0x63, 0x0c, 0x9f, 0xb7,
0x68, 0x58, 0x7b, 0xb3, 0x7d, 0x64, 0xfd, 0xaf, 0x87, 0x3d,
0x86, 0x06, 0x36, 0x8a, 0x6d, 0xfe, 0xdf, 0xce, 0xa8, 0x16,
0x42, 0x46, 0x15, 0xe5, 0xcf, 0x48, 0xa6, 0x4b, 0xe5, 0xc1,
0xad, 0x14, 0x3a, 0x6d, 0xeb, 0xf9, 0xc9, 0x32, 0xd1, 0x82,
0x60, 0x23, 0xf0, 0xff, 0xa7, 0xe6, 0x2e, 0xd6, 0x8d, 0x9d,
0x4f, 0x6d, 0xb3, 0xc4, 0xad, 0xd9, 0xf0, 0xf5, 0x5c, 0x47,
0x6c, 0x67, 0xf4, 0x0e, 0x18, 0x25, 0xbb, 0x67, 0xfa, 0x11,
0x70, 0xd5, 0xbc, 0x3a, 0x34, 0xae, 0xa2, 0x76, 0x4b, 0x9f,
0x59, 0x01, 0x18, 0x69, 0x44, 0xc4, 0x8a, 0xff, 0x00, 0xfc,
0x2a, 0x45, 0xa9, 0x50, 0x8e, 0x37, 0x6b, 0x78, 0x14, 0x69,
0xe7, 0x92, 0x3d, 0xf1, 0x34, 0xd5, 0x5c, 0x48, 0xc2, 0x50,
0xb3, 0x0c, 0x7d, 0x54, 0x05, 0x31, 0x1e, 0xce, 0xaa, 0xc1,
0x4c, 0xc9, 0x13, 0x33, 0x26, 0x1f, 0x56, 0x7e, 0x7e, 0x74,
0xd3, 0x78, 0x3e, 0x00, 0x4a, 0xc8, 0xc6, 0x20, 0x5b, 0xb8,
0x80, 0xb4, 0x13, 0x35, 0x23, 0xff, 0x50, 0xde, 0x25, 0x92,
0x67, 0x08, 0xb8, 0xa3, 0xb6, 0x39, 0xd4, 0x30, 0xdc, 0xa5,
0x88, 0x8a, 0x44, 0x08, 0x8b, 0x6d, 0x2e, 0xb8, 0xf3, 0x0d,
0x23, 0xda, 0x35, 0x08, 0x5a, 0x92, 0xe1, 0x40, 0xac, 0xc7,
0x15, 0x05, 0x8a, 0xdf, 0xe5, 0x71, 0xd8, 0xe0, 0xd7, 0x9f,
0x58, 0x03, 0xf4, 0xec, 0x99, 0x3c, 0xb0, 0xe0, 0x07, 0x42,
0x9b, 0xa0, 0x10, 0x7c, 0x24, 0x60, 0x19, 0xe8, 0x84, 0xd4,
0xb1, 0x86, 0x19, 0x0a, 0x52, 0x70, 0x6e, 0xc2, 0x3c, 0xe2,
0x73, 0x8d, 0xfe, 0xf8, 0x7e, 0xdf, 0x78, 0xe7, 0x92, 0x36,
0x10, 0xf7, 0x2d, 0x76, 0x93, 0x8a, 0x0f, 0x20, 0xc8, 0x30,
0x59, 0x81, 0xff, 0x3b, 0x70, 0x22, 0xce, 0x6e, 0x23, 0x68,
0x35, 0x59, 0x0e, 0xcf, 0xf8, 0xf6, 0xcd, 0x45, 0xb6, 0x41,
0xba, 0xda, 0xe6, 0x35, 0x0b, 0xd1, 0xef, 0xa5, 0x7c, 0xe0,
0xb9, 0x6f, 0x5b, 0xa9, 0xab, 0x87, 0xe3, 0x3b, 0x92, 0xce,
0xbe, 0xfe, 0xf7, 0xab, 0x82, 0xa3, 0xe6, 0xbd, 0xfe, 0xce,
0xa6, 0x17, 0xcb, 0x4c, 0xb4, 0x4c, 0xd6, 0xfe, 0xbb, 0x1c,
0x10, 0xde, 0x29, 0x3e, 0x92, 0x66, 0x20, 0xf8, 0xee, 0x83,
0x86, 0x66, 0xe0, 0x66, 0x97, 0x85, 0xaf, 0x3a, 0x8f, 0xa9,
0x97, 0x09, 0xde, 0x77, 0xda, 0xb7, 0x81, 0x41, 0x10, 0xca,
0x66, 0x00, 0xec, 0xf8, 0x46, 0x73, 0xa6, 0x24, 0x36, 0xec,
0x25, 0xbe, 0x93, 0x5e, 0x74, 0x9f, 0xbe, 0xf4, 0x84, 0x15,
0x9c, 0xc5, 0x43, 0xd9, 0xea, 0x5a, 0xcc, 0x2c, 0x4e, 0x2e,
0x4e, 0x32, 0xa6, 0x88, 0xb1, 0x25, 0x34, 0xf7, 0xba, 0xab,
0xd3, 0xa0, 0xc2, 0x06, 0x70, 0xed, 0x66, 0x4d, 0x71, 0x34,
0xaf, 0x10, 0x99, 0x10, 0x11, 0x4f, 0xe4, 0x7d, 0x42, 0x03,
0x04, 0x02, 0xc2, 0x41, 0x85, 0x1e, 0xc4, 0xca, 0xae, 0xf0,
0x83, 0x78, 0x34, 0x98, 0x55, 0x8b, 0x4c, 0xa0, 0x14, 0xea,
0x15, 0x2c, 0xa1, 0x30, 0xd8, 0xcf, 0xac, 0xd4, 0xca, 0xf7,
0xf4, 0xc4, 0x20, 0xca, 0xa1, 0xef, 0xce, 0x5d, 0x6b, 0x32,
0xb6, 0xf0, 0x22, 0x08, 0x49, 0x21, 0x0c, 0x57, 0x0f, 0xf8,
0xc0, 0xd2, 0xe3, 0xc0, 0xa6, 0x31, 0xc7, 0x87, 0x96, 0xa9,
0xfe, 0x69, 0xa0, 0x7f, 0xf7, 0x8e, 0x31, 0x92, 0x37, 0xce,
0xde, 0x36, 0x3f, 0xf5, 0x7d, 0x07, 0xaa, 0xa9, 0x43, 0xee,
0x3c, 0x8c, 0xd3, 0x7d, 0x2c, 0xa6, 0xc3, 0x98, 0xab, 0xbe,
0x90, 0x4c, 0xa5, 0x5a, 0x27, 0xeb, 0x0e, 0xed, 0xa1, 0x1e,
0x3e, 0x44, 0xa3, 0x4b, 0x49, 0xad, 0xe4, 0x19, 0x90, 0xc8,
0x9e, 0x6e, 0x5b, 0x68, 0xbc, 0x37, 0x54, 0xaf, 0xa6, 0xb7,
0x71, 0x5c, 0x5d, 0x74, 0x83, 0xf4, 0xb9, 0x2f, 0xe5, 0x1a,
0x0c, 0x73, 0x30, 0x56, 0x82, 0x04, 0xb3, 0x0e, 0x32, 0x98,
0xfd, 0x27, 0xa0, 0xfe, 0xe0, 0xe0, 0xf5, 0xb7, 0xe0, 0x47,
0x2a, 0xa6, 0x4a, 0xe0, 0xfc, 0xb5, 0xd8, 0xfd, 0x01, 0xfe,
0x4e, 0x96, 0x17, 0x06, 0xcc, 0x92, 0x7c, 0xa1, 0x2f, 0xb5,
0x04, 0x08, 0x76, 0xcc, 0x40, 0x75, 0x37, 0x4d, 0x2c, 0x74,
0xcd, 0xc7, 0x62, 0xa6, 0xe6, 0xd8, 0x9e, 0x21, 0x7f, 0x2e,
0xf5, 0x2c, 0xcf, 0x0b, 0x3f, 0xd7, 0xed, 0x17, 0xee, 0x92,
0xaf, 0xf9, 0xa4, 0x71, 0x5d, 0x5f, 0x81, 0xb9, 0x2f, 0x12,
0xe5, 0x57, 0x2d, 0x1e, 0xf1, 0x67, 0x47, 0x2a, 0xde, 0xab,
0xf2, 0xea, 0xb7, 0xb5, 0x83, 0xdc, 0x46, 0xd4, 0xf3, 0x25,
0x65, 0x15, 0x4d, 0x66, 0x34, 0x54, 0xab, 0x94, 0x89, 0x80,
0x39, 0xd3, 0x39, 0xe3, 0xa2, 0xb1, 0x91, 0x2a, 0x5e, 0x55,
0xe1, 0xa4, 0x0f, 0xc3, 0x4b, 0x5a, 0xa5, 0x4a, 0xb3, 0xc0,
0x40, 0xea, 0x16, 0x0c, 0xd5, 0x2d, 0x83, 0x3e, 0x28, 0x20,
0xac, 0x0a, 0x1b, 0x5b, 0x87, 0xcf, 0xf1, 0x51, 0xd6, 0xda,
0xd1, 0xc9, 0xb1, 0x27, 0xf5, 0x62, 0x03, 0x10, 0xcf, 0x76,
0x28, 0xa2, 0xea, 0x4b, 0x76, 0xaf, 0x9c, 0x3d, 0xf1, 0x1b,
0x92, 0xff, 0xb0, 0xca, 0x16, 0xa2, 0x29, 0x94, 0x0e, 0x1e,
0x51, 0xfb, 0xe1, 0x2b, 0x5a, 0x50, 0xfd, 0xaf, 0xab, 0xd7,
0x32, 0xaa, 0x43, 0xa7, 0xcb, 0xd3, 0xd3, 0xe9, 0x1e, 0xb1,
0x70, 0xd2, 0xbb, 0x15, 0x68, 0x49, 0xee, 0x6e, 0x1e, 0xc5,
0x64, 0x4b, 0x26, 0x08, 0xe7, 0x32, 0x1c, 0x1d, 0x73, 0x8f,
0x42, 0xfe, 0xeb, 0x67, 0x89, 0x42, 0x25, 0x40, 0xd6, 0x15,
0x02, 0x55, 0x87, 0xe3, 0x87, 0xdd, 0x78, 0xc1, 0x01, 0x94,
0xbc, 0x30, 0x5f, 0xbd, 0x89, 0xe1, 0xb0, 0x5c, 0xcd, 0xb7,
0x68, 0xd5, 0xbb, 0xf4, 0xa0, 0x5d, 0x3d, 0xdd, 0x89, 0x12,
0xc7, 0xb8, 0x5d, 0x51, 0x8a, 0xf4, 0xd5, 0x05, 0xc6, 0xdd,
0x7b, 0x44, 0x38, 0xce, 0xb1, 0x24, 0x24, 0xe1, 0x9d, 0xc7,
0x80, 0x86, 0x46, 0x2a, 0xd2, 0xa4, 0x0f, 0xec, 0xd3, 0x6b,
0x31, 0xc0, 0x05, 0x31, 0xff, 0xf5, 0x1a, 0x33, 0x35, 0x68,
0x2e, 0x68, 0x24, 0xbd, 0x62, 0xfc, 0x46, 0x79, 0x54, 0x5e,
0x1e, 0x27, 0x93, 0x07, 0xed, 0x78, 0x94, 0x50, 0x42, 0x98,
0x53, 0x88, 0xb7, 0x57, 0x04, 0x7d, 0xe2, 0xe1, 0xb5, 0x61,
0x9e, 0x5a, 0x88, 0x31, 0x3e, 0x6c, 0x69, 0xbc, 0x8a, 0xe6,
0xbc, 0x9d, 0x20, 0x7a, 0x86, 0xe5, 0x73, 0x93, 0x02, 0xc5,
0xde, 0xdc, 0xcc, 0xbf, 0x89, 0x76, 0xdc, 0x4e, 0xa1, 0x89,
0xe7, 0x95, 0x75, 0x01, 0xf7, 0x43, 0xaa, 0x3f, 0x1b, 0xb7,
0x8c, 0x92, 0x66, 0x22, 0xbe, 0x34, 0xf1, 0x2f, 0xc3, 0xc7,
0x21, 0xaf, 0x25, 0x57, 0x9a, 0x2c, 0x80, 0xf0, 0xb3, 0xdd,
0xb3, 0xb2, 0x82, 0x97, 0x85, 0x73, 0xa9, 0x76, 0xe4, 0x37,
0xa2, 0x65, 0xf9, 0xc1, 0x3d, 0x11, 0xbf, 0xcb, 0x3c, 0x8e,
0xdd, 0xaf, 0x98, 0x57, 0x6a, 0xe1, 0x33, 0xe7, 0xf0, 0xff,
0xed, 0x61, 0x53, 0xfe, 0x1e, 0x2d, 0x06, 0x2f, 0xb8, 0x9e,
0xf9, 0xa5, 0x21, 0x06, 0xf3, 0x72, 0xf6, 0xa3, 0x77, 0xbb,
0x63, 0x6e, 0x52, 0xb2, 0x42, 0x47, 0x9b, 0x92, 0x4c, 0xf8,
0xd2, 0xe6, 0x02, 0xa5, 0x57, 0x2d, 0x6f, 0x30, 0x05, 0xe2,
0xfd, 0x33, 0xe5, 0xb6, 0x23, 0x85, 0x89, 0x4a, 0x99, 0x20,
0x33, 0xea, 0x2f, 0xcd, 0x28, 0x27, 0xff, 0xfd, 0x2e, 0x73,
0x52, 0x29, 0x19, 0x7c, 0x65, 0xf5, 0x6a, 0xaa, 0x97, 0x6e,
0xe9, 0x42, 0xa8, 0x55, 0x97, 0x56, 0x92, 0x9d, 0xd2, 0xd1,
0xc4, 0x30, 0xaa, 0x95, 0x86, 0xba, 0x71, 0xdd, 0x2f, 0xf1,
0xed, 0x66, 0x54, 0x78, 0x4b, 0x13, 0x31, 0xed, 0x9d, 0x2c,
0xae, 0x0a, 0xc3, 0xca, 0xfb, 0x3f, 0x92, 0x92, 0x30, 0xa3,
0x8e, 0xc8, 0x6d, 0x7b, 0x42, 0xd5, 0x5d, 0x99, 0x79, 0x42,
0x28, 0x63, 0x9f, 0x97, 0x8e, 0x94, 0x6d, 0x1d, 0xb4, 0x21,
0x39, 0xc7, 0x64, 0x48, 0x44, 0x5e, 0x15, 0x10, 0x45, 0x9f,
0x8a, 0x01, 0x45, 0x20, 0x5c, 0xd1, 0x28, 0x0d, 0xe9, 0xfb,
0xa9, 0x72, 0x68, 0x07, 0x31, 0x20, 0x75, 0x76, 0x82, 0x76,
0x5d, 0x7c, 0xc1, 0x5d, 0x42, 0x40, 0xfd, 0x06, 0xa9, 0x66,
0xb0, 0x36, 0x55, 0x86, 0x6c, 0x96, 0xbd, 0xb8, 0xf7, 0x36,
0x87, 0xf2, 0xa1, 0x37, 0xd8, 0x2d, 0x83, 0xf5, 0xdc, 0xd8,
0xde, 0x9e, 0x69, 0xd6, 0xe1, 0x0d, 0xd5, 0x93, 0xc5, 0xee,
0xba, 0xd3, 0x40, 0x71, 0xbb, 0xc7, 0xbb, 0x50, 0x1a, 0x10,
0x80, 0x99, 0x62, 0x1c, 0xe3, 0x1f, 0xa2, 0xcc, 0x98, 0xe1,
0xaa, 0xff, 0xd9, 0x69, 0xe7, 0x87, 0x04, 0x87, 0x76, 0xec,
0x55, 0x18, 0xaf, 0x82, 0x34, 0x4d, 0x4f, 0xf7, 0x57, 0x1f,
0xa5, 0x43, 0xcc, 0xe9, 0x7a, 0x4a, 0xc8, 0xb4, 0x1f, 0x61,
0x40, 0x5e, 0x1d, 0x11, 0xdd, 0xdc, 0xdc, 0xb4, 0x57, 0xf9,
0x47, 0x96, 0xbc, 0x47, 0x29, 0xf8, 0xf2, 0x43, 0xc4, 0xa0,
0x8c, 0x14, 0x5e, 0x73, 0x52, 0xac, 0xac, 0x39, 0x3b, 0x06,
0x19, 0x1a, 0xca, 0x22, 0xc8, 0x96, 0x12, 0x2e, 0x4c, 0x7b,
0xa0, 0x96, 0x53, 0x16, 0xce, 0x6d, 0x6e, 0xac, 0xb2, 0x07,
0x17, 0x22, 0x07, 0x30, 0x20, 0x84, 0x9b, 0x0e, 0x92, 0x31,
0x07, 0xe2, 0x77, 0xcd, 0x6a, 0x3e, 0x16, 0x4f, 0xd6, 0x12,
0x88, 0x8a, 0x70, 0x5a, 0x87, 0xd8, 0xb9, 0xef, 0x76, 0xab,
0x14, 0x65, 0x87, 0x3a, 0xef, 0xd8, 0x0e, 0x24, 0x40, 0x73,
0x93, 0x2b, 0xbf, 0xac, 0xfe, 0x96, 0x8a, 0x9d, 0x12, 0xe6,
0xc1, 0x5b, 0x00, 0x3b, 0x23, 0xee, 0xe2, 0x10, 0xb6, 0xbe,
0x0e, 0x2f, 0xa2, 0x77, 0x16, 0x17, 0xfc, 0x4b, 0x2c, 0xd7,
0x9c, 0xad, 0x66, 0xb4, 0xf2, 0xfd, 0xc1, 0xaf, 0x81, 0x12,
0xd9, 0xed, 0x14, 0x32, 0xcf, 0x1b, 0xee, 0xc6, 0x63, 0xe8,
0xe5, 0xe6, 0xb6, 0x91, 0x8d, 0x1b, 0x90, 0x75, 0x5d, 0x69,
0x4c, 0x5d, 0xd6, 0xac, 0x79, 0xe8, 0xb6, 0xdf, 0xbf, 0x43,
0x39, 0xd3, 0xb8, 0xf0, 0x39, 0xf4, 0x90, 0xaf, 0x73, 0x26,
0xc7, 0x73, 0x6f, 0x93, 0xbb, 0xce, 0x6e, 0xdc, 0x1c, 0xd0,
0x36, 0x23, 0x17, 0xb2, 0x39, 0x37, 0x15, 0xf5, 0x3a, 0x61,
0xa9, 0x15, 0x52, 0x6e, 0xc5, 0x3a, 0x63, 0x79, 0x5d, 0x45,
0xdc, 0x3a, 0xd5, 0x26, 0x01, 0x56, 0x97, 0x80, 0x7f, 0x83,
0xf9, 0xec, 0xde, 0xa0, 0x2e, 0x7a, 0xb2, 0x4b, 0x04, 0x63,
0x60, 0x05, 0xce, 0x96, 0xeb, 0xe0, 0x0a, 0x5f, 0xb0, 0x7e,
0x6d, 0x0a, 0x24, 0x32, 0x47, 0x82, 0x7f, 0x0b, 0xd7, 0xe9,
0xd5, 0x14, 0xa9, 0x6b, 0x10, 0x5d, 0x1e, 0x1f, 0x8a, 0xad,
0x70, 0x91, 0xd4, 0x33, 0x1d, 0xc2, 0x3e, 0xf8, 0xc8, 0x52,
0x9a, 0x27, 0x1f, 0x45, 0x2f, 0xb5, 0xc7, 0xb1, 0x8b, 0xf9,
0xc6, 0x7b, 0xb5, 0x92, 0x7a, 0xdd, 0xeb, 0x07, 0x6c, 0x6f,
0x11, 0xd7, 0x5b, 0x56, 0x56, 0xec, 0x88, 0x1c, 0xc9, 0xb4,
0xe8, 0x43, 0xab, 0xdf, 0x0b, 0xc5, 0x28, 0xba, 0x70, 0x5d,
0xd3, 0xb2, 0xe2, 0xcf, 0xa7, 0xbb, 0x53, 0x04, 0x6b, 0x73,
0xdf, 0x27, 0xa6, 0x63, 0x58, 0xe1, 0x39, 0x26, 0x2a, 0x1a,
0x21, 0xec, 0xbb, 0x5f, 0x46, 0x98, 0x3d, 0x48, 0x66, 0xfe,
0xf3, 0xcb, 0xfc, 0x6e, 0x99, 0x82, 0x91, 0xce, 0x53, 0xfd,
0x75, 0xc9, 0xb6, 0x08, 0xa8, 0xf3, 0xe4, 0xe0, 0xa0, 0x24,
0x45, 0xb4, 0x69, 0x11, 0xac, 0x06, 0x1c, 0x39, 0x71, 0xcf,
0x72, 0xfc, 0x77, 0x9b, 0x5f, 0xf4, 0x8b, 0x02, 0x31, 0xf3,
0x67, 0xd1, 0x9b, 0xe0, 0x49, 0xa4, 0x69, 0x20, 0x99, 0x38,
0xa7, 0xf5, 0x43, 0xd2, 0x45, 0x9f, 0x7a, 0xe7, 0xad, 0x7e,
0x36, 0xee, 0xfd, 0x8c, 0xc5, 0x6a, 0x12, 0x58, 0x15, 0x3b,
0x02, 0x81, 0x73, 0x8b, 0x10, 0xda, 0x21, 0xc7, 0x1d, 0x38,
0xd8, 0x40, 0x7a, 0xa3, 0x59, 0x55, 0x35, 0x44, 0xa9, 0x9c,
0xf5, 0xf4, 0xe4, 0x14, 0xc1, 0xc4, 0x15, 0x26, 0x01, 0xe3,
0x31, 0xbf, 0xdc, 0xbc, 0x69, 0x0b, 0xcf, 0x71, 0x8c, 0xdb,
0x16, 0xab, 0x36, 0x3e, 0xb3, 0xa4, 0x9f, 0xcc, 0xbf, 0xa2,
0x93, 0x93, 0x9a, 0x3b, 0xaf, 0x72, 0x8d, 0x8b, 0x92, 0x44,
0x5d, 0x6f, 0xc5, 0xf0, 0xdc, 0x65, 0x62, 0xea, 0xba, 0x33,
0xe7, 0x6c, 0xa4, 0x35, 0xcf, 0xd9, 0xbc, 0x3c, 0xbf, 0x25,
0x7b, 0x7c, 0x0b, 0x62, 0x92, 0x5a, 0x66, 0x63, 0xe1, 0x27,
0x89, 0x12, 0xe2, 0xae, 0xb7, 0xf8, 0x04, 0x70, 0xda, 0x4a,
0x3d, 0xa6, 0x67, 0x12, 0x14, 0x9e, 0x8e, 0xdc, 0xa2, 0xf2,
0x3d, 0xc7, 0xd2, 0x8f, 0x18, 0x3a, 0x53, 0x8c, 0x83, 0x5d,
0x66, 0xbb, 0x9f, 0x8c, 0xaf, 0xa8, 0x73, 0x08, 0x2e, 0x6d,
0x30, 0xa0, 0xd0, 0x20, 0x94, 0x48, 0xad, 0x5e, 0x31, 0xfd,
0x5e, 0xfd, 0xf9, 0xb5, 0xa2, 0x39, 0xa3, 0xb9, 0xdf, 0x4d,
0xa4, 0xb1, 0x54, 0xcc, 0x92, 0x63, 0x2c, 0x66, 0x2d, 0x01,
0x88, 0x8b, 0x7d, 0xc6, 0x5c, 0x9f, 0x18, 0x9a, 0x53, 0x91,
0x59, 0x66, 0x70, 0xd7, 0x81, 0x0e, 0xa1, 0x3c, 0x7e, 0x86,
0x85, 0x64, 0x38, 0x6f, 0xec, 0x76, 0x57, 0x80, 0x41, 0x9d,
0xef, 0x61, 0xb8, 0xb2, 0x8a, 0xeb, 0xe9, 0x26, 0xbb, 0x69,
0xb3, 0x8d, 0xd4, 0x6b, 0x05, 0xd8, 0x55, 0x1c, 0xbd, 0x9f,
0x6b, 0x23, 0x46, 0x2b, 0xf7, 0xfb, 0x4d, 0x33, 0x3b, 0x21,
0x6d, 0xea, 0x1b, 0x15, 0xaf, 0x0f, 0x8c, 0x98, 0xc8, 0xf4,
0xd1, 0x3c, 0xdd, 0x21, 0xd0, 0x45, 0xdc, 0xaf, 0x89, 0x89,
0xbf, 0xde, 0xbf, 0x46, 0x9e, 0x9e, 0x18, 0x56, 0x9d, 0x05,
0x4d, 0x63, 0x5f, 0x1c, 0xd9, 0x15, 0xd1, 0x43, 0x17, 0x0c,
0x48, 0x3d, 0x36, 0x8b, 0x14, 0x87, 0xc8, 0x10, 0x44, 0xdf,
0x9c, 0xfd, 0x6e, 0x88, 0x88, 0xae, 0x7f, 0x7f, 0x67, 0xa3,
0x33, 0x4d, 0xa3, 0x84, 0x8b, 0x58, 0x07, 0x17, 0xd8, 0x1d,
0x9e, 0x43, 0xd6, 0x41, 0x9c, 0xff, 0xfa, 0x35, 0xa2, 0x42,
0xa9, 0x5d, 0xa9, 0x4b, 0x95, 0x23, 0x6a, 0x6e, 0x42, 0xd7,
0xa2, 0x0a, 0x70, 0x00, 0x61, 0x8b, 0x45, 0xbb, 0xac, 0x20,
0x27, 0xcd, 0xfc, 0x61, 0x17, 0xfe, 0xab, 0x6b, 0xe8, 0xe0,
0x51, 0xab, 0xa3, 0xbf, 0xe4, 0x85, 0x69, 0x8e, 0xd7, 0xa6,
0x62, 0x33, 0x8f, 0x7c, 0xba, 0x48, 0xfa, 0x83, 0x94, 0xa5,
0xdf, 0xa1, 0x76, 0xdc, 0xa9, 0x4b, 0x3c, 0x27, 0xff, 0xd9,
0xbe, 0xf4, 0x80, 0x5a, 0xca, 0x33, 0xf3, 0x9a, 0x1d, 0xf8,
0xf3, 0xe1, 0x83, 0x27, 0x0b, 0x59, 0x87, 0x31, 0x7d, 0x4f,
0x5a, 0x5e, 0xe1, 0xbe, 0xa9, 0x68, 0xe9, 0x6f, 0x10, 0x0a,
0xe2, 0x70, 0x05, 0xaa, 0xcb, 0xdd, 0x41, 0xd7, 0x49, 0x8a,
0x98, 0xa0, 0x40, 0x2d, 0xc6, 0x56, 0x49, 0xca, 0x60, 0x16,
0x9c, 0x38, 0xc9, 0xfe, 0x99, 0x15, 0xfb, 0x79, 0x01, 0x33,
0xcd, 0x54, 0x2f, 0xf3, 0x70, 0x37, 0x82, 0x36, 0x32, 0x76,
0x8f, 0x63, 0x00, 0xa2, 0x42, 0xce, 0x39, 0x90, 0xfc, 0xf8,
0xff, 0x34, 0x38, 0x0a, 0x17, 0x5e, 0x9d, 0x34, 0x86, 0xde,
0x33, 0x45, 0xac, 0xbf, 0x81, 0xdf, 0xd2, 0xbc, 0xc7, 0xd7,
0xd1, 0xee, 0xde, 0x2b, 0x5b, 0x50, 0x56, 0xb5, 0x88, 0x00,
0x92, 0x76, 0x5a, 0x34, 0x0c, 0xfe, 0x8f, 0xc5, 0xa0, 0x92,
0xb0, 0xed, 0x43, 0xe7, 0x81, 0x39, 0x36, 0x6e, 0xb7, 0x4d,
0x5b, 0xcf, 0xc7, 0xf0, 0x83, 0xe5, 0xdc, 0xb7, 0x74, 0xf4,
0xf3, 0xbd, 0xa8, 0xa6, 0x7b, 0xe0, 0xc5, 0x50, 0xaa, 0xc7,
0x83, 0x4d, 0xd9, 0xc5, 0x97, 0x03, 0x7c, 0x0c, 0x3b, 0x3a,
0x18, 0xb2, 0x8c, 0xee, 0x67, 0x91, 0x38, 0x84, 0x8f, 0xef,
0xb4, 0xf4, 0xe4, 0x7c, 0x1a, 0x3f, 0xa3, 0x0a, 0xd9, 0xba,
0xff, 0x56, 0xd8, 0xe2, 0x82, 0xfc, 0x58, 0x8f, 0xf6, 0x12,
0x10, 0x65, 0x6a, 0x68, 0x53, 0x2d, 0x9f, 0x2c, 0x77, 0xd1,
0xb8, 0x21, 0x8a, 0xcb, 0xe9, 0xd4, 0x25, 0x18, 0x22, 0x46,
0x3e, 0x72, 0x29, 0x2a, 0x68, 0x70, 0x73, 0xe2, 0x61, 0xa2,
0xa8, 0x1f, 0x24, 0x48, 0x92, 0xa0, 0xd4, 0xdd, 0xde, 0xe5,
0x02, 0x1b, 0x59, 0x5c, 0x7e, 0x92, 0x9c, 0xd8, 0xf4, 0x2d,
0x6b, 0x79, 0x7b, 0xc7, 0xcd, 0xef, 0x21, 0x2a, 0x50, 0x7e,
0xba, 0xdd, 0x02, 0x45, 0x7e, 0xc1, 0xdd, 0xeb, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x03, 0x0c, 0x15, 0x1c, 0x22, 0x28
};
#endif
wc_test_ret_t ret;
ret = mldsa_param_vfy_test(WC_ML_DSA_65, ml_dsa_65_pub_key,
(word32)sizeof(ml_dsa_65_pub_key), ml_dsa_65_sig,
(word32)sizeof(ml_dsa_65_sig));
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
if (ret == 0) {
ret = mldsa_param_vfy_test(WC_ML_DSA_65_DRAFT,
ml_dsa_65_draft_pub_key, (word32)sizeof(ml_dsa_65_draft_pub_key),
ml_dsa_65_draft_sig, (word32)sizeof(ml_dsa_65_draft_sig));
}
#endif
return ret;
}
#endif
#ifndef WOLFSSL_NO_ML_DSA_87
static wc_test_ret_t mldsa_param_87_vfy_test(void)
{
WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_pub_key[] = {
0x8a, 0x66, 0xe3, 0x6e, 0x3c, 0x11, 0x70, 0x9f, 0x82, 0xdd, 0xeb, 0x9e,
0xc0, 0xd7, 0x25, 0x87, 0x0c, 0x65, 0x07, 0x9d, 0x47, 0x39, 0x5d, 0x04,
0x42, 0x5c, 0xd6, 0x0a, 0xdc, 0x39, 0x44, 0x04, 0xd9, 0x79, 0x43, 0x87,
0x98, 0x64, 0x88, 0x82, 0x3a, 0x31, 0xbd, 0xec, 0x66, 0xcb, 0x01, 0x90,
0xf9, 0x85, 0xcc, 0xde, 0x54, 0x69, 0x7d, 0x84, 0xb3, 0x84, 0x3c, 0x42,
0x0d, 0x09, 0x63, 0xdb, 0xe6, 0x5d, 0xc2, 0x8a, 0xcf, 0xe1, 0xf4, 0x86,
0x13, 0x05, 0x09, 0x9a, 0x4d, 0x05, 0xd4, 0x31, 0xe7, 0x27, 0x39, 0xfd,
0x3a, 0xdb, 0x63, 0x9f, 0x1c, 0x67, 0x0b, 0x01, 0xec, 0xf9, 0xff, 0xf3,
0xda, 0xa9, 0xf4, 0x9a, 0x59, 0x52, 0x76, 0xc2, 0xd2, 0xd5, 0xdd, 0x8d,
0xb1, 0xa2, 0xef, 0xb3, 0x73, 0x99, 0xe3, 0xcd, 0x1c, 0xf5, 0xca, 0x6e,
0x39, 0xfa, 0x26, 0x83, 0x45, 0xe7, 0xd0, 0x9c, 0x1b, 0xf7, 0xb2, 0x64,
0xf1, 0x70, 0x00, 0x10, 0xc0, 0x7c, 0x7f, 0xb2, 0x32, 0xce, 0x6d, 0x71,
0xa5, 0x43, 0x7c, 0x40, 0x71, 0x09, 0x54, 0x74, 0xac, 0xb5, 0xeb, 0xe0,
0x04, 0x02, 0xe5, 0x82, 0x4d, 0x5a, 0x85, 0x1e, 0x19, 0x86, 0x39, 0x33,
0x92, 0x2f, 0xa9, 0xa8, 0x10, 0xd2, 0x31, 0x60, 0x16, 0x08, 0x99, 0xe3,
0x2c, 0x93, 0x13, 0xc4, 0x4b, 0x10, 0xe0, 0x42, 0xca, 0x3f, 0x32, 0xa7,
0xa4, 0xd2, 0xfc, 0x9c, 0x93, 0xb6, 0x5f, 0xe2, 0x5b, 0x6e, 0x40, 0x0c,
0x63, 0xf8, 0xf8, 0xe1, 0x2d, 0xcd, 0x86, 0x07, 0x79, 0xdb, 0x61, 0xad,
0x24, 0xfd, 0x1e, 0x66, 0x3e, 0x8d, 0x76, 0xba, 0x98, 0x8e, 0x94, 0xc7,
0x57, 0xb1, 0x65, 0xce, 0x4f, 0x97, 0xfa, 0x34, 0x7c, 0x97, 0x6b, 0xcd,
0x3c, 0x42, 0x81, 0xa4, 0xd1, 0x75, 0xeb, 0x6d, 0x0c, 0x31, 0x0e, 0x6f,
0xd5, 0x75, 0xe7, 0xff, 0x83, 0xdd, 0x7a, 0x4d, 0x83, 0x67, 0xa7, 0x4b,
0xc1, 0x74, 0xad, 0x37, 0x38, 0x99, 0xe0, 0xf5, 0x5a, 0x44, 0x36, 0xa2,
0x20, 0x2b, 0xfc, 0xc9, 0xfa, 0x68, 0xcb, 0xf0, 0x6f, 0x0a, 0x46, 0x1d,
0xb5, 0xca, 0x5b, 0x96, 0x1b, 0x3a, 0xaf, 0x7d, 0x01, 0x7a, 0xd2, 0x09,
0xcc, 0xd4, 0xe4, 0xb1, 0x49, 0x34, 0x56, 0x68, 0x9c, 0x0f, 0x23, 0xe9,
0xb3, 0x4b, 0xed, 0x3d, 0xe7, 0x8d, 0x19, 0x6e, 0xe6, 0xfa, 0x06, 0x55,
0xb8, 0x06, 0x4d, 0xa8, 0x45, 0x20, 0x91, 0xf7, 0xfa, 0x0b, 0x6b, 0xce,
0x55, 0xa7, 0x14, 0x1b, 0xf9, 0xea, 0xc5, 0x79, 0x78, 0xf7, 0x3a, 0xd9,
0xfc, 0x07, 0x43, 0x06, 0x90, 0x94, 0x5e, 0xc9, 0x48, 0x51, 0xe5, 0x96,
0x68, 0x78, 0xc8, 0xcb, 0xd1, 0xf3, 0x65, 0xef, 0x14, 0x91, 0xa3, 0xca,
0x8b, 0x77, 0x40, 0x84, 0xf4, 0x2e, 0xe7, 0x56, 0xe3, 0xab, 0xa0, 0xa8,
0x61, 0x93, 0x17, 0x95, 0x9e, 0xff, 0x3a, 0xd4, 0x12, 0xea, 0x13, 0xe6,
0x82, 0x16, 0xed, 0x14, 0x70, 0x91, 0xcc, 0x72, 0x58, 0x99, 0xa1, 0x7f,
0xf3, 0x84, 0x10, 0xf4, 0x01, 0x0d, 0x05, 0x45, 0x4d, 0xca, 0x05, 0x03,
0x75, 0x7e, 0xbb, 0x44, 0x2e, 0xf5, 0xee, 0xed, 0x64, 0x9b, 0xd3, 0xde,
0x3e, 0xfc, 0x31, 0x8c, 0xca, 0x23, 0x66, 0x25, 0xac, 0x5f, 0x0f, 0x33,
0x0f, 0xd2, 0xe9, 0xc9, 0x96, 0x2a, 0xe2, 0xb8, 0xed, 0x93, 0xd3, 0x78,
0xd8, 0x81, 0xe4, 0x52, 0x9a, 0xc6, 0x64, 0x1d, 0x2d, 0x5f, 0x93, 0x9a,
0x2e, 0x73, 0xc4, 0x17, 0xae, 0xc6, 0x08, 0x0d, 0x2d, 0xe9, 0x4b, 0x10,
0x29, 0xa8, 0x4e, 0x8c, 0x08, 0x59, 0x87, 0x10, 0x0d, 0x5d, 0xfa, 0xec,
0xd6, 0x42, 0xf6, 0x5c, 0xa4, 0x0d, 0xaa, 0x64, 0x8e, 0x20, 0xa5, 0x50,
0x9f, 0x0b, 0x85, 0x37, 0x57, 0x15, 0x7c, 0xb1, 0xe4, 0xdd, 0xd5, 0x19,
0x3b, 0x10, 0x7d, 0x22, 0xdb, 0x53, 0x8b, 0x7b, 0x32, 0xf7, 0xf2, 0x24,
0x92, 0xb2, 0x05, 0xd1, 0xfd, 0xfc, 0x11, 0xd6, 0xfd, 0x3c, 0x8d, 0xd7,
0xb0, 0x58, 0x50, 0x06, 0x84, 0x61, 0xa6, 0x78, 0x04, 0x1d, 0x7f, 0x92,
0x0e, 0x8b, 0xb3, 0x63, 0x43, 0xc5, 0x30, 0x4c, 0xce, 0x2b, 0x44, 0x70,
0x53, 0x7c, 0xb5, 0xbd, 0x30, 0xcb, 0x41, 0x19, 0x27, 0x69, 0xfe, 0x41,
0x92, 0xae, 0xf0, 0x37, 0x33, 0xf0, 0x95, 0xe4, 0xe8, 0x4f, 0x75, 0x41,
0x64, 0x87, 0xc5, 0x68, 0xd3, 0xce, 0xfa, 0xaa, 0xe8, 0x59, 0x88, 0xfe,
0x24, 0x46, 0x27, 0x60, 0x71, 0x36, 0x78, 0x66, 0x3c, 0x36, 0x8e, 0xdb,
0x90, 0x67, 0xa5, 0x6a, 0xfe, 0xd3, 0x23, 0x28, 0x91, 0x34, 0x24, 0x67,
0x4b, 0x01, 0x6a, 0x0e, 0x02, 0xb7, 0xf0, 0xa8, 0xd4, 0x76, 0xd5, 0xa8,
0x1c, 0xd3, 0xb3, 0x7d, 0x74, 0xc6, 0x17, 0x96, 0xa7, 0xf9, 0xad, 0x24,
0x36, 0xd2, 0xeb, 0x34, 0x5a, 0xcc, 0x9c, 0x01, 0x99, 0xbe, 0x21, 0x4f,
0x27, 0x9d, 0x6b, 0xca, 0x27, 0x1b, 0x60, 0x51, 0x41, 0x23, 0xe1, 0xcb,
0xfc, 0x17, 0x2e, 0x1a, 0x4d, 0x3d, 0x51, 0xb3, 0x91, 0x8c, 0x53, 0x4d,
0xd7, 0xbc, 0xa4, 0x07, 0xd7, 0x17, 0x19, 0x18, 0x61, 0x38, 0x4e, 0x05,
0x81, 0x3f, 0x43, 0x8a, 0x00, 0x60, 0xdc, 0x30, 0xf4, 0x38, 0x3f, 0x93,
0x82, 0x10, 0x29, 0x73, 0xa9, 0xbd, 0x63, 0x15, 0x7d, 0xac, 0x2e, 0xc9,
0x05, 0xc1, 0x01, 0x41, 0x18, 0x5a, 0xc0, 0xc8, 0xc7, 0x81, 0x69, 0xe7,
0x24, 0x21, 0x57, 0xaf, 0x88, 0x73, 0x7c, 0x53, 0x29, 0xae, 0x5a, 0xdf,
0x76, 0x37, 0x56, 0x4f, 0x1f, 0x6b, 0xfd, 0x71, 0xbb, 0x80, 0x4a, 0xd7,
0x53, 0x50, 0x10, 0x2d, 0xfc, 0x1a, 0xaf, 0x7c, 0x1f, 0xe8, 0xd0, 0x6c,
0xa6, 0x45, 0x3d, 0xb5, 0x3d, 0xb2, 0xfc, 0x97, 0xa9, 0xbf, 0x7c, 0x0f,
0x32, 0x7a, 0xcc, 0xa9, 0x2f, 0xd0, 0xc6, 0xe6, 0xcd, 0x04, 0x1d, 0x71,
0x91, 0xb9, 0x59, 0x4b, 0xad, 0xa0, 0xde, 0x9e, 0xdc, 0x9c, 0x10, 0xeb,
0x8d, 0xd6, 0x65, 0x57, 0xbc, 0x96, 0xfd, 0x0f, 0xcc, 0x73, 0xbe, 0x39,
0x27, 0x99, 0x94, 0xf5, 0xe1, 0xbb, 0x32, 0xcd, 0x27, 0x7e, 0x08, 0xa0,
0xd2, 0x92, 0x39, 0xeb, 0x71, 0xc8, 0xe8, 0x34, 0x57, 0x34, 0x4b, 0x20,
0x3f, 0xe2, 0x68, 0xec, 0xc0, 0x8a, 0x71, 0xa3, 0x16, 0xa2, 0x91, 0x77,
0xde, 0x41, 0x12, 0xa5, 0xf5, 0x2a, 0x63, 0x60, 0x55, 0xd0, 0x33, 0xa4,
0xa7, 0x2e, 0xcb, 0x80, 0x08, 0xe5, 0x76, 0x16, 0x75, 0x04, 0x57, 0xe3,
0x14, 0x71, 0x4e, 0x57, 0x29, 0x23, 0x0e, 0xc0, 0xcc, 0xad, 0xba, 0xdc,
0x96, 0x5d, 0x23, 0x49, 0x42, 0xd8, 0x91, 0x08, 0x0d, 0x52, 0xf4, 0x5f,
0xcd, 0xb7, 0x03, 0xaa, 0x73, 0x26, 0xa8, 0xd5, 0x5b, 0x0c, 0x85, 0xc8,
0x84, 0x50, 0x9e, 0x70, 0x18, 0x45, 0x27, 0x82, 0x20, 0x75, 0xad, 0x52,
0x5c, 0x80, 0x4b, 0xb1, 0x0b, 0x3b, 0x30, 0x39, 0x02, 0x54, 0x18, 0x5d,
0x02, 0x9e, 0x85, 0x31, 0x4a, 0x07, 0x9c, 0x59, 0x5d, 0xab, 0x13, 0x4f,
0x8f, 0x6e, 0x39, 0x20, 0xb2, 0xc5, 0x31, 0x93, 0xc6, 0xcc, 0xfb, 0xdc,
0x15, 0xba, 0x3d, 0xcc, 0xbb, 0xd2, 0x6f, 0x04, 0x21, 0xdf, 0x0b, 0x27,
0x5c, 0xd2, 0x6e, 0xfa, 0xda, 0x86, 0x5d, 0xe4, 0xca, 0xa4, 0x90, 0x22,
0xa2, 0x80, 0xb5, 0x33, 0x17, 0xdb, 0x9b, 0x7b, 0x0a, 0xcc, 0x0f, 0x9b,
0x38, 0x06, 0xdf, 0x10, 0x11, 0xa1, 0xd7, 0x2c, 0x24, 0xf0, 0xa8, 0x34,
0x24, 0xfb, 0x99, 0xba, 0x0a, 0xb5, 0xa1, 0x94, 0x6c, 0x2d, 0xf8, 0xda,
0x74, 0xaf, 0x19, 0x59, 0x84, 0xb2, 0x68, 0x1c, 0xef, 0xa1, 0xf5, 0x18,
0x8f, 0x10, 0xf6, 0xb3, 0x6d, 0x33, 0x87, 0xe0, 0x25, 0xc8, 0x65, 0x5c,
0x2f, 0x51, 0x07, 0x83, 0x69, 0x1b, 0xce, 0xa8, 0xe6, 0xe4, 0x27, 0x62,
0x5d, 0x9b, 0x7f, 0xa7, 0x07, 0xc8, 0x54, 0x86, 0x90, 0xa5, 0x06, 0x6a,
0x94, 0x80, 0x84, 0x97, 0xaa, 0x2a, 0xb9, 0x79, 0xe5, 0x19, 0x7a, 0x91,
0xef, 0x8b, 0x58, 0xdc, 0xf9, 0x90, 0x94, 0xa2, 0x25, 0x4c, 0x69, 0xd8,
0x6e, 0x9e, 0xad, 0xf8, 0x82, 0x17, 0x37, 0xc9, 0x20, 0x15, 0x24, 0x40,
0xe5, 0xc6, 0xc1, 0xc7, 0xbd, 0xd4, 0x62, 0xff, 0x16, 0x6d, 0xa5, 0xec,
0xe9, 0x67, 0x41, 0x9d, 0x3e, 0xfb, 0x22, 0x81, 0x80, 0x61, 0x37, 0x45,
0xa5, 0x9f, 0x70, 0xff, 0xd4, 0x99, 0x3d, 0x79, 0x45, 0xd0, 0x27, 0xc2,
0x32, 0xbe, 0xd4, 0xe2, 0x53, 0xa8, 0x8c, 0x94, 0x8b, 0xbe, 0x8a, 0x43,
0xf7, 0x2a, 0x28, 0x49, 0xf4, 0xce, 0x2e, 0x0b, 0x98, 0xc7, 0xaf, 0x7d,
0x51, 0x2e, 0xda, 0xd0, 0x7a, 0xfa, 0x91, 0x3a, 0xe6, 0xe7, 0x64, 0xd6,
0x09, 0xd8, 0x5d, 0x6a, 0x97, 0xcf, 0x89, 0x96, 0x72, 0x21, 0x97, 0x61,
0xc5, 0x1b, 0xd8, 0xa1, 0xf0, 0xcd, 0x9d, 0xe4, 0xe9, 0x13, 0xd0, 0x16,
0x41, 0x20, 0xa4, 0x2c, 0x33, 0xf5, 0x3d, 0xfe, 0x80, 0xe8, 0xb2, 0x52,
0x0e, 0x18, 0x31, 0x19, 0x50, 0xeb, 0xc6, 0x99, 0x43, 0xab, 0x9a, 0x59,
0x5d, 0x6c, 0x84, 0x00, 0x88, 0x45, 0x7c, 0x73, 0xdf, 0x56, 0x61, 0x3a,
0xe1, 0x55, 0xb8, 0x59, 0x13, 0xcc, 0x0e, 0x53, 0xe9, 0xf4, 0x74, 0xa0,
0xf2, 0x15, 0xd2, 0xa8, 0xf9, 0xd4, 0x0d, 0x3d, 0xe7, 0x3d, 0x7d, 0x5b,
0x19, 0x89, 0x8b, 0x2c, 0x4d, 0x8a, 0xeb, 0xc3, 0x43, 0x31, 0x9a, 0x45,
0x72, 0x5b, 0x25, 0xb6, 0xa2, 0xc1, 0x98, 0xe3, 0x8a, 0xd4, 0x90, 0xd0,
0x3e, 0x13, 0xf0, 0xd7, 0x90, 0x34, 0x94, 0xcc, 0xf1, 0x0a, 0xa9, 0x30,
0xd1, 0x95, 0x43, 0x07, 0xcd, 0xd2, 0xca, 0xb0, 0xe5, 0xd4, 0xf1, 0xa1,
0xc5, 0x9b, 0xf4, 0x98, 0x28, 0xba, 0xde, 0x40, 0xd6, 0x98, 0x98, 0x20,
0x9c, 0x84, 0x9e, 0xc6, 0x57, 0xd8, 0x84, 0xc4, 0xa2, 0x9b, 0x53, 0x50,
0xa5, 0xa6, 0x0b, 0x47, 0xe8, 0x08, 0x7d, 0xd7, 0x09, 0xa4, 0x0c, 0x2b,
0x27, 0xde, 0xf9, 0x78, 0xbc, 0xa4, 0xb6, 0xc6, 0x1b, 0xda, 0xce, 0x6a,
0xf8, 0x1a, 0xf5, 0xfe, 0x7b, 0xab, 0x58, 0x7c, 0xdc, 0x72, 0x02, 0x94,
0x99, 0xf0, 0x3c, 0x37, 0x87, 0x5b, 0xd2, 0x4b, 0x5a, 0x80, 0x83, 0xd7,
0xfc, 0x9d, 0xa7, 0x51, 0x81, 0xb8, 0x62, 0xff, 0x4b, 0xb3, 0x9f, 0x07,
0xc3, 0x54, 0xfb, 0x41, 0x85, 0x42, 0x9d, 0xac, 0x27, 0x81, 0x2e, 0xaf,
0x98, 0x67, 0x8c, 0x23, 0xad, 0x45, 0xfe, 0x6a, 0x57, 0x9f, 0x18, 0xc5,
0x71, 0x8c, 0xad, 0x3f, 0x30, 0x3c, 0xaa, 0x47, 0x8d, 0xba, 0xc8, 0x7f,
0x03, 0x1c, 0x86, 0xee, 0xba, 0x3f, 0x59, 0x45, 0xd4, 0xd0, 0xf5, 0x54,
0x9e, 0xcb, 0x08, 0xcf, 0xca, 0x40, 0x0a, 0x06, 0xc0, 0x1e, 0x60, 0x1f,
0x33, 0xbf, 0x2c, 0xa8, 0x5f, 0xce, 0x23, 0xa0, 0xe2, 0x1c, 0x2d, 0x56,
0x2a, 0x44, 0x61, 0x58, 0xf1, 0x84, 0x63, 0x4f, 0x0d, 0x5e, 0xfb, 0x83,
0x0f, 0x36, 0x1b, 0xf4, 0x8f, 0x17, 0x82, 0x2e, 0x04, 0x2c, 0x77, 0x9d,
0x32, 0x58, 0xb8, 0xb0, 0xf9, 0x44, 0xd2, 0xf6, 0x84, 0xa4, 0x8b, 0x28,
0x53, 0xd6, 0x99, 0x81, 0x84, 0x43, 0xf0, 0xc1, 0x15, 0xc6, 0x74, 0x4f,
0xab, 0x05, 0xcc, 0x80, 0xdf, 0xef, 0xcf, 0xaf, 0x14, 0x82, 0xdf, 0x51,
0x7c, 0x28, 0x5e, 0x5b, 0x27, 0x5e, 0x91, 0x8b, 0x54, 0x3d, 0x54, 0x26,
0xb0, 0x3f, 0xd7, 0xc5, 0xce, 0xf3, 0x6d, 0x2c, 0x12, 0xc6, 0xb4, 0x48,
0x60, 0x11, 0x9c, 0xef, 0x29, 0x98, 0x9c, 0x76, 0x4e, 0x73, 0x2b, 0xd2,
0x23, 0x53, 0x7d, 0x03, 0xc2, 0x2f, 0x8a, 0xa1, 0xe2, 0x84, 0x54, 0x2d,
0xd8, 0xc6, 0x55, 0x77, 0x9d, 0x07, 0x67, 0x1f, 0x1a, 0xd3, 0x57, 0x4c,
0x25, 0x79, 0x8f, 0xd8, 0x82, 0xc2, 0x4d, 0x87, 0x84, 0x33, 0xdc, 0x47,
0xed, 0x9e, 0xfb, 0xd2, 0x62, 0xc8, 0x50, 0x76, 0xda, 0x3c, 0x3c, 0x05,
0x0e, 0x2d, 0x30, 0x56, 0xca, 0x4d, 0x6a, 0xe2, 0x17, 0x24, 0x26, 0x9c,
0xff, 0x09, 0xec, 0xb3, 0x94, 0xec, 0xab, 0x69, 0xb2, 0xf0, 0xa5, 0x66,
0x18, 0x92, 0x49, 0x6b, 0x90, 0xf5, 0x77, 0x5a, 0x18, 0xe5, 0x51, 0x36,
0x4a, 0x35, 0x54, 0x98, 0x48, 0x04, 0xa9, 0x0f, 0xcb, 0x55, 0xf1, 0x71,
0xad, 0x1a, 0x4a, 0x2c, 0x0e, 0x5d, 0x5e, 0x77, 0x47, 0xf5, 0x46, 0x17,
0x6b, 0x94, 0x2a, 0xbc, 0x40, 0xe5, 0xa7, 0xa6, 0x88, 0x41, 0x76, 0x22,
0x47, 0xd1, 0xe8, 0x2b, 0x18, 0x48, 0x21, 0xc0, 0xe8, 0x4f, 0xe2, 0xb2,
0x7e, 0x03, 0xbb, 0x25, 0x9c, 0xc8, 0x68, 0x66, 0x48, 0x25, 0x6a, 0xf2,
0x64, 0x29, 0xec, 0x79, 0xba, 0xdb, 0x34, 0xe1, 0xd4, 0xf9, 0x52, 0x0e,
0xfd, 0x8d, 0x86, 0x94, 0x71, 0xd8, 0xe0, 0x86, 0x02, 0x9b, 0xd4, 0x65,
0x69, 0x5e, 0x01, 0x32, 0x87, 0x59, 0xd8, 0x6c, 0xbc, 0x8a, 0x9f, 0x58,
0x28, 0x8c, 0x97, 0xef, 0x33, 0xb2, 0xda, 0x45, 0xa0, 0xec, 0xe5, 0x5b,
0xac, 0xc6, 0x65, 0xc1, 0xb6, 0xcb, 0xf7, 0x85, 0x0e, 0xfa, 0x78, 0x36,
0x30, 0x84, 0x90, 0xa8, 0xf8, 0x42, 0x25, 0xa5, 0xdd, 0xdc, 0xdc, 0x89,
0xd3, 0xf0, 0x73, 0x9a, 0xd8, 0x95, 0x8f, 0x04, 0xbf, 0xc1, 0xfd, 0x94,
0xff, 0xe6, 0xf8, 0x4e, 0xc6, 0x43, 0xc9, 0x60, 0x30, 0xe9, 0x68, 0xa8,
0x76, 0xfb, 0xfa, 0xdf, 0xc0, 0x9b, 0xbc, 0xbc, 0x34, 0xe4, 0x38, 0xfd,
0x93, 0xb0, 0x47, 0xb2, 0x3e, 0x83, 0x6c, 0xef, 0xe1, 0xaf, 0x35, 0xb4,
0x90, 0x2a, 0x32, 0xaf, 0x25, 0x3f, 0x3e, 0x72, 0x61, 0xc0, 0x0f, 0x29,
0xbb, 0x46, 0x6e, 0x2e, 0x94, 0x7d, 0xdd, 0xb7, 0x67, 0x1f, 0x7b, 0x64,
0xcb, 0xa5, 0x9a, 0x58, 0x63, 0x20, 0xa7, 0xc0, 0x94, 0xa9, 0xad, 0x90,
0x7d, 0xf3, 0x2b, 0x61, 0x2b, 0x64, 0x3d, 0x8a, 0xc3, 0xd1, 0xcb, 0xad,
0x36, 0x44, 0xe6, 0x29, 0x8b, 0x3d, 0x95, 0x7c, 0xa7, 0xa2, 0xfa, 0x1b,
0x16, 0x8d, 0x9e, 0xc4, 0xf8, 0x4c, 0x76, 0x20, 0x00, 0x68, 0x07, 0x99,
0x9c, 0x60, 0xe6, 0x16, 0x6a, 0x6f, 0x8a, 0xbe, 0x71, 0x95, 0xa1, 0xcb,
0xfe, 0x7c, 0x41, 0x59, 0x61, 0x20, 0xf9, 0x54, 0x3c, 0xb1, 0x19, 0x5c,
0x42, 0x67, 0x3f, 0xff, 0xf3, 0x32, 0x21, 0x9c, 0x9e, 0x88, 0xf9, 0x97,
0x00, 0x43, 0x73, 0x4a, 0xfc, 0x54, 0xeb, 0x27, 0x79, 0x14, 0x85, 0xd3,
0xdc, 0x47, 0xb3, 0x6d, 0x24, 0xd3, 0xf7, 0x7a, 0xfb, 0x90, 0x7c, 0x6e,
0xcd, 0x4e, 0xbf, 0x26, 0x76, 0xd2, 0xe8, 0xcc, 0x67, 0xd1, 0x23, 0x3c,
0x94, 0x16, 0x1e, 0x07, 0x36, 0x7c, 0x96, 0xf6, 0xe8, 0x50, 0x72, 0x26,
0x56, 0x67, 0x89, 0xa9, 0x11, 0xfb, 0x1d, 0xb8, 0xb9, 0x2a, 0x55, 0xb7,
0x85, 0xf7, 0x40, 0xa2, 0xfc, 0x9f, 0x30, 0xec, 0x8f, 0x9a, 0x1c, 0xc8,
0xe4, 0xc5, 0x1f, 0xcb, 0x0a, 0x60, 0x80, 0x41, 0xec, 0x88, 0x8a, 0xda,
0x7c, 0x7a, 0xa1, 0x96, 0x51, 0x62, 0x16, 0x63, 0x75, 0x36, 0x28, 0x7c,
0xc9, 0xd0, 0x27, 0x0c, 0x9e, 0x18, 0x4a, 0x82, 0xf7, 0x02, 0xb9, 0x40,
0x8f, 0xd5, 0x97, 0x7a, 0x35, 0xa9, 0x3a, 0xb3, 0x8b, 0x6b, 0xf1, 0x9a,
0xd1, 0xe7, 0x14, 0x38, 0x5e, 0xba, 0x8c, 0xbf, 0x32, 0xaa, 0x34, 0x30,
0x7c, 0x1e, 0x11, 0xcd, 0x1f, 0x9f, 0xcf, 0x4d, 0x14, 0xce, 0x67, 0xf9,
0x9c, 0x89, 0x07, 0x92, 0x44, 0x6e, 0x9a, 0x16, 0xe4, 0xfb, 0x67, 0x01,
0x3f, 0x4c, 0x14, 0x89, 0x33, 0x87, 0x46, 0xc6, 0xe4, 0x66, 0x94, 0xd4,
0x87, 0x4f, 0x2c, 0x92, 0x1b, 0xae, 0x82, 0xe7, 0x99, 0xaa, 0xb4, 0x99,
0x81, 0x26, 0xa6, 0x6f, 0x1d, 0xc1, 0x95, 0x80, 0xe9, 0xea, 0xe3, 0x44,
0x6a, 0x2b, 0xd2, 0xe0, 0x0d, 0x69, 0x42, 0xf7, 0x27, 0x6b, 0x4f, 0x02,
0x7a, 0x33, 0x7b, 0x43, 0x3d, 0xef, 0x10, 0xaa, 0xab, 0xc5, 0xa2, 0xf0,
0xbb, 0x07, 0x4b, 0x26, 0x0c, 0x58, 0xcd, 0x3b, 0xd2, 0x6d, 0xa5, 0x32,
0x37, 0x88, 0x4e, 0x8b, 0xe3, 0x75, 0xb0, 0xbb, 0x87, 0xea, 0xa4, 0x53,
0xf3, 0xff, 0x39, 0x92, 0x44, 0xab, 0x7b, 0x71, 0x62, 0x31, 0x6b, 0x31,
0xca, 0x97, 0xba, 0xd7, 0x41, 0xe0, 0x47, 0x47, 0x4f, 0x77, 0xa2, 0x35,
0x62, 0x7a, 0xc1, 0xb6, 0x69, 0x10, 0x09, 0xce, 0xfc, 0x92, 0xcc, 0xc5,
0x7a, 0x11, 0xf1, 0xc1, 0xa0, 0x80, 0xe5, 0x42, 0x17, 0xb6, 0x3f, 0xab,
0xc1, 0xa2, 0x41, 0xfb, 0xe3, 0x98, 0x2d, 0x7a, 0xe4, 0x1b, 0x1f, 0x7e,
0x71, 0x3c, 0x3e, 0x90, 0x8c, 0x60, 0x30, 0xb7, 0x73, 0x06, 0x1f, 0x8a,
0xce, 0x50, 0x20, 0x7c, 0xfa, 0x8c, 0xf2, 0x14, 0xd9, 0x00, 0xa2, 0x21,
0xea, 0x10, 0x36, 0x21, 0x6f, 0x7f, 0x13, 0xe3, 0x6c, 0xb2, 0xd6, 0xa5,
0xa6, 0x6e, 0xa9, 0xe7, 0x1d, 0xdf, 0xc9, 0x97, 0x60, 0x75, 0xa3, 0x55,
0xa1, 0x2c, 0x94, 0xd7, 0x85, 0x4b, 0x44, 0xc6, 0x9c, 0x17, 0xc2, 0xad,
0xe6, 0x56, 0x72, 0x1d, 0xb9, 0x13, 0x54, 0xfe, 0x8c, 0xec, 0xf4, 0xa3,
0x54, 0x6b, 0x31, 0xbc, 0x55, 0x9e, 0x01, 0xd4, 0x9b, 0x24, 0x9e, 0x51,
0xaf, 0x67, 0x76, 0x02, 0xf7, 0x34, 0x6a, 0xaa, 0xb0, 0x3c, 0x70, 0x2e,
0xc8, 0x86, 0xfa, 0x40, 0x89, 0x12, 0xb7, 0x49, 0x38, 0x0b, 0xf7, 0x66,
0xd2, 0x2e, 0x58, 0xf1, 0x22, 0x3b, 0xb3, 0x40, 0x6b, 0x7a, 0x68, 0x4d,
0x42, 0xfd, 0xbf, 0xa0, 0xf7, 0x2f, 0x63, 0x4a, 0x87, 0xe7, 0x99, 0x52,
0x6e, 0xe7, 0xdd, 0xca, 0x19, 0x71, 0xee, 0x92, 0xe2, 0x68, 0x0e, 0xe1,
0xb7, 0x90, 0x1f, 0xc4, 0xef, 0xf8, 0xf6, 0x85, 0x53, 0x18, 0x33, 0x86,
0x15, 0xc8, 0x29, 0x58, 0x6f, 0xf0, 0x1c, 0x14, 0x73, 0xa9, 0x8e, 0x88,
0x74, 0xd4, 0x21, 0xf5, 0xc6, 0x7c, 0xd8, 0x96, 0x0f, 0xb0, 0xa6, 0x7b,
0xf7, 0x72, 0x15, 0xd7, 0x30, 0x6b, 0x15, 0x1d, 0x3f, 0xb7, 0x4e, 0xaa,
0xc0, 0x52, 0x1d, 0x84, 0xbf, 0x98, 0xbd, 0x33, 0x02, 0xab, 0x8b, 0xd0,
0x9c, 0x85, 0x2f, 0xa3, 0xfb, 0x46, 0x8d, 0x4d, 0x97, 0x1a, 0x8a, 0x3c,
0x73, 0x5b, 0x3b, 0x58, 0x26, 0xba, 0x6b, 0x45, 0x2e, 0x24, 0x66, 0x79,
0x7d, 0xc4, 0xf8, 0x8c, 0x05, 0x7d, 0x5c, 0x23, 0xb9, 0xe8, 0x5d, 0xfe,
0xc9, 0x84, 0xe5, 0x58, 0x40, 0xa4, 0xb7, 0x55, 0x74, 0x69, 0x92, 0x9c,
0x3e, 0x19, 0xb1, 0xb6, 0x51, 0xe9, 0x71, 0xcc, 0x96, 0x2b, 0x01, 0x71,
0xf5, 0xb9, 0xde, 0x77, 0xfe, 0x2e, 0x74, 0x9c, 0x6a, 0x52, 0x17, 0x1e,
0xea, 0xd9, 0xc8, 0x14, 0xbe, 0x61, 0xdf, 0xe9, 0x96, 0x24, 0x5a, 0x9a,
0xd8, 0xd7, 0xad, 0x71, 0xe0, 0xf4, 0xbb, 0x9e, 0xae, 0x95, 0xcd, 0x58,
0x94, 0x81, 0xee, 0x46, 0x84, 0x65, 0x39, 0xb1, 0x1b, 0x1e, 0xf5, 0x50,
0xad, 0x56, 0x58, 0xb7, 0x53, 0x9b, 0x2a, 0x2f, 0x09, 0x61, 0x57, 0xda,
0xf5, 0xdc, 0x9f, 0x3c, 0x6c, 0x69, 0x0d, 0x61, 0x49, 0xb2, 0xe0, 0xb2,
0xe5, 0xef, 0x19, 0xbe, 0x04, 0xf6, 0x6b, 0xad, 0x41, 0x4c, 0x5a, 0x50,
0xf6, 0xac, 0x1b, 0x25, 0x8a, 0xdd, 0xe3, 0x57, 0xab, 0x7c, 0x92, 0xe4
};
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_draft_pub_key[] = {
0xef, 0x49, 0x79, 0x47, 0x15, 0xc4, 0x8a, 0xa9, 0x74, 0x2a,
0xf0, 0x36, 0x94, 0x5c, 0x91, 0x1c, 0x5d, 0xff, 0x2c, 0x83,
0xf2, 0x8b, 0x04, 0xfc, 0x5d, 0x64, 0xbd, 0x49, 0x73, 0xcd,
0xcc, 0x99, 0x50, 0x5f, 0x2b, 0x16, 0x3a, 0xbb, 0x98, 0xc0,
0xa7, 0x69, 0x0e, 0x95, 0x99, 0x0b, 0xa2, 0x6c, 0xfe, 0x6c,
0xdb, 0xc8, 0xa7, 0x09, 0x46, 0x6c, 0x90, 0x50, 0xa4, 0x75,
0x30, 0xf7, 0x90, 0xac, 0x31, 0xb6, 0xdd, 0x21, 0xaf, 0xc6,
0xf9, 0xfe, 0xee, 0xc6, 0x5b, 0xa8, 0x8f, 0x0a, 0x2e, 0xd0,
0x42, 0xab, 0xa8, 0x3c, 0x8d, 0xbf, 0xf7, 0x44, 0xbd, 0x0d,
0xcf, 0xf4, 0x68, 0xfc, 0x16, 0x67, 0xf7, 0x39, 0x48, 0x5f,
0x56, 0xd1, 0xe7, 0x1f, 0x49, 0x80, 0x50, 0xbe, 0x54, 0xd1,
0xb7, 0xc9, 0xd2, 0x32, 0xc7, 0x08, 0x8c, 0xde, 0x2c, 0x31,
0xf6, 0x1d, 0xc7, 0xac, 0xb3, 0x79, 0xd7, 0x4b, 0x1b, 0x23,
0x89, 0x0a, 0xdc, 0x8e, 0x44, 0x41, 0x14, 0x28, 0x99, 0x13,
0xb3, 0x26, 0xa6, 0x0e, 0x83, 0x60, 0xaa, 0x8d, 0x7c, 0x23,
0x13, 0xba, 0x6c, 0x28, 0x90, 0x56, 0x84, 0xa1, 0x23, 0x8b,
0x81, 0x20, 0x97, 0x7c, 0x66, 0x3f, 0xed, 0x5d, 0xd0, 0xe4,
0x5d, 0xee, 0x46, 0xbc, 0x4b, 0x3c, 0x03, 0xb5, 0xbc, 0x4d,
0x8d, 0x37, 0xa3, 0x56, 0x4b, 0x33, 0xad, 0xef, 0xd4, 0xb6,
0xec, 0xdb, 0x04, 0x9a, 0x19, 0x58, 0x57, 0xd8, 0x00, 0x3a,
0x92, 0x61, 0x0c, 0x0b, 0xc8, 0x52, 0xe5, 0x04, 0x02, 0x9a,
0x00, 0x7e, 0xec, 0x7e, 0x94, 0xaa, 0xef, 0x2d, 0x7f, 0xb6,
0x2e, 0x7c, 0xb0, 0x73, 0xa2, 0x20, 0xc0, 0x07, 0x30, 0x41,
0x50, 0x20, 0x14, 0x18, 0x21, 0x5e, 0x2a, 0x6f, 0x70, 0x21,
0xd6, 0x97, 0x13, 0xb9, 0xc1, 0x9e, 0x90, 0x67, 0xcc, 0x55,
0x8a, 0xec, 0xec, 0x0a, 0x1e, 0x90, 0xdc, 0x3f, 0xb0, 0x4d,
0xd1, 0x18, 0xea, 0x4f, 0xcb, 0x5d, 0x15, 0x4c, 0xb8, 0x35,
0x9b, 0x34, 0x24, 0x30, 0x06, 0x53, 0x17, 0xf0, 0xbe, 0x27,
0x36, 0xb3, 0x04, 0x6a, 0xbd, 0xbf, 0xa7, 0x39, 0xee, 0xa9,
0x8f, 0x0e, 0x98, 0xc5, 0xf5, 0x9f, 0x46, 0x25, 0x93, 0xc9,
0xf2, 0xf6, 0x2b, 0x8e, 0x92, 0x06, 0x01, 0x3d, 0x81, 0x18,
0xf2, 0xec, 0xf1, 0x05, 0x4c, 0xad, 0x4b, 0xcb, 0x98, 0xa4,
0xb5, 0x61, 0x20, 0xda, 0x81, 0xa1, 0xfb, 0x92, 0x4c, 0xaf,
0x87, 0x6f, 0x6e, 0xd2, 0x57, 0xec, 0xcd, 0x94, 0xb3, 0x79,
0xbf, 0x59, 0x88, 0x17, 0x81, 0xce, 0x8a, 0x57, 0xce, 0x57,
0xae, 0x3e, 0x82, 0x81, 0x2f, 0x83, 0x61, 0xd8, 0xf9, 0x68,
0x21, 0xe7, 0x72, 0x5b, 0xd6, 0x80, 0x55, 0x68, 0x5d, 0x67,
0x15, 0x0c, 0x8b, 0xdc, 0x4f, 0xc3, 0x89, 0x36, 0x3c, 0xac,
0xaf, 0x16, 0x5e, 0x1c, 0xfa, 0x68, 0x74, 0x6a, 0xab, 0x68,
0xd8, 0x59, 0x96, 0x2d, 0x33, 0x62, 0xe4, 0xbd, 0xb3, 0xb7,
0x4d, 0x88, 0x35, 0xb8, 0xed, 0xb2, 0x16, 0x85, 0x97, 0x08,
0x71, 0x71, 0x39, 0x7e, 0x0c, 0x53, 0x16, 0xda, 0x38, 0xe5,
0x28, 0x09, 0x9c, 0xd9, 0x46, 0xec, 0x68, 0xda, 0x8d, 0xd0,
0xad, 0xb2, 0x79, 0x28, 0x3b, 0x1e, 0x12, 0xc9, 0xdf, 0xa9,
0x6d, 0x3d, 0x29, 0x99, 0x2f, 0x53, 0xc2, 0xd0, 0xf9, 0x88,
0x26, 0x94, 0x47, 0xaf, 0xf6, 0x96, 0xf3, 0xe1, 0x11, 0xa6,
0x82, 0x3d, 0x43, 0x3f, 0x1f, 0xbc, 0xf6, 0x98, 0xbe, 0xff,
0x06, 0x86, 0x61, 0x27, 0xdc, 0x91, 0x54, 0xd4, 0xfc, 0x68,
0x83, 0xe8, 0x35, 0x3e, 0xee, 0x94, 0x59, 0x28, 0x2f, 0xde,
0xdd, 0x03, 0x60, 0x66, 0xc1, 0x49, 0x57, 0xdd, 0xbc, 0xd5,
0x0a, 0x67, 0x34, 0xf1, 0xa6, 0x0a, 0x57, 0x94, 0x65, 0x02,
0x2c, 0x52, 0x43, 0x70, 0x3b, 0xc1, 0x9a, 0xff, 0xda, 0x6f,
0xb9, 0x54, 0x47, 0x01, 0xda, 0x27, 0xe4, 0x48, 0x4a, 0x90,
0x9f, 0xb5, 0xc3, 0xee, 0x0e, 0x09, 0x57, 0xfe, 0x48, 0x51,
0x08, 0x34, 0x5e, 0x8f, 0x16, 0xc9, 0x0b, 0x74, 0xd9, 0x7d,
0x22, 0x3f, 0xd6, 0xb7, 0x5d, 0xd6, 0x76, 0x00, 0x8d, 0x4e,
0x78, 0x73, 0x86, 0xd6, 0xdb, 0x2a, 0x65, 0xab, 0xdf, 0xb0,
0xea, 0x11, 0xad, 0xdf, 0xba, 0x43, 0xdb, 0xa8, 0x0a, 0xfb,
0x04, 0x38, 0x81, 0x2b, 0xa3, 0x29, 0xfc, 0x95, 0x73, 0x9a,
0x0c, 0x6c, 0x9e, 0xcd, 0xdc, 0xcf, 0x0a, 0x0c, 0x18, 0x41,
0x6f, 0x1d, 0xa3, 0xf6, 0x12, 0x4c, 0x13, 0xf2, 0x02, 0xc6,
0x50, 0x99, 0x86, 0x73, 0xa7, 0xf9, 0x7e, 0x84, 0x7f, 0x4c,
0x00, 0xce, 0x2e, 0x21, 0x76, 0x8e, 0x17, 0x7a, 0x87, 0x6f,
0x81, 0xe6, 0xc0, 0x52, 0xa5, 0xa0, 0x3c, 0x54, 0x3c, 0xec,
0xb0, 0x9d, 0x1c, 0x3b, 0xec, 0xe5, 0x4e, 0x4a, 0x37, 0xe7,
0xd5, 0xa9, 0x07, 0x87, 0x23, 0x28, 0x5d, 0x3d, 0x22, 0x02,
0x79, 0x40, 0x3f, 0x2d, 0x40, 0xc9, 0xe5, 0xa6, 0x9b, 0xa8,
0xb8, 0x76, 0xf6, 0x77, 0x5b, 0x8d, 0x72, 0x96, 0x3e, 0x13,
0xbf, 0x76, 0xfa, 0x7b, 0xb7, 0x82, 0x5f, 0xe7, 0x9d, 0x54,
0x0e, 0x05, 0x1a, 0x9f, 0xa4, 0x42, 0xa5, 0xb4, 0x93, 0x23,
0x06, 0x59, 0x43, 0xa8, 0xe8, 0x5c, 0xfc, 0x18, 0x97, 0xdb,
0xad, 0x9a, 0x80, 0x0a, 0xf2, 0x20, 0x50, 0xac, 0xc1, 0x13,
0x3e, 0x98, 0x09, 0xde, 0xf2, 0x70, 0x9e, 0x14, 0xc2, 0x5c,
0xec, 0x65, 0x07, 0x0b, 0xfa, 0x02, 0x5c, 0xf8, 0x71, 0xaa,
0x9b, 0x45, 0x62, 0xe2, 0x27, 0xaf, 0x77, 0xf8, 0xe3, 0xeb,
0x7b, 0x24, 0x7b, 0x3c, 0x67, 0xc2, 0x6d, 0x6e, 0x17, 0xae,
0x6e, 0x86, 0x6f, 0x98, 0xc9, 0xac, 0x13, 0x9f, 0x87, 0x64,
0x3d, 0x4d, 0x6f, 0xa0, 0xb3, 0x39, 0xc6, 0x68, 0x1b, 0xa7,
0xeb, 0x3e, 0x0f, 0x6b, 0xc7, 0xa4, 0xe2, 0x20, 0x27, 0x75,
0x3f, 0x09, 0x16, 0xff, 0x1a, 0xcc, 0xa7, 0xc4, 0x6d, 0xc2,
0xfc, 0xc3, 0x0b, 0x37, 0x63, 0xff, 0x9b, 0x10, 0xe6, 0x00,
0xf7, 0x18, 0x43, 0x9f, 0x07, 0x50, 0x31, 0x51, 0xd4, 0xfd,
0xad, 0xa2, 0x0f, 0x77, 0xda, 0x41, 0xc1, 0x0a, 0x6f, 0x86,
0xd7, 0xdc, 0x8a, 0x52, 0xd6, 0xa1, 0x27, 0xdb, 0x14, 0x67,
0x26, 0x91, 0xb3, 0xcd, 0x01, 0x5f, 0x60, 0xa1, 0x7f, 0x43,
0x15, 0x1a, 0x82, 0x0f, 0xd3, 0x66, 0x5f, 0x60, 0x57, 0x2f,
0xb2, 0x8c, 0x27, 0x2a, 0x9d, 0x1b, 0xf9, 0xf2, 0x59, 0x20,
0x39, 0xd9, 0xc5, 0xaf, 0xf2, 0x36, 0x8c, 0x58, 0x00, 0x1b,
0xd0, 0xc5, 0x8e, 0x1a, 0x49, 0xa8, 0x60, 0xbe, 0xd1, 0xd7,
0x2a, 0xb0, 0xc2, 0xab, 0x58, 0x8a, 0x7a, 0xa9, 0x41, 0x68,
0x70, 0xbd, 0xea, 0x73, 0xa5, 0x03, 0x11, 0xb2, 0x27, 0xd9,
0xcd, 0xf5, 0x09, 0xe8, 0x1c, 0xe2, 0x4f, 0x50, 0x6a, 0x84,
0x34, 0x62, 0x2e, 0x36, 0xaa, 0x4c, 0xc1, 0x83, 0x78, 0x98,
0x35, 0x7a, 0x27, 0x7e, 0xfe, 0xf1, 0x6f, 0x59, 0x27, 0x35,
0x73, 0xce, 0x74, 0xaa, 0xb4, 0x72, 0x82, 0xa8, 0xe2, 0x81,
0x7a, 0x6b, 0xca, 0x33, 0xa5, 0xda, 0xa2, 0x63, 0xca, 0x2e,
0x90, 0x03, 0x32, 0xec, 0x63, 0xdb, 0x52, 0x7b, 0x16, 0xfc,
0x01, 0x2d, 0x30, 0x12, 0x1e, 0xf9, 0xa3, 0x72, 0x21, 0x3c,
0x75, 0x0c, 0x61, 0x9c, 0x7e, 0x73, 0x04, 0x71, 0x41, 0x45,
0x5d, 0x7f, 0x49, 0x1c, 0x09, 0x08, 0xa4, 0xec, 0x2f, 0xfd,
0xc4, 0xfb, 0x59, 0x6a, 0x27, 0x7a, 0xd4, 0xfc, 0x5f, 0x20,
0x04, 0x34, 0x7d, 0x08, 0xed, 0x82, 0x5a, 0x90, 0xe1, 0xab,
0xfd, 0x35, 0x3a, 0x8d, 0xbb, 0x0a, 0x9d, 0x73, 0xff, 0x69,
0xe5, 0xe9, 0x09, 0x55, 0x14, 0xd9, 0x7b, 0x6f, 0x0d, 0x99,
0xd2, 0x7e, 0x71, 0xf8, 0x4f, 0x72, 0x2f, 0xbb, 0xc6, 0xc4,
0x36, 0xc9, 0x01, 0xd3, 0x9b, 0x94, 0xab, 0x41, 0x0f, 0x4a,
0x61, 0x5c, 0x68, 0xe5, 0xd7, 0x0d, 0x94, 0xaa, 0xee, 0xba,
0x95, 0xcb, 0x8c, 0x0e, 0x85, 0x3a, 0x02, 0x6b, 0x95, 0x50,
0xfd, 0x02, 0xfd, 0xa4, 0x58, 0x29, 0x78, 0x4f, 0xd0, 0xae,
0x66, 0xd6, 0x5c, 0xe7, 0x45, 0xfe, 0x98, 0xb0, 0xa3, 0xe2,
0x87, 0xc0, 0xd2, 0x81, 0x08, 0xf1, 0xf1, 0xe7, 0xda, 0x62,
0x9e, 0xa0, 0x34, 0x86, 0xeb, 0xa1, 0x6e, 0x4a, 0x26, 0x8e,
0x39, 0x0c, 0x51, 0x10, 0x33, 0x11, 0x87, 0xf8, 0x79, 0x3c,
0x49, 0x7a, 0x8b, 0xce, 0xc1, 0x0a, 0x0e, 0xe1, 0xd5, 0x2a,
0xac, 0xf0, 0x3a, 0x1d, 0x6a, 0x6a, 0xe5, 0xe1, 0x81, 0x70,
0xad, 0xaf, 0x15, 0x4c, 0x2a, 0x70, 0x2a, 0x6b, 0x22, 0x0d,
0x30, 0xe7, 0x56, 0xed, 0x2d, 0x4b, 0x85, 0x17, 0x49, 0x72,
0x3a, 0x1b, 0x6f, 0x57, 0x1c, 0xf7, 0x72, 0x9e, 0x20, 0xdb,
0x57, 0x1c, 0xfb, 0x36, 0x50, 0x52, 0xec, 0x5b, 0xd6, 0x6a,
0x1b, 0xf8, 0x74, 0xad, 0xe6, 0x00, 0x74, 0x04, 0xc5, 0x99,
0x83, 0xe4, 0x5a, 0x0c, 0xc3, 0xe8, 0x6d, 0x3a, 0xd7, 0x3c,
0x3c, 0xc0, 0x1a, 0x28, 0xb3, 0x29, 0x7a, 0x10, 0x9e, 0x39,
0x66, 0x5b, 0xc1, 0x38, 0xac, 0x21, 0x4e, 0xcd, 0x01, 0xf2,
0xf6, 0x30, 0x2c, 0x2b, 0xb6, 0xbf, 0xf5, 0xea, 0x61, 0xaf,
0x0c, 0xa6, 0x01, 0x11, 0x15, 0x19, 0x09, 0x8c, 0x7e, 0x69,
0xdf, 0x3b, 0xea, 0xd3, 0x0a, 0x3a, 0xd7, 0xbd, 0xe1, 0x17,
0xaf, 0x92, 0x3c, 0xf5, 0xfe, 0x35, 0xd6, 0xcf, 0x07, 0xa6,
0xf7, 0xe9, 0xc1, 0x99, 0xed, 0x80, 0xe3, 0x12, 0xd5, 0x4b,
0xb9, 0xdf, 0xaf, 0x4e, 0x52, 0xad, 0x8e, 0x66, 0x87, 0xe5,
0x2c, 0xd0, 0x45, 0x70, 0xd9, 0x78, 0x8f, 0x4b, 0xf4, 0xe1,
0xf1, 0x22, 0xf2, 0xe3, 0xed, 0x1f, 0xeb, 0xe9, 0x70, 0x31,
0x4c, 0x65, 0x5f, 0x55, 0xee, 0x5d, 0xaa, 0x83, 0x87, 0x76,
0xbe, 0x11, 0xae, 0xd7, 0xf2, 0xfb, 0x43, 0xe7, 0x17, 0x81,
0x33, 0x15, 0x47, 0xa0, 0xf3, 0x8e, 0x84, 0x57, 0xff, 0x35,
0x9e, 0x4a, 0x8a, 0xab, 0x50, 0x3a, 0x45, 0xe0, 0xc3, 0x73,
0xca, 0x77, 0x61, 0x68, 0x38, 0xd0, 0xa3, 0x5f, 0x03, 0x8d,
0x41, 0xc2, 0xd3, 0x4a, 0x17, 0xe0, 0xa8, 0xaa, 0x00, 0xf3,
0xf2, 0x5b, 0xa8, 0xe1, 0x06, 0xa6, 0x2b, 0xdb, 0xe1, 0x74,
0xbd, 0xc4, 0xd2, 0x2b, 0x55, 0x9a, 0xb0, 0xf8, 0x35, 0xd8,
0x6b, 0xec, 0xdb, 0xc5, 0xf4, 0x6c, 0x40, 0x90, 0x6a, 0x68,
0xc9, 0xb5, 0xcb, 0xbb, 0xd0, 0xb0, 0xbc, 0x9f, 0xb9, 0xaa,
0x50, 0x14, 0x93, 0x3b, 0x9f, 0x25, 0xcb, 0x40, 0xb8, 0x08,
0xcc, 0x13, 0xe5, 0xdc, 0x3f, 0x84, 0x96, 0xe0, 0x73, 0x7b,
0x7d, 0x9e, 0x41, 0x92, 0x5d, 0xcc, 0xa4, 0xea, 0x4f, 0x93,
0x0c, 0x40, 0x2e, 0x42, 0x8a, 0xe9, 0xb9, 0x12, 0x74, 0xbb,
0x79, 0x7c, 0xb0, 0x37, 0x20, 0xb6, 0xaf, 0x43, 0x3a, 0x88,
0x59, 0x7c, 0x68, 0x28, 0x5f, 0x98, 0xc2, 0xf0, 0x2a, 0xbc,
0xa1, 0x61, 0x88, 0x1f, 0x43, 0xbc, 0x42, 0x8f, 0x43, 0xf3,
0x7e, 0x16, 0x96, 0xfa, 0x92, 0x70, 0xaf, 0x3c, 0x9f, 0x4b,
0xd9, 0x60, 0xe9, 0xf6, 0x2e, 0x84, 0xda, 0x88, 0x31, 0x34,
0xa6, 0x85, 0x10, 0x05, 0xef, 0x40, 0xa8, 0xa5, 0x4f, 0x92,
0x59, 0xf7, 0xe0, 0xc4, 0x2b, 0x12, 0x17, 0x71, 0xbe, 0x8c,
0x4a, 0x02, 0xfe, 0x12, 0xb6, 0x3b, 0x85, 0x75, 0x37, 0xf3,
0x73, 0x2d, 0x9c, 0x00, 0x5d, 0x80, 0xad, 0x20, 0x2f, 0x5a,
0x0b, 0x17, 0x7e, 0x67, 0x72, 0x24, 0x5a, 0xb9, 0xf3, 0xb1,
0x33, 0xa4, 0x57, 0x1d, 0x49, 0x72, 0x2c, 0x7f, 0x47, 0x15,
0x07, 0xe0, 0x45, 0x14, 0xdd, 0x77, 0x86, 0x6d, 0x03, 0xbe,
0x57, 0xd0, 0xaa, 0x18, 0xa6, 0xdd, 0x94, 0x18, 0x3f, 0x8a,
0xf3, 0xb5, 0xd7, 0x5a, 0xec, 0xc8, 0x79, 0x7f, 0x51, 0x61,
0x3c, 0x9b, 0xb2, 0x9b, 0xf3, 0xb4, 0x35, 0xd1, 0x38, 0xbf,
0x37, 0xce, 0x54, 0xd1, 0xf8, 0xb6, 0x45, 0xeb, 0x52, 0x0d,
0x9a, 0x09, 0x58, 0x0d, 0x2c, 0x0b, 0xb1, 0xf2, 0x30, 0x3a,
0x95, 0xc1, 0x13, 0x91, 0xd2, 0x9f, 0x8d, 0x8d, 0xd0, 0x38,
0x3e, 0x4c, 0xae, 0x4a, 0x55, 0xa7, 0x42, 0x11, 0x83, 0xc4,
0x70, 0xf0, 0x2b, 0x68, 0x9e, 0x07, 0xad, 0xb7, 0x83, 0xc6,
0x53, 0x3c, 0xfb, 0x0a, 0x5d, 0x24, 0xdc, 0xe1, 0x55, 0x72,
0xcf, 0xce, 0x3e, 0xc8, 0xd0, 0x57, 0x8a, 0x82, 0x5e, 0x78,
0x2b, 0x80, 0xc5, 0xb9, 0x09, 0x46, 0xf8, 0x90, 0x39, 0x52,
0xa9, 0xce, 0x3f, 0x3d, 0x41, 0x3b, 0x28, 0x45, 0xa3, 0xb3,
0x21, 0xc2, 0xcd, 0x14, 0x49, 0x41, 0x6c, 0x38, 0xda, 0x1b,
0x5f, 0x16, 0x49, 0xf9, 0x65, 0x00, 0x4e, 0xb4, 0x20, 0x55,
0x70, 0xe8, 0x58, 0x1a, 0x18, 0xbf, 0x41, 0xef, 0x31, 0xb1,
0xe7, 0x8d, 0x89, 0xc1, 0x48, 0xe8, 0xf5, 0x57, 0x35, 0xfa,
0xc1, 0x79, 0xee, 0x2c, 0xe8, 0x7d, 0xb6, 0x03, 0xcc, 0x66,
0x09, 0x6f, 0x52, 0x84, 0x0a, 0x34, 0x18, 0x2c, 0x01, 0x45,
0x81, 0x00, 0xe5, 0x5e, 0x8d, 0xae, 0x1c, 0x96, 0x8b, 0x45,
0x73, 0x00, 0x0a, 0xb5, 0xcf, 0x8d, 0x0e, 0x35, 0x5d, 0x1a,
0x0e, 0xbf, 0x64, 0x9a, 0x52, 0x20, 0x48, 0xc6, 0xb9, 0x40,
0xd3, 0x2c, 0x52, 0xca, 0x93, 0xcf, 0xbb, 0x94, 0x06, 0xf3,
0x97, 0xee, 0xcc, 0x5d, 0xa3, 0xea, 0xf8, 0x5a, 0x39, 0x77,
0x34, 0xd7, 0xf6, 0x4e, 0xbe, 0x8a, 0x07, 0x5f, 0x51, 0x53,
0xc5, 0x1b, 0x8c, 0x47, 0x8f, 0x34, 0x0e, 0x60, 0x0a, 0x90,
0xe2, 0xda, 0x7b, 0xef, 0xd6, 0xf5, 0x5d, 0xe5, 0x32, 0x37,
0x75, 0x99, 0x81, 0x4a, 0x2a, 0x78, 0x71, 0xdc, 0xf4, 0xe5,
0xca, 0xd8, 0x6b, 0x3b, 0x90, 0x68, 0x2e, 0x93, 0xc5, 0x10,
0x42, 0x5d, 0x38, 0x90, 0x32, 0x46, 0xea, 0x87, 0xe0, 0xbc,
0xb8, 0x9a, 0x18, 0x20, 0x68, 0x85, 0x6d, 0x9b, 0xc9, 0x8f,
0x9b, 0xd2, 0xbe, 0x15, 0x12, 0x68, 0xd0, 0xb0, 0x16, 0x5f,
0xe2, 0x69, 0x1d, 0x04, 0x00, 0xfc, 0x63, 0x33, 0xcd, 0x1f,
0x89, 0xcd, 0x52, 0xff, 0xec, 0x19, 0x69, 0x74, 0xa3, 0xce,
0x4d, 0xab, 0x93, 0xe4, 0xc6, 0x13, 0x56, 0x27, 0xc9, 0x25,
0x5a, 0x01, 0xb2, 0x36, 0x8b, 0x61, 0xe5, 0x8b, 0x98, 0xac,
0xe4, 0x2a, 0xb6, 0x40, 0x9f, 0x42, 0xe4, 0x1b, 0x52, 0xf7,
0xfd, 0xd8, 0x30, 0x07, 0x33, 0xf9, 0x47, 0xcb, 0x3c, 0xad,
0x12, 0xc1, 0xcc, 0x29, 0x62, 0x49, 0x04, 0x0c, 0x23, 0x97,
0x5a, 0xa4, 0x84, 0x67, 0xde, 0x5a, 0xe5, 0x36, 0xd2, 0x88,
0xf1, 0xd4, 0xeb, 0x13, 0x81, 0x54, 0x51, 0x11, 0xe3, 0xba,
0xbc, 0xee, 0xdd, 0x6c, 0xcd, 0xe6, 0xb4, 0xa1, 0x8b, 0x0b,
0x66, 0xfb, 0x8e, 0x50, 0xa0, 0xda, 0x69, 0x8d, 0xcc, 0x2d,
0xe4, 0x2c, 0xc4, 0x37, 0xdf, 0x61, 0xc0, 0x03, 0xbd, 0x8b,
0x28, 0xca, 0xd2, 0x8c, 0x1c, 0xf1, 0xa4, 0x26, 0x69, 0xe5,
0xcf, 0x45, 0xdb, 0x5a, 0x47, 0x79, 0xed, 0x9f, 0xf7, 0xd2,
0xdb, 0xba, 0x46, 0x53, 0x4f, 0xce, 0xa8, 0xbe, 0x8f, 0x4a,
0xd6, 0xdf, 0x2e, 0x06, 0xe6, 0x4c, 0x9a, 0xc1, 0xb6, 0x49,
0xed, 0xc4, 0xeb, 0xaa, 0xa4, 0x29, 0x6d, 0xd4, 0xcc, 0x8c,
0xb6, 0x40, 0x11, 0x39, 0x69, 0xf7, 0x75, 0xcd, 0xb1, 0x99,
0x46, 0x4e, 0xde, 0xcb, 0xf6, 0x9d, 0x32, 0xf3, 0xc9, 0x47,
0x47, 0x7a, 0xcb, 0xfb, 0xa3, 0x0c, 0x3b, 0xdf, 0xb7, 0xde,
0xec, 0x99, 0xde, 0xb0, 0x26, 0x04, 0x34, 0xae, 0x6b, 0xfc,
0x99, 0xbc, 0xde, 0xd5, 0xbe, 0xe7, 0xeb, 0xf9, 0xe7, 0xa6,
0x01, 0x9a, 0x0c, 0x5e, 0x66, 0xe6, 0x53, 0xe4, 0xd1, 0x58,
0xac, 0xda, 0x69, 0x77, 0x7b, 0x68, 0xd6, 0x30, 0x2a, 0x9c,
0x6b, 0xbe, 0x9f, 0x3d, 0x71, 0xd6, 0x54, 0xcd, 0x59, 0x4e,
0x1f, 0xe3, 0x83, 0x4e, 0xd1, 0x8e, 0xaf, 0x97, 0xa8, 0xe5,
0xb6, 0x59, 0x77, 0xa8, 0x02, 0x20, 0xe4, 0xeb, 0x44, 0x71,
0xbc, 0x07, 0x14, 0x79, 0x4f, 0x0c, 0x27, 0x06, 0x39, 0xcf,
0x7c, 0xef, 0x2b, 0x9b, 0x5e, 0xc4, 0x6d, 0x79, 0x13, 0x00,
0x43, 0x6f, 0x51, 0x77, 0xb5, 0xc3, 0x72, 0xad, 0x13, 0xa9,
0xe5, 0x9a, 0x5b, 0x1a, 0x99, 0x74, 0xc0, 0x7a, 0xf9, 0xc5,
0xb0, 0x58, 0x35, 0x1c, 0xa5, 0x51, 0xdb, 0xa1, 0x14, 0xcd,
0x26, 0x71, 0xb1, 0xe7, 0xaa, 0x14, 0xa7, 0x46, 0x93, 0xd3,
0x5c, 0x8c, 0x1a, 0x91, 0x77, 0x46, 0x2e, 0x15, 0xaa, 0x9e,
0xf7, 0x2b, 0x79, 0x41, 0x76, 0xf7, 0x22, 0x53, 0x7d, 0x51,
0xdb, 0x98, 0x3d, 0x5b, 0x78, 0x5f, 0xc3, 0xc9, 0x29, 0xa3,
0xff, 0x75, 0x82, 0x06, 0x9a, 0x16, 0x5e, 0xa4, 0x79, 0x0d,
0xd1, 0x6d, 0x08, 0xff, 0x43, 0xef, 0x9c, 0xf3, 0x1b, 0x7a,
0x3f, 0x34, 0xbe, 0x19, 0x15, 0x06, 0x33, 0xdb, 0xa5, 0x71,
0xcb, 0x5f, 0x6b, 0x8d, 0xbd, 0x5b, 0x32, 0x91, 0xb2, 0x37,
0x3d, 0xb4, 0x40, 0x9e, 0x02, 0x9b, 0xb7, 0x68, 0x20, 0x58,
0x5c, 0xab, 0xcb, 0xc8, 0x23, 0x2d, 0x77, 0xcc, 0x0b, 0xf6,
0x78, 0x6b, 0x80, 0x06, 0x91, 0xa9, 0xfd, 0x7e, 0xfa, 0x25,
0x98, 0x9f, 0xcc, 0x79, 0x0a, 0x1a, 0x54, 0x83, 0xac, 0x64,
0x16, 0x90, 0xe5, 0xd9, 0xa7, 0xd7, 0x1b, 0x86, 0x0d, 0xe6,
0xe6, 0x22, 0x2b, 0x1f, 0x44, 0x49, 0x98, 0x9c, 0x51, 0x6f,
0xcf, 0x58, 0x4a, 0xfa, 0xfa, 0x84, 0x12, 0xa5, 0x10, 0xf4,
0xca, 0xf0, 0x98, 0x2b, 0xc9, 0x03, 0x71, 0x37, 0xe7, 0xdc,
0xc2, 0xb1, 0x4e, 0x64, 0xde, 0x4f, 0x46, 0x0d, 0x6b, 0x25,
0x88, 0x5d, 0xd6, 0xff, 0x23, 0x46, 0x57, 0x36, 0x14, 0x18,
0xa7, 0xcb, 0xb8, 0xbd, 0xf0, 0xc5, 0x37, 0x36, 0xee, 0xe1,
0xed, 0x9f, 0x4d, 0xd4, 0x39, 0xe5, 0x92, 0xcf, 0x95, 0x4d,
0x66, 0x36, 0x5d, 0xd0, 0xcc, 0x07, 0xcf, 0x15, 0x5a, 0xce,
0x14, 0xb8, 0xda, 0x0d, 0x3d, 0x1b, 0x45, 0xc5, 0x2e, 0x34,
0x43, 0x25, 0x02, 0x3a, 0xcd, 0x14, 0x45, 0xfb, 0x3e, 0xf9,
0x88, 0x5d, 0x0d, 0x29, 0x31, 0xb9, 0xa1, 0xe6, 0x31, 0x18,
0x52, 0x46, 0x3f, 0x22, 0x4f, 0x9f, 0x7a, 0x65, 0x36, 0x88,
0xa3, 0x1c, 0x3e, 0x6f, 0x50, 0x7a, 0x36, 0xbe, 0x56, 0x7e,
0x50, 0xcb, 0x7a, 0x10, 0xa0, 0xec, 0xf6, 0x82, 0xd6, 0x30,
0x1c, 0xe8, 0x4c, 0x50, 0xf9, 0x3e, 0xdb, 0xac, 0xbe, 0x4f,
0x90, 0xb1, 0xd5, 0x1b, 0x12, 0x95, 0xfb, 0xe8, 0x08, 0x64,
0x56, 0x7c, 0x96, 0xcc, 0x90, 0xb1, 0xbc, 0xa0, 0xf5, 0x32,
0x69, 0xb3, 0x5f, 0x27, 0x0f, 0xbe, 0xc9, 0xbd, 0xeb, 0xfa,
0x4b, 0x5c, 0xc5, 0x99, 0x9e, 0x5a, 0x04, 0xcc, 0xd0, 0x4d,
0x29, 0xe8, 0x84, 0x55, 0x8c, 0xd7, 0xc4, 0x06, 0x13, 0x4d,
0x92, 0xe5, 0x98, 0x9c, 0x4c, 0xc1, 0xf7, 0xaf, 0x7b, 0xd5,
0x2b, 0x92, 0x68, 0x68, 0x19, 0x70, 0x4c, 0x9e, 0x46, 0xb8,
0x34, 0xeb, 0x01, 0x47, 0xbe, 0x59, 0xab, 0x0b, 0x22, 0x25,
0xe7, 0x56, 0xa8, 0xb4, 0x93, 0x3c, 0xd5, 0x98, 0x9f, 0x61,
0x2e, 0xfa, 0xcb, 0x5f, 0x5b, 0xd8, 0x09, 0x83, 0xe9, 0x40,
0xe9, 0x0e, 0x42, 0xdd, 0x17, 0xd7, 0x6e, 0x19, 0x8d, 0x95,
0x0a, 0x93
};
#endif
WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_sig[] = {
0x20, 0xff, 0x12, 0xe1, 0x87, 0xf6, 0x11, 0x38, 0xff, 0x41, 0xd0, 0x8f,
0xcd, 0x7e, 0xd1, 0xf6, 0x21, 0x17, 0xd0, 0x46, 0xe9, 0x86, 0x83, 0x1b,
0xaf, 0xe5, 0x2b, 0x59, 0x21, 0xd1, 0x6b, 0xc9, 0xdb, 0x34, 0xdc, 0xba,
0xfd, 0xd3, 0xf8, 0x71, 0x49, 0xd8, 0x31, 0xbc, 0x48, 0x83, 0x22, 0x7b,
0xfd, 0x6a, 0x93, 0xa6, 0x39, 0x4c, 0xda, 0xdb, 0x15, 0xe7, 0x41, 0x14,
0xb4, 0xb8, 0xfe, 0xb0, 0x1f, 0xf9, 0x0a, 0x2c, 0x0b, 0xc0, 0xac, 0x09,
0x84, 0x69, 0x5e, 0x64, 0x8c, 0xa8, 0xee, 0xa1, 0x52, 0x22, 0xde, 0x0d,
0xc7, 0x25, 0xef, 0xa8, 0xfd, 0x8c, 0xb9, 0x45, 0x4f, 0xa4, 0x9c, 0xbc,
0x70, 0xf2, 0x88, 0xea, 0x79, 0x13, 0xb0, 0xfc, 0xe6, 0x41, 0x48, 0x1c,
0x33, 0x48, 0xa2, 0x77, 0x75, 0x37, 0x9f, 0xc1, 0x86, 0x94, 0xcd, 0x69,
0x98, 0x87, 0x47, 0x49, 0x75, 0x93, 0xf1, 0xa4, 0x2d, 0x8e, 0xa8, 0x7e,
0x0f, 0x95, 0xf5, 0x3e, 0x5d, 0x31, 0x2d, 0xc9, 0x58, 0x1c, 0x42, 0xfd,
0x79, 0x6a, 0x49, 0xa3, 0x84, 0xc5, 0x2e, 0x8d, 0x96, 0x9c, 0xc8, 0x05,
0x93, 0xdb, 0x6d, 0xbf, 0x83, 0x34, 0xc2, 0x81, 0x47, 0x90, 0xc9, 0xa9,
0x82, 0xbd, 0xe1, 0xc8, 0x89, 0xa2, 0x36, 0x47, 0xed, 0xfb, 0x47, 0x57,
0x01, 0x1a, 0x75, 0x8c, 0x6b, 0x83, 0xcf, 0x56, 0xae, 0x52, 0x66, 0x8b,
0xab, 0x7f, 0x0c, 0xec, 0xde, 0x5c, 0x13, 0xbe, 0xbd, 0x5b, 0x74, 0x28,
0xb5, 0xd7, 0x68, 0xd5, 0xd2, 0xe9, 0x96, 0x3b, 0x55, 0xda, 0x3a, 0x93,
0x3c, 0xd9, 0x9f, 0x53, 0x2a, 0x31, 0x84, 0x45, 0x3f, 0xee, 0x2b, 0xfc,
0x92, 0xb0, 0x9c, 0xc6, 0x16, 0x16, 0x4f, 0x33, 0x41, 0x17, 0x58, 0xbe,
0x5d, 0x57, 0x4b, 0x04, 0x82, 0xe3, 0xb3, 0x68, 0xdf, 0x7c, 0x93, 0xce,
0x9d, 0xf6, 0x7e, 0x21, 0x3d, 0x28, 0x1c, 0xf0, 0x37, 0x46, 0xf2, 0xc2,
0x73, 0x7c, 0xbe, 0x98, 0x0e, 0x09, 0x75, 0xa7, 0x21, 0x11, 0xa9, 0xd6,
0xd1, 0x47, 0xac, 0xd0, 0x19, 0x48, 0x3b, 0x74, 0xc1, 0x3c, 0x37, 0x43,
0x49, 0x12, 0x62, 0xee, 0xaf, 0x5c, 0x38, 0xf7, 0x8a, 0xce, 0xb3, 0x7a,
0x05, 0x16, 0xd4, 0x71, 0x8b, 0xbe, 0x1a, 0xe0, 0x1e, 0xbc, 0x4b, 0x54,
0x0f, 0xb5, 0x73, 0x2b, 0xb8, 0x3a, 0x75, 0xf0, 0x26, 0xcd, 0xf9, 0xca,
0x32, 0xf9, 0x7e, 0x15, 0x38, 0x75, 0x9c, 0x4d, 0xbc, 0x11, 0xf8, 0xea,
0x8e, 0xe8, 0x38, 0x17, 0xc5, 0x62, 0xf4, 0x34, 0xfb, 0xd6, 0xf5, 0x76,
0xfc, 0xa3, 0xf3, 0x44, 0xf9, 0xab, 0x2e, 0x9a, 0x68, 0xcd, 0xa1, 0x29,
0xff, 0xda, 0xe8, 0xb5, 0xb0, 0x20, 0x5d, 0x02, 0x01, 0x62, 0x26, 0x44,
0x32, 0xc8, 0x94, 0xf8, 0xf1, 0xaa, 0xf9, 0xc2, 0x86, 0xcb, 0x55, 0x7f,
0x8d, 0xb3, 0xf6, 0x63, 0xb1, 0xa4, 0x95, 0x57, 0xb8, 0x1d, 0xc3, 0x42,
0xd2, 0x4b, 0x69, 0xcd, 0x7a, 0x10, 0x5b, 0x6a, 0x13, 0xd1, 0x02, 0x98,
0x38, 0x87, 0x9b, 0x9a, 0x5a, 0x66, 0x73, 0xcb, 0x75, 0xd0, 0x7a, 0x4b,
0xad, 0x23, 0x06, 0x1c, 0xc8, 0x6b, 0x0c, 0xa8, 0xfe, 0x7b, 0x8f, 0x65,
0x50, 0xd7, 0xf7, 0x76, 0x88, 0x42, 0xe0, 0x5e, 0x18, 0x91, 0x8b, 0x99,
0x37, 0x56, 0x08, 0x91, 0xe7, 0x01, 0xe7, 0x05, 0xd5, 0xed, 0x43, 0x25,
0x71, 0x7e, 0x3e, 0xfc, 0xc4, 0xfd, 0xed, 0x8b, 0x85, 0x16, 0x8c, 0xe3,
0x05, 0xee, 0x51, 0x02, 0xa4, 0x4b, 0xd8, 0x3c, 0xcf, 0x4d, 0x2f, 0x2d,
0x68, 0x6e, 0xc1, 0xd5, 0xfa, 0x91, 0xfd, 0x6a, 0xe0, 0x64, 0x85, 0x35,
0x9c, 0x75, 0xe6, 0x0d, 0xb8, 0xec, 0x97, 0x88, 0x62, 0x98, 0x78, 0x75,
0xc7, 0x1e, 0x68, 0xa7, 0xb9, 0x7b, 0xab, 0x75, 0x7a, 0x72, 0x3c, 0x7b,
0xab, 0x60, 0x03, 0xb7, 0x38, 0x13, 0xe4, 0x96, 0x6e, 0xcb, 0x95, 0xcc,
0xdc, 0x6a, 0x47, 0x67, 0x77, 0xd7, 0x95, 0xc4, 0x87, 0x66, 0xc2, 0x7e,
0x42, 0x90, 0x59, 0x4f, 0xd6, 0xf3, 0xf4, 0xa7, 0xd0, 0x29, 0xf9, 0x5d,
0x4b, 0x06, 0x06, 0xf7, 0x6e, 0xb2, 0xab, 0xb0, 0x8e, 0x21, 0xa6, 0xff,
0x5e, 0x7b, 0x47, 0xb6, 0x3a, 0xa6, 0x9e, 0x19, 0xf6, 0xdf, 0x9b, 0x3b,
0x3d, 0x07, 0x37, 0xd1, 0x0b, 0xa8, 0xf3, 0x9c, 0x43, 0x89, 0xee, 0xba,
0x03, 0xee, 0x38, 0x74, 0x13, 0x09, 0x8e, 0x47, 0x4e, 0xa9, 0x14, 0xf5,
0xb0, 0x55, 0xe0, 0x03, 0xe5, 0xb9, 0x53, 0xef, 0x03, 0x15, 0x60, 0xb3,
0x4a, 0x71, 0x31, 0x4b, 0xf1, 0xc8, 0xe4, 0x63, 0x9b, 0x8b, 0x78, 0x3c,
0x1f, 0xac, 0x27, 0x20, 0xa8, 0x53, 0x7d, 0xdd, 0x72, 0xd3, 0x90, 0x8f,
0x71, 0xa6, 0xa7, 0xeb, 0xb0, 0xeb, 0x42, 0x96, 0xa4, 0xc3, 0xba, 0xc6,
0x3c, 0xe7, 0x7b, 0x15, 0x1e, 0xfa, 0x15, 0x23, 0x37, 0xf3, 0xc8, 0xb2,
0xf9, 0x46, 0x04, 0xd1, 0x5e, 0x44, 0xd7, 0x8f, 0x70, 0xb1, 0x0a, 0xde,
0x6a, 0xe3, 0xaf, 0x9e, 0x49, 0x55, 0x78, 0x79, 0x11, 0x22, 0x87, 0xa9,
0x54, 0x7c, 0xb4, 0x83, 0xe1, 0x25, 0xcd, 0x89, 0xa6, 0x91, 0x21, 0x7b,
0xbe, 0x3d, 0x2f, 0x46, 0xb5, 0x5b, 0x50, 0x1a, 0xc8, 0x8d, 0x32, 0xf3,
0x62, 0x1f, 0x24, 0x64, 0xe8, 0xb6, 0x02, 0x4f, 0x1f, 0x52, 0x3c, 0x40,
0xfc, 0x72, 0x38, 0xd4, 0xba, 0x40, 0x8e, 0xb7, 0xc0, 0x97, 0x06, 0x16,
0xd5, 0xe3, 0x39, 0x45, 0xd7, 0x7c, 0x0e, 0xed, 0x6b, 0x19, 0x19, 0x0a,
0x8e, 0xcb, 0x2b, 0xee, 0x4d, 0xa1, 0x5e, 0x84, 0x22, 0x66, 0xcd, 0x4f,
0xb9, 0x1a, 0x25, 0x85, 0x02, 0xc0, 0x67, 0xc4, 0xd5, 0x1a, 0xcb, 0xbb,
0xde, 0x4d, 0x3c, 0x3c, 0x62, 0x9f, 0x76, 0x8f, 0x15, 0x29, 0xa5, 0xbb,
0x5a, 0x48, 0x38, 0x66, 0xfa, 0x56, 0x0a, 0x09, 0xbd, 0xdf, 0xdf, 0x4a,
0xe7, 0x0e, 0xa6, 0xb1, 0xb5, 0x7c, 0xe1, 0xed, 0x8d, 0x63, 0x07, 0x42,
0xf3, 0xf8, 0x15, 0x28, 0x7c, 0x09, 0xf5, 0x02, 0x69, 0x1b, 0x88, 0x1e,
0x3d, 0xad, 0x5f, 0x46, 0xed, 0xab, 0x2b, 0x11, 0x96, 0x73, 0xa8, 0xe8,
0xe6, 0x64, 0x7d, 0xae, 0x13, 0xa1, 0x7d, 0x54, 0xae, 0xc0, 0x82, 0xeb,
0x2a, 0xd1, 0x76, 0xb7, 0x9f, 0xbd, 0x33, 0x8f, 0xe7, 0xe6, 0x79, 0x92,
0xa6, 0xaf, 0x61, 0x91, 0x49, 0xbc, 0xd2, 0x3c, 0x6f, 0x8b, 0xbe, 0x8f,
0x5f, 0x1f, 0x00, 0x2c, 0x2e, 0x2c, 0xa0, 0x14, 0xcf, 0x34, 0x42, 0x44,
0x41, 0x11, 0xd7, 0x37, 0xd3, 0x99, 0x44, 0x36, 0x43, 0x03, 0xb9, 0x50,
0x4f, 0xab, 0xfe, 0x48, 0xe2, 0x4b, 0xed, 0x51, 0x8b, 0xe0, 0x04, 0x3c,
0x93, 0x28, 0x55, 0xc8, 0x5a, 0xb3, 0x52, 0x2c, 0x56, 0xbd, 0x43, 0xb9,
0x4a, 0x6c, 0x4c, 0xcc, 0xda, 0xba, 0x9c, 0xe6, 0x3e, 0x50, 0x8b, 0x1a,
0xe5, 0x83, 0xc1, 0x60, 0x55, 0xb2, 0x02, 0x16, 0x54, 0x33, 0x62, 0x69,
0x7c, 0x7d, 0x94, 0xf2, 0xb0, 0x3a, 0x22, 0xf0, 0x21, 0x46, 0xd7, 0x94,
0x53, 0xec, 0x63, 0x4c, 0x3e, 0xc3, 0x71, 0xd1, 0xb9, 0x2e, 0x16, 0xe8,
0x17, 0x63, 0x7e, 0x0c, 0x83, 0x05, 0x72, 0xe6, 0x20, 0x60, 0x34, 0xae,
0x0e, 0x54, 0xa0, 0x57, 0x75, 0x93, 0x2e, 0xb8, 0x6c, 0xec, 0xda, 0x44,
0x1b, 0xac, 0xd6, 0x75, 0xc5, 0x79, 0x3c, 0xc2, 0xa6, 0xa2, 0x7f, 0x3a,
0xb0, 0xec, 0xeb, 0xc1, 0xe6, 0xd6, 0xae, 0xac, 0x2e, 0x55, 0x30, 0x1c,
0x81, 0xa4, 0x4c, 0x35, 0x0e, 0xd8, 0xa6, 0x4e, 0xea, 0x0e, 0xbf, 0x79,
0xf7, 0xdf, 0x55, 0xfc, 0xf9, 0x24, 0xb0, 0xa6, 0xba, 0xc3, 0x72, 0x42,
0x60, 0x06, 0x44, 0x03, 0xe3, 0x40, 0x3c, 0x2a, 0x13, 0xf7, 0xdf, 0x3d,
0xb7, 0x0d, 0x86, 0x6c, 0xb0, 0x0f, 0x2e, 0x72, 0x91, 0x16, 0x4f, 0x5f,
0xd0, 0x3e, 0x8c, 0x36, 0xed, 0xa8, 0x6f, 0xbc, 0x65, 0xb0, 0x65, 0x99,
0x47, 0x50, 0xa5, 0x9c, 0xea, 0xee, 0x8a, 0x44, 0x70, 0xf5, 0x31, 0x1a,
0xe9, 0x11, 0xc1, 0xce, 0xe0, 0x21, 0x52, 0x70, 0x89, 0xf7, 0xc3, 0x35,
0xfa, 0x55, 0x5a, 0xc5, 0x10, 0x02, 0xc4, 0xc7, 0xf7, 0xe1, 0xaf, 0x49,
0x48, 0x61, 0xe7, 0x0d, 0xa1, 0x2d, 0x7d, 0x03, 0x00, 0x38, 0xa7, 0xd5,
0xd3, 0xbf, 0x95, 0x29, 0xed, 0xcc, 0x70, 0x3e, 0xbe, 0x95, 0x8a, 0xdf,
0xaf, 0xbf, 0xec, 0xf8, 0x6a, 0x4f, 0x9e, 0x69, 0xee, 0x4e, 0x3d, 0x8b,
0x58, 0xa0, 0x2e, 0xb5, 0x83, 0x6a, 0x0e, 0x04, 0xa4, 0xa9, 0x74, 0xcb,
0x4f, 0xb0, 0x39, 0x37, 0x8f, 0xcf, 0xbf, 0x77, 0xe4, 0x1a, 0x74, 0xcf,
0x0e, 0x0d, 0x2d, 0x6e, 0x1d, 0xba, 0xc1, 0xf5, 0x7c, 0x54, 0x6e, 0x92,
0xec, 0x4b, 0x03, 0xc3, 0xa4, 0x44, 0xad, 0x3e, 0x4f, 0xa4, 0xd9, 0xe9,
0x71, 0x3c, 0xe6, 0xb6, 0xbe, 0xe7, 0xfc, 0x72, 0x76, 0x86, 0x9a, 0x73,
0xb1, 0xb3, 0xf3, 0x84, 0xb6, 0x2a, 0x40, 0x0b, 0x8c, 0xae, 0xb3, 0xc4,
0xdc, 0xb5, 0x21, 0x85, 0x87, 0xdc, 0x19, 0x18, 0xd5, 0xba, 0xa4, 0x5e,
0x88, 0x89, 0xa4, 0xf4, 0x88, 0x75, 0xc2, 0x7a, 0xb4, 0xee, 0x9d, 0x54,
0x66, 0x97, 0x70, 0x08, 0x8f, 0x99, 0x84, 0x5d, 0x5e, 0xa7, 0x6f, 0x92,
0xe8, 0xa3, 0x65, 0xfa, 0x0e, 0x87, 0xfb, 0x3c, 0xe9, 0x17, 0x2d, 0xc7,
0x2d, 0x30, 0x8f, 0x41, 0x82, 0x68, 0x2b, 0xf1, 0x67, 0x8e, 0xf7, 0x05,
0x78, 0xfa, 0xc3, 0x61, 0xba, 0x35, 0xe7, 0x2f, 0x19, 0xef, 0x71, 0x36,
0xac, 0x5b, 0xf0, 0x45, 0x30, 0x70, 0xdc, 0xc7, 0xab, 0x7b, 0x62, 0x17,
0x9d, 0xc4, 0x43, 0x6f, 0xfc, 0x02, 0x56, 0x5f, 0x65, 0xaa, 0x68, 0x3b,
0x5c, 0xfa, 0x71, 0x28, 0x89, 0xe9, 0x28, 0x2f, 0x95, 0x4b, 0xfc, 0xe6,
0xe7, 0xc8, 0x44, 0x28, 0x5c, 0x3c, 0x08, 0x5f, 0x9c, 0xbc, 0x41, 0x68,
0x91, 0x98, 0x7a, 0x00, 0x63, 0xc9, 0x5c, 0x75, 0x8f, 0xcc, 0x33, 0x77,
0x7b, 0xd0, 0x2d, 0xe8, 0xa2, 0x98, 0xa4, 0x1b, 0xfa, 0x09, 0x67, 0x7b,
0x25, 0x96, 0x19, 0xf4, 0x77, 0x33, 0x20, 0x4f, 0x19, 0xf6, 0x9c, 0x6c,
0x2e, 0xd9, 0x68, 0x95, 0xb0, 0xe2, 0x18, 0x06, 0xe5, 0x84, 0x8e, 0xf7,
0xbf, 0x6c, 0x96, 0xa8, 0x9d, 0x37, 0xc7, 0x28, 0xa1, 0x3d, 0x90, 0x8c,
0x40, 0x3d, 0xe2, 0x51, 0xfd, 0x55, 0x09, 0xf8, 0x83, 0x43, 0x44, 0x4d,
0x1c, 0x8a, 0x8d, 0x36, 0x84, 0x64, 0xc4, 0xfa, 0x1d, 0x72, 0x04, 0x0b,
0x1d, 0x49, 0x13, 0x88, 0x78, 0x5f, 0x07, 0x9b, 0xc8, 0x01, 0x9c, 0x3c,
0xfc, 0xff, 0x0f, 0xd5, 0x13, 0xcd, 0x15, 0x98, 0xcc, 0xe6, 0x59, 0x1e,
0x83, 0x38, 0x8f, 0x6c, 0x75, 0xbe, 0xdf, 0xe9, 0x1b, 0xc5, 0xb9, 0x6b,
0xa4, 0x5a, 0x0c, 0xae, 0x98, 0x8d, 0x93, 0xfa, 0x76, 0x7f, 0x0d, 0x0b,
0xe8, 0xa0, 0x3b, 0x9e, 0x5e, 0xc8, 0xa8, 0xcc, 0x02, 0xc9, 0x86, 0x9c,
0x78, 0xaf, 0x6e, 0x6a, 0xf4, 0xfe, 0x49, 0xad, 0xc5, 0x93, 0xae, 0x62,
0xbd, 0xe3, 0x3a, 0xa8, 0xf2, 0x60, 0xb5, 0x29, 0xde, 0x5f, 0x12, 0x02,
0x2d, 0x43, 0x90, 0xf5, 0x9d, 0x9d, 0x97, 0x29, 0xfa, 0xdd, 0x60, 0x41,
0x64, 0xb7, 0xa5, 0x03, 0x72, 0x10, 0x2b, 0xdd, 0x5b, 0x60, 0xe6, 0xf0,
0xe1, 0xd7, 0xa5, 0x97, 0xec, 0xb4, 0x9a, 0x4c, 0x3e, 0x16, 0xa2, 0x82,
0xb3, 0xc3, 0x3f, 0x3e, 0x5d, 0x32, 0xac, 0x5a, 0x40, 0xb4, 0x00, 0xfa,
0xd9, 0x47, 0xe8, 0x77, 0xa8, 0x96, 0x5c, 0x60, 0x04, 0x9c, 0x5c, 0xdf,
0x24, 0x3b, 0xa7, 0x4a, 0x58, 0x25, 0x12, 0x9a, 0xa8, 0x7b, 0x3e, 0x14,
0xc8, 0x06, 0x79, 0x23, 0xea, 0x91, 0x7f, 0xe1, 0x78, 0x41, 0x6c, 0xdb,
0x8c, 0xeb, 0x66, 0x35, 0x87, 0x87, 0x81, 0x65, 0x2c, 0xef, 0x3a, 0x6e,
0xae, 0xb3, 0x6c, 0xe9, 0x86, 0x50, 0x6d, 0x89, 0xd6, 0x27, 0x0a, 0xdb,
0xf8, 0xd4, 0xb8, 0x85, 0x8e, 0x37, 0xa6, 0x56, 0xf7, 0x58, 0x18, 0x4c,
0x44, 0xcf, 0xeb, 0xc4, 0x79, 0x19, 0xfc, 0x2e, 0x53, 0x18, 0x0e, 0x7b,
0x51, 0x86, 0xf3, 0x59, 0x13, 0xb2, 0xaf, 0xd3, 0xee, 0xf4, 0xd5, 0xbf,
0x2c, 0xb8, 0x6d, 0x71, 0x74, 0x7c, 0x67, 0x54, 0xa7, 0x4b, 0x03, 0xa9,
0x1b, 0x62, 0x95, 0x9f, 0xc3, 0xf0, 0x71, 0x39, 0x2d, 0x26, 0xaf, 0xaf,
0xa7, 0xa5, 0x58, 0xf8, 0xf8, 0x8a, 0xe0, 0x62, 0x90, 0x3f, 0x72, 0x9d,
0x21, 0x82, 0x76, 0x3e, 0x4c, 0x5d, 0xe0, 0xb5, 0x67, 0x23, 0xe3, 0x13,
0x1a, 0x29, 0xa3, 0xda, 0xa4, 0xb4, 0x5c, 0x1d, 0x47, 0xdf, 0xdf, 0xc9,
0x93, 0x6c, 0xb2, 0xb5, 0x22, 0xb3, 0x47, 0x2b, 0xcf, 0xf0, 0x36, 0x87,
0x51, 0x3c, 0x79, 0x41, 0x70, 0xbd, 0xea, 0x70, 0xa2, 0x29, 0x90, 0x55,
0x30, 0x6f, 0x3e, 0x50, 0xc8, 0x38, 0xd6, 0xfa, 0x6f, 0xe3, 0x39, 0x67,
0x88, 0x52, 0x1f, 0xd3, 0x52, 0xbf, 0x3e, 0x7b, 0x2a, 0xe5, 0x1e, 0xcd,
0xf9, 0xf1, 0x91, 0x1d, 0x04, 0x61, 0x25, 0xbb, 0xe1, 0x33, 0xe3, 0x66,
0x46, 0xed, 0x06, 0x8d, 0xc3, 0x4f, 0x20, 0xc6, 0x24, 0xa7, 0xb5, 0x49,
0x3b, 0xc7, 0xe6, 0xa0, 0x77, 0x58, 0xd9, 0x70, 0xb1, 0xf5, 0xec, 0x94,
0x19, 0xf3, 0x5b, 0x0f, 0x9a, 0xe4, 0xad, 0x37, 0x81, 0xaf, 0x68, 0x7b,
0xe5, 0x67, 0xb5, 0xae, 0x7f, 0x2d, 0x64, 0x78, 0x68, 0x5a, 0xd1, 0x8f,
0x1c, 0xc0, 0xc3, 0x5b, 0x21, 0x77, 0xe4, 0xa8, 0x5d, 0x05, 0x50, 0xc1,
0x92, 0xee, 0x36, 0x2d, 0xd2, 0xff, 0xee, 0xc2, 0x11, 0x99, 0xee, 0xd7,
0x48, 0xfb, 0x6a, 0xa3, 0xc9, 0xb7, 0x0c, 0xc1, 0xe5, 0x12, 0xbf, 0x6f,
0x58, 0x66, 0x35, 0x34, 0x26, 0xaa, 0xbe, 0xc3, 0x33, 0x86, 0xfd, 0xc0,
0x1c, 0xa5, 0xe4, 0x1e, 0x91, 0xc4, 0x55, 0x4e, 0xf1, 0xcb, 0xd2, 0x0b,
0xe8, 0x0d, 0x89, 0x6a, 0x00, 0xbd, 0x7b, 0xf5, 0x3d, 0x1a, 0x4a, 0x48,
0xfc, 0xf0, 0x5b, 0xcd, 0xdb, 0xb2, 0xa0, 0x27, 0x4b, 0x8f, 0xf7, 0x87,
0x78, 0x13, 0xdb, 0x3f, 0xfb, 0x0b, 0xda, 0x22, 0xb3, 0x2b, 0x3a, 0x38,
0xd2, 0x29, 0x73, 0x77, 0xb8, 0xd6, 0xec, 0xab, 0xb4, 0xfe, 0xbe, 0xbb,
0x6e, 0xe2, 0xc8, 0x45, 0x7b, 0x0d, 0x36, 0x28, 0x0f, 0x45, 0x72, 0xea,
0x6d, 0x38, 0x02, 0x5e, 0x48, 0x89, 0x12, 0x24, 0x1b, 0x33, 0x0f, 0xe9,
0xf4, 0xce, 0xf8, 0x27, 0x16, 0x37, 0x29, 0xae, 0xe8, 0x22, 0x03, 0x31,
0xa9, 0xa0, 0x73, 0x0c, 0x40, 0xe4, 0xfc, 0x6b, 0xe2, 0x1c, 0x8d, 0x7c,
0x40, 0x82, 0x72, 0x28, 0xd0, 0x7d, 0xe5, 0xef, 0x05, 0x14, 0x80, 0x28,
0x11, 0x32, 0x0d, 0x63, 0x8a, 0xc3, 0x7c, 0xfe, 0xf5, 0x06, 0x0e, 0xb0,
0x78, 0x5c, 0x3a, 0xb6, 0x54, 0x37, 0x46, 0xa7, 0x43, 0x4f, 0x05, 0xec,
0xe4, 0x9f, 0xd8, 0x55, 0x1f, 0x70, 0xb3, 0xe6, 0xbc, 0x46, 0x34, 0x9e,
0xfc, 0xa4, 0x57, 0x8f, 0x0f, 0x25, 0x6f, 0x9f, 0xb3, 0x80, 0x21, 0x0b,
0xa1, 0xca, 0x59, 0xcd, 0x37, 0xf7, 0xc9, 0xcb, 0xbe, 0x91, 0xad, 0x07,
0x4f, 0xc7, 0x4e, 0x04, 0xbd, 0x38, 0x8b, 0x63, 0xb5, 0x51, 0xac, 0xc8,
0x83, 0x3a, 0xa7, 0xe1, 0x77, 0xbc, 0xa4, 0x0c, 0x6c, 0x50, 0xeb, 0x46,
0xe1, 0x45, 0x9a, 0x7b, 0x01, 0xca, 0x54, 0xf0, 0x0f, 0xa0, 0x1f, 0x43,
0x9a, 0x19, 0x70, 0x2e, 0x70, 0x5a, 0xcf, 0x3b, 0x1b, 0x41, 0xfd, 0xd3,
0x9a, 0xa2, 0x36, 0x14, 0xf0, 0xdd, 0xb0, 0x12, 0x6d, 0xcf, 0x55, 0x3f,
0xef, 0x0a, 0xc1, 0x80, 0xa9, 0x68, 0xc3, 0x98, 0x03, 0x46, 0x34, 0xce,
0x91, 0xb2, 0x7a, 0x94, 0xd2, 0xe7, 0xb9, 0x9c, 0x56, 0xb8, 0xf8, 0xd6,
0xff, 0xbf, 0x8b, 0x39, 0x45, 0x04, 0x45, 0xc9, 0xa2, 0xe2, 0xbb, 0x50,
0x68, 0x13, 0x32, 0x1e, 0x09, 0x51, 0xb7, 0xb9, 0xcf, 0x5f, 0xcc, 0x54,
0xd2, 0xf3, 0xc1, 0x9d, 0xa0, 0x8d, 0x22, 0xc8, 0x7e, 0x1b, 0xc6, 0x14,
0xde, 0x5f, 0x52, 0xb4, 0x69, 0x71, 0xca, 0x58, 0x1d, 0x1e, 0x89, 0xcb,
0x56, 0x78, 0x7a, 0x85, 0xee, 0xfd, 0xf6, 0x7e, 0xbe, 0x49, 0x9b, 0xb1,
0x05, 0x95, 0x12, 0xe9, 0x63, 0xbd, 0x61, 0x9a, 0x26, 0xf9, 0x0b, 0x9f,
0x23, 0x0a, 0x59, 0x55, 0x93, 0xd3, 0x2d, 0xca, 0x66, 0x45, 0x03, 0xb7,
0xf0, 0x88, 0x9e, 0xc1, 0x11, 0xbb, 0x62, 0x2c, 0x6f, 0xac, 0x3e, 0x87,
0xd7, 0xe6, 0x4a, 0x44, 0x83, 0x04, 0x5d, 0x5d, 0xbc, 0x3c, 0xce, 0x83,
0x2b, 0x11, 0x42, 0x02, 0x73, 0x1c, 0x24, 0x90, 0xd9, 0x1a, 0x7d, 0x96,
0x82, 0x33, 0x75, 0x1e, 0x59, 0xea, 0xa7, 0x99, 0xe1, 0x5b, 0xdc, 0xe4,
0x07, 0xc5, 0x48, 0x07, 0xb4, 0xbc, 0x80, 0x0e, 0xbd, 0x63, 0x6e, 0x66,
0xf1, 0x12, 0xb6, 0x67, 0xe0, 0x14, 0x74, 0x9f, 0xbb, 0xb3, 0xb8, 0x16,
0xd0, 0x25, 0xe9, 0x21, 0x80, 0x1a, 0x32, 0xb0, 0x58, 0x9a, 0x62, 0x17,
0x18, 0x9d, 0x64, 0x2d, 0x47, 0x89, 0x82, 0x3b, 0x8c, 0x5d, 0x60, 0xc4,
0x54, 0x69, 0xaa, 0xb4, 0x6a, 0x1d, 0x16, 0xb0, 0xe2, 0x5d, 0x7d, 0xeb,
0xb9, 0x80, 0x37, 0xcd, 0x5b, 0xf0, 0xa1, 0xa8, 0x39, 0xb2, 0xd6, 0x3a,
0xc8, 0xcd, 0xca, 0xaf, 0xcb, 0x3b, 0x54, 0xc2, 0x67, 0x49, 0xf3, 0xf1,
0x11, 0x4d, 0x53, 0x7c, 0x46, 0x8d, 0x22, 0xf6, 0x9a, 0x0d, 0x9e, 0xda,
0x37, 0xc6, 0x06, 0x00, 0xca, 0xb6, 0xb6, 0x99, 0xc5, 0xb6, 0x81, 0x7e,
0x87, 0x62, 0xcf, 0x07, 0x76, 0xc1, 0x5f, 0xfe, 0x86, 0xfc, 0x5b, 0xa0,
0xac, 0xca, 0xcb, 0x7d, 0xf5, 0x5a, 0xc2, 0x5e, 0x41, 0x48, 0x35, 0xc4,
0x71, 0x9d, 0xc4, 0x0a, 0x79, 0x6f, 0xe3, 0x6d, 0x47, 0xd4, 0xaa, 0xfd,
