wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-27 21:12:22 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
b402102e58f4fbe04993f61562e801e00e1afbf6
wolfssl/tests/api.c
Juliusz Sosinowicz b402102e58 Add backwards compatibility for wolfSSL_get_session 
Before this pull request, `wolfSSL_get_session` always returned a pointer to the internal session cache. The user can't tell if the underlying session hasn't changed before it calls `wolfSSL_set_session` on it. This PR adds a define `NO_SESSION_CACHE_REF` (for now only defined with `OPENSSL_COMPATIBLE_DEFAULTS`) that makes wolfSSL only return a pointer to `ssl->session`. The issue is that this makes the pointer returned non-persistent ie: it gets free'd with the `WOLFSSL` object. This commit leverages the lightweight `ClientCache` to "increase" the size of the session cache. The hash of the session ID is checked to make sure that the underlying session hasn't changed.
2022-02-23 09:47:34 +01:00

53248 lines
1.6 MiB
Raw Blame History

/* api.c API unit tests
*
* Copyright (C) 2006-2021 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* For AES-CBC, input lengths can optionally be validated to be a
* multiple of the block size, by defining WOLFSSL_AES_CBC_LENGTH_CHECKS,
* also available via the configure option --enable-aescbc-length-checks.
*/
/*----------------------------------------------------------------------------*
| Includes
*----------------------------------------------------------------------------*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <wolfssl/wolfcrypt/settings.h>
#ifndef FOURK_BUF
#define FOURK_BUF 4096
#endif
#ifndef TWOK_BUF
#define TWOK_BUF 2048
#endif
#ifndef ONEK_BUF
#define ONEK_BUF 1024
#endif
#if defined(WOLFSSL_STATIC_MEMORY)
#include <wolfssl/wolfcrypt/memory.h>
#endif /* WOLFSSL_STATIC_MEMORY */
#ifndef HEAP_HINT
#define HEAP_HINT NULL
#endif /* WOLFSSL_STAIC_MEMORY */
#ifdef WOLFSSL_ASNC_CRYPT
#include <wolfssl/wolfcrypt/async.h>
#endif
#ifdef HAVE_ECC
#include <wolfssl/wolfcrypt/ecc.h> /* wc_ecc_fp_free */
#ifndef ECC_ASN963_MAX_BUF_SZ
#define ECC_ASN963_MAX_BUF_SZ 133
#endif
#ifndef ECC_PRIV_KEY_BUF
#define ECC_PRIV_KEY_BUF 66 /* For non user defined curves. */
#endif
/* ecc key sizes: 14, 16, 20, 24, 28, 30, 32, 40, 48, 64 */
/* logic to choose right key ECC size */
#if (defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 112
#define KEY14 14
#else
#define KEY14 32
#endif
#if (defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 128
#define KEY16 16
#else
#define KEY16 32
#endif
#if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160
#define KEY20 20
#else
#define KEY20 32
#endif
#if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192
#define KEY24 24
#else
#define KEY24 32
#endif
#if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
#define KEY28 28
#else
#define KEY28 32
#endif
#if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES)
#define KEY30 30
#else
#define KEY30 32
#endif
#define KEY32 32
#if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES)
#define KEY40 40
#else
#define KEY40 32
#endif
#if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
#define KEY48 48
#else
#define KEY48 32
#endif
#if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
#define KEY64 64
#else
#define KEY64 32
#endif
#if !defined(HAVE_COMP_KEY)
#if !defined(NOCOMP)
#define NOCOMP 0
#endif
#else
#if !defined(COMP)
#define COMP 1
#endif
#endif
#if !defined(DER_SZ)
#define DER_SZ(ks) ((ks) * 2 + 1)
#endif
#endif
#ifndef NO_ASN
#include <wolfssl/wolfcrypt/asn_public.h>
#endif
#include <wolfssl/error-ssl.h>
#include <stdlib.h>
#include <wolfssl/ssl.h> /* compatibility layer */
#include <wolfssl/test.h>
#include <tests/unit.h>
#include "examples/server/server.h"
/* for testing compatibility layer callbacks */
#ifndef NO_MD5
#include <wolfssl/wolfcrypt/md5.h>
#endif
#ifndef NO_SHA
#include <wolfssl/wolfcrypt/sha.h>
#endif
#ifndef NO_SHA256
#include <wolfssl/wolfcrypt/sha256.h>
#endif
#ifdef WOLFSSL_SHA512
#include <wolfssl/wolfcrypt/sha512.h>
#endif
#ifdef WOLFSSL_SHA384
#include <wolfssl/wolfcrypt/sha512.h>
#endif
#ifdef WOLFSSL_SHA3
#include <wolfssl/wolfcrypt/sha3.h>
#ifndef HEAP_HINT
#define HEAP_HINT NULL
#endif
#endif
#ifndef NO_AES
#include <wolfssl/wolfcrypt/aes.h>
#ifdef HAVE_AES_DECRYPT
#include <wolfssl/wolfcrypt/wc_encrypt.h>
#endif
#endif
#ifdef WOLFSSL_RIPEMD
#include <wolfssl/wolfcrypt/ripemd.h>
#endif
#ifndef NO_DES3
#include <wolfssl/wolfcrypt/des3.h>
#include <wolfssl/wolfcrypt/wc_encrypt.h>
#endif
#ifdef WC_RC2
#include <wolfssl/wolfcrypt/rc2.h>
#endif
#ifndef NO_HMAC
#include <wolfssl/wolfcrypt/hmac.h>
#endif
#ifdef HAVE_CHACHA
#include <wolfssl/wolfcrypt/chacha.h>
#endif
#ifdef HAVE_POLY1305
#include <wolfssl/wolfcrypt/poly1305.h>
#endif
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
#include <wolfssl/wolfcrypt/chacha20_poly1305.h>
#endif
#ifdef HAVE_CAMELLIA
#include <wolfssl/wolfcrypt/camellia.h>
#endif
#ifndef NO_RC4
#include <wolfssl/wolfcrypt/arc4.h>
#endif
#ifdef HAVE_BLAKE2
#include <wolfssl/wolfcrypt/blake2.h>
#endif
#include <wolfssl/wolfcrypt/hash.h>
#ifndef NO_RSA
#include <wolfssl/wolfcrypt/rsa.h>
#define FOURK_BUF 4096
#define GEN_BUF 294
#ifndef USER_CRYPTO_ERROR
#define USER_CRYPTO_ERROR (-101) /* error returned by IPP lib. */
#endif
#endif
#ifndef NO_SIG_WRAPPER
#include <wolfssl/wolfcrypt/signature.h>
#endif
#ifdef HAVE_AESCCM
#include <wolfssl/wolfcrypt/aes.h>
#endif
#ifdef HAVE_PKCS7
#include <wolfssl/wolfcrypt/pkcs7.h>
#include <wolfssl/wolfcrypt/asn.h>
#ifdef HAVE_LIBZ
#include <wolfssl/wolfcrypt/compress.h>
#endif
#endif
#ifdef WOLFSSL_SMALL_CERT_VERIFY
#include <wolfssl/wolfcrypt/asn.h>
#endif
#ifndef NO_DSA
#include <wolfssl/wolfcrypt/dsa.h>
#ifndef ONEK_BUF
#define ONEK_BUF 1024
#endif
#ifndef TWOK_BUF
#define TWOK_BUF 2048
#endif
#ifndef FOURK_BUF
#define FOURK_BUF 4096
#endif
#ifndef DSA_SIG_SIZE
#define DSA_SIG_SIZE 40
#endif
#ifndef MAX_DSA_PARAM_SIZE
#define MAX_DSA_PARAM_SIZE 256
#endif
#endif
#ifdef WOLFSSL_CMAC
#include <wolfssl/wolfcrypt/cmac.h>
#endif
#ifdef HAVE_ED25519
#include <wolfssl/wolfcrypt/ed25519.h>
#endif
#ifdef HAVE_CURVE25519
#include <wolfssl/wolfcrypt/curve25519.h>
#endif
#ifdef HAVE_ED448
#include <wolfssl/wolfcrypt/ed448.h>
#endif
#ifdef HAVE_CURVE448
#include <wolfssl/wolfcrypt/curve448.h>
#endif
#ifdef HAVE_PKCS12
#include <wolfssl/wolfcrypt/pkcs12.h>
#endif
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_ALL))
#include <wolfssl/openssl/ssl.h>
#ifndef NO_ASN
/* for ASN_COMMON_NAME DN_tags enum */
#include <wolfssl/wolfcrypt/asn.h>
#endif
#ifdef HAVE_OCSP
#include <wolfssl/openssl/ocsp.h>
#endif
#endif
#ifdef OPENSSL_EXTRA
#include <wolfssl/openssl/cmac.h>
#include <wolfssl/openssl/x509v3.h>
#include <wolfssl/openssl/asn1.h>
#include <wolfssl/openssl/crypto.h>
#include <wolfssl/openssl/pkcs12.h>
#include <wolfssl/openssl/evp.h>
#include <wolfssl/openssl/dh.h>
#include <wolfssl/openssl/bn.h>
#include <wolfssl/openssl/buffer.h>
#include <wolfssl/openssl/pem.h>
#include <wolfssl/openssl/ec.h>
#include <wolfssl/openssl/engine.h>
#include <wolfssl/openssl/hmac.h>
#include <wolfssl/openssl/objects.h>
#include <wolfssl/openssl/rand.h>
#include <wolfssl/openssl/modes.h>
#include <wolfssl/openssl/fips_rand.h>
#ifdef OPENSSL_ALL
#include <wolfssl/openssl/txt_db.h>
#include <wolfssl/openssl/lhash.h>
#endif
#ifndef NO_AES
#include <wolfssl/openssl/aes.h>
#endif
#ifndef NO_DES3
#include <wolfssl/openssl/des.h>
#endif
#ifdef HAVE_ECC
#include <wolfssl/openssl/ecdsa.h>
#endif
#ifdef HAVE_PKCS7
#include <wolfssl/openssl/pkcs7.h>
#endif
#ifdef HAVE_ED25519
#include <wolfssl/openssl/ed25519.h>
#endif
#ifdef HAVE_ED448
#include <wolfssl/openssl/ed448.h>
#endif
#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \
&& !defined(NO_SHA256) && !defined(RC_NO_RNG)
#include <wolfssl/wolfcrypt/srp.h>
#endif
#if (defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN)) || \
defined(HAVE_SESSION_TICKET) || (defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN))
/* for testing SSL_get_peer_cert_chain, or SESSION_TICKET_HINT_DEFAULT,
* or for setting authKeyIdSrc in WOLFSSL_X509 */
#include "wolfssl/internal.h"
#endif
/* force enable test buffers */
#ifndef USE_CERT_BUFFERS_2048
#define USE_CERT_BUFFERS_2048
#endif
#ifndef USE_CERT_BUFFERS_256
#define USE_CERT_BUFFERS_256
#endif
#include <wolfssl/certs_test.h>
typedef struct testVector {
const char* input;
const char* output;
size_t inLen;
size_t outLen;
} testVector;
#if defined(HAVE_PKCS7)
typedef struct {
const byte* content;
word32 contentSz;
int contentOID;
int encryptOID;
int keyWrapOID;
int keyAgreeOID;
byte* cert;
size_t certSz;
byte* privateKey;
word32 privateKeySz;
} pkcs7EnvelopedVector;
#ifndef NO_PKCS7_ENCRYPTED_DATA
typedef struct {
const byte* content;
word32 contentSz;
int contentOID;
int encryptOID;
byte* encryptionKey;
word32 encryptionKeySz;
} pkcs7EncryptedVector;
#endif
#endif /* HAVE_PKCS7 */
/*----------------------------------------------------------------------------*
| Constants
*----------------------------------------------------------------------------*/
#define TEST_SUCCESS (1)
#define TEST_FAIL (0)
#define testingFmt " %s:"
#define resultFmt " %s\n"
static const char* passed = "passed";
static const char* failed = "failed";
#define TEST_STRING "Everyone gets Friday off."
#define TEST_STRING_SZ 25
#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
#define TEST_RSA_BITS 1024
#else
#define TEST_RSA_BITS 2048
#endif
#define TEST_RSA_BYTES (TEST_RSA_BITS/8)
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
(!defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT))
static const char* bogusFile =
#ifdef _WIN32
"NUL"
#else
"/dev/null"
#endif
;
#endif /* !NO_FILESYSTEM && !NO_CERTS && (!NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT) */
enum {
TESTING_RSA = 1,
TESTING_ECC = 2
};
#ifdef WOLFSSL_QNX_CAAM
#include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
static int devId = WOLFSSL_CAAM_DEVID;
#else
static int devId = INVALID_DEVID;
#endif
/*----------------------------------------------------------------------------*
| Setup
*----------------------------------------------------------------------------*/
static int test_wolfSSL_Init(void)
{
int result;
printf(testingFmt, "wolfSSL_Init()");
result = wolfSSL_Init();
printf(resultFmt, result == WOLFSSL_SUCCESS ? passed : failed);
return result;
}
static int test_wolfSSL_Cleanup(void)
{
int result;
printf(testingFmt, "wolfSSL_Cleanup()");
result = wolfSSL_Cleanup();
printf(resultFmt, result == WOLFSSL_SUCCESS ? passed : failed);
return result;
}
/* Initialize the wolfCrypt state.
* POST: 0 success.
*/
static int test_wolfCrypt_Init(void)
{
int result;
printf(testingFmt, "wolfCrypt_Init()");
result = wolfCrypt_Init();
printf(resultFmt, result == 0 ? passed : failed);
return result;
} /* END test_wolfCrypt_Init */
/*----------------------------------------------------------------------------*
| Platform dependent function test
*----------------------------------------------------------------------------*/
static int test_fileAccess(void)
{
#if defined(WOLFSSL_TEST_PLATFORMDEPEND) && !defined(NO_FILESYSTEM)
const char *fname[] = {
svrCertFile, svrKeyFile, caCertFile,
eccCertFile, eccKeyFile, eccRsaCertFile,
cliCertFile, cliCertDerFile, cliKeyFile,
dhParamFile,
cliEccKeyFile, cliEccCertFile, caEccCertFile, edCertFile, edKeyFile,
cliEdCertFile, cliEdKeyFile, caEdCertFile,
NULL
};
const char derfile[] = "./certs/server-cert.der";
XFILE f;
size_t sz;
byte *buff;
int i;
printf(testingFmt, "test_fileAccess()");
AssertTrue(XFOPEN("badfilename", "rb") == XBADFILE);
for(i=0; fname[i] != NULL ; i++){
AssertTrue((f = XFOPEN(fname[i], "rb")) != XBADFILE);
XFCLOSE(f);
}
AssertTrue((f = XFOPEN(derfile, "rb")) != XBADFILE);
AssertTrue(XFSEEK(f, 0, XSEEK_END) == 0);
sz = (size_t) XFTELL(f);
XREWIND(f);
AssertTrue(sz == sizeof_server_cert_der_2048);
AssertTrue((buff = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)) != NULL) ;
AssertTrue(XFREAD(buff, 1, sz, f) == sz);
XMEMCMP(server_cert_der_2048, buff, sz);
printf(resultFmt, passed);
#endif
return WOLFSSL_SUCCESS;
}
/*----------------------------------------------------------------------------*
| Method Allocators
*----------------------------------------------------------------------------*/
static void test_wolfSSL_Method_Allocators(void)
{
#define TEST_METHOD_ALLOCATOR(allocator, condition) \
do { \
WOLFSSL_METHOD *method; \
condition(method = allocator()); \
XFREE(method, 0, DYNAMIC_TYPE_METHOD); \
} while(0)
#define TEST_VALID_METHOD_ALLOCATOR(a) \
TEST_METHOD_ALLOCATOR(a, AssertNotNull)
#define TEST_INVALID_METHOD_ALLOCATOR(a) \
TEST_METHOD_ALLOCATOR(a, AssertNull)
#ifndef NO_OLD_TLS
#ifdef WOLFSSL_ALLOW_SSLV3
#ifndef NO_WOLFSSL_SERVER
TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_server_method);
#endif
#ifndef NO_WOLFSSL_CLIENT
TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_client_method);
#endif
#endif
#ifdef WOLFSSL_ALLOW_TLSV10
#ifndef NO_WOLFSSL_SERVER
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_server_method);
#endif
#ifndef NO_WOLFSSL_CLIENT
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_client_method);
#endif
#endif
#ifndef NO_WOLFSSL_SERVER
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_server_method);
#endif
#ifndef NO_WOLFSSL_CLIENT
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_client_method);
#endif
#endif /* !NO_OLD_TLS */
#ifndef WOLFSSL_NO_TLS12
#ifndef NO_WOLFSSL_SERVER
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_server_method);
#endif
#ifndef NO_WOLFSSL_CLIENT
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_client_method);
#endif
#endif /* !WOLFSSL_NO_TLS12 */
#ifdef WOLFSSL_TLS13
#ifndef NO_WOLFSSL_SERVER
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_server_method);
#endif
#ifndef NO_WOLFSSL_CLIENT
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_client_method);
#endif
#endif /* WOLFSSL_TLS13 */
#ifndef NO_WOLFSSL_SERVER
TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_server_method);
#endif
#ifndef NO_WOLFSSL_CLIENT
TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_client_method);
#endif
#ifdef WOLFSSL_DTLS
#ifndef NO_OLD_TLS
#ifndef NO_WOLFSSL_SERVER
TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_server_method);
#endif
#ifndef NO_WOLFSSL_CLIENT
TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_client_method);
#endif
#endif
#ifndef WOLFSSL_NO_TLS12
#ifndef NO_WOLFSSL_SERVER
TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_server_method);
#endif
#ifndef NO_WOLFSSL_CLIENT
TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_client_method);
#endif
#endif
#endif /* WOLFSSL_DTLS */
#if !defined(NO_OLD_TLS) && defined(OPENSSL_EXTRA)
/* Stubs */
#ifndef NO_WOLFSSL_SERVER
TEST_INVALID_METHOD_ALLOCATOR(wolfSSLv2_server_method);
#endif
#ifndef NO_WOLFSSL_CLIENT
TEST_INVALID_METHOD_ALLOCATOR(wolfSSLv2_client_method);
#endif
#endif
/* Test Either Method (client or server) */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_method);
#ifndef NO_OLD_TLS
#ifdef WOLFSSL_ALLOW_TLSV10
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_method);
#endif
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_method);
#endif /* !NO_OLD_TLS */
#ifndef WOLFSSL_NO_TLS12
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_method);
#endif /* !WOLFSSL_NO_TLS12 */
#ifdef WOLFSSL_TLS13
TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_method);
#endif /* WOLFSSL_TLS13 */
#ifdef WOLFSSL_DTLS
TEST_VALID_METHOD_ALLOCATOR(wolfDTLS_method);
#ifndef NO_OLD_TLS
TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_method);
#endif /* !NO_OLD_TLS */
#ifndef WOLFSSL_NO_TLS12
TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_method);
#endif /* !WOLFSSL_NO_TLS12 */
#endif /* WOLFSSL_DTLS */
#endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */
}
/*----------------------------------------------------------------------------*
| Context
*----------------------------------------------------------------------------*/
#ifndef NO_WOLFSSL_SERVER
static void test_wolfSSL_CTX_new(WOLFSSL_METHOD *method)
{
WOLFSSL_CTX *ctx;
AssertNull(ctx = wolfSSL_CTX_new(NULL));
AssertNotNull(method);
AssertNotNull(ctx = wolfSSL_CTX_new(method));
wolfSSL_CTX_free(ctx);
}
#endif
#if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
(!defined(NO_RSA) || defined(HAVE_ECC))
static void test_for_double_Free(void)
{
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
int skipTest = 0;
const char* testCertFile;
const char* testKeyFile;
char optionsCiphers[] = "RC4-SHA:RC4-MD5:DES-CBC3-SHA:AES128-SHA:AES256-SHA"
":NULL-SHA:NULL-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-PSK-AES256-GCM"
"-SHA384:DHE-PSK-AES128-GCM-SHA256:PSK-AES256-GCM-SHA384:PSK-AES128-GCM-SHA256:"
"DHE-PSK-AES256-CBC-SHA384:DHE-PSK-AES128-CBC-SHA256:PSK-AES256-CBC-SHA384:PSK-"
"AES128-CBC-SHA256:PSK-AES128-CBC-SHA:PSK-AES256-CBC-SHA:DHE-PSK-AES128-CCM:DHE"
"-PSK-AES256-CCM:PSK-AES128-CCM:PSK-AES256-CCM:PSK-AES128-CCM-8:PSK-AES256-CCM-"
"8:DHE-PSK-NULL-SHA384:DHE-PSK-NULL-SHA256:PSK-NULL-SHA384:PSK-NULL-SHA256:PSK-"
"NULL-SHA:AES128-CCM-8:AES256-CCM-8:ECDHE-ECDSA-"
"AES128-CCM:ECDHE-ECDSA-AES128-CCM-8:ECDHE-ECDSA-AES256-CCM-8:ECDHE-RSA-AES128-"
"SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-R"
"SA-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-DES-CBC3-SHA"
":AES128-SHA256:AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:ECDH-"
"RSA-AES128-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES128-SHA:ECDH-ECDSA-AES256-SHA"
":ECDH-RSA-RC4-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-RC4-SHA:ECDH-ECDSA-DES-CBC3"
"-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES"
"256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-E"
"CDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES128-GCM-SHA25"
"6:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES256-GC"
"M-SHA384:CAMELLIA128-SHA:DHE-RSA-CAMELLIA128-SHA:CAMELLIA256-SHA:DHE-RSA-CAMEL"
"LIA256-SHA:CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA256:CAMELLIA256-SHA256:DH"
"E-RSA-CAMELLIA256-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECD"
"H-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECD"
"SA-AES256-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDHE-RSA-CHA"
"CHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-R"
"SA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:DHE-RSA-CHACHA20-PO"
"LY1305-OLD:ECDHE-ECDSA-NULL-SHA:ECDHE-PSK-NULL-SHA256:ECDHE-PSK-A"
"ES128-CBC-SHA256:PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:DHE-PSK-CHA"
"CHA20-POLY1305:EDH-RSA-DES-CBC3-SHA:TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-S"
"HA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-"
"8-SHA256:TLS13-SHA256-SHA256:TLS13-SHA384-SHA384";
#ifndef NO_RSA
testCertFile = svrCertFile;
testKeyFile = svrKeyFile;
#elif defined(HAVE_ECC)
testCertFile = eccCertFile;
testKeyFile = eccKeyFile;
#else
skipTest = 1;
#endif
if (skipTest != 1) {
#ifndef NO_WOLFSSL_SERVER
ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
AssertNotNull(ctx);
#else
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
AssertNotNull(ctx);
#endif
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM));
ssl = wolfSSL_new(ctx);
AssertNotNull(ssl);
/* First test freeing SSL, then CTX */
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#ifndef NO_WOLFSSL_CLIENT
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
AssertNotNull(ctx);
#else
ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
AssertNotNull(ctx);
#endif
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM));
ssl = wolfSSL_new(ctx);
AssertNotNull(ssl);
/* Next test freeing CTX then SSL */
wolfSSL_CTX_free(ctx);
wolfSSL_free(ssl);
#ifndef NO_WOLFSSL_SERVER
ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
AssertNotNull(ctx);
#else
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
AssertNotNull(ctx);
#endif
/* Test setting ciphers at ctx level */
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_set_cipher_list(ctx, optionsCiphers));
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && defined(HAVE_AESGCM) && \
defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
/* only update TLSv13 suites */
AssertTrue(wolfSSL_CTX_set_cipher_list(ctx, "TLS13-AES256-GCM-SHA384"));
#endif
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(HAVE_AESGCM) && \
!defined(NO_SHA256) && !defined(WOLFSSL_NO_TLS12) && \
defined(WOLFSSL_AES_128) && !defined(NO_RSA)
/* only update pre-TLSv13 suites */
AssertTrue(wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-GCM-SHA256"));
#endif
AssertNotNull(ssl = wolfSSL_new(ctx));
wolfSSL_CTX_free(ctx);
wolfSSL_free(ssl);
#ifndef NO_WOLFSSL_CLIENT
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
AssertNotNull(ctx);
#else
ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
AssertNotNull(ctx);
#endif
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM));
ssl = wolfSSL_new(ctx);
AssertNotNull(ssl);
/* test setting ciphers at SSL level */
AssertTrue(wolfSSL_set_cipher_list(ssl, optionsCiphers));
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && defined(HAVE_AESGCM) && \
defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
/* only update TLSv13 suites */
AssertTrue(wolfSSL_set_cipher_list(ssl, "TLS13-AES256-GCM-SHA384"));
#endif
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(HAVE_AESGCM) && \
!defined(NO_SHA256) && !defined(WOLFSSL_NO_TLS12) && \
defined(WOLFSSL_AES_128) && !defined(NO_RSA)
/* only update pre-TLSv13 suites */
AssertTrue(wolfSSL_set_cipher_list(ssl, "ECDHE-RSA-AES128-GCM-SHA256"));
#endif
wolfSSL_CTX_free(ctx);
wolfSSL_free(ssl);
}
}
#endif
static void test_wolfSSL_CTX_use_certificate_file(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER)
WOLFSSL_CTX *ctx;
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
/* invalid context */
AssertFalse(wolfSSL_CTX_use_certificate_file(NULL, svrCertFile,
WOLFSSL_FILETYPE_PEM));
/* invalid cert file */
AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, bogusFile,
WOLFSSL_FILETYPE_PEM));
/* invalid cert type */
AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, 9999));
#ifdef NO_RSA
/* rsa needed */
AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,WOLFSSL_FILETYPE_PEM));
#else
/* success */
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
#endif
wolfSSL_CTX_free(ctx);
#endif
}
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA)
static int test_wolfSSL_CTX_use_certificate_ASN1(void)
{
#if !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER) && !defined(NO_ASN)
WOLFSSL_CTX* ctx;
int ret;
printf(testingFmt, "wolfSSL_CTX_use_certificate_ASN1()");
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
ret = SSL_CTX_use_certificate_ASN1(ctx, sizeof_server_cert_der_2048,
server_cert_der_2048);
printf(resultFmt, ret == WOLFSSL_SUCCESS ? passed : failed);
wolfSSL_CTX_free(ctx);
return ret;
#else
return WOLFSSL_SUCCESS;
#endif
}
#endif /* (OPENSSL_ALL || WOLFSSL_ASIO) && !NO_RSA */
/* Test function for wolfSSL_CTX_use_certificate_buffer. Load cert into
* context using buffer.
* PRE: NO_CERTS not defined; USE_CERT_BUFFERS_2048 defined; compile with
* --enable-testcert flag.
*/
static int test_wolfSSL_CTX_use_certificate_buffer(void)
{
#if !defined(NO_CERTS) && defined(USE_CERT_BUFFERS_2048) && \
!defined(NO_RSA) && !defined(NO_WOLFSSL_SERVER)
WOLFSSL_CTX* ctx;
int ret;
printf(testingFmt, "wolfSSL_CTX_use_certificate_buffer()");
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
ret = wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048,
sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1);
printf(resultFmt, ret == WOLFSSL_SUCCESS ? passed : failed);
wolfSSL_CTX_free(ctx);
return ret;
#else
return WOLFSSL_SUCCESS;
#endif
} /*END test_wolfSSL_CTX_use_certificate_buffer*/
static void test_wolfSSL_CTX_use_PrivateKey_file(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER)
WOLFSSL_CTX *ctx;
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
/* invalid context */
AssertFalse(wolfSSL_CTX_use_PrivateKey_file(NULL, svrKeyFile,
WOLFSSL_FILETYPE_PEM));
/* invalid key file */
AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, bogusFile,
WOLFSSL_FILETYPE_PEM));
/* invalid key type */
AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, 9999));
/* success */
#ifdef NO_RSA
/* rsa needed */
AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
#else
/* success */
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
#endif
wolfSSL_CTX_free(ctx);
#endif
}
/* test both file and buffer versions along with unloading trusted peer certs */
static void test_wolfSSL_CTX_trust_peer_cert(void)
{
#if !defined(NO_CERTS) && defined(WOLFSSL_TRUST_PEER_CERT) && \
!defined(NO_WOLFSSL_CLIENT)
WOLFSSL_CTX *ctx;
WOLFSSL* ssl;
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
AssertNotNull(ssl = wolfSSL_new(ctx));
#if !defined(NO_FILESYSTEM)
/* invalid file */
AssertIntNE(wolfSSL_CTX_trust_peer_cert(ctx, NULL,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
AssertIntNE(wolfSSL_CTX_trust_peer_cert(ctx, bogusFile,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
AssertIntNE(wolfSSL_CTX_trust_peer_cert(ctx, cliCertFile,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
/* success */
AssertIntEQ(wolfSSL_CTX_trust_peer_cert(ctx, cliCertFile,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
/* unload cert */
AssertIntNE(wolfSSL_CTX_Unload_trust_peers(NULL), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_Unload_trust_peers(ctx), WOLFSSL_SUCCESS);
/* invalid file */
AssertIntNE(wolfSSL_trust_peer_cert(ssl, NULL,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
AssertIntNE(wolfSSL_trust_peer_cert(ssl, bogusFile,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
AssertIntNE(wolfSSL_trust_peer_cert(ssl, cliCertFile,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
/* success */
AssertIntEQ(wolfSSL_trust_peer_cert(ssl, cliCertFile,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
/* unload cert */
AssertIntNE(wolfSSL_Unload_trust_peers(NULL), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_Unload_trust_peers(ssl), WOLFSSL_SUCCESS);
#endif
/* Test of loading certs from buffers */
/* invalid buffer */
AssertIntNE(wolfSSL_CTX_trust_peer_buffer(ctx, NULL, -1,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
/* success */
#ifdef USE_CERT_BUFFERS_1024
AssertIntEQ(wolfSSL_CTX_trust_peer_buffer(ctx, client_cert_der_1024,
sizeof_client_cert_der_1024, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#endif
#ifdef USE_CERT_BUFFERS_2048
AssertIntEQ(wolfSSL_CTX_trust_peer_buffer(ctx, client_cert_der_2048,
sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#endif
/* unload cert */
AssertIntNE(wolfSSL_CTX_Unload_trust_peers(NULL), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_Unload_trust_peers(ctx), WOLFSSL_SUCCESS);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif
}
static void test_wolfSSL_CTX_load_verify_locations(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_CLIENT)
WOLFSSL_CTX *ctx;
#ifndef NO_RSA
WOLFSSL_CERT_MANAGER* cm;
#ifdef PERSIST_CERT_CACHE
int cacheSz;
#endif
#endif
#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS)
const char* load_certs_path = "./certs/external";
const char* load_no_certs_path = "./examples";
const char* load_expired_path = "./certs/test/expired";
#endif
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
/* invalid arguments */
AssertIntEQ(wolfSSL_CTX_load_verify_locations(NULL, caCertFile, NULL), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, NULL), WOLFSSL_FAILURE);
/* invalid ca file */
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, bogusFile, NULL),
WS_RETURN_CODE(WOLFSSL_BAD_FILE,WOLFSSL_FAILURE));
#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS) && \
(defined(WOLFSSL_QT) && \
!(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_IGNORE_BAD_PATH_ERR))
/* invalid path */
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, bogusFile),
WS_RETURN_CODE(BAD_PATH_ERROR,WOLFSSL_FAILURE));
#endif
/* load ca cert */
#ifdef NO_RSA
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL),
WS_RETURN_CODE(ASN_UNKNOWN_OID_E,WOLFSSL_FAILURE));
#else /* Skip the following test without RSA certs. */
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), WOLFSSL_SUCCESS);
#ifdef PERSIST_CERT_CACHE
/* Get cert cache size */
cacheSz = wolfSSL_CTX_get_cert_cache_memsize(ctx);
#endif
/* Test unloading CA's */
AssertIntEQ(wolfSSL_CTX_UnloadCAs(ctx), WOLFSSL_SUCCESS);
#ifdef PERSIST_CERT_CACHE
/* Verify no certs (result is less than cacheSz) */
AssertIntGT(cacheSz, wolfSSL_CTX_get_cert_cache_memsize(ctx));
#endif
/* load ca cert again */
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), WOLFSSL_SUCCESS);
/* Test getting CERT_MANAGER */
AssertNotNull(cm = wolfSSL_CTX_GetCertManager(ctx));
/* Test unloading CA's using CM */
AssertIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS);
#ifdef PERSIST_CERT_CACHE
/* Verify no certs (result is less than cacheSz) */
AssertIntGT(cacheSz, wolfSSL_CTX_get_cert_cache_memsize(ctx));
#endif
#endif
#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS)
/* Test loading CA certificates using a path */
#ifdef NO_RSA
/* failure here okay since certs in external directory are RSA */
AssertIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS);
#else
AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS);
#endif
/* Test loading path with no files */
AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_no_certs_path,
WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_FAILURE);
/* Test loading expired CA certificates */
#ifdef NO_RSA
AssertIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_expired_path,
WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY | WOLFSSL_LOAD_FLAG_PEM_CA_ONLY),
WOLFSSL_SUCCESS);
#else
AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_expired_path,
WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY | WOLFSSL_LOAD_FLAG_PEM_CA_ONLY),
WOLFSSL_SUCCESS);
#endif
/* Test loading CA certificates and ignoring all errors */
#ifdef NO_RSA
AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
WOLFSSL_LOAD_FLAG_IGNORE_ERR), WOLFSSL_FAILURE);
#else
AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
WOLFSSL_LOAD_FLAG_IGNORE_ERR), WOLFSSL_SUCCESS);
#endif
#endif
wolfSSL_CTX_free(ctx);
#endif
}
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
static int test_cm_load_ca_buffer(const byte* cert_buf, size_t cert_sz, int file_type)
{
int ret;
WOLFSSL_CERT_MANAGER* cm;
cm = wolfSSL_CertManagerNew();
if (cm == NULL) {
printf("test_cm_load_ca failed\n");
return -1;
}
ret = wolfSSL_CertManagerLoadCABuffer(cm, cert_buf, cert_sz, file_type);
wolfSSL_CertManagerFree(cm);
return ret;
}
static int test_cm_load_ca_file(const char* ca_cert_file)
{
int ret = 0;
byte* cert_buf = NULL;
size_t cert_sz = 0;
#if defined(WOLFSSL_PEM_TO_DER)
DerBuffer* pDer = NULL;
#endif
ret = load_file(ca_cert_file, &cert_buf, &cert_sz);
if (ret == 0) {
/* normal test */
ret = test_cm_load_ca_buffer(cert_buf, cert_sz, WOLFSSL_FILETYPE_PEM);
if (ret == WOLFSSL_SUCCESS) {
/* test including null terminator in length */
byte* tmp = (byte*)realloc(cert_buf, cert_sz+1);
if (tmp == NULL) {
ret = MEMORY_E;
}
else {
cert_buf = tmp;
cert_buf[cert_sz] = '\0';
ret = test_cm_load_ca_buffer(cert_buf, cert_sz+1,
WOLFSSL_FILETYPE_PEM);
}
}
#if defined(WOLFSSL_PEM_TO_DER)
if (ret == WOLFSSL_SUCCESS) {
/* test loading DER */
ret = wc_PemToDer(cert_buf, cert_sz, CA_TYPE, &pDer, NULL, NULL, NULL);
if (ret == 0 && pDer != NULL) {
ret = test_cm_load_ca_buffer(pDer->buffer, pDer->length,
WOLFSSL_FILETYPE_ASN1);
wc_FreeDer(&pDer);
}
}
#endif
}
free(cert_buf);
return ret;
}
#endif /* !NO_FILESYSTEM && !NO_CERTS */
static void test_wolfSSL_CertManagerCheckOCSPResponse(void)
{
#if defined(HAVE_OCSP) && !defined(NO_RSA)
/* Need one of these for wolfSSL_OCSP_REQUEST_new. */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_APACHE_HTTPD) || \
defined(HAVE_LIGHTY)
WOLFSSL_CERT_MANAGER* cm = NULL;
/* Raw OCSP response bytes captured using the following setup:
* - Run responder with
* openssl ocsp -port 9999 -ndays 9999
* -index certs/ocsp/index-intermediate1-ca-issued-certs.txt
* -rsigner certs/ocsp/ocsp-responder-cert.pem
* -rkey certs/ocsp/ocsp-responder-key.pem
* -CA certs/ocsp/intermediate1-ca-cert.pem
* - Run client with
* openssl ocsp -host 127.0.0.1:9999 -respout resp.out
* -issuer certs/ocsp/intermediate1-ca-cert.pem
* -cert certs/ocsp/server1-cert.pem
* -CAfile certs/ocsp/root-ca-cert.pem -noverify
* - Copy raw response from Wireshark.
*/
byte response[] = {
0x30, 0x82, 0x07, 0x40, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x07, 0x39, 0x30, 0x82, 0x07, 0x35, 0x06,
0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01, 0x04, 0x82, 0x07, 0x26, 0x30, 0x82,
0x07, 0x22, 0x30, 0x82, 0x01, 0x40, 0xa1, 0x81, 0xa1, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09,
0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10,
0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65,
0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53,
0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67,
0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04,
0x03, 0x0c, 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f, 0x43, 0x53, 0x50, 0x20,
0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a,
0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77,
0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x31,
0x30, 0x35, 0x30, 0x33, 0x32, 0x31, 0x34, 0x37, 0x31, 0x30, 0x5a, 0x30, 0x64, 0x30, 0x62, 0x30,
0x3a, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, 0x71, 0x4d,
0x82, 0x23, 0x40, 0x59, 0xc0, 0x96, 0xa1, 0x37, 0x43, 0xfa, 0x31, 0xdb, 0xba, 0xb1, 0x43, 0x18,
0xda, 0x04, 0x04, 0x14, 0x83, 0xc6, 0x3a, 0x89, 0x2c, 0x81, 0xf4, 0x02, 0xd7, 0x9d, 0x4c, 0xe2,
0x2a, 0xc0, 0x71, 0x82, 0x64, 0x44, 0xda, 0x0e, 0x02, 0x01, 0x05, 0x80, 0x00, 0x18, 0x0f, 0x32,
0x30, 0x32, 0x31, 0x30, 0x35, 0x30, 0x33, 0x32, 0x31, 0x34, 0x37, 0x31, 0x30, 0x5a, 0xa0, 0x11,
0x18, 0x0f, 0x32, 0x30, 0x34, 0x38, 0x30, 0x39, 0x31, 0x37, 0x32, 0x31, 0x34, 0x37, 0x31, 0x30,
0x5a, 0xa1, 0x23, 0x30, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30,
0x01, 0x02, 0x04, 0x12, 0x04, 0x10, 0x38, 0x31, 0x60, 0x99, 0xc8, 0x05, 0x09, 0x68, 0x1c, 0x33,
0x49, 0xea, 0x45, 0x26, 0x2f, 0x6d, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x4d, 0x58, 0xcc, 0x69, 0x42, 0xe2,
0x9e, 0x64, 0xf6, 0x57, 0xce, 0xcb, 0x5f, 0x14, 0xaf, 0x08, 0x6c, 0xc1, 0x52, 0x7a, 0x40, 0x0a,
0xfd, 0xb6, 0xce, 0xbb, 0x40, 0xf4, 0xb9, 0xa5, 0x88, 0xc7, 0xf3, 0x42, 0x9f, 0xa9, 0x94, 0xbe,
0x6e, 0x7e, 0x09, 0x30, 0x9d, 0x0e, 0x10, 0x6f, 0x9c, 0xd9, 0x4c, 0x71, 0x81, 0x41, 0x64, 0x95,
0xf5, 0x85, 0x77, 0x94, 0x81, 0x61, 0x88, 0xc8, 0x0b, 0x50, 0xbb, 0x37, 0xc8, 0x86, 0x76, 0xd8,
0xa2, 0xed, 0x66, 0x34, 0xfb, 0xe4, 0xe7, 0x09, 0x8c, 0xf5, 0xb5, 0x85, 0xd0, 0x4b, 0xb5, 0xe6,
0x23, 0x62, 0xc3, 0xd0, 0xef, 0xf7, 0x42, 0x89, 0x02, 0x80, 0x64, 0xc9, 0xed, 0xdd, 0x7c, 0x8f,
0x0d, 0xe7, 0x43, 0x9b, 0x88, 0x1f, 0xb0, 0xfd, 0x24, 0x01, 0xc7, 0x55, 0xc3, 0x73, 0x12, 0x84,
0x09, 0x7c, 0x57, 0xa8, 0x5d, 0xab, 0x75, 0x29, 0x5c, 0x36, 0x97, 0x64, 0x40, 0x0b, 0x55, 0x34,
0x0a, 0x5d, 0xb1, 0x1b, 0x61, 0x1b, 0xdc, 0xe5, 0x89, 0xdd, 0x92, 0x62, 0x57, 0xa7, 0x52, 0xb4,
0x38, 0x9a, 0x48, 0xc8, 0x3a, 0x14, 0xde, 0x69, 0x42, 0xe9, 0x37, 0xa4, 0xe7, 0x2d, 0x00, 0xa7,
0x0b, 0x29, 0x18, 0xd5, 0xce, 0xd9, 0x0d, 0xdd, 0xfe, 0xae, 0x86, 0xb3, 0x32, 0x1c, 0xc9, 0x33,
0xb0, 0x2b, 0xb7, 0x3c, 0x0d, 0x43, 0xd8, 0x6c, 0xf2, 0xb7, 0xcd, 0x7b, 0xd5, 0x7d, 0xf0, 0xde,
0x34, 0x9f, 0x6d, 0x83, 0xb9, 0xd5, 0xed, 0xe3, 0xda, 0x96, 0x40, 0x9e, 0xd6, 0xa6, 0xfd, 0x70,
0x80, 0x70, 0x87, 0x61, 0x0f, 0xc5, 0x9f, 0x75, 0xfe, 0x11, 0x78, 0x34, 0xc9, 0x42, 0x16, 0x73,
0x46, 0x7b, 0x05, 0x53, 0x28, 0x43, 0xbe, 0xee, 0x88, 0x67, 0x1d, 0xcc, 0x74, 0xa7, 0xb6, 0x58,
0x7b, 0x29, 0x68, 0x40, 0xcf, 0xce, 0x7b, 0x19, 0x33, 0x68, 0xa0, 0x82, 0x04, 0xc6, 0x30, 0x82,
0x04, 0xc2, 0x30, 0x82, 0x04, 0xbe, 0x30, 0x82, 0x03, 0xa6, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02,
0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
0x00, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68,
0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c,
0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04,
0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03,
0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67,
0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53,
0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09,
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40,
0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32,
0x31, 0x30, 0x32, 0x31, 0x30, 0x31, 0x39, 0x34, 0x39, 0x35, 0x34, 0x5a, 0x17, 0x0d, 0x32, 0x33,
0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34, 0x39, 0x35, 0x34, 0x5a, 0x30, 0x81, 0x9e, 0x31, 0x0b,
0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06,
0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e,
0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74,
0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c,
0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45,
0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03,
0x55, 0x04, 0x03, 0x0c, 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f, 0x43, 0x53,
0x50, 0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06,
0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f,
0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22,
0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03,
0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xb8, 0xba, 0x23,
0xb4, 0xf6, 0xc3, 0x7b, 0x14, 0xc3, 0xa4, 0xf5, 0x1d, 0x61, 0xa1, 0xf5, 0x1e, 0x63, 0xb9, 0x85,
0x23, 0x34, 0x50, 0x6d, 0xf8, 0x7c, 0xa2, 0x8a, 0x04, 0x8b, 0xd5, 0x75, 0x5c, 0x2d, 0xf7, 0x63,
0x88, 0xd1, 0x07, 0x7a, 0xea, 0x0b, 0x45, 0x35, 0x2b, 0xeb, 0x1f, 0xb1, 0x22, 0xb4, 0x94, 0x41,
0x38, 0xe2, 0x9d, 0x74, 0xd6, 0x8b, 0x30, 0x22, 0x10, 0x51, 0xc5, 0xdb, 0xca, 0x3f, 0x46, 0x2b,
0xfe, 0xe5, 0x5a, 0x3f, 0x41, 0x74, 0x67, 0x75, 0x95, 0xa9, 0x94, 0xd5, 0xc3, 0xee, 0x42, 0xf8,
0x8d, 0xeb, 0x92, 0x95, 0xe1, 0xd9, 0x65, 0xb7, 0x43, 0xc4, 0x18, 0xde, 0x16, 0x80, 0x90, 0xce,
0x24, 0x35, 0x21, 0xc4, 0x55, 0xac, 0x5a, 0x51, 0xe0, 0x2e, 0x2d, 0xb3, 0x0a, 0x5a, 0x4f, 0x4a,
0x73, 0x31, 0x50, 0xee, 0x4a, 0x16, 0xbd, 0x39, 0x8b, 0xad, 0x05, 0x48, 0x87, 0xb1, 0x99, 0xe2,
0x10, 0xa7, 0x06, 0x72, 0x67, 0xca, 0x5c, 0xd1, 0x97, 0xbd, 0xc8, 0xf1, 0x76, 0xf8, 0xe0, 0x4a,
0xec, 0xbc, 0x93, 0xf4, 0x66, 0x4c, 0x28, 0x71, 0xd1, 0xd8, 0x66, 0x03, 0xb4, 0x90, 0x30, 0xbb,
0x17, 0xb0, 0xfe, 0x97, 0xf5, 0x1e, 0xe8, 0xc7, 0x5d, 0x9b, 0x8b, 0x11, 0x19, 0x12, 0x3c, 0xab,
0x82, 0x71, 0x78, 0xff, 0xae, 0x3f, 0x32, 0xb2, 0x08, 0x71, 0xb2, 0x1b, 0x8c, 0x27, 0xac, 0x11,
0xb8, 0xd8, 0x43, 0x49, 0xcf, 0xb0, 0x70, 0xb1, 0xf0, 0x8c, 0xae, 0xda, 0x24, 0x87, 0x17, 0x3b,
0xd8, 0x04, 0x65, 0x6c, 0x00, 0x76, 0x50, 0xef, 0x15, 0x08, 0xd7, 0xb4, 0x73, 0x68, 0x26, 0x14,
0x87, 0x95, 0xc3, 0x5f, 0x6e, 0x61, 0xb8, 0x87, 0x84, 0xfa, 0x80, 0x1a, 0x0a, 0x8b, 0x98, 0xf3,
0xe3, 0xff, 0x4e, 0x44, 0x1c, 0x65, 0x74, 0x7c, 0x71, 0x54, 0x65, 0xe5, 0x39, 0x02, 0x03, 0x01,
0x00, 0x01, 0xa3, 0x82, 0x01, 0x0a, 0x30, 0x82, 0x01, 0x06, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d,
0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14,
0x32, 0x67, 0xe1, 0xb1, 0x79, 0xd2, 0x81, 0xfc, 0x9f, 0x23, 0x0c, 0x70, 0x40, 0x50, 0xb5, 0x46,
0x56, 0xb8, 0x30, 0x36, 0x30, 0x81, 0xc4, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xbc, 0x30,
0x81, 0xb9, 0x80, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7,
0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0xa1, 0x81, 0x9d, 0xa4, 0x81, 0x9a, 0x30, 0x81,
0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13,
0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67,
0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65,
0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07,
0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b,
0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30,
0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20,
0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48,
0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c,
0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x01, 0x63, 0x30, 0x13, 0x06, 0x03, 0x55,
0x1d, 0x25, 0x04, 0x0c, 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09,
0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03,
0x82, 0x01, 0x01, 0x00, 0x07, 0xca, 0xa6, 0xa1, 0x9f, 0xbf, 0xaf, 0x92, 0x41, 0x35, 0x66, 0x51,
0xac, 0xbc, 0x2c, 0xec, 0xe7, 0x8d, 0x65, 0x7e, 0xe9, 0x40, 0xfe, 0x5a, 0xab, 0x8a, 0x1d, 0x3d,
0x13, 0xdb, 0xb4, 0x43, 0x2c, 0x9a, 0x36, 0x98, 0x21, 0xa5, 0xe8, 0xca, 0xa9, 0x4d, 0xfc, 0xe3,
0xf7, 0x45, 0x88, 0xcd, 0x33, 0xbf, 0x8a, 0x62, 0x10, 0x2f, 0xb2, 0xb7, 0x04, 0xef, 0x26, 0x43,
0x51, 0x1d, 0x43, 0x62, 0x7d, 0x1e, 0x50, 0xc8, 0xd5, 0x98, 0x94, 0x71, 0x8f, 0x3b, 0x23, 0x26,
0xf1, 0x71, 0x8e, 0x1e, 0x3d, 0x3f, 0x21, 0xfd, 0xb7, 0x2d, 0x65, 0xe4, 0x07, 0x65, 0xac, 0x3c,
0xfc, 0xc0, 0x47, 0xa9, 0x32, 0xf6, 0xda, 0x26, 0x93, 0x10, 0xb2, 0xd1, 0x6d, 0xc8, 0x81, 0x31,
0x7c, 0xb0, 0x6b, 0xc5, 0x22, 0x8d, 0xb3, 0xfa, 0xbe, 0x82, 0xea, 0x41, 0x42, 0xc4, 0xc0, 0xef,
0xe3, 0x84, 0x0f, 0x6f, 0x9a, 0x03, 0x63, 0xb3, 0x30, 0xe0, 0x31, 0x81, 0x2a, 0x16, 0xb3, 0x47,
0xd9, 0x5b, 0x38, 0x93, 0x07, 0xd0, 0x6e, 0x79, 0x52, 0x2c, 0xe5, 0x50, 0x84, 0x79, 0x10, 0xe7,
0xf6, 0x31, 0x7a, 0x3e, 0x48, 0xa2, 0x38, 0x21, 0x90, 0x7a, 0xf2, 0x5f, 0x48, 0xa4, 0x46, 0x93,
0x87, 0xdd, 0x5c, 0x83, 0x64, 0xea, 0xb5, 0x99, 0xa2, 0xe9, 0x01, 0x40, 0xfe, 0xf0, 0x48, 0x66,
0x4f, 0x96, 0xf7, 0x83, 0x52, 0xf8, 0x6d, 0xf8, 0x5f, 0xed, 0x0c, 0xbb, 0xbe, 0xd0, 0x69, 0x10,
0x4b, 0x99, 0x8f, 0xf8, 0x61, 0x53, 0x9d, 0x12, 0xca, 0x86, 0xaa, 0xb1, 0x80, 0xb4, 0xa6, 0xc1,
0xcb, 0xb7, 0x48, 0xf7, 0x9f, 0x55, 0xb4, 0x6e, 0xab, 0xd3, 0xa1, 0xaa, 0x4b, 0xa7, 0x21, 0x6e,
0x16, 0x7f, 0xad, 0xbb, 0xea, 0x0f, 0x41, 0x80, 0x9b, 0x7f, 0xd6, 0x46, 0xa2, 0xc0, 0x61, 0x72,
0x59, 0x59, 0xa0, 0x07
};
OcspEntry entry[1];
CertStatus status[1];
OcspRequest* request;
byte serial[] = {0x05};
byte issuerHash[] = {0x71, 0x4d, 0x82, 0x23, 0x40, 0x59, 0xc0, 0x96, 0xa1, 0x37, 0x43, 0xfa, 0x31, 0xdb, 0xba, 0xb1, 0x43, 0x18, 0xda, 0x04};
byte issuerKeyHash[] = {0x83, 0xc6, 0x3a, 0x89, 0x2c, 0x81, 0xf4, 0x02, 0xd7, 0x9d, 0x4c, 0xe2, 0x2a, 0xc0, 0x71, 0x82, 0x64, 0x44, 0xda, 0x0e};
printf(testingFmt, "wolfSSL_CertManagerCheckOCSPResponse()");
XMEMSET(entry, 0, sizeof(OcspEntry));
XMEMSET(status, 0, sizeof(CertStatus));
AssertNotNull(request = wolfSSL_OCSP_REQUEST_new());
request->serial = (byte*)XMALLOC(sizeof(serial), NULL,
DYNAMIC_TYPE_OCSP_REQUEST);
AssertNotNull(request->serial);
request->serialSz = sizeof(serial);
XMEMCPY(request->serial, serial, sizeof(serial));
XMEMCPY(request->issuerHash, issuerHash, sizeof(issuerHash));
XMEMCPY(request->issuerKeyHash, issuerKeyHash, sizeof(issuerKeyHash));
AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
AssertIntEQ(wolfSSL_CertManagerEnableOCSP(cm, 0), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CertManagerLoadCA(cm,
"./certs/ocsp/intermediate1-ca-cert.pem", NULL), WOLFSSL_SUCCESS);
/* Response should be valid. */
AssertIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, response,
sizeof(response), NULL, status, entry, request), WOLFSSL_SUCCESS);
/* Flip a byte in the request serial number, response should be invalid
* now. */
request->serial[0] ^= request->serial[0];
AssertIntNE(wolfSSL_CertManagerCheckOCSPResponse(cm, response,
sizeof(response), NULL, status, entry, request), WOLFSSL_SUCCESS);
wolfSSL_OCSP_REQUEST_free(request);
wolfSSL_CertManagerFree(cm);
printf(resultFmt, passed);
#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY ||
* WOLFSSL_APACHE_HTTPD || HAVE_LIGHTY */
#endif /* HAVE_OCSP */
}
static int test_wolfSSL_CertManagerLoadCABuffer(void)
{
int ret = 0;
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
const char* ca_cert = "./certs/ca-cert.pem";
const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem";
ret = test_cm_load_ca_file(ca_cert);
#ifdef NO_RSA
AssertIntEQ(ret, ASN_UNKNOWN_OID_E);
#else
AssertIntEQ(ret, WOLFSSL_SUCCESS);
#endif
ret = test_cm_load_ca_file(ca_expired_cert);
#ifdef NO_RSA
AssertIntEQ(ret, ASN_UNKNOWN_OID_E);
#else
#if !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) && \
!defined(OPENSSL_COMPATIBLE_DEFAULTS)
AssertIntEQ(ret, ASN_AFTER_DATE_E);
#else
AssertIntEQ(ret, WOLFSSL_SUCCESS);
#endif
#endif
#endif
return ret;
}
static void test_wolfSSL_CertManagerGetCerts(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) && \
defined(WOLFSSL_SIGNER_DER_CERT)
WOLFSSL_CERT_MANAGER* cm = NULL;
WOLFSSL_STACK* sk = NULL;
X509* x509 = NULL;
X509* cert1 = NULL;
FILE* file1 = NULL;
#ifdef DEBUG_WOLFSSL_VERBOSE
WOLFSSL_BIO* bio = NULL;
#endif
int i = 0;
printf(testingFmt, "wolfSSL_CertManagerGetCerts()");
AssertNotNull(file1=fopen("./certs/ca-cert.pem", "rb"));
AssertNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL));
fclose(file1);
AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
AssertNull(sk = wolfSSL_CertManagerGetCerts(cm));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
"./certs/ca-cert.pem", NULL));
AssertNotNull(sk = wolfSSL_CertManagerGetCerts(cm));
for (i = 0; i < sk_X509_num(sk); i++) {
x509 = sk_X509_value(sk, i);
AssertIntEQ(0, wolfSSL_X509_cmp(x509, cert1));
#ifdef DEBUG_WOLFSSL_VERBOSE
bio = BIO_new(wolfSSL_BIO_s_file());
if (bio != NULL) {
BIO_set_fp(bio, stdout, BIO_NOCLOSE);
X509_print(bio, x509);
BIO_free(bio);
}
#endif /* DEBUG_WOLFSSL_VERBOSE */
}
wolfSSL_X509_free(cert1);
sk_X509_pop_free(sk, NULL);
wolfSSL_CertManagerFree(cm);
printf(resultFmt, passed);
#endif /* defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) && \
defined(WOLFSSL_SIGNER_DER_CERT) */
}
static int test_wolfSSL_CertManagerSetVerify(void)
{
int ret = 0;
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
!defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
(!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH))
WOLFSSL_CERT_MANAGER* cm;
int tmp = myVerifyAction;
const char* ca_cert = "./certs/ca-cert.pem";
const char* expiredCert = "./certs/test/expired/expired-cert.pem";
cm = wolfSSL_CertManagerNew();
AssertNotNull(cm);
wolfSSL_CertManagerSetVerify(cm, myVerify);
ret = wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL);
AssertIntEQ(ret, WOLFSSL_SUCCESS);
/* Use the test CB that always accepts certs */
myVerifyAction = VERIFY_OVERRIDE_ERROR;
ret = wolfSSL_CertManagerVerify(cm, expiredCert, WOLFSSL_FILETYPE_PEM);
AssertIntEQ(ret, WOLFSSL_SUCCESS);
#ifdef WOLFSSL_ALWAYS_VERIFY_CB
{
const char* verifyCert = "./certs/server-cert.pem";
/* Use the test CB that always fails certs */
myVerifyAction = VERIFY_FORCE_FAIL;
ret = wolfSSL_CertManagerVerify(cm, verifyCert, WOLFSSL_FILETYPE_PEM);
AssertIntEQ(ret, VERIFY_CERT_ERROR);
}
#endif
wolfSSL_CertManagerFree(cm);
myVerifyAction = tmp;
#endif
return ret;
}
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
defined(DEBUG_UNIT_TEST_CERTS)
/* Used when debugging name constraint tests. Not static to allow use in
* multiple locations with complex define guards. */
void DEBUG_WRITE_CERT_X509(WOLFSSL_X509* x509, const char* fileName)
{
BIO* out = BIO_new(BIO_s_file());
if (out != NULL) {
FILE* f = fopen(fileName, "wb");
BIO_set_fp(out, f, BIO_CLOSE);
PEM_write_bio_X509(out, x509);
BIO_free(out);
}
}
void DEBUG_WRITE_DER(const byte* der, int derSz, const char* fileName)
{
BIO* out = BIO_new(BIO_s_file());
if (out != NULL) {
FILE* f = fopen(fileName, "wb");
BIO_set_fp(out, f, BIO_CLOSE);
BIO_write(out, der, derSz);
BIO_free(out);
}
}
#else
#define DEBUG_WRITE_CERT_X509(x509, fileName)
#define DEBUG_WRITE_DER(der, derSz, fileName)
#endif
static void test_wolfSSL_CertManagerNameConstraint(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
!defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \
!defined(NO_SHA256)
WOLFSSL_CERT_MANAGER* cm;
WOLFSSL_EVP_PKEY *priv;
WOLFSSL_X509_NAME* name;
const char* ca_cert = "./certs/test/cert-ext-nc.der";
const char* server_cert = "./certs/test/server-goodcn.pem";
int i = 0;
static const byte extNameConsOid[] = {85, 29, 30};
RsaKey key;
WC_RNG rng;
byte *der;
int derSz;
word32 idx = 0;
byte *pt;
WOLFSSL_X509 *x509, *ca;
wc_InitRng(&rng);
/* load in CA private key for signing */
AssertIntEQ(wc_InitRsaKey_ex(&key, HEAP_HINT, devId), 0);
AssertIntEQ(wc_RsaPrivateKeyDecode(server_key_der_2048, &idx, &key,
sizeof_server_key_der_2048), 0);
/* get ca certificate then alter it */
AssertNotNull(der =
(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(ca_cert,
WOLFSSL_FILETYPE_ASN1));
AssertNotNull(pt = (byte*)wolfSSL_X509_get_tbs(x509, &derSz));
XMEMCPY(der, pt, derSz);
/* find the name constraint extension and alter it */
pt = der;
for (i = 0; i < derSz - 3; i++) {
if (XMEMCMP(pt, extNameConsOid, 3) == 0) {
pt += 3;
break;
}
pt++;
}
AssertIntNE(i, derSz - 3); /* did not find OID if this case is hit */
/* go to the length value and set it to 0 */
while (i < derSz && *pt != 0x81) {
pt++;
i++;
}
AssertIntNE(i, derSz); /* did not place to alter */
pt++;
*pt = 0x00;
/* resign the altered certificate */
AssertIntGT((derSz = wc_SignCert(derSz, CTC_SHA256wRSA, der,
FOURK_BUF, &key, NULL, &rng)), 0);
AssertNotNull(cm = wolfSSL_CertManagerNew());
AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_PARSE_E);
wolfSSL_CertManagerFree(cm);
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL_X509_free(x509);
wc_FreeRsaKey(&key);
wc_FreeRng(&rng);
/* add email alt name to satisfy constraint */
pt = (byte*)server_key_der_2048;
AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
(const unsigned char**)&pt, sizeof_server_key_der_2048));
AssertNotNull(cm = wolfSSL_CertManagerNew());
AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert,
WOLFSSL_FILETYPE_ASN1));
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz)));
DEBUG_WRITE_DER(der, derSz, "ca.der");
AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
/* Good cert test with proper alt email name */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
(byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
(byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
X509_NAME_free(name);
wolfSSL_X509_add_altname(x509, "wolfssl@info.wolfssl.com", ASN_RFC822_TYPE);
AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
DEBUG_WRITE_CERT_X509(x509, "good-cert.pem");
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
wolfSSL_X509_free(x509);
/* Cert with bad alt name list */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
(byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
(byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
X509_NAME_free(name);
wolfSSL_X509_add_altname(x509, "wolfssl@info.com", ASN_RFC822_TYPE);
wolfSSL_X509_add_altname(x509, "wolfssl@info.wolfssl.com", ASN_RFC822_TYPE);
AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
DEBUG_WRITE_CERT_X509(x509, "bad-cert.pem");
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
wolfSSL_CertManagerFree(cm);
wolfSSL_X509_free(x509);
wolfSSL_X509_free(ca);
wolfSSL_EVP_PKEY_free(priv);
#endif
}
static void test_wolfSSL_CertManagerNameConstraint2(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
!defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES)
const char* ca_cert = "./certs/test/cert-ext-ndir.der";
const char* ca_cert2 = "./certs/test/cert-ext-ndir-exc.der";
const char* server_cert = "./certs/server-cert.pem";
WOLFSSL_CERT_MANAGER* cm;
WOLFSSL_X509 *x509, *ca;
const unsigned char *der;
const unsigned char *pt;
WOLFSSL_EVP_PKEY *priv;
WOLFSSL_X509_NAME* name;
int derSz;
/* C=US*/
char altName[] = {
0x30, 0x0D, 0x31, 0x0B, 0x30, 0x09,
0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53
};
/* C=ID */
char altNameFail[] = {
0x30, 0x0D, 0x31, 0x0B, 0x30, 0x09,
0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x49, 0x44
};
/* C=US ST=California*/
char altNameExc[] = {
0x30, 0x22,
0x31, 0x0B,
0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
0x31, 0x13,
0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A,
0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61
};
/* load in CA private key for signing */
pt = ca_key_der_2048;
AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &pt,
sizeof_ca_key_der_2048));
AssertNotNull(cm = wolfSSL_CertManagerNew());
AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert,
WOLFSSL_FILETYPE_ASN1));
AssertNotNull((der = wolfSSL_X509_get_der(ca, &derSz)));
AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
wolfSSL_X509_sign(x509, priv, EVP_sha3_256());
#else
wolfSSL_X509_sign(x509, priv, EVP_sha256());
#endif
AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
/* add in matching DIR alt name and resign */
wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE);
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
wolfSSL_X509_sign(x509, priv, EVP_sha3_256());
#else
wolfSSL_X509_sign(x509, priv, EVP_sha256());
#endif
AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
wolfSSL_X509_free(x509);
/* check verify fail */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
/* add in miss matching DIR alt name and resign */
wolfSSL_X509_add_altname_ex(x509, altNameFail, sizeof(altNameFail),
ASN_DIR_TYPE);
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
wolfSSL_X509_sign(x509, priv, EVP_sha3_256());
#else
wolfSSL_X509_sign(x509, priv, EVP_sha256());
#endif
AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
#ifndef WOLFSSL_NO_ASN_STRICT
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
#else
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#endif
/* check that it still fails if one bad altname and one good altname is in
* the certificate */
wolfSSL_X509_free(x509);
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE);
wolfSSL_X509_add_altname_ex(x509, altNameFail, sizeof(altNameFail),
ASN_DIR_TYPE);
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
wolfSSL_X509_sign(x509, priv, EVP_sha3_256());
#else
wolfSSL_X509_sign(x509, priv, EVP_sha256());
#endif
AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
#ifndef WOLFSSL_NO_ASN_STRICT
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
#else
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#endif
/* check it fails with switching position of bad altname */
wolfSSL_X509_free(x509);
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
wolfSSL_X509_add_altname_ex(x509, altNameFail, sizeof(altNameFail),
ASN_DIR_TYPE);
wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE);
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
wolfSSL_X509_sign(x509, priv, EVP_sha3_256());
#else
wolfSSL_X509_sign(x509, priv, EVP_sha256());
#endif
AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
#ifndef WOLFSSL_NO_ASN_STRICT
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
#else
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#endif
wolfSSL_CertManagerFree(cm);
wolfSSL_X509_free(x509);
wolfSSL_X509_free(ca);
/* now test with excluded name constraint */
AssertNotNull(cm = wolfSSL_CertManagerNew());
AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert2,
WOLFSSL_FILETYPE_ASN1));
AssertNotNull((der = wolfSSL_X509_get_der(ca, &derSz)));
AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
wolfSSL_X509_add_altname_ex(x509, altNameExc, sizeof(altNameExc),
ASN_DIR_TYPE);
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
wolfSSL_X509_sign(x509, priv, EVP_sha3_256());
#else
wolfSSL_X509_sign(x509, priv, EVP_sha256());
#endif
AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
#ifndef WOLFSSL_NO_ASN_STRICT
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
#else
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#endif
wolfSSL_CertManagerFree(cm);
wolfSSL_X509_free(x509);
wolfSSL_X509_free(ca);
wolfSSL_EVP_PKEY_free(priv);
#endif
}
static void test_wolfSSL_CertManagerNameConstraint3(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
!defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \
!defined(NO_SHA256)
WOLFSSL_CERT_MANAGER* cm;
WOLFSSL_EVP_PKEY *priv;
WOLFSSL_X509_NAME* name;
const char* ca_cert = "./certs/test/cert-ext-mnc.der";
const char* server_cert = "./certs/test/server-goodcn.pem";
byte *der;
int derSz;
byte *pt;
WOLFSSL_X509 *x509, *ca;
pt = (byte*)server_key_der_2048;
AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
(const unsigned char**)&pt, sizeof_server_key_der_2048));
AssertNotNull(cm = wolfSSL_CertManagerNew());
AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert,
WOLFSSL_FILETYPE_ASN1));
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz)));
DEBUG_WRITE_DER(der, derSz, "ca.der");
AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
/* check satisfying .wolfssl.com constraint passes */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
(byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
(byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
X509_NAME_free(name);
wolfSSL_X509_add_altname(x509, "wolfssl@info.wolfssl.com", ASN_RFC822_TYPE);
AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
DEBUG_WRITE_CERT_X509(x509, "good-1st-constraint-cert.pem");
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
wolfSSL_X509_free(x509);
/* check satisfying .random.com constraint passes */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
(byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
(byte*)"support@info.example.com", 24, -1, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
X509_NAME_free(name);
wolfSSL_X509_add_altname(x509, "wolfssl@info.example.com", ASN_RFC822_TYPE);
AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
DEBUG_WRITE_CERT_X509(x509, "good-2nd-constraint-cert.pem");
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
wolfSSL_X509_free(x509);
/* check fail case when neither constraint is matched */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
(byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
(byte*)"support@info.com", 16, -1, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
X509_NAME_free(name);
wolfSSL_X509_add_altname(x509, "wolfssl@info.com", ASN_RFC822_TYPE);
AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
DEBUG_WRITE_CERT_X509(x509, "bad-cert.pem");
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
wolfSSL_CertManagerFree(cm);
wolfSSL_X509_free(x509);
wolfSSL_X509_free(ca);
wolfSSL_EVP_PKEY_free(priv);
#endif
}
static void test_wolfSSL_CertManagerNameConstraint4(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
!defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \
!defined(NO_SHA256)
WOLFSSL_CERT_MANAGER* cm;
WOLFSSL_EVP_PKEY *priv;
WOLFSSL_X509_NAME* name;
const char* ca_cert = "./certs/test/cert-ext-ncdns.der";
const char* server_cert = "./certs/test/server-goodcn.pem";
byte *der;
int derSz;
byte *pt;
WOLFSSL_X509 *x509, *ca;
pt = (byte*)server_key_der_2048;
AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
(const unsigned char**)&pt, sizeof_server_key_der_2048));
AssertNotNull(cm = wolfSSL_CertManagerNew());
AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert,
WOLFSSL_FILETYPE_ASN1));
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz)));
DEBUG_WRITE_DER(der, derSz, "ca.der");
AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
/* check satisfying wolfssl.com constraint passes */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
(byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
X509_NAME_free(name);
wolfSSL_X509_add_altname(x509, "www.wolfssl.com", ASN_DNS_TYPE);
AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
DEBUG_WRITE_CERT_X509(x509, "good-1st-constraint-cert.pem");
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
wolfSSL_X509_free(x509);
/* check satisfying example.com constraint passes */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
(byte*)"example.com", 11, -1, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
X509_NAME_free(name);
wolfSSL_X509_add_altname(x509, "www.example.com", ASN_DNS_TYPE);
AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
DEBUG_WRITE_CERT_X509(x509, "good-2nd-constraint-cert.pem");
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
wolfSSL_X509_free(x509);
/* check satisfying wolfssl.com constraint passes with list of DNS's */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
(byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
X509_NAME_free(name);
wolfSSL_X509_add_altname(x509, "www.wolfssl.com", ASN_DNS_TYPE);
wolfSSL_X509_add_altname(x509, "www.info.wolfssl.com", ASN_DNS_TYPE);
wolfSSL_X509_add_altname(x509, "extra.wolfssl.com", ASN_DNS_TYPE);
AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
DEBUG_WRITE_CERT_X509(x509, "good-multiple-constraint-cert.pem");
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
wolfSSL_X509_free(x509);
/* check fail when one DNS in the list is bad */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
(byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
X509_NAME_free(name);
wolfSSL_X509_add_altname(x509, "www.wolfssl.com", ASN_DNS_TYPE);
wolfSSL_X509_add_altname(x509, "www.nomatch.com", ASN_DNS_TYPE);
wolfSSL_X509_add_altname(x509, "www.info.wolfssl.com", ASN_DNS_TYPE);
AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
DEBUG_WRITE_CERT_X509(x509, "bad-multiple-constraint-cert.pem");
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
wolfSSL_X509_free(x509);
/* check fail case when neither constraint is matched */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
(byte*)"common", 6, -1, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
X509_NAME_free(name);
wolfSSL_X509_add_altname(x509, "www.random.com", ASN_DNS_TYPE);
AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
DEBUG_WRITE_CERT_X509(x509, "bad-cert.pem");
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
wolfSSL_CertManagerFree(cm);
wolfSSL_X509_free(x509);
wolfSSL_X509_free(ca);
wolfSSL_EVP_PKEY_free(priv);
#endif
}
static void test_wolfSSL_CertManagerNameConstraint5(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
!defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \
!defined(NO_SHA256)
WOLFSSL_CERT_MANAGER* cm;
WOLFSSL_EVP_PKEY *priv;
WOLFSSL_X509_NAME* name;
const char* ca_cert = "./certs/test/cert-ext-ncmixed.der";
const char* server_cert = "./certs/test/server-goodcn.pem";
byte *der;
int derSz;
byte *pt;
WOLFSSL_X509 *x509, *ca;
pt = (byte*)server_key_der_2048;
AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
(const unsigned char**)&pt, sizeof_server_key_der_2048));
AssertNotNull(cm = wolfSSL_CertManagerNew());
AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert,
WOLFSSL_FILETYPE_ASN1));
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz)));
DEBUG_WRITE_DER(der, derSz, "ca.der");
AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
/* check satisfying wolfssl.com constraint passes */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
(byte*)"example", 7, -1, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
X509_NAME_free(name);
wolfSSL_X509_add_altname(x509, "good.example", ASN_DNS_TYPE);
wolfSSL_X509_add_altname(x509, "facts@into.wolfssl.com", ASN_RFC822_TYPE);
AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
DEBUG_WRITE_CERT_X509(x509, "good-cert.pem");
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
wolfSSL_X509_free(x509);
/* fail with DNS check because of common name */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
(byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
X509_NAME_free(name);
wolfSSL_X509_add_altname(x509, "example", ASN_DNS_TYPE);
wolfSSL_X509_add_altname(x509, "facts@wolfssl.com", ASN_RFC822_TYPE);
AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
DEBUG_WRITE_CERT_X509(x509, "bad-cn-cert.pem");
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
wolfSSL_X509_free(x509);
/* fail on permitted DNS name constraint */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
X509_NAME_free(name);
wolfSSL_X509_add_altname(x509, "www.example", ASN_DNS_TYPE);
wolfSSL_X509_add_altname(x509, "www.wolfssl", ASN_DNS_TYPE);
wolfSSL_X509_add_altname(x509, "info@wolfssl.com", ASN_RFC822_TYPE);
AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
DEBUG_WRITE_CERT_X509(x509, "bad-1st-constraint-cert.pem");
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
wolfSSL_X509_free(x509);
/* fail on permitted email name constraint */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
X509_NAME_free(name);
wolfSSL_X509_add_altname(x509, "example", ASN_DNS_TYPE);
wolfSSL_X509_add_altname(x509, "info@wolfssl.com", ASN_RFC822_TYPE);
wolfSSL_X509_add_altname(x509, "info@example.com", ASN_RFC822_TYPE);
AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
DEBUG_WRITE_CERT_X509(x509, "bad-2nd-constraint-cert.pem");
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
wolfSSL_X509_free(x509);
/* success with empty email name */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
X509_NAME_free(name);
wolfSSL_X509_add_altname(x509, "example", ASN_DNS_TYPE);
AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0);
DEBUG_WRITE_CERT_X509(x509, "good-missing-constraint-cert.pem");
AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
wolfSSL_X509_free(x509);
wolfSSL_CertManagerFree(cm);
wolfSSL_X509_free(ca);
wolfSSL_EVP_PKEY_free(priv);
#endif
}
static void test_wolfSSL_CertManagerCRL(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(HAVE_CRL) && \
!defined(NO_RSA)
const char* ca_cert = "./certs/ca-cert.pem";
const char* crl1 = "./certs/crl/crl.pem";
const char* crl2 = "./certs/crl/crl2.pem";
WOLFSSL_CERT_MANAGER* cm = NULL;
AssertNotNull(cm = wolfSSL_CertManagerNew());
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CertManagerLoadCRL(cm, crl1, WOLFSSL_FILETYPE_PEM, 0));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CertManagerLoadCRL(cm, crl2, WOLFSSL_FILETYPE_PEM, 0));
wolfSSL_CertManagerFreeCRL(cm);
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CertManagerLoadCRL(cm, crl1, WOLFSSL_FILETYPE_PEM, 0));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL));
wolfSSL_CertManagerFree(cm);
#endif
}
static void test_wolfSSL_CTX_load_verify_locations_ex(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
!defined(NO_WOLFSSL_CLIENT)
WOLFSSL_CTX* ctx;
const char* ca_cert = "./certs/ca-cert.pem";
const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem";
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
AssertNotNull(ctx);
/* test good CA */
AssertTrue(WOLFSSL_SUCCESS ==
wolfSSL_CTX_load_verify_locations_ex(ctx, ca_cert, NULL,
WOLFSSL_LOAD_FLAG_NONE));
/* test expired CA */
#ifndef OPENSSL_COMPATIBLE_DEFAULTS
AssertIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, ca_expired_cert, NULL,
WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS);
#else
AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, ca_expired_cert, NULL,
WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS);
#endif
AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, ca_expired_cert, NULL,
WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), WOLFSSL_SUCCESS);
wolfSSL_CTX_free(ctx);
#endif
}
static void test_wolfSSL_CTX_load_verify_buffer_ex(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
defined(USE_CERT_BUFFERS_2048)
WOLFSSL_CTX* ctx;
const char* ca_expired_cert_file = "./certs/test/expired/expired-ca.der";
byte ca_expired_cert[TWOK_BUF];
word32 sizeof_ca_expired_cert;
XFILE fp;
#ifndef NO_WOLFSSL_CLIENT
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
#else
ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
#endif
AssertNotNull(ctx);
/* test good CA */
AssertTrue(WOLFSSL_SUCCESS ==
wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_cert_der_2048,
sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1, 0,
WOLFSSL_LOAD_FLAG_NONE));
/* load expired CA */
XMEMSET(ca_expired_cert, 0, sizeof(ca_expired_cert));
fp = XFOPEN(ca_expired_cert_file, "rb");
AssertTrue(fp != XBADFILE);
sizeof_ca_expired_cert = (word32)XFREAD(ca_expired_cert, 1,
sizeof(ca_expired_cert), fp);
XFCLOSE(fp);
/* test expired CA failure */
#ifndef OPENSSL_COMPATIBLE_DEFAULTS
AssertIntNE(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert,
sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0,
WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS);
#else
AssertIntEQ(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert,
sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0,
WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS);
#endif
/* test expired CA success */
AssertIntEQ(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert,
sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0,
WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), WOLFSSL_SUCCESS);
wolfSSL_CTX_free(ctx);
#endif
}
static void test_wolfSSL_CTX_load_verify_chain_buffer_format(void)
{
#if !defined(NO_CERTS) && !defined(NO_RSA) && defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_CERT_GEN) && defined(USE_CERT_BUFFERS_2048)
WOLFSSL_CTX* ctx;
#ifndef NO_WOLFSSL_CLIENT
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#endif
AssertTrue(WOLFSSL_SUCCESS ==
wolfSSL_CTX_load_verify_chain_buffer_format(ctx, ca_cert_chain_der,
sizeof_ca_cert_chain_der,
WOLFSSL_FILETYPE_ASN1));
wolfSSL_CTX_free(ctx);
#endif
}
static void test_wolfSSL_CTX_add1_chain_cert(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(OPENSSL_EXTRA) && \
defined(KEEP_OUR_CERT)
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
const char *certChain[] = {
"./certs/intermediate/client-int-cert.pem",
"./certs/intermediate/ca-int2-cert.pem",
"./certs/intermediate/ca-int-cert.pem",
"./certs/ca-cert.pem",
NULL
};
const char** cert;
WOLFSSL_X509* x509;
WOLF_STACK_OF(X509)* chain = NULL;
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
AssertNotNull(ssl = wolfSSL_new(ctx));
for (cert = certChain; *cert != NULL; cert++) {
x509 = wolfSSL_X509_load_certificate_file(*cert, WOLFSSL_FILETYPE_PEM);
AssertNotNull(x509);
AssertIntEQ(SSL_CTX_add1_chain_cert(ctx, x509), 1);
X509_free(x509);
}
for (cert = certChain; *cert != NULL; cert++) {
x509 = wolfSSL_X509_load_certificate_file(*cert, WOLFSSL_FILETYPE_PEM);
AssertNotNull(x509);
AssertIntEQ(SSL_add1_chain_cert(ssl, x509), 1);
X509_free(x509);
}
AssertIntEQ(SSL_CTX_get0_chain_certs(ctx, &chain), 1);
AssertIntEQ(sk_X509_num(chain), 3);
AssertIntEQ(SSL_get0_chain_certs(ssl, &chain), 1);
AssertIntEQ(sk_X509_num(chain), 3);
SSL_free(ssl);
SSL_CTX_free(ctx);
#endif
}
static int test_wolfSSL_CTX_use_certificate_chain_file_format(void)
{
int ret = 0;
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA)
const char* server_chain_der = "./certs/server-cert-chain.der";
const char* client_single_pem = "./certs/client-cert.pem";
WOLFSSL_CTX* ctx;
#ifndef NO_WOLFSSL_CLIENT
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
AssertNotNull(ctx);
#else
ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
AssertNotNull(ctx);
#endif
AssertIntEQ(wolfSSL_CTX_use_certificate_chain_file_format(ctx,
server_chain_der, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_use_certificate_chain_file_format(ctx,
client_single_pem, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
wolfSSL_CTX_free(ctx);
#endif
return ret;
}
static void test_wolfSSL_CTX_SetTmpDH_file(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_DH)
WOLFSSL_CTX *ctx;
#ifndef NO_WOLFSSL_CLIENT
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#endif
/* invalid context */
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(NULL,
dhParamFile, WOLFSSL_FILETYPE_PEM));
/* invalid dhParamFile file */
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx,
NULL, WOLFSSL_FILETYPE_PEM));
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx,
bogusFile, WOLFSSL_FILETYPE_PEM));
/* success */
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile,
WOLFSSL_FILETYPE_PEM));
wolfSSL_CTX_free(ctx);
#endif
}
static void test_wolfSSL_CTX_SetTmpDH_buffer(void)
{
#if !defined(NO_CERTS) && !defined(NO_DH)
WOLFSSL_CTX *ctx;
#ifndef NO_WOLFSSL_CLIENT
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#endif
/* invalid context */
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(NULL, dh_key_der_2048,
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
/* invalid dhParamFile file */
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(NULL, NULL,
0, WOLFSSL_FILETYPE_ASN1));
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dsa_key_der_2048,
sizeof_dsa_key_der_2048, WOLFSSL_FILETYPE_ASN1));
/* success */
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
wolfSSL_CTX_free(ctx);
#endif
}
static void test_wolfSSL_CTX_SetMinMaxDhKey_Sz(void)
{
#if !defined(NO_CERTS) && !defined(NO_DH)
WOLFSSL_CTX *ctx;
#ifndef NO_WOLFSSL_CLIENT
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
AssertNotNull(ctx);
#else
ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
AssertNotNull(ctx);
#endif
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 3072));
AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 2048));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 1024));
AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 2048));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
wolfSSL_CTX_free(ctx);
#endif
}
static void test_wolfSSL_CTX_der_load_verify_locations(void)
{
#ifdef WOLFSSL_DER_LOAD
WOLFSSL_CTX* ctx = NULL;
const char* derCert = "./certs/server-cert.der";
const char* nullPath = NULL;
const char* invalidPath = "./certs/this-cert-does-not-exist.der";
const char* emptyPath = "";
/* der load Case 1 ctx NULL */
AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
#ifndef NO_WOLFSSL_CLIENT
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#endif
/* Case 2 filePath NULL */
AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, nullPath,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
/* Case 3 invalid format */
AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert,
WOLFSSL_FILETYPE_PEM), WOLFSSL_FAILURE);
/* Case 4 filePath not valid */
AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, invalidPath,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
/* Case 5 filePath empty */
AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, emptyPath,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
#ifndef NO_RSA
/* Case 6 success case */
AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#endif
wolfSSL_CTX_free(ctx);
#endif
}
static void test_wolfSSL_CTX_enable_disable(void)
{
#ifndef NO_CERTS
WOLFSSL_CTX* ctx = NULL;
#ifdef HAVE_CRL
AssertIntEQ(wolfSSL_CTX_DisableCRL(ctx), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_CTX_EnableCRL(ctx, 0), BAD_FUNC_ARG);
#endif
#ifdef HAVE_OCSP
AssertIntEQ(wolfSSL_CTX_DisableOCSP(ctx), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, 0), BAD_FUNC_ARG);
#endif
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
AssertIntEQ(wolfSSL_CTX_DisableOCSPStapling(ctx), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_CTX_EnableOCSPMustStaple(ctx), BAD_FUNC_ARG);
#endif
#ifndef NO_WOLFSSL_CLIENT
#ifdef HAVE_EXTENDED_MASTER
AssertIntEQ(wolfSSL_CTX_DisableExtendedMasterSecret(ctx), BAD_FUNC_ARG);
#endif
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
AssertNotNull(ctx);
#ifdef HAVE_EXTENDED_MASTER
AssertIntEQ(wolfSSL_CTX_DisableExtendedMasterSecret(ctx), WOLFSSL_SUCCESS);
#endif
#elif !defined(NO_WOLFSSL_SERVER)
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#else
return;
#endif
#ifdef HAVE_CRL
AssertIntEQ(wolfSSL_CTX_DisableCRL(ctx), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_EnableCRL(ctx, 0), WOLFSSL_SUCCESS);
#endif
#ifdef HAVE_OCSP
AssertIntEQ(wolfSSL_CTX_DisableOCSP(ctx), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_URL_OVERRIDE),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_CHECKALL),
WOLFSSL_SUCCESS);
#endif
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
AssertIntEQ(wolfSSL_CTX_DisableOCSPStapling(ctx), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), WOLFSSL_SUCCESS);
#endif
wolfSSL_CTX_free(ctx);
#endif /* NO_CERTS */
}
static void test_wolfSSL_CTX_ticket_API(void)
{
#if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
WOLFSSL_CTX* ctx = NULL;
void *userCtx = (void*)"this is my ctx";
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_set_TicketEncCtx(ctx, userCtx));
AssertTrue(userCtx == wolfSSL_CTX_get_TicketEncCtx(ctx));
wolfSSL_CTX_free(ctx);
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_set_TicketEncCtx(NULL, userCtx));
AssertNull(wolfSSL_CTX_get_TicketEncCtx(NULL));
#endif /* HAVE_SESSION_TICKET && !NO_WOLFSSL_SERVER */
}
static void test_wolfSSL_set_minmax_proto_version(void)
{
#ifdef OPENSSL_EXTRA
WOLFSSL_CTX *ctx;
WOLFSSL *ssl;
int ret;
(void)ret;
(void)ssl;
printf(testingFmt, "test_wolfSSL_set_minmax_proto_version");
#ifndef NO_WOLFSSL_CLIENT
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
AssertNotNull(ssl = wolfSSL_new(ctx));
AssertIntEQ(wolfSSL_CTX_set_min_proto_version(NULL, 0), SSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_set_max_proto_version(NULL, 0), SSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_set_max_proto_version(ctx, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_set_min_proto_version(NULL, 0), SSL_FAILURE);
AssertIntEQ(wolfSSL_set_min_proto_version(ssl, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_set_max_proto_version(NULL, 0), SSL_FAILURE);
AssertIntEQ(wolfSSL_set_max_proto_version(ssl, 0), SSL_SUCCESS);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
AssertIntEQ(wolfSSL_CTX_set_min_proto_version(NULL, 0), SSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_set_max_proto_version(NULL, 0), SSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, 0), SSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_set_max_proto_version(ctx, 0), SSL_SUCCESS);
wolfSSL_CTX_free(ctx);
#endif
printf(resultFmt, passed);
#endif
}
/*----------------------------------------------------------------------------*
| SSL
*----------------------------------------------------------------------------*/
static void test_server_wolfSSL_new(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
!defined(NO_WOLFSSL_SERVER)
WOLFSSL_CTX *ctx;
WOLFSSL_CTX *ctx_nocert;
WOLFSSL *ssl;
AssertNotNull(ctx_nocert = wolfSSL_CTX_new(wolfSSLv23_server_method()));
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
/* invalid context */
AssertNull(ssl = wolfSSL_new(NULL));
#if !defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_QT) && !defined(OPENSSL_EXTRA)
AssertNull(ssl = wolfSSL_new(ctx_nocert));
#endif
/* success */
AssertNotNull(ssl = wolfSSL_new(ctx));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
wolfSSL_CTX_free(ctx_nocert);
#endif
}
static void test_client_wolfSSL_new(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
!defined(NO_WOLFSSL_CLIENT)
WOLFSSL_CTX *ctx;
WOLFSSL_CTX *ctx_nocert;
WOLFSSL *ssl;
AssertNotNull(ctx_nocert = wolfSSL_CTX_new(wolfSSLv23_client_method()));
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
AssertTrue(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
/* invalid context */
AssertNull(ssl = wolfSSL_new(NULL));
/* success */
AssertNotNull(ssl = wolfSSL_new(ctx_nocert));
wolfSSL_free(ssl);
/* success */
AssertNotNull(ssl = wolfSSL_new(ctx));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
wolfSSL_CTX_free(ctx_nocert);
#endif
}
static void test_wolfSSL_SetTmpDH_file(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_DH) && \
!defined(NO_WOLFSSL_SERVER)
WOLFSSL_CTX *ctx;
WOLFSSL *ssl;
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#ifndef NO_RSA
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
WOLFSSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
WOLFSSL_FILETYPE_PEM));
#elif defined(HAVE_ECC)
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile,
WOLFSSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile,
WOLFSSL_FILETYPE_PEM));
#elif defined(HAVE_ED25519)
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, edCertFile,
WOLFSSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, edKeyFile,
WOLFSSL_FILETYPE_PEM));
#elif defined(HAVE_ED448)
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, ed448CertFile,
WOLFSSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, ed448KeyFile,
WOLFSSL_FILETYPE_PEM));
#endif
AssertNotNull(ssl = wolfSSL_new(ctx));
/* invalid ssl */
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(NULL,
dhParamFile, WOLFSSL_FILETYPE_PEM));
/* invalid dhParamFile file */
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl,
NULL, WOLFSSL_FILETYPE_PEM));
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl,
bogusFile, WOLFSSL_FILETYPE_PEM));
/* success */
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, dhParamFile,
WOLFSSL_FILETYPE_PEM));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif
}
static void test_wolfSSL_SetTmpDH_buffer(void)
{
#if !defined(NO_CERTS) && !defined(NO_DH) && !defined(NO_WOLFSSL_SERVER)
WOLFSSL_CTX *ctx;
WOLFSSL *ssl;
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
AssertTrue(wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048,
sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1));
AssertTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048,
sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1));
AssertNotNull(ssl = wolfSSL_new(ctx));
/* invalid ssl */
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(NULL, dh_key_der_2048,
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
/* invalid dhParamFile file */
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(NULL, NULL,
0, WOLFSSL_FILETYPE_ASN1));
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dsa_key_der_2048,
sizeof_dsa_key_der_2048, WOLFSSL_FILETYPE_ASN1));
/* success */
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif
}
static void test_wolfSSL_SetMinMaxDhKey_Sz(void)
{
#if !defined(NO_CERTS) && !defined(NO_DH) && !defined(NO_WOLFSSL_SERVER)
WOLFSSL_CTX *ctx, *ctx2;
WOLFSSL *ssl, *ssl2;
ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
AssertNotNull(ctx);
AssertTrue(wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048,
sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1));
AssertTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048,
sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 3072));
ssl = wolfSSL_new(ctx);
AssertNotNull(ssl);
ctx2 = wolfSSL_CTX_new(wolfSSLv23_server_method());
AssertNotNull(ctx2);
AssertTrue(wolfSSL_CTX_use_certificate_buffer(ctx2, server_cert_der_2048,
sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1));
AssertTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx2, server_key_der_2048,
sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 1024));
ssl2 = wolfSSL_new(ctx2);
AssertNotNull(ssl2);
AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMinDhKey_Sz(ssl, 2048));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMinDhKey_Sz(ssl, 3072));
AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl2, dh_key_der_2048,
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMaxDhKey_Sz(ssl2, 2048));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl2, dh_key_der_2048,
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMaxDhKey_Sz(ssl2, 1024));
AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
wolfSSL_free(ssl2);
wolfSSL_CTX_free(ctx2);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif
}
/* Test function for wolfSSL_SetMinVersion. Sets the minimum downgrade version
* allowed.
* POST: return 1 on success.
*/
static int test_wolfSSL_SetMinVersion(void)
{
int failFlag = WOLFSSL_SUCCESS;
#ifndef NO_WOLFSSL_CLIENT
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
int itr;
#ifndef NO_OLD_TLS
const int versions[] = {
#ifdef WOLFSSL_ALLOW_TLSV10
WOLFSSL_TLSV1,
#endif
WOLFSSL_TLSV1_1,
WOLFSSL_TLSV1_2};
#elif !defined(WOLFSSL_NO_TLS12)
const int versions[] = { WOLFSSL_TLSV1_2 };
#else
const int versions[] = { WOLFSSL_TLSV1_3 };
#endif
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
ssl = wolfSSL_new(ctx);
printf(testingFmt, "wolfSSL_SetMinVersion()");
for (itr = 0; itr < (int)(sizeof(versions)/sizeof(int)); itr++){
if(wolfSSL_SetMinVersion(ssl, *(versions + itr)) != WOLFSSL_SUCCESS){
failFlag = WOLFSSL_FAILURE;
}
}
printf(resultFmt, failFlag == WOLFSSL_SUCCESS ? passed : failed);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif
return failFlag;
} /* END test_wolfSSL_SetMinVersion */
/*----------------------------------------------------------------------------*
| EC
*----------------------------------------------------------------------------*/
/* Test function for EC_POINT_new, EC_POINT_mul, EC_POINT_free,
EC_GROUP_new_by_curve_name, EC_GROUP_order_bits
*/
# if defined(OPENSSL_EXTRA) && \
(!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)))
static void test_wolfSSL_EC(void)
{
#if defined(HAVE_ECC)
BN_CTX *ctx;
EC_GROUP *group;
EC_GROUP *group2;
EC_POINT *Gxy, *new_point, *set_point;
BIGNUM *k = NULL, *Gx = NULL, *Gy = NULL, *Gz = NULL;
BIGNUM *X, *Y;
BIGNUM *set_point_bn;
char* hexStr;
int group_bits;
const char* kTest = "F4F8338AFCC562C5C3F3E1E46A7EFECD17AF381913FF7A96314EA47055EA0FD0";
/* NISTP256R1 Gx/Gy */
const char* kGx = "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296";
const char* kGy = "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5";
#ifndef HAVE_SELFTEST
EC_POINT *tmp;
size_t bin_len;
unsigned char* buf = NULL;
const char* uncompG = "046B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C2964FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5";
const unsigned char binUncompG[] = {
0x04, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc,
0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d,
0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96,
0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb,
0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31,
0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5,
};
#ifdef HAVE_COMP_KEY
const char* compG = "036B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296";
const unsigned char binCompG[] = {
0x03, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc,
0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d,
0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96,
};
#endif
#endif
AssertNotNull(ctx = BN_CTX_new());
AssertNotNull(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
AssertNotNull(group2 = EC_GROUP_dup(group));
AssertIntEQ((group_bits = EC_GROUP_order_bits(group)), 256);
AssertNotNull(Gxy = EC_POINT_new(group));
AssertNotNull(new_point = EC_POINT_new(group));
AssertNotNull(set_point = EC_POINT_new(group));
AssertNotNull(X = BN_new());
AssertNotNull(Y = BN_new());
AssertNotNull(set_point_bn = BN_new());
/* load test values */
AssertIntEQ(BN_hex2bn(&k, kTest), WOLFSSL_SUCCESS);
AssertIntEQ(BN_hex2bn(&Gx, kGx), WOLFSSL_SUCCESS);
AssertIntEQ(BN_hex2bn(&Gy, kGy), WOLFSSL_SUCCESS);
AssertIntEQ(BN_hex2bn(&Gz, "1"), WOLFSSL_SUCCESS);
/* populate coordinates for input point */
Gxy->X = Gx;
Gxy->Y = Gy;
Gxy->Z = Gz;
#ifndef HAVE_SELFTEST
/* perform point multiplication */
AssertIntEQ(EC_POINT_add(group, new_point, new_point, Gxy, ctx), WOLFSSL_SUCCESS);
AssertIntEQ(EC_POINT_mul(group, new_point, Gx, Gxy, k, ctx), WOLFSSL_SUCCESS);
AssertIntEQ(BN_is_zero(new_point->X), 0);
AssertIntEQ(BN_is_zero(new_point->Y), 0);
AssertIntEQ(BN_is_zero(new_point->Z), 0);
AssertIntEQ(EC_POINT_mul(group, new_point, NULL, Gxy, k, ctx), WOLFSSL_SUCCESS);
AssertIntEQ(BN_is_zero(new_point->X), 0);
AssertIntEQ(BN_is_zero(new_point->Y), 0);
AssertIntEQ(BN_is_zero(new_point->Z), 0);
AssertIntEQ(EC_POINT_mul(group, new_point, Gx, NULL, NULL, ctx), WOLFSSL_SUCCESS);
AssertIntEQ(BN_is_zero(new_point->X), 0);
AssertIntEQ(BN_is_zero(new_point->Y), 0);
AssertIntEQ(BN_is_zero(new_point->Z), 0);
#else
AssertIntEQ(EC_POINT_set_affine_coordinates_GFp(group, new_point, Gx, Gy, ctx), WOLFSSL_SUCCESS);
AssertIntEQ(BN_is_zero(new_point->X), 0);
AssertIntEQ(BN_is_zero(new_point->Y), 0);
AssertIntEQ(BN_is_zero(new_point->Z), 0);
#endif
/* check if point X coordinate is zero */
AssertIntEQ(BN_is_zero(new_point->X), 0);
#ifdef USE_ECC_B_PARAM
AssertIntEQ(EC_POINT_is_on_curve(group, new_point, ctx), 1);
#endif /* USE_ECC_B_PARAM */
/* Force non-affine coordinates */
AssertIntEQ(BN_add(new_point->Z, (WOLFSSL_BIGNUM*)BN_value_one(),
(WOLFSSL_BIGNUM*)BN_value_one()), 1);
new_point->inSet = 0;
/* extract the coordinates from point */
AssertIntEQ(EC_POINT_get_affine_coordinates_GFp(group, new_point, X, Y, ctx), WOLFSSL_SUCCESS);
/* check if point X coordinate is zero */
AssertIntEQ(BN_is_zero(X), WOLFSSL_FAILURE);
/* set the same X and Y points in another object */
AssertIntEQ(EC_POINT_set_affine_coordinates_GFp(group, set_point, X, Y, ctx), WOLFSSL_SUCCESS);
/* compare points as they should be the same */
AssertIntEQ(EC_POINT_cmp(group, new_point, set_point, ctx), 0);
/* Test copying */
AssertIntEQ(EC_POINT_copy(new_point, set_point), 1);
/* Test inverting */
AssertIntEQ(EC_POINT_invert(group, new_point, ctx), 1);
AssertPtrEq(EC_POINT_point2bn(group, set_point, POINT_CONVERSION_UNCOMPRESSED,
set_point_bn, ctx), set_point_bn);
/* check bn2hex */
hexStr = BN_bn2hex(k);
AssertStrEQ(hexStr, kTest);
#ifndef NO_FILESYSTEM
BN_print_fp(stdout, k);
printf("\n");
#endif
XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
hexStr = BN_bn2hex(Gx);
AssertStrEQ(hexStr, kGx);
#ifndef NO_FILESYSTEM
BN_print_fp(stdout, Gx);
printf("\n");
#endif
XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
hexStr = BN_bn2hex(Gy);
AssertStrEQ(hexStr, kGy);
#ifndef NO_FILESYSTEM
BN_print_fp(stdout, Gy);
printf("\n");
#endif
XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
#ifndef HAVE_SELFTEST
hexStr = EC_POINT_point2hex(group, Gxy, POINT_CONVERSION_UNCOMPRESSED, ctx);
AssertStrEQ(hexStr, uncompG);
XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
#ifdef HAVE_COMP_KEY
hexStr = EC_POINT_point2hex(group, Gxy, POINT_CONVERSION_COMPRESSED, ctx);
AssertStrEQ(hexStr, compG);
XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
#endif
bin_len = EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, ctx);
AssertIntEQ(bin_len, sizeof(binUncompG));
AssertNotNull(buf = (unsigned char*)XMALLOC(bin_len, NULL, DYNAMIC_TYPE_ECC));
AssertIntEQ(EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_UNCOMPRESSED, buf,
bin_len, ctx), bin_len);
AssertIntEQ(XMEMCMP(buf, binUncompG, sizeof(binUncompG)), 0);
XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
#ifdef HAVE_COMP_KEY
bin_len = EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_COMPRESSED, NULL, 0, ctx);
AssertIntEQ(bin_len, sizeof(binCompG));
AssertNotNull(buf = (unsigned char*)XMALLOC(bin_len, NULL, DYNAMIC_TYPE_ECC));
AssertIntEQ(EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_COMPRESSED, buf,
bin_len, ctx), bin_len);
AssertIntEQ(XMEMCMP(buf, binCompG, sizeof(binCompG)), 0);
XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
#endif
AssertNotNull(tmp = EC_POINT_new(group));
AssertIntEQ(EC_POINT_oct2point(group, tmp, binUncompG, sizeof(binUncompG), ctx), 1);
AssertIntEQ(EC_POINT_cmp(group, tmp, Gxy, ctx), 0);
EC_POINT_free(tmp);
#ifdef HAVE_COMP_KEY
AssertNotNull(tmp = EC_POINT_new(group));
AssertIntEQ(EC_POINT_oct2point(group, tmp, binCompG, sizeof(binCompG), ctx), 1);
AssertIntEQ(EC_POINT_cmp(group, tmp, Gxy, ctx), 0);
EC_POINT_free(tmp);
#endif
#endif
/* test BN_mod_add */
AssertIntEQ(BN_mod_add(new_point->Z, (WOLFSSL_BIGNUM*)BN_value_one(),
(WOLFSSL_BIGNUM*)BN_value_one(),
(WOLFSSL_BIGNUM*)BN_value_one(), NULL), 1);
AssertIntEQ(BN_is_zero(new_point->Z), 1);
/* cleanup */
BN_free(X);
BN_free(Y);
BN_free(k);
BN_free(set_point_bn);
EC_POINT_free(new_point);
EC_POINT_free(set_point);
EC_POINT_free(Gxy);
EC_GROUP_free(group);
EC_GROUP_free(group2);
BN_CTX_free(ctx);
#endif /* HAVE_ECC */
}
#endif /* OPENSSL_EXTRA && ( !HAVE_FIPS || HAVE_FIPS_VERSION > 2) */
#ifndef NO_BIO
static void test_wolfSSL_PEM_read_bio_ECPKParameters(void)
{
#if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA)
EC_GROUP *group;
BIO* bio;
AssertNotNull(bio = BIO_new(BIO_s_file()));
AssertIntEQ(BIO_read_filename(bio, eccKeyFile), WOLFSSL_SUCCESS);
AssertNotNull(group = PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL));
AssertIntEQ(EC_GROUP_get_curve_name(group), NID_X9_62_prime256v1);
EC_GROUP_free(group);
BIO_free(bio);
#endif /* HAVE_ECC */
}
#endif /* !NO_BIO */
# if defined(OPENSSL_EXTRA)
static void test_wolfSSL_ECDSA_SIG(void)
{
#ifdef HAVE_ECC
WOLFSSL_ECDSA_SIG* sig = NULL;
WOLFSSL_ECDSA_SIG* sig2 = NULL;
const unsigned char* cp;
unsigned char* p;
unsigned char outSig[8];
unsigned char sigData[8] =
{ 0x30, 0x06, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01 };
sig = wolfSSL_d2i_ECDSA_SIG(NULL, NULL, sizeof(sigData));
AssertNull(sig);
cp = sigData;
AssertNotNull((sig = wolfSSL_d2i_ECDSA_SIG(NULL, &cp, sizeof(sigData))));
AssertIntEQ((cp == sigData + 8), 1);
cp = sigData;
AssertNull(wolfSSL_d2i_ECDSA_SIG(&sig, NULL, sizeof(sigData)));
AssertNotNull((sig2 = wolfSSL_d2i_ECDSA_SIG(&sig, &cp, sizeof(sigData))));
AssertIntEQ((sig == sig2), 1);
cp = outSig;
p = outSig;
AssertIntEQ(wolfSSL_i2d_ECDSA_SIG(NULL, &p), 0);
AssertIntEQ(wolfSSL_i2d_ECDSA_SIG(NULL, NULL), 0);
AssertIntEQ(wolfSSL_i2d_ECDSA_SIG(sig, NULL), 8);
AssertIntEQ(wolfSSL_i2d_ECDSA_SIG(sig, &p), sizeof(sigData));
AssertIntEQ((p == outSig + 8), 1);
AssertIntEQ(XMEMCMP(sigData, outSig, 8), 0);
wolfSSL_ECDSA_SIG_free(sig);
#endif /* HAVE_ECC */
}
static void test_EC_i2d(void)
{
#if defined(HAVE_ECC) && !defined(HAVE_FIPS)
EC_KEY *key;
EC_KEY *copy;
int len;
unsigned char *buf = NULL;
const unsigned char *tmp = NULL;
AssertNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
AssertIntEQ(EC_KEY_generate_key(key), 1);
AssertIntGT((len = i2d_EC_PUBKEY(key, NULL)), 0);
AssertIntEQ(i2d_EC_PUBKEY(key, &buf), len);
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
buf = NULL;
AssertIntGT((len = i2d_ECPrivateKey(key, NULL)), 0);
AssertIntEQ(i2d_ECPrivateKey(key, &buf), len);
tmp = buf;
AssertNotNull(d2i_ECPrivateKey(&copy, &tmp, len));
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
buf = NULL;
AssertIntGT((len = i2o_ECPublicKey(key, &buf)), 0);
tmp = buf;
AssertNotNull(o2i_ECPublicKey(&copy, &tmp, len));
AssertIntEQ(EC_KEY_check_key(key), 1);
XFREE(buf, NULL, DYNAMIC_TYPE_OPENSSL);
EC_KEY_free(key);
EC_KEY_free(copy);
#endif /* HAVE_ECC */
}
static void test_ECDSA_size_sign(void)
{
#if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(NO_ECC_SECP)
EC_KEY *key;
int id;
byte hash[WC_MAX_DIGEST_SIZE];
byte sig[ECC_MAX_SIG_SIZE];
unsigned int sigSz = sizeof(sig);
XMEMSET(hash, 123, sizeof(hash));
id = wc_ecc_get_curve_id_from_name("SECP256R1");
AssertIntEQ(id, ECC_SECP256R1);
AssertNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
AssertIntEQ(EC_KEY_generate_key(key), 1);
AssertIntEQ(ECDSA_sign(0, hash, sizeof(hash), sig, &sigSz, key), 1);
AssertIntGE(ECDSA_size(key), sigSz);
AssertIntEQ(ECDSA_verify(0, hash, sizeof(hash), sig, sigSz, key), 1);
EC_KEY_free(key);
#endif /* HAVE_ECC && !NO_ECC256 && !NO_ECC_SECP */
}
static void test_ED25519(void)
{
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \
defined(WOLFSSL_KEY_GEN)
byte priv[ED25519_PRV_KEY_SIZE];
unsigned int privSz = (unsigned int)sizeof(priv);
byte pub[ED25519_PUB_KEY_SIZE];
unsigned int pubSz = (unsigned int)sizeof(pub);
#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_IMPORT)
const char* msg = TEST_STRING;
unsigned int msglen = (unsigned int)TEST_STRING_SZ;
byte sig[ED25519_SIG_SIZE];
unsigned int sigSz = (unsigned int)sizeof(sig);
#endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_IMPORT */
AssertIntEQ(wolfSSL_ED25519_generate_key(priv, &privSz, pub, &pubSz),
WOLFSSL_SUCCESS);
AssertIntEQ(privSz, ED25519_PRV_KEY_SIZE);
AssertIntEQ(pubSz, ED25519_PUB_KEY_SIZE);
#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_IMPORT)
AssertIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, priv, privSz, sig,
&sigSz), WOLFSSL_SUCCESS);
AssertIntEQ(sigSz, ED25519_SIG_SIZE);
#ifdef HAVE_ED25519_VERIFY
AssertIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, pub, pubSz, sig,
sigSz), WOLFSSL_SUCCESS);
#endif /* HAVE_ED25519_VERIFY */
#endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_IMPORT */
#endif /* HAVE_ED25519 && HAVE_ED25519_KEY_EXPORT && WOLFSSL_KEY_GEN */
}
static void test_ED448(void)
{
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \
defined(WOLFSSL_KEY_GEN)
byte priv[ED448_PRV_KEY_SIZE];
unsigned int privSz = (unsigned int)sizeof(priv);
byte pub[ED448_PUB_KEY_SIZE];
unsigned int pubSz = (unsigned int)sizeof(pub);
#if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_IMPORT)
const char* msg = TEST_STRING;
unsigned int msglen = (unsigned int)TEST_STRING_SZ;
byte sig[ED448_SIG_SIZE];
unsigned int sigSz = (unsigned int)sizeof(sig);
#endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_IMPORT */
AssertIntEQ(wolfSSL_ED448_generate_key(priv, &privSz, pub, &pubSz),
WOLFSSL_SUCCESS);
AssertIntEQ(privSz, ED448_PRV_KEY_SIZE);
AssertIntEQ(pubSz, ED448_PUB_KEY_SIZE);
#if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_IMPORT)
AssertIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, priv, privSz, sig,
&sigSz), WOLFSSL_SUCCESS);
AssertIntEQ(sigSz, ED448_SIG_SIZE);
#ifdef HAVE_ED448_VERIFY
AssertIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, pub, pubSz, sig,
sigSz), WOLFSSL_SUCCESS);
#endif /* HAVE_ED448_VERIFY */
#endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_IMPORT */
#endif /* HAVE_ED448 && HAVE_ED448_KEY_EXPORT && WOLFSSL_KEY_GEN */
}
#endif /* OPENSSL_EXTRA */
#include <wolfssl/openssl/pem.h>
/*----------------------------------------------------------------------------*
| EVP
*----------------------------------------------------------------------------*/
static void test_wolfSSL_EVP_PKEY_print_public(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
WOLFSSL_BIO* rbio = NULL;
WOLFSSL_BIO* wbio = NULL;
WOLFSSL_EVP_PKEY* pkey = NULL;
char line[256] = { 0 };
char line1[256] = { 0 };
int i;
printf(testingFmt, "EVP_PKEY_print_public()");
/* test error cases */
AssertIntEQ( EVP_PKEY_print_public(NULL,NULL,0,NULL),0L);
/*
* test RSA public key print
* in this test, pass '3' for indent
*/
#if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_1024)
rbio = BIO_new_mem_buf( client_keypub_der_1024,
sizeof_client_keypub_der_1024);
AssertNotNull(rbio);
wolfSSL_d2i_PUBKEY_bio(rbio, &pkey);
AssertNotNull(pkey);
wbio = BIO_new(BIO_s_mem());
AssertNotNull(wbio);
AssertIntEQ(EVP_PKEY_print_public(wbio, pkey,3,NULL),1);
BIO_gets(wbio, line, sizeof(line));
strcpy(line1, " RSA Public-Key: (1024 bit)\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
BIO_gets(wbio, line, sizeof(line));
strcpy(line1, " Modulus:\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
BIO_gets(wbio, line, sizeof(line));
strcpy(line1, " 00:BC:73:0E:A8:49:F3:74:A2:A9:EF:18:A5:DA:55:\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
/* skip to the end of modulus element*/
for( i = 0; i < 8 ;i++) {
BIO_gets(wbio, line, sizeof(line));
}
BIO_gets(wbio, line, sizeof(line));
strcpy(line1, " Exponent: 65537 (0x010001)\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
/* should reach EOF */
AssertIntLE(BIO_gets(wbio, line, sizeof(line)) ,0);
EVP_PKEY_free(pkey);
pkey = NULL;
BIO_free(rbio);
BIO_free(wbio);
rbio = NULL;
wbio = NULL;
#endif /* !NO_RSA && USE_CERT_BUFFERS_1024*/
/*
* test DSA public key print
*/
#if !defined(NO_DSA) && defined(USE_CERT_BUFFERS_2048)
rbio = BIO_new_mem_buf( dsa_pub_key_der_2048,
sizeof_dsa_pub_key_der_2048);
AssertNotNull(rbio);
wolfSSL_d2i_PUBKEY_bio(rbio, &pkey);
AssertNotNull(pkey);
wbio = BIO_new(BIO_s_mem());
AssertNotNull(wbio);
AssertIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL),1);
BIO_gets(wbio, line, sizeof(line));
strcpy(line1, "DSA Public-Key: (2048 bit)\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
BIO_gets(wbio, line, sizeof(line));
strcpy(line1, "pub:\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
BIO_gets(wbio, line, sizeof(line));
strcpy(line1,
" 00:C2:35:2D:EC:83:83:6C:73:13:9E:52:7C:74:C8:\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
/* skip to the end of pub element*/
for( i = 0; i < 17 ;i++) {
BIO_gets(wbio, line, sizeof(line));
}
BIO_gets(wbio, line, sizeof(line));
strcpy(line1, "P:\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
/* skip to the end of P element*/
for( i = 0; i < 18 ;i++) {
BIO_gets(wbio, line, sizeof(line));
}
BIO_gets(wbio, line, sizeof(line));
strcpy(line1, "Q:\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
/* skip to the end of Q element*/
for( i = 0; i < 3 ;i++) {
BIO_gets(wbio, line, sizeof(line));
}
BIO_gets(wbio, line, sizeof(line));
strcpy(line1, "G:\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
/* skip to the end of G element*/
for( i = 0; i < 18 ;i++) {
BIO_gets(wbio, line, sizeof(line));
}
/* should reach EOF */
AssertIntLE(BIO_gets(wbio, line, sizeof(line)) ,0);
EVP_PKEY_free(pkey);
pkey = NULL;
BIO_free(rbio);
BIO_free(wbio);
rbio = NULL;
wbio = NULL;
#endif /* !NO_DSA && USE_CERT_BUFFERS_2048 */
/*
* test ECC public key print
*/
#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
rbio = BIO_new_mem_buf( ecc_clikeypub_der_256,
sizeof_ecc_clikeypub_der_256);
AssertNotNull(rbio);
wolfSSL_d2i_PUBKEY_bio(rbio, &pkey);
AssertNotNull(pkey);
wbio = BIO_new(BIO_s_mem());
AssertNotNull(wbio);
AssertIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL),1);
BIO_gets(wbio, line, sizeof(line));
strcpy(line1, "Public-Key: (256 bit)\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
BIO_gets(wbio, line, sizeof(line));
strcpy(line1, "pub:\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
BIO_gets(wbio, line, sizeof(line));
strcpy(line1,
" 04:55:BF:F4:0F:44:50:9A:3D:CE:9B:B7:F0:C5:4D:\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
/* skip to the end of pub element*/
for( i = 0; i < 4 ;i++) {
BIO_gets(wbio, line, sizeof(line));
}
BIO_gets(wbio, line, sizeof(line));
strcpy(line1, "ASN1 OID: prime256v1\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
BIO_gets(wbio, line, sizeof(line));
strcpy(line1, "NIST CURVE: P-256\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
/* should reach EOF */
AssertIntLE(BIO_gets(wbio, line, sizeof(line)) ,0);
EVP_PKEY_free(pkey);
pkey = NULL;
BIO_free(rbio);
BIO_free(wbio);
rbio = NULL;
wbio = NULL;
#endif /* HAVE_ECC && USE_CERT_BUFFERS_256 */
/*
* test DH public key print
*/
#if defined(WOLFSSL_DH_EXTRA) && defined(USE_CERT_BUFFERS_2048)
rbio = BIO_new_mem_buf( dh_pub_key_der_2048,
sizeof_dh_pub_key_der_2048);
AssertNotNull(rbio);
wolfSSL_d2i_PUBKEY_bio(rbio, &pkey);
AssertNotNull(pkey);
wbio = BIO_new(BIO_s_mem());
AssertNotNull(wbio);
AssertIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL),1);
BIO_gets(wbio, line, sizeof(line));
strcpy(line1, "DH Public-Key: (2048 bit)\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
BIO_gets(wbio, line, sizeof(line));
strcpy(line1, "public-key:\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
BIO_gets(wbio, line, sizeof(line));
strcpy(line1,
" 34:41:BF:E9:F2:11:BF:05:DB:B2:72:A8:29:CC:BD:\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
/* skip to the end of public-key element*/
for( i = 0; i < 17 ;i++) {
BIO_gets(wbio, line, sizeof(line));
}
BIO_gets(wbio, line, sizeof(line));
strcpy(line1, "prime:\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
BIO_gets(wbio, line, sizeof(line));
strcpy(line1,
" 00:D3:B2:99:84:5C:0A:4C:E7:37:CC:FC:18:37:01:\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
/* skip to the end of prime element*/
for( i = 0; i < 17 ;i++) {
BIO_gets(wbio, line, sizeof(line));
}
BIO_gets(wbio, line, sizeof(line));
strcpy(line1, "generator: 2 (0x02)\n");
AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0);
/* should reach EOF */
AssertIntLE(BIO_gets(wbio, line, sizeof(line)) ,0);
EVP_PKEY_free(pkey);
pkey = NULL;
BIO_free(rbio);
BIO_free(wbio);
rbio = NULL;
wbio = NULL;
#endif /* WOLFSSL_DH_EXTRA && USE_CERT_BUFFERS_2048 */
/* to prevent "unused variable" warning */
(void)pkey;
(void)wbio;
(void)rbio;
(void)line;
(void)line1;
(void)i;
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}
/* Test functions for base64 encode/decode */
static void test_wolfSSL_EVP_ENCODE_CTX_new(void)
{
#if defined(OPENSSL_EXTRA) && \
( defined(WOLFSSL_BASE64_ENCODE) || defined(WOLFSSL_BASE64_DECODE))
printf(testingFmt, "EVP_ENCODE_CTX_new()");
EVP_ENCODE_CTX* ctx = NULL;
AssertNotNull( ctx = EVP_ENCODE_CTX_new());
AssertIntEQ( ctx->remaining,0);
AssertIntEQ( ctx->data[0],0);
AssertIntEQ( ctx->data[sizeof(ctx->data) -1],0);
EVP_ENCODE_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && (WOLFSSL_BASE64_ENCODE || WOLFSSL_BASE64_DECODE)*/
}
static void test_wolfSSL_EVP_ENCODE_CTX_free(void)
{
#if defined(OPENSSL_EXTRA) && \
( defined(WOLFSSL_BASE64_ENCODE) || defined(WOLFSSL_BASE64_DECODE))
printf(testingFmt, "EVP_ENCODE_CTX_free()");
EVP_ENCODE_CTX* ctx = NULL;
AssertNotNull( ctx = EVP_ENCODE_CTX_new());
EVP_ENCODE_CTX_free(ctx);
printf(resultFmt, passed);
#endif /*OPENSSL_EXTRA && (WOLFSSL_BASE64_ENCODE || WOLFSSL_BASE64_DECODE)*/
}
static void test_wolfSSL_EVP_EncodeInit(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE)
printf(testingFmt, "EVP_EncodeInit()");
EVP_ENCODE_CTX* ctx = NULL;
AssertNotNull( ctx = EVP_ENCODE_CTX_new());
AssertIntEQ( ctx->remaining,0);
AssertIntEQ( ctx->data[0],0);
AssertIntEQ( ctx->data[sizeof(ctx->data) -1],0);
/* make ctx dirty */
ctx->remaining = 10;
XMEMSET( ctx->data, 0x77, sizeof(ctx->data));
EVP_EncodeInit(ctx);
AssertIntEQ( ctx->remaining,0);
AssertIntEQ( ctx->data[0],0);
AssertIntEQ( ctx->data[sizeof(ctx->data) -1],0);
EVP_ENCODE_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && WOLFSSL_BASE64_ENCODE*/
}
static void test_wolfSSL_EVP_EncodeUpdate(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE)
printf(testingFmt, "EVP_EncodeUpdate()");
int outl;
int total;
const unsigned char plain0[] = {"Th"};
const unsigned char plain1[] = {"This is a base64 encodeing test."};
const unsigned char plain2[] = {"This is additional data."};
const unsigned char enc0[] = {"VGg=\n"};
/* expected encoded result for the first output 64 chars plus trailing LF*/
const unsigned char enc1[] = {"VGhpcyBpcyBhIGJhc2U2NCBlbmNvZGVpbmcgdGVzdC5UaGlzIGlzIGFkZGl0aW9u\n"};
const unsigned char enc2[] =
{"VGhpcyBpcyBhIGJhc2U2NCBlbmNvZGVpbmcgdGVzdC5UaGlzIGlzIGFkZGl0aW9u\nYWwgZGF0YS4=\n"};
unsigned char encOutBuff[300];
EVP_ENCODE_CTX* ctx = NULL;
AssertNotNull( ctx = EVP_ENCODE_CTX_new());
EVP_EncodeInit(ctx);
/* illegal parameter test */
AssertIntEQ(
EVP_EncodeUpdate(
NULL, /* pass NULL as ctx */
encOutBuff,
&outl,
plain1,
sizeof(plain1)-1),
0 /* expected result code 0: fail */
);
AssertIntEQ(
EVP_EncodeUpdate(
ctx,
NULL, /* pass NULL as out buff */
&outl,
plain1,
sizeof(plain1)-1),
0 /* expected result code 0: fail */
);
AssertIntEQ(
EVP_EncodeUpdate(
ctx,
encOutBuff,
NULL, /* pass NULL as outl */
plain1,
sizeof(plain1)-1),
0 /* expected result code 0: fail */
);
AssertIntEQ(
EVP_EncodeUpdate(
ctx,
encOutBuff,
&outl,
NULL, /* pass NULL as in */
sizeof(plain1)-1),
0 /* expected result code 0: fail */
);
/* meaningless parameter test */
AssertIntEQ(
EVP_EncodeUpdate(
ctx,
encOutBuff,
&outl,
plain1,
0), /* pass zero input */
1 /* expected result code 1: success */
);
/* very small data encoding test */
EVP_EncodeInit(ctx);
AssertIntEQ(
EVP_EncodeUpdate(
ctx,
encOutBuff,
&outl,
plain0,
sizeof(plain0)-1),
1 /* expected result code 1: success */
);
AssertIntEQ(outl,0);
EVP_EncodeFinal(
ctx,
encOutBuff + outl,
&outl);
AssertIntEQ( outl, sizeof(enc0)-1);
AssertIntEQ(
XSTRNCMP(
(const char*)encOutBuff,
(const char*)enc0,sizeof(enc0) ),
0);
/* pass small size( < 48bytes ) input, then make sure they are not
* encoded and just stored in ctx
*/
EVP_EncodeInit(ctx);
total = 0;
outl = 0;
XMEMSET( encOutBuff,0, sizeof(encOutBuff));
AssertIntEQ(
EVP_EncodeUpdate(
ctx,
encOutBuff, /* buffer for output */
&outl, /* size of output */
plain1, /* input */
sizeof(plain1)-1), /* size of input */
1); /* expected result code 1:success */
total += outl;
AssertIntEQ(outl, 0); /* no output expected */
AssertIntEQ(ctx->remaining, sizeof(plain1) -1);
AssertTrue(
XSTRNCMP((const char*)(ctx->data),
(const char*)plain1,
ctx->remaining) ==0 );
AssertTrue(encOutBuff[0] == 0);
/* call wolfSSL_EVP_EncodeUpdate again to make it encode
* the stored data and the new input together
*/
AssertIntEQ(
EVP_EncodeUpdate(
ctx,
encOutBuff + outl, /* buffer for output */
&outl, /* size of output */
plain2, /* additional input */
sizeof(plain2) -1), /* size of additional input */
1); /* expected result code 1:success */
total += outl;
AssertIntNE(outl, 0); /* some output is expected this time*/
AssertIntEQ(outl, BASE64_ENCODE_RESULT_BLOCK_SIZE +1); /* 64 bytes and LF */
AssertIntEQ(
XSTRNCMP((const char*)encOutBuff,(const char*)enc1,sizeof(enc1) ),0);
/* call wolfSSL_EVP_EncodeFinal to flush all the unprocessed input */
EVP_EncodeFinal(
ctx,
encOutBuff + outl,
&outl);
total += outl;
AssertIntNE(total,0);
AssertIntNE(outl,0);
AssertIntEQ(XSTRNCMP(
(const char*)encOutBuff,(const char*)enc2,sizeof(enc2) ),0);
/* test with illeagal parameters */
outl = 1;
EVP_EncodeFinal(NULL, encOutBuff + outl, &outl);
AssertIntEQ(outl, 0);
outl = 1;
EVP_EncodeFinal(ctx, NULL, &outl);
AssertIntEQ(outl, 0);
EVP_EncodeFinal(ctx, encOutBuff + outl, NULL);
EVP_EncodeFinal(NULL, NULL, NULL);
EVP_ENCODE_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && WOLFSSL_BASE64_ENCODE*/
}
static void test_wolfSSL_EVP_EncodeFinal(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE)
printf(testingFmt, "wolfSSL_EVP_EncodeFinal()");
/* tests for wolfSSL_EVP_EncodeFinal are included in
* test_wolfSSL_EVP_EncodeUpdate
*/
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && WOLFSSL_BASE64_ENCODE*/
}
static void test_wolfSSL_EVP_DecodeInit(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_DECODE)
printf(testingFmt, "EVP_DecodeInit()");
EVP_ENCODE_CTX* ctx = NULL;
AssertNotNull( ctx = EVP_ENCODE_CTX_new());
AssertIntEQ( ctx->remaining,0);
AssertIntEQ( ctx->data[0],0);
AssertIntEQ( ctx->data[sizeof(ctx->data) -1],0);
/* make ctx dirty */
ctx->remaining = 10;
XMEMSET( ctx->data, 0x77, sizeof(ctx->data));
EVP_DecodeInit(ctx);
AssertIntEQ( ctx->remaining,0);
AssertIntEQ( ctx->data[0],0);
AssertIntEQ( ctx->data[sizeof(ctx->data) -1],0);
EVP_ENCODE_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* OPENSSL && WOLFSSL_BASE_DECODE */
}
static void test_wolfSSL_EVP_DecodeUpdate(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_DECODE)
printf(testingFmt, "EVP_DecodeUpdate()");
int outl;
unsigned char decOutBuff[300];
EVP_ENCODE_CTX* ctx = EVP_ENCODE_CTX_new();
EVP_DecodeInit(ctx);
const unsigned char enc1[] =
{"VGhpcyBpcyBhIGJhc2U2NCBkZWNvZGluZyB0ZXN0Lg==\n"};
/* const unsigned char plain1[] =
{"This is a base64 decoding test."} */
/* illegal parameter tests */
/* pass NULL as ctx */
AssertIntEQ(
EVP_DecodeUpdate(
NULL, /* pass NULL as ctx */
decOutBuff,
&outl,
enc1,
sizeof(enc1)-1),
-1 /* expected result code -1: fail */
);
AssertIntEQ( outl, 0);
/* pass NULL as output */
AssertIntEQ(
EVP_DecodeUpdate(
ctx,
NULL, /* pass NULL as out buff */
&outl,
enc1,
sizeof(enc1)-1),
-1 /* expected result code -1: fail */
);
AssertIntEQ( outl, 0);
/* pass NULL as outl */
AssertIntEQ(
EVP_DecodeUpdate(
ctx,
decOutBuff,
NULL, /* pass NULL as outl */
enc1,
sizeof(enc1)-1),
-1 /* expected result code -1: fail */
);
/* pass NULL as input */
AssertIntEQ(
EVP_DecodeUpdate(
ctx,
decOutBuff,
&outl,
NULL, /* pass NULL as in */
sizeof(enc1)-1),
-1 /* expected result code -1: fail */
);
AssertIntEQ( outl, 0);
/* pass zero length input */
AssertIntEQ(
EVP_DecodeUpdate(
ctx,
decOutBuff,
&outl,
enc1,
0), /* pass zero as input len */
1 /* expected result code 1: success */
);
/* decode correct base64 string */
const unsigned char enc2[] =
{"VGhpcyBpcyBhIGJhc2U2NCBkZWNvZGluZyB0ZXN0Lg==\n"};
const unsigned char plain2[] =
{"This is a base64 decoding test."};
EVP_EncodeInit(ctx);
AssertIntEQ(
EVP_DecodeUpdate(
ctx,
decOutBuff,
&outl,
enc2,
sizeof(enc2)-1),
0 /* expected result code 0: success */
);
AssertIntEQ(outl,sizeof(plain2) -1);
AssertIntEQ(
EVP_DecodeFinal(
ctx,
decOutBuff + outl,
&outl),
1 /* expected result code 1: success */
);
AssertIntEQ(outl, 0); /* expected DecodeFinal outout no data */
AssertIntEQ(XSTRNCMP( (const char*)plain2,(const char*)decOutBuff,
sizeof(plain2) -1 ),0);
/* decode correct base64 string which does not have '\n' in its last*/
const unsigned char enc3[] =
{"VGhpcyBpcyBhIGJhc2U2NCBkZWNvZGluZyB0ZXN0Lg=="}; /* 44 chars */
const unsigned char plain3[] =
{"This is a base64 decoding test."}; /* 31 chars */
EVP_EncodeInit(ctx);
AssertIntEQ(
EVP_DecodeUpdate(
ctx,
decOutBuff,
&outl,
enc3,
sizeof(enc3)-1),
0 /* expected result code 0: success */
);
AssertIntEQ(outl,sizeof(plain3)-1); /* 31 chars should be output */
AssertIntEQ(XSTRNCMP( (const char*)plain3,(const char*)decOutBuff,
sizeof(plain3) -1 ),0);
AssertIntEQ(
EVP_DecodeFinal(
ctx,
decOutBuff + outl,
&outl),
1 /* expected result code 1: success */
);
AssertIntEQ(outl,0 );
/* decode string which has a padding char ('=') in the illegal position*/
const unsigned char enc4[] =
{"VGhpcyBpcyBhIGJhc2U2N=CBkZWNvZGluZyB0ZXN0Lg==\n"};
EVP_EncodeInit(ctx);
AssertIntEQ(
EVP_DecodeUpdate(
ctx,
decOutBuff,
&outl,
enc4,
sizeof(enc4)-1),
-1 /* expected result code -1: error */
);
AssertIntEQ(outl,0);
/* small data decode test */
const unsigned char enc00[] = {"VG"};
const unsigned char enc01[] = {"g=\n"};
const unsigned char plain4[] = {"Th"};
EVP_EncodeInit(ctx);
AssertIntEQ(
EVP_DecodeUpdate(
ctx,
decOutBuff,
&outl,
enc00,
sizeof(enc00)-1),
1 /* expected result code 1: success */
);
AssertIntEQ(outl,0);
AssertIntEQ(
EVP_DecodeUpdate(
ctx,
decOutBuff + outl,
&outl,
enc01,
sizeof(enc01)-1),
0 /* expected result code 0: success */
);
AssertIntEQ(outl,sizeof(plain4)-1);
/* test with illegal parameters */
AssertIntEQ(EVP_DecodeFinal(NULL,decOutBuff + outl,&outl), -1);
AssertIntEQ(EVP_DecodeFinal(ctx,NULL,&outl), -1);
AssertIntEQ(EVP_DecodeFinal(ctx,decOutBuff + outl, NULL), -1);
AssertIntEQ(EVP_DecodeFinal(NULL,NULL, NULL), -1);
EVP_DecodeFinal(
ctx,
decOutBuff + outl,
&outl);
AssertIntEQ( outl, 0);
AssertIntEQ(
XSTRNCMP(
(const char*)decOutBuff,
(const char*)plain4,sizeof(plain4)-1 ),
0);
EVP_ENCODE_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* OPENSSL && WOLFSSL_BASE_DECODE */
}
static void test_wolfSSL_EVP_DecodeFinal(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_DECODE)
printf(testingFmt, "EVP_DecodeFinal()");
/* tests for wolfSSL_EVP_DecodeFinal are included in
* test_wolfSSL_EVP_DecodeUpdate
*/
printf(resultFmt, passed);
#endif /* OPENSSL && WOLFSSL_BASE_DECODE */
}
/* Test function for wolfSSL_EVP_get_cipherbynid.
*/
#ifdef OPENSSL_EXTRA
static void test_wolfSSL_EVP_get_cipherbynid(void)
{
#ifndef NO_AES
const WOLFSSL_EVP_CIPHER* c;
c = wolfSSL_EVP_get_cipherbynid(419);
#if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \
defined(WOLFSSL_AES_128)
AssertNotNull(c);
AssertNotNull(strcmp("EVP_AES_128_CBC", c));
#else
AssertNull(c);
#endif
c = wolfSSL_EVP_get_cipherbynid(423);
#if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \
defined(WOLFSSL_AES_192)
AssertNotNull(c);
AssertNotNull(strcmp("EVP_AES_192_CBC", c));
#else
AssertNull(c);
#endif
c = wolfSSL_EVP_get_cipherbynid(427);
#if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \
defined(WOLFSSL_AES_256)
AssertNotNull(c);
AssertNotNull(strcmp("EVP_AES_256_CBC", c));
#else
AssertNull(c);
#endif
c = wolfSSL_EVP_get_cipherbynid(904);
#if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_128)
AssertNotNull(c);
AssertNotNull(strcmp("EVP_AES_128_CTR", c));
#else
AssertNull(c);
#endif
c = wolfSSL_EVP_get_cipherbynid(905);
#if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_192)
AssertNotNull(c);
AssertNotNull(strcmp("EVP_AES_192_CTR", c));
#else
AssertNull(c);
#endif
c = wolfSSL_EVP_get_cipherbynid(906);
#if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256)
AssertNotNull(c);
AssertNotNull(strcmp("EVP_AES_256_CTR", c));
#else
AssertNull(c);
#endif
c = wolfSSL_EVP_get_cipherbynid(418);
#if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_128)
AssertNotNull(c);
AssertNotNull(strcmp("EVP_AES_128_ECB", c));
#else
AssertNull(c);
#endif
c = wolfSSL_EVP_get_cipherbynid(422);
#if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_192)
AssertNotNull(c);
AssertNotNull(strcmp("EVP_AES_192_ECB", c));
#else
AssertNull(c);
#endif
c = wolfSSL_EVP_get_cipherbynid(426);
#if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256)
AssertNotNull(c);
AssertNotNull(strcmp("EVP_AES_256_ECB", c));
#else
AssertNull(c);
#endif
#endif /* !NO_AES */
#ifndef NO_DES3
AssertNotNull(strcmp("EVP_DES_CBC", wolfSSL_EVP_get_cipherbynid(31)));
#ifdef WOLFSSL_DES_ECB
AssertNotNull(strcmp("EVP_DES_ECB", wolfSSL_EVP_get_cipherbynid(29)));
#endif
AssertNotNull(strcmp("EVP_DES_EDE3_CBC", wolfSSL_EVP_get_cipherbynid(44)));
#ifdef WOLFSSL_DES_ECB
AssertNotNull(strcmp("EVP_DES_EDE3_ECB", wolfSSL_EVP_get_cipherbynid(33)));
#endif
#endif /* !NO_DES3 */
/* test for nid is out of range */
AssertNull(wolfSSL_EVP_get_cipherbynid(1));
}
static void test_wolfSSL_EVP_CIPHER_CTX(void)
{
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
const EVP_CIPHER *init = EVP_aes_128_cbc();
const EVP_CIPHER *test;
byte key[AES_BLOCK_SIZE] = {0};
byte iv[AES_BLOCK_SIZE] = {0};
AssertNotNull(ctx);
wolfSSL_EVP_CIPHER_CTX_init(ctx);
AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
test = EVP_CIPHER_CTX_cipher(ctx);
AssertTrue(init == test);
AssertIntEQ(EVP_CIPHER_nid(test), NID_aes_128_cbc);
AssertIntEQ(EVP_CIPHER_CTX_reset(ctx), WOLFSSL_SUCCESS);
AssertIntEQ(EVP_CIPHER_CTX_reset(NULL), WOLFSSL_FAILURE);
EVP_CIPHER_CTX_free(ctx);
/* test EVP_CIPHER_CTX_cleanup with NULL */
AssertIntEQ(EVP_CIPHER_CTX_cleanup(NULL), WOLFSSL_SUCCESS);
#endif /* !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_128 */
}
#endif /* OPENSSL_EXTRA */
/*----------------------------------------------------------------------------*
| IO
*----------------------------------------------------------------------------*/
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
!defined(NO_RSA) && !defined(SINGLE_THREADED) && \
!defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
#define HAVE_IO_TESTS_DEPENDENCIES
#endif
/* helper functions */
#ifdef HAVE_IO_TESTS_DEPENDENCIES
#ifdef WOLFSSL_SESSION_EXPORT
#ifdef WOLFSSL_DTLS
/* set up function for sending session information */
static int test_export(WOLFSSL* inSsl, byte* buf, word32 sz, void* userCtx)
{
WOLFSSL_CTX* ctx = NULL;
WOLFSSL* ssl = NULL;
AssertNotNull(inSsl);
AssertNotNull(buf);
AssertIntNE(0, sz);
/* Set ctx to DTLS 1.2 */
ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method());
AssertNotNull(ctx);
ssl = wolfSSL_new(ctx);
AssertNotNull(ssl);
AssertIntGE(wolfSSL_dtls_import(ssl, buf, sz), 0);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
(void)userCtx;
return WOLFSSL_SUCCESS;
}
#endif
/* returns negative value on fail and positive (including 0) on success */
static int nonblocking_accept_read(void* args, WOLFSSL* ssl, SOCKET_T* sockfd)
{
int ret, err, loop_count, count, timeout = 10;
char msg[] = "I hear you fa shizzle!";
char input[1024];
loop_count = ((func_args*)args)->argc;
#ifdef WOLFSSL_ASYNC_CRYPT
err = 0; /* Reset error */
#endif
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
ret = wolfSSL_accept(ssl);
err = wolfSSL_get_error(ssl, 0);
if (err == WOLFSSL_ERROR_WANT_READ ||
err == WOLFSSL_ERROR_WANT_WRITE) {
int select_ret;
err = WC_PENDING_E;
select_ret = tcp_select(*sockfd, timeout);
if (select_ret == TEST_TIMEOUT) {
return WOLFSSL_FATAL_ERROR;
}
}
} while (err == WC_PENDING_E);
if (ret != WOLFSSL_SUCCESS) {
char buff[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
return ret;
}
for (count = 0; count < loop_count; count++) {
int select_ret;
select_ret = tcp_select(*sockfd, timeout);
if (select_ret == TEST_TIMEOUT) {
ret = WOLFSSL_FATAL_ERROR;
break;
}
do {
ret = wolfSSL_read(ssl, input, sizeof(input)-1);
if (ret > 0) {
input[ret] = '\0';
printf("Client message: %s\n", input);
}
} while (err == WOLFSSL_ERROR_WANT_READ && ret != WOLFSSL_SUCCESS);
do {
if ((ret = wolfSSL_write(ssl, msg, sizeof(msg))) != sizeof(msg)) {
return WOLFSSL_FATAL_ERROR;
}
err = wolfSSL_get_error(ssl, ret);
} while (err == WOLFSSL_ERROR_WANT_READ && ret != WOLFSSL_SUCCESS);
}
return ret;
}
#endif /* WOLFSSL_SESSION_EXPORT */
/* TODO: Expand and enable this when EVP_chacha20_poly1305 is supported */
#if defined(HAVE_SESSION_TICKET) && defined(OPENSSL_EXTRA) && \
defined(HAVE_AES_CBC)
typedef struct openssl_key_ctx {
byte name[WOLFSSL_TICKET_NAME_SZ]; /* server name */
byte key[WOLFSSL_TICKET_KEY_SZ]; /* cipher key */
byte hmacKey[WOLFSSL_TICKET_NAME_SZ]; /* hmac key */
byte iv[WOLFSSL_TICKET_IV_SZ]; /* cipher iv */
} openssl_key_ctx;
static THREAD_LS_T openssl_key_ctx myOpenSSLKey_ctx;
static THREAD_LS_T WC_RNG myOpenSSLKey_rng;
static WC_INLINE int OpenSSLTicketInit(void)
{
int ret = wc_InitRng(&myOpenSSLKey_rng);
if (ret != 0) return ret;
ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.name,
sizeof(myOpenSSLKey_ctx.name));
if (ret != 0) return ret;
ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.key,
sizeof(myOpenSSLKey_ctx.key));
if (ret != 0) return ret;
ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.hmacKey,
sizeof(myOpenSSLKey_ctx.hmacKey));
if (ret != 0) return ret;
ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.iv,
sizeof(myOpenSSLKey_ctx.iv));
if (ret != 0) return ret;
return 0;
}
static WC_INLINE int myTicketEncCbOpenSSL(WOLFSSL* ssl,
byte name[WOLFSSL_TICKET_NAME_SZ],
byte iv[WOLFSSL_TICKET_IV_SZ],
WOLFSSL_EVP_CIPHER_CTX *ectx,
WOLFSSL_HMAC_CTX *hctx, int enc) {
(void)ssl;
if (enc) {
XMEMCPY(name, myOpenSSLKey_ctx.name, sizeof(myOpenSSLKey_ctx.name));
XMEMCPY(iv, myOpenSSLKey_ctx.iv, sizeof(myOpenSSLKey_ctx.iv));
}
else if (XMEMCMP(name, myOpenSSLKey_ctx.name,
sizeof(myOpenSSLKey_ctx.name)) != 0 ||
XMEMCMP(iv, myOpenSSLKey_ctx.iv,
sizeof(myOpenSSLKey_ctx.iv)) != 0) {
return 0;
}
HMAC_Init_ex(hctx, myOpenSSLKey_ctx.hmacKey, WOLFSSL_TICKET_NAME_SZ, EVP_sha256(), NULL);
if (enc)
EVP_EncryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, myOpenSSLKey_ctx.key, iv);
else
EVP_DecryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, myOpenSSLKey_ctx.key, iv);
return 1;
}
static WC_INLINE void OpenSSLTicketCleanup(void)
{
wc_FreeRng(&myOpenSSLKey_rng);
}
#endif
#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS)
#ifdef WC_SHA512_DIGEST_SIZE
#define MD_MAX_SIZE WC_SHA512_DIGEST_SIZE
#else
#define MD_MAX_SIZE WC_SHA256_DIGEST_SIZE
#endif
byte server_side_msg1[MD_MAX_SIZE] = {0};/* msg sent by server */
byte server_side_msg2[MD_MAX_SIZE] = {0};/* msg received from client */
byte client_side_msg1[MD_MAX_SIZE] = {0};/* msg sent by client */
byte client_side_msg2[MD_MAX_SIZE] = {0};/* msg received from server */
#endif
static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
{
SOCKET_T sockfd = 0;
SOCKET_T clientfd = 0;
word16 port;
callback_functions* cbf;
WOLFSSL_CTX* ctx = 0;
WOLFSSL* ssl = 0;
func_args* opts = (func_args*)args;
char msg[] = "I hear you fa shizzle!";
char input[1024];
int idx;
int ret, err = 0;
int sharedCtx = 0;
#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS)
size_t msg_len = 0;
#endif
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
opts->return_code = TEST_FAIL;
cbf = opts->callbacks;
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
if (cbf != NULL && cbf->ctx) {
ctx = cbf->ctx;
sharedCtx = 1;
}
else
#endif
{
WOLFSSL_METHOD* method = NULL;
if (cbf != NULL && cbf->method != NULL) {
method = cbf->method();
}
else {
method = wolfSSLv23_server_method();
}
ctx = wolfSSL_CTX_new(method);
}
if (ctx == NULL) {
goto done;
}
if (cbf == NULL || !cbf->ticNoInit) {
#if defined(HAVE_SESSION_TICKET) && \
((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
#if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC)
OpenSSLTicketInit();
wolfSSL_CTX_set_tlsext_ticket_key_cb(ctx, myTicketEncCbOpenSSL);
#elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
TicketInit();
wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb);
#endif
#endif
}
#if defined(USE_WINDOWS_API)
port = opts->signal->port;
#elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \
!defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS)
/* Let tcp_listen assign port */
port = 0;
#else
/* Use default port */
port = wolfSSLPort;
#endif
/* do it here to detect failure */
tcp_accept(&sockfd, &clientfd, opts, port, 0, 0, 0, 0, 1, 0, 0);
CloseSocket(sockfd);
wolfSSL_CTX_set_verify(ctx,
WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
#ifdef WOLFSSL_ENCRYPTED_KEYS
wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
if (wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0)
!= WOLFSSL_SUCCESS) {
/*err_sys("can't load ca file, Please run from wolfSSL home dir");*/
goto done;
}
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#else
if (wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#endif
/*err_sys("can't load server cert chain file, "
"Please run from wolfSSL home dir");*/
goto done;
}
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#else
if (wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#endif
/*err_sys("can't load server key file, "
"Please run from wolfSSL home dir");*/
goto done;
}
/* call ctx setup callback */
if (cbf != NULL && cbf->ctx_ready != NULL) {
cbf->ctx_ready(ctx);
}
ssl = wolfSSL_new(ctx);
if (ssl == NULL) {
goto done;
}
#ifdef WOLFSSL_SESSION_EXPORT
/* only add in more complex nonblocking case with session export tests */
if (args && opts->argc > 0) {
/* set as nonblock and time out for waiting on read/write */
tcp_set_nonblocking(&clientfd);
wolfSSL_dtls_set_using_nonblock(ssl, 1);
}
#endif
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
if (sharedCtx && wolfSSL_use_certificate_file(ssl, svrCertFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#else
if (wolfSSL_use_certificate_file(ssl, svrCertFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#endif
/*err_sys("can't load server cert chain file, "
"Please run from wolfSSL home dir");*/
goto done;
}
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, svrKeyFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#else
if (wolfSSL_use_PrivateKey_file(ssl, svrKeyFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#endif
/*err_sys("can't load server key file, "
"Please run from wolfSSL home dir");*/
goto done;
}
if (wolfSSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS) {
/*err_sys("SSL_set_fd failed");*/
goto done;
}
#if !defined(NO_FILESYSTEM) && !defined(NO_DH)
wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
#elif !defined(NO_DH)
SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */
#endif
/* call ssl setup callback */
if (cbf != NULL && cbf->ssl_ready != NULL) {
cbf->ssl_ready(ssl);
}
#ifdef WOLFSSL_SESSION_EXPORT
/* only add in more complex nonblocking case with session export tests */
if (opts->argc > 0) {
ret = nonblocking_accept_read(args, ssl, &clientfd);
if (ret >= 0) {
opts->return_code = TEST_SUCCESS;
}
#ifdef WOLFSSL_TIRTOS
Task_yield();
#endif
goto done;
}
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
err = 0; /* Reset error */
#endif
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
ret = wolfSSL_accept(ssl);
err = wolfSSL_get_error(ssl, 0);
} while (err == WC_PENDING_E);
if (ret != WOLFSSL_SUCCESS) {
char buff[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
/*err_sys("SSL_accept failed");*/
goto done;
}
#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS)
XMEMSET(server_side_msg2, 0, MD_MAX_SIZE);
msg_len = wolfSSL_get_peer_finished(ssl, server_side_msg2, MD_MAX_SIZE);
AssertIntGE(msg_len, 0);
XMEMSET(server_side_msg1, 0, MD_MAX_SIZE);
msg_len = wolfSSL_get_finished(ssl, server_side_msg1, MD_MAX_SIZE);
AssertIntGE(msg_len, 0);
#endif
idx = wolfSSL_read(ssl, input, sizeof(input)-1);
if (idx > 0) {
input[idx] = '\0';
printf("Client message: %s\n", input);
}
if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) {
/*err_sys("SSL_write failed");*/
#ifdef WOLFSSL_TIRTOS
return;
#else
return 0;
#endif
}
if (cbf != NULL && cbf->on_result != NULL)
cbf->on_result(ssl);
#ifdef WOLFSSL_TIRTOS
Task_yield();
#endif
opts->return_code = TEST_SUCCESS;
done:
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
if (!sharedCtx)
wolfSSL_CTX_free(ctx);
CloseSocket(clientfd);
#ifdef WOLFSSL_TIRTOS
fdCloseSession(Task_self());
#endif
#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
&& defined(HAVE_THREAD_LS)
wc_ecc_fp_free(); /* free per thread cache */
#endif
if (cbf == NULL || !cbf->ticNoInit) {
#if defined(HAVE_SESSION_TICKET) && \
((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
#if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC)
OpenSSLTicketCleanup();
#elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
TicketCleanup();
#endif
#endif
}
#ifndef WOLFSSL_TIRTOS
return 0;
#endif
}
#if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13)
static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args)
{
SOCKET_T sockfd = 0;
SOCKET_T clientfd = 0;
word16 port;
callback_functions* cbf;
WOLFSSL_CTX* ctx = 0;
WOLFSSL* ssl = 0;
char msg[] = "I hear you fa shizzle!";
char input[1024];
int idx;
int ret, err = 0;
int sharedCtx = 0;
int loop_count = ((func_args*)args)->argc;
int count = 0;
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
((func_args*)args)->return_code = TEST_FAIL;
cbf = ((func_args*)args)->callbacks;
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
if (cbf != NULL && cbf->ctx) {
ctx = cbf->ctx;
sharedCtx = 1;
}
else
#endif
{
WOLFSSL_METHOD* method = NULL;
if (cbf != NULL && cbf->method != NULL) {
method = cbf->method();
}
else {
method = wolfSSLv23_server_method();
}
ctx = wolfSSL_CTX_new(method);
}
#if defined(USE_WINDOWS_API)
port = ((func_args*)args)->signal->port;
#elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \
!defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS)
/* Let tcp_listen assign port */
port = 0;
#else
/* Use default port */
port = wolfSSLPort;
#endif
wolfSSL_CTX_set_verify(ctx,
WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
#ifdef WOLFSSL_ENCRYPTED_KEYS
wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
if (wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0)
!= WOLFSSL_SUCCESS) {
/*err_sys("can't load ca file, Please run from wolfSSL home dir");*/
goto done;
}
if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
/*err_sys("can't load server cert chain file, "
"Please run from wolfSSL home dir");*/
goto done;
}
if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
/*err_sys("can't load server key file, "
"Please run from wolfSSL home dir");*/
goto done;
}
/* call ctx setup callback */
if (cbf != NULL && cbf->ctx_ready != NULL) {
cbf->ctx_ready(ctx);
}
while(count != loop_count) {
ssl = wolfSSL_new(ctx);
if (ssl == NULL) {
goto done;
}
if (sharedCtx && wolfSSL_use_certificate_file(ssl, svrCertFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
/*err_sys("can't load server cert chain file, "
"Please run from wolfSSL home dir");*/
goto done;
}
if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, svrKeyFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
/*err_sys("can't load server key file, "
"Please run from wolfSSL home dir");*/
goto done;
}
#if !defined(NO_FILESYSTEM) && !defined(NO_DH)
wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
#elif !defined(NO_DH)
SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */
#endif
/* call ssl setup callback */
if (cbf != NULL && cbf->ssl_ready != NULL) {
cbf->ssl_ready(ssl);
}
/* do it here to detect failure */
tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0);
CloseSocket(sockfd);
if (wolfSSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS) {
/*err_sys("SSL_set_fd failed");*/
goto done;
}
#ifdef WOLFSSL_ASYNC_CRYPT
err = 0; /* Reset error */
#endif
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
ret = wolfSSL_accept(ssl);
err = wolfSSL_get_error(ssl, 0);
} while (err == WC_PENDING_E);
if (ret != WOLFSSL_SUCCESS) {
char buff[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
/*err_sys("SSL_accept failed");*/
goto done;
}
idx = wolfSSL_read(ssl, input, sizeof(input)-1);
if (idx > 0) {
input[idx] = '\0';
printf("Client message: %s\n", input);
}
if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) {
/*err_sys("SSL_write failed");*/
#ifdef WOLFSSL_TIRTOS
return;
#else
return 0;
#endif
}
/* free ssl for this connection */
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl); ssl = NULL;
CloseSocket(clientfd);
count++;
}
#ifdef WOLFSSL_TIRTOS
Task_yield();
#endif
((func_args*)args)->return_code = TEST_SUCCESS;
done:
if(ssl != NULL) {
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
}
if (!sharedCtx)
wolfSSL_CTX_free(ctx);
CloseSocket(clientfd);
#ifdef WOLFSSL_TIRTOS
fdCloseSession(Task_self());
#endif
#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
&& defined(HAVE_THREAD_LS)
wc_ecc_fp_free(); /* free per thread cache */
#endif
#ifndef WOLFSSL_TIRTOS
return 0;
#endif
}
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) */
typedef int (*cbType)(WOLFSSL_CTX *ctx, WOLFSSL *ssl);
static void test_client_nofail(void* args, cbType cb)
{
SOCKET_T sockfd = 0;
callback_functions* cbf;
WOLFSSL_CTX* ctx = 0;
WOLFSSL* ssl = 0;
WOLFSSL_CIPHER* cipher;
char msg[64] = "hello wolfssl!";
char reply[1024];
int input;
int msgSz = (int)XSTRLEN(msg);
int ret, err = 0;
int cipherSuite;
int sharedCtx = 0;
const char* cipherName1, *cipherName2;
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
((func_args*)args)->return_code = TEST_FAIL;
cbf = ((func_args*)args)->callbacks;
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
if (cbf != NULL && cbf->ctx) {
ctx = cbf->ctx;
sharedCtx = cbf->isSharedCtx;
}
else
#endif
{
WOLFSSL_METHOD* method = NULL;
if (cbf != NULL && cbf->method != NULL) {
method = cbf->method();
}
else {
method = wolfSSLv23_client_method();
}
ctx = wolfSSL_CTX_new(method);
}
#ifdef WOLFSSL_ENCRYPTED_KEYS
wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
/* Do connect here so server detects failures */
tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port,
0, 0, NULL);
if (wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0) != WOLFSSL_SUCCESS)
{
/* err_sys("can't load ca file, Please run from wolfSSL home dir");*/
goto done;
}
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#else
if (wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#endif
/*err_sys("can't load client cert file, "
"Please run from wolfSSL home dir");*/
goto done;
}
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#else
if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#endif
/*err_sys("can't load client key file, "
"Please run from wolfSSL home dir");*/
goto done;
}
/* call ctx setup callback */
if (cbf != NULL && cbf->ctx_ready != NULL) {
cbf->ctx_ready(ctx);
}
ssl = wolfSSL_new(ctx);
if (ssl == NULL) {
goto done;
}
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
if (sharedCtx && wolfSSL_use_certificate_file(ssl, cliCertFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#else
if (wolfSSL_use_certificate_file(ssl, cliCertFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#endif
/*err_sys("can't load client cert file, "
"Please run from wolfSSL home dir");*/
goto done;
}
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, cliKeyFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#else
if (wolfSSL_use_PrivateKey_file(ssl, cliKeyFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
#endif
/*err_sys("can't load client key file, "
"Please run from wolfSSL home dir");*/
goto done;
}
if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
/*err_sys("SSL_set_fd failed");*/
goto done;
}
/* call ssl setup callback */
if (cbf != NULL && cbf->ssl_ready != NULL) {
cbf->ssl_ready(ssl);
}
#ifdef WOLFSSL_ASYNC_CRYPT
err = 0; /* Reset error */
#endif
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
ret = wolfSSL_connect(ssl);
err = wolfSSL_get_error(ssl, 0);
} while (err == WC_PENDING_E);
if (ret != WOLFSSL_SUCCESS) {
char buff[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
/*err_sys("SSL_connect failed");*/
goto done;
}
/* test the various get cipher methods */
/* Internal cipher suite names */
cipherSuite = wolfSSL_get_current_cipher_suite(ssl);
cipherName1 = wolfSSL_get_cipher_name(ssl);
cipherName2 = wolfSSL_get_cipher_name_from_suite(
(cipherSuite >> 8), cipherSuite & 0xFF);
AssertStrEQ(cipherName1, cipherName2);
/* IANA Cipher Suites Names */
/* Unless WOLFSSL_CIPHER_INTERNALNAME or NO_ERROR_STRINGS,
then it's the internal cipher suite name */
cipher = wolfSSL_get_current_cipher(ssl);
cipherName1 = wolfSSL_CIPHER_get_name(cipher);
cipherName2 = wolfSSL_get_cipher(ssl);
AssertStrEQ(cipherName1, cipherName2);
#if !defined(WOLFSSL_CIPHER_INTERNALNAME) && !defined(NO_ERROR_STRINGS) && \
!defined(WOLFSSL_QT)
cipherName1 = wolfSSL_get_cipher_name_iana_from_suite(
(cipherSuite >> 8), cipherSuite & 0xFF);
AssertStrEQ(cipherName1, cipherName2);
#endif
if (cb != NULL)
(cb)(ctx, ssl);
if (wolfSSL_write(ssl, msg, msgSz) != msgSz) {
/*err_sys("SSL_write failed");*/
goto done;
}
input = wolfSSL_read(ssl, reply, sizeof(reply)-1);
if (input > 0) {
reply[input] = '\0';
printf("Server response: %s\n", reply);
}
if (cbf != NULL && cbf->on_result != NULL)
cbf->on_result(ssl);
((func_args*)args)->return_code = TEST_SUCCESS;
done:
wolfSSL_free(ssl);
if (!sharedCtx)
wolfSSL_CTX_free(ctx);
CloseSocket(sockfd);
#ifdef WOLFSSL_TIRTOS
fdCloseSession(Task_self());
#endif
#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
&& defined(HAVE_THREAD_LS)
wc_ecc_fp_free(); /* free per thread cache */
#endif
return;
}
#if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13)
static void test_client_reuse_WOLFSSLobj(void* args, void *cb, void* server_args)
{
SOCKET_T sockfd = 0;
callback_functions* cbf;
WOLFSSL_CTX* ctx = 0;
WOLFSSL* ssl = 0;
WOLFSSL_SESSION* session = NULL;
char msg[64] = "hello wolfssl!";
char reply[1024];
int input;
int msgSz = (int)XSTRLEN(msg);
int ret, err = 0;
int sharedCtx = 0;
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
((func_args*)args)->return_code = TEST_FAIL;
cbf = ((func_args*)args)->callbacks;
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
if (cbf != NULL && cbf->ctx) {
ctx = cbf->ctx;
sharedCtx = 1;
}
else
#endif
{
WOLFSSL_METHOD* method = NULL;
if (cbf != NULL && cbf->method != NULL) {
method = cbf->method();
}
else {
method = wolfSSLv23_client_method();
}
ctx = wolfSSL_CTX_new(method);
}
#ifdef WOLFSSL_ENCRYPTED_KEYS
wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
/* Do connect here so server detects failures */
tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port,
0, 0, NULL);
if (wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0) != WOLFSSL_SUCCESS)
{
/* err_sys("can't load ca file, Please run from wolfSSL home dir");*/
goto done;
}
if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
/*err_sys("can't load client cert file, "
"Please run from wolfSSL home dir");*/
goto done;
}
if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
/*err_sys("can't load client key file, "
"Please run from wolfSSL home dir");*/
goto done;
}
/* call ctx setup callback */
if (cbf != NULL && cbf->ctx_ready != NULL) {
cbf->ctx_ready(ctx);
}
ssl = wolfSSL_new(ctx);
if (ssl == NULL) {
goto done;
}
/* keep handshakre resources for re-using WOLFSSL obj */
wolfSSL_KeepArrays(ssl);
if(wolfSSL_KeepHandshakeResources(ssl)) {
/* err_sys("SSL_KeepHandshakeResources failed"); */
goto done;
}
if (sharedCtx && wolfSSL_use_certificate_file(ssl, cliCertFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
/*err_sys("can't load client cert file, "
"Please run from wolfSSL home dir");*/
goto done;
}
if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, cliKeyFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
/*err_sys("can't load client key file, "
"Please run from wolfSSL home dir");*/
goto done;
}
if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
/*err_sys("SSL_set_fd failed");*/
goto done;
}
/* call ssl setup callback */
if (cbf != NULL && cbf->ssl_ready != NULL) {
cbf->ssl_ready(ssl);
}
#ifdef WOLFSSL_ASYNC_CRYPT
err = 0; /* Reset error */
#endif
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
ret = wolfSSL_connect(ssl);
err = wolfSSL_get_error(ssl, 0);
} while (err == WC_PENDING_E);
if (ret != WOLFSSL_SUCCESS) {
char buff[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
/*err_sys("SSL_connect failed");*/
goto done;
}
/* Build first session */
if (cb != NULL)
((cbType)cb)(ctx, ssl);
if (wolfSSL_write(ssl, msg, msgSz) != msgSz) {
/*err_sys("SSL_write failed");*/
goto done;
}
input = wolfSSL_read(ssl, reply, sizeof(reply)-1);
if (input > 0) {
reply[input] = '\0';
printf("Server response: %s\n", reply);
}
/* Session Resumption by re-using WOLFSSL object */
wolfSSL_set_quiet_shutdown(ssl, 1);
if (wolfSSL_shutdown(ssl) != WOLFSSL_SUCCESS) {
/* err_sys ("SSL shutdown failed"); */
goto done;
}
session = wolfSSL_get_session(ssl);
if (wolfSSL_clear(ssl) != WOLFSSL_SUCCESS) {
/* err_sys ("SSL_clear failed"); */
goto done;
}
wolfSSL_set_session(ssl, session);
/* close socket once */
CloseSocket(sockfd);
sockfd = 0;
/* wait until server ready */
wait_tcp_ready((func_args*)server_args);
printf("session resumption\n");
/* Do re-connect */
tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port,
0, 0, NULL);
if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
/*err_sys("SSL_set_fd failed");*/
goto done;
}
#ifdef WOLFSSL_ASYNC_CRYPT
err = 0; /* Reset error */
#endif
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
ret = wolfSSL_connect(ssl);
err = wolfSSL_get_error(ssl, 0);
} while (err == WC_PENDING_E);
if (ret != WOLFSSL_SUCCESS) {
char buff[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
/*err_sys("SSL_connect failed");*/
goto done;
}
/* Build first session */
if (cb != NULL)
((cbType)cb)(ctx, ssl);
if (wolfSSL_write(ssl, msg, msgSz) != msgSz) {
/*err_sys("SSL_write failed");*/
goto done;
}
input = wolfSSL_read(ssl, reply, sizeof(reply)-1);
if (input > 0) {
reply[input] = '\0';
printf("Server response: %s\n", reply);
}
((func_args*)args)->return_code = TEST_SUCCESS;
done:
wolfSSL_free(ssl);
if (!sharedCtx)
wolfSSL_CTX_free(ctx);
CloseSocket(sockfd);
#ifdef WOLFSSL_TIRTOS
fdCloseSession(Task_self());
#endif
return;
}
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) */
static void test_client_verifyDepth(void* args)
{
#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && !defined(NO_WOLFSSL_CLIENT)
SOCKET_T sockfd = 0;
callback_functions* cbf;
WOLFSSL_CTX* ctx = 0;
WOLFSSL* ssl = 0;
char msg[64] = "hello wolfssl!";
char reply[1024];
int input;
int msgSz = (int)XSTRLEN(msg);
int ret, err = 0;
int verify_depth = ((func_args*)args)->argc;
((func_args*)args)->return_code = TEST_FAIL;
cbf = ((func_args*)args)->callbacks;
{
WOLFSSL_METHOD* method = NULL;
if (cbf != NULL && cbf->method != NULL) {
method = cbf->method();
}
else {
method = wolfSSLv23_client_method();
}
ctx = wolfSSL_CTX_new(method);
}
/* Do connect here so server detects failures */
tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port,
0, 0, NULL);
if (wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)
!= WOLFSSL_SUCCESS)
{
/* err_sys("can't load ca file, Please run from wolfSSL home dir");*/
goto done;
}
if (wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
/*err_sys("can't load client cert file, "
"Please run from wolfSSL home dir");*/
goto done;
}
if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
/*err_sys("can't load client key file, "
"Please run from wolfSSL home dir");*/
goto done;
}
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
/* set verify depth */
if (verify_depth == 0) {
myVerifyAction = VERIFY_OVERRIDE_ERROR;
SSL_CTX_set_verify_depth(ctx, verify_depth);
} else if (verify_depth == -1) {
myVerifyAction = VERIFY_USE_PREVERFIY;
SSL_CTX_set_verify_depth(ctx, 0);
} else if (verify_depth > 0) {
myVerifyAction = VERIFY_USE_PREVERFIY;
SSL_CTX_set_verify_depth(ctx, verify_depth);
}
ssl = wolfSSL_new(ctx);
if (ssl == NULL) {
goto done;
}
if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
/*err_sys("SSL_set_fd failed");*/
goto done;
}
#ifdef WOLFSSL_ASYNC_CRYPT
err = 0; /* Reset error */
#endif
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
ret = wolfSSL_connect(ssl);
err = wolfSSL_get_error(ssl, 0);
} while (err == WC_PENDING_E);
if (ret != WOLFSSL_SUCCESS) {
char buff[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
goto done;
}
if (wolfSSL_write(ssl, msg, msgSz) != msgSz) {
goto done;
}
input = wolfSSL_read(ssl, reply, sizeof(reply)-1);
if (input > 0) {
reply[input] = '\0';
printf("Server response: %s\n", reply);
}
((func_args*)args)->return_code = TEST_SUCCESS;
done:
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
CloseSocket(sockfd);
#else
(void)args;
#endif /* defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && !defined(NO_WOLFSSL_CLIENT) */
}
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)) && \
defined(HAVE_ALPN) && defined(HAVE_SNI) && \
defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_BIO)
#define HAVE_ALPN_PROTOS_SUPPORT
#endif
/* Generic TLS client / server with callbacks for API unit tests
* Used by SNI / ALPN / crypto callback helper functions */
#if defined(HAVE_IO_TESTS_DEPENDENCIES) && \
(defined(HAVE_SNI) || defined(HAVE_ALPN) || defined(WOLF_CRYPTO_CB) || \
defined(HAVE_ALPN_PROTOS_SUPPORT)) || defined(WOLFSSL_STATIC_MEMORY)
#define ENABLE_TLS_CALLBACK_TEST
#endif
#if defined(ENABLE_TLS_CALLBACK_TEST) || \
(defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT))
/* TLS server for API unit testing - generic */
static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
{
callback_functions* callbacks = ((func_args*)args)->callbacks;
WOLFSSL_CTX* ctx = NULL;
WOLFSSL* ssl = NULL;
SOCKET_T sfd = 0;
SOCKET_T cfd = 0;
word16 port;
char msg[] = "I hear you fa shizzle!";
int len = (int) XSTRLEN(msg);
char input[1024];
int idx;
int ret, err = 0;
((func_args*)args)->return_code = TEST_FAIL;
#ifdef WOLFSSL_STATIC_MEMORY
if (callbacks->method_ex != NULL && callbacks->mem != NULL &&
callbacks->memSz > 0) {
ret = wolfSSL_CTX_load_static_memory(&ctx, callbacks->method_ex,
callbacks->mem, callbacks->memSz, 0, 1);
if (ret != WOLFSSL_SUCCESS) {
printf("CTX static new failed %d\n", ret);
return 0;
}
}
#endif
if (ctx == NULL) {
ctx = wolfSSL_CTX_new(callbacks->method());
}
if (ctx == NULL) {
printf("CTX new failed\n");
return 0;
}
/* set defaults */
if (callbacks->caPemFile == NULL)
callbacks->caPemFile = cliCertFile;
if (callbacks->certPemFile == NULL)
callbacks->certPemFile = svrCertFile;
if (callbacks->keyPemFile == NULL)
callbacks->keyPemFile = svrKeyFile;
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
wolfSSL_CTX_SetDevId(ctx, callbacks->devId);
#if defined(USE_WINDOWS_API)
port = ((func_args*)args)->signal->port;
#elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \
!defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS)
/* Let tcp_listen assign port */
port = 0;
#else
/* Use default port */
port = wolfSSLPort;
#endif
wolfSSL_CTX_set_verify(ctx,
WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
#ifdef WOLFSSL_ENCRYPTED_KEYS
wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
#if defined(WOLFSSL_SESSION_EXPORT) && defined(WOLFSSL_DTLS)
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_dtls_set_export(ctx, test_export));
#endif
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_load_verify_locations(ctx, callbacks->caPemFile, 0));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_certificate_file(ctx, callbacks->certPemFile,
WOLFSSL_FILETYPE_PEM));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_PrivateKey_file(ctx, callbacks->keyPemFile,
WOLFSSL_FILETYPE_PEM));
if (callbacks->ctx_ready)
callbacks->ctx_ready(ctx);
ssl = wolfSSL_new(ctx);
if (ssl == NULL) {
printf("SSL new failed\n");
wolfSSL_CTX_free(ctx);
return 0;
}
if (wolfSSL_dtls(ssl)) {
SOCKADDR_IN_T cliAddr;
socklen_t cliLen;
cliLen = sizeof(cliAddr);
tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 1, 0, 0, 0, 0, 0);
idx = (int)recvfrom(sfd, input, sizeof(input), MSG_PEEK,
(struct sockaddr*)&cliAddr, &cliLen);
AssertIntGT(idx, 0);
wolfSSL_dtls_set_peer(ssl, &cliAddr, cliLen);
}
else {
tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0);
CloseSocket(sfd);
}
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, cfd));
if (callbacks->loadToSSL) {
wolfSSL_SetDevId(ssl, callbacks->devId);
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_use_certificate_file(ssl, callbacks->certPemFile,
WOLFSSL_FILETYPE_PEM));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_use_PrivateKey_file(ssl, callbacks->keyPemFile,
WOLFSSL_FILETYPE_PEM));
}
#ifdef NO_PSK
#if !defined(NO_FILESYSTEM) && !defined(NO_DH)
wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
#elif !defined(NO_DH)
SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */
#endif
#endif
if (callbacks->ssl_ready)
callbacks->ssl_ready(ssl);
#ifdef WOLFSSL_ASYNC_CRYPT
err = 0; /* Reset error */
#endif
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
ret = wolfSSL_accept(ssl);
err = wolfSSL_get_error(ssl, 0);
} while (err == WC_PENDING_E);
if (ret != WOLFSSL_SUCCESS) {
char buff[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
/*err_sys("SSL_accept failed");*/
}
else {
if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) {
input[idx] = 0;
printf("Client message: %s\n", input);
}
AssertIntEQ(len, wolfSSL_write(ssl, msg, len));
#if defined(WOLFSSL_SESSION_EXPORT) && !defined(HAVE_IO_POOL) && \
defined(WOLFSSL_DTLS)
if (wolfSSL_dtls(ssl)) {
byte* import;
word32 sz;
wolfSSL_dtls_export(ssl, NULL, &sz);
import = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
AssertNotNull(import);
idx = wolfSSL_dtls_export(ssl, import, &sz);
AssertIntGE(idx, 0);
AssertIntGE(wolfSSL_dtls_import(ssl, import, idx), 0);
XFREE(import, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif
#ifdef WOLFSSL_TIRTOS
Task_yield();
#endif
((func_args*)args)->return_code = TEST_SUCCESS;
}
if (callbacks->on_result)
callbacks->on_result(ssl);
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
CloseSocket(cfd);
#ifdef WOLFSSL_TIRTOS
fdCloseSession(Task_self());
#endif
#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
&& defined(HAVE_THREAD_LS)
wc_ecc_fp_free(); /* free per thread cache */
#endif
#ifndef WOLFSSL_TIRTOS
return 0;
#endif
}
/* TLS Client for API unit testing - generic */
static void run_wolfssl_client(void* args)
{
callback_functions* callbacks = ((func_args*)args)->callbacks;
WOLFSSL_CTX* ctx = NULL;
WOLFSSL* ssl = NULL;
SOCKET_T sfd = 0;
char msg[] = "hello wolfssl server!";
int len = (int) XSTRLEN(msg);
char input[1024];
int ret, err = 0;
((func_args*)args)->return_code = TEST_FAIL;
/* set defaults */
if (callbacks->caPemFile == NULL)
callbacks->caPemFile = caCertFile;
if (callbacks->certPemFile == NULL)
callbacks->certPemFile = cliCertFile;
if (callbacks->keyPemFile == NULL)
callbacks->keyPemFile = cliKeyFile;
#ifdef WOLFSSL_STATIC_MEMORY
if (callbacks->method_ex != NULL && callbacks->mem != NULL &&
callbacks->memSz > 0) {
ret = wolfSSL_CTX_load_static_memory(&ctx, callbacks->method_ex,
callbacks->mem, callbacks->memSz, 0, 1);
if (ret != WOLFSSL_SUCCESS) {
printf("CTX static new failed %d\n", ret);
return;
}
}
#endif
if (ctx == NULL) {
ctx = wolfSSL_CTX_new(callbacks->method());
}
if (ctx == NULL) {
printf("CTX new failed\n");
return;
}
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
if (!callbacks->loadToSSL) {
wolfSSL_CTX_SetDevId(ctx, callbacks->devId);
}
#ifdef WOLFSSL_ENCRYPTED_KEYS
wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_load_verify_locations(ctx, callbacks->caPemFile, 0));
if (!callbacks->loadToSSL) {
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_certificate_file(ctx, callbacks->certPemFile,
WOLFSSL_FILETYPE_PEM));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_PrivateKey_file(ctx, callbacks->keyPemFile,
WOLFSSL_FILETYPE_PEM));
}
if (callbacks->ctx_ready)
callbacks->ctx_ready(ctx);
ssl = wolfSSL_new(ctx);
if (wolfSSL_dtls(ssl)) {
tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port,
1, 0, ssl);
}
else {
tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port,
0, 0, ssl);
}
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, sfd));
if (callbacks->loadToSSL) {
wolfSSL_SetDevId(ssl, callbacks->devId);
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_use_certificate_file(ssl, callbacks->certPemFile,
WOLFSSL_FILETYPE_PEM));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_use_PrivateKey_file(ssl, callbacks->keyPemFile,
WOLFSSL_FILETYPE_PEM));
}
if (callbacks->ssl_ready)
callbacks->ssl_ready(ssl);
#ifdef WOLFSSL_ASYNC_CRYPT
err = 0; /* Reset error */
#endif
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
ret = wolfSSL_connect(ssl);
err = wolfSSL_get_error(ssl, 0);
} while (err == WC_PENDING_E);
if (ret != WOLFSSL_SUCCESS) {
char buff[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
/*err_sys("SSL_connect failed");*/
}
else {
#ifdef WOLFSSL_ASYNC_CRYPT
err = 0; /* Reset error */
#endif
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
ret = wolfSSL_write(ssl, msg, len);
err = wolfSSL_get_error(ssl, 0);
} while (err == WC_PENDING_E);
AssertIntEQ(len, ret);
#ifdef WOLFSSL_ASYNC_CRYPT
err = 0; /* Reset error */
#endif
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
ret = wolfSSL_read(ssl, input, sizeof(input)-1);
err = wolfSSL_get_error(ssl, 0);
} while (err == WC_PENDING_E);
if (ret > 0) {
input[ret] = '\0'; /* null term */
printf("Server response: %s\n", input);
}
((func_args*)args)->return_code = TEST_SUCCESS;
}
if (callbacks->on_result)
callbacks->on_result(ssl);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
CloseSocket(sfd);
#ifdef WOLFSSL_TIRTOS
fdCloseSession(Task_self());
#endif
}
#endif /* ENABLE_TLS_CALLBACK_TEST */
static void test_wolfSSL_read_write(void)
{
/* The unit testing for read and write shall happen simultaneously, since
* one can't do anything with one without the other. (Except for a failure
* test case.) This function will call all the others that will set up,
* execute, and report their test findings.
*
* Set up the success case first. This function will become the template
* for the other tests. This should eventually be renamed
*
* The success case isn't interesting, how can this fail?
* - Do not give the client context a CA certificate. The connect should
* fail. Do not need server for this?
* - Using NULL for the ssl object on server. Do not need client for this.
* - Using NULL for the ssl object on client. Do not need server for this.
* - Good ssl objects for client and server. Client write() without server
* read().
* - Good ssl objects for client and server. Server write() without client
* read().
* - Forgetting the password callback?
*/
tcp_ready ready;
func_args client_args;
func_args server_args;
THREAD_TYPE serverThread;
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
StartTCP();
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
server_args.signal = &ready;
client_args.signal = &ready;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args, NULL);
join_thread(serverThread);
AssertTrue(client_args.return_code);
AssertTrue(server_args.return_code);
FreeTcpReady(&ready);
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
}
#if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13)
static void test_wolfSSL_reuse_WOLFSSLobj(void)
{
/* The unit test for session resumption by re-using WOLFSSL object.
* WOLFSSL object is not cleared after first session. It re-use the obeject
* for second connection.
*/
tcp_ready ready;
func_args client_args;
func_args server_args;
THREAD_TYPE serverThread;
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
StartTCP();
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
server_args.signal = &ready;
client_args.signal = &ready;
/* the var is used for loop number */
server_args.argc = 2;
start_thread(test_server_loop, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_reuse_WOLFSSLobj(&client_args, NULL, &server_args);
join_thread(serverThread);
AssertTrue(client_args.return_code);
AssertTrue(server_args.return_code);
FreeTcpReady(&ready);
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
}
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) */
static void test_wolfSSL_CTX_verifyDepth_ServerClient(void)
{
#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && !defined(NO_WOLFSSL_CLIENT)
/* This unit test is to check set verify Depth */
tcp_ready ready;
func_args client_args;
func_args server_args;
THREAD_TYPE serverThread;
callback_functions client_cbf;
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
XMEMSET(&client_cbf, 0, sizeof(callback_functions));
printf(testingFmt, "test_wolfSSL_CTX_verifyDepth_ServerClient()\n");
#ifdef WOLFSSL_TLS13
client_cbf.method = wolfTLSv1_3_client_method;
#endif /* WOLFSSL_TLS13 */
client_args.callbacks = &client_cbf;
StartTCP();
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
server_args.signal = &ready;
client_args.signal = &ready;
/* the var is used for loop number */
server_args.argc = 1;
/* test case 1 verify depth is equal to peer chain */
{
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
/* the var is used for verify depth */
client_args.argc = 2;
test_client_verifyDepth(&client_args);
join_thread(serverThread);
AssertIntEQ(client_args.return_code, TEST_SUCCESS);
AssertIntEQ(server_args.return_code, TEST_SUCCESS);
}
/* test case 2
* verify depth is zero, number of peer's chain is 2.
* verify result becomes MAX_CHAIN_ERROR, but it is overridden in
* callback.
*/
/* the var is used for verify depth 0 and VERIFY_OVERRIDE_ERROR */
{
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
client_args.argc = 0;
test_client_verifyDepth(&client_args);
join_thread(serverThread);
AssertIntEQ(client_args.return_code, TEST_SUCCESS);
AssertIntEQ(server_args.return_code, TEST_SUCCESS);
}
/* test case 3
* verify depth is zero, number of peer's chain is 2
* verify result becomes MAX_CHAIN_ERRO. call-back returns failure.
* therefore, handshake becomes failure.