0x97, 0xe7, 0xb0, 0x7e, 0x61, 0xf1, 0x7d, 0x7e, 0xf8, 0x78, 0x4c, 0x2e,
0x65, 0x51, 0xeb, 0x99, 0xd0, 0x3e, 0x24, 0x4c, 0xe0, 0x40, 0x7e, 0x2d,
0xf7, 0x00, 0x9d, 0x50, 0x87, 0xce, 0x1f, 0x9a, 0xd2, 0x76, 0x00, 0x09,
0xeb, 0x10, 0x1b, 0x4c, 0xf1, 0x43, 0x0e, 0x35, 0xbb, 0x23, 0x2e, 0x26,
0x3d, 0x66, 0xa3, 0x0f, 0xf6, 0x10, 0x8b, 0x67, 0xce, 0x66, 0xfd, 0xb5,
0x07, 0xdc, 0x04, 0x69, 0xad, 0xe0, 0x4d, 0xdf, 0xdb, 0x2f, 0x87, 0xf7,
0xde, 0xc3, 0x77, 0x89, 0x71, 0xfd, 0x70, 0x38, 0xed, 0xe6, 0x27, 0xb1,
0xbd, 0x94, 0x5f, 0x39, 0x20, 0x72, 0x59, 0xc4, 0x39, 0xd0, 0x20, 0x5d,
0xe2, 0xe7, 0xe0, 0x00, 0x61, 0xc7, 0x65, 0xbd, 0xef, 0x05, 0xb3, 0xc7,
0x7e, 0xae, 0xc5, 0x83, 0x7f, 0xc1, 0x32, 0x4e, 0x2a, 0x17, 0x64, 0x4e,
0x2a, 0x9a, 0x2d, 0x26, 0x99, 0xa2, 0xd7, 0x37, 0x3a, 0x10, 0x6a, 0x89,
0x72, 0x43, 0x0e, 0x3a, 0x03, 0x4c, 0xf9, 0xfe, 0xe8, 0xfc, 0x87, 0x71,
0x37, 0x71, 0x5a, 0x05, 0xbc, 0x4e, 0x20, 0x4c, 0xd7, 0xf9, 0x8d, 0x4e,
0xb8, 0xb8, 0x56, 0x07, 0xc8, 0x6e, 0x34, 0x6d, 0x45, 0x83, 0x34, 0xf0,
0x77, 0xfb, 0x18, 0xec, 0x72, 0xf6, 0x4c, 0xfb, 0xba, 0x84, 0xe9, 0x89,
0x3d, 0xfd, 0xb7, 0x0d, 0x70, 0xae, 0xa4, 0x48, 0x6b, 0x39, 0xf8, 0x62,
0xc0, 0x7f, 0x0c, 0xf2, 0xa3, 0xfa, 0x7a, 0x64, 0x83, 0x57, 0x7d, 0x4c,
0x04, 0x96, 0xd7, 0x9d, 0x10, 0x8b, 0x34, 0x48, 0x17, 0xff, 0x74, 0x5c,
0x9c, 0xbe, 0xeb, 0xe5, 0x52, 0x94, 0x6a, 0x34, 0x6f, 0xf7, 0x95, 0x32,
0x38, 0x5a, 0x9b, 0x08, 0xf6, 0xda, 0x8c, 0x0f, 0x9c, 0x5d, 0x04, 0x45,
0xd4, 0xe9, 0xa4, 0x7a, 0xc4, 0xfd, 0x70, 0xfe, 0xa1, 0x3d, 0x21, 0xa0,
0x01, 0xe5, 0x21, 0xca, 0xa7, 0xd9, 0xf1, 0x9f, 0x45, 0xe1, 0xe8, 0x2d,
0x27, 0xe6, 0x87, 0xc8, 0x0d, 0xad, 0x13, 0xdb, 0xfe, 0x2f, 0xaa, 0x2b,
0xdc, 0xa6, 0x1a, 0xc9, 0x19, 0x78, 0x1a, 0x1f, 0x10, 0xcf, 0x31, 0xe1,
0x06, 0x28, 0x66, 0xb3, 0xa7, 0xa2, 0xa6, 0xf1, 0x3b, 0x2d, 0xd3, 0x81,
0xaf, 0x6f, 0xc9, 0x88, 0x76, 0xe9, 0x83, 0x6c, 0x52, 0xb9, 0x70, 0x51,
0x87, 0x6b, 0x8b, 0xbd, 0x5b, 0x9c, 0xa9, 0xf3, 0xcb, 0x55, 0xd1, 0x76,
0x40, 0xe1, 0x90, 0xb9, 0x4c, 0xbd, 0xab, 0x1d, 0xa0, 0x5b, 0x5b, 0x34,
0x14, 0x2f, 0x87, 0x8f, 0x63, 0xa0, 0x2d, 0x29, 0x4e, 0x50, 0x4b, 0x18,
0x5f, 0x86, 0xac, 0x1b, 0x93, 0xe9, 0x59, 0x38, 0xa1, 0x2a, 0x36, 0x21,
0xb2, 0xa4, 0xc0, 0x79, 0xc1, 0x60, 0xfc, 0x0f, 0xbf, 0x99, 0x04, 0x9d,
0x4b, 0x17, 0x60, 0x5b, 0xcd, 0x78, 0x03, 0xd7, 0x7c, 0x4b, 0x9b, 0x17,
0x58, 0x24, 0x60, 0xb8, 0x08, 0x92, 0x48, 0x4f, 0x66, 0x42, 0x9a, 0x98,
0x2a, 0x99, 0x9a, 0x8f, 0xdd, 0xd7, 0x09, 0xf3, 0x22, 0x66, 0x62, 0xef,
0xe5, 0x64, 0xd3, 0xdf, 0x31, 0xaa, 0x84, 0x4c, 0xa5, 0x3f, 0x4e, 0x27,
0x48, 0x37, 0x96, 0x63, 0xbf, 0x8d, 0xe1, 0xf0, 0xd1, 0xef, 0x95, 0x1a,
0xe6, 0xf4, 0x02, 0x61, 0xbf, 0xe3, 0xbc, 0x8b, 0x3d, 0x0b, 0x77, 0x91,
0xc0, 0x5d, 0xfb, 0xe6, 0x7e, 0xab, 0x5e, 0xc5, 0x1c, 0x5b, 0x16, 0xfd,
0x88, 0xa4, 0x78, 0x4c, 0x06, 0x77, 0xc3, 0x6e, 0x84, 0x0c, 0xda, 0xbf,
0xf3, 0x8e, 0xd3, 0x61, 0x65, 0xac, 0xf2, 0x18, 0x70, 0x68, 0x84, 0x6f,
0x9f, 0x3a, 0x94, 0x81, 0xa6, 0xc7, 0xc3, 0x92, 0xee, 0x4b, 0x20, 0x15,
0x4e, 0x03, 0x76, 0x51, 0x5b, 0x4e, 0xe1, 0x5c, 0x51, 0x5e, 0x1b, 0x9c,
0x30, 0x25, 0x79, 0xdd, 0x70, 0x12, 0xec, 0xdc, 0x45, 0x95, 0x45, 0x43,
0xcd, 0xbb, 0xae, 0xa0, 0x0d, 0x43, 0xb4, 0xc9, 0x8c, 0x62, 0xfd, 0x7b,
0xed, 0x50, 0x78, 0xb7, 0xa6, 0x94, 0xcb, 0x98, 0xb0, 0xbe, 0x09, 0xd9,
0x0c, 0xb2, 0xc4, 0x8b, 0x96, 0x93, 0xd9, 0x26, 0xc6, 0x6d, 0x26, 0x93,
0x32, 0x4e, 0x86, 0x72, 0x74, 0x92, 0x00, 0x72, 0x0b, 0x20, 0xa3, 0x2b,
0x94, 0xe6, 0x10, 0x56, 0x5a, 0x41, 0x71, 0x92, 0x08, 0xce, 0x6c, 0xc4,
0x1d, 0x9e, 0x71, 0x82, 0x64, 0x23, 0xe5, 0x15, 0xef, 0x4a, 0x7c, 0x4d,
0xe3, 0x92, 0xbc, 0xa3, 0xa2, 0x29, 0xb7, 0x46, 0xfa, 0x8f, 0x9f, 0xc2,
0x5d, 0xe4, 0xc0, 0x9c, 0x3f, 0x40, 0x17, 0xae, 0x44, 0xf3, 0x28, 0x10,
0x29, 0x24, 0xa9, 0x1c, 0x9e, 0xd2, 0x55, 0x4c, 0xee, 0x45, 0xfe, 0x4a,
0x45, 0x12, 0xf5, 0xde, 0xc7, 0x64, 0x15, 0xc3, 0x4a, 0x77, 0x63, 0x05,
0x8d, 0xa6, 0x31, 0xa0, 0xad, 0x64, 0xaf, 0x3c, 0x69, 0x2c, 0x25, 0x78,
0xae, 0xa0, 0x88, 0x96, 0x8a, 0xc2, 0x9b, 0x8d, 0xee, 0x6f, 0x2e, 0x79,
0x1f, 0xec, 0x32, 0x35, 0x75, 0x83, 0x19, 0x8b, 0xda, 0xca, 0xd0, 0xaf,
0x6a, 0x6c, 0x42, 0xe8, 0x81, 0xb5, 0x69, 0x31, 0x0b, 0x7d, 0xbc, 0xd8,
0xd2, 0xb7, 0x7a, 0x8f, 0xfa, 0xcf, 0x91, 0x07, 0x1f, 0xda, 0xa9, 0x1f,
0xb7, 0x2d, 0xff, 0x50, 0x15, 0x2a, 0xef, 0x8c, 0xa1, 0xe3, 0x7f, 0x08,
0x95, 0xf2, 0x99, 0x83, 0x1f, 0x97, 0x71, 0x3e, 0x35, 0x3c, 0x8c, 0xe7,
0x08, 0xd8, 0xa6, 0x1f, 0x0c, 0xa6, 0x52, 0xdc, 0x73, 0xa0, 0xfc, 0xd2,
0x73, 0xe9, 0x27, 0x9d, 0xfd, 0x7a, 0x4a, 0x29, 0xd3, 0x12, 0x26, 0x13,
0x0f, 0xce, 0xea, 0x56, 0x99, 0x61, 0x78, 0x47, 0x2c, 0xa0, 0x16, 0xa0,
0xe2, 0x64, 0x97, 0x57, 0x31, 0xf0, 0x32, 0x5b, 0x44, 0x93, 0x76, 0x8b,
0x59, 0x63, 0x5c, 0x5b, 0x0f, 0xe1, 0xe7, 0x74, 0x98, 0x11, 0x2d, 0x90,
0xe4, 0xde, 0xd4, 0x3a, 0xc2, 0xfd, 0x24, 0xe3, 0x1f, 0x7a, 0xf4, 0x40,
0xbb, 0x51, 0x92, 0x8f, 0x68, 0x9c, 0x51, 0xab, 0xdc, 0xf6, 0x1e, 0x96,
0xca, 0x56, 0x5c, 0x92, 0xca, 0xb2, 0x1b, 0x2e, 0x6d, 0x20, 0x28, 0xb3,
0x0a, 0x8e, 0xfd, 0xa9, 0xa2, 0x38, 0x74, 0x60, 0x37, 0xa6, 0x96, 0x02,
0x20, 0x8a, 0x9a, 0x2b, 0x8c, 0xb9, 0x6d, 0xec, 0xff, 0xbf, 0x88, 0xbd,
0x6c, 0xb4, 0x10, 0xbd, 0xfa, 0x5a, 0xeb, 0xb2, 0x6b, 0x74, 0x13, 0x2d,
0xa5, 0xdb, 0x60, 0x93, 0xc6, 0xed, 0x39, 0x4f, 0xc5, 0x63, 0xe1, 0x9e,
0x57, 0x1f, 0xe7, 0x47, 0xa4, 0xfb, 0x7f, 0xfa, 0x3a, 0x46, 0x50, 0x3a,
0xd8, 0xd3, 0x83, 0xf5, 0xe6, 0x5e, 0xf8, 0x09, 0x0d, 0xfa, 0x33, 0xe1,
0x50, 0xe4, 0x36, 0x3e, 0x0a, 0x5d, 0xe6, 0xf8, 0x2e, 0x17, 0x87, 0x8f,
0xe1, 0x8c, 0x82, 0x73, 0xbd, 0xdd, 0x3b, 0x77, 0x47, 0x9f, 0x42, 0xd7,
0xf4, 0x2d, 0x6c, 0xef, 0xcc, 0x22, 0x15, 0x3c, 0xe9, 0x26, 0xea, 0xbc,
0xee, 0x09, 0xd3, 0xea, 0x84, 0x0f, 0x46, 0xa8, 0xe0, 0xda, 0xc5, 0x57,
0x02, 0x54, 0xb6, 0x88, 0x2b, 0x37, 0xe5, 0x96, 0xc5, 0x33, 0xb7, 0x45,
0x5d, 0xb7, 0xc7, 0xfd, 0xa0, 0xfa, 0x85, 0x1b, 0x2f, 0xe1, 0xec, 0x89,
0xc6, 0xb2, 0x51, 0x71, 0xcb, 0x08, 0x82, 0x3e, 0xc9, 0xed, 0x80, 0x9d,
0x37, 0x31, 0x9d, 0x15, 0xde, 0x24, 0x6f, 0xbd, 0x0e, 0x73, 0xa2, 0xb8,
0x7e, 0x29, 0x7e, 0x96, 0xe4, 0xbb, 0xd6, 0x23, 0x17, 0xff, 0x33, 0x97,
0x9c, 0x87, 0xe0, 0xe5, 0x0f, 0xb9, 0xb6, 0x31, 0x33, 0xad, 0xf8, 0xd8,
0xdb, 0xa0, 0x71, 0x13, 0xe4, 0x1c, 0xce, 0xd0, 0x7e, 0x65, 0x7b, 0xa0,
0x38, 0x17, 0x53, 0x4f, 0x71, 0x75, 0x6d, 0x02, 0x61, 0xc4, 0x52, 0xf8,
0xe4, 0x2e, 0xbc, 0x52, 0xc1, 0xb1, 0x7e, 0x83, 0x0a, 0xa1, 0xd1, 0xcd,
0x2f, 0xa0, 0x30, 0xfd, 0x41, 0x86, 0x7f, 0x26, 0xd1, 0xe7, 0xfc, 0xd7,
0xc7, 0x37, 0xe5, 0x11, 0xa6, 0xc0, 0x9a, 0x75, 0x18, 0x04, 0x36, 0xca,
0x8e, 0x26, 0x7d, 0xcf, 0xa2, 0x6a, 0x94, 0x9b, 0xc4, 0xf7, 0xc7, 0xeb,
0x51, 0x13, 0xa3, 0x6f, 0x8c, 0x80, 0x5f, 0xae, 0xf0, 0x18, 0xa0, 0x88,
0xe0, 0x8d, 0xb7, 0x80, 0x4e, 0x8c, 0xec, 0xc8, 0x7b, 0xeb, 0xac, 0x29,
0xb7, 0x4a, 0x0f, 0x33, 0xdd, 0x9d, 0x89, 0x0a, 0x10, 0xb0, 0xce, 0x74,
0x59, 0xa2, 0x62, 0x91, 0xc9, 0xac, 0x56, 0xcd, 0x69, 0xd3, 0x01, 0x6d,
0x51, 0xe7, 0x04, 0xc3, 0xfb, 0xe9, 0x79, 0x1b, 0x72, 0x72, 0x1a, 0x90,
0x0a, 0x20, 0x55, 0x85, 0xc1, 0x8b, 0xeb, 0x1e, 0x9f, 0x9f, 0x4a, 0x81,
0x47, 0x97, 0x96, 0xbc, 0xc2, 0xe4, 0xc2, 0xfe, 0xa0, 0x20, 0xda, 0x70,
0x0c, 0x2b, 0xe2, 0xd4, 0xc8, 0xcb, 0x46, 0x00, 0xb6, 0x7c, 0xfb, 0xbd,
0x56, 0x94, 0x3d, 0x7f, 0x64, 0xf7, 0x88, 0xb5, 0xa7, 0xfe, 0xbe, 0x64,
0x8a, 0xe4, 0x00, 0x08, 0x82, 0x5b, 0x8f, 0x98, 0x77, 0x87, 0xda, 0xaf,
0x16, 0x25, 0x4a, 0x9a, 0xed, 0xfb, 0x50, 0x18, 0x45, 0x46, 0x2b, 0x73,
0xff, 0xb9, 0xb9, 0xab, 0xa2, 0x8f, 0x3a, 0xaf, 0xc5, 0x0a, 0x14, 0x91,
0xb2, 0x3f, 0xa6, 0x93, 0xf4, 0x81, 0x20, 0x77, 0xfa, 0x51, 0x79, 0x62,
0xe8, 0xe6, 0x89, 0x52, 0x39, 0xd5, 0x01, 0xa2, 0x87, 0xa3, 0x53, 0x74,
0x3c, 0x36, 0x8a, 0xc3, 0xb4, 0x44, 0x3b, 0x15, 0x21, 0xf6, 0xdc, 0x18,
0x02, 0xd2, 0x57, 0xe5, 0x10, 0xf0, 0x3d, 0x61, 0xa7, 0x16, 0x85, 0x6f,
0x71, 0x07, 0x75, 0x50, 0x4b, 0x21, 0x53, 0x47, 0x38, 0x35, 0x9e, 0xa7,
0xd8, 0xfd, 0x74, 0x59, 0x15, 0x32, 0x7b, 0x89, 0xd0, 0x2c, 0xd9, 0xf6,
0x40, 0x49, 0x79, 0xdc, 0xfb, 0x0a, 0x64, 0x59, 0x9b, 0x17, 0x47, 0x36,
0xcb, 0xf0, 0xc3, 0xcc, 0x14, 0x8e, 0x1f, 0xa8, 0x12, 0xaa, 0xb7, 0x6a,
0xba, 0x45, 0xf9, 0xc4, 0x44, 0xe7, 0xb5, 0x7c, 0xdd, 0xbe, 0x16, 0x76,
0x52, 0x92, 0x3d, 0x78, 0xb7, 0xec, 0x81, 0x96, 0xd8, 0x7f, 0x34, 0x2a,
0xa2, 0x64, 0x5f, 0xfd, 0xb1, 0x42, 0x4c, 0x79, 0x98, 0xc9, 0x17, 0x48,
0x74, 0x12, 0x72, 0x2c, 0xde, 0x91, 0x7e, 0xa9, 0x49, 0x2a, 0xcc, 0x5c,
0x60, 0x05, 0x25, 0x09, 0x72, 0x20, 0x80, 0x42, 0x7b, 0x18, 0xc2, 0xfc,
0x2a, 0x5e, 0x3e, 0x2d, 0x61, 0xa6, 0xf6, 0x82, 0x42, 0x83, 0x81, 0x66,
0x4d, 0xa6, 0xe1, 0xf9, 0xf6, 0x48, 0xd4, 0xc8, 0x69, 0xed, 0xee, 0xb5,
0x7a, 0xcb, 0xf6, 0x0a, 0x76, 0x0e, 0x61, 0x8b, 0xf2, 0x1a, 0x8a, 0xa7,
0x88, 0xb0, 0x90, 0xd5, 0x23, 0xaa, 0xe0, 0x2b, 0xd6, 0xd0, 0xef, 0x49,
0x13, 0x88, 0xc7, 0x50, 0xf0, 0x9e, 0xd5, 0x28, 0xe1, 0xaa, 0x1d, 0xaf,
0xd9, 0x73, 0xb3, 0x9e, 0xa7, 0xd8, 0xfc, 0xb9, 0x22, 0x97, 0x0e, 0x21,
0xa0, 0xb9, 0xf9, 0xea, 0x1e, 0x95, 0x88, 0xda, 0x85, 0x7c, 0x32, 0x7c,
0xbd, 0xef, 0xf8, 0x44, 0x25, 0x5f, 0x23, 0xfd, 0x14, 0x78, 0xc6, 0xdb,
0x86, 0xee, 0xf8, 0xda, 0xc0, 0xae, 0x92, 0x6a, 0x03, 0xa9, 0x0a, 0xee,
0x4a, 0x22, 0x5a, 0x6c, 0x39, 0xd3, 0x91, 0x7d, 0x91, 0x43, 0xac, 0x79,
0xad, 0xab, 0xb7, 0x91, 0xb1, 0x20, 0x84, 0x7f, 0x0a, 0xd7, 0xa8, 0x62,
0x95, 0xab, 0x04, 0xb6, 0xb2, 0xf1, 0xd4, 0xb0, 0xac, 0x52, 0x89, 0xb0,
0x93, 0xdf, 0xdf, 0x80, 0x26, 0x0c, 0x32, 0x31, 0xb3, 0xba, 0xa1, 0xba,
0x6f, 0xa3, 0x14, 0x5c, 0xfa, 0x37, 0x3b, 0x6a, 0xf2, 0xc4, 0x34, 0x27,
0x08, 0x1a, 0xe4, 0xfc, 0x89, 0x58, 0x79, 0x34, 0x36, 0xe4, 0xad, 0x4b,
0x3f, 0x57, 0x7b, 0xc1, 0x59, 0x2d, 0xb6, 0x54, 0x44, 0xbe, 0x4e, 0x5d,
0x0d, 0x6a, 0xf3, 0xcd, 0xbf, 0xcd, 0x4d, 0x9f, 0x9a, 0x50, 0x09, 0xa4,
0x6b, 0x8b, 0xb3, 0x01, 0x69, 0x6c, 0x69, 0x5d, 0x28, 0x73, 0x9e, 0xb5,
0xc2, 0xc7, 0x6e, 0xff, 0x4c, 0x5c, 0x6b, 0x93, 0x22, 0xc1, 0x9f, 0xa6,
0x71, 0xbf, 0x4d, 0x2d, 0x4e, 0x4e, 0x98, 0xa3, 0x6d, 0xab, 0x05, 0xa0,
0xde, 0x34, 0x41, 0x28, 0xa4, 0x38, 0x75, 0x4e, 0xdf, 0x7f, 0xc9, 0xdd,
0xbf, 0x5a, 0xd4, 0xcd, 0x38, 0x0c, 0x89, 0xe7, 0x0e, 0xfc, 0x0f, 0x27,
0x39, 0x21, 0xa4, 0xa6, 0x07, 0x7b, 0x2a, 0x13, 0x56, 0xe7, 0x4e, 0x55,
0x57, 0x71, 0x98, 0xb9, 0x3d, 0x59, 0xb5, 0xa8, 0x24, 0x18, 0x08, 0xa2,
0x6e, 0x9a, 0xe5, 0x97, 0xa7, 0x38, 0xd9, 0x43, 0x9b, 0x19, 0x17, 0x34,
0x03, 0xd6, 0xba, 0xe9, 0x71, 0x38, 0x26, 0x90, 0x78, 0x9e, 0x1c, 0x41,
0x8d, 0x60, 0xdd, 0x0e, 0x12, 0x46, 0x37, 0xb4, 0x79, 0x87, 0x33, 0x12,
0x24, 0xc4, 0x5a, 0x6c, 0x70, 0xa2, 0xb2, 0x58, 0xbb, 0xe7, 0xd6, 0x88,
0x42, 0x2d, 0x49, 0xc8, 0x67, 0x1e, 0xc5, 0xed, 0x16, 0xa8, 0x1f, 0x36,
0x2b, 0xfb, 0x0d, 0x51, 0x96, 0xc8, 0x78, 0xf2, 0xab, 0x82, 0xa1, 0xe2,
0xaf, 0x8c, 0xa4, 0x13, 0x54, 0x90, 0xf1, 0xe7, 0xbb, 0xd1, 0x09, 0x23,
0x76, 0x0e, 0x50, 0x32, 0xc5, 0x54, 0xbb, 0x1e, 0x12, 0x5d, 0x59, 0xf3,
0xe9, 0xc9, 0xa4, 0xaa, 0xbc, 0x13, 0x1d, 0xf0, 0x79, 0x54, 0xae, 0x70,
0xc0, 0xea, 0xcb, 0x21, 0x32, 0xe6, 0xe6, 0x8e, 0xaa, 0x51, 0x46, 0x25,
0x1e, 0xf1, 0x3f, 0x9f, 0xf6, 0xff, 0x19, 0x53, 0x97, 0xbc, 0xa2, 0xb6,
0x91, 0x59, 0x27, 0x1e, 0x39, 0x76, 0x76, 0x02, 0x0b, 0x03, 0x25, 0x6b,
0x00, 0x02, 0xfa, 0x7d, 0x69, 0x5e, 0xde, 0x64, 0x33, 0xbf, 0xab, 0x3e,
0x3f, 0x24, 0x32, 0x68, 0xbf, 0x90, 0x8f, 0x0f, 0xc5, 0x36, 0x58, 0x9e,
0x9b, 0x11, 0xd1, 0x2a, 0x8a, 0x0d, 0xac, 0x3a, 0x23, 0xe2, 0x8e, 0xd6,
0x0d, 0x4a, 0x8b, 0x45, 0x04, 0x47, 0xd9, 0x5a, 0x46, 0x6c, 0x70, 0x82,
0xc7, 0x81, 0x67, 0xdc, 0xa6, 0xfa, 0x6a, 0x86, 0xfd, 0x01, 0xed, 0x90,
0xf6, 0xe6, 0x26, 0x6d, 0xac, 0x52, 0x03, 0x4a, 0x91, 0x08, 0x7b, 0xa5,
0x9c, 0xca, 0xd3, 0x2d, 0x79, 0xf1, 0xed, 0xcb, 0xaa, 0x8f, 0x77, 0xc8,
0x17, 0xa8, 0xfb, 0x6c, 0x15, 0x62, 0xab, 0x34, 0xd1, 0xdd, 0x94, 0x3e,
0xd4, 0x0c, 0x47, 0xed, 0x04, 0x91, 0xd2, 0xd7, 0x98, 0xb4, 0x43, 0x57,
0xd1, 0x54, 0xef, 0x63, 0xba, 0xe3, 0x8a, 0x72, 0xc5, 0xb9, 0xf4, 0x30,
0xfa, 0x16, 0x3c, 0xe1, 0xbb, 0xbe, 0x57, 0x90, 0xb9, 0xa1, 0xa0, 0x23,
0xfa, 0xdd, 0xbe, 0x2f, 0xb3, 0xec, 0x41, 0x8b, 0x64, 0xeb, 0xc5, 0x41,
0xea, 0xa8, 0x16, 0x76, 0x6f, 0x28, 0xda, 0x2b, 0x5f, 0x03, 0x0b, 0xe8,
0x1c, 0x29, 0x71, 0xd8, 0x4e, 0x41, 0xdf, 0x39, 0x8e, 0x6a, 0x95, 0x79,
0x85, 0x9c, 0xa9, 0x79, 0xd9, 0x8f, 0x33, 0xaf, 0x15, 0x3b, 0x5a, 0x82,
0x56, 0x32, 0x98, 0x0c, 0xf6, 0xf6, 0x64, 0x42, 0xd4, 0x6a, 0x15, 0x0f,
0xb9, 0x75, 0x22, 0xbd, 0x9a, 0x58, 0xa6, 0x01, 0x3a, 0x63, 0xf0, 0x80,
0x78, 0x22, 0x80, 0xa0, 0x14, 0xe1, 0x37, 0x6b, 0xd4, 0x99, 0x3f, 0xc2,
0xba, 0x2b, 0x8f, 0xf3, 0x56, 0xc8, 0x1b, 0xe4, 0x7a, 0x5e, 0x96, 0x60,
0xee, 0x74, 0x54, 0xb6, 0x6d, 0x5c, 0x3d, 0x3e, 0x05, 0xf0, 0x9a, 0xf6,
0xcd, 0xdd, 0x06, 0xdb, 0x8c, 0x21, 0xb9, 0xf5, 0x28, 0x57, 0x9c, 0x4f,
0xb4, 0x08, 0xcf, 0xac, 0x6c, 0xfe, 0x30, 0xaf, 0xa2, 0xef, 0xcf, 0x93,
0x15, 0xdd, 0x12, 0x16, 0x19, 0x7d, 0xbc, 0x57, 0xd9, 0xce, 0xbe, 0x0e,
0xfc, 0xe1, 0xf0, 0x4a, 0x7c, 0xaa, 0xbf, 0x20, 0x64, 0x00, 0x34, 0x59,
0xed, 0xea, 0x12, 0x58, 0x46, 0x4c, 0xc6, 0x2f, 0x77, 0x62, 0x1d, 0x82,
0x5c, 0xe8, 0x98, 0x0d, 0xef, 0x5c, 0x0e, 0xec, 0x5d, 0x2e, 0x5f, 0xd2,
0x22, 0x43, 0x2d, 0xe1, 0x02, 0xd5, 0x4a, 0x0a, 0x79, 0x6f, 0xa5, 0xec,
0x48, 0xaa, 0xee, 0xf8, 0xe3, 0x5f, 0xdd, 0xe7, 0x26, 0x87, 0xb5, 0xc4,
0xcf, 0xd9, 0x7f, 0xa8, 0xaa, 0xb6, 0xbe, 0xe9, 0x02, 0x49, 0x5d, 0x5f,
0x81, 0x8b, 0xb9, 0xbd, 0xc0, 0xc9, 0xd5, 0xfe, 0x36, 0x3e, 0x49, 0x56,
0x63, 0x8b, 0xce, 0xef, 0x48, 0x6e, 0xc0, 0xd4, 0x04, 0x0c, 0x33, 0x45,
0x6e, 0x97, 0x9e, 0xa3, 0xae, 0xbc, 0xc2, 0xce, 0xdc, 0xe3, 0xff, 0x48,
0x51, 0x68, 0x89, 0xad, 0xae, 0xc7, 0xd1, 0xde, 0xe2, 0xf9, 0xfe, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06,
0x0c, 0x18, 0x20, 0x24, 0x2f, 0x33, 0x3f
};
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_draft_sig[] = {
0x78, 0xed, 0x1a, 0x3f, 0x41, 0xab, 0xf8, 0x93, 0x80, 0xf0,
0xc6, 0xbf, 0x4a, 0xde, 0xaf, 0x29, 0x93, 0xe5, 0x9a, 0xbf,
0x38, 0x08, 0x18, 0x33, 0xca, 0x7d, 0x5e, 0x65, 0xa4, 0xd2,
0xd7, 0x45, 0xe3, 0xe7, 0x58, 0xfb, 0x05, 0xab, 0x65, 0x57,
0xac, 0x6f, 0xf5, 0x43, 0x28, 0x5f, 0x9c, 0x9a, 0x3e, 0x35,
0x84, 0xe4, 0xef, 0xa5, 0x57, 0x17, 0xad, 0x51, 0x44, 0x70,
0x09, 0x00, 0x81, 0xbe, 0xfe, 0x14, 0x01, 0xfe, 0x0c, 0x94,
0xbe, 0xa9, 0x89, 0xfd, 0x47, 0xfc, 0xb9, 0xd8, 0x17, 0x4d,
0xd8, 0x73, 0xd5, 0x50, 0x9f, 0x13, 0x6c, 0x07, 0x71, 0x47,
0xaa, 0x3c, 0xc0, 0x64, 0x00, 0x19, 0x2e, 0x74, 0x51, 0x0e,
0x0f, 0x25, 0x30, 0x7f, 0x13, 0x96, 0xc6, 0xc5, 0xbf, 0xd4,
0x82, 0xd3, 0x0d, 0xd3, 0x65, 0x4c, 0x72, 0x67, 0xe2, 0x37,
0x6b, 0x3c, 0x8e, 0xa3, 0x36, 0x84, 0xe9, 0xaa, 0xac, 0x7d,
0xf3, 0xac, 0xfc, 0x01, 0x50, 0x87, 0x88, 0xf6, 0xbf, 0x84,
0xc3, 0xa0, 0x23, 0xe4, 0xe8, 0x01, 0x38, 0x39, 0x30, 0x8a,
0xf3, 0xba, 0x92, 0x62, 0x37, 0xd7, 0x20, 0xd7, 0xf7, 0x41,
0xff, 0xae, 0x81, 0x02, 0x29, 0x2a, 0x66, 0x8b, 0x20, 0xbe,
0x61, 0x8d, 0xfb, 0x7c, 0x70, 0x14, 0xad, 0xf4, 0x94, 0x8c,
0xee, 0x64, 0x3b, 0x9f, 0xe1, 0x6e, 0x68, 0x17, 0x07, 0xb8,
0xfc, 0x99, 0xdc, 0xde, 0x69, 0x58, 0x8c, 0x97, 0x7d, 0xb3,
0x2c, 0x9e, 0x90, 0x33, 0x2e, 0x7b, 0xbf, 0xf8, 0x6f, 0xf8,
0x12, 0x64, 0xda, 0xc0, 0xfb, 0x30, 0xe6, 0xbf, 0x7b, 0x9a,
0xde, 0xb5, 0xac, 0x9d, 0x6b, 0xcb, 0xe1, 0x0d, 0xf1, 0xbb,
0xf3, 0x97, 0xc5, 0x08, 0xd3, 0x3e, 0xe3, 0xa4, 0xeb, 0x6f,
0x6b, 0x62, 0x61, 0xc5, 0x0b, 0xa8, 0x02, 0xc2, 0xf1, 0xbe,
0xbb, 0x93, 0x13, 0xa5, 0x8d, 0x7b, 0x5a, 0x6d, 0x1f, 0x28,
0xbc, 0x35, 0xd8, 0xe8, 0xcf, 0x80, 0x8b, 0x4b, 0x02, 0x80,
0x3b, 0xdc, 0x00, 0xce, 0x88, 0xb0, 0x62, 0x35, 0x7d, 0x51,
0x7f, 0x5c, 0xb2, 0x23, 0x85, 0x47, 0x7e, 0x73, 0x88, 0x65,
0xfd, 0x0d, 0x47, 0x33, 0xef, 0xb9, 0x75, 0x05, 0x86, 0x5d,
0xd3, 0x98, 0xa6, 0x91, 0xe6, 0x8c, 0xe2, 0x71, 0x7a, 0x95,
0xe0, 0x8c, 0x54, 0x4b, 0x68, 0x4d, 0x5a, 0xec, 0xad, 0xae,
0x54, 0x4e, 0x3b, 0x0e, 0xcd, 0x70, 0xe6, 0x81, 0xbf, 0xf4,
0x86, 0xab, 0xfe, 0xd8, 0xed, 0x69, 0xdd, 0x0f, 0x75, 0x8f,
0x8e, 0xcd, 0x72, 0x40, 0x21, 0xee, 0x80, 0x6f, 0x9e, 0xa0,
0x80, 0xf7, 0xf6, 0xa2, 0xf5, 0x04, 0x82, 0xea, 0xb6, 0xb1,
0xa3, 0xfe, 0xa2, 0x2d, 0x83, 0xc7, 0x01, 0x4b, 0x27, 0x19,
0x6a, 0x31, 0x04, 0x70, 0xce, 0x75, 0x22, 0x4b, 0x7a, 0x21,
0x29, 0xfd, 0xe9, 0xcb, 0xbb, 0xca, 0x95, 0x0a, 0xd8, 0xcd,
0x20, 0x2a, 0xb7, 0xbe, 0xdf, 0x2f, 0x0f, 0xfa, 0xf1, 0xc0,
0x39, 0xf3, 0x74, 0x22, 0x05, 0x33, 0xca, 0x2a, 0x9c, 0x9f,
0x06, 0x71, 0x90, 0x1e, 0x74, 0x4b, 0xbe, 0x9a, 0xc7, 0x1e,
0x37, 0x9b, 0x96, 0x19, 0xfd, 0xa0, 0x61, 0x87, 0x93, 0xab,
0x75, 0x79, 0xac, 0x2f, 0x83, 0xe1, 0x8c, 0x70, 0x54, 0x70,
0x01, 0x93, 0xce, 0x76, 0x7a, 0x08, 0xe7, 0x75, 0xfb, 0x5e,
0xa4, 0xcc, 0xd6, 0xeb, 0x90, 0xe2, 0x57, 0x07, 0x53, 0x88,
0x8f, 0x7f, 0x29, 0x39, 0x80, 0xc4, 0x7f, 0x70, 0x6f, 0xff,
0x44, 0x25, 0x2b, 0x9e, 0xa1, 0xbb, 0xda, 0x43, 0x53, 0x14,
0xf8, 0x97, 0x08, 0xa4, 0xaf, 0xa0, 0xa5, 0x0c, 0xfa, 0xcc,
0xba, 0xcd, 0x4f, 0xd3, 0x90, 0x28, 0x02, 0x25, 0xbe, 0xc6,
0x35, 0x66, 0x99, 0xb0, 0x69, 0x46, 0xe5, 0xbf, 0x7e, 0x4f,
0x53, 0x11, 0x1f, 0xa5, 0x2c, 0x9b, 0xd1, 0x70, 0x90, 0x34,
0x66, 0xaa, 0x9f, 0xa8, 0x02, 0x3a, 0x05, 0x2b, 0x0a, 0xd0,
0x72, 0x5d, 0x01, 0x7b, 0x02, 0xce, 0x18, 0xb9, 0x63, 0xd1,
0x7d, 0xd2, 0x34, 0xa3, 0x2d, 0xaa, 0x78, 0xf0, 0x30, 0x6e,
0x59, 0xe3, 0xf1, 0x1e, 0xf1, 0x33, 0x41, 0xde, 0xc4, 0x4e,
0x88, 0x61, 0xc3, 0xb4, 0x6b, 0x21, 0x5d, 0xcc, 0x69, 0x44,
0xf3, 0xb0, 0x84, 0x54, 0x2a, 0x23, 0x22, 0xa2, 0xc4, 0xba,
0xad, 0x00, 0x57, 0x5b, 0xdf, 0xa0, 0xf7, 0x1c, 0x00, 0xc3,
0x23, 0x93, 0xc0, 0x2f, 0x3b, 0x9d, 0x6e, 0x8c, 0x38, 0xa6,
0x5e, 0xd8, 0x98, 0x7a, 0x6c, 0x90, 0xd5, 0x40, 0x3f, 0x8c,
0xc3, 0xf0, 0x92, 0x66, 0xc4, 0xe5, 0xa8, 0x42, 0x25, 0x4c,
0x56, 0x42, 0x37, 0x9a, 0xa4, 0x1d, 0xf5, 0xb0, 0xe3, 0x8a,
0x9c, 0x57, 0x52, 0x63, 0xdc, 0xd9, 0xb0, 0xbf, 0xc3, 0xfc,
0xfc, 0x6c, 0xab, 0x41, 0xae, 0xec, 0xc7, 0x40, 0x80, 0xb6,
0x0b, 0x3c, 0xa9, 0xf5, 0x4f, 0x2d, 0xf6, 0x72, 0xe3, 0xba,
0x13, 0x2c, 0x73, 0x61, 0x98, 0x66, 0x6f, 0x03, 0x88, 0x3b,
0xe6, 0x95, 0x43, 0x33, 0x3b, 0xfe, 0xfd, 0x63, 0x8c, 0x00,
0x8a, 0x67, 0x1c, 0x46, 0x0e, 0x0b, 0x51, 0x26, 0x79, 0x4f,
0x7b, 0xb1, 0x36, 0x34, 0x52, 0x41, 0x7e, 0x74, 0xbb, 0x71,
0x52, 0x8f, 0xcc, 0xf2, 0x99, 0x24, 0x3f, 0x18, 0xe6, 0xcf,
0xdf, 0x6b, 0xfe, 0x77, 0xfa, 0xa8, 0x3f, 0xe3, 0x6b, 0xb7,
0x32, 0x30, 0x8e, 0x16, 0x08, 0x59, 0x66, 0xdf, 0x95, 0x75,
0x7d, 0xa3, 0x80, 0xf0, 0x0c, 0x1a, 0xa8, 0xe7, 0x87, 0x2f,
0xe3, 0x39, 0x11, 0x82, 0x00, 0x3e, 0xe5, 0x71, 0x05, 0x7d,
0x0c, 0x90, 0xae, 0xbc, 0xbf, 0xe0, 0x4b, 0x8f, 0x91, 0x85,
0x1d, 0x0a, 0xa2, 0x36, 0x66, 0x18, 0x78, 0xd0, 0x0a, 0xa0,
0xaf, 0x0f, 0x1c, 0x01, 0xdb, 0xb2, 0x21, 0x96, 0x25, 0xf7,
0x9e, 0x3a, 0x9e, 0xc3, 0xe8, 0x92, 0x34, 0xaf, 0x7e, 0x3b,
0x5f, 0xd9, 0x23, 0x97, 0x09, 0xf1, 0x87, 0x31, 0x3a, 0x94,
0xc8, 0x9b, 0x52, 0xf4, 0x57, 0x54, 0x7b, 0x3e, 0x50, 0xd3,
0x75, 0x2a, 0xba, 0x97, 0xd7, 0xec, 0x95, 0x6c, 0x35, 0x63,
0xa4, 0xa1, 0x8f, 0xf5, 0xcc, 0xbe, 0x42, 0x65, 0x4e, 0x69,
0x35, 0x55, 0xa5, 0x3e, 0xc4, 0xf0, 0xde, 0x60, 0x54, 0xdf,
0xbb, 0x83, 0xad, 0xdf, 0xa5, 0x24, 0x8f, 0xbe, 0x0b, 0x16,
0xfc, 0xf2, 0x64, 0xd5, 0x79, 0x68, 0xf3, 0x91, 0x81, 0x2a,
0xd7, 0x1c, 0xc0, 0xdd, 0xe6, 0xb6, 0xb3, 0xa2, 0x4f, 0xc0,
0x6d, 0x77, 0x02, 0xee, 0x43, 0xd6, 0x5e, 0x82, 0x66, 0x7f,
0xb4, 0xe6, 0x5c, 0xff, 0x87, 0x1e, 0x1d, 0x6f, 0x1d, 0x96,
0x6d, 0xbd, 0x90, 0x57, 0x65, 0xc2, 0x01, 0x35, 0xfa, 0x9a,
0xc6, 0xe0, 0x4e, 0x2c, 0x4b, 0x16, 0xfa, 0x0d, 0x38, 0x87,
0x39, 0x2c, 0x2b, 0x48, 0x14, 0x92, 0x3d, 0x83, 0x00, 0xa9,
0x1a, 0x3d, 0x4d, 0x30, 0x23, 0x48, 0xcd, 0xd5, 0xcd, 0x01,
0xb1, 0x45, 0x85, 0xcc, 0x66, 0x47, 0x1d, 0x63, 0x3d, 0x70,
0xb8, 0x0c, 0xfd, 0xe3, 0xb2, 0x0f, 0x64, 0x6e, 0xb9, 0x2b,
0xe5, 0xb0, 0x4d, 0x44, 0x4d, 0x66, 0x1a, 0xfa, 0x49, 0xbb,
0xc3, 0xb8, 0xad, 0x64, 0x23, 0x7e, 0x71, 0x9f, 0x59, 0xec,
0x25, 0xa8, 0x5e, 0x11, 0xd6, 0x6e, 0xc9, 0x09, 0xe7, 0xb9,
0x6a, 0x63, 0x91, 0xaa, 0x5d, 0xd2, 0x8c, 0x91, 0xe8, 0x8d,
0x35, 0x6d, 0x10, 0xf6, 0xfc, 0x6a, 0x3c, 0x77, 0x90, 0xf8,
0x2a, 0x49, 0x13, 0x7f, 0xdb, 0xf5, 0x0c, 0xe9, 0xc8, 0x57,
0xc6, 0xfd, 0x26, 0x8d, 0x79, 0xb5, 0xdd, 0x47, 0x74, 0x6e,
0xe8, 0x8f, 0x50, 0xf5, 0xa7, 0x9e, 0xd1, 0x74, 0x10, 0xbb,
0xf4, 0x8f, 0x8f, 0x0d, 0xcd, 0x1f, 0xf6, 0x59, 0xb8, 0x6c,
0xd2, 0x37, 0x83, 0x28, 0xb2, 0x36, 0xc1, 0x39, 0x5b, 0xde,
0x59, 0xee, 0x77, 0xa2, 0x6e, 0x67, 0xc6, 0xea, 0x1d, 0x2b,
0x41, 0x8f, 0x6f, 0x96, 0x94, 0x1b, 0x5d, 0xab, 0x30, 0x53,
0x1e, 0xf8, 0x17, 0x06, 0xea, 0xcc, 0x98, 0xa8, 0xdf, 0x81,
0xe1, 0x80, 0xb7, 0xad, 0x69, 0xcb, 0x8f, 0x81, 0x1e, 0x76,
0x75, 0x3c, 0x11, 0x9b, 0x38, 0x95, 0xa7, 0x87, 0x1f, 0xd9,
0x76, 0x82, 0x21, 0x13, 0x25, 0x20, 0x42, 0xd3, 0x8c, 0xd9,
0x1c, 0x64, 0xed, 0xe9, 0x55, 0xb5, 0x29, 0x98, 0x85, 0x7c,
0x01, 0x94, 0xaa, 0xdd, 0x8c, 0x78, 0x08, 0x99, 0x99, 0x5a,
0xf6, 0x61, 0x4c, 0xe0, 0x99, 0xf8, 0x15, 0x74, 0x2e, 0x0d,
0x14, 0x89, 0x11, 0x84, 0xcd, 0x78, 0x0c, 0x6b, 0x48, 0xde,
0xb4, 0xd6, 0x05, 0xbd, 0x99, 0x58, 0xb7, 0xe5, 0xc5, 0x7a,
0x43, 0x18, 0x55, 0x33, 0x16, 0x2b, 0xfa, 0x27, 0xf5, 0xbb,
0xaa, 0x52, 0xb5, 0x28, 0x5c, 0xfe, 0x61, 0x7f, 0x7a, 0x70,
0xc2, 0x32, 0x4b, 0x05, 0x8d, 0x7b, 0x4d, 0x22, 0x57, 0x25,
0x40, 0x46, 0x7c, 0xad, 0x2f, 0x8a, 0xc8, 0x16, 0xd6, 0xac,
0x4e, 0xe3, 0xe3, 0x29, 0xe4, 0xe8, 0x00, 0x2b, 0xc9, 0xe3,
0x3a, 0x6f, 0x66, 0xf1, 0x37, 0x37, 0x52, 0x88, 0x77, 0xf6,
0xbd, 0x59, 0x5f, 0xf8, 0x11, 0x46, 0x7b, 0x12, 0x88, 0x2f,
0x4b, 0x0d, 0x16, 0x89, 0x3e, 0x2a, 0x56, 0x58, 0xa8, 0x1c,
0xee, 0x23, 0xd5, 0x66, 0x86, 0x5f, 0x59, 0x55, 0xac, 0x07,
0xfd, 0xda, 0x6b, 0xf1, 0xc7, 0x01, 0x19, 0xdb, 0xff, 0x63,
0x6f, 0x27, 0xdb, 0xa1, 0xc7, 0xe9, 0xe0, 0xdb, 0xe4, 0x9a,
0xce, 0xf5, 0xac, 0x68, 0xab, 0x59, 0x0c, 0x83, 0xa3, 0x1c,
0x2a, 0x86, 0x55, 0xe2, 0xaa, 0xa1, 0xb3, 0xed, 0xc2, 0x2d,
0x43, 0xc5, 0x13, 0x68, 0xe4, 0x83, 0x3e, 0xd5, 0x7f, 0xf7,
0xd5, 0xd0, 0x60, 0xd3, 0x70, 0x7f, 0x88, 0xaa, 0xca, 0x74,
0xcc, 0x50, 0x8d, 0x55, 0x9c, 0xfe, 0x4a, 0xc6, 0xc9, 0x36,
0xf7, 0x27, 0x26, 0x64, 0xd3, 0x6c, 0xdb, 0x16, 0x31, 0x81,
0xe9, 0xce, 0x73, 0x60, 0x61, 0x9c, 0x0f, 0xb5, 0x6e, 0x68,
0xbc, 0xb1, 0x9e, 0x9f, 0xcd, 0x6c, 0x27, 0x31, 0x2d, 0x40,
0x36, 0xce, 0x91, 0xee, 0x47, 0xdc, 0xa0, 0x4f, 0xd7, 0x14,
0x4f, 0x93, 0x00, 0xc4, 0x34, 0xca, 0xd4, 0x42, 0x21, 0x90,
0xf6, 0x9d, 0xea, 0x45, 0x15, 0xfe, 0x2d, 0xd6, 0xab, 0xc2,
0x36, 0x47, 0xc0, 0x5b, 0xd2, 0xae, 0x53, 0x33, 0xb0, 0x2d,
0x29, 0xa3, 0x14, 0xda, 0xa4, 0x48, 0xc1, 0x57, 0x0c, 0xdc,
0x72, 0x4a, 0xd0, 0xf5, 0x5b, 0x9a, 0x57, 0x1d, 0x06, 0xc8,
0x0f, 0xc7, 0x5b, 0x70, 0xbb, 0x27, 0xf4, 0xe2, 0xf4, 0xf3,
0x3c, 0xdc, 0xba, 0x43, 0xc4, 0x4e, 0xe2, 0x96, 0xd4, 0x6c,
0x33, 0x3e, 0xbf, 0x85, 0xf7, 0x3c, 0x1d, 0x46, 0x59, 0x4e,
0xa1, 0xa7, 0xa3, 0x76, 0x55, 0x8a, 0x72, 0x83, 0xd0, 0x45,
0x86, 0x38, 0xa5, 0x4d, 0xc8, 0x62, 0xe4, 0x8a, 0xd5, 0x8e,
0xb7, 0x4c, 0x6e, 0xaf, 0xa4, 0xbe, 0x88, 0x87, 0x77, 0xd1,
0x7b, 0xb2, 0x1d, 0xe0, 0x1e, 0x53, 0x30, 0x31, 0x15, 0x6c,
0x10, 0x81, 0x03, 0x55, 0xa7, 0x69, 0xb6, 0xa5, 0x48, 0xf4,
0xb2, 0x3b, 0x76, 0x8b, 0x2e, 0x42, 0xa6, 0xaa, 0x7e, 0x66,
0x57, 0xc2, 0x11, 0xc5, 0x2c, 0x7d, 0x96, 0xdf, 0xe3, 0x58,
0x12, 0x98, 0x18, 0x0d, 0x87, 0xbd, 0x64, 0xbd, 0xfe, 0x6d,
0xad, 0x6d, 0x1e, 0xf6, 0x34, 0x01, 0xb5, 0x56, 0xe8, 0x6a,
0xb3, 0x8c, 0x70, 0x84, 0x36, 0x17, 0xd6, 0x4b, 0xaa, 0x57,
0xab, 0xb3, 0x45, 0x30, 0x36, 0x10, 0xd4, 0xee, 0x8a, 0xc9,
0x29, 0xd1, 0x92, 0x9b, 0xe2, 0x7c, 0x12, 0xd1, 0x29, 0x62,
0x41, 0x69, 0xae, 0x3a, 0x50, 0xcc, 0x89, 0x50, 0x2e, 0xe6,
0x07, 0xf8, 0x9c, 0x98, 0x80, 0xd5, 0xa3, 0xc8, 0x74, 0xfb,
0xfc, 0x91, 0x16, 0x02, 0xdc, 0xf0, 0x42, 0x49, 0xbc, 0xc9,
0x2f, 0x7f, 0x8d, 0x93, 0xf7, 0xf0, 0x74, 0xb7, 0xd1, 0x55,
0xfc, 0x79, 0x03, 0x37, 0xfb, 0xf6, 0x7d, 0x2f, 0x2d, 0xf8,
0x6b, 0xc5, 0xf9, 0x66, 0x38, 0xf5, 0xfd, 0x64, 0xc6, 0x08,
0x99, 0xb3, 0x25, 0xad, 0xf4, 0xfd, 0x69, 0x2f, 0xf1, 0x18,
0x46, 0xd6, 0x5c, 0x1a, 0x37, 0xcd, 0xee, 0xa3, 0xbf, 0x0f,
0x57, 0x5c, 0xc3, 0x97, 0x94, 0x84, 0x89, 0xbe, 0x00, 0xf6,
0x40, 0xe9, 0x5a, 0x52, 0xaf, 0x3a, 0x5b, 0xf4, 0x56, 0xb0,
0x04, 0x49, 0xc6, 0x32, 0x8c, 0xa1, 0x0a, 0xd8, 0x88, 0xa1,
0xc3, 0xb7, 0x8b, 0x96, 0xc3, 0x39, 0x51, 0x50, 0x83, 0xa6,
0xf0, 0x6d, 0xe7, 0x6e, 0x20, 0xff, 0x9d, 0xac, 0x03, 0x57,
0xbc, 0xcb, 0x6a, 0x19, 0xa7, 0xc5, 0xd2, 0x44, 0x4f, 0x17,
0x1e, 0x9a, 0x8d, 0x97, 0x25, 0x55, 0x52, 0x49, 0xe2, 0x48,
0xae, 0x4b, 0x3f, 0x94, 0x5a, 0xb2, 0x2d, 0x40, 0xd9, 0x85,
0xef, 0x03, 0xa0, 0xd3, 0x66, 0x9a, 0x8f, 0x7b, 0xc0, 0x8d,
0x54, 0x95, 0x42, 0x49, 0xeb, 0x15, 0x00, 0xf3, 0x6d, 0x6f,
0x40, 0xf2, 0x8b, 0xc1, 0x50, 0xa6, 0x22, 0x3b, 0xd6, 0x88,
0xa1, 0xf7, 0xb0, 0x1f, 0xcd, 0x20, 0x4e, 0x5b, 0xad, 0x66,
0x4a, 0xda, 0x40, 0xee, 0x4c, 0x4c, 0x3e, 0xa7, 0x75, 0x51,
0x90, 0xba, 0xee, 0x59, 0xbc, 0xe3, 0xcd, 0x4d, 0xb9, 0x57,
0xb7, 0xf8, 0xc1, 0xb9, 0x8d, 0x0f, 0x58, 0x2c, 0x4c, 0x98,
0xa6, 0x9c, 0xd9, 0x0e, 0x25, 0x4f, 0xea, 0x4c, 0x15, 0x0b,
0x89, 0xe4, 0xac, 0xa1, 0x5a, 0xa1, 0xfd, 0x5b, 0xc6, 0xfe,
0xf0, 0xf1, 0x4c, 0xa7, 0x60, 0xbc, 0xc3, 0xa5, 0x80, 0x00,
0x3b, 0x3f, 0x22, 0x38, 0x60, 0x40, 0x76, 0x52, 0x83, 0x32,
0xee, 0x20, 0x6a, 0xf9, 0x1e, 0x6b, 0x99, 0x52, 0xe7, 0x04,
0xdc, 0x5a, 0x9d, 0x77, 0x8a, 0xdd, 0x9b, 0x53, 0x19, 0xff,
0x69, 0x8c, 0xbc, 0xc6, 0xe0, 0x79, 0x0d, 0x3d, 0x3d, 0x54,
0x5b, 0xe0, 0x47, 0x5b, 0x71, 0x05, 0x98, 0x8f, 0xbb, 0x65,
0xe1, 0x31, 0x9a, 0xc8, 0x1e, 0x7a, 0x4a, 0xf8, 0xcb, 0x17,
0xd1, 0x83, 0x58, 0xb1, 0xc0, 0xe4, 0xb1, 0x85, 0xca, 0xa5,
0xf8, 0x0e, 0xd1, 0x0c, 0xe8, 0x71, 0xc3, 0xfa, 0xbf, 0x1d,
0xd6, 0x98, 0x03, 0xed, 0x77, 0x3b, 0x55, 0xaf, 0x69, 0x72,
0x6b, 0x42, 0x31, 0x98, 0x95, 0xd5, 0x79, 0xa5, 0x4c, 0x51,
0xcf, 0x02, 0x65, 0x93, 0xf2, 0x71, 0xdc, 0xde, 0x9a, 0xa3,
0x86, 0xa7, 0xea, 0xcf, 0xd7, 0xe5, 0x00, 0xde, 0x40, 0x02,
0xcd, 0x6b, 0x46, 0x0b, 0xbb, 0xbf, 0x77, 0x5f, 0x9d, 0x7c,
0xa4, 0x7f, 0x7c, 0x8a, 0xba, 0xd6, 0x99, 0xc5, 0xaa, 0x06,
0x36, 0xe1, 0x7e, 0x9c, 0x6f, 0x28, 0xd4, 0x6e, 0x1d, 0x5b,
0xdd, 0x01, 0x24, 0xbd, 0x6c, 0x5d, 0x87, 0x3c, 0xc1, 0xf6,
0x93, 0x37, 0xe2, 0x3b, 0x70, 0xc4, 0xd8, 0x10, 0x0e, 0x44,
0x37, 0x00, 0xe3, 0x07, 0xbd, 0x67, 0xd3, 0x9d, 0xe6, 0xe7,
0x48, 0x1b, 0xe0, 0x79, 0xb3, 0x30, 0x91, 0x89, 0x0f, 0x89,
0x77, 0xfa, 0x13, 0x85, 0xd0, 0x32, 0xbd, 0xc1, 0x9e, 0x52,
0x04, 0x80, 0x54, 0xb1, 0x08, 0x39, 0x20, 0xda, 0x3e, 0xf1,
0xd9, 0x15, 0x74, 0x55, 0x06, 0xfc, 0x4d, 0x85, 0xd4, 0x98,
0x02, 0x64, 0x10, 0x86, 0xd7, 0xcd, 0x01, 0x0d, 0x85, 0xa0,
0x78, 0xb0, 0x58, 0x99, 0x7b, 0xdf, 0xe4, 0x8c, 0x3f, 0xab,
0xc0, 0xbc, 0xa5, 0x30, 0x28, 0xe1, 0x4e, 0x02, 0x98, 0xab,
0x03, 0xf3, 0x21, 0xe7, 0xa7, 0xe7, 0xc3, 0x5f, 0x98, 0xc0,
0x83, 0x02, 0xe8, 0x8a, 0x30, 0x75, 0x95, 0xcf, 0x77, 0x83,
0xfb, 0x32, 0x5a, 0xf9, 0x13, 0xed, 0xdb, 0xda, 0xc3, 0x84,
0x4b, 0x8f, 0x1a, 0xf0, 0xad, 0x8e, 0xcf, 0xe3, 0xa7, 0x2b,
0xb5, 0x44, 0x75, 0xd6, 0xda, 0x33, 0x81, 0x22, 0xa7, 0x6a,
0xbd, 0x21, 0x64, 0x85, 0xfa, 0x65, 0x8e, 0xc4, 0x58, 0xec,
0xc4, 0x18, 0x90, 0xa3, 0xcc, 0x2e, 0xaa, 0xa2, 0x2e, 0x46,
0x7a, 0x4a, 0x35, 0xbf, 0x58, 0x78, 0x2b, 0x1e, 0x72, 0xe5,
0x80, 0xc9, 0xe0, 0x9e, 0x43, 0x01, 0xcc, 0xe1, 0x0c, 0x00,
0xe9, 0xc1, 0xa5, 0x1a, 0x9b, 0x4e, 0x6e, 0x34, 0x32, 0xfd,
0x86, 0xb7, 0xae, 0xc3, 0x6e, 0x69, 0x04, 0xf6, 0x6a, 0x92,
0x78, 0xb1, 0x1f, 0x9d, 0x5e, 0x0c, 0xf9, 0xc4, 0x1a, 0xf6,
0xb4, 0x8a, 0x63, 0xb5, 0x87, 0x5b, 0xfb, 0x50, 0xbf, 0xd5,
0x17, 0x97, 0x8e, 0x55, 0x1c, 0xfe, 0x82, 0xf6, 0xa7, 0x9c,
0x0b, 0xc9, 0x0a, 0xf6, 0x7f, 0x70, 0xd1, 0x00, 0xed, 0x1c,
0x6c, 0x3a, 0x95, 0xed, 0x61, 0xa4, 0xd6, 0x57, 0xfb, 0x57,
0xf8, 0x9b, 0x4c, 0xce, 0x50, 0x26, 0x5c, 0x19, 0xd2, 0xa7,
0xd6, 0xe8, 0x3c, 0x29, 0x34, 0xfb, 0x26, 0x7f, 0xc5, 0x78,
0xbf, 0xfe, 0xb6, 0x2a, 0x5a, 0x62, 0x8e, 0x31, 0x9b, 0x57,
0xa4, 0xe7, 0x4d, 0x3d, 0x18, 0x05, 0xf0, 0x94, 0xbb, 0x04,
0xfa, 0x0a, 0x92, 0xf4, 0xc6, 0x7f, 0x16, 0xa2, 0x31, 0xed,
0xc1, 0xb4, 0x62, 0x54, 0x3a, 0x23, 0x12, 0x6a, 0x76, 0xcc,
0x8c, 0x91, 0x89, 0x58, 0x8c, 0x20, 0x23, 0xd9, 0xaa, 0x0d,
0x80, 0xbe, 0xb9, 0xb4, 0x40, 0x1e, 0xff, 0xa9, 0xf7, 0x71,
0x0a, 0xa0, 0x0a, 0xdf, 0x11, 0x0b, 0x66, 0x3f, 0xf2, 0x4d,
0x5d, 0x39, 0x7c, 0x77, 0xe1, 0xb1, 0x09, 0xa1, 0x6b, 0x2e,
0x30, 0x43, 0x33, 0x80, 0x6e, 0x6a, 0x1d, 0x47, 0xd9, 0xd6,
0xac, 0xdc, 0x3f, 0x16, 0xb1, 0x58, 0x11, 0x9f, 0x67, 0xd7,
0x15, 0x45, 0xd8, 0xc3, 0x69, 0x24, 0x8d, 0xac, 0xff, 0xc3,
0x43, 0xfd, 0x24, 0xaf, 0xf1, 0xc8, 0x3a, 0xc7, 0xd6, 0x1f,
0x56, 0x26, 0x16, 0xe6, 0x30, 0xcd, 0x6e, 0x0a, 0x63, 0x2a,
0x7b, 0x86, 0xd7, 0x65, 0x39, 0x45, 0x7c, 0xe6, 0xa0, 0xe6,
0x38, 0xed, 0x54, 0x84, 0x00, 0x4d, 0x8e, 0xc2, 0xba, 0x56,
0x9b, 0xf3, 0xe1, 0xe8, 0x7d, 0xfe, 0x47, 0xf0, 0x58, 0xe7,
0x59, 0x60, 0x97, 0x2e, 0x57, 0x1a, 0x09, 0x1f, 0x8b, 0x2b,
0x0b, 0x47, 0x75, 0xc0, 0xb3, 0x79, 0xce, 0x10, 0x47, 0x6d,
0xfc, 0xcb, 0x22, 0x61, 0x5c, 0x39, 0xc4, 0x3f, 0xc5, 0xef,
0xb8, 0xc8, 0x88, 0x52, 0xce, 0x90, 0x17, 0xf5, 0x3c, 0xa9,
0x87, 0x6f, 0xcb, 0x2f, 0x11, 0x53, 0x65, 0x9b, 0x74, 0x21,
0x3e, 0xdd, 0x7b, 0x1f, 0x19, 0x9f, 0x53, 0xe6, 0xab, 0xc0,
0x56, 0xba, 0x80, 0x19, 0x5d, 0x3f, 0xc7, 0xe2, 0xfb, 0x8c,
0xe2, 0x93, 0xe0, 0x31, 0xc9, 0x33, 0x31, 0x23, 0x31, 0xa1,
0x36, 0x4c, 0x62, 0xd8, 0x0a, 0xfd, 0x85, 0x97, 0xae, 0xa9,
0xe9, 0x58, 0x29, 0x17, 0x33, 0x09, 0x5a, 0x8e, 0xa3, 0x90,
0x41, 0xd3, 0xfc, 0x24, 0x98, 0x61, 0x4d, 0x30, 0x1f, 0x76,
0x8f, 0xfc, 0xd0, 0x96, 0x8b, 0x2e, 0x9b, 0x24, 0x73, 0x35,
0x00, 0xb7, 0xf6, 0xe8, 0xba, 0xec, 0x98, 0x74, 0x41, 0xa4,
0x47, 0x10, 0x0d, 0xbc, 0xba, 0xd1, 0xe7, 0xdb, 0x12, 0xcb,
0x5f, 0x02, 0xb1, 0xa6, 0xa0, 0xd7, 0x28, 0x30, 0x3e, 0x0a,
0x5c, 0x5f, 0xe6, 0x2f, 0x3c, 0xde, 0x46, 0x60, 0xaf, 0x07,
0x5f, 0xed, 0x08, 0xc0, 0x06, 0x58, 0xba, 0xd7, 0x36, 0x5b,
0xa0, 0x4a, 0xf7, 0xa1, 0x05, 0x9b, 0x00, 0xda, 0x49, 0xdc,
0xbf, 0xea, 0xe1, 0x03, 0xda, 0x95, 0x95, 0xa0, 0xfa, 0x2e,
0xf1, 0x60, 0x11, 0x47, 0xdd, 0xb3, 0xfb, 0x0b, 0xa2, 0x92,
0xcf, 0x73, 0xbb, 0xce, 0x82, 0x71, 0xbc, 0xbd, 0x50, 0x64,
0xf1, 0x96, 0x48, 0x48, 0x93, 0xf8, 0xdc, 0x1c, 0x18, 0x12,
0xc6, 0x17, 0x6a, 0xa9, 0xc1, 0x4d, 0x6f, 0x76, 0xda, 0x2f,
0x4e, 0x59, 0xdd, 0x8b, 0x1c, 0xa5, 0x30, 0xb6, 0xe9, 0x88,
0x8f, 0x75, 0x0c, 0xcd, 0xd8, 0x61, 0xf4, 0x28, 0xc5, 0x9a,
0xcd, 0x77, 0x0d, 0x36, 0x5f, 0x75, 0xa5, 0x0a, 0x77, 0x20,
0x28, 0x5a, 0xac, 0x5f, 0xa1, 0x83, 0x67, 0x70, 0xb7, 0xd8,
0x23, 0x48, 0x60, 0xa8, 0xd0, 0xaf, 0xee, 0x7a, 0xb8, 0x25,
0xd7, 0x8f, 0x82, 0x8c, 0xd0, 0x81, 0x7a, 0x49, 0x69, 0xe4,
0x22, 0x73, 0x29, 0x48, 0xc8, 0x09, 0x72, 0x16, 0xf8, 0x3d,
0xff, 0x13, 0xac, 0x98, 0x03, 0x76, 0x33, 0xcb, 0x19, 0xb0,
0x22, 0x5b, 0x1e, 0x16, 0x29, 0xb9, 0xcc, 0xa6, 0x92, 0xd8,
0xed, 0x93, 0x0f, 0xbd, 0x10, 0x98, 0x53, 0x0a, 0x07, 0x7f,
0xd6, 0x51, 0x76, 0xda, 0xdc, 0x0c, 0xeb, 0x2a, 0x95, 0xd0,
0x3e, 0xa6, 0xc4, 0xc6, 0xd8, 0xfb, 0x1b, 0x2a, 0x7f, 0xf1,
0x08, 0xbe, 0xd3, 0xed, 0x67, 0x63, 0x5f, 0x1d, 0x29, 0xdb,
0x47, 0x03, 0x4a, 0xf4, 0x6b, 0xb4, 0x46, 0x02, 0x28, 0x4f,
0x88, 0x9b, 0x46, 0x66, 0x40, 0x56, 0x34, 0x4c, 0xec, 0x8e,
0x0b, 0x5d, 0x14, 0x94, 0x91, 0xfc, 0xdc, 0x0c, 0xdc, 0x5b,
0x45, 0x12, 0x7e, 0xa1, 0xe9, 0x75, 0x38, 0xcb, 0xd3, 0x6b,
0xd7, 0xa4, 0x24, 0x94, 0x78, 0x09, 0x7f, 0x77, 0xc8, 0x6d,
0xe1, 0x82, 0x1c, 0x1c, 0x91, 0xc6, 0x38, 0x9e, 0x3b, 0x3d,
0x31, 0xdd, 0x9e, 0x46, 0x58, 0x7a, 0x42, 0x16, 0x6f, 0xfd,
0x7d, 0x8c, 0xf5, 0xf0, 0x9f, 0x92, 0x6e, 0xbe, 0x47, 0xa6,
0x1e, 0x8e, 0x82, 0x15, 0x24, 0xc3, 0x1b, 0xb0, 0xd1, 0x68,
0xf9, 0xd1, 0x7c, 0x60, 0x98, 0x86, 0xd9, 0x53, 0xa2, 0x38,
0x62, 0xf4, 0x72, 0x71, 0xcb, 0xb9, 0x35, 0xef, 0xb9, 0x49,
0x3a, 0x73, 0xb2, 0xd7, 0x0f, 0x90, 0xf5, 0x2c, 0x5b, 0xf5,
0xfd, 0x39, 0x17, 0xf7, 0xe4, 0x69, 0x81, 0x0f, 0x6b, 0xe7,
0x32, 0xd2, 0xdc, 0x5d, 0x40, 0xbf, 0x41, 0x95, 0x89, 0x81,
0x29, 0x80, 0x40, 0xa3, 0xac, 0xd2, 0xc7, 0xf7, 0xe8, 0xd0,
0x45, 0xed, 0x48, 0x43, 0x3a, 0xed, 0x8d, 0xef, 0x37, 0xe1,
0x24, 0x9a, 0x67, 0x9a, 0x6b, 0x71, 0x4f, 0x9a, 0xb9, 0x2c,
0x1b, 0x10, 0x48, 0xe2, 0x31, 0x1e, 0xbb, 0xf2, 0x4a, 0xad,
0x04, 0xc7, 0xd7, 0xf2, 0xe8, 0x83, 0x5f, 0xe8, 0xa2, 0x81,
0x95, 0xf9, 0x60, 0x51, 0x9c, 0x99, 0x76, 0x69, 0x76, 0x4e,
0xbd, 0x44, 0x52, 0x36, 0xca, 0xd8, 0x6e, 0xf7, 0x1a, 0xa1,
0x54, 0xdf, 0x90, 0x52, 0x94, 0xb6, 0x3a, 0xcb, 0x43, 0x56,
0x11, 0xde, 0xa0, 0xe1, 0x45, 0x8a, 0x80, 0x2d, 0xaf, 0x1f,
0x24, 0x3f, 0x80, 0x17, 0x1f, 0x28, 0xbb, 0xcc, 0x1a, 0xd2,
0x2d, 0xa6, 0x9e, 0xe0, 0xdc, 0xf0, 0x98, 0x16, 0x58, 0x88,
0xc6, 0xf1, 0x81, 0x71, 0x91, 0x8f, 0xa2, 0xab, 0xa5, 0xe6,
0x68, 0x1f, 0xa5, 0x86, 0xb5, 0xd9, 0x05, 0xba, 0x50, 0x67,
0x0b, 0x1e, 0xfe, 0x42, 0x50, 0xf8, 0x01, 0xf8, 0x38, 0x92,
0x57, 0x86, 0x08, 0x47, 0xee, 0x23, 0x11, 0x60, 0x61, 0x1a,
0x77, 0x3c, 0x1a, 0x8e, 0x08, 0xe3, 0xaf, 0x84, 0x04, 0x75,
0x15, 0x47, 0x7a, 0x83, 0x8e, 0x92, 0x3e, 0xe8, 0xf0, 0xc2,
0x81, 0x89, 0x3b, 0x73, 0x81, 0xe5, 0xe8, 0x97, 0x97, 0x63,
0x64, 0xf3, 0xa9, 0x1b, 0x61, 0x65, 0x7f, 0x0e, 0x47, 0x6b,
0x14, 0x57, 0x29, 0x8f, 0x91, 0x35, 0x43, 0x10, 0x12, 0x86,
0x99, 0xec, 0xc8, 0x9e, 0x67, 0x90, 0x20, 0x21, 0x3c, 0x83,
0xdb, 0x73, 0x4e, 0x8e, 0x7d, 0x86, 0xde, 0xb8, 0xd8, 0xfa,
0x23, 0x1f, 0x5a, 0xe4, 0xc7, 0x0c, 0x1d, 0x5e, 0xd1, 0x10,
0x58, 0xd5, 0x86, 0xfa, 0x40, 0x30, 0x0a, 0x78, 0x0a, 0xa5,
0x56, 0xd5, 0xe6, 0x86, 0xd4, 0x14, 0x77, 0x32, 0xcd, 0x07,
0xf9, 0xbe, 0x7a, 0xd8, 0xbc, 0x91, 0xe0, 0xda, 0x76, 0x6b,
0x97, 0x10, 0xda, 0xea, 0x27, 0xa2, 0x67, 0x6d, 0x94, 0x27,
0x6e, 0xea, 0xca, 0x56, 0x45, 0x32, 0x1d, 0x38, 0x12, 0x21,
0x33, 0x2c, 0x3c, 0x5c, 0x33, 0xb0, 0x9e, 0x80, 0x0b, 0x4e,
0xbb, 0x09, 0x5e, 0x56, 0x54, 0xb0, 0x9b, 0x7e, 0xb6, 0x00,
0xe8, 0x63, 0x19, 0x85, 0xf1, 0x4d, 0x65, 0x9d, 0x1f, 0x8d,
0x18, 0xcc, 0x63, 0xc6, 0xd9, 0xa6, 0xbc, 0xe7, 0x42, 0x55,
0x12, 0xdc, 0x8c, 0x26, 0x2d, 0x8d, 0xc2, 0xe9, 0x3b, 0xbc,
0xed, 0x06, 0x08, 0x31, 0xb0, 0xe0, 0x99, 0xe2, 0x86, 0x81,
0x88, 0x4a, 0xac, 0x1f, 0x4a, 0xb2, 0x1e, 0x1e, 0x4c, 0xb2,
0x9f, 0x27, 0xa0, 0xd9, 0x8a, 0x7e, 0xe7, 0xa3, 0xad, 0xeb,
0x2c, 0xfd, 0x14, 0xc6, 0x4b, 0x26, 0xce, 0x38, 0xb9, 0x01,
0x9e, 0xde, 0xc8, 0x7b, 0x82, 0x2f, 0xaa, 0x72, 0x80, 0xbe,
0x3a, 0x35, 0x95, 0xc8, 0xf3, 0x7c, 0x36, 0x68, 0x02, 0xdc,
0xa2, 0xda, 0xef, 0xd7, 0xf1, 0x3e, 0x81, 0xb3, 0x5d, 0x2f,
0xcf, 0x7e, 0xe6, 0x9c, 0xa0, 0x32, 0x29, 0x8b, 0x52, 0x24,
0xbd, 0x0d, 0x36, 0xdc, 0x1d, 0xcc, 0x6a, 0x0a, 0x74, 0x52,
0x1b, 0x68, 0x4d, 0x15, 0x05, 0x47, 0xe1, 0x2f, 0x97, 0x45,
0x52, 0x17, 0x4b, 0x2a, 0x3b, 0x74, 0xc5, 0x20, 0x35, 0x5c,
0x37, 0xae, 0xe6, 0xa7, 0x24, 0x0f, 0x34, 0x70, 0xea, 0x7c,
0x03, 0xa3, 0xde, 0x2d, 0x22, 0x55, 0x88, 0x01, 0x45, 0xf2,
0x5f, 0x1f, 0xaf, 0x3b, 0xb1, 0xa6, 0x5d, 0xcd, 0x93, 0xfb,
0xf8, 0x2f, 0x87, 0xcc, 0x26, 0xc5, 0x36, 0xde, 0x06, 0x9b,
0xe9, 0xa7, 0x66, 0x7e, 0x8c, 0xcd, 0x99, 0x6b, 0x51, 0x1c,
0xb0, 0xa0, 0xfa, 0xc7, 0x46, 0xfe, 0x65, 0xe4, 0x80, 0x5b,
0x5f, 0x24, 0x3b, 0xa4, 0xe6, 0x81, 0x31, 0xe5, 0x87, 0x2c,
0xa4, 0x83, 0xaf, 0x8b, 0x9f, 0x89, 0xb4, 0x3c, 0x7a, 0xbe,
0x4c, 0xb3, 0xbf, 0x3d, 0xec, 0x78, 0xb0, 0x8a, 0xdd, 0xc8,
0x43, 0x8c, 0x45, 0xa1, 0xa3, 0x3a, 0x82, 0x7d, 0x06, 0xdf,
0x20, 0x27, 0x9b, 0x4e, 0x09, 0x90, 0x6a, 0x23, 0xbf, 0x1b,
0x04, 0x1d, 0x50, 0xe2, 0xb4, 0xff, 0xe0, 0xd0, 0x9b, 0x40,
0x2b, 0xc0, 0x52, 0xc1, 0x39, 0x29, 0x60, 0x83, 0x06, 0x9b,
0x48, 0xb8, 0xa7, 0xe1, 0x2b, 0xfb, 0xf0, 0x2b, 0x82, 0xf1,
0xda, 0xc9, 0x30, 0x47, 0x3f, 0xf5, 0xf9, 0xf7, 0x6c, 0xf0,
0x0f, 0xe7, 0xb1, 0x4d, 0x46, 0x49, 0xf8, 0xb3, 0xe1, 0xfe,
0x85, 0x61, 0xcc, 0xf7, 0xfa, 0xd2, 0xf1, 0xbc, 0xf0, 0x7f,
0x3b, 0xe6, 0x45, 0xa2, 0x1b, 0x55, 0xf6, 0x0c, 0x02, 0x95,
0xdc, 0x78, 0x94, 0xa0, 0xc4, 0x6a, 0x21, 0x7e, 0xa8, 0x5f,
0xbd, 0xc3, 0xb3, 0x4d, 0x9b, 0x30, 0x31, 0x1d, 0x5b, 0x8b,
0x45, 0x3c, 0x18, 0xe9, 0x61, 0xe8, 0x76, 0x3e, 0x91, 0xd2,
0xfd, 0x1a, 0xd7, 0x30, 0x4d, 0xfe, 0xef, 0x7f, 0xc0, 0x7e,
0x45, 0x43, 0xe9, 0xf9, 0x23, 0xfe, 0xd8, 0xef, 0xbc, 0xd6,
0x99, 0x79, 0x54, 0xed, 0x7a, 0x8b, 0x39, 0xa6, 0xe7, 0x9d,
0x3f, 0x9f, 0x35, 0xe1, 0xe4, 0xd5, 0x26, 0x31, 0x3a, 0x44,
0x03, 0x79, 0xde, 0xdc, 0x29, 0x1e, 0x8e, 0x26, 0x41, 0xc6,
0x60, 0xaa, 0xfd, 0xe1, 0x5e, 0xa6, 0xc0, 0x2f, 0x90, 0x1e,
0x3b, 0xc1, 0xe6, 0xf6, 0xde, 0x60, 0x87, 0x57, 0x51, 0x11,
0x6a, 0x8e, 0x9d, 0x70, 0x9d, 0x6d, 0x36, 0x21, 0x05, 0x55,
0xc1, 0x56, 0x9b, 0xc9, 0x91, 0x50, 0x3e, 0xb4, 0xbd, 0x19,
0x53, 0x44, 0x99, 0xc7, 0xb8, 0xce, 0xce, 0x86, 0x06, 0x5d,
0x99, 0x85, 0x33, 0xd4, 0x16, 0x21, 0x4a, 0xe9, 0x7e, 0x2e,
0xcc, 0x7e, 0x3f, 0xc1, 0x47, 0x3b, 0x32, 0xd0, 0x57, 0x1c,
0xc2, 0x26, 0x67, 0xf0, 0xd9, 0xc4, 0x9e, 0xbb, 0x65, 0xa4,
0xf7, 0xf7, 0x8d, 0x7d, 0x08, 0xd4, 0x9c, 0x1e, 0x0f, 0xb9,
0xff, 0x24, 0x2f, 0xaf, 0xfa, 0x24, 0x26, 0xb7, 0xb1, 0x78,
0xc1, 0xd1, 0xfe, 0x85, 0x55, 0xa0, 0x86, 0x77, 0xf6, 0xc2,
0xe0, 0x12, 0xe4, 0x45, 0x85, 0xd0, 0xe7, 0x68, 0xf0, 0x31,
0x4c, 0x9c, 0xb0, 0x5f, 0x89, 0xca, 0xfe, 0xc2, 0xf0, 0x1e,
0xeb, 0xee, 0x75, 0x64, 0xea, 0x09, 0xd4, 0x1c, 0x72, 0x12,
0xd4, 0x31, 0xf0, 0x89, 0x71, 0x74, 0x6e, 0x01, 0x32, 0xca,
0x8a, 0x91, 0x0c, 0xdf, 0xd7, 0x05, 0xe9, 0x35, 0xed, 0x06,
0x1a, 0x17, 0x5a, 0xf3, 0x65, 0xc5, 0xbd, 0x37, 0xf2, 0x53,
0x49, 0x2f, 0xcd, 0xc6, 0x15, 0xb3, 0x36, 0x88, 0xd8, 0x7a,
0x2f, 0xfa, 0x21, 0x7f, 0x55, 0x20, 0xc6, 0xf4, 0x23, 0x59,
0x6b, 0x3c, 0xeb, 0xe5, 0xd3, 0x78, 0xdc, 0x31, 0xeb, 0x87,
0x86, 0x3d, 0x7c, 0x10, 0x64, 0x66, 0xa4, 0xad, 0x07, 0xe1,
0x93, 0x15, 0x07, 0x4c, 0xe4, 0xb4, 0x4a, 0x06, 0xca, 0x2a,
0x50, 0xa2, 0x85, 0xc6, 0xa1, 0x19, 0x89, 0x7f, 0x8a, 0x05,
0x00, 0x23, 0x72, 0x5f, 0x89, 0x74, 0x8e, 0x22, 0xa1, 0x5d,
0x26, 0xf9, 0xfe, 0xdf, 0x6d, 0x98, 0x3a, 0xc4, 0x7c, 0x93,
0xcf, 0xc4, 0xfe, 0xed, 0x98, 0xb0, 0x31, 0x4c, 0x81, 0x83,
0x0d, 0x5d, 0x3d, 0x0c, 0x27, 0x4e, 0xca, 0xcf, 0x38, 0x0c,
0x37, 0xb0, 0xf8, 0xc5, 0xc8, 0x52, 0x14, 0xec, 0x53, 0x80,
0xb9, 0xd8, 0x8a, 0x05, 0x4e, 0x31, 0x3d, 0x67, 0x57, 0xf0,
0x7a, 0xa2, 0xc5, 0xc9, 0x02, 0x25, 0x69, 0x83, 0xb9, 0x3e,
0x1b, 0x04, 0xbf, 0xb2, 0xe6, 0x97, 0x7a, 0x6b, 0x8e, 0x37,
0x77, 0x2e, 0x16, 0x8b, 0x33, 0xe1, 0xea, 0x2b, 0x30, 0x01,
0x6e, 0xa0, 0x28, 0x14, 0x17, 0xe9, 0x98, 0xa8, 0x89, 0x72,
0x68, 0x64, 0x81, 0x60, 0xa8, 0xf7, 0x72, 0xdf, 0x1a, 0xae,
0xf5, 0xf0, 0x9f, 0x69, 0x35, 0xbc, 0x58, 0x27, 0x38, 0xd6,
0x7f, 0x7a, 0xd4, 0xc4, 0xf1, 0xcf, 0xee, 0x59, 0x49, 0x31,
0xda, 0xc1, 0x08, 0x46, 0x65, 0x68, 0xe9, 0x44, 0x18, 0x2b,
0xf2, 0x2a, 0x13, 0x60, 0x07, 0xae, 0xe4, 0x96, 0xdb, 0x0a,
0x6f, 0x52, 0x23, 0x9a, 0xcf, 0x9d, 0xa4, 0xc5, 0xc1, 0x74,
0xa8, 0x0e, 0xe1, 0x5e, 0xfa, 0xa4, 0x06, 0x9c, 0x2e, 0x70,
0x08, 0x22, 0x25, 0x4f, 0xc1, 0xf1, 0x13, 0x5a, 0x66, 0xa0,
0x6c, 0x59, 0xa3, 0xfc, 0x03, 0x9c, 0x8a, 0x23, 0x01, 0x00,
0xa9, 0x49, 0xf0, 0x22, 0xa3, 0x8f, 0x6c, 0xef, 0xcb, 0x69,
0x06, 0x3a, 0x69, 0x99, 0x96, 0xd2, 0xa7, 0xa0, 0x0b, 0x7e,
0x44, 0x7d, 0x04, 0xff, 0x7e, 0x9e, 0x1e, 0x77, 0xa0, 0x30,
0xd1, 0xdf, 0x18, 0xe4, 0xd8, 0xa5, 0x64, 0xbe, 0x8c, 0x80,
0x28, 0xe2, 0x98, 0x5e, 0xec, 0x9e, 0xb1, 0x0a, 0xb5, 0x25,
0xaa, 0xb8, 0x0f, 0x78, 0x30, 0x48, 0x06, 0xe5, 0x76, 0xf9,
0x24, 0x96, 0x87, 0x2a, 0x91, 0x89, 0xb6, 0xce, 0x04, 0xdf,
0xfc, 0x13, 0x42, 0x19, 0xba, 0x14, 0x46, 0x20, 0x08, 0x47,
0xe1, 0x82, 0x57, 0x51, 0x74, 0x3b, 0x5b, 0x23, 0x5c, 0xb2,
0x85, 0x8c, 0xed, 0xe6, 0xda, 0x4d, 0x56, 0xe8, 0x61, 0x31,
0xec, 0x97, 0x27, 0xeb, 0xf2, 0xa7, 0x7c, 0x13, 0x1b, 0xc5,
0x44, 0xfe, 0x63, 0x4b, 0x2b, 0x33, 0x22, 0x23, 0x60, 0x86,
0x7c, 0x3b, 0x57, 0xba, 0x16, 0xde, 0x47, 0x04, 0x3e, 0x2b,
0xe5, 0xbd, 0x23, 0xa0, 0xab, 0xdf, 0x5d, 0x6e, 0x20, 0xb1,
0x37, 0x44, 0xcb, 0xbd, 0x03, 0xa9, 0x5c, 0xe6, 0x92, 0x5e,
0x2f, 0x6f, 0x95, 0xc6, 0x5b, 0x6d, 0xab, 0x39, 0xdd, 0x1e,
0x34, 0xd5, 0x21, 0xca, 0x92, 0xee, 0x59, 0xf0, 0xb9, 0x65,
0xe6, 0x81, 0x49, 0xf8, 0x11, 0xec, 0x45, 0x14, 0x6a, 0x19,
0xb4, 0xce, 0xbf, 0x9e, 0xf7, 0x32, 0x8d, 0x99, 0x78, 0xc3,
0x07, 0x3d, 0xfd, 0x18, 0x2d, 0x0e, 0x06, 0x2f, 0x27, 0x24,
0x6f, 0x16, 0xd8, 0x01, 0x33, 0xc8, 0xbb, 0x7f, 0x7d, 0xfa,
0x73, 0xf6, 0x7d, 0x54, 0xf2, 0xd4, 0x8a, 0x53, 0xe1, 0x62,
0x45, 0xf4, 0x01, 0xa6, 0x31, 0x6b, 0x3a, 0x06, 0x56, 0xfd,
0x79, 0x7f, 0x58, 0xd8, 0x47, 0x33, 0x53, 0xc5, 0x78, 0x70,
0xce, 0x81, 0x7f, 0x66, 0xa1, 0x58, 0x7c, 0x5a, 0xdb, 0x4a,
0xad, 0x29, 0xff, 0x93, 0x75, 0x95, 0x35, 0xa9, 0xd2, 0xb1,
0xeb, 0xa0, 0x4f, 0x10, 0x0a, 0xc9, 0x38, 0x69, 0xc8, 0x8d,
0x57, 0xef, 0x99, 0x0f, 0xa5, 0x69, 0x86, 0xa6, 0xfb, 0x2b,
0x37, 0xe4, 0xc7, 0xab, 0x3e, 0xcd, 0x8f, 0x3f, 0x93, 0x8c,
0x0b, 0xc4, 0x4d, 0x16, 0xe0, 0xb0, 0x94, 0x5a, 0x0d, 0x17,
0xaf, 0x6e, 0x4b, 0x2e, 0x18, 0x29, 0x0e, 0xe0, 0xf5, 0x72,
0x1a, 0x21, 0x37, 0xef, 0x7d, 0x6a, 0x39, 0xe9, 0xa8, 0xd7,
0x96, 0xd6, 0xb3, 0x7d, 0x83, 0x0c, 0x13, 0x30, 0x49, 0x03,
0xe8, 0x6b, 0xe6, 0x77, 0xe8, 0x69, 0x48, 0x56, 0x5f, 0x39,
0x63, 0xbc, 0x86, 0xa8, 0x26, 0xa1, 0xbd, 0x4b, 0x24, 0xbd,
0xdd, 0xe8, 0x02, 0x64, 0xcb, 0xae, 0x24, 0x17, 0x62, 0xbd,
0x27, 0xa7, 0x22, 0x60, 0x51, 0x0c, 0x53, 0xff, 0x9d, 0x63,
0x1b, 0xf9, 0xff, 0x76, 0x3b, 0x74, 0x05, 0x98, 0x46, 0x0b,
0xe8, 0xcb, 0xd4, 0x0a, 0xcd, 0x91, 0xdb, 0x5b, 0x21, 0x4d,
0xa1, 0x87, 0xbd, 0xb7, 0x58, 0xec, 0x28, 0x00, 0x92, 0xc2,
0x98, 0xe4, 0x8c, 0x1f, 0x9d, 0xa4, 0x80, 0x83, 0x40, 0xb9,
0x63, 0xfe, 0xc9, 0x18, 0x3f, 0xd6, 0xab, 0x34, 0x00, 0x2c,
0x53, 0x40, 0x38, 0x0e, 0xb1, 0x69, 0xa8, 0xb8, 0xa9, 0x2e,
0x9b, 0x7b, 0x89, 0x8d, 0xff, 0x86, 0x01, 0x51, 0x42, 0xde,
0x04, 0xd6, 0x1d, 0xd1, 0x29, 0x8d, 0x42, 0x46, 0x5f, 0xd6,
0x02, 0xde, 0x73, 0xee, 0x2d, 0xe9, 0x6e, 0xb0, 0x3f, 0xf0,
0x47, 0x72, 0xfe, 0x45, 0xff, 0x05, 0x82, 0x2d, 0xc6, 0x4f,
0xc9, 0xd3, 0xec, 0xf9, 0x5a, 0x22, 0x50, 0x6c, 0x4f, 0x1e,
0xc8, 0x5f, 0xfc, 0x2c, 0x04, 0x4f, 0xdf, 0xce, 0xe4, 0x18,
0xd2, 0xd7, 0x8b, 0x67, 0x83, 0x39, 0x96, 0x47, 0x5e, 0x5b,
0xad, 0x7f, 0x5d, 0x42, 0x56, 0x97, 0x71, 0x39, 0x28, 0x44,
0x9d, 0x35, 0xde, 0xde, 0x03, 0x20, 0x34, 0x44, 0xdb, 0xdf,
0xfc, 0xff, 0x1e, 0x3d, 0x58, 0x5f, 0x7a, 0x8e, 0x90, 0xa1,
0xd3, 0xeb, 0x0c, 0x23, 0x3f, 0x4e, 0x61, 0x77, 0x79, 0xb2,
0xdc, 0xfb, 0x21, 0x46, 0x5c, 0x82, 0xb6, 0xf6, 0x34, 0x3c,
0x3f, 0x45, 0x4b, 0x80, 0x9e, 0xa4, 0xe6, 0x02, 0x13, 0x38,
0x40, 0x7e, 0x87, 0x92, 0x96, 0x51, 0x63, 0x87, 0xae, 0xc8,
0x02, 0x6a, 0x70, 0xc8, 0xcd, 0xd0, 0xe2, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08,
0x12, 0x1c, 0x22, 0x2b, 0x33, 0x38, 0x3f
};
#endif
wc_test_ret_t ret;
ret = mldsa_param_vfy_test(WC_ML_DSA_87, ml_dsa_87_pub_key,
(word32)sizeof(ml_dsa_87_pub_key), ml_dsa_87_sig,
(word32)sizeof(ml_dsa_87_sig));
#ifdef WOLFSSL_MLDSA_FIPS204_DRAFT
if (ret == 0) {
ret = mldsa_param_vfy_test(WC_ML_DSA_87_DRAFT,
ml_dsa_87_draft_pub_key, (word32)sizeof(ml_dsa_87_draft_pub_key),
ml_dsa_87_draft_sig, (word32)sizeof(ml_dsa_87_draft_sig));
}
#endif
return ret;
}
#endif
#endif
#ifndef WOLFSSL_MLDSA_NO_MAKE_KEY
static wc_test_ret_t mldsa_param_test(int param, WC_RNG* rng)
{
wc_test_ret_t ret;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
wc_MlDsaKey* key = NULL;
byte* sig = NULL;
#else
wc_MlDsaKey key[1];
#ifndef WOLFSSL_MLDSA_NO_SIGN
byte sig[MLDSA_MAX_SIG_SIZE];
#endif
#endif
#ifndef WOLFSSL_MLDSA_NO_SIGN
word32 sigLen;
byte msg[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
#ifndef WOLFSSL_MLDSA_NO_VERIFY
int res = 0;
#endif
#endif
wc_MlDsaKey* tmpKey = NULL;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
key = (wc_MlDsaKey*)XMALLOC(sizeof(*key), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
sig = (byte*)XMALLOC(MLDSA_MAX_SIG_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL || sig == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
}
#endif
ret = wc_MlDsaKey_Init(key, NULL, devId);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
ret = wc_MlDsaKey_SetParams(key, param);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_MlDsaKey_MakeKey(key, rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifndef WOLFSSL_MLDSA_NO_SIGN
sigLen = wc_MlDsaKey_SigSize(key);
if (sigLen <= 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_MlDsaKey_SignCtx(key, NULL, 0, sig, &sigLen,
msg, (word32)sizeof(msg), rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifndef WOLFSSL_MLDSA_NO_VERIFY
ret = wc_MlDsaKey_VerifyCtx(key, sig, sigLen, NULL, 0, msg,
(word32)sizeof(msg), &res);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (res != 1)
ERROR_OUT(WC_TEST_RET_ENC_EC(res), out);
#endif
#endif
tmpKey = wc_MlDsaKey_New(HEAP_HINT, devId);
if (tmpKey == NULL)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_MlDsaKey_Delete(tmpKey, &tmpKey);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
out:
wc_MlDsaKey_Free(key);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
#endif
#if defined(WC_MLDSA_CACHE_MATRIX_A) && \
!defined(WC_MLDSA_FIXED_ARRAY) && \
!defined(WOLFSSL_MLDSA_NO_MAKE_KEY) && \
!defined(WOLFSSL_MLDSA_NO_SIGN) && \
!defined(WOLFSSL_MLDSA_NO_VERIFY)
/* Regression test for sign path matrix A cache allocation.
*
* mldsa_sign_with_seed_mu() previously stored the result of XMALLOC for
* the matrix A cache into a local variable instead of key->a. The local was
* then immediately overwritten by `a = key->a` (still NULL), so the just-
* allocated buffer was leaked and a NULL pointer was passed to
* mldsa_expand_a().
*
* This test exercises that exact code path by clearing the cache state on a
* key after make_key, then signing. The post-condition asserts that key->a
* was populated (proving the allocation made it into the key, not the local)
* and that signing produces a verifiable signature.
*/
static wc_test_ret_t mldsa_sign_cache_alloc_test(int param, WC_RNG* rng)
{
wc_test_ret_t ret;
wc_MlDsaKey* key = NULL;
byte* sig = NULL;
word32 sigLen;
byte msg[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
int res = 0;
key = (wc_MlDsaKey*)XMALLOC(sizeof(*key), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
}
/* Init before further allocations so wc_MlDsaKey_Free() in the cleanup
* path operates on a zeroed struct, not garbage cached-pointer fields. */
ret = wc_MlDsaKey_Init(key, NULL, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
sig = (byte*)XMALLOC(MLDSA_MAX_SIG_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (sig == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
}
ret = wc_MlDsaKey_SetParams(key, param);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_MlDsaKey_MakeKey(key, rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* Drop the cached matrix A so the next sign exercises the allocation
* branch in mldsa_sign_with_seed_mu(). */
XFREE(key->a, key->heap, DYNAMIC_TYPE_MLDSA);
key->a = NULL;
key->aSet = 0;
#ifdef WC_MLDSA_CACHE_PRIV_VECTORS
XFREE(key->s1, key->heap, DYNAMIC_TYPE_MLDSA);
key->s1 = NULL;
key->s2 = NULL;
key->t0 = NULL;
key->privVecsSet = 0;
#endif
sigLen = wc_MlDsaKey_SigSize(key);
if (sigLen <= 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_MlDsaKey_SignCtx(key, NULL, 0, sig, &sigLen,
msg, (word32)sizeof(msg), rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* With the fix, signing must populate key->a (allocated buffer is owned
* by the key, not leaked to a local). Without the fix, key->a remains
* NULL because the XMALLOC result was assigned to a local variable. */
if (key->a == NULL)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (key->aSet != 1)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_MlDsaKey_VerifyCtx(key, sig, sigLen, NULL, 0, msg,
(word32)sizeof(msg), &res);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (res != 1)
ERROR_OUT(WC_TEST_RET_ENC_EC(res), out);
out:
if (key != NULL)
wc_MlDsaKey_Free(key);
XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
#endif /* WC_MLDSA_CACHE_MATRIX_A && !WC_MLDSA_FIXED_ARRAY &&
* !WOLFSSL_MLDSA_NO_MAKE_KEY && !WOLFSSL_MLDSA_NO_SIGN &&
* !WOLFSSL_MLDSA_NO_VERIFY */
#if (defined(WOLFSSL_MLDSA_PRIVATE_KEY) && \
!defined(WOLFSSL_MLDSA_NO_SIGN)) || \
(defined(WOLFSSL_MLDSA_PUBLIC_KEY) && \
!defined(WOLFSSL_MLDSA_NO_VERIFY))
/* Tests decoding a key from DER without the security level specified */
static wc_test_ret_t test_mldsa_decode_level(const byte* rawKey,
word32 rawKeySz,
int expectedLevel,
int isPublicOnlyKey)
{
int ret = 0;
#if !defined(WOLFSSL_MLDSA_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE)
word32 derSz;
word32 idx;
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
byte* der = NULL;
wc_MlDsaKey *key = NULL;
#else
#if !defined(WOLFSSL_MLDSA_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE)
byte der[MLDSA_MAX_PRV_KEY_DER_SIZE];
#endif
wc_MlDsaKey key[1];
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
/* Allocate DER buffer */
der = (byte*)XMALLOC(MLDSA_MAX_PRV_KEY_DER_SIZE, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
key = (wc_MlDsaKey *)XMALLOC(sizeof(*key), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (der == NULL || key == NULL) {
ret = MEMORY_E;
}
#endif
/* Initialize key */
if (ret == 0) {
ret = wc_MlDsaKey_Init(key, NULL, devId);
}
/* Import raw key, setting the security level */
if (ret == 0) {
ret = wc_MlDsaKey_SetParams(key, expectedLevel);
}
if (ret == 0) {
#ifdef WOLFSSL_MLDSA_PUBLIC_KEY
if (isPublicOnlyKey) {
ret = wc_MlDsaKey_ImportPubRaw(key, rawKey, rawKeySz);
}
#endif
#ifdef WOLFSSL_MLDSA_PRIVATE_KEY
if (!isPublicOnlyKey) {
ret = wc_MlDsaKey_ImportPrivRaw(key, rawKey, rawKeySz);
}
#endif
}
#if !defined(WOLFSSL_MLDSA_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE)
/* Export raw key as DER */
if (ret == 0) {
#ifdef WOLFSSL_MLDSA_PUBLIC_KEY
if (isPublicOnlyKey) {
ret = wc_MlDsaKey_PublicKeyToDer(key, der,
MLDSA_MAX_PRV_KEY_DER_SIZE, 1);
}
#endif
#ifdef WOLFSSL_MLDSA_PRIVATE_KEY
if (!isPublicOnlyKey) {
ret = wc_MlDsaKey_PrivateKeyToDer(key, der,
MLDSA_MAX_PRV_KEY_DER_SIZE);
}
#endif
if (ret >= 0) {
derSz = ret;
ret = 0;
}
}
/* Free and reinit key to test fresh decode */
if (ret == 0) {
wc_MlDsaKey_Free(key);
ret = wc_MlDsaKey_Init(key, NULL, devId);
}
/* First test decoding when security level is set externally */
if (ret == 0) {
ret = wc_MlDsaKey_SetParams(key, expectedLevel);
}
if (ret == 0) {
idx = 0;
#ifdef WOLFSSL_MLDSA_PUBLIC_KEY
if (isPublicOnlyKey) {
ret = wc_MlDsaKey_PublicKeyDecode(key, der, derSz, &idx);
}
#endif
#ifdef WOLFSSL_MLDSA_PRIVATE_KEY
if (!isPublicOnlyKey) {
ret = wc_MlDsaKey_PrivateKeyDecode(key, der, derSz, &idx);
}
#endif
}
/* Free and reinit key to test fresh decode */
if (ret == 0) {
wc_MlDsaKey_Free(key);
ret = wc_MlDsaKey_Init(key, NULL, devId);
}
#ifndef WOLFSSL_MLDSA_FIPS204_DRAFT
/* Test decoding without setting security level - should auto-detect */
if (ret == 0) {
idx = 0;
#ifdef WOLFSSL_MLDSA_PUBLIC_KEY
if (isPublicOnlyKey) {
ret = wc_MlDsaKey_PublicKeyDecode(key, der, derSz, &idx);
}
#endif
#ifdef WOLFSSL_MLDSA_PRIVATE_KEY
if (!isPublicOnlyKey) {
ret = wc_MlDsaKey_PrivateKeyDecode(key, der, derSz, &idx);
}
#endif
}
/* Verify auto-detected security level */
if (ret == 0 && key->level != expectedLevel) {
printf("ML-DSA key decode failed to detect level.\n"
"\tExpected level=%d\n\tGot level=%d\n",
expectedLevel, key->level);
ret = WC_TEST_RET_ENC_NC;
}
#endif /* !WOLFSSL_MLDSA_FIPS204_DRAFT */
#ifdef WOLFSSL_MLDSA_PRIVATE_KEY
/* Negative: a private key with an out-of-range s1 coefficient must be
* rejected. s1 follows rho || K || tr; force its first byte out of range. */
if ((ret == 0) && (!isPublicOnlyKey)) {
XMEMCPY(der, rawKey, rawKeySz);
der[MLDSA_PUB_SEED_SZ + MLDSA_K_SZ + MLDSA_TR_SZ] = 0xff;
wc_MlDsaKey_Free(key);
ret = wc_MlDsaKey_Init(key, NULL, devId);
if (ret == 0) {
ret = wc_MlDsaKey_SetParams(key, expectedLevel);
}
if (ret == 0) {
if (wc_MlDsaKey_ImportPrivRaw(key, der, rawKeySz) !=
WC_NO_ERR_TRACE(PUBLIC_KEY_E)) {
ret = WC_TEST_RET_ENC_NC;
}
}
}
#endif
#endif /* !WOLFSSL_MLDSA_NO_ASN1 && WOLFSSL_ASN_TEMPLATE */
/* Cleanup */
wc_MlDsaKey_Free(key);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
/* Test Dilithium key decoding and security level detection */
static wc_test_ret_t mldsa_decode_test(void)
{
wc_test_ret_t ret;
const byte* key;
word32 keySz;
#if defined(WOLFSSL_MLDSA_PRIVATE_KEY) && \
!defined(WOLFSSL_MLDSA_NO_SIGN)
const int isPrvKey = 0;
#endif
#if defined(WOLFSSL_MLDSA_PUBLIC_KEY) && \
!defined(WOLFSSL_MLDSA_NO_VERIFY)
const int isPubKey = 1;
#endif
#ifndef WOLFSSL_NO_ML_DSA_44
#if defined(WOLFSSL_MLDSA_PRIVATE_KEY) && \
!defined(WOLFSSL_MLDSA_NO_SIGN)
/* Test ML-DSA-44 */
key = bench_mldsa_44_key;
keySz = sizeof_bench_mldsa_44_key;
ret = test_mldsa_decode_level(key, keySz, WC_ML_DSA_44, isPrvKey);
if (ret != 0) {
return ret;
}
#endif /* WOLFSSL_MLDSA_PRIVATE_KEY */
#if defined(WOLFSSL_MLDSA_PUBLIC_KEY) && \
!defined(WOLFSSL_MLDSA_NO_VERIFY)
key = bench_mldsa_44_pubkey;
keySz = sizeof_bench_mldsa_44_pubkey;
ret = test_mldsa_decode_level(key, keySz, WC_ML_DSA_44, isPubKey);
if (ret != 0) {
return ret;
}
#endif /* WOLFSSL_MLDSA_PUBLIC_KEY */
#endif /* WOLFSSL_NO_ML_DSA_44 */
#ifndef WOLFSSL_NO_ML_DSA_65
#if defined(WOLFSSL_MLDSA_PRIVATE_KEY) && \
!defined(WOLFSSL_MLDSA_NO_SIGN)
/* Test ML-DSA-65 */
key = bench_mldsa_65_key;
keySz = sizeof_bench_mldsa_65_key;
ret = test_mldsa_decode_level(key, keySz, WC_ML_DSA_65, isPrvKey);
if (ret != 0) {
return ret;
}
#endif /* WOLFSSL_MLDSA_PRIVATE_KEY */
#if defined(WOLFSSL_MLDSA_PUBLIC_KEY) && \
!defined(WOLFSSL_MLDSA_NO_VERIFY)
key = bench_mldsa_65_pubkey;
keySz = sizeof_bench_mldsa_65_pubkey;
ret = test_mldsa_decode_level(key, keySz, WC_ML_DSA_65, isPubKey);
if (ret != 0) {
return ret;
}
#endif /* WOLFSSL_MLDSA_PUBLIC_KEY */
#endif /* WOLFSSL_NO_ML_DSA_65 */
#ifndef WOLFSSL_NO_ML_DSA_87
#if defined(WOLFSSL_MLDSA_PRIVATE_KEY) && \
!defined(WOLFSSL_MLDSA_NO_SIGN)
/* Test ML-DSA-87 */
key = bench_mldsa_87_key;
keySz = sizeof_bench_mldsa_87_key;
ret = test_mldsa_decode_level(key, keySz, WC_ML_DSA_87, isPrvKey);
if (ret != 0) {
return ret;
}
#endif /* WOLFSSL_MLDSA_PRIVATE_KEY */
#if defined(WOLFSSL_MLDSA_PUBLIC_KEY) && \
!defined(WOLFSSL_MLDSA_NO_VERIFY)
key = bench_mldsa_87_pubkey;
keySz = sizeof_bench_mldsa_87_pubkey;
ret = test_mldsa_decode_level(key, keySz, WC_ML_DSA_87, isPubKey);
if (ret != 0) {
return ret;
}
#endif /* WOLFSSL_MLDSA_PUBLIC_KEY */
#endif /* WOLFSSL_NO_ML_DSA_87 */
return ret;
}
#endif /* (WOLFSSL_MLDSA_PUBLIC_KEY && !WOLFSSL_MLDSA_NO_VERIFY) ||
* (WOLFSSL_MLDSA_PRIVATE_KEY && !WOLFSSL_MLDSA_NO_SIGN) */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mldsa_test(void)
{
wc_test_ret_t ret;
WC_RNG rng;
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
ret = wc_InitRng(&rng);
#endif
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret);
return ret;
}
#ifndef WOLFSSL_NO_ML_DSA_44
#ifndef WOLFSSL_MLDSA_NO_VERIFY
ret = mldsa_param_44_vfy_test();
if (ret != 0)
ERROR_OUT(ret, out);
#endif
#ifndef WOLFSSL_MLDSA_NO_MAKE_KEY
ret = mldsa_param_test(WC_ML_DSA_44, &rng);
if (ret != 0)
ERROR_OUT(ret, out);
#endif
#endif
#ifndef WOLFSSL_NO_ML_DSA_65
#ifndef WOLFSSL_MLDSA_NO_VERIFY
ret = mldsa_param_65_vfy_test();
if (ret != 0)
ERROR_OUT(ret, out);
#endif
#ifndef WOLFSSL_MLDSA_NO_MAKE_KEY
ret = mldsa_param_test(WC_ML_DSA_65, &rng);
if (ret != 0)
ERROR_OUT(ret, out);
#endif
#endif
#ifndef WOLFSSL_NO_ML_DSA_87
#ifndef WOLFSSL_MLDSA_NO_VERIFY
ret = mldsa_param_87_vfy_test();
if (ret != 0)
ERROR_OUT(ret, out);
#endif
#ifndef WOLFSSL_MLDSA_NO_MAKE_KEY
ret = mldsa_param_test(WC_ML_DSA_87, &rng);
if (ret != 0)
ERROR_OUT(ret, out);
#endif
#endif
#if defined(WC_MLDSA_CACHE_MATRIX_A) && \
!defined(WC_MLDSA_FIXED_ARRAY) && \
!defined(WOLFSSL_MLDSA_NO_MAKE_KEY) && \
!defined(WOLFSSL_MLDSA_NO_SIGN) && \
!defined(WOLFSSL_MLDSA_NO_VERIFY)
#ifndef WOLFSSL_NO_ML_DSA_44
ret = mldsa_sign_cache_alloc_test(WC_ML_DSA_44, &rng);
if (ret != 0)
ERROR_OUT(ret, out);
#endif
#ifndef WOLFSSL_NO_ML_DSA_65
ret = mldsa_sign_cache_alloc_test(WC_ML_DSA_65, &rng);
if (ret != 0)
ERROR_OUT(ret, out);
#endif
#ifndef WOLFSSL_NO_ML_DSA_87
ret = mldsa_sign_cache_alloc_test(WC_ML_DSA_87, &rng);
if (ret != 0)
ERROR_OUT(ret, out);
#endif
#endif
#if (defined(WOLFSSL_MLDSA_PRIVATE_KEY) && \
!defined(WOLFSSL_MLDSA_NO_SIGN)) || \
(defined(WOLFSSL_MLDSA_PUBLIC_KEY) && \
!defined(WOLFSSL_MLDSA_NO_VERIFY))
ret = mldsa_decode_test();
if (ret != 0) {
ERROR_OUT(ret, out);
}
#endif /* (WOLFSSL_MLDSA_PUBLIC_KEY && !WOLFSSL_MLDSA_NO_VERIFY) ||
* (WOLFSSL_MLDSA_PRIVATE_KEY && !WOLFSSL_MLDSA_NO_SIGN) */
#if !defined(WOLFSSL_MLDSA_NO_MAKE_KEY) || \
!defined(WOLFSSL_MLDSA_NO_VERIFY) || \
defined(WOLFSSL_MLDSA_PRIVATE_KEY) || \
defined(WOLFSSL_MLDSA_PUBLIC_KEY)
out:
#endif
wc_FreeRng(&rng);
return ret;
}
#endif /* WOLFSSL_HAVE_MLDSA */
#if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY)
static enum wc_XmssRc xmss_write_key_mem(const byte * priv, word32 privSz,
void *context)
{
/* WARNING: THIS IS AN INSECURE WRITE CALLBACK THAT SHOULD ONLY
* BE USED FOR TESTING PURPOSES! Production applications should
* write only to non-volatile storage. */
XMEMCPY(context, priv, privSz);
return WC_XMSS_RC_SAVED_TO_NV_MEMORY;
}
static enum wc_XmssRc xmss_read_key_mem(byte * priv, word32 privSz,
void *context)
{
/* WARNING: THIS IS AN INSECURE READ CALLBACK THAT SHOULD ONLY
* BE USED FOR TESTING PURPOSES! */
XMEMCPY(priv, context, privSz);
return WC_XMSS_RC_READ_TO_MEMORY;
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void)
{
int i = 0;
int j = 0;
XmssKey signingKey;
XmssKey verifyKey;
WC_RNG rng;
word32 pkSz = 0;
word32 skSz = 0;
word32 sigSz = 0;
word32 bufSz = 0;
#ifdef WOLFSSL_NO_MALLOC
static byte sk[2048];
#else
byte * sk = NULL;
#endif
const char * msg = "XMSS post quantum signature test";
word32 msgSz = (word32) XSTRLEN(msg);
#if WOLFSSL_XMSS_MIN_HEIGHT <= 10
const char * param = "XMSS-SHA2_10_256";
#elif WOLFSSL_XMSS_MIN_HEIGHT <= 20
const char * param = "XMSSMT-SHA2_20/4_256";
#elif WOLFSSL_XMSS_MIN_HEIGHT <= 40
const char * param = "XMSSMT-SHA2_40/8_256";
#else
const char * param = "XMSSMT-SHA2_60/12_256";
#endif
#ifdef WOLFSSL_NO_MALLOC
static byte sig[4096];
static byte old_sig[4096];
#else
byte * sig = NULL;
byte * old_sig = NULL;
#endif
int ret2 = -1;
int ret = WC_TEST_RET_ENC_NC;
WOLFSSL_ENTER("xmss_test");
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
ret = wc_InitRng(&rng);
#endif
if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
ret = wc_XmssKey_Init(&signingKey, NULL, devId);
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
ret = wc_XmssKey_Init(&verifyKey, NULL, devId);
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
/* Set the parameter string to the signing key, and
* get sizes for secret key, pub key, and signature. */
ret = wc_XmssKey_SetParamStr(&signingKey, param);
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
ret = wc_XmssKey_GetPubLen(&signingKey, &pkSz);
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
if (pkSz != XMSS_SHA256_PUBLEN) {
ERROR_OUT(WC_TEST_RET_ENC_I(pkSz), out);
}
ret = wc_XmssKey_GetPrivLen(&signingKey, &skSz);
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
ret = wc_XmssKey_GetSigLen(&signingKey, &sigSz);
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
/* Allocate signature buffers (current and previous iteration). */
#ifdef WOLFSSL_NO_MALLOC
if (sigSz > sizeof(sig))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
sig = (byte *)XMALLOC(sigSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (sig == NULL) { ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); }
old_sig = (byte *)XMALLOC(sigSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (old_sig == NULL) { ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); }
#endif
bufSz = sigSz;
#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
fprintf(stderr, "param: %s\n", param);
fprintf(stderr, "pkSz: %d\n", pkSz);
fprintf(stderr, "skSz: %d\n", skSz);
fprintf(stderr, "sigSz: %d\n", sigSz);
#endif
/* Allocate the secret key buffer used by the software write/read
* callbacks. */
#ifdef WOLFSSL_NO_MALLOC
if (skSz > sizeof(sk))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#else
sk = (unsigned char *)XMALLOC(skSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (sk == NULL) { ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); }
#endif
XMEMSET(sk, 0, skSz);
XMEMSET(sig, 0, sigSz);
ret = wc_XmssKey_SetWriteCb(&signingKey, xmss_write_key_mem);
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
ret = wc_XmssKey_SetReadCb(&signingKey, xmss_read_key_mem);
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
ret = wc_XmssKey_SetContext(&signingKey, (void *) sk);
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
ret = wc_XmssKey_MakeKey(&signingKey, &rng);
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
/* Export the pub to a verify key. */
ret = wc_XmssKey_ExportPub_ex(&verifyKey, &signingKey, NULL, devId);
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
/* Repeat a few times to check that:
* 1. Each Sign advances state (so signing the same message yields a
* different signature than the previous iteration).
* 2. We can verify each new signature.
* Only do a few times, because the full signature space
* for this parameter set is huge. */
for (i = 0; i < 10; ++i) {
ret = wc_XmssKey_Sign(&signingKey, sig, &sigSz, (byte *) msg, msgSz);
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_I(i), out); }
if (sigSz != bufSz) { ERROR_OUT(WC_TEST_RET_ENC_I(i), out); }
/* XMSS is deterministic given (SK_state, msg); a stuck leaf would
* produce an identical signature. This check is agnostic to whether
* the private state lives in user memory (software path) or on a
* cryptocb device. */
if (i > 0) {
ret = XMEMCMP(old_sig, sig, sigSz);
if (ret == 0) { ERROR_OUT(WC_TEST_RET_ENC_I(i), out); }
}
XMEMCPY(old_sig, sig, sigSz);
ret = wc_XmssKey_Verify(&verifyKey, sig, sigSz, (byte *) msg, msgSz);
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_I(i), out); }
/* Flip bits in a few places throughout the signature, stepping in multiple
* of hash size. These should all fail with -1. */
for (j = 0; j < (int) sigSz; j+= 4 * 32) {
sig[j] ^= 1;
ret2 = wc_XmssKey_Verify(&verifyKey, sig, sigSz, (byte *) msg,
msgSz);
if ((ret2 != -1) && (ret2 != WC_NO_ERR_TRACE(SIG_VERIFY_E))) {
/* Verify passed when it should have failed. */
ERROR_OUT(WC_TEST_RET_ENC_I(j), out);
}
/* Flip this spot back. */
sig[j] ^= 1;
}
}
out:
/* Cleanup everything. */
#ifndef WOLFSSL_NO_MALLOC
XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
sig = NULL;
XFREE(old_sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
old_sig = NULL;
XFREE(sk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
sk = NULL;
#endif /* !WOLFSSL_NO_MALLOC */
wc_XmssKey_Free(&signingKey);
wc_XmssKey_Free(&verifyKey);
wc_FreeRng(&rng);
return ret;
}
#endif /*if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY)*/
#if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_SMALL_STACK) && \
WOLFSSL_XMSS_MIN_HEIGHT <= 10
/* A simple xmss verify only test using:
* XMSS-SHA2_10_256
* pub len: 68
* msg len: 32
* sig len: 2500
*
* These were generated with the test xmss_fast, from the unpatched
* xmss-reference repository:
* https://github.com/XMSS/xmss-reference
* */
static const byte xmss_pub[XMSS_SHA256_PUBLEN] =
{
0x00,0x00,0x00,0x01,0xA5,0x41,0x31,0x96,
0x0A,0xF9,0xF3,0xB2,0x4B,0x2E,0x5B,0x3E,
0xCA,0x74,0xAD,0x6C,0xA5,0x89,0xAD,0x2C,
0x0E,0x96,0xB3,0x54,0xFB,0x5B,0x63,0x50,
0x96,0x81,0xE2,0x59,0x72,0x10,0x09,0x54,
0xBB,0x39,0xAC,0xEE,0x78,0xEF,0x95,0xEC,
0x01,0x1D,0xF0,0x36,0x68,0xE2,0xC4,0xA5,
0x2F,0x60,0x42,0x7E,0xD3,0x8E,0xAA,0x27,
0xC9,0xB7,0x39,0x4E
};
static /* not const */ byte xmss_msg[32] =
{
0x07,0x9F,0x80,0x86,0xDB,0x76,0x27,0xDF,
0xED,0x5B,0x2A,0x81,0x60,0x60,0x7D,0xB4,
0xE8,0x7A,0x69,0x45,0x20,0x6B,0xA2,0x96,
0xC0,0x21,0xA5,0x46,0x29,0x63,0x9B,0x37
};
/* This was actually the 5th signature produced from
* xmss_fast test in xmss-reference. */
static /* not const */ byte xmss_sig[2500] =
{
0x00,0x00,0x00,0x05,0xF0,0x15,0x34,0xBA,
0x92,0x03,0x6A,0xB9,0xA5,0x23,0x86,0x11,
0xAE,0x65,0x0A,0x5C,0x78,0x2C,0xC9,0xBE,
0x7E,0xA6,0xDC,0xA2,0x8B,0xA9,0x9C,0x50,
0xF6,0x61,0x8D,0x9D,0xD7,0xE9,0xC0,0xF8,
0x67,0xCD,0x8A,0xC4,0x9B,0x74,0x96,0x07,
0x5D,0xF2,0xC9,0xCC,0x28,0x05,0xB1,0xBE,
0x5E,0xA4,0xBA,0xBE,0xAB,0xD8,0x21,0x6B,
0x21,0x5F,0xAB,0xB7,0x6C,0xEC,0x2F,0xC8,
0xC6,0x74,0x3E,0x97,0x1B,0xC3,0x45,0x57,
0xAF,0xAA,0x1E,0xA8,0xF2,0x86,0xA8,0xAA,
0x43,0x6D,0x66,0xE9,0x81,0x14,0xDE,0x09,
0x39,0xD2,0xAF,0xD1,0x4C,0xE7,0x75,0x18,
0x0D,0xAA,0x29,0xA1,0x92,0x53,0xCC,0xE9,
0xF3,0x0B,0x1E,0x3B,0xE2,0xAE,0x80,0x0C,
0xE7,0x7A,0x7C,0x13,0x8A,0x28,0xC6,0x5F,
0x0A,0xA4,0xA3,0x73,0x0A,0x3A,0xC2,0xA6,
0x3B,0xB4,0x30,0x67,0xC0,0x36,0x18,0xA1,
0x58,0xCD,0xAD,0x54,0x36,0x64,0xCE,0xFD,
0x52,0xFF,0x70,0x7E,0x09,0xFB,0x13,0xA2,
0xEA,0xDF,0x67,0x8D,0x6C,0x42,0xB2,0x78,
0xF5,0x7D,0x5C,0x4B,0xF7,0x8E,0xCF,0x3E,
0xB7,0xC6,0xC1,0x23,0xFA,0x65,0xDE,0xD2,
0xFA,0x40,0x51,0x97,0x0D,0x52,0x32,0x76,
0x7E,0x82,0x8D,0xD0,0xB9,0x1E,0x62,0xD9,
0x1E,0xC1,0xDB,0x40,0x43,0x37,0x4A,0x23,
0x8A,0x1D,0x35,0xFA,0xF4,0x53,0x11,0x5A,
0xB5,0x6D,0x1E,0x8B,0x22,0xC8,0x7D,0x2A,
0xE4,0x94,0xAA,0x25,0x20,0x40,0x96,0xDB,
0x82,0x62,0xBA,0x8F,0x8B,0x45,0xCB,0x4F,
0x35,0x88,0x33,0xEB,0xEF,0xB3,0xBA,0xA7,
0x09,0x72,0xB3,0x4C,0xEC,0xF2,0xC3,0xC7,
0x5E,0x02,0x6C,0x41,0x93,0xCB,0x3C,0x89,
0x12,0x09,0x68,0x54,0x8E,0xEC,0x6A,0x7E,
0x20,0xE1,0x70,0x3D,0x8C,0xEB,0xB4,0x36,
0xBE,0x91,0xBE,0x97,0xB5,0xA6,0x34,0x16,
0x95,0x0F,0x10,0x26,0xA9,0x13,0x80,0x88,
0x9C,0xAA,0x68,0xEC,0x34,0x70,0x4A,0x15,
0x9B,0x5E,0x57,0x05,0x87,0x1C,0xF8,0x35,
0x45,0x29,0xE9,0x6E,0xF2,0x70,0x13,0x42,
0x89,0x4E,0x77,0xC0,0x18,0xC7,0x55,0x6D,
0xE7,0xFA,0x0D,0x63,0x83,0x16,0x19,0x01,
0x2D,0xFD,0x31,0x14,0x94,0xCA,0x3E,0x0E,
0xD6,0x11,0x34,0x81,0x57,0x58,0xEC,0x24,
0xA4,0x17,0x63,0xD3,0x25,0x00,0xBF,0x7D,
0x78,0x5D,0xC5,0xD8,0xC6,0xC1,0xBD,0x8C,
0xD0,0x94,0x0A,0xB1,0x33,0xA5,0x4B,0x31,
0x25,0xF5,0xAF,0xE7,0x84,0x26,0xAA,0x05,
0xBB,0xF3,0x9A,0xAF,0x58,0x36,0x40,0xEF,
0x3D,0xA2,0xBD,0xCA,0xA1,0x8D,0x2F,0x6D,
0x54,0xD2,0x62,0x33,0x09,0xAE,0xE6,0x73,
0xD6,0x44,0xE8,0x7C,0x5C,0x39,0x2B,0x78,
0x94,0x14,0xC7,0xC9,0xAF,0xEC,0x77,0x36,
0xA1,0x61,0x61,0xF1,0xD0,0x09,0xA2,0xEE,
0xE7,0x55,0xD7,0x35,0x89,0x89,0x9B,0xCF,
0xFA,0xA6,0x09,0x1E,0x3B,0xBD,0x5D,0xD9,
0x25,0xE7,0xED,0xDD,0x7C,0xF0,0x1C,0x57,
0xE0,0x06,0xBB,0x08,0x39,0x59,0xDF,0xD7,
0xAF,0x4B,0x88,0x0D,0x87,0x8F,0x4A,0xF3,
0x1C,0xD4,0x4B,0xB3,0xE2,0xF3,0x1B,0x86,
0x4F,0xCD,0x35,0x75,0xE2,0x03,0xF9,0x1D,
0xBF,0x3E,0xD1,0x7B,0xC7,0x23,0x11,0x75,
0x5F,0x92,0x0D,0x98,0xEE,0x14,0xE1,0xDA,
0x7A,0x02,0x17,0x47,0x6B,0x41,0xEA,0x47,
0xA1,0xAF,0x06,0x79,0x1A,0x52,0x6F,0x19,
0x31,0x70,0x71,0xBD,0xC2,0x61,0x8D,0xB7,
0xEE,0x6B,0x69,0x2A,0xE8,0x21,0x7A,0x95,
0xBE,0x86,0x2A,0xA1,0xF4,0xE2,0x2F,0x17,
0x02,0xFD,0xAD,0x17,0x9F,0x0A,0x0A,0x78,
0xA9,0x92,0x30,0x21,0x72,0x2B,0x28,0xF8,
0xF2,0x3E,0x05,0xD5,0xAC,0xC0,0x82,0xF8,
0xD2,0xDA,0xD0,0xA3,0xBC,0x93,0xDB,0xA5,
0x46,0xDE,0x14,0x1E,0xD4,0x3A,0x5D,0x79,
0x3D,0x31,0x4B,0x06,0xCE,0x22,0x29,0x3C,
0x98,0xB6,0x18,0x8A,0xAE,0xF7,0xBA,0x22,
0x88,0xA1,0xEE,0xC0,0x14,0x4C,0x4A,0xA0,
0x57,0x0A,0xD3,0x18,0xA2,0x3D,0xDD,0xC7,
0x83,0x73,0xFC,0x38,0x9B,0x31,0xA3,0xE1,
0x17,0x76,0xA1,0xA2,0x69,0xFC,0xAB,0x08,
0x80,0x72,0x8D,0xF5,0xE4,0x14,0xB7,0x6B,
0x03,0xFF,0xE8,0x11,0x4B,0x06,0x55,0x7E,
0x36,0x21,0x2F,0xD7,0x54,0x82,0xC9,0x31,
0xB4,0x85,0x68,0x41,0xEF,0x75,0xB0,0x3A,
0xEA,0x4F,0xE0,0xEC,0x72,0xCC,0x33,0x96,
0xCE,0x7D,0xAD,0xDD,0x0D,0x27,0x05,0x6E,
0xA2,0xD4,0x11,0x07,0xD8,0x7D,0x27,0xD4,
0x80,0x8F,0x00,0x22,0xE4,0xFC,0x2C,0x9D,
0xD5,0xD8,0x18,0x7F,0x4E,0xF4,0xB9,0x7F,
0xEF,0xD6,0x00,0x08,0x5C,0x05,0x04,0x1E,
0x9A,0xC6,0x8D,0xCC,0x19,0xD9,0x0B,0x06,
0xCC,0x6A,0x17,0xE2,0x03,0x23,0xDB,0x1C,
0xBC,0xA2,0xB9,0xA2,0x95,0x3C,0x73,0xD8,
0xFF,0xE6,0x0E,0xAE,0x04,0xB2,0xFC,0x91,
0x4F,0xEF,0x8A,0x58,0xB7,0x31,0x68,0x4C,
0x1E,0xD0,0x5B,0x85,0xCC,0x03,0xDC,0xF4,
0xAC,0xDB,0x03,0x9B,0x35,0x33,0x08,0x71,
0xD0,0x50,0x8D,0xDC,0xE3,0x3A,0x98,0x40,
0x41,0x80,0xDD,0x35,0xE1,0xA2,0xAF,0x14,
0x9A,0xDB,0xD3,0x68,0x14,0xE2,0x50,0x7A,
0x76,0x3F,0xE4,0xA4,0x1B,0xAA,0xC1,0x06,
0x87,0x9A,0x92,0xF9,0xBE,0x9E,0x86,0x8C,
0x92,0x1D,0x74,0xB1,0x7F,0x27,0x43,0xC0,
0xEE,0x2E,0xC2,0x6C,0x6D,0xAA,0x0C,0x0E,
0x71,0xC9,0x56,0xD6,0x3A,0x56,0xCB,0x90,
0xD1,0x7E,0x6E,0x1C,0x6A,0x00,0x2D,0x02,
0x2C,0x96,0xF0,0x2A,0x37,0x37,0x18,0x07,
0x0B,0xF4,0xB4,0x8C,0x30,0xF2,0xA4,0xAB,
0x66,0xFB,0x8B,0x22,0xC0,0x00,0x7E,0x05,
0xB6,0xF9,0x95,0x49,0x33,0xA1,0xDC,0x97,
0x0C,0x5C,0x61,0x46,0xE2,0xD7,0x87,0x4B,
0xC4,0xC7,0x5F,0x26,0x06,0x84,0xD7,0x47,
0x05,0xF1,0x33,0xFF,0x85,0x85,0xB2,0xBD,
0x1F,0x44,0xC6,0xC2,0x7D,0x51,0xBE,0x0E,
0xB5,0xC4,0x44,0x2F,0xFE,0x73,0x5F,0xF4,
0xA4,0xEF,0xE2,0xF1,0x73,0x0B,0xEF,0x3E,
0x2B,0xD7,0xCC,0x9F,0xDA,0x1A,0x7E,0x92,
0x39,0xA1,0x55,0xBF,0x60,0x0A,0xDB,0x23,
0x74,0xFE,0xE7,0x05,0x63,0xA9,0x85,0x52,
0x9F,0xCC,0xC3,0xFF,0xF6,0x6C,0x1B,0x4E,
0x4F,0x01,0xBD,0xC3,0xEB,0x37,0xEC,0x29,
0x21,0x3B,0x2C,0xC9,0x2E,0x93,0x20,0x3E,
0x19,0xC0,0x8B,0xE8,0x33,0xCD,0xC6,0x6A,
0x6E,0x72,0x13,0x15,0xA1,0x90,0x20,0x0C,
0x14,0x66,0xED,0xCC,0xA4,0xDD,0x7F,0x58,
0x53,0xBC,0x4A,0x68,0xFC,0x86,0x3E,0xAA,
0xF1,0x17,0x0F,0x3E,0x20,0x54,0x93,0xF4,
0x98,0xBF,0xB4,0x07,0x05,0xBD,0x70,0xE7,
0xD7,0x34,0xFD,0xE3,0x69,0xDF,0xCD,0xF5,
0x1A,0x73,0x6E,0xC9,0x2B,0x21,0xFB,0xB8,
0x7E,0x44,0x10,0x83,0x56,0xCE,0xD5,0x15,
0x9A,0x75,0xFC,0x91,0x8E,0x6B,0x9E,0x1A,
0x3A,0x33,0x39,0x35,0xB4,0x0D,0x74,0xF4,
0xFB,0x4C,0x0E,0x37,0xFE,0x82,0x95,0x46,
0x6B,0xD2,0x6E,0xEE,0xCD,0x4D,0x38,0xAF,
0x0A,0xAA,0xF1,0xD5,0xA4,0x7C,0x04,0xD8,
0xB9,0xDB,0x11,0x68,0x88,0x35,0x41,0xDE,
0x31,0x33,0x0C,0xDC,0x2D,0x4C,0xA8,0x20,
0xCC,0x2C,0x4C,0x63,0xAB,0xBA,0xDF,0x48,
0x84,0xD5,0x25,0xBC,0x70,0xE3,0x49,0xAA,
0x43,0xCA,0x8B,0xE7,0x9F,0xDD,0x20,0x76,
0x9B,0x38,0xF4,0xBA,0x4D,0x4E,0x34,0x4A,
0xAF,0x81,0xE7,0x0B,0xEC,0xE9,0x59,0xC1,
0x35,0x22,0x7F,0x69,0x46,0x62,0xD2,0x18,
0x6E,0x1F,0x79,0xD1,0xAD,0xC3,0x84,0x95,
0x96,0xB2,0x18,0x58,0x5E,0x7E,0x0C,0x25,
0x0A,0x0F,0x69,0xA3,0x1D,0xEC,0x29,0xCB,
0xDA,0xA2,0xD1,0x1A,0x10,0xA5,0x52,0xC3,
0x62,0x1E,0xC5,0x83,0xFF,0xA3,0x56,0xC2,
0xFD,0x87,0x3B,0x57,0x52,0x98,0x36,0x95,
0x77,0x6B,0xE5,0x49,0x10,0x8E,0x39,0xDD,
0xCA,0x4B,0xB3,0x9F,0x4C,0x0C,0x11,0x62,
0xF3,0x22,0x78,0xDB,0x48,0xEB,0x68,0xFE,
0xE4,0x2A,0xE9,0xAA,0x8F,0x7A,0x2F,0x69,
0xA5,0xC5,0x03,0x2D,0xEF,0x62,0xA8,0x71,
0x65,0x06,0x40,0x84,0x10,0x0F,0xF2,0xED,
0xBC,0x70,0x71,0x69,0x24,0xA2,0xBF,0x83,
0x39,0xDD,0xFA,0xA2,0x7B,0xE5,0xEC,0x3D,
0xFE,0x3B,0x52,0x6E,0x3D,0x82,0xA6,0x2A,
0x86,0x01,0x61,0x51,0x63,0xBF,0xF9,0x0A,
0x06,0x72,0xF1,0xD5,0x39,0x0C,0xBA,0xC9,
0x78,0xC6,0x77,0x22,0xE4,0x96,0x6E,0xB1,
0x48,0x62,0x84,0x62,0x2D,0xEA,0x49,0x56,
0x50,0x86,0x3F,0x90,0xC3,0x01,0x42,0x45,
0xED,0xE6,0x9A,0x65,0x19,0x93,0x7F,0x48,
0x16,0xF2,0x50,0xA7,0x70,0xB3,0xF5,0xDB,
0x0E,0x5E,0x22,0x9E,0x64,0x04,0x26,0x69,
0xC1,0x16,0xEE,0x65,0x08,0x82,0x27,0x65,
0xEC,0x3D,0xDF,0x51,0x5E,0x2D,0xE8,0x76,
0xF2,0xE3,0xE4,0x24,0x04,0x88,0x06,0x0F,
0xB2,0x7B,0x9B,0x72,0x3D,0x4C,0x7D,0x6A,
0x1F,0xB2,0xA2,0xD2,0x35,0xD6,0x40,0x25,
0xC2,0x0B,0x25,0xF9,0xDF,0x26,0xE4,0xDC,
0xFB,0xB1,0x84,0x84,0x77,0x1B,0x45,0x51,
0x60,0xD5,0xF0,0xB6,0x09,0xE6,0xBC,0xE3,
0x1C,0x70,0x96,0x2C,0xD3,0x9D,0x7D,0x7F,
0xB1,0x70,0xDA,0x79,0xB8,0x74,0x99,0xBF,
0x84,0x95,0xCC,0x93,0xD7,0x51,0xDD,0x66,
0xD3,0x70,0x0C,0x75,0x86,0x09,0x06,0xFD,
0x66,0x14,0x80,0xCD,0xF3,0x59,0xB4,0x92,
0x5F,0xE4,0xEE,0x00,0xA8,0xB0,0x8B,0x5C,
0x3E,0xDB,0x8A,0x9C,0x0B,0xB5,0x99,0xC2,
0x0D,0x81,0x09,0x06,0x6C,0x28,0xC0,0x7E,
0xA5,0x07,0x70,0x64,0xD7,0x41,0xF4,0xC3,
0x66,0x61,0x1C,0xA8,0x51,0xF6,0x3C,0xBA,
0xE0,0x94,0xA3,0x11,0x8C,0x2E,0xBA,0x13,
0xB2,0x47,0x48,0x93,0xB4,0x1A,0x2C,0x9A,
0x6E,0x8E,0x30,0x66,0x7B,0xD3,0xBB,0x3B,
0x5D,0x97,0x0D,0xE4,0xEA,0x24,0x28,0x9E,
0xB4,0x88,0xCE,0x1D,0x7D,0x6F,0x39,0xB3,
0x87,0x21,0xE5,0x08,0x93,0xF0,0xD4,0x9D,
0x2D,0x91,0xC9,0xFD,0x0C,0x74,0x34,0xB4,
0x1F,0xFE,0xDA,0xDC,0x10,0x5B,0x8D,0x2B,
0x87,0xD3,0x42,0xB4,0xAE,0x32,0x9C,0xAE,
0x4C,0x99,0xD8,0xED,0x44,0x41,0x07,0xE0,
0x8F,0xBD,0xA5,0x7C,0x5A,0xDF,0x91,0x29,
0x00,0xB5,0x4B,0xC3,0x3A,0x40,0x6C,0x48,
0xAB,0x2A,0xF3,0x02,0xCB,0xB3,0x69,0xDA,
0x06,0x0C,0x4D,0x5C,0x45,0xC3,0x28,0xAC,
0x7A,0x01,0xD4,0xF8,0xCB,0x07,0x63,0x89,
0x09,0x34,0x78,0xA7,0x14,0x39,0xCF,0x2D,
0x94,0x8D,0x7A,0x4E,0x4E,0xBD,0xC4,0x32,
0xAB,0x21,0xC9,0xDA,0x3F,0x5F,0x04,0x6B,
0x14,0x40,0x18,0x18,0x2F,0xF9,0x46,0x17,
0x57,0x54,0x9B,0x28,0x7B,0xBD,0xF9,0xA2,
0x13,0xAC,0x69,0x24,0xB1,0x31,0x39,0xBF,
0x8D,0x75,0xC3,0xFD,0x03,0x54,0x5A,0xFD,
0xD4,0x7A,0xB7,0x56,0x4F,0x66,0x43,0x57,
0x1B,0xFB,0xF9,0x92,0x7A,0x83,0xE6,0xFF,
0xB4,0xBA,0x83,0xD2,0x61,0x8E,0x4A,0x82,
0x82,0xA8,0xF5,0x0C,0xD2,0x43,0x53,0xA8,
0x85,0x0A,0xD4,0x69,0x7B,0x04,0x71,0x3B,
0x80,0x49,0x27,0x47,0x12,0xB6,0xB0,0xEA,
0x90,0x0A,0xFA,0xA8,0xC8,0x78,0x61,0xDE,
0x30,0x12,0xBB,0xDC,0xA6,0x57,0x56,0x30,
0x6E,0xF1,0xA8,0x3B,0xF6,0x09,0x07,0xEA,
0x31,0xE2,0x08,0x23,0x31,0x0F,0xD4,0x34,
0xE3,0x60,0xC2,0x2B,0xDB,0x5A,0x99,0xCF,
0xD4,0x6B,0x4E,0x75,0x65,0x35,0xE8,0x8B,
0x93,0x7D,0xCA,0x11,0x47,0xF0,0x3E,0x11,
0x5C,0xD1,0xEE,0x4B,0x11,0xB4,0x65,0x2B,
0x6B,0x79,0xC0,0x86,0x60,0xA4,0x4B,0x24,
0xA0,0x5C,0x70,0x34,0xC3,0x7C,0xE7,0x4F,
0x97,0x89,0x4D,0xFE,0x22,0x89,0x3A,0xE9,
0x07,0xB9,0x1A,0x86,0xB8,0x7A,0x12,0x38,
0xE1,0x24,0x46,0xBC,0x9B,0x21,0xCD,0xAC,
0x30,0xAB,0x98,0x21,0x31,0xC5,0x17,0x3F,
0x1E,0x56,0xC3,0x18,0xCE,0xF0,0xA1,0xCC,
0xFF,0x9D,0xA8,0x53,0xAF,0x74,0x77,0x54,
0x02,0x9A,0x8F,0xA4,0xD4,0xBD,0xB2,0x1A,
0xBA,0x52,0x2E,0x19,0xBE,0x49,0x11,0x45,
0x02,0x01,0x7A,0xBF,0x28,0xD6,0x18,0xED,
0xBD,0xCE,0xE4,0xDE,0xB5,0xF1,0x53,0x5D,
0x65,0xF9,0x5F,0x83,0x8F,0x2D,0xF2,0x82,
0xA0,0x2D,0x28,0xD3,0x0A,0x9E,0x0F,0x7F,
0xC7,0xC4,0x43,0x7F,0xC3,0x0E,0x06,0xEB,
0x4E,0xB4,0x2D,0xFA,0xDD,0x48,0xAB,0xF4,
0x7D,0x41,0x48,0x33,0x5A,0xE6,0x70,0x02,
0xE7,0x71,0x8D,0xD9,0x6B,0x0C,0x5A,0x8F,
0xA4,0xC1,0xB7,0x4E,0x96,0x83,0xD6,0xA7,
0x1D,0xF1,0x88,0xB3,0x6E,0xF4,0x12,0xA9,
0xF6,0x31,0x69,0x66,0xFE,0xFE,0x02,0xF2,
0x86,0x6D,0xBB,0x57,0x51,0x8C,0x4C,0xE9,
0x7C,0x92,0x3E,0x3A,0xD3,0x2D,0xA8,0x82,
0x53,0x84,0x26,0x89,0xBB,0xCC,0x13,0x12,
0x3D,0x94,0xBB,0xDF,0x3D,0x4C,0xDF,0x27,
0x9B,0x1F,0xB8,0xB6,0xE4,0xEA,0xA2,0x07,
0xF8,0x4D,0x42,0x8F,0x29,0x90,0xFE,0x21,
0x20,0xE9,0x55,0x02,0xAD,0x90,0xA7,0x77,
0x4E,0x29,0xB6,0xD9,0x14,0x94,0xB2,0x25,
0xA4,0xB2,0x0E,0x96,0x31,0xAB,0x9E,0x93,
0x49,0xAC,0xA9,0xCB,0x68,0x22,0xBA,0xB8,
0x57,0x5C,0x9D,0x65,0xC1,0xF1,0xFC,0x99,
0x7C,0x3C,0xE9,0xEA,0x4B,0x29,0x22,0x2F,
0xDB,0x17,0x21,0x8D,0xB0,0x13,0xBF,0xEE,
0x7D,0xE4,0x8B,0x6D,0x17,0xE0,0x53,0x92,
0x0B,0x32,0x6B,0xB1,0x65,0x2E,0xA7,0x83,
0xFD,0x62,0x62,0xE3,0xAA,0x81,0xE8,0xD6,
0xF7,0xB1,0x30,0x65,0x80,0x9F,0x77,0x1E,
0x4A,0xEA,0xE8,0x45,0x32,0x12,0x3A,0xFB,
0x22,0xE9,0xA9,0xF6,0xCB,0xAB,0xA8,0x0C,
0x20,0xA8,0x7C,0xF9,0xF7,0x53,0xC1,0xB4,
0xC0,0x5D,0x06,0x45,0xDD,0x7E,0xA7,0x34,
0xA1,0x21,0xC2,0x62,0xAB,0x22,0x45,0x3D,
0x73,0x4C,0x26,0xD1,0x1A,0xB2,0xF0,0xB2,
0x6D,0x11,0x70,0x58,0xAA,0xF5,0xA4,0xF5,
0xF8,0x0B,0x3D,0xC1,0xF6,0x17,0x70,0x15,
0xCD,0x72,0x02,0x7E,0x4E,0x94,0x96,0x0A,
0x56,0xCC,0xA5,0xA3,0xB3,0x7E,0xDD,0x5A,
0x72,0xD2,0xFB,0xAC,0x3D,0x0E,0x66,0x65,
0xE9,0x08,0x6C,0xB0,0x1C,0xE2,0x1A,0x82,
0xF6,0xF3,0x34,0x89,0x73,0x02,0x5B,0x42,
0x6D,0x40,0x61,0xB6,0xE0,0xE6,0x53,0x32,
0xA5,0x72,0x17,0x4F,0x3B,0x51,0x4F,0xBC,
0x00,0xE0,0x69,0x26,0xA9,0xAE,0x83,0xE3,
0x73,0x7F,0x71,0x97,0xE0,0xDC,0x7C,0x63,
0x9C,0x85,0x5F,0xDF,0x7D,0xE4,0x6C,0xD8,
0xA9,0x3A,0x6F,0x5E,0x4A,0x2E,0xB0,0xE7,
0x8B,0x45,0xE2,0x90,0x05,0x37,0xE8,0xAB,
0x49,0x48,0x4C,0xC0,0x59,0x1D,0x8C,0x46,
0x5B,0x84,0xE0,0x83,0xCE,0xEA,0x4B,0xF9,
0xD4,0xDC,0x63,0xDF,0x79,0xB7,0x5C,0x11,
0x25,0x7F,0x90,0x2E,0x0A,0x38,0x03,0xEA,
0xEA,0xA1,0x26,0x52,0x20,0x19,0xA3,0xBE,
0xFC,0x9D,0xB7,0x6E,0xA6,0x58,0x8E,0x6D,
0xC5,0x58,0xE9,0xED,0x2F,0x55,0x43,0x8B,
0x03,0x8B,0xE6,0xA4,0xC2,0x25,0x4B,0x36,
0xBA,0xD3,0x27,0x48,0x40,0x2E,0x87,0xA2,
0xD4,0x12,0xC6,0x05,0x36,0x03,0x11,0x51,
0xD1,0xF2,0xAC,0x71,0x2C,0xB6,0xC3,0xA5,
0x57,0x0F,0xAF,0x4B,0xBD,0xCD,0x47,0x4C,
0x3A,0x52,0x6F,0x47,0xE7,0x0B,0xB7,0xD5,
0xF7,0xA6,0x39,0x63,0x82,0x08,0x4C,0x41,
0x0E,0x2A,0x52,0x42,0x5A,0xEA,0x59,0xC7,
0x94,0xFB,0xD0,0x88,0x47,0x27,0xF6,0x97,
0x03,0x9E,0x29,0xB8,0x3A,0x67,0xE6,0xF3,
0x95,0xA7,0x42,0xC1,0x96,0xD1,0x9A,0xA6,
0xF0,0x09,0x0C,0xEA,0xE0,0xAB,0x0F,0x15,
0xE9,0xC3,0xEB,0xA5,0x89,0x86,0x98,0x32,
0x83,0xAB,0x30,0x33,0xAE,0x90,0x8D,0x2E,
0xB3,0xAA,0x91,0xA6,0xD9,0xA4,0x4A,0x54,
0xE0,0xD3,0x08,0xCC,0x79,0xCE,0xE4,0x15,
0x31,0xA6,0xCE,0x61,0xCF,0x03,0x06,0xEE,
0x8E,0xE2,0x64,0x29,0xD1,0x54,0x9B,0xD0,
0x5F,0x09,0x2B,0x8B,0xD5,0xF8,0xD4,0x7D,
0xF1,0x97,0x32,0xD9,0xEA,0x5A,0x0E,0x10,
0x8C,0x4D,0xFB,0x55,0xE6,0x27,0x0C,0xBA,
0xC1,0x73,0xC1,0x73,0xE3,0x1C,0x09,0xB3,
0x6F,0xB4,0x12,0xFA,0xF3,0x29,0xDC,0x23,
0x32,0xED,0x80,0x87,0x83,0xC2,0xF6,0x07,
0xB5,0xA9,0x22,0xDE,0x66,0x1A,0xA7,0x4A,
0x86,0xF1,0x39,0x9B,0xF4,0xE7,0x50,0x15,
0x4A,0x55,0x3C,0x93,0xB9,0xF9,0xFD,0xDC,
0xB3,0x5D,0x73,0x52
};
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test_verify_only(void)
{
XmssKey verifyKey;
unsigned char pub_raw[XMSS_SHA256_PUBLEN];
word32 pub_len = sizeof(pub_raw);
word32 pkSz = 0;
word32 sigSz = 0;
const char * param = "XMSS-SHA2_10_256";
int j = 0;
int ret2 = WC_TEST_RET_ENC_NC;
int ret = WC_TEST_RET_ENC_NC;
int n_diff = 0;
WOLFSSL_ENTER("xmss_test_verify_only");
XMEMSET(pub_raw, 0, sizeof(pub_raw));
ret = wc_XmssKey_Init(&verifyKey, NULL, devId);
if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
ret = wc_XmssKey_SetParamStr(&verifyKey, param);
if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
ret = wc_XmssKey_GetPubLen(&verifyKey, &pkSz);
if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
if (pkSz != XMSS_SHA256_PUBLEN) {
return WC_TEST_RET_ENC_EC(pkSz);
}
ret = wc_XmssKey_GetSigLen(&verifyKey, &sigSz);
if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
fprintf(stderr, "param: %s\n", param);
fprintf(stderr, "pkSz: %d\n", pkSz);
fprintf(stderr, "sigSz: %d\n", sigSz);
#endif
if (sigSz != sizeof(xmss_sig)) {
return WC_TEST_RET_ENC_EC(sigSz);
}
ret = wc_XmssKey_ImportPubRaw(&verifyKey, xmss_pub, XMSS_SHA256_PUBLEN);
if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
ret = wc_XmssKey_Verify(&verifyKey, xmss_sig, sizeof(xmss_sig),
(byte *) xmss_msg, sizeof(xmss_msg));
if (ret != 0) {
printf("error: wc_XmssKey_Verify returned %d, expected 0\n", ret);
return WC_TEST_RET_ENC_EC(ret);
}
/* Now test the ExportPubRaw API, verify we recover the original pub. */
ret = wc_XmssKey_ExportPubRaw(&verifyKey, pub_raw, &pub_len);
if (ret != 0) {
printf("error: wc_XmssKey_ExportPubRaw returned %d, expected 0\n", ret);
return WC_TEST_RET_ENC_EC(ret);
}
if (pub_len != XMSS_SHA256_PUBLEN) {
printf("error: xmss pub len %u, expected %d\n", pub_len,
XMSS_SHA256_PUBLEN);
return WC_TEST_RET_ENC_EC(pub_len);
}
n_diff = XMEMCMP(pub_raw, xmss_pub, sizeof(xmss_pub));
if (n_diff != 0) {
printf("error: exported and imported pub raw do not match: %d\n",
n_diff);
return WC_TEST_RET_ENC_EC(n_diff);
}
/* Flip bits in message. This should fail. */
xmss_msg[sizeof(xmss_msg) / 2] ^= 1;
ret2 = wc_XmssKey_Verify(&verifyKey, xmss_sig, sizeof(xmss_sig),
(byte *) xmss_msg, sizeof(xmss_msg));
if ((ret2 != -1) && (ret2 != WC_NO_ERR_TRACE(SIG_VERIFY_E))) {
printf("error: wc_XmssKey_Verify returned %d, expected -1\n", ret2);
return WC_TEST_RET_ENC_EC(ret2);
}
/* Flip it back. This should pass again. */
xmss_msg[sizeof(xmss_msg) / 2] ^= 1;
ret = wc_XmssKey_Verify(&verifyKey, xmss_sig, sizeof(xmss_sig),
(byte *) xmss_msg, sizeof(xmss_msg));
if (ret != 0) {
printf("error: wc_XmssKey_Verify returned %d, expected 0\n", ret);
return WC_TEST_RET_ENC_EC(ret);
}
/* Flip bits in a few places throughout the signature, stepping in multiple
* of hash size. These should all fail with -1. */
for (j = 0; j < (int) sizeof(xmss_sig); j+= 4 * 32) {
xmss_sig[j] ^= 1;
ret2 = wc_XmssKey_Verify(&verifyKey, xmss_sig, sizeof(xmss_sig),
(byte *) xmss_msg, sizeof(xmss_msg));
if ((ret2 != -1) && (ret2 != WC_NO_ERR_TRACE(SIG_VERIFY_E))) {
/* Verify passed when it should have failed. */
return WC_TEST_RET_ENC_I(j);
}
/* Flip this spot back. */
xmss_sig[j] ^= 1;
}
/* Cleanup everything. */
wc_XmssKey_Free(&verifyKey);
return ret;
}
#endif /* WOLFSSL_HAVE_XMSS && !WOLFSSL_SMALL_STACK &&
* WOLFSSL_XMSS_MIN_HEIGHT <= 10 */
#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)
static int lms_write_key_mem(const byte * priv, word32 privSz, void *context)
{
/* WARNING: THIS IS AN INSECURE WRITE CALLBACK THAT SHOULD ONLY
* BE USED FOR TESTING PURPOSES! Production applications should
* write only to non-volatile storage. */
XMEMCPY(context, priv, privSz);
return WC_LMS_RC_SAVED_TO_NV_MEMORY;
}
static int lms_read_key_mem(byte * priv, word32 privSz, void *context)
{
/* WARNING: THIS IS AN INSECURE READ CALLBACK THAT SHOULD ONLY
* BE USED FOR TESTING PURPOSES! */
XMEMCPY(priv, context, privSz);
return WC_LMS_RC_READ_TO_MEMORY;
}
/* LMS signature sizes are a function of their parameters. This
* test has a signature of 8688 bytes. */
#ifndef WOLFSSL_NO_LMS_SHA256_256
#define WC_TEST_LMS_SIG_LEN (8688)
#else
#define WC_TEST_LMS_SIG_LEN (4960)
#endif
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void)
{
int i = 0;
int j = 0;
int ret = WC_TEST_RET_ENC_NC;
int ret2 = WC_TEST_RET_ENC_NC;
int sigsLeft = 0;
LmsKey signingKey;
LmsKey verifyKey;
#if defined(WOLFSSL_NO_MALLOC) && defined(NO_WOLFSSL_MEMORY)
static byte signingKey_priv_data[4096];
#endif
WC_RNG rng;
word32 sigSz = 0;
const char * msg = "LMS HSS post quantum signature test";
word32 msgSz = (word32) XSTRLEN(msg);
#ifndef WOLFSSL_WC_LMS_SERIALIZE_STATE
unsigned char priv[HSS_MAX_PRIVATE_KEY_LEN];
#else
static unsigned char priv[64 * 1024 + HSS_MAX_PRIVATE_KEY_LEN];
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
byte * sig = (byte*)XMALLOC(WC_TEST_LMS_SIG_LEN, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
byte * old_sig = (byte*)XMALLOC(WC_TEST_LMS_SIG_LEN, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
#else
byte sig[WC_TEST_LMS_SIG_LEN];
byte old_sig[WC_TEST_LMS_SIG_LEN];
#endif
const byte * kid;
word32 kidSz;
WOLFSSL_ENTER("lms_test");
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if ((sig == NULL) || (old_sig == NULL)) {
XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(old_sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return WC_TEST_RET_ENC_ERRNO;
}
#endif
XMEMSET(priv, 0, sizeof(priv));
XMEMSET(sig, 0, WC_TEST_LMS_SIG_LEN);
XMEMSET(old_sig, 0, WC_TEST_LMS_SIG_LEN);
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&signingKey, 0, sizeof(signingKey));
XMEMSET(&verifyKey, 0, sizeof(verifyKey));
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
ret = wc_InitRng(&rng);
#endif
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
/* This test:
* levels: 1
* height: 5
* winternitz: 1
*
* max sigs: 2 ** (1 * 5) = 32
* signature length: 8688
*/
ret = wc_LmsKey_Init(&signingKey, NULL, devId);
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
#if defined(WOLFSSL_NO_MALLOC) && defined(NO_WOLFSSL_MEMORY)
signingKey.priv_data = signingKey_priv_data;
#endif
ret = wc_LmsKey_Init(&verifyKey, NULL, devId);
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
ret = wc_LmsKey_SetParameters(&signingKey, 1, 5, 1);
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
ret = wc_LmsKey_SetWriteCb(&signingKey, lms_write_key_mem);
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
ret = wc_LmsKey_SetReadCb(&signingKey, lms_read_key_mem);
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
ret = wc_LmsKey_SetContext(&signingKey, (void *) priv);
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
ret = wc_LmsKey_MakeKey(&signingKey, &rng);
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
ret = wc_LmsKey_GetKid(NULL, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_LmsKey_GetKid(&signingKey, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_LmsKey_GetKid(NULL, &kid, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_LmsKey_GetKid(NULL, NULL, &kidSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_LmsKey_GetKid(&signingKey, &kid, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_LmsKey_GetKid(&signingKey, NULL, &kidSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_LmsKey_GetKid(NULL, &kid, &kidSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_LmsKey_GetKid(&signingKey, &kid, &kidSz);
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
if (kidSz != WC_LMS_I_LEN) {
ERROR_OUT(WC_TEST_RET_ENC_I(kidSz), out);
}
ret = wc_LmsKey_ExportPub_ex(&verifyKey, &signingKey, NULL, devId);
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
ret = wc_LmsKey_GetSigLen(&verifyKey, &sigSz);
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); }
if (sigSz != WC_TEST_LMS_SIG_LEN) {
printf("error: got %u, expected %d\n", sigSz, WC_TEST_LMS_SIG_LEN);
ERROR_OUT(WC_TEST_RET_ENC_I(sigSz), out);
}
/* Test wc_LmsKey_Sign input validation. */
{
word32 smallSz = 1;
/* Undersized sig buffer should return BUFFER_E. This check runs in
* wc_LmsKey_Sign before the cryptocb dispatch, so it applies in both
* software and HSM modes. */
ret = wc_LmsKey_Sign(&signingKey, sig, &smallSz, (byte *) msg, msgSz);
if (ret != WC_NO_ERR_TRACE(BUFFER_E)) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
#ifdef WOLF_CRYPTO_CB
/* The NULL-WriteCb -> BAD_FUNC_ARG check in wc_LmsKey_Sign sits after
* the cryptocb dispatch; an HSM-backed Sign succeeds without ever
* reaching it. Only exercise this on the pure software path. */
if (devId == INVALID_DEVID)
#endif
{
wc_lms_write_private_key_cb saved_write_cb;
/* NULL write callback should return BAD_FUNC_ARG. */
saved_write_cb = signingKey.write_private_key;
signingKey.write_private_key = NULL;
ret = wc_LmsKey_Sign(&signingKey, sig, &sigSz, (byte *) msg, msgSz);
signingKey.write_private_key = saved_write_cb;
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
}
ret = 0;
}
/* 2 ** 5 should be the max number of signatures */
for (i = 0; i < 32; ++i) {
/* We should have remaining signstures. */
sigsLeft = wc_LmsKey_SigsLeft(&signingKey);
if (sigsLeft == 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
/* Sign with key. State advances on every signature. */
ret = wc_LmsKey_Sign(&signingKey, sig, &sigSz, (byte *) msg, msgSz);
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_I(i), out); }
/* LMS/HSS is deterministic given (state, msg); a stuck leaf would
* produce an identical signature. This check is agnostic to whether
* the private state lives in user memory (software path) or on a
* cryptocb device. */
if (i > 0) {
if (XMEMCMP(old_sig, sig, sigSz) == 0) {
printf("error: current signature should not match old: %d\n", i);
ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
}
}
XMEMCPY(old_sig, sig, sigSz);
ret = wc_LmsKey_Verify(&verifyKey, sig, sigSz, (byte *) msg, msgSz);
if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_I(i), out); }
/* Flip bits in a few places throughout the signature, stepping in multiple
* of hash size. These should all fail with -1. */
for (j = 0; j < (int) sigSz; j+= 4 * 32) {
sig[j] ^= 1;
ret2 = wc_LmsKey_Verify(&verifyKey, sig, sigSz, (byte *) msg,
msgSz);
if ((ret2 != -1) && (ret2 != WC_NO_ERR_TRACE(SIG_VERIFY_E))) {
/* Verify passed when it should have failed. */
ERROR_OUT(WC_TEST_RET_ENC_I(j), out);
}
/* Flip this spot back. */
sig[j] ^= 1;
}
}
/* This should be the last signature. */
sigsLeft = wc_LmsKey_SigsLeft(&signingKey);
if (sigsLeft != 0) {
ERROR_OUT(WC_TEST_RET_ENC_I(sigsLeft), out);
}
out:
#if defined(WOLFSSL_NO_MALLOC) && defined(NO_WOLFSSL_MEMORY)
signingKey.priv_data = NULL;
#endif
wc_LmsKey_Free(&signingKey);
wc_LmsKey_Free(&verifyKey);
wc_FreeRng(&rng);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(old_sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
#endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) */
#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_SMALL_STACK) && \
(LMS_MAX_HEIGHT >= 10) && !defined(WOLFSSL_NO_LMS_SHA256_256)
/* A simple LMS verify only test.
*
* Note: LMS signature sizes are a function of their parameters. This
* test has a signature of 1456 bytes:
* levels: 1
* height: 10
* winternitz: 8
* max sigs: 2 ** (1 * 10) = 1024
* signature length: 1456
* */
/* "wolfSSL LMS example message!" without null terminator. */
static byte lms_msg[28] =
{
0x77,0x6F,0x6C,0x66,0x53,0x53,0x4C,0x20,
0x4C,0x4D,0x53,0x20,0x65,0x78,0x61,0x6D,
0x70,0x6C,0x65,0x20,0x6D,0x65,0x73,0x73,
0x61,0x67,0x65,0x21
};
static const byte lms_L1H10W8_pub[HSS_MAX_PUBLIC_KEY_LEN] =
{
0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x06,
0x00,0x00,0x00,0x04,0xA1,0x26,0x76,0xF8,
0xBB,0x0B,0xC0,0x82,0x21,0x71,0x0B,0x2E,
0x8C,0xA6,0xEF,0x12,0xED,0x41,0x0E,0x8C,
0xAF,0x11,0x93,0x34,0x7B,0x49,0x79,0xB7,
0xDE,0x63,0x1C,0xFE,0x1F,0xD1,0x17,0x49,
0xCD,0x5C,0xD4,0x26,0xA0,0x53,0x26,0x1A,
0xC5,0xB4,0x8F,0x23
};
#define LMS_L1H10W8_SIGLEN (1456)
static byte lms_L1H10W8_sig[LMS_L1H10W8_SIGLEN] =
{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
0x00,0x00,0x00,0x04,0x18,0x70,0x09,0x2E,
0x21,0xC9,0x6A,0xC9,0x5C,0xB6,0xB0,0xAA,
0xC3,0xED,0x6E,0x66,0x2F,0xCC,0x45,0x81,
0xBC,0xBA,0x44,0x96,0x1C,0xBF,0x4E,0xFB,
0x7A,0x46,0xFB,0xBE,0x9A,0x0C,0xE4,0x50,
0x90,0xC7,0x92,0xAC,0x53,0xAE,0x53,0x76,
0x29,0xA6,0x65,0xF1,0x09,0xED,0x1A,0x8E,
0x03,0x2E,0x5A,0x06,0x51,0xE3,0x1E,0xE6,
0xF6,0xFE,0x3A,0x6E,0xD1,0x92,0x31,0x1D,
0xA1,0x6A,0x5C,0x30,0x3A,0xC7,0xFD,0x5B,
0xFE,0x71,0x2C,0x5C,0x2F,0x5B,0x5B,0xCF,
0xBC,0x7F,0xBF,0x6C,0xAF,0x44,0x8A,0xAE,
0x14,0x60,0xAB,0x88,0xED,0x0E,0x4F,0xF8,
0xC7,0x1B,0x74,0x28,0x72,0xB3,0x96,0xA6,
0xE6,0x46,0x22,0x82,0xCF,0x1F,0x4D,0xA6,
0xEA,0x22,0x06,0x07,0x52,0xF5,0x26,0x16,
0x0B,0x90,0xE3,0xFF,0x64,0xA9,0xE4,0x61,
0x1E,0x9C,0x12,0x9C,0xF6,0xD4,0x63,0x29,
0xEA,0x02,0xF7,0x18,0x52,0x79,0x6C,0x43,
0xDC,0xCF,0x43,0x23,0xB9,0xCC,0x4A,0x25,
0x9D,0x10,0xAF,0xA3,0xE6,0x47,0x5A,0x1C,
0xFE,0x68,0x89,0xAF,0x1B,0x2D,0x88,0x3E,
0xCA,0xDC,0x70,0xEA,0xAC,0x11,0x00,0x8A,
0x6E,0xE0,0xC7,0xD0,0xD2,0x1A,0x36,0x18,
0x97,0xB3,0x5F,0x0E,0x75,0x48,0x28,0xF8,
0xA8,0xF5,0x90,0xD1,0xA1,0x84,0xFB,0xA4,
0xAD,0x50,0xBE,0xE9,0x39,0x8C,0xC5,0xA1,
0x67,0x51,0xA1,0x8C,0xD6,0x6B,0x97,0x1F,
0x47,0x99,0xEE,0xE0,0x70,0x01,0xC7,0x07,
0x50,0xF3,0x5E,0x3F,0xE7,0x06,0xD6,0x8D,
0x26,0xD6,0x5A,0x59,0x18,0x72,0x6B,0x12,
0xD2,0xAF,0x9B,0xB4,0x2B,0xD0,0xB2,0xF2,
0x96,0x2F,0x40,0xEA,0xBE,0xE6,0xAC,0x1F,
0xB8,0x33,0xC2,0x76,0xDC,0x8C,0xAC,0xC1,
0x46,0x5E,0x04,0x84,0x1B,0xC8,0xB9,0x65,
0x8D,0xAD,0x96,0xB5,0xB1,0xF6,0x17,0x4A,
0x19,0x87,0xE7,0xBF,0x29,0xC7,0x9B,0xB9,
0xD6,0x11,0x2C,0x92,0x2F,0xB7,0x24,0xD5,
0x01,0x1D,0x80,0x37,0x54,0xED,0x33,0x32,
0xAB,0x7A,0x12,0xD4,0x02,0x1D,0x27,0x52,
0x89,0xDB,0x32,0xBF,0x61,0xD4,0xBB,0xB4,
0x46,0x78,0x1B,0x64,0x17,0x84,0x4B,0x8A,
0xBA,0xC6,0xC1,0xCF,0xC7,0x5D,0x8F,0x93,
0xC5,0x9A,0x27,0x90,0xAC,0x17,0x98,0xFF,
0xC8,0x22,0x59,0x55,0x90,0xB2,0x29,0x39,
0xA0,0xBE,0x00,0x23,0x55,0x6B,0xDA,0x83,
0xD8,0x5B,0x57,0x7C,0x67,0x1B,0xC3,0x6B,
0x6D,0xC7,0x9B,0x2B,0x9E,0xB7,0x95,0xB3,
0xF0,0x1B,0x89,0x5A,0xD7,0x4B,0x67,0xAF,
0xDC,0x9E,0xCF,0x7E,0x1A,0xBA,0x1B,0xB9,
0x3B,0x7A,0xDD,0x3F,0x0D,0xEE,0x4C,0x0B,
0xD1,0x4F,0x34,0xF2,0x93,0xF7,0x21,0x64,
0x2C,0x07,0x00,0x15,0x4F,0xE3,0x6A,0x9F,
0x08,0x52,0xC2,0x65,0x47,0x1F,0x34,0x64,
0x66,0x07,0xBC,0xEA,0xAF,0x9B,0xAA,0x39,
0x15,0x8B,0x08,0x8C,0x24,0x41,0x9B,0x46,
0x1B,0x5B,0x91,0x11,0xC4,0xFD,0xA9,0x88,
0x35,0x0E,0x7D,0xAF,0xFD,0xB7,0x90,0x7E,
0xD7,0x29,0x02,0x0A,0xDC,0xC8,0x3F,0xC0,
0xFD,0x97,0xAF,0x50,0x49,0xA6,0x5E,0x12,
0xC1,0xCD,0xEC,0x52,0xC5,0x51,0xF2,0x80,
0x17,0x61,0xC7,0x7E,0xBE,0xD1,0x1B,0x65,
0xA4,0xAB,0x92,0x8D,0x89,0xB2,0xC5,0x8F,
0xFF,0xA5,0x6F,0xFA,0x62,0x75,0xE4,0xA1,
0xD4,0x22,0xA8,0x9E,0x40,0x04,0x27,0x1F,
0xCC,0x81,0xBA,0x28,0x67,0xA0,0x1C,0x80,
0xEB,0xCA,0xB0,0x61,0xA5,0x48,0xD0,0x8A,
0x25,0xEB,0x9E,0x67,0x8C,0x8E,0x9B,0xD1,
0xAD,0xBB,0xC3,0xEA,0xD3,0xD4,0xC5,0x12,
0x7B,0xDD,0x00,0x57,0x7F,0xF6,0xF7,0xF6,
0x3C,0x05,0xCF,0xFC,0x12,0xE1,0x93,0x05,
0xE5,0x9B,0x79,0x87,0x69,0xD8,0x82,0xD9,
0xD7,0x1D,0x41,0x73,0xE4,0x52,0x1D,0x3E,
0xE5,0x8C,0x8D,0x34,0xE1,0x75,0xA9,0xF1,
0x9D,0x09,0xA2,0x5B,0xEF,0xDA,0x96,0x6E,
0x76,0x3D,0xEA,0x50,0xD9,0xCF,0x4F,0xAC,
0xAD,0x1D,0x35,0x72,0x1B,0x88,0x8B,0xCD,
0x8C,0x8A,0x8A,0xE0,0x96,0x04,0xD8,0xBB,
0x28,0x43,0x16,0x77,0x60,0x98,0x63,0xF9,
0xB9,0x71,0x46,0xB7,0xE1,0xA7,0xA9,0x84,
0xC3,0x65,0x82,0xE1,0x1B,0x67,0x04,0x2D,
0x55,0x6B,0xF9,0xC0,0x79,0x09,0x09,0xE7,
0xFD,0x06,0x4D,0x09,0x9B,0x1A,0xCE,0x35,
0xFA,0x27,0x6F,0x2F,0x01,0x65,0x0D,0xA0,
0x97,0x59,0x11,0xF0,0x48,0xD2,0xE7,0x46,
0xBE,0xB4,0x0A,0xA3,0xE2,0x75,0x0E,0x09,
0x94,0xD9,0x69,0x28,0xD4,0xDA,0x64,0xBA,
0xFE,0xA4,0xB9,0xF0,0xBA,0xEB,0xBA,0xAC,
0xA8,0xF9,0xD3,0x82,0x4C,0x36,0x80,0xFA,
0xE5,0xF6,0x76,0xC3,0x80,0xFA,0x90,0x29,
0xF4,0x85,0xA4,0xC6,0x25,0x22,0x79,0x7E,
0x39,0x1E,0x30,0xB8,0x65,0x72,0xCF,0xE1,
0x99,0xF0,0x75,0xE8,0x09,0xB4,0x92,0x96,
0x1B,0x68,0x50,0x88,0xF1,0x2C,0x97,0xE3,
0x2D,0x26,0x8F,0xC5,0x30,0xCF,0x24,0xCB,
0xB2,0x60,0x77,0xDC,0x02,0x72,0x0D,0xD9,
0x2E,0xF2,0x52,0xEA,0x00,0xF6,0x32,0x65,
0xA5,0xC6,0x43,0x29,0x29,0x69,0xAB,0x27,
0x0C,0x39,0xDF,0x76,0x3E,0x93,0x95,0xB1,
0x2C,0xA2,0x0D,0x18,0xCE,0xA0,0x97,0x10,
0x3C,0x90,0xC0,0xEF,0x0E,0x04,0xA6,0xC8,
0xA0,0x21,0x3C,0x0B,0x22,0x77,0x7A,0x66,
0xA5,0x90,0x25,0xA4,0x09,0x3E,0xD5,0x27,
0x1F,0x6C,0x99,0x85,0x5C,0xA2,0x99,0x7A,
0x25,0xEE,0x8D,0x32,0x3D,0xD3,0xDC,0xF5,
0x00,0x5A,0x34,0x61,0xB6,0xCD,0x4E,0xBC,
0x26,0x36,0xFB,0x44,0x97,0x35,0xBD,0x06,
0x7D,0x2E,0x4A,0xA2,0xDC,0x24,0xFE,0x70,
0x0A,0xF9,0x57,0xE3,0xEE,0xAB,0xD1,0x17,
0xF3,0x7C,0xD6,0x37,0x26,0xFA,0x83,0x9F,
0xDD,0xB2,0xE1,0xD7,0xF9,0xC7,0x0E,0x15,
0x01,0xA6,0x58,0x32,0x98,0x04,0x32,0xD4,
0xDE,0xB9,0xEF,0x09,0xFA,0xE4,0x5A,0xD7,
0xDD,0x09,0x1C,0xC9,0xAC,0xB8,0x6A,0xF5,
0x00,0x5D,0x6B,0x95,0x12,0x8C,0x2F,0xCC,
0xD8,0xB9,0x50,0x3A,0xEB,0x74,0x86,0xD2,
0x3F,0xA1,0x05,0x8F,0x6E,0xEF,0xF5,0xA4,
0xD6,0x6E,0x53,0xFA,0x9E,0xFA,0xCE,0xDB,
0x99,0x46,0xE7,0xC5,0xDA,0x92,0x51,0x4F,
0x22,0x07,0xF3,0xA5,0x38,0x26,0xD3,0xEC,
0xD6,0x01,0xDD,0x31,0x3A,0x48,0x93,0xF6,
0x69,0x4F,0xD8,0xF6,0xC2,0x91,0xA5,0x7C,
0xDF,0x51,0x64,0xF1,0x3B,0x79,0xBC,0x0A,
0x2C,0xDC,0x33,0x5A,0x29,0xF6,0xB2,0x09,
0x66,0xCA,0x24,0x9F,0x1A,0x18,0xF3,0x76,
0x4C,0x5E,0x0B,0x81,0x7F,0x29,0x84,0xD8,
0x7A,0xA8,0xD6,0x11,0xAC,0xEC,0xD9,0x07,
0x91,0xEC,0xB6,0x6D,0xEC,0xDB,0xBE,0x6F,
0x9F,0xC5,0x19,0x5E,0x56,0x87,0x20,0x80,
0x75,0xD5,0x64,0xE9,0x80,0xBF,0x2D,0xD5,
0x94,0x9F,0x8C,0xA4,0x54,0x41,0xAB,0xB1,
0x8E,0xAD,0x51,0xE4,0x3C,0x24,0xF7,0x1D,
0xFE,0x02,0x48,0x7C,0x6D,0xED,0xF1,0xAC,
0xD9,0x79,0x42,0xE5,0x3A,0xCF,0x6A,0x4C,
0x6D,0xE2,0x13,0xD2,0x2B,0x9D,0xAB,0x1F,
0x70,0xD3,0xC0,0x6F,0x81,0xE9,0x9A,0x86,
0x33,0x39,0x60,0xE7,0x6A,0x00,0x1F,0x97,
0xEB,0xE5,0x1D,0x0D,0x66,0x15,0xC9,0xA2,
0xB1,0xC0,0xF0,0x2E,0xF4,0x07,0xA2,0x2E,
0x49,0x92,0x95,0x13,0xA3,0x18,0x46,0x25,
0xB9,0x3C,0xA1,0x4B,0x00,0x00,0x00,0x06,
0xAB,0xAA,0xF9,0x3F,0x7E,0x21,0xF4,0x0E,
0xCE,0xFD,0xE0,0x44,0xAC,0xC7,0x1A,0x30,
0x22,0x9D,0x0A,0xD7,0x96,0x2D,0x8F,0x9A,
0x99,0x1F,0x40,0x75,0x7F,0x62,0xF9,0xC1,
0x81,0x7B,0x4A,0x1B,0xFA,0xD6,0x87,0xB9,
0xEF,0x58,0x48,0xE4,0x5C,0x79,0xE5,0xB1,
0x2C,0x59,0xA4,0x42,0xDB,0xA6,0x53,0x70,
0x80,0x61,0x17,0xD4,0xD3,0x77,0xBD,0x53,
0x26,0x7C,0x0E,0x0E,0xFF,0x30,0x4B,0xD0,
0x86,0xFC,0x02,0x20,0x24,0x46,0x5B,0xF5,
0xE3,0x99,0x73,0x85,0x60,0x00,0x36,0x47,
0x17,0xEE,0x0C,0xD2,0x80,0x71,0x46,0x0E,
0x2B,0xB0,0xEF,0x7F,0xFE,0x3B,0xE5,0xE1,
0x87,0xC2,0xAF,0x1A,0x6F,0x63,0xF4,0x5A,
0xC4,0x16,0xF7,0xAD,0x07,0x70,0x71,0x85,
0x7D,0x3D,0x67,0x08,0xB8,0xD8,0xE2,0xF0,
0xA1,0xAC,0xD2,0x94,0x7D,0x93,0x03,0xDD,
0x54,0xF9,0x64,0x19,0xB3,0xED,0x24,0x22,
0x01,0xD7,0x12,0x5E,0xC1,0x2B,0x39,0x10,
0x13,0xE2,0x56,0x1C,0xEE,0xF4,0x2A,0x49,
0x7B,0xFB,0x36,0x8D,0xF8,0xAF,0x60,0xDF,
0x10,0xF0,0x72,0xA2,0xED,0xB6,0x53,0x88,
0xA9,0x0C,0xED,0x9C,0x18,0x33,0x7D,0x65,
0x9B,0xB2,0x9C,0x3E,0xE9,0x1E,0x43,0x51,
0x7E,0xBE,0x01,0x95,0xF6,0x60,0x65,0xBE,
0xD1,0xF4,0xE2,0x83,0x6B,0xCA,0x7A,0x70,
0x41,0x83,0x72,0xC0,0x23,0x51,0x13,0x11,
0x2D,0xF9,0xC0,0x0D,0x7D,0x73,0x76,0xA5,
0x30,0x83,0x68,0x10,0x35,0xA2,0x18,0x22,
0x4E,0x21,0x93,0x27,0x6A,0x19,0x28,0x83,
0x7F,0xDD,0xDD,0xFF,0xC3,0x8A,0x64,0x00,
0x5F,0x1C,0x0D,0xF8,0xBB,0xD7,0x15,0xB9,
0xEF,0xE0,0x07,0x62,0x05,0x9E,0xCF,0xFC,
0x08,0x52,0x1E,0x65,0x41,0x56,0x6A,0xEB,
0x81,0x53,0x30,0x7B,0xF2,0xFD,0x65,0xFF,
0xA2,0x14,0xF5,0x62,0x1E,0x24,0x48,0x47,
0xA5,0x41,0x80,0xB4,0xC5,0xDC,0xB2,0xB4,
0x2D,0x17,0xE7,0xBE,0x49,0x53,0x7A,0x25,
0xC5,0x0D,0x19,0x59,0xF4,0x88,0x59,0xED,
0x92,0x13,0xEE,0x7A,0x4F,0x12,0x98,0x4C
};
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void)
{
LmsKey verifyKey;
unsigned char pub_raw[HSS_MAX_PUBLIC_KEY_LEN];
word32 pub_len = sizeof(pub_raw);
word32 sigSz = 0;
word32 msgSz = sizeof(lms_msg);
word32 pubSz = 0;
int levels = 0;
int height = 0;
int winternitz = 0;
int ret = WC_TEST_RET_ENC_NC;
int ret2 = WC_TEST_RET_ENC_NC;
int j = 0;
int n_diff = 0;
WOLFSSL_ENTER("lms_test_verify_only");
XMEMSET(pub_raw, 0, sizeof(pub_raw));
ret = wc_LmsKey_Init(&verifyKey, NULL, devId);
if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
ret = wc_LmsKey_SetParameters(&verifyKey, 1, 10, 8);
if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
ret = wc_LmsKey_ImportPubRaw(&verifyKey, lms_L1H10W8_pub,
HSS_MAX_PUBLIC_KEY_LEN);
if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
/* Verify parameters, pub length, and sig length are correct. */
ret = wc_LmsKey_GetParameters(&verifyKey, &levels, &height, &winternitz);
if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
if (levels != 1 || height != 10 || winternitz != 8) {
printf("error: invalid LMS parameters: L%d-H%d-W%d\n", levels, height,
winternitz);
return WC_TEST_RET_ENC_NC;
}
ret = wc_LmsKey_GetPubLen(&verifyKey, &pubSz);
if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
if (pubSz != HSS_MAX_PUBLIC_KEY_LEN) {
printf("error: got %u, expected %d\n", pubSz, HSS_MAX_PUBLIC_KEY_LEN);
return WC_TEST_RET_ENC_EC(pubSz);
}
ret = wc_LmsKey_GetSigLen(&verifyKey, &sigSz);
if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
if (sigSz != LMS_L1H10W8_SIGLEN) {
printf("error: got %u, expected %d\n", sigSz, LMS_L1H10W8_SIGLEN);
return WC_TEST_RET_ENC_EC(sigSz);
}
ret = wc_LmsKey_Verify(&verifyKey, lms_L1H10W8_sig, LMS_L1H10W8_SIGLEN,
(byte *) lms_msg, msgSz);
if (ret != 0) {
printf("error: wc_LmsKey_Verify returned %d\n", ret);
return WC_TEST_RET_ENC_EC(ret);
}
/* Now test the ExportPubRaw API, verify we recover the original pub. */
ret = wc_LmsKey_ExportPubRaw(&verifyKey, pub_raw, &pub_len);
if (ret != 0) {
printf("error: wc_LmsKey_ExportPubRaw returned %d, expected 0\n", ret);
return WC_TEST_RET_ENC_EC(ret);
}
if (pub_len != HSS_MAX_PUBLIC_KEY_LEN) {
printf("error: LMS pub len %u, expected %d\n", pub_len,
HSS_MAX_PUBLIC_KEY_LEN);
return WC_TEST_RET_ENC_EC(pub_len);
}
n_diff = XMEMCMP(pub_raw, lms_L1H10W8_pub, sizeof(lms_L1H10W8_pub));
if (n_diff != 0) {
printf("error: exported and imported pub raw do not match: %d\n",
n_diff);
return WC_TEST_RET_ENC_EC(n_diff);
}
/* Flip bits in message. This should fail. */
lms_msg[msgSz / 2] ^= 1;
ret2 = wc_LmsKey_Verify(&verifyKey, lms_L1H10W8_sig, LMS_L1H10W8_SIGLEN,
(byte *) lms_msg, msgSz);
if ((ret2 != -1) && (ret2 != WC_NO_ERR_TRACE(SIG_VERIFY_E))) {
printf("error: wc_LmsKey_Verify returned %d, expected -1\n", ret2);
return WC_TEST_RET_ENC_EC(ret);
}
/* Flip it back. This should pass again. */
lms_msg[msgSz / 2] ^= 1;
ret = wc_LmsKey_Verify(&verifyKey, lms_L1H10W8_sig, LMS_L1H10W8_SIGLEN,
(byte *) lms_msg, msgSz);
if (ret != 0) {
printf("error: wc_LmsKey_Verify returned %d, expected 0\n", ret);
return WC_TEST_RET_ENC_EC(ret);
}
/* Flip bits in a few places throughout the signature, stepping in multiple
* of hash size. These should all fail with -1. */
for (j = 0; j < (int) sigSz; j+= 4 * 32) {
lms_L1H10W8_sig[j] ^= 1;
ret2 = wc_LmsKey_Verify(&verifyKey, lms_L1H10W8_sig,
LMS_L1H10W8_SIGLEN,
(byte *) lms_msg, msgSz);
if ((ret2 != -1) && (ret2 != WC_NO_ERR_TRACE(SIG_VERIFY_E))) {
/* Verify passed when it should have failed. */
return WC_TEST_RET_ENC_I(j);
}
/* Flip this spot back. */
lms_L1H10W8_sig[j] ^= 1;
}
wc_LmsKey_Free(&verifyKey);
return ret;
}
#endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_SMALL_STACK) */
#if defined(WOLFSSL_HAVE_SLHDSA)
/* If kernel or embedded, test with verify-only so that overly lengthy keygen
* and siggen tests are omitted, leaning on the FIPS KATs.
*/
#if (defined(WOLFSSL_KERNEL_MODE) || \
defined(BENCH_EMBEDDED)) && \
!defined(WOLFSSL_SLHDSA_FORCE_FULL_TESTS) && \
!defined(WOLFSSL_SLHDSA_VERIFY_ONLY)
#define WOLFSSL_SLHDSA_VERIFY_ONLY
#endif
#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
/* KeyGen KAT: deterministic key generation cross-validated against NIST CAVP
* vectors. Verifies that MakeKeyWithRandom produces the expected sk and pk
* for a given parameter set. */
static wc_test_ret_t slhdsa_keygen_kat(enum SlhDsaParam param,
const byte* sk_seed, word32 sk_seed_sz,
const byte* sk_prf, word32 sk_prf_sz,
const byte* pk_seed, word32 pk_seed_sz,
const byte* expected_sk, word32 expected_sk_sz,
const byte* expected_pk, word32 expected_pk_sz)
{
int ret;
WC_DECLARE_VAR(key, SlhDsaKey, 1, HEAP_HINT);
byte sk_out[WC_SLHDSA_MAX_PRIV_LEN];
byte pk_out[WC_SLHDSA_MAX_PUB_LEN];
word32 outLen;
WC_ALLOC_VAR_EX(key, SlhDsaKey, 1, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER, return WC_TEST_RET_ENC_EC(MEMORY_E));
XMEMSET(key, 0, sizeof(*key));
ret = wc_SlhDsaKey_Init(key, param, NULL, devId);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
ret = wc_SlhDsaKey_MakeKeyWithRandom(key,
sk_seed, sk_seed_sz, sk_prf, sk_prf_sz, pk_seed, pk_seed_sz);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
outLen = WC_SLHDSA_MAX_PRIV_LEN;
PRIVATE_KEY_UNLOCK();
ret = wc_SlhDsaKey_ExportPrivate(key, sk_out, &outLen);
PRIVATE_KEY_LOCK();
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
if (outLen != expected_sk_sz) {
ERROR_OUT(WC_TEST_RET_ENC_I(outLen), out);
}
if (XMEMCMP(sk_out, expected_sk, outLen) != 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
outLen = WC_SLHDSA_MAX_PUB_LEN;
ret = wc_SlhDsaKey_ExportPublic(key, pk_out, &outLen);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
if (outLen != expected_pk_sz) {
ERROR_OUT(WC_TEST_RET_ENC_I(outLen), out);
}
if (XMEMCMP(pk_out, expected_pk, outLen) != 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
out:
#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
if (key)
#endif
{
wc_SlhDsaKey_Free(key);
}
WC_FREE_VAR_EX(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */
#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
static wc_test_ret_t slhdsa_test_param(enum SlhDsaParam param)
{
int ret;
WC_RNG rng;
WC_DECLARE_VAR(key, SlhDsaKey, 1, HEAP_HINT);
WC_DECLARE_VAR(key_vfy, SlhDsaKey, 1, HEAP_HINT);
WC_DECLARE_VAR(sig, byte, WC_SLHDSA_MAX_SIG_LEN, HEAP_HINT);
word32 sigLen;
byte pk[WC_SLHDSA_MAX_PUB_LEN];
word32 outLen;
static const byte msg[] = {
0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x57, 0x6f,
0x72, 0x6c, 0x64, 0x21
};
byte ctx[1];
WC_ALLOC_VAR_EX(key, SlhDsaKey, 1, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER, return WC_TEST_RET_ENC_EC(MEMORY_E));
WC_ALLOC_VAR_EX(key_vfy, SlhDsaKey, 1, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER, return WC_TEST_RET_ENC_EC(MEMORY_E));
WC_ALLOC_VAR_EX(sig, byte, WC_SLHDSA_MAX_SIG_LEN, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER, return WC_TEST_RET_ENC_EC(MEMORY_E));
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
ret = wc_InitRng(&rng);
#endif
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
/* Use the module-global devId so that when cryptocb_test() runs this
* test with a registered callback, MakeKey/Sign/Verify route through
* the cryptocb dispatcher. In standalone runs devId == INVALID_DEVID
* and the calls go straight to the SW implementation. */
ret = wc_SlhDsaKey_Init(key, param, NULL, devId);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
ret = wc_SlhDsaKey_MakeKey(key, &rng);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
sigLen = WC_SLHDSA_MAX_SIG_LEN;
PRIVATE_KEY_UNLOCK();
ret = wc_SlhDsaKey_Sign(key, ctx, 0, msg, (word32)sizeof(msg),
sig, &sigLen, &rng);
PRIVATE_KEY_LOCK();
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
outLen = (word32)sizeof(pk);
ret = wc_SlhDsaKey_ExportPublic(key, pk, &outLen);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
ret = wc_SlhDsaKey_Init(key_vfy, param, NULL, devId);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
ret = wc_SlhDsaKey_ImportPublic(key_vfy, pk, outLen);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
ret = wc_SlhDsaKey_Verify(key_vfy, ctx, 0, msg, (word32)sizeof(msg),
sig, sigLen);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
/* HashSLH-DSA takes the caller's pre-hashed digest as input. */
{
#ifdef WOLFSSL_SLHDSA_SHA2
enum wc_HashType phType = SLHDSA_IS_SHA2(param) ?
WC_HASH_TYPE_SHA256 : WC_HASH_TYPE_SHAKE256;
#else
enum wc_HashType phType = WC_HASH_TYPE_SHAKE256;
#endif
byte digest[WC_SHA3_512_DIGEST_SIZE];
word32 digestLen;
#ifdef WOLFSSL_SLHDSA_SHA2
if (phType == WC_HASH_TYPE_SHA256) {
ret = wc_Sha256Hash(msg, (word32)sizeof(msg), digest);
digestLen = WC_SHA256_DIGEST_SIZE;
}
else
#endif
{
ret = wc_Shake256Hash(msg, (word32)sizeof(msg), digest,
WC_SHA3_512_DIGEST_SIZE);
digestLen = WC_SHA3_512_DIGEST_SIZE;
}
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
sigLen = WC_SLHDSA_MAX_SIG_LEN;
PRIVATE_KEY_UNLOCK();
ret = wc_SlhDsaKey_SignHash(key, ctx, 0, digest, digestLen,
phType, sig, &sigLen, &rng);
PRIVATE_KEY_LOCK();
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
ret = wc_SlhDsaKey_VerifyHash(key_vfy, ctx, 0, digest, digestLen,
phType, sig, sigLen);
}
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
/* Additional pre-hash test: SHA-384 exercises a different OID path */
#ifdef WOLFSSL_SHA384
{
byte digest384[WC_SHA384_DIGEST_SIZE];
ret = wc_Sha384Hash(msg, (word32)sizeof(msg), digest384);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
sigLen = WC_SLHDSA_MAX_SIG_LEN;
PRIVATE_KEY_UNLOCK();
ret = wc_SlhDsaKey_SignHash(key, ctx, 0, digest384, sizeof(digest384),
WC_HASH_TYPE_SHA384, sig, &sigLen, &rng);
PRIVATE_KEY_LOCK();
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
ret = wc_SlhDsaKey_VerifyHash(key_vfy, ctx, 0, digest384,
sizeof(digest384), WC_HASH_TYPE_SHA384, sig, sigLen);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
}
#endif
/* Internal interface: SignMsgDeterministic + VerifyMsg round-trip.
* These take M' directly (no 0x00||len(ctx)||ctx||M wrapping). */
sigLen = WC_SLHDSA_MAX_SIG_LEN;
PRIVATE_KEY_UNLOCK();
ret = wc_SlhDsaKey_SignMsgDeterministic(key,
msg, (word32)sizeof(msg), sig, &sigLen);
PRIVATE_KEY_LOCK();
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
ret = wc_SlhDsaKey_VerifyMsg(key_vfy,
msg, (word32)sizeof(msg), sig, sigLen);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
out:
#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
if (key_vfy)
#endif
{
wc_SlhDsaKey_Free(key_vfy);
}
#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
if (key_vfy)
#endif
{
wc_SlhDsaKey_Free(key);
}
wc_FreeRng(&rng);
WC_FREE_VAR_EX(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
WC_FREE_VAR_EX(key_vfy, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
WC_FREE_VAR_EX(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
#endif
/* True iff slhdsa_test() actually emits at least one `goto out;` /
* ERROR_OUT(..., out). The SHAKE128S block has a couple of ERROR_OUTs
* gated only on PARAM_128S; everything else (other SHAKE variants, all
* SHA-2 KATs, slhdsa_test_param dispatch) lives inside `#ifndef
* WOLFSSL_SLHDSA_VERIFY_ONLY`. So the label is needed when 128S is
* built, OR when any other variant is built without VERIFY_ONLY. */
#if defined(WOLFSSL_SLHDSA_PARAM_128S) || \
(!defined(WOLFSSL_SLHDSA_VERIFY_ONLY) && \
(defined(WOLFSSL_SLHDSA_PARAM_128F) || \
defined(WOLFSSL_SLHDSA_PARAM_192S) || \
defined(WOLFSSL_SLHDSA_PARAM_192F) || \
defined(WOLFSSL_SLHDSA_PARAM_256S) || \
defined(WOLFSSL_SLHDSA_PARAM_256F) || \
defined(WOLFSSL_SLHDSA_PARAM_SHA2_128S) || \
defined(WOLFSSL_SLHDSA_PARAM_SHA2_128F) || \
defined(WOLFSSL_SLHDSA_PARAM_SHA2_192S) || \
defined(WOLFSSL_SLHDSA_PARAM_SHA2_192F) || \
defined(WOLFSSL_SLHDSA_PARAM_SHA2_256S) || \
defined(WOLFSSL_SLHDSA_PARAM_SHA2_256F)))
#define SLHDSA_TEST_HAVE_ANY_PARAM
#endif
#if defined(WOLF_PRIVATE_KEY_ID) && \
(defined(WOLFSSL_SLHDSA_PARAM_128S) || defined(WOLFSSL_SLHDSA_PARAM_128F) || \
defined(WOLFSSL_SLHDSA_PARAM_SHA2_128S) || \
defined(WOLFSSL_SLHDSA_PARAM_SHA2_128F))
/* Exercise wc_SlhDsaKey_Init_id / _Init_label argument validation and
* id/label storage round-trip. Independent of any cryptocb device. */
static wc_test_ret_t slhdsa_id_label_test(void)
{
wc_test_ret_t ret;
SlhDsaKey key;
static const unsigned char id[] = {
0xa1, 0xb2, 0xc3, 0xd4, 0xe5, 0xf6, 0x07, 0x18,
0x29, 0x3a, 0x4b, 0x5c, 0x6d, 0x7e, 0x8f, 0x90
};
static const char label[] = "slh-dsa-test-label";
enum SlhDsaParam param =
#ifdef WOLFSSL_SLHDSA_PARAM_128S
SLHDSA_SHAKE128S;
#elif defined(WOLFSSL_SLHDSA_PARAM_128F)
SLHDSA_SHAKE128F;
#elif defined(WOLFSSL_SLHDSA_PARAM_SHA2_128S)
SLHDSA_SHA2_128S;
#else
SLHDSA_SHA2_128F;
#endif
/* Zero the stack key so rejection-path tests below don't read
* uninitialized fields if a future Init refactor inspects key state
* before zeroizing it. */
XMEMSET(&key, 0, sizeof(key));
/* NULL key rejected. */
ret = wc_SlhDsaKey_Init_id(NULL, param, id, (int)sizeof(id), HEAP_HINT,
devId);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
/* (id == NULL, len > 0) is the silent-contradiction case the original
* review flagged; must be rejected. */
ret = wc_SlhDsaKey_Init_id(&key, param, NULL, 8, HEAP_HINT, devId);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
/* Length over the cap rejected with BUFFER_E. */
ret = wc_SlhDsaKey_Init_id(&key, param, id, SLHDSA_MAX_ID_LEN + 1,
HEAP_HINT, devId);
if (ret != WC_NO_ERR_TRACE(BUFFER_E))
return WC_TEST_RET_ENC_EC(ret);
/* Negative length rejected. */
ret = wc_SlhDsaKey_Init_id(&key, param, id, -1, HEAP_HINT, devId);
if (ret != WC_NO_ERR_TRACE(BUFFER_E))
return WC_TEST_RET_ENC_EC(ret);
/* Successful init copies the id and stores its length. */
ret = wc_SlhDsaKey_Init_id(&key, param, id, (int)sizeof(id), HEAP_HINT,
devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (key.idLen != (int)sizeof(id))
ret = WC_TEST_RET_ENC_NC;
if ((ret == 0) && (XMEMCMP(key.id, id, sizeof(id)) != 0))
ret = WC_TEST_RET_ENC_NC;
wc_SlhDsaKey_Free(&key);
if (ret != 0)
return ret;
XMEMSET(&key, 0, sizeof(key));
/* (id != NULL, len == 0) is accepted as a no-op. */
ret = wc_SlhDsaKey_Init_id(&key, param, id, 0, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (key.idLen != 0)
ret = WC_TEST_RET_ENC_NC;
wc_SlhDsaKey_Free(&key);
if (ret != 0)
return ret;
XMEMSET(&key, 0, sizeof(key));
/* Boundary: exactly SLHDSA_MAX_ID_LEN bytes must be accepted and round
* trip byte-for-byte. */
{
unsigned char id_max[SLHDSA_MAX_ID_LEN];
int i;
for (i = 0; i < SLHDSA_MAX_ID_LEN; i++)
id_max[i] = (unsigned char)(0x40 + i);
ret = wc_SlhDsaKey_Init_id(&key, param, id_max, SLHDSA_MAX_ID_LEN,
HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (key.idLen != SLHDSA_MAX_ID_LEN)
ret = WC_TEST_RET_ENC_NC;
if ((ret == 0) &&
(XMEMCMP(key.id, id_max, SLHDSA_MAX_ID_LEN) != 0))
ret = WC_TEST_RET_ENC_NC;
wc_SlhDsaKey_Free(&key);
if (ret != 0)
return ret;
XMEMSET(&key, 0, sizeof(key));
}
/* Init_label: NULL label / NULL key rejected. */
ret = wc_SlhDsaKey_Init_label(NULL, param, label, HEAP_HINT,
devId);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SlhDsaKey_Init_label(&key, param, NULL, HEAP_HINT,
devId);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
/* Empty label is rejected. */
ret = wc_SlhDsaKey_Init_label(&key, param, "", HEAP_HINT, devId);
if (ret != WC_NO_ERR_TRACE(BUFFER_E))
return WC_TEST_RET_ENC_EC(ret);
/* Successful init copies the label and stores its length. */
ret = wc_SlhDsaKey_Init_label(&key, param, label, HEAP_HINT,
devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (key.labelLen != (int)XSTRLEN(label))
ret = WC_TEST_RET_ENC_NC;
if ((ret == 0) &&
(XMEMCMP(key.label, label, (size_t)key.labelLen) != 0))
ret = WC_TEST_RET_ENC_NC;
wc_SlhDsaKey_Free(&key);
if (ret != 0)
return ret;
XMEMSET(&key, 0, sizeof(key));
/* Boundary: a SLHDSA_MAX_LABEL_LEN-char label (33-byte buffer with the
* trailing NUL) must be accepted. The stored copy fills the whole
* key->label array and is NOT NUL-terminated; callers must use
* key->labelLen. */
{
char label_max[SLHDSA_MAX_LABEL_LEN + 1];
int i;
for (i = 0; i < SLHDSA_MAX_LABEL_LEN; i++)
label_max[i] = 'L';
label_max[SLHDSA_MAX_LABEL_LEN] = '\0';
ret = wc_SlhDsaKey_Init_label(&key, param, label_max, HEAP_HINT,
devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (key.labelLen != SLHDSA_MAX_LABEL_LEN)
ret = WC_TEST_RET_ENC_NC;
if ((ret == 0) &&
(XMEMCMP(key.label, label_max, SLHDSA_MAX_LABEL_LEN) != 0))
ret = WC_TEST_RET_ENC_NC;
wc_SlhDsaKey_Free(&key);
}
return ret;
}
#endif /* WOLF_PRIVATE_KEY_ID && (SHAKE128S|F || SHA2_128S|F) */
wc_test_ret_t slhdsa_test(void)
{
int ret = 0;
#ifdef WOLFSSL_SLHDSA_PARAM_128S
WC_DECLARE_VAR(key_vfy, SlhDsaKey, 1, HEAP_HINT);
#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
WC_DECLARE_VAR(key, SlhDsaKey, 1, HEAP_HINT);
static const byte sk_seed_shake128s[] = {
0x17, 0x3D, 0x04, 0xC9, 0x38, 0xC1, 0xC3, 0x6B,
0xF2, 0x89, 0xC3, 0xC0, 0x22, 0xD0, 0x4B, 0x14
};
static const byte sk_prf_shake128s[] = {
0x63, 0xAE, 0x23, 0xC4, 0x1A, 0xA5, 0x46, 0xDA,
0x58, 0x97, 0x74, 0xAC, 0x20, 0xB7, 0x45, 0xC4
};
static const byte pk_seed_shake128s[] = {
0x0D, 0x79, 0x47, 0x77, 0x91, 0x4C, 0x99, 0x76,
0x68, 0x27, 0xF0, 0xF0, 0x9C, 0xA9, 0x72, 0xBE
};
static const byte sk_shake128s[] = {
0x17, 0x3D, 0x04, 0xC9, 0x38, 0xC1, 0xC3, 0x6B,
0xF2, 0x89, 0xC3, 0xC0, 0x22, 0xD0, 0x4B, 0x14,
0x63, 0xAE, 0x23, 0xC4, 0x1A, 0xA5, 0x46, 0xDA,
0x58, 0x97, 0x74, 0xAC, 0x20, 0xB7, 0x45, 0xC4,
0x0D, 0x79, 0x47, 0x77, 0x91, 0x4C, 0x99, 0x76,
0x68, 0x27, 0xF0, 0xF0, 0x9C, 0xA9, 0x72, 0xBE,
0x82, 0x6e, 0x97, 0xbc, 0xb0, 0x1b, 0x78, 0x7b,
0xc6, 0xb5, 0xa7, 0xbb, 0xe3, 0x7e, 0xb4, 0xa8
};
#endif
static const byte pk_shake128s[] = {
0x0D, 0x79, 0x47, 0x77, 0x91, 0x4C, 0x99, 0x76,
0x68, 0x27, 0xF0, 0xF0, 0x9C, 0xA9, 0x72, 0xBE,
0x82, 0x6e, 0x97, 0xbc, 0xb0, 0x1b, 0x78, 0x7b,
0xc6, 0xb5, 0xa7, 0xbb, 0xe3, 0x7e, 0xb4, 0xa8
};
#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
WC_DECLARE_VAR(sk, byte, WC_SLHDSA_MAX_PRIV_LEN, HEAP_HINT);
WC_DECLARE_VAR(pk, byte, WC_SLHDSA_MAX_PUB_LEN, HEAP_HINT);
word32 outLen;
#endif
static const byte msg[] = {
0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x57, 0x6f,
0x72, 0x6c, 0x64, 0x21
};
byte ctx[1];
static const byte sig_shake128s[] = {
0xde, 0x3c, 0x1e, 0xeb, 0xbf, 0xa9, 0x73, 0x51,
0x9d, 0xa4, 0x03, 0x0b, 0x00, 0x86, 0x94, 0x6c,
0x80, 0x4d, 0xd9, 0x11, 0x21, 0x04, 0xf2, 0x5d,
0x68, 0x4b, 0xd2, 0xdb, 0x64, 0x0f, 0xf6, 0x49,
0xd3, 0xcd, 0x26, 0x50, 0xe6, 0xa0, 0x61, 0xe4,
0xad, 0x00, 0xdb, 0x43, 0x06, 0x75, 0x12, 0xdf,
0x41, 0xdf, 0xee, 0xab, 0xc3, 0xd8, 0x67, 0x26,
0x10, 0x8f, 0x7f, 0x61, 0xe7, 0x47, 0xd4, 0xa6,
0x96, 0xf9, 0x28, 0xdf, 0x5f, 0xf2, 0x7d, 0x70,
0x12, 0x4a, 0xc2, 0x15, 0x67, 0x45, 0x4f, 0x4a,
0xd0, 0x9b, 0x42, 0xfb, 0x6e, 0xff, 0xd4, 0x14,
0x65, 0x25, 0xe4, 0x12, 0xcf, 0x04, 0xd1, 0xe1,
0x36, 0x27, 0x0e, 0xd7, 0x5e, 0x18, 0xe4, 0xb8,
0xe0, 0xaa, 0xd9, 0x5b, 0x8f, 0x15, 0x8e, 0x44,
0x53, 0xa0, 0xc2, 0xcb, 0x50, 0x70, 0x01, 0x43,
0x3e, 0x5a, 0x98, 0xb9, 0x35, 0xc0, 0xb2, 0x94,
0x47, 0x88, 0xb7, 0xf9, 0x7e, 0xae, 0x0e, 0xd5,
0xf4, 0x48, 0xa8, 0x86, 0xdf, 0xbd, 0xad, 0xb0,
0x7d, 0x6b, 0x26, 0xe3, 0x37, 0x82, 0x41, 0x6f,
0xf8, 0xc9, 0x38, 0xb8, 0xdc, 0xe7, 0x7e, 0x47,
0xe9, 0x8d, 0xe8, 0x91, 0x12, 0x4d, 0x56, 0xdb,
0x69, 0x9b, 0x25, 0x85, 0x22, 0x9e, 0xbf, 0x06,
0x4a, 0x6b, 0xa0, 0xec, 0xf6, 0xf5, 0x29, 0x6e,
0x97, 0x10, 0x70, 0x11, 0x25, 0xe0, 0x90, 0x6a,
0x02, 0xf6, 0x3f, 0xbf, 0xb5, 0x5e, 0x3e, 0x4b,
0x26, 0xf2, 0xfd, 0xc0, 0x54, 0x22, 0x15, 0xfb,
0x7a, 0x0a, 0x9d, 0x58, 0xb9, 0xe5, 0x62, 0xf2,
0x89, 0x23, 0x1f, 0x29, 0x68, 0xd9, 0x4c, 0x93,
0x82, 0xad, 0xc8, 0xbf, 0x59, 0x04, 0x04, 0xaa,
0xee, 0x35, 0xd6, 0xfc, 0x6f, 0x06, 0xde, 0x28,
0x8d, 0xc8, 0xfe, 0x97, 0x32, 0x0e, 0x44, 0x30,
0xd5, 0x70, 0x97, 0x83, 0xc8, 0x5b, 0xf1, 0xab,
0xdf, 0x48, 0x6d, 0x16, 0xf7, 0xee, 0xee, 0x7b,
0xb0, 0x50, 0x33, 0xbc, 0x46, 0x01, 0x46, 0x46,
0xf2, 0x40, 0xcb, 0xf5, 0x62, 0xfc, 0xc4, 0x91,
0x16, 0xce, 0xd1, 0x29, 0x78, 0xfb, 0x63, 0xbc,
0xc6, 0x76, 0x57, 0xc3, 0x00, 0xcc, 0xfc, 0xda,
0x9a, 0xb7, 0x00, 0xb3, 0xea, 0xf7, 0x3a, 0xdc,
0x1d, 0x41, 0xbf, 0x67, 0x14, 0x63, 0x7f, 0xaa,
0x18, 0x49, 0x8c, 0x21, 0x57, 0x24, 0x5f, 0xbf,
0x28, 0x8e, 0x0c, 0x37, 0x5f, 0xb8, 0xa2, 0x71,
0xb5, 0xc9, 0xdb, 0x80, 0x7a, 0xd3, 0xe9, 0x35,
0x4b, 0x96, 0x90, 0x0f, 0x0a, 0xa6, 0x45, 0xfe,
0xc3, 0x84, 0xeb, 0x2d, 0x75, 0xc1, 0x3b, 0x32,
0x3c, 0xf7, 0x12, 0x54, 0x85, 0xa3, 0xac, 0x57,
0x1c, 0xe2, 0x23, 0xb0, 0xac, 0x24, 0xa7, 0xcf,
0xab, 0x14, 0xd9, 0xb6, 0x96, 0x87, 0x9f, 0x5a,
0x9c, 0xf6, 0xad, 0xda, 0x86, 0x97, 0x94, 0x82,
0x42, 0x48, 0x44, 0x31, 0x65, 0x72, 0xd7, 0x78,
0xc2, 0xc9, 0x49, 0x11, 0x69, 0x1e, 0xaf, 0x8d,
0xf3, 0x8e, 0xf8, 0x00, 0x2f, 0x93, 0xde, 0xcb,
0xb0, 0x14, 0xb2, 0x52, 0xfe, 0x65, 0x9a, 0x93,
0xe7, 0x83, 0x06, 0xf3, 0x8f, 0xa3, 0x0d, 0x65,
0xfb, 0x84, 0xbf, 0xe3, 0xb2, 0x68, 0xa7, 0x37,
0x54, 0x76, 0x52, 0xcd, 0xfa, 0x4a, 0x1d, 0x11,
0x54, 0x22, 0xf5, 0xc6, 0x72, 0x8b, 0xc1, 0x79,
0x3c, 0xda, 0x7e, 0x3f, 0xea, 0x93, 0xce, 0x6e,
0xbd, 0xb4, 0x61, 0xf3, 0x95, 0x2b, 0xc4, 0x62,
0xa9, 0x9a, 0x46, 0xb2, 0x37, 0xdb, 0xa5, 0x98,
0x8e, 0x19, 0xed, 0x66, 0x5a, 0xad, 0xc5, 0x7a,
0xdd, 0x4f, 0xed, 0x8d, 0x43, 0xb2, 0xbe, 0x63,
0x8e, 0x3d, 0x2c, 0xf0, 0xc7, 0x8d, 0x27, 0x3a,
0xc6, 0xbb, 0xb4, 0xfb, 0xf4, 0xc9, 0x3a, 0x47,
0x31, 0x99, 0x22, 0xfb, 0x48, 0x4e, 0xd4, 0x44,
0xf9, 0x63, 0xe1, 0x50, 0x9d, 0x4a, 0xdf, 0xee,
0xe0, 0x9d, 0xe1, 0x5e, 0x40, 0x79, 0x6b, 0x11,
0x1f, 0x03, 0xdb, 0x8b, 0xae, 0x9b, 0xef, 0x00,
0x0a, 0xbe, 0xa1, 0xd5, 0x7e, 0x5c, 0x60, 0x5f,
0x16, 0xd7, 0xb3, 0xf6, 0x15, 0xab, 0x92, 0xa3,
0xcf, 0xf1, 0xcc, 0xa3, 0xe8, 0x49, 0x68, 0xcf,
0xfe, 0x09, 0x4e, 0xdb, 0xb9, 0x50, 0x1a, 0x6d,
0x5f, 0xde, 0x09, 0x25, 0xb1, 0x14, 0xfe, 0xef,
0x6e, 0x30, 0xbb, 0x40, 0x45, 0x35, 0x06, 0xbe,
0xdb, 0xa0, 0x49, 0x0c, 0x5f, 0x53, 0x65, 0x5a,
0xac, 0x49, 0x78, 0xd0, 0xa4, 0x38, 0xf3, 0x42,
0xbb, 0xd2, 0x30, 0x23, 0x95, 0x61, 0x18, 0x9d,
0x18, 0x70, 0xe9, 0x51, 0x96, 0xab, 0x81, 0xd7,
0xba, 0x53, 0xa8, 0x00, 0xdb, 0xc9, 0xa8, 0xed,
0xc9, 0x17, 0xde, 0x51, 0x01, 0x61, 0xee, 0x09,
0xe5, 0x6c, 0xe3, 0xed, 0x5a, 0x61, 0xee, 0x87,
0x49, 0x7f, 0xe1, 0x1a, 0x29, 0x6c, 0x34, 0x34,
0xcc, 0x3f, 0x7a, 0x8f, 0x13, 0xe0, 0x12, 0x20,
0xa7, 0x48, 0xf5, 0x97, 0xef, 0xc1, 0x25, 0x49,
0xbd, 0xe2, 0x03, 0xf1, 0x39, 0xbe, 0x32, 0x73,
0xc6, 0x6c, 0x8a, 0xb6, 0x0e, 0x14, 0xc8, 0x11,
0xa0, 0x99, 0x91, 0x5c, 0xb8, 0x00, 0x24, 0x0d,
0x7e, 0x7d, 0x91, 0x3e, 0x79, 0x80, 0xfa, 0x9b,
0x54, 0x5b, 0x9a, 0x9b, 0x64, 0x0a, 0xf0, 0xae,
0x67, 0xca, 0xba, 0xdf, 0x2c, 0x17, 0x51, 0x50,
0x29, 0xab, 0x19, 0xc5, 0xf2, 0xf5, 0x3c, 0x4b,
0xd8, 0x40, 0xc9, 0x4f, 0xa7, 0x61, 0x7b, 0x97,
0x0b, 0x6f, 0x3b, 0x0a, 0x3c, 0x91, 0x3e, 0xff,
0x9f, 0x7a, 0xe3, 0x9d, 0xc9, 0x93, 0x3b, 0x11,
0xb7, 0x25, 0x5e, 0x25, 0x62, 0x51, 0x7b, 0xb0,
0xcf, 0x21, 0x3d, 0xa2, 0x5c, 0x4a, 0x79, 0xec,
0x13, 0xd3, 0xeb, 0xd9, 0xd4, 0xb8, 0xca, 0x49,
0xce, 0x4f, 0x58, 0xbd, 0xe3, 0x43, 0x9c, 0x49,
0x71, 0x21, 0xc8, 0x56, 0x85, 0x70, 0xbe, 0xc6,
0xe9, 0x42, 0xde, 0x9a, 0x39, 0x96, 0x51, 0x1f,
0xcc, 0x98, 0x6f, 0x25, 0xa9, 0xf3, 0x1a, 0xad,
0x05, 0xfc, 0x8c, 0x4e, 0x30, 0x84, 0xc0, 0xb4,
0x08, 0x51, 0x83, 0x92, 0x51, 0x3e, 0x9e, 0x59,
0xaa, 0x3b, 0x5f, 0x43, 0x80, 0x66, 0x1b, 0x45,
0xf0, 0x15, 0xd8, 0x86, 0x51, 0xd3, 0x26, 0x4b,
0xb1, 0x3b, 0x3f, 0xd0, 0xea, 0x7c, 0x10, 0xf7,
0xaa, 0xd1, 0xe3, 0x24, 0xb7, 0xbe, 0x7a, 0xa2,
0x78, 0xd4, 0xea, 0x15, 0x7a, 0x90, 0x4d, 0x16,
0x9e, 0xb9, 0xf0, 0xa4, 0x39, 0x4e, 0xa7, 0x0c,
0x77, 0x6b, 0x26, 0xbe, 0xf2, 0xc0, 0x62, 0x9d,
0x1f, 0x6e, 0x71, 0x9e, 0x6b, 0xe9, 0x46, 0xcc,
0x32, 0xa4, 0x18, 0xd3, 0xec, 0x60, 0xef, 0xfc,
0x88, 0x3c, 0x73, 0x81, 0x25, 0xb3, 0x89, 0x7b,
0x03, 0x56, 0xd0, 0x6c, 0x9a, 0xdf, 0x44, 0xce,
0x71, 0x47, 0x79, 0xf0, 0x3b, 0xa3, 0x62, 0x17,
0x2f, 0x08, 0xab, 0x8f, 0xfc, 0x44, 0x1b, 0x8a,
0xd0, 0xee, 0x48, 0xca, 0xd5, 0x49, 0x64, 0x54,
0x98, 0xcb, 0xff, 0x3d, 0xb1, 0x05, 0x9e, 0x63,
0x15, 0xcf, 0xbd, 0xb3, 0x83, 0xc1, 0xa4, 0x4a,
0x46, 0xf3, 0x72, 0x49, 0x56, 0x29, 0x76, 0xbc,
0x51, 0x52, 0x49, 0x39, 0xca, 0xbf, 0x13, 0x06,
0xcd, 0x2a, 0x08, 0x31, 0xbe, 0x9b, 0xb0, 0xc3,
0x01, 0x51, 0xd0, 0x17, 0xef, 0xff, 0x25, 0x65,
0x48, 0x15, 0x85, 0x94, 0x6a, 0x8f, 0x32, 0x5f,
0x92, 0x79, 0xbd, 0xf4, 0x25, 0x27, 0x2c, 0x6e,
0x34, 0xf8, 0xab, 0x54, 0xd4, 0xc6, 0x49, 0x0e,
0x7d, 0x1c, 0x1a, 0xa9, 0x3b, 0x12, 0x5a, 0x62,
0xa0, 0xa2, 0x8f, 0x0d, 0xcd, 0x26, 0x1a, 0x09,
0xcb, 0x19, 0x2c, 0xf9, 0x1b, 0x35, 0x48, 0x1d,
0x16, 0x9f, 0x9e, 0x4a, 0xe5, 0x8a, 0x22, 0xb3,
0xb6, 0x02, 0xd1, 0x8e, 0x70, 0x40, 0xb5, 0x02,
0xb1, 0x24, 0xfa, 0xa8, 0x0b, 0x04, 0x49, 0xb1,
0x53, 0x2e, 0x42, 0xc3, 0xeb, 0x94, 0x5b, 0x5f,
0x8d, 0xee, 0xa7, 0x54, 0xaf, 0x24, 0xeb, 0xa4,
0x58, 0x66, 0xea, 0x47, 0xd3, 0x49, 0x6b, 0xdb,
0x6f, 0xa9, 0xf5, 0x0d, 0x83, 0x1c, 0xf2, 0xe4,
0x45, 0x31, 0xdc, 0xb8, 0xca, 0xaf, 0xd9, 0xa1,
0xfa, 0xc6, 0x06, 0x96, 0x85, 0xb3, 0x20, 0x4c,
0x2d, 0x9f, 0xe1, 0xb4, 0xb0, 0xbb, 0xdb, 0x0b,
0x38, 0x80, 0xe2, 0x7f, 0x24, 0xa4, 0x43, 0xef,
0xea, 0xc9, 0x55, 0xb2, 0x6d, 0xd1, 0x67, 0x73,
0xae, 0x9a, 0xbf, 0xba, 0x5e, 0x57, 0xee, 0x21,
0xea, 0x84, 0xbf, 0xd7, 0x03, 0xf4, 0x52, 0xfb,
0xfe, 0x67, 0x67, 0x56, 0xcf, 0x21, 0xb5, 0x0f,
0x70, 0xca, 0x51, 0xec, 0x89, 0x83, 0xa8, 0xb1,
0x77, 0xff, 0x23, 0x28, 0x4a, 0x05, 0x20, 0x53,
0x60, 0xf6, 0xd4, 0x06, 0xba, 0x5e, 0x9a, 0xf1,
0x6d, 0x90, 0x04, 0xf1, 0x23, 0x3e, 0xc4, 0xfb,
0xb5, 0x0b, 0x82, 0x47, 0x8c, 0x0e, 0x5d, 0xa3,
0x72, 0x65, 0x31, 0x2c, 0x26, 0x7a, 0xac, 0xd3,
0x8b, 0x76, 0x7e, 0x22, 0x99, 0x37, 0x96, 0x3e,
0xcd, 0x0f, 0x09, 0x8a, 0x9a, 0x72, 0xf3, 0x1d,
0xc5, 0x28, 0xdc, 0x83, 0xf2, 0x9e, 0x3f, 0x33,
0x90, 0x0e, 0x69, 0x56, 0x75, 0xeb, 0x0c, 0xf2,
0xcd, 0xb0, 0x20, 0x58, 0x9a, 0x7c, 0x62, 0x53,
0x1e, 0x01, 0x5d, 0xe1, 0xc8, 0xa8, 0x21, 0x1f,
0xde, 0x10, 0xb0, 0xaa, 0xe6, 0xfb, 0x7e, 0x1e,
0xc4, 0xdf, 0xfa, 0x2d, 0xb3, 0xd1, 0x98, 0x13,
0xe7, 0x76, 0xe5, 0x8d, 0xc8, 0x05, 0xd2, 0x11,
0x6e, 0xd6, 0x4f, 0xa0, 0x8d, 0x01, 0xf7, 0x72,
0x78, 0xc9, 0x9a, 0xd4, 0xb4, 0xab, 0x46, 0xa9,
0x08, 0x21, 0x25, 0x7b, 0xc1, 0xf2, 0x6a, 0x59,
0x84, 0x56, 0xef, 0x40, 0x10, 0x46, 0xd3, 0x67,
0xa0, 0x45, 0xc4, 0xa5, 0xd9, 0xab, 0x12, 0x84,
0xb2, 0x62, 0x5d, 0x93, 0x8e, 0x47, 0xe3, 0x22,
0xf8, 0x44, 0x54, 0x92, 0xe6, 0xc3, 0x18, 0xa1,
0x32, 0xf3, 0x65, 0x9e, 0xc0, 0x0e, 0x23, 0x6a,
0xde, 0x57, 0x56, 0x63, 0x30, 0x57, 0x2c, 0x19,
0x60, 0x9a, 0xd1, 0x94, 0x26, 0x6a, 0xd2, 0x90,
0x3b, 0x92, 0xaf, 0x46, 0x76, 0x2b, 0x61, 0xeb,
0xd1, 0x70, 0xb4, 0x9d, 0xc2, 0xe3, 0x94, 0x7b,
0xa8, 0x17, 0xa8, 0x9f, 0xaa, 0x2c, 0x37, 0x63,
0x7d, 0xd4, 0x30, 0xe7, 0x4b, 0x77, 0xe7, 0x2c,
0x7b, 0xfd, 0xdb, 0x90, 0x67, 0x69, 0x15, 0x08,
0xda, 0x74, 0xfa, 0x1f, 0xba, 0x4b, 0x70, 0x4f,
0x78, 0x92, 0xe2, 0x33, 0x17, 0x4b, 0xf1, 0x09,
0x9f, 0x5b, 0xba, 0xdd, 0x39, 0x8f, 0x96, 0x70,
0xd0, 0x4b, 0x27, 0xda, 0x53, 0x83, 0xb4, 0x8d,
0x69, 0x80, 0x31, 0x16, 0x67, 0x3b, 0x97, 0x7d,
0x9e, 0x81, 0xd8, 0x64, 0x17, 0x14, 0xa6, 0xd5,
0xca, 0x2f, 0xd6, 0x63, 0x41, 0x6f, 0x64, 0x7c,
0x02, 0x66, 0x01, 0x0a, 0x67, 0x93, 0x20, 0x13,
0xbc, 0x22, 0xb4, 0x31, 0x04, 0xb2, 0x7c, 0x77,
0x06, 0x95, 0x43, 0x1f, 0x78, 0x44, 0x93, 0x52,
0x33, 0x0a, 0xd8, 0xbb, 0x19, 0x92, 0x85, 0xd8,
0x3c, 0x54, 0xbe, 0xd8, 0xb4, 0xbe, 0xc0, 0x6f,
0xf1, 0xcc, 0xda, 0xf1, 0x21, 0x6b, 0x4b, 0xa4,
0x9c, 0x83, 0x5c, 0x94, 0x83, 0x1c, 0x25, 0x22,
0xf2, 0x17, 0x39, 0x8e, 0x86, 0xf2, 0xa2, 0x8e,
0x3c, 0xf1, 0xba, 0xa2, 0x23, 0x20, 0x4c, 0x9a,
0xe2, 0x41, 0x02, 0x35, 0xf7, 0x21, 0x53, 0x33,
0xba, 0xf1, 0x9b, 0x75, 0x1c, 0xae, 0xe4, 0x4a,
0x17, 0xa1, 0x69, 0x9e, 0x94, 0x27, 0xd6, 0xfa,
0x75, 0xd4, 0xbb, 0x1d, 0xb3, 0x97, 0x08, 0xb1,
0x52, 0x56, 0x17, 0x04, 0x0e, 0x21, 0x8c, 0x3f,
0xcc, 0x89, 0x0b, 0xfb, 0x63, 0xb8, 0x16, 0x63,
0x56, 0x25, 0x6d, 0xcc, 0x70, 0x56, 0xc5, 0x46,
0x58, 0x8d, 0x34, 0x30, 0x5d, 0x3a, 0xcf, 0x86,
0xa1, 0xfc, 0xc8, 0xdc, 0xcc, 0x3e, 0x2f, 0x86,
0x47, 0xcb, 0x12, 0x82, 0xcc, 0x5f, 0x6f, 0x47,
0x9d, 0x23, 0x5e, 0x0e, 0xd8, 0xac, 0x6e, 0xcc,
0x7d, 0x44, 0xb6, 0x43, 0x54, 0xda, 0x1c, 0xc8,
0x0d, 0x7b, 0x1c, 0xd3, 0xdb, 0x96, 0x9d, 0x25,
0xd1, 0x4c, 0x21, 0x63, 0x40, 0x1a, 0xb9, 0x28,
0x17, 0x1c, 0x4c, 0x52, 0x41, 0xc2, 0xa9, 0x7d,
0x36, 0x64, 0xe6, 0x48, 0xda, 0xc1, 0x57, 0xce,
0x07, 0xcc, 0x27, 0x1b, 0x4f, 0xe0, 0xc6, 0xa6,
0xfc, 0x1a, 0x49, 0x1a, 0xac, 0xa5, 0x30, 0xfa,
0xc4, 0xba, 0x0a, 0x2b, 0xba, 0x59, 0xdd, 0x61,
0xb8, 0xa5, 0x50, 0xac, 0x86, 0xd6, 0xbd, 0xd6,
0x3c, 0x59, 0xce, 0xa3, 0xe2, 0x38, 0xe2, 0x66,
0xc2, 0x75, 0xa2, 0x28, 0x0e, 0x0c, 0xa9, 0x6d,
0x23, 0xd5, 0x1a, 0x41, 0xb8, 0x40, 0x17, 0xaf,
0xd8, 0x43, 0x4c, 0xe2, 0x11, 0xe0, 0x0b, 0x5f,
0xca, 0xbb, 0x58, 0x68, 0x9e, 0xbb, 0xc3, 0x3f,
0x26, 0x2b, 0x73, 0x8f, 0x4d, 0x76, 0xd1, 0xde,
0xbf, 0x31, 0xd3, 0x8d, 0x4a, 0xbb, 0x7f, 0x57,
0x73, 0x3c, 0xee, 0xaf, 0xa3, 0xe8, 0x60, 0x61,
0x0c, 0x85, 0x06, 0xb3, 0xb4, 0xeb, 0x14, 0xd6,
0x4c, 0x61, 0x07, 0xc8, 0x73, 0x7e, 0x17, 0xf4,
0x0c, 0x40, 0x63, 0x00, 0x2a, 0x83, 0x19, 0x66,
0xeb, 0x1e, 0x8d, 0x4c, 0x66, 0x32, 0xe6, 0xa4,
0xdb, 0x77, 0x17, 0x52, 0x8a, 0x2d, 0x79, 0xf4,
0xac, 0x61, 0x88, 0x4d, 0xac, 0x7f, 0x78, 0xdc,
0x7b, 0x2d, 0x17, 0xfe, 0xff, 0x5d, 0x8a, 0x26,
0xa2, 0x4a, 0x1d, 0x91, 0xa3, 0x73, 0x0e, 0x5f,
0x54, 0x29, 0xcf, 0x87, 0xf7, 0x00, 0x73, 0x47,
0x61, 0xcc, 0xfe, 0x53, 0x4b, 0x22, 0x14, 0xce,
0xf3, 0xe1, 0xaf, 0x96, 0x81, 0x4c, 0x80, 0xfd,
0x5b, 0x39, 0xbc, 0x75, 0x4f, 0xcc, 0xc0, 0xfb,
0x2c, 0xd3, 0x2e, 0x0b, 0xad, 0xaa, 0xcb, 0x90,
0x4a, 0xca, 0xd5, 0x39, 0x3a, 0x0b, 0x7b, 0x38,
0x54, 0x76, 0x74, 0xa5, 0xa2, 0x36, 0xcd, 0x4e,
0xc4, 0x42, 0x86, 0x1c, 0x1c, 0x94, 0x44, 0x05,
0x4e, 0xad, 0x94, 0xea, 0x88, 0x14, 0xc5, 0x4f,
0x4a, 0x18, 0xde, 0x48, 0x73, 0x1a, 0x6f, 0x4e,
0xa6, 0x16, 0x78, 0xba, 0x54, 0xd8, 0x2b, 0x6b,
0x34, 0xf8, 0x2f, 0x58, 0x48, 0x11, 0xf6, 0x13,
0x6c, 0xa8, 0x29, 0x4f, 0xbb, 0x67, 0xb2, 0x6d,
0x90, 0x68, 0xa2, 0x00, 0x0c, 0x72, 0xa5, 0xcb,
0x4a, 0xa8, 0x67, 0x9e, 0x9b, 0x62, 0x1a, 0x3f,
0x5c, 0x92, 0xc5, 0xe8, 0xd3, 0x35, 0xf1, 0xcd,
0xdc, 0x41, 0xc8, 0x03, 0xf0, 0x28, 0xe4, 0x74,
0xa7, 0xa0, 0xe4, 0x07, 0xd7, 0x95, 0x57, 0x5a,
0xeb, 0xd8, 0x9e, 0xc1, 0x4c, 0x06, 0xb3, 0xeb,
0x0e, 0x3b, 0x7e, 0x02, 0x29, 0x7b, 0xd0, 0xd7,
0x8b, 0xfb, 0x7d, 0x41, 0x7c, 0xb0, 0x0a, 0x34,
0x90, 0x63, 0x2e, 0xc7, 0xd8, 0x77, 0xab, 0x37,
0x3b, 0x2a, 0x41, 0x2c, 0xa8, 0xf9, 0x31, 0x26,
0x7a, 0x9a, 0xb9, 0x90, 0xf3, 0xca, 0x62, 0xc3,
0x6d, 0x19, 0xc4, 0xe4, 0x58, 0x16, 0xd3, 0x76,
0xa8, 0xf1, 0xd1, 0x7a, 0xf1, 0xeb, 0x28, 0x4a,
0x2c, 0x85, 0xb1, 0xa6, 0x7f, 0xb6, 0xcd, 0xc8,
0x83, 0x3e, 0xba, 0x13, 0xfa, 0x25, 0x7e, 0x0f,
0x7b, 0xf3, 0xb8, 0x82, 0x2f, 0xfc, 0xfd, 0x9a,
0xa1, 0xa5, 0x2d, 0xa9, 0x48, 0x08, 0x4c, 0x6b,
0xfc, 0x34, 0x6b, 0xd3, 0x0b, 0x62, 0x78, 0x96,
0xee, 0x3c, 0xb4, 0xf3, 0x39, 0x82, 0x00, 0xc0,
0xd4, 0x90, 0x8d, 0x43, 0x34, 0xda, 0x9f, 0xa8,
0xee, 0x82, 0xb7, 0x85, 0x8c, 0x12, 0xb0, 0x71,
0x99, 0x68, 0xdb, 0xe0, 0x04, 0x26, 0xa4, 0x43,
0x27, 0xe2, 0x49, 0x91, 0x3f, 0xc3, 0xd2, 0xaf,
0x98, 0x44, 0x85, 0x1b, 0xef, 0x02, 0x0e, 0xe7,
0xf3, 0xf1, 0xe0, 0x1d, 0xe3, 0x04, 0xf1, 0x37,
0x67, 0x1d, 0x43, 0xde, 0xfd, 0xc4, 0x9b, 0x06,
0x13, 0xa0, 0xe6, 0x7d, 0x6e, 0xaa, 0x99, 0xf2,
0x6d, 0x30, 0xcd, 0x98, 0x9e, 0x5a, 0x2b, 0xba,
0x04, 0x8b, 0x66, 0x5e, 0x29, 0x0c, 0xd8, 0x35,
0x98, 0x13, 0xf4, 0x59, 0xbe, 0xa8, 0x6a, 0x9a,
0x5b, 0x1b, 0x3a, 0x6a, 0xda, 0x95, 0x9c, 0x4a,
0x35, 0xc9, 0x88, 0x54, 0x59, 0x07, 0xf4, 0xc6,
0x4b, 0x5c, 0xfe, 0xb1, 0x15, 0x89, 0x71, 0x21,
0xf3, 0xd8, 0x0c, 0x7f, 0xfb, 0x89, 0x59, 0x22,
0x14, 0x31, 0x23, 0x71, 0x8a, 0x39, 0x47, 0x4d,
0x01, 0x35, 0xc5, 0x24, 0x14, 0x5b, 0xe2, 0xe6,
0x21, 0x47, 0xce, 0x45, 0xa6, 0x34, 0xcb, 0x41,
0xc9, 0x5d, 0x9b, 0xe9, 0x97, 0xa1, 0x97, 0x53,
0xac, 0x0a, 0xda, 0xf2, 0x31, 0x7f, 0x25, 0x34,
0xbf, 0x04, 0xfb, 0x7b, 0xaa, 0x5c, 0xfc, 0xb3,
0x67, 0x69, 0x4a, 0xe8, 0xf7, 0xe7, 0x50, 0x5c,
0xc0, 0x69, 0x07, 0xe3, 0x47, 0x0f, 0x95, 0x60,
0x2d, 0xf3, 0xcd, 0x6c, 0xc7, 0xa9, 0x83, 0xba,
0x56, 0x7f, 0x32, 0x6e, 0x94, 0xfb, 0xc8, 0x24,
0x85, 0x24, 0x4e, 0x10, 0x3e, 0x0f, 0x92, 0xa6,
0x48, 0xd8, 0x11, 0x09, 0x79, 0xb6, 0xcc, 0x0e,
0x00, 0x28, 0x5b, 0xa1, 0x2b, 0x42, 0x5c, 0x16,
0x29, 0x96, 0x7d, 0x11, 0xc3, 0x2f, 0x8e, 0x81,
0x34, 0x30, 0x49, 0x13, 0xc6, 0x9c, 0xee, 0xa8,
0xf9, 0xff, 0x3c, 0x6d, 0x83, 0x8d, 0x13, 0x14,
0xbe, 0x5e, 0x8d, 0xf2, 0xe7, 0x8d, 0xc3, 0xd9,
0x79, 0xd3, 0x35, 0x9b, 0xb4, 0x8b, 0xdb, 0x3d,
0x46, 0x4a, 0x18, 0xaf, 0xa9, 0x25, 0xab, 0x16,
0x2f, 0x3d, 0xdd, 0xab, 0x33, 0x5f, 0x07, 0x92,
0xf6, 0x77, 0xa6, 0x37, 0x7f, 0xec, 0x37, 0xbe,
0x41, 0xe2, 0xb2, 0x29, 0x55, 0x5e, 0x33, 0x6c,
0xaf, 0xdc, 0x46, 0x4b, 0x33, 0x6e, 0xd1, 0xec,
0x4d, 0xf0, 0x74, 0xa2, 0xbc, 0xde, 0xf3, 0xde,
0xcf, 0xf0, 0xee, 0x99, 0x6e, 0x0c, 0xc9, 0x83,
0xb8, 0x09, 0x30, 0xd0, 0xd1, 0x23, 0xf2, 0xcf,
0xc1, 0x48, 0x96, 0x3f, 0x6e, 0x61, 0xc3, 0x4b,
0xe7, 0x96, 0xdc, 0xca, 0x6d, 0x56, 0x47, 0x84,
0xbe, 0x49, 0xba, 0x42, 0x1a, 0x15, 0x47, 0xf9,
0xd4, 0xf6, 0xf8, 0xb5, 0x7b, 0x2b, 0xcb, 0x1c,
0x59, 0x88, 0x87, 0x13, 0xb4, 0xcd, 0x4e, 0x52,
0xf2, 0x9d, 0xaa, 0xb1, 0x27, 0xb0, 0xa3, 0x9c,
0x1c, 0x89, 0x3d, 0xc3, 0x52, 0x78, 0x3f, 0x4b,
0xde, 0x9f, 0x14, 0x5f, 0xcb, 0xbb, 0x91, 0xc2,
0xa5, 0x32, 0x70, 0x8f, 0xbd, 0xce, 0xb9, 0x57,
0x88, 0xe3, 0xbd, 0x84, 0xff, 0xf1, 0xe0, 0x5b,
0xbc, 0xed, 0x13, 0x23, 0xa5, 0x50, 0x94, 0x22,
0xc2, 0x03, 0xfa, 0x41, 0x48, 0xc2, 0x6c, 0x84,
0x5f, 0x9a, 0x23, 0xb0, 0x61, 0x4a, 0x88, 0xde,
0xd6, 0x9e, 0xb5, 0xf9, 0xf5, 0xbd, 0xc9, 0x87,
0xbc, 0xe3, 0x5f, 0x15, 0x7a, 0x83, 0xfe, 0x40,
0x44, 0x3a, 0x18, 0xf7, 0x7c, 0x37, 0x9f, 0xa2,
0x42, 0x17, 0x6b, 0xfb, 0xb8, 0xb2, 0x2d, 0x40,
0xa2, 0x3d, 0xc2, 0xbb, 0x22, 0xc8, 0x4f, 0xdc,
0xf3, 0x15, 0x29, 0xff, 0xbc, 0x6e, 0xa6, 0xc2,
0x05, 0xe9, 0x1a, 0xaf, 0x3d, 0x3e, 0x62, 0x80,
0x2b, 0x2d, 0x73, 0xbf, 0x87, 0x99, 0xcc, 0x52,
0xf5, 0x95, 0xf6, 0xd9, 0x62, 0x97, 0x6b, 0xa4,
0x4b, 0x37, 0x09, 0x15, 0x48, 0xe6, 0xf6, 0xa8,
0x40, 0xd2, 0xd4, 0xd4, 0xf0, 0x5f, 0x68, 0x5a,
0x1d, 0x11, 0xaa, 0x50, 0x22, 0x8e, 0x5b, 0x27,
0xb8, 0x22, 0xb4, 0x09, 0xc8, 0xd5, 0xa1, 0x40,
0x8d, 0x20, 0x8b, 0x0d, 0x07, 0x41, 0x36, 0x84,
0x73, 0xa3, 0x59, 0xca, 0x69, 0x6f, 0xc2, 0x06,
0xff, 0xa8, 0x4b, 0xdd, 0x52, 0x54, 0x5c, 0xef,
0xf4, 0xe6, 0x17, 0x69, 0x82, 0xad, 0x89, 0x58,
0x88, 0xce, 0xa4, 0x1f, 0x64, 0x17, 0xac, 0x8d,
0x7d, 0x48, 0x17, 0x4b, 0xa2, 0x55, 0xf8, 0xcc,
0xdd, 0xb5, 0xd9, 0x87, 0x93, 0x5b, 0x3a, 0x0b,
0x1a, 0x00, 0xa3, 0x8a, 0x8b, 0xfa, 0x40, 0x88,
0xa1, 0x6b, 0xfa, 0x8a, 0x45, 0xdb, 0x9f, 0xb5,
0x67, 0x5a, 0x5e, 0x53, 0x4d, 0x30, 0x33, 0x87,
0xea, 0x30, 0x9d, 0xf6, 0x15, 0xc3, 0x69, 0x88,
0x74, 0x92, 0x66, 0x62, 0xcb, 0x64, 0xc0, 0xaa,
0x44, 0xfc, 0x9d, 0x4c, 0x13, 0xab, 0xfa, 0x64,
0x45, 0xa7, 0x09, 0xac, 0x70, 0x64, 0x71, 0x14,
0xa3, 0xee, 0x4c, 0xd3, 0x52, 0xc1, 0xbe, 0xa7,
0x91, 0x96, 0x5c, 0x2b, 0xb6, 0x23, 0xee, 0x36,
0xe6, 0xce, 0x84, 0x0c, 0x17, 0x1d, 0x68, 0x59,
0x34, 0x19, 0xd1, 0xd9, 0x1a, 0x33, 0x6f, 0x74,
0x56, 0x14, 0x16, 0xe8, 0xf3, 0x57, 0x23, 0x37,
0x99, 0x33, 0x96, 0x88, 0x57, 0x54, 0x13, 0xeb,
0x14, 0xd7, 0x66, 0x89, 0x4f, 0x85, 0xf7, 0x8e,
0xbe, 0x96, 0x68, 0x4e, 0xb1, 0x4e, 0x37, 0x21,
0xbb, 0x05, 0xce, 0xc3, 0x45, 0x19, 0x7c, 0xb2,
0x3a, 0xb7, 0x55, 0xbd, 0x24, 0x9b, 0xad, 0x3c,
0xb4, 0xaa, 0x42, 0x48, 0x57, 0x75, 0xf2, 0x03,
0xc6, 0x1d, 0x02, 0x8e, 0xb1, 0x0f, 0xc5, 0xaf,
0xd5, 0x45, 0x9f, 0x2b, 0x75, 0xf9, 0x4f, 0x4e,
0x63, 0x66, 0x65, 0xbc, 0xef, 0x49, 0xcb, 0x4d,
0x44, 0xea, 0xd1, 0xa9, 0x26, 0x6a, 0x9c, 0x88,
0x0e, 0x1d, 0xf5, 0x3d, 0xbd, 0x1a, 0x8e, 0x40,
0x49, 0x1a, 0xea, 0x19, 0xea, 0xe5, 0x6b, 0xc8,
0xfc, 0xc2, 0xb0, 0xc4, 0x3b, 0x53, 0xa4, 0x62,
0xc9, 0x52, 0xcf, 0xe3, 0xa5, 0xae, 0x62, 0xe2,
0x8d, 0x77, 0x7d, 0x93, 0x35, 0x9d, 0x2c, 0xa4,
0xd4, 0x9d, 0x01, 0xb1, 0xb9, 0x19, 0xe4, 0x5b,
0x9c, 0x1e, 0xb7, 0x25, 0xf4, 0xf3, 0x84, 0x66,
0xfe, 0x48, 0x1f, 0x20, 0xe0, 0x5d, 0x07, 0xd2,
0xb0, 0x6e, 0x87, 0x05, 0xcc, 0xa5, 0x40, 0x0b,
0x9a, 0x95, 0x8d, 0xce, 0x1e, 0x3f, 0x6d, 0x9d,
0x34, 0x9b, 0x10, 0x33, 0x71, 0xd9, 0xd3, 0x56,
0x76, 0x24, 0xba, 0x24, 0x3d, 0xad, 0x86, 0x97,
0x13, 0xaa, 0xa5, 0xbc, 0xee, 0xee, 0x6a, 0x48,
0x7a, 0x0b, 0x23, 0xb0, 0x35, 0xfd, 0x0f, 0xf6,
0x9c, 0xc8, 0xba, 0xcc, 0x97, 0xf1, 0x22, 0x1f,
0xcb, 0x83, 0x62, 0x7a, 0x9d, 0x1e, 0x6e, 0x61,
0xa5, 0xeb, 0x3c, 0xed, 0x79, 0x30, 0x9b, 0xe1,
0x71, 0xde, 0x3c, 0x2d, 0xaa, 0x49, 0xb6, 0xc7,
0x3b, 0xba, 0x43, 0x60, 0x7f, 0x62, 0xeb, 0x89,
0xa7, 0x89, 0xe3, 0x4a, 0xc7, 0x9c, 0x05, 0x93,
0x3b, 0xc4, 0xe9, 0xfd, 0x59, 0x72, 0xa2, 0xc9,
0x51, 0xc1, 0xdf, 0xb2, 0x66, 0xfe, 0xc3, 0x4d,
0x29, 0xef, 0x93, 0xe2, 0x86, 0x11, 0xbd, 0xb6,
0x5c, 0x92, 0x0a, 0x5d, 0x4b, 0x18, 0xbf, 0x67,
0x74, 0x30, 0x35, 0xd1, 0x5d, 0x88, 0x44, 0xf5,
0x41, 0xdb, 0x2f, 0xa7, 0x06, 0xeb, 0x3b, 0xf4,
0x33, 0xcb, 0x36, 0x38, 0xf3, 0xcd, 0x28, 0xb2,
0x79, 0xce, 0x17, 0xb1, 0xa4, 0xc6, 0x41, 0x57,
0xf6, 0x96, 0xe8, 0x12, 0x01, 0xc1, 0x8a, 0x1d,
0x29, 0x8f, 0x04, 0x92, 0x9a, 0x22, 0xf1, 0x81,
0xfb, 0x2a, 0x6f, 0x90, 0x52, 0x65, 0xbe, 0xfa,
0xd2, 0xca, 0xe1, 0x0e, 0xd3, 0x5a, 0x5a, 0x70,
0x56, 0xa5, 0x6b, 0xfb, 0x36, 0x19, 0x10, 0xde,
0x7a, 0x76, 0x94, 0x75, 0x1a, 0x5c, 0x23, 0xce,
0x7a, 0xc5, 0x84, 0xab, 0x98, 0x0e, 0x4a, 0xca,
0xc1, 0x55, 0xd7, 0x8a, 0x79, 0xa1, 0x6a, 0x5f,
0x63, 0x7b, 0xef, 0x90, 0xea, 0x86, 0x42, 0x91,
0xc9, 0xaf, 0xbe, 0x9a, 0xd4, 0xac, 0x11, 0xfc,
0xd5, 0x21, 0xaa, 0x6e, 0x0a, 0xd9, 0xb2, 0x09,
0x4b, 0xd2, 0x00, 0xf5, 0x05, 0x44, 0xb9, 0xa3,
0x95, 0x35, 0xba, 0xb2, 0x9a, 0xfa, 0xda, 0x36,
0x52, 0xf6, 0x87, 0xc2, 0xae, 0x17, 0xa1, 0xd3,
0xa8, 0xc5, 0xbc, 0x26, 0xc5, 0x48, 0x1e, 0x7d,
0x02, 0x2d, 0xc3, 0x53, 0xf9, 0x2f, 0x90, 0xb5,
0x74, 0xbb, 0x8c, 0x7d, 0x18, 0xe9, 0x65, 0x19,
0xfa, 0x3e, 0x19, 0x1c, 0xad, 0x4f, 0x9f, 0x80,
0xbd, 0xf2, 0xae, 0xd3, 0x59, 0x5e, 0xff, 0x47,
0x8d, 0x1b, 0xc6, 0x0a, 0xda, 0x35, 0x76, 0x06,
0xa8, 0xb8, 0x4b, 0x0e, 0xf7, 0x67, 0xb7, 0x11,
0x5c, 0xa3, 0xb4, 0xf2, 0x96, 0x7a, 0xe8, 0xa7,
0x01, 0xd1, 0x5a, 0xc8, 0x52, 0xbe, 0xbc, 0x08,
0x5f, 0xcd, 0x19, 0xc5, 0x6d, 0x17, 0x41, 0x0f,
0xde, 0x76, 0xee, 0xe7, 0xed, 0x2c, 0xfd, 0x0e,
0x10, 0x48, 0xb4, 0x09, 0x26, 0x09, 0x9f, 0xe1,
0x41, 0x34, 0xf7, 0x11, 0xe4, 0x00, 0xe0, 0xcd,
0x23, 0x9e, 0xb7, 0x49, 0x57, 0x8a, 0x10, 0xd7,
0xe7, 0xfa, 0x2f, 0xc9, 0xda, 0xaa, 0xea, 0x40,
0x8d, 0x25, 0x3f, 0x97, 0x09, 0xc5, 0xe8, 0xa6,
0x76, 0xd0, 0xc4, 0x28, 0x53, 0xd5, 0x60, 0xf3,
0x89, 0x41, 0x9e, 0x2c, 0x24, 0x1f, 0xd1, 0x49,
0x83, 0xa4, 0x5c, 0x4a, 0xbe, 0xf0, 0x16, 0x7f,
0xe0, 0x64, 0x07, 0x0c, 0xf6, 0xbe, 0x87, 0x74,
0xf5, 0xed, 0x5c, 0xe9, 0x99, 0x86, 0x2f, 0x40,
0x1b, 0xaa, 0x05, 0x6e, 0x88, 0x61, 0x71, 0x5f,
0x33, 0x08, 0x82, 0x09, 0xde, 0xf5, 0x94, 0x00,
0x96, 0xe0, 0x43, 0x48, 0x25, 0x31, 0x0d, 0x70,
0x85, 0x07, 0xfb, 0xc6, 0x65, 0x5b, 0x6e, 0xc7,
0x4c, 0xe8, 0x59, 0xac, 0xd6, 0x5c, 0xb0, 0xce,
0xd0, 0x2f, 0xd1, 0x86, 0x60, 0xd9, 0x75, 0x80,
0x7a, 0x58, 0xc1, 0xcd, 0x3a, 0x56, 0x27, 0x6c,
0x90, 0x19, 0x1c, 0x33, 0x6c, 0x65, 0xc1, 0x52,
0x33, 0x4f, 0xd8, 0x9f, 0xfa, 0xe4, 0x7a, 0x65,
0xab, 0x1d, 0x98, 0x83, 0x2f, 0x75, 0x1e, 0xae,
0x70, 0xae, 0xbe, 0x92, 0xca, 0x45, 0x79, 0xc8,
0x3a, 0xee, 0xd3, 0x79, 0xe6, 0x44, 0x8d, 0xce,
0x3c, 0x8b, 0xa6, 0x4c, 0x10, 0x61, 0xcb, 0x2d,
0x51, 0x2a, 0x9f, 0x0f, 0xca, 0x4d, 0xfd, 0x67,
0x07, 0xce, 0x89, 0x3f, 0xe9, 0x71, 0x24, 0xa6,
0x3f, 0xde, 0x52, 0x40, 0x8c, 0xec, 0xf9, 0xf3,
0xbb, 0x47, 0x5f, 0xee, 0x3c, 0xb8, 0x36, 0x9a,
0xf5, 0x11, 0x1d, 0xb8, 0xc0, 0x7e, 0x18, 0x05,
0x0e, 0x36, 0xe7, 0x25, 0xeb, 0x34, 0x76, 0x9a,
0x25, 0xd9, 0x14, 0x44, 0x16, 0x20, 0x64, 0x2e,
0x53, 0xc7, 0x43, 0x92, 0xe0, 0xf0, 0xfe, 0x6b,
0x41, 0x7e, 0xe1, 0x94, 0xd0, 0x49, 0x58, 0x24,
0x41, 0xe5, 0x99, 0x9b, 0xc7, 0x96, 0xd2, 0xe2,
0x2a, 0x82, 0xf7, 0x86, 0x95, 0x2f, 0x59, 0x76,
0x03, 0xb4, 0xe2, 0xe9, 0x62, 0x15, 0xa0, 0x14,
0x42, 0xb0, 0xfc, 0x78, 0xcb, 0xfb, 0xe0, 0xf9,
0xd0, 0x15, 0xf6, 0xf5, 0x2f, 0x28, 0x0b, 0xe9,
0xdf, 0x96, 0x25, 0xe2, 0x11, 0x83, 0xfb, 0x23,
0x53, 0x10, 0x01, 0xdf, 0xd4, 0x62, 0x79, 0x57,
0xaf, 0x9b, 0x09, 0x71, 0x51, 0x21, 0x93, 0xd7,
0x58, 0xe8, 0x81, 0x0b, 0x26, 0x05, 0x68, 0xe3,
0x42, 0xa6, 0x29, 0x91, 0xdb, 0x59, 0xce, 0xe5,
0x82, 0xe6, 0x55, 0xda, 0x0a, 0x66, 0x90, 0x9c,
0x2a, 0x4d, 0x5b, 0x7a, 0xf7, 0xee, 0x84, 0xbe,
0x77, 0x1d, 0xd9, 0x9d, 0xfa, 0x83, 0x56, 0xde,
0xd6, 0xf3, 0x71, 0x32, 0x8a, 0xec, 0x88, 0xb0,
0x3b, 0x50, 0x54, 0x01, 0xb3, 0x2a, 0x19, 0x02,
0x00, 0xde, 0x63, 0x4f, 0xde, 0xda, 0x22, 0xb0,
0xa0, 0x32, 0x97, 0x6b, 0x0a, 0x08, 0x33, 0x72,
0x2a, 0xc3, 0x3c, 0x5a, 0xb7, 0xeb, 0x08, 0x43,
0x44, 0x0e, 0x21, 0x47, 0x27, 0xf0, 0x11, 0x02,
0xb0, 0x8a, 0x3d, 0xa9, 0x76, 0x95, 0x0d, 0x6d,
0xd5, 0x1d, 0xa2, 0x24, 0x66, 0x19, 0xaf, 0xf7,
0x76, 0x41, 0xdf, 0xb9, 0x87, 0xdc, 0xc2, 0xcc,
0x87, 0x1e, 0x75, 0xcc, 0x82, 0xbb, 0xd0, 0xf0,
0x3d, 0x30, 0x24, 0xae, 0x79, 0xb6, 0x57, 0xae,
0xa0, 0xc4, 0xa6, 0x57, 0x81, 0x25, 0x92, 0xf4,
0x97, 0xa4, 0x6c, 0x94, 0x6d, 0x31, 0xf6, 0xa8,
0xaf, 0x05, 0xca, 0xda, 0x3d, 0x48, 0xec, 0x72,
0x75, 0xf4, 0xe8, 0x98, 0xf0, 0x26, 0x0e, 0x89,
0x51, 0xcc, 0x98, 0xd5, 0x87, 0x03, 0x06, 0x94,
0x85, 0x9a, 0xb7, 0x64, 0xe9, 0x36, 0xed, 0xfb,
0xa5, 0xbd, 0x18, 0xd8, 0x01, 0xd4, 0xd8, 0x00,
0x80, 0x38, 0x78, 0x98, 0x92, 0xec, 0x18, 0x45,
0x9c, 0x4a, 0xcd, 0x7b, 0x18, 0xa4, 0xc3, 0x84,
0x7b, 0xcc, 0x02, 0x2d, 0x5b, 0xc4, 0x61, 0xdc,
0xdb, 0xe0, 0xa7, 0x3a, 0x3f, 0x75, 0x8d, 0xf9,
0x26, 0xc8, 0x58, 0x40, 0xca, 0x85, 0x81, 0xc5,
0x92, 0x14, 0x6f, 0xa3, 0x33, 0xe1, 0x61, 0xe3,
0xac, 0x01, 0xa2, 0x7f, 0x0c, 0x29, 0x5e, 0x1a,
0xd7, 0xa6, 0x7e, 0x74, 0x9a, 0x09, 0x97, 0x36,
0xad, 0xd1, 0x91, 0x83, 0x33, 0xb6, 0x4b, 0x23,
0x30, 0x3e, 0xc5, 0x5e, 0x17, 0xe6, 0x3d, 0x5c,
0xcf, 0x6b, 0x65, 0xc5, 0x49, 0x0d, 0x93, 0x2d,
0x2e, 0x1e, 0xb5, 0x6f, 0x18, 0x69, 0x50, 0x67,
0x65, 0x07, 0x35, 0xb5, 0x4f, 0x49, 0xf1, 0x46,
0xce, 0x90, 0x37, 0x13, 0x2d, 0xf9, 0xdb, 0xe7,
0x90, 0x05, 0xeb, 0xf4, 0x5c, 0xb9, 0xda, 0xf4,
0xfd, 0x4b, 0xf3, 0x9d, 0x0e, 0x40, 0xb5, 0x68,
0x9a, 0xa1, 0xcc, 0xd3, 0x5b, 0x81, 0x44, 0xb3,
0x2c, 0x9d, 0x4b, 0x11, 0x18, 0xe7, 0x38, 0x82,
0xf2, 0xb0, 0xb6, 0x5d, 0xf1, 0xbc, 0xc9, 0xbc,
0xe5, 0xbc, 0x1a, 0x82, 0xf6, 0xe1, 0xe6, 0xf6,
0x27, 0x82, 0x64, 0x88, 0xd8, 0xa2, 0x58, 0x55,
0x90, 0x7d, 0x84, 0x28, 0x06, 0x59, 0xb1, 0x2f,
0x0e, 0x3b, 0x77, 0x11, 0x28, 0x01, 0x0f, 0x3a,
0x4e, 0x3f, 0xc2, 0xc0, 0xdf, 0x26, 0x48, 0x5e,
0x50, 0xda, 0x72, 0x99, 0x21, 0x04, 0xef, 0x8f,
0x42, 0x6f, 0x81, 0x06, 0x4e, 0xf4, 0x0a, 0xd4,
0xbe, 0x60, 0x15, 0xce, 0xfc, 0xdb, 0x91, 0x2b,
0x44, 0x31, 0xf3, 0xa1, 0x25, 0x1c, 0x41, 0xd8,
0x42, 0x05, 0xd8, 0xf9, 0x78, 0xc9, 0xb8, 0x15,
0x1a, 0xc1, 0x1f, 0xea, 0xf6, 0xba, 0xd3, 0x3b,
0xfd, 0xa5, 0x20, 0xa2, 0xe7, 0x19, 0xba, 0xb6,
0xdd, 0xe9, 0x0c, 0xc7, 0xc0, 0x91, 0x00, 0xd0,
0x69, 0xe6, 0x41, 0xe2, 0x29, 0xa2, 0xc7, 0x5d,
0x0a, 0xe3, 0x0d, 0x3f, 0x6b, 0x8d, 0xbb, 0xfd,
0xe1, 0x40, 0x3c, 0x3a, 0x1a, 0x3c, 0x1a, 0x83,
0x38, 0x28, 0xbb, 0x3f, 0x29, 0x39, 0x33, 0xd6,
0x3d, 0x33, 0x79, 0x42, 0x64, 0xbc, 0xe1, 0xeb,
0xea, 0xf9, 0x05, 0x73, 0x23, 0x1d, 0x9b, 0x8a,
0xc2, 0x39, 0xfc, 0x52, 0x8e, 0x22, 0x29, 0x25,
0x95, 0x4f, 0x1d, 0x94, 0x63, 0x41, 0x5a, 0x0f,
0x76, 0xa8, 0x8b, 0x7e, 0x50, 0xc9, 0xd0, 0xc7,
0x81, 0x8b, 0xa6, 0x87, 0xea, 0x85, 0xd8, 0x40,
0x31, 0x98, 0x2c, 0xbe, 0x7d, 0x98, 0x71, 0x59,
0xbe, 0x1f, 0x2d, 0x0c, 0xc9, 0x4e, 0x4a, 0x87,
0x09, 0x41, 0x59, 0xce, 0x47, 0x5f, 0xb2, 0x13,
0x34, 0x91, 0x9e, 0xf4, 0xdb, 0x27, 0xbd, 0x89,
0x40, 0x32, 0x2f, 0xcf, 0x27, 0x44, 0xbf, 0x21,
0x55, 0xcf, 0x65, 0xd3, 0x1b, 0x58, 0x7c, 0x6e,
0xdb, 0xa1, 0xff, 0xc4, 0x21, 0x86, 0xfc, 0x59,
0x9d, 0xcb, 0xb9, 0xa5, 0x61, 0x6d, 0x6d, 0x67,
0x31, 0xde, 0x56, 0xb4, 0x0b, 0x93, 0x71, 0xee,
0x51, 0xdd, 0x57, 0xb4, 0xc4, 0xec, 0x83, 0xd6,
0x0e, 0x81, 0x57, 0xea, 0x53, 0xf2, 0x43, 0x30,
0x0d, 0xa5, 0xa8, 0x98, 0xb0, 0x41, 0xd1, 0x33,
0x4a, 0xd8, 0x97, 0xec, 0x8e, 0x27, 0xdf, 0x55,
0x47, 0x5e, 0x79, 0xa8, 0xd6, 0xb9, 0xd3, 0xac,
0x9d, 0x70, 0x6d, 0x08, 0x20, 0x92, 0x2b, 0x0c,
0x3f, 0x86, 0xba, 0x1c, 0x80, 0x0a, 0x12, 0xb1,
0xd3, 0x0c, 0x5f, 0x64, 0x63, 0xcb, 0xef, 0x53,
0xef, 0x41, 0x07, 0xac, 0x1b, 0x7f, 0x69, 0x76,
0xfe, 0x49, 0x08, 0x2a, 0xb2, 0xaa, 0x6b, 0x06,
0xce, 0xb5, 0xcc, 0x4f, 0x36, 0x92, 0x2d, 0xce,
0x55, 0xb6, 0xa0, 0x83, 0xf4, 0x1c, 0x12, 0xce,
0x8a, 0x4d, 0xf0, 0x47, 0x52, 0x3f, 0x84, 0x9d,
0xd2, 0xf3, 0xea, 0x80, 0xef, 0x9e, 0xec, 0x63,
0xd7, 0x77, 0x51, 0x53, 0xbd, 0x1d, 0x78, 0x91,
0x26, 0x91, 0xd7, 0xe7, 0x60, 0xcf, 0xe3, 0xb1,
0x90, 0xef, 0x6f, 0x6c, 0x89, 0x79, 0x88, 0x69,
0x5c, 0x8d, 0x8d, 0xab, 0x13, 0x1c, 0xdd, 0xec,
0xca, 0xe9, 0xa7, 0x8f, 0x9d, 0x6a, 0x89, 0x88,
0x5d, 0xba, 0x7e, 0x85, 0x9e, 0xa5, 0x5f, 0xb8,
0x0c, 0x25, 0x28, 0x8f, 0xd7, 0xb6, 0x7e, 0x79,
0x85, 0x1e, 0x75, 0x65, 0xbe, 0x73, 0x78, 0xde,
0x6f, 0xd5, 0xca, 0x91, 0xc9, 0xed, 0x6c, 0xb3,
0xb6, 0xf9, 0x48, 0xf2, 0x92, 0x8d, 0x7b, 0x95,
0x26, 0x77, 0x94, 0xa5, 0xde, 0xcc, 0x4e, 0x6d,
0xfa, 0xba, 0x1a, 0x0b, 0xf9, 0x4b, 0xef, 0xf0,
0xf8, 0xca, 0x38, 0x61, 0x92, 0x15, 0x3c, 0x78,
0xf7, 0xe9, 0xe5, 0x7e, 0x2e, 0xaa, 0x50, 0x41,
0xa8, 0xfd, 0x94, 0xfa, 0x08, 0xab, 0x40, 0x6c,
0x7e, 0xb7, 0x4b, 0x02, 0x3c, 0x37, 0xcd, 0x52,
0x69, 0x29, 0x33, 0xb5, 0xb1, 0x8b, 0xe7, 0x18,
0x8d, 0x5f, 0xc5, 0x06, 0xaa, 0x54, 0xb5, 0x9f,
0x4c, 0x03, 0x91, 0x29, 0xce, 0x26, 0x16, 0xc9,
0x0e, 0xc6, 0xbd, 0xd5, 0xae, 0x65, 0x99, 0x9b,
0xe8, 0xe5, 0xfa, 0xca, 0x89, 0x8f, 0x26, 0x3d,
0x2e, 0xbb, 0xc0, 0x19, 0xb3, 0x8f, 0xaf, 0x15,
0xad, 0xd0, 0x21, 0xb5, 0x66, 0x2e, 0x74, 0x25,
0x73, 0xbe, 0x46, 0x6e, 0x9e, 0x48, 0x39, 0x04,
0x13, 0xac, 0x22, 0xd3, 0x1d, 0x55, 0xd1, 0x61,
0x7b, 0x95, 0x76, 0x02, 0x59, 0x7d, 0x5e, 0xf6,
0x28, 0x14, 0x5c, 0x37, 0x0b, 0x25, 0xc7, 0x1d,
0x17, 0xf5, 0x04, 0x6a, 0x62, 0xca, 0xfe, 0x89,
0x36, 0xf0, 0xde, 0x41, 0xe5, 0xd7, 0x29, 0xf7,
0x1d, 0xb6, 0x62, 0xe4, 0x40, 0xc1, 0x8d, 0x39,
0xed, 0x2b, 0xaf, 0x87, 0xec, 0x53, 0x4b, 0x7f,
0x4a, 0x6d, 0x9e, 0x6d, 0x89, 0xd1, 0xb7, 0x18,
0x21, 0x15, 0xb1, 0xc5, 0xc0, 0x8e, 0xfa, 0xb5,
0xb6, 0x40, 0xf6, 0x69, 0xca, 0xaf, 0x3c, 0x17,
0xd8, 0x48, 0xd5, 0x79, 0x35, 0x19, 0x3c, 0xb3,
0x27, 0xa7, 0x09, 0x3e, 0x4e, 0xfe, 0x06, 0x1c,
0xa0, 0xed, 0xe4, 0xdb, 0x22, 0x32, 0x58, 0xf2,
0x34, 0xec, 0xb2, 0x2a, 0x48, 0x41, 0x9e, 0x12,
0x6c, 0x40, 0xd8, 0x51, 0x00, 0x72, 0x79, 0x0f,
0x44, 0x4c, 0x8a, 0x7a, 0xf8, 0xd1, 0xbc, 0x35,
0xea, 0x0a, 0x5f, 0x7f, 0x54, 0x0c, 0x1d, 0x99,
0x24, 0x09, 0x24, 0x82, 0x2d, 0x77, 0xb0, 0xe7,
0xee, 0x89, 0x91, 0x69, 0x75, 0x32, 0x0a, 0x6f,
0x0f, 0x60, 0x5b, 0x65, 0x3e, 0xb5, 0xa9, 0xcf,
0xc4, 0x74, 0x3f, 0x80, 0xd7, 0x38, 0xf6, 0x4d,
0xc4, 0x3b, 0x69, 0xef, 0x3e, 0x11, 0x28, 0xe5,
0x17, 0x05, 0x1a, 0x69, 0x16, 0xcd, 0x03, 0xfb,
0x11, 0x4f, 0xa0, 0x20, 0x19, 0x5f, 0x6c, 0xa7,
0xfb, 0x81, 0xd7, 0x1b, 0xa7, 0x1d, 0xc3, 0x55,
0xf2, 0x12, 0x2e, 0x54, 0xe8, 0x92, 0x93, 0xa6,
0x52, 0x6d, 0xba, 0x11, 0x8b, 0xd1, 0x60, 0x84,
0x4c, 0xc4, 0x2e, 0xfb, 0xc8, 0x31, 0xbc, 0x49,
0x23, 0x49, 0x28, 0x3b, 0x54, 0x74, 0xde, 0x3e,
0x91, 0xb3, 0x32, 0x43, 0x46, 0xac, 0x3d, 0x71,
0x6e, 0xa6, 0x32, 0x69, 0xcc, 0x83, 0xef, 0xf2,
0x0d, 0xd1, 0x3f, 0xb6, 0xc5, 0x3a, 0x1c, 0x70,
0x93, 0xd3, 0x68, 0x07, 0xcf, 0x1b, 0x08, 0xee,
0xf0, 0xad, 0x8d, 0x1a, 0x0a, 0xc7, 0x85, 0x7d,
0x89, 0x3d, 0x01, 0x88, 0x9f, 0x8f, 0xdf, 0x38,
0xb0, 0xaf, 0xab, 0x1f, 0x28, 0x3e, 0x81, 0x0a,
0x4b, 0x74, 0x0f, 0xba, 0x59, 0xab, 0x1e, 0xda,
0x37, 0xa7, 0x18, 0x2c, 0xfb, 0x5a, 0xe1, 0x0e,
0xd9, 0xeb, 0xe0, 0xf3, 0x4a, 0x9e, 0xf1, 0xf4,
0x7a, 0xb3, 0xd0, 0xbe, 0xd8, 0x1f, 0x75, 0xee,
0x55, 0x96, 0x26, 0x8b, 0xd5, 0x4d, 0x0b, 0x3d,
0x85, 0xe2, 0x9e, 0x4a, 0x95, 0xda, 0xc8, 0xd8,
0x02, 0x92, 0xb1, 0x8d, 0x61, 0x04, 0x10, 0x16,
0x3a, 0x30, 0x05, 0x9b, 0x0f, 0xdb, 0xe5, 0xb8,
0xad, 0x72, 0x7e, 0xa3, 0xab, 0xcc, 0x7d, 0x35,
0x31, 0x24, 0x3f, 0xcd, 0x1b, 0xc6, 0xea, 0x96,
0x1c, 0x50, 0x24, 0x57, 0x26, 0x9e, 0x66, 0x51,
0x46, 0x17, 0xa8, 0x4b, 0x92, 0xef, 0x36, 0x8a,
0x03, 0x86, 0x60, 0x4f, 0x92, 0xe5, 0x7a, 0xf6,
0x81, 0x4e, 0xd3, 0xa1, 0x5c, 0x47, 0xb2, 0x3c,
0x52, 0xec, 0x4d, 0x9a, 0xc9, 0x80, 0x14, 0xda,
0x09, 0x31, 0xd5, 0x7e, 0x58, 0x67, 0x38, 0x81,
0x0e, 0x03, 0x60, 0x13, 0x79, 0xc3, 0x8f, 0xb2,
0x2f, 0x56, 0x0b, 0x5b, 0x45, 0x1d, 0x96, 0x14,
0xea, 0x92, 0x16, 0xa7, 0x04, 0x1e, 0x0a, 0x8a,
0x8d, 0xb6, 0x36, 0x2c, 0xb1, 0x2a, 0x6a, 0x56,
0x14, 0x9c, 0x47, 0xf1, 0x07, 0x65, 0xf3, 0x73,
0xe8, 0x8c, 0xed, 0xe7, 0x7d, 0x37, 0xe8, 0xc2,
0x15, 0x54, 0x70, 0xda, 0xe6, 0x3d, 0xab, 0xa0,
0xfe, 0xd3, 0x34, 0x1e, 0x8f, 0x8f, 0x21, 0xd5,
0x50, 0x34, 0xf7, 0x36, 0x19, 0xa8, 0x54, 0xa9,
0xb6, 0xff, 0xca, 0xe8, 0x62, 0xa1, 0x04, 0x22,
0x6f, 0xb7, 0xfb, 0x84, 0xf8, 0xc1, 0x4a, 0xa4,
0xf8, 0x2d, 0xdf, 0x36, 0x9c, 0x69, 0x7a, 0x73,
0x00, 0x60, 0x1f, 0x58, 0xa2, 0x41, 0xad, 0xf8,
0x60, 0x5e, 0x7a, 0xc6, 0x5a, 0xf8, 0x85, 0x00,
0xc8, 0x4d, 0x1a, 0xf9, 0x1b, 0xad, 0x5b, 0x5b,
0xc6, 0xad, 0x82, 0x8f, 0xbf, 0xe4, 0xf3, 0x3d,
0x82, 0x9b, 0x3e, 0x7e, 0x8e, 0x1a, 0x20, 0x95,
0xc9, 0xa7, 0x59, 0x70, 0x3e, 0x37, 0x9e, 0xaf,
0x3d, 0x24, 0x4b, 0xc3, 0x3f, 0x82, 0x38, 0x23,
0xaf, 0x87, 0x39, 0x34, 0x15, 0x82, 0x41, 0x2e,
0x54, 0xbd, 0xe3, 0xf4, 0x9f, 0x60, 0x76, 0xc5,
0x79, 0x0c, 0x23, 0x05, 0x99, 0xf4, 0x3a, 0x78,
0x6e, 0x0a, 0x2c, 0x5c, 0x16, 0xe6, 0x5e, 0x05,
0x49, 0xf4, 0xf4, 0xa1, 0x14, 0x33, 0x87, 0x7d,
0x56, 0x3b, 0xc2, 0xc1, 0x00, 0x84, 0xdd, 0x1b,
0x64, 0xb1, 0xa2, 0x75, 0xd0, 0x69, 0xfd, 0x82,
0x92, 0x2b, 0x4a, 0x7a, 0xb3, 0x25, 0x2e, 0xc1,
0xe3, 0xa0, 0x3e, 0x9b, 0x2f, 0x8b, 0x3f, 0x5d,
0x3a, 0xdd, 0xf2, 0x5a, 0x23, 0x55, 0x8f, 0x99,
0x76, 0xff, 0xa0, 0xb9, 0xd8, 0x3d, 0xe6, 0xb1,
0xf3, 0xaf, 0x29, 0x26, 0xc2, 0xfb, 0x25, 0x49,
0xca, 0x59, 0x1b, 0x9c, 0x07, 0x12, 0x22, 0xb8,
0x3e, 0x97, 0xc5, 0x29, 0xc7, 0x30, 0x5c, 0xc9,
0xb9, 0x4d, 0x6c, 0x08, 0x87, 0x72, 0xd4, 0x31,
0xb9, 0x5b, 0xb7, 0x0e, 0x6b, 0xbd, 0x8b, 0xc6,
0x82, 0x6b, 0x0a, 0xdf, 0xcf, 0x5e, 0xc7, 0x6c,
0x75, 0x8e, 0x0e, 0x2c, 0x17, 0x9e, 0x12, 0xa6,
0xf2, 0x72, 0x44, 0x5c, 0x8e, 0x2b, 0x07, 0x8b,
0x3a, 0xff, 0x38, 0x49, 0x2e, 0xff, 0xc8, 0x9b,
0xf5, 0x57, 0xde, 0xce, 0x7a, 0x0b, 0x0b, 0xf2,
0x34, 0x82, 0x32, 0xca, 0x6a, 0x94, 0x8e, 0x69,
0x6d, 0xa2, 0x34, 0xbf, 0xc5, 0x51, 0x75, 0x3e,
0x85, 0x8e, 0xed, 0x6e, 0x59, 0x62, 0xaa, 0x22,
0xf0, 0x2a, 0x39, 0x84, 0xca, 0x35, 0x62, 0x9c,
0x33, 0xf3, 0xe3, 0x45, 0xc2, 0x50, 0x2c, 0xa6,
0xac, 0x56, 0x09, 0x22, 0x3b, 0x11, 0xbd, 0xb7,
0x1e, 0x80, 0x2f, 0x64, 0x39, 0x98, 0x9f, 0x52,
0x93, 0x2c, 0x58, 0x60, 0x55, 0x0b, 0x6a, 0xa2,
0x38, 0xfe, 0x47, 0xf3, 0x06, 0xe0, 0xed, 0xee,
0xb4, 0x96, 0x51, 0x4f, 0xab, 0xd1, 0xe9, 0x68,
0x5b, 0x4f, 0xe0, 0x52, 0xc7, 0x17, 0x79, 0x08,
0x50, 0x91, 0x95, 0xa0, 0x38, 0x52, 0x75, 0xd7,
0x34, 0xc7, 0x86, 0x53, 0x12, 0xd1, 0x4c, 0x52,
0xc5, 0x1e, 0x3d, 0x26, 0x19, 0xf2, 0xce, 0xeb,
0x7a, 0x23, 0xe5, 0xb7, 0xba, 0xb0, 0x58, 0xa4,
0x77, 0xeb, 0x53, 0xbe, 0xda, 0x07, 0xc3, 0xf5,
0x30, 0x7a, 0x35, 0x17, 0x1f, 0x84, 0x52, 0x8f,
0x88, 0x8a, 0x0a, 0x29, 0x15, 0xf6, 0x2e, 0xf3,
0x9c, 0x33, 0x9f, 0xcf, 0xde, 0xac, 0x7a, 0xfb,
0x75, 0x3a, 0x6e, 0x56, 0xa7, 0x89, 0x9c, 0xf9,
0x92, 0xd8, 0x8a, 0xc5, 0x92, 0xe3, 0xff, 0xc5,
0x4f, 0xe7, 0x25, 0x05, 0xbe, 0xd8, 0x15, 0xca,
0x35, 0xd6, 0xb6, 0xba, 0x78, 0x80, 0x61, 0x94,
0x99, 0xeb, 0xe1, 0x2b, 0x12, 0x8c, 0x73, 0x9f,
0x70, 0x21, 0xc1, 0x8d, 0x5c, 0x73, 0x0b, 0x05,
0x99, 0x0c, 0x2f, 0xea, 0x6a, 0xe3, 0x88, 0xe5,
0x63, 0xb7, 0x55, 0xa7, 0xdb, 0x82, 0x94, 0x52,
0xd5, 0x11, 0xc1, 0x90, 0xfe, 0x9e, 0x50, 0x3e,
0x34, 0x86, 0xc7, 0xa8, 0xf8, 0xc0, 0x76, 0x99,
0x86, 0xa6, 0x17, 0xf3, 0x6f, 0xec, 0x0f, 0x9a,
0x40, 0xd2, 0xcb, 0x07, 0xb1, 0xbd, 0x85, 0xa5,
0x38, 0xeb, 0x99, 0xe9, 0xb6, 0x65, 0xbb, 0x69,
0x14, 0x22, 0x37, 0xf6, 0x7f, 0x21, 0x6d, 0x9d,
0xd6, 0x4d, 0xcc, 0x62, 0x8b, 0xc7, 0xa3, 0x95,
0xb2, 0x8b, 0x1d, 0x23, 0xc9, 0x3a, 0x79, 0x11,
0xaf, 0xc0, 0xfb, 0x82, 0x1e, 0x42, 0x6f, 0x02,
0xfa, 0x94, 0x80, 0xfa, 0xf3, 0x09, 0x69, 0xee,
0x13, 0xa7, 0x41, 0x91, 0x6c, 0x4d, 0x81, 0xd2,
0x73, 0x41, 0x8b, 0x4e, 0x1d, 0x68, 0x22, 0x77,
0x7b, 0xbe, 0x19, 0xcb, 0xa4, 0x83, 0x31, 0xbe,
0x21, 0x22, 0xac, 0xf0, 0xc2, 0x02, 0x1a, 0x44,
0xb6, 0xb5, 0x8f, 0x03, 0x81, 0xa9, 0x6e, 0xde,
0x59, 0x1a, 0x2b, 0xc2, 0x52, 0x06, 0x3e, 0x32,
0xf8, 0x70, 0x25, 0xa1, 0x35, 0xab, 0xe0, 0x11,
0xda, 0x85, 0x9b, 0x20, 0xd9, 0xe2, 0x1f, 0x1c,
0xd3, 0xbe, 0xca, 0xb1, 0x02, 0x30, 0x41, 0xaf,
0x3e, 0xa5, 0xee, 0x5d, 0xf6, 0xe1, 0x67, 0x26,
0xb9, 0x88, 0x0d, 0x13, 0x09, 0x67, 0xf5, 0x2c,
0x15, 0xa6, 0x55, 0x4f, 0x40, 0xaa, 0x8c, 0x31,
0xfd, 0xaa, 0x6a, 0xd2, 0x2e, 0xc1, 0x5a, 0x65,
0x7f, 0x1c, 0xf4, 0xbc, 0xe3, 0x90, 0xf4, 0x0f,
0xcc, 0x98, 0x72, 0x21, 0x09, 0xf0, 0x7b, 0x95,
0xfb, 0x27, 0x71, 0x85, 0x0c, 0xf6, 0x8b, 0x75,
0xc9, 0x27, 0xe6, 0x62, 0xa0, 0x57, 0x2a, 0x29,
0x8c, 0x8a, 0x36, 0x12, 0x1b, 0xae, 0xad, 0x3a,
0xf1, 0x6e, 0xaa, 0x00, 0x6c, 0x8b, 0xb7, 0x29,
0x92, 0x87, 0x0a, 0x45, 0xdd, 0x7d, 0xa0, 0xce,
0x15, 0xe1, 0xc7, 0x86, 0x03, 0x73, 0xae, 0x76,
0xa9, 0x6a, 0x04, 0x20, 0x20, 0x96, 0xad, 0x1c,
0x7f, 0x24, 0xc5, 0x72, 0x7d, 0x50, 0x7b, 0x1b,
0x7e, 0xab, 0x34, 0x2c, 0x77, 0x0a, 0x8d, 0xdd,
0x03, 0x74, 0xc3, 0xcb, 0x03, 0x5f, 0x12, 0x37,
0x36, 0x89, 0x70, 0x88, 0xee, 0x20, 0xe0, 0x19,
0x02, 0xef, 0x9a, 0x68, 0xa4, 0xc5, 0xb5, 0xab,
0xb4, 0xbc, 0xa9, 0x7e, 0x84, 0xd7, 0x47, 0xb1,
0xc1, 0x0f, 0x73, 0x29, 0x7a, 0x79, 0xee, 0x5a,
0x5b, 0x5f, 0x27, 0xf1, 0x1c, 0x45, 0xe4, 0xfe,
0x1a, 0xc9, 0x52, 0x1b, 0x12, 0x13, 0x7d, 0xb0,
0x9d, 0x65, 0x69, 0xcd, 0x50, 0x3a, 0xb1, 0x91,
0xf7, 0x10, 0x73, 0xab, 0xbb, 0xa9, 0x68, 0x0e,
0x7b, 0x06, 0x9d, 0x40, 0xe7, 0x23, 0xaa, 0x88,
0xf6, 0x2f, 0x29, 0xe7, 0x6b, 0x23, 0xfa, 0x12,