*/
/* the var is used for verify depth 0 and VERIFY_USE_PREVERFIY */
{
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
client_args.argc = -1;
test_client_verifyDepth(&client_args);
join_thread(serverThread);
AssertIntEQ(client_args.return_code, TEST_SUCCESS);
AssertIntEQ(server_args.return_code, TEST_SUCCESS);
}
FreeTcpReady(&ready);
printf(resultFmt, passed);
#else
(void)test_client_verifyDepth;
#endif /* (OPENSSL_EXTRA) && !(WOLFSSL_TIRTOS) && (NO_WOLFSSL_CLIENT) */
}
static void test_client_get_finished(void* args, cbType cb)
{
(void) args;
(void) cb;
#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS)
SOCKET_T sockfd = 0;
callback_functions* cbf;
WOLFSSL_CTX* ctx = 0;
WOLFSSL* ssl = 0;
char msg[64] = "hello wolfssl!";
char reply[1024];
int msgSz = (int)XSTRLEN(msg);
int ret, err = 0;
WOLFSSL_METHOD* method = NULL;
size_t msg_len = 0;
((func_args*)args)->return_code = TEST_FAIL;
cbf = ((func_args*)args)->callbacks;
if (cbf != NULL && cbf->method != NULL) {
method = cbf->method();
}
else {
method = wolfSSLv23_client_method();
}
ctx = wolfSSL_CTX_new(method);
/* Do connect here so server detects failures */
tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port,
0, 0, NULL);
if (wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0) != WOLFSSL_SUCCESS)
{
/* err_sys("can't load ca file, Please run from wolfSSL home dir");*/
goto done;
}
if (wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
goto done;
}
if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
goto done;
}
/* call ctx setup callback */
if (cbf != NULL && cbf->ctx_ready != NULL) {
cbf->ctx_ready(ctx);
}
ssl = wolfSSL_new(ctx);
if (ssl == NULL) {
goto done;
}
if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
goto done;
}
/* call ssl setup callback */
if (cbf != NULL && cbf->ssl_ready != NULL) {
cbf->ssl_ready(ssl);
}
#ifdef WOLFSSL_ASYNC_CRYPT
err = 0; /* Reset error */
#endif
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
ret = wolfSSL_connect(ssl);
err = wolfSSL_get_error(ssl, 0);
} while (err == WC_PENDING_E);
if (ret != WOLFSSL_SUCCESS) {
char buff[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
goto done;
}
/* get_finished test */
/* 1. get own sent message */
XMEMSET(client_side_msg1, 0, MD_MAX_SIZE);
msg_len = wolfSSL_get_finished(ssl, client_side_msg1, MD_MAX_SIZE);
AssertIntGE(msg_len, 0);
/* 2. get peer message */
XMEMSET(client_side_msg2, 0, MD_MAX_SIZE);
msg_len = wolfSSL_get_peer_finished(ssl, client_side_msg2, MD_MAX_SIZE);
AssertIntGE(msg_len, 0);
if (cb != NULL)
(cb)(ctx, ssl);
#ifdef WOLFSSL_ASYNC_CRYPT
err = 0; /* Reset error */
#endif
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
ret = wolfSSL_write(ssl, msg, msgSz);
err = wolfSSL_get_error(ssl, 0);
} while (err == WC_PENDING_E);
if (ret != msgSz) {
/*err_sys("SSL_write failed");*/
goto done;
}
#ifdef WOLFSSL_ASYNC_CRYPT
err = 0; /* Reset error */
#endif
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
ret = wolfSSL_read(ssl, reply, sizeof(reply)-1);
err = wolfSSL_get_error(ssl, 0);
} while (err == WC_PENDING_E);
if (ret > 0) {
reply[ret] = '\0';
printf("Server response: %s\n", reply);
}
((func_args*)args)->return_code = TEST_SUCCESS;
done:
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
CloseSocket(sockfd);
return;
#endif
}
static void test_wolfSSL_get_finished(void)
{
#if !defined(NO_RSA) && defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS)
tcp_ready ready;
func_args client_args;
func_args server_args;
THREAD_TYPE serverThread;
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
StartTCP();
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
server_args.signal = &ready;
client_args.signal = &ready;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_get_finished(&client_args, NULL);
join_thread(serverThread);
AssertTrue(client_args.return_code);
AssertTrue(server_args.return_code);
/* test received msg vs sent msg */
AssertIntEQ(0, XMEMCMP(client_side_msg1, server_side_msg2, MD_MAX_SIZE));
AssertIntEQ(0, XMEMCMP(client_side_msg2, server_side_msg1, MD_MAX_SIZE));
FreeTcpReady(&ready);
#else
(void)test_client_get_finished;
#endif
}
#if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_EXT_CACHE) && \
!defined(SINGLE_THREADED) && defined(WOLFSSL_TLS13) && \
!defined(NO_SESSION_CACHE)
/* Sessions to restore/store */
static WOLFSSL_SESSION* test_wolfSSL_CTX_add_session_client_sess;
static WOLFSSL_SESSION* test_wolfSSL_CTX_add_session_server_sess;
static WOLFSSL_CTX* test_wolfSSL_CTX_add_session_server_ctx;
static void test_wolfSSL_CTX_add_session_ctx_ready(WOLFSSL_CTX* ctx)
{
/* Don't store sessions. Lookup is still enabled. */
AssertIntEQ(wolfSSL_CTX_set_session_cache_mode(ctx,
WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE), WOLFSSL_SUCCESS);
/* Require both peers to provide certs */
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL);
}
static void test_wolfSSL_CTX_add_session_on_result(WOLFSSL* ssl)
{
WOLFSSL_SESSION** sess;
if (wolfSSL_is_server(ssl))
sess = &test_wolfSSL_CTX_add_session_server_sess;
else
sess = &test_wolfSSL_CTX_add_session_client_sess;
if (*sess == NULL) {
#ifdef NO_SESSION_CACHE_REF
AssertNotNull(*sess = wolfSSL_get1_session(ssl));
#else
/* Test for backwards compatibility */
if (wolfSSL_is_server(ssl)) {
AssertNotNull(*sess = wolfSSL_get1_session(ssl));
}
else {
AssertNotNull(*sess = wolfSSL_get_session(ssl));
}
#endif
/* Now save the session in the internal store to make it available
* for lookup. For TLS 1.3, we can't save the session without
* WOLFSSL_TICKET_HAVE_ID because there is no way to retrieve the
* session from cache. */
if (wolfSSL_is_server(ssl)
#ifndef WOLFSSL_TICKET_HAVE_ID
&& wolfSSL_version(ssl) != TLS1_3_VERSION
#endif
)
AssertIntEQ(wolfSSL_CTX_add_session(wolfSSL_get_SSL_CTX(ssl),
*sess), WOLFSSL_SUCCESS);
}
else {
/* If we have a session retrieved then remaining connections should be
* resuming on that session */
AssertIntEQ(wolfSSL_session_reused(ssl), 1);
}
/* Save CTX to be able to decrypt tickets */
if (wolfSSL_is_server(ssl) &&
test_wolfSSL_CTX_add_session_server_ctx == NULL) {
AssertNotNull(test_wolfSSL_CTX_add_session_server_ctx
= wolfSSL_get_SSL_CTX(ssl));
AssertIntEQ(wolfSSL_CTX_up_ref(wolfSSL_get_SSL_CTX(ssl)),
WOLFSSL_SUCCESS);
}
#ifdef SESSION_CERTS
#ifndef WOLFSSL_TICKET_HAVE_ID
if (wolfSSL_version(ssl) != TLS1_3_VERSION &&
wolfSSL_session_reused(ssl))
#endif
{
/* With WOLFSSL_TICKET_HAVE_ID the peer certs should be available
* for all connections. TLS 1.3 only has tickets so if we don't
* include the session id in the ticket then the certificates
* will not be available on resumption. */
WOLFSSL_X509* peer = wolfSSL_get_peer_certificate(ssl);
AssertNotNull(peer);
wolfSSL_X509_free(peer);
AssertNotNull(wolfSSL_SESSION_get_peer_chain(*sess));
AssertNotNull(wolfSSL_SESSION_get0_peer(*sess));
}
#endif
}
static void test_wolfSSL_CTX_add_session_ssl_ready(WOLFSSL* ssl)
{
/* Set the session to reuse for the client */
AssertIntEQ(wolfSSL_set_session(ssl,
test_wolfSSL_CTX_add_session_client_sess), WOLFSSL_SUCCESS);
}
#endif
static void test_wolfSSL_CTX_add_session(void)
{
#if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_EXT_CACHE) && \
!defined(SINGLE_THREADED) && defined(WOLFSSL_TLS13) && \
!defined(NO_SESSION_CACHE)
tcp_ready ready;
func_args client_args;
func_args server_args;
THREAD_TYPE serverThread;
callback_functions client_cb;
callback_functions server_cb;
method_provider methods[][2] = {
#if !defined(NO_OLD_TLS) && ((!defined(NO_AES) && !defined(NO_AES_CBC)) || \
!defined(NO_DES3))
/* Without AES there are almost no ciphersuites available. This leads
* to no ciphersuites being available and an error. */
{ wolfTLSv1_1_client_method, wolfTLSv1_1_server_method },
#endif
#ifndef WOLFSSL_NO_TLS12
{ wolfTLSv1_2_client_method, wolfTLSv1_2_server_method },
#endif
/* Needs the default ticket callback since it is tied to the
* connection context and this makes it easy to carry over the ticket
* crypto context between connections */
#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \
defined(HAVE_SESSION_TICKET)
{ wolfTLSv1_3_client_method, wolfTLSv1_3_server_method },
#endif
};
const size_t methodsLen = sizeof(methods)/sizeof(*methods);
size_t i, j;
printf(testingFmt, "wolfSSL_CTX_add_session()");
for (i = 0; i < methodsLen; i++) {
/* First run creates a connection while the second+ run will attempt
* to resume the connection. The trick is that the internal cache
* is turned off. wolfSSL_CTX_add_session should put the session in
* the cache anyway. */
test_wolfSSL_CTX_add_session_client_sess = NULL;
test_wolfSSL_CTX_add_session_server_sess = NULL;
test_wolfSSL_CTX_add_session_server_ctx = NULL;
for (j = 0; j < 5; j++) {
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
StartTCP();
InitTcpReady(&ready);
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
XMEMSET(&client_cb, 0, sizeof(callback_functions));
XMEMSET(&server_cb, 0, sizeof(callback_functions));
client_cb.method = methods[i][0];
server_cb.method = methods[i][1];
server_args.signal = &ready;
server_args.callbacks = &server_cb;
client_args.signal = &ready;
client_args.callbacks = &client_cb;
if (test_wolfSSL_CTX_add_session_server_ctx != NULL) {
server_cb.ctx = test_wolfSSL_CTX_add_session_server_ctx;
server_cb.isSharedCtx = 1;
}
server_cb.ctx_ready = test_wolfSSL_CTX_add_session_ctx_ready;
client_cb.ctx_ready = test_wolfSSL_CTX_add_session_ctx_ready;
if (j != 0)
client_cb.ssl_ready = test_wolfSSL_CTX_add_session_ssl_ready;
server_cb.on_result = test_wolfSSL_CTX_add_session_on_result;
client_cb.on_result = test_wolfSSL_CTX_add_session_on_result;
server_cb.ticNoInit = 1; /* Use default builtin */
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args, NULL);
join_thread(serverThread);
AssertTrue(client_args.return_code);
AssertTrue(server_args.return_code);
FreeTcpReady(&ready);
}
wolfSSL_SESSION_free(test_wolfSSL_CTX_add_session_client_sess);
wolfSSL_SESSION_free(test_wolfSSL_CTX_add_session_server_sess);
wolfSSL_CTX_free(test_wolfSSL_CTX_add_session_server_ctx);
}
printf(resultFmt, passed);
#endif
}
#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT)
/* canned export of a session using older version 3 */
static unsigned char version_3[] = {
0xA5, 0xA3, 0x01, 0x88, 0x00, 0x3c, 0x00, 0x01,
0x00, 0x00, 0x00, 0x80, 0x0C, 0x00, 0x00, 0x00,
0x00, 0x80, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x00,
0x00, 0x01, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC0, 0x30,
0x05, 0x09, 0x0A, 0x01, 0x01, 0x00, 0x0D, 0x05,
0xFE, 0xFD, 0x01, 0x25, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x06, 0x00, 0x05, 0x00, 0x06, 0x00, 0x00,
0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
0x00, 0x06, 0x00, 0x01, 0x00, 0x07, 0x00, 0x00,
0x00, 0x30, 0x00, 0x00, 0x00, 0x10, 0x01, 0x01,
0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x3F,
0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x05,
0x12, 0xCF, 0x22, 0xA1, 0x9F, 0x1C, 0x39, 0x1D,
0x31, 0x11, 0x12, 0x1D, 0x11, 0x18, 0x0D, 0x0B,
0xF3, 0xE1, 0x4D, 0xDC, 0xB1, 0xF1, 0x39, 0x98,
0x91, 0x6C, 0x48, 0xE5, 0xED, 0x11, 0x12, 0xA0,
0x00, 0xF2, 0x25, 0x4C, 0x09, 0x26, 0xD1, 0x74,
0xDF, 0x23, 0x40, 0x15, 0x6A, 0x42, 0x2A, 0x26,
0xA5, 0xAC, 0x56, 0xD5, 0x4A, 0x20, 0xB7, 0xE9,
0xEF, 0xEB, 0xAF, 0xA8, 0x1E, 0x23, 0x7C, 0x04,
0xAA, 0xA1, 0x6D, 0x92, 0x79, 0x7B, 0xFA, 0x80,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
0x0C, 0x79, 0x7B, 0xFA, 0x80, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0xAA, 0xA1, 0x6D,
0x92, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x10, 0x00, 0x20, 0x00, 0x04, 0x00,
0x10, 0x00, 0x10, 0x08, 0x02, 0x05, 0x08, 0x01,
0x30, 0x28, 0x00, 0x00, 0x0F, 0x00, 0x02, 0x00,
0x09, 0x31, 0x32, 0x37, 0x2E, 0x30, 0x2E, 0x30,
0x2E, 0x31, 0xED, 0x4F
};
#endif /* defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) */
static void test_wolfSSL_dtls_export(void)
{
#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT)
tcp_ready ready;
func_args client_args;
func_args server_args;
THREAD_TYPE serverThread;
callback_functions server_cbf;
callback_functions client_cbf;
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
/* set using dtls */
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
XMEMSET(&server_cbf, 0, sizeof(callback_functions));
XMEMSET(&client_cbf, 0, sizeof(callback_functions));
server_cbf.method = wolfDTLSv1_2_server_method;
client_cbf.method = wolfDTLSv1_2_client_method;
server_args.callbacks = &server_cbf;
client_args.callbacks = &client_cbf;
server_args.signal = &ready;
client_args.signal = &ready;
start_thread(run_wolfssl_server, &server_args, &serverThread);
wait_tcp_ready(&server_args);
run_wolfssl_client(&client_args);
join_thread(serverThread);
AssertTrue(client_args.return_code);
AssertTrue(server_args.return_code);
FreeTcpReady(&ready);
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
{
SOCKET_T sockfd = 0;
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
char msg[64] = "hello wolfssl!";
char reply[1024];
int msgSz = (int)XSTRLEN(msg);
byte *session, *window;
unsigned int sessionSz, windowSz;
struct sockaddr_in peerAddr;
int i;
/* Set ctx to DTLS 1.2 */
AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method()));
AssertNotNull(ssl = wolfSSL_new(ctx));
/* test importing version 3 */
AssertIntGE(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);
/* test importing bad length and bad version */
version_3[2] += 1;
AssertIntLT(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);
version_3[2] -= 1; version_3[1] = 0XA0;
AssertIntLT(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
/* check storing client state after connection and storing window only */
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
/* set using dtls */
XMEMSET(&server_args, 0, sizeof(func_args));
XMEMSET(&server_cbf, 0, sizeof(callback_functions));
server_cbf.method = wolfDTLSv1_2_server_method;
server_args.callbacks = &server_cbf;
server_args.argc = 3; /* set loop_count to 3 */
server_args.signal = &ready;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
/* create and connect with client */
AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method()));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL);
AssertNotNull(ssl = wolfSSL_new(ctx));
AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
/* store server information connected too */
XMEMSET(&peerAddr, 0, sizeof(peerAddr));
peerAddr.sin_family = AF_INET;
peerAddr.sin_port = XHTONS(server_args.signal->port);
wolfSSL_dtls_set_peer(ssl, &peerAddr, sizeof(peerAddr));
AssertIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_dtls_export(ssl, NULL, &sessionSz), 0);
session = (byte*)XMALLOC(sessionSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
AssertIntGT(wolfSSL_dtls_export(ssl, session, &sessionSz), 0);
AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz);
AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)), 0);
AssertIntEQ(wolfSSL_dtls_export_state_only(ssl, NULL, &windowSz), 0);
window = (byte*)XMALLOC(windowSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
AssertIntGT(wolfSSL_dtls_export_state_only(ssl, window, &windowSz), 0);
wolfSSL_free(ssl);
for (i = 1; i < server_args.argc; i++) {
/* restore state */
AssertNotNull(ssl = wolfSSL_new(ctx));
AssertIntGT(wolfSSL_dtls_import(ssl, session, sessionSz), 0);
AssertIntGT(wolfSSL_dtls_import(ssl, window, windowSz), 0);
AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz);
AssertIntGE(wolfSSL_read(ssl, reply, sizeof(reply)), 0);
AssertIntGT(wolfSSL_dtls_export_state_only(ssl, window, &windowSz), 0);
wolfSSL_free(ssl);
}
XFREE(session, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(window, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL_CTX_free(ctx);
printf("done and waiting for server\n");
join_thread(serverThread);
AssertIntEQ(server_args.return_code, TEST_SUCCESS);
FreeTcpReady(&ready);
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
}
printf(testingFmt, "wolfSSL_dtls_export()");
printf(resultFmt, passed);
#endif
}
#if defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_NO_TLS12)
#ifdef WOLFSSL_TLS13
static const byte canned_client_tls13_session[] = {
0xA7, 0xA4, 0x01, 0x18, 0x00, 0x41, 0x00, 0x00,
0x01, 0x00, 0x00, 0x80, 0x04, 0x00, 0x00, 0x00,
0x00, 0x80, 0x00, 0x1C, 0x01, 0x00, 0x00, 0x01,
0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01,
0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13,
0x01, 0x0A, 0x0F, 0x10, 0x01, 0x02, 0x09, 0x00,
0x05, 0x00, 0x00, 0x00, 0x00, 0x03, 0x04, 0x00,
0xB7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x01, 0x00, 0x00, 0x00, 0x27, 0x00, 0x00, 0x00,
0x11, 0x01, 0x01, 0x00, 0x20, 0x84, 0x4F, 0x18,
0xD8, 0xC1, 0x24, 0xD8, 0xBB, 0x17, 0x9E, 0x31,
0xA3, 0xF8, 0xA7, 0x3C, 0xBA, 0xEC, 0xFA, 0xB4,
0x7F, 0xC5, 0x78, 0xEB, 0x6D, 0xE3, 0x2B, 0x7B,
0x94, 0xBE, 0x20, 0x11, 0x7E, 0x17, 0x10, 0xA7,
0x10, 0x19, 0xEC, 0x62, 0xCC, 0xBE, 0xF5, 0x01,
0x35, 0x3C, 0xEA, 0xEF, 0x44, 0x3C, 0x40, 0xA2,
0xBC, 0x18, 0x43, 0xA1, 0xA1, 0x65, 0x5C, 0x48,
0xE2, 0xF9, 0x38, 0xEB, 0x11, 0x10, 0x72, 0x7C,
0x78, 0x22, 0x13, 0x3B, 0x19, 0x40, 0xF0, 0x73,
0xBE, 0x96, 0x14, 0x78, 0x26, 0xB9, 0x6B, 0x2E,
0x72, 0x22, 0x0D, 0x90, 0x94, 0xDD, 0x78, 0x77,
0xFC, 0x0C, 0x2E, 0x63, 0x6E, 0xF0, 0x0C, 0x35,
0x41, 0xCD, 0xF3, 0x49, 0x31, 0x08, 0xD0, 0x6F,
0x02, 0x3D, 0xC1, 0xD3, 0xB7, 0xEE, 0x3A, 0xA0,
0x8E, 0xA1, 0x4D, 0xC3, 0x2E, 0x5E, 0x06, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C,
0x35, 0x41, 0xCD, 0xF3, 0x49, 0x31, 0x08, 0xD0,
0x6F, 0x02, 0x3D, 0xC1, 0xD3, 0xB7, 0xEE, 0x3A,
0xA0, 0x8E, 0xA1, 0x4D, 0xC3, 0x2E, 0x5E, 0x06,
0x00, 0x10, 0x00, 0x10, 0x00, 0x0C, 0x00, 0x10,
0x00, 0x10, 0x07, 0x02, 0x04, 0x00, 0x00, 0x20,
0x28, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00,
0x00, 0x03
};
static const byte canned_server_tls13_session[] = {
0xA7, 0xA4, 0x01, 0x18, 0x00, 0x41, 0x01, 0x00,
0x01, 0x00, 0x00, 0x80, 0x04, 0x00, 0x00, 0x00,
0x00, 0x80, 0x00, 0x1C, 0x01, 0x00, 0x00, 0x00,
0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13,
0x01, 0x0A, 0x0F, 0x10, 0x01, 0x02, 0x00, 0x0F,
0x05, 0x00, 0x00, 0x00, 0x00, 0x03, 0x04, 0x00,
0xB7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x02, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00,
0x11, 0x01, 0x01, 0x00, 0x20, 0x84, 0x4F, 0x18,
0xD8, 0xC1, 0x24, 0xD8, 0xBB, 0x17, 0x9E, 0x31,
0xA3, 0xF8, 0xA7, 0x3C, 0xBA, 0xEC, 0xFA, 0xB4,
0x7F, 0xC5, 0x78, 0xEB, 0x6D, 0xE3, 0x2B, 0x7B,
0x94, 0xBE, 0x20, 0x11, 0x7E, 0x17, 0x10, 0xA7,
0x10, 0x19, 0xEC, 0x62, 0xCC, 0xBE, 0xF5, 0x01,
0x35, 0x3C, 0xEA, 0xEF, 0x44, 0x3C, 0x40, 0xA2,
0xBC, 0x18, 0x43, 0xA1, 0xA1, 0x65, 0x5C, 0x48,
0xE2, 0xF9, 0x38, 0xEB, 0x11, 0x10, 0x72, 0x7C,
0x78, 0x22, 0x13, 0x3B, 0x19, 0x40, 0xF0, 0x73,
0xBE, 0x96, 0x14, 0x78, 0x26, 0xB9, 0x6B, 0x2E,
0x72, 0x22, 0x0D, 0x90, 0x94, 0xDD, 0x78, 0x77,
0xFC, 0x0C, 0x2E, 0x63, 0x6E, 0xF0, 0x0C, 0x35,
0x41, 0xCD, 0xF3, 0x49, 0x31, 0x08, 0xD0, 0x6F,
0x02, 0x3D, 0xC1, 0xD3, 0xB7, 0xEE, 0x3A, 0xA0,
0x8E, 0xA1, 0x4D, 0xC3, 0x2E, 0x5E, 0x06, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C,
0xD3, 0xB7, 0xEE, 0x3A, 0xA0, 0x8E, 0xA1, 0x4D,
0xC3, 0x2E, 0x5E, 0x06, 0x35, 0x41, 0xCD, 0xF3,
0x49, 0x31, 0x08, 0xD0, 0x6F, 0x02, 0x3D, 0xC1,
0x00, 0x10, 0x00, 0x10, 0x00, 0x0C, 0x00, 0x10,
0x00, 0x10, 0x07, 0x02, 0x04, 0x00, 0x00, 0x20,
0x28, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00,
0x00, 0x04
};
#endif /* WOLFSSL_TLS13 */
static const byte canned_client_session[] = {
0xA7, 0xA4, 0x01, 0x40, 0x00, 0x41, 0x00, 0x00,
0x00, 0x00, 0x00, 0x80, 0x02, 0x00, 0x00, 0x00,
0x00, 0x80, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x01,
0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01,
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC0,
0x27, 0x0A, 0x0D, 0x10, 0x01, 0x01, 0x0A, 0x00,
0x05, 0x00, 0x01, 0x01, 0x01, 0x03, 0x03, 0x00,
0xBF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x02, 0x00, 0x00, 0x00, 0x50, 0x00, 0x00, 0x00,
0x0A, 0x01, 0x01, 0x00, 0x20, 0x69, 0x11, 0x6D,
0x97, 0x15, 0x6E, 0x52, 0x27, 0xD6, 0x1D, 0x1D,
0xF5, 0x0D, 0x59, 0xA5, 0xAC, 0x2E, 0x8C, 0x0E,
0xCB, 0x26, 0x1E, 0xE2, 0xCE, 0xBB, 0xCE, 0xE1,
0x7D, 0xD7, 0xEF, 0xA5, 0x44, 0x80, 0x2A, 0xDE,
0xBB, 0x75, 0xB0, 0x1D, 0x75, 0x17, 0x20, 0x4C,
0x08, 0x05, 0x1B, 0xBA, 0x60, 0x1F, 0x6C, 0x91,
0x8C, 0xAA, 0xBB, 0xE5, 0xA3, 0x0B, 0x12, 0x3E,
0xC0, 0x35, 0x43, 0x1D, 0xE2, 0x10, 0xE2, 0x02,
0x92, 0x4B, 0x8F, 0x05, 0xA9, 0x4B, 0xCC, 0x90,
0xC3, 0x0E, 0xC2, 0x0F, 0xE9, 0x33, 0x85, 0x9B,
0x3C, 0x19, 0x21, 0xD5, 0x62, 0xE5, 0xE1, 0x17,
0x8F, 0x8C, 0x19, 0x52, 0xD8, 0x59, 0x10, 0x2D,
0x20, 0x6F, 0xBA, 0xC1, 0x1C, 0xD1, 0x82, 0xC7,
0x32, 0x1B, 0xBB, 0xCC, 0x30, 0x03, 0xD7, 0x3A,
0xC8, 0x18, 0xED, 0x58, 0xC8, 0x11, 0xFE, 0x71,
0x9C, 0x71, 0xD8, 0x6B, 0xE0, 0x25, 0x64, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10,
0x00, 0x00, 0x06, 0x01, 0x04, 0x08, 0x01, 0x20,
0x28, 0x00, 0x09, 0xE1, 0x50, 0x70, 0x02, 0x2F,
0x7E, 0xDA, 0xBD, 0x40, 0xC5, 0x58, 0x87, 0xCE,
0x43, 0xF3, 0xC5, 0x8F, 0xA1, 0x59, 0x93, 0xEF,
0x7E, 0xD3, 0xD0, 0xB5, 0x87, 0x1D, 0x81, 0x54,
0x14, 0x63, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00,
0x00, 0x03
};
static const byte canned_server_session[] = {
0xA7, 0xA4, 0x01, 0x40, 0x00, 0x41, 0x00, 0x00,
0x00, 0x00, 0x00, 0x80, 0x02, 0x00, 0x00, 0x00,
0x00, 0x80, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x00,
0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC0,
0x27, 0x08, 0x0F, 0x10, 0x01, 0x01, 0x00, 0x11,
0x05, 0x00, 0x01, 0x01, 0x01, 0x03, 0x03, 0x00,
0xBF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x02, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00,
0x0A, 0x01, 0x01, 0x00, 0x20, 0x69, 0x11, 0x6D,
0x97, 0x15, 0x6E, 0x52, 0x27, 0xD6, 0x1D, 0x1D,
0xF5, 0x0D, 0x59, 0xA5, 0xAC, 0x2E, 0x8C, 0x0E,
0xCB, 0x26, 0x1E, 0xE2, 0xCE, 0xBB, 0xCE, 0xE1,
0x7D, 0xD7, 0xEF, 0xA5, 0x44, 0x80, 0x2A, 0xDE,
0xBB, 0x75, 0xB0, 0x1D, 0x75, 0x17, 0x20, 0x4C,
0x08, 0x05, 0x1B, 0xBA, 0x60, 0x1F, 0x6C, 0x91,
0x8C, 0xAA, 0xBB, 0xE5, 0xA3, 0x0B, 0x12, 0x3E,
0xC0, 0x35, 0x43, 0x1D, 0xE2, 0x10, 0xE2, 0x02,
0x92, 0x4B, 0x8F, 0x05, 0xA9, 0x4B, 0xCC, 0x90,
0xC3, 0x0E, 0xC2, 0x0F, 0xE9, 0x33, 0x85, 0x9B,
0x3C, 0x19, 0x21, 0xD5, 0x62, 0xE5, 0xE1, 0x17,
0x8F, 0x8C, 0x19, 0x52, 0xD8, 0x59, 0x10, 0x2D,
0x20, 0x6F, 0xBA, 0xC1, 0x1C, 0xD1, 0x82, 0xC7,
0x32, 0x1B, 0xBB, 0xCC, 0x30, 0x03, 0xD7, 0x3A,
0xC8, 0x18, 0xED, 0x58, 0xC8, 0x11, 0xFE, 0x71,
0x9C, 0x71, 0xD8, 0x6B, 0xE0, 0x25, 0x64, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10,
0x00, 0x00, 0x06, 0x01, 0x04, 0x08, 0x01, 0x20,
0x28, 0x00, 0xC5, 0x8F, 0xA1, 0x59, 0x93, 0xEF,
0x7E, 0xD3, 0xD0, 0xB5, 0x87, 0x1D, 0x81, 0x54,
0x14, 0x63, 0x09, 0xE1, 0x50, 0x70, 0x02, 0x2F,
0x7E, 0xDA, 0xBD, 0x40, 0xC5, 0x58, 0x87, 0xCE,
0x43, 0xF3, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00,
0x00, 0x04
};
static THREAD_RETURN WOLFSSL_THREAD tls_export_server(void* args)
{
SOCKET_T sockfd = 0;
SOCKET_T clientfd = 0;
word16 port;
callback_functions* cbf;
WOLFSSL_CTX* ctx = 0;
WOLFSSL* ssl = 0;
char msg[] = "I hear you fa shizzle!";
char input[1024];
int idx;
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
((func_args*)args)->return_code = TEST_FAIL;
cbf = ((func_args*)args)->callbacks;
{
WOLFSSL_METHOD* method = NULL;
if (cbf != NULL && cbf->method != NULL) {
method = cbf->method();
}
else {
method = wolfTLSv1_2_server_method();
}
ctx = wolfSSL_CTX_new(method);
}
if (ctx == NULL) {
goto done;
}
wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-SHA256");
#if defined(USE_WINDOWS_API)
port = ((func_args*)args)->signal->port;
#elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \
!defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS)
/* Let tcp_listen assign port */
port = 0;
#else
/* Use default port */
port = wolfSSLPort;
#endif
/* do it here to detect failure */
tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0);
CloseSocket(sockfd);
/* call ctx setup callback */
if (cbf != NULL && cbf->ctx_ready != NULL) {
cbf->ctx_ready(ctx);
}
ssl = wolfSSL_new(ctx);
if (ssl == NULL) {
goto done;
}
wolfSSL_set_fd(ssl, clientfd);
/* call ssl setup callback */
if (cbf != NULL && cbf->ssl_ready != NULL) {
cbf->ssl_ready(ssl);
}
idx = wolfSSL_read(ssl, input, sizeof(input)-1);
if (idx > 0) {
input[idx] = '\0';
printf("Client message export/import: %s\n", input);
}
else {
printf("ret = %d error = %d\n", idx, wolfSSL_get_error(ssl, idx));
goto done;
}
if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) {
/*err_sys("SSL_write failed");*/
#ifdef WOLFSSL_TIRTOS
return;
#else
return 0;
#endif
}
#ifdef WOLFSSL_TIRTOS
Task_yield();
#endif
((func_args*)args)->return_code = TEST_SUCCESS;
done:
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
CloseSocket(clientfd);
#ifdef WOLFSSL_TIRTOS
fdCloseSession(Task_self());
#endif
#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
&& defined(HAVE_THREAD_LS)
wc_ecc_fp_free(); /* free per thread cache */
#endif
#if defined(HAVE_SESSION_TICKET) && \
((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
#if defined(OPENSSL_EXTRA) && defined(HAVE_AESGCM)
OpenSSLTicketCleanup();
#elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
TicketCleanup();
#endif
#endif
#ifndef WOLFSSL_TIRTOS
return 0;
#endif
}
static void load_tls12_canned_server(WOLFSSL* ssl)
{
int clientfd = wolfSSL_get_fd(ssl);
AssertIntEQ(wolfSSL_tls_import(ssl, canned_server_session,
sizeof(canned_server_session)), sizeof(canned_server_session));
wolfSSL_set_fd(ssl, clientfd);
}
#ifdef WOLFSSL_TLS13
static void load_tls13_canned_server(WOLFSSL* ssl)
{
int clientfd = wolfSSL_get_fd(ssl);
AssertIntEQ(wolfSSL_tls_import(ssl, canned_server_tls13_session,
sizeof(canned_server_tls13_session)),
sizeof(canned_server_tls13_session));
wolfSSL_set_fd(ssl, clientfd);
}
#endif
/* v is for version WOLFSSL_TLSV1_2 or WOLFSSL_TLSV1_3 */
static void test_wolfSSL_tls_export_run(int v)
{
SOCKET_T sockfd = 0;
WOLFSSL_CTX* ctx = 0;
WOLFSSL* ssl = 0;
char msg[64] = "hello wolfssl!";
char reply[1024];
word32 replySz;
int msgSz = (int)XSTRLEN(msg);
const byte* clientSession = NULL;
int clientSessionSz = 0;
tcp_ready ready;
func_args server_args;
THREAD_TYPE serverThread;
callback_functions server_cbf;
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
XMEMSET(&server_args, 0, sizeof(func_args));
XMEMSET(&server_cbf, 0, sizeof(callback_functions));
switch (v) {
case WOLFSSL_TLSV1_2:
server_cbf.method = wolfTLSv1_2_server_method;
server_cbf.ssl_ready = load_tls12_canned_server;
/* setup the client side */
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-SHA256");
clientSession = canned_client_session;
clientSessionSz = sizeof(canned_client_session);
break;
#ifdef WOLFSSL_TLS13
case WOLFSSL_TLSV1_3:
server_cbf.method = wolfTLSv1_3_server_method;
server_cbf.ssl_ready = load_tls13_canned_server;
/* setup the client side */
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
clientSession = canned_client_tls13_session;
clientSessionSz = sizeof(canned_client_tls13_session);
break;
#endif
}
server_args.callbacks = &server_cbf;
server_args.signal = &ready;
start_thread(tls_export_server, &server_args, &serverThread);
wait_tcp_ready(&server_args);
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
AssertNotNull(ssl = wolfSSL_new(ctx));
tcp_connect(&sockfd, wolfSSLIP, ready.port, 0, 0, ssl);
AssertIntEQ(wolfSSL_tls_import(ssl, clientSession, clientSessionSz),
clientSessionSz);
replySz = sizeof(reply);
AssertIntGT(wolfSSL_tls_export(ssl, (byte*)reply, &replySz), 0);
#if !defined(NO_PSK) && defined(HAVE_ANON)
/* index 20 has is setting if PSK was on and 49 is if anon is allowed */
AssertIntEQ(XMEMCMP(reply, clientSession, replySz), 0);
#endif
wolfSSL_set_fd(ssl, sockfd);
AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz);
AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)-1), 0);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
CloseSocket(sockfd);
#ifdef WOLFSSL_TIRTOS
fdCloseSession(Task_self());
#endif
#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
&& defined(HAVE_THREAD_LS)
wc_ecc_fp_free(); /* free per thread cache */
#endif
join_thread(serverThread);
AssertIntEQ(server_args.return_code, TEST_SUCCESS);
FreeTcpReady(&ready);
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
}
#endif
static void test_wolfSSL_tls_export(void)
{
#if defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_NO_TLS12)
printf(testingFmt, "wolfSSL_tls_export()");
test_wolfSSL_tls_export_run(WOLFSSL_TLSV1_2);
#ifdef WOLFSSL_TLS13
test_wolfSSL_tls_export_run(WOLFSSL_TLSV1_3);
#endif
printf(resultFmt, passed);
#endif
}
/*----------------------------------------------------------------------------*
| TLS extensions tests
*----------------------------------------------------------------------------*/
#ifdef ENABLE_TLS_CALLBACK_TEST
/* Connection test runner - generic */
static void test_wolfSSL_client_server(callback_functions* client_callbacks,
callback_functions* server_callbacks)
{
tcp_ready ready;
func_args client_args;
func_args server_args;
THREAD_TYPE serverThread;
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
StartTCP();
client_args.callbacks = client_callbacks;
server_args.callbacks = server_callbacks;
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
/* RUN Server side */
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
server_args.signal = &ready;
client_args.signal = &ready;
start_thread(run_wolfssl_server, &server_args, &serverThread);
wait_tcp_ready(&server_args);
/* RUN Client side */
run_wolfssl_client(&client_args);
join_thread(serverThread);
FreeTcpReady(&ready);
#ifdef WOLFSSL_TIRTOS
fdCloseSession(Task_self());
#endif
client_callbacks->return_code = client_args.return_code;
server_callbacks->return_code = server_args.return_code;
}
#endif /* ENABLE_TLS_CALLBACK_TEST */
#ifdef HAVE_SNI
static void test_wolfSSL_UseSNI_params(void)
{
WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
WOLFSSL *ssl = wolfSSL_new(ctx);
AssertNotNull(ctx);
AssertNotNull(ssl);
/* invalid [ctx|ssl] */
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(NULL, 0, "ctx", 3));
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( NULL, 0, "ssl", 3));
/* invalid type */
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, -1, "ctx", 3));
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, -1, "ssl", 3));
/* invalid data */
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, NULL, 3));
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, NULL, 3));
/* success case */
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, "ctx", 3));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, "ssl", 3));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
}
/* BEGIN of connection tests callbacks */
static void use_SNI_at_ctx(WOLFSSL_CTX* ctx)
{
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, "www.wolfssl.com", 15));
}
static void use_SNI_at_ssl(WOLFSSL* ssl)
{
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, "www.wolfssl.com", 15));
}
static void different_SNI_at_ssl(WOLFSSL* ssl)
{
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, "ww2.wolfssl.com", 15));
}
static void use_SNI_WITH_CONTINUE_at_ssl(WOLFSSL* ssl)
{
use_SNI_at_ssl(ssl);
wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME,
WOLFSSL_SNI_CONTINUE_ON_MISMATCH);
}
static void use_SNI_WITH_FAKE_ANSWER_at_ssl(WOLFSSL* ssl)
{
use_SNI_at_ssl(ssl);
wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME,
WOLFSSL_SNI_ANSWER_ON_MISMATCH);
}
static void use_MANDATORY_SNI_at_ctx(WOLFSSL_CTX* ctx)
{
use_SNI_at_ctx(ctx);
wolfSSL_CTX_SNI_SetOptions(ctx, WOLFSSL_SNI_HOST_NAME,
WOLFSSL_SNI_ABORT_ON_ABSENCE);
}
static void use_MANDATORY_SNI_at_ssl(WOLFSSL* ssl)
{
use_SNI_at_ssl(ssl);
wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME,
WOLFSSL_SNI_ABORT_ON_ABSENCE);
}
static void use_PSEUDO_MANDATORY_SNI_at_ctx(WOLFSSL_CTX* ctx)
{
use_SNI_at_ctx(ctx);
wolfSSL_CTX_SNI_SetOptions(ctx, WOLFSSL_SNI_HOST_NAME,
WOLFSSL_SNI_ANSWER_ON_MISMATCH | WOLFSSL_SNI_ABORT_ON_ABSENCE);
}
static void verify_UNKNOWN_SNI_on_server(WOLFSSL* ssl)
{
AssertIntEQ(UNKNOWN_SNI_HOST_NAME_E, wolfSSL_get_error(ssl, 0));
}
static void verify_SNI_ABSENT_on_server(WOLFSSL* ssl)
{
AssertIntEQ(SNI_ABSENT_ERROR, wolfSSL_get_error(ssl, 0));
}
static void verify_SNI_no_matching(WOLFSSL* ssl)
{
byte type = WOLFSSL_SNI_HOST_NAME;
char* request = (char*) &type; /* to be overwritten */
AssertIntEQ(WOLFSSL_SNI_NO_MATCH, wolfSSL_SNI_Status(ssl, type));
AssertNotNull(request);
AssertIntEQ(0, wolfSSL_SNI_GetRequest(ssl, type, (void**) &request));
AssertNull(request);
}
static void verify_SNI_real_matching(WOLFSSL* ssl)
{
byte type = WOLFSSL_SNI_HOST_NAME;
char* request = NULL;
AssertIntEQ(WOLFSSL_SNI_REAL_MATCH, wolfSSL_SNI_Status(ssl, type));
AssertIntEQ(15, wolfSSL_SNI_GetRequest(ssl, type, (void**) &request));
AssertNotNull(request);
AssertStrEQ("www.wolfssl.com", request);
}
static void verify_SNI_fake_matching(WOLFSSL* ssl)
{
byte type = WOLFSSL_SNI_HOST_NAME;
char* request = NULL;
AssertIntEQ(WOLFSSL_SNI_FAKE_MATCH, wolfSSL_SNI_Status(ssl, type));
AssertIntEQ(15, wolfSSL_SNI_GetRequest(ssl, type, (void**) &request));
AssertNotNull(request);
AssertStrEQ("ww2.wolfssl.com", request);
}
static void verify_FATAL_ERROR_on_client(WOLFSSL* ssl)
{
AssertIntEQ(FATAL_ERROR, wolfSSL_get_error(ssl, 0));
}
/* END of connection tests callbacks */
static void test_wolfSSL_UseSNI_connection(void)
{
callback_functions client_cb;
callback_functions server_cb;
XMEMSET(&client_cb, 0, sizeof(callback_functions));
XMEMSET(&server_cb, 0, sizeof(callback_functions));
client_cb.method = wolfSSLv23_client_method;
server_cb.method = wolfSSLv23_server_method;
server_cb.devId = devId;
server_cb.devId = devId;
/* success case at ctx */
client_cb.ctx_ready = use_SNI_at_ctx; client_cb.ssl_ready = NULL; client_cb.on_result = NULL;
server_cb.ctx_ready = use_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_real_matching;
test_wolfSSL_client_server(&client_cb, &server_cb);
/* success case at ssl */
client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_SNI_at_ssl; client_cb.on_result = verify_SNI_real_matching;
server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_at_ssl; server_cb.on_result = verify_SNI_real_matching;
test_wolfSSL_client_server(&client_cb, &server_cb);
/* default mismatch behavior */
client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = verify_FATAL_ERROR_on_client;
server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_at_ssl; server_cb.on_result = verify_UNKNOWN_SNI_on_server;
test_wolfSSL_client_server(&client_cb, &server_cb);
/* continue on mismatch */
client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL;
server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_WITH_CONTINUE_at_ssl; server_cb.on_result = verify_SNI_no_matching;
test_wolfSSL_client_server(&client_cb, &server_cb);
/* fake answer on mismatch */
client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL;
server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_WITH_FAKE_ANSWER_at_ssl; server_cb.on_result = verify_SNI_fake_matching;
test_wolfSSL_client_server(&client_cb, &server_cb);
/* sni abort - success */
client_cb.ctx_ready = use_SNI_at_ctx; client_cb.ssl_ready = NULL; client_cb.on_result = NULL;
server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_real_matching;
test_wolfSSL_client_server(&client_cb, &server_cb);
/* sni abort - abort when absent (ctx) */
client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = verify_FATAL_ERROR_on_client;
server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_ABSENT_on_server;
/* sni abort - abort when absent (ssl) */
client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = verify_FATAL_ERROR_on_client;
server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_MANDATORY_SNI_at_ssl; server_cb.on_result = verify_SNI_ABSENT_on_server;
test_wolfSSL_client_server(&client_cb, &server_cb);
/* sni abort - success when overwritten */
client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = NULL;
server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = use_SNI_at_ssl; server_cb.on_result = verify_SNI_no_matching;
test_wolfSSL_client_server(&client_cb, &server_cb);
/* sni abort - success when allowing mismatches */
client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL;
server_cb.ctx_ready = use_PSEUDO_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_fake_matching;
test_wolfSSL_client_server(&client_cb, &server_cb);
}
static void test_wolfSSL_SNI_GetFromBuffer(void)
{
byte buff[] = { /* www.paypal.com */
0x00, 0x00, 0x00, 0x00, 0xff, 0x01, 0x00, 0x00, 0x60, 0x03, 0x03, 0x5c,
0xc4, 0xb3, 0x8c, 0x87, 0xef, 0xa4, 0x09, 0xe0, 0x02, 0xab, 0x86, 0xca,
0x76, 0xf0, 0x9e, 0x01, 0x65, 0xf6, 0xa6, 0x06, 0x13, 0x1d, 0x0f, 0xa5,
0x79, 0xb0, 0xd4, 0x77, 0x22, 0xeb, 0x1a, 0x00, 0x00, 0x16, 0x00, 0x6b,
0x00, 0x67, 0x00, 0x39, 0x00, 0x33, 0x00, 0x3d, 0x00, 0x3c, 0x00, 0x35,
0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x21,
0x00, 0x00, 0x00, 0x13, 0x00, 0x11, 0x00, 0x00, 0x0e, 0x77, 0x77, 0x77,
0x2e, 0x70, 0x61, 0x79, 0x70, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x00,
0x0d, 0x00, 0x06, 0x00, 0x04, 0x04, 0x01, 0x02, 0x01
};
byte buff2[] = { /* api.textmate.org */
0x16, 0x03, 0x01, 0x00, 0xc6, 0x01, 0x00, 0x00, 0xc2, 0x03, 0x03, 0x52,
0x8b, 0x7b, 0xca, 0x69, 0xec, 0x97, 0xd5, 0x08, 0x03, 0x50, 0xfe, 0x3b,
0x99, 0xc3, 0x20, 0xce, 0xa5, 0xf6, 0x99, 0xa5, 0x71, 0xf9, 0x57, 0x7f,
0x04, 0x38, 0xf6, 0x11, 0x0b, 0xb8, 0xd3, 0x00, 0x00, 0x5e, 0x00, 0xff,
0xc0, 0x24, 0xc0, 0x23, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x07, 0xc0, 0x08,
0xc0, 0x28, 0xc0, 0x27, 0xc0, 0x14, 0xc0, 0x13, 0xc0, 0x11, 0xc0, 0x12,
0xc0, 0x26, 0xc0, 0x25, 0xc0, 0x2a, 0xc0, 0x29, 0xc0, 0x05, 0xc0, 0x04,
0xc0, 0x02, 0xc0, 0x03, 0xc0, 0x0f, 0xc0, 0x0e, 0xc0, 0x0c, 0xc0, 0x0d,
0x00, 0x3d, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x35,
0x00, 0x0a, 0x00, 0x67, 0x00, 0x6b, 0x00, 0x33, 0x00, 0x39, 0x00, 0x16,
0x00, 0xaf, 0x00, 0xae, 0x00, 0x8d, 0x00, 0x8c, 0x00, 0x8a, 0x00, 0x8b,
0x00, 0xb1, 0x00, 0xb0, 0x00, 0x2c, 0x00, 0x3b, 0x01, 0x00, 0x00, 0x3b,
0x00, 0x00, 0x00, 0x15, 0x00, 0x13, 0x00, 0x00, 0x10, 0x61, 0x70, 0x69,
0x2e, 0x74, 0x65, 0x78, 0x74, 0x6d, 0x61, 0x74, 0x65, 0x2e, 0x6f, 0x72,
0x67, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x17, 0x00, 0x18, 0x00,
0x19, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0d, 0x00, 0x0c, 0x00,
0x0a, 0x05, 0x01, 0x04, 0x01, 0x02, 0x01, 0x04, 0x03, 0x02, 0x03
};
byte buff3[] = { /* no sni extension */
0x16, 0x03, 0x03, 0x00, 0x4d, 0x01, 0x00, 0x00, 0x49, 0x03, 0x03, 0xea,
0xa1, 0x9f, 0x60, 0xdd, 0x52, 0x12, 0x13, 0xbd, 0x84, 0x34, 0xd5, 0x1c,
0x38, 0x25, 0xa8, 0x97, 0xd2, 0xd5, 0xc6, 0x45, 0xaf, 0x1b, 0x08, 0xe4,
0x1e, 0xbb, 0xdf, 0x9d, 0x39, 0xf0, 0x65, 0x00, 0x00, 0x16, 0x00, 0x6b,
0x00, 0x67, 0x00, 0x39, 0x00, 0x33, 0x00, 0x3d, 0x00, 0x3c, 0x00, 0x35,
0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x0a,
0x00, 0x0d, 0x00, 0x06, 0x00, 0x04, 0x04, 0x01, 0x02, 0x01
};
byte buff4[] = { /* last extension has zero size */
0x16, 0x03, 0x01, 0x00, 0xba, 0x01, 0x00, 0x00,
0xb6, 0x03, 0x03, 0x83, 0xa3, 0xe6, 0xdc, 0x16, 0xa1, 0x43, 0xe9, 0x45,
0x15, 0xbd, 0x64, 0xa9, 0xb6, 0x07, 0xb4, 0x50, 0xc6, 0xdd, 0xff, 0xc2,
0xd3, 0x0d, 0x4f, 0x36, 0xb4, 0x41, 0x51, 0x61, 0xc1, 0xa5, 0x9e, 0x00,
0x00, 0x28, 0xcc, 0x14, 0xcc, 0x13, 0xc0, 0x2b, 0xc0, 0x2f, 0x00, 0x9e,
0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13, 0xc0, 0x14, 0xc0, 0x07, 0xc0, 0x11,
0x00, 0x33, 0x00, 0x32, 0x00, 0x39, 0x00, 0x9c, 0x00, 0x2f, 0x00, 0x35,
0x00, 0x0a, 0x00, 0x05, 0x00, 0x04, 0x01, 0x00, 0x00, 0x65, 0xff, 0x01,
0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x17, 0x00,
0x18, 0x00, 0x19, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00,
0x00, 0x33, 0x74, 0x00, 0x00, 0x00, 0x10, 0x00, 0x1b, 0x00, 0x19, 0x06,
0x73, 0x70, 0x64, 0x79, 0x2f, 0x33, 0x08, 0x73, 0x70, 0x64, 0x79, 0x2f,
0x33, 0x2e, 0x31, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
0x75, 0x50, 0x00, 0x00, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00, 0x00, 0x00,
0x00, 0x00, 0x0d, 0x00, 0x12, 0x00, 0x10, 0x04, 0x01, 0x05, 0x01, 0x02,
0x01, 0x04, 0x03, 0x05, 0x03, 0x02, 0x03, 0x04, 0x02, 0x02, 0x02, 0x00,
0x12, 0x00, 0x00
};
byte buff5[] = { /* SSL v2.0 client hello */
0x00, 0x2b, 0x01, 0x03, 0x01, 0x00, 0x09, 0x00, 0x00,
/* dummy bytes bellow, just to pass size check */
0xb6, 0x03, 0x03, 0x83, 0xa3, 0xe6, 0xdc, 0x16, 0xa1, 0x43, 0xe9, 0x45,
0x15, 0xbd, 0x64, 0xa9, 0xb6, 0x07, 0xb4, 0x50, 0xc6, 0xdd, 0xff, 0xc2,
0xd3, 0x0d, 0x4f, 0x36, 0xb4, 0x41, 0x51, 0x61, 0xc1, 0xa5, 0x9e, 0x00,
};
byte result[32] = {0};
word32 length = 32;
AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff4, sizeof(buff4),
0, result, &length));
AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff3, sizeof(buff3),
0, result, &length));
AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff2, sizeof(buff2),
1, result, &length));
AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
0, result, &length));
buff[0] = 0x16;
AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
0, result, &length));
buff[1] = 0x03;
AssertIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buff,
sizeof(buff), 0, result, &length));
buff[2] = 0x03;
AssertIntEQ(INCOMPLETE_DATA, wolfSSL_SNI_GetFromBuffer(buff,
sizeof(buff), 0, result, &length));
buff[4] = 0x64;
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
0, result, &length));
result[length] = 0;
AssertStrEQ("www.paypal.com", (const char*) result);
length = 32;
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff2, sizeof(buff2),
0, result, &length));
result[length] = 0;
AssertStrEQ("api.textmate.org", (const char*) result);
/* SSL v2.0 tests */
AssertIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buff5,
sizeof(buff5), 0, result, &length));
buff5[2] = 0x02;
AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5,
sizeof(buff5), 0, result, &length));
buff5[2] = 0x01; buff5[6] = 0x08;
AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5,
sizeof(buff5), 0, result, &length));
buff5[6] = 0x09; buff5[8] = 0x01;
AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5,
sizeof(buff5), 0, result, &length));
}
#endif /* HAVE_SNI */
static void test_wolfSSL_UseSNI(void)
{
#ifdef HAVE_SNI
test_wolfSSL_UseSNI_params();
test_wolfSSL_UseSNI_connection();
test_wolfSSL_SNI_GetFromBuffer();
#endif
}
#endif /* HAVE_IO_TESTS_DEPENDENCIES */
static void test_wolfSSL_UseTrustedCA(void)
{
#if defined(HAVE_TRUSTED_CA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
&& !defined(NO_RSA)
WOLFSSL_CTX *ctx;
WOLFSSL *ssl;
byte id[20];
#ifndef NO_WOLFSSL_SERVER
AssertNotNull((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())));
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
#else
AssertNotNull((ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())));
#endif
AssertNotNull((ssl = wolfSSL_new(ctx)));
XMEMSET(id, 0, sizeof(id));
/* error cases */
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(NULL, 0, NULL, 0));
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
WOLFSSL_TRUSTED_CA_CERT_SHA1+1, NULL, 0));
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
WOLFSSL_TRUSTED_CA_CERT_SHA1, NULL, 0));
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
WOLFSSL_TRUSTED_CA_CERT_SHA1, id, 5));
#ifdef NO_SHA
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
WOLFSSL_TRUSTED_CA_KEY_SHA1, id, sizeof(id)));
#endif
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
WOLFSSL_TRUSTED_CA_X509_NAME, id, 0));
/* success cases */
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
WOLFSSL_TRUSTED_CA_PRE_AGREED, NULL, 0));
#ifndef NO_SHA
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
WOLFSSL_TRUSTED_CA_KEY_SHA1, id, sizeof(id)));
#endif
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
WOLFSSL_TRUSTED_CA_X509_NAME, id, 5));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif /* HAVE_TRUSTED_CA */
}
static void test_wolfSSL_UseMaxFragment(void)
{
#if defined(HAVE_MAX_FRAGMENT) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
#ifndef NO_WOLFSSL_SERVER
WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
#else
WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
#endif
WOLFSSL *ssl = wolfSSL_new(ctx);
#ifdef OPENSSL_EXTRA
int (*UseMaxFragment)(SSL *s, uint8_t mode);
int (*CTX_UseMaxFragment)(SSL_CTX *c, uint8_t mode);
CTX_UseMaxFragment = SSL_CTX_set_tlsext_max_fragment_length;
UseMaxFragment = SSL_set_tlsext_max_fragment_length;
#else
int (*UseMaxFragment)(WOLFSSL *s, unsigned char mode);
int (*CTX_UseMaxFragment)(WOLFSSL_CTX *c, unsigned char mode);
UseMaxFragment = wolfSSL_UseMaxFragment;
CTX_UseMaxFragment = wolfSSL_CTX_UseMaxFragment;
#endif
AssertNotNull(ctx);
AssertNotNull(ssl);
/* error cases */
AssertIntNE(WOLFSSL_SUCCESS, CTX_UseMaxFragment(NULL, WOLFSSL_MFL_2_9));
AssertIntNE(WOLFSSL_SUCCESS, UseMaxFragment( NULL, WOLFSSL_MFL_2_9));
AssertIntNE(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_MIN-1));
AssertIntNE(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_MAX+1));
AssertIntNE(WOLFSSL_SUCCESS, UseMaxFragment(ssl, WOLFSSL_MFL_MIN-1));
AssertIntNE(WOLFSSL_SUCCESS, UseMaxFragment(ssl, WOLFSSL_MFL_MAX+1));
/* success case */
#ifdef OPENSSL_EXTRA
AssertIntEQ(BAD_FUNC_ARG, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_8));
#else
AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_8));
#endif
AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_9));
AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_10));
AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_11));
AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_12));
#ifdef OPENSSL_EXTRA
AssertIntEQ(BAD_FUNC_ARG, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_13));
AssertIntEQ(BAD_FUNC_ARG, UseMaxFragment( ssl, WOLFSSL_MFL_2_8));
#else
AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_13));
AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_8));
#endif
AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_9));
AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_10));
AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_11));
AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_12));
#ifdef OPENSSL_EXTRA
AssertIntEQ(BAD_FUNC_ARG, UseMaxFragment( ssl, WOLFSSL_MFL_2_13));
#else
AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_13));
#endif
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif
}
static void test_wolfSSL_UseTruncatedHMAC(void)
{
#if defined(HAVE_TRUNCATED_HMAC) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
#ifndef NO_WOLFSSL_SERVER
WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
#else
WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
#endif
WOLFSSL *ssl = wolfSSL_new(ctx);
AssertNotNull(ctx);
AssertNotNull(ssl);
/* error cases */
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(NULL));
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTruncatedHMAC(NULL));
/* success case */
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(ctx));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTruncatedHMAC(ssl));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif
}
static void test_wolfSSL_UseSupportedCurve(void)
{
#if defined(HAVE_SUPPORTED_CURVES) && !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
WOLFSSL *ssl = wolfSSL_new(ctx);
AssertNotNull(ctx);
AssertNotNull(ssl);
/* error cases */
AssertIntNE(WOLFSSL_SUCCESS,
wolfSSL_CTX_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1));
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSupportedCurve(ctx, 0));
AssertIntNE(WOLFSSL_SUCCESS,
wolfSSL_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1));
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSupportedCurve(ssl, 0));
/* success case */
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP256R1));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP256R1));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif
}
#if defined(HAVE_ALPN) && defined(HAVE_IO_TESTS_DEPENDENCIES)
static void verify_ALPN_FATAL_ERROR_on_client(WOLFSSL* ssl)
{
AssertIntEQ(UNKNOWN_ALPN_PROTOCOL_NAME_E, wolfSSL_get_error(ssl, 0));
}
static void use_ALPN_all(WOLFSSL* ssl)
{
/* http/1.1,spdy/1,spdy/2,spdy/3 */
char alpn_list[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x2c,
0x73, 0x70, 0x64, 0x79, 0x2f, 0x31, 0x2c,
0x73, 0x70, 0x64, 0x79, 0x2f, 0x32, 0x2c,
0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, alpn_list, sizeof(alpn_list),
WOLFSSL_ALPN_FAILED_ON_MISMATCH));
}
static void use_ALPN_all_continue(WOLFSSL* ssl)
{
/* http/1.1,spdy/1,spdy/2,spdy/3 */
char alpn_list[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x2c,
0x73, 0x70, 0x64, 0x79, 0x2f, 0x31, 0x2c,
0x73, 0x70, 0x64, 0x79, 0x2f, 0x32, 0x2c,
0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, alpn_list, sizeof(alpn_list),
WOLFSSL_ALPN_CONTINUE_ON_MISMATCH));
}
static void use_ALPN_one(WOLFSSL* ssl)
{
/* spdy/2 */
char proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x32};
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, proto, sizeof(proto),
WOLFSSL_ALPN_FAILED_ON_MISMATCH));
}
static void use_ALPN_unknown(WOLFSSL* ssl)
{
/* http/2.0 */
char proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x32, 0x2e, 0x30};
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, proto, sizeof(proto),
WOLFSSL_ALPN_FAILED_ON_MISMATCH));
}
static void use_ALPN_unknown_continue(WOLFSSL* ssl)
{
/* http/2.0 */
char proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x32, 0x2e, 0x30};
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, proto, sizeof(proto),
WOLFSSL_ALPN_CONTINUE_ON_MISMATCH));
}
static void verify_ALPN_not_matching_spdy3(WOLFSSL* ssl)
{
/* spdy/3 */
char nego_proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
char *proto = NULL;
word16 protoSz = 0;
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz));
/* check value */
AssertIntNE(1, sizeof(nego_proto) == protoSz);
if (proto) {
AssertIntNE(0, XMEMCMP(nego_proto, proto, sizeof(nego_proto)));
}
}
static void verify_ALPN_not_matching_continue(WOLFSSL* ssl)
{
char *proto = NULL;
word16 protoSz = 0;
AssertIntEQ(WOLFSSL_ALPN_NOT_FOUND,
wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz));
/* check value */
AssertIntEQ(1, (0 == protoSz));
AssertIntEQ(1, (NULL == proto));
}
static void verify_ALPN_matching_http1(WOLFSSL* ssl)
{
/* http/1.1 */
char nego_proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31};
char *proto;
word16 protoSz = 0;
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz));
/* check value */
AssertIntEQ(1, sizeof(nego_proto) == protoSz);
AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz));
}
static void verify_ALPN_matching_spdy2(WOLFSSL* ssl)
{
/* spdy/2 */
char nego_proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x32};
char *proto;
word16 protoSz = 0;
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz));
/* check value */
AssertIntEQ(1, sizeof(nego_proto) == protoSz);
AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz));
}
static void verify_ALPN_client_list(WOLFSSL* ssl)
{
/* http/1.1,spdy/1,spdy/2,spdy/3 */
char alpn_list[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x2c,
0x73, 0x70, 0x64, 0x79, 0x2f, 0x31, 0x2c,
0x73, 0x70, 0x64, 0x79, 0x2f, 0x32, 0x2c,
0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
char *clist = NULL;
word16 clistSz = 0;
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetPeerProtocol(ssl, &clist,
&clistSz));
/* check value */
AssertIntEQ(1, sizeof(alpn_list) == clistSz);
AssertIntEQ(0, XMEMCMP(alpn_list, clist, clistSz));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_FreePeerProtocol(ssl, &clist));
}
static void test_wolfSSL_UseALPN_connection(void)
{
callback_functions client_cb;
callback_functions server_cb;
XMEMSET(&client_cb, 0, sizeof(callback_functions));
XMEMSET(&server_cb, 0, sizeof(callback_functions));
client_cb.method = wolfSSLv23_client_method;
server_cb.method = wolfSSLv23_server_method;
server_cb.devId = devId;
server_cb.devId = devId;
/* success case same list */
client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL;
server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_all; server_cb.on_result = verify_ALPN_matching_http1;
test_wolfSSL_client_server(&client_cb, &server_cb);
/* success case only one for server */
client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL;
server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_one; server_cb.on_result = verify_ALPN_matching_spdy2;
test_wolfSSL_client_server(&client_cb, &server_cb);
/* success case only one for client */
client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_one; client_cb.on_result = NULL;
server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_all; server_cb.on_result = verify_ALPN_matching_spdy2;
test_wolfSSL_client_server(&client_cb, &server_cb);
/* success case none for client */
client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = NULL;
server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_all; server_cb.on_result = NULL;
test_wolfSSL_client_server(&client_cb, &server_cb);
/* success case mismatch behavior but option 'continue' set */
client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all_continue; client_cb.on_result = verify_ALPN_not_matching_continue;
server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_unknown_continue; server_cb.on_result = NULL;
test_wolfSSL_client_server(&client_cb, &server_cb);
/* success case read protocol send by client */
client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL;
server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_one; server_cb.on_result = verify_ALPN_client_list;
test_wolfSSL_client_server(&client_cb, &server_cb);
/* mismatch behavior with same list
* the first and only this one must be taken */
client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL;
server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_all; server_cb.on_result = verify_ALPN_not_matching_spdy3;
test_wolfSSL_client_server(&client_cb, &server_cb);
/* default mismatch behavior */
client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL;
server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_unknown; server_cb.on_result = verify_ALPN_FATAL_ERROR_on_client;
test_wolfSSL_client_server(&client_cb, &server_cb);
}
static void test_wolfSSL_UseALPN_params(void)
{
#ifndef NO_WOLFSSL_CLIENT
/* "http/1.1" */
char http1[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31};
/* "spdy/1" */
char spdy1[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x31};
/* "spdy/2" */
char spdy2[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x32};
/* "spdy/3" */
char spdy3[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
char buff[256];
word32 idx;
WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
WOLFSSL *ssl = wolfSSL_new(ctx);
AssertNotNull(ctx);
AssertNotNull(ssl);
/* error cases */
AssertIntNE(WOLFSSL_SUCCESS,
wolfSSL_UseALPN(NULL, http1, sizeof(http1),
WOLFSSL_ALPN_FAILED_ON_MISMATCH));
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, NULL, 0,
WOLFSSL_ALPN_FAILED_ON_MISMATCH));
/* success case */
/* http1 only */
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_UseALPN(ssl, http1, sizeof(http1),
WOLFSSL_ALPN_FAILED_ON_MISMATCH));
/* http1, spdy1 */
XMEMCPY(buff, http1, sizeof(http1));
idx = sizeof(http1);
buff[idx++] = ',';
XMEMCPY(buff+idx, spdy1, sizeof(spdy1));
idx += sizeof(spdy1);
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx,
WOLFSSL_ALPN_FAILED_ON_MISMATCH));
/* http1, spdy2, spdy1 */
XMEMCPY(buff, http1, sizeof(http1));
idx = sizeof(http1);
buff[idx++] = ',';
XMEMCPY(buff+idx, spdy2, sizeof(spdy2));
idx += sizeof(spdy2);
buff[idx++] = ',';
XMEMCPY(buff+idx, spdy1, sizeof(spdy1));
idx += sizeof(spdy1);
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx,
WOLFSSL_ALPN_FAILED_ON_MISMATCH));
/* spdy3, http1, spdy2, spdy1 */
XMEMCPY(buff, spdy3, sizeof(spdy3));
idx = sizeof(spdy3);
buff[idx++] = ',';
XMEMCPY(buff+idx, http1, sizeof(http1));
idx += sizeof(http1);
buff[idx++] = ',';
XMEMCPY(buff+idx, spdy2, sizeof(spdy2));
idx += sizeof(spdy2);
buff[idx++] = ',';
XMEMCPY(buff+idx, spdy1, sizeof(spdy1));
idx += sizeof(spdy1);
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx,
WOLFSSL_ALPN_CONTINUE_ON_MISMATCH));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif
}
#endif /* HAVE_ALPN */
#ifdef HAVE_ALPN_PROTOS_SUPPORT
static void CTX_set_alpn_protos(SSL_CTX *ctx)
{
unsigned char p[] = {
8, 'h', 't', 't', 'p', '/', '1', '.', '1',
6, 's', 'p', 'd', 'y', '/', '2',
6, 's', 'p', 'd', 'y', '/', '1',
};
unsigned char p_len = sizeof(p);
int ret;
ret = SSL_CTX_set_alpn_protos(ctx, p, p_len);
#ifdef WOLFSSL_ERROR_CODE_OPENSSL
AssertIntEQ(ret, 0);
#else
AssertIntEQ(ret, SSL_SUCCESS);
#endif
}
static void set_alpn_protos(SSL* ssl)
{
unsigned char p[] = {
6, 's', 'p', 'd', 'y', '/', '3',
8, 'h', 't', 't', 'p', '/', '1', '.', '1',
6, 's', 'p', 'd', 'y', '/', '2',
6, 's', 'p', 'd', 'y', '/', '1',
};
unsigned char p_len = sizeof(p);
int ret;
ret = SSL_set_alpn_protos(ssl, p, p_len);
#ifdef WOLFSSL_ERROR_CODE_OPENSSL
AssertIntEQ(ret, 0);
#else
AssertIntEQ(ret, SSL_SUCCESS);
#endif
}
static void verify_alpn_matching_spdy3(WOLFSSL* ssl)
{
/* "spdy/3" */
char nego_proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
const unsigned char *proto;
unsigned int protoSz = 0;
SSL_get0_alpn_selected(ssl, &proto, &protoSz);
/* check value */
AssertIntEQ(1, sizeof(nego_proto) == protoSz);
AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz));
}
static void verify_alpn_matching_http1(WOLFSSL* ssl)
{
/* "http/1.1" */
char nego_proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31};
const unsigned char *proto;
unsigned int protoSz = 0;
SSL_get0_alpn_selected(ssl, &proto, &protoSz);
/* check value */
AssertIntEQ(1, sizeof(nego_proto) == protoSz);
AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz));
}
static void test_wolfSSL_set_alpn_protos(void)
{
callback_functions client_cb;
callback_functions server_cb;
XMEMSET(&client_cb, 0, sizeof(callback_functions));
XMEMSET(&server_cb, 0, sizeof(callback_functions));
client_cb.method = wolfSSLv23_client_method;
server_cb.method = wolfSSLv23_server_method;
server_cb.devId = devId;
server_cb.devId = devId;
/* use CTX_alpn_protos */
client_cb.ctx_ready = CTX_set_alpn_protos; client_cb.ssl_ready = NULL; client_cb.on_result = NULL;
server_cb.ctx_ready = CTX_set_alpn_protos; server_cb.ssl_ready = NULL; server_cb.on_result = verify_alpn_matching_http1;
test_wolfSSL_client_server(&client_cb, &server_cb);
/* use set_alpn_protos */
client_cb.ctx_ready = NULL; client_cb.ssl_ready = set_alpn_protos; client_cb.on_result = NULL;
server_cb.ctx_ready = NULL; server_cb.ssl_ready = set_alpn_protos; server_cb.on_result = verify_alpn_matching_spdy3;
test_wolfSSL_client_server(&client_cb, &server_cb);
}
#endif /* HAVE_ALPN_PROTOS_SUPPORT */
static void test_wolfSSL_UseALPN(void)
{
#if defined(HAVE_ALPN) && !defined(NO_WOLFSSL_SERVER) &&\
defined(HAVE_IO_TESTS_DEPENDENCIES)
test_wolfSSL_UseALPN_connection();
test_wolfSSL_UseALPN_params();
#endif
#ifdef HAVE_ALPN_PROTOS_SUPPORT
test_wolfSSL_set_alpn_protos();
#endif
}
static void test_wolfSSL_DisableExtendedMasterSecret(void)
{
#if defined(HAVE_EXTENDED_MASTER) && !defined(NO_WOLFSSL_CLIENT)
WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
WOLFSSL *ssl = wolfSSL_new(ctx);
AssertNotNull(ctx);
AssertNotNull(ssl);
/* error cases */
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(NULL));
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(NULL));
/* success cases */
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(ctx));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(ssl));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif
}
static void test_wolfSSL_wolfSSL_UseSecureRenegotiation(void)
{
#if defined(HAVE_SECURE_RENEGOTIATION) && !defined(NO_WOLFSSL_CLIENT)
WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
WOLFSSL *ssl = wolfSSL_new(ctx);
AssertNotNull(ctx);
AssertNotNull(ssl);
/* error cases */
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(NULL));
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(NULL));
/* success cases */
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(ctx));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(ssl));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif
}
/*----------------------------------------------------------------------------*
| X509 Tests
*----------------------------------------------------------------------------*/
static void test_wolfSSL_X509_NAME_get_entry(void)
{
#if !defined(NO_CERTS) && !defined(NO_RSA)
#if defined(OPENSSL_ALL) || \
(defined(OPENSSL_EXTRA) && \
(defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)))
printf(testingFmt, "wolfSSL_X509_NAME_get_entry()");
{
/* use openssl like name to test mapping */
X509_NAME_ENTRY* ne;
X509_NAME* name;
X509* x509;
#ifndef NO_FILESYSTEM
ASN1_STRING* asn;
char* subCN = NULL;
#endif
int idx;
ASN1_OBJECT *object = NULL;
#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
#ifndef NO_BIO
BIO* bio;
#endif
#endif
#ifndef NO_FILESYSTEM
x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM);
AssertNotNull(x509);
name = X509_get_subject_name(x509);
idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1);
AssertIntGE(idx, 0);
ne = X509_NAME_get_entry(name, idx);
AssertNotNull(ne);
asn = X509_NAME_ENTRY_get_data(ne);
AssertNotNull(asn);
subCN = (char*)ASN1_STRING_data(asn);
AssertNotNull(subCN);
wolfSSL_FreeX509(x509);
#endif
x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM);
AssertNotNull(x509);
name = X509_get_subject_name(x509);
idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1);
AssertIntGE(idx, 0);
#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
#ifndef NO_BIO
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertIntEQ(X509_NAME_print_ex(bio, name, 4,
(XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS);
AssertIntEQ(X509_NAME_print_ex_fp(stdout, name, 4,
(XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS);
BIO_free(bio);
#endif
#endif
ne = X509_NAME_get_entry(name, idx);
AssertNotNull(ne);
AssertNotNull(object = X509_NAME_ENTRY_get_object(ne));
wolfSSL_FreeX509(x509);
}
printf(resultFmt, passed);
#endif /* OPENSSL_ALL || (OPENSSL_EXTRA && (KEEP_PEER_CERT || SESSION_CERTS) */
#endif /* !NO_CERTS && !NO_RSA */
}
/* Testing functions dealing with PKCS12 parsing out X509 certs */
static void test_wolfSSL_PKCS12(void)
{
/* .p12 file is encrypted with DES3 */
#ifndef HAVE_FIPS /* Password used in cert "wolfSSL test" is only 12-bytes
* (96-bit) FIPS mode requires Minimum of 14-byte (112-bit)
* Password Key
*/
#if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && !defined(NO_FILESYSTEM) && \
!defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_RSA) && \
!defined(NO_SHA) && defined(HAVE_PKCS12)
byte buf[6000];
char file[] = "./certs/test-servercert.p12";
char order[] = "./certs/ecc-rsa-server.p12";
#ifdef WC_RC2
char rc2p12[] = "./certs/test-servercert-rc2.p12";
#endif
char pass[] = "a password";
const char goodPsw[] = "wolfSSL test";
const char badPsw[] = "bad";
#ifdef HAVE_ECC
WOLFSSL_X509_NAME* subject;
WOLFSSL_X509 *x509;
#endif
XFILE f;
int bytes, ret, goodPswLen, badPswLen;
WOLFSSL_BIO *bio;
WOLFSSL_EVP_PKEY *pkey;
WC_PKCS12 *pkcs12;
WC_PKCS12 *pkcs12_2;
WOLFSSL_X509 *cert;
WOLFSSL_X509 *tmp;
WOLF_STACK_OF(WOLFSSL_X509) *ca;
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
|| defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS)
WOLFSSL_CTX *ctx;
WOLFSSL *ssl;
WOLF_STACK_OF(WOLFSSL_X509) *tmp_ca = NULL;
#endif
printf(testingFmt, "wolfSSL_PKCS12()");
f = XFOPEN(file, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
goodPswLen = (int)XSTRLEN(goodPsw);
badPswLen = (int)XSTRLEN(badPsw);
bio = BIO_new_mem_buf((void*)buf, bytes);
AssertNotNull(bio);
pkcs12 = d2i_PKCS12_bio(bio, NULL);
AssertNotNull(pkcs12);
PKCS12_free(pkcs12);
AssertIntEQ(BIO_write(bio, buf, bytes), bytes); /* d2i consumes BIO */
d2i_PKCS12_bio(bio, &pkcs12);
AssertNotNull(pkcs12);
BIO_free(bio);
/* check verify MAC directly */
ret = PKCS12_verify_mac(pkcs12, goodPsw, goodPswLen);
AssertIntEQ(ret, 1);
/* check verify MAC fail case directly */
ret = PKCS12_verify_mac(pkcs12, badPsw, badPswLen);
AssertIntEQ(ret, 0);
/* check verify MAC fail case */
ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL);
AssertIntEQ(ret, 0);
AssertNull(pkey);
AssertNull(cert);
/* check parse with no extra certs kept */
ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL);
AssertIntEQ(ret, 1);
AssertNotNull(pkey);
AssertNotNull(cert);
wolfSSL_EVP_PKEY_free(pkey);
wolfSSL_X509_free(cert);
/* check parse with extra certs kept */
ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca);
AssertIntEQ(ret, 1);
AssertNotNull(pkey);
AssertNotNull(cert);
AssertNotNull(ca);
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
|| defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS)
/* Check that SSL_CTX_set0_chain correctly sets the certChain buffer */
#if !defined(NO_WOLFSSL_CLIENT) && defined(SESSION_CERTS)
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#endif
/* Copy stack structure */
AssertNotNull(tmp_ca = X509_chain_up_ref(ca));
AssertIntEQ(SSL_CTX_set0_chain(ctx, tmp_ca), 1);
/* CTX now owns the tmp_ca stack structure */
tmp_ca = NULL;
AssertIntEQ(wolfSSL_CTX_get_extra_chain_certs(ctx, &tmp_ca), 1);
AssertNotNull(tmp_ca);
AssertIntEQ(sk_X509_num(tmp_ca), sk_X509_num(ca));
/* Check that the main cert is also set */
AssertNotNull(SSL_CTX_get0_certificate(ctx));
AssertNotNull(ssl = SSL_new(ctx));
AssertNotNull(SSL_get_certificate(ssl));
SSL_free(ssl);
SSL_CTX_free(ctx);
#endif
/* should be 2 other certs on stack */
tmp = sk_X509_pop(ca);
AssertNotNull(tmp);
X509_free(tmp);
tmp = sk_X509_pop(ca);
AssertNotNull(tmp);
X509_free(tmp);
AssertNull(sk_X509_pop(ca));
EVP_PKEY_free(pkey);
X509_free(cert);
sk_X509_pop_free(ca, X509_free);
/* check PKCS12_create */
AssertNull(PKCS12_create(pass, NULL, NULL, NULL, NULL, -1, -1, -1, -1,0));
AssertIntEQ(PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca),
SSL_SUCCESS);
AssertNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, ca,
-1, -1, 100, -1, 0)));
EVP_PKEY_free(pkey);
X509_free(cert);
sk_X509_pop_free(ca, NULL);
AssertIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca),
SSL_SUCCESS);
PKCS12_free(pkcs12_2);
AssertNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, ca,
NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
2000, 1, 0)));
EVP_PKEY_free(pkey);
X509_free(cert);
sk_X509_pop_free(ca, NULL);
/* convert to DER then back and parse */
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertIntEQ(i2d_PKCS12_bio(bio, pkcs12_2), SSL_SUCCESS);
PKCS12_free(pkcs12_2);
AssertNotNull(pkcs12_2 = d2i_PKCS12_bio(bio, NULL));
BIO_free(bio);
AssertIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca),
SSL_SUCCESS);
/* should be 2 other certs on stack */
tmp = sk_X509_pop(ca);
AssertNotNull(tmp);
X509_free(tmp);
tmp = sk_X509_pop(ca);
AssertNotNull(tmp);
X509_free(tmp);
AssertNull(sk_X509_pop(ca));
#ifndef NO_RC4
PKCS12_free(pkcs12_2);
AssertNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, NULL,
NID_pbe_WithSHA1And128BitRC4,
NID_pbe_WithSHA1And128BitRC4,
2000, 1, 0)));
EVP_PKEY_free(pkey);
X509_free(cert);
sk_X509_pop_free(ca, NULL);
AssertIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca),
SSL_SUCCESS);
#endif /* NO_RC4 */
EVP_PKEY_free(pkey);
X509_free(cert);
PKCS12_free(pkcs12);
PKCS12_free(pkcs12_2);
sk_X509_pop_free(ca, NULL);
#ifdef HAVE_ECC
/* test order of parsing */
f = XFOPEN(order, "rb");
AssertTrue(f != XBADFILE);
bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
AssertNotNull(bio = BIO_new_mem_buf((void*)buf, bytes));
AssertNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL));
AssertIntEQ((ret = PKCS12_parse(pkcs12, "", &pkey, &cert, &ca)),
WOLFSSL_SUCCESS);
AssertNotNull(pkey);
AssertNotNull(cert);
AssertNotNull(ca);
/* compare subject lines of certificates */
AssertNotNull(subject = wolfSSL_X509_get_subject_name(cert));
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(eccRsaCertFile,
SSL_FILETYPE_PEM));
AssertIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject,
(const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0);
X509_free(x509);
/* test expected fail case */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(eccCertFile,
SSL_FILETYPE_PEM));
AssertIntNE(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject,
(const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0);
X509_free(x509);
X509_free(cert);
/* get subject line from ca stack */
AssertNotNull(cert = sk_X509_pop(ca));
AssertNotNull(subject = wolfSSL_X509_get_subject_name(cert));
/* compare subject from certificate in ca to expected */
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(eccCertFile,
SSL_FILETYPE_PEM));
AssertIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject,
(const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0);
EVP_PKEY_free(pkey);
X509_free(x509);
X509_free(cert);
BIO_free(bio);
PKCS12_free(pkcs12);
sk_X509_pop_free(ca, NULL); /* TEST d2i_PKCS12_fp */
/* test order of parsing */
f = XFOPEN(file, "rb");
AssertTrue(f != XBADFILE);
AssertNotNull(pkcs12 = d2i_PKCS12_fp(f, NULL));
XFCLOSE(f);
/* check verify MAC fail case */
ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL);
AssertIntEQ(ret, 0);
AssertNull(pkey);
AssertNull(cert);
/* check parse with no extra certs kept */
ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL);
AssertIntEQ(ret, 1);
AssertNotNull(pkey);
AssertNotNull(cert);
wolfSSL_EVP_PKEY_free(pkey);
wolfSSL_X509_free(cert);
/* check parse with extra certs kept */
ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca);
AssertIntEQ(ret, 1);
AssertNotNull(pkey);
AssertNotNull(cert);
AssertNotNull(ca);
wolfSSL_EVP_PKEY_free(pkey);
wolfSSL_X509_free(cert);
sk_X509_pop_free(ca, NULL);
PKCS12_free(pkcs12);
#endif /* HAVE_ECC */
#ifdef WC_RC2
/* test PKCS#12 with RC2 encryption */
f = XFOPEN(rc2p12, "rb");
AssertTrue(f != XBADFILE);
bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
AssertNotNull(bio = BIO_new_mem_buf((void*)buf, bytes));
AssertNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL));
/* check verify MAC fail case */
ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL);
AssertIntEQ(ret, 0);
AssertNull(pkey);
AssertNull(cert);
/* check parse iwth not extra certs kept */
ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL);
AssertIntEQ(ret, WOLFSSL_SUCCESS);
AssertNotNull(pkey);
AssertNotNull(cert);
/* check parse with extra certs kept */
ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca);
AssertIntEQ(ret, WOLFSSL_SUCCESS);
AssertNotNull(pkey);
AssertNotNull(cert);
AssertNotNull(ca);
wolfSSL_EVP_PKEY_free(pkey);
wolfSSL_X509_free(cert);
sk_X509_pop_free(ca, NULL);
BIO_free(bio);
PKCS12_free(pkcs12);
#endif /* WC_RC2 */
/* Test i2d_PKCS12_bio */
f = XFOPEN(file, "rb");
AssertTrue((f != XBADFILE));
AssertNotNull(pkcs12 = d2i_PKCS12_fp(f, NULL));
XFCLOSE(f);
bio = BIO_new(BIO_s_mem());
AssertNotNull(bio);
ret = i2d_PKCS12_bio(bio, pkcs12);
AssertIntEQ(ret, 1);
ret = i2d_PKCS12_bio(NULL, pkcs12);
AssertIntEQ(ret, 0);
ret = i2d_PKCS12_bio(bio, NULL);
AssertIntEQ(ret, 0);
PKCS12_free(pkcs12);
BIO_free(bio);
(void)order;
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
#endif /* HAVE_FIPS */
}
#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) && \
defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_DES3) && !defined(NO_PWDBASED) && \
(!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_MD5)
#define TEST_PKCS8_ENC
#endif
#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) \
&& defined(HAVE_ECC) && defined(WOLFSSL_ENCRYPTED_KEYS)
/* used to keep track if FailTestCallback was called */
static int failTestCallbackCalled = 0;
static WC_INLINE int FailTestCallBack(char* passwd, int sz, int rw, void* userdata)
{
(void)passwd;
(void)sz;
(void)rw;
(void)userdata;
/* mark called, test_wolfSSL_no_password_cb() will check and fail if set */
failTestCallbackCalled = 1;
return -1;
}
#endif
static void test_wolfSSL_no_password_cb(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) \
&& defined(HAVE_ECC) && defined(WOLFSSL_ENCRYPTED_KEYS)
WOLFSSL_CTX* ctx;
byte buff[FOURK_BUF];
const char eccPkcs8PrivKeyDerFile[] = "./certs/ecc-privkeyPkcs8.der";
const char eccPkcs8PrivKeyPemFile[] = "./certs/ecc-privkeyPkcs8.pem";
XFILE f;
int bytes;
printf(testingFmt, "test_wolfSSL_no_password_cb()");
#ifndef NO_WOLFSSL_CLIENT
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLS_client_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLS_server_method()));
#endif
wolfSSL_CTX_set_default_passwd_cb(ctx, FailTestCallBack);
AssertTrue((f = XFOPEN(eccPkcs8PrivKeyDerFile, "rb")) != XBADFILE);
bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f);
AssertIntLE(bytes, sizeof(buff));
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
AssertTrue((f = XFOPEN(eccPkcs8PrivKeyPemFile, "rb")) != XBADFILE);
bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f);
AssertIntLE(bytes, sizeof(buff));
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
wolfSSL_CTX_free(ctx);
if (failTestCallbackCalled != 0) {
Fail(("Password callback should not be called by default"),
("Password callback was called without attempting "
"to first decipher private key without password."));
}
printf(resultFmt, passed);
#endif
}
#ifdef TEST_PKCS8_ENC
/* for PKCS8 test case */
static int PKCS8TestCallBack(char* passwd, int sz, int rw, void* userdata)
{
int flag = 0;
(void)rw;
if (userdata != NULL) {
flag = *((int*)userdata); /* user set data */
}
switch (flag) {
case 1: /* flag set for specific WOLFSSL_CTX structure, note userdata
* can be anything the user wishes to be passed to the callback
* associated with the WOLFSSL_CTX */
XSTRNCPY(passwd, "yassl123", sz);
return 8;
default:
return BAD_FUNC_ARG;
}
}
#endif /* TEST_PKCS8_ENC */
/* Testing functions dealing with PKCS8 */
static void test_wolfSSL_PKCS8(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8)
byte buff[FOURK_BUF];
byte der[FOURK_BUF];
#ifndef NO_RSA
const char serverKeyPkcs8PemFile[] = "./certs/server-keyPkcs8.pem";
const char serverKeyPkcs8DerFile[] = "./certs/server-keyPkcs8.der";
#endif
const char eccPkcs8PrivKeyPemFile[] = "./certs/ecc-privkeyPkcs8.pem";
#ifdef HAVE_ECC
const char eccPkcs8PrivKeyDerFile[] = "./certs/ecc-privkeyPkcs8.der";
#endif
XFILE f;
int bytes;
WOLFSSL_CTX* ctx;
#if defined(HAVE_ECC) && !defined(NO_CODING)
int ret;
ecc_key key;
word32 x = 0;
#endif
#ifdef TEST_PKCS8_ENC
#if !defined(NO_RSA) && !defined(NO_SHA)
const char serverKeyPkcs8EncPemFile[] = "./certs/server-keyPkcs8Enc.pem";
const char serverKeyPkcs8EncDerFile[] = "./certs/server-keyPkcs8Enc.der";
#endif
#if defined(HAVE_ECC) && !defined(NO_SHA)
const char eccPkcs8EncPrivKeyPemFile[] = "./certs/ecc-keyPkcs8Enc.pem";
const char eccPkcs8EncPrivKeyDerFile[] = "./certs/ecc-keyPkcs8Enc.der";
#endif
int flag;
#endif
(void)der;
printf(testingFmt, "wolfSSL_PKCS8()");
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
#endif
#else
#ifndef WOLFSSL_NO_TLS12
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
#endif
#endif
#ifdef TEST_PKCS8_ENC
wolfSSL_CTX_set_default_passwd_cb(ctx, PKCS8TestCallBack);
wolfSSL_CTX_set_default_passwd_cb_userdata(ctx, (void*)&flag);
flag = 1; /* used by password callback as return code */
#if !defined(NO_RSA) && !defined(NO_SHA)
/* test loading PEM PKCS8 encrypted file */
f = XFOPEN(serverKeyPkcs8EncPemFile, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f);
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
/* this next case should fail because of password callback return code */
flag = 0; /* used by password callback as return code */
AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
/* decrypt PKCS8 PEM to key in DER format with not using WOLFSSL_CTX */
AssertIntGT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der),
"yassl123"), 0);
/* test that error value is returned with a bad password */
AssertIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der),
"bad"), 0);
/* test loading PEM PKCS8 encrypted file */
f = XFOPEN(serverKeyPkcs8EncDerFile, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f);
flag = 1; /* used by password callback as return code */
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
/* this next case should fail because of password callback return code */
flag = 0; /* used by password callback as return code */
AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#endif /* !NO_RSA && !NO_SHA */
#if defined(HAVE_ECC) && !defined(NO_SHA)
/* test loading PEM PKCS8 encrypted ECC Key file */
f = XFOPEN(eccPkcs8EncPrivKeyPemFile, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f);
flag = 1; /* used by password callback as return code */
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
/* this next case should fail because of password callback return code */
flag = 0; /* used by password callback as return code */
AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
/* decrypt PKCS8 PEM to key in DER format with not using WOLFSSL_CTX */
AssertIntGT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der),
"yassl123"), 0);
/* test that error value is returned with a bad password */
AssertIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der),
"bad"), 0);
/* test loading DER PKCS8 encrypted ECC Key file */
f = XFOPEN(eccPkcs8EncPrivKeyDerFile, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f);
flag = 1; /* used by password callback as return code */
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
/* this next case should fail because of password callback return code */
flag = 0; /* used by password callback as return code */
AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
/* leave flag as "okay" */
flag = 1;
#endif /* HAVE_ECC && !NO_SHA */
#endif /* TEST_PKCS8_ENC */
#ifndef NO_RSA
/* test loading ASN.1 (DER) PKCS8 private key file (not encrypted) */
f = XFOPEN(serverKeyPkcs8DerFile, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f);
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
/* test loading PEM PKCS8 private key file (not encrypted) */
f = XFOPEN(serverKeyPkcs8PemFile, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f);
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
#endif /* !NO_RSA */
/* Test PKCS8 PEM ECC key no crypt */
f = XFOPEN(eccPkcs8PrivKeyPemFile, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f);
#ifdef HAVE_ECC
/* Test PKCS8 PEM ECC key no crypt */
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
#ifndef NO_CODING
/* decrypt PKCS8 PEM to key in DER format */
AssertIntGT((bytes = wc_KeyPemToDer(buff, bytes, der,
(word32)sizeof(der), NULL)), 0);
ret = wc_ecc_init(&key);
if (ret == 0) {
ret = wc_EccPrivateKeyDecode(der, &x, &key, bytes);
wc_ecc_free(&key);
}
AssertIntEQ(ret, 0);
#endif
/* Test PKCS8 DER ECC key no crypt */
f = XFOPEN(eccPkcs8PrivKeyDerFile, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f);
/* Test using a PKCS8 ECC PEM */
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#else
/* if HAVE_ECC is not defined then BEGIN EC PRIVATE KEY is not found */
AssertIntEQ((bytes = wc_KeyPemToDer(buff, bytes, der,
(word32)sizeof(der), NULL)), ASN_NO_PEM_HEADER);
#endif /* HAVE_ECC */
wolfSSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* !NO_FILESYSTEM && !NO_ASN && HAVE_PKCS8 */
}
static void test_wolfSSL_PKCS8_ED25519(void)
{
#if !defined(NO_ASN) && defined(HAVE_PKCS8) && defined(HAVE_AES_CBC) && \
defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED25519) && \
defined(HAVE_ED25519_KEY_IMPORT)
const byte encPrivKey[] = \
"-----BEGIN ENCRYPTED PRIVATE KEY-----\n"
"MIGbMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAheCGLmWGh7+AICCAAw\n"
"DAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEC4L5P6GappsTyhOOoQfvh8EQJMX\n"
"OAdlsYKCOcFo4djg6AI1lRdeBRwVFWkha7gBdoCJOzS8wDvTbYcJMPvANu5ft3nl\n"
"2L9W4v7swXkV+X+a1ww=\n"
"-----END ENCRYPTED PRIVATE KEY-----\n";
const char password[] = "abcdefghijklmnopqrstuvwxyz";
byte der[FOURK_BUF];
WOLFSSL_CTX* ctx;
int bytes;
XMEMSET(der, 0, sizeof(der));
AssertIntGT((bytes = wc_KeyPemToDer(encPrivKey, sizeof(encPrivKey), der,
(word32)sizeof(der), password)), 0);
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#endif
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, bytes,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
wolfSSL_CTX_free(ctx);
#endif
}
static void test_wolfSSL_PKCS8_ED448(void)
{
#if !defined(NO_ASN) && defined(HAVE_PKCS8) && defined(HAVE_AES_CBC) && \
defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED448) && \
defined(HAVE_ED448_KEY_IMPORT)
const byte encPrivKey[] = \
"-----BEGIN ENCRYPTED PRIVATE KEY-----\n"
"MIGrMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAjSbZKnG4EPggICCAAw\n"
"DAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEFvCFWBBHBlJBsYleBJlJWcEUNC7\n"
"Tf5pZviT5Btar4D/MNg6BsQHSDf5KW4ix871EsgDY2Zz+euaoWspiMntz7gU+PQu\n"
"T/JJcbD2Ly8BbE3l5WHMifAQqNLxJBfXrHkfYtAo\n"
"-----END ENCRYPTED PRIVATE KEY-----\n";
const char password[] = "abcdefghijklmnopqrstuvwxyz";
byte der[FOURK_BUF];
WOLFSSL_CTX* ctx;
int bytes;
XMEMSET(der, 0, sizeof(der));
AssertIntGT((bytes = wc_KeyPemToDer(encPrivKey, sizeof(encPrivKey), der,
(word32)sizeof(der), password)), 0);
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#endif
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, bytes,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
wolfSSL_CTX_free(ctx);
#endif
}
/* Testing functions dealing with PKCS5 */
static void test_wolfSSL_PKCS5(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_SHA) && !defined(NO_PWDBASED)
#ifdef HAVE_FIPS /* Password minimum length is 14 (112-bit) in FIPS MODE */
const char* passwd = "myfipsPa$$W0rd";
#else
const char *passwd = "pass1234";
#endif
const unsigned char *salt = (unsigned char *)"salt1234";
unsigned char *out = (unsigned char *)XMALLOC(WC_SHA_DIGEST_SIZE, NULL,
DYNAMIC_TYPE_TMP_BUFFER);
int ret = 0;
AssertNotNull(out);
ret = PKCS5_PBKDF2_HMAC_SHA1(passwd,(int)XSTRLEN(passwd), salt,
(int)XSTRLEN((const char *) salt), 10,
WC_SHA_DIGEST_SIZE,out);
AssertIntEQ(ret, SSL_SUCCESS);
#ifdef WOLFSSL_SHA512
ret = PKCS5_PBKDF2_HMAC(passwd,(int)XSTRLEN(passwd), salt,
(int)XSTRLEN((const char *) salt), 10,
wolfSSL_EVP_sha512(), WC_SHA_DIGEST_SIZE, out);
AssertIntEQ(ret, SSL_SUCCESS);
#endif
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_SHA) */
}
/* test parsing URI from certificate */
static void test_wolfSSL_URI(void)
{
#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \
&& (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \
defined(OPENSSL_EXTRA))
WOLFSSL_X509* x509;
const char uri[] = "./certs/client-uri-cert.pem";
const char badUri[] = "./certs/client-relative-uri.pem";
printf(testingFmt, "wolfSSL URI parse");
x509 = wolfSSL_X509_load_certificate_file(uri, WOLFSSL_FILETYPE_PEM);
AssertNotNull(x509);
wolfSSL_FreeX509(x509);
x509 = wolfSSL_X509_load_certificate_file(badUri, WOLFSSL_FILETYPE_PEM);
#if !defined(IGNORE_NAME_CONSTRAINTS) && !defined(WOLFSSL_NO_ASN_STRICT)
AssertNull(x509);
#else
AssertNotNull(x509);
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_TBS(void)
{
#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \
&& defined(OPENSSL_EXTRA)
WOLFSSL_X509* x509;
const unsigned char* tbs;
int tbsSz;
printf(testingFmt, "wolfSSL TBS");
AssertNotNull(x509 =
wolfSSL_X509_load_certificate_file(caCertFile, WOLFSSL_FILETYPE_PEM));
AssertNull(tbs = wolfSSL_X509_get_tbs(NULL, &tbsSz));
AssertNull(tbs = wolfSSL_X509_get_tbs(x509, NULL));
AssertNotNull(tbs = wolfSSL_X509_get_tbs(x509, &tbsSz));
AssertIntEQ(tbsSz, 1003);
wolfSSL_FreeX509(x509);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_verify(void)
{
#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \
&& defined(OPENSSL_EXTRA)
WOLFSSL_X509* ca;
WOLFSSL_X509* serv;
WOLFSSL_EVP_PKEY* pkey;
unsigned char buf[2048];
const unsigned char* pt = NULL;
int bufSz;
printf(testingFmt, "wolfSSL X509 verify");
AssertNotNull(ca =
wolfSSL_X509_load_certificate_file(caCertFile, WOLFSSL_FILETYPE_PEM));
AssertIntNE(wolfSSL_X509_get_pubkey_buffer(NULL, buf, &bufSz),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, NULL, &bufSz),
WOLFSSL_SUCCESS);
AssertIntEQ(bufSz, 294);
bufSz = 2048;
AssertIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, buf, &bufSz),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_get_pubkey_type(NULL), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_X509_get_pubkey_type(ca), RSAk);
AssertNotNull(serv =
wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM));
/* success case */
pt = buf;
AssertNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz));
AssertIntEQ(i2d_PUBKEY(pkey, NULL), bufSz);
AssertIntEQ(wolfSSL_X509_verify(serv, pkey), WOLFSSL_SUCCESS);
wolfSSL_EVP_PKEY_free(pkey);
/* fail case */
bufSz = 2048;
AssertIntEQ(wolfSSL_X509_get_pubkey_buffer(serv, buf, &bufSz),
WOLFSSL_SUCCESS);
pt = buf;
AssertNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz));
AssertIntEQ(wolfSSL_X509_verify(serv, pkey), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_X509_verify(NULL, pkey), WOLFSSL_FATAL_ERROR);
AssertIntEQ(wolfSSL_X509_verify(serv, NULL), WOLFSSL_FATAL_ERROR);
wolfSSL_EVP_PKEY_free(pkey);
wolfSSL_FreeX509(ca);
wolfSSL_FreeX509(serv);
printf(resultFmt, passed);
#endif
}
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && !defined(NO_AES) && \
defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \
defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO)
/* create certificate with version 2 */
static void test_set_x509_badversion(WOLFSSL_CTX* ctx)
{
WOLFSSL_X509 *x509, *x509v2;
WOLFSSL_EVP_PKEY *priv, *pub;
unsigned char *der = NULL, *key = NULL, *pt;
char *header, *name;
int derSz;
long keySz;
XFILE fp;
WOLFSSL_ASN1_TIME *notBefore, *notAfter;
time_t t;
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
WOLFSSL_FILETYPE_PEM));
fp = XFOPEN(cliKeyFile, "rb");
AssertIntEQ(wolfSSL_PEM_read(fp, &name, &header, &key, &keySz),
WOLFSSL_SUCCESS);
XFCLOSE(fp);
pt = key;
AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
(const unsigned char**)&pt, keySz));
/* create the version 2 certificate */
AssertNotNull(x509v2 = X509_new());
AssertIntEQ(wolfSSL_X509_set_version(x509v2, 1), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_set_subject_name(x509v2,
wolfSSL_X509_get_subject_name(x509)), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509v2,
wolfSSL_X509_get_issuer_name(x509)), WOLFSSL_SUCCESS);
AssertNotNull(pub = wolfSSL_X509_get_pubkey(x509));
AssertIntEQ(X509_set_pubkey(x509v2, pub), WOLFSSL_SUCCESS);
t = time(NULL);
AssertNotNull(notBefore = wolfSSL_ASN1_TIME_adj(NULL, t, 0, 0));
AssertNotNull(notAfter = wolfSSL_ASN1_TIME_adj(NULL, t, 365, 0));
AssertTrue(wolfSSL_X509_set_notBefore(x509v2, notBefore));
AssertTrue(wolfSSL_X509_set_notAfter(x509v2, notAfter));
AssertIntGT(wolfSSL_X509_sign(x509v2, priv, EVP_sha256()), 0);
derSz = wolfSSL_i2d_X509(x509v2, &der);
AssertIntGT(derSz, 0);
AssertIntEQ(wolfSSL_CTX_use_certificate_buffer(ctx, der, derSz,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); /* TODO: Replace with API call */
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(name, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(header, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL_X509_free(x509);
wolfSSL_X509_free(x509v2);
wolfSSL_EVP_PKEY_free(priv);
wolfSSL_EVP_PKEY_free(pub);
wolfSSL_ASN1_TIME_free(notBefore);
wolfSSL_ASN1_TIME_free(notAfter);
}
/* override certificate version error */
static int test_override_x509(int preverify, WOLFSSL_X509_STORE_CTX* store)
{
#ifndef OPENSSL_COMPATIBLE_DEFAULTS
AssertIntEQ(store->error, ASN_VERSION_E);
#else
AssertIntEQ(store->error, 0);
#endif
AssertIntEQ((int)wolfSSL_X509_get_version(store->current_cert), 1);
(void)preverify;
return 1;
}
/* set verify callback that will override bad certificate version */
static void test_set_override_x509(WOLFSSL_CTX* ctx)
{
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, test_override_x509);
}
#endif
static void test_wolfSSL_X509_TLS_version(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && !defined(NO_AES) && \
defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \
defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO)
tcp_ready ready;
func_args server_args;
func_args client_args;
THREAD_TYPE serverThread;
callback_functions func_cb_client;
callback_functions func_cb_server;
printf(testingFmt, "test_wolfSSL_X509_TLS_version");
/* test server rejects a client certificate that is not version 3 */
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
XMEMSET(&server_args, 0, sizeof(func_args));
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
StartTCP();
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
server_args.signal = &ready;
client_args.signal = &ready;
server_args.return_code = TEST_FAIL;
client_args.return_code = TEST_FAIL;
func_cb_client.ctx_ready = &test_set_x509_badversion;
#ifndef WOLFSSL_NO_TLS12
func_cb_client.method = wolfTLSv1_2_client_method;
#else
func_cb_client.method = wolfTLSv1_3_client_method;
#endif
client_args.callbacks = &func_cb_client;
#ifndef WOLFSSL_NO_TLS12
func_cb_server.method = wolfTLSv1_2_server_method;
#else
func_cb_server.method = wolfTLSv1_3_server_method;
#endif
server_args.callbacks = &func_cb_server;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args, NULL);
join_thread(serverThread);
#ifndef OPENSSL_COMPATIBLE_DEFAULTS
AssertIntEQ(client_args.return_code, TEST_FAIL);
AssertIntEQ(server_args.return_code, TEST_FAIL);
#else
AssertIntEQ(client_args.return_code, TEST_SUCCESS);
AssertIntEQ(server_args.return_code, TEST_SUCCESS);
#endif
FreeTcpReady(&ready);
#ifdef WOLFSSL_TIRTOS
fdCloseSession(Task_self());
#endif
/* Now re run but override the bad X509 version */
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
XMEMSET(&server_args, 0, sizeof(func_args));
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
StartTCP();
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
server_args.signal = &ready;
client_args.signal = &ready;
server_args.return_code = TEST_FAIL;
client_args.return_code = TEST_FAIL;
func_cb_client.ctx_ready = &test_set_x509_badversion;
func_cb_server.ctx_ready = &test_set_override_x509;
#ifndef WOLFSSL_NO_TLS12
func_cb_client.method = wolfTLSv1_2_client_method;
#else
func_cb_client.method = wolfTLSv1_3_client_method;
#endif
client_args.callbacks = &func_cb_client;
#ifndef WOLFSSL_NO_TLS12
func_cb_server.method = wolfTLSv1_2_server_method;
#else
func_cb_server.method = wolfTLSv1_3_server_method;
#endif
server_args.callbacks = &func_cb_server;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args, NULL);
join_thread(serverThread);
AssertIntEQ(client_args.return_code, TEST_SUCCESS);
AssertIntEQ(server_args.return_code, TEST_SUCCESS);
FreeTcpReady(&ready);
#ifdef WOLFSSL_TIRTOS
fdCloseSession(Task_self());
#endif
printf(resultFmt, passed);
#endif
}
/* Testing function wolfSSL_CTX_SetMinVersion; sets the minimum downgrade
* version allowed.
* POST: 1 on success.
*/
static int test_wolfSSL_CTX_SetMinVersion(void)
{
int failFlag = WOLFSSL_SUCCESS;
#ifndef NO_WOLFSSL_CLIENT
WOLFSSL_CTX* ctx;
int itr;
#ifndef NO_OLD_TLS
const int versions[] = {
#ifdef WOLFSSL_ALLOW_TLSV10
WOLFSSL_TLSV1,
#endif
WOLFSSL_TLSV1_1,
WOLFSSL_TLSV1_2 };
#elif !defined(WOLFSSL_NO_TLS12)
const int versions[] = { WOLFSSL_TLSV1_2 };
#elif defined(WOLFSSL_TLS13)
const int versions[] = { WOLFSSL_TLSV1_3 };
#else
const int versions[0];
#endif
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
printf(testingFmt, "wolfSSL_CTX_SetMinVersion()");
for (itr = 0; itr < (int)(sizeof(versions)/sizeof(int)); itr++){
if(wolfSSL_CTX_SetMinVersion(ctx, *(versions + itr)) != WOLFSSL_SUCCESS){
failFlag = WOLFSSL_FAILURE;
}
}
printf(resultFmt, failFlag == WOLFSSL_SUCCESS ? passed : failed);
wolfSSL_CTX_free(ctx);
#endif
return failFlag;
} /* END test_wolfSSL_CTX_SetMinVersion */
/*----------------------------------------------------------------------------*
| OCSP Stapling
*----------------------------------------------------------------------------*/
/* Testing wolfSSL_UseOCSPStapling function. OCSP stapling eliminates the need
* need to contact the CA, lowering the cost of cert revocation checking.
* PRE: HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST
* POST: 1 returned for success.
*/
static int test_wolfSSL_UseOCSPStapling(void)
{
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && defined(HAVE_OCSP) && \
!defined(NO_WOLFSSL_CLIENT)
int ret;
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
#else
ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
#endif
#else
#ifndef WOLFSSL_NO_TLS12
ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
#else
ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method());
#endif
#endif
ssl = wolfSSL_new(ctx);
printf(testingFmt, "wolfSSL_UseOCSPStapling()");
ret = wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE);
printf(resultFmt, ret == WOLFSSL_SUCCESS ? passed : failed);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
return ret;
#else
return WOLFSSL_SUCCESS;
#endif
} /*END test_wolfSSL_UseOCSPStapling */
/* Testing OCSP stapling version 2, wolfSSL_UseOCSPStaplingV2 function. OCSP
* stapling eliminates the need to contact the CA and lowers cert revocation
* check.
* PRE: HAVE_CERTIFICATE_STATUS_REQUEST_V2 and HAVE_OCSP defined.
*/
static int test_wolfSSL_UseOCSPStaplingV2 (void)
{
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && defined(HAVE_OCSP) && \
!defined(NO_WOLFSSL_CLIENT)
int ret;
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
#else
ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
#endif
#else
#ifndef WOLFSSL_NO_TLS12
ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
#else
ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method());
#endif
#endif
ssl = wolfSSL_new(ctx);
printf(testingFmt, "wolfSSL_UseOCSPStaplingV2()");
ret = wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP,
WOLFSSL_CSR2_OCSP_USE_NONCE );
printf(resultFmt, ret == WOLFSSL_SUCCESS ? passed : failed);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
return ret;
#else
return WOLFSSL_SUCCESS;
#endif
} /*END test_wolfSSL_UseOCSPStaplingV2*/
/*----------------------------------------------------------------------------*
| Multicast Tests
*----------------------------------------------------------------------------*/
static void test_wolfSSL_mcast(void)
{
#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_MULTICAST) && \
(defined(WOLFSSL_TLS13) || defined(WOLFSSL_SNIFFER))
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
int result;
byte preMasterSecret[512];
byte clientRandom[32];
byte serverRandom[32];
byte suite[2] = {0, 0xfe}; /* WDM_WITH_NULL_SHA256 */
byte buf[256];
word16 newId;
ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method());
AssertNotNull(ctx);
result = wolfSSL_CTX_mcast_set_member_id(ctx, 0);
AssertIntEQ(result, WOLFSSL_SUCCESS);
ssl = wolfSSL_new(ctx);
AssertNotNull(ssl);
XMEMSET(preMasterSecret, 0x23, sizeof(preMasterSecret));
XMEMSET(clientRandom, 0xA5, sizeof(clientRandom));
XMEMSET(serverRandom, 0x5A, sizeof(serverRandom));
result = wolfSSL_set_secret(ssl, 23,
preMasterSecret, sizeof(preMasterSecret),
clientRandom, serverRandom, suite);
AssertIntEQ(result, WOLFSSL_SUCCESS);
result = wolfSSL_mcast_read(ssl, &newId, buf, sizeof(buf));
AssertIntLE(result, 0);
AssertIntLE(newId, 100);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif /* WOLFSSL_DTLS && WOLFSSL_MULTICAST && (WOLFSSL_TLS13 || WOLFSSL_SNIFFER) */
}
/*----------------------------------------------------------------------------*
| Wolfcrypt
*----------------------------------------------------------------------------*/
/*
* Unit test for the wc_InitBlake2b()
*/
static int test_wc_InitBlake2b (void)
{
int ret = 0;
#ifdef HAVE_BLAKE2
Blake2b blake;
printf(testingFmt, "wc_InitBlake2B()");
/* Test good arg. */
ret = wc_InitBlake2b(&blake, 64);
if (ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
/* Test bad arg. */
if (!ret) {
ret = wc_InitBlake2b(NULL, 64);
if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
} else {
ret = 0;
}
}
if (!ret) {
ret = wc_InitBlake2b(NULL, 128);
if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
} else {
ret = 0;
}
}
if (!ret) {
ret = wc_InitBlake2b(&blake, 128);
if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
} else {
ret = 0;
}
}
if (!ret) {
ret = wc_InitBlake2b(NULL, 0);
if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
} else {
ret = 0;
}
}
if (!ret) {
ret = wc_InitBlake2b(&blake, 0);
if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
} else {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /*END test_wc_InitBlake2b*/
/*
* Unit test for the wc_InitBlake2b_WithKey()
*/
static int test_wc_InitBlake2b_WithKey (void)
{
int ret = 0;
#ifdef HAVE_BLAKE2
Blake2b blake;
word32 digestSz = BLAKE2B_KEYBYTES;
byte key[BLAKE2B_KEYBYTES];
word32 keylen = BLAKE2B_KEYBYTES;
printf(testingFmt, "wc_InitBlake2b_WithKey()");
/* Test good arg. */
ret = wc_InitBlake2b_WithKey(&blake, digestSz, key, keylen);
if (ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
/* Test bad args. */
if (ret == 0) {
ret = wc_InitBlake2b_WithKey(NULL, digestSz, key, keylen);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_InitBlake2b_WithKey(&blake, digestSz, key, 256);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_InitBlake2b_WithKey(&blake, digestSz, NULL, keylen);
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /*END wc_InitBlake2b_WithKey*/
/*
* Unit test for the wc_InitBlake2s_WithKey()
*/
static int test_wc_InitBlake2s_WithKey (void)
{
int ret = 0;
#ifdef HAVE_BLAKE2S
Blake2s blake;
word32 digestSz = BLAKE2S_KEYBYTES;
byte *key = (byte*)"01234567890123456789012345678901";
word32 keylen = BLAKE2S_KEYBYTES;
printf(testingFmt, "wc_InitBlake2s_WithKey()");
/* Test good arg. */
ret = wc_InitBlake2s_WithKey(&blake, digestSz, key, keylen);
if (ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
/* Test bad args. */
if (ret == 0) {
ret = wc_InitBlake2s_WithKey(NULL, digestSz, key, keylen);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_InitBlake2s_WithKey(&blake, digestSz, key, 256);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_InitBlake2s_WithKey(&blake, digestSz, NULL, keylen);
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /*END wc_InitBlake2s_WithKey*/
/*
* Unit test for the wc_InitMd5()
*/
static int test_wc_InitMd5 (void)
{
int flag = 0;
#ifndef NO_MD5
wc_Md5 md5;
int ret;
printf(testingFmt, "wc_InitMd5()");
/* Test good arg. */
ret = wc_InitMd5(&md5);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
/* Test bad arg. */
if (!flag) {
ret = wc_InitMd5(NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Md5Free(&md5);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_InitMd5 */
/*
* Testing wc_UpdateMd5()
*/
static int test_wc_Md5Update (void)
{
int flag = 0;
#ifndef NO_MD5
wc_Md5 md5;
byte hash[WC_MD5_DIGEST_SIZE];
testVector a, b, c;
int ret;
ret = wc_InitMd5(&md5);
if (ret != 0) {
flag = ret;
}
printf(testingFmt, "wc_Md5Update()");
/* Input */
if (!flag) {
a.input = "a";
a.inLen = XSTRLEN(a.input);
ret = wc_Md5Update(&md5, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_Md5Final(&md5, hash);
if (ret != 0) {
flag = ret;
}
}
/* Update input. */
if (!flag) {
a.input = "abc";
a.output = "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f"
"\x72";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
ret = wc_Md5Update(&md5, (byte*) a.input, (word32) a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_Md5Final(&md5, hash);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
if (XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
/*Pass in bad values. */
if (!flag) {
b.input = NULL;
b.inLen = 0;
ret = wc_Md5Update(&md5, (byte*)b.input, (word32)b.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
c.input = NULL;
c.inLen = WC_MD5_DIGEST_SIZE;
ret = wc_Md5Update(&md5, (byte*)c.input, (word32)c.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Md5Update(NULL, (byte*)a.input, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Md5Free(&md5);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Md5Update() */
/*
* Unit test on wc_Md5Final() in wolfcrypt/src/md5.c
*/
static int test_wc_Md5Final (void)
{
int flag = 0;
#ifndef NO_MD5
/* Instantiate */
wc_Md5 md5;
byte* hash_test[3];
byte hash1[WC_MD5_DIGEST_SIZE];
byte hash2[2*WC_MD5_DIGEST_SIZE];
byte hash3[5*WC_MD5_DIGEST_SIZE];
int times, i, ret;
/* Initialize */
ret = wc_InitMd5(&md5);
if (ret != 0) {
flag = ret;
}
if (!flag) {
hash_test[0] = hash1;
hash_test[1] = hash2;
hash_test[2] = hash3;
}
times = sizeof(hash_test)/sizeof(byte*);
/* Test good args. */
printf(testingFmt, "wc_Md5Final()");
for (i = 0; i < times; i++) {
if (!flag) {
ret = wc_Md5Final(&md5, hash_test[i]);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
}
/* Test bad args. */
if (!flag) {
ret = wc_Md5Final(NULL, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Md5Final(NULL, hash1);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Md5Final(&md5, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Md5Free(&md5);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
}
/*
* Unit test for the wc_InitSha()
*/
static int test_wc_InitSha(void)
{
int flag = 0;
#ifndef NO_SHA
wc_Sha sha;
int ret;
printf(testingFmt, "wc_InitSha()");
/* Test good arg. */
ret = wc_InitSha(&sha);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
/* Test bad arg. */
if (!flag) {
ret = wc_InitSha(NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_ShaFree(&sha);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_InitSha */
/*
* Tesing wc_ShaUpdate()
*/
static int test_wc_ShaUpdate (void)
{
int flag = 0;
#ifndef NO_SHA
wc_Sha sha;
byte hash[WC_SHA_DIGEST_SIZE];
testVector a, b, c;
int ret;
ret = wc_InitSha(&sha);
if (ret != 0) {
flag = ret;
}
printf(testingFmt, "wc_ShaUpdate()");
/* Input. */
if (!flag) {
a.input = "a";
a.inLen = XSTRLEN(a.input);
ret = wc_ShaUpdate(&sha, NULL, 0);
if (ret != 0) {
flag = ret;
}
ret = wc_ShaUpdate(&sha, (byte*)a.input, 0);
if (ret != 0) {
flag = ret;
}
ret = wc_ShaUpdate(&sha, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_ShaFinal(&sha, hash);
if (ret != 0) {
flag = ret;
}
}
/* Update input. */
if (!flag) {
a.input = "abc";
a.output = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2"
"\x6C\x9C\xD0\xD8\x9D";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
ret = wc_ShaUpdate(&sha, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_ShaFinal(&sha, hash);
if (ret !=0) {
flag = ret;
}
}
if (!flag) {
if (XMEMCMP(hash, a.output, WC_SHA_DIGEST_SIZE) != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
/* Try passing in bad values. */
if (!flag) {
b.input = NULL;
b.inLen = 0;
ret = wc_ShaUpdate(&sha, (byte*)b.input, (word32)b.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
c.input = NULL;
c.inLen = WC_SHA_DIGEST_SIZE;
ret = wc_ShaUpdate(&sha, (byte*)c.input, (word32)c.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_ShaUpdate(NULL, (byte*)a.input, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_ShaFree(&sha);
/* If not returned then the unit test passed test vectors. */
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_ShaUpdate() */
/*
* Unit test on wc_ShaFinal
*/
static int test_wc_ShaFinal (void)
{
int flag = 0;
#ifndef NO_SHA
wc_Sha sha;
byte* hash_test[3];
byte hash1[WC_SHA_DIGEST_SIZE];
byte hash2[2*WC_SHA_DIGEST_SIZE];
byte hash3[5*WC_SHA_DIGEST_SIZE];
int times, i, ret;
/*Initialize*/
ret = wc_InitSha(&sha);
if (ret) {
flag = ret;
}
if (!flag) {
hash_test[0] = hash1;
hash_test[1] = hash2;
hash_test[2] = hash3;
}
times = sizeof(hash_test)/sizeof(byte*);
/* Good test args. */
printf(testingFmt, "wc_ShaFinal()");
for (i = 0; i < times; i++) {
if (!flag) {
ret = wc_ShaFinal(&sha, hash_test[i]);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
}
/* Test bad args. */
if (!flag) {
ret = wc_ShaFinal(NULL, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_ShaFinal(NULL, hash1);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_ShaFinal(&sha, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_ShaFree(&sha);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_ShaFinal */
/*
* Unit test for wc_InitSha256()
*/
static int test_wc_InitSha256 (void)
{
int flag = 0;
#ifndef NO_SHA256
wc_Sha256 sha256;
int ret;
printf(testingFmt, "wc_InitSha256()");
/* Test good arg. */
ret = wc_InitSha256(&sha256);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
/* Test bad arg. */
if (!flag) {
ret = wc_InitSha256(NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha256Free(&sha256);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_InitSha256 */
/*
* Unit test for wc_Sha256Update()
*/
static int test_wc_Sha256Update (void)
{
int flag = 0;
#ifndef NO_SHA256
wc_Sha256 sha256;
byte hash[WC_SHA256_DIGEST_SIZE];
testVector a, b, c;
int ret;
ret = wc_InitSha256(&sha256);
if (ret != 0) {
flag = ret;
}
printf(testingFmt, "wc_Sha256Update()");
/* Input. */
if (!flag) {
a.input = "a";
a.inLen = XSTRLEN(a.input);
ret = wc_Sha256Update(&sha256, NULL, 0);
if (ret != 0) {
flag = ret;
}
ret = wc_Sha256Update(&sha256, (byte*)a.input, 0);
if (ret != 0) {
flag = ret;
}
ret = wc_Sha256Update(&sha256, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_Sha256Final(&sha256, hash);
if (ret != 0) {
flag = ret;
}
}
/* Update input. */
if (!flag) {
a.input = "abc";
a.output = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
"\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
"\x15\xAD";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
ret = wc_Sha256Update(&sha256, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_Sha256Final(&sha256, hash);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
if (XMEMCMP(hash, a.output, WC_SHA256_DIGEST_SIZE) != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
/* Try passing in bad values */
if (!flag) {
b.input = NULL;
b.inLen = 0;
ret = wc_Sha256Update(&sha256, (byte*)b.input, (word32)b.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
c.input = NULL;
c.inLen = WC_SHA256_DIGEST_SIZE;
ret = wc_Sha256Update(&sha256, (byte*)c.input, (word32)c.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha256Update(NULL, (byte*)a.input, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha256Free(&sha256);
/* If not returned then the unit test passed. */
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha256Update */
/*
* Unit test function for wc_Sha256Final()
*/
static int test_wc_Sha256Final (void)
{
int flag = 0;
#ifndef NO_SHA256
wc_Sha256 sha256;
byte* hash_test[3];
byte hash1[WC_SHA256_DIGEST_SIZE];
byte hash2[2*WC_SHA256_DIGEST_SIZE];
byte hash3[5*WC_SHA256_DIGEST_SIZE];
int times, i, ret;
/* Initialize */
ret = wc_InitSha256(&sha256);
if (ret != 0) {
flag = ret;
}
if (!flag) {
hash_test[0] = hash1;
hash_test[1] = hash2;
hash_test[2] = hash3;
}
times = sizeof(hash_test) / sizeof(byte*);
/* Good test args. */
printf(testingFmt, "wc_Sha256Final()");
for (i = 0; i < times; i++) {
if (!flag) {
ret = wc_Sha256Final(&sha256, hash_test[i]);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
}
/* Test bad args. */
if (!flag ) {
ret = wc_Sha256Final(NULL, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha256Final(NULL, hash1);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha256Final(&sha256, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha256Free(&sha256);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha256Final */
/*
* Unit test function for wc_Sha256FinalRaw()
*/
static int test_wc_Sha256FinalRaw (void)
{
int flag = 0;
#if !defined(NO_SHA256) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_DEVCRYPTO) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3))) && \
!defined(WOLFSSL_NO_HASH_RAW)
wc_Sha256 sha256;
byte* hash_test[3];
byte hash1[WC_SHA256_DIGEST_SIZE];
byte hash2[2*WC_SHA256_DIGEST_SIZE];
byte hash3[5*WC_SHA256_DIGEST_SIZE];
int times, i, ret;
/* Initialize */
ret = wc_InitSha256(&sha256);
if (ret != 0) {
flag = ret;
}
if (!flag) {
hash_test[0] = hash1;
hash_test[1] = hash2;
hash_test[2] = hash3;
}
times = sizeof(hash_test) / sizeof(byte*);
/* Good test args. */
printf(testingFmt, "wc_Sha256FinalRaw()");
for (i = 0; i < times; i++) {
if (!flag) {
ret = wc_Sha256FinalRaw(&sha256, hash_test[i]);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
}
/* Test bad args. */
if (!flag ) {
ret = wc_Sha256FinalRaw(NULL, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha256FinalRaw(NULL, hash1);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha256FinalRaw(&sha256, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha256Free(&sha256);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha256FinalRaw */
/*
* Unit test function for wc_Sha256GetFlags()
*/
static int test_wc_Sha256GetFlags (void)
{
int flag = 0;
#if !defined(NO_SHA256) && defined(WOLFSSL_HASH_FLAGS)
wc_Sha256 sha256;
word32 flags = 0;
printf(testingFmt, "wc_Sha256GetFlags()");
/* Initialize */
flag = wc_InitSha256(&sha256);
if (flag == 0) {
flag = wc_Sha256GetFlags(&sha256, &flags);
}
if (flag == 0) {
if (flags & WC_HASH_FLAG_ISCOPY) {
flag = 0;
}
}
wc_Sha256Free(&sha256);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha256GetFlags */
/*
* Unit test function for wc_Sha256Free()
*/
static int test_wc_Sha256Free (void)
{
int flag = 0;
#ifndef NO_SHA256
printf(testingFmt, "wc_Sha256Free()");
wc_Sha256Free(NULL);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha256Free */
/*
* Unit test function for wc_Sha256GetHash()
*/
static int test_wc_Sha256GetHash (void)
{
int flag = 0;
#ifndef NO_SHA256
wc_Sha256 sha256;
byte hash1[WC_SHA256_DIGEST_SIZE];
printf(testingFmt, "wc_Sha256GetHash()");
/* Initialize */
flag = wc_InitSha256(&sha256);
if (flag == 0) {
flag = wc_Sha256GetHash(&sha256, hash1);
}
/*test bad arguements*/
if (flag == 0) {
flag = wc_Sha256GetHash(NULL, NULL);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
if (flag == 0) {
flag = wc_Sha256GetHash(NULL, hash1);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
if (flag == 0) {
flag = wc_Sha256GetHash(&sha256, NULL);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
wc_Sha256Free(&sha256);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha256GetHash */
/*
* Unit test function for wc_Sha256Copy()
*/
static int test_wc_Sha256Copy (void)
{
int flag = 0;
#ifndef NO_SHA256
wc_Sha256 sha256;
wc_Sha256 temp;
printf(testingFmt, "wc_Sha256Copy()");
/* Initialize */
flag = wc_InitSha256(&sha256);
if (flag == 0) {
flag = wc_InitSha256(&temp);
}
if (flag == 0) {
flag = wc_Sha256Copy(&sha256, &temp);
}
/*test bad arguements*/
if (flag == 0) {
flag = wc_Sha256Copy(NULL, NULL);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
if (flag == 0) {
flag = wc_Sha256Copy(NULL, &temp);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
if (flag == 0) {
flag = wc_Sha256Copy(&sha256, NULL);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
wc_Sha256Free(&sha256);
wc_Sha256Free(&temp);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha256Copy */
/*
* Testing wc_InitSha512()
*/
static int test_wc_InitSha512 (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA512
wc_Sha512 sha512;
int ret;
printf(testingFmt, "wc_InitSha512()");
/* Test good arg. */
ret = wc_InitSha512(&sha512);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
/* Test bad arg. */
if (!flag) {
ret = wc_InitSha512(NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha512Free(&sha512);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_InitSha512 */
/*
* wc_Sha512Update() test.
*/
static int test_wc_Sha512Update (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA512
wc_Sha512 sha512;
byte hash[WC_SHA512_DIGEST_SIZE];
testVector a, b, c;
int ret;
ret = wc_InitSha512(&sha512);
if (ret != 0) {
flag = ret;
}
printf(testingFmt, "wc_Sha512Update()");
/* Input. */
if (!flag) {
a.input = "a";
a.inLen = XSTRLEN(a.input);
ret = wc_Sha512Update(&sha512, NULL, 0);
if (ret != 0) {
flag = ret;
}
ret = wc_Sha512Update(&sha512,(byte*)a.input, 0);
if (ret != 0) {
flag = ret;
}
ret = wc_Sha512Update(&sha512, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
ret = wc_Sha512Final(&sha512, hash);
if (ret != 0) {
flag = ret;
}
}
/* Update input. */
if (!flag) {
a.input = "abc";
a.output = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41"
"\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b"
"\x55\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c"
"\x23\xa3\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a"
"\x9a\xc9\x4f\xa5\x4c\xa4\x9f";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
ret = wc_Sha512Update(&sha512, (byte*) a.input, (word32) a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_Sha512Final(&sha512, hash);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
if (XMEMCMP(hash, a.output, WC_SHA512_DIGEST_SIZE) != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
/* Try passing in bad values */
if (!flag) {
b.input = NULL;
b.inLen = 0;
ret = wc_Sha512Update(&sha512, (byte*)b.input, (word32)b.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
c.input = NULL;
c.inLen = WC_SHA512_DIGEST_SIZE;
ret = wc_Sha512Update(&sha512, (byte*)c.input, (word32)c.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha512Update(NULL, (byte*)a.input, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha512Free(&sha512);
/* If not returned then the unit test passed test vectors. */
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha512Update */
#ifdef WOLFSSL_SHA512
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
(!defined(WOLFSSL_NOSHA512_224) || !defined(WOLFSSL_NOSHA512_256))
/* Perfoms test for
* - wc_Sha512Final/wc_Sha512FinalRaw
* - wc_Sha512_224Final/wc_Sha512_224Final
* - wc_Sha512_256Final/wc_Sha512_256Final
* parameter:
* - type : must be one of WC_HASH_TYPE_SHA512, WC_HASH_TYPE_SHA512_224 or
* WC_HASH_TYPE_SHA512_256
* - isRaw: if is non-zero, xxxFinalRaw function will be tested
*return 0 on success
*/
static int test_Sha512_Family_Final(int type, int isRaw)
{
wc_Sha512 sha512;
byte* hash_test[3];
byte hash1[WC_SHA512_DIGEST_SIZE];
byte hash2[2*WC_SHA512_DIGEST_SIZE];
byte hash3[5*WC_SHA512_DIGEST_SIZE];
int times, i, ret;
int(*initFp)(wc_Sha512*);
int(*finalFp)(wc_Sha512*, byte*);
void(*freeFp)(wc_Sha512*);
if (type == WC_HASH_TYPE_SHA512) {
initFp = wc_InitSha512;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
!defined(WOLFSSL_NO_HASH_RAW)
finalFp = (isRaw)? wc_Sha512FinalRaw : wc_Sha512Final;
#else
finalFp = (isRaw)? NULL : wc_Sha512Final;
#endif
freeFp = wc_Sha512Free;
}
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if !defined(WOLFSSL_NOSHA512_224)
else if (type == WC_HASH_TYPE_SHA512_224) {
initFp = wc_InitSha512_224;
#if !defined(WOLFSSL_NO_HASH_RAW)
finalFp = (isRaw)? wc_Sha512_224FinalRaw : wc_Sha512_224Final;
#else
finalFp = (isRaw)? NULL : wc_Sha512_224Final;
#endif
freeFp = wc_Sha512_224Free;
}
#endif
#if !defined(WOLFSSL_NOSHA512_256)
else if (type == WC_HASH_TYPE_SHA512_256) {
initFp = wc_InitSha512_256;
#if !defined(WOLFSSL_NO_HASH_RAW)
finalFp = (isRaw)? wc_Sha512_256FinalRaw : wc_Sha512_256Final;
#else
finalFp = (isRaw)? NULL : wc_Sha512_256Final;
#endif
freeFp = wc_Sha512_256Free;
}
#endif
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
else
return BAD_FUNC_ARG;
/* Initialize */
ret = initFp(&sha512);
if (!ret) {
hash_test[0] = hash1;
hash_test[1] = hash2;
hash_test[2] = hash3;
}
times = sizeof(hash_test) / sizeof(byte *);
/* Good test args. */
for (i = 0; i < times && ret == 0; i++) {
ret = finalFp(&sha512, hash_test[i]);
}
/* Test bad args. */
if (!ret) {
if (finalFp(NULL, NULL) != BAD_FUNC_ARG) {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (!ret) {
if (finalFp(NULL, hash1) != BAD_FUNC_ARG) {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (!ret) {
if (finalFp(&sha512, NULL) != BAD_FUNC_ARG) {
ret = WOLFSSL_FATAL_ERROR;
}
}
freeFp(&sha512);
return ret;
}
#endif /* !HAVE_FIPS && !HAVE_SELFTEST &&
(!WOLFSSL_NOSHA512_224 || !WOLFSSL_NOSHA512_256) */
#endif /* WOLFSSL_SHA512 */
/*
* Unit test function for wc_Sha512Final()
*/
static int test_wc_Sha512Final (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA512
wc_Sha512 sha512;
byte* hash_test[3];
byte hash1[WC_SHA512_DIGEST_SIZE];
byte hash2[2*WC_SHA512_DIGEST_SIZE];
byte hash3[5*WC_SHA512_DIGEST_SIZE];
int times, i, ret;
/* Initialize */
ret = wc_InitSha512(&sha512);
if (ret != 0) {
flag = ret;
}
if (!flag) {
hash_test[0] = hash1;
hash_test[1] = hash2;
hash_test[2] = hash3;
}
times = sizeof(hash_test) / sizeof(byte *);
/* Good test args. */
printf(testingFmt, "wc_Sha512Final()");
for (i = 0; i < times; i++) {
if (!flag) {
ret = wc_Sha512Final(&sha512, hash_test[i]);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
}
/* Test bad args. */
if (!flag) {
ret = wc_Sha512Final(NULL, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
if (!flag) {}
ret = wc_Sha512Final(NULL, hash1);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha512Final(&sha512, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha512Free(&sha512);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha512Final */
/*
* Unit test function for wc_Sha512GetFlags()
*/
static int test_wc_Sha512GetFlags (void)
{
int flag = 0;
#if defined(WOLFSSL_SHA512) && defined(WOLFSSL_HASH_FLAGS)
wc_Sha512 sha512;
word32 flags = 0;
printf(testingFmt, "wc_Sha512GetFlags()");
/* Initialize */
flag = wc_InitSha512(&sha512);
if (flag == 0) {
flag = wc_Sha512GetFlags(&sha512, &flags);
}
if (flag == 0) {
if (flags & WC_HASH_FLAG_ISCOPY) {
flag = 0;
}
}
wc_Sha512Free(&sha512);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha512GetFlags */
/*
* Unit test function for wc_Sha512FinalRaw()
*/
static int test_wc_Sha512FinalRaw (void)
{
int flag = 0;
#if (defined(WOLFSSL_SHA512) && !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)))) && \
!defined(WOLFSSL_NO_HASH_RAW)
wc_Sha512 sha512;
byte* hash_test[3];
byte hash1[WC_SHA512_DIGEST_SIZE];
byte hash2[2*WC_SHA512_DIGEST_SIZE];
byte hash3[5*WC_SHA512_DIGEST_SIZE];
int times, i, ret;
/* Initialize */
ret = wc_InitSha512(&sha512);
if (ret != 0) {
flag = ret;
}
if (!flag) {
hash_test[0] = hash1;
hash_test[1] = hash2;
hash_test[2] = hash3;
}
times = sizeof(hash_test) / sizeof(byte*);
/* Good test args. */
printf(testingFmt, "wc_Sha512FinalRaw()");
for (i = 0; i < times; i++) {
if (!flag) {
ret = wc_Sha512FinalRaw(&sha512, hash_test[i]);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
}
/* Test bad args. */
if (!flag ) {
ret = wc_Sha512FinalRaw(NULL, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha512FinalRaw(NULL, hash1);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha512FinalRaw(&sha512, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha512Free(&sha512);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha512FinalRaw */
/*
* Unit test function for wc_Sha512Free()
*/
static int test_wc_Sha512Free (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA512
printf(testingFmt, "wc_Sha512Free()");
wc_Sha512Free(NULL);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha512Free */
#ifdef WOLFSSL_SHA512
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
(!defined(WOLFSSL_NOSHA512_224) || !defined(WOLFSSL_NOSHA512_256))
static int test_Sha512_Family_GetHash(int type )
{
int flag = 0;
int(*initFp)(wc_Sha512*);
int(*ghashFp)(wc_Sha512*, byte*);
wc_Sha512 sha512;
byte hash1[WC_SHA512_DIGEST_SIZE];
if (type == WC_HASH_TYPE_SHA512) {
initFp = wc_InitSha512;
ghashFp = wc_Sha512GetHash;
}
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if !defined(WOLFSSL_NOSHA512_224)
else if (type == WC_HASH_TYPE_SHA512_224) {
initFp = wc_InitSha512_224;
ghashFp = wc_Sha512_224GetHash;
}
#endif
#if !defined(WOLFSSL_NOSHA512_256)
else if (type == WC_HASH_TYPE_SHA512_256) {
initFp = wc_InitSha512_256;
ghashFp = wc_Sha512_256GetHash;
}
#endif
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
else {
initFp = NULL;
ghashFp = NULL;
}
if (initFp == NULL || ghashFp == NULL)
return WOLFSSL_FATAL_ERROR;
if (!flag) {
flag = initFp(&sha512);
}
if (!flag) {
flag = ghashFp(&sha512, hash1);
}
/*test bad arguements*/
if (!flag) {
if (ghashFp(NULL, NULL) != BAD_FUNC_ARG )
flag = WOLFSSL_FATAL_ERROR;
}
if (!flag) {
if (ghashFp(NULL, hash1) != BAD_FUNC_ARG )
flag = WOLFSSL_FATAL_ERROR;
}
if (!flag) {
if (ghashFp(&sha512, NULL) != BAD_FUNC_ARG )
flag = WOLFSSL_FATAL_ERROR;
}
wc_Sha512Free(&sha512);
return flag;
}
#endif /* !HAVE_FIPS && !HAVE_SELFTEST &&
(!WOLFSSL_NOSHA512_224 || !WOLFSSL_NOSHA512_256) */
#endif /* WOLFSSL_SHA512 */
/*
* Unit test function for wc_Sha512GetHash()
*/
static int test_wc_Sha512GetHash (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA512
wc_Sha512 sha512;
byte hash1[WC_SHA512_DIGEST_SIZE];
printf(testingFmt, "wc_Sha512GetHash()");
/* Initialize */
flag = wc_InitSha512(&sha512);
if (flag == 0) {
flag = wc_Sha512GetHash(&sha512, hash1);
}
/*test bad arguements*/
if (flag == 0) {
flag = wc_Sha512GetHash(NULL, NULL);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
if (flag == 0) {
flag = wc_Sha512GetHash(NULL, hash1);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
if (flag == 0) {
flag = wc_Sha512GetHash(&sha512, NULL);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
wc_Sha512Free(&sha512);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha512GetHash */
/*
* Unit test function for wc_Sha512Copy()
*/
static int test_wc_Sha512Copy (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA512
wc_Sha512 sha512;
wc_Sha512 temp;
printf(testingFmt, "wc_Sha512Copy()");
/* Initialize */
flag = wc_InitSha512(&sha512);
if (flag == 0) {
flag = wc_InitSha512(&temp);
}
if (flag == 0) {
flag = wc_Sha512Copy(&sha512, &temp);
}
/*test bad arguements*/
if (flag == 0) {
flag = wc_Sha512Copy(NULL, NULL);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
if (flag == 0) {
flag = wc_Sha512Copy(NULL, &temp);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
if (flag == 0) {
flag = wc_Sha512Copy(&sha512, NULL);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
wc_Sha512Free(&sha512);
wc_Sha512Free(&temp);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha512Copy */
static int test_wc_InitSha512_224 (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
wc_Sha512 sha512;
int ret;
printf(testingFmt, "wc_InitSha512_224()");
/* Test good arg. */
ret = wc_InitSha512_224(&sha512);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
/* Test bad arg. */
if (!flag) {
ret = wc_InitSha512_224(NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha512_224Free(&sha512);
printf(resultFmt, flag == 0 ? passed : failed);
#endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
return flag;
}
static int test_wc_Sha512_224Update (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
wc_Sha512 sha512;
byte hash[WC_SHA512_DIGEST_SIZE];
testVector a, c;
int ret;
ret = wc_InitSha512_224(&sha512);
if (ret != 0) {
flag = ret;
}
printf(testingFmt, "wc_Sha512_224Update()");
/* Input. */
if (!flag) {
a.input = "a";
a.inLen = XSTRLEN(a.input);
ret = wc_Sha512_224Update(&sha512, NULL, 0);
if (ret != 0) {
flag = ret;
}
ret = wc_Sha512_224Update(&sha512,(byte*)a.input, 0);
if (ret != 0) {
flag = ret;
}
ret = wc_Sha512_224Update(&sha512, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
ret = wc_Sha512_224Final(&sha512, hash);
if (ret != 0) {
flag = ret;
}
}
/* Update input. */
if (!flag) {
a.input = "abc";
a.output = "\x46\x34\x27\x0f\x70\x7b\x6a\x54\xda\xae\x75\x30\x46\x08"
"\x42\xe2\x0e\x37\xed\x26\x5c\xee\xe9\xa4\x3e\x89\x24\xaa";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
ret = wc_Sha512_224Update(&sha512, (byte*) a.input, (word32) a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_Sha512_224Final(&sha512, hash);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
if (XMEMCMP(hash, a.output, WC_SHA512_224_DIGEST_SIZE) != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
c.input = NULL;
c.inLen = WC_SHA512_224_DIGEST_SIZE;
ret = wc_Sha512_224Update(&sha512, (byte*)c.input, (word32)c.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha512_224Update(NULL, (byte*)a.input, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha512_224Free(&sha512);
/* If not returned then the unit test passed test vectors. */
printf(resultFmt, flag == 0 ? passed : failed);
#endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
return flag;
}
static int test_wc_Sha512_224Final (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
printf(testingFmt, "wc_Sha512_224Final()");
flag = test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_224, 0);
printf(resultFmt, flag == 0 ? passed : failed);
#endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
return flag;
}
static int test_wc_Sha512_224GetFlags (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) && defined(WOLFSSL_HASH_FLAGS)
wc_Sha512 sha512, copy;
word32 flags = 0;
printf(testingFmt, "wc_Sha512_224GetFlags()");
/* Initialize */
flag = wc_InitSha512_224(&sha512);
if (!flag) {
flag = wc_InitSha512_224(&copy);
}
if (!flag) {
flag = wc_Sha512_224Copy(&sha512, &copy);
}
if (!flag) {
flag = wc_Sha512_224GetFlags(&copy, &flags);
}
if (!flag) {
if (flags & WC_HASH_FLAG_ISCOPY)
flag = 0;
else
flag = WOLFSSL_FATAL_ERROR;
}
wc_Sha512_224Free(&copy);
wc_Sha512_224Free(&sha512);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
return flag;
}
static int test_wc_Sha512_224FinalRaw (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) && \
!defined(WOLFSSL_NO_HASH_RAW)
printf(testingFmt, "wc_Sha512_224FinalRaw()");
flag = test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_224, 1);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
}
static int test_wc_Sha512_224Free (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
printf(testingFmt, "wc_Sha512_224Free()");
wc_Sha512_224Free(NULL);
printf(resultFmt, passed);
#endif
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
return flag;
}
static int test_wc_Sha512_224GetHash (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
printf(testingFmt, "wc_Sha512_224GetHash()");
flag = test_Sha512_Family_GetHash(WC_HASH_TYPE_SHA512_224);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
return flag;
}
static int test_wc_Sha512_224Copy (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
wc_Sha512 sha512;
wc_Sha512 temp;
printf(testingFmt, "wc_Sha512_224Copy()");
/* Initialize */
flag = wc_InitSha512_224(&sha512);
if (flag == 0) {
flag = wc_InitSha512_224(&temp);
}
if (flag == 0) {
flag = wc_Sha512_224Copy(&sha512, &temp);
}
/*test bad arguements*/
if (flag == 0) {
if (wc_Sha512_224Copy(NULL, NULL) != BAD_FUNC_ARG)
flag = WOLFSSL_FATAL_ERROR;
}
if (flag == 0) {
if (wc_Sha512_224Copy(NULL, &temp) != BAD_FUNC_ARG)
flag = WOLFSSL_FATAL_ERROR;
}
if (flag == 0) {
if (wc_Sha512_224Copy(&sha512, NULL) != BAD_FUNC_ARG)
flag = WOLFSSL_FATAL_ERROR;
}
wc_Sha512_224Free(&sha512);
wc_Sha512_224Free(&temp);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
return flag;
}
static int test_wc_InitSha512_256 (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
wc_Sha512 sha512;
int ret;
printf(testingFmt, "wc_InitSha512_256()");
/* Test good arg. */
ret = wc_InitSha512_256(&sha512);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
/* Test bad arg. */
if (!flag) {
ret = wc_InitSha512_256(NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha512_256Free(&sha512);
printf(resultFmt, flag == 0 ? passed : failed);
#endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
return flag;
}
static int test_wc_Sha512_256Update (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
wc_Sha512 sha512;
byte hash[WC_SHA512_DIGEST_SIZE];
testVector a, c;
int ret;
ret = wc_InitSha512_256(&sha512);
if (ret != 0) {
flag = ret;
}
printf(testingFmt, "wc_Sha512_256Update()");
/* Input. */
if (!flag) {
a.input = "a";
a.inLen = XSTRLEN(a.input);
ret = wc_Sha512_256Update(&sha512, NULL, 0);
if (ret != 0) {
flag = ret;
}
ret = wc_Sha512_256Update(&sha512,(byte*)a.input, 0);
if (ret != 0) {
flag = ret;
}
ret = wc_Sha512_256Update(&sha512, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
ret = wc_Sha512_256Final(&sha512, hash);
if (ret != 0) {
flag = ret;
}
}
/* Update input. */
if (!flag) {
a.input = "abc";
a.output = "\x53\x04\x8e\x26\x81\x94\x1e\xf9\x9b\x2e\x29\xb7\x6b\x4c"
"\x7d\xab\xe4\xc2\xd0\xc6\x34\xfc\x6d\x46\xe0\xe2\xf1\x31"
"\x07\xe7\xaf\x23";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
ret = wc_Sha512_256Update(&sha512, (byte*) a.input, (word32) a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_Sha512_256Final(&sha512, hash);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
if (XMEMCMP(hash, a.output, WC_SHA512_256_DIGEST_SIZE) != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
c.input = NULL;
c.inLen = WC_SHA512_256_DIGEST_SIZE;
ret = wc_Sha512_256Update(&sha512, (byte*)c.input, (word32)c.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha512_256Update(NULL, (byte*)a.input, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha512_256Free(&sha512);
/* If not returned then the unit test passed test vectors. */
printf(resultFmt, flag == 0 ? passed : failed);
#endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
return flag;
}
static int test_wc_Sha512_256Final (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
printf(testingFmt, "wc_Sha512_256Final()");
flag = test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_256, 0);
printf(resultFmt, flag == 0 ? passed : failed);
#endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
return flag;
}
static int test_wc_Sha512_256GetFlags (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) && defined(WOLFSSL_HASH_FLAGS)
wc_Sha512 sha512, copy;
word32 flags = 0;
printf(testingFmt, "wc_Sha512_256GetFlags()");
/* Initialize */
flag = wc_InitSha512_256(&sha512);
if (!flag ) {
flag = wc_InitSha512_256(&copy);
}
if (!flag ) {
flag = wc_Sha512_256Copy(&sha512, &copy);
}
if (!flag ) {
flag = wc_Sha512_256GetFlags(&copy, &flags);
}
if (!flag) {
if (flags & WC_HASH_FLAG_ISCOPY)
flag = 0;
else
flag = WOLFSSL_FATAL_ERROR;
}
wc_Sha512_256Free(&sha512);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
return flag;
}
static int test_wc_Sha512_256FinalRaw (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) && \
!defined(WOLFSSL_NO_HASH_RAW)
printf(testingFmt, "wc_Sha512_256FinalRaw()");
flag = test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_256, 1);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
}
static int test_wc_Sha512_256Free (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
printf(testingFmt, "wc_Sha512_256Free()");
wc_Sha512_256Free(NULL);
printf(resultFmt, passed);
#endif
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
return flag;
}
static int test_wc_Sha512_256GetHash (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
printf(testingFmt, "wc_Sha512_256GetHash()");
flag = test_Sha512_Family_GetHash(WC_HASH_TYPE_SHA512_256);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
return flag;
}
static int test_wc_Sha512_256Copy (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
wc_Sha512 sha512;
wc_Sha512 temp;
printf(testingFmt, "wc_Sha512_256Copy()");
/* Initialize */
flag = wc_InitSha512_256(&sha512);
if (flag == 0) {
flag = wc_InitSha512_256(&temp);
}
if (flag == 0) {
flag = wc_Sha512_256Copy(&sha512, &temp);
}
/*test bad arguements*/
if (flag == 0) {
if (wc_Sha512_256Copy(NULL, NULL) != BAD_FUNC_ARG)
flag = WOLFSSL_FATAL_ERROR;
}
if (flag == 0) {
if (wc_Sha512_256Copy(NULL, &temp) != BAD_FUNC_ARG)
flag = WOLFSSL_FATAL_ERROR;
}
if (flag == 0) {
if (wc_Sha512_256Copy(&sha512, NULL) != BAD_FUNC_ARG)
flag = WOLFSSL_FATAL_ERROR;
}
wc_Sha512_256Free(&sha512);
wc_Sha512_256Free(&temp);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
return flag;
}
/*
* Testing wc_InitSha384()
*/
static int test_wc_InitSha384 (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA384
wc_Sha384 sha384;
int ret;
printf(testingFmt, "wc_InitSha384()");
/* Test good arg. */
ret = wc_InitSha384(&sha384);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
/* Test bad arg. */
if (!flag) {
ret = wc_InitSha384(NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha384Free(&sha384);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_InitSha384 */
/*
* test wc_Sha384Update()
*/
static int test_wc_Sha384Update (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA384
wc_Sha384 sha384;
byte hash[WC_SHA384_DIGEST_SIZE];
testVector a, b, c;
int ret;
ret = wc_InitSha384(&sha384);
if (ret != 0) {
flag = ret;
}
printf(testingFmt, "wc_Sha384Update()");
/* Input */
if (!flag) {
a.input = "a";
a.inLen = XSTRLEN(a.input);
ret = wc_Sha384Update(&sha384, NULL, 0);
if (ret != 0) {
flag = ret;
}
ret = wc_Sha384Update(&sha384, (byte*)a.input, 0);
if (ret != 0) {
flag = ret;
}
ret = wc_Sha384Update(&sha384, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_Sha384Final(&sha384, hash);
if (ret != 0) {
flag = ret;
}
}
/* Update input. */
if (!flag) {
a.input = "abc";
a.output = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
"\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff"
"\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
"\xc8\x25\xa7";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
ret = wc_Sha384Update(&sha384, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_Sha384Final(&sha384, hash);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
if (XMEMCMP(hash, a.output, WC_SHA384_DIGEST_SIZE) != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
/* Pass in bad values. */
if (!flag) {
b.input = NULL;
b.inLen = 0;
ret = wc_Sha384Update(&sha384, (byte*)b.input, (word32)b.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
c.input = NULL;
c.inLen = WC_SHA384_DIGEST_SIZE;
ret = wc_Sha384Update(&sha384, (byte*)c.input, (word32)c.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha384Update(NULL, (byte*)a.input, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha384Free(&sha384);
/* If not returned then the unit test passed test vectors. */
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha384Update */
/*
* Unit test function for wc_Sha384Final();
*/
static int test_wc_Sha384Final (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA384
wc_Sha384 sha384;
byte* hash_test[3];
byte hash1[WC_SHA384_DIGEST_SIZE];
byte hash2[2*WC_SHA384_DIGEST_SIZE];
byte hash3[5*WC_SHA384_DIGEST_SIZE];
int times, i, ret;
/* Initialize */
ret = wc_InitSha384(&sha384);
if (ret) {
flag = ret;
}
if (!flag) {
hash_test[0] = hash1;
hash_test[1] = hash2;
hash_test[2] = hash3;
}
times = sizeof(hash_test) / sizeof(byte*);
/* Good test args. */
printf(testingFmt, "wc_Sha384Final()");
for (i = 0; i < times; i++) {
if (!flag) {
ret = wc_Sha384Final(&sha384, hash_test[i]);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
}
/* Test bad args. */
if (!flag) {
ret = wc_Sha384Final(NULL, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha384Final(NULL, hash1);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha384Final(&sha384, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha384Free(&sha384);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha384Final */
/*
* Unit test function for wc_Sha384GetFlags()
*/
static int test_wc_Sha384GetFlags (void)
{
int flag = 0;
#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_HASH_FLAGS)
wc_Sha384 sha384;
word32 flags = 0;
printf(testingFmt, "wc_Sha384GetFlags()");
/* Initialize */
flag = wc_InitSha384(&sha384);
if (flag == 0) {
flag = wc_Sha384GetFlags(&sha384, &flags);
}
if (flag == 0) {
if (flags & WC_HASH_FLAG_ISCOPY) {
flag = 0;
}
}
wc_Sha384Free(&sha384);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha384GetFlags */
/*
* Unit test function for wc_Sha384FinalRaw()
*/
static int test_wc_Sha384FinalRaw (void)
{
int flag = 0;
#if (defined(WOLFSSL_SHA384) && !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)))) && \
!defined(WOLFSSL_NO_HASH_RAW)
wc_Sha384 sha384;
byte* hash_test[3];
byte hash1[WC_SHA384_DIGEST_SIZE];
byte hash2[2*WC_SHA384_DIGEST_SIZE];
byte hash3[5*WC_SHA384_DIGEST_SIZE];
int times, i, ret;
/* Initialize */
ret = wc_InitSha384(&sha384);
if (ret != 0) {
flag = ret;
}
if (!flag) {
hash_test[0] = hash1;
hash_test[1] = hash2;
hash_test[2] = hash3;
}
times = sizeof(hash_test) / sizeof(byte*);
/* Good test args. */
printf(testingFmt, "wc_Sha384FinalRaw()");
for (i = 0; i < times; i++) {
if (!flag) {
ret = wc_Sha384FinalRaw(&sha384, hash_test[i]);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
}
/* Test bad args. */
if (!flag ) {
ret = wc_Sha384FinalRaw(NULL, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha384FinalRaw(NULL, hash1);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha384FinalRaw(&sha384, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha384Free(&sha384);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha384FinalRaw */
/*
* Unit test function for wc_Sha384Free()
*/
static int test_wc_Sha384Free (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA384
printf(testingFmt, "wc_Sha384Free()");
wc_Sha384Free(NULL);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha384Free */
/*
* Unit test function for wc_Sha384GetHash()
*/
static int test_wc_Sha384GetHash (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA384
wc_Sha384 sha384;
byte hash1[WC_SHA384_DIGEST_SIZE];
printf(testingFmt, "wc_Sha384GetHash()");
/* Initialize */
flag = wc_InitSha384(&sha384);
if (flag == 0) {
flag = wc_Sha384GetHash(&sha384, hash1);
}
/*test bad arguements*/
if (flag == 0) {
flag = wc_Sha384GetHash(NULL, NULL);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
if (flag == 0) {
flag = wc_Sha384GetHash(NULL, hash1);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
if (flag == 0) {
flag = wc_Sha384GetHash(&sha384, NULL);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
wc_Sha384Free(&sha384);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha384GetHash */
/*
* Unit test function for wc_Sha384Copy()
*/
static int test_wc_Sha384Copy (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA384
wc_Sha384 sha384;
wc_Sha384 temp;
printf(testingFmt, "wc_Sha384Copy()");
/* Initialize */
flag = wc_InitSha384(&sha384);
if (flag == 0) {
flag = wc_InitSha384(&temp);
}
if (flag == 0) {
flag = wc_Sha384Copy(&sha384, &temp);
}
/*test bad arguements*/
if (flag == 0) {
flag = wc_Sha384Copy(NULL, NULL);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
if (flag == 0) {
flag = wc_Sha384Copy(NULL, &temp);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
if (flag == 0) {
flag = wc_Sha384Copy(&sha384, NULL);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
wc_Sha384Free(&sha384);
wc_Sha384Free(&temp);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha384Copy */
/*
* Testing wc_InitSha224();
*/
static int test_wc_InitSha224 (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA224
wc_Sha224 sha224;
int ret;
printf(testingFmt, "wc_InitSha224()");
/* Test good arg. */
ret = wc_InitSha224(&sha224);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
/* Test bad arg. */
if (!flag) {
ret = wc_InitSha224(NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha224Free(&sha224);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_InitSha224 */
/*
* Unit test on wc_Sha224Update
*/
static int test_wc_Sha224Update (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA224
wc_Sha224 sha224;
byte hash[WC_SHA224_DIGEST_SIZE];
testVector a, b, c;
int ret;
ret = wc_InitSha224(&sha224);
if (ret != 0) {
flag = ret;
}
printf(testingFmt, "wc_Sha224Update()");
/* Input. */
if (!flag) {
a.input = "a";
a.inLen = XSTRLEN(a.input);
ret = wc_Sha224Update(&sha224, NULL, 0);
if (ret != 0) {
flag = ret;
}
ret = wc_Sha224Update(&sha224, (byte*)a.input, 0);
if (ret != 0) {
flag = ret;
}
ret = wc_Sha224Update(&sha224, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_Sha224Final(&sha224, hash);
if (ret != 0) {
flag = ret;
}
}
/* Update input. */
if (!flag) {
a.input = "abc";
a.output = "\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2"
"\x55\xb3\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
ret = wc_Sha224Update(&sha224, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_Sha224Final(&sha224, hash);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
if (XMEMCMP(hash, a.output, WC_SHA224_DIGEST_SIZE) != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
/* Pass in bad values. */
if (!flag) {
b.input = NULL;
b.inLen = 0;
ret = wc_Sha224Update(&sha224, (byte*)b.input, (word32)b.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
c.input = NULL;
c.inLen = WC_SHA224_DIGEST_SIZE;
ret = wc_Sha224Update(&sha224, (byte*)c.input, (word32)c.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha224Update(NULL, (byte*)a.input, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha224Free(&sha224);
/* If not returned then the unit test passed test vectors. */
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha224Update */
/*
* Unit test for wc_Sha224Final();
*/
static int test_wc_Sha224Final (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA224
wc_Sha224 sha224;
byte* hash_test[3];
byte hash1[WC_SHA224_DIGEST_SIZE];
byte hash2[2*WC_SHA224_DIGEST_SIZE];
byte hash3[5*WC_SHA224_DIGEST_SIZE];
int times, i, ret;
/* Initialize */
ret = wc_InitSha224(&sha224);
if (ret) {
flag = ret;
}
if (!flag) {
hash_test[0] = hash1;
hash_test[1] = hash2;
hash_test[2] = hash3;
}
times = sizeof(hash_test) / sizeof(byte*);
/* Good test args. */
printf(testingFmt, "wc_sha224Final()");
/* Testing oversized buffers. */
for (i = 0; i < times; i++) {
if (!flag) {
ret = wc_Sha224Final(&sha224, hash_test[i]);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
}
/* Test bad args. */
if (!flag) {
ret = wc_Sha224Final(NULL, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha224Final(NULL, hash1);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_Sha224Final(&sha224, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha224Free(&sha224);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha224Final */
/*
* Unit test function for wc_Sha224SetFlags()
*/
static int test_wc_Sha224SetFlags (void)
{
int flag = 0;
#if defined(WOLFSSL_SHA224) && defined(WOLFSSL_HASH_FLAGS)
wc_Sha224 sha224;
word32 flags = 0;
printf(testingFmt, "wc_Sha224SetFlags()");
/* Initialize */
flag = wc_InitSha224(&sha224);
if (flag == 0) {
flag = wc_Sha224SetFlags(&sha224, flags);
}
if (flag == 0) {
if (flags & WC_HASH_FLAG_ISCOPY) {
flag = 0;
}
}
wc_Sha224Free(&sha224);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha224SetFlags */
/*
* Unit test function for wc_Sha224GetFlags()
*/
static int test_wc_Sha224GetFlags (void)
{
int flag = 0;
#if defined(WOLFSSL_SHA224) && defined(WOLFSSL_HASH_FLAGS)
wc_Sha224 sha224;
word32 flags = 0;
printf(testingFmt, "wc_Sha224GetFlags()");
/* Initialize */
flag = wc_InitSha224(&sha224);
if (flag == 0) {
flag = wc_Sha224GetFlags(&sha224, &flags);
}
if (flag == 0) {
if (flags & WC_HASH_FLAG_ISCOPY) {
flag = 0;
}
}
wc_Sha224Free(&sha224);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha224GetFlags */
/*
* Unit test function for wc_Sha224Free()
*/
static int test_wc_Sha224Free (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA224
printf(testingFmt, "wc_Sha224Free()");
wc_Sha224Free(NULL);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha224Free */
/*
* Unit test function for wc_Sha224GetHash()
*/
static int test_wc_Sha224GetHash (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA224
wc_Sha224 sha224;
byte hash1[WC_SHA224_DIGEST_SIZE];
printf(testingFmt, "wc_Sha224GetHash()");
/* Initialize */
flag = wc_InitSha224(&sha224);
if (flag == 0) {
flag = wc_Sha224GetHash(&sha224, hash1);
}
/*test bad arguements*/
if (flag == 0) {
flag = wc_Sha224GetHash(NULL, NULL);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
if (flag == 0) {
flag = wc_Sha224GetHash(NULL, hash1);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
if (flag == 0) {
flag = wc_Sha224GetHash(&sha224, NULL);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
wc_Sha224Free(&sha224);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha224GetHash */
/*
* Unit test function for wc_Sha224Copy()
*/
static int test_wc_Sha224Copy (void)
{
int flag = 0;
#ifdef WOLFSSL_SHA224
wc_Sha224 sha224;
wc_Sha224 temp;
printf(testingFmt, "wc_Sha224Copy()");
/* Initialize */
flag = wc_InitSha224(&sha224);
if (flag == 0) {
flag = wc_InitSha224(&temp);
}
if (flag == 0) {
flag = wc_Sha224Copy(&sha224, &temp);
}
/*test bad arguements*/
if (flag == 0) {
flag = wc_Sha224Copy(NULL, NULL);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
if (flag == 0) {
flag = wc_Sha224Copy(NULL, &temp);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
if (flag == 0) {
flag = wc_Sha224Copy(&sha224, NULL);
if (flag == BAD_FUNC_ARG) {
flag = 0;
}
}
wc_Sha224Free(&sha224);
wc_Sha224Free(&temp);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha224Copy */
/*
* Testing wc_InitRipeMd()
*/
static int test_wc_InitRipeMd (void)
{
int flag = 0;
#ifdef WOLFSSL_RIPEMD
RipeMd ripemd;
int ret;
printf(testingFmt, "wc_InitRipeMd()");
/* Test good arg. */
ret = wc_InitRipeMd(&ripemd);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
/* Test bad arg. */
if (!flag) {
ret = wc_InitRipeMd(NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_InitRipeMd */
/*
* Testing wc_RipeMdUpdate()
*/
static int test_wc_RipeMdUpdate (void)
{
int flag = 0;
#ifdef WOLFSSL_RIPEMD
RipeMd ripemd;
byte hash[RIPEMD_DIGEST_SIZE];
testVector a, b, c;
int ret;
ret = wc_InitRipeMd(&ripemd);
if (ret != 0) {
flag = ret;
}
printf(testingFmt, "wc_RipeMdUpdate()");
/* Input */
if (!flag) {
a.input = "a";
a.inLen = XSTRLEN(a.input);
ret = wc_RipeMdUpdate(&ripemd, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_RipeMdFinal(&ripemd, hash);
if (ret != 0) {
flag = ret;
}
}
/* Update input. */
if (!flag) {
a.input = "abc";
a.output = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6"
"\xb0\x87\xf1\x5a\x0b\xfc";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
ret = wc_RipeMdUpdate(&ripemd, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_RipeMdFinal(&ripemd, hash);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
if (XMEMCMP(hash, a.output, RIPEMD_DIGEST_SIZE) != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
/* Pass in bad values. */
if (!flag) {
b.input = NULL;
b.inLen = 0;
ret = wc_RipeMdUpdate(&ripemd, (byte*)b.input, (word32)b.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
c.input = NULL;
c.inLen = RIPEMD_DIGEST_SIZE;
ret = wc_RipeMdUpdate(&ripemd, (byte*)c.input, (word32)c.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_RipeMdUpdate(NULL, (byte*)a.input, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_RipeMdUdpate */
/*
* Unit test function for wc_RipeMdFinal()
*/
static int test_wc_RipeMdFinal (void)
{
int flag = 0;
#ifdef WOLFSSL_RIPEMD
RipeMd ripemd;
byte* hash_test[3];
byte hash1[RIPEMD_DIGEST_SIZE];
byte hash2[2*RIPEMD_DIGEST_SIZE];
byte hash3[5*RIPEMD_DIGEST_SIZE];
int times, i, ret;
/* Initialize */
ret = wc_InitRipeMd(&ripemd);
if (ret != 0) {
flag = ret;
}
if (!flag) {
hash_test[0] = hash1;
hash_test[1] = hash2;
hash_test[2] = hash3;
}
times = sizeof(hash_test) / sizeof(byte*);
/* Good test args. */
printf(testingFmt, "wc_RipeMdFinal()");
/* Testing oversized buffers. */
for (i = 0; i < times; i++) {
if (!flag) {
ret = wc_RipeMdFinal(&ripemd, hash_test[i]);
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
}
/* Test bad args. */
if (!flag) {
ret = wc_RipeMdFinal(NULL, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_RipeMdFinal(NULL, hash1);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_RipeMdFinal(&ripemd, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_RipeMdFinal */
/*
* Testing wc_InitSha3_224, wc_InitSha3_256, wc_InitSha3_384, and
* wc_InitSha3_512
*/
static int test_wc_InitSha3 (void)
{
int ret = 0;
#if defined(WOLFSSL_SHA3)
wc_Sha3 sha3;
(void)sha3;
#if !defined(WOLFSSL_NOSHA3_224)
printf(testingFmt, "wc_InitSha3_224()");
ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId);
/* Test bad args. */
if (ret == 0) {
ret = wc_InitSha3_224(NULL, HEAP_HINT, devId);
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha3_224_Free(&sha3);
printf(resultFmt, ret == 0 ? passed : failed);
#endif /* NOSHA3_224 */
#if !defined(WOLFSSL_NOSHA3_256)
if (ret == 0) {
printf(testingFmt, "wc_InitSha3_256()");
ret = wc_InitSha3_256(&sha3, HEAP_HINT, devId);
/* Test bad args. */
if (ret == 0) {
ret = wc_InitSha3_256(NULL, HEAP_HINT, devId);
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha3_256_Free(&sha3);
printf(resultFmt, ret == 0 ? passed : failed);
} /* END sha3_256 */
#endif /* NOSHA3_256 */
#if !defined(WOLFSSL_NOSHA3_384)
if (ret == 0) {
printf(testingFmt, "wc_InitSha3_384()");
ret = wc_InitSha3_384(&sha3, HEAP_HINT, devId);
/* Test bad args. */
if (ret == 0) {
ret = wc_InitSha3_384(NULL, HEAP_HINT, devId);
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha3_384_Free(&sha3);
printf(resultFmt, ret == 0 ? passed : failed);
} /* END sha3_384 */
#endif /* NOSHA3_384 */
#if !defined(WOLFSSL_NOSHA3_512)
if (ret == 0) {
printf(testingFmt, "wc_InitSha3_512()");
ret = wc_InitSha3_512(&sha3, HEAP_HINT, devId);
/* Test bad args. */
if (ret == 0) {
ret = wc_InitSha3_512(NULL, HEAP_HINT, devId);
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha3_512_Free(&sha3);
printf(resultFmt, ret == 0 ? passed : failed);
} /* END sha3_512 */
#endif /* NOSHA3_512 */
#endif
return ret;
} /* END test_wc_InitSha3 */
/*
* Testing wc_Sha3_Update()
*/
static int testing_wc_Sha3_Update (void)
{
int ret = 0;
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_XILINX_CRYPT) && \
!defined(WOLFSSL_AFALG_XILINX)
wc_Sha3 sha3;
byte msg[] = "Everybody's working for the weekend.";
byte msg2[] = "Everybody gets Friday off.";
byte msgCmp[] = "\x45\x76\x65\x72\x79\x62\x6f\x64\x79\x27\x73\x20"
"\x77\x6f\x72\x6b\x69\x6e\x67\x20\x66\x6f\x72\x20\x74"
"\x68\x65\x20\x77\x65\x65\x6b\x65\x6e\x64\x2e\x45\x76"
"\x65\x72\x79\x62\x6f\x64\x79\x20\x67\x65\x74\x73\x20"
"\x46\x72\x69\x64\x61\x79\x20\x6f\x66\x66\x2e";
word32 msglen = sizeof(msg) - 1;
word32 msg2len = sizeof(msg2);
word32 msgCmplen = sizeof(msgCmp);
#if !defined(WOLFSSL_NOSHA3_224)
printf(testingFmt, "wc_Sha3_224_Update()");
ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
ret = wc_Sha3_224_Update(&sha3, msg, msglen);
if (XMEMCMP(msg, sha3.t, msglen) || sha3.i != msglen) {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
ret = wc_Sha3_224_Update(&sha3, msg2, msg2len);
if (ret == 0 && XMEMCMP(sha3.t, msgCmp, msgCmplen) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Pass bad args. */
if (ret == 0) {
ret = wc_Sha3_224_Update(NULL, msg2, msg2len);
if (ret == BAD_FUNC_ARG) {
ret = wc_Sha3_224_Update(&sha3, NULL, 5);
}
if (ret == BAD_FUNC_ARG) {
wc_Sha3_224_Free(&sha3);
if (wc_InitSha3_224(&sha3, HEAP_HINT, devId)) {
return ret;
}
ret = wc_Sha3_224_Update(&sha3, NULL, 0);
if (ret == 0) {
ret = wc_Sha3_224_Update(&sha3, msg2, msg2len);
}
if (ret == 0 && XMEMCMP(msg2, sha3.t, msg2len) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
wc_Sha3_224_Free(&sha3);
printf(resultFmt, ret == 0 ? passed : failed);
#endif /* SHA3_224 */
#if !defined(WOLFSSL_NOSHA3_256)
if (ret == 0) {
printf(testingFmt, "wc_Sha3_256_Update()");
ret = wc_InitSha3_256(&sha3, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
ret = wc_Sha3_256_Update(&sha3, msg, msglen);
if (XMEMCMP(msg, sha3.t, msglen) || sha3.i != msglen) {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
ret = wc_Sha3_256_Update(&sha3, msg2, msg2len);
if (XMEMCMP(sha3.t, msgCmp, msgCmplen) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Pass bad args. */
if (ret == 0) {
ret = wc_Sha3_256_Update(NULL, msg2, msg2len);
if (ret == BAD_FUNC_ARG) {
ret = wc_Sha3_256_Update(&sha3, NULL, 5);
}
if (ret == BAD_FUNC_ARG) {
wc_Sha3_256_Free(&sha3);
if (wc_InitSha3_256(&sha3, HEAP_HINT, devId)) {
return ret;
}
ret = wc_Sha3_256_Update(&sha3, NULL, 0);
if (ret == 0) {
ret = wc_Sha3_256_Update(&sha3, msg2, msg2len);
}
if (ret == 0 && XMEMCMP(msg2, sha3.t, msg2len) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
wc_Sha3_256_Free(&sha3);
printf(resultFmt, ret == 0 ? passed : failed);
}
#endif /* SHA3_256 */
#if !defined(WOLFSSL_NOSHA3_384)
if (ret == 0) {
printf(testingFmt, "wc_Sha3_384_Update()");
ret = wc_InitSha3_384(&sha3, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
ret = wc_Sha3_384_Update(&sha3, msg, msglen);
if (XMEMCMP(msg, sha3.t, msglen) || sha3.i != msglen) {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
ret = wc_Sha3_384_Update(&sha3, msg2, msg2len);
if (XMEMCMP(sha3.t, msgCmp, msgCmplen) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Pass bad args. */
if (ret == 0) {
ret = wc_Sha3_384_Update(NULL, msg2, msg2len);
if (ret == BAD_FUNC_ARG) {
ret = wc_Sha3_384_Update(&sha3, NULL, 5);
}
if (ret == BAD_FUNC_ARG) {
wc_Sha3_384_Free(&sha3);
if (wc_InitSha3_384(&sha3, HEAP_HINT, devId)) {
return ret;
}
ret = wc_Sha3_384_Update(&sha3, NULL, 0);
if (ret == 0) {
ret = wc_Sha3_384_Update(&sha3, msg2, msg2len);
}
if (ret == 0 && XMEMCMP(msg2, sha3.t, msg2len) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
wc_Sha3_384_Free(&sha3);
printf(resultFmt, ret == 0 ? passed : failed);
}
#endif /* SHA3_384 */
#if !defined(WOLFSSL_NOSHA3_512)
if (ret == 0) {
printf(testingFmt, "wc_Sha3_512_Update()");
ret = wc_InitSha3_512(&sha3, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
ret = wc_Sha3_512_Update(&sha3, msg, msglen);
if (XMEMCMP(msg, sha3.t, msglen) || sha3.i != msglen) {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
ret = wc_Sha3_512_Update(&sha3, msg2, msg2len);
if (XMEMCMP(sha3.t, msgCmp, msgCmplen) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Pass bad args. */
if (ret == 0) {
ret = wc_Sha3_512_Update(NULL, msg2, msg2len);
if (ret == BAD_FUNC_ARG) {
ret = wc_Sha3_512_Update(&sha3, NULL, 5);
}
if (ret == BAD_FUNC_ARG) {
wc_Sha3_512_Free(&sha3);
if (wc_InitSha3_512(&sha3, HEAP_HINT, devId)) {
return ret;
}
ret = wc_Sha3_512_Update(&sha3, NULL, 0);
if (ret == 0) {
ret = wc_Sha3_512_Update(&sha3, msg2, msg2len);
}
if (ret == 0 && XMEMCMP(msg2, sha3.t, msg2len) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
wc_Sha3_512_Free(&sha3);
printf(resultFmt, ret == 0 ? passed : failed);
}
#endif /* SHA3_512 */
#endif /* WOLFSSL_SHA3 */
return ret;
} /* END testing_wc_Sha3_Update */
/*
* Testing wc_Sha3_224_Final()
*/
static int test_wc_Sha3_224_Final (void)
{
int ret = 0;
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
wc_Sha3 sha3;
const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
"nopnopq";
const char* expOut = "\x8a\x24\x10\x8b\x15\x4a\xda\x21\xc9\xfd\x55"
"\x74\x49\x44\x79\xba\x5c\x7e\x7a\xb7\x6e\xf2"
"\x64\xea\xd0\xfc\xce\x33";
byte hash[WC_SHA3_224_DIGEST_SIZE];
byte hashRet[WC_SHA3_224_DIGEST_SIZE];
/* Init stack variables. */
XMEMSET(hash, 0, sizeof(hash));
printf(testingFmt, "wc_Sha3_224_Final()");
ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
ret= wc_Sha3_224_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
if (ret == 0) {
ret = wc_Sha3_224_Final(&sha3, hash);
if (ret == 0 && XMEMCMP(expOut, hash, WC_SHA3_224_DIGEST_SIZE) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Test bad args. */
if (ret == 0) {
ret = wc_Sha3_224_Final(NULL, hash);
if (ret == 0) {
ret = wc_Sha3_224_Final(&sha3, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha3_224_Free(&sha3);
printf(resultFmt, ret == 0 ? passed : failed);
if (ret == 0) {
printf(testingFmt, "wc_Sha3_224_GetHash()");
ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
/* Init stack variables. */
XMEMSET(hash, 0, sizeof(hash));
XMEMSET(hashRet, 0, sizeof(hashRet));
ret= wc_Sha3_224_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
if (ret == 0) {
ret = wc_Sha3_224_GetHash(&sha3, hashRet);
}
if (ret == 0) {
ret = wc_Sha3_224_Final(&sha3, hash);
if (ret == 0 && XMEMCMP(hash, hashRet, WC_SHA3_224_DIGEST_SIZE) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (ret == 0) {
/* Test bad args. */
ret = wc_Sha3_224_GetHash(NULL, hashRet);
if (ret == BAD_FUNC_ARG) {
ret = wc_Sha3_224_GetHash(&sha3, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
}
wc_Sha3_224_Free(&sha3);
#endif
return ret;
} /* END test_wc_Sha3_224_Final */
/*
* Testing wc_Sha3_256_Final()
*/
static int test_wc_Sha3_256_Final (void)
{
int ret = 0;
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
wc_Sha3 sha3;
const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
"nopnopq";
const char* expOut = "\x41\xc0\xdb\xa2\xa9\xd6\x24\x08\x49\x10\x03\x76\xa8"
"\x23\x5e\x2c\x82\xe1\xb9\x99\x8a\x99\x9e\x21\xdb\x32"
"\xdd\x97\x49\x6d\x33\x76";
byte hash[WC_SHA3_256_DIGEST_SIZE];
byte hashRet[WC_SHA3_256_DIGEST_SIZE];
/* Init stack variables. */
XMEMSET(hash, 0, sizeof(hash));
printf(testingFmt, "wc_Sha3_256_Final()");
ret = wc_InitSha3_256(&sha3, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
ret= wc_Sha3_256_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
if (ret == 0) {
ret = wc_Sha3_256_Final(&sha3, hash);
if (ret == 0 && XMEMCMP(expOut, hash, WC_SHA3_256_DIGEST_SIZE) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Test bad args. */
if (ret == 0) {
ret = wc_Sha3_256_Final(NULL, hash);
if (ret == 0) {
ret = wc_Sha3_256_Final(&sha3, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha3_256_Free(&sha3);
printf(resultFmt, ret == 0 ? passed : failed);
if (ret == 0) {
printf(testingFmt, "wc_Sha3_256_GetHash()");
ret = wc_InitSha3_256(&sha3, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
/* Init stack variables. */
XMEMSET(hash, 0, sizeof(hash));
XMEMSET(hashRet, 0, sizeof(hashRet));
ret= wc_Sha3_256_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
if (ret == 0) {
ret = wc_Sha3_256_GetHash(&sha3, hashRet);
}
if (ret == 0) {
ret = wc_Sha3_256_Final(&sha3, hash);
if (ret == 0 && XMEMCMP(hash, hashRet, WC_SHA3_256_DIGEST_SIZE) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (ret == 0) {
/* Test bad args. */
ret = wc_Sha3_256_GetHash(NULL, hashRet);
if (ret == BAD_FUNC_ARG) {
ret = wc_Sha3_256_GetHash(&sha3, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
}
wc_Sha3_256_Free(&sha3);
#endif
return ret;
} /* END test_wc_Sha3_256_Final */
/*
* Testing wc_Sha3_384_Final()
*/
static int test_wc_Sha3_384_Final (void)
{
int ret = 0;
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
wc_Sha3 sha3;
const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
"nopnopq";
const char* expOut = "\x99\x1c\x66\x57\x55\xeb\x3a\x4b\x6b\xbd\xfb\x75\xc7"
"\x8a\x49\x2e\x8c\x56\xa2\x2c\x5c\x4d\x7e\x42\x9b\xfd"
"\xbc\x32\xb9\xd4\xad\x5a\xa0\x4a\x1f\x07\x6e\x62\xfe"
"\xa1\x9e\xef\x51\xac\xd0\x65\x7c\x22";
byte hash[WC_SHA3_384_DIGEST_SIZE];
byte hashRet[WC_SHA3_384_DIGEST_SIZE];
/* Init stack variables. */
XMEMSET(hash, 0, sizeof(hash));
printf(testingFmt, "wc_Sha3_384_Final()");
ret = wc_InitSha3_384(&sha3, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
ret= wc_Sha3_384_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
if (ret == 0) {
ret = wc_Sha3_384_Final(&sha3, hash);
if (ret == 0 && XMEMCMP(expOut, hash, WC_SHA3_384_DIGEST_SIZE) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Test bad args. */
if (ret == 0) {
ret = wc_Sha3_384_Final(NULL, hash);
if (ret == 0) {
ret = wc_Sha3_384_Final(&sha3, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha3_384_Free(&sha3);
printf(resultFmt, ret == 0 ? passed : failed);
if (ret == 0) {
printf(testingFmt, "wc_Sha3_384_GetHash()");
ret = wc_InitSha3_384(&sha3, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
/* Init stack variables. */
XMEMSET(hash, 0, sizeof(hash));
XMEMSET(hashRet, 0, sizeof(hashRet));
ret= wc_Sha3_384_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
if (ret == 0) {
ret = wc_Sha3_384_GetHash(&sha3, hashRet);
}
if (ret == 0) {
ret = wc_Sha3_384_Final(&sha3, hash);
if (ret == 0 && XMEMCMP(hash, hashRet, WC_SHA3_384_DIGEST_SIZE) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (ret == 0) {
/* Test bad args. */
ret = wc_Sha3_384_GetHash(NULL, hashRet);
if (ret == BAD_FUNC_ARG) {
ret = wc_Sha3_384_GetHash(&sha3, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
}
wc_Sha3_384_Free(&sha3);
#endif
return ret;
} /* END test_wc_Sha3_384_Final */
/*
* Testing wc_Sha3_512_Final()
*/
static int test_wc_Sha3_512_Final (void)
{
int ret = 0;
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) && \
!defined(WOLFSSL_NOSHA3_384)
wc_Sha3 sha3;
const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
"nopnopq";
const char* expOut = "\x04\xa3\x71\xe8\x4e\xcf\xb5\xb8\xb7\x7c\xb4\x86\x10"
"\xfc\xa8\x18\x2d\xd4\x57\xce\x6f\x32\x6a\x0f\xd3\xd7"
"\xec\x2f\x1e\x91\x63\x6d\xee\x69\x1f\xbe\x0c\x98\x53"
"\x02\xba\x1b\x0d\x8d\xc7\x8c\x08\x63\x46\xb5\x33\xb4"
"\x9c\x03\x0d\x99\xa2\x7d\xaf\x11\x39\xd6\xe7\x5e";
byte hash[WC_SHA3_512_DIGEST_SIZE];
byte hashRet[WC_SHA3_512_DIGEST_SIZE];
/* Init stack variables. */
XMEMSET(hash, 0, sizeof(hash));
printf(testingFmt, "wc_Sha3_512_Final()");
ret = wc_InitSha3_512(&sha3, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
ret= wc_Sha3_512_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
if (ret == 0) {
ret = wc_Sha3_512_Final(&sha3, hash);
if (ret == 0 && XMEMCMP(expOut, hash, WC_SHA3_512_DIGEST_SIZE) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Test bad args. */
if (ret == 0) {
ret = wc_Sha3_512_Final(NULL, hash);
if (ret == 0) {
ret = wc_Sha3_384_Final(&sha3, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_Sha3_512_Free(&sha3);
printf(resultFmt, ret == 0 ? passed : failed);
if (ret == 0) {
printf(testingFmt, "wc_Sha3_512_GetHash()");
ret = wc_InitSha3_512(&sha3, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
/* Init stack variables. */
XMEMSET(hash, 0, sizeof(hash));
XMEMSET(hashRet, 0, sizeof(hashRet));
ret= wc_Sha3_512_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
if (ret == 0) {
ret = wc_Sha3_512_GetHash(&sha3, hashRet);
}
if (ret == 0) {
ret = wc_Sha3_512_Final(&sha3, hash);
if (ret == 0 && XMEMCMP(hash, hashRet, WC_SHA3_512_DIGEST_SIZE) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (ret == 0) {
/* Test bad args. */
ret = wc_Sha3_512_GetHash(NULL, hashRet);
if (ret == BAD_FUNC_ARG) {
ret = wc_Sha3_512_GetHash(&sha3, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
}
wc_Sha3_512_Free(&sha3);
#endif
return ret;
} /* END test_wc_Sha3_512_Final */
/*
* Testing wc_Sha3_224_Copy()
*/
static int test_wc_Sha3_224_Copy (void)
{
int ret = 0;
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
wc_Sha3 sha3, sha3Cpy;
const char* msg = TEST_STRING;
word32 msglen = (word32)TEST_STRING_SZ;
byte hash[WC_SHA3_224_DIGEST_SIZE];
byte hashCpy[WC_SHA3_224_DIGEST_SIZE];
XMEMSET(hash, 0, sizeof(hash));
XMEMSET(hashCpy, 0, sizeof(hashCpy));
printf(testingFmt, "wc_Sha3_224_Copy()");
ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
ret = wc_InitSha3_224(&sha3Cpy, HEAP_HINT, devId);
if (ret != 0) {
wc_Sha3_224_Free(&sha3);
return ret;
}
ret = wc_Sha3_224_Update(&sha3, (byte*)msg, msglen);
if (ret == 0) {
ret = wc_Sha3_224_Copy(&sha3Cpy, &sha3);
if (ret == 0) {
ret = wc_Sha3_224_Final(&sha3, hash);
if (ret == 0) {
ret = wc_Sha3_224_Final(&sha3Cpy, hashCpy);
}
}
if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Test bad args. */
if (ret == 0) {
ret = wc_Sha3_224_Copy(NULL, &sha3);
if (ret == BAD_FUNC_ARG) {
ret = wc_Sha3_224_Copy(&sha3Cpy, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Sha3_224_Copy */
/*
* Testing wc_Sha3_256_Copy()
*/
static int test_wc_Sha3_256_Copy (void)
{
int ret = 0;
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
wc_Sha3 sha3, sha3Cpy;
const char* msg = TEST_STRING;
word32 msglen = (word32)TEST_STRING_SZ;
byte hash[WC_SHA3_256_DIGEST_SIZE];
byte hashCpy[WC_SHA3_256_DIGEST_SIZE];
XMEMSET(hash, 0, sizeof(hash));
XMEMSET(hashCpy, 0, sizeof(hashCpy));
printf(testingFmt, "wc_Sha3_256_Copy()");
ret = wc_InitSha3_256(&sha3, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
ret = wc_InitSha3_256(&sha3Cpy, HEAP_HINT, devId);
if (ret != 0) {
wc_Sha3_256_Free(&sha3);
return ret;
}
ret = wc_Sha3_256_Update(&sha3, (byte*)msg, msglen);
if (ret == 0) {
ret = wc_Sha3_256_Copy(&sha3Cpy, &sha3);
if (ret == 0) {
ret = wc_Sha3_256_Final(&sha3, hash);
if (ret == 0) {
ret = wc_Sha3_256_Final(&sha3Cpy, hashCpy);
}
}
if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Test bad args. */
if (ret == 0) {
ret = wc_Sha3_256_Copy(NULL, &sha3);
if (ret == BAD_FUNC_ARG) {
ret = wc_Sha3_256_Copy(&sha3Cpy, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Sha3_256_Copy */
/*
* Testing wc_Sha3_384_Copy()
*/
static int test_wc_Sha3_384_Copy (void)
{
int ret = 0;
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
wc_Sha3 sha3, sha3Cpy;
const char* msg = TEST_STRING;
word32 msglen = (word32)TEST_STRING_SZ;
byte hash[WC_SHA3_384_DIGEST_SIZE];
byte hashCpy[WC_SHA3_384_DIGEST_SIZE];
XMEMSET(hash, 0, sizeof(hash));
XMEMSET(hashCpy, 0, sizeof(hashCpy));
printf(testingFmt, "wc_Sha3_384_Copy()");
ret = wc_InitSha3_384(&sha3, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
ret = wc_InitSha3_384(&sha3Cpy, HEAP_HINT, devId);
if (ret != 0) {
wc_Sha3_384_Free(&sha3);
return ret;
}
ret = wc_Sha3_384_Update(&sha3, (byte*)msg, msglen);
if (ret == 0) {
ret = wc_Sha3_384_Copy(&sha3Cpy, &sha3);
if (ret == 0) {
ret = wc_Sha3_384_Final(&sha3, hash);
if (ret == 0) {
ret = wc_Sha3_384_Final(&sha3Cpy, hashCpy);
}
}
if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Test bad args. */
if (ret == 0) {
ret = wc_Sha3_384_Copy(NULL, &sha3);
if (ret == BAD_FUNC_ARG) {
ret = wc_Sha3_384_Copy(&sha3Cpy, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Sha3_384_Copy */
/*
* Testing wc_Sha3_512_Copy()
*/
static int test_wc_Sha3_512_Copy (void)
{
int ret = 0;
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
wc_Sha3 sha3, sha3Cpy;
const char* msg = TEST_STRING;
word32 msglen = (word32)TEST_STRING_SZ;
byte hash[WC_SHA3_512_DIGEST_SIZE];
byte hashCpy[WC_SHA3_512_DIGEST_SIZE];
XMEMSET(hash, 0, sizeof(hash));
XMEMSET(hashCpy, 0, sizeof(hashCpy));
printf(testingFmt, "wc_Sha3_512_Copy()");
ret = wc_InitSha3_512(&sha3, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
ret = wc_InitSha3_512(&sha3Cpy, HEAP_HINT, devId);
if (ret != 0) {
wc_Sha3_512_Free(&sha3);
return ret;
}
ret = wc_Sha3_512_Update(&sha3, (byte*)msg, msglen);
if (ret == 0) {
ret = wc_Sha3_512_Copy(&sha3Cpy, &sha3);
if (ret == 0) {
ret = wc_Sha3_512_Final(&sha3, hash);
if (ret == 0) {
ret = wc_Sha3_512_Final(&sha3Cpy, hashCpy);
}
}
if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Test bad args. */
if (ret == 0) {
ret = wc_Sha3_512_Copy(NULL, &sha3);
if (ret == BAD_FUNC_ARG) {
ret = wc_Sha3_512_Copy(&sha3Cpy, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Sha3_512_Copy */
/*
* Unit test function for wc_Sha3_GetFlags()
*/
static int test_wc_Sha3_GetFlags (void)
{
int ret = 0;
#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_HASH_FLAGS)
wc_Sha3 sha3;
word32 flags = 0;
printf(testingFmt, "wc_Sha3_GetFlags()");
/* Initialize */
ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
if (ret == 0) {
ret = wc_Sha3_GetFlags(&sha3, &flags);
}
if (ret == 0) {
if (flags & WC_HASH_FLAG_ISCOPY) {
ret = 0;
}
}
wc_Sha3_224_Free(&sha3);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Sha3_GetFlags */
static int test_wc_InitShake256 (void)
{
int ret = 0;
#ifdef WOLFSSL_SHAKE256
wc_Shake shake;
printf(testingFmt, "wc_InitShake256()");
ret = wc_InitShake256(&shake, HEAP_HINT, devId);
/* Test bad args. */
if (ret == 0) {
ret = wc_InitShake256(NULL, HEAP_HINT, devId);
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_Shake256_Free(&shake);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_InitSha3 */
static int testing_wc_Shake256_Update (void)
{
int ret = 0;
#ifdef WOLFSSL_SHAKE256
wc_Shake shake;
byte msg[] = "Everybody's working for the weekend.";
byte msg2[] = "Everybody gets Friday off.";
byte msgCmp[] = "\x45\x76\x65\x72\x79\x62\x6f\x64\x79\x27\x73\x20"
"\x77\x6f\x72\x6b\x69\x6e\x67\x20\x66\x6f\x72\x20\x74"
"\x68\x65\x20\x77\x65\x65\x6b\x65\x6e\x64\x2e\x45\x76"
"\x65\x72\x79\x62\x6f\x64\x79\x20\x67\x65\x74\x73\x20"
"\x46\x72\x69\x64\x61\x79\x20\x6f\x66\x66\x2e";
word32 msglen = sizeof(msg) - 1;
word32 msg2len = sizeof(msg2);
word32 msgCmplen = sizeof(msgCmp);
printf(testingFmt, "wc_Shake256_Update()");
ret = wc_InitShake256(&shake, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
ret = wc_Shake256_Update(&shake, msg, msglen);
if (XMEMCMP(msg, shake.t, msglen) || shake.i != msglen) {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
ret = wc_Shake256_Update(&shake, msg2, msg2len);
if (XMEMCMP(shake.t, msgCmp, msgCmplen) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Pass bad args. */
if (ret == 0) {
ret = wc_Shake256_Update(NULL, msg2, msg2len);
if (ret == BAD_FUNC_ARG) {
ret = wc_Shake256_Update(&shake, NULL, 5);
}
if (ret == BAD_FUNC_ARG) {
wc_Shake256_Free(&shake);
if (wc_InitShake256(&shake, HEAP_HINT, devId)) {
return ret;
}
ret = wc_Shake256_Update(&shake, NULL, 0);
if (ret == 0) {
ret = wc_Shake256_Update(&shake, msg2, msg2len);
}
if (ret == 0 && XMEMCMP(msg2, shake.t, msg2len) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
wc_Shake256_Free(&shake);
printf(resultFmt, ret == 0 ? passed : failed);
#endif /* WOLFSSL_SHAKE256 */
return ret;
}
static int test_wc_Shake256_Final (void)
{
int ret = 0;
#ifdef WOLFSSL_SHAKE256
wc_Shake shake;
const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
"nopnopq";
const char* expOut = "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f"
"\x6f\x87\x13\x3a\x79\x11\xe1\x8d\x97\x9e\xe1\xae\x6b"
"\xe5\xd4\xfd\x2e\x33\x29\x40\xd8\x68\x8a\x4e\x6a\x59"
"\xaa\x80\x60\xf1\xf9\xbc\x99\x6c\x05\xac\xa3\xc6\x96"
"\xa8\xb6\x62\x79\xdc\x67\x2c\x74\x0b\xb2\x24\xec\x37"
"\xa9\x2b\x65\xdb\x05\x39\xc0\x20\x34\x55\xf5\x1d\x97"
"\xcc\xe4\xcf\xc4\x91\x27\xd7\x26\x0a\xfc\x67\x3a\xf2"
"\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67"
"\x60\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4";
byte hash[114];
/* Init stack variables. */
XMEMSET(hash, 0, sizeof(hash));
printf(testingFmt, "wc_Shake256_Final()");
ret = wc_InitShake256(&shake, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
ret= wc_Shake256_Update(&shake, (byte*)msg, (word32)XSTRLEN(msg));
if (ret == 0) {
ret = wc_Shake256_Final(&shake, hash, (word32)sizeof(hash));
if (ret == 0 && XMEMCMP(expOut, hash, (word32)sizeof(hash)) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Test bad args. */
if (ret == 0) {
ret = wc_Shake256_Final(NULL, hash, (word32)sizeof(hash));
if (ret == 0) {
ret = wc_Shake256_Final(&shake, NULL, (word32)sizeof(hash));
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_Shake256_Free(&shake);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
}
/*
* Testing wc_Shake256_Copy()
*/
static int test_wc_Shake256_Copy (void)
{
int ret = 0;
#ifdef WOLFSSL_SHAKE256
wc_Shake shake, shakeCpy;
const char* msg = TEST_STRING;
word32 msglen = (word32)TEST_STRING_SZ;
byte hash[144];
byte hashCpy[144];
word32 hashLen = sizeof(hash);
word32 hashLenCpy = sizeof(hashCpy);
XMEMSET(hash, 0, sizeof(hash));
XMEMSET(hashCpy, 0, sizeof(hashCpy));
printf(testingFmt, "wc_Shake256_Copy()");
ret = wc_InitShake256(&shake, HEAP_HINT, devId);
if (ret != 0) {
return ret;
}
ret = wc_InitShake256(&shakeCpy, HEAP_HINT, devId);
if (ret != 0) {
wc_Shake256_Free(&shake);
return ret;
}
ret = wc_Shake256_Update(&shake, (byte*)msg, msglen);
if (ret == 0) {
ret = wc_Shake256_Copy(&shakeCpy, &shake);
if (ret == 0) {
ret = wc_Shake256_Final(&shake, hash, hashLen);
if (ret == 0) {
ret = wc_Shake256_Final(&shakeCpy, hashCpy, hashLenCpy);
}
}
if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Test bad args. */
if (ret == 0) {
ret = wc_Shake256_Copy(NULL, &shake);
if (ret == BAD_FUNC_ARG) {
ret = wc_Shake256_Copy(&shakeCpy, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_Shake256_Free(&shake);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Shake256_Copy */
/*
* Unit test function for wc_Shake256Hash()
*/
static int test_wc_Shake256Hash(void)
{
int ret = 0;
#ifdef WOLFSSL_SHAKE256
const byte data[] = { /* Hello World */
0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
0x72,0x6c,0x64
};
word32 len = sizeof(data);
byte hash[144];
word32 hashLen = sizeof(hash);
printf(testingFmt, "wc_Shake256Hash()");
ret = wc_Shake256Hash(data, len, hash, hashLen);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Shake256Hash */
/*
* Test function for wc_HmacSetKey
*/
static int test_wc_Md5HmacSetKey (void)
{
int flag = 0;
#if !defined(NO_HMAC) && !defined(NO_MD5)
Hmac hmac;
int ret, times, itr;
const char* keys[]=
{
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
#ifndef HAVE_FIPS
"Jefe", /* smaller than minimum FIPS key size */
#endif
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
};
times = sizeof(keys) / sizeof(char*);
flag = 0;
printf(testingFmt, "wc_HmacSetKey() with MD5");
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
for (itr = 0; itr < times; itr++) {
ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[itr],
(word32)XSTRLEN(keys[itr]));
#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5)
wc_HmacFree(&hmac);
if (ret == BAD_FUNC_ARG)
return 0;
else {
return WOLFSSL_FATAL_ERROR;
}
#else
if (ret != 0) {
flag = ret;
}
#endif
}
/* Bad args. */
if (!flag) {
ret = wc_HmacSetKey(NULL, WC_MD5, (byte*)keys[0],
(word32)XSTRLEN(keys[0]));
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacSetKey(&hmac, WC_MD5, NULL, (word32)XSTRLEN(keys[0]));
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0],
(word32)XSTRLEN(keys[0]));
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[0], 0);
#ifdef HAVE_FIPS
if (ret != HMAC_MIN_KEYLEN_E) {
flag = WOLFSSL_FATAL_ERROR;
}
#else
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
#endif
}
wc_HmacFree(&hmac);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Md5HmacSetKey */
/*
* testing wc_HmacSetKey() on wc_Sha hash.
*/
static int test_wc_ShaHmacSetKey (void)
{
int flag = 0;
#if !defined(NO_HMAC) && !defined(NO_SHA)
Hmac hmac;
int ret, times, itr;
const char* keys[]=
{
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b",
#ifndef HAVE_FIPS
"Jefe", /* smaller than minimum FIPS key size */
#endif
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA"
};
times = sizeof(keys) / sizeof(char*);
flag = 0;
printf(testingFmt, "wc_HmacSetKey() with SHA");
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
for (itr = 0; itr < times; itr++) {
ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[itr],
(word32)XSTRLEN(keys[itr]));
if (ret != 0) {
flag = ret;
}
}
/* Bad args. */
if (!flag) {
ret = wc_HmacSetKey(NULL, WC_SHA, (byte*)keys[0],
(word32)XSTRLEN(keys[0]));
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacSetKey(&hmac, WC_SHA, NULL, (word32)XSTRLEN(keys[0]));
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0],
(word32)XSTRLEN(keys[0]));
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[0], 0);
#ifdef HAVE_FIPS
if (ret != HMAC_MIN_KEYLEN_E) {
flag = WOLFSSL_FATAL_ERROR;
}
#else
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
#endif
}
wc_HmacFree(&hmac);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_ShaHmacSetKey() */
/*
* testing wc_HmacSetKey() on Sha224 hash.
*/
static int test_wc_Sha224HmacSetKey (void)
{
int flag = 0;
#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
Hmac hmac;
int ret, times, itr;
const char* keys[]=
{
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b",
#ifndef HAVE_FIPS
"Jefe", /* smaller than minimum FIPS key size */
#endif
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA"
};
times = sizeof(keys) / sizeof(char*);
flag = 0;
printf(testingFmt, "wc_HmacSetKey() with SHA 224");
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
for (itr = 0; itr < times; itr++) {
ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[itr],
(word32)XSTRLEN(keys[itr]));
if (ret != 0) {
flag = ret;
}
}
/* Bad args. */
if (!flag) {
ret = wc_HmacSetKey(NULL, WC_SHA224, (byte*)keys[0],
(word32)XSTRLEN(keys[0]));
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacSetKey(&hmac, WC_SHA224, NULL, (word32)XSTRLEN(keys[0]));
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0],
(word32)XSTRLEN(keys[0]));
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[0], 0);
#ifdef HAVE_FIPS
if (ret != HMAC_MIN_KEYLEN_E) {
flag = WOLFSSL_FATAL_ERROR;
}
#else
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
#endif
}
wc_HmacFree(&hmac);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha224HmacSetKey() */
/*
* testing wc_HmacSetKey() on Sha256 hash
*/
static int test_wc_Sha256HmacSetKey (void)
{
int flag = 0;
#if !defined(NO_HMAC) && !defined(NO_SHA256)
Hmac hmac;
int ret, times, itr;
const char* keys[]=
{
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b",
#ifndef HAVE_FIPS
"Jefe", /* smaller than minimum FIPS key size */
#endif
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA"
};
times = sizeof(keys) / sizeof(char*);
flag = 0;
printf(testingFmt, "wc_HmacSetKey() with SHA256");
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
for (itr = 0; itr < times; itr++) {
ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[itr],
(word32)XSTRLEN(keys[itr]));
if (ret != 0) {
flag = ret;
}
}
/* Bad args. */
if (!flag) {
ret = wc_HmacSetKey(NULL, WC_SHA256, (byte*)keys[0],
(word32)XSTRLEN(keys[0]));
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacSetKey(&hmac, WC_SHA256, NULL, (word32)XSTRLEN(keys[0]));
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0],
(word32)XSTRLEN(keys[0]));
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[0], 0);
#ifdef HAVE_FIPS
if (ret != HMAC_MIN_KEYLEN_E) {
flag = WOLFSSL_FATAL_ERROR;
}
#else
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
#endif
}
wc_HmacFree(&hmac);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha256HmacSetKey() */
/*
* testing wc_HmacSetKey on Sha384 hash.
*/
static int test_wc_Sha384HmacSetKey (void)
{
int flag = 0;
#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
Hmac hmac;
int ret, times, itr;
const char* keys[]=
{
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b",
#ifndef HAVE_FIPS
"Jefe", /* smaller than minimum FIPS key size */
#endif
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
"\xAA\xAA\xAA"
};
times = sizeof(keys) / sizeof(char*);
flag = 0;
printf(testingFmt, "wc_HmacSetKey() with SHA384");
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
for (itr = 0; itr < times; itr++) {
ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[itr],
(word32)XSTRLEN(keys[itr]));
if (ret != 0) {
flag = ret;
}
}
/* Bad args. */
if (!flag) {
ret = wc_HmacSetKey(NULL, WC_SHA384, (byte*)keys[0],
(word32)XSTRLEN(keys[0]));
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacSetKey(&hmac, WC_SHA384, NULL, (word32)XSTRLEN(keys[0]));
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0],
(word32)XSTRLEN(keys[0]));
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[0], 0);
#ifdef HAVE_FIPS
if (ret != HMAC_MIN_KEYLEN_E) {
flag = WOLFSSL_FATAL_ERROR;
}
#else
if (ret != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
#endif
}
wc_HmacFree(&hmac);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha384HmacSetKey() */
/*
* testing wc_HmacUpdate on wc_Md5 hash.
*/
static int test_wc_Md5HmacUpdate (void)
{
int flag = 0;
#if !defined(NO_HMAC) && !defined(NO_MD5) && !(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5))
Hmac hmac;
testVector a, b;
int ret;
#ifdef HAVE_FIPS
const char* keys =
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
#else
const char* keys = "Jefe";
#endif
a.input = "what do ya want for nothing?";
a.inLen = XSTRLEN(a.input);
b.input = "Hi There";
b.inLen = XSTRLEN(b.input);
flag = 0;
printf(testingFmt, "wc_HmacUpdate() with MD5");
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys, (word32)XSTRLEN(keys));
if (ret != 0) {
flag = ret;
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen);
if (ret != 0) {
flag = ret;
}
}
/* Update Hmac. */
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
/* Test bad args. */
if (!flag) {
ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0);
if (ret != 0) {
flag = ret;
}
}
wc_HmacFree(&hmac);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Md5HmacUpdate */
/*
* testing wc_HmacUpdate on SHA hash.