0xb0, 0x49, 0xa7, 0x24, 0x20, 0xde, 0xaa, 0xd4,
0xd7, 0x46, 0xb8, 0x3c, 0x03, 0x1f, 0xe8, 0x2a,
0x9a, 0xf0, 0x2b, 0x2a, 0xec, 0x76, 0xf4, 0x9a,
0x09, 0x51, 0x16, 0x3f, 0xa1, 0xc4, 0x35, 0x86,
0xaa, 0xad, 0x72, 0x0d, 0xd0, 0x0f, 0x59, 0x84,
0xa8, 0xcd, 0x98, 0xdd, 0x17, 0xa2, 0x5e, 0x5e,
0xe7, 0x0b, 0x8a, 0xee, 0x1d, 0xc3, 0x62, 0x0f,
0x2d, 0x7d, 0x83, 0x52, 0xcd, 0x4f, 0x6d, 0x09,
0x15, 0xdb, 0xe2, 0x14, 0x47, 0xc1, 0xb8, 0x84,
0xa9, 0xf0, 0x33, 0xae, 0xe0, 0x87, 0xa8, 0x33,
0xc6, 0xe0, 0x81, 0xa8, 0x4f, 0x86, 0xa1, 0xd0,
0xe1, 0x33, 0xe0, 0x2e, 0xfc, 0xd2, 0x4a, 0x0d,
0x4b, 0x8e, 0x07, 0xf7, 0x6b, 0xff, 0x33, 0x9c,
0x86, 0xec, 0xff, 0x4c, 0x46, 0xbc, 0x12, 0xc6,
0xa6, 0x81, 0x29, 0xb6, 0xd7, 0x57, 0x98, 0xab,
0x3f, 0xaa, 0x6e, 0x43, 0x26, 0xfd, 0x15, 0x82,
0x05, 0x78, 0x6a, 0x97, 0x84, 0x85, 0x29, 0x39,
0x57, 0xf1, 0x57, 0x3c, 0x80, 0xe1, 0x9e, 0x1b,
0xb7, 0x6b, 0x6c, 0x5d, 0x0c, 0x88, 0x5c, 0x1e,
0x4f, 0x7a, 0x6c, 0x15, 0xcb, 0x04, 0x08, 0x5b,
0x7f, 0x7a, 0x7f, 0x9b, 0xb3, 0xa0, 0xc0, 0xfc,
0xe1, 0x0a, 0x67, 0x48, 0xc5, 0x04, 0x68, 0xe7,
0x66, 0x2e, 0x1a, 0x49, 0x25, 0xd0, 0x80, 0xaa,
0xad, 0xc5, 0xdf, 0x1a, 0x31, 0x71, 0x14, 0x55,
0x32, 0xa4, 0xa0, 0x3d, 0x23, 0x22, 0xe0, 0xca,
0x5f, 0x5e, 0xe8, 0xc2, 0x9c, 0x10, 0x6a, 0x2b,
0xb2, 0xf8, 0xa3, 0xfd, 0xde, 0x68, 0xf2, 0x84,
0x1e, 0xb9, 0xa3, 0x29, 0x36, 0x08, 0xc1, 0xcc,
0x2d, 0x17, 0x25, 0xcb, 0x8f, 0x57, 0x22, 0xf7,
0xbc, 0x98, 0xa5, 0x34, 0x41, 0xce, 0x32, 0xfd,
0x0c, 0x73, 0x5a, 0x42, 0x66, 0x79, 0xc6, 0x7c,
0x76, 0x5c, 0xab, 0x35, 0x17, 0x14, 0x8d, 0xc5,
0xef, 0x3b, 0x81, 0x31, 0x72, 0x17, 0x31, 0x0d,
0x5d, 0xbc, 0x49, 0xe4, 0x85, 0x64, 0xe1, 0x13,
0xef, 0x4e, 0xa2, 0xb5, 0xb3, 0x8d, 0xe3, 0x4a,
0xcd, 0x89, 0xa1, 0xdf, 0xc1, 0xf4, 0x3d, 0x92,
0xef, 0xb6, 0xcb, 0x69, 0x07, 0xb3, 0x4f, 0x73,
0x4f, 0x2b, 0x7d, 0xd9, 0x6d, 0xcd, 0x95, 0xd6,
0x06, 0x22, 0xdb, 0x5f, 0x61, 0x6f, 0xfb, 0xea,
0x09, 0x0a, 0x76, 0xc6, 0xce, 0x09, 0x33, 0x7a,
0xfa, 0x69, 0x5c, 0x3a, 0x34, 0xa9, 0x3e, 0x42,
0xd0, 0xcd, 0xf0, 0x94, 0x82, 0x5c, 0x6c, 0xc3,
0xe9, 0x4b, 0xa1, 0xa2, 0x37, 0xa2, 0xc7, 0xc1,
0x68, 0x86, 0x3d, 0x27, 0x59, 0x43, 0x35, 0xd1,
0x8f, 0xdc, 0xaa, 0x93, 0x12, 0x06, 0x6a, 0x95,
0xf7, 0x18, 0xb6, 0xfb, 0xec, 0xde, 0x44, 0xc4,
0x8f, 0x17, 0x54, 0x0d, 0x67, 0x38, 0x56, 0xa5,
0xc2, 0xcb, 0x81, 0xe3, 0x98, 0x4b, 0x27, 0x4d,
0xc2, 0x83, 0x5a, 0x7c, 0xd0, 0xd9, 0x8b, 0xe2,
0xee, 0xf6, 0x3c, 0xe1, 0x06, 0xb4, 0xa7, 0xfc,
0xf7, 0x60, 0xc5, 0x66, 0xfb, 0x30, 0x97, 0xff,
0x77, 0xb7, 0xad, 0x04, 0x63, 0x63, 0x96, 0x47,
0xc3, 0x9f, 0xda, 0x07, 0x8f, 0xd2, 0x3f, 0x30,
0x82, 0x67, 0x2c, 0x6f, 0x21, 0x3f, 0x27, 0x99,
0x3c, 0xcd, 0x47, 0x6c, 0xf6, 0xee, 0xec, 0x90,
0x67, 0x30, 0x63, 0x5b, 0x33, 0xd3, 0xb2, 0xc6,
0xca, 0x20, 0xa2, 0xc7, 0xf3, 0x35, 0x6f, 0x02,
0xcd, 0x20, 0x90, 0x66, 0x3e, 0x29, 0x85, 0x1d,
0xa6, 0x50, 0x25, 0x24, 0x1f, 0x69, 0xfb, 0x4e,
0x07, 0x7b, 0xfa, 0x26, 0xf2, 0x0b, 0x5a, 0x0a,
0x95, 0x4e, 0x59, 0x13, 0x3e, 0x9f, 0xe9, 0xcb,
0xe2, 0x7f, 0x1e, 0xc0, 0x07, 0x71, 0xa2, 0x6a,
0x25, 0x7a, 0xe6, 0x34, 0x08, 0x40, 0x1c, 0x8d,
0x3c, 0xb6, 0x81, 0x82, 0x79, 0x83, 0x24, 0x24,
0x1c, 0xb2, 0xb2, 0xb8, 0xe8, 0x3b, 0xc3, 0x84,
0xe5, 0xf9, 0x37, 0x99, 0x36, 0x1e, 0x9f, 0x62,
0xac, 0x9b, 0x44, 0x9e, 0x6e, 0x29, 0x2f, 0xfa,
0x8e, 0x8f, 0x57, 0x10, 0x5c, 0x90, 0xed, 0x74,
0x39, 0x4c, 0x88, 0xb8, 0x9a, 0x8e, 0xe4, 0x53,
0xc8, 0xd3, 0x83, 0xd8, 0xb7, 0x7a, 0x66, 0x2b,
0x19, 0x81, 0xbb, 0x2b, 0x7e, 0x4f, 0x71, 0x58,
0x2c, 0xc9, 0x6c, 0xc3, 0x38, 0x05, 0xb6, 0x48,
0x1b, 0xf8, 0xb2, 0x82, 0x08, 0x66, 0xdd, 0xba,
0x89, 0x27, 0xea, 0x82, 0xd5, 0xe3, 0x8e, 0x64,
0x3a, 0xe7, 0xc5, 0xb4, 0x95, 0xe3, 0xd0, 0x3a,
0x3c, 0x7a, 0xf7, 0xef, 0xf3, 0x0f, 0x04, 0x00,
0x12, 0x2f, 0xcf, 0x60, 0x29, 0xe2, 0x6b, 0xa0,
0x9b, 0xa7, 0x2e, 0xda, 0x07, 0xff, 0x20, 0xc2,
0x02, 0xa1, 0x58, 0xb5, 0x3b, 0x3c, 0x5c, 0x8c,
0x86, 0xa6, 0x8f, 0x08, 0x1a, 0xa6, 0x3b, 0xe4,
0x23, 0x49, 0x73, 0x68, 0xe7, 0x77, 0xbd, 0x3b,
0xb0, 0x78, 0xb8, 0x3c, 0x0e, 0x46, 0x09, 0xd9,
0x5c, 0xae, 0xa7, 0x04, 0xab, 0xf7, 0xbe, 0xcb,
0xc8, 0xb1, 0x2f, 0xab, 0xfa, 0x1e, 0xc1, 0xef,
0x56, 0xd1, 0x26, 0xd6, 0x76, 0xe6, 0xa1, 0xb0,
0x4a, 0xfd, 0x7e, 0x36, 0x26, 0xf4, 0x9d, 0xef,
0xa4, 0xbc, 0x6c, 0x83, 0x3f, 0x31, 0x0b, 0x32,
0x36, 0x83, 0xa7, 0xbb, 0x16, 0x1a, 0x44, 0xa8,
0xb8, 0x4e, 0xde, 0x7f, 0x63, 0x64, 0x1b, 0xf2,
0x8e, 0xee, 0xdf, 0xf2, 0xcf, 0x43, 0xb9, 0x0f,
0xf5, 0x8f, 0xbc, 0x3a, 0x59, 0x86, 0x04, 0x61,
0x18, 0xfa, 0xb2, 0x49, 0x2c, 0x66, 0xf9, 0x44,
0xea, 0x66, 0x50, 0xee, 0x4a, 0x83, 0x92, 0xee,
0xdc, 0x1a, 0x4f, 0xee, 0x77, 0x5a, 0x66, 0xd9,
0xd2, 0x86, 0x80, 0x40, 0x43, 0xfb, 0x19, 0x3f,
0xce, 0x91, 0x11, 0x77, 0x65, 0xa2, 0xcb, 0x4e,
0x4f, 0x68, 0x2f, 0xfe, 0x18, 0x71, 0x9e, 0x77,
0xd2, 0xa9, 0x89, 0xe7, 0xbc, 0x40, 0xdd, 0x1a,
0xfa, 0xb5, 0xe4, 0x8e, 0x88, 0xcb, 0xaf, 0x12,
0x64, 0xbc, 0xeb, 0x65, 0x1e, 0xa5, 0x25, 0xf2,
0x35, 0x1f, 0x9a, 0x6d, 0xfb, 0xe4, 0x08, 0xc4,
0x8d, 0xba, 0x8c, 0x4e, 0xee, 0xaa, 0x47, 0xa5,
0x24, 0xac, 0xeb, 0x1c, 0xca, 0xb0, 0xbd, 0xa3,
0x12, 0x65, 0x03, 0xc7, 0x7a, 0xa1, 0x9d, 0xa4,
0x74, 0xa5, 0x86, 0xb2, 0x71, 0xfa, 0xe1, 0xfb,
0x98, 0x9b, 0x9a, 0x16, 0xe2, 0xdb, 0x30, 0x0f,
0xd6, 0x29, 0xd0, 0x74, 0x9b, 0xa7, 0xe7, 0x51,
0x16, 0x1b, 0x4b, 0xac, 0x93, 0x9c, 0xd0, 0x84,
0x85, 0x53, 0x13, 0xc8, 0xc3, 0x5d, 0x4c, 0x9e,
0xb1, 0x3b, 0x16, 0x53, 0xc4, 0x96, 0x9e, 0xae,
0xd0, 0x4b, 0x24, 0x88, 0x54, 0x1d, 0x6e, 0x16,
0x71, 0xf7, 0x2d, 0xd3, 0x6d, 0x6e, 0x9c, 0xb1,
0xeb, 0x34, 0xb4, 0x7d, 0xa2, 0x5f, 0x94, 0x5b,
0x50, 0x74, 0x00, 0xe6, 0x62, 0xfd, 0x53, 0x65,
0x8d, 0xbf, 0x26, 0xc8, 0x2a, 0x22, 0x88, 0xe0,
0xce, 0xb8, 0xa5, 0xee, 0x88, 0x13, 0x94, 0x23,
0xa9, 0xed, 0x5e, 0x97, 0x3f, 0xe7, 0x42, 0xaa,
0x1d, 0x0f, 0xe2, 0x7e, 0xfa, 0xbc, 0x8a, 0x47,
0xd7, 0x19, 0x0f, 0x62, 0x00, 0x8a, 0x76, 0x6a,
0xf4, 0xb7, 0x12, 0x2a, 0xd0, 0xd4, 0xb1, 0x37,
0x48, 0x9a, 0xcc, 0x80, 0xa4, 0x57, 0xa4, 0x82,
0x25, 0xa7, 0xf6, 0xfd, 0xe7, 0x83, 0xe3, 0x70,
0x26, 0x47, 0x66, 0x4e, 0xc3, 0x4b, 0x60, 0x0d,
0x58, 0x4a, 0x02, 0x75, 0x18, 0x3c, 0xf6, 0xd8,
0x55, 0xfe, 0xe3, 0x99, 0xf0, 0x94, 0x54, 0x51,
0xd0, 0x60, 0x0e, 0x74, 0xc1, 0x45, 0x7d, 0x3a,
0x1e, 0x26, 0x0f, 0xbf, 0x0d, 0x5c, 0x1d, 0x01,
0x32, 0xbb, 0x86, 0xcd, 0x84, 0x41, 0x01, 0xff,
0x99, 0x54, 0x4b, 0x13, 0x2f, 0x37, 0xdd, 0x89,
0x00, 0xbf, 0x00, 0x17, 0x5c, 0x4e, 0x98, 0x8c,
0xc9, 0xab, 0xc8, 0x9a, 0xe0, 0x0b, 0x0b, 0xcb,
0x0f, 0x1b, 0xe7, 0xce, 0x21, 0xfb, 0xb9, 0x8b,
0x41, 0x1c, 0x39, 0xe4, 0xe8, 0x6b, 0x68, 0xb5,
0x12, 0x18, 0x52, 0x7e, 0xc4, 0xc5, 0x41, 0x15,
0xa9, 0x5c, 0xf5, 0xf9, 0xbf, 0x59, 0xfc, 0x57,
0x98, 0xfc, 0x81, 0x3c, 0x6b, 0x54, 0x95, 0xb8,
0xaf, 0x0d, 0xfa, 0xb8, 0xba, 0x28, 0xea, 0x04,
0x9f, 0x49, 0x1a, 0x13, 0xc3, 0x09, 0xfa, 0x0b,
0xf1, 0x9f, 0x01, 0xb9, 0x53, 0xba, 0xfb, 0xbf,
0x26, 0x2e, 0x5c, 0x85, 0x0d, 0xa4, 0xc9, 0x86,
0xe8, 0x6b, 0x4b, 0x33, 0x89, 0x98, 0x00, 0x8b,
0x8d, 0x89, 0x9a, 0xbb, 0x7f, 0xab, 0x6a, 0x30,
0xf9, 0xfa, 0xf9, 0x1b, 0x47, 0x0d, 0xd6, 0x70,
0x1a, 0x81, 0x55, 0xa0, 0x46, 0x85, 0xa2, 0x55,
0x68, 0x01, 0x8b, 0x95, 0x42, 0x25, 0x56, 0xb0,
0xc3, 0x39, 0x02, 0xb1, 0xa4, 0xae, 0xcf, 0x50,
0x9c, 0x42, 0x45, 0x78, 0xc1, 0x8a, 0x63, 0xbd,
0x09, 0x10, 0xab, 0xe5, 0x5c, 0xf6, 0x77, 0x54,
0x12, 0x98, 0x45, 0xf3, 0x1a, 0x0e, 0x3f, 0x1e,
0x56, 0xc9, 0x38, 0x0b, 0xe5, 0xa5, 0xcb, 0x99,
0x5b, 0x36, 0xd9, 0x7b, 0x91, 0x2e, 0x49, 0xe5,
0xd2, 0x33, 0x67, 0xf3, 0x20, 0xe0, 0x3d, 0xc5,
0x2a, 0x50, 0xf4, 0x28, 0x08, 0x24, 0x97, 0x1a,
0xb7, 0xdd, 0x19, 0xba, 0x56, 0x43, 0x02, 0xed,
0xc2, 0xa1, 0x5b, 0x03, 0x9e, 0x89, 0xbe, 0x3d,
0xe1, 0x19, 0xa4, 0x7c, 0x65, 0xbf, 0xa4, 0x4d,
0xda, 0x46, 0xe6, 0x5d, 0x71, 0x96, 0x5d, 0x9a,
0x58, 0xa1, 0xaf, 0x77, 0xed, 0x79, 0xae, 0xcf,
0xba, 0xf2, 0xd7, 0x94, 0x0f, 0x49, 0xc2, 0xc7,
0xa6, 0x04, 0x8a, 0x3c, 0x68, 0xbe, 0x8f, 0x8d,
0xea, 0x73, 0xb4, 0xb0, 0x00, 0x9e, 0x6f, 0x3d,
0x96, 0x28, 0xa4, 0xd3, 0x96, 0x23, 0x21, 0x2a,
0x04, 0xbb, 0x2c, 0x69, 0x3d, 0x38, 0xa9, 0x4b,
0xf4, 0xd0, 0xf5, 0x75, 0x8b, 0x6a, 0x6c, 0xcd,
0xf3, 0x1f, 0xc3, 0x23, 0x79, 0x3a, 0x26, 0x67,
0x5f, 0x4e, 0x40, 0xd4, 0x82, 0x3a, 0x40, 0x3a,
0x92, 0xde, 0xd8, 0x5e, 0xf1, 0x7e, 0x8a, 0xb4,
0x86, 0x51, 0xb3, 0xcc, 0x67, 0x9b, 0x2c, 0x67,
0x05, 0x21, 0xd0, 0xbe, 0x29, 0xf4, 0xfe, 0xa6,
0x61, 0x99, 0x4b, 0x72, 0x5b, 0x2a, 0x24, 0xc4,
0xdd, 0x3a, 0x45, 0x5c, 0x73, 0x6f, 0x82, 0x4a,
0x6b, 0x28, 0xaa, 0xc2, 0xde, 0x17, 0xd9, 0x39,
0x60, 0x69, 0xe4, 0x14, 0xc6, 0x01, 0x1c, 0x4d,
0x22, 0x00, 0x84, 0x7b, 0x6d, 0xf0, 0x40, 0xd6,
0x94, 0x7c, 0x7b, 0x6f, 0xec, 0x44, 0x96, 0x43,
0x4a, 0xe0, 0x51, 0x3e, 0x3f, 0xac, 0x33, 0xae,
0xcc, 0xd5, 0x65, 0x5b, 0x43, 0x3b, 0x81, 0x7f,
0x08, 0x08, 0xc0, 0x37, 0xb9, 0xa1, 0xb9, 0x4d,
0xf4, 0x3c, 0xd0, 0x9a, 0x8e, 0xb6, 0x35, 0x90,
0xfb, 0x91, 0x07, 0x1c, 0xad, 0xc5, 0x92, 0xef,
0xdf, 0xee, 0x3c, 0x58, 0x59, 0xbc, 0xa1, 0xb3,
0xc1, 0x32, 0x14, 0x64, 0xe6, 0x31, 0xf1, 0x8c,
0xf1, 0x6e, 0xc5, 0x42, 0xe9, 0x4e, 0x44, 0xae,
0xaf, 0x0a, 0x63, 0x73, 0x70, 0xdd, 0x67, 0x58,
0xaf, 0x23, 0x9e, 0xa4, 0x01, 0x39, 0xdd, 0xe6,
0x3b, 0x4d, 0x59, 0x7f, 0x8a, 0x23, 0xb3, 0x1f,
0x85, 0x37, 0x3a, 0xb9, 0x05, 0x3e, 0xfb, 0x80,
0xf9, 0x69, 0x25, 0x09, 0xca, 0x6d, 0xb4, 0x2f,
0x2b, 0x01, 0xbe, 0x01, 0xf0, 0xf5, 0x98, 0x9e,
0xc5, 0x6c, 0xa5, 0x9b, 0x62, 0x23, 0xa7, 0xec,
0x32, 0xef, 0xd1, 0x81, 0xd1, 0x2b, 0xfa, 0xb7,
0xf5, 0x94, 0x7d, 0x24, 0x27, 0x79, 0xcc, 0x43,
0xed, 0x82, 0xb5, 0x5f, 0x40, 0xde, 0x58, 0x1b,
0xbe, 0x7c, 0x8c, 0xf1, 0x43, 0x5a, 0x0e, 0xa1,
0xe6, 0xff, 0x01, 0x07, 0x28, 0x83, 0x6f, 0x15,
0x1a, 0x84, 0x95, 0x37, 0x0d, 0xc0, 0x6d, 0x95,
0x3f, 0x60, 0x44, 0xe7, 0xea, 0x2b, 0x44, 0xaa,
0xdb, 0xb2, 0x15, 0xc7, 0x72, 0xdf, 0xf3, 0xd6,
0x8a, 0x89, 0x27, 0x96, 0x2a, 0xca, 0x5a, 0xb8,
0x28, 0xaf, 0x5f, 0x40, 0x52, 0x80, 0xd5, 0x6a,
0x92, 0x64, 0x51, 0x5e, 0x47, 0x44, 0xbd, 0x56,
0x65, 0x11, 0x56, 0xb8, 0xd6, 0xfb, 0xcd, 0xca,
0x4a, 0x05, 0x4c, 0x1e, 0x6d, 0xee, 0x05, 0x0d,
0x85, 0xd2, 0x22, 0x0d, 0x0f, 0x99, 0xef, 0x4b,
0x21, 0x1c, 0xd4, 0x42, 0xf2, 0x1d, 0x2e, 0xa2,
0xa2, 0x72, 0x29, 0x1e, 0xc5, 0x7f, 0xdd, 0x92,
0x1b, 0xf9, 0x86, 0xc6, 0x97, 0xd6, 0xc1, 0x28,
0xca, 0x06, 0x91, 0xd9, 0xf1, 0x91, 0x2c, 0x29,
0x4e, 0xd4, 0x7f, 0x81, 0xdf, 0x9d, 0xbc, 0xa6,
0x89, 0x5f, 0xda, 0xf9, 0xae, 0xbf, 0xf0, 0xd7,
0x57, 0x71, 0x73, 0x43, 0xba, 0x2f, 0x54, 0x6c,
0xd2, 0xdf, 0x9f, 0xff, 0xfe, 0x35, 0xbc, 0xc2,
0xdc, 0x17, 0xd4, 0x76, 0x31, 0xfc, 0xc2, 0x07,
0x58, 0xa4, 0xd4, 0x9f, 0x54, 0x62, 0x82, 0xf8,
0x30, 0xeb, 0x58, 0x84, 0x21, 0xbe, 0xce, 0x9f,
0xc7, 0xfa, 0x12, 0x60, 0x22, 0x42, 0xa0, 0xaf,
0x4c, 0xb9, 0xd8, 0x64, 0xb1, 0x63, 0x79, 0x7a,
0x31, 0xd2, 0xef, 0x6b, 0x8a, 0x92, 0xa9, 0x78,
0x51, 0x71, 0x4a, 0xb8, 0xb9, 0x1d, 0xf0, 0xf2,
0x39, 0xb8, 0x69, 0xe7, 0x83, 0x6e, 0xaa, 0x23,
0xd0, 0x36, 0xe3, 0xf0, 0x7b, 0xec, 0xd2, 0xc3,
0xe7, 0x79, 0x54, 0xb6, 0xe5, 0x3e, 0x42, 0x3b,
0xaa, 0xa7, 0x2a, 0x23, 0xeb, 0x62, 0xdc, 0x39,
0xf8, 0x5f, 0x69, 0x02, 0x66, 0x5d, 0xf9, 0x33,
0x35, 0x63, 0xdc, 0x33, 0xb6, 0x47, 0xf6, 0x88,
0x05, 0x8e, 0x23, 0x05, 0xaf, 0xc8, 0x8d, 0x31,
0xfd, 0x5f, 0x69, 0x52, 0x7f, 0x5f, 0x20, 0x99,
0x24, 0x1a, 0x3c, 0x5e, 0x5d, 0x25, 0xf5, 0x8b,
0x35, 0x9a, 0x99, 0x99, 0x87, 0x71, 0xb3, 0xe6,
0xc3, 0x70, 0xc2, 0xbb, 0xe3, 0xb6, 0xce, 0x59,
0xe3, 0xff, 0x4f, 0xc2, 0xbc, 0xe7, 0x36, 0x44,
0xb7, 0xe4, 0x50, 0x8f, 0x2a, 0xf1, 0x9a, 0x9c,
0x12, 0xe8, 0x6e, 0x06, 0x21, 0xf6, 0x1f, 0x65,
0x5e, 0xe6, 0xd2, 0xc2, 0x6f, 0x65, 0xf4, 0x3b,
0x4b, 0xb0, 0x17, 0xa1, 0x12, 0x9a, 0xdb, 0xa0,
0xcb, 0x65, 0x77, 0x31, 0x7f, 0x95, 0x87, 0x5e,
0x99, 0x03, 0x90, 0x6c, 0x75, 0xd2, 0x26, 0xa5,
0x0c, 0x69, 0xff, 0x6e, 0xb0, 0xbf, 0xd3, 0xd2,
0xf7, 0x2a, 0x35, 0x5b, 0x7b, 0x52, 0xcd, 0x28,
0x4e, 0x20, 0x79, 0x22, 0xb4, 0xe3, 0xc0, 0xc5,
0x83, 0x27, 0xc5, 0x88, 0xe6, 0xff, 0x78, 0xb4,
0xb1, 0xd0, 0x4e, 0x32, 0xf7, 0x28, 0x5c, 0x24,
0x4d, 0x8f, 0xc0, 0xd7, 0x05, 0xb9, 0xd9, 0x57,
0x76, 0x7c, 0x6b, 0x56, 0x4e, 0xa4, 0x8b, 0x92,
0xf0, 0x9e, 0x56, 0x33, 0xdb, 0xb3, 0xb0, 0x59,
0x00, 0x61, 0xcf, 0x9f, 0xd0, 0x4a, 0x07, 0xf1,
0xa0, 0x48, 0xde, 0x1f, 0x4f, 0xd4, 0xf0, 0xcd,
0x54, 0x8b, 0xe1, 0xf2, 0x98, 0x13, 0xeb, 0x1b,
0x4d, 0xd6, 0x30, 0x5d, 0x17, 0xc7, 0xf2, 0x66,
0x54, 0xa9, 0x8b, 0x69, 0x79, 0xf1, 0x14, 0x0c,
0xcc, 0x36, 0xf8, 0xd0, 0x4c, 0x88, 0x11, 0x97,
0x74, 0xe1, 0x5b, 0x81, 0x85, 0x77, 0xe0, 0xf1,
0x53, 0x0c, 0x90, 0xc5, 0x43, 0xc9, 0x2a, 0x63,
0x03, 0x26, 0x46, 0x81, 0x4b, 0x7f, 0x4d, 0x46,
0x39, 0x7b, 0xcb, 0x5f, 0x68, 0xd2, 0xc3, 0xe3,
0x52, 0x09, 0x17, 0xdf, 0xe9, 0x5d, 0x4d, 0xdc,
0x00, 0x5b, 0x94, 0xe8, 0x94, 0x6e, 0xc1, 0xa8,
0xd6, 0x76, 0xd4, 0xff, 0x64, 0x54, 0x01, 0x10,
0xc0, 0x48, 0xd0, 0x63, 0x82, 0x20, 0x2b, 0x06,
0xe8, 0x21, 0xf8, 0xcd, 0x56, 0xc5, 0xc7, 0x31,
};
#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
WC_DECLARE_VAR(sig, byte, sizeof(sig_shake128s), HEAP_HINT);
#endif
WC_ALLOC_VAR_EX(key_vfy, SlhDsaKey, 1, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER, ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out));
XMEMSET(key_vfy, 0, sizeof(*key_vfy));
#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
WC_ALLOC_VAR_EX(key, SlhDsaKey, 1, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER, ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out));
XMEMSET(key, 0, sizeof(*key));
WC_ALLOC_VAR_EX(sk, byte, WC_SLHDSA_MAX_PRIV_LEN, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER, ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out));
WC_ALLOC_VAR_EX(pk, byte, WC_SLHDSA_MAX_PUB_LEN, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER, ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out));
/* // NOLINTBEGIN(bugprone-sizeof-expression) */
WC_ALLOC_VAR_EX(sig, byte, sizeof(sig_shake128s), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER, ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out));
/* // NOLINTEND(bugprone-sizeof-expression) */
#endif
#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
ret = wc_SlhDsaKey_Init(key, SLHDSA_SHAKE128S, NULL, devId);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
ret = wc_SlhDsaKey_MakeKeyWithRandom(key,
sk_seed_shake128s, (word32)sizeof(sk_seed_shake128s),
sk_prf_shake128s, (word32)sizeof(sk_prf_shake128s),
pk_seed_shake128s, (word32)sizeof(pk_seed_shake128s));
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
outLen = WC_SLHDSA_MAX_PRIV_LEN;
PRIVATE_KEY_UNLOCK();
ret = wc_SlhDsaKey_ExportPrivate(key, sk, &outLen);
PRIVATE_KEY_LOCK();
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
if (outLen != 4 * 16) {
ERROR_OUT(WC_TEST_RET_ENC_I(outLen), out);
}
if (XMEMCMP(sk, sk_shake128s, outLen) != 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
outLen = WC_SLHDSA_MAX_PUB_LEN;
ret = wc_SlhDsaKey_ExportPublic(key, pk, &outLen);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
if (outLen != 2 * 16) {
ERROR_OUT(WC_TEST_RET_ENC_I(outLen), out);
}
if (XMEMCMP(pk, pk_shake128s, outLen) != 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#endif
/* Use module-global devId so this verify routes through the cryptocb
* when registered. In VERIFY_ONLY builds this is the only path through
* slhdsa_test() that exercises the cb. */
ret = wc_SlhDsaKey_Init(key_vfy, SLHDSA_SHAKE128S, NULL, devId);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
ret = wc_SlhDsaKey_ImportPublic(key_vfy, pk_shake128s,
(word32)sizeof(pk_shake128s));
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
ret = wc_SlhDsaKey_Verify(key_vfy, ctx, 0, msg, (word32)sizeof(msg),
sig_shake128s, (word32)sizeof(sig_shake128s));
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
outLen = (word32)sizeof(sig_shake128s);
PRIVATE_KEY_UNLOCK();
ret = wc_SlhDsaKey_SignWithRandom(key, ctx, 0, msg, (word32)sizeof(msg),
sig, &outLen, pk_seed_shake128s);
PRIVATE_KEY_LOCK();
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
if (outLen != (word32)sizeof(sig_shake128s)) {
ERROR_OUT(WC_TEST_RET_ENC_I(outLen), out);
}
if (XMEMCMP(sig, sig_shake128s, outLen) != 0) {
#ifdef WC_SLHDSA_VERBOSE_DEBUG
TestDumpData("SIG", sig, outLen);
TestDumpData("EXP", sig_shake128s, outLen);
#endif
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#endif
#endif
/* --- SHA2 KeyGen KATs (NIST CAVP cross-validation) ---
* These verify that deterministic key generation produces the exact pk/sk
* that NIST expects. Covers both SHA-256 (cat 1, n=16) and SHA-512
* (cat 3 n=24, cat 5 n=32) code paths. */
#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_128S
{
/* NIST CAVP SLH-DSA-SHA2-128s keyGen vector (tgId=1, tcId=1).
* Same seeds as SHAKE128S; pk_root differs due to SHA-256 hash. */
static const byte sk_seed_sha2_128s[] = {
0x17, 0x3D, 0x04, 0xC9, 0x38, 0xC1, 0xC3, 0x6B,
0xF2, 0x89, 0xC3, 0xC0, 0x22, 0xD0, 0x4B, 0x14
};
static const byte sk_prf_sha2_128s[] = {
0x63, 0xAE, 0x23, 0xC4, 0x1A, 0xA5, 0x46, 0xDA,
0x58, 0x97, 0x74, 0xAC, 0x20, 0xB7, 0x45, 0xC4
};
static const byte pk_seed_sha2_128s[] = {
0x0D, 0x79, 0x47, 0x77, 0x91, 0x4C, 0x99, 0x76,
0x68, 0x27, 0xF0, 0xF0, 0x9C, 0xA9, 0x72, 0xBE
};
static const byte expected_sk_sha2_128s[] = {
0x17, 0x3D, 0x04, 0xC9, 0x38, 0xC1, 0xC3, 0x6B,
0xF2, 0x89, 0xC3, 0xC0, 0x22, 0xD0, 0x4B, 0x14,
0x63, 0xAE, 0x23, 0xC4, 0x1A, 0xA5, 0x46, 0xDA,
0x58, 0x97, 0x74, 0xAC, 0x20, 0xB7, 0x45, 0xC4,
0x0D, 0x79, 0x47, 0x77, 0x91, 0x4C, 0x99, 0x76,
0x68, 0x27, 0xF0, 0xF0, 0x9C, 0xA9, 0x72, 0xBE,
0x01, 0x62, 0xC1, 0x02, 0x19, 0xD4, 0x22, 0xAD,
0xBA, 0x13, 0x59, 0xE6, 0xAA, 0x65, 0x29, 0x9C
};
static const byte expected_pk_sha2_128s[] = {
0x0D, 0x79, 0x47, 0x77, 0x91, 0x4C, 0x99, 0x76,
0x68, 0x27, 0xF0, 0xF0, 0x9C, 0xA9, 0x72, 0xBE,
0x01, 0x62, 0xC1, 0x02, 0x19, 0xD4, 0x22, 0xAD,
0xBA, 0x13, 0x59, 0xE6, 0xAA, 0x65, 0x29, 0x9C
};
ret = slhdsa_keygen_kat(SLHDSA_SHA2_128S,
sk_seed_sha2_128s, (word32)sizeof(sk_seed_sha2_128s),
sk_prf_sha2_128s, (word32)sizeof(sk_prf_sha2_128s),
pk_seed_sha2_128s, (word32)sizeof(pk_seed_sha2_128s),
expected_sk_sha2_128s, (word32)sizeof(expected_sk_sha2_128s),
expected_pk_sha2_128s, (word32)sizeof(expected_pk_sha2_128s));
if (ret != 0) {
wc_test_render_error_message("SLHDSA_SHA2_128S keyGen KAT", 0);
goto out;
}
}
#endif
#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_192S
{
/* NIST CAVP SLH-DSA-SHA2-192s keyGen vector (tgId=5, tcId=41).
* Uses SHA-512 for H and T_l operations (n=24). */
static const byte sk_seed_sha2_192s[] = {
0x04, 0x02, 0x66, 0x52, 0x9C, 0x18, 0x64, 0x08,
0x89, 0x25, 0x50, 0x6C, 0x20, 0xA6, 0x24, 0xA2,
0xB6, 0xD5, 0x0C, 0xD7, 0x7C, 0x1C, 0x6F, 0x0D
};
static const byte sk_prf_sha2_192s[] = {
0x28, 0x41, 0x15, 0x0A, 0xE8, 0x15, 0x75, 0x12,
0xEF, 0x34, 0xA3, 0x43, 0xFF, 0xEA, 0x77, 0xFF,
0x7D, 0x9E, 0x81, 0x4B, 0x45, 0xA8, 0xB4, 0x14
};
static const byte pk_seed_sha2_192s[] = {
0x64, 0x46, 0x26, 0x65, 0xF4, 0x20, 0x28, 0x86,
0x20, 0x6A, 0x8F, 0x63, 0x22, 0x67, 0x18, 0x6C,
0xA6, 0xA1, 0xCA, 0xD0, 0x8A, 0x2B, 0x9A, 0x86
};
static const byte expected_sk_sha2_192s[] = {
0x04, 0x02, 0x66, 0x52, 0x9C, 0x18, 0x64, 0x08,
0x89, 0x25, 0x50, 0x6C, 0x20, 0xA6, 0x24, 0xA2,
0xB6, 0xD5, 0x0C, 0xD7, 0x7C, 0x1C, 0x6F, 0x0D,
0x28, 0x41, 0x15, 0x0A, 0xE8, 0x15, 0x75, 0x12,
0xEF, 0x34, 0xA3, 0x43, 0xFF, 0xEA, 0x77, 0xFF,
0x7D, 0x9E, 0x81, 0x4B, 0x45, 0xA8, 0xB4, 0x14,
0x64, 0x46, 0x26, 0x65, 0xF4, 0x20, 0x28, 0x86,
0x20, 0x6A, 0x8F, 0x63, 0x22, 0x67, 0x18, 0x6C,
0xA6, 0xA1, 0xCA, 0xD0, 0x8A, 0x2B, 0x9A, 0x86,
0x2C, 0x6A, 0x7B, 0xC4, 0xAC, 0x4A, 0xAA, 0x84,
0xAC, 0xCE, 0xF6, 0x0D, 0x52, 0x9F, 0x03, 0x11,
0x27, 0x4F, 0x20, 0x5E, 0x8D, 0xA6, 0x42, 0xC9
};
static const byte expected_pk_sha2_192s[] = {
0x64, 0x46, 0x26, 0x65, 0xF4, 0x20, 0x28, 0x86,
0x20, 0x6A, 0x8F, 0x63, 0x22, 0x67, 0x18, 0x6C,
0xA6, 0xA1, 0xCA, 0xD0, 0x8A, 0x2B, 0x9A, 0x86,
0x2C, 0x6A, 0x7B, 0xC4, 0xAC, 0x4A, 0xAA, 0x84,
0xAC, 0xCE, 0xF6, 0x0D, 0x52, 0x9F, 0x03, 0x11,
0x27, 0x4F, 0x20, 0x5E, 0x8D, 0xA6, 0x42, 0xC9
};
ret = slhdsa_keygen_kat(SLHDSA_SHA2_192S,
sk_seed_sha2_192s, (word32)sizeof(sk_seed_sha2_192s),
sk_prf_sha2_192s, (word32)sizeof(sk_prf_sha2_192s),
pk_seed_sha2_192s, (word32)sizeof(pk_seed_sha2_192s),
expected_sk_sha2_192s, (word32)sizeof(expected_sk_sha2_192s),
expected_pk_sha2_192s, (word32)sizeof(expected_pk_sha2_192s));
if (ret != 0) {
wc_test_render_error_message("SLHDSA_SHA2_192S keyGen KAT", 0);
goto out;
}
}
#endif
#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_256S
{
/* NIST CAVP SLH-DSA-SHA2-256s keyGen vector (tgId=9, tcId=81).
* Uses SHA-512 for H and T_l operations (n=32). */
static const byte sk_seed_sha2_256s[] = {
0xFC, 0xBF, 0x36, 0xA9, 0x80, 0x7B, 0x30, 0x69,
0x7B, 0xE0, 0x63, 0xA5, 0x10, 0x5E, 0x09, 0x1B,
0x41, 0x2A, 0x39, 0x1D, 0xD3, 0x9E, 0x13, 0x26,
0xEB, 0xA2, 0x3C, 0xBD, 0x40, 0x96, 0xCA, 0x77
};
static const byte sk_prf_sha2_256s[] = {
0xEF, 0x41, 0x21, 0xC0, 0x8D, 0xD7, 0x1B, 0xE9,
0x13, 0x57, 0x2F, 0x1F, 0x91, 0xE5, 0x7D, 0x0A,
0xCB, 0xCD, 0x5C, 0xEC, 0x28, 0x53, 0x9A, 0xC2,
0x75, 0x83, 0x2B, 0xBA, 0xA6, 0xC1, 0x10, 0x81
};
static const byte pk_seed_sha2_256s[] = {
0xA0, 0xB4, 0xF5, 0x54, 0x9E, 0xBC, 0xAD, 0xB9,
0x51, 0xDC, 0x2E, 0x51, 0x2C, 0x76, 0xB0, 0x62,
0x0D, 0x8F, 0xB8, 0x10, 0x0B, 0x4E, 0xE8, 0x86,
0xEF, 0x87, 0x84, 0x78, 0x0D, 0x52, 0xA2, 0x54
};
static const byte expected_sk_sha2_256s[] = {
0xFC, 0xBF, 0x36, 0xA9, 0x80, 0x7B, 0x30, 0x69,
0x7B, 0xE0, 0x63, 0xA5, 0x10, 0x5E, 0x09, 0x1B,
0x41, 0x2A, 0x39, 0x1D, 0xD3, 0x9E, 0x13, 0x26,
0xEB, 0xA2, 0x3C, 0xBD, 0x40, 0x96, 0xCA, 0x77,
0xEF, 0x41, 0x21, 0xC0, 0x8D, 0xD7, 0x1B, 0xE9,
0x13, 0x57, 0x2F, 0x1F, 0x91, 0xE5, 0x7D, 0x0A,
0xCB, 0xCD, 0x5C, 0xEC, 0x28, 0x53, 0x9A, 0xC2,
0x75, 0x83, 0x2B, 0xBA, 0xA6, 0xC1, 0x10, 0x81,
0xA0, 0xB4, 0xF5, 0x54, 0x9E, 0xBC, 0xAD, 0xB9,
0x51, 0xDC, 0x2E, 0x51, 0x2C, 0x76, 0xB0, 0x62,
0x0D, 0x8F, 0xB8, 0x10, 0x0B, 0x4E, 0xE8, 0x86,
0xEF, 0x87, 0x84, 0x78, 0x0D, 0x52, 0xA2, 0x54,
0x3E, 0x57, 0xAB, 0x49, 0x4D, 0x47, 0x06, 0x8F,
0xFE, 0xE4, 0xB8, 0x24, 0x4A, 0xAD, 0x6F, 0x19,
0xCD, 0xF9, 0x4A, 0x21, 0x72, 0xBD, 0x13, 0x4A,
0x15, 0xA6, 0xB5, 0xF2, 0x98, 0xD5, 0xA8, 0x0E
};
static const byte expected_pk_sha2_256s[] = {
0xA0, 0xB4, 0xF5, 0x54, 0x9E, 0xBC, 0xAD, 0xB9,
0x51, 0xDC, 0x2E, 0x51, 0x2C, 0x76, 0xB0, 0x62,
0x0D, 0x8F, 0xB8, 0x10, 0x0B, 0x4E, 0xE8, 0x86,
0xEF, 0x87, 0x84, 0x78, 0x0D, 0x52, 0xA2, 0x54,
0x3E, 0x57, 0xAB, 0x49, 0x4D, 0x47, 0x06, 0x8F,
0xFE, 0xE4, 0xB8, 0x24, 0x4A, 0xAD, 0x6F, 0x19,
0xCD, 0xF9, 0x4A, 0x21, 0x72, 0xBD, 0x13, 0x4A,
0x15, 0xA6, 0xB5, 0xF2, 0x98, 0xD5, 0xA8, 0x0E
};
ret = slhdsa_keygen_kat(SLHDSA_SHA2_256S,
sk_seed_sha2_256s, (word32)sizeof(sk_seed_sha2_256s),
sk_prf_sha2_256s, (word32)sizeof(sk_prf_sha2_256s),
pk_seed_sha2_256s, (word32)sizeof(pk_seed_sha2_256s),
expected_sk_sha2_256s, (word32)sizeof(expected_sk_sha2_256s),
expected_pk_sha2_256s, (word32)sizeof(expected_pk_sha2_256s));
if (ret != 0) {
wc_test_render_error_message("SLHDSA_SHA2_256S keyGen KAT", 0);
goto out;
}
}
#endif
/* --- SHAKE KeyGen KATs (128f, 192s/f, 256s/f) --- */
#ifdef WOLFSSL_SLHDSA_PARAM_128F
{
/* NIST CAVP SLH-DSA-SHAKE-128f keyGen vector (tgId=4, tcId=31) */
static const byte sk_seed_shake_128f[] = {
0x39, 0x56, 0xAB, 0x39, 0x1B, 0x4D, 0x22, 0xFC,
0x90, 0x7A, 0xF0, 0x74, 0x03, 0x26, 0xD0, 0x61
};
static const byte sk_prf_shake_128f[] = {
0xAB, 0x0E, 0xB2, 0x06, 0x43, 0x6F, 0x2B, 0x86,
0xEB, 0xE0, 0x86, 0xD7, 0x77, 0x39, 0xB3, 0xE4
};
static const byte pk_seed_shake_128f[] = {
0x56, 0x50, 0x5C, 0x22, 0x9F, 0x4E, 0x7F, 0xA6,
0xB2, 0x01, 0x71, 0x4C, 0x7D, 0xCC, 0x9D, 0xA3
};
static const byte expected_sk_shake_128f[] = {
0x39, 0x56, 0xAB, 0x39, 0x1B, 0x4D, 0x22, 0xFC,
0x90, 0x7A, 0xF0, 0x74, 0x03, 0x26, 0xD0, 0x61,
0xAB, 0x0E, 0xB2, 0x06, 0x43, 0x6F, 0x2B, 0x86,
0xEB, 0xE0, 0x86, 0xD7, 0x77, 0x39, 0xB3, 0xE4,
0x56, 0x50, 0x5C, 0x22, 0x9F, 0x4E, 0x7F, 0xA6,
0xB2, 0x01, 0x71, 0x4C, 0x7D, 0xCC, 0x9D, 0xA3,
0x66, 0x57, 0x8F, 0x1F, 0x24, 0xC3, 0xFE, 0x37,
0x1C, 0x97, 0xC1, 0x4C, 0xE0, 0xE7, 0x9C, 0xDC
};
static const byte expected_pk_shake_128f[] = {
0x56, 0x50, 0x5C, 0x22, 0x9F, 0x4E, 0x7F, 0xA6,
0xB2, 0x01, 0x71, 0x4C, 0x7D, 0xCC, 0x9D, 0xA3,
0x66, 0x57, 0x8F, 0x1F, 0x24, 0xC3, 0xFE, 0x37,
0x1C, 0x97, 0xC1, 0x4C, 0xE0, 0xE7, 0x9C, 0xDC
};
ret = slhdsa_keygen_kat(SLHDSA_SHAKE128F,
sk_seed_shake_128f, (word32)sizeof(sk_seed_shake_128f),
sk_prf_shake_128f, (word32)sizeof(sk_prf_shake_128f),
pk_seed_shake_128f, (word32)sizeof(pk_seed_shake_128f),
expected_sk_shake_128f, (word32)sizeof(expected_sk_shake_128f),
expected_pk_shake_128f, (word32)sizeof(expected_pk_shake_128f));
if (ret != 0) {
wc_test_render_error_message("SLHDSA_SHAKE128F keyGen KAT", 0);
goto out;
}
}
#endif
#ifdef WOLFSSL_SLHDSA_PARAM_192S
{
/* NIST CAVP SLH-DSA-SHAKE-192s keyGen vector (tgId=6, tcId=51) */
static const byte sk_seed_shake_192s[] = {
0x87, 0x32, 0x62, 0x18, 0x60, 0xE9, 0xA6, 0xE1,
0x88, 0x7B, 0xE5, 0x5F, 0x7A, 0xF6, 0x92, 0xB9,
0x8E, 0xB4, 0xC1, 0x0B, 0x25, 0x99, 0xF9, 0x4A
};
static const byte sk_prf_shake_192s[] = {
0xD5, 0xCC, 0x9D, 0x64, 0x70, 0xD8, 0xB2, 0x11,
0x36, 0x15, 0x8E, 0x8B, 0x17, 0x10, 0xF1, 0xFB,
0xE0, 0x3E, 0xCE, 0xD3, 0x7E, 0xD4, 0xAC, 0x68
};
static const byte pk_seed_shake_192s[] = {
0x53, 0xFC, 0x64, 0xD4, 0x6D, 0x7E, 0x16, 0x53,
0xEB, 0xBB, 0x36, 0xED, 0x5F, 0xBC, 0x12, 0xC6,
0xE7, 0xCE, 0xF3, 0xCB, 0x75, 0x64, 0x82, 0xC8
};
static const byte expected_sk_shake_192s[] = {
0x87, 0x32, 0x62, 0x18, 0x60, 0xE9, 0xA6, 0xE1,
0x88, 0x7B, 0xE5, 0x5F, 0x7A, 0xF6, 0x92, 0xB9,
0x8E, 0xB4, 0xC1, 0x0B, 0x25, 0x99, 0xF9, 0x4A,
0xD5, 0xCC, 0x9D, 0x64, 0x70, 0xD8, 0xB2, 0x11,
0x36, 0x15, 0x8E, 0x8B, 0x17, 0x10, 0xF1, 0xFB,
0xE0, 0x3E, 0xCE, 0xD3, 0x7E, 0xD4, 0xAC, 0x68,
0x53, 0xFC, 0x64, 0xD4, 0x6D, 0x7E, 0x16, 0x53,
0xEB, 0xBB, 0x36, 0xED, 0x5F, 0xBC, 0x12, 0xC6,
0xE7, 0xCE, 0xF3, 0xCB, 0x75, 0x64, 0x82, 0xC8,
0xC6, 0x20, 0x45, 0x2E, 0x86, 0x4E, 0x84, 0x97,
0xE1, 0xB3, 0x8A, 0x7B, 0x04, 0x44, 0x92, 0x19,
0xAC, 0xD9, 0xE4, 0x39, 0x3F, 0x9C, 0x88, 0xEF
};
static const byte expected_pk_shake_192s[] = {
0x53, 0xFC, 0x64, 0xD4, 0x6D, 0x7E, 0x16, 0x53,
0xEB, 0xBB, 0x36, 0xED, 0x5F, 0xBC, 0x12, 0xC6,
0xE7, 0xCE, 0xF3, 0xCB, 0x75, 0x64, 0x82, 0xC8,
0xC6, 0x20, 0x45, 0x2E, 0x86, 0x4E, 0x84, 0x97,
0xE1, 0xB3, 0x8A, 0x7B, 0x04, 0x44, 0x92, 0x19,
0xAC, 0xD9, 0xE4, 0x39, 0x3F, 0x9C, 0x88, 0xEF
};
ret = slhdsa_keygen_kat(SLHDSA_SHAKE192S,
sk_seed_shake_192s, (word32)sizeof(sk_seed_shake_192s),
sk_prf_shake_192s, (word32)sizeof(sk_prf_shake_192s),
pk_seed_shake_192s, (word32)sizeof(pk_seed_shake_192s),
expected_sk_shake_192s, (word32)sizeof(expected_sk_shake_192s),
expected_pk_shake_192s, (word32)sizeof(expected_pk_shake_192s));
if (ret != 0) {
wc_test_render_error_message("SLHDSA_SHAKE192S keyGen KAT", 0);
goto out;
}
}
#endif
#ifdef WOLFSSL_SLHDSA_PARAM_192F
{
/* NIST CAVP SLH-DSA-SHAKE-192f keyGen vector (tgId=8, tcId=71) */
static const byte sk_seed_shake_192f[] = {
0xFB, 0x7A, 0x2C, 0x2C, 0x75, 0xCE, 0x6C, 0x96,
0xB5, 0xF4, 0x32, 0x8E, 0x0A, 0xB3, 0x00, 0x47,
0x6F, 0xC6, 0xF8, 0x64, 0xCB, 0x5B, 0x0B, 0x99
};
static const byte sk_prf_shake_192f[] = {
0x99, 0x0E, 0xCB, 0x72, 0x6C, 0xA8, 0x22, 0xA4,
0xE3, 0x65, 0x2D, 0xD9, 0x2E, 0xC0, 0xAA, 0xB7,
0x63, 0x7E, 0xA4, 0x1C, 0x04, 0x82, 0xAE, 0x28
};
static const byte pk_seed_shake_192f[] = {
0x68, 0xDC, 0xC6, 0x71, 0xE3, 0x53, 0x4F, 0x81,
0xA3, 0x52, 0xC2, 0x75, 0xB6, 0xA2, 0x5F, 0x90,
0x6D, 0x2E, 0xD0, 0xFF, 0x62, 0xB8, 0xB4, 0xE3
};
static const byte expected_sk_shake_192f[] = {
0xFB, 0x7A, 0x2C, 0x2C, 0x75, 0xCE, 0x6C, 0x96,
0xB5, 0xF4, 0x32, 0x8E, 0x0A, 0xB3, 0x00, 0x47,
0x6F, 0xC6, 0xF8, 0x64, 0xCB, 0x5B, 0x0B, 0x99,
0x99, 0x0E, 0xCB, 0x72, 0x6C, 0xA8, 0x22, 0xA4,
0xE3, 0x65, 0x2D, 0xD9, 0x2E, 0xC0, 0xAA, 0xB7,
0x63, 0x7E, 0xA4, 0x1C, 0x04, 0x82, 0xAE, 0x28,
0x68, 0xDC, 0xC6, 0x71, 0xE3, 0x53, 0x4F, 0x81,
0xA3, 0x52, 0xC2, 0x75, 0xB6, 0xA2, 0x5F, 0x90,
0x6D, 0x2E, 0xD0, 0xFF, 0x62, 0xB8, 0xB4, 0xE3,
0x98, 0xF1, 0xA9, 0x87, 0x6C, 0xB0, 0x82, 0xA4,
0x8E, 0x9A, 0xE2, 0xC8, 0x62, 0xB2, 0x89, 0x48,
0x6A, 0x39, 0x25, 0xCE, 0xFC, 0x6F, 0xF4, 0xBE
};
static const byte expected_pk_shake_192f[] = {
0x68, 0xDC, 0xC6, 0x71, 0xE3, 0x53, 0x4F, 0x81,
0xA3, 0x52, 0xC2, 0x75, 0xB6, 0xA2, 0x5F, 0x90,
0x6D, 0x2E, 0xD0, 0xFF, 0x62, 0xB8, 0xB4, 0xE3,
0x98, 0xF1, 0xA9, 0x87, 0x6C, 0xB0, 0x82, 0xA4,
0x8E, 0x9A, 0xE2, 0xC8, 0x62, 0xB2, 0x89, 0x48,
0x6A, 0x39, 0x25, 0xCE, 0xFC, 0x6F, 0xF4, 0xBE
};
ret = slhdsa_keygen_kat(SLHDSA_SHAKE192F,
sk_seed_shake_192f, (word32)sizeof(sk_seed_shake_192f),
sk_prf_shake_192f, (word32)sizeof(sk_prf_shake_192f),
pk_seed_shake_192f, (word32)sizeof(pk_seed_shake_192f),
expected_sk_shake_192f, (word32)sizeof(expected_sk_shake_192f),
expected_pk_shake_192f, (word32)sizeof(expected_pk_shake_192f));
if (ret != 0) {
wc_test_render_error_message("SLHDSA_SHAKE192F keyGen KAT", 0);
goto out;
}
}
#endif
#ifdef WOLFSSL_SLHDSA_PARAM_256S
{
/* NIST CAVP SLH-DSA-SHAKE-256s keyGen vector (tgId=10, tcId=91) */
static const byte sk_seed_shake_256s[] = {
0xE4, 0x40, 0xE3, 0x96, 0x44, 0xA1, 0x1A, 0x6A,
0x58, 0xE8, 0x50, 0xC0, 0x9C, 0x8F, 0x03, 0xC2,
0x73, 0xE4, 0x65, 0x23, 0x7F, 0x3B, 0xEF, 0x7C,
0x58, 0xDE, 0x62, 0x28, 0x1E, 0x67, 0x6C, 0xEA
};
static const byte sk_prf_shake_256s[] = {
0x99, 0xC1, 0x99, 0xC0, 0x0D, 0xB3, 0x0F, 0x84,
0x99, 0xA6, 0x1B, 0x5B, 0x9D, 0xC8, 0xA3, 0x61,
0x72, 0x5F, 0x6A, 0xE8, 0x0E, 0x97, 0x03, 0x71,
0x76, 0xF4, 0x08, 0xC3, 0x0B, 0x38, 0x84, 0x4D
};
static const byte pk_seed_shake_256s[] = {
0xD7, 0xB5, 0xE7, 0x55, 0xB4, 0x87, 0x9F, 0xDE,
0x32, 0x88, 0xA2, 0x1A, 0xF3, 0xE3, 0x2F, 0xBB,
0x00, 0x6F, 0xD9, 0xB8, 0xBC, 0x2B, 0x18, 0x0E,
0xB9, 0xB0, 0xD8, 0x2C, 0x9F, 0x31, 0x57, 0xAF
};
static const byte expected_sk_shake_256s[] = {
0xE4, 0x40, 0xE3, 0x96, 0x44, 0xA1, 0x1A, 0x6A,
0x58, 0xE8, 0x50, 0xC0, 0x9C, 0x8F, 0x03, 0xC2,
0x73, 0xE4, 0x65, 0x23, 0x7F, 0x3B, 0xEF, 0x7C,
0x58, 0xDE, 0x62, 0x28, 0x1E, 0x67, 0x6C, 0xEA,
0x99, 0xC1, 0x99, 0xC0, 0x0D, 0xB3, 0x0F, 0x84,
0x99, 0xA6, 0x1B, 0x5B, 0x9D, 0xC8, 0xA3, 0x61,
0x72, 0x5F, 0x6A, 0xE8, 0x0E, 0x97, 0x03, 0x71,
0x76, 0xF4, 0x08, 0xC3, 0x0B, 0x38, 0x84, 0x4D,
0xD7, 0xB5, 0xE7, 0x55, 0xB4, 0x87, 0x9F, 0xDE,
0x32, 0x88, 0xA2, 0x1A, 0xF3, 0xE3, 0x2F, 0xBB,
0x00, 0x6F, 0xD9, 0xB8, 0xBC, 0x2B, 0x18, 0x0E,
0xB9, 0xB0, 0xD8, 0x2C, 0x9F, 0x31, 0x57, 0xAF,
0x02, 0xAC, 0xD6, 0xB3, 0x19, 0x8E, 0xE1, 0xC9,
0xFE, 0x9A, 0xFE, 0x61, 0xFD, 0x86, 0xD1, 0xE0,
0x87, 0x7A, 0xD9, 0x06, 0x19, 0x80, 0xB5, 0x7B,
0x17, 0x8C, 0xE2, 0x71, 0x91, 0xD8, 0xEB, 0x1B
};
static const byte expected_pk_shake_256s[] = {
0xD7, 0xB5, 0xE7, 0x55, 0xB4, 0x87, 0x9F, 0xDE,
0x32, 0x88, 0xA2, 0x1A, 0xF3, 0xE3, 0x2F, 0xBB,
0x00, 0x6F, 0xD9, 0xB8, 0xBC, 0x2B, 0x18, 0x0E,
0xB9, 0xB0, 0xD8, 0x2C, 0x9F, 0x31, 0x57, 0xAF,
0x02, 0xAC, 0xD6, 0xB3, 0x19, 0x8E, 0xE1, 0xC9,
0xFE, 0x9A, 0xFE, 0x61, 0xFD, 0x86, 0xD1, 0xE0,
0x87, 0x7A, 0xD9, 0x06, 0x19, 0x80, 0xB5, 0x7B,
0x17, 0x8C, 0xE2, 0x71, 0x91, 0xD8, 0xEB, 0x1B
};
ret = slhdsa_keygen_kat(SLHDSA_SHAKE256S,
sk_seed_shake_256s, (word32)sizeof(sk_seed_shake_256s),
sk_prf_shake_256s, (word32)sizeof(sk_prf_shake_256s),
pk_seed_shake_256s, (word32)sizeof(pk_seed_shake_256s),
expected_sk_shake_256s, (word32)sizeof(expected_sk_shake_256s),
expected_pk_shake_256s, (word32)sizeof(expected_pk_shake_256s));
if (ret != 0) {
wc_test_render_error_message("SLHDSA_SHAKE256S keyGen KAT", 0);
goto out;
}
}
#endif
#ifdef WOLFSSL_SLHDSA_PARAM_256F
{
/* NIST CAVP SLH-DSA-SHAKE-256f keyGen vector (tgId=12, tcId=111) */
static const byte sk_seed_shake_256f[] = {
0x2A, 0xC9, 0x40, 0x38, 0x58, 0xD1, 0x86, 0xB1,
0x72, 0xED, 0xD8, 0xDF, 0x9C, 0x78, 0xA1, 0x14,
0x49, 0x89, 0x36, 0x81, 0x48, 0x7D, 0x3A, 0xF0,
0xDA, 0xD0, 0xEC, 0x34, 0x1E, 0x8A, 0xCA, 0x48
};
static const byte sk_prf_shake_256f[] = {
0xAF, 0xA2, 0x77, 0x1B, 0xAE, 0x6C, 0x17, 0xDD,
0x6F, 0x77, 0xB4, 0xE3, 0x80, 0x8B, 0x05, 0xF5,
0x6F, 0x31, 0xB8, 0xF4, 0x12, 0x8D, 0xF2, 0xCC,
0xB6, 0x77, 0xF0, 0x28, 0x3C, 0xFB, 0x18, 0xDA
};
static const byte pk_seed_shake_256f[] = {
0x55, 0x9B, 0xC8, 0x83, 0x10, 0x5E, 0x8B, 0xA0,
0x26, 0x46, 0x48, 0xB5, 0x32, 0x62, 0x61, 0x55,
0xF8, 0x7E, 0xDB, 0x4B, 0xED, 0xCF, 0xC1, 0x2A,
0x24, 0x20, 0x4D, 0x3B, 0x69, 0x6D, 0x53, 0x70
};
static const byte expected_sk_shake_256f[] = {
0x2A, 0xC9, 0x40, 0x38, 0x58, 0xD1, 0x86, 0xB1,
0x72, 0xED, 0xD8, 0xDF, 0x9C, 0x78, 0xA1, 0x14,
0x49, 0x89, 0x36, 0x81, 0x48, 0x7D, 0x3A, 0xF0,
0xDA, 0xD0, 0xEC, 0x34, 0x1E, 0x8A, 0xCA, 0x48,
0xAF, 0xA2, 0x77, 0x1B, 0xAE, 0x6C, 0x17, 0xDD,
0x6F, 0x77, 0xB4, 0xE3, 0x80, 0x8B, 0x05, 0xF5,
0x6F, 0x31, 0xB8, 0xF4, 0x12, 0x8D, 0xF2, 0xCC,
0xB6, 0x77, 0xF0, 0x28, 0x3C, 0xFB, 0x18, 0xDA,
0x55, 0x9B, 0xC8, 0x83, 0x10, 0x5E, 0x8B, 0xA0,
0x26, 0x46, 0x48, 0xB5, 0x32, 0x62, 0x61, 0x55,
0xF8, 0x7E, 0xDB, 0x4B, 0xED, 0xCF, 0xC1, 0x2A,
0x24, 0x20, 0x4D, 0x3B, 0x69, 0x6D, 0x53, 0x70,
0x7A, 0x15, 0x8F, 0xF5, 0xD3, 0x0E, 0x34, 0x28,
0x18, 0x3A, 0x3B, 0x3A, 0x96, 0xA0, 0xE4, 0xA3,
0x41, 0xA2, 0xA1, 0x6E, 0x5A, 0x62, 0x26, 0xAF,
0x37, 0x4D, 0x1E, 0xFB, 0x39, 0xA3, 0x5D, 0xF6
};
static const byte expected_pk_shake_256f[] = {
0x55, 0x9B, 0xC8, 0x83, 0x10, 0x5E, 0x8B, 0xA0,
0x26, 0x46, 0x48, 0xB5, 0x32, 0x62, 0x61, 0x55,
0xF8, 0x7E, 0xDB, 0x4B, 0xED, 0xCF, 0xC1, 0x2A,
0x24, 0x20, 0x4D, 0x3B, 0x69, 0x6D, 0x53, 0x70,
0x7A, 0x15, 0x8F, 0xF5, 0xD3, 0x0E, 0x34, 0x28,
0x18, 0x3A, 0x3B, 0x3A, 0x96, 0xA0, 0xE4, 0xA3,
0x41, 0xA2, 0xA1, 0x6E, 0x5A, 0x62, 0x26, 0xAF,
0x37, 0x4D, 0x1E, 0xFB, 0x39, 0xA3, 0x5D, 0xF6
};
ret = slhdsa_keygen_kat(SLHDSA_SHAKE256F,
sk_seed_shake_256f, (word32)sizeof(sk_seed_shake_256f),
sk_prf_shake_256f, (word32)sizeof(sk_prf_shake_256f),
pk_seed_shake_256f, (word32)sizeof(pk_seed_shake_256f),
expected_sk_shake_256f, (word32)sizeof(expected_sk_shake_256f),
expected_pk_shake_256f, (word32)sizeof(expected_pk_shake_256f));
if (ret != 0) {
wc_test_render_error_message("SLHDSA_SHAKE256F keyGen KAT", 0);
goto out;
}
}
#endif
/* --- SHA2 fast variant KeyGen KATs --- */
#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_128F
{
/* NIST CAVP SLH-DSA-SHA2-128f keyGen vector (tgId=3, tcId=21) */
static const byte sk_seed_sha2_128f[] = {
0xC4, 0x2B, 0xCB, 0x3B, 0x5A, 0x6F, 0x33, 0x1F,
0x5C, 0xCE, 0x89, 0x92, 0x53, 0xC6, 0xD9, 0xE2
};
static const byte sk_prf_sha2_128f[] = {
0x9F, 0xF2, 0xB7, 0xEA, 0xD7, 0xA0, 0x4B, 0xAB,
0x17, 0x94, 0xDB, 0x8C, 0xC6, 0x59, 0xC3, 0xB4
};
static const byte pk_seed_sha2_128f[] = {
0xA8, 0x68, 0xF1, 0xBD, 0x5D, 0xEB, 0xC1, 0x2D,
0x4C, 0x9F, 0xAD, 0x66, 0xAA, 0xBD, 0x0A, 0x94
};
static const byte expected_sk_sha2_128f[] = {
0xC4, 0x2B, 0xCB, 0x3B, 0x5A, 0x6F, 0x33, 0x1F,
0x5C, 0xCE, 0x89, 0x92, 0x53, 0xC6, 0xD9, 0xE2,
0x9F, 0xF2, 0xB7, 0xEA, 0xD7, 0xA0, 0x4B, 0xAB,
0x17, 0x94, 0xDB, 0x8C, 0xC6, 0x59, 0xC3, 0xB4,
0xA8, 0x68, 0xF1, 0xBD, 0x5D, 0xEB, 0xC1, 0x2D,
0x4C, 0x9F, 0xAD, 0x66, 0xAA, 0xBD, 0x0A, 0x94,
0xB5, 0x46, 0xDF, 0x24, 0x7B, 0xE4, 0xC4, 0x57,
0xF3, 0xD4, 0x67, 0xCD, 0xFC, 0xFA, 0xBD, 0x39
};
static const byte expected_pk_sha2_128f[] = {
0xA8, 0x68, 0xF1, 0xBD, 0x5D, 0xEB, 0xC1, 0x2D,
0x4C, 0x9F, 0xAD, 0x66, 0xAA, 0xBD, 0x0A, 0x94,
0xB5, 0x46, 0xDF, 0x24, 0x7B, 0xE4, 0xC4, 0x57,
0xF3, 0xD4, 0x67, 0xCD, 0xFC, 0xFA, 0xBD, 0x39
};
ret = slhdsa_keygen_kat(SLHDSA_SHA2_128F,
sk_seed_sha2_128f, (word32)sizeof(sk_seed_sha2_128f),
sk_prf_sha2_128f, (word32)sizeof(sk_prf_sha2_128f),
pk_seed_sha2_128f, (word32)sizeof(pk_seed_sha2_128f),
expected_sk_sha2_128f, (word32)sizeof(expected_sk_sha2_128f),
expected_pk_sha2_128f, (word32)sizeof(expected_pk_sha2_128f));
if (ret != 0) {
wc_test_render_error_message("SLHDSA_SHA2_128F keyGen KAT", 0);
goto out;
}
}
#endif
#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_192F
{
/* NIST CAVP SLH-DSA-SHA2-192f keyGen vector (tgId=7, tcId=61) */
static const byte sk_seed_sha2_192f[] = {
0xA0, 0x21, 0xB4, 0xB9, 0xD6, 0xDE, 0xE1, 0x68,
0x72, 0x2B, 0xC1, 0x02, 0x25, 0xE5, 0x0A, 0x94,
0x66, 0x42, 0xAF, 0x63, 0x0C, 0x3C, 0x7C, 0x7D
};
static const byte sk_prf_sha2_192f[] = {
0x69, 0xE3, 0xA4, 0x0B, 0xA0, 0x9D, 0xF2, 0xAC,
0x16, 0x5B, 0x79, 0x2A, 0x07, 0xF0, 0x64, 0xAC,
0x5F, 0xC2, 0x8D, 0x8C, 0x99, 0xA5, 0x80, 0xF4
};
static const byte pk_seed_sha2_192f[] = {
0xEE, 0x48, 0x23, 0xD0, 0x9E, 0x79, 0x85, 0x47,
0x06, 0xDA, 0xA8, 0x0A, 0xE3, 0x17, 0x9B, 0x5B,
0xC8, 0xC2, 0xE9, 0x40, 0x9D, 0x63, 0x28, 0xA3
};
static const byte expected_sk_sha2_192f[] = {
0xA0, 0x21, 0xB4, 0xB9, 0xD6, 0xDE, 0xE1, 0x68,
0x72, 0x2B, 0xC1, 0x02, 0x25, 0xE5, 0x0A, 0x94,
0x66, 0x42, 0xAF, 0x63, 0x0C, 0x3C, 0x7C, 0x7D,
0x69, 0xE3, 0xA4, 0x0B, 0xA0, 0x9D, 0xF2, 0xAC,
0x16, 0x5B, 0x79, 0x2A, 0x07, 0xF0, 0x64, 0xAC,
0x5F, 0xC2, 0x8D, 0x8C, 0x99, 0xA5, 0x80, 0xF4,
0xEE, 0x48, 0x23, 0xD0, 0x9E, 0x79, 0x85, 0x47,
0x06, 0xDA, 0xA8, 0x0A, 0xE3, 0x17, 0x9B, 0x5B,
0xC8, 0xC2, 0xE9, 0x40, 0x9D, 0x63, 0x28, 0xA3,
0x35, 0x77, 0xFD, 0x58, 0x4B, 0xC0, 0x78, 0x4C,
0x55, 0x9C, 0xDB, 0x24, 0x37, 0xA4, 0x6F, 0x7F,
0x75, 0x3C, 0x33, 0x63, 0x69, 0x41, 0x9A, 0xCF
};
static const byte expected_pk_sha2_192f[] = {
0xEE, 0x48, 0x23, 0xD0, 0x9E, 0x79, 0x85, 0x47,
0x06, 0xDA, 0xA8, 0x0A, 0xE3, 0x17, 0x9B, 0x5B,
0xC8, 0xC2, 0xE9, 0x40, 0x9D, 0x63, 0x28, 0xA3,
0x35, 0x77, 0xFD, 0x58, 0x4B, 0xC0, 0x78, 0x4C,
0x55, 0x9C, 0xDB, 0x24, 0x37, 0xA4, 0x6F, 0x7F,
0x75, 0x3C, 0x33, 0x63, 0x69, 0x41, 0x9A, 0xCF
};
ret = slhdsa_keygen_kat(SLHDSA_SHA2_192F,
sk_seed_sha2_192f, (word32)sizeof(sk_seed_sha2_192f),
sk_prf_sha2_192f, (word32)sizeof(sk_prf_sha2_192f),
pk_seed_sha2_192f, (word32)sizeof(pk_seed_sha2_192f),
expected_sk_sha2_192f, (word32)sizeof(expected_sk_sha2_192f),
expected_pk_sha2_192f, (word32)sizeof(expected_pk_sha2_192f));
if (ret != 0) {
wc_test_render_error_message("SLHDSA_SHA2_192F keyGen KAT", 0);
goto out;
}
}
#endif
#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_256F
{
/* NIST CAVP SLH-DSA-SHA2-256f keyGen vector (tgId=11, tcId=101) */
static const byte sk_seed_sha2_256f[] = {
0x18, 0x52, 0x37, 0x02, 0xA0, 0xFE, 0x2C, 0x9E,
0x48, 0x89, 0x48, 0xB1, 0x27, 0x18, 0x5B, 0xAB,
0x93, 0xD3, 0xF0, 0x2C, 0x3D, 0x7C, 0x23, 0xA1,
0xB3, 0x79, 0xF7, 0x62, 0xDE, 0x05, 0x09, 0xE5
};
static const byte sk_prf_sha2_256f[] = {
0x6A, 0xB0, 0xD9, 0xF9, 0x35, 0x40, 0xBD, 0x80,
0x9D, 0x1D, 0x2E, 0x8A, 0x05, 0x04, 0x40, 0xAA,
0x81, 0xE8, 0x53, 0x75, 0x04, 0x70, 0xE2, 0xB0,
0x0C, 0x95, 0x9D, 0xBD, 0x3B, 0xE4, 0x0E, 0x2B
};
static const byte pk_seed_sha2_256f[] = {
0xD7, 0x12, 0x5F, 0x5D, 0x00, 0xBA, 0x47, 0xF1,
0xFC, 0x8D, 0x4C, 0x32, 0xC2, 0xF5, 0x7C, 0x44,
0x4B, 0xD3, 0x84, 0xD7, 0xCE, 0x77, 0x0B, 0xC5,
0x0D, 0xD5, 0x98, 0x0C, 0x1D, 0x12, 0x64, 0xD0
};
static const byte expected_sk_sha2_256f[] = {
0x18, 0x52, 0x37, 0x02, 0xA0, 0xFE, 0x2C, 0x9E,
0x48, 0x89, 0x48, 0xB1, 0x27, 0x18, 0x5B, 0xAB,
0x93, 0xD3, 0xF0, 0x2C, 0x3D, 0x7C, 0x23, 0xA1,
0xB3, 0x79, 0xF7, 0x62, 0xDE, 0x05, 0x09, 0xE5,
0x6A, 0xB0, 0xD9, 0xF9, 0x35, 0x40, 0xBD, 0x80,
0x9D, 0x1D, 0x2E, 0x8A, 0x05, 0x04, 0x40, 0xAA,
0x81, 0xE8, 0x53, 0x75, 0x04, 0x70, 0xE2, 0xB0,
0x0C, 0x95, 0x9D, 0xBD, 0x3B, 0xE4, 0x0E, 0x2B,
0xD7, 0x12, 0x5F, 0x5D, 0x00, 0xBA, 0x47, 0xF1,
0xFC, 0x8D, 0x4C, 0x32, 0xC2, 0xF5, 0x7C, 0x44,
0x4B, 0xD3, 0x84, 0xD7, 0xCE, 0x77, 0x0B, 0xC5,
0x0D, 0xD5, 0x98, 0x0C, 0x1D, 0x12, 0x64, 0xD0,
0x0A, 0xD5, 0x19, 0x7F, 0xFC, 0xBA, 0xAF, 0xE1,
0x1B, 0x1E, 0x41, 0x3F, 0x26, 0xAD, 0xB1, 0x50,
0x4C, 0xE1, 0xC3, 0xF5, 0xC4, 0x0C, 0x1D, 0xCD,
0xA1, 0x4E, 0x99, 0xFD, 0x12, 0x6D, 0x5B, 0x81
};
static const byte expected_pk_sha2_256f[] = {
0xD7, 0x12, 0x5F, 0x5D, 0x00, 0xBA, 0x47, 0xF1,
0xFC, 0x8D, 0x4C, 0x32, 0xC2, 0xF5, 0x7C, 0x44,
0x4B, 0xD3, 0x84, 0xD7, 0xCE, 0x77, 0x0B, 0xC5,
0x0D, 0xD5, 0x98, 0x0C, 0x1D, 0x12, 0x64, 0xD0,
0x0A, 0xD5, 0x19, 0x7F, 0xFC, 0xBA, 0xAF, 0xE1,
0x1B, 0x1E, 0x41, 0x3F, 0x26, 0xAD, 0xB1, 0x50,
0x4C, 0xE1, 0xC3, 0xF5, 0xC4, 0x0C, 0x1D, 0xCD,
0xA1, 0x4E, 0x99, 0xFD, 0x12, 0x6D, 0x5B, 0x81
};
ret = slhdsa_keygen_kat(SLHDSA_SHA2_256F,
sk_seed_sha2_256f, (word32)sizeof(sk_seed_sha2_256f),
sk_prf_sha2_256f, (word32)sizeof(sk_prf_sha2_256f),
pk_seed_sha2_256f, (word32)sizeof(pk_seed_sha2_256f),
expected_sk_sha2_256f, (word32)sizeof(expected_sk_sha2_256f),
expected_pk_sha2_256f, (word32)sizeof(expected_pk_sha2_256f));
if (ret != 0) {
wc_test_render_error_message("SLHDSA_SHA2_256F keyGen KAT", 0);
goto out;
}
}
#endif
#ifdef WOLFSSL_SLHDSA_PARAM_128S
ret = slhdsa_test_param(SLHDSA_SHAKE128S);
if (ret != 0) {
wc_test_render_error_message("SLHDSA_SHAKE128S", 0);
goto out;
}
#endif
#ifdef WOLFSSL_SLHDSA_PARAM_128F
ret = slhdsa_test_param(SLHDSA_SHAKE128F);
if (ret != 0) {
wc_test_render_error_message("SLHDSA_SHAKE128F", 0);
goto out;
}
#endif
#ifdef WOLFSSL_SLHDSA_PARAM_192S
ret = slhdsa_test_param(SLHDSA_SHAKE192S);
if (ret != 0) {
wc_test_render_error_message("SLHDSA_SHAKE192S", 0);
goto out;
}
#endif
#ifdef WOLFSSL_SLHDSA_PARAM_192F
ret = slhdsa_test_param(SLHDSA_SHAKE192F);
if (ret != 0) {
wc_test_render_error_message("SLHDSA_SHAKE192F", 0);
goto out;
}
#endif
#ifdef WOLFSSL_SLHDSA_PARAM_256S
ret = slhdsa_test_param(SLHDSA_SHAKE256S);
if (ret != 0) {
wc_test_render_error_message("SLHDSA_SHAKE256S", 0);
goto out;
}
#endif
#ifdef WOLFSSL_SLHDSA_PARAM_256F
ret = slhdsa_test_param(SLHDSA_SHAKE256F);
if (ret != 0) {
wc_test_render_error_message("SLHDSA_SHAKE256F", 0);
goto out;
}
#endif
#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_128S
ret = slhdsa_test_param(SLHDSA_SHA2_128S);
if (ret != 0) {
wc_test_render_error_message("SLHDSA_SHA2_128S", 0);
goto out;
}
#endif
#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_128F
ret = slhdsa_test_param(SLHDSA_SHA2_128F);
if (ret != 0) {
wc_test_render_error_message("SLHDSA_SHA2_128F", 0);
goto out;
}
#endif
#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_192S
ret = slhdsa_test_param(SLHDSA_SHA2_192S);
if (ret != 0) {
wc_test_render_error_message("SLHDSA_SHA2_192S", 0);
goto out;
}
#endif
#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_192F
ret = slhdsa_test_param(SLHDSA_SHA2_192F);
if (ret != 0) {
wc_test_render_error_message("SLHDSA_SHA2_192F", 0);
goto out;
}
#endif
#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_256S
ret = slhdsa_test_param(SLHDSA_SHA2_256S);
if (ret != 0) {
wc_test_render_error_message("SLHDSA_SHA2_256S", 0);
goto out;
}
#endif
#ifdef WOLFSSL_SLHDSA_PARAM_SHA2_256F
ret = slhdsa_test_param(SLHDSA_SHA2_256F);
if (ret != 0) {
wc_test_render_error_message("SLHDSA_SHA2_256F", 0);
goto out;
}
#endif
#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */
#if defined(WOLF_PRIVATE_KEY_ID) && \
(defined(WOLFSSL_SLHDSA_PARAM_128S) || defined(WOLFSSL_SLHDSA_PARAM_128F) || \
defined(WOLFSSL_SLHDSA_PARAM_SHA2_128S) || \
defined(WOLFSSL_SLHDSA_PARAM_SHA2_128F))
/* Init_id/Init_label/Free are available in VERIFY_ONLY builds, so this
* runs regardless of VERIFY_ONLY. Fall through to cleanup on failure
* (no `goto out;` because `out:` is not defined in 128F-only +
* VERIFY_ONLY builds, and no allocations precede this point that
* would need an early bail-out). */
if (ret == 0) {
ret = slhdsa_id_label_test();
if (ret != 0)
wc_test_render_error_message("SLHDSA_ID_LABEL", ret);
}
#endif
#ifdef SLHDSA_TEST_HAVE_ANY_PARAM
out:
#endif
#ifdef WOLFSSL_SLHDSA_PARAM_128S
#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
if (key_vfy)
#endif
{
wc_SlhDsaKey_Free(key_vfy);
}
WC_FREE_VAR_EX(key_vfy, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
/* key, sig, sk, pk are declared inside #ifdef WOLFSSL_SLHDSA_PARAM_128S
* (alongside the SHAKE-128s test data) so they only exist when 128S is
* built. Their cleanup must match. */
#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
if (key)
#endif
{
wc_SlhDsaKey_Free(key);
}
WC_FREE_VAR_EX(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
WC_FREE_VAR_EX(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
WC_FREE_VAR_EX(sk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
WC_FREE_VAR_EX(pk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#endif /* WOLFSSL_SLHDSA_PARAM_128S */
return ret;
}
#endif
/* source code reference point -- see print_fiducials() below. */
static WC_MAYBE_UNUSED const int fiducial3 = WC_TEST_RET_LN;
#ifdef WOLFCRYPT_HAVE_ECCSI
static wc_test_ret_t eccsi_api_test(WC_RNG* rng, EccsiKey* key, mp_int* ssk,
ecc_point* pvt)
{
wc_test_ret_t ret;
byte id[1] = { 0x00 };
int valid;
word32 sz;
byte data[256];
byte hash[WC_MAX_DIGEST_SIZE];
byte hashSz;
byte sig[257];
word32 sigSz;
ret = wc_InitEccsiKey_ex(NULL, 32, ECC_SECP256R1, HEAP_HINT, devId);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_InitEccsiKey_ex(NULL, 32, ECC_SECP256R1, HEAP_HINT, devId);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_InitEccsiKey(NULL, NULL, devId);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_InitEccsiKey(NULL, HEAP_HINT, devId);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
wc_FreeEccsiKey(NULL);
/* Create a valid key. */
ret = wc_InitEccsiKey(key, NULL, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeEccsiKey(NULL, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeEccsiKey(key, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeEccsiKey(NULL, rng);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeEccsiPair(NULL, NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL,
NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, NULL, pvt);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, NULL, 1, ssk, pvt);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeEccsiPair(key, NULL, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeEccsiPair(NULL, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
/* No key set */
ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt);
if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ValidateEccsiPair(NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL, NULL,
NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt,
NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, NULL,
&valid);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, NULL, pvt,
&valid);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, NULL, 1, ssk, pvt,
&valid);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ValidateEccsiPair(NULL, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt,
&valid);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
/* No key set */
ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt,
&valid);
if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ValidateEccsiPvt(NULL, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ValidateEccsiPvt(key, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ValidateEccsiPvt(NULL, pvt, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ValidateEccsiPvt(NULL, NULL, &valid);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ValidateEccsiPvt(key, pvt, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ValidateEccsiPvt(key, NULL, &valid);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ValidateEccsiPvt(NULL, pvt, &valid);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_EncodeEccsiPair(NULL, NULL, NULL, data, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_EncodeEccsiPair(key, ssk, pvt, data, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_EncodeEccsiPair(key, ssk, NULL, data, &sz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_EncodeEccsiPair(key, NULL, pvt, data, &sz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_EncodeEccsiPair(NULL, ssk, pvt, data, &sz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
/* No key created so no curve information. */
ret = wc_EncodeEccsiPair(key, ssk, pvt, NULL, &sz);
if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_EncodeEccsiSsk(NULL, NULL, data, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_EncodeEccsiSsk(key, ssk, data, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_EncodeEccsiSsk(key, NULL, data, &sz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_EncodeEccsiSsk(NULL, ssk, data, &sz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_EncodeEccsiPvt(NULL, NULL, data, NULL, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_EncodeEccsiPvt(key, pvt, data, NULL, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_EncodeEccsiPvt(key, NULL, data, &sz, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_EncodeEccsiPvt(NULL, pvt, data, &sz, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_DecodeEccsiPair(NULL, NULL, 0, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_DecodeEccsiPair(key, data, 0, ssk, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_DecodeEccsiPair(key, data, 0, NULL, pvt);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_DecodeEccsiPair(key, NULL, 0, ssk, pvt);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_DecodeEccsiPair(NULL, data, 0, ssk, pvt);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_DecodeEccsiSsk(NULL, NULL, 0, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_DecodeEccsiSsk(key, data, 0, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_DecodeEccsiSsk(key, NULL, 0, ssk);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_DecodeEccsiSsk(NULL, data, 0, ssk);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_DecodeEccsiPvt(NULL, NULL, 0, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_DecodeEccsiPvt(key, data, 0, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_DecodeEccsiPvt(key, NULL, 0, pvt);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_DecodeEccsiPvt(NULL, data, 0, pvt);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_DecodeEccsiPvtFromSig(NULL, NULL, 0, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_DecodeEccsiPvtFromSig(key, data, 0, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_DecodeEccsiPvtFromSig(key, NULL, 0, pvt);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_DecodeEccsiPvtFromSig(NULL, data, 0, pvt);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ExportEccsiKey(NULL, data, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ExportEccsiKey(key, data, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ExportEccsiKey(NULL, data, &sz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
/* No key to export */
ret = wc_ExportEccsiKey(key, NULL, &sz);
if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ImportEccsiKey(NULL, NULL, 0);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ImportEccsiKey(key, NULL, 0);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ImportEccsiKey(NULL, data, 0);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ExportEccsiPrivateKey(NULL, data, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ExportEccsiPrivateKey(key, data, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ExportEccsiPrivateKey(NULL, data, &sz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
/* No key to export */
ret = wc_ExportEccsiPrivateKey(key, NULL, &sz);
if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ImportEccsiPrivateKey(NULL, NULL, 0);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ImportEccsiPrivateKey(key, NULL, 0);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ImportEccsiPrivateKey(NULL, data, 0);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ExportEccsiPublicKey(NULL, data, NULL, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ExportEccsiPublicKey(key, data, NULL, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ExportEccsiPublicKey(NULL, data, &sz, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
/* No key to export */
ret = wc_ExportEccsiPublicKey(key, data, &sz, 1);
if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ImportEccsiPublicKey(NULL, NULL, 0, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ImportEccsiPublicKey(key, NULL, 0, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ImportEccsiPublicKey(NULL, data, 0, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_HashEccsiId(NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, NULL, &hashSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, NULL, hash, &hashSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, NULL, 1, pvt, hash,
&hashSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_HashEccsiId(NULL, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, &hashSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, &hashSz);
if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetEccsiHash(NULL, NULL, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetEccsiHash(key, NULL, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetEccsiHash(NULL, hash, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetEccsiPair(NULL, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetEccsiPair(key, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetEccsiPair(NULL, ssk, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetEccsiPair(NULL, NULL, pvt);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetEccsiPair(key, ssk, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetEccsiPair(key, NULL, pvt);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetEccsiPair(NULL, ssk, pvt);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SignEccsiHash(NULL, NULL, WC_HASH_TYPE_SHA256, NULL, 0, sig, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, sig, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, NULL, 0, sig,
&sigSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SignEccsiHash(key, NULL, WC_HASH_TYPE_SHA256, data, 0, sig,
&sigSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SignEccsiHash(NULL, rng, WC_HASH_TYPE_SHA256, data, 0, sig,
&sigSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
/* Key not set. */
ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, NULL,
&sigSz);
if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, data, 0, NULL, 0, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, sig, 0, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0,
&valid);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, sig, 0, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, NULL, 0,
&valid);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, NULL, 0, sig, 0,
&valid);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, data, 0, sig, 0,
&valid);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, sig, 0,
&valid);
if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetEccsiPair(key, ssk, pvt);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* Identity hash not set. */
ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, NULL,
&sigSz);
if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
return WC_TEST_RET_ENC_EC(ret);
wc_FreeEccsiKey(key);
return 0;
}
/* RFC 6507: Appendix A */
static wc_test_ret_t eccsi_kat_verify_test(EccsiKey* key, ecc_point* pvt)
{
wc_test_ret_t ret;
int verified;
const byte msg[] = { 0x6D, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x00 };
word32 msgSz = sizeof(msg);
byte hash[WC_SHA256_DIGEST_SIZE];
byte hashSz = WC_SHA256_DIGEST_SIZE;
static const byte id[] = {
0x32, 0x30, 0x31, 0x31, 0x2D, 0x30, 0x32, 0x00,
0x74, 0x65, 0x6C, 0x3A, 0x2B, 0x34, 0x34, 0x37,
0x37, 0x30, 0x30, 0x39, 0x30, 0x30, 0x31, 0x32,
0x33, 0x00
};
word32 idSz = sizeof(id);
static const byte sig[] = {
0x26, 0x9D, 0x4C, 0x8F, 0xDE, 0xB6, 0x6A, 0x74,
0xE4, 0xEF, 0x8C, 0x0D, 0x5D, 0xCC, 0x59, 0x7D,
0xDF, 0xE6, 0x02, 0x9C, 0x2A, 0xFF, 0xC4, 0x93,
0x60, 0x08, 0xCD, 0x2C, 0xC1, 0x04, 0x5D, 0x81,
0xE0, 0x9B, 0x52, 0x8D, 0x0E, 0xF8, 0xD6, 0xDF,
0x1A, 0xA3, 0xEC, 0xBF, 0x80, 0x11, 0x0C, 0xFC,
0xEC, 0x9F, 0xC6, 0x82, 0x52, 0xCE, 0xBB, 0x67,
0x9F, 0x41, 0x34, 0x84, 0x69, 0x40, 0xCC, 0xFD,
0x04,
0x75, 0x8A, 0x14, 0x27, 0x79, 0xBE, 0x89, 0xE8,
0x29, 0xE7, 0x19, 0x84, 0xCB, 0x40, 0xEF, 0x75,
0x8C, 0xC4, 0xAD, 0x77, 0x5F, 0xC5, 0xB9, 0xA3,
0xE1, 0xC8, 0xED, 0x52, 0xF6, 0xFA, 0x36, 0xD9,
0xA7, 0x9D, 0x24, 0x76, 0x92, 0xF4, 0xED, 0xA3,
0xA6, 0xBD, 0xAB, 0x77, 0xD6, 0xAA, 0x64, 0x74,
0xA4, 0x64, 0xAE, 0x49, 0x34, 0x66, 0x3C, 0x52,
0x65, 0xBA, 0x70, 0x18, 0xBA, 0x09, 0x1F, 0x79
};
word32 sigSz = sizeof(sig);
static const byte pubData[] = {
0x50, 0xD4, 0x67, 0x0B, 0xDE, 0x75, 0x24, 0x4F,
0x28, 0xD2, 0x83, 0x8A, 0x0D, 0x25, 0x55, 0x8A,
0x7A, 0x72, 0x68, 0x6D, 0x45, 0x22, 0xD4, 0xC8,
0x27, 0x3F, 0xB6, 0x44, 0x2A, 0xEB, 0xFA, 0x93,
0xDB, 0xDD, 0x37, 0x55, 0x1A, 0xFD, 0x26, 0x3B,
0x5D, 0xFD, 0x61, 0x7F, 0x39, 0x60, 0xC6, 0x5A,
0x8C, 0x29, 0x88, 0x50, 0xFF, 0x99, 0xF2, 0x03,
0x66, 0xDC, 0xE7, 0xD4, 0x36, 0x72, 0x17, 0xF4
};
static const byte expHash[] = {
0x49, 0x0f, 0x3f, 0xeb, 0xbc, 0x1c, 0x90, 0x2f,
0x62, 0x89, 0x72, 0x3d, 0x7f, 0x8c, 0xbf, 0x79,
0xdb, 0x88, 0x93, 0x08, 0x49, 0xd1, 0x9f, 0x38,
0xf0, 0x29, 0x5b, 0x5c, 0x27, 0x6c, 0x14, 0xd1
};
ret = wc_ImportEccsiPublicKey(key, pubData, sizeof(pubData), 0);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_DecodeEccsiPvtFromSig(key, sig, sigSz, pvt);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, idSz, pvt, hash,
&hashSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (hashSz != sizeof(expHash))
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(hash, expHash, hashSz) != 0)
return WC_TEST_RET_ENC_NC;
ret = wc_SetEccsiHash(key, hash, hashSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
&verified);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (!verified)
return WC_TEST_RET_ENC_NC;
return 0;
}
static wc_test_ret_t eccsi_enc_dec_pair_test(EccsiKey* priv, mp_int* ssk, ecc_point* pvt)
{
wc_test_ret_t ret;
byte data[32 * 3];
word32 sz;
ecc_point* decPvt = NULL;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
mp_int *decSsk = (mp_int *)XMALLOC(sizeof(*decSsk), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (decSsk == NULL)
return WC_TEST_RET_ENC_ERRNO;
#else
mp_int decSsk[1];
#endif
ret = mp_init(decSsk);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
decPvt = wc_ecc_new_point();
if (decPvt == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
ret = wc_EncodeEccsiPair(priv, ssk, pvt, NULL, &sz);
if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (sz != 32 * 3)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_EncodeEccsiPair(priv, ssk, pvt, data, &sz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (sz != 32* 3)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_DecodeEccsiPair(priv, data, sz, decSsk, decPvt);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = mp_cmp(ssk, decSsk);
if (ret != MP_EQ)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_ecc_cmp_point(pvt, decPvt);
if (ret != MP_EQ)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_EncodeEccsiSsk(priv, ssk, NULL, &sz);
if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (sz != 32)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_EncodeEccsiSsk(priv, ssk, data, &sz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (sz != 32)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_DecodeEccsiSsk(priv, data, sz, decSsk);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = mp_cmp(ssk, decSsk);
if (ret != MP_EQ)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_EncodeEccsiPvt(priv, pvt, NULL, &sz, 1);
if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (sz != 32 * 2)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_EncodeEccsiPvt(priv, pvt, data, &sz, 1);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (sz != 32 * 2)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_DecodeEccsiPvt(priv, data, sz, decPvt);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_ecc_cmp_point(pvt, decPvt);
if (ret != MP_EQ)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
sz = sizeof(data);
ret = wc_EncodeEccsiPvt(priv, pvt, data, &sz, 0);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (sz != 32 * 2 + 1)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = wc_DecodeEccsiPvt(priv, data, sz, decPvt);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_ecc_cmp_point(pvt, decPvt);
if (ret != MP_EQ)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
wc_ecc_del_point(decPvt);
out:
mp_free(decSsk);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(decSsk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
static wc_test_ret_t eccsi_imp_exp_key_test(EccsiKey* priv)
{
wc_test_ret_t ret;
byte data[32 * 3];
byte out[32 * 3];
word32 sz;
ret = wc_ExportEccsiKey(priv, NULL, &sz);
if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
return WC_TEST_RET_ENC_EC(ret);
if (sz != 32 * 3)
return WC_TEST_RET_ENC_NC;
ret = wc_ExportEccsiKey(priv, data, &sz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ImportEccsiKey(priv, data, sz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ExportEccsiKey(priv, NULL, &sz);
if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
return WC_TEST_RET_ENC_EC(ret);
if (sz != 32 * 3)
return WC_TEST_RET_ENC_NC;
ret = wc_ExportEccsiKey(priv, out, &sz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (sz != 32 * 3)
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(data, out, sz) != 0)
return WC_TEST_RET_ENC_NC;
ret = wc_ExportEccsiPrivateKey(priv, NULL, &sz);
if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
return WC_TEST_RET_ENC_EC(ret);
if (sz != 32)
return WC_TEST_RET_ENC_NC;
ret = wc_ExportEccsiPrivateKey(priv, data, &sz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ImportEccsiPrivateKey(priv, data, sz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ExportEccsiPrivateKey(priv, NULL, &sz);
if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
return WC_TEST_RET_ENC_EC(ret);
if (sz != 32)
return WC_TEST_RET_ENC_NC;
ret = wc_ExportEccsiPrivateKey(priv, out, &sz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (sz != 32)
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(data, out, sz) != 0)
return WC_TEST_RET_ENC_NC;
return 0;
}
static wc_test_ret_t eccsi_imp_exp_pubkey_test(EccsiKey* key1, EccsiKey* key2)
{
wc_test_ret_t ret;
byte data[32 * 2 + 1];
byte pubData[32 * 2 + 1];
word32 sz;
ret = wc_ExportEccsiPublicKey(key1, NULL, &sz, 1);
if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
return WC_TEST_RET_ENC_EC(ret);
if (sz != 32 * 2)
return WC_TEST_RET_ENC_NC;
ret = wc_ExportEccsiPublicKey(key1, data, &sz, 1);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ImportEccsiPublicKey(key2, data, sz, 1);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
sz = sizeof(pubData);
ret = wc_ExportEccsiPublicKey(key2, pubData, &sz, 1);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (sz != 32 * 2)
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(data, pubData, sz) != 0)
return WC_TEST_RET_ENC_NC;
sz = sizeof(pubData);
ret = wc_ExportEccsiPublicKey(key2, pubData, &sz, 0);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (sz != 32 * 2 + 1)
return WC_TEST_RET_ENC_NC;
if (pubData[0] != 0x04)
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(pubData + 1, data, sz - 1) != 0)
return WC_TEST_RET_ENC_NC;
ret = wc_ImportEccsiPublicKey(key2, pubData, sz, 0);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
return 0;
}
static wc_test_ret_t eccsi_make_key_test(EccsiKey* priv, EccsiKey* pub, WC_RNG* rng,
mp_int* ssk, ecc_point* pvt)
{
wc_test_ret_t ret;
char mail[] = "test@wolfssl.com";
byte* id = (byte*)mail;
word32 idSz = (word32) XSTRLEN(mail);
int valid;
ret = wc_MakeEccsiKey(priv, rng);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = eccsi_imp_exp_key_test(priv);
if (ret < 0)
return ret;
ret = eccsi_imp_exp_pubkey_test(priv, pub);
if (ret < 0)
return ret;
ret = wc_MakeEccsiPair(priv, rng, WC_HASH_TYPE_SHA256, id, idSz, ssk, pvt);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ValidateEccsiPair(pub, WC_HASH_TYPE_SHA256, id, idSz, ssk, pvt,
&valid);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (!valid)
return WC_TEST_RET_ENC_NC;
ret = eccsi_enc_dec_pair_test(priv, ssk, pvt);
if (ret != 0)
return ret;
return 0;
}
static wc_test_ret_t eccsi_sign_verify_test(EccsiKey* priv, EccsiKey* pub, WC_RNG* rng,
mp_int* ssk, ecc_point* pvt)
{
wc_test_ret_t ret;
byte hashPriv[WC_MAX_DIGEST_SIZE];
byte hashPub[WC_MAX_DIGEST_SIZE];
byte hashSz;
byte sig[144];
word32 sigSz;
int verified, valid;
char mail[] = "test@wolfssl.com";
byte* id = (byte*)mail;
word32 idSz = (word32) XSTRLEN(mail);
byte msg[] = { 0x00 };
word32 msgSz = sizeof(msg);
#ifdef WOLFSSL_SHA384
ret = wc_HashEccsiId(priv, WC_HASH_TYPE_SHA384, id, idSz, pvt, hashPriv,
&hashSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
#endif
ret = wc_HashEccsiId(priv, WC_HASH_TYPE_SHA256, id, idSz, pvt, hashPriv,
&hashSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (hashSz != 32)
return WC_TEST_RET_ENC_NC;
ret = wc_HashEccsiId(priv, WC_HASH_TYPE_SHA256, id, idSz, pvt, hashPub,
&hashSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (hashSz != 32)
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(hashPriv, hashPub, hashSz) != 0)
return WC_TEST_RET_ENC_NC;
ret = wc_SetEccsiHash(priv, hashPriv, hashSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetEccsiPair(priv, ssk, pvt);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SignEccsiHash(priv, rng, WC_HASH_TYPE_SHA256, msg, msgSz, NULL,
&sigSz);
if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
return WC_TEST_RET_ENC_EC(ret);
if (sigSz != 129)
return WC_TEST_RET_ENC_NC;
ret = wc_SignEccsiHash(priv, rng, WC_HASH_TYPE_SHA256, msg, msgSz, sig,
&sigSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetEccsiHash(pub, hashPub, hashSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
&verified);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (!verified)
return WC_TEST_RET_ENC_NC;
/* Check that changing HS results in verification failure. */
hashPub[0] ^= 0x80;
ret = wc_SetEccsiHash(pub, hashPub, hashSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
&verified);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (verified)
return WC_TEST_RET_ENC_NC;
hashPub[0] ^= 0x80;
ret = wc_SetEccsiHash(pub, hashPub, hashSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* Check that changing msg results in verification failure. */
msg[0] ^= 0x80;
ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
&verified);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (verified)
return WC_TEST_RET_ENC_NC;
msg[0] ^= 0x80;
/* Check that changing signature results in verification failure. */
sig[0] ^= 0x80;
ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
&verified);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (verified)
return WC_TEST_RET_ENC_NC;
sig[0] ^= 0x80;
/* Check that key state hasn't been invalidated. */
ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
&verified);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (!verified)
return WC_TEST_RET_ENC_NC;
/* Check that verifying with the private key works. */
ret = wc_VerifyEccsiHash(priv, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
&verified);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (!verified)
return WC_TEST_RET_ENC_NC;
/* Check that the KPAK is converted from montgomery form. */
ret = eccsi_imp_exp_key_test(priv);
if (ret != 0)
return ret;
/* Check that KPAK can converted to Montgomery form again. */
ret = wc_VerifyEccsiHash(priv, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
&verified);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (!verified)
return WC_TEST_RET_ENC_NC;
/* Check that the KPAK is converted from montgomery form. */
ret = wc_ValidateEccsiPair(pub, WC_HASH_TYPE_SHA256, id, idSz, ssk, pvt,
&valid);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (!valid)
return WC_TEST_RET_ENC_NC;
/* Check that KPAK can converted to Montgomery form again. */
ret = wc_VerifyEccsiHash(priv, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
&verified);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (!verified)
return WC_TEST_RET_ENC_NC;
/* Check that the KPAK is converted from montgomery form. */
ret = eccsi_imp_exp_pubkey_test(priv, pub);
if (ret != 0)
return ret;
return 0;
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t eccsi_test(void)
{
wc_test_ret_t ret = 0;
WC_RNG rng;
int rng_inited = 0;
WC_DECLARE_VAR(priv, EccsiKey, 1, HEAP_HINT);
WC_DECLARE_VAR(pub, EccsiKey, 1, HEAP_HINT);
WC_DECLARE_VAR(ssk, mp_int, 1, HEAP_HINT);
ecc_point* pvt = NULL;
WOLFSSL_ENTER("eccsi_test");
WC_ALLOC_VAR_EX(priv, EccsiKey, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER, ret = WC_TEST_RET_ENC_EC(MEMORY_E));
if (ret == 0) {
XMEMSET(priv, 0, sizeof(*priv));
WC_ALLOC_VAR_EX(pub, EccsiKey, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER, ret = WC_TEST_RET_ENC_EC(MEMORY_E));
}
if (ret == 0) {
XMEMSET(pub, 0, sizeof(*pub));
WC_ALLOC_VAR_EX(ssk, mp_int, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER, ret = WC_TEST_RET_ENC_EC(MEMORY_E));
}
if (ret == 0) {
XMEMSET(ssk, 0, sizeof(*ssk));
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
ret = wc_InitRng(&rng);
#endif
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
else
rng_inited = 1;
}
if (ret == 0) {
pvt = wc_ecc_new_point();
if (pvt == NULL)
ret = WC_TEST_RET_ENC_NC;
}
if (ret == 0) {
ret = mp_init(ssk);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
ret = eccsi_api_test(&rng, priv, ssk, pvt);
}
if (ret == 0) {
ret = wc_InitEccsiKey(pub, HEAP_HINT, devId);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
ret = wc_InitEccsiKey(priv, HEAP_HINT, devId);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
ret = eccsi_kat_verify_test(pub, pvt);
}
if (ret == 0) {
ret = eccsi_make_key_test(priv, pub, &rng, ssk, pvt);
}
if (ret == 0) {
ret = eccsi_sign_verify_test(priv, pub, &rng, ssk, pvt);
}
if (pvt != NULL)
wc_ecc_del_point(pvt);
if (rng_inited)
wc_FreeRng(&rng);
mp_free(ssk);
WC_FREE_VAR_EX(ssk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_FreeEccsiKey(pub);
WC_FREE_VAR_EX(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_FreeEccsiKey(priv);
WC_FREE_VAR_EX(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
#endif /* WOLFCRYPT_HAVE_ECCSI */
#ifdef WOLFCRYPT_HAVE_SAKKE
static wc_test_ret_t sakke_api_test(WC_RNG* rng, SakkeKey* key, ecc_point* rsk)
{
wc_test_ret_t ret;
byte id[1] = { 0x00 };
int valid;
byte data[256];
word32 sz;
byte auth[257];
word16 authSz;
byte ssv[256];
word16 ssvSz;
word32 len;
ret = wc_InitSakkeKey_ex(NULL, 128, ECC_SAKKE_1, NULL, devId);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_InitSakkeKey_ex(NULL, 128, ECC_SAKKE_1, HEAP_HINT, devId);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
wc_FreeSakkeKey(NULL);
XMEMSET(key, 0, sizeof(*key));
wc_FreeSakkeKey(key);
ret = wc_InitSakkeKey_ex(key, 128, ECC_SAKKE_1, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeSakkeKey(NULL, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeSakkeKey(key, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeSakkeKey(NULL, rng);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeSakkePublicKey(NULL, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeSakkePublicKey(key, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeSakkePublicKey(NULL, rsk);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeSakkeRsk(NULL, NULL, 1, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeSakkeRsk(key, id, 1, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeSakkeRsk(key, NULL, 1, rsk);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeSakkeRsk(NULL, id, 1, rsk);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ValidateSakkeRsk(NULL, NULL, 1, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ValidateSakkeRsk(key, id, 1, rsk, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ValidateSakkeRsk(NULL, id, 1, rsk, &valid);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ExportSakkeKey(NULL, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ExportSakkeKey(key, data, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ExportSakkeKey(NULL, data, &sz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ImportSakkeKey(NULL, NULL, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ImportSakkeKey(key, NULL, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ImportSakkeKey(NULL, data, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ExportSakkePrivateKey(NULL, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ExportSakkePrivateKey(key, data, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ExportSakkePrivateKey(NULL, data, &sz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ImportSakkePrivateKey(NULL, NULL, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ImportSakkePrivateKey(key, NULL, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ImportSakkePrivateKey(NULL, data, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
sz = sizeof(data);
ret = wc_EncodeSakkeRsk(NULL, NULL, data, NULL, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_EncodeSakkeRsk(key, rsk, data, NULL, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_EncodeSakkeRsk(key, NULL, data, &sz, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_EncodeSakkeRsk(NULL, rsk, data, &sz, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_DecodeSakkeRsk(NULL, NULL, sz, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_DecodeSakkeRsk(key, data, sz, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_DecodeSakkeRsk(key, NULL, sz, rsk);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_DecodeSakkeRsk(NULL, data, sz, rsk);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ImportSakkeRsk(NULL, NULL, sz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ImportSakkeRsk(key, NULL, sz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ImportSakkeRsk(NULL, data, sz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ImportSakkeRsk(key, data, 1);
if (ret != WC_NO_ERR_TRACE(BUFFER_E))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_GenerateSakkeRskTable(NULL, NULL, data, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_GenerateSakkeRskTable(key, NULL, data, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_GenerateSakkeRskTable(NULL, rsk, data, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_GenerateSakkeRskTable(NULL, NULL, data, &len);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_GenerateSakkeRskTable(key, rsk, data, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_GenerateSakkeRskTable(key, NULL, data, &len);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_GenerateSakkeRskTable(NULL, rsk, data, &len);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_GenerateSakkeRskTable(key, rsk, NULL, &len);
if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
return WC_TEST_RET_ENC_EC(ret);
len--;
ret = wc_GenerateSakkeRskTable(key, rsk, data, &len);
if (ret != WC_NO_ERR_TRACE(BUFFER_E))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ExportSakkePublicKey(NULL, data, NULL, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ExportSakkePublicKey(key, data, NULL, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ExportSakkePublicKey(NULL, data, &sz, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ImportSakkePublicKey(NULL, NULL, sz, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ImportSakkePublicKey(key, NULL, sz, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ImportSakkePublicKey(NULL, data, sz, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_GetSakkeAuthSize(NULL, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_GetSakkeAuthSize(key, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_GetSakkeAuthSize(NULL, &authSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeSakkePointI(NULL, NULL, SAKKE_ID_MAX_SIZE + 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeSakkePointI(key, NULL, SAKKE_ID_MAX_SIZE + 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeSakkePointI(NULL, id, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeSakkePointI(NULL, NULL, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeSakkePointI(key, id, SAKKE_ID_MAX_SIZE + 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeSakkePointI(key, NULL, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeSakkePointI(NULL, id, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_GenerateSakkePointITable(NULL, data, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_GenerateSakkePointITable(key, data, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_GenerateSakkePointITable(NULL, data, &len);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_GenerateSakkePointITable(key, NULL, &len);
if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
return WC_TEST_RET_ENC_EC(ret);
len--;
ret = wc_GenerateSakkePointITable(key, data, &len);
if (ret != WC_NO_ERR_TRACE(BUFFER_E))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetSakkePointITable(NULL, NULL, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetSakkePointITable(key, NULL, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetSakkePointITable(NULL, data, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetSakkePointITable(key, data, 1);
if (ret != WC_NO_ERR_TRACE(BUFFER_E))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ClearSakkePointITable(NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_GetSakkePointI(NULL, data, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_GetSakkePointI(key, data, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_GetSakkePointI(NULL, data, &sz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
sz = 1;
ret = wc_GetSakkePointI(key, data, &sz);
if (ret != WC_NO_ERR_TRACE(BUFFER_E))
return WC_TEST_RET_ENC_EC(ret);
sz = 256;
ret = wc_SetSakkePointI(NULL, NULL, 1, NULL, sz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetSakkePointI(key, NULL, 1, NULL, sz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetSakkePointI(NULL, id, 1, NULL, sz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetSakkePointI(NULL, NULL, 1, data, sz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetSakkePointI(key, id, 1, NULL, sz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetSakkePointI(key, NULL, 1, data, sz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetSakkePointI(NULL, id, 1, data, sz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetSakkePointI(key, id, SAKKE_ID_MAX_SIZE + 1, data, sz);
if (ret != WC_NO_ERR_TRACE(BUFFER_E))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetSakkePointI(key, id, 1, data, sz - 1);
if (ret != WC_NO_ERR_TRACE(BUFFER_E))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetSakkeIdentity(NULL, NULL, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetSakkeIdentity(key, NULL, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetSakkeIdentity(NULL, id, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ssvSz = sizeof(ssv);
ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz,
auth, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz,
auth, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz,
auth, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz,
auth, &authSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz,
auth, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz,
auth, &authSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz,
auth, &authSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz,
auth, &authSz);
if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_GenerateSakkeSSV(NULL, NULL, data, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_GenerateSakkeSSV(key, rng, data, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_GenerateSakkeSSV(key, NULL, data, &ssvSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_GenerateSakkeSSV(NULL, rng, data, &ssvSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetSakkeRsk(NULL, NULL, data, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetSakkeRsk(key, NULL, data, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetSakkeRsk(NULL, rsk, data, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ssvSz = sizeof(ssv);
authSz = sizeof(auth);
ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz, NULL,
authSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz, NULL,
authSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz, NULL,
authSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz, auth,
authSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, NULL,
authSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz, auth,
authSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
authSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
authSz);
if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetSakkeIdentity(key, id, 1);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
authSz);
if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetSakkeIdentity(key, id, 0);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetSakkeRsk(key, rsk, data, 1);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
authSz);
if (ret != WC_NO_ERR_TRACE(BAD_STATE_E))
return WC_TEST_RET_ENC_EC(ret);
wc_FreeSakkeKey(key);
return 0;
}
static wc_test_ret_t sakke_kat_derive_test(SakkeKey* key, ecc_point* rsk)
{
WOLFSSL_SMALL_STACK_STATIC const byte pubData[] = {
0x59, 0x58, 0xEF, 0x1B, 0x16, 0x79, 0xBF, 0x09,
0x9B, 0x3A, 0x03, 0x0D, 0xF2, 0x55, 0xAA, 0x6A,
0x23, 0xC1, 0xD8, 0xF1, 0x43, 0xD4, 0xD2, 0x3F,
0x75, 0x3E, 0x69, 0xBD, 0x27, 0xA8, 0x32, 0xF3,
0x8C, 0xB4, 0xAD, 0x53, 0xDD, 0xEF, 0x42, 0x60,
0xB0, 0xFE, 0x8B, 0xB4, 0x5C, 0x4C, 0x1F, 0xF5,
0x10, 0xEF, 0xFE, 0x30, 0x03, 0x67, 0xA3, 0x7B,
0x61, 0xF7, 0x01, 0xD9, 0x14, 0xAE, 0xF0, 0x97,
0x24, 0x82, 0x5F, 0xA0, 0x70, 0x7D, 0x61, 0xA6,
0xDF, 0xF4, 0xFB, 0xD7, 0x27, 0x35, 0x66, 0xCD,
0xDE, 0x35, 0x2A, 0x0B, 0x04, 0xB7, 0xC1, 0x6A,
0x78, 0x30, 0x9B, 0xE6, 0x40, 0x69, 0x7D, 0xE7,
0x47, 0x61, 0x3A, 0x5F, 0xC1, 0x95, 0xE8, 0xB9,
0xF3, 0x28, 0x85, 0x2A, 0x57, 0x9D, 0xB8, 0xF9,
0x9B, 0x1D, 0x00, 0x34, 0x47, 0x9E, 0xA9, 0xC5,
0x59, 0x5F, 0x47, 0xC4, 0xB2, 0xF5, 0x4F, 0xF2,
0x15, 0x08, 0xD3, 0x75, 0x14, 0xDC, 0xF7, 0xA8,
0xE1, 0x43, 0xA6, 0x05, 0x8C, 0x09, 0xA6, 0xBF,
0x2C, 0x98, 0x58, 0xCA, 0x37, 0xC2, 0x58, 0x06,
0x5A, 0xE6, 0xBF, 0x75, 0x32, 0xBC, 0x8B, 0x5B,
0x63, 0x38, 0x38, 0x66, 0xE0, 0x75, 0x3C, 0x5A,
0xC0, 0xE7, 0x27, 0x09, 0xF8, 0x44, 0x5F, 0x2E,
0x61, 0x78, 0xE0, 0x65, 0x85, 0x7E, 0x0E, 0xDA,
0x10, 0xF6, 0x82, 0x06, 0xB6, 0x35, 0x05, 0xED,
0x87, 0xE5, 0x34, 0xFB, 0x28, 0x31, 0xFF, 0x95,
0x7F, 0xB7, 0xDC, 0x61, 0x9D, 0xAE, 0x61, 0x30,
0x1E, 0xEA, 0xCC, 0x2F, 0xDA, 0x36, 0x80, 0xEA,
0x49, 0x99, 0x25, 0x8A, 0x83, 0x3C, 0xEA, 0x8F,
0xC6, 0x7C, 0x6D, 0x19, 0x48, 0x7F, 0xB4, 0x49,
0x05, 0x9F, 0x26, 0xCC, 0x8A, 0xAB, 0x65, 0x5A,
0xB5, 0x8B, 0x7C, 0xC7, 0x96, 0xE2, 0x4E, 0x9A,
0x39, 0x40, 0x95, 0x75, 0x4F, 0x5F, 0x8B, 0xAE
};
WOLFSSL_SMALL_STACK_STATIC const byte rskData[] = {
0x93, 0xAF, 0x67, 0xE5, 0x00, 0x7B, 0xA6, 0xE6,
0xA8, 0x0D, 0xA7, 0x93, 0xDA, 0x30, 0x0F, 0xA4,
0xB5, 0x2D, 0x0A, 0x74, 0xE2, 0x5E, 0x6E, 0x7B,
0x2B, 0x3D, 0x6E, 0xE9, 0xD1, 0x8A, 0x9B, 0x5C,
0x50, 0x23, 0x59, 0x7B, 0xD8, 0x2D, 0x80, 0x62,
0xD3, 0x40, 0x19, 0x56, 0x3B, 0xA1, 0xD2, 0x5C,
0x0D, 0xC5, 0x6B, 0x7B, 0x97, 0x9D, 0x74, 0xAA,
0x50, 0xF2, 0x9F, 0xBF, 0x11, 0xCC, 0x2C, 0x93,
0xF5, 0xDF, 0xCA, 0x61, 0x5E, 0x60, 0x92, 0x79,
0xF6, 0x17, 0x5C, 0xEA, 0xDB, 0x00, 0xB5, 0x8C,
0x6B, 0xEE, 0x1E, 0x7A, 0x2A, 0x47, 0xC4, 0xF0,
0xC4, 0x56, 0xF0, 0x52, 0x59, 0xA6, 0xFA, 0x94,
0xA6, 0x34, 0xA4, 0x0D, 0xAE, 0x1D, 0xF5, 0x93,
0xD4, 0xFE, 0xCF, 0x68, 0x8D, 0x5F, 0xC6, 0x78,
0xBE, 0x7E, 0xFC, 0x6D, 0xF3, 0xD6, 0x83, 0x53,
0x25, 0xB8, 0x3B, 0x2C, 0x6E, 0x69, 0x03, 0x6B,
0x15, 0x5F, 0x0A, 0x27, 0x24, 0x10, 0x94, 0xB0,
0x4B, 0xFB, 0x0B, 0xDF, 0xAC, 0x6C, 0x67, 0x0A,
0x65, 0xC3, 0x25, 0xD3, 0x9A, 0x06, 0x9F, 0x03,
0x65, 0x9D, 0x44, 0xCA, 0x27, 0xD3, 0xBE, 0x8D,
0xF3, 0x11, 0x17, 0x2B, 0x55, 0x41, 0x60, 0x18,
0x1C, 0xBE, 0x94, 0xA2, 0xA7, 0x83, 0x32, 0x0C,
0xED, 0x59, 0x0B, 0xC4, 0x26, 0x44, 0x70, 0x2C,
0xF3, 0x71, 0x27, 0x1E, 0x49, 0x6B, 0xF2, 0x0F,
0x58, 0x8B, 0x78, 0xA1, 0xBC, 0x01, 0xEC, 0xBB,
0x65, 0x59, 0x93, 0x4B, 0xDD, 0x2F, 0xB6, 0x5D,
0x28, 0x84, 0x31, 0x8A, 0x33, 0xD1, 0xA4, 0x2A,
0xDF, 0x5E, 0x33, 0xCC, 0x58, 0x00, 0x28, 0x0B,
0x28, 0x35, 0x64, 0x97, 0xF8, 0x71, 0x35, 0xBA,
0xB9, 0x61, 0x2A, 0x17, 0x26, 0x04, 0x24, 0x40,
0x9A, 0xC1, 0x5F, 0xEE, 0x99, 0x6B, 0x74, 0x4C,
0x33, 0x21, 0x51, 0x23, 0x5D, 0xEC, 0xB0, 0xF5
};
WOLFSSL_SMALL_STACK_STATIC const byte id[] = {
0x32, 0x30, 0x31, 0x31, 0x2D, 0x30, 0x32, 0x00,
0x74, 0x65, 0x6C, 0x3A, 0x2B, 0x34, 0x34, 0x37,
0x37, 0x30, 0x30, 0x39, 0x30, 0x30, 0x31, 0x32,
0x33, 0x00
};
WOLFSSL_SMALL_STACK_STATIC const byte ssv[] = {
0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0
};
WOLFSSL_SMALL_STACK_STATIC const byte auth[] = {
0x04,
0x44, 0xE8, 0xAD, 0x44, 0xAB, 0x85, 0x92, 0xA6,
0xA5, 0xA3, 0xDD, 0xCA, 0x5C, 0xF8, 0x96, 0xC7,
0x18, 0x04, 0x36, 0x06, 0xA0, 0x1D, 0x65, 0x0D,
0xEF, 0x37, 0xA0, 0x1F, 0x37, 0xC2, 0x28, 0xC3,
0x32, 0xFC, 0x31, 0x73, 0x54, 0xE2, 0xC2, 0x74,
0xD4, 0xDA, 0xF8, 0xAD, 0x00, 0x10, 0x54, 0xC7,
0x6C, 0xE5, 0x79, 0x71, 0xC6, 0xF4, 0x48, 0x6D,
0x57, 0x23, 0x04, 0x32, 0x61, 0xC5, 0x06, 0xEB,
0xF5, 0xBE, 0x43, 0x8F, 0x53, 0xDE, 0x04, 0xF0,
0x67, 0xC7, 0x76, 0xE0, 0xDD, 0x3B, 0x71, 0xA6,
0x29, 0x01, 0x33, 0x28, 0x37, 0x25, 0xA5, 0x32,
0xF2, 0x1A, 0xF1, 0x45, 0x12, 0x6D, 0xC1, 0xD7,
0x77, 0xEC, 0xC2, 0x7B, 0xE5, 0x08, 0x35, 0xBD,
0x28, 0x09, 0x8B, 0x8A, 0x73, 0xD9, 0xF8, 0x01,
0xD8, 0x93, 0x79, 0x3A, 0x41, 0xFF, 0x5C, 0x49,
0xB8, 0x7E, 0x79, 0xF2, 0xBE, 0x4D, 0x56, 0xCE,
0x55, 0x7E, 0x13, 0x4A, 0xD8, 0x5B, 0xB1, 0xD4,
0xB9, 0xCE, 0x4F, 0x8B, 0xE4, 0xB0, 0x8A, 0x12,
0xBA, 0xBF, 0x55, 0xB1, 0xD6, 0xF1, 0xD7, 0xA6,
0x38, 0x01, 0x9E, 0xA2, 0x8E, 0x15, 0xAB, 0x1C,
0x9F, 0x76, 0x37, 0x5F, 0xDD, 0x12, 0x10, 0xD4,
0xF4, 0x35, 0x1B, 0x9A, 0x00, 0x94, 0x86, 0xB7,
0xF3, 0xED, 0x46, 0xC9, 0x65, 0xDE, 0xD2, 0xD8,
0x0D, 0xAD, 0xE4, 0xF3, 0x8C, 0x67, 0x21, 0xD5,
0x2C, 0x3A, 0xD1, 0x03, 0xA1, 0x0E, 0xBD, 0x29,
0x59, 0x24, 0x8B, 0x4E, 0xF0, 0x06, 0x83, 0x6B,
0xF0, 0x97, 0x44, 0x8E, 0x61, 0x07, 0xC9, 0xED,
0xEE, 0x9F, 0xB7, 0x04, 0x82, 0x3D, 0xF1, 0x99,
0xF8, 0x32, 0xC9, 0x05, 0xAE, 0x45, 0xF8, 0xA2,
0x47, 0xA0, 0x72, 0xD8, 0xEF, 0x72, 0x9E, 0xAB,
0xC5, 0xE2, 0x75, 0x74, 0xB0, 0x77, 0x39, 0xB3,
0x4B, 0xE7, 0x4A, 0x53, 0x2F, 0x74, 0x7B, 0x86
};
WOLFSSL_SMALL_STACK_STATIC const byte encSsv[] = {
0x89, 0xE0, 0xBC, 0x66, 0x1A, 0xA1, 0xE9, 0x16,
0x38, 0xE6, 0xAC, 0xC8, 0x4E, 0x49, 0x65, 0x07
};
wc_test_ret_t ret;
int valid;
byte pubKey[sizeof(pubData) + 1];
word32 sz = sizeof(pubKey);
byte tmpSsv[sizeof(encSsv)];
byte* iTable = NULL;
word32 iTableLen;
byte* table = NULL;
word32 len;
ret = wc_ImportSakkePublicKey(key, pubData, sizeof(pubData), 0);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_DecodeSakkeRsk(key, rskData, sizeof(rskData), rsk);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ValidateSakkeRsk(key, id, sizeof(id), rsk, &valid);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (valid != 1)
return WC_TEST_RET_ENC_NC;
ret = wc_SetSakkeRsk(key, rsk, NULL, 0);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetSakkeIdentity(key, id, sizeof(id));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
XMEMCPY(tmpSsv, encSsv, sizeof(encSsv));
ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, tmpSsv, sizeof(tmpSsv),
auth, sizeof(auth));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(tmpSsv, ssv, sizeof(ssv)) != 0)
return WC_TEST_RET_ENC_NC;
ret = wc_MakeSakkePointI(key, id, sizeof(id));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
iTableLen = 0;
ret = wc_GenerateSakkePointITable(key, NULL, &iTableLen);
if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
return WC_TEST_RET_ENC_EC(ret);
if (iTableLen != 0) {
iTable = (byte*)XMALLOC(iTableLen, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (iTable == NULL) {
ret = WC_TEST_RET_ENC_ERRNO;
goto out;
}
ret = wc_GenerateSakkePointITable(key, iTable, &iTableLen);
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret);
goto out;
}
}
len = 0;
ret = wc_GenerateSakkeRskTable(key, rsk, NULL, &len);
if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto out;
}
if (len > 0) {
table = (byte*)XMALLOC(len, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (table == NULL) {
ret = WC_TEST_RET_ENC_ERRNO;
goto out;
}
ret = wc_GenerateSakkeRskTable(key, rsk, table, &len);
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret);
goto out;
}
}
ret = wc_SetSakkeRsk(key, rsk, table, len);
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret);
goto out;
}
XMEMCPY(tmpSsv, encSsv, sizeof(encSsv));
ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, tmpSsv, sizeof(tmpSsv),
auth, sizeof(auth));
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret);
goto out;
}
if (XMEMCMP(tmpSsv, ssv, sizeof(ssv)) != 0) {
ret = WC_TEST_RET_ENC_NC;
goto out;
}
/* Don't reference table that is about to be freed. */
ret = wc_ClearSakkePointITable(key);
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret);
}
out:
/* Dispose of tables */
XFREE(iTable, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(table, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
/* return error code if encountered */
if (ret != 0) {
return ret;
}
/* Make sure the key public key is exportable - convert to Montgomery form
* in Validation.