*/
static int test_wc_ShaHmacUpdate (void)
{
int flag = 0;
#if !defined(NO_HMAC) && !defined(NO_SHA)
Hmac hmac;
testVector a, b;
int ret;
#ifdef HAVE_FIPS
const char* keys =
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
#else
const char* keys = "Jefe";
#endif
a.input = "what do ya want for nothing?";
a.inLen = XSTRLEN(a.input);
b.input = "Hi There";
b.inLen = XSTRLEN(b.input);
flag = 0;
printf(testingFmt, "wc_HmacUpdate() with SHA");
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys, (word32)XSTRLEN(keys));
if (ret != 0) {
flag = ret;
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen);
if (ret != 0) {
flag = ret;
}
}
/* Update Hmac. */
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
/* Test bad args. */
if (!flag) {
ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0);
if (ret != 0) {
flag = ret;
}
}
wc_HmacFree(&hmac);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_ShaHmacUpdate */
/*
* testing wc_HmacUpdate on SHA224 hash.
*/
static int test_wc_Sha224HmacUpdate (void)
{
int flag = 0;
#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
Hmac hmac;
testVector a, b;
int ret;
#ifdef HAVE_FIPS
const char* keys =
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
#else
const char* keys = "Jefe";
#endif
a.input = "what do ya want for nothing?";
a.inLen = XSTRLEN(a.input);
b.input = "Hi There";
b.inLen = XSTRLEN(b.input);
flag = 0;
printf(testingFmt, "wc_HmacUpdate() with SHA224");
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys, (word32)XSTRLEN(keys));
if (ret != 0) {
flag = ret;
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen);
if (ret != 0) {
flag = ret;
}
}
/* Update Hmac. */
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
/* Test bad args. */
if (!flag) {
ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0);
if (ret != 0) {
flag = ret;
}
}
wc_HmacFree(&hmac);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha224HmacUpdate */
/*
* testing wc_HmacUpdate on SHA256 hash.
*/
static int test_wc_Sha256HmacUpdate (void)
{
int flag = 0;
#if !defined(NO_HMAC) && !defined(NO_SHA256)
Hmac hmac;
testVector a, b;
int ret;
#ifdef HAVE_FIPS
const char* keys =
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
#else
const char* keys = "Jefe";
#endif
a.input = "what do ya want for nothing?";
a.inLen = XSTRLEN(a.input);
b.input = "Hi There";
b.inLen = XSTRLEN(b.input);
flag = 0;
printf(testingFmt, "wc_HmacUpdate() with WC_SHA256");
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys, (word32)XSTRLEN(keys));
if (ret != 0) {
flag = ret;
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen);
if (ret != 0) {
flag = ret;
}
}
/* Update Hmac. */
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
/* Test bad args. */
if (!flag) {
ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0);
if (ret != 0) {
flag = ret;
}
}
wc_HmacFree(&hmac);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha256HmacUpdate */
/*
* testing wc_HmacUpdate on SHA384 hash.
*/
static int test_wc_Sha384HmacUpdate (void)
{
int flag = 0;
#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
Hmac hmac;
testVector a, b;
int ret;
#ifdef HAVE_FIPS
const char* keys =
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
#else
const char* keys = "Jefe";
#endif
a.input = "what do ya want for nothing?";
a.inLen = XSTRLEN(a.input);
b.input = "Hi There";
b.inLen = XSTRLEN(b.input);
flag = 0;
printf(testingFmt, "wc_HmacUpdate() with SHA384");
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys, (word32)XSTRLEN(keys));
if (ret != 0) {
flag = ret;
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen);
if (ret != 0) {
flag = ret;
}
}
/* Update Hmac. */
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
/* Test bad args. */
if (!flag) {
ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0);
if (ret != 0) {
flag = ret;
}
}
wc_HmacFree(&hmac);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha384HmacUpdate */
/*
* Testing wc_HmacFinal() with MD5
*/
static int test_wc_Md5HmacFinal (void)
{
int flag = 0;
#if !defined(NO_HMAC) && !defined(NO_MD5) && !(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5))
Hmac hmac;
byte hash[WC_MD5_DIGEST_SIZE];
testVector a;
int ret;
const char* key;
key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
a.input = "Hi There";
a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc"
"\x9d";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
flag = 0;
printf(testingFmt, "wc_HmacFinal() with MD5");
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)key, (word32)XSTRLEN(key));
if (ret != 0) {
flag = ret;
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_HmacFinal(&hmac, hash);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
if (XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
/* Try bad parameters. */
if (!flag) {
ret = wc_HmacFinal(NULL, hash);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
#ifndef HAVE_FIPS
if (!flag) {
ret = wc_HmacFinal(&hmac, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
#endif
wc_HmacFree(&hmac);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Md5HmacFinal */
/*
* Testing wc_HmacFinal() with SHA
*/
static int test_wc_ShaHmacFinal (void)
{
int flag = 0;
#if !defined(NO_HMAC) && !defined(NO_SHA)
Hmac hmac;
byte hash[WC_SHA_DIGEST_SIZE];
testVector a;
int ret;
const char* key;
key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b";
a.input = "Hi There";
a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c"
"\x8e\xf1\x46\xbe\x00";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
flag = 0;
printf(testingFmt, "wc_HmacFinal() with SHA");
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)key, (word32)XSTRLEN(key));
if (ret != 0) {
flag = ret;
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_HmacFinal(&hmac, hash);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
if (XMEMCMP(hash, a.output, WC_SHA_DIGEST_SIZE) != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
/* Try bad parameters. */
if (!flag) {
ret = wc_HmacFinal(NULL, hash);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
#ifndef HAVE_FIPS
if (!flag) {
ret = wc_HmacFinal(&hmac, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
#endif
wc_HmacFree(&hmac);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_ShaHmacFinal */
/*
* Testing wc_HmacFinal() with SHA224
*/
static int test_wc_Sha224HmacFinal (void)
{
int flag = 0;
#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
Hmac hmac;
byte hash[WC_SHA224_DIGEST_SIZE];
testVector a;
int ret;
const char* key;
key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b";
a.input = "Hi There";
a.output = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3"
"\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
flag = 0;
printf(testingFmt, "wc_HmacFinal() with SHA224");
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)key, (word32)XSTRLEN(key));
if (ret != 0) {
flag = ret;
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_HmacFinal(&hmac, hash);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
if (XMEMCMP(hash, a.output, WC_SHA224_DIGEST_SIZE) != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
/* Try bad parameters. */
if (!flag) {
ret = wc_HmacFinal(NULL, hash);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
#ifndef HAVE_FIPS
if (!flag) {
ret = wc_HmacFinal(&hmac, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
#endif
wc_HmacFree(&hmac);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha224HmacFinal */
/*
* Testing wc_HmacFinal() with SHA256
*/
static int test_wc_Sha256HmacFinal (void)
{
int flag = 0;
#if !defined(NO_HMAC) && !defined(NO_SHA256)
Hmac hmac;
byte hash[WC_SHA256_DIGEST_SIZE];
testVector a;
int ret;
const char* key;
key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b";
a.input = "Hi There";
a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1"
"\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32"
"\xcf\xf7";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
flag = 0;
printf(testingFmt, "wc_HmacFinal() with WC_SHA256");
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)key, (word32)XSTRLEN(key));
if (ret != 0) {
flag = ret;
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_HmacFinal(&hmac, hash);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
if (XMEMCMP(hash, a.output, WC_SHA256_DIGEST_SIZE) != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
/* Try bad parameters. */
if (!flag) {
ret = wc_HmacFinal(NULL, hash);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
#ifndef HAVE_FIPS
if (!flag) {
ret = wc_HmacFinal(&hmac, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
#endif
wc_HmacFree(&hmac);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha256HmacFinal */
/*
* Testing wc_HmacFinal() with SHA384
*/
static int test_wc_Sha384HmacFinal (void)
{
int flag = 0;
#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
Hmac hmac;
byte hash[WC_SHA384_DIGEST_SIZE];
testVector a;
int ret;
const char* key;
key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b";
a.input = "Hi There";
a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90"
"\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb"
"\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2"
"\xfa\x9c\xb6";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
flag = 0;
printf(testingFmt, "wc_HmacFinal() with SHA384");
ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)key, (word32)XSTRLEN(key));
if (ret != 0) {
flag = ret;
}
if (!flag) {
ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
ret = wc_HmacFinal(&hmac, hash);
if (ret != 0) {
flag = ret;
}
}
if (!flag) {
if (XMEMCMP(hash, a.output, WC_SHA384_DIGEST_SIZE) != 0) {
flag = WOLFSSL_FATAL_ERROR;
}
}
/* Try bad parameters. */
if (!flag) {
ret = wc_HmacFinal(NULL, hash);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
#ifndef HAVE_FIPS
if (!flag) {
ret = wc_HmacFinal(&hmac, NULL);
if (ret != BAD_FUNC_ARG) {
flag = WOLFSSL_FATAL_ERROR;
}
}
#endif
wc_HmacFree(&hmac);
printf(resultFmt, flag == 0 ? passed : failed);
#endif
return flag;
} /* END test_wc_Sha384HmacFinal */
/*
* Testing wc_InitCmac()
*/
static int test_wc_InitCmac (void)
{
int ret = 0;
#if defined(WOLFSSL_CMAC) && !defined(NO_AES)
Cmac cmac1, cmac2, cmac3;
/* AES 128 key. */
byte key1[] = "\x01\x02\x03\x04\x05\x06\x07\x08"
"\x09\x10\x11\x12\x13\x14\x15\x16";
/* AES 192 key. */
byte key2[] = "\x01\x02\x03\x04\x05\x06\x07\x08"
"\x09\x01\x11\x12\x13\x14\x15\x16"
"\x01\x02\x03\x04\x05\x06\x07\x08";
/* AES 256 key. */
byte key3[] = "\x01\x02\x03\x04\x05\x06\x07\x08"
"\x09\x01\x11\x12\x13\x14\x15\x16"
"\x01\x02\x03\x04\x05\x06\x07\x08"
"\x09\x01\x11\x12\x13\x14\x15\x16";
word32 key1Sz = (word32)sizeof(key1) - 1;
word32 key2Sz = (word32)sizeof(key2) - 1;
word32 key3Sz = (word32)sizeof(key3) - 1;
int type = WC_CMAC_AES;
printf(testingFmt, "wc_InitCmac()");
#ifdef WOLFSSL_AES_128
ret = wc_InitCmac(&cmac1, key1, key1Sz, type, NULL);
#endif
#ifdef WOLFSSL_AES_192
if (ret == 0) {
wc_AesFree(&cmac1.aes);
ret = wc_InitCmac(&cmac2, key2, key2Sz, type, NULL);
}
#endif
#ifdef WOLFSSL_AES_256
if (ret == 0) {
wc_AesFree(&cmac2.aes);
ret = wc_InitCmac(&cmac3, key3, key3Sz, type, NULL);
}
#endif
/* Test bad args. */
if (ret == 0) {
wc_AesFree(&cmac3.aes);
ret = wc_InitCmac(NULL, key3, key3Sz, type, NULL);
if (ret == BAD_FUNC_ARG) {
ret = wc_InitCmac(&cmac3, NULL, key3Sz, type, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_InitCmac(&cmac3, key3, 0, type, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_InitCmac(&cmac3, key3, key3Sz, 0, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
(void)key1;
(void)key1Sz;
(void)key2;
(void)key2Sz;
(void)cmac1;
(void)cmac2;
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_InitCmac */
/*
* Testing wc_CmacUpdate()
*/
static int test_wc_CmacUpdate (void)
{
int ret = 0;
#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128)
Cmac cmac;
byte key[] =
{
0x64, 0x4c, 0xbf, 0x12, 0x85, 0x9d, 0xf0, 0x55,
0x7e, 0xa9, 0x1f, 0x08, 0xe0, 0x51, 0xff, 0x27
};
byte in[] = "\xe2\xb4\xb6\xf9\x48\x44\x02\x64"
"\x5c\x47\x80\x9e\xd5\xa8\x3a\x17"
"\xb3\x78\xcf\x85\x22\x41\x74\xd9"
"\xa0\x97\x39\x71\x62\xf1\x8e\x8f"
"\xf4";
word32 inSz = (word32)sizeof(in) - 1;
word32 keySz = (word32)sizeof(key);
int type = WC_CMAC_AES;
ret = wc_InitCmac(&cmac, key, keySz, type, NULL);
if (ret != 0) {
return ret;
}
printf(testingFmt, "wc_CmacUpdate()");
ret = wc_CmacUpdate(&cmac, in, inSz);
/* Test bad args. */
if (ret == 0) {
ret = wc_CmacUpdate(NULL, in, inSz);
if (ret == BAD_FUNC_ARG) {
ret = wc_CmacUpdate(&cmac, NULL, 30);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_AesFree(&cmac.aes);
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_CmacUpdate */
/*
* Testing wc_CmacFinal()
*/
static int test_wc_CmacFinal (void)
{
int ret = 0;
#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128)
Cmac cmac;
byte key[] =
{
0x64, 0x4c, 0xbf, 0x12, 0x85, 0x9d, 0xf0, 0x55,
0x7e, 0xa9, 0x1f, 0x08, 0xe0, 0x51, 0xff, 0x27
};
byte msg[] =
{
0xe2, 0xb4, 0xb6, 0xf9, 0x48, 0x44, 0x02, 0x64,
0x5c, 0x47, 0x80, 0x9e, 0xd5, 0xa8, 0x3a, 0x17,
0xb3, 0x78, 0xcf, 0x85, 0x22, 0x41, 0x74, 0xd9,
0xa0, 0x97, 0x39, 0x71, 0x62, 0xf1, 0x8e, 0x8f,
0xf4
};
/* Test vectors from CMACGenAES128.rsp from
* http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html#cmac
* Per RFC4493 truncation of lsb is possible.
*/
byte expMac[] =
{
0x4e, 0x6e, 0xc5, 0x6f, 0xf9, 0x5d, 0x0e, 0xae,
0x1c, 0xf8, 0x3e, 0xfc, 0xf4, 0x4b, 0xeb
};
byte mac[AES_BLOCK_SIZE];
word32 msgSz = (word32)sizeof(msg);
word32 keySz = (word32)sizeof(key);
word32 macSz = sizeof(mac);
word32 badMacSz = 17;
int expMacSz = sizeof(expMac);
int type = WC_CMAC_AES;
XMEMSET(mac, 0, macSz);
ret = wc_InitCmac(&cmac, key, keySz, type, NULL);
if (ret != 0) {
return ret;
}
ret = wc_CmacUpdate(&cmac, msg, msgSz);
printf(testingFmt, "wc_CmacFinal()");
if (ret == 0) {
ret = wc_CmacFinal(&cmac, mac, &macSz);
if (ret == 0 && XMEMCMP(mac, expMac, expMacSz) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
/* Pass in bad args. */
if (ret == 0) {
ret = wc_CmacFinal(NULL, mac, &macSz);
if (ret == BAD_FUNC_ARG) {
ret = wc_CmacFinal(&cmac, NULL, &macSz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_CmacFinal(&cmac, mac, &badMacSz);
if (ret == BUFFER_E) {
ret = 0;
}
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_CmacFinal */
/*
* Testing wc_AesCmacGenerate() && wc_AesCmacVerify()
*/
static int test_wc_AesCmacGenerate (void)
{
int ret = 0;
#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128)
Cmac cmac;
byte key[] =
{
0x26, 0xef, 0x8b, 0x40, 0x34, 0x11, 0x7d, 0x9e,
0xbe, 0xc0, 0xc7, 0xfc, 0x31, 0x08, 0x54, 0x69
};
byte msg[] = "\x18\x90\x49\xef\xfd\x7c\xf9\xc8"
"\xf3\x59\x65\xbc\xb0\x97\x8f\xd4";
byte expMac[] = "\x29\x5f\x2f\x71\xfc\x58\xe6\xf6"
"\x3d\x32\x65\x4c\x66\x23\xc5";
byte mac[AES_BLOCK_SIZE];
word32 keySz = sizeof(key);
word32 macSz = sizeof(mac);
word32 msgSz = sizeof(msg) - 1;
word32 expMacSz = sizeof(expMac) - 1;
int type = WC_CMAC_AES;
XMEMSET(mac, 0, macSz);
ret = wc_InitCmac(&cmac, key, keySz, type, NULL);
if (ret != 0) {
return ret;
}
ret = wc_CmacUpdate(&cmac, msg, msgSz);
if (ret != 0) {
return ret;
} else {
wc_AesFree(&cmac.aes);
}
printf(testingFmt, "wc_AesCmacGenerate()");
ret = wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, keySz);
if (ret == 0 && XMEMCMP(mac, expMac, expMacSz) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
/* Pass in bad args. */
if (ret == 0) {
ret = wc_AesCmacGenerate(NULL, &macSz, msg, msgSz, key, keySz);
if (ret == BAD_FUNC_ARG) {
ret = wc_AesCmacGenerate(mac, &macSz, msg, msgSz, NULL, keySz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, 0);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_AesCmacGenerate(mac, &macSz, NULL, msgSz, key, keySz);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (ret == 0) {
printf(testingFmt, "wc_AesCmacVerify()");
ret = wc_AesCmacVerify(mac, macSz, msg, msgSz, key, keySz);
/* Test bad args. */
if (ret == 0) {
ret = wc_AesCmacVerify(NULL, macSz, msg, msgSz, key, keySz);
if (ret == BAD_FUNC_ARG) {
ret = wc_AesCmacVerify(mac, 0, msg, msgSz, key, keySz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_AesCmacVerify(mac, macSz, msg, msgSz, NULL, keySz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_AesCmacVerify(mac, macSz, msg, msgSz, key, 0);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_AesCmacVerify(mac, macSz, NULL, msgSz, key, keySz);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
}
#endif
return ret;
} /* END test_wc_AesCmacGenerate */
/*
* Testing streaming AES-GCM API.
*/
static int test_wc_AesGcmStream (void)
{
int ret = 0;
#if !defined(NO_AES) && defined(WOLFSSL_AES_128) && defined(HAVE_AESGCM) && \
defined(WOLFSSL_AESGCM_STREAM)
int i;
WC_RNG rng[1];
Aes aesEnc[1];
Aes aesDec[1];
byte tag[AES_BLOCK_SIZE];
byte in[AES_BLOCK_SIZE * 3 + 2] = { 0, };
byte out[AES_BLOCK_SIZE * 3 + 2];
byte plain[AES_BLOCK_SIZE * 3 + 2];
byte aad[AES_BLOCK_SIZE * 3 + 2] = { 0, };
byte key[AES_128_KEY_SIZE] = { 0, };
byte iv[AES_IV_SIZE] = { 1, };
byte ivOut[AES_IV_SIZE];
static const byte expTagAAD1[AES_BLOCK_SIZE] = {
0x6c, 0x35, 0xe6, 0x7f, 0x59, 0x9e, 0xa9, 0x2f,
0x27, 0x2d, 0x5f, 0x8e, 0x7e, 0x42, 0xd3, 0x05
};
static const byte expTagPlain1[AES_BLOCK_SIZE] = {
0x24, 0xba, 0x57, 0x95, 0xd0, 0x27, 0x9e, 0x78,
0x3a, 0x88, 0x4c, 0x0a, 0x5d, 0x50, 0x23, 0xd1
};
static const byte expTag[AES_BLOCK_SIZE] = {
0x22, 0x91, 0x70, 0xad, 0x42, 0xc3, 0xad, 0x96,
0xe0, 0x31, 0x57, 0x60, 0xb7, 0x92, 0xa3, 0x6d
};
/* Create a random for generating IV/nonce. */
AssertIntEQ(wc_InitRng(rng), 0);
/* Initialize data structures. */
AssertIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0);
AssertIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
/* BadParameters to streaming init. */
AssertIntEQ(wc_AesGcmEncryptInit(NULL, NULL, 0, NULL, 0), BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmDecryptInit(NULL, NULL, 0, NULL, 0), BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, AES_128_KEY_SIZE, NULL, 0),
BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, 0, NULL, GCM_NONCE_MID_SZ),
BAD_FUNC_ARG);
/* Bad parameters to encrypt update. */
AssertIntEQ(wc_AesGcmEncryptUpdate(NULL, NULL, NULL, 0, NULL, 0),
BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 1, NULL, 0),
BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, in, 1, NULL, 0),
BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, NULL, 1, NULL, 0),
BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, NULL, 1),
BAD_FUNC_ARG);
/* Bad parameters to decrypt update. */
AssertIntEQ(wc_AesGcmDecryptUpdate(NULL, NULL, NULL, 0, NULL, 0),
BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 1, NULL, 0),
BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, in, 1, NULL, 0),
BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, out, NULL, 1, NULL, 0),
BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, NULL, 1),
BAD_FUNC_ARG);
/* Bad parameters to encrypt final. */
AssertIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, 0), BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmEncryptFinal(NULL, tag, 0), BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, AES_BLOCK_SIZE),
BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, 0), BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, NULL, AES_BLOCK_SIZE),
BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE + 1),
BAD_FUNC_ARG);
/* Bad parameters to decrypt final. */
AssertIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, 0), BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmDecryptFinal(NULL, tag, 0), BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, AES_BLOCK_SIZE),
BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, 0), BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, NULL, AES_BLOCK_SIZE),
BAD_FUNC_ARG);
AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE + 1),
BAD_FUNC_ARG);
/* Check calling final before setting key fails. */
AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), MISSING_KEY);
AssertIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), MISSING_KEY);
/* Check calling update before setting key else fails. */
AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1),
MISSING_KEY);
AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1),
MISSING_KEY);
/* Set key but not IV. */
AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), NULL, 0), 0);
AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), NULL, 0), 0);
/* Check calling final before setting IV fails. */
AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), MISSING_IV);
AssertIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), MISSING_IV);
/* Check calling update before setting IV else fails. */
AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1),
MISSING_IV);
AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1),
MISSING_IV);
/* Set IV using fixed part IV and external IV APIs. */
AssertIntEQ(wc_AesGcmSetIV(aesEnc, GCM_NONCE_MID_SZ, iv, AES_IV_FIXED_SZ,
rng), 0);
AssertIntEQ(wc_AesGcmEncryptInit_ex(aesEnc, NULL, 0, ivOut,
GCM_NONCE_MID_SZ), 0);
AssertIntEQ(wc_AesGcmSetExtIV(aesDec, ivOut, GCM_NONCE_MID_SZ), 0);
AssertIntEQ(wc_AesGcmInit(aesDec, NULL, 0, NULL, 0), 0);
/* Encrypt and decrypt data. */
AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, aad, 1), 0);
AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, aad, 1), 0);
AssertIntEQ(XMEMCMP(plain, in, 1), 0);
/* Finalize and check tag matches. */
AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
/* Set key and IV through streaming init API. */
AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
/* Encrypt/decrypt one block and AAD of one block. */
AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, AES_BLOCK_SIZE, aad,
AES_BLOCK_SIZE), 0);
AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, AES_BLOCK_SIZE, aad,
AES_BLOCK_SIZE), 0);
AssertIntEQ(XMEMCMP(plain, in, AES_BLOCK_SIZE), 0);
/* Finalize and check tag matches. */
AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
/* Set key and IV through streaming init API. */
AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
/* No data to encrypt/decrypt one byte of AAD. */
AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1), 0);
AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1), 0);
/* Finalize and check tag matches. */
AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
AssertIntEQ(XMEMCMP(tag, expTagAAD1, AES_BLOCK_SIZE), 0);
AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
/* Set key and IV through streaming init API. */
AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
/* Encrypt/decrypt one byte and no AAD. */
AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, NULL, 0), 0);
AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, NULL, 0), 0);
AssertIntEQ(XMEMCMP(plain, in, 1), 0);
/* Finalize and check tag matches. */
AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
AssertIntEQ(XMEMCMP(tag, expTagPlain1, AES_BLOCK_SIZE), 0);
AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
/* Set key and IV through streaming init API. */
AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
/* Encryption AES is one byte at a time */
for (i = 0; i < (int)sizeof(aad); i++) {
AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad + i, 1),
0);
}
for (i = 0; i < (int)sizeof(in); i++) {
AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out + i, in + i, 1, NULL, 0),
0);
}
/* Decryption AES is two bytes at a time */
for (i = 0; i < (int)sizeof(aad); i += 2) {
AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad + i, 2),
0);
}
for (i = 0; i < (int)sizeof(aad); i += 2) {
AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain + i, out + i, 2, NULL,
0), 0);
}
AssertIntEQ(XMEMCMP(plain, in, sizeof(in)), 0);
/* Finalize and check tag matches. */
AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
AssertIntEQ(XMEMCMP(tag, expTag, AES_BLOCK_SIZE), 0);
AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
/* Check streaming encryption can be decrypted with one shot. */
AssertIntEQ(wc_AesGcmSetKey(aesDec, key, sizeof(key)), 0);
AssertIntEQ(wc_AesGcmDecrypt(aesDec, plain, out, sizeof(in), iv,
AES_IV_SIZE, tag, AES_BLOCK_SIZE, aad, sizeof(aad)), 0);
AssertIntEQ(XMEMCMP(plain, in, sizeof(in)), 0);
wc_AesFree(aesEnc);
wc_AesFree(aesDec);
wc_FreeRng(rng);
#endif
return ret;
} /* END test_wc_AesGcmStream */
/*
* unit test for wc_Des3_SetIV()
*/
static int test_wc_Des3_SetIV (void)
{
int ret = 0;
#ifndef NO_DES3
Des3 des;
const byte key[] =
{
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
};
const byte iv[] =
{
0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
};
printf(testingFmt, "wc_Des3_SetIV()");
ret = wc_Des3Init(&des, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
/* DES_ENCRYPTION or DES_DECRYPTION */
ret = wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION);
if (ret == 0) {
if (XMEMCMP(iv, des.reg, DES_BLOCK_SIZE) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
#ifndef HAVE_FIPS /* no sanity checks with FIPS wrapper */
/* Test explicitly wc_Des3_SetIV() */
if (ret == 0) {
ret = wc_Des3_SetIV(NULL, iv);
if (ret == BAD_FUNC_ARG) {
ret = wc_Des3_SetIV(&des, NULL);
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
#endif
wc_Des3Free(&des);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Des3_SetIV */
/*
* unit test for wc_Des3_SetKey()
*/
static int test_wc_Des3_SetKey (void)
{
int ret = 0;
#ifndef NO_DES3
Des3 des;
const byte key[] =
{
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
};
const byte iv[] =
{
0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
};
printf(testingFmt, "wc_Des3_SetKey()");
ret = wc_Des3Init(&des, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
/* DES_ENCRYPTION or DES_DECRYPTION */
ret = wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION);
if (ret == 0) {
if (XMEMCMP(iv, des.reg, DES_BLOCK_SIZE) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Test bad args. */
if (ret == 0) {
ret = wc_Des3_SetKey(NULL, key, iv, DES_ENCRYPTION);
if (ret == BAD_FUNC_ARG) {
ret = wc_Des3_SetKey(&des, NULL, iv, DES_ENCRYPTION);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_Des3_SetKey(&des, key, iv, -1);
}
if (ret == BAD_FUNC_ARG) {
/* Default case. Should return 0. */
ret = wc_Des3_SetKey(&des, key, NULL, DES_ENCRYPTION);
}
} /* END if ret != 0 */
wc_Des3Free(&des);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Des3_SetKey */
/*
* Test function for wc_Des3_CbcEncrypt and wc_Des3_CbcDecrypt
*/
static int test_wc_Des3_CbcEncryptDecrypt (void)
{
int ret = 0;
#ifndef NO_DES3
Des3 des;
byte cipher[24];
byte plain[24];
const byte key[] =
{
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
};
const byte iv[] =
{
0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
};
const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */
0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
};
printf(testingFmt, "wc_Des3_CbcEncrypt()");
ret = wc_Des3Init(&des, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
ret = wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION);
if (ret == 0) {
ret = wc_Des3_CbcEncrypt(&des, cipher, vector, 24);
if (ret == 0) {
ret = wc_Des3_SetKey(&des, key, iv, DES_DECRYPTION);
}
if (ret == 0) {
ret = wc_Des3_CbcDecrypt(&des, plain, cipher, 24);
}
}
if (ret == 0) {
if (XMEMCMP(plain, vector, 24) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Pass in bad args. */
if (ret == 0) {
ret = wc_Des3_CbcEncrypt(NULL, cipher, vector, 24);
if (ret == BAD_FUNC_ARG) {
ret = wc_Des3_CbcEncrypt(&des, NULL, vector, 24);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_Des3_CbcEncrypt(&des, cipher, NULL, sizeof(vector));
}
if (ret != BAD_FUNC_ARG) {
ret = WOLFSSL_FATAL_ERROR;
} else {
ret = 0;
}
}
if (ret == 0) {
ret = wc_Des3_CbcDecrypt(NULL, plain, cipher, 24);
if (ret == BAD_FUNC_ARG) {
ret = wc_Des3_CbcDecrypt(&des, NULL, cipher, 24);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_Des3_CbcDecrypt(&des, plain, NULL, 24);
}
if (ret != BAD_FUNC_ARG) {
ret = WOLFSSL_FATAL_ERROR;
} else {
ret = 0;
}
}
wc_Des3Free(&des);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END wc_Des3_CbcEncrypt */
/*
* Unit test for wc_Des3_CbcEncryptWithKey and wc_Des3_CbcDecryptWithKey
*/
static int test_wc_Des3_CbcEncryptDecryptWithKey (void)
{
int ret = 0;
#ifndef NO_DES3
word32 vectorSz, cipherSz;
byte cipher[24];
byte plain[24];
byte vector[] = /* Now is the time for all w/o trailing 0 */
{
0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
};
byte key[] =
{
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
};
byte iv[] =
{
0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
};
vectorSz = sizeof(byte) * 24;
cipherSz = sizeof(byte) * 24;
printf(testingFmt, "wc_Des3_CbcEncryptWithKey()");
ret = wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, key, iv);
if (ret == 0) {
ret = wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, key, iv);
if (ret == 0) {
if (XMEMCMP(plain, vector, 24) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
/* pass in bad args. */
if (ret == 0) {
ret = wc_Des3_CbcEncryptWithKey(NULL, vector, vectorSz, key, iv);
if (ret == BAD_FUNC_ARG) {
ret = wc_Des3_CbcEncryptWithKey(cipher, NULL, vectorSz, key, iv);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, NULL, iv);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz,
key, NULL);
} else {
/* Return code catch. */
ret = WOLFSSL_FAILURE;
}
}
if (ret == 0) {
ret = wc_Des3_CbcDecryptWithKey(NULL, cipher, cipherSz, key, iv);
if (ret == BAD_FUNC_ARG) {
ret = wc_Des3_CbcDecryptWithKey(plain, NULL, cipherSz, key, iv);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, NULL, iv);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, key, NULL);
} else {
ret = WOLFSSL_FAILURE;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Des3_CbcEncryptDecryptWithKey */
/*
* Unit test for wc_Des3_EcbEncrypt
*/
static int test_wc_Des3_EcbEncrypt (void)
{
int ret = 0;
#if !defined(NO_DES3) && defined(WOLFSSL_DES_ECB)
Des3 des;
byte cipher[24];
word32 cipherSz = sizeof(cipher);
const byte key[] =
{
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
};
const byte iv[] =
{
0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
};
const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */
0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
};
printf(testingFmt, "wc_Des3_EcbEncrypt()");
ret = wc_Des3Init(&des, NULL, INVALID_DEVID);
if (ret != 0) {
return ret;
}
if (ret == 0 ) {
ret = wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION);
}
/* Bad Cases */
if (ret == 0) {
ret = wc_Des3_EcbEncrypt(NULL, cipher, vector, cipherSz);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_Des3_EcbEncrypt(&des, 0, vector, cipherSz);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_Des3_EcbEncrypt(&des, cipher, NULL, cipherSz);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_Des3_EcbEncrypt(&des, cipher, vector, 0);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_Des3_EcbEncrypt(NULL, 0, NULL, 0);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
/* Good Cases */
if (ret == 0) {
ret = wc_Des3_EcbEncrypt(&des, cipher, vector, cipherSz);
}
wc_Des3Free(&des);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Des3_EcbEncrypt */
/*
* Testing wc_Chacha_SetKey() and wc_Chacha_SetIV()
*/
static int test_wc_Chacha_SetKey (void)
{
int ret = 0;
#ifdef HAVE_CHACHA
ChaCha ctx;
const byte key[] =
{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
};
byte cipher[128];
printf(testingFmt, "wc_Chacha_SetKey()");
ret = wc_Chacha_SetKey(&ctx, key, (word32)(sizeof(key)/sizeof(byte)));
/* Test bad args. */
if (ret == 0) {
ret = wc_Chacha_SetKey(NULL, key, (word32)(sizeof(key)/sizeof(byte)));
if (ret == BAD_FUNC_ARG) {
ret = wc_Chacha_SetKey(&ctx, key, 18);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (ret != 0) {
return ret;
}
printf(testingFmt, "wc_Chacha_SetIV");
ret = wc_Chacha_SetIV(&ctx, cipher, 0);
if (ret == 0) {
/* Test bad args. */
ret = wc_Chacha_SetIV(NULL, cipher, 0);
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FAILURE;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Chacha_SetKey */
/*
* unit test for wc_Poly1305SetKey()
*/
static int test_wc_Poly1305SetKey(void)
{
int ret = 0;
#ifdef HAVE_POLY1305
Poly1305 ctx;
const byte key[] =
{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
};
printf(testingFmt, "wc_Poly1305_SetKey()");
ret = wc_Poly1305SetKey(&ctx, key, (word32)(sizeof(key)/sizeof(byte)));
/* Test bad args. */
if (ret == 0) {
ret = wc_Poly1305SetKey(NULL, key, (word32)(sizeof(key)/sizeof(byte)));
if(ret == BAD_FUNC_ARG) {
ret = wc_Poly1305SetKey(&ctx, NULL, (word32)(sizeof(key)/sizeof(byte)));
}
if (ret == BAD_FUNC_ARG) {
ret = wc_Poly1305SetKey(&ctx, key, 18);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Poly1305_SetKey() */
/*
* Testing wc_Chacha_Process()
*/
static int test_wc_Chacha_Process (void)
{
int ret = 0;
#ifdef HAVE_CHACHA
ChaCha enc, dec;
byte cipher[128];
byte plain[128];
const byte key[] =
{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
};
const char* input = "Everybody gets Friday off.";
word32 keySz = sizeof(key)/sizeof(byte);
unsigned long int inlen = XSTRLEN(input);
/*Initialize stack varialbes.*/
XMEMSET(cipher, 0, 128);
XMEMSET(plain, 0, 128);
printf(testingFmt, "wc_Chacha_Process()");
ret = wc_Chacha_SetKey(&enc, key, keySz);
AssertIntEQ(ret, 0);
ret = wc_Chacha_SetKey(&dec, key, keySz);
AssertIntEQ(ret, 0);
ret = wc_Chacha_SetIV(&enc, cipher, 0);
AssertIntEQ(ret, 0);
ret = wc_Chacha_SetIV(&dec, cipher, 0);
AssertIntEQ(ret, 0);
ret = wc_Chacha_Process(&enc, cipher, (byte*)input, (word32)inlen);
AssertIntEQ(ret, 0);
ret = wc_Chacha_Process(&dec, plain, cipher, (word32)inlen);
AssertIntEQ(ret, 0);
ret = XMEMCMP(input, plain, (int)inlen);
AssertIntEQ(ret, 0);
#if !defined(USE_INTEL_CHACHA_SPEEDUP) && !defined(WOLFSSL_ARMASM)
/* test checking and using leftovers, currently just in C code */
ret = wc_Chacha_SetIV(&enc, cipher, 0);
AssertIntEQ(ret, 0);
ret = wc_Chacha_SetIV(&dec, cipher, 0);
AssertIntEQ(ret, 0);
ret = wc_Chacha_Process(&enc, cipher, (byte*)input, (word32)inlen - 2);
AssertIntEQ(ret, 0);
ret = wc_Chacha_Process(&enc, cipher + (inlen - 2),
(byte*)input + (inlen - 2), 2);
AssertIntEQ(ret, 0);
ret = wc_Chacha_Process(&dec, plain, (byte*)cipher, (word32)inlen - 2);
AssertIntEQ(ret, 0);
ret = wc_Chacha_Process(&dec, cipher + (inlen - 2),
(byte*)input + (inlen - 2), 2);
AssertIntEQ(ret, 0);
ret = XMEMCMP(input, plain, (int)inlen);
AssertIntEQ(ret, 0);
/* check edge cases with counter increment */
{
/* expected results collected from wolfSSL 4.3.0 encrypted in one call*/
const byte expected[] = {
0x54,0xB1,0xE2,0xD4,0xA2,0x4D,0x52,0x5F,
0x42,0x04,0x89,0x7C,0x6E,0x2D,0xFC,0x2D,
0x10,0x25,0xB6,0x92,0x71,0xD5,0xC3,0x20,
0xE3,0x0E,0xEC,0xF4,0xD8,0x10,0x70,0x29,
0x2D,0x4C,0x2A,0x56,0x21,0xE1,0xC7,0x37,
0x0B,0x86,0xF5,0x02,0x8C,0xB8,0xB8,0x38,
0x41,0xFD,0xDF,0xD9,0xC3,0xE6,0xC8,0x88,
0x06,0x82,0xD4,0x80,0x6A,0x50,0x69,0xD5,
0xB9,0xB0,0x2F,0x44,0x36,0x5D,0xDA,0x5E,
0xDE,0xF6,0xF5,0xFC,0x44,0xDC,0x07,0x51,
0xA7,0x32,0x42,0xDB,0xCC,0xBD,0xE2,0xE5,
0x0B,0xB1,0x14,0xFF,0x12,0x80,0x16,0x43,
0xE7,0x40,0xD5,0xEA,0xC7,0x3F,0x69,0x07,
0x64,0xD4,0x86,0x6C,0xE2,0x1F,0x8F,0x6E,
0x35,0x41,0xE7,0xD3,0xB5,0x5D,0xD6,0xD4,
0x9F,0x00,0xA9,0xAE,0x3D,0x28,0xA5,0x37,
0x80,0x3D,0x11,0x25,0xE2,0xB6,0x99,0xD9,
0x9B,0x98,0xE9,0x37,0xB9,0xF8,0xA0,0x04,
0xDF,0x13,0x49,0x3F,0x19,0x6A,0x45,0x06,
0x21,0xB4,0xC7,0x3B,0x49,0x45,0xB4,0xC8,
0x03,0x5B,0x43,0x89,0xBD,0xB3,0x96,0x4B,
0x17,0x6F,0x85,0xC6,0xCF,0xA6,0x05,0x35,
0x1E,0x25,0x03,0xBB,0x55,0x0A,0xD5,0x54,
0x41,0xEA,0xEB,0x50,0x40,0x1B,0x43,0x19,
0x59,0x1B,0x0E,0x12,0x3E,0xA2,0x71,0xC3,
0x1A,0xA7,0x11,0x50,0x43,0x9D,0x56,0x3B,
0x63,0x2F,0x63,0xF1,0x8D,0xAE,0xF3,0x23,
0xFA,0x1E,0xD8,0x6A,0xE1,0xB2,0x4B,0xF3,
0xB9,0x13,0x7A,0x72,0x2B,0x6D,0xCC,0x41,
0x1C,0x69,0x7C,0xCD,0x43,0x6F,0xE4,0xE2,
0x38,0x99,0xFB,0xC3,0x38,0x92,0x62,0x35,
0xC0,0x1D,0x60,0xE4,0x4B,0xDD,0x0C,0x14
};
const byte iv2[] = {
0x9D,0xED,0xE7,0x0F,0xEC,0x81,0x51,0xD9,
0x77,0x39,0x71,0xA6,0x21,0xDF,0xB8,0x93
};
byte input2[256];
int i;
for (i = 0; i < 256; i++)
input2[i] = i;
ret = wc_Chacha_SetIV(&enc, iv2, 0);
AssertIntEQ(ret, 0);
ret = wc_Chacha_Process(&enc, cipher, input2, 64);
AssertIntEQ(ret, 0);
AssertIntEQ(XMEMCMP(expected, cipher, 64), 0);
ret = wc_Chacha_Process(&enc, cipher, input2 + 64, 128);
AssertIntEQ(ret, 0);
AssertIntEQ(XMEMCMP(expected + 64, cipher, 128), 0);
/* partial */
ret = wc_Chacha_Process(&enc, cipher, input2 + 192, 32);
AssertIntEQ(ret, 0);
AssertIntEQ(XMEMCMP(expected + 192, cipher, 32), 0);
ret = wc_Chacha_Process(&enc, cipher, input2 + 224, 32);
AssertIntEQ(ret, 0);
AssertIntEQ(XMEMCMP(expected + 224, cipher, 32), 0);
}
#endif
/* Test bad args. */
ret = wc_Chacha_Process(NULL, cipher, (byte*)input, (word32)inlen);
AssertIntEQ(ret, BAD_FUNC_ARG);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Chacha_Process */
/*
* Testing wc_ChaCha20Poly1305_Encrypt() and wc_ChaCha20Poly1305_Decrypt()
*/
static int test_wc_ChaCha20Poly1305_aead (void)
{
int ret = 0;
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
const byte key[] = {
0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
};
const byte plaintext[] = {
0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61,
0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c,
0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73,
0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39,
0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66,
0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f,
0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20,
0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75,
0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f,
0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69,
0x74, 0x2e
};
const byte iv[] = {
0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43,
0x44, 0x45, 0x46, 0x47
};
const byte aad[] = { /* additional data */
0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3,
0xc4, 0xc5, 0xc6, 0xc7
};
const byte cipher[] = { /* expected output from operation */
0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb,
0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2,
0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6,
0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12,
0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29,
0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36,
0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58,
0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94,
0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d,
0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b,
0x61, 0x16
};
const byte authTag[] = { /* expected output from operation */
0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a,
0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91
};
byte generatedCiphertext[272];
byte generatedPlaintext[272];
byte generatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
/* Initialize stack variables. */
XMEMSET(generatedCiphertext, 0, 272);
XMEMSET(generatedPlaintext, 0, 272);
/* Test Encrypt */
printf(testingFmt, "wc_ChaCha20Poly1305_Encrypt()");
ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), plaintext,
sizeof(plaintext), generatedCiphertext, generatedAuthTag);
AssertIntEQ(ret, 0);
ret = XMEMCMP(generatedCiphertext, cipher, sizeof(cipher)/sizeof(byte));
AssertIntEQ(ret, 0);
/* Test bad args. */
ret = wc_ChaCha20Poly1305_Encrypt(NULL, iv, aad, sizeof(aad), plaintext,
sizeof(plaintext), generatedCiphertext, generatedAuthTag);
AssertIntEQ(ret, BAD_FUNC_ARG);
ret = wc_ChaCha20Poly1305_Encrypt(key, NULL, aad, sizeof(aad),
plaintext, sizeof(plaintext),
generatedCiphertext, generatedAuthTag);
AssertIntEQ(ret, BAD_FUNC_ARG);
ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), NULL,
sizeof(plaintext), generatedCiphertext, generatedAuthTag);
AssertIntEQ(ret, BAD_FUNC_ARG);
ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
plaintext, 0, generatedCiphertext, generatedAuthTag);
AssertIntEQ(ret, BAD_FUNC_ARG);
ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
plaintext, sizeof(plaintext), NULL, generatedAuthTag);
AssertIntEQ(ret, BAD_FUNC_ARG);
ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
plaintext, sizeof(plaintext), generatedCiphertext, NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
printf(resultFmt, ret == 0 ? passed : failed);
if (ret != 0) {
return ret;
}
printf(testingFmt, "wc_ChaCha20Poly1305_Decrypt()");
ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
sizeof(cipher), authTag, generatedPlaintext);
AssertIntEQ(ret, 0);
ret = XMEMCMP(generatedPlaintext, plaintext,
sizeof(plaintext)/sizeof(byte));
AssertIntEQ(ret, 0);
/* Test bad args. */
ret = wc_ChaCha20Poly1305_Decrypt(NULL, iv, aad, sizeof(aad), cipher,
sizeof(cipher), authTag, generatedPlaintext);
AssertIntEQ(ret, BAD_FUNC_ARG);
ret = wc_ChaCha20Poly1305_Decrypt(key, NULL, aad, sizeof(aad),
cipher, sizeof(cipher), authTag, generatedPlaintext);
AssertIntEQ(ret, BAD_FUNC_ARG);
ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), NULL,
sizeof(cipher), authTag, generatedPlaintext);
AssertIntEQ(ret, BAD_FUNC_ARG);
ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
sizeof(cipher), NULL, generatedPlaintext);
AssertIntEQ(ret, BAD_FUNC_ARG);
ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
sizeof(cipher), authTag, NULL);
AssertIntEQ(ret, BAD_FUNC_ARG);
ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
0, authTag, generatedPlaintext);
AssertIntEQ(ret, BAD_FUNC_ARG);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test-wc_ChaCha20Poly1305_EncryptDecrypt */
/*
* Testing function for wc_Rc2SetKey().
*/
static int test_wc_Rc2SetKey(void)
{
int ret = 0;
#ifdef WC_RC2
Rc2 rc2;
byte key40[] = { 0x01, 0x02, 0x03, 0x04, 0x05 };
byte iv[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
printf(testingFmt, "wc_Rc2SetKey()");
/* valid key and IV */
ret = wc_Rc2SetKey(&rc2, key40, (word32) sizeof(key40) / sizeof(byte),
iv, 40);
if (ret == 0) {
/* valid key, no IV */
ret = wc_Rc2SetKey(&rc2, key40, (word32) sizeof(key40) / sizeof(byte),
NULL, 40);
}
/* bad arguments */
if (ret == 0) {
/* null Rc2 struct */
ret = wc_Rc2SetKey(NULL, key40, (word32) sizeof(key40) / sizeof(byte),
iv, 40);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
/* null key */
ret = wc_Rc2SetKey(&rc2, NULL, (word32) sizeof(key40) / sizeof(byte),
iv, 40);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
/* key size == 0 */
ret = wc_Rc2SetKey(&rc2, key40, 0, iv, 40);
if (ret == WC_KEY_SIZE_E) {
ret = 0;
}
}
if (ret == 0) {
/* key size > 128 */
ret = wc_Rc2SetKey(&rc2, key40, 129, iv, 40);
if (ret == WC_KEY_SIZE_E) {
ret = 0;
}
}
if (ret == 0) {
/* effective bits == 0 */
ret = wc_Rc2SetKey(&rc2, key40, (word32)sizeof(key40) / sizeof(byte),
iv, 0);
if (ret == WC_KEY_SIZE_E) {
ret = 0;
}
}
if (ret == 0) {
/* effective bits > 1024 */
ret = wc_Rc2SetKey(&rc2, key40, (word32)sizeof(key40) / sizeof(byte),
iv, 1025);
if (ret == WC_KEY_SIZE_E) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Rc2SetKey */
/*
* Testing function for wc_Rc2SetIV().
*/
static int test_wc_Rc2SetIV(void)
{
int ret = 0;
#ifdef WC_RC2
Rc2 rc2;
byte iv[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
printf(testingFmt, "wc_Rc2SetIV()");
/* valid IV */
ret = wc_Rc2SetIV(&rc2, iv);
if (ret == 0) {
/* valid NULL IV */
ret = wc_Rc2SetIV(&rc2, NULL);
}
/* bad arguments */
if (ret == 0) {
ret = wc_Rc2SetIV(NULL, iv);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Rc2SetKey */
/*
* Testing function for wc_Rc2EcbEncrypt().
*/
static int test_wc_Rc2EcbEncryptDecrypt(void)
{
int ret = 0;
#ifdef WC_RC2
Rc2 rc2;
int effectiveKeyBits = 63;
byte cipher[RC2_BLOCK_SIZE];
byte plain[RC2_BLOCK_SIZE];
byte key[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
byte input[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
byte output[] = { 0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff };
printf(testingFmt, "wc_Rc2EcbEncryptDecrypt()");
XMEMSET(cipher, 0, sizeof(cipher));
XMEMSET(plain, 0, sizeof(plain));
ret = wc_Rc2SetKey(&rc2, key, (word32) sizeof(key) / sizeof(byte),
NULL, effectiveKeyBits);
if (ret == 0) {
ret = wc_Rc2EcbEncrypt(&rc2, cipher, input, RC2_BLOCK_SIZE);
if (ret != 0 || XMEMCMP(cipher, output, RC2_BLOCK_SIZE) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
ret = wc_Rc2EcbDecrypt(&rc2, plain, cipher, RC2_BLOCK_SIZE);
if (ret != 0 || XMEMCMP(plain, input, RC2_BLOCK_SIZE) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
/* Rc2EcbEncrypt bad arguments */
if (ret == 0) {
/* null Rc2 struct */
ret = wc_Rc2EcbEncrypt(NULL, cipher, input, RC2_BLOCK_SIZE);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
/* null out buffer */
ret = wc_Rc2EcbEncrypt(&rc2, NULL, input, RC2_BLOCK_SIZE);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
/* null input buffer */
ret = wc_Rc2EcbEncrypt(&rc2, cipher, NULL, RC2_BLOCK_SIZE);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
/* output buffer sz != RC2_BLOCK_SIZE (8) */
ret = wc_Rc2EcbEncrypt(&rc2, cipher, input, 7);
if (ret == BUFFER_E) {
ret = 0;
}
}
/* Rc2EcbDecrypt bad arguments */
if (ret == 0) {
/* null Rc2 struct */
ret = wc_Rc2EcbDecrypt(NULL, plain, output, RC2_BLOCK_SIZE);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
/* null out buffer */
ret = wc_Rc2EcbDecrypt(&rc2, NULL, output, RC2_BLOCK_SIZE);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
/* null input buffer */
ret = wc_Rc2EcbDecrypt(&rc2, plain, NULL, RC2_BLOCK_SIZE);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
/* output buffer sz != RC2_BLOCK_SIZE (8) */
ret = wc_Rc2EcbDecrypt(&rc2, plain, output, 7);
if (ret == BUFFER_E) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Rc2SetKey */
/*
* Testing function for wc_Rc2CbcEncrypt().
*/
static int test_wc_Rc2CbcEncryptDecrypt(void)
{
int ret = 0;
#ifdef WC_RC2
Rc2 rc2;
int effectiveKeyBits = 63;
byte cipher[RC2_BLOCK_SIZE*2];
byte plain[RC2_BLOCK_SIZE*2];
/* vector taken from test.c */
byte key[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
byte iv[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
byte input[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
byte output[] = {
0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff,
0xf0, 0x51, 0x77, 0x8b, 0x65, 0xdb, 0x13, 0x57
};
printf(testingFmt, "wc_Rc2CbcEncryptDecrypt()");
XMEMSET(cipher, 0, sizeof(cipher));
XMEMSET(plain, 0, sizeof(plain));
ret = wc_Rc2SetKey(&rc2, key, (word32) sizeof(key) / sizeof(byte),
iv, effectiveKeyBits);
if (ret == 0) {
ret = wc_Rc2CbcEncrypt(&rc2, cipher, input, sizeof(input));
if (ret != 0 || XMEMCMP(cipher, output, sizeof(output)) != 0) {
ret = WOLFSSL_FATAL_ERROR;
} else {
/* reset IV for decrypt */
ret = wc_Rc2SetIV(&rc2, iv);
}
if (ret == 0) {
ret = wc_Rc2CbcDecrypt(&rc2, plain, cipher, sizeof(cipher));
if (ret != 0 || XMEMCMP(plain, input, sizeof(input)) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
/* Rc2CbcEncrypt bad arguments */
if (ret == 0) {
/* null Rc2 struct */
ret = wc_Rc2CbcEncrypt(NULL, cipher, input, sizeof(input));
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
/* null out buffer */
ret = wc_Rc2CbcEncrypt(&rc2, NULL, input, sizeof(input));
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
/* null input buffer */
ret = wc_Rc2CbcEncrypt(&rc2, cipher, NULL, sizeof(input));
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
/* Rc2CbcDecrypt bad arguments */
if (ret == 0) {
/* in size is 0 */
ret = wc_Rc2CbcDecrypt(&rc2, plain, output, 0);
if (ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (ret == 0) {
/* null Rc2 struct */
ret = wc_Rc2CbcDecrypt(NULL, plain, output, sizeof(output));
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
/* null out buffer */
ret = wc_Rc2CbcDecrypt(&rc2, NULL, output, sizeof(output));
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
/* null input buffer */
ret = wc_Rc2CbcDecrypt(&rc2, plain, NULL, sizeof(output));
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Rc2SetKey */
/*
* Testing function for wc_AesSetIV
*/
static int test_wc_AesSetIV (void)
{
int ret = 0;
#if !defined(NO_AES) && defined(WOLFSSL_AES_128)
Aes aes;
byte key16[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
};
byte iv1[] = "1234567890abcdef";
byte iv2[] = "0987654321fedcba";
printf(testingFmt, "wc_AesSetIV()");
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
ret = wc_AesSetKey(&aes, key16, (word32) sizeof(key16) / sizeof(byte),
iv1, AES_ENCRYPTION);
if(ret == 0) {
ret = wc_AesSetIV(&aes, iv2);
}
/* Test bad args. */
if(ret == 0) {
ret = wc_AesSetIV(NULL, iv1);
if(ret == BAD_FUNC_ARG) {
/* NULL iv should return 0. */
ret = wc_AesSetIV(&aes, NULL);
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_AesFree(&aes);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* test_wc_AesSetIV */
/*
* Testing function for wc_AesSetKey().
*/
static int test_wc_AesSetKey (void)
{
int ret = 0;
#ifndef NO_AES
Aes aes;
byte key16[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
};
#ifdef WOLFSSL_AES_192
byte key24[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
};
#endif
#ifdef WOLFSSL_AES_256
byte key32[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
};
#endif
byte badKey16[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
};
byte iv[] = "1234567890abcdef";
printf(testingFmt, "wc_AesSetKey()");
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
#ifdef WOLFSSL_AES_128
ret = wc_AesSetKey(&aes, key16, (word32) sizeof(key16) / sizeof(byte),
iv, AES_ENCRYPTION);
#endif
#ifdef WOLFSSL_AES_192
if (ret == 0) {
ret = wc_AesSetKey (&aes, key24, (word32) sizeof(key24) / sizeof(byte),
iv, AES_ENCRYPTION);
}
#endif
#ifdef WOLFSSL_AES_256
if (ret == 0) {
ret = wc_AesSetKey (&aes, key32, (word32) sizeof(key32) / sizeof(byte),
iv, AES_ENCRYPTION);
}
#endif
/* Pass in bad args. */
if (ret == 0) {
ret = wc_AesSetKey (NULL, key16, (word32) sizeof(key16) / sizeof(byte),
iv, AES_ENCRYPTION);
if (ret == BAD_FUNC_ARG) {
ret = wc_AesSetKey(&aes, badKey16,
(word32) sizeof(badKey16) / sizeof(byte),
iv, AES_ENCRYPTION);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_AesFree(&aes);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_AesSetKey */
/*
* test function for wc_AesCbcEncrypt(), wc_AesCbcDecrypt(),
* and wc_AesCbcDecryptWithKey()
*/
static int test_wc_AesCbcEncryptDecrypt (void)
{
int ret = 0;
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_DECRYPT)&& \
defined(WOLFSSL_AES_256)
Aes aes;
byte key32[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
};
byte vector[] = /* Now is the time for all good men w/o trailing 0 */
{
0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20,
0x67,0x6f,0x6f,0x64,0x20,0x6d,0x65,0x6e
};
byte iv[] = "1234567890abcdef";
byte enc[sizeof(vector)];
byte dec[sizeof(vector)];
int cbcE = WOLFSSL_FATAL_ERROR;
int cbcD = WOLFSSL_FATAL_ERROR;
int cbcDWK = WOLFSSL_FATAL_ERROR;
byte dec2[sizeof(vector)];
/* Init stack variables. */
XMEMSET(enc, 0, sizeof(enc));
XMEMSET(dec, 0, sizeof(vector));
XMEMSET(dec2, 0, sizeof(vector));
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
ret = wc_AesSetKey(&aes, key32, AES_BLOCK_SIZE * 2, iv, AES_ENCRYPTION);
if (ret == 0) {
ret = wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector));
if (ret == 0) {
/* Re init for decrypt and set flag. */
cbcE = 0;
wc_AesFree(&aes);
ret = wc_AesSetKey(&aes, key32, AES_BLOCK_SIZE * 2,
iv, AES_DECRYPTION);
}
if (ret == 0) {
ret = wc_AesCbcDecrypt(&aes, dec, enc, sizeof(vector));
if (ret != 0 || XMEMCMP(vector, dec, sizeof(vector)) != 0) {
ret = WOLFSSL_FATAL_ERROR;
} else {
/* Set flag. */
cbcD = 0;
}
}
}
/* If encrypt succeeds but cbc decrypt fails, we can still test. */
if (ret == 0 || cbcE == 0) {
ret = wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE,
key32, sizeof(key32)/sizeof(byte), iv);
if (ret == 0 || XMEMCMP(vector, dec2, AES_BLOCK_SIZE) == 0) {
cbcDWK = 0;
}
}
printf(testingFmt, "wc_AesCbcEncrypt()");
/* Pass in bad args */
if (cbcE == 0) {
cbcE = wc_AesCbcEncrypt(NULL, enc, vector, sizeof(vector));
if (cbcE == BAD_FUNC_ARG) {
cbcE = wc_AesCbcEncrypt(&aes, NULL, vector, sizeof(vector));
}
if (cbcE == BAD_FUNC_ARG) {
cbcE = wc_AesCbcEncrypt(&aes, enc, NULL, sizeof(vector));
}
if (cbcE == BAD_FUNC_ARG) {
cbcE = 0;
} else {
cbcE = WOLFSSL_FATAL_ERROR;
}
#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
if (cbcE == 0) {
cbcE = wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector) - 1);
}
if (cbcE == BAD_LENGTH_E) {
cbcE = 0;
} else {
cbcE = WOLFSSL_FATAL_ERROR;
}
#endif
}
if (cbcE == 0) {
#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
(HAVE_FIPS_VERSION == 2) && defined(WOLFSSL_AESNI)
printf("Zero length inputs not supported with AESNI in FIPS mode (v2),"
" skip test");
#else
/* Test passing in size of 0 */
XMEMSET(enc, 0, sizeof(enc));
cbcE = wc_AesCbcEncrypt(&aes, enc, vector, 0);
if (cbcE == 0) {
/* Check enc was not modified */
int i;
for (i = 0; i < (int)sizeof(enc); i++)
cbcE |= enc[i];
}
#endif
}
printf(resultFmt, cbcE == 0 ? passed : failed);
if (cbcE != 0) {
wc_AesFree(&aes);
return cbcE;
}
printf(testingFmt, "wc_AesCbcDecrypt()");
if (cbcD == 0) {
cbcD = wc_AesCbcDecrypt(NULL, dec, enc, AES_BLOCK_SIZE);
if (cbcD == BAD_FUNC_ARG) {
cbcD = wc_AesCbcDecrypt(&aes, NULL, enc, AES_BLOCK_SIZE);
}
if (cbcD == BAD_FUNC_ARG) {
cbcD = wc_AesCbcDecrypt(&aes, dec, NULL, AES_BLOCK_SIZE);
}
if (cbcD == BAD_FUNC_ARG) {
cbcD = wc_AesCbcDecrypt(&aes, dec, enc, AES_BLOCK_SIZE * 2 - 1);
}
#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
if (cbcD == BAD_LENGTH_E) {
cbcD = 0;
} else {
cbcD = WOLFSSL_FATAL_ERROR;
}
#else
if (cbcD == BAD_FUNC_ARG) {
cbcD = 0;
} else {
cbcD = WOLFSSL_FATAL_ERROR;
}
#endif
}
if (cbcD == 0) {
/* Test passing in size of 0 */
XMEMSET(dec, 0, sizeof(dec));
cbcD = wc_AesCbcDecrypt(&aes, dec, enc, 0);
if (cbcD == 0) {
/* Check dec was not modified */
int i;
for (i = 0; i < (int)sizeof(dec); i++)
cbcD |= dec[i];
}
}
printf(resultFmt, cbcD == 0 ? passed : failed);
if (cbcD != 0) {
wc_AesFree(&aes);
return cbcD;
}
printf(testingFmt, "wc_AesCbcDecryptWithKey()");
if (cbcDWK == 0) {
cbcDWK = wc_AesCbcDecryptWithKey(NULL, enc, AES_BLOCK_SIZE,
key32, sizeof(key32)/sizeof(byte), iv);
if (cbcDWK == BAD_FUNC_ARG) {
cbcDWK = wc_AesCbcDecryptWithKey(dec2, NULL, AES_BLOCK_SIZE,
key32, sizeof(key32)/sizeof(byte), iv);
}
if (cbcDWK == BAD_FUNC_ARG) {
cbcDWK = wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE,
NULL, sizeof(key32)/sizeof(byte), iv);
}
if (cbcDWK == BAD_FUNC_ARG) {
cbcDWK = wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE,
key32, sizeof(key32)/sizeof(byte), NULL);
}
if (cbcDWK == BAD_FUNC_ARG) {
cbcDWK = 0;
} else {
cbcDWK = WOLFSSL_FATAL_ERROR;
}
}
wc_AesFree(&aes);
printf(resultFmt, cbcDWK == 0 ? passed : failed);
if (cbcDWK != 0) {
return cbcDWK;
}
#endif
return ret;
} /* END test_wc_AesCbcEncryptDecrypt */
/*
* Testing wc_AesCtrEncrypt and wc_AesCtrDecrypt
*/
static int test_wc_AesCtrEncryptDecrypt (void)
{
int ret = 0;
#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256)
Aes aesEnc, aesDec;
byte key32[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
};
byte vector[] = /* Now is the time for all w/o trailing 0 */
{
0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
};
byte iv[] = "1234567890abcdef";
byte enc[AES_BLOCK_SIZE * 2];
byte dec[AES_BLOCK_SIZE * 2];
/* Init stack variables. */
XMEMSET(enc, 0, AES_BLOCK_SIZE * 2);
XMEMSET(dec, 0, AES_BLOCK_SIZE * 2);
printf(testingFmt, "wc_AesCtrEncrypt()");
ret = wc_AesInit(&aesEnc, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
ret = wc_AesInit(&aesDec, NULL, INVALID_DEVID);
if (ret != 0) {
wc_AesFree(&aesEnc);
return ret;
}
ret = wc_AesSetKey(&aesEnc, key32, AES_BLOCK_SIZE * 2,
iv, AES_ENCRYPTION);
if (ret == 0) {
ret = wc_AesCtrEncrypt(&aesEnc, enc, vector,
sizeof(vector)/sizeof(byte));
if (ret == 0) {
/* Decrypt with wc_AesCtrEncrypt() */
ret = wc_AesSetKey(&aesDec, key32, AES_BLOCK_SIZE * 2,
iv, AES_ENCRYPTION);
}
if (ret == 0) {
ret = wc_AesCtrEncrypt(&aesDec, dec, enc, sizeof(enc)/sizeof(byte));
if (ret != 0 || XMEMCMP(vector, dec, sizeof(vector))) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
/* Test bad args. */
if (ret == 0) {
ret = wc_AesCtrEncrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte));
if (ret == BAD_FUNC_ARG) {
ret = wc_AesCtrEncrypt(&aesDec, NULL, enc, sizeof(enc)/sizeof(byte));
}
if (ret == BAD_FUNC_ARG) {
ret = wc_AesCtrEncrypt(&aesDec, dec, NULL, sizeof(enc)/sizeof(byte));
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_AesFree(&aesEnc);
wc_AesFree(&aesDec);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_AesCtrEncryptDecrypt */
/*
* test function for wc_AesGcmSetKey()
*/
static int test_wc_AesGcmSetKey (void)
{
int ret = 0;
#if !defined(NO_AES) && defined(HAVE_AESGCM)
Aes aes;
#ifdef WOLFSSL_AES_128
byte key16[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
};
#endif
#ifdef WOLFSSL_AES_192
byte key24[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
};
#endif
#ifdef WOLFSSL_AES_256
byte key32[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
};
#endif
byte badKey16[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
};
byte badKey24[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36
};
byte badKey32[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x37, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
};
printf(testingFmt, "wc_AesGcmSetKey()");
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
#ifdef WOLFSSL_AES_128
ret = wc_AesGcmSetKey(&aes, key16, sizeof(key16)/sizeof(byte));
#endif
#ifdef WOLFSSL_AES_192
if (ret == 0) {
ret = wc_AesGcmSetKey(&aes, key24, sizeof(key24)/sizeof(byte));
}
#endif
#ifdef WOLFSSL_AES_256
if (ret == 0) {
ret = wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte));
}
#endif
/* Pass in bad args. */
if (ret == 0) {
ret = wc_AesGcmSetKey(&aes, badKey16, sizeof(badKey16)/sizeof(byte));
if (ret == BAD_FUNC_ARG) {
ret = wc_AesGcmSetKey(&aes, badKey24, sizeof(badKey24)/sizeof(byte));
}
if (ret == BAD_FUNC_ARG) {
ret = wc_AesGcmSetKey(&aes, badKey32, sizeof(badKey32)/sizeof(byte));
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_AesFree(&aes);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_AesGcmSetKey */
/*
* test function for wc_AesGcmEncrypt and wc_AesGcmDecrypt
*/
static int test_wc_AesGcmEncryptDecrypt (void)
{
int ret = 0;
/* WOLFSSL_AFALG requires 12 byte IV */
#if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(WOLFSSL_AES_256) && \
!defined(WOLFSSL_AFALG) && !defined(WOLFSSL_DEVCRYPTO_AES)
Aes aes;
byte key32[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
};
byte vector[] = /* Now is the time for all w/o trailing 0 */
{
0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
};
const byte a[] =
{
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xab, 0xad, 0xda, 0xd2
};
byte iv[] = "1234567890a";
byte longIV[] = "1234567890abcdefghij";
byte enc[sizeof(vector)];
byte resultT[AES_BLOCK_SIZE];
byte dec[sizeof(vector)];
int gcmD = WOLFSSL_FATAL_ERROR;
int gcmE = WOLFSSL_FATAL_ERROR;
/* Init stack variables. */
XMEMSET(enc, 0, sizeof(vector));
XMEMSET(dec, 0, sizeof(vector));
XMEMSET(resultT, 0, AES_BLOCK_SIZE);
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
ret = wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte));
if (ret == 0) {
gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector),
iv, sizeof(iv)/sizeof(byte), resultT,
sizeof(resultT), a, sizeof(a));
}
if (gcmE == 0) { /* If encrypt fails, no decrypt. */
gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(vector),
iv, sizeof(iv)/sizeof(byte), resultT,
sizeof(resultT), a, sizeof(a));
if(gcmD == 0 && (XMEMCMP(vector, dec, sizeof(vector)) != 0)) {
gcmD = WOLFSSL_FATAL_ERROR;
}
}
printf(testingFmt, "wc_AesGcmEncrypt()");
/*Test bad args for wc_AesGcmEncrypt and wc_AesGcmDecrypt */
if (gcmE == 0) {
gcmE = wc_AesGcmEncrypt(NULL, enc, vector, sizeof(vector),
iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT),
a, sizeof(a));
if (gcmE == BAD_FUNC_ARG) {
gcmE = wc_AesGcmEncrypt(&aes, enc, vector,
sizeof(vector), iv, sizeof(iv)/sizeof(byte),
resultT, sizeof(resultT) + 1, a, sizeof(a));
}
if (gcmE == BAD_FUNC_ARG) {
gcmE = wc_AesGcmEncrypt(&aes, enc, vector,
sizeof(vector), iv, sizeof(iv)/sizeof(byte),
resultT, sizeof(resultT) - 5, a, sizeof(a));
}
#if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
(HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST) || \
defined(WOLFSSL_AES_GCM_FIXED_IV_AAD)
/* FIPS does not check the lower bound of ivSz */
#else
if (gcmE == BAD_FUNC_ARG) {
gcmE = wc_AesGcmEncrypt(&aes, enc, vector,
sizeof(vector), iv, 0,
resultT, sizeof(resultT), a, sizeof(a));
}
#endif
if (gcmE == BAD_FUNC_ARG) {
gcmE = 0;
} else {
gcmE = WOLFSSL_FATAL_ERROR;
}
}
/* This case is now considered good. Long IVs are now allowed.
* Except for the original FIPS release, it still has an upper
* bound on the IV length. */
#if (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \
!defined(WOLFSSL_AES_GCM_FIXED_IV_AAD)
if (gcmE == 0) {
gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), longIV,
sizeof(longIV)/sizeof(byte), resultT, sizeof(resultT),
a, sizeof(a));
}
#else
(void)longIV;
#endif /* Old FIPS */
/* END wc_AesGcmEncrypt */
printf(resultFmt, gcmE == 0 ? passed : failed);
if (gcmE != 0) {
wc_AesFree(&aes);
return gcmE;
}
#ifdef HAVE_AES_DECRYPT
printf(testingFmt, "wc_AesGcmDecrypt()");
if (gcmD == 0) {
gcmD = wc_AesGcmDecrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte),
iv, sizeof(iv)/sizeof(byte), resultT,
sizeof(resultT), a, sizeof(a));
if (gcmD == BAD_FUNC_ARG) {
gcmD = wc_AesGcmDecrypt(&aes, NULL, enc, sizeof(enc)/sizeof(byte),
iv, sizeof(iv)/sizeof(byte), resultT,
sizeof(resultT), a, sizeof(a));
}
if (gcmD == BAD_FUNC_ARG) {
gcmD = wc_AesGcmDecrypt(&aes, dec, NULL, sizeof(enc)/sizeof(byte),
iv, sizeof(iv)/sizeof(byte), resultT,
sizeof(resultT), a, sizeof(a));
}
if (gcmD == BAD_FUNC_ARG) {
gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
NULL, sizeof(iv)/sizeof(byte), resultT,
sizeof(resultT), a, sizeof(a));
}
if (gcmD == BAD_FUNC_ARG) {
gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
iv, sizeof(iv)/sizeof(byte), NULL,
sizeof(resultT), a, sizeof(a));
}
if (gcmD == BAD_FUNC_ARG) {
gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
iv, sizeof(iv)/sizeof(byte), resultT,
sizeof(resultT) + 1, a, sizeof(a));
}
#if ((defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
(HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST)) && \
!defined(WOLFSSL_AES_GCM_FIXED_IV_AAD)
/* FIPS does not check the lower bound of ivSz */
#else
if (gcmD == BAD_FUNC_ARG) {
gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
iv, 0, resultT,
sizeof(resultT), a, sizeof(a));
}
#endif
if (gcmD == BAD_FUNC_ARG) {
gcmD = 0;
} else {
gcmD = WOLFSSL_FATAL_ERROR;
}
} /* END wc_AesGcmDecrypt */
printf(resultFmt, gcmD == 0 ? passed : failed);
#endif /* HAVE_AES_DECRYPT */
wc_AesFree(&aes);
#endif
return ret;
} /* END test_wc_AesGcmEncryptDecrypt */
/*
* unit test for wc_GmacSetKey()
*/
static int test_wc_GmacSetKey (void)
{
int ret = 0;
#if !defined(NO_AES) && defined(HAVE_AESGCM)
Gmac gmac;
byte key16[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
};
#ifdef WOLFSSL_AES_192
byte key24[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
};
#endif
#ifdef WOLFSSL_AES_256
byte key32[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
};
#endif
byte badKey16[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x66
};
byte badKey24[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
};
byte badKey32[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
};
printf(testingFmt, "wc_GmacSetKey()");
ret = wc_AesInit(&gmac.aes, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
#ifdef WOLFSSL_AES_128
ret = wc_GmacSetKey(&gmac, key16, sizeof(key16)/sizeof(byte));
#endif
#ifdef WOLFSSL_AES_192
if (ret == 0) {
ret = wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte));
}
#endif
#ifdef WOLFSSL_AES_256
if (ret == 0) {
ret = wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte));
}
#endif
/* Pass in bad args. */
if (ret == 0) {
ret = wc_GmacSetKey(NULL, key16, sizeof(key16)/sizeof(byte));
if (ret == BAD_FUNC_ARG) {
ret = wc_GmacSetKey(&gmac, NULL, sizeof(key16)/sizeof(byte));
}
if (ret == BAD_FUNC_ARG) {
ret = wc_GmacSetKey(&gmac, badKey16, sizeof(badKey16)/sizeof(byte));
}
if (ret == BAD_FUNC_ARG) {
ret = wc_GmacSetKey(&gmac, badKey24, sizeof(badKey24)/sizeof(byte));
}
if (ret == BAD_FUNC_ARG) {
ret = wc_GmacSetKey(&gmac, badKey32, sizeof(badKey32)/sizeof(byte));
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_AesFree(&gmac.aes);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_GmacSetKey */
/*
* unit test for wc_GmacUpdate
*/
static int test_wc_GmacUpdate (void)
{
int ret = 0;
#if !defined(NO_AES) && defined(HAVE_AESGCM)
Gmac gmac;
#ifdef WOLFSSL_AES_128
const byte key16[] =
{
0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01,
0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8
};
#endif
#ifdef WOLFSSL_AES_192
byte key24[] =
{
0x41, 0xc5, 0xda, 0x86, 0x67, 0xef, 0x72, 0x52,
0x20, 0xff, 0xe3, 0x9a, 0xe0, 0xac, 0x59, 0x0a,
0xc9, 0xfc, 0xa7, 0x29, 0xab, 0x60, 0xad, 0xa0
};
#endif
#ifdef WOLFSSL_AES_256
byte key32[] =
{
0x78, 0xdc, 0x4e, 0x0a, 0xaf, 0x52, 0xd9, 0x35,
0xc3, 0xc0, 0x1e, 0xea, 0x57, 0x42, 0x8f, 0x00,
0xca, 0x1f, 0xd4, 0x75, 0xf5, 0xda, 0x86, 0xa4,
0x9c, 0x8d, 0xd7, 0x3d, 0x68, 0xc8, 0xe2, 0x23
};
#endif
#ifdef WOLFSSL_AES_128
const byte authIn[] =
{
0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9,
0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77
};
#endif
#ifdef WOLFSSL_AES_192
const byte authIn2[] =
{
0x8b, 0x5c, 0x12, 0x4b, 0xef, 0x6e, 0x2f, 0x0f,
0xe4, 0xd8, 0xc9, 0x5c, 0xd5, 0xfa, 0x4c, 0xf1
};
#endif
const byte authIn3[] =
{
0xb9, 0x6b, 0xaa, 0x8c, 0x1c, 0x75, 0xa6, 0x71,
0xbf, 0xb2, 0xd0, 0x8d, 0x06, 0xbe, 0x5f, 0x36
};
#ifdef WOLFSSL_AES_128
const byte tag1[] = /* Known. */
{
0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43,
0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b
};
#endif
#ifdef WOLFSSL_AES_192
const byte tag2[] = /* Known */
{
0x20, 0x4b, 0xdb, 0x1b, 0xd6, 0x21, 0x54, 0xbf,
0x08, 0x92, 0x2a, 0xaa, 0x54, 0xee, 0xd7, 0x05
};
#endif
const byte tag3[] = /* Known */
{
0x3e, 0x5d, 0x48, 0x6a, 0xa2, 0xe3, 0x0b, 0x22,
0xe0, 0x40, 0xb8, 0x57, 0x23, 0xa0, 0x6e, 0x76
};
#ifdef WOLFSSL_AES_128
const byte iv[] =
{
0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94,
0xe2, 0x8c, 0x8f, 0x16
};
#endif
#ifdef WOLFSSL_AES_192
const byte iv2[] =
{
0x05, 0xad, 0x13, 0xa5, 0xe2, 0xc2, 0xab, 0x66,
0x7e, 0x1a, 0x6f, 0xbc
};
#endif
const byte iv3[] =
{
0xd7, 0x9c, 0xf2, 0x2d, 0x50, 0x4c, 0xc7, 0x93,
0xc3, 0xfb, 0x6c, 0x8a
};
byte tagOut[16];
byte tagOut2[24];
byte tagOut3[32];
/* Init stack variables. */
XMEMSET(tagOut, 0, sizeof(tagOut));
XMEMSET(tagOut2, 0, sizeof(tagOut2));
XMEMSET(tagOut3, 0, sizeof(tagOut3));
printf(testingFmt, "wc_GmacUpdate()");
ret = wc_AesInit(&gmac.aes, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
#ifdef WOLFSSL_AES_128
ret = wc_GmacSetKey(&gmac, key16, sizeof(key16));
if (ret == 0) {
ret = wc_GmacUpdate(&gmac, iv, sizeof(iv), authIn, sizeof(authIn),
tagOut, sizeof(tag1));
if (ret == 0) {
ret = XMEMCMP(tag1, tagOut, sizeof(tag1));
}
wc_AesFree(&gmac.aes);
}
#endif
#ifdef WOLFSSL_AES_192
if (ret == 0) {
XMEMSET(&gmac, 0, sizeof(Gmac));
ret = wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte));
}
if (ret == 0) {
ret = wc_GmacUpdate(&gmac, iv2, sizeof(iv2), authIn2,
sizeof(authIn2), tagOut2, sizeof(tag2));
}
if (ret == 0) {
ret = XMEMCMP(tagOut2, tag2, sizeof(tag2));
wc_AesFree(&gmac.aes);
}
#endif
#ifdef WOLFSSL_AES_256
if (ret == 0) {
XMEMSET(&gmac, 0, sizeof(Gmac));
ret = wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte));
}
if (ret == 0) {
ret = wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3,
sizeof(authIn3), tagOut3, sizeof(tag3));
}
if (ret == 0) {
ret = XMEMCMP(tag3, tagOut3, sizeof(tag3));
}
#endif
/*Pass bad args. */
if (ret == 0) {
ret = wc_GmacUpdate(NULL, iv3, sizeof(iv3), authIn3,
sizeof(authIn3), tagOut3, sizeof(tag3));
if (ret == BAD_FUNC_ARG) {
ret = wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3,
sizeof(authIn3), tagOut3, sizeof(tag3) - 5);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3,
sizeof(authIn3), tagOut3, sizeof(tag3) + 1);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_AesFree(&gmac.aes);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_GmacUpdate */
/*
* testing wc_CamelliaSetKey
*/
static int test_wc_CamelliaSetKey (void)
{
int ret = 0;
#ifdef HAVE_CAMELLIA
Camellia camellia;
/*128-bit key*/
static const byte key16[] =
{
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
};
/* 192-bit key */
static const byte key24[] =
{
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
};
/* 256-bit key */
static const byte key32[] =
{
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
};
static const byte iv[] =
{
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
};
printf(testingFmt, "wc_CamelliaSetKey()");
ret = wc_CamelliaSetKey(&camellia, key16, (word32)sizeof(key16), iv);
if (ret == 0) {
ret = wc_CamelliaSetKey(&camellia, key16,
(word32)sizeof(key16), NULL);
if (ret == 0) {
ret = wc_CamelliaSetKey(&camellia, key24,
(word32)sizeof(key24), iv);
}
if (ret == 0) {
ret = wc_CamelliaSetKey(&camellia, key24,
(word32)sizeof(key24), NULL);
}
if (ret == 0) {
ret = wc_CamelliaSetKey(&camellia, key32,
(word32)sizeof(key32), iv);
}
if (ret == 0) {
ret = wc_CamelliaSetKey(&camellia, key32,
(word32)sizeof(key32), NULL);
}
}
/* Bad args. */
if (ret == 0) {
ret = wc_CamelliaSetKey(NULL, key32, (word32)sizeof(key32), iv);
if (ret != BAD_FUNC_ARG) {
ret = WOLFSSL_FATAL_ERROR;
} else {
ret = 0;
}
} /* END bad args. */
#endif
return ret;
} /* END test_wc_CammeliaSetKey */
/*
* Testing wc_CamelliaSetIV()
*/
static int test_wc_CamelliaSetIV (void)
{
int ret = 0;
#ifdef HAVE_CAMELLIA
Camellia camellia;
static const byte iv[] =
{
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
};
printf(testingFmt, "wc_CamelliaSetIV()");
ret = wc_CamelliaSetIV(&camellia, iv);
if (ret == 0) {
ret = wc_CamelliaSetIV(&camellia, NULL);
}
/* Bad args. */
if (ret == 0) {
ret = wc_CamelliaSetIV(NULL, NULL);
if (ret != BAD_FUNC_ARG) {
ret = WOLFSSL_FATAL_ERROR;
} else {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /*END test_wc_CamelliaSetIV*/
/*
* Test wc_CamelliaEncryptDirect and wc_CamelliaDecryptDirect
*/
static int test_wc_CamelliaEncryptDecryptDirect (void)
{
int ret = 0;
#ifdef HAVE_CAMELLIA
Camellia camellia;
static const byte key24[] =
{
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
};
static const byte iv[] =
{
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
};
static const byte plainT[] =
{
0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
};
byte enc[sizeof(plainT)];
byte dec[sizeof(enc)];
int camE = WOLFSSL_FATAL_ERROR;
int camD = WOLFSSL_FATAL_ERROR;
/*Init stack variables.*/
XMEMSET(enc, 0, 16);
XMEMSET(enc, 0, 16);
ret = wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), iv);
if (ret == 0) {
ret = wc_CamelliaEncryptDirect(&camellia, enc, plainT);
if (ret == 0) {
ret = wc_CamelliaDecryptDirect(&camellia, dec, enc);
if (XMEMCMP(plainT, dec, CAMELLIA_BLOCK_SIZE)) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
printf(testingFmt, "wc_CamelliaEncryptDirect()");
/* Pass bad args. */
if (ret == 0) {
camE = wc_CamelliaEncryptDirect(NULL, enc, plainT);
if (camE == BAD_FUNC_ARG) {
camE = wc_CamelliaEncryptDirect(&camellia, NULL, plainT);
}
if (camE == BAD_FUNC_ARG) {
camE = wc_CamelliaEncryptDirect(&camellia, enc, NULL);
}
if (camE == BAD_FUNC_ARG) {
camE = 0;
} else {
camE = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, camE == 0 ? passed : failed);
if (camE != 0) {
return camE;
}
printf(testingFmt, "wc_CamelliaDecryptDirect()");
if (ret == 0) {
camD = wc_CamelliaDecryptDirect(NULL, dec, enc);
if (camD == BAD_FUNC_ARG) {
camD = wc_CamelliaDecryptDirect(&camellia, NULL, enc);
}
if (camD == BAD_FUNC_ARG) {
camD = wc_CamelliaDecryptDirect(&camellia, dec, NULL);
}
if (camD == BAD_FUNC_ARG) {
camD = 0;
} else {
camD = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, camD == 0 ? passed : failed);
if (camD != 0) {
return camD;
}
#endif
return ret;
} /* END test-wc_CamelliaEncryptDecryptDirect */
/*
* Testing wc_CamelliaCbcEncrypt and wc_CamelliaCbcDecrypt
*/
static int test_wc_CamelliaCbcEncryptDecrypt (void)
{
int ret = 0;
#ifdef HAVE_CAMELLIA
Camellia camellia;
static const byte key24[] =
{
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
};
static const byte plainT[] =
{
0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
};
byte enc[CAMELLIA_BLOCK_SIZE];
byte dec[CAMELLIA_BLOCK_SIZE];
int camCbcE = WOLFSSL_FATAL_ERROR;
int camCbcD = WOLFSSL_FATAL_ERROR;
/* Init stack variables. */
XMEMSET(enc, 0, CAMELLIA_BLOCK_SIZE);
XMEMSET(enc, 0, CAMELLIA_BLOCK_SIZE);
ret = wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), NULL);
if (ret == 0) {
ret = wc_CamelliaCbcEncrypt(&camellia, enc, plainT, CAMELLIA_BLOCK_SIZE);
if (ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (ret == 0) {
ret = wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), NULL);
if (ret == 0) {
ret = wc_CamelliaCbcDecrypt(&camellia, dec, enc, CAMELLIA_BLOCK_SIZE);
if (XMEMCMP(plainT, dec, CAMELLIA_BLOCK_SIZE)) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
printf(testingFmt, "wc_CamelliaCbcEncrypt");
/* Pass in bad args. */
if (ret == 0) {
camCbcE = wc_CamelliaCbcEncrypt(NULL, enc, plainT, CAMELLIA_BLOCK_SIZE);
if (camCbcE == BAD_FUNC_ARG) {
camCbcE = wc_CamelliaCbcEncrypt(&camellia, NULL, plainT,
CAMELLIA_BLOCK_SIZE);
}
if (camCbcE == BAD_FUNC_ARG) {
camCbcE = wc_CamelliaCbcEncrypt(&camellia, enc, NULL,
CAMELLIA_BLOCK_SIZE);
}
if (camCbcE == BAD_FUNC_ARG) {
camCbcE = 0;
} else {
camCbcE = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, camCbcE == 0 ? passed : failed);
if (camCbcE != 0) {
return camCbcE;
}
printf(testingFmt, "wc_CamelliaCbcDecrypt()");
if (ret == 0) {
camCbcD = wc_CamelliaCbcDecrypt(NULL, dec, enc, CAMELLIA_BLOCK_SIZE);
if (camCbcD == BAD_FUNC_ARG) {
camCbcD = wc_CamelliaCbcDecrypt(&camellia, NULL, enc,
CAMELLIA_BLOCK_SIZE);
}
if (camCbcD == BAD_FUNC_ARG) {
camCbcD = wc_CamelliaCbcDecrypt(&camellia, dec, NULL,
CAMELLIA_BLOCK_SIZE);
}
if (camCbcD == BAD_FUNC_ARG) {
camCbcD = 0;
} else {
camCbcD = WOLFSSL_FATAL_ERROR;
}
} /* END bad args. */
printf(resultFmt, camCbcD == 0 ? passed : failed);
if (camCbcD != 0) {
return camCbcD;
}
#endif
return ret;
} /* END test_wc_CamelliaCbcEncryptDecrypt */
/*
* Testing wc_Arc4SetKey()
*/
static int test_wc_Arc4SetKey (void)
{
int ret = 0;
#ifndef NO_RC4
Arc4 arc;
const char* key = "\x01\x23\x45\x67\x89\xab\xcd\xef";
int keyLen = 8;
printf(testingFmt, "wc_Arch4SetKey()");
ret = wc_Arc4SetKey(&arc, (byte*)key, keyLen);
/* Test bad args. */
if (ret == 0) {
ret = wc_Arc4SetKey(NULL, (byte*)key, keyLen);
if (ret == BAD_FUNC_ARG)
ret = wc_Arc4SetKey(&arc, NULL, keyLen); /* NULL key */
if (ret == BAD_FUNC_ARG)
ret = wc_Arc4SetKey(&arc, (byte*)key, 0); /* length == 0 */
if (ret == BAD_FUNC_ARG)
ret = WOLFSSL_ERROR_NONE;
else
ret = WOLFSSL_FATAL_ERROR;
} /* END test bad args. */
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_Arc4SetKey */
/*
* Testing wc_Arc4Process for ENC/DEC.
*/
static int test_wc_Arc4Process (void)
{
int ret = 0;
#ifndef NO_RC4
Arc4 enc, dec;
const char* key = "\x01\x23\x45\x67\x89\xab\xcd\xef";
int keyLen = 8;
const char* input = "\x01\x23\x45\x67\x89\xab\xcd\xef";
byte cipher[8];
byte plain[8];
/* Init stack variables */
XMEMSET(cipher, 0, sizeof(cipher));
XMEMSET(plain, 0, sizeof(plain));
/* Use for async. */
ret = wc_Arc4Init(&enc, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_Arc4Init(&dec, NULL, INVALID_DEVID);
}
printf(testingFmt, "wc_Arc4Process()");
if (ret == 0) {
ret = wc_Arc4SetKey(&enc, (byte*)key, keyLen);
}
if (ret == 0) {
ret = wc_Arc4SetKey(&dec, (byte*)key, keyLen);
}
if (ret == 0) {
ret = wc_Arc4Process(&enc, cipher, (byte*)input, keyLen);
}
if (ret == 0) {
ret = wc_Arc4Process(&dec, plain, cipher, keyLen);
if (ret != 0 || XMEMCMP(plain, input, keyLen)) {
ret = WOLFSSL_FATAL_ERROR;
} else {
ret = 0;
}
}
/* Bad args. */
if (ret == 0) {
ret = wc_Arc4Process(NULL, plain, cipher, keyLen);
if (ret == BAD_FUNC_ARG) {
ret = wc_Arc4Process(&dec, NULL, cipher, keyLen);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_Arc4Process(&dec, plain, NULL, keyLen);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_Arc4Free(&enc);
wc_Arc4Free(&dec);
#endif
return ret;
}/* END test_wc_Arc4Process */
/*
* Testing wc_Init RsaKey()
*/
static int test_wc_InitRsaKey (void)
{
int ret = 0;
#ifndef NO_RSA
RsaKey key;
printf(testingFmt, "wc_InitRsaKey()");
ret = wc_InitRsaKey(&key, NULL);
/* Test bad args. */
if (ret == 0) {
ret = wc_InitRsaKey(NULL, NULL);
#ifndef HAVE_USER_RSA
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
#else
if (ret == USER_CRYPTO_ERROR) {
ret = 0;
} else {
#endif
ret = WOLFSSL_FATAL_ERROR;
}
} /* end if */
if (wc_FreeRsaKey(&key) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_InitRsaKey */
/*
* Testing wc_RsaPrivateKeyDecode()
*/
static int test_wc_RsaPrivateKeyDecode (void)
{
int ret = 0;
#if !defined(NO_RSA) && (defined(USE_CERT_BUFFERS_1024)\
|| defined(USE_CERT_BUFFERS_2048)) && !defined(HAVE_FIPS)
RsaKey key;
byte* tmp;
word32 idx = 0;
int bytes = 0;
printf(testingFmt, "wc_RsaPrivateKeyDecode()");
tmp = (byte*)XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp == NULL) {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
ret = wc_InitRsaKey(&key, NULL);
}
if (ret == 0) {
#ifdef USE_CERT_BUFFERS_1024
XMEMCPY(tmp, client_key_der_1024, sizeof_client_key_der_1024);
bytes = sizeof_client_key_der_1024;
#else
XMEMCPY(tmp, client_key_der_2048, sizeof_client_key_der_2048);
bytes = sizeof_client_key_der_2048;
#endif /* Use cert buffers. */
ret = wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes);
}
#ifndef HAVE_USER_RSA
/* Test bad args. */
if (ret == 0) {
ret = wc_RsaPrivateKeyDecode(NULL, &idx, &key, (word32)bytes);
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaPrivateKeyDecode(tmp, NULL, &key, (word32)bytes);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaPrivateKeyDecode(tmp, &idx, NULL, (word32)bytes);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#else
/* Test bad args. User RSA. */
if (ret == 0) {
ret = wc_RsaPrivateKeyDecode(NULL, &idx, &key, (word32)bytes);
if (ret == USER_CRYPTO_ERROR) {
ret = wc_RsaPrivateKeyDecode(tmp, NULL, &key, (word32)bytes);
}
if (ret == USER_CRYPTO_ERROR) {
ret = wc_RsaPrivateKeyDecode(tmp, &idx, NULL, (word32)bytes);
}
if (ret == USER_CRYPTO_ERROR) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#endif
if (tmp != NULL) {
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
if (wc_FreeRsaKey(&key) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_RsaPrivateKeyDecode */
/*
* Testing wc_RsaPublicKeyDecode()
*/
static int test_wc_RsaPublicKeyDecode (void)
{
int ret = 0;
#if !defined(NO_RSA) && (defined(USE_CERT_BUFFERS_1024)\
|| defined(USE_CERT_BUFFERS_2048)) && !defined(HAVE_FIPS)
RsaKey keyPub;
byte* tmp;
word32 idx = 0;
int bytes = 0;
word32 keySz = 0;
word32 tstKeySz = 0;
tmp = (byte*)XMALLOC(GEN_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp == NULL) {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
ret = wc_InitRsaKey(&keyPub, NULL);
}
if (ret == 0) {
#ifdef USE_CERT_BUFFERS_1024
XMEMCPY(tmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
bytes = sizeof_client_keypub_der_1024;
keySz = 1024;
#else
XMEMCPY(tmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
bytes = sizeof_client_keypub_der_2048;
keySz = 2048;
#endif
printf(testingFmt, "wc_RsaPublicKeyDecode()");
ret = wc_RsaPublicKeyDecode(tmp, &idx, &keyPub, (word32)bytes);
}
#ifndef HAVE_USER_RSA
/* Pass in bad args. */
if (ret == 0) {
ret = wc_RsaPublicKeyDecode(NULL, &idx, &keyPub, (word32)bytes);
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaPublicKeyDecode(tmp, NULL, &keyPub, (word32)bytes);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaPublicKeyDecode(tmp, &idx, NULL, (word32)bytes);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#else
/* Pass in bad args. */
if (ret == 0) {
ret = wc_RsaPublicKeyDecode(NULL, &idx, &keyPub, (word32)bytes);
if (ret == USER_CRYPTO_ERROR) {
ret = wc_RsaPublicKeyDecode(tmp, NULL, &keyPub, (word32)bytes);
}
if (ret == USER_CRYPTO_ERROR) {
ret = wc_RsaPublicKeyDecode(tmp, &idx, NULL, (word32)bytes);
}
if (ret == USER_CRYPTO_ERROR) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#endif
if (wc_FreeRsaKey(&keyPub) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
/* Test for getting modulus key size */
idx = 0;
ret = wc_RsaPublicKeyDecode_ex(tmp, &idx, (word32)bytes, NULL,
&tstKeySz, NULL, NULL);
ret = (ret == 0 && tstKeySz == keySz/8) ? 0 : WOLFSSL_FATAL_ERROR;
}
if (tmp != NULL) {
XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_RsaPublicKeyDecode */
/*
* Testing wc_RsaPublicKeyDecodeRaw()
*/
static int test_wc_RsaPublicKeyDecodeRaw (void)
{
int ret = 0;
#if !defined(NO_RSA)
RsaKey key;
const byte n = 0x23;
const byte e = 0x03;
int nSz = sizeof(n);
int eSz = sizeof(e);
printf(testingFmt, "wc_RsaPublicKeyDecodeRaw()");
ret = wc_InitRsaKey(&key, NULL);
if (ret == 0) {
ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, &key);
}
#ifndef HAVE_USER_RSA
/* Pass in bad args. */
if (ret == 0) {
ret = wc_RsaPublicKeyDecodeRaw(NULL, nSz, &e, eSz, &key);
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, NULL, eSz, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#else
/* Pass in bad args. User RSA. */
if (ret == 0) {
ret = wc_RsaPublicKeyDecodeRaw(NULL, nSz, &e, eSz, &key);
if (ret == USER_CRYPTO_ERROR) {
ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, NULL, eSz, &key);
}
if (ret == USER_CRYPTO_ERROR) {
ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, NULL);
}
if (ret == USER_CRYPTO_ERROR) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#endif
if (wc_FreeRsaKey(&key) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_RsaPublicKeyDecodeRaw */
#if (!defined(NO_RSA) || !defined(HAVE_FAST_RSA)) && defined(WOLFSSL_KEY_GEN)
/* In FIPS builds, wc_MakeRsaKey() will return an error if it cannot find
* a probable prime in 5*(modLen/2) attempts. In non-FIPS builds, it keeps
* trying until it gets a probable prime. */
#ifdef HAVE_FIPS
static int MakeRsaKeyRetry(RsaKey* key, int size, long e, WC_RNG* rng)
{
int ret;
for (;;) {
ret = wc_MakeRsaKey(key, size, e, rng);
if (ret != PRIME_GEN_E) break;
printf("MakeRsaKey couldn't find prime; trying again.\n");
}
return ret;
}
#define MAKE_RSA_KEY(a, b, c, d) MakeRsaKeyRetry(a, b, c, d)
#else
#define MAKE_RSA_KEY(a, b, c, d) wc_MakeRsaKey(a, b, c, d)
#endif
#endif
/*
* Testing wc_MakeRsaKey()
*/
static int test_wc_MakeRsaKey (void)
{
int ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
RsaKey genKey;
WC_RNG rng;
#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
int bits = 1024;
#else
int bits = 2048;
#endif
printf(testingFmt, "wc_MakeRsaKey()");
ret = wc_InitRsaKey(&genKey, NULL);
if (ret == 0) {
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, &rng);
if (ret == 0 && wc_FreeRsaKey(&genKey) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
#ifndef HAVE_USER_RSA
/* Test bad args. */
if (ret == 0) {
ret = MAKE_RSA_KEY(NULL, bits, WC_RSA_EXPONENT, &rng);
if (ret == BAD_FUNC_ARG) {
ret = MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, NULL);
}
if (ret == BAD_FUNC_ARG) {
/* e < 3 */
ret = MAKE_RSA_KEY(&genKey, bits, 2, &rng);
}
if (ret == BAD_FUNC_ARG) {
/* e & 1 == 0 */
ret = MAKE_RSA_KEY(&genKey, bits, 6, &rng);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#else
/* Test bad args. */
if (ret == 0) {
ret = MAKE_RSA_KEY(NULL, bits, WC_RSA_EXPONENT, &rng);
if (ret == USER_CRYPTO_ERROR) {
ret = MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, NULL);
}
if (ret == USER_CRYPTO_ERROR) {
/* e < 3 */
ret = MAKE_RSA_KEY(&genKey, bits, 2, &rng);
}
if (ret == USER_CRYPTO_ERROR) {
/* e & 1 == 0 */
ret = MAKE_RSA_KEY(&genKey, bits, 6, &rng);
}
if (ret == USER_CRYPTO_ERROR) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#endif
if (wc_FreeRng(&rng) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_MakeRsaKey */
/*
* Test the bounds checking on the cipher text versus the key modulus.
* 1. Make a new RSA key.
* 2. Set c to 1.
* 3. Decrypt c into k. (error)
* 4. Copy the key modulus to c and sub 1 from the copy.
* 5. Decrypt c into k. (error)
* Valid bounds test cases are covered by all the other RSA tests.
*/
static int test_RsaDecryptBoundsCheck(void)
{
int ret = 0;
#if !defined(NO_RSA) && defined(WC_RSA_NO_PADDING) && \
(defined(USE_CERT_BUFFERS_1024) || defined(USE_CERT_BUFFERS_2048)) && \
defined(WOLFSSL_PUBLIC_MP) && !defined(NO_RSA_BOUNDS_CHECK)
RsaKey key;
byte flatC[256];
word32 flatCSz;
byte out[256];
word32 outSz = sizeof(out);
WC_RNG rng;
printf(testingFmt, "RSA decrypt bounds check");
XMEMSET(&rng, 0, sizeof(rng));
ret = wc_InitRng(&rng);
if (ret == 0)
ret = wc_InitRsaKey(&key, NULL);
if (ret == 0) {
const byte* derKey;
word32 derKeySz;
word32 idx = 0;
#ifdef USE_CERT_BUFFERS_1024
derKey = server_key_der_1024;
derKeySz = (word32)sizeof_server_key_der_1024;
flatCSz = 128;
#else
derKey = server_key_der_2048;
derKeySz = (word32)sizeof_server_key_der_2048;
flatCSz = 256;
#endif
ret = wc_RsaPrivateKeyDecode(derKey, &idx, &key, derKeySz);
}
if (ret == 0) {
XMEMSET(flatC, 0, flatCSz);
flatC[flatCSz-1] = 1;
ret = wc_RsaDirect(flatC, flatCSz, out, &outSz, &key,
RSA_PRIVATE_DECRYPT, &rng);
if (ret == RSA_OUT_OF_RANGE_E) {
mp_int c;
mp_init_copy(&c, &key.n);
mp_sub_d(&c, 1, &c);
mp_to_unsigned_bin(&c, flatC);
ret = wc_RsaDirect(flatC, flatCSz, out, &outSz, &key,
RSA_PRIVATE_DECRYPT, NULL);
mp_clear(&c);
}
if (ret == RSA_OUT_OF_RANGE_E)
ret = 0;
else
ret = WOLFSSL_FATAL_ERROR;
}
if (wc_FreeRsaKey(&key) || wc_FreeRng(&rng) || ret != 0)
ret = WOLFSSL_FATAL_ERROR;
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_RsaDecryptBoundsCheck */
/*
* Testing wc_SetKeyUsage()
*/
static int test_wc_SetKeyUsage (void)
{
int ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) && !defined(HAVE_FIPS)
Cert myCert;
ret = wc_InitCert(&myCert);
printf(testingFmt, "wc_SetKeyUsage()");
if (ret == 0) {
ret = wc_SetKeyUsage(&myCert, "keyEncipherment,keyAgreement");
if (ret == 0) {
ret = wc_SetKeyUsage(&myCert, "digitalSignature,nonRepudiation");
}
if (ret == 0) {
ret = wc_SetKeyUsage(&myCert, "contentCommitment,encipherOnly");
}
if (ret == 0) {
ret = wc_SetKeyUsage(&myCert, "decipherOnly");
}
if (ret == 0) {
ret = wc_SetKeyUsage(&myCert, "cRLSign,keyCertSign");
}
}
/* Test bad args. */
if (ret == 0) {
ret = wc_SetKeyUsage(NULL, "decipherOnly");
if (ret == BAD_FUNC_ARG) {
ret = wc_SetKeyUsage(&myCert, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_SetKeyUsage(&myCert, "");
}
if (ret == KEYUSAGE_E) {
ret = wc_SetKeyUsage(&myCert, ",");
}
if (ret == KEYUSAGE_E) {
ret = wc_SetKeyUsage(&myCert, "digitalSignature, cRLSign");
}
if (ret == KEYUSAGE_E) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_SetKeyUsage */
/*
* Testing wc_CheckProbablePrime()
*/
static int test_wc_CheckProbablePrime (void)
{
int ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \
!defined(HAVE_FIPS) && defined(WC_RSA_BLINDING)
#define CHECK_PROBABLE_PRIME_KEY_BITS 2048
RsaKey key;
WC_RNG rng;
byte e[3];
word32 eSz = (word32)sizeof(e);
byte n[CHECK_PROBABLE_PRIME_KEY_BITS / 8];
word32 nSz = (word32)sizeof(n);
byte d[CHECK_PROBABLE_PRIME_KEY_BITS / 8];
word32 dSz = (word32)sizeof(d);
byte p[CHECK_PROBABLE_PRIME_KEY_BITS / 8 / 2];
word32 pSz = (word32)sizeof(p);
byte q[CHECK_PROBABLE_PRIME_KEY_BITS / 8 / 2];
word32 qSz = (word32)sizeof(q);
int nlen = CHECK_PROBABLE_PRIME_KEY_BITS;
int* isPrime;
int test[5];
isPrime = test;
printf(testingFmt, "wc_CheckProbablePrime()");
ret = wc_InitRsaKey(&key, NULL);
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = wc_RsaSetRNG(&key, &rng);
}
if (ret == 0) {
ret = wc_MakeRsaKey(&key, CHECK_PROBABLE_PRIME_KEY_BITS, WC_RSA_EXPONENT, &rng);
}
if (ret == 0) {
PRIVATE_KEY_UNLOCK();
ret = wc_RsaExportKey(&key, e, &eSz, n, &nSz, d, &dSz,
p, &pSz, q, &qSz);
PRIVATE_KEY_LOCK();
}
/* Bad cases */
if (ret == 0) {
ret = wc_CheckProbablePrime(NULL, pSz, q, qSz, e, eSz,
nlen, isPrime);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_CheckProbablePrime(p, 0, q, qSz, e, eSz,
nlen, isPrime);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_CheckProbablePrime(p, pSz, NULL, qSz, e, eSz,
nlen, isPrime);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_CheckProbablePrime(p, pSz, q, 0, e, eSz,
nlen, isPrime);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_CheckProbablePrime(p, pSz, q, qSz, NULL, eSz,
nlen, isPrime);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_CheckProbablePrime(p, pSz, q, qSz, e, 0,
nlen, isPrime);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_CheckProbablePrime(NULL, 0, NULL, 0, NULL, 0,
nlen, isPrime);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
/* Good case */
if (ret == 0) {
ret = wc_CheckProbablePrime(p, pSz, q, qSz, e, eSz,
nlen, isPrime);
}
wc_FreeRsaKey(&key);
wc_FreeRng(&rng);
printf(resultFmt, ret == 0 ? passed : failed);
#undef CHECK_PROBABLE_PRIME_KEY_BITS
#endif
return ret;
} /* END test_wc_CheckProbablePrime */
/*
* Testing wc_RsaPSS_Verify()
*/
static int test_wc_RsaPSS_Verify (void)
{
int ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \
!defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) && defined(WC_RSA_PSS)
RsaKey key;
WC_RNG rng;
int sz = 256;
byte* pt;
const char* szMessage = "This is the string to be signed";
unsigned char pSignature[2048/8]; /* 2048 is RSA_KEY_SIZE */
unsigned char pDecrypted[2048/8];
word32 outLen = sizeof(pDecrypted);
pt = pDecrypted;
printf(testingFmt, "wc_RsaPSS_Verify()");
ret = wc_InitRsaKey(&key, NULL);
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = wc_RsaSetRNG(&key, &rng);
}
if (ret == 0) {
ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
}
if (ret == 0) {
ret = wc_RsaPSS_Sign((byte*)szMessage, (word32)XSTRLEN(szMessage)+1,
pSignature, sizeof(pSignature),
WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
if (ret > 0 ){
sz = ret;
ret = 0;
}
}
/* Bad cases */
if (ret == 0) {
ret = wc_RsaPSS_Verify(NULL, sz, pt, outLen,
WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_RsaPSS_Verify(pSignature, 0, pt, outLen,
WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_RsaPSS_Verify(pSignature, sz, NULL, outLen,
WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_RsaPSS_Verify(NULL, 0, NULL, outLen,
WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
/* Good case */
if (ret == 0) {
ret = wc_RsaPSS_Verify(pSignature, sz, pt, outLen,
WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
if (ret > 0) {
ret = 0;
}
}
wc_FreeRsaKey(&key);
wc_FreeRng(&rng);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_RsaPSS_Verify */
/*
* Testing wc_RsaPSS_VerifyCheck()
*/
static int test_wc_RsaPSS_VerifyCheck (void)
{
int ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \
!defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) && defined(WC_RSA_PSS)
RsaKey key;
WC_RNG rng;
int sz = 256; /* 2048/8 */
byte* pt;
byte digest[32];
word32 digestSz = sizeof(digest);
unsigned char pSignature[2048/8]; /* 2048 is RSA_KEY_SIZE */
word32 pSignatureSz = sizeof(pSignature);
unsigned char pDecrypted[2048/8];
word32 outLen = sizeof(pDecrypted);
pt = pDecrypted;
printf(testingFmt, "wc_RsaPSS_VerifyCheck()");
XMEMSET(digest, 0, sizeof(digest));
XMEMSET(pSignature, 0, sizeof(pSignature));
ret = wc_InitRsaKey(&key, NULL);
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = wc_RsaSetRNG(&key, &rng);
}
if (ret == 0) {
ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
}
if (ret == 0) {
digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256);
ret = wc_Hash(WC_HASH_TYPE_SHA256, pSignature, sz, digest, digestSz);
}
if (ret == 0) {
ret = wc_RsaPSS_Sign(digest, digestSz, pSignature, pSignatureSz,
WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
if (ret > 0 ){
sz = ret;
ret = 0;
}
}
/* Bad cases */
if (ret == 0) {
ret = wc_RsaPSS_VerifyCheck(NULL, sz, pt, outLen,
digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_RsaPSS_VerifyCheck(pSignature, 0, pt, outLen,
digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_RsaPSS_VerifyCheck(pSignature, sz, NULL, outLen,
digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_RsaPSS_VerifyCheck(NULL, 0, NULL, outLen,
digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
/* Good case */
if (ret == 0) {
ret = wc_RsaPSS_VerifyCheck(pSignature, sz, pt, outLen,
digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
if (ret > 0) {
ret = 0;
}
}
wc_FreeRsaKey(&key);
wc_FreeRng(&rng);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_RsaPSS_VerifyCheck */
/*
* Testing wc_RsaPSS_VerifyCheckInline()
*/
static int test_wc_RsaPSS_VerifyCheckInline (void)
{
int ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \
!defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) && defined(WC_RSA_PSS)
RsaKey key;
WC_RNG rng;
int sz = 256;
byte* pt;
byte digest[32];
word32 digestSz = sizeof(digest);
unsigned char pSignature[2048/8]; /* 2048 is RSA_KEY_SIZE */
unsigned char pDecrypted[2048/8];
pt = pDecrypted;
printf(testingFmt, "wc_RsaPSS_VerifyCheckInline()");
ret = wc_InitRsaKey(&key, NULL);
XMEMSET(digest, 0, sizeof(digest));
XMEMSET(pSignature, 0, sizeof(pSignature));
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = wc_RsaSetRNG(&key, &rng);
}
if (ret == 0) {
ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
}
if (ret == 0) {
digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256);
ret = wc_Hash(WC_HASH_TYPE_SHA256, pSignature, sz, digest, digestSz);
}
if (ret == 0) {
ret = wc_RsaPSS_Sign(digest, digestSz, pSignature, sizeof(pSignature),
WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
if (ret > 0 ){
sz = ret;
ret = 0;
}
}
/* Bad Cases */
if (ret == 0) {
ret = wc_RsaPSS_VerifyCheckInline(NULL, sz, &pt,
digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_RsaPSS_VerifyCheckInline(pSignature, 0, NULL,
digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_RsaPSS_VerifyCheckInline(NULL, 0, &pt,
digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_RsaPSS_VerifyCheckInline(pSignature, sz, &pt,
digest, digestSz, WC_HASH_TYPE_SHA, WC_MGF1SHA256, &key);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
/* Good case */
if (ret == 0) {
ret = wc_RsaPSS_VerifyCheckInline(pSignature, sz, &pt,
digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
if (ret > 0) {
ret = 0;
}
}
wc_FreeRsaKey(&key);
wc_FreeRng(&rng);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_RsaPSS_VerifyCheckInline */
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
static void sample_mutex_cb (int flag, int type, const char* file, int line)
{
(void)flag;
(void)type;
(void)file;
(void)line;
}
#endif
/*
* Testing wc_LockMutex_ex
*/
static int test_wc_LockMutex_ex (void)
{
int ret = 0;
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
int flag = CRYPTO_LOCK;
int type = 0;
const char* file = "./test-LockMutex_ex.txt";
int line = 0;
printf(testingFmt, "wc_LockMutex_ex()");
/*without SetMutexCb*/
ret = wc_LockMutex_ex(flag, type, file, line);
if (ret == BAD_STATE_E) {
ret = 0;
}
/*with SetMutexCb*/
if (ret == 0) {
ret = wc_SetMutexCb(sample_mutex_cb);
if (ret == 0) {
ret = wc_LockMutex_ex(flag, type, file, line);
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
}/*End test_wc_LockMutex_ex*/
/*
* Testing wc_SetMutexCb
*/
static int test_wc_SetMutexCb (void)
{
int ret = 0;
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
printf(testingFmt, "wc_SetMutexCb()");
ret = wc_SetMutexCb(sample_mutex_cb);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
}/*End test_wc_SetMutexCb*/
/*
* Testing wc_RsaKeyToDer()
*/
static int test_wc_RsaKeyToDer (void)
{
int ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
RsaKey genKey;
WC_RNG rng;
byte* der;
#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
int bits = 1024;
word32 derSz = 611;
/* (2 x 128) + 2 (possible leading 00) + (5 x 64) + 5 (possible leading 00)
+ 3 (e) + 8 (ASN tag) + 10 (ASN length) + 4 seqSz + 3 version */
#else
int bits = 2048;
word32 derSz = 1196;
/* (2 x 256) + 2 (possible leading 00) + (5 x 128) + 5 (possible leading 00)
+ 3 (e) + 8 (ASN tag) + 17 (ASN length) + 4 seqSz + 3 version */
#endif
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&genKey, 0, sizeof(genKey));
der = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (der == NULL) {
ret = WOLFSSL_FATAL_ERROR;
}
/* Init structures. */
if (ret == 0) {
ret = wc_InitRsaKey(&genKey, NULL);
}
if (ret == 0) {
ret = wc_InitRng(&rng);
}
/* Make key. */
if (ret == 0) {
ret = MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, &rng);
if (ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(testingFmt, "wc_RsaKeyToDer()");
if (ret == 0) {
ret = wc_RsaKeyToDer(&genKey, der, derSz);
if (ret > 0) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#ifndef HAVE_USER_RSA
/* Pass good/bad args. */
if (ret == 0) {
ret = wc_RsaKeyToDer(NULL, der, FOURK_BUF);
if (ret == BAD_FUNC_ARG) {
/* Get just the output length */
ret = wc_RsaKeyToDer(&genKey, NULL, 0);
}
if (ret > 0) {
/* Try Public Key. */
genKey.type = 0;
ret = wc_RsaKeyToDer(&genKey, der, FOURK_BUF);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#else
/* Pass good/bad args. */
if (ret == 0) {
ret = wc_RsaKeyToDer(NULL, der, FOURK_BUF);
if (ret == USER_CRYPTO_ERROR) {
/* Get just the output length */
ret = wc_RsaKeyToDer(&genKey, NULL, 0);
}
if (ret > 0) {
/* Try Public Key. */
genKey.type = 0;
ret = wc_RsaKeyToDer(&genKey, der, FOURK_BUF);
}
if (ret == USER_CRYPTO_ERROR) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#endif
if (der != NULL) {
XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
if (wc_FreeRsaKey(&genKey) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
if (wc_FreeRng(&rng) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_RsaKeyToDer */
/*
* Testing wc_RsaKeyToPublicDer()
*/
static int test_wc_RsaKeyToPublicDer (void)
{
int ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
RsaKey key;
WC_RNG rng;
byte* der;
#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
int bits = 1024;
word32 derLen = 162;
#else
int bits = 2048;
word32 derLen = 294;
#endif
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
der = (byte*)XMALLOC(derLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (der == NULL) {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
ret = wc_InitRsaKey(&key, NULL);
}
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng);
}
printf(testingFmt, "wc_RsaKeyToPublicDer()");
if (ret == 0) {
/* test getting size only */
ret = wc_RsaKeyToPublicDer(&key, NULL, derLen);
if (ret >= 0)
ret = 0;
}
if (ret == 0) {
ret = wc_RsaKeyToPublicDer(&key, der, derLen);
if (ret >= 0) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (ret == 0) {
/* test getting size only */
ret = wc_RsaKeyToPublicDer_ex(&key, NULL, derLen, 0);
if (ret >= 0)
ret = 0;
}
if (ret == 0) {
ret = wc_RsaKeyToPublicDer_ex(&key, der, derLen, 0);
if (ret >= 0) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#ifndef HAVE_USER_RSA
/* Pass in bad args. */
if (ret == 0) {
ret = wc_RsaKeyToPublicDer(NULL, der, derLen);
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaKeyToPublicDer(&key, der, -1);
}
if (ret == BUFFER_E || ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#else
/* Pass in bad args. */
if (ret == 0) {
ret = wc_RsaKeyToPublicDer(NULL, der, derLen);
if (ret == USER_CRYPTO_ERROR) {
ret = wc_RsaKeyToPublicDer(&key, der, -1);
}
if (ret == USER_CRYPTO_ERROR) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#endif
if (der != NULL) {
XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
if (wc_FreeRsaKey(&key) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
if (wc_FreeRng(&rng) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_RsaKeyToPublicDer */
/*
* Testing wc_RsaPublicEncrypt() and wc_RsaPrivateDecrypt()
*/
static int test_wc_RsaPublicEncryptDecrypt (void)
{
int ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
RsaKey key;
WC_RNG rng;
const char inStr[] = TEST_STRING;
const word32 plainLen = (word32)TEST_STRING_SZ;
const word32 inLen = (word32)TEST_STRING_SZ;
int bits = TEST_RSA_BITS;
const word32 cipherLen = TEST_RSA_BYTES;
word32 cipherLenResult = cipherLen;
WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL);
WC_DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL);
WC_DECLARE_VAR(cipher, byte, TEST_RSA_BYTES, NULL);
#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
if (in == NULL || plain == NULL || cipher == NULL) {
printf("test_wc_RsaPublicEncryptDecrypt malloc failed\n");
return MEMORY_E;
}
#endif
XMEMCPY(in, inStr, inLen);
ret = wc_InitRsaKey(&key, NULL);
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng);
}
/* Encrypt. */
printf(testingFmt, "wc_RsaPublicEncrypt()");
if (ret == 0) {
ret = wc_RsaPublicEncrypt(in, inLen, cipher, cipherLen, &key, &rng);
if (ret >= 0) {
cipherLenResult = ret;
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Pass bad args. */
/* Tests PsaPublicEncryptEx() which, is tested by another fn. No need dup.*/
printf(resultFmt, ret == 0 ? passed : failed);
if (ret != 0) {
return ret;
}
/* Decrypt */
printf(testingFmt, "wc_RsaPrivateDecrypt()");
#if defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS)
/* Bind rng */
if (ret == 0) {
ret = wc_RsaSetRNG(&key, &rng);
}
#endif
if (ret == 0) {
ret = wc_RsaPrivateDecrypt(cipher, cipherLenResult, plain, plainLen, &key);
}
if (ret >= 0) {
ret = XMEMCMP(plain, inStr, plainLen);
}
/* Pass in bad args. */
/* Tests RsaPrivateDecryptEx() which, is tested by another fn. No need dup.*/
WC_FREE_VAR(in, NULL);
WC_FREE_VAR(plain, NULL);
WC_FREE_VAR(cipher, NULL);
if (wc_FreeRsaKey(&key) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
if (wc_FreeRng(&rng) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_RsaPublicEncryptDecrypt */
/*
* Testing wc_RsaPrivateDecrypt_ex() and wc_RsaPrivateDecryptInline_ex()
*/
static int test_wc_RsaPublicEncryptDecrypt_ex (void)
{
int ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS)\
&& !defined(WC_NO_RSA_OAEP) && !defined(HAVE_USER_RSA)\
&& !defined(NO_SHA)
RsaKey key;
WC_RNG rng;
const char inStr[] = TEST_STRING;
const word32 inLen = (word32)TEST_STRING_SZ;
const word32 plainSz = (word32)TEST_STRING_SZ;
byte* res = NULL;
int idx = 0;
int bits = TEST_RSA_BITS;
const word32 cipherSz = TEST_RSA_BYTES;
WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL);
WC_DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL);
WC_DECLARE_VAR(cipher, byte, TEST_RSA_BYTES, NULL);
#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
if (in == NULL || plain == NULL || cipher == NULL) {
printf("test_wc_RsaPublicEncryptDecrypt_exmalloc failed\n");
return MEMORY_E;
}
#endif
XMEMCPY(in, inStr, inLen);
/* Initialize stack structures. */
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
ret = wc_InitRsaKey_ex(&key, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng);
}
/* Encrypt */
printf(testingFmt, "wc_RsaPublicEncrypt_ex()");
if (ret == 0) {
ret = wc_RsaPublicEncrypt_ex(in, inLen, cipher, cipherSz, &key, &rng,
WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
if (ret >= 0) {
idx = ret;
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
/*Pass bad args.*/
/* Tests RsaPublicEncryptEx again. No need duplicate. */
printf(resultFmt, ret == 0 ? passed : failed);
if (ret != 0) {
return ret;
}
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
/* Decrypt */
printf(testingFmt, "wc_RsaPrivateDecrypt_ex()");
#if defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS)
if (ret == 0) {
ret = wc_RsaSetRNG(&key, &rng);
}
#endif
if (ret == 0) {
ret = wc_RsaPrivateDecrypt_ex(cipher, (word32)idx,
plain, plainSz, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA,
WC_MGF1SHA1, NULL, 0);
}
if (ret >= 0) {
if (!XMEMCMP(plain, inStr, plainSz)) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
/*Pass bad args.*/
/* Tests RsaPrivateDecryptEx() again. No need duplicate. */
printf(resultFmt, ret == 0 ? passed : failed);
if (ret != 0) {
return ret;
}
printf(testingFmt, "wc_RsaPrivateDecryptInline_ex()");
if (ret == 0) {
ret = wc_RsaPrivateDecryptInline_ex(cipher, (word32)idx,
&res, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA,
WC_MGF1SHA1, NULL, 0);
if (ret >= 0) {
if (!XMEMCMP(inStr, res, plainSz)) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
#endif
WC_FREE_VAR(in, NULL);
WC_FREE_VAR(plain, NULL);
WC_FREE_VAR(cipher, NULL);
if (wc_FreeRsaKey(&key) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
if (wc_FreeRng(&rng) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_RsaPublicEncryptDecrypt_ex */
/*
* Tesing wc_RsaSSL_Sign() and wc_RsaSSL_Verify()
*/
static int test_wc_RsaSSL_SignVerify (void)
{
int ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
RsaKey key;
WC_RNG rng;
const char inStr[] = TEST_STRING;
const word32 plainSz = (word32)TEST_STRING_SZ;
const word32 inLen = (word32)TEST_STRING_SZ;
word32 idx = 0;
int bits = TEST_RSA_BITS;
const word32 outSz = TEST_RSA_BYTES;
WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL);
WC_DECLARE_VAR(out, byte, TEST_RSA_BYTES, NULL);
WC_DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL);
#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
if (in == NULL || out == NULL || plain == NULL) {
printf("test_wc_RsaSSL_SignVerify failed\n");
return MEMORY_E;
}
#endif
XMEMCPY(in, inStr, inLen);
ret = wc_InitRsaKey(&key, NULL);
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng);
}
/* Sign. */
printf(testingFmt, "wc_RsaSSL_Sign()");
if (ret == 0) {
ret = wc_RsaSSL_Sign(in, inLen, out, outSz, &key, &rng);
if (ret == (int)outSz) {
idx = ret;
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#ifndef HAVE_USER_RSA
/* Test bad args. */
if (ret == 0) {
ret = wc_RsaSSL_Sign(NULL, inLen, out, outSz, &key, &rng);
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaSSL_Sign(in, 0, out, outSz, &key, &rng);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaSSL_Sign(in, inLen, NULL, outSz, &key, &rng);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaSSL_Sign(in, inLen, out, outSz, NULL, &rng);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#else
/* Test bad args. */
if (ret == 0) {
ret = wc_RsaSSL_Sign(NULL, inLen, out, outSz, &key, &rng);
if (ret == USER_CRYPTO_ERROR) {
ret = wc_RsaSSL_Sign(in, 0, out, outSz, &key, &rng);
}
if (ret == USER_CRYPTO_ERROR) {
ret = wc_RsaSSL_Sign(in, inLen, NULL, outSz, &key, &rng);
}
if (ret == USER_CRYPTO_ERROR) {
ret = wc_RsaSSL_Sign(in, inLen, out, outSz, NULL, &rng);
}
if (ret == USER_CRYPTO_ERROR) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#endif
printf(resultFmt, ret == 0 ? passed : failed);
if (ret != 0) {
return ret;
}
/* Verify. */
printf(testingFmt, "wc_RsaSSL_Verify()");
if (ret == 0) {
ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, &key);
if (ret == (int)inLen) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#ifndef HAVE_USER_RSA
/* Pass bad args. */
if (ret == 0) {
ret = wc_RsaSSL_Verify(NULL, idx, plain, plainSz, &key);
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaSSL_Verify(out, 0, plain, plainSz, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaSSL_Verify(out, idx, NULL, plainSz, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#else
/* Pass bad args. */
if (ret == 0) {
ret = wc_RsaSSL_Verify(NULL, idx, plain, plainSz, &key);
if (ret == USER_CRYPTO_ERROR) {
ret = wc_RsaSSL_Verify(out, 0, plain, plainSz, &key);
}
if (ret == USER_CRYPTO_ERROR) {
ret = wc_RsaSSL_Verify(out, idx, NULL, plainSz, &key);
}
if (ret == USER_CRYPTO_ERROR) {
ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, NULL);
}
if (ret == USER_CRYPTO_ERROR) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#endif
WC_FREE_VAR(in, NULL);
WC_FREE_VAR(out, NULL);
WC_FREE_VAR(plain, NULL);
if (wc_FreeRsaKey(&key) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
if (wc_FreeRng(&rng) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_RsaSSL_SignVerify */
/*
* Testing wc_RsaEncryptSize()
*/
static int test_wc_RsaEncryptSize (void)
{
int ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
RsaKey key;
WC_RNG rng;
ret = wc_InitRsaKey(&key, NULL);
if (ret == 0) {
ret = wc_InitRng(&rng);
}
printf(testingFmt, "wc_RsaEncryptSize()");
#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
if (ret == 0) {
ret = MAKE_RSA_KEY(&key, 1024, WC_RSA_EXPONENT, &rng);
if (ret == 0) {
ret = wc_RsaEncryptSize(&key);
}
if (ret == 128) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (wc_FreeRsaKey(&key) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
} else {
ret = 0;
}
#endif
if (ret == 0) {
ret = MAKE_RSA_KEY(&key, 2048, WC_RSA_EXPONENT, &rng);
if (ret == 0) {
ret = wc_RsaEncryptSize(&key);
}
if (ret == 256) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Pass in bad arg. */
if (ret == 0) {
ret = wc_RsaEncryptSize(NULL);
#ifndef HAVE_USER_RSA
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
#endif
}
if (wc_FreeRsaKey(&key) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
if (wc_FreeRng(&rng) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_RsaEncryptSize*/
/*
* Testing wc_RsaFlattenPublicKey()
*/
static int test_wc_RsaFlattenPublicKey (void)
{
int ret = 0;
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
RsaKey key;
WC_RNG rng;
byte e[256];
byte n[256];
word32 eSz = sizeof(e);
word32 nSz = sizeof(n);
#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))
int bits = 1024;
#else
int bits = 2048;
#endif
ret = wc_InitRsaKey(&key, NULL);
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng);
if (ret >= 0) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(testingFmt, "wc_RsaFlattenPublicKey()");
if (ret == 0) {
ret = wc_RsaFlattenPublicKey(&key, e, &eSz, n, &nSz);
}
#ifndef HAVE_USER_RSA
/* Pass bad args. */
if (ret == 0) {
ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz);
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaFlattenPublicKey(&key, NULL, &eSz, n, &nSz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaFlattenPublicKey(&key, e, NULL, n, &nSz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaFlattenPublicKey(&key, e, &eSz, NULL, &nSz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaFlattenPublicKey(&key, e, &eSz, n, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#else
/* Pass bad args. */
if (ret == 0) {
ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz);
if (ret == USER_CRYPTO_ERROR) {
ret = wc_RsaFlattenPublicKey(&key, NULL, &eSz, n, &nSz);
}
if (ret == USER_CRYPTO_ERROR) {
ret = wc_RsaFlattenPublicKey(&key, e, NULL, n, &nSz);
}
if (ret == USER_CRYPTO_ERROR) {
ret = wc_RsaFlattenPublicKey(&key, e, &eSz, NULL, &nSz);
}
if (ret == USER_CRYPTO_ERROR) {
ret = wc_RsaFlattenPublicKey(&key, e, &eSz, n, NULL);
}
if (ret == USER_CRYPTO_ERROR) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#endif
if (wc_FreeRsaKey(&key) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
if (wc_FreeRng(&rng) || ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_RsaFlattenPublicKey */
/*
* unit test for wc_AesCcmSetKey
*/
static int test_wc_AesCcmSetKey (void)
{
int ret = 0;
#ifdef HAVE_AESCCM
Aes aes;
const byte key16[] =
{
0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
};
const byte key24[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
};
const byte key32[] =
{
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
};
printf(testingFmt, "wc_AesCcmSetKey()");
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
#ifdef WOLFSSL_AES_128
ret = wc_AesCcmSetKey(&aes, key16, sizeof(key16));
#endif
#ifdef WOLFSSL_AES_192
if (ret == 0) {
ret = wc_AesCcmSetKey(&aes, key24, sizeof(key24));
}
#endif
#ifdef WOLFSSL_AES_256
if (ret == 0) {
ret = wc_AesCcmSetKey(&aes, key32, sizeof(key32));
}
#endif
/* Test bad args. */
if (ret == 0) {
ret = wc_AesCcmSetKey(&aes, key16, sizeof(key16) - 1);
if (ret == BAD_FUNC_ARG) {
ret = wc_AesCcmSetKey(&aes, key24, sizeof(key24) - 1);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_AesCcmSetKey(&aes, key32, sizeof(key32) - 1);
}
if (ret != BAD_FUNC_ARG) {
ret = WOLFSSL_FATAL_ERROR;
} else {
ret = 0;
}
}
wc_AesFree(&aes);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_AesCcmSetKey */
/*
* Unit test function for wc_AesCcmEncrypt and wc_AesCcmDecrypt
*/
static int test_wc_AesCcmEncryptDecrypt (void)
{
int ret = 0;
#if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
Aes aes;
const byte key16[] =
{
0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
};
/* plaintext */
const byte plainT[] =
{
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e
};
/* nonce */
const byte iv[] =
{
0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0,
0xa1, 0xa2, 0xa3, 0xa4, 0xa5
};
const byte c[] = /* cipher text. */
{
0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84
};
const byte t[] = /* Auth tag */
{
0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0
};
const byte authIn[] =
{
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
};
byte cipherOut[sizeof(plainT)];
byte authTag[sizeof(t)];
int ccmE = WOLFSSL_FATAL_ERROR;
#ifdef HAVE_AES_DECRYPT
int ccmD = WOLFSSL_FATAL_ERROR;
byte plainOut[sizeof(cipherOut)];
#endif
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
if (ret != 0)
return ret;
ret = wc_AesCcmSetKey(&aes, key16, sizeof(key16));
if (ret == 0) {
ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
iv, sizeof(iv), authTag, sizeof(authTag),
authIn , sizeof(authIn));
if ((XMEMCMP(cipherOut, c, sizeof(c)) && ccmE == 0) ||
XMEMCMP(t, authTag, sizeof(t))) {
ccmE = WOLFSSL_FATAL_ERROR;
ret = WOLFSSL_FATAL_ERROR;
}
#ifdef HAVE_AES_DECRYPT
if (ret == 0) {
ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut,
sizeof(plainOut), iv, sizeof(iv),
authTag, sizeof(authTag),
authIn, sizeof(authIn));
if (XMEMCMP(plainOut, plainT, sizeof(plainT)) && ccmD == 0) {
ccmD = WOLFSSL_FATAL_ERROR;
}
}
#endif
}
printf(testingFmt, "wc_AesCcmEncrypt()");
/* Pass in bad args. Encrypt*/
if (ret == 0 && ccmE == 0) {
ccmE = wc_AesCcmEncrypt(NULL, cipherOut, plainT, sizeof(cipherOut),
iv, sizeof(iv), authTag, sizeof(authTag),
authIn , sizeof(authIn));
if (ccmE == BAD_FUNC_ARG) {
ccmE = wc_AesCcmEncrypt(&aes, NULL, plainT, sizeof(cipherOut),
iv, sizeof(iv), authTag, sizeof(authTag),
authIn , sizeof(authIn));
}
if (ccmE == BAD_FUNC_ARG) {
ccmE = wc_AesCcmEncrypt(&aes, cipherOut, NULL, sizeof(cipherOut),
iv, sizeof(iv), authTag, sizeof(authTag),
authIn , sizeof(authIn));
}
if (ccmE == BAD_FUNC_ARG) {
ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
NULL, sizeof(iv), authTag, sizeof(authTag),
authIn , sizeof(authIn));
}
if (ccmE == BAD_FUNC_ARG) {
ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
iv, sizeof(iv), NULL, sizeof(authTag),
authIn , sizeof(authIn));
}
if (ccmE == BAD_FUNC_ARG) {
ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
iv, sizeof(iv) + 1, authTag, sizeof(authTag),
authIn , sizeof(authIn));
}
if (ccmE == BAD_FUNC_ARG) {
ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
iv, sizeof(iv) - 7, authTag, sizeof(authTag),
authIn , sizeof(authIn));
}
if (ccmE != BAD_FUNC_ARG) {
ccmE = WOLFSSL_FATAL_ERROR;
} else {
ccmE = 0;
}
} /* End Encrypt */
printf(resultFmt, ccmE == 0 ? passed : failed);
if (ccmE != 0) {
wc_AesFree(&aes);
return ccmE;
}
#ifdef HAVE_AES_DECRYPT
printf(testingFmt, "wc_AesCcmDecrypt()");
/* Pass in bad args. Decrypt*/
if (ret == 0 && ccmD == 0) {
ccmD = wc_AesCcmDecrypt(NULL, plainOut, cipherOut, sizeof(plainOut),
iv, sizeof(iv), authTag, sizeof(authTag),
authIn, sizeof(authIn));
if (ccmD == BAD_FUNC_ARG) {
ccmD = wc_AesCcmDecrypt(&aes, NULL, cipherOut, sizeof(plainOut),
iv, sizeof(iv), authTag, sizeof(authTag),
authIn, sizeof(authIn));
}
if (ccmD == BAD_FUNC_ARG) {
ccmD = wc_AesCcmDecrypt(&aes, plainOut, NULL, sizeof(plainOut),
iv, sizeof(iv), authTag, sizeof(authTag),
authIn, sizeof(authIn));
}
if (ccmD == BAD_FUNC_ARG) {
ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut,
sizeof(plainOut), NULL, sizeof(iv),
authTag, sizeof(authTag),
authIn, sizeof(authIn));
}
if (ccmD == BAD_FUNC_ARG) {
ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut,
sizeof(plainOut), iv, sizeof(iv), NULL,
sizeof(authTag), authIn, sizeof(authIn));
}
if (ccmD == BAD_FUNC_ARG) {
ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut,
sizeof(plainOut), iv, sizeof(iv) + 1,
authTag, sizeof(authTag),
authIn, sizeof(authIn));
}
if (ccmD == BAD_FUNC_ARG) {
ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut,
sizeof(plainOut), iv, sizeof(iv) - 7,
authTag, sizeof(authTag),
authIn, sizeof(authIn));
}
if (ccmD != BAD_FUNC_ARG) {
ccmD = WOLFSSL_FATAL_ERROR;
} else {
ccmD = 0;
}
} /* END Decrypt */
printf(resultFmt, ccmD == 0 ? passed : failed);
if (ccmD != 0) {
return ccmD;
}
#endif
wc_AesFree(&aes);
#endif /* HAVE_AESCCM */
return ret;
} /* END test_wc_AesCcmEncryptDecrypt */
/*
* Testing wc_InitDsaKey()
*/
static int test_wc_InitDsaKey (void)
{
int ret = 0;
#ifndef NO_DSA
DsaKey key;
printf(testingFmt, "wc_InitDsaKey()");
ret = wc_InitDsaKey(&key);
/* Pass in bad args. */
if (ret == 0) {
ret = wc_InitDsaKey(NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_FreeDsaKey(&key);
#endif
return ret;
} /* END test_wc_InitDsaKey */
/*
* Testing wc_DsaSign() and wc_DsaVerify()
*/
static int test_wc_DsaSignVerify (void)
{
int ret = 0;
#if !defined(NO_DSA)
DsaKey key;
WC_RNG rng;
wc_Sha sha;
byte signature[DSA_SIG_SIZE];
byte hash[WC_SHA_DIGEST_SIZE];
word32 idx = 0;
word32 bytes;
int answer;
#ifdef USE_CERT_BUFFERS_1024
byte tmp[ONEK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
bytes = sizeof_dsa_key_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
byte tmp[TWOK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
bytes = sizeof_dsa_key_der_2048;
#else
byte tmp[TWOK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XFILE fp = XFOPEN("./certs/dsa2048.der", "rb");
if (fp == XBADFILE) {
return WOLFSSL_BAD_FILE;
}
bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
XFCLOSE(fp);
#endif /* END USE_CERT_BUFFERS_1024 */
ret = wc_InitSha(&sha);
if (ret == 0) {
ret = wc_ShaUpdate(&sha, tmp, bytes);
if (ret == 0) {
ret = wc_ShaFinal(&sha, hash);
}
if (ret == 0) {
ret = wc_InitDsaKey(&key);
}
if (ret == 0) {
ret = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes);
}
if (ret == 0) {
ret = wc_InitRng(&rng);
}
}
printf(testingFmt, "wc_DsaSign()");
/* Sign. */
if (ret == 0) {
ret = wc_DsaSign(hash, signature, &key, &rng);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_DsaSign(NULL, signature, &key, &rng);
if (ret == BAD_FUNC_ARG) {
ret = wc_DsaSign(hash, NULL, &key, &rng);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_DsaSign(hash, signature, NULL, &rng);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_DsaSign(hash, signature, &key, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (ret != 0) {
return ret;
}
/* Verify. */
printf(testingFmt, "wc_DsaVerify()");
ret = wc_DsaVerify(hash, signature, &key, &answer);
if (ret != 0 || answer != 1) {
ret = WOLFSSL_FATAL_ERROR;
} else {
ret = 0;
}
/* Pass in bad args. */
if (ret == 0) {
ret = wc_DsaVerify(NULL, signature, &key, &answer);
if (ret == BAD_FUNC_ARG) {
ret = wc_DsaVerify(hash, NULL, &key, &answer);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_DsaVerify(hash, signature, NULL, &answer);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_DsaVerify(hash, signature, &key, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#if !defined(HAVE_FIPS) && defined(WOLFSSL_PUBLIC_MP)
/* hard set q to 0 and test fail case */
mp_free(&key.q);
mp_init(&key.q);
AssertIntEQ(wc_DsaSign(hash, signature, &key, &rng), BAD_FUNC_ARG);
mp_set(&key.q, 1);
AssertIntEQ(wc_DsaSign(hash, signature, &key, &rng), BAD_FUNC_ARG);
#endif
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_FreeDsaKey(&key);
wc_ShaFree(&sha);
#endif
return ret;
} /* END test_wc_DsaSign */
/*
* Testing wc_DsaPrivateKeyDecode() and wc_DsaPublicKeyDecode()
*/
static int test_wc_DsaPublicPrivateKeyDecode (void)
{
int ret = 0;
#if !defined(NO_DSA)
DsaKey key;
word32 bytes;
word32 idx = 0;
int priv = WOLFSSL_FATAL_ERROR;
int pub = WOLFSSL_FATAL_ERROR;
#ifdef USE_CERT_BUFFERS_1024
byte tmp[ONEK_BUF];
XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
bytes = sizeof_dsa_key_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
byte tmp[TWOK_BUF];
XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
bytes = sizeof_dsa_key_der_2048;
#else
byte tmp[TWOK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XFILE fp = XFOPEN("./certs/dsa2048.der", "rb");
if (fp == XBADFILE)
{
return WOLFSSL_BAD_FILE;
}
bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
XFCLOSE(fp);
#endif /* END USE_CERT_BUFFERS_1024 */
ret = wc_InitDsaKey(&key);
printf(testingFmt, "wc_DsaPrivateKeyDecode()");
if (ret == 0) {
priv = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes);
/* Test bad args. */
if (priv == 0) {
priv = wc_DsaPrivateKeyDecode(NULL, &idx, &key, bytes);
if (priv == BAD_FUNC_ARG) {
priv = wc_DsaPrivateKeyDecode(tmp, NULL, &key, bytes);
}
if (priv == BAD_FUNC_ARG) {
priv = wc_DsaPrivateKeyDecode(tmp, &idx, NULL, bytes);
}
if (priv == BAD_FUNC_ARG) {
priv = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes);
}
if (priv == ASN_PARSE_E) {
priv = 0;
} else {
priv = WOLFSSL_FATAL_ERROR;
}
}
wc_FreeDsaKey(&key);
ret = wc_InitDsaKey(&key);
}
printf(resultFmt, priv == 0 ? passed : failed);
printf(testingFmt, "wc_DsaPublicKeyDecode()");
if (ret == 0) {
idx = 0; /* Reset */
pub = wc_DsaPublicKeyDecode(tmp, &idx, &key, bytes);
/* Test bad args. */
if (pub == 0) {
pub = wc_DsaPublicKeyDecode(NULL, &idx, &key, bytes);
if (pub == BAD_FUNC_ARG) {
pub = wc_DsaPublicKeyDecode(tmp, NULL, &key, bytes);
}
if (pub == BAD_FUNC_ARG) {
pub = wc_DsaPublicKeyDecode(tmp, &idx, NULL, bytes);
}
if (pub == BAD_FUNC_ARG) {
pub = wc_DsaPublicKeyDecode(tmp, &idx, &key, bytes);
}
if (pub == ASN_PARSE_E) {
pub = 0;
} else {
pub = WOLFSSL_FATAL_ERROR;
}
}
} /* END Public Key */
printf(resultFmt, pub == 0 ? passed : failed);
wc_FreeDsaKey(&key);
#endif
return ret;
} /* END test_wc_DsaPublicPrivateKeyDecode */
/*
* Testing wc_MakeDsaKey() and wc_MakeDsaParameters()
*/
static int test_wc_MakeDsaKey (void)
{
int ret = 0;
#if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
DsaKey genKey;
WC_RNG rng;
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&genKey, 0, sizeof(genKey));
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_InitDsaKey(&genKey);
}
printf(testingFmt, "wc_MakeDsaParameters()");
if (ret == 0) {
ret = wc_MakeDsaParameters(&rng, ONEK_BUF, &genKey);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_MakeDsaParameters(NULL, ONEK_BUF, &genKey);
if (ret == BAD_FUNC_ARG) {
ret = wc_MakeDsaParameters(&rng, ONEK_BUF, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_MakeDsaParameters(&rng, ONEK_BUF + 1, &genKey);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
printf(testingFmt, "wc_MakeDsaKey()");
if (ret == 0) {
ret = wc_MakeDsaKey(&rng, &genKey);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_MakeDsaKey(NULL, &genKey);
if (ret == BAD_FUNC_ARG) {
ret = wc_MakeDsaKey(&rng, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FAILURE;
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_FreeDsaKey(&genKey);
#endif
return ret;
} /* END test_wc_MakeDsaKey */
/*
* Testing wc_DsaKeyToDer()
*/
static int test_wc_DsaKeyToDer (void)
{
int ret = 0;
#if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
DsaKey genKey;
WC_RNG rng;
word32 bytes;
word32 idx = 0;
#ifdef USE_CERT_BUFFERS_1024
byte tmp[ONEK_BUF];
byte der[ONEK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XMEMSET(der, 0, sizeof(der));
XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
bytes = sizeof_dsa_key_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
byte tmp[TWOK_BUF];
byte der[TWOK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XMEMSET(der, 0, sizeof(der));
XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
bytes = sizeof_dsa_key_der_2048;
#else
byte tmp[TWOK_BUF];
byte der[TWOK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XMEMSET(der, 0, sizeof(der));
XFILE fp = XFOPEN("./certs/dsa2048.der", "rb");
if (fp == XBADFILE) {
return WOLFSSL_BAD_FILE;
}
bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
XFCLOSE(fp);
#endif /* END USE_CERT_BUFFERS_1024 */
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&genKey, 0, sizeof(genKey));
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_InitDsaKey(&genKey);
}
if (ret == 0) {
ret = wc_MakeDsaParameters(&rng, sizeof(tmp), &genKey);
if (ret == 0) {
wc_FreeDsaKey(&genKey);
ret = wc_InitDsaKey(&genKey);
}
}
if (ret == 0) {
ret = wc_DsaPrivateKeyDecode(tmp, &idx, &genKey, bytes);
}
printf(testingFmt, "wc_DsaKeyToDer()");
if (ret == 0) {
ret = wc_DsaKeyToDer(&genKey, der, bytes);
if ( ret >= 0 && ( ret = XMEMCMP(der, tmp, bytes) ) == 0 ) {
ret = 0;
}
}
/* Test bad args. */
if (ret == 0) {
ret = wc_DsaKeyToDer(NULL, der, FOURK_BUF);
if (ret == BAD_FUNC_ARG) {
ret = wc_DsaKeyToDer(&genKey, NULL, FOURK_BUF);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_FreeDsaKey(&genKey);
#endif /* !NO_DSA && WOLFSSL_KEY_GEN */
return ret;
} /* END test_wc_DsaKeyToDer */
/*
* Testing wc_DsaKeyToPublicDer()
* (indirectly testing setDsaPublicKey())
*/
static int test_wc_DsaKeyToPublicDer(void)
{
int ret = 0;
#ifndef HAVE_SELFTEST
#if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
DsaKey genKey;
WC_RNG rng;
byte* der;
word32 sz;
printf(testingFmt, "wc_DsaKeyToPublicDer()");
der = (byte*)XMALLOC(ONEK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (der == NULL) {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
ret = wc_InitDsaKey(&genKey);
}
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = wc_MakeDsaParameters(&rng, ONEK_BUF, &genKey);
}
if (ret == 0) {
ret = wc_MakeDsaKey(&rng, &genKey);
}
if (ret == 0) {
ret = wc_DsaKeyToPublicDer(&genKey, der, ONEK_BUF);
if (ret >= 0) {
sz = ret;
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (ret == 0) {
word32 idx = 0;
wc_FreeDsaKey(&genKey);
ret = wc_DsaPublicKeyDecode(der, &idx, &genKey, sz);
}
/* Test without the SubjectPublicKeyInfo header */
if (ret == 0) {
ret = wc_SetDsaPublicKey(der, &genKey, ONEK_BUF, 0);
if (ret >= 0) {
sz = ret;
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (ret == 0) {
word32 idx = 0;
wc_FreeDsaKey(&genKey);
ret = wc_DsaPublicKeyDecode(der, &idx, &genKey, sz);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_DsaKeyToPublicDer(NULL, der, FOURK_BUF);
if (ret == BAD_FUNC_ARG) {
ret = wc_DsaKeyToPublicDer(&genKey, NULL, FOURK_BUF);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
XFREE(der,NULL,DYNAMIC_TYPE_TMP_BUFFER);
wc_FreeDsaKey(&genKey);
#endif /* !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN) */
#endif /* HAVE_SELFTEST */
return ret;
} /* END test_wc_DsaKeyToPublicDer */
/*
* Testing wc_DsaImportParamsRaw()
*/
static int test_wc_DsaImportParamsRaw (void)
{
int ret = 0;
#if !defined(NO_DSA)
DsaKey key;
/* [mod = L=1024, N=160], from CAVP KeyPair */
const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d"
"4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c"
"5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6"
"52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71"
"47123188f8dc551054ee162b634d60f097f719076640e209"
"80a0093113a8bd73";
const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281";
const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822"
"138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e"
"b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786"
"07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c"
"61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0"
"76341a7e7d9";
/* invalid p and q parameters */
const char* invalidP = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d";
const char* invalidQ = "96c5390a";
printf(testingFmt, "wc_DsaImportParamsRaw()");
ret = wc_InitDsaKey(&key);
if (ret == 0) {
ret = wc_DsaImportParamsRaw(&key, p, q, g);
}
/* test bad args */
if (ret == 0) {
/* null key struct */
ret = wc_DsaImportParamsRaw(NULL, p, q, g);
if (ret == BAD_FUNC_ARG) {
/* null param pointers */
ret = wc_DsaImportParamsRaw(&key, NULL, NULL, NULL);
}
if (ret == BAD_FUNC_ARG) {
/* illegal p length */
ret = wc_DsaImportParamsRaw(&key, invalidP, q, g);
}
if (ret == BAD_FUNC_ARG) {
/* illegal q length */
ret = wc_DsaImportParamsRaw(&key, p, invalidQ, g);
if (ret == BAD_FUNC_ARG)
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_FreeDsaKey(&key);
#endif
return ret;
} /* END test_wc_DsaImportParamsRaw */
/*
* Testing wc_DsaImportParamsRawCheck()
*/
static int test_wc_DsaImportParamsRawCheck (void)
{
int ret = 0;
#if !defined(NO_DSA) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
DsaKey key;
int trusted = 0;
/* [mod = L=1024, N=160], from CAVP KeyPair */
const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d"
"4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c"
"5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6"
"52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71"
"47123188f8dc551054ee162b634d60f097f719076640e209"
"80a0093113a8bd73";
const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281";
const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822"
"138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e"
"b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786"
"07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c"
"61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0"
"76341a7e7d9";
/* invalid p and q parameters */
const char* invalidP = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d";
const char* invalidQ = "96c5390a";
printf(testingFmt, "wc_DsaImportParamsRawCheck()");
ret = wc_InitDsaKey(&key);
if (ret == 0) {
ret = wc_DsaImportParamsRawCheck(&key, p, q, g, trusted, NULL);
}
/* test bad args */
if (ret == 0) {
/* null key struct */
ret = wc_DsaImportParamsRawCheck(NULL, p, q, g, trusted, NULL);
if (ret == BAD_FUNC_ARG) {
/* null param pointers */
ret = wc_DsaImportParamsRawCheck(&key, NULL, NULL, NULL, trusted, NULL);
}
if (ret == BAD_FUNC_ARG) {
/* illegal p length */
ret = wc_DsaImportParamsRawCheck(&key, invalidP, q, g, trusted, NULL);
}
if (ret == BAD_FUNC_ARG) {
/* illegal q length */
ret = wc_DsaImportParamsRawCheck(&key, p, invalidQ, g, trusted, NULL);
if (ret == BAD_FUNC_ARG)
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_FreeDsaKey(&key);
#endif
return ret;
} /* END test_wc_DsaImportParamsRawCheck */
/*
* Testing wc_DsaExportParamsRaw()
*/
static int test_wc_DsaExportParamsRaw (void)
{
int ret = 0;
#if !defined(NO_DSA)
DsaKey key;
/* [mod = L=1024, N=160], from CAVP KeyPair */
const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d"
"4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c"
"5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6"
"52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71"
"47123188f8dc551054ee162b634d60f097f719076640e209"
"80a0093113a8bd73";
const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281";
const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822"
"138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e"
"b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786"
"07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c"
"61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0"
"76341a7e7d9";
const char* pCompare = "\xd3\x83\x11\xe2\xcd\x38\x8c\x3e\xd6\x98\xe8\x2f"
"\xdf\x88\xeb\x92\xb5\xa9\xa4\x83\xdc\x88\x00\x5d"
"\x4b\x72\x5e\xf3\x41\xea\xbb\x47\xcf\x8a\x7a\x8a"
"\x41\xe7\x92\xa1\x56\xb7\xce\x97\x20\x6c\x4f\x9c"
"\x5c\xe6\xfc\x5a\xe7\x91\x21\x02\xb6\xb5\x02\xe5"
"\x90\x50\xb5\xb2\x1c\xe2\x63\xdd\xdb\x20\x44\xb6"
"\x52\x23\x6f\x4d\x42\xab\x4b\x5d\x6a\xa7\x31\x89"
"\xce\xf1\xac\xe7\x78\xd7\x84\x5a\x5c\x1c\x1c\x71"
"\x47\x12\x31\x88\xf8\xdc\x55\x10\x54\xee\x16\x2b"
"\x63\x4d\x60\xf0\x97\xf7\x19\x07\x66\x40\xe2\x09"
"\x80\xa0\x09\x31\x13\xa8\xbd\x73";
const char* qCompare = "\x96\xc5\x39\x0a\x8b\x61\x2c\x0e\x42\x2b\xb2\xb0"
"\xea\x19\x4a\x3e\xc9\x35\xa2\x81";
const char* gCompare = "\x06\xb7\x86\x1a\xbb\xd3\x5c\xc8\x9e\x79\xc5\x2f"
"\x68\xd2\x08\x75\x38\x9b\x12\x73\x61\xca\x66\x82"
"\x21\x38\xce\x49\x91\xd2\xb8\x62\x25\x9d\x6b\x45"
"\x48\xa6\x49\x5b\x19\x5a\xa0\xe0\xb6\x13\x7c\xa3"
"\x7e\xb2\x3b\x94\x07\x4d\x3c\x3d\x30\x00\x42\xbd"
"\xf1\x57\x62\x81\x2b\x63\x33\xef\x7b\x07\xce\xba"
"\x78\x60\x76\x10\xfc\xc9\xee\x68\x49\x1d\xbc\x1e"
"\x34\xcd\x12\x61\x54\x74\xe5\x2b\x18\xbc\x93\x4f"
"\xb0\x0c\x61\xd3\x9e\x7d\xa8\x90\x22\x91\xc4\x43"
"\x4a\x4e\x22\x24\xc3\xf4\xfd\x9f\x93\xcd\x6f\x4f"
"\x17\xfc\x07\x63\x41\xa7\xe7\xd9";
byte pOut[MAX_DSA_PARAM_SIZE];
byte qOut[MAX_DSA_PARAM_SIZE];
byte gOut[MAX_DSA_PARAM_SIZE];
word32 pOutSz, qOutSz, gOutSz;
printf(testingFmt, "wc_DsaExportParamsRaw()");
ret = wc_InitDsaKey(&key);
if (ret == 0) {
/* first test using imported raw parameters, for expected */
ret = wc_DsaImportParamsRaw(&key, p, q, g);
}
if (ret == 0) {
pOutSz = sizeof(pOut);
qOutSz = sizeof(qOut);
gOutSz = sizeof(gOut);
ret = wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz,
gOut, &gOutSz);
}
if (ret == 0) {
/* validate exported parameters are correct */
if ((XMEMCMP(pOut, pCompare, pOutSz) != 0) ||
(XMEMCMP(qOut, qCompare, qOutSz) != 0) ||
(XMEMCMP(gOut, gCompare, gOutSz) != 0) ) {
ret = -1;
}
}
/* test bad args */
if (ret == 0) {
/* null key struct */
ret = wc_DsaExportParamsRaw(NULL, pOut, &pOutSz, qOut, &qOutSz,
gOut, &gOutSz);
if (ret == BAD_FUNC_ARG) {
/* null output pointers */
ret = wc_DsaExportParamsRaw(&key, NULL, &pOutSz, NULL, &qOutSz,
NULL, &gOutSz);
}
if (ret == LENGTH_ONLY_E) {
/* null output size pointers */
ret = wc_DsaExportParamsRaw(&key, pOut, NULL, qOut, NULL,
gOut, NULL);
}
if (ret == BAD_FUNC_ARG) {
/* p output buffer size too small */
pOutSz = 1;
ret = wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz,
gOut, &gOutSz);
pOutSz = sizeof(pOut);
}
if (ret == BUFFER_E) {
/* q output buffer size too small */
qOutSz = 1;
ret = wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz,
gOut, &gOutSz);
qOutSz = sizeof(qOut);
}
if (ret == BUFFER_E) {
/* g output buffer size too small */
gOutSz = 1;
ret = wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz,
gOut, &gOutSz);
if (ret == BUFFER_E)
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_FreeDsaKey(&key);
#endif
return ret;
} /* END test_wc_DsaExportParamsRaw */
/*
* Testing wc_DsaExportKeyRaw()
*/
static int test_wc_DsaExportKeyRaw (void)
{
int ret = 0;
#if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
DsaKey key;
WC_RNG rng;
byte xOut[MAX_DSA_PARAM_SIZE];
byte yOut[MAX_DSA_PARAM_SIZE];
word32 xOutSz, yOutSz;
printf(testingFmt, "wc_DsaExportKeyRaw()");
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_InitDsaKey(&key);
}
if (ret == 0) {
ret = wc_MakeDsaParameters(&rng, 1024, &key);
if (ret == 0) {
ret = wc_MakeDsaKey(&rng, &key);
}
}
/* try successful export */
if (ret == 0) {
xOutSz = sizeof(xOut);
yOutSz = sizeof(yOut);
ret = wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz);
}
/* test bad args */
if (ret == 0) {
/* null key struct */
ret = wc_DsaExportKeyRaw(NULL, xOut, &xOutSz, yOut, &yOutSz);
if (ret == BAD_FUNC_ARG) {
/* null output pointers */
ret = wc_DsaExportKeyRaw(&key, NULL, &xOutSz, NULL, &yOutSz);
}
if (ret == LENGTH_ONLY_E) {
/* null output size pointers */
ret = wc_DsaExportKeyRaw(&key, xOut, NULL, yOut, NULL);
}
if (ret == BAD_FUNC_ARG) {
/* x output buffer size too small */
xOutSz = 1;
ret = wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz);
xOutSz = sizeof(xOut);
}
if (ret == BUFFER_E) {
/* y output buffer size too small */
yOutSz = 1;
ret = wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz);
if (ret == BUFFER_E)
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_FreeDsaKey(&key);
wc_FreeRng(&rng);
#endif
return ret;
} /* END test_wc_DsaExportParamsRaw */
/*
* Testing wc_ed25519_make_key().
*/
static int test_wc_ed25519_make_key (void)
{
int ret = 0;
#if defined(HAVE_ED25519)
ed25519_key key;
WC_RNG rng;
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ed25519_init(&key);
}
printf(testingFmt, "wc_ed25519_make_key()");
if (ret == 0) {
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ed25519_make_key(NULL, ED25519_KEY_SIZE, &key);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE - 1, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE + 1, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ed25519_free(&key);
#endif
return ret;
} /* END test_wc_ed25519_make_key */
/*
* Testing wc_ed25519_init()
*/
static int test_wc_ed25519_init (void)
{
int ret = 0;
#if defined(HAVE_ED25519)
ed25519_key key;
printf(testingFmt, "wc_ed25519_init()");
ret = wc_ed25519_init(&key);
/* Test bad args. */
if (ret == 0) {
ret = wc_ed25519_init(NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_ed25519_free(&key);
#endif
return ret;
} /* END test_wc_ed25519_init */
/*
* Test wc_ed25519_sign_msg() and wc_ed25519_verify_msg()
*/
static int test_wc_ed25519_sign_msg (void)
{
int ret = 0;
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_SIGN)
WC_RNG rng;
ed25519_key key;
byte msg[] = "Everybody gets Friday off.\n";
byte sig[ED25519_SIG_SIZE];
word32 msglen = sizeof(msg);
word32 siglen = sizeof(sig);
word32 badSigLen = sizeof(sig) - 1;
#ifdef HAVE_ED25519_VERIFY
int verify_ok = 0; /*1 = Verify success.*/
#endif
/* Initialize stack variables. */
XMEMSET(sig, 0, siglen);
/* Initialize key. */
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ed25519_init(&key);
if (ret == 0) {
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
}
}
printf(testingFmt, "wc_ed25519_sign_msg()");
if (ret == 0) {
ret = wc_ed25519_sign_msg(msg, msglen, sig, &siglen, &key);
}
/* Test bad args. */
if (ret == 0 && siglen == ED25519_SIG_SIZE) {
ret = wc_ed25519_sign_msg(NULL, msglen, sig, &siglen, &key);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_sign_msg(msg, msglen, NULL, &siglen, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_sign_msg(msg, msglen, sig, NULL, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_sign_msg(msg, msglen, sig, &siglen, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_sign_msg(msg, msglen, sig, &badSigLen, &key);
}
if (ret == BUFFER_E && badSigLen == ED25519_SIG_SIZE) {
badSigLen -= 1;
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
} /* END sign */
printf(resultFmt, ret == 0 ? passed : failed);
#ifdef HAVE_ED25519_VERIFY
printf(testingFmt, "wc_ed25519_verify_msg()");
if (ret == 0) {
ret = wc_ed25519_verify_msg(sig, siglen, msg, msglen, &verify_ok, &key);
if (ret == 0 && verify_ok == 1) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
/* Test bad args. */
if (ret == 0) {
AssertIntEQ(wc_ed25519_verify_msg(sig, siglen - 1, msg,
msglen, &verify_ok, &key),
BAD_FUNC_ARG);
AssertIntEQ(wc_ed25519_verify_msg(sig, siglen + 1, msg,
msglen, &verify_ok, &key),
BAD_FUNC_ARG);
ret = wc_ed25519_verify_msg(NULL, siglen, msg, msglen, &verify_ok,
&key);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_verify_msg(sig, siglen, NULL, msglen,
&verify_ok, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_verify_msg(sig, siglen, msg, msglen,
NULL, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_verify_msg(sig, siglen, msg, msglen,
&verify_ok, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_verify_msg(sig, badSigLen, msg, msglen,
&verify_ok, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
} /* END verify. */
printf(resultFmt, ret == 0 ? passed : failed);
#endif /* Verify. */
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ed25519_free(&key);
#endif
return ret;
} /* END test_wc_ed25519_sign_msg */
/*
* Testing wc_ed25519_import_public()
*/
static int test_wc_ed25519_import_public (void)
{
int ret = 0;
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
WC_RNG rng;
ed25519_key pubKey;
const byte in[] = "Ed25519PublicKeyUnitTest......\n";
word32 inlen = sizeof(in);
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ed25519_init(&pubKey);
if (ret == 0) {
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &pubKey);
}
}
printf(testingFmt, "wc_ed25519_import_public()");
if (ret == 0) {
ret = wc_ed25519_import_public(in, inlen, &pubKey);
if (ret == 0 && XMEMCMP(in, pubKey.p, inlen) == 0) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ed25519_import_public(NULL, inlen, &pubKey);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_import_public(in, inlen, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_import_public(in, inlen - 1, &pubKey);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ed25519_free(&pubKey);
#endif
return ret;
} /* END wc_ed25519_import_public */
/*
* Testing wc_ed25519_import_private_key()
*/
static int test_wc_ed25519_import_private_key (void)
{
int ret = 0;
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
WC_RNG rng;
ed25519_key key;
const byte privKey[] = "Ed25519PrivateKeyUnitTest.....\n";
const byte pubKey[] = "Ed25519PublicKeyUnitTest......\n";
word32 privKeySz = sizeof(privKey);
word32 pubKeySz = sizeof(pubKey);
#ifdef HAVE_ED25519_KEY_EXPORT
byte bothKeys[sizeof(privKey) + sizeof(pubKey)];
word32 bothKeysSz = sizeof(bothKeys);
#endif
ret = wc_InitRng(&rng);
if (ret != 0) {
return ret;
}
ret = wc_ed25519_init(&key);
if (ret != 0) {
wc_FreeRng(&rng);
return ret;
}
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
printf(testingFmt, "wc_ed25519_import_private_key()");
if (ret == 0) {
ret = wc_ed25519_import_private_key(privKey, privKeySz, pubKey,
pubKeySz, &key);
if (ret == 0 && (XMEMCMP(pubKey, key.p, privKeySz) != 0
|| XMEMCMP(privKey, key.k, pubKeySz) != 0)) {
ret = WOLFSSL_FATAL_ERROR;
}
}
#ifdef HAVE_ED25519_KEY_EXPORT
if (ret == 0)
ret = wc_ed25519_export_private(&key, bothKeys, &bothKeysSz);
if (ret == 0) {
ret = wc_ed25519_import_private_key(bothKeys, bothKeysSz, NULL, 0, &key);
if (ret == 0 && (XMEMCMP(pubKey, key.p, privKeySz) != 0
|| XMEMCMP(privKey, key.k, pubKeySz) != 0)) {
ret = WOLFSSL_FATAL_ERROR;
}
}
#endif
/* Test bad args. */
if (ret == 0) {
ret = wc_ed25519_import_private_key(NULL, privKeySz, pubKey, pubKeySz,
&key);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_import_private_key(privKey, privKeySz, NULL,
pubKeySz, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_import_private_key(privKey, privKeySz, pubKey,
pubKeySz, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_import_private_key(privKey, privKeySz - 1, pubKey,
pubKeySz, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_import_private_key(privKey, privKeySz, pubKey,
pubKeySz - 1, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_import_private_key(privKey, privKeySz, NULL,
0, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ed25519_free(&key);
#endif
return ret;
} /* END test_wc_ed25519_import_private_key */
/*
* Testing wc_ed25519_export_public() and wc_ed25519_export_private_only()
*/
static int test_wc_ed25519_export (void)
{
int ret = 0;
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
WC_RNG rng;
ed25519_key key;
byte priv[ED25519_PRV_KEY_SIZE];
byte pub[ED25519_PUB_KEY_SIZE];
word32 privSz = sizeof(priv);
word32 pubSz = sizeof(pub);
ret = wc_InitRng(&rng);
if (ret != 0) {
return ret;
}
ret = wc_ed25519_init(&key);
if (ret != 0) {
wc_FreeRng(&rng);
return ret;
}
if (ret == 0) {
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
}
printf(testingFmt, "wc_ed25519_export_public()");
if (ret == 0) {
ret = wc_ed25519_export_public(&key, pub, &pubSz);
if (ret == 0 && (pubSz != ED25519_KEY_SIZE
|| XMEMCMP(key.p, pub, pubSz) != 0)) {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
ret = wc_ed25519_export_public(NULL, pub, &pubSz);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_export_public(&key, NULL, &pubSz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_export_public(&key, pub, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
printf(resultFmt, ret == 0 ? passed : failed);
printf(testingFmt, "wc_ed25519_export_private_only()");
if (ret == 0) {
ret = wc_ed25519_export_private_only(&key, priv, &privSz);
if (ret == 0 && (privSz != ED25519_KEY_SIZE
|| XMEMCMP(key.k, priv, privSz) != 0)) {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
ret = wc_ed25519_export_private_only(NULL, priv, &privSz);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_export_private_only(&key, NULL, &privSz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_export_private_only(&key, priv, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ed25519_free(&key);
#endif
return ret;
} /* END test_wc_ed25519_export */
/*
* Testing wc_ed25519_size()
*/
static int test_wc_ed25519_size (void)
{
int ret = 0;
#if defined(HAVE_ED25519)
WC_RNG rng;
ed25519_key key;
ret = wc_InitRng(&rng);
if (ret != 0) {
return ret;
}
ret = wc_ed25519_init(&key);
if (ret != 0) {
wc_FreeRng(&rng);
return ret;
}
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
if (ret != 0) {
wc_FreeRng(&rng);
wc_ed25519_free(&key);
return ret;
}
printf(testingFmt, "wc_ed25519_size()");
ret = wc_ed25519_size(&key);
/* Test bad args. */
if (ret == ED25519_KEY_SIZE) {
ret = wc_ed25519_size(NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (ret == 0) {
printf(testingFmt, "wc_ed25519_sig_size()");
ret = wc_ed25519_sig_size(&key);
if (ret == ED25519_SIG_SIZE) {
ret = 0;
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ed25519_sig_size(NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
} /* END wc_ed25519_sig_size() */
if (ret == 0) {
printf(testingFmt, "wc_ed25519_pub_size");
ret = wc_ed25519_pub_size(&key);
if (ret == ED25519_PUB_KEY_SIZE) {
ret = 0;
}
if (ret == 0) {
ret = wc_ed25519_pub_size(NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
} /* END wc_ed25519_pub_size */
if (ret == 0) {
printf(testingFmt, "wc_ed25519_priv_size");
ret = wc_ed25519_priv_size(&key);
if (ret == ED25519_PRV_KEY_SIZE) {
ret = 0;
}
if (ret == 0) {
ret = wc_ed25519_priv_size(NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
} /* END wc_ed25519_pub_size */
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ed25519_free(&key);
#endif
return ret;
} /* END test_wc_ed25519_size */
/*
* Testing wc_ed25519_export_private() and wc_ed25519_export_key()
*/
static int test_wc_ed25519_exportKey (void)
{
int ret = 0;
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
WC_RNG rng;
ed25519_key key;
byte priv[ED25519_PRV_KEY_SIZE];
byte pub[ED25519_PUB_KEY_SIZE];
byte privOnly[ED25519_PRV_KEY_SIZE];
word32 privSz = sizeof(priv);
word32 pubSz = sizeof(pub);
word32 privOnlySz = sizeof(privOnly);
ret = wc_InitRng(&rng);
if (ret != 0) {
return ret;
}
ret = wc_ed25519_init(&key);
if (ret != 0) {
wc_FreeRng(&rng);
return ret;
}
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
if (ret != 0) {
wc_FreeRng(&rng);
wc_ed25519_free(&key);
return ret;
}
printf(testingFmt, "wc_ed25519_export_private()");
ret = wc_ed25519_export_private(&key, privOnly, &privOnlySz);
if (ret == 0) {
ret = wc_ed25519_export_private(NULL, privOnly, &privOnlySz);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_export_private(&key, NULL, &privOnlySz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_export_private(&key, privOnly, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (ret == 0) {
printf(testingFmt, "wc_ed25519_export_key()");
ret = wc_ed25519_export_key(&key, priv, &privSz, pub, &pubSz);
if (ret == 0) {
ret = wc_ed25519_export_key(NULL, priv, &privSz, pub, &pubSz);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_export_key(&key, NULL, &privSz, pub, &pubSz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_export_key(&key, priv, NULL, pub, &pubSz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_export_key(&key, priv, &privSz, NULL, &pubSz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed25519_export_key(&key, priv, &privSz, pub, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
} /* END wc_ed25519_export_key() */
/* Cross check output. */
if (ret == 0 && XMEMCMP(priv, privOnly, privSz) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ed25519_free(&key);
#endif
return ret;
} /* END test_wc_ed25519_exportKey */
/*
* Testing wc_Ed25519PublicKeyToDer
*/
static int test_wc_Ed25519PublicKeyToDer (void)
{
int ret = 0;
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \
(defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
int tmp;
ed25519_key key;
byte derBuf[1024];
printf(testingFmt, "wc_Ed25519PublicKeyToDer()");
/* Test bad args */
tmp = wc_Ed25519PublicKeyToDer(NULL, NULL, 0, 0);
if (tmp != BAD_FUNC_ARG) {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
wc_ed25519_init(&key);
tmp = wc_Ed25519PublicKeyToDer(&key, derBuf, 0, 0);
if (tmp != BUFFER_E) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ed25519_free(&key);
}
/* Test good args */
if (ret == 0) {
WC_RNG rng;
ret = wc_InitRng(&rng);
if (ret != 0) {
return ret;
}
ret = wc_ed25519_init(&key);
if (ret != 0) {
wc_FreeRng(&rng);
return ret;
}
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
if (ret != 0) {
wc_FreeRng(&rng);
wc_ed25519_free(&key);
return ret;
}
tmp = wc_Ed25519PublicKeyToDer(&key, derBuf, 1024, 1);
if (tmp <= 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_FreeRng(&rng);
wc_ed25519_free(&key);
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END testing wc_Ed25519PublicKeyToDer */
/*
* Testing wc_curve25519_init and wc_curve25519_free.
*/
static int test_wc_curve25519_init (void)
{
int ret = 0;
#if defined(HAVE_CURVE25519)
curve25519_key key;
printf(testingFmt, "wc_curve25519_init()");
ret = wc_curve25519_init(&key);
/* Test bad args for wc_curve25519_init */
if (ret == 0) {
ret = wc_curve25519_init(NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
/* Test good args for wc_curve_25519_free */
wc_curve25519_free(&key);
wc_curve25519_free(NULL);
#endif
return ret;
} /* END test_wc_curve25519_init and wc_curve_25519_free*/
/*
* Testing test_wc_curve25519_size.
*/
static int test_wc_curve25519_size (void)
{
int ret = 0;
#if defined(HAVE_CURVE25519)
curve25519_key key;
printf(testingFmt, "wc_curve25519_size()");
ret = wc_curve25519_init(&key);
/* Test good args for wc_curve25519_size */
if (ret == 0) {
ret = wc_curve25519_size(&key);
}
/* Test bad args for wc_curve25519_size */
if (ret != 0) {
ret = wc_curve25519_size(NULL);
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_curve25519_free(&key);
#endif
return ret;
} /* END test_wc_curve25519_size*/
/*
* Testing test_wc_curve25519_export_key_raw().
*/
static int test_wc_curve25519_export_key_raw (void)
{
#if defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT)
curve25519_key key;
WC_RNG rng;
byte privateKey[CURVE25519_KEYSIZE];
byte publicKey[CURVE25519_KEYSIZE];
word32 prvkSz;
word32 pubkSz;
byte prik[CURVE25519_KEYSIZE];
byte pubk[CURVE25519_KEYSIZE];
word32 prksz;
word32 pbksz;
printf(testingFmt, "wc_curve25519_export_key_raw()");
if(0 != wc_InitRng(&rng)){
printf(testingFmt, "failed due to wc_InitRng");
fflush( stdout );
return 1;
}
if(0 != wc_curve25519_init(&key)){
printf(testingFmt, "failed due to wc_curve25519_init");
fflush( stdout );
wc_FreeRng(&rng);
return 1;
}
if(0 != wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key)){
printf(testingFmt, "failed due to wc_curve25519_make_key");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
/*
bad-argument-test cases
target function sould return BAD_FUNC_ARG
*/
prvkSz = CURVE25519_KEYSIZE;
pubkSz = CURVE25519_KEYSIZE;
if(BAD_FUNC_ARG != wc_curve25519_export_key_raw(
NULL , privateKey, &prvkSz, publicKey, &pubkSz)){
printf(testingFmt,"failed at bad-arg-case-1.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
prvkSz = CURVE25519_KEYSIZE;
pubkSz = CURVE25519_KEYSIZE;
if(BAD_FUNC_ARG != wc_curve25519_export_key_raw(
&key , NULL, &prvkSz, publicKey, &pubkSz)){
printf(testingFmt,"failed at bad-arg-case-2.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
prvkSz = CURVE25519_KEYSIZE;
pubkSz = CURVE25519_KEYSIZE;
if(BAD_FUNC_ARG != wc_curve25519_export_key_raw(
&key , privateKey, NULL, publicKey, &pubkSz)){
printf(testingFmt,"failed at bad-arg-case-3.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
/* prvkSz = CURVE25519_KEYSIZE; */
pubkSz = CURVE25519_KEYSIZE;
if(BAD_FUNC_ARG != wc_curve25519_export_key_raw(
&key , privateKey, &prvkSz, NULL, &pubkSz)){
printf(testingFmt,"failed at bad-arg-case-4.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
prvkSz = CURVE25519_KEYSIZE;
pubkSz = CURVE25519_KEYSIZE;
if(BAD_FUNC_ARG != wc_curve25519_export_key_raw(
&key , privateKey, &prvkSz, publicKey, NULL )){
printf(testingFmt,"failed at bad-arg-case-5.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
/*
cross-testing
*/
prksz = CURVE25519_KEYSIZE;
if( 0 != wc_curve25519_export_private_raw(&key, prik, &prksz)){
printf(testingFmt,"failed due to wc_curve25519_export_private_raw");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
pbksz = CURVE25519_KEYSIZE;
if(0 != wc_curve25519_export_public(&key, pubk, &pbksz)){
printf(testingFmt,"failed due to wc_curve25519_export_public");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
prvkSz = CURVE25519_KEYSIZE;
/* pubkSz = CURVE25519_KEYSIZE; */
if(0 != wc_curve25519_export_key_raw(&key, privateKey, &prvkSz,
publicKey, &pubkSz)){
printf(testingFmt,"failed due to wc_curve25519_export_key_raw");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
if((prksz == CURVE25519_KEYSIZE) &&
(pbksz == CURVE25519_KEYSIZE) &&
(prvkSz == CURVE25519_KEYSIZE) &&
(pubkSz == CURVE25519_KEYSIZE)){
if( 0 == XMEMCMP(privateKey, prik, CURVE25519_KEYSIZE) &&
0 == XMEMCMP(publicKey, pubk, CURVE25519_KEYSIZE)){
printf(resultFmt,passed);
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 0;
}
else{
printf(testingFmt,"failed due to key-contents-inconsistency.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
}
else{
printf(testingFmt,"failed due to bad-key-size.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
#endif
fflush( stdout );
return 0;
} /* end of test_wc_curve25519_export_key_raw */
/*
* Testing test_wc_curve25519_export_key_raw_ex().
*/
static int test_wc_curve25519_export_key_raw_ex (void)
{
#if defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT)
curve25519_key key;
WC_RNG rng;
byte privateKey[CURVE25519_KEYSIZE];
byte publicKey[CURVE25519_KEYSIZE];
word32 prvkSz;
word32 pubkSz;
byte prik[CURVE25519_KEYSIZE];
byte pubk[CURVE25519_KEYSIZE];
word32 prksz;
word32 pbksz;
printf(testingFmt, "wc_curve25519_export_key_raw_ex()");
if(0 != wc_InitRng(&rng)){
printf(testingFmt, "failed due to wc_InitRng");
fflush( stdout );
return 1;
}
if(0 != wc_curve25519_init(&key)){
printf(testingFmt, "failed due to wc_curve25519_init");
fflush( stdout );
wc_FreeRng(&rng);
return 1;
}
if(0 != wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key)){
printf(testingFmt, "failed due to wc_curve25519_make_key");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
/*
bad-argument-test cases
target function sould return BAD_FUNC_ARG
*/
prvkSz = CURVE25519_KEYSIZE;
pubkSz = CURVE25519_KEYSIZE;
if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( NULL , privateKey,
&prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN)){
printf(testingFmt,"failed at bad-arg-case-1.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
prvkSz = CURVE25519_KEYSIZE;
pubkSz = CURVE25519_KEYSIZE;
if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key , NULL,
&prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN)){
printf(testingFmt,"failed at bad-arg-case-2.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
prvkSz = CURVE25519_KEYSIZE;
pubkSz = CURVE25519_KEYSIZE;
if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key,privateKey,
NULL,publicKey, &pubkSz,EC25519_LITTLE_ENDIAN)){
printf(testingFmt,"failed at bad-arg-case-3.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
/* prvkSz = CURVE25519_KEYSIZE; */
pubkSz = CURVE25519_KEYSIZE;
if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
&prvkSz, NULL, &pubkSz, EC25519_LITTLE_ENDIAN)){
printf(testingFmt,"failed at bad-arg-case-4.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
prvkSz = CURVE25519_KEYSIZE;
pubkSz = CURVE25519_KEYSIZE;
if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
&prvkSz, publicKey, NULL, EC25519_LITTLE_ENDIAN)){
printf(testingFmt,"failed at bad-arg-case-5.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
prvkSz = CURVE25519_KEYSIZE;
/* pubkSz = CURVE25519_KEYSIZE; */
if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( NULL, privateKey,
&prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN)){
printf(testingFmt,"failed at bad-arg-case-6.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
prvkSz = CURVE25519_KEYSIZE;
pubkSz = CURVE25519_KEYSIZE;
if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, NULL, &prvkSz,
publicKey, &pubkSz, EC25519_BIG_ENDIAN)){
printf(testingFmt,"failed at bad-arg-case-7.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
prvkSz = CURVE25519_KEYSIZE;
pubkSz = CURVE25519_KEYSIZE;
if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
NULL, publicKey, &pubkSz, EC25519_BIG_ENDIAN)){
printf(testingFmt,"failed at bad-arg-case-8.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
/* prvkSz = CURVE25519_KEYSIZE; */
pubkSz = CURVE25519_KEYSIZE;
if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
&prvkSz, NULL, &pubkSz, EC25519_BIG_ENDIAN)){
printf(testingFmt,"failed at bad-arg-case-9.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
prvkSz = CURVE25519_KEYSIZE;
pubkSz = CURVE25519_KEYSIZE;
if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
&prvkSz, publicKey, NULL, EC25519_BIG_ENDIAN)){
printf(testingFmt,"failed at bad-arg-case-10.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
/* illegal value for endien */
prvkSz = CURVE25519_KEYSIZE;
/* pubkSz = CURVE25519_KEYSIZE; */
if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
&prvkSz, publicKey, NULL, EC25519_BIG_ENDIAN + 10 )){
printf(testingFmt,"failed at bad-arg-case-11.");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
/*
cross-testing
*/
prksz = CURVE25519_KEYSIZE;
if(0 != wc_curve25519_export_private_raw( &key, prik, &prksz )){
printf(testingFmt,"failed due to wc_curve25519_export_private_raw");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
pbksz = CURVE25519_KEYSIZE;
if(0 != wc_curve25519_export_public( &key, pubk, &pbksz )){
printf(testingFmt,"failed due to wc_curve25519_export_public");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
prvkSz = CURVE25519_KEYSIZE;
/* pubkSz = CURVE25519_KEYSIZE; */
if(0 != wc_curve25519_export_key_raw_ex( &key, privateKey, &prvkSz,
publicKey, &pubkSz, EC25519_BIG_ENDIAN)) {
printf(testingFmt,"failed due to wc_curve25519_export_key_raw_ex");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
if( prksz == CURVE25519_KEYSIZE &&
pbksz == CURVE25519_KEYSIZE &&
prvkSz == CURVE25519_KEYSIZE &&
pubkSz == CURVE25519_KEYSIZE ){
if( 0 == XMEMCMP( privateKey, prik, CURVE25519_KEYSIZE ) &&
0 == XMEMCMP( publicKey, pubk, CURVE25519_KEYSIZE )){
if( 0 == wc_curve25519_export_key_raw_ex( &key, privateKey,
&prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN)){
if( prvkSz == CURVE25519_KEYSIZE &&
pubkSz == CURVE25519_KEYSIZE ){
; /* proceed to the next test */
}
else{
printf(testingFmt,"failed due to key-size-inconsistency");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
}
else{
printf(testingFmt,
"failed due to wc_curve25519_export_key_raw_ex");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
}
else{
printf(testingFmt,"failed due to key-contents-inconsistency");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
}
else{
printf(testingFmt,"failed due to bad-key-size");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
/*
try once with another endian
*/
prvkSz = CURVE25519_KEYSIZE;
pubkSz = CURVE25519_KEYSIZE;
if( 0 == wc_curve25519_export_key_raw_ex( &key, privateKey,
&prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN)){
if( prvkSz == CURVE25519_KEYSIZE &&
pubkSz == CURVE25519_KEYSIZE ){
/* no more test*/
printf(resultFmt, passed );
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 0;
}
else{
printf(testingFmt,"failed due to key-size-inconsistency");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
}
else{
printf(testingFmt,
"failed due to wc_curve25519_export_key_raw_ex(BIGENDIAN)");
fflush( stdout );
wc_curve25519_free(&key);
wc_FreeRng(&rng);
return 1;
}
#else
return 0;
#endif
} /* end of test_wc_curve25519_export_key_raw_ex */
/*
* Testing wc_curve25519_make_key
*/
static int test_wc_curve25519_make_key (void)
{
int ret = 0;
#if defined(HAVE_CURVE25519)
WC_RNG rng;
curve25519_key key;
int keysize;
printf(testingFmt, "wc_curve25519_make_key()");
ret = wc_curve25519_init(&key);
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key);
if (ret == 0) {
keysize = wc_curve25519_size(&key);
if (keysize != CURVE25519_KEYSIZE) {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (ret == 0) {
ret = wc_curve25519_make_key(&rng, keysize, &key);
}
}
/*test bad cases*/
if (ret == 0) {
ret = wc_curve25519_make_key(NULL, 0, NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_make_key(&rng, keysize, NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_make_key(NULL, keysize, &key);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_make_key(&rng, 0, &key);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_curve25519_free(&key);
wc_FreeRng(&rng);
#endif
return ret;
} /*END test_wc_curve25519_make_key*/
/*
* Testing wc_curve25519_shared_secret_ex
*/
static int test_wc_curve25519_shared_secret_ex(void)
{
int ret = 0;
#if defined(HAVE_CURVE25519)
WC_RNG rng;
curve25519_key private_key, public_key;
byte out[CURVE25519_KEYSIZE];
word32 outLen = sizeof(out);
int endian = EC25519_BIG_ENDIAN;
printf(testingFmt, "wc_curve25519_shared_secret_ex()");
ret = wc_curve25519_init(&private_key);
if (ret == 0) {
ret = wc_curve25519_init(&public_key);
}
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &private_key);
}
if (ret == 0) {
ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &public_key);
}
if (ret == 0) {
ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
&outLen, endian);
}
/*test bad cases*/
if (ret == 0) {
ret = wc_curve25519_shared_secret_ex(NULL, NULL, NULL,
0, endian);
if (ret == 0) {
ret = -1;
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_shared_secret_ex(NULL, &public_key, out,
&outLen, endian);
if (ret == 0) {
ret = -1;
}
else if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_shared_secret_ex(&private_key, NULL, out,
&outLen, endian);
if (ret == 0) {
ret = -1;
}
else if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, NULL,
&outLen, endian);
if (ret == 0) {
ret = -1;
}
else if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
NULL, endian);
if (ret == 0) {
ret = -1;
}
else if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
/*curve25519.c is checking for public_key size less than or equal to 0x7f,
*increasing to 0x8f checks for error being returned*/
public_key.p.point[CURVE25519_KEYSIZE-1] = 0x8F;
ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
&outLen, endian);
if (ret == 0) {
ret = -1;
}
else if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
}
outLen = outLen - 2;
if (ret == 0) {
ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
&outLen, endian);
if (ret == 0) {
ret = -1;
}
else if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_curve25519_free(&private_key);
wc_curve25519_free(&public_key);
wc_FreeRng(&rng);
#endif
return ret;
} /*END test_wc_curve25519_shared_secret_ex*/
/*
* Testing wc_curve25519_make_pub
*/
static int test_wc_curve25519_make_pub(void)
{
int ret = 0;
#ifdef HAVE_CURVE25519
WC_RNG rng;
curve25519_key key;
byte out[CURVE25519_KEYSIZE];
printf(testingFmt, "wc_curve25519_make_pub()");
ret = wc_curve25519_init(&key);
if (ret == 0) {
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key);
}
}
if (ret == 0) {
ret = wc_curve25519_make_pub((int)sizeof(out), out, (int)sizeof(key.k), key.k);
}
/*test bad cases*/
if (ret == 0) {
ret = wc_curve25519_make_pub((int)sizeof(key.k) - 1, key.k, (int)sizeof out, out);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k), NULL);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_make_pub((int)sizeof out - 1, out, (int)sizeof(key.k), key.k);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_make_pub((int)sizeof out, NULL, (int)sizeof(key.k), key.k);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
}
if (ret == 0) {
/* verify clamping test */
key.k[0] |= ~248;
ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k), key.k);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
key.k[0] &= 248;
}
/* repeat the expected-to-succeed test. */
if (ret == 0) {
ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k), key.k);
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_curve25519_free(&key);
wc_FreeRng(&rng);
#endif
return ret;
} /*END test_wc_curve25519_make_pub */
/*
* Testing test_wc_curve25519_export_public_ex
*/
static int test_wc_curve25519_export_public_ex (void)
{
int ret = 0;
#if defined(HAVE_CURVE25519)
WC_RNG rng;
curve25519_key key;
byte out[CURVE25519_KEYSIZE];
word32 outLen = sizeof(out);
int endian = EC25519_BIG_ENDIAN;
printf(testingFmt, "wc_curve25519_export_public_ex()");
ret = wc_curve25519_init(&key);
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key);
if (ret == 0) {
ret = wc_curve25519_export_public(&key, out, &outLen);
}
if (ret == 0) {
ret = wc_curve25519_export_public_ex(&key, out, &outLen, endian);
}
}
/*test bad cases*/
if (ret == 0) {
ret = wc_curve25519_export_public_ex(NULL, NULL, NULL, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_export_public_ex(NULL, out, &outLen, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_export_public_ex(&key, NULL, &outLen, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_export_public_ex(&key, out, NULL, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
outLen = outLen - 2;
if (ret == 0) {
ret = wc_curve25519_export_public_ex(&key, out, &outLen, endian);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_curve25519_free(&key);
wc_FreeRng(&rng);
#endif
return ret;
} /*END test_wc_curve25519_export_public_ex*/
/*
* Testing test_wc_curve25519_import_private_raw_ex
*/
static int test_wc_curve25519_import_private_raw_ex (void)
{
int ret = 0;
#if defined(HAVE_CURVE25519)
WC_RNG rng;
curve25519_key key;
byte priv[CURVE25519_KEYSIZE];
byte pub[CURVE25519_KEYSIZE];
word32 privSz = sizeof(priv);
word32 pubSz = sizeof(pub);
int endian = EC25519_BIG_ENDIAN;
printf(testingFmt, "wc_curve25519_import_private_raw_ex()");
ret = wc_curve25519_init(&key);
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key);
if (ret == 0) {
ret = wc_curve25519_export_private_raw_ex(&key, priv, &privSz, endian);
}
if (ret == 0) {
ret = wc_curve25519_export_public(&key, pub, &pubSz);
}
if (ret == 0) {
ret = wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz,
&key, endian);
}
}
/*test bad cases*/
if (ret == 0) {
ret = wc_curve25519_import_private_raw_ex(NULL, 0, NULL, 0, NULL,
endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_import_private_raw_ex(NULL, privSz, pub, pubSz,
&key, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_import_private_raw_ex(priv, privSz, NULL, pubSz,
&key, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz,
NULL, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_import_private_raw_ex(priv, 0, pub, pubSz,
&key, endian);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_import_private_raw_ex(priv, privSz, pub, 0,
&key, endian);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz,
&key, EC25519_LITTLE_ENDIAN);
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_curve25519_free(&key);
wc_FreeRng(&rng);
#endif
return ret;
} /*END test_wc_curve25519_import_private_raw_ex*/
/*
* Testing test_wc_curve25519_import_private
*/
static int test_wc_curve25519_import_private (void)
{
int ret = 0;
#if defined(HAVE_CURVE25519)
curve25519_key key;
WC_RNG rng;
byte priv[CURVE25519_KEYSIZE];
word32 privSz = sizeof(priv);
printf(testingFmt, "wc_curve25519_import_private()");
ret = wc_curve25519_init(&key);
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key);
if (ret == 0) {
ret = wc_curve25519_export_private_raw(&key, priv, &privSz);
}
}
if (ret == 0) {
ret = wc_curve25519_import_private(priv, privSz, &key);
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_curve25519_free(&key);
wc_FreeRng(&rng);
#endif
return ret;
} /*END test_wc_curve25519_import*/
/*
* Testing test_wc_curve25519_export_private_raw_ex
*/
static int test_wc_curve25519_export_private_raw_ex (void)
{
int ret = 0;
#if defined(HAVE_CURVE25519)
curve25519_key key;
byte out[CURVE25519_KEYSIZE];
word32 outLen = sizeof(out);
int endian = EC25519_BIG_ENDIAN;
printf(testingFmt, "wc_curve25519_export_private_raw_ex()");
ret = wc_curve25519_init(&key);
if (ret == 0) {
ret = wc_curve25519_export_private_raw_ex(&key, out, &outLen, endian);
}
/*test bad cases*/
if (ret == 0) {
ret = wc_curve25519_export_private_raw_ex(NULL, NULL, NULL, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_export_private_raw_ex(NULL, out, &outLen, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_export_private_raw_ex(&key, NULL, &outLen, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_export_private_raw_ex(&key, out, NULL, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve25519_export_private_raw_ex(&key, out, &outLen,
EC25519_LITTLE_ENDIAN);
}
outLen = outLen - 2;
if (ret == 0) {
ret = wc_curve25519_export_private_raw_ex(&key, out, &outLen, endian);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_curve25519_free(&key);
#endif
return ret;
}/*END test_wc_curve25519_export_private_raw_ex*/
/*
* Testing wc_ed448_make_key().
*/
static int test_wc_ed448_make_key (void)
{
int ret = 0;
#if defined(HAVE_ED448)
ed448_key key;
WC_RNG rng;
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ed448_init(&key);
}
printf(testingFmt, "wc_ed448_make_key()");
if (ret == 0) {
ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ed448_make_key(NULL, ED448_KEY_SIZE, &key);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE - 1, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE + 1, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ed448_free(&key);
#endif
return ret;
} /* END test_wc_ed448_make_key */
/*
* Testing wc_ed448_init()
*/
static int test_wc_ed448_init (void)
{
int ret = 0;
#if defined(HAVE_ED448)
ed448_key key;
printf(testingFmt, "wc_ed448_init()");
ret = wc_ed448_init(&key);
/* Test bad args. */
if (ret == 0) {
ret = wc_ed448_init(NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_ed448_free(&key);
#endif
return ret;
} /* END test_wc_ed448_init */
/*
* Test wc_ed448_sign_msg() and wc_ed448_verify_msg()
*/
static int test_wc_ed448_sign_msg (void)
{
int ret = 0;
#if defined(HAVE_ED448) && defined(HAVE_ED448_SIGN)
WC_RNG rng;
ed448_key key;
byte msg[] = "Everybody gets Friday off.\n";
byte sig[ED448_SIG_SIZE];
word32 msglen = sizeof(msg);
word32 siglen = sizeof(sig);
word32 badSigLen = sizeof(sig) - 1;
#ifdef HAVE_ED448_VERIFY
int verify_ok = 0; /*1 = Verify success.*/
#endif
/* Initialize stack variables. */
XMEMSET(sig, 0, siglen);
/* Initialize key. */
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ed448_init(&key);
if (ret == 0) {
ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
}
}
printf(testingFmt, "wc_ed448_sign_msg()");
if (ret == 0) {
ret = wc_ed448_sign_msg(msg, msglen, sig, &siglen, &key, NULL, 0);
}
/* Test bad args. */
if (ret == 0 && siglen == ED448_SIG_SIZE) {
ret = wc_ed448_sign_msg(NULL, msglen, sig, &siglen, &key, NULL, 0);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_sign_msg(msg, msglen, NULL, &siglen, &key, NULL, 0);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_sign_msg(msg, msglen, sig, NULL, &key, NULL, 0);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_sign_msg(msg, msglen, sig, &siglen, NULL, NULL, 0);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_sign_msg(msg, msglen, sig, &badSigLen, &key,
NULL, 0);
}
if (ret == BUFFER_E && badSigLen == ED448_SIG_SIZE) {
badSigLen -= 1;
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
} /* END sign */
printf(resultFmt, ret == 0 ? passed : failed);
#ifdef HAVE_ED448_VERIFY
printf(testingFmt, "wc_ed448_verify_msg()");
if (ret == 0) {
ret = wc_ed448_verify_msg(sig, siglen, msg, msglen, &verify_ok,
&key, NULL, 0);
if (ret == 0 && verify_ok == 1) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
/* Test bad args. */
if (ret == 0) {
AssertIntEQ(wc_ed448_verify_msg(sig, siglen - 1, msg,
msglen, &verify_ok, &key,
NULL, 0),
BAD_FUNC_ARG);
AssertIntEQ(wc_ed448_verify_msg(sig, siglen + 1, msg,
msglen, &verify_ok, &key,
NULL, 0),
BAD_FUNC_ARG);
ret = wc_ed448_verify_msg(NULL, siglen, msg, msglen, &verify_ok,
&key, NULL, 0);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_verify_msg(sig, siglen, NULL, msglen,
&verify_ok, &key, NULL, 0);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_verify_msg(sig, siglen, msg, msglen,
NULL, &key, NULL, 0);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_verify_msg(sig, siglen, msg, msglen,
&verify_ok, NULL, NULL, 0);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_verify_msg(sig, badSigLen, msg, msglen,
&verify_ok, &key, NULL, 0);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
} /* END verify. */
printf(resultFmt, ret == 0 ? passed : failed);
#endif /* Verify. */
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ed448_free(&key);
#endif
return ret;
} /* END test_wc_ed448_sign_msg */
/*
* Testing wc_ed448_import_public()
*/
static int test_wc_ed448_import_public (void)
{
int ret = 0;
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
WC_RNG rng;
ed448_key pubKey;
const byte in[] =
"Ed448PublicKeyUnitTest.................................\n";
word32 inlen = sizeof(in);
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ed448_init(&pubKey);
if (ret == 0) {
ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &pubKey);
}
}
printf(testingFmt, "wc_ed448_import_public()");
if (ret == 0) {
ret = wc_ed448_import_public(in, inlen, &pubKey);
if (ret == 0 && XMEMCMP(in, pubKey.p, inlen) == 0) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ed448_import_public(NULL, inlen, &pubKey);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_import_public(in, inlen, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_import_public(in, inlen - 1, &pubKey);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ed448_free(&pubKey);
#endif
return ret;
} /* END wc_ed448_import_public */
/*
* Testing wc_ed448_import_private_key()
*/
static int test_wc_ed448_import_private_key (void)
{
int ret = 0;
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
WC_RNG rng;
ed448_key key;
const byte privKey[] =
"Ed448PrivateKeyUnitTest................................\n";
const byte pubKey[] =
"Ed448PublicKeyUnitTest.................................\n";
word32 privKeySz = sizeof(privKey);
word32 pubKeySz = sizeof(pubKey);
#ifdef HAVE_ED448_KEY_EXPORT
byte bothKeys[sizeof(privKey) + sizeof(pubKey)];
word32 bothKeysSz = sizeof(bothKeys);
#endif
ret = wc_InitRng(&rng);
if (ret != 0) {
return ret;
}
ret = wc_ed448_init(&key);
if (ret != 0) {
wc_FreeRng(&rng);
return ret;
}
ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
printf(testingFmt, "wc_ed448_import_private_key()");
if (ret == 0) {
ret = wc_ed448_import_private_key(privKey, privKeySz, pubKey, pubKeySz,
&key);
if (ret == 0 && (XMEMCMP(pubKey, key.p, privKeySz) != 0 ||
XMEMCMP(privKey, key.k, pubKeySz) != 0)) {
ret = WOLFSSL_FATAL_ERROR;
}
}
#ifdef HAVE_ED448_KEY_EXPORT
if (ret == 0)
ret = wc_ed448_export_private(&key, bothKeys, &bothKeysSz);
if (ret == 0) {
ret = wc_ed448_import_private_key(bothKeys, bothKeysSz, NULL, 0, &key);
if (ret == 0 && (XMEMCMP(pubKey, key.p, privKeySz) != 0 ||
XMEMCMP(privKey, key.k, pubKeySz) != 0)) {
ret = WOLFSSL_FATAL_ERROR;
}
}
#endif
/* Test bad args. */
if (ret == 0) {
ret = wc_ed448_import_private_key(NULL, privKeySz, pubKey, pubKeySz,
&key);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_import_private_key(privKey, privKeySz, NULL,
pubKeySz, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_import_private_key(privKey, privKeySz, pubKey,
pubKeySz, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_import_private_key(privKey, privKeySz - 1, pubKey,
pubKeySz, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_import_private_key(privKey, privKeySz, pubKey,
pubKeySz - 1, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_import_private_key(privKey, privKeySz, NULL,
0, &key);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ed448_free(&key);
#endif
return ret;
} /* END test_wc_ed448_import_private_key */
/*
* Testing wc_ed448_export_public() and wc_ed448_export_private_only()
*/
static int test_wc_ed448_export (void)
{
int ret = 0;
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
WC_RNG rng;
ed448_key key;
byte priv[ED448_PRV_KEY_SIZE];
byte pub[ED448_PUB_KEY_SIZE];
word32 privSz = sizeof(priv);
word32 pubSz = sizeof(pub);
ret = wc_InitRng(&rng);
if (ret != 0) {
return ret;
}
ret = wc_ed448_init(&key);
if (ret != 0) {
wc_FreeRng(&rng);
return ret;
}
if (ret == 0) {
ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
}
printf(testingFmt, "wc_ed448_export_public()");
if (ret == 0) {
ret = wc_ed448_export_public(&key, pub, &pubSz);
if (ret == 0 && (pubSz != ED448_KEY_SIZE ||
XMEMCMP(key.p, pub, pubSz) != 0)) {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
ret = wc_ed448_export_public(NULL, pub, &pubSz);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_export_public(&key, NULL, &pubSz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_export_public(&key, pub, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
printf(resultFmt, ret == 0 ? passed : failed);
printf(testingFmt, "wc_ed448_export_private_only()");
if (ret == 0) {
ret = wc_ed448_export_private_only(&key, priv, &privSz);
if (ret == 0 && (privSz != ED448_KEY_SIZE ||
XMEMCMP(key.k, priv, privSz) != 0)) {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
ret = wc_ed448_export_private_only(NULL, priv, &privSz);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_export_private_only(&key, NULL, &privSz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_export_private_only(&key, priv, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ed448_free(&key);
#endif
return ret;
} /* END test_wc_ed448_export */
/*
* Testing wc_ed448_size()
*/
static int test_wc_ed448_size (void)
{
int ret = 0;
#if defined(HAVE_ED448)
WC_RNG rng;
ed448_key key;
ret = wc_InitRng(&rng);
if (ret != 0) {
return ret;
}
ret = wc_ed448_init(&key);
if (ret != 0) {
wc_FreeRng(&rng);
return ret;
}
ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
if (ret != 0) {
wc_FreeRng(&rng);
wc_ed448_free(&key);
return ret;
}
printf(testingFmt, "wc_ed448_size()");
ret = wc_ed448_size(&key);
/* Test bad args. */
if (ret == ED448_KEY_SIZE) {
ret = wc_ed448_size(NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (ret == 0) {
printf(testingFmt, "wc_ed448_sig_size()");
ret = wc_ed448_sig_size(&key);
if (ret == ED448_SIG_SIZE) {
ret = 0;
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ed448_sig_size(NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
} /* END wc_ed448_sig_size() */
if (ret == 0) {
printf(testingFmt, "wc_ed448_pub_size");
ret = wc_ed448_pub_size(&key);
if (ret == ED448_PUB_KEY_SIZE) {
ret = 0;
}
if (ret == 0) {
ret = wc_ed448_pub_size(NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
} /* END wc_ed448_pub_size */
if (ret == 0) {
printf(testingFmt, "wc_ed448_priv_size");
ret = wc_ed448_priv_size(&key);
if (ret == ED448_PRV_KEY_SIZE) {
ret = 0;
}
if (ret == 0) {
ret = wc_ed448_priv_size(NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
} /* END wc_ed448_pub_size */
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ed448_free(&key);
#endif
return ret;
} /* END test_wc_ed448_size */
/*
* Testing wc_ed448_export_private() and wc_ed448_export_key()
*/
static int test_wc_ed448_exportKey (void)
{
int ret = 0;
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
WC_RNG rng;
ed448_key key;
byte priv[ED448_PRV_KEY_SIZE];
byte pub[ED448_PUB_KEY_SIZE];
byte privOnly[ED448_PRV_KEY_SIZE];
word32 privSz = sizeof(priv);
word32 pubSz = sizeof(pub);
word32 privOnlySz = sizeof(privOnly);
ret = wc_InitRng(&rng);
if (ret != 0) {
return ret;
}
ret = wc_ed448_init(&key);
if (ret != 0) {
wc_FreeRng(&rng);
return ret;
}
ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
if (ret != 0) {
wc_FreeRng(&rng);
wc_ed448_free(&key);
return ret;
}
printf(testingFmt, "wc_ed448_export_private()");
ret = wc_ed448_export_private(&key, privOnly, &privOnlySz);
if (ret == 0) {
ret = wc_ed448_export_private(NULL, privOnly, &privOnlySz);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_export_private(&key, NULL, &privOnlySz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_export_private(&key, privOnly, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (ret == 0) {
printf(testingFmt, "wc_ed448_export_key()");
ret = wc_ed448_export_key(&key, priv, &privSz, pub, &pubSz);
if (ret == 0) {
ret = wc_ed448_export_key(NULL, priv, &privSz, pub, &pubSz);
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_export_key(&key, NULL, &privSz, pub, &pubSz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_export_key(&key, priv, NULL, pub, &pubSz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_export_key(&key, priv, &privSz, NULL, &pubSz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ed448_export_key(&key, priv, &privSz, pub, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
} /* END wc_ed448_export_key() */
/* Cross check output. */
if (ret == 0 && XMEMCMP(priv, privOnly, privSz) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ed448_free(&key);
#endif
return ret;
} /* END test_wc_ed448_exportKey */
/*
* Testing wc_Ed448PublicKeyToDer
*/
static int test_wc_Ed448PublicKeyToDer (void)
{
int ret = 0;
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \
(defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
int tmp;
ed448_key key;
byte derBuf[1024];
printf(testingFmt, "wc_Ed448PublicKeyToDer()");
/* Test bad args */
tmp = wc_Ed448PublicKeyToDer(NULL, NULL, 0, 0);
if (tmp != BAD_FUNC_ARG) {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
wc_ed448_init(&key);
tmp = wc_Ed448PublicKeyToDer(&key, derBuf, 0, 0);
if (tmp != BUFFER_E) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ed448_free(&key);
}
/* Test good args */
if (ret == 0) {
WC_RNG rng;
ret = wc_InitRng(&rng);
if (ret != 0) {
return ret;
}
ret = wc_ed448_init(&key);
if (ret != 0) {
wc_FreeRng(&rng);
return ret;
}
ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
if (ret != 0) {
wc_FreeRng(&rng);
wc_ed448_free(&key);
return ret;
}
tmp = wc_Ed448PublicKeyToDer(&key, derBuf, 1024, 1);
if (tmp <= 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_FreeRng(&rng);
wc_ed448_free(&key);
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END testing wc_Ed448PublicKeyToDer */
/*
* Testing wc_curve448_init and wc_curve448_free.
*/
static int test_wc_curve448_init (void)
{
int ret = 0;
#if defined(HAVE_CURVE448)
curve448_key key;
printf(testingFmt, "wc_curve448_init()");
ret = wc_curve448_init(&key);
/* Test bad args for wc_curve448_init */
if (ret == 0) {
ret = wc_curve448_init(NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
/* Test good args for wc_curve_448_free */
wc_curve448_free(&key);
wc_curve448_free(NULL);
#endif
return ret;
} /* END test_wc_curve448_init and wc_curve_448_free*/
/*
* Testing wc_curve448_make_key
*/
static int test_wc_curve448_make_key (void)
{
int ret = 0;
#if defined(HAVE_CURVE448)
WC_RNG rng;
curve448_key key;
int keysize;
printf(testingFmt, "wc_curve448_make_key()");
ret = wc_curve448_init(&key);
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key);
if (ret == 0) {
keysize = wc_curve448_size(&key);
if (keysize != CURVE448_KEY_SIZE) {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (ret == 0) {
ret = wc_curve448_make_key(&rng, keysize, &key);
}
}
/*test bad cases*/
if (ret == 0) {
ret = wc_curve448_make_key(NULL, 0, NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_make_key(&rng, keysize, NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_make_key(NULL, keysize, &key);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_make_key(&rng, 0, &key);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
}
if (wc_FreeRng(&rng) != 0 && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_curve448_free(&key);
#endif
return ret;
} /*END test_wc_curve448_make_key*/
/*
* Testing test_wc_curve448_shared_secret_ex
*/
static int test_wc_curve448_shared_secret_ex (void)
{
int ret = 0;
#if defined(HAVE_CURVE448)
WC_RNG rng;
curve448_key private_key, public_key;
byte out[CURVE448_KEY_SIZE];
word32 outLen = sizeof(out);
int endian = EC448_BIG_ENDIAN;
printf(testingFmt, "wc_curve448_shared_secret_ex()");
ret = wc_curve448_init(&private_key);
if (ret == 0) {
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &private_key);
}
}
if (ret == 0) {
ret = wc_curve448_init(&public_key);
}
if (ret == 0) {
if (ret == 0) {
ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &public_key);
}
}
if (ret == 0) {
ret = wc_curve448_shared_secret_ex(&private_key, &public_key, out,
&outLen, endian);
}
/*test bad cases*/
if (ret == 0) {
ret = wc_curve448_shared_secret_ex(NULL, NULL, NULL,
0, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_shared_secret_ex(NULL, &public_key, out,
&outLen, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_shared_secret_ex(&private_key, NULL, out,
&outLen, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_shared_secret_ex(&private_key, &public_key, NULL,
&outLen, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_shared_secret_ex(&private_key, &public_key, out,
NULL, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
outLen = outLen - 2;
if (ret == 0) {
ret = wc_curve448_shared_secret_ex(&private_key, &public_key, out,
&outLen, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_curve448_free(&private_key);
wc_curve448_free(&public_key);
wc_FreeRng(&rng);
#endif
return ret;
} /*END test_wc_curve448_shared_secret_ex*/
/*
* Testing test_wc_curve448_export_public_ex
*/
static int test_wc_curve448_export_public_ex (void)
{
int ret = 0;
#if defined(HAVE_CURVE448)
WC_RNG rng;
curve448_key key;
byte out[CURVE448_KEY_SIZE];
word32 outLen = sizeof(out);
int endian = EC448_BIG_ENDIAN;
printf(testingFmt, "wc_curve448_export_public_ex()");
ret = wc_curve448_init(&key);
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key);
if (ret == 0){
ret = wc_curve448_export_public(&key, out, &outLen);
}
if (ret == 0) {
ret = wc_curve448_export_public_ex(&key, out, &outLen, endian);
}
}
/*test bad cases*/
if (ret == 0) {
ret = wc_curve448_export_public_ex(NULL, NULL, NULL, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_export_public_ex(NULL, out, &outLen, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_export_public_ex(&key, NULL, &outLen, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_export_public_ex(&key, out, NULL, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
outLen = outLen - 2;
if (ret == 0) {
ret = wc_curve448_export_public_ex(&key, out, &outLen, endian);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_curve448_free(&key);
wc_FreeRng(&rng);
#endif
return ret;
} /*END test_wc_curve448_export_public_ex*/
/*
* Testing test_wc_curve448_export_private_raw_ex
*/
static int test_wc_curve448_export_private_raw_ex (void)
{
int ret = 0;
#if defined(HAVE_CURVE448)
curve448_key key;
byte out[CURVE448_KEY_SIZE];
word32 outLen = sizeof(out);
int endian = EC448_BIG_ENDIAN;
printf(testingFmt, "wc_curve448_export_private_raw_ex()");
ret = wc_curve448_init(&key);
if (ret == 0) {
ret = wc_curve448_export_private_raw_ex(&key, out, &outLen, endian);
}
/*test bad cases*/
if (ret == 0) {
ret = wc_curve448_export_private_raw_ex(NULL, NULL, NULL, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_export_private_raw_ex(NULL, out, &outLen, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_export_private_raw_ex(&key, NULL, &outLen, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_export_private_raw_ex(&key, out, NULL, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_export_private_raw_ex(&key, out, &outLen,
EC448_LITTLE_ENDIAN);
}
outLen = outLen - 2;
if (ret == 0) {
ret = wc_curve448_export_private_raw_ex(&key, out, &outLen, endian);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_curve448_free(&key);
#endif
return ret;
}/*END test_wc_curve448_export_private_raw_ex*/
/*
* Testing test_wc_curve448_import_private_raw_ex
*/
static int test_wc_curve448_import_private_raw_ex (void)
{
int ret = 0;
#if defined(HAVE_CURVE448)
WC_RNG rng;
curve448_key key;
byte priv[CURVE448_KEY_SIZE];
byte pub[CURVE448_KEY_SIZE];
word32 privSz = sizeof(priv);
word32 pubSz = sizeof(pub);
int endian = EC448_BIG_ENDIAN;
printf(testingFmt, "wc_curve448_import_private_raw_ex()");
ret = wc_curve448_init(&key);
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key);
if (ret == 0){
ret = wc_curve448_export_private_raw(&key, priv, &privSz);
}
if (ret == 0){
ret = wc_curve448_export_public(&key, pub, &pubSz);
}
if (ret == 0) {
ret = wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz,
&key, endian);
}
}
/*test bad cases*/
if (ret == 0) {
ret = wc_curve448_import_private_raw_ex(NULL, 0, NULL, 0, NULL, 0);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_import_private_raw_ex(NULL, privSz, pub, pubSz,
&key, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_import_private_raw_ex(priv, privSz, NULL, pubSz,
&key, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz,
NULL, endian);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_import_private_raw_ex(priv, 0, pub, pubSz,
&key, endian);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_import_private_raw_ex(priv, privSz, pub, 0,
&key, endian);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz,
&key, EC448_LITTLE_ENDIAN);
}
if (wc_FreeRng(&rng) != 0 && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_curve448_free(&key);
#endif
return ret;
} /*END test_wc_curve448_import_private_raw_ex*/
/*
* Testing test_curve448_export_key_raw
*/
static int test_wc_curve448_export_key_raw (void)
{
int ret = 0;
#if defined(HAVE_CURVE448)
WC_RNG rng;
curve448_key key;
byte priv[CURVE448_KEY_SIZE];
byte pub[CURVE448_KEY_SIZE];
word32 privSz = sizeof(priv);
word32 pubSz = sizeof(pub);
printf(testingFmt, "wc_curve448_export_key_raw()");
ret = wc_curve448_init(&key);
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key);
if (ret == 0) {
ret = wc_curve448_export_private_raw(&key, priv, &privSz);
}
if (ret == 0) {
ret = wc_curve448_export_public(&key, pub, &pubSz);
}
if (ret == 0) {
ret = wc_curve448_export_key_raw(&key, priv, &privSz, pub, &pubSz);
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_curve448_free(&key);
wc_FreeRng(&rng);
#endif
return ret;
}/*END test_wc_curve448_import_private_raw_ex*/
/*
* Testing test_wc_curve448_import_private
*/
static int test_wc_curve448_import_private (void)
{
int ret = 0;
#if defined(HAVE_CURVE448)
curve448_key key;
WC_RNG rng;
byte priv[CURVE448_KEY_SIZE];
word32 privSz = sizeof(priv);
printf(testingFmt, "wc_curve448_import_private()");
ret = wc_curve448_init(&key);
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key);
if (ret == 0) {
ret = wc_curve448_export_private_raw(&key, priv, &privSz);
}
}
if (ret == 0) {
ret = wc_curve448_import_private(priv, privSz, &key);
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_curve448_free(&key);
wc_FreeRng(&rng);
#endif
return ret;
} /*END test_wc_curve448_import*/
/*
* Testing test_wc_curve448_size.
*/
static int test_wc_curve448_size (void)
{
int ret = 0;
#if defined(HAVE_CURVE448)
curve448_key key;
printf(testingFmt, "wc_curve448_size()");
ret = wc_curve448_init(&key);
/* Test good args for wc_curve448_size */
if (ret == 0) {
ret = wc_curve448_size(&key);
}
/* Test bad args for wc_curve448_size */
if (ret != 0) {
ret = wc_curve448_size(NULL);
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_curve448_free(&key);
#endif
return ret;
} /* END test_wc_curve448_size*/
/*
* Testing wc_ecc_make_key.
*/
static int test_wc_ecc_make_key (void)
{
int ret = 0;
#if defined(HAVE_ECC) && !defined(WC_NO_RNG)
WC_RNG rng;
ecc_key key;
printf(testingFmt, "wc_ecc_make_key()");
ret = wc_InitRng(&rng);
if (ret != 0)
return ret;
ret = wc_ecc_init(&key);
if (ret == 0) {
ret = wc_ecc_make_key(&rng, KEY14, &key);
/* Pass in bad args. */
if (ret == 0) {
ret = wc_ecc_make_key(NULL, KEY14, &key);
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_make_key(&rng, KEY14, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
wc_ecc_free(&key);
}
if (wc_FreeRng(&rng) != 0 && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
#ifdef FP_ECC
wc_ecc_fp_free();
#endif
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_ecc_make_key */
/*
* Testing wc_ecc_init()
*/
static int test_wc_ecc_init (void)
{
int ret = 0;
#ifdef HAVE_ECC
ecc_key key;
printf(testingFmt, "wc_ecc_init()");
ret = wc_ecc_init(&key);
/* Pass in bad args. */
if (ret == 0) {
ret = wc_ecc_init(NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_ecc_free(&key);
#endif
return ret;
} /* END test_wc_ecc_init */
/*
* Testing wc_ecc_check_key()
*/
static int test_wc_ecc_check_key (void)
{
int ret = 0;
#if defined(HAVE_ECC) && !defined(WC_NO_RNG)
WC_RNG rng;
ecc_key key;
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&key);
if (ret == 0) {
ret = wc_ecc_make_key(&rng, KEY14, &key);
}
}
printf(testingFmt, "wc_ecc_check_key()");
if (ret == 0) {
ret = wc_ecc_check_key(&key);
}
/* Pass in bad args. */
if (ret == 0) {
ret = wc_ecc_check_key(NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_free(&key);
#ifdef FP_ECC
wc_ecc_fp_free();
#endif
#endif
return ret;
} /* END test_wc_ecc_check_key */
/*
* Testing wc_ecc_get_generator()
*/
static int test_wc_ecc_get_generator(void)
{
int ret = 0;
#if defined(HAVE_ECC) && !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \
!defined(HAVE_FIPS) && defined(OPENSSL_EXTRA)
ecc_point* pt;
printf(testingFmt, "wc_ecc_new_point()");
pt = wc_ecc_new_point();
if (!pt) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(testingFmt, "wc_ecc_get_generator()");
if (ret == 0) {
ret = wc_ecc_get_generator(pt, wc_ecc_get_curve_idx(ECC_SECP256R1));
}
/* Test bad args. */
if (ret == MP_OKAY) {
/* Returns Zero for bad arg. */
ret = wc_ecc_get_generator(pt, -1);
if (ret != MP_OKAY)
wc_ecc_get_generator(NULL, wc_ecc_get_curve_idx(ECC_SECP256R1));
if (ret != MP_OKAY)
wc_ecc_get_generator(pt, 1000); /* If we ever get to 1000 curves
* increase this number */
if (ret != MP_OKAY)
wc_ecc_get_generator(NULL, -1);
ret = ret == MP_OKAY ? WOLFSSL_FATAL_ERROR : 0;
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_ecc_del_point(pt);
#endif
return ret;
} /* END test_wc_ecc_get_generator */
/*
* Testing wc_ecc_size()
*/
static int test_wc_ecc_size (void)
{
int ret = 0;
#if defined(HAVE_ECC) && !defined(WC_NO_RNG)
WC_RNG rng;
ecc_key key;
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&key);
if (ret == 0) {
ret = wc_ecc_make_key(&rng, KEY14, &key);
}
}
printf(testingFmt, "wc_ecc_size()");
if (ret == 0) {
ret = wc_ecc_size(&key);
if (ret == KEY14) {
ret = 0;
} else if (ret == 0){
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Test bad args. */
if (ret == 0) {
/* Returns Zero for bad arg. */
ret = wc_ecc_size(NULL);
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_free(&key);
#endif
return ret;
} /* END test_wc_ecc_size */
static void test_wc_ecc_params(void)
{
/* FIPS/CAVP self-test modules do not have `wc_ecc_get_curve_params`.
It was added after certifications */
#if defined(HAVE_ECC) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
const ecc_set_type* ecc_set;
#if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
/* Test for SECP256R1 curve */
int curve_id = ECC_SECP256R1;
int curve_idx = wc_ecc_get_curve_idx(curve_id);
AssertIntNE(curve_idx, ECC_CURVE_INVALID);
ecc_set = wc_ecc_get_curve_params(curve_idx);
AssertNotNull(ecc_set);
AssertIntEQ(ecc_set->id, curve_id);
#endif
/* Test case when SECP256R1 is not enabled */
/* Test that we get curve params for index 0 */
ecc_set = wc_ecc_get_curve_params(0);
AssertNotNull(ecc_set);
#endif /* HAVE_ECC && !HAVE_FIPS && !HAVE_SELFTEST */
}
/*
* Testing wc_ecc_sign_hash() and wc_ecc_verify_hash()
*/
static int test_wc_ecc_signVerify_hash (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && !defined(NO_ASN) && !defined(WC_NO_RNG)
WC_RNG rng;
ecc_key key;
int signH = WOLFSSL_FATAL_ERROR;
#ifdef HAVE_ECC_VERIFY
int verifyH = WOLFSSL_FATAL_ERROR;
int verify = 0;
#endif
word32 siglen = ECC_BUFSIZE;
byte sig[ECC_BUFSIZE];
byte adjustedSig[ECC_BUFSIZE+1];
byte digest[] = TEST_STRING;
word32 digestlen = (word32)TEST_STRING_SZ;
/* Init stack var */
XMEMSET(sig, 0, siglen);
XMEMSET(&key, 0, sizeof(key));
XMEMSET(adjustedSig, 0, ECC_BUFSIZE+1);
/* Init structs. */
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&key);
if (ret == 0) {
ret = wc_ecc_make_key(&rng, KEY14, &key);
}
}
printf(testingFmt, "wc_ecc_sign_hash()");
if (ret == 0) {
ret = wc_ecc_sign_hash(digest, digestlen, sig, &siglen, &rng, &key);
}
/* Check bad args. */
if (ret == 0) {
signH = wc_ecc_sign_hash(NULL, digestlen, sig, &siglen, &rng, &key);
if (signH == ECC_BAD_ARG_E) {
signH = wc_ecc_sign_hash(digest, digestlen, NULL, &siglen,
&rng, &key);
}
if (signH == ECC_BAD_ARG_E) {
signH = wc_ecc_sign_hash(digest, digestlen, sig, NULL,
&rng, &key);
}
if (signH == ECC_BAD_ARG_E) {
signH = wc_ecc_sign_hash(digest, digestlen, sig, &siglen,
NULL, &key);
}
if (signH == ECC_BAD_ARG_E) {
signH = wc_ecc_sign_hash(digest, digestlen, sig, &siglen,
&rng, NULL);
}
if (signH == ECC_BAD_ARG_E) {
signH = 0;
} else if (ret == 0) {
signH = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, signH == 0 ? passed : failed);
#ifdef HAVE_ECC_VERIFY
printf(testingFmt, "wc_ecc_verify_hash()");
ret = wc_ecc_verify_hash(sig, siglen, digest, digestlen, &verify, &key);
if (verify != 1 && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
/* test check on length of signature passed in */
XMEMCPY(adjustedSig, sig, siglen);
adjustedSig[1] = adjustedSig[1] + 1; /* add 1 to length for extra byte*/
#ifndef NO_STRICT_ECDSA_LEN
AssertIntNE(wc_ecc_verify_hash(adjustedSig, siglen+1, digest, digestlen,
&verify, &key), 0);
#else
/* if NO_STRICT_ECDSA_LEN is set then extra bytes after the signature
* is allowed */
AssertIntEQ(wc_ecc_verify_hash(adjustedSig, siglen+1, digest, digestlen,
&verify, &key), 0);
#endif
/* Test bad args. */
if (ret == 0) {
verifyH = wc_ecc_verify_hash(NULL, siglen, digest, digestlen,
&verify, &key);
if (verifyH == ECC_BAD_ARG_E) {
verifyH = wc_ecc_verify_hash(sig, siglen, NULL, digestlen,
&verify, &key);
}
if (verifyH == ECC_BAD_ARG_E) {
verifyH = wc_ecc_verify_hash(sig, siglen, digest, digestlen,
NULL, &key);
}
if (verifyH == ECC_BAD_ARG_E) {
verifyH = wc_ecc_verify_hash(sig, siglen, digest, digestlen,
&verify, NULL);
}
if (verifyH == ECC_BAD_ARG_E) {
verifyH = 0;
} else if (ret == 0) {
verifyH = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, verifyH == 0 ? passed : failed);
#endif /* HAVE_ECC_VERIFY */
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_free(&key);
#ifdef FP_ECC
wc_ecc_fp_free();
#endif
#endif
return ret;
} /* END test_wc_ecc_sign_hash */
/*
* Testing wc_ecc_shared_secret()
*/
static int test_wc_ecc_shared_secret (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG)
ecc_key key, pubKey;
WC_RNG rng;
byte out[KEY32];
int keySz = sizeof(out);
word32 outlen = (word32)sizeof(out);
#if defined(HAVE_ECC) && !defined(NO_ECC256)
const char* qx =
"bb33ac4c27504ac64aa504c33cde9f36db722dce94ea2bfacb2009392c16e861";
const char* qy =
"02e9af4dd302939a315b9792217ff0cf18da9111023486e82058330b803489d8";
const char* d =
"45b66902739c6c85a1385b72e8e8c7acc4038d533504fa6c28dc348de1a8098c";
const char* curveName = "SECP256R1";
const byte expected_shared_secret[] =
{
0x65, 0xc0, 0xd4, 0x61, 0x17, 0xe6, 0x09, 0x75,
0xf0, 0x12, 0xa0, 0x4d, 0x0b, 0x41, 0x30, 0x7a,
0x51, 0xf0, 0xb3, 0xaf, 0x23, 0x8f, 0x0f, 0xdf,
0xf1, 0xff, 0x23, 0x64, 0x28, 0xca, 0xf8, 0x06
};
#endif
/* Initialize variables. */
XMEMSET(out, 0, keySz);
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
XMEMSET(&pubKey, 0, sizeof(pubKey));
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&key);
if (ret == 0) {
ret = wc_ecc_init(&pubKey);
}
}
#if defined(HAVE_ECC) && !defined(NO_ECC256)
if (ret == 0) {
ret = wc_ecc_import_raw(&key, qx, qy, d, curveName);
}
if (ret == 0) {
ret = wc_ecc_import_raw(&pubKey, qx, qy, NULL, curveName);
}
#else
if (ret == 0) {
ret = wc_ecc_make_key(&rng, keySz, &key);
}
if (ret == 0) {
ret = wc_ecc_make_key(&rng, keySz, &pubKey);
}
#endif
#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
!defined(HAVE_SELFTEST)
if (ret == 0) {
ret = wc_ecc_set_rng(&key, &rng);
}
#endif
printf(testingFmt, "wc_ecc_shared_secret()");
if (ret == 0) {
ret = wc_ecc_shared_secret(&key, &pubKey, out, &outlen);
#if defined(HAVE_ECC) && !defined(NO_ECC256)
if (ret == 0) {
if (0 != XMEMCMP(out, expected_shared_secret, outlen)) {
ret = WOLFSSL_FATAL_ERROR;
}
}
#endif
/* Test bad args. */
if (ret == 0) {
ret = wc_ecc_shared_secret(NULL, &pubKey, out, &outlen);
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_shared_secret(&key, NULL, out, &outlen);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_shared_secret(&key, &pubKey, NULL, &outlen);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_shared_secret(&key, &pubKey, out, NULL);
}
if (ret == BAD_FUNC_ARG) {
/* Invalid length */
outlen = 1;
ret = wc_ecc_shared_secret(&key, &pubKey, out, &outlen);
}
if (ret == BUFFER_E) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_free(&key);
wc_ecc_free(&pubKey);
#ifdef FP_ECC
wc_ecc_fp_free();
#endif
#endif
return ret;
} /* END tests_wc_ecc_shared_secret */
/*
* testint wc_ecc_export_x963()
*/
static int test_wc_ecc_export_x963 (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
ecc_key key;
WC_RNG rng;
byte out[ECC_ASN963_MAX_BUF_SZ];
word32 outlen = sizeof(out);
/* Initialize variables. */
XMEMSET(out, 0, outlen);
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&key);
if (ret == 0) {
ret = wc_ecc_make_key(&rng, KEY20, &key);
}
}
printf(testingFmt, "wc_ecc_export_x963()");
if (ret == 0) {
ret = wc_ecc_export_x963(&key, out, &outlen);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ecc_export_x963(NULL, out, &outlen);
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_export_x963(&key, NULL, &outlen);
}
if (ret == LENGTH_ONLY_E) {
ret = wc_ecc_export_x963(&key, out, NULL);
}
if (ret == ECC_BAD_ARG_E) {
key.idx = -4;
ret = wc_ecc_export_x963(&key, out, &outlen);
}
if (ret == ECC_BAD_ARG_E) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_free(&key);
#ifdef FP_ECC
wc_ecc_fp_free();
#endif
#endif
return ret;
} /* END test_wc_ecc_export_x963 */
/*
* Testing wc_ecc_export_x963_ex()
* compile with --enable-compkey will use compression.
*/
static int test_wc_ecc_export_x963_ex (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
ecc_key key;
WC_RNG rng;
byte out[ECC_ASN963_MAX_BUF_SZ];
word32 outlen = sizeof(out);
#ifdef HAVE_COMP_KEY
word32 badOutLen = 5;
#endif
/* Init stack variables. */
XMEMSET(out, 0, outlen);
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&key);
if (ret == 0) {
ret = wc_ecc_make_key(&rng, KEY64, &key);
}
}
printf(testingFmt, "wc_ecc_export_x963_ex()");
#ifdef HAVE_COMP_KEY
if (ret == 0) {
ret = wc_ecc_export_x963_ex(&key, out, &outlen, COMP);
}
#else
if (ret == 0) {
ret = wc_ecc_export_x963_ex(&key, out, &outlen, NOCOMP);
}
#endif
/* Test bad args. */
#ifdef HAVE_COMP_KEY
if (ret == 0) {
ret = wc_ecc_export_x963_ex(NULL, out, &outlen, COMP);
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_export_x963_ex(&key, NULL, &outlen, COMP);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_export_x963_ex(&key, out, NULL, COMP);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_export_x963_ex(&key, out, &badOutLen, COMP);
}
if (ret == BUFFER_E) {
key.idx = -4;
ret = wc_ecc_export_x963_ex(&key, out, &outlen, COMP);
}
if (ret == ECC_BAD_ARG_E) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#else
if (ret == 0) {
ret = wc_ecc_export_x963_ex(NULL, out, &outlen, NOCOMP);
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_export_x963_ex(&key, NULL, &outlen, NOCOMP);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_export_x963_ex(&key, out, &outlen, 1);
}
if (ret == NOT_COMPILED_IN) {
ret = wc_ecc_export_x963_ex(&key, out, NULL, NOCOMP);
}
if (ret == BAD_FUNC_ARG) {
key.idx = -4;
ret = wc_ecc_export_x963_ex(&key, out, &outlen, NOCOMP);
}
if (ret == ECC_BAD_ARG_E) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
#endif
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_free(&key);
#ifdef FP_ECC
wc_ecc_fp_free();
#endif
#endif
return ret;
} /* END test_wc_ecc_export_x963_ex */
/*
* testing wc_ecc_import_x963()
*/
static int test_wc_ecc_import_x963 (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_IMPORT) && \
defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
ecc_key pubKey, key;
WC_RNG rng;
byte x963[ECC_ASN963_MAX_BUF_SZ];
word32 x963Len = (word32)sizeof(x963);
/* Init stack variables. */
XMEMSET(x963, 0, x963Len);
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
XMEMSET(&pubKey, 0, sizeof(pubKey));
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&pubKey);
if (ret == 0) {
ret = wc_ecc_init(&key);
}
if (ret == 0) {
ret = wc_ecc_make_key(&rng, KEY24, &key);
}
if (ret == 0) {
PRIVATE_KEY_UNLOCK();
ret = wc_ecc_export_x963(&key, x963, &x963Len);
PRIVATE_KEY_LOCK();
}
}
printf(testingFmt, "wc_ecc_import_x963()");
if (ret == 0) {
ret = wc_ecc_import_x963(x963, x963Len, &pubKey);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ecc_import_x963(NULL, x963Len, &pubKey);
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_import_x963(x963, x963Len, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_import_x963(x963, x963Len + 1, &pubKey);
}
if (ret == ECC_BAD_ARG_E) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_free(&key);
wc_ecc_free(&pubKey);
#ifdef FP_ECC
wc_ecc_fp_free();
#endif
#endif
return ret;
} /* END wc_ecc_import_x963 */
/*
* testing wc_ecc_import_private_key()
*/
static int ecc_import_private_key (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_IMPORT) && \
defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
ecc_key key, keyImp;
WC_RNG rng;
byte privKey[ECC_PRIV_KEY_BUF]; /* Raw private key.*/
byte x963Key[ECC_ASN963_MAX_BUF_SZ];
word32 privKeySz = (word32)sizeof(privKey);
word32 x963KeySz = (word32)sizeof(x963Key);
/* Init stack variables. */
XMEMSET(privKey, 0, privKeySz);
XMEMSET(x963Key, 0, x963KeySz);
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
XMEMSET(&keyImp, 0, sizeof(keyImp));
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&key);
if (ret == 0) {
ret = wc_ecc_init(&keyImp);
}
if (ret == 0) {
ret = wc_ecc_make_key(&rng, KEY48, &key);
}
if (ret == 0) {
PRIVATE_KEY_UNLOCK();
ret = wc_ecc_export_x963(&key, x963Key, &x963KeySz);
PRIVATE_KEY_LOCK();
}
if (ret == 0) {
ret = wc_ecc_export_private_only(&key, privKey, &privKeySz);
}
}
printf(testingFmt, "wc_ecc_import_private_key()");
if (ret == 0) {
ret = wc_ecc_import_private_key(privKey, privKeySz, x963Key,
x963KeySz, &keyImp);
}
/* Pass in bad args. */
if (ret == 0) {
ret = wc_ecc_import_private_key(privKey, privKeySz, x963Key,
x963KeySz, NULL);
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_import_private_key(NULL, privKeySz, x963Key,
x963KeySz, &keyImp);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_free(&key);
wc_ecc_free(&keyImp);
#ifdef FP_ECC
wc_ecc_fp_free();
#endif
#endif
return ret;
} /* END wc_ecc_import_private_key */
/*
* Testing wc_ecc_export_private_only()
*/
static int test_wc_ecc_export_private_only (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
ecc_key key;
WC_RNG rng;
byte out[ECC_PRIV_KEY_BUF];
word32 outlen = sizeof(out);
/* Init stack variables. */
XMEMSET(out, 0, outlen);
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&key);
if (ret == 0) {
ret = wc_ecc_make_key(&rng, KEY32, &key);
}
}
printf(testingFmt, "wc_ecc_export_private_only()");
if (ret == 0) {
ret = wc_ecc_export_private_only(&key, out, &outlen);
}
/* Pass in bad args. */
if (ret == 0) {
ret = wc_ecc_export_private_only(NULL, out, &outlen);
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_export_private_only(&key, NULL, &outlen);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_export_private_only(&key, out, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_free(&key);
#ifdef FP_ECC
wc_ecc_fp_free();
#endif
#endif
return ret;
} /* END test_wc_ecc_export_private_only */
/*
* Testing wc_ecc_rs_to_sig()
*/
static int test_wc_ecc_rs_to_sig (void)
{
int ret = 0;
#if defined(HAVE_ECC) && !defined(NO_ASN)
/* first [P-192,SHA-1] vector from FIPS 186-3 NIST vectors */
const char* R = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e";
const char* S = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41";
const char* zeroStr = "0";
byte sig[ECC_MAX_SIG_SIZE];
word32 siglen = (word32)sizeof(sig);
/*R and S max size is the order of curve. 2^192.*/
int keySz = KEY24;
byte r[KEY24];
byte s[KEY24];
word32 rlen = (word32)sizeof(r);
word32 slen = (word32)sizeof(s);
/* Init stack variables. */
XMEMSET(sig, 0, ECC_MAX_SIG_SIZE);
XMEMSET(r, 0, keySz);
XMEMSET(s, 0, keySz);
printf(testingFmt, "wc_ecc_rs_to_sig()");
ret = wc_ecc_rs_to_sig(R, S, sig, &siglen);
/* Test bad args. */
if (ret == 0) {
ret = wc_ecc_rs_to_sig(NULL, S, sig, &siglen);
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_rs_to_sig(R, NULL, sig, &siglen);
}
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_rs_to_sig(R, S, sig, NULL);
}
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_rs_to_sig(R, S, NULL, &siglen);
}
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_rs_to_sig(R, zeroStr, sig, &siglen);
}
if (ret == MP_ZERO_E) {
ret = wc_ecc_rs_to_sig(zeroStr, S, sig, &siglen);
}
if (ret == MP_ZERO_E) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
printf(testingFmt, "wc_ecc_sig_to_rs()");
if (ret == 0) {
ret = wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, &slen);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ecc_sig_to_rs(NULL, siglen, r, &rlen, s, &slen);
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_sig_to_rs(sig, siglen, NULL, &rlen, s, &slen);
}
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_sig_to_rs(sig, siglen, r, NULL, s, &slen);
}
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_sig_to_rs(sig, siglen, r, &rlen, NULL, &slen);
}
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, NULL);
}
if (ret == ECC_BAD_ARG_E) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_ecc_rs_to_sig */
static int test_wc_ecc_import_raw(void)
{
int ret = 0;
#if defined(HAVE_ECC) && !defined(NO_ECC256)
ecc_key key;
const char* qx =
"bb33ac4c27504ac64aa504c33cde9f36db722dce94ea2bfacb2009392c16e861";
const char* qy =
"02e9af4dd302939a315b9792217ff0cf18da9111023486e82058330b803489d8";
const char* d =
"45b66902739c6c85a1385b72e8e8c7acc4038d533504fa6c28dc348de1a8098c";
const char* curveName = "SECP256R1";
#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
const char* kNullStr = "";
#endif
ret = wc_ecc_init(&key);
printf(testingFmt, "wc_ecc_import_raw()");
if (ret == 0) {
ret = wc_ecc_import_raw(&key, qx, qy, d, curveName);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ecc_import_raw(NULL, qx, qy, d, curveName);
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_import_raw(&key, NULL, qy, d, curveName);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_import_raw(&key, qx, NULL, d, curveName);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_import_raw(&key, qx, qy, d, NULL);
}
#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
if (ret == BAD_FUNC_ARG) {
#if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
wc_ecc_free(&key);
#endif
ret = wc_ecc_import_raw(&key, kNullStr, kNullStr, kNullStr, curveName);
if (ret == ECC_INF_E)
ret = BAD_FUNC_ARG; /* This is expected by other tests */
}
#endif
#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
if (ret == BAD_FUNC_ARG) {
#if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
wc_ecc_free(&key);
#endif
ret = wc_ecc_import_raw(&key, "0", qy, d, curveName);
}
if (ret == BAD_FUNC_ARG) {
#if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
wc_ecc_free(&key);
#endif
ret = wc_ecc_import_raw(&key, qx, "0", d, curveName);
}
#endif
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_ecc_free(&key);
#endif
return ret;
} /* END test_wc_ecc_import_raw */
static int test_wc_ecc_import_unsigned(void)
{
int ret = 0;
#if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2))
ecc_key key;
const byte qx[] = {
0xbb, 0x33, 0xac, 0x4c, 0x27, 0x50, 0x4a, 0xc6,
0x4a, 0xa5, 0x04, 0xc3, 0x3c, 0xde, 0x9f, 0x36,
0xdb, 0x72, 0x2d, 0xce, 0x94, 0xea, 0x2b, 0xfa,
0xcb, 0x20, 0x09, 0x39, 0x2c, 0x16, 0xe8, 0x61
};
const byte qy[] = {
0x02, 0xe9, 0xaf, 0x4d, 0xd3, 0x02, 0x93, 0x9a,
0x31, 0x5b, 0x97, 0x92, 0x21, 0x7f, 0xf0, 0xcf,
0x18, 0xda, 0x91, 0x11, 0x02, 0x34, 0x86, 0xe8,
0x20, 0x58, 0x33, 0x0b, 0x80, 0x34, 0x89, 0xd8
};
const byte d[] = {
0x45, 0xb6, 0x69, 0x02, 0x73, 0x9c, 0x6c, 0x85,
0xa1, 0x38, 0x5b, 0x72, 0xe8, 0xe8, 0xc7, 0xac,
0xc4, 0x03, 0x8d, 0x53, 0x35, 0x04, 0xfa, 0x6c,
0x28, 0xdc, 0x34, 0x8d, 0xe1, 0xa8, 0x09, 0x8c
};
#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
const byte nullBytes[32] = {0};
#endif
int curveId = ECC_SECP256R1;
ret = wc_ecc_init(&key);
printf(testingFmt, "wc_ecc_import_unsigned()");
if (ret == 0) {
ret = wc_ecc_import_unsigned(&key, (byte*)qx, (byte*)qy, (byte*)d,
curveId);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ecc_import_unsigned(NULL, (byte*)qx, (byte*)qy, (byte*)d,
curveId);
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_import_unsigned(&key, NULL, (byte*)qy, (byte*)d,
curveId);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_import_unsigned(&key, (byte*)qx, NULL, (byte*)d,
curveId);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_import_unsigned(&key, (byte*)qx, (byte*)qy, (byte*)d,
ECC_CURVE_INVALID);
}
#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_import_unsigned(&key, (byte*)nullBytes,
(byte*)nullBytes, (byte*)nullBytes, curveId);
}
#endif
if (ret == BAD_FUNC_ARG || ret == ECC_INF_E) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_ecc_free(&key);
#endif
return ret;
} /* END test_wc_ecc_import_unsigned */
/*
* Testing wc_ecc_sig_size()
*/
static int test_wc_ecc_sig_size (void)
{
int ret = 0;
#if defined(HAVE_ECC) && !defined(WC_NO_RNG)
ecc_key key;
WC_RNG rng;
int keySz = KEY16;
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&key);
if (ret == 0) {
ret = wc_ecc_make_key(&rng, keySz, &key);
}
}
printf(testingFmt, "wc_ecc_sig_size()");
if (ret == 0) {
ret = wc_ecc_sig_size(&key);
if (ret <= (2 * keySz + SIG_HEADER_SZ + ECC_MAX_PAD_SZ)) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_free(&key);
#endif
return ret;
} /* END test_wc_ecc_sig_size */
/*
* Testing wc_ecc_ctx_new()
*/
static int test_wc_ecc_ctx_new (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
WC_RNG rng;
ecEncCtx* cli = NULL;
ecEncCtx* srv = NULL;
ret = wc_InitRng(&rng);
printf(testingFmt, "wc_ecc_ctx_new()");
if (ret == 0) {
cli = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng);
srv = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng);
}
if (ret == 0 && (cli == NULL || srv == NULL)) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_ctx_free(cli);
wc_ecc_ctx_free(srv);
/* Test bad args. */
if (ret == 0) {
/* wc_ecc_ctx_new_ex() will free if returned NULL. */
cli = wc_ecc_ctx_new(0, &rng);
if (cli != NULL) {
ret = WOLFSSL_FATAL_ERROR;
}
cli = wc_ecc_ctx_new(REQ_RESP_CLIENT, NULL);
if (cli != NULL) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_ctx_free(cli);
#endif
return ret;
} /* END test_wc_ecc_ctx_new */
/*
* Tesing wc_ecc_reset()
*/
static int test_wc_ecc_ctx_reset (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
ecEncCtx* ctx = NULL;
WC_RNG rng;
ret = wc_InitRng(&rng);
if (ret == 0) {
if ( (ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng)) == NULL ) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(testingFmt, "wc_ecc_ctx_reset()");
if (ret == 0) {
ret = wc_ecc_ctx_reset(ctx, &rng);
}
/* Pass in bad args. */
if (ret == 0) {
ret = wc_ecc_ctx_reset(NULL, &rng);
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_ctx_reset(ctx, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_ctx_free(ctx);
#endif
return ret;
} /* END test_wc_ecc_ctx_reset */
/*
* Testing wc_ecc_ctx_set_peer_salt() and wc_ecc_ctx_get_own_salt()
*/
static int test_wc_ecc_ctx_set_peer_salt (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
WC_RNG rng;
ecEncCtx* cliCtx = NULL;
ecEncCtx* servCtx = NULL;
const byte* cliSalt = NULL;
const byte* servSalt = NULL;
ret = wc_InitRng(&rng);
if (ret == 0) {
if ( ( (cliCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng)) == NULL ) ||
( (servCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng)) == NULL) ) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(testingFmt, "wc_ecc_ctx_get_own_salt()");
/* Test bad args. */
if (ret == 0) {
cliSalt = wc_ecc_ctx_get_own_salt(NULL);
if (cliSalt != NULL) {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (ret == 0) {
cliSalt = wc_ecc_ctx_get_own_salt(cliCtx);
servSalt = wc_ecc_ctx_get_own_salt(servCtx);
if (cliSalt == NULL || servSalt == NULL) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
printf(testingFmt, "wc_ecc_ctx_set_peer_salt()");
if (ret == 0) {
ret = wc_ecc_ctx_set_peer_salt(cliCtx, servSalt);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ecc_ctx_set_peer_salt(NULL, servSalt);
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_ctx_set_peer_salt(cliCtx, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_ctx_free(cliCtx);
wc_ecc_ctx_free(servCtx);
#endif
return ret;
} /* END test_wc_ecc_ctx_set_peer_salt */
/*
* Testing wc_ecc_ctx_set_info()
*/
static int test_wc_ecc_ctx_set_info (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
ecEncCtx* ctx = NULL;
WC_RNG rng;
const char* optInfo = "Optional Test Info.";
int optInfoSz = (int)XSTRLEN(optInfo);
const char* badOptInfo = NULL;
ret = wc_InitRng(&rng);
if ( (ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng)) == NULL || ret != 0 ) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(testingFmt, "wc_ecc_ctx_set_info()");
if (ret == 0) {
ret = wc_ecc_ctx_set_info(ctx, (byte*)optInfo, optInfoSz);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ecc_ctx_set_info(NULL, (byte*)optInfo, optInfoSz);
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_ctx_set_info(ctx, (byte*)badOptInfo, optInfoSz);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_ctx_set_info(ctx, (byte*)optInfo, -1);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_ctx_free(ctx);
#endif
return ret;
} /* END test_wc_ecc_ctx_set_info */
/*
* Testing wc_ecc_encrypt() and wc_ecc_decrypt()
*/
static int test_wc_ecc_encryptDecrypt (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG) && \
defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
ecc_key srvKey, cliKey, tmpKey;
WC_RNG rng;
const char* msg = "EccBlock Size 16";
word32 msgSz = (word32)XSTRLEN(msg);
#ifdef WOLFSSL_ECIES_OLD
byte out[XSTRLEN(msg) + WC_SHA256_DIGEST_SIZE];
#else
byte out[KEY20 * 2 + 1 + XSTRLEN(msg) + WC_SHA256_DIGEST_SIZE];
#endif
word32 outSz = (word32)sizeof(out);
byte plain[XSTRLEN(msg) + 1];
word32 plainSz = (word32)sizeof(plain);
int keySz = KEY20;
/* Init stack variables. */
XMEMSET(out, 0, outSz);
XMEMSET(plain, 0, plainSz);
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&srvKey, 0, sizeof(srvKey));
XMEMSET(&cliKey, 0, sizeof(cliKey));
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&cliKey);
if (ret == 0) {
ret = wc_ecc_make_key(&rng, keySz, &cliKey);
}
if (ret == 0) {
ret = wc_ecc_init(&srvKey);
}
if (ret == 0) {
ret = wc_ecc_make_key(&rng, keySz, &srvKey);
}
if (ret == 0) {
ret = wc_ecc_init(&tmpKey);
}
}
#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
!defined(HAVE_SELFTEST)
if (ret == 0) {
ret = wc_ecc_set_rng(&srvKey, &rng);
}
if (ret == 0) {
ret = wc_ecc_set_rng(&cliKey, &rng);
}
#endif
printf(testingFmt, "wc_ecc_encrypt()");
if (ret == 0) {
ret = wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, out,
&outSz, NULL);
}
if (ret == 0) {
ret = wc_ecc_encrypt(NULL, &srvKey, (byte*)msg, msgSz, out,
&outSz, NULL);
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_encrypt(&cliKey, NULL, (byte*)msg, msgSz, out,
&outSz, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_encrypt(&cliKey, &srvKey, NULL, msgSz, out,
&outSz, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, NULL,
&outSz, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, out,
NULL, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
printf(testingFmt, "wc_ecc_decrypt()");
#ifdef WOLFSSL_ECIES_OLD
if (ret == 0) {
tmpKey.dp = cliKey.dp;
ret = wc_ecc_copy_point(&cliKey.pubkey, &tmpKey.pubkey);
}
#endif
if (ret == 0) {
ret = wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz, plain,
&plainSz, NULL);
}
if (ret == 0) {
ret = wc_ecc_decrypt(NULL, &tmpKey, out, outSz, plain,
&plainSz, NULL);
#ifdef WOLFSSL_ECIES_OLD
/* NULL parameter allowed in new implementations - public key comes from
* the message. */
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_decrypt(&srvKey, NULL, out, outSz, plain,
&plainSz, NULL);
}
#endif
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_decrypt(&srvKey, &tmpKey, NULL, outSz, plain,
&plainSz, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz, NULL,
&plainSz, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz,
plain, NULL, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (XMEMCMP(msg, plain, msgSz) != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_free(&tmpKey);
wc_ecc_free(&cliKey);
wc_ecc_free(&srvKey);
#endif
return ret;
} /* END test_wc_ecc_encryptDecrypt */
/*
* Testing wc_ecc_del_point() and wc_ecc_new_point()
*/
static int test_wc_ecc_del_point (void)
{
int ret = 0;
#if defined(HAVE_ECC)
ecc_point* pt;
printf(testingFmt, "wc_ecc_new_point()");
pt = wc_ecc_new_point();
if (!pt) {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_ecc_del_point(pt);
#endif
return ret;
} /* END test_wc_ecc_del_point */
/*
* Testing wc_ecc_point_is_at_infinity(), wc_ecc_export_point_der(),
* wc_ecc_import_point_der(), wc_ecc_copy_point(), wc_ecc_point_is_on_curve(),
* and wc_ecc_cmp_point()
*/
static int test_wc_ecc_pointFns (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && \
!defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A)
ecc_key key;
WC_RNG rng;
ecc_point* point = NULL;
ecc_point* cpypt = NULL;
int idx = 0;
int keySz = KEY32;
byte der[DER_SZ(KEY32)];
word32 derlenChk = 0;
word32 derSz = DER_SZ(KEY32);
/* Init stack variables. */
XMEMSET(der, 0, derSz);
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&key);
if (ret == 0) {
ret = wc_ecc_make_key(&rng, keySz, &key);
}
}
if (ret == 0) {
point = wc_ecc_new_point();
if (!point) {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (ret == 0) {
cpypt = wc_ecc_new_point();
if (!cpypt) {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Export */
printf(testingFmt, "wc_ecc_export_point_der()");
if (ret == 0) {
ret = wc_ecc_export_point_der((idx = key.idx), &key.pubkey,
NULL, &derlenChk);
/* Check length value. */
if (derSz == derlenChk && ret == LENGTH_ONLY_E) {
ret = wc_ecc_export_point_der((idx = key.idx), &key.pubkey,
der, &derSz);
}
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ecc_export_point_der(-2, &key.pubkey, der, &derSz);
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_export_point_der((idx = key.idx), NULL, der, &derSz);
}
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_export_point_der((idx = key.idx), &key.pubkey,
der, NULL);
}
if (ret == ECC_BAD_ARG_E) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
/* Import */
printf(testingFmt, "wc_ecc_import_point_der()");
if (ret == 0) {
ret = wc_ecc_import_point_der(der, derSz, idx, point);
/* Condition double checks wc_ecc_cmp_point(). */
if (ret == 0 &&
XMEMCMP((void *)&key.pubkey, (void *)point, sizeof(key.pubkey))) {
ret = wc_ecc_cmp_point(&key.pubkey, point);
}
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ecc_import_point_der(NULL, derSz, idx, point);
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_import_point_der(der, derSz, idx, NULL);
}
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_import_point_der(der, derSz, -1, point);
}
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_import_point_der(der, derSz + 1, idx, point);
}
if (ret == ECC_BAD_ARG_E) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
/* Copy */
printf(testingFmt, "wc_ecc_copy_point()");
if (ret == 0) {
ret = wc_ecc_copy_point(point, cpypt);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ecc_copy_point(NULL, cpypt);
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_copy_point(point, NULL);
}
if (ret == ECC_BAD_ARG_E) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
printf(testingFmt, "wc_ecc_cmp_point()");
/* Compare point */
if (ret == 0) {
ret = wc_ecc_cmp_point(point, cpypt);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ecc_cmp_point(NULL, cpypt);
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_cmp_point(point, NULL);
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
printf(testingFmt, "wc_ecc_point_is_at_infinity()");
/* At infinity if return == 1, otherwise return == 0. */
if (ret == 0) {
ret = wc_ecc_point_is_at_infinity(point);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ecc_point_is_at_infinity(NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
#ifdef USE_ECC_B_PARAM
printf(testingFmt, "wc_ecc_point_is_on_curve()");
/* On curve if ret == 0 */
if (ret == 0) {
ret = wc_ecc_point_is_on_curve(point, idx);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ecc_point_is_on_curve(NULL, idx);
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_point_is_on_curve(point, 1000);
}
if (ret == ECC_BAD_ARG_E) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif /* USE_ECC_B_PARAM */
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
/* Free */
wc_ecc_del_point(point);
wc_ecc_del_point(cpypt);
wc_ecc_free(&key);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
#endif
return ret;
} /* END test_wc_ecc_pointFns */
/*
* Testing wc_ecc_sahred_secret_ssh()
*/
static int test_wc_ecc_shared_secret_ssh (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && \
!defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A)
ecc_key key, key2;
WC_RNG rng;
int keySz = KEY32;
int key2Sz = KEY24;
byte secret[KEY32];
word32 secretLen = keySz;
/* Init stack variables. */
XMEMSET(secret, 0, secretLen);
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
XMEMSET(&key2, 0, sizeof(key2));
/* Make keys */
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&key);
if (ret == 0) {
ret = wc_ecc_make_key(&rng, keySz, &key);
}
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (ret == 0) {
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&key2);
}
if (ret == 0) {
ret = wc_ecc_make_key(&rng, key2Sz, &key2);
}
}
printf(testingFmt, "ecc_shared_secret_ssh()");
#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
!defined(HAVE_SELFTEST)
if (ret == 0) {
ret = wc_ecc_set_rng(&key, &rng);
}
#endif
if (ret == 0) {
ret = wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret, &secretLen);
}
/* Pass in bad args. */
if (ret == 0) {
ret = wc_ecc_shared_secret_ssh(NULL, &key2.pubkey, secret, &secretLen);
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_shared_secret_ssh(&key, NULL, secret, &secretLen);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_shared_secret_ssh(&key, &key2.pubkey, NULL, &secretLen);
}
if (ret == BAD_FUNC_ARG) {
ret = wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret, NULL);
}
if (ret == BAD_FUNC_ARG) {
key.type = ECC_PUBLICKEY;
ret = wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret, &secretLen);
if (ret == ECC_BAD_ARG_E) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_free(&key);
wc_ecc_free(&key2);
#ifdef FP_ECC
wc_ecc_fp_free();
#endif
#endif
return ret;
} /* END test_wc_ecc_shared_secret_ssh */
/*
* Testing wc_ecc_verify_hash_ex() and wc_ecc_verify_hash_ex()
*/
static int test_wc_ecc_verify_hash_ex (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && defined(WOLFSSL_PUBLIC_MP) \
&& !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A)
ecc_key key;
WC_RNG rng;
mp_int r;
mp_int s;
unsigned char hash[] = "Everyone gets Friday off.EccSig";
unsigned char iHash[] = "Everyone gets Friday off.......";
unsigned char shortHash[] = TEST_STRING;
word32 hashlen = sizeof(hash);
word32 iHashLen = sizeof(iHash);
word32 shortHashLen = sizeof(shortHash);
int keySz = KEY32;
int sig = WOLFSSL_FATAL_ERROR;
int ver = WOLFSSL_FATAL_ERROR;
int verify_ok = 0;
/* Initialize r and s. */
ret = mp_init_multi(&r, &s, NULL, NULL, NULL, NULL);
if (ret != MP_OKAY) {
return MP_INIT_E;
}
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&key);
if (ret == 0) {
ret = wc_ecc_make_key(&rng, keySz, &key);
}
}
if (ret == 0) {
ret = wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, &r, &s);
if (ret == 0) {
/* verify_ok should be 1. */
ret = wc_ecc_verify_hash_ex(&r, &s, hash, hashlen, &verify_ok, &key);
if (verify_ok != 1 && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (ret == 0) {
/* verify_ok should be 0 */
ret = wc_ecc_verify_hash_ex(&r, &s, iHash, iHashLen,
&verify_ok, &key);
if (verify_ok != 0 && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
if (ret == 0) {
/* verify_ok should be 0. */
ret = wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen,
&verify_ok, &key);
if (verify_ok != 0 && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
}
printf(testingFmt, "wc_ecc_sign_hash_ex()");
/* Test bad args. */
if (ret == 0) {
if (wc_ecc_sign_hash_ex(NULL, hashlen, &rng, &key, &r, &s)
== ECC_BAD_ARG_E) {
sig = 0;
}
if (sig == 0 && wc_ecc_sign_hash_ex(hash, hashlen, NULL, &key, &r, &s)
!= ECC_BAD_ARG_E) {
sig = WOLFSSL_FATAL_ERROR;
}
if (sig == 0 && wc_ecc_sign_hash_ex(hash, hashlen, &rng, NULL, &r, &s)
!= ECC_BAD_ARG_E) {
sig = WOLFSSL_FATAL_ERROR;
}
if (sig == 0 && wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, NULL, &s)
!= ECC_BAD_ARG_E) {
sig = WOLFSSL_FATAL_ERROR;
}
if (sig == 0 && wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, &r, NULL)
!= ECC_BAD_ARG_E) {
sig = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, sig == 0 ? passed : failed);
printf(testingFmt, "wc_ecc_verify_hash_ex()");
/* Test bad args. */
if (ret == 0) {
if (wc_ecc_verify_hash_ex(NULL, &s, shortHash, shortHashLen, &verify_ok, &key)
== ECC_BAD_ARG_E) {
ver = 0;
}
if (ver == 0 && wc_ecc_verify_hash_ex(&r, NULL, shortHash, shortHashLen,
&verify_ok, &key) != ECC_BAD_ARG_E) {
ver = WOLFSSL_FATAL_ERROR;
}
if (ver == 0 && wc_ecc_verify_hash_ex(&r, &s, NULL, shortHashLen, &verify_ok,
&key) != ECC_BAD_ARG_E) {
ver = WOLFSSL_FATAL_ERROR;
}
if (ver == 0 && wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen,
NULL, &key) != ECC_BAD_ARG_E) {
ver = WOLFSSL_FATAL_ERROR;
}
if (ver == 0 && wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen,
&verify_ok, NULL) != ECC_BAD_ARG_E) {
ver = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ver == 0 ? passed : failed);
wc_ecc_free(&key);
mp_free(&r);
mp_free(&s);
if (wc_FreeRng(&rng)) {
return WOLFSSL_FATAL_ERROR;
}
if (ret == 0 && (sig != 0 || ver != 0)) {
ret = WOLFSSL_FATAL_ERROR;
}
#endif
return ret;
} /* END test_wc_ecc_verify_hash_ex */
/*
* Testing wc_ecc_mulmod()
*/
static int test_wc_ecc_mulmod (void)
{
int ret = 0;
#if defined(HAVE_ECC) && !defined(WC_NO_RNG) && \
!(defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
defined(WOLFSSL_VALIDATE_ECC_IMPORT))
ecc_key key1, key2, key3;
WC_RNG rng;
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&key1);
if (ret == 0) {
ret = wc_ecc_init(&key2);
}
if (ret == 0) {
ret = wc_ecc_init(&key3);
}
if (ret == 0) {
ret = wc_ecc_make_key(&rng, KEY32, &key1);
}
wc_FreeRng(&rng);
}
if (ret == 0) {
ret = wc_ecc_import_raw_ex(&key2, key1.dp->Gx, key1.dp->Gy, key1.dp->Af,
ECC_SECP256R1);
if (ret == 0) {
ret = wc_ecc_import_raw_ex(&key3, key1.dp->Gx, key1.dp->Gy,
key1.dp->prime, ECC_SECP256R1);
}
}
printf(testingFmt, "wc_ecc_mulmod()");
if (ret == 0) {
ret = wc_ecc_mulmod(&key1.k, &key2.pubkey, &key3.pubkey, &key2.k,
&key3.k, 1);
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ecc_mulmod(NULL, &key2.pubkey, &key3.pubkey, &key2.k,
&key3.k, 1);
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_mulmod(&key1.k, NULL, &key3.pubkey, &key2.k,
&key3.k, 1);
}
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_mulmod(&key1.k, &key2.pubkey, NULL, &key2.k,
&key3.k, 1);
}
if (ret == ECC_BAD_ARG_E) {
ret = wc_ecc_mulmod(&key1.k, &key2.pubkey, &key3.pubkey,
&key2.k, NULL, 1);
}
if (ret == ECC_BAD_ARG_E) {
ret = 0;
} else if (ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_ecc_free(&key1);
wc_ecc_free(&key2);
wc_ecc_free(&key3);
#ifdef FP_ECC
wc_ecc_fp_free();
#endif
#endif /* HAVE_ECC && !WOLFSSL_ATECC508A */
return ret;
} /* END test_wc_ecc_mulmod */
/*
* Testing wc_ecc_is_valid_idx()
*/
static int test_wc_ecc_is_valid_idx (void)
{
int ret = 0;
#if defined(HAVE_ECC) && !defined(WC_NO_RNG)
ecc_key key;
WC_RNG rng;
int iVal = -2;
int iVal2 = 3000;
XMEMSET(&rng, 0, sizeof(rng));
XMEMSET(&key, 0, sizeof(key));
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&key);
if (ret == 0) {
ret = wc_ecc_make_key(&rng, 32, &key);
}
}
printf(testingFmt, "wc_ecc_is_valid_idx()");
if (ret == 0) {
ret = wc_ecc_is_valid_idx(key.idx);
if (ret == 1) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
/* Test bad args. */
if (ret == 0) {
ret = wc_ecc_is_valid_idx(iVal); /* should return 0 */
if (ret == 0) {
ret = wc_ecc_is_valid_idx(iVal2);
}
if (ret != 0) {
ret = WOLFSSL_FATAL_ERROR;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
if (wc_FreeRng(&rng) && ret == 0) {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_free(&key);
#ifdef FP_ECC
wc_ecc_fp_free();
#endif
#endif
return ret;
} /* END test_wc_ecc_is_valid_idx */
/*
* Testing wc_ecc_get_curve_id_from_oid()
*/
static int test_wc_ecc_get_curve_id_from_oid (void)
{
int ret = 0;
#if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(HAVE_SELFTEST) && \
!defined(HAVE_FIPS)
const byte oid[] = {0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07};
word32 len = sizeof(oid);
printf(testingFmt, "wc_ecc_get_curve_id_from_oid()");
/* Bad Cases */
ret = wc_ecc_get_curve_id_from_oid(NULL, len);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
if (ret == 0) {
ret = wc_ecc_get_curve_id_from_oid(oid, 0);
if (ret == ECC_CURVE_INVALID) {
ret = 0;
}
}
/* Good Case */
if (ret == 0) {
ret = wc_ecc_get_curve_id_from_oid(oid, len);
if (ret == 7) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
}/* END test_wc_ecc_get_curve_id_from_oid */
/*
* Testing wc_ecc_sig_size_calc()
*/
static int test_wc_ecc_sig_size_calc (void)
{
int ret = 0;
#if defined(HAVE_ECC) && !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST)
ecc_key key;
WC_RNG rng;
int sz = 0;
printf(testingFmt, "wc_ecc_sig_size_calc()");
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&key);
if (ret == 0) {
ret = wc_ecc_make_key(&rng, 16, &key);
}
sz = key.dp->size;
}
if (ret == 0) {
ret = wc_ecc_sig_size_calc(sz);
if (ret > 0) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
wc_ecc_free(&key);
wc_FreeRng(&rng);
#endif
return ret;
} /* END test_wc_ecc_sig_size_calc */
/*
* Testing ToTraditional
*/
static int test_ToTraditional (void)
{
int ret = 0;
#if !defined(NO_ASN) && (defined(HAVE_PKCS8) || defined(HAVE_PKCS12)) && \
(defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL))
XFILE f;
byte input[TWOK_BUF];
word32 sz;
printf(testingFmt, "ToTraditional()");
f = XFOPEN("./certs/server-keyPkcs8.der", "rb");
AssertTrue((f != XBADFILE));
sz = (word32)XFREAD(input, 1, sizeof(input), f);
XFCLOSE(f);
/* Good case */
ret = ToTraditional(input, sz);
if (ret > 0) {
ret = 0;
}
/* Bad cases */
if (ret == 0) {
ret = ToTraditional(NULL, 0);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = ToTraditional(NULL, sz);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = ToTraditional(input, 0);
if (ret == ASN_PARSE_E || ret == BUFFER_E) {
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
}/* End test_ToTraditional*/
/*
* Testing wc_EccPrivateKeyToDer
*/
static int test_wc_EccPrivateKeyToDer (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
byte output[ONEK_BUF];
ecc_key eccKey;
WC_RNG rng;
word32 inLen;
printf(testingFmt, "wc_EccPrivateKeyToDer()");
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ecc_init(&eccKey);
if (ret == 0) {
ret = wc_ecc_make_key(&rng, KEY14, &eccKey);
}
inLen = (word32)sizeof(output);
/* Bad Cases */
if (ret == 0) {
ret = wc_EccPrivateKeyToDer(NULL, NULL, 0);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_EccPrivateKeyToDer(NULL, output, inLen);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_EccPrivateKeyToDer(&eccKey, NULL, inLen);
if (ret == LENGTH_ONLY_E) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_EccPrivateKeyToDer(&eccKey, output, 0);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
/*Good Case */
if (ret == 0) {
ret = wc_EccPrivateKeyToDer(&eccKey, output, inLen);
if (ret > 0) {
ret = 0;
}
}
wc_ecc_free(&eccKey);
}
wc_FreeRng(&rng);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
}/* End test_wc_EccPrivateKeyToDer*/
/*
* Testing wc_DhPublicKeyDecode
*/
static int test_wc_DhPublicKeyDecode(void)
{
int ret = 0;
#ifndef NO_DH
word32 inOutIdx;
#if defined(WOLFSSL_DH_EXTRA) && defined(USE_CERT_BUFFERS_2048)
DhKey key;
AssertIntEQ(wc_InitDhKey(&key), 0);
printf(testingFmt, "wc_DhPublicKeyDecode()");
AssertIntEQ(wc_DhPublicKeyDecode(NULL,NULL,NULL,0),
BAD_FUNC_ARG);
AssertIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,NULL,NULL,0),
BAD_FUNC_ARG);
AssertIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,NULL,NULL,0),
BAD_FUNC_ARG);
inOutIdx = 0;
AssertIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,NULL, 0),
BAD_FUNC_ARG);
inOutIdx = 0;
AssertIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,&key, 0),
BAD_FUNC_ARG);
inOutIdx = 0;
AssertIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,&key,
sizeof_dh_pub_key_der_2048), 0);
AssertTrue(key.p.used != 0 && key.g.used != 0 && key.q.used == 0 &&
key.pub.used != 0 && key.priv.used == 0);
wc_FreeDhKey(&key);
printf(resultFmt, passed);
#endif
(void)inOutIdx;
#endif /* !NO_DH */
return ret;
}
/*
* Testing wc_Ed25519KeyToDer
*/
static int test_wc_Ed25519KeyToDer (void)
{
int ret = 0;
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \
(defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
byte output[ONEK_BUF];
ed25519_key ed25519Key;
WC_RNG rng;
word32 inLen;
printf(testingFmt, "wc_Ed25519KeyToDer()");
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ed25519_init(&ed25519Key);
if (ret == 0) {
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key);
}
inLen = (word32)sizeof(output);
/* Bad Cases */
if (ret == 0) {
ret = wc_Ed25519KeyToDer(NULL, NULL, 0);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_Ed25519KeyToDer(NULL, output, inLen);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_Ed25519KeyToDer(&ed25519Key, NULL, inLen);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_Ed25519KeyToDer(&ed25519Key, output, 0);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
/* Good Case */
if (ret == 0) {
ret = wc_Ed25519KeyToDer(&ed25519Key, output, inLen);
if (ret > 0) {
ret = 0;
}
}
wc_ed25519_free(&ed25519Key);
}
wc_FreeRng(&rng);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
}/* End test_wc_Ed25519KeyToDer*/
/*
* Testing wc_Ed25519PrivateKeyToDer
*/
static int test_wc_Ed25519PrivateKeyToDer (void)
{
int ret = 0;
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \
(defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
byte output[ONEK_BUF];
ed25519_key ed25519PrivKey;
WC_RNG rng;
word32 inLen;
printf(testingFmt, "wc_Ed25519PrivateKeyToDer()");
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ed25519_init(&ed25519PrivKey);
if (ret == 0) {
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519PrivKey);
}
inLen = (word32)sizeof(output);
/* Bad Cases */
if (ret == 0) {
ret = wc_Ed25519PrivateKeyToDer(NULL, NULL, 0);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_Ed25519PrivateKeyToDer(NULL, output, inLen);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, NULL, inLen);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, output, 0);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
/* Good Case */
if (ret == 0) {
ret = wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, output, inLen);
if (ret > 0) {
ret = 0;
}
}
wc_ed25519_free(&ed25519PrivKey);
}
wc_FreeRng(&rng);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
}/* End test_wc_Ed25519PrivateKeyToDer*/
/*
* Testing wc_Ed448KeyToDer
*/
static int test_wc_Ed448KeyToDer (void)
{
int ret = 0;
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \
(defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
byte output[ONEK_BUF];
ed448_key ed448Key;
WC_RNG rng;
word32 inLen;
printf(testingFmt, "wc_Ed448KeyToDer()");
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ed448_init(&ed448Key);
if (ret == 0) {
ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key);
}
inLen = sizeof(output);
/* Bad Cases */
if (ret == 0) {
ret = wc_Ed448KeyToDer(NULL, NULL, 0);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_Ed448KeyToDer(NULL, output, inLen);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_Ed448KeyToDer(&ed448Key, NULL, inLen);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_Ed448KeyToDer(&ed448Key, output, 0);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
/* Good Case */
if (ret == 0) {
ret = wc_Ed448KeyToDer(&ed448Key, output, inLen);
if (ret > 0) {
ret = 0;
}
}
wc_ed448_free(&ed448Key);
}
wc_FreeRng(&rng);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
}/* End test_wc_Ed448KeyToDer*/
/*
* Testing wc_Ed448PrivateKeyToDer
*/
static int test_wc_Ed448PrivateKeyToDer (void)
{
int ret = 0;
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \
(defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
byte output[ONEK_BUF];
ed448_key ed448PrivKey;
WC_RNG rng;
word32 inLen;
printf(testingFmt, "wc_Ed448PrivateKeyToDer()");
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = wc_ed448_init(&ed448PrivKey);
if (ret == 0) {
ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448PrivKey);
}
inLen = sizeof(output);
/* Bad Cases */
if (ret == 0) {
ret = wc_Ed448PrivateKeyToDer(NULL, NULL, 0);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_Ed448PrivateKeyToDer(NULL, output, inLen);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_Ed448PrivateKeyToDer(&ed448PrivKey, NULL, inLen);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_Ed448PrivateKeyToDer(&ed448PrivKey, output, 0);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
/* Good case */
if (ret == 0) {
ret = wc_Ed448PrivateKeyToDer(&ed448PrivKey, output, inLen);
if (ret > 0) {
ret = 0;
}
}
wc_ed448_free(&ed448PrivKey);
}
wc_FreeRng(&rng);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
}/* End test_wc_Ed448PrivateKeyToDer*/
/*
* Testing wc_SetSubjectBuffer
*/
static int test_wc_SetSubjectBuffer (void)
{
int ret = 0;
#if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA)
Cert cert;
FILE* file;
byte* der;
word32 derSz;
printf(testingFmt, "wc_SetSubjectBuffer()");
derSz = FOURK_BUF;
der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (der == NULL) {
ret = -1;
}
if (ret == 0) {
file = XFOPEN("./certs/ca-cert.der", "rb");
if (file != NULL) {
derSz = (word32)XFREAD(der, 1, FOURK_BUF, file);
XFCLOSE(file);
}
else {
ret = -1;
}
}
if (ret == 0) {
ret = wc_InitCert(&cert);
}
if (ret == 0) {
ret = wc_SetSubjectBuffer(&cert, der, derSz);
}
if (ret == 0) {
ret = wc_SetSubjectBuffer(NULL, der, derSz);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
}/* End test_wc_SetSubjectBuffer*/
/*
* Testing wc_SetSubjectKeyIdFromPublicKey_ex
*/
static int test_wc_SetSubjectKeyIdFromPublicKey_ex (void)
{
int ret = 0;
#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
WC_RNG rng;
Cert cert;
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
ed25519_key ed25519Key;
#endif
#if !defined(NO_RSA) && defined(HAVE_RSA)
RsaKey rsaKey;
int bits = 2048;
#endif
#if defined(HAVE_ECC)
ecc_key eccKey;
#endif
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
ed448_key ed448Key;
#endif
printf(testingFmt, "wc_SetSubjectKeyIdFromPublicKey_ex()");
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
ret = wc_InitRng(&rng);
#endif
wc_InitCert(&cert);
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
if (ret == 0) { /*ED25519*/
ret = wc_ed25519_init(&ed25519Key);
if (ret == 0) {
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key);
}
if (ret == 0) {
ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED25519_TYPE,
&ed25519Key);
}
wc_ed25519_free(&ed25519Key);
}
#endif
#if !defined(NO_RSA) && defined(HAVE_RSA) && defined(WOLFSSL_KEY_GEN)
if (ret == 0) { /*RSA*/
ret = wc_InitRsaKey(&rsaKey, NULL);
if (ret == 0) {
MAKE_RSA_KEY(&rsaKey, bits, WC_RSA_EXPONENT, &rng);
}
if (ret == 0) {
ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, RSA_TYPE, &rsaKey);
}
wc_FreeRsaKey(&rsaKey);
}
#endif
#if defined(HAVE_ECC)
if (ret == 0) { /*ECC*/
ret = wc_ecc_init(&eccKey);
if (ret == 0) {
ret = wc_ecc_make_key(&rng, KEY14, &eccKey);
}
if (ret == 0) {
ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ECC_TYPE, &eccKey);
}
wc_ecc_free(&eccKey);
}
#endif
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
if (ret == 0) { /*ED448*/
ret = wc_ed448_init(&ed448Key);
if (ret == 0) {
ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key);
}
if (ret == 0) {
ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED448_TYPE,
&ed448Key);
}
wc_ed448_free(&ed448Key);
}
#endif
printf(resultFmt, ret == 0 ? passed : failed);
wc_FreeRng(&rng);
#endif
return ret;
}/* End test_wc_SetSubjectKeyIdFromPublicKey_ex*/
/*
* Testing wc_SetAuthKeyIdFromPublicKey_ex
*/
static int test_wc_SetAuthKeyIdFromPublicKey_ex (void)
{
int ret = 0;
#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
WC_RNG rng;
Cert cert;
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
ed25519_key ed25519Key;
#endif
#if !defined(NO_RSA) && defined(HAVE_RSA)
RsaKey rsaKey;
int bits = 2048;
#endif
#if defined(HAVE_ECC)
ecc_key eccKey;
#endif
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
ed448_key ed448Key;
#endif
printf(testingFmt, "wc_SetAuthKeyIdFromPublicKey_ex()");
#ifndef HAVE_FIPS
ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
#else
ret = wc_InitRng(&rng);
#endif
wc_InitCert(&cert);
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
if (ret == 0) { /*ED25519*/
ret = wc_ed25519_init(&ed25519Key);
if (ret == 0) {
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key);
}
if (ret == 0) {
ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED25519_TYPE,
&ed25519Key);
}
wc_ed25519_free(&ed25519Key);
}
#endif
#if !defined(NO_RSA) && defined(HAVE_RSA) && defined(WOLFSSL_KEY_GEN)
if (ret == 0) { /*RSA*/
ret = wc_InitRsaKey(&rsaKey, NULL);
if (ret == 0) {
MAKE_RSA_KEY(&rsaKey, bits, WC_RSA_EXPONENT, &rng);
}
if (ret == 0) {
ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, RSA_TYPE, &rsaKey);
}
wc_FreeRsaKey(&rsaKey);
}
#endif
#if defined(HAVE_ECC)
if (ret == 0) { /*ECC*/
ret = wc_ecc_init(&eccKey);
if (ret == 0) {
ret = wc_ecc_make_key(&rng, KEY14, &eccKey);
}
if (ret == 0) {
ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ECC_TYPE, &eccKey);
}
wc_ecc_free(&eccKey);
}
#endif
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
if (ret == 0) { /*ED448*/
ret = wc_ed448_init(&ed448Key);
if (ret == 0) {
ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key);
}
if (ret == 0) {
ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED448_TYPE,
&ed448Key);
}
wc_ed448_free(&ed448Key);
}
#endif
printf(resultFmt, ret == 0 ? passed : failed);
wc_FreeRng(&rng);
#endif /*defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)*/
return ret;
}/* End test_wc_SetAuthKeyIdFromPublicKey_ex*/
/*
* Testing wc_PKCS7_New()
*/
static void test_wc_PKCS7_New (void)
{
#if defined(HAVE_PKCS7)
PKCS7* pkcs7;
void* heap = NULL;
printf(testingFmt, "wc_PKCS7_New()");
pkcs7 = wc_PKCS7_New(heap, devId);
AssertNotNull(pkcs7);
printf(resultFmt, passed);
wc_PKCS7_Free(pkcs7);
#endif
} /* END test-wc_PKCS7_New */
/*
* Testing wc_PKCS7_Init()
*/
static void test_wc_PKCS7_Init (void)
{
#if defined(HAVE_PKCS7)
PKCS7* pkcs7;
void* heap = NULL;
printf(testingFmt, "wc_PKCS7_Init()");
pkcs7 = wc_PKCS7_New(heap, devId);
AssertNotNull(pkcs7);
AssertIntEQ(wc_PKCS7_Init(pkcs7, heap, devId), 0);
/* Pass in bad args. */
AssertIntEQ(wc_PKCS7_Init(NULL, heap, devId), BAD_FUNC_ARG);
printf(resultFmt, passed);
wc_PKCS7_Free(pkcs7);
#endif
} /* END test-wc_PKCS7_Init */
/*
* Testing wc_PKCS7_InitWithCert()
*/
static void test_wc_PKCS7_InitWithCert (void)
{
#if defined(HAVE_PKCS7)
PKCS7* pkcs7;
#ifndef NO_RSA
#if defined(USE_CERT_BUFFERS_2048)
unsigned char cert[sizeof(client_cert_der_2048)];
int certSz = (int)sizeof(cert);
XMEMSET(cert, 0, certSz);
XMEMCPY(cert, client_cert_der_2048, sizeof(client_cert_der_2048));
#elif defined(USE_CERT_BUFFERS_1024)
unsigned char cert[sizeof(client_cert_der_1024)];
int certSz = (int)sizeof(cert);
XMEMSET(cert, 0, certSz);
XMEMCPY(cert, client_cert_der_1024, sizeof_client_cert_der_1024);
#else
unsigned char cert[ONEK_BUF];
XFILE fp;
int certSz;
fp = XFOPEN("./certs/1024/client-cert.der", "rb");
AssertTrue(fp != XBADFILE);
certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp);
XFCLOSE(fp);
#endif
#elif defined(HAVE_ECC)
#if defined(USE_CERT_BUFFERS_256)
unsigned char cert[sizeof(cliecc_cert_der_256)];
int certSz = (int)sizeof(cert);
XMEMSET(cert, 0, certSz);
XMEMCPY(cert, cliecc_cert_der_256, sizeof(cliecc_cert_der_256));
#else
unsigned char cert[ONEK_BUF];
XFILE fp;
int certSz;
fp = XFOPEN("./certs/client-ecc-cert.der", "rb");
AssertTrue(fp != XBADFILE);
certSz = (int)XFREAD(cert, 1, sizeof(cliecc_cert_der_256), fp);
XFCLOSE(fp);
#endif
#else
#error PKCS7 requires ECC or RSA
#endif
#ifdef HAVE_ECC
/* bad test case from ZD 11011, malformed cert gives bad ECC key */
unsigned char certWithInvalidEccKey[] = {
0x30, 0x82, 0x03, 0x5F, 0x30, 0x82, 0x03, 0x04, 0xA0, 0x03, 0x02, 0x01,
0x02, 0x02, 0x14, 0x61, 0xB3, 0x1E, 0x59, 0xF3, 0x68, 0x6C, 0xA4, 0x79,
0x42, 0x83, 0x2F, 0x1A, 0x50, 0x71, 0x03, 0xBE, 0x31, 0xAA, 0x2C, 0x30,
0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30,
0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08,
0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C,
0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D,
0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43,
0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30,
0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74,
0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77,
0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30,
0x1E, 0x17, 0x0D, 0x32, 0x30, 0x30, 0x36, 0x31, 0x39, 0x31, 0x33, 0x32,
0x33, 0x34, 0x31, 0x5A, 0x17, 0x0D, 0x32, 0x33, 0x30, 0x33, 0x31, 0x36,
0x31, 0x33, 0x32, 0x33, 0x34, 0x31, 0x5A, 0x30, 0x81, 0x8D, 0x31, 0x0B,
0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x06, 0x4F, 0x72,
0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04,
0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D, 0x31, 0x13, 0x30, 0x11,
0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, 0x6E,
0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55,
0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74, 0x31, 0x18, 0x30, 0x26,
0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77,
0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F,
0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09,
0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66,
0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, 0x13, 0x06,
0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86,
0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x02, 0x00, 0x04, 0x55, 0xBF,
0xF4, 0x0F, 0x44, 0x50, 0x9A, 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5, 0x4D,
0xF5, 0x70, 0x7B, 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80, 0xEC, 0x5A, 0x4C,
0xA2, 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA, 0xEF, 0xA2, 0x35, 0x12, 0x43,
0x84, 0x76, 0x16, 0xC6, 0x56, 0x95, 0x06, 0xCC, 0x01, 0xA9, 0xBD, 0xF6,
0x75, 0x1A, 0x42, 0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D,
0x7F, 0xB4, 0xA3, 0x82, 0x01, 0x3E, 0x30, 0x82, 0x01, 0x3A, 0x30, 0x1D,
0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xEB, 0xD4, 0x4B,
0x59, 0x6B, 0x95, 0x61, 0x3F, 0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89, 0x41,
0x88, 0x44, 0x5C, 0xAB, 0xF2, 0x30, 0x81, 0xCD, 0x06, 0x03, 0x55, 0x1D,
0x23, 0x04, 0x81, 0xC5, 0x30, 0x81, 0xC2, 0x80, 0x14, 0xEB, 0xD4, 0x4B,
0x59, 0x72, 0x95, 0x61, 0x3F, 0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89, 0x41,
0x88, 0x44, 0x5C, 0xAB, 0xF2, 0xA1, 0x81, 0x93, 0xA4, 0x81, 0x90, 0x30,
0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x08, 0x08,
0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C,
0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D,
0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43,
0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30,
0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74,
0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77,
0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
0x6F, 0x6D, 0x30, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82,
0x14, 0x61, 0xB3, 0x1E, 0x59, 0xF3, 0x68, 0x6C, 0xA4, 0x79, 0x42, 0x83,
0x2F, 0x1A, 0x50, 0x71, 0x03, 0xBE, 0x32, 0xAA, 0x2C, 0x30, 0x0C, 0x06,
0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30,
0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B,
0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87,
0x04, 0x23, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25,
0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07,
0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02,
0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02,
0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xE4, 0xA0, 0x23, 0x26,
0x2B, 0x0B, 0x42, 0x0F, 0x97, 0x37, 0x6D, 0xCB, 0x14, 0x23, 0xC3, 0xC3,
0xE6, 0x44, 0xCF, 0x5F, 0x4C, 0x26, 0xA3, 0x72, 0x64, 0x7A, 0x9C, 0xCB,
0x64, 0xAB, 0xA6, 0xBE, 0x02, 0x21, 0x00, 0xAA, 0xC5, 0xA3, 0x50, 0xF6,
0xF1, 0xA5, 0xDB, 0x05, 0xE0, 0x75, 0xD2, 0xF7, 0xBA, 0x49, 0x5F, 0x8F,
0x7D, 0x1C, 0x44, 0xB1, 0x6E, 0xDF, 0xC8, 0xDA, 0x10, 0x48, 0x2D, 0x53,
0x08, 0xA8, 0xB4};
#endif
printf(testingFmt, "wc_PKCS7_InitWithCert()");
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
/* If initialization is not successful, it's free'd in init func. */
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, (word32)certSz), 0);
wc_PKCS7_Free(pkcs7);
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
/* Valid initialization usage. */
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
/* Pass in bad args. No need free for null checks, free at end.*/
AssertIntEQ(wc_PKCS7_InitWithCert(NULL, (byte*)cert, (word32)certSz),
BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, (word32)certSz),
BAD_FUNC_ARG);
#ifdef HAVE_ECC
AssertIntLT(wc_PKCS7_InitWithCert(pkcs7, certWithInvalidEccKey,
sizeof(certWithInvalidEccKey)), 0);
#endif
printf(resultFmt, passed);
wc_PKCS7_Free(pkcs7);
#endif
} /* END test_wc_PKCS7_InitWithCert */
/*
* Testing wc_PKCS7_EncodeData()
*/
static void test_wc_PKCS7_EncodeData (void)
{
#if defined(HAVE_PKCS7)
PKCS7* pkcs7;
byte output[FOURK_BUF];
byte data[] = "My encoded DER cert.";
#ifndef NO_RSA
#if defined(USE_CERT_BUFFERS_2048)
unsigned char cert[sizeof(client_cert_der_2048)];
unsigned char key[sizeof(client_key_der_2048)];
int certSz = (int)sizeof(cert);
int keySz = (int)sizeof(key);
XMEMSET(cert, 0, certSz);
XMEMSET(key, 0, keySz);
XMEMCPY(cert, client_cert_der_2048, certSz);
XMEMCPY(key, client_key_der_2048, keySz);
#elif defined(USE_CERT_BUFFERS_1024)
unsigned char cert[sizeof(sizeof_client_cert_der_1024)];
unsigned char key[sizeof_client_key_der_1024];
int certSz = (int)sizeof(cert);
int keySz = (int)sizeof(key);
XMEMSET(cert, 0, certSz);
XMEMSET(key, 0, keySz);
XMEMCPY(cert, client_cert_der_1024, certSz);
XMEMCPY(key, client_key_der_1024, keySz);
#else
unsigned char cert[ONEK_BUF];
unsigned char key[ONEK_BUF];
XFILE fp;
int certSz;
int keySz;
fp = XFOPEN("./certs/1024/client-cert.der", "rb");
AssertTrue(fp != XBADFILE);
certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp);
XFCLOSE(fp);
fp = XFOPEN("./certs/1024/client-key.der", "rb");
AssertTrue(fp != XBADFILE);
keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp);
XFCLOSE(fp);
#endif
#elif defined(HAVE_ECC)
#if defined(USE_CERT_BUFFERS_256)
unsigned char cert[sizeof(cliecc_cert_der_256)];
unsigned char key[sizeof(ecc_clikey_der_256)];
int certSz = (int)sizeof(cert);
int keySz = (int)sizeof(key);
XMEMSET(cert, 0, certSz);
XMEMSET(key, 0, keySz);
XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
#else
unsigned char cert[ONEK_BUF];
unsigned char key[ONEK_BUF];
XFILE fp;
int certSz, keySz;
fp = XFOPEN("./certs/client-ecc-cert.der", "rb");
AssertTrue(fp != XBADFILE);
certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256, fp);
XFCLOSE(fp);
fp = XFOPEN("./certs/client-ecc-key.der", "rb");
AssertTrue(fp != XBADFILE);
keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp);
XFCLOSE(fp);
#endif
#endif
XMEMSET(output, 0, sizeof(output));
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, certSz), 0);
printf(testingFmt, "wc_PKCS7_EncodeData()");
pkcs7->content = data;
pkcs7->contentSz = sizeof(data);
pkcs7->privateKey = key;
pkcs7->privateKeySz = keySz;
AssertIntGT(wc_PKCS7_EncodeData(pkcs7, output, (word32)sizeof(output)), 0);
/* Test bad args. */
AssertIntEQ(wc_PKCS7_EncodeData(NULL, output, (word32)sizeof(output)),
BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeData(pkcs7, NULL, (word32)sizeof(output)),
BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeData(pkcs7, output, 5), BUFFER_E);
printf(resultFmt, passed);
wc_PKCS7_Free(pkcs7);
#endif
} /* END test_wc_PKCS7_EncodeData */
#if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && \
!defined(NO_RSA) && !defined(NO_SHA256)
/* RSA sign raw digest callback */
static int rsaSignRawDigestCb(PKCS7* pkcs7, byte* digest, word32 digestSz,
byte* out, word32 outSz, byte* privateKey,
word32 privateKeySz, int devid, int hashOID)
{
/* specific DigestInfo ASN.1 encoding prefix for a SHA2565 digest */
byte digInfoEncoding[] = {
0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
0x00, 0x04, 0x20
};
int ret;
byte digestInfo[ONEK_BUF];
byte sig[FOURK_BUF];
word32 digestInfoSz = 0;
word32 idx = 0;
RsaKey rsa;
/* SHA-256 required only for this example callback due to above
* digInfoEncoding[] */
if (pkcs7 == NULL || digest == NULL || out == NULL ||
(sizeof(digestInfo) < sizeof(digInfoEncoding) + digestSz) ||
(hashOID != SHA256h)) {
return -1;
}
/* build DigestInfo */
XMEMCPY(digestInfo, digInfoEncoding, sizeof(digInfoEncoding));
digestInfoSz += sizeof(digInfoEncoding);
XMEMCPY(digestInfo + digestInfoSz, digest, digestSz);
digestInfoSz += digestSz;
/* set up RSA key */
ret = wc_InitRsaKey_ex(&rsa, pkcs7->heap, devid);
if (ret != 0) {
return ret;
}
ret = wc_RsaPrivateKeyDecode(privateKey, &idx, &rsa, privateKeySz);
/* sign DigestInfo */
if (ret == 0) {
ret = wc_RsaSSL_Sign(digestInfo, digestInfoSz, sig, sizeof(sig),
&rsa, pkcs7->rng);
if (ret > 0) {
if (ret > (int)outSz) {
/* output buffer too small */
ret = -1;
} else {
/* success, ret holds sig size */
XMEMCPY(out, sig, ret);
}
}
}
wc_FreeRsaKey(&rsa);
return ret;
}
#endif
/*
* Testing wc_PKCS7_EncodeSignedData()
*/
static void test_wc_PKCS7_EncodeSignedData(void)
{
#if defined(HAVE_PKCS7)
PKCS7* pkcs7;
WC_RNG rng;
byte output[FOURK_BUF];
byte badOut[1];
word32 outputSz = (word32)sizeof(output);
word32 badOutSz = 0;
byte data[] = "Test data to encode.";
#ifndef NO_RSA
#if defined(USE_CERT_BUFFERS_2048)
byte key[sizeof(client_key_der_2048)];
byte cert[sizeof(client_cert_der_2048)];
word32 keySz = (word32)sizeof(key);
word32 certSz = (word32)sizeof(cert);
XMEMSET(key, 0, keySz);
XMEMSET(cert, 0, certSz);
XMEMCPY(key, client_key_der_2048, keySz);
XMEMCPY(cert, client_cert_der_2048, certSz);
#elif defined(USE_CERT_BUFFERS_1024)
byte key[sizeof_client_key_der_1024];
byte cert[sizeof(sizeof_client_cert_der_1024)];
word32 keySz = (word32)sizeof(key);
word32 certSz = (word32)sizeof(cert);
XMEMSET(key, 0, keySz);
XMEMSET(cert, 0, certSz);
XMEMCPY(key, client_key_der_1024, keySz);
XMEMCPY(cert, client_cert_der_1024, certSz);
#else
unsigned char cert[ONEK_BUF];
unsigned char key[ONEK_BUF];
XFILE fp;
int certSz;
int keySz;
fp = XFOPEN("./certs/1024/client-cert.der", "rb");
AssertTrue(fp != XBADFILE);
certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp);
XFCLOSE(fp);
fp = XFOPEN("./certs/1024/client-key.der", "rb");
AssertTrue(fp != XBADFILE);
keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp);
XFCLOSE(fp);
#endif
#elif defined(HAVE_ECC)
#if defined(USE_CERT_BUFFERS_256)
unsigned char cert[sizeof(cliecc_cert_der_256)];
unsigned char key[sizeof(ecc_clikey_der_256)];
int certSz = (int)sizeof(cert);
int keySz = (int)sizeof(key);
XMEMSET(cert, 0, certSz);
XMEMSET(key, 0, keySz);
XMEMCPY(cert, cliecc_cert_der_256, certSz);
XMEMCPY(key, ecc_clikey_der_256, keySz);
#else
unsigned char cert[ONEK_BUF];
unsigned char key[ONEK_BUF];
XFILE fp;
int certSz, keySz;
fp = XOPEN("./certs/client-ecc-cert.der", "rb");
AssertTrue(fp != XBADFILE);
certSz = (int)XFREAD(cert, 1, ONEK_BUF, fp);
XFCLOSE(fp);
fp = XFOPEN("./certs/client-ecc-key.der", "rb");
AssertTrue(fp != XBADFILE);
keySz = (int)XFREAD(key, 1, ONEK_BUF, fp);
XFCLOSE(fp);
#endif
#endif
XMEMSET(output, 0, outputSz);
AssertIntEQ(wc_InitRng(&rng), 0);
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
printf(testingFmt, "wc_PKCS7_EncodeSignedData()");
pkcs7->content = data;
pkcs7->contentSz = (word32)sizeof(data);
pkcs7->privateKey = key;
pkcs7->privateKeySz = (word32)sizeof(key);
pkcs7->encryptOID = RSAk;
pkcs7->hashOID = SHAh;
pkcs7->rng = &rng;
AssertIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0);
wc_PKCS7_Free(pkcs7);
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
/* Pass in bad args. */
AssertIntEQ(wc_PKCS7_EncodeSignedData(NULL, output, outputSz), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, NULL, outputSz), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, badOut,
badOutSz), BAD_FUNC_ARG);
pkcs7->hashOID = 0; /* bad hashOID */
AssertIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), BAD_FUNC_ARG);
#if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && \
!defined(NO_RSA) && !defined(NO_SHA256)
/* test RSA sign raw digest callback, if using RSA and compiled in.
* Example callback assumes SHA-256, so only run test if compiled in. */
wc_PKCS7_Free(pkcs7);
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
pkcs7->content = data;
pkcs7->contentSz = (word32)sizeof(data);
pkcs7->privateKey = key;
pkcs7->privateKeySz = (word32)sizeof(key);
pkcs7->encryptOID = RSAk;
pkcs7->hashOID = SHA256h;
pkcs7->rng = &rng;
AssertIntEQ(wc_PKCS7_SetRsaSignRawDigestCb(pkcs7, rsaSignRawDigestCb), 0);
AssertIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0);
#endif
printf(resultFmt, passed);
wc_PKCS7_Free(pkcs7);
wc_FreeRng(&rng);
#endif
} /* END test_wc_PKCS7_EncodeSignedData */
/*
* Testing wc_PKCS7_EncodeSignedData_ex() and wc_PKCS7_VerifySignedData_ex()
*/
static void test_wc_PKCS7_EncodeSignedData_ex(void)
{
#if defined(HAVE_PKCS7)
int ret, i;
PKCS7* pkcs7;
WC_RNG rng;
byte outputHead[FOURK_BUF/2];
byte outputFoot[FOURK_BUF/2];
word32 outputHeadSz = (word32)sizeof(outputHead);
word32 outputFootSz = (word32)sizeof(outputFoot);
byte data[FOURK_BUF];
wc_HashAlg hash;
enum wc_HashType hashType = WC_HASH_TYPE_SHA;
byte hashBuf[WC_MAX_DIGEST_SIZE];
word32 hashSz = wc_HashGetDigestSize(hashType);
#ifndef NO_RSA
#if defined(USE_CERT_BUFFERS_2048)
byte key[sizeof(client_key_der_2048)];
byte cert[sizeof(client_cert_der_2048)];
word32 keySz = (word32)sizeof(key);
word32 certSz = (word32)sizeof(cert);
XMEMSET(key, 0, keySz);
XMEMSET(cert, 0, certSz);
XMEMCPY(key, client_key_der_2048, keySz);
XMEMCPY(cert, client_cert_der_2048, certSz);
#elif defined(USE_CERT_BUFFERS_1024)
byte key[sizeof_client_key_der_1024];
byte cert[sizeof(sizeof_client_cert_der_1024)];
word32 keySz = (word32)sizeof(key);
word32 certSz = (word32)sizeof(cert);
XMEMSET(key, 0, keySz);
XMEMSET(cert, 0, certSz);
XMEMCPY(key, client_key_der_1024, keySz);
XMEMCPY(cert, client_cert_der_1024, certSz);
#else
unsigned char cert[ONEK_BUF];
unsigned char key[ONEK_BUF];
XFILE fp;
int certSz;
int keySz;
fp = XFOPEN("./certs/1024/client-cert.der", "rb");
AssertTrue((fp != XBADFILE));
certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp);
XFCLOSE(fp);
fp = XFOPEN("./certs/1024/client-key.der", "rb");
AssertTrue(fp != XBADFILE);
keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp);
XFCLOSE(fp);
#endif
#elif defined(HAVE_ECC)
#if defined(USE_CERT_BUFFERS_256)
unsigned char cert[sizeof(cliecc_cert_der_256)];
unsigned char key[sizeof(ecc_clikey_der_256)];
int certSz = (int)sizeof(cert);
int keySz = (int)sizeof(key);
XMEMSET(cert, 0, certSz);
XMEMSET(key, 0, keySz);
XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
#else
unsigned char cert[ONEK_BUF];
unsigned char key[ONEK_BUF];
XFILE fp;
int certSz, keySz;
fp = XFOPEN("./certs/client-ecc-cert.der", "rb");
AssertTrue(fp != XBADFILE);
certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256, fp);
XFCLOSE(fp);
fp = XFOPEN("./certs/client-ecc-key.der", "rb");
AssertTrue(fp != XBADFILE);
keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp);
XFCLOSE(fp);
#endif
#endif
/* initialize large data with sequence */
for (i=0; i<(int)sizeof(data); i++)
data[i] = i & 0xff;
XMEMSET(outputHead, 0, outputHeadSz);
XMEMSET(outputFoot, 0, outputFootSz);
AssertIntEQ(wc_InitRng(&rng), 0);
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
printf(testingFmt, "wc_PKCS7_EncodeSignedData()");
pkcs7->content = NULL; /* not used for ex */
pkcs7->contentSz = (word32)sizeof(data);
pkcs7->privateKey = key;
pkcs7->privateKeySz = (word32)sizeof(key);
pkcs7->encryptOID = RSAk;
pkcs7->hashOID = SHAh;
pkcs7->rng = &rng;
/* calculate hash for content */
ret = wc_HashInit(&hash, hashType);
if (ret == 0) {
ret = wc_HashUpdate(&hash, hashType, data, sizeof(data));
if (ret == 0) {
ret = wc_HashFinal(&hash, hashType, hashBuf);
}
wc_HashFree(&hash, hashType);
}
AssertIntEQ(ret, 0);
/* Perform PKCS7 sign using hash directly */
AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
outputHead, &outputHeadSz, outputFoot, &outputFootSz), 0);
AssertIntGT(outputHeadSz, 0);
AssertIntGT(outputFootSz, 0);
wc_PKCS7_Free(pkcs7);
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
/* required parameter even on verify when using _ex, if using outputHead
* and outputFoot */
pkcs7->contentSz = (word32)sizeof(data);
AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
outputHead, outputHeadSz, outputFoot, outputFootSz), 0);
wc_PKCS7_Free(pkcs7);
/* assembly complete PKCS7 sign and use normal verify */
{
byte* output = (byte*)XMALLOC(outputHeadSz + sizeof(data) + outputFootSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
word32 outputSz = 0;
AssertNotNull(output);
XMEMCPY(&output[outputSz], outputHead, outputHeadSz);
outputSz += outputHeadSz;
XMEMCPY(&output[outputSz], data, sizeof(data));
outputSz += sizeof(data);
XMEMCPY(&output[outputSz], outputFoot, outputFootSz);
outputSz += outputFootSz;
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
XFREE(output, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
/* Pass in bad args. */
AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(NULL, hashBuf, hashSz, outputHead,
&outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, NULL, hashSz, outputHead,
&outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, 0, outputHead,
&outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz, NULL,
&outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
outputHead, NULL, outputFoot, &outputFootSz), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
outputHead, &outputHeadSz, NULL, &outputFootSz), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
outputHead, &outputHeadSz, outputFoot, NULL), BAD_FUNC_ARG);
pkcs7->hashOID = 0; /* bad hashOID */
AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
outputHead, &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_VerifySignedData_ex(NULL, hashBuf, hashSz, outputHead,
outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, NULL, hashSz, outputHead,
outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG);
#ifndef NO_PKCS7_STREAM
AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, 0, outputHead,
outputHeadSz, outputFoot, outputFootSz), WC_PKCS7_WANT_READ_E);
#else
AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, 0, outputHead,
outputHeadSz, outputFoot, outputFootSz), BUFFER_E);
#endif
AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, NULL,
outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG);
#ifndef NO_PKCS7_STREAM
/* can pass in 0 buffer length with streaming API */
AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
outputHead, 0, outputFoot, outputFootSz), WC_PKCS7_WANT_READ_E);
#else
AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
outputHead, 0, outputFoot, outputFootSz), BAD_FUNC_ARG);
#endif
AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
outputHead, outputHeadSz, NULL, outputFootSz), BAD_FUNC_ARG);
#ifndef NO_PKCS7_STREAM
AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
outputHead, outputHeadSz, outputFoot, 0), WC_PKCS7_WANT_READ_E);
#else
AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
outputHead, outputHeadSz, outputFoot, 0), ASN_PARSE_E);
#endif
printf(resultFmt, passed);
wc_PKCS7_Free(pkcs7);
wc_FreeRng(&rng);
#endif
} /* END test_wc_PKCS7_EncodeSignedData_ex */
#if defined(HAVE_PKCS7)
static int CreatePKCS7SignedData(unsigned char* output, int outputSz,
byte* data, word32 dataSz,
int withAttribs, int detachedSig)
{
PKCS7* pkcs7;
WC_RNG rng;
static byte messageTypeOid[] =
{ 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
0x09, 0x02 };
static byte messageType[] = { 0x13, 2, '1', '9' };
PKCS7Attrib attribs[] =
{
{ messageTypeOid, sizeof(messageTypeOid), messageType,
sizeof(messageType) }
};
#ifndef NO_RSA
#if defined(USE_CERT_BUFFERS_2048)
byte key[sizeof(client_key_der_2048)];
byte cert[sizeof(client_cert_der_2048)];
word32 keySz = (word32)sizeof(key);
word32 certSz = (word32)sizeof(cert);
XMEMSET(key, 0, keySz);
XMEMSET(cert, 0, certSz);
XMEMCPY(key, client_key_der_2048, keySz);
XMEMCPY(cert, client_cert_der_2048, certSz);
#elif defined(USE_CERT_BUFFERS_1024)
byte key[sizeof_client_key_der_1024];
byte cert[sizeof(sizeof_client_cert_der_1024)];
word32 keySz = (word32)sizeof(key);
word32 certSz = (word32)sizeof(cert);
XMEMSET(key, 0, keySz);
XMEMSET(cert, 0, certSz);
XMEMCPY(key, client_key_der_1024, keySz);
XMEMCPY(cert, client_cert_der_1024, certSz);
#else
unsigned char cert[ONEK_BUF];
unsigned char key[ONEK_BUF];
FILE* fp;
int certSz;
int keySz;
fp = fopen("./certs/1024/client-cert.der", "rb");
AssertNotNull(fp);
certSz = fread(cert, 1, sizeof_client_cert_der_1024, fp);
fclose(fp);
fp = fopen("./certs/1024/client-key.der", "rb");
AssertNotNull(fp);
keySz = fread(key, 1, sizeof_client_key_der_1024, fp);
fclose(fp);
#endif
#elif defined(HAVE_ECC)
#if defined(USE_CERT_BUFFERS_256)
unsigned char cert[sizeof(cliecc_cert_der_256)];
unsigned char key[sizeof(ecc_clikey_der_256)];
int certSz = (int)sizeof(cert);
int keySz = (int)sizeof(key);
XMEMSET(cert, 0, certSz);
XMEMSET(key, 0, keySz);
XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
#else
unsigned char cert[ONEK_BUF];
unsigned char key[ONEK_BUF];
FILE* fp;
int certSz, keySz;
fp = fopen("./certs/client-ecc-cert.der", "rb");
AssertNotNull(fp);
certSz = fread(cert, 1, sizeof_cliecc_cert_der_256, fp);
fclose(fp);
fp = fopen("./certs/client-ecc-key.der", "rb");
AssertNotNull(fp);
keySz = fread(key, 1, sizeof_ecc_clikey_der_256, fp);
fclose(fp);
#endif
#endif
XMEMSET(output, 0, outputSz);
AssertIntEQ(wc_InitRng(&rng), 0);
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
printf(testingFmt, "wc_PKCS7_VerifySignedData()");
pkcs7->content = data;
pkcs7->contentSz = dataSz;
pkcs7->privateKey = key;
pkcs7->privateKeySz = (word32)sizeof(key);
pkcs7->encryptOID = RSAk;
pkcs7->hashOID = SHAh;
pkcs7->rng = &rng;
if (withAttribs) {
/* include a signed attribute */
pkcs7->signedAttribs = attribs;
pkcs7->signedAttribsSz = (sizeof(attribs)/sizeof(PKCS7Attrib));
}
if (detachedSig) {
AssertIntEQ(wc_PKCS7_SetDetached(pkcs7, 1), 0);
}
AssertIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0);
wc_PKCS7_Free(pkcs7);
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
if (detachedSig) {
pkcs7->content = data;
pkcs7->contentSz = dataSz;
}
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
wc_PKCS7_Free(pkcs7);
wc_FreeRng(&rng);
return outputSz;
}
#endif
/*
* Testing wc_PKCS_VerifySignedData()
*/
static void test_wc_PKCS7_VerifySignedData(void)
{
#if defined(HAVE_PKCS7)
PKCS7* pkcs7;
byte output[FOURK_BUF];
word32 outputSz = sizeof(output);
byte data[] = "Test data to encode.";
byte badOut[1];
word32 badOutSz = 0;
byte badContent[] = "This is different content than was signed";
int ret;
wc_HashAlg hash;
enum wc_HashType hashType = WC_HASH_TYPE_SHA;
byte hashBuf[WC_MAX_DIGEST_SIZE];
word32 hashSz = wc_HashGetDigestSize(hashType);
AssertIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data,
(word32)sizeof(data),
0, 0)), 0);
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
/* Test bad args. */
AssertIntEQ(wc_PKCS7_VerifySignedData(NULL, output, outputSz), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, NULL, outputSz), BAD_FUNC_ARG);
#ifndef NO_PKCS7_STREAM
/* can pass in 0 buffer length with streaming API */
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, badOut,
badOutSz), WC_PKCS7_WANT_READ_E);
#else
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, badOut,
badOutSz), BAD_FUNC_ARG);
#endif
wc_PKCS7_Free(pkcs7);
/* Invalid content should error, use detached signature so we can
* easily change content */
AssertIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data,
(word32)sizeof(data),
1, 1)), 0);
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
pkcs7->content = badContent;
pkcs7->contentSz = sizeof(badContent);
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), SIG_VERIFY_E);
wc_PKCS7_Free(pkcs7);
/* Test success case with detached signature and valid content */
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
pkcs7->content = data;
pkcs7->contentSz = sizeof(data);
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
wc_PKCS7_Free(pkcs7);
/* verify using pre-computed content digest only (no content) */
{
/* calculate hash for content */
ret = wc_HashInit(&hash, hashType);
if (ret == 0) {
ret = wc_HashUpdate(&hash, hashType, data, sizeof(data));
if (ret == 0) {
ret = wc_HashFinal(&hash, hashType, hashBuf);
}
wc_HashFree(&hash, hashType);
}
AssertIntEQ(ret, 0);
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_Init(pkcs7, NULL, 0), 0);
AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
output, outputSz,
NULL, 0), 0);
wc_PKCS7_Free(pkcs7);
}
printf(resultFmt, passed);
#endif
} /* END test_wc_PKCS7_VerifySignedData() */
#if defined(HAVE_PKCS7) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \
!defined(NO_AES_256)
static const byte defKey[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
};
static byte aesHandle[32]; /* simulated hardware key handle */
/* return 0 on success */
static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
byte* aad, word32 aadSz, byte* authTag, word32 authTagSz,
byte* in, int inSz, byte* out, void* usrCtx)
{
int ret;
Aes aes;
if (usrCtx == NULL) {
/* no simulated handle passed in */
return -1;
}
switch (encryptOID) {
case AES256CBCb:
if (ivSz != AES_BLOCK_SIZE)
return BAD_FUNC_ARG;
break;
default:
WOLFSSL_MSG("Unsupported content cipher type for test");
return ALGO_ID_E;
};
/* simulate using handle to get key */
ret = wc_AesInit(&aes, HEAP_HINT, INVALID_DEVID);
if (ret == 0) {
ret = wc_AesSetKey(&aes, (byte*)usrCtx, 32, iv, AES_DECRYPTION);
if (ret == 0)
ret = wc_AesCbcDecrypt(&aes, out, in, inSz);
wc_AesFree(&aes);
}
(void)aad;
(void)aadSz;
(void)authTag;
(void)authTagSz;
(void)pkcs7;
return ret;
}
/* returns key size on success */
static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
word32 keyIdSz, byte* orginKey, word32 orginKeySz,
byte* out, word32 outSz, int keyWrapAlgo, int type, int direction)
{
int ret = -1;
if (out == NULL)
return BAD_FUNC_ARG;
if (keyId[0] != 0x00) {
return -1;
}
if (type != (int)PKCS7_KEKRI) {
return -1;
}
switch (keyWrapAlgo) {
case AES256_WRAP:
/* simulate setting a handle for later decryption but use key
* as handle in the test case here */
ret = wc_AesKeyUnWrap(defKey, sizeof(defKey), cek, cekSz,
aesHandle, sizeof(aesHandle), NULL);
if (ret < 0)
return ret;
ret = wc_PKCS7_SetDecodeEncryptedCtx(pkcs7, (void*)aesHandle);
if (ret < 0)
return ret;
/* return key size on success */
return sizeof(defKey);
default:
WOLFSSL_MSG("Unsupported key wrap algorithm in example");
return BAD_KEYWRAP_ALG_E;
};
(void)cekSz;
(void)cek;
(void)outSz;
(void)keyIdSz;
(void)direction;
(void)orginKey; /* used with KAKRI */
(void)orginKeySz;
return ret;
}
#endif /* HAVE_PKCS7 && !NO_AES && HAVE_AES_CBC && !NO_AES_256 */
/*
* Testing wc_PKCS7_EncodeEnvelopedData()
*/
static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void)
{
#if defined(HAVE_PKCS7)
PKCS7* pkcs7;
#ifdef ECC_TIMING_RESISTANT
WC_RNG rng;
#endif
word32 tempWrd32 = 0;
byte* tmpBytePtr = NULL;
const char input[] = "Test data to encode.";
int i;
int testSz = 0;
#if !defined(NO_RSA) && (!defined(NO_AES) || (!defined(NO_SHA) || \
!defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
byte* rsaCert = NULL;
byte* rsaPrivKey = NULL;
word32 rsaCertSz;
word32 rsaPrivKeySz;
#if !defined(NO_FILESYSTEM) && (!defined(USE_CERT_BUFFERS_1024) && \
!defined(USE_CERT_BUFFERS_2048) )
static const char* rsaClientCert = "./certs/client-cert.der";
static const char* rsaClientKey = "./certs/client-key.der";
rsaCertSz = (word32)sizeof(rsaClientCert);
rsaPrivKeySz = (word32)sizeof(rsaClientKey);
#endif
#endif
#if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) ||\
!defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
byte* eccCert = NULL;
byte* eccPrivKey = NULL;
word32 eccCertSz;
word32 eccPrivKeySz;
#if !defined(NO_FILESYSTEM) && !defined(USE_CERT_BUFFERS_256)
static const char* eccClientCert = "./certs/client-ecc-cert.der";
static const char* eccClientKey = "./certs/ecc-client-key.der";
#endif
#endif
/* Generic buffer size. */
byte output[ONEK_BUF];
byte decoded[sizeof(input)/sizeof(char)];
int decodedSz = 0;
#ifndef NO_FILESYSTEM
XFILE certFile;
XFILE keyFile;
#endif
#if !defined(NO_RSA) && (!defined(NO_AES) || (!defined(NO_SHA) ||\
!defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
/* RSA certs and keys. */
#if defined(USE_CERT_BUFFERS_1024)
/* Allocate buffer space. */
AssertNotNull(rsaCert =
(byte*)XMALLOC(ONEK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
/* Init buffer. */
rsaCertSz = (word32)sizeof_client_cert_der_1024;
XMEMCPY(rsaCert, client_cert_der_1024, rsaCertSz);
AssertNotNull(rsaPrivKey = (byte*)XMALLOC(ONEK_BUF, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER));
rsaPrivKeySz = (word32)sizeof_client_key_der_1024;
XMEMCPY(rsaPrivKey, client_key_der_1024, rsaPrivKeySz);
#elif defined(USE_CERT_BUFFERS_2048)
/* Allocate buffer */
AssertNotNull(rsaCert =
(byte*)XMALLOC(TWOK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
/* Init buffer. */
rsaCertSz = (word32)sizeof_client_cert_der_2048;
XMEMCPY(rsaCert, client_cert_der_2048, rsaCertSz);
AssertNotNull(rsaPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER));
rsaPrivKeySz = (word32)sizeof_client_key_der_2048;
XMEMCPY(rsaPrivKey, client_key_der_2048, rsaPrivKeySz);
#else
/* File system. */
certFile = XFOPEN(rsaClientCert, "rb");
AssertTrue(certFile != XBADFILE);
rsaCertSz = (word32)FOURK_BUF;
AssertNotNull(rsaCert =
(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
rsaCertSz = (word32)XFREAD(rsaCert, 1, rsaCertSz, certFile);
XFCLOSE(certFile);
keyFile = XFOPEN(rsaClientKey, "rb");
AssertTrue(keyFile != XBADFILE);
AssertNotNull(rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER));
rsaPrivKeySz = (word32)FOURK_BUF;
rsaPrivKeySz = (word32)XFREAD(rsaPrivKey, 1, rsaPrivKeySz, keyFile);
XFCLOSE(keyFile);
#endif /* USE_CERT_BUFFERS */
#endif /* NO_RSA */
/* ECC */
#if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) ||\
!defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
#ifdef USE_CERT_BUFFERS_256
AssertNotNull(eccCert =
(byte*)XMALLOC(TWOK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
/* Init buffer. */
eccCertSz = (word32)sizeof_cliecc_cert_der_256;
XMEMCPY(eccCert, cliecc_cert_der_256, eccCertSz);
AssertNotNull(eccPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER));
eccPrivKeySz = (word32)sizeof_ecc_clikey_der_256;
XMEMCPY(eccPrivKey, ecc_clikey_der_256, eccPrivKeySz);
#else /* File system. */
certFile = XFOPEN(eccClientCert, "rb");
AssertTrue(certFile != XBADFILE);
eccCertSz = (word32)FOURK_BUF;
AssertNotNull(eccCert =
(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
eccCertSz = (word32)XFREAD(eccCert, 1, eccCertSz, certFile);
XFCLOSE(certFile);
keyFile = XFOPEN(eccClientKey, "rb");
AssertTrue(keyFile != XBADFILE);
eccPrivKeySz = (word32)FOURK_BUF;
AssertNotNull(eccPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER));
eccPrivKeySz = (word32)XFREAD(eccPrivKey, 1, eccPrivKeySz, keyFile);
XFCLOSE(keyFile);
#endif /* USE_CERT_BUFFERS_256 */
#endif /* END HAVE_ECC */
/* Silence. */
(void)keyFile;
(void)certFile;
const pkcs7EnvelopedVector testVectors[] = {
/* DATA is a global variable defined in the makefile. */
#if !defined(NO_RSA)
#ifndef NO_DES3
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, DES3b, 0, 0,
rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
#endif /* NO_DES3 */
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#ifndef NO_AES_128
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb,
0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
#endif
#ifndef NO_AES_192
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES192CBCb,
0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
#endif
#ifndef NO_AES_256
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb,
0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
#endif
#endif /* NO_AES && HAVE_AES_CBC */
#endif /* NO_RSA */
#if defined(HAVE_ECC)
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#if !defined(NO_SHA) && !defined(NO_AES_128)
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb,
AES128_WRAP, dhSinglePass_stdDH_sha1kdf_scheme, eccCert,
eccCertSz, eccPrivKey, eccPrivKeySz},
#endif
#if !defined(NO_SHA256) && !defined(NO_AES_256)
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb,
AES256_WRAP, dhSinglePass_stdDH_sha256kdf_scheme, eccCert,
eccCertSz, eccPrivKey, eccPrivKeySz},
#endif
#if defined(WOLFSSL_SHA512) && !defined(NO_AES_256)
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb,
AES256_WRAP, dhSinglePass_stdDH_sha512kdf_scheme, eccCert,
eccCertSz, eccPrivKey, eccPrivKeySz},
#endif
#endif /* NO_AES && HAVE_AES_CBC*/
#endif /* END HAVE_ECC */
}; /* END pkcs7EnvelopedVector */
#ifdef ECC_TIMING_RESISTANT
AssertIntEQ(wc_InitRng(&rng), 0);
#endif
printf(testingFmt, "wc_PKCS7_EncodeEnvelopedData()");
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, devId), 0);
testSz = (int)sizeof(testVectors)/(int)sizeof(pkcs7EnvelopedVector);
for (i = 0; i < testSz; i++) {
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (testVectors + i)->cert,
(word32)(testVectors + i)->certSz), 0);
#ifdef ECC_TIMING_RESISTANT
pkcs7->rng = &rng;
#endif
pkcs7->content = (byte*)(testVectors + i)->content;
pkcs7->contentSz = (testVectors + i)->contentSz;
pkcs7->contentOID = (testVectors + i)->contentOID;
pkcs7->encryptOID = (testVectors + i)->encryptOID;
pkcs7->keyWrapOID = (testVectors + i)->keyWrapOID;
pkcs7->keyAgreeOID = (testVectors + i)->keyAgreeOID;
pkcs7->privateKey = (testVectors + i)->privateKey;
pkcs7->privateKeySz = (testVectors + i)->privateKeySz;
AssertIntGE(wc_PKCS7_EncodeEnvelopedData(pkcs7, output,
(word32)sizeof(output)), 0);
decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
(word32)sizeof(output), decoded, (word32)sizeof(decoded));
AssertIntGE(decodedSz, 0);
/* Verify the size of each buffer. */
AssertIntEQ((word32)sizeof(input)/sizeof(char), decodedSz);
/* Don't free the last time through the loop. */
if (i < testSz - 1 ){
wc_PKCS7_Free(pkcs7);
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
}
} /* END test loop. */
/* Test bad args. */
AssertIntEQ(wc_PKCS7_EncodeEnvelopedData(NULL, output,
(word32)sizeof(output)), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeEnvelopedData(pkcs7, NULL,
(word32)sizeof(output)), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeEnvelopedData(pkcs7, output, 0), BAD_FUNC_ARG);
printf(resultFmt, passed);
/* Decode. */
printf(testingFmt, "wc_PKCS7_DecodeEnvelopedData()");
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(NULL, output,
(word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
(word32)sizeof(output), NULL, (word32)sizeof(decoded)), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
(word32)sizeof(output), decoded, 0), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, NULL,
(word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, 0, decoded,
(word32)sizeof(decoded)), BAD_FUNC_ARG);
/* Should get a return of BAD_FUNC_ARG with structure data. Order matters.*/
#if defined(HAVE_ECC) && !defined(NO_AES) && defined(HAVE_AES_CBC)
/* only a failure for KARI test cases */
tempWrd32 = pkcs7->singleCertSz;
pkcs7->singleCertSz = 0;
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
(word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
pkcs7->singleCertSz = tempWrd32;
tmpBytePtr = pkcs7->singleCert;
pkcs7->singleCert = NULL;
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
(word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
pkcs7->singleCert = tmpBytePtr;
#endif
tempWrd32 = pkcs7->privateKeySz;
pkcs7->privateKeySz = 0;
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
(word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
pkcs7->privateKeySz = tempWrd32;
tmpBytePtr = pkcs7->privateKey;
pkcs7->privateKey = NULL;
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
(word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
pkcs7->privateKey = tmpBytePtr;
wc_PKCS7_Free(pkcs7);
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(NO_AES_256)
/* test of decrypt callback with KEKRI enveloped data */
{
int envelopedSz;
const byte keyId[] = { 0x00 };
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
pkcs7->content = (byte*)input;
pkcs7->contentSz = (word32)(sizeof(input)/sizeof(char));
pkcs7->contentOID = DATA;
pkcs7->encryptOID = AES256CBCb;
AssertIntGT(wc_PKCS7_AddRecipient_KEKRI(pkcs7, AES256_WRAP,
(byte*)defKey, sizeof(defKey), (byte*)keyId,
sizeof(keyId), NULL, NULL, 0, NULL, 0, 0), 0);
AssertIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID), 0);
AssertIntGT((envelopedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, output,
(word32)sizeof(output))), 0);
wc_PKCS7_Free(pkcs7);
/* decode envelopedData */
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_SetWrapCEKCb(pkcs7, myCEKwrapFunc), 0);
AssertIntEQ(wc_PKCS7_SetDecodeEncryptedCb(pkcs7, myDecryptionFunc), 0);
AssertIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
envelopedSz, decoded, sizeof(decoded))), 0);
wc_PKCS7_Free(pkcs7);
}
#endif /* !NO_AES && !NO_AES_256 */
printf(resultFmt, passed);
#ifndef NO_RSA
if (rsaCert) {
XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
if (rsaPrivKey) {
XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif /*NO_RSA */
#ifdef HAVE_ECC
if (eccCert) {
XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
if (eccPrivKey) {
XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
}
#endif /* HAVE_ECC */
#ifdef ECC_TIMING_RESISTANT
wc_FreeRng(&rng);
#endif
#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DES3)
{
byte out[7];
byte *cms;
word32 cmsSz;
XFILE cmsFile;
XMEMSET(out, 0, sizeof(out));
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
cmsFile = XFOPEN("./certs/test/ktri-keyid-cms.msg", "rb");
AssertTrue(cmsFile != XBADFILE);
cmsSz = (word32)FOURK_BUF;
AssertNotNull(cms =
(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
cmsSz = (word32)XFREAD(cms, 1, cmsSz, cmsFile);
XFCLOSE(cmsFile);
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)client_cert_der_2048,
sizeof_client_cert_der_2048), 0);
pkcs7->privateKey = (byte*)client_key_der_2048;
pkcs7->privateKeySz = sizeof_client_key_der_2048;
AssertIntGT(wc_PKCS7_DecodeEnvelopedData(pkcs7, cms, cmsSz, out,
sizeof(out)), 0);
XFREE(cms, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
AssertIntEQ(XMEMCMP(out, "test", 4), 0);
wc_PKCS7_Free(pkcs7);
}
#endif /* USE_CERT_BUFFERS_2048 && !NO_DES3 */
#endif /* HAVE_PKCS7 */
} /* END test_wc_PKCS7_EncodeEnvelopedData() */
/*
* Testing wc_PKCS7_EncodeEncryptedData()
*/
static void test_wc_PKCS7_EncodeEncryptedData (void)
{
#if defined(HAVE_PKCS7) && !defined(NO_PKCS7_ENCRYPTED_DATA)
PKCS7* pkcs7 = NULL;
byte* tmpBytePtr = NULL;
byte encrypted[TWOK_BUF];
byte decoded[TWOK_BUF];
word32 tmpWrd32 = 0;
int tmpInt = 0;
int decodedSz;
int encryptedSz;
int testSz;
int i;
const byte data[] = { /* Hello World */
0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
0x72,0x6c,0x64
};
#ifndef NO_DES3
byte desKey[] = {
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
};
byte des3Key[] = {
0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
};
#endif
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#ifndef NO_AES_128
byte aes128Key[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
};
#endif
#ifndef NO_AES_192
byte aes192Key[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
};
#endif
#ifndef NO_AES_256
byte aes256Key[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
};
#endif
#endif /* !NO_AES && HAVE_AES_CBC */
const pkcs7EncryptedVector testVectors[] =
{
#ifndef NO_DES3
{data, (word32)sizeof(data), DATA, DES3b, des3Key, sizeof(des3Key)},
{data, (word32)sizeof(data), DATA, DESb, desKey, sizeof(desKey)},
#endif /* !NO_DES3 */
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#ifndef NO_AES_128
{data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key,
sizeof(aes128Key)},
#endif
#ifndef NO_AES_192
{data, (word32)sizeof(data), DATA, AES192CBCb, aes192Key,
sizeof(aes192Key)},
#endif
#ifndef NO_AES_256
{data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
sizeof(aes256Key)},
#endif
#endif /* !NO_AES && HAVE_AES_CBC */
};
testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector);
for (i = 0; i < testSz; i++) {
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, devId), 0);
pkcs7->content = (byte*)testVectors[i].content;
pkcs7->contentSz = testVectors[i].contentSz;
pkcs7->contentOID = testVectors[i].contentOID;
pkcs7->encryptOID = testVectors[i].encryptOID;
pkcs7->encryptionKey = testVectors[i].encryptionKey;
pkcs7->encryptionKeySz = testVectors[i].encryptionKeySz;
pkcs7->heap = HEAP_HINT;
/* encode encryptedData */
encryptedSz = wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
sizeof(encrypted));
AssertIntGT(encryptedSz, 0);
/* Decode encryptedData */
decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
decoded, sizeof(decoded));
AssertIntEQ(XMEMCMP(decoded, data, decodedSz), 0);
/* Keep values for last itr. */
if (i < testSz - 1) {
wc_PKCS7_Free(pkcs7);
}
}
if (pkcs7 == NULL || testSz == 0) {
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, devId), 0);
}
printf(testingFmt, "wc_PKCS7_EncodeEncryptedData()");
AssertIntEQ(wc_PKCS7_EncodeEncryptedData(NULL, encrypted,
sizeof(encrypted)),BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, NULL,
sizeof(encrypted)), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
0), BAD_FUNC_ARG);
/* Testing the struct. */
tmpBytePtr = pkcs7->content;
pkcs7->content = NULL;
AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
sizeof(encrypted)), BAD_FUNC_ARG);
pkcs7->content = tmpBytePtr;
tmpWrd32 = pkcs7->contentSz;
pkcs7->contentSz = 0;
AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
sizeof(encrypted)), BAD_FUNC_ARG);
pkcs7->contentSz = tmpWrd32;
tmpInt = pkcs7->encryptOID;
pkcs7->encryptOID = 0;
AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
sizeof(encrypted)), BAD_FUNC_ARG);
pkcs7->encryptOID = tmpInt;
tmpBytePtr = pkcs7->encryptionKey;
pkcs7->encryptionKey = NULL;
AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
sizeof(encrypted)), BAD_FUNC_ARG);
pkcs7->encryptionKey = tmpBytePtr;
tmpWrd32 = pkcs7->encryptionKeySz;
pkcs7->encryptionKeySz = 0;
AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
sizeof(encrypted)), BAD_FUNC_ARG);
pkcs7->encryptionKeySz = tmpWrd32;
printf(resultFmt, passed);
printf(testingFmt, "wc_PKCS7_EncodeEncryptedData()");
AssertIntEQ(wc_PKCS7_DecodeEncryptedData(NULL, encrypted, encryptedSz,
decoded, sizeof(decoded)), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, NULL, encryptedSz,
decoded, sizeof(decoded)), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, 0,
decoded, sizeof(decoded)), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
NULL, sizeof(decoded)), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
decoded, 0), BAD_FUNC_ARG);
/* Test struct fields */
tmpBytePtr = pkcs7->encryptionKey;
pkcs7->encryptionKey = NULL;
AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
decoded, sizeof(decoded)), BAD_FUNC_ARG);
pkcs7->encryptionKey = tmpBytePtr;
pkcs7->encryptionKeySz = 0;
AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
decoded, sizeof(decoded)), BAD_FUNC_ARG);
printf(resultFmt, passed);
wc_PKCS7_Free(pkcs7);
#endif
} /* END test_wc_PKCS7_EncodeEncryptedData() */
/*
* Testing wc_PKCS7_Degenerate()
*/
static void test_wc_PKCS7_Degenerate(void)
{
#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM)
PKCS7* pkcs7;
char fName[] = "./certs/test-degenerate.p7b";
XFILE f;
byte der[4096];
word32 derSz;
int ret;
printf(testingFmt, "wc_PKCS7_Degenerate()");
AssertNotNull(f = XFOPEN(fName, "rb"));
AssertIntGT((ret = (int)fread(der, 1, sizeof(der), f)), 0);
derSz = (word32)ret;
XFCLOSE(f);
/* test degenerate success */
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
#ifndef NO_RSA
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
#else
AssertIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
#endif
wc_PKCS7_Free(pkcs7);
/* test with turning off degenerate cases */
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
wc_PKCS7_AllowDegenerate(pkcs7, 0); /* override allowing degenerate case */
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), PKCS7_NO_SIGNER_E);
wc_PKCS7_Free(pkcs7);
printf(resultFmt, passed);
#endif
} /* END test_wc_PKCS7_Degenerate() */
#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \
defined(ASN_BER_TO_DER) && !defined(NO_DES3)
static byte berContent[] = {
0x30, 0x80, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
0xF7, 0x0D, 0x01, 0x07, 0x03, 0xA0, 0x80, 0x30,
0x80, 0x02, 0x01, 0x00, 0x31, 0x82, 0x01, 0x48,
0x30, 0x82, 0x01, 0x44, 0x02, 0x01, 0x00, 0x30,
0x81, 0xAC, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30,
0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E,
0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E,
0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42,
0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15,
0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C,
0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C,
0x5F, 0x31, 0x30, 0x32, 0x34, 0x31, 0x19, 0x30,
0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10,
0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D,
0x69, 0x6E, 0x67, 0x2D, 0x31, 0x30, 0x32, 0x34,
0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77,
0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09,
0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09,
0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
0x63, 0x6F, 0x6D, 0x02, 0x09, 0x00, 0xBB, 0xD3,
0x10, 0x03, 0xE6, 0x9D, 0x28, 0x03, 0x30, 0x0D,
0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x81, 0x80,
0x2F, 0xF9, 0x77, 0x4F, 0x04, 0x5C, 0x16, 0x62,
0xF0, 0x77, 0x8D, 0x95, 0x4C, 0xB1, 0x44, 0x9A,
0x8C, 0x3C, 0x8C, 0xE4, 0xD1, 0xC1, 0x14, 0x72,
0xD0, 0x4A, 0x1A, 0x94, 0x27, 0x0F, 0xAA, 0xE8,
0xD0, 0xA2, 0xE7, 0xED, 0x4C, 0x7F, 0x0F, 0xC7,
0x1B, 0xFB, 0x81, 0x0E, 0x76, 0x8F, 0xDD, 0x32,
0x11, 0x68, 0xA0, 0x13, 0xD2, 0x8D, 0x95, 0xEF,
0x80, 0x53, 0x81, 0x0E, 0x1F, 0xC8, 0xD6, 0x76,
0x5C, 0x31, 0xD3, 0x77, 0x33, 0x29, 0xA6, 0x1A,
0xD3, 0xC6, 0x14, 0x36, 0xCA, 0x8E, 0x7D, 0x72,
0xA0, 0x29, 0x4C, 0xC7, 0x3A, 0xAF, 0xFE, 0xF7,
0xFC, 0xD7, 0xE2, 0x8F, 0x6A, 0x20, 0x46, 0x09,
0x40, 0x22, 0x2D, 0x79, 0x38, 0x11, 0xB1, 0x4A,
0xE3, 0x48, 0xE8, 0x10, 0x37, 0xA0, 0x22, 0xF7,
0xB4, 0x79, 0xD1, 0xA9, 0x3D, 0xC2, 0xAB, 0x37,
0xAE, 0x82, 0x68, 0x1A, 0x16, 0xEF, 0x33, 0x0C,
0x30, 0x80, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
0xF7, 0x0D, 0x01, 0x07, 0x01, 0x30, 0x14, 0x06,
0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x03,
0x07, 0x04, 0x08, 0xAD, 0xD0, 0x38, 0x9B, 0x16,
0x4B, 0x7F, 0x99, 0xA0, 0x80, 0x04, 0x82, 0x03,
0xE8, 0x6D, 0x48, 0xFB, 0x8A, 0xBD, 0xED, 0x6C,
0xCD, 0xC6, 0x48, 0xFD, 0xB7, 0xB0, 0x7C, 0x86,
0x2C, 0x8D, 0xF0, 0x23, 0x12, 0xD8, 0xA3, 0x2A,
0x21, 0x6F, 0x8B, 0x75, 0xBB, 0x47, 0x7F, 0xC9,
0xBA, 0xBA, 0xFF, 0x91, 0x09, 0x01, 0x7A, 0x5C,
0x96, 0x02, 0xB8, 0x8E, 0xF8, 0x67, 0x7E, 0x8F,
0xF9, 0x51, 0x0E, 0xFF, 0x8E, 0xE2, 0x61, 0xC0,
0xDF, 0xFA, 0xE2, 0x4C, 0x50, 0x90, 0xAE, 0xA1,
0x15, 0x38, 0x3D, 0xBE, 0x88, 0xD7, 0x57, 0xC0,
0x11, 0x44, 0xA2, 0x61, 0x05, 0x49, 0x6A, 0x94,
0x04, 0x10, 0xD9, 0xC2, 0x2D, 0x15, 0x20, 0x0D,
0xBD, 0xA2, 0xEF, 0xE4, 0x68, 0xFA, 0x39, 0x75,
0x7E, 0xD8, 0x64, 0x44, 0xCB, 0xE0, 0x00, 0x6D,
0x57, 0x4E, 0x8A, 0x17, 0xA9, 0x83, 0x6C, 0x7F,
0xFE, 0x01, 0xEE, 0xDE, 0x99, 0x3A, 0xB2, 0xFF,
0xD3, 0x72, 0x78, 0xBA, 0xF1, 0x23, 0x54, 0x48,
0x02, 0xD8, 0x38, 0xA9, 0x54, 0xE5, 0x4A, 0x81,
0xB9, 0xC0, 0x67, 0xB2, 0x7D, 0x3C, 0x6F, 0xCE,
0xA4, 0xDD, 0x34, 0x5F, 0x60, 0xB1, 0xA3, 0x7A,
0xE4, 0x43, 0xF2, 0x89, 0x64, 0x35, 0x09, 0x32,
0x51, 0xFB, 0x5C, 0x67, 0x0C, 0x3B, 0xFC, 0x36,
0x6B, 0x37, 0x43, 0x6C, 0x03, 0xCD, 0x44, 0xC7,
0x2B, 0x62, 0xD6, 0xD1, 0xF4, 0x07, 0x7B, 0x19,
0x91, 0xF0, 0xD7, 0xF5, 0x54, 0xBC, 0x0F, 0x42,
0x6B, 0x69, 0xF7, 0xA3, 0xC8, 0xEE, 0xB9, 0x7A,
0x9E, 0x3D, 0xDF, 0x53, 0x47, 0xF7, 0x50, 0x67,
0x00, 0xCF, 0x2B, 0x3B, 0xE9, 0x85, 0xEE, 0xBD,
0x4C, 0x64, 0x66, 0x0B, 0x77, 0x80, 0x9D, 0xEF,
0x11, 0x32, 0x77, 0xA8, 0xA4, 0x5F, 0xEE, 0x2D,
0xE0, 0x43, 0x87, 0x76, 0x87, 0x53, 0x4E, 0xD7,
0x1A, 0x04, 0x7B, 0xE1, 0xD1, 0xE1, 0xF5, 0x87,
0x51, 0x13, 0xE0, 0xC2, 0xAA, 0xA3, 0x4B, 0xAA,
0x9E, 0xB4, 0xA6, 0x1D, 0x4E, 0x28, 0x57, 0x0B,
0x80, 0x90, 0x81, 0x4E, 0x04, 0xF5, 0x30, 0x8D,
0x51, 0xCE, 0x57, 0x2F, 0x88, 0xC5, 0x70, 0xC4,
0x06, 0x8F, 0xDD, 0x37, 0xC1, 0x34, 0x1E, 0x0E,
0x15, 0x32, 0x23, 0x92, 0xAB, 0x40, 0xEA, 0xF7,
0x43, 0xE2, 0x1D, 0xE2, 0x4B, 0xC9, 0x91, 0xF4,
0x63, 0x21, 0x34, 0xDB, 0xE9, 0x86, 0x83, 0x1A,
0xD2, 0x52, 0xEF, 0x7A, 0xA2, 0xEE, 0xA4, 0x11,
0x56, 0xD3, 0x6C, 0xF5, 0x6D, 0xE4, 0xA5, 0x2D,
0x99, 0x02, 0x10, 0xDF, 0x29, 0xC5, 0xE3, 0x0B,
0xC4, 0xA1, 0xEE, 0x5F, 0x4A, 0x10, 0xEE, 0x85,
0x73, 0x2A, 0x92, 0x15, 0x2C, 0xC8, 0xF4, 0x8C,
0xD7, 0x3D, 0xBC, 0xAD, 0x18, 0xE0, 0x59, 0xD3,
0xEE, 0x75, 0x90, 0x1C, 0xCC, 0x76, 0xC6, 0x64,
0x17, 0xD2, 0xD0, 0x91, 0xA6, 0xD0, 0xC1, 0x4A,
0xAA, 0x58, 0x22, 0xEC, 0x45, 0x98, 0xF2, 0xCC,
0x4C, 0xE4, 0xBF, 0xED, 0xF6, 0x44, 0x72, 0x36,
0x65, 0x3F, 0xE3, 0xB5, 0x8B, 0x3E, 0x54, 0x9C,
0x82, 0x86, 0x5E, 0xB0, 0xF2, 0x12, 0xE5, 0x69,
0xFA, 0x46, 0xA2, 0x54, 0xFC, 0xF5, 0x4B, 0xE0,
0x24, 0x3B, 0x99, 0x04, 0x1A, 0x7A, 0xF7, 0xD1,
0xFF, 0x68, 0x97, 0xB2, 0x85, 0x82, 0x95, 0x27,
0x2B, 0xF4, 0xE7, 0x1A, 0x74, 0x19, 0xEC, 0x8C,
0x4E, 0xA7, 0x0F, 0xAD, 0x4F, 0x5A, 0x02, 0x80,
0xC1, 0x6A, 0x9E, 0x54, 0xE4, 0x8E, 0xA3, 0x41,
0x3F, 0x6F, 0x9C, 0x82, 0x9F, 0x83, 0xB0, 0x44,
0x01, 0x5F, 0x10, 0x9D, 0xD3, 0xB6, 0x33, 0x5B,
0xAF, 0xAC, 0x6B, 0x57, 0x2A, 0x01, 0xED, 0x0E,
0x17, 0xB9, 0x80, 0x76, 0x12, 0x1C, 0x51, 0x56,
0xDD, 0x6D, 0x94, 0xAB, 0xD2, 0xE5, 0x15, 0x2D,
0x3C, 0xC5, 0xE8, 0x62, 0x05, 0x8B, 0x40, 0xB1,
0xC2, 0x83, 0xCA, 0xAC, 0x4B, 0x8B, 0x39, 0xF7,
0xA0, 0x08, 0x43, 0x5C, 0xF7, 0xE8, 0xED, 0x40,
0x72, 0x73, 0xE3, 0x6B, 0x18, 0x67, 0xA0, 0xB6,
0x0F, 0xED, 0x8F, 0x9A, 0xE4, 0x27, 0x62, 0x23,
0xAA, 0x6D, 0x6C, 0x31, 0xC9, 0x9D, 0x6B, 0xE0,
0xBF, 0x9D, 0x7D, 0x2E, 0x76, 0x71, 0x06, 0x39,
0xAC, 0x96, 0x1C, 0xAF, 0x30, 0xF2, 0x62, 0x9C,
0x84, 0x3F, 0x43, 0x5E, 0x19, 0xA8, 0xE5, 0x3C,
0x9D, 0x43, 0x3C, 0x43, 0x41, 0xE8, 0x82, 0xE7,
0x5B, 0xF3, 0xE2, 0x15, 0xE3, 0x52, 0x20, 0xFD,
0x0D, 0xB2, 0x4D, 0x48, 0xAD, 0x53, 0x7E, 0x0C,
0xF0, 0xB9, 0xBE, 0xC9, 0x58, 0x4B, 0xC8, 0xA8,
0xA3, 0x36, 0xF1, 0x2C, 0xD2, 0xE1, 0xC8, 0xC4,
0x3C, 0x48, 0x70, 0xC2, 0x6D, 0x6C, 0x3D, 0x99,
0xAC, 0x43, 0x19, 0x69, 0xCA, 0x67, 0x1A, 0xC9,
0xE1, 0x47, 0xFA, 0x0A, 0xE6, 0x5B, 0x6F, 0x61,
0xD0, 0x03, 0xE4, 0x03, 0x4B, 0xFD, 0xE2, 0xA5,
0x8D, 0x83, 0x01, 0x7E, 0xC0, 0x7B, 0x2E, 0x0B,
0x29, 0xDD, 0xD6, 0xDC, 0x71, 0x46, 0xBD, 0x9A,
0x40, 0x46, 0x1E, 0x0A, 0xB1, 0x00, 0xE7, 0x71,
0x29, 0x77, 0xFC, 0x9A, 0x76, 0x8A, 0x5F, 0x66,
0x9B, 0x63, 0x91, 0x12, 0x78, 0xBF, 0x67, 0xAD,
0xA1, 0x72, 0x9E, 0xC5, 0x3E, 0xE5, 0xCB, 0xAF,
0xD6, 0x5A, 0x0D, 0xB6, 0x9B, 0xA3, 0x78, 0xE8,
0xB0, 0x8F, 0x69, 0xED, 0xC1, 0x73, 0xD5, 0xE5,
0x1C, 0x18, 0xA0, 0x58, 0x4C, 0x49, 0xBD, 0x91,
0xCE, 0x15, 0x0D, 0xAA, 0x5A, 0x07, 0xEA, 0x1C,
0xA7, 0x4B, 0x11, 0x31, 0x80, 0xAF, 0xA1, 0x0A,
0xED, 0x6C, 0x70, 0xE4, 0xDB, 0x75, 0x86, 0xAE,
0xBF, 0x4A, 0x05, 0x72, 0xDE, 0x84, 0x8C, 0x7B,
0x59, 0x81, 0x58, 0xE0, 0xC0, 0x15, 0xB5, 0xF3,
0xD5, 0x73, 0x78, 0x83, 0x53, 0xDA, 0x92, 0xC1,
0xE6, 0x71, 0x74, 0xC7, 0x7E, 0xAA, 0x36, 0x06,
0xF0, 0xDF, 0xBA, 0xFB, 0xEF, 0x54, 0xE8, 0x11,
0xB2, 0x33, 0xA3, 0x0B, 0x9E, 0x0C, 0x59, 0x75,
0x13, 0xFA, 0x7F, 0x88, 0xB9, 0x86, 0xBD, 0x1A,
0xDB, 0x52, 0x12, 0xFB, 0x6D, 0x1A, 0xCB, 0x49,
0x94, 0x94, 0xC4, 0xA9, 0x99, 0xC0, 0xA4, 0xB6,
0x60, 0x36, 0x09, 0x94, 0x2A, 0xD5, 0xC4, 0x26,
0xF4, 0xA3, 0x6A, 0x0E, 0x57, 0x8B, 0x7C, 0xA4,
0x1D, 0x75, 0xE8, 0x2A, 0xF3, 0xC4, 0x3C, 0x7D,
0x45, 0x6D, 0xD8, 0x24, 0xD1, 0x3B, 0xF7, 0xCF,
0xE4, 0x45, 0x2A, 0x55, 0xE5, 0xA9, 0x1F, 0x1C,
0x8F, 0x55, 0x8D, 0xC1, 0xF7, 0x74, 0xCC, 0x26,
0xC7, 0xBA, 0x2E, 0x5C, 0xC1, 0x71, 0x0A, 0xAA,
0xD9, 0x6D, 0x76, 0xA7, 0xF9, 0xD1, 0x18, 0xCB,
0x5A, 0x52, 0x98, 0xA8, 0x0D, 0x3F, 0x06, 0xFC,
0x49, 0x11, 0x21, 0x5F, 0x86, 0x19, 0x33, 0x81,
0xB5, 0x7A, 0xDA, 0xA1, 0x47, 0xBF, 0x7C, 0xD7,
0x05, 0x96, 0xC7, 0xF5, 0xC1, 0x61, 0xE5, 0x18,
0xA5, 0x38, 0x68, 0xED, 0xB4, 0x17, 0x62, 0x0D,
0x01, 0x5E, 0xC3, 0x04, 0xA6, 0xBA, 0xB1, 0x01,
0x60, 0x5C, 0xC1, 0x3A, 0x34, 0x97, 0xD6, 0xDB,
0x67, 0x73, 0x4D, 0x33, 0x96, 0x01, 0x67, 0x44,
0xEA, 0x47, 0x5E, 0x44, 0xB5, 0xE5, 0xD1, 0x6C,
0x20, 0xA9, 0x6D, 0x4D, 0xBC, 0x02, 0xF0, 0x70,
0xE4, 0xDD, 0xE9, 0xD5, 0x5C, 0x28, 0x29, 0x0B,
0xB4, 0x60, 0x2A, 0xF1, 0xF7, 0x1A, 0xF0, 0x36,
0xAE, 0x51, 0x3A, 0xAE, 0x6E, 0x48, 0x7D, 0xC7,
0x5C, 0xF3, 0xDC, 0xF6, 0xED, 0x27, 0x4E, 0x8E,
0x48, 0x18, 0x3E, 0x08, 0xF1, 0xD8, 0x3D, 0x0D,
0xE7, 0x2F, 0x65, 0x8A, 0x6F, 0xE2, 0x1E, 0x06,
0xC1, 0x04, 0x58, 0x7B, 0x4A, 0x75, 0x60, 0x92,
0x13, 0xC6, 0x40, 0x2D, 0x3A, 0x8A, 0xD1, 0x03,
0x05, 0x1F, 0x28, 0x66, 0xC2, 0x57, 0x2A, 0x4C,
0xE1, 0xA3, 0xCB, 0xA1, 0x95, 0x30, 0x10, 0xED,
0xDF, 0xAE, 0x70, 0x49, 0x4E, 0xF6, 0xB4, 0x5A,
0xB6, 0x22, 0x56, 0x37, 0x05, 0xE7, 0x3E, 0xB2,
0xE3, 0x96, 0x62, 0xEC, 0x09, 0x53, 0xC0, 0x50,
0x3D, 0xA7, 0xBC, 0x9B, 0x39, 0x02, 0x26, 0x16,
0xB5, 0x34, 0x17, 0xD4, 0xCA, 0xFE, 0x1D, 0xE4,
0x5A, 0xDA, 0x4C, 0xC2, 0xCA, 0x8E, 0x79, 0xBF,
0xD8, 0x4C, 0xBB, 0xFA, 0x30, 0x7B, 0xA9, 0x3E,
0x52, 0x19, 0xB1, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00
};
#endif /* HAVE_PKCS7 && !NO_FILESYSTEM && ASN_BER_TO_DER && !NO_DES3 */
/*
* Testing wc_PKCS7_BER()
*/
static void test_wc_PKCS7_BER(void)
{
#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \
defined(ASN_BER_TO_DER)
PKCS7* pkcs7;
char fName[] = "./certs/test-ber-exp02-05-2022.p7b";
XFILE f;
byte der[4096];
#ifndef NO_DES3
byte decoded[2048];
#endif
word32 derSz;
int ret;
printf(testingFmt, "wc_PKCS7_BER()");
AssertNotNull(f = XFOPEN(fName, "rb"));
AssertIntGT((ret = (int)fread(der, 1, sizeof(der), f)), 0);
derSz = (word32)ret;
XFCLOSE(f);
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
#ifndef NO_RSA
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
#else
AssertIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
#endif
wc_PKCS7_Free(pkcs7);
#ifndef NO_DES3
/* decode BER content */
AssertNotNull(f = XFOPEN("./certs/1024/client-cert.der", "rb"));
AssertIntGT((ret = (int)fread(der, 1, sizeof(der), f)), 0);
derSz = (word32)ret;
XFCLOSE(f);
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
#ifndef NO_RSA
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, der, derSz), 0);
#else
AssertIntNE(wc_PKCS7_InitWithCert(pkcs7, der, derSz), 0);
#endif
AssertNotNull(f = XFOPEN("./certs/1024/client-key.der", "rb"));
AssertIntGT((ret = (int)fread(der, 1, sizeof(der), f)), 0);
derSz = (word32)ret;
XFCLOSE(f);
pkcs7->privateKey = der;
pkcs7->privateKeySz = derSz;
#ifndef NO_RSA
#ifdef WOLFSSL_SP_MATH
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
sizeof(berContent), decoded, sizeof(decoded)), WC_KEY_SIZE_E);
#else
AssertIntGT(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
sizeof(berContent), decoded, sizeof(decoded)), 0);
#endif
#else
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
sizeof(berContent), decoded, sizeof(decoded)), NOT_COMPILED_IN);
#endif
wc_PKCS7_Free(pkcs7);
#endif /* !NO_DES3 */
printf(resultFmt, passed);
#endif
} /* END test_wc_PKCS7_BER() */
static void test_PKCS7_signed_enveloped(void)
{
#if defined(HAVE_PKCS7) && !defined(NO_RSA) && !defined(NO_AES) && \
!defined(NO_FILESYSTEM)
XFILE f;
PKCS7* pkcs7;
#ifdef HAVE_AES_CBC
PKCS7* inner;
#endif
void* pt;
WC_RNG rng;
unsigned char key[FOURK_BUF/2];
unsigned char cert[FOURK_BUF/2];
unsigned char env[FOURK_BUF];
int envSz = FOURK_BUF;
int keySz;
int certSz;
unsigned char sig[FOURK_BUF * 2];
int sigSz = FOURK_BUF * 2;
#ifdef HAVE_AES_CBC
unsigned char decoded[FOURK_BUF];
int decodedSz = FOURK_BUF;
#endif
printf(testingFmt, "PKCS7_signed_enveloped");
/* load cert */
AssertNotNull(f = XFOPEN(cliCertDerFile, "rb"));
AssertIntGT((certSz = (int)XFREAD(cert, 1, sizeof(cert), f)), 0);
XFCLOSE(f);
/* load key */
AssertNotNull(f = XFOPEN(cliKeyFile, "rb"));
AssertIntGT((keySz = (int)XFREAD(key, 1, sizeof(key), f)), 0);
XFCLOSE(f);
keySz = wolfSSL_KeyPemToDer(key, keySz, key, keySz, NULL);
/* sign cert for envelope */
AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
AssertIntEQ(wc_InitRng(&rng), 0);
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
pkcs7->content = cert;
pkcs7->contentSz = certSz;
pkcs7->contentOID = DATA;
pkcs7->privateKey = key;
pkcs7->privateKeySz = keySz;
pkcs7->encryptOID = RSAk;
pkcs7->hashOID = SHA256h;
pkcs7->rng = &rng;
AssertIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0);
wc_PKCS7_Free(pkcs7);
wc_FreeRng(&rng);
#ifdef HAVE_AES_CBC
/* create envelope */
AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
pkcs7->content = sig;
pkcs7->contentSz = sigSz;
pkcs7->contentOID = DATA;
pkcs7->encryptOID = AES256CBCb;
pkcs7->privateKey = key;
pkcs7->privateKeySz = keySz;
AssertIntGT((envSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, env, envSz)), 0);
wc_PKCS7_Free(pkcs7);
#endif
/* create bad signed enveloped data */
sigSz = FOURK_BUF * 2;
AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
AssertIntEQ(wc_InitRng(&rng), 0);
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
pkcs7->content = env;
pkcs7->contentSz = envSz;
pkcs7->contentOID = DATA;
pkcs7->privateKey = key;
pkcs7->privateKeySz = keySz;
pkcs7->encryptOID = RSAk;
pkcs7->hashOID = SHA256h;
pkcs7->rng = &rng;
/* Set no certs in bundle for this test. Hang on to the pointer though to
* free it later. */
pt = (void*)pkcs7->certList;
pkcs7->certList = NULL; /* no certs in bundle */
AssertIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0);
pkcs7->certList = (Pkcs7Cert*)pt; /* restore pointer for PKCS7 free call */
wc_PKCS7_Free(pkcs7);
/* check verify fails */
AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz),
PKCS7_SIGNEEDS_CHECK);
/* try verifying the signature manually */
{
RsaKey rKey;
word32 idx = 0;
byte digest[MAX_SEQ_SZ + MAX_ALGO_SZ + MAX_OCTET_STR_SZ +
WC_MAX_DIGEST_SIZE];
int digestSz;
AssertIntEQ(wc_InitRsaKey(&rKey, HEAP_HINT), 0);
AssertIntEQ(wc_RsaPrivateKeyDecode(key, &idx, &rKey, keySz), 0);
digestSz = wc_RsaSSL_Verify(pkcs7->signature, pkcs7->signatureSz,
digest, sizeof(digest), &rKey);
AssertIntGT(digestSz, 0);
AssertIntEQ(digestSz, pkcs7->pkcs7DigestSz);
AssertIntEQ(XMEMCMP(digest, pkcs7->pkcs7Digest, digestSz), 0);
AssertIntEQ(wc_FreeRsaKey(&rKey), 0);
/* verify was success */
}
wc_PKCS7_Free(pkcs7);
/* initializing the PKCS7 struct with the signing certificate should pass */
AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0);
wc_PKCS7_Free(pkcs7);
/* create valid degenerate bundle */
sigSz = FOURK_BUF * 2;
AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
pkcs7->content = env;
pkcs7->contentSz = envSz;
pkcs7->contentOID = DATA;
pkcs7->privateKey = key;
pkcs7->privateKeySz = keySz;
pkcs7->encryptOID = RSAk;
pkcs7->hashOID = SHA256h;
pkcs7->rng = &rng;
AssertIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, DEGENERATE_SID), 0);
AssertIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0);
wc_PKCS7_Free(pkcs7);
wc_FreeRng(&rng);
/* check verify */
AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, devId), 0);
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0);
AssertNotNull(pkcs7->content);
#ifdef HAVE_AES_CBC
/* check decode */
AssertNotNull(inner = wc_PKCS7_New(NULL, 0));
AssertIntEQ(wc_PKCS7_InitWithCert(inner, cert, certSz), 0);
inner->privateKey = key;
inner->privateKeySz = keySz;
AssertIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(inner, pkcs7->content,
pkcs7->contentSz, decoded, decodedSz)), 0);
wc_PKCS7_Free(inner);
#endif
wc_PKCS7_Free(pkcs7);
#ifdef HAVE_AES_CBC
/* check cert set */
AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, decoded, decodedSz), 0);
AssertNotNull(pkcs7->singleCert);
AssertIntNE(pkcs7->singleCertSz, 0);
wc_PKCS7_Free(pkcs7);
#endif
printf(resultFmt, passed);
#endif /* HAVE_PKCS7 && !NO_RSA && !NO_AES */
}
static void test_wc_PKCS7_NoDefaultSignedAttribs (void)
{
#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
&& !defined(NO_AES)
PKCS7* pkcs7;
void* heap = NULL;
printf(testingFmt, "wc_PKCS7_NoDefaultSignedAttribs()");
pkcs7 = wc_PKCS7_New(heap, devId);
AssertNotNull(pkcs7);
AssertIntEQ(wc_PKCS7_Init(pkcs7, heap, devId), 0);
AssertIntEQ(wc_PKCS7_NoDefaultSignedAttribs(NULL), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_NoDefaultSignedAttribs(pkcs7), 0);
wc_PKCS7_Free(pkcs7);
printf(resultFmt, passed);
#endif
}
static void test_wc_PKCS7_SetOriEncryptCtx (void)
{
#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
&& !defined(NO_AES)
PKCS7* pkcs7;
void* heap = NULL;
WOLFSSL_CTX* ctx;
ctx = NULL;
printf(testingFmt, "wc_PKCS7_SetOriEncryptCtx()");
pkcs7 = wc_PKCS7_New(heap, devId);
AssertNotNull(pkcs7);
AssertIntEQ(wc_PKCS7_Init(pkcs7, heap, devId), 0);
AssertIntEQ(wc_PKCS7_SetOriEncryptCtx(NULL, ctx), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_SetOriEncryptCtx(pkcs7, ctx), 0);
wc_PKCS7_Free(pkcs7);
printf(resultFmt, passed);
#endif
}
static void test_wc_PKCS7_SetOriDecryptCtx (void)
{
#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
&& !defined(NO_AES)
PKCS7* pkcs7;
void* heap = NULL;
WOLFSSL_CTX* ctx;
ctx = NULL;
printf(testingFmt, "wc_PKCS7_SetOriDecryptCtx()");
pkcs7 = wc_PKCS7_New(heap, devId);
AssertNotNull(pkcs7);
AssertIntEQ(wc_PKCS7_Init(pkcs7, heap, devId), 0);
AssertIntEQ(wc_PKCS7_SetOriDecryptCtx(NULL, ctx), BAD_FUNC_ARG);
AssertIntEQ(wc_PKCS7_SetOriDecryptCtx(pkcs7, ctx), 0);
wc_PKCS7_Free(pkcs7);
printf(resultFmt, passed);
#endif
}
static void test_wc_PKCS7_DecodeCompressedData(void)
{
#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
&& !defined(NO_AES) && defined(HAVE_LIBZ)
PKCS7* pkcs7;
void* heap = NULL;
byte out[4096];
byte *decompressed;
int outSz, decompressedSz;
const char* cert = "./certs/client-cert.pem";
byte* cert_buf = NULL;
size_t cert_sz = 0;
printf(testingFmt, "wc_PKCS7_DecodeCompressedData()");
AssertIntEQ(load_file(cert, &cert_buf, &cert_sz), 0);
AssertNotNull((decompressed =
(byte*)XMALLOC(cert_sz, heap, DYNAMIC_TYPE_TMP_BUFFER)));
decompressedSz = (int)cert_sz;
AssertNotNull((pkcs7 = wc_PKCS7_New(heap, devId)));
pkcs7->content = (byte*)cert_buf;
pkcs7->contentSz = (word32)cert_sz;
pkcs7->contentOID = DATA;
AssertIntGT((outSz = wc_PKCS7_EncodeCompressedData(pkcs7, out,
sizeof(out))), 0);
wc_PKCS7_Free(pkcs7);
/* compressed key should be smaller than when started */
AssertIntLT(outSz, cert_sz);
/* test decompression */
AssertNotNull((pkcs7 = wc_PKCS7_New(heap, devId)));
AssertIntEQ(pkcs7->contentOID, 0);
/* fail case with out buffer too small */
AssertIntLT(wc_PKCS7_DecodeCompressedData(pkcs7, out, outSz,
decompressed, outSz), 0);
/* success case */
AssertIntEQ(wc_PKCS7_DecodeCompressedData(pkcs7, out, outSz,
decompressed, decompressedSz), cert_sz);
AssertIntEQ(pkcs7->contentOID, DATA);
AssertIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0);
XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER);
decompressed = NULL;
/* test decompression function with different 'max' inputs */
outSz = sizeof(out);
AssertIntGT((outSz = wc_Compress(out, outSz, cert_buf, (word32)cert_sz, 0)),
0);
AssertIntLT(wc_DeCompressDynamic(&decompressed, 1, DYNAMIC_TYPE_TMP_BUFFER,
out, outSz, 0, heap), 0);
AssertNull(decompressed);
AssertIntGT(wc_DeCompressDynamic(&decompressed, -1, DYNAMIC_TYPE_TMP_BUFFER,
out, outSz, 0, heap), 0);
AssertNotNull(decompressed);
AssertIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0);
XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER);
decompressed = NULL;
AssertIntGT(wc_DeCompressDynamic(&decompressed, DYNAMIC_TYPE_TMP_BUFFER, 5,
out, outSz, 0, heap), 0);
AssertNotNull(decompressed);
AssertIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0);
XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER);
if (cert_buf)
free(cert_buf);
wc_PKCS7_Free(pkcs7);
printf(resultFmt, passed);
#endif
}
static void test_wc_i2d_PKCS12(void)
{
#if !defined(NO_ASN) && !defined(NO_PWDBASED) && defined(HAVE_PKCS12) \
&& !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
&& !defined(NO_AES) && !defined(NO_DES3) && !defined(NO_SHA)
WC_PKCS12* pkcs12 = NULL;
unsigned char der[FOURK_BUF * 2];
unsigned char* pt;
int derSz;
unsigned char out[FOURK_BUF * 2];
int outSz = FOURK_BUF * 2;
const char p12_f[] = "./certs/test-servercert.p12";
XFILE f;
printf(testingFmt, "wc_i2d_PKCS12");
f = XFOPEN(p12_f, "rb");
AssertNotNull(f);
derSz = (int)XFREAD(der, 1, sizeof(der), f);
AssertIntGT(derSz, 0);
XFCLOSE(f);
AssertNotNull(pkcs12 = wc_PKCS12_new());
AssertIntEQ(wc_d2i_PKCS12(der, derSz, pkcs12), 0);
AssertIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), LENGTH_ONLY_E);
AssertIntEQ(outSz, derSz);
outSz = derSz - 1;
pt = out;
AssertIntLE(wc_i2d_PKCS12(pkcs12, &pt, &outSz), 0);
outSz = derSz;
AssertIntEQ(wc_i2d_PKCS12(pkcs12, &pt, &outSz), derSz);
AssertIntEQ((pt == out), 0);
pt = NULL;
AssertIntEQ(wc_i2d_PKCS12(pkcs12, &pt, NULL), derSz);
XFREE(pt, NULL, DYNAMIC_TYPE_PKCS);
wc_PKCS12_free(pkcs12);
/* Run the same test but use wc_d2i_PKCS12_fp. */
AssertNotNull(pkcs12 = wc_PKCS12_new());
AssertIntEQ(wc_d2i_PKCS12_fp("./certs/test-servercert.p12", &pkcs12), 0);
AssertIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), LENGTH_ONLY_E);
AssertIntEQ(outSz, derSz);
wc_PKCS12_free(pkcs12);
/* wc_d2i_PKCS12_fp can also allocate the PKCS12 object for the caller. */
pkcs12 = NULL;
AssertIntEQ(wc_d2i_PKCS12_fp("./certs/test-servercert.p12", &pkcs12), 0);
AssertIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), LENGTH_ONLY_E);
AssertIntEQ(outSz, derSz);
wc_PKCS12_free(pkcs12);
printf(resultFmt, passed);
#endif
}
/* Testing wc_SignatureGetSize() for signature type ECC */
static int test_wc_SignatureGetSize_ecc(void)
{
int ret = 0;
#ifndef NO_SIG_WRAPPER
#if defined(HAVE_ECC) && !defined(NO_ECC256)
enum wc_SignatureType sig_type;
word32 key_len;
/* Initialize ECC Key */
ecc_key ecc;
const char* qx =
"fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0";
const char* qy =
"d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09";
const char* d =
"be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25";
ret = wc_ecc_init(&ecc);
if (ret == 0) {
ret = wc_ecc_import_raw(&ecc, qx, qy, d, "SECP256R1");
}
printf(testingFmt, "wc_SigntureGetSize_ecc()");
if (ret == 0) {
/* Input for signature type ECC */
sig_type = WC_SIGNATURE_TYPE_ECC;
key_len = sizeof(ecc_key);
ret = wc_SignatureGetSize(sig_type, &ecc, key_len);
/* Test bad args */
if (ret > 0) {
sig_type = (enum wc_SignatureType) 100;
ret = wc_SignatureGetSize(sig_type, &ecc, key_len);
if (ret == BAD_FUNC_ARG) {
sig_type = WC_SIGNATURE_TYPE_ECC;
ret = wc_SignatureGetSize(sig_type, NULL, key_len);
}
if (ret >= 0) {
key_len = (word32) 0;
ret = wc_SignatureGetSize(sig_type, &ecc, key_len);
}
if (ret == BAD_FUNC_ARG) {
ret = SIG_TYPE_E;
}
}
} else {
ret = WOLFSSL_FATAL_ERROR;
}
wc_ecc_free(&ecc);
#else
ret = SIG_TYPE_E;
#endif
if (ret == SIG_TYPE_E) {
ret = 0;
}
else {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif /* NO_SIG_WRAPPER */
return ret;
}/* END test_wc_SignatureGetSize_ecc() */
/* Testing wc_SignatureGetSize() for signature type rsa */
static int test_wc_SignatureGetSize_rsa(void)
{
int ret = 0;
#ifndef NO_SIG_WRAPPER
#ifndef NO_RSA
enum wc_SignatureType sig_type;
word32 key_len;
word32 idx = 0;
/* Initialize RSA Key */
RsaKey rsa_key;
byte* tmp = NULL;
size_t bytes;
#ifdef USE_CERT_BUFFERS_1024
bytes = (size_t)sizeof_client_key_der_1024;
if (bytes < (size_t)sizeof_client_key_der_1024)
bytes = (size_t)sizeof_client_cert_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
bytes = (size_t)sizeof_client_key_der_2048;
if (bytes < (size_t)sizeof_client_cert_der_2048)
bytes = (size_t)sizeof_client_cert_der_2048;
#else
bytes = FOURK_BUF;
#endif
tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (tmp != NULL) {
#ifdef USE_CERT_BUFFERS_1024
XMEMCPY(tmp, client_key_der_1024,
(size_t)sizeof_client_key_der_1024);
#elif defined(USE_CERT_BUFFERS_2048)
XMEMCPY(tmp, client_key_der_2048,
(size_t)sizeof_client_key_der_2048);
#elif !defined(NO_FILESYSTEM)
file = XFOPEN(clientKey, "rb");
if (file != XBADFILE) {
bytes = (size_t)XFREAD(tmp, 1, FOURK_BUF, file);
XFCLOSE(file);
}
else {
ret = WOLFSSL_FATAL_ERROR;
}
#else
ret = WOLFSSL_FATAL_ERROR;
#endif
} else {
ret = WOLFSSL_FATAL_ERROR;
}
if (ret == 0) {
ret = wc_InitRsaKey_ex(&rsa_key, HEAP_HINT, devId);
}
if (ret == 0) {
ret = wc_RsaPrivateKeyDecode(tmp, &idx, &rsa_key, (word32)bytes);
}
printf(testingFmt, "wc_SigntureGetSize_rsa()");
if (ret == 0) {
/* Input for signature type RSA */
sig_type = WC_SIGNATURE_TYPE_RSA;
key_len = sizeof(RsaKey);
ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len);
/* Test bad args */
if (ret > 0) {
sig_type = (enum wc_SignatureType) 100;
ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len);
if (ret == BAD_FUNC_ARG) {
sig_type = WC_SIGNATURE_TYPE_RSA;
ret = wc_SignatureGetSize(sig_type, NULL, key_len);
}
#ifndef HAVE_USER_RSA
if (ret == BAD_FUNC_ARG) {
#else
if (ret == 0) {
#endif
key_len = (word32)0;
ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len);
}
if (ret == BAD_FUNC_ARG) {
ret = SIG_TYPE_E;
}
}
} else {
ret = WOLFSSL_FATAL_ERROR;
}
wc_FreeRsaKey(&rsa_key);
XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
ret = SIG_TYPE_E;
#endif
if (ret == SIG_TYPE_E) {
ret = 0;
}else {
ret = WOLFSSL_FATAL_ERROR;
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif /* NO_SIG_WRAPPER */
return ret;
}/* END test_wc_SignatureGetSize_rsa(void) */
/*----------------------------------------------------------------------------*
| hash.h Tests
*----------------------------------------------------------------------------*/
static int test_wc_HashInit(void)
{
int ret = 0, i; /* 0 indicates tests passed, 1 indicates failure */
wc_HashAlg hash;
/* enum for holding supported algorithms, #ifndef's restrict if disabled */
enum wc_HashType enumArray[] = {
#ifndef NO_MD5
WC_HASH_TYPE_MD5,
#endif
#ifndef NO_SHA
WC_HASH_TYPE_SHA,
#endif
#ifndef WOLFSSL_SHA224
WC_HASH_TYPE_SHA224,
#endif
#ifndef NO_SHA256
WC_HASH_TYPE_SHA256,
#endif
#ifndef WOLFSSL_SHA384
WC_HASH_TYPE_SHA384,
#endif
#ifndef WOLFSSL_SHA512
WC_HASH_TYPE_SHA512,
#endif
};
/* dynamically finds the length */
int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType));
/* For loop to test various arguments... */
for (i = 0; i < enumlen; i++) {
/* check for bad args */
if (wc_HashInit(&hash, enumArray[i]) == BAD_FUNC_ARG) {
ret = 1;
break;
}
wc_HashFree(&hash, enumArray[i]);
/* check for null ptr */
if (wc_HashInit(NULL, enumArray[i]) != BAD_FUNC_ARG) {
ret = 1;
break;
}
} /* end of for loop */
printf(testingFmt, "wc_HashInit()");
if (ret==0) { /* all tests have passed */
printf(resultFmt, passed);
}
else { /* a test has failed */
printf(resultFmt, failed);
}
return ret;
} /* end of test_wc_HashInit */
/*
* Unit test function for wc_HashSetFlags()
*/
static int test_wc_HashSetFlags(void)
{
int ret = 0;
#ifdef WOLFSSL_HASH_FLAGS
wc_HashAlg hash;
word32 flags = 0;
int i, j;
printf(testingFmt, "wc_HashSetFlags()");
/* enum for holding supported algorithms, #ifndef's restrict if disabled */
enum wc_HashType enumArray[] = {
#ifndef NO_MD5
WC_HASH_TYPE_MD5,
#endif
#ifndef NO_SHA
WC_HASH_TYPE_SHA,
#endif
#ifdef WOLFSSL_SHA224
WC_HASH_TYPE_SHA224,
#endif
#ifndef NO_SHA256
WC_HASH_TYPE_SHA256,
#endif
#ifdef WOLFSSL_SHA384
WC_HASH_TYPE_SHA384,
#endif
#ifdef WOLFSSL_SHA512
WC_HASH_TYPE_SHA512,
#endif
#ifdef WOLFSSL_SHA3
WC_HASH_TYPE_SHA3_224,
#endif
};
enum wc_HashType notSupported[] = {
WC_HASH_TYPE_MD5_SHA,
WC_HASH_TYPE_MD2,
WC_HASH_TYPE_MD4,
WC_HASH_TYPE_BLAKE2B,
WC_HASH_TYPE_BLAKE2S,
WC_HASH_TYPE_NONE,
};
/* dynamically finds the length */
int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType));
/* For loop to test various arguments... */
for (i = 0; i < enumlen; i++) {
ret = wc_HashInit(&hash, enumArray[i]);
if (ret == 0) {
ret = wc_HashSetFlags(&hash, enumArray[i], flags);
}
if (ret == 0) {
if (flags & WC_HASH_FLAG_ISCOPY) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_HashSetFlags(NULL, enumArray[i], flags);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
wc_HashFree(&hash, enumArray[i]);
}
/* For loop to test not supported cases */
int notSupportedLen = (sizeof(notSupported)/sizeof(enum wc_HashType));
for (j = 0; ret == 0 && j < notSupportedLen; j++){
ret = wc_HashInit(&hash, notSupported[j]);
if (ret == 0) {
ret = -1;
}
else if (ret == BAD_FUNC_ARG){
ret = wc_HashSetFlags(&hash, notSupported[j], flags);
if (ret == 0) {
ret = -1;
}
else if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_HashFree(&hash, notSupported[j]);
if (ret == 0) {
ret = -1;
}
else if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_HashSetFlags */
/*
* Unit test function for wc_HashGetFlags()
*/
static int test_wc_HashGetFlags(void)
{
int ret = 0;
#ifdef WOLFSSL_HASH_FLAGS
wc_HashAlg hash;
word32 flags = 0;
int i, j;
printf(testingFmt, "wc_HashGetFlags()");
/* enum for holding supported algorithms, #ifndef's restrict if disabled */
enum wc_HashType enumArray[] = {
#ifndef NO_MD5
WC_HASH_TYPE_MD5,
#endif
#ifndef NO_SHA
WC_HASH_TYPE_SHA,
#endif
#ifdef WOLFSSL_SHA224
WC_HASH_TYPE_SHA224,
#endif
#ifndef NO_SHA256
WC_HASH_TYPE_SHA256,
#endif
#ifdef WOLFSSL_SHA384
WC_HASH_TYPE_SHA384,
#endif
#ifdef WOLFSSL_SHA512
WC_HASH_TYPE_SHA512,
#endif
#ifdef WOLFSSL_SHA3
WC_HASH_TYPE_SHA3_224,
#endif
};
enum wc_HashType notSupported[] = {
WC_HASH_TYPE_MD5_SHA,
WC_HASH_TYPE_MD2,
WC_HASH_TYPE_MD4,
WC_HASH_TYPE_BLAKE2B,
WC_HASH_TYPE_BLAKE2S,
WC_HASH_TYPE_NONE,
};
int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType));
/* For loop to test various arguments... */
for (i = 0; i < enumlen; i++) {
ret = wc_HashInit(&hash, enumArray[i]);
if (ret == 0) {
ret = wc_HashGetFlags(&hash, enumArray[i], &flags);
}
if (ret == 0) {
if (flags & WC_HASH_FLAG_ISCOPY) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_HashGetFlags(NULL, enumArray[i], &flags);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
wc_HashFree(&hash, enumArray[i]);
if (ret != 0) {
break;
}
}
/* For loop to test not supported cases */
int notSupportedLen = (sizeof(notSupported)/sizeof(enum wc_HashType));
for (j = 0; ret == 0 && j < notSupportedLen; j++){
ret = wc_HashInit(&hash, notSupported[j]);
if (ret == 0) {
ret = -1;
}
else if (ret == BAD_FUNC_ARG){
ret = wc_HashGetFlags(&hash, notSupported[j], &flags);
if (ret == 0) {
ret = -1;
}
else if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_HashFree(&hash, notSupported[j]);
if (ret == 0) {
ret = -1;
}
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
} /* END test_wc_HashGetFlags */
/*----------------------------------------------------------------------------*
| Compatibility Tests
*----------------------------------------------------------------------------*/
static void test_wolfSSL_lhash(void)
{
#ifdef OPENSSL_ALL
const char testStr[] = "Like a true nature's child\n"
"We were born\n"
"Born to be wild";
printf(testingFmt, "wolfSSL_LH_strhash()");
AssertIntEQ(lh_strhash(testStr), 0x5b7541dc);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_NAME(void)
{
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
!defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
&& !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT) || \
defined(OPENSSL_EXTRA))
X509* x509;
const unsigned char* c;
unsigned char buf[4096];
int bytes;
XFILE f;
const X509_NAME* a;
const X509_NAME* b;
X509_NAME* d2i_name = NULL;
int sz;
unsigned char* tmp;
char file[] = "./certs/ca-cert.der";
#ifndef OPENSSL_EXTRA_X509_SMALL
byte empty[] = { /* CN=empty emailAddress= */
0x30, 0x21, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03,
0x55, 0x04, 0x03, 0x0C, 0x05, 0x65, 0x6D, 0x70,
0x74, 0x79, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x09,
0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09,
0x01, 0x16, 0x00
};
#endif
printf(testingFmt, "wolfSSL_X509_NAME()");
#ifndef OPENSSL_EXTRA_X509_SMALL
/* test compile of deprecated function, returns 0 */
AssertIntEQ(CRYPTO_thread_id(), 0);
#endif
AssertNotNull(a = X509_NAME_new());
X509_NAME_free((X509_NAME*)a);
f = XFOPEN(file, "rb");
AssertTrue(f != XBADFILE);
bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
c = buf;
AssertNotNull(x509 = wolfSSL_X509_d2i(NULL, c, bytes));
/* test cmp function */
AssertNotNull(a = X509_get_issuer_name(x509));
AssertNotNull(b = X509_get_subject_name(x509));
#ifndef OPENSSL_EXTRA_X509_SMALL
AssertIntEQ(X509_NAME_cmp(a, b), 0); /* self signed should be 0 */
#endif
tmp = buf;
AssertIntGT((sz = i2d_X509_NAME((X509_NAME*)a, &tmp)), 0);
if (sz > 0 && tmp == buf) {
printf("\nERROR - %s line %d failed with:", __FILE__, __LINE__);
printf(" Expected pointer to be incremented\n");
abort();
}
#ifndef OPENSSL_EXTRA_X509_SMALL
tmp = buf;
AssertNotNull(d2i_name = d2i_X509_NAME(NULL, &tmp, sz));
#endif
/* retry but with the function creating a buffer */
tmp = NULL;
AssertIntGT((sz = i2d_X509_NAME((X509_NAME*)b, &tmp)), 0);
XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);
AssertNotNull(b = X509_NAME_dup((X509_NAME*)a));
#ifndef OPENSSL_EXTRA_X509_SMALL
AssertIntEQ(X509_NAME_cmp(a, b), 0);
#endif
X509_NAME_free((X509_NAME*)b);
X509_NAME_free(d2i_name);
X509_free(x509);
#ifndef OPENSSL_EXTRA_X509_SMALL
/* test with an empty domain component */
tmp = empty;
sz = sizeof(empty);
AssertNotNull(d2i_name = d2i_X509_NAME(NULL, &tmp, sz));
AssertIntEQ(X509_NAME_entry_count(d2i_name), 2);
/* size of empty emailAddress will be 0 */
tmp = buf;
AssertIntEQ(X509_NAME_get_text_by_NID(d2i_name, NID_emailAddress,
(char*)tmp, sizeof(buf)), 0);
/* should contain no organization name */
tmp = buf;
AssertIntEQ(X509_NAME_get_text_by_NID(d2i_name, NID_organizationName,
(char*)tmp, sizeof(buf)), -1);
X509_NAME_free(d2i_name);
#endif
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_DES3) */
}
static void test_wolfSSL_X509_NAME_hash(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) \
&& !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_BIO)
BIO* bio;
X509* x509 = NULL;
printf(testingFmt, "wolfSSL_X509_NAME_hash");
AssertNotNull(bio = BIO_new(BIO_s_file()));
AssertIntGT(BIO_read_filename(bio, svrCertFile), 0);
AssertNotNull(PEM_read_bio_X509(bio, &x509, NULL, NULL));
AssertIntEQ(X509_NAME_hash(X509_get_subject_name(x509)), 0x137DC03F);
AssertIntEQ(X509_NAME_hash(X509_get_issuer_name(x509)), 0xFDB2DA4);
X509_free(x509);
BIO_free(bio);
printf(resultFmt, passed);
#endif
}
#ifndef NO_BIO
static void test_wolfSSL_X509_INFO_multiple_info(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_RSA)
STACK_OF(X509_INFO) *info_stack;
X509_INFO *info;
int len;
int i;
const char* files[] = {
cliCertFile,
cliKeyFile,
/* This needs to be the order as svrCertFile contains the
* intermediate cert as well. */
svrKeyFile,
svrCertFile,
NULL,
};
const char** curFile;
BIO *fileBIO;
BIO *concatBIO = NULL;
byte tmp[FOURK_BUF];
/* concatenate the cert and the key file to force PEM_X509_INFO_read_bio
* to group objects together. */
AssertNotNull(concatBIO = BIO_new(BIO_s_mem()));
for (curFile = files; *curFile != NULL; curFile++) {
int fileLen;
AssertNotNull(fileBIO = BIO_new_file(*curFile, "rb"));
fileLen = wolfSSL_BIO_get_len(fileBIO);
while ((len = BIO_read(fileBIO, tmp, sizeof(tmp))) > 0) {
AssertIntEQ(BIO_write(concatBIO, tmp, len), len);
fileLen -= len;
}
/* Make sure we read the entire file */
AssertIntEQ(fileLen, 0);
BIO_free(fileBIO);
}
AssertNotNull(info_stack = PEM_X509_INFO_read_bio(concatBIO, NULL, NULL,
NULL));
AssertIntEQ(sk_X509_INFO_num(info_stack), 3);
for (i = 0; i < sk_X509_INFO_num(info_stack); i++) {
AssertNotNull(info = sk_X509_INFO_value(info_stack, i));
AssertNotNull(info->x509);
AssertNull(info->crl);
if (i != 0) {
AssertNotNull(info->x_pkey);
AssertIntEQ(X509_check_private_key(info->x509,
info->x_pkey->dec_pkey), 1);
}
else {
AssertNull(info->x_pkey);
}
}
sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
BIO_free(concatBIO);
#endif
}
#endif
#ifndef NO_BIO
static void test_wolfSSL_X509_INFO(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_RSA)
STACK_OF(X509_INFO) *info_stack;
X509_INFO *info;
BIO *cert;
int i;
/* PEM in hex format to avoid null terminator */
byte data[] = {
0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47,
0x49, 0x4e, 0x20, 0x43, 0x45, 0x52, 0x54, 0x63, 0x2d, 0x2d, 0x2d, 0x2d,
0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x44, 0x4d, 0x54, 0x42, 0x75, 0x51, 0x3d,
0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x2d, 0x2d,
0x2d, 0x2d, 0x2d
};
/* PEM in hex format to avoid null terminator */
byte data2[] = {
0x41, 0x53, 0x4e, 0x31, 0x20, 0x4f, 0x49, 0x44, 0x3a, 0x20, 0x70, 0x72,
0x69, 0x6d, 0x65, 0x32, 0x35, 0x36, 0x76, 0x31, 0x0a, 0x2d, 0x2d, 0x2d,
0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x45, 0x43, 0x20, 0x50,
0x41, 0x52, 0x41, 0x4d, 0x45, 0x54, 0x45, 0x52, 0x53, 0x2d, 0x2d, 0x2d,
0x2d, 0x43, 0x65, 0x72, 0x74, 0x69, 0x2d, 0x0a, 0x42, 0x67, 0x67, 0x71,
0x68, 0x6b, 0x6a, 0x4f, 0x50, 0x51, 0x4d, 0x42, 0x42, 0x77, 0x3d, 0x3d,
0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d
};
printf(testingFmt, "wolfSSL_X509_INFO");
AssertNotNull(cert = BIO_new_file(cliCertFileExt, "rb"));
AssertNotNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL));
for (i = 0; i < sk_X509_INFO_num(info_stack); i++) {
AssertNotNull(info = sk_X509_INFO_value(info_stack, i));
AssertNotNull(info->x509);
AssertNull(info->crl);
AssertNull(info->x_pkey);
}
sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
BIO_free(cert);
AssertNotNull(cert = BIO_new_file(cliCertFileExt, "rb"));
AssertNotNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL));
sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
BIO_free(cert);
/* This case should fail due to invalid input. */
AssertNotNull(cert = BIO_new(BIO_s_mem()));
AssertIntEQ(BIO_write(cert, data, sizeof(data)), sizeof(data));
AssertNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL));
sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
BIO_free(cert);
AssertNotNull(cert = BIO_new(BIO_s_mem()));
AssertIntEQ(BIO_write(cert, data2, sizeof(data2)), sizeof(data2));
AssertNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL));
sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
BIO_free(cert);
printf(resultFmt, passed);
#endif
}
#endif
static void test_wolfSSL_X509_subject_name_hash(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
&& !defined(NO_RSA) && (!defined(NO_SHA) || !defined(NO_SHA256))
X509* x509;
X509_NAME* subjectName = NULL;
unsigned long ret = 0;
printf(testingFmt, "wolfSSL_X509_subject_name_hash()");
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
SSL_FILETYPE_PEM));
AssertNotNull(subjectName = wolfSSL_X509_get_subject_name(x509));
ret = X509_subject_name_hash(x509);
AssertIntNE(ret, 0);
X509_free(x509);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_issuer_name_hash(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
&& !defined(NO_RSA) && (!defined(NO_SHA) || !defined(NO_SHA256))
X509* x509;
X509_NAME* issuertName = NULL;
unsigned long ret = 0;
printf(testingFmt, "wolfSSL_X509_issuer_name_hash()");
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
SSL_FILETYPE_PEM));
AssertNotNull(issuertName = wolfSSL_X509_get_issuer_name(x509));
ret = X509_issuer_name_hash(x509);
AssertIntNE(ret, 0);
X509_free(x509);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_check_host(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
&& !defined(NO_SHA) && !defined(NO_RSA)
X509* x509;
const char altName[] = "example.com";
printf(testingFmt, "wolfSSL_X509_check_host()");
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
SSL_FILETYPE_PEM));
AssertIntEQ(X509_check_host(x509, altName, XSTRLEN(altName), 0, NULL),
WOLFSSL_SUCCESS);
AssertIntEQ(X509_check_host(x509, NULL, 0, 0, NULL),
WOLFSSL_FAILURE);
X509_free(x509);
AssertIntEQ(X509_check_host(NULL, altName, XSTRLEN(altName), 0, NULL),
WOLFSSL_FAILURE);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_check_email(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA)
X509* x509;
const char goodEmail[] = "info@wolfssl.com";
const char badEmail[] = "disinfo@wolfssl.com";
printf(testingFmt, "wolfSSL_X509_check_email()");
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
SSL_FILETYPE_PEM));
/* Should fail on non-matching email address */
AssertIntEQ(wolfSSL_X509_check_email(x509, badEmail, XSTRLEN(badEmail), 0),
WOLFSSL_FAILURE);
/* Should succeed on matching email address */
AssertIntEQ(wolfSSL_X509_check_email(x509, goodEmail, XSTRLEN(goodEmail), 0),
WOLFSSL_SUCCESS);
/* Should compute length internally when not provided */
AssertIntEQ(wolfSSL_X509_check_email(x509, goodEmail, 0, 0),
WOLFSSL_SUCCESS);
/* Should fail when email address is NULL */
AssertIntEQ(wolfSSL_X509_check_email(x509, NULL, 0, 0),
WOLFSSL_FAILURE);
X509_free(x509);
/* Should fail when x509 is NULL */
AssertIntEQ(wolfSSL_X509_check_email(NULL, goodEmail, 0, 0),
WOLFSSL_FAILURE);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && WOLFSSL_CERT_GEN */
}
static void test_wolfSSL_DES(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_DES3)
const_DES_cblock myDes;
DES_cblock iv;
DES_key_schedule key;
word32 i;
DES_LONG dl;
unsigned char msg[] = "hello wolfssl";
printf(testingFmt, "wolfSSL_DES()");
DES_check_key(1);
DES_set_key(&myDes, &key);
/* check, check of odd parity */
XMEMSET(myDes, 4, sizeof(const_DES_cblock)); myDes[0] = 6; /*set even parity*/
XMEMSET(key, 5, sizeof(DES_key_schedule));
AssertIntEQ(DES_set_key_checked(&myDes, &key), -1);
AssertIntNE(key[0], myDes[0]); /* should not have copied over key */
/* set odd parity for success case */
DES_set_odd_parity(&myDes);
AssertIntEQ(DES_check_key_parity(&myDes), 1);
printf("%02x %02x %02x %02x", myDes[0], myDes[1], myDes[2], myDes[3]);
AssertIntEQ(DES_set_key_checked(&myDes, &key), 0);
for (i = 0; i < sizeof(DES_key_schedule); i++) {
AssertIntEQ(key[i], myDes[i]);
}
AssertIntEQ(DES_is_weak_key(&myDes), 0);
/* check weak key */
XMEMSET(myDes, 1, sizeof(const_DES_cblock));
XMEMSET(key, 5, sizeof(DES_key_schedule));
AssertIntEQ(DES_set_key_checked(&myDes, &key), -2);
AssertIntNE(key[0], myDes[0]); /* should not have copied over key */
/* now do unchecked copy of a weak key over */
DES_set_key_unchecked(&myDes, &key);
/* compare arrays, should be the same */
for (i = 0; i < sizeof(DES_key_schedule); i++) {
AssertIntEQ(key[i], myDes[i]);
}
AssertIntEQ(DES_is_weak_key(&myDes), 1);
/* check DES_key_sched API */
XMEMSET(key, 1, sizeof(DES_key_schedule));
AssertIntEQ(DES_key_sched(&myDes, NULL), 0);
AssertIntEQ(DES_key_sched(NULL, &key), 0);
AssertIntEQ(DES_key_sched(&myDes, &key), 0);
/* compare arrays, should be the same */
for (i = 0; i < sizeof(DES_key_schedule); i++) {
AssertIntEQ(key[i], myDes[i]);
}
/* DES_cbc_cksum should return the last 4 of the last 8 bytes after
* DES_cbc_encrypt on the input */
XMEMSET(iv, 0, sizeof(DES_cblock));
XMEMSET(myDes, 5, sizeof(DES_key_schedule));
AssertIntGT((dl = DES_cbc_cksum(msg, &key, sizeof(msg), &myDes, &iv)), 0);
AssertIntEQ(dl, 480052723);
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_DES3) */
}
static void test_wc_PemToDer(void)
{
#if !defined(NO_CERTS) && defined(WOLFSSL_PEM_TO_DER)
int ret;
DerBuffer* pDer = NULL;
const char* ca_cert = "./certs/server-cert.pem";
byte* cert_buf = NULL;
size_t cert_sz = 0;
int eccKey = 0;
EncryptedInfo info;
printf(testingFmt, "wc_PemToDer()");
XMEMSET(&info, 0, sizeof(info));
ret = load_file(ca_cert, &cert_buf, &cert_sz);
if (ret == 0) {
ret = wc_PemToDer(cert_buf, cert_sz, CERT_TYPE,
&pDer, NULL, &info, &eccKey);
AssertIntEQ(ret, 0);
wc_FreeDer(&pDer);
}
if (cert_buf)
free(cert_buf);
#ifdef HAVE_ECC
{
const char* ecc_private_key = "./certs/ecc-privOnlyKey.pem";
byte key_buf[256] = {0};
/* Test fail of loading a key with cert type */
AssertIntEQ(load_file(ecc_private_key, &cert_buf, &cert_sz), 0);
key_buf[0] = '\n';
XMEMCPY(key_buf + 1, cert_buf, cert_sz);
AssertIntNE((ret = wc_PemToDer(key_buf, cert_sz + 1, CERT_TYPE,
&pDer, NULL, &info, &eccKey)), 0);
#ifdef OPENSSL_EXTRA
AssertIntEQ((ret = wc_PemToDer(key_buf, cert_sz + 1, PRIVATEKEY_TYPE,
&pDer, NULL, &info, &eccKey)), 0);
#endif
wc_FreeDer(&pDer);
if (cert_buf)
free(cert_buf);
}
#endif
printf(resultFmt, passed);
#endif
}
static void test_wc_AllocDer(void)
{
#if !defined(NO_CERTS)
int ret;
DerBuffer* pDer = NULL;
word32 testSize = 1024;
printf(testingFmt, "wc_AllocDer()");
ret = wc_AllocDer(&pDer, testSize, CERT_TYPE, HEAP_HINT);
AssertIntEQ(ret, 0);
AssertNotNull(pDer);
wc_FreeDer(&pDer);
printf(resultFmt, passed);
#endif
}
static void test_wc_CertPemToDer(void)
{
#if !defined(NO_CERTS) && defined(WOLFSSL_PEM_TO_DER)
int ret;
const char* ca_cert = "./certs/ca-cert.pem";
byte* cert_buf = NULL;
size_t cert_sz = 0, cert_dersz = 0;
byte* cert_der = NULL;
printf(testingFmt, "wc_CertPemToDer()");
ret = load_file(ca_cert, &cert_buf, &cert_sz);
if (ret == 0) {
cert_dersz = cert_sz; /* DER will be smaller than PEM */
cert_der = (byte*)malloc(cert_dersz);
if (cert_der) {
ret = wc_CertPemToDer(cert_buf, (int)cert_sz,
cert_der, (int)cert_dersz, CERT_TYPE);
AssertIntGE(ret, 0);
}
}
if (cert_der)
free(cert_der);
if (cert_buf)
free(cert_buf);
printf(resultFmt, passed);
#endif
}
static void test_wc_PubKeyPemToDer(void)
{
#ifdef WOLFSSL_PEM_TO_DER
#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)
int ret;
const char* key = "./certs/ecc-client-keyPub.pem";
byte* cert_buf = NULL;
size_t cert_sz = 0, cert_dersz = 0;
byte* cert_der = NULL;
printf(testingFmt, "wc_PubKeyPemToDer()");
ret = wc_PubKeyPemToDer(cert_buf, (int)cert_sz,
cert_der, (int)cert_dersz);
AssertIntGE(ret, BAD_FUNC_ARG);
ret = load_file(key, &cert_buf, &cert_sz);
if (ret == 0) {
cert_dersz = cert_sz; /* DER will be smaller than PEM */
cert_der = (byte*)malloc(cert_dersz);
if (cert_der) {
ret = wc_PubKeyPemToDer(cert_buf, (int)cert_sz,
cert_der, (int)cert_dersz);
AssertIntGE(ret, 0);
}
}
if (cert_der)
free(cert_der);
if (cert_buf)
free(cert_buf);
printf(resultFmt, passed);
#endif
#endif
}
static void test_wc_PemPubKeyToDer(void)
{
#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)
int ret;
const char* key = "./certs/ecc-client-keyPub.pem";
size_t cert_dersz = 1024;
byte* cert_der = (byte*)malloc(cert_dersz);
printf(testingFmt, "wc_PemPubKeyToDer()");
ret = wc_PemPubKeyToDer(NULL, cert_der, (int)cert_dersz);
AssertIntGE(ret, BAD_FUNC_ARG);
if (cert_der) {
ret = wc_PemPubKeyToDer(key, cert_der, (int)cert_dersz);
AssertIntGE(ret, 0);
free(cert_der);
}
printf(resultFmt, passed);
#endif
}
static void test_wc_GetPubKeyDerFromCert(void)
{
#if !defined(NO_RSA) || defined(HAVE_ECC)
int ret;
word32 idx = 0;
byte keyDer[TWOK_BUF]; /* large enough for up to RSA 2048 */
word32 keyDerSz = (word32)sizeof(keyDer);
DecodedCert decoded;
#if !defined(NO_RSA) && defined(WOLFSSL_CERT_REQ)
byte certBuf[6000]; /* for PEM and CSR, client-cert.pem is 5-6kB */
word32 certBufSz = sizeof(certBuf);
#endif
#if (!defined(USE_CERT_BUFFERS_2048) && !defined(USE_CERT_BUFFERS_1024)) || \
defined(WOLFSSL_CERT_REQ)
XFILE fp;
#endif
#ifndef NO_RSA
RsaKey rsaKey;
#if defined(USE_CERT_BUFFERS_2048)
byte* rsaCertDer = (byte*)client_cert_der_2048;
word32 rsaCertDerSz = sizeof_client_cert_der_2048;
#elif defined(USE_CERT_BUFFERS_1024)
byte* rsaCertDer = (byte*)client_cert_der_1024;
word32 rsaCertDerSz = sizeof_client_cert_der_1024;
#else
unsigned char rsaCertDer[TWOK_BUF];
word32 rsaCertDerSz;
#endif
#endif
#ifdef HAVE_ECC
ecc_key eccKey;
#if defined(USE_CERT_BUFFERS_256)
byte* eccCert = (byte*)cliecc_cert_der_256;
word32 eccCertSz = sizeof_cliecc_cert_der_256;
#else
unsigned char eccCert[ONEK_BUF];
word32 eccCertSz;
XFILE fp2;
#endif
#endif
printf(testingFmt, "wc_GetPubKeyDerFromCert()");
#ifndef NO_RSA
#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
fp = XFOPEN("./certs/1024/client-cert.der", "rb");
AssertTrue((fp != XBADFILE));
rsaCertDerSz = (word32)XFREAD(rsaCertDer, 1, sizeof(rsaCertDer), fp);
XFCLOSE(fp);
#endif
/* good test case - RSA DER cert */
wc_InitDecodedCert(&decoded, rsaCertDer, rsaCertDerSz, NULL);
ret = wc_ParseCert(&decoded, CERT_TYPE, NO_VERIFY, NULL);
AssertIntEQ(ret, 0);
ret = wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz);
AssertIntEQ(ret, 0);
AssertIntGT(keyDerSz, 0);
/* sanity check, verify we can import DER public key */
ret = wc_InitRsaKey(&rsaKey, NULL);
AssertIntEQ(ret, 0);
ret = wc_RsaPublicKeyDecode(keyDer, &idx, &rsaKey, keyDerSz);
AssertIntEQ(ret, 0);
wc_FreeRsaKey(&rsaKey);
/* test LENGTH_ONLY_E case */
keyDerSz = 0;
ret = wc_GetPubKeyDerFromCert(&decoded, NULL, &keyDerSz);
AssertIntEQ(ret, LENGTH_ONLY_E);
AssertIntGT(keyDerSz, 0);
/* bad args: DecodedCert NULL */
ret = wc_GetPubKeyDerFromCert(NULL, keyDer, &keyDerSz);
AssertIntEQ(ret, BAD_FUNC_ARG);
/* bad args: output key buff size */
ret = wc_GetPubKeyDerFromCert(&decoded, keyDer, NULL);
AssertIntEQ(ret, BAD_FUNC_ARG);
/* bad args: zero size output key buffer */
keyDerSz = 0;
ret = wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz);
AssertIntEQ(ret, BAD_FUNC_ARG);
wc_FreeDecodedCert(&decoded);
/* Certificate Request Tests */
#ifdef WOLFSSL_CERT_REQ
{
XMEMSET(certBuf, 0, sizeof(certBuf));
fp = XFOPEN("./certs/csr.signed.der", "rb");
AssertTrue((fp != XBADFILE));
certBufSz = (word32)XFREAD(certBuf, 1, certBufSz, fp);
XFCLOSE(fp);
wc_InitDecodedCert(&decoded, certBuf, certBufSz, NULL);
ret = wc_ParseCert(&decoded, CERTREQ_TYPE, NO_VERIFY, NULL);
AssertIntEQ(ret, 0);
/* good test case - RSA DER certificate request */
keyDerSz = sizeof(keyDer);
ret = wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz);
AssertIntEQ(ret, 0);
AssertIntGT(keyDerSz, 0);
/* sanity check, verify we can import DER public key */
ret = wc_InitRsaKey(&rsaKey, NULL);
AssertIntEQ(ret, 0);
idx = 0;
ret = wc_RsaPublicKeyDecode(keyDer, &idx, &rsaKey, keyDerSz);
AssertIntEQ(ret, 0);
wc_FreeRsaKey(&rsaKey);
wc_FreeDecodedCert(&decoded);
}
#endif /* WOLFSSL_CERT_REQ */
#endif /* NO_RSA */
#ifdef HAVE_ECC
#ifndef USE_CERT_BUFFERS_256
fp2 = XFOPEN("./certs/client-ecc-cert.der", "rb");
AssertTrue((fp2 != XBADFILE));
eccCertSz = (word32)XFREAD(eccCert, 1, ONEK_BUF, fp2);
XFCLOSE(fp2);
#endif
wc_InitDecodedCert(&decoded, eccCert, eccCertSz, NULL);
ret = wc_ParseCert(&decoded, CERT_TYPE, NO_VERIFY, NULL);
AssertIntEQ(ret, 0);
/* good test case - ECC */
XMEMSET(keyDer, 0, sizeof(keyDer));
keyDerSz = sizeof(keyDer);
ret = wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz);
AssertIntEQ(ret, 0);
AssertIntGT(keyDerSz, 0);
/* sanity check, verify we can import DER public key */
ret = wc_ecc_init(&eccKey);
AssertIntEQ(ret, 0);
idx = 0; /* reset idx to 0, used above in RSA case */
ret = wc_EccPublicKeyDecode(keyDer, &idx, &eccKey, keyDerSz);
AssertIntEQ(ret, 0);
wc_ecc_free(&eccKey);
/* test LENGTH_ONLY_E case */
keyDerSz = 0;
ret = wc_GetPubKeyDerFromCert(&decoded, NULL, &keyDerSz);
AssertIntEQ(ret, LENGTH_ONLY_E);
AssertIntGT(keyDerSz, 0);
wc_FreeDecodedCert(&decoded);
#endif
printf(resultFmt, passed);
#endif /* !NO_RSA || HAVE_ECC */
}
static void test_wolfSSL_certs(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
!defined(NO_RSA)
X509* x509ext;
#ifdef OPENSSL_ALL
X509* x509;
WOLFSSL_X509_EXTENSION* ext;
ASN1_OBJECT* obj;
#endif
WOLFSSL* ssl;
WOLFSSL_CTX* ctx;
STACK_OF(ASN1_OBJECT)* sk;
ASN1_STRING* asn1_str;
AUTHORITY_KEYID* akey;
BASIC_CONSTRAINTS* bc;
int crit;
printf(testingFmt, "wolfSSL_certs()");
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(SSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(SSLv23_client_method()));
#endif
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(SSL_CTX_check_private_key(ctx), SSL_FAILURE);
#endif
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(SSL_CTX_check_private_key(ctx), SSL_SUCCESS);
#endif
AssertNotNull(ssl = SSL_new(ctx));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
#ifdef HAVE_PK_CALLBACKS
AssertIntEQ((int)SSL_set_tlsext_debug_arg(ssl, NULL), WOLFSSL_SUCCESS);
#endif /* HAVE_PK_CALLBACKS */
/* create and use x509 */
#ifdef OPENSSL_ALL
x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM);
AssertNotNull(x509);
#endif
x509ext = wolfSSL_X509_load_certificate_file(cliCertFileExt, WOLFSSL_FILETYPE_PEM);
AssertNotNull(x509ext);
AssertIntEQ(SSL_use_certificate(ssl, x509ext), WOLFSSL_SUCCESS);
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
/* with loading in a new cert the check on private key should now fail */
AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
#if defined(USE_CERT_BUFFERS_2048)
AssertIntEQ(SSL_use_certificate_ASN1(ssl,
(unsigned char*)server_cert_der_2048,
sizeof_server_cert_der_2048), WOLFSSL_SUCCESS);
#endif
#if !defined(NO_SHA) && !defined(NO_SHA256) && !defined(NO_PWDBASED)
/************* Get Digest of Certificate ******************/
{
byte digest[64]; /* max digest size */
word32 digestSz;
XMEMSET(digest, 0, sizeof(digest));
AssertIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha1(), digest, &digestSz),
WOLFSSL_SUCCESS);
AssertIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha256(), digest, &digestSz),
WOLFSSL_SUCCESS);
AssertIntEQ(X509_digest(NULL, wolfSSL_EVP_sha1(), digest, &digestSz),
WOLFSSL_FAILURE);
}
#endif /* !NO_SHA && !NO_SHA256 && !NO_PWDBASED */
/* test and checkout X509 extensions */
bc = (BASIC_CONSTRAINTS*)X509_get_ext_d2i(x509ext, NID_basic_constraints,
&crit, NULL);
AssertNotNull(bc);
AssertIntEQ(crit, 0);
#ifdef OPENSSL_ALL
ext = X509V3_EXT_i2d(NID_basic_constraints, crit, bc);
AssertNotNull(ext);
X509_EXTENSION_free(ext);
AssertNotNull(ext = X509_EXTENSION_new());
X509_EXTENSION_set_critical(ext, 1);
AssertNotNull(obj = OBJ_nid2obj(NID_basic_constraints));
AssertIntEQ(X509_EXTENSION_set_object(ext, obj), SSL_SUCCESS);
ASN1_OBJECT_free(obj);
X509_EXTENSION_free(ext);
AssertNotNull(ext = X509_EXTENSION_new());
X509_EXTENSION_set_critical(ext, 0);
AssertIntEQ(X509_EXTENSION_set_data(ext, NULL), SSL_FAILURE);
asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext, NID_key_usage, &crit,
NULL);
AssertIntEQ(X509_EXTENSION_set_data(ext, asn1_str), SSL_SUCCESS);
ASN1_STRING_free(asn1_str); /* X509_EXTENSION_set_data has made a copy
* and X509_get_ext_d2i has created new */
X509_EXTENSION_free(ext);
#endif
BASIC_CONSTRAINTS_free(bc);
asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext, NID_key_usage, &crit, NULL);
AssertNotNull(asn1_str);
AssertIntEQ(crit, 1);
AssertIntEQ(asn1_str->type, NID_key_usage);
#ifdef OPENSSL_ALL
ext = X509V3_EXT_i2d(NID_key_usage, crit, asn1_str);
AssertNotNull(ext);
X509_EXTENSION_free(ext);
#endif
ASN1_STRING_free(asn1_str);
#ifdef OPENSSL_ALL
sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_ext_key_usage,
&crit, NULL);
AssertNotNull(sk);
ext = X509V3_EXT_i2d(NID_ext_key_usage, crit, sk);
AssertNotNull(ext);
X509_EXTENSION_free(ext);
sk_ASN1_OBJECT_pop_free(sk, NULL);
#else
sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_ext_key_usage,
&crit, NULL);
AssertNull(sk);
#endif
akey = (AUTHORITY_KEYID*)X509_get_ext_d2i(x509ext,
NID_authority_key_identifier, &crit, NULL);
AssertNotNull(akey);
#ifdef OPENSSL_ALL
ext = X509V3_EXT_i2d(NID_authority_key_identifier, crit, akey);
AssertNotNull(ext);
X509_EXTENSION_free(ext);
#endif
wolfSSL_AUTHORITY_KEYID_free(akey);
sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext,
NID_private_key_usage_period, &crit, NULL);
/* AssertNotNull(sk); NID not yet supported */
AssertIntEQ(crit, -1);
sk_ASN1_OBJECT_free(sk);
sk = (STACK_OF(GENERAL_NAME)*)X509_get_ext_d2i(x509ext, NID_subject_alt_name,
&crit, NULL);
/* AssertNotNull(sk); no alt names set */
sk_GENERAL_NAME_free(sk);
sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_issuer_alt_name,
&crit, NULL);
/* AssertNotNull(sk); NID not yet supported */
AssertIntEQ(crit, -1);
sk_ASN1_OBJECT_free(sk);
sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_info_access, &crit,
NULL);
/* AssertNotNull(sk); no auth info set */
sk_ASN1_OBJECT_free(sk);
sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_sinfo_access,
&crit, NULL);
/* AssertNotNull(sk); NID not yet supported */
AssertIntEQ(crit, -1);
sk_ASN1_OBJECT_free(sk);
sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_name_constraints,
&crit, NULL);
/* AssertNotNull(sk); NID not yet supported */
AssertIntEQ(crit, -1);
sk_ASN1_OBJECT_free(sk);
sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext,
NID_certificate_policies, &crit, NULL);
#if !defined(WOLFSSL_SEP) && !defined(WOLFSSL_CERT_EXT)
AssertNull(sk);
#else
/* AssertNotNull(sk); no cert policy set */
#endif
sk_ASN1_OBJECT_free(sk);
sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_policy_mappings,
&crit, NULL);
/* AssertNotNull(sk); NID not yet supported */
AssertIntEQ(crit, -1);
sk_ASN1_OBJECT_free(sk);
sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_policy_constraints,
&crit, NULL);
/* AssertNotNull(sk); NID not yet supported */
AssertIntEQ(crit, -1);
sk_ASN1_OBJECT_free(sk);
sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_inhibit_any_policy,
&crit, NULL);
/* AssertNotNull(sk); NID not yet supported */
AssertIntEQ(crit, -1);
sk_ASN1_OBJECT_free(sk);
sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_tlsfeature, &crit,
NULL);
/* AssertNotNull(sk); NID not yet supported */
AssertIntEQ(crit, -1);
sk_ASN1_OBJECT_free(sk);
/* test invalid cases */
crit = 0;
sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, -1, &crit, NULL);
AssertNull(sk);
AssertIntEQ(crit, -1);
sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(NULL, NID_tlsfeature,
NULL, NULL);
AssertNull(sk);
AssertIntEQ(SSL_get_hit(ssl), 0);
#ifdef OPENSSL_ALL
X509_free(x509);
#endif
X509_free(x509ext);
SSL_free(ssl);
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !NO_CERTS */
}
static void test_wolfSSL_X509_check_private_key(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \
defined(USE_CERT_BUFFERS_2048) && !defined(NO_CHECK_PRIVATE_KEY)
X509* x509;
EVP_PKEY* pkey = NULL;
const byte* key;
printf(testingFmt, "wolfSSL_X509_check_private_key()");
/* Check with correct key */
AssertNotNull((x509 = X509_load_certificate_file(cliCertFile,
SSL_FILETYPE_PEM)));
key = client_key_der_2048;
AssertNotNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
&key, (long)sizeof_client_key_der_2048));
AssertIntEQ(X509_check_private_key(x509, pkey), 1);
EVP_PKEY_free(pkey);
pkey = NULL;
/* Check with wrong key */
key = server_key_der_2048;
AssertNotNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
&key, (long)sizeof_server_key_der_2048));
AssertIntEQ(X509_check_private_key(x509, pkey), 0);
/* test for incorrect parameter */
AssertIntEQ(X509_check_private_key(NULL, pkey), 0);
AssertIntEQ(X509_check_private_key(x509, NULL), 0);
AssertIntEQ(X509_check_private_key(NULL, NULL), 0);
EVP_PKEY_free(pkey);
X509_free(x509);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_ASN1_TIME_print(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) \
&& (defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \
defined(WOLFSSL_HAPROXY)) && defined(USE_CERT_BUFFERS_2048)
BIO* bio;
X509* x509;
const unsigned char* der = client_cert_der_2048;
ASN1_TIME* t;
unsigned char buf[25];
printf(testingFmt, "wolfSSL_ASN1_TIME_print()");
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertNotNull(x509 = wolfSSL_X509_load_certificate_buffer(der,
sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1));
AssertIntEQ(ASN1_TIME_print(bio, X509_get_notBefore(x509)), 1);
AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
AssertIntEQ(XMEMCMP(buf, "Feb 15 12:50:24 2022 GMT", sizeof(buf) - 1), 0);
/* create a bad time and test results */
AssertNotNull(t = X509_get_notAfter(x509));
AssertIntEQ(ASN1_TIME_check(t), WOLFSSL_SUCCESS);
t->data[8] = 0;
t->data[3] = 0;
AssertIntNE(ASN1_TIME_print(bio, t), 1);
AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 14);
AssertIntEQ(XMEMCMP(buf, "Bad time value", 14), 0);
AssertIntEQ(ASN1_TIME_check(t), WOLFSSL_FAILURE);
BIO_free(bio);
X509_free(x509);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_ASN1_UTCTIME_print(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && !defined(NO_BIO)
BIO* bio;
ASN1_UTCTIME* utc = NULL;
unsigned char buf[25];
const char* validDate = "190424111501Z"; /* UTC = YYMMDDHHMMSSZ */
const char* invalidDate = "190424111501X"; /* UTC = YYMMDDHHMMSSZ */
printf(testingFmt, "ASN1_UTCTIME_print()");
/* NULL parameter check */
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertIntEQ(ASN1_UTCTIME_print(bio, utc), 0);
BIO_free(bio);
/* Valid date */
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertNotNull(utc = (ASN1_UTCTIME*)XMALLOC(sizeof(ASN1_UTCTIME), NULL,
DYNAMIC_TYPE_ASN1));
utc->type = ASN_UTC_TIME;
utc->length = ASN_UTC_TIME_SIZE;
XMEMCPY(utc->data, (byte*)validDate, ASN_UTC_TIME_SIZE);
AssertIntEQ(ASN1_UTCTIME_print(bio, utc), 1);
AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
AssertIntEQ(XMEMCMP(buf, "Apr 24 11:15:01 2019 GMT", sizeof(buf)-1), 0);
XMEMSET(buf, 0, sizeof(buf));
BIO_free(bio);
/* Invalid format */
AssertNotNull(bio = BIO_new(BIO_s_mem()));
utc->type = ASN_UTC_TIME;
utc->length = ASN_UTC_TIME_SIZE;
XMEMCPY(utc->data, (byte*)invalidDate, ASN_UTC_TIME_SIZE);
AssertIntEQ(ASN1_UTCTIME_print(bio, utc), 0);
AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 14);
AssertIntEQ(XMEMCMP(buf, "Bad time value", 14), 0);
XFREE(utc, NULL, DYNAMIC_TYPE_ASN1);
BIO_free(bio);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !NO_ASN_TIME && !NO_BIO */
}
static void test_wolfSSL_ASN1_TIME_diff(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME)
ASN1_TIME* fromTime;
ASN1_TIME* toTime;
int daysDiff;
int secsDiff;
printf(testingFmt, "test_wolfSSL_ASN1_TIME_diff");
AssertNotNull((fromTime = ASN1_TIME_new()));
/* Feb 22, 2003, 21:15:15 */
AssertIntEQ(ASN1_TIME_set_string(fromTime, "030222211515Z"), 1);
AssertNotNull((toTime = ASN1_TIME_new()));
/* Dec 19, 2010, 18:10:11 */
AssertIntEQ(ASN1_TIME_set_string(toTime, "101219181011Z"), 1);
AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1);
AssertIntEQ(daysDiff, 2856);
AssertIntEQ(secsDiff, 75296);
ASN1_TIME_free(fromTime);
ASN1_TIME_free(toTime);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_ASN1_GENERALIZEDTIME_free(void)
{
#if defined(OPENSSL_EXTRA)
WOLFSSL_ASN1_GENERALIZEDTIME* asn1_gtime;
unsigned char nullstr[32];
printf(testingFmt, "test_wolfSSL_ASN1_GENERALIZEDTIME_free");
XMEMSET(nullstr, 0, 32);
asn1_gtime = (WOLFSSL_ASN1_GENERALIZEDTIME*)XMALLOC(
sizeof(WOLFSSL_ASN1_GENERALIZEDTIME), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (asn1_gtime) {
XMEMCPY(asn1_gtime->data,"20180504123500Z",ASN_GENERALIZED_TIME_SIZE);
wolfSSL_ASN1_GENERALIZEDTIME_free(asn1_gtime);
AssertIntEQ(0, XMEMCMP(asn1_gtime->data, nullstr, 32));
XFREE(asn1_gtime, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}
static void test_wolfSSL_private_keys(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM)
WOLFSSL* ssl;
WOLFSSL_CTX* ctx;
EVP_PKEY* pkey = NULL;
printf(testingFmt, "wolfSSL_private_keys()");
OpenSSL_add_all_digests();
OpenSSL_add_all_algorithms();
#ifndef NO_RSA
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
/* Have to load a cert before you can check the private key against that
* certificates public key! */
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_FAILURE);
#endif
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
#endif
AssertNotNull(ssl = SSL_new(ctx));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
#ifdef USE_CERT_BUFFERS_2048
{
const unsigned char* server_key = (const unsigned char*)server_key_der_2048;
unsigned char buf[FOURK_BUF];
word32 bufSz;
AssertIntEQ(SSL_use_RSAPrivateKey_ASN1(ssl,
(unsigned char*)client_key_der_2048,
sizeof_client_key_der_2048), WOLFSSL_SUCCESS);
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
/* Should mismatch now that a different private key loaded */
AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
AssertIntEQ(SSL_use_PrivateKey_ASN1(0, ssl,
(unsigned char*)server_key,
sizeof_server_key_der_2048), WOLFSSL_SUCCESS);
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
/* After loading back in DER format of original key, should match */
AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
/* test loading private key to the WOLFSSL_CTX */
AssertIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx,
(unsigned char*)client_key_der_2048,
sizeof_client_key_der_2048), WOLFSSL_SUCCESS);
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
/* Should mismatch now that a different private key loaded */
AssertIntNE(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
#endif
AssertIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx,
(unsigned char*)server_key,
sizeof_server_key_der_2048), WOLFSSL_SUCCESS);
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
/* After loading back in DER format of original key, should match */
AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
#endif
/* pkey not set yet, expecting to fail */
AssertIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_FAILURE);
/* set PKEY and test again */
AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
&server_key, (long)sizeof_server_key_der_2048));
AssertIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_SUCCESS);
/* reuse PKEY structure and test
* this should be checked with a memory management sanity checker */
AssertFalse(server_key == (const unsigned char*)server_key_der_2048);
server_key = (const unsigned char*)server_key_der_2048;
AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
&server_key, (long)sizeof_server_key_der_2048));
AssertIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_SUCCESS);
/* check striping PKCS8 header with wolfSSL_d2i_PrivateKey */
bufSz = FOURK_BUF;
AssertIntGT((bufSz = wc_CreatePKCS8Key(buf, &bufSz,
(byte*)server_key_der_2048, sizeof_server_key_der_2048,
RSAk, NULL, 0)), 0);
server_key = (const unsigned char*)buf;
AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key,
(long)bufSz));
}
#endif
EVP_PKEY_free(pkey);
SSL_free(ssl); /* frees x509 also since loaded into ssl */
SSL_CTX_free(ctx);
#endif /* end of RSA private key match tests */
#ifdef HAVE_ECC
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
AssertTrue(SSL_CTX_use_certificate_file(ctx, eccCertFile,
WOLFSSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, eccKeyFile,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
SSL_free(ssl);
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliEccKeyFile,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
SSL_free(ssl);
SSL_CTX_free(ctx);
#endif /* end of ECC private key match tests */
#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
AssertTrue(SSL_CTX_use_certificate_file(ctx, edCertFile,
WOLFSSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, edKeyFile,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
SSL_free(ssl);
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliEdKeyFile,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
SSL_free(ssl);
SSL_CTX_free(ctx);
#endif /* end of Ed25519 private key match tests */
#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
AssertTrue(SSL_CTX_use_certificate_file(ctx, ed448CertFile,
WOLFSSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, ed448KeyFile,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
SSL_free(ssl);
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliEd448KeyFile,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
SSL_free(ssl);
SSL_CTX_free(ctx);
#endif /* end of Ed448 private key match tests */
EVP_cleanup();
/* test existence of no-op macros in wolfssl/openssl/ssl.h */
CONF_modules_free();
ENGINE_cleanup();
CONF_modules_unload();
(void)ssl;
(void)ctx;
(void)pkey;
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */
}
static void test_wolfSSL_PEM_read_PrivateKey(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) \
&& !defined(NO_FILESYSTEM) && !defined(NO_BIO)
XFILE file;
const char* fname = "./certs/server-key.pem";
EVP_PKEY* pkey;
RSA* rsa;
WOLFSSL_EVP_PKEY_CTX* ctx;
unsigned char* sig;
size_t sigLen;
const unsigned char tbs[] = {0, 1, 2, 3, 4, 5, 6, 7};
size_t tbsLen = sizeof(tbs);
printf(testingFmt, "test_wolfSSL_PEM_read_PrivateKey()");
/* Check error case. */
AssertNull(pkey = PEM_read_PrivateKey(NULL, NULL, NULL, NULL));
/* Read in an RSA key. */
file = XFOPEN(fname, "rb");
AssertTrue(file != XBADFILE);
AssertNotNull(pkey = PEM_read_PrivateKey(file, NULL, NULL, NULL));
XFCLOSE(file);
/* Make sure the key is usable by signing some data with it. */
AssertNotNull(rsa = EVP_PKEY_get0_RSA(pkey));
AssertIntGT((sigLen = RSA_size(rsa)), 0);
AssertNotNull(sig = (unsigned char*)XMALLOC(sigLen, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER));
AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
AssertIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS);
AssertIntEQ(EVP_PKEY_sign(ctx, sig, &sigLen, tbs, tbsLen),
WOLFSSL_SUCCESS);
XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_PEM_PrivateKey(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
(!defined(NO_RSA) || defined(HAVE_ECC)) && defined(USE_CERT_BUFFERS_2048)
#ifndef NO_BIO
BIO* bio = NULL;
#endif
EVP_PKEY* pkey = NULL;
const unsigned char* server_key = (const unsigned char*)server_key_der_2048;
#ifndef NO_BIO
/* test creating new EVP_PKEY with bad arg */
AssertNull((pkey = PEM_read_bio_PrivateKey(NULL, NULL, NULL, NULL)));
/* test loading RSA key using BIO */
#if !defined(NO_RSA) && !defined(NO_FILESYSTEM)
{
XFILE file;
const char* fname = "./certs/server-key.pem";
const char* fname_rsa_p8 = "./certs/server-keyPkcs8.pem";
size_t sz;
byte* buf;
EVP_PKEY* pkey2;
EVP_PKEY* pkey3;
RSA* rsa_key = NULL;
file = XFOPEN(fname, "rb");
AssertTrue((file != XBADFILE));
AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0);
sz = XFTELL(file);
XREWIND(file);
AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
if (buf) {
AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
}
XFCLOSE(file);
/* Test using BIO new mem and loading PEM private key */
bio = BIO_new_mem_buf(buf, (int)sz);
AssertNotNull(bio);
AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
BIO_free(bio);
bio = NULL;
AssertNotNull(pkey2 = EVP_PKEY_new());
pkey2->type = EVP_PKEY_RSA;
/* Test parameter copy */
AssertIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 0);
EVP_PKEY_free(pkey2);
EVP_PKEY_free(pkey);
pkey = NULL;
/* Qt unit test case : rsa pkcs8 key */
file = XFOPEN(fname_rsa_p8, "rb");
AssertTrue((file != XBADFILE));
AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0);
sz = XFTELL(file);
XREWIND(file);
AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
if (buf)
AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
XFCLOSE(file);
AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
BIO_free(bio);
bio = NULL;
AssertNotNull(pkey3 = EVP_PKEY_new());
AssertNotNull(rsa_key = EVP_PKEY_get1_RSA(pkey));
AssertIntEQ(EVP_PKEY_set1_RSA(pkey3, rsa_key), WOLFSSL_SUCCESS);
#ifdef WOLFSSL_ERROR_CODE_OPENSSL
AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */);
#else
AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0);
#endif
RSA_free(rsa_key);
EVP_PKEY_free(pkey3);
EVP_PKEY_free(pkey);
pkey = NULL;
}
#endif
/* test loading ECC key using BIO */
#if defined(HAVE_ECC) && !defined(NO_FILESYSTEM)
{
XFILE file;
const char* fname = "./certs/ecc-key.pem";
const char* fname_ecc_p8 = "./certs/ecc-keyPkcs8.pem";
size_t sz;
byte* buf;
EVP_PKEY* pkey2;
EVP_PKEY* pkey3;
EC_KEY* ec_key;
int nid = 0;
file = XFOPEN(fname, "rb");
AssertTrue((file != XBADFILE));
AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0);
sz = XFTELL(file);
XREWIND(file);
AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
if (buf)
AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
XFCLOSE(file);
/* Test using BIO new mem and loading PEM private key */
AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
BIO_free(bio);
bio = NULL;
AssertNotNull(pkey2 = EVP_PKEY_new());
AssertNotNull(pkey3 = EVP_PKEY_new());
pkey2->type = EVP_PKEY_EC;
/* Test parameter copy */
AssertIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 1);
/* Qt unit test case 1*/
AssertNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey));
AssertIntEQ(EVP_PKEY_set1_EC_KEY(pkey3, ec_key), WOLFSSL_SUCCESS);
#ifdef WOLFSSL_ERROR_CODE_OPENSSL
AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */);
#else
AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0);
#endif
/* Test default digest */
AssertIntEQ(EVP_PKEY_get_default_digest_nid(pkey, &nid), 1);
AssertIntEQ(nid, NID_sha256);
EC_KEY_free(ec_key);
EVP_PKEY_free(pkey3);
EVP_PKEY_free(pkey2);
EVP_PKEY_free(pkey);
pkey = NULL;
/* Qt unit test case ec pkcs8 key */
file = XFOPEN(fname_ecc_p8, "rb");
AssertTrue((file != XBADFILE));
AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0);
sz = XFTELL(file);
XREWIND(file);
AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
if (buf)
AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
XFCLOSE(file);
AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
BIO_free(bio);
bio = NULL;
AssertNotNull(pkey3 = EVP_PKEY_new());
/* Qt unit test case */
AssertNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey));
AssertIntEQ(EVP_PKEY_set1_EC_KEY(pkey3, ec_key), WOLFSSL_SUCCESS);
#ifdef WOLFSSL_ERROR_CODE_OPENSSL
AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */);
#else
AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0);
#endif
EC_KEY_free(ec_key);
EVP_PKEY_free(pkey3);
EVP_PKEY_free(pkey);
pkey = NULL;
}
#endif
#if !defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN))
{
#define BIO_PEM_TEST_CHAR 'a'
EVP_PKEY* pkey2 = NULL;
unsigned char extra[10];
int i;
BIO* pub_bio = NULL;
printf(testingFmt, "wolfSSL_PEM_PrivateKey()");
XMEMSET(extra, BIO_PEM_TEST_CHAR, sizeof(extra));
AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
AssertIntEQ(BIO_set_write_buf_size(bio, 4096), SSL_FAILURE);
AssertNotNull(pub_bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
AssertIntEQ(BIO_set_write_buf_size(pub_bio, 4096), SSL_FAILURE);
AssertNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey,
&server_key, (long)sizeof_server_key_der_2048));
AssertNull(pkey);
AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
&server_key, (long)sizeof_server_key_der_2048));
AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL),
WOLFSSL_SUCCESS);
AssertIntGT(BIO_pending(bio), 0);
AssertIntEQ(BIO_pending(bio), 1679);
/* Check if the pubkey API writes only the public key */
#ifdef WOLFSSL_KEY_GEN
AssertIntEQ(PEM_write_bio_PUBKEY(pub_bio, pkey), WOLFSSL_SUCCESS);
AssertIntGT(BIO_pending(pub_bio), 0);
/* Previously both the private key and the pubkey calls would write
* out the private key and the PEM header was the only difference.