*/
ret = wc_ExportSakkePublicKey(key, pubKey, &sz, 1);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (sz != sizeof(pubData))
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(pubKey, pubData, sizeof(pubData)) != 0)
return WC_TEST_RET_ENC_NC;
sz = sizeof(pubData) + 1;
ret = wc_ExportSakkePublicKey(key, pubKey, &sz, 0);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (sz != sizeof(pubData) + 1)
return WC_TEST_RET_ENC_NC;
if (pubKey[0] != 0x04)
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(pubKey + 1, pubData, sizeof(pubData)) != 0)
return WC_TEST_RET_ENC_NC;
return 0;
}
static wc_test_ret_t sakke_kat_encapsulate_test(SakkeKey* key)
{
static const byte pubData[] = {
0x59, 0x58, 0xEF, 0x1B, 0x16, 0x79, 0xBF, 0x09,
0x9B, 0x3A, 0x03, 0x0D, 0xF2, 0x55, 0xAA, 0x6A,
0x23, 0xC1, 0xD8, 0xF1, 0x43, 0xD4, 0xD2, 0x3F,
0x75, 0x3E, 0x69, 0xBD, 0x27, 0xA8, 0x32, 0xF3,
0x8C, 0xB4, 0xAD, 0x53, 0xDD, 0xEF, 0x42, 0x60,
0xB0, 0xFE, 0x8B, 0xB4, 0x5C, 0x4C, 0x1F, 0xF5,
0x10, 0xEF, 0xFE, 0x30, 0x03, 0x67, 0xA3, 0x7B,
0x61, 0xF7, 0x01, 0xD9, 0x14, 0xAE, 0xF0, 0x97,
0x24, 0x82, 0x5F, 0xA0, 0x70, 0x7D, 0x61, 0xA6,
0xDF, 0xF4, 0xFB, 0xD7, 0x27, 0x35, 0x66, 0xCD,
0xDE, 0x35, 0x2A, 0x0B, 0x04, 0xB7, 0xC1, 0x6A,
0x78, 0x30, 0x9B, 0xE6, 0x40, 0x69, 0x7D, 0xE7,
0x47, 0x61, 0x3A, 0x5F, 0xC1, 0x95, 0xE8, 0xB9,
0xF3, 0x28, 0x85, 0x2A, 0x57, 0x9D, 0xB8, 0xF9,
0x9B, 0x1D, 0x00, 0x34, 0x47, 0x9E, 0xA9, 0xC5,
0x59, 0x5F, 0x47, 0xC4, 0xB2, 0xF5, 0x4F, 0xF2,
0x15, 0x08, 0xD3, 0x75, 0x14, 0xDC, 0xF7, 0xA8,
0xE1, 0x43, 0xA6, 0x05, 0x8C, 0x09, 0xA6, 0xBF,
0x2C, 0x98, 0x58, 0xCA, 0x37, 0xC2, 0x58, 0x06,
0x5A, 0xE6, 0xBF, 0x75, 0x32, 0xBC, 0x8B, 0x5B,
0x63, 0x38, 0x38, 0x66, 0xE0, 0x75, 0x3C, 0x5A,
0xC0, 0xE7, 0x27, 0x09, 0xF8, 0x44, 0x5F, 0x2E,
0x61, 0x78, 0xE0, 0x65, 0x85, 0x7E, 0x0E, 0xDA,
0x10, 0xF6, 0x82, 0x06, 0xB6, 0x35, 0x05, 0xED,
0x87, 0xE5, 0x34, 0xFB, 0x28, 0x31, 0xFF, 0x95,
0x7F, 0xB7, 0xDC, 0x61, 0x9D, 0xAE, 0x61, 0x30,
0x1E, 0xEA, 0xCC, 0x2F, 0xDA, 0x36, 0x80, 0xEA,
0x49, 0x99, 0x25, 0x8A, 0x83, 0x3C, 0xEA, 0x8F,
0xC6, 0x7C, 0x6D, 0x19, 0x48, 0x7F, 0xB4, 0x49,
0x05, 0x9F, 0x26, 0xCC, 0x8A, 0xAB, 0x65, 0x5A,
0xB5, 0x8B, 0x7C, 0xC7, 0x96, 0xE2, 0x4E, 0x9A,
0x39, 0x40, 0x95, 0x75, 0x4F, 0x5F, 0x8B, 0xAE
};
static const byte id[] = {
0x32, 0x30, 0x31, 0x31, 0x2D, 0x30, 0x32, 0x00,
0x74, 0x65, 0x6C, 0x3A, 0x2B, 0x34, 0x34, 0x37,
0x37, 0x30, 0x30, 0x39, 0x30, 0x30, 0x31, 0x32,
0x33, 0x00
};
static const word32 idSz = sizeof(id);
byte ssv[] = {
0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0
};
static const word16 ssvSz = sizeof(ssv);
static const byte expAuth[] = {
0x04,
0x44, 0xE8, 0xAD, 0x44, 0xAB, 0x85, 0x92, 0xA6,
0xA5, 0xA3, 0xDD, 0xCA, 0x5C, 0xF8, 0x96, 0xC7,
0x18, 0x04, 0x36, 0x06, 0xA0, 0x1D, 0x65, 0x0D,
0xEF, 0x37, 0xA0, 0x1F, 0x37, 0xC2, 0x28, 0xC3,
0x32, 0xFC, 0x31, 0x73, 0x54, 0xE2, 0xC2, 0x74,
0xD4, 0xDA, 0xF8, 0xAD, 0x00, 0x10, 0x54, 0xC7,
0x6C, 0xE5, 0x79, 0x71, 0xC6, 0xF4, 0x48, 0x6D,
0x57, 0x23, 0x04, 0x32, 0x61, 0xC5, 0x06, 0xEB,
0xF5, 0xBE, 0x43, 0x8F, 0x53, 0xDE, 0x04, 0xF0,
0x67, 0xC7, 0x76, 0xE0, 0xDD, 0x3B, 0x71, 0xA6,
0x29, 0x01, 0x33, 0x28, 0x37, 0x25, 0xA5, 0x32,
0xF2, 0x1A, 0xF1, 0x45, 0x12, 0x6D, 0xC1, 0xD7,
0x77, 0xEC, 0xC2, 0x7B, 0xE5, 0x08, 0x35, 0xBD,
0x28, 0x09, 0x8B, 0x8A, 0x73, 0xD9, 0xF8, 0x01,
0xD8, 0x93, 0x79, 0x3A, 0x41, 0xFF, 0x5C, 0x49,
0xB8, 0x7E, 0x79, 0xF2, 0xBE, 0x4D, 0x56, 0xCE,
0x55, 0x7E, 0x13, 0x4A, 0xD8, 0x5B, 0xB1, 0xD4,
0xB9, 0xCE, 0x4F, 0x8B, 0xE4, 0xB0, 0x8A, 0x12,
0xBA, 0xBF, 0x55, 0xB1, 0xD6, 0xF1, 0xD7, 0xA6,
0x38, 0x01, 0x9E, 0xA2, 0x8E, 0x15, 0xAB, 0x1C,
0x9F, 0x76, 0x37, 0x5F, 0xDD, 0x12, 0x10, 0xD4,
0xF4, 0x35, 0x1B, 0x9A, 0x00, 0x94, 0x86, 0xB7,
0xF3, 0xED, 0x46, 0xC9, 0x65, 0xDE, 0xD2, 0xD8,
0x0D, 0xAD, 0xE4, 0xF3, 0x8C, 0x67, 0x21, 0xD5,
0x2C, 0x3A, 0xD1, 0x03, 0xA1, 0x0E, 0xBD, 0x29,
0x59, 0x24, 0x8B, 0x4E, 0xF0, 0x06, 0x83, 0x6B,
0xF0, 0x97, 0x44, 0x8E, 0x61, 0x07, 0xC9, 0xED,
0xEE, 0x9F, 0xB7, 0x04, 0x82, 0x3D, 0xF1, 0x99,
0xF8, 0x32, 0xC9, 0x05, 0xAE, 0x45, 0xF8, 0xA2,
0x47, 0xA0, 0x72, 0xD8, 0xEF, 0x72, 0x9E, 0xAB,
0xC5, 0xE2, 0x75, 0x74, 0xB0, 0x77, 0x39, 0xB3,
0x4B, 0xE7, 0x4A, 0x53, 0x2F, 0x74, 0x7B, 0x86
};
static const byte encSsv[] = {
0x89, 0xE0, 0xBC, 0x66, 0x1A, 0xA1, 0xE9, 0x16,
0x38, 0xE6, 0xAC, 0xC8, 0x4E, 0x49, 0x65, 0x07
};
wc_test_ret_t ret;
byte auth[257];
word16 authSz = sizeof(auth);
ret = wc_ImportSakkePublicKey(key, pubData, sizeof(pubData), 0);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetSakkeIdentity(key, id, idSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz,
auth, &authSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (authSz != 257)
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(ssv, encSsv, ssvSz) != 0)
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(auth, expAuth, authSz) != 0)
return WC_TEST_RET_ENC_NC;
return 0;
}
static wc_test_ret_t sakke_make_key_test(SakkeKey* priv, SakkeKey* pub, SakkeKey* key,
WC_RNG* rng, ecc_point* rsk)
{
wc_test_ret_t ret;
byte data[440];
byte pubData[257];
word32 sz;
char mail[] = "test@wolfssl.com";
byte* id = (byte*)mail;
word32 idSz = (word32)XSTRLEN(mail);
int valid;
ecc_point* pubKey = rsk;
ret = wc_InitSakkeKey_ex(key, 128, ECC_SAKKE_1, NULL, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeSakkeKey(priv, rng);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ExportSakkeKey(priv, NULL, &sz);
if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
return WC_TEST_RET_ENC_EC(ret);
if (sz != 384)
return WC_TEST_RET_ENC_NC;
sz--;
ret = wc_ExportSakkeKey(priv, data, &sz);
if (ret == 0)
return WC_TEST_RET_ENC_NC;
sz++;
ret = wc_ExportSakkeKey(priv, data, &sz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (sz != 384)
return WC_TEST_RET_ENC_NC;
ret = wc_ImportSakkeKey(key, data, sz - 1);
if (ret == 0)
return WC_TEST_RET_ENC_NC;
ret = wc_ImportSakkeKey(key, data, sz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
wc_FreeSakkeKey(key);
ret = wc_InitSakkeKey_ex(key, 128, ECC_SAKKE_1, NULL, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ExportSakkePrivateKey(priv, NULL, &sz);
if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
return WC_TEST_RET_ENC_EC(ret);
if (sz != 128)
return WC_TEST_RET_ENC_NC;
sz--;
ret = wc_ExportSakkePrivateKey(priv, data, &sz);
if (ret == 0)
return WC_TEST_RET_ENC_NC;
sz++;
ret = wc_ExportSakkePrivateKey(priv, data, &sz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (sz != 128)
return WC_TEST_RET_ENC_NC;
ret = wc_ImportSakkePrivateKey(key, data, sz - 1);
if (ret == 0)
return WC_TEST_RET_ENC_NC;
ret = wc_ImportSakkePrivateKey(key, data, sz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeSakkePublicKey(key, pubKey);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ExportSakkePublicKey(priv, NULL, &sz, 1);
if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
return WC_TEST_RET_ENC_EC(ret);
if (sz != 256)
return WC_TEST_RET_ENC_NC;
sz--;
ret = wc_ExportSakkePublicKey(priv, data, &sz, 1);
if (ret == 0)
return WC_TEST_RET_ENC_NC;
sz++;
ret = wc_ExportSakkePublicKey(priv, data, &sz, 1);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (sz != 256)
return WC_TEST_RET_ENC_NC;
ret = wc_ImportSakkePublicKey(pub, data, sz - 1, 1);
if (ret == 0)
return WC_TEST_RET_ENC_NC;
ret = wc_ImportSakkePublicKey(pub, data, sz, 1);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ExportSakkePublicKey(pub, pubData, &sz, 1);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (sz != 256)
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(data, pubData, sz) != 0)
return WC_TEST_RET_ENC_NC;
ret = wc_MakeSakkeRsk(priv, id, idSz, rsk);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_ValidateSakkeRsk(priv, id, idSz, rsk, &valid);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (valid != 1)
return WC_TEST_RET_ENC_NC;
ret = wc_ValidateSakkeRsk(pub, id, idSz, rsk, &valid);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (valid != 1)
return WC_TEST_RET_ENC_NC;
sz = sizeof(data);
ret = wc_EncodeSakkeRsk(priv, rsk, data, &sz, 1);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (sz != 256)
return WC_TEST_RET_ENC_NC;
ret = wc_DecodeSakkeRsk(priv, data, sz, rsk);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
sz = sizeof(pubData);
ret = wc_EncodeSakkeRsk(priv, rsk, pubData, &sz, 0);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (sz != sizeof(pubData))
return WC_TEST_RET_ENC_NC;
ret = wc_DecodeSakkeRsk(priv, pubData, sz, rsk);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
wc_FreeSakkeKey(key);
return 0;
}
static wc_test_ret_t sakke_op_test(SakkeKey* priv, SakkeKey* pub, WC_RNG* rng,
ecc_point* rsk)
{
wc_test_ret_t ret;
byte ssv[16];
word16 ssvSz;
byte auth[257];
word16 authSz;
char mail[] = "test@wolfssl.com";
byte* id = (byte*)mail;
word32 idSz = (word32)XSTRLEN(mail);
byte pointI[256];
word32 sz;
ret = wc_GenerateSakkeSSV(pub, rng, NULL, &ssvSz);
if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
return WC_TEST_RET_ENC_EC(ret);
if (ssvSz != 16)
return WC_TEST_RET_ENC_NC;
ssvSz += 128;
ret = wc_GenerateSakkeSSV(pub, rng, ssv, &ssvSz);
if (ret == 0)
return WC_TEST_RET_ENC_NC;
ssvSz -= 128;
ret = wc_GenerateSakkeSSV(pub, rng, ssv, &ssvSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (ssvSz != 16)
return WC_TEST_RET_ENC_NC;
ret = wc_GetSakkeAuthSize(pub, &authSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetSakkeIdentity(pub, id, idSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz,
NULL, &authSz);
if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
return WC_TEST_RET_ENC_EC(ret);
if (authSz != 257)
return WC_TEST_RET_ENC_NC;
authSz--;
ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz,
auth, &authSz);
if (ret == 0)
return WC_TEST_RET_ENC_NC;
authSz++;
ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz,
auth, &authSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (authSz != 257)
return WC_TEST_RET_ENC_NC;
ret = wc_GetSakkePointI(pub, NULL, &sz);
if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
return WC_TEST_RET_ENC_EC(ret);
if (sz != 256)
return WC_TEST_RET_ENC_NC;
ret = wc_GetSakkePointI(pub, pointI, &sz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (sz != 256)
return WC_TEST_RET_ENC_NC;
/* Bogus identity - make it check and regenerate I. */
ret = wc_MakeSakkePointI(pub, ssv, ssvSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz,
auth, &authSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (authSz != 257)
return WC_TEST_RET_ENC_NC;
ret = wc_SetSakkeRsk(priv, rsk, NULL, 0);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SetSakkeIdentity(priv, id, idSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
authSz--;
ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
authSz);
if (ret == 0)
return WC_TEST_RET_ENC_NC;
authSz++;
ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
authSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ssv[0] ^= 0x80;
ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
authSz);
if (ret != WC_NO_ERR_TRACE(SAKKE_VERIFY_FAIL_E))
return WC_TEST_RET_ENC_EC(ret);
ssv[0] ^= 0x80;
/* Bogus identity - make it check and regenerate I. */
ret = wc_MakeSakkePointI(pub, ssv, idSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
authSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
{
/* All three SSV entry points reject ssvSz=0 and ssvSz>n. */
word16 zeroSz = 0;
word16 hugeSz = 0xFFFF;
ret = wc_GenerateSakkeSSV(pub, rng, ssv, &zeroSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_NC;
zeroSz = 0;
ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, zeroSz,
auth, &authSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_NC;
ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, zeroSz, auth,
authSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_NC;
ret = wc_GenerateSakkeSSV(pub, rng, ssv, &hugeSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_NC;
hugeSz = 0xFFFF;
ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, hugeSz,
auth, &authSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_NC;
ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, hugeSz, auth,
authSz);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_NC;
}
{
/* Round-trip encap/derive across ssvSz shapes that exercise the
* multi-iteration paths in sakke_xor_in_v. SHA-256 hashSz=32:
* 48: 2 iterations, partial first block.
* 72: 3 iterations, exercises the len-clamp on the middle iter.
* 64: 2 iterations, exact-multiple (skip==0). */
static const word16 extSzs[3] = { 48, 72, 64 };
byte ssvExt[72];
byte ssvRef[72];
word16 extAuthSz;
int i;
for (i = 0; i < 3; i++) {
word16 extSz = extSzs[i];
ret = wc_RNG_GenerateBlock(rng, ssvRef, extSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
XMEMCPY(ssvExt, ssvRef, extSz);
extAuthSz = 257;
ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssvExt,
extSz, auth, &extAuthSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssvExt, extSz,
auth, extAuthSz);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(ssvExt, ssvRef, extSz) != 0)
return WC_TEST_RET_ENC_NC;
}
}
return 0;
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sakke_test(void)
{
wc_test_ret_t ret = 0;
WC_RNG rng;
int rng_inited = 0;
WC_DECLARE_VAR(priv, SakkeKey, 1, HEAP_HINT);
WC_DECLARE_VAR(pub, SakkeKey, 1, HEAP_HINT);
WC_DECLARE_VAR(key, SakkeKey, 1, HEAP_HINT);
ecc_point* rsk = NULL;
WOLFSSL_ENTER("sakke_test");
WC_ALLOC_VAR_EX(priv, SakkeKey, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER, ret = WC_TEST_RET_ENC_EC(MEMORY_E));
if (ret == 0) {
XMEMSET(priv, 0, sizeof(*priv));
WC_ALLOC_VAR_EX(pub, SakkeKey, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER, ret = WC_TEST_RET_ENC_EC(MEMORY_E));
}
if (ret == 0) {
XMEMSET(pub, 0, sizeof(*pub));
WC_ALLOC_VAR_EX(key, SakkeKey, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER, ret = WC_TEST_RET_ENC_EC(MEMORY_E));
}
if (ret == 0) {
XMEMSET(key, 0, sizeof(*key));
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
ret = wc_InitRng(&rng);
#endif
if (ret == 0)
rng_inited = 1;
else
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
rsk = wc_ecc_new_point();
if (rsk == NULL)
ret = WC_TEST_RET_ENC_NC;
}
if (ret == 0) {
ret = wc_InitSakkeKey(pub, HEAP_HINT, devId);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
ret = wc_InitSakkeKey(priv, HEAP_HINT, devId);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
ret = sakke_api_test(&rng, key, rsk);
}
if (ret == 0) {
ret = sakke_kat_derive_test(pub, rsk);
}
if (ret == 0) {
ret = sakke_kat_encapsulate_test(pub);
}
if (ret == 0) {
ret = sakke_make_key_test(priv, pub, key, &rng, rsk);
}
if (ret == 0) {
ret = sakke_op_test(priv, pub, &rng, rsk);
}
if (rsk != NULL) {
wc_ecc_forcezero_point(rsk);
wc_ecc_del_point(rsk);
}
if (rng_inited)
wc_FreeRng(&rng);
WC_FREE_VAR_EX(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_FreeSakkeKey(pub);
WC_FREE_VAR_EX(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_FreeSakkeKey(priv);
WC_FREE_VAR_EX(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
#endif /* WOLFCRYPT_HAVE_SAKKE */
#if defined(WOLFSSL_CMAC) && !defined(NO_AES)
typedef struct CMAC_Test_Case {
int type;
int partial;
const byte* m;
word32 mSz;
const byte* k;
word32 kSz;
const byte* t;
word32 tSz;
} CMAC_Test_Case;
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void)
{
#ifdef WOLFSSL_AES_128
WOLFSSL_SMALL_STACK_STATIC const byte k128[] =
{
0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
};
#define KLEN_128 (sizeof(k128))
#endif
#ifdef WOLFSSL_AES_192
WOLFSSL_SMALL_STACK_STATIC const byte k192[] =
{
0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b
};
#define KLEN_192 (sizeof(k192))
#endif
#ifdef WOLFSSL_AES_256
WOLFSSL_SMALL_STACK_STATIC const byte k256[] =
{
0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
};
#define KLEN_256 (sizeof(k256))
#endif
WOLFSSL_SMALL_STACK_STATIC const byte m[] =
{
0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
};
#define MLEN_0 (0)
#define MLEN_128 (128/8)
#define MLEN_320 (320/8)
#define MLEN_319 (MLEN_320 - 1)
#define MLEN_512 (512/8)
#ifdef WOLFSSL_AES_128
WOLFSSL_SMALL_STACK_STATIC const byte t128_0[] =
{
0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46
};
WOLFSSL_SMALL_STACK_STATIC const byte t128_128[] =
{
0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c
};
WOLFSSL_SMALL_STACK_STATIC const byte t128_319[] =
{
0x2c, 0x17, 0x84, 0x4c, 0x93, 0x1c, 0x07, 0x95,
0x15, 0x92, 0x73, 0x0a, 0x34, 0xd0, 0xd9, 0xd2
};
WOLFSSL_SMALL_STACK_STATIC const byte t128_320[] =
{
0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27
};
WOLFSSL_SMALL_STACK_STATIC const byte t128_512[] =
{
0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe
};
#endif
#ifdef WOLFSSL_AES_192
WOLFSSL_SMALL_STACK_STATIC const byte t192_0[] =
{
0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5,
0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67
};
WOLFSSL_SMALL_STACK_STATIC const byte t192_128[] =
{
0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90,
0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84
};
WOLFSSL_SMALL_STACK_STATIC const byte t192_320[] =
{
0x8a, 0x1d, 0xe5, 0xbe, 0x2e, 0xb3, 0x1a, 0xad,
0x08, 0x9a, 0x82, 0xe6, 0xee, 0x90, 0x8b, 0x0e
};
WOLFSSL_SMALL_STACK_STATIC const byte t192_512[] =
{
0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79,
0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11
};
#endif
#ifdef WOLFSSL_AES_256
WOLFSSL_SMALL_STACK_STATIC const byte t256_0[] =
{
0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e,
0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83
};
WOLFSSL_SMALL_STACK_STATIC const byte t256_128[] =
{
0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82,
0xbd, 0x4b, 0xf2, 0x8d, 0x8c, 0x37, 0xc3, 0x5c
};
WOLFSSL_SMALL_STACK_STATIC const byte t256_320[] =
{
0xaa, 0xf3, 0xd8, 0xf1, 0xde, 0x56, 0x40, 0xc2,
0x32, 0xf5, 0xb1, 0x69, 0xb9, 0xc9, 0x11, 0xe6
};
WOLFSSL_SMALL_STACK_STATIC const byte t256_512[] =
{
0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5,
0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10
};
#endif
const CMAC_Test_Case testCases[] =
{
#ifdef WOLFSSL_AES_128
{WC_CMAC_AES, 0, m, MLEN_0, k128, KLEN_128, t128_0, WC_AES_BLOCK_SIZE},
{WC_CMAC_AES, 0, m, MLEN_128, k128, KLEN_128, t128_128, WC_AES_BLOCK_SIZE},
{WC_CMAC_AES, 0, m, MLEN_320, k128, KLEN_128, t128_320, WC_AES_BLOCK_SIZE},
{WC_CMAC_AES, 0, m, MLEN_512, k128, KLEN_128, t128_512, WC_AES_BLOCK_SIZE},
{WC_CMAC_AES, 5, m, MLEN_512, k128, KLEN_128, t128_512, WC_AES_BLOCK_SIZE},
#endif
#ifdef WOLFSSL_AES_192
{WC_CMAC_AES, 0, m, MLEN_0, k192, KLEN_192, t192_0, WC_AES_BLOCK_SIZE},
{WC_CMAC_AES, 0, m, MLEN_128, k192, KLEN_192, t192_128, WC_AES_BLOCK_SIZE},
{WC_CMAC_AES, 0, m, MLEN_320, k192, KLEN_192, t192_320, WC_AES_BLOCK_SIZE},
{WC_CMAC_AES, 0, m, MLEN_512, k192, KLEN_192, t192_512, WC_AES_BLOCK_SIZE},
#endif
#ifdef WOLFSSL_AES_256
{WC_CMAC_AES, 0, m, MLEN_0, k256, KLEN_256, t256_0, WC_AES_BLOCK_SIZE},
{WC_CMAC_AES, 0, m, MLEN_128, k256, KLEN_256, t256_128, WC_AES_BLOCK_SIZE},
{WC_CMAC_AES, 0, m, MLEN_320, k256, KLEN_256, t256_320, WC_AES_BLOCK_SIZE},
{WC_CMAC_AES, 0, m, MLEN_512, k256, KLEN_256, t256_512, WC_AES_BLOCK_SIZE},
#endif
#ifdef WOLFSSL_AES_128
{WC_CMAC_AES, 0, m, MLEN_319, k128, KLEN_128, t128_319, WC_AES_BLOCK_SIZE}
#endif
};
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
Cmac *cmac;
#else
Cmac cmac[1];
#endif
byte tag[WC_AES_BLOCK_SIZE];
const CMAC_Test_Case* tc;
word32 i, tagSz;
wc_test_ret_t ret;
WOLFSSL_ENTER("cmac_test");
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if ((cmac = (Cmac *)XMALLOC(sizeof *cmac, HEAP_HINT, DYNAMIC_TYPE_CMAC)) == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#endif
for (i = 0, tc = testCases;
i < sizeof(testCases)/sizeof(CMAC_Test_Case);
i++, tc++) {
#ifdef WC_TEST_SKIP_ZERO_LEN_CMAC
if (tc->mSz == 0) {
continue;
}
#endif
XMEMSET(tag, 0, sizeof(tag));
tagSz = WC_AES_BLOCK_SIZE;
#if !defined(HAVE_FIPS) || \
defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)
ret = test_CmacInit(cmac, tc->k, tc->kSz, tc->type, NULL, HEAP_HINT, devId);
#else
ret = wc_InitCmac(cmac, tc->k, tc->kSz, tc->type, NULL);
#endif
if (ret != 0)
{
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
if (tc->partial) {
ret = wc_CmacUpdate(cmac, tc->m,
tc->mSz/2 - tc->partial);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_CmacUpdate(cmac, tc->m + tc->mSz/2 - tc->partial,
tc->mSz/2 + tc->partial);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
else {
ret = wc_CmacUpdate(cmac, tc->m, tc->mSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
ret = wc_CmacFinal(cmac, tag, &tagSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(tag, tc->t, WC_AES_BLOCK_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
XMEMSET(tag, 0, sizeof(tag));
tagSz = sizeof(tag);
#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(6, 0)
#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_CMAC_ID)
/* Pre-init with id[] so Generate uses hardware-aware cmac */
ret = test_CmacInit(cmac, tc->k, tc->kSz, tc->type, NULL,
HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesCmacGenerate_ex(cmac, tag, &tagSz, tc->m, tc->mSz,
NULL, 0, HEAP_HINT, devId);
#else
ret = wc_AesCmacGenerate_ex(cmac, tag, &tagSz, tc->m, tc->mSz,
tc->k, tc->kSz, NULL, devId);
#endif
#else
ret = wc_AesCmacGenerate(tag, &tagSz, tc->m, tc->mSz,
tc->k, tc->kSz);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (XMEMCMP(tag, tc->t, WC_AES_BLOCK_SIZE) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(6, 0)
#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_CMAC_ID)
/* Pre-init with id[] so Verify uses hardware-aware cmac */
ret = test_CmacInit(cmac, tc->k, tc->kSz, tc->type, NULL,
HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_AesCmacVerify_ex(cmac, tc->t, tc->tSz, tc->m, tc->mSz,
NULL, 0, HEAP_HINT, devId);
#else
ret = wc_AesCmacVerify_ex(cmac, tc->t, tc->tSz, tc->m, tc->mSz,
tc->k, tc->kSz, HEAP_HINT, devId);
#endif
#else
ret = wc_AesCmacVerify(tc->t, tc->tSz, tc->m, tc->mSz,
tc->k, tc->kSz);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(6, 0)
/* Test that keyless generate with init is the same */
XMEMSET(tag, 0, sizeof(tag));
tagSz = sizeof(tag);
ret = test_CmacInit(cmac, tc->k, tc->kSz, tc->type, NULL, HEAP_HINT, devId);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
ret = wc_AesCmacGenerate_ex(cmac, tag, &tagSz, tc->m, tc->mSz,
NULL, 0, HEAP_HINT, devId);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
#endif
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
(void)wc_CmacFree(cmac);
#endif
}
ret = 0;
out:
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
(void)wc_CmacFree(cmac);
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(cmac, HEAP_HINT, DYNAMIC_TYPE_CMAC);
#endif
return ret;
}
#endif /* !NO_AES && WOLFSSL_CMAC */
#if defined(WOLFSSL_SHE) && !defined(NO_AES)
#if defined(WC_SHE_SW_DEFAULT) && defined(WOLF_CRYPTO_CB) && \
!defined(NO_WC_SHE_GETUID) && !defined(NO_WC_SHE_GETCOUNTER)
#ifndef WC_SHE_SW_TEST_AUTH_KEY
#define WC_SHE_SW_TEST_AUTH_KEY { \
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, \
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f \
}
#endif
#ifndef WC_SHE_SW_TEST_NEW_KEY
#define WC_SHE_SW_TEST_NEW_KEY { \
0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, \
0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 \
}
#endif
#ifndef WC_SHE_SW_TEST_EXP_M1
#define WC_SHE_SW_TEST_EXP_M1 { \
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x41 \
}
#endif
#ifndef WC_SHE_SW_TEST_EXP_M2
#define WC_SHE_SW_TEST_EXP_M2 { \
0x2b, 0x11, 0x1e, 0x2d, 0x93, 0xf4, 0x86, 0x56, \
0x6b, 0xcb, 0xba, 0x1d, 0x7f, 0x7a, 0x97, 0x97, \
0xc9, 0x46, 0x43, 0xb0, 0x50, 0xfc, 0x5d, 0x4d, \
0x7d, 0xe1, 0x4c, 0xff, 0x68, 0x22, 0x03, 0xc3 \
}
#endif
#ifndef WC_SHE_SW_TEST_EXP_M3
#define WC_SHE_SW_TEST_EXP_M3 { \
0xb9, 0xd7, 0x45, 0xe5, 0xac, 0xe7, 0xd4, 0x18, \
0x60, 0xbc, 0x63, 0xc2, 0xb9, 0xf5, 0xbb, 0x46 \
}
#endif
#ifndef WC_SHE_SW_TEST_EXP_M4
#define WC_SHE_SW_TEST_EXP_M4 { \
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x41, \
0xb4, 0x72, 0xe8, 0xd8, 0x72, 0x7d, 0x70, 0xd5, \
0x72, 0x95, 0xe7, 0x48, 0x49, 0xa2, 0x79, 0x17 \
}
#endif
#ifndef WC_SHE_SW_TEST_EXP_M5
#define WC_SHE_SW_TEST_EXP_M5 { \
0x82, 0x0d, 0x8d, 0x95, 0xdc, 0x11, 0xb4, 0x66, \
0x88, 0x78, 0x16, 0x0c, 0xb2, 0xa4, 0xe2, 0x3e \
}
#endif
/* Software-only SHE test using the full GetUID -> GetCounter -> GenerateM1M2M3
* -> GenerateM4M5 API flow. This test allows someone to test a custom vector
* by overriding the WC_SHE_SW_TEST_* and WC_SHE_DEFAULT_* macros, and
* demonstrates the whole SHE API in a software-only configuration. */
static wc_test_ret_t she_sw_default_test(void)
{
wc_test_ret_t ret = 0;
byte uid[WC_SHE_UID_SZ];
word32 counter;
byte m1[WC_SHE_M1_SZ];
byte m2[WC_SHE_M2_SZ];
byte m3[WC_SHE_M3_SZ];
byte m4[WC_SHE_M4_SZ];
byte m5[WC_SHE_M5_SZ];
WC_DECLARE_VAR(she, wc_SHE, 1, HEAP_HINT);
WOLFSSL_SMALL_STACK_STATIC const byte authKey[] = WC_SHE_SW_TEST_AUTH_KEY;
WOLFSSL_SMALL_STACK_STATIC const byte newKey[] = WC_SHE_SW_TEST_NEW_KEY;
WOLFSSL_SMALL_STACK_STATIC const byte expM1[] = WC_SHE_SW_TEST_EXP_M1;
WOLFSSL_SMALL_STACK_STATIC const byte expM2[] = WC_SHE_SW_TEST_EXP_M2;
WOLFSSL_SMALL_STACK_STATIC const byte expM3[] = WC_SHE_SW_TEST_EXP_M3;
WOLFSSL_SMALL_STACK_STATIC const byte expM4[] = WC_SHE_SW_TEST_EXP_M4;
WOLFSSL_SMALL_STACK_STATIC const byte expM5[] = WC_SHE_SW_TEST_EXP_M5;
WOLFSSL_ENTER("she_sw_default_test");
WC_ALLOC_VAR(she, wc_SHE, 1, HEAP_HINT);
if (!WC_VAR_OK(she)) {
return WC_TEST_RET_ENC_EC(MEMORY_E);
}
/* Use INVALID_DEVID intentionally -- this test exercises the software-only
* path and should not use any hardware callbacks. */
ret = wc_SHE_Init(she, HEAP_HINT, INVALID_DEVID);
if (ret != 0) {
WC_FREE_VAR(she, HEAP_HINT);
return WC_TEST_RET_ENC_EC(ret);
}
/* Get UID and counter from software defaults */
ret = wc_SHE_GetUID(she, uid, WC_SHE_UID_SZ, NULL);
if (ret != 0) {
wc_SHE_Free(she);
WC_FREE_VAR(she, HEAP_HINT);
return WC_TEST_RET_ENC_EC(ret);
}
ret = wc_SHE_GetCounter(she, &counter, NULL);
if (ret != 0) {
wc_SHE_Free(she);
WC_FREE_VAR(she, HEAP_HINT);
return WC_TEST_RET_ENC_EC(ret);
}
/* Generate M1/M2/M3 using retrieved UID and counter */
ret = wc_SHE_GenerateM1M2M3(she,
uid, WC_SHE_UID_SZ,
WC_SHE_MASTER_ECU_KEY_ID, authKey, sizeof(authKey),
4, newKey, sizeof(newKey),
counter, 0,
m1, WC_SHE_M1_SZ,
m2, WC_SHE_M2_SZ,
m3, WC_SHE_M3_SZ);
if (ret != 0) {
wc_SHE_Free(she);
WC_FREE_VAR(she, HEAP_HINT);
return WC_TEST_RET_ENC_EC(ret);
}
/* Verify M1/M2/M3 match expected values */
if (XMEMCMP(m1, expM1, WC_SHE_M1_SZ) != 0 ||
XMEMCMP(m2, expM2, WC_SHE_M2_SZ) != 0 ||
XMEMCMP(m3, expM3, WC_SHE_M3_SZ) != 0) {
wc_SHE_Free(she);
WC_FREE_VAR(she, HEAP_HINT);
return WC_TEST_RET_ENC_NC;
}
/* Generate M4/M5 using same UID and counter */
wc_SHE_Free(she);
ret = wc_SHE_Init(she, HEAP_HINT, INVALID_DEVID);
if (ret != 0) {
WC_FREE_VAR(she, HEAP_HINT);
return WC_TEST_RET_ENC_EC(ret);
}
ret = wc_SHE_GenerateM4M5(she,
uid, WC_SHE_UID_SZ,
WC_SHE_MASTER_ECU_KEY_ID, 4,
newKey, sizeof(newKey),
counter,
m4, WC_SHE_M4_SZ,
m5, WC_SHE_M5_SZ);
if (ret != 0) {
wc_SHE_Free(she);
WC_FREE_VAR(she, HEAP_HINT);
return WC_TEST_RET_ENC_EC(ret);
}
/* Verify M4/M5 match expected values */
if (XMEMCMP(m4, expM4, WC_SHE_M4_SZ) != 0 ||
XMEMCMP(m5, expM5, WC_SHE_M5_SZ) != 0) {
wc_SHE_Free(she);
WC_FREE_VAR(she, HEAP_HINT);
return WC_TEST_RET_ENC_NC;
}
wc_SHE_Free(she);
WC_FREE_VAR(she, HEAP_HINT);
return ret;
}
#endif /* WC_SHE_SW_DEFAULT && WOLF_CRYPTO_CB &&
* !NO_WC_SHE_GETUID && !NO_WC_SHE_GETCOUNTER */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t she_test(void)
{
wc_test_ret_t ret = 0;
byte m1[WC_SHE_M1_SZ];
byte m2[WC_SHE_M2_SZ];
byte m3[WC_SHE_M3_SZ];
byte m4[WC_SHE_M4_SZ];
byte m5[WC_SHE_M5_SZ];
WC_DECLARE_VAR(she, wc_SHE, 1, HEAP_HINT);
WC_DECLARE_VAR(she2, wc_SHE, 1, HEAP_HINT);
/* SHE specification test vector (from wolfHSM wh_test_she.c) */
WOLFSSL_SMALL_STACK_STATIC const byte sheUid[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
};
WOLFSSL_SMALL_STACK_STATIC const byte vectorAuthKey[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
};
WOLFSSL_SMALL_STACK_STATIC const byte vectorNewKey[] = {
0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08,
0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00
};
WOLFSSL_SMALL_STACK_STATIC const byte expM1[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x41
};
WOLFSSL_SMALL_STACK_STATIC const byte expM2[] = {
0x2b, 0x11, 0x1e, 0x2d, 0x93, 0xf4, 0x86, 0x56,
0x6b, 0xcb, 0xba, 0x1d, 0x7f, 0x7a, 0x97, 0x97,
0xc9, 0x46, 0x43, 0xb0, 0x50, 0xfc, 0x5d, 0x4d,
0x7d, 0xe1, 0x4c, 0xff, 0x68, 0x22, 0x03, 0xc3
};
WOLFSSL_SMALL_STACK_STATIC const byte expM3[] = {
0xb9, 0xd7, 0x45, 0xe5, 0xac, 0xe7, 0xd4, 0x18,
0x60, 0xbc, 0x63, 0xc2, 0xb9, 0xf5, 0xbb, 0x46
};
WOLFSSL_SMALL_STACK_STATIC const byte expM4[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x41,
0xb4, 0x72, 0xe8, 0xd8, 0x72, 0x7d, 0x70, 0xd5,
0x72, 0x95, 0xe7, 0x48, 0x49, 0xa2, 0x79, 0x17
};
WOLFSSL_SMALL_STACK_STATIC const byte expM5[] = {
0x82, 0x0d, 0x8d, 0x95, 0xdc, 0x11, 0xb4, 0x66,
0x88, 0x78, 0x16, 0x0c, 0xb2, 0xa4, 0xe2, 0x3e
};
WOLFSSL_ENTER("she_test");
WC_ALLOC_VAR(she, wc_SHE, 1, HEAP_HINT);
if (!WC_VAR_OK(she)) {
return WC_TEST_RET_ENC_EC(MEMORY_E);
}
/* ---- Init ---- */
ret = wc_SHE_Init(she, HEAP_HINT, devId);
if (ret != 0) {
WC_FREE_VAR(she, HEAP_HINT);
return WC_TEST_RET_ENC_EC(ret);
}
/* ---- Generate M1/M2/M3 from test vector inputs ---- */
ret = wc_SHE_GenerateM1M2M3(she,
sheUid, sizeof(sheUid),
WC_SHE_MASTER_ECU_KEY_ID, vectorAuthKey, sizeof(vectorAuthKey),
4, vectorNewKey, sizeof(vectorNewKey),
1, 0,
m1, WC_SHE_M1_SZ,
m2, WC_SHE_M2_SZ,
m3, WC_SHE_M3_SZ);
if (ret != 0) {
goto exit_SHE_Test;
}
/* ---- Check M1 ---- */
if (XMEMCMP(m1, expM1, WC_SHE_M1_SZ) != 0) {
ret = WC_TEST_RET_ENC_NC;
goto exit_SHE_Test;
}
/* ---- Check M2 ---- */
if (XMEMCMP(m2, expM2, WC_SHE_M2_SZ) != 0) {
ret = WC_TEST_RET_ENC_NC;
goto exit_SHE_Test;
}
/* ---- Check M3 ---- */
if (XMEMCMP(m3, expM3, WC_SHE_M3_SZ) != 0) {
ret = WC_TEST_RET_ENC_NC;
goto exit_SHE_Test;
}
/* ---- Compute and export M4/M5 ---- */
wc_SHE_Free(she);
ret = wc_SHE_Init(she, HEAP_HINT, devId);
if (ret != 0) {
goto exit_SHE_Test;
}
ret = wc_SHE_GenerateM4M5(she,
sheUid, sizeof(sheUid),
WC_SHE_MASTER_ECU_KEY_ID, 4,
vectorNewKey, sizeof(vectorNewKey),
1,
m4, WC_SHE_M4_SZ,
m5, WC_SHE_M5_SZ);
if (ret != 0) {
goto exit_SHE_Test;
}
/* ---- Check M4 ---- */
if (XMEMCMP(m4, expM4, WC_SHE_M4_SZ) != 0) {
ret = WC_TEST_RET_ENC_NC;
goto exit_SHE_Test;
}
/* ---- Check M5 ---- */
if (XMEMCMP(m5, expM5, WC_SHE_M5_SZ) != 0) {
ret = WC_TEST_RET_ENC_NC;
goto exit_SHE_Test;
}
#if defined(WOLF_CRYPTO_CB) && !defined(NO_WC_SHE_IMPORT_M123)
/* ---- Import M1/M2/M3 and generate M4/M5 (only NewKey needed) ---- */
wc_SHE_Free(she);
ret = wc_SHE_Init(she, HEAP_HINT, devId);
if (ret != 0) {
goto exit_SHE_Test;
}
/* Import M1/M2/M3, then generate M4/M5 */
ret = wc_SHE_ImportM1M2M3(she,
expM1, WC_SHE_M1_SZ,
expM2, WC_SHE_M2_SZ,
expM3, WC_SHE_M3_SZ);
if (ret != 0) {
goto exit_SHE_Test;
}
ret = wc_SHE_GenerateM4M5(she,
sheUid, sizeof(sheUid),
WC_SHE_MASTER_ECU_KEY_ID, 4,
vectorNewKey, sizeof(vectorNewKey),
1,
m4, WC_SHE_M4_SZ,
m5, WC_SHE_M5_SZ);
if (ret != 0) {
goto exit_SHE_Test;
}
if (XMEMCMP(m4, expM4, WC_SHE_M4_SZ) != 0) {
ret = WC_TEST_RET_ENC_NC;
goto exit_SHE_Test;
}
if (XMEMCMP(m5, expM5, WC_SHE_M5_SZ) != 0) {
ret = WC_TEST_RET_ENC_NC;
goto exit_SHE_Test;
}
#endif /* WOLF_CRYPTO_CB && !NO_WC_SHE_IMPORT_M123 */
/* ---- One-shot M1/M2/M3 ---- */
wc_SHE_Free(she);
ret = wc_SHE_Init(she, HEAP_HINT, devId);
if (ret != 0) {
goto exit_SHE_Test;
}
ret = wc_SHE_GenerateM1M2M3(she,
sheUid, sizeof(sheUid),
WC_SHE_MASTER_ECU_KEY_ID, vectorAuthKey, sizeof(vectorAuthKey),
4, vectorNewKey, sizeof(vectorNewKey),
1, 0,
m1, WC_SHE_M1_SZ,
m2, WC_SHE_M2_SZ,
m3, WC_SHE_M3_SZ);
if (ret != 0) {
goto exit_SHE_Test;
}
if (XMEMCMP(m1, expM1, WC_SHE_M1_SZ) != 0) {
ret = WC_TEST_RET_ENC_NC;
goto exit_SHE_Test;
}
if (XMEMCMP(m2, expM2, WC_SHE_M2_SZ) != 0) {
ret = WC_TEST_RET_ENC_NC;
goto exit_SHE_Test;
}
if (XMEMCMP(m3, expM3, WC_SHE_M3_SZ) != 0) {
ret = WC_TEST_RET_ENC_NC;
goto exit_SHE_Test;
}
/* ---- One-shot M4/M5 ---- */
wc_SHE_Free(she);
ret = wc_SHE_Init(she, HEAP_HINT, devId);
if (ret != 0) {
goto exit_SHE_Test;
}
ret = wc_SHE_GenerateM4M5(she,
sheUid, sizeof(sheUid),
WC_SHE_MASTER_ECU_KEY_ID, 4,
vectorNewKey, sizeof(vectorNewKey),
1,
m4, WC_SHE_M4_SZ,
m5, WC_SHE_M5_SZ);
if (ret != 0) {
goto exit_SHE_Test;
}
if (XMEMCMP(m4, expM4, WC_SHE_M4_SZ) != 0) {
ret = WC_TEST_RET_ENC_NC;
goto exit_SHE_Test;
}
if (XMEMCMP(m5, expM5, WC_SHE_M5_SZ) != 0) {
ret = WC_TEST_RET_ENC_NC;
goto exit_SHE_Test;
}
/* ---- Independence test: two separate contexts, M1M2M3 and M4M5 ---- */
wc_SHE_Free(she);
ret = wc_SHE_Init(she, HEAP_HINT, devId);
if (ret != 0) {
goto exit_SHE_Test;
}
WC_ALLOC_VAR(she2, wc_SHE, 1, HEAP_HINT);
if (!WC_VAR_OK(she2)) {
ret = WC_TEST_RET_ENC_EC(MEMORY_E);
goto exit_SHE_Test;
}
ret = wc_SHE_Init(she2, HEAP_HINT, devId);
if (ret != 0) {
WC_FREE_VAR(she2, HEAP_HINT);
#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
she2 = NULL;
#endif
goto exit_SHE_Test;
}
/* Generate M1/M2/M3 on first context */
ret = wc_SHE_GenerateM1M2M3(she,
sheUid, sizeof(sheUid),
WC_SHE_MASTER_ECU_KEY_ID, vectorAuthKey, sizeof(vectorAuthKey),
4, vectorNewKey, sizeof(vectorNewKey),
1, 0,
m1, WC_SHE_M1_SZ, m2, WC_SHE_M2_SZ, m3, WC_SHE_M3_SZ);
if (ret != 0) {
wc_SHE_Free(she2);
WC_FREE_VAR(she2, HEAP_HINT);
#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
she2 = NULL;
#endif
goto exit_SHE_Test;
}
/* Generate M4/M5 on second context -- completely independent */
ret = wc_SHE_GenerateM4M5(she2,
sheUid, sizeof(sheUid),
WC_SHE_MASTER_ECU_KEY_ID, 4,
vectorNewKey, sizeof(vectorNewKey),
1,
m4, WC_SHE_M4_SZ, m5, WC_SHE_M5_SZ);
wc_SHE_Free(she2);
WC_FREE_VAR(she2, HEAP_HINT);
#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
she2 = NULL;
#endif
if (ret != 0) {
goto exit_SHE_Test;
}
/* Verify both match the test vector */
if (XMEMCMP(m1, expM1, WC_SHE_M1_SZ) != 0 ||
XMEMCMP(m2, expM2, WC_SHE_M2_SZ) != 0 ||
XMEMCMP(m3, expM3, WC_SHE_M3_SZ) != 0 ||
XMEMCMP(m4, expM4, WC_SHE_M4_SZ) != 0 ||
XMEMCMP(m5, expM5, WC_SHE_M5_SZ) != 0) {
ret = WC_TEST_RET_ENC_NC;
goto exit_SHE_Test;
}
#if !defined(NO_WC_SHE_LOADKEY) && !defined(NO_WC_SHE_LOADKEY_TEST) && \
(defined(WOLF_CRYPTO_CB) && !defined(NO_WC_SHE_IMPORT_M123))
/* ---- LoadKey_Verify ---- */
/* Override WC_TEST_SHE_LOADKEY_VERIFY to use a platform-specific variant.
* Platforms with hardware SHE (HSM/HSE) cannot use static test vectors
* because the UID is device-specific. Options:
*
* Default (no override): calls wc_SHE_LoadKey_Verify (no id/label)
*
* WC_TEST_SHE_LOADKEY_ID: byte array for wc_SHE_LoadKey_Verify_Id
* e.g. #define WC_TEST_SHE_LOADKEY_ID { 1, 0, 2, 0, 0, 0, 0 }
*
* WC_TEST_SHE_LOADKEY_LABEL: string for wc_SHE_LoadKey_Verify_Label
* e.g. #define WC_TEST_SHE_LOADKEY_LABEL "she_key_1"
*
* Define NO_WC_SHE_LOADKEY_TEST to skip this sub-test entirely.
*/
XMEMSET(m4, 0, WC_SHE_M4_SZ);
XMEMSET(m5, 0, WC_SHE_M5_SZ);
#if defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_SHE_LOADKEY_ID)
{
unsigned char sheLoadkeyId[] = WC_TEST_SHE_LOADKEY_ID;
ret = wc_SHE_LoadKey_Verify_Id(
sheLoadkeyId, (int)sizeof(sheLoadkeyId),
HEAP_HINT, devId,
expM1, WC_SHE_M1_SZ, expM2, WC_SHE_M2_SZ,
expM3, WC_SHE_M3_SZ,
m4, WC_SHE_M4_SZ, m5, WC_SHE_M5_SZ,
expM4, WC_SHE_M4_SZ, expM5, WC_SHE_M5_SZ);
}
#elif defined(WOLF_PRIVATE_KEY_ID) && defined(WC_TEST_SHE_LOADKEY_LABEL)
ret = wc_SHE_LoadKey_Verify_Label(
WC_TEST_SHE_LOADKEY_LABEL,
HEAP_HINT, devId,
expM1, WC_SHE_M1_SZ, expM2, WC_SHE_M2_SZ,
expM3, WC_SHE_M3_SZ,
m4, WC_SHE_M4_SZ, m5, WC_SHE_M5_SZ,
expM4, WC_SHE_M4_SZ, expM5, WC_SHE_M5_SZ);
#else
ret = wc_SHE_LoadKey_Verify(HEAP_HINT, devId,
expM1, WC_SHE_M1_SZ, expM2, WC_SHE_M2_SZ,
expM3, WC_SHE_M3_SZ,
m4, WC_SHE_M4_SZ, m5, WC_SHE_M5_SZ,
expM4, WC_SHE_M4_SZ, expM5, WC_SHE_M5_SZ);
#endif
if (devId == INVALID_DEVID) {
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) {
ret = WC_TEST_RET_ENC_EC(ret);
goto exit_SHE_Test;
}
}
else {
if (ret != 0) {
goto exit_SHE_Test;
}
if (XMEMCMP(m4, expM4, WC_SHE_M4_SZ) != 0 ||
XMEMCMP(m5, expM5, WC_SHE_M5_SZ) != 0) {
ret = WC_TEST_RET_ENC_NC;
goto exit_SHE_Test;
}
}
ret = 0;
#endif /* !NO_WC_SHE_LOADKEY && !NO_WC_SHE_LOADKEY_TEST */
#if defined(WC_SHE_SW_DEFAULT) && defined(WOLF_CRYPTO_CB) && \
!defined(NO_WC_SHE_GETUID) && !defined(NO_WC_SHE_GETCOUNTER)
ret = she_sw_default_test();
if (ret != 0) {
goto exit_SHE_Test;
}
#endif
exit_SHE_Test:
wc_SHE_Free(she);
WC_FREE_VAR(she, HEAP_HINT);
WC_FREE_VAR(she2, HEAP_HINT);
return ret;
}
#endif /* WOLFSSL_SHE && !NO_AES */
#if defined(WOLFSSL_SIPHASH)
#if WOLFSSL_SIPHASH_CROUNDS == 2 && WOLFSSL_SIPHASH_DROUNDS == 4
/* Test vectors from:
* https://github.com/veorq/SipHash/blob/master/vectors.h
*/
static const unsigned char siphash_key[SIPHASH_KEY_SIZE] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
};
static const unsigned char siphash_msg[64] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f
};
static const unsigned char siphash_r8[64][SIPHASH_MAC_SIZE_8] = {
{ 0x31, 0x0e, 0x0e, 0xdd, 0x47, 0xdb, 0x6f, 0x72, },
{ 0xfd, 0x67, 0xdc, 0x93, 0xc5, 0x39, 0xf8, 0x74, },
{ 0x5a, 0x4f, 0xa9, 0xd9, 0x09, 0x80, 0x6c, 0x0d, },
{ 0x2d, 0x7e, 0xfb, 0xd7, 0x96, 0x66, 0x67, 0x85, },
{ 0xb7, 0x87, 0x71, 0x27, 0xe0, 0x94, 0x27, 0xcf, },
{ 0x8d, 0xa6, 0x99, 0xcd, 0x64, 0x55, 0x76, 0x18, },
{ 0xce, 0xe3, 0xfe, 0x58, 0x6e, 0x46, 0xc9, 0xcb, },
{ 0x37, 0xd1, 0x01, 0x8b, 0xf5, 0x00, 0x02, 0xab, },
{ 0x62, 0x24, 0x93, 0x9a, 0x79, 0xf5, 0xf5, 0x93, },
{ 0xb0, 0xe4, 0xa9, 0x0b, 0xdf, 0x82, 0x00, 0x9e, },
{ 0xf3, 0xb9, 0xdd, 0x94, 0xc5, 0xbb, 0x5d, 0x7a, },
{ 0xa7, 0xad, 0x6b, 0x22, 0x46, 0x2f, 0xb3, 0xf4, },
{ 0xfb, 0xe5, 0x0e, 0x86, 0xbc, 0x8f, 0x1e, 0x75, },
{ 0x90, 0x3d, 0x84, 0xc0, 0x27, 0x56, 0xea, 0x14, },
{ 0xee, 0xf2, 0x7a, 0x8e, 0x90, 0xca, 0x23, 0xf7, },
{ 0xe5, 0x45, 0xbe, 0x49, 0x61, 0xca, 0x29, 0xa1, },
{ 0xdb, 0x9b, 0xc2, 0x57, 0x7f, 0xcc, 0x2a, 0x3f, },
{ 0x94, 0x47, 0xbe, 0x2c, 0xf5, 0xe9, 0x9a, 0x69, },
{ 0x9c, 0xd3, 0x8d, 0x96, 0xf0, 0xb3, 0xc1, 0x4b, },
{ 0xbd, 0x61, 0x79, 0xa7, 0x1d, 0xc9, 0x6d, 0xbb, },
{ 0x98, 0xee, 0xa2, 0x1a, 0xf2, 0x5c, 0xd6, 0xbe, },
{ 0xc7, 0x67, 0x3b, 0x2e, 0xb0, 0xcb, 0xf2, 0xd0, },
{ 0x88, 0x3e, 0xa3, 0xe3, 0x95, 0x67, 0x53, 0x93, },
{ 0xc8, 0xce, 0x5c, 0xcd, 0x8c, 0x03, 0x0c, 0xa8, },
{ 0x94, 0xaf, 0x49, 0xf6, 0xc6, 0x50, 0xad, 0xb8, },
{ 0xea, 0xb8, 0x85, 0x8a, 0xde, 0x92, 0xe1, 0xbc, },
{ 0xf3, 0x15, 0xbb, 0x5b, 0xb8, 0x35, 0xd8, 0x17, },
{ 0xad, 0xcf, 0x6b, 0x07, 0x63, 0x61, 0x2e, 0x2f, },
{ 0xa5, 0xc9, 0x1d, 0xa7, 0xac, 0xaa, 0x4d, 0xde, },
{ 0x71, 0x65, 0x95, 0x87, 0x66, 0x50, 0xa2, 0xa6, },
{ 0x28, 0xef, 0x49, 0x5c, 0x53, 0xa3, 0x87, 0xad, },
{ 0x42, 0xc3, 0x41, 0xd8, 0xfa, 0x92, 0xd8, 0x32, },
{ 0xce, 0x7c, 0xf2, 0x72, 0x2f, 0x51, 0x27, 0x71, },
{ 0xe3, 0x78, 0x59, 0xf9, 0x46, 0x23, 0xf3, 0xa7, },
{ 0x38, 0x12, 0x05, 0xbb, 0x1a, 0xb0, 0xe0, 0x12, },
{ 0xae, 0x97, 0xa1, 0x0f, 0xd4, 0x34, 0xe0, 0x15, },
{ 0xb4, 0xa3, 0x15, 0x08, 0xbe, 0xff, 0x4d, 0x31, },
{ 0x81, 0x39, 0x62, 0x29, 0xf0, 0x90, 0x79, 0x02, },
{ 0x4d, 0x0c, 0xf4, 0x9e, 0xe5, 0xd4, 0xdc, 0xca, },
{ 0x5c, 0x73, 0x33, 0x6a, 0x76, 0xd8, 0xbf, 0x9a, },
{ 0xd0, 0xa7, 0x04, 0x53, 0x6b, 0xa9, 0x3e, 0x0e, },
{ 0x92, 0x59, 0x58, 0xfc, 0xd6, 0x42, 0x0c, 0xad, },
{ 0xa9, 0x15, 0xc2, 0x9b, 0xc8, 0x06, 0x73, 0x18, },
{ 0x95, 0x2b, 0x79, 0xf3, 0xbc, 0x0a, 0xa6, 0xd4, },
{ 0xf2, 0x1d, 0xf2, 0xe4, 0x1d, 0x45, 0x35, 0xf9, },
{ 0x87, 0x57, 0x75, 0x19, 0x04, 0x8f, 0x53, 0xa9, },
{ 0x10, 0xa5, 0x6c, 0xf5, 0xdf, 0xcd, 0x9a, 0xdb, },
{ 0xeb, 0x75, 0x09, 0x5c, 0xcd, 0x98, 0x6c, 0xd0, },
{ 0x51, 0xa9, 0xcb, 0x9e, 0xcb, 0xa3, 0x12, 0xe6, },
{ 0x96, 0xaf, 0xad, 0xfc, 0x2c, 0xe6, 0x66, 0xc7, },
{ 0x72, 0xfe, 0x52, 0x97, 0x5a, 0x43, 0x64, 0xee, },
{ 0x5a, 0x16, 0x45, 0xb2, 0x76, 0xd5, 0x92, 0xa1, },
{ 0xb2, 0x74, 0xcb, 0x8e, 0xbf, 0x87, 0x87, 0x0a, },
{ 0x6f, 0x9b, 0xb4, 0x20, 0x3d, 0xe7, 0xb3, 0x81, },
{ 0xea, 0xec, 0xb2, 0xa3, 0x0b, 0x22, 0xa8, 0x7f, },
{ 0x99, 0x24, 0xa4, 0x3c, 0xc1, 0x31, 0x57, 0x24, },
{ 0xbd, 0x83, 0x8d, 0x3a, 0xaf, 0xbf, 0x8d, 0xb7, },
{ 0x0b, 0x1a, 0x2a, 0x32, 0x65, 0xd5, 0x1a, 0xea, },
{ 0x13, 0x50, 0x79, 0xa3, 0x23, 0x1c, 0xe6, 0x60, },
{ 0x93, 0x2b, 0x28, 0x46, 0xe4, 0xd7, 0x06, 0x66, },
{ 0xe1, 0x91, 0x5f, 0x5c, 0xb1, 0xec, 0xa4, 0x6c, },
{ 0xf3, 0x25, 0x96, 0x5c, 0xa1, 0x6d, 0x62, 0x9f, },
{ 0x57, 0x5f, 0xf2, 0x8e, 0x60, 0x38, 0x1b, 0xe5, },
{ 0x72, 0x45, 0x06, 0xeb, 0x4c, 0x32, 0x8a, 0x95, },
};
static const unsigned char siphash_r16[64][SIPHASH_MAC_SIZE_16] = {
{ 0xa3, 0x81, 0x7f, 0x04, 0xba, 0x25, 0xa8, 0xe6,
0x6d, 0xf6, 0x72, 0x14, 0xc7, 0x55, 0x02, 0x93, },
{ 0xda, 0x87, 0xc1, 0xd8, 0x6b, 0x99, 0xaf, 0x44,
0x34, 0x76, 0x59, 0x11, 0x9b, 0x22, 0xfc, 0x45, },
{ 0x81, 0x77, 0x22, 0x8d, 0xa4, 0xa4, 0x5d, 0xc7,
0xfc, 0xa3, 0x8b, 0xde, 0xf6, 0x0a, 0xff, 0xe4, },
{ 0x9c, 0x70, 0xb6, 0x0c, 0x52, 0x67, 0xa9, 0x4e,
0x5f, 0x33, 0xb6, 0xb0, 0x29, 0x85, 0xed, 0x51, },
{ 0xf8, 0x81, 0x64, 0xc1, 0x2d, 0x9c, 0x8f, 0xaf,
0x7d, 0x0f, 0x6e, 0x7c, 0x7b, 0xcd, 0x55, 0x79, },
{ 0x13, 0x68, 0x87, 0x59, 0x80, 0x77, 0x6f, 0x88,
0x54, 0x52, 0x7a, 0x07, 0x69, 0x0e, 0x96, 0x27, },
{ 0x14, 0xee, 0xca, 0x33, 0x8b, 0x20, 0x86, 0x13,
0x48, 0x5e, 0xa0, 0x30, 0x8f, 0xd7, 0xa1, 0x5e, },
{ 0xa1, 0xf1, 0xeb, 0xbe, 0xd8, 0xdb, 0xc1, 0x53,
0xc0, 0xb8, 0x4a, 0xa6, 0x1f, 0xf0, 0x82, 0x39, },
{ 0x3b, 0x62, 0xa9, 0xba, 0x62, 0x58, 0xf5, 0x61,
0x0f, 0x83, 0xe2, 0x64, 0xf3, 0x14, 0x97, 0xb4, },
{ 0x26, 0x44, 0x99, 0x06, 0x0a, 0xd9, 0xba, 0xab,
0xc4, 0x7f, 0x8b, 0x02, 0xbb, 0x6d, 0x71, 0xed, },
{ 0x00, 0x11, 0x0d, 0xc3, 0x78, 0x14, 0x69, 0x56,
0xc9, 0x54, 0x47, 0xd3, 0xf3, 0xd0, 0xfb, 0xba, },
{ 0x01, 0x51, 0xc5, 0x68, 0x38, 0x6b, 0x66, 0x77,
0xa2, 0xb4, 0xdc, 0x6f, 0x81, 0xe5, 0xdc, 0x18, },
{ 0xd6, 0x26, 0xb2, 0x66, 0x90, 0x5e, 0xf3, 0x58,
0x82, 0x63, 0x4d, 0xf6, 0x85, 0x32, 0xc1, 0x25, },
{ 0x98, 0x69, 0xe2, 0x47, 0xe9, 0xc0, 0x8b, 0x10,
0xd0, 0x29, 0x93, 0x4f, 0xc4, 0xb9, 0x52, 0xf7, },
{ 0x31, 0xfc, 0xef, 0xac, 0x66, 0xd7, 0xde, 0x9c,
0x7e, 0xc7, 0x48, 0x5f, 0xe4, 0x49, 0x49, 0x02, },
{ 0x54, 0x93, 0xe9, 0x99, 0x33, 0xb0, 0xa8, 0x11,
0x7e, 0x08, 0xec, 0x0f, 0x97, 0xcf, 0xc3, 0xd9, },
{ 0x6e, 0xe2, 0xa4, 0xca, 0x67, 0xb0, 0x54, 0xbb,
0xfd, 0x33, 0x15, 0xbf, 0x85, 0x23, 0x05, 0x77, },
{ 0x47, 0x3d, 0x06, 0xe8, 0x73, 0x8d, 0xb8, 0x98,
0x54, 0xc0, 0x66, 0xc4, 0x7a, 0xe4, 0x77, 0x40, },
{ 0xa4, 0x26, 0xe5, 0xe4, 0x23, 0xbf, 0x48, 0x85,
0x29, 0x4d, 0xa4, 0x81, 0xfe, 0xae, 0xf7, 0x23, },
{ 0x78, 0x01, 0x77, 0x31, 0xcf, 0x65, 0xfa, 0xb0,
0x74, 0xd5, 0x20, 0x89, 0x52, 0x51, 0x2e, 0xb1, },
{ 0x9e, 0x25, 0xfc, 0x83, 0x3f, 0x22, 0x90, 0x73,
0x3e, 0x93, 0x44, 0xa5, 0xe8, 0x38, 0x39, 0xeb, },
{ 0x56, 0x8e, 0x49, 0x5a, 0xbe, 0x52, 0x5a, 0x21,
0x8a, 0x22, 0x14, 0xcd, 0x3e, 0x07, 0x1d, 0x12, },
{ 0x4a, 0x29, 0xb5, 0x45, 0x52, 0xd1, 0x6b, 0x9a,
0x46, 0x9c, 0x10, 0x52, 0x8e, 0xff, 0x0a, 0xae, },
{ 0xc9, 0xd1, 0x84, 0xdd, 0xd5, 0xa9, 0xf5, 0xe0,
0xcf, 0x8c, 0xe2, 0x9a, 0x9a, 0xbf, 0x69, 0x1c, },
{ 0x2d, 0xb4, 0x79, 0xae, 0x78, 0xbd, 0x50, 0xd8,
0x88, 0x2a, 0x8a, 0x17, 0x8a, 0x61, 0x32, 0xad, },
{ 0x8e, 0xce, 0x5f, 0x04, 0x2d, 0x5e, 0x44, 0x7b,
0x50, 0x51, 0xb9, 0xea, 0xcb, 0x8d, 0x8f, 0x6f, },
{ 0x9c, 0x0b, 0x53, 0xb4, 0xb3, 0xc3, 0x07, 0xe8,
0x7e, 0xae, 0xe0, 0x86, 0x78, 0x14, 0x1f, 0x66, },
{ 0xab, 0xf2, 0x48, 0xaf, 0x69, 0xa6, 0xea, 0xe4,
0xbf, 0xd3, 0xeb, 0x2f, 0x12, 0x9e, 0xeb, 0x94, },
{ 0x06, 0x64, 0xda, 0x16, 0x68, 0x57, 0x4b, 0x88,
0xb9, 0x35, 0xf3, 0x02, 0x73, 0x58, 0xae, 0xf4, },
{ 0xaa, 0x4b, 0x9d, 0xc4, 0xbf, 0x33, 0x7d, 0xe9,
0x0c, 0xd4, 0xfd, 0x3c, 0x46, 0x7c, 0x6a, 0xb7, },
{ 0xea, 0x5c, 0x7f, 0x47, 0x1f, 0xaf, 0x6b, 0xde,
0x2b, 0x1a, 0xd7, 0xd4, 0x68, 0x6d, 0x22, 0x87, },
{ 0x29, 0x39, 0xb0, 0x18, 0x32, 0x23, 0xfa, 0xfc,
0x17, 0x23, 0xde, 0x4f, 0x52, 0xc4, 0x3d, 0x35, },
{ 0x7c, 0x39, 0x56, 0xca, 0x5e, 0xea, 0xfc, 0x3e,
0x36, 0x3e, 0x9d, 0x55, 0x65, 0x46, 0xeb, 0x68, },
{ 0x77, 0xc6, 0x07, 0x71, 0x46, 0xf0, 0x1c, 0x32,
0xb6, 0xb6, 0x9d, 0x5f, 0x4e, 0xa9, 0xff, 0xcf, },
{ 0x37, 0xa6, 0x98, 0x6c, 0xb8, 0x84, 0x7e, 0xdf,
0x09, 0x25, 0xf0, 0xf1, 0x30, 0x9b, 0x54, 0xde, },
{ 0xa7, 0x05, 0xf0, 0xe6, 0x9d, 0xa9, 0xa8, 0xf9,
0x07, 0x24, 0x1a, 0x2e, 0x92, 0x3c, 0x8c, 0xc8, },
{ 0x3d, 0xc4, 0x7d, 0x1f, 0x29, 0xc4, 0x48, 0x46,
0x1e, 0x9e, 0x76, 0xed, 0x90, 0x4f, 0x67, 0x11, },
{ 0x0d, 0x62, 0xbf, 0x01, 0xe6, 0xfc, 0x0e, 0x1a,
0x0d, 0x3c, 0x47, 0x51, 0xc5, 0xd3, 0x69, 0x2b, },
{ 0x8c, 0x03, 0x46, 0x8b, 0xca, 0x7c, 0x66, 0x9e,
0xe4, 0xfd, 0x5e, 0x08, 0x4b, 0xbe, 0xe7, 0xb5, },
{ 0x52, 0x8a, 0x5b, 0xb9, 0x3b, 0xaf, 0x2c, 0x9c,
0x44, 0x73, 0xcc, 0xe5, 0xd0, 0xd2, 0x2b, 0xd9, },
{ 0xdf, 0x6a, 0x30, 0x1e, 0x95, 0xc9, 0x5d, 0xad,
0x97, 0xae, 0x0c, 0xc8, 0xc6, 0x91, 0x3b, 0xd8, },
{ 0x80, 0x11, 0x89, 0x90, 0x2c, 0x85, 0x7f, 0x39,
0xe7, 0x35, 0x91, 0x28, 0x5e, 0x70, 0xb6, 0xdb, },
{ 0xe6, 0x17, 0x34, 0x6a, 0xc9, 0xc2, 0x31, 0xbb,
0x36, 0x50, 0xae, 0x34, 0xcc, 0xca, 0x0c, 0x5b, },
{ 0x27, 0xd9, 0x34, 0x37, 0xef, 0xb7, 0x21, 0xaa,
0x40, 0x18, 0x21, 0xdc, 0xec, 0x5a, 0xdf, 0x89, },
{ 0x89, 0x23, 0x7d, 0x9d, 0xed, 0x9c, 0x5e, 0x78,
0xd8, 0xb1, 0xc9, 0xb1, 0x66, 0xcc, 0x73, 0x42, },
{ 0x4a, 0x6d, 0x80, 0x91, 0xbf, 0x5e, 0x7d, 0x65,
0x11, 0x89, 0xfa, 0x94, 0xa2, 0x50, 0xb1, 0x4c, },
{ 0x0e, 0x33, 0xf9, 0x60, 0x55, 0xe7, 0xae, 0x89,
0x3f, 0xfc, 0x0e, 0x3d, 0xcf, 0x49, 0x29, 0x02, },
{ 0xe6, 0x1c, 0x43, 0x2b, 0x72, 0x0b, 0x19, 0xd1,
0x8e, 0xc8, 0xd8, 0x4b, 0xdc, 0x63, 0x15, 0x1b, },
{ 0xf7, 0xe5, 0xae, 0xf5, 0x49, 0xf7, 0x82, 0xcf,
0x37, 0x90, 0x55, 0xa6, 0x08, 0x26, 0x9b, 0x16, },
{ 0x43, 0x8d, 0x03, 0x0f, 0xd0, 0xb7, 0xa5, 0x4f,
0xa8, 0x37, 0xf2, 0xad, 0x20, 0x1a, 0x64, 0x03, },
{ 0xa5, 0x90, 0xd3, 0xee, 0x4f, 0xbf, 0x04, 0xe3,
0x24, 0x7e, 0x0d, 0x27, 0xf2, 0x86, 0x42, 0x3f, },
{ 0x5f, 0xe2, 0xc1, 0xa1, 0x72, 0xfe, 0x93, 0xc4,
0xb1, 0x5c, 0xd3, 0x7c, 0xae, 0xf9, 0xf5, 0x38, },
{ 0x2c, 0x97, 0x32, 0x5c, 0xbd, 0x06, 0xb3, 0x6e,
0xb2, 0x13, 0x3d, 0xd0, 0x8b, 0x3a, 0x01, 0x7c, },
{ 0x92, 0xc8, 0x14, 0x22, 0x7a, 0x6b, 0xca, 0x94,
0x9f, 0xf0, 0x65, 0x9f, 0x00, 0x2a, 0xd3, 0x9e, },
{ 0xdc, 0xe8, 0x50, 0x11, 0x0b, 0xd8, 0x32, 0x8c,
0xfb, 0xd5, 0x08, 0x41, 0xd6, 0x91, 0x1d, 0x87, },
{ 0x67, 0xf1, 0x49, 0x84, 0xc7, 0xda, 0x79, 0x12,
0x48, 0xe3, 0x2b, 0xb5, 0x92, 0x25, 0x83, 0xda, },
{ 0x19, 0x38, 0xf2, 0xcf, 0x72, 0xd5, 0x4e, 0xe9,
0x7e, 0x94, 0x16, 0x6f, 0xa9, 0x1d, 0x2a, 0x36, },
{ 0x74, 0x48, 0x1e, 0x96, 0x46, 0xed, 0x49, 0xfe,
0x0f, 0x62, 0x24, 0x30, 0x16, 0x04, 0x69, 0x8e, },
{ 0x57, 0xfc, 0xa5, 0xde, 0x98, 0xa9, 0xd6, 0xd8,
0x00, 0x64, 0x38, 0xd0, 0x58, 0x3d, 0x8a, 0x1d, },
{ 0x9f, 0xec, 0xde, 0x1c, 0xef, 0xdc, 0x1c, 0xbe,
0xd4, 0x76, 0x36, 0x74, 0xd9, 0x57, 0x53, 0x59, },
{ 0xe3, 0x04, 0x0c, 0x00, 0xeb, 0x28, 0xf1, 0x53,
0x66, 0xca, 0x73, 0xcb, 0xd8, 0x72, 0xe7, 0x40, },
{ 0x76, 0x97, 0x00, 0x9a, 0x6a, 0x83, 0x1d, 0xfe,
0xcc, 0xa9, 0x1c, 0x59, 0x93, 0x67, 0x0f, 0x7a, },
{ 0x58, 0x53, 0x54, 0x23, 0x21, 0xf5, 0x67, 0xa0,
0x05, 0xd5, 0x47, 0xa4, 0xf0, 0x47, 0x59, 0xbd, },
{ 0x51, 0x50, 0xd1, 0x77, 0x2f, 0x50, 0x83, 0x4a,
0x50, 0x3e, 0x06, 0x9a, 0x97, 0x3f, 0xbd, 0x7c, },
};
#endif
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t siphash_test(void)
{
wc_test_ret_t ret = 0;
int i;
#if WOLFSSL_SIPHASH_CROUNDS == 2 && WOLFSSL_SIPHASH_DROUNDS == 4
unsigned char res[SIPHASH_MAC_SIZE_16];
unsigned char tmp[SIPHASH_MAC_SIZE_8];
SipHash siphash;
WOLFSSL_ENTER("siphash_test (1)");
for (i = 0; i < 64; i++) {
ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_8);
if (ret != 0)
return WC_TEST_RET_ENC_I(i);
ret = wc_SipHashUpdate(&siphash, siphash_msg, (word32)i);
if (ret != 0)
return WC_TEST_RET_ENC_I(i);
ret = wc_SipHashFinal(&siphash, res, SIPHASH_MAC_SIZE_8);
if (ret != 0)
return WC_TEST_RET_ENC_I(i);
if (XMEMCMP(res, siphash_r8[i], SIPHASH_MAC_SIZE_8) != 0)
return WC_TEST_RET_ENC_I(i);
ret = wc_SipHash(siphash_key, siphash_msg, (word32)i, res, SIPHASH_MAC_SIZE_8);
if (ret != 0)
return WC_TEST_RET_ENC_I(i);
if (XMEMCMP(res, siphash_r8[i], SIPHASH_MAC_SIZE_8) != 0)
return WC_TEST_RET_ENC_I(i);
}
for (i = 0; i < 64; i++) {
ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_16);
if (ret != 0)
return WC_TEST_RET_ENC_I(i);
ret = wc_SipHashUpdate(&siphash, siphash_msg, (word32)i);
if (ret != 0)
return WC_TEST_RET_ENC_I(i);
ret = wc_SipHashFinal(&siphash, res, SIPHASH_MAC_SIZE_16);
if (ret != 0)
return WC_TEST_RET_ENC_I(i);
if (XMEMCMP(res, siphash_r16[i], SIPHASH_MAC_SIZE_16) != 0)
return WC_TEST_RET_ENC_I(i);
ret = wc_SipHash(siphash_key, siphash_msg, (word32)i, res, SIPHASH_MAC_SIZE_16);
if (ret != 0)
return WC_TEST_RET_ENC_I(i);
if (XMEMCMP(res, siphash_r16[i], SIPHASH_MAC_SIZE_16) != 0)
return WC_TEST_RET_ENC_I(i);
}
#else
WOLFSSL_ENTER("siphash_test (1)");
#endif
/* Testing bad parameters. */
ret = wc_InitSipHash(NULL, NULL, SIPHASH_MAC_SIZE_8);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_InitSipHash(NULL, siphash_key, SIPHASH_MAC_SIZE_8);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_InitSipHash(&siphash, NULL, SIPHASH_MAC_SIZE_8);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_InitSipHash(&siphash, siphash_key, 7);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_8);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SipHashUpdate(NULL, NULL, 0);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SipHashUpdate(&siphash, NULL, 1);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SipHashFinal(NULL, NULL, SIPHASH_MAC_SIZE_8);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SipHashFinal(&siphash, NULL, SIPHASH_MAC_SIZE_8);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SipHashFinal(NULL, res, SIPHASH_MAC_SIZE_8);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SipHashFinal(&siphash, res, SIPHASH_MAC_SIZE_16);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SipHash(NULL, NULL, 0, NULL, SIPHASH_MAC_SIZE_16);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SipHash(siphash_key, NULL, 0, NULL, SIPHASH_MAC_SIZE_16);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SipHash(NULL, NULL, 0, res, SIPHASH_MAC_SIZE_16);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SipHash(siphash_key, NULL, 0, res, 15);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SipHash(siphash_key, NULL, 1, res, SIPHASH_MAC_SIZE_16);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
/* Test cache with multiple non blocksize bytes */
ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_8);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SipHashUpdate(&siphash, siphash_msg, 5);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SipHashUpdate(&siphash, siphash_msg + 5, 4);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SipHashFinal(&siphash, res, SIPHASH_MAC_SIZE_8);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_8);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SipHashUpdate(&siphash, siphash_msg, 9);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_SipHashFinal(&siphash, tmp, SIPHASH_MAC_SIZE_8);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(res, tmp, SIPHASH_MAC_SIZE_8) != 0)
return WC_TEST_RET_ENC_NC;
return 0;
}
#endif /* WOLFSSL_SIPHASH */
#ifdef HAVE_LIBZ
static const byte sample_text[] =
"Biodiesel cupidatat marfa, cliche aute put a bird on it incididunt elit\n"
"polaroid. Sunt tattooed bespoke reprehenderit. Sint twee organic id\n"
"marfa. Commodo veniam ad esse gastropub. 3 wolf moon sartorial vero,\n"
"plaid delectus biodiesel squid +1 vice. Post-ironic keffiyeh leggings\n"
"selfies cray fap hoodie, forage anim. Carles cupidatat shoreditch, VHS\n"
"small batch meggings kogi dolore food truck bespoke gastropub.\n"
"\n"
"Terry richardson adipisicing actually typewriter tumblr, twee whatever\n"
"four loko you probably haven't heard of them high life. Messenger bag\n"
"whatever tattooed deep v mlkshk. Brooklyn pinterest assumenda chillwave\n"
"et, banksy ullamco messenger bag umami pariatur direct trade forage.\n"
"Typewriter culpa try-hard, pariatur sint brooklyn meggings. Gentrify\n"
"food truck next level, tousled irony non semiotics PBR ethical anim cred\n"
"readymade. Mumblecore brunch lomo odd future, portland organic terry\n"
"richardson elit leggings adipisicing ennui raw denim banjo hella. Godard\n"
"mixtape polaroid, pork belly readymade organic cray typewriter helvetica\n"
"four loko whatever street art yr farm-to-table.\n"
"\n"
"Vinyl keytar vice tofu. Locavore you probably haven't heard of them pug\n"
"pickled, hella tonx labore truffaut DIY mlkshk elit cosby sweater sint\n"
"et mumblecore. Elit swag semiotics, reprehenderit DIY sartorial nisi ugh\n"
"nesciunt pug pork belly wayfarers selfies delectus. Ethical hoodie\n"
"seitan fingerstache kale chips. Terry richardson artisan williamsburg,\n"
"eiusmod fanny pack irony tonx ennui lo-fi incididunt tofu YOLO\n"
"readymade. 8-bit sed ethnic beard officia. Pour-over iphone DIY butcher,\n"
"ethnic art party qui letterpress nisi proident jean shorts mlkshk\n"
"locavore.\n"
"\n"
"Narwhal flexitarian letterpress, do gluten-free voluptate next level\n"
"banh mi tonx incididunt carles DIY. Odd future nulla 8-bit beard ut\n"
"cillum pickled velit, YOLO officia you probably haven't heard of them\n"
"trust fund gastropub. Nisi adipisicing tattooed, Austin mlkshk 90's\n"
"small batch american apparel. Put a bird on it cosby sweater before they\n"
"sold out pork belly kogi hella. Street art mollit sustainable polaroid,\n"
"DIY ethnic ea pug beard dreamcatcher cosby sweater magna scenester nisi.\n"
"Sed pork belly skateboard mollit, labore proident eiusmod. Sriracha\n"
"excepteur cosby sweater, anim deserunt laborum eu aliquip ethical et\n"
"neutra PBR selvage.\n"
"\n"
"Raw denim pork belly truffaut, irony plaid sustainable put a bird on it\n"
"next level jean shorts exercitation. Hashtag keytar whatever, nihil\n"
"authentic aliquip disrupt laborum. Tattooed selfies deserunt trust fund\n"
"wayfarers. 3 wolf moon synth church-key sartorial, gastropub leggings\n"
"tattooed. Labore high life commodo, meggings raw denim fingerstache pug\n"
"trust fund leggings seitan forage. Nostrud ullamco duis, reprehenderit\n"
"incididunt flannel sustainable helvetica pork belly pug banksy you\n"
"probably haven't heard of them nesciunt farm-to-table. Disrupt nostrud\n"
"mollit magna, sriracha sartorial helvetica.\n"
"\n"
"Nulla kogi reprehenderit, skateboard sustainable duis adipisicing viral\n"
"ad fanny pack salvia. Fanny pack trust fund you probably haven't heard\n"
"of them YOLO vice nihil. Keffiyeh cray lo-fi pinterest cardigan aliqua,\n"
"reprehenderit aute. Culpa tousled williamsburg, marfa lomo actually anim\n"
"skateboard. Iphone aliqua ugh, semiotics pariatur vero readymade\n"
"organic. Marfa squid nulla, in laborum disrupt laboris irure gastropub.\n"
"Veniam sunt food truck leggings, sint vinyl fap.\n"
"\n"
"Hella dolore pork belly, truffaut carles you probably haven't heard of\n"
"them PBR helvetica in sapiente. Fashion axe ugh bushwick american\n"
"apparel. Fingerstache sed iphone, jean shorts blue bottle nisi bushwick\n"
"flexitarian officia veniam plaid bespoke fap YOLO lo-fi. Blog\n"
"letterpress mumblecore, food truck id cray brooklyn cillum ad sed.\n"
"Assumenda chambray wayfarers vinyl mixtape sustainable. VHS vinyl\n"
"delectus, culpa williamsburg polaroid cliche swag church-key synth kogi\n"
"magna pop-up literally. Swag thundercats ennui shoreditch vegan\n"
"pitchfork neutra truffaut etsy, sed single-origin coffee craft beer.\n"
"\n"
"Odio letterpress brooklyn elit. Nulla single-origin coffee in occaecat\n"
"meggings. Irony meggings 8-bit, chillwave lo-fi adipisicing cred\n"
"dreamcatcher veniam. Put a bird on it irony umami, trust fund bushwick\n"
"locavore kale chips. Sriracha swag thundercats, chillwave disrupt\n"
"tousled beard mollit mustache leggings portland next level. Nihil esse\n"
"est, skateboard art party etsy thundercats sed dreamcatcher ut iphone\n"
"swag consectetur et. Irure skateboard banjo, nulla deserunt messenger\n"
"bag dolor terry richardson sapiente.\n";
static const byte sample_text_gz[] = {
0x1F, 0x8B, 0x08, 0x08, 0xC5, 0x49, 0xB5, 0x5B, 0x00, 0x03, 0x63, 0x69, 0x70,
0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x2E, 0x74, 0x78, 0x74, 0x00, 0x8D,
0x58, 0xCB, 0x92, 0xE4, 0xB6, 0x11, 0xBC, 0xE3, 0x2B, 0xEA, 0xA6, 0x83, 0xD9,
0x1D, 0x72, 0xF8, 0x22, 0x1F, 0xB5, 0x96, 0xA5, 0xDD, 0x90, 0xBC, 0xAB, 0xD0,
0x28, 0x36, 0x42, 0x47, 0x90, 0x2C, 0x36, 0xA1, 0x06, 0x09, 0x0A, 0x8F, 0xEE,
0xE1, 0xDF, 0x3B, 0x0B, 0xE0, 0x73, 0x2C, 0x4B, 0xBA, 0xCD, 0xCE, 0x80, 0x78,
0x64, 0x65, 0x65, 0x66, 0xED, 0x3B, 0xE3, 0x5A, 0xC3, 0x81, 0x2D, 0x35, 0x69,
0x32, 0xAD, 0x8E, 0x3A, 0xD2, 0xA0, 0x7D, 0xA7, 0x2B, 0x6A, 0xAC, 0x69, 0x7A,
0x26, 0x9D, 0x22, 0xD3, 0x94, 0x22, 0x69, 0xAA, 0x8D, 0x6F, 0xC9, 0x8D, 0x64,
0x22, 0x99, 0xB1, 0x31, 0xAD, 0x69, 0xD3, 0x18, 0x89, 0xAD, 0x89, 0x6A, 0x72,
0x56, 0x7B, 0x67, 0xDA, 0x2B, 0xBD, 0xC8, 0xEF, 0xB0, 0x4D, 0x74, 0x8E, 0x5B,
0xAA, 0x39, 0x4C, 0xEE, 0xCE, 0xE4, 0x79, 0xF2, 0xDC, 0xF3, 0xD8, 0xB2, 0x37,
0x11, 0x8B, 0x8C, 0x2C, 0x7A, 0x32, 0x93, 0xF3, 0x37, 0x3D, 0x9A, 0x86, 0x4C,
0xAB, 0xF2, 0xB9, 0x57, 0xFA, 0x97, 0x1B, 0x06, 0xD7, 0x3A, 0x7A, 0xF0, 0x68,
0xF4, 0x40, 0xBA, 0x25, 0x0E, 0x81, 0xE9, 0xA6, 0x43, 0xF4, 0x6E, 0x4A, 0xF5,
0x95, 0xFE, 0x41, 0x4F, 0x67, 0x3B, 0x1A, 0x1C, 0xEE, 0x12, 0xB4, 0x8F, 0xCE,
0x1B, 0x6D, 0xB1, 0xDE, 0xBB, 0x4A, 0x4D, 0x56, 0x9B, 0x96, 0x5A, 0xB6, 0xDC,
0xC4, 0x14, 0x70, 0xE5, 0xF5, 0x7D, 0xE1, 0xB7, 0x84, 0x3F, 0xFC, 0xED, 0xEF,
0xF4, 0x30, 0x0D, 0x5F, 0xE9, 0x47, 0x17, 0xE2, 0xC5, 0x78, 0x27, 0x67, 0xDF,
0xB9, 0xEB, 0xCC, 0xCC, 0x3D, 0x59, 0xBE, 0xDD, 0xCC, 0x78, 0x0B, 0x0A, 0x1F,
0x74, 0xF8, 0x8C, 0x1A, 0xAF, 0x67, 0xEA, 0xF4, 0x44, 0xBD, 0x93, 0x7D, 0x2A,
0xEA, 0x9C, 0xD7, 0x37, 0x80, 0x32, 0x9A, 0x01, 0x37, 0xD5, 0xDE, 0xCA, 0xA2,
0x0D, 0xB9, 0xD0, 0x3B, 0xCF, 0xAD, 0x89, 0x4D, 0x5F, 0xD1, 0xE7, 0xF7, 0x2F,
0x2A, 0x0C, 0xDA, 0x5A, 0xAA, 0x35, 0x7E, 0x41, 0xC3, 0xB2, 0x37, 0xDD, 0xDD,
0xCD, 0x50, 0xEB, 0x2C, 0x96, 0x62, 0x3B, 0xD7, 0x52, 0xF4, 0xA9, 0xB9, 0x6F,
0x48, 0xED, 0xEF, 0x54, 0xEA, 0x67, 0xF6, 0x7E, 0x26, 0x8F, 0x3A, 0x68, 0xDF,
0x06, 0xBC, 0x56, 0xB7, 0x66, 0x32, 0xC1, 0x34, 0xD8, 0x88, 0x34, 0x1E, 0x88,
0xED, 0x67, 0x8A, 0xF3, 0xC4, 0x4F, 0xC0, 0xCA, 0x9E, 0x62, 0x1A, 0x6A, 0xEB,
0xAB, 0x02, 0xED, 0xB3, 0xD7, 0x91, 0x81, 0x8A, 0xEA, 0x5C, 0xF2, 0x64, 0xDD,
0xDD, 0xD1, 0xEC, 0x12, 0x4D, 0xDE, 0xD5, 0xBA, 0xC6, 0x77, 0xBD, 0x06, 0xC4,
0x5F, 0x44, 0xEA, 0x59, 0x4B, 0x5D, 0x3B, 0x8A, 0x3D, 0x0F, 0xD4, 0x9B, 0x1B,
0x80, 0x30, 0x1D, 0x30, 0xFA, 0x8F, 0x00, 0x3F, 0xDE, 0xB0, 0x6F, 0xAD, 0x6F,
0x6A, 0xDD, 0x6E, 0x2F, 0x6E, 0xCB, 0x3C, 0xD1, 0x83, 0x06, 0x7B, 0x0F, 0xFD,
0xFD, 0x4A, 0xEF, 0xBC, 0x73, 0x77, 0x3B, 0x8F, 0x34, 0xA1, 0xBA, 0xEC, 0x39,
0x80, 0x33, 0x21, 0xA4, 0x01, 0x55, 0xD7, 0xD4, 0xF4, 0xC6, 0xDA, 0x27, 0x4E,
0x54, 0x1C, 0x2B, 0xEC, 0x37, 0xDE, 0xC3, 0x4C, 0xC9, 0x5A, 0x3D, 0x34, 0x0E,
0xD8, 0x1C, 0x0E, 0xA2, 0x34, 0xE8, 0xC1, 0xD0, 0xA4, 0x51, 0xD5, 0x88, 0x8B,
0xB7, 0xC6, 0xA3, 0x96, 0x40, 0x49, 0xB7, 0xBC, 0xE0, 0x7F, 0x55, 0x3F, 0xEF,
0x6F, 0x6E, 0x92, 0x9D, 0x34, 0xFE, 0x3C, 0x5F, 0x04, 0xA5, 0x6A, 0xFF, 0x30,
0x08, 0xC9, 0xEA, 0xF5, 0x52, 0x2B, 0xFE, 0x57, 0xFA, 0x8E, 0xC7, 0xE8, 0x4D,
0x37, 0xAB, 0x03, 0xFA, 0x23, 0xBF, 0x46, 0x94, 0xFF, 0xC1, 0x16, 0xE0, 0xB9,
0x14, 0x2C, 0x9E, 0x27, 0xEC, 0x98, 0x69, 0x14, 0x92, 0xF1, 0x60, 0x5C, 0x34,
0x4D, 0xA0, 0x1F, 0xDF, 0xFD, 0x44, 0x1C, 0x7B, 0xD3, 0x80, 0x70, 0x42, 0x02,
0x30, 0x84, 0x5B, 0xE5, 0x59, 0xB7, 0xF3, 0x80, 0xFB, 0x01, 0x33, 0xA9, 0x00,
0x37, 0x52, 0xDC, 0xDA, 0xA7, 0x11, 0x85, 0xB7, 0x6E, 0x70, 0xE4, 0xDA, 0x96,
0xBA, 0x84, 0x5B, 0x81, 0x43, 0x93, 0xF3, 0xD1, 0xEA, 0xB1, 0xDD, 0xB8, 0x1F,
0xA5, 0xCC, 0xEA, 0x50, 0x66, 0x69, 0xA9, 0x8D, 0x8C, 0xA7, 0xA2, 0xF3, 0x38,
0x26, 0x43, 0x5E, 0x3F, 0x01, 0xBE, 0x1C, 0x0F, 0x20, 0x7F, 0x75, 0xA8, 0x20,
0x80, 0xC4, 0xC3, 0x5C, 0x8B, 0x0D, 0xD4, 0x60, 0x5E, 0xA3, 0x9E, 0xD0, 0xB4,
0x4B, 0x4F, 0xE6, 0x13, 0x85, 0x60, 0x42, 0x96, 0xED, 0xAA, 0xDB, 0xE9, 0x99,
0xE3, 0x07, 0x0E, 0x61, 0xB3, 0x07, 0xE3, 0xB1, 0xFA, 0xC0, 0x9B, 0xAD, 0xF6,
0xE0, 0x26, 0x33, 0xEA, 0xEA, 0x23, 0xCD, 0x1E, 0x9D, 0xE1, 0x87, 0x4B, 0x74,
0x97, 0x08, 0x3E, 0xA1, 0x28, 0xEA, 0xB3, 0x19, 0x67, 0x8B, 0x76, 0x9A, 0xA3,
0xF6, 0xB9, 0xCF, 0x80, 0x65, 0x97, 0xAE, 0xF4, 0x83, 0x6B, 0xF4, 0x43, 0x20,
0xF9, 0x0B, 0xFC, 0x9B, 0xD2, 0x4D, 0x4D, 0xA6, 0xB9, 0xA3, 0x02, 0x55, 0x79,
0x18, 0x36, 0x19, 0x5F, 0xC9, 0xEA, 0x5A, 0x76, 0x40, 0xB9, 0xBA, 0x0E, 0x9A,
0x44, 0xDF, 0x7C, 0xF8, 0x65, 0x61, 0x5E, 0x81, 0xAB, 0x71, 0xA1, 0x9E, 0x29,
0x3C, 0x59, 0xCB, 0x23, 0xA4, 0xF6, 0x60, 0x1A, 0x0D, 0x5B, 0x39, 0xAE, 0xF4,
0x6F, 0x59, 0x16, 0x9E, 0x60, 0xD8, 0x56, 0xCF, 0xEA, 0x2C, 0x4C, 0x79, 0xD3,
0x5D, 0x51, 0x46, 0xA0, 0x4E, 0xE9, 0xD6, 0xAB, 0x91, 0x43, 0x63, 0x44, 0xD7,
0x70, 0xB9, 0x23, 0x98, 0x4F, 0x3D, 0x03, 0x02, 0xF6, 0x81, 0x56, 0xC1, 0x58,
0x85, 0x07, 0xA7, 0x2D, 0x2C, 0x29, 0xCA, 0x01, 0x45, 0x31, 0x51, 0x8F, 0xD4,
0x19, 0xA1, 0x79, 0x88, 0x5A, 0xA4, 0xF5, 0xAE, 0x2D, 0x4B, 0x63, 0x4C, 0x58,
0xFE, 0xBF, 0xAD, 0xEE, 0xA3, 0x09, 0xF8, 0xE2, 0x89, 0xBE, 0x81, 0x0E, 0x86,
0x3A, 0xF9, 0x5B, 0xA5, 0xD8, 0xA4, 0x00, 0x75, 0x04, 0xF2, 0x23, 0xB8, 0x39,
0x69, 0x50, 0xB7, 0xD0, 0x34, 0x63, 0x54, 0xD8, 0x61, 0xDD, 0xA5, 0x33, 0x47,
0x85, 0x96, 0x22, 0xD0, 0x2F, 0x9F, 0x7E, 0xF8, 0x74, 0x24, 0xEA, 0x57, 0x97,
0x5A, 0xE0, 0x00, 0xCF, 0xC1, 0x67, 0xE1, 0x41, 0xBD, 0x94, 0xA1, 0x03, 0xD3,
0xB4, 0x08, 0x64, 0xF2, 0x17, 0x27, 0x35, 0x37, 0x53, 0xEF, 0x46, 0xCE, 0xD8,
0xD4, 0x09, 0x52, 0xC6, 0x1E, 0xF7, 0x28, 0xDF, 0x08, 0x0F, 0xD0, 0x6F, 0x71,
0xA6, 0xDF, 0xE4, 0x60, 0x8E, 0xC0, 0x1E, 0x78, 0x86, 0x50, 0xB0, 0x9B, 0x84,
0x7E, 0xE8, 0x36, 0xFA, 0x95, 0xF1, 0x12, 0x51, 0xC7, 0x18, 0x96, 0xA2, 0x29,
0xBB, 0x70, 0x02, 0xB4, 0xF9, 0xA8, 0x3D, 0x08, 0x66, 0xA9, 0xB3, 0xFC, 0x0A,
0x94, 0x80, 0xFD, 0x78, 0xDC, 0xAB, 0x82, 0x5A, 0xD2, 0xCD, 0xC2, 0x87, 0xC6,
0x4B, 0x07, 0xFA, 0xD1, 0xC3, 0xD9, 0x34, 0x41, 0x85, 0xF8, 0xD0, 0xB6, 0x0A,
0x9D, 0x00, 0x91, 0x35, 0x05, 0x88, 0xC3, 0xE3, 0x9B, 0x22, 0xD2, 0xB8, 0xFD,
0x95, 0x3E, 0x6D, 0x5D, 0x48, 0xA3, 0x68, 0xCF, 0x02, 0x42, 0x79, 0x79, 0x8A,
0xAA, 0x01, 0xD6, 0x09, 0x14, 0x2C, 0xF4, 0x83, 0xA3, 0x80, 0x31, 0x55, 0x46,
0x6E, 0xC5, 0xE5, 0x2F, 0x30, 0x58, 0x81, 0xA2, 0x90, 0xBE, 0x2E, 0xA1, 0xC3,
0x0F, 0xA6, 0xF5, 0x51, 0x00, 0x39, 0xB6, 0xF2, 0x2A, 0xA3, 0x15, 0x7D, 0x8D,
0xF5, 0x66, 0x5C, 0xD9, 0xFC, 0xCF, 0x2F, 0xBF, 0x08, 0x27, 0xE7, 0xD0, 0x03,
0xB8, 0xD9, 0x00, 0x13, 0x3D, 0x01, 0x6B, 0xB6, 0xA8, 0xCD, 0x5B, 0x3B, 0x3E,
0x93, 0xBF, 0xE6, 0x2E, 0xB7, 0x4A, 0xCF, 0xB3, 0x0A, 0xCE, 0x62, 0x11, 0xD6,
0x1F, 0x68, 0x9B, 0x1D, 0x68, 0xD1, 0x8C, 0x97, 0xBD, 0xA1, 0x07, 0x67, 0x73,
0x87, 0xE0, 0x36, 0xDA, 0x8C, 0xD2, 0xD2, 0xBB, 0x84, 0x28, 0xA9, 0xFE, 0x52,
0x74, 0xD6, 0xB9, 0x0F, 0x0A, 0x6A, 0x2D, 0x28, 0x35, 0x34, 0x3A, 0xD3, 0xE2,
0xCD, 0x35, 0x06, 0x7D, 0x1B, 0x35, 0x85, 0x86, 0xD1, 0x3E, 0xF2, 0x6F, 0xA1,
0xC4, 0x55, 0xBD, 0x00, 0xD8, 0xC3, 0x5D, 0xC2, 0x1D, 0x6B, 0x6B, 0x27, 0x5B,
0x95, 0xF3, 0xAB, 0xB5, 0xD3, 0x37, 0xF2, 0x2C, 0x9C, 0xC7, 0x5D, 0xBD, 0xF1,
0x68, 0x1C, 0xAD, 0xF8, 0xB5, 0xE1, 0x29, 0x72, 0x7A, 0x73, 0x62, 0x55, 0x24,
0xB9, 0x85, 0xDF, 0x7B, 0x29, 0x7D, 0xDE, 0x08, 0xF5, 0xE4, 0x44, 0xDA, 0x1A,
0x30, 0x74, 0xDA, 0xB4, 0x9B, 0x23, 0x9A, 0x3A, 0xC1, 0x53, 0xB2, 0xA2, 0xA3,
0x7B, 0x1F, 0xD9, 0x56, 0xD4, 0x4F, 0x9B, 0xB2, 0x1E, 0xEE, 0xB8, 0x6A, 0x4E,
0xB5, 0xF4, 0x5A, 0xC9, 0x18, 0x27, 0x9C, 0xDE, 0x14, 0x44, 0xED, 0xC4, 0x3C,
0x71, 0x9F, 0x5F, 0xD9, 0x37, 0xA0, 0x78, 0x34, 0x6E, 0xBC, 0xD2, 0x7B, 0x1D,
0xFA, 0x08, 0x39, 0x5A, 0x04, 0x73, 0x15, 0xD9, 0x0A, 0x48, 0xC1, 0x2D, 0x15,
0x4E, 0x84, 0x30, 0x45, 0x69, 0xB3, 0xE5, 0xF6, 0xAD, 0x09, 0x1E, 0xCC, 0x5F,
0x1F, 0x06, 0xD5, 0x58, 0xAD, 0x78, 0xD7, 0x9F, 0xE5, 0xED, 0x3B, 0x09, 0xD5,
0xA6, 0x52, 0x6F, 0x92, 0xD3, 0x3C, 0xC6, 0x1E, 0xF2, 0x93, 0x7C, 0xD3, 0x5F,
0x70, 0x85, 0x5D, 0xF8, 0xAA, 0x9D, 0xB7, 0x7B, 0x24, 0x5A, 0xE9, 0x0A, 0x35,
0x2F, 0xF5, 0xD9, 0x82, 0x02, 0x8A, 0x90, 0x13, 0x5B, 0xB5, 0x67, 0x9C, 0xDD,
0xA0, 0x4E, 0x82, 0x27, 0xDA, 0x7E, 0xE8, 0x8E, 0xCD, 0xE1, 0x56, 0x71, 0x2C,
0xE6, 0x4E, 0x1F, 0x91, 0xCD, 0x7C, 0x6A, 0xB7, 0x78, 0xD0, 0x26, 0xF3, 0x56,
0xA9, 0xD5, 0xA1, 0xC3, 0x3B, 0x98, 0xE9, 0x28, 0x09, 0xEF, 0x50, 0x90, 0xCD,
0xC4, 0x8E, 0x75, 0xCC, 0xAC, 0x2D, 0xC9, 0x03, 0x6D, 0xAC, 0xFE, 0xC4, 0x88,
0x36, 0xD1, 0x3F, 0xBB, 0x1C, 0x7D, 0xB3, 0x14, 0x61, 0x2C, 0xB7, 0x54, 0x4B,
0xDB, 0x64, 0xB6, 0x57, 0x14, 0x16, 0x8E, 0x1E, 0x6C, 0x64, 0xBB, 0x8B, 0x48,
0x5D, 0x96, 0x9D, 0xDC, 0x80, 0xA7, 0xF7, 0x54, 0xC7, 0x46, 0x38, 0x3E, 0x44,
0xDE, 0x7E, 0x92, 0x8D, 0x07, 0xF6, 0x07, 0x37, 0x4E, 0x16, 0x10, 0xB4, 0x7D,
0x88, 0x66, 0x7F, 0xBB, 0xFF, 0xEA, 0x00, 0xF3, 0xFF, 0x97, 0x2C, 0xB5, 0xBE,
0x35, 0x4B, 0x5C, 0x36, 0xEC, 0x4C, 0xBD, 0x2B, 0x7D, 0xBF, 0x46, 0xE2, 0x9C,
0x0E, 0x8A, 0xA3, 0xEC, 0xB1, 0x0E, 0x9A, 0xDA, 0x9A, 0x9B, 0x28, 0x92, 0x10,
0x53, 0x57, 0xEA, 0xEC, 0xA2, 0x32, 0x32, 0x20, 0x1D, 0x97, 0x5C, 0xB6, 0x84,
0xA9, 0x93, 0x8D, 0x95, 0x11, 0xA3, 0x24, 0xA3, 0x2D, 0xC6, 0x4A, 0xEF, 0xAA,
0x1D, 0x85, 0x2B, 0x7D, 0x28, 0xBE, 0x53, 0xCE, 0x10, 0x1F, 0xAE, 0x0E, 0x41,
0x6C, 0x4B, 0x79, 0x12, 0xFB, 0xF7, 0x54, 0xA3, 0x96, 0x54, 0x83, 0x20, 0x96,
0x8F, 0x28, 0xA9, 0x3F, 0x8B, 0x3D, 0xBA, 0x77, 0xDC, 0x24, 0xE1, 0xD4, 0x49,
0x40, 0xD8, 0x78, 0x31, 0x85, 0x43, 0xF6, 0xFE, 0x5C, 0xA6, 0x8F, 0x90, 0x09,
0xB0, 0xE7, 0xC4, 0x95, 0xB2, 0x55, 0x49, 0x97, 0x8F, 0x1C, 0x78, 0x30, 0x20,
0xA0, 0xB4, 0xEF, 0x73, 0x56, 0x59, 0x82, 0xFD, 0xCE, 0xBA, 0x6A, 0x8F, 0x2C,
0x8B, 0x15, 0xFD, 0xA1, 0x85, 0xA8, 0x5C, 0x0F, 0x11, 0xA5, 0x9D, 0xC2, 0x46,
0xC6, 0x9C, 0xC9, 0x40, 0x0B, 0x58, 0x6A, 0x1C, 0x7A, 0x23, 0xF9, 0xE0, 0x95,
0x05, 0x13, 0x58, 0x72, 0xE8, 0x9F, 0x30, 0xAC, 0xCD, 0x26, 0xD4, 0x66, 0x13,
0xDF, 0x1E, 0x7B, 0x4F, 0x9C, 0xBE, 0x38, 0x79, 0x75, 0x92, 0xA4, 0xDA, 0x26,
0x44, 0x55, 0x17, 0xA3, 0xE5, 0x62, 0xDA, 0xEB, 0x86, 0xEA, 0x68, 0xC7, 0xAB,
0xFD, 0x2D, 0x43, 0x59, 0x51, 0xC0, 0x75, 0x64, 0x91, 0x01, 0x29, 0x33, 0x28,
0xF3, 0x04, 0x83, 0x80, 0x75, 0x37, 0x75, 0x0C, 0x03, 0x7B, 0x0A, 0xAB, 0x8E,
0x60, 0x62, 0x8B, 0x4C, 0xAF, 0x2D, 0xA3, 0x2F, 0xFE, 0xAB, 0x45, 0xCF, 0xDA,
0xAB, 0xFA, 0xFA, 0x30, 0x3D, 0xE8, 0xA1, 0x96, 0xA5, 0x7B, 0xE2, 0x2A, 0xD0,
0xAF, 0x59, 0xF7, 0xD0, 0x32, 0x57, 0x19, 0xBD, 0xCA, 0x9F, 0xD5, 0x1A, 0xC7,
0xAA, 0x65, 0x4A, 0x38, 0xB2, 0x70, 0x33, 0xB7, 0x75, 0xD2, 0xCD, 0xD1, 0xF0,
0xA8, 0x87, 0x59, 0x20, 0xA5, 0x57, 0x55, 0xB1, 0xB2, 0xC9, 0x4D, 0x97, 0x34,
0x41, 0xF3, 0xF0, 0x30, 0xA1, 0x2C, 0x1C, 0x49, 0x3E, 0x89, 0x7D, 0x12, 0xE2,
0xC3, 0x04, 0xC3, 0x92, 0xC0, 0xF6, 0x39, 0x10, 0x80, 0x81, 0x8F, 0x08, 0xB4,
0xF8, 0xB9, 0x13, 0x4E, 0x2C, 0xAE, 0xB3, 0x71, 0x82, 0x63, 0x98, 0xAB, 0x5C,
0x1C, 0x10, 0xEA, 0x66, 0xF9, 0x02, 0x3A, 0x82, 0x61, 0xD0, 0xD4, 0xAE, 0x43,
0xD4, 0x01, 0x3E, 0x9D, 0x04, 0x14, 0xF6, 0x60, 0xD8, 0xA7, 0xD6, 0xB8, 0x53,
0xC8, 0xDA, 0x80, 0x93, 0xA0, 0x02, 0xDD, 0xCC, 0xE2, 0xF2, 0xBB, 0xFB, 0xE0,
0x27, 0xD7, 0x34, 0x9A, 0x71, 0x49, 0xB5, 0x4F, 0x42, 0x1F, 0xB2, 0x9D, 0x6D,
0xAA, 0x9D, 0xD3, 0x50, 0xB5, 0x8F, 0x6A, 0x4B, 0xDF, 0x1F, 0xD5, 0x27, 0x8F,
0x3B, 0x27, 0xCF, 0x2F, 0x8C, 0xF8, 0x9D, 0x4C, 0x52, 0xBC, 0x32, 0x0F, 0x73,
0xD5, 0x51, 0x8E, 0x36, 0x7E, 0xAD, 0x09, 0xF0, 0x94, 0x83, 0x5F, 0x36, 0xFD,
0x7C, 0x03, 0xED, 0xF1, 0x5E, 0x4B, 0xF7, 0xAA, 0x55, 0x5C, 0x4A, 0x14, 0x59,
0x85, 0x38, 0x2D, 0x8C, 0xDF, 0xEC, 0x65, 0x1B, 0xB8, 0x76, 0x57, 0x96, 0x3C,
0x86, 0xED, 0xF2, 0x7F, 0x2D, 0x28, 0x48, 0xDA, 0x49, 0x7F, 0xF7, 0x54, 0x2B,
0xD5, 0x39, 0xD5, 0x57, 0x0A, 0x75, 0x7A, 0x3E, 0x5E, 0x5D, 0xBA, 0x4A, 0x15,
0xFA, 0xB8, 0x31, 0x80, 0x71, 0x2C, 0xCA, 0xC4, 0x51, 0x10, 0x16, 0x5D, 0x39,
0xEC, 0x9D, 0x07, 0xB6, 0x6A, 0x89, 0x9F, 0x9B, 0x5B, 0x6F, 0x03, 0xB0, 0x92,
0x01, 0x38, 0x6B, 0x48, 0x99, 0x0A, 0x8F, 0x13, 0xC1, 0xA6, 0x01, 0xEA, 0xBF,
0x6F, 0x86, 0x43, 0x51, 0xB6, 0x11, 0x00, 0x00
};
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t compress_test(void)
{
wc_test_ret_t ret = 0;
word32 dSz = sizeof(sample_text);
word32 cSz = (dSz + (word32)(dSz * 0.001) + 12);
byte *c;
byte *d;
WOLFSSL_ENTER("compress_test");
c = (byte *)XMALLOC(cSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
d = (byte *)XMALLOC(dSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (c == NULL || d == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
}
/* follow calloc and initialize to 0 */
XMEMSET(c, 0, cSz);
XMEMSET(d, 0, dSz);
if ((ret = wc_Compress(c, cSz, sample_text, dSz, 0)) < 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
}
cSz = (word32)ret;
if ((ret = wc_DeCompress(d, dSz, c, cSz)) != (int)dSz) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
}
dSz = (word32)ret;
if (XMEMCMP(d, sample_text, dSz) != 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
}
/* GZIP tests */
cSz = (dSz + (word32)(dSz * 0.001) + 12); /* reset cSz */
XMEMSET(c, 0, cSz);
XMEMSET(d, 0, dSz);
ret = wc_Compress_ex(c, cSz, sample_text, dSz, 0, LIBZ_WINBITS_GZIP);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
cSz = (word32)ret;
ret = wc_DeCompress_ex(d, dSz, c, cSz, LIBZ_WINBITS_GZIP);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
if (XMEMCMP(d, sample_text, dSz) != 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
}
/* Try with gzip generated output */
XMEMSET(d, 0, dSz);
ret = wc_DeCompress_ex(d, dSz, sample_text_gz, sizeof(sample_text_gz),
LIBZ_WINBITS_GZIP);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
dSz = (word32)ret;
if (XMEMCMP(d, sample_text, dSz) != 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
}
ret = 0; /* success */
exit:
XFREE(c, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(d, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
#endif /* HAVE_LIBZ */
#ifdef HAVE_PKCS7
/* External Debugging/Testing Note:
*
* PKCS#7 test functions can output generated PKCS#7/CMS bundles for
* additional testing. To dump bundles to files DER encoded files, please
* define:
*
* #define PKCS7_OUTPUT_TEST_BUNDLES
*/
/* Loads certs and keys for use with PKCS7 tests, from either files
* or buffers.
*
* rsaClientCertBuf - output buffer for RSA client cert
* rsaClientCertBufSz - IN/OUT size of output buffer, size of RSA client cert
* rsaClientPrivKeyBuf - output buffer for RSA client private key
* rsaClientPrivKeyBufSz - IN/OUT size of output buffer, size of RSA client key
*
* rsaServerCertBuf - output buffer for RSA server cert
* rsaServerCertBufSz - IN/OUT size of output buffer, size of RSA server cert
* rsaServerPrivKeyBuf - output buffer for RSA server private key
* rsaServerPrivKeyBufSz - IN/OUT size of output buffer, size of RSA server key
*
* rsaCaCertBuf - output buffer for RSA CA cert
* rsaCaCertBufSz - IN/OUT size of output buffer, size of RSA ca cert
* rsaCaPrivKeyBuf - output buffer for RSA CA private key
* rsaCaPrivKeyBufSz - IN/OUT size of output buffer, size of RSA CA key
*
* eccClientCertBuf - output buffer for ECC cert
* eccClientCertBufSz - IN/OUT size of output buffer, size of ECC cert
* eccClientPrivKeyBuf - output buffer for ECC private key
* eccClientPrivKeyBufSz - IN/OUT size of output buffer, size of ECC private key
*
* Returns 0 on success, negative on error
*/
static wc_test_ret_t pkcs7_load_certs_keys(
byte* rsaClientCertBuf, word32* rsaClientCertBufSz,
byte* rsaClientPrivKeyBuf, word32* rsaClientPrivKeyBufSz,
byte* rsaServerCertBuf, word32* rsaServerCertBufSz,
byte* rsaServerPrivKeyBuf, word32* rsaServerPrivKeyBufSz,
byte* rsaCaCertBuf, word32* rsaCaCertBufSz,
byte* rsaCaPrivKeyBuf, word32* rsaCaPrivKeyBufSz,
byte* eccClientCertBuf, word32* eccClientCertBufSz,
byte* eccClientPrivKeyBuf, word32* eccClientPrivKeyBufSz)
{
#ifndef NO_FILESYSTEM
XFILE certFile;
XFILE keyFile;
(void)certFile;
(void)keyFile;
#endif
#ifndef NO_RSA
if (rsaClientCertBuf == NULL || rsaClientCertBufSz == NULL ||
rsaClientPrivKeyBuf == NULL || rsaClientPrivKeyBufSz == NULL)
return BAD_FUNC_ARG;
#endif
#ifdef HAVE_ECC
if (eccClientCertBuf == NULL || eccClientCertBufSz == NULL ||
eccClientPrivKeyBuf == NULL || eccClientPrivKeyBufSz == NULL)
return BAD_FUNC_ARG;
#endif
/* RSA */
#ifndef NO_RSA
#ifdef USE_CERT_BUFFERS_1024
if (*rsaClientCertBufSz < (word32)sizeof_client_cert_der_1024)
return WC_TEST_RET_ENC_NC;
XMEMCPY(rsaClientCertBuf, client_cert_der_1024,
sizeof_client_cert_der_1024);
*rsaClientCertBufSz = sizeof_client_cert_der_1024;
if (rsaServerCertBuf != NULL) {
if (*rsaServerCertBufSz < (word32)sizeof_server_cert_der_1024)
return WC_TEST_RET_ENC_NC;
XMEMCPY(rsaServerCertBuf, server_cert_der_1024,
sizeof_server_cert_der_1024);
*rsaServerCertBufSz = sizeof_server_cert_der_1024;
}
if (rsaCaCertBuf != NULL) {
if (*rsaCaCertBufSz < (word32)sizeof_ca_cert_der_1024)
return WC_TEST_RET_ENC_NC;
XMEMCPY(rsaCaCertBuf, ca_cert_der_1024, sizeof_ca_cert_der_1024);
*rsaCaCertBufSz = sizeof_ca_cert_der_1024;
}
#elif defined(USE_CERT_BUFFERS_2048)
if (*rsaClientCertBufSz < (word32)sizeof_client_cert_der_2048)
return WC_TEST_RET_ENC_NC;
XMEMCPY(rsaClientCertBuf, client_cert_der_2048,
sizeof_client_cert_der_2048);
*rsaClientCertBufSz = sizeof_client_cert_der_2048;
if (rsaServerCertBuf != NULL) {
if (*rsaServerCertBufSz < (word32)sizeof_server_cert_der_2048)
return WC_TEST_RET_ENC_NC;
XMEMCPY(rsaServerCertBuf, server_cert_der_2048,
sizeof_server_cert_der_2048);
*rsaServerCertBufSz = sizeof_server_cert_der_2048;
}
if (rsaCaCertBuf != NULL) {
if (*rsaCaCertBufSz < (word32)sizeof_ca_cert_der_2048)
return WC_TEST_RET_ENC_NC;
XMEMCPY(rsaCaCertBuf, ca_cert_der_2048, sizeof_ca_cert_der_2048);
*rsaCaCertBufSz = sizeof_ca_cert_der_2048;
}
#else
certFile = XFOPEN(clientCert, "rb");
if (!certFile)
return WC_TEST_RET_ENC_ERRNO;
*rsaClientCertBufSz = (word32)XFREAD(rsaClientCertBuf, 1,
*rsaClientCertBufSz, certFile);
XFCLOSE(certFile);
if (*rsaClientCertBufSz == 0)
return WC_TEST_RET_ENC_ERRNO;
if (rsaServerCertBuf != NULL) {
certFile = XFOPEN(rsaServerCertDerFile, "rb");
if (!certFile)
return WC_TEST_RET_ENC_ERRNO;
*rsaServerCertBufSz = (word32)XFREAD(rsaServerCertBuf, 1,
*rsaServerCertBufSz, certFile);
XFCLOSE(certFile);
if (*rsaServerCertBufSz == 0)
return WC_TEST_RET_ENC_ERRNO;
}
if (rsaCaCertBuf != NULL) {
certFile = XFOPEN(rsaCaCertDerFile, "rb");
if (!certFile)
return WC_TEST_RET_ENC_ERRNO;
*rsaCaCertBufSz = (word32)XFREAD(rsaCaCertBuf, 1, *rsaCaCertBufSz,
certFile);
XFCLOSE(certFile);
if (*rsaCaCertBufSz == 0)
return WC_TEST_RET_ENC_ERRNO;
}
#endif
#ifdef USE_CERT_BUFFERS_1024
if (*rsaClientPrivKeyBufSz < (word32)sizeof_client_key_der_1024)
return WC_TEST_RET_ENC_NC;
XMEMCPY(rsaClientPrivKeyBuf, client_key_der_1024,
sizeof_client_key_der_1024);
*rsaClientPrivKeyBufSz = sizeof_client_key_der_1024;
if (rsaServerPrivKeyBuf != NULL) {
if (*rsaServerPrivKeyBufSz < (word32)sizeof_server_key_der_1024)
return WC_TEST_RET_ENC_NC;
XMEMCPY(rsaServerPrivKeyBuf, server_key_der_1024,
sizeof_server_key_der_1024);
*rsaServerPrivKeyBufSz = sizeof_server_key_der_1024;
}
if (rsaCaPrivKeyBuf != NULL) {
if (*rsaCaPrivKeyBufSz < (word32)sizeof_ca_key_der_1024)
return WC_TEST_RET_ENC_NC;
XMEMCPY(rsaCaPrivKeyBuf, ca_key_der_1024, sizeof_ca_key_der_1024);
*rsaCaPrivKeyBufSz = sizeof_ca_key_der_1024;
}
#elif defined(USE_CERT_BUFFERS_2048)
if (*rsaClientPrivKeyBufSz < (word32)sizeof_client_key_der_2048)
return WC_TEST_RET_ENC_NC;
XMEMCPY(rsaClientPrivKeyBuf, client_key_der_2048,
sizeof_client_key_der_2048);
*rsaClientPrivKeyBufSz = sizeof_client_key_der_2048;
if (rsaServerPrivKeyBuf != NULL) {
if (*rsaServerPrivKeyBufSz < (word32)sizeof_server_key_der_2048)
return WC_TEST_RET_ENC_NC;
XMEMCPY(rsaServerPrivKeyBuf, server_key_der_2048,
sizeof_server_key_der_2048);
*rsaServerPrivKeyBufSz = sizeof_server_key_der_2048;
}
if (rsaCaPrivKeyBuf != NULL) {
if (*rsaCaPrivKeyBufSz < (word32)sizeof_ca_key_der_2048)
return WC_TEST_RET_ENC_NC;
XMEMCPY(rsaCaPrivKeyBuf, ca_key_der_2048, sizeof_ca_key_der_2048);
*rsaCaPrivKeyBufSz = sizeof_ca_key_der_2048;
}
#else
keyFile = XFOPEN(clientKey, "rb");
if (!keyFile)
return WC_TEST_RET_ENC_ERRNO;
*rsaClientPrivKeyBufSz = (word32)XFREAD(rsaClientPrivKeyBuf, 1,
*rsaClientPrivKeyBufSz, keyFile);
XFCLOSE(keyFile);
if (*rsaClientPrivKeyBufSz == 0)
return WC_TEST_RET_ENC_ERRNO;
if (rsaServerPrivKeyBuf != NULL) {
keyFile = XFOPEN(rsaServerKeyDerFile, "rb");
if (!keyFile)
return WC_TEST_RET_ENC_ERRNO;
*rsaServerPrivKeyBufSz = (word32)XFREAD(rsaServerPrivKeyBuf, 1,
*rsaServerPrivKeyBufSz, keyFile);
XFCLOSE(keyFile);
if (*rsaServerPrivKeyBufSz == 0)
return WC_TEST_RET_ENC_ERRNO;
}
if (rsaCaPrivKeyBuf != NULL) {
keyFile = XFOPEN(rsaCaKeyFile, "rb");
if (!keyFile)
return WC_TEST_RET_ENC_ERRNO;
*rsaCaPrivKeyBufSz = (word32)XFREAD(rsaCaPrivKeyBuf, 1,
*rsaCaPrivKeyBufSz, keyFile);
XFCLOSE(keyFile);
if (*rsaCaPrivKeyBufSz == 0)
return WC_TEST_RET_ENC_ERRNO;
}
#endif /* USE_CERT_BUFFERS */
#endif /* NO_RSA */
/* ECC */
#ifdef HAVE_ECC
#ifdef USE_CERT_BUFFERS_256
if (*eccClientCertBufSz < (word32)sizeof_cliecc_cert_der_256)
return WC_TEST_RET_ENC_NC;
XMEMCPY(eccClientCertBuf, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
*eccClientCertBufSz = sizeof_cliecc_cert_der_256;
#else
certFile = XFOPEN(eccClientCert, "rb");
if (!certFile)
return WC_TEST_RET_ENC_ERRNO;
*eccClientCertBufSz = (word32)XFREAD(eccClientCertBuf, 1,
*eccClientCertBufSz, certFile);
XFCLOSE(certFile);
if (*eccClientCertBufSz == 0)
return WC_TEST_RET_ENC_ERRNO;
#endif /* USE_CERT_BUFFERS_256 */
#ifdef USE_CERT_BUFFERS_256
if (*eccClientPrivKeyBufSz < (word32)sizeof_ecc_clikey_der_256)
return WC_TEST_RET_ENC_NC;
XMEMCPY(eccClientPrivKeyBuf, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
*eccClientPrivKeyBufSz = sizeof_ecc_clikey_der_256;
#else
keyFile = XFOPEN(eccClientKey, "rb");
if (!keyFile)
return WC_TEST_RET_ENC_ERRNO;
*eccClientPrivKeyBufSz = (word32)XFREAD(eccClientPrivKeyBuf, 1,
*eccClientPrivKeyBufSz, keyFile);
XFCLOSE(keyFile);
if (*eccClientPrivKeyBufSz == 0)
return WC_TEST_RET_ENC_ERRNO;
#endif /* USE_CERT_BUFFERS_256 */
#endif /* HAVE_ECC */
#ifdef NO_RSA
(void)rsaClientCertBuf;
(void)rsaClientCertBufSz;
(void)rsaClientPrivKeyBuf;
(void)rsaClientPrivKeyBufSz;
(void)rsaServerCertBuf;
(void)rsaServerCertBufSz;
(void)rsaServerPrivKeyBuf;
(void)rsaServerPrivKeyBufSz;
(void)rsaCaCertBuf;
(void)rsaCaCertBufSz;
(void)rsaCaPrivKeyBuf;
(void)rsaCaPrivKeyBufSz;
#endif
#ifndef HAVE_ECC
(void)eccClientCertBuf;
(void)eccClientCertBufSz;
(void)eccClientPrivKeyBuf;
(void)eccClientPrivKeyBufSz;
#endif
#ifndef NO_FILESYSTEM
(void)certFile;
(void)keyFile;
#endif
return 0;
}
typedef struct {
const byte* content;
word32 contentSz;
int contentOID;
int encryptOID;
int keyWrapOID;
int keyAgreeOID;
byte* cert;
size_t certSz;
byte* privateKey;
word32 privateKeySz;
byte* optionalUkm;
word32 optionalUkmSz;
int ktriOptions; /* KTRI options flags */
int kariOptions; /* KARI options flags */
/* KEKRI specific */
const byte* secretKey; /* key, only for kekri RecipientInfo types */
word32 secretKeySz; /* size of secretKey, bytes */
const byte* secretKeyId; /* key identifier */
word32 secretKeyIdSz; /* size of key identifier, bytes */
void* timePtr; /* time_t pointer */
byte* otherAttrOID; /* OPTIONAL, other attribute OID */
word32 otherAttrOIDSz; /* size of otherAttrOID, bytes */
byte* otherAttr; /* OPTIONAL, other attribute, ASN.1 encoded */
word32 otherAttrSz; /* size of otherAttr, bytes */
int kekriOptions; /* KEKRI options flags */
/* PWRI specific */
const char* password;
word32 passwordSz;
const byte* salt;
word32 saltSz;
int kdfOID;
int hashOID;
int kdfIterations;
int pwriOptions; /* PWRI options flags */
/* ORI specific */
int isOri;
int oriOptions; /* ORI options flags */
const char* outFileName;
} pkcs7EnvelopedVector;
static const byte asnDataOid[] = {
0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01
};
/* ORI encrypt callback, responsible for encrypting content-encryption key (CEK)
* and giving wolfCrypt the value for oriOID and oriValue to place in
* OtherRecipientInfo.
*
* Returns 0 on success, negative upon error. */
static int myOriEncryptCb(wc_PKCS7* pkcs7, byte* cek, word32 cekSz, byte* oriType,
word32* oriTypeSz, byte* oriValue, word32* oriValueSz,
void* ctx)
{
int i;
/* make sure buffers are large enough */
if (*oriValueSz < (2 + cekSz))
return WC_TEST_RET_ENC_NC;
if (*oriTypeSz < sizeof(asnDataOid))
return WC_TEST_RET_ENC_NC;
/* our simple encryption algorithm will be take the bitwise complement */
oriValue[0] = 0x04; /*ASN OCTET STRING */
oriValue[1] = (byte)cekSz; /* length */
for (i = 0; i < (int)cekSz; i++) {
oriValue[2 + i] = ~cek[i];
}
*oriValueSz = 2 + cekSz;
/* set oriType to ASN.1 encoded data OID */
XMEMCPY(oriType, asnDataOid, sizeof(asnDataOid));
*oriTypeSz = sizeof(asnDataOid);
(void)pkcs7;
(void)ctx;
return 0;
}
/* ORI decrypt callback, responsible for providing a decrypted content
* encryption key (CEK) placed into decryptedKey and size placed into
* decryptedKeySz. oriOID and oriValue are given to the callback to help
* in decrypting the encrypted CEK.
*
* Returns 0 on success, negative upon error. */
static int myOriDecryptCb(wc_PKCS7* pkcs7, byte* oriType, word32 oriTypeSz,
byte* oriValue, word32 oriValueSz, byte* decryptedKey,
word32* decryptedKeySz, void* ctx)
{
int i;
/* make sure oriType matches what we expect */
if (oriTypeSz != sizeof(asnDataOid))
return WC_TEST_RET_ENC_NC;
if (XMEMCMP(oriType, asnDataOid, sizeof(asnDataOid)) != 0)
return WC_TEST_RET_ENC_NC;
/* make sure decrypted buffer is large enough */
if (*decryptedKeySz < oriValueSz)
return WC_TEST_RET_ENC_NC;
/* decrypt encrypted CEK using simple bitwise complement,
only for example */
for (i = 0; i < (int)oriValueSz - 2; i++) {
decryptedKey[i] = ~oriValue[2 + i];
}
*decryptedKeySz = oriValueSz - 2;
(void)pkcs7;
(void)ctx;
return 0;
}
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
/* returns 0 on success */
static int myDecryptionFunc(wc_PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
byte* aad, word32 aadSz, byte* authTag, word32 authTagSz,
byte* in, int inSz, byte* out, void* usrCtx)
{
wc_test_ret_t ret;
int keyId = -1, keySz;
word32 keyIdSz = 8;
const byte* key;
byte keyIdRaw[8];
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
Aes *aes;
#else
Aes aes[1];
#endif
/* looking for KEY ID
* fwDecryptKeyID OID "1.2.840.113549.1.9.16.2.37
*/
WOLFSSL_SMALL_STACK_STATIC const unsigned char OID[] = {
/* 0x06, 0x0B do not pass in tag and length */
0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
0x01, 0x09, 0x10, 0x02, 0x25
};
WOLFSSL_SMALL_STACK_STATIC const byte defKey[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
};
WOLFSSL_SMALL_STACK_STATIC const byte altKey[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
};
/* test user context passed in */
if (usrCtx == NULL || *(int*)usrCtx != 1) {
return WC_TEST_RET_ENC_NC;
}
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if ((aes = (Aes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
return WC_TEST_RET_ENC_ERRNO;
#endif
/* if needing to find keyIdSz can call with NULL */
ret = wc_PKCS7_GetAttributeValue(pkcs7, OID, sizeof(OID), NULL,
&keyIdSz);
if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
printf("Unexpected error %d when getting keyIdSz\n", ret);
printf("Possibly no KEY ID attribute set\n");
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
else {
XMEMSET(keyIdRaw, 0, sizeof(keyIdRaw));
ret = wc_PKCS7_GetAttributeValue(pkcs7, OID, sizeof(OID), keyIdRaw,
&keyIdSz);
if (ret < 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
if (keyIdSz < 3) {
printf("keyIdSz is smaller than expected\n");
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
if (keyIdSz > 2 + sizeof(int)) {
printf("example case was only expecting a keyId of int size\n");
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
/* keyIdRaw[0] OCTET TAG */
/* keyIdRaw[1] Length */
#ifdef BIG_ENDIAN_ORDER
if (keyIdRaw[1] == 0x01) {
keyId = 1;
}
#else
XMEMCPY(&keyId, keyIdRaw + 2, sizeof(keyId));
#endif
}
/* Use keyID here if found to select key and decrypt in HSM or in this
* example just select key and do software decryption */
if (keyId == 1) {
key = altKey;
keySz = sizeof(altKey);
}
else {
key = defKey;
keySz = sizeof(defKey);
}
switch (encryptOID) {
#ifdef WOLFSSL_AES_256
case AES256CBCb:
if ((keySz != 32 ) || (ivSz != WC_AES_BLOCK_SIZE))
WARNING_OUT(BAD_FUNC_ARG, out);
break;
#endif
#ifdef WOLFSSL_AES_128
case AES128CBCb:
if ((keySz != 16 ) || (ivSz != WC_AES_BLOCK_SIZE))
ERROR_OUT(BAD_FUNC_ARG, out);
break;
#endif
default:
printf("Unsupported content cipher type for example");
ERROR_OUT(ALGO_ID_E, out);
};
ret = test_AesCbcInit(aes, HEAP_HINT, devId);
if (ret == 0) {
ret = wc_AesSetKey(aes, key, (word32)keySz, iv, AES_DECRYPTION);
if (ret == 0)
ret = wc_AesCbcDecrypt(aes, out, in, (word32)inSz);
wc_AesFree(aes);
}
out:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
(void)aad;
(void)aadSz;
(void)authTag;
(void)authTagSz;
return (int)ret;
}
#endif /* !NO_AES && HAVE_AES_CBC */
#define PKCS7_BUF_SIZE 2048
static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
byte* rsaPrivKey, word32 rsaPrivKeySz,
byte* eccCert, word32 eccCertSz,
byte* eccPrivKey, word32 eccPrivKeySz)
{
wc_test_ret_t ret = 0;
int testSz = 0, i;
int envelopedSz, decodedSz;
byte *enveloped = NULL;
byte *decoded = NULL;
wc_PKCS7* pkcs7 = NULL;
#ifdef ECC_TIMING_RESISTANT
WC_RNG rng;
#endif
#ifdef PKCS7_OUTPUT_TEST_BUNDLES
XFILE pkcs7File;
#endif
WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
0x72,0x6c,0x64
};
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) && \
defined(HAVE_ECC) && defined(WOLFSSL_SHA512) && \
defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF)
byte optionalUkm[] = {
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
};
#endif /* !NO_AES */
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
!defined(NO_SHA) && defined(HAVE_AES_KEYWRAP)
/* encryption key for kekri recipient types */
WOLFSSL_SMALL_STACK_STATIC const byte secretKey[] = {
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
};
/* encryption key identifier */
WOLFSSL_SMALL_STACK_STATIC const byte secretKeyId[] = {
0x02,0x02,0x03,0x04
};
#endif
#if !defined(NO_PWDBASED) && !defined(NO_SHA) && \
!defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
defined(HAVE_AES_KEYWRAP)
#ifndef HAVE_FIPS
WOLFSSL_SMALL_STACK_STATIC const char password[] = "password"; /* NOTE: Password is too short for FIPS */
#else
WOLFSSL_SMALL_STACK_STATIC const char password[] = "passwordFIPS_MODE";
#endif
WOLFSSL_SMALL_STACK_STATIC const byte salt[] = {
0x12, 0x34, 0x56, 0x78, 0x78, 0x56, 0x34, 0x12
};
#endif
#define MAX_TESTVECTORS_LEN 13
#define ADD_PKCS7ENVELOPEDVECTOR(...) { \
pkcs7EnvelopedVector _this_vector = { __VA_ARGS__ }; \
if (testSz == MAX_TESTVECTORS_LEN) { \
ret = WC_TEST_RET_ENC_NC; \
goto out; \
} \
XMEMCPY(&testVectors[testSz++], &_this_vector, sizeof _this_vector);\
}
pkcs7EnvelopedVector *testVectors = NULL;
#ifdef ECC_TIMING_RESISTANT
XMEMSET(&rng, 0, sizeof(rng));
#endif
testVectors = (pkcs7EnvelopedVector *)XMALLOC(MAX_TESTVECTORS_LEN * sizeof(*testVectors),
HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (testVectors == NULL) {
ret = WC_TEST_RET_ENC_ERRNO;
goto out;
}
{
/* key transport key encryption technique */
#ifndef NO_RSA
#ifndef NO_DES3
ADD_PKCS7ENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, DES3b, 0, 0, rsaCert, rsaCertSz,
rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
"pkcs7envelopedDataDES3.der");
#endif
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_KEYWRAP)
#ifdef WOLFSSL_AES_128
ADD_PKCS7ENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, rsaCert, rsaCertSz,
rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
"pkcs7envelopedDataAES128CBC.der");
#endif
#ifdef WOLFSSL_AES_192
ADD_PKCS7ENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES192CBCb, 0, 0, rsaCert, rsaCertSz,
rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
"pkcs7envelopedDataAES192CBC.der");
#endif
#ifdef WOLFSSL_AES_256
ADD_PKCS7ENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz,
rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
"pkcs7envelopedDataAES256CBC.der");
/* explicitly using SKID for SubjectKeyIdentifier */
ADD_PKCS7ENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz,
rsaPrivKey, rsaPrivKeySz, NULL, 0, CMS_SKID, 0, NULL, 0, NULL, 0, NULL,
NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
"pkcs7envelopedDataAES256CBC_SKID.der");
/* explicitly using IssuerAndSerialNumber for SubjectKeyIdentifier */
ADD_PKCS7ENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz,
rsaPrivKey, rsaPrivKeySz, NULL, 0, CMS_ISSUER_AND_SERIAL_NUMBER, 0,
NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0,
0, 0, 0, 0, "pkcs7envelopedDataAES256CBC_IANDS.der");
#endif
#endif /* !NO_AES && HAVE_AES_CBC && HAVE_AES_KEYWRAP */
#endif
/* key agreement key encryption technique*/
#if defined(HAVE_ECC) && defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF)
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
ADD_PKCS7ENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP,
dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey,
eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0,
0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
"pkcs7envelopedDataAES128CBC_ECDH_SHA1KDF.der");
#endif
#if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
ADD_PKCS7ENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP,
dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0,
0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
"pkcs7envelopedDataAES256CBC_ECDH_SHA256KDF.der");
#endif /* NO_SHA256 && WOLFSSL_AES_256 */
#if defined(WOLFSSL_SHA512) && defined(WOLFSSL_AES_256)
ADD_PKCS7ENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP,
dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0,
0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
"pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF.der");
/* with optional user keying material (ukm) */
ADD_PKCS7ENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP,
dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
eccPrivKeySz, optionalUkm, sizeof(optionalUkm), 0, 0, NULL, 0,
NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
"pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF_ukm.der");
#endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */
#endif /* !NO_AES && HAVE_AES_CBC */
#endif
/* kekri (KEKRecipientInfo) recipient types */
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_KEYWRAP)
#if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
ADD_PKCS7ENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP, 0,
NULL, 0, NULL, 0, NULL, 0, 0, 0, secretKey, sizeof(secretKey),
secretKeyId, sizeof(secretKeyId), NULL, NULL, 0, NULL, 0,
0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
"pkcs7envelopedDataAES128CBC_KEKRI.der");
#endif
#endif /* !NO_AES && HAVE_AES_CBC && HAVE_AES_KEYWRAP */
/* pwri (PasswordRecipientInfo) recipient types */
#if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AES_CBC)
#if !defined(NO_SHA) && defined(WOLFSSL_AES_128) && \
defined(HAVE_AES_KEYWRAP)
ADD_PKCS7ENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0,
NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
NULL, 0, NULL, NULL, 0, NULL, 0, 0, password,
(word32)XSTRLEN(password), salt, sizeof(salt), PBKDF2_OID, WC_SHA, 5,
0, 0, 0, "pkcs7envelopedDataAES128CBC_PWRI.der");
#endif
#endif
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
defined(HAVE_AES_KEYWRAP)
/* ori (OtherRecipientInfo) recipient types */
ADD_PKCS7ENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, NULL, 0, NULL, 0,
NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0,
NULL, 0, 0, 0, 0, 0, 1, 0, "pkcs7envelopedDataAES128CBC_ORI.der");
#endif
};
#undef MAX_TESTVECTORS_LEN
#undef ADD_PKCS7ENVELOPEDVECTOR
enveloped = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if ((! enveloped) || (! decoded)) {
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#ifdef ECC_TIMING_RESISTANT
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
ret = wc_InitRng(&rng);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#endif
for (i = 0; i < testSz; i++) {
pkcs7 = wc_PKCS7_New(HEAP_HINT,
#ifdef WOLFSSL_ASYNC_CRYPT
INVALID_DEVID /* async PKCS7 is not supported */
#else
devId
#endif
);
if (pkcs7 == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
}
if (testVectors[i].secretKey != NULL) {
/* KEKRI recipient type */
ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
pkcs7->content = (byte*)testVectors[i].content;
pkcs7->contentSz = testVectors[i].contentSz;
pkcs7->contentOID = testVectors[i].contentOID;
pkcs7->encryptOID = testVectors[i].encryptOID;
pkcs7->ukm = testVectors[i].optionalUkm;
pkcs7->ukmSz = testVectors[i].optionalUkmSz;
ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, testVectors[i].keyWrapOID,
(byte *)testVectors[i].secretKey, testVectors[i].secretKeySz,
(byte *)testVectors[i].secretKeyId, testVectors[i].secretKeyIdSz,
testVectors[i].timePtr, testVectors[i].otherAttrOID,
testVectors[i].otherAttrOIDSz, testVectors[i].otherAttr,
testVectors[i].otherAttrSz, testVectors[i].kekriOptions);
if (ret < 0) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
/* set key, for decryption */
ret = wc_PKCS7_SetKey(pkcs7, (byte *)testVectors[i].secretKey,
testVectors[i].secretKeySz);
if (ret != 0) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
} else if (testVectors[i].password != NULL) {
#if !defined(NO_PWDBASED) && !defined(NO_SHA)
/* PWRI recipient type */
ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
pkcs7->content = (byte*)testVectors[i].content;
pkcs7->contentSz = testVectors[i].contentSz;
pkcs7->contentOID = testVectors[i].contentOID;
pkcs7->encryptOID = testVectors[i].encryptOID;
pkcs7->ukm = testVectors[i].optionalUkm;
pkcs7->ukmSz = testVectors[i].optionalUkmSz;
ret = wc_PKCS7_AddRecipient_PWRI(pkcs7,
(byte *)testVectors[i].password, testVectors[i].passwordSz,
(byte *)testVectors[i].salt, testVectors[i].saltSz,
testVectors[i].kdfOID,
testVectors[i].hashOID, testVectors[i].kdfIterations,
testVectors[i].encryptOID, testVectors[i].pwriOptions);
if (ret < 0) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
/* set password, for decryption */
ret = wc_PKCS7_SetPassword(pkcs7, (byte*)testVectors[i].password,
testVectors[i].passwordSz);
if (ret < 0) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
#endif /* ! NO_PWDBASED && ! NO_SHA */
} else if (testVectors[i].isOri == 1) {
/* ORI recipient type */
ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
pkcs7->content = (byte*)testVectors[i].content;
pkcs7->contentSz = testVectors[i].contentSz;
pkcs7->contentOID = testVectors[i].contentOID;
pkcs7->encryptOID = testVectors[i].encryptOID;
ret = wc_PKCS7_AddRecipient_ORI(pkcs7, myOriEncryptCb,
testVectors[i].oriOptions);
if (ret < 0) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
/* set decrypt callback for decryption */
ret = wc_PKCS7_SetOriDecryptCb(pkcs7, myOriDecryptCb);
if (ret < 0) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
} else {
/* KTRI or KARI recipient types */
ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
(word32)testVectors[i].certSz);
if (ret != 0) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
pkcs7->keyWrapOID = testVectors[i].keyWrapOID;
pkcs7->keyAgreeOID = testVectors[i].keyAgreeOID;
pkcs7->privateKey = testVectors[i].privateKey;
pkcs7->privateKeySz = testVectors[i].privateKeySz;
pkcs7->content = (byte*)testVectors[i].content;
pkcs7->contentSz = testVectors[i].contentSz;
pkcs7->contentOID = testVectors[i].contentOID;
pkcs7->encryptOID = testVectors[i].encryptOID;
pkcs7->ukm = testVectors[i].optionalUkm;
pkcs7->ukmSz = testVectors[i].optionalUkmSz;
/* set SubjectIdentifier type for KTRI types */
if (testVectors[i].ktriOptions & CMS_SKID) {
ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
if (ret != 0) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
} else if (testVectors[i].ktriOptions &
CMS_ISSUER_AND_SERIAL_NUMBER) {
ret = wc_PKCS7_SetSignerIdentifierType(pkcs7,
CMS_ISSUER_AND_SERIAL_NUMBER);
if (ret != 0) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
}
}
#ifdef ECC_TIMING_RESISTANT
pkcs7->rng = &rng;
#endif
/* encode envelopedData */
envelopedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, enveloped,
PKCS7_BUF_SIZE);
if (envelopedSz <= 0) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_EC(envelopedSz), out);
}
/* decode envelopedData */
pkcs7->contentOID = 0;
decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped, (word32)envelopedSz,
decoded, PKCS7_BUF_SIZE);
if (pkcs7->contentOID != testVectors[i].contentOID ||
decodedSz <= 0) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
}
/* test decode result */
if (XMEMCMP(decoded, data, sizeof(data)) != 0){
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#ifndef NO_PKCS7_STREAM
{ /* test reading byte by byte */
int z;
for (z = 0; z < envelopedSz; z++) {
decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped + z, 1,
decoded, PKCS7_BUF_SIZE);
if (decodedSz <= 0 &&
decodedSz != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E))
{
printf("unexpected error %d\n", decodedSz);
ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
}
}
/* test decode result */
if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
printf("stream read compare failed\n");
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
}
#endif
#ifdef PKCS7_OUTPUT_TEST_BUNDLES
/* output pkcs7 envelopedData for external testing */
pkcs7File = XFOPEN(testVectors[i].outFileName, "wb");
if (!pkcs7File) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
}
ret = (int)XFWRITE(enveloped, 1, envelopedSz, pkcs7File);
XFCLOSE(pkcs7File);
if (ret != envelopedSz) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
} else {
/* reset ret to 0 for success */
ret = 0;
}
#endif /* PKCS7_OUTPUT_TEST_BUNDLES */
wc_PKCS7_Free(pkcs7);
pkcs7 = NULL;
}
#ifdef ECC_TIMING_RESISTANT
wc_FreeRng(&rng);
#endif
(void)eccCert;
(void)eccCertSz;
(void)eccPrivKey;
(void)eccPrivKeySz;
(void)rsaCert;
(void)rsaCertSz;
(void)rsaPrivKey;
(void)rsaPrivKeySz;
out:
XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(enveloped, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7enveloped_test(void)
{
wc_test_ret_t ret = 0;
byte* rsaCert = NULL;
byte* rsaPrivKey = NULL;
word32 rsaCertSz = 0;
word32 rsaPrivKeySz = 0;
byte* eccCert = NULL;
byte* eccPrivKey = NULL;
word32 eccCertSz = 0;
word32 eccPrivKeySz = 0;
WOLFSSL_ENTER("pkcs7enveloped_test");
#ifndef NO_RSA
/* read client RSA cert and key in DER format */
rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (rsaCert == NULL)
return WC_TEST_RET_ENC_ERRNO;
rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (rsaPrivKey == NULL) {
XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return WC_TEST_RET_ENC_NC;
}
rsaCertSz = FOURK_BUF;
rsaPrivKeySz = FOURK_BUF;
#endif /* NO_RSA */
#ifdef HAVE_ECC
/* read client ECC cert and key in DER format */
eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (eccCert == NULL) {
#ifndef NO_RSA
XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return WC_TEST_RET_ENC_NC;
}
eccPrivKey =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (eccPrivKey == NULL) {
#ifndef NO_RSA
XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return WC_TEST_RET_ENC_NC;
}
eccCertSz = FOURK_BUF;
eccPrivKeySz = FOURK_BUF;
#endif /* HAVE_ECC */
ret = pkcs7_load_certs_keys(rsaCert, &rsaCertSz, rsaPrivKey,
&rsaPrivKeySz, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, eccCert, &eccCertSz,
eccPrivKey, &eccPrivKeySz);
if (ret < 0) {
#ifndef NO_RSA
XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#ifdef HAVE_ECC
XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return WC_TEST_RET_ENC_EC(ret);
}
ret = pkcs7enveloped_run_vectors(rsaCert, (word32)rsaCertSz,
rsaPrivKey, (word32)rsaPrivKeySz,
eccCert, (word32)eccCertSz,
eccPrivKey, (word32)eccPrivKeySz);
#ifndef NO_RSA
XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#ifdef HAVE_ECC
XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
typedef struct {
const byte* content;
word32 contentSz;
int contentOID;
int encryptOID;
int keyWrapOID;
int keyAgreeOID;
byte* cert;
size_t certSz;
byte* privateKey;
word32 privateKeySz;
PKCS7Attrib* authAttribs;
word32 authAttribsSz;
PKCS7Attrib* unauthAttribs;
word32 unauthAttribsSz;
/* KARI / KTRI specific */
byte* optionalUkm;
word32 optionalUkmSz;
int ktriOptions; /* KTRI options flags */
int kariOptions; /* KARI options flags */
/* KEKRI specific */
byte* secretKey; /* key, only for kekri RecipientInfo types */
word32 secretKeySz; /* size of secretKey, bytes */
byte* secretKeyId; /* key identifier */
word32 secretKeyIdSz; /* size of key identifier, bytes */
void* timePtr; /* time_t pointer */
byte* otherAttrOID; /* OPTIONAL, other attribute OID */
word32 otherAttrOIDSz; /* size of otherAttrOID, bytes */
byte* otherAttr; /* OPTIONAL, other attribute, ASN.1 encoded */
word32 otherAttrSz; /* size of otherAttr, bytes */
int kekriOptions; /* KEKRI options flags */
/* PWRI specific */
char* password; /* password */
word32 passwordSz; /* password size, bytes */
byte* salt; /* KDF salt */
word32 saltSz; /* KDF salt size, bytes */
int kdfOID; /* KDF OID */
int hashOID; /* KDF hash algorithm OID */
int kdfIterations; /* KDF iterations */
int kekEncryptOID; /* KEK encryption algorithm OID */
int pwriOptions; /* PWRI options flags */
/* ORI specific */
int isOri;
int oriOptions; /* ORI options flags */
const char* outFileName;
} pkcs7AuthEnvelopedVector;
static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
byte* rsaPrivKey, word32 rsaPrivKeySz,
byte* eccCert, word32 eccCertSz,
byte* eccPrivKey, word32 eccPrivKeySz)
{
wc_test_ret_t ret = 0;
int testSz = 0, i;
int envelopedSz, decodedSz;
#ifdef HAVE_AESGCM
int tagTruncationChecked = 0;
#endif
byte *enveloped = NULL;
byte *decoded = NULL;
WC_RNG rng;
wc_PKCS7* pkcs7;
#ifdef PKCS7_OUTPUT_TEST_BUNDLES
XFILE pkcs7File;
#endif
WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
0x72,0x6c,0x64
};
byte senderNonce[PKCS7_NONCE_SZ + 2];
#ifdef HAVE_ECC
#if !defined(NO_AES) && defined(HAVE_AESGCM) && \
defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF)
#if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
WOLFSSL_SMALL_STACK_STATIC const byte senderNonceOid[] =
{ 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
0x09, 0x05 };
PKCS7Attrib attribs[] =
{
{ senderNonceOid, sizeof(senderNonceOid), senderNonce,
sizeof(senderNonce) }
};
#endif
#endif
#endif
#if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \
defined(WOLFSSL_SHA512) && defined(HAVE_AESGCM) && \
defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF)
WOLFSSL_SMALL_STACK_STATIC const byte optionalUkm[] = {
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
};
#endif /* !NO_AES */
#if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) && \
defined(HAVE_AES_KEYWRAP)
/* encryption key for kekri recipient types */
WOLFSSL_SMALL_STACK_STATIC const byte secretKey[] = {
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
};
/* encryption key identifier */
WOLFSSL_SMALL_STACK_STATIC const byte secretKeyId[] = {
0x02,0x02,0x03,0x04
};
#endif
#if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
!defined(NO_SHA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
defined(HAVE_AES_KEYWRAP)
#ifndef HAVE_FIPS
WOLFSSL_SMALL_STACK_STATIC const char password[] = "password";
#else
WOLFSSL_SMALL_STACK_STATIC const char password[] = "passwordFIPS_MODE";
#endif
WOLFSSL_SMALL_STACK_STATIC const byte salt[] = {
0x12, 0x34, 0x56, 0x78, 0x78, 0x56, 0x34, 0x12
};
#endif
#define MAX_TESTVECTORS_LEN 20
#define ADD_PKCS7AUTHENVELOPEDVECTOR(...) { \
pkcs7AuthEnvelopedVector _this_vector = { __VA_ARGS__ }; \
if (testSz == MAX_TESTVECTORS_LEN) { \
ret = WC_TEST_RET_ENC_NC; \
goto out; \
} \
XMEMCPY(&testVectors[testSz++], &_this_vector, \
sizeof _this_vector); \
}
pkcs7AuthEnvelopedVector *testVectors = NULL;
XMEMSET(&rng, 0, sizeof(rng));
testVectors = (pkcs7AuthEnvelopedVector *)XMALLOC(MAX_TESTVECTORS_LEN * sizeof(*testVectors),
HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (testVectors == NULL) {
ret = WC_TEST_RET_ENC_ERRNO;
goto out;
}
{
/* key transport key encryption technique */
#ifndef NO_RSA
#if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP)
#ifdef WOLFSSL_AES_128
ADD_PKCS7AUTHENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, rsaCert, rsaCertSz,
rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0,
0, 0, "pkcs7authEnvelopedDataAES128GCM.der");
#endif
#ifdef WOLFSSL_AES_192
ADD_PKCS7AUTHENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES192GCMb, 0, 0, rsaCert, rsaCertSz,
rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0,
0, 0, "pkcs7authEnvelopedDataAES192GCM.der");
#endif
#ifdef WOLFSSL_AES_256
ADD_PKCS7AUTHENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz,
rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0,
0, 0, "pkcs7authEnvelopedDataAES256GCM.der");
/* test with contentType set to FirmwarePkgData */
ADD_PKCS7AUTHENVELOPEDVECTOR(
data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256GCMb, 0, 0,
rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL,
0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL,
0, 0, 0, 0, 0, 0, 0, 0,
"pkcs7authEnvelopedDataAES256GCM_firmwarePkgData.der");
/* explicitly using SKID for SubjectKeyIdentifier */
ADD_PKCS7AUTHENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz,
rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, CMS_SKID, 0,
NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0,
0, 0, 0, 0, 0, "pkcs7authEnvelopedDataAES256GCM_SKID.der");
/* explicitly using IssuerAndSerialNumber for SubjectKeyIdentifier */
ADD_PKCS7AUTHENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz,
rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0,
CMS_ISSUER_AND_SERIAL_NUMBER, 0, NULL, 0, NULL, 0, NULL, NULL, 0,
NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
"pkcs7authEnvelopedDataAES256GCM_IANDS.der");
#endif
#else
(void)rsaCert;
(void)rsaCertSz;
(void)rsaPrivKey;
(void)rsaPrivKeySz;
#endif /* !NO_AES && !HAVE_AESGCM && HAVE_AES_KEYWRAP */
#endif
/* key agreement key encryption technique*/
#ifdef HAVE_ECC
#if !defined(NO_AES) && defined(HAVE_AESGCM) && \
defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF)
#if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
ADD_PKCS7AUTHENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP,
dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey,
eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0,
NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
"pkcs7authEnvelopedDataAES128GCM_ECDH_SHA1KDF.der");
#endif
#if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
ADD_PKCS7AUTHENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0,
NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
"pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF.der");
/* with authenticated attributes */
ADD_PKCS7AUTHENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)),
NULL, 0, NULL, 0, 0, 0, NULL, 0,
NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0,
0, 0, 0,
"pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_authAttribs.der");
/* with unauthenticated attributes */
ADD_PKCS7AUTHENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
eccPrivKeySz, NULL, 0, attribs,
(sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0, NULL, 0,
NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0,
0, 0, 0,
"pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_unauthAttribs.der");
/* with authenticated AND unauthenticated attributes */
ADD_PKCS7AUTHENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)),
attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0,
NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0,
0, 0, 0, 0, 0, 0,
"pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_bothAttribs.der");
/* with authenticated AND unauthenticated attributes AND
* contentType of FirmwarePkgData */
ADD_PKCS7AUTHENVELOPEDVECTOR(
data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256GCMb, AES256_WRAP,
dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)),
attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0,
NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0,
0, 0, 0, 0, 0, 0,
"pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_fw_bothAttribs.der");
#endif /* NO_SHA256 && WOLFSSL_AES_256 */
#if defined(WOLFSSL_SHA512) && defined(WOLFSSL_AES_256)
ADD_PKCS7AUTHENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL,
NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
"pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF.der");
/* with optional user keying material (ukm) */
ADD_PKCS7AUTHENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
eccPrivKeySz, NULL, 0, NULL, 0, (byte *)optionalUkm, sizeof(optionalUkm), 0,
0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0,
0, 0, 0, 0, 0, 0,
"pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF_ukm.der");
#endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */
#endif /* !NO_AES && HAVE_AESGCM && HAVE_AES_KEYWRAP */
#endif
/* kekri (KEKRecipientInfo) recipient types */
#if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP)
#if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
ADD_PKCS7AUTHENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP, 0,
NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0,
(byte *)secretKey, sizeof(secretKey), (byte *)secretKeyId, sizeof(secretKeyId),
NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
"pkcs7authEnvelopedDataAES128GCM_KEKRI.der");
#endif
#endif
/* pwri (PasswordRecipientInfo) recipient types */
#if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
defined(HAVE_AES_KEYWRAP)
#if !defined(NO_SHA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
ADD_PKCS7AUTHENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0,
NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
NULL, 0, NULL, NULL, 0, NULL, 0, 0, (char *)password,
(word32)XSTRLEN(password), (byte *)salt, sizeof(salt), PBKDF2_OID, WC_SHA, 5,
AES128CBCb, 0, 0, 0, "pkcs7authEnvelopedDataAES128GCM_PWRI.der");
#endif
#endif
#if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP)
#ifdef WOLFSSL_AES_128
/* ori (OtherRecipientInfo) recipient types */
ADD_PKCS7AUTHENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, NULL, 0, NULL, 0,
NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0,
NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 1, 0,
"pkcs7authEnvelopedDataAES128GCM_ORI.der");
#endif
#endif
}
#undef MAX_TESTVECTORS_LEN
#undef ADD_PKCS7AUTHENVELOPEDVECTOR
enveloped = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if ((! enveloped) || (! decoded)) {
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
/* generate senderNonce */
{
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
ret = wc_InitRng(&rng);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
senderNonce[0] = 0x04;
senderNonce[1] = PKCS7_NONCE_SZ;
ret = wc_RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ);
if (ret != 0) {
wc_FreeRng(&rng);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
}
for (i = 0; i < testSz; i++) {
pkcs7 = wc_PKCS7_New(HEAP_HINT,
#ifdef WOLFSSL_ASYNC_CRYPT
INVALID_DEVID /* async PKCS7 is not supported */
#else
devId
#endif
);
if (pkcs7 == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
}
if (testVectors[i].secretKey != NULL) {
/* KEKRI recipient type */
ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
pkcs7->content = (byte*)testVectors[i].content;
pkcs7->contentSz = testVectors[i].contentSz;
pkcs7->contentOID = testVectors[i].contentOID;
pkcs7->encryptOID = testVectors[i].encryptOID;
pkcs7->ukm = testVectors[i].optionalUkm;
pkcs7->ukmSz = testVectors[i].optionalUkmSz;
pkcs7->authAttribs = testVectors[i].authAttribs;
pkcs7->authAttribsSz = testVectors[i].authAttribsSz;
pkcs7->unauthAttribs = testVectors[i].unauthAttribs;
pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz;
ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, testVectors[i].keyWrapOID,
testVectors[i].secretKey, testVectors[i].secretKeySz,
testVectors[i].secretKeyId, testVectors[i].secretKeyIdSz,
testVectors[i].timePtr, testVectors[i].otherAttrOID,
testVectors[i].otherAttrOIDSz, testVectors[i].otherAttr,
testVectors[i].otherAttrSz, testVectors[i].kekriOptions);
if (ret < 0) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
/* set key, for decryption */
ret = wc_PKCS7_SetKey(pkcs7, testVectors[i].secretKey,
testVectors[i].secretKeySz);
if (ret != 0) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
} else if (testVectors[i].password != NULL) {
#if !defined(NO_PWDBASED) && !defined(NO_SHA)
/* PWRI recipient type */
ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
pkcs7->content = (byte*)testVectors[i].content;
pkcs7->contentSz = testVectors[i].contentSz;
pkcs7->contentOID = testVectors[i].contentOID;
pkcs7->encryptOID = testVectors[i].encryptOID;
pkcs7->ukm = testVectors[i].optionalUkm;
pkcs7->ukmSz = testVectors[i].optionalUkmSz;
pkcs7->authAttribs = testVectors[i].authAttribs;
pkcs7->authAttribsSz = testVectors[i].authAttribsSz;
pkcs7->unauthAttribs = testVectors[i].unauthAttribs;
pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz;
ret = wc_PKCS7_AddRecipient_PWRI(pkcs7,
(byte*)testVectors[i].password,
testVectors[i].passwordSz, testVectors[i].salt,
testVectors[i].saltSz, testVectors[i].kdfOID,
testVectors[i].hashOID, testVectors[i].kdfIterations,
testVectors[i].kekEncryptOID, testVectors[i].pwriOptions);
if (ret < 0) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
/* set password, for decryption */
ret = wc_PKCS7_SetPassword(pkcs7, (byte*)testVectors[i].password,
testVectors[i].passwordSz);
if (ret < 0) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
#endif /* ! NO_PWDBASED && ! NO_SHA */
} else if (testVectors[i].isOri == 1) {
/* ORI recipient type */
ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
pkcs7->content = (byte*)testVectors[i].content;
pkcs7->contentSz = testVectors[i].contentSz;
pkcs7->contentOID = testVectors[i].contentOID;
pkcs7->encryptOID = testVectors[i].encryptOID;
pkcs7->authAttribs = testVectors[i].authAttribs;
pkcs7->authAttribsSz = testVectors[i].authAttribsSz;
pkcs7->unauthAttribs = testVectors[i].unauthAttribs;
pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz;
ret = wc_PKCS7_AddRecipient_ORI(pkcs7, myOriEncryptCb,
testVectors[i].oriOptions);
if (ret < 0) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
/* set decrypt callback for decryption */
ret = wc_PKCS7_SetOriDecryptCb(pkcs7, myOriDecryptCb);
if (ret < 0) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
} else {
/* KTRI or KARI recipient types */
ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
(word32)testVectors[i].certSz);
if (ret != 0) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
pkcs7->keyWrapOID = testVectors[i].keyWrapOID;
pkcs7->keyAgreeOID = testVectors[i].keyAgreeOID;
pkcs7->privateKey = testVectors[i].privateKey;
pkcs7->privateKeySz = testVectors[i].privateKeySz;
pkcs7->content = (byte*)testVectors[i].content;
pkcs7->contentSz = testVectors[i].contentSz;
pkcs7->contentOID = testVectors[i].contentOID;
pkcs7->encryptOID = testVectors[i].encryptOID;
pkcs7->ukm = testVectors[i].optionalUkm;
pkcs7->ukmSz = testVectors[i].optionalUkmSz;
pkcs7->authAttribs = testVectors[i].authAttribs;
pkcs7->authAttribsSz = testVectors[i].authAttribsSz;
pkcs7->unauthAttribs = testVectors[i].unauthAttribs;
pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz;
/* set SubjectIdentifier type for KTRI types */
if (testVectors[i].ktriOptions & CMS_SKID) {
ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
if (ret != 0) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
} else if (testVectors[i].ktriOptions &
CMS_ISSUER_AND_SERIAL_NUMBER) {
ret = wc_PKCS7_SetSignerIdentifierType(pkcs7,
CMS_ISSUER_AND_SERIAL_NUMBER);
if (ret != 0) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
}
}
#ifdef ECC_TIMING_RESISTANT
pkcs7->rng = &rng;
#endif
/* encode envelopedData */
envelopedSz = wc_PKCS7_EncodeAuthEnvelopedData(pkcs7, enveloped,
PKCS7_BUF_SIZE);
if (envelopedSz <= 0) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_EC(envelopedSz), out);
}
#ifndef NO_PKCS7_STREAM
{ /* test reading byte by byte */
int z;
for (z = 0; z < envelopedSz; z++) {
decodedSz = wc_PKCS7_DecodeAuthEnvelopedData(pkcs7,
enveloped + z, 1, decoded, PKCS7_BUF_SIZE);
if (decodedSz <= 0 &&
decodedSz != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E))
{
printf("unexpected error %d\n", decodedSz);
ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
}
}
/* test decode result */
if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
printf("stream read compare failed\n");
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
}
#endif
/* decode envelopedData */
decodedSz = wc_PKCS7_DecodeAuthEnvelopedData(pkcs7, enveloped,
(word32)envelopedSz, decoded,
PKCS7_BUF_SIZE);
if (decodedSz <= 0) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
}
/* test decode result */
if (XMEMCMP(decoded, data, sizeof(data)) != 0){
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#ifdef HAVE_AESGCM
if (tagTruncationChecked == 0 &&
(testVectors[i].encryptOID == AES128GCMb ||
testVectors[i].encryptOID == AES192GCMb ||
testVectors[i].encryptOID == AES256GCMb) &&
testVectors[i].authAttribsSz == 0 &&
testVectors[i].unauthAttribsSz == 0 &&
envelopedSz > (WC_AES_BLOCK_SIZE + 2)) {
int macIdx = envelopedSz - (WC_AES_BLOCK_SIZE + 2);
byte* tampered = NULL;
/* For plain DER output without unauthenticated attributes, the
* MAC OCTET STRING is the final field. */
if (enveloped[macIdx] == ASN_OCTET_STRING &&
enveloped[macIdx + 1] == WC_AES_BLOCK_SIZE) {
tampered = (byte*)XMALLOC((word32)envelopedSz, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (tampered == NULL) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
}
XMEMCPY(tampered, enveloped, (word32)envelopedSz);
tampered[macIdx + 1] = 1;
decodedSz = wc_PKCS7_DecodeAuthEnvelopedData(pkcs7, tampered,
(word32)envelopedSz, decoded, PKCS7_BUF_SIZE);
XFREE(tampered, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
tampered = NULL;
if (decodedSz > 0) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
tagTruncationChecked = 1;
}
}
#endif
#ifdef PKCS7_OUTPUT_TEST_BUNDLES
/* output pkcs7 envelopedData for external testing */
pkcs7File = XFOPEN(testVectors[i].outFileName, "wb");
if (!pkcs7File) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
}
ret = (int)XFWRITE(enveloped, 1, envelopedSz, pkcs7File);
XFCLOSE(pkcs7File);
if (ret != envelopedSz) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
} else {
/* reset ret to 0 for success */
ret = 0;
}
#endif /* PKCS7_OUTPUT_TEST_BUNDLES */
wc_PKCS7_Free(pkcs7);
pkcs7 = NULL;
}
wc_FreeRng(&rng);
(void)eccCert;
(void)eccCertSz;
(void)eccPrivKey;
(void)eccPrivKeySz;
#if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) && \
defined(HAVE_AES_KEYWRAP)
(void)secretKey;
(void)secretKeyId;
#endif
#ifdef NO_RSA
(void)rsaCert;
(void)rsaCertSz;
(void)rsaPrivKey;
(void)rsaPrivKeySz;
#endif
out:
XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(enveloped, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7authenveloped_test(void)
{
wc_test_ret_t ret = 0;
byte* rsaCert = NULL;
byte* rsaPrivKey = NULL;
word32 rsaCertSz = 0;
word32 rsaPrivKeySz = 0;
byte* eccCert = NULL;
byte* eccPrivKey = NULL;
word32 eccCertSz = 0;
word32 eccPrivKeySz = 0;
WOLFSSL_ENTER("pkcs7authenveloped_test");
#ifndef NO_RSA
/* read client RSA cert and key in DER format */
rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (rsaCert == NULL)
return WC_TEST_RET_ENC_ERRNO;
rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (rsaPrivKey == NULL) {
XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return WC_TEST_RET_ENC_NC;
}
rsaCertSz = FOURK_BUF;
rsaPrivKeySz = FOURK_BUF;
#endif /* NO_RSA */
#ifdef HAVE_ECC
/* read client ECC cert and key in DER format */
eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (eccCert == NULL) {
#ifndef NO_RSA
XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return WC_TEST_RET_ENC_NC;
}
eccPrivKey =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (eccPrivKey == NULL) {
#ifndef NO_RSA
XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return WC_TEST_RET_ENC_NC;
}
eccCertSz = FOURK_BUF;
eccPrivKeySz = FOURK_BUF;
#endif /* HAVE_ECC */
ret = pkcs7_load_certs_keys(rsaCert, &rsaCertSz, rsaPrivKey,
&rsaPrivKeySz, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, eccCert, &eccCertSz,
eccPrivKey, &eccPrivKeySz);
if (ret < 0) {
#ifndef NO_RSA
XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#ifdef HAVE_ECC
XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return WC_TEST_RET_ENC_EC(ret);
}
ret = pkcs7authenveloped_run_vectors(rsaCert, (word32)rsaCertSz,
rsaPrivKey, (word32)rsaPrivKeySz,
eccCert, (word32)eccCertSz,
eccPrivKey, (word32)eccPrivKeySz);
#ifndef NO_RSA
XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#ifdef HAVE_ECC
XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
#endif /* HAVE_AESGCM || HAVE_AESCCM */
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) && \
defined(HAVE_AES_KEYWRAP)
static const byte p7DefKey[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
};
static const byte p7AltKey[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
};
static int myCEKwrapFunc(wc_PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
word32 keyIdSz, byte* orginKey, word32 orginKeySz,
byte* out, word32 outSz, int keyWrapAlgo, int type, int direction)
{
wc_test_ret_t ret;
if (cek == NULL || out == NULL)
return BAD_FUNC_ARG;
/* test case sanity checks */
if (keyIdSz != 1) {
return WC_TEST_RET_ENC_NC;
}
if (keyId[0] != 0x00) {
return WC_TEST_RET_ENC_NC;
}
if (type != (int)PKCS7_KEKRI) {
return WC_TEST_RET_ENC_NC;
}
switch (keyWrapAlgo) {
case AES256_WRAP:
ret = wc_AesKeyUnWrap(p7DefKey, sizeof(p7DefKey), cek, cekSz,
out, outSz, NULL);
if (ret <= 0)
return (int)ret;
break;
default:
WOLFSSL_MSG("Unsupported key wrap algorithm in example");
return BAD_KEYWRAP_ALG_E;
};
(void)pkcs7;
(void)direction;
(void)orginKey; /* used with KAKRI */
(void)orginKeySz;
return (int)ret;
}
/* returns key size on success */
static wc_test_ret_t getFirmwareKey(wc_PKCS7* pkcs7, byte* key, word32 keySz)
{
wc_test_ret_t ret;
word32 atrSz;
byte atr[256];
/* Additionally can look for fwWrappedFirmwareKey
* 1.2.840.113529.1.9.16.1.16 */
const unsigned char fwWrappedFirmwareKey[] = {
/* 0x06, 0x0B */
0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
0x01, 0x09, 0x10, 0x02, 0x27
};
/* find keyID in fwWrappedFirmwareKey */
ret = wc_PKCS7_GetAttributeValue(pkcs7, fwWrappedFirmwareKey,
sizeof(fwWrappedFirmwareKey), NULL, &atrSz);
if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
XMEMSET(atr, 0, sizeof(atr));
ret = wc_PKCS7_GetAttributeValue(pkcs7, fwWrappedFirmwareKey,
sizeof(fwWrappedFirmwareKey), atr, &atrSz);
/* keyIdRaw[0] OCTET TAG */
/* keyIdRaw[1] Length */
if (ret > 0) {
wc_PKCS7* envPkcs7;
envPkcs7 = wc_PKCS7_New(NULL, 0);
if (envPkcs7 == NULL) {
return MEMORY_E;
}
wc_PKCS7_Init(envPkcs7, NULL, INVALID_DEVID);
ret = wc_PKCS7_SetWrapCEKCb(envPkcs7, myCEKwrapFunc);
if (ret == 0) {
/* expecting FIRMWARE_PKG_DATA content */
envPkcs7->contentOID = FIRMWARE_PKG_DATA;
ret = wc_PKCS7_DecodeEnvelopedData(envPkcs7, atr, atrSz,
key, keySz);
if (envPkcs7->contentOID != FIRMWARE_PKG_DATA) {
/* the contentOID should have been set to the inner
* FIRMWARE_PKG_DATA content */
ret = BAD_STATE_E;
}
}
wc_PKCS7_Free(envPkcs7);
}
}
return ret;
}
/* create a KEKRI enveloped data
* return size on success */
static wc_test_ret_t envelopedData_encrypt(byte* in, word32 inSz, byte* out,
word32 outSz)
{
wc_test_ret_t ret;
wc_PKCS7* pkcs7;
WOLFSSL_SMALL_STACK_STATIC const byte keyId[] = { 0x00 };
pkcs7 = wc_PKCS7_New(NULL, devId);
if (pkcs7 == NULL)
return WC_TEST_RET_ENC_ERRNO;
pkcs7->content = in;
pkcs7->contentSz = inSz;
pkcs7->contentOID = FIRMWARE_PKG_DATA;
pkcs7->encryptOID = AES256CBCb;
pkcs7->ukm = NULL;
pkcs7->ukmSz = 0;
/* add recipient (KEKRI type) */
ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, AES256_WRAP, (byte*)p7DefKey,
sizeof(p7DefKey), (byte*)keyId,
sizeof(keyId), NULL, NULL, 0, NULL, 0, 0);
if (ret < 0) {
printf("wc_PKCS7_AddRecipient_KEKRI() failed\n");
wc_PKCS7_Free(pkcs7);
return WC_TEST_RET_ENC_EC(ret);
}
/* encode envelopedData, returns size */
ret = wc_PKCS7_EncodeEnvelopedData(pkcs7, out, outSz);
if (ret <= 0) {
printf("wc_PKCS7_EncodeEnvelopedData() failed\n");
wc_PKCS7_Free(pkcs7);
return WC_TEST_RET_ENC_EC(ret);
}
wc_PKCS7_Free(pkcs7);
return ret;
}
/*
* keyHint is the KeyID to be set in the fwDecryptKeyID attribute
* returns size of buffer output on success
*/
static wc_test_ret_t generateBundle(byte* out, word32 *outSz, const byte* encryptKey,
word32 encryptKeySz, byte keyHint, byte* cert, word32 certSz,
byte* key, word32 keySz)
{
wc_test_ret_t ret;
int attribNum = 1;
wc_PKCS7* pkcs7;
/* KEY ID
* fwDecryptKeyID OID 1.2.840.113549.1.9.16.2.37
*/
const unsigned char fwDecryptKeyID[] = {
0x06, 0x0B,
0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
0x01, 0x09, 0x10, 0x02, 0x25
};
/* fwWrappedFirmwareKey 1.2.840.113529.1.9.16.1.16 */
const unsigned char fwWrappedFirmwareKey[] = {
0x06, 0x0B, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
0x01, 0x09, 0x10, 0x02, 0x27
};
byte keyID[] = { 0x04, 0x01, 0x00 };
byte env[256];
char data[] = "Test of wolfSSL PKCS7 decrypt callback";
PKCS7Attrib attribs[] =
{
{ fwDecryptKeyID, sizeof(fwDecryptKeyID), keyID, sizeof(keyID) },
{ fwWrappedFirmwareKey, sizeof(fwWrappedFirmwareKey), env, 0 }
};
keyID[2] = keyHint;
/* If using keyHint 0 then create a bundle with fwWrappedFirmwareKey */
if (keyHint == 0) {
ret = envelopedData_encrypt((byte*)p7DefKey, sizeof(p7DefKey), env,
sizeof(env));
if (ret <= 0) {
return ret;
}
attribs[1].valueSz = (word32)ret;
attribNum++;
}
/* init PKCS7 */
pkcs7 = wc_PKCS7_New(NULL, devId);
if (pkcs7 == NULL)
return WC_TEST_RET_ENC_ERRNO;
ret = wc_PKCS7_InitWithCert(pkcs7, cert, certSz);
if (ret != 0) {
printf("ERROR: wc_PKCS7_InitWithCert() failed, ret = %d\n", ret);
wc_PKCS7_Free(pkcs7);
return WC_TEST_RET_ENC_EC(ret);
}
ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
if (ret != 0) {
wc_PKCS7_Free(pkcs7);
return WC_TEST_RET_ENC_EC(ret);
}
/* encode Signed Encrypted FirmwarePkgData */
if (encryptKeySz == 16) {
ret = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7, (byte*)encryptKey,
encryptKeySz, key, keySz, AES128CBCb, RSAk, SHA256h,
(byte*)data, sizeof(data), NULL, 0,
attribs, (word32)attribNum, out, *outSz);
}
else {
ret = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7, (byte*)encryptKey,
encryptKeySz, key, keySz, AES256CBCb, RSAk, SHA256h,
(byte*)data, sizeof(data), NULL, 0,
attribs, (word32)attribNum, out, *outSz);
}
if (ret <= 0) {
printf("ERROR: wc_PKCS7_EncodeSignedEncryptedFPD() failed, "
"ret = %d\n", ret);
wc_PKCS7_Free(pkcs7);
return WC_TEST_RET_ENC_EC(ret);
} else {
*outSz = (word32)ret;
}
wc_PKCS7_Free(pkcs7);
return ret;
}
/* test verification and decryption of PKCS7 bundle
* return 0 on success
*/
static wc_test_ret_t verifyBundle(byte* derBuf, word32 derSz, int keyHint)
{
wc_test_ret_t ret = 0;
int usrCtx = 1; /* test value to pass as user context to callback */
wc_PKCS7* pkcs7 = NULL;
byte* sid = NULL;
word32 sidSz;
byte key[256];
word32 keySz = sizeof(key);
byte *decoded = NULL;
int decodedSz = FOURK_BUF/2;
WOLFSSL_SMALL_STACK_STATIC const byte expectedSid[] = {
#ifdef NO_SHA
#ifdef USE_CERT_BUFFERS_1024
0x70, 0xe7, 0x79, 0x60, 0x8f, 0x41, 0xdc, 0xe9,
0xad, 0x8b, 0x3d, 0x0c, 0x20, 0xf4, 0xc3, 0xf2,
0x8e, 0x05, 0xe8, 0xa1, 0xb6, 0x68, 0x74, 0x06,
0xbc, 0xe7, 0xc5, 0x3c, 0x13, 0x99, 0x79, 0xb9
#else
0xce, 0x06, 0x07, 0xbe, 0xf1, 0xa6, 0x1e, 0x36,
0xef, 0xfa, 0xbc, 0x89, 0x71, 0xf3, 0x23, 0x9e,
0x34, 0x6d, 0xae, 0x86, 0xae, 0x2b, 0xdc, 0xf4,
0x4a, 0x27, 0xd5, 0x63, 0x59, 0x4f, 0x4a, 0x71
#endif
#else /* !NO_SHA */
#ifdef USE_CERT_BUFFERS_1024
0x81, 0x69, 0x0f, 0xf8, 0xdf, 0xdd, 0xcf, 0x34,
0x29, 0xd5, 0x67, 0x75, 0x71, 0x85, 0xc7, 0x75,
0x10, 0x69, 0x59, 0xec,
#else
0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 0x87, 0x18,
0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26,
0xD7, 0x85, 0x65, 0xC0
#endif
#endif /* !NO_SHA */
};
decoded = (byte *)XMALLOC((word32)decodedSz, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (decoded == NULL) {
ret = MEMORY_E;
goto out;
}
pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
if (pkcs7 == NULL) {
ret = MEMORY_E;
goto out;
}
/* Test verify */
ret = wc_PKCS7_Init(pkcs7, HEAP_HINT, devId);
if (ret != 0)
goto out;
ret = wc_PKCS7_InitWithCert(pkcs7, NULL, 0);
if (ret != 0)
goto out;
ret = wc_PKCS7_VerifySignedData(pkcs7, derBuf, derSz);
if (ret != 0)
goto out;
/* Get size of SID and print it out */
ret = wc_PKCS7_GetSignerSID(pkcs7, NULL, &sidSz);
if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
goto out;
sid = (byte*)XMALLOC(sidSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (sid == NULL) {
ret = MEMORY_E;
goto out;
}
ret = wc_PKCS7_GetSignerSID(pkcs7, sid, &sidSz);
if (ret != 0)
goto out;
ret = XMEMCMP(sid, expectedSid, sidSz);
if (ret != 0) {
ret = PKCS7_NO_SIGNER_E; /* close enough */
goto out;
}
/* get expected fwWrappedFirmwareKey */
if (keyHint == 0) {
ret = getFirmwareKey(pkcs7, key, keySz);
if (ret < 0)
goto out;
pkcs7->encryptionKey = key;
pkcs7->encryptionKeySz = (word32)ret;
}
else {
decodedSz = PKCS7_BUF_SIZE;
ret = wc_PKCS7_SetDecodeEncryptedCb(pkcs7, myDecryptionFunc);
if (ret != 0)
goto out;
ret = wc_PKCS7_SetDecodeEncryptedCtx(pkcs7, (void*)&usrCtx);
if (ret != 0)
goto out;
}
decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content,
pkcs7->contentSz, decoded, (word32)decodedSz);
if (decodedSz < 0) {
ret = decodedSz;
goto out;
}
ret = 0;
out:
XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (pkcs7)
wc_PKCS7_Free(pkcs7);
XFREE(sid, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7callback_test(byte* cert, word32 certSz, byte* key, word32 keySz)
{
wc_test_ret_t ret = 0;
word32 derSz;
byte *derBuf = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
WOLFSSL_ENTER("pkcs7callback_test");
if (! derBuf)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
/* Doing default generation and verify */
derSz = FOURK_BUF;
ret = generateBundle(derBuf, &derSz, p7DefKey, sizeof(p7DefKey), 0, cert,
certSz, key, keySz);
if (ret <= 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
ret = verifyBundle(derBuf, derSz, 0);
if (ret != 0)
ERROR_OUT(ret, out);
/* test choosing other key with keyID */
derSz = FOURK_BUF;
ret = generateBundle(derBuf, &derSz, p7AltKey, sizeof(p7AltKey), 1,
cert, certSz, key, keySz);
if (ret <= 0) {
ERROR_OUT(ret, out);
}
ret = verifyBundle(derBuf, derSz, 1);
if (ret != 0)
ERROR_OUT(ret, out);
/* test fail case with wrong keyID */
derSz = FOURK_BUF;
ret = generateBundle(derBuf, &derSz, p7DefKey, sizeof(p7DefKey), 1,
cert, certSz, key, keySz);
if (ret <= 0) {
ERROR_OUT(ret, out);
}
ret = verifyBundle(derBuf, derSz, 1);
if (ret == 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
ret = 0;
out:
XFREE(derBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
#endif /* !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_256 && HAVE_AES_KEYWRAP */
#ifndef NO_PKCS7_ENCRYPTED_DATA
typedef struct {
const byte* content;
word32 contentSz;
int contentOID;
int encryptOID;
byte* encryptionKey;
word32 encryptionKeySz;
PKCS7Attrib* attribs;
word32 attribsSz;
const char* outFileName;
} pkcs7EncryptedVector;
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7encrypted_test(void)
{
wc_test_ret_t ret = 0;
int i, testSz;
int encryptedSz, decodedSz;
word32 attribIdx;
wc_PKCS7* pkcs7;
byte *encrypted;
byte *decoded;
#ifdef PKCS7_OUTPUT_TEST_BUNDLES
XFILE pkcs7File;
#endif
PKCS7Attrib* expectedAttrib;
PKCS7DecodedAttrib* decodedAttrib;
WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
0x72,0x6c,0x64
};
#ifndef NO_DES3
byte desKey[] = {
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
};
byte des3Key[] = {
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
};
#endif
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#ifdef WOLFSSL_AES_128
byte aes128Key[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
};
#endif
#ifdef WOLFSSL_AES_192
byte aes192Key[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
};
#endif
#ifdef WOLFSSL_AES_256
byte aes256Key[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
};
#endif
#ifdef WOLFSSL_AES_256
/* Attribute example from RFC 4134, Section 7.2
* OID = 1.2.5555
* OCTET STRING = 'This is a test General ASN Attribute, number 1.' */
static const byte genAttrOid[] = { 0x06, 0x03, 0x2a, 0xab, 0x33 };
static const byte genAttr[] = { 0x04, 47,
0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x47,
0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 0x20, 0x41,
0x53, 0x4e, 0x20, 0x41, 0x74, 0x74, 0x72, 0x69,
0x62, 0x75, 0x74, 0x65, 0x2c, 0x20, 0x6e, 0x75,
0x6d, 0x62, 0x65, 0x72, 0x20, 0x31, 0x2e };
static const byte genAttrOid2[] = { 0x06, 0x03, 0x2a, 0xab, 0x34 };
static const byte genAttr2[] = { 0x04, 47,
0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x47,
0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 0x20, 0x41,
0x53, 0x4e, 0x20, 0x41, 0x74, 0x74, 0x72, 0x69,
0x62, 0x75, 0x74, 0x65, 0x2c, 0x20, 0x6e, 0x75,
0x6d, 0x62, 0x65, 0x72, 0x20, 0x32, 0x2e };
PKCS7Attrib attribs[] =
{
{ genAttrOid, sizeof(genAttrOid), genAttr, sizeof(genAttr) }
};
PKCS7Attrib multiAttribs[] =
{
{ genAttrOid, sizeof(genAttrOid), genAttr, sizeof(genAttr) },
{ genAttrOid2, sizeof(genAttrOid2), genAttr2, sizeof(genAttr2) }
};
#endif
#endif /* NO_AES */
const pkcs7EncryptedVector testVectors[] =
{
#ifndef NO_DES3
{data, (word32)sizeof(data), DATA, DES3b, des3Key, sizeof(des3Key),
NULL, 0, "pkcs7encryptedDataDES3.der"},
{data, (word32)sizeof(data), DATA, DESb, desKey, sizeof(desKey),
NULL, 0, "pkcs7encryptedDataDES.der"},
#endif /* NO_DES3 */
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#ifdef WOLFSSL_AES_128
{data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key,
sizeof(aes128Key), NULL, 0, "pkcs7encryptedDataAES128CBC.der"},
#endif
#ifdef WOLFSSL_AES_192
{data, (word32)sizeof(data), DATA, AES192CBCb, aes192Key,
sizeof(aes192Key), NULL, 0, "pkcs7encryptedDataAES192CBC.der"},
#endif
#ifdef WOLFSSL_AES_256
{data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
sizeof(aes256Key), NULL, 0, "pkcs7encryptedDataAES256CBC.der"},
/* test with optional unprotected attributes */
{data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
sizeof(aes256Key), attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7encryptedDataAES256CBC_attribs.der"},
/* test with multiple optional unprotected attributes */
{data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
sizeof(aes256Key), multiAttribs,
(sizeof(multiAttribs)/sizeof(PKCS7Attrib)),
"pkcs7encryptedDataAES256CBC_multi_attribs.der"},
/* test with contentType set to FirmwarePkgData */
{data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256CBCb, aes256Key,
sizeof(aes256Key), NULL, 0,
"pkcs7encryptedDataAES256CBC_firmwarePkgData.der"},
#endif
#endif /* !NO_AES && HAVE_AES_CBC */
};
WOLFSSL_ENTER("pkcs7encrypted_test");
encrypted = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if ((! encrypted) || (! decoded)) {
ERROR_OUT(MEMORY_E, out);
}
testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector);
for (i = 0; i < testSz; i++) {
pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
if (pkcs7 == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
}
pkcs7->content = (byte*)testVectors[i].content;
pkcs7->contentSz = testVectors[i].contentSz;
pkcs7->contentOID = testVectors[i].contentOID;
pkcs7->encryptOID = testVectors[i].encryptOID;
pkcs7->encryptionKey = testVectors[i].encryptionKey;
pkcs7->encryptionKeySz = testVectors[i].encryptionKeySz;
pkcs7->unprotectedAttribs = testVectors[i].attribs;
pkcs7->unprotectedAttribsSz = testVectors[i].attribsSz;
/* encode encryptedData */
encryptedSz = wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
PKCS7_BUF_SIZE);
if (encryptedSz <= 0) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_EC(encryptedSz), out);
}
/* decode encryptedData */
#ifndef NO_PKCS7_STREAM
{ /* test reading byte by byte */
int z;
for (z = 0; z < encryptedSz; z++) {
decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted + z, 1,
decoded, PKCS7_BUF_SIZE);
if (decodedSz <= 0 &&
decodedSz != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E))
{
printf("unexpected error %d\n", decodedSz);
ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
}
}
/* test decode result */
if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
printf("stream read failed\n");
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
}
#endif
decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz,
decoded, PKCS7_BUF_SIZE);
if (decodedSz <= 0){
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
}
/* test decode result */
if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
/* verify decoded unprotected attributes */
if (pkcs7->decodedAttrib != NULL) {
decodedAttrib = pkcs7->decodedAttrib;
attribIdx = 1;
while (decodedAttrib != NULL) {
/* expected attribute, stored list is reversed */
expectedAttrib = &(pkcs7->unprotectedAttribs
[pkcs7->unprotectedAttribsSz - attribIdx]);
/* verify oid */
if (XMEMCMP(decodedAttrib->oid, expectedAttrib->oid,
decodedAttrib->oidSz) != 0) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
/* verify value */
if (XMEMCMP(decodedAttrib->value, expectedAttrib->value,
decodedAttrib->valueSz) != 0) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
decodedAttrib = decodedAttrib->next;
attribIdx++;
}
}
#ifdef PKCS7_OUTPUT_TEST_BUNDLES
/* output pkcs7 envelopedData for external testing */
pkcs7File = XFOPEN(testVectors[i].outFileName, "wb");
if (!pkcs7File) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
}
ret = (int)XFWRITE(encrypted, encryptedSz, 1, pkcs7File);
if (ret < 0)
ret = WC_TEST_RET_ENC_ERRNO;
else
ret = 0;
XFCLOSE(pkcs7File);
#endif
wc_PKCS7_Free(pkcs7);
}
out:
XFREE(encrypted, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
#endif /* NO_PKCS7_ENCRYPTED_DATA */
#if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
typedef struct {
const byte* content;
word32 contentSz;
int contentOID;
const char* outFileName;
} pkcs7CompressedVector;
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7compressed_test(void)
{
wc_test_ret_t ret = 0;
int i, testSz;
int compressedSz, decodedSz;
wc_PKCS7* pkcs7;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
byte *compressed;
byte *decoded;
#else
byte compressed[PKCS7_BUF_SIZE];
byte decoded[PKCS7_BUF_SIZE];
#endif
#ifdef PKCS7_OUTPUT_TEST_BUNDLES
XFILE pkcs7File;
#endif
WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
0x72,0x6c,0x64
};
const pkcs7CompressedVector testVectors[] =
{
{data, (word32)sizeof(data), DATA,
"pkcs7compressedData_data_zlib.der"},
{data, (word32)sizeof(data), FIRMWARE_PKG_DATA,
"pkcs7compressedData_firmwarePkgData_zlib.der"},
};
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
compressed = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if ((! compressed) || (! decoded)) {
ERROR_OUT(MEMORY_E, out);
}
#endif
WOLFSSL_ENTER("pkcs7compressed_test");
testSz = sizeof(testVectors) / sizeof(pkcs7CompressedVector);
for (i = 0; i < testSz; i++) {
pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
if (pkcs7 == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
}
pkcs7->content = (byte*)testVectors[i].content;
pkcs7->contentSz = testVectors[i].contentSz;
pkcs7->contentOID = testVectors[i].contentOID;
/* encode compressedData */
compressedSz = wc_PKCS7_EncodeCompressedData(pkcs7, compressed,
PKCS7_BUF_SIZE);
if (compressedSz <= 0) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_EC(compressedSz), out);
}
/* decode compressedData */
decodedSz = wc_PKCS7_DecodeCompressedData(pkcs7, compressed,
compressedSz, decoded,
PKCS7_BUF_SIZE);
if (decodedSz <= 0){
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
}
/* test decode result */
if (XMEMCMP(decoded, testVectors[i].content,
testVectors[i].contentSz) != 0) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
/* make sure content type is the same */
if (testVectors[i].contentOID != pkcs7->contentOID) {
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#ifdef PKCS7_OUTPUT_TEST_BUNDLES
/* output pkcs7 compressedData for external testing */
pkcs7File = XFOPEN(testVectors[i].outFileName, "wb");
if (!pkcs7File) {
wc_PKCS7_Free(pkcs7);
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
}
ret = (int)XFWRITE(compressed, compressedSz, 1, pkcs7File);
if (ret < 0)
ret = WC_TEST_RET_ENC_ERRNO;
else
ret = 0;
XFCLOSE(pkcs7File);
#endif
wc_PKCS7_Free(pkcs7);
}
out:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(compressed, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
} /* pkcs7compressed_test() */
#undef PKCS7_BUF_SIZE
#endif /* HAVE_LIBZ */
typedef struct {
const byte* content;
word32 contentSz;
int hashOID;
int signOID;
byte* privateKey;
word32 privateKeySz;
byte* cert;
size_t certSz;
byte* caCert;
size_t caCertSz;
PKCS7Attrib* signedAttribs;
word32 signedAttribsSz;
const char* outFileName;
int contentOID;
const byte* contentType;
word32 contentTypeSz;
int sidType;
int encryptOID; /* for single-shot encrypt alg OID */
int encCompFlag; /* for single-shot. 1 = enc, 2 = comp, 3 = both*/
const byte* encryptKey; /* for single-shot, encryptedData */
word32 encryptKeySz; /* for single-shot, encryptedData */
PKCS7Attrib* unprotectedAttribs; /* for single-shot, encryptedData */
word32 unprotectedAttribsSz; /* for single-shot, encryptedData */
word16 detachedSignature; /* generate detached signature (0:1) */
} pkcs7SignedVector;
static wc_test_ret_t pkcs7signed_run_vectors(
byte* rsaClientCertBuf, word32 rsaClientCertBufSz,
byte* rsaClientPrivKeyBuf, word32 rsaClientPrivKeyBufSz,
byte* rsaServerCertBuf, word32 rsaServerCertBufSz,
byte* rsaServerPrivKeyBuf, word32 rsaServerPrivKeyBufSz,
byte* rsaCaCertBuf, word32 rsaCaCertBufSz,
byte* rsaCaPrivKeyBuf, word32 rsaCaPrivKeyBufSz,
byte* eccClientCertBuf, word32 eccClientCertBufSz,
byte* eccClientPrivKeyBuf, word32 eccClientPrivKeyBufSz)
{
wc_test_ret_t ret;
int testSz = 0, i;
int encodedSz;
byte* out = NULL;
word32 outSz;
WC_RNG rng;
wc_PKCS7* pkcs7 = NULL;
#ifdef PKCS7_OUTPUT_TEST_BUNDLES
XFILE file;
#endif
WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
0x72,0x6c,0x64
};
static const byte transIdOid[] =
{ 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
0x09, 0x07 };
static const byte messageTypeOid[] =
{ 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
0x09, 0x02 };
static const byte senderNonceOid[] =
{ 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
0x09, 0x05 };
#if !defined(NO_SHA) && !defined(WC_FIPS_186_5_PLUS)
byte transId[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1];
#else
byte transId[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1];
#endif
static const byte messageType[] = { 0x13, 2, '1', '9' };
byte senderNonce[PKCS7_NONCE_SZ + 2];
PKCS7Attrib attribs[] =
{
{ transIdOid, sizeof(transIdOid), transId,
sizeof(transId) - 1 }, /* take off the null */
{ messageTypeOid, sizeof(messageTypeOid), messageType,
sizeof(messageType) },
{ senderNonceOid, sizeof(senderNonceOid), senderNonce,
sizeof(senderNonce) }
};
/* for testing custom contentType, FirmwarePkgData */
static const byte customContentType[] = { 0x06, 0x0B, 0x2A, 0x86,
0x48, 0x86, 0xF7, 0x0D,
0x01, 0x09, 0x10, 0x01, 0x10 };
#define MAX_TESTVECTORS_LEN 20
#define ADD_PKCS7SIGNEDVECTOR(...) { \
const pkcs7SignedVector _this_vector = { __VA_ARGS__ }; \
if (testSz == MAX_TESTVECTORS_LEN) { \
ret = WC_TEST_RET_ENC_NC; \
goto out; \
} \
XMEMCPY(&testVectors[testSz++], &_this_vector, \
sizeof _this_vector); \
}
pkcs7SignedVector *testVectors = NULL;
XMEMSET(&rng, 0, sizeof(rng));
testVectors = (pkcs7SignedVector *)XMALLOC(MAX_TESTVECTORS_LEN * sizeof(*testVectors),
HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (testVectors == NULL) {
ret = WC_TEST_RET_ENC_ERRNO;
goto out;
}
{
#ifndef NO_RSA
#if !defined(NO_SHA) && !defined(WC_FIPS_186_5_PLUS)
/* RSA with SHA */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHAh, RSAk, rsaClientPrivKeyBuf,
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_RSA_SHA.der", 0, NULL, 0, 0, 0, 0, NULL, 0, NULL,
0, 0);
/* RSA with SHA, no signed attributes */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHAh, RSAk, rsaClientPrivKeyBuf,
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz,
NULL, 0, NULL, 0,
"pkcs7signedData_RSA_SHA_noattr.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
NULL, 0, 0);
#endif
#ifdef WOLFSSL_SHA224
/* RSA with SHA224 */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHA224h, RSAk, rsaClientPrivKeyBuf,
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_RSA_SHA224.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
NULL, 0, 0);
#endif
#ifndef NO_SHA256
/* RSA with SHA256 */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_RSA_SHA256.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
NULL, 0, 0);
/* RSA with SHA256, detached signature */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_RSA_SHA256_detachedSig.der", 0, NULL, 0, 0, 0, 0,
NULL, 0, NULL, 0, 1);
/* RSA with SHA256 and SubjectKeyIdentifier in SignerIdentifier */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_RSA_SHA256_SKID.der", 0, NULL, 0, CMS_SKID, 0, 0,
NULL, 0, NULL, 0, 0);
/* RSA with SHA256 and custom contentType */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_RSA_SHA256_custom_contentType.der", 0,
customContentType, sizeof(customContentType), 0, 0, 0, NULL, 0,
NULL, 0, 0);
/* RSA with SHA256 and FirmwarePkgData contentType */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_RSA_SHA256_firmwarePkgData.der",
FIRMWARE_PKG_DATA, NULL, 0, 0, 0, 0, NULL, 0, NULL, 0, 0);
/* RSA with SHA256 using server cert and ca cert */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHA256h, RSAk, rsaServerPrivKeyBuf,
rsaServerPrivKeyBufSz, rsaServerCertBuf, rsaServerCertBufSz,
rsaCaCertBuf, rsaCaCertBufSz,
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_RSA_SHA256_with_ca_cert.der", 0, NULL, 0, 0, 0, 0,
NULL, 0, NULL, 0, 0);
#endif
#if defined(WOLFSSL_SHA384)
/* RSA with SHA384 */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHA384h, RSAk, rsaClientPrivKeyBuf,
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_RSA_SHA384.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
NULL, 0, 0);
#endif
#if defined(WOLFSSL_SHA512)
/* RSA with SHA512 */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHA512h, RSAk, rsaClientPrivKeyBuf,
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_RSA_SHA512.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
NULL, 0, 0);
#endif
#endif /* NO_RSA */
#ifdef HAVE_ECC
#if !defined(NO_SHA) && !defined(WC_FIPS_186_5_PLUS)
/* ECDSA with SHA */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHAh, ECDSAk, eccClientPrivKeyBuf,
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_ECDSA_SHA.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
NULL, 0, 0);
/* ECDSA with SHA, no signed attributes */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHAh, ECDSAk, eccClientPrivKeyBuf,
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz,
NULL, 0, NULL, 0,
"pkcs7signedData_ECDSA_SHA_noattr.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
NULL, 0, 0);
#endif
#ifdef WOLFSSL_SHA224
/* ECDSA with SHA224 */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHA224h, ECDSAk, eccClientPrivKeyBuf,
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_ECDSA_SHA224.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
NULL, 0, 0);
#endif
#ifndef NO_SHA256
/* ECDSA with SHA256 */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_ECDSA_SHA256.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
NULL, 0, 0);
/* ECDSA with SHA256 and SubjectKeyIdentifier in SigherIdentifier */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_ECDSA_SHA256_SKID.der", 0, NULL, 0, CMS_SKID, 0, 0,
NULL, 0, NULL, 0, 0);
/* ECDSA with SHA256 and custom contentType */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_ECDSA_SHA256_custom_contentType.der", 0,
customContentType, sizeof(customContentType), 0, 0, 0, NULL, 0,
NULL, 0, 0);
/* ECDSA with SHA256 and FirmwarePkgData contentType */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_ECDSA_SHA256_firmwarePkgData.der",
FIRMWARE_PKG_DATA, NULL, 0, 0, 0, 0, NULL, 0, NULL, 0, 0);
#endif
#ifdef WOLFSSL_SHA384
/* ECDSA with SHA384 */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHA384h, ECDSAk, eccClientPrivKeyBuf,
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_ECDSA_SHA384.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
NULL, 0, 0);
#endif
#ifdef WOLFSSL_SHA512
/* ECDSA with SHA512 */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHA512h, ECDSAk, eccClientPrivKeyBuf,
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedData_ECDSA_SHA512.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
NULL, 0, 0);
#endif
#endif /* HAVE_ECC */
};
#undef MAX_TESTVECTORS_LEN
#undef ADD_PKCS7SIGNEDVECTOR
outSz = FOURK_BUF;
out = (byte*)XMALLOC(outSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (out == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
XMEMSET(out, 0, outSz);
/* test inner pad size error with block size being 0 */
ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 0);
if (ret > 0)
ERROR_OUT(-1, out);
ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 16);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
ret = wc_InitRng(&rng);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
for (i = 0; i < testSz; i++) {
if (pkcs7)
wc_PKCS7_Free(pkcs7);
pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
if (pkcs7 == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
(word32)testVectors[i].certSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* load CA certificate, if present */
if (testVectors[i].caCert != NULL) {
ret = wc_PKCS7_AddCertificate(pkcs7, testVectors[i].caCert,
(word32)testVectors[i].caCertSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
pkcs7->rng = &rng;
pkcs7->content = (byte*)testVectors[i].content;
pkcs7->contentSz = testVectors[i].contentSz;
pkcs7->contentOID = testVectors[i].contentOID;
pkcs7->hashOID = testVectors[i].hashOID;
pkcs7->encryptOID = testVectors[i].signOID;
pkcs7->privateKey = testVectors[i].privateKey;
pkcs7->privateKeySz = testVectors[i].privateKeySz;
pkcs7->signedAttribs = testVectors[i].signedAttribs;
pkcs7->signedAttribsSz = testVectors[i].signedAttribsSz;
/* optional custom contentType, default is DATA,
overrides contentOID if set */
if (testVectors[i].contentType != NULL) {
ret = wc_PKCS7_SetContentType(pkcs7,
(byte *)testVectors[i].contentType,
testVectors[i].contentTypeSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
/* set SignerIdentifier to use SubjectKeyIdentifier if desired,
default is IssuerAndSerialNumber */
if (testVectors[i].sidType == CMS_SKID) {
ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
/* generate senderNonce */
{
senderNonce[0] = 0x04;
senderNonce[1] = PKCS7_NONCE_SZ;
ret = wc_RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
/* generate transactionID (used with SCEP) */
{
#if !defined(NO_SHA) && !defined(WC_FIPS_186_5_PLUS)
wc_Sha sha;
byte digest[WC_SHA_DIGEST_SIZE];
#else
wc_Sha256 sha;
byte digest[WC_SHA256_DIGEST_SIZE];
#endif
int j,k;
transId[0] = 0x13;
transId[1] = sizeof(digest) * 2;
#if !defined(NO_SHA) && !defined(WC_FIPS_186_5_PLUS)
ret = wc_InitSha_ex(&sha, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
wc_ShaUpdate(&sha, pkcs7->publicKey, pkcs7->publicKeySz);
wc_ShaFinal(&sha, digest);
wc_ShaFree(&sha);
#else
ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
wc_Sha256Update(&sha, pkcs7->publicKey, pkcs7->publicKeySz);
wc_Sha256Final(&sha, digest);
wc_Sha256Free(&sha);
#endif
for (j = 0, k = 2; j < (int)sizeof(digest); j++, k += 2) {
(void)XSNPRINTF((char*)&transId[k], 3, "%02x", digest[j]);
}
}
/* enable detached signature generation, if set */
if (testVectors[i].detachedSignature == 1) {
ret = wc_PKCS7_SetDetached(pkcs7, 1);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
encodedSz = wc_PKCS7_EncodeSignedData(pkcs7, out, outSz);
if (encodedSz < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(encodedSz), out);
#ifdef PKCS7_OUTPUT_TEST_BUNDLES
/* write PKCS#7 to output file for more testing */
file = XFOPEN(testVectors[i].outFileName, "wb");
if (!file) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
}
ret = (int)XFWRITE(out, 1, encodedSz, file);
XFCLOSE(file);
if (ret != (int)encodedSz)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#endif /* PKCS7_OUTPUT_TEST_BUNDLES */
wc_PKCS7_Free(pkcs7);
pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
if (pkcs7 == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
wc_PKCS7_InitWithCert(pkcs7, NULL, 0);
if (testVectors[i].detachedSignature == 1) {
/* set content for verifying detached signatures */
pkcs7->content = (byte*)testVectors[i].content;
pkcs7->contentSz = testVectors[i].contentSz;
}
ret = wc_PKCS7_VerifySignedData(pkcs7, out, outSz);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* verify contentType extracted successfully for custom content types */
if (testVectors[i].contentTypeSz > 0) {
if (pkcs7->contentTypeSz != testVectors[i].contentTypeSz) {
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
} else if (XMEMCMP(pkcs7->contentType, testVectors[i].contentType,
pkcs7->contentTypeSz) != 0) {
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
}
if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
{
/* check getting signed attributes */
#if !defined(NO_SHA) && !defined(WC_FIPS_186_5_PLUS)
byte buf[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1];
#else
byte buf[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1];
#endif
const byte* oidPt = transIdOid + 2; /* skip object id tag and size */
int oidSz = (int)sizeof(transIdOid) - 2;
int bufSz = 0;
if (testVectors[i].signedAttribs != NULL) {
ret = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, (word32)oidSz,
NULL, (word32*)&bufSz);
if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
ret = 0;
}
if (bufSz > (int)sizeof(buf))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
bufSz = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, (word32)oidSz,
buf, (word32*)&bufSz);
if ((testVectors[i].signedAttribs != NULL && bufSz < 0) ||
(testVectors[i].signedAttribs == NULL && bufSz > 0))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#ifdef PKCS7_OUTPUT_TEST_BUNDLES
file = XFOPEN("./pkcs7cert.der", "wb");
if (!file)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
ret = (int)XFWRITE(pkcs7->singleCert, 1, pkcs7->singleCertSz, file);
if (ret < 0)
ret = WC_TEST_RET_ENC_ERRNO;
else
ret = 0;
XFCLOSE(file);
#endif /* PKCS7_OUTPUT_TEST_BUNDLES */
}
out:
if (pkcs7 != NULL)
wc_PKCS7_Free(pkcs7);
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_FreeRng(&rng);
if (ret > 0)
return 0;
(void)rsaClientCertBuf;
(void)rsaClientCertBufSz;
(void)rsaClientPrivKeyBuf;
(void)rsaClientPrivKeyBufSz;
(void)rsaServerCertBuf;
(void)rsaServerCertBufSz;
(void)rsaServerPrivKeyBuf;
(void)rsaServerPrivKeyBufSz;
(void)rsaCaCertBuf;
(void)rsaCaCertBufSz;
(void)rsaCaPrivKeyBuf;
(void)rsaCaPrivKeyBufSz;
(void)eccClientCertBuf;
(void)eccClientCertBufSz;
(void)eccClientPrivKeyBuf;
(void)eccClientPrivKeyBufSz;
return ret;
}
static wc_test_ret_t pkcs7signed_run_SingleShotVectors(
byte* rsaClientCertBuf, word32 rsaClientCertBufSz,
byte* rsaClientPrivKeyBuf, word32 rsaClientPrivKeyBufSz,
byte* rsaServerCertBuf, word32 rsaServerCertBufSz,
byte* rsaServerPrivKeyBuf, word32 rsaServerPrivKeyBufSz,
byte* rsaCaCertBuf, word32 rsaCaCertBufSz,
byte* rsaCaPrivKeyBuf, word32 rsaCaPrivKeyBufSz,
byte* eccClientCertBuf, word32 eccClientCertBufSz,
byte* eccClientPrivKeyBuf, word32 eccClientPrivKeyBufSz)
{
wc_test_ret_t ret;
int testSz = 0, i;
int encodedSz;
byte* out = NULL;
word32 outSz;
WC_RNG rng;
wc_PKCS7* pkcs7 = NULL;
#ifdef PKCS7_OUTPUT_TEST_BUNDLES
XFILE file;
#endif
#if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) && \
!defined(NO_PKCS7_ENCRYPTED_DATA)
byte* encryptedTmp = NULL;
int encryptedTmpSz;
#endif
WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
0x72,0x6c,0x64
};
#if !defined(NO_PKCS7_ENCRYPTED_DATA) && \
defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
static const byte aes256Key[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
};
#endif
static const byte messageTypeOid[] =
{ 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
0x09, 0x02 };
static const byte messageType[] = { 0x13, 2, '1', '9' };
PKCS7Attrib attribs[] =
{
{ messageTypeOid, sizeof(messageTypeOid), messageType,
sizeof(messageType) },
};
#define MAX_TESTVECTORS_LEN 19
#define ADD_PKCS7SIGNEDVECTOR(...) { \
pkcs7SignedVector _this_vector = { __VA_ARGS__ }; \
if (testSz == MAX_TESTVECTORS_LEN) { \
ret = WC_TEST_RET_ENC_NC; \
goto out; \
} \
XMEMCPY(&testVectors[testSz++], &_this_vector, \
sizeof _this_vector); \
}
pkcs7SignedVector *testVectors = NULL;
XMEMSET(&rng, 0, sizeof(rng));
testVectors = (pkcs7SignedVector *)XMALLOC(MAX_TESTVECTORS_LEN * sizeof(*testVectors),
HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (testVectors == NULL) {
ret = WC_TEST_RET_ENC_ERRNO;
goto out;
}
{
#ifndef NO_RSA
#ifndef NO_SHA256
/* Signed FirmwarePkgData, RSA, SHA256, no attribs */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
NULL, 0,
"pkcs7signedFirmwarePkgData_RSA_SHA256_noattr.der", 0, NULL, 0, 0,
0, 0, NULL, 0, NULL, 0, 0);
/* Signed FirmwarePkgData, RSA, SHA256, attrs */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedFirmwarePkgData_RSA_SHA256.der", 0, NULL, 0, 0, 0, 0,
NULL, 0, NULL, 0, 0);
/* Signed FirmwarePkgData, RSA, SHA256, SubjectKeyIdentifier, attrs */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedFirmwarePkgData_RSA_SHA256_SKID.der", 0, NULL,
0, CMS_SKID, 0, 0, NULL, 0, NULL, 0, 0);
/* Signed FirmwraePkgData, RSA, SHA256, server cert and ca cert, attr */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHA256h, RSAk, rsaServerPrivKeyBuf,
rsaServerPrivKeyBufSz, rsaServerCertBuf, rsaServerCertBufSz,
rsaCaCertBuf, rsaCaCertBufSz,
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedFirmwarePkgData_RSA_SHA256_with_ca_cert.der", 0, NULL,
0, 0, 0, 0, NULL, 0, NULL, 0, 0);
#if !defined(NO_PKCS7_ENCRYPTED_DATA) && \
defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
/* Signed Encrypted FirmwarePkgData, RSA, SHA256, no attribs */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
NULL, 0,
"pkcs7signedEncryptedFirmwarePkgData_RSA_SHA256_noattr.der", 0,
NULL, 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), NULL, 0, 0);
/* Signed Encrypted FirmwarePkgData, RSA, SHA256, attribs */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedEncryptedFirmwarePkgData_RSA_SHA256.der", 0,
NULL, 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key),
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0);
#endif /* WOLFSSL_AES_256 && !NO_PKCS7_ENCRYPTED_DATA */
#if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
/* Signed Compressed FirmwarePkgData, RSA, SHA256, no attribs */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
NULL, 0,
"pkcs7signedCompressedFirmwarePkgData_RSA_SHA256_noattr.der", 0,
NULL, 0, 0, 0, 2, NULL, 0, NULL, 0, 0);
/* Signed Compressed FirmwarePkgData, RSA, SHA256, attribs */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedCompressedFirmwarePkgData_RSA_SHA256.der", 0,
NULL, 0, 0, 0, 2, NULL, 0, NULL, 0, 0);
#ifndef NO_PKCS7_ENCRYPTED_DATA
/* Signed Encrypted Compressed FirmwarePkgData, RSA, SHA256,
no attribs */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
NULL, 0,
"pkcs7signedEncryptedCompressedFirmwarePkgData_RSA_SHA256_noattr.der",
0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), NULL,
0, 0);
/* Signed Encrypted Compressed FirmwarePkgData, RSA, SHA256,
attribs */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedEncryptedCompressedFirmwarePkgData_RSA_SHA256.der",
0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key),
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0);
#endif /* !NO_PKCS7_ENCRYPTED_DATA */
#endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
#endif /* NO_SHA256 */
#endif /* NO_RSA */
#ifdef HAVE_ECC
#ifndef NO_SHA256
/* Signed FirmwarePkgData, ECDSA, SHA256, no attribs */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
NULL, 0,
"pkcs7signedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL,
0, 0, 0, 0, NULL, 0, NULL, 0, 0);
/* Signed FirmwarePkgData, ECDSA, SHA256, attribs */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL,
0, 0, 0, 0, NULL, 0, NULL, 0, 0);
/* Signed FirmwarePkgData, ECDSA, SHA256, SubjectKeyIdentifier, attr */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedFirmwarePkgData_ECDSA_SHA256_SKID.der", 0, NULL,
0, CMS_SKID, 0, 0, NULL, 0, NULL, 0, 0);
#if !defined(NO_PKCS7_ENCRYPTED_DATA) && \
defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
/* Signed Encrypted FirmwarePkgData, ECDSA, SHA256, no attribs */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
NULL, 0,
"pkcs7signedEncryptedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL,
0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), NULL, 0, 0);
/* Signed Encrypted FirmwarePkgData, ECDSA, SHA256, attribs */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedEncryptedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL,
0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key),
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0);
#endif /* WOLFSSL_AES_256 && !NO_PKCS7_ENCRYPTED_DATA */
#if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
/* Signed Compressed FirmwarePkgData, ECDSA, SHA256, no attribs */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
NULL, 0,
"pkcs7signedCompressedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL,
0, 0, 0, 2, NULL, 0, NULL, 0, 0);
/* Signed Compressed FirmwarePkgData, ECDSA, SHA256, attrib */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedCompressedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL,
0, 0, 0, 2, NULL, 0, NULL, 0, 0);
#ifndef NO_PKCS7_ENCRYPTED_DATA
/* Signed Encrypted Compressed FirmwarePkgData, ECDSA, SHA256,
no attribs */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
NULL, 0,
"pkcs7signedEncryptedCompressedFirmwarePkgData_ECDSA_SHA256_noattr.der",
0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), NULL,
0, 0);
/* Signed Encrypted Compressed FirmwarePkgData, ECDSA, SHA256,
attribs */
ADD_PKCS7SIGNEDVECTOR(
data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
"pkcs7signedEncryptedCompressedFirmwarePkgData_ECDSA_SHA256.der",
0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key),
attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0);
#endif /* !NO_PKCS7_ENCRYPTED_DATA */
#endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
#endif /* NO_SHA256 */
#endif /* HAVE_ECC */
};
#undef MAX_TESTVECTORS_LEN
#undef ADD_PKCS7SIGNEDVECTOR
outSz = FOURK_BUF;
out = (byte*)XMALLOC(outSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (out == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
XMEMSET(out, 0, outSz);
ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 16);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
ret = wc_InitRng(&rng);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
for (i = 0; i < testSz; i++) {
if (pkcs7)
wc_PKCS7_Free(pkcs7);
pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
if (pkcs7 == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
(word32)testVectors[i].certSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* load CA certificate, if present */
if (testVectors[i].caCert != NULL) {
ret = wc_PKCS7_AddCertificate(pkcs7, testVectors[i].caCert,
(word32)testVectors[i].caCertSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
/* set SignerIdentifier to use SubjectKeyIdentifier if desired,
default is IssuerAndSerialNumber */
if (testVectors[i].sidType == CMS_SKID) {
ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
if (testVectors[i].encCompFlag == 0) {
/* encode Signed FirmwarePkgData */
encodedSz = wc_PKCS7_EncodeSignedFPD(pkcs7,
testVectors[i].privateKey, testVectors[i].privateKeySz,
testVectors[i].signOID, testVectors[i].hashOID,
(byte*)testVectors[i].content, testVectors[i].contentSz,
testVectors[i].signedAttribs,
testVectors[i].signedAttribsSz, out, outSz);
if (encodedSz < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(encodedSz), out);
#ifndef NO_PKCS7_ENCRYPTED_DATA
} else if (testVectors[i].encCompFlag == 1) {
/* encode Signed Encrypted FirmwarePkgData */
encodedSz = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7,
(byte *)testVectors[i].encryptKey, testVectors[i].encryptKeySz,
testVectors[i].privateKey, testVectors[i].privateKeySz,
testVectors[i].encryptOID, testVectors[i].signOID,
testVectors[i].hashOID, (byte*)testVectors[i].content,
testVectors[i].contentSz, testVectors[i].unprotectedAttribs,
testVectors[i].unprotectedAttribsSz,
testVectors[i].signedAttribs,
testVectors[i].signedAttribsSz, out, outSz);
if (encodedSz <= 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(encodedSz), out);
#endif
#if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
} else if (testVectors[i].encCompFlag == 2) {
/* encode Signed Compressed FirmwarePkgData */
encodedSz = wc_PKCS7_EncodeSignedCompressedFPD(pkcs7,
testVectors[i].privateKey, testVectors[i].privateKeySz,
testVectors[i].signOID, testVectors[i].hashOID,
(byte*)testVectors[i].content, testVectors[i].contentSz,
testVectors[i].signedAttribs,
testVectors[i].signedAttribsSz, out, outSz);
if (encodedSz <= 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(encodedSz), out);
#ifndef NO_PKCS7_ENCRYPTED_DATA
} else if (testVectors[i].encCompFlag == 3) {
/* encode Signed Encrypted Compressed FirmwarePkgData */
encodedSz = wc_PKCS7_EncodeSignedEncryptedCompressedFPD(pkcs7,
(byte*)testVectors[i].encryptKey, testVectors[i].encryptKeySz,
testVectors[i].privateKey, testVectors[i].privateKeySz,
testVectors[i].encryptOID, testVectors[i].signOID,
testVectors[i].hashOID, (byte*)testVectors[i].content,
testVectors[i].contentSz, testVectors[i].unprotectedAttribs,
testVectors[i].unprotectedAttribsSz,
testVectors[i].signedAttribs,
testVectors[i].signedAttribsSz, out, outSz);
if (encodedSz <= 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(encodedSz), out);
#endif /* NO_PKCS7_ENCRYPTED_DATA */
#endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
} else {
/* unsupported SignedData single-shot combination */
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#ifdef PKCS7_OUTPUT_TEST_BUNDLES
/* write PKCS#7 to output file for more testing */
file = XFOPEN(testVectors[i].outFileName, "wb");
if (!file)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
ret = (int)XFWRITE(out, 1, encodedSz, file);
XFCLOSE(file);
file = NULL;
if (ret != (int)encodedSz)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
#endif /* PKCS7_OUTPUT_TEST_BUNDLES */
wc_PKCS7_Free(pkcs7);
pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
if (pkcs7 == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
wc_PKCS7_InitWithCert(pkcs7, NULL, 0);
ret = wc_PKCS7_VerifySignedData(pkcs7, out, outSz);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#ifndef NO_PKCS7_STREAM
{
word32 z;
for (z = 0; z < outSz && ret != 0; z++) {
ret = wc_PKCS7_VerifySignedData(pkcs7, out + z, 1);
if (ret < 0 && ret != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
printf("unexpected error %d\n", ret);
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
}
}
}
#endif
if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
if (testVectors[i].encCompFlag == 0) {
/* verify decoded content matches expected */
if ((pkcs7->contentSz != testVectors[i].contentSz) ||
XMEMCMP(pkcs7->content, testVectors[i].content,
pkcs7->contentSz)) {
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
}
#ifndef NO_PKCS7_ENCRYPTED_DATA
else if (testVectors[i].encCompFlag == 1) {
/* decrypt inner encryptedData */
pkcs7->encryptionKey = (byte *)testVectors[i].encryptKey;
pkcs7->encryptionKeySz = testVectors[i].encryptKeySz;
ret = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content,
pkcs7->contentSz, out, outSz);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* compare decrypted to expected */
if (((word32)ret != testVectors[i].contentSz) ||
XMEMCMP(out, testVectors[i].content, (word32)ret))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#endif
#if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
else if (testVectors[i].encCompFlag == 2) {
/* decompress inner compressedData */
ret = wc_PKCS7_DecodeCompressedData(pkcs7, pkcs7->content,
pkcs7->contentSz, out, outSz);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* compare decompressed to expected */
if (((word32)ret != testVectors[i].contentSz) ||
XMEMCMP(out, testVectors[i].content, ret))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#ifndef NO_PKCS7_ENCRYPTED_DATA
else if (testVectors[i].encCompFlag == 3) {
encryptedTmpSz = FOURK_BUF;
encryptedTmp = (byte*)XMALLOC(encryptedTmpSz, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (encryptedTmp == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
XMEMSET(encryptedTmp, 0, encryptedTmpSz);
/* decrypt inner encryptedData */
pkcs7->encryptionKey = (byte*)testVectors[i].encryptKey;
pkcs7->encryptionKeySz = testVectors[i].encryptKeySz;
encryptedTmpSz = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content,
pkcs7->contentSz, encryptedTmp,
encryptedTmpSz);
if (encryptedTmpSz < 0 || pkcs7->contentOID != COMPRESSED_DATA)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
/* decompress inner compressedData */
ret = wc_PKCS7_DecodeCompressedData(pkcs7, encryptedTmp,
encryptedTmpSz, out, outSz);
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* compare decompressed to expected */
if (((word32)ret != testVectors[i].contentSz) ||
XMEMCMP(out, testVectors[i].content, ret))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
}
#endif /* NO_PKCS7_ENCRYPTED_DATA */
#endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
}
out:
if (pkcs7 != NULL)
wc_PKCS7_Free(pkcs7);
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) && \
!defined(NO_PKCS7_ENCRYPTED_DATA)
XFREE(encryptedTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_FreeRng(&rng);
if (ret > 0)
return 0;
(void)eccClientCertBuf;
(void)eccClientCertBufSz;
(void)eccClientPrivKeyBuf;
(void)eccClientPrivKeyBufSz;
(void)rsaClientCertBuf;
(void)rsaClientCertBufSz;
(void)rsaClientPrivKeyBuf;
(void)rsaClientPrivKeyBufSz;
(void)rsaServerCertBuf;
(void)rsaServerCertBufSz;
(void)rsaServerPrivKeyBuf;
(void)rsaServerPrivKeyBufSz;
(void)rsaCaCertBuf;
(void)rsaCaCertBufSz;
(void)rsaCaPrivKeyBuf;
(void)rsaCaPrivKeyBufSz;
return ret;
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7signed_test(void)
{
wc_test_ret_t ret = 0;
byte* rsaClientCertBuf = NULL;
byte* rsaServerCertBuf = NULL;
byte* rsaCaCertBuf = NULL;
byte* eccClientCertBuf = NULL;
byte* rsaClientPrivKeyBuf = NULL;
byte* rsaServerPrivKeyBuf = NULL;
byte* rsaCaPrivKeyBuf = NULL;
byte* eccClientPrivKeyBuf = NULL;
word32 rsaClientCertBufSz = 0;
word32 rsaServerCertBufSz = 0;
word32 rsaCaCertBufSz = 0;
word32 eccClientCertBufSz = 0;
word32 rsaClientPrivKeyBufSz = 0;
word32 rsaServerPrivKeyBufSz = 0;
word32 rsaCaPrivKeyBufSz = 0;
word32 eccClientPrivKeyBufSz = 0;
WOLFSSL_ENTER("pkcs7signed_test");
#ifndef NO_RSA
/* read client RSA cert and key in DER format */
rsaClientCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (rsaClientCertBuf == NULL)
ret = WC_TEST_RET_ENC_NC;
rsaClientPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (ret == 0 && rsaClientPrivKeyBuf == NULL) {
ret = WC_TEST_RET_ENC_ERRNO;
}
rsaClientCertBufSz = FOURK_BUF;
rsaClientPrivKeyBufSz = FOURK_BUF;
/* read server RSA cert and key in DER format */
rsaServerCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (ret == 0 && rsaServerCertBuf == NULL)
ret = WC_TEST_RET_ENC_NC;
rsaServerPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (ret == 0 && rsaServerPrivKeyBuf == NULL) {
ret = WC_TEST_RET_ENC_ERRNO;
}
rsaServerCertBufSz = FOURK_BUF;
rsaServerPrivKeyBufSz = FOURK_BUF;
/* read CA RSA cert and key in DER format, for use with server cert */
rsaCaCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (ret == 0 && rsaCaCertBuf == NULL)
ret = WC_TEST_RET_ENC_NC;
rsaCaPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (ret == 0 && rsaCaPrivKeyBuf == NULL) {
ret = WC_TEST_RET_ENC_ERRNO;
}
rsaCaCertBufSz = FOURK_BUF;
rsaCaPrivKeyBufSz = FOURK_BUF;
#endif /* NO_RSA */
#ifdef HAVE_ECC
/* read client ECC cert and key in DER format */
eccClientCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (ret == 0 && eccClientCertBuf == NULL) {
ret = WC_TEST_RET_ENC_ERRNO;
}
eccClientPrivKeyBuf =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (ret == 0 && eccClientPrivKeyBuf == NULL) {
ret = WC_TEST_RET_ENC_ERRNO;
}
eccClientCertBufSz = FOURK_BUF;
eccClientPrivKeyBufSz = FOURK_BUF;
#endif /* HAVE_ECC */
if (ret >= 0)
ret = pkcs7_load_certs_keys(rsaClientCertBuf, &rsaClientCertBufSz,
rsaClientPrivKeyBuf, &rsaClientPrivKeyBufSz,
rsaServerCertBuf, &rsaServerCertBufSz,
rsaServerPrivKeyBuf, &rsaServerPrivKeyBufSz,
rsaCaCertBuf, &rsaCaCertBufSz,
rsaCaPrivKeyBuf, &rsaCaPrivKeyBufSz,
eccClientCertBuf, &eccClientCertBufSz,
eccClientPrivKeyBuf, &eccClientPrivKeyBufSz);
if (ret < 0) {
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret >= 0)
ret = pkcs7signed_run_vectors(rsaClientCertBuf, (word32)rsaClientCertBufSz,
rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz,
rsaServerCertBuf, (word32)rsaServerCertBufSz,
rsaServerPrivKeyBuf, (word32)rsaServerPrivKeyBufSz,
rsaCaCertBuf, (word32)rsaCaCertBufSz,
rsaCaPrivKeyBuf, (word32)rsaCaPrivKeyBufSz,
eccClientCertBuf, (word32)eccClientCertBufSz,
eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz);
if (ret >= 0)
ret = pkcs7signed_run_SingleShotVectors(
rsaClientCertBuf, (word32)rsaClientCertBufSz,
rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz,
rsaServerCertBuf, (word32)rsaServerCertBufSz,
rsaServerPrivKeyBuf, (word32)rsaServerPrivKeyBufSz,
rsaCaCertBuf, (word32)rsaCaCertBufSz,
rsaCaPrivKeyBuf, (word32)rsaCaPrivKeyBufSz,
eccClientCertBuf, (word32)eccClientCertBufSz,
eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz);
#if !defined(NO_RSA) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \
defined(WOLFSSL_AES_256) && defined(HAVE_AES_KEYWRAP)
if (ret >= 0)
ret = pkcs7callback_test(
rsaClientCertBuf, (word32)rsaClientCertBufSz,
rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz);
#endif
XFREE(rsaClientCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(rsaClientPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(rsaServerCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(rsaServerPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(rsaCaCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(rsaCaPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(eccClientCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(eccClientPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
#endif /* HAVE_PKCS7 */
#if defined(WOLFSSL_PUBLIC_MP) && \
((defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
defined(USE_FAST_MATH))
/* Maximum number of bytes in a number to test. */
#define MP_MAX_TEST_BYTE_LEN 32
static wc_test_ret_t randNum(mp_int* n, int len, WC_RNG* rng, void* heap)
{
byte d[MP_MAX_TEST_BYTE_LEN];
wc_test_ret_t ret;
(void)heap;
do {
ret = wc_RNG_GenerateBlock(rng, d, (word32)len);
if (ret != 0)
return ret;
ret = mp_read_unsigned_bin(n, d, (word32)len);
if (ret != 0)
return ret;
} while (mp_iszero(n));
return 0;
}
#if defined(WOLFSSL_SP_MATH_ALL) || !defined(USE_FAST_MATH)
static wc_test_ret_t mp_test_div_3(mp_int* a, mp_int* r, WC_RNG* rng)
{
int i, j;
mp_digit rem;
mp_digit rem2;
wc_test_ret_t ret;
#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
for (i = 0; i < 10; i++) {
for (j = 1; j < 10; j++) {
ret = randNum(a, j, rng, NULL);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_div_3(a, r, &rem);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mul_d(r, 3, r);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_add_d(r, rem, r);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_cmp(r, a);
if (ret != MP_EQ)
return WC_TEST_RET_ENC_NC;
}
}
ret = mp_div_3(a, r, &rem);
if (ret != 0)
return WC_TEST_RET_ENC_NC;
ret = mp_div_3(a, a, NULL);
if (ret != 0)
return WC_TEST_RET_ENC_NC;
ret = mp_cmp(r, a);
if (ret != MP_EQ)
return WC_TEST_RET_ENC_NC;
#endif
#if defined(WOLFSSL_SP_MATH_ALL)
ret = mp_div_d(a, 10, r, &rem);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_div_d(a, 10, a, NULL);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_cmp(r, a);
if (ret != MP_EQ)
return WC_TEST_RET_ENC_NC;
ret = mp_div_d(a, 12, r, &rem);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_div_d(a, 12, a, NULL);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_cmp(r, a);
if (ret != MP_EQ)
return WC_TEST_RET_ENC_NC;
ret = mp_div_d(a, (mp_digit)1 << (DIGIT_BIT / 2), r, &rem);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_div_d(a, (mp_digit)1 << (DIGIT_BIT / 2), NULL, &rem2);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_div_d(a, (mp_digit)1 << (DIGIT_BIT / 2), a, NULL);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_cmp(r, a);
if (ret != MP_EQ)
return WC_TEST_RET_ENC_NC;
if (rem != rem2)
return WC_TEST_RET_ENC_NC;
#endif
(void)a;
(void)r;
(void)rng;
(void)i;
(void)j;
(void)rem;
(void)rem2;
(void)ret;