* The public PEM should be significantly shorter than the
* private key versison. */
AssertIntEQ(BIO_pending(pub_bio), 451);
#endif
/* test creating new EVP_PKEY with good args */
AssertNotNull((pkey2 = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr)
AssertIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz), 0);
/* test of reuse of EVP_PKEY */
AssertNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL));
AssertIntEQ(BIO_pending(bio), 0);
AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL),
SSL_SUCCESS);
AssertIntEQ(BIO_write(bio, extra, 10), 10); /* add 10 extra bytes after PEM */
AssertNotNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL));
AssertNotNull(pkey);
if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr) {
AssertIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz),0);
}
AssertIntEQ(BIO_pending(bio), 10); /* check 10 extra bytes still there */
AssertIntEQ(BIO_read(bio, extra, 10), 10);
for (i = 0; i < 10; i++) {
AssertIntEQ(extra[i], BIO_PEM_TEST_CHAR);
}
BIO_free(pub_bio);
BIO_free(bio);
bio = NULL;
EVP_PKEY_free(pkey);
pkey = NULL;
EVP_PKEY_free(pkey2);
}
#endif
/* key is DES encrypted */
#if !defined(NO_DES3) && defined(WOLFSSL_ENCRYPTED_KEYS) && \
!defined(NO_RSA) && !defined(NO_FILESYSTEM) && !defined(NO_MD5) && \
defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) && !defined(NO_RSA)
{
XFILE f;
wc_pem_password_cb* passwd_cb;
void* passwd_cb_userdata;
SSL_CTX* ctx;
char passwd[] = "bad password";
#ifndef WOLFSSL_NO_TLS12
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_client_method()));
#endif
#else
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_client_method()));
#endif
#endif
AssertNotNull(bio = BIO_new_file("./certs/server-keyEnc.pem", "rb"));
SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
AssertNotNull(passwd_cb = SSL_CTX_get_default_passwd_cb(ctx));
AssertNull(passwd_cb_userdata =
SSL_CTX_get_default_passwd_cb_userdata(ctx));
/* fail case with password call back */
AssertNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL,
(void*)passwd));
BIO_free(bio);
AssertNotNull(bio = BIO_new_file("./certs/server-keyEnc.pem", "rb"));
AssertNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, passwd_cb,
(void*)passwd));
BIO_free(bio);
f = XFOPEN("./certs/server-keyEnc.pem", "rb");
AssertNotNull(bio = BIO_new_fp(f, BIO_CLOSE));
/* use callback that works */
AssertNotNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, passwd_cb,
(void*)"yassl123"));
AssertIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS);
EVP_PKEY_free(pkey);
pkey = NULL;
BIO_free(bio);
bio = NULL;
SSL_CTX_free(ctx);
}
#endif /* !defined(NO_DES3) */
#endif /* !NO_BIO */
#if defined(HAVE_ECC) && !defined(NO_FILESYSTEM)
{
unsigned char buf[2048];
size_t bytes;
XFILE f;
SSL_CTX* ctx;
#ifndef WOLFSSL_NO_TLS12
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_client_method()));
#endif
#else
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_client_method()));
#endif
#endif
f = XFOPEN("./certs/ecc-key.der", "rb");
AssertTrue((f != XBADFILE));
bytes = (size_t)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
server_key = buf;
pkey = NULL;
AssertNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key, bytes));
AssertNull(pkey);
AssertNotNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, &server_key, bytes));
AssertIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS);
EVP_PKEY_free(pkey);
pkey = NULL;
SSL_CTX_free(ctx);
}
#endif
printf(resultFmt, passed);
#ifndef NO_BIO
(void)bio;
#endif
(void)pkey;
(void)server_key;
#endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_RSA && USE_CERT_BUFFERS_2048 */
}
#ifndef NO_BIO
static void test_wolfSSL_PEM_bio_RSAKey(void)
{
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && \
!defined(HAVE_USER_RSA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
RSA* rsa = NULL;
BIO* bio = NULL;
printf(testingFmt, "wolfSSL_PEM_bio_RSAKey");
/* PrivateKey */
AssertNotNull(bio = BIO_new_file(svrKeyFile, "rb"));
AssertNull((rsa = PEM_read_bio_RSAPrivateKey(NULL, NULL, NULL, NULL)));
AssertNotNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL)));
AssertIntEQ(RSA_size(rsa), 256);
AssertIntEQ(PEM_write_bio_RSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, \
NULL), WOLFSSL_FAILURE);
BIO_free(bio);
AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
AssertIntEQ(PEM_write_bio_RSAPrivateKey(bio, rsa, NULL, NULL, 0, NULL, \
NULL), WOLFSSL_SUCCESS);
BIO_free(bio);
RSA_free(rsa);
/* PUBKEY */
AssertNotNull(bio = BIO_new_file("./certs/rsa-pub-2048.pem", "rb"));
AssertNull((rsa = PEM_read_bio_RSA_PUBKEY(NULL, NULL, NULL, NULL)));
AssertNotNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL)));
AssertIntEQ(RSA_size(rsa), 256);
AssertIntEQ(PEM_write_bio_RSA_PUBKEY(NULL, NULL), WOLFSSL_FAILURE);
BIO_free(bio);
AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
AssertIntEQ(PEM_write_bio_RSA_PUBKEY(bio, rsa), WOLFSSL_SUCCESS);
BIO_free(bio);
RSA_free(rsa);
/* Ensure that keys beginning with BEGIN RSA PUBLIC KEY can be read, too. */
AssertNotNull(bio = BIO_new_file("./certs/server-keyPub.pem", "rb"));
AssertNotNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL)));
BIO_free(bio);
RSA_free(rsa);
#ifdef HAVE_ECC
/* ensure that non-rsa keys do not work */
AssertNotNull(bio = BIO_new_file(eccKeyFile, "rb")); /* ecc key */
AssertNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL)));
AssertNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL)));
BIO_free(bio);
RSA_free(rsa);
#endif /* HAVE_ECC */
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
(defined(WOLFSSL_KEY_GEN) || WOLFSSL_CERT_GEN) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_CERTS) */
}
static void test_wolfSSL_PEM_RSAPrivateKey(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
RSA* rsa = NULL;
RSA* rsa_dup = NULL;
BIO* bio = NULL;
printf(testingFmt, "wolfSSL_PEM_RSAPrivateKey()");
AssertNotNull(bio = BIO_new_file(svrKeyFile, "rb"));
AssertNotNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL)));
AssertIntEQ(RSA_size(rsa), 256);
#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)
AssertNotNull(rsa_dup = RSAPublicKey_dup(rsa));
AssertPtrNE(rsa_dup, rsa);
#endif
/* test if valgrind complains about unreleased memory */
RSA_up_ref(rsa);
RSA_free(rsa);
BIO_free(bio);
RSA_free(rsa);
RSA_free(rsa_dup);
#ifdef HAVE_ECC
AssertNotNull(bio = BIO_new_file(eccKeyFile, "rb"));
AssertNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL)));
BIO_free(bio);
#endif /* HAVE_ECC */
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */
}
static void test_wolfSSL_PEM_bio_DSAKey(void)
{
#ifndef HAVE_SELFTEST
#if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && !defined(NO_CERTS) && \
defined(WOLFSSL_KEY_GEN) && !defined(NO_FILESYSTEM) && !defined(NO_DSA)
DSA* dsa = NULL;
BIO* bio = NULL;
printf(testingFmt, "wolfSSL_PEM_bio_DSAKey");
/* PrivateKey */
AssertNotNull(bio = BIO_new_file("./certs/1024/dsa1024.pem", "rb"));
AssertNull((dsa = PEM_read_bio_DSAPrivateKey(NULL, NULL, NULL, NULL)));
AssertNotNull((dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL)));
AssertIntEQ(BN_num_bytes(dsa->g), 128);
AssertIntEQ(PEM_write_bio_DSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, NULL),
WOLFSSL_FAILURE);
BIO_free(bio);
AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
AssertIntEQ(PEM_write_bio_DSAPrivateKey(bio, dsa, NULL, NULL, 0, NULL, NULL),
WOLFSSL_SUCCESS);
BIO_free(bio);
DSA_free(dsa);
/* PUBKEY */
AssertNotNull(bio = BIO_new_file("./certs/1024/dsa-pub-1024.pem", "rb"));
AssertNull((dsa = PEM_read_bio_DSA_PUBKEY(NULL, NULL, NULL, NULL)));
AssertNotNull((dsa = PEM_read_bio_DSA_PUBKEY(bio, NULL, NULL, NULL)));
AssertIntEQ(BN_num_bytes(dsa->g), 128);
AssertIntEQ(PEM_write_bio_DSA_PUBKEY(NULL, NULL), WOLFSSL_FAILURE);
BIO_free(bio);
AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
AssertIntEQ(PEM_write_bio_DSA_PUBKEY(bio, dsa), WOLFSSL_SUCCESS);
BIO_free(bio);
DSA_free(dsa);
#ifdef HAVE_ECC
/* ensure that non-dsa keys do not work */
AssertNotNull(bio = BIO_new_file(eccKeyFile, "rb")); /* ecc key */
AssertNull((dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL)));
AssertNull((dsa = PEM_read_bio_DSA_PUBKEY(bio, NULL, NULL, NULL)));
BIO_free(bio);
DSA_free(dsa);
#endif /* HAVE_ECC */
printf(resultFmt, passed);
#endif /* defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && \
!defined(NO_CERTS) && defined(WOLFSSL_KEY_GEN) && \
!defined(NO_FILESYSTEM) && !defined(NO_DSA) */
#endif /* HAVE_SELFTEST */
}
static void test_wolfSSL_PEM_bio_ECKey(void)
{
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
defined(WOLFSSL_KEY_GEN) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC)
EC_KEY* ec = NULL;
BIO* bio = NULL;
printf(testingFmt, "wolfSSL_PEM_bio_ECKey");
/* PrivateKey */
AssertNotNull(bio = BIO_new_file("./certs/ecc-key.pem", "rb"));
AssertNull((ec = PEM_read_bio_ECPrivateKey(NULL, NULL, NULL, NULL)));
AssertNotNull((ec = PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL)));
AssertIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32);
AssertIntEQ(PEM_write_bio_ECPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, \
NULL),WOLFSSL_FAILURE);
BIO_free(bio);
AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
AssertIntEQ(PEM_write_bio_ECPrivateKey(bio, ec, NULL, NULL, 0, NULL, \
NULL), WOLFSSL_SUCCESS);
BIO_free(bio);
EC_KEY_free(ec);
/* PUBKEY */
AssertNotNull(bio = BIO_new_file("./certs/ecc-client-keyPub.pem", "rb"));
AssertNull((ec = PEM_read_bio_EC_PUBKEY(NULL, NULL, NULL, NULL)));
AssertNotNull((ec = PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL)));
AssertIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32);
AssertIntEQ(PEM_write_bio_EC_PUBKEY(NULL, NULL), WOLFSSL_FAILURE);
BIO_free(bio);
AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
AssertIntEQ(PEM_write_bio_EC_PUBKEY(bio, ec), WOLFSSL_SUCCESS);
BIO_free(bio);
EC_KEY_free(ec);
#ifndef NO_RSA
/* ensure that non-ec keys do not work */
AssertNotNull(bio = BIO_new_file(svrKeyFile, "rb")); /* rsa key */
AssertNull((ec = PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL)));
AssertNull((ec = PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL)));
BIO_free(bio);
EC_KEY_free(ec);
#endif /* HAVE_ECC */
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */
}
static void test_wolfSSL_PEM_PUBKEY(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
BIO* bio = NULL;
EVP_PKEY* pkey = NULL;
/* test creating new EVP_PKEY with bad arg */
AssertNull((pkey = PEM_read_bio_PUBKEY(NULL, NULL, NULL, NULL)));
/* test loading ECC key using BIO */
#if defined(HAVE_ECC) && !defined(NO_FILESYSTEM)
{
XFILE file;
const char* fname = "./certs/ecc-client-keyPub.pem";
size_t sz;
byte* buf;
EVP_PKEY* pkey2;
EC_KEY* ec_key;
file = XFOPEN(fname, "rb");
AssertTrue((file != XBADFILE));
XFSEEK(file, 0, XSEEK_END);
sz = XFTELL(file);
XREWIND(file);
AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
if (buf)
AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
XFCLOSE(file);
/* Test using BIO new mem and loading PEM private key */
AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
AssertNotNull((pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL)));
XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
BIO_free(bio);
bio = NULL;
/* Qt unit test case*/
AssertNotNull(pkey2 = EVP_PKEY_new());
AssertNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey));
AssertIntEQ(EVP_PKEY_set1_EC_KEY(pkey2, ec_key), WOLFSSL_SUCCESS);
#ifdef WOLFSSL_ERROR_CODE_OPENSSL
AssertIntEQ(EVP_PKEY_cmp(pkey, pkey2), 1/* match */);
#else
AssertIntEQ(EVP_PKEY_cmp(pkey, pkey2), 0);
#endif
EC_KEY_free(ec_key);
EVP_PKEY_free(pkey2);
EVP_PKEY_free(pkey);
pkey = NULL;
}
#endif
(void)bio;
(void)pkey;
#endif
}
#endif /* !NO_BIO */
static void test_DSA_do_sign_verify(void)
{
#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
!defined(NO_DSA)
unsigned char digest[WC_SHA_DIGEST_SIZE];
DSA_SIG* sig;
DSA* dsa;
word32 bytes;
byte sigBin[DSA_SIG_SIZE];
int dsacheck;
#ifdef USE_CERT_BUFFERS_1024
byte tmp[ONEK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
bytes = sizeof_dsa_key_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
byte tmp[TWOK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
bytes = sizeof_dsa_key_der_2048;
#else
byte tmp[TWOK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XFILE fp = XFOPEN("./certs/dsa2048.der", "rb");
if (fp == XBADFILE) {
return WOLFSSL_BAD_FILE;
}
bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
XFCLOSE(fp);
#endif /* END USE_CERT_BUFFERS_1024 */
printf(testingFmt, "DSA_do_sign_verify()");
XMEMSET(digest, 202, sizeof(digest));
AssertNotNull(dsa = DSA_new());
AssertIntEQ(DSA_LoadDer(dsa, tmp, bytes), 1);
AssertIntEQ(wolfSSL_DSA_do_sign(digest, sigBin, dsa), 1);
AssertIntEQ(wolfSSL_DSA_do_verify(digest, sigBin, dsa, &dsacheck), 1);
AssertNotNull(sig = DSA_do_sign(digest, WC_SHA_DIGEST_SIZE, dsa));
AssertIntEQ(DSA_do_verify(digest, WC_SHA_DIGEST_SIZE, sig, dsa), 1);
DSA_SIG_free(sig);
DSA_free(dsa);
#endif
#endif /* !HAVE_SELFTEST && !HAVE_FIPS */
}
static void test_wolfSSL_tmp_dh(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
!defined(NO_DSA) && !defined(NO_RSA) && !defined(NO_DH) && !defined(NO_BIO)
byte buff[6000];
char file[] = "./certs/dsaparams.pem";
XFILE f;
int bytes;
DSA* dsa;
DH* dh;
#if defined(WOLFSSL_DH_EXTRA) && \
(defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
DH* dh2;
#endif
BIO* bio;
SSL* ssl;
SSL_CTX* ctx;
printf(testingFmt, "wolfSSL_tmp_dh()");
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
f = XFOPEN(file, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f);
bio = BIO_new_mem_buf((void*)buff, bytes);
AssertNotNull(bio);
dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
AssertNotNull(dsa);
dh = wolfSSL_DSA_dup_DH(dsa);
AssertNotNull(dh);
#if defined(WOLFSSL_DH_EXTRA) && \
(defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
AssertNotNull(dh2 = wolfSSL_DH_dup(dh));
#endif
AssertIntEQ((int)SSL_CTX_set_tmp_dh(ctx, dh), WOLFSSL_SUCCESS);
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ((int)SSL_set_tmp_dh(ssl, dh), WOLFSSL_SUCCESS);
#else
AssertIntEQ((int)SSL_set_tmp_dh(ssl, dh), SIDE_ERROR);
#endif
BIO_free(bio);
DSA_free(dsa);
DH_free(dh);
#if defined(WOLFSSL_DH_EXTRA) && \
(defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
DH_free(dh2);
#endif
SSL_free(ssl);
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_ctrl(void)
{
#if defined (OPENSSL_EXTRA) && !defined(NO_BIO)
byte buff[6000];
BIO* bio;
int bytes;
BUF_MEM* ptr = NULL;
printf(testingFmt, "wolfSSL_crtl()");
bytes = sizeof(buff);
bio = BIO_new_mem_buf((void*)buff, bytes);
AssertNotNull(bio);
AssertNotNull(BIO_s_socket());
AssertIntEQ((int)wolfSSL_BIO_get_mem_ptr(bio, &ptr), WOLFSSL_SUCCESS);
/* needs tested after stubs filled out @TODO
SSL_ctrl
SSL_CTX_ctrl
*/
BIO_free(bio);
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_BIO) */
}
static void test_wolfSSL_EVP_PKEY_new_mac_key(void)
{
#ifdef OPENSSL_EXTRA
static const unsigned char pw[] = "password";
static const int pwSz = sizeof(pw) - 1;
size_t checkPwSz = 0;
const unsigned char* checkPw = NULL;
WOLFSSL_EVP_PKEY* key = NULL;
printf(testingFmt, "wolfSSL_EVP_PKEY_new_mac_key()");
AssertNull(key = wolfSSL_EVP_PKEY_new_mac_key(0, NULL, pw, pwSz));
AssertNull(key = wolfSSL_EVP_PKEY_new_mac_key(0, NULL, NULL, pwSz));
AssertNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, pw, pwSz));
if (key) {
AssertIntEQ(key->type, EVP_PKEY_HMAC);
AssertIntEQ(key->save_type, EVP_PKEY_HMAC);
AssertIntEQ(key->pkey_sz, pwSz);
AssertIntEQ(XMEMCMP(key->pkey.ptr, pw, pwSz), 0);
}
AssertNotNull(checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz));
AssertIntEQ((int)checkPwSz, pwSz);
if (checkPw) {
AssertIntEQ(XMEMCMP(checkPw, pw, pwSz), 0);
}
wolfSSL_EVP_PKEY_free(key);
AssertNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, pw, 0));
if (key) {
AssertIntEQ(key->pkey_sz, 0);
}
checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz);
(void)checkPw;
AssertIntEQ((int)checkPwSz, 0);
wolfSSL_EVP_PKEY_free(key);
AssertNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, NULL, 0));
if (key) {
AssertIntEQ(key->pkey_sz, 0);
}
checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz);
(void)checkPw;
AssertIntEQ((int)checkPwSz, 0);
wolfSSL_EVP_PKEY_free(key);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}
static void test_wolfSSL_EVP_Digest(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && !defined(NO_PWDBASED)
const char* in = "abc";
int inLen = (int)XSTRLEN(in);
byte out[WC_SHA256_DIGEST_SIZE];
unsigned int outLen;
const char* expOut = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
"\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
"\x15\xAD";
printf(testingFmt, "wolfSSL_EVP_Digest()");
AssertIntEQ(wolfSSL_EVP_Digest((unsigned char*)in, inLen, out, &outLen, "SHA256", NULL), 1);
AssertIntEQ(outLen, WC_SHA256_DIGEST_SIZE);
AssertIntEQ(XMEMCMP(out, expOut, WC_SHA256_DIGEST_SIZE), 0);
printf(resultFmt, passed);
#endif /* OPEN_EXTRA && ! NO_SHA256 */
}
static void test_wolfSSL_EVP_Digest_all(void)
{
#ifdef OPENSSL_EXTRA
const char* digests[] = {
#ifndef NO_MD5
"MD5",
#endif
#ifndef NO_SHA
"SHA",
#endif
#ifdef WOLFSSL_SHA224
"SHA224",
#endif
#ifndef NO_SHA256
"SHA256",
#endif
#ifdef WOLFSSL_SHA384
"SHA384",
#endif
#ifdef WOLFSSL_SHA512
"SHA512",
#endif
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
"SHA512_224",
#endif
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
"SHA512_256",
#endif
#ifdef WOLFSSL_SHA3
#ifndef WOLFSSL_NOSHA3_224
"SHA3_224",
#endif
#ifndef WOLFSSL_NOSHA3_256
"SHA3_256",
#endif
"SHA3_384",
#ifndef WOLFSSL_NOSHA3_512
"SHA3_512",
#endif
#endif /* WOLFSSL_SHA3 */
NULL
};
const char** d;
const unsigned char in[] = "abc";
int inLen = XSTR_SIZEOF(in);
byte out[WC_MAX_DIGEST_SIZE];
unsigned int outLen;
printf(testingFmt, "wolfSSL_EVP_Digest_all");
for (d = digests; *d != NULL; d++) {
AssertIntEQ(EVP_Digest(in, inLen, out, &outLen, *d, NULL), 1);
AssertIntGT(outLen, 0);
AssertIntEQ(EVP_MD_size(*d), outLen);
}
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_MD_size(void)
{
#ifdef OPENSSL_EXTRA
WOLFSSL_EVP_MD_CTX mdCtx;
printf(testingFmt, "wolfSSL_EVP_MD_size()");
#ifdef WOLFSSL_SHA3
#ifndef WOLFSSL_NOSHA3_224
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_224"), 1);
AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_224_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_224_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
#endif
#ifndef WOLFSSL_NOSHA3_256
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_256"), 1);
AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_256_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_256_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
#endif
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_384"), 1);
AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_384_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_384_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
#ifndef WOLFSSL_NOSHA3_512
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_512"), 1);
AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_512_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_512_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
#endif
#endif /* WOLFSSL_SHA3 */
#ifndef NO_SHA256
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA256"), 1);
AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA256_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA256_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA256_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA256_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
#endif
#ifndef NO_MD5
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "MD5"), 1);
AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_MD5_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_MD5_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_MD5_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_MD5_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
#endif
#ifdef WOLFSSL_SHA224
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA224"), 1);
AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA224_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA224_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA224_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA224_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
#endif
#ifdef WOLFSSL_SHA384
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA384"), 1);
AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA384_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA384_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA384_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA384_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
#endif
#ifdef WOLFSSL_SHA512
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA512"), 1);
AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA512_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA512_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA512_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA512_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
#endif
#ifndef NO_SHA
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA"), 1);
AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA1"), 1);
AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA_DIGEST_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA_BLOCK_SIZE);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
#endif
/* error case */
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, ""), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), BAD_FUNC_ARG);
/* Cleanup is valid on uninit'ed struct */
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}
static void test_wolfSSL_EVP_MD_pkey_type(void)
{
#ifdef OPENSSL_EXTRA
const WOLFSSL_EVP_MD* md;
printf(testingFmt, "test_wolfSSL_EVP_MD_pkey_type()");
#ifndef NO_MD5
AssertNotNull(md = EVP_md5());
AssertIntEQ(EVP_MD_pkey_type(md), NID_md5WithRSAEncryption);
#endif
#ifndef NO_SHA
AssertNotNull(md = EVP_sha1());
AssertIntEQ(EVP_MD_pkey_type(md), NID_sha1WithRSAEncryption);
#endif
#ifdef WOLFSSL_SHA224
AssertNotNull(md = EVP_sha224());
AssertIntEQ(EVP_MD_pkey_type(md), NID_sha224WithRSAEncryption);
#endif
AssertNotNull(md = EVP_sha256());
AssertIntEQ(EVP_MD_pkey_type(md), NID_sha256WithRSAEncryption);
#ifdef WOLFSSL_SHA384
AssertNotNull(md = EVP_sha384());
AssertIntEQ(EVP_MD_pkey_type(md), NID_sha384WithRSAEncryption);
#endif
#ifdef WOLFSSL_SHA512
AssertNotNull(md = EVP_sha512());
AssertIntEQ(EVP_MD_pkey_type(md), NID_sha512WithRSAEncryption);
#endif
printf(resultFmt, passed);
#endif
}
#ifdef OPENSSL_EXTRA
static void test_hmac_signing(const WOLFSSL_EVP_MD *type, const byte* testKey,
size_t testKeySz, const char* testData, size_t testDataSz,
const byte* testResult, size_t testResultSz)
{
unsigned char check[WC_MAX_DIGEST_SIZE];
size_t checkSz = -1;
WOLFSSL_EVP_PKEY* key;
WOLFSSL_EVP_MD_CTX mdCtx;
printf(testingFmt, "wolfSSL_EVP_MD_hmac_signing()");
AssertNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
testKey, (int)testKeySz));
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, type, NULL, key), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData,
(unsigned int)testDataSz), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
AssertIntEQ((int)checkSz, (int)testResultSz);
AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
AssertIntEQ((int)checkSz,(int)testResultSz);
AssertIntEQ(XMEMCMP(testResult, check, testResultSz), 0);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, type, NULL, key), 1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData,
(unsigned int)testDataSz), 1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, testResult, checkSz), 1);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, type, NULL, key), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
AssertIntEQ((int)checkSz, (int)testResultSz);
AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
AssertIntEQ((int)checkSz,(int)testResultSz);
AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4,
(unsigned int)testDataSz - 4), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
AssertIntEQ((int)checkSz,(int)testResultSz);
AssertIntEQ(XMEMCMP(testResult, check, testResultSz), 0);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, type, NULL, key), 1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4,
(unsigned int)testDataSz - 4), 1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, testResult, checkSz), 1);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
wolfSSL_EVP_PKEY_free(key);
}
#endif
static void test_wolfSSL_EVP_MD_hmac_signing(void)
{
#ifdef OPENSSL_EXTRA
static const unsigned char testKey[] =
{
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b, 0x0b, 0x0b, 0x0b
};
static const char testData[] = "Hi There";
#ifdef WOLFSSL_SHA224
static const unsigned char testResultSha224[] =
{
0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19,
0x68, 0x32, 0x10, 0x7c, 0xd4, 0x9d, 0xf3, 0x3f,
0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f,
0x53, 0x68, 0x4b, 0x22
};
#endif
#ifndef NO_SHA256
static const unsigned char testResultSha256[] =
{
0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53,
0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b,
0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7,
0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7
};
#endif
#ifdef WOLFSSL_SHA384
static const unsigned char testResultSha384[] =
{
0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62,
0x6b, 0x08, 0x25, 0xf4, 0xab, 0x46, 0x90, 0x7f,
0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6,
0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c,
0xfa, 0xea, 0x9e, 0xa9, 0x07, 0x6e, 0xde, 0x7f,
0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6
};
#endif
#ifdef WOLFSSL_SHA512
static const unsigned char testResultSha512[] =
{
0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d,
0x4f, 0xf0, 0xb4, 0x24, 0x1a, 0x1d, 0x6c, 0xb0,
0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78,
0x7a, 0xd0, 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde,
0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7, 0x02,
0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4,
0xbe, 0x9d, 0x91, 0x4e, 0xeb, 0x61, 0xf1, 0x70,
0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54
};
#endif
#ifdef WOLFSSL_SHA3
#ifndef WOLFSSL_NOSHA3_224
static const unsigned char testResultSha3_224[] =
{
0x3b, 0x16, 0x54, 0x6b, 0xbc, 0x7b, 0xe2, 0x70,
0x6a, 0x03, 0x1d, 0xca, 0xfd, 0x56, 0x37, 0x3d,
0x98, 0x84, 0x36, 0x76, 0x41, 0xd8, 0xc5, 0x9a,
0xf3, 0xc8, 0x60, 0xf7
};
#endif
#ifndef WOLFSSL_NOSHA3_256
static const unsigned char testResultSha3_256[] =
{
0xba, 0x85, 0x19, 0x23, 0x10, 0xdf, 0xfa, 0x96,
0xe2, 0xa3, 0xa4, 0x0e, 0x69, 0x77, 0x43, 0x51,
0x14, 0x0b, 0xb7, 0x18, 0x5e, 0x12, 0x02, 0xcd,
0xcc, 0x91, 0x75, 0x89, 0xf9, 0x5e, 0x16, 0xbb
};
#endif
#ifndef WOLFSSL_NOSHA3_384
static const unsigned char testResultSha3_384[] =
{
0x68, 0xd2, 0xdc, 0xf7, 0xfd, 0x4d, 0xdd, 0x0a,
0x22, 0x40, 0xc8, 0xa4, 0x37, 0x30, 0x5f, 0x61,
0xfb, 0x73, 0x34, 0xcf, 0xb5, 0xd0, 0x22, 0x6e,
0x1b, 0xc2, 0x7d, 0xc1, 0x0a, 0x2e, 0x72, 0x3a,
0x20, 0xd3, 0x70, 0xb4, 0x77, 0x43, 0x13, 0x0e,
0x26, 0xac, 0x7e, 0x3d, 0x53, 0x28, 0x86, 0xbd
};
#endif
#ifndef WOLFSSL_NOSHA3_512
static const unsigned char testResultSha3_512[] =
{
0xeb, 0x3f, 0xbd, 0x4b, 0x2e, 0xaa, 0xb8, 0xf5,
0xc5, 0x04, 0xbd, 0x3a, 0x41, 0x46, 0x5a, 0xac,
0xec, 0x15, 0x77, 0x0a, 0x7c, 0xab, 0xac, 0x53,
0x1e, 0x48, 0x2f, 0x86, 0x0b, 0x5e, 0xc7, 0xba,
0x47, 0xcc, 0xb2, 0xc6, 0xf2, 0xaf, 0xce, 0x8f,
0x88, 0xd2, 0x2b, 0x6d, 0xc6, 0x13, 0x80, 0xf2,
0x3a, 0x66, 0x8f, 0xd3, 0x88, 0x8b, 0xb8, 0x05,
0x37, 0xc0, 0xa0, 0xb8, 0x64, 0x07, 0x68, 0x9e
};
#endif
#endif
#ifndef NO_SHA256
test_hmac_signing(wolfSSL_EVP_sha256(), testKey, sizeof(testKey), testData,
XSTRLEN(testData), testResultSha256, sizeof(testResultSha256));
#endif
#ifdef WOLFSSL_SHA224
test_hmac_signing(wolfSSL_EVP_sha224(), testKey, sizeof(testKey), testData,
XSTRLEN(testData), testResultSha224, sizeof(testResultSha224));
#endif
#ifdef WOLFSSL_SHA384
test_hmac_signing(wolfSSL_EVP_sha384(), testKey, sizeof(testKey), testData,
XSTRLEN(testData), testResultSha384, sizeof(testResultSha384));
#endif
#ifdef WOLFSSL_SHA512
test_hmac_signing(wolfSSL_EVP_sha512(), testKey, sizeof(testKey), testData,
XSTRLEN(testData), testResultSha512, sizeof(testResultSha512));
#endif
#ifdef WOLFSSL_SHA3
#ifndef WOLFSSL_NOSHA3_224
test_hmac_signing(wolfSSL_EVP_sha3_224(), testKey, sizeof(testKey),
testData, XSTRLEN(testData), testResultSha3_224,
sizeof(testResultSha3_224));
#endif
#ifndef WOLFSSL_NOSHA3_256
test_hmac_signing(wolfSSL_EVP_sha3_256(), testKey, sizeof(testKey),
testData, XSTRLEN(testData), testResultSha3_256,
sizeof(testResultSha3_256));
#endif
#ifndef WOLFSSL_NOSHA3_384
test_hmac_signing(wolfSSL_EVP_sha3_384(), testKey, sizeof(testKey),
testData, XSTRLEN(testData), testResultSha3_384,
sizeof(testResultSha3_384));
#endif
#ifndef WOLFSSL_NOSHA3_512
test_hmac_signing(wolfSSL_EVP_sha3_512(), testKey, sizeof(testKey),
testData, XSTRLEN(testData), testResultSha3_512,
sizeof(testResultSha3_512));
#endif
#endif
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}
static void test_wolfSSL_EVP_MD_rsa_signing(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
defined(USE_CERT_BUFFERS_2048)
WOLFSSL_EVP_PKEY* privKey;
WOLFSSL_EVP_PKEY* pubKey;
WOLFSSL_EVP_PKEY_CTX* keyCtx;
const char testData[] = "Hi There";
WOLFSSL_EVP_MD_CTX mdCtx;
size_t checkSz = -1;
int sz = 2048 / 8;
const unsigned char* cp;
const unsigned char* p;
unsigned char check[2048/8];
size_t i;
int paddings[] = {
RSA_PKCS1_PADDING,
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && defined(WC_RSA_PSS)
RSA_PKCS1_PSS_PADDING,
#endif
};
printf(testingFmt, "wolfSSL_EVP_MD_rsa_signing()");
cp = client_key_der_2048;
AssertNotNull((privKey = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &cp,
sizeof_client_key_der_2048)));
p = client_keypub_der_2048;
AssertNotNull((pubKey = wolfSSL_d2i_PUBKEY(NULL, &p,
sizeof_client_keypub_der_2048)));
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
NULL, privKey), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData,
(unsigned int)XSTRLEN(testData)), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
AssertIntEQ((int)checkSz, sz);
AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
AssertIntEQ((int)checkSz,sz);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
NULL, pubKey), 1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData,
(unsigned int)XSTRLEN(testData)),
1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
NULL, privKey), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
AssertIntEQ((int)checkSz, sz);
AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
AssertIntEQ((int)checkSz, sz);
AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4,
(unsigned int)XSTRLEN(testData) - 4), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
AssertIntEQ((int)checkSz, sz);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
NULL, pubKey), 1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4,
(unsigned int)XSTRLEN(testData) - 4),
1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
/* Check all signing padding types */
for (i = 0; i < sizeof(paddings)/sizeof(int); i++) {
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, &keyCtx,
wolfSSL_EVP_sha256(), NULL, privKey), 1);
AssertIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_padding(keyCtx,
paddings[i]), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData,
(unsigned int)XSTRLEN(testData)), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
AssertIntEQ((int)checkSz, sz);
AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
AssertIntEQ((int)checkSz,sz);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, &keyCtx,
wolfSSL_EVP_sha256(), NULL, pubKey), 1);
AssertIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_padding(keyCtx,
paddings[i]), 1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData,
(unsigned int)XSTRLEN(testData)), 1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
}
wolfSSL_EVP_PKEY_free(pubKey);
wolfSSL_EVP_PKEY_free(privKey);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_MD_ecc_signing(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
WOLFSSL_EVP_PKEY* privKey;
WOLFSSL_EVP_PKEY* pubKey;
const char testData[] = "Hi There";
WOLFSSL_EVP_MD_CTX mdCtx;
size_t checkSz = -1;
const unsigned char* cp;
const unsigned char* p;
unsigned char check[2048/8];
printf(testingFmt, "wolfSSL_EVP_MD_ecc_signing()");
cp = ecc_clikey_der_256;
privKey = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, &cp,
sizeof_ecc_clikey_der_256);
AssertNotNull(privKey);
p = ecc_clikeypub_der_256;
AssertNotNull((pubKey = wolfSSL_d2i_PUBKEY(NULL, &p,
sizeof_ecc_clikeypub_der_256)));
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
NULL, privKey), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData,
(unsigned int)XSTRLEN(testData)), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
NULL, pubKey), 1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData,
(unsigned int)XSTRLEN(testData)),
1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
NULL, privKey), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4,
(unsigned int)XSTRLEN(testData) - 4), 1);
AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
NULL, pubKey), 1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4,
(unsigned int)XSTRLEN(testData) - 4),
1);
AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
wolfSSL_EVP_PKEY_free(pubKey);
wolfSSL_EVP_PKEY_free(privKey);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_CTX_add_extra_chain_cert(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_BIO)
char caFile[] = "./certs/client-ca.pem";
char clientFile[] = "./certs/client-cert.pem";
SSL_CTX* ctx;
X509* x509;
BIO *bio = NULL;
X509 *cert = NULL;
X509 *ca;
STACK_OF(X509) *chain = NULL;
STACK_OF(X509) *chain2 = NULL;
printf(testingFmt, "wolfSSL_CTX_add_extra_chain_cert()");
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
x509 = wolfSSL_X509_load_certificate_file(caFile, WOLFSSL_FILETYPE_PEM);
AssertNotNull(x509);
AssertIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), WOLFSSL_SUCCESS);
x509 = wolfSSL_X509_load_certificate_file(clientFile, WOLFSSL_FILETYPE_PEM);
AssertNotNull(x509);
#if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
/* additional test of getting EVP_PKEY key size from X509
* Do not run with user RSA because wolfSSL_RSA_size is not currently
* allowed with user RSA */
{
EVP_PKEY* pkey;
#if defined(HAVE_ECC)
X509* ecX509;
#endif /* HAVE_ECC */
AssertNotNull(pkey = X509_get_pubkey(x509));
/* current RSA key is 2048 bit (256 bytes) */
AssertIntEQ(EVP_PKEY_size(pkey), 256);
EVP_PKEY_free(pkey);
#if defined(HAVE_ECC)
#if defined(USE_CERT_BUFFERS_256)
AssertNotNull(ecX509 = wolfSSL_X509_load_certificate_buffer(
cliecc_cert_der_256, sizeof_cliecc_cert_der_256,
SSL_FILETYPE_ASN1));
#else
AssertNotNull(ecX509 = wolfSSL_X509_load_certificate_file(cliEccCertFile,
SSL_FILETYPE_PEM));
#endif
pkey = X509_get_pubkey(ecX509);
AssertNotNull(pkey);
/* current ECC key is 256 bit (32 bytes) */
AssertIntEQ(EVP_PKEY_size(pkey), 32);
X509_free(ecX509);
EVP_PKEY_free(pkey);
#endif /* HAVE_ECC */
}
#endif /* !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) */
AssertIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), SSL_SUCCESS);
#ifdef WOLFSSL_ENCRYPTED_KEYS
AssertNull(SSL_CTX_get_default_passwd_cb(ctx));
AssertNull(SSL_CTX_get_default_passwd_cb_userdata(ctx));
#endif
SSL_CTX_free(ctx);
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
/* Test haproxy use case */
AssertNotNull(bio = BIO_new_file(svrCertFile, "r"));
/* Read Certificate */
AssertNotNull(cert = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL));
AssertNotNull(ca = PEM_read_bio_X509(bio, NULL, NULL, NULL));
AssertNotNull(chain = sk_X509_new_null());
AssertIntEQ(sk_X509_push(chain, ca), 1);
AssertNotNull(chain2 = X509_chain_up_ref(chain));
AssertNotNull(ca = sk_X509_shift(chain2));
AssertIntEQ(SSL_CTX_use_certificate(ctx, cert), 1);
AssertIntEQ(SSL_CTX_add_extra_chain_cert(ctx, ca), 1);
BIO_free(bio);
X509_free(cert);
sk_X509_pop_free(chain, X509_free);
sk_X509_pop_free(chain2, X509_free);
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined (NO_BIO) */
}
#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
static void test_wolfSSL_ERR_peek_last_error_line(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \
!defined(NO_OLD_TLS) && !defined(WOLFSSL_NO_TLS12) && \
defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_ERROR_QUEUE)
tcp_ready ready;
func_args client_args;
func_args server_args;
#ifndef SINGLE_THREADED
THREAD_TYPE serverThread;
#endif
callback_functions client_cb;
callback_functions server_cb;
int line = 0;
int flag = ERR_TXT_STRING;
const char* file = NULL;
const char* data = NULL;
printf(testingFmt, "wolfSSL_ERR_peek_last_error_line()");
/* create a failed connection and inspect the error */
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
StartTCP();
InitTcpReady(&ready);
XMEMSET(&client_cb, 0, sizeof(callback_functions));
XMEMSET(&server_cb, 0, sizeof(callback_functions));
client_cb.method = wolfTLSv1_1_client_method;
server_cb.method = wolfTLSv1_2_server_method;
server_args.signal = &ready;
server_args.callbacks = &server_cb;
client_args.signal = &ready;
client_args.callbacks = &client_cb;
#ifndef SINGLE_THREADED
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args, NULL);
join_thread(serverThread);
#endif
FreeTcpReady(&ready);
AssertIntGT(ERR_get_error_line_data(NULL, NULL, &data, &flag), 0);
AssertNotNull(data);
/* check clearing error state */
ERR_remove_state(0);
AssertIntEQ((int)ERR_peek_last_error_line(NULL, NULL), 0);
ERR_peek_last_error_line(NULL, &line);
AssertIntEQ(line, 0);
ERR_peek_last_error_line(&file, NULL);
AssertNull(file);
/* retry connection to fill error queue */
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
StartTCP();
InitTcpReady(&ready);
client_cb.method = wolfTLSv1_1_client_method;
server_cb.method = wolfTLSv1_2_server_method;
server_args.signal = &ready;
server_args.callbacks = &server_cb;
client_args.signal = &ready;
client_args.callbacks = &client_cb;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args, NULL);
join_thread(serverThread);
FreeTcpReady(&ready);
/* check that error code was stored */
AssertIntNE((int)ERR_peek_last_error_line(NULL, NULL), 0);
ERR_peek_last_error_line(NULL, &line);
AssertIntNE(line, 0);
ERR_peek_last_error_line(&file, NULL);
AssertNotNull(file);
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
printf(resultFmt, passed);
printf("\nTesting error print out\n");
ERR_print_errors_fp(stdout);
printf("Done testing print out\n\n");
fflush(stdout);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(DEBUG_WOLFSSL) */
}
#endif
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
static int verify_cb(int ok, X509_STORE_CTX *ctx)
{
(void) ok;
(void) ctx;
printf("ENTER verify_cb\n");
return SSL_SUCCESS;
}
#endif
static void test_wolfSSL_X509_Name_canon(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_SHA) && \
defined(WOLFSSL_CERT_GEN) && \
(defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && !defined(NO_RSA)
const long ex_hash1 = 0x0fdb2da4;
const long ex_hash2 = 0x9f3e8c9e;
X509_NAME *name = NULL;
X509 *x509 = NULL;
FILE* file = NULL;
unsigned long hash = 0;
byte digest[WC_MAX_DIGEST_SIZE] = {0};
byte *pbuf = NULL;
word32 len = 0;
(void) ex_hash2;
printf(testingFmt, "test_wolfSSL_X509_Name_canon()");
file = XFOPEN(caCertFile, "rb");
AssertNotNull(file);
AssertNotNull(x509 = PEM_read_X509(file, NULL, NULL, NULL));
AssertNotNull(name = X509_get_issuer_name(x509));
AssertIntGT((len = wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0);
AssertIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0);
hash = (((unsigned long)digest[3] << 24) |
((unsigned long)digest[2] << 16) |
((unsigned long)digest[1] << 8) |
((unsigned long)digest[0]));
AssertIntEQ(hash, ex_hash1);
XFCLOSE(file);
X509_free(x509);
XFREE(pbuf, NULL, DYNAMIC_TYPE_OPENSSL);
pbuf = NULL;
file = XFOPEN(cliCertFile, "rb");
AssertNotNull(file);
AssertNotNull(x509 = PEM_read_X509(file, NULL, NULL, NULL));
AssertNotNull(name = X509_get_issuer_name(x509));
AssertIntGT((len = wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0);
AssertIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0);
hash = (((unsigned long)digest[3] << 24) |
((unsigned long)digest[2] << 16) |
((unsigned long)digest[1] << 8) |
((unsigned long)digest[0]));
AssertIntEQ(hash, ex_hash2);
XFCLOSE(file);
X509_free(x509);
XFREE(pbuf, NULL, DYNAMIC_TYPE_OPENSSL);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_LOOKUP_ctrl_hash_dir(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
const int MAX_DIR = 4;
const char paths[][32] = {
"./certs/ed25519",
"./certs/ecc",
"./certs/crl",
"./certs/",
};
char CertCrl_path[MAX_FILENAME_SZ];
char *p;
X509_STORE* str;
X509_LOOKUP* lookup;
WOLFSSL_STACK* sk = NULL;
int len, total_len, i;
(void) sk;
printf(testingFmt, "test_wolfSSL_X509_LOOKUP_ctrl_hash_dir()");
XMEMSET(CertCrl_path, 0, MAX_FILENAME_SZ);
/* illegal string */
AssertNotNull((str = wolfSSL_X509_STORE_new()));
AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, "",
SSL_FILETYPE_PEM,NULL), 0);
/* free store */
X509_STORE_free(str);
/* short folder string */
AssertNotNull((str = wolfSSL_X509_STORE_new()));
AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, "./",
SSL_FILETYPE_PEM,NULL), 1);
#if defined(WOLFSSL_INT_H)
/* only available when including internal.h */
AssertNotNull(sk = lookup->dirs->dir_entry);
#endif
/* free store */
X509_STORE_free(str);
/* typical function check */
p = &CertCrl_path[0];
total_len = 0;
for(i = MAX_DIR - 1; i>=0 && total_len < MAX_FILENAME_SZ; i--) {
len = (int)XSTRLEN((const char*)&paths[i]);
total_len += len;
XSTRNCPY(p, paths[i], MAX_FILENAME_SZ - total_len);
p += len;
if (i != 0) *(p++) = SEPARATOR_CHAR;
}
AssertNotNull((str = wolfSSL_X509_STORE_new()));
AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, CertCrl_path,
SSL_FILETYPE_PEM,NULL), 1);
#if defined(WOLFSSL_INT_H)
/* only available when including internal.h */
AssertNotNull(sk = lookup->dirs->dir_entry);
#endif
X509_STORE_free(str);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_LOOKUP_ctrl_file(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) && \
defined(WOLFSSL_SIGNER_DER_CERT)
X509_STORE_CTX* ctx;
X509_STORE* str;
X509_LOOKUP* lookup;
X509* cert1;
X509* x509Ca;
X509* x509Svr;
X509* issuer;
WOLFSSL_STACK* sk = NULL;
X509_NAME* caName;
X509_NAME* issuerName;
FILE* file1 = NULL;
int i, cert_count, cmp;
char der[] = "certs/ca-cert.der";
#ifdef HAVE_CRL
char pem[][100] = {
"./certs/crl/crl.pem",
"./certs/crl/crl2.pem",
"./certs/crl/caEccCrl.pem",
"./certs/crl/eccCliCRL.pem",
"./certs/crl/eccSrvCRL.pem",
""
};
#endif
printf(testingFmt, "test_wolfSSL_X509_LOOKUP_ctrl_file()");
AssertNotNull(file1=fopen("./certs/ca-cert.pem", "rb"));
AssertNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL));
fclose(file1);
AssertNotNull(ctx = X509_STORE_CTX_new());
AssertNotNull((str = wolfSSL_X509_STORE_new()));
AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile,
SSL_FILETYPE_PEM,NULL), 1);
AssertNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm));
AssertIntEQ((cert_count = sk_X509_num(sk)), 1);
/* check if CA cert is loaded into the store */
for (i = 0; i < cert_count; i++) {
x509Ca = sk_X509_value(sk, i);
AssertIntEQ(0, wolfSSL_X509_cmp(x509Ca, cert1));
}
AssertNotNull((x509Svr =
wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)));
AssertIntEQ(X509_STORE_CTX_init(ctx, str, x509Svr, NULL), SSL_SUCCESS);
AssertNull(X509_STORE_CTX_get0_current_issuer(NULL));
issuer = X509_STORE_CTX_get0_current_issuer(ctx);
AssertNotNull(issuer);
caName = X509_get_subject_name(x509Ca);
AssertNotNull(caName);
issuerName = X509_get_subject_name(issuer);
AssertNotNull(issuerName);
cmp = X509_NAME_cmp(caName, issuerName);
AssertIntEQ(cmp, 0);
/* load der format */
X509_free(issuer);
X509_STORE_CTX_free(ctx);
X509_STORE_free(str);
sk_X509_pop_free(sk, NULL);
X509_free(x509Svr);
AssertNotNull((str = wolfSSL_X509_STORE_new()));
AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, der,
SSL_FILETYPE_ASN1,NULL), 1);
AssertNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm));
AssertIntEQ((cert_count = sk_X509_num(sk)), 1);
/* check if CA cert is loaded into the store */
for (i = 0; i < cert_count; i++) {
x509Ca = sk_X509_value(sk, i);
AssertIntEQ(0, wolfSSL_X509_cmp(x509Ca, cert1));
}
X509_STORE_free(str);
sk_X509_pop_free(sk, NULL);
X509_free(cert1);
#ifdef HAVE_CRL
AssertNotNull(str = wolfSSL_X509_STORE_new());
AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile,
SSL_FILETYPE_PEM,NULL), 1);
AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD,
"certs/server-revoked-cert.pem",
SSL_FILETYPE_PEM,NULL), 1);
if (str) {
AssertIntEQ(wolfSSL_CertManagerVerify(str->cm, svrCertFile,
WOLFSSL_FILETYPE_PEM), 1);
/* since store hasn't yet known the revoked cert*/
AssertIntEQ(wolfSSL_CertManagerVerify(str->cm,
"certs/server-revoked-cert.pem",
WOLFSSL_FILETYPE_PEM), 1);
}
for (i = 0; pem[i][0] != '\0'; i++)
{
AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, pem[i],
SSL_FILETYPE_PEM, NULL), 1);
}
if (str) {
/* since store knows crl list */
AssertIntEQ(wolfSSL_CertManagerVerify(str->cm,
"certs/server-revoked-cert.pem",
WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED);
}
AssertIntEQ(X509_LOOKUP_ctrl(NULL, 0, NULL, 0, NULL), 0);
X509_STORE_free(str);
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup(void)
{
#if defined(OPENSSL_EXTRA)
printf(testingFmt, "test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup()");
X509_STORE_CTX_cleanup(NULL);
X509_STORE_CTX_trusted_stack(NULL, NULL);
AssertTrue(1); /* to confirm previous call gives no harm */
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_STORE_CTX_get0_current_issuer(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
#ifdef WOLFSSL_SIGNER_DER_CERT
int cmp;
#endif
X509_STORE_CTX* ctx;
X509_STORE* str;
X509* x509Ca;
X509* x509Svr;
X509* issuer;
X509_NAME* caName;
X509_NAME* issuerName;
printf(testingFmt, "wolfSSL_X509_STORE_CTX_get0_current_issuer()");
AssertNotNull(ctx = X509_STORE_CTX_new());
AssertNotNull((str = wolfSSL_X509_STORE_new()));
AssertNotNull((x509Ca =
wolfSSL_X509_load_certificate_file(caCertFile, SSL_FILETYPE_PEM)));
AssertIntEQ(X509_STORE_add_cert(str, x509Ca), SSL_SUCCESS);
AssertNotNull((x509Svr =
wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)));
AssertIntEQ(X509_STORE_CTX_init(ctx, str, x509Svr, NULL), SSL_SUCCESS);
AssertNull(X509_STORE_CTX_get0_current_issuer(NULL));
issuer = X509_STORE_CTX_get0_current_issuer(ctx);
AssertNotNull(issuer);
caName = X509_get_subject_name(x509Ca);
AssertNotNull(caName);
issuerName = X509_get_subject_name(issuer);
#ifdef WOLFSSL_SIGNER_DER_CERT
AssertNotNull(issuerName);
cmp = X509_NAME_cmp(caName, issuerName);
AssertIntEQ(cmp, 0);
#else
AssertNull(issuerName);
#endif
X509_free(issuer);
X509_STORE_CTX_free(ctx);
X509_free(x509Svr);
X509_STORE_free(str);
X509_free(x509Ca);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_PKCS7_certs(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_PKCS7)
STACK_OF(X509)* sk = NULL;
STACK_OF(X509_INFO)* info_sk = NULL;
PKCS7 *p7 = NULL;
BIO* bio;
const byte* p = NULL;
int buflen = 0;
int i;
printf(testingFmt, "wolfSSL_PKCS7_certs()");
/* Test twice. Once with d2i and once without to test
* that everything is free'd correctly. */
for (i = 0; i < 2; i++) {
AssertNotNull(p7 = PKCS7_new());
p7->version = 1;
p7->hashOID = SHAh;
AssertNotNull(bio = BIO_new(BIO_s_file()));
AssertIntGT(BIO_read_filename(bio, svrCertFile), 0);
AssertNotNull(info_sk = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL));
AssertIntEQ(sk_X509_INFO_num(info_sk), 2);
AssertNotNull(sk = sk_X509_new_null());
while (sk_X509_INFO_num(info_sk)) {
X509_INFO* info;
AssertNotNull(info = sk_X509_INFO_shift(info_sk));
AssertIntEQ(sk_X509_push(sk, info->x509), 1);
info->x509 = NULL;
X509_INFO_free(info);
}
sk_X509_INFO_free(info_sk);
BIO_free(bio);
bio = BIO_new(BIO_s_mem());
AssertIntEQ(wolfSSL_PKCS7_encode_certs(p7, sk, bio), 1);
AssertIntGT((buflen = BIO_get_mem_data(bio, &p)), 0);
if (i == 0) {
PKCS7_free(p7);
AssertNotNull(d2i_PKCS7(&p7, &p, buflen));
/* Reset certs to force wolfSSL_PKCS7_to_stack to regenerate them */
((WOLFSSL_PKCS7*)p7)->certs = NULL;
/* PKCS7_free free's the certs */
AssertNotNull(wolfSSL_PKCS7_to_stack(p7));
}
BIO_free(bio);
PKCS7_free(p7);
}
printf(resultFmt, passed);
#endif /* defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_PKCS7) */
}
static void test_wolfSSL_X509_STORE_CTX(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
X509_STORE_CTX* ctx;
X509_STORE* str;
X509* x509;
#ifdef OPENSSL_ALL
X509* x5092;
STACK_OF(X509) *sk, *sk2, *sk3;
#endif
printf(testingFmt, "wolfSSL_X509_STORE_CTX()");
AssertNotNull(ctx = X509_STORE_CTX_new());
AssertNotNull((str = wolfSSL_X509_STORE_new()));
AssertNotNull((x509 =
wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)));
AssertIntEQ(X509_STORE_add_cert(str, x509), SSL_SUCCESS);
#ifdef OPENSSL_ALL
/* sk_X509_new only in OPENSSL_ALL */
sk = sk_X509_new();
AssertNotNull(sk);
AssertIntEQ(X509_STORE_CTX_init(ctx, str, x509, sk), SSL_SUCCESS);
#else
AssertIntEQ(X509_STORE_CTX_init(ctx, str, x509, NULL), SSL_SUCCESS);
#endif
AssertIntEQ(SSL_get_ex_data_X509_STORE_CTX_idx(), 0);
X509_STORE_CTX_set_error(ctx, -5);
X509_STORE_CTX_set_error(NULL, -5);
X509_STORE_CTX_free(ctx);
#ifdef OPENSSL_ALL
sk_X509_pop_free(sk, NULL);
#endif
X509_STORE_free(str);
X509_free(x509);
AssertNotNull(ctx = X509_STORE_CTX_new());
X509_STORE_CTX_set_verify_cb(ctx, verify_cb);
X509_STORE_CTX_free(ctx);
#ifdef OPENSSL_ALL
/* test X509_STORE_CTX_get(1)_chain */
AssertNotNull((x509 = X509_load_certificate_file(svrCertFile,
SSL_FILETYPE_PEM)));
AssertNotNull((x5092 = X509_load_certificate_file(cliCertFile,
SSL_FILETYPE_PEM)));
AssertNotNull((sk = sk_X509_new()));
AssertIntEQ(sk_X509_push(sk, x509), 1);
AssertNotNull((str = X509_STORE_new()));
AssertNotNull((ctx = X509_STORE_CTX_new()));
AssertIntEQ(X509_STORE_CTX_init(ctx, str, x5092, sk), 1);
AssertNull((sk2 = X509_STORE_CTX_get_chain(NULL)));
AssertNotNull((sk2 = X509_STORE_CTX_get_chain(ctx)));
AssertIntEQ(sk_num(sk2), 1); /* sanity, make sure chain has 1 cert */
AssertNull((sk3 = X509_STORE_CTX_get1_chain(NULL)));
AssertNotNull((sk3 = X509_STORE_CTX_get1_chain(ctx)));
AssertIntEQ(sk_num(sk3), 1); /* sanity, make sure chain has 1 cert */
X509_STORE_CTX_free(ctx);
X509_STORE_free(str);
/* CTX certs not freed yet */
X509_free(x5092);
sk_X509_pop_free(sk, NULL);
/* sk3 is dup so free here */
sk_X509_pop_free(sk3, NULL);
#endif
/* test X509_STORE_CTX_get/set_ex_data */
{
int i = 0, tmpData = 5;
void* tmpDataRet;
AssertNotNull(ctx = X509_STORE_CTX_new());
#ifdef HAVE_EX_DATA
for (i = 0; i < MAX_EX_DATA; i++) {
AssertIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData),
WOLFSSL_SUCCESS);
tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i);
AssertNotNull(tmpDataRet);
AssertIntEQ(tmpData, *(int*)tmpDataRet);
}
#else
AssertIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData),
WOLFSSL_FAILURE);
tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i);
AssertNull(tmpDataRet);
#endif
X509_STORE_CTX_free(ctx);
}
/* test X509_STORE_get/set_ex_data */
{
int i = 0, tmpData = 99;
void* tmpDataRet;
AssertNotNull(str = X509_STORE_new());
#ifdef HAVE_EX_DATA
for (i = 0; i < MAX_EX_DATA; i++) {
AssertIntEQ(X509_STORE_set_ex_data(str, i, &tmpData),
WOLFSSL_SUCCESS);
tmpDataRet = (int*)X509_STORE_get_ex_data(str, i);
AssertNotNull(tmpDataRet);
AssertIntEQ(tmpData, *(int*)tmpDataRet);
}
#else
AssertIntEQ(X509_STORE_set_ex_data(str, i, &tmpData),
WOLFSSL_FAILURE);
tmpDataRet = (int*)X509_STORE_get_ex_data(str, i);
AssertNull(tmpDataRet);
#endif
X509_STORE_free(str);
}
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) */
}
static void test_wolfSSL_X509_STORE_set_flags(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
X509_STORE* store;
X509* x509;
printf(testingFmt, "wolfSSL_X509_STORE_set_flags()");
AssertNotNull((store = wolfSSL_X509_STORE_new()));
AssertNotNull((x509 =
wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM)));
AssertIntEQ(X509_STORE_add_cert(store, x509), WOLFSSL_SUCCESS);
#ifdef HAVE_CRL
AssertIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL), WOLFSSL_SUCCESS);
#else
AssertIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL),
NOT_COMPILED_IN);
#endif
wolfSSL_X509_free(x509);
wolfSSL_X509_STORE_free(store);
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) */
}
static void test_wolfSSL_X509_LOOKUP_load_file(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) && \
(!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH))
WOLFSSL_X509_STORE* store;
WOLFSSL_X509_LOOKUP* lookup;
printf(testingFmt, "wolfSSL_X509_LOOKUP_load_file()");
AssertNotNull(store = wolfSSL_X509_STORE_new());
AssertNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()));
AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/client-ca.pem",
X509_FILETYPE_PEM), 1);
AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/crl/crl2.pem",
X509_FILETYPE_PEM), 1);
if (store) {
AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, cliCertFile,
WOLFSSL_FILETYPE_PEM), 1);
AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
WOLFSSL_FILETYPE_PEM), ASN_NO_SIGNER_E);
}
AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem",
X509_FILETYPE_PEM), 1);
if (store) {
AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
WOLFSSL_FILETYPE_PEM), 1);
}
wolfSSL_X509_STORE_free(store);
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) */
}
static void test_wolfSSL_X509_STORE_CTX_set_time(void)
{
#if defined(OPENSSL_EXTRA)
WOLFSSL_X509_STORE_CTX* ctx;
time_t c_time;
printf(testingFmt, "wolfSSL_X509_set_time()");
AssertNotNull(ctx = wolfSSL_X509_STORE_CTX_new());
c_time = 365*24*60*60;
wolfSSL_X509_STORE_CTX_set_time(ctx, 0, c_time);
AssertTrue(
(ctx->param->flags & WOLFSSL_USE_CHECK_TIME) == WOLFSSL_USE_CHECK_TIME);
AssertTrue(ctx->param->check_time == c_time);
wolfSSL_X509_STORE_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}
static void test_wolfSSL_CTX_get0_set1_param(void)
{
#if defined(OPENSSL_EXTRA)
int ret;
SSL_CTX* ctx;
WOLFSSL_X509_VERIFY_PARAM* pParam;
WOLFSSL_X509_VERIFY_PARAM* pvpm;
char testIPv4[] = "127.0.0.1";
char testhostName[] = "foo.hoge.com";
printf(testingFmt, "wolfSSL_CTX_get0_set1_param()");
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
AssertNull(SSL_CTX_get0_param(NULL));
AssertNotNull(pParam = SSL_CTX_get0_param(ctx));
pvpm = (WOLFSSL_X509_VERIFY_PARAM *)XMALLOC(
sizeof(WOLFSSL_X509_VERIFY_PARAM), NULL, DYNAMIC_TYPE_OPENSSL);
AssertNotNull(pvpm);
XMEMSET(pvpm, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
wolfSSL_X509_VERIFY_PARAM_set1_host(pvpm, testhostName,
(int)XSTRLEN(testhostName));
wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(pvpm, testIPv4);
wolfSSL_X509_VERIFY_PARAM_set_hostflags(pvpm, 0x01);
ret = SSL_CTX_set1_param(ctx, pvpm);
AssertIntEQ(1, ret);
AssertIntEQ(0, XSTRNCMP(pParam->hostName, testhostName,
(int)XSTRLEN(testhostName)));
AssertIntEQ(0x01, pParam->hostFlags);
AssertIntEQ(0, XSTRNCMP(pParam->ipasc, testIPv4, WOLFSSL_MAX_IPSTR));
/* test for incorrect patameter */
AssertIntEQ(1,SSL_CTX_set1_param(ctx, NULL));
AssertIntEQ(1,SSL_CTX_set1_param(NULL, pvpm));
AssertIntEQ(1,SSL_CTX_set1_param(NULL, NULL));
SSL_CTX_free(ctx);
XFREE(pvpm, NULL, DYNAMIC_TYPE_OPENSSL);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !defined(NO_RSA)*/
}
static void test_wolfSSL_get0_param(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
SSL_CTX* ctx;
SSL* ssl;
WOLFSSL_X509_VERIFY_PARAM* pParam;
printf(testingFmt, "wolfSSL_get0_param()");
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
pParam = SSL_get0_param(ssl);
(void)pParam;
SSL_free(ssl);
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !defined(NO_RSA)*/
}
static void test_wolfSSL_X509_VERIFY_PARAM_set1_host(void)
{
#if defined(OPENSSL_EXTRA)
const char host[] = "www.example.com";
WOLFSSL_X509_VERIFY_PARAM* pParam;
printf(testingFmt, "wolfSSL_X509_VERIFY_PARAM_set1_host()");
AssertNotNull(pParam = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
sizeof(WOLFSSL_X509_VERIFY_PARAM),
HEAP_HINT, DYNAMIC_TYPE_OPENSSL));
XMEMSET(pParam, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
X509_VERIFY_PARAM_set1_host(pParam, host, sizeof(host));
AssertIntEQ(XMEMCMP(pParam->hostName, host, sizeof(host)), 0);
XMEMSET(pParam, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
AssertIntNE(XMEMCMP(pParam->hostName, host, sizeof(host)), 0);
XFREE(pParam, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}
static void test_wolfSSL_X509_VERIFY_PARAM_set1_ip(void)
{
#if defined(OPENSSL_EXTRA)
unsigned char buf[16] = {0};
WOLFSSL_X509_VERIFY_PARAM* param;
printf(testingFmt, "test_wolfSSL_X509_VERIFY_PARAM_set1_ip()");
AssertNotNull(param = X509_VERIFY_PARAM_new());
/* test 127.0.0.1 */
buf[0] =0x7f; buf[1] = 0; buf[2] = 0; buf[3] = 1;
AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 4), SSL_SUCCESS);
AssertIntEQ(XSTRNCMP(param->ipasc, "127.0.0.1", sizeof(param->ipasc)), 0);
/* test 2001:db8:3333:4444:5555:6666:7777:8888 */
buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184;
buf[4]=51;buf[5]=51;buf[6]=68;buf[7]=68;
buf[8]=85;buf[9]=85;buf[10]=102;buf[11]=102;
buf[12]=119;buf[13]=119;buf[14]=136;buf[15]=136;
AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS);
AssertIntEQ(XSTRNCMP(param->ipasc,
"2001:db8:3333:4444:5555:6666:7777:8888", sizeof(param->ipasc)), 0);
/* test 2001:db8:: */
buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184;
buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0;
buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0;
buf[12]=0;buf[13]=0;buf[14]=0;buf[15]=0;
AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS);
AssertIntEQ(XSTRNCMP(param->ipasc, "2001:db8::", sizeof(param->ipasc)), 0);
/* test ::1234:5678 */
buf[0]=0;buf[1]=0;buf[2]=0;buf[3]=0;
buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0;
buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0;
buf[12]=18;buf[13]=52;buf[14]=86;buf[15]=120;
AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS);
AssertIntEQ(XSTRNCMP(param->ipasc, "::1234:5678", sizeof(param->ipasc)), 0);
/* test 2001:db8::1234:5678 */
buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184;
buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0;
buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0;
buf[12]=18;buf[13]=52;buf[14]=86;buf[15]=120;
AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS);
AssertIntEQ(XSTRNCMP(param->ipasc, "2001:db8::1234:5678",
sizeof(param->ipasc)), 0);
/* test 2001:0db8:0001:0000:0000:0ab9:c0a8:0102*/
/* 2001:db8:1::ab9:c0a8:102 */
buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184;
buf[4]=0;buf[5]=1;buf[6]=0;buf[7]=0;
buf[8]=0;buf[9]=0;buf[10]=10;buf[11]=185;
buf[12]=192;buf[13]=168;buf[14]=1;buf[15]=2;
AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS);
AssertIntEQ(XSTRNCMP(param->ipasc, "2001:db8:1::ab9:c0a8:102",
sizeof(param->ipasc)), 0);
XFREE(param, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}
static void test_wolfSSL_X509_STORE_CTX_get0_store(void)
{
#if defined(OPENSSL_EXTRA)
X509_STORE* store;
X509_STORE_CTX* ctx;
X509_STORE_CTX* ctx_no_init;
printf(testingFmt, "wolfSSL_X509_STORE_CTX_get0_store()");
AssertNotNull((store = X509_STORE_new()));
AssertNotNull(ctx = X509_STORE_CTX_new());
AssertNotNull(ctx_no_init = X509_STORE_CTX_new());
AssertIntEQ(X509_STORE_CTX_init(ctx, store, NULL, NULL), SSL_SUCCESS);
AssertNull(X509_STORE_CTX_get0_store(NULL));
/* should return NULL if ctx has not bee initialized */
AssertNull(X509_STORE_CTX_get0_store(ctx_no_init));
AssertNotNull(X509_STORE_CTX_get0_store(ctx));
wolfSSL_X509_STORE_CTX_free(ctx);
wolfSSL_X509_STORE_CTX_free(ctx_no_init);
X509_STORE_free(store);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}
static void test_wolfSSL_CTX_set_client_CA_list(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_CERTS) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_BIO)
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
X509_NAME* name = NULL;
STACK_OF(X509_NAME)* names = NULL;
STACK_OF(X509_NAME)* ca_list = NULL;
int i, names_len;
printf(testingFmt, "wolfSSL_CTX_set_client_CA_list()");
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
/* Send two X501 names in cert request */
names = SSL_load_client_CA_file(cliCertFile);
AssertNotNull(names);
ca_list = SSL_load_client_CA_file(caCertFile);
AssertNotNull(ca_list);
AssertIntEQ(sk_X509_NAME_push(names, sk_X509_NAME_value(ca_list, 0)), 1);
SSL_CTX_set_client_CA_list(ctx, names);
/* This should only free the stack structure */
sk_X509_NAME_free(ca_list);
AssertNotNull(ca_list = SSL_CTX_get_client_CA_list(ctx));
AssertIntEQ(sk_X509_NAME_num(ca_list), sk_X509_NAME_num(names));
AssertIntGT((names_len = sk_X509_NAME_num(names)), 0);
for (i=0; i<names_len; i++) {
AssertNotNull(name = sk_X509_NAME_value(names, i));
AssertIntEQ(sk_X509_NAME_find(names, name), i);
}
/* Needed to be able to create ssl object */
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
AssertNotNull(ssl = wolfSSL_new(ctx));
/* load again as old names are responsibility of ctx to free*/
names = SSL_load_client_CA_file(cliCertFile);
AssertNotNull(names);
SSL_set_client_CA_list(ssl, names);
AssertNotNull(ca_list = SSL_get_client_CA_list(ssl));
AssertIntEQ(sk_X509_NAME_num(ca_list), sk_X509_NAME_num(names));
AssertIntGT((names_len = sk_X509_NAME_num(names)), 0);
for (i=0; i<names_len; i++) {
AssertNotNull(name = sk_X509_NAME_value(names, i));
AssertIntEQ(sk_X509_NAME_find(names, name), i);
}
printf(resultFmt, passed);
#if !defined(SINGLE_THREADED) && defined(SESSION_CERTS)
{
tcp_ready ready;
func_args server_args;
callback_functions server_cb;
THREAD_TYPE serverThread;
WOLFSSL* ssl_client;
WOLFSSL_CTX* ctx_client;
SOCKET_T sockfd = 0;
printf(testingFmt, "wolfSSL_get_client_CA_list() with handshake");
StartTCP();
InitTcpReady(&ready);
XMEMSET(&server_args, 0, sizeof(func_args));
XMEMSET(&server_cb, 0, sizeof(callback_functions));
server_args.signal = &ready;
server_args.callbacks = &server_cb;
/* we are responsible for free'ing WOLFSSL_CTX */
server_cb.ctx = ctx;
server_cb.isSharedCtx = 1;
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0));
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL);
AssertNotNull(ctx_client = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_load_verify_locations(ctx_client, caCertFile, 0));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_certificate_file(ctx_client, cliCertFile, SSL_FILETYPE_PEM));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_PrivateKey_file(ctx_client, cliKeyFile, SSL_FILETYPE_PEM));
AssertNotNull(ssl_client = wolfSSL_new(ctx_client));
AssertIntEQ(wolfSSL_set_fd(ssl_client, sockfd), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_connect(ssl_client), WOLFSSL_SUCCESS);
AssertNotNull(ca_list = SSL_get_client_CA_list(ssl_client));
/* We are expecting two cert names to be sent */
AssertIntEQ(sk_X509_NAME_num(ca_list), 2);
AssertNotNull(names = SSL_CTX_get_client_CA_list(ctx));
for (i=0; i<sk_X509_NAME_num(ca_list); i++) {
AssertNotNull(name = sk_X509_NAME_value(ca_list, i));
AssertIntGE(sk_X509_NAME_find(names, name), 0);
}
wolfSSL_shutdown(ssl_client);
wolfSSL_free(ssl_client);
wolfSSL_CTX_free(ctx_client);
join_thread(serverThread);
FreeTcpReady(&ready);
printf(resultFmt, passed);
}
#endif
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif /* OPENSSL_EXTRA && !NO_RSA && !NO_CERTS && !NO_WOLFSSL_CLIENT && !NO_BIO */
}
static void test_wolfSSL_CTX_add_client_CA(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_CERTS) && \
!defined(NO_WOLFSSL_CLIENT)
WOLFSSL_CTX* ctx;
WOLFSSL_X509* x509;
WOLFSSL_X509* x509_a;
STACK_OF(X509_NAME)* ca_list;
int ret = 0;
printf(testingFmt, "wolfSSL_CTX_add_client_CA()");
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
/* Add client cert */
x509 = X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM);
AssertNotNull(x509);
ret = SSL_CTX_add_client_CA(ctx, x509);
AssertIntEQ(ret, SSL_SUCCESS);
AssertNotNull(ca_list = SSL_CTX_get_client_CA_list(ctx));
/* Add another client cert */
AssertNotNull(x509_a = X509_load_certificate_file(cliCertFile,
SSL_FILETYPE_PEM));
AssertIntEQ(SSL_CTX_add_client_CA(ctx, x509_a), SSL_SUCCESS);
/* test for incorrect parameter */
AssertIntEQ(SSL_CTX_add_client_CA(NULL, x509), 0);
AssertIntEQ(SSL_CTX_add_client_CA(ctx, NULL), 0);
AssertIntEQ(SSL_CTX_add_client_CA(NULL, NULL), 0);
X509_free(x509);
X509_free(x509_a);
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !NO_RSA && !NO_CERTS && !NO_WOLFSSL_CLIENT */
}
#if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK)
static THREAD_RETURN WOLFSSL_THREAD server_task(void* args)
{
callback_functions* callbacks = ((func_args*)args)->callbacks;
WOLFSSL_CTX* ctx = wolfSSL_CTX_new(callbacks->method());
WOLFSSL* ssl = NULL;
SOCKET_T sfd = 0;
SOCKET_T cfd = 0;
word16 port;
char msg[] = "I hear you fa shizzle!";
int len = (int) XSTRLEN(msg);
char input[1024];
int idx;
int ret, err = 0;
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
((func_args*)args)->return_code = TEST_FAIL;
port = ((func_args*)args)->signal->port;
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
WOLFSSL_FILETYPE_PEM));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
WOLFSSL_FILETYPE_PEM));
if (callbacks->ctx_ready)
callbacks->ctx_ready(ctx);
ssl = wolfSSL_new(ctx);
tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 0, 1, NULL, NULL);
CloseSocket(sfd);
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, cfd));
if (callbacks->ssl_ready)
callbacks->ssl_ready(ssl);
do {
err = 0; /* Reset error */
ret = wolfSSL_accept(ssl);
if (ret != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
}
} while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
if (ret != WOLFSSL_SUCCESS) {
char buff[WOLFSSL_MAX_ERROR_SZ];
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
}
else {
if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) {
input[idx] = 0;
printf("Client message: %s\n", input);
}
AssertIntEQ(len, wolfSSL_write(ssl, msg, len));
#ifdef WOLFSSL_TIRTOS
Task_yield();
#endif
((func_args*)args)->return_code = TEST_SUCCESS;
}
if (callbacks->on_result)
callbacks->on_result(ssl);
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
CloseSocket(cfd);
#ifdef WOLFSSL_TIRTOS
fdCloseSession(Task_self());
#endif
#ifndef WOLFSSL_TIRTOS
return 0;
#endif
}
static void keyLog_callback(const WOLFSSL* ssl, const char* line )
{
AssertNotNull(ssl);
AssertNotNull(line);
XFILE fp;
const byte lf = '\n';
fp = XFOPEN("./MyKeyLog.txt", "a");
XFWRITE( line, 1, strlen(line),fp);
XFWRITE( (void*)&lf,1,1,fp);
XFCLOSE(fp);
}
#endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */
static void test_wolfSSL_CTX_set_keylog_callback(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK)
SSL_CTX* ctx;
printf( testingFmt, "wolfSSL_CTX_set_keylog_callback()");
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
SSL_CTX_set_keylog_callback(ctx, keyLog_callback );
SSL_CTX_free(ctx);
SSL_CTX_set_keylog_callback(NULL, NULL);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */
}
static void test_wolfSSL_CTX_get_keylog_callback(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK)
SSL_CTX* ctx;
printf( testingFmt, "wolfSSL_CTX_get_keylog_callback()");
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
AssertPtrEq(SSL_CTX_get_keylog_callback(ctx),NULL);
SSL_CTX_set_keylog_callback(ctx, keyLog_callback );
AssertPtrEq(SSL_CTX_get_keylog_callback(ctx),keyLog_callback);
SSL_CTX_set_keylog_callback(ctx, NULL );
AssertPtrEq(SSL_CTX_get_keylog_callback(ctx),NULL);
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */
}
static void test_wolfSSL_Tls12_Key_Logging_test(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK)
/* This test is intended for checking whether keylog callback is called
* in client during TLS handshake between the client and a server.
*/
tcp_ready ready;
func_args client_args;
func_args server_args;
THREAD_TYPE serverThread;
callback_functions server_cbf;
callback_functions client_cbf;
SOCKET_T sockfd = 0;
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
XFILE fp;
char msg[64] = "hello wolfssl!";
char reply[1024];
int msgSz = (int)XSTRLEN(msg);
printf(testingFmt, "wolfSSL_Tls12_Key_Logging_test()");
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
InitTcpReady(&ready);
ready.port = 22222;
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
XMEMSET(&server_cbf, 0, sizeof(callback_functions));
XMEMSET(&client_cbf, 0, sizeof(callback_functions));
server_cbf.method = wolfTLSv1_2_server_method;
server_args.callbacks = &server_cbf;
server_args.signal = &ready;
/* clean up keylog file */
fp = XFOPEN("./MyKeyLog.txt", "w");
XFCLOSE(fp);
/* start server task */
start_thread(server_task, &server_args, &serverThread);
wait_tcp_ready(&server_args);
/* run as a TLS1.2 client */
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL);
/* set keylog callback */
wolfSSL_CTX_set_keylog_callback(ctx,keyLog_callback);
/* get connected the server task */
AssertNotNull(ssl = wolfSSL_new(ctx));
AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz);
AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)), 0);
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
CloseSocket(sockfd);
join_thread(serverThread);
FreeTcpReady(&ready);
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
/* check if the keylog file exists */
char buff[300] = {0};
int found = 0;
fp = XFOPEN("./MyKeyLog.txt", "r");
AssertNotNull(fp);
while(XFGETS( buff, (int)sizeof(buff),fp) != NULL ) {
if(0 == strncmp(buff,"CLIENT_RANDOM ",
sizeof("CLIENT_RANDOM ")-1)) {
found = 1;
break;
}
}
XFCLOSE(fp);
/* a log starting with "CLIENT_RANDOM " should exit in the file */
AssertNotNull( found );
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */
}
static void test_wolfSSL_Tls13_Key_Logging_test(void)
{
#if defined(WOLFSSL_TLS13) && defined(OPENSSL_EXTRA) && \
defined(HAVE_SECRET_CALLBACK)
/* This test is intended for checking whether keylog callback is called
* in client during TLS handshake between the client and a server.
*/
tcp_ready ready;
func_args client_args;
func_args server_args;
THREAD_TYPE serverThread;
callback_functions server_cbf;
callback_functions client_cbf;
SOCKET_T sockfd = 0;
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
XFILE fp;
char msg[64] = "hello wolfssl!";
char reply[1024];
int msgSz = (int)XSTRLEN(msg);
printf(testingFmt, "wolfSSL_Tls13_Key_Logging_test()");
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
InitTcpReady(&ready);
ready.port = 22222;
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
XMEMSET(&server_cbf, 0, sizeof(callback_functions));
XMEMSET(&client_cbf, 0, sizeof(callback_functions));
server_cbf.method = wolfTLSv1_3_server_method; /* TLS1.3 */
server_args.callbacks = &server_cbf;
server_args.signal = &ready;
/* clean up keylog file */
fp = XFOPEN("./MyKeyLog.txt", "w");
XFCLOSE(fp);
/* start server task */
start_thread(server_task, &server_args, &serverThread);
wait_tcp_ready(&server_args);
/* run as a TLS1.2 client */
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL);
/* set keylog callback */
wolfSSL_CTX_set_keylog_callback(ctx,keyLog_callback);
/* get connected the server task */
AssertNotNull(ssl = wolfSSL_new(ctx));
AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz);
AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)), 0);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
join_thread(serverThread);
FreeTcpReady(&ready);
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
/* check if the keylog file exists */
char buff[300] = {0};
int found[4] = {0};
fp = XFOPEN("./MyKeyLog.txt", "r");
AssertNotNull(fp);
while(XFGETS( buff, (int)sizeof(buff),fp) != NULL ) {
if(0 == strncmp(buff,"CLIENT_HANDSHAKE_TRAFFIC_SECRET ",
sizeof("CLIENT_HANDSHAKE_TRAFFIC_SECRET ")-1)) {
found[0] = 1;
continue;
}
else if(0 == strncmp(buff,"SERVER_HANDSHAKE_TRAFFIC_SECRET ",
sizeof("SERVER_HANDSHAKE_TRAFFIC_SECRET ")-1)) {
found[1] = 1;
continue;
}
else if(0 == strncmp(buff,"CLIENT_TRAFFIC_SECRET_0 ",
sizeof("CLIENT_TRAFFIC_SECRET_0 ")-1)) {
found[2] = 1;
continue;
}
else if(0 == strncmp(buff,"SERVER_TRAFFIC_SECRET_0 ",
sizeof("SERVER_TRAFFIC_SECRET_0 ")-1)) {
found[3] = 1;
continue;
}
}
XFCLOSE(fp);
int numfnd = 0;
for( uint i = 0; i < 4; i++) {
if( found[i] != 0)
numfnd++;
}
AssertIntEQ( numfnd,4 );
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK && WOLFSSL_TLS13 */
}
#if defined(HAVE_IO_TESTS_DEPENDENCIES) && \
defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
static void post_auth_version_cb(WOLFSSL* ssl)
{
/* do handshake and then test version error */
AssertIntEQ(wolfSSL_accept(ssl), WOLFSSL_SUCCESS);
AssertStrEQ("TLSv1.2", wolfSSL_get_version(ssl));
AssertIntEQ(wolfSSL_verify_client_post_handshake(ssl), WOLFSSL_FAILURE);
#if defined(OPENSSL_ALL) && !defined(NO_ERROR_QUEUE)
/* check was added to error queue */
AssertIntEQ(wolfSSL_ERR_get_error(), -UNSUPPORTED_PROTO_VERSION);
/* check the string matches expected string */
AssertStrEQ(wolfSSL_ERR_error_string(-UNSUPPORTED_PROTO_VERSION, NULL),
"WRONG_SSL_VERSION");
#endif
}
static void post_auth_cb(WOLFSSL* ssl)
{
WOLFSSL_X509* x509;
/* do handshake and then test version error */
AssertIntEQ(wolfSSL_accept(ssl), WOLFSSL_SUCCESS);
AssertStrEQ("TLSv1.3", wolfSSL_get_version(ssl));
AssertNull(x509 = wolfSSL_get_peer_certificate(ssl));
wolfSSL_X509_free(x509);
AssertIntEQ(wolfSSL_verify_client_post_handshake(ssl), WOLFSSL_SUCCESS);
}
static void set_post_auth_cb(WOLFSSL* ssl)
{
if (!wolfSSL_is_server(ssl)) {
AssertIntEQ(wolfSSL_allow_post_handshake_auth(ssl), 0);
}
else {
wolfSSL_set_verify(ssl, WOLFSSL_VERIFY_POST_HANDSHAKE, NULL);
}
}
#endif
static void test_wolfSSL_Tls13_postauth(void)
{
#if defined(HAVE_IO_TESTS_DEPENDENCIES) && \
defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
tcp_ready ready;
func_args client_args;
func_args server_args;
callback_functions server_cbf;
callback_functions client_cbf;
THREAD_TYPE serverThread;
printf(testingFmt, "wolfSSL_Tls13_postauth()");
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
StartTCP();
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
server_args.signal = &ready;
client_args.signal = &ready;
/* test version failure doing post auth with TLS 1.2 connection */
XMEMSET(&server_cbf, 0, sizeof(callback_functions));
XMEMSET(&client_cbf, 0, sizeof(callback_functions));
server_cbf.method = wolfTLSv1_2_server_method;
server_cbf.ssl_ready = set_post_auth_cb;
client_cbf.ssl_ready = set_post_auth_cb;
server_cbf.on_result = post_auth_version_cb;
server_args.callbacks = &server_cbf;
client_args.callbacks = &client_cbf;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args, NULL);
join_thread(serverThread);
/* tests on post auth with TLS 1.3 */
XMEMSET(&server_cbf, 0, sizeof(callback_functions));
XMEMSET(&client_cbf, 0, sizeof(callback_functions));
server_cbf.method = wolfTLSv1_3_server_method;
server_cbf.ssl_ready = set_post_auth_cb;
client_cbf.ssl_ready = set_post_auth_cb;
server_cbf.on_result = post_auth_cb;
server_args.callbacks = &server_cbf;
client_args.callbacks = &client_cbf;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args, NULL);
join_thread(serverThread);
FreeTcpReady(&ready);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_NID(void)
{
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
!defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN)
int sigType;
int nameSz;
X509* cert;
EVP_PKEY* pubKeyTmp;
X509_NAME* name;
char commonName[80];
char countryName[80];
char localityName[80];
char stateName[80];
char orgName[80];
char orgUnit[80];
printf(testingFmt, "wolfSSL_X509_NID()");
/* ------ PARSE ORIGINAL SELF-SIGNED CERTIFICATE ------ */
/* convert cert from DER to internal WOLFSSL_X509 struct */
AssertNotNull(cert = wolfSSL_X509_d2i(&cert, client_cert_der_2048,
sizeof_client_cert_der_2048));
/* ------ EXTRACT CERTIFICATE ELEMENTS ------ */
/* extract PUBLIC KEY from cert */
AssertNotNull(pubKeyTmp = X509_get_pubkey(cert));
/* extract signatureType */
AssertIntNE((sigType = wolfSSL_X509_get_signature_type(cert)), 0);
/* extract subjectName info */
AssertNotNull(name = X509_get_subject_name(cert));
AssertIntEQ(X509_NAME_get_text_by_NID(name, -1, NULL, 0), -1);
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
NULL, 0)), 0);
AssertIntEQ(nameSz, 15);
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
commonName, sizeof(commonName))), 0);
AssertIntEQ(nameSz, 15);
AssertIntEQ(XMEMCMP(commonName, "www.wolfssl.com", nameSz), 0);
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
commonName, 9)), 0);
AssertIntEQ(nameSz, 8);
AssertIntEQ(XMEMCMP(commonName, "www.wolf", nameSz), 0);
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_countryName,
countryName, sizeof(countryName))), 0);
AssertIntEQ(XMEMCMP(countryName, "US", nameSz), 0);
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_localityName,
localityName, sizeof(localityName))), 0);
AssertIntEQ(XMEMCMP(localityName, "Bozeman", nameSz), 0);
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_stateOrProvinceName,
stateName, sizeof(stateName))), 0);
AssertIntEQ(XMEMCMP(stateName, "Montana", nameSz), 0);
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_organizationName,
orgName, sizeof(orgName))), 0);
AssertIntEQ(XMEMCMP(orgName, "wolfSSL_2048", nameSz), 0);
AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_organizationalUnitName,
orgUnit, sizeof(orgUnit))), 0);
AssertIntEQ(XMEMCMP(orgUnit, "Programming-2048", nameSz), 0);
EVP_PKEY_free(pubKeyTmp);
X509_free(cert);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_CTX_set_srp_username(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \
&& !defined(NO_SHA256) && !defined(WC_NO_RNG)
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
const char *username = "TESTUSER";
const char *password = "TESTPASSWORD";
int r;
printf(testingFmt, "wolfSSL_CTX_set_srp_username()");
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
AssertNotNull(ctx);
r = wolfSSL_CTX_set_srp_username(ctx, (char *)username);
AssertIntEQ(r,SSL_SUCCESS);
wolfSSL_CTX_free(ctx);
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
AssertNotNull(ctx);
r = wolfSSL_CTX_set_srp_password(ctx, (char *)password);
AssertIntEQ(r,SSL_SUCCESS);
r = wolfSSL_CTX_set_srp_username(ctx, (char *)username);
AssertIntEQ(r,SSL_SUCCESS);
AssertNotNull(ssl = SSL_new(ctx));
AssertNotNull(SSL_get_srp_username(ssl));
AssertStrEQ(SSL_get_srp_username(ssl), username);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && WOLFCRYPT_HAVE_SRP */
/* && !NO_SHA256 && !WC_NO_RNG */
}
static void test_wolfSSL_CTX_set_srp_password(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \
&& !defined(NO_SHA256) && !defined(WC_NO_RNG)
WOLFSSL_CTX* ctx;
const char *username = "TESTUSER";
const char *password = "TESTPASSWORD";
int r;
printf(testingFmt, "wolfSSL_CTX_set_srp_password()");
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
AssertNotNull(ctx);
r = wolfSSL_CTX_set_srp_password(ctx, (char *)password);
AssertIntEQ(r,SSL_SUCCESS);
wolfSSL_CTX_free(ctx);
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
AssertNotNull(ctx);
r = wolfSSL_CTX_set_srp_username(ctx, (char *)username);
AssertIntEQ(r,SSL_SUCCESS);
r = wolfSSL_CTX_set_srp_password(ctx, (char *)password);
AssertIntEQ(r,SSL_SUCCESS);
wolfSSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && WOLFCRYPT_HAVE_SRP */
/* && !NO_SHA256 && !WC_NO_RNG */
}
static void test_wolfSSL_X509_STORE(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
X509_STORE *store;
#ifdef HAVE_CRL
X509_STORE_CTX *storeCtx;
X509_CRL *crl;
X509 *ca, *cert;
const char crlPem[] = "./certs/crl/crl.revoked";
const char srvCert[] = "./certs/server-revoked-cert.pem";
const char caCert[] = "./certs/ca-cert.pem";
XFILE fp;
printf(testingFmt, "test_wolfSSL_X509_STORE");
AssertNotNull(store = (X509_STORE *)X509_STORE_new());
AssertNotNull((ca = wolfSSL_X509_load_certificate_file(caCert,
SSL_FILETYPE_PEM)));
AssertIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS);
AssertNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert,
SSL_FILETYPE_PEM)));
AssertNotNull((storeCtx = X509_STORE_CTX_new()));
AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS);
AssertIntEQ(X509_verify_cert(storeCtx), SSL_SUCCESS);
X509_STORE_free(store);
X509_STORE_CTX_free(storeCtx);
X509_free(cert);
X509_free(ca);
/* should fail to verify now after adding in CRL */
AssertNotNull(store = (X509_STORE *)X509_STORE_new());
AssertNotNull((ca = wolfSSL_X509_load_certificate_file(caCert,
SSL_FILETYPE_PEM)));
AssertIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS);
fp = XFOPEN(crlPem, "rb");
AssertTrue((fp != XBADFILE));
AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL,
NULL, NULL));
XFCLOSE(fp);
AssertIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS);
AssertIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK),SSL_SUCCESS);
AssertNotNull((storeCtx = X509_STORE_CTX_new()));
AssertNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert,
SSL_FILETYPE_PEM)));
AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS);
AssertIntNE(X509_verify_cert(storeCtx), SSL_SUCCESS);
AssertIntEQ(X509_STORE_CTX_get_error(storeCtx), CRL_CERT_REVOKED);
X509_CRL_free(crl);
X509_STORE_free(store);
X509_STORE_CTX_free(storeCtx);
X509_free(cert);
X509_free(ca);
#endif /* HAVE_CRL */
#ifndef WOLFCRYPT_ONLY
{
SSL_CTX* ctx;
SSL* ssl;
int i;
for (i = 0; i < 2; i++) {
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
AssertNotNull(store = (X509_STORE *)X509_STORE_new());
SSL_CTX_set_cert_store(ctx, store);
AssertNotNull(store = (X509_STORE *)X509_STORE_new());
SSL_CTX_set_cert_store(ctx, store);
AssertNotNull(store = (X509_STORE *)X509_STORE_new());
AssertIntEQ(SSL_CTX_use_certificate_file(ctx, svrCertFile,
SSL_FILETYPE_PEM), SSL_SUCCESS);
AssertIntEQ(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
SSL_FILETYPE_PEM), SSL_SUCCESS);
AssertNotNull(ssl = SSL_new(ctx));
if (i == 0) {
AssertIntEQ(SSL_set0_verify_cert_store(ssl, store), SSL_SUCCESS);
}
else {
AssertIntEQ(SSL_set1_verify_cert_store(ssl, store), SSL_SUCCESS);
X509_STORE_free(store);
}
SSL_free(ssl);
SSL_CTX_free(ctx);
}
}
#endif
printf(resultFmt, passed);
#endif
return;
}
static void test_wolfSSL_X509_STORE_load_locations(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \
!defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && !defined(NO_RSA)
SSL_CTX *ctx;
X509_STORE *store;
const char ca_file[] = "./certs/ca-cert.pem";
const char client_pem_file[] = "./certs/client-cert.pem";
const char client_der_file[] = "./certs/client-cert.der";
const char ecc_file[] = "./certs/ecc-key.pem";
const char certs_path[] = "./certs/";
const char bad_path[] = "./bad-path/";
#ifdef HAVE_CRL
const char crl_path[] = "./certs/crl/";
const char crl_file[] = "./certs/crl/crl.pem";
#endif
printf(testingFmt, "wolfSSL_X509_STORE_load_locations");
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(SSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(SSLv23_client_method()));
#endif
AssertNotNull(store = SSL_CTX_get_cert_store(ctx));
AssertIntEQ(wolfSSL_CertManagerLoadCA(store->cm, ca_file, NULL), WOLFSSL_SUCCESS);
/* Test bad arguments */
AssertIntEQ(X509_STORE_load_locations(NULL, ca_file, NULL), WOLFSSL_FAILURE);
AssertIntEQ(X509_STORE_load_locations(store, NULL, NULL), WOLFSSL_FAILURE);
AssertIntEQ(X509_STORE_load_locations(store, client_der_file, NULL), WOLFSSL_FAILURE);
AssertIntEQ(X509_STORE_load_locations(store, ecc_file, NULL), WOLFSSL_FAILURE);
AssertIntEQ(X509_STORE_load_locations(store, NULL, bad_path), WOLFSSL_FAILURE);
#ifdef HAVE_CRL
/* Test with CRL */
AssertIntEQ(X509_STORE_load_locations(store, crl_file, NULL), WOLFSSL_SUCCESS);
AssertIntEQ(X509_STORE_load_locations(store, NULL, crl_path), WOLFSSL_SUCCESS);
#endif
/* Test with CA */
AssertIntEQ(X509_STORE_load_locations(store, ca_file, NULL), WOLFSSL_SUCCESS);
/* Test with client_cert and certs path */
AssertIntEQ(X509_STORE_load_locations(store, client_pem_file, NULL), WOLFSSL_SUCCESS);
AssertIntEQ(X509_STORE_load_locations(store, NULL, certs_path), WOLFSSL_SUCCESS);
#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
/* Clear nodes */
ERR_clear_error();
#endif
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
static void test_X509_STORE_get0_objects(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
X509_STORE *store;
X509_STORE *store_cpy;
SSL_CTX *ctx;
X509_OBJECT *obj;
STACK_OF(X509_OBJECT) *objs;
int i;
printf(testingFmt, "wolfSSL_X509_STORE_get0_objects");
/* Setup store */
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(SSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(SSLv23_client_method()));
#endif
AssertNotNull(store_cpy = X509_STORE_new());
AssertNotNull(store = SSL_CTX_get_cert_store(ctx));
AssertIntEQ(X509_STORE_load_locations(store, cliCertFile, NULL), WOLFSSL_SUCCESS);
AssertIntEQ(X509_STORE_load_locations(store, caCertFile, NULL), WOLFSSL_SUCCESS);
AssertIntEQ(X509_STORE_load_locations(store, svrCertFile, NULL), WOLFSSL_SUCCESS);
#ifdef HAVE_CRL
AssertIntEQ(X509_STORE_load_locations(store, NULL, crlPemDir), WOLFSSL_SUCCESS);
#endif
/* Store ready */
/* Similar to HaProxy ssl_set_cert_crl_file use case */
AssertNotNull(objs = X509_STORE_get0_objects(store));
#ifdef HAVE_CRL
#ifdef WOLFSSL_SIGNER_DER_CERT
AssertIntEQ(sk_X509_OBJECT_num(objs), 4);
#else
AssertIntEQ(sk_X509_OBJECT_num(objs), 1);
#endif
#else
#ifdef WOLFSSL_SIGNER_DER_CERT
AssertIntEQ(sk_X509_OBJECT_num(objs), 3);
#else
AssertIntEQ(sk_X509_OBJECT_num(objs), 0);
#endif
#endif
for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
obj = (X509_OBJECT*)sk_X509_OBJECT_value(objs, i);
switch (X509_OBJECT_get_type(obj)) {
case X509_LU_X509:
AssertNotNull(X509_OBJECT_get0_X509(obj));
AssertIntEQ(X509_STORE_add_cert(store_cpy,
X509_OBJECT_get0_X509(obj)), WOLFSSL_SUCCESS);
break;
case X509_LU_CRL:
#ifdef HAVE_CRL
AssertNotNull(X509_OBJECT_get0_X509_CRL(obj));
AssertIntEQ(X509_STORE_add_crl(store_cpy,
X509_OBJECT_get0_X509_CRL(obj)), WOLFSSL_SUCCESS);
break;
#endif
case X509_LU_NONE:
default:
Fail(("X509_OBJECT_get_type should return x509 or crl "
"(when built with crl support)"),
("Unrecognized X509_OBJECT type or none"));
}
}
X509_STORE_free(store_cpy);
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_BN(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
BIGNUM* a;
BIGNUM* b;
BIGNUM* c;
BIGNUM* d;
ASN1_INTEGER* ai;
printf(testingFmt, "wolfSSL_BN()");
AssertNotNull(b = BN_new());
AssertNotNull(c = BN_new());
AssertNotNull(d = BN_new());
ai = ASN1_INTEGER_new();
AssertNotNull(ai);
/* at the moment hard setting since no set function */
ai->data[0] = 0x02; /* tag for ASN_INTEGER */
ai->data[1] = 0x01; /* length of integer */
ai->data[2] = 0x03;
AssertNotNull(a = ASN1_INTEGER_to_BN(ai, NULL));
ASN1_INTEGER_free(ai);
AssertIntEQ(BN_set_word(b, 2), SSL_SUCCESS);
AssertIntEQ(BN_set_word(c, 5), SSL_SUCCESS);
/* a + 3 = */
AssertIntEQ(BN_add_word(NULL, 3), WOLFSSL_FAILURE);
AssertIntEQ(BN_add_word(a, 3), WOLFSSL_SUCCESS);
/* check result 3 + 3*/
AssertIntEQ(BN_get_word(a), 6);
/* set a back to 3 */
AssertIntEQ(BN_set_word(a, 3), SSL_SUCCESS);
/* a - 3 = */
AssertIntEQ(BN_sub_word(NULL, 3), WOLFSSL_FAILURE);
AssertIntEQ(BN_sub_word(a, 3), WOLFSSL_SUCCESS);
/* check result 3 - 3*/
AssertIntEQ(BN_get_word(a), 0);
/* set a back to 3 */
AssertIntEQ(BN_set_word(a, 3), SSL_SUCCESS);
/* a^b mod c = */
AssertIntEQ(BN_mod_exp(d, NULL, b, c, NULL), WOLFSSL_FAILURE);
AssertIntEQ(BN_mod_exp(d, a, b, c, NULL), WOLFSSL_SUCCESS);
/* check result 3^2 mod 5 */
AssertIntEQ(BN_get_word(d), 4);
/* a*b = */
AssertIntEQ(BN_mul(d, NULL, b, NULL), WOLFSSL_FAILURE);
AssertIntEQ(BN_mul(d, a, b, NULL), WOLFSSL_SUCCESS);
/* check result 3*2 */
AssertIntEQ(BN_get_word(d), 6);
/* c/b => db + a */
AssertIntEQ(BN_div(d, NULL, c, b, NULL), WOLFSSL_FAILURE);
AssertIntEQ(BN_div(d, a, c, b, NULL), WOLFSSL_SUCCESS);
/* check result 5/2 */
AssertIntEQ(BN_get_word(d), 2); /* check quotient */
AssertIntEQ(BN_get_word(a), 1); /* check remainder */
/* set a back to 3 */
AssertIntEQ(BN_set_word(a, 3), SSL_SUCCESS);
/* a*b mod c = */
AssertIntEQ(BN_mod_mul(d, NULL, b, c, NULL), SSL_FAILURE);
AssertIntEQ(BN_mod_mul(d, a, b, c, NULL), SSL_SUCCESS);
/* check result 3*2 mod 5 */
AssertIntEQ(BN_get_word(d), 1);
AssertIntEQ(BN_set_word(a, 16), SSL_SUCCESS);
AssertIntEQ(BN_set_word(b, 24), SSL_SUCCESS);
#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
/* gcd of a and b */
AssertIntEQ(BN_gcd(d, NULL, b, NULL), SSL_FAILURE);
AssertIntEQ(BN_gcd(d, a, b, NULL), SSL_SUCCESS);
/* check result gcd(16, 24) */
AssertIntEQ(BN_get_word(d), 8);
#endif /* !NO_RSA && WOLFSSL_KEY_GEN */
AssertIntEQ(BN_set_word(a, 1 << 6), SSL_SUCCESS);
AssertIntEQ(BN_rshift(b, a, 6), SSL_SUCCESS);
AssertIntEQ(BN_is_zero(b), 0);
AssertIntEQ(BN_rshift(b, a, 7), SSL_SUCCESS);
AssertIntEQ(BN_is_zero(b), 1);
AssertIntEQ(BN_rshift1(b, a), SSL_SUCCESS);
AssertIntEQ(BN_is_zero(b), 0);
/* set b back to 2 */
AssertIntEQ(BN_set_word(b, 2), SSL_SUCCESS);
/* BN_mod_inverse test */
BIGNUM *r = BN_new();
BIGNUM *val = BN_mod_inverse(r,b,c,NULL);
AssertIntEQ((int)(BN_get_word(r) & 0x03), 3);
BN_free(val);
#if !defined(WOLFSSL_SP_MATH) && (!defined(WOLFSSL_SP_MATH_ALL) || \
defined(WOLFSSL_SP_INT_NEGATIVE))
AssertIntEQ(BN_set_word(a, 1), SSL_SUCCESS);
AssertIntEQ(BN_set_word(b, 5), SSL_SUCCESS);
AssertIntEQ(BN_is_word(a, (WOLFSSL_BN_ULONG)BN_get_word(a)), SSL_SUCCESS);
AssertIntEQ(BN_is_word(a, 3), SSL_FAILURE);
AssertIntEQ(BN_sub(c, a, b), SSL_SUCCESS);
#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
{
char* ret;
AssertNotNull(ret = BN_bn2dec(c));
AssertIntEQ(XMEMCMP(ret, "-4", sizeof("-4")), 0);
XFREE(ret, NULL, DYNAMIC_TYPE_OPENSSL);
}
#endif
AssertIntEQ(BN_get_word(c), 4);
#endif
BN_free(a);
BN_free(b);
BN_free(c);
BN_clear_free(d);
/* check that converting NULL and the null string returns an error */
a = NULL;
AssertIntLE(BN_hex2bn(&a, NULL), 0);
AssertIntLE(BN_hex2bn(&a, ""), 0);
AssertNull(a);
/* check that getting a string and a bin of the same number are equal,
* and that the comparison works EQ, LT and GT */
AssertIntGT(BN_hex2bn(&a, "03"), 0);
AssertNotNull(b = BN_new());
AssertIntEQ(BN_set_word(b, 3), SSL_SUCCESS);
AssertNotNull(c = BN_new());
AssertIntEQ(BN_set_word(c, 4), SSL_SUCCESS);
AssertIntEQ(BN_cmp(a, b), 0);
AssertIntLT(BN_cmp(a, c), 0);
AssertIntGT(BN_cmp(c, b), 0);
AssertIntEQ(BN_set_word(a, 0), 1);
AssertIntEQ(BN_is_zero(a), 1);
AssertIntEQ(BN_set_bit(a, 0x45), 1);
AssertIntEQ(BN_is_zero(a), 0);
AssertIntEQ(BN_is_bit_set(a, 0x45), 1);
AssertIntEQ(BN_clear_bit(a, 0x45), 1);
AssertIntEQ(BN_is_bit_set(a, 0x45), 0);
AssertIntEQ(BN_is_zero(a), 1);
BN_free(a);
BN_free(b);
BN_free(c);
#if defined(USE_FAST_MATH) && !defined(HAVE_WOLF_BIGINT)
{
BIGNUM *ap;
BIGNUM bv;
BIGNUM cv;
BIGNUM dv;
AssertNotNull(ap = BN_new());
BN_init(&bv);
BN_init(&cv);
BN_init(&dv);
AssertIntEQ(BN_set_word(ap, 3), SSL_SUCCESS);
AssertIntEQ(BN_set_word(&bv, 2), SSL_SUCCESS);
AssertIntEQ(BN_set_word(&cv, 5), SSL_SUCCESS);
/* a^b mod c = */
AssertIntEQ(BN_mod_exp(&dv, NULL, &bv, &cv, NULL), WOLFSSL_FAILURE);
AssertIntEQ(BN_mod_exp(&dv, ap, &bv, &cv, NULL), WOLFSSL_SUCCESS);
/* check result 3^2 mod 5 */
AssertIntEQ(BN_get_word(&dv), 4);
/* a*b mod c = */
AssertIntEQ(BN_mod_mul(&dv, NULL, &bv, &cv, NULL), SSL_FAILURE);
AssertIntEQ(BN_mod_mul(&dv, ap, &bv, &cv, NULL), SSL_SUCCESS);
/* check result 3*2 mod 5 */
AssertIntEQ(BN_get_word(&dv), 1);
BN_free(ap);
}
#endif
#if defined(WOLFSSL_KEY_GEN) && (!defined(NO_RSA) || !defined(NO_DH) || !defined(NO_DSA))
AssertNotNull(a = BN_new());
AssertIntEQ(BN_generate_prime_ex(a, 512, 0, NULL, NULL, NULL),
SSL_SUCCESS);
AssertIntEQ(BN_is_prime_ex(a, 8, NULL, NULL), SSL_SUCCESS);
BN_free(a);
#endif
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */
}
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
#define TEST_ARG 0x1234
static void msg_cb(int write_p, int version, int content_type,
const void *buf, size_t len, SSL *ssl, void *arg)
{
(void)write_p;
(void)version;
(void)content_type;
(void)buf;
(void)len;
(void)ssl;
AssertTrue(arg == (void*)TEST_ARG);
}
#endif
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \
defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_WOLFSSL_CLIENT) && \
!defined(NO_WOLFSSL_SERVER)
#ifndef SINGLE_THREADED
#if defined(SESSION_CERTS)
#include "wolfssl/internal.h"
#endif
static int msgCb(SSL_CTX *ctx, SSL *ssl)
{
(void) ctx;
(void) ssl;
#if defined(OPENSSL_ALL) && defined(SESSION_CERTS)
STACK_OF(X509)* sk;
X509* x509;
int i, num;
BIO* bio;
#endif
printf("\n===== msgcb called ====\n");
#if defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN)
AssertTrue(SSL_get_peer_cert_chain(ssl) != NULL);
AssertIntEQ(((WOLFSSL_X509_CHAIN *)SSL_get_peer_cert_chain(ssl))->count, 2);
AssertNotNull(SSL_get0_verified_chain(ssl));
#endif
#if defined(OPENSSL_ALL) && defined(SESSION_CERTS)
bio = BIO_new(BIO_s_file());
BIO_set_fp(bio, stdout, BIO_NOCLOSE);
sk = SSL_get_peer_cert_chain(ssl);
AssertNotNull(sk);
if (!sk) {
BIO_free(bio);
return SSL_FAILURE;
}
num = sk_X509_num(sk);
AssertTrue(num > 0);
for (i = 0; i < num; i++) {
x509 = sk_X509_value(sk,i);
AssertNotNull(x509);
if (!x509)
break;
printf("Certificate at index [%d] = :\n",i);
X509_print(bio,x509);
printf("\n\n");
}
BIO_free(bio);
#endif
return SSL_SUCCESS;
}
#endif
#endif
static void test_wolfSSL_msgCb(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \
defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_WOLFSSL_CLIENT) && \
!defined(NO_WOLFSSL_SERVER)
tcp_ready ready;
func_args client_args;
func_args server_args;
#ifndef SINGLE_THREADED
THREAD_TYPE serverThread;
#endif
callback_functions client_cb;
callback_functions server_cb;
printf(testingFmt, "test_wolfSSL_msgCb");
/* create a failed connection and inspect the error */
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
StartTCP();
InitTcpReady(&ready);
XMEMSET(&client_cb, 0, sizeof(callback_functions));
XMEMSET(&server_cb, 0, sizeof(callback_functions));
#ifndef WOLFSSL_NO_TLS12
client_cb.method = wolfTLSv1_2_client_method;
server_cb.method = wolfTLSv1_2_server_method;
#else
client_cb.method = wolfTLSv1_3_client_method;
server_cb.method = wolfTLSv1_3_server_method;
#endif
server_args.signal = &ready;
server_args.callbacks = &server_cb;
client_args.signal = &ready;
client_args.callbacks = &client_cb;
client_args.return_code = TEST_FAIL;
#ifndef SINGLE_THREADED
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args, msgCb);
join_thread(serverThread);
#endif
FreeTcpReady(&ready);
#ifndef SINGLE_THREADED
AssertTrue(client_args.return_code);
AssertTrue(server_args.return_code);
#endif
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_either_side(void)
{
#if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)) && \
!defined(NO_FILESYSTEM) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
tcp_ready ready;
func_args client_args;
func_args server_args;
#ifndef SINGLE_THREADED
THREAD_TYPE serverThread;
#endif
callback_functions client_cb;
callback_functions server_cb;
printf(testingFmt, "test_wolfSSL_either_side");
/* create a failed connection and inspect the error */
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
StartTCP();
InitTcpReady(&ready);
XMEMSET(&client_cb, 0, sizeof(callback_functions));
XMEMSET(&server_cb, 0, sizeof(callback_functions));
/* Use different CTX for client and server */
client_cb.ctx = wolfSSL_CTX_new(wolfSSLv23_method());
AssertNotNull(client_cb.ctx);
server_cb.ctx = wolfSSL_CTX_new(wolfSSLv23_method());
AssertNotNull(server_cb.ctx);
/* we are responsible for free'ing WOLFSSL_CTX */
server_cb.isSharedCtx = client_cb.isSharedCtx = 1;
server_args.signal = &ready;
server_args.callbacks = &server_cb;
client_args.signal = &ready;
client_args.callbacks = &client_cb;
client_args.return_code = TEST_FAIL;
#ifndef SINGLE_THREADED
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args, NULL);
join_thread(serverThread);
#endif
wolfSSL_CTX_free(client_cb.ctx);
wolfSSL_CTX_free(server_cb.ctx);
FreeTcpReady(&ready);
#ifndef SINGLE_THREADED
AssertTrue(client_args.return_code);
AssertTrue(server_args.return_code);
#endif
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_DTLS_either_side(void)
{
#if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)) && \
!defined(NO_FILESYSTEM) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
defined(WOLFSSL_DTLS)
tcp_ready ready;
func_args client_args;
func_args server_args;
#ifndef SINGLE_THREADED
THREAD_TYPE serverThread;
#endif
callback_functions client_cb;
callback_functions server_cb;
printf(testingFmt, "test_wolfSSL_DTLS_either_side");
/* create a failed connection and inspect the error */
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
StartTCP();
InitTcpReady(&ready);
XMEMSET(&client_cb, 0, sizeof(callback_functions));
XMEMSET(&server_cb, 0, sizeof(callback_functions));
/* Use different CTX for client and server */
client_cb.ctx = wolfSSL_CTX_new(wolfDTLS_method());
AssertNotNull(client_cb.ctx);
server_cb.ctx = wolfSSL_CTX_new(wolfDTLS_method());
AssertNotNull(server_cb.ctx);
/* we are responsible for free'ing WOLFSSL_CTX */
server_cb.isSharedCtx = client_cb.isSharedCtx = 1;
server_args.signal = &ready;
server_args.callbacks = &server_cb;
client_args.signal = &ready;
client_args.callbacks = &client_cb;
client_args.return_code = TEST_FAIL;
#ifndef SINGLE_THREADED
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args, NULL);
join_thread(serverThread);
#endif
wolfSSL_CTX_free(client_cb.ctx);
wolfSSL_CTX_free(server_cb.ctx);
FreeTcpReady(&ready);
#ifndef SINGLE_THREADED
AssertTrue(client_args.return_code);
AssertTrue(server_args.return_code);
#endif
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
printf(resultFmt, passed);
#endif
}
static void test_generate_cookie(void)
{
#if defined(WOLFSSL_DTLS) && defined(OPENSSL_EXTRA) && defined(USE_WOLFSSL_IO)
SSL_CTX* ctx;
SSL* ssl;
byte buf[FOURK_BUF] = {0};
printf(testingFmt, "test_generate_cookie");
AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLS_method()));
AssertNotNull(ssl = SSL_new(ctx));
/* Test unconnected */
AssertIntEQ(EmbedGenerateCookie(ssl, buf, FOURK_BUF, NULL), GEN_COOKIE_E);
wolfSSL_CTX_SetGenCookie(ctx, EmbedGenerateCookie);
wolfSSL_SetCookieCtx(ssl, ctx);
AssertNotNull(wolfSSL_GetCookieCtx(ssl));
AssertNull(wolfSSL_GetCookieCtx(NULL));
SSL_free(ssl);
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_set_options(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
SSL* ssl;
SSL_CTX* ctx;
char appData[] = "extra msg";
unsigned char protos[] = {
7, 't', 'l', 's', '/', '1', '.', '2',
8, 'h', 't', 't', 'p', '/', '1', '.', '1'
};
unsigned int len = sizeof(protos);
void *arg = (void *)TEST_ARG;
printf(testingFmt, "wolfSSL_set_options()");
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1);
AssertTrue(SSL_CTX_get_options(ctx) == SSL_OP_NO_TLSv1);
AssertIntGT((int)SSL_CTX_set_options(ctx, (SSL_OP_COOKIE_EXCHANGE |
SSL_OP_NO_SSLv2)), 0);
AssertTrue((SSL_CTX_set_options(ctx, SSL_OP_COOKIE_EXCHANGE) &
SSL_OP_COOKIE_EXCHANGE) == SSL_OP_COOKIE_EXCHANGE);
AssertTrue((SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_2) &
SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2);
AssertTrue((SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION) &
SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION);
AssertNull((SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION) &
SSL_OP_NO_COMPRESSION));
SSL_CTX_free(ctx);
#ifndef NO_WOLFSSL_SERVER
ctx = SSL_CTX_new(wolfSSLv23_server_method());
AssertNotNull(ctx);
#else
ctx = SSL_CTX_new(wolfSSLv23_client_method());
AssertNotNull(ctx);
#endif
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_set_msg_callback(ctx, msg_cb) == SSL_SUCCESS);
AssertNotNull(ssl = SSL_new(ctx));
#ifdef HAVE_EX_DATA
AssertIntEQ(SSL_set_app_data(ssl, (void*)appData), SSL_SUCCESS);
AssertNotNull(SSL_get_app_data((const WOLFSSL*)ssl));
if (ssl) {
AssertIntEQ(XMEMCMP(SSL_get_app_data((const WOLFSSL*)ssl),
appData, sizeof(appData)), 0);
}
#else
AssertIntEQ(SSL_set_app_data(ssl, (void*)appData), SSL_FAILURE);
AssertNull(SSL_get_app_data((const WOLFSSL*)ssl));
#endif
AssertTrue(SSL_set_options(ssl, SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1);
AssertTrue(SSL_get_options(ssl) == SSL_OP_NO_TLSv1);
AssertIntGT((int)SSL_set_options(ssl, (SSL_OP_COOKIE_EXCHANGE |
WOLFSSL_OP_NO_SSLv2)), 0);
AssertTrue((SSL_set_options(ssl, SSL_OP_COOKIE_EXCHANGE) &
SSL_OP_COOKIE_EXCHANGE) == SSL_OP_COOKIE_EXCHANGE);
AssertTrue((SSL_set_options(ssl, SSL_OP_NO_TLSv1_2) &
SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2);
AssertTrue((SSL_set_options(ssl, SSL_OP_NO_COMPRESSION) &
SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION);
AssertNull((SSL_clear_options(ssl, SSL_OP_NO_COMPRESSION) &
SSL_OP_NO_COMPRESSION));
AssertTrue(SSL_set_msg_callback(ssl, msg_cb) == SSL_SUCCESS);
SSL_set_msg_callback_arg(ssl, arg);
#ifdef WOLFSSL_ERROR_CODE_OPENSSL
AssertTrue(SSL_CTX_set_alpn_protos(ctx, protos, len) == 0);
#else
AssertTrue(SSL_CTX_set_alpn_protos(ctx, protos, len) == SSL_SUCCESS);
#endif
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_ALL) || \
defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL)
#if defined(HAVE_ALPN) && !defined(NO_BIO)
#ifdef WOLFSSL_ERROR_CODE_OPENSSL
AssertTrue(SSL_set_alpn_protos(ssl, protos, len) == 0);
#else
AssertTrue(SSL_set_alpn_protos(ssl, protos, len) == SSL_SUCCESS);
#endif
#endif /* HAVE_ALPN && !NO_BIO */
#endif
SSL_free(ssl);
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) */
}
static void test_wolfSSL_sk_SSL_CIPHER(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
SSL* ssl;
SSL_CTX* ctx;
STACK_OF(SSL_CIPHER) *sk, *dupSk;
printf(testingFmt, "wolfSSL_sk_SSL_CIPHER_*()");
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
AssertNotNull(sk = SSL_get_ciphers(ssl));
AssertNotNull(dupSk = sk_SSL_CIPHER_dup(sk));
AssertIntGT(sk_SSL_CIPHER_num(sk), 0);
AssertIntEQ(sk_SSL_CIPHER_num(sk), sk_SSL_CIPHER_num(dupSk));
/* error case because connection has not been established yet */
AssertIntEQ(sk_SSL_CIPHER_find(sk, SSL_get_current_cipher(ssl)), -1);
sk_SSL_CIPHER_free(dupSk);
/* sk is pointer to internal struct that should be free'd in SSL_free */
SSL_free(ssl);
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) */
}
static void test_wolfSSL_set1_curves_list(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_RSA)
SSL* ssl = NULL;
SSL_CTX* ctx = NULL;
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile,
SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
AssertIntEQ(SSL_CTX_set1_curves_list(ctx, NULL), WOLFSSL_FAILURE);
AssertIntEQ(SSL_CTX_set1_curves_list(ctx, "P-25X"), WOLFSSL_FAILURE);
AssertIntEQ(SSL_CTX_set1_curves_list(ctx, "P-256"), WOLFSSL_SUCCESS);
AssertIntEQ(SSL_set1_curves_list(ssl, NULL), WOLFSSL_FAILURE);
AssertIntEQ(SSL_set1_curves_list(ssl, "P-25X"), WOLFSSL_FAILURE);
AssertIntEQ(SSL_set1_curves_list(ssl, "P-256"), WOLFSSL_SUCCESS);
SSL_free(ssl);
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_set1_sigalgs_list(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA)
SSL* ssl;
SSL_CTX* ctx;
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile,
SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(NULL, NULL), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, NULL), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_set1_sigalgs_list(NULL, NULL), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, NULL), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, ""), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, ""), WOLFSSL_FAILURE);
#ifndef NO_RSA
#ifndef NO_SHA256
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(NULL, "RSA+SHA256"),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_set1_sigalgs_list(NULL, "RSA+SHA256"),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA+SHA256"),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA+SHA256"),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA-SHA256"),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA-SHA256"),
WOLFSSL_FAILURE);
#ifdef WC_RSA_PSS
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA-PSS+SHA256"),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA-PSS+SHA256"),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "PSS+SHA256"),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "PSS+SHA256"),
WOLFSSL_SUCCESS);
#endif
#ifdef WOLFSSL_SHA512
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx,
"RSA+SHA256:RSA+SHA512"), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl,
"RSA+SHA256:RSA+SHA512"), WOLFSSL_SUCCESS);
#elif defined(WOLFSSL_SHA384)
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx,
"RSA+SHA256:RSA+SHA384"), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl,
"RSA+SHA256:RSA+SHA384"), WOLFSSL_SUCCESS);
#endif
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA"), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA"), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA:RSA+SHA256"),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA:RSA+SHA256"),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA+SHA256+SHA256"),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA+SHA256+RSA"),
WOLFSSL_FAILURE);
#endif
#endif
#ifdef HAVE_ECC
#ifndef NO_SHA256
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "ECDSA+SHA256"),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "ECDSA+SHA256"), WOLFSSL_SUCCESS);
#ifdef WOLFSSL_SHA512
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx,
"ECDSA+SHA256:ECDSA+SHA512"), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl,
"ECDSA+SHA256:ECDSA+SHA512"), WOLFSSL_SUCCESS);
#elif defined(WOLFSSL_SHA384)
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx,
"ECDSA+SHA256:ECDSA+SHA384"), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl,
"ECDSA+SHA256:ECDSA+SHA384"), WOLFSSL_SUCCESS);
#endif
#endif
#endif
#ifdef HAVE_ED25519
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "ED25519"), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "ED25519"), WOLFSSL_SUCCESS);
#endif
#ifdef HAVE_ED448
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "ED448"), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "ED448"), WOLFSSL_SUCCESS);
#endif
#ifndef NO_DSA
#ifndef NO_SHA256
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "DSA+SHA256"),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "DSA+SHA256"),
WOLFSSL_SUCCESS);
#endif
#if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
defined(WOLFSSL_ALLOW_TLS_SHA1))
AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "DSA+SHA1"),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "DSA+SHA1"),
WOLFSSL_SUCCESS);
#endif
#endif
SSL_free(ssl);
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
/* Testing wolfSSL_set_tlsext_status_type function.
* PRE: OPENSSL and HAVE_CERTIFICATE_STATUS_REQUEST defined.
*/
static void test_wolfSSL_set_tlsext_status_type(void){
#if defined(OPENSSL_EXTRA) && defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \
!defined(NO_RSA) && !defined(NO_WOLFSSL_SERVER)
SSL* ssl;
SSL_CTX* ctx;
printf(testingFmt, "wolfSSL_set_tlsext_status_type()");
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
AssertIntEQ(SSL_set_tlsext_status_type(ssl,TLSEXT_STATUSTYPE_ocsp),
SSL_SUCCESS);
AssertIntEQ(SSL_get_tlsext_status_type(ssl), TLSEXT_STATUSTYPE_ocsp);
SSL_free(ssl);
SSL_CTX_free(ctx);
#endif /* OPENSSL_EXTRA && HAVE_CERTIFICATE_STATUS_REQUEST && !NO_RSA */
}
#ifndef NO_BIO
static void test_wolfSSL_PEM_read_bio(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
byte buff[6000];
XFILE f;
int bytes;
X509* x509;
BIO* bio = NULL;
BUF_MEM* buf;
printf(testingFmt, "wolfSSL_PEM_read_bio()");
f = XFOPEN(cliCertFile, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f);
AssertNull(x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL));
AssertNotNull(bio = BIO_new_mem_buf((void*)buff, bytes));
AssertNotNull(x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL));
AssertIntEQ((int)BIO_set_fd(bio, 0, BIO_CLOSE), 1);
AssertIntEQ(BIO_set_close(bio, BIO_NOCLOSE), 1);
AssertIntEQ(BIO_set_close(NULL, BIO_NOCLOSE), 1);
AssertIntEQ(SSL_SUCCESS, BIO_get_mem_ptr(bio, &buf));
BIO_free(bio);
BUF_MEM_free(buf);
X509_free(x509);
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) */
}
#if defined(OPENSSL_EXTRA)
static long bioCallback(BIO *bio, int cmd, const char* argp, int argi,
long argl, long ret)
{
(void)bio;
(void)cmd;
(void)argp;
(void)argi;
(void)argl;
return ret;
}
#endif
static void test_wolfSSL_BIO(void)
{
#if defined(OPENSSL_EXTRA)
const unsigned char* p;
byte buff[20];
BIO* bio1;
BIO* bio2;
BIO* bio3;
char* bufPt;
int i;
printf(testingFmt, "wolfSSL_BIO()");
for (i = 0; i < 20; i++) {
buff[i] = i;
}
/* test BIO_free with NULL */
AssertIntEQ(BIO_free(NULL), WOLFSSL_FAILURE);
/* Creating and testing type BIO_s_bio */
AssertNotNull(bio1 = BIO_new(BIO_s_bio()));
AssertNotNull(bio2 = BIO_new(BIO_s_bio()));
AssertNotNull(bio3 = BIO_new(BIO_s_bio()));
/* read/write before set up */
AssertIntEQ(BIO_read(bio1, buff, 2), WOLFSSL_BIO_UNSET);
AssertIntEQ(BIO_write(bio1, buff, 2), WOLFSSL_BIO_UNSET);
AssertIntEQ(BIO_set_nbio(bio1, 1), 1);
AssertIntEQ(BIO_set_write_buf_size(bio1, 20), WOLFSSL_SUCCESS);
AssertIntEQ(BIO_set_write_buf_size(bio2, 8), WOLFSSL_SUCCESS);
AssertIntEQ(BIO_make_bio_pair(bio1, bio2), WOLFSSL_SUCCESS);
AssertIntEQ(BIO_nwrite(bio1, &bufPt, 10), 10);
XMEMCPY(bufPt, buff, 10);
AssertIntEQ(BIO_write(bio1, buff + 10, 10), 10);
/* write buffer full */
AssertIntEQ(BIO_write(bio1, buff, 10), WOLFSSL_BIO_ERROR);
AssertIntEQ(BIO_flush(bio1), WOLFSSL_SUCCESS);
AssertIntEQ((int)BIO_ctrl_pending(bio1), 0);
/* write the other direction with pair */
AssertIntEQ((int)BIO_nwrite(bio2, &bufPt, 10), 8);
XMEMCPY(bufPt, buff, 8);
AssertIntEQ(BIO_write(bio2, buff, 10), WOLFSSL_BIO_ERROR);
/* try read */
AssertIntEQ((int)BIO_ctrl_pending(bio1), 8);
AssertIntEQ((int)BIO_ctrl_pending(bio2), 20);
/* try read using ctrl function */
AssertIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_WPENDING, 0, NULL), 8);
AssertIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_PENDING, 0, NULL), 8);
AssertIntEQ((int)BIO_ctrl(bio2, BIO_CTRL_WPENDING, 0, NULL), 20);
AssertIntEQ((int)BIO_ctrl(bio2, BIO_CTRL_PENDING, 0, NULL), 20);
AssertIntEQ(BIO_nread(bio2, &bufPt, (int)BIO_ctrl_pending(bio2)), 20);
for (i = 0; i < 20; i++) {
AssertIntEQ((int)bufPt[i], i);
}
AssertIntEQ(BIO_nread(bio2, &bufPt, 1), WOLFSSL_BIO_ERROR);
AssertIntEQ(BIO_nread(bio1, &bufPt, (int)BIO_ctrl_pending(bio1)), 8);
for (i = 0; i < 8; i++) {
AssertIntEQ((int)bufPt[i], i);
}
AssertIntEQ(BIO_nread(bio1, &bufPt, 1), WOLFSSL_BIO_ERROR);
AssertIntEQ(BIO_ctrl_reset_read_request(bio1), 1);
/* new pair */
AssertIntEQ(BIO_make_bio_pair(bio1, bio3), WOLFSSL_FAILURE);
BIO_free(bio2); /* free bio2 and automatically remove from pair */
AssertIntEQ(BIO_make_bio_pair(bio1, bio3), WOLFSSL_SUCCESS);
AssertIntEQ((int)BIO_ctrl_pending(bio3), 0);
AssertIntEQ(BIO_nread(bio3, &bufPt, 10), WOLFSSL_BIO_ERROR);
/* test wrap around... */
AssertIntEQ(BIO_reset(bio1), 0);
AssertIntEQ(BIO_reset(bio3), 0);
/* fill write buffer, read only small amount then write again */
AssertIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20);
XMEMCPY(bufPt, buff, 20);
AssertIntEQ(BIO_nread(bio3, &bufPt, 4), 4);
for (i = 0; i < 4; i++) {
AssertIntEQ(bufPt[i], i);
}
/* try writing over read index */
AssertIntEQ(BIO_nwrite(bio1, &bufPt, 5), 4);
XMEMSET(bufPt, 0, 4);
AssertIntEQ((int)BIO_ctrl_pending(bio3), 20);
/* read and write 0 bytes */
AssertIntEQ(BIO_nread(bio3, &bufPt, 0), 0);
AssertIntEQ(BIO_nwrite(bio1, &bufPt, 0), 0);
/* should read only to end of write buffer then need to read again */
AssertIntEQ(BIO_nread(bio3, &bufPt, 20), 16);
for (i = 0; i < 16; i++) {
AssertIntEQ(bufPt[i], buff[4 + i]);
}
AssertIntEQ(BIO_nread(bio3, NULL, 0), WOLFSSL_FAILURE);
AssertIntEQ(BIO_nread0(bio3, &bufPt), 4);
for (i = 0; i < 4; i++) {
AssertIntEQ(bufPt[i], 0);
}
/* read index should not have advanced with nread0 */
AssertIntEQ(BIO_nread(bio3, &bufPt, 5), 4);
for (i = 0; i < 4; i++) {
AssertIntEQ(bufPt[i], 0);
}
/* write and fill up buffer checking reset of index state */
AssertIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20);
XMEMCPY(bufPt, buff, 20);
/* test reset on data in bio1 write buffer */
AssertIntEQ(BIO_reset(bio1), 0);
AssertIntEQ((int)BIO_ctrl_pending(bio3), 0);
AssertIntEQ(BIO_nread(bio3, &bufPt, 3), WOLFSSL_BIO_ERROR);
AssertIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20);
AssertIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_INFO, 0, &p), 20);
AssertNotNull(p);
XMEMCPY(bufPt, buff, 20);
AssertIntEQ(BIO_nread(bio3, &bufPt, 6), 6);
for (i = 0; i < 6; i++) {
AssertIntEQ(bufPt[i], i);
}
/* test case of writing twice with offset read index */
AssertIntEQ(BIO_nwrite(bio1, &bufPt, 3), 3);
AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), 3); /* try overwriting */
AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR);
AssertIntEQ(BIO_nread(bio3, &bufPt, 0), 0);
AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR);
AssertIntEQ(BIO_nread(bio3, &bufPt, 1), 1);
AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), 1);
AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR);
BIO_free(bio1);
BIO_free(bio3);
#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)
{
BIO* bioA = NULL;
BIO* bioB = NULL;
AssertIntEQ(BIO_new_bio_pair(NULL, 256, NULL, 256), BAD_FUNC_ARG);
AssertIntEQ(BIO_new_bio_pair(&bioA, 256, &bioB, 256), WOLFSSL_SUCCESS);
BIO_free(bioA);
bioA = NULL;
BIO_free(bioB);
bioB = NULL;
}
#endif /* OPENSSL_ALL || WOLFSSL_ASIO */
/* BIOs with file pointers */
#if !defined(NO_FILESYSTEM)
{
XFILE f1;
XFILE f2;
BIO* f_bio1;
BIO* f_bio2;
unsigned char cert[300];
char testFile[] = "tests/bio_write_test.txt";
char msg[] = "bio_write_test.txt contains the first 300 bytes of certs/server-cert.pem\ncreated by tests/unit.test\n\n";
AssertNotNull(f_bio1 = BIO_new(BIO_s_file()));
AssertNotNull(f_bio2 = BIO_new(BIO_s_file()));
AssertIntEQ((int)BIO_set_mem_eof_return(f_bio1, -1), 0);
AssertIntEQ((int)BIO_set_mem_eof_return(NULL, -1), 0);
f1 = XFOPEN(svrCertFile, "rwb");
AssertTrue((f1 != XBADFILE));
AssertIntEQ((int)BIO_set_fp(f_bio1, f1, BIO_CLOSE), WOLFSSL_SUCCESS);
AssertIntEQ(BIO_write_filename(f_bio2, testFile),
WOLFSSL_SUCCESS);
AssertIntEQ(BIO_read(f_bio1, cert, sizeof(cert)), sizeof(cert));
AssertIntEQ(BIO_tell(f_bio1),sizeof(cert));
AssertIntEQ(BIO_write(f_bio2, msg, sizeof(msg)), sizeof(msg));
AssertIntEQ(BIO_tell(f_bio2),sizeof(msg));
AssertIntEQ(BIO_write(f_bio2, cert, sizeof(cert)), sizeof(cert));
AssertIntEQ(BIO_tell(f_bio2),sizeof(cert) + sizeof(msg));
AssertIntEQ((int)BIO_get_fp(f_bio2, &f2), WOLFSSL_SUCCESS);
AssertIntEQ(BIO_reset(f_bio2), 0);
AssertIntEQ(BIO_tell(NULL),-1);
AssertIntEQ(BIO_tell(f_bio2),0);
AssertIntEQ(BIO_seek(f_bio2, 4), 0);
AssertIntEQ(BIO_tell(f_bio2),4);
BIO_free(f_bio1);
BIO_free(f_bio2);
AssertNotNull(f_bio1 = BIO_new_file(svrCertFile, "rwb"));
AssertIntEQ((int)BIO_set_mem_eof_return(f_bio1, -1), 0);
AssertIntEQ(BIO_read(f_bio1, cert, sizeof(cert)), sizeof(cert));
BIO_free(f_bio1);
}
#endif /* !defined(NO_FILESYSTEM) */
/* BIO info callback */
{
const char* testArg = "test";
BIO* cb_bio;
AssertNotNull(cb_bio = BIO_new(BIO_s_mem()));
BIO_set_callback(cb_bio, bioCallback);
AssertNotNull(BIO_get_callback(cb_bio));
BIO_set_callback(cb_bio, NULL);
AssertNull(BIO_get_callback(cb_bio));
BIO_set_callback_arg(cb_bio, (char*)testArg);
AssertStrEQ(BIO_get_callback_arg(cb_bio), testArg);
AssertNull(BIO_get_callback_arg(NULL));
BIO_free(cb_bio);
}
/* BIO_vfree */
AssertNotNull(bio1 = BIO_new(BIO_s_bio()));
BIO_vfree(NULL);
BIO_vfree(bio1);
printf(resultFmt, passed);
#endif
}
#endif /* !NO_BIO */
static void test_wolfSSL_ASN1_STRING(void)
{
#if defined(OPENSSL_EXTRA)
ASN1_STRING* str = NULL;
const char data[] = "hello wolfSSL";
printf(testingFmt, "wolfSSL_ASN1_STRING()");
AssertNotNull(str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
AssertIntEQ(ASN1_STRING_type(str), V_ASN1_OCTET_STRING);
AssertIntEQ(ASN1_STRING_set(str, (const void*)data, sizeof(data)), 1);
AssertIntEQ(ASN1_STRING_set(str, (const void*)data, -1), 1);
AssertIntEQ(ASN1_STRING_set(str, NULL, -1), 0);
ASN1_STRING_free(str);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_ASN1_BIT_STRING(void)
{
#ifdef OPENSSL_ALL
ASN1_BIT_STRING* str;
printf(testingFmt, "test_wolfSSL_ASN1_BIT_STRING()");
AssertNotNull(str = ASN1_BIT_STRING_new());
AssertIntEQ(ASN1_BIT_STRING_set_bit(str, 42, 1), 1);
AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 42), 1);
AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 41), 0);
AssertIntEQ(ASN1_BIT_STRING_set_bit(str, 84, 1), 1);
AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 84), 1);
AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 83), 0);
ASN1_BIT_STRING_free(str);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_a2i_ASN1_INTEGER(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
BIO *bio, *out;
ASN1_INTEGER* ai;
char buf[] = "123456\n12345\n112345678912345678901234567890\n";
char tmp[1024];
int tmpSz;
const char expected1[] = "123456";
const char expected2[] = "112345678912345678901234567890";
printf(testingFmt, "test_wolfSSL_a2i_ASN1_INTEGER()");
AssertNotNull(bio = BIO_new_mem_buf(buf, -1));
AssertNotNull(out = BIO_new(BIO_s_mem()));
AssertNotNull(ai = ASN1_INTEGER_new());
/* read first line */
AssertIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), SSL_SUCCESS);
AssertIntEQ(i2a_ASN1_INTEGER(out, ai), 6);
XMEMSET(tmp, 0, 1024);
tmpSz = BIO_read(out, tmp, 1024);
AssertIntEQ(tmpSz, 6);
AssertIntEQ(XMEMCMP(tmp, expected1, tmpSz), 0);
/* fail on second line (not % 2) */
AssertIntNE(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), SSL_SUCCESS);
/* read 3rd long line */
AssertIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), SSL_SUCCESS);
AssertIntEQ(i2a_ASN1_INTEGER(out, ai), 30);
XMEMSET(tmp, 0, 1024);
tmpSz = BIO_read(out, tmp, 1024);
AssertIntEQ(tmpSz, 30);
AssertIntEQ(XMEMCMP(tmp, expected2, tmpSz), 0);
BIO_free(out);
BIO_free(bio);
ASN1_INTEGER_free(ai);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_a2i_IPADDRESS(void)
{
#if defined(OPENSSL_ALL) && !defined(WOLFSSL_USER_IO)
const unsigned char* data;
int dataSz = 0;
ASN1_OCTET_STRING *st;
const unsigned char ipv4_exp[] = {0x7F, 0, 0, 1};
const unsigned char ipv6_exp[] = {
0x20, 0x21, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x77, 0x77
};
const unsigned char ipv6_home[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
};
printf(testingFmt, "test_wolfSSL_a2i_IPADDRESS()");
AssertNull(st = a2i_IPADDRESS("127.0.0.1bad"));
AssertNotNull(st = a2i_IPADDRESS("127.0.0.1"));
data = ASN1_STRING_get0_data(st);
dataSz = ASN1_STRING_length(st);
AssertIntEQ(dataSz, WOLFSSL_IP4_ADDR_LEN);
AssertIntEQ(XMEMCMP(data, ipv4_exp, dataSz), 0);
ASN1_STRING_free(st);
AssertNotNull(st = a2i_IPADDRESS("::1"));
data = ASN1_STRING_get0_data(st);
dataSz = ASN1_STRING_length(st);
AssertIntEQ(dataSz, WOLFSSL_IP6_ADDR_LEN);
AssertIntEQ(XMEMCMP(data, ipv6_home, dataSz), 0);
ASN1_STRING_free(st);
AssertNotNull(st = a2i_IPADDRESS("2021:db8::ff00:42:7777"));
data = ASN1_STRING_get0_data(st);
dataSz = ASN1_STRING_length(st);
AssertIntEQ(dataSz, WOLFSSL_IP6_ADDR_LEN);
AssertIntEQ(XMEMCMP(data, ipv6_exp, dataSz), 0);
ASN1_STRING_free(st);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_DES_ecb_encrypt(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && defined(WOLFSSL_DES_ECB)
WOLFSSL_DES_cblock input1,input2,output1,output2,back1,back2;
WOLFSSL_DES_key_schedule key;
printf(testingFmt, "wolfSSL_DES_ecb_encrypt()");
XMEMCPY(key,"12345678",sizeof(WOLFSSL_DES_key_schedule));
XMEMCPY(input1, "Iamhuman",sizeof(WOLFSSL_DES_cblock));
XMEMCPY(input2, "Whoisit?",sizeof(WOLFSSL_DES_cblock));
XMEMSET(output1, 0, sizeof(WOLFSSL_DES_cblock));
XMEMSET(output2, 0, sizeof(WOLFSSL_DES_cblock));
XMEMSET(back1, 0, sizeof(WOLFSSL_DES_cblock));
XMEMSET(back2, 0, sizeof(WOLFSSL_DES_cblock));
/* Encrypt messages */
wolfSSL_DES_ecb_encrypt(&input1,&output1,&key,DES_ENCRYPT);
wolfSSL_DES_ecb_encrypt(&input2,&output2,&key,DES_ENCRYPT);
/* Decrypt messages */
int ret1 = 0;
int ret2 = 0;
wolfSSL_DES_ecb_encrypt(&output1,&back1,&key,DES_DECRYPT);
ret1 = XMEMCMP((unsigned char *) back1,(unsigned char *) input1,sizeof(WOLFSSL_DES_cblock));
AssertIntEQ(ret1,0);
wolfSSL_DES_ecb_encrypt(&output2,&back2,&key,DES_DECRYPT);
ret2 = XMEMCMP((unsigned char *) back2,(unsigned char *) input2,sizeof(WOLFSSL_DES_cblock));
AssertIntEQ(ret2,0);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_ASN1_TIME_adj(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) \
&& !defined(USER_TIME) && !defined(TIME_OVERRIDES)
const int year = 365*24*60*60;
const int day = 24*60*60;
const int hour = 60*60;
const int mini = 60;
const byte asn_utc_time = ASN_UTC_TIME;
#if !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT)
const byte asn_gen_time = ASN_GENERALIZED_TIME;
#endif
WOLFSSL_ASN1_TIME *asn_time, *s;
int offset_day;
long offset_sec;
char date_str[CTC_DATE_SIZE + 1];
time_t t;
printf(testingFmt, "wolfSSL_ASN1_TIME_adj()");
AssertNotNull(s = wolfSSL_ASN1_TIME_new());
/* UTC notation test */
/* 2000/2/15 20:30:00 */
t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 7 * day;
offset_day = 7;
offset_sec = 45 * mini;
/* offset_sec = -45 * min;*/
AssertNotNull(asn_time =
wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec));
AssertTrue(asn_time->type == asn_utc_time);
XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
date_str[CTC_DATE_SIZE] = '\0';
AssertIntEQ(0, XMEMCMP(date_str, "000222211500Z", 13));
/* negative offset */
offset_sec = -45 * mini;
asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec);
AssertTrue(asn_time->type == asn_utc_time);
XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
date_str[CTC_DATE_SIZE] = '\0';
AssertIntEQ(0, XMEMCMP(date_str, "000222194500Z", 13));
XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL);
XMEMSET(date_str, 0, sizeof(date_str));
/* Generalized time will overflow time_t if not long */
#if !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT)
s = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL,
DYNAMIC_TYPE_OPENSSL);
/* GeneralizedTime notation test */
/* 2055/03/01 09:00:00 */
t = (time_t)85 * year + 59 * day + 9 * hour + 21 * day;
offset_day = 12;
offset_sec = 10 * mini;
asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec);
AssertTrue(asn_time->type == asn_gen_time);
XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
date_str[CTC_DATE_SIZE] = '\0';
AssertIntEQ(0, XMEMCMP(date_str, "20550313091000Z", 15));
XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL);
XMEMSET(date_str, 0, sizeof(date_str));
#endif /* !TIME_T_NOT_64BIT && !NO_64BIT */
/* if WOLFSSL_ASN1_TIME struct is not allocated */
s = NULL;
t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 15 + 7 * day;
offset_day = 7;
offset_sec = 45 * mini;
asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec);
AssertTrue(asn_time->type == asn_utc_time);
XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
date_str[CTC_DATE_SIZE] = '\0';
AssertIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13));
XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL);
asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, offset_sec);
AssertTrue(asn_time->type == asn_utc_time);
XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
date_str[CTC_DATE_SIZE] = '\0';
AssertIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13));
XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_ASN1_TIME_to_tm(void)
{
#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \
defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) \
&& !defined(NO_ASN_TIME)
ASN1_TIME asnTime;
struct tm tm;
printf(testingFmt, "wolfSSL_ASN1_TIME_to_tm()");
XMEMSET(&asnTime, 0, sizeof(ASN1_TIME));
AssertIntEQ(ASN1_TIME_set_string(&asnTime, "000222211515Z"), 1);
AssertIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 1);
AssertIntEQ(tm.tm_sec, 15);
AssertIntEQ(tm.tm_min, 15);
AssertIntEQ(tm.tm_hour, 21);
AssertIntEQ(tm.tm_mday, 22);
AssertIntEQ(tm.tm_mon, 1);
AssertIntEQ(tm.tm_year, 100);
AssertIntEQ(tm.tm_isdst, 0);
#ifdef XMKTIME
AssertIntEQ(tm.tm_wday, 2);
AssertIntEQ(tm.tm_yday, 52);
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_cmp_time(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) \
&& !defined(USER_TIME) && !defined(TIME_OVERRIDES)
WOLFSSL_ASN1_TIME asn_time;
time_t t;
printf(testingFmt, "wolfSSL_X509_cmp_time()");
AssertIntEQ(0, wolfSSL_X509_cmp_time(NULL, &t));
XMEMSET(&asn_time, 0, sizeof(WOLFSSL_ASN1_TIME));
AssertIntEQ(0, wolfSSL_X509_cmp_time(&asn_time, &t));
AssertIntEQ(ASN1_TIME_set_string(&asn_time, "000222211515Z"), 1);
AssertIntEQ(-1, wolfSSL_X509_cmp_time(&asn_time, NULL));
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_time_adj(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && \
!defined(USER_TIME) && !defined(TIME_OVERRIDES) && \
defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA) && \
!defined(NO_ASN_TIME)
X509* x509;
time_t t, not_before, not_after;
printf(testingFmt, "wolfSSL_X509_time_adj()");
AssertNotNull(x509 = wolfSSL_X509_load_certificate_buffer(
client_cert_der_2048, sizeof_client_cert_der_2048,
WOLFSSL_FILETYPE_ASN1));
t = 0;
not_before = wc_Time(0);
not_after = wc_Time(0) + (60 * 24 * 30); /* 30 days after */
AssertNotNull(X509_time_adj(X509_get_notBefore(x509), not_before, &t));
AssertNotNull(X509_time_adj(X509_get_notAfter(x509), not_after, &t));
/* Check X509_gmtime_adj, too. */
AssertNotNull(X509_gmtime_adj(X509_get_notAfter(x509), not_after));
X509_free(x509);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM)\
&& !defined(NO_RSA)
X509* x509;
#ifndef NO_BIO
BIO* bio;
X509_STORE_CTX* ctx;
X509_STORE* store;
#endif
char der[] = "certs/ca-cert.der";
XFILE fp;
printf(testingFmt, "wolfSSL_X509()");
AssertNotNull(x509 = X509_new());
X509_free(x509);
#ifndef NO_BIO
x509 = wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM);
AssertNotNull(bio = BIO_new(BIO_s_mem()));
#ifdef WOLFSSL_CERT_GEN
AssertIntEQ(i2d_X509_bio(bio, x509), SSL_SUCCESS);
#endif
AssertNotNull(ctx = X509_STORE_CTX_new());
AssertIntEQ(X509_verify_cert(ctx), SSL_FATAL_ERROR);
AssertNotNull(store = X509_STORE_new());
AssertIntEQ(X509_STORE_add_cert(store, x509), SSL_SUCCESS);
AssertIntEQ(X509_STORE_CTX_init(ctx, store, x509, NULL), SSL_SUCCESS);
AssertIntEQ(X509_verify_cert(ctx), SSL_SUCCESS);
X509_STORE_CTX_free(ctx);
X509_STORE_free(store);
X509_free(x509);
BIO_free(bio);
#endif
/** d2i_X509_fp test **/
fp = XFOPEN(der, "rb");
AssertTrue((fp != XBADFILE));
AssertNotNull(x509 = (X509 *)d2i_X509_fp(fp, (X509 **)NULL));
AssertNotNull(x509);
X509_free(x509);
XFCLOSE(fp);
fp = XFOPEN(der, "rb");
AssertTrue((fp != XBADFILE));
AssertNotNull((X509 *)d2i_X509_fp(fp, (X509 **)&x509));
AssertNotNull(x509);
X509_free(x509);
XFCLOSE(fp);
/* X509_up_ref test */
AssertIntEQ(X509_up_ref(NULL), 0);
AssertNotNull(x509 = X509_new()); /* refCount = 1 */
AssertIntEQ(X509_up_ref(x509), 1); /* refCount = 2 */
AssertIntEQ(X509_up_ref(x509), 1); /* refCount = 3 */
X509_free(x509); /* refCount = 2 */
X509_free(x509); /* refCount = 1 */
X509_free(x509); /* refCount = 0, free */
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_get_ext_count(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
!defined(NO_RSA)
int ret = 0;
WOLFSSL_X509* x509;
const char ocspRootCaFile[] = "./certs/ocsp/root-ca-cert.pem";
FILE* f;
printf(testingFmt, "wolfSSL_X509_get_ext_count()");
/* NULL parameter check */
AssertIntEQ(X509_get_ext_count(NULL), WOLFSSL_FAILURE);
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
SSL_FILETYPE_PEM));
AssertIntEQ(X509_get_ext_count(x509), 5);
wolfSSL_X509_free(x509);
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(ocspRootCaFile,
SSL_FILETYPE_PEM));
AssertIntEQ(X509_get_ext_count(x509), 5);
wolfSSL_X509_free(x509);
AssertNotNull(f = fopen("./certs/server-cert.pem", "rb"));
AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
fclose(f);
printf(testingFmt, "wolfSSL_X509_get_ext_count() valid input");
AssertIntEQ((ret = wolfSSL_X509_get_ext_count(x509)), 5);
printf(resultFmt, ret == 4 ? passed : failed);
printf(testingFmt, "wolfSSL_X509_get_ext_count() NULL argument");
AssertIntEQ((ret = wolfSSL_X509_get_ext_count(NULL)), WOLFSSL_FAILURE);
printf(resultFmt, ret == WOLFSSL_FAILURE ? passed : failed);
wolfSSL_X509_free(x509);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_sign2(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_CERTS) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_ALT_NAMES) && \
defined(WOLFSSL_CERT_EXT) && \
(defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME))
WOLFSSL_X509 *x509, *ca;
const unsigned char *der;
const unsigned char *pt;
WOLFSSL_EVP_PKEY *priv;
WOLFSSL_X509_NAME *name;
WOLFSSL_ASN1_TIME *notBefore, *notAfter;
int derSz;
const int year = 365*24*60*60;
const int day = 24*60*60;
const int hour = 60*60;
const int mini = 60;
time_t t;
const unsigned char expected[] = {
0x30, 0x82, 0x05, 0x13, 0x30, 0x82, 0x03, 0xfb, 0xa0, 0x03, 0x02, 0x01,
0x02, 0x02, 0x14, 0x01, 0x1a, 0xeb, 0x56, 0xab, 0xdc, 0x8b, 0xf3, 0xa6,
0x1e, 0xf4, 0x93, 0x60, 0x89, 0xb7, 0x05, 0x07, 0x29, 0x01, 0x2c, 0x30,
0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03,
0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61,
0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42,
0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03,
0x55, 0x04, 0x0a, 0x0c, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f, 0x74,
0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0a,
0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31, 0x18,
0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77,
0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d,
0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f,
0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17,
0x0d, 0x30, 0x30, 0x30, 0x32, 0x31, 0x35, 0x32, 0x30, 0x33, 0x30, 0x30,
0x30, 0x5a, 0x17, 0x0d, 0x30, 0x31, 0x30, 0x32, 0x31, 0x34, 0x32, 0x30,
0x33, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09,
0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30,
0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74,
0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07,
0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x15, 0x30,
0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x77, 0x6f, 0x6c, 0x66,
0x53, 0x53, 0x4c, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30, 0x17,
0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x10, 0x50, 0x72, 0x6f, 0x67, 0x72,
0x61, 0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x2d, 0x32, 0x30, 0x34, 0x38, 0x31,
0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77,
0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f,
0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77,
0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82,
0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82,
0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc3, 0x03, 0xd1, 0x2b, 0xfe,
0x39, 0xa4, 0x32, 0x45, 0x3b, 0x53, 0xc8, 0x84, 0x2b, 0x2a, 0x7c, 0x74,
0x9a, 0xbd, 0xaa, 0x2a, 0x52, 0x07, 0x47, 0xd6, 0xa6, 0x36, 0xb2, 0x07,
0x32, 0x8e, 0xd0, 0xba, 0x69, 0x7b, 0xc6, 0xc3, 0x44, 0x9e, 0xd4, 0x81,
0x48, 0xfd, 0x2d, 0x68, 0xa2, 0x8b, 0x67, 0xbb, 0xa1, 0x75, 0xc8, 0x36,
0x2c, 0x4a, 0xd2, 0x1b, 0xf7, 0x8b, 0xba, 0xcf, 0x0d, 0xf9, 0xef, 0xec,
0xf1, 0x81, 0x1e, 0x7b, 0x9b, 0x03, 0x47, 0x9a, 0xbf, 0x65, 0xcc, 0x7f,
0x65, 0x24, 0x69, 0xa6, 0xe8, 0x14, 0x89, 0x5b, 0xe4, 0x34, 0xf7, 0xc5,
0xb0, 0x14, 0x93, 0xf5, 0x67, 0x7b, 0x3a, 0x7a, 0x78, 0xe1, 0x01, 0x56,
0x56, 0x91, 0xa6, 0x13, 0x42, 0x8d, 0xd2, 0x3c, 0x40, 0x9c, 0x4c, 0xef,
0xd1, 0x86, 0xdf, 0x37, 0x51, 0x1b, 0x0c, 0xa1, 0x3b, 0xf5, 0xf1, 0xa3,
0x4a, 0x35, 0xe4, 0xe1, 0xce, 0x96, 0xdf, 0x1b, 0x7e, 0xbf, 0x4e, 0x97,
0xd0, 0x10, 0xe8, 0xa8, 0x08, 0x30, 0x81, 0xaf, 0x20, 0x0b, 0x43, 0x14,
0xc5, 0x74, 0x67, 0xb4, 0x32, 0x82, 0x6f, 0x8d, 0x86, 0xc2, 0x88, 0x40,
0x99, 0x36, 0x83, 0xba, 0x1e, 0x40, 0x72, 0x22, 0x17, 0xd7, 0x52, 0x65,
0x24, 0x73, 0xb0, 0xce, 0xef, 0x19, 0xcd, 0xae, 0xff, 0x78, 0x6c, 0x7b,
0xc0, 0x12, 0x03, 0xd4, 0x4e, 0x72, 0x0d, 0x50, 0x6d, 0x3b, 0xa3, 0x3b,
0xa3, 0x99, 0x5e, 0x9d, 0xc8, 0xd9, 0x0c, 0x85, 0xb3, 0xd9, 0x8a, 0xd9,
0x54, 0x26, 0xdb, 0x6d, 0xfa, 0xac, 0xbb, 0xff, 0x25, 0x4c, 0xc4, 0xd1,
0x79, 0xf4, 0x71, 0xd3, 0x86, 0x40, 0x18, 0x13, 0xb0, 0x63, 0xb5, 0x72,
0x4e, 0x30, 0xc4, 0x97, 0x84, 0x86, 0x2d, 0x56, 0x2f, 0xd7, 0x15, 0xf7,
0x7f, 0xc0, 0xae, 0xf5, 0xfc, 0x5b, 0xe5, 0xfb, 0xa1, 0xba, 0xd3, 0x02,
0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x4f, 0x30, 0x82, 0x01, 0x4b,
0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01,
0x01, 0xff, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x15, 0x30,
0x13, 0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63,
0x6f, 0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01, 0x30, 0x1d, 0x06, 0x03,
0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x33, 0xd8, 0x45, 0x66, 0xd7,
0x68, 0x87, 0x18, 0x7e, 0x54, 0x0d, 0x70, 0x27, 0x91, 0xc7, 0x26, 0xd7,
0x85, 0x65, 0xc0, 0x30, 0x81, 0xde, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04,
0x81, 0xd6, 0x30, 0x81, 0xd3, 0x80, 0x14, 0x33, 0xd8, 0x45, 0x66, 0xd7,
0x68, 0x87, 0x18, 0x7e, 0x54, 0x0d, 0x70, 0x27, 0x91, 0xc7, 0x26, 0xd7,
0x85, 0x65, 0xc0, 0xa1, 0x81, 0xa4, 0xa4, 0x81, 0xa1, 0x30, 0x81, 0x9e,
0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07,
0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06,
0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61,
0x6e, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c,
0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x5f, 0x32, 0x30, 0x34, 0x38,
0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x10, 0x50,
0x72, 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x2d, 0x32,
0x30, 0x34, 0x38, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
0x0c, 0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73,
0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a,
0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e,
0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63,
0x6f, 0x6d, 0x82, 0x14, 0x01, 0x1a, 0xeb, 0x56, 0xab, 0xdc, 0x8b, 0xf3,
0xa6, 0x1e, 0xf4, 0x93, 0x60, 0x89, 0xb7, 0x05, 0x07, 0x29, 0x01, 0x2c,
0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06,
0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b,
0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a,
0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82,
0x01, 0x01, 0x00, 0xa3, 0x41, 0x43, 0x93, 0x30, 0x92, 0x98, 0xfe, 0x57,
0xd0, 0x39, 0x7c, 0x50, 0x06, 0x50, 0x20, 0x80, 0x0e, 0x28, 0x95, 0x79,
0xb4, 0xf1, 0x6b, 0x6a, 0xab, 0x78, 0x30, 0x93, 0x49, 0x0a, 0x6a, 0x19,
0x09, 0xae, 0x31, 0xc6, 0x8e, 0xcc, 0x69, 0x26, 0x89, 0x37, 0xc1, 0x57,
0x58, 0x75, 0xae, 0xbf, 0x13, 0xc8, 0xd6, 0xad, 0xd0, 0x0f, 0x57, 0xcd,
0x32, 0xa8, 0xda, 0xa8, 0x1b, 0xbf, 0xb5, 0xcd, 0x16, 0x14, 0x56, 0x86,
0x84, 0xb4, 0xab, 0x93, 0x52, 0x74, 0xfd, 0x96, 0x9f, 0x6d, 0xbe, 0xdb,
0x75, 0x5e, 0x76, 0xfe, 0xa6, 0x37, 0xe5, 0x5f, 0xcb, 0x62, 0x77, 0xc7,
0xd6, 0xcb, 0xb4, 0xf6, 0x43, 0xc8, 0x47, 0xdf, 0x12, 0x16, 0x28, 0x29,
0x61, 0xd1, 0xdc, 0x9d, 0x37, 0x9f, 0xe5, 0x71, 0x52, 0xae, 0xb8, 0x12,
0xec, 0x32, 0x9f, 0x03, 0x1a, 0x66, 0x98, 0xd8, 0xb0, 0x40, 0x71, 0x4c,
0xee, 0x64, 0x15, 0x48, 0x0c, 0x5c, 0x8a, 0x47, 0x20, 0xbd, 0x07, 0xc0,
0x30, 0xf8, 0x84, 0xe6, 0x29, 0x6d, 0xa9, 0x32, 0x53, 0x02, 0x4d, 0x3c,
0x99, 0x6e, 0x63, 0xfe, 0x39, 0x9c, 0x05, 0xa6, 0xa0, 0x0c, 0x1e, 0x11,
0xa4, 0x86, 0x6a, 0x89, 0x76, 0x54, 0x17, 0x68, 0x5d, 0x35, 0x9a, 0xd7,
0x5e, 0x27, 0x0e, 0xbb, 0xba, 0x67, 0x4d, 0x62, 0x12, 0xa8, 0x46, 0x1f,
0x0e, 0xd8, 0x7d, 0xc0, 0xae, 0x30, 0xc2, 0x45, 0x71, 0xab, 0xb1, 0xc1,
0xfb, 0xdc, 0x03, 0x7a, 0x52, 0xe6, 0x57, 0xf9, 0x7f, 0x65, 0x6b, 0x4e,
0x44, 0x64, 0xe8, 0x77, 0x82, 0x1c, 0xc8, 0xfa, 0x09, 0xc7, 0x2f, 0xa9,
0x40, 0x87, 0x8e, 0x0e, 0x49, 0xc2, 0x7d, 0x97, 0x27, 0x79, 0x90, 0xc2,
0x90, 0x13, 0xa7, 0x49, 0xb7, 0xd7, 0xc5, 0x02, 0x32, 0x4f, 0x1e, 0x34,
0x4a, 0xa6, 0xe4, 0xbd, 0xa5, 0xc6, 0xec
};
printf(testingFmt, "wolfSSL_X509_sign2");
pt = ca_key_der_2048;
AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &pt,
sizeof_ca_key_der_2048));
pt = client_cert_der_2048;
AssertNotNull(x509 = wolfSSL_d2i_X509(NULL, &pt,
sizeof_client_cert_der_2048));
pt = ca_cert_der_2048;
AssertNotNull(ca = wolfSSL_d2i_X509(NULL, &pt, sizeof_ca_cert_der_2048));
AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 7 * day;
AssertNotNull(notBefore = wolfSSL_ASN1_TIME_adj(NULL, t, 0, 0));
AssertNotNull(notAfter = wolfSSL_ASN1_TIME_adj(NULL, t, 365, 0));
AssertIntEQ(notAfter->length, 13);
AssertTrue(wolfSSL_X509_set_notBefore(x509, notBefore));
AssertTrue(wolfSSL_X509_set_notAfter(x509, notAfter));
wolfSSL_X509_sign(x509, priv, EVP_sha256());
AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
AssertIntEQ(derSz, sizeof(expected));
AssertIntEQ(XMEMCMP(der, expected, derSz), 0);
wolfSSL_X509_free(ca);
wolfSSL_X509_free(x509);
wolfSSL_EVP_PKEY_free(priv);
wolfSSL_ASN1_TIME_free(notBefore);
wolfSSL_ASN1_TIME_free(notAfter);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_sign(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA)
int ret;
char *cn;
word32 cnSz;
X509_NAME *name;
X509 *x509, *ca;
DecodedCert dCert;
EVP_PKEY *pub;
EVP_PKEY *priv;
EVP_MD_CTX *mctx;
#if defined(USE_CERT_BUFFERS_1024)
const unsigned char* rsaPriv = client_key_der_1024;
const unsigned char* rsaPub = client_keypub_der_1024;
const unsigned char* certIssuer = client_cert_der_1024;
long clientKeySz = (long)sizeof_client_key_der_1024;
long clientPubKeySz = (long)sizeof_client_keypub_der_1024;
long certIssuerSz = (long)sizeof_client_cert_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
const unsigned char* rsaPriv = client_key_der_2048;
const unsigned char* rsaPub = client_keypub_der_2048;
const unsigned char* certIssuer = client_cert_der_2048;
long clientKeySz = (long)sizeof_client_key_der_2048;
long clientPubKeySz = (long)sizeof_client_keypub_der_2048;
long certIssuerSz = (long)sizeof_client_cert_der_2048;
#endif
byte sn[16];
int snSz = sizeof(sn);
printf(testingFmt, "wolfSSL_X509_sign");
/* Set X509_NAME fields */
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
(byte*)"US", 2, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
(byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
(byte*)"support@wolfssl.com", 19, -1, 0), SSL_SUCCESS);
/* Get private and public keys */
AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &rsaPriv,
clientKeySz));
AssertNotNull(pub = wolfSSL_d2i_PUBKEY(NULL, &rsaPub, clientPubKeySz));
AssertNotNull(x509 = X509_new());
/* Set version 3 */
AssertIntNE(X509_set_version(x509, 2L), 0);
/* Set subject name, add pubkey, and sign certificate */
AssertIntEQ(X509_set_subject_name(x509, name), SSL_SUCCESS);
X509_NAME_free(name);
AssertIntEQ(X509_set_pubkey(x509, pub), SSL_SUCCESS);
#ifdef WOLFSSL_ALT_NAMES
/* Add some subject alt names */
AssertIntNE(wolfSSL_X509_add_altname(NULL,
"ipsum", ASN_DNS_TYPE), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_add_altname(x509,
NULL, ASN_DNS_TYPE), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_add_altname(x509,
"sphygmomanometer",
ASN_DNS_TYPE), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_add_altname(x509,
"supercalifragilisticexpialidocious",
ASN_DNS_TYPE), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_add_altname(x509,
"Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch",
ASN_DNS_TYPE), SSL_SUCCESS);
#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
{
unsigned char ip4_type[] = {127,128,0,255};
unsigned char ip6_type[] = {0xdd, 0xcc, 0xba, 0xab,
0xff, 0xee, 0x99, 0x88,
0x77, 0x66, 0x55, 0x44,
0x00, 0x33, 0x22, 0x11};
AssertIntEQ(wolfSSL_X509_add_altname_ex(x509, (char*)ip4_type,
sizeof(ip4_type), ASN_IP_TYPE), SSL_SUCCESS);
AssertIntEQ(wolfSSL_X509_add_altname_ex(x509, (char*)ip6_type,
sizeof(ip6_type), ASN_IP_TYPE), SSL_SUCCESS);
}
#endif
#endif /* WOLFSSL_ALT_NAMES */
/* test valid sign case */
ret = X509_sign(x509, priv, EVP_sha256());
/* test valid X509_sign_ctx case */
AssertNotNull(mctx = EVP_MD_CTX_new());
AssertIntEQ(EVP_DigestSignInit(mctx, NULL, EVP_sha256(), NULL, priv), 1);
AssertIntGT(X509_sign_ctx(x509, mctx), 0);
#if defined(OPENSSL_ALL) && defined(WOLFSSL_ALT_NAMES)
AssertIntEQ(X509_get_ext_count(x509), 1);
#endif
#if defined(WOLFSSL_ALT_NAMES) && (defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME))
AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.128.0.255", 0), 1);
AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, "DDCC:BAAB:FFEE:9988:7766:5544:0033:2211", 0), 1);
#endif
AssertIntEQ(wolfSSL_X509_get_serial_number(x509, sn, &snSz),
WOLFSSL_SUCCESS);
DEBUG_WRITE_CERT_X509(x509, "signed.pem");
/* Variation in size depends on ASN.1 encoding when MSB is set.
* WOLFSSL_ASN_TEMPLATE code does not generate a serial number
* with the MSB set. See GenerateInteger in asn.c */
#ifndef USE_CERT_BUFFERS_1024
#ifndef WOLFSSL_ALT_NAMES
/* Valid case - size should be 798-797 with 16 byte serial number */
AssertTrue((ret == 781 + snSz) || (ret == 782 + snSz));
#elif defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
/* Valid case - size should be 955-956 with 16 byte serial number */
AssertTrue((ret == 939 + snSz) || (ret == 940 + snSz));
#else
/* Valid case - size should be 926-927 with 16 byte serial number */
AssertTrue((ret == 910 + snSz) || (ret == 911 + snSz));
#endif
#else
#ifndef WOLFSSL_ALT_NAMES
/* Valid case - size should be 537-538 with 16 byte serial number */
AssertTrue((ret == 521 + snSz) || (ret == 522 + snSz));
#elif defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
/* Valid case - size should be 695-696 with 16 byte serial number */
AssertTrue((ret == 679 + snSz) || (ret == 680 + snSz));
#else
/* Valid case - size should be 666-667 with 16 byte serial number */
AssertTrue((ret == 650 + snSz) || (ret == 651 + snSz));
#endif
#endif
/* check that issuer name is as expected after signature */
InitDecodedCert(&dCert, certIssuer, (word32)certIssuerSz, 0);
AssertIntEQ(ParseCert(&dCert, CERT_TYPE, NO_VERIFY, NULL), 0);
AssertNotNull(ca = d2i_X509(NULL, &certIssuer, (int)certIssuerSz));
AssertNotNull(name = X509_get_subject_name(ca));
cnSz = X509_NAME_get_sz(name);
AssertNotNull(cn = (char*)XMALLOC(cnSz, HEAP_HINT, DYNAMIC_TYPE_OPENSSL));
AssertNotNull(cn = X509_NAME_oneline(name, cn, cnSz));
AssertIntEQ(0, XSTRNCMP(cn, dCert.subject, XSTRLEN(cn)));
XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
#ifdef WOLFSSL_MULTI_ATTRIB
/* test adding multiple OU's to the signer */
AssertNotNull(name = X509_get_subject_name(ca));
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_UTF8,
(byte*)"OU1", 3, -1, 0), SSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_UTF8,
(byte*)"OU2", 3, -1, 0), SSL_SUCCESS);
AssertIntGT(X509_sign(ca, priv, EVP_sha256()), 0);
#endif
AssertNotNull(name = X509_get_subject_name(ca));
AssertIntEQ(X509_set_issuer_name(x509, name), SSL_SUCCESS);
AssertIntGT(X509_sign(x509, priv, EVP_sha256()), 0);
AssertNotNull(name = X509_get_issuer_name(x509));
cnSz = X509_NAME_get_sz(name);
AssertNotNull(cn = (char*)XMALLOC(cnSz, HEAP_HINT, DYNAMIC_TYPE_OPENSSL));
AssertNotNull(cn = X509_NAME_oneline(name, cn, cnSz));
/* compare and don't include the multi-attrib "/OU=OU1/OU=OU2" above */
AssertIntEQ(0, XSTRNCMP(cn, dCert.issuer, XSTRLEN(dCert.issuer)));
XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
FreeDecodedCert(&dCert);
/* Test invalid parameters */
AssertIntEQ(X509_sign(NULL, priv, EVP_sha256()), 0);
AssertIntEQ(X509_sign(x509, NULL, EVP_sha256()), 0);
AssertIntEQ(X509_sign(x509, priv, NULL), 0);
AssertIntEQ(X509_sign_ctx(NULL, mctx), 0);
EVP_MD_CTX_free(mctx);
AssertNotNull(mctx = EVP_MD_CTX_new());
AssertIntEQ(X509_sign_ctx(x509, mctx), 0);
AssertIntEQ(X509_sign_ctx(x509, NULL), 0);
/* test invalid version number */
#if defined(OPENSSL_ALL)
AssertIntNE(X509_set_version(x509, 6L), 0);
AssertIntGT(X509_sign(x509, priv, EVP_sha256()), 0);
/* uses ParseCert which fails on bad version number */
AssertIntEQ(X509_get_ext_count(x509), SSL_FAILURE);
#endif
EVP_MD_CTX_free(mctx);
EVP_PKEY_free(priv);
EVP_PKEY_free(pub);
X509_free(x509);
X509_free(ca);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_get0_tbs_sigalg(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD))
X509* x509 = NULL;
const X509_ALGOR* alg;
printf(testingFmt, "wolfSSL_X509_get0_tbs_sigalg");
AssertNotNull(x509 = X509_new());
AssertNull(alg = X509_get0_tbs_sigalg(NULL));
AssertNotNull(alg = X509_get0_tbs_sigalg(x509));
X509_free(x509);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_ALGOR_get0(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \
!defined(NO_SHA256) && !defined(NO_RSA)
X509* x509 = NULL;
const ASN1_OBJECT* obj = NULL;
const X509_ALGOR* alg;
int pptype = 0;
const void *ppval = NULL;
printf(testingFmt, "wolfSSL_X509_ALGOR_get0");
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
SSL_FILETYPE_PEM));
AssertNotNull(alg = X509_get0_tbs_sigalg(x509));
/* Invalid case */
X509_ALGOR_get0(&obj, NULL, NULL, NULL);
AssertNull(obj);
/* Valid case */
X509_ALGOR_get0(&obj, &pptype, &ppval, alg);
AssertNotNull(obj);
AssertNull(ppval);
AssertIntNE(pptype, 0);
/* Make sure NID of X509_ALGOR is Sha256 with RSA */
AssertIntEQ(OBJ_obj2nid(obj), NID_sha256WithRSAEncryption);
X509_free(x509);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_VERIFY_PARAM(void)
{
#if defined(OPENSSL_EXTRA)
X509_VERIFY_PARAM *paramTo;
X509_VERIFY_PARAM *paramFrom;
int ret;
char testIPv4[] = "127.0.0.1";
char testIPv6[] = "0001:0000:0000:0000:0000:0000:0000:0000/32";
char testhostName1[] = "foo.hoge.com";
char testhostName2[] = "foobar.hoge.com";
printf(testingFmt, "wolfSSL_X509()");
paramTo = X509_VERIFY_PARAM_new();
AssertNotNull(paramTo);
XMEMSET(paramTo, 0, sizeof(X509_VERIFY_PARAM ));
paramFrom = X509_VERIFY_PARAM_new();
AssertNotNull(paramFrom);
XMEMSET(paramFrom, 0, sizeof(X509_VERIFY_PARAM ));
ret = X509_VERIFY_PARAM_set1_host(paramFrom, testhostName1,
(int)XSTRLEN(testhostName1));
AssertIntEQ(1, ret);
AssertIntEQ(0, XSTRNCMP(paramFrom->hostName, testhostName1,
(int)XSTRLEN(testhostName1)));
X509_VERIFY_PARAM_set_hostflags(NULL, 0x00);
X509_VERIFY_PARAM_set_hostflags(paramFrom, 0x01);
AssertIntEQ(0x01, paramFrom->hostFlags);
ret = X509_VERIFY_PARAM_set1_ip_asc(NULL, testIPv4);
AssertIntEQ(0, ret);
ret = X509_VERIFY_PARAM_set1_ip_asc(paramFrom, testIPv4);
AssertIntEQ(1, ret);
AssertIntEQ(0, XSTRNCMP(paramFrom->ipasc, testIPv4, WOLFSSL_MAX_IPSTR));
ret = X509_VERIFY_PARAM_set1_ip_asc(paramFrom, NULL);
AssertIntEQ(1, ret);
ret = X509_VERIFY_PARAM_set1_ip_asc(paramFrom, testIPv6);
AssertIntEQ(1, ret);
AssertIntEQ(0, XSTRNCMP(paramFrom->ipasc, testIPv6, WOLFSSL_MAX_IPSTR));
/* null pointer */
ret = X509_VERIFY_PARAM_set1(NULL, paramFrom);
AssertIntEQ(WOLFSSL_FAILURE, ret);
/* in the case of "from" null, returns success */
ret = X509_VERIFY_PARAM_set1(paramTo, NULL);
AssertIntEQ(WOLFSSL_SUCCESS, ret);
ret = X509_VERIFY_PARAM_set1(NULL, NULL);
AssertIntEQ(WOLFSSL_FAILURE, ret);
/* inherit flags test : VPARAM_DEFAULT */
ret = X509_VERIFY_PARAM_set1(paramTo, paramFrom);
AssertIntEQ(1, ret);
AssertIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1,
(int)XSTRLEN(testhostName1)));
AssertIntEQ(0x01, paramTo->hostFlags);
AssertIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR));
/* inherit flags test : VPARAM OVERWRITE */
X509_VERIFY_PARAM_set1_host(paramTo, testhostName2,
(int)XSTRLEN(testhostName2));
X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4);
X509_VERIFY_PARAM_set_hostflags(paramTo, 0x00);
paramTo->inherit_flags = X509_VP_FLAG_OVERWRITE;
ret = X509_VERIFY_PARAM_set1(paramTo, paramFrom);
AssertIntEQ(1, ret);
AssertIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1,
(int)XSTRLEN(testhostName1)));
AssertIntEQ(0x01, paramTo->hostFlags);
AssertIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR));
/* inherit flags test : VPARAM_RESET_FLAGS */
X509_VERIFY_PARAM_set1_host(paramTo, testhostName2,
(int)XSTRLEN(testhostName2));
X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4);
X509_VERIFY_PARAM_set_hostflags(paramTo, 0x10);
paramTo->inherit_flags = X509_VP_FLAG_RESET_FLAGS;
ret = X509_VERIFY_PARAM_set1(paramTo, paramFrom);
AssertIntEQ(1, ret);
AssertIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1,
(int)XSTRLEN(testhostName1)));
AssertIntEQ(0x01, paramTo->hostFlags);
AssertIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR));
/* inherit flags test : VPARAM_LOCKED */
X509_VERIFY_PARAM_set1_host(paramTo, testhostName2,
(int)XSTRLEN(testhostName2));
X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4);
X509_VERIFY_PARAM_set_hostflags(paramTo, 0x00);
paramTo->inherit_flags = X509_VP_FLAG_LOCKED;
ret = X509_VERIFY_PARAM_set1(paramTo, paramFrom);
AssertIntEQ(1, ret);
AssertIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName2,
(int)XSTRLEN(testhostName2)));
AssertIntEQ(0x00, paramTo->hostFlags);
AssertIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv4, WOLFSSL_MAX_IPSTR));
/* test for incorrect parameters */
ret = X509_VERIFY_PARAM_set_flags(NULL, X509_V_FLAG_CRL_CHECK_ALL );
AssertIntEQ(0, ret);
ret = X509_VERIFY_PARAM_set_flags(NULL, 0 );
AssertIntEQ(0, ret);
/* inherit flags test : VPARAM_ONCE, not testable yet */
ret = X509_VERIFY_PARAM_set_flags(paramTo, X509_V_FLAG_CRL_CHECK_ALL);
AssertIntEQ(1, ret);
ret = X509_VERIFY_PARAM_get_flags(paramTo);
AssertIntEQ(X509_V_FLAG_CRL_CHECK_ALL, ret);
ret = X509_VERIFY_PARAM_clear_flags(paramTo, X509_V_FLAG_CRL_CHECK_ALL);
AssertIntEQ(1, ret);
ret = X509_VERIFY_PARAM_get_flags(paramTo);
AssertIntEQ(0, ret);
X509_VERIFY_PARAM_free(paramTo);
X509_VERIFY_PARAM_free(paramFrom);
X509_VERIFY_PARAM_free(NULL); /* to confirm NULL parameter gives no harm */
printf(resultFmt, passed);
#endif
}
#if defined(OPENSSL_EXTRA) && defined(HAVE_IO_TESTS_DEPENDENCIES)
static int test_wolfSSL_check_domain_verify_count = 0;
static WC_INLINE int test_wolfSSL_check_domain_verify_cb(int preverify,
WOLFSSL_X509_STORE_CTX* store)
{
AssertIntEQ(X509_STORE_CTX_get_error(store), 0);
AssertIntEQ(preverify, 1);
test_wolfSSL_check_domain_verify_count++;
return 1;
}
static void test_wolfSSL_check_domain_client_cb(WOLFSSL* ssl)
{
X509_VERIFY_PARAM *param = SSL_get0_param(ssl);
/* Domain check should only be done on the leaf cert */
X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
AssertIntEQ(X509_VERIFY_PARAM_set1_host(param,
"wolfSSL Server Chain", 0), 1);
wolfSSL_set_verify(ssl, WOLFSSL_VERIFY_PEER,
test_wolfSSL_check_domain_verify_cb);
}
static void test_wolfSSL_check_domain_server_cb(WOLFSSL_CTX* ctx)
{
/* Use a cert with different domains in chain */
AssertIntEQ(wolfSSL_CTX_use_certificate_chain_file(ctx,
"certs/intermediate/server-chain.pem"), WOLFSSL_SUCCESS);
}
static void test_wolfSSL_check_domain(void)
{
tcp_ready ready;
func_args client_args;
func_args server_args;
THREAD_TYPE serverThread;
callback_functions func_cb_client;
callback_functions func_cb_server;
printf(testingFmt, "wolfSSL_check_domain");
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
StartTCP();
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
server_args.signal = &ready;
client_args.signal = &ready;
func_cb_client.ssl_ready = &test_wolfSSL_check_domain_client_cb;
func_cb_server.ctx_ready = &test_wolfSSL_check_domain_server_cb;
client_args.callbacks = &func_cb_client;
server_args.callbacks = &func_cb_server;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args, NULL);
join_thread(serverThread);
AssertTrue(client_args.return_code);
AssertTrue(server_args.return_code);
FreeTcpReady(&ready);
/* Should have been called once for each cert in sent chain */
#ifdef WOLFSSL_VERIFY_CB_ALL_CERTS
AssertIntEQ(test_wolfSSL_check_domain_verify_count, 3);
#else
AssertIntEQ(test_wolfSSL_check_domain_verify_count, 1);
#endif
printf(resultFmt, passed);
}
#endif /* OPENSSL_EXTRA && HAVE_IO_TESTS_DEPENDENCIES */
static void test_wolfSSL_X509_get_X509_PUBKEY(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD))
X509* x509 = NULL;
X509_PUBKEY* pubKey;
printf(testingFmt, "wolfSSL_X509_get_X509_PUBKEY");
AssertNotNull(x509 = X509_new());
AssertNull(pubKey = wolfSSL_X509_get_X509_PUBKEY(NULL));
AssertNotNull(pubKey = wolfSSL_X509_get_X509_PUBKEY(x509));
X509_free(x509);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_PUBKEY_RSA(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \
!defined(NO_SHA256) && !defined(NO_RSA)
X509* x509 = NULL;
ASN1_OBJECT* obj = NULL;
const ASN1_OBJECT* pa_oid = NULL;
X509_PUBKEY* pubKey;
X509_PUBKEY* pubKey2;
EVP_PKEY* evpKey;
const unsigned char *pk;
int ppklen, pptype;
X509_ALGOR *pa;
const void *pval;
printf(testingFmt, "wolfSSL_X509_PUBKEY_RSA");
AssertNotNull(x509 = X509_load_certificate_file(cliCertFile,
SSL_FILETYPE_PEM));
AssertNotNull(pubKey = X509_get_X509_PUBKEY(x509));
AssertIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey), 1);
AssertNotNull(pk);
AssertNotNull(pa);
AssertNotNull(pubKey);
AssertIntGT(ppklen, 0);
AssertIntEQ(OBJ_obj2nid(obj), NID_rsaEncryption);
AssertNotNull(evpKey = X509_PUBKEY_get(pubKey));
AssertNotNull(pubKey2 = X509_PUBKEY_new());
AssertIntEQ(X509_PUBKEY_set(&pubKey2, evpKey), 1);
AssertIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 1);
AssertNotNull(pk);
AssertNotNull(pa);
AssertIntGT(ppklen, 0);
X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa);
AssertNotNull(pa_oid);
AssertNull(pval);
AssertIntEQ(pptype, V_ASN1_NULL);
AssertIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_RSA);
X509_PUBKEY_free(pubKey2);
X509_free(x509);
EVP_PKEY_free(evpKey);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_PUBKEY_EC(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && defined(HAVE_ECC)
X509* x509 = NULL;
ASN1_OBJECT* obj = NULL;
ASN1_OBJECT* poid;
const ASN1_OBJECT* pa_oid = NULL;
X509_PUBKEY* pubKey;
X509_PUBKEY* pubKey2;
EVP_PKEY* evpKey;
const unsigned char *pk;
int ppklen, pptype;
X509_ALGOR *pa;
const void *pval;
char buf[50];
printf(testingFmt, "wolfSSL_X509_PUBKEY_EC");
AssertNotNull(x509 = X509_load_certificate_file(cliEccCertFile,
SSL_FILETYPE_PEM));
AssertNotNull(pubKey = X509_get_X509_PUBKEY(x509));
AssertNotNull(evpKey = X509_PUBKEY_get(pubKey));
AssertNotNull(pubKey2 = X509_PUBKEY_new());
AssertIntEQ(X509_PUBKEY_set(&pubKey2, evpKey), 1);
AssertIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 1);
AssertNotNull(pk);
AssertNotNull(pa);
AssertIntGT(ppklen, 0);
X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa);
AssertNotNull(pa_oid);
AssertNotNull(pval);
AssertIntEQ(pptype, V_ASN1_OBJECT);
AssertIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_EC);
poid = (ASN1_OBJECT *)pval;
AssertIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), poid, 0), 0);
AssertIntEQ(OBJ_txt2nid(buf), NID_X9_62_prime256v1);
X509_PUBKEY_free(pubKey2);
X509_free(x509);
EVP_PKEY_free(evpKey);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_PUBKEY_DSA(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && !defined(NO_DSA)
word32 bytes;
#ifdef USE_CERT_BUFFERS_1024
byte tmp[ONEK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
bytes = sizeof_dsa_key_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
byte tmp[TWOK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
bytes = sizeof_dsa_key_der_2048;
#else
byte tmp[TWOK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XFILE fp = XFOPEN("./certs/dsa2048.der", "rb");
if (fp == XBADFILE) {
return WOLFSSL_BAD_FILE;
}
bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
XFCLOSE(fp);
#endif /* END USE_CERT_BUFFERS_1024 */
const unsigned char* dsaKeyDer = tmp;
ASN1_OBJECT* obj = NULL;
ASN1_STRING* str;
const ASN1_OBJECT* pa_oid = NULL;
X509_PUBKEY* pubKey = NULL;
EVP_PKEY* evpKey = NULL;
const unsigned char *pk;
int ppklen, pptype;
X509_ALGOR *pa;
const void *pval;
printf(testingFmt, "wolfSSL_X509_PUBKEY_DSA");
/* Initialize pkey with der format dsa key */
AssertNotNull(d2i_PrivateKey(EVP_PKEY_DSA, &evpKey, &dsaKeyDer, bytes));
AssertNotNull(pubKey = X509_PUBKEY_new());
AssertIntEQ(X509_PUBKEY_set(&pubKey, evpKey), 1);
AssertIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey), 1);
AssertNotNull(pk);
AssertNotNull(pa);
AssertIntGT(ppklen, 0);
X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa);
AssertNotNull(pa_oid);
AssertNotNull(pval);
AssertIntEQ(pptype, V_ASN1_SEQUENCE);
AssertIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_DSA);
str = (ASN1_STRING *)pval;
DEBUG_WRITE_DER(ASN1_STRING_data(str), ASN1_STRING_length(str), "str.der");
#ifdef USE_CERT_BUFFERS_1024
AssertIntEQ(ASN1_STRING_length(str), 291);
#else
AssertIntEQ(ASN1_STRING_length(str), 549);
#endif /* END USE_CERT_BUFFERS_1024 */
X509_PUBKEY_free(pubKey);
EVP_PKEY_free(evpKey);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_RAND(void)
{
#if defined(OPENSSL_EXTRA)
byte seed[16];
printf(testingFmt, "wolfSSL_RAND()");
RAND_seed(seed, sizeof(seed));
AssertIntEQ(RAND_poll(), 1);
RAND_cleanup();
AssertIntEQ(RAND_egd(NULL), -1);
#ifndef NO_FILESYSTEM
{
char fname[100];
AssertNotNull(RAND_file_name(fname, (sizeof(fname) - 1)));
AssertIntEQ(RAND_write_file(NULL), 0);
}
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_BUF(void)
{
#if defined(OPENSSL_EXTRA)
BUF_MEM* buf;
AssertNotNull(buf = BUF_MEM_new());
AssertIntEQ(BUF_MEM_grow(buf, 10), 10);
AssertIntEQ(BUF_MEM_grow(buf, -1), 0);
BUF_MEM_free(buf);
#endif /* OPENSSL_EXTRA */
}
#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB)
static int stub_rand_seed(const void *buf, int num)
{
(void)buf;
(void)num;
return 123;
}
static int stub_rand_bytes(unsigned char *buf, int num)
{
(void)buf;
(void)num;
return 456;
}
static byte* was_stub_rand_cleanup_called(void)
{
static byte was_called = 0;
return &was_called;
}
static void stub_rand_cleanup(void)
{
byte* was_called = was_stub_rand_cleanup_called();
*was_called = 1;
return;
}
static byte* was_stub_rand_add_called(void)
{
static byte was_called = 0;
return &was_called;
}
static int stub_rand_add(const void *buf, int num, double entropy)
{
byte* was_called = was_stub_rand_add_called();
(void)buf;
(void)num;
(void)entropy;
*was_called = 1;
return 0;
}
static int stub_rand_pseudo_bytes(unsigned char *buf, int num)
{
(void)buf;
(void)num;
return 9876;
}
static int stub_rand_status(void)
{
return 5432;
}
#endif /* OPENSSL_EXTRA && !WOLFSSL_NO_OPENSSL_RAND_CB */
static void test_wolfSSL_RAND_set_rand_method(void)
{
#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB)
RAND_METHOD rand_methods = {NULL, NULL, NULL, NULL, NULL, NULL};
unsigned char* buf = NULL;
int num = 0;
double entropy = 0;
byte* was_cleanup_called = was_stub_rand_cleanup_called();
byte* was_add_called = was_stub_rand_add_called();
printf(testingFmt, "wolfSSL_RAND_set_rand_method()");
buf = (byte*)XMALLOC(32 * sizeof(byte), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
AssertIntNE(wolfSSL_RAND_status(), 5432);
AssertIntEQ(*was_cleanup_called, 0);
RAND_cleanup();
AssertIntEQ(*was_cleanup_called, 0);
rand_methods.seed = &stub_rand_seed;
rand_methods.bytes = &stub_rand_bytes;
rand_methods.cleanup = &stub_rand_cleanup;
rand_methods.add = &stub_rand_add;
rand_methods.pseudorand = &stub_rand_pseudo_bytes;
rand_methods.status = &stub_rand_status;
AssertIntEQ(RAND_set_rand_method(&rand_methods), WOLFSSL_SUCCESS);
AssertIntEQ(RAND_seed(buf, num), 123);
AssertIntEQ(RAND_bytes(buf, num), 456);
AssertIntEQ(RAND_pseudo_bytes(buf, num), 9876);
AssertIntEQ(RAND_status(), 5432);
AssertIntEQ(*was_add_called, 0);
/* The function pointer for RAND_add returns int, but RAND_add itself returns void. */
RAND_add(buf, num, entropy);
AssertIntEQ(*was_add_called, 1);
was_add_called = 0;
AssertIntEQ(*was_cleanup_called, 0);
RAND_cleanup();
AssertIntEQ(*was_cleanup_called, 1);
*was_cleanup_called = 0;
AssertIntEQ(RAND_set_rand_method(NULL), WOLFSSL_SUCCESS);
AssertIntNE(RAND_status(), 5432);
AssertIntEQ(*was_cleanup_called, 0);
RAND_cleanup();
AssertIntEQ(*was_cleanup_called, 0);
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !WOLFSSL_NO_OPENSSL_RAND_CB */
}
static void test_wolfSSL_RAND_bytes(void)
{
#if defined(OPENSSL_EXTRA)
const int size1 = RNG_MAX_BLOCK_LEN; /* in bytes */
const int size2 = RNG_MAX_BLOCK_LEN + 1; /* in bytes */
const int size3 = RNG_MAX_BLOCK_LEN * 2; /* in bytes */
const int size4 = RNG_MAX_BLOCK_LEN * 4; /* in bytes */
int max_bufsize;
byte *my_buf;
printf(testingFmt, "test_wolfSSL_RAND_bytes()");
/* sanity check */
AssertIntEQ(RAND_bytes(NULL, 16), 0);
AssertIntEQ(RAND_bytes(NULL, 0), 0);
max_bufsize = size4;
my_buf = (byte*)XMALLOC(max_bufsize * sizeof(byte), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
AssertIntEQ(RAND_bytes(my_buf, 0), 1);
AssertIntEQ(RAND_bytes(my_buf, -1), 0);
AssertNotNull(my_buf);
XMEMSET(my_buf, 0, max_bufsize);
AssertIntEQ(RAND_bytes(my_buf, size1), 1);
AssertIntEQ(RAND_bytes(my_buf, size2), 1);
AssertIntEQ(RAND_bytes(my_buf, size3), 1);
AssertIntEQ(RAND_bytes(my_buf, size4), 1);
XFREE(my_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_BN_rand(void)
{
#if defined(OPENSSL_EXTRA)
BIGNUM* bn;
BIGNUM* range;
printf(testingFmt, "wolfSSL_BN_rand()");
AssertNotNull(bn = BN_new());
AssertIntNE(BN_rand(bn, 0, 0, 0), SSL_SUCCESS);
BN_free(bn);
AssertNotNull(bn = BN_new());
AssertIntEQ(BN_rand(bn, 8, 0, 0), SSL_SUCCESS);
BN_free(bn);
AssertNotNull(bn = BN_new());
AssertIntEQ(BN_rand(bn, 64, 0, 0), SSL_SUCCESS);
BN_free(bn);
AssertNotNull(bn = BN_new());
AssertNotNull(range = BN_new());
AssertIntEQ(BN_rand(range, 64, 0, 0), SSL_SUCCESS);
AssertIntEQ(BN_rand_range(bn, range), SSL_SUCCESS);
BN_free(bn);
BN_free(range);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_pseudo_rand(void)
{
#if defined(OPENSSL_EXTRA)
BIGNUM* bn;
unsigned char bin[8];
int i;
printf(testingFmt, "wolfSSL_pseudo_rand()");
/* BN_pseudo_rand returns 1 on success 0 on failure
* int BN_pseudo_rand(BIGNUM* bn, int bits, int top, int bottom) */
for (i = 0; i < 10; i++) {
AssertNotNull(bn = BN_new());
AssertIntEQ(BN_pseudo_rand(bn, 8, 0, 0), SSL_SUCCESS);
AssertIntGT(BN_bn2bin(bn, bin),0);
AssertIntEQ((bin[0] & 0x80), 0x80); /* top bit should be set */
BN_free(bn);
}
for (i = 0; i < 10; i++) {
AssertNotNull(bn = BN_new());
AssertIntEQ(BN_pseudo_rand(bn, 8, 1, 1), SSL_SUCCESS);
AssertIntGT(BN_bn2bin(bn, bin),0);
AssertIntEQ((bin[0] & 0xc1), 0xc1); /* top bit should be set */
BN_free(bn);
}
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_PKCS8_Compat(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC)
#ifndef NO_BIO
PKCS8_PRIV_KEY_INFO* pt;
BIO* bio;
XFILE f;
int bytes;
char pkcs8_buffer[512];
#if defined(OPENSSL_ALL) || defined(WOLFSSL_WPAS_SMALL)
EVP_PKEY *pkey = NULL;
#endif
printf(testingFmt, "wolfSSL_pkcs8()");
/* file from wolfssl/certs/ directory */
f = XFOPEN("./certs/ecc-keyPkcs8.pem", "rb");
AssertTrue(f != XBADFILE);
AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), f)), 0);
XFCLOSE(f);
AssertNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes));
AssertNotNull(pt = d2i_PKCS8_PRIV_KEY_INFO_bio(bio, NULL));
#if defined(OPENSSL_ALL) || defined(WOLFSSL_WPAS_SMALL)
AssertNotNull(pkey = EVP_PKCS82PKEY(pt));
AssertIntEQ(EVP_PKEY_type(pkey->type), EVP_PKEY_EC);
/* gets PKCS8 pointer to pkey */
AssertNotNull(EVP_PKEY2PKCS8(pkey));
EVP_PKEY_free(pkey);
#endif
BIO_free(bio);
PKCS8_PRIV_KEY_INFO_free(pt);
printf(resultFmt, passed);
#endif
#endif
}
static void test_wolfSSL_PKCS8_d2i(void)
{
#if !defined(HAVE_FIPS) && defined(OPENSSL_EXTRA)
/* This test ends up using HMAC as a part of PBKDF2, and HMAC
* requires a 12 byte password in FIPS mode. This test ends up
* trying to use an 8 byte password. */
#ifndef NO_FILESYSTEM
unsigned char pkcs8_buffer[2048];
const unsigned char* p;
int bytes;
XFILE file;
WOLFSSL_EVP_PKEY* pkey = NULL;
#ifndef NO_BIO
BIO* bio;
#if defined(OPENSSL_ALL) && \
((!defined(NO_RSA) && !defined(NO_DES3)) || \
defined(HAVE_ECC)) && \
!defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
WOLFSSL_EVP_PKEY* evpPkey = NULL;
#endif
#endif
#ifndef NO_RSA
const char rsaDerPkcs8File[] = "./certs/server-keyPkcs8.der";
const char rsaPemPkcs8File[] = "./certs/server-keyPkcs8.pem";
#ifndef NO_DES3
const char rsaDerPkcs8EncFile[] = "./certs/server-keyPkcs8Enc.der";
#endif
#endif /* NO_RSA */
#ifdef HAVE_ECC
const char ecDerPkcs8File[] = "certs/ecc-keyPkcs8.der";
const char ecPemPkcs8File[] = "certs/ecc-keyPkcs8.pem";
#ifndef NO_DES3
const char ecDerPkcs8EncFile[] = "certs/ecc-keyPkcs8Enc.der";
#endif
#endif /* HAVE_ECC */
#endif /* !NO_FILESYSTEM */
#if defined(OPENSSL_ALL) && (!defined(NO_RSA) || defined(HAVE_ECC))
#ifndef NO_RSA
#ifdef USE_CERT_BUFFERS_1024
const unsigned char* rsa = (unsigned char*)server_key_der_1024;
int rsaSz = sizeof_server_key_der_1024;
#else
const unsigned char* rsa = (unsigned char*)server_key_der_2048;
int rsaSz = sizeof_server_key_der_2048;
#endif
#endif
#ifdef HAVE_ECC
const unsigned char* ec = (unsigned char*)ecc_key_der_256;
int ecSz = sizeof_ecc_key_der_256;
#endif
#endif /* OPENSSL_ALL && (!NO_RSA || HAVE_ECC) */
#ifndef NO_FILESYSTEM
(void)pkcs8_buffer;
(void)p;
(void)bytes;
(void)file;
#ifndef NO_BIO
(void)bio;
#endif
#endif
#ifdef OPENSSL_ALL
#ifndef NO_RSA
/* Try to auto-detect normal RSA private key */
AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &rsa, rsaSz));
EVP_PKEY_free(pkey);
#endif
#ifdef HAVE_ECC
/* Try to auto-detect normal EC private key */
AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &ec, ecSz));
EVP_PKEY_free(pkey);
#endif
#endif /* OPENSSL_ALL */
#ifndef NO_FILESYSTEM
#ifndef NO_RSA
/* Get DER encoded RSA PKCS#8 data. */
file = XFOPEN(rsaDerPkcs8File, "rb");
AssertTrue(file != XBADFILE);
XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer));
AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
file)), 0);
XFCLOSE(file);
p = pkcs8_buffer;
#ifdef OPENSSL_ALL
/* Try to decode - auto-detect key type. */
AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &p, bytes));
#else
AssertNotNull(pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &p, bytes));
#endif
/* Get PEM encoded RSA PKCS#8 data. */
file = XFOPEN(rsaPemPkcs8File, "rb");
AssertTrue(file != XBADFILE);
AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
file)), 0);
XFCLOSE(file);
#if defined(OPENSSL_ALL) && \
!defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
AssertNotNull(bio = BIO_new(BIO_s_mem()));
/* Write PKCS#8 PEM to BIO. */
AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
NULL), bytes);
/* Compare file and written data */
AssertIntEQ(BIO_get_mem_data(bio, &p), bytes);
AssertIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0);
BIO_free(bio);
#ifndef NO_DES3
AssertNotNull(bio = BIO_new(BIO_s_mem()));
/* Write Encrypted PKCS#8 PEM to BIO. */
bytes = 1834;
AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, EVP_des_ede3_cbc(),
NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes);
AssertNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, PasswordCallBack,
(void*)"yassl123"));
EVP_PKEY_free(evpPkey);
BIO_free(bio);
#endif /* !NO_DES3 */
#endif /* !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */
EVP_PKEY_free(pkey);
/* PKCS#8 encrypted RSA key */
#ifndef NO_DES3
file = XFOPEN(rsaDerPkcs8EncFile, "rb");
AssertTrue(file != XBADFILE);
XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer));
AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
file)), 0);
XFCLOSE(file);
#if defined(OPENSSL_ALL) && \
!defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
AssertNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes));
AssertNotNull(pkey = d2i_PKCS8PrivateKey_bio(bio, NULL, PasswordCallBack,
(void*)"yassl123"));
EVP_PKEY_free(pkey);
BIO_free(bio);
#endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */
#endif /* !NO_DES3 */
#endif /* NO_RSA */
#ifdef HAVE_ECC
/* PKCS#8 encode EC key */
file = XFOPEN(ecDerPkcs8File, "rb");
AssertTrue(file != XBADFILE);
XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer));
AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
file)), 0);
XFCLOSE(file);
p = pkcs8_buffer;
#ifdef OPENSSL_ALL
/* Try to decode - auto-detect key type. */
AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &p, bytes));
#else
AssertNotNull(pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &p, bytes));
#endif
/* Get PEM encoded RSA PKCS#8 data. */
file = XFOPEN(ecPemPkcs8File, "rb");
AssertTrue(file != XBADFILE);
XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer));
AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
file)), 0);
XFCLOSE(file);
#if defined(OPENSSL_ALL) && \
!defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) && \
defined(HAVE_AES_CBC)
AssertNotNull(bio = BIO_new(BIO_s_mem()));
/* Write PKCS#8 PEM to BIO. */
AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
NULL), bytes);
/* Compare file and written data */
AssertIntEQ(BIO_get_mem_data(bio, &p), bytes);
AssertIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0);
BIO_free(bio);
AssertNotNull(bio = BIO_new(BIO_s_mem()));
/* Write Encrypted PKCS#8 PEM to BIO. */
bytes = 379;
AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, EVP_aes_256_cbc(),
NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes);
AssertNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, PasswordCallBack,
(void*)"yassl123"));
EVP_PKEY_free(evpPkey);
BIO_free(bio);
#endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 && HAVE_AES_CBC */
EVP_PKEY_free(pkey);
/* PKCS#8 encrypted EC key */
#ifndef NO_DES3
file = XFOPEN(ecDerPkcs8EncFile, "rb");
AssertTrue(file != XBADFILE);
XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer));
AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
file)), 0);
XFCLOSE(file);
#if defined(OPENSSL_ALL) && \
!defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
AssertNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes));
AssertNotNull(pkey = d2i_PKCS8PrivateKey_bio(bio, NULL, PasswordCallBack,
(void*)"yassl123"));
EVP_PKEY_free(pkey);
BIO_free(bio);
#endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */
#endif /* !NO_DES3 */
#endif /* HAVE_ECC */
#endif /* !NO_FILESYSTEM */
printf(resultFmt, passed);
#endif /* HAVE_FIPS && OPENSSL_EXTRA */
}
#if defined(ERROR_QUEUE_PER_THREAD) && !defined(NO_ERROR_QUEUE) && \
defined(OPENSSL_EXTRA) && defined(DEBUG_WOLFSSL)
#define LOGGING_THREADS 5
#define ERROR_COUNT 10
static volatile int loggingThreadsReady;
static THREAD_RETURN WOLFSSL_THREAD test_logging(void* args)
{
const char* file;
int line;
int err;
int errorCount = 0;
int i;
(void)args;
while (!loggingThreadsReady);
for (i = 0; i < ERROR_COUNT; i++)
ERR_put_error(ERR_LIB_PEM, SYS_F_ACCEPT, -990 - i, __FILE__, __LINE__);
while ((err = ERR_get_error_line(&file, &line))) {
AssertIntEQ(err, 990 + errorCount);
errorCount++;
}
AssertIntEQ(errorCount, ERROR_COUNT);
/* test max queue behavior, trying to add an arbitrary 3 errors over */
errorCount = 0;
for (i = 0; i < ERROR_QUEUE_MAX + 3; i++)
ERR_put_error(ERR_LIB_PEM, SYS_F_ACCEPT, -990 - i, __FILE__, __LINE__);
while ((err = ERR_get_error_line(&file, &line))) {
AssertIntEQ(err, 990 + errorCount);
errorCount++;
}
/* test that the 3 errors over the max were dropped */
AssertIntEQ(errorCount, ERROR_QUEUE_MAX);
return 0;
}
#endif
static void test_error_queue_per_thread(void)
{
#if defined(ERROR_QUEUE_PER_THREAD) && !defined(NO_ERROR_QUEUE) && \
defined(OPENSSL_EXTRA) && defined(DEBUG_WOLFSSL)
THREAD_TYPE loggingThreads[LOGGING_THREADS];
int i;
printf(testingFmt, "error_queue_per_thread()");
ERR_clear_error(); /* clear out any error nodes */
loggingThreadsReady = 0;
for (i = 0; i < LOGGING_THREADS; i++)
start_thread(test_logging, NULL, &loggingThreads[i]);
loggingThreadsReady = 1;
for (i = 0; i < LOGGING_THREADS; i++)
join_thread(loggingThreads[i]);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_ERR_put_error(void)
{
#if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \
defined(DEBUG_WOLFSSL)
const char* file;
int line;
printf(testingFmt, "wolfSSL_ERR_put_error()");
ERR_clear_error(); /* clear out any error nodes */
ERR_put_error(0,SYS_F_ACCEPT, 0, "this file", 0);
AssertIntEQ(ERR_get_error_line(&file, &line), 0);
ERR_put_error(0,SYS_F_BIND, 1, "this file", 1);
AssertIntEQ(ERR_get_error_line(&file, &line), 1);
ERR_put_error(0,SYS_F_CONNECT, 2, "this file", 2);
AssertIntEQ(ERR_get_error_line(&file, &line), 2);
ERR_put_error(0,SYS_F_FOPEN, 3, "this file", 3);
AssertIntEQ(ERR_get_error_line(&file, &line), 3);
ERR_put_error(0,SYS_F_FREAD, 4, "this file", 4);
AssertIntEQ(ERR_get_error_line(&file, &line), 4);
ERR_put_error(0,SYS_F_GETADDRINFO, 5, "this file", 5);
AssertIntEQ(ERR_get_error_line(&file, &line), 5);
ERR_put_error(0,SYS_F_GETSOCKOPT, 6, "this file", 6);
AssertIntEQ(ERR_get_error_line(&file, &line), 6);
ERR_put_error(0,SYS_F_GETSOCKNAME, 7, "this file", 7);
AssertIntEQ(ERR_get_error_line(&file, &line), 7);
ERR_put_error(0,SYS_F_GETHOSTBYNAME, 8, "this file", 8);
AssertIntEQ(ERR_get_error_line(&file, &line), 8);
ERR_put_error(0,SYS_F_GETNAMEINFO, 9, "this file", 9);
AssertIntEQ(ERR_get_error_line(&file, &line), 9);
ERR_put_error(0,SYS_F_GETSERVBYNAME, 10, "this file", 10);
AssertIntEQ(ERR_get_error_line(&file, &line), 10);
ERR_put_error(0,SYS_F_IOCTLSOCKET, 11, "this file", 11);
AssertIntEQ(ERR_get_error_line(&file, &line), 11);
ERR_put_error(0,SYS_F_LISTEN, 12, "this file", 12);
AssertIntEQ(ERR_get_error_line(&file, &line), 12);
ERR_put_error(0,SYS_F_OPENDIR, 13, "this file", 13);
AssertIntEQ(ERR_get_error_line(&file, &line), 13);
ERR_put_error(0,SYS_F_SETSOCKOPT, 14, "this file", 14);
AssertIntEQ(ERR_get_error_line(&file, &line), 14);
ERR_put_error(0,SYS_F_SOCKET, 15, "this file", 15);
AssertIntEQ(ERR_get_error_line(&file, &line), 15);
#ifdef WOLFSSL_PYTHON
ERR_put_error(ERR_LIB_ASN1, SYS_F_ACCEPT, ASN1_R_HEADER_TOO_LONG,
"this file", 100);
AssertIntEQ(wolfSSL_ERR_peek_last_error_line(&file, &line),
(ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG);
AssertIntEQ(line, 100);
AssertIntEQ(wolfSSL_ERR_peek_error(),
(ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG);
AssertIntEQ(ERR_get_error_line(&file, &line), ASN1_R_HEADER_TOO_LONG);
#endif
/* try reading past end of error queue */
file = NULL;
AssertIntEQ(ERR_get_error_line(&file, &line), 0);
AssertNull(file);
AssertIntEQ(ERR_get_error_line_data(&file, &line, NULL, NULL), 0);
PEMerr(4,4);
AssertIntEQ(ERR_get_error(), 4);
/* Empty and free up all error nodes */
ERR_clear_error();
/* Verify all nodes are cleared */
ERR_put_error(0,SYS_F_ACCEPT, 0, "this file", 0);
ERR_clear_error();
AssertIntEQ(ERR_get_error_line(&file, &line), 0);
printf(resultFmt, passed);
#endif
}
#ifndef NO_BIO
static void test_wolfSSL_ERR_print_errors(void)
{
#if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \
defined(DEBUG_WOLFSSL) && !defined(NO_ERROR_STRINGS)
BIO* bio;
char buf[1024];
printf(testingFmt, "wolfSSL_ERR_print_errors()");
AssertNotNull(bio = BIO_new(BIO_s_mem()));
ERR_clear_error(); /* clear out any error nodes */
ERR_put_error(0,SYS_F_ACCEPT, -173, "ssl.c", 0);
/* Choosing -299 as an unused errno between MIN_CODE_E < x < WC_LAST_E. */
ERR_put_error(0,SYS_F_BIND, -299, "asn.c", 100);
ERR_print_errors(bio);
AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 56);
AssertIntEQ(XSTRNCMP("error:173:wolfSSL library:Bad function argument:ssl.c:0",
buf, 55), 0);
AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 57);
AssertIntEQ(XSTRNCMP("error:299:wolfSSL library:unknown error number:asn.c:100",
buf, 56), 0);
AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 1);
AssertIntEQ(buf[0], '\0');
AssertIntEQ(ERR_get_error_line(NULL, NULL), 0);
BIO_free(bio);
printf(resultFmt, passed);
#endif
}
#if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \
defined(DEBUG_WOLFSSL)
static int test_wolfSSL_error_cb(const char *str, size_t len, void *u)
{
wolfSSL_BIO_write((BIO*)u, str, (int)len);
return 0;
}
#endif
static void test_wolfSSL_ERR_print_errors_cb(void)
{
#if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \
defined(DEBUG_WOLFSSL)
BIO* bio;
char buf[1024];
printf(testingFmt, "wolfSSL_ERR_print_errors_cb()");
AssertNotNull(bio = BIO_new(BIO_s_mem()));
ERR_clear_error(); /* clear out any error nodes */
ERR_put_error(0,SYS_F_ACCEPT, -173, "ssl.c", 0);
ERR_put_error(0,SYS_F_BIND, -275, "asn.c", 100);
ERR_print_errors_cb(test_wolfSSL_error_cb, bio);
AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 108);
AssertIntEQ(XSTRNCMP("wolfSSL error occurred, error = 173 line:0 file:ssl.c",
buf, 53), 0);
AssertIntEQ(XSTRNCMP("wolfSSL error occurred, error = 275 line:100 file:asn.c",
buf + 53, 55), 0);
AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 0);
BIO_free(bio);
printf(resultFmt, passed);
#endif
}
/*
* Testing WOLFSSL_ERROR_MSG
*/
static int test_WOLFSSL_ERROR_MSG (void)
{
int ret = 0;
#if defined(DEBUG_WOLFSSL) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) ||\
defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA)
const char* msg = TEST_STRING;
printf(testingFmt, "WOLFSSL_ERROR_MSG()");
WOLFSSL_ERROR_MSG(msg);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
}/*End test_WOLFSSL_ERROR_MSG*/
/*
* Testing wc_ERR_remove_state
*/
static int test_wc_ERR_remove_state (void)
{
int ret = 0;
#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
printf(testingFmt, "wc_ERR_remove_state()");
wc_ERR_remove_state();
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
}/*End test_wc_ERR_remove_state*/
/*
* Testing wc_ERR_print_errors_fp
*/
static int test_wc_ERR_print_errors_fp (void)
{
int ret = 0;
#if (defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)) && \
(!defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM))
long sz;
printf(testingFmt, "wc_ERR_print_errors_fp()");
WOLFSSL_ERROR(BAD_FUNC_ARG);
XFILE fp = XFOPEN("./tests/test-log-dump-to-file.txt", "ar");
wc_ERR_print_errors_fp(fp);
#if defined(DEBUG_WOLFSSL)
AssertTrue(XFSEEK(fp, 0, XSEEK_END) == 0);
sz = XFTELL(fp);
#ifdef NO_ERROR_QUEUE
/* File should be empty when NO_ERROR_QUEUE is defined */
if (sz != 0) {
ret = BAD_FUNC_ARG;
}
#else
if (sz == 0) {
ret = BAD_FUNC_ARG;
}
#endif
#endif
printf(resultFmt, ret == 0 ? passed : failed);
XFCLOSE(fp);
(void)sz;
#endif
return ret;
}/*End test_wc_ERR_print_errors_fp*/
#ifdef DEBUG_WOLFSSL
static void Logging_cb(const int logLevel, const char *const logMessage)
{
(void)logLevel;
(void)logMessage;
}
#endif
/*
* Testing wolfSSL_GetLoggingCb
*/
static int test_wolfSSL_GetLoggingCb (void)
{
int ret = 0;
printf(testingFmt, "wolfSSL_GetLoggingCb()");
#ifdef DEBUG_WOLFSSL
/* Testing without wolfSSL_SetLoggingCb() */
if (ret == 0) {
if (wolfSSL_GetLoggingCb() == NULL) { /* Should be true */
ret = 0;
}
if (wolfSSL_GetLoggingCb() != NULL) { /* Should not be true */
ret = -1;
}
}
/* Testing with wolfSSL_SetLoggingCb() */
if (ret == 0) {
ret = wolfSSL_SetLoggingCb(Logging_cb);
if (ret == 0){
if (wolfSSL_GetLoggingCb() == NULL) { /* Should not be true */
ret = -1;
}
if (ret == 0) {
if (wolfSSL_GetLoggingCb() == Logging_cb) { /* Should be true */
ret = 0;
}
}
/* reset logging callback */
wolfSSL_SetLoggingCb(NULL);
}
}
#endif
if (ret == 0) {
if (wolfSSL_GetLoggingCb() != NULL) {
ret = -1;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
return ret;
}/*End test_wolfSSL_GetLoggingCb*/
#endif /* !NO_BIO */
#if defined(OPENSSL_EXTRA) && (!defined(NO_SHA256) || \
defined(WOLFSSL_SHA224) || defined(WOLFSSL_SHA384) || \
defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA3))
static void test_openssl_hmac(const WOLFSSL_EVP_MD* md, int md_len)
{
static const unsigned char key[] = "simple test key";
HMAC_CTX* hmac;
ENGINE* e = NULL;
unsigned char hash[WC_MAX_DIGEST_SIZE];
unsigned int len;
AssertNotNull(hmac = HMAC_CTX_new());
HMAC_CTX_init(hmac);
AssertIntEQ(HMAC_Init_ex(hmac, (void*)key, (int)sizeof(key), md, e),
SSL_SUCCESS);
/* re-using test key as data to hash */
AssertIntEQ(HMAC_Update(hmac, key, (int)sizeof(key)), SSL_SUCCESS);
AssertIntEQ(HMAC_Update(hmac, NULL, 0), SSL_SUCCESS);
AssertIntEQ(HMAC_Final(hmac, hash, &len), SSL_SUCCESS);
AssertIntEQ(len, md_len);
AssertIntEQ(HMAC_size(hmac), md_len);
AssertStrEQ(HMAC_CTX_get_md(hmac), md);
HMAC_cleanup(hmac);
HMAC_CTX_free(hmac);
len = 0;
AssertNotNull(HMAC(md, key, (int)sizeof(key), NULL, 0, hash, &len));
AssertIntEQ(len, md_len);
}
#endif
static void test_wolfSSL_HMAC(void)
{
#if defined(OPENSSL_EXTRA) && (!defined(NO_SHA256) || \
defined(WOLFSSL_SHA224) || defined(WOLFSSL_SHA384) || \
defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA3))
printf(testingFmt, "wolfSSL_HMAC()");
#ifndef NO_SHA256
test_openssl_hmac(EVP_sha256(), (int)WC_SHA256_DIGEST_SIZE);
#endif
#ifdef WOLFSSL_SHA224
test_openssl_hmac(EVP_sha224(), (int)WC_SHA224_DIGEST_SIZE);
#endif
#ifdef WOLFSSL_SHA384
test_openssl_hmac(EVP_sha384(), (int)WC_SHA384_DIGEST_SIZE);
#endif
#ifdef WOLFSSL_SHA512
test_openssl_hmac(EVP_sha512(), (int)WC_SHA512_DIGEST_SIZE);
#endif
#ifdef WOLFSSL_SHA3
#ifndef WOLFSSL_NOSHA3_224
test_openssl_hmac(EVP_sha3_224(), (int)WC_SHA3_224_DIGEST_SIZE);
#endif
#ifndef WOLFSSL_NOSHA3_256
test_openssl_hmac(EVP_sha3_256(), (int)WC_SHA3_256_DIGEST_SIZE);
#endif
#ifndef WOLFSSL_NOSHA3_384
test_openssl_hmac(EVP_sha3_384(), (int)WC_SHA3_384_DIGEST_SIZE);
#endif
#ifndef WOLFSSL_NOSHA3_512
test_openssl_hmac(EVP_sha3_512(), (int)WC_SHA3_512_DIGEST_SIZE);
#endif
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_CMAC(void)
{
#if defined(WOLFSSL_CMAC) && defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_AES_DIRECT)
int i;
byte key[AES_128_KEY_SIZE];
CMAC_CTX* cmacCtx = NULL;
byte out[AES_BLOCK_SIZE];
size_t outLen = AES_BLOCK_SIZE;
printf(testingFmt, "test_wolfSSL_CMAC()");
for (i=0; i < AES_128_KEY_SIZE; ++i) {
key[i] = i;
}
AssertNotNull(cmacCtx = CMAC_CTX_new());
/* Check CMAC_CTX_get0_cipher_ctx; return value not used. */
AssertNotNull(CMAC_CTX_get0_cipher_ctx(cmacCtx));
AssertIntEQ(CMAC_Init(cmacCtx, key, AES_128_KEY_SIZE, EVP_aes_128_cbc(),
NULL), SSL_SUCCESS);
/* re-using test key as data to hash */
AssertIntEQ(CMAC_Update(cmacCtx, key, AES_128_KEY_SIZE), SSL_SUCCESS);
AssertIntEQ(CMAC_Update(cmacCtx, NULL, 0), SSL_SUCCESS);
AssertIntEQ(CMAC_Final(cmacCtx, out, &outLen), SSL_SUCCESS);
AssertIntEQ(outLen, AES_BLOCK_SIZE);
CMAC_CTX_free(cmacCtx);
printf(resultFmt, passed);
#endif /* WOLFSSL_CMAC && OPENSSL_EXTRA && WOLFSSL_AES_DIRECT */
}
static void test_wolfSSL_OBJ(void)
{
/* Password "wolfSSL test" is only 12 (96-bit) too short for testing in FIPS
* mode
*/
#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && !defined(NO_ASN) && \
!defined(HAVE_FIPS) && !defined(NO_SHA) && defined(WOLFSSL_CERT_EXT) && \
defined(WOLFSSL_CERT_GEN)
ASN1_OBJECT *obj = NULL;
ASN1_OBJECT *obj2 = NULL;
char buf[50];
XFILE fp;
X509 *x509 = NULL;
X509_NAME *x509Name;
X509_NAME_ENTRY *x509NameEntry;
ASN1_OBJECT *asn1Name = NULL;
int numNames;
BIO *bio = NULL;
int nid;
int i, j;
const char *f[] = {
#ifndef NO_RSA
"./certs/ca-cert.der",
#endif
#ifdef HAVE_ECC
"./certs/ca-ecc-cert.der",
"./certs/ca-ecc384-cert.der",
#endif
NULL};
ASN1_OBJECT *field_name_obj = NULL;
int lastpos = -1;
int tmp = -1;
ASN1_STRING *asn1 = NULL;
unsigned char *buf_dyn = NULL;
printf(testingFmt, "wolfSSL_OBJ()");
AssertIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), SSL_FAILURE);
AssertNotNull(obj = OBJ_nid2obj(NID_any_policy));
AssertIntEQ(OBJ_obj2nid(obj), NID_any_policy);
AssertIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), 11);
AssertIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0), 0);
ASN1_OBJECT_free(obj);
AssertNotNull(obj = OBJ_nid2obj(NID_sha256));
AssertIntEQ(OBJ_obj2nid(obj), NID_sha256);
AssertIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), 22);
#ifdef WOLFSSL_CERT_EXT
AssertIntEQ(OBJ_txt2nid(buf), NID_sha256);
#endif
AssertIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0), 0);
AssertNotNull(obj2 = OBJ_dup(obj));
AssertIntEQ(OBJ_cmp(obj, obj2), 0);
ASN1_OBJECT_free(obj);
ASN1_OBJECT_free(obj2);
for (i = 0; f[i] != NULL; i++)
{
AssertTrue((fp = XFOPEN(f[i], "rb")) != XBADFILE);
AssertNotNull(x509 = d2i_X509_fp(fp, NULL));
XFCLOSE(fp);
AssertNotNull(x509Name = X509_get_issuer_name(x509));
AssertIntNE((numNames = X509_NAME_entry_count(x509Name)), 0);
/* Get the Common Name by using OBJ_txt2obj */
AssertNotNull(field_name_obj = OBJ_txt2obj("CN", 0));
do
{
lastpos = tmp;
tmp = X509_NAME_get_index_by_OBJ(x509Name, field_name_obj, lastpos);
} while (tmp > -1);
AssertIntNE(lastpos, -1);
ASN1_OBJECT_free(field_name_obj);
AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, lastpos));
AssertNotNull(asn1 = X509_NAME_ENTRY_get_data(x509NameEntry));
AssertIntGE(ASN1_STRING_to_UTF8(&buf_dyn, asn1), 0);
/*
* All Common Names should be www.wolfssl.com
* This makes testing easier as we can test for the expected value.
*/
AssertStrEQ((char*)buf_dyn, "www.wolfssl.com");
OPENSSL_free(buf_dyn);
bio = BIO_new(BIO_s_mem());
AssertTrue(bio != NULL);
for (j = 0; j < numNames; j++)
{
AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, j));
AssertNotNull(asn1Name = X509_NAME_ENTRY_get_object(x509NameEntry));
AssertTrue((nid = OBJ_obj2nid(asn1Name)) > 0);
}
BIO_free(bio);
X509_free(x509);
}
#ifdef HAVE_PKCS12
{
PKCS12 *p12;
int boolRet;
EVP_PKEY *pkey = NULL;
const char *p12_f[] = {
#if !defined(NO_DES3) && !defined(NO_RSA)
"./certs/test-servercert.p12",
#endif
NULL};
for (i = 0; p12_f[i] != NULL; i++)
{
AssertTrue((fp = XFOPEN(p12_f[i], "rb")) != XBADFILE);
AssertNotNull(p12 = d2i_PKCS12_fp(fp, NULL));
XFCLOSE(fp);
AssertTrue((boolRet = PKCS12_parse(p12, "wolfSSL test",
&pkey, &x509, NULL)) > 0);
wc_PKCS12_free(p12);
EVP_PKEY_free(pkey);
x509Name = X509_get_issuer_name(x509);
AssertNotNull(x509Name);
AssertIntNE((numNames = X509_NAME_entry_count(x509Name)), 0);
AssertTrue((bio = BIO_new(BIO_s_mem())) != NULL);
for (j = 0; j < numNames; j++)
{
AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, j));
AssertNotNull(asn1Name =
X509_NAME_ENTRY_get_object(x509NameEntry));
AssertTrue((nid = OBJ_obj2nid(asn1Name)) > 0);
}
BIO_free(bio);
X509_free(x509);
}
}
#endif /* HAVE_PKCS12 */
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_i2a_ASN1_OBJECT(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(NO_BIO)
ASN1_OBJECT *obj = NULL;
BIO *bio = NULL;
AssertNotNull(obj = OBJ_nid2obj(NID_sha256));
AssertTrue((bio = BIO_new(BIO_s_mem())) != NULL);
AssertIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, obj), 0);
AssertIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, NULL), 0);
AssertIntEQ(wolfSSL_i2a_ASN1_OBJECT(NULL, obj), 0);
BIO_free(bio);
ASN1_OBJECT_free(obj);
#endif
}
static void test_wolfSSL_OBJ_cmp(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256)
ASN1_OBJECT *obj = NULL;
ASN1_OBJECT *obj2 = NULL;
printf(testingFmt, "wolfSSL_OBJ_cmp()");
AssertNotNull(obj = OBJ_nid2obj(NID_any_policy));
AssertNotNull(obj2 = OBJ_nid2obj(NID_sha256));
AssertIntEQ(OBJ_cmp(NULL, NULL), WOLFSSL_FATAL_ERROR);
AssertIntEQ(OBJ_cmp(obj, NULL), WOLFSSL_FATAL_ERROR);
AssertIntEQ(OBJ_cmp(NULL, obj2), WOLFSSL_FATAL_ERROR);
AssertIntEQ(OBJ_cmp(obj, obj2), WOLFSSL_FATAL_ERROR);
AssertIntEQ(OBJ_cmp(obj, obj), 0);
AssertIntEQ(OBJ_cmp(obj2, obj2), 0);
ASN1_OBJECT_free(obj);
ASN1_OBJECT_free(obj2);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_OBJ_txt2nid(void)
{
#if !defined(NO_WOLFSSL_STUB) && defined(WOLFSSL_APACHE_HTTPD)
int i;
static const struct {
const char* sn;
const char* ln;
const char* oid;
int nid;
} testVals[] = {
{ "tlsfeature", "TLS Feature", "1.3.6.1.5.5.7.1.24", NID_tlsfeature },
{ "id-on-dnsSRV", "SRVName", "1.3.6.1.5.5.7.8.7",
NID_id_on_dnsSRV },
{ "msUPN", "Microsoft User Principal Name",
"1.3.6.1.4.1.311.20.2.3", NID_ms_upn },
{ NULL, NULL, NULL, NID_undef }
};
printf(testingFmt, "wolfSSL_OBJ_txt2nid()");
/* Invalid cases */
AssertIntEQ(OBJ_txt2nid(NULL), NID_undef);
AssertIntEQ(OBJ_txt2nid("Bad name"), NID_undef);
/* Valid cases */
for (i = 0; testVals[i].sn != NULL; i++) {
AssertIntEQ(OBJ_txt2nid(testVals[i].sn), testVals[i].nid);
AssertIntEQ(OBJ_txt2nid(testVals[i].ln), testVals[i].nid);
AssertIntEQ(OBJ_txt2nid(testVals[i].oid), testVals[i].nid);
}
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_OBJ_txt2obj(void)
{
#if defined(WOLFSSL_APACHE_HTTPD) || (defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN))
int i;
char buf[50];
ASN1_OBJECT* obj;
static const struct {
const char* oidStr;
const char* sn;
const char* ln;
} objs_list[] = {
#if defined(WOLFSSL_APACHE_HTTPD)
{ "1.3.6.1.5.5.7.1.24", "tlsfeature", "TLS Feature" },
{ "1.3.6.1.5.5.7.8.7", "id-on-dnsSRV", "SRVName" },
#endif
{ "2.5.29.19", "basicConstraints", "X509v3 Basic Constraints"},
{ NULL, NULL, NULL }
};
static const struct {
const char* numeric;
const char* name;
} objs_named[] = {
/* In dictionary but not in normal list. */
{ "1.3.6.1.5.5.7.3.8", "Time Stamping" },
/* Made up OID. */
{ "1.3.5.7", "1.3.5.7" },
{ NULL, NULL }
};
printf(testingFmt, "wolfSSL_OBJ_txt2obj()");
AssertNull(obj = OBJ_txt2obj("Bad name", 0));
AssertNull(obj = OBJ_txt2obj(NULL, 0));
for (i = 0; objs_list[i].oidStr != NULL; i++) {
/* Test numerical value of oid (oidStr) */
AssertNotNull(obj = OBJ_txt2obj(objs_list[i].oidStr, 1));
/* Convert object back to text to confirm oid is correct */
wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1);
AssertIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0);
ASN1_OBJECT_free(obj);
XMEMSET(buf, 0, sizeof(buf));
/* Test short name (sn) */
AssertNull(obj = OBJ_txt2obj(objs_list[i].sn, 1));
AssertNotNull(obj = OBJ_txt2obj(objs_list[i].sn, 0));
/* Convert object back to text to confirm oid is correct */
wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1);
AssertIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0);
ASN1_OBJECT_free(obj);
XMEMSET(buf, 0, sizeof(buf));
/* Test long name (ln) - should fail when no_name = 1 */
AssertNull(obj = OBJ_txt2obj(objs_list[i].ln, 1));
AssertNotNull(obj = OBJ_txt2obj(objs_list[i].ln, 0));
/* Convert object back to text to confirm oid is correct */
wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1);
AssertIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0);
ASN1_OBJECT_free(obj);
XMEMSET(buf, 0, sizeof(buf));
}
for (i = 0; objs_named[i].numeric != NULL; i++) {
AssertNotNull(obj = OBJ_txt2obj(objs_named[i].numeric, 1));
wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0);
AssertIntEQ(XSTRNCMP(buf, objs_named[i].name, (int)XSTRLEN(buf)), 0);
wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1);
AssertIntEQ(XSTRNCMP(buf, objs_named[i].numeric, (int)XSTRLEN(buf)), 0);
ASN1_OBJECT_free(obj);
}
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_i2t_ASN1_OBJECT(void)
{
#if defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
char buf[50] = {0};
ASN1_OBJECT* obj;
const char* oid = "2.5.29.19";
const char* ln = "X509v3 Basic Constraints";
printf(testingFmt, "test_wolfSSL_i2t_ASN1_OBJECT()");
obj = NULL;
AssertIntEQ(i2t_ASN1_OBJECT(NULL, sizeof(buf), obj), WOLFSSL_FAILURE);
AssertIntEQ(i2t_ASN1_OBJECT(buf, sizeof(buf), NULL), WOLFSSL_FAILURE);
AssertIntEQ(i2t_ASN1_OBJECT(buf, 0, NULL), WOLFSSL_FAILURE);
AssertNotNull(obj = OBJ_txt2obj(oid, 0));
XMEMSET(buf, 0, sizeof(buf));
AssertIntEQ(i2t_ASN1_OBJECT(buf, sizeof(buf), obj), XSTRLEN(ln));
AssertIntEQ(XSTRNCMP(buf, ln, XSTRLEN(ln)), 0);
ASN1_OBJECT_free(obj);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && WOLFSSL_CERT_EXT && WOLFSSL_CERT_GEN */
}
static void test_wolfSSL_PEM_write_bio_X509(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_AKID_NAME) && \
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
/* This test contains the hard coded expected
* lengths. Update if necessary */
BIO* input;
BIO* output;
X509* x509 = NULL;
int expectedLen;
printf(testingFmt, "wolfSSL_PEM_write_bio_X509()");
AssertNotNull(input = BIO_new_file(
"certs/test/cert-ext-multiple.pem", "rb"));
AssertIntEQ(wolfSSL_BIO_get_len(input), 2000);
AssertNotNull(output = BIO_new(wolfSSL_BIO_s_mem()));
AssertNotNull(PEM_read_bio_X509(input, &x509, NULL, NULL));
AssertIntEQ(PEM_write_bio_X509(output, x509), WOLFSSL_SUCCESS);
#ifdef WOLFSSL_ALT_NAMES
/* Here we copy the validity struct from the original */
expectedLen = 2000;
#else
/* Only difference is that we generate the validity in generalized
* time. Generating UTCTime vs Generalized time should be fixed in
* the future */
expectedLen = 2004;
#endif
AssertIntEQ(wolfSSL_BIO_get_len(output), expectedLen);
/* Reset output buffer */
BIO_free(output);
AssertNotNull(output = BIO_new(wolfSSL_BIO_s_mem()));
/* Test forcing the AKID to be generated just from KeyIdentifier */
if (x509->authKeyIdSrc != NULL) {
XMEMMOVE(x509->authKeyIdSrc, x509->authKeyId, x509->authKeyIdSz);
x509->authKeyId = x509->authKeyIdSrc;
x509->authKeyIdSrc = NULL;
x509->authKeyIdSrcSz = 0;
}
AssertIntEQ(PEM_write_bio_X509(output, x509), WOLFSSL_SUCCESS);
/* Check that we generate a smaller output since the AKID will
* only contain the KeyIdentifier without any additional
* information */
#ifdef WOLFSSL_ALT_NAMES
/* Here we copy the validity struct from the original */
expectedLen = 1688;
#else
/* UTCTime vs Generalized time */
expectedLen = 1692;
#endif
AssertIntEQ(wolfSSL_BIO_get_len(output), expectedLen);
X509_free(x509);
BIO_free(input);
BIO_free(output);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_NAME_ENTRY(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
!defined(NO_RSA) && defined(WOLFSSL_CERT_GEN)
X509* x509;
#ifndef NO_BIO
BIO* bio;
#endif
X509_NAME* nm;
X509_NAME_ENTRY* entry;
unsigned char cn[] = "another name to add";
#ifdef OPENSSL_ALL
int i, names_len;
#endif
printf(testingFmt, "wolfSSL_X509_NAME_ENTRY()");
AssertNotNull(x509 =
wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM));
#ifndef NO_BIO
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertIntEQ(PEM_write_bio_X509_AUX(bio, x509), SSL_SUCCESS);
#endif
#ifdef WOLFSSL_CERT_REQ
{
X509_REQ* req;
#ifndef NO_BIO
BIO* bReq;
#endif
AssertNotNull(req =
wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM));
#ifndef NO_BIO
AssertNotNull(bReq = BIO_new(BIO_s_mem()));
AssertIntEQ(PEM_write_bio_X509_REQ(bReq, req), SSL_SUCCESS);
BIO_free(bReq);
#endif
X509_free(req);
}
#endif
AssertNotNull(nm = X509_get_subject_name(x509));
/* Test add entry */
AssertNotNull(entry = X509_NAME_ENTRY_create_by_NID(NULL, NID_commonName,
0x0c, cn, (int)sizeof(cn)));
AssertIntEQ(X509_NAME_add_entry(nm, entry, -1, 0), SSL_SUCCESS);
#ifdef WOLFSSL_CERT_EXT
AssertIntEQ(X509_NAME_add_entry_by_txt(nm, "emailAddress", MBSTRING_UTF8,
(byte*)"support@wolfssl.com", 19, -1,
1), WOLFSSL_SUCCESS);
#endif
X509_NAME_ENTRY_free(entry);
#ifdef WOLFSSL_CERT_REQ
{
unsigned char srv_pkcs9p[] = "Server";
char* subject;
AssertIntEQ(X509_NAME_add_entry_by_NID(nm, NID_pkcs9_contentType,
MBSTRING_ASC, srv_pkcs9p, -1, -1, 0), SSL_SUCCESS);
subject = X509_NAME_oneline(nm, 0, 0);
#ifdef DEBUG_WOLFSSL
printf("\n\t%s\n", subject);
#endif
XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
}
#endif
/* Test add entry by text */
AssertNotNull(entry = X509_NAME_ENTRY_create_by_txt(NULL, "commonName",
0x0c, cn, (int)sizeof(cn)));
#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) \
|| defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)
AssertNull(X509_NAME_ENTRY_create_by_txt(&entry, "unknown",
V_ASN1_UTF8STRING, cn, (int)sizeof(cn)));
#endif
AssertIntEQ(X509_NAME_add_entry(nm, entry, -1, 0), SSL_SUCCESS);
X509_NAME_ENTRY_free(entry);
/* Test add entry by NID */
AssertIntEQ(X509_NAME_add_entry_by_NID(nm, NID_commonName, MBSTRING_UTF8,
cn, -1, -1, 0), SSL_SUCCESS);
#ifdef OPENSSL_ALL
/* stack of name entry */
AssertIntGT((names_len = sk_X509_NAME_ENTRY_num(nm->entries)), 0);
for (i=0; i<names_len; i++) {
AssertNotNull(entry = sk_X509_NAME_ENTRY_value(nm->entries, i));
}
#endif
#ifndef NO_BIO
BIO_free(bio);
#endif
X509_free(x509); /* free's nm */
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_set_name(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
X509* x509;
X509_NAME* name;
printf(testingFmt, "wolfSSL_X509_set_name()");
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
(byte*)"wolfssl.com", 11, 0, 1),
WOLFSSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
(byte*)"support@wolfssl.com", 19, -1,
1), WOLFSSL_SUCCESS);
AssertNotNull(x509 = X509_new());
AssertIntEQ(X509_set_subject_name(NULL, NULL), WOLFSSL_FAILURE);
AssertIntEQ(X509_set_subject_name(x509, NULL), WOLFSSL_FAILURE);
AssertIntEQ(X509_set_subject_name(NULL, name), WOLFSSL_FAILURE);
AssertIntEQ(X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
AssertIntEQ(X509_set_issuer_name(NULL, NULL), WOLFSSL_FAILURE);
AssertIntEQ(X509_set_issuer_name(x509, NULL), WOLFSSL_FAILURE);
AssertIntEQ(X509_set_issuer_name(NULL, name), WOLFSSL_FAILURE);
AssertIntEQ(X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
X509_free(x509);
X509_NAME_free(name);
printf(resultFmt, passed);
#endif /* OPENSSL_ALL && !NO_CERTS */
}
static void test_wolfSSL_X509_set_notAfter(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) \
&& !defined(NO_ASN_TIME) && !defined(USER_TIME) && \
!defined(TIME_OVERRIDES) && !defined(NO_CERTS) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) &&\
!defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT) && !defined(NO_BIO)
/* Generalized time will overflow time_t if not long */
X509* x;
BIO* bio;
ASN1_TIME *asn_time, *time_check;
const int year = 365*24*60*60;
const int day = 24*60*60;
const int hour = 60*60;
const int mini = 60;
int offset_day;
unsigned char buf[25];
time_t t;
printf(testingFmt, "wolfSSL_X509_set_notAfter()");
/*
* Setup asn_time. APACHE HTTPD uses time(NULL)
*/
t = (time_t)107 * year + 31 * day + 34 * hour + 30 * mini + 7 * day;
offset_day = 7;
/*
* Free these.
*/
asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, 0);
AssertNotNull(asn_time);
AssertNotNull(x = X509_new());
AssertNotNull(bio = BIO_new(BIO_s_mem()));
/*
* Tests
*/
AssertTrue(wolfSSL_X509_set_notAfter(x, asn_time));
/* time_check is simply (ANS1_TIME*)x->notAfter */
AssertNotNull(time_check = X509_get_notAfter(x));
/* ANS1_TIME_check validates by checking if argument can be parsed */
AssertIntEQ(ASN1_TIME_check(time_check), WOLFSSL_SUCCESS);
/* Convert to human readable format and compare to intended date */
AssertIntEQ(ASN1_TIME_print(bio, time_check), 1);
AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
AssertIntEQ(XMEMCMP(buf, "Jan 20 10:30:00 2077 GMT", sizeof(buf) - 1), 0);
/*
* Cleanup
*/
XFREE(asn_time,NULL,DYNAMIC_TYPE_OPENSSL);
X509_free(x);
BIO_free(bio);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_set_notBefore(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) \
&& !defined(NO_ASN_TIME) && !defined(USER_TIME) && \
!defined(TIME_OVERRIDES) && !defined(NO_CERTS) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_BIO)
X509* x;
BIO* bio;
ASN1_TIME *asn_time, *time_check;
const int year = 365*24*60*60;
const int day = 24*60*60;
const int hour = 60*60;
const int mini = 60;
int offset_day;
unsigned char buf[25];
time_t t;
printf(testingFmt, "wolfSSL_X509_set_notBefore()");
/*
* Setup asn_time. APACHE HTTPD uses time(NULL)
*/
t = (time_t)49 * year + 125 * day + 20 * hour + 30 * mini + 7 * day;
offset_day = 7;
/*
* Free these.
*/
asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, 0);
AssertNotNull(asn_time);
AssertNotNull(x = X509_new());
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertIntEQ(ASN1_TIME_check(asn_time), WOLFSSL_SUCCESS);
/*
* Main Tests
*/
AssertTrue(wolfSSL_X509_set_notBefore(x, asn_time));
/* time_check == (ANS1_TIME*)x->notBefore */
AssertNotNull(time_check = X509_get_notBefore(x));
/* ANS1_TIME_check validates by checking if argument can be parsed */
AssertIntEQ(ASN1_TIME_check(time_check), WOLFSSL_SUCCESS);
/* Convert to human readable format and compare to intended date */
AssertIntEQ(ASN1_TIME_print(bio, time_check), 1);
AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
AssertIntEQ(XMEMCMP(buf, "May 8 20:30:00 2019 GMT", sizeof(buf) - 1), 0);
/*
* Cleanup
*/
XFREE(asn_time,NULL,DYNAMIC_TYPE_OPENSSL);
X509_free(x);
BIO_free(bio);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_set_version(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \
!defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
X509* x509;
long v = 2L;
long maxInt = INT_MAX;
AssertNotNull(x509 = X509_new());
/* These should pass. */
AssertTrue(wolfSSL_X509_set_version(x509, v));
AssertIntEQ(v, wolfSSL_X509_get_version(x509));
/* Fail Case: When v(long) is greater than x509->version(int). */
v = maxInt+1;
AssertFalse(wolfSSL_X509_set_version(x509, v));
/* Cleanup */
X509_free(x509);
printf(resultFmt, passed);
#endif
}
#ifndef NO_BIO
static void test_wolfSSL_BIO_gets(void)
{
#if defined(OPENSSL_EXTRA)
BIO* bio;
BIO* bio2;
char msg[] = "\nhello wolfSSL\n security plus\t---...**adf\na...b.c";
char emp[] = "";
char bio_buffer[20];
int bufferSz = 20;
printf(testingFmt, "wolfSSL_BIO_gets()");
/* try with bad args */
AssertNull(bio = BIO_new_mem_buf(NULL, sizeof(msg)));
/* try with real msg */
AssertNotNull(bio = BIO_new_mem_buf((void*)msg, -1));
XMEMSET(bio_buffer, 0, bufferSz);
AssertNotNull(BIO_push(bio, BIO_new(BIO_s_bio())));
AssertNull(bio2 = BIO_find_type(bio, BIO_TYPE_FILE));
AssertNotNull(bio2 = BIO_find_type(bio, BIO_TYPE_BIO));
AssertFalse(bio2 != BIO_next(bio));
/* make buffer filled with no terminating characters */
XMEMSET(bio_buffer, 1, bufferSz);
/* BIO_gets reads a line of data */
AssertIntEQ(BIO_gets(bio, bio_buffer, -3), 0);
AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1);
AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 14);
AssertStrEQ(bio_buffer, "hello wolfSSL\n");
AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 19);
AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 8);
AssertIntEQ(BIO_gets(bio, bio_buffer, -1), 0);
/* check not null terminated string */
BIO_free(bio);
msg[0] = 0x33;
msg[1] = 0x33;
msg[2] = 0x33;
AssertNotNull(bio = BIO_new_mem_buf((void*)msg, 3));
AssertIntEQ(BIO_gets(bio, bio_buffer, 3), 2);
AssertIntEQ(bio_buffer[0], msg[0]);
AssertIntEQ(bio_buffer[1], msg[1]);
AssertIntNE(bio_buffer[2], msg[2]);
BIO_free(bio);
msg[3] = 0x33;
bio_buffer[3] = 0x33;
AssertNotNull(bio = BIO_new_mem_buf((void*)msg, 3));
AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 3);
AssertIntEQ(bio_buffer[0], msg[0]);
AssertIntEQ(bio_buffer[1], msg[1]);
AssertIntEQ(bio_buffer[2], msg[2]);
AssertIntNE(bio_buffer[3], 0x33); /* make sure null terminator was set */
/* check reading an empty string */
BIO_free(bio);
AssertNotNull(bio = BIO_new_mem_buf((void*)emp, sizeof(emp)));
AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1); /* just terminator */
AssertStrEQ(emp, bio_buffer);
AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 0); /* Nothing to read */
/* check error cases */
BIO_free(bio);
AssertIntEQ(BIO_gets(NULL, NULL, 0), SSL_FAILURE);
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertIntEQ(BIO_gets(bio, bio_buffer, 2), 0); /* nothing to read */
#if !defined(NO_FILESYSTEM)
{
BIO* f_bio;
XFILE f;
AssertNotNull(f_bio = BIO_new(BIO_s_file()));
AssertIntLE(BIO_gets(f_bio, bio_buffer, bufferSz), 0);
f = XFOPEN(svrCertFile, "rb");
AssertTrue((f != XBADFILE));
AssertIntEQ((int)BIO_set_fp(f_bio, f, BIO_CLOSE), SSL_SUCCESS);
AssertIntGT(BIO_gets(f_bio, bio_buffer, bufferSz), 0);
BIO_free(f_bio);
}
#endif /* NO_FILESYSTEM */
BIO_free(bio);
BIO_free(bio2);
/* try with type BIO */
XMEMCPY(msg, "\nhello wolfSSL\n security plus\t---...**adf\na...b.c",
sizeof(msg));
AssertNotNull(bio = BIO_new(BIO_s_bio()));
AssertIntEQ(BIO_gets(bio, bio_buffer, 2), 0); /* nothing to read */
AssertNotNull(bio2 = BIO_new(BIO_s_bio()));
AssertIntEQ(BIO_set_write_buf_size(bio, 10), SSL_SUCCESS);
AssertIntEQ(BIO_set_write_buf_size(bio2, sizeof(msg)), SSL_SUCCESS);
AssertIntEQ(BIO_make_bio_pair(bio, bio2), SSL_SUCCESS);
AssertIntEQ(BIO_write(bio2, msg, sizeof(msg)), sizeof(msg));
AssertIntEQ(BIO_gets(bio, bio_buffer, -3), 0);
AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1);
AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 14);
AssertStrEQ(bio_buffer, "hello wolfSSL\n");
AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 19);
AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 8);
AssertIntEQ(BIO_gets(bio, bio_buffer, -1), 0);
BIO_free(bio);
BIO_free(bio2);
/* check reading an empty string */
AssertNotNull(bio = BIO_new(BIO_s_bio()));
AssertIntEQ(BIO_set_write_buf_size(bio, sizeof(emp)), SSL_SUCCESS);
AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 0); /* Nothing to read */
AssertStrEQ(emp, bio_buffer);
BIO_free(bio);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_BIO_puts(void)
{
#if defined(OPENSSL_EXTRA)
BIO* bio;
char input[] = "hello\0world\n.....ok\n\0";
char output[128];
printf(testingFmt, "wolfSSL_BIO_puts()");
XMEMSET(output, 0, sizeof(output));
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertIntEQ(BIO_puts(bio, input), 5);
AssertIntEQ(BIO_pending(bio), 5);
AssertIntEQ(BIO_puts(bio, input + 6), 14);
AssertIntEQ(BIO_pending(bio), 19);
AssertIntEQ(BIO_gets(bio, output, sizeof(output)), 11);
AssertStrEQ(output, "helloworld\n");
AssertIntEQ(BIO_pending(bio), 8);
AssertIntEQ(BIO_gets(bio, output, sizeof(output)), 8);
AssertStrEQ(output, ".....ok\n");
AssertIntEQ(BIO_pending(bio), 0);
AssertIntEQ(BIO_puts(bio, ""), -1);
BIO_free(bio);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_BIO_dump(void)
{
#if defined(OPENSSL_EXTRA)
BIO* bio;
static const unsigned char data[] = {
0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE,
0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x55, 0xBF, 0xF4,
0x0F, 0x44, 0x50, 0x9A, 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5,
0x4D, 0xF5, 0x70, 0x7B, 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80,
0xEC, 0x5A, 0x4C, 0xA2, 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA,
0xEF, 0xA2, 0x35, 0x12, 0x43, 0x84, 0x76, 0x16, 0xC6, 0x56,
0x95, 0x06, 0xCC, 0x01, 0xA9, 0xBD, 0xF6, 0x75, 0x1A, 0x42,
0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D, 0x7F,
0xB4
};
/* Generated with OpenSSL. */
static const char expected[] =
"0000 - 30 59 30 13 06 07 2a 86-48 ce 3d 02 01 06 08 2a 0Y0...*.H.=....*\n"
"0010 - 86 48 ce 3d 03 01 07 03-42 00 04 55 bf f4 0f 44 .H.=....B..U...D\n"
"0020 - 50 9a 3d ce 9b b7 f0 c5-4d f5 70 7b d4 ec 24 8e P.=.....M.p{..$.\n"
"0030 - 19 80 ec 5a 4c a2 24 03-62 2c 9b da ef a2 35 12 ...ZL.$.b,....5.\n"
"0040 - 43 84 76 16 c6 56 95 06-cc 01 a9 bd f6 75 1a 42 C.v..V.......u.B\n"
"0050 - f7 bd a9 b2 36 22 5f c7-5d 7f b4 ....6\"_.]..\n";
static const char expectedAll[] =
"0000 - 00 01 02 03 04 05 06 07-08 09 0a 0b 0c 0d 0e 0f ................\n"
"0010 - 10 11 12 13 14 15 16 17-18 19 1a 1b 1c 1d 1e 1f ................\n"
"0020 - 20 21 22 23 24 25 26 27-28 29 2a 2b 2c 2d 2e 2f !\"#$%&'()*+,-./\n"
"0030 - 30 31 32 33 34 35 36 37-38 39 3a 3b 3c 3d 3e 3f 0123456789:;<=>?\n"
"0040 - 40 41 42 43 44 45 46 47-48 49 4a 4b 4c 4d 4e 4f @ABCDEFGHIJKLMNO\n"
"0050 - 50 51 52 53 54 55 56 57-58 59 5a 5b 5c 5d 5e 5f PQRSTUVWXYZ[\\]^_\n"
"0060 - 60 61 62 63 64 65 66 67-68 69 6a 6b 6c 6d 6e 6f `abcdefghijklmno\n"
"0070 - 70 71 72 73 74 75 76 77-78 79 7a 7b 7c 7d 7e 7f pqrstuvwxyz{|}~.\n"
"0080 - 80 81 82 83 84 85 86 87-88 89 8a 8b 8c 8d 8e 8f ................\n"
"0090 - 90 91 92 93 94 95 96 97-98 99 9a 9b 9c 9d 9e 9f ................\n"
"00a0 - a0 a1 a2 a3 a4 a5 a6 a7-a8 a9 aa ab ac ad ae af ................\n"
"00b0 - b0 b1 b2 b3 b4 b5 b6 b7-b8 b9 ba bb bc bd be bf ................\n"
"00c0 - c0 c1 c2 c3 c4 c5 c6 c7-c8 c9 ca cb cc cd ce cf ................\n"
"00d0 - d0 d1 d2 d3 d4 d5 d6 d7-d8 d9 da db dc dd de df ................\n"
"00e0 - e0 e1 e2 e3 e4 e5 e6 e7-e8 e9 ea eb ec ed ee ef ................\n"
"00f0 - f0 f1 f2 f3 f4 f5 f6 f7-f8 f9 fa fb fc fd fe ff ................\n";
char output[16 * 80];
int i;
AssertNotNull(bio = BIO_new(BIO_s_mem()));
/* Example key dumped. */
AssertIntEQ(BIO_dump(bio, (const char*)data, (int)sizeof(data)),
sizeof(expected) - 1);
AssertIntEQ(BIO_read(bio, output, sizeof(output)), sizeof(expected) - 1);
AssertIntEQ(XMEMCMP(output, expected, sizeof(expected) - 1), 0);
/* Try every possible value for a character. */
for (i = 0; i < 256; i++)
output[i] = i;
AssertIntEQ(BIO_dump(bio, output, 256), sizeof(expectedAll) - 1);
AssertIntEQ(BIO_read(bio, output, sizeof(output)), sizeof(expectedAll) - 1);
AssertIntEQ(XMEMCMP(output, expectedAll, sizeof(expectedAll) - 1), 0);
BIO_free(bio);
printf(resultFmt, passed);
#endif
}
#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
!defined(NO_RSA) && defined(HAVE_EXT_CACHE) && \
defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(USE_WOLFSSL_IO)
static int forceWantRead(WOLFSSL *ssl, char *buf, int sz, void *ctx)
{
(void)ssl;
(void)buf;
(void)sz;
(void)ctx;
return WOLFSSL_CBIO_ERR_WANT_READ;
}
#endif
static void test_wolfSSL_BIO_should_retry(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
!defined(NO_RSA) && defined(HAVE_EXT_CACHE) && \
defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(USE_WOLFSSL_IO)
tcp_ready ready;
func_args server_args;
THREAD_TYPE serverThread;
SOCKET_T sockfd = 0;
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
char msg[64] = "hello wolfssl!";
char reply[1024];
int msgSz = (int)XSTRLEN(msg);
int ret;
BIO* bio;
printf(testingFmt, "wolfSSL_BIO_should_retry()");
XMEMSET(&server_args, 0, sizeof(func_args));
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
StartTCP();
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
server_args.signal = &ready;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#ifdef OPENSSL_COMPATIBLE_DEFAULTS
AssertIntEQ(wolfSSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY), 0);
#endif
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL);
/* force retry */
ssl = wolfSSL_new(ctx);
AssertNotNull(ssl);
AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
wolfSSL_SSLSetIORecv(ssl, forceWantRead);
AssertNotNull(bio = BIO_new(BIO_f_ssl()));
BIO_set_ssl(bio, ssl, BIO_CLOSE);
AssertIntLE(BIO_write(bio, msg, msgSz), 0);
AssertIntNE(BIO_should_retry(bio), 0);
/* now perform successful connection */
wolfSSL_SSLSetIORecv(ssl, EmbedReceive);
AssertIntEQ(BIO_write(bio, msg, msgSz), msgSz);
BIO_read(bio, reply, sizeof(reply));
ret = wolfSSL_get_error(ssl, -1);
if (ret == WOLFSSL_ERROR_WANT_READ || ret == WOLFSSL_ERROR_WANT_WRITE) {
AssertIntNE(BIO_should_retry(bio), 0);
}
else {
AssertIntEQ(BIO_should_retry(bio), 0);
}
AssertIntEQ(XMEMCMP(reply, "I hear you fa shizzle!",
XSTRLEN("I hear you fa shizzle!")), 0);
BIO_free(bio);
wolfSSL_CTX_free(ctx);
join_thread(serverThread);
FreeTcpReady(&ready);
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_BIO_connect(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_HTTP_CLIENT)
tcp_ready ready;
func_args server_args;
THREAD_TYPE serverThread;
BIO *tcpBio;
BIO *sslBio;
SSL_CTX* ctx;
SSL *ssl;
SSL *sslPtr;
char msg[] = "hello wolfssl!";
char reply[30];
char buff[10] = {0};
printf(testingFmt, "wolfSSL_BIO_new_connect()");
/* Setup server */
XMEMSET(&server_args, 0, sizeof(func_args));
StartTCP();
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
server_args.signal = &ready;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
AssertIntGT(XSPRINTF(buff, "%d", ready.port), 0);
/* Start the test proper */
/* Setup the TCP BIO */
AssertNotNull(tcpBio = BIO_new_connect(wolfSSLIP));
AssertIntEQ(BIO_set_conn_port(tcpBio, buff), 1);
/* Setup the SSL object */
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
SSL_set_connect_state(ssl);
/* Setup the SSL BIO */
AssertNotNull(sslBio = BIO_new(BIO_f_ssl()));
AssertIntEQ(BIO_set_ssl(sslBio, ssl, BIO_CLOSE), 1);
/* Verify that BIO_get_ssl works. */
AssertIntEQ(BIO_get_ssl(sslBio, &sslPtr), 1);
AssertPtrEq(ssl, sslPtr);
/* Link BIO's so that sslBio uses tcpBio for IO */
AssertPtrEq(BIO_push(sslBio, tcpBio), sslBio);
/* Do TCP connect */
AssertIntEQ(BIO_do_connect(sslBio), 1);
/* Do TLS handshake */
AssertIntEQ(BIO_do_handshake(sslBio), 1);
/* Test writing */
AssertIntEQ(BIO_write(sslBio, msg, sizeof(msg)), sizeof(msg));
/* Expect length of default wolfSSL reply */
AssertIntEQ(BIO_read(sslBio, reply, sizeof(reply)), 23);
/* Clean it all up */
BIO_free_all(sslBio);
/* Server clean up */
join_thread(serverThread);
FreeTcpReady(&ready);
/* Run the same test, but use BIO_new_ssl_connect and set the IP and port
* after. */
XMEMSET(&server_args, 0, sizeof(func_args));
StartTCP();
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
server_args.signal = &ready;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
AssertIntGT(XSPRINTF(buff, "%d", ready.port), 0);
AssertNotNull(sslBio = BIO_new_ssl_connect(ctx));
AssertIntEQ(BIO_set_conn_hostname(sslBio, (char*)wolfSSLIP), 1);
AssertIntEQ(BIO_set_conn_port(sslBio, buff), 1);
AssertIntEQ(BIO_do_connect(sslBio), 1);
AssertIntEQ(BIO_do_handshake(sslBio), 1);
AssertIntEQ(BIO_write(sslBio, msg, sizeof(msg)), sizeof(msg));
AssertIntEQ(BIO_read(sslBio, reply, sizeof(reply)), 23);
/* Attempt to close the TLS connection gracefully. */
BIO_ssl_shutdown(sslBio);
BIO_free_all(sslBio);
join_thread(serverThread);
FreeTcpReady(&ready);
SSL_CTX_free(ctx);
#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS)
wc_ecc_fp_free(); /* free per thread cache */
#endif
printf(resultFmt, passed);
#endif
}
#if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_HTTP_CLIENT)
static THREAD_RETURN WOLFSSL_THREAD test_wolfSSL_BIO_accept_client(void* args)
{
BIO* clientBio;
SSL* sslClient;
SSL_CTX* ctx;
char connectAddr[20]; /* IP + port */;
(void)args;
AssertIntGT(snprintf(connectAddr, sizeof(connectAddr), "%s:%d", wolfSSLIP, wolfSSLPort), 0);
AssertNotNull(clientBio = BIO_new_connect(connectAddr));
AssertIntEQ(BIO_do_connect(clientBio), 1);
AssertNotNull(ctx = SSL_CTX_new(SSLv23_method()));
AssertNotNull(sslClient = SSL_new(ctx));
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), WOLFSSL_SUCCESS);
SSL_set_bio(sslClient, clientBio, clientBio);
AssertIntEQ(SSL_connect(sslClient), 1);
SSL_free(sslClient);
SSL_CTX_free(ctx);
#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS)
wc_ecc_fp_free(); /* free per thread cache */
#endif
return 0;
}
#endif
static void test_wolfSSL_BIO_accept(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_HTTP_CLIENT)
BIO* serverBindBio;
BIO* serverAcceptBio;
SSL* sslServer;
SSL_CTX* ctx;
func_args args;
THREAD_TYPE thread;
char port[10]; /* 10 bytes should be enough to store the string
* representation of the port */
printf(testingFmt, "wolfSSL_BIO_new_accept()");
AssertIntGT(snprintf(port, sizeof(port), "%d", wolfSSLPort), 0);
AssertNotNull(serverBindBio = BIO_new_accept(port));
/* First BIO_do_accept binds the port */
AssertIntEQ(BIO_do_accept(serverBindBio), 1);
XMEMSET(&args, 0, sizeof(func_args));
start_thread(test_wolfSSL_BIO_accept_client, &args, &thread);
AssertIntEQ(BIO_do_accept(serverBindBio), 1);
/* Let's plug it into SSL to test */
AssertNotNull(ctx = SSL_CTX_new(SSLv23_method()));
AssertIntEQ(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
AssertNotNull(sslServer = SSL_new(ctx));
AssertNotNull(serverAcceptBio = BIO_pop(serverBindBio));
SSL_set_bio(sslServer, serverAcceptBio, serverAcceptBio);
AssertIntEQ(SSL_accept(sslServer), 1);
join_thread(thread);
BIO_free(serverBindBio);
SSL_free(sslServer);
SSL_CTX_free(ctx);
#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS)
wc_ecc_fp_free(); /* free per thread cache */
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_BIO_write(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE)
BIO* bio;
BIO* bio64;
BIO* ptr;
int sz;
char msg[] = "conversion test";
char out[40];
char expected[] = "Y29udmVyc2lvbiB0ZXN0AA==\n";
void* bufPtr = NULL;
BUF_MEM* buf = NULL;
printf(testingFmt, "wolfSSL_BIO_write()");
AssertNotNull(bio64 = BIO_new(BIO_f_base64()));
AssertNotNull(bio = BIO_push(bio64, BIO_new(BIO_s_mem())));
/* now should convert to base64 then write to memory */
AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg));
BIO_flush(bio);
/* test BIO chain */
AssertIntEQ(SSL_SUCCESS, (int)BIO_get_mem_ptr(bio, &buf));
AssertNotNull(buf);
AssertIntEQ(buf->length, 25);
AssertIntEQ(BIO_get_mem_data(bio, &bufPtr), 25);
AssertPtrEq(buf->data, bufPtr);
AssertNotNull(ptr = BIO_find_type(bio, BIO_TYPE_MEM));
sz = sizeof(out);
XMEMSET(out, 0, sz);
AssertIntEQ((sz = BIO_read(ptr, out, sz)), 25);
AssertIntEQ(XMEMCMP(out, expected, sz), 0);
/* write then read should return the same message */
AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg));
sz = sizeof(out);
XMEMSET(out, 0, sz);
AssertIntEQ(BIO_read(bio, out, sz), 16);
AssertIntEQ(XMEMCMP(out, msg, sizeof(msg)), 0);
/* now try encoding with no line ending */
BIO_set_flags(bio64, BIO_FLAGS_BASE64_NO_NL);
#ifdef HAVE_EX_DATA
BIO_set_ex_data(bio64, 0, (void*) "data");
AssertIntEQ(strcmp((const char*)BIO_get_ex_data(bio64, 0), "data"), 0);
#endif
AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg));
BIO_flush(bio);
sz = sizeof(out);
XMEMSET(out, 0, sz);
AssertIntEQ((sz = BIO_read(ptr, out, sz)), 24);
AssertIntEQ(XMEMCMP(out, expected, sz), 0);
BIO_free_all(bio); /* frees bio64 also */
/* test with more than one bio64 in list */
AssertNotNull(bio64 = BIO_new(BIO_f_base64()));
AssertNotNull(bio = BIO_push(BIO_new(BIO_f_base64()), bio64));
AssertNotNull(BIO_push(bio64, BIO_new(BIO_s_mem())));
/* now should convert to base64 when stored and then decode with read */
AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), 25);
BIO_flush(bio);
sz = sizeof(out);
XMEMSET(out, 0, sz);
AssertIntEQ((sz = BIO_read(bio, out, sz)), 16);
AssertIntEQ(XMEMCMP(out, msg, sz), 0);
BIO_clear_flags(bio64, ~0);
BIO_set_retry_read(bio);
BIO_free_all(bio); /* frees bio64s also */
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_BIO_printf(void)
{
#if defined(OPENSSL_ALL)
BIO* bio;
int sz = 7;
char msg[] = "TLS 1.3 for the world";
char out[60];
char expected[] = "TLS 1.3 for the world : sz = 7";
printf(testingFmt, "wolfSSL_BIO_printf()");
XMEMSET(out, 0, sizeof(out));
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertIntEQ(BIO_printf(bio, "%s : sz = %d", msg, sz), 30);
AssertIntEQ(BIO_printf(NULL, ""), WOLFSSL_FATAL_ERROR);
AssertIntEQ(BIO_read(bio, out, sizeof(out)), 30);
AssertIntEQ(XSTRNCMP(out, expected, sizeof(expected)), 0);
BIO_free(bio);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_BIO_f_md(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_SHA256)
BIO *bio, *mem;
char msg[] = "message to hash";
char out[60];
EVP_MD_CTX* ctx;
const unsigned char testKey[] =
{
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b, 0x0b, 0x0b, 0x0b
};
const char testData[] = "Hi There";
const unsigned char testResult[] =
{
0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53,
0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b,
0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7,
0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7
};
const unsigned char expectedHash[] =
{
0x66, 0x49, 0x3C, 0xE8, 0x8A, 0x57, 0xB0, 0x60,
0xDC, 0x55, 0x7D, 0xFC, 0x1F, 0xA5, 0xE5, 0x07,
0x70, 0x5A, 0xF6, 0xD7, 0xC4, 0x1F, 0x1A, 0xE4,
0x2D, 0xA6, 0xFD, 0xD1, 0x29, 0x7D, 0x60, 0x0D
};
const unsigned char emptyHash[] =
{
0xE3, 0xB0, 0xC4, 0x42, 0x98, 0xFC, 0x1C, 0x14,
0x9A, 0xFB, 0xF4, 0xC8, 0x99, 0x6F, 0xB9, 0x24,
0x27, 0xAE, 0x41, 0xE4, 0x64, 0x9B, 0x93, 0x4C,
0xA4, 0x95, 0x99, 0x1B, 0x78, 0x52, 0xB8, 0x55
};
unsigned char check[sizeof(testResult) + 1];
size_t checkSz = -1;
EVP_PKEY* key;
printf(testingFmt, "wolfSSL_BIO_f_md()");
XMEMSET(out, 0, sizeof(out));
AssertNotNull(bio = BIO_new(BIO_f_md()));
AssertNotNull(mem = BIO_new(BIO_s_mem()));
AssertIntEQ(BIO_get_md_ctx(bio, &ctx), 1);
AssertIntEQ(EVP_DigestInit(ctx, EVP_sha256()), 1);
/* should not be able to write/read yet since just digest wrapper and no
* data is passing through the bio */
AssertIntEQ(BIO_write(bio, msg, 0), 0);
AssertIntEQ(BIO_pending(bio), 0);
AssertIntEQ(BIO_read(bio, out, sizeof(out)), 0);
AssertIntEQ(BIO_gets(bio, out, 3), 0);
AssertIntEQ(BIO_gets(bio, out, sizeof(out)), 32);
AssertIntEQ(XMEMCMP(emptyHash, out, 32), 0);
BIO_reset(bio);
/* append BIO mem to bio in order to read/write */
AssertNotNull(bio = BIO_push(bio, mem));
XMEMSET(out, 0, sizeof(out));
AssertIntEQ(BIO_write(mem, msg, sizeof(msg)), 16);
AssertIntEQ(BIO_pending(bio), 16);
/* this just reads the message and does not hash it (gets calls final) */
AssertIntEQ(BIO_read(bio, out, sizeof(out)), 16);
AssertIntEQ(XMEMCMP(out, msg, sizeof(msg)), 0);
/* create a message digest using BIO */
XMEMSET(out, 0, sizeof(out));
AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), 16);
AssertIntEQ(BIO_pending(mem), 16);
AssertIntEQ(BIO_pending(bio), 16);
AssertIntEQ(BIO_gets(bio, out, sizeof(out)), 32);
AssertIntEQ(XMEMCMP(expectedHash, out, 32), 0);
BIO_free(bio);
BIO_free(mem);
/* test with HMAC */
XMEMSET(out, 0, sizeof(out));
AssertNotNull(bio = BIO_new(BIO_f_md()));
AssertNotNull(mem = BIO_new(BIO_s_mem()));
BIO_get_md_ctx(bio, &ctx);
AssertNotNull(key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
testKey, (int)sizeof(testKey)));
EVP_DigestSignInit(ctx, NULL, EVP_sha256(), NULL, key);
AssertNotNull(bio = BIO_push(bio, mem));
BIO_write(bio, testData, (int)strlen(testData));
EVP_DigestSignFinal(ctx, NULL, &checkSz);
EVP_DigestSignFinal(ctx, check, &checkSz);
AssertIntEQ(XMEMCMP(check, testResult, sizeof(testResult)), 0);
EVP_PKEY_free(key);
BIO_free(bio);
BIO_free(mem);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_BIO_up_ref(void)
{
#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
BIO* bio;
printf(testingFmt, "wolfSSL_BIO_up_ref()");
AssertNotNull(bio = BIO_new(BIO_f_md()));
AssertIntEQ(BIO_up_ref(NULL), 0);
AssertIntEQ(BIO_up_ref(bio), 1);
BIO_free(bio);
AssertIntEQ(BIO_up_ref(bio), 1);
BIO_free(bio);
BIO_free(bio);
printf(resultFmt, "passed");
#endif
}
#endif /* !NO_BIO */
#if defined(OPENSSL_EXTRA) && defined(HAVE_IO_TESTS_DEPENDENCIES)
/* test that the callback arg is correct */
static int certCbArg = 0;
static int clientCertCb(WOLFSSL* ssl, void* arg)
{
if (ssl == NULL || arg != &certCbArg)
return 0;
if (wolfSSL_use_certificate_file(ssl, cliCertFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS)
return 0;
if (wolfSSL_use_PrivateKey_file(ssl, cliKeyFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS)
return 0;
return 1;
}
static void clientCertSetupCb(WOLFSSL_CTX* ctx)
{
SSL_CTX_set_cert_cb(ctx, clientCertCb, &certCbArg);
}
/**
* This is only done because test_client_nofail has no way to stop
* certificate and key loading
*/
static void clientCertClearCb(WOLFSSL* ssl)
{
/* Clear the loaded certs to force the callbacks to set them up */
SSL_certs_clear(ssl);
}
static int serverCertCb(WOLFSSL* ssl, void* arg)
{
if (ssl == NULL || arg != &certCbArg)
return 0;
if (wolfSSL_use_certificate_file(ssl, svrCertFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS)
return 0;
if (wolfSSL_use_PrivateKey_file(ssl, svrKeyFile,
WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS)
return 0;
return 1;
}
static void serverCertSetupCb(WOLFSSL_CTX* ctx)
{
SSL_CTX_set_cert_cb(ctx, serverCertCb, &certCbArg);
}
/**
* This is only done because test_server_nofail has no way to stop
* certificate and key loading
*/
static void serverCertClearCb(WOLFSSL* ssl)
{
/* Clear the loaded certs to force the callbacks to set them up */
SSL_certs_clear(ssl);
}
#endif
static void test_wolfSSL_cert_cb(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_IO_TESTS_DEPENDENCIES)
callback_functions func_cb_client;
callback_functions func_cb_server;
tcp_ready ready;
func_args client_args;
func_args server_args;
THREAD_TYPE serverThread;
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
StartTCP();
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
server_args.signal = &ready;
client_args.signal = &ready;
client_args.callbacks = &func_cb_client;
server_args.callbacks = &func_cb_server;
func_cb_client.ctx_ready = clientCertSetupCb;
func_cb_client.ssl_ready = clientCertClearCb;
func_cb_server.ctx_ready = serverCertSetupCb;
func_cb_server.ssl_ready = serverCertClearCb;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args, NULL);
join_thread(serverThread);
AssertTrue(client_args.return_code);
AssertTrue(server_args.return_code);
FreeTcpReady(&ready);
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
#endif
}
static void test_wolfSSL_SESSION(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
!defined(NO_RSA) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
!defined(NO_SESSION_CACHE)
WOLFSSL* ssl;
WOLFSSL_CTX* ctx;
WOLFSSL_SESSION* sess;
WOLFSSL_SESSION* sess_copy;
#ifdef OPENSSL_EXTRA
unsigned char* sessDer = NULL;
unsigned char* ptr = NULL;
const unsigned char context[] = "user app context";
unsigned int contextSz = (unsigned int)sizeof(context);
int sz;
#endif
int ret, err, sockfd;
tcp_ready ready;
func_args server_args;
THREAD_TYPE serverThread;
char msg[80];
const char* sendGET = "GET";
printf(testingFmt, "wolfSSL_SESSION()");
/* TLS v1.3 requires session tickets */
/* CHACHA and POLY1305 required for myTicketEncCb */
#if defined(WOLFSSL_TLS13) && (!defined(HAVE_SESSION_TICKET) && \
!defined(WOLFSSL_NO_TLS12) || !(defined(HAVE_CHACHA) && \
defined(HAVE_POLY1305) && !defined(HAVE_AESGCM)))
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#endif
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
WOLFSSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
WOLFSSL_FILETYPE_PEM));
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0),
WOLFSSL_SUCCESS);
#ifdef WOLFSSL_ENCRYPTED_KEYS
wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif
#ifdef HAVE_SESSION_TICKET
/* Use session tickets, for ticket tests below */
AssertIntEQ(wolfSSL_CTX_UseSessionTicket(ctx), WOLFSSL_SUCCESS);
#endif
XMEMSET(&server_args, 0, sizeof(func_args));
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
StartTCP();
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
server_args.signal = &ready;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
/* client connection */
ssl = wolfSSL_new(ctx);
tcp_connect(&sockfd, wolfSSLIP, ready.port, 0, 0, ssl);
AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
#ifdef WOLFSSL_ASYNC_CRYPT
err = 0; /* Reset error */
#endif
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
ret = wolfSSL_connect(ssl);
err = wolfSSL_get_error(ssl, 0);
} while (err == WC_PENDING_E);
AssertIntEQ(ret, WOLFSSL_SUCCESS);
#ifdef WOLFSSL_ASYNC_CRYPT
err = 0; /* Reset error */
#endif
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
ret = wolfSSL_write(ssl, sendGET, (int)XSTRLEN(sendGET));
err = wolfSSL_get_error(ssl, 0);
} while (err == WC_PENDING_E);
AssertIntEQ(ret, (int)XSTRLEN(sendGET));
#ifdef WOLFSSL_ASYNC_CRYPT
err = 0; /* Reset error */
#endif
do {
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) { break; } else if (ret == 0) { continue; }
}
#endif
ret = wolfSSL_read(ssl, msg, sizeof(msg));
err = wolfSSL_get_error(ssl, 0);
} while (err == WC_PENDING_E);
AssertIntEQ(ret, 23);
AssertPtrNE((sess = wolfSSL_get1_session(ssl)), NULL); /* ref count 1 */
AssertPtrNE((sess_copy = wolfSSL_get1_session(ssl)), NULL); /* ref count 2 */
#ifdef HAVE_EXT_CACHE
AssertPtrEq(sess, sess_copy); /* they should be the same pointer but without
* HAVE_EXT_CACHE we get new objects each time */
#endif
wolfSSL_SESSION_free(sess_copy); sess_copy = NULL;
wolfSSL_SESSION_free(sess); sess = NULL; /* free session ref */
sess = wolfSSL_get_session(ssl);
#ifdef OPENSSL_EXTRA
AssertIntEQ(SSL_SESSION_is_resumable(NULL), 0);
AssertIntEQ(SSL_SESSION_is_resumable(sess), 1);
AssertIntEQ(wolfSSL_SESSION_has_ticket(NULL), 0);
AssertIntEQ(wolfSSL_SESSION_get_ticket_lifetime_hint(NULL), 0);
#ifdef HAVE_SESSION_TICKET
AssertIntEQ(wolfSSL_SESSION_has_ticket(sess), 1);
AssertIntEQ(wolfSSL_SESSION_get_ticket_lifetime_hint(sess),
SESSION_TICKET_HINT_DEFAULT);
#else
AssertIntEQ(wolfSSL_SESSION_has_ticket(sess), 0);
#endif
#endif /* OPENSSL_EXTRA */
/* Retain copy of the session for later testing */
AssertNotNull(sess = wolfSSL_get1_session(ssl));
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
join_thread(serverThread);
FreeTcpReady(&ready);
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
{
X509 *x509;
char buf[30];
int bufSz;
AssertNotNull(x509 = SSL_SESSION_get0_peer(sess));
AssertIntGT((bufSz = X509_NAME_get_text_by_NID(
X509_get_subject_name(x509), NID_organizationalUnitName,
buf, sizeof(buf))), 0);
AssertIntNE((bufSz == 7 || bufSz == 16), 0); /* should be one of these*/
if (bufSz == 7) {
AssertIntEQ(XMEMCMP(buf, "Support", bufSz), 0);
}
if (bufSz == 16) {
AssertIntEQ(XMEMCMP(buf, "Programming-2048", bufSz), 0);
}
}
#endif
#ifdef HAVE_EXT_CACHE
AssertNotNull(sess_copy = wolfSSL_SESSION_dup(sess));
wolfSSL_SESSION_free(sess_copy);
sess_copy = NULL;
#endif
#ifdef OPENSSL_EXTRA
/* get session from DER and update the timeout */
AssertIntEQ(wolfSSL_i2d_SSL_SESSION(NULL, &sessDer), BAD_FUNC_ARG);
AssertIntGT((sz = wolfSSL_i2d_SSL_SESSION(sess, &sessDer)), 0);
wolfSSL_SESSION_free(sess);
sess = NULL;
ptr = sessDer;
AssertNull(sess = wolfSSL_d2i_SSL_SESSION(NULL, NULL, sz));
AssertNotNull(sess = wolfSSL_d2i_SSL_SESSION(NULL,
(const unsigned char**)&ptr, sz));
XFREE(sessDer, NULL, DYNAMIC_TYPE_OPENSSL);
sessDer = NULL;
AssertIntGT(wolfSSL_SESSION_get_time(sess), 0);
AssertIntEQ(wolfSSL_SSL_SESSION_set_timeout(sess, 500), SSL_SUCCESS);
#endif
/* successful set session test */
AssertNotNull(ssl = wolfSSL_new(ctx));
AssertIntEQ(wolfSSL_set_session(ssl, sess), WOLFSSL_SUCCESS);
#ifdef HAVE_SESSION_TICKET
/* Test set/get session ticket */
{
const char* ticket = "This is a session ticket";
char buf[64] = {0};
word32 bufSz = (word32)sizeof(buf);
AssertIntEQ(SSL_SUCCESS,
wolfSSL_set_SessionTicket(ssl, (byte *)ticket,
(word32)XSTRLEN(ticket)));
AssertIntEQ(SSL_SUCCESS,
wolfSSL_get_SessionTicket(ssl, (byte *)buf, &bufSz));
AssertStrEQ(ticket, buf);
}
#endif
#ifdef OPENSSL_EXTRA
/* session timeout case */
/* make the session to be expired */
AssertIntEQ(SSL_SESSION_set_timeout(sess,1), SSL_SUCCESS);
XSLEEP_MS(1200);
/* SSL_set_session should reject specified session but return success
* if WOLFSSL_ERROR_CODE_OPENSSL macro is defined for OpenSSL compatibility.
*/
#if defined(WOLFSSL_ERROR_CODE_OPENSSL)
AssertIntEQ(wolfSSL_set_session(ssl,sess), SSL_SUCCESS);
#else
AssertIntEQ(wolfSSL_set_session(ssl,sess), SSL_FAILURE);
#endif
AssertIntEQ(wolfSSL_SSL_SESSION_set_timeout(sess, 500), SSL_SUCCESS);
/* fail case with miss match session context IDs (use compatibility API) */
AssertIntEQ(SSL_set_session_id_context(ssl, context, contextSz),
SSL_SUCCESS);
AssertIntEQ(wolfSSL_set_session(ssl, sess), SSL_FAILURE);
wolfSSL_free(ssl);
AssertIntEQ(SSL_CTX_set_session_id_context(NULL, context, contextSz),
SSL_FAILURE);
AssertIntEQ(SSL_CTX_set_session_id_context(ctx, context, contextSz),
SSL_SUCCESS);
AssertNotNull(ssl = wolfSSL_new(ctx));
AssertIntEQ(wolfSSL_set_session(ssl, sess), SSL_FAILURE);
#endif /* OPENSSL_EXTRA */
wolfSSL_free(ssl);
wolfSSL_SESSION_free(sess);
wolfSSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_ticket_keys(void)
{
#if defined(HAVE_SESSION_TICKET) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \
!defined(NO_WOLFSSL_SERVER)
WOLFSSL_CTX* ctx;
byte keys[WOLFSSL_TICKET_KEYS_SZ];
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, NULL, 0),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, NULL, 0),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, keys, 0),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, keys, 0),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, NULL, sizeof(keys)),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, NULL, sizeof(keys)),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, keys, sizeof(keys)),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, NULL, 0),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, NULL, 0),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, keys, 0),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, keys, 0),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, NULL, sizeof(keys)),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, NULL, sizeof(keys)),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, keys, sizeof(keys)),
WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, keys, sizeof(keys)),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, keys, sizeof(keys)),
WOLFSSL_SUCCESS);
wolfSSL_CTX_free(ctx);
#endif
}
#ifndef NO_BIO
static void test_wolfSSL_d2i_PUBKEY(void)
{
#if defined(OPENSSL_EXTRA)
BIO* bio;
EVP_PKEY* pkey;
printf(testingFmt, "wolfSSL_d2i_PUBKEY()");
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertNull(d2i_PUBKEY_bio(NULL, NULL));
#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA)
/* RSA PUBKEY test */
AssertIntGT(BIO_write(bio, client_keypub_der_2048,
sizeof_client_keypub_der_2048), 0);
AssertNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
EVP_PKEY_free(pkey);
#endif
#if defined(USE_CERT_BUFFERS_256) && defined(HAVE_ECC)
/* ECC PUBKEY test */
AssertIntGT(BIO_write(bio, ecc_clikeypub_der_256,
sizeof_ecc_clikeypub_der_256), 0);
AssertNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
EVP_PKEY_free(pkey);
#endif
#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DSA)
/* DSA PUBKEY test */
AssertIntGT(BIO_write(bio, dsa_pub_key_der_2048,
sizeof_dsa_pub_key_der_2048), 0);
AssertNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
EVP_PKEY_free(pkey);
#endif
#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DH) && \
defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA)
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
(HAVE_FIPS_VERSION > 2))
/* DH PUBKEY test */
AssertIntGT(BIO_write(bio, dh_pub_key_der_2048,
sizeof_dh_pub_key_der_2048), 0);
AssertNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
EVP_PKEY_free(pkey);
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
#endif /* USE_CERT_BUFFERS_2048 && !NO_DH && && OPENSSL_EXTRA */
BIO_free(bio);
(void)pkey;
printf(resultFmt, passed);
#endif
}
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA)
static void test_wolfSSL_d2i_PrivateKeys_bio(void)
{
BIO* bio = NULL;
EVP_PKEY* pkey = NULL;
#ifndef NO_RSA
#endif
WOLFSSL_CTX* ctx;
#if defined(WOLFSSL_KEY_GEN)
unsigned char buff[4096];
unsigned char* bufPtr = buff;
#endif
printf(testingFmt, "wolfSSL_d2i_PrivateKeys_bio()");
/* test creating new EVP_PKEY with bad arg */
AssertNull((pkey = d2i_PrivateKey_bio(NULL, NULL)));
/* test loading RSA key using BIO */
#if !defined(NO_RSA) && !defined(NO_FILESYSTEM)
{
XFILE file;
const char* fname = "./certs/server-key.der";
size_t sz;
byte* buf;
file = XFOPEN(fname, "rb");
AssertTrue((file != XBADFILE));
AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0);
sz = XFTELL(file);
XREWIND(file);
AssertNotNull(buf = (byte*)XMALLOC(sz, HEAP_HINT, DYNAMIC_TYPE_FILE));
AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
XFCLOSE(file);
/* Test using BIO new mem and loading DER private key */
AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
AssertNotNull((pkey = d2i_PrivateKey_bio(bio, NULL)));
XFREE(buf, HEAP_HINT, DYNAMIC_TYPE_FILE);
BIO_free(bio);
bio = NULL;
EVP_PKEY_free(pkey);
pkey = NULL;
}
#endif
/* test loading ECC key using BIO */
#if defined(HAVE_ECC) && !defined(NO_FILESYSTEM)
{
XFILE file;
const char* fname = "./certs/ecc-key.der";
size_t sz;
byte* buf;
file = XFOPEN(fname, "rb");
AssertTrue((file != XBADFILE));
AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0);
sz = XFTELL(file);
XREWIND(file);
AssertNotNull(buf = (byte*)XMALLOC(sz, HEAP_HINT, DYNAMIC_TYPE_FILE));
AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
XFCLOSE(file);
/* Test using BIO new mem and loading DER private key */
AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
AssertNotNull((pkey = d2i_PrivateKey_bio(bio, NULL)));
XFREE(buf, HEAP_HINT, DYNAMIC_TYPE_FILE);
BIO_free(bio);
bio = NULL;
EVP_PKEY_free(pkey);
pkey = NULL;
}
#endif
AssertNotNull(bio = BIO_new(BIO_s_mem()));
#ifndef NO_WOLFSSL_SERVER
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
#else
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
#if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
!defined(NO_RSA) && !defined(HAVE_USER_RSA)
{
RSA* rsa = NULL;
/* Tests bad parameters */
AssertNull(d2i_RSAPrivateKey_bio(NULL, NULL));
/* RSA not set yet, expecting to fail*/
AssertIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), BAD_FUNC_ARG);
#if defined(USE_CERT_BUFFERS_2048) && defined(WOLFSSL_KEY_GEN)
/* set RSA using bio*/
AssertIntGT(BIO_write(bio, client_key_der_2048,
sizeof_client_key_der_2048), 0);
AssertNotNull(rsa = d2i_RSAPrivateKey_bio(bio, NULL));
AssertIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), WOLFSSL_SUCCESS);
/*i2d RSAprivate key tests */
AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(NULL, NULL), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, NULL), 1192);
AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &bufPtr),
sizeof_client_key_der_2048);
bufPtr = NULL;
AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &bufPtr),
sizeof_client_key_der_2048);
AssertNotNull(bufPtr);
XFREE(bufPtr, NULL, DYNAMIC_TYPE_OPENSSL);
#endif /* USE_CERT_BUFFERS_2048 WOLFSSL_KEY_GEN */
RSA_free(rsa);
}
#endif /* !HAVE_FAST_RSA && WOLFSSL_KEY_GEN && !NO_RSA && !HAVE_USER_RSA*/
SSL_CTX_free(ctx);
ctx = NULL;
BIO_free(bio);
bio = NULL;
printf(resultFmt, passed);
}
#endif /* OPENSSL_ALL || WOLFSSL_ASIO */
#endif /* !NO_BIO */
static void test_wolfSSL_sk_GENERAL_NAME(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
!defined(NO_RSA)
X509* x509;
GENERAL_NAME* gn;
unsigned char buf[4096];
const unsigned char* bufPt;
int bytes, i;
XFILE f;
STACK_OF(GENERAL_NAME)* sk;
printf(testingFmt, "wolfSSL_sk_GENERAL_NAME()");
f = XFOPEN(cliCertDerFileExt, "rb");
AssertTrue((f != XBADFILE));
AssertIntGT((bytes = (int)XFREAD(buf, 1, sizeof(buf), f)), 0);
XFCLOSE(f);
bufPt = buf;
AssertNotNull(x509 = d2i_X509(NULL, &bufPt, bytes));
AssertNotNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
NID_subject_alt_name, NULL, NULL));
AssertIntEQ(sk_GENERAL_NAME_num(sk), 1);
for (i = 0; i < sk_GENERAL_NAME_num(sk); i++) {
AssertNotNull(gn = sk_GENERAL_NAME_value(sk, i));
switch (gn->type) {
case GEN_DNS:
printf("found type GEN_DNS\n");
break;
case GEN_EMAIL:
printf("found type GEN_EMAIL\n");
break;
case GEN_URI:
printf("found type GEN_URI\n");
break;
}
}
X509_free(x509);
sk_GENERAL_NAME_pop_free(sk, GENERAL_NAME_free);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_GENERAL_NAME_print(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_BIO)
X509* x509;
GENERAL_NAME* gn;
unsigned char buf[4096];
const unsigned char* bufPt;
int bytes;
XFILE f;
STACK_OF(GENERAL_NAME)* sk;
BIO* out;
unsigned char outbuf[128];
X509_EXTENSION* ext;
AUTHORITY_INFO_ACCESS* aia;
ACCESS_DESCRIPTION* ad;
const unsigned char v4Addr[] = {192,168,53,1};
const unsigned char v6Addr[] =
{0x20, 0x21, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x77, 0x77};
const unsigned char email[] =
{'i', 'n', 'f', 'o', '@', 'w', 'o', 'l',
'f', 's', 's', 'l', '.', 'c', 'o', 'm'};
const char* dnsStr = "DNS:example.com";
const char* uriStr = "URI:http://127.0.0.1:22220";
const char* v4addStr = "IP Address:192.168.53.1";
const char* v6addStr = "IP Address:2021:DB8:0:0:0:FF00:42:7777";
const char* emailStr = "email:info@wolfssl.com";
const char* othrStr = "othername:<unsupported>";
const char* x400Str = "X400Name:<unsupported>";
const char* ediStr = "EdiPartyName:<unsupported>";
printf(testingFmt, "test_wolfSSL_GENERAL_NAME_print()");
/* BIO to output */
AssertNotNull(out = BIO_new(BIO_s_mem()));
/* test for NULL param */
gn = NULL;
AssertIntEQ(GENERAL_NAME_print(NULL, NULL), 0);
AssertIntEQ(GENERAL_NAME_print(NULL, gn), 0);
AssertIntEQ(GENERAL_NAME_print(out, NULL), 0);
/* test for GEN_DNS */
f = XFOPEN(cliCertDerFileExt, "rb");
AssertTrue((f != XBADFILE));
AssertIntGT((bytes = (int)XFREAD(buf, 1, sizeof(buf), f)), 0);
XFCLOSE(f);
bufPt = buf;
AssertNotNull(x509 = d2i_X509(NULL, &bufPt, bytes));
AssertNotNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
NID_subject_alt_name, NULL, NULL));
AssertNotNull(gn = sk_GENERAL_NAME_value(sk, 0));
AssertIntEQ(GENERAL_NAME_print(out, gn), 1);
XMEMSET(outbuf,0,sizeof(outbuf));
BIO_read(out, outbuf, sizeof(outbuf));
AssertIntEQ(XSTRNCMP((const char*)outbuf, dnsStr, XSTRLEN(dnsStr)), 0);
sk_GENERAL_NAME_pop_free(sk, GENERAL_NAME_free);
X509_free(x509);
/* test for GEN_URI */
f = XFOPEN("./certs/ocsp/root-ca-cert.pem", "rb");
AssertTrue((f != XBADFILE));
AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
XFCLOSE(f);
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, 4));
aia = (WOLFSSL_AUTHORITY_INFO_ACCESS*)wolfSSL_X509V3_EXT_d2i(ext);
AssertNotNull(aia);
ad = (WOLFSSL_ACCESS_DESCRIPTION *)wolfSSL_sk_value(aia, 0);
gn = ad->location;
AssertIntEQ(GENERAL_NAME_print(out, gn), 1);
XMEMSET(outbuf,0,sizeof(outbuf));
AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
AssertIntEQ(XSTRNCMP((const char*)outbuf, uriStr, XSTRLEN(uriStr)), 0);
wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(aia, NULL);
aia = (AUTHORITY_INFO_ACCESS*)wolfSSL_X509V3_EXT_d2i(ext);
AssertNotNull(aia);
AUTHORITY_INFO_ACCESS_pop_free(aia, NULL);
X509_free(x509);
/* test for GEN_IPADD */
/* ip v4 address */
AssertNotNull(gn = wolfSSL_GENERAL_NAME_new());
gn->type = GEN_IPADD;
gn->d.iPAddress->length = sizeof(v4Addr);
AssertIntEQ(wolfSSL_ASN1_STRING_set(gn->d.iPAddress, v4Addr,
sizeof(v4Addr)), 1);
AssertIntEQ(GENERAL_NAME_print(out, gn), 1);
XMEMSET(outbuf,0,sizeof(outbuf));
AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
AssertIntEQ(XSTRNCMP((const char*)outbuf, v4addStr, XSTRLEN(v4addStr)), 0);
GENERAL_NAME_free(gn);
/* ip v6 address */
AssertNotNull(gn = wolfSSL_GENERAL_NAME_new());
gn->type = GEN_IPADD;
gn->d.iPAddress->length = sizeof(v6Addr);
AssertIntEQ(wolfSSL_ASN1_STRING_set(gn->d.iPAddress, v6Addr,
sizeof(v6Addr)), 1);
AssertIntEQ(GENERAL_NAME_print(out, gn), 1);
XMEMSET(outbuf,0,sizeof(outbuf));
AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
AssertIntEQ(XSTRNCMP((const char*)outbuf, v6addStr, XSTRLEN(v6addStr)), 0);
GENERAL_NAME_free(gn);
/* test for GEN_EMAIL */
AssertNotNull(gn = wolfSSL_GENERAL_NAME_new());
gn->type = GEN_EMAIL;
gn->d.rfc822Name->length = sizeof(email);
AssertIntEQ(wolfSSL_ASN1_STRING_set(gn->d.rfc822Name, email,
sizeof(email)), 1);
AssertIntEQ(GENERAL_NAME_print(out, gn), 1);
XMEMSET(outbuf,0,sizeof(outbuf));
AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
AssertIntEQ(XSTRNCMP((const char*)outbuf, emailStr, XSTRLEN(emailStr)), 0);
GENERAL_NAME_free(gn);
/* test for GEN_OTHERNAME */
AssertNotNull(gn = wolfSSL_GENERAL_NAME_new());
gn->type = GEN_OTHERNAME;
AssertIntEQ(GENERAL_NAME_print(out, gn), 1);
XMEMSET(outbuf,0,sizeof(outbuf));
AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
AssertIntEQ(XSTRNCMP((const char*)outbuf, othrStr, XSTRLEN(othrStr)), 0);
GENERAL_NAME_free(gn);
/* test for GEN_X400 */
AssertNotNull(gn = wolfSSL_GENERAL_NAME_new());
gn->type = GEN_X400;
AssertIntEQ(GENERAL_NAME_print(out, gn), 1);
XMEMSET(outbuf,0,sizeof(outbuf));
AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
AssertIntEQ(XSTRNCMP((const char*)outbuf, x400Str, XSTRLEN(x400Str)), 0);
GENERAL_NAME_free(gn);
/* test for GEN_EDIPARTY */
AssertNotNull(gn = wolfSSL_GENERAL_NAME_new());
gn->type = GEN_EDIPARTY;
AssertIntEQ(GENERAL_NAME_print(out, gn), 1);
XMEMSET(outbuf,0,sizeof(outbuf));
AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0);
AssertIntEQ(XSTRNCMP((const char*)outbuf, ediStr, XSTRLEN(ediStr)), 0);
GENERAL_NAME_free(gn);
BIO_free(out);
printf(resultFmt, passed);
#endif /* OPENSSL_ALL */
}
static void test_wolfSSL_sk_DIST_POINT(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
!defined(NO_RSA)
X509* x509;
unsigned char buf[4096];
const unsigned char* bufPt;
int bytes, i, j;
XFILE f;
DIST_POINT* dp;
GENERAL_NAME* gn;
ASN1_IA5STRING* uri;
STACK_OF(DIST_POINT)* dps;
STACK_OF(GENERAL_NAME)* gns;
const char cliCertDerCrlDistPoint[] = "./certs/client-crl-dist.der";
printf(testingFmt, "wolfSSL_sk_DIST_POINT()");
f = XFOPEN(cliCertDerCrlDistPoint, "rb");
AssertTrue((f != XBADFILE));
AssertIntGT((bytes = (int)XFREAD(buf, 1, sizeof(buf), f)), 0);
XFCLOSE(f);
bufPt = buf;
AssertNotNull(x509 = d2i_X509(NULL, &bufPt, bytes));
AssertNotNull(dps = (STACK_OF(DIST_POINT)*)X509_get_ext_d2i(x509,
NID_crl_distribution_points, NULL, NULL));
AssertIntEQ(sk_DIST_POINT_num(dps), 1);
for (i = 0; i < sk_DIST_POINT_num(dps); i++) {
AssertNotNull(dp = sk_DIST_POINT_value(dps, i));
gns = dp->distpoint->name.fullname;
AssertNotNull(gns);
AssertIntEQ(sk_GENERAL_NAME_num(gns), 1);
for (j = 0; j < sk_GENERAL_NAME_num(gns); j++) {
gn = sk_GENERAL_NAME_value(gns, j);
AssertIntEQ(gn->type, GEN_URI);
AssertNotNull(uri = gn->d.uniformResourceIdentifier);
AssertNotNull(uri->data);
AssertIntGT(uri->length, 0);
}
}
X509_free(x509);
CRL_DIST_POINTS_free(dps);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_MD4(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_MD4)
MD4_CTX md4;
unsigned char out[16]; /* MD4_DIGEST_SIZE */
const char* msg = "12345678901234567890123456789012345678901234567890123456"
"789012345678901234567890";
const char* test = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f"
"\xcc\x05\x36";
int msgSz = (int)XSTRLEN(msg);
printf(testingFmt, "wolfSSL_MD4()");
XMEMSET(out, 0, sizeof(out));
MD4_Init(&md4);
MD4_Update(&md4, (const void*)msg, (unsigned long)msgSz);
MD4_Final(out, &md4);
AssertIntEQ(XMEMCMP(out, test, sizeof(out)), 0);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_RSA(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
defined(WOLFSSL_KEY_GEN)
RSA* rsa;
const BIGNUM *n;
const BIGNUM *e;
const BIGNUM *d;
const BIGNUM *p;
const BIGNUM *q;
const BIGNUM *dmp1;
const BIGNUM *dmq1;
const BIGNUM *iqmp;
printf(testingFmt, "wolfSSL_RSA()");
AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
AssertIntEQ(RSA_size(rsa), 256);
#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(HAVE_FAST_RSA) && \
(!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
(HAVE_FIPS_VERSION >= 2))) && !defined(HAVE_SELFTEST) && \
!defined(HAVE_INTEL_QA) && !defined(WOLFSSL_NO_RSA_KEY_CHECK)
AssertIntEQ(RSA_check_key(rsa), WOLFSSL_SUCCESS);
#endif
/* sanity check */
AssertIntEQ(RSA_bits(NULL), 0);
/* key */
AssertIntEQ(RSA_bits(rsa), 2048);
RSA_get0_key(rsa, &n, &e, &d);
AssertPtrEq(rsa->n, n);
AssertPtrEq(rsa->e, e);
AssertPtrEq(rsa->d, d);
AssertNotNull(n = BN_new());
AssertNotNull(e = BN_new());
AssertNotNull(d = BN_new());
AssertIntEQ(RSA_set0_key(rsa, (BIGNUM*)n, (BIGNUM*)e, (BIGNUM*)d), 1);
AssertPtrEq(rsa->n, n);
AssertPtrEq(rsa->e, e);
AssertPtrEq(rsa->d, d);
/* crt_params */
RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
AssertPtrEq(rsa->dmp1, dmp1);
AssertPtrEq(rsa->dmq1, dmq1);
AssertPtrEq(rsa->iqmp, iqmp);
AssertNotNull(dmp1 = BN_new());
AssertNotNull(dmq1 = BN_new());
AssertNotNull(iqmp = BN_new());
AssertIntEQ(RSA_set0_crt_params(rsa, (BIGNUM*)dmp1, (BIGNUM*)dmq1, (BIGNUM*)iqmp), 1);
AssertPtrEq(rsa->dmp1, dmp1);
AssertPtrEq(rsa->dmq1, dmq1);
AssertPtrEq(rsa->iqmp, iqmp);
/* factors */
RSA_get0_factors(rsa, &p, &q);
AssertPtrEq(rsa->p, p);
AssertPtrEq(rsa->q, q);
AssertNotNull(p = BN_new());
AssertNotNull(q = BN_new());
AssertIntEQ(RSA_set0_factors(rsa, (BIGNUM*)p, (BIGNUM*)q), 1);
AssertPtrEq(rsa->p, p);
AssertPtrEq(rsa->q, q);
AssertIntEQ(BN_hex2bn(&rsa->n, "1FFFFF"), 1);
AssertIntEQ(RSA_bits(rsa), 21);
RSA_free(rsa);
#if !defined(USE_FAST_MATH) || (FP_MAX_BITS >= (3072*2))
AssertNotNull(rsa = RSA_generate_key(3072, 17, NULL, NULL));
AssertIntEQ(RSA_size(rsa), 384);
AssertIntEQ(RSA_bits(rsa), 3072);
RSA_free(rsa);
#endif
/* remove for now with odd key size until adjusting rsa key size check with
wc_MakeRsaKey()
AssertNotNull(rsa = RSA_generate_key(2999, 65537, NULL, NULL));
RSA_free(rsa);
*/
AssertNull(RSA_generate_key(-1, 3, NULL, NULL));
AssertNull(RSA_generate_key(RSA_MIN_SIZE - 1, 3, NULL, NULL));
AssertNull(RSA_generate_key(RSA_MAX_SIZE + 1, 3, NULL, NULL));
AssertNull(RSA_generate_key(2048, 0, NULL, NULL));
#if !defined(NO_FILESYSTEM) && !defined(NO_ASN)
{
byte buff[FOURK_BUF];
byte der[FOURK_BUF];
const char PrivKeyPemFile[] = "certs/client-keyEnc.pem";
XFILE f;
int bytes;
/* test loading encrypted RSA private pem w/o password */
f = XFOPEN(PrivKeyPemFile, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
XFCLOSE(f);
XMEMSET(der, 0, sizeof(der));
/* test that error value is returned with no password */
AssertIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), ""), 0);
}
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_RSA_DER(void)
{
#if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
!defined(NO_RSA) && !defined(HAVE_USER_RSA) && defined(OPENSSL_EXTRA)
RSA *rsa;
int i;
unsigned char *buff = NULL;
struct tbl_s
{
const unsigned char *der;
int sz;
} tbl[] = {
#ifdef USE_CERT_BUFFERS_1024
{client_key_der_1024, sizeof_client_key_der_1024},
{server_key_der_1024, sizeof_server_key_der_1024},
#endif
#ifdef USE_CERT_BUFFERS_2048
{client_key_der_2048, sizeof_client_key_der_2048},
{server_key_der_2048, sizeof_server_key_der_2048},
#endif
{NULL, 0}
};
/* Public Key DER */
struct tbl_s pub[] = {
#ifdef USE_CERT_BUFFERS_1024
{client_keypub_der_1024, sizeof_client_keypub_der_1024},
#endif
#ifdef USE_CERT_BUFFERS_2048
{client_keypub_der_2048, sizeof_client_keypub_der_2048},
#endif
{NULL, 0}
};
printf(testingFmt, "test_wolfSSL_RSA_DER()");
for (i = 0; tbl[i].der != NULL; i++)
{
AssertNotNull(d2i_RSAPublicKey(&rsa, &tbl[i].der, tbl[i].sz));
AssertNotNull(rsa);
RSA_free(rsa);
}
for (i = 0; tbl[i].der != NULL; i++)
{
AssertNotNull(d2i_RSAPrivateKey(&rsa, &tbl[i].der, tbl[i].sz));
AssertNotNull(rsa);
RSA_free(rsa);
}
for (i = 0; pub[i].der != NULL; i++)
{
AssertNotNull(d2i_RSAPublicKey(&rsa, &pub[i].der, pub[i].sz));
AssertNotNull(rsa);
AssertIntEQ(i2d_RSAPublicKey(rsa, NULL), pub[i].sz);
buff = NULL;
AssertIntEQ(i2d_RSAPublicKey(rsa, &buff), pub[i].sz);
AssertNotNull(buff);
AssertIntEQ(0, memcmp((void *)buff, (void *)pub[i].der, pub[i].sz));
XFREE((void *)buff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
RSA_free(rsa);
}
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_RSA_get0_key(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)
RSA *rsa = NULL;
const BIGNUM* n = NULL;
const BIGNUM* e = NULL;
const BIGNUM* d = NULL;
const unsigned char* der;
int derSz;
#ifdef USE_CERT_BUFFERS_1024
der = client_key_der_1024;
derSz = sizeof_client_key_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
der = client_key_der_2048;
derSz = sizeof_client_key_der_2048;
#else
der = NULL;
derSz = 0;
#endif
printf(testingFmt, "test_wolfSSL_RSA_get0_key()");
if (der != NULL) {
RSA_get0_key(NULL, NULL, NULL, NULL);
RSA_get0_key(rsa, NULL, NULL, NULL);
RSA_get0_key(NULL, &n, &e, &d);
AssertNull(n);
AssertNull(e);
AssertNull(d);
AssertNotNull(d2i_RSAPrivateKey(&rsa, &der, derSz));
AssertNotNull(rsa);
RSA_get0_key(rsa, NULL, NULL, NULL);
RSA_get0_key(rsa, &n, NULL, NULL);
AssertNotNull(n);
RSA_get0_key(rsa, NULL, &e, NULL);
AssertNotNull(e);
RSA_get0_key(rsa, NULL, NULL, &d);
AssertNotNull(d);
RSA_get0_key(rsa, &n, &e, &d);
AssertNotNull(n);
AssertNotNull(e);
AssertNotNull(d);
RSA_free(rsa);
}
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_RSA_meth(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
RSA *rsa;
RSA_METHOD *rsa_meth;
printf(testingFmt, "test_wolfSSL_RSA_meth");
#ifdef WOLFSSL_KEY_GEN
AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
RSA_free(rsa);
#else
AssertNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
#endif
AssertNotNull(rsa_meth =
RSA_meth_new("placeholder RSA method", RSA_METHOD_FLAG_NO_CHECK));
#ifndef NO_WOLFSSL_STUB
AssertIntEQ(RSA_meth_set_pub_enc(rsa_meth, NULL), 1);
AssertIntEQ(RSA_meth_set_pub_dec(rsa_meth, NULL), 1);
AssertIntEQ(RSA_meth_set_priv_enc(rsa_meth, NULL), 1);
AssertIntEQ(RSA_meth_set_priv_dec(rsa_meth, NULL), 1);
AssertIntEQ(RSA_meth_set_init(rsa_meth, NULL), 1);
AssertIntEQ(RSA_meth_set_finish(rsa_meth, NULL), 1);
AssertIntEQ(RSA_meth_set0_app_data(rsa_meth, NULL), 1);
#endif
AssertNotNull(rsa = RSA_new());
AssertIntEQ(RSA_set_method(rsa, rsa_meth), 1);
AssertPtrEq(RSA_get_method(rsa), rsa_meth);
AssertIntEQ(RSA_flags(rsa), RSA_METHOD_FLAG_NO_CHECK);
RSA_set_flags(rsa, RSA_FLAG_CACHE_PUBLIC);
AssertIntNE(RSA_test_flags(rsa, RSA_FLAG_CACHE_PUBLIC), 0);
AssertIntEQ(RSA_flags(rsa), RSA_FLAG_CACHE_PUBLIC | RSA_METHOD_FLAG_NO_CHECK);
RSA_clear_flags(rsa, RSA_FLAG_CACHE_PUBLIC);
AssertIntEQ(RSA_test_flags(rsa, RSA_FLAG_CACHE_PUBLIC), 0);
AssertIntNE(RSA_flags(rsa), RSA_FLAG_CACHE_PUBLIC);
/* rsa_meth is freed here */
RSA_free(rsa);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_verify_mode(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_RSA)
WOLFSSL* ssl;
WOLFSSL_CTX* ctx;
printf(testingFmt, "test_wolfSSL_verify()");
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), SSL_SUCCESS);
AssertNotNull(ssl = SSL_new(ctx));
AssertIntEQ(SSL_get_verify_mode(ssl), SSL_CTX_get_verify_mode(ctx));
SSL_free(ssl);
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
AssertNotNull(ssl = SSL_new(ctx));
AssertIntEQ(SSL_get_verify_mode(ssl), SSL_CTX_get_verify_mode(ctx));
AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_PEER);
wolfSSL_set_verify(ssl, SSL_VERIFY_NONE, 0);
AssertIntEQ(SSL_CTX_get_verify_mode(ctx), SSL_VERIFY_PEER);
AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_NONE);
SSL_free(ssl);
wolfSSL_CTX_set_verify(ctx,
WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
AssertNotNull(ssl = SSL_new(ctx));
AssertIntEQ(SSL_get_verify_mode(ssl), SSL_CTX_get_verify_mode(ctx));
AssertIntEQ(SSL_get_verify_mode(ssl),
WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT);
wolfSSL_set_verify(ssl, SSL_VERIFY_PEER, 0);
AssertIntEQ(SSL_CTX_get_verify_mode(ctx),
WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT);
AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_PEER);
wolfSSL_set_verify(ssl, SSL_VERIFY_NONE, 0);
AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_NONE);
wolfSSL_set_verify(ssl, SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_FAIL_IF_NO_PEER_CERT);
wolfSSL_set_verify(ssl, SSL_VERIFY_FAIL_EXCEPT_PSK, 0);
AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_FAIL_EXCEPT_PSK);
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
wolfSSL_set_verify(ssl, SSL_VERIFY_POST_HANDSHAKE, 0);
AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_POST_HANDSHAKE);
#endif
AssertIntEQ(SSL_CTX_get_verify_mode(ctx),
WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT);
SSL_free(ssl);
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_verify_depth(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
WOLFSSL* ssl;
WOLFSSL_CTX* ctx;
long depth;
printf(testingFmt, "test_wolfSSL_verify_depth()");
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), SSL_SUCCESS);
AssertIntGT((depth = SSL_CTX_get_verify_depth(ctx)), 0);
AssertNotNull(ssl = SSL_new(ctx));
AssertIntEQ(SSL_get_verify_depth(ssl), SSL_CTX_get_verify_depth(ctx));
SSL_free(ssl);
SSL_CTX_set_verify_depth(ctx, -1);
AssertIntEQ(depth, SSL_CTX_get_verify_depth(ctx));
SSL_CTX_set_verify_depth(ctx, 2);
AssertIntEQ(2, SSL_CTX_get_verify_depth(ctx));
AssertNotNull(ssl = SSL_new(ctx));
AssertIntEQ(2, SSL_get_verify_depth(ssl));
SSL_free(ssl);
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
#if defined(OPENSSL_EXTRA) && !defined(NO_HMAC)
/* helper function for test_wolfSSL_HMAC_CTX, digest size is expected to be a
* buffer of 64 bytes.
*
* returns the size of the digest buffer on success and a negative value on
* failure.
*/
static int test_HMAC_CTX_helper(const EVP_MD* type, unsigned char* digest)
{
HMAC_CTX ctx1;
HMAC_CTX ctx2;
unsigned char key[] = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
unsigned char long_key[] =
"0123456789012345678901234567890123456789"
"0123456789012345678901234567890123456789"
"0123456789012345678901234567890123456789"
"0123456789012345678901234567890123456789";
unsigned char msg[] = "message to hash";
unsigned int digestSz = 64;
int keySz = sizeof(key);
int long_keySz = sizeof(long_key);
int msgSz = sizeof(msg);
unsigned char digest2[64];
unsigned int digestSz2 = 64;
HMAC_CTX_init(&ctx1);
AssertIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS);
AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);
AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
HMAC_CTX_cleanup(&ctx1);
AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_Final(&ctx2, digest2, &digestSz2), SSL_SUCCESS);
HMAC_CTX_cleanup(&ctx2);
AssertIntEQ(digestSz, digestSz2);
AssertIntEQ(XMEMCMP(digest, digest2, digestSz), 0);
/* test HMAC_Init with NULL key */
/* init after copy */
printf("test HMAC_Init with NULL key (0)\n");
HMAC_CTX_init(&ctx1);
AssertIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS);
AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);
AssertIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS);
AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
HMAC_CTX_cleanup(&ctx1);
AssertIntEQ(HMAC_Init(&ctx2, NULL, 0, NULL), SSL_SUCCESS);
AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS);
HMAC_CTX_cleanup(&ctx2);
AssertIntEQ(digestSz, digestSz2);
AssertIntEQ(XMEMCMP(digest, digest2, digestSz), 0);
/* long key */
printf("test HMAC_Init with NULL key (1)\n");
HMAC_CTX_init(&ctx1);
AssertIntEQ(HMAC_Init(&ctx1, (const void*)long_key, long_keySz, type), SSL_SUCCESS);
AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);
AssertIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS);
AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
HMAC_CTX_cleanup(&ctx1);
AssertIntEQ(HMAC_Init(&ctx2, NULL, 0, NULL), SSL_SUCCESS);
AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS);
HMAC_CTX_cleanup(&ctx2);
AssertIntEQ(digestSz, digestSz2);
AssertIntEQ(XMEMCMP(digest, digest2, digestSz), 0);
/* init before copy */
printf("test HMAC_Init with NULL key (2)\n");
HMAC_CTX_init(&ctx1);
AssertIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS);
AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS);
AssertIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);
AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
HMAC_CTX_cleanup(&ctx1);
AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
AssertIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS);
HMAC_CTX_cleanup(&ctx2);
AssertIntEQ(digestSz, digestSz2);
AssertIntEQ(XMEMCMP(digest, digest2, digestSz), 0);
return digestSz;
}
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_HMAC) */
static void test_wolfSSL_HMAC_CTX(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_HMAC)
unsigned char digest[64];
int digestSz;
printf(testingFmt, "wolfSSL_HMAC_CTX()");
#ifndef NO_SHA
AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha1(), digest)), 20);
AssertIntEQ(XMEMCMP("\xD9\x68\x77\x23\x70\xFB\x53\x70\x53\xBA\x0E\xDC\xDA"
"\xBF\x03\x98\x31\x19\xB2\xCC", digest, digestSz), 0);
#endif /* !NO_SHA */
#ifdef WOLFSSL_SHA224
AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha224(), digest)), 28);
AssertIntEQ(XMEMCMP("\x57\xFD\xF4\xE1\x2D\xB0\x79\xD7\x4B\x25\x7E\xB1\x95"
"\x9C\x11\xAC\x2D\x1E\x78\x94\x4F\x3A\x0F\xED\xF8\xAD"
"\x02\x0E", digest, digestSz), 0);
#endif /* WOLFSSL_SHA224 */
#ifndef NO_SHA256
AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha256(), digest)), 32);
AssertIntEQ(XMEMCMP("\x13\xAB\x76\x91\x0C\x37\x86\x8D\xB3\x7E\x30\x0C\xFC"
"\xB0\x2E\x8E\x4A\xD7\xD4\x25\xCC\x3A\xA9\x0F\xA2\xF2"
"\x47\x1E\x62\x6F\x5D\xF2", digest, digestSz), 0);
#endif /* !NO_SHA256 */
#ifdef WOLFSSL_SHA384
AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha384(), digest)), 48);
AssertIntEQ(XMEMCMP("\x9E\xCB\x07\x0C\x11\x76\x3F\x23\xC3\x25\x0E\xC4\xB7"
"\x28\x77\x95\x99\xD5\x9D\x7A\xBB\x1A\x9F\xB7\xFD\x25"
"\xC9\x72\x47\x9F\x8F\x86\x76\xD6\x20\x57\x87\xB7\xE7"
"\xCD\xFB\xC2\xCC\x9F\x2B\xC5\x41\xAB",
digest, digestSz), 0);
#endif /* WOLFSSL_SHA384 */
#ifdef WOLFSSL_SHA512
AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha512(), digest)), 64);
AssertIntEQ(XMEMCMP("\xD4\x21\x0C\x8B\x60\x6F\xF4\xBF\x07\x2F\x26\xCC\xAD"
"\xBC\x06\x0B\x34\x78\x8B\x4F\xD6\xC0\x42\xF1\x33\x10"
"\x6C\x4F\x1E\x55\x59\xDD\x2A\x9F\x15\x88\x62\xF8\x60"
"\xA3\x99\x91\xE2\x08\x7B\xF7\x95\x3A\xB0\x92\x48\x60"
"\x88\x8B\x5B\xB8\x5F\xE9\xB6\xB1\x96\xE3\xB5\xF0",
digest, digestSz), 0);
#endif /* WOLFSSL_SHA512 */
#ifndef NO_MD5
AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_md5(), digest)), 16);
AssertIntEQ(XMEMCMP("\xB7\x27\xC4\x41\xE5\x2E\x62\xBA\x54\xED\x72\x70\x9F"
"\xE4\x98\xDD", digest, digestSz), 0);
#endif /* !NO_MD5 */
printf(resultFmt, passed);
#endif
}
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
static void sslMsgCb(int w, int version, int type, const void* buf,
size_t sz, SSL* ssl, void* arg)
{
int i;
unsigned char* pt = (unsigned char*)buf;
printf("%s %d bytes of version %d , type %d : ", (w)?"Writing":"Reading",
(int)sz, version, type);
for (i = 0; i < (int)sz; i++) printf("%02X", pt[i]);
printf("\n");
(void)ssl;
(void)arg;
}
#endif /* OPENSSL_EXTRA */
static void test_wolfSSL_msg_callback(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
WOLFSSL* ssl;
WOLFSSL_CTX* ctx;
printf(testingFmt, "wolfSSL_msg_callback()");
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
SSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
SSL_FILETYPE_PEM));
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0),
SSL_SUCCESS);
AssertNotNull(ssl = SSL_new(ctx));
AssertIntEQ(SSL_set_msg_callback(ssl, NULL), SSL_SUCCESS);
AssertIntEQ(SSL_set_msg_callback(ssl, &sslMsgCb), SSL_SUCCESS);
AssertIntEQ(SSL_set_msg_callback(NULL, &sslMsgCb), SSL_FAILURE);
SSL_free(ssl);
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_SHA(void)
{
#if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST)
printf(testingFmt, "wolfSSL_SHA()");
#if !defined(NO_SHA) && defined(NO_OLD_SHA_NAMES) && \
(!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
{
const unsigned char in[] = "abc";
unsigned char expected[] = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E"
"\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D";
unsigned char out[WC_SHA_DIGEST_SIZE];
XMEMSET(out, 0, WC_SHA_DIGEST_SIZE);
AssertNotNull(SHA1(in, XSTRLEN((char*)in), out));
AssertIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0);
/* SHA interface test */
XMEMSET(out, 0, WC_SHA_DIGEST_SIZE);
AssertNull(SHA(NULL, XSTRLEN((char*)in), out));
AssertNotNull(SHA(in, 0, out));
AssertNotNull(SHA(in, XSTRLEN((char*)in), NULL));
AssertNotNull(SHA(NULL, 0, out));
AssertNotNull(SHA(NULL, 0, NULL));
AssertNotNull(SHA(in, XSTRLEN((char*)in), out));
AssertIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0);
}
#endif
#if !defined(NO_SHA256)
{
const unsigned char in[] = "abc";
unsigned char expected[] = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
"\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
"\x15\xAD";
unsigned char out[WC_SHA256_DIGEST_SIZE];
XMEMSET(out, 0, WC_SHA256_DIGEST_SIZE);
#if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
AssertNotNull(SHA256(in, XSTRLEN((char*)in), out));
#else
AssertNotNull(wolfSSL_SHA256(in, XSTRLEN((char*)in), out));
#endif
AssertIntEQ(XMEMCMP(out, expected, WC_SHA256_DIGEST_SIZE), 0);
}
#endif
#if defined(WOLFSSL_SHA384)
{
const unsigned char in[] = "abc";
unsigned char expected[] = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
"\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff"
"\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
"\xc8\x25\xa7";
unsigned char out[WC_SHA384_DIGEST_SIZE];
XMEMSET(out, 0, WC_SHA384_DIGEST_SIZE);
#if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
AssertNotNull(SHA384(in, XSTRLEN((char*)in), out));
#else
AssertNotNull(wolfSSL_SHA384(in, XSTRLEN((char*)in), out));
#endif
AssertIntEQ(XMEMCMP(out, expected, WC_SHA384_DIGEST_SIZE), 0);
}
#endif
#if defined(WOLFSSL_SHA512)
{
const unsigned char in[] = "abc";
unsigned char expected[] = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41"
"\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55"
"\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3"
"\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f"
"\xa5\x4c\xa4\x9f";
unsigned char out[WC_SHA512_DIGEST_SIZE];
XMEMSET(out, 0, WC_SHA512_DIGEST_SIZE);
#if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
AssertNotNull(SHA512(in, XSTRLEN((char*)in), out));
#else
AssertNotNull(wolfSSL_SHA512(in, XSTRLEN((char*)in), out));
#endif
AssertIntEQ(XMEMCMP(out, expected, WC_SHA512_DIGEST_SIZE), 0);
}
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_DH_1536_prime(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_DH)
BIGNUM* bn;
unsigned char bits[200];
int sz = 192; /* known binary size */
const byte expected[] = {
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,
0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,
0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,
0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,
0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,
0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,
0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
0xF1,0x74,0x6C,0x08,0xCA,0x23,0x73,0x27,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
};
printf(testingFmt, "wolfSSL_DH_1536_prime()");
bn = get_rfc3526_prime_1536(NULL);
AssertNotNull(bn);
AssertIntEQ(sz, BN_bn2bin((const BIGNUM*)bn, bits));
AssertIntEQ(0, XMEMCMP(expected, bits, sz));
BN_free(bn);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_DH_get_2048_256(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_DH)
WOLFSSL_DH* dh;
const WOLFSSL_BIGNUM* pBn;
const WOLFSSL_BIGNUM* gBn;
const WOLFSSL_BIGNUM* qBn;
const byte pExpected[] = {
0x87, 0xA8, 0xE6, 0x1D, 0xB4, 0xB6, 0x66, 0x3C, 0xFF, 0xBB, 0xD1, 0x9C,
0x65, 0x19, 0x59, 0x99, 0x8C, 0xEE, 0xF6, 0x08, 0x66, 0x0D, 0xD0, 0xF2,
0x5D, 0x2C, 0xEE, 0xD4, 0x43, 0x5E, 0x3B, 0x00, 0xE0, 0x0D, 0xF8, 0xF1,
0xD6, 0x19, 0x57, 0xD4, 0xFA, 0xF7, 0xDF, 0x45, 0x61, 0xB2, 0xAA, 0x30,
0x16, 0xC3, 0xD9, 0x11, 0x34, 0x09, 0x6F, 0xAA, 0x3B, 0xF4, 0x29, 0x6D,
0x83, 0x0E, 0x9A, 0x7C, 0x20, 0x9E, 0x0C, 0x64, 0x97, 0x51, 0x7A, 0xBD,
0x5A, 0x8A, 0x9D, 0x30, 0x6B, 0xCF, 0x67, 0xED, 0x91, 0xF9, 0xE6, 0x72,
0x5B, 0x47, 0x58, 0xC0, 0x22, 0xE0, 0xB1, 0xEF, 0x42, 0x75, 0xBF, 0x7B,
0x6C, 0x5B, 0xFC, 0x11, 0xD4, 0x5F, 0x90, 0x88, 0xB9, 0x41, 0xF5, 0x4E,
0xB1, 0xE5, 0x9B, 0xB8, 0xBC, 0x39, 0xA0, 0xBF, 0x12, 0x30, 0x7F, 0x5C,
0x4F, 0xDB, 0x70, 0xC5, 0x81, 0xB2, 0x3F, 0x76, 0xB6, 0x3A, 0xCA, 0xE1,
0xCA, 0xA6, 0xB7, 0x90, 0x2D, 0x52, 0x52, 0x67, 0x35, 0x48, 0x8A, 0x0E,
0xF1, 0x3C, 0x6D, 0x9A, 0x51, 0xBF, 0xA4, 0xAB, 0x3A, 0xD8, 0x34, 0x77,
0x96, 0x52, 0x4D, 0x8E, 0xF6, 0xA1, 0x67, 0xB5, 0xA4, 0x18, 0x25, 0xD9,
0x67, 0xE1, 0x44, 0xE5, 0x14, 0x05, 0x64, 0x25, 0x1C, 0xCA, 0xCB, 0x83,
0xE6, 0xB4, 0x86, 0xF6, 0xB3, 0xCA, 0x3F, 0x79, 0x71, 0x50, 0x60, 0x26,
0xC0, 0xB8, 0x57, 0xF6, 0x89, 0x96, 0x28, 0x56, 0xDE, 0xD4, 0x01, 0x0A,
0xBD, 0x0B, 0xE6, 0x21, 0xC3, 0xA3, 0x96, 0x0A, 0x54, 0xE7, 0x10, 0xC3,
0x75, 0xF2, 0x63, 0x75, 0xD7, 0x01, 0x41, 0x03, 0xA4, 0xB5, 0x43, 0x30,
0xC1, 0x98, 0xAF, 0x12, 0x61, 0x16, 0xD2, 0x27, 0x6E, 0x11, 0x71, 0x5F,
0x69, 0x38, 0x77, 0xFA, 0xD7, 0xEF, 0x09, 0xCA, 0xDB, 0x09, 0x4A, 0xE9,
0x1E, 0x1A, 0x15, 0x97
};
const byte gExpected[] = {
0x3F, 0xB3, 0x2C, 0x9B, 0x73, 0x13, 0x4D, 0x0B, 0x2E, 0x77, 0x50, 0x66,
0x60, 0xED, 0xBD, 0x48, 0x4C, 0xA7, 0xB1, 0x8F, 0x21, 0xEF, 0x20, 0x54,
0x07, 0xF4, 0x79, 0x3A, 0x1A, 0x0B, 0xA1, 0x25, 0x10, 0xDB, 0xC1, 0x50,
0x77, 0xBE, 0x46, 0x3F, 0xFF, 0x4F, 0xED, 0x4A, 0xAC, 0x0B, 0xB5, 0x55,
0xBE, 0x3A, 0x6C, 0x1B, 0x0C, 0x6B, 0x47, 0xB1, 0xBC, 0x37, 0x73, 0xBF,
0x7E, 0x8C, 0x6F, 0x62, 0x90, 0x12, 0x28, 0xF8, 0xC2, 0x8C, 0xBB, 0x18,
0xA5, 0x5A, 0xE3, 0x13, 0x41, 0x00, 0x0A, 0x65, 0x01, 0x96, 0xF9, 0x31,
0xC7, 0x7A, 0x57, 0xF2, 0xDD, 0xF4, 0x63, 0xE5, 0xE9, 0xEC, 0x14, 0x4B,
0x77, 0x7D, 0xE6, 0x2A, 0xAA, 0xB8, 0xA8, 0x62, 0x8A, 0xC3, 0x76, 0xD2,
0x82, 0xD6, 0xED, 0x38, 0x64, 0xE6, 0x79, 0x82, 0x42, 0x8E, 0xBC, 0x83,
0x1D, 0x14, 0x34, 0x8F, 0x6F, 0x2F, 0x91, 0x93, 0xB5, 0x04, 0x5A, 0xF2,
0x76, 0x71, 0x64, 0xE1, 0xDF, 0xC9, 0x67, 0xC1, 0xFB, 0x3F, 0x2E, 0x55,
0xA4, 0xBD, 0x1B, 0xFF, 0xE8, 0x3B, 0x9C, 0x80, 0xD0, 0x52, 0xB9, 0x85,
0xD1, 0x82, 0xEA, 0x0A, 0xDB, 0x2A, 0x3B, 0x73, 0x13, 0xD3, 0xFE, 0x14,
0xC8, 0x48, 0x4B, 0x1E, 0x05, 0x25, 0x88, 0xB9, 0xB7, 0xD2, 0xBB, 0xD2,
0xDF, 0x01, 0x61, 0x99, 0xEC, 0xD0, 0x6E, 0x15, 0x57, 0xCD, 0x09, 0x15,
0xB3, 0x35, 0x3B, 0xBB, 0x64, 0xE0, 0xEC, 0x37, 0x7F, 0xD0, 0x28, 0x37,
0x0D, 0xF9, 0x2B, 0x52, 0xC7, 0x89, 0x14, 0x28, 0xCD, 0xC6, 0x7E, 0xB6,
0x18, 0x4B, 0x52, 0x3D, 0x1D, 0xB2, 0x46, 0xC3, 0x2F, 0x63, 0x07, 0x84,
0x90, 0xF0, 0x0E, 0xF8, 0xD6, 0x47, 0xD1, 0x48, 0xD4, 0x79, 0x54, 0x51,
0x5E, 0x23, 0x27, 0xCF, 0xEF, 0x98, 0xC5, 0x82, 0x66, 0x4B, 0x4C, 0x0F,
0x6C, 0xC4, 0x16, 0x59
};
const byte qExpected[] = {
0x8C, 0xF8, 0x36, 0x42, 0xA7, 0x09, 0xA0, 0x97, 0xB4, 0x47, 0x99, 0x76,
0x40, 0x12, 0x9D, 0xA2, 0x99, 0xB1, 0xA4, 0x7D, 0x1E, 0xB3, 0x75, 0x0B,
0xA3, 0x08, 0xB0, 0xFE, 0x64, 0xF5, 0xFB, 0xD3
};
int pSz;
int qSz;
int gSz;
byte* pReturned;
byte* qReturned;
byte* gReturned;
printf(testingFmt, "wolfSSL_DH_get_2048_256()");
AssertNotNull((dh = wolfSSL_DH_get_2048_256()));
wolfSSL_DH_get0_pqg(dh, &pBn, &qBn, &gBn);
AssertIntGT((pSz = wolfSSL_BN_num_bytes(pBn)), 0);
AssertNotNull(pReturned = (byte*)XMALLOC(pSz, NULL, DYNAMIC_TYPE_TMP_BUFFER));
AssertIntGT((pSz = wolfSSL_BN_bn2bin(pBn, pReturned)), 0);
AssertIntEQ(pSz, sizeof(pExpected));
AssertIntEQ(XMEMCMP(pExpected, pReturned, pSz), 0);
AssertIntGT((qSz = wolfSSL_BN_num_bytes(qBn)), 0);
AssertNotNull(qReturned = (byte*)XMALLOC(qSz, NULL, DYNAMIC_TYPE_TMP_BUFFER));
AssertIntGT((qSz = wolfSSL_BN_bn2bin(qBn, qReturned)), 0);
AssertIntEQ(qSz, sizeof(qExpected));
AssertIntEQ(XMEMCMP(qExpected, qReturned, qSz), 0);
AssertIntGT((gSz = wolfSSL_BN_num_bytes(gBn)), 0);
AssertNotNull(gReturned = (byte*)XMALLOC(gSz, NULL, DYNAMIC_TYPE_TMP_BUFFER));
AssertIntGT((gSz = wolfSSL_BN_bn2bin(gBn, gReturned)), 0);
AssertIntEQ(gSz, sizeof(gExpected));
AssertIntEQ(XMEMCMP(gExpected, gReturned, gSz), 0);
wolfSSL_DH_free(dh);
XFREE(pReturned, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(gReturned, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(qReturned, NULL, DYNAMIC_TYPE_TMP_BUFFER);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_PEM_write_DHparams(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_BIO) && \
!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM)
DH* dh;
BIO* bio;
XFILE fp;
byte pem[2048];
int pemSz;
const char expected[] =
"-----BEGIN DH PARAMETERS-----\n\
MIIBCAKCAQEAsKEIBpwIE7pZBjy8MNX1AMFPRKfW70rGJScc6NKWUwpckd2iwpSE\n\
v32yRJ+b0sGKxb5yXKfnkebUn3MHhVtmSMdw+rTuAsk9mkraPcFGPhlp0RdGB6NN\n\
nyuWFzltMI0q85TTdc+gdebykh8acAWqBINXMPvadpM4UOgn/WPuPOW3yAmub1A1\n\
joTOSgDpEn5aMdcz/CETdswWMNsM/MVipzW477ewrMA29tnJRkj5QJAAKxuqbOMa\n\
wwsDnhvCRuRITiJzb8Nf1JrWMAdI1oyQq9T28eNI01hLprnNKb9oHwhLY4YvXGvW\n\
tgZl96bcAGdru8OpQYP7x/rI4h5+rwA/kwIBAg==\n\
-----END DH PARAMETERS-----\n";
printf(testingFmt, "wolfSSL_PEM_write_DHparams()");
AssertNotNull(fp = XFOPEN(dhParamFile, "rb"));
AssertIntGT((pemSz = (int)XFREAD(pem, 1, sizeof(pem), fp)), 0);
XFCLOSE(fp);
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertIntEQ(BIO_write(bio, pem, pemSz), pemSz);
AssertNotNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL));
BIO_free(bio);
AssertNotNull(fp = XFOPEN("./test-write-dhparams.pem", "wb"));
AssertIntEQ(PEM_write_DHparams(fp, dh), WOLFSSL_SUCCESS);
AssertIntEQ(PEM_write_DHparams(fp, NULL), WOLFSSL_FAILURE);
XFCLOSE(fp);
DH_free(dh);
/* check results */
XMEMSET(pem, 0, sizeof(pem));
AssertNotNull(fp = XFOPEN("./test-write-dhparams.pem", "rb"));
AssertIntGT((pemSz = (int)XFREAD(pem, 1, sizeof(pem), fp)), 0);
AssertIntEQ(XMEMCMP(pem, expected, pemSz), 0);
XFCLOSE(fp);
printf(resultFmt, passed);
#endif
}
/* test_EVP_Cipher_extra, Extra-test on EVP_CipherUpdate/Final. see also test.c */
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) &&\
(!defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128))
static void binary_dump(void *ptr, int size)
{
#ifdef WOLFSSL_EVP_PRINT
int i = 0;
unsigned char *p = (unsigned char *) ptr;
printf("{");
while((p != NULL) && (i < size)) {
if((i % 8) == 0) {
printf("\n");
printf(" ");
}
printf("0x%02x, ", p[i]);
i++;
}
printf("\n};\n");
#else
(void) ptr;
(void) size;
#endif
}
static int last_val = 0x0f;
static int check_result(unsigned char *data, int len)
{
int i;
for( ; len; ) {
last_val = (last_val + 1) % 16;
for(i = 0; i < 16; len--, i++, data++)
if(*data != last_val) {
return -1;
}
}
return 0;
}
static int r_offset;
static int w_offset;
static void init_offset(void)
{
r_offset = 0;
w_offset = 0;
}
static void get_record(unsigned char *data, unsigned char *buf, int len)
{
XMEMCPY(buf, data+r_offset, len);
r_offset += len;
}
static void set_record(unsigned char *data, unsigned char *buf, int len)
{
XMEMCPY(data+w_offset, buf, len);
w_offset += len;
}
static void set_plain(unsigned char *plain, int rec)
{
int i, j;
unsigned char *p = plain;
#define BLOCKSZ 16
for(i=0; i<(rec/BLOCKSZ); i++){
for(j=0; j<BLOCKSZ; j++)
*p++ = (i % 16);
}
}
#endif
static int test_wolfSSL_EVP_Cipher_extra(void)
{
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) &&\
(!defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128))
/* aes128-cbc, keylen=16, ivlen=16 */
byte aes128_cbc_key[] = {
0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef,
0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef,
};
byte aes128_cbc_iv[] = {
0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88,
0x99, 0x00, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
};
/* teset data size table */
int test_drive1[] = {8, 3, 5, 512, 8, 3, 8, 512, 0};
int test_drive2[] = {8, 3, 8, 512, 0};
int test_drive3[] = {512, 512, 504, 512, 512, 8, 512, 0};
int *test_drive[] = {test_drive1, test_drive2, test_drive3, NULL};
int test_drive_len[100];
int ret = 0;
EVP_CIPHER_CTX *evp = NULL;
int ilen = 0;
int klen = 0;
int i, j;
const EVP_CIPHER *type;
byte *iv;
byte *key;
int ivlen;
int keylen;
#define RECORDS 16
#define BUFFSZ 512
byte plain [BUFFSZ * RECORDS];
byte cipher[BUFFSZ * RECORDS];
byte inb[BUFFSZ];
byte outb[BUFFSZ+16];
int outl, inl;
iv = aes128_cbc_iv;
ivlen = sizeof(aes128_cbc_iv);
key = aes128_cbc_key;
keylen = sizeof(aes128_cbc_key);
type = EVP_aes_128_cbc();
set_plain(plain, BUFFSZ * RECORDS);
SSL_library_init();
AssertNotNull(evp = EVP_CIPHER_CTX_new());
AssertIntNE((ret = EVP_CipherInit(evp, type, NULL, iv, 0)), 0);
klen = EVP_CIPHER_CTX_key_length(evp);
if (klen > 0 && keylen != klen) {
AssertIntNE(EVP_CIPHER_CTX_set_key_length(evp, keylen), 0);
}
ilen = EVP_CIPHER_CTX_iv_length(evp);
if (ilen > 0 && ivlen != ilen) {
AssertIntNE(EVP_CIPHER_CTX_set_iv_length(evp, ivlen), 0);
}
AssertIntNE((ret = EVP_CipherInit(evp, NULL, key, iv, 1)), 0);
for (j = 0; j<RECORDS; j++)
{
inl = BUFFSZ;
get_record(plain, inb, inl);
AssertIntNE((ret = EVP_CipherUpdate(evp, outb, &outl, inb, inl)), 0);
set_record(cipher, outb, outl);
}
for (i = 0; test_drive[i]; i++) {
AssertIntNE((ret = EVP_CipherInit(evp, NULL, key, iv, 1)), 0);
init_offset();
test_drive_len[i] = 0;
for (j = 0; test_drive[i][j]; j++)
{
inl = test_drive[i][j];
test_drive_len[i] += inl;
get_record(plain, inb, inl);
AssertIntNE((ret = EVP_EncryptUpdate(evp, outb, &outl, inb, inl)), 0);
/* output to cipher buffer, so that following Dec test can detect
if any error */
set_record(cipher, outb, outl);
}
EVP_CipherFinal(evp, outb, &outl);
if(outl > 0)
set_record(cipher, outb, outl);
}
for (i = 0; test_drive[i]; i++) {
last_val = 0x0f;
AssertIntNE((ret = EVP_CipherInit(evp, NULL, key, iv, 0)), 0);
init_offset();
for (j = 0; test_drive[i][j]; j++){
inl = test_drive[i][j];
get_record(cipher, inb, inl);
AssertIntNE((ret = EVP_DecryptUpdate(evp, outb, &outl, inb, inl)), 0);
binary_dump(outb, outl);
AssertIntEQ((ret = check_result(outb, outl)), 0);
AssertFalse(outl > ((inl/16+1)*16) && outl > 16);
}
ret = EVP_CipherFinal(evp, outb, &outl);
binary_dump(outb, outl);
ret = (((test_drive_len[i] % 16) != 0) && (ret == 0)) ||
(((test_drive_len[i] % 16) == 0) && (ret == 1));
AssertTrue(ret);
}
EVP_CIPHER_CTX_free(evp);
#endif /* test_EVP_Cipher */
return 0;
}
static void test_wolfSSL_PEM_read_DHparams(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_BIO) && \
!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM)
DH* dh;
XFILE fp;
unsigned char derOut[300];
unsigned char* derOutBuf = derOut;
int derOutSz = 0;
unsigned char derExpected[300];
int derExpectedSz = 0;
printf(testingFmt, "wolfSSL_PEM_read_DHparams()");
XMEMSET(derOut, 0, sizeof(derOut));
XMEMSET(derExpected, 0, sizeof(derExpected));
/* open DH param file, read into DH struct */
AssertNotNull(fp = XFOPEN(dhParamFile, "rb"));
/* bad args */
AssertNull(dh = PEM_read_DHparams(NULL, &dh, NULL, NULL));
AssertNull(dh = PEM_read_DHparams(NULL, NULL, NULL, NULL));
/* good args */
AssertNotNull(dh = PEM_read_DHparams(fp, &dh, NULL, NULL));
XFCLOSE(fp);
/* read in certs/dh2048.der for comparison against exported params */
fp = XFOPEN("./certs/dh2048.der", "rb");
AssertTrue(fp != XBADFILE);
derExpectedSz = (int)XFREAD(derExpected, 1, sizeof(derExpected), fp);
XFCLOSE(fp);
/* export DH back to DER and compare */
derOutSz = wolfSSL_i2d_DHparams(dh, &derOutBuf);
AssertIntEQ(derOutSz, derExpectedSz);
AssertIntEQ(XMEMCMP(derOut, derExpected, derOutSz), 0);
/* Test parsing with X9.42 header */
fp = XFOPEN("./certs/x942dh2048.pem", "rb");
AssertNotNull(dh = PEM_read_DHparams(fp, &dh, NULL, NULL));
XFCLOSE(fp);
DH_free(dh);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_AES_ecb_encrypt(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AES_ECB)
AES_KEY aes;
const byte msg[] =
{
0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
};
const byte verify[] =
{
0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
};
const byte key[] =
{
0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
};
byte out[AES_BLOCK_SIZE];
printf(testingFmt, "wolfSSL_AES_ecb_encrypt()");
AssertIntEQ(AES_set_encrypt_key(key, sizeof(key)*8, &aes), 0);
XMEMSET(out, 0, AES_BLOCK_SIZE);
AES_ecb_encrypt(msg, out, &aes, AES_ENCRYPT);
AssertIntEQ(XMEMCMP(out, verify, AES_BLOCK_SIZE), 0);
#ifdef HAVE_AES_DECRYPT
AssertIntEQ(AES_set_decrypt_key(key, sizeof(key)*8, &aes), 0);
XMEMSET(out, 0, AES_BLOCK_SIZE);
AES_ecb_encrypt(verify, out, &aes, AES_DECRYPT);
AssertIntEQ(XMEMCMP(out, msg, AES_BLOCK_SIZE), 0);
#endif
/* test bad arguments */
AES_ecb_encrypt(NULL, out, &aes, AES_DECRYPT);
AES_ecb_encrypt(verify, NULL, &aes, AES_DECRYPT);
AES_ecb_encrypt(verify, out, NULL, AES_DECRYPT);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_MD5(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_MD5)
byte input1[] = "";
byte input2[] = "message digest";
byte hash[WC_MD5_DIGEST_SIZE];
unsigned char output1[] =
"\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42\x7e";
unsigned char output2[] =
"\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61\xd0";
WOLFSSL_MD5_CTX md5;
printf(testingFmt, "wolfSSL_MD5()");
XMEMSET(&md5, 0, sizeof(md5));
/* Test cases for illegal parameters */
AssertIntEQ(MD5_Init(NULL), 0);
AssertIntEQ(MD5_Init(&md5), 1);
AssertIntEQ(MD5_Update(NULL, input1, 0), 0);
AssertIntEQ(MD5_Update(NULL, NULL, 0), 0);
AssertIntEQ(MD5_Update(&md5, NULL, 1), 0);
AssertIntEQ(MD5_Final(NULL, &md5), 0);
AssertIntEQ(MD5_Final(hash, NULL), 0);
AssertIntEQ(MD5_Final(NULL, NULL), 0);
/* Init MD5 CTX */
AssertIntEQ(wolfSSL_MD5_Init(&md5), 1);
AssertIntEQ(wolfSSL_MD5_Update(&md5, input1,
XSTRLEN((const char*)&input1)), 1);
AssertIntEQ(wolfSSL_MD5_Final(hash, &md5), 1);
AssertIntEQ(XMEMCMP(&hash, output1, WC_MD5_DIGEST_SIZE), 0);
/* Init MD5 CTX */
AssertIntEQ(wolfSSL_MD5_Init(&md5), 1);
AssertIntEQ(wolfSSL_MD5_Update(&md5, input2,
(int)XSTRLEN((const char*)input2)), 1);
AssertIntEQ(wolfSSL_MD5_Final(hash, &md5), 1);
AssertIntEQ(XMEMCMP(&hash, output2, WC_MD5_DIGEST_SIZE), 0);
#if !defined(NO_OLD_NAMES) && \
(!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)))
AssertPtrNE(MD5(NULL, 1, (byte*)&hash), &hash);
AssertPtrEq(MD5(input1, 0, (byte*)&hash), &hash);
AssertPtrNE(MD5(input1, 1, NULL), NULL);
AssertPtrNE(MD5(NULL, 0, NULL), NULL);
AssertPtrEq(MD5(input1, (int)XSTRLEN((const char*)&input1), (byte*)&hash), &hash);
AssertIntEQ(XMEMCMP(&hash, output1, WC_MD5_DIGEST_SIZE), 0);
AssertPtrEq(MD5(input2, (int)XSTRLEN((const char*)&input2), (byte*)&hash), &hash);
AssertIntEQ(XMEMCMP(&hash, output2, WC_MD5_DIGEST_SIZE), 0);
{
byte data[] = "Data to be hashed.";
XMEMSET(hash, 0, WC_MD5_DIGEST_SIZE);
AssertNotNull(MD5(data, sizeof(data), NULL));
AssertNotNull(MD5(data, sizeof(data), hash));
AssertNotNull(MD5(NULL, 0, hash));
AssertNull(MD5(NULL, sizeof(data), hash));
}
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_MD5_Transform(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_MD5)
byte input1[] = "";
byte input2[] = "abc";
byte local[WC_MD5_BLOCK_SIZE];
word32 sLen = 0;
#ifdef BIG_ENDIAN_ORDER
unsigned char output1[] =
"\x03\x1f\x1d\xac\x6e\xa5\x8e\xd0\x1f\xab\x67\xb7\x74\x31\x77\x91";
unsigned char output2[] =
"\xef\xd3\x79\x8d\x67\x17\x25\x90\xa4\x13\x79\xc7\xe3\xa7\x7b\xbc";
#else
unsigned char output1[] =
"\xac\x1d\x1f\x03\xd0\x8e\xa5\x6e\xb7\x67\xab\x1f\x91\x77\x31\x74";
unsigned char output2[] =
"\x8d\x79\xd3\xef\x90\x25\x17\x67\xc7\x79\x13\xa4\xbc\x7b\xa7\xe3";
#endif
MD5_CTX md5;
printf(testingFmt, "wolfSSL_MD5_Transform()");
XMEMSET(&md5, 0, sizeof(md5));
XMEMSET(&local, 0, sizeof(local));
/* sanity check */
AssertIntEQ(MD5_Transform(NULL, NULL), 0);
AssertIntEQ(MD5_Transform(NULL, (const byte*)&input1), 0);
AssertIntEQ(MD5_Transform(&md5, NULL), 0);
AssertIntEQ(wc_Md5Transform(NULL, NULL), BAD_FUNC_ARG);
AssertIntEQ(wc_Md5Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
AssertIntEQ(wc_Md5Transform((wc_Md5*)&md5, NULL), BAD_FUNC_ARG);
/* Init MD5 CTX */
AssertIntEQ(wolfSSL_MD5_Init(&md5), 1);
/* Do Transform*/
sLen = (word32)XSTRLEN((char*)input1);
XMEMCPY(local, input1, sLen);
AssertIntEQ(MD5_Transform(&md5, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Md5*)&md5)->digest[0], output1,
WC_MD5_DIGEST_SIZE), 0);
/* Init MD5 CTX */
AssertIntEQ(MD5_Init(&md5), 1);
sLen = (word32)XSTRLEN((char*)input2);
XMEMSET(local, 0, WC_MD5_BLOCK_SIZE);
XMEMCPY(local, input2, sLen);
AssertIntEQ(MD5_Transform(&md5, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Md5*)&md5)->digest[0], output2,
WC_MD5_DIGEST_SIZE), 0);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_SHA224(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA224) && \
!defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
unsigned char input[] =
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
unsigned char output[] =
"\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01"
"\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25";
size_t inLen;
byte hash[WC_SHA224_DIGEST_SIZE];
printf(testingFmt, "wolfSSL_SHA224()");
inLen = XSTRLEN((char*)input);
XMEMSET(hash, 0, WC_SHA224_DIGEST_SIZE);
AssertNull(SHA224(NULL, inLen, hash));
AssertNotNull(SHA224(input, 0, hash));
AssertNotNull(SHA224(input, inLen, NULL));
AssertNotNull(SHA224(NULL, 0, hash));
AssertNotNull(SHA224(NULL, 0, NULL));
AssertNotNull(SHA224(input, inLen, hash));
AssertIntEQ(XMEMCMP(hash, output, WC_SHA224_DIGEST_SIZE), 0);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_SHA_Transform(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_SHA)
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
byte input1[] = "";
byte input2[] = "abc";
byte local[WC_SHA_BLOCK_SIZE];
word32 sLen = 0;
#ifdef BIG_ENDIAN_ORDER
unsigned char output1[] =
"\x92\xb4\x04\xe5\x56\x58\x8c\xed\x6c\x1a\xcd\x4e\xbf\x05\x3f\x68"
"\x09\xf7\x3a\x93";
unsigned char output2[] =
"\x97\xb2\x74\x8b\x4f\x5b\xbc\xca\x5b\xc0\xe6\xea\x2d\x40\xb4\xa0"
"\x7c\x6e\x08\xb8";
#else
unsigned char output1[] =
"\xe5\x04\xb4\x92\xed\x8c\x58\x56\x4e\xcd\x1a\x6c\x68\x3f\x05\xbf"
"\x93\x3a\xf7\x09";
unsigned char output2[] =
"\x8b\x74\xb2\x97\xca\xbc\x5b\x4f\xea\xe6\xc0\x5b\xa0\xb4\x40\x2d"
"\xb8\x08\x6e\x7c";
#endif
SHA_CTX sha;
SHA_CTX sha1;
printf(testingFmt, "wolfSSL_SHA_Transform()");
XMEMSET(&sha, 0, sizeof(sha));
XMEMSET(&local, 0, sizeof(local));
/* sanity check */
AssertIntEQ(SHA_Transform(NULL, NULL), 0);
AssertIntEQ(SHA_Transform(NULL, (const byte*)&input1), 0);
AssertIntEQ(SHA_Transform(&sha, NULL), 0);
AssertIntEQ(SHA1_Transform(NULL, NULL), 0);
AssertIntEQ(SHA1_Transform(NULL, (const byte*)&input1), 0);
AssertIntEQ(SHA1_Transform(&sha, NULL), 0);
AssertIntEQ(wc_ShaTransform(NULL, NULL), BAD_FUNC_ARG);
AssertIntEQ(wc_ShaTransform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
AssertIntEQ(wc_ShaTransform((wc_Sha*)&sha, NULL), BAD_FUNC_ARG);
/* Init SHA CTX */
AssertIntEQ(SHA_Init(&sha), 1);
/* Do Transform*/
sLen = (word32)XSTRLEN((char*)input1);
XMEMCPY(local, input1, sLen);
AssertIntEQ(SHA_Transform(&sha, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Sha*)&sha)->digest[0], output1,
WC_SHA_DIGEST_SIZE), 0);
AssertIntEQ(SHA_Final(local, &sha), 1); /* frees resources */
/* Init SHA CTX */
AssertIntEQ(SHA_Init(&sha), 1);
sLen = (word32)XSTRLEN((char*)input2);
XMEMSET(local, 0, WC_SHA_BLOCK_SIZE);
XMEMCPY(local, input2, sLen);
AssertIntEQ(SHA_Transform(&sha, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Sha*)&sha)->digest[0], output2,
WC_SHA_DIGEST_SIZE), 0);
AssertIntEQ(SHA_Final(local, &sha), 1); /* frees resources */
/* SHA1 */
XMEMSET(local, 0, WC_SHA_BLOCK_SIZE);
/* Init SHA CTX */
AssertIntEQ(SHA1_Init(&sha1), 1);
/* Do Transform*/
sLen = (word32)XSTRLEN((char*)input1);
XMEMCPY(local, input1, sLen);
AssertIntEQ(SHA1_Transform(&sha1, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Sha*)&sha1)->digest[0], output1,
WC_SHA_DIGEST_SIZE), 0);
AssertIntEQ(SHA_Final(local, &sha), 1); /* frees resources */
/* Init SHA CTX */
AssertIntEQ(SHA1_Init(&sha1), 1);
sLen = (word32)XSTRLEN((char*)input2);
XMEMSET(local, 0, WC_SHA_BLOCK_SIZE);
XMEMCPY(local, input2, sLen);
AssertIntEQ(SHA1_Transform(&sha1, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Sha*)&sha1)->digest[0], output2,
WC_SHA_DIGEST_SIZE), 0);
AssertIntEQ(SHA_Final(local, &sha), 1); /* frees resources */
printf(resultFmt, passed);
#endif
#endif
}
static void test_wolfSSL_SHA256_Transform(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256)
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) && \
!defined(WOLFSSL_DEVCRYPTO_HASH) && !defined(WOLFSSL_AFALG_HASH)
byte input1[] = "";
byte input2[] = "abc";
byte local[WC_SHA256_BLOCK_SIZE];
word32 sLen = 0;
#ifdef BIG_ENDIAN_ORDER
unsigned char output1[] =
"\xda\x56\x98\xbe\x17\xb9\xb4\x69\x62\x33\x57\x99\x77\x9f\xbe\xca"
"\x8c\xe5\xd4\x91\xc0\xd2\x62\x43\xba\xfe\xf9\xea\x18\x37\xa9\xd8";
unsigned char output2[] =
"\x1d\x4e\xd4\x67\x67\x7c\x61\x67\x44\x10\x76\x26\x78\x10\xff\xb8"
"\x40\xc8\x9a\x39\x73\x16\x60\x8c\xa6\x61\xd6\x05\x91\xf2\x8c\x35";
#else
unsigned char output1[] =
"\xbe\x98\x56\xda\x69\xb4\xb9\x17\x99\x57\x33\x62\xca\xbe\x9f\x77"
"\x91\xd4\xe5\x8c\x43\x62\xd2\xc0\xea\xf9\xfe\xba\xd8\xa9\x37\x18";
unsigned char output2[] =
"\x67\xd4\x4e\x1d\x67\x61\x7c\x67\x26\x76\x10\x44\xb8\xff\x10\x78"
"\x39\x9a\xc8\x40\x8c\x60\x16\x73\x05\xd6\x61\xa6\x35\x8c\xf2\x91";
#endif
SHA256_CTX sha256;
printf(testingFmt, "wolfSSL_SHA256_Transform()");
XMEMSET(&sha256, 0, sizeof(sha256));
XMEMSET(&local, 0, sizeof(local));
/* sanity check */
AssertIntEQ(SHA256_Transform(NULL, NULL), 0);
AssertIntEQ(SHA256_Transform(NULL, (const byte*)&input1), 0);
AssertIntEQ(SHA256_Transform(&sha256, NULL), 0);
AssertIntEQ(wc_Sha256Transform(NULL, NULL), BAD_FUNC_ARG);
AssertIntEQ(wc_Sha256Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
AssertIntEQ(wc_Sha256Transform((wc_Sha256*)&sha256, NULL), BAD_FUNC_ARG);
/* Init SHA256 CTX */
AssertIntEQ(SHA256_Init(&sha256), 1);
/* Do Transform*/
sLen = (word32)XSTRLEN((char*)input1);
XMEMCPY(local, input1, sLen);
AssertIntEQ(SHA256_Transform(&sha256, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Sha256*)&sha256)->digest[0], output1,
WC_SHA256_DIGEST_SIZE), 0);
AssertIntEQ(SHA256_Final(local, &sha256), 1); /* frees resources */
/* Init SHA256 CTX */
AssertIntEQ(SHA256_Init(&sha256), 1);
sLen = (word32)XSTRLEN((char*)input2);
XMEMSET(local, 0, WC_SHA256_BLOCK_SIZE);
XMEMCPY(local, input2, sLen);
AssertIntEQ(SHA256_Transform(&sha256, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Sha256*)&sha256)->digest[0], output2,
WC_SHA256_DIGEST_SIZE), 0);
AssertIntEQ(SHA256_Final(local, &sha256), 1); /* frees resources */
printf(resultFmt, passed);
#endif
#endif
}
static void test_wolfSSL_SHA256(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && \
defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
unsigned char input[] =
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
unsigned char output[] =
"\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
"\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
"\x06\xC1";
size_t inLen;
byte hash[WC_SHA256_DIGEST_SIZE];
printf(testingFmt, "wolfSSL_SHA256()");
inLen = XSTRLEN((char*)input);
XMEMSET(hash, 0, WC_SHA256_DIGEST_SIZE);
AssertNotNull(SHA256(input, inLen, hash));
AssertIntEQ(XMEMCMP(hash, output, WC_SHA256_DIGEST_SIZE), 0);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_SHA512_Transform(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA512)
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
byte input1[] = "";
byte input2[] = "abc";
byte local[WC_SHA512_BLOCK_SIZE];
word32 sLen = 0;
#ifdef BIG_ENDIAN_ORDER
unsigned char output1[] =
"\xcf\x78\x81\xd5\x77\x4a\xcb\xe8\x53\x33\x62\xe0\xfb\xc7\x80\x70"
"\x02\x67\x63\x9d\x87\x46\x0e\xda\x30\x86\xcb\x40\xe8\x59\x31\xb0"
"\x71\x7d\xc9\x52\x88\xa0\x23\xa3\x96\xba\xb2\xc1\x4c\xe0\xb5\xe0"
"\x6f\xc4\xfe\x04\xea\xe3\x3e\x0b\x91\xf4\xd8\x0c\xbd\x66\x8b\xee";
unsigned char output2[] =
"\x11\x10\x93\x4e\xeb\xa0\xcc\x0d\xfd\x33\x43\x9c\xfb\x04\xc8\x21"
"\xa9\xb4\x26\x3d\xca\xab\x31\x41\xe2\xc6\xaa\xaf\xe1\x67\xd7\xab"
"\x31\x8f\x2e\x54\x2c\xba\x4e\x83\xbe\x88\xec\x9d\x8f\x2b\x38\x98"
"\x14\xd2\x4e\x9d\x53\x8b\x5e\x4d\xde\x68\x6c\x69\xaf\x20\x96\xf0";
#else
unsigned char output1[] =
"\xe8\xcb\x4a\x77\xd5\x81\x78\xcf\x70\x80\xc7\xfb\xe0\x62\x33\x53"
"\xda\x0e\x46\x87\x9d\x63\x67\x02\xb0\x31\x59\xe8\x40\xcb\x86\x30"
"\xa3\x23\xa0\x88\x52\xc9\x7d\x71\xe0\xb5\xe0\x4c\xc1\xb2\xba\x96"
"\x0b\x3e\xe3\xea\x04\xfe\xc4\x6f\xee\x8b\x66\xbd\x0c\xd8\xf4\x91";
unsigned char output2[] =
"\x0d\xcc\xa0\xeb\x4e\x93\x10\x11\x21\xc8\x04\xfb\x9c\x43\x33\xfd"
"\x41\x31\xab\xca\x3d\x26\xb4\xa9\xab\xd7\x67\xe1\xaf\xaa\xc6\xe2"
"\x83\x4e\xba\x2c\x54\x2e\x8f\x31\x98\x38\x2b\x8f\x9d\xec\x88\xbe"
"\x4d\x5e\x8b\x53\x9d\x4e\xd2\x14\xf0\x96\x20\xaf\x69\x6c\x68\xde";
#endif
SHA512_CTX sha512;
printf(testingFmt, "wolfSSL_SHA512_Transform()");
XMEMSET(&sha512, 0, sizeof(sha512));
XMEMSET(&local, 0, sizeof(local));
/* sanity check */
AssertIntEQ(SHA512_Transform(NULL, NULL), 0);
AssertIntEQ(SHA512_Transform(NULL, (const byte*)&input1), 0);
AssertIntEQ(SHA512_Transform(&sha512, NULL), 0);
AssertIntEQ(wc_Sha512Transform(NULL, NULL), BAD_FUNC_ARG);
AssertIntEQ(wc_Sha512Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
AssertIntEQ(wc_Sha512Transform((wc_Sha512*)&sha512, NULL), BAD_FUNC_ARG);
/* Init SHA512 CTX */
AssertIntEQ(wolfSSL_SHA512_Init(&sha512), 1);
/* Do Transform*/
sLen = (word32)XSTRLEN((char*)input1);
XMEMCPY(local, input1, sLen);
AssertIntEQ(SHA512_Transform(&sha512, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Sha512*)&sha512)->digest[0], output1,
WC_SHA512_DIGEST_SIZE), 0);
AssertIntEQ(SHA512_Final(local, &sha512), 1); /* frees resources */
/* Init SHA512 CTX */
AssertIntEQ(SHA512_Init(&sha512), 1);
sLen = (word32)XSTRLEN((char*)input2);
XMEMSET(local, 0, WC_SHA512_BLOCK_SIZE);
XMEMCPY(local, input2, sLen);
AssertIntEQ(SHA512_Transform(&sha512, (const byte*)&local[0]), 1);
AssertIntEQ(XMEMCMP(&((wc_Sha512*)&sha512)->digest[0], output2,
WC_SHA512_DIGEST_SIZE), 0);
AssertIntEQ(SHA512_Final(local, &sha512), 1); /* frees resources */
(void)input1;
printf(resultFmt, passed);
#endif
#endif
}
static void test_wolfSSL_X509_get_serialNumber(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA)
ASN1_INTEGER* a;
BIGNUM* bn;
X509* x509;
char *serialHex;
byte serial[3];
int serialSz;
printf(testingFmt, "wolfSSL_X509_get_serialNumber()");
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
SSL_FILETYPE_PEM));
AssertNotNull(a = X509_get_serialNumber(x509));
/* check on value of ASN1 Integer */
AssertNotNull(bn = ASN1_INTEGER_to_BN(a, NULL));
/* test setting serial number and then retrieving it */
AssertNotNull(a = ASN1_INTEGER_new());
ASN1_INTEGER_set(a, 3);
AssertIntEQ(X509_set_serialNumber(x509, a), WOLFSSL_SUCCESS);
serialSz = sizeof(serial);
AssertIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz),
WOLFSSL_SUCCESS);
AssertIntEQ(serialSz, 1);
AssertIntEQ(serial[0], 3);
ASN1_INTEGER_free(a);
/* test setting serial number with 0's in it */
serial[0] = 0x01;
serial[1] = 0x00;
serial[2] = 0x02;
AssertNotNull(a = wolfSSL_ASN1_INTEGER_new());
a->data[0] = ASN_INTEGER;
a->data[1] = sizeof(serial);
XMEMCPY(&a->data[2], serial, sizeof(serial));
a->length = sizeof(serial) + 2;
AssertIntEQ(X509_set_serialNumber(x509, a), WOLFSSL_SUCCESS);
XMEMSET(serial, 0, sizeof(serial));
serialSz = sizeof(serial);
AssertIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz),
WOLFSSL_SUCCESS);
AssertIntEQ(serialSz, 3);
AssertIntEQ(serial[0], 0x01);
AssertIntEQ(serial[1], 0x00);
AssertIntEQ(serial[2], 0x02);
ASN1_INTEGER_free(a);
X509_free(x509); /* free's a */
AssertNotNull(serialHex = BN_bn2hex(bn));
#ifndef WC_DISABLE_RADIX_ZERO_PAD
AssertStrEQ(serialHex, "01");
#else
AssertStrEQ(serialHex, "1");
#endif
OPENSSL_free(serialHex);
AssertIntEQ(BN_get_word(bn), 1);
BN_free(bn);
/* hard test free'ing with dynamic buffer to make sure there is no leaks */
a = ASN1_INTEGER_new();
if (a) {
AssertNotNull(a->data = (unsigned char*)XMALLOC(100, NULL,
DYNAMIC_TYPE_OPENSSL));
a->isDynamic = 1;
ASN1_INTEGER_free(a);
}
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_OpenSSL_add_all_algorithms(void){
#if defined(OPENSSL_EXTRA)
printf(testingFmt, "wolfSSL_OpenSSL_add_all_algorithms()");
AssertIntEQ(wolfSSL_add_all_algorithms(),WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_OpenSSL_add_all_algorithms_noconf(),WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_OpenSSL_add_all_algorithms_conf(),WOLFSSL_SUCCESS);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_OPENSSL_hexstr2buf(void)
{
#if defined(OPENSSL_EXTRA)
#define MAX_HEXSTR_BUFSZ 9
#define NUM_CASES 5
struct Output {
const unsigned char buffer[MAX_HEXSTR_BUFSZ];
long ret;
};
int i;
int j;
const char* inputs[NUM_CASES] = {
"aabcd1357e",
"01:12:23:34:a5:b6:c7:d8:e9",
":01:02",
"012",
":ab:ac:d"
};
struct Output expectedOutputs[NUM_CASES] = {
{{0xaa, 0xbc, 0xd1, 0x35, 0x7e}, 5},
{{0x01, 0x12, 0x23, 0x34, 0xa5, 0xb6, 0xc7, 0xd8, 0xe9}, 9},
{{0x01, 0x02}, 2},
{{0x00}, 0},
{{0x00}, 0}
};
long len = 0;
unsigned char* returnedBuf = NULL;
printf(testingFmt, "test_wolfSSL_OPENSSL_hexstr2buf()");
for (i = 0; i < NUM_CASES; ++i) {
returnedBuf = wolfSSL_OPENSSL_hexstr2buf(inputs[i], &len);
if (returnedBuf == NULL) {
AssertIntEQ(expectedOutputs[i].ret, 0);
continue;
}
AssertIntEQ(expectedOutputs[i].ret, len);
for (j = 0; j < len; ++j) {
AssertIntEQ(expectedOutputs[i].buffer[j], returnedBuf[j]);
}
OPENSSL_free(returnedBuf);
}
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_ASN1_STRING_print_ex(void){
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
#ifndef NO_BIO
ASN1_STRING* asn_str;
const char data[] = "Hello wolfSSL!";
ASN1_STRING* esc_str;
const char esc_data[] = "a+;<>";
BIO *bio;
unsigned long flags;
int p_len;
unsigned char rbuf[255];
printf(testingFmt, "wolfSSL_ASN1_STRING_print_ex()");
/* setup */
XMEMSET(rbuf, 0, 255);
bio = BIO_new(BIO_s_mem());
BIO_set_write_buf_size(bio,255);
asn_str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING);
ASN1_STRING_set(asn_str, (const void*)data, sizeof(data));
esc_str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING);
ASN1_STRING_set(esc_str, (const void*)esc_data, sizeof(esc_data));
/* no flags */
XMEMSET(rbuf, 0, 255);
flags = 0;
p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags);
AssertIntEQ(p_len, 15);
BIO_read(bio, (void*)rbuf, 15);
AssertStrEQ((char*)rbuf, "Hello wolfSSL!");
/* RFC2253 Escape */
XMEMSET(rbuf, 0, 255);
flags = ASN1_STRFLGS_ESC_2253;
p_len = wolfSSL_ASN1_STRING_print_ex(bio, esc_str, flags);
AssertIntEQ(p_len, 9);
BIO_read(bio, (void*)rbuf, 9);
AssertStrEQ((char*)rbuf, "a\\+\\;\\<\\>");
/* Show type */
XMEMSET(rbuf, 0, 255);
flags = ASN1_STRFLGS_SHOW_TYPE;
p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags);
AssertIntEQ(p_len, 28);
BIO_read(bio, (void*)rbuf, 28);
AssertStrEQ((char*)rbuf, "OCTET STRING:Hello wolfSSL!");
/* Dump All */
XMEMSET(rbuf, 0, 255);
flags = ASN1_STRFLGS_DUMP_ALL;
p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags);
AssertIntEQ(p_len, 31);
BIO_read(bio, (void*)rbuf, 31);
AssertStrEQ((char*)rbuf, "#48656C6C6F20776F6C6653534C2100");
/* Dump Der */
XMEMSET(rbuf, 0, 255);
flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_DUMP_DER;
p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags);
AssertIntEQ(p_len, 35);
BIO_read(bio, (void*)rbuf, 35);
AssertStrEQ((char*)rbuf, "#040F48656C6C6F20776F6C6653534C2100");
/* Dump All + Show type */
XMEMSET(rbuf, 0, 255);
flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_SHOW_TYPE;
p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags);
AssertIntEQ(p_len, 44);
BIO_read(bio, (void*)rbuf, 44);
AssertStrEQ((char*)rbuf, "OCTET STRING:#48656C6C6F20776F6C6653534C2100");
BIO_free(bio);
ASN1_STRING_free(asn_str);
ASN1_STRING_free(esc_str);
printf(resultFmt, passed);
#endif /* !NO_BIO */
#endif
}
static void test_wolfSSL_ASN1_TIME_to_generalizedtime(void){
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME)
WOLFSSL_ASN1_TIME *t;
WOLFSSL_ASN1_TIME *out;
WOLFSSL_ASN1_TIME *gtime;
int tlen = 0;
unsigned char *data;
printf(testingFmt, "wolfSSL_ASN1_TIME_to_generalizedtime()");
/* UTC Time test */
AssertNotNull(t = wolfSSL_ASN1_TIME_new());
XMEMSET(t->data, 0, ASN_GENERALIZED_TIME_SIZE);
AssertNotNull(out = wolfSSL_ASN1_TIME_new());
t->type = ASN_UTC_TIME;
t->length = ASN_UTC_TIME_SIZE;
XMEMCPY(t->data, "050727123456Z", ASN_UTC_TIME_SIZE);
tlen = wolfSSL_ASN1_TIME_get_length(t);
AssertIntEQ(tlen, ASN_UTC_TIME_SIZE);
data = wolfSSL_ASN1_TIME_get_data(t);
AssertStrEQ((char*)data, "050727123456Z");
gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out);
AssertIntEQ(gtime->type, ASN_GENERALIZED_TIME);
AssertIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE);
AssertStrEQ((char*)gtime->data, "20050727123456Z");
/* Generalized Time test */
XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE);
XMEMSET(out, 0, ASN_GENERALIZED_TIME_SIZE);
XMEMSET(data, 0, ASN_GENERALIZED_TIME_SIZE);
t->type = ASN_GENERALIZED_TIME;
t->length = ASN_GENERALIZED_TIME_SIZE;
XMEMCPY(t->data, "20050727123456Z", ASN_GENERALIZED_TIME_SIZE);
tlen = wolfSSL_ASN1_TIME_get_length(t);
AssertIntEQ(tlen, ASN_GENERALIZED_TIME_SIZE);
data = wolfSSL_ASN1_TIME_get_data(t);
AssertStrEQ((char*)data, "20050727123456Z");
gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out);
AssertIntEQ(gtime->type, ASN_GENERALIZED_TIME);
AssertIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE);
AssertStrEQ((char*)gtime->data, "20050727123456Z");
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
/* Null parameter test */
XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE);
gtime = NULL;
out = NULL;
t->type = ASN_UTC_TIME;
t->length = ASN_UTC_TIME_SIZE;
XMEMCPY(t->data, "050727123456Z", ASN_UTC_TIME_SIZE);
AssertNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, NULL));
AssertIntEQ(gtime->type, ASN_GENERALIZED_TIME);
AssertIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE);
AssertStrEQ((char*)gtime->data, "20050727123456Z");
XFREE(gtime, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_CA_num(void){
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
defined(HAVE_ECC) && !defined(NO_RSA)
WOLFSSL_X509_STORE *store;
WOLFSSL_X509 *x509_1, *x509_2;
int ca_num = 0;
printf(testingFmt, "wolfSSL_X509_CA_num()");
store = wolfSSL_X509_STORE_new();
x509_1 = wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM);
wolfSSL_X509_STORE_add_cert(store, x509_1);
ca_num = wolfSSL_X509_CA_num(store);
AssertIntEQ(ca_num, 1);
x509_2 = wolfSSL_X509_load_certificate_file(eccCertFile, WOLFSSL_FILETYPE_PEM);
wolfSSL_X509_STORE_add_cert(store, x509_2);
ca_num = wolfSSL_X509_CA_num(store);
AssertIntEQ(ca_num, 2);
wolfSSL_X509_free(x509_1);
wolfSSL_X509_free(x509_2);
wolfSSL_X509_STORE_free(store);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_check_ca(void){
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
WOLFSSL_X509 *x509;
printf(testingFmt, "wolfSSL_X509_check_ca()");
x509 = wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM);
AssertIntEQ(wolfSSL_X509_check_ca(x509), 1);
wolfSSL_X509_free(x509);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_check_ip_asc(void){
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
WOLFSSL_X509 *x509;
printf(testingFmt, "wolfSSL_X509_check_ip_asc()");
x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM);
#if 0
/* TODO: add cert gen for testing positive case */
AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.0.0.1", 0), 1);
#endif
AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, "0.0.0.0", 0), 0);
AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, NULL, 0), 0);
wolfSSL_X509_free(x509);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_DC_cert(void)
{
#if !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)
int ret;
Cert cert;
CertName name;
RsaKey key;
WC_RNG rng;
byte der[FOURK_BUF];
word32 idx;
const byte mySerial[8] = {1,2,3,4,5,6,7,8};
#ifdef OPENSSL_EXTRA
const unsigned char* pt;
int certSz;
X509* x509;
X509_NAME* x509name;
X509_NAME_ENTRY* entry;
ASN1_STRING* entryValue;
#endif
printf(testingFmt, "wolfSSL Certs with DC");
XMEMSET(&name, 0, sizeof(CertName));
/* set up cert name */
XMEMCPY(name.country, "US", sizeof("US"));
name.countryEnc = CTC_PRINTABLE;
XMEMCPY(name.state, "Oregon", sizeof("Oregon"));
name.stateEnc = CTC_UTF8;
XMEMCPY(name.locality, "Portland", sizeof("Portland"));
name.localityEnc = CTC_UTF8;
XMEMCPY(name.sur, "Test", sizeof("Test"));
name.surEnc = CTC_UTF8;
XMEMCPY(name.org, "wolfSSL", sizeof("wolfSSL"));
name.orgEnc = CTC_UTF8;
XMEMCPY(name.unit, "Development", sizeof("Development"));
name.unitEnc = CTC_UTF8;
XMEMCPY(name.commonName, "www.wolfssl.com", sizeof("www.wolfssl.com"));
name.commonNameEnc = CTC_UTF8;
XMEMCPY(name.serialDev, "wolfSSL12345", sizeof("wolfSSL12345"));
name.serialDevEnc = CTC_PRINTABLE;
#ifdef WOLFSSL_MULTI_ATTRIB
#if CTC_MAX_ATTRIB > 2
{
NameAttrib* n;
n = &name.name[0];
n->id = ASN_DOMAIN_COMPONENT;
n->type = CTC_UTF8;
n->sz = sizeof("com");
XMEMCPY(n->value, "com", sizeof("com"));
n = &name.name[1];
n->id = ASN_DOMAIN_COMPONENT;
n->type = CTC_UTF8;
n->sz = sizeof("wolfssl");
XMEMCPY(n->value, "wolfssl", sizeof("wolfssl"));
}
#endif
#endif /* WOLFSSL_MULTI_ATTRIB */
AssertIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
#ifndef HAVE_FIPS
AssertIntEQ(wc_InitRng_ex(&rng, HEAP_HINT, devId), 0);
#else
AssertIntEQ(wc_InitRng(&rng), 0);
#endif
/* load test RSA key */
idx = 0;
#if defined(USE_CERT_BUFFERS_1024)
AssertIntEQ(wc_RsaPrivateKeyDecode(server_key_der_1024, &idx, &key,
sizeof_server_key_der_1024), 0);
#elif defined(USE_CERT_BUFFERS_2048)
AssertIntEQ(wc_RsaPrivateKeyDecode(server_key_der_2048, &idx, &key,
sizeof_server_key_der_2048), 0);
#else
/* error case, no RSA key loaded, happens later */
(void)idx;
#endif
XMEMSET(&cert, 0 , sizeof(Cert));
AssertIntEQ(wc_InitCert(&cert), 0);
XMEMCPY(&cert.subject, &name, sizeof(CertName));
XMEMCPY(cert.serial, mySerial, sizeof(mySerial));
cert.serialSz = (int)sizeof(mySerial);
cert.isCA = 1;
#ifndef NO_SHA256
cert.sigType = CTC_SHA256wRSA;
#else
cert.sigType = CTC_SHAwRSA;
#endif
/* add SKID from the Public Key */
AssertIntEQ(wc_SetSubjectKeyIdFromPublicKey(&cert, &key, NULL), 0);
/* add AKID from the Public Key */
AssertIntEQ(wc_SetAuthKeyIdFromPublicKey(&cert, &key, NULL), 0);
ret = 0;
do {
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif
if (ret >= 0) {
ret = wc_MakeSelfCert(&cert, der, FOURK_BUF, &key, &rng);
}
} while (ret == WC_PENDING_E);
AssertIntGT(ret, 0);
#ifdef OPENSSL_EXTRA
/* der holds a certificate with DC's now check X509 parsing of it */
certSz = ret;
pt = der;
AssertNotNull(x509 = d2i_X509(NULL, &pt, certSz));
AssertNotNull(x509name = X509_get_subject_name(x509));
#ifdef WOLFSSL_MULTI_ATTRIB
AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
-1)), 5);
AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
idx)), 6);
AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
idx)), -1);
#endif /* WOLFSSL_MULTI_ATTRIB */
/* compare DN at index 0 */
AssertNotNull(entry = X509_NAME_get_entry(x509name, 0));
AssertNotNull(entryValue = X509_NAME_ENTRY_get_data(entry));
AssertIntEQ(ASN1_STRING_length(entryValue), 2);
AssertStrEQ((const char*)ASN1_STRING_data(entryValue), "US");
#ifdef WOLFSSL_MULTI_ATTRIB
/* get first and second DC and compare result */
AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
-1)), 5);
AssertNotNull(entry = X509_NAME_get_entry(x509name, idx));
AssertNotNull(entryValue = X509_NAME_ENTRY_get_data(entry));
AssertStrEQ((const char *)ASN1_STRING_data(entryValue), "com");
AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
idx)), 6);
AssertNotNull(entry = X509_NAME_get_entry(x509name, idx));
AssertNotNull(entryValue = X509_NAME_ENTRY_get_data(entry));
AssertStrEQ((const char *)ASN1_STRING_data(entryValue), "wolfssl");
#endif /* WOLFSSL_MULTI_ATTRIB */
/* try invalid index locations for regression test and sanity check */
AssertNull(entry = X509_NAME_get_entry(x509name, 11));
AssertNull(entry = X509_NAME_get_entry(x509name, 20));
X509_free(x509);
#endif /* OPENSSL_EXTRA */
wc_FreeRsaKey(&key);
wc_FreeRng(&rng);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_get_version(void){
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
WOLFSSL_X509 *x509;
printf(testingFmt, "wolfSSL_X509_get_version()");
x509 = wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM);
AssertNotNull(x509);
AssertIntEQ((int)wolfSSL_X509_get_version(x509), 2);
wolfSSL_X509_free(x509);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_DES_ncbc(void){
#if defined(OPENSSL_EXTRA) && !defined(NO_DES3)
const_DES_cblock myDes;
DES_cblock iv = {1};
DES_key_schedule key = {0};
unsigned char msg[] = "hello wolfssl";
unsigned char out[DES_BLOCK_SIZE * 2] = {0};
unsigned char pln[DES_BLOCK_SIZE * 2] = {0};
unsigned char exp[] = {0x31, 0x98, 0x2F, 0x3A, 0x55, 0xBF, 0xD8, 0xC4};
unsigned char exp2[] = {0xC7, 0x45, 0x8B, 0x28, 0x10, 0x53, 0xE0, 0x58};
printf(testingFmt, "wolfSSL_DES_ncbc()");
/* partial block test */
DES_set_key(&key, &myDes);
DES_ncbc_encrypt(msg, out, 3, &myDes, &iv, DES_ENCRYPT);
AssertIntEQ(XMEMCMP(exp, out, DES_BLOCK_SIZE), 0);
AssertIntEQ(XMEMCMP(exp, iv, DES_BLOCK_SIZE), 0);
DES_set_key(&key, &myDes);
XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE);
*((byte*)&iv) = 1;
DES_ncbc_encrypt(out, pln, 3, &myDes, &iv, DES_DECRYPT);
AssertIntEQ(XMEMCMP(msg, pln, 3), 0);
AssertIntEQ(XMEMCMP(exp, iv, DES_BLOCK_SIZE), 0);
/* full block test */
DES_set_key(&key, &myDes);
XMEMSET(pln, 0, DES_BLOCK_SIZE);
XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE);
*((byte*)&iv) = 1;
DES_ncbc_encrypt(msg, out, 8, &myDes, &iv, DES_ENCRYPT);
AssertIntEQ(XMEMCMP(exp2, out, DES_BLOCK_SIZE), 0);
AssertIntEQ(XMEMCMP(exp2, iv, DES_BLOCK_SIZE), 0);
DES_set_key(&key, &myDes);
XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE);
*((byte*)&iv) = 1;
DES_ncbc_encrypt(out, pln, 8, &myDes, &iv, DES_DECRYPT);
AssertIntEQ(XMEMCMP(msg, pln, 8), 0);
AssertIntEQ(XMEMCMP(exp2, iv, DES_BLOCK_SIZE), 0);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_AES_cbc_encrypt(void)
{
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(OPENSSL_EXTRA)
AES_KEY aes;
AES_KEY* aesN = NULL;
size_t len = 0;
size_t lenB = 0;
int keySz0 = 0;
int keySzN = -1;
byte out[AES_BLOCK_SIZE] = {0};
byte* outN = NULL;
/* Test vectors retrieved from:
* <begin URL>
* https://csrc.nist.gov/
* CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/
* documents/aes/KAT_AES.zip
* </end URL>
*/
const byte* pt128N = NULL;
byte* key128N = NULL;
byte* iv128N = NULL;
byte iv128tmp[AES_BLOCK_SIZE] = {0};
const byte pt128[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
const byte ct128[] = { 0x87,0x85,0xb1,0xa7,0x5b,0x0f,0x3b,0xd9,
0x58,0xdc,0xd0,0xe2,0x93,0x18,0xc5,0x21 };
const byte iv128[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
byte key128[] = { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
0xff,0xff,0xf0,0x00,0x00,0x00,0x00,0x00 };
len = sizeof(pt128);
#define STRESS_T(a, b, c, d, e, f, g, h, i) \
wolfSSL_AES_cbc_encrypt(a, b, c, d, e, f); \
AssertIntNE(XMEMCMP(b, g, h), i)
#define RESET_IV(x, y) XMEMCPY(x, y, AES_BLOCK_SIZE)
printf(testingFmt, "Stressing wolfSSL_AES_cbc_encrypt()");
STRESS_T(pt128N, out, len, &aes, iv128tmp, 1, ct128, AES_BLOCK_SIZE, 0);
STRESS_T(pt128, out, len, &aes, iv128N, 1, ct128, AES_BLOCK_SIZE, 0);
wolfSSL_AES_cbc_encrypt(pt128, outN, len, &aes, iv128tmp, AES_ENCRYPT);
AssertIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
wolfSSL_AES_cbc_encrypt(pt128, out, len, aesN, iv128tmp, AES_ENCRYPT);
AssertIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
STRESS_T(pt128, out, lenB, &aes, iv128tmp, 1, ct128, AES_BLOCK_SIZE, 0);
printf(resultFmt, "Stress Tests: passed");
printf(testingFmt, "Stressing wolfSSL_AES_set_encrypt_key");
AssertIntNE(wolfSSL_AES_set_encrypt_key(key128N, sizeof(key128)*8, &aes),0);
AssertIntNE(wolfSSL_AES_set_encrypt_key(key128, sizeof(key128)*8, aesN),0);
AssertIntNE(wolfSSL_AES_set_encrypt_key(key128, keySz0, &aes), 0);
AssertIntNE(wolfSSL_AES_set_encrypt_key(key128, keySzN, &aes), 0);
printf(resultFmt, "Stress Tests: passed");
printf(testingFmt, "Stressing wolfSSL_AES_set_decrypt_key");
AssertIntNE(wolfSSL_AES_set_decrypt_key(key128N, sizeof(key128)*8, &aes),0);
AssertIntNE(wolfSSL_AES_set_decrypt_key(key128N, sizeof(key128)*8, aesN),0);
AssertIntNE(wolfSSL_AES_set_decrypt_key(key128, keySz0, &aes), 0);
AssertIntNE(wolfSSL_AES_set_decrypt_key(key128, keySzN, &aes), 0);
printf(resultFmt, "Stress Tests: passed");
#ifdef WOLFSSL_AES_128
printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 128-bit");
XMEMSET(out, 0, AES_BLOCK_SIZE);
RESET_IV(iv128tmp, iv128);
AssertIntEQ(wolfSSL_AES_set_encrypt_key(key128, sizeof(key128)*8, &aes), 0);
wolfSSL_AES_cbc_encrypt(pt128, out, len, &aes, iv128tmp, AES_ENCRYPT);
AssertIntEQ(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
printf(resultFmt, "passed");
#ifdef HAVE_AES_DECRYPT
printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 128-bit in decrypt mode");
XMEMSET(out, 0, AES_BLOCK_SIZE);
RESET_IV(iv128tmp, iv128);
len = sizeof(ct128);
AssertIntEQ(wolfSSL_AES_set_decrypt_key(key128, sizeof(key128)*8, &aes), 0);
wolfSSL_AES_cbc_encrypt(ct128, out, len, &aes, iv128tmp, AES_DECRYPT);
AssertIntEQ(XMEMCMP(out, pt128, AES_BLOCK_SIZE), 0);
printf(resultFmt, "passed");
#endif
#endif /* WOLFSSL_AES_128 */
#ifdef WOLFSSL_AES_192
/* Test vectors from NIST Special Publication 800-38A, 2001 Edition
* Appendix F.2.3 */
byte iv192tmp[AES_BLOCK_SIZE] = {0};
const byte pt192[] = { 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a };
const byte ct192[] = { 0x4f,0x02,0x1d,0xb2,0x43,0xbc,0x63,0x3d,
0x71,0x78,0x18,0x3a,0x9f,0xa0,0x71,0xe8 };
const byte iv192[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F };
byte key192[] = { 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b };
len = sizeof(pt192);
printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 192-bit");
XMEMSET(out, 0, AES_BLOCK_SIZE);
RESET_IV(iv192tmp, iv192);
AssertIntEQ(wolfSSL_AES_set_encrypt_key(key192, sizeof(key192)*8, &aes), 0);
wolfSSL_AES_cbc_encrypt(pt192, out, len, &aes, iv192tmp, AES_ENCRYPT);
AssertIntEQ(XMEMCMP(out, ct192, AES_BLOCK_SIZE), 0);
printf(resultFmt, "passed");
#ifdef HAVE_AES_DECRYPT
printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 192-bit in decrypt mode");
len = sizeof(ct192);
RESET_IV(iv192tmp, iv192);
XMEMSET(out, 0, AES_BLOCK_SIZE);
AssertIntEQ(wolfSSL_AES_set_decrypt_key(key192, sizeof(key192)*8, &aes), 0);
wolfSSL_AES_cbc_encrypt(ct192, out, len, &aes, iv192tmp, AES_DECRYPT);
AssertIntEQ(XMEMCMP(out, pt192, AES_BLOCK_SIZE), 0);
printf(resultFmt, "passed");
#endif
#endif /* WOLFSSL_AES_192 */
#ifdef WOLFSSL_AES_256
/* Test vectors from NIST Special Publication 800-38A, 2001 Edition,
* Appendix F.2.5 */
byte iv256tmp[AES_BLOCK_SIZE] = {0};
const byte pt256[] = { 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a };
const byte ct256[] = { 0xf5,0x8c,0x4c,0x04,0xd6,0xe5,0xf1,0xba,
0x77,0x9e,0xab,0xfb,0x5f,0x7b,0xfb,0xd6 };
const byte iv256[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F };
byte key256[] = { 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 };
len = sizeof(pt256);
printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 256-bit");
XMEMSET(out, 0, AES_BLOCK_SIZE);
RESET_IV(iv256tmp, iv256);
AssertIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0);
wolfSSL_AES_cbc_encrypt(pt256, out, len, &aes, iv256tmp, AES_ENCRYPT);
AssertIntEQ(XMEMCMP(out, ct256, AES_BLOCK_SIZE), 0);
printf(resultFmt, "passed");
#ifdef HAVE_AES_DECRYPT
printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 256-bit in decrypt mode");
len = sizeof(ct256);
RESET_IV(iv256tmp, iv256);
XMEMSET(out, 0, AES_BLOCK_SIZE);
AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
wolfSSL_AES_cbc_encrypt(ct256, out, len, &aes, iv256tmp, AES_DECRYPT);
AssertIntEQ(XMEMCMP(out, pt256, AES_BLOCK_SIZE), 0);
printf(resultFmt, "passed");
#endif
#if defined(HAVE_AES_KEYWRAP) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
byte wrapCipher[sizeof(key256) + KEYWRAP_BLOCK_SIZE] = { 0 };
byte wrapPlain[sizeof(key256)] = { 0 };
byte wrapIV[KEYWRAP_BLOCK_SIZE] = { 0 };
printf(testingFmt, "wolfSSL_AES_wrap_key() 256-bit NULL iv");
AssertIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0);
AssertIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, wrapCipher, key256,
15), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, wrapCipher, key256,
sizeof(key256)), sizeof(wrapCipher));
printf(resultFmt, "passed");
printf(testingFmt, "wolfSSL_AES_unwrap_key() 256-bit NULL iv");
AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
AssertIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, wrapPlain, wrapCipher,
23), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, wrapPlain, wrapCipher,
sizeof(wrapCipher)), sizeof(wrapPlain));
AssertIntEQ(XMEMCMP(wrapPlain, key256, sizeof(key256)), 0);
printf(resultFmt, "passed");
XMEMSET(wrapCipher, 0, sizeof(wrapCipher));
XMEMSET(wrapPlain, 0, sizeof(wrapPlain));
printf(testingFmt, "wolfSSL_AES_wrap_key() 256-bit custom iv");
AssertIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0);
AssertIntEQ(wolfSSL_AES_wrap_key(&aes, wrapIV, wrapCipher, key256,
sizeof(key256)), sizeof(wrapCipher));
printf(resultFmt, "passed");
printf(testingFmt, "wolfSSL_AES_unwrap_key() 256-bit custom iv");
AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
AssertIntEQ(wolfSSL_AES_unwrap_key(&aes, wrapIV, wrapPlain, wrapCipher,
sizeof(wrapCipher)), sizeof(wrapPlain));
AssertIntEQ(XMEMCMP(wrapPlain, key256, sizeof(key256)), 0);
printf(resultFmt, "passed");
#endif /* HAVE_AES_KEYWRAP */
#endif /* WOLFSSL_AES_256 */
#endif
}
static void test_wolfSSL_CRYPTO_cts128(void)
{
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(OPENSSL_EXTRA) \
&& defined(HAVE_CTS)
byte tmp[64]; /* Largest vector size */
/* Test vectors taken form RFC3962 Appendix B */
const testVector vects[] = {
{
"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
"\x20",
"\xc6\x35\x35\x68\xf2\xbf\x8c\xb4\xd8\xa5\x80\x36\x2d\xa7\xff\x7f"
"\x97",
17, 17
},
{
"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20",
"\xfc\x00\x78\x3e\x0e\xfd\xb2\xc1\xd4\x45\xd4\xc8\xef\xf7\xed\x22"
"\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5",
31, 31
},
{
"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43",
"\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8"
"\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84",
32, 32
},
{
"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
"\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c",
"\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
"\xb3\xff\xfd\x94\x0c\x16\xa1\x8c\x1b\x55\x49\xd2\xf8\x38\x02\x9e"
"\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5",
47, 47
},
{
"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
"\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20",
"\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
"\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8"
"\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8",
48, 48
},
{
"\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
"\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
"\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20"
"\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e",
"\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
"\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8"
"\x48\x07\xef\xe8\x36\xee\x89\xa5\x26\x73\x0d\xbc\x2f\x7b\xc8\x40"
"\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8",
64, 64
}
};
byte keyBytes[AES_128_KEY_SIZE] = {
0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69
};
size_t i;
XMEMSET(tmp, 0, sizeof(tmp));
for (i = 0; i < sizeof(vects)/sizeof(vects[0]); i++) {
AES_KEY encKey;
AES_KEY decKey;
byte iv[AES_IV_SIZE]; /* All-zero IV for all cases */
XMEMSET(iv, 0, sizeof(iv));
AssertIntEQ(AES_set_encrypt_key(keyBytes, AES_128_KEY_SIZE * 8, &encKey), 0);
AssertIntEQ(AES_set_decrypt_key(keyBytes, AES_128_KEY_SIZE * 8, &decKey), 0);
AssertIntEQ(CRYPTO_cts128_encrypt((const unsigned char*)vects[i].input,
tmp, vects[i].inLen, &encKey, iv, (cbc128_f)AES_cbc_encrypt),
vects[i].outLen);
AssertIntEQ(XMEMCMP(tmp, vects[i].output, vects[i].outLen), 0);
XMEMSET(iv, 0, sizeof(iv));
AssertIntEQ(CRYPTO_cts128_decrypt((const unsigned char*)vects[i].output,
tmp, vects[i].outLen, &decKey, iv, (cbc128_f)AES_cbc_encrypt),
vects[i].inLen);
AssertIntEQ(XMEMCMP(tmp, vects[i].input, vects[i].inLen), 0);
}
#endif /* !NO_AES && HAVE_AES_CBC && OPENSSL_EXTRA && HAVE_CTS */
}
#if defined(OPENSSL_ALL)
#if !defined(NO_ASN)
static void test_wolfSSL_ASN1_STRING_to_UTF8(void)
{
#if !defined(NO_RSA)
WOLFSSL_X509* x509;
WOLFSSL_X509_NAME* subject;
WOLFSSL_X509_NAME_ENTRY* e;
WOLFSSL_ASN1_STRING* a;
FILE* file;
int idx = 0;
char targetOutput[16] = "www.wolfssl.com";
unsigned char* actual_output;
int len = 0;
int result = 0;
AssertNotNull(file = fopen("./certs/server-cert.pem", "rb"));
AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
fclose(file);
printf(testingFmt, "wolfSSL_ASN1_STRING_to_UTF8(): NID_commonName");
AssertNotNull(subject = wolfSSL_X509_get_subject_name(x509));
AssertIntEQ((idx = wolfSSL_X509_NAME_get_index_by_NID(subject,
NID_commonName, -1)), 5);
AssertNotNull(e = wolfSSL_X509_NAME_get_entry(subject, idx));
AssertNotNull(a = wolfSSL_X509_NAME_ENTRY_get_data(e));
AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(&actual_output, a)), 15);
result = strncmp((const char*)actual_output, targetOutput, len);
AssertIntEQ(result, 0);
printf(resultFmt, result == 0 ? passed : failed);
printf(testingFmt, "wolfSSL_ASN1_STRING_to_UTF8(NULL, valid): ");
AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(NULL, a)),
WOLFSSL_FATAL_ERROR);
printf(resultFmt, len == WOLFSSL_FATAL_ERROR ? passed : failed);
printf(testingFmt, "wolfSSL_ASN1_STRING_to_UTF8(valid, NULL): ");
AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(&actual_output, NULL)),
WOLFSSL_FATAL_ERROR);
printf(resultFmt, len == WOLFSSL_FATAL_ERROR ? passed : failed);
printf(testingFmt, "wolfSSL_ASN1_STRING_to_UTF8(NULL, NULL): ");
AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(NULL, NULL)),
WOLFSSL_FATAL_ERROR);
printf(resultFmt, len == WOLFSSL_FATAL_ERROR ? passed : failed);
wolfSSL_X509_free(x509);
XFREE(actual_output, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
}
static void test_wolfSSL_ASN1_UNIVERSALSTRING_to_string(void)
{
ASN1_STRING* asn1str_test;
ASN1_STRING* asn1str_answer;
/* Each character is encoded using 4 bytes */
char input[] = {
0, 0, 0, 'T',
0, 0, 0, 'e',
0, 0, 0, 's',
0, 0, 0, 't',
};
char output[] = "Test";
printf(testingFmt, "test_wolfSSL_ASN1_UNIVERSALSTRING_to_string()");
AssertNotNull(asn1str_test = ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING));
AssertIntEQ(ASN1_STRING_set(asn1str_test, input, sizeof(input)), 1);
AssertIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 1);
AssertNotNull(asn1str_answer = ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING));
AssertIntEQ(ASN1_STRING_set(asn1str_answer, output, sizeof(output)-1), 1);
AssertIntEQ(ASN1_STRING_cmp(asn1str_test, asn1str_answer), 0);
ASN1_STRING_free(asn1str_test);
ASN1_STRING_free(asn1str_answer);
printf(resultFmt, "passed");
}
#endif /* !defined(NO_ASN) */
static void test_wolfSSL_sk_CIPHER_description(void)
{
#if !defined(NO_RSA)
const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION;
int i,j,k;
int numCiphers = 0;
const SSL_METHOD *method = NULL;
const SSL_CIPHER *cipher = NULL;
STACK_OF(SSL_CIPHER) *supportedCiphers = NULL;
SSL_CTX *ctx = NULL;
SSL *ssl = NULL;
char buf[256];
char test_str[9] = "0000000";
const char badStr[] = "unknown";
const char certPath[] = "./certs/client-cert.pem";
XMEMSET(buf, 0, sizeof(buf));
printf(testingFmt, "wolfSSL_sk_CIPHER_description");
AssertNotNull(method = TLSv1_2_client_method());
AssertNotNull(ctx = SSL_CTX_new(method));
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
SSL_CTX_set_verify_depth(ctx, 4);
SSL_CTX_set_options(ctx, flags);
AssertIntEQ(SSL_CTX_load_verify_locations(ctx, certPath, NULL),
WOLFSSL_SUCCESS);
AssertNotNull(ssl = SSL_new(ctx));
/* SSL_get_ciphers returns a stack of all configured ciphers
* A flag, getCipherAtOffset, is set to later have SSL_CIPHER_description
*/
AssertNotNull(supportedCiphers = SSL_get_ciphers(ssl));
/* loop through the amount of supportedCiphers */
numCiphers = sk_num(supportedCiphers);
for (i = 0; i < numCiphers; ++i) {
/* sk_value increments "sk->data.cipher->cipherOffset".
* wolfSSL_sk_CIPHER_description sets the description for
* the cipher based on the provided offset.
*/
if ((cipher = (const WOLFSSL_CIPHER*)sk_value(supportedCiphers, i))) {
SSL_CIPHER_description(cipher, buf, sizeof(buf));
}
/* Search cipher description string for "unknown" descriptor */
for (j = 0; j < (int)XSTRLEN(buf); j++) {
k = 0;
while ((k < (int)XSTRLEN(badStr)) && (buf[j] == badStr[k])) {
test_str[k] = badStr[k];
j++;
k++;
}
}
/* Fail if test_str == badStr == "unknown" */
AssertStrNE(test_str,badStr);
}
SSL_free(ssl);
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_get_ciphers_compat(void)
{
#if !defined(NO_RSA)
const SSL_METHOD *method = NULL;
const char certPath[] = "./certs/client-cert.pem";
STACK_OF(SSL_CIPHER) *supportedCiphers = NULL;
SSL_CTX *ctx = NULL;
WOLFSSL *ssl = NULL;
const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION;
printf(testingFmt, "wolfSSL_get_ciphers_compat");
method = SSLv23_client_method();
AssertNotNull(method);
ctx = SSL_CTX_new(method);
AssertNotNull(ctx);
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
SSL_CTX_set_verify_depth(ctx, 4);
SSL_CTX_set_options(ctx, flags);
AssertIntEQ(SSL_CTX_load_verify_locations(ctx, certPath, NULL),
WOLFSSL_SUCCESS);
AssertNotNull(ssl = SSL_new(ctx));
/* Test Bad NULL input */
AssertNull(supportedCiphers = SSL_get_ciphers(NULL));
/* Test for Good input */
AssertNotNull(supportedCiphers = SSL_get_ciphers(ssl));
/* Further usage of SSL_get_ciphers/wolfSSL_get_ciphers_compat is
* tested in test_wolfSSL_sk_CIPHER_description according to Qt usage */
SSL_free(ssl);
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_PUBKEY_get(void)
{
WOLFSSL_X509_PUBKEY pubkey;
WOLFSSL_X509_PUBKEY* key;
WOLFSSL_EVP_PKEY evpkey ;
WOLFSSL_EVP_PKEY* evpPkey;
WOLFSSL_EVP_PKEY* retEvpPkey;
XMEMSET(&pubkey, 0, sizeof(WOLFSSL_X509_PUBKEY));
XMEMSET(&evpkey, 0, sizeof(WOLFSSL_EVP_PKEY));
key = &pubkey;
evpPkey = &evpkey;
evpPkey->type = WOLFSSL_SUCCESS;
key->pkey = evpPkey;
printf(testingFmt, "wolfSSL_X509_PUBKEY_get()");
AssertNotNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(key));
AssertIntEQ(retEvpPkey->type, WOLFSSL_SUCCESS);
AssertNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(NULL));
key->pkey = NULL;
AssertNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(key));
printf(resultFmt,retEvpPkey == NULL ? passed : failed);
}
static void test_wolfSSL_d2i_DHparams(void)
{
#if !defined(NO_DH) && (defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072))
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
FILE* f = NULL;
unsigned char buf[4096];
const unsigned char* pt = buf;
#ifdef HAVE_FFDHE_2048
const char* params1 = "./certs/dh2048.der";
#endif
#ifdef HAVE_FFDHE_3072
const char* params2 = "./certs/dh3072.der";
#endif
long len = 0;
WOLFSSL_DH* dh = NULL;
XMEMSET(buf, 0, sizeof(buf));
/* Test 2048 bit parameters */
#ifdef HAVE_FFDHE_2048
printf(testingFmt, "wolfSSL_d2i_DHparams() 2048-bit");
f = XFOPEN(params1, "rb");
AssertTrue(f != XBADFILE);
len = (long)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
/* Valid case */
AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
AssertNotNull(dh->p);
AssertNotNull(dh->g);
AssertTrue(pt != buf);
#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
AssertIntEQ(DH_set_length(dh, BN_num_bits(dh->p)), WOLFSSL_SUCCESS);
#endif
AssertIntEQ(DH_generate_key(dh), WOLFSSL_SUCCESS);
/* Invalid cases */
AssertNull(wolfSSL_d2i_DHparams(NULL, NULL, len));
AssertNull(wolfSSL_d2i_DHparams(NULL, &pt, -1));
AssertNull(wolfSSL_d2i_DHparams(NULL, &pt, 10));
DH_free(dh);
printf(resultFmt, passed);
*buf = 0;
pt = buf;
#endif /* HAVE_FFDHE_2048 */
/* Test 3072 bit parameters */
#ifdef HAVE_FFDHE_3072
printf(testingFmt, "wolfSSL_d2i_DHparams() 3072-bit");
f = XFOPEN(params2, "rb");
AssertTrue(f != XBADFILE);
len = (long)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
/* Valid case */
AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
AssertNotNull(dh->p);
AssertNotNull(dh->g);
AssertTrue(pt != buf);
AssertIntEQ(DH_generate_key(dh), 1);
/* Invalid cases */
AssertNull(wolfSSL_d2i_DHparams(NULL, NULL, len));
AssertNull(wolfSSL_d2i_DHparams(NULL, &pt, -1));
DH_free(dh);
printf(resultFmt, passed);
#endif /* HAVE_FFDHE_3072 */
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
#endif /* !NO_DH */
}
static void test_wolfSSL_i2d_DHparams(void)
{
#if !defined(NO_DH) && (defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072))
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
FILE* f;
unsigned char buf[4096];
const unsigned char* pt = buf;
unsigned char* pt2 = buf;
#ifdef HAVE_FFDHE_2048
const char* params1 = "./certs/dh2048.der";
#endif
#ifdef HAVE_FFDHE_3072
const char* params2 = "./certs/dh3072.der";
#endif
long len;
WOLFSSL_DH* dh;
/* Test 2048 bit parameters */
#ifdef HAVE_FFDHE_2048
printf(testingFmt, "wolfSSL_i2d_DHparams() 2048-bit");
f = XFOPEN(params1, "rb");
AssertTrue(f != XBADFILE);
len = (long)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
/* Valid case */
AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
AssertTrue(pt != buf);
AssertIntEQ(DH_generate_key(dh), 1);
AssertIntEQ(wolfSSL_i2d_DHparams(dh, &pt2), 268);
/* Invalid case */
AssertIntEQ(wolfSSL_i2d_DHparams(NULL, &pt2), 0);
/* Return length only */
AssertIntEQ(wolfSSL_i2d_DHparams(dh, NULL), 268);
DH_free(dh);
printf(resultFmt, passed);
*buf = 0;
pt = buf;
pt2 = buf;
#endif
/* Test 3072 bit parameters */
#ifdef HAVE_FFDHE_3072
printf(testingFmt, "wolfSSL_i2d_DHparams() 3072-bit");
f = XFOPEN(params2, "rb");
AssertTrue(f != XBADFILE);
len = (long)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
/* Valid case */
AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
AssertTrue(pt != buf);
AssertIntEQ(DH_generate_key(dh), 1);
AssertIntEQ(wolfSSL_i2d_DHparams(dh, &pt2), 396);
/* Invalid case */
AssertIntEQ(wolfSSL_i2d_DHparams(NULL, &pt2), 0);
/* Return length only */
AssertIntEQ(wolfSSL_i2d_DHparams(dh, NULL), 396);
DH_free(dh);
printf(resultFmt, passed);
#endif
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
#endif
}
static void test_wolfSSL_EC_KEY_dup(void)
{
#if defined(HAVE_ECC) && (defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL))
WOLFSSL_EC_KEY* ecKey;
WOLFSSL_EC_KEY* dupKey;
ecc_key* srcKey;
ecc_key* destKey;
printf(testingFmt, "wolfSSL_EC_KEY_dup()");
AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
/* Valid cases */
AssertNotNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
AssertIntEQ(EC_KEY_check_key(dupKey), 1);
/* Compare pubkey */
srcKey = (ecc_key*)ecKey->internal;
destKey = (ecc_key*)dupKey->internal;
AssertIntEQ(wc_ecc_cmp_point(&srcKey->pubkey, &destKey->pubkey), 0);
/* compare EC_GROUP */
AssertIntEQ(wolfSSL_EC_GROUP_cmp(ecKey->group, dupKey->group, NULL), MP_EQ);
/* compare EC_POINT */
AssertIntEQ(wolfSSL_EC_POINT_cmp(ecKey->group, ecKey->pub_key, \
dupKey->pub_key, NULL), MP_EQ);
/* compare BIGNUM */
AssertIntEQ(wolfSSL_BN_cmp(ecKey->priv_key, dupKey->priv_key), MP_EQ);
wolfSSL_EC_KEY_free(dupKey);
/* Invalid cases */
/* NULL key */
AssertNull(dupKey = wolfSSL_EC_KEY_dup(NULL));
/* NULL ecc_key */
wc_ecc_free((ecc_key*)ecKey->internal);
XFREE(ecKey->internal, NULL, DYNAMIC_TYPE_ECC);
ecKey->internal = NULL; /* Set ecc_key to NULL */
AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
wolfSSL_EC_KEY_free(ecKey);
wolfSSL_EC_KEY_free(dupKey);
/* NULL Group */
AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
wolfSSL_EC_GROUP_free(ecKey->group);
ecKey->group = NULL; /* Set group to NULL */
AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
wolfSSL_EC_KEY_free(ecKey);
wolfSSL_EC_KEY_free(dupKey);
/* NULL public key */
AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
wc_ecc_del_point((ecc_point*)ecKey->pub_key->internal);
ecKey->pub_key->internal = NULL; /* Set ecc_point to NULL */
AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
wolfSSL_EC_POINT_free(ecKey->pub_key);
ecKey->pub_key = NULL; /* Set pub_key to NULL */
AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
wolfSSL_EC_KEY_free(ecKey);
wolfSSL_EC_KEY_free(dupKey);
/* NULL private key */
AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
wolfSSL_BN_free(ecKey->priv_key);
ecKey->priv_key = NULL; /* Set priv_key to NULL */
AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
wolfSSL_EC_KEY_free(ecKey);
wolfSSL_EC_KEY_free(dupKey);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_set1_get1_DSA(void)
{
#if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN)
DSA *dsa = NULL;
DSA *setDsa = NULL;
EVP_PKEY *pkey = NULL;
EVP_PKEY *set1Pkey = NULL;
SHA_CTX sha;
byte signature[DSA_SIG_SIZE];
byte hash[WC_SHA_DIGEST_SIZE];
word32 bytes;
int answer;
#ifdef USE_CERT_BUFFERS_1024
const unsigned char* dsaKeyDer = dsa_key_der_1024;
int dsaKeySz = sizeof_dsa_key_der_1024;
byte tmp[ONEK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XMEMCPY(tmp, dsaKeyDer , dsaKeySz);
bytes = dsaKeySz;
#elif defined(USE_CERT_BUFFERS_2048)
const unsigned char* dsaKeyDer = dsa_key_der_2048;
int dsaKeySz = sizeof_dsa_key_der_2048;
byte tmp[TWOK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XMEMCPY(tmp, dsaKeyDer , dsaKeySz);
bytes = dsaKeySz;
#else
byte tmp[TWOK_BUF];
const unsigned char* dsaKeyDer = (const unsigned char*)tmp;
int dsaKeySz;
XMEMSET(tmp, 0, sizeof(tmp));
XFILE fp = XFOPEN("./certs/dsa2048.der", "rb");
if (fp == XBADFILE) {
return WOLFSSL_BAD_FILE;
}
dsaKeySz = bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
XFCLOSE(fp);
#endif /* END USE_CERT_BUFFERS_1024 */
printf(testingFmt,
"wolfSSL_EVP_PKEY_set1_DSA and wolfSSL_EVP_PKEY_get1_DSA");
/* Create hash to later Sign and Verify */
AssertIntEQ(SHA1_Init(&sha), WOLFSSL_SUCCESS);
AssertIntEQ(SHA1_Update(&sha, tmp, bytes), WOLFSSL_SUCCESS);
AssertIntEQ(SHA1_Final(hash,&sha), WOLFSSL_SUCCESS);
/* Initialize pkey with der format dsa key */
AssertNotNull(d2i_PrivateKey(EVP_PKEY_DSA, &pkey,
&dsaKeyDer ,(long)dsaKeySz));
/* Test wolfSSL_EVP_PKEY_get1_DSA */
/* Should Fail: NULL argument */
AssertNull(dsa = EVP_PKEY_get0_DSA(NULL));
AssertNull(dsa = EVP_PKEY_get1_DSA(NULL));
/* Should Pass: Initialized pkey argument */
AssertNotNull(dsa = EVP_PKEY_get0_DSA(pkey));
AssertNotNull(dsa = EVP_PKEY_get1_DSA(pkey));
#ifdef USE_CERT_BUFFERS_1024
AssertIntEQ(DSA_bits(dsa), 1024);
#else
AssertIntEQ(DSA_bits(dsa), 2048);
#endif
/* Sign */
AssertIntEQ(wolfSSL_DSA_do_sign(hash, signature, dsa), WOLFSSL_SUCCESS);
/* Verify. */
AssertIntEQ(wolfSSL_DSA_do_verify(hash, signature, dsa, &answer),
WOLFSSL_SUCCESS);
/* Test wolfSSL_EVP_PKEY_set1_DSA */
/* Should Fail: set1Pkey not initialized */
AssertIntNE(EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS);
/* Initialize set1Pkey */
set1Pkey = EVP_PKEY_new();
/* Should Fail Verify: setDsa not initialized from set1Pkey */
AssertIntNE(wolfSSL_DSA_do_verify(hash,signature,setDsa,&answer),
WOLFSSL_SUCCESS);
/* Should Pass: set dsa into set1Pkey */
AssertIntEQ(EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS);
printf(resultFmt, passed);
DSA_free(dsa);
DSA_free(setDsa);
EVP_PKEY_free(pkey);
EVP_PKEY_free(set1Pkey);
#endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */
} /* END test_EVP_PKEY_set1_get1_DSA */
static void test_wolfSSL_DSA_SIG(void)
{
#if !defined(NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) && \
!defined(HAVE_FIPS)
DSA *dsa = NULL;
DSA *dsa2 = NULL;
DSA_SIG *sig = NULL;
const BIGNUM *p = NULL;
const BIGNUM *q = NULL;
const BIGNUM *g = NULL;
const BIGNUM *pub = NULL;
const BIGNUM *priv = NULL;
const byte digest[WC_SHA_DIGEST_SIZE] = {0};
printf(testingFmt, "wolfSSL_DSA_SIG");
AssertNotNull(dsa = DSA_generate_parameters(2048,
NULL, 0, NULL, NULL, NULL, NULL));
DSA_free(dsa);
AssertNotNull(dsa = DSA_new());
AssertIntEQ(DSA_generate_parameters_ex(dsa, 2048,
NULL, 0, NULL, NULL, NULL), 1);
AssertIntEQ(DSA_generate_key(dsa), 1);
DSA_get0_pqg(dsa, &p, &q, &g);
DSA_get0_key(dsa, &pub, &priv);
AssertNotNull(p = BN_dup(p));
AssertNotNull(q = BN_dup(q));
AssertNotNull(g = BN_dup(g));
AssertNotNull(pub = BN_dup(pub));
AssertNotNull(priv = BN_dup(priv));
AssertNotNull(sig = DSA_do_sign(digest, sizeof(digest), dsa));
AssertNotNull(dsa2 = DSA_new());
AssertIntEQ(DSA_set0_pqg(dsa2, (BIGNUM*)p, (BIGNUM*)q, (BIGNUM*)g), 1);
AssertIntEQ(DSA_set0_key(dsa2, (BIGNUM*)pub, (BIGNUM*)priv), 1);
AssertIntEQ(DSA_do_verify(digest, sizeof(digest), sig, dsa2), 1);
printf(resultFmt, passed);
DSA_free(dsa);
DSA_free(dsa2);
DSA_SIG_free(sig);
#endif
}
static void test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY (void)
{
#ifdef HAVE_ECC
WOLFSSL_EC_KEY *ecKey = NULL;
WOLFSSL_EC_KEY *ecGet1 = NULL;
EVP_PKEY *pkey = NULL;
printf(testingFmt,
"wolfSSL_EVP_PKEY_set1_EC_KEY and wolfSSL_EVP_PKEY_get1_EC_KEY");
AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
/* Test wolfSSL_EVP_PKEY_set1_EC_KEY */
AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(NULL, ecKey), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, NULL), WOLFSSL_FAILURE);
/* Should fail since ecKey is empty */
AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS);
/* Test wolfSSL_EVP_PKEY_get1_EC_KEY */
AssertNull(wolfSSL_EVP_PKEY_get1_EC_KEY(NULL));
AssertNotNull(ecGet1 = wolfSSL_EVP_PKEY_get1_EC_KEY(pkey));
wolfSSL_EC_KEY_free(ecKey);
wolfSSL_EC_KEY_free(ecGet1);
EVP_PKEY_free(pkey);
/* PASSED */
printf(resultFmt, passed);
#endif /* HAVE_ECC */
} /* END test_EVP_PKEY_set1_get1_EC_KEY */
static void test_wolfSSL_EVP_PKEY_set1_get1_DH (void)
{
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_OPENSSH)
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
#if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM)
DH *dh = NULL;
DH *setDh = NULL;
EVP_PKEY *pkey = NULL;
FILE* f = NULL;
unsigned char buf[4096];
const unsigned char* pt = buf;
const char* dh2048 = "./certs/dh2048.der";
long len = 0;
int code = -1;
printf(testingFmt,"wolfSSL_EVP_PKEY_set1_DH and wolfSSL_EVP_PKEY_get1_DH");
XMEMSET(buf, 0, sizeof(buf));
f = XFOPEN(dh2048, "rb");
AssertTrue(f != XBADFILE);
len = (long)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
/* Load dh2048.der into DH with internal format */
AssertNotNull(setDh = wolfSSL_d2i_DHparams(NULL, &pt, len));
AssertIntEQ(wolfSSL_DH_check(setDh, &code), WOLFSSL_SUCCESS);
AssertIntEQ(code, 0);
code = -1;
pkey = wolfSSL_EVP_PKEY_new();
/* Set DH into PKEY */
AssertIntEQ(wolfSSL_EVP_PKEY_set1_DH(pkey, setDh), WOLFSSL_SUCCESS);
/* Get DH from PKEY */
AssertNotNull(dh = wolfSSL_EVP_PKEY_get1_DH(pkey));
AssertIntEQ(wolfSSL_DH_check(dh, &code), WOLFSSL_SUCCESS);
AssertIntEQ(code, 0);
EVP_PKEY_free(pkey);
DH_free(setDh);
DH_free(dh);
printf(resultFmt, passed);
#endif /* !NO_DH && WOLFSSL_DH_EXTRA && !NO_FILESYSTEM */
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
#endif /* OPENSSL_ALL || WOLFSSL_QT || WOLFSSL_OPENSSH */
} /* END test_EVP_PKEY_set1_get1_DH */
static void test_wolfSSL_CTX_ctrl(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
char caFile[] = "./certs/client-ca.pem";
char clientFile[] = "./certs/client-cert.pem";
SSL_CTX* ctx;
X509* x509 = NULL;
#if !defined(NO_DH) && !defined(NO_DSA) && !defined(NO_BIO)
byte buf[6000];
char file[] = "./certs/dsaparams.pem";
XFILE f;
int bytes;
BIO* bio;
DSA* dsa;
DH* dh;
#endif
#ifdef HAVE_ECC
WOLFSSL_EC_KEY* ecKey;
#endif
printf(testingFmt, "wolfSSL_CTX_ctrl");
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
x509 = wolfSSL_X509_load_certificate_file(caFile, WOLFSSL_FILETYPE_PEM);
AssertNotNull(x509);
AssertIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), WOLFSSL_SUCCESS);
x509 = wolfSSL_X509_load_certificate_file(clientFile, WOLFSSL_FILETYPE_PEM);
AssertNotNull(x509);
#if !defined(NO_DH) && !defined(NO_DSA) && !defined(NO_BIO)
/* Initialize DH */
f = XFOPEN(file, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
bio = BIO_new_mem_buf((void*)buf, bytes);
AssertNotNull(bio);
dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
AssertNotNull(dsa);
dh = wolfSSL_DSA_dup_DH(dsa);
AssertNotNull(dh);
#endif
#ifdef HAVE_ECC
/* Initialize WOLFSSL_EC_KEY */
AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey),1);
#endif
#if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
/* additional test of getting EVP_PKEY key size from X509
* Do not run with user RSA because wolfSSL_RSA_size is not currently
* allowed with user RSA */
{
EVP_PKEY* pkey;
#if defined(HAVE_ECC)
X509* ecX509;
#endif /* HAVE_ECC */
AssertNotNull(pkey = X509_get_pubkey(x509));
/* current RSA key is 2048 bit (256 bytes) */
AssertIntEQ(EVP_PKEY_size(pkey), 256);
EVP_PKEY_free(pkey);
#if defined(HAVE_ECC)
#if defined(USE_CERT_BUFFERS_256)
AssertNotNull(ecX509 = wolfSSL_X509_load_certificate_buffer(
cliecc_cert_der_256, sizeof_cliecc_cert_der_256,
SSL_FILETYPE_ASN1));
#else
AssertNotNull(ecX509 = wolfSSL_X509_load_certificate_file(
cliEccCertFile, SSL_FILETYPE_PEM));
#endif
AssertNotNull(pkey = X509_get_pubkey(ecX509));
/* current ECC key is 256 bit (32 bytes) */
AssertIntEQ(EVP_PKEY_size(pkey), 32);
X509_free(ecX509);
EVP_PKEY_free(pkey);
#endif /* HAVE_ECC */
}
#endif /* !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) */
/* Tests should fail with passed in NULL pointer */
AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,NULL),
SSL_FAILURE);
#if !defined(NO_DH) && !defined(NO_DSA)
AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,NULL),
SSL_FAILURE);
#endif
#ifdef HAVE_ECC
AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,NULL),
SSL_FAILURE);
#endif
/* Test with SSL_CTRL_EXTRA_CHAIN_CERT
* wolfSSL_CTX_ctrl should succesffuly call SSL_CTX_add_extra_chain_cert
*/
AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,x509),
SSL_SUCCESS);
/* Test with SSL_CTRL_OPTIONS
* wolfSSL_CTX_ctrl should succesffuly call SSL_CTX_set_options
*/
AssertTrue(wolfSSL_CTX_ctrl(ctx,SSL_CTRL_OPTIONS,SSL_OP_NO_TLSv1,NULL)
== SSL_OP_NO_TLSv1);
AssertTrue(SSL_CTX_get_options(ctx) == SSL_OP_NO_TLSv1);
/* Test with SSL_CTRL_SET_TMP_DH
* wolfSSL_CTX_ctrl should succesffuly call wolfSSL_SSL_CTX_set_tmp_dh
*/
#if !defined(NO_DH) && !defined(NO_DSA) && !defined(NO_BIO)
AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,dh),
SSL_SUCCESS);
#endif
/* Test with SSL_CTRL_SET_TMP_ECDH
* wolfSSL_CTX_ctrl should succesffuly call wolfSSL_SSL_CTX_set_tmp_ecdh
*/
#ifdef HAVE_ECC
AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,ecKey),
SSL_SUCCESS);
#endif
#ifdef WOLFSSL_ENCRYPTED_KEYS
AssertNull(SSL_CTX_get_default_passwd_cb(ctx));
AssertNull(SSL_CTX_get_default_passwd_cb_userdata(ctx));
#endif
/* Test for min/max proto */
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION,
0, NULL), SSL_SUCCESS);
AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION,
TLS1_2_VERSION, NULL), SSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_2_VERSION);
#endif
#ifdef WOLFSSL_TLS13
AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION,
0, NULL), SSL_SUCCESS);
AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION,
TLS1_3_VERSION, NULL), SSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_get_max_proto_version(ctx), TLS1_3_VERSION);
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION,
TLS1_2_VERSION, NULL), SSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_get_max_proto_version(ctx), TLS1_2_VERSION);
#endif
#endif
/* Cleanup and Pass */
#if !defined(NO_DH) && !defined(NO_DSA)
#ifndef NO_BIO
BIO_free(bio);
DSA_free(dsa);
DH_free(dh);
#endif
#endif
#ifdef HAVE_ECC
wolfSSL_EC_KEY_free(ecKey);
#endif
SSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) */
}
static void test_wolfSSL_DH_check(void)
{
#if !defined(NO_DH) && !defined(NO_DSA)
#ifndef NO_BIO
byte buf[6000];
char file[] = "./certs/dsaparams.pem";
XFILE f;
int bytes;
BIO* bio;
DSA* dsa;
DH* dh = NULL;
WOLFSSL_BIGNUM* pTmp = NULL;
WOLFSSL_BIGNUM* gTmp = NULL;
int codes = -1;
printf(testingFmt, "wolfSSL_DH_check");
/* Initialize DH */
f = XFOPEN(file, "rb");
AssertTrue((f != XBADFILE));
bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
bio = BIO_new_mem_buf((void*)buf, bytes);
AssertNotNull(bio);
dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
AssertNotNull(dsa);
dh = wolfSSL_DSA_dup_DH(dsa);
AssertNotNull(dh);
/* Test assumed to be valid dh.
* Should return WOLFSSL_SUCCESS
* codes should be 0
* Invalid codes = {DH_NOT_SUITABLE_GENERATOR, DH_CHECK_P_NOT_PRIME}
*/
AssertIntEQ(wolfSSL_DH_check(dh, &codes), WOLFSSL_SUCCESS);
AssertIntEQ(codes, 0);
/* Test NULL dh: expected BAD_FUNC_ARG */
AssertIntEQ(wolfSSL_DH_check(NULL, &codes), WOLFSSL_FAILURE);
/* Break dh prime to test if codes = DH_CHECK_P_NOT_PRIME */
pTmp = dh->p;
dh->p = NULL;
AssertIntEQ(wolfSSL_DH_check(dh, &codes), WOLFSSL_FAILURE);
AssertIntEQ(codes, DH_CHECK_P_NOT_PRIME);
/* set dh->p back to normal so it wont fail on next tests */
dh->p = pTmp;
pTmp = NULL;
/* Break dh generator to test if codes = DH_NOT_SUITABLE_GENERATOR */
gTmp = dh->g;
dh->g = NULL;
AssertIntEQ(wolfSSL_DH_check(dh, &codes), WOLFSSL_FAILURE);
AssertIntEQ(codes, DH_NOT_SUITABLE_GENERATOR);
dh->g = gTmp;
gTmp = NULL;
/* Cleanup and Pass Test */
BIO_free(bio);
DSA_free(dsa);
DH_free(dh);
printf(resultFmt, passed);
#endif
#endif /* !NO_DH && !NO_DSA */
}
static void test_wolfSSL_EVP_PKEY_assign(void)
{
int type;
WOLFSSL_EVP_PKEY* pkey;
#ifndef NO_RSA
WOLFSSL_RSA* rsa;
#endif
#ifndef NO_DSA
WOLFSSL_DSA* dsa;
#endif
#ifdef HAVE_ECC
WOLFSSL_EC_KEY* ecKey;
#endif
(void)pkey;
printf(testingFmt, "wolfSSL_EVP_PKEY_assign");
#ifndef NO_RSA
type = EVP_PKEY_RSA;
AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
AssertNotNull(rsa = wolfSSL_RSA_new());
AssertIntEQ(wolfSSL_EVP_PKEY_assign(NULL,type,rsa), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,NULL), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,-1,rsa), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,rsa), WOLFSSL_SUCCESS);
wolfSSL_EVP_PKEY_free(pkey);
#endif /* NO_RSA */
#ifndef NO_DSA
type = EVP_PKEY_DSA;
AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
AssertNotNull(dsa = wolfSSL_DSA_new());
AssertIntEQ(wolfSSL_EVP_PKEY_assign(NULL,type,dsa), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,NULL), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,-1,dsa), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,dsa), WOLFSSL_SUCCESS);
wolfSSL_EVP_PKEY_free(pkey);
#endif /* NO_DSA */
#ifdef HAVE_ECC
type = EVP_PKEY_EC;
AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
AssertIntEQ(wolfSSL_EVP_PKEY_assign(NULL,type,ecKey), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,NULL), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,-1,ecKey), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,ecKey), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,ecKey), WOLFSSL_SUCCESS);
wolfSSL_EVP_PKEY_free(pkey);
#endif /* HAVE_ECC */
(void)type;
printf(resultFmt, passed);
}
static void test_wolfSSL_EVP_PKEY_base_id(void)
{
WOLFSSL_EVP_PKEY* pkey;
printf(testingFmt, "wolfSSL_EVP_PKEY_base_id");
AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
AssertIntEQ(wolfSSL_EVP_PKEY_base_id(NULL), NID_undef);
AssertIntEQ(wolfSSL_EVP_PKEY_base_id(pkey), EVP_PKEY_RSA);
EVP_PKEY_free(pkey);
printf(resultFmt, passed);
}
static void test_wolfSSL_EVP_PKEY_id(void)
{
WOLFSSL_EVP_PKEY* pkey;
printf(testingFmt, "wolfSSL_EVP_PKEY_id");
AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
AssertIntEQ(wolfSSL_EVP_PKEY_id(NULL), 0);
AssertIntEQ(wolfSSL_EVP_PKEY_id(pkey), EVP_PKEY_RSA);
EVP_PKEY_free(pkey);
printf(resultFmt, passed);
}
static void test_wolfSSL_EVP_PKEY_paramgen(void)
{
#if defined(OPENSSL_ALL) && \
!defined(NO_ECC_SECP) && \
/* This last bit is taken from ecc.c. It is the condition that
* defines ECC256 */ \
((!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \
ECC_MIN_KEY_SZ <= 256)
EVP_PKEY_CTX* ctx;
EVP_PKEY* pkey = NULL;
printf(testingFmt, "wolfSSL_EVP_PKEY_paramgen");
AssertNotNull(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL));
AssertIntEQ(EVP_PKEY_paramgen_init(ctx), 1);
AssertIntEQ(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, NID_X9_62_prime256v1), 1);
AssertIntEQ(EVP_PKEY_CTX_set_ec_param_enc(ctx, OPENSSL_EC_NAMED_CURVE), 1);
AssertIntEQ(EVP_PKEY_keygen_init(ctx), 1);
AssertIntEQ(EVP_PKEY_keygen(ctx, &pkey), 1);
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_keygen(void)
{
WOLFSSL_EVP_PKEY* pkey;
EVP_PKEY_CTX *ctx;
printf(testingFmt, "wolfSSL_EVP_PKEY_keygen");
AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
/* Bad cases */
AssertIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, &pkey), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, NULL), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, NULL), BAD_FUNC_ARG);
/* Good case */
AssertIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, &pkey), 0);
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);
printf(resultFmt, passed);
}
static void test_wolfSSL_EVP_PKEY_keygen_init(void)
{
WOLFSSL_EVP_PKEY* pkey;
EVP_PKEY_CTX *ctx;
printf(testingFmt, "wolfSSL_EVP_PKEY_keygen_init");
AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
AssertIntEQ(wolfSSL_EVP_PKEY_keygen_init(ctx), WOLFSSL_SUCCESS);
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);
printf(resultFmt, passed);
}
static void test_wolfSSL_EVP_PKEY_missing_parameters(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_STUB)
WOLFSSL_EVP_PKEY* pkey;
printf(testingFmt, "wolfSSL_EVP_PKEY_missing_parameters");
AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
AssertIntEQ(wolfSSL_EVP_PKEY_missing_parameters(pkey), 0);
EVP_PKEY_free(pkey);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits(void)
{
WOLFSSL_EVP_PKEY* pkey;
EVP_PKEY_CTX *ctx;
int bits = 2048;
printf(testingFmt, "wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits");
AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
AssertIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits),
WOLFSSL_SUCCESS);
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);
printf(resultFmt, passed);
}
static void test_wolfSSL_EVP_CIPHER_CTX_iv_length(void)
{
/* This is large enough to be used for all key sizes */
byte key[AES_256_KEY_SIZE] = {0};
byte iv[AES_BLOCK_SIZE] = {0};
int i, enumlen;
EVP_CIPHER_CTX *ctx;
const EVP_CIPHER *init;
int enumArray[] = {
#ifdef HAVE_AES_CBC
NID_aes_128_cbc,
#endif
#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
#ifdef HAVE_AESGCM
NID_aes_128_gcm,
#endif
#endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */
#ifdef WOLFSSL_AES_COUNTER
NID_aes_128_ctr,
#endif
#ifndef NO_DES3
NID_des_cbc,
NID_des_ede3_cbc,
#endif
};
int iv_lengths[] = {
#ifdef HAVE_AES_CBC
AES_BLOCK_SIZE,
#endif
#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
#ifdef HAVE_AESGCM
GCM_NONCE_MID_SZ,
#endif
#endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */
#ifdef WOLFSSL_AES_COUNTER
AES_BLOCK_SIZE,
#endif
#ifndef NO_DES3
DES_BLOCK_SIZE,
DES_BLOCK_SIZE,
#endif
};
printf(testingFmt, "wolfSSL_EVP_CIPHER_CTX_iv_length");
enumlen = (sizeof(enumArray)/sizeof(int));
for(i = 0; i < enumlen; i++)
{
ctx = EVP_CIPHER_CTX_new();
init = wolfSSL_EVP_get_cipherbynid(enumArray[i]);
wolfSSL_EVP_CIPHER_CTX_init(ctx);
AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_iv_length(ctx), iv_lengths[i]);
EVP_CIPHER_CTX_free(ctx);
}
printf(resultFmt, passed);
}
static void test_wolfSSL_EVP_CIPHER_CTX_key_length(void)
{
#if !defined(NO_DES3)
byte key[AES_256_KEY_SIZE] = {0};
byte iv[AES_BLOCK_SIZE] = {0};
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
const EVP_CIPHER *init = EVP_des_ede3_cbc();
printf(testingFmt, "wolfSSL_EVP_CIPHER_CTX_key_length");
wolfSSL_EVP_CIPHER_CTX_init(ctx);
AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_key_length(ctx), 24);
EVP_CIPHER_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_CIPHER_CTX_set_key_length(void)
{
#if !defined(NO_DES3)
byte key[AES_256_KEY_SIZE] = {0};
byte iv[AES_BLOCK_SIZE] = {0};
int keylen;
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
const EVP_CIPHER *init = EVP_des_ede3_cbc();
printf(testingFmt, "wolfSSL_EVP_CIPHER_CTX_set_key_length");
wolfSSL_EVP_CIPHER_CTX_init(ctx);
AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
keylen = wolfSSL_EVP_CIPHER_CTX_key_length(ctx);
AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_key_length(ctx, keylen),
WOLFSSL_SUCCESS);
EVP_CIPHER_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_CIPHER_CTX_set_iv(void)
{
#if defined(HAVE_AESGCM) && !defined(NO_DES3)
byte key[DES3_KEY_SIZE] = {0};
byte iv[DES_BLOCK_SIZE] = {0};
int ivLen, keyLen;
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
const EVP_CIPHER *init = EVP_des_ede3_cbc();
printf(testingFmt, "wolfSSL_EVP_CIPHER_CTX_set_iv");
wolfSSL_EVP_CIPHER_CTX_init(ctx);
AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
ivLen = wolfSSL_EVP_CIPHER_CTX_iv_length(ctx);
keyLen = wolfSSL_EVP_CIPHER_CTX_key_length(ctx);
/* Bad cases */
AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(NULL, iv, ivLen), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, NULL, ivLen), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, 0), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(NULL, NULL, 0), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, keyLen), WOLFSSL_FAILURE);
/* Good case */
AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, ivLen), 1);
EVP_CIPHER_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_CTX_new_id(void)
{
WOLFSSL_ENGINE* e = NULL;
int id = 0;
EVP_PKEY_CTX *ctx;
printf(testingFmt, "wolfSSL_EVP_PKEY_CTX_new_id");
AssertNotNull(ctx = wolfSSL_EVP_PKEY_CTX_new_id(id, e));
EVP_PKEY_CTX_free(ctx);
printf(resultFmt, passed);
}
static void test_wolfSSL_EVP_rc4(void)
{
#if !defined(NO_RC4)
printf(testingFmt, "wolfSSL_EVP_rc4");
AssertNotNull(wolfSSL_EVP_rc4());
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_enc_null(void)
{
printf(testingFmt, "wolfSSL_EVP_enc_null");
AssertNotNull(wolfSSL_EVP_enc_null());
printf(resultFmt, passed);
}
static void test_wolfSSL_EVP_rc2_cbc(void)
{
#if defined(WOLFSSL_QT) && !defined(NO_WOLFSSL_STUB)
printf(testingFmt, "wolfSSL_EVP_rc2_cbc");
AssertNull(wolfSSL_EVP_rc2_cbc());
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_mdc2(void)
{
#if !defined(NO_WOLFSSL_STUB)
printf(testingFmt, "wolfSSL_EVP_mdc2");
AssertNull(wolfSSL_EVP_mdc2());
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_md4(void)
{
#if !defined(NO_MD4)
printf(testingFmt, "wolfSSL_EVP_md4");
AssertNotNull(wolfSSL_EVP_md4());
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_aes_256_gcm(void)
{
printf(testingFmt, "wolfSSL_EVP_aes_256_gcm");
AssertNotNull(wolfSSL_EVP_aes_256_gcm());
printf(resultFmt, passed);
}
static void test_wolfSSL_EVP_aes_192_gcm(void)
{
printf(testingFmt, "wolfSSL_EVP_aes_192_gcm");
AssertNotNull(wolfSSL_EVP_aes_192_gcm());
printf(resultFmt, passed);
}
static void test_wolfSSL_EVP_ripemd160(void)
{
#if !defined(NO_WOLFSSL_STUB)
printf(testingFmt, "wolfSSL_EVP_ripemd160");
AssertNull(wolfSSL_EVP_ripemd160());
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_get_digestbynid(void)
{
printf(testingFmt, "wolfSSL_EVP_get_digestbynid");
#ifndef NO_MD5
AssertNotNull(wolfSSL_EVP_get_digestbynid(NID_md5));
#endif
AssertNotNull(wolfSSL_EVP_get_digestbynid(NID_sha1));
AssertNull(wolfSSL_EVP_get_digestbynid(0));
printf(resultFmt, passed);
}
static void test_wolfSSL_EVP_MD_nid(void)
{
printf(testingFmt, "wolfSSL_EVP_MD_nid");
#ifndef NO_MD5
AssertIntEQ(EVP_MD_nid(EVP_md5()), NID_md5);
#endif
#ifndef NO_SHA
AssertIntEQ(EVP_MD_nid(EVP_sha1()), NID_sha1);
#endif
#ifndef NO_SHA256
AssertIntEQ(EVP_MD_nid(EVP_sha256()), NID_sha256);
#endif
AssertIntEQ(EVP_MD_nid(NULL), NID_undef);
printf(resultFmt, passed);
}
static void test_wolfSSL_EVP_PKEY_get0_EC_KEY(void)
{
#if defined(HAVE_ECC)
WOLFSSL_EVP_PKEY* pkey;
printf(testingFmt, "wolfSSL_EVP_PKEY_get0_EC_KEY");
AssertNotNull(pkey = EVP_PKEY_new());
AssertNull(EVP_PKEY_get0_EC_KEY(pkey));
EVP_PKEY_free(pkey);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_X_STATE(void)
{
#if !defined(NO_DES3) && !defined(NO_RC4)
byte key[DES3_KEY_SIZE] = {0};
byte iv[DES_IV_SIZE] = {0};
EVP_CIPHER_CTX *ctx;
const EVP_CIPHER *init;
printf(testingFmt, "wolfSSL_EVP_X_STATE");
/* Bad test cases */
ctx = EVP_CIPHER_CTX_new();
init = EVP_des_ede3_cbc();
wolfSSL_EVP_CIPHER_CTX_init(ctx);
AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
AssertNull(wolfSSL_EVP_X_STATE(NULL));
AssertNull(wolfSSL_EVP_X_STATE(ctx));
EVP_CIPHER_CTX_free(ctx);
/* Good test case */
ctx = EVP_CIPHER_CTX_new();
init = wolfSSL_EVP_rc4();
wolfSSL_EVP_CIPHER_CTX_init(ctx);
AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
AssertNotNull(wolfSSL_EVP_X_STATE(ctx));
EVP_CIPHER_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_X_STATE_LEN(void)
{
#if !defined(NO_DES3) && !defined(NO_RC4)
byte key[DES3_KEY_SIZE] = {0};
byte iv[DES_IV_SIZE] = {0};
EVP_CIPHER_CTX *ctx;
const EVP_CIPHER *init;
printf(testingFmt, "wolfSSL_EVP_X_STATE_LEN");
/* Bad test cases */
ctx = EVP_CIPHER_CTX_new();
init = EVP_des_ede3_cbc();
wolfSSL_EVP_CIPHER_CTX_init(ctx);
AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_EVP_X_STATE_LEN(NULL), 0);
AssertIntEQ(wolfSSL_EVP_X_STATE_LEN(ctx), 0);
EVP_CIPHER_CTX_free(ctx);
/* Good test case */
ctx = EVP_CIPHER_CTX_new();
init = wolfSSL_EVP_rc4();
wolfSSL_EVP_CIPHER_CTX_init(ctx);
AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_EVP_X_STATE_LEN(ctx), sizeof(Arc4));
EVP_CIPHER_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_CIPHER_block_size(void)
{
#ifdef HAVE_AES_CBC
#ifdef WOLFSSL_AES_128
AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_cbc()), AES_BLOCK_SIZE);
#endif
#ifdef WOLFSSL_AES_192
AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_cbc()), AES_BLOCK_SIZE);
#endif
#ifdef WOLFSSL_AES_256
AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_cbc()), AES_BLOCK_SIZE);
#endif
#endif
#ifdef HAVE_AES_GCM
#ifdef WOLFSSL_AES_128
AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_gcm()), 1);
#endif
#ifdef WOLFSSL_AES_192
AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_gcm()), 1);
#endif
#ifdef WOLFSSL_AES_256
AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_gcm()), 1);
#endif
#endif
#ifdef WOLFSSL_AES_COUNTER
#ifdef WOLFSSL_AES_128
AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ctr()), 1);
#endif
#ifdef WOLFSSL_AES_192
AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ctr()), 1);
#endif
#ifdef WOLFSSL_AES_256
AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ctr()), 1);
#endif
#endif
#ifdef HAVE_AES_ECB
#ifdef WOLFSSL_AES_128
AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ecb()), AES_BLOCK_SIZE);
#endif
#ifdef WOLFSSL_AES_192
AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ecb()), AES_BLOCK_SIZE);
#endif
#ifdef WOLFSSL_AES_256
AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ecb()), AES_BLOCK_SIZE);
#endif
#endif
#ifdef WOLFSSL_AES_OFB
#ifdef WOLFSSL_AES_128
AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ofb()), 1);
#endif
#ifdef WOLFSSL_AES_192
AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ofb()), 1);
#endif
#ifdef WOLFSSL_AES_256
AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ofb()), 1);
#endif
#endif
#ifndef NO_RC4
AssertIntEQ(EVP_CIPHER_block_size(wolfSSL_EVP_rc4()), 1);
#endif
}
static void test_wolfSSL_EVP_CIPHER_iv_length(void)
{
int i, enumlen;
int enumArray[] = {
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
#ifdef WOLFSSL_AES_128
NID_aes_128_cbc,
#endif
#ifdef WOLFSSL_AES_192
NID_aes_192_cbc,
#endif
#ifdef WOLFSSL_AES_256
NID_aes_256_cbc,
#endif
#endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
#ifdef HAVE_AESGCM
#ifdef WOLFSSL_AES_128
NID_aes_128_gcm,
#endif
#ifdef WOLFSSL_AES_192
NID_aes_192_gcm,
#endif
#ifdef WOLFSSL_AES_256
NID_aes_256_gcm,
#endif
#endif /* HAVE_AESGCM */
#endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */
#ifdef WOLFSSL_AES_COUNTER
#ifdef WOLFSSL_AES_128
NID_aes_128_ctr,
#endif
#ifdef WOLFSSL_AES_192
NID_aes_192_ctr,
#endif
#ifdef WOLFSSL_AES_256
NID_aes_256_ctr,
#endif
#endif
#ifndef NO_DES3
NID_des_cbc,
NID_des_ede3_cbc,
#endif
};
int iv_lengths[] = {
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
#ifdef WOLFSSL_AES_128
AES_BLOCK_SIZE,
#endif
#ifdef WOLFSSL_AES_192
AES_BLOCK_SIZE,
#endif
#ifdef WOLFSSL_AES_256
AES_BLOCK_SIZE,
#endif
#endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
#ifdef HAVE_AESGCM
#ifdef WOLFSSL_AES_128
GCM_NONCE_MID_SZ,
#endif
#ifdef WOLFSSL_AES_192
GCM_NONCE_MID_SZ,
#endif
#ifdef WOLFSSL_AES_256
GCM_NONCE_MID_SZ,
#endif
#endif /* HAVE_AESGCM */
#endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */
#ifdef WOLFSSL_AES_COUNTER
#ifdef WOLFSSL_AES_128
AES_BLOCK_SIZE,
#endif
#ifdef WOLFSSL_AES_192
AES_BLOCK_SIZE,
#endif
#ifdef WOLFSSL_AES_256
AES_BLOCK_SIZE,
#endif
#endif
#ifndef NO_DES3
DES_BLOCK_SIZE,
DES_BLOCK_SIZE,
#endif
};
printf(testingFmt, "wolfSSL_EVP_CIPHER_iv_length");
enumlen = (sizeof(enumArray)/sizeof(int));
for(i = 0; i < enumlen; i++)
{
const EVP_CIPHER *c = EVP_get_cipherbynid(enumArray[i]);
AssertIntEQ(EVP_CIPHER_iv_length(c), iv_lengths[i]);
}
printf(resultFmt, passed);
}
static void test_wolfSSL_EVP_SignInit_ex(void)
{
WOLFSSL_EVP_MD_CTX mdCtx;
WOLFSSL_ENGINE* e = 0;
const EVP_MD* md;
md = "SHA256";
printf(testingFmt, "wolfSSL_EVP_SignInit_ex");
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_SignInit_ex(&mdCtx, md, e), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
printf(resultFmt, passed);
}
static void test_wolfSSL_EVP_DigestFinal_ex(void)
{
#if !defined(NO_SHA256)
WOLFSSL_EVP_MD_CTX mdCtx;
unsigned int s = 0;
unsigned char md[WC_SHA256_DIGEST_SIZE];
unsigned char md2[WC_SHA256_DIGEST_SIZE];
printf(testingFmt, "wolfSSL_EVP_DigestFinal_ex");
/* Bad Case */
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestFinal_ex(&mdCtx, md, &s), 0);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
#else
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestFinal_ex(&mdCtx, md, &s), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS);
#endif
/* Good Case */
wolfSSL_EVP_MD_CTX_init(&mdCtx);
AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA256"), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_EVP_DigestFinal_ex(&mdCtx, md2, &s), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_assign_DH(void)
{
#if !defined(NO_DH) && \
!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
FILE* f = NULL;
unsigned char buf[4096];
const unsigned char* pt = buf;
const char* params1 = "./certs/dh2048.der";
long len = 0;
WOLFSSL_DH* dh = NULL;
WOLFSSL_EVP_PKEY* pkey;
XMEMSET(buf, 0, sizeof(buf));
f = XFOPEN(params1, "rb");
AssertTrue(f != XBADFILE);
len = (long)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
printf(testingFmt, "wolfSSL_EVP_PKEY_assign_DH");
AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
AssertIntEQ(DH_generate_key(dh), WOLFSSL_SUCCESS);
AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
/* Bad cases */
AssertIntEQ(wolfSSL_EVP_PKEY_assign_DH(NULL, dh), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EVP_PKEY_assign_DH(pkey, NULL), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EVP_PKEY_assign_DH(NULL, NULL), WOLFSSL_FAILURE);
/* Good case */
AssertIntEQ(wolfSSL_EVP_PKEY_assign_DH(pkey, dh), WOLFSSL_SUCCESS);
EVP_PKEY_free(pkey);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_QT_EVP_PKEY_CTX_free(void)
{
#if defined(OPENSSL_EXTRA)
EVP_PKEY* pkey;
EVP_PKEY_CTX* ctx;
printf(testingFmt, "test_wolfSSL_QT_EVP_PKEY_CTX_free");
AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
/* void */
EVP_PKEY_CTX_free(ctx);
AssertTrue(1);
#else
/* int */
AssertIntEQ(EVP_PKEY_CTX_free(ctx), WOLFSSL_SUCCESS);
#endif
EVP_PKEY_free(pkey);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_param_check(void)
{
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
#if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM)
DH *dh = NULL;
DH *setDh = NULL;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX* ctx = NULL;
FILE* f = NULL;
unsigned char buf[512];
const unsigned char* pt = buf;
const char* dh2048 = "./certs/dh2048.der";
long len = 0;
int code = -1;
printf(testingFmt, "test_wolfSSL_EVP_PKEY_param_check");
XMEMSET(buf, 0, sizeof(buf));
f = XFOPEN(dh2048, "rb");
AssertTrue(f != XBADFILE);
len = (long)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
/* Load dh2048.der into DH with internal format */
AssertNotNull(setDh = d2i_DHparams(NULL, &pt, len));
AssertIntEQ(DH_check(setDh, &code), WOLFSSL_SUCCESS);
AssertIntEQ(code, 0);
code = -1;
pkey = wolfSSL_EVP_PKEY_new();
/* Set DH into PKEY */
AssertIntEQ(EVP_PKEY_set1_DH(pkey, setDh), WOLFSSL_SUCCESS);
/* create ctx from pkey */
AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
AssertIntEQ(EVP_PKEY_param_check(ctx), 1/* valid */);
/* */
/* TO DO invlaid case */
/* */
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);
DH_free(setDh);
DH_free(dh);
printf(resultFmt, passed);
#endif
#endif
}
static void test_wolfSSL_EVP_BytesToKey(void)
{
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
byte key[AES_BLOCK_SIZE] = {0};
byte iv[AES_BLOCK_SIZE] = {0};
int sz = 5;
int count = 0;
const EVP_MD* md;
md = "SHA256";
const EVP_CIPHER *type;
const unsigned char *salt = (unsigned char *)"salt1234";
const byte data[] = {
0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
0x72,0x6c,0x64
};
type = wolfSSL_EVP_get_cipherbynid(NID_aes_128_cbc);
printf(testingFmt, "EVP_BytesToKey");
/* Bad cases */
AssertIntEQ(EVP_BytesToKey(NULL, md, salt, data, sz, count, key, iv),
0);
AssertIntEQ(EVP_BytesToKey(type, md, salt, NULL, sz, count, key, iv),
16);
md = "2";
AssertIntEQ(EVP_BytesToKey(type, md, salt, data, sz, count, key, iv),
WOLFSSL_FAILURE);
/* Good case */
md = "SHA256";
AssertIntEQ(EVP_BytesToKey(type, md, salt, data, sz, count, key, iv),
16);
printf(resultFmt, passed);
#endif
}
static void test_IncCtr(void)
{
#if defined(HAVE_AESGCM) && !defined(HAVE_FIPS)
byte key[AES_128_KEY_SIZE] = {0};
byte iv[GCM_NONCE_MID_SZ] = {0};
int type = EVP_CTRL_GCM_IV_GEN;
int arg = 0;
void *ptr = NULL;
printf(testingFmt, "IncCtr");
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
const EVP_CIPHER *init = EVP_aes_128_gcm();
AssertNotNull(ctx);
wolfSSL_EVP_CIPHER_CTX_init(ctx);
AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_ctrl(ctx, type, arg, ptr), WOLFSSL_SUCCESS);
EVP_CIPHER_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_OBJ_ln(void)
{
const int nid_set[] = {
NID_commonName,
NID_serialNumber,
NID_countryName,
NID_localityName,
NID_stateOrProvinceName,
NID_organizationName,
NID_organizationalUnitName,
NID_domainComponent,
NID_businessCategory,
NID_jurisdictionCountryName,
NID_jurisdictionStateOrProvinceName,
NID_emailAddress
};
const char* ln_set[] = {
"commonName",
"serialNumber",
"countryName",
"localityName",
"stateOrProvinceName",
"organizationName",
"organizationalUnitName",
"domainComponent",
"businessCategory",
"jurisdictionCountryName",
"jurisdictionStateOrProvinceName",
"emailAddress",
};
size_t i = 0, maxIdx = sizeof(ln_set)/sizeof(char*);
printf(testingFmt, "wolfSSL_OBJ_ln");
AssertIntEQ(OBJ_ln2nid(NULL), NID_undef);
#ifdef HAVE_ECC
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
{
size_t nCurves = 27;
EC_builtin_curve r[nCurves];
nCurves = EC_get_builtin_curves(r,nCurves);
for (i = 0; i < nCurves; i++) {
/* skip ECC_CURVE_INVALID */
if (r[i].nid != ECC_CURVE_INVALID) {
AssertIntEQ(OBJ_ln2nid(r[i].comment), r[i].nid);
AssertStrEQ(OBJ_nid2ln(r[i].nid), r[i].comment);
}
}
}
#endif
#endif
for (i = 0; i < maxIdx; i++) {
AssertIntEQ(OBJ_ln2nid(ln_set[i]), nid_set[i]);
AssertStrEQ(OBJ_nid2ln(nid_set[i]), ln_set[i]);
}
printf(resultFmt, passed);
}
static void test_wolfSSL_OBJ_sn(void)
{
int i = 0, maxIdx = 7;
const int nid_set[] = {NID_commonName,NID_countryName,NID_localityName,
NID_stateOrProvinceName,NID_organizationName,
NID_organizationalUnitName,NID_emailAddress};
const char* sn_open_set[] = {"CN","C","L","ST","O","OU","emailAddress"};
const char* sn_wolf_set[] = {WOLFSSL_COMMON_NAME,WOLFSSL_COUNTRY_NAME,
WOLFSSL_LOCALITY_NAME, WOLFSSL_STATE_NAME,
WOLFSSL_ORG_NAME, WOLFSSL_ORGUNIT_NAME,
WOLFSSL_EMAIL_ADDR};
printf(testingFmt, "wolfSSL_OBJ_sn");
AssertIntEQ(wolfSSL_OBJ_sn2nid(NULL), NID_undef);
for (i = 0; i < maxIdx; i++) {
AssertIntEQ(wolfSSL_OBJ_sn2nid(sn_wolf_set[i]), nid_set[i]);
AssertStrEQ(wolfSSL_OBJ_nid2sn(nid_set[i]), sn_open_set[i]);
}
printf(resultFmt, passed);
}
#if !defined(NO_BIO)
static unsigned long TXT_DB_hash(const WOLFSSL_STRING *s)
{
return lh_strhash(s[3]);
}
static int TXT_DB_cmp(const WOLFSSL_STRING *a, const WOLFSSL_STRING *b)
{
return XSTRCMP(a[3], b[3]);
}
#endif
static void test_wolfSSL_TXT_DB(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_BIO)
BIO *bio;
TXT_DB *db = NULL;
const int columns = 6;
const char *fields[6] = {
"V",
"320926161116Z",
"",
"12BD",
"unknown",
"/CN=rsa doe",
};
char** fields_copy;
printf(testingFmt, "wolfSSL_TXT_DB");
/* Test read */
AssertNotNull(bio = BIO_new(BIO_s_file()));
AssertIntGT(BIO_read_filename(bio, "./tests/TXT_DB.txt"), 0);
AssertNotNull(db = TXT_DB_read(bio, columns));
AssertNotNull(fields_copy = (char**)XMALLOC(sizeof(fields), NULL,
DYNAMIC_TYPE_OPENSSL));
XMEMCPY(fields_copy, fields, sizeof(fields));
AssertIntEQ(TXT_DB_insert(db, fields_copy), 1);
BIO_free(bio);
/* Test write */
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertIntEQ(TXT_DB_write(bio, db), 1484);
BIO_free(bio);
/* Test index */
AssertIntEQ(TXT_DB_create_index(db, 3, NULL, (wolf_sk_hash_cb)TXT_DB_hash,
(wolf_sk_compare_cb)TXT_DB_cmp), 1);
AssertNotNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields));
fields[3] = "12DA";
AssertNotNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields));
fields[3] = "FFFF";
AssertNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields));
fields[3] = "";
AssertNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields));
TXT_DB_free(db);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_NCONF(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_BIO)
const char* confFile = "./tests/NCONF_test.cnf";
CONF* conf = NULL;
long eline = 0;
long num = 0;
printf(testingFmt, "wolfSSL_NCONF");
AssertNotNull(conf = NCONF_new(NULL));
AssertIntEQ(NCONF_load(conf, confFile, &eline), 1);
AssertIntEQ(NCONF_get_number(conf, NULL, "port", &num), 1);
AssertIntEQ(num, 1234);
AssertIntEQ(NCONF_get_number(conf, "section2", "port", &num), 1);
AssertIntEQ(num, 4321);
AssertStrEQ(NCONF_get_string(conf, NULL, "dir"), "./test-dir");
AssertStrEQ(NCONF_get_string(conf, "section1", "file1_copy"),
"./test-dir/file1");
AssertStrEQ(NCONF_get_string(conf, "section2", "file_list"),
"./test-dir/file1:./test-dir/file2:./section1:file2");
NCONF_free(conf);
printf(resultFmt, passed);
#endif
}
#endif /* OPENSSL_ALL */
static void test_wolfSSL_EC_KEY_set_group(void)
{
#if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(NO_ECC_SECP) && \
defined(OPENSSL_EXTRA)
EC_KEY *key = NULL;
EC_GROUP *group = NULL;
const EC_GROUP *group2 = NULL;
printf(testingFmt, "wolfSSL_EC_KEY_dup()");
AssertNotNull(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
AssertNotNull(key = EC_KEY_new());
AssertIntEQ(EC_KEY_set_group(key, group), WOLFSSL_SUCCESS);
AssertNotNull(group2 = EC_KEY_get0_group(key));
AssertIntEQ(EC_GROUP_cmp(group2, group, NULL), 0);
EC_GROUP_free(group);
EC_KEY_free(key);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509V3_EXT_get(void) {
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
FILE* f;
int numOfExt =0;
int extNid = 0;
int i = 0;
WOLFSSL_X509* x509;
WOLFSSL_X509_EXTENSION* ext;
const WOLFSSL_v3_ext_method* method;
AssertNotNull(f = fopen("./certs/server-cert.pem", "rb"));
AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
fclose(f);
printf(testingFmt, "wolfSSL_X509V3_EXT_get() return struct and nid test");
AssertIntEQ((numOfExt = wolfSSL_X509_get_ext_count(x509)), 5);
for (i = 0; i < numOfExt; i++) {
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
AssertIntNE((extNid = ext->obj->nid), NID_undef);
AssertNotNull(method = wolfSSL_X509V3_EXT_get(ext));
AssertIntEQ(method->ext_nid, extNid);
}
printf(resultFmt, "passed");
printf(testingFmt, "wolfSSL_X509V3_EXT_get() NULL argument test");
AssertNull(method = wolfSSL_X509V3_EXT_get(NULL));
printf(resultFmt, "passed");
wolfSSL_X509_free(x509);
#endif
}
static void test_wolfSSL_X509V3_EXT_nconf(void)
{
#if defined (OPENSSL_ALL)
const char *ext_names[] = {
"subjectKeyIdentifier",
"authorityKeyIdentifier",
"subjectAltName",
"keyUsage",
};
size_t ext_names_count = sizeof(ext_names)/sizeof(*ext_names);
int ext_nids[] = {
NID_subject_key_identifier,
NID_authority_key_identifier,
NID_subject_alt_name,
NID_key_usage,
};
size_t ext_nids_count = sizeof(ext_nids)/sizeof(*ext_nids);
const char *ext_values[] = {
"hash",
"hash",
"DNS:example.com, IP:127.0.0.1",
"digitalSignature,keyEncipherment,dataEncipherment",
};
size_t i;
printf(testingFmt, "wolfSSL_X509V3_EXT_nconf()");
for (i = 0; i < ext_names_count; i++) {
X509_EXTENSION* ext = X509V3_EXT_nconf(NULL, NULL, ext_names[i],
ext_values[i]);
AssertNotNull(ext);
X509_EXTENSION_free(ext);
}
for (i = 0; i < ext_nids_count; i++) {
X509_EXTENSION* ext = X509V3_EXT_nconf_nid(NULL, NULL, ext_nids[i],
ext_values[i]);
AssertNotNull(ext);
X509_EXTENSION_free(ext);
}
printf(resultFmt, "passed");
#endif
}
static void test_wolfSSL_X509V3_EXT(void) {
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
FILE* f;
int numOfExt = 0, nid = 0, i = 0, expected, actual;
char* str;
unsigned char* data;
const WOLFSSL_v3_ext_method* method;
WOLFSSL_X509* x509;
WOLFSSL_X509_EXTENSION* ext;
WOLFSSL_X509_EXTENSION* ext2;
WOLFSSL_ASN1_OBJECT *obj, *adObj;
WOLFSSL_ASN1_STRING* asn1str;
WOLFSSL_AUTHORITY_KEYID* aKeyId;
WOLFSSL_AUTHORITY_INFO_ACCESS* aia;
WOLFSSL_BASIC_CONSTRAINTS* bc;
WOLFSSL_ACCESS_DESCRIPTION* ad;
WOLFSSL_GENERAL_NAME* gn;
printf(testingFmt, "wolfSSL_X509V3_EXT_d2i()");
/* Check NULL argument */
AssertNull(wolfSSL_X509V3_EXT_d2i(NULL));
/* Using OCSP cert with X509V3 extensions */
AssertNotNull(f = fopen("./certs/ocsp/root-ca-cert.pem", "rb"));
AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
fclose(f);
AssertIntEQ((numOfExt = wolfSSL_X509_get_ext_count(x509)), 5);
/* Basic Constraints */
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_basic_constraints);
AssertNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext));
AssertIntEQ(bc->ca, 1);
AssertNull(bc->pathlen);
wolfSSL_BASIC_CONSTRAINTS_free(bc);
i++;
/* Subject Key Identifier */
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_subject_key_identifier);
AssertNotNull(asn1str = (WOLFSSL_ASN1_STRING*)wolfSSL_X509V3_EXT_d2i(ext));
AssertNotNull(ext2 = wolfSSL_X509V3_EXT_i2d(NID_subject_key_identifier, 0,
asn1str));
X509_EXTENSION_free(ext2);
AssertNotNull(method = wolfSSL_X509V3_EXT_get(ext));
AssertNotNull(method->i2s);
AssertNotNull(str = method->i2s((WOLFSSL_v3_ext_method*)method, asn1str));
wolfSSL_ASN1_STRING_free(asn1str);
actual = strcmp(str,
"73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21");
AssertIntEQ(actual, 0);
XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER);
i++;
/* Authority Key Identifier */
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_authority_key_identifier);
AssertNotNull(aKeyId =
(WOLFSSL_AUTHORITY_KEYID*)wolfSSL_X509V3_EXT_d2i(ext));
AssertNotNull(method = wolfSSL_X509V3_EXT_get(ext));
AssertNotNull(asn1str = aKeyId->keyid);
AssertNotNull(str =
wolfSSL_i2s_ASN1_STRING((WOLFSSL_v3_ext_method*)method, asn1str));
actual = strcmp(str,
"73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21");
AssertIntEQ(actual, 0);
XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL_AUTHORITY_KEYID_free(aKeyId);
i++;
/* Key Usage */
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_key_usage);
AssertNotNull(asn1str = (WOLFSSL_ASN1_STRING*)wolfSSL_X509V3_EXT_d2i(ext));
#if defined(WOLFSSL_QT)
AssertNotNull(data = (unsigned char*)ASN1_STRING_get0_data(asn1str));
#else
AssertNotNull(data = wolfSSL_ASN1_STRING_data(asn1str));
#endif
expected = KEYUSE_KEY_CERT_SIGN | KEYUSE_CRL_SIGN;
#ifdef BIG_ENDIAN_ORDER
actual = data[1];
#else
actual = data[0];
#endif
AssertIntEQ(actual, expected);
wolfSSL_ASN1_STRING_free(asn1str);
#if 1
i++;
/* Authority Info Access */
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_info_access);
AssertNotNull(aia =
(WOLFSSL_AUTHORITY_INFO_ACCESS*)wolfSSL_X509V3_EXT_d2i(ext));
#if defined(WOLFSSL_QT)
AssertIntEQ(OPENSSL_sk_num(aia), 1); /* Only one URI entry for this cert */
#else
AssertIntEQ(wolfSSL_sk_num(aia), 1); /* Only one URI entry for this cert */
#endif
/* URI entry is an ACCESS_DESCRIPTION type */
#if defined(WOLFSSL_QT)
AssertNotNull(ad = (WOLFSSL_ACCESS_DESCRIPTION*)wolfSSL_sk_value(aia, 0));
#else
AssertNotNull(ad = (WOLFSSL_ACCESS_DESCRIPTION*)OPENSSL_sk_value(aia, 0));
#endif
AssertNotNull(adObj = ad->method);
/* Make sure nid is OCSP */
AssertIntEQ(wolfSSL_OBJ_obj2nid(adObj), NID_ad_OCSP);
/* GENERAL_NAME stores URI as an ASN1_STRING */
AssertNotNull(gn = ad->location);
AssertIntEQ(gn->type, GEN_URI); /* Type should always be GEN_URI */
AssertNotNull(asn1str = gn->d.uniformResourceIdentifier);
AssertIntEQ(wolfSSL_ASN1_STRING_length(asn1str), 22);
#if defined(WOLFSSL_QT)
str = (char*)ASN1_STRING_get0_data(asn1str);
#else
str = (char*)wolfSSL_ASN1_STRING_data(asn1str);
#endif
actual = strcmp(str, "http://127.0.0.1:22220");
AssertIntEQ(actual, 0);
wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(aia, NULL);
#else
(void) aia; (void) ad; (void) adObj; (void) gn;
#endif
wolfSSL_X509_free(x509);
printf(resultFmt, "passed");
#endif
}
static void test_wolfSSL_X509_get_extension_flags(void)
{
#ifdef OPENSSL_ALL
XFILE f;
X509* x509;
unsigned int extFlags;
unsigned int keyUsageFlags;
unsigned int extKeyUsageFlags;
printf(testingFmt, "test_wolfSSL_X509_get_extension_flags");
/* client-int-cert.pem has the following extension flags. */
extFlags = EXFLAG_KUSAGE | EXFLAG_XKUSAGE;
/* and the following key usage flags. */
keyUsageFlags = KU_DIGITAL_SIGNATURE
| KU_NON_REPUDIATION
| KU_KEY_ENCIPHERMENT;
/* and the following extended key usage flags. */
extKeyUsageFlags = XKU_SSL_CLIENT | XKU_SMIME;
f = XFOPEN("./certs/intermediate/client-int-cert.pem", "rb");
AssertTrue(f != XBADFILE);
AssertNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL));
XFCLOSE(f);
AssertIntEQ(X509_get_extension_flags(x509), extFlags);
AssertIntEQ(X509_get_key_usage(x509), keyUsageFlags);
AssertIntEQ(X509_get_extended_key_usage(x509), extKeyUsageFlags);
X509_free(x509);
/* client-cert-ext.pem has the following extension flags. */
extFlags = EXFLAG_KUSAGE;
/* and the following key usage flags. */
keyUsageFlags = KU_DIGITAL_SIGNATURE
| KU_KEY_CERT_SIGN
| KU_CRL_SIGN;
AssertNotNull(f = fopen("./certs/client-cert-ext.pem", "rb"));
AssertNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL));
XFCLOSE(f);
AssertIntEQ(X509_get_extension_flags(x509), extFlags);
AssertIntEQ(X509_get_key_usage(x509), keyUsageFlags);
X509_free(x509);
printf(resultFmt, passed);
#endif /* OPENSSL_ALL */
}
static void test_wolfSSL_X509_get_ext(void){
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
int ret = 0;
FILE* f;
WOLFSSL_X509* x509;
WOLFSSL_X509_EXTENSION* foundExtension;
AssertNotNull(f = fopen("./certs/server-cert.pem", "rb"));
AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
fclose(f);
AssertIntEQ((ret = wolfSSL_X509_get_ext_count(x509)), 5);
printf(testingFmt, "wolfSSL_X509_get_ext() valid input");
AssertNotNull(foundExtension = wolfSSL_X509_get_ext(x509, 0));
printf(resultFmt, "passed");
printf(testingFmt, "wolfSSL_X509_get_ext() valid x509, idx out of bounds");
AssertNull(foundExtension = wolfSSL_X509_get_ext(x509, -1));
AssertNull(foundExtension = wolfSSL_X509_get_ext(x509, 100));
printf(resultFmt, "passed");
printf(testingFmt, "wolfSSL_X509_get_ext() NULL x509, idx out of bounds");
AssertNull(foundExtension = wolfSSL_X509_get_ext(NULL, -1));
AssertNull(foundExtension = wolfSSL_X509_get_ext(NULL, 100));
printf(resultFmt, "passed");
printf(testingFmt, "wolfSSL_X509_get_ext() NULL x509, valid idx");
AssertNull(foundExtension = wolfSSL_X509_get_ext(NULL, 0));
printf(resultFmt, "passed");
wolfSSL_X509_free(x509);
#endif
}
static void test_wolfSSL_X509_get_ext_by_NID(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_RSA)
int rc;
FILE* f;
WOLFSSL_X509* x509;
AssertNotNull(f = fopen("./certs/server-cert.pem", "rb"));
AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
fclose(f);
rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -1);
AssertIntGE(rc, 0);
/* Start search from last location (should fail) */
rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, rc);
AssertIntGE(rc, -1);
rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -2);
AssertIntGE(rc, -1);
rc = wolfSSL_X509_get_ext_by_NID(NULL, NID_basic_constraints, -1);
AssertIntEQ(rc, -1);
rc = wolfSSL_X509_get_ext_by_NID(x509, NID_undef, -1);
AssertIntEQ(rc, -1);
wolfSSL_X509_free(x509);
#endif
}
static void test_wolfSSL_X509_get_ext_subj_alt_name(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_RSA)
int rc;
XFILE f;
WOLFSSL_X509* x509;
WOLFSSL_X509_EXTENSION* ext;
WOLFSSL_ASN1_STRING* sanString;
byte* sanDer;
const byte expectedDer[] = {
0x30, 0x13, 0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e,
0x63, 0x6f, 0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01};
printf(testingFmt, "test_wolfSSL_X509_get_ext_subj_alt_name");
f = XFOPEN("./certs/server-cert.pem", "rb");
AssertTrue(f != XBADFILE);
AssertNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL));
fclose(f);
rc = X509_get_ext_by_NID(x509, NID_subject_alt_name, -1);
AssertIntNE(rc, -1);
AssertNotNull(ext = X509_get_ext(x509, rc));
AssertNotNull(sanString = X509_EXTENSION_get_data(ext));
AssertIntEQ(ASN1_STRING_length(sanString), sizeof(expectedDer));
AssertNotNull(sanDer = ASN1_STRING_data(sanString));
AssertIntEQ(XMEMCMP(sanDer, expectedDer, sizeof(expectedDer)), 0);
X509_free(x509);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_EXTENSION_new(void)
{
#if defined (OPENSSL_ALL)
WOLFSSL_X509_EXTENSION* ext;
AssertNotNull(ext = wolfSSL_X509_EXTENSION_new());
AssertNotNull(ext->obj = wolfSSL_ASN1_OBJECT_new());
ext->obj->nid = WOLFSSL_SUCCESS;
AssertIntEQ(WOLFSSL_SUCCESS, ext->obj->nid);
wolfSSL_X509_EXTENSION_free(ext);
#endif
}
static void test_wolfSSL_X509_EXTENSION_get_object(void)
{
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
WOLFSSL_X509* x509;
WOLFSSL_X509_EXTENSION* ext;
WOLFSSL_ASN1_OBJECT* o;
FILE* file;
int nid = 0;
AssertNotNull(file = fopen("./certs/server-cert.pem", "rb"));
AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
fclose(file);
printf(testingFmt, "wolfSSL_X509_EXTENSION_get_object() testing ext idx 0");
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, 0));
AssertNotNull(o = wolfSSL_X509_EXTENSION_get_object(ext));
AssertIntEQ(o->nid, 128);
nid = o->nid;
printf(resultFmt, nid == 128 ? passed : failed);
printf(testingFmt, "wolfSSL_X509_EXTENSION_get_object() NULL argument");
AssertNull(o = wolfSSL_X509_EXTENSION_get_object(NULL));
printf(resultFmt, passed);
wolfSSL_X509_free(x509);
#endif
}
static void test_wolfSSL_X509_EXTENSION_get_data(void)
{
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
WOLFSSL_X509* x509;
WOLFSSL_X509_EXTENSION* ext;
WOLFSSL_ASN1_STRING* str;
FILE* file;
printf(testingFmt, "wolfSSL_X509_EXTENSION_get_data");
AssertNotNull(file = fopen("./certs/server-cert.pem", "rb"));
AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
fclose(file);
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, 0));
AssertNotNull(str = wolfSSL_X509_EXTENSION_get_data(ext));
printf(resultFmt, passed);
wolfSSL_X509_free(x509);
#endif
}
static void test_wolfSSL_X509_EXTENSION_get_critical(void)
{
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA)
WOLFSSL_X509* x509;
WOLFSSL_X509_EXTENSION* ext;
FILE* file;
int crit;
printf(testingFmt, "wolfSSL_X509_EXTENSION_get_critical");
AssertNotNull(file = fopen("./certs/server-cert.pem", "rb"));
AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
fclose(file);
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, 0));
crit = wolfSSL_X509_EXTENSION_get_critical(ext);
AssertIntEQ(crit, 0);
printf(resultFmt, passed);
wolfSSL_X509_free(x509);
#endif
}
static void test_wolfSSL_X509V3_EXT_print(void)
{
#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_BIO) && \
!defined(NO_RSA)
printf(testingFmt, "wolfSSL_X509V3_EXT_print");
{
FILE* f;
WOLFSSL_X509* x509;
X509_EXTENSION * ext = NULL;
int loc;
BIO *bio = NULL;
AssertNotNull(f = fopen(svrCertFile, "rb"));
AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
fclose(f);
AssertNotNull(bio = wolfSSL_BIO_new(BIO_s_mem()));
loc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -1);
AssertIntGT(loc, -1);
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);
loc = wolfSSL_X509_get_ext_by_NID(x509, NID_subject_key_identifier, -1);
AssertIntGT(loc, -1);
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);
loc = wolfSSL_X509_get_ext_by_NID(x509, NID_authority_key_identifier, -1);
AssertIntGT(loc, -1);
AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);
wolfSSL_BIO_free(bio);
wolfSSL_X509_free(x509);
}
{
X509 *x509;
BIO *bio;
X509_EXTENSION *ext;
unsigned int i;
unsigned int idx;
/* Some NIDs to test with */
int nids[] = {
/* NID_key_usage, currently X509_get_ext returns this as a bit
* string, which messes up X509V3_EXT_print */
/* NID_ext_key_usage, */
NID_subject_alt_name,
};
int* n;
AssertNotNull(bio = BIO_new_fp(stdout, BIO_NOCLOSE));
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFileExt,
WOLFSSL_FILETYPE_PEM));
printf("\nPrinting extension values:\n");
for (i = 0, n = nids; i<(sizeof(nids)/sizeof(int)); i++, n++) {
/* X509_get_ext_by_NID should return 3 for now. If that changes then
* update the index */
AssertIntEQ((idx = X509_get_ext_by_NID(x509, *n, -1)), 3);
AssertNotNull(ext = X509_get_ext(x509, idx));
AssertIntEQ(X509V3_EXT_print(bio, ext, 0, 0), 1);
printf("\n");
}
BIO_free(bio);
X509_free(x509);
}
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_X509_cmp(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_RSA)
FILE* file1;
FILE* file2;
WOLFSSL_X509* cert1;
WOLFSSL_X509* cert2;
int ret = 0;
AssertNotNull(file1=fopen("./certs/server-cert.pem", "rb"));
AssertNotNull(file2=fopen("./certs/3072/client-cert.pem", "rb"));
AssertNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL));
AssertNotNull(cert2 = wolfSSL_PEM_read_X509(file2, NULL, NULL, NULL));
fclose(file1);
fclose(file2);
printf(testingFmt, "wolfSSL_X509_cmp() testing matching certs");
ret = wolfSSL_X509_cmp(cert1, cert1);
AssertIntEQ(0, wolfSSL_X509_cmp(cert1, cert1));
printf(resultFmt, ret == 0 ? passed : failed);
printf(testingFmt, "wolfSSL_X509_cmp() testing mismatched certs");
ret = wolfSSL_X509_cmp(cert1, cert2);
AssertIntEQ(-1, wolfSSL_X509_cmp(cert1, cert2));
printf(resultFmt, ret == -1 ? passed : failed);
printf(testingFmt, "wolfSSL_X509_cmp() testing NULL, valid args");
ret = wolfSSL_X509_cmp(NULL, cert2);
AssertIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(NULL, cert2));
printf(resultFmt, ret == BAD_FUNC_ARG ? passed : failed);
printf(testingFmt, "wolfSSL_X509_cmp() testing valid, NULL args");
ret = wolfSSL_X509_cmp(cert1, NULL);
AssertIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(cert1, NULL));
printf(resultFmt, ret == BAD_FUNC_ARG ? passed : failed);
printf(testingFmt, "wolfSSL_X509_cmp() testing NULL, NULL args");
ret = wolfSSL_X509_cmp(NULL, NULL);
AssertIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(NULL, NULL));
printf(resultFmt, ret == BAD_FUNC_ARG ? passed : failed);
wolfSSL_X509_free(cert1);
wolfSSL_X509_free(cert2);
#endif
}
static void test_wolfSSL_PKEY_up_ref(void)
{
#if defined(OPENSSL_ALL)
EVP_PKEY* pkey;
printf(testingFmt, "wolfSSL_PKEY_up_ref()");
pkey = EVP_PKEY_new();
AssertIntEQ(EVP_PKEY_up_ref(NULL), 0);
AssertIntEQ(EVP_PKEY_up_ref(pkey), 1);
EVP_PKEY_free(pkey);
AssertIntEQ(EVP_PKEY_up_ref(pkey), 1);
EVP_PKEY_free(pkey);
EVP_PKEY_free(pkey);
printf(resultFmt, "passed");
#endif
}
static void test_wolfSSL_d2i_and_i2d_PublicKey(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
EVP_PKEY* pkey;
const unsigned char* p;
unsigned char* der = NULL;
int derLen;
printf(testingFmt, "test_wolfSSL_d2i_and_i2d_PublicKey()");
p = client_keypub_der_2048;
/* Check that key can be successfully decoded. */
AssertNotNull(pkey = wolfSSL_d2i_PublicKey(EVP_PKEY_RSA, NULL, &p,
sizeof_client_keypub_der_2048));
/* Check that key can be successfully encoded. */
AssertIntGE((derLen = wolfSSL_i2d_PublicKey(pkey, &der)), 0);
/* Ensure that the encoded version matches the original. */
AssertIntEQ(derLen, sizeof_client_keypub_der_2048);
AssertIntEQ(XMEMCMP(der, client_keypub_der_2048, derLen), 0);
XFREE(der, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
EVP_PKEY_free(pkey);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_d2i_and_i2d_DSAparams(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_DSA)
DSA* dsa;
char file[] = "./certs/dsaparams.der";
XFILE f;
int derInLen;
byte* derIn;
int derOutLen;
byte* derOut = NULL;
printf(testingFmt, "test_wolfSSL_d2i_and_i2d_DSAparams()");
f = XFOPEN(file, "rb");
AssertTrue(f != XBADFILE);
AssertTrue(XFSEEK(f, 0, XSEEK_END) == 0);
derInLen = (int)XFTELL(f);
XREWIND(f);
AssertNotNull(derIn = (byte*)XMALLOC(derInLen, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER));
AssertIntEQ(XFREAD(derIn, 1, derInLen, f), derInLen);
XFCLOSE(f);
/* Check that params can be successfully decoded. */
AssertNotNull(dsa = d2i_DSAparams(NULL, (const byte**)&derIn, derInLen));
/* Check that params can be successfully encoded. */
AssertIntGE((derOutLen = i2d_DSAparams(dsa, &derOut)), 0);
/* Ensure that the encoded version matches the original. */
AssertIntEQ(derInLen, derOutLen);
AssertIntEQ(XMEMCMP(derIn, derOut, derInLen), 0);
XFREE(derIn, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(derOut, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
DSA_free(dsa);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_i2d_PrivateKey(void)
{
#if (!defined(NO_RSA) || defined(HAVE_ECC)) && defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(NO_PWDBASED)
printf(testingFmt, "wolfSSL_i2d_PrivateKey()");
#if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048)
{
EVP_PKEY* pkey;
const unsigned char* server_key = (const unsigned char*)server_key_der_2048;
unsigned char buf[FOURK_BUF];
unsigned char* pt = NULL;
int bufSz;
AssertNotNull(pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &server_key,
(long)sizeof_server_key_der_2048));
AssertIntEQ(i2d_PrivateKey(pkey, NULL), 1193);
pt = buf;
AssertIntEQ((bufSz = i2d_PrivateKey(pkey, &pt)), 1193);
AssertIntNE((pt - buf), 0);
AssertIntEQ(XMEMCMP(buf, server_key_der_2048, bufSz), 0);
EVP_PKEY_free(pkey);
}
#endif
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
{
EVP_PKEY* pkey;
const unsigned char* client_key =
(const unsigned char*)ecc_clikey_der_256;
unsigned char buf[FOURK_BUF];
unsigned char* pt = NULL;
int bufSz;
AssertNotNull((pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &client_key,
sizeof_ecc_clikey_der_256)));
AssertIntEQ(i2d_PrivateKey(pkey, NULL), 121);
pt = buf;
AssertIntEQ((bufSz = i2d_PrivateKey(pkey, &pt)), 121);
AssertIntNE((pt - buf), 0);
AssertIntEQ(XMEMCMP(buf, ecc_clikey_der_256, bufSz), 0);
EVP_PKEY_free(pkey);
}
#endif
printf(resultFmt, "passed");
#endif
}
static void test_wolfSSL_OCSP_id_get0_info(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)) && defined(HAVE_OCSP) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
X509* cert;
X509* issuer;
OCSP_CERTID* id;
OCSP_CERTID* id2;
ASN1_STRING* name = NULL;
ASN1_OBJECT* pmd = NULL;
ASN1_STRING* keyHash = NULL;
ASN1_INTEGER* serial = NULL;
ASN1_INTEGER* x509Int;
printf(testingFmt, "wolfSSL_OCSP_id_get0_info()");
AssertNotNull(cert =
wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM));
AssertNotNull(issuer =
wolfSSL_X509_load_certificate_file(caCertFile, SSL_FILETYPE_PEM));
id = OCSP_cert_to_id(NULL, cert, issuer);
AssertNotNull(id);
id2 = OCSP_cert_to_id(NULL, cert, issuer);
AssertNotNull(id2);
AssertIntEQ(OCSP_id_get0_info(NULL, NULL, NULL, NULL, NULL), 0);
AssertIntEQ(OCSP_id_get0_info(NULL, NULL, NULL, NULL, id), 1);
/* name, pmd, keyHash not supported yet, expect failure if not NULL */
AssertIntEQ(OCSP_id_get0_info(&name, NULL, NULL, NULL, id), 0);
AssertIntEQ(OCSP_id_get0_info(NULL, &pmd, NULL, NULL, id), 0);
AssertIntEQ(OCSP_id_get0_info(NULL, NULL, &keyHash, NULL, id), 0);
AssertIntEQ(OCSP_id_get0_info(NULL, NULL, NULL, &serial, id), 1);
AssertNotNull(serial);
/* compare serial number to one in cert, should be equal */
x509Int = X509_get_serialNumber(cert);
AssertNotNull(x509Int);
AssertIntEQ(x509Int->length, serial->length);
AssertIntEQ(XMEMCMP(x509Int->data, serial->data, serial->length), 0);
/* test OCSP_id_cmp */
AssertIntNE(OCSP_id_cmp(NULL, NULL), 0);
AssertIntNE(OCSP_id_cmp(id, NULL), 0);
AssertIntNE(OCSP_id_cmp(NULL, id2), 0);
AssertIntEQ(OCSP_id_cmp(id, id2), 0);
id->issuerHash[0] = ~id->issuerHash[0];
AssertIntNE(OCSP_id_cmp(id, id2), 0);
OCSP_CERTID_free(id);
OCSP_CERTID_free(id2);
X509_free(cert); /* free's x509Int */
X509_free(issuer);
printf(resultFmt, "passed");
#endif
}
static void test_wolfSSL_i2d_OCSP_CERTID(void)
{
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)) && defined(HAVE_OCSP)
WOLFSSL_OCSP_CERTID certId;
byte* targetBuffer;
byte* beginTargetBuffer;
/* OCSP CertID bytes taken from PCAP */
byte rawCertId[] = {
0x30, 0x49, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05,
0x00, 0x04, 0x14, 0x80, 0x51, 0x06, 0x01, 0x32, 0xad, 0x9a, 0xc2, 0x7d,
0x51, 0x87, 0xa0, 0xe8, 0x87, 0xfb, 0x01, 0x62, 0x01, 0x55, 0xee, 0x04,
0x14, 0x03, 0xde, 0x50, 0x35, 0x56, 0xd1, 0x4c, 0xbb, 0x66, 0xf0, 0xa3,
0xe2, 0x1b, 0x1b, 0xc3, 0x97, 0xb2, 0x3d, 0xd1, 0x55, 0x02, 0x10, 0x01,
0xfd, 0xa3, 0xeb, 0x6e, 0xca, 0x75, 0xc8, 0x88, 0x43, 0x8b, 0x72, 0x4b,
0xcf, 0xbc, 0x91
};
int ret, i;
printf(testingFmt, "wolfSSL_i2d_OCSP_CERTID()");
XMEMSET(&certId, 0, sizeof(WOLFSSL_OCSP_CERTID));
certId.rawCertId = rawCertId;
certId.rawCertIdSize = sizeof(rawCertId);
targetBuffer = (byte*)XMALLOC(sizeof(rawCertId), NULL, DYNAMIC_TYPE_TMP_BUFFER);
beginTargetBuffer = targetBuffer;
ret = wolfSSL_i2d_OCSP_CERTID(&certId, &targetBuffer);
/* If target buffer is not null, function increments targetBuffer to point
just past the end of the encoded data. */
AssertPtrEq(targetBuffer, (beginTargetBuffer + sizeof(rawCertId)));
/* Function returns the size of the encoded data. */
AssertIntEQ(ret, sizeof(rawCertId));
for (i = 0; i < ret; ++i)
{
AssertIntEQ(beginTargetBuffer[i], rawCertId[i]);
}
XFREE(beginTargetBuffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
targetBuffer = NULL;
ret = wolfSSL_i2d_OCSP_CERTID(&certId, &targetBuffer);
/* If target buffer is null, function allocates memory for a buffer and
copies the encoded data into it. targetBuffer then points to the start of
this newly allocate buffer. */
AssertIntEQ(ret, sizeof(rawCertId));
for (i = 0; i < ret; ++i)
{
AssertIntEQ(targetBuffer[i], rawCertId[i]);
}
XFREE(targetBuffer, NULL, DYNAMIC_TYPE_OPENSSL);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_OCSP_id_cmp(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
OCSP_CERTID id1;
OCSP_CERTID id2;
printf(testingFmt, "wolfSSL_OCSP_id_cmp()");
XMEMSET(&id1, 0, sizeof(id1));
XMEMSET(&id2, 0, sizeof(id2));
AssertIntEQ(OCSP_id_cmp(&id1, &id2), 0);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_OCSP_SINGLERESP_get0_id(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
WOLFSSL_OCSP_SINGLERESP single;
const WOLFSSL_OCSP_CERTID* certId;
XMEMSET(&single, 0, sizeof(single));
certId = wolfSSL_OCSP_SINGLERESP_get0_id(&single);
printf(testingFmt, "wolfSSL_OCSP_SINGLERESP_get0_id()");
AssertPtrEq(&single, certId);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_OCSP_single_get0_status(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
WOLFSSL_OCSP_SINGLERESP single;
CertStatus certStatus;
WOLFSSL_ASN1_TIME* thisDate;
WOLFSSL_ASN1_TIME* nextDate;
int ret, i;
printf(testingFmt, "wolfSSL_OCSP_single_get0_status()");
XMEMSET(&single, 0, sizeof(WOLFSSL_OCSP_SINGLERESP));
XMEMSET(&certStatus, 0, sizeof(CertStatus));
/* Fill the date fields with some dummy data. */
for (i = 0; i < CTC_DATE_SIZE; ++i) {
certStatus.thisDateParsed.data[i] = i;
certStatus.nextDateParsed.data[i] = i;
}
certStatus.status = CERT_GOOD;
single.status = &certStatus;
ret = wolfSSL_OCSP_single_get0_status(&single, NULL, NULL, &thisDate,
&nextDate);
AssertIntEQ(ret, CERT_GOOD);
AssertPtrEq(thisDate, &certStatus.thisDateParsed);
AssertPtrEq(nextDate, &certStatus.nextDateParsed);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_OCSP_resp_count(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
WOLFSSL_OCSP_BASICRESP basicResp;
WOLFSSL_OCSP_SINGLERESP singleRespOne;
WOLFSSL_OCSP_SINGLERESP singleRespTwo;
int count;
printf(testingFmt, "wolfSSL_OCSP_resp_count()");
XMEMSET(&basicResp, 0, sizeof(WOLFSSL_OCSP_BASICRESP));
XMEMSET(&singleRespOne, 0, sizeof(WOLFSSL_OCSP_SINGLERESP));
XMEMSET(&singleRespTwo, 0, sizeof(WOLFSSL_OCSP_SINGLERESP));
count = wolfSSL_OCSP_resp_count(&basicResp);
AssertIntEQ(count, 0);
basicResp.single = &singleRespOne;
count = wolfSSL_OCSP_resp_count(&basicResp);
AssertIntEQ(count, 1);
singleRespOne.next = &singleRespTwo;
count = wolfSSL_OCSP_resp_count(&basicResp);
AssertIntEQ(count, 2);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_OCSP_resp_get0(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
WOLFSSL_OCSP_BASICRESP basicResp;
WOLFSSL_OCSP_SINGLERESP singleRespOne;
WOLFSSL_OCSP_SINGLERESP singleRespTwo;
WOLFSSL_OCSP_SINGLERESP* ret;
printf(testingFmt, "wolfSSL_OCSP_resp_get0()");
XMEMSET(&basicResp, 0, sizeof(WOLFSSL_OCSP_BASICRESP));
XMEMSET(&singleRespOne, 0, sizeof(WOLFSSL_OCSP_SINGLERESP));
XMEMSET(&singleRespTwo, 0, sizeof(WOLFSSL_OCSP_SINGLERESP));
basicResp.single = &singleRespOne;
singleRespOne.next = &singleRespTwo;
ret = wolfSSL_OCSP_resp_get0(&basicResp, 0);
AssertPtrEq(ret, &singleRespOne);
ret = wolfSSL_OCSP_resp_get0(&basicResp, 1);
AssertPtrEq(ret, &singleRespTwo);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_derive(void)
{
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_OPENSSH)
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
#if (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) || defined(HAVE_ECC)
printf(testingFmt, "wolfSSL_EVP_PKEY_derive()");
EVP_PKEY_CTX *ctx;
unsigned char *skey;
size_t skeylen;
EVP_PKEY *pkey, *peerkey;
const unsigned char* key;
#if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)
/* DH */
key = dh_key_der_2048;
AssertNotNull((pkey = d2i_PrivateKey(EVP_PKEY_DH, NULL, &key,
sizeof_dh_key_der_2048)));
AssertIntEQ(DH_generate_key(EVP_PKEY_get0_DH(pkey)), 1);
key = dh_key_der_2048;
AssertNotNull((peerkey = d2i_PrivateKey(EVP_PKEY_DH, NULL, &key,
sizeof_dh_key_der_2048)));
AssertIntEQ(DH_generate_key(EVP_PKEY_get0_DH(peerkey)), 1);
AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
AssertIntEQ(EVP_PKEY_derive_init(ctx), 1);
AssertIntEQ(EVP_PKEY_derive_set_peer(ctx, peerkey), 1);
AssertIntEQ(EVP_PKEY_derive(ctx, NULL, &skeylen), 1);
AssertNotNull(skey = (unsigned char*)XMALLOC(skeylen, NULL, DYNAMIC_TYPE_OPENSSL));
AssertIntEQ(EVP_PKEY_derive(ctx, skey, &skeylen), 1);
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(peerkey);
EVP_PKEY_free(pkey);
XFREE(skey, NULL, DYNAMIC_TYPE_OPENSSL);
#endif
#ifdef HAVE_ECC
/* ECDH */
key = ecc_clikey_der_256;
AssertNotNull((pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &key,
sizeof_ecc_clikey_der_256)));
key = ecc_clikeypub_der_256;
AssertNotNull((peerkey = d2i_PUBKEY(NULL, &key,
sizeof_ecc_clikeypub_der_256)));
AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
AssertIntEQ(EVP_PKEY_derive_init(ctx), 1);
AssertIntEQ(EVP_PKEY_derive_set_peer(ctx, peerkey), 1);
AssertIntEQ(EVP_PKEY_derive(ctx, NULL, &skeylen), 1);
AssertNotNull(skey = (unsigned char*)XMALLOC(skeylen, NULL, DYNAMIC_TYPE_OPENSSL));
AssertIntEQ(EVP_PKEY_derive(ctx, skey, &skeylen), 1);
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(peerkey);
EVP_PKEY_free(pkey);
XFREE(skey, NULL, DYNAMIC_TYPE_OPENSSL);
#endif /* HAVE_ECC */
printf(resultFmt, "passed");
#endif /* (!NO_DH && WOLFSSL_DH_EXTRA) || HAVE_ECC */
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
#endif /* OPENSSL_ALL || WOLFSSL_QT || WOLFSSL_OPENSSH */
}
static void test_wolfSSL_EVP_PBE_scrypt(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_SCRYPT) && defined(HAVE_PBKDF2) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 5))
#if !defined(NO_PWDBASED) && !defined(NO_SHA256)
int ret;
const char pwd[] = {'p','a','s','s','w','o','r','d'};
int pwdlen = sizeof(pwd);
const byte salt[] = {'N','a','C','l'};
int saltlen = sizeof(salt);
byte key[80];
word64 numOvr32 = (word64)INT32_MAX + 1;
/* expected derived key for N:16, r:1, p:1 */
const byte expectedKey[] = {
0xAE, 0xC6, 0xB7, 0x48, 0x3E, 0xD2, 0x6E, 0x08, 0x80, 0x2B,
0x41, 0xF4, 0x03, 0x20, 0x86, 0xA0, 0xE8, 0x86, 0xBE, 0x7A,
0xC4, 0x8F, 0xCF, 0xD9, 0x2F, 0xF0, 0xCE, 0xF8, 0x10, 0x97,
0x52, 0xF4, 0xAC, 0x74, 0xB0, 0x77, 0x26, 0x32, 0x56, 0xA6,
0x5A, 0x99, 0x70, 0x1B, 0x7A, 0x30, 0x4D, 0x46, 0x61, 0x1C,
0x8A, 0xA3, 0x91, 0xE7, 0x99, 0xCE, 0x10, 0xA2, 0x77, 0x53,
0xE7, 0xE9, 0xC0, 0x9A};
printf(testingFmt, "wolfSSL_EVP_PBE_scrypt()");
/* N r p mx key keylen */
ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 0, 1, 1, 0, key, 64);
AssertIntEQ(ret, 0); /* N must be greater than 1 */
ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 3, 1, 1, 0, key, 64);
AssertIntEQ(ret, 0); /* N must be power of 2 */
ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 0, 1, 0, key, 64);
AssertIntEQ(ret, 0); /* r must be greater than 0 */
ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 0, 0, key, 64);
AssertIntEQ(ret, 0); /* p must be greater than 0 */
ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 1, 0, key, 0);
AssertIntEQ(ret, 0); /* keylen must be greater than 0 */
ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 9, 1, 0, key, 64);
AssertIntEQ(ret, 0); /* r must be smaller than 9 */
ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 1, 0, NULL, 64);
AssertIntEQ(ret, 1); /* should succeed if key is NULL */
ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 1, 0, key, 64);
AssertIntEQ(ret, 1); /* should succeed */
ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, numOvr32, 1, 0,
key, 64);
AssertIntEQ(ret, 0); /* should fail since r is greater than INT32_MAC */
ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, numOvr32, 0,
key, 64);
AssertIntEQ(ret, 0); /* should fail since p is greater than INT32_MAC */
ret = EVP_PBE_scrypt(pwd, pwdlen, NULL, 0, 2, 1, 1, 0, key, 64);
AssertIntEQ(ret, 1); /* should succeed even if salt is NULL */
ret = EVP_PBE_scrypt(pwd, pwdlen, NULL, 4, 2, 1, 1, 0, key, 64);
AssertIntEQ(ret, 0); /* if salt is NULL, saltlen must be 0, otherwise fail*/
ret = EVP_PBE_scrypt(NULL, 0, salt, saltlen, 2, 1, 1, 0, key, 64);
AssertIntEQ(ret, 1); /* should succeed if pwd is NULL and pwdlen is 0*/
ret = EVP_PBE_scrypt(NULL, 4, salt, saltlen, 2, 1, 1, 0, key, 64);
AssertIntEQ(ret, 0); /* if pwd is NULL, pwdlen must be 0 */
ret = EVP_PBE_scrypt(NULL, 0, NULL, 0, 2, 1, 1, 0, key, 64);
AssertIntEQ(ret, 1); /* should succeed even both pwd and salt are NULL */
ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 16, 1, 1, 0, key, 64);
AssertIntEQ(ret, 1);
ret = XMEMCMP(expectedKey, key, sizeof(expectedKey));
AssertIntEQ(ret, 0); /* derived key must be the same as expected-key */
printf(resultFmt, "passed");
#endif /* !NO_PWDBASED && !NO_SHA256 */
#endif /* OPENSSL_EXTRA && HAVE_SCRYPT && HAVE_PBKDF2 */
}
#ifndef NO_RSA
static void test_wolfSSL_RSA_padding_add_PKCS1_PSS(void)
{
#if defined(OPENSSL_ALL) && defined(WC_RSA_PSS) && !defined(WC_NO_RNG)
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
RSA *rsa;
const unsigned char *derBuf = client_key_der_2048;
unsigned char em[256] = {0}; /* len = 2048/8 */
/* Random data simulating a hash */
const unsigned char mHash[WC_SHA256_DIGEST_SIZE] = {
0x28, 0x6e, 0xfd, 0xf8, 0x76, 0xc7, 0x00, 0x3d, 0x91, 0x4e, 0x59, 0xe4,
0x8e, 0xb7, 0x40, 0x7b, 0xd1, 0x0c, 0x98, 0x4b, 0xe3, 0x3d, 0xb3, 0xeb,
0x6f, 0x8a, 0x3c, 0x42, 0xab, 0x21, 0xad, 0x28
};
AssertNotNull(d2i_RSAPrivateKey(&rsa, &derBuf, sizeof_client_key_der_2048));
AssertIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(), -1), 1);
AssertIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em, -1), 1);
RSA_free(rsa);
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
#endif /* OPENSSL_ALL && WC_RSA_PSS && !WC_NO_RNG*/
}
#endif
static void test_wolfSSL_RSA_sign_sha3(void)
{
#if !defined(NO_RSA) && defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
#if defined(OPENSSL_ALL) && defined(WC_RSA_PSS) && !defined(WC_NO_RNG)
RSA *rsa;
const unsigned char *derBuf = client_key_der_2048;
unsigned char sigRet[256] = {0};
unsigned int sigLen = sizeof(sigRet);
/* Random data simulating a hash */
const unsigned char mHash[WC_SHA3_256_DIGEST_SIZE] = {
0x28, 0x6e, 0xfd, 0xf8, 0x76, 0xc7, 0x00, 0x3d, 0x91, 0x4e, 0x59, 0xe4,
0x8e, 0xb7, 0x40, 0x7b, 0xd1, 0x0c, 0x98, 0x4b, 0xe3, 0x3d, 0xb3, 0xeb,
0x6f, 0x8a, 0x3c, 0x42, 0xab, 0x21, 0xad, 0x28
};
printf(testingFmt, "wolfSSL_RSA_sign_sha3");
AssertNotNull(d2i_RSAPrivateKey(&rsa, &derBuf, sizeof_client_key_der_2048));
AssertIntEQ(RSA_sign(NID_sha3_256, mHash, sizeof(mHash), sigRet,
&sigLen, rsa), 1);
RSA_free(rsa);
printf(resultFmt, passed);
#endif /* OPENSSL_ALL && WC_RSA_PSS && !WC_NO_RNG*/
#endif /* !NO_RSA && WOLFSSL_SHA3 && !WOLFSSL_NOSHA3_256*/
}
static void test_wolfSSL_EC_get_builtin_curves(void)
{
#if defined(HAVE_ECC) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL))
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
EC_builtin_curve* curves = NULL;
size_t crv_len = 0;
size_t i = 0;
printf(testingFmt, "wolfSSL_EC_get_builtin_curves");
AssertIntGT((crv_len = EC_get_builtin_curves(NULL, 0)), 0);
AssertNotNull(curves = (EC_builtin_curve*)
XMALLOC(sizeof(EC_builtin_curve)*crv_len, NULL,
DYNAMIC_TYPE_TMP_BUFFER));
AssertIntEQ(EC_get_builtin_curves(curves, crv_len), crv_len);
for (i = 0; i < crv_len; i++)
{
if (curves[i].comment != NULL)
AssertStrEQ(OBJ_nid2sn(curves[i].nid), curves[i].comment);
}
XFREE(curves, NULL, DYNAMIC_TYPE_TMP_BUFFER);
printf(resultFmt, passed);
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
#endif /* defined(HAVE_ECC) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) */
}
static void test_no_op_functions(void)
{
#if defined(OPENSSL_EXTRA)
printf(testingFmt, "no_op_functions()");
/* this makes sure wolfSSL can compile and run these no-op functions */
SSL_load_error_strings();
ENGINE_load_builtin_engines();
OpenSSL_add_all_ciphers();
AssertIntEQ(CRYPTO_malloc_init(), 0);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_CRYPTO_memcmp(void)
{
#ifdef OPENSSL_EXTRA
char a[] = "wolfSSL (formerly CyaSSL) is a small, fast, portable "
"implementation of TLS/SSL for embedded devices to the cloud.";
char b[] = "wolfSSL (formerly CyaSSL) is a small, fast, portable "
"implementation of TLS/SSL for embedded devices to the cloud.";
char c[] = "wolfSSL (formerly CyaSSL) is a small, fast, portable "
"implementation of TLS/SSL for embedded devices to the cloud!";
AssertIntEQ(CRYPTO_memcmp(a, b, sizeof(a)), 0);
AssertIntNE(CRYPTO_memcmp(a, c, sizeof(a)), 0);
#endif
}
/*----------------------------------------------------------------------------*
| wolfCrypt ASN
*----------------------------------------------------------------------------*/
static void test_wc_CreateEncryptedPKCS8Key(void)
{
#if defined(HAVE_PKCS8) && !defined(NO_PWDBASED) && defined(WOLFSSL_AES_256) \
&& !defined(NO_AES_CBC) && !defined(NO_RSA) && !defined(NO_SHA)
WC_RNG rng;
byte* encKey = NULL;
word32 encKeySz = 0;
word32 decKeySz = 0;
const char password[] = "Lorem ipsum dolor sit amet";
word32 passwordSz = (word32)XSTRLEN(password);
word32 tradIdx = 0;
printf(testingFmt, "test_wc_CreateEncryptedPKCS8Key");
AssertIntEQ(wc_InitRng(&rng), 0);
/* Call with NULL for out buffer to get necessary length. */
AssertIntEQ(wc_CreateEncryptedPKCS8Key((byte*)server_key_der_2048,
sizeof_server_key_der_2048, NULL, &encKeySz, password, passwordSz,
PKCS5, PBES2, AES256CBCb, NULL, 0, WC_PKCS12_ITT_DEFAULT, &rng, NULL),
LENGTH_ONLY_E);
AssertNotNull(encKey = (byte*)XMALLOC(encKeySz, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER));
/* Call with the allocated out buffer. */
AssertIntGT(wc_CreateEncryptedPKCS8Key((byte*)server_key_der_2048,
sizeof_server_key_der_2048, encKey, &encKeySz, password, passwordSz,
PKCS5, PBES2, AES256CBCb, NULL, 0, WC_PKCS12_ITT_DEFAULT, &rng, NULL),
0);
/* Decrypt the encrypted PKCS8 key we just made. */
AssertIntGT((decKeySz = wc_DecryptPKCS8Key(encKey, encKeySz, password,
passwordSz)), 0);
/* encKey now holds the decrypted key (decrypted in place). */
AssertIntGT(wc_GetPkcs8TraditionalOffset(encKey, &tradIdx, decKeySz), 0);
/* Check that the decrypted key matches the key prior to encryption. */
AssertIntEQ(XMEMCMP(encKey + tradIdx, server_key_der_2048,
sizeof_server_key_der_2048), 0);
if (encKey != NULL)
XFREE(encKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
wc_FreeRng(&rng);
printf(resultFmt, passed);
#endif
}
static void test_wc_GetPkcs8TraditionalOffset(void)
{
#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(HAVE_PKCS8)
int length, derSz;
word32 inOutIdx;
const char* path = "./certs/server-keyPkcs8.der";
XFILE file;
byte der[2048];
printf(testingFmt, "wc_GetPkcs8TraditionalOffset");
file = XFOPEN(path, "rb");
AssertTrue(file != XBADFILE);
derSz = (int)XFREAD(der, 1, sizeof(der), file);
XFCLOSE(file);
/* valid case */
inOutIdx = 0;
length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, derSz);
AssertIntGT(length, 0);
/* inOutIdx > sz */
inOutIdx = 4000;
length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, derSz);
AssertIntEQ(length, BAD_FUNC_ARG);
/* null input */
inOutIdx = 0;
length = wc_GetPkcs8TraditionalOffset(NULL, &inOutIdx, 0);
AssertIntEQ(length, BAD_FUNC_ARG);
/* invalid input, fill buffer with 1's */
XMEMSET(der, 1, sizeof(der));
inOutIdx = 0;
length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, derSz);
AssertIntEQ(length, ASN_PARSE_E);
printf(resultFmt, passed);
#endif /* NO_ASN */
}
static void test_wc_SetSubjectRaw(void)
{
#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA)
const char* joiCertFile = "./certs/test/cert-ext-joi.der";
WOLFSSL_X509* x509;
int peerCertSz;
const byte* peerCertBuf;
Cert forgedCert;
printf(testingFmt, "test_wc_SetSubjectRaw()");
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile, WOLFSSL_FILETYPE_ASN1));
AssertNotNull(peerCertBuf = wolfSSL_X509_get_der(x509, &peerCertSz));
AssertIntEQ(0, wc_InitCert(&forgedCert));
AssertIntEQ(0, wc_SetSubjectRaw(&forgedCert, peerCertBuf, peerCertSz));
wolfSSL_FreeX509(x509);
printf(resultFmt, passed);
#endif
}
static void test_wc_GetSubjectRaw(void)
{
#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)
Cert cert;
byte *subjectRaw;
printf(testingFmt, "test_wc_GetSubjectRaw()");
AssertIntEQ(0, wc_InitCert(&cert));
AssertIntEQ(0, wc_GetSubjectRaw(&subjectRaw, &cert));
printf(resultFmt, passed);
#endif
}
static void test_wc_SetIssuerRaw(void)
{
#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA)
const char* joiCertFile = "./certs/test/cert-ext-joi.der";
WOLFSSL_X509* x509;
int peerCertSz;
const byte* peerCertBuf;
Cert forgedCert;
printf(testingFmt, "test_wc_SetIssuerRaw()");
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile, WOLFSSL_FILETYPE_ASN1));
AssertNotNull(peerCertBuf = wolfSSL_X509_get_der(x509, &peerCertSz));
AssertIntEQ(0, wc_InitCert(&forgedCert));
AssertIntEQ(0, wc_SetIssuerRaw(&forgedCert, peerCertBuf, peerCertSz));
wolfSSL_FreeX509(x509);
printf(resultFmt, passed);
#endif
}
static void test_wc_SetIssueBuffer(void)
{
#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA)
const char* joiCertFile = "./certs/test/cert-ext-joi.der";
WOLFSSL_X509* x509;
int peerCertSz;
const byte* peerCertBuf;
Cert forgedCert;
printf(testingFmt, "test_wc_SetIssuerBuffer()");
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile, WOLFSSL_FILETYPE_ASN1));
AssertNotNull(peerCertBuf = wolfSSL_X509_get_der(x509, &peerCertSz));
AssertIntEQ(0, wc_InitCert(&forgedCert));
AssertIntEQ(0, wc_SetIssuerBuffer(&forgedCert, peerCertBuf, peerCertSz));
wolfSSL_FreeX509(x509);
printf(resultFmt, passed);
#endif
}
/*
* Testing wc_SetSubjectKeyId
*/
static void test_wc_SetSubjectKeyId(void)
{
#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)
Cert cert;
const char* file = "certs/ecc-client-keyPub.pem";
printf(testingFmt, "wc_SetSubjectKeyId()");
AssertIntEQ(0, wc_InitCert(&cert));
AssertIntEQ(0, wc_SetSubjectKeyId(&cert, file));
AssertIntEQ(BAD_FUNC_ARG, wc_SetSubjectKeyId(NULL, file));
AssertIntGT(0, wc_SetSubjectKeyId(&cert, "badfile.name"));
printf(resultFmt, passed);
#endif
} /* END test_wc_SetSubjectKeyId */
/*
* Testing wc_SetSubject
*/
static void test_wc_SetSubject(void)
{
#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)
Cert cert;
const char* file = "./certs/ca-ecc-cert.pem";
printf(testingFmt, "wc_SetSubject()");
AssertIntEQ(0, wc_InitCert(&cert));
AssertIntEQ(0, wc_SetSubject(&cert, file));
AssertIntEQ(BAD_FUNC_ARG, wc_SetSubject(NULL, file));
AssertIntGT(0, wc_SetSubject(&cert, "badfile.name"));
printf(resultFmt, passed);
#endif
} /* END test_wc_SetSubject */
static void test_CheckCertSignature(void)
{
#if !defined(NO_CERTS) && defined(WOLFSSL_SMALL_CERT_VERIFY)
WOLFSSL_CERT_MANAGER* cm = NULL;
#if !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || defined(HAVE_ECC))
FILE* fp;
byte cert[4096];
int certSz;
#endif
AssertIntEQ(BAD_FUNC_ARG, CheckCertSignature(NULL, 0, NULL, NULL));
AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
AssertIntEQ(BAD_FUNC_ARG, CheckCertSignature(NULL, 0, NULL, cm));
#ifndef NO_RSA
#ifdef USE_CERT_BUFFERS_1024
AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(server_cert_der_1024,
sizeof_server_cert_der_1024, NULL, cm));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
ca_cert_der_1024, sizeof_ca_cert_der_1024,
WOLFSSL_FILETYPE_ASN1));
AssertIntEQ(0, CheckCertSignature(server_cert_der_1024,
sizeof_server_cert_der_1024, NULL, cm));
#elif defined(USE_CERT_BUFFERS_2048)
AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(server_cert_der_2048,
sizeof_server_cert_der_2048, NULL, cm));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
ca_cert_der_2048, sizeof_ca_cert_der_2048,
WOLFSSL_FILETYPE_ASN1));
AssertIntEQ(0, CheckCertSignature(server_cert_der_2048,
sizeof_server_cert_der_2048, NULL, cm));
#endif
#endif
#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(serv_ecc_der_256,
sizeof_serv_ecc_der_256, NULL, cm));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
ca_ecc_cert_der_256, sizeof_ca_ecc_cert_der_256,
WOLFSSL_FILETYPE_ASN1));
AssertIntEQ(0, CheckCertSignature(serv_ecc_der_256, sizeof_serv_ecc_der_256,
NULL, cm));
#endif
#if !defined(NO_FILESYSTEM)
wolfSSL_CertManagerFree(cm);
AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
#ifndef NO_RSA
AssertNotNull(fp = XFOPEN("./certs/server-cert.der", "rb"));
AssertIntGT((certSz = (int)XFREAD(cert, 1, sizeof(cert), fp)), 0);
XFCLOSE(fp);
AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(cert, certSz, NULL, cm));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
"./certs/ca-cert.pem", NULL));
AssertIntEQ(0, CheckCertSignature(cert, certSz, NULL, cm));
#endif
#ifdef HAVE_ECC
AssertNotNull(fp = XFOPEN("./certs/server-ecc.der", "rb"));
AssertIntGT((certSz = (int)XFREAD(cert, 1, sizeof(cert), fp)), 0);
XFCLOSE(fp);
AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(cert, certSz, NULL, cm));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
"./certs/ca-ecc-cert.pem", NULL));
AssertIntEQ(0, CheckCertSignature(cert, certSz, NULL, cm));
#endif
#endif
#if !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || defined(HAVE_ECC))
(void)fp;
(void)cert;
(void)certSz;
#endif
wolfSSL_CertManagerFree(cm);
#endif
}
static void test_wc_ParseCert(void)
{
#if !defined(NO_CERTS) && !defined(NO_RSA)
DecodedCert decodedCert;
const byte* rawCert = client_cert_der_2048;
const int rawCertSize = sizeof_client_cert_der_2048;
printf(testingFmt, "wc_ParseCert");
wc_InitDecodedCert(&decodedCert, rawCert, rawCertSize, NULL);
AssertIntEQ(wc_ParseCert(&decodedCert, CERT_TYPE, NO_VERIFY, NULL), 0);
wc_FreeDecodedCert(&decodedCert);
printf(resultFmt, passed);
#endif
}
/*----------------------------------------------------------------------------*
| wolfCrypt ECC
*----------------------------------------------------------------------------*/
static void test_wc_ecc_get_curve_size_from_name(void)
{
#ifdef HAVE_ECC
int ret;
printf(testingFmt, "wc_ecc_get_curve_size_from_name");
#if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
ret = wc_ecc_get_curve_size_from_name("SECP256R1");
AssertIntEQ(ret, 32);
#endif
/* invalid case */
ret = wc_ecc_get_curve_size_from_name("BADCURVE");
AssertIntEQ(ret, -1);
/* NULL input */
ret = wc_ecc_get_curve_size_from_name(NULL);
AssertIntEQ(ret, BAD_FUNC_ARG);
printf(resultFmt, passed);
#endif /* HAVE_ECC */
}
static void test_wc_ecc_get_curve_id_from_name(void)
{
#ifdef HAVE_ECC
int id;
printf(testingFmt, "wc_ecc_get_curve_id_from_name");
#if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
id = wc_ecc_get_curve_id_from_name("SECP256R1");
AssertIntEQ(id, ECC_SECP256R1);
#endif
/* invalid case */
id = wc_ecc_get_curve_id_from_name("BADCURVE");
AssertIntEQ(id, -1);
/* NULL input */
id = wc_ecc_get_curve_id_from_name(NULL);
AssertIntEQ(id, BAD_FUNC_ARG);
printf(resultFmt, passed);
#endif /* HAVE_ECC */
}
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && \
!defined(HAVE_SELFTEST) && \
!(defined(HAVE_FIPS) || defined(HAVE_FIPS_VERSION))
static void test_wc_ecc_get_curve_id_from_dp_params(void)
{
int id;
#if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
int curve_id;
ecc_key* key;
const ecc_set_type* params;
int ret;
#endif
WOLFSSL_EC_KEY *ecKey = NULL;
printf(testingFmt, "wc_ecc_get_curve_id_from_dp_params");
#if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
id = wc_ecc_get_curve_id_from_name("SECP256R1");
AssertIntEQ(id, ECC_SECP256R1);
ecKey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
AssertNotNull(ecKey);
ret = EC_KEY_generate_key(ecKey);
if (ret == 0) {
/* normal test */
key = (ecc_key*)ecKey->internal;
params = key->dp;
curve_id = wc_ecc_get_curve_id_from_dp_params(params);
AssertIntEQ(curve_id, id);
}
#endif
/* invalid case, NULL input*/
id = wc_ecc_get_curve_id_from_dp_params(NULL);
AssertIntEQ(id, BAD_FUNC_ARG);
wolfSSL_EC_KEY_free(ecKey);
printf(resultFmt, passed);
}
#endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */
static void test_wc_ecc_get_curve_id_from_params(void)
{
#ifdef HAVE_ECC
int id;
const byte prime[] =
{
0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
};
const byte primeInvalid[] =
{
0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x01,0x01
};
const byte Af[] =
{
0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFC
};
const byte Bf[] =
{
0x5A,0xC6,0x35,0xD8,0xAA,0x3A,0x93,0xE7,
0xB3,0xEB,0xBD,0x55,0x76,0x98,0x86,0xBC,
0x65,0x1D,0x06,0xB0,0xCC,0x53,0xB0,0xF6,
0x3B,0xCE,0x3C,0x3E,0x27,0xD2,0x60,0x4B
};
const byte order[] =
{
0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xBC,0xE6,0xFA,0xAD,0xA7,0x17,0x9E,0x84,
0xF3,0xB9,0xCA,0xC2,0xFC,0x63,0x25,0x51
};
const byte Gx[] =
{
0x6B,0x17,0xD1,0xF2,0xE1,0x2C,0x42,0x47,
0xF8,0xBC,0xE6,0xE5,0x63,0xA4,0x40,0xF2,
0x77,0x03,0x7D,0x81,0x2D,0xEB,0x33,0xA0,
0xF4,0xA1,0x39,0x45,0xD8,0x98,0xC2,0x96
};
const byte Gy[] =
{
0x4F,0xE3,0x42,0xE2,0xFE,0x1A,0x7F,0x9B,
0x8E,0xE7,0xEB,0x4A,0x7C,0x0F,0x9E,0x16,
0x2B,0xCE,0x33,0x57,0x6B,0x31,0x5E,0xCE,
0xCB,0xB6,0x40,0x68,0x37,0xBF,0x51,0xF5
};
int cofactor = 1;
int fieldSize = 256;
printf(testingFmt, "wc_ecc_get_curve_id_from_params");
#if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
id = wc_ecc_get_curve_id_from_params(fieldSize, prime, sizeof(prime),
Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order),
Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor);
AssertIntEQ(id, ECC_SECP256R1);
#endif
/* invalid case, fieldSize = 0 */
id = wc_ecc_get_curve_id_from_params(0, prime, sizeof(prime),
Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order),
Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor);
AssertIntEQ(id, ECC_CURVE_INVALID);
/* invalid case, NULL prime */
id = wc_ecc_get_curve_id_from_params(fieldSize, NULL, sizeof(prime),
Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order),
Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor);
AssertIntEQ(id, BAD_FUNC_ARG);
/* invalid case, invalid prime */
id = wc_ecc_get_curve_id_from_params(fieldSize,
primeInvalid, sizeof(primeInvalid),
Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order),
Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor);
AssertIntEQ(id, ECC_CURVE_INVALID);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_encrypt(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
!defined(HAVE_FAST_RSA)
WOLFSSL_RSA* rsa = NULL;
WOLFSSL_EVP_PKEY* pkey = NULL;
WOLFSSL_EVP_PKEY_CTX* ctx = NULL;
const char* in = "What is easy to do is easy not to do.";
size_t inlen = XSTRLEN(in);
size_t outEncLen = 0;
byte* outEnc = NULL;
byte* outDec = NULL;
size_t outDecLen = 0;
size_t rsaKeySz = 2048/8; /* Bytes */
#ifdef WC_RSA_NO_PADDING
byte* inTmp = NULL;
byte* outEncTmp = NULL;
byte* outDecTmp = NULL;
#endif
printf(testingFmt, "wolfSSL_EVP_PKEY_encrypt()");
AssertNotNull(outEnc = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
XMEMSET(outEnc, 0, rsaKeySz);
AssertNotNull(outDec = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
XMEMSET(outDec, 0, rsaKeySz);
AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
AssertIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS);
AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
AssertIntEQ(EVP_PKEY_encrypt_init(ctx), WOLFSSL_SUCCESS);
AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING),
WOLFSSL_SUCCESS);
/* Test pkey references count is decremented. pkey shouldn't be destroyed
since ctx uses it.*/
AssertIntEQ(pkey->references, 2);
EVP_PKEY_free(pkey);
AssertIntEQ(pkey->references, 1);
/* Encrypt data */
/* Check that we can get the required output buffer length by passing in a
* NULL output buffer. */
AssertIntEQ(EVP_PKEY_encrypt(ctx, NULL, &outEncLen,
(const unsigned char*)in, inlen), WOLFSSL_SUCCESS);
AssertIntEQ(rsaKeySz, outEncLen);
/* Now do the actual encryption. */
AssertIntEQ(EVP_PKEY_encrypt(ctx, outEnc, &outEncLen,
(const unsigned char*)in, inlen), WOLFSSL_SUCCESS);
/* Decrypt data */
AssertIntEQ(EVP_PKEY_decrypt_init(ctx), WOLFSSL_SUCCESS);
/* Check that we can get the required output buffer length by passing in a
* NULL output buffer. */
AssertIntEQ(EVP_PKEY_decrypt(ctx, NULL, &outDecLen, outEnc, outEncLen),
WOLFSSL_SUCCESS);
AssertIntEQ(rsaKeySz, outDecLen);
/* Now do the actual decryption. */
AssertIntEQ(EVP_PKEY_decrypt(ctx, outDec, &outDecLen, outEnc, outEncLen),
WOLFSSL_SUCCESS);
AssertIntEQ(XMEMCMP(in, outDec, outDecLen), 0);
#ifdef WC_RSA_NO_PADDING
/* The input length must be the same size as the RSA key.*/
AssertNotNull(inTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
XMEMSET(inTmp, 9, rsaKeySz);
AssertNotNull(outEncTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
XMEMSET(outEncTmp, 0, rsaKeySz);
AssertNotNull(outDecTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
XMEMSET(outDecTmp, 0, rsaKeySz);
AssertIntEQ(EVP_PKEY_encrypt_init(ctx), WOLFSSL_SUCCESS);
AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING),
WOLFSSL_SUCCESS);
AssertIntEQ(EVP_PKEY_encrypt(ctx, outEncTmp, &outEncLen, inTmp, rsaKeySz),
WOLFSSL_SUCCESS);
AssertIntEQ(EVP_PKEY_decrypt_init(ctx), WOLFSSL_SUCCESS);
AssertIntEQ(EVP_PKEY_decrypt(ctx, outDecTmp, &outDecLen, outEncTmp, outEncLen),
WOLFSSL_SUCCESS);
AssertIntEQ(XMEMCMP(inTmp, outDecTmp, outDecLen), 0);
#endif
EVP_PKEY_CTX_free(ctx);
XFREE(outEnc, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(outDec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WC_RSA_NO_PADDING
XFREE(inTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(outEncTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(outDecTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_sign(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
!defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST)
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
WOLFSSL_RSA* rsa = NULL;
WOLFSSL_EVP_PKEY* pkey = NULL;
WOLFSSL_EVP_PKEY_CTX* ctx = NULL;
const char* in = "What is easy to do is easy not to do.";
size_t inlen = XSTRLEN(in);
byte hash[SHA256_DIGEST_LENGTH] = {0};
SHA256_CTX c;
byte* sig = NULL;
byte* sigVerify = NULL;
size_t siglen = 0;
size_t rsaKeySz = 2048/8; /* Bytes */
printf(testingFmt, "wolfSSL_EVP_PKEY_sign()");
sig = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
AssertNotNull(sig);
XMEMSET(sig, 0, rsaKeySz);
AssertNotNull(sigVerify = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
XMEMSET(sigVerify, 0, rsaKeySz);
/* Generate hash */
SHA256_Init(&c);
SHA256_Update(&c, in, inlen);
SHA256_Final(hash, &c);
#ifdef WOLFSSL_SMALL_STACK_CACHE
/* workaround for small stack cache case */
wc_Sha256Free((wc_Sha256*)&c);
#endif
AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
AssertIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS);
AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
AssertIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS);
AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING),
WOLFSSL_SUCCESS);
/* Sign data */
AssertIntEQ(EVP_PKEY_sign(ctx, sig, &siglen, hash, SHA256_DIGEST_LENGTH),
WOLFSSL_SUCCESS);
/* Verify signature.
EVP_PKEY_verify() doesn't exist yet, so use RSA_public_decrypt(). */
AssertIntEQ(RSA_public_decrypt((int)siglen, sig, sigVerify,
rsa, RSA_PKCS1_PADDING), SHA256_DIGEST_LENGTH);
AssertIntEQ(XMEMCMP(hash, sigVerify, SHA256_DIGEST_LENGTH), 0);
/* error cases */
AssertIntNE(EVP_PKEY_sign_init(NULL), WOLFSSL_SUCCESS);
ctx->pkey->type = EVP_PKEY_RSA;
AssertIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS);
AssertIntNE(EVP_PKEY_sign(NULL, sig, &siglen, (byte*)in, inlen),
WOLFSSL_SUCCESS);
AssertIntEQ(EVP_PKEY_sign(ctx, sig, &siglen, (byte*)in, inlen),
WOLFSSL_SUCCESS);
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(ctx);
XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(sigVerify, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
printf(resultFmt, passed);
#endif
}
static void test_EVP_PKEY_rsa(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
WOLFSSL_RSA* rsa;
WOLFSSL_EVP_PKEY* pkey;
AssertNotNull(rsa = wolfSSL_RSA_new());
AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
AssertIntEQ(EVP_PKEY_assign_RSA(NULL, rsa), WOLFSSL_FAILURE);
AssertIntEQ(EVP_PKEY_assign_RSA(pkey, NULL), WOLFSSL_FAILURE);
AssertIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS);
AssertPtrEq(EVP_PKEY_get0_RSA(pkey), rsa);
wolfSSL_EVP_PKEY_free(pkey);
printf(resultFmt, passed);
#endif
}
static void test_EVP_PKEY_ec(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
WOLFSSL_EC_KEY* ecKey;
WOLFSSL_EVP_PKEY* pkey;
AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
AssertIntEQ(EVP_PKEY_assign_EC_KEY(NULL, ecKey), WOLFSSL_FAILURE);
AssertIntEQ(EVP_PKEY_assign_EC_KEY(pkey, NULL), WOLFSSL_FAILURE);
/* Should fail since ecKey is empty */
AssertIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
AssertIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS);
wolfSSL_EVP_PKEY_free(pkey);
printf(resultFmt, passed);
#endif
#endif
}
static void test_EVP_PKEY_cmp(void)
{
#if defined(OPENSSL_EXTRA)
EVP_PKEY *a, *b;
const unsigned char *in;
printf(testingFmt, "wolfSSL_EVP_PKEY_cmp()");
#if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048)
in = client_key_der_2048;
AssertNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
&in, (long)sizeof_client_key_der_2048));
in = client_key_der_2048;
AssertNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
&in, (long)sizeof_client_key_der_2048));
/* Test success case RSA */
#if defined(WOLFSSL_ERROR_CODE_OPENSSL)
AssertIntEQ(EVP_PKEY_cmp(a, b), 1);
#else
AssertIntEQ(EVP_PKEY_cmp(a, b), 0);
#endif /* WOLFSSL_ERROR_CODE_OPENSSL */
EVP_PKEY_free(b);
EVP_PKEY_free(a);
#endif
#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
in = ecc_clikey_der_256;
AssertNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL,
&in, (long)sizeof_ecc_clikey_der_256));
in = ecc_clikey_der_256;
AssertNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL,
&in, (long)sizeof_ecc_clikey_der_256));
/* Test success case ECC */
#if defined(WOLFSSL_ERROR_CODE_OPENSSL)
AssertIntEQ(EVP_PKEY_cmp(a, b), 1);
#else
AssertIntEQ(EVP_PKEY_cmp(a, b), 0);
#endif /* WOLFSSL_ERROR_CODE_OPENSSL */
EVP_PKEY_free(b);
EVP_PKEY_free(a);
#endif
/* Test failure cases */
#if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) && \
defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
in = client_key_der_2048;
AssertNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
&in, (long)sizeof_client_key_der_2048));
in = ecc_clikey_der_256;
AssertNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL,
&in, (long)sizeof_ecc_clikey_der_256));
#if defined(WOLFSSL_ERROR_CODE_OPENSSL)
AssertIntEQ(EVP_PKEY_cmp(a, b), -1);
#else
AssertIntNE(EVP_PKEY_cmp(a, b), 0);
#endif /* WOLFSSL_ERROR_CODE_OPENSSL */
EVP_PKEY_free(b);
EVP_PKEY_free(a);
#endif
/* invalid or empty failure cases */
a = EVP_PKEY_new();
b = EVP_PKEY_new();
#if defined(WOLFSSL_ERROR_CODE_OPENSSL)
AssertIntEQ(EVP_PKEY_cmp(NULL, NULL), 0);
AssertIntEQ(EVP_PKEY_cmp(a, NULL), 0);
AssertIntEQ(EVP_PKEY_cmp(NULL, b), 0);
AssertIntEQ(EVP_PKEY_cmp(a, b), 0);
#else
AssertIntNE(EVP_PKEY_cmp(NULL, NULL), 0);
AssertIntNE(EVP_PKEY_cmp(a, NULL), 0);
AssertIntNE(EVP_PKEY_cmp(NULL, b), 0);
AssertIntNE(EVP_PKEY_cmp(a, b), 0);
#endif
EVP_PKEY_free(b);
EVP_PKEY_free(a);
(void)in;
printf(resultFmt, passed);
#endif
}
static void test_ERR_load_crypto_strings(void)
{
#if defined(OPENSSL_ALL)
ERR_load_crypto_strings();
printf(resultFmt, passed);
#endif
}
#if defined(OPENSSL_ALL) && !defined(NO_CERTS)
static void free_x509(X509* x)
{
AssertIntEQ((x == (X509*)1 || x == (X509*)2), 1);
}
#endif
static void test_sk_X509(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_CERTS)
STACK_OF(X509)* s;
AssertNotNull(s = sk_X509_new());
AssertIntEQ(sk_X509_num(s), 0);
sk_X509_pop_free(s, NULL);
AssertNotNull(s = sk_X509_new_null());
AssertIntEQ(sk_X509_num(s), 0);
sk_X509_pop_free(s, NULL);
AssertNotNull(s = sk_X509_new());
sk_X509_push(s, (X509*)1);
AssertIntEQ(sk_X509_num(s), 1);
AssertIntEQ((sk_X509_value(s, 0) == (X509*)1), 1);
sk_X509_push(s, (X509*)2);
AssertIntEQ(sk_X509_num(s), 2);
AssertIntEQ((sk_X509_value(s, 0) == (X509*)2), 1);
AssertIntEQ((sk_X509_value(s, 1) == (X509*)1), 1);
sk_X509_push(s, (X509*)2);
sk_X509_pop_free(s, free_x509);
printf(resultFmt, passed);
#endif
}
static void test_sk_X509_CRL(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && defined(HAVE_CRL)
X509_CRL* crl;
XFILE fp;
STACK_OF(X509_CRL)* s;
printf(testingFmt, "test_sk_X509_CRL");
fp = XFOPEN("./certs/crl/crl.pem", "rb");
AssertTrue((fp != XBADFILE));
AssertNotNull(crl = (X509_CRL*)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, NULL, NULL));
XFCLOSE(fp);
AssertNotNull(s = sk_X509_CRL_new());
AssertIntEQ(sk_X509_CRL_num(s), 0);
AssertIntEQ(sk_X509_CRL_push(s, crl), 1);
AssertIntEQ(sk_X509_CRL_num(s), 1);
AssertPtrEq(sk_X509_CRL_value(s, 0), crl);
sk_X509_CRL_free(s);
printf(resultFmt, passed);
#endif
}
static void test_X509_get_signature_nid(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
X509* x509;
AssertIntEQ(X509_get_signature_nid(NULL), 0);
AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
SSL_FILETYPE_PEM));
AssertIntEQ(X509_get_signature_nid(x509), NID_sha256WithRSAEncryption);
X509_free(x509);
printf(resultFmt, passed);
#endif
}
static void test_X509_REQ(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_BIO)
X509_NAME* name;
#if !defined(NO_RSA) || defined(HAVE_ECC)
X509_REQ* req;
EVP_PKEY* priv;
EVP_PKEY* pub;
unsigned char* der = NULL;
int len;
#endif
#ifndef NO_RSA
EVP_MD_CTX *mctx = NULL;
EVP_PKEY_CTX *pkctx = NULL;
#ifdef USE_CERT_BUFFERS_1024
const unsigned char* rsaPriv = (const unsigned char*)client_key_der_1024;
const unsigned char* rsaPub = (unsigned char*)client_keypub_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
const unsigned char* rsaPriv = (const unsigned char*)client_key_der_2048;
const unsigned char* rsaPub = (unsigned char*)client_keypub_der_2048;
#endif
#endif
#ifdef HAVE_ECC
const unsigned char* ecPriv = (const unsigned char*)ecc_clikey_der_256;
const unsigned char* ecPub = (unsigned char*)ecc_clikeypub_der_256;
#endif
AssertNotNull(name = X509_NAME_new());
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
(byte*)"wolfssl.com", 11, 0, 1),
WOLFSSL_SUCCESS);
AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
(byte*)"support@wolfssl.com", 19, -1,
1), WOLFSSL_SUCCESS);
#ifndef NO_RSA
AssertNotNull(priv = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &rsaPriv,
(long)sizeof_client_key_der_2048));
AssertNotNull(pub = d2i_PUBKEY(NULL, &rsaPub,
(long)sizeof_client_keypub_der_2048));
AssertNotNull(req = X509_REQ_new());
AssertIntEQ(X509_REQ_set_subject_name(NULL, name), WOLFSSL_FAILURE);
AssertIntEQ(X509_REQ_set_subject_name(req, NULL), WOLFSSL_FAILURE);
AssertIntEQ(X509_REQ_set_subject_name(req, name), WOLFSSL_SUCCESS);
AssertIntEQ(X509_REQ_set_pubkey(NULL, pub), WOLFSSL_FAILURE);
AssertIntEQ(X509_REQ_set_pubkey(req, NULL), WOLFSSL_FAILURE);
AssertIntEQ(X509_REQ_set_pubkey(req, pub), WOLFSSL_SUCCESS);
AssertIntEQ(X509_REQ_sign(NULL, priv, EVP_sha256()), WOLFSSL_FAILURE);
AssertIntEQ(X509_REQ_sign(req, NULL, EVP_sha256()), WOLFSSL_FAILURE);
AssertIntEQ(X509_REQ_sign(req, priv, NULL), WOLFSSL_FAILURE);
AssertIntEQ(X509_REQ_sign(req, priv, EVP_sha256()), WOLFSSL_SUCCESS);
len = i2d_X509_REQ(req, &der);
DEBUG_WRITE_DER(der, len, "req.der");
#ifdef USE_CERT_BUFFERS_1024
AssertIntEQ(len, 381);
#else
AssertIntEQ(len, 643);
#endif
XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
der = NULL;
mctx = EVP_MD_CTX_new();
AssertIntEQ(EVP_DigestSignInit(mctx, &pkctx, EVP_sha256(), NULL, priv), WOLFSSL_SUCCESS);
AssertIntEQ(X509_REQ_sign_ctx(req, mctx), WOLFSSL_SUCCESS);
EVP_MD_CTX_free(mctx);
X509_REQ_free(NULL);
X509_REQ_free(req);
EVP_PKEY_free(pub);
EVP_PKEY_free(priv);
#endif
#ifdef HAVE_ECC
AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, &ecPriv,
sizeof_ecc_clikey_der_256));
AssertNotNull(pub = wolfSSL_d2i_PUBKEY(NULL, &ecPub,
sizeof_ecc_clikeypub_der_256));
AssertNotNull(req = X509_REQ_new());
AssertIntEQ(X509_REQ_set_subject_name(req, name), WOLFSSL_SUCCESS);
AssertIntEQ(X509_REQ_set_pubkey(req, pub), WOLFSSL_SUCCESS);
AssertIntEQ(X509_REQ_sign(req, priv, EVP_sha256()), WOLFSSL_SUCCESS);
/* Signature is random and may be shorter or longer. */
AssertIntGE((len = i2d_X509_REQ(req, &der)), 245);
AssertIntLE(len, 253);
XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
X509_REQ_free(req);
EVP_PKEY_free(pub);
EVP_PKEY_free(priv);
#ifdef FP_ECC
wc_ecc_fp_free();
#endif
#endif /* HAVE_ECC */
X509_NAME_free(name);
printf(resultFmt, passed);
#endif
}
static void test_wolfssl_PKCS7(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7)
PKCS7* pkcs7;
byte data[FOURK_BUF];
word32 len = sizeof(data);
const byte* p = data;
byte content[] = "Test data to encode.";
#if !defined(NO_RSA) & defined(USE_CERT_BUFFERS_2048)
BIO* bio;
byte key[sizeof(client_key_der_2048)];
word32 keySz = (word32)sizeof(key);
byte* out = NULL;
#endif
AssertIntGT((len = CreatePKCS7SignedData(data, len, content,
(word32)sizeof(content),
0, 0)), 0);
AssertNull(pkcs7 = d2i_PKCS7(NULL, NULL, len));
AssertNull(pkcs7 = d2i_PKCS7(NULL, &p, 0));
AssertNotNull(pkcs7 = d2i_PKCS7(NULL, &p, len));
AssertIntEQ(wolfSSL_PKCS7_verify(NULL, NULL, NULL, NULL, NULL,
PKCS7_NOVERIFY), WOLFSSL_FAILURE);
PKCS7_free(pkcs7);
/* fail case, without PKCS7_NOVERIFY */
p = data;
AssertNotNull(pkcs7 = d2i_PKCS7(NULL, &p, len));
AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL,
0), WOLFSSL_FAILURE);
PKCS7_free(pkcs7);
/* success case, with PKCS7_NOVERIFY */
p = data;
AssertNotNull(pkcs7 = d2i_PKCS7(NULL, &p, len));
AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL,
PKCS7_NOVERIFY), WOLFSSL_SUCCESS);
#if !defined(NO_RSA) & defined(USE_CERT_BUFFERS_2048)
/* test i2d */
XMEMCPY(key, client_key_der_2048, keySz);
pkcs7->privateKey = key;
pkcs7->privateKeySz = (word32)sizeof(key);
pkcs7->encryptOID = RSAk;
pkcs7->hashOID = SHAh;
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertIntEQ(i2d_PKCS7_bio(bio, pkcs7), 1);
AssertIntEQ(i2d_PKCS7(pkcs7, &out), 655);
XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
BIO_free(bio);
#endif
PKCS7_free(NULL);
PKCS7_free(pkcs7);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_PKCS7_SIGNED_new(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7)
PKCS7_SIGNED* pkcs7;
printf(testingFmt, "wolfSSL_PKCS7_SIGNED_new()");
pkcs7 = PKCS7_SIGNED_new();
AssertNotNull(pkcs7);
AssertIntEQ(pkcs7->contentOID, SIGNED_DATA);
PKCS7_SIGNED_free(pkcs7);
printf(resultFmt, passed);
#endif
}
#ifndef NO_BIO
static void test_wolfSSL_PEM_write_bio_PKCS7(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM)
PKCS7* pkcs7 = NULL;
BIO* bio = NULL;
const byte* cert_buf = NULL;
int ret = 0;
WC_RNG rng;
const byte data[] = { /* Hello World */
0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
0x72,0x6c,0x64
};
#ifndef NO_RSA
#if defined(USE_CERT_BUFFERS_2048)
byte key[sizeof(client_key_der_2048)];
byte cert[sizeof(client_cert_der_2048)];
word32 keySz = (word32)sizeof(key);
word32 certSz = (word32)sizeof(cert);
XMEMSET(key, 0, keySz);
XMEMSET(cert, 0, certSz);
XMEMCPY(key, client_key_der_2048, keySz);
XMEMCPY(cert, client_cert_der_2048, certSz);
#elif defined(USE_CERT_BUFFERS_1024)
byte key[sizeof_client_key_der_1024];
byte cert[sizeof(sizeof_client_cert_der_1024)];
word32 keySz = (word32)sizeof(key);
word32 certSz = (word32)sizeof(cert);
XMEMSET(key, 0, keySz);
XMEMSET(cert, 0, certSz);
XMEMCPY(key, client_key_der_1024, keySz);
XMEMCPY(cert, client_cert_der_1024, certSz);
#else
unsigned char cert[ONEK_BUF];
unsigned char key[ONEK_BUF];
XFILE fp;
int certSz;
int keySz;
fp = XFOPEN("./certs/1024/client-cert.der", "rb");
AssertTrue((fp != XBADFILE));
certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp);
XFCLOSE(fp);
fp = XFOPEN("./certs/1024/client-key.der", "rb");
AssertTrue(fp != XBADFILE);
keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp);
XFCLOSE(fp);
#endif
#elif defined(HAVE_ECC)
#if defined(USE_CERT_BUFFERS_256)
unsigned char cert[sizeof(cliecc_cert_der_256)];
unsigned char key[sizeof(ecc_clikey_der_256)];
int certSz = (int)sizeof(cert);
int keySz = (int)sizeof(key);
XMEMSET(cert, 0, certSz);
XMEMSET(key, 0, keySz);
XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
#else
unsigned char cert[ONEK_BUF];
unsigned char key[ONEK_BUF];
XFILE fp;
int certSz, keySz;
fp = XFOPEN("./certs/client-ecc-cert.der", "rb");
AssertTrue(fp != XBADFILE);
certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256, fp);
XFCLOSE(fp);
fp = XFOPEN("./certs/client-ecc-key.der", "rb");
AssertTrue(fp != XBADFILE);
keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp);
XFCLOSE(fp);
#endif
#else
#error PKCS7 requires ECC or RSA
#endif
printf(testingFmt, "wolfSSL_PEM_write_bio_PKCS7()");
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
/* initialize with DER encoded cert */
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, (word32)certSz), 0);
/* init rng */
AssertIntEQ(wc_InitRng(&rng), 0);
pkcs7->rng = &rng;
pkcs7->content = (byte*)data; /* not used for ex */
pkcs7->contentSz = (word32)sizeof(data);
pkcs7->contentOID = SIGNED_DATA;
pkcs7->privateKey = key;
pkcs7->privateKeySz = (word32)sizeof(key);
pkcs7->encryptOID = RSAk;
pkcs7->hashOID = SHAh;
pkcs7->signedAttribs = NULL;
pkcs7->signedAttribsSz = 0;
AssertNotNull(bio = BIO_new(BIO_s_mem()));
/* Write PKCS#7 PEM to BIO, the function converts the DER to PEM cert*/
AssertIntEQ(PEM_write_bio_PKCS7(bio, pkcs7), WOLFSSL_SUCCESS);
/* Read PKCS#7 PEM from BIO */
ret = wolfSSL_BIO_get_mem_data(bio, &cert_buf);
AssertIntGE(ret, 0);
BIO_free(bio);
wc_PKCS7_Free(pkcs7);
wc_FreeRng(&rng);
printf(resultFmt, passed);
#endif
}
#ifdef HAVE_SMIME
static void test_wolfSSL_SMIME_read_PKCS7(void)
{
#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \
!defined(NO_RSA)
PKCS7* pkcs7 = NULL;
BIO* bio = NULL;
BIO* bcont = NULL;
XFILE smimeTestFile = XFOPEN("./certs/test/smime-test.p7s", "r");
printf(testingFmt, "wolfSSL_SMIME_read_PKCS7()");
bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
AssertNotNull(bio);
AssertIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
AssertNotNull(pkcs7);
AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, PKCS7_NOVERIFY), SSL_SUCCESS);
XFCLOSE(smimeTestFile);
if (bcont) BIO_free(bcont);
wolfSSL_PKCS7_free(pkcs7);
smimeTestFile = XFOPEN("./certs/test/smime-test-multipart.p7s", "r");
AssertIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
AssertNotNull(pkcs7);
AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, PKCS7_NOVERIFY), SSL_SUCCESS);
XFCLOSE(smimeTestFile);
if (bcont) BIO_free(bcont);
wolfSSL_PKCS7_free(pkcs7);
smimeTestFile = XFOPEN("./certs/test/smime-test-multipart-badsig.p7s", "r");
AssertIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
AssertNull(pkcs7);
AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, PKCS7_NOVERIFY), SSL_FAILURE);
XFCLOSE(smimeTestFile);
if (bcont) BIO_free(bcont);
wolfSSL_PKCS7_free(pkcs7);
smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "r");
AssertIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
AssertNotNull(pkcs7);
AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, PKCS7_NOVERIFY), SSL_SUCCESS);
BIO_free(bio);
if (bcont) BIO_free(bcont);
wolfSSL_PKCS7_free(pkcs7);
printf(resultFmt, passed);
#endif
}
#endif /* HAVE_SMIME*/
#endif /* !NO_BIO */
/*----------------------------------------------------------------------------*
| Certificate Failure Checks
*----------------------------------------------------------------------------*/
#if !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
!defined(WOLFSSL_NO_CLIENT_AUTH))
/* Use the Cert Manager(CM) API to generate the error ASN_SIG_CONFIRM_E */
static int verify_sig_cm(const char* ca, byte* cert_buf, size_t cert_sz,
int type)
{
int ret;
WOLFSSL_CERT_MANAGER* cm = NULL;
switch (type) {
case TESTING_RSA:
#ifdef NO_RSA
printf("RSA disabled, skipping test\n");
return ASN_SIG_CONFIRM_E;
#else
break;
#endif
case TESTING_ECC:
#ifndef HAVE_ECC
printf("ECC disabled, skipping test\n");
return ASN_SIG_CONFIRM_E;
#else
break;
#endif
default:
printf("Bad function argument\n");
return BAD_FUNC_ARG;
}
cm = wolfSSL_CertManagerNew();
if (cm == NULL) {
printf("wolfSSL_CertManagerNew failed\n");
return -1;
}
#ifndef NO_FILESYSTEM
ret = wolfSSL_CertManagerLoadCA(cm, ca, 0);
if (ret != WOLFSSL_SUCCESS) {
printf("wolfSSL_CertManagerLoadCA failed\n");
wolfSSL_CertManagerFree(cm);
return ret;
}
#else
(void)ca;
#endif
ret = wolfSSL_CertManagerVerifyBuffer(cm, cert_buf, cert_sz, WOLFSSL_FILETYPE_ASN1);
/* Let AssertIntEQ handle return code */
wolfSSL_CertManagerFree(cm);
return ret;
}
static int test_RsaSigFailure_cm(void)
{
int ret = 0;
const char* ca_cert = "./certs/ca-cert.pem";
const char* server_cert = "./certs/server-cert.der";
byte* cert_buf = NULL;
size_t cert_sz = 0;
ret = load_file(server_cert, &cert_buf, &cert_sz);
if (ret == 0) {
/* corrupt DER - invert last byte, which is signature */
cert_buf[cert_sz-1] = ~cert_buf[cert_sz-1];
/* test bad cert */
ret = verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_RSA);
}
printf("Signature failure test: RSA: Ret %d\n", ret);
if (cert_buf)
free(cert_buf);
return ret;
}
static int test_EccSigFailure_cm(void)
{
int ret = 0;
/* self-signed ECC cert, so use server cert as CA */
const char* ca_cert = "./certs/ca-ecc-cert.pem";
const char* server_cert = "./certs/server-ecc.der";
byte* cert_buf = NULL;
size_t cert_sz = 0;
ret = load_file(server_cert, &cert_buf, &cert_sz);
if (ret == 0) {
/* corrupt DER - invert last byte, which is signature */
cert_buf[cert_sz-1] = ~cert_buf[cert_sz-1];
/* test bad cert */
ret = verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_ECC);
}
printf("Signature failure test: ECC: Ret %d\n", ret);
if (cert_buf)
free(cert_buf);
#ifdef FP_ECC
wc_ecc_fp_free();
#endif
return ret;
}
#endif /* NO_CERTS */
#ifdef WOLFSSL_TLS13
#if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER)
#ifdef WC_SHA384_DIGEST_SIZE
static byte fixedKey[WC_SHA384_DIGEST_SIZE] = { 0, };
#else
static byte fixedKey[WC_SHA256_DIGEST_SIZE] = { 0, };
#endif
#endif
#ifdef WOLFSSL_EARLY_DATA
static const char earlyData[] = "Early Data";
static char earlyDataBuffer[1];
#endif
static int test_tls13_apis(void)
{
int ret = 0;
#ifndef WOLFSSL_NO_TLS12
#ifndef NO_WOLFSSL_CLIENT
WOLFSSL_CTX* clientTls12Ctx;
WOLFSSL* clientTls12Ssl;
#endif
#ifndef NO_WOLFSSL_SERVER
WOLFSSL_CTX* serverTls12Ctx;
WOLFSSL* serverTls12Ssl;
#endif
#endif
#ifndef NO_WOLFSSL_CLIENT
WOLFSSL_CTX* clientCtx;
WOLFSSL* clientSsl;
#endif
#ifndef NO_WOLFSSL_SERVER
WOLFSSL_CTX* serverCtx;
WOLFSSL* serverSsl;
#ifndef NO_CERTS
const char* ourCert = svrCertFile;
const char* ourKey = svrKeyFile;
#endif
#endif
int required;
#ifdef WOLFSSL_EARLY_DATA
int outSz;
#endif
#if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)
int groups[2] = { WOLFSSL_ECC_SECP256R1,
#ifdef HAVE_PQC
WOLFSSL_SABER_LEVEL3
#else
WOLFSSL_ECC_SECP256R1
#endif
};
int bad_groups[2] = { 0xDEAD, 0xBEEF };
int numGroups = 2;
#endif
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
char groupList[] =
#ifndef NO_ECC_SECP
#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521
"P-521:"
#endif
#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384
"P-384:"
#endif
#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
"P-256"
#ifdef HAVE_PQC
":P256_SABER_LEVEL1"
#endif
#endif
#ifdef HAVE_PQC
":KYBER_LEVEL1"
#endif
"";
#endif /* !defined(NO_ECC_SECP) */
#endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */
#ifndef WOLFSSL_NO_TLS12
#ifndef NO_WOLFSSL_CLIENT
clientTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
clientTls12Ssl = wolfSSL_new(clientTls12Ctx);
#endif
#ifndef NO_WOLFSSL_SERVER
serverTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
#ifndef NO_CERTS
wolfSSL_CTX_use_certificate_chain_file(serverTls12Ctx, ourCert);
wolfSSL_CTX_use_PrivateKey_file(serverTls12Ctx, ourKey, WOLFSSL_FILETYPE_PEM);
#endif
serverTls12Ssl = wolfSSL_new(serverTls12Ctx);
#endif
#endif
#ifndef NO_WOLFSSL_CLIENT
clientCtx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
clientSsl = wolfSSL_new(clientCtx);
#endif
#ifndef NO_WOLFSSL_SERVER
serverCtx = wolfSSL_CTX_new(wolfTLSv1_3_server_method());
#ifndef NO_CERTS
wolfSSL_CTX_use_certificate_chain_file(serverCtx, ourCert);
wolfSSL_CTX_use_PrivateKey_file(serverCtx, ourKey, WOLFSSL_FILETYPE_PEM);
#endif
serverSsl = wolfSSL_new(serverCtx);
#endif
#ifdef WOLFSSL_SEND_HRR_COOKIE
AssertIntEQ(wolfSSL_send_hrr_cookie(NULL, NULL, 0), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
AssertIntEQ(wolfSSL_send_hrr_cookie(clientSsl, NULL, 0), SIDE_ERROR);
#endif
#ifndef NO_WOLFSSL_SERVER
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_send_hrr_cookie(serverTls12Ssl, NULL, 0), BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_send_hrr_cookie(serverSsl, NULL, 0), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_send_hrr_cookie(serverSsl, fixedKey, sizeof(fixedKey)),
WOLFSSL_SUCCESS);
#endif
#endif
#ifdef HAVE_SUPPORTED_CURVES
#ifdef HAVE_ECC
AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_SECP256R1),
WOLFSSL_SUCCESS);
#endif
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1),
WOLFSSL_SUCCESS);
#endif
AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1),
WOLFSSL_SUCCESS);
#endif
#elif defined(HAVE_CURVE25519)
AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X25519), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X25519),
WOLFSSL_SUCCESS);
#endif
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X25519),
WOLFSSL_SUCCESS);
#endif
AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X25519),
WOLFSSL_SUCCESS);
#endif
#elif defined(HAVE_CURVE448)
AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X448), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X448),
WOLFSSL_SUCCESS);
#endif
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X448),
WOLFSSL_SUCCESS);
#endif
AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X448),
WOLFSSL_SUCCESS);
#endif
#else
AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1),
NOT_COMPILED_IN);
#endif
AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1),
NOT_COMPILED_IN);
#endif
#endif
#if defined(HAVE_PQC)
AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_KYBER_LEVEL3), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_KYBER_LEVEL3),
WOLFSSL_SUCCESS);
#endif
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_KYBER_LEVEL3),
BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_KYBER_LEVEL3),
WOLFSSL_SUCCESS);
#endif
#endif
AssertIntEQ(wolfSSL_NoKeyShares(NULL), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_NoKeyShares(serverSsl), SIDE_ERROR);
#endif
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_NoKeyShares(clientTls12Ssl), WOLFSSL_SUCCESS);
#endif
AssertIntEQ(wolfSSL_NoKeyShares(clientSsl), WOLFSSL_SUCCESS);
#endif
#endif /* HAVE_SUPPORTED_CURVES */
AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(NULL), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(clientCtx), SIDE_ERROR);
#endif
#ifndef NO_WOLFSSL_SERVER
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverTls12Ctx), BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverCtx), 0);
#endif
AssertIntEQ(wolfSSL_no_ticket_TLSv13(NULL), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
AssertIntEQ(wolfSSL_no_ticket_TLSv13(clientSsl), SIDE_ERROR);
#endif
#ifndef NO_WOLFSSL_SERVER
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_no_ticket_TLSv13(serverTls12Ssl), BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_no_ticket_TLSv13(serverSsl), 0);
#endif
AssertIntEQ(wolfSSL_CTX_no_dhe_psk(NULL), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_CTX_no_dhe_psk(clientTls12Ctx), BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_CTX_no_dhe_psk(clientCtx), 0);
#endif
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_CTX_no_dhe_psk(serverCtx), 0);
#endif
AssertIntEQ(wolfSSL_no_dhe_psk(NULL), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_no_dhe_psk(clientTls12Ssl), BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_no_dhe_psk(clientSsl), 0);
#endif
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_no_dhe_psk(serverSsl), 0);
#endif
AssertIntEQ(wolfSSL_update_keys(NULL), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_update_keys(clientTls12Ssl), BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_update_keys(clientSsl), BUILD_MSG_ERROR);
#endif
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_update_keys(serverSsl), BUILD_MSG_ERROR);
#endif
AssertIntEQ(wolfSSL_key_update_response(NULL, NULL), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_key_update_response(NULL, &required), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_key_update_response(clientTls12Ssl, &required),
BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_key_update_response(clientSsl, NULL), BAD_FUNC_ARG);
#endif
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_key_update_response(serverSsl, NULL), BAD_FUNC_ARG);
#endif
#if !defined(NO_CERTS) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(NULL), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(serverCtx), SIDE_ERROR);
#endif
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientTls12Ctx),
BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientCtx), 0);
#endif
AssertIntEQ(wolfSSL_allow_post_handshake_auth(NULL), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_allow_post_handshake_auth(serverSsl), SIDE_ERROR);
#endif
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_allow_post_handshake_auth(clientTls12Ssl),
BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_allow_post_handshake_auth(clientSsl), 0);
#endif
AssertIntEQ(wolfSSL_request_certificate(NULL), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
AssertIntEQ(wolfSSL_request_certificate(clientSsl), SIDE_ERROR);
#endif
#ifndef NO_WOLFSSL_SERVER
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_request_certificate(serverTls12Ssl),
BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_request_certificate(serverSsl), NOT_READY_ERROR);
#endif
#endif
#ifdef HAVE_ECC
#ifndef WOLFSSL_NO_SERVER_GROUPS_EXT
AssertIntEQ(wolfSSL_preferred_group(NULL), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_preferred_group(serverSsl), SIDE_ERROR);
#endif
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_preferred_group(clientTls12Ssl), BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_preferred_group(clientSsl), NOT_READY_ERROR);
#endif
#endif
#ifdef HAVE_SUPPORTED_CURVES
AssertIntEQ(wolfSSL_CTX_set_groups(NULL, NULL, 0), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, NULL, 0), BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_CTX_set_groups(NULL, groups, numGroups), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_CTX_set_groups(clientTls12Ctx, groups, numGroups),
BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups,
WOLFSSL_MAX_GROUP_COUNT + 1),
BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups, numGroups),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, bad_groups, numGroups),
BAD_FUNC_ARG);
#endif
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_CTX_set_groups(serverCtx, groups, numGroups),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_set_groups(serverCtx, bad_groups, numGroups),
BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_set_groups(NULL, NULL, 0), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
AssertIntEQ(wolfSSL_set_groups(clientSsl, NULL, 0), BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_set_groups(NULL, groups, numGroups), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_set_groups(clientTls12Ssl, groups, numGroups),
BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_set_groups(clientSsl, groups,
WOLFSSL_MAX_GROUP_COUNT + 1), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_set_groups(clientSsl, groups, numGroups),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_set_groups(clientSsl, bad_groups, numGroups),
BAD_FUNC_ARG);
#endif
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_set_groups(serverSsl, groups, numGroups),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_set_groups(serverSsl, bad_groups, numGroups),
BAD_FUNC_ARG);
#endif
#ifdef OPENSSL_EXTRA
AssertIntEQ(wolfSSL_CTX_set1_groups_list(NULL, NULL), WOLFSSL_FAILURE);
#ifndef NO_WOLFSSL_CLIENT
AssertIntEQ(wolfSSL_CTX_set1_groups_list(clientCtx, NULL), WOLFSSL_FAILURE);
#endif
AssertIntEQ(wolfSSL_CTX_set1_groups_list(NULL, groupList), WOLFSSL_FAILURE);
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_CTX_set1_groups_list(clientTls12Ctx, groupList),
WOLFSSL_FAILURE);
#endif
AssertIntEQ(wolfSSL_CTX_set1_groups_list(clientCtx, groupList),
WOLFSSL_SUCCESS);
#endif
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_CTX_set1_groups_list(serverCtx, groupList),
WOLFSSL_SUCCESS);
#endif
AssertIntEQ(wolfSSL_set1_groups_list(NULL, NULL), WOLFSSL_FAILURE);
#ifndef NO_WOLFSSL_CLIENT
AssertIntEQ(wolfSSL_set1_groups_list(clientSsl, NULL), WOLFSSL_FAILURE);
#endif
AssertIntEQ(wolfSSL_set1_groups_list(NULL, groupList), WOLFSSL_FAILURE);
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_set1_groups_list(clientTls12Ssl, groupList),
WOLFSSL_FAILURE);
#endif
AssertIntEQ(wolfSSL_set1_groups_list(clientSsl, groupList),
WOLFSSL_SUCCESS);
#endif
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_set1_groups_list(serverSsl, groupList),
WOLFSSL_SUCCESS);
#endif
#endif /* OPENSSL_EXTRA */
#endif /* HAVE_SUPPORTED_CURVES */
#endif /* HAVE_ECC */
#ifdef WOLFSSL_EARLY_DATA
#ifndef OPENSSL_EXTRA
AssertIntEQ(wolfSSL_CTX_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_CTX_get_max_early_data(NULL), BAD_FUNC_ARG);
#else
AssertIntEQ(SSL_CTX_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
AssertIntEQ(SSL_CTX_get_max_early_data(NULL), BAD_FUNC_ARG);
#endif
#ifndef NO_WOLFSSL_CLIENT
#ifndef OPENSSL_EXTRA
AssertIntEQ(wolfSSL_CTX_set_max_early_data(clientCtx, 0), SIDE_ERROR);
AssertIntEQ(wolfSSL_CTX_get_max_early_data(clientCtx), SIDE_ERROR);
#else
AssertIntEQ(SSL_CTX_set_max_early_data(clientCtx, 0), SIDE_ERROR);
AssertIntEQ(SSL_CTX_get_max_early_data(clientCtx), SIDE_ERROR);
#endif
#endif
#ifndef NO_WOLFSSL_SERVER
#ifndef WOLFSSL_NO_TLS12
#ifndef OPENSSL_EXTRA
AssertIntEQ(wolfSSL_CTX_set_max_early_data(serverTls12Ctx, 0),
BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_CTX_get_max_early_data(serverTls12Ctx), BAD_FUNC_ARG);
#else
AssertIntEQ(SSL_CTX_set_max_early_data(serverTls12Ctx, 0),
BAD_FUNC_ARG);
AssertIntEQ(SSL_CTX_get_max_early_data(serverTls12Ctx), BAD_FUNC_ARG);
#endif
#endif
#ifndef OPENSSL_EXTRA
AssertIntEQ(wolfSSL_CTX_set_max_early_data(serverCtx, 32), 0);
AssertIntEQ(wolfSSL_CTX_get_max_early_data(serverCtx), 32);
#else
AssertIntEQ(SSL_CTX_set_max_early_data(serverCtx, 32), 1);
AssertIntEQ(SSL_CTX_get_max_early_data(serverCtx), 32);
#endif
#endif
#ifndef OPENSSL_EXTRA
AssertIntEQ(wolfSSL_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_get_max_early_data(NULL), BAD_FUNC_ARG);
#else
AssertIntEQ(SSL_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
AssertIntEQ(SSL_get_max_early_data(NULL), BAD_FUNC_ARG);
#endif
#ifndef NO_WOLFSSL_CLIENT
#ifndef OPENSSL_EXTRA
AssertIntEQ(wolfSSL_set_max_early_data(clientSsl, 0), SIDE_ERROR);
AssertIntEQ(wolfSSL_get_max_early_data(clientSsl), SIDE_ERROR);
#else
AssertIntEQ(SSL_set_max_early_data(clientSsl, 0), SIDE_ERROR);
AssertIntEQ(SSL_get_max_early_data(clientSsl), SIDE_ERROR);
#endif
#endif
#ifndef NO_WOLFSSL_SERVER
#ifndef WOLFSSL_NO_TLS12
#ifndef OPENSSL_EXTRA
AssertIntEQ(wolfSSL_set_max_early_data(serverTls12Ssl, 0), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_get_max_early_data(serverTls12Ssl), BAD_FUNC_ARG);
#else
AssertIntEQ(SSL_set_max_early_data(serverTls12Ssl, 0), BAD_FUNC_ARG);
AssertIntEQ(SSL_get_max_early_data(serverTls12Ssl), BAD_FUNC_ARG);
#endif
#endif
#ifndef OPENSSL_EXTRA
AssertIntEQ(wolfSSL_set_max_early_data(serverSsl, 16), 0);
AssertIntEQ(wolfSSL_get_max_early_data(serverSsl), 16);
#else
AssertIntEQ(SSL_set_max_early_data(serverSsl, 16), 1);
AssertIntEQ(SSL_get_max_early_data(serverSsl), 16);
#endif
#endif
AssertIntEQ(wolfSSL_write_early_data(NULL, earlyData, sizeof(earlyData),
&outSz), BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_CLIENT
AssertIntEQ(wolfSSL_write_early_data(clientSsl, NULL, sizeof(earlyData),
&outSz), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, -1, &outSz),
BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_write_early_data(clientSsl, earlyData,
sizeof(earlyData), NULL),
BAD_FUNC_ARG);
#endif
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_write_early_data(serverSsl, earlyData,
sizeof(earlyData), &outSz),
SIDE_ERROR);
#endif
#ifndef NO_WOLFSSL_CLIENT
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_write_early_data(clientTls12Ssl, earlyData,
sizeof(earlyData), &outSz),
BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_write_early_data(clientSsl, earlyData,
sizeof(earlyData), &outSz),
WOLFSSL_FATAL_ERROR);
#endif
AssertIntEQ(wolfSSL_read_early_data(NULL, earlyDataBuffer,
sizeof(earlyDataBuffer), &outSz),
BAD_FUNC_ARG);
#ifndef NO_WOLFSSL_SERVER
AssertIntEQ(wolfSSL_read_early_data(serverSsl, NULL,
sizeof(earlyDataBuffer), &outSz),
BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer, -1, &outSz),
BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer,
sizeof(earlyDataBuffer), NULL),
BAD_FUNC_ARG);
#endif
#ifndef NO_WOLFSSL_CLIENT
AssertIntEQ(wolfSSL_read_early_data(clientSsl, earlyDataBuffer,
sizeof(earlyDataBuffer), &outSz),
SIDE_ERROR);
#endif
#ifndef NO_WOLFSSL_SERVER
#ifndef WOLFSSL_NO_TLS12
AssertIntEQ(wolfSSL_read_early_data(serverTls12Ssl, earlyDataBuffer,
sizeof(earlyDataBuffer), &outSz),
BAD_FUNC_ARG);
#endif
AssertIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer,
sizeof(earlyDataBuffer), &outSz),
WOLFSSL_FATAL_ERROR);
#endif
#endif
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_EARLY_DATA)
AssertIntLT(SSL_get_early_data_status(NULL), 0);
#endif
#ifndef NO_WOLFSSL_SERVER
wolfSSL_free(serverSsl);
wolfSSL_CTX_free(serverCtx);
#endif
#ifndef NO_WOLFSSL_CLIENT
wolfSSL_free(clientSsl);
wolfSSL_CTX_free(clientCtx);
#endif
#ifndef WOLFSSL_NO_TLS12
#ifndef NO_WOLFSSL_SERVER
wolfSSL_free(serverTls12Ssl);
wolfSSL_CTX_free(serverTls12Ctx);
#endif
#ifndef NO_WOLFSSL_CLIENT
wolfSSL_free(clientTls12Ssl);
wolfSSL_CTX_free(clientTls12Ctx);
#endif
#endif
return ret;
}
#endif
#if defined(HAVE_PK_CALLBACKS) && (!defined(WOLFSSL_NO_TLS12) || \
!defined(NO_OLD_TLS))
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && \
!defined(NO_AES) && defined(HAVE_AES_CBC) && \
defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED)
static int my_DhCallback(WOLFSSL* ssl, struct DhKey* key,
const unsigned char* priv, unsigned int privSz,
const unsigned char* pubKeyDer, unsigned int pubKeySz,
unsigned char* out, unsigned int* outlen,
void* ctx)
{
int result;
/* Test fail when context associated with WOLFSSL is NULL */
if (ctx == NULL) {
return -1;
}
(void)ssl;
/* return 0 on success */
PRIVATE_KEY_UNLOCK();
result = wc_DhAgree(key, out, outlen, priv, privSz, pubKeyDer, pubKeySz);
PRIVATE_KEY_LOCK();
return result;
}
static void test_dh_ctx_setup(WOLFSSL_CTX* ctx) {
wolfSSL_CTX_SetDhAgreeCb(ctx, my_DhCallback);
#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
AssertIntEQ(wolfSSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES128-SHA256"),
WOLFSSL_SUCCESS);
#endif
#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
AssertIntEQ(wolfSSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES256-SHA256"),
WOLFSSL_SUCCESS);
#endif
}
static void test_dh_ssl_setup(WOLFSSL* ssl)
{
static int dh_test_ctx = 1;
int ret;
wolfSSL_SetDhAgreeCtx(ssl, &dh_test_ctx);
AssertIntEQ(*((int*)wolfSSL_GetDhAgreeCtx(ssl)), dh_test_ctx);
ret = wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
if (ret != WOLFSSL_SUCCESS && ret != SIDE_ERROR) {
AssertIntEQ(ret, WOLFSSL_SUCCESS);
}
}
static void test_dh_ssl_setup_fail(WOLFSSL* ssl)
{
int ret;
wolfSSL_SetDhAgreeCtx(ssl, NULL);
AssertNull(wolfSSL_GetDhAgreeCtx(ssl));
ret = wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
if (ret != WOLFSSL_SUCCESS && ret != SIDE_ERROR) {
AssertIntEQ(ret, WOLFSSL_SUCCESS);
}
}
#endif
static void test_DhCallbacks(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && \
!defined(NO_AES) && defined(HAVE_AES_CBC) && \
defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED)
WOLFSSL_CTX *ctx;
WOLFSSL *ssl;
tcp_ready ready;
func_args server_args;
func_args client_args;
THREAD_TYPE serverThread;
callback_functions func_cb_client;
callback_functions func_cb_server;
int test;
printf(testingFmt, "test_DhCallbacks");
#ifndef NO_WOLFSSL_CLIENT
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#endif
AssertIntEQ(wolfSSL_CTX_set_cipher_list(NULL, "NONE"), WOLFSSL_FAILURE);
wolfSSL_CTX_SetDhAgreeCb(ctx, &my_DhCallback);
/* load client ca cert */
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0),
WOLFSSL_SUCCESS);
/* test with NULL arguments */
wolfSSL_SetDhAgreeCtx(NULL, &test);
AssertNull(wolfSSL_GetDhAgreeCtx(NULL));
/* test success case */
test = 1;
AssertNotNull(ssl = wolfSSL_new(ctx));
wolfSSL_SetDhAgreeCtx(ssl, &test);
AssertIntEQ(*((int*)wolfSSL_GetDhAgreeCtx(ssl)), test);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
/* test a connection where callback is used */
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
XMEMSET(&server_args, 0, sizeof(func_args));
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
StartTCP();
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
server_args.signal = &ready;
client_args.signal = &ready;
server_args.return_code = TEST_FAIL;
client_args.return_code = TEST_FAIL;
/* set callbacks to use DH functions */
func_cb_client.ctx_ready = &test_dh_ctx_setup;
func_cb_client.ssl_ready = &test_dh_ssl_setup;
#ifndef WOLFSSL_NO_TLS12
func_cb_client.method = wolfTLSv1_2_client_method;
#else
func_cb_client.method = wolfTLSv1_3_client_method;
#endif
client_args.callbacks = &func_cb_client;
func_cb_server.ctx_ready = &test_dh_ctx_setup;
func_cb_server.ssl_ready = &test_dh_ssl_setup;
#ifndef WOLFSSL_NO_TLS12
func_cb_server.method = wolfTLSv1_2_server_method;
#else
func_cb_server.method = wolfTLSv1_3_server_method;
#endif
server_args.callbacks = &func_cb_server;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args, NULL);
join_thread(serverThread);
AssertTrue(client_args.return_code);
AssertTrue(server_args.return_code);
FreeTcpReady(&ready);
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
/* now set user ctx to not be 1 so that the callback returns fail case */
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
XMEMSET(&server_args, 0, sizeof(func_args));
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
StartTCP();
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
server_args.signal = &ready;
client_args.signal = &ready;
server_args.return_code = TEST_FAIL;
client_args.return_code = TEST_FAIL;
/* set callbacks to use DH functions */
func_cb_client.ctx_ready = &test_dh_ctx_setup;
func_cb_client.ssl_ready = &test_dh_ssl_setup_fail;
#ifndef WOLFSSL_NO_TLS12
func_cb_client.method = wolfTLSv1_2_client_method;
#else
func_cb_client.method = wolfTLSv1_3_client_method;
#endif
client_args.callbacks = &func_cb_client;
func_cb_server.ctx_ready = &test_dh_ctx_setup;
func_cb_server.ssl_ready = &test_dh_ssl_setup_fail;
#ifndef WOLFSSL_NO_TLS12
func_cb_server.method = wolfTLSv1_2_server_method;
#else
func_cb_server.method = wolfTLSv1_3_server_method;
#endif
server_args.callbacks = &func_cb_server;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args, NULL);
join_thread(serverThread);
AssertIntEQ(client_args.return_code, TEST_FAIL);
AssertIntEQ(server_args.return_code, TEST_FAIL);
FreeTcpReady(&ready);
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
printf(resultFmt, passed);
#endif
}
#endif /* HAVE_PK_CALLBACKS */
#ifdef HAVE_HASHDRBG
#ifdef TEST_RESEED_INTERVAL
static int test_wc_RNG_GenerateBlock_Reseed(void)
{
int i, ret;
WC_RNG rng;
byte key[32];
ret = wc_InitRng(&rng);
if (ret == 0) {
for(i = 0; i < WC_RESEED_INTERVAL + 10; i++) {
ret = wc_RNG_GenerateBlock(&rng, key, sizeof(key));
if (ret != 0) {
break;
}
}
}
wc_FreeRng(&rng);
return ret;
}
#endif /* TEST_RESEED_INTERVAL */
static int test_wc_RNG_GenerateBlock(void)
{
int i, ret;
WC_RNG rng;
byte key[32];
ret = wc_InitRng(&rng);
if (ret == 0) {
for(i = 0; i < 10; i++) {
ret = wc_RNG_GenerateBlock(&rng, key, sizeof(key));
if (ret != 0) {
break;
}
}
}
wc_FreeRng(&rng);
(void)rng; /* for WC_NO_RNG case */
(void)key;
return ret;
}
#endif
/*
* Testing get_rand_digit
*/
static int test_get_rand_digit (void)
{
int ret = 0;
#if !defined(WC_NO_RNG) && defined(WOLFSSL_PUBLIC_MP)
WC_RNG rng;
mp_digit d;
printf(testingFmt, "get_rand_digit()");
ret = wc_InitRng(&rng);
if (ret == 0) {
ret = get_rand_digit(&rng, &d);
}
if (ret == 0) {
ret = get_rand_digit(NULL, NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = get_rand_digit(NULL, &d);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = get_rand_digit(&rng, NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = wc_FreeRng(&rng);
}
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
}/* End test_get_rand_digit*/
/*
* Testing get_digit_count
*/
static int test_get_digit_count (void)
{
int ret = 0;
#if !defined(WOLFSSL_SP_MATH) && defined(WOLFSSL_PUBLIC_MP)
mp_int a;
printf(testingFmt, "get_digit_count()");
if (mp_init(&a) != MP_OKAY) {
ret = -1;
}
if (ret == 0) {
ret = get_digit_count(NULL);
}
if (ret == 0) {
ret = get_digit_count(&a);
}
printf(resultFmt, ret == 0 ? passed : failed);
mp_clear(&a);
#endif
return ret;
}/* End test_get_digit_count*/
/*
* Testing mp_cond_copy
*/
static int test_mp_cond_copy (void)
{
int ret = 0;
#if (defined(HAVE_ECC) || defined(WOLFSSL_MP_COND_COPY)) && \
defined(WOLFSSL_PUBLIC_MP)
mp_int a;
mp_int b;
int copy = 0;
printf(testingFmt, "mp_cond_copy()");
if (mp_init(&a) != MP_OKAY) {
ret = -1;
}
if (ret == 0) {
if (mp_init(&b) != MP_OKAY) {
ret = -1;
}
}
if (ret == 0) {
ret = mp_cond_copy(NULL, copy, NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = mp_cond_copy(NULL, copy, &b);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = mp_cond_copy(&a, copy, NULL);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = mp_cond_copy(&a, copy, &b);
}
printf(resultFmt, ret == 0 ? passed : failed);
mp_clear(&a);
mp_clear(&b);
#endif
return ret;
}/* End test_mp_cond_copy*/
/*
* Testing mp_rand
*/
static int test_mp_rand (void)
{
int ret = 0;
#if defined(WC_RSA_BLINDING) && defined(WOLFSSL_PUBLIC_MP)
mp_int a;
int digits = 1;
WC_RNG rng;
printf(testingFmt, "mp_rand()");
if (mp_init(&a) != MP_OKAY) {
ret = -1;
}
if (ret == 0) {
ret = wc_InitRng(&rng);
}
if (ret == 0) {
ret = mp_rand(&a, digits, NULL);
if (ret == MISSING_RNG_E) {
ret = 0;
}
}
if (ret == 0) {
ret = mp_rand(NULL, digits, &rng);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = mp_rand(&a, 0, &rng);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
ret = mp_rand(&a, digits, &rng);
}
printf(resultFmt, ret == 0 ? passed : failed);
mp_clear(&a);
wc_FreeRng(&rng);
#endif
return ret;
}/* End test_mp_rand*/
/*
* Testing get_digit
*/
static int test_get_digit (void)
{
int ret = 0;
#if defined(WOLFSSL_PUBLIC_MP)
mp_int a;
int n = 0;
printf(testingFmt, "get_digit()");
if (mp_init(&a) != MP_OKAY) {
ret = -1;
}
if (ret == 0) {
if (get_digit(NULL, n) != 0) { /* Should not hit this */
ret = -1;
}
}
if (ret == 0) {
if (get_digit(NULL, n) == 0) { /* Should hit this */
ret = 0;
}
}
if (ret == 0) {
if (get_digit(&a, n) != 0) { /* Should not hit this */
ret = -1;
}
}
if (ret == 0) {
if (get_digit(&a, n) == 0) { /* Should hit this */
ret = 0;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
mp_clear(&a);
#endif
return ret;
}/* End test_get_digit*/
/*
* Testing wc_export_int
*/
static int test_wc_export_int(void)
{
int ret = 0;
#if (defined(HAVE_ECC) || defined(WOLFSSL_EXPORT_INT)) && \
defined(WOLFSSL_PUBLIC_MP)
mp_int mp;
byte buf[32];
word32 keySz = (word32)sizeof(buf);
word32 len = (word32)sizeof(buf);
printf(testingFmt, "wc_export_int()");
if (mp_init(&mp) != MP_OKAY) {
ret = -1;
}
if (ret == 0) {
ret = mp_set(&mp, 1234);
}
if (ret == 0) {
ret = wc_export_int(NULL, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN);
if (ret == BAD_FUNC_ARG) {
ret = 0;
}
}
if (ret == 0) {
len = sizeof(buf)-1;
ret = wc_export_int(&mp, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN);
if (ret == BUFFER_E) {
ret = 0;
}
}
if (ret == 0) {
len = sizeof(buf);
ret = wc_export_int(&mp, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN);
}
if (ret == 0) {
len = 4; /* test input too small */
ret = wc_export_int(&mp, buf, &len, 0, WC_TYPE_HEX_STR);
if (ret == BUFFER_E) {
ret = 0;
}
}
if (ret == 0) {
len = sizeof(buf);
ret = wc_export_int(&mp, buf, &len, 0, WC_TYPE_HEX_STR);
/* hex version of 1234 is 04D2 and should be 4 digits + 1 null */
if (ret == 0 && len != 5) {
ret = BAD_FUNC_ARG;
}
}
printf(resultFmt, ret == 0 ? passed : failed);
mp_clear(&mp);
#endif
return ret;
}/* End test_wc_export_int*/
static int test_wc_InitRngNonce(void)
{
int ret=0;
#if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2))
WC_RNG rng;
byte nonce[] = "\x0D\x74\xDB\x42\xA9\x10\x77\xDE"
"\x45\xAC\x13\x7A\xE1\x48\xAF\x16";
word32 nonceSz = sizeof(nonce);
printf(testingFmt, "wc_InitRngNonce()");
if (ret == 0){
ret = wc_InitRngNonce(&rng, nonce, nonceSz);
}
wc_FreeRng(&rng);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
}/* End test_wc_InitRngNonce*/
/*
* Testing wc_InitRngNonce_ex
*/
static int test_wc_InitRngNonce_ex(void)
{
int ret=0;
#if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \
(!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2))
WC_RNG rng;
byte nonce[] = "\x0D\x74\xDB\x42\xA9\x10\x77\xDE"
"\x45\xAC\x13\x7A\xE1\x48\xAF\x16";
word32 nonceSz = sizeof(nonce);
printf(testingFmt, "wc_InitRngNonce_ex()");
if (ret == 0){
ret = wc_InitRngNonce_ex(&rng, nonce, nonceSz, HEAP_HINT, devId);
}
wc_FreeRng(&rng);
printf(resultFmt, ret == 0 ? passed : failed);
#endif
return ret;
}/*End test_wc_InitRngNonce_ex*/
static void test_wolfSSL_X509_CRL(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL)
X509_CRL *crl;
char pem[][100] = {
"./certs/crl/crl.pem",
"./certs/crl/crl2.pem",
"./certs/crl/caEccCrl.pem",
"./certs/crl/eccCliCRL.pem",
"./certs/crl/eccSrvCRL.pem",
""
};
#ifndef NO_BIO
BIO *bio;
#endif
#ifdef HAVE_TEST_d2i_X509_CRL_fp
char der[][100] = {
"./certs/crl/crl.der",
"./certs/crl/crl2.der",
""};
#endif
XFILE fp;
int i;
printf(testingFmt, "test_wolfSSL_X509_CRL");
for (i = 0; pem[i][0] != '\0'; i++)
{
fp = XFOPEN(pem[i], "rb");
AssertTrue((fp != XBADFILE));
AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, NULL, NULL));
AssertNotNull(crl);
X509_CRL_free(crl);
XFCLOSE(fp);
fp = XFOPEN(pem[i], "rb");
AssertTrue((fp != XBADFILE));
AssertNotNull((X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)&crl, NULL, NULL));
AssertNotNull(crl);
X509_CRL_free(crl);
XFCLOSE(fp);
}
#ifndef NO_BIO
for (i = 0; pem[i][0] != '\0'; i++)
{
AssertNotNull(bio = BIO_new_file(pem[i], "rb"));
AssertNotNull(crl = PEM_read_bio_X509_CRL(bio, NULL, NULL, NULL));
X509_CRL_free(crl);
BIO_free(bio);
}
#endif
#ifdef HAVE_TEST_d2i_X509_CRL_fp
for(i = 0; der[i][0] != '\0'; i++){
fp = XFOPEN(der[i], "rb");
AssertTrue((fp != XBADFILE));
AssertNotNull(crl = (X509_CRL *)d2i_X509_CRL_fp((fp, X509_CRL **)NULL));
AssertNotNull(crl);
X509_CRL_free(crl);
XFCLOSE(fp);
fp = XFOPEN(der[i], "rb");
AssertTrue((fp != XBADFILE));
AssertNotNull((X509_CRL *)d2i_X509_CRL_fp(fp, (X509_CRL **)&crl));
AssertNotNull(crl);
X509_CRL_free(crl);
XFCLOSE(fp);
}
#endif
printf(resultFmt, passed);
#endif
return;
}
static void test_wolfSSL_X509_load_crl_file(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \
!defined(NO_RSA) && !defined(NO_BIO)
int i;
char pem[][100] = {
"./certs/crl/crl.pem",
"./certs/crl/crl2.pem",
"./certs/crl/caEccCrl.pem",
"./certs/crl/eccCliCRL.pem",
"./certs/crl/eccSrvCRL.pem",
""
};
char der[][100] = {
"./certs/crl/crl.der",
"./certs/crl/crl2.der",
""
};
WOLFSSL_X509_STORE* store;
WOLFSSL_X509_LOOKUP* lookup;
printf(testingFmt, "wolfSSL_X509_load_crl_file");
AssertNotNull(store = wolfSSL_X509_STORE_new());
AssertNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()));
AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem",
X509_FILETYPE_PEM), 1);
AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem",
X509_FILETYPE_PEM), 1);
if (store) {
AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
WOLFSSL_FILETYPE_PEM), 1);
/* since store hasn't yet known the revoked cert*/
AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem",
WOLFSSL_FILETYPE_PEM), 1);
}
for (i = 0; pem[i][0] != '\0'; i++)
{
AssertIntEQ(X509_load_crl_file(lookup, pem[i], WOLFSSL_FILETYPE_PEM), 1);
}
if (store) {
/* since store knows crl list */
AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem",
WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED);
}
/* once feeing store */
X509_STORE_free(store);
store = NULL;
AssertNotNull(store = wolfSSL_X509_STORE_new());
AssertNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()));
AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem",
X509_FILETYPE_PEM), 1);
AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem",
X509_FILETYPE_PEM), 1);
if (store) {
AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
WOLFSSL_FILETYPE_PEM), 1);
/* since store hasn't yet known the revoked cert*/
AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem",
WOLFSSL_FILETYPE_PEM), 1);
}
for (i = 0; der[i][0] != '\0'; i++)
{
AssertIntEQ(X509_load_crl_file(lookup, der[i], WOLFSSL_FILETYPE_ASN1), 1);
}
if (store) {
/* since store knows crl list */
AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem",
WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED);
}
/* test for incorrect parameter */
AssertIntEQ(X509_load_crl_file(NULL, pem[0], 0), 0);
AssertIntEQ(X509_load_crl_file(lookup, NULL, 0), 0);
AssertIntEQ(X509_load_crl_file(NULL, NULL, 0), 0);
X509_STORE_free(store);
store = NULL;
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_d2i_X509_REQ(void)
{
#if defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA) && !defined(NO_BIO) && \
(defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA))
/* ./certs/csr.signed.der, ./certs/csr.ext.der, and ./certs/csr.attr.der were
* generated by libest
* ./certs/csr.attr.der contains sample attributes
* ./certs/csr.ext.der contains sample extensions */
const char* csrFile = "./certs/csr.signed.der";
const char* csrPopFile = "./certs/csr.attr.der";
const char* csrExtFile = "./certs/csr.ext.der";
/* ./certs/csr.dsa.pem is generated using
* openssl req -newkey dsa:certs/dsaparams.pem \
* -keyout certs/csr.dsa.key.pem -keyform PEM -out certs/csr.dsa.pem \
* -outform PEM
* with the passphrase "wolfSSL"
*/
#if !defined(NO_DSA) && !defined(HAVE_SELFTEST)
const char* csrDsaFile = "./certs/csr.dsa.pem";
XFILE f;
#endif
BIO* bio = NULL;
X509* req = NULL;
EVP_PKEY *pub_key = NULL;
{
AssertNotNull(bio = BIO_new_file(csrFile, "rb"));
AssertNotNull(d2i_X509_REQ_bio(bio, &req));
/*
* Extract the public key from the CSR
*/
AssertNotNull(pub_key = X509_REQ_get_pubkey(req));
/*
* Verify the signature in the CSR
*/
AssertIntEQ(X509_REQ_verify(req, pub_key), 1);
X509_free(req);
BIO_free(bio);
EVP_PKEY_free(pub_key);
}
{
#ifdef OPENSSL_ALL
X509_ATTRIBUTE* attr;
ASN1_TYPE *at;
#endif
AssertNotNull(bio = BIO_new_file(csrPopFile, "rb"));
AssertNotNull(d2i_X509_REQ_bio(bio, &req));
/*
* Extract the public key from the CSR
*/
AssertNotNull(pub_key = X509_REQ_get_pubkey(req));
/*
* Verify the signature in the CSR
*/
AssertIntEQ(X509_REQ_verify(req, pub_key), 1);
#ifdef OPENSSL_ALL
/*
* Obtain the challenge password from the CSR
*/
AssertIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, -1),
NID_pkcs9_challengePassword);
AssertNotNull(attr = X509_REQ_get_attr(req, NID_pkcs9_challengePassword));
AssertNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0));
AssertNotNull(at->value.asn1_string);
AssertStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "2xIE+qqp/rhyTXP+");
AssertIntEQ(X509_get_ext_by_NID(req, NID_subject_alt_name, -1), -1);
#endif
X509_free(req);
BIO_free(bio);
EVP_PKEY_free(pub_key);
}
{
#ifdef OPENSSL_ALL
X509_ATTRIBUTE* attr;
ASN1_TYPE *at;
STACK_OF(X509_EXTENSION) *exts = NULL;
#endif
AssertNotNull(bio = BIO_new_file(csrExtFile, "rb"));
/* This CSR contains an Extension Request attribute so
* we test extension parsing in a CSR attribute here. */
AssertNotNull(d2i_X509_REQ_bio(bio, &req));
/*
* Extract the public key from the CSR
*/
AssertNotNull(pub_key = X509_REQ_get_pubkey(req));
/*
* Verify the signature in the CSR
*/
AssertIntEQ(X509_REQ_verify(req, pub_key), 1);
#ifdef OPENSSL_ALL
AssertNotNull(exts = (STACK_OF(X509_EXTENSION)*)X509_REQ_get_extensions(req));
AssertIntEQ(sk_X509_EXTENSION_num(exts), 2);
sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
/*
* Obtain the challenge password from the CSR
*/
AssertIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, -1),
NID_pkcs9_challengePassword);
AssertNotNull(attr = X509_REQ_get_attr(req, NID_pkcs9_challengePassword));
AssertNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0));
AssertNotNull(at->value.asn1_string);
AssertStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "IGCu/xNL4/0/wOgo");
AssertIntGE(X509_get_ext_by_NID(req, NID_key_usage, -1), 0);
AssertIntGE(X509_get_ext_by_NID(req, NID_subject_alt_name, -1), 0);
#endif
X509_free(req);
BIO_free(bio);
EVP_PKEY_free(pub_key);
}
#if !defined(NO_DSA) && !defined(HAVE_SELFTEST)
{
AssertNotNull(bio = BIO_new_file(csrDsaFile, "rb"));
AssertNotNull(PEM_read_bio_X509_REQ(bio, &req, NULL, NULL));
/*
* Extract the public key from the CSR
*/
AssertNotNull(pub_key = X509_REQ_get_pubkey(req));
/*
* Verify the signature in the CSR
*/
AssertIntEQ(X509_REQ_verify(req, pub_key), 1);
X509_free(req);
BIO_free(bio);
/* Run the same test, but with a file pointer instead of a BIO.
* (PEM_read_X509_REQ)*/
AssertTrue((f = XFOPEN(csrDsaFile, "rb")) != XBADFILE);
AssertNotNull(PEM_read_X509_REQ(f, &req, NULL, NULL));
AssertIntEQ(X509_REQ_verify(req, pub_key), 1);
X509_free(req);
EVP_PKEY_free(pub_key);
}
#endif /* !NO_DSA && !HAVE_SELFTEST */
#endif /* WOLFSSL_CERT_REQ && (OPENSSL_ALL || OPENSSL_EXTRA) */
}
static void test_wolfSSL_PEM_read_X509(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \
!defined(NO_RSA)
X509 *x509 = NULL;
XFILE fp;
printf(testingFmt, "wolfSSL_PEM_read_X509");
fp = XFOPEN(svrCertFile, "rb");
AssertTrue((fp != XBADFILE));
AssertNotNull(x509 = (X509 *)PEM_read_X509(fp, (X509 **)NULL, NULL, NULL));
X509_free(x509);
XFCLOSE(fp);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_PEM_read(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_BIO)
const char* filename = "./certs/server-keyEnc.pem";
XFILE fp;
char* name = NULL;
char* header = NULL;
byte* data = NULL;
long len;
EVP_CIPHER_INFO cipher;
WOLFSSL_BIO* bio;
byte* fileData;
size_t fileDataSz;
byte* out;
printf(testingFmt, "wolfSSL_PEM_read");
fp = XFOPEN(filename, "rb");
AssertTrue((fp != XBADFILE));
/* Fail cases. */
AssertIntEQ(PEM_read(fp, NULL, &header, &data, &len), WOLFSSL_FAILURE);
AssertIntEQ(PEM_read(fp, &name, NULL, &data, &len), WOLFSSL_FAILURE);
AssertIntEQ(PEM_read(fp, &name, &header, NULL, &len), WOLFSSL_FAILURE);
AssertIntEQ(PEM_read(fp, &name, &header, &data, NULL), WOLFSSL_FAILURE);
AssertIntEQ(PEM_read(fp, &name, &header, &data, &len), WOLFSSL_SUCCESS);
AssertIntEQ(XSTRNCMP(name, "RSA PRIVATE KEY", 15), 0);
AssertIntGT(XSTRLEN(header), 0);
AssertIntGT(len, 0);
AssertIntEQ(XFSEEK(fp, 0, SEEK_END), 0);
AssertIntGT((fileDataSz = XFTELL(fp)), 0);
AssertIntEQ(XFSEEK(fp, 0, SEEK_SET), 0);
AssertNotNull(fileData = (unsigned char*)XMALLOC(fileDataSz, NULL,
DYNAMIC_TYPE_TMP_BUFFER));
AssertIntEQ(XFREAD(fileData, 1, fileDataSz, fp), fileDataSz);
XFCLOSE(fp);
AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
/* Fail cases. */
AssertIntEQ(PEM_write_bio(NULL, name, header, data, len), 0);
AssertIntEQ(PEM_write_bio(bio, NULL, header, data, len), 0);
AssertIntEQ(PEM_write_bio(bio, name, NULL, data, len), 0);
AssertIntEQ(PEM_write_bio(bio, name, header, NULL, len), 0);
AssertIntEQ(PEM_write_bio(bio, name, header, data, len), fileDataSz);
AssertIntEQ(wolfSSL_BIO_get_mem_data(bio, &out), fileDataSz);
AssertIntEQ(XMEMCMP(out, fileData, fileDataSz), 0);
/* Fail cases. */
AssertIntEQ(PEM_get_EVP_CIPHER_INFO(NULL, &cipher), WOLFSSL_FAILURE);
AssertIntEQ(PEM_get_EVP_CIPHER_INFO(header, NULL), WOLFSSL_FAILURE);
AssertIntEQ(PEM_get_EVP_CIPHER_INFO((char*)"", &cipher), WOLFSSL_FAILURE);
#ifndef NO_DES3
AssertIntEQ(PEM_get_EVP_CIPHER_INFO(header, &cipher), WOLFSSL_SUCCESS);
#endif
/* Fail cases. */
AssertIntEQ(PEM_do_header(&cipher, NULL, &len, PasswordCallBack,
(void*)"yassl123"), WOLFSSL_FAILURE);
AssertIntEQ(PEM_do_header(&cipher, data, NULL, PasswordCallBack,
(void*)"yassl123"), WOLFSSL_FAILURE);
AssertIntEQ(PEM_do_header(&cipher, data, &len, NULL,
(void*)"yassl123"), WOLFSSL_FAILURE);
#if !defined(NO_DES3) && !defined(NO_MD5)
AssertIntEQ(PEM_do_header(&cipher, data, &len, PasswordCallBack,
(void*)"yassl123"), WOLFSSL_SUCCESS);
#endif
BIO_free(bio);
XFREE(fileData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
name = NULL;
header = NULL;
data = NULL;
fp = XFOPEN(svrKeyFile, "rb");
AssertTrue((fp != XBADFILE));
AssertIntEQ(PEM_read(fp, &name, &header, &data, &len), WOLFSSL_SUCCESS);
AssertIntEQ(XSTRNCMP(name, "RSA PRIVATE KEY", 15), 0);
AssertIntEQ(XSTRLEN(header), 0);
AssertIntGT(len, 0);
AssertIntEQ(XFSEEK(fp, 0, SEEK_END), 0);
AssertIntGT((fileDataSz = XFTELL(fp)), 0);
AssertIntEQ(XFSEEK(fp, 0, SEEK_SET), 0);
AssertNotNull(fileData = (unsigned char*)XMALLOC(fileDataSz, NULL,
DYNAMIC_TYPE_TMP_BUFFER));
AssertIntEQ(XFREAD(fileData, 1, fileDataSz, fp), fileDataSz);
XFCLOSE(fp);
AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
AssertIntEQ(PEM_write_bio(bio, name, header, data, len), fileDataSz);
AssertIntEQ(wolfSSL_BIO_get_mem_data(bio, &out), fileDataSz);
AssertIntEQ(XMEMCMP(out, fileData, fileDataSz), 0);
BIO_free(bio);
XFREE(fileData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
printf(resultFmt, passed);
#endif
}
static void test_wolfssl_EVP_aes_gcm_AAD_2_parts(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
!defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
const byte iv[12] = { 0 };
const byte key[16] = { 0 };
const byte cleartext[16] = { 0 };
const byte aad[] = {
0x01, 0x10, 0x00, 0x2a, 0x08, 0x00, 0x04, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08,
0x00, 0x00, 0xdc, 0x4d, 0xad, 0x6b, 0x06, 0x93,
0x4f
};
byte out1Part[16];
byte outTag1Part[16];
byte out2Part[16];
byte outTag2Part[16];
byte decryptBuf[16];
int len;
int tlen;
EVP_CIPHER_CTX* ctx = NULL;
printf(testingFmt, "wolfssl_EVP_aes_gcm_AAD_2_parts");
/* ENCRYPT */
/* Send AAD and data in 1 part */
AssertNotNull(ctx = EVP_CIPHER_CTX_new());
tlen = 0;
AssertIntEQ(EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL),
1);
AssertIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), 1);
AssertIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad, sizeof(aad)), 1);
AssertIntEQ(EVP_EncryptUpdate(ctx, out1Part, &len, cleartext,
sizeof(cleartext)), 1);
tlen += len;
AssertIntEQ(EVP_EncryptFinal_ex(ctx, out1Part, &len), 1);
tlen += len;
AssertIntEQ(tlen, sizeof(cleartext));
AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16,
outTag1Part), 1);
EVP_CIPHER_CTX_free(ctx);
/* DECRYPT */
/* Send AAD and data in 1 part */
AssertNotNull(ctx = EVP_CIPHER_CTX_new());
tlen = 0;
AssertIntEQ(EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL),
1);
AssertIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), 1);
AssertIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad, sizeof(aad)), 1);
AssertIntEQ(EVP_DecryptUpdate(ctx, decryptBuf, &len, out1Part,
sizeof(cleartext)), 1);
tlen += len;
AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16,
outTag1Part), 1);
AssertIntEQ(EVP_DecryptFinal_ex(ctx, decryptBuf, &len), 1);
tlen += len;
AssertIntEQ(tlen, sizeof(cleartext));
EVP_CIPHER_CTX_free(ctx);
AssertIntEQ(XMEMCMP(decryptBuf, cleartext, len), 0);
/* ENCRYPT */
/* Send AAD and data in 2 parts */
AssertNotNull(ctx = EVP_CIPHER_CTX_new());
tlen = 0;
AssertIntEQ(EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL),
1);
AssertIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), 1);
AssertIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad, 1), 1);
AssertIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad + 1, sizeof(aad) - 1),
1);
AssertIntEQ(EVP_EncryptUpdate(ctx, out2Part, &len, cleartext, 1), 1);
tlen += len;
AssertIntEQ(EVP_EncryptUpdate(ctx, out2Part + tlen, &len, cleartext + 1,
sizeof(cleartext) - 1), 1);
tlen += len;
AssertIntEQ(EVP_EncryptFinal_ex(ctx, out2Part + tlen, &len), 1);
tlen += len;
AssertIntEQ(tlen, sizeof(cleartext));
AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16,
outTag2Part), 1);
AssertIntEQ(XMEMCMP(out1Part, out2Part, sizeof(out1Part)), 0);
AssertIntEQ(XMEMCMP(outTag1Part, outTag2Part, sizeof(outTag1Part)), 0);
EVP_CIPHER_CTX_free(ctx);
/* DECRYPT */
/* Send AAD and data in 2 parts */
AssertNotNull(ctx = EVP_CIPHER_CTX_new());
tlen = 0;
AssertIntEQ(EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL),
1);
AssertIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), 1);
AssertIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad, 1), 1);
AssertIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad + 1, sizeof(aad) - 1),
1);
AssertIntEQ(EVP_DecryptUpdate(ctx, decryptBuf, &len, out1Part, 1), 1);
tlen += len;
AssertIntEQ(EVP_DecryptUpdate(ctx, decryptBuf + tlen, &len, out1Part + 1,
sizeof(cleartext) - 1), 1);
tlen += len;
AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16,
outTag1Part), 1);
AssertIntEQ(EVP_DecryptFinal_ex(ctx, decryptBuf + tlen, &len), 1);
tlen += len;
AssertIntEQ(tlen, sizeof(cleartext));
AssertIntEQ(XMEMCMP(decryptBuf, cleartext, len), 0);
/* Test AAD re-use */
EVP_CIPHER_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
!defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
static void test_wolfssl_EVP_aes_gcm_zeroLen(void)
{
/* Zero length plain text */
byte key[] = {
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
}; /* align */
byte iv[] = {
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
}; /* align */
byte plaintxt[1];
int ivSz = 12;
int plaintxtSz = 0;
unsigned char tag[16];
unsigned char tag_kat[] =
{0x53,0x0f,0x8a,0xfb,0xc7,0x45,0x36,0xb9,
0xa9,0x63,0xb4,0xf1,0xc4,0xcb,0x73,0x8b};
byte ciphertxt[AES_BLOCK_SIZE * 4] = {0};
byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0};
int ciphertxtSz = 0;
int decryptedtxtSz = 0;
int len = 0;
EVP_CIPHER_CTX *en = EVP_CIPHER_CTX_new();
EVP_CIPHER_CTX *de = EVP_CIPHER_CTX_new();
AssertIntEQ(1, EVP_EncryptInit_ex(en, EVP_aes_256_gcm(), NULL, key, iv));
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
AssertIntEQ(1, EVP_EncryptUpdate(en, ciphertxt, &ciphertxtSz , plaintxt,
plaintxtSz));
AssertIntEQ(1, EVP_EncryptFinal_ex(en, ciphertxt, &len));
ciphertxtSz += len;
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_GET_TAG, 16, tag));
AssertIntEQ(1, EVP_CIPHER_CTX_cleanup(en));
AssertIntEQ(0, ciphertxtSz);
AssertIntEQ(0, XMEMCMP(tag, tag_kat, sizeof(tag)));
EVP_CIPHER_CTX_init(de);
AssertIntEQ(1, EVP_DecryptInit_ex(de, EVP_aes_256_gcm(), NULL, key, iv));
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
AssertIntEQ(1, EVP_DecryptUpdate(de, NULL, &len, ciphertxt, len));
decryptedtxtSz = len;
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_GCM_SET_TAG, 16, tag));
AssertIntEQ(1, EVP_DecryptFinal_ex(de, decryptedtxt, &len));
decryptedtxtSz += len;
AssertIntEQ(0, decryptedtxtSz);
EVP_CIPHER_CTX_free(en);
EVP_CIPHER_CTX_free(de);
}
#endif
static void test_wolfssl_EVP_aes_gcm(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
!defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
/* A 256 bit key, AES_128 will use the first 128 bit*/
byte *key = (byte*)"01234567890123456789012345678901";
/* A 128 bit IV */
byte *iv = (byte*)"0123456789012345";
int ivSz = AES_BLOCK_SIZE;
/* Message to be encrypted */
byte *plaintxt = (byte*)"for things to change you have to change";
/* Additional non-confidential data */
byte *aad = (byte*)"Don't spend major time on minor things.";
unsigned char tag[AES_BLOCK_SIZE] = {0};
int plaintxtSz = (int)XSTRLEN((char*)plaintxt);
int aadSz = (int)XSTRLEN((char*)aad);
byte ciphertxt[AES_BLOCK_SIZE * 4] = {0};
byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0};
int ciphertxtSz = 0;
int decryptedtxtSz = 0;
int len = 0;
int i = 0;
EVP_CIPHER_CTX en[2];
EVP_CIPHER_CTX de[2];
printf(testingFmt, "wolfssl_EVP_aes_gcm");
for (i = 0; i < 2; i++) {
EVP_CIPHER_CTX_init(&en[i]);
if (i == 0) {
/* Default uses 96-bits IV length */
#ifdef WOLFSSL_AES_128
AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_gcm(), NULL, key, iv));
#elif defined(WOLFSSL_AES_192)
AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_gcm(), NULL, key, iv));
#elif defined(WOLFSSL_AES_256)
AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_gcm(), NULL, key, iv));
#endif
}
else {
#ifdef WOLFSSL_AES_128
AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_gcm(), NULL, NULL, NULL));
#elif defined(WOLFSSL_AES_192)
AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_gcm(), NULL, NULL, NULL));
#elif defined(WOLFSSL_AES_256)
AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_gcm(), NULL, NULL, NULL));
#endif
/* non-default must to set the IV length first */
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv));
}
AssertIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz));
AssertIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt, plaintxtSz));
ciphertxtSz = len;
AssertIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len));
ciphertxtSz += len;
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_GET_TAG, AES_BLOCK_SIZE, tag));
AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]), 1);
EVP_CIPHER_CTX_init(&de[i]);
if (i == 0) {
/* Default uses 96-bits IV length */
#ifdef WOLFSSL_AES_128
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, key, iv));
#elif defined(WOLFSSL_AES_192)
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, key, iv));
#elif defined(WOLFSSL_AES_256)
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, key, iv));
#endif
}
else {
#ifdef WOLFSSL_AES_128
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, NULL, NULL));
#elif defined(WOLFSSL_AES_192)
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, NULL, NULL));
#elif defined(WOLFSSL_AES_256)
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, NULL, NULL));
#endif
/* non-default must to set the IV length first */
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv));
}
AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz));
AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz));
decryptedtxtSz = len;
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag));
AssertIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len));
decryptedtxtSz += len;
AssertIntEQ(ciphertxtSz, decryptedtxtSz);
AssertIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz));
/* modify tag*/
tag[AES_BLOCK_SIZE-1]+=0xBB;
AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz));
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag));
/* fail due to wrong tag */
AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz));
AssertIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len));
AssertIntEQ(0, len);
AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]), 1);
}
test_wolfssl_EVP_aes_gcm_zeroLen();
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !NO_AES && HAVE_AESGCM */
}
#ifndef NO_BIO
static void test_wolfSSL_PEM_X509_INFO_read_bio(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
BIO* bio;
X509_INFO* info;
STACK_OF(X509_INFO)* sk;
char* subject;
char exp1[] = "/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com";
char exp2[] = "/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Support/CN=www.wolfssl.com/emailAddress=info@wolfssl.com";
printf(testingFmt, "wolfSSL_PEM_X509_INFO_read_bio");
AssertNotNull(bio = BIO_new(BIO_s_file()));
AssertIntGT(BIO_read_filename(bio, svrCertFile), 0);
AssertNotNull(sk = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL));
AssertIntEQ(sk_X509_INFO_num(sk), 2);
/* using dereference to maintain testing for Apache port*/
AssertNotNull(info = sk_X509_INFO_pop(sk));
AssertNotNull(subject =
X509_NAME_oneline(X509_get_subject_name(info->x509), 0, 0));
AssertIntEQ(0, XSTRNCMP(subject, exp1, sizeof(exp1)));
XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
X509_INFO_free(info);
AssertNotNull(info = sk_X509_INFO_pop(sk));
AssertNotNull(subject =
X509_NAME_oneline(X509_get_subject_name(info->x509), 0, 0));
AssertIntEQ(0, XSTRNCMP(subject, exp2, sizeof(exp2)));
XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
X509_INFO_free(info);
AssertNull(info = sk_X509_INFO_pop(sk));
sk_X509_INFO_pop_free(sk, X509_INFO_free);
BIO_free(bio);
printf(resultFmt, passed);
#endif
}
#endif /* !NO_BIO */
static void test_wolfSSL_X509_NAME_ENTRY_get_object(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
X509 *x509;
X509_NAME* name;
int idx = 0;
X509_NAME_ENTRY *ne;
ASN1_OBJECT *object = NULL;
printf(testingFmt, "wolfSSL_X509_NAME_ENTRY_get_object");
x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM);
AssertNotNull(x509);
name = X509_get_subject_name(x509);
idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1);
AssertIntGE(idx, 0);
ne = X509_NAME_get_entry(name, idx);
AssertNotNull(ne);
AssertNotNull(object = X509_NAME_ENTRY_get_object(ne));
X509_free(x509);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_ASN1_INTEGER_get_set(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
ASN1_INTEGER *a;
long val;
int ret;
printf(testingFmt, "test_wolfSSL_ASN1_INTEGER_get_set");
a = ASN1_INTEGER_new();
val = 0;
ret = ASN1_INTEGER_set(NULL, val);
AssertIntEQ(ret, 0);
ASN1_INTEGER_free(a);
/* 0 */
a = ASN1_INTEGER_new();
val = 0;
ret = ASN1_INTEGER_set(a, val);
AssertIntEQ(ret, 1);
AssertIntEQ(ASN1_INTEGER_get(a), val);
ASN1_INTEGER_free(a);
/* 40 */
a = ASN1_INTEGER_new();
val = 40;
ret = ASN1_INTEGER_set(a, val);
AssertIntEQ(ret, 1);
AssertIntEQ(ASN1_INTEGER_get(a), val);
ASN1_INTEGER_free(a);
/* -40 */
a = ASN1_INTEGER_new();
val = -40;
ret = ASN1_INTEGER_set(a, val);
AssertIntEQ(ret, 1);
AssertIntEQ(ASN1_INTEGER_get(a), val);
ASN1_INTEGER_free(a);
/* 128 */
a = ASN1_INTEGER_new();
val = 128;
ret = ASN1_INTEGER_set(a, val);
AssertIntEQ(ret, 1);
AssertIntEQ(ASN1_INTEGER_get(a), val);
ASN1_INTEGER_free(a);
/* -128 */
a = ASN1_INTEGER_new();
val = -128;
ret = ASN1_INTEGER_set(a, val);
AssertIntEQ(ret, 1);
AssertIntEQ(ASN1_INTEGER_get(a), val);
ASN1_INTEGER_free(a);
/* 200 */
a = ASN1_INTEGER_new();
val = 200;
ret = ASN1_INTEGER_set(a, val);
AssertIntEQ(ret, 1);
AssertIntEQ(ASN1_INTEGER_get(a), val);
ASN1_INTEGER_free(a);
/* int max (2147483647) */
a = ASN1_INTEGER_new();
val = 2147483647;
ret = ASN1_INTEGER_set(a, val);
AssertIntEQ(ret, 1);
AssertIntEQ(ASN1_INTEGER_get(a), val);
ASN1_INTEGER_free(a);
/* int min (-2147483648) */
a = ASN1_INTEGER_new();
val = -2147483647 - 1;
ret = ASN1_INTEGER_set(a, val);
AssertIntEQ(ret, 1);
AssertIntEQ(ASN1_INTEGER_get(a), val);
ASN1_INTEGER_free(a);
printf(resultFmt, passed);
#endif
}
#if defined(OPENSSL_EXTRA)
typedef struct ASN1IntTestVector {
const byte* der;
const size_t derSz;
const long value;
} ASN1IntTestVector;
#endif
static void test_wolfSSL_d2i_ASN1_INTEGER(void)
{
#if defined(OPENSSL_EXTRA)
size_t i;
WOLFSSL_ASN1_INTEGER* a = NULL;
WOLFSSL_ASN1_INTEGER* b = NULL;
WOLFSSL_ASN1_INTEGER* c = NULL;
const byte* p = NULL;
byte* reEncoded = NULL;
int reEncodedSz;
static const byte zeroDer[] = {
0x02, 0x01, 0x00
};
static const byte oneDer[] = {
0x02, 0x01, 0x01
};
static const byte negativeDer[] = {
0x02, 0x03, 0xC1, 0x16, 0x0D
};
static const byte positiveDer[] = {
0x02, 0x03, 0x01, 0x00, 0x01
};
static const byte primeDer[] = {
0x02, 0x82, 0x01, 0x01, 0x00, 0xc0, 0x95, 0x08, 0xe1, 0x57, 0x41,
0xf2, 0x71, 0x6d, 0xb7, 0xd2, 0x45, 0x41, 0x27, 0x01, 0x65, 0xc6,
0x45, 0xae, 0xf2, 0xbc, 0x24, 0x30, 0xb8, 0x95, 0xce, 0x2f, 0x4e,
0xd6, 0xf6, 0x1c, 0x88, 0xbc, 0x7c, 0x9f, 0xfb, 0xa8, 0x67, 0x7f,
0xfe, 0x5c, 0x9c, 0x51, 0x75, 0xf7, 0x8a, 0xca, 0x07, 0xe7, 0x35,
0x2f, 0x8f, 0xe1, 0xbd, 0x7b, 0xc0, 0x2f, 0x7c, 0xab, 0x64, 0xa8,
0x17, 0xfc, 0xca, 0x5d, 0x7b, 0xba, 0xe0, 0x21, 0xe5, 0x72, 0x2e,
0x6f, 0x2e, 0x86, 0xd8, 0x95, 0x73, 0xda, 0xac, 0x1b, 0x53, 0xb9,
0x5f, 0x3f, 0xd7, 0x19, 0x0d, 0x25, 0x4f, 0xe1, 0x63, 0x63, 0x51,
0x8b, 0x0b, 0x64, 0x3f, 0xad, 0x43, 0xb8, 0xa5, 0x1c, 0x5c, 0x34,
0xb3, 0xae, 0x00, 0xa0, 0x63, 0xc5, 0xf6, 0x7f, 0x0b, 0x59, 0x68,
0x78, 0x73, 0xa6, 0x8c, 0x18, 0xa9, 0x02, 0x6d, 0xaf, 0xc3, 0x19,
0x01, 0x2e, 0xb8, 0x10, 0xe3, 0xc6, 0xcc, 0x40, 0xb4, 0x69, 0xa3,
0x46, 0x33, 0x69, 0x87, 0x6e, 0xc4, 0xbb, 0x17, 0xa6, 0xf3, 0xe8,
0xdd, 0xad, 0x73, 0xbc, 0x7b, 0x2f, 0x21, 0xb5, 0xfd, 0x66, 0x51,
0x0c, 0xbd, 0x54, 0xb3, 0xe1, 0x6d, 0x5f, 0x1c, 0xbc, 0x23, 0x73,
0xd1, 0x09, 0x03, 0x89, 0x14, 0xd2, 0x10, 0xb9, 0x64, 0xc3, 0x2a,
0xd0, 0xa1, 0x96, 0x4a, 0xbc, 0xe1, 0xd4, 0x1a, 0x5b, 0xc7, 0xa0,
0xc0, 0xc1, 0x63, 0x78, 0x0f, 0x44, 0x37, 0x30, 0x32, 0x96, 0x80,
0x32, 0x23, 0x95, 0xa1, 0x77, 0xba, 0x13, 0xd2, 0x97, 0x73, 0xe2,
0x5d, 0x25, 0xc9, 0x6a, 0x0d, 0xc3, 0x39, 0x60, 0xa4, 0xb4, 0xb0,
0x69, 0x42, 0x42, 0x09, 0xe9, 0xd8, 0x08, 0xbc, 0x33, 0x20, 0xb3,
0x58, 0x22, 0xa7, 0xaa, 0xeb, 0xc4, 0xe1, 0xe6, 0x61, 0x83, 0xc5,
0xd2, 0x96, 0xdf, 0xd9, 0xd0, 0x4f, 0xad, 0xd7
};
static const byte garbageDer[] = {0xDE, 0xAD, 0xBE, 0xEF};
static const ASN1IntTestVector testVectors[] = {
{zeroDer, sizeof(zeroDer), 0},
{oneDer, sizeof(oneDer), 1},
{negativeDer, sizeof(negativeDer), -4123123},
{positiveDer, sizeof(positiveDer), 65537},
{primeDer, sizeof(primeDer), 0}
};
static const size_t NUM_TEST_VECTORS = sizeof(testVectors)/sizeof(testVectors[0]);
printf(testingFmt, "test_wolfSSL_d2i_ASN1_INTEGER");
/* Check d2i error conditions */
/* NULL pointer to input. */
AssertNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, NULL, 1)));
AssertNull(b);
/* NULL input. */
AssertNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, 1)));
AssertNull(b);
/* 0 length. */
p = testVectors[0].der;
AssertNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, 0)));
AssertNull(b);
/* Negative length. */
p = testVectors[0].der;
AssertNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, -1)));
AssertNull(b);
/* Garbage DER input. */
p = garbageDer;
AssertNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, sizeof(garbageDer))));
AssertNull(b);
/* Check i2d error conditions */
/* NULL input. */
byte* p2 = NULL;
AssertIntLT(wolfSSL_i2d_ASN1_INTEGER(NULL, &p2), 0);
/* 0 length input data buffer (a->length == 0). */
AssertNotNull((a = wolfSSL_ASN1_INTEGER_new()));
AssertIntLT(wolfSSL_i2d_ASN1_INTEGER(a, &p2), 0);
a->data = NULL;
/* NULL input data buffer. */
AssertIntLT(wolfSSL_i2d_ASN1_INTEGER(a, &p2), 0);
/* Reset a->data. */
a->data = a->intData;
/* Set a to valid value. */
AssertIntEQ(wolfSSL_ASN1_INTEGER_set(a, 1), WOLFSSL_SUCCESS);
/* NULL output buffer. */
AssertIntLT(wolfSSL_i2d_ASN1_INTEGER(a, NULL), 0);
wolfSSL_ASN1_INTEGER_free(a);
for (i = 0; i < NUM_TEST_VECTORS; ++i) {
p = testVectors[i].der;
a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, testVectors[i].derSz);
AssertIntEQ(wolfSSL_ASN1_INTEGER_cmp(a, b), 0);
if (testVectors[i].derSz <= sizeof(long)) {
c = wolfSSL_ASN1_INTEGER_new();
wolfSSL_ASN1_INTEGER_set(c, testVectors[i].value);
AssertIntEQ(wolfSSL_ASN1_INTEGER_cmp(a, c), 0);
wolfSSL_ASN1_INTEGER_free(c);
}
/* Convert to DER without a pre-allocated output buffer. */
AssertIntGT((reEncodedSz = wolfSSL_i2d_ASN1_INTEGER(a, &reEncoded)), 0);
AssertIntEQ(reEncodedSz, testVectors[i].derSz);
AssertIntEQ(XMEMCMP(reEncoded, testVectors[i].der, reEncodedSz), 0);
/* Convert to DER with a pre-allocated output buffer. In this case, the
* output buffer pointer should be incremented just past the end of the
* encoded data. */
p = reEncoded;
AssertIntGT((reEncodedSz = wolfSSL_i2d_ASN1_INTEGER(a, &reEncoded)), 0);
AssertIntEQ(reEncodedSz, testVectors[i].derSz);
AssertPtrEq(p, reEncoded - reEncodedSz);
AssertIntEQ(XMEMCMP(p, testVectors[i].der, reEncodedSz), 0);
XFREE(reEncoded - reEncodedSz, NULL, DYNAMIC_TYPE_ASN1);
reEncoded = NULL;
wolfSSL_ASN1_INTEGER_free(a);
}
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}
static void test_wolfSSL_X509_STORE_get1_certs(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SIGNER_DER_CERT) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
X509_STORE_CTX *storeCtx;
X509_STORE *store;
X509 *caX509;
X509 *svrX509;
X509_NAME *subject;
WOLF_STACK_OF(WOLFSSL_X509) *certs;
printf(testingFmt, "wolfSSL_X509_STORE_get1_certs()");
AssertNotNull(caX509 =
X509_load_certificate_file(caCertFile, SSL_FILETYPE_PEM));
AssertNotNull((svrX509 =
wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)));
AssertNotNull(storeCtx = X509_STORE_CTX_new());
AssertNotNull(store = X509_STORE_new());
AssertNotNull(subject = X509_get_subject_name(caX509));
/* Errors */
AssertNull(X509_STORE_get1_certs(storeCtx, subject));
AssertNull(X509_STORE_get1_certs(NULL, subject));
AssertNull(X509_STORE_get1_certs(storeCtx, NULL));
AssertIntEQ(X509_STORE_add_cert(store, caX509), SSL_SUCCESS);
AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, caX509, NULL), SSL_SUCCESS);
/* Should find the cert */
AssertNotNull(certs = X509_STORE_get1_certs(storeCtx, subject));
AssertIntEQ(1, wolfSSL_sk_X509_num(certs));
sk_X509_pop_free(certs, NULL);
/* Should not find the cert */
AssertNotNull(subject = X509_get_subject_name(svrX509));
AssertNotNull(certs = X509_STORE_get1_certs(storeCtx, subject));
AssertIntEQ(0, wolfSSL_sk_X509_num(certs));
sk_X509_pop_free(certs, NULL);
X509_STORE_free(store);
X509_STORE_CTX_free(storeCtx);
X509_free(svrX509);
X509_free(caX509);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && WOLFSSL_SIGNER_DER_CERT && !NO_FILESYSTEM */
}
/* Testing code used in dpp.c in hostap */
#if defined(OPENSSL_ALL) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
typedef struct {
/* AlgorithmIdentifier ecPublicKey with optional parameters present
* as an OID identifying the curve */
X509_ALGOR *alg;
/* Compressed format public key per ANSI X9.63 */
ASN1_BIT_STRING *pub_key;
} DPP_BOOTSTRAPPING_KEY;
ASN1_SEQUENCE(DPP_BOOTSTRAPPING_KEY) = {
ASN1_SIMPLE(DPP_BOOTSTRAPPING_KEY, alg, X509_ALGOR),
ASN1_SIMPLE(DPP_BOOTSTRAPPING_KEY, pub_key, ASN1_BIT_STRING)
} ASN1_SEQUENCE_END(DPP_BOOTSTRAPPING_KEY)
IMPLEMENT_ASN1_FUNCTIONS(DPP_BOOTSTRAPPING_KEY)
#endif
static void test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
{
/* Testing code used in dpp.c in hostap */
#if defined(OPENSSL_ALL) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
EC_KEY *eckey;
EVP_PKEY *key;
size_t len;
unsigned char *der = NULL;
DPP_BOOTSTRAPPING_KEY *bootstrap = NULL;
const unsigned char *in = ecc_clikey_der_256;
const EC_GROUP *group;
const EC_POINT *point;
int nid;
AssertNotNull(bootstrap = DPP_BOOTSTRAPPING_KEY_new());
AssertNotNull(key = d2i_PrivateKey(EVP_PKEY_EC, NULL, &in,
(long)sizeof_ecc_clikey_der_256));
AssertNotNull(eckey = EVP_PKEY_get1_EC_KEY(key));
AssertNotNull(group = EC_KEY_get0_group(eckey));
AssertNotNull(point = EC_KEY_get0_public_key(eckey));
nid = EC_GROUP_get_curve_name(group);
AssertIntEQ(X509_ALGOR_set0(bootstrap->alg, OBJ_nid2obj(EVP_PKEY_EC),
V_ASN1_OBJECT, OBJ_nid2obj(nid)), 1);
#ifdef HAVE_COMP_KEY
AssertIntGT((len = EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED,
NULL, 0, NULL)), 0);
#else
AssertIntGT((len = EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED,
NULL, 0, NULL)), 0);
#endif
AssertNotNull(der = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1));
#ifdef HAVE_COMP_KEY
AssertIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED,
der, len, NULL), len);
#else
AssertIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED,
der, len, NULL), len);
#endif
bootstrap->pub_key->data = der;
bootstrap->pub_key->length = (int)len;
/* Not actually used */
bootstrap->pub_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
bootstrap->pub_key->flags |= ASN1_STRING_FLAG_BITS_LEFT;
der = NULL;
AssertIntGT(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 0);
XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
EVP_PKEY_free(key);
EC_KEY_free(eckey);
DPP_BOOTSTRAPPING_KEY_free(bootstrap);
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
#endif /* WOLFSSL_WPAS && HAVE_ECC && USE_CERT_BUFFERS_256 */
}
static void test_wolfSSL_i2c_ASN1_INTEGER(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
ASN1_INTEGER *a;
unsigned char *pp,*tpp;
int ret;
printf(testingFmt, "wolfSSL_i2c_ASN1_INTEGER");
a = wolfSSL_ASN1_INTEGER_new();
/* 40 */
a->intData[0] = ASN_INTEGER;
a->intData[1] = 1;
a->intData[2] = 40;
ret = i2c_ASN1_INTEGER(a, NULL);
AssertIntEQ(ret, 1);
AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
DYNAMIC_TYPE_TMP_BUFFER));
tpp = pp;
XMEMSET(pp, 0, ret + 1);
i2c_ASN1_INTEGER(a, &pp);
pp--;
AssertIntEQ(*pp, 40);
XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
/* 128 */
a->intData[0] = ASN_INTEGER;
a->intData[1] = 1;
a->intData[2] = 128;
ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL);
AssertIntEQ(ret, 2);
AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
DYNAMIC_TYPE_TMP_BUFFER));
tpp = pp;
XMEMSET(pp, 0, ret + 1);
wolfSSL_i2c_ASN1_INTEGER(a, &pp);
pp--;
AssertIntEQ(*(pp--), 128);
AssertIntEQ(*pp, 0);
XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
/* -40 */
a->intData[0] = ASN_INTEGER;
a->intData[1] = 1;
a->intData[2] = 40;
a->negative = 1;
ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL);
AssertIntEQ(ret, 1);
AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
DYNAMIC_TYPE_TMP_BUFFER));
tpp = pp;
XMEMSET(pp, 0, ret + 1);
wolfSSL_i2c_ASN1_INTEGER(a, &pp);
pp--;
AssertIntEQ(*pp, 216);
XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
/* -128 */
a->intData[0] = ASN_INTEGER;
a->intData[1] = 1;
a->intData[2] = 128;
a->negative = 1;
ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL);
AssertIntEQ(ret, 1);
AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
DYNAMIC_TYPE_TMP_BUFFER));
tpp = pp;
XMEMSET(pp, 0, ret + 1);
wolfSSL_i2c_ASN1_INTEGER(a, &pp);
pp--;
AssertIntEQ(*pp, 128);
XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
/* -200 */
a->intData[0] = ASN_INTEGER;
a->intData[1] = 1;
a->intData[2] = 200;
a->negative = 1;
ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL);
AssertIntEQ(ret, 2);
AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
DYNAMIC_TYPE_TMP_BUFFER));
tpp = pp;
XMEMSET(pp, 0, ret + 1);
wolfSSL_i2c_ASN1_INTEGER(a, &pp);
pp--;
AssertIntEQ(*(pp--), 56);
AssertIntEQ(*pp, 255);
XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL_ASN1_INTEGER_free(a);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !NO_ASN */
}
#ifndef NO_INLINE
#define WOLFSSL_MISC_INCLUDED
#include <wolfcrypt/src/misc.c>
#else
#include <wolfssl/wolfcrypt/misc.h>
#endif
static int test_ForceZero(void)
{
unsigned char data[32];
unsigned int i, j, len;
/* Test case with 0 length */
ForceZero(data, 0);
/* Test ForceZero */
for (i = 0; i < sizeof(data); i++) {
for (len = 1; len < sizeof(data) - i; len++) {
for (j = 0; j < sizeof(data); j++)
data[j] = j + 1;
ForceZero(data + i, len);
for (j = 0; j < sizeof(data); j++) {
if (j < i || j >= i + len) {
if (data[j] == 0x00)
return -10200;
}
else if (data[j] != 0x00)
return -10201;
}
}
}
return 0;
}
#ifndef NO_BIO
static void test_wolfSSL_X509_print(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
!defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(XSNPRINTF)
X509 *x509;
BIO *bio;
#if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_DIR)
const X509_ALGOR *cert_sig_alg;
#endif
printf(testingFmt, "wolfSSL_X509_print");
x509 = X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM);
AssertNotNull(x509);
/* print to memory */
AssertNotNull(bio = BIO_new(BIO_s_mem()));
AssertIntEQ(X509_print(bio, x509), SSL_SUCCESS);
#if defined(WOLFSSL_QT)
AssertIntEQ(BIO_get_mem_data(bio, NULL), 3113);
#else
AssertIntEQ(BIO_get_mem_data(bio, NULL), 3103);
#endif
BIO_free(bio);
AssertNotNull(bio = BIO_new_fd(STDOUT_FILENO, BIO_NOCLOSE));
#if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_DIR)
/* Print signature */
AssertNotNull(cert_sig_alg = X509_get0_tbs_sigalg(x509));
AssertIntEQ(X509_signature_print(bio, cert_sig_alg, NULL), SSL_SUCCESS);
#endif
/* print to stdout */
#if !defined(NO_WOLFSSL_DIR)
AssertIntEQ(X509_print(bio, x509), SSL_SUCCESS);
#endif
/* print again */
AssertIntEQ(X509_print_fp(stdout, x509), SSL_SUCCESS);
X509_free(x509);
BIO_free(bio);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_RSA_print(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
!defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
!defined(HAVE_FAST_RSA) && !defined(NO_BIO)
BIO *bio;
WOLFSSL_RSA* rsa = NULL;
printf(testingFmt, "wolfSSL_RSA_print");
AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
AssertNotNull(bio = BIO_new_fd(STDOUT_FILENO, BIO_NOCLOSE));
AssertIntEQ(RSA_print(bio, rsa, 0), SSL_SUCCESS);
BIO_free(bio);
RSA_free(rsa);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_BIO_get_len(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
BIO *bio = NULL;
const char txt[] = "Some example text to push to the BIO.";
printf(testingFmt, "wolfSSL_BIO_get_len");
AssertIntEQ(wolfSSL_BIO_get_len(bio), BAD_FUNC_ARG);
AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
AssertIntEQ(wolfSSL_BIO_write(bio, txt, sizeof(txt)), sizeof(txt));
AssertIntEQ(wolfSSL_BIO_get_len(bio), sizeof(txt));
BIO_free(bio);
AssertNotNull(bio = BIO_new_fd(STDOUT_FILENO, BIO_NOCLOSE));
AssertIntEQ(wolfSSL_BIO_get_len(bio), WOLFSSL_BAD_FILE);
BIO_free(bio);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_ASN1_STRING_print(void){
#if defined(OPENSSL_ALL) && !defined(NO_ASN) && !defined(NO_CERTS)
ASN1_STRING* asnStr = NULL;
const char HELLO_DATA[]= \
{'H','e','l','l','o',' ','w','o','l','f','S','S','L','!'};
#define MAX_UNPRINTABLE_CHAR 32
#define MAX_BUF 255
unsigned char unprintableData[MAX_UNPRINTABLE_CHAR + sizeof(HELLO_DATA)];
unsigned char expected[sizeof(unprintableData)+1];
unsigned char rbuf[MAX_BUF];
BIO *bio;
int p_len, i;
printf(testingFmt, "wolfSSL_ASN1_STRING_print()");
/* setup */
for (i = 0; i < (int)sizeof(HELLO_DATA); i++) {
unprintableData[i] = HELLO_DATA[i];
expected[i] = HELLO_DATA[i];
}
for (i = 0; i < (int)MAX_UNPRINTABLE_CHAR; i++) {
unprintableData[sizeof(HELLO_DATA)+i] = i;
if (i == (int)'\n' || i == (int)'\r')
expected[sizeof(HELLO_DATA)+i] = i;
else
expected[sizeof(HELLO_DATA)+i] = '.';
}
unprintableData[sizeof(unprintableData)-1] = '\0';
expected[sizeof(expected)-1] = '\0';
XMEMSET(rbuf, 0, MAX_BUF);
bio = BIO_new(BIO_s_mem());
BIO_set_write_buf_size(bio, MAX_BUF);
asnStr = ASN1_STRING_type_new(V_ASN1_OCTET_STRING);
ASN1_STRING_set(asnStr,(const void*)unprintableData,
(int)sizeof(unprintableData));
/* test */
p_len = wolfSSL_ASN1_STRING_print(bio, asnStr);
AssertIntEQ(p_len, 46);
BIO_read(bio, (void*)rbuf, 46);
AssertStrEQ((char*)rbuf, (const char*)expected);
BIO_free(bio);
ASN1_STRING_free(asnStr);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !NO_ASN && !NO_CERTS */
}
#endif /* !NO_BIO */
static void test_wolfSSL_ASN1_get_object(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
const unsigned char* derBuf = cliecc_cert_der_256;
int len = sizeof_cliecc_cert_der_256;
long asnLen = 0;
int tag = 0, cls = 0;
ASN1_OBJECT *a;
printf(testingFmt, "wolfSSL_ASN1_get_object()");
/* Read a couple TLV triplets and make sure they match the expected values */
AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len) & 0x80, 0);
AssertIntEQ(asnLen, 862);
AssertIntEQ(tag, 0x10);
AssertIntEQ(cls, 0);
AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
AssertIntEQ(asnLen, 772);
AssertIntEQ(tag, 0x10);
AssertIntEQ(cls, 0);
AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
AssertIntEQ(asnLen, 3);
AssertIntEQ(tag, 0);
AssertIntEQ(cls, 0x80);
AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
AssertIntEQ(asnLen, 1);
AssertIntEQ(tag, 0x2);
AssertIntEQ(cls, 0);
derBuf += asnLen;
AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
AssertIntEQ(asnLen, 20);
AssertIntEQ(tag, 0x2);
AssertIntEQ(cls, 0);
derBuf += asnLen;
AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
AssertIntEQ(asnLen, 10);
AssertIntEQ(tag, 0x10);
AssertIntEQ(cls, 0);
/* Read an ASN OBJECT */
AssertNotNull(d2i_ASN1_OBJECT(&a, &derBuf, len));
ASN1_OBJECT_free(a);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && HAVE_ECC && USE_CERT_BUFFERS_256 */
}
static void test_wolfSSL_RSA_verify(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && \
!defined(NO_FILESYSTEM) && defined(HAVE_CRL)
#ifndef NO_BIO
XFILE fp;
RSA *pKey, *pubKey;
X509 *cert;
const char *text = "Hello wolfSSL !";
unsigned char hash[SHA256_DIGEST_LENGTH];
unsigned char signature[2048/8];
unsigned int signatureLength;
byte *buf;
BIO *bio;
SHA256_CTX c;
EVP_PKEY *evpPkey, *evpPubkey;
size_t sz;
printf(testingFmt, "wolfSSL_RSA_verify");
/* generate hash */
SHA256_Init(&c);
SHA256_Update(&c, text, strlen(text));
SHA256_Final(hash, &c);
#ifdef WOLFSSL_SMALL_STACK_CACHE
/* workaround for small stack cache case */
wc_Sha256Free((wc_Sha256*)&c);
#endif
/* read privete key file */
fp = XFOPEN(svrKeyFile, "rb");
AssertTrue((fp != XBADFILE));
XFSEEK(fp, 0, XSEEK_END);
sz = XFTELL(fp);
XREWIND(fp);
AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
AssertIntEQ(XFREAD(buf, 1, sz, fp), sz);
XFCLOSE(fp);
/* read private key and sign hash data */
AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
AssertNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL));
AssertNotNull(pKey = EVP_PKEY_get1_RSA(evpPkey));
AssertIntEQ(RSA_sign(NID_sha256, hash, SHA256_DIGEST_LENGTH,
signature, &signatureLength, pKey), SSL_SUCCESS);
/* read public key and verify signed data */
fp = XFOPEN(svrCertFile,"rb");
AssertTrue((fp != XBADFILE));
cert = PEM_read_X509(fp, 0, 0, 0 );
XFCLOSE(fp);
evpPubkey = X509_get_pubkey(cert);
pubKey = EVP_PKEY_get1_RSA(evpPubkey);
AssertIntEQ(RSA_verify(NID_sha256, hash, SHA256_DIGEST_LENGTH, signature,
signatureLength, pubKey), SSL_SUCCESS);
RSA_free(pKey);
EVP_PKEY_free(evpPkey);
RSA_free(pubKey);
EVP_PKEY_free(evpPubkey);
X509_free(cert);
BIO_free(bio);
XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
printf(resultFmt, passed);
#endif
#endif
}
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_ASN_TIME)
static void test_openssl_make_self_signed_certificate(EVP_PKEY* pkey)
{
X509* x509 = NULL;
BIGNUM* serial_number = NULL;
X509_NAME* name = NULL;
time_t epoch_off = 0;
ASN1_INTEGER* asn1_serial_number;
long not_before, not_after;
AssertNotNull(x509 = X509_new());
AssertIntNE(X509_set_pubkey(x509, pkey), 0);
AssertNotNull(serial_number = BN_new());
AssertIntNE(BN_pseudo_rand(serial_number, 64, 0, 0), 0);
AssertNotNull(asn1_serial_number = X509_get_serialNumber(x509));
AssertNotNull(BN_to_ASN1_INTEGER(serial_number, asn1_serial_number));
/* version 3 */
AssertIntNE(X509_set_version(x509, 2L), 0);
AssertNotNull(name = X509_NAME_new());
AssertIntNE(X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_UTF8,
(unsigned char*)"www.wolfssl.com", -1, -1, 0), 0);
AssertIntNE(X509_set_subject_name(x509, name), 0);
AssertIntNE(X509_set_issuer_name(x509, name), 0);
not_before = (long)wc_Time(NULL);
not_after = not_before + (365 * 24 * 60 * 60);
AssertNotNull(X509_time_adj(X509_get_notBefore(x509), not_before, &epoch_off));
AssertNotNull(X509_time_adj(X509_get_notAfter(x509), not_after, &epoch_off));
AssertIntNE(X509_sign(x509, pkey, EVP_sha256()), 0);
BN_free(serial_number);
X509_NAME_free(name);
X509_free(x509);
}
#endif
static void test_openssl_generate_key_and_cert(void)
{
#if defined(OPENSSL_EXTRA)
#if !defined(NO_RSA)
{
EVP_PKEY* pkey = EVP_PKEY_new();
int key_length = 2048;
BIGNUM* exponent = BN_new();
RSA* rsa = RSA_new();
AssertNotNull(pkey);
AssertNotNull(exponent);
AssertNotNull(rsa);
AssertIntNE(BN_set_word(exponent, WC_RSA_EXPONENT), 0);
#ifndef WOLFSSL_KEY_GEN
AssertIntEQ(RSA_generate_key_ex(rsa, key_length, exponent, NULL), WOLFSSL_FAILURE);
#if defined(USE_CERT_BUFFERS_1024)
AssertIntNE(wolfSSL_RSA_LoadDer_ex(rsa, server_key_der_1024,
sizeof_server_key_der_1024, WOLFSSL_RSA_LOAD_PRIVATE), 0);
key_length = 1024;
#elif defined(USE_CERT_BUFFERS_2048)
AssertIntNE(wolfSSL_RSA_LoadDer_ex(rsa, server_key_der_2048,
sizeof_server_key_der_2048, WOLFSSL_RSA_LOAD_PRIVATE), 0);
#else
RSA_free(rsa);
rsa = NULL;
#endif
#else
AssertIntNE(RSA_generate_key_ex(rsa, key_length, exponent, NULL), 0);
#endif
if (rsa) {
AssertIntNE(EVP_PKEY_assign_RSA(pkey, rsa), 0);
BN_free(exponent);
#if !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && \
defined(WOLFSSL_CERT_REQ) && !defined(NO_ASN_TIME)
test_openssl_make_self_signed_certificate(pkey);
#endif
}
EVP_PKEY_free(pkey);
}
#endif /* !NO_RSA */
#ifdef HAVE_ECC
{
EVP_PKEY* pkey = EVP_PKEY_new();
EC_KEY* ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
AssertNotNull(pkey);
AssertNotNull(ec_key);
#ifndef NO_WOLFSSL_STUB
EC_KEY_set_asn1_flag(ec_key, OPENSSL_EC_NAMED_CURVE);
#endif
AssertIntNE(EC_KEY_generate_key(ec_key), 0);
AssertIntNE(EVP_PKEY_assign_EC_KEY(pkey, ec_key), 0);
#if !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && \
defined(WOLFSSL_CERT_REQ) && !defined(NO_ASN_TIME)
test_openssl_make_self_signed_certificate(pkey);
#endif
EVP_PKEY_free(pkey);
}
#endif /* HAVE_ECC */
#endif /* OPENSSL_EXTRA */
}
static void test_stubs_are_stubs(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_WOLFSSL_STUB)
WOLFSSL_CTX* ctx = NULL;
WOLFSSL_CTX* ctxN = NULL;
#ifndef NO_WOLFSSL_CLIENT
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
AssertNotNull(ctx);
#elif !defined(NO_WOLFSSL_SERVER)
ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
AssertNotNull(ctx);
#else
return;
#endif
#define CHECKZERO_RET(x, y, z) AssertIntEQ((int) x(y), 0); \
AssertIntEQ((int) x(z), 0)
/* test logic, all stubs return same result regardless of ctx being NULL
* as there are no sanity checks, it's just a stub! If at some
* point a stub is not a stub it should begin to return BAD_FUNC_ARG
* if invalid inputs are supplied. Test calling both
* with and without valid inputs, if a stub functionality remains unchanged.
*/
CHECKZERO_RET(wolfSSL_CTX_sess_accept, ctx, ctxN);
CHECKZERO_RET(wolfSSL_CTX_sess_connect, ctx, ctxN);
CHECKZERO_RET(wolfSSL_CTX_sess_accept_good, ctx, ctxN);
CHECKZERO_RET(wolfSSL_CTX_sess_connect_good, ctx, ctxN);
CHECKZERO_RET(wolfSSL_CTX_sess_accept_renegotiate, ctx, ctxN);
CHECKZERO_RET(wolfSSL_CTX_sess_connect_renegotiate, ctx, ctxN);
CHECKZERO_RET(wolfSSL_CTX_sess_hits, ctx, ctxN);
CHECKZERO_RET(wolfSSL_CTX_sess_cb_hits, ctx, ctxN);
CHECKZERO_RET(wolfSSL_CTX_sess_cache_full, ctx, ctxN);
CHECKZERO_RET(wolfSSL_CTX_sess_misses, ctx, ctxN);
CHECKZERO_RET(wolfSSL_CTX_sess_timeouts, ctx, ctxN);
wolfSSL_CTX_free(ctx);
ctx = NULL;
#endif /* OPENSSL_EXTRA && !NO_WOLFSSL_STUB */
}
static void test_CONF_modules_xxx(void)
{
#if defined(OPENSSL_EXTRA)
CONF_modules_free();
AssertTrue(1); /* to confirm previous call gives no harm */
CONF_modules_unload(0);
AssertTrue(1);
CONF_modules_unload(1);
AssertTrue(1);
CONF_modules_unload(-1);
AssertTrue(1);
#endif /* OPENSSL_EXTRA */
}
static void test_CRYPTO_set_dynlock_xxx(void)
{
#if defined(OPENSSL_EXTRA)
printf(testingFmt, "CRYPTO_set_dynlock_xxx()");
CRYPTO_set_dynlock_create_callback(
(struct CRYPTO_dynlock_value *(*)(const char*, int))NULL);
CRYPTO_set_dynlock_create_callback(
(struct CRYPTO_dynlock_value *(*)(const char*, int))1);
CRYPTO_set_dynlock_destroy_callback(
(void (*)(struct CRYPTO_dynlock_value*, const char*, int))NULL);
CRYPTO_set_dynlock_destroy_callback(
(void (*)(struct CRYPTO_dynlock_value*, const char*, int))1);
CRYPTO_set_dynlock_lock_callback(
(void (*)(int, struct CRYPTO_dynlock_value *, const char*, int))NULL);
CRYPTO_set_dynlock_lock_callback(
(void (*)(int, struct CRYPTO_dynlock_value *, const char*, int))1);
AssertTrue(1); /* to confirm previous call gives no harm */
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}
static void test_CRYPTO_THREADID_xxx(void)
{
#if defined(OPENSSL_EXTRA)
printf(testingFmt, "CRYPTO_THREADID_xxx()");
CRYPTO_THREADID_current((CRYPTO_THREADID*)NULL);
CRYPTO_THREADID_current((CRYPTO_THREADID*)1);
AssertIntEQ(CRYPTO_THREADID_hash((const CRYPTO_THREADID*)NULL), 0);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}
static void test_ENGINE_cleanup(void)
{
#if defined(OPENSSL_EXTRA)
printf(testingFmt, "ENGINE_cleanup()");
ENGINE_cleanup();
AssertTrue(1); /* to confirm previous call gives no harm */
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}
static void test_wolfSSL_CTX_LoadCRL(void)
{
#ifdef HAVE_CRL
WOLFSSL_CTX* ctx = NULL;
WOLFSSL* ssl = NULL;
const char* badPath = "dummypath";
const char* validPath = "./certs/crl";
const char* validFilePath = "./certs/crl/cliCrl.pem";
const char* issuerCert = "./certs/client-cert.pem";
int derType = WOLFSSL_FILETYPE_ASN1;
int pemType = WOLFSSL_FILETYPE_PEM;
int monitor = WOLFSSL_CRL_MONITOR;
WOLFSSL_CERT_MANAGER* cm = NULL;
#define FAIL_T1(x, y, z, p, d) AssertIntEQ((int) x(y, z, p, d), \
BAD_FUNC_ARG)
#define SUCC_T(x, y, z, p, d) AssertIntEQ((int) x(y, z, p, d), \
WOLFSSL_SUCCESS)
FAIL_T1(wolfSSL_CTX_LoadCRL, ctx, validPath, pemType, monitor);
#ifndef NO_WOLFSSL_CLIENT
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#elif !defined(NO_WOLFSSL_SERVER)
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#else
return;
#endif
SUCC_T (wolfSSL_CTX_LoadCRL, ctx, validPath, pemType, monitor);
SUCC_T (wolfSSL_CTX_LoadCRL, ctx, badPath, pemType, monitor);
SUCC_T (wolfSSL_CTX_LoadCRL, ctx, badPath, derType, monitor);
wolfSSL_CTX_free(ctx);
#ifndef NO_WOLFSSL_CLIENT
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#elif !defined(NO_WOLFSSL_SERVER)
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#else
return;
#endif
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, issuerCert, NULL),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_LoadCRLFile(ctx, validFilePath, pemType), WOLFSSL_SUCCESS);
wolfSSL_CTX_free(ctx);
#ifndef NO_WOLFSSL_CLIENT
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#elif !defined(NO_WOLFSSL_SERVER)
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#else
return;
#endif
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, issuerCert, NULL),
WOLFSSL_SUCCESS);
AssertNotNull(ssl = wolfSSL_new(ctx));
AssertIntEQ(wolfSSL_LoadCRLFile(ssl, validFilePath, pemType), WOLFSSL_SUCCESS);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
AssertNotNull(cm = wolfSSL_CertManagerNew());
AssertIntEQ(wolfSSL_CertManagerLoadCA(cm, issuerCert, NULL),
WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, validFilePath, pemType), WOLFSSL_SUCCESS);
wolfSSL_CertManagerFree(cm);
#endif
}
static void test_SetTmpEC_DHE_Sz(void)
{
#if defined(HAVE_ECC) && !defined(NO_WOLFSSL_CLIENT)
WOLFSSL_CTX *ctx;
WOLFSSL *ssl;
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
AssertNotNull(ctx);
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpEC_DHE_Sz(ctx, 32));
ssl = wolfSSL_new(ctx);
AssertNotNull(ssl);
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpEC_DHE_Sz(ssl, 32));
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
#endif
}
static void test_wolfSSL_CTX_get0_privatekey(void)
{
#ifdef OPENSSL_ALL
WOLFSSL_CTX* ctx = NULL;
printf(testingFmt, "wolfSSL_CTX_get0_privatekey()");
#ifndef NO_RSA
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method()));
AssertNull(SSL_CTX_get0_privatekey(ctx));
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
WOLFSSL_FILETYPE_PEM));
AssertNull(SSL_CTX_get0_privatekey(ctx));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(SSL_CTX_get0_privatekey(ctx));
wolfSSL_CTX_free(ctx);
#endif
#ifdef HAVE_ECC
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method()));
AssertNull(SSL_CTX_get0_privatekey(ctx));
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile,
WOLFSSL_FILETYPE_PEM));
AssertNull(SSL_CTX_get0_privatekey(ctx));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile,
WOLFSSL_FILETYPE_PEM));
AssertNotNull(SSL_CTX_get0_privatekey(ctx));
wolfSSL_CTX_free(ctx);
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_dtls_set_mtu(void)
{
#if (defined(WOLFSSL_DTLS_MTU) || defined(WOLFSSL_SCTP)) && \
defined(WOLFSSL_DTLS)
WOLFSSL_CTX* ctx = NULL;
WOLFSSL* ssl = NULL;
const char* testCertFile;
const char* testKeyFile;
AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method()));
#ifndef NO_RSA
testCertFile = svrCertFile;
testKeyFile = svrKeyFile;
#elif defined(HAVE_ECC)
testCertFile = eccCertFile;
testKeyFile = eccKeyFile;
#endif
if (testCertFile != NULL && testKeyFile != NULL) {
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile,
WOLFSSL_FILETYPE_PEM));
AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
WOLFSSL_FILETYPE_PEM));
}
AssertNotNull(ssl = wolfSSL_new(ctx));
AssertIntEQ(wolfSSL_CTX_dtls_set_mtu(NULL, 1488), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_dtls_set_mtu(NULL, 1488), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_CTX_dtls_set_mtu(ctx, 20000), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_dtls_set_mtu(ssl, 20000), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_get_error(ssl, WOLFSSL_FAILURE), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_CTX_dtls_set_mtu(ctx, 1488), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_dtls_set_mtu(ssl, 1488), WOLFSSL_SUCCESS);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
printf(testingFmt, "wolfSSL_dtls_set_mtu()");
printf(resultFmt, passed);
#endif
}
#if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \
!defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
!defined(WOLFSSL_NO_CLIENT_AUTH))
static int load_ca_into_cm(WOLFSSL_CERT_MANAGER* cm, char* certA)
{
int ret;
if ((ret = wolfSSL_CertManagerLoadCA(cm, certA, 0)) != WOLFSSL_SUCCESS) {
printf("loading cert %s failed\n", certA);
printf("Error: (%d): %s\n", ret, wolfSSL_ERR_reason_error_string(ret));
return -1;
}
return 0;
}
static int verify_cert_with_cm(WOLFSSL_CERT_MANAGER* cm, char* certA)
{
int ret;
if ((ret = wolfSSL_CertManagerVerify(cm, certA, WOLFSSL_FILETYPE_PEM))
!= WOLFSSL_SUCCESS) {
printf("could not verify the cert: %s\n", certA);
printf("Error: (%d): %s\n", ret, wolfSSL_ERR_reason_error_string(ret));
return -1;
} else {
printf("successfully verified: %s\n", certA);
}
return 0;
}
#define LOAD_ONE_CA(a, b, c, d) \
do { \
(a) = load_ca_into_cm(c, d); \
if ((a) != 0) \
return (b); \
else \
(b)--; \
} while(0)
#define VERIFY_ONE_CERT(a, b, c, d) \
do { \
(a) = verify_cert_with_cm(c, d); \
if ((a) != 0) \
return (b); \
else \
(b)--; \
} while(0)
static int test_chainG(WOLFSSL_CERT_MANAGER* cm)
{
int ret;
int i = -1;
/* Chain G is a valid chain per RFC 5280 section 4.2.1.9 */
char chainGArr[9][50] = {"certs/ca-cert.pem",
"certs/test-pathlen/chainG-ICA7-pathlen100.pem",
"certs/test-pathlen/chainG-ICA6-pathlen10.pem",
"certs/test-pathlen/chainG-ICA5-pathlen20.pem",
"certs/test-pathlen/chainG-ICA4-pathlen5.pem",
"certs/test-pathlen/chainG-ICA3-pathlen99.pem",
"certs/test-pathlen/chainG-ICA2-pathlen1.pem",
"certs/test-pathlen/chainG-ICA1-pathlen0.pem",
"certs/test-pathlen/chainG-entity.pem"};
LOAD_ONE_CA(ret, i, cm, chainGArr[0]); /* if failure, i = -1 here */
LOAD_ONE_CA(ret, i, cm, chainGArr[1]); /* if failure, i = -2 here */
LOAD_ONE_CA(ret, i, cm, chainGArr[2]); /* if failure, i = -3 here */
LOAD_ONE_CA(ret, i, cm, chainGArr[3]); /* if failure, i = -4 here */
LOAD_ONE_CA(ret, i, cm, chainGArr[4]); /* if failure, i = -5 here */
LOAD_ONE_CA(ret, i, cm, chainGArr[5]); /* if failure, i = -6 here */
LOAD_ONE_CA(ret, i, cm, chainGArr[6]); /* if failure, i = -7 here */
LOAD_ONE_CA(ret, i, cm, chainGArr[7]); /* if failure, i = -8 here */
VERIFY_ONE_CERT(ret, i, cm, chainGArr[1]); /* if failure, i = -9 here */
VERIFY_ONE_CERT(ret, i, cm, chainGArr[2]); /* if failure, i = -10 here */
VERIFY_ONE_CERT(ret, i, cm, chainGArr[3]); /* if failure, i = -11 here */
VERIFY_ONE_CERT(ret, i, cm, chainGArr[4]); /* if failure, i = -12 here */
VERIFY_ONE_CERT(ret, i, cm, chainGArr[5]); /* if failure, i = -13 here */
VERIFY_ONE_CERT(ret, i, cm, chainGArr[6]); /* if failure, i = -14 here */
VERIFY_ONE_CERT(ret, i, cm, chainGArr[7]); /* if failure, i = -15 here */
VERIFY_ONE_CERT(ret, i, cm, chainGArr[8]); /* if failure, i = -16 here */
/* test validating the entity twice, should have no effect on pathLen since
* entity/leaf cert */
VERIFY_ONE_CERT(ret, i, cm, chainGArr[8]); /* if failure, i = -17 here */
return ret;
}
static int test_chainH(WOLFSSL_CERT_MANAGER* cm)
{
int ret;
int i = -1;
/* Chain H is NOT a valid chain per RFC5280 section 4.2.1.9:
* ICA4-pathlen of 2 signing ICA3-pathlen of 2 (reduce max path len to 2)
* ICA3-pathlen of 2 signing ICA2-pathlen of 2 (reduce max path len to 1)
* ICA2-pathlen of 2 signing ICA1-pathlen of 0 (reduce max path len to 0)
* ICA1-pathlen of 0 signing entity (pathlen is already 0, ERROR)
* Test should successfully verify ICA4, ICA3, ICA2 and then fail on ICA1
*/
char chainHArr[6][50] = {"certs/ca-cert.pem",
"certs/test-pathlen/chainH-ICA4-pathlen2.pem",
"certs/test-pathlen/chainH-ICA3-pathlen2.pem",
"certs/test-pathlen/chainH-ICA2-pathlen2.pem",
"certs/test-pathlen/chainH-ICA1-pathlen0.pem",
"certs/test-pathlen/chainH-entity.pem"};
LOAD_ONE_CA(ret, i, cm, chainHArr[0]); /* if failure, i = -1 here */
LOAD_ONE_CA(ret, i, cm, chainHArr[1]); /* if failure, i = -2 here */
LOAD_ONE_CA(ret, i, cm, chainHArr[2]); /* if failure, i = -3 here */
LOAD_ONE_CA(ret, i, cm, chainHArr[3]); /* if failure, i = -4 here */
LOAD_ONE_CA(ret, i, cm, chainHArr[4]); /* if failure, i = -5 here */
VERIFY_ONE_CERT(ret, i, cm, chainHArr[1]); /* if failure, i = -6 here */
VERIFY_ONE_CERT(ret, i, cm, chainHArr[2]); /* if failure, i = -7 here */
VERIFY_ONE_CERT(ret, i, cm, chainHArr[3]); /* if failure, i = -8 here */
VERIFY_ONE_CERT(ret, i, cm, chainHArr[4]); /* if failure, i = -9 here */
VERIFY_ONE_CERT(ret, i, cm, chainHArr[5]); /* if failure, i = -10 here */
return ret;
}
static int test_chainI(WOLFSSL_CERT_MANAGER* cm)
{
int ret;
int i = -1;
/* Chain I is a valid chain per RFC5280 section 4.2.1.9:
* ICA3-pathlen of 2 signing ICA2 without a pathlen (reduce maxPathLen to 2)
* ICA2-no_pathlen signing ICA1-no_pathlen (reduce maxPathLen to 1)
* ICA1-no_pathlen signing entity (reduce maxPathLen to 0)
* Test should successfully verify ICA4, ICA3, ICA2 and then fail on ICA1
*/
char chainIArr[5][50] = {"certs/ca-cert.pem",
"certs/test-pathlen/chainI-ICA3-pathlen2.pem",
"certs/test-pathlen/chainI-ICA2-no_pathlen.pem",
"certs/test-pathlen/chainI-ICA1-no_pathlen.pem",
"certs/test-pathlen/chainI-entity.pem"};
LOAD_ONE_CA(ret, i, cm, chainIArr[0]); /* if failure, i = -1 here */
LOAD_ONE_CA(ret, i, cm, chainIArr[1]); /* if failure, i = -2 here */
LOAD_ONE_CA(ret, i, cm, chainIArr[2]); /* if failure, i = -3 here */
LOAD_ONE_CA(ret, i, cm, chainIArr[3]); /* if failure, i = -4 here */
VERIFY_ONE_CERT(ret, i, cm, chainIArr[1]); /* if failure, i = -5 here */
VERIFY_ONE_CERT(ret, i, cm, chainIArr[2]); /* if failure, i = -6 here */
VERIFY_ONE_CERT(ret, i, cm, chainIArr[3]); /* if failure, i = -7 here */
VERIFY_ONE_CERT(ret, i, cm, chainIArr[4]); /* if failure, i = -8 here */
return ret;
}
static int test_chainJ(WOLFSSL_CERT_MANAGER* cm)
{
int ret;
int i = -1;
/* Chain J is NOT a valid chain per RFC5280 section 4.2.1.9:
* ICA4-pathlen of 2 signing ICA3 without a pathlen (reduce maxPathLen to 2)
* ICA3-pathlen of 2 signing ICA2 without a pathlen (reduce maxPathLen to 1)
* ICA2-no_pathlen signing ICA1-no_pathlen (reduce maxPathLen to 0)
* ICA1-no_pathlen signing entity (ERROR, pathlen zero and non-leaf cert)
*/
char chainJArr[6][50] = {"certs/ca-cert.pem",
"certs/test-pathlen/chainJ-ICA4-pathlen2.pem",
"certs/test-pathlen/chainJ-ICA3-no_pathlen.pem",
"certs/test-pathlen/chainJ-ICA2-no_pathlen.pem",
"certs/test-pathlen/chainJ-ICA1-no_pathlen.pem",
"certs/test-pathlen/chainJ-entity.pem"};
LOAD_ONE_CA(ret, i, cm, chainJArr[0]); /* if failure, i = -1 here */
LOAD_ONE_CA(ret, i, cm, chainJArr[1]); /* if failure, i = -2 here */
LOAD_ONE_CA(ret, i, cm, chainJArr[2]); /* if failure, i = -3 here */
LOAD_ONE_CA(ret, i, cm, chainJArr[3]); /* if failure, i = -4 here */
LOAD_ONE_CA(ret, i, cm, chainJArr[4]); /* if failure, i = -5 here */
VERIFY_ONE_CERT(ret, i, cm, chainJArr[1]); /* if failure, i = -6 here */
VERIFY_ONE_CERT(ret, i, cm, chainJArr[2]); /* if failure, i = -7 here */
VERIFY_ONE_CERT(ret, i, cm, chainJArr[3]); /* if failure, i = -8 here */
VERIFY_ONE_CERT(ret, i, cm, chainJArr[4]); /* if failure, i = -9 here */
VERIFY_ONE_CERT(ret, i, cm, chainJArr[5]); /* if failure, i = -10 here */
return ret;
}
static int test_various_pathlen_chains(void)
{
int ret;
WOLFSSL_CERT_MANAGER* cm;
/* Test chain G (large chain with varying pathLens) */
if ((cm = wolfSSL_CertManagerNew()) == NULL) {
printf("cert manager new failed\n");
return -1;
}
AssertIntEQ(test_chainG(cm), 0);
ret = wolfSSL_CertManagerUnloadCAs(cm);
if (ret != WOLFSSL_SUCCESS)
return -1;
wolfSSL_CertManagerFree(cm);
/* end test chain G */
/* Test chain H (5 chain with same pathLens) */
if ((cm = wolfSSL_CertManagerNew()) == NULL) {
printf("cert manager new failed\n");
return -1;
}
AssertIntLT(test_chainH(cm), 0);
wolfSSL_CertManagerUnloadCAs(cm);
wolfSSL_CertManagerFree(cm);
if ((cm = wolfSSL_CertManagerNew()) == NULL) {
printf("cert manager new failed\n");
return -1;
}
ret = wolfSSL_CertManagerUnloadCAs(cm);
if (ret != WOLFSSL_SUCCESS)
return -1;
wolfSSL_CertManagerFree(cm);
/* end test chain H */
/* Test chain I (only first ICA has pathLen set and it's set to 2,
* followed by 2 ICA's, should pass) */
if ((cm = wolfSSL_CertManagerNew()) == NULL) {
printf("cert manager new failed\n");
return -1;
}
AssertIntEQ(test_chainI(cm), 0);
wolfSSL_CertManagerUnloadCAs(cm);
wolfSSL_CertManagerFree(cm);
if ((cm = wolfSSL_CertManagerNew()) == NULL) {
printf("cert manager new failed\n");
return -1;
}
ret = wolfSSL_CertManagerUnloadCAs(cm);
if (ret != WOLFSSL_SUCCESS)
return -1;
wolfSSL_CertManagerFree(cm);
/* Test chain J (Again only first ICA has pathLen set and it's set to 2,
* this time followed by 3 ICA's, should fail */
if ((cm = wolfSSL_CertManagerNew()) == NULL) {
printf("cert manager new failed\n");
return -1;
}
AssertIntLT(test_chainJ(cm), 0);
wolfSSL_CertManagerUnloadCAs(cm);
wolfSSL_CertManagerFree(cm);
if ((cm = wolfSSL_CertManagerNew()) == NULL) {
printf("cert manager new failed\n");
return -1;
}
ret = wolfSSL_CertManagerUnloadCAs(cm);
wolfSSL_CertManagerFree(cm);
return ret;
}
#endif /* !NO_RSA && !NO_SHA && !NO_FILESYSTEM && !NO_CERTS */
#if defined(HAVE_KEYING_MATERIAL) && defined(HAVE_IO_TESTS_DEPENDENCIES)
static int test_export_keying_material_cb(WOLFSSL_CTX *ctx, WOLFSSL *ssl)
{
byte ekm[100] = {0};
(void)ctx;
/* Succes Cases */
AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
"Test label", XSTR_SIZEOF("Test label"), NULL, 0, 0), 1);
AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
"Test label", XSTR_SIZEOF("Test label"), NULL, 0, 1), 1);
/* Use some random context */
AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
"Test label", XSTR_SIZEOF("Test label"), ekm, 10, 1), 1);
/* Failure cases */
AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
"client finished", XSTR_SIZEOF("client finished"), NULL, 0, 0), 0);
AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
"server finished", XSTR_SIZEOF("server finished"), NULL, 0, 0), 0);
AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
"master secret", XSTR_SIZEOF("master secret"), NULL, 0, 0), 0);
AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
"extended master secret", XSTR_SIZEOF("extended master secret"), NULL, 0, 0), 0);
AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
"key expansion", XSTR_SIZEOF("key expansion"), NULL, 0, 0), 0);
return 0;
}
static void test_export_keying_material_ssl_cb(WOLFSSL* ssl)
{
wolfSSL_KeepArrays(ssl);
}
static void test_export_keying_material(void)
{
#ifndef SINGLE_THREADED
tcp_ready ready;
callback_functions clientCb;
func_args client_args;
func_args server_args;
THREAD_TYPE serverThread;
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
XMEMSET(&clientCb, 0, sizeof(callback_functions));
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
StartTCP();
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
server_args.signal = &ready;
client_args.signal = &ready;
clientCb.ssl_ready = test_export_keying_material_ssl_cb;
client_args.callbacks = &clientCb;
start_thread(test_server_nofail, &server_args, &serverThread);
wait_tcp_ready(&server_args);
test_client_nofail(&client_args, test_export_keying_material_cb);
join_thread(serverThread);
AssertTrue(client_args.return_code);
AssertTrue(server_args.return_code);
FreeTcpReady(&ready);
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
#endif /* !SINGLE_THREADED */
}
#endif /* HAVE_KEYING_MATERIAL */
static int test_wolfSSL_THREADID_hash(void)
{
int ret = 0;
unsigned long res;
#if defined(OPENSSL_EXTRA)
CRYPTO_THREADID id;
printf(testingFmt, "wolfSSL_THREADID_hash");
CRYPTO_THREADID_current(NULL);
AssertTrue(1);
res = CRYPTO_THREADID_hash(NULL);
AssertTrue( res == 0UL);
XMEMSET(&id, 0, sizeof(id));
res = CRYPTO_THREADID_hash(&id);
AssertTrue( res == 0UL);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
(void)res;
return ret;
}
static int test_wolfSSL_CTX_set_ecdh_auto(void)
{
int ret = 0;
WOLFSSL_CTX* ctx = NULL;
#if defined(OPENSSL_EXTRA)
printf(testingFmt, "SSL_CTX_set_ecdh_auto");
AssertIntEQ( SSL_CTX_set_ecdh_auto(NULL,0),1);
AssertIntEQ( SSL_CTX_set_ecdh_auto(NULL,1),1);
AssertIntEQ( SSL_CTX_set_ecdh_auto(ctx,0),1);
AssertIntEQ( SSL_CTX_set_ecdh_auto(ctx,1),1);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
(void)ctx;
return ret;
}
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_ERROR_CODE_OPENSSL)
static THREAD_RETURN WOLFSSL_THREAD SSL_read_test_server_thread(void* args)
{
callback_functions* callbacks = NULL;
WOLFSSL_CTX* ctx = NULL;
WOLFSSL* ssl = NULL;
SOCKET_T sfd = 0;
SOCKET_T cfd = 0;
word16 port;
char msg[] = "I hear you fa shizzle!";
int len = (int) XSTRLEN(msg);
char input[1024];
int ret, err;
if (!args)
return 0;
((func_args*)args)->return_code = TEST_FAIL;
callbacks = ((func_args*)args)->callbacks;
ctx = wolfSSL_CTX_new(callbacks->method());
#if defined(USE_WINDOWS_API)
port = ((func_args*)args)->signal->port;
#else
/* Let tcp_listen assign port */
port = 0;
#endif
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
WOLFSSL_FILETYPE_PEM));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
WOLFSSL_FILETYPE_PEM));
if (callbacks->ctx_ready)
callbacks->ctx_ready(ctx);
ssl = wolfSSL_new(ctx);
AssertNotNull(ssl);
/* listen and accept */
tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0);
CloseSocket(sfd);
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, cfd));
if (callbacks->ssl_ready)
callbacks->ssl_ready(ssl);
do {
err = 0; /* Reset error */
ret = wolfSSL_accept(ssl);
if (ret != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
}
} while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
if (ret != WOLFSSL_SUCCESS) {
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
CloseSocket(cfd);
((func_args*)args)->return_code = TEST_FAIL;
return 0;
}
/* read and write data */
XMEMSET( input, 0, sizeof(input));
while (1) {
ret = wolfSSL_read(ssl, input, sizeof(input));
if (ret > 0) {
break;
}
else {
err = wolfSSL_get_error(ssl,ret);
if (err == WOLFSSL_ERROR_WANT_READ) {
continue;
}
break;
}
}
if (err == WOLFSSL_ERROR_ZERO_RETURN) {
do {
ret = wolfSSL_write(ssl, msg, len);
if (ret > 0) {
break;
}
} while (ret < 0);
}
/* bidirectional shutdown */
while ((ret = wolfSSL_shutdown(ssl)) != WOLFSSL_SUCCESS) {
continue;
}
/* wait for the peer to disconnect the tcp connection */
do {
ret = wolfSSL_read(ssl, input, sizeof(input));
err = wolfSSL_get_error(ssl, ret);
} while (ret > 0 || err != WOLFSSL_ERROR_ZERO_RETURN);
/* detect TCP disconnect */
AssertIntLE(ret,WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_get_error(ssl, ret), WOLFSSL_ERROR_ZERO_RETURN);
((func_args*)args)->return_code = TEST_SUCCESS;
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
CloseSocket(cfd);
return 0;
}
static THREAD_RETURN WOLFSSL_THREAD SSL_read_test_client_thread(void* args)
{
callback_functions* callbacks = NULL;
WOLFSSL_CTX* ctx = NULL;
WOLFSSL* ssl = NULL;
SOCKET_T sfd = 0;
char msg[] = "hello wolfssl server!";
int len = (int) XSTRLEN(msg);
char input[1024];
int idx;
int ret, err;
if (!args)
return 0;
((func_args*)args)->return_code = TEST_FAIL;
callbacks = ((func_args*)args)->callbacks;
ctx = wolfSSL_CTX_new(callbacks->method());
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
WOLFSSL_FILETYPE_PEM));
AssertIntEQ(WOLFSSL_SUCCESS,
wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
WOLFSSL_FILETYPE_PEM));
AssertNotNull((ssl = wolfSSL_new(ctx)));
tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port, 0, 0, ssl);
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, sfd));
do {
err = 0; /* Reset error */
ret = wolfSSL_connect(ssl);
if (ret != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
}
} while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
ret = wolfSSL_write(ssl, msg, len);
if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) {
input[idx] = 0;
}
ret = wolfSSL_shutdown(ssl);
if ( ret == WOLFSSL_SHUTDOWN_NOT_DONE) {
ret = wolfSSL_shutdown(ssl);
}
AssertIntEQ(ret, WOLFSSL_SUCCESS);
((func_args*)args)->return_code = TEST_SUCCESS;
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
CloseSocket(sfd);
return 0;
}
#endif /* OPENSSL_EXTRA && WOLFSSL_ERROR_CODE_OPENSSL */
/* This test is to check wolfSSL_read behaves as same as
* openSSL when it is called after SSL_shutdown completes.
*/
static int test_wolfSSL_read_detect_TCP_disconnect(void)
{
int ret = 0;
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_ERROR_CODE_OPENSSL)
tcp_ready ready;
func_args client_args;
func_args server_args;
THREAD_TYPE serverThread;
THREAD_TYPE clientThread;
callback_functions server_cbf;
callback_functions client_cbf;
printf(testingFmt, "wolfSSL_read_detect_TCP_disconnect()");
#ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self());
#endif
StartTCP();
InitTcpReady(&ready);
#if defined(USE_WINDOWS_API)
/* use RNG to get random port if using windows */
ready.port = GetRandomPort();
#endif
XMEMSET(&client_args, 0, sizeof(func_args));
XMEMSET(&server_args, 0, sizeof(func_args));
XMEMSET(&server_cbf, 0, sizeof(callback_functions));
XMEMSET(&client_cbf, 0, sizeof(callback_functions));
server_cbf.method = wolfTLSv1_2_server_method;
client_cbf.method = wolfTLSv1_2_client_method;
server_args.callbacks = &server_cbf;
client_args.callbacks = &client_cbf;
server_args.signal = &ready;
client_args.signal = &ready;
start_thread(SSL_read_test_server_thread, &server_args, &serverThread);
wait_tcp_ready(&server_args);
start_thread(SSL_read_test_client_thread, &client_args, &clientThread);
join_thread(clientThread);
join_thread(serverThread);
AssertTrue(client_args.return_code);
AssertTrue(server_args.return_code);
FreeTcpReady(&ready);
printf(resultFmt, passed);
#endif
return ret;
}
static void test_wolfSSL_CTX_get_min_proto_version(void)
{
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
WOLFSSL_CTX *ctx;
(void)ctx;
printf(testingFmt, "wolfSSL_CTX_get_min_proto_version()");
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method()));
AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, SSL3_VERSION), WOLFSSL_SUCCESS);
#ifdef WOLFSSL_ALLOW_SSLV3
AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), SSL3_VERSION);
#else
AssertIntGT(wolfSSL_CTX_get_min_proto_version(ctx), SSL3_VERSION);
#endif
wolfSSL_CTX_free(ctx);
#ifdef WOLFSSL_ALLOW_TLSV10
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method()));
#endif
AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_VERSION), WOLFSSL_SUCCESS);
#ifdef WOLFSSL_ALLOW_TLSV10
AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_VERSION);
#else
AssertIntGT(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_VERSION);
#endif
wolfSSL_CTX_free(ctx);
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method()));
AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION), WOLFSSL_SUCCESS);
#ifndef NO_OLD_TLS
AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_1_VERSION);
#else
AssertIntGT(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_1_VERSION);
#endif
wolfSSL_CTX_free(ctx);
#ifndef WOLFSSL_NO_TLS12
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_method()));
AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_2_VERSION);
wolfSSL_CTX_free(ctx);
#endif
#ifdef WOLFSSL_TLS13
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_method()));
AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_3_VERSION);
wolfSSL_CTX_free(ctx);
#endif
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) */
}
static void test_wolfSSL_security_level(void)
{
#if defined(OPENSSL_EXTRA)
printf(testingFmt, "test_wolfSSL_security_level()");
SSL_CTX *ctx;
#ifdef WOLFSSL_TLS13
#ifdef NO_WOLFSSL_SERVER
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
#endif
SSL_CTX_set_security_level(ctx, 1);
AssertTrue(1);
AssertIntEQ(SSL_CTX_get_security_level(ctx), 0);
SSL_CTX_free(ctx);
#else
(void)ctx;
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_SSL_in_init(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_BIO)
printf(testingFmt, "test_wolfSSL_SSL_in_init()");
SSL_CTX* ctx;
SSL* ssl;
const char* testCertFile;
const char* testKeyFile;
#ifdef WOLFSSL_TLS13
#ifdef NO_WOLFSSL_SERVER
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
#endif
#ifndef NO_RSA
testCertFile = svrCertFile;
testKeyFile = svrKeyFile;
#elif defined(HAVE_ECC)
testCertFile = eccCertFile;
testKeyFile = eccKeyFile;
#else
testCertFile = NULL;
testKeyFile = NULL;
#endif
if (testCertFile != NULL && testKeyFile != NULL) {
AssertTrue(SSL_CTX_use_certificate_file(ctx, testCertFile,
SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
SSL_FILETYPE_PEM));
}
ssl = SSL_new(ctx);
AssertNotNull(ssl);
AssertIntEQ(SSL_in_init(ssl), 1);
SSL_CTX_free(ctx);
SSL_free(ssl);
#else
(void)ctx;
(void)ssl;
(void)testCertFile;
(void)testKeyFile;
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EC_curve(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
printf(testingFmt, "test_wolfSSL_EC_curve()");
int nid = NID_secp160k1;
const char* nid_name;
AssertNotNull(nid_name = EC_curve_nid2nist(nid));
AssertIntEQ(XMEMCMP(nid_name, "K-160", XSTRLEN("K-160")), 0);
AssertIntEQ(EC_curve_nist2nid(nid_name), nid);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_CTX_set_timeout(void)
{
#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_SESSION_CACHE)
int timeout;
(void)timeout;
printf(testingFmt, "test_wolfSSL_CTX_set_timeout()");
WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
AssertNotNull(ctx);
#if defined(WOLFSSL_ERROR_CODE_OPENSSL)
/* in WOLFSSL_ERROR_CODE_OPENSSL macro guard,
* wolfSSL_CTX_set_timeout returns previous timeout value on success.
*/
AssertIntEQ(wolfSSL_CTX_set_timeout(NULL, 0), BAD_FUNC_ARG);
/* giving 0 as timeout value sets default timeout */
timeout = wolfSSL_CTX_set_timeout(ctx, 0);
AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 20), timeout);
AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 30), 20);
#else
AssertIntEQ(wolfSSL_CTX_set_timeout(NULL, 0), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 100), 1);
AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 0), 1);
#endif
wolfSSL_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* !NO_WOLFSSL_SERVER && !NO_SESSION_CACHE*/
}
static void test_wolfSSL_OpenSSL_version(void)
{
#if defined(OPENSSL_EXTRA)
printf(testingFmt, "test_wolfSSL_OpenSSL_version()");
const char* ver;
#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
AssertNotNull(ver = OpenSSL_version(0));
#else
AssertNotNull(ver = OpenSSL_version());
#endif
AssertIntEQ(XMEMCMP(ver, "wolfSSL " LIBWOLFSSL_VERSION_STRING,
XSTRLEN("wolfSSL " LIBWOLFSSL_VERSION_STRING)), 0);
printf(resultFmt, passed);
#endif
}
static void test_CONF_CTX_CMDLINE(void)
{
#if defined(OPENSSL_ALL)
printf(testingFmt, "test_CONF_CTX_CMDLINE");
SSL_CTX* ctx = NULL;
SSL_CONF_CTX* cctx = NULL;
AssertNotNull(cctx = SSL_CONF_CTX_new());
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
AssertTrue(1);
/* set flags */
AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_CMDLINE),
WOLFSSL_CONF_FLAG_CMDLINE);
AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_CERTIFICATE),
WOLFSSL_CONF_FLAG_CMDLINE | WOLFSSL_CONF_FLAG_CERTIFICATE);
/* cmd invalid command */
AssertIntEQ(SSL_CONF_cmd(cctx, "foo", "foobar"), -2);
AssertIntEQ(SSL_CONF_cmd(cctx, "foo", NULL), -2);
AssertIntEQ(SSL_CONF_cmd(cctx, NULL, NULL), WOLFSSL_FAILURE);
AssertIntEQ(SSL_CONF_cmd(cctx, NULL, "foobar"), WOLFSSL_FAILURE);
AssertIntEQ(SSL_CONF_cmd(NULL, "-curves", "foobar"), WOLFSSL_FAILURE);
/* cmd Certificate and Private Key*/
{
#if !defined(NO_CERTS) && !defined(NO_RSA)
const char* ourCert = svrCertFile;
const char* ourKey = svrKeyFile;
AssertIntEQ(SSL_CONF_cmd(cctx, "-cert", NULL), -3);
AssertIntEQ(SSL_CONF_cmd(cctx, "-cert", ourCert),
WOLFSSL_SUCCESS);
AssertIntEQ(SSL_CONF_cmd(cctx, "-key", NULL), -3);
AssertIntEQ(SSL_CONF_cmd(cctx, "-key", ourKey), WOLFSSL_SUCCESS);
AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
#endif
}
/* cmd curves */
{
#if defined(HAVE_ECC)
const char* curve = "secp256r1";
AssertIntEQ(SSL_CONF_cmd(cctx, "-curves", NULL), -3);
AssertIntEQ(SSL_CONF_cmd(cctx, "-curves", curve), WOLFSSL_SUCCESS);
AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
#endif
}
/* cmd CipherString */
{
char* cipher = wolfSSL_get_cipher_list(0/*top priority*/);
AssertIntEQ(SSL_CONF_cmd(cctx, "-cipher", NULL), -3);
AssertIntEQ(SSL_CONF_cmd(cctx, "-cipher", cipher), WOLFSSL_SUCCESS);
AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
}
/* cmd DH parameter */
{
#if !defined(NO_DH) && !defined(NO_BIO)
const char* ourdhcert = "./certs/dh2048.pem";
AssertIntEQ(SSL_CONF_cmd(cctx, "-dhparam", NULL),
-3);
AssertIntEQ(SSL_CONF_cmd(cctx, "-dhparam", ourdhcert),
WOLFSSL_SUCCESS);
AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
#endif
}
SSL_CTX_free(ctx);
SSL_CONF_CTX_free(cctx);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}
static void test_CONF_CTX_FILE(void)
{
#if defined(OPENSSL_ALL)
printf(testingFmt, "test_CONF_CTX_FILE");
SSL_CTX* ctx = NULL;
SSL_CONF_CTX* cctx = NULL;
AssertNotNull(cctx = SSL_CONF_CTX_new());
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
AssertTrue(1);
/* set flags */
AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_FILE),
WOLFSSL_CONF_FLAG_FILE);
AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_CERTIFICATE),
WOLFSSL_CONF_FLAG_FILE | WOLFSSL_CONF_FLAG_CERTIFICATE);
/* sanity check */
AssertIntEQ(SSL_CONF_cmd(cctx, "foo", "foobar"), -2);
AssertIntEQ(SSL_CONF_cmd(cctx, "foo", NULL), -2);
AssertIntEQ(SSL_CONF_cmd(cctx, NULL, NULL), WOLFSSL_FAILURE);
AssertIntEQ(SSL_CONF_cmd(cctx, NULL, "foobar"), WOLFSSL_FAILURE);
AssertIntEQ(SSL_CONF_cmd(NULL, "-curves", "foobar"), WOLFSSL_FAILURE);
/* cmd Certificate and Private Key*/
{
#if !defined(NO_CERTS) && !defined(NO_RSA)
const char* ourCert = svrCertFile;
const char* ourKey = svrKeyFile;
AssertIntEQ(SSL_CONF_cmd(cctx, "Certificate", NULL), -3);
AssertIntEQ(SSL_CONF_cmd(cctx, "PrivateKey", NULL), -3);
AssertIntEQ(SSL_CONF_cmd(cctx, "Certificate", ourCert),
WOLFSSL_SUCCESS);
AssertIntEQ(SSL_CONF_cmd(cctx, "PrivateKey", ourKey), WOLFSSL_SUCCESS);
AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
#endif
}
/* cmd curves */
{
#if defined(HAVE_ECC)
const char* curve = "secp256r1";
AssertIntEQ(SSL_CONF_cmd(cctx, "Curves", NULL), -3);
AssertIntEQ(SSL_CONF_cmd(cctx, "Curves", curve), WOLFSSL_SUCCESS);
AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
#endif
}
/* cmd CipherString */
{
char* cipher = wolfSSL_get_cipher_list(0/*top priority*/);
AssertIntEQ(SSL_CONF_cmd(cctx, "CipherString", NULL), -3);
AssertIntEQ(SSL_CONF_cmd(cctx, "CipherString", cipher), WOLFSSL_SUCCESS);
AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
}
/* cmd DH parameter */
{
#if !defined(NO_DH) && !defined(NO_BIO) && defined(HAVE_FFDHE_3072)
const char* ourdhcert = "./certs/dh3072.pem";
AssertIntEQ(SSL_CONF_cmd(cctx, "DHParameters", NULL), -3);
AssertIntEQ(SSL_CONF_cmd(cctx, "DHParameters", ourdhcert),
WOLFSSL_SUCCESS);
AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
#endif
}
SSL_CTX_free(ctx);
SSL_CONF_CTX_free(cctx);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA */
}
static void test_wolfSSL_CRYPTO_get_ex_new_index(void)
{
#ifdef HAVE_EX_DATA
int idx1,idx2;
printf(testingFmt, "test_wolfSSL_CRYPTO_get_ex_new_index()");
/* test for unsupported class index */
AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE,
0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX,
0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH,
0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA,
0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY,
0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA,
0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE,
0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI,
0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO,
0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_APP,
0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI_METHOD,
0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DRBG,
0,NULL, NULL, NULL, NULL ), -1);
AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(20, 0,NULL, NULL, NULL, NULL ), -1);
/* test for supported class index */
idx1 = wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL,
0,NULL, NULL, NULL, NULL );
idx2 = wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL,
0,NULL, NULL, NULL, NULL );
AssertIntNE(idx1, -1);
AssertIntNE(idx2, -1);
AssertIntNE(idx1, idx2);
idx1 = wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX,
0,NULL, NULL, NULL, NULL );
idx2 = wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX,
0,NULL, NULL, NULL, NULL );
AssertIntNE(idx1, -1);
AssertIntNE(idx2, -1);
AssertIntNE(idx1, idx2);
idx1 = wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509,
0,NULL, NULL, NULL, NULL );
idx2 = wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509,
0,NULL, NULL, NULL, NULL );
AssertIntNE(idx1, -1);
AssertIntNE(idx2, -1);
AssertIntNE(idx1, idx2);
idx1 = wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION,
0,NULL, NULL, NULL, NULL );
idx2 = wolfSSL_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION,
0,NULL, NULL, NULL, NULL );
AssertIntNE(idx1, -1);
AssertIntNE(idx2, -1);
AssertIntNE(idx1, idx2);
printf(resultFmt, "passed");
#endif /* HAVE_EX_DATA */
}
static void test_wolfSSL_set_psk_use_session_callback(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_PSK)
printf(testingFmt, "test_wolfSSL_set_psk_use_session_callback()");
SSL_CTX* ctx;
SSL* ssl;
const char* testCertFile;
const char* testKeyFile;
#ifdef WOLFSSL_TLS13
#ifdef NO_WOLFSSL_SERVER
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
#endif
#ifndef NO_RSA
testCertFile = svrCertFile;
testKeyFile = svrKeyFile;
#elif defined(HAVE_ECC)
testCertFile = eccCertFile;
testKeyFile = eccKeyFile;
#else
testCertFile = NULL;
testKeyFile = NULL;
#endif
if (testCertFile != NULL && testKeyFile != NULL) {
AssertTrue(SSL_CTX_use_certificate_file(ctx, testCertFile,
SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
SSL_FILETYPE_PEM));
}
ssl = SSL_new(ctx);
AssertNotNull(ssl);
SSL_set_psk_use_session_callback(ssl,
my_psk_use_session_cb);
AssertTrue(1);
SSL_CTX_free(ctx);
SSL_free(ssl);
#else
(void)ctx;
(void)ssl;
(void)testCertFile;
(void)testKeyFile;
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_DH(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_DH)
DH *dh = NULL;
BIGNUM* p;
BIGNUM* q;
BIGNUM* g;
BIGNUM* pub;
BIGNUM* priv;
(void)dh;
(void)p;
(void)q;
(void)g;
(void)pub;
(void)priv;
#if defined(OPENSSL_ALL) && defined(WOLFSSL_KEY_GEN)
#if !defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
FILE* f = NULL;
unsigned char buf[268];
const unsigned char* pt = buf;
long len = 0;
dh = NULL;
XMEMSET(buf, 0, sizeof(buf));
/* Test 2048 bit parameters */
f = XFOPEN("./certs/dh2048.der", "rb");
AssertTrue(f != XBADFILE);
len = (long)XFREAD(buf, 1, sizeof(buf), f);
XFCLOSE(f);
AssertNotNull(dh = d2i_DHparams(NULL, &pt, len));
AssertNotNull(dh->p);
AssertNotNull(dh->g);
AssertTrue(pt != buf);
AssertIntEQ(DH_generate_key(dh), WOLFSSL_SUCCESS);
DH_get0_pqg(dh, (const BIGNUM**)&p,
(const BIGNUM**)&q,
(const BIGNUM**) &g);
AssertPtrEq(p, dh->p);
AssertPtrEq(q, dh->q);
AssertPtrEq(g, dh->g);
DH_get0_key(dh, (const BIGNUM**)&pub, (const BIGNUM**)&priv);
AssertPtrEq(pub, dh->pub_key);
AssertPtrEq(priv, dh->priv_key);
AssertNotNull(pub = BN_new());
AssertNotNull(priv = BN_new());
AssertIntEQ(DH_set0_key(dh, pub, priv), 1);
AssertPtrEq(pub, dh->pub_key);
AssertPtrEq(priv, dh->priv_key);
DH_free(dh);
AssertNotNull(dh = DH_generate_parameters(2048, 2, NULL, NULL));
DH_free(dh);
#endif
#endif
printf(testingFmt, "test_wolfSSL_DH");
dh = wolfSSL_DH_new();
AssertNotNull(dh);
/* invalid parameters test */
DH_get0_pqg(NULL, (const BIGNUM**)&p,
(const BIGNUM**)&q,
(const BIGNUM**)&g);
DH_get0_pqg(dh, NULL,
(const BIGNUM**)&q,
(const BIGNUM**)&g);
DH_get0_pqg(dh, NULL, NULL, (const BIGNUM**)&g);
DH_get0_pqg(dh, NULL, NULL, NULL);
AssertTrue(1);
DH_get0_pqg(dh, (const BIGNUM**)&p,
(const BIGNUM**)&q,
(const BIGNUM**)&g);
AssertPtrEq(p, NULL);
AssertPtrEq(q, NULL);
AssertPtrEq(g, NULL);
DH_free(dh);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !NO_DH */
}
static void test_wolfSSL_ERR_strings(void)
{
const char* err1 = "unsupported cipher suite";
const char* err2 = "wolfSSL PEM routines";
const char* err = NULL;
(void)err;
(void)err1;
(void)err2;
#if !defined(NO_ERROR_STRINGS)
printf(testingFmt, "test_wolfSSL_ERR_strings");
#if defined(OPENSSL_EXTRA)
err = ERR_reason_error_string(UNSUPPORTED_SUITE);
AssertTrue(err != NULL);
AssertIntEQ(XSTRNCMP(err, err1, XSTRLEN(err1)), 0);
err = ERR_func_error_string(UNSUPPORTED_SUITE);
AssertTrue(err != NULL);
AssertIntEQ((*err == '\0'), 1);
err = ERR_lib_error_string(PEM_R_PROBLEMS_GETTING_PASSWORD);
AssertTrue(err != NULL);
AssertIntEQ(XSTRNCMP(err, err2, XSTRLEN(err2)), 0);
#else
err = wolfSSL_ERR_reason_error_string(UNSUPPORTED_SUITE);
AssertTrue(err != NULL);
AssertIntEQ(XSTRNCMP(err, err1, XSTRLEN(err1)), 0);
err = wolfSSL_ERR_func_error_string(UNSUPPORTED_SUITE);
AssertTrue(err != NULL);
AssertIntEQ((*err == '\0'), 1);
/* The value -MIN_CODE_E+2 is PEM_R_PROBLEMS_GETTING_PASSWORD. */
err = wolfSSL_ERR_lib_error_string(-MIN_CODE_E+2);
AssertTrue(err != NULL);
AssertIntEQ((*err == '\0'), 1);
#endif
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_shake128(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA3) && \
defined(WOLFSSL_SHAKE128)
printf(testingFmt, "test_wolfSSL_EVP_shake128");
const EVP_MD* md = NULL;
md = EVP_shake128();
AssertTrue(md != NULL);
AssertIntEQ(XSTRNCMP(md, "SHAKE128", XSTRLEN("SHAKE128")), 0);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_shake256(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA3) && \
defined(WOLFSSL_SHAKE256)
printf(testingFmt, "test_wolfSSL_EVP_shake256");
const EVP_MD* md = NULL;
md = EVP_shake256();
AssertTrue(md != NULL);
AssertIntEQ(XSTRNCMP(md, "SHAKE256", XSTRLEN("SHAKE256")), 0);
printf(resultFmt, passed);
#endif
}
static void test_EVP_blake2(void)
{
#if defined(OPENSSL_EXTRA) && (defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S))
printf(testingFmt, "test_EVP_blake2");
const EVP_MD* md = NULL;
(void)md;
#if defined(HAVE_BLAKE2)
md = EVP_blake2b512();
AssertTrue(md != NULL);
AssertIntEQ(XSTRNCMP(md, "BLAKE2B512", XSTRLEN("BLAKE2B512")), 0);
#endif
#if defined(HAVE_BLAKE2S)
md = EVP_blake2s256();
AssertTrue(md != NULL);
AssertIntEQ(XSTRNCMP(md, "BLAKE2S256", XSTRLEN("BLAKE2S256")), 0);
#endif
printf(resultFmt, passed);
#endif
}
#if defined(OPENSSL_EXTRA)
static void list_md_fn(const EVP_MD* m, const char* from,
const char* to, void* arg)
{
const char* mn;
BIO *bio;
(void) from;
(void) to;
(void) arg;
(void) mn;
(void) bio;
if (!m) {
/* alias */
AssertNull(m);
AssertNotNull(to);
}
else {
AssertNotNull(m);
AssertNull(to);
}
AssertNotNull(from);
#if !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL_VERBOSE)
mn = EVP_get_digestbyname(from);
/* print to stdout */
AssertNotNull(arg);
bio = BIO_new(BIO_s_file());
BIO_set_fp(bio, arg, BIO_NOCLOSE);
BIO_printf(bio, "Use %s message digest algorithm\n", mn);
BIO_free(bio);
#endif
}
#endif
static void test_EVP_MD_do_all(void)
{
#if defined(OPENSSL_EXTRA)
printf(testingFmt, "test_EVP_MD_do_all");
EVP_MD_do_all(NULL, stdout);
/* to confirm previous call gives no harm */
AssertTrue(1);
EVP_MD_do_all(list_md_fn, stdout);
/* to confirm previous call gives no harm */
AssertTrue(1);
printf(resultFmt, passed);
#endif
}
#if defined(OPENSSL_EXTRA)
static void obj_name_t(const OBJ_NAME* nm, void* arg)
{
(void)arg;
(void)nm;
AssertIntGT(nm->type, OBJ_NAME_TYPE_UNDEF);
#if !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL_VERBOSE)
/* print to stdout */
AssertNotNull(arg);
bio = BIO_new(BIO_s_file());
BIO_set_fp(bio, arg, BIO_NOCLOSE);
BIO_printf(bio, "%s\n", mn);
BIO_free(bio);
#endif
}
#endif
static void test_OBJ_NAME_do_all(void)
{
#if defined(OPENSSL_EXTRA)
printf(testingFmt, "test_OBJ_NAME_do_all");
OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, NULL, NULL);
/* to confirm previous call gives no harm */
AssertTrue(1);
OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, NULL, stdout);
/* to confirm previous call gives no harm */
AssertTrue(1);
OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, obj_name_t, stdout);
AssertTrue(1);
OBJ_NAME_do_all(OBJ_NAME_TYPE_PKEY_METH, obj_name_t, stdout);
AssertTrue(1);
OBJ_NAME_do_all(OBJ_NAME_TYPE_COMP_METH, obj_name_t, stdout);
AssertTrue(1);
OBJ_NAME_do_all(OBJ_NAME_TYPE_NUM, obj_name_t, stdout);
AssertTrue(1);
OBJ_NAME_do_all(OBJ_NAME_TYPE_UNDEF, obj_name_t, stdout);
AssertTrue(1);
OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, obj_name_t, stdout);
AssertTrue(1);
OBJ_NAME_do_all(-1, obj_name_t, stdout);
AssertTrue(1);
printf(resultFmt, passed);
#endif
}
static void test_SSL_CIPHER_get_xxx(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM)
printf(testingFmt, "test_SSL_CIPHER_get_xxx");
const SSL_CIPHER* cipher = NULL;
STACK_OF(SSL_CIPHER) *supportedCiphers = NULL;
int i, numCiphers = 0;
SSL_CTX* ctx = NULL;
SSL* ssl = NULL;
const char* testCertFile;
const char* testKeyFile;
char buf[256] = {0};
const char* cipher_id = NULL;
int expect_nid1 = NID_undef;
int expect_nid2 = NID_undef;
int expect_nid3 = NID_undef;
int expect_nid4 = NID_undef;
int expect_nid5 = 0;
const char* cipher_id2 = NULL;
int expect_nid21 = NID_undef;
int expect_nid22 = NID_undef;
int expect_nid23 = NID_undef;
int expect_nid24 = NID_undef;
int expect_nid25 = 0;
(void)cipher;
(void)supportedCiphers;
(void)i;
(void)numCiphers;
(void)ctx;
(void)ssl;
(void)testCertFile;
(void)testKeyFile;
#if defined(WOLFSSL_TLS13)
cipher_id = "TLS13-AES128-GCM-SHA256";
expect_nid1 = NID_auth_rsa;
expect_nid2 = NID_aes_128_gcm;
expect_nid3 = NID_sha256;
expect_nid4 = NID_kx_any;
expect_nid5 = 1;
#if !defined(WOLFSSL_NO_TLS12)
cipher_id2 = "ECDHE-RSA-AES256-GCM-SHA384";
expect_nid21 = NID_auth_rsa;
expect_nid22 = NID_aes_256_gcm;
expect_nid23 = NID_sha384;
expect_nid24 = NID_kx_ecdhe;
expect_nid25 = 1;
#endif
#endif
#ifdef NO_WOLFSSL_SERVER
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
#else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
#endif
if (cipher_id) {
#ifndef NO_RSA
testCertFile = svrCertFile;
testKeyFile = svrKeyFile;
#elif defined(HAVE_ECC)
testCertFile = eccCertFile;
testKeyFile = eccKeyFile;
#else
testCertFile = NULL;
testKeyFile = NULL;
#endif
if (testCertFile != NULL && testKeyFile != NULL) {
AssertTrue(SSL_CTX_use_certificate_file(ctx, testCertFile,
SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
SSL_FILETYPE_PEM));
}
ssl = SSL_new(ctx);
AssertNotNull(ssl);
AssertIntEQ(SSL_in_init(ssl), 1);
supportedCiphers = SSL_get_ciphers(ssl);
numCiphers = sk_num(supportedCiphers);
for (i = 0; i < numCiphers; ++i) {
if ((cipher = (const WOLFSSL_CIPHER*)sk_value(supportedCiphers, i))) {
SSL_CIPHER_description(cipher, buf, sizeof(buf));
}
if (XMEMCMP(cipher_id, buf, XSTRLEN(cipher_id)) == 0) {
break;
}
}
/* test case for */
if (i != numCiphers) {
AssertIntEQ(wolfSSL_CIPHER_get_auth_nid(cipher), expect_nid1);
AssertIntEQ(wolfSSL_CIPHER_get_cipher_nid(cipher), expect_nid2);
AssertIntEQ(wolfSSL_CIPHER_get_digest_nid(cipher), expect_nid3);
AssertIntEQ(wolfSSL_CIPHER_get_kx_nid(cipher), expect_nid4);
AssertIntEQ(wolfSSL_CIPHER_is_aead(cipher), expect_nid5);
}
if (cipher_id2) {
for (i = 0; i < numCiphers; ++i) {
if ((cipher = (const WOLFSSL_CIPHER*)sk_value(supportedCiphers, i))) {
SSL_CIPHER_description(cipher, buf, sizeof(buf));
}
if (XMEMCMP(cipher_id2, buf, XSTRLEN(cipher_id2)) == 0) {
break;
}
}
/* test case for */
if (i != numCiphers) {
AssertIntEQ(wolfSSL_CIPHER_get_auth_nid(cipher), expect_nid21);
AssertIntEQ(wolfSSL_CIPHER_get_cipher_nid(cipher), expect_nid22);
AssertIntEQ(wolfSSL_CIPHER_get_digest_nid(cipher), expect_nid23);
AssertIntEQ(wolfSSL_CIPHER_get_kx_nid(cipher), expect_nid24);
AssertIntEQ(wolfSSL_CIPHER_is_aead(cipher), expect_nid25);
}
}
}
if (ctx)
SSL_CTX_free(ctx);
if(ssl)
SSL_free(ssl);
printf(resultFmt, passed);
#endif
}
#if defined(WOLF_CRYPTO_CB) && defined(HAVE_IO_TESTS_DEPENDENCIES)
static int load_pem_key_file_as_der(const char* privKeyFile, DerBuffer** pDer,
int* keyFormat)
{
int ret;
byte* key_buf = NULL;
size_t key_sz = 0;
EncryptedInfo encInfo;
XMEMSET(&encInfo, 0, sizeof(encInfo));
ret = load_file(privKeyFile, &key_buf, &key_sz);
if (ret == 0) {
ret = wc_PemToDer(key_buf, key_sz, PRIVATEKEY_TYPE, pDer,
NULL, &encInfo, keyFormat);
}
if (key_buf != NULL) {
free(key_buf); key_buf = NULL;
}
(void)encInfo; /* not used in this test */
#ifdef DEBUG_WOLFSSL
printf("%s (%d): Loading PEM %s (len %d) to DER (len %d)\n",
(ret == 0) ? "Success" : "Failure", ret, privKeyFile, (int)key_sz,
(*pDer)->length);
#endif
return ret;
}
static int test_CryptoCb_Func(int thisDevId, wc_CryptoInfo* info, void* ctx)
{
int ret = CRYPTOCB_UNAVAILABLE;
const char* privKeyFile = (const char*)ctx;
DerBuffer* pDer = NULL;
int keyFormat = 0;
if (info->algo_type == WC_ALGO_TYPE_PK) {
#ifdef DEBUG_WOLFSSL
printf("test_CryptoCb_Func: Pk Type %d\n", info->pk.type);
#endif
#ifndef NO_RSA
if (info->pk.type == WC_PK_TYPE_RSA) {
switch (info->pk.rsa.type) {
case RSA_PUBLIC_ENCRYPT:
case RSA_PUBLIC_DECRYPT:
/* perform software based RSA public op */
ret = CRYPTOCB_UNAVAILABLE; /* fallback to software */
break;
case RSA_PRIVATE_ENCRYPT:
case RSA_PRIVATE_DECRYPT:
{
RsaKey key;
/* perform software based RSA private op */
#ifdef DEBUG_WOLFSSL
printf("test_CryptoCb_Func: RSA Priv\n");
#endif
ret = load_pem_key_file_as_der(privKeyFile, &pDer,
&keyFormat);
if (ret != 0) {
return ret;
}
ret = wc_InitRsaKey(&key, NULL);
if (ret == 0) {
word32 keyIdx = 0;
/* load RSA private key and perform private transform */
ret = wc_RsaPrivateKeyDecode(pDer->buffer, &keyIdx,
&key, pDer->length);
if (ret == 0) {
ret = wc_RsaFunction(
info->pk.rsa.in, info->pk.rsa.inLen,
info->pk.rsa.out, info->pk.rsa.outLen,
info->pk.rsa.type, &key, info->pk.rsa.rng);
}
else {
/* if decode fails, then fall-back to software based crypto */
printf("test_CryptoCb_Func: RSA private key decode "
"failed %d, falling back to software\n", ret);
ret = CRYPTOCB_UNAVAILABLE;
}
wc_FreeRsaKey(&key);
}
wc_FreeDer(&pDer); pDer = NULL;
break;
}
}
#ifdef DEBUG_WOLFSSL
printf("test_CryptoCb_Func: RSA Type %d, Ret %d, Out %d\n",
info->pk.rsa.type, ret, *info->pk.rsa.outLen);
#endif
}
#endif /* !NO_RSA */
#ifdef HAVE_ECC
if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) {
/* mark this key as ephemeral */
if (info->pk.eckg.key != NULL) {
XSTRNCPY(info->pk.eckg.key->label, "ephemeral",
sizeof(info->pk.eckg.key->label));
info->pk.eckg.key->labelLen = (int)XSTRLEN(info->pk.eckg.key->label);
}
}
else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
ecc_key key;
/* perform software based ECC sign */
#ifdef DEBUG_WOLFSSL
printf("test_CryptoCb_Func: ECC Sign\n");
#endif
if (info->pk.eccsign.key != NULL &&
XSTRCMP(info->pk.eccsign.key->label, "ephemeral") == 0) {
/* this is an empheral key */
#ifdef DEBUG_WOLFSSL
printf("test_CryptoCb_Func: skipping signing op on ephemeral key\n");
#endif
return CRYPTOCB_UNAVAILABLE;
}
ret = load_pem_key_file_as_der(privKeyFile, &pDer, &keyFormat);
if (ret != 0) {
return ret;
}
ret = wc_ecc_init(&key);
if (ret == 0) {
word32 keyIdx = 0;
/* load ECC private key and perform private transform */
ret = wc_EccPrivateKeyDecode(pDer->buffer, &keyIdx,
&key, pDer->length);
if (ret == 0) {
ret = wc_ecc_sign_hash(
info->pk.eccsign.in, info->pk.eccsign.inlen,
info->pk.eccsign.out, info->pk.eccsign.outlen,
info->pk.eccsign.rng, &key);
}
else {
/* if decode fails, then fall-back to software based crypto */
printf("test_CryptoCb_Func: ECC private key decode "
"failed %d, falling back to software\n", ret);
ret = CRYPTOCB_UNAVAILABLE;
}
wc_ecc_free(&key);
}
wc_FreeDer(&pDer); pDer = NULL;
#ifdef DEBUG_WOLFSSL
printf("test_CryptoCb_Func: ECC Ret %d, Out %d\n",
ret, *info->pk.eccsign.outlen);
#endif
}
#endif /* HAVE_ECC */
#ifdef HAVE_ED25519
if (info->pk.type == WC_PK_TYPE_ED25519_SIGN) {
ed25519_key key;
/* perform software based ED25519 sign */
#ifdef DEBUG_WOLFSSL
printf("test_CryptoCb_Func: ED25519 Sign\n");
#endif
ret = load_pem_key_file_as_der(privKeyFile, &pDer, &keyFormat);
if (ret != 0) {
return ret;
}
ret = wc_ed25519_init(&key);
if (ret == 0) {
word32 keyIdx = 0;
/* load ED25519 private key and perform private transform */
ret = wc_Ed25519PrivateKeyDecode(pDer->buffer, &keyIdx,
&key, pDer->length);
if (ret == 0) {
/* calculate public key */
ret = wc_ed25519_make_public(&key, key.p, ED25519_PUB_KEY_SIZE);
if (ret == 0) {
key.pubKeySet = 1;
ret = wc_ed25519_sign_msg_ex(
info->pk.ed25519sign.in, info->pk.ed25519sign.inLen,
info->pk.ed25519sign.out, info->pk.ed25519sign.outLen,
&key, info->pk.ed25519sign.type,
info->pk.ed25519sign.context,
info->pk.ed25519sign.contextLen);
}
}
else {
/* if decode fails, then fall-back to software based crypto */
printf("test_CryptoCb_Func: ED25519 private key decode "
"failed %d, falling back to software\n", ret);
ret = CRYPTOCB_UNAVAILABLE;
}
wc_ed25519_free(&key);
}
wc_FreeDer(&pDer); pDer = NULL;
#ifdef DEBUG_WOLFSSL
printf("test_CryptoCb_Func: ED25519 Ret %d, Out %d\n",
ret, *info->pk.ed25519sign.outLen);
#endif
}
#endif /* HAVE_ED25519 */
}
(void)thisDevId;
(void)keyFormat;
return ret;
}
/* tlsVer: WOLFSSL_TLSV1_2 or WOLFSSL_TLSV1_3 */
static void test_wc_CryptoCb_TLS(int tlsVer,
const char* cliCaPemFile, const char* cliCertPemFile,
const char* cliPrivKeyPemFile, const char* cliPubKeyPemFile,
const char* svrCaPemFile, const char* svrCertPemFile,
const char* svrPrivKeyPemFile, const char* svrPubKeyPemFile)
{
callback_functions client_cbf;
callback_functions server_cbf;
XMEMSET(&client_cbf, 0, sizeof(client_cbf));
XMEMSET(&server_cbf, 0, sizeof(server_cbf));
if (tlsVer == WOLFSSL_TLSV1_3) {
#ifdef WOLFSSL_TLS13
server_cbf.method = wolfTLSv1_3_server_method;
client_cbf.method = wolfTLSv1_3_client_method;
#endif
}
else if (tlsVer == WOLFSSL_TLSV1_2) {
#ifndef WOLFSSL_NO_TLS12
server_cbf.method = wolfTLSv1_2_server_method;
client_cbf.method = wolfTLSv1_2_client_method;
#endif
}
else if (tlsVer == WOLFSSL_TLSV1_1) {
#ifndef NO_OLD_TLS
server_cbf.method = wolfTLSv1_1_server_method;
client_cbf.method = wolfTLSv1_1_client_method;
#endif
}
else if (tlsVer == WOLFSSL_TLSV1) {
#if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10)
server_cbf.method = wolfTLSv1_server_method;
client_cbf.method = wolfTLSv1_client_method;
#endif
}
else if (tlsVer == WOLFSSL_SSLV3) {
#if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3) && \
defined(WOLFSSL_STATIC_RSA)
server_cbf.method = wolfSSLv3_server_method;
client_cbf.method = wolfSSLv3_client_method;
#endif
}
else if (tlsVer == WOLFSSL_DTLSV1_2) {
#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12)
server_cbf.method = wolfDTLSv1_2_server_method;
client_cbf.method = wolfDTLSv1_2_client_method;
#endif
}
else if (tlsVer == WOLFSSL_DTLSV1) {
#if defined(WOLFSSL_DTLS) && !defined(NO_OLD_TLS)
server_cbf.method = wolfDTLSv1_server_method;
client_cbf.method = wolfDTLSv1_client_method;
#endif
}
if (server_cbf.method == NULL) {
/* not enabled */
return;
}
/* Setup the keys for the TLS test */
client_cbf.certPemFile = cliCertPemFile;
client_cbf.keyPemFile = cliPubKeyPemFile;
client_cbf.caPemFile = cliCaPemFile;
server_cbf.certPemFile = svrCertPemFile;
server_cbf.keyPemFile = svrPubKeyPemFile;
server_cbf.caPemFile = svrCaPemFile;
/* Setup a crypto callback with pointer to private key file for testing */
client_cbf.devId = 1;
wc_CryptoCb_RegisterDevice(client_cbf.devId, test_CryptoCb_Func,
(void*)cliPrivKeyPemFile);
server_cbf.devId = 2;
wc_CryptoCb_RegisterDevice(server_cbf.devId, test_CryptoCb_Func,
(void*)svrPrivKeyPemFile);
/* Perform TLS server and client test */
/* First test is at WOLFSSL_CTX level */
test_wolfSSL_client_server(&client_cbf, &server_cbf);
/* Check for success */
AssertIntEQ(server_cbf.return_code, TEST_SUCCESS);
AssertIntEQ(client_cbf.return_code, TEST_SUCCESS);
/* Second test is a WOLFSSL object level */
client_cbf.loadToSSL = 1; server_cbf.loadToSSL = 1;
test_wolfSSL_client_server(&client_cbf, &server_cbf);
/* Check for success */
AssertIntEQ(server_cbf.return_code, TEST_SUCCESS);
AssertIntEQ(client_cbf.return_code, TEST_SUCCESS);
/* Un register the devId's */
wc_CryptoCb_UnRegisterDevice(client_cbf.devId);
client_cbf.devId = INVALID_DEVID;
wc_CryptoCb_UnRegisterDevice(server_cbf.devId);
server_cbf.devId = INVALID_DEVID;
}
#endif /* WOLF_CRYPTO_CB && HAVE_IO_TESTS_DEPENDENCIES */
static void test_wc_CryptoCb(void)
{
#ifdef WOLF_CRYPTO_CB
/* TODO: Add crypto callback API tests */
#ifdef HAVE_IO_TESTS_DEPENDENCIES
#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519)
int tlsVer;
#endif
#ifndef NO_RSA
for (tlsVer = WOLFSSL_SSLV3; tlsVer <= WOLFSSL_DTLSV1; tlsVer++) {
test_wc_CryptoCb_TLS(tlsVer,
svrCertFile, cliCertFile, cliKeyFile, cliKeyPubFile,
cliCertFile, svrCertFile, svrKeyFile, svrKeyPubFile);
}
#endif
#ifdef HAVE_ECC
for (tlsVer = WOLFSSL_TLSV1; tlsVer <= WOLFSSL_DTLSV1; tlsVer++) {
test_wc_CryptoCb_TLS(tlsVer,
caEccCertFile, cliEccCertFile, cliEccKeyFile, cliEccKeyPubFile,
cliEccCertFile, eccCertFile, eccKeyFile, eccKeyPubFile);
}
#endif
#ifdef HAVE_ED25519
for (tlsVer = WOLFSSL_TLSV1_2; tlsVer <= WOLFSSL_DTLSV1_2; tlsVer++) {
if (tlsVer == WOLFSSL_DTLSV1) continue;
test_wc_CryptoCb_TLS(tlsVer,
caEdCertFile, cliEdCertFile, cliEdKeyFile, cliEdKeyPubFile,
cliEdCertFile, edCertFile, edKeyFile, edKeyPubFile);
}
#endif
#endif /* HAVE_IO_TESTS_DEPENDENCIES */
#endif /* WOLF_CRYPTO_CB */
}
#if defined(WOLFSSL_STATIC_MEMORY) && defined(HAVE_IO_TESTS_DEPENDENCIES)
/* tlsVer: Example: WOLFSSL_TLSV1_2 or WOLFSSL_TLSV1_3 */
static void test_wolfSSL_CTX_StaticMemory_TLS(int tlsVer,
const char* cliCaPemFile, const char* cliCertPemFile,
const char* cliPrivKeyPemFile,
const char* svrCaPemFile, const char* svrCertPemFile,
const char* svrPrivKeyPemFile,
byte* cliMem, word32 cliMemSz, byte* svrMem, word32 svrMemSz)
{
callback_functions client_cbf;
callback_functions server_cbf;
XMEMSET(&client_cbf, 0, sizeof(client_cbf));
XMEMSET(&server_cbf, 0, sizeof(server_cbf));
if (tlsVer == WOLFSSL_TLSV1_3) {
#ifdef WOLFSSL_TLS13
server_cbf.method_ex = wolfTLSv1_3_server_method_ex;
client_cbf.method_ex = wolfTLSv1_3_client_method_ex;
#endif
}
else if (tlsVer == WOLFSSL_TLSV1_2) {
#ifndef WOLFSSL_NO_TLS12
server_cbf.method_ex = wolfTLSv1_2_server_method_ex;
client_cbf.method_ex = wolfTLSv1_2_client_method_ex;
#endif
}
else if (tlsVer == WOLFSSL_TLSV1_1) {
#ifndef NO_OLD_TLS
server_cbf.method_ex = wolfTLSv1_1_server_method_ex;
client_cbf.method_ex = wolfTLSv1_1_client_method_ex;
#endif
}
else if (tlsVer == WOLFSSL_TLSV1) {
#if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10)
server_cbf.method_ex = wolfTLSv1_server_method_ex;
client_cbf.method_ex = wolfTLSv1_client_method_ex;
#endif
}
else if (tlsVer == WOLFSSL_SSLV3) {
#if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3) && \
defined(WOLFSSL_STATIC_RSA)
server_cbf.method_ex = wolfSSLv3_server_method_ex;
client_cbf.method_ex = wolfSSLv3_client_method_ex;
#endif
}
else if (tlsVer == WOLFSSL_DTLSV1_2) {
#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12)
server_cbf.method_ex = wolfDTLSv1_2_server_method_ex;
client_cbf.method_ex = wolfDTLSv1_2_client_method_ex;
#endif
}
else if (tlsVer == WOLFSSL_DTLSV1) {
#if defined(WOLFSSL_DTLS) && !defined(NO_OLD_TLS)
server_cbf.method_ex = wolfDTLSv1_server_method_ex;
client_cbf.method_ex = wolfDTLSv1_client_method_ex;
#endif
}
if (server_cbf.method_ex == NULL) {
/* not enabled */
return;
}
/* Setup the keys for the TLS test */
client_cbf.certPemFile = cliCertPemFile;
client_cbf.keyPemFile = cliPrivKeyPemFile;
client_cbf.caPemFile = cliCaPemFile;
server_cbf.certPemFile = svrCertPemFile;
server_cbf.keyPemFile = svrPrivKeyPemFile;
server_cbf.caPemFile = svrCaPemFile;
client_cbf.mem = cliMem;
client_cbf.memSz = cliMemSz;
server_cbf.mem = svrMem;
server_cbf.memSz = svrMemSz;
client_cbf.devId = INVALID_DEVID;
server_cbf.devId = INVALID_DEVID;
/* Perform TLS server and client test */
/* First test is at WOLFSSL_CTX level */
test_wolfSSL_client_server(&client_cbf, &server_cbf);
/* Check for success */
AssertIntEQ(server_cbf.return_code, TEST_SUCCESS);
AssertIntEQ(client_cbf.return_code, TEST_SUCCESS);
/* Second test is a WOLFSSL object level */
client_cbf.loadToSSL = 1; server_cbf.loadToSSL = 1;
test_wolfSSL_client_server(&client_cbf, &server_cbf);
/* Check for success */
AssertIntEQ(server_cbf.return_code, TEST_SUCCESS);
AssertIntEQ(client_cbf.return_code, TEST_SUCCESS);
}
#endif /* WOLFSSL_STATIC_MEMORY && HAVE_IO_TESTS_DEPENDENCIES */
#ifdef WOLFSSL_STATIC_MEMORY
#if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) || \
defined(SESSION_CERTS)
#ifdef OPENSSL_EXTRA
#define TEST_TLS_STATIC_MEMSZ (400000)
#else
#define TEST_TLS_STATIC_MEMSZ (320000)
#endif
#else
#define TEST_TLS_STATIC_MEMSZ (80000)
#endif
static void test_wolfSSL_CTX_StaticMemory_SSL(WOLFSSL_CTX* ctx)
{
WOLFSSL *ssl1 = NULL, *ssl2 = NULL, *ssl3 = NULL;
WOLFSSL_MEM_STATS mem_stats;
WOLFSSL_MEM_CONN_STATS ssl_stats;
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA)
AssertIntEQ(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
#endif
AssertNotNull((ssl1 = wolfSSL_new(ctx)));
AssertNotNull((ssl2 = wolfSSL_new(ctx)));
/* this should fail because kMaxCtxClients == 2 */
AssertNull((ssl3 = wolfSSL_new(ctx)));
if (wolfSSL_is_static_memory(ssl1, &ssl_stats) == 1) {
#ifdef DEBUG_WOLFSSL
wolfSSL_PrintStatsConn(&ssl_stats);
#endif
(void)ssl_stats;
}
/* display collected statistics */
if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) == 1) {
#ifdef DEBUG_WOLFSSL
wolfSSL_PrintStats(&mem_stats);
#endif
(void)mem_stats;
}
wolfSSL_free(ssl1);
wolfSSL_free(ssl2);
}
#endif /* WOLFSSL_STATIC_MEMORY */
static void test_wolfSSL_CTX_StaticMemory(void)
{
#ifdef WOLFSSL_STATIC_MEMORY
wolfSSL_method_func method_func;
WOLFSSL_CTX* ctx;
const int kMaxCtxClients = 2;
#ifdef HAVE_IO_TESTS_DEPENDENCIES
#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519)
int tlsVer;
byte cliMem[TEST_TLS_STATIC_MEMSZ];
#endif
#endif
byte svrMem[TEST_TLS_STATIC_MEMSZ];
printf(testingFmt, "test_wolfSSL_CTX_StaticMemory()");
#ifndef NO_WOLFSSL_SERVER
#ifndef WOLFSSL_NO_TLS12
method_func = wolfTLSv1_2_server_method_ex;
#else
method_func = wolfTLSv1_3_server_method_ex;
#endif
#else
#ifndef WOLFSSL_NO_TLS12
method_func = wolfTLSv1_2_client_method_ex;
#else
method_func = wolfTLSv1_3_client_method_ex;
#endif
#endif
/* Test creating CTX directly from static memory pool */
ctx = NULL;
AssertIntEQ(wolfSSL_CTX_load_static_memory(
&ctx, method_func, svrMem, sizeof(svrMem),
0, kMaxCtxClients), WOLFSSL_SUCCESS);
test_wolfSSL_CTX_StaticMemory_SSL(ctx);
wolfSSL_CTX_free(ctx);
ctx = NULL;
/* Test for heap allocated CTX, then assigning static pool to it */
AssertNotNull(ctx = wolfSSL_CTX_new(method_func(NULL)));
AssertIntEQ(wolfSSL_CTX_load_static_memory(&ctx,
NULL, svrMem, sizeof(svrMem),
0, kMaxCtxClients), WOLFSSL_SUCCESS);
test_wolfSSL_CTX_StaticMemory_SSL(ctx);
wolfSSL_CTX_free(ctx);
/* TLS Level Tests using static memory */
#ifdef HAVE_IO_TESTS_DEPENDENCIES
#ifndef NO_RSA
for (tlsVer = WOLFSSL_SSLV3; tlsVer <= WOLFSSL_DTLSV1; tlsVer++) {
test_wolfSSL_CTX_StaticMemory_TLS(tlsVer,
svrCertFile, cliCertFile, cliKeyFile,
cliCertFile, svrCertFile, svrKeyFile,
cliMem, (word32)sizeof(cliMem), svrMem, (word32)sizeof(svrMem));
}
#endif
#ifdef HAVE_ECC
for (tlsVer = WOLFSSL_TLSV1; tlsVer <= WOLFSSL_DTLSV1; tlsVer++) {
test_wolfSSL_CTX_StaticMemory_TLS(tlsVer,
caEccCertFile, cliEccCertFile, cliEccKeyFile,
cliEccCertFile, eccCertFile, eccKeyFile,
cliMem, (word32)sizeof(cliMem), svrMem, (word32)sizeof(svrMem));
}
#endif
#ifdef HAVE_ED25519
for (tlsVer = WOLFSSL_TLSV1_2; tlsVer <= WOLFSSL_DTLSV1_2; tlsVer++) {
if (tlsVer == WOLFSSL_DTLSV1) continue;
test_wolfSSL_CTX_StaticMemory_TLS(tlsVer,
caEdCertFile, cliEdCertFile, cliEdKeyFile,
cliEdCertFile, edCertFile, edKeyFile,
cliMem, (word32)sizeof(cliMem), svrMem, (word32)sizeof(svrMem));
}
#endif
#endif /* HAVE_IO_TESTS_DEPENDENCIES */
printf(resultFmt, passed);
#endif
}
static void test_openssl_FIPS_drbg(void)
{
#if defined(OPENSSL_EXTRA) && !defined(WC_NO_RNG) && defined(HAVE_HASHDRBG)
DRBG_CTX* dctx;
byte data1[32], data2[32], zeroData[32];
byte testSeed[16];
size_t dlen = sizeof(data1);
int i;
XMEMSET(data1, 0, dlen);
XMEMSET(data2, 0, dlen);
XMEMSET(zeroData, 0, sizeof(zeroData));
for (i=0; i<(int)sizeof(testSeed); i++) {
testSeed[i] = (byte)i;
}
printf(testingFmt, "test_openssl_FIPS_drbg()");
AssertNotNull(dctx = FIPS_get_default_drbg());
AssertIntEQ(FIPS_drbg_init(dctx, 0, 0), WOLFSSL_SUCCESS);
AssertIntEQ(FIPS_drbg_set_callbacks(dctx, NULL, NULL, 20, NULL, NULL),
WOLFSSL_SUCCESS);
AssertIntEQ(FIPS_drbg_instantiate(dctx, NULL, 0), WOLFSSL_SUCCESS);
AssertIntEQ(FIPS_drbg_generate(dctx, data1, dlen, 0, NULL, 0),
WOLFSSL_SUCCESS);
AssertIntNE(XMEMCMP(data1, zeroData, dlen), 0);
AssertIntEQ(FIPS_drbg_reseed(dctx, testSeed, sizeof(testSeed)),
WOLFSSL_SUCCESS);
AssertIntEQ(FIPS_drbg_generate(dctx, data2, dlen, 0, NULL, 0),
WOLFSSL_SUCCESS);
AssertIntNE(XMEMCMP(data1, zeroData, dlen), 0);
AssertIntNE(XMEMCMP(data1, data2, dlen), 0);
AssertIntEQ(FIPS_drbg_uninstantiate(dctx), WOLFSSL_SUCCESS);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_FIPS_mode(void)
{
#if defined(OPENSSL_ALL)
printf(testingFmt, "test_wolfSSL_FIPS_mode()");
#ifdef HAVE_FIPS
AssertIntEQ(wolfSSL_FIPS_mode(), 1);
AssertIntEQ(wolfSSL_FIPS_mode_set(0), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_FIPS_mode_set(1), WOLFSSL_SUCCESS);
#else
AssertIntEQ(wolfSSL_FIPS_mode(), 0);
AssertIntEQ(wolfSSL_FIPS_mode_set(0), WOLFSSL_SUCCESS);
AssertIntEQ(wolfSSL_FIPS_mode_set(1), WOLFSSL_FAILURE);
#endif
printf(resultFmt, passed);
#endif
}
/*----------------------------------------------------------------------------*
| Main
*----------------------------------------------------------------------------*/
void ApiTest(void)
{
printf("\n-----------------Porting tests------------------\n");
AssertTrue(test_fileAccess());
printf(" Begin API Tests\n");
AssertIntEQ(test_wolfSSL_Init(), WOLFSSL_SUCCESS);
/* wolfcrypt initialization tests */
test_wolfSSL_Method_Allocators();
#ifndef NO_WOLFSSL_SERVER
test_wolfSSL_CTX_new(wolfSSLv23_server_method());
#endif
#if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
(!defined(NO_RSA) || defined(HAVE_ECC))
test_for_double_Free();
#endif
#ifdef HAVE_IO_TESTS_DEPENDENCIES
test_wolfSSL_get_finished();
test_wolfSSL_CTX_add_session();
#endif
test_SSL_CIPHER_get_xxx();
test_wolfSSL_ERR_strings();
test_wolfSSL_EVP_shake128();
test_wolfSSL_EVP_shake256();
test_EVP_blake2();
test_EVP_MD_do_all();
test_OBJ