return 0;
}
#endif /* WOLFSSL_SP_MATH || !USE_FAST_MATH */
#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \
!defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
(!defined WOLFSSL_SP_MATH && !defined(WOLFSSL_SP_MATH_ALL) && \
(defined(OPENSSL_EXTRA) || !defined(NO_DSA) || defined(HAVE_ECC)))
static wc_test_ret_t mp_test_radix_10(mp_int* a, mp_int* r, WC_RNG* rng)
{
wc_test_ret_t ret;
int i, j;
int size;
char str[30];
WOLFSSL_SMALL_STACK_STATIC const char* badStr1 = "A";
WOLFSSL_SMALL_STACK_STATIC const char* badStr2 = "a";
WOLFSSL_SMALL_STACK_STATIC const char* empty2 = " ";
WOLFSSL_SMALL_STACK_STATIC const char* zeros = "000";
WOLFSSL_SMALL_STACK_STATIC const char* empty = "";
for (i = 0; i < 10; i++) {
for (j = 2; j < 12; j++) {
ret = randNum(a, j, rng, NULL);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_radix_size(a, MP_RADIX_DEC, &size);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_toradix(a, str, MP_RADIX_DEC);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if ((int)XSTRLEN(str) != size - 1)
return WC_TEST_RET_ENC_NC;
ret = mp_read_radix(r, str, MP_RADIX_DEC);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_cmp(a, r);
if (ret != MP_EQ)
return WC_TEST_RET_ENC_NC;
}
}
ret = mp_read_radix(r, badStr1, MP_RADIX_DEC);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_read_radix(r, badStr2, MP_RADIX_DEC);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_read_radix(r, empty2, MP_RADIX_DEC);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_read_radix(r, zeros, MP_RADIX_DEC);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (!mp_iszero(r))
return WC_TEST_RET_ENC_NC;
mp_set(r, 1);
ret = mp_read_radix(r, empty, MP_RADIX_DEC);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (!mp_iszero(r))
return WC_TEST_RET_ENC_NC;
mp_zero(a);
ret = mp_radix_size(a, MP_RADIX_DEC, &size);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (size != 2)
return WC_TEST_RET_ENC_NC;
ret = mp_toradix(a, str, MP_RADIX_DEC);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if ((int)XSTRLEN(str) != size - 1)
return WC_TEST_RET_ENC_NC;
ret = mp_read_radix(r, str, MP_RADIX_DEC);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (!mp_iszero(r))
return WC_TEST_RET_ENC_NC;
#ifdef WOLFSSL_SP_INT_NEGATIVE
/* Negative values are written with a leading '-' and read back. */
ret = mp_set(a, 12345);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
mp_setneg(a);
ret = mp_toradix(a, str, MP_RADIX_DEC);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (str[0] != '-')
return WC_TEST_RET_ENC_NC;
ret = mp_read_radix(r, str, MP_RADIX_DEC);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (mp_cmp(r, a) != MP_EQ)
return WC_TEST_RET_ENC_NC;
#endif
return 0;
}
#endif
#if defined(WOLFSSL_SP_MATH_ALL) || (!defined WOLFSSL_SP_MATH && \
defined(HAVE_ECC))
static wc_test_ret_t mp_test_radix_16(mp_int* a, mp_int* r, WC_RNG* rng)
{
wc_test_ret_t ret;
int i, j;
int size;
char str[30];
#if defined(WOLFSSL_SP_MATH) || defined(USE_FAST_MATH)
static char longStr[2 * sizeof(a->dp) + 2];
#endif
WOLFSSL_SMALL_STACK_STATIC const char* empty2 = " ";
WOLFSSL_SMALL_STACK_STATIC const char* badStr2 = "}";
WOLFSSL_SMALL_STACK_STATIC const char* empty = "";
for (i = 0; i < 10; i++) {
for (j = 2; j < 12; j++) {
ret = randNum(a, j, rng, NULL);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_radix_size(a, MP_RADIX_HEX, &size);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_toradix(a, str, MP_RADIX_HEX);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if ((int)XSTRLEN(str) != size - 1)
return WC_TEST_RET_ENC_NC;
mp_read_radix(r, str, MP_RADIX_HEX);
ret = mp_cmp(a, r);
if (ret != MP_EQ)
return WC_TEST_RET_ENC_NC;
}
}
ret = mp_read_radix(r, empty2, MP_RADIX_HEX);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_read_radix(r, badStr2, MP_RADIX_HEX);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
mp_set(r, 1);
ret = mp_read_radix(r, empty, MP_RADIX_HEX);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (!mp_iszero(r))
return WC_TEST_RET_ENC_NC;
#if defined(WOLFSSL_SP_MATH) || defined(USE_FAST_MATH)
/* Fixed MP data size - string can be too long. */
longStr[0] = '8';
XMEMSET(longStr+1, '0', sizeof(longStr) - 2);
longStr[sizeof(longStr)-1] = '\0';
ret = mp_read_radix(r, longStr, MP_RADIX_HEX);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
mp_zero(a);
ret = mp_radix_size(a, MP_RADIX_HEX, &size);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#ifndef WC_DISABLE_RADIX_ZERO_PAD
if (size != 3)
#else
if (size != 2)
#endif
return WC_TEST_RET_ENC_NC;
ret = mp_toradix(a, str, MP_RADIX_HEX);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if ((int)XSTRLEN(str) != size - 1)
return WC_TEST_RET_ENC_NC;
ret = mp_read_radix(r, str, MP_RADIX_HEX);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (!mp_iszero(r))
return WC_TEST_RET_ENC_NC;
#ifdef WOLFSSL_SP_INT_NEGATIVE
/* Negative values are written with a leading '-' and read back. */
ret = mp_set(a, 0xABCD);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
mp_setneg(a);
ret = mp_toradix(a, str, MP_RADIX_HEX);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (str[0] != '-')
return WC_TEST_RET_ENC_NC;
ret = mp_read_radix(r, str, MP_RADIX_HEX);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (mp_cmp(r, a) != MP_EQ)
return WC_TEST_RET_ENC_NC;
#endif
#ifdef WOLFSSL_SP_MATH
ret = mp_toradix(a, str, 8);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_radix_size(a, 8, &size);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
return 0;
}
#endif
static wc_test_ret_t mp_test_shift(mp_int* a, mp_int* r1, WC_RNG* rng)
{
int i;
wc_test_ret_t ret;
ret = randNum(a, 4, rng, NULL);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
for (i = 0; i < 4; i++) {
ret = mp_copy(r1, a);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
#if !defined(NO_DH) || defined(HAVE_ECC) || (!defined(NO_RSA) && \
defined(WC_RSA_BLINDING) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
ret = mp_lshd(r1, i);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
#ifndef WOLFSSL_SP_MATH
mp_rshd(r1, i);
#else
mp_rshb(r1, i * SP_WORD_SIZE);
#endif
ret = mp_cmp(a, r1);
if (ret != MP_EQ)
return WC_TEST_RET_ENC_NC;
#endif
}
#ifndef WOLFSSL_SP_MATH
for (i = 0; i < DIGIT_BIT+1; i++) {
ret = mp_mul_2d(a, i, r1);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
mp_rshb(r1, i);
ret = mp_cmp(a, r1);
if (ret != MP_EQ)
return WC_TEST_RET_ENC_NC;
}
#endif
return 0;
}
#if !(defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)) || \
(defined(WOLFSSL_SP_ADD_D) && defined(WOLFSSL_SP_SUB_D))
static wc_test_ret_t mp_test_add_sub_d(mp_int* a, mp_int* b, mp_int* r1)
{
int i, j;
wc_test_ret_t ret;
(void)b;
for (i = 0; i <= DIGIT_BIT * 2; i++) {
mp_zero(a);
mp_set_bit(a, i);
if ((int)a->used != (i + DIGIT_BIT) / DIGIT_BIT)
return WC_TEST_RET_ENC_NC;
for (j = 0; j < i && j < DIGIT_BIT; j++) {
mp_zero(r1);
mp_set_bit(r1, i);
ret = mp_sub_d(r1, (mp_digit)1 << j, r1);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_add_d(r1, (mp_digit)1 << j, r1);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_cmp(a, r1);
if (ret != MP_EQ)
return WC_TEST_RET_ENC_NC;
}
}
mp_zero(r1);
ret = mp_add_d(r1, 1, r1);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (r1->used != 1)
return WC_TEST_RET_ENC_NC;
ret = mp_sub_d(r1, 1, r1);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (r1->used != 0)
return WC_TEST_RET_ENC_NC;
#ifdef WOLFSSL_SP_INT_NEGATIVE
/* Adding/subtracting a digit to/from a negative value, and producing a
* negative result, exercise the signed digit paths. */
/* -100 + 5 = -95 */
ret = mp_set(a, 100);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
mp_setneg(a);
ret = mp_add_d(a, 5, r1);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_set(b, 95);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
mp_setneg(b);
if (mp_cmp(r1, b) != MP_EQ)
return WC_TEST_RET_ENC_NC;
/* -3 + 10 = 7 */
ret = mp_set(a, 3);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
mp_setneg(a);
ret = mp_add_d(a, 10, r1);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (mp_cmp_d(r1, 7) != MP_EQ)
return WC_TEST_RET_ENC_NC;
/* -5 - 3 = -8 */
ret = mp_set(a, 5);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
mp_setneg(a);
ret = mp_sub_d(a, 3, r1);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_set(b, 8);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
mp_setneg(b);
if (mp_cmp(r1, b) != MP_EQ)
return WC_TEST_RET_ENC_NC;
/* 3 - 10 = -7 */
ret = mp_set(a, 3);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_sub_d(a, 10, r1);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_set(b, 7);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
mp_setneg(b);
if (mp_cmp(r1, b) != MP_EQ)
return WC_TEST_RET_ENC_NC;
#endif /* WOLFSSL_SP_INT_NEGATIVE */
return 0;
}
#endif
static wc_test_ret_t mp_test_read_to_bin(mp_int* a)
{
WOLFSSL_SMALL_STACK_STATIC const byte in[16] = {
0x91, 0xa2, 0xb3, 0xc4, 0xd5, 0xe6, 0xf7, 0x08,
0x93, 0xa4, 0xb4, 0xc5, 0xd6, 0xe7, 0xf8, 0x09
};
byte out[24];
int i, j, k;
const byte* p;
wc_test_ret_t ret;
for (i = 0; i < (int)sizeof(in); i++) {
p = in + sizeof(in) - i;
ret = mp_read_unsigned_bin(a, p, (word32)i);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
for (j = i; j < (int)sizeof(out); j++) {
XMEMSET(out, 0xff, sizeof(out));
ret = mp_to_unsigned_bin_len(a, out, j);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
for (k = 0; k < j - i; k++) {
if (out[k] != 0)
return WC_TEST_RET_ENC_NC;
}
for (; k < j; k++) {
if (out[k] != p[k - (j - i)])
return WC_TEST_RET_ENC_NC;
}
}
}
/* Length too small. */
ret = mp_to_unsigned_bin_len(a, out, 1);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_read_unsigned_bin(a, NULL, 0);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (!mp_iszero(a))
return WC_TEST_RET_ENC_NC;
return 0;
}
#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
static wc_test_ret_t mp_test_set_int(mp_int* a)
{
#if SP_ULONG_BITS == 64
unsigned long n = 0xfedcba9876543210UL;
byte exp[8] = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 };
byte out[8] = { 0 };
#elif SP_ULONG_BITS == 32
unsigned long n = 0xfedcba98UL;
byte exp[4] = { 0xfe, 0xdc, 0xba, 0x98 };
byte out[4] = { 0 };
#elif SP_ULONG_BITS == 16
unsigned long n = 0xfedc;
byte exp[2] = { 0xfe, 0xdc };
byte out[2] = { 0 };
#elif SP_ULONG_BITS == 8
unsigned long n = 0xfe;
byte exp[1] = { 0xfe };
byte out[1] = { 0 };
#endif
wc_test_ret_t ret;
ret = mp_set_int(a, n);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_unsigned_bin_size(a);
if (ret != sizeof(exp))
return WC_TEST_RET_ENC_NC;
ret = mp_to_unsigned_bin(a, out);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(exp, out, sizeof(exp)) != 0)
return WC_TEST_RET_ENC_NC;
return 0;
}
#endif
#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
{
byte buffer[16];
#if defined(HAVE_ECC) || defined(WOLFSSL_SP_MATH_ALL)
char hexStr[] = "abcdef0123456789";
#ifndef WOLFSSL_SP_INT_NEGATIVE
char negStr[] = "-1234";
#endif
#endif
#if !defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_KEY_GEN) || \
defined(HAVE_COMP_KEY)
char decStr[] = "0987654321";
#endif
wc_test_ret_t ret;
#ifdef WOLFSSL_SP_MATH_ALL
mp_digit rho;
int size;
#endif
#ifdef WOLFSSL_SP_PRIME_GEN
int result;
#endif
#if (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || \
(defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN))
mp_digit rd;
#endif
(void)rng;
(void)r;
ret = mp_init(NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || (!defined(NO_DH) || defined(HAVE_ECC))
ret = mp_init_multi(NULL, NULL, NULL, NULL, NULL, NULL);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
#endif
mp_free(NULL);
#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
!defined(NO_DH) || defined(HAVE_ECC)
ret = mp_grow(NULL, 1);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#ifdef WOLFSSL_SP_MATH
ret = mp_grow(a, SP_INT_DIGITS + 1);
if (ret != WC_NO_ERR_TRACE(MP_MEM))
return WC_TEST_RET_ENC_EC(ret);
#endif
#endif
mp_clear(NULL);
ret = mp_abs(NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_abs(a, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_abs(NULL, b);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_unsigned_bin_size(NULL);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* clear buffer to avoid provoking uninitvar errors. */
XMEMSET(buffer, 0, sizeof(buffer));
ret = mp_read_unsigned_bin(NULL, NULL, sizeof(buffer));
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_read_unsigned_bin(NULL, buffer, sizeof(buffer));
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_read_unsigned_bin(a, NULL, sizeof(buffer));
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_read_unsigned_bin(a, buffer, SP_INT_DIGITS * SP_WORD_SIZEOF + 1);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#if defined(HAVE_ECC) || defined(WOLFSSL_SP_MATH_ALL)
ret = mp_read_radix(NULL, NULL, 16);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_read_radix(a, NULL, 16);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_read_radix(NULL, hexStr, 16);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#ifndef WOLFSSL_SP_INT_NEGATIVE
ret = mp_read_radix(a, negStr, 16);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#ifdef WOLFSSL_SP_MATH_ALL
ret = mp_read_radix(a, negStr, 10);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif /* WOLFSSL_SP_MATH_ALL */
#endif /* WOLFSSL_SP_INT_NEGATIVE */
#endif
#ifndef WOLFSSL_SP_MATH_ALL
/* Radix 10 only supported with ALL. */
ret = mp_read_radix(a, decStr, 10);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
/* Radix 8 not supported SP_INT. */
ret = mp_read_radix(a, "0123", 8);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_count_bits(NULL);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_is_bit_set(NULL, 0);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_leading_bit(NULL);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
mp_zero(a);
ret = mp_leading_bit(a);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \
!defined(NO_RSA)
ret = mp_set_bit(NULL, 1);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
#if !defined(NO_DH) || defined(HAVE_ECC) || defined(WC_RSA_BLINDING) || \
!defined(WOLFSSL_RSA_VERIFY_ONLY)
ret = mp_to_unsigned_bin(NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_to_unsigned_bin(a, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_to_unsigned_bin(NULL, buffer);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
ret = mp_to_unsigned_bin_len(NULL, NULL, 1);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_to_unsigned_bin_len(a, NULL, 1);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_to_unsigned_bin_len(NULL, buffer, 1);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \
!defined(WOLFSSL_RSA_VERIFY_ONLY)
ret = mp_to_unsigned_bin_at_pos(0, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_to_unsigned_bin_at_pos(0, a, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_to_unsigned_bin_at_pos(0, NULL, buffer);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_to_unsigned_bin_at_pos(0, a, buffer);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
#endif
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) || (!defined(NO_DH) || defined(HAVE_ECC))
ret = mp_copy(NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_copy(a, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_copy(NULL, b);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
#if defined(WOLFSSL_KEY_GEN) || !defined(NO_DH)
ret = sp_2expt(NULL, 1);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
ret = mp_set(NULL, 0);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_cmp_d(NULL, 0);
if (ret != MP_LT)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_cmp(NULL, NULL);
if (ret != MP_EQ)
return WC_TEST_RET_ENC_NC;
ret = mp_cmp(a, NULL);
if (ret != MP_GT)
return WC_TEST_RET_ENC_NC;
ret = mp_cmp(NULL, b);
if (ret != MP_LT)
return WC_TEST_RET_ENC_NC;
#ifdef WOLFSSL_SP_MATH_ALL
mp_rshd(NULL, 1);
#endif
mp_zero(NULL);
#if !defined(NO_DH) || defined(HAVE_ECC) || (!defined(NO_RSA) && \
(defined(WC_RSA_BLINDING) || !defined(WOLFSSL_RSA_PUBLIC_ONLY)))
ret = mp_lshd(NULL, 0);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_lshd(a, SP_INT_DIGITS + 1);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
#if defined(WOLFSSL_SP_MATH_ALL)
ret = mp_div(NULL, NULL, a, b);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_div(a, NULL, a, b);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_div(NULL, b, a, b);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_div(a, b, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
#if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
(!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
ret = mp_mod(NULL, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mod(a, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mod(NULL, b, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mod(NULL, NULL, r);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mod(a, b, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mod(a, NULL, r);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mod(NULL, b, r);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
#if !defined(NO_RSA) || defined(WOLFSSL_SP_MATH_ALL)
ret = mp_set_int(NULL, 0);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
#if !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH) || \
(defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || defined(OPENSSL_EXTRA)
ret = mp_exptmod_ex(NULL, NULL, 1, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_ex(a, NULL, 1, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_ex(NULL, a, 1, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_ex(NULL, NULL, 1, a, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_ex(NULL, NULL, 1, NULL, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_ex(a, a, 1, a, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_ex(a, a, 1, NULL, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_ex(a, NULL, 1, a, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_ex(NULL, a, 1, a, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_nct(NULL, NULL, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_nct(a, NULL, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_nct(NULL, a, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_nct(NULL, NULL, a, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_nct(NULL, NULL, NULL, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_nct(a, a, a, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_nct(a, a, NULL, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_nct(a, NULL, a, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_nct(NULL, a, a, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
#if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
!defined(WC_NO_RNG)
ret = mp_rand_prime(NULL, 32, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_rand_prime(a, 32, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_rand_prime(NULL, 32, rng, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_rand_prime(a, 0, rng, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
#if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
ret = mp_mul(NULL, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mul(a, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mul(NULL, b, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mul(NULL, NULL, r);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mul(a, b, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mul(a, NULL, r);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mul(NULL, b, r);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
#if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
ret = mp_sqr(NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_sqr(a, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_sqr(NULL, r);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
#if !defined(WOLFSSL_RSA_VERIFY_ONLY)
ret = mp_sqrmod(NULL, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_sqrmod(a, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_sqrmod(NULL, a, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_sqrmod(NULL, NULL, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_sqrmod(a, b, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_sqrmod(a, NULL, b);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_sqrmod(NULL, a, b);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mulmod(NULL, NULL, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mulmod(a, NULL, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mulmod(NULL, a, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mulmod(NULL, NULL, a, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mulmod(NULL, NULL, NULL, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mulmod(a, b, b, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mulmod(a, b, NULL, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mulmod(a, NULL, b, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mulmod(NULL, b, b, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
#if !defined(NO_PWDBASED) || defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || \
!defined(NO_RSA) || !defined(NO_DSA)
ret = mp_add_d(NULL, 1, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_add_d(a, 1, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_add_d(NULL, 1, b);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
!defined(NO_DH) || defined(HAVE_ECC) || !defined(NO_DSA)
ret = mp_sub_d(NULL, 1, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_sub_d(a, 1, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_sub_d(NULL, 1, b);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
ret = mp_div_d(NULL, 0, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_div_d(a, 0, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_div_d(NULL, 1, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
#if (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || \
(defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN))
ret = mp_mod_d(NULL, 0, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mod_d(a, 0, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mod_d(NULL, 0, &rd);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
#if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
ret = mp_gcd(NULL, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_gcd(a, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_gcd(NULL, a, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_gcd(NULL, NULL, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_gcd(a, b, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_gcd(a, NULL, b);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_gcd(NULL, a, b);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
#if !defined(WOLFSSL_SP_MATH) && defined(HAVE_ECC)
ret = mp_div_2_mod_ct(NULL, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_div_2_mod_ct(a, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_div_2_mod_ct(NULL, b, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_div_2_mod_ct(NULL, NULL, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_div_2_mod_ct(a, b, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_div_2_mod_ct(a, b, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_div_2_mod_ct(NULL, b, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_div_2(NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_div_2(a, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_div_2(NULL, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
!defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \
defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA)
ret = mp_invmod(NULL, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_invmod(a, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_invmod(NULL, b, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_invmod(NULL, NULL, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_invmod(a, b, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_invmod(a, NULL, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_invmod(NULL, b, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
#if !defined(WOLFSSL_SP_MATH) && defined(HAVE_ECC)
ret = mp_invmod_mont_ct(NULL, NULL, NULL, 1);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_invmod_mont_ct(a, NULL, NULL, 1);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_invmod_mont_ct(NULL, b, NULL, 1);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_invmod_mont_ct(NULL, NULL, a, 1);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_invmod_mont_ct(a, b, NULL, 1);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_invmod_mont_ct(a, NULL, a, 1);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_invmod_mont_ct(NULL, b, a, 1);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(WC_RSA_BLINDING)
ret = mp_lcm(NULL, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_lcm(a, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_lcm(NULL, b, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_lcm(NULL, NULL, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_lcm(a, b, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_lcm(a, NULL, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_lcm(NULL, b, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
#if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
ret = mp_exptmod_ex(NULL, NULL, 1, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_ex(a, NULL, 1, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_ex(NULL, b, 1, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_ex(NULL, NULL, 1, b, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_ex(NULL, NULL, 1, NULL, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_ex(a, b, 1, b, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_ex(a, b, 1, NULL, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_ex(a, NULL, 1, b, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_ex(NULL, b, 1, b, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod(NULL, NULL, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod(a, NULL, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod(NULL, b, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod(NULL, NULL, b, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod(NULL, NULL, NULL, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod(a, b, b, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod(a, b, NULL, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod(a, NULL, b, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod(NULL, b, b, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_nct(NULL, NULL, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_nct(a, NULL, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_nct(NULL, b, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_nct(NULL, NULL, b, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_nct(NULL, NULL, NULL, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_nct(a, b, b, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_nct(a, b, NULL, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_nct(a, NULL, b, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_nct(NULL, b, b, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
#if defined(HAVE_ECC) && defined(HAVE_COMP_KEY)
ret = mp_cnt_lsb(NULL);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#endif
#ifdef WOLFSSL_SP_PRIME_GEN
ret = mp_prime_is_prime(NULL, 1, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_prime_is_prime(a, 1, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_prime_is_prime(NULL, 1, &result);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_prime_is_prime(a, 0, &result);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_prime_is_prime(a, 1024, &result);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_prime_is_prime_ex(NULL, 1, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_prime_is_prime_ex(a, 1, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_prime_is_prime_ex(NULL, 1, &result, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_prime_is_prime_ex(NULL, 1, NULL, rng);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_prime_is_prime_ex(a, 1, &result, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_prime_is_prime_ex(a, 1, NULL, rng);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_prime_is_prime_ex(NULL, 1, &result, rng);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
#if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || !defined(NO_DSA)
ret = mp_exch(NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exch(a, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exch(NULL, b);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
#if (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || \
defined(WOLFSSL_SP_MATH_ALL)
ret = mp_mul_d(NULL, 1, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mul_d(a, 1, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mul_d(NULL, 1, b);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
#if !defined(WOLFSSL_RSA_VERIFY_ONLY)
ret = mp_add(NULL, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_add(a, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_add(NULL, b, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_add(NULL, NULL, r);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_add(a, b, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_add(a, NULL, r);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_add(NULL, b, r);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
#if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
(!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
ret = mp_sub(NULL, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_sub(a, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_sub(NULL, b, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_sub(NULL, NULL, r);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_sub(a, b, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_sub(a, NULL, r);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_sub(NULL, b, r);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
#if defined(WOLFSSL_SP_MATH_ALL) || (!defined(WOLFSSL_SP_MATH) && \
defined(WOLFSSL_CUSTOM_CURVES))
ret = mp_addmod(NULL, NULL, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_addmod(a, NULL, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_addmod(NULL, b, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_addmod(NULL, NULL, b, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_addmod(NULL, NULL, NULL, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_addmod(a, b, b, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_addmod(a, b, NULL, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_addmod(a, NULL, b, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_addmod(NULL, b, b, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
#ifdef WOLFSSL_SP_MATH_ALL
ret = mp_submod(NULL, NULL, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_submod(a, NULL, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_submod(NULL, b, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_submod(NULL, NULL, b, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_submod(NULL, NULL, NULL, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_submod(a, b, b, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_submod(a, b, NULL, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_submod(a, NULL, b, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_submod(NULL, b, b, a);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
#ifdef WOLFSSL_SP_MATH_ALL
ret = mp_div_2d(NULL, 1, a, b);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mod_2d(NULL, 1, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mod_2d(a, 1, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mod_2d(NULL, 1, b);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mul_2d(NULL, 1, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mul_2d(a, 1, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mul_2d(NULL, 1, b);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
#if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
ret = mp_montgomery_reduce(NULL, NULL, 1);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_montgomery_reduce(a, NULL, 1);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_montgomery_reduce(NULL, b, 1);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
mp_zero(b);
ret = mp_montgomery_reduce(a, b, 1);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
#ifdef WOLFSSL_SP_MATH_ALL
ret = mp_montgomery_setup(NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_montgomery_setup(a, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_montgomery_setup(NULL, &rho);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_montgomery_calc_normalization(NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_montgomery_calc_normalization(a, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_montgomery_calc_normalization(NULL, b);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
ret = mp_unsigned_bin_size(NULL);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#if defined(WC_MP_TO_RADIX) || defined(WOLFSSL_SP_MATH_ALL)
ret = mp_tohex(NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_tohex(a, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_tohex(NULL, hexStr);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
ret = mp_todecimal(NULL, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_todecimal(a, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_todecimal(NULL, decStr);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
#ifdef WOLFSSL_SP_MATH_ALL
ret = mp_toradix(NULL, NULL, MP_RADIX_HEX);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_toradix(a, NULL, MP_RADIX_HEX);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_toradix(NULL, hexStr, MP_RADIX_HEX);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_toradix(a, hexStr, 3);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_radix_size(NULL, MP_RADIX_HEX, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_radix_size(a, MP_RADIX_HEX, NULL);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_radix_size(NULL, MP_RADIX_HEX, &size);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_radix_size(a, 3, &size);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
return 0;
}
#endif
#if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
static wc_test_ret_t mp_test_set_is_bit(mp_int* a)
{
int i, j;
wc_test_ret_t ret;
mp_zero(a);
for (i = 0; i <= DIGIT_BIT * 2; i++) {
if (mp_is_bit_set(a, i))
return WC_TEST_RET_ENC_NC;
for (j = 0; j < i; j++) {
if (!mp_is_bit_set(a, j))
return WC_TEST_RET_ENC_NC;
}
if (mp_set_bit(a, i) != 0)
return WC_TEST_RET_ENC_NC;
if (!mp_is_bit_set(a, i))
return WC_TEST_RET_ENC_NC;
}
mp_zero(a);
for (i = 0; i <= DIGIT_BIT * 2; i++) {
if (mp_is_bit_set(a, i))
return WC_TEST_RET_ENC_NC;
}
for (i = 0; i <= DIGIT_BIT * 2; i++) {
mp_zero(a);
if (mp_set_bit(a, i) != 0)
return WC_TEST_RET_ENC_NC;
for (j = 0; j < i; j++) {
if (mp_is_bit_set(a, j))
return WC_TEST_RET_ENC_NC;
}
if (!mp_is_bit_set(a, i))
return WC_TEST_RET_ENC_NC;
}
#ifdef WOLFSSL_KEY_GEN
for (i = 0; i < DIGIT_BIT * 2; i++) {
mp_set(a, 1);
ret = mp_2expt(a, i);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
for (j = 0; j < i; j++) {
if (mp_is_bit_set(a, j))
return WC_TEST_RET_ENC_NC;
}
if (!mp_is_bit_set(a, i))
return WC_TEST_RET_ENC_NC;
}
#endif
#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
mp_zero(a);
for (j = 1; j <= 3; j++) {
i = SP_INT_MAX_BITS - j;
if (mp_is_bit_set(a, i))
return WC_TEST_RET_ENC_NC;
if (mp_set_bit(a, i) != 0)
return WC_TEST_RET_ENC_NC;
if (!mp_is_bit_set(a, i))
return WC_TEST_RET_ENC_NC;
#ifdef WOLFSSL_KEY_GEN
ret = mp_2expt(a, i);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (!mp_is_bit_set(a, i))
return WC_TEST_RET_ENC_NC;
#endif
}
mp_zero(a);
for (j = 0; j <= 3; j++) {
i = SP_INT_MAX_BITS + j;
if (mp_is_bit_set(a, i))
return WC_TEST_RET_ENC_NC;
if (mp_set_bit(a, i) != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_NC;
#ifdef WOLFSSL_KEY_GEN
ret = mp_2expt(a, i);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
}
#endif
(void)ret;
return 0;
}
#endif /* !WOLFSSL_SP_MATH || WOLFSSL_SP_MATH_ALL */
static wc_test_ret_t mp_test_cmp(mp_int* a, mp_int* b)
{
wc_test_ret_t ret;
mp_zero(a);
mp_zero(b);
ret = mp_cmp_d(a, 0);
if (ret != MP_EQ)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_cmp_d(a, 1);
if (ret != MP_LT)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_cmp(a, b);
if (ret != MP_EQ)
return WC_TEST_RET_ENC_NC;
mp_set(a, 1);
ret = mp_cmp_d(a, 0);
if (ret != MP_GT)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_cmp_d(a, 1);
if (ret != MP_EQ)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_cmp_d(a, 2);
if (ret != MP_LT)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_cmp(a, b);
if (ret != MP_GT)
return WC_TEST_RET_ENC_NC;
#if defined(OPENSSL_EXTRA) || !defined(NO_DSA) || defined(HAVE_ECC)
mp_read_radix(b, "1234567890123456789", MP_RADIX_HEX);
ret = mp_cmp_d(b, -1);
if (ret != MP_GT)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_cmp(a, b);
if (ret != MP_LT)
return WC_TEST_RET_ENC_NC;
ret = mp_cmp(b, a);
if (ret != MP_GT)
return WC_TEST_RET_ENC_NC;
ret = mp_cmp(b, b);
if (ret != MP_EQ)
return WC_TEST_RET_ENC_NC;
#endif
#if (!defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL)) || \
defined(WOLFSSL_SP_INT_NEGATIVE)
#if defined(OPENSSL_EXTRA) || !defined(NO_DSA) || defined(HAVE_ECC)
mp_read_radix(a, "-1", MP_RADIX_HEX);
mp_read_radix(a, "1", MP_RADIX_HEX);
ret = mp_cmp(a, b);
if (ret != MP_LT)
return WC_TEST_RET_ENC_NC;
ret = mp_cmp(b, a);
if (ret != MP_GT)
return WC_TEST_RET_ENC_NC;
mp_read_radix(b, "-2", MP_RADIX_HEX);
ret = mp_cmp(a, b);
if (ret != MP_GT)
return WC_TEST_RET_ENC_NC;
ret = mp_cmp(b, a);
if (ret != MP_LT)
return WC_TEST_RET_ENC_NC;
#endif
#if defined(OPENSSL_EXTRA) || !defined(NO_DSA) || defined(HAVE_ECC)
mp_read_radix(a, "-2", MP_RADIX_HEX);
ret = mp_cmp(a, b);
if (ret != MP_EQ)
return WC_TEST_RET_ENC_NC;
#endif
#endif
#if defined(HAVE_ECC) && !defined(WC_NO_RNG) && \
defined(WOLFSSL_ECC_GEN_REJECT_SAMPLING)
mp_zero(a);
mp_zero(b);
ret = mp_cmp_ct(a, b, 1);
if (ret != MP_EQ)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_cmp_ct(a, a, a->used);
if (ret != MP_EQ)
return WC_TEST_RET_ENC_EC(ret);
#ifdef WOLFSSL_SP_MATH_ALL
ret = mp_cmp_ct(a, NULL, a->used);
if (ret != MP_GT)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_cmp_ct(NULL, a, a->used);
if (ret != MP_LT)
return WC_TEST_RET_ENC_EC(ret);
#endif
mp_read_radix(a, "1", MP_RADIX_HEX);
ret = mp_cmp_ct(a, b, 1);
if (ret != MP_GT)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_cmp_ct(b, a, 1);
if (ret != MP_LT)
return WC_TEST_RET_ENC_EC(ret);
mp_read_radix(a, "0123456789abcdef0123456789abcdef", MP_RADIX_HEX);
ret = mp_cmp_ct(a, b, a->used);
if (ret != MP_GT)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_cmp_ct(b, a, a->used);
if (ret != MP_LT)
return WC_TEST_RET_ENC_EC(ret);
mp_read_radix(b, "1123456789abcdef0123456789abcdef", MP_RADIX_HEX);
ret = mp_cmp_ct(b, a, a->used);
if (ret != MP_GT)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_cmp_ct(a, b, a->used);
if (ret != MP_LT)
return WC_TEST_RET_ENC_EC(ret);
mp_read_radix(b, "0123456789abcdef0123456789abcdf0", MP_RADIX_HEX);
ret = mp_cmp_ct(b, a, a->used);
if (ret != MP_GT)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_cmp_ct(a, b, a->used);
if (ret != MP_LT)
return WC_TEST_RET_ENC_EC(ret);
mp_read_radix(b, "0123456789abcdf0", MP_RADIX_HEX);
ret = mp_cmp_ct(a, b, a->used);
if (ret != MP_GT)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_cmp_ct(b, a, a->used);
if (ret != MP_LT)
return WC_TEST_RET_ENC_EC(ret);
#endif
return 0;
}
#if !defined(NO_DH) || defined(HAVE_ECC) || (!defined(NO_RSA) && \
!defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY))
static wc_test_ret_t mp_test_shbd(mp_int* a, mp_int* b, WC_RNG* rng)
{
wc_test_ret_t ret;
int i, j, k;
#ifndef WOLFSSL_SP_MATH
for (i = 0; i < 10; i++) {
for (j = 1; j < WC_BITS_TO_BYTES(DIGIT_BIT) * 3; j++) {
ret = randNum(a, j, rng, NULL);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_copy(a, b);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
for (k = 0; k <= DIGIT_BIT * 2; k++) {
ret = mp_mul_2d(a, k, a);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
mp_rshb(a, k);
ret = mp_cmp(a, b);
if (ret != MP_EQ)
return WC_TEST_RET_ENC_NC;
}
}
}
#endif
for (i = 0; i < 10; i++) {
for (j = 1; j < WC_BITS_TO_BYTES(DIGIT_BIT) * 3; j++) {
ret = randNum(a, j, rng, NULL);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_copy(a, b);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
for (k = 0; k < 10; k++) {
ret = mp_lshd(a, k);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
#ifndef WOLFSSL_SP_MATH
mp_rshd(a, k);
#else
mp_rshb(a, k * SP_WORD_SIZE);
#endif
ret = mp_cmp(a, b);
if (ret != MP_EQ)
return WC_TEST_RET_ENC_NC;
}
}
}
#ifndef WOLFSSL_SP_MATH
mp_zero(a);
mp_rshd(a, 1);
if (!mp_iszero(a))
return WC_TEST_RET_ENC_NC;
mp_set(a, 1);
mp_rshd(a, 1);
if (!mp_iszero(a))
return WC_TEST_RET_ENC_NC;
mp_set(a, 1);
mp_rshd(a, 2);
if (!mp_iszero(a))
return WC_TEST_RET_ENC_NC;
#endif
return 0;
}
#endif
#if !defined(NO_DH) || defined(HAVE_ECC) || \
(!defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY))
static wc_test_ret_t mp_test_div(mp_int* a, mp_int* d, mp_int* r, mp_int* rem,
WC_RNG* rng)
{
wc_test_ret_t ret;
int i, j, k;
mp_zero(a);
mp_zero(d);
ret = mp_div(a, d, r, rem);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
mp_set(d, 1);
ret = mp_div(a, d, r, rem);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (!mp_iszero(r))
return WC_TEST_RET_ENC_EC(ret);
if (!mp_iszero(rem))
return WC_TEST_RET_ENC_EC(ret);
mp_set(a, 1);
ret = mp_div(a, d, r, rem);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (!mp_isone(r))
return WC_TEST_RET_ENC_EC(ret);
if (!mp_iszero(rem))
return WC_TEST_RET_ENC_EC(ret);
for (i = 0; i < 100; i++) {
for (j = 1; j < WC_BITS_TO_BYTES(DIGIT_BIT) * 2; j++) {
ret = randNum(d, j, rng, NULL);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
for (k = 1; k < WC_BITS_TO_BYTES(DIGIT_BIT) * 2 + 1; k++) {
ret = randNum(a, k, rng, NULL);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_div(a, d, NULL, rem);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_div(a, d, r, NULL);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_div(a, d, r, rem);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
mp_mul(r, d, r);
mp_add(r, rem, r);
if (mp_cmp(r, a) != MP_EQ)
return WC_TEST_RET_ENC_NC;
}
}
}
ret = randNum(d, WC_BITS_TO_BYTES(DIGIT_BIT) * 2, rng, NULL);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
mp_add(d, d, a);
mp_set(rem, 1);
mp_div(a, d, NULL, rem);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (!mp_iszero(rem))
return WC_TEST_RET_ENC_EC(ret);
mp_set(r, 1);
mp_div(a, d, r, NULL);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (mp_cmp_d(r, 2) != MP_EQ)
return WC_TEST_RET_ENC_EC(ret);
mp_set(r, 1);
mp_set(rem, 1);
mp_div(a, d, r, rem);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (mp_cmp_d(r, 2) != MP_EQ)
return WC_TEST_RET_ENC_EC(ret);
if (!mp_iszero(rem))
return WC_TEST_RET_ENC_EC(ret);
mp_set(a, 0xfe);
mp_lshd(a, 3);
mp_add_d(a, 0xff, a);
mp_set(d, 0xfe);
mp_lshd(d, 2);
ret = mp_div(a, d, r, rem);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
mp_mul(r, d, d);
mp_add(rem, d, d);
if (mp_cmp(a, d) != MP_EQ)
return WC_TEST_RET_ENC_NC;
/* Force (hi | lo) / d to be (d | 0) / d which will would not fit in
* a digit. So mp_div must detect and handle.
* For example: 0x800000 / 0x8001, DIGIT_BIT = 8
*/
mp_zero(a);
mp_set_bit(a, DIGIT_BIT * 3 - 1);
mp_zero(d);
mp_set_bit(d, DIGIT_BIT * 2 - 1);
mp_add_d(d, 1, d);
ret = mp_div(a, d, r, rem);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
/* Make sure [d | d] / d is handled. */
mp_zero(a);
mp_set_bit(a, DIGIT_BIT * 2 - 1);
mp_set_bit(a, DIGIT_BIT * 1 - 1);
mp_zero(d);
mp_set_bit(d, DIGIT_BIT - 1);
ret = mp_div(a, d, r, rem);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
mp_zero(a);
mp_set_bit(a, DIGIT_BIT);
mp_set_bit(a, 0);
mp_zero(d);
if (mp_cmp(r, a) != MP_EQ)
return WC_TEST_RET_ENC_NC;
if (mp_cmp(rem, d) != MP_EQ)
return WC_TEST_RET_ENC_NC;
return 0;
}
#endif
#if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
!defined(WC_NO_RNG)
static wc_test_ret_t mp_test_prime(mp_int* a, WC_RNG* rng)
{
wc_test_ret_t ret;
int res;
ret = mp_rand_prime(a, 1, rng, NULL);
#if defined(WOLFSSL_SP_MATH_ALL)
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#else
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_NC;
#endif
#ifndef WOLFSSL_SP_MATH
ret = mp_rand_prime(a, -5, rng, NULL);
if (ret != 0 || (a->dp[0] & 3) != 3)
return WC_TEST_RET_ENC_NC;
#endif
ret = mp_prime_is_prime(a, 1, &res);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
#ifndef WOLFSSL_SP_MATH
if (res != MP_YES)
return WC_TEST_RET_ENC_EC(res);
#else
if (res != MP_NO)
return WC_TEST_RET_ENC_EC(res);
#endif
ret = mp_prime_is_prime(a, 0, &res);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_prime_is_prime(a, -1, &res);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_prime_is_prime(a, 257, &res);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
mp_set(a, 1);
ret = mp_prime_is_prime(a, 1, &res);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (res != MP_NO)
return WC_TEST_RET_ENC_EC(res);
ret = mp_prime_is_prime_ex(a, 1, &res, rng);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (res != MP_NO)
return WC_TEST_RET_ENC_EC(res);
mp_set(a, 2);
ret = mp_prime_is_prime(a, 1, &res);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (res != MP_YES)
return WC_TEST_RET_ENC_EC(res);
ret = mp_prime_is_prime_ex(a, 1, &res, rng);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (res != MP_YES)
return WC_TEST_RET_ENC_EC(res);
mp_set(a, 0xfb);
ret = mp_prime_is_prime(a, 1, &res);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (res != MP_YES)
return WC_TEST_RET_ENC_EC(res);
ret = mp_prime_is_prime_ex(a, 1, &res, rng);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (res != MP_YES)
return WC_TEST_RET_ENC_EC(res);
mp_set(a, 0x6);
ret = mp_prime_is_prime(a, 1, &res);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (res != MP_NO)
return WC_TEST_RET_ENC_EC(res);
ret = mp_prime_is_prime_ex(a, 1, &res, rng);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (res != MP_NO)
return WC_TEST_RET_ENC_EC(res);
mp_set_int(a, 0x655 * 0x65b);
ret = mp_prime_is_prime(a, 10, &res);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (res != MP_NO)
return WC_TEST_RET_ENC_EC(res);
ret = mp_prime_is_prime_ex(a, 10, &res, rng);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (res != MP_NO)
return WC_TEST_RET_ENC_EC(res);
return 0;
}
#endif
/* mp_gcd has less restrictive protections than mp_lcm.
* Test mp_gcd with and without mp_lcm. */
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
#if !defined(WC_RSA_BLINDING) || defined(HAVE_FIPS) || defined(HAVE_SELFTEST)
#define MP_TEST_HAVE_LCM
#endif
static wc_test_ret_t mp_test_lcm_gcd(mp_int* a, mp_int* b, mp_int* r, mp_int* exp,
WC_RNG* rng)
{
wc_test_ret_t ret;
#ifdef MP_TEST_HAVE_LCM
int i;
WOLFSSL_SMALL_STACK_STATIC const int kat[][3] = {
{ 1, 1, 1 }, { 2, 1, 2 }, { 1, 2, 2 }, { 2, 4, 4 }, { 4, 2, 4 },
{ 12, 56, 168 }, { 56, 12, 168 }
};
#endif
(void)exp;
(void)rng;
#ifdef MP_TEST_HAVE_LCM
mp_set(a, 0);
mp_set(b, 1);
ret = mp_lcm(a, a, r);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_lcm(a, b, r);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_lcm(b, a, r);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
for (i = 0; i < (int)(sizeof(kat) / sizeof(*kat)); i++) {
mp_set(a, kat[i][0]);
mp_set(b, kat[i][1]);
ret = mp_lcm(a, b, r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
mp_set(exp, kat[i][2]);
ret = mp_cmp(r, exp);
if (ret != MP_EQ)
return WC_TEST_RET_ENC_NC;
}
#if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
!defined(WC_NO_RNG)
ret = mp_rand_prime(a, 20, rng, NULL);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_rand_prime(b, 20, rng, NULL);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mul(a, b, exp);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_lcm(a, b, r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_cmp(r, exp);
if (ret != MP_EQ)
return WC_TEST_RET_ENC_NC;
ret = mp_lcm(b, a, r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_cmp(r, exp);
if (ret != MP_EQ)
return WC_TEST_RET_ENC_NC;
#endif
#endif /* MP_TEST_HAVE_LCM */
/* GCD with zero - returns the non-zero operand, zero/zero is invalid. */
mp_set(a, 11);
mp_zero(b);
ret = mp_gcd(a, b, r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_cmp_d(r, 11);
if (ret != MP_EQ)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_gcd(b, a, r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_cmp_d(r, 11);
if (ret != MP_EQ)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_gcd(b, b, r);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
/* Multi-digit GCD exercising the Euclidean reduction loops.
* Uses the identity gcd(2^m - 1, 2^n - 1) = 2^gcd(m,n) - 1.
* gcd(2^192-1, 2^128-1) = 2^64-1: both operands multi-word so the
* smaller is reduced with the multi-word sp_mod() path. */
ret = mp_set(a, 1);
if (ret == MP_OKAY)
ret = mp_mul_2d(a, 192, a);
if (ret == MP_OKAY)
ret = mp_sub_d(a, 1, a);
if (ret == MP_OKAY)
ret = mp_set(b, 1);
if (ret == MP_OKAY)
ret = mp_mul_2d(b, 128, b);
if (ret == MP_OKAY)
ret = mp_sub_d(b, 1, b);
if (ret == MP_OKAY)
ret = mp_set(exp, 1);
if (ret == MP_OKAY)
ret = mp_mul_2d(exp, 64, exp);
if (ret == MP_OKAY)
ret = mp_sub_d(exp, 1, exp);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
/* a > b: exercises the operand swap. */
ret = mp_gcd(a, b, r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (mp_cmp(r, exp) != MP_EQ)
return WC_TEST_RET_ENC_NC;
/* b < a: no swap. */
ret = mp_gcd(b, a, r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (mp_cmp(r, exp) != MP_EQ)
return WC_TEST_RET_ENC_NC;
/* gcd(2^192-1, 2^64-1) = 2^64-1: smaller operand is a single word so
* the sp_mod_d() reduction path is exercised. */
ret = mp_set(b, 1);
if (ret == MP_OKAY)
ret = mp_mul_2d(b, 64, b);
if (ret == MP_OKAY)
ret = mp_sub_d(b, 1, b);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_gcd(a, b, r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (mp_cmp(r, exp) != MP_EQ)
return WC_TEST_RET_ENC_NC;
return 0;
}
#endif
#if (!defined(WOLFSSL_SP_MATH) && !defined(USE_FAST_MATH)) || \
defined(WOLFSSL_SP_MATH_ALL)
static wc_test_ret_t mp_test_mod_2d(mp_int* a, mp_int* r, mp_int* t, WC_RNG* rng)
{
wc_test_ret_t ret;
int i;
int j;
mp_set(a, 10);
ret = mp_mod_2d(a, 0, r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (!mp_iszero(r))
return WC_TEST_RET_ENC_NC;
ret = mp_mod_2d(a, 1, r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (!mp_iszero(r))
return WC_TEST_RET_ENC_NC;
ret = mp_mod_2d(a, 2, r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_cmp_d(r, 2);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
for (i = 2; i < 20; i++) {
ret = randNum(a, i, rng, NULL);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
for (j = 1; j <= mp_count_bits(a); j++) {
/* Get top part */
ret = mp_div_2d(a, j, t, NULL);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mul_2d(t, j, t);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* Get bottom part */
ret = mp_mod_2d(a, j, r);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* Reassemble */
ret = mp_add(t, r, r);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_cmp(a, r);
if (ret != MP_EQ)
return WC_TEST_RET_ENC_NC;
}
}
#if !defined(WOLFSSL_SP_MATH) && defined(WOLFSSL_SP_INT_NEGATIVE)
/* Test negative value being moded. */
for (j = 0; j < 20; j++) {
ret = randNum(a, 2, rng, NULL);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
a->sign = MP_NEG;
for (i = 1; i < DIGIT_BIT * 3 + 1; i++) {
ret = mp_mod_2d(a, i, r);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
mp_zero(t);
ret = mp_set_bit(t, i);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mod(a, t, t);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_cmp(r, t);
if (ret != MP_EQ)
return WC_TEST_RET_ENC_NC;
}
}
#endif
return 0;
}
#endif
#if defined(WOLFSSL_SP_MATH_ALL) || defined(OPENSSL_EXTRA) || \
(defined(HAVE_ECC) && defined(HAVE_COMP_KEY))
static wc_test_ret_t mp_test_mod_d(mp_int* a, WC_RNG* rng)
{
wc_test_ret_t ret;
mp_digit r;
#if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)
mp_digit rem;
int i;
#endif
(void)rng;
ret = mp_set(a, 1);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mod_d(a, 0, &r);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
mp_zero(a);
ret = mp_mod_d(a, 1, &r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mod_d(a, 3, &r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mod_d(a, 5, &r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
#if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)
for (i = MP_MAX_TEST_BYTE_LEN - 16; i <= MP_MAX_TEST_BYTE_LEN; i++) {
ret = randNum(a, i, rng, NULL);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mod_d(a, 3, &r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_div_d(a, 3, a, &rem);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (r != rem)
return WC_TEST_RET_ENC_NC;
}
/* Power-of-2 divisor uses the bitmask fast path. */
ret = mp_set(a, 0x1234);
if (ret == MP_OKAY)
ret = mp_mod_d(a, 8, &r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (r != (0x1234 & 7))
return WC_TEST_RET_ENC_NC;
/* Divisor of 10 has a dedicated multi-word fast path. */
ret = randNum(a, MP_MAX_TEST_BYTE_LEN, rng, NULL);
if (ret == MP_OKAY)
ret = mp_mod_d(a, 10, &r);
if (ret == MP_OKAY)
ret = mp_div_d(a, 10, a, &rem);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (r != rem)
return WC_TEST_RET_ENC_NC;
#ifdef WOLFSSL_SP_INT_NEGATIVE
/* Test a negative value. */
ret = mp_set(a, 17);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
mp_setneg(a);
ret = mp_mod_d(a, 5, &r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (r != 3)
return WC_TEST_RET_ENC_NC;
#endif
#endif
return 0;
}
#endif
static wc_test_ret_t mp_test_mul_sqr(mp_int* a, mp_int* b, mp_int* r1,
mp_int* r2, WC_RNG* rng)
{
wc_test_ret_t ret;
int i;
for (i = 1; i < 16; i++) {
ret = randNum(a, i, rng, NULL);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mul(a, a, r1);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_sqr(a, r2);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_cmp(r1, r2);
if (ret != MP_EQ)
return WC_TEST_RET_ENC_NC;
}
ret = mp_set(b, 0);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mul(a, b, r1);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (!mp_iszero(r1))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_sqr(b, r1);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (!mp_iszero(r1))
return WC_TEST_RET_ENC_NC;
#ifdef WOLFSSL_SP_MATH_ALL
ret = mp_set(a, 1);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
i = (SP_INT_DIGITS / 2) + 1;
ret = mp_mul_2d(a, i * SP_WORD_SIZE - 1, a);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_set(b, 1);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mul_2d(b, (SP_INT_DIGITS - 1 - i) * SP_WORD_SIZE - 1, b);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mul(a, b, r1);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mul(a, a, r1);
if (ret == MP_OKAY)
return WC_TEST_RET_ENC_NC;
ret = mp_sqr(a, r1);
if (ret == MP_OKAY)
return WC_TEST_RET_ENC_NC;
ret = mp_sqr(b, r1);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
#if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
(defined(HAVE_ECC) && defined(FP_ECC))
ret = mp_mulmod(a, b, b, r1);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mulmod(a, a, b, r1);
if (ret == MP_OKAY)
return WC_TEST_RET_ENC_NC;
#if defined(HAVE_ECC) && (defined(ECC_SHAMIR) || defined(FP_ECC))
ret = mp_sqrmod(a, b, r1);
if (ret == MP_OKAY)
return WC_TEST_RET_ENC_NC;
ret = mp_sqrmod(b, a, r1);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
#endif /* HAVE_ECC && (ECC_SHAMIR || FP_ECC) */
#endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH || (HAVE_ECC && FP_ECC) */
/* Check that the maximum value squared works. */
ret = mp_2expt(a, SP_INT_DIGITS / 2 * SP_WORD_SIZE);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_set(b, 1);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_sub(a, b, a);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mul(a, a, r1);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_sqr(a, r2);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (mp_cmp(r1, r2) != MP_EQ)
return WC_TEST_RET_ENC_NC;
#endif /* WOLFSSL_SP_MATH_ALL */
return 0;
}
#if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)
/* Functional tests for the constant-time modular arithmetic used by ECC:
* mp_addmod_ct, mp_submod_ct and mp_div_2_mod_ct. These are not reached by
* the parameter-validation tests so their computation paths are exercised
* here against their variable-time equivalents. */
static wc_test_ret_t mp_test_addsubmod_ct(mp_int* a, mp_int* b, mp_int* m,
mp_int* r, mp_int* t, WC_RNG* rng)
{
wc_test_ret_t res = 0;
int ret;
int i;
for (i = 0; (i < 16) && (res == 0); i++) {
/* Odd, multi-word modulus (2 must be invertible for div_2_mod_ct). */
ret = randNum(m, 24, rng, NULL);
if (ret == MP_OKAY)
ret = mp_set_bit(m, 0); /* force modulus odd */
/* Operands reduced to the range [0, m). */
if (ret == MP_OKAY)
ret = randNum(a, 24, rng, NULL);
if (ret == MP_OKAY)
ret = mp_mod(a, m, a);
if (ret == MP_OKAY)
ret = randNum(b, 24, rng, NULL);
if (ret == MP_OKAY)
ret = mp_mod(b, m, b);
if (ret != MP_OKAY) {
res = WC_TEST_RET_ENC_EC(ret);
break;
}
/* addmod_ct must match the variable-time addmod. */
ret = mp_addmod_ct(a, b, m, r);
if (ret == MP_OKAY)
ret = mp_addmod(a, b, m, t);
if (ret != MP_OKAY) {
res = WC_TEST_RET_ENC_EC(ret);
break;
}
if (mp_cmp(r, t) != MP_EQ) {
res = WC_TEST_RET_ENC_NC;
break;
}
/* submod_ct: (a - b) mod m, verified by adding b back gives a. */
ret = mp_submod_ct(a, b, m, r);
if (ret == MP_OKAY)
ret = mp_addmod_ct(r, b, m, t);
if (ret != MP_OKAY) {
res = WC_TEST_RET_ENC_EC(ret);
break;
}
if (mp_cmp(t, a) != MP_EQ) {
res = WC_TEST_RET_ENC_NC;
break;
}
/* div_2_mod_ct: r = a/2 mod m, verified by doubling: 2*r mod m == a. */
ret = mp_div_2_mod_ct(a, m, r);
if (ret == MP_OKAY)
ret = mp_addmod_ct(r, r, m, t);
if (ret != MP_OKAY) {
res = WC_TEST_RET_ENC_EC(ret);
break;
}
if (mp_cmp(t, a) != MP_EQ) {
res = WC_TEST_RET_ENC_NC;
break;
}
}
return res;
}
#endif /* WOLFSSL_SP_MATH_ALL && HAVE_ECC */
#if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
/* Exercises mp_cmp_mag - magnitude comparison (sign-independent) including
* NULL operands. */
static wc_test_ret_t mp_test_cmp_mag(mp_int* a, mp_int* b)
{
int ret;
ret = mp_set(a, 7);
if (ret == MP_OKAY)
ret = mp_set(b, 5);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
/* NULL operands: both NULL are equal, a non-NULL has greater magnitude. */
if (mp_cmp_mag(NULL, NULL) != MP_EQ)
return WC_TEST_RET_ENC_NC;
if (mp_cmp_mag(a, NULL) != MP_GT)
return WC_TEST_RET_ENC_NC;
if (mp_cmp_mag(NULL, a) != MP_LT)
return WC_TEST_RET_ENC_NC;
/* Same value and differing magnitudes. */
if (mp_cmp_mag(a, a) != MP_EQ)
return WC_TEST_RET_ENC_NC;
if (mp_cmp_mag(a, b) != MP_GT)
return WC_TEST_RET_ENC_NC;
if (mp_cmp_mag(b, a) != MP_LT)
return WC_TEST_RET_ENC_NC;
#ifdef WOLFSSL_SP_INT_NEGATIVE
/* Magnitude comparison ignores sign: |-7| > |5|. */
a->sign = MP_NEG;
if (mp_cmp_mag(a, b) != MP_GT)
return WC_TEST_RET_ENC_NC;
if (mp_cmp_mag(b, a) != MP_LT)
return WC_TEST_RET_ENC_NC;
#endif
return 0;
}
#endif /* WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_PUBLIC_ONLY */
#if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
!defined(WOLFSSL_RSA_PUBLIC_ONLY)
/* Exercises the result-aliases-modulus paths of mp_mulmod (_sp_mulmod_tmp) and
* mp_sqrmod (_sp_sqrmod), including their zero-operand short-circuits. */
static wc_test_ret_t mp_test_mulmod_sqrmod(mp_int* a, mp_int* b, mp_int* m,
mp_int* r)
{
int ret;
/* mp_mulmod with the result aliasing the modulus uses the temporary
* buffer path (_sp_mulmod_tmp). */
ret = mp_set(a, 0x3);
if (ret == MP_OKAY)
ret = mp_set(b, 0x5);
if (ret == MP_OKAY)
ret = mp_set(m, 0x65); /* modulus 101 */
if (ret == MP_OKAY)
ret = mp_mulmod(a, b, m, r); /* reference */
if (ret == MP_OKAY)
ret = mp_mulmod(a, b, m, m); /* result aliases modulus */
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (mp_cmp(m, r) != MP_EQ)
return WC_TEST_RET_ENC_NC;
/* Zero operand short-circuit in _sp_mulmod_tmp. */
ret = mp_set(m, 0x65);
if (ret == MP_OKAY)
ret = mp_set(b, 0);
if (ret == MP_OKAY)
ret = mp_mulmod(a, b, m, m);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (!mp_iszero(m))
return WC_TEST_RET_ENC_NC;
/* mp_sqrmod with the result aliasing the modulus uses _sp_sqrmod. */
ret = mp_set(a, 0x7);
if (ret == MP_OKAY)
ret = mp_set(m, 0x65);
if (ret == MP_OKAY)
ret = mp_sqrmod(a, m, r); /* reference */
if (ret == MP_OKAY)
ret = mp_set(m, 0x65);
if (ret == MP_OKAY)
ret = mp_sqrmod(a, m, m); /* result aliases modulus */
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (mp_cmp(m, r) != MP_EQ)
return WC_TEST_RET_ENC_NC;
/* Zero operand short-circuit in _sp_sqrmod. */
ret = mp_set(m, 0x65);
if (ret == MP_OKAY)
ret = mp_set(a, 0);
if (ret == MP_OKAY)
ret = mp_sqrmod(a, m, m);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (!mp_iszero(m))
return WC_TEST_RET_ENC_NC;
return 0;
}
/* Testing mp_exch. */
static wc_test_ret_t mp_test_exch(mp_int* a, mp_int* b, mp_int* r1,
mp_int* r2)
{
int ret;
/* mp_exch swaps the two values. */
ret = mp_set(a, 1);
if (ret == MP_OKAY)
ret = mp_mul_2d(a, 200, a); /* multi-word value */
if (ret == MP_OKAY)
ret = mp_add_d(a, 0x55, a);
if (ret == MP_OKAY)
ret = mp_set(b, 0x1234); /* single-word value */
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_copy(a, r1);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_copy(b, r2);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exch(a, b);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if ((mp_cmp(a, r2) != MP_EQ) || (mp_cmp(b, r1) != MP_EQ))
return WC_TEST_RET_ENC_NC;
return 0;
}
/* Testing mp_to_unsigned_bin_len_ct against the variable-time export. */
static wc_test_ret_t mp_test_to_unsigned_bin_len_ct(mp_int* a)
{
int ret;
byte buf[40];
byte buf2[40];
/* mp_to_unsigned_bin_len_ct must match the variable-time export. */
ret = mp_set(a, 1);
if (ret == MP_OKAY)
ret = mp_mul_2d(a, 100, a);
if (ret == MP_OKAY)
ret = mp_add_d(a, 0xAB, a); /* multi-word value */
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
XMEMSET(buf, 0xff, sizeof(buf));
XMEMSET(buf2, 0xff, sizeof(buf2));
ret = mp_to_unsigned_bin_len_ct(a, buf, (int)sizeof(buf));
if (ret == MP_OKAY)
ret = mp_to_unsigned_bin_len(a, buf2, (int)sizeof(buf2));
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (XMEMCMP(buf, buf2, sizeof(buf)) != 0)
return WC_TEST_RET_ENC_NC;
return 0;
}
#endif /* WOLFSSL_SP_MATH_ALL && !RSA_VERIFY_ONLY && !RSA_PUBLIC_ONLY */
#if (!defined(NO_RSA) && \
!defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \
defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA)
static wc_test_ret_t mp_test_invmod(mp_int* a, mp_int* m, mp_int* r)
{
wc_test_ret_t ret;
mp_set(a, 0);
mp_set(m, 1);
ret = mp_invmod(a, m, r);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_invmod(m, a, r);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
mp_set(a, 2);
mp_set(m, 4);
ret = mp_invmod(a, m, r);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
mp_set(a, 3);
mp_set(m, 6);
ret = mp_invmod(a, m, r);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
mp_set(a, 5*9);
mp_set(m, 6*9);
ret = mp_invmod(a, m, r);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
mp_set(a, 1);
mp_set(m, 4);
ret = mp_invmod(a, m, r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (!mp_isone(r))
return WC_TEST_RET_ENC_NC;
mp_set(a, 3);
mp_set(m, 4);
ret = mp_invmod(a, m, r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_cmp_d(r, 3);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
mp_set(a, 3);
mp_set(m, 5);
ret = mp_invmod(a, m, r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
/* Maximum 'a' */
mp_set(a, 0);
mp_set_bit(a, (r->size / 2)* SP_WORD_SIZE - 1);
mp_sub_d(a, 1, a);
/* Modulus too big. */
mp_set(m, 0);
mp_set_bit(m, (r->size / 2) * SP_WORD_SIZE);
ret = mp_invmod(a, m, r);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
/* Maximum modulus - even. */
mp_set(m, 0);
mp_set_bit(m, (r->size / 2) * SP_WORD_SIZE - 1);
ret = mp_invmod(a, m, r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
#endif
#if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_INT_NEGATIVE)
#if defined(OPENSSL_EXTRA) || !defined(NO_DSA) || defined(HAVE_ECC)
mp_read_radix(a, "-3", 16);
ret = mp_invmod(a, m, r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
#endif
#endif
#if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)
mp_set(a, 0);
mp_set(m, 3);
ret = mp_invmod_mont_ct(a, m, r, 1);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
mp_set(a, 1);
mp_set(m, 0);
ret = mp_invmod_mont_ct(a, m, r, 1);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
mp_set(a, 1);
mp_set(m, 1);
ret = mp_invmod_mont_ct(a, m, r, 1);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
mp_set(a, 1);
mp_set(m, 2);
ret = mp_invmod_mont_ct(a, m, r, 1);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
mp_set(a, 1);
mp_set(m, 3);
ret = mp_invmod_mont_ct(a, m, r, 1);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
#endif
return 0;
}
#endif /* !NO_RSA || HAVE_ECC || !NO_DSA || OPENSSL_EXTRA */
#if !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH) || \
(defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || defined(OPENSSL_EXTRA)
static wc_test_ret_t mp_test_exptmod(mp_int* b, mp_int* e, mp_int* m, mp_int* r,
mp_int* t)
{
wc_test_ret_t ret;
#ifdef WOLFSSL_SP_MATH_ALL
int k;
#endif
(void)t;
mp_set(b, 0x2);
mp_set(e, 0x3);
mp_set(m, 0x0);
ret = mp_exptmod_ex(b, e, 1, m, r);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_nct(b, e, m, r);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
mp_set(b, 0x2);
mp_set(e, 0x3);
mp_set(m, 0x1);
ret = mp_exptmod_ex(b, e, 1, m, r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (!mp_iszero(r))
return WC_TEST_RET_ENC_NC;
ret = mp_exptmod_nct(b, e, m, r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (!mp_iszero(r))
return WC_TEST_RET_ENC_NC;
mp_set(b, 0x2);
mp_set(e, 0x0);
mp_set(m, 0x7);
ret = mp_exptmod_ex(b, e, 1, m, r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (!mp_isone(r))
return WC_TEST_RET_ENC_NC;
ret = mp_exptmod_nct(b, e, m, r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (!mp_isone(r))
return WC_TEST_RET_ENC_NC;
mp_set(b, 0x0);
mp_set(e, 0x3);
mp_set(m, 0x7);
ret = mp_exptmod_ex(b, e, 1, m, r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (!mp_iszero(r))
return WC_TEST_RET_ENC_NC;
ret = mp_exptmod_nct(b, e, m, r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (!mp_iszero(r))
return WC_TEST_RET_ENC_NC;
mp_set(b, 0x10);
mp_set(e, 0x3);
mp_set(m, 0x7);
ret = mp_exptmod_ex(b, e, 1, m, r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_nct(b, e, m, r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
mp_set(b, 0x7);
mp_set(e, 0x3);
mp_set(m, 0x7);
ret = mp_exptmod_ex(b, e, 1, m, r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (!mp_iszero(r))
return WC_TEST_RET_ENC_NC;
ret = mp_exptmod_nct(b, e, m, r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (!mp_iszero(r))
return WC_TEST_RET_ENC_NC;
#ifndef WOLFSSL_SP_MATH
mp_set(b, 0x01);
mp_mul_2d(b, DIGIT_BIT, b);
mp_add_d(b, 1, b);
mp_set(e, 0x3);
ret = mp_copy(b, m);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_ex(b, e, 1, m, r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (!mp_iszero(r))
return WC_TEST_RET_ENC_NC;
ret = mp_exptmod_nct(b, e, m, r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (!mp_iszero(r))
return WC_TEST_RET_ENC_NC;
#endif
mp_set(b, 0x2);
mp_set(e, 0x3);
mp_set(m, 0x7);
ret = mp_exptmod_ex(b, e, 1, m, r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_nct(b, e, m, r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
#ifdef WOLFSSL_SP_MATH_ALL
mp_set(b, 0x2);
mp_set(e, 0x3);
mp_set(m, 0x01);
mp_mul_2d(m, SP_WORD_SIZE * SP_INT_DIGITS / 2, m);
mp_add_d(m, 0x01, m);
ret = mp_exptmod_ex(b, e, 1, m, r);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
ret = mp_exptmod_nct(b, e, m, r);
if (ret != WC_NO_ERR_TRACE(MP_VAL))
return WC_TEST_RET_ENC_EC(ret);
#endif
#ifdef WOLFSSL_SP_MATH_ALL
/* Larger, multi-word moduli to exercise the Montgomery, base-2 and
* windowed exponentiation paths that small single-word moduli do not
* reach. */
/* m = 2^521 - 1 (a Mersenne prime, multi-word and not an RSA/DH
* accelerated size); e = m - 1. By Fermat's little theorem,
* b^(m-1) mod m == 1 when gcd(b, m) == 1. */
if ((ret = mp_set(m, 1)) != MP_OKAY ||
(ret = mp_mul_2d(m, 521, m)) != MP_OKAY ||
(ret = mp_sub_d(m, 1, m)) != MP_OKAY ||
(ret = mp_sub_d(m, 1, e)) != MP_OKAY) {
return WC_TEST_RET_ENC_EC(ret);
}
/* Odd, multi-word modulus, base != 2:
* mp_exptmod_ex -> constant-time Montgomery exponentiation
* mp_exptmod_nct -> windowed exponentiation (large exponent). */
if ((ret = mp_set(b, 3)) != MP_OKAY ||
(ret = mp_exptmod_ex(b, e, (int)e->used, m, r)) != MP_OKAY) {
return WC_TEST_RET_ENC_EC(ret);
}
if (!mp_isone(r)) {
return WC_TEST_RET_ENC_NC;
}
if ((ret = mp_exptmod_nct(b, e, m, r)) != MP_OKAY) {
return WC_TEST_RET_ENC_EC(ret);
}
if (!mp_isone(r)) {
return WC_TEST_RET_ENC_NC;
}
/* Base 2 selects the dedicated base-2 exponentiation. */
if ((ret = mp_set(b, 2)) != MP_OKAY ||
(ret = mp_exptmod_ex(b, e, (int)e->used, m, r)) != MP_OKAY) {
return WC_TEST_RET_ENC_EC(ret);
}
if (!mp_isone(r)) {
return WC_TEST_RET_ENC_NC;
}
/* Smaller exponents reach the narrower window sizes of the windowed
* non-constant-time exponentiation (a 31-bit exponent uses a 3-bit
* window, a 101-bit exponent a 4-bit window). Cross-check the
* windowed result against the constant-time Montgomery result. */
for (k = 0; k < 2; k++) {
int ebits = (k == 0) ? 30 : 100;
if ((ret = mp_set(e, 1)) != MP_OKAY ||
(ret = mp_mul_2d(e, ebits, e)) != MP_OKAY ||
(ret = mp_add_d(e, 0x9, e)) != MP_OKAY || /* odd exponent */
(ret = mp_set(b, 3)) != MP_OKAY ||
(ret = mp_exptmod_ex(b, e, (int)e->used, m, r)) != MP_OKAY ||
(ret = mp_exptmod_nct(b, e, m, t)) != MP_OKAY) {
return WC_TEST_RET_ENC_EC(ret);
}
if (mp_cmp(r, t) != MP_EQ) {
return WC_TEST_RET_ENC_NC;
}
}
/* Restore exponent to m - 1 for the remaining odd-modulus case. */
if ((ret = mp_sub_d(m, 1, e)) != MP_OKAY) {
return WC_TEST_RET_ENC_EC(ret);
}
/* Base == modulus: base reduces to zero so the result is zero. */
if ((ret = mp_copy(m, b)) != MP_OKAY ||
(ret = mp_set(e, 5)) != MP_OKAY ||
(ret = mp_exptmod_ex(b, e, (int)e->used, m, r)) != MP_OKAY) {
return WC_TEST_RET_ENC_EC(ret);
}
if (!mp_iszero(r)) {
return WC_TEST_RET_ENC_NC;
}
/* Even, multi-word modulus uses the generic exponentiation path for
* both mp_exptmod_ex and mp_exptmod_nct. Verify b^6 mod m against
* repeated modular multiplication. */
if ((ret = mp_set(m, 1)) != MP_OKAY ||
(ret = mp_mul_2d(m, 521, m)) != MP_OKAY || /* m = 2^521 (even) */
(ret = mp_set(b, 7)) != MP_OKAY ||
(ret = mp_set(e, 6)) != MP_OKAY ||
(ret = mp_set(t, 1)) != MP_OKAY) {
return WC_TEST_RET_ENC_EC(ret);
}
for (k = 0; k < 6; k++) {
if ((ret = mp_mulmod(t, b, m, t)) != MP_OKAY) {
return WC_TEST_RET_ENC_EC(ret);
}
}
if ((ret = mp_exptmod_ex(b, e, (int)e->used, m, r)) != MP_OKAY) {
return WC_TEST_RET_ENC_EC(ret);
}
if (mp_cmp(r, t) != MP_EQ) {
return WC_TEST_RET_ENC_NC;
}
if ((ret = mp_exptmod_nct(b, e, m, r)) != MP_OKAY) {
return WC_TEST_RET_ENC_EC(ret);
}
if (mp_cmp(r, t) != MP_EQ) {
return WC_TEST_RET_ENC_NC;
}
#endif /* WOLFSSL_SP_MATH_ALL */
return 0;
}
#endif /* !NO_RSA || !NO_DSA || !NO_DH || (HAVE_ECC && HAVE_COMP_KEY) ||
* OPENSSL_EXTRA */
#if defined(HAVE_ECC) || \
(!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
static wc_test_ret_t mp_test_mont(mp_int* a, mp_int* m, mp_int* n, mp_int* r, WC_RNG* rng)
{
wc_test_ret_t ret;
mp_digit mp;
static int exp[] = { 7, 8, 16, 27, 32, 64,
127, 128, 255, 256,
#if defined(SP_WORD_SIZE) && SP_WORD_SIZE > 8
383, 384, 2033, 2048
#endif
};
static mp_digit sub[] = { 0x01, 0x05, 0x0f, 0x27, 0x05, 0x3b,
0x01, 0x9f, 0x13, 0xbd,
#if defined(SP_WORD_SIZE) && SP_WORD_SIZE > 8
0x1f, 0x13d, 0x45, 0x615
#endif
};
int bits[] = { 256, 384,
#if defined(SP_INT_MAX_BITS) && SP_INT_MAX_BITS > 4096
2048,
#endif
#if defined(SP_INT_MAX_BITS) && SP_INT_MAX_BITS > 6144
3072
#endif
};
int i;
int j;
for (i = 0; i < (int)(sizeof(exp) / sizeof(*exp)); i++) {
if (exp[i] >= DIGIT_BIT)
continue;
mp_zero(m);
ret = mp_set_bit(m, exp[i]);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_sub_d(m, sub[i], m);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_montgomery_setup(m, &mp);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_montgomery_calc_normalization(n, m);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
for (j = 0; j < 10; j++) {
ret = randNum(a, (exp[i] + DIGIT_BIT - 1) / DIGIT_BIT, rng, NULL);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_mod(a, m, a);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* r = a * a */
ret = mp_sqrmod(a, m, r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
/* Convert to Montgomery form = a*n */
ret = mp_mulmod(a, n, m, a);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
/* a*a mod m == ((a*n) * (a*n)) / n / n */
ret = mp_sqr(a, a);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_montgomery_reduce(a, m, mp);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_montgomery_reduce(a, m, mp);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (mp_cmp(a, r) != MP_EQ)
return WC_TEST_RET_ENC_NC;
}
}
/* Force carries. */
for (i = 0; i < (int)(sizeof(bits) / sizeof(*bits)); i++) {
/* a = 2^(bits*2) - 1 */
mp_zero(a);
mp_set_bit(a, bits[i] * 2);
ret = mp_sub_d(a, 1, a);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
/* m = 2^(bits) - 1 */
mp_zero(m);
mp_set_bit(m, bits[i]);
ret = mp_sub_d(m, 1, m);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
mp = 1;
/* result = r = 2^(bits) - 1 */
mp_zero(r);
mp_set_bit(r, bits[i]);
ret = mp_sub_d(r, 1, r);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
ret = mp_montgomery_reduce(a, m, mp);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
/* Result is m or 0 if reduced to range of modulus. */
if (mp_cmp(a, r) != MP_EQ && mp_iszero(a) != MP_YES)
return WC_TEST_RET_ENC_NC;
}
#ifdef WOLFSSL_SP_INVMOD_MONT_CT
/* Constant-time modular inverse in Montgomery form over a multi-word
* prime exercises the table-based exponentiation in _sp_invmod_mont_ct
* that single-word moduli do not reach. */
/* m = 2^521 - 1 (a Mersenne prime, multi-word). */
ret = mp_2expt(m, 521);
if (ret == MP_OKAY)
ret = mp_sub_d(m, 1, m);
if (ret == MP_OKAY)
ret = mp_montgomery_setup(m, &mp);
if (ret == MP_OKAY)
ret = mp_montgomery_calc_normalization(n, m);
/* a = 5: non-zero and coprime to the prime modulus. */
if (ret == MP_OKAY)
ret = mp_set(a, 5);
/* n = a in Montgomery form (a * R mod m). */
if (ret == MP_OKAY)
ret = mp_mulmod(a, n, m, n);
/* r = a^-1 in Montgomery form. */
if (ret == MP_OKAY)
ret = mp_invmod_mont_ct(n, m, r, mp);
/* Take r out of Montgomery form: r = a^-1 mod m. */
if (ret == MP_OKAY)
ret = mp_montgomery_reduce(r, m, mp);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
/* Verify a * a^-1 mod m == 1. */
ret = mp_mulmod(a, r, m, n);
if (ret != MP_OKAY)
return WC_TEST_RET_ENC_EC(ret);
if (!mp_isone(n))
return WC_TEST_RET_ENC_NC;
#endif /* WOLFSSL_SP_INVMOD_MONT_CT */
return 0;
}
#endif
/* mp_cond_swap_ct resolves to sp_cond_swap_ct in SP-math builds, which is only
* compiled when HAVE_ECC && ECC_TIMING_RESISTANT && !WC_NO_CACHE_RESISTANT.
* Gate the test to match. */
#if !defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL)
#define MP_TEST_COND_SWAP_AVAILABLE
#elif defined(HAVE_ECC) && defined(ECC_TIMING_RESISTANT) && \
!defined(WC_NO_CACHE_RESISTANT)
#define MP_TEST_COND_SWAP_AVAILABLE
#endif
#ifdef MP_TEST_COND_SWAP_AVAILABLE
static wc_test_ret_t mp_test_cond_swap(mp_int* a, mp_int* b)
{
int ret;
int c;
mp_zero(a);
mp_zero(b);
ret = mp_set_int(a, 0x12345678);
if (ret != 0) return WC_TEST_RET_ENC_EC(ret);
ret = mp_set_int(b, 0x9abcdef0);
if (ret != 0) return WC_TEST_RET_ENC_EC(ret);
c = (a->used > b->used) ? a->used : b->used;
/* m == 0: no swap. */
ret = mp_cond_swap_ct(a, b, c, 0);
if (ret != 0) return WC_TEST_RET_ENC_EC(ret);
if (a->dp[0] != 0x12345678 || b->dp[0] != 0x9abcdef0)
return WC_TEST_RET_ENC_NC;
/* m == 1: swap. */
ret = mp_cond_swap_ct(a, b, c, 1);
if (ret != 0) return WC_TEST_RET_ENC_EC(ret);
if (a->dp[0] != 0x9abcdef0 || b->dp[0] != 0x12345678)
return WC_TEST_RET_ENC_NC;
/* m == 1 again: swap back. */
ret = mp_cond_swap_ct(a, b, c, 1);
if (ret != 0) return WC_TEST_RET_ENC_EC(ret);
if (a->dp[0] != 0x12345678 || b->dp[0] != 0x9abcdef0)
return WC_TEST_RET_ENC_NC;
return 0;
}
#endif /* MP_TEST_COND_SWAP_AVAILABLE */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void)
{
WC_RNG rng;
int rng_inited = 0;
wc_test_ret_t ret;
#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN)
int i, j;
#ifndef WOLFSSL_SP_MATH
int k;
#endif
mp_digit d = 0;
#endif
#ifdef WOLFSSL_SMALL_STACK
mp_int *a = (mp_int *)XMALLOC(sizeof(mp_int), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER),
*b = (mp_int *)XMALLOC(sizeof(mp_int), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER),
*r1 = (mp_int *)XMALLOC(sizeof(mp_int), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER),
*r2 = (mp_int *)XMALLOC(sizeof(mp_int), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER),
*p = (mp_int *)XMALLOC(sizeof(mp_int), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if ((a == NULL) ||
(b == NULL) ||
(r1 == NULL) ||
(r2 == NULL) ||
(p == NULL))
{
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
}
#else
mp_int a[1], b[1], r1[1], r2[1], p[1];
#endif
WOLFSSL_ENTER("mp_test");
#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || !defined(NO_DH) || defined(HAVE_ECC)
ret = mp_init_multi(a, b, r1, r2, NULL, NULL);
#else
ret = mp_init(a);
ret |= mp_init(b);
ret |= mp_init(r1);
ret |= mp_init(r2);
#endif
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#ifdef WOLFSSL_SP_MATH_ALL
mp_init_copy(p, a);
#else
ret = mp_init(p);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#endif
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
ret = wc_InitRng(&rng);
#endif
if (ret != 0)
goto done;
rng_inited = 1;
#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN)
mp_set_int(a, 0);
if (a->used != 0 || a->dp[0] != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
for (j = 1; j <= MP_MAX_TEST_BYTE_LEN; j++) {
for (i = 0; i < 4 * j; i++) {
/* New values to use. */
ret = randNum(p, j, &rng, NULL);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = randNum(a, j, &rng, NULL);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = randNum(b, j, &rng, NULL);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = wc_RNG_GenerateBlock(&rng, (byte*)&d, sizeof(d));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
d &= MP_MASK;
#if !defined(WOLFSSL_SP_MATH) || (defined(HAVE_ECC) && \
(defined(ECC_SHAMIR) || defined(FP_ECC)))
/* Ensure sqrmod produce same result as mulmod. */
ret = mp_sqrmod(a, p, r1);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = mp_mulmod(a, a, p, r2);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
if (mp_cmp(r1, r2) != 0) {
WOLFSSL_MSG("Fail: mp_mulmod result does not match mp_sqrmod!");
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
#endif
#if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
#if defined(WOLFSSL_SP_MATH) || (defined(WOLFSSL_SP_MATH_ALL) && \
!defined(WOLFSSL_SP_INT_NEGATIVE))
ret = mp_addmod(a, b, p, r1);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = mp_submod(r1, b, p, r2);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = mp_mod(a, p, r1);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
if (mp_cmp(r1, r2) != MP_EQ)
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
#else
/* Ensure add with mod produce same result as sub with mod. */
ret = mp_addmod(a, b, p, r1);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
b->sign ^= 1;
ret = mp_submod(a, b, p, r2);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
if (mp_cmp(r1, r2) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
#endif
#endif
#if !(defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)) || \
(defined(WOLFSSL_SP_ADD_D) && defined(WOLFSSL_SP_SUB_D) && \
defined(WOLFSSL_SP_INVMOD))
/* Ensure add digit produce same result as sub digit. */
ret = mp_add_d(a, d, r1);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
ret = mp_sub_d(r1, d, r2);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
if (mp_cmp(a, r2) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
/* Invert - if p is even it will use the slow impl.
* - if p and a are even it will fail.
*/
ret = mp_invmod(a, p, r1);
if (ret != 0 && ret != WC_NO_ERR_TRACE(MP_VAL))
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#endif
#ifndef WOLFSSL_SP_MATH
/* Shift up and down number all bits in a digit. */
for (k = 0; k < DIGIT_BIT; k++) {
mp_mul_2d(a, k, r1);
mp_div_2d(r1, k, r2, p);
if (mp_cmp(a, r2) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
if (!mp_iszero(p))
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
mp_rshb(r1, k);
if (mp_cmp(a, r1) != 0)
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
#endif
}
}
#if !(defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)) || \
(defined(WOLFSSL_SP_ADD_D) && defined(WOLFSSL_SP_SUB_D))
/* Test adding and subtracting zero from zero. */
mp_zero(a);
ret = mp_add_d(a, 0, r1);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
if (!mp_iszero(r1)) {
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
ret = mp_sub_d(a, 0, r2);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
if (!mp_iszero(r2)) {
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
#endif
#if DIGIT_BIT >= 32
/* Check that setting a 32-bit digit works. */
d &= 0xffffffffU;
mp_set_int(a, d);
if (a->used != 1 || a->dp[0] != d)
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
#endif
/* Check setting a bit and testing a bit works. */
for (i = 0; i < MP_MAX_TEST_BYTE_LEN * 8; i++) {
mp_zero(a);
mp_set_bit(a, i);
if (!mp_is_bit_set(a, i))
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
#endif
#if defined(HAVE_ECC) && defined(HAVE_COMP_KEY)
mp_zero(a);
i = mp_cnt_lsb(a);
if (i != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), done);
mp_set(a, 1);
i = mp_cnt_lsb(a);
if (i != 0)
ERROR_OUT(WC_TEST_RET_ENC_I(i), done);
mp_set(a, 32);
i = mp_cnt_lsb(a);
if (i != 5)
ERROR_OUT(WC_TEST_RET_ENC_I(i), done);
mp_zero(a);
mp_set_bit(a, 129);
i = mp_cnt_lsb(a);
if (i != 129)
ERROR_OUT(WC_TEST_RET_ENC_I(i), done);
#endif
#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
if ((ret = mp_test_param(a, b, r1, &rng)) != 0)
goto done;
#endif
#if defined(WOLFSSL_SP_MATH_ALL) || !defined(USE_FAST_MATH)
if ((ret = mp_test_div_3(a, r1, &rng)) != 0)
goto done;
#endif
#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \
!defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
(!defined WOLFSSL_SP_MATH && !defined(WOLFSSL_SP_MATH_ALL) && \
(defined(OPENSSL_EXTRA) || !defined(NO_DSA) || defined(HAVE_ECC)))
if ((ret = mp_test_radix_10(a, r1, &rng)) != 0)
goto done;
#endif
#if defined(WOLFSSL_SP_MATH_ALL) || (!defined WOLFSSL_SP_MATH && \
defined(HAVE_ECC))
if ((ret = mp_test_radix_16(a, r1, &rng)) != 0)
goto done;
#endif
if ((ret = mp_test_shift(a, r1, &rng)) != 0)
goto done;
#if !(defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)) || \
(defined(WOLFSSL_SP_ADD_D) && defined(WOLFSSL_SP_SUB_D))
if ((ret = mp_test_add_sub_d(a, b, r1)) != 0)
goto done;
#endif
if ((ret = mp_test_read_to_bin(a)) != 0)
goto done;
#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
if ((ret = mp_test_set_int(a)) != 0)
goto done;
#endif
if ((ret = mp_test_cmp(a, r1)) != 0)
goto done;
#if !defined(NO_DH) || defined(HAVE_ECC) || (!defined(NO_RSA) && \
!defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY))
if ((ret = mp_test_shbd(a, b, &rng)) != 0)
goto done;
#endif
#if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
if ((ret = mp_test_set_is_bit(a)) != 0)
goto done;
#endif
#if !defined(NO_DH) || defined(HAVE_ECC) || \
(!defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY))
if ((ret = mp_test_div(a, b, r1, r2, &rng)) != 0)
goto done;
#endif
#if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
!defined(WC_NO_RNG)
if ((ret = mp_test_prime(a, &rng)) != 0)
goto done;
#endif
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
if ((ret = mp_test_lcm_gcd(a, b, r1, r2, &rng)) != 0)
goto done;
#endif
#if (!defined(WOLFSSL_SP_MATH) && !defined(USE_FAST_MATH)) || \
defined(WOLFSSL_SP_MATH_ALL)
if ((ret = mp_test_mod_2d(a, r1, p, &rng)) != 0)
goto done;
#endif
#if defined(WOLFSSL_SP_MATH_ALL) || defined(OPENSSL_EXTRA) || \
(defined(HAVE_ECC) && defined(HAVE_COMP_KEY))
if ((ret = mp_test_mod_d(a, &rng)) != 0)
goto done;
#endif
if ((ret = mp_test_mul_sqr(a, b, r1, r2, &rng)) != 0)
goto done;
#if (!defined(NO_RSA) && \
!defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \
defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA)
if ((ret = mp_test_invmod(a, b, r1)) != 0)
goto done;
#endif
#if !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH) || \
(defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || defined(OPENSSL_EXTRA)
if ((ret = mp_test_exptmod(a, b, r1, r2, p)) != 0)
goto done;
#endif
#if defined(HAVE_ECC) || \
(!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
if ((ret = mp_test_mont(a, b, r1, r2, &rng)) != 0)
goto done;
#endif
#if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)
if ((ret = mp_test_addsubmod_ct(a, b, r1, r2, p, &rng)) != 0)
goto done;
#endif
#if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
if ((ret = mp_test_cmp_mag(a, b)) != 0)
goto done;
#endif
#if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
!defined(WOLFSSL_RSA_PUBLIC_ONLY)
if ((ret = mp_test_mulmod_sqrmod(a, b, p, r1)) != 0)
goto done;
if ((ret = mp_test_exch(a, b, r1, r2)) != 0)
goto done;
if ((ret = mp_test_to_unsigned_bin_len_ct(a)) != 0)
goto done;
#endif
#ifdef MP_TEST_COND_SWAP_AVAILABLE
if ((ret = mp_test_cond_swap(a, b)) != 0)
goto done;
#endif
done:
#ifdef WOLFSSL_SMALL_STACK
if (p) {
mp_clear(p);
XFREE(p, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
if (r2) {
mp_clear(r2);
XFREE(r2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
if (r1) {
mp_clear(r1);
XFREE(r1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
if (b) {
mp_clear(b);
XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
if (a) {
mp_clear(a);
XFREE(a, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#else
mp_clear(p);
mp_clear(r2);
mp_clear(r1);
mp_clear(b);
mp_clear(a);
#endif
if (rng_inited)
wc_FreeRng(&rng);
return ret;
}
#endif /* WOLFSSL_PUBLIC_MP && ((WOLFSSL_SP_MATH_ALL &&
* !WOLFSSL_RSA_VERIFY_ONLY) || USE_FAST_MATH) */
#if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN)
typedef struct pairs_t {
const unsigned char* coeff;
int coeffSz;
int exp;
} pairs_t;
#if (!defined(NO_DH) || !defined(NO_DSA)) && !defined(WC_NO_RNG)
/*
n =p1p2p3, where pi = ki(p1-1)+1 with (k2,k3) = (173,293)
p1 = 2^192 * 0x000000000000e24fd4f6d6363200bf2323ec46285cac1d3a
+ 2^0 * 0x0b2488b0c29d96c5e67f8bec15b54b189ae5636efe89b45b
*/
static const unsigned char c192a[] =
{
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe2, 0x4f,
0xd4, 0xf6, 0xd6, 0x36, 0x32, 0x00, 0xbf, 0x23,
0x23, 0xec, 0x46, 0x28, 0x5c, 0xac, 0x1d, 0x3a
};
static const unsigned char c0a[] =
{
0x0b, 0x24, 0x88, 0xb0, 0xc2, 0x9d, 0x96, 0xc5,
0xe6, 0x7f, 0x8b, 0xec, 0x15, 0xb5, 0x4b, 0x18,
0x9a, 0xe5, 0x63, 0x6e, 0xfe, 0x89, 0xb4, 0x5b
};
static const pairs_t ecPairsA[] =
{
{c192a, sizeof(c192a), 192},
{c0a, sizeof(c0a), 0}
};
static const int kA[] = {173, 293};
static const unsigned char controlPrime[] = {
0xe1, 0x76, 0x45, 0x80, 0x59, 0xb6, 0xd3, 0x49,
0xdf, 0x0a, 0xef, 0x12, 0xd6, 0x0f, 0xf0, 0xb7,
0xcb, 0x2a, 0x37, 0xbf, 0xa7, 0xf8, 0xb5, 0x4d,
0xf5, 0x31, 0x35, 0xad, 0xe4, 0xa3, 0x94, 0xa1,
0xdb, 0xf1, 0x96, 0xad, 0xb5, 0x05, 0x64, 0x85,
0x83, 0xfc, 0x1b, 0x5b, 0x29, 0xaa, 0xbe, 0xf8,
0x26, 0x3f, 0x76, 0x7e, 0xad, 0x1c, 0xf0, 0xcb,
0xd7, 0x26, 0xb4, 0x1b, 0x05, 0x8e, 0x56, 0x86,
0x7e, 0x08, 0x62, 0x21, 0xc1, 0x86, 0xd6, 0x47,
0x79, 0x3e, 0xb7, 0x5d, 0xa4, 0xc6, 0x3a, 0xd7,
0xb1, 0x74, 0x20, 0xf6, 0x50, 0x97, 0x41, 0x04,
0x53, 0xed, 0x3f, 0x26, 0xd6, 0x6f, 0x91, 0xfa,
0x68, 0x26, 0xec, 0x2a, 0xdc, 0x9a, 0xf1, 0xe7,
0xdc, 0xfb, 0x73, 0xf0, 0x79, 0x43, 0x1b, 0x21,
0xa3, 0x59, 0x04, 0x63, 0x52, 0x07, 0xc9, 0xd7,
0xe6, 0xd1, 0x1b, 0x5d, 0x5e, 0x96, 0xfa, 0x53
};
static const unsigned char testOne[] = { 1 };
static wc_test_ret_t GenerateNextP(mp_int* p1, mp_int* p2, int k)
{
wc_test_ret_t ret;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
mp_int *ki = (mp_int *)XMALLOC(sizeof(*ki), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (ki == NULL)
return MEMORY_E;
#else
mp_int ki[1];
#endif
ret = mp_init(ki);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
if (ret == 0) {
ret = mp_set(ki, (mp_digit)k);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
ret = mp_sub_d(p1, 1, p2);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
ret = mp_mul(p2, ki, p2);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
ret = mp_add_d(p2, 1, p2);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
mp_clear(ki);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
XFREE(ki, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
static wc_test_ret_t GenerateP(mp_int* p1, mp_int* p2, mp_int* p3,
const pairs_t* ecPairs, int ecPairsSz,
const int* k)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
mp_int *x = NULL, *y = NULL;
#else
mp_int x[1], y[1];
#endif
wc_test_ret_t ret;
int i;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (((x = (mp_int *)XMALLOC(sizeof(*x), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL) ||
((y = (mp_int *)XMALLOC(sizeof(*x), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)) {
ret = MEMORY_E;
goto out;
}
#endif
ret = mp_init_multi(x, y, NULL, NULL, NULL, NULL);
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret);
goto out;
}
for (i = 0; ret == 0 && i < ecPairsSz; i++) {
ret = mp_read_unsigned_bin(x, ecPairs[i].coeff, (word32)ecPairs[i].coeffSz);
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret);
break;
}
/* p1 = 2^exp */
ret = mp_2expt(y, ecPairs[i].exp);
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret);
break;
}
/* p1 = p1 * m */
ret = mp_mul(x, y, x);
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret);
break;
}
/* p1 += */
ret = mp_add(p1, x, p1);
if (ret != 0) {
ret = WC_TEST_RET_ENC_EC(ret);
break;
}
mp_zero(x);
mp_zero(y);
}
if (ret == 0)
ret = GenerateNextP(p1, p2, k[0]);
if (ret == 0)
ret = GenerateNextP(p1, p3, k[1]);
out:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (x != NULL) {
mp_clear(x);
XFREE(x, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
if (y != NULL) {
mp_clear(y);
XFREE(y, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#else
mp_clear(x);
mp_clear(y);
#endif
return ret;
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prime_test(void)
{
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
mp_int *n = (mp_int *)XMALLOC(sizeof *n, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER),
*p1 = (mp_int *)XMALLOC(sizeof *p1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER),
*p2 = (mp_int *)XMALLOC(sizeof *p2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER),
*p3 = (mp_int *)XMALLOC(sizeof *p3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
mp_int n[1],
p1[1],
p2[1],
p3[1];
#endif
wc_test_ret_t ret;
int isPrime = 0;
WC_RNG rng;
int rng_inited = 0;
WOLFSSL_ENTER("prime_test");
ret = mp_init_multi(n, p1, p2, p3, NULL, NULL);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if ((n == NULL) ||
(p1 == NULL) ||
(p2 == NULL) ||
(p3 == NULL))
ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out);
#endif
ret = wc_InitRng(&rng);
if (ret == 0)
rng_inited = 1;
else
ret = WC_TEST_RET_ENC_EC(ret);
if (ret == 0)
ret = GenerateP(p1, p2, p3,
ecPairsA, sizeof(ecPairsA) / sizeof(ecPairsA[0]), kA);
if (ret == 0) {
ret = mp_mul(p1, p2, n);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret == 0) {
ret = mp_mul(n, p3, n);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
}
if (ret != 0)
ERROR_OUT(ret, out);
/* Check the old prime test using the number that false positives.
* This test result should indicate as not prime. */
ret = mp_prime_is_prime(n, 40, &isPrime);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (isPrime)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
/* This test result should fail. It should indicate the value as prime. */
ret = mp_prime_is_prime(n, 8, &isPrime);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (!isPrime)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
/* This test result should indicate the value as not prime. */
ret = mp_prime_is_prime_ex(n, 8, &isPrime, &rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (isPrime)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = mp_read_unsigned_bin(n, controlPrime, sizeof(controlPrime));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* This test result should indicate the value as prime. */
ret = mp_prime_is_prime_ex(n, 8, &isPrime, &rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (!isPrime)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
/* This test result should indicate the value as prime. */
isPrime = -1;
ret = mp_prime_is_prime(n, 8, &isPrime);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (!isPrime)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = mp_read_unsigned_bin(n, testOne, sizeof(testOne));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
/* This test result should indicate the value as not prime. */
ret = mp_prime_is_prime_ex(n, 8, &isPrime, &rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (isPrime)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = mp_prime_is_prime(n, 8, &isPrime);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
if (isPrime)
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
ret = 0;
out:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (n != NULL) {
mp_clear(n);
XFREE(n, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
if (p1 != NULL) {
mp_clear(p1);
XFREE(p1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
if (p2 != NULL) {
mp_clear(p2);
XFREE(p2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
if (p3 != NULL) {
mp_clear(p3);
XFREE(p3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#else
mp_clear(p3);
mp_clear(p2);
mp_clear(p1);
mp_clear(n);
#endif
if (rng_inited)
wc_FreeRng(&rng);
return ret;
}
#endif
#endif /* WOLFSSL_PUBLIC_MP */
#if defined(ASN_BER_TO_DER) && \
(defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL))
/* wc_BerToDer is only public facing in the case of test cert or opensslextra */
typedef struct berDerTestData {
const byte *in;
word32 inSz;
const byte *out;
word32 outSz;
} berDerTestData;
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void)
{
wc_test_ret_t ret;
int i;
word32 len = 0, l;
byte out[32];
static const byte good1_in[] = { 0x30, 0x80, 0x00, 0x00 };
static const byte good1_out[] = { 0x30, 0x00 };
static const byte good2_in[] = { 0x30, 0x80, 0x02, 0x01, 0x01, 0x00, 0x00 };
static const byte good2_out[] = { 0x30, 0x03, 0x02, 0x01, 0x01 };
static const byte good3_in[] = {
0x24, 0x80, 0x04, 0x01, 0x01, 0x00, 0x00
};
static const byte good3_out[] = { 0x04, 0x1, 0x01 };
static const byte good4_in[] = {
0x30, 0x80,
0x02, 0x01, 0x01,
0x30, 0x80,
0x24, 0x80,
0x04, 0x01, 0x01,
0x04, 0x02, 0x02, 0x03,
0x00, 0x00,
0x06, 0x01, 0x01,
0x00, 0x00,
0x31, 0x80,
0x06, 0x01, 0x01,
0x00, 0x00,
0x00, 0x00,
};
static const byte good4_out[] = {
0x30, 0x12,
0x02, 0x01, 0x01,
0x30, 0x08,
0x04, 0x03, 0x01, 0x02, 0x03,
0x06, 0x01, 0x01,
0x31, 0x03,
0x06, 0x01, 0x01
};
static const byte good5_in[] = { 0x30, 0x03, 0x02, 0x01, 0x01 };
static berDerTestData testData[] = {
{ good1_in, sizeof(good1_in), good1_out, sizeof(good1_out) },
{ good2_in, sizeof(good2_in), good2_out, sizeof(good2_out) },
{ good3_in, sizeof(good3_in), good3_out, sizeof(good3_out) },
{ good4_in, sizeof(good4_in), good4_out, sizeof(good4_out) },
{ good5_in, sizeof(good5_in), good5_in , sizeof(good5_in ) },
};
WOLFSSL_ENTER("berder_test");
for (i = 0; i < (int)(sizeof(testData) / sizeof(*testData)); i++) {
ret = wc_BerToDer(testData[i].in, testData[i].inSz, NULL, &len);
if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
return WC_TEST_RET_ENC_I(i);
if (len != testData[i].outSz)
return WC_TEST_RET_ENC_I(i);
len = testData[i].outSz;
ret = wc_BerToDer(testData[i].in, testData[i].inSz, out, &len);
if (ret != 0)
return WC_TEST_RET_ENC_I(i);
if (XMEMCMP(out, testData[i].out, len) != 0)
return WC_TEST_RET_ENC_I(i);
for (l = 1; l < testData[i].inSz; l++) {
ret = wc_BerToDer(testData[i].in, l, NULL, &len);
if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
return WC_TEST_RET_ENC_EC(ret);
len = testData[i].outSz;
ret = wc_BerToDer(testData[i].in, l, out, &len);
if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E))
return WC_TEST_RET_ENC_EC(ret);
}
for (l = 0; l < testData[i].outSz-1; l++) {
ret = wc_BerToDer(testData[i].in, testData[i].inSz, out, &l);
if (ret != WC_NO_ERR_TRACE(BUFFER_E))
return WC_TEST_RET_ENC_EC(ret);
}
}
ret = wc_BerToDer(NULL, 4, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_BerToDer(out, 4, NULL, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_BerToDer(NULL, 4, NULL, &len);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_BerToDer(NULL, 4, out, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_BerToDer(out, 4, out, NULL);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_BerToDer(NULL, 4, out, &len);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_EC(ret);
for (l = 1; l < sizeof(good4_out); l++) {
len = l;
ret = wc_BerToDer(good4_in, sizeof(good4_in), out, &len);
if (ret != WC_NO_ERR_TRACE(BUFFER_E))
return WC_TEST_RET_ENC_EC(ret);
}
return 0;
}
#endif /* ASN_BER_TO_DER && (WOLFSSL_TEST_CERT || OPENSSL_EXTRA ||
OPENSSL_EXTRA_X509_SMALL */
#ifdef DEBUG_WOLFSSL
static THREAD_LS_T int log_cnt = 0;
static void my_Logging_cb(const int logLevel, const char *const logMessage)
{
(void)logLevel;
(void)logMessage;
log_cnt++;
}
#endif /* DEBUG_WOLFSSL */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t logging_test(void)
{
wc_test_ret_t ret;
#ifdef DEBUG_WOLFSSL
const char* msg = "Testing, testing. 1, 2, 3, 4 ...";
byte a[8] = { 1, 2, 3, 4, 5, 6, 7, 8 };
byte b[256];
int i;
WOLFSSL_ENTER("logging_test (debug)");
for (i = 0; i < (int)sizeof(b); i++)
b[i] = i;
ret = wolfSSL_Debugging_ON();
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wolfSSL_SetLoggingCb(my_Logging_cb);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
WOLFSSL_MSG(msg);
WOLFSSL_BUFFER(a, sizeof(a));
WOLFSSL_BUFFER(b, sizeof(b));
WOLFSSL_BUFFER(NULL, 0);
WOLFSSL_ERROR(MEMORY_E);
WOLFSSL_ERROR_MSG(msg);
/* turn off logs */
wolfSSL_Debugging_OFF();
/* capture log count */
i = log_cnt;
/* validate no logs are output when disabled */
WOLFSSL_MSG(msg);
WOLFSSL_BUFFER(a, sizeof(a));
WOLFSSL_BUFFER(b, sizeof(b));
WOLFSSL_BUFFER(NULL, 0);
WOLFSSL_ERROR(MEMORY_E);
WOLFSSL_ERROR_MSG(msg);
/* check the logs were disabled */
if (i != log_cnt)
return WC_TEST_RET_ENC_NC;
/* restore callback and leave logging enabled */
wolfSSL_SetLoggingCb(NULL);
wolfSSL_Debugging_ON();
/* suppress unused args */
(void)a;
(void)b;
#else
WOLFSSL_ENTER("logging_test");
ret = wolfSSL_Debugging_ON();
if (ret != WC_NO_ERR_TRACE(NOT_COMPILED_IN))
return WC_TEST_RET_ENC_EC(ret);
wolfSSL_Debugging_OFF();
ret = wolfSSL_SetLoggingCb(NULL);
if (ret != WC_NO_ERR_TRACE(NOT_COMPILED_IN))
return WC_TEST_RET_ENC_EC(ret);
#endif /* DEBUG_WOLFSSL */
return 0;
}
#if defined(__INCLUDE_NUTTX_CONFIG_H)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t wolfcrypt_mutex_test(void)
#else
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mutex_test(void)
#endif
{
#ifdef WOLFSSL_PTHREADS
wolfSSL_Mutex m;
#endif
#if defined(WOLFSSL_PTHREADS) || (!defined(WOLFSSL_NO_MALLOC) && \
!defined(WOLFSSL_USER_MUTEX) && defined(WOLFSSL_STATIC_MEMORY))
wc_test_ret_t ret;
#endif
#if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_USER_MUTEX)
#ifndef WOLFSSL_STATIC_MEMORY
wolfSSL_Mutex *mm = wc_InitAndAllocMutex();
WOLFSSL_ENTER("[wolfcrypt_]mutex_test (1)");
#else
wolfSSL_Mutex *mm = (wolfSSL_Mutex*) XMALLOC(sizeof(wolfSSL_Mutex),
HEAP_HINT, DYNAMIC_TYPE_MUTEX);
WOLFSSL_ENTER("[wolfcrypt_]mutex_test (2)");
if (mm != NULL) {
ret = wc_InitMutex(mm);
if (ret != 0) {
WOLFSSL_MSG("Init Mutex failed");
XFREE(mm, HEAP_HINT, DYNAMIC_TYPE_MUTEX);
return WC_TEST_RET_ENC_EC(ret);
}
}
#endif
if (mm == NULL)
return WC_TEST_RET_ENC_ERRNO;
wc_FreeMutex(mm);
XFREE(mm, HEAP_HINT, DYNAMIC_TYPE_MUTEX);
#endif
/* Can optionally enable advanced pthread tests using "ENABLE_PTHREAD_LOCKFREE_TESTS" */
#ifdef WOLFSSL_PTHREADS
ret = wc_InitMutex(&m);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_LockMutex(&m);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#if !defined(WOLFSSL_SOLARIS) && defined(ENABLE_PTHREAD_LOCKFREE_TESTS)
/* trying to free a locked mutex is not portable behavior with pthread */
/* Attempting to destroy a locked mutex results in undefined behavior */
ret = wc_FreeMutex(&m);
if (ret != WC_NO_ERR_TRACE(BAD_MUTEX_E))
return WC_TEST_RET_ENC_EC(ret);
#endif
ret = wc_UnLockMutex(&m);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_FreeMutex(&m);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#if !defined(WOLFSSL_SOLARIS) && defined(ENABLE_PTHREAD_LOCKFREE_TESTS)
/* Trying to use a pthread after free'ing is not portable behavior */
ret = wc_LockMutex(&m);
if (ret != WC_NO_ERR_TRACE(BAD_MUTEX_E))
return WC_TEST_RET_ENC_EC(ret);
ret = wc_UnLockMutex(&m);
if (ret != WC_NO_ERR_TRACE(BAD_MUTEX_E))
return WC_TEST_RET_ENC_EC(ret);
#endif
#endif
return 0;
}
#if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS)
#if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_KERNEL_MODE) && \
!defined(WOLFSSL_STATIC_MEMORY)
static wc_test_ret_t malloc_cnt = 0;
static wc_test_ret_t realloc_cnt = 0;
static wc_test_ret_t free_cnt = 0;
#ifdef WOLFSSL_DEBUG_MEMORY
static void *my_Malloc_cb(size_t size, const char* func, unsigned int line)
{
(void) func;
(void) line;
#else
static void *my_Malloc_cb(size_t size)
{
#endif
malloc_cnt++;
#ifndef WOLFSSL_NO_MALLOC
return malloc(size); /* native heap */
#else
WOLFSSL_MSG("No malloc available");
(void)size;
return NULL;
#endif
}
#ifdef WOLFSSL_DEBUG_MEMORY
static void my_Free_cb(void *ptr, const char* func, unsigned int line)
{
(void) func;
(void) line;
#else
static void my_Free_cb(void *ptr)
{
#endif
free_cnt++;
#ifndef WOLFSSL_NO_MALLOC
free(ptr); /* native heap */
#else
WOLFSSL_MSG("No free available");
(void)ptr;
#endif
}
#ifdef WOLFSSL_DEBUG_MEMORY
static void *my_Realloc_cb(void *ptr, size_t size, const char* func, unsigned int line)
{
(void) func;
(void) line;
#else
static void *my_Realloc_cb(void *ptr, size_t size)
{
#endif
realloc_cnt++;
#ifndef WOLFSSL_NO_MALLOC
return realloc(ptr, size); /* native heap */
#else
WOLFSSL_MSG("No realloc available");
(void)ptr;
(void)size;
return NULL;
#endif
}
#endif /* !WOLFSSL_NO_MALLOC */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memcb_test(void)
{
wc_test_ret_t ret = 0;
#if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_NO_REALLOC) && \
!defined(WOLFSSL_KERNEL_MODE) && !defined(WOLFSSL_STATIC_MEMORY)
byte* b = NULL;
#endif
wolfSSL_Malloc_cb mc;
wolfSSL_Free_cb fc;
wolfSSL_Realloc_cb rc;
WOLFSSL_ENTER("memcb_test");
/* Save existing memory callbacks */
ret = wolfSSL_GetAllocators(&mc, &fc, &rc);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
#if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_NO_REALLOC) && \
!defined(WOLFSSL_KERNEL_MODE) && !defined(WOLFSSL_STATIC_MEMORY)
/* test realloc */
b = (byte*)XREALLOC(b, 1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (b == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_memcb);
}
XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
b = NULL;
/* Use API. */
ret = wolfSSL_SetAllocators((wolfSSL_Malloc_cb)my_Malloc_cb,
(wolfSSL_Free_cb)my_Free_cb,
(wolfSSL_Realloc_cb)my_Realloc_cb);
if (ret != 0) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_memcb);
}
b = (byte*)XMALLOC(1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
{
byte *new_b = (byte*)XREALLOC(b, 1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (new_b)
b = new_b;
else {
XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit_memcb);
}
}
XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#ifndef WOLFSSL_STATIC_MEMORY
#ifndef WOLFSSL_CHECK_MEM_ZERO
if (malloc_cnt != 1 || free_cnt != 1 || realloc_cnt != 1)
#else
/* Checking zeroized memory means realloc is a malloc and free. */
if (malloc_cnt != 2 || free_cnt != 2 || realloc_cnt != 0)
#endif
#else
if (malloc_cnt != 0 || free_cnt != 0 || realloc_cnt != 0)
#endif
ret = WC_TEST_RET_ENC_NC;
#endif /* !WOLFSSL_NO_MALLOC */
#if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_NO_REALLOC) && \
!defined(WOLFSSL_KERNEL_MODE) && !defined(WOLFSSL_STATIC_MEMORY)
exit_memcb:
/* reset malloc/free/realloc counts */
malloc_cnt = 0;
free_cnt = 0;
realloc_cnt = 0;
#endif
/* restore memory callbacks */
wolfSSL_SetAllocators(mc, fc, rc);
return ret;
}
#endif /* USE_WOLFSSL_MEMORY && !WOLFSSL_NO_MALLOC */
#if defined(WOLFSSL_CAAM_BLOB)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blob_test(void)
{
wc_test_ret_t ret = 0;
byte out[112];
byte blob[112];
word32 outSz;
WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
{
0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
};
WOLFSSL_SMALL_STACK_STATIC const byte text[] =
{
0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
};
WOLFSSL_ENTER("blob_test");
XMEMSET(blob, 0, sizeof(blob));
XMEMSET(out, 0, sizeof(out));
outSz = sizeof(blob);
ret = wc_caamCreateBlob((byte*)iv, sizeof(iv), blob, &outSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_blob);
blob[outSz - 2] += 1;
ret = wc_caamOpenBlob(blob, outSz, out, &outSz);
if (ret == 0) { /* should fail with altered blob */
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_blob);
}
XMEMSET(blob, 0, sizeof(blob));
outSz = sizeof(blob);
ret = wc_caamCreateBlob((byte*)iv, sizeof(iv), blob, &outSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_blob);
ret = wc_caamOpenBlob(blob, outSz, out, &outSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_blob);
if (XMEMCMP(out, iv, sizeof(iv))) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_blob);
}
XMEMSET(blob, 0, sizeof(blob));
outSz = sizeof(blob);
ret = wc_caamCreateBlob((byte*)text, sizeof(text), blob, &outSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_blob);
ret = wc_caamOpenBlob(blob, outSz, out, &outSz);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_blob);
if (XMEMCMP(out, text, sizeof(text))) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_blob);
}
exit_blob:
return ret;
}
#endif /* WOLFSSL_CAAM_BLOB */
#ifdef WOLF_CRYPTO_CB
/* Example custom context for crypto callback */
typedef struct {
int exampleVar; /* flag for testing if only crypt is enabled. */
} myCryptoDevCtx;
#ifdef WOLF_CRYPTO_CB_ONLY_RSA
/* Testing rsa cb when CB_ONLY_RSA is enabled
* When CB_ONLY_RSA is enabled, software imple. is not available.
*
* ctx callback ctx
* returen 0 on success, otherwise return negative
*/
static wc_test_ret_t rsa_onlycb_test(myCryptoDevCtx *ctx)
{
wc_test_ret_t ret = 0;
#if !defined(NO_RSA)
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
RsaKey *key = (RsaKey *)XMALLOC(sizeof *key,
HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
byte* tmp = NULL;
#else
RsaKey key[1];
byte tmp[FOURK_BUF];
#endif
size_t bytes;
const word32 inLen = (word32)TEST_STRING_SZ;
word32 idx = 0;
word32 sigSz;
WOLFSSL_SMALL_STACK_STATIC const byte in[] = TEST_STRING;
#if !defined(WOLFSSL_NO_MALLOC)
byte* out = NULL;
#else
byte out[RSA_TEST_BYTES];
#endif
#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
!defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \
!defined(NO_FILESYSTEM)
XFILE file;
#endif
#ifdef WOLFSSL_KEY_GEN
WC_RNG rng;
word32 keySz = 2048;
#endif
#ifdef USE_CERT_BUFFERS_1024
bytes = (size_t)sizeof_client_key_der_1024;
if (bytes < (size_t)sizeof_client_cert_der_1024)
bytes = (size_t)sizeof_client_cert_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
bytes = (size_t)sizeof_client_key_der_2048;
if (bytes < (size_t)sizeof_client_cert_der_2048)
bytes = (size_t)sizeof_client_cert_der_2048;
#elif defined(USE_CERT_BUFFERS_3072)
bytes = (size_t)sizeof_client_key_der_3072;
if (bytes < (size_t)sizeof_client_cert_der_3072)
bytes = (size_t)sizeof_client_cert_der_3072;
#elif defined(USE_CERT_BUFFERS_4096)
bytes = (size_t)sizeof_client_key_der_4096;
if (bytes < (size_t)sizeof_client_cert_der_4096)
bytes = (size_t)sizeof_client_cert_der_4096;
#else
bytes = FOURK_BUF;
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_onlycb);
#endif
#if !defined(WOLFSSL_NO_MALLOC)
out = (byte*)XMALLOC(RSA_TEST_BYTES, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (out == NULL)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_onlycb);
#endif
#ifdef USE_CERT_BUFFERS_1024
XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024);
#elif defined(USE_CERT_BUFFERS_2048)
XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
#elif defined(USE_CERT_BUFFERS_3072)
XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072);
#elif defined(USE_CERT_BUFFERS_4096)
XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096);
#elif !defined(NO_FILESYSTEM)
file = XFOPEN(clientKey, "rb");
if (!file) {
ret = WC_TEST_RET_ENC_ERRNO;
err_sys("can't open ./certs/client-key.der, "
"Please run from wolfSSL home dir", ret);
ERROR_OUT(ret, exit_onlycb);
}
bytes = XFREAD(tmp, 1, FOURK_BUF, file);
XFCLOSE(file);
if (bytes == 0)
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_onlycb);
#endif
#ifdef WOLFSSL_KEY_GEN
/* wc_CryptoCb_MakeRsaKey cb test, no actual making key
* wc_MakeRsaKey() -> rsa cb ->
* myCryptoDevCb -> wc_MakeRsaKey(CBONLY_TEST_DEVID)
* wc_MakeRsaKey(CBONLY_TEST_DEVID) expects to return 0(success)
*/
ctx->exampleVar = 99;
ret = wc_MakeRsaKey(key, keySz, WC_RSA_EXPONENT, &rng);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
/* wc_MakeRsaKey() -> rsa cb ->
* myCryptoDevCb -> wc_MakeRsaKey(INVALID_DEVID)
* wc_MakeRsaKey(CBONLY_TEST_DEVID) expects to return NO_VALID_DEVID(failure)
*/
ctx->exampleVar = 1;
ret = wc_MakeRsaKey(key, keySz, WC_RSA_EXPONENT, &rng);
if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
} else
/* reset return code */
ret = 0;
#endif
ret = test_RsaInit(key, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
sigSz = (word32)wc_RsaEncryptSize(key);
/* wc_CryptoCb_Rsa cb test, no actual rsa operation */
if (ret == 0) {
/* wc_SignatureGenerate() -> rsa cb ->
* myCryptoDevCb -> wc_RsaFunction(CBONLY_TEST_DEVID)
* wc_RsaFunction(CBONLY_TEST_DEVID) expects to return 0(success)
*/
ctx->exampleVar = 99;
ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA,
in, inLen, out, &sigSz, key, sizeof(*key), NULL);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
}
if (ret == 0) {
/* wc_SignatureGenerate() -> rsa cb ->
* myCryptoDevCb -> wc_RsaFunction(INVALID_DEVID)
* wc_SignatureGenerate(INVALID_DEVID) expects to
* return NO_VALID_DEVID(failure)
*/
ctx->exampleVar = 1;
ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA,
in, inLen, out, &sigSz, key, sizeof(*key), NULL);
if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
} else
/* reset return code */
ret = 0;
}
exit_onlycb:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (key != NULL) {
wc_FreeRsaKey(key);
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
wc_FreeRsaKey(key);
#endif
#if !defined(WOLFSSL_NO_MALLOC)
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#endif
return ret;
}
#endif
#ifdef WOLF_CRYPTO_CB_ONLY_ECC
/* Testing rsa cb when CB_ONLY_ECC is enabled
* When CB_ONLY_ECC is enabled, software imple. is not available.
*
* ctx callback ctx
* returen 0 on success, otherwise return negative
*/
static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
{
wc_test_ret_t ret = 0;
#if defined(HAVE_ECC)
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
ecc_key* key = (ecc_key *)XMALLOC(sizeof(*key),
HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
ecc_key* pub = (ecc_key *)XMALLOC(sizeof(*pub),
HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
byte* out = (byte*)XMALLOC(256, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) && \
defined(USE_CERT_BUFFERS_256)
byte* check = (byte*)XMALLOC(256, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#else
ecc_key key[1];
#ifdef HAVE_ECC_DHE
ecc_key pub[1];
#endif
#if defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
byte out[256];
#endif
#if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) && \
defined(USE_CERT_BUFFERS_256)
byte check[256];
#endif
#endif
#if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) && \
defined(USE_CERT_BUFFERS_256)
WOLFSSL_EVP_PKEY* privKey = NULL;
WOLFSSL_EVP_PKEY* pubKey = NULL;
ecc_key* pkey;
const unsigned char* cp;
WOLFSSL_EVP_MD_CTX mdCtx;
const char testData[] = "Hi There";
size_t checkSz = -1;
const unsigned char* p;
const unsigned char check_v[256] = {
0x30,0x45,0x02,0x20,0x1b,0x5c,0x2a,0xf0,0x18,0x09,
0x74,0x65,0xa1,0x04,0x76,0x3a,0xce,0xcc,0xe5,0x34,
0x5e,0x89,0xed,0x40,0x1e,0x5a,0xb1,0x53,0xb4,0xff,
0xc7,0x18,0xfe,0x0f,0xc7,0xa6,0x02,0x21,0x00,0xe5,
0x70,0x21,0xfc,0xf9,0x63,0x36,0xfd,0x16,0x18,0x08,
0x9a,0x63,0x61,0x0f,0xe7,0x7c,0xa3,0xc9,0x14,0xa3,
0x30,0x87,0xf7,0xf5,0x70,0x19,0xaf,0x56,0x96,0x9b,
0xd8,0x64,0xcd,0xd9,0xff,0x7b,0x2a,0x55,0x52,0xca,
0x41,0xb2,0xa6,0xa4,0x8a,0x3b,0x02,0x20,0x8c,0xc5,
0xf9,0xc1,0x7d,0x2a,0x65,0x6c,0xe6,0x5a,0xe3,0x76,
0x9b,0xab,0x0b,0x9f,0xaf,0x62,0x5d,0xb2,0x60,0xd7,
0xeb,0xb4,0x1b,0x73,0xdc,0x01,0x7d,0x7b,0xab,0xc1,
0x0c,0x74,0x96,0x41,0xe6,0x3f,0xc5,0x86,0xe6,0x7d,
0x2b,0x9d,0x54,0x6b,0xcd,0x31,0x35,0x1f,0xdb,0x49,
0x1f,0x32,0x34,0xf8,0x57,0x12,0x86,0x5c,0x0e,0x80,
0x55,0x8d,0xff,0xd8,0xbd,0xdf,0x32,0x26,0x62,0x42,
0x09,0xda,0xf7,0x74,0xf2,0x3f,0xe6,0xf1,0x77,0x82,
0xce,0xe4,0xbb,0x61,0xa6,0xc0,0x17,0x0c,0x6c,0x47,
0x2a,0x40,0x1c,0x2b,0xe0,0x98,0x3b,0xbf,0xc6,0xf8,
0x6d,0xfd,0xd0,0xfa,0xc1,0x02,0xfb,0x5f,0xfb,0xb0,
0xcb,0xd9,0xa3,0x59,0x94,0xe9,0x0f,0x74,0xbb,0x3f,
0x64,0xa3,0x83,0xc4,0x2b,0xf7,0xd2,0x97,0xbf,0x3b,
0xcf,0xbb,0x60,0x81,0x33,0x94,0xfa,0x0d,0x35,0xd2,
0x3d,0xb9,0x99,0xe3,0x12,0xf8,0xf4,0xa3,0x74,0xf4,
0x94,0x1d,0x7a,0x66,0xf8,0xd1,0x1d,0xcf,0xb0,0x48,
0xef,0x8c,0x94,0x6f,0xdd,0x62,
};
#endif
#ifdef HAVE_ECC_DHE
WC_RNG rng;
#endif
EncryptedInfo encInfo;
int keyFormat = 0;
#ifdef USE_CERT_BUFFERS_256
word32 keyIdx = 0;
#endif
#if defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
byte in[] = "Everyone gets Friday off. ecc p";
word32 inLen = (word32)XSTRLEN((char*)in);
word32 outLen;
int verify;
#endif
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (key == NULL || pub == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_onlycb);
}
#endif
ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
/* wc_CryptoCb_MakeEccKey cb test, no actual testing */
#ifdef HAVE_ECC_DHE
ctx->exampleVar = 99;
ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, key);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
ctx->exampleVar = 1;
ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, key);
if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
} else
/* reset return code */
ret = 0;
#endif
#ifdef USE_CERT_BUFFERS_256
if (ret == 0) {
/* load ECC private key and perform private transform */
ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &keyIdx,
key, sizeof_ecc_key_der_256);
}
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
#endif
#ifdef HAVE_ECC_SIGN
/* wc_CryptoCb_EccSign cb test, no actual testing */
ctx->exampleVar = 99;
if (ret == 0) {
ret = wc_ecc_sign_hash(in, inLen, out, &outLen, &rng, key);
}
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
ctx->exampleVar = 1;
if (ret == 0) {
ret = wc_ecc_sign_hash(in, inLen, out, &outLen, &rng, key);
}
if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
}
else
ret = 0;
#ifdef HAVE_ECC_VERIFY
/* wc_CryptoCb_EccVerify cb test, no actual testing */
ctx->exampleVar = 99;
if (ret == 0) {
ret = wc_ecc_verify_hash(in, inLen, out, outLen, &verify, key);
}
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
ctx->exampleVar = 1;
if (ret == 0) {
ret = wc_ecc_verify_hash(in, inLen, out, outLen, &verify, key);
}
if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
}
else
ret = 0;
#endif /* HAVE_ECC_VERIFY */
#endif /* HAVE_ECC_SIGN */
#ifdef HAVE_ECC_DHE
/* wc_CryptoCb_Ecdh cb test, no actual testing */
/* make public key for shared secret */
wc_ecc_init_ex(pub, HEAP_HINT, devId);
ctx->exampleVar = 99;
if (ret == 0) {
ret = wc_ecc_shared_secret(key, pub, out, &outLen);
}
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
ctx->exampleVar = 1;
if (ret == 0) {
ret = wc_ecc_shared_secret(key, pub, out, &outLen);
}
if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
}
else
ret = 0;
#endif /* HAVE_ECC_DHE */
#if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) && \
defined(USE_CERT_BUFFERS_256)
(void)pkey;
cp = ecc_clikey_der_256;
privKey = d2i_PrivateKey(WC_EVP_PKEY_EC, NULL, &cp,
sizeof_ecc_clikey_der_256);
if (privKey == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
}
pkey = (ecc_key*)privKey->ecc->internal;
pkey->devId = devId;
p = ecc_clikeypub_der_256;
pubKey = d2i_PUBKEY(NULL, &p, sizeof_ecc_clikeypub_der_256);
if (pubKey == NULL) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
}
pkey = (ecc_key*)pubKey->ecc->internal;
pkey->devId = devId;
/* sign */
wolfSSL_EVP_MD_CTX_init(&mdCtx);
ret = EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), NULL, privKey);
if (ret != WOLFSSL_SUCCESS) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
}
ret = EVP_DigestSignUpdate(&mdCtx, testData,
(unsigned int)XSTRLEN(testData));
if (ret != WOLFSSL_SUCCESS) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
}
ret = EVP_DigestSignFinal(&mdCtx, NULL, &checkSz);
if (ret != WOLFSSL_SUCCESS) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
}
ctx->exampleVar = 99;
ret = EVP_DigestSignFinal(&mdCtx, check, &checkSz);
/* just called crypt callback as dummy
* EVP_DigestSignFinal returns 0 internally.
*/
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
ctx->exampleVar = 1;
ret = EVP_DigestSignFinal(&mdCtx, check, &checkSz);
/* just called crypt callback as dummy
* EVP_DigestSignFinal returns 0 internally.
*/
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
/* restore checkSz for verify */
checkSz = 71;
ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx);
if (ret != WOLFSSL_SUCCESS) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
}
/* verify */
wolfSSL_EVP_MD_CTX_init(&mdCtx);
if (ret == WOLFSSL_SUCCESS) {
ret = EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), NULL, pubKey);
}
if (ret != WOLFSSL_SUCCESS) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
}
if (ret == WOLFSSL_SUCCESS) {
ret = EVP_DigestVerifyUpdate(&mdCtx, testData,
(unsigned int)XSTRLEN(testData));
}
if (ret != WOLFSSL_SUCCESS) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
}
ctx->exampleVar = 99;
ret = EVP_DigestVerifyFinal(&mdCtx, check_v, checkSz);
/* just called crypt callback as dummy
* EVP_DigestSignFinal returns 0 internally.
*/
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
ctx->exampleVar = 1;
ret = EVP_DigestVerifyFinal(&mdCtx, check_v, checkSz);
/* just called crypt callback as dummy
* EVP_DigestVerifyFinal returns -1 internally rather than NO_VALID_DEVID.
*/
if (ret != -1) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
}
ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx);
if (ret != WOLFSSL_SUCCESS) {
ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
} else
ret = 0;
#endif /* !WOLFCRYPT_ONLY && OPENSSL_EXTRA && USE_CERT_BUFFERS_256 */
(void)keyFormat;
(void)encInfo;
(void)ctx;
exit_onlycb:
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
if (key != NULL) {
wc_ecc_free(key);
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) && \
defined(USE_CERT_BUFFERS_256)
if (check) {
XFREE(check, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif
#else
wc_ecc_free(key);
#if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) && \
defined(USE_CERT_BUFFERS_256)
if (privKey)
wolfSSL_EVP_PKEY_free(privKey);
if (pubKey)
wolfSSL_EVP_PKEY_free(pubKey);
#endif
#endif
#endif /* HAVE_ECC */
return ret;
}
#endif
#ifdef WOLF_CRYPTO_CB_ONLY_SHA256
/* Exercise SHA-256 dispatch under CB_ONLY_SHA256: cb-handled then cb-delegated. */
static wc_test_ret_t sha256_onlycb_test(myCryptoDevCtx *ctx)
{
wc_test_ret_t ret = 0;
#if !defined(NO_SHA256)
wc_Sha256 sha;
byte hash[WC_SHA256_DIGEST_SIZE];
const byte in[] = "abc";
ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
/* cb handles the op, expects 0(success) */
ctx->exampleVar = 99;
ret = wc_Sha256Update(&sha, in, (word32)sizeof(in) - 1);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
ret = wc_Sha256Final(&sha, hash);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
/* cb delegates to software, expects NO_VALID_DEVID(failure) */
ctx->exampleVar = 1;
ret = wc_Sha256Update(&sha, in, (word32)sizeof(in) - 1);
if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
} else {
ret = 0;
}
ret = wc_Sha256Final(&sha, hash);
if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
} else {
ret = 0;
}
exit_onlycb:
wc_Sha256Free(&sha);
#endif /* !NO_SHA256 */
(void)ctx;
return ret;
}
#endif /* WOLF_CRYPTO_CB_ONLY_SHA256 */
#ifdef WOLF_CRYPTO_CB_ONLY_AES
/* Exercise AES dispatch under CB_ONLY_AES: cb-handled then cb-delegated. */
static wc_test_ret_t aes_onlycb_test(myCryptoDevCtx *ctx)
{
wc_test_ret_t ret = 0;
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
Aes aes;
const byte key[16] = {
0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
};
const byte iv[WC_AES_BLOCK_SIZE] = {
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
};
const byte plain[WC_AES_BLOCK_SIZE] = {
0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
};
byte out[WC_AES_BLOCK_SIZE];
ret = wc_AesInit(&aes, HEAP_HINT, devId);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
ret = wc_AesSetKey(&aes, key, sizeof(key), iv, AES_ENCRYPTION);
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
/* cb handles the op, expects 0(success) */
ctx->exampleVar = 99;
ret = wc_AesCbcEncrypt(&aes, out, plain, sizeof(plain));
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
/* cb delegates to software, expects NO_VALID_DEVID(failure) */
ctx->exampleVar = 1;
ret = wc_AesCbcEncrypt(&aes, out, plain, sizeof(plain));
if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) {
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
} else {
ret = 0;
}
exit_onlycb:
wc_AesFree(&aes);
#endif /* !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_128 */
(void)ctx;
return ret;
}
#endif /* WOLF_CRYPTO_CB_ONLY_AES */
/* Example crypto dev callback function that calls software version */
static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
{
int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); /* return this to bypass HW and
use SW */
myCryptoDevCtx* myCtx = (myCryptoDevCtx*)ctx;
if (info == NULL)
return BAD_FUNC_ARG;
#ifdef DEBUG_WOLFSSL
WOLFSSL_MSG_EX("CryptoDevCb: Algo Type %d\n", info->algo_type);
#endif
if (info->algo_type == WC_ALGO_TYPE_RNG) {
#if defined(WOLF_CRYPTO_CB) && !defined(HAVE_HASHDRBG) && \
!defined(WC_NO_RNG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
/* if RNG only supports crypto callback, just use seed */
ret = wc_GenerateSeed(&info->rng.rng->seed,
info->rng.out, info->rng.sz);
#elif !defined(WC_NO_RNG)
/* set devId to invalid, so software is used */
info->rng.rng->devId = INVALID_DEVID;
ret = wc_RNG_GenerateBlock(info->rng.rng,
info->rng.out, info->rng.sz);
/* reset devId */
info->rng.rng->devId = devIdArg;
#endif
}
else if (info->algo_type == WC_ALGO_TYPE_SEED) {
#ifndef WC_NO_RNG
ALIGN32 static byte seed[sizeof(word32)] = { 0x00, 0x00, 0x00, 0x01 };
word32* seedWord32 = (word32*)seed;
word32 len;
/* wc_GenerateSeed is a local symbol so we need to fake the entropy. */
while (info->seed.sz > 0) {
len = (word32)sizeof(seed);
if (info->seed.sz < len)
len = info->seed.sz;
XMEMCPY(info->seed.seed, seed, len);
info->seed.seed += len;
info->seed.sz -= len;
(*seedWord32)++;
}
ret = 0;
#endif
}
else if (info->algo_type == WC_ALGO_TYPE_PK) {
#ifdef DEBUG_WOLFSSL
WOLFSSL_MSG_EX("CryptoDevCb: Pk Type %d\n", info->pk.type);
#endif
#ifndef NO_RSA
if (info->pk.type == WC_PK_TYPE_RSA) {
/* set devId to invalid, so software is used */
info->pk.rsa.key->devId = INVALID_DEVID;
#if defined(WOLF_CRYPTO_CB_ONLY_RSA)
#ifdef DEBUG_WOLFSSL
printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
#endif
if (myCtx->exampleVar == 99) {
info->pk.rsa.key->devId = devIdArg;
return 0;
}
#endif
switch (info->pk.rsa.type) {
case RSA_PUBLIC_ENCRYPT:
case RSA_PUBLIC_DECRYPT:
/* perform software based RSA public op */
ret = wc_RsaFunction(
info->pk.rsa.in, info->pk.rsa.inLen,
info->pk.rsa.out, info->pk.rsa.outLen,
info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng);
break;
case RSA_PRIVATE_ENCRYPT:
case RSA_PRIVATE_DECRYPT:
/* perform software based RSA private op */
ret = wc_RsaFunction(
info->pk.rsa.in, info->pk.rsa.inLen,
info->pk.rsa.out, info->pk.rsa.outLen,
info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng);
break;
}
/* reset devId */
info->pk.rsa.key->devId = devIdArg;
}
#ifdef WOLFSSL_KEY_GEN
else if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN) {
info->pk.rsakg.key->devId = INVALID_DEVID;
#if defined(WOLF_CRYPTO_CB_ONLY_RSA)
#ifdef DEBUG_WOLFSSL
printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
#endif
if (myCtx->exampleVar == 99) {
info->pk.rsakg.key->devId = devIdArg;
return 0;
}
#endif
#ifdef HAVE_FIPS
for (;;) {
#endif
ret = wc_MakeRsaKey(info->pk.rsakg.key, info->pk.rsakg.size,
info->pk.rsakg.e, info->pk.rsakg.rng);
#ifdef HAVE_FIPS
if (ret == WC_NO_ERR_TRACE(PRIME_GEN_E))
continue;
break;
}
#endif
/* reset devId */
info->pk.rsakg.key->devId = devIdArg;
}
#endif
#endif /* !NO_RSA */
#ifdef HAVE_ECC
if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) {
#ifdef HAVE_ECC_DHE
/* set devId to invalid, so software is used */
info->pk.eckg.key->devId = INVALID_DEVID;
#if defined(WOLF_CRYPTO_CB_ONLY_ECC)
#ifdef DEBUG_WOLFSSL
printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
#endif
if (myCtx->exampleVar == 99) {
info->pk.eckg.key->devId = devIdArg;
return 0;
}
#endif
ret = wc_ecc_make_key_ex(info->pk.eckg.rng, info->pk.eckg.size,
info->pk.eckg.key, info->pk.eckg.curveId);
/* reset devId */
info->pk.eckg.key->devId = devIdArg;
#endif
}
else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
#ifdef HAVE_ECC_SIGN
/* set devId to invalid, so software is used */
info->pk.eccsign.key->devId = INVALID_DEVID;
#if defined(WOLF_CRYPTO_CB_ONLY_ECC)
#ifdef DEBUG_WOLFSSL
printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
#endif
if (myCtx->exampleVar == 99) {
info->pk.eccsign.key->devId = devIdArg;
return 0;
}
#endif
ret = wc_ecc_sign_hash(
info->pk.eccsign.in, info->pk.eccsign.inlen,
info->pk.eccsign.out, info->pk.eccsign.outlen,
info->pk.eccsign.rng, info->pk.eccsign.key);
/* reset devId */
info->pk.eccsign.key->devId = devIdArg;
#endif
}
else if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) {
#ifdef HAVE_ECC_VERIFY
/* set devId to invalid, so software is used */
info->pk.eccverify.key->devId = INVALID_DEVID;
#if defined(WOLF_CRYPTO_CB_ONLY_ECC)
#ifdef DEBUG_WOLFSSL
printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
#endif
if (myCtx->exampleVar == 99) {
info->pk.eccverify.key->devId = devIdArg;
return 0;
}
#endif
ret = wc_ecc_verify_hash(
info->pk.eccverify.sig, info->pk.eccverify.siglen,
info->pk.eccverify.hash, info->pk.eccverify.hashlen,
info->pk.eccverify.res, info->pk.eccverify.key);
/* reset devId */
info->pk.eccverify.key->devId = devIdArg;
#endif
}
else if (info->pk.type == WC_PK_TYPE_ECDH) {
#ifdef HAVE_ECC_DHE
/* set devId to invalid, so software is used */
info->pk.ecdh.private_key->devId = INVALID_DEVID;
#if defined(WOLF_CRYPTO_CB_ONLY_ECC)
#ifdef DEBUG_WOLFSSL
printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
#endif
if (myCtx->exampleVar == 99) {
info->pk.ecdh.private_key->devId = devIdArg;
return 0;
}
#endif
ret = wc_ecc_shared_secret(
info->pk.ecdh.private_key, info->pk.ecdh.public_key,
info->pk.ecdh.out, info->pk.ecdh.outlen);
/* reset devId */
info->pk.ecdh.private_key->devId = devIdArg;
#endif
}
else if (info->pk.type == WC_PK_TYPE_EC_GET_SIZE) {
WC_DECLARE_VAR(tmpEcc, ecc_key, 1, NULL);
WC_ALLOC_VAR(tmpEcc, ecc_key, 1, NULL);
if (!WC_VAR_OK(tmpEcc)) {
ret = MEMORY_E;
}
else {
/* Copy key to avoid const and recursive callback */
XMEMCPY(tmpEcc, info->pk.ecc_get_size.key, sizeof(ecc_key));
tmpEcc->devId = INVALID_DEVID;
*info->pk.ecc_get_size.keySize = wc_ecc_size(tmpEcc);
WC_FREE_VAR(tmpEcc, NULL);
ret = 0;
}
}
else if (info->pk.type == WC_PK_TYPE_EC_GET_SIG_SIZE) {
WC_DECLARE_VAR(tmpEcc, ecc_key, 1, NULL);
WC_ALLOC_VAR(tmpEcc, ecc_key, 1, NULL);
if (!WC_VAR_OK(tmpEcc)) {
ret = MEMORY_E;
}
else {
/* Copy key to avoid const and recursive callback */
XMEMCPY(tmpEcc, info->pk.ecc_get_sig_size.key,
sizeof(ecc_key));
tmpEcc->devId = INVALID_DEVID;
*info->pk.ecc_get_sig_size.sigSize = wc_ecc_sig_size(tmpEcc);
WC_FREE_VAR(tmpEcc, NULL);
ret = 0;
}
}
#endif /* HAVE_ECC */
#ifdef HAVE_CURVE25519
if (info->pk.type == WC_PK_TYPE_CURVE25519_KEYGEN) {
/* set devId to invalid, so software is used */
info->pk.curve25519kg.key->devId = INVALID_DEVID;
ret = wc_curve25519_make_key(info->pk.curve25519kg.rng,
info->pk.curve25519kg.size, info->pk.curve25519kg.key);
/* reset devId */
info->pk.curve25519kg.key->devId = devIdArg;
}
else if (info->pk.type == WC_PK_TYPE_CURVE25519) {
/* set devId to invalid, so software is used */
info->pk.curve25519.private_key->devId = INVALID_DEVID;
ret = wc_curve25519_shared_secret_ex(
info->pk.curve25519.private_key, info->pk.curve25519.public_key,
info->pk.curve25519.out, info->pk.curve25519.outlen,
info->pk.curve25519.endian);
/* reset devId */
info->pk.curve25519.private_key->devId = devIdArg;
}
#endif /* HAVE_CURVE25519 */
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_MAKE_KEY)
if (info->pk.type == WC_PK_TYPE_ED25519_KEYGEN) {
/* set devId to invalid, so software is used */
info->pk.ed25519kg.key->devId = INVALID_DEVID;
ret = wc_ed25519_make_key(info->pk.ed25519kg.rng,
info->pk.ed25519kg.size, info->pk.ed25519kg.key);
/* reset devId */
info->pk.ed25519kg.key->devId = devIdArg;
}
#ifdef HAVE_ED25519_SIGN
else if (info->pk.type == WC_PK_TYPE_ED25519_SIGN) {
/* set devId to invalid, so software is used */
info->pk.ed25519sign.key->devId = INVALID_DEVID;
ret = wc_ed25519_sign_msg_ex(
info->pk.ed25519sign.in, info->pk.ed25519sign.inLen,
info->pk.ed25519sign.out, info->pk.ed25519sign.outLen,
info->pk.ed25519sign.key, info->pk.ed25519sign.type,
info->pk.ed25519sign.context, info->pk.ed25519sign.contextLen);
/* reset devId */
info->pk.ed25519sign.key->devId = devIdArg;
}
#endif
#ifdef HAVE_ED25519_VERIFY
else if (info->pk.type == WC_PK_TYPE_ED25519_VERIFY) {
/* set devId to invalid, so software is used */
info->pk.ed25519verify.key->devId = INVALID_DEVID;
ret = wc_ed25519_verify_msg_ex(
info->pk.ed25519verify.sig, info->pk.ed25519verify.sigLen,
info->pk.ed25519verify.msg, info->pk.ed25519verify.msgLen,
info->pk.ed25519verify.res, info->pk.ed25519verify.key,
info->pk.ed25519verify.type, info->pk.ed25519verify.context,
info->pk.ed25519verify.contextLen);
/* reset devId */
info->pk.ed25519verify.key->devId = devIdArg;
}
#endif
#endif /* HAVE_ED25519 */
#if defined(WOLFSSL_HAVE_LMS) || defined(WOLFSSL_HAVE_XMSS)
if (info->pk.type == WC_PK_TYPE_PQC_STATEFUL_SIG_KEYGEN) {
int pqcType = info->pk.pqc_stateful_sig_kg.type;
(void)pqcType;
#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)
if (pqcType == WC_PQC_STATEFUL_SIG_TYPE_LMS) {
LmsKey* lk = (LmsKey*)info->pk.pqc_stateful_sig_kg.key;
lk->devId = INVALID_DEVID;
ret = wc_LmsKey_MakeKey(lk, info->pk.pqc_stateful_sig_kg.rng);
lk->devId = devIdArg;
}
#endif
#if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY)
if (pqcType == WC_PQC_STATEFUL_SIG_TYPE_XMSS) {
XmssKey* xk = (XmssKey*)info->pk.pqc_stateful_sig_kg.key;
xk->devId = INVALID_DEVID;
ret = wc_XmssKey_MakeKey(xk, info->pk.pqc_stateful_sig_kg.rng);
xk->devId = devIdArg;
}
#endif
}
else if (info->pk.type == WC_PK_TYPE_PQC_STATEFUL_SIG_SIGN) {
int pqcType = info->pk.pqc_stateful_sig_sign.type;
word32 sigSz = *info->pk.pqc_stateful_sig_sign.outSz;
(void)pqcType;
#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)
if (pqcType == WC_PQC_STATEFUL_SIG_TYPE_LMS) {
LmsKey* lk = (LmsKey*)info->pk.pqc_stateful_sig_sign.key;
lk->devId = INVALID_DEVID;
ret = wc_LmsKey_Sign(lk,
info->pk.pqc_stateful_sig_sign.out, &sigSz,
info->pk.pqc_stateful_sig_sign.msg,
(int)info->pk.pqc_stateful_sig_sign.msgSz);
lk->devId = devIdArg;
}
#endif
#if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY)
if (pqcType == WC_PQC_STATEFUL_SIG_TYPE_XMSS) {
XmssKey* xk = (XmssKey*)info->pk.pqc_stateful_sig_sign.key;
xk->devId = INVALID_DEVID;
ret = wc_XmssKey_Sign(xk,
info->pk.pqc_stateful_sig_sign.out, &sigSz,
info->pk.pqc_stateful_sig_sign.msg,
(int)info->pk.pqc_stateful_sig_sign.msgSz);
xk->devId = devIdArg;
}
#endif
*info->pk.pqc_stateful_sig_sign.outSz = sigSz;
}
else if (info->pk.type == WC_PK_TYPE_PQC_STATEFUL_SIG_VERIFY) {
int pqcType = info->pk.pqc_stateful_sig_verify.type;
int verifyRet = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
#if defined(WOLFSSL_HAVE_LMS)
if (pqcType == WC_PQC_STATEFUL_SIG_TYPE_LMS) {
LmsKey* lk = (LmsKey*)info->pk.pqc_stateful_sig_verify.key;
lk->devId = INVALID_DEVID;
verifyRet = wc_LmsKey_Verify(lk,
info->pk.pqc_stateful_sig_verify.sig,
info->pk.pqc_stateful_sig_verify.sigSz,
info->pk.pqc_stateful_sig_verify.msg,
(int)info->pk.pqc_stateful_sig_verify.msgSz);
lk->devId = devIdArg;
}
#endif
#if defined(WOLFSSL_HAVE_XMSS)
if (pqcType == WC_PQC_STATEFUL_SIG_TYPE_XMSS) {
XmssKey* xk = (XmssKey*)info->pk.pqc_stateful_sig_verify.key;
xk->devId = INVALID_DEVID;
verifyRet = wc_XmssKey_Verify(xk,
info->pk.pqc_stateful_sig_verify.sig,
info->pk.pqc_stateful_sig_verify.sigSz,
info->pk.pqc_stateful_sig_verify.msg,
(int)info->pk.pqc_stateful_sig_verify.msgSz);
xk->devId = devIdArg;
}
#endif
if (info->pk.pqc_stateful_sig_verify.res != NULL) {
*info->pk.pqc_stateful_sig_verify.res =
(verifyRet == 0) ? 1 : 0;
}
/* SIG_VERIFY_E is a validity signal, not a crypto error, so
* translate it back to success for the dispatcher. */
if (verifyRet == WC_NO_ERR_TRACE(SIG_VERIFY_E))
verifyRet = 0;
ret = verifyRet;
}
else if (info->pk.type == WC_PK_TYPE_PQC_STATEFUL_SIG_SIGS_LEFT) {
int pqcType = info->pk.pqc_stateful_sig_sigs_left.type;
int count = 0;
(void)pqcType;
#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)
if (pqcType == WC_PQC_STATEFUL_SIG_TYPE_LMS) {
LmsKey* lk = (LmsKey*)info->pk.pqc_stateful_sig_sigs_left.key;
lk->devId = INVALID_DEVID;
count = wc_LmsKey_SigsLeft(lk);
lk->devId = devIdArg;
}
#endif
#if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY)
if (pqcType == WC_PQC_STATEFUL_SIG_TYPE_XMSS) {
XmssKey* xk = (XmssKey*)info->pk.pqc_stateful_sig_sigs_left.key;
xk->devId = INVALID_DEVID;
count = wc_XmssKey_SigsLeft(xk);
xk->devId = devIdArg;
}
#endif
if (info->pk.pqc_stateful_sig_sigs_left.sigsLeft != NULL)
*info->pk.pqc_stateful_sig_sigs_left.sigsLeft = (word32)count;
ret = 0;
}
#endif /* WOLFSSL_HAVE_LMS || WOLFSSL_HAVE_XMSS */
#if defined(WOLFSSL_HAVE_SLHDSA)
#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY
if (info->pk.type == WC_PK_TYPE_PQC_SIG_KEYGEN) {
int pqcType = info->pk.pqc_sig_kg.type;
(void)pqcType;
if (pqcType == WC_PQC_SIG_TYPE_SLHDSA) {
SlhDsaKey* sk = (SlhDsaKey*)info->pk.pqc_sig_kg.key;
sk->devId = INVALID_DEVID;
ret = wc_SlhDsaKey_MakeKey(sk, info->pk.pqc_sig_kg.rng);
sk->devId = devIdArg;
myCtx->exampleVar++;
}
}
else if (info->pk.type == WC_PK_TYPE_PQC_SIG_SIGN) {
int pqcType = info->pk.pqc_sign.type;
(void)pqcType;
if (pqcType == WC_PQC_SIG_TYPE_SLHDSA) {
SlhDsaKey* sk = (SlhDsaKey*)info->pk.pqc_sign.key;
enum wc_HashType phType =
(enum wc_HashType)info->pk.pqc_sign.preHashType;
sk->devId = INVALID_DEVID;
if (phType == WC_HASH_TYPE_NONE) {
ret = wc_SlhDsaKey_Sign(sk,
info->pk.pqc_sign.context,
info->pk.pqc_sign.contextLen,
info->pk.pqc_sign.in,
info->pk.pqc_sign.inlen,
info->pk.pqc_sign.out,
info->pk.pqc_sign.outlen,
info->pk.pqc_sign.rng);
}
else {
ret = wc_SlhDsaKey_SignHash(sk,
info->pk.pqc_sign.context,
info->pk.pqc_sign.contextLen,
info->pk.pqc_sign.in,
info->pk.pqc_sign.inlen,
phType,
info->pk.pqc_sign.out,
info->pk.pqc_sign.outlen,
info->pk.pqc_sign.rng);
}
sk->devId = devIdArg;
myCtx->exampleVar++;
}
}
else
#endif /* !WOLFSSL_SLHDSA_VERIFY_ONLY */
if (info->pk.type == WC_PK_TYPE_PQC_SIG_VERIFY) {
int pqcType = info->pk.pqc_verify.type;
(void)pqcType;
if (pqcType == WC_PQC_SIG_TYPE_SLHDSA) {
SlhDsaKey* sk = (SlhDsaKey*)info->pk.pqc_verify.key;
enum wc_HashType phType =
(enum wc_HashType)info->pk.pqc_verify.preHashType;
int verifyRet = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
sk->devId = INVALID_DEVID;
if (phType == WC_HASH_TYPE_NONE) {
verifyRet = wc_SlhDsaKey_Verify(sk,
info->pk.pqc_verify.context,
info->pk.pqc_verify.contextLen,
info->pk.pqc_verify.msg,
info->pk.pqc_verify.msglen,
info->pk.pqc_verify.sig,
info->pk.pqc_verify.siglen);
}
else {
verifyRet = wc_SlhDsaKey_VerifyHash(sk,
info->pk.pqc_verify.context,
info->pk.pqc_verify.contextLen,
info->pk.pqc_verify.msg,
info->pk.pqc_verify.msglen,
phType,
info->pk.pqc_verify.sig,
info->pk.pqc_verify.siglen);
}
sk->devId = devIdArg;
if (info->pk.pqc_verify.res != NULL) {
*info->pk.pqc_verify.res = (verifyRet == 0) ? 1 : 0;
}
/* SIG_VERIFY_E is a validity signal, not a crypto error, so
* translate it back to success for the dispatcher. */
if (verifyRet == WC_NO_ERR_TRACE(SIG_VERIFY_E))
verifyRet = 0;
ret = verifyRet;
myCtx->exampleVar++;
}
}
#endif /* WOLFSSL_HAVE_SLHDSA */
#ifdef WOLFSSL_HAVE_MLKEM
if (info->pk.type == WC_PK_TYPE_PQC_KEM_KEYGEN) {
if ((info->pk.pqc_kem_kg.type == WC_PQC_KEM_TYPE_MLKEM) &&
(info->pk.pqc_kem_kg.key != NULL)) {
MlKemKey* key = (MlKemKey*)info->pk.pqc_kem_kg.key;
int hashDevId = key->hash.devId;
int prfDevId = key->prf.devId;
/* set devId to invalid, so software is used */
key->devId = INVALID_DEVID;
key->hash.devId = INVALID_DEVID;
key->prf.devId = INVALID_DEVID;
ret = wc_MlKemKey_MakeKey(key, info->pk.pqc_kem_kg.rng);
/* reset devId */
key->devId = devIdArg;
key->hash.devId = hashDevId;
key->prf.devId = prfDevId;
}
}
else if (info->pk.type == WC_PK_TYPE_PQC_KEM_ENCAPS) {
if ((info->pk.pqc_encaps.type == WC_PQC_KEM_TYPE_MLKEM) &&
(info->pk.pqc_encaps.key != NULL)) {
MlKemKey* key = (MlKemKey*)info->pk.pqc_encaps.key;
int hashDevId = key->hash.devId;
int prfDevId = key->prf.devId;
/* set devId to invalid, so software is used */
key->devId = INVALID_DEVID;
key->hash.devId = INVALID_DEVID;
key->prf.devId = INVALID_DEVID;
ret = wc_MlKemKey_Encapsulate(key,
info->pk.pqc_encaps.ciphertext,
info->pk.pqc_encaps.sharedSecret,
info->pk.pqc_encaps.rng);
/* reset devId */
key->devId = devIdArg;
key->hash.devId = hashDevId;
key->prf.devId = prfDevId;
}
}
else if (info->pk.type == WC_PK_TYPE_PQC_KEM_DECAPS) {
if ((info->pk.pqc_decaps.type == WC_PQC_KEM_TYPE_MLKEM) &&
(info->pk.pqc_decaps.key != NULL)) {
MlKemKey* key = (MlKemKey*)info->pk.pqc_decaps.key;
int hashDevId = key->hash.devId;
int prfDevId = key->prf.devId;
/* set devId to invalid, so software is used */
key->devId = INVALID_DEVID;
key->hash.devId = INVALID_DEVID;
key->prf.devId = INVALID_DEVID;
ret = wc_MlKemKey_Decapsulate(key,
info->pk.pqc_decaps.sharedSecret,
info->pk.pqc_decaps.ciphertext,
info->pk.pqc_decaps.ciphertextLen);
/* reset devId */
key->devId = devIdArg;
key->hash.devId = hashDevId;
key->prf.devId = prfDevId;
}
}
#endif /* WOLFSSL_HAVE_MLKEM */
}
else if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
#if !defined(NO_AES) || !defined(NO_DES3)
#ifdef HAVE_AESGCM
if (info->cipher.type == WC_CIPHER_AES_GCM) {
if (info->cipher.enc) {
/* set devId to invalid, so software is used */
info->cipher.aesgcm_enc.aes->devId = INVALID_DEVID;
ret = wc_AesGcmEncrypt(
info->cipher.aesgcm_enc.aes,
info->cipher.aesgcm_enc.out,
info->cipher.aesgcm_enc.in,
info->cipher.aesgcm_enc.sz,
info->cipher.aesgcm_enc.iv,
info->cipher.aesgcm_enc.ivSz,
info->cipher.aesgcm_enc.authTag,
info->cipher.aesgcm_enc.authTagSz,
info->cipher.aesgcm_enc.authIn,
info->cipher.aesgcm_enc.authInSz);
/* reset devId */
info->cipher.aesgcm_enc.aes->devId = devIdArg;
}
else {
/* set devId to invalid, so software is used */
info->cipher.aesgcm_dec.aes->devId = INVALID_DEVID;
ret = wc_AesGcmDecrypt(
info->cipher.aesgcm_dec.aes,
info->cipher.aesgcm_dec.out,
info->cipher.aesgcm_dec.in,
info->cipher.aesgcm_dec.sz,
info->cipher.aesgcm_dec.iv,
info->cipher.aesgcm_dec.ivSz,
info->cipher.aesgcm_dec.authTag,
info->cipher.aesgcm_dec.authTagSz,
info->cipher.aesgcm_dec.authIn,
info->cipher.aesgcm_dec.authInSz);
/* reset devId */
info->cipher.aesgcm_dec.aes->devId = devIdArg;
}
}
#endif /* HAVE_AESGCM */
#ifdef HAVE_AES_CBC
if (info->cipher.type == WC_CIPHER_AES_CBC) {
#if defined(WOLF_CRYPTO_CB_ONLY_AES)
if (myCtx->exampleVar == 99)
return 0;
#endif
if (info->cipher.enc) {
/* set devId to invalid, so software is used */
info->cipher.aescbc.aes->devId = INVALID_DEVID;
ret = wc_AesCbcEncrypt(
info->cipher.aescbc.aes,
info->cipher.aescbc.out,
info->cipher.aescbc.in,
info->cipher.aescbc.sz);
/* reset devId */
info->cipher.aescbc.aes->devId = devIdArg;
}
else {
/* set devId to invalid, so software is used */
info->cipher.aescbc.aes->devId = INVALID_DEVID;
ret = wc_AesCbcDecrypt(
info->cipher.aescbc.aes,
info->cipher.aescbc.out,
info->cipher.aescbc.in,
info->cipher.aescbc.sz);
/* reset devId */
info->cipher.aescbc.aes->devId = devIdArg;
}
}
#endif /* HAVE_AES_CBC */
#if defined(HAVE_AES_ECB) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
if (info->cipher.type == WC_CIPHER_AES_ECB) {
if (info->cipher.enc) {
/* set devId to invalid, so software is used */
info->cipher.aesecb.aes->devId = INVALID_DEVID;
ret = wc_AesEcbEncrypt(
info->cipher.aesecb.aes,
info->cipher.aesecb.out,
info->cipher.aesecb.in,
info->cipher.aesecb.sz);
/* reset devId */
info->cipher.aesecb.aes->devId = devIdArg;
}
else {
/* set devId to invalid, so software is used */
info->cipher.aesecb.aes->devId = INVALID_DEVID;
ret = wc_AesEcbDecrypt(
info->cipher.aesecb.aes,
info->cipher.aesecb.out,
info->cipher.aesecb.in,
info->cipher.aesecb.sz);
/* reset devId */
info->cipher.aesecb.aes->devId = devIdArg;
}
}
#endif /* HAVE_AES_ECB */
#if defined(WOLFSSL_AES_COUNTER) && !defined(HAVE_FIPS) && \
!defined(HAVE_SELFTEST)
if (info->cipher.type == WC_CIPHER_AES_CTR) {
/* set devId to invalid, so software is used */
info->cipher.aesctr.aes->devId = INVALID_DEVID;
ret = wc_AesCtrEncrypt(
info->cipher.aesctr.aes,
info->cipher.aesctr.out,
info->cipher.aesctr.in,
info->cipher.aesctr.sz);
/* reset devId */
info->cipher.aesctr.aes->devId = devIdArg;
}
#endif /* WOLFSSL_AES_COUNTER */
#if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
if (info->cipher.type == WC_CIPHER_AES_CCM) {
if (info->cipher.enc) {
/* set devId to invalid, so software is used */
info->cipher.aesccm_enc.aes->devId = INVALID_DEVID;
ret = wc_AesCcmEncrypt(
info->cipher.aesccm_enc.aes,
info->cipher.aesccm_enc.out,
info->cipher.aesccm_enc.in,
info->cipher.aesccm_enc.sz,
info->cipher.aesccm_enc.nonce,
info->cipher.aesccm_enc.nonceSz,
info->cipher.aesccm_enc.authTag,
info->cipher.aesccm_enc.authTagSz,
info->cipher.aesccm_enc.authIn,
info->cipher.aesccm_enc.authInSz);
/* reset devId */
info->cipher.aesccm_enc.aes->devId = devIdArg;
}
else {
/* set devId to invalid, so software is used */
info->cipher.aesccm_dec.aes->devId = INVALID_DEVID;
ret = wc_AesCcmDecrypt(
info->cipher.aesccm_dec.aes,
info->cipher.aesccm_dec.out,
info->cipher.aesccm_dec.in,
info->cipher.aesccm_dec.sz,
info->cipher.aesccm_dec.nonce,
info->cipher.aesccm_dec.nonceSz,
info->cipher.aesccm_dec.authTag,
info->cipher.aesccm_dec.authTagSz,
info->cipher.aesccm_dec.authIn,
info->cipher.aesccm_dec.authInSz);
/* reset devId */
info->cipher.aesccm_dec.aes->devId = devIdArg;
}
}
#endif
#ifndef NO_DES3
if (info->cipher.type == WC_CIPHER_DES3) {
if (info->cipher.enc) {
/* set devId to invalid, so software is used */
info->cipher.des3.des->devId = INVALID_DEVID;
ret = wc_Des3_CbcEncrypt(
info->cipher.des3.des,
info->cipher.des3.out,
info->cipher.des3.in,
info->cipher.des3.sz);
/* reset devId */
info->cipher.des3.des->devId = devIdArg;
}
else {
/* set devId to invalid, so software is used */
info->cipher.des3.des->devId = INVALID_DEVID;
ret = wc_Des3_CbcDecrypt(
info->cipher.des3.des,
info->cipher.des3.out,
info->cipher.des3.in,
info->cipher.des3.sz);
/* reset devId */
info->cipher.des3.des->devId = devIdArg;
}
}
#endif /* !NO_DES3 */
#endif /* !NO_AES || !NO_DES3 */
}
#if !defined(NO_SHA) || !defined(NO_SHA256) || \
defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)
else if (info->algo_type == WC_ALGO_TYPE_HASH) {
#if !defined(NO_SHA)
if (info->hash.type == WC_HASH_TYPE_SHA) {
if (info->hash.sha1 == NULL)
return NOT_COMPILED_IN;
/* set devId to invalid, so software is used */
info->hash.sha1->devId = INVALID_DEVID;
if (info->hash.in != NULL) {
ret = wc_ShaUpdate(
info->hash.sha1,
info->hash.in,
info->hash.inSz);
}
if (info->hash.digest != NULL) {
ret = wc_ShaFinal(
info->hash.sha1,
info->hash.digest);
}
/* reset devId */
info->hash.sha1->devId = devIdArg;
}
else
#endif
#if !defined(NO_SHA256)
if (info->hash.type == WC_HASH_TYPE_SHA256) {
if (info->hash.sha256 == NULL)
return NOT_COMPILED_IN;
/* set devId to invalid, so software is used */
info->hash.sha256->devId = INVALID_DEVID;
#if defined(WOLF_CRYPTO_CB_ONLY_SHA256)
#ifdef DEBUG_WOLFSSL
printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
#endif
if (myCtx->exampleVar == 99) {
info->hash.sha256->devId = devIdArg;
return 0;
}
#endif
if (info->hash.in != NULL) {
ret = wc_Sha256Update(
info->hash.sha256,
info->hash.in,
info->hash.inSz);
}
if (info->hash.digest != NULL) {
ret = wc_Sha256Final(
info->hash.sha256,
info->hash.digest);
}
/* reset devId */
info->hash.sha256->devId = devIdArg;
}
else
#endif
#ifdef WOLFSSL_SHA224
if (info->hash.type == WC_HASH_TYPE_SHA224) {
if (info->hash.sha224 == NULL)
return NOT_COMPILED_IN;
/* set devId to invalid, so software is used */
info->hash.sha224->devId = INVALID_DEVID;
#if defined(WOLF_CRYPTO_CB_ONLY_SHA256)
#ifdef DEBUG_WOLFSSL
printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
#endif
if (myCtx->exampleVar == 99) {
info->hash.sha224->devId = devIdArg;
return 0;
}
#endif
if (info->hash.in != NULL) {
ret = wc_Sha224Update(
info->hash.sha224,
info->hash.in,
info->hash.inSz);
}
if (info->hash.digest != NULL) {
ret = wc_Sha224Final(
info->hash.sha224,
info->hash.digest);
}
/* reset devId */
info->hash.sha224->devId = devIdArg;
}
else
#endif
#ifdef WOLFSSL_SHA384
if (info->hash.type == WC_HASH_TYPE_SHA384) {
if (info->hash.sha384 == NULL)
return NOT_COMPILED_IN;
#ifndef NO_SHA2_CRYPTO_CB
/* set devId to invalid, so software is used */
info->hash.sha384->devId = INVALID_DEVID;
#endif
#if defined(WOLF_CRYPTO_CB_ONLY_SHA512)
#ifdef DEBUG_WOLFSSL
printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
#endif
if (myCtx->exampleVar == 99) {
info->hash.sha384->devId = devIdArg;
return 0;
}
#endif
if (info->hash.in != NULL) {
ret = wc_Sha384Update(
info->hash.sha384,
info->hash.in,
info->hash.inSz);
}
if (info->hash.digest != NULL) {
ret = wc_Sha384Final(
info->hash.sha384,
info->hash.digest);
}
#ifndef NO_SHA2_CRYPTO_CB
/* reset devId */
info->hash.sha384->devId = devIdArg;
#endif
}
else
#endif
#ifdef WOLFSSL_SHA512
if (info->hash.type == WC_HASH_TYPE_SHA512) {
if (info->hash.sha512 == NULL)
return NOT_COMPILED_IN;
#ifndef NO_SHA2_CRYPTO_CB
/* set devId to invalid, so software is used */
info->hash.sha512->devId = INVALID_DEVID;
#endif
#if defined(WOLF_CRYPTO_CB_ONLY_SHA512)
#ifdef DEBUG_WOLFSSL
printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
#endif
if (myCtx->exampleVar == 99) {
info->hash.sha512->devId = devIdArg;
return 0;
}
#endif
if (info->hash.in != NULL) {
ret = wc_Sha512Update(
info->hash.sha512,
info->hash.in,
info->hash.inSz);
}
if (info->hash.digest != NULL) {
ret = wc_Sha512Final(
info->hash.sha512,
info->hash.digest);
}
#ifndef NO_SHA2_CRYPTO_CB
/* reset devId */
info->hash.sha512->devId = devIdArg;
#endif
}
else
#endif
#if defined(WOLFSSL_SHA3) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6, 0))
if (info->hash.type == WC_HASH_TYPE_SHA3_224) {
if (info->hash.sha3 == NULL)
return NOT_COMPILED_IN;
/* set devId to invalid, so software is used */
info->hash.sha3->devId = INVALID_DEVID;
if (info->hash.in != NULL) {
ret = wc_Sha3_224_Update(
info->hash.sha3,
info->hash.in,
info->hash.inSz);
}
if (info->hash.digest != NULL) {
ret = wc_Sha3_224_Final(
info->hash.sha3,
info->hash.digest);
}
/* reset devId */
info->hash.sha3->devId = devIdArg;
}
else if (info->hash.type == WC_HASH_TYPE_SHA3_256) {
if (info->hash.sha3 == NULL)
return NOT_COMPILED_IN;
/* set devId to invalid, so software is used */
info->hash.sha3->devId = INVALID_DEVID;
if (info->hash.in != NULL) {
ret = wc_Sha3_256_Update(
info->hash.sha3,
info->hash.in,
info->hash.inSz);
}
if (info->hash.digest != NULL) {
ret = wc_Sha3_256_Final(
info->hash.sha3,
info->hash.digest);
}
/* reset devId */
info->hash.sha3->devId = devIdArg;
}
else if (info->hash.type == WC_HASH_TYPE_SHA3_384) {
if (info->hash.sha3 == NULL)
return NOT_COMPILED_IN;
/* set devId to invalid, so software is used */
info->hash.sha3->devId = INVALID_DEVID;
if (info->hash.in != NULL) {
ret = wc_Sha3_384_Update(
info->hash.sha3,
info->hash.in,
info->hash.inSz);
}
if (info->hash.digest != NULL) {
ret = wc_Sha3_384_Final(
info->hash.sha3,
info->hash.digest);
}
/* reset devId */
info->hash.sha3->devId = devIdArg;
}
else if (info->hash.type == WC_HASH_TYPE_SHA3_512) {
if (info->hash.sha3 == NULL)
return NOT_COMPILED_IN;
/* set devId to invalid, so software is used */
info->hash.sha3->devId = INVALID_DEVID;
if (info->hash.in != NULL) {
ret = wc_Sha3_512_Update(
info->hash.sha3,
info->hash.in,
info->hash.inSz);
}
if (info->hash.digest != NULL) {
ret = wc_Sha3_512_Final(
info->hash.sha3,
info->hash.digest);
}
/* reset devId */
info->hash.sha3->devId = devIdArg;
}
#ifdef WOLFSSL_SHAKE128
else if (info->hash.type == WC_HASH_TYPE_SHAKE128) {
if (info->hash.sha3 == NULL)
return NOT_COMPILED_IN;
/* set devId to invalid, so software is used */
info->hash.sha3->devId = INVALID_DEVID;
if (info->hash.in != NULL) {
ret = wc_Shake128_Update(
info->hash.sha3,
info->hash.in,
info->hash.inSz);
}
if (info->hash.digest != NULL) {
ret = wc_Shake128_Final(
info->hash.sha3,
info->hash.digest,
info->hash.outSz);
}
/* reset devId */
info->hash.sha3->devId = devIdArg;
}
#endif /* WOLFSSL_SHAKE128 */
#ifdef WOLFSSL_SHAKE256
else if (info->hash.type == WC_HASH_TYPE_SHAKE256) {
if (info->hash.sha3 == NULL)
return NOT_COMPILED_IN;
/* set devId to invalid, so software is used */
info->hash.sha3->devId = INVALID_DEVID;
if (info->hash.in != NULL) {
ret = wc_Shake256_Update(
info->hash.sha3,
info->hash.in,
info->hash.inSz);
}
if (info->hash.digest != NULL) {
ret = wc_Shake256_Final(
info->hash.sha3,
info->hash.digest,
info->hash.outSz);
}
/* reset devId */
info->hash.sha3->devId = devIdArg;
}
#endif /* WOLFSSL_SHAKE256 */
else
#endif
{
}
}
#endif /* !NO_SHA || !NO_SHA256 */
#ifdef WOLF_CRYPTO_CB_COPY
else if (info->algo_type == WC_ALGO_TYPE_COPY) {
#ifdef DEBUG_WOLFSSL
WOLFSSL_MSG_EX("CryptoDevCb: Copy Algo=%d Type=%d\n",
info->copy.algo, info->copy.type);
#endif
if (info->copy.algo == WC_ALGO_TYPE_HASH) {
switch (info->copy.type) {
#ifndef NO_SHA
case WC_HASH_TYPE_SHA:
{
wc_Sha* src = (wc_Sha*)info->copy.src;
wc_Sha* dst = (wc_Sha*)info->copy.dst;
src->devId = INVALID_DEVID;
ret = wc_ShaCopy(src, dst);
src->devId = devIdArg;
if (ret == 0) {
dst->devId = devIdArg;
}
break;
}
#endif
#ifdef WOLFSSL_SHA224
case WC_HASH_TYPE_SHA224:
{
wc_Sha224* src = (wc_Sha224*)info->copy.src;
wc_Sha224* dst = (wc_Sha224*)info->copy.dst;
src->devId = INVALID_DEVID;
ret = wc_Sha224Copy(src, dst);
src->devId = devIdArg;
if (ret == 0) {
dst->devId = devIdArg;
}
break;
}
#endif
#ifndef NO_SHA256
case WC_HASH_TYPE_SHA256:
{
/* Cast the source and destination to the correct type */
/* Given as a void pointer initially for abstraction */
wc_Sha256* src = (wc_Sha256*)info->copy.src;
wc_Sha256* dst = (wc_Sha256*)info->copy.dst;
/* set devId to invalid, so software is used */
src->devId = INVALID_DEVID;
ret = wc_Sha256Copy(src, dst);
/* reset devId */
src->devId = devIdArg;
if (ret == 0) {
/* Set the devId of the destination to the same as the */
/* since we used the software implementation of copy */
/* so dst would have been set to INVALID_DEVID */
dst->devId = devIdArg;
}
break;
}
#endif /* !NO_SHA256 */
#ifdef WOLFSSL_SHA384
case WC_HASH_TYPE_SHA384:
{
wc_Sha384* src = (wc_Sha384*)info->copy.src;
wc_Sha384* dst = (wc_Sha384*)info->copy.dst;
src->devId = INVALID_DEVID;
ret = wc_Sha384Copy(src, dst);
src->devId = devIdArg;
if (ret == 0) {
dst->devId = devIdArg;
}
break;
}
#endif
#ifdef WOLFSSL_SHA512
case WC_HASH_TYPE_SHA512:
{
wc_Sha512* src = (wc_Sha512*)info->copy.src;
wc_Sha512* dst = (wc_Sha512*)info->copy.dst;
src->devId = INVALID_DEVID;
ret = wc_Sha512Copy(src, dst);
src->devId = devIdArg;
if (ret == 0) {
dst->devId = devIdArg;
}
break;
}
#endif
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
case WC_HASH_TYPE_SHA3_224:
{
wc_Sha3* src = (wc_Sha3*)info->copy.src;
wc_Sha3* dst = (wc_Sha3*)info->copy.dst;
src->devId = INVALID_DEVID;
ret = wc_Sha3_224_Copy(src, dst);
src->devId = devIdArg;
if (ret == 0) {
dst->devId = devIdArg;
}
break;
}
#endif
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
case WC_HASH_TYPE_SHA3_256:
{
wc_Sha3* src = (wc_Sha3*)info->copy.src;
wc_Sha3* dst = (wc_Sha3*)info->copy.dst;
src->devId = INVALID_DEVID;
ret = wc_Sha3_256_Copy(src, dst);
src->devId = devIdArg;
if (ret == 0) {
dst->devId = devIdArg;
}
break;
}
#endif
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
case WC_HASH_TYPE_SHA3_384:
{
wc_Sha3* src = (wc_Sha3*)info->copy.src;
wc_Sha3* dst = (wc_Sha3*)info->copy.dst;
src->devId = INVALID_DEVID;
ret = wc_Sha3_384_Copy(src, dst);
src->devId = devIdArg;
if (ret == 0) {
dst->devId = devIdArg;
}
break;
}
#endif
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
case WC_HASH_TYPE_SHA3_512:
{
wc_Sha3* src = (wc_Sha3*)info->copy.src;
wc_Sha3* dst = (wc_Sha3*)info->copy.dst;
src->devId = INVALID_DEVID;
ret = wc_Sha3_512_Copy(src, dst);
src->devId = devIdArg;
if (ret == 0) {
dst->devId = devIdArg;
}
break;
}
#endif
default:
ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
break;
}
}
else {
ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
}
}
#endif /* WOLF_CRYPTO_CB_COPY */
#ifdef WOLF_CRYPTO_CB_FREE
else if (info->algo_type == WC_ALGO_TYPE_FREE) {
#ifdef DEBUG_WOLFSSL
WOLFSSL_MSG_EX("CryptoDevCb: Free Algo=%d Type=%d\n",
info->free.algo, info->free.type);
#endif
if (info->free.algo == WC_ALGO_TYPE_HASH) {
switch (info->free.type) {
#ifndef NO_SHA
case WC_HASH_TYPE_SHA:
{
wc_Sha* sha = (wc_Sha*)info->free.obj;
sha->devId = INVALID_DEVID;
wc_ShaFree(sha);
ret = 0;
break;
}
#endif
#ifdef WOLFSSL_SHA224
case WC_HASH_TYPE_SHA224:
{
wc_Sha224* sha = (wc_Sha224*)info->free.obj;
sha->devId = INVALID_DEVID;
wc_Sha224Free(sha);
ret = 0;
break;
}
#endif
#ifndef NO_SHA256
case WC_HASH_TYPE_SHA256:
{
wc_Sha256* sha = (wc_Sha256*)info->free.obj;
/* set devId to invalid, so software is used */
sha->devId = INVALID_DEVID;
/* Call the actual free function */
wc_Sha256Free(sha);
/* Note: devId doesn't need to be restored as object is freed */
ret = 0;
break;
}
#endif
#ifdef WOLFSSL_SHA384
case WC_HASH_TYPE_SHA384:
{
wc_Sha384* sha = (wc_Sha384*)info->free.obj;
sha->devId = INVALID_DEVID;
wc_Sha384Free(sha);
ret = 0;
break;
}
#endif
#ifdef WOLFSSL_SHA512
case WC_HASH_TYPE_SHA512:
{
wc_Sha512* sha = (wc_Sha512*)info->free.obj;
sha->devId = INVALID_DEVID;
wc_Sha512Free(sha);
ret = 0;
break;
}
#endif
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
case WC_HASH_TYPE_SHA3_224:
{
wc_Sha3* sha = (wc_Sha3*)info->free.obj;
sha->devId = INVALID_DEVID;
wc_Sha3_224_Free(sha);
ret = 0;
break;
}
#endif
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
case WC_HASH_TYPE_SHA3_256:
{
wc_Sha3* sha = (wc_Sha3*)info->free.obj;
sha->devId = INVALID_DEVID;
wc_Sha3_256_Free(sha);
ret = 0;
break;
}
#endif
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
case WC_HASH_TYPE_SHA3_384:
{
wc_Sha3* sha = (wc_Sha3*)info->free.obj;
sha->devId = INVALID_DEVID;
wc_Sha3_384_Free(sha);
ret = 0;
break;
}
#endif
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
case WC_HASH_TYPE_SHA3_512:
{
wc_Sha3* sha = (wc_Sha3*)info->free.obj;
sha->devId = INVALID_DEVID;
wc_Sha3_512_Free(sha);
ret = 0;
break;
}
#endif
default:
ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
break;
}
}
else if (info->free.algo == WC_ALGO_TYPE_CIPHER) {
switch (info->free.type) {
#ifndef NO_AES
case WC_CIPHER_AES:
{
Aes* aes = (Aes*)info->free.obj;
aes->devId = INVALID_DEVID;
wc_AesFree(aes);
ret = 0;
break;
}
#endif
default:
ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
break;
}
}
else if (info->free.algo == WC_ALGO_TYPE_PK) {
switch (info->free.type) {
#ifdef HAVE_ECC
case WC_PK_TYPE_EC_KEYGEN:
{
ecc_key* ecc = (ecc_key*)info->free.obj;
ecc->devId = INVALID_DEVID;
wc_ecc_free(ecc);
ret = 0;
break;
}
#endif
#ifndef NO_RSA
case WC_PK_TYPE_RSA:
{
RsaKey* rsa = (RsaKey*)info->free.obj;
rsa->devId = INVALID_DEVID;
wc_FreeRsaKey(rsa);
ret = 0;
break;
}
#endif
#if defined(WOLFSSL_HAVE_MLDSA) || defined(WOLFSSL_HAVE_SLHDSA)
case WC_PK_TYPE_PQC_SIG_KEYGEN:
{
#ifdef WOLFSSL_HAVE_MLDSA
if (info->free.subType == WC_PQC_SIG_TYPE_MLDSA) {
wc_MlDsaKey* dil = (wc_MlDsaKey*)info->free.obj;
dil->devId = INVALID_DEVID;
wc_MlDsaKey_Free(dil);
ret = 0;
}
#endif
#ifdef WOLFSSL_HAVE_SLHDSA
if (info->free.subType == WC_PQC_SIG_TYPE_SLHDSA) {
SlhDsaKey* slh = (SlhDsaKey*)info->free.obj;
slh->devId = INVALID_DEVID;
wc_SlhDsaKey_Free(slh);
ret = 0;
}
#endif
break;
}
#endif
#ifdef WOLFSSL_HAVE_MLKEM
case WC_PK_TYPE_PQC_KEM_KEYGEN:
{
if (info->free.subType == WC_PQC_KEM_TYPE_MLKEM) {
MlKemKey* mlkem = (MlKemKey*)info->free.obj;
mlkem->devId = INVALID_DEVID;
mlkem->hash.devId = INVALID_DEVID;
mlkem->prf.devId = INVALID_DEVID;
ret = wc_MlKemKey_Free(mlkem);
}
break;
}
#endif
default:
ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
break;
}
}
else if (info->free.algo == WC_ALGO_TYPE_SHE) {
#if defined(WOLFSSL_SHE) && !defined(NO_AES)
wc_SHE* she = (wc_SHE*)info->free.obj;
she->devId = INVALID_DEVID;
wc_SHE_Free(she);
ret = 0;
#else
ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
#endif
}
else {
ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
}
}
#endif /* WOLF_CRYPTO_CB_FREE */
#ifdef WOLF_CRYPTO_CB_SETKEY
else if (info->algo_type == WC_ALGO_TYPE_SETKEY) {
#ifdef DEBUG_CRYPTOCB
wc_CryptoCb_InfoString(info);
#endif
switch (info->setkey.type) {
#ifndef NO_AES
case WC_SETKEY_AES:
{
Aes* aes = (Aes*)info->setkey.obj;
/* Delegate to software: disable devId, call SetKey, restore */
aes->devId = INVALID_DEVID;
ret = wc_AesSetKey(aes,
(const byte*)info->setkey.key, info->setkey.keySz,
(const byte*)info->setkey.aux, info->setkey.flags);
aes->devId = devIdArg;
break;
}
#endif /* !NO_AES */
#ifndef NO_HMAC
case WC_SETKEY_HMAC:
{
Hmac* hmac = (Hmac*)info->setkey.obj;
/* Delegate to software: disable devId, call SetKey, restore */
hmac->devId = INVALID_DEVID;
ret = wc_HmacSetKey(hmac, hmac->macType,
(const byte*)info->setkey.key, info->setkey.keySz);
hmac->devId = devIdArg;
break;
}
#endif /* !NO_HMAC */
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_TO_DER)
case WC_SETKEY_RSA_PUB:
{
RsaKey* rsaObj = (RsaKey*)info->setkey.obj;
RsaKey* rsaTmp = (RsaKey*)info->setkey.key;
int derSz;
word32 idx = 0;
byte* der = NULL;
/* Get required DER size for public key */
derSz = wc_RsaPublicKeyDerSize(rsaTmp, 1);
if (derSz <= 0) {
ret = derSz;
break;
}
der = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (der == NULL) {
ret = MEMORY_E;
break;
}
/* Export public key from temp to DER */
derSz = wc_RsaKeyToPublicDer_ex(rsaTmp, der,
(word32)derSz, 1);
if (derSz <= 0) {
XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
ret = derSz;
break;
}
/* Import DER into obj via software */
rsaObj->devId = INVALID_DEVID;
ret = wc_RsaPublicKeyDecode(der, &idx, rsaObj,
(word32)derSz);
rsaObj->devId = devIdArg;
XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
break;
}
case WC_SETKEY_RSA_PRIV:
{
RsaKey* rsaObj = (RsaKey*)info->setkey.obj;
RsaKey* rsaTmp = (RsaKey*)info->setkey.key;
int derSz;
word32 idx = 0;
byte* der = NULL;
/* Get required DER size for private key */
derSz = wc_RsaKeyToDer(rsaTmp, NULL, 0);
if (derSz <= 0) {
ret = derSz;
break;
}
der = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (der == NULL) {
ret = MEMORY_E;
break;
}
/* Export private key from temp to DER */
derSz = wc_RsaKeyToDer(rsaTmp, der, (word32)derSz);
if (derSz <= 0) {
XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
ret = derSz;
break;
}
/* Import DER into obj via software */
rsaObj->devId = INVALID_DEVID;
ret = wc_RsaPrivateKeyDecode(der, &idx, rsaObj,
(word32)derSz);
rsaObj->devId = devIdArg;
XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
break;
}
#endif /* !NO_RSA && WOLFSSL_KEY_TO_DER */
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && \
defined(HAVE_ECC_KEY_IMPORT)
case WC_SETKEY_ECC_PUB:
{
ecc_key* eccObj = (ecc_key*)info->setkey.obj;
ecc_key* eccTmp = (ecc_key*)info->setkey.key;
word32 bufSz = ECC_BUFSIZE;
int curveId;
WC_DECLARE_VAR(buf, byte, ECC_BUFSIZE, NULL);
WC_ALLOC_VAR(buf, byte, ECC_BUFSIZE, NULL);
if (!WC_VAR_OK(buf)) {
ret = MEMORY_E;
break;
}
/* Export public key from temp to X9.63 format */
ret = wc_ecc_export_x963(eccTmp, buf, &bufSz);
if (ret != 0) {
WC_FREE_VAR(buf, NULL);
break;
}
curveId = wc_ecc_get_curve_id(eccTmp->idx);
/* Import into obj via software */
eccObj->devId = INVALID_DEVID;
ret = wc_ecc_import_x963_ex2(buf, bufSz, eccObj,
curveId, 0);
eccObj->devId = devIdArg;
WC_FREE_VAR(buf, NULL);
break;
}
case WC_SETKEY_ECC_PRIV:
{
ecc_key* eccObj = (ecc_key*)info->setkey.obj;
ecc_key* eccTmp = (ecc_key*)info->setkey.key;
word32 pubSz = ECC_BUFSIZE;
word32 privSz = MAX_ECC_BYTES;
byte* pubPtr = NULL;
int curveId;
WC_DECLARE_VAR(pubBuf, byte, ECC_BUFSIZE, NULL);
WC_DECLARE_VAR(privBuf, byte, MAX_ECC_BYTES, NULL);
WC_ALLOC_VAR(pubBuf, byte, ECC_BUFSIZE, NULL);
WC_ALLOC_VAR(privBuf, byte, MAX_ECC_BYTES, NULL);
if (!WC_VAR_OK(pubBuf) || !WC_VAR_OK(privBuf)) {
WC_FREE_VAR(pubBuf, NULL);
WC_FREE_VAR(privBuf, NULL);
ret = MEMORY_E;
break;
}
/* Export public key from temp (if available) */
if (eccTmp->type != ECC_PRIVATEKEY_ONLY) {
ret = wc_ecc_export_x963(eccTmp, pubBuf, &pubSz);
if (ret != 0) {
WC_FREE_VAR(pubBuf, NULL);
WC_FREE_VAR(privBuf, NULL);
break;
}
pubPtr = pubBuf;
}
ret = wc_ecc_export_private_only(eccTmp, privBuf,
&privSz);
if (ret != 0) {
WC_FREE_VAR(pubBuf, NULL);
WC_FREE_VAR(privBuf, NULL);
break;
}
curveId = wc_ecc_get_curve_id(eccTmp->idx);
/* Import into obj via software */
eccObj->devId = INVALID_DEVID;
ret = wc_ecc_import_private_key_ex(privBuf, privSz,
pubPtr, (pubPtr != NULL) ? pubSz : 0,
eccObj, curveId);
eccObj->devId = devIdArg;
WC_FREE_VAR(pubBuf, NULL);
WC_FREE_VAR(privBuf, NULL);
break;
}
#endif /* HAVE_ECC && HAVE_ECC_KEY_EXPORT && HAVE_ECC_KEY_IMPORT */
default:
ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
break;
}
}
#endif /* WOLF_CRYPTO_CB_SETKEY */
#ifdef WOLF_CRYPTO_CB_EXPORT_KEY
else if (info->algo_type == WC_ALGO_TYPE_EXPORT_KEY) {
#ifdef DEBUG_CRYPTOCB
wc_CryptoCb_InfoString(info);
#endif
switch (info->export_key.type) {
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_TO_DER)
case WC_PK_TYPE_RSA:
{
RsaKey* src = (RsaKey*)info->export_key.obj;
RsaKey* dst = (RsaKey*)info->export_key.out;
int derSz;
word32 idx = 0;
byte* der = NULL;
/* Try private key export first, fall back to public */
derSz = wc_RsaKeyToDer(src, NULL, 0);
if (derSz > 0) {
der = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (der == NULL) {
ret = MEMORY_E;
break;
}
derSz = wc_RsaKeyToDer(src, der, (word32)derSz);
if (derSz > 0) {
ret = wc_RsaPrivateKeyDecode(der, &idx, dst,
(word32)derSz);
}
else {
ret = derSz;
}
XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
else {
/* Public key only */
derSz = wc_RsaPublicKeyDerSize(src, 1);
if (derSz <= 0) {
ret = derSz;
break;
}
der = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (der == NULL) {
ret = MEMORY_E;
break;
}
derSz = wc_RsaKeyToPublicDer_ex(src, der,
(word32)derSz, 1);
if (derSz > 0) {
ret = wc_RsaPublicKeyDecode(der, &idx, dst,
(word32)derSz);
}
else {
ret = derSz;
}
XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
break;
}
#endif /* !NO_RSA && WOLFSSL_KEY_TO_DER */
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && \
defined(HAVE_ECC_KEY_IMPORT)
case WC_PK_TYPE_ECDSA_SIGN: /* ECC key */
{
ecc_key* src = (ecc_key*)info->export_key.obj;
ecc_key* dst = (ecc_key*)info->export_key.out;
word32 pubSz = ECC_BUFSIZE;
word32 privSz = MAX_ECC_BYTES;
byte* pubPtr = NULL;
int curveId;
WC_DECLARE_VAR(pubBuf, byte, ECC_BUFSIZE, NULL);
WC_DECLARE_VAR(privBuf, byte, MAX_ECC_BYTES, NULL);
WC_ALLOC_VAR(pubBuf, byte, ECC_BUFSIZE, NULL);
WC_ALLOC_VAR(privBuf, byte, MAX_ECC_BYTES, NULL);
if (!WC_VAR_OK(pubBuf) || !WC_VAR_OK(privBuf)) {
WC_FREE_VAR(pubBuf, NULL);
WC_FREE_VAR(privBuf, NULL);
ret = MEMORY_E;
break;
}
/* Use software to export from src - prevent recursion */
{
int savedDevId = src->devId;
src->devId = INVALID_DEVID;
/* Export public key if available */
if (src->type != ECC_PRIVATEKEY_ONLY) {
ret = wc_ecc_export_x963(src, pubBuf, &pubSz);
if (ret != 0) {
src->devId = savedDevId;
WC_FREE_VAR(pubBuf, NULL);
WC_FREE_VAR(privBuf, NULL);
break;
}
pubPtr = pubBuf;
}
/* Export private key if available */
if (src->type != ECC_PUBLICKEY) {
ret = wc_ecc_export_private_only(src, privBuf,
&privSz);
if (ret != 0) {
src->devId = savedDevId;
WC_FREE_VAR(pubBuf, NULL);
WC_FREE_VAR(privBuf, NULL);
break;
}
curveId = wc_ecc_get_curve_id(src->idx);
ret = wc_ecc_import_private_key_ex(privBuf, privSz,
pubPtr, (pubPtr != NULL) ? pubSz : 0,
dst, curveId);
}
else {
/* Public key only */
curveId = wc_ecc_get_curve_id(src->idx);
ret = wc_ecc_import_x963_ex2(pubBuf, pubSz, dst,
curveId, 0);
}
src->devId = savedDevId;
}
WC_FREE_VAR(pubBuf, NULL);
WC_FREE_VAR(privBuf, NULL);
break;
}
#endif /* HAVE_ECC && HAVE_ECC_KEY_EXPORT && HAVE_ECC_KEY_IMPORT */
default:
ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
break;
}
}
#endif /* WOLF_CRYPTO_CB_EXPORT_KEY */
#ifndef NO_HMAC
else if (info->algo_type == WC_ALGO_TYPE_HMAC) {
if (info->hmac.hmac == NULL)
return NOT_COMPILED_IN;
/* set devId to invalid, so software is used */
info->hmac.hmac->devId = INVALID_DEVID;
if (info->hmac.in != NULL) {
ret = wc_HmacUpdate(
info->hmac.hmac,
info->hmac.in,
info->hmac.inSz);
}
else if (info->hmac.digest != NULL) {
ret = wc_HmacFinal(
info->hmac.hmac,
info->hmac.digest);
}
/* reset devId */
info->hmac.hmac->devId = devIdArg;
}
#endif
#if defined(WOLFSSL_CMAC) && !defined(NO_AES)
else if (info->algo_type == WC_ALGO_TYPE_CMAC) {
if (info->cmac.cmac == NULL) {
return NOT_COMPILED_IN;
}
/* set devId to invalid so software is used */
info->cmac.cmac->devId = INVALID_DEVID;
/* Handle one-shot cases */
if (info->cmac.key != NULL && info->cmac.in != NULL
&& info->cmac.out != NULL) {
ret = wc_AesCmacGenerate(info->cmac.out,
info->cmac.outSz,
info->cmac.in,
info->cmac.inSz,
info->cmac.key,
info->cmac.keySz);
/* Sequentially handle incremental cases */
} else {
if (info->cmac.key != NULL) {
ret = wc_InitCmac(info->cmac.cmac,
info->cmac.key,
info->cmac.keySz,
info->cmac.type,
NULL);
}
if ((ret == 0) && (info->cmac.in != NULL)) {
ret = wc_CmacUpdate(info->cmac.cmac,
info->cmac.in,
info->cmac.inSz);
}
if ((ret ==0) && (info->cmac.out != NULL)) {
ret = wc_CmacFinal(info->cmac.cmac,
info->cmac.out,
info->cmac.outSz);
}
}
/* reset devId */
info->cmac.cmac->devId = devIdArg;
}
#endif /* WOLFSSL_CMAC && !(NO_AES) && WOLFSSL_AES_DIRECT */
else if (info->algo_type == WC_ALGO_TYPE_KDF) {
#if defined(HAVE_HKDF) && !defined(NO_HMAC)
if (info->kdf.type == WC_KDF_TYPE_HKDF) {
/* Redirect to software implementation for testing */
#if !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0))
ret = wc_HKDF_ex(info->kdf.hkdf.hashType,
info->kdf.hkdf.inKey, info->kdf.hkdf.inKeySz,
info->kdf.hkdf.salt, info->kdf.hkdf.saltSz,
info->kdf.hkdf.info, info->kdf.hkdf.infoSz,
info->kdf.hkdf.out, info->kdf.hkdf.outSz,
NULL, INVALID_DEVID);
#else
ret = wc_HKDF(info->kdf.hkdf.hashType,
info->kdf.hkdf.inKey, info->kdf.hkdf.inKeySz,
info->kdf.hkdf.salt, info->kdf.hkdf.saltSz,
info->kdf.hkdf.info, info->kdf.hkdf.infoSz,
info->kdf.hkdf.out, info->kdf.hkdf.outSz);
#endif
}
if (info->kdf.type == WC_KDF_TYPE_HKDF_EXTRACT) {
#if !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0))
ret = wc_HKDF_Extract_ex(info->kdf.hkdf_extract.hashType,
info->kdf.hkdf_extract.salt, info->kdf.hkdf_extract.saltSz,
info->kdf.hkdf_extract.inKey, info->kdf.hkdf_extract.inKeySz,
info->kdf.hkdf_extract.out,
NULL, INVALID_DEVID);
#else
ret = wc_HKDF_Extract(info->kdf.hkdf_extract.hashType,
info->kdf.hkdf_extract.salt, info->kdf.hkdf_extract.saltSz,
info->kdf.hkdf_extract.inKey, info->kdf.hkdf_extract.inKeySz,
info->kdf.hkdf_extract.out);
#endif
}
if (info->kdf.type == WC_KDF_TYPE_HKDF_EXPAND) {
#if !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0))
ret = wc_HKDF_Expand_ex(info->kdf.hkdf_expand.hashType,
info->kdf.hkdf_expand.inKey, info->kdf.hkdf_expand.inKeySz,
info->kdf.hkdf_expand.info, info->kdf.hkdf_expand.infoSz,
info->kdf.hkdf_expand.out, info->kdf.hkdf_expand.outSz,
NULL, INVALID_DEVID);
#else
ret = wc_HKDF_Expand(info->kdf.hkdf_expand.hashType,
info->kdf.hkdf_expand.inKey, info->kdf.hkdf_expand.inKeySz,
info->kdf.hkdf_expand.info, info->kdf.hkdf_expand.infoSz,
info->kdf.hkdf_expand.out, info->kdf.hkdf_expand.outSz);
#endif
}
#endif /* HAVE_HKDF && !NO_HMAC */
#if defined(HAVE_CMAC_KDF)
if (info->kdf.type == WC_KDF_TYPE_TWOSTEP_CMAC) {
/* Redirect to software implementation for testing */
ret = wc_KDA_KDF_twostep_cmac(
info->kdf.twostep_cmac.salt, info->kdf.twostep_cmac.saltSz,
info->kdf.twostep_cmac.z, info->kdf.twostep_cmac.zSz,
info->kdf.twostep_cmac.fixedInfo, info->kdf.twostep_cmac.fixedInfoSz,
info->kdf.twostep_cmac.out, info->kdf.twostep_cmac.outSz,
NULL, INVALID_DEVID);
}
#endif /* HAVE_CMAC_KDF */
}
#if defined(WOLFSSL_SHE) && !defined(NO_AES)
else if (info->algo_type == WC_ALGO_TYPE_SHE) {
wc_SHE* she = (wc_SHE*)info->she.she;
int savedDevId;
if (she == NULL) {
return NOT_COMPILED_IN;
}
/* Save and override devId so re-call uses software path */
savedDevId = she->devId;
she->devId = INVALID_DEVID;
switch (info->she.type) {
case WC_SHE_GET_UID:
/* Test callback: just acknowledge, UID is in caller's buffer */
ret = 0;
break;
case WC_SHE_GET_COUNTER:
{
static word32 simCounter = 0;
if (info->she.op.getCounter.counter != NULL) {
*info->she.op.getCounter.counter = ++simCounter;
}
ret = 0;
break;
}
case WC_SHE_GENERATE_M1M2M3:
/* Re-call with software devId using params from callback */
ret = wc_SHE_GenerateM1M2M3(she,
info->she.op.generateM1M2M3.uid,
info->she.op.generateM1M2M3.uidSz,
info->she.op.generateM1M2M3.authKeyId,
info->she.op.generateM1M2M3.authKey,
info->she.op.generateM1M2M3.authKeySz,
info->she.op.generateM1M2M3.targetKeyId,
info->she.op.generateM1M2M3.newKey,
info->she.op.generateM1M2M3.newKeySz,
info->she.op.generateM1M2M3.counter,
info->she.op.generateM1M2M3.flags,
info->she.op.generateM1M2M3.m1,
info->she.op.generateM1M2M3.m1Sz,
info->she.op.generateM1M2M3.m2,
info->she.op.generateM1M2M3.m2Sz,
info->she.op.generateM1M2M3.m3,
info->she.op.generateM1M2M3.m3Sz);
break;
case WC_SHE_GENERATE_M4M5:
/* Re-call with software devId using params from callback */
ret = wc_SHE_GenerateM4M5(she,
info->she.op.generateM4M5.uid,
info->she.op.generateM4M5.uidSz,
info->she.op.generateM4M5.authKeyId,
info->she.op.generateM4M5.targetKeyId,
info->she.op.generateM4M5.newKey,
info->she.op.generateM4M5.newKeySz,
info->she.op.generateM4M5.counter,
info->she.op.generateM4M5.m4,
info->she.op.generateM4M5.m4Sz,
info->she.op.generateM4M5.m5,
info->she.op.generateM4M5.m5Sz);
break;
case WC_SHE_EXPORT_KEY:
/* Simulate hardware export -- fill with test pattern */
if (info->she.op.exportKey.m1 != NULL) {
XMEMSET(info->she.op.exportKey.m1, 0x11,
WC_SHE_M1_SZ);
}
if (info->she.op.exportKey.m2 != NULL) {
XMEMSET(info->she.op.exportKey.m2, 0x22,
WC_SHE_M2_SZ);
}
if (info->she.op.exportKey.m3 != NULL) {
XMEMSET(info->she.op.exportKey.m3, 0x33,
WC_SHE_M3_SZ);
}
if (info->she.op.exportKey.m4 != NULL) {
XMEMSET(info->she.op.exportKey.m4, 0x44,
WC_SHE_M4_SZ);
}
if (info->she.op.exportKey.m5 != NULL) {
XMEMSET(info->she.op.exportKey.m5, 0x55,
WC_SHE_M5_SZ);
}
ret = 0;
break;
default:
ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
break;
}
/* Restore devId */
she->devId = savedDevId;
}
#endif /* WOLFSSL_SHE && !NO_AES */
(void)devIdArg;
(void)myCtx;
return ret;
}
#ifdef WOLF_CRYPTO_CB_FIND
static int myCryptoCbFind(int currentId, int algoType)
{
/* can have algo specific overrides here
switch (algoType) {
i.e.
WC_ALGO_TYPE_CMAC
WC_ALGO_TYPE_SEED
WC_ALGO_TYPE_HMAC
WC_ALGO_TYPE_HASH
WC_ALGO_TYPE_CIPHER
WC_ALGO_TYPE_PK
}
*/
(void)algoType;
if (currentId == INVALID_DEVID) {
/* can override invalid devid found with 1 */
}
return currentId;
}
#endif /* WOLF_CRYPTO_CB_FIND */
#if !defined(WC_TEST_NO_CRYPTOCB_SW_TEST)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void)
{
wc_test_ret_t ret = 0;
int origDevId = devId;
myCryptoDevCtx myCtx;
WOLFSSL_ENTER("cryptocb_test");
/* example data for callback */
myCtx.exampleVar = 1;
/* set devId to something other than INVALID_DEVID */
devId = 1;
ret = wc_CryptoCb_RegisterDevice(devId, myCryptoDevCb, &myCtx);
if (ret != 0)
ret = WC_TEST_RET_ENC_EC(ret);
/* don't overwrite find cb when using WOLFSSL_SWDEV */
#if defined(WOLF_CRYPTO_CB_FIND) && !defined(WOLFSSL_SWDEV)
wc_CryptoCb_SetDeviceFindCb(myCryptoCbFind);
#endif
#ifndef WC_NO_RNG
if (ret == 0)
ret = random_test();
#endif /* WC_NO_RNG */
#if !defined(NO_RSA)
PRIVATE_KEY_UNLOCK();
if (ret == 0)
ret = rsa_test();
PRIVATE_KEY_LOCK();
#endif
#if defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLFSSL_SWDEV)
PRIVATE_KEY_UNLOCK();
if (ret == 0)
ret = rsa_onlycb_test(&myCtx);
PRIVATE_KEY_LOCK();
#endif
#if defined(HAVE_ECC)
PRIVATE_KEY_UNLOCK();
if (ret == 0)
ret = ecc_test();
PRIVATE_KEY_LOCK();
#endif
#if defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLFSSL_SWDEV)
PRIVATE_KEY_UNLOCK();
if (ret == 0)
ret = ecc_onlycb_test(&myCtx);
PRIVATE_KEY_LOCK();
#endif
#if defined(WOLF_CRYPTO_CB_ONLY_SHA256) && !defined(WOLFSSL_SWDEV)
PRIVATE_KEY_UNLOCK();
if (ret == 0)
ret = sha256_onlycb_test(&myCtx);
PRIVATE_KEY_LOCK();
#endif
#if defined(WOLF_CRYPTO_CB_ONLY_AES) && !defined(WOLFSSL_SWDEV)
PRIVATE_KEY_UNLOCK();
if (ret == 0)
ret = aes_onlycb_test(&myCtx);
PRIVATE_KEY_LOCK();
#endif
#ifdef WOLFSSL_HAVE_MLKEM
if (ret == 0)
ret = mlkem_test();
#endif
#ifdef WOLFSSL_HAVE_MLDSA
if (ret == 0)
ret = mldsa_test();
#endif
#ifdef WOLFSSL_HAVE_SLHDSA
if (ret == 0) {
/* Reuse exampleVar as a hit counter for the SLH-DSA cb branches.
* baseline holds the value seen by every other cb at this point;
* we restore it after, so subsequent tests are unaffected.
* Confirms the SLH-DSA cb path was actually exercised; a silent
* SW fallback would otherwise mask a regression in the dispatch.
*
* Only enforce when slhdsa_test() actually runs a cb-routed op:
* !VERIFY_ONLY runs slhdsa_test_param (uses devId), or
* PARAM_128S enables the in-tree KAT verify (also uses devId).
*
* The FIPS wrappers force the devId to FIPS_INVALID_DEVID, so we skip
* the check for FIPS.
*/
int baseline = myCtx.exampleVar;
ret = slhdsa_test();
#if (!defined(WOLFSSL_SLHDSA_VERIFY_ONLY) || \
defined(WOLFSSL_SLHDSA_PARAM_128S)) && \
!defined(HAVE_FIPS)
if ((ret == 0) && (myCtx.exampleVar == baseline))
ret = WC_TEST_RET_ENC_NC;
#endif
myCtx.exampleVar = baseline;
}
#endif
#if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY)
if (ret == 0)
ret = xmss_test();
#endif
#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)
if (ret == 0)
ret = lms_test();
#endif
#ifdef HAVE_ED25519
PRIVATE_KEY_UNLOCK();
if (ret == 0)
ret = ed25519_test();
PRIVATE_KEY_LOCK();
#endif
#ifdef HAVE_CURVE25519
if (ret == 0)
ret = curve25519_test();
#endif
#if !defined(NO_AES) && !defined(WOLF_CRYPTO_CB_ONLY_AES)
/* CB_ONLY_AES skips these (aes_onlycb_test covers that path). */
#ifdef HAVE_AESGCM
if (ret == 0)
ret = aesgcm_test();
#endif
#ifdef HAVE_AES_CBC
if (ret == 0)
ret = aes_test();
#endif
#ifdef WOLFSSL_AES_XTS
if (ret == 0)
ret = aes_xts_test();
#endif
#if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
if (ret == 0)
ret = aesccm_test();
#endif
#endif /* !NO_AES && !WOLF_CRYPTO_CB_ONLY_AES */
#ifndef NO_DES3
if (ret == 0)
ret = des3_test();
#endif /* !NO_DES3 */
#ifndef NO_SHA
if (ret == 0)
ret = sha_test();
#endif
#ifdef WOLFSSL_SHA224
if (ret == 0)
ret = sha224_test();
#endif
#ifndef NO_SHA256
if (ret == 0)
ret = sha256_test();
#endif
#ifdef WOLFSSL_SHA384
if (ret == 0)
ret = sha384_test();
#endif
#ifdef WOLFSSL_SHA512
if (ret == 0)
ret = sha512_test();
#if !defined(WOLFSSL_NOSHA512_224) && \
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
/* exercises the SHA-512/224 fallback to the generic SHA-512 callback,
* including object reuse after Final */
if (ret == 0)
ret = sha512_224_test();
#endif
#if !defined(WOLFSSL_NOSHA512_256) && \
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
if (ret == 0)
ret = sha512_256_test();
#endif
#ifdef WOLFSSL_SHA3
if (ret == 0)
ret = sha3_test();
#ifdef WOLFSSL_SHAKE128
if (ret == 0)
ret = shake128_test();
#endif
#ifdef WOLFSSL_SHAKE256
if (ret == 0)
ret = shake256_test();
#endif
#endif
#endif
#ifndef NO_HMAC
#ifndef NO_SHA
if (ret == 0)
ret = hmac_sha_test();
#endif
#ifndef NO_SHA256
if (ret == 0)
ret = hmac_sha256_test();
#endif
#ifdef WOLFSSL_SHA3
if (ret == 0)
ret = hmac_sha3_test();
#endif
#endif
#if defined(HAVE_HKDF) && !defined(NO_HMAC)
if (ret == 0)
ret = hkdf_test();
#endif
#if defined(HAVE_CMAC_KDF)
if (ret == 0)
ret = nist_sp80056c_twostep_cmac();
#endif /* HAVE_CMAC_KDF */
#ifndef NO_PWDBASED
#if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC)
PRIVATE_KEY_UNLOCK();
if (ret == 0)
ret = pbkdf2_test();
PRIVATE_KEY_LOCK();
#endif
#endif
#if defined(WOLFSSL_CMAC) && !defined(NO_AES)
if (ret == 0)
ret = cmac_test();
#endif
wc_CryptoCb_UnRegisterDevice(devId);
/* restore devId */
devId = origDevId;
return ret;
}
#endif /* ! WC_TEST_NO_CRYPTOCB_SW_TEST */
#endif /* WOLF_CRYPTO_CB */
#ifdef WOLFSSL_CERT_PIV
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certpiv_test(void)
{
wc_test_ret_t ret;
wc_CertPIV piv;
/* Template for Identiv PIV cert, nonce and signature */
WOLFSSL_SMALL_STACK_STATIC const byte pivCertIdentiv[] = {
0x0A, 0x0B,
0x53, 0x09, /* NIST PIV Cert */
0x70, 0x02, /* Certificate */
0x30, 0x00,
0x71, 0x01, 0x05, /* Cert Info */
0xFE, 0x00, /* Error Detection */
0x0B, 0x01, 0x00, /* Nonce */
0x0C, 0x01, 0x00, /* Signed Nonce */
};
/* PIV certificate data including certificate, info and error detection. */
WOLFSSL_SMALL_STACK_STATIC const byte pivCert[] = {
0x53, 0x09, /* NIST PIV Cert */
0x70, 0x02, /* Certificate */
0x30, 0x00,
0x71, 0x01, 0x04, /* Cert Info */
0xFE, 0x00, /* Error Detection */
};
WOLFSSL_ENTER("certpiv_test");
XMEMSET(&piv, 0, sizeof(piv));
/* Test with Identiv 0x0A, 0x0B and 0x0C markers */
ret = wc_ParseCertPIV(&piv, pivCertIdentiv, sizeof(pivCertIdentiv));
if (ret != 0) {
return WC_TEST_RET_ENC_EC(ret);
}
if (!piv.isIdentiv) {
return WC_TEST_RET_ENC_NC;
}
if ((piv.cert == NULL) || (piv.certSz != 2)) {
return WC_TEST_RET_ENC_NC;
}
if ((piv.certErrDet == NULL) || (piv.certErrDetSz != 0)) {
return WC_TEST_RET_ENC_NC;
}
if ((piv.compression != ASN_PIV_CERT_INFO_GZIP)) {
return WC_TEST_RET_ENC_NC;
}
if (!piv.isX509) {
return WC_TEST_RET_ENC_NC;
}
if ((piv.nonce == NULL) || (piv.nonceSz != 1)) {
return WC_TEST_RET_ENC_NC;
}
if ((piv.signedNonce == NULL) || (piv.signedNonceSz != 1)) {
return WC_TEST_RET_ENC_NC;
}
XMEMSET(&piv, 0, sizeof(piv));
/* Test with NIST PIV format */
ret = wc_ParseCertPIV(&piv, pivCert, sizeof(pivCert));
if (ret != 0) {
return WC_TEST_RET_ENC_EC(ret);
}
if (piv.isIdentiv) {
return WC_TEST_RET_ENC_NC;
}
if ((piv.cert == NULL) || (piv.certSz != 2)) {
return WC_TEST_RET_ENC_NC;
}
if ((piv.certErrDet == NULL) || (piv.certErrDetSz != 0)) {
return WC_TEST_RET_ENC_NC;
}
if ((piv.compression != 0)) {
return WC_TEST_RET_ENC_NC;
}
if (!piv.isX509) {
return WC_TEST_RET_ENC_NC;
}
return ret;
}
#endif /* WOLFSSL_CERT_PIV */
#if !defined(NO_ASN) && !defined(NO_ASN_TIME)
static time_t time_cb(time_t* t)
{
if (t != NULL) {
*t = 99;
}
return 99;
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t time_test(void)
{
time_t t;
wc_test_ret_t ret;
WOLFSSL_ENTER("time_test");
ret = wc_SetTimeCb(time_cb);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
t = wc_Time(NULL);
if (t != 99)
return WC_TEST_RET_ENC_NC;
ret = wc_GetTime(&t, sizeof(time_t));
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
if (t != 99)
return WC_TEST_RET_ENC_NC;
ret = wc_SetTimeCb(NULL);
if (ret != 0)
return WC_TEST_RET_ENC_EC(ret);
return 0;
}
#endif
#if defined(WOLFSSL_AES_SIV) && defined(WOLFSSL_AES_128)
typedef struct {
const byte key[33];
word32 keySz;
const byte nonce[49];
word32 nonceSz;
byte numAssoc;
const byte assoc1[81];
word32 assoc1Sz;
const byte assoc2[11];
word32 assoc2Sz;
const byte plaintext[83];
word32 plaintextSz;
const byte siv[WC_AES_BLOCK_SIZE+1];
const byte ciphertext[82];
word32 ciphertextSz;
} AesSivTestVector;
#define AES_SIV_TEST_VECTORS 9
static wc_test_ret_t aes_siv_oneassoc_test(const AesSivTestVector* testVectors,
int numVectors)
{
int i;
byte computedCiphertext[82];
byte computedPlaintext[82];
byte siv[WC_AES_BLOCK_SIZE];
wc_test_ret_t ret = 0;
/* Test legacy "exactly one Assoc" interface. */
for (i = 0; i < numVectors; ++i) {
if (testVectors[i].numAssoc != 1)
continue;
ret = wc_AesSivEncrypt(testVectors[i].key, testVectors[i].keySz,
testVectors[i].assoc1, testVectors[i].assoc1Sz,
testVectors[i].nonce, testVectors[i].nonceSz,
testVectors[i].plaintext,
testVectors[i].plaintextSz, siv,
computedCiphertext);
if (ret != 0) {
return WC_TEST_RET_ENC_EC(ret);
}
ret = XMEMCMP(siv, testVectors[i].siv, WC_AES_BLOCK_SIZE);
if (ret != 0) {
return WC_TEST_RET_ENC_NC;
}
ret = XMEMCMP(computedCiphertext, testVectors[i].ciphertext,
testVectors[i].ciphertextSz);
if (ret != 0) {
return WC_TEST_RET_ENC_NC;
}
ret = wc_AesSivDecrypt(testVectors[i].key, testVectors[i].keySz,
testVectors[i].assoc1, testVectors[i].assoc1Sz,
testVectors[i].nonce, testVectors[i].nonceSz,
computedCiphertext, testVectors[i].plaintextSz,
siv, computedPlaintext);
if (ret != 0) {
return WC_TEST_RET_ENC_EC(ret);
}
ret = XMEMCMP(computedPlaintext, testVectors[i].plaintext,
testVectors[i].plaintextSz);
if (ret != 0) {
return WC_TEST_RET_ENC_NC;
}
}
return 0;
}
static wc_test_ret_t aes_siv_negative_test(const AesSivTestVector* testVectors,
int n_vectors)
{
byte computedCiphertext[82];
byte computedPlaintext[82];
byte siv[WC_AES_BLOCK_SIZE];
word32 j;
wc_test_ret_t ret;
int vector_idx;
/* Find a test vector that has a non-empty plaintext size */
for (vector_idx = 0; vector_idx < n_vectors; vector_idx++) {
if (testVectors[vector_idx].plaintextSz > 0U)
break;
}
if (vector_idx == n_vectors) {
return WC_TEST_RET_ENC_NC;
}
/* Negative test: corrupted SIV must be rejected with AES_SIV_AUTH_E. */
ret = wc_AesSivEncrypt(
testVectors[vector_idx].key,
testVectors[vector_idx].keySz,
testVectors[vector_idx].assoc1,
testVectors[vector_idx].assoc1Sz,
testVectors[vector_idx].nonce,
testVectors[vector_idx].nonceSz,
testVectors[vector_idx].plaintext,
testVectors[vector_idx].plaintextSz,
siv, computedCiphertext);
if (ret != 0) {
return WC_TEST_RET_ENC_EC(ret);
}
XMEMSET(computedPlaintext, 0xFF, sizeof(computedPlaintext));
/* Corrupt one byte of the SIV tag. */
siv[0] ^= 0x01;
ret = wc_AesSivDecrypt(
testVectors[vector_idx].key, testVectors[vector_idx].keySz,
testVectors[vector_idx].assoc1, testVectors[vector_idx].assoc1Sz,
testVectors[vector_idx].nonce, testVectors[vector_idx].nonceSz,
computedCiphertext, testVectors[vector_idx].plaintextSz,
siv, computedPlaintext);
if (ret != WC_NO_ERR_TRACE(AES_SIV_AUTH_E)) {
return WC_TEST_RET_ENC_EC(ret);
}
for (j = 0; j < testVectors[vector_idx].plaintextSz; ++j) {
if (computedPlaintext[j] != 0) {
return WC_TEST_RET_ENC_NC;
}
}
return 0;
}
static wc_test_ret_t aes_siv_multiassoc_test(const AesSivTestVector* testVectors,
int numVectors)
{
int i;
byte computedCiphertext[82];
byte computedPlaintext[82];
byte siv[WC_AES_BLOCK_SIZE];
wc_test_ret_t ret = 0;
/* Test "multiple Assoc" interface. */
for (i = 0; i < numVectors; ++i) {
const struct AesSivAssoc assoc[2] = {
{ testVectors[i].assoc1, testVectors[i].assoc1Sz },
{ testVectors[i].assoc2, testVectors[i].assoc2Sz }
};
ret = wc_AesSivEncrypt_ex(testVectors[i].key, testVectors[i].keySz,
assoc, testVectors[i].numAssoc,
testVectors[i].nonce, testVectors[i].nonceSz,
testVectors[i].plaintext,
testVectors[i].plaintextSz, siv,
computedCiphertext);
if (ret != 0) {
return WC_TEST_RET_ENC_EC(ret);
}
ret = XMEMCMP(siv, testVectors[i].siv, WC_AES_BLOCK_SIZE);
if (ret != 0) {
return WC_TEST_RET_ENC_NC;
}
ret = XMEMCMP(computedCiphertext, testVectors[i].ciphertext,
testVectors[i].ciphertextSz);
if (ret != 0) {
return WC_TEST_RET_ENC_NC;
}
ret = wc_AesSivDecrypt_ex(testVectors[i].key, testVectors[i].keySz,
assoc, testVectors[i].numAssoc,
testVectors[i].nonce, testVectors[i].nonceSz,
computedCiphertext,
testVectors[i].plaintextSz, siv,
computedPlaintext);
if (ret != 0) {
return WC_TEST_RET_ENC_EC(ret);
}
ret = XMEMCMP(computedPlaintext, testVectors[i].plaintext,
testVectors[i].plaintextSz);
if (ret != 0) {
return WC_TEST_RET_ENC_NC;
}
}
return 0;
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
{
WOLFSSL_SMALL_STACK_STATIC const AesSivTestVector testVectors[AES_SIV_TEST_VECTORS] = {
/* These test vectors come from chrony 4.1's SIV unit tests. */
{ "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
"\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
"\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16,
1,
"", 0,
"", 0,
"", 0,
"\x22\x3e\xb5\x94\xe0\xe0\x25\x4b\x00\x25\x8e\x21\x9a\x1c\xa4\x21",
"", 0
},
{ "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
"\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
"\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16,
1,
"\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b", 16,
"", 0,
"", 0,
"\xd7\x20\x19\x89\xc6\xdb\xc6\xd6\x61\xfc\x62\xbc\x86\x5e\xee\xef",
"", 0
},
{ "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
"\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
"\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16,
1,
"", 0,
"", 0,
"\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b", 16,
"\xb6\xc1\x60\xe9\xc2\xfd\x2a\xe8\xde\xc5\x36\x8b\x2a\x33\xed\xe1",
"\x14\xff\xb3\x97\x34\x5c\xcb\xe4\x4a\xa4\xde\xac\xd9\x36\x90\x46", 16
},
{ "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
"\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
"\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e", 15,
1,
"\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c", 15,
"", 0,
"\xba\x99\x79\x31\x23\x7e\x3c\x53\x58\x7e\xd4\x93\x02\xab\xe4", 15,
"\x03\x8c\x41\x51\xba\x7a\x8f\x77\x6e\x56\x31\x99\x42\x0b\xc7\x03",
"\xe7\x6c\x67\xc9\xda\xb7\x0d\x5b\x44\x06\x26\x5a\xd0\xd2\x3b", 15
},
{ "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
"\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
"\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16,
1,
"\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b", 16,
"", 0,
"\xba\x99\x79\x31\x23\x7e\x3c\x53\x58\x7e\xd4\x93\x02\xab\xe4\xa7", 16,
"\x5c\x05\x23\x65\xf4\x57\x0a\xa0\xfb\x38\x3e\xce\x9b\x75\x85\xeb",
"\x68\x85\x19\x36\x0c\x7c\x48\x11\x40\xcb\x9b\x57\x9a\x0e\x65\x32", 16
},
{ "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
"\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
"\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
"\xd5", 17,
1,
"\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b"
"\xa0", 17,
"", 0,
"\xba\x99\x79\x31\x23\x7e\x3c\x53\x58\x7e\xd4\x93\x02\xab\xe4\xa7"
"\x08", 17,
"\xaf\x58\x4b\xe7\x82\x1e\x96\x19\x29\x91\x25\xe0\xdd\x80\x3b\x49",
"\xa5\x11\xcd\xb6\x08\xf3\x76\xa0\xb6\xfa\x15\x82\xf3\x95\xe1\xeb"
"\xbd", 17
},
{ "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
"\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
"\xb0\x5a\x1b\xc7\x56\xe7\xb6\x2c\xb4\x85\xe5\x56\xa5\x28\xc0\x6c"
"\x2f\x3b\x0b\x9d\x1a\x0c\xdf\x69\x47\xe0\xcc\xc0\x87\xaa\x5c\x09"
"\x98\x48\x8d\x6a\x8e\x1e\x05\xd7\x8b\x68\x74\x83\xb5\x1d\xf1\x2c", 48,
1,
"\xe5\x8b\xd2\x6a\x30\xc5\xc5\x61\xcc\xbd\x7c\x27\xbf\xfe\xf9\x06"
"\x00\x5b\xd7\xfc\x11\x0b\xcf\x16\x61\xef\xac\x05\xa7\xaf\xec\x27"
"\x41\xc8\x5e\x9e\x0d\xf9\x2f\xaf\x20\x79\x17\xe5\x17\x91\x2a\x27"
"\x34\x1c\xbc\xaf\xeb\xef\x7f\x52\xe7\x1e\x4c\x2a\xca\xbd\x2b\xbe"
"\x34\xd6\xfb\x69\xd3\x3e\x49\x59\x60\xb4\x26\xc9\xb8\xce\xba", 79,
"", 0,
"\x6c\xe7\xcf\x7e\xab\x7b\xa0\xe1\xa7\x22\xcb\x88\xde\x5e\x42\xd2"
"\xec\x79\xe0\xa2\xcf\x5f\x0f\x6f\x6b\x89\x57\xcd\xae\x17\xd4\xc2"
"\xf3\x1b\xa2\xa8\x13\x78\x23\x2f\x83\xa8\xd4\x0c\xc0\xd2\xf3\x99"
"\xae\x81\xa1\xca\x5b\x5f\x45\xa6\x6f\x0c\x8a\xf3\xd4\x67\x40\x81"
"\x26\xe2\x01\x86\xe8\x5a\xd5\xf8\x58\x80\x9f\x56\xaa\x76\x96\xbf"
"\x31", 81,
"\x9a\x06\x33\xe0\xee\x00\x6a\x9b\xc8\x20\xd5\xe2\xc2\xed\xb5\x75",
"\xfa\x9e\x42\x2a\x31\x6b\xda\xca\xaa\x7d\x31\x8b\x84\x7a\xb8\xd7"
"\x8a\x81\x25\x64\xed\x41\x9b\xa9\x77\x10\xbd\x05\x0c\x4e\xc5\x31"
"\x0c\xa2\x86\xec\x8a\x94\xc8\x24\x23\x3c\x13\xee\xa5\x51\xc9\xdf"
"\x48\xc9\x55\xc5\x2f\x40\x73\x3f\x98\xbb\x8d\x69\x78\x46\x64\x17"
"\x8d\x49\x2f\x14\x62\xa4\x7c\x2a\x57\x38\x87\xce\xc6\x72\xd3\x5c"
"\xa1", 81
},
/* Example A.1 from RFC5297 */
{
"\xff\xfe\xfd\xfc\xfb\xfa\xf9\xf8\xf7\xf6\xf5\xf4\xf3\xf2\xf1\xf0"
"\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", 32,
"", 0,
1,
"\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
"\x20\x21\x22\x23\x24\x25\x26\x27", 24,
"", 0,
"\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee", 14,
"\x85\x63\x2d\x07\xc6\xe8\xf3\x7f\x95\x0a\xcd\x32\x0a\x2e\xcc\x93",
"\x40\xc0\x2b\x96\x90\xc4\xdc\x04\xda\xef\x7f\x6a\xfe\x5c", 14
},
/* Example A.2 from RFC5297 */
{
"\x7f\x7e\x7d\x7c\x7b\x7a\x79\x78\x77\x76\x75\x74\x73\x72\x71\x70"
"\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f", 32,
"\x09\xf9\x11\x02\x9d\x74\xe3\x5b\xd8\x41\x56\xc5\x63\x56\x88\xc0", 16,
2,
"\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff"
"\xde\xad\xda\xda\xde\xad\xda\xda\xff\xee\xdd\xcc\xbb\xaa\x99\x88"
"\x77\x66\x55\x44\x33\x22\x11\x00", 40,
"\x10\x20\x30\x40\x50\x60\x70\x80\x90\xa0", 10,
"\x74\x68\x69\x73\x20\x69\x73\x20\x73\x6f\x6d\x65\x20\x70\x6c\x61"
"\x69\x6e\x74\x65\x78\x74\x20\x74\x6f\x20\x65\x6e\x63\x72\x79\x70"
"\x74\x20\x75\x73\x69\x6e\x67\x20\x53\x49\x56\x2d\x41\x45\x53", 47,
"\x7b\xdb\x6e\x3b\x43\x26\x67\xeb\x06\xf4\xd1\x4b\xff\x2f\xbd\x0f",
"\xcb\x90\x0f\x2f\xdd\xbe\x40\x43\x26\x60\x19\x65\xc8\x89\xbf\x17"
"\xdb\xa7\x7c\xeb\x09\x4f\xa6\x63\xb7\xa3\xf7\x48\xba\x8a\xf8\x29"
"\xea\x64\xad\x54\x4a\x27\x2e\x9c\x48\x5b\x62\xa3\xfd\x5c\x0d", 47
}
};
wc_test_ret_t ret;
WOLFSSL_ENTER("aes_siv_test");
ret = aes_siv_oneassoc_test(testVectors, AES_SIV_TEST_VECTORS);
if (ret != 0)
return ret;
ret = aes_siv_multiassoc_test(testVectors, AES_SIV_TEST_VECTORS);
if (ret != 0)
return ret;
ret = aes_siv_negative_test(testVectors, AES_SIV_TEST_VECTORS);
if (ret != 0)
return ret;
return 0;
}
#endif
#ifdef REALLY_LONG_DRBG_CONTINUOUS_TEST
/* Test configuration */
#define STRESS_TEST_ITERATIONS 4000000000UL /* 100 million iterations */
#define PROGRESS_INTERVAL 10000000UL /* Report every 10M */
#define BUFFER_SIZE 32
/* Color codes for output */
#define COLOR_GREEN "\033[0;32m"
#define COLOR_RED "\033[0;31m"
#define COLOR_YELLOW "\033[0;33m"
#define COLOR_RESET "\033[0m"
void print_result(const char* test_name, int passed, int *all_passed)
{
printf("[%s] %s\n",
(passed == 0) ? COLOR_GREEN "PASS" COLOR_RESET :
COLOR_RED "FAIL" COLOR_RESET,
test_name);
if (passed != 0) {
printf("Test result was %d\n", passed);
*all_passed = 0;
}
}
/* Test 1: Basic RNG functionality */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t test_basic_rng(void)
{
WC_RNG rng;
byte buffer[BUFFER_SIZE];
int ret = 0;
printf("--- Test 1: Basic RNG Functionality ---\n");
ret = wc_InitRng(&rng);
if (ret != 0) {
printf("ERROR: wc_InitRng failed with code %d: %s\n",
ret, wc_GetErrorString(ret));
return ret;
}
/* Generate some random bytes */
ret = wc_RNG_GenerateBlock(&rng, buffer, BUFFER_SIZE);
if (ret != 0) {
printf("ERROR: wc_RNG_GenerateBlock failed with code %d: %s\n",
ret, wc_GetErrorString(ret));
wc_FreeRng(&rng);
return ret;
}
/* Check that buffer is not all zeros */
int all_zeros = 1;
for (int i = 0; i < BUFFER_SIZE; i++) {
if (buffer[i] != 0) {
all_zeros = 0;
break;
}
}
if (all_zeros) {
printf("ERROR: RNG generated all zeros\n");
wc_FreeRng(&rng);
return DRBG_CONT_FIPS_E;
}
printf("Generated %d random bytes successfully\n", BUFFER_SIZE);
ret = wc_FreeRng(&rng);
return ret;
}
/* Test 2: Multiple RNG instances */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t test_multiple_rngs(void)
{
#define NUM_RNGS 100
WC_RNG rngs[NUM_RNGS];
byte buffers[NUM_RNGS][BUFFER_SIZE];
int ret = 0;
int i, j;
int all_same = 1;
printf("\n--- Test 2: Multiple RNG Instances ---\n");
/* Initialize all RNGs */
for (i = 0; i < NUM_RNGS; i++) {
ret = wc_InitRng(&rngs[i]);
if (ret != 0) {
printf("ERROR: wc_InitRng[%d] failed with code %d\n", i, ret);
/* Clean up any initialized RNGs */
for (j = 0; j < i; j++) {
wc_FreeRng(&rngs[j]);
}
return ret;
}
}
/* Generate random data from all RNGs */
for (i = 0; i < NUM_RNGS; i++) {
ret = wc_RNG_GenerateBlock(&rngs[i], buffers[i], BUFFER_SIZE);
if (ret != 0) {
printf("ERROR: wc_RNG_GenerateBlock[%d] failed with code %d\n",
i, ret);
for (j = 0; j < NUM_RNGS; j++) {
wc_FreeRng(&rngs[j]);
}
return ret;
}
}
/* Verify outputs are different (not all the same) */
for (i = 1; i < NUM_RNGS; i++) {
if (memcmp(buffers[0], buffers[i], BUFFER_SIZE) != 0) {
all_same = 0;
break;
}
}
if (all_same) {
printf("WARNING: All RNG outputs are identical (unexpected)\n");
}
/* Clean up */
for (i = 0; i < NUM_RNGS; i++) {
wc_FreeRng(&rngs[i]);
}
if (ret == 0) {
printf("Successfully operated %d RNG instances concurrently\n",
NUM_RNGS);
} else {
printf("Experienced failure %d\n", ret);
}
return ret;
}
/* Test 3: Stress test - run many iterations to detect false positives */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t test_stress_rng(
unsigned long iterations)
{
WC_RNG rng;
byte buffer[BUFFER_SIZE];
int ret = 0;
unsigned long i;
unsigned long errors = 0;
printf("\n--- Test 5: Stress Test (%lu iterations) ---\n", iterations);
printf("Verifies no false positive continuous test failures occur.\n");
ret = wc_InitRng(&rng);
if (ret != 0) {
printf("ERROR: wc_InitRng failed with code %d\n", ret);
return ret;
}
for (i = 0; i < iterations; i++) {
ret = wc_RNG_GenerateBlock(&rng, buffer, BUFFER_SIZE);
if (ret != 0 ) {
printf("\n" COLOR_RED "ERROR: error at iteration %lu"
COLOR_RESET "\n", i);
errors++;
}
/* Progress reporting */
if ((i + 1) % PROGRESS_INTERVAL == 0) {
printf(" Progress: %lu iterations (%.1f%%)...\r",
i + 1, (double)(i + 1) / iterations * 100.0);
fflush(stdout);
}
}
printf("\n");
wc_FreeRng(&rng);
if (errors == 0) {
printf(COLOR_GREEN "Completed %lu iterations, no false positives!"
COLOR_RESET "\n", iterations);
return 0;
} else {
printf(COLOR_RED "Test failed with %lu errors" COLOR_RESET "\n",
errors);
return ret;
}
}
/* Test 4: Reinitialize RNG multiple times */
#ifndef WOLFSSL_PTHREADS
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t test_reinit_rng(void)
{
WC_RNG rng;
byte buffer[BUFFER_SIZE];
int ret = 0;
unsigned long i;
unsigned long REINIT_COUNT = STRESS_TEST_ITERATIONS;
printf("\n--- Test 4: RNG Reinitialization Test ---\n");
for (i = 0; i < REINIT_COUNT; i++) {
ret = wc_InitRng(&rng);
if (ret != 0) {
#if defined(HAVE_FIPS) && defined(VERBOSE_STRESS_TEST)
/* SUPER noisy default on when not FIPS and off when FIPS */
printf("ERROR: wc_InitRng failed at iteration %lu with code "
"%d\n", i, ret);
#endif
return ret;
}
ret = wc_RNG_GenerateBlock(&rng, buffer, BUFFER_SIZE);
if (ret != 0) {
#if defined(HAVE_FIPS) && defined(VERBOSE_STRESS_TEST)
/* SUPER noisy default on when not FIPS and off when FIPS */
printf("ERROR: wc_RNG_GenerateBlock failed at iteration %lu "
"with code %d\n", i, ret);
#endif
wc_FreeRng(&rng);
return ret;
}
wc_FreeRng(&rng);
}
printf("Successfully reinitialized RNG %lu times\n", REINIT_COUNT);
return 0;
}
#else
/* RNG ReInit Test Configuration
*
* You can override these at compile time with -DNUM_THREADS=X
* or use one of the predefined test profiles below:
*
* Profile A (Default - Aggressive): 40 threads x 100M = 4B iterations
* - Expected ~30 statistical false positives
* - High entropy source stress
* - Total entropy demand: ~528 GB
*
* Profile B (Moderate): 4 threads x 1M = 4M iterations
* - Expected ~0.03 statistical false positives (unlikely to see any)
* - Moderate entropy source stress
* - Compile with: -DRNG_TEST_PROFILE=2
*
* Profile C (Single-threaded): 1 thread x 100M = 100M iterations
* - Expected ~0.75 statistical false positives
* - Tests for false positives without threading stress
* - Compile with: -DRNG_TEST_PROFILE=3
*/
#if defined(RNG_TEST_PROFILE) && (RNG_TEST_PROFILE == 2)
/* Profile B: Moderate test - reduced entropy stress */
#ifndef NUM_THREADS
#define NUM_THREADS 4
#endif
#ifndef ITERATIONS_PER_THREAD
/* Only testing 400 million, expect 1 or 0 failures */
#define ITERATIONS_PER_THREAD 1000000
#endif
#elif defined(RNG_TEST_PROFILE) && (RNG_TEST_PROFILE == 3)
/* Profile C: Single-threaded stress - no thread contention */
#ifndef NUM_THREADS
#define NUM_THREADS 1
#endif
#ifndef ITERATIONS_PER_THREAD
/* Test 4 billion with no thread contention and less likely to
* deplete entropy pool, expect 0 failures */
#define ITERATIONS_PER_THREAD 4000000000
#endif
#else
/* Profile A (Default): Aggressive multi-threaded test */
#ifndef NUM_THREADS
#define NUM_THREADS 40
#endif
#ifndef ITERATIONS_PER_THREAD
/* Test 4 billion with high probability of entropy depletion.
* expect many failures (30+ threads failing) */
#define ITERATIONS_PER_THREAD 100000000
#endif
#endif
struct worker_args {
int id;
unsigned long iterations;
int result;
unsigned long succCnt;
};
static THREAD_RETURN WOLFSSL_THREAD reinit_worker(void *args)
{
struct worker_args* wa = (struct worker_args*)args;
WC_RNG rng;
byte buffer[BUFFER_SIZE];
int ret = 0;
unsigned long i;
for (i = 0; i < wa->iterations; i++) {
ret = wc_InitRng(&rng);
if (ret != 0) {
#if defined(HAVE_FIPS) && defined(VERBOSE_STRESS_TEST)
/* SUPER noisy default on when not FIPS and off when FIPS */
printf("ERROR: wc_InitRng failed at iteration %lu with code "
"%d\n", i, ret);
#endif
wa->result = ret;
wa->succCnt -= 1;
}
ret = wc_RNG_GenerateBlock(&rng, buffer, BUFFER_SIZE);
if (ret != 0) {
#if defined(HAVE_FIPS) && defined(VERBOSE_STRESS_TEST)
/* SUPER noisy default on when not FIPS and off when FIPS */
printf("ERROR: wc_RNG_GenerateBlock failed at iteration %lu "
"with code %d\n", i, ret);
#endif
wc_FreeRng(&rng);
wa->result = ret;
}
(void) wc_FreeRng(&rng);
}
wa->result = 0;
WOLFSSL_RETURN_FROM_THREAD(0);
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t test_reinit_rng(void)
{
THREAD_TYPE threads[NUM_THREADS];
struct worker_args args[NUM_THREADS];
int i, ret = 0;
int succT = NUM_THREADS, failT = 0;
unsigned long totalCnt, totalSuccCnt = 0;
unsigned long total_iterations = (unsigned long)NUM_THREADS *
ITERATIONS_PER_THREAD;
totalCnt = (unsigned long) ITERATIONS_PER_THREAD *
(unsigned long) NUM_THREADS;
printf("\n--- Test 4: RNG ReInit Test (multi-threaded) ---\n");
printf("Configuration: %d threads x %lu iterations = %lu total\n",
NUM_THREADS, (unsigned long)ITERATIONS_PER_THREAD,
total_iterations);
#if defined(RNG_TEST_PROFILE)
printf("Test Profile: %d ", RNG_TEST_PROFILE);
#if RNG_TEST_PROFILE == 2
printf("(Moderate - reduced entropy stress)\n");
#elif RNG_TEST_PROFILE == 3
printf("(Single-threaded stress test)\n");
#else
printf("(Custom)\n");
#endif
#else
printf("Test Profile: Default (Aggressive multi-threaded)\n");
#endif
printf("Current expected statistical false positive rate with ADP/RCT"
": NONE\n");
printf("Historical expected statistical false positive rate with "
"continuous test: ~%.2f failures\n",
(double)total_iterations * 32.0 / 4294967296.0);
for (i = 0; i < NUM_THREADS; i++) {
args[i].id = i;
args[i].iterations = ITERATIONS_PER_THREAD;
args[i].succCnt = ITERATIONS_PER_THREAD;
ret = wolfSSL_NewThread(&threads[i], &reinit_worker, &args[i]);
if (ret != 0) {
printf("ERROR: Failed to create thread %d\n", i);
goto drbg_cont_end;
}
}
for (i = 0; i < NUM_THREADS; i++) {
wolfSSL_JoinThread(threads[i]);
}
for (i = 0; i < NUM_THREADS; i++) {
if (args[i].result == 0) {
printf("Thread %d Succeeded\n", i);
} else {
succT -= 1;
failT += 1;
printf("Thread %d failed\n", i);
}
totalSuccCnt += args[i].succCnt;
}
drbg_cont_end:
printf("Reinitialized RNG %lu times across %d threads\n",
total_iterations, NUM_THREADS);
printf("Experienced %d thread failures and %d thread successes\n",
failT, succT);
if (totalCnt == totalSuccCnt) {
printf("All %lu API calls succeeded\n", totalSuccCnt);
} else {
printf("%lu/%lu API calls failed\n", totalCnt - totalSuccCnt,
totalCnt);
}
return failT;
}
#endif /* !WOLFSSL_PTHREADS */
/* Test 5: FIPS status check */
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t test_fips_status(void)
{
#ifdef HAVE_FIPS
int status;
printf("\n--- Test 3: FIPS Status Check ---\n");
status = wolfCrypt_GetStatus_fips();
printf("FIPS Module Status: %d\n", status);
if (status != 0) {
printf(COLOR_YELLOW "WARNING: FIPS module not OK state (status=%d)"
COLOR_RESET "\n", status);
return -1;
} else {
printf(COLOR_GREEN "FIPS module in OK state" COLOR_RESET "\n");
return 0;
}
#else
printf("\n--- Test 3: FIPS Status Check ---\n");
printf(COLOR_YELLOW "SKIPPED: FIPS not enabled" COLOR_RESET "\n");
return 0; /* Not a failure, just skipped */
#endif
}
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t drbg_continuous_main(void)
{
int all_passed = 1;
unsigned long stress_iterations = STRESS_TEST_ITERATIONS;
printf("===============================================\n");
printf("DRBG Continuous Test Validation Suite\n");
printf("===============================================\n");
#ifdef HAVE_FIPS
printf("FIPS Build: YES\n");
printf("FIPS Version: %s\n", wolfCrypt_GetVersion_fips());
#else
printf("FIPS Build: NO\n");
#endif
printf("\n");
/* Run tests */
/* Test 1 */
print_result("Basic RNG Functionality", test_basic_rng(), &all_passed);
/* Test 2 */
print_result("Multiple RNG Instances", test_multiple_rngs(),
&all_passed);
/* Test 3 */
print_result("FIPS Status Check", test_fips_status(), &all_passed);
/* Test 4 */
print_result("RNG Reinitialization", test_reinit_rng(), &all_passed);
/* Stress test (takes longest) */
/* Test 5 */
print_result("Stress Test (No False Positives)",
test_stress_rng(stress_iterations), &all_passed);
/* Test 3 - ReRun after the heavy stress tests */
print_result("FIPS Status Check", test_fips_status(), &all_passed);
/* Summary */
printf("\n===============================================\n");
if (all_passed) {
printf(COLOR_GREEN "ALL TESTS PASSED" COLOR_RESET "\n");
printf("The DRBG continuous test fix is working correctly.\n");
} else {
printf(COLOR_RED "SOME TESTS FAILED" COLOR_RESET "\n");
printf("Please review the errors above.\n");
}
printf("===============================================\n");
return all_passed ? 0 : 1;
}
#endif /* REALLY_LONG_DRBG_CONTINUOUS_TEST */
#undef ERROR_OUT
static WC_MAYBE_UNUSED const int fiducial4 = WC_TEST_RET_LN;
/* print the fiducial line numbers assigned above, allowing confirmation of
* source code version match when in doubt.
*/
static void print_fiducials(void) {
printf(" [fiducial line numbers: %d %d %d %d]\n",
fiducial1, fiducial2, fiducial3, fiducial4);
}
#else /* NO_CRYPT_TEST && !WC_TEST_EXPORT_SUBTESTS */
#ifndef NO_MAIN_DRIVER
int main(void) { return 0; }
#endif /* !NO_MAIN_DRIVER */
#endif /* !NO_CRYPT_TEST || WC_TEST_EXPORT_SUBTESTS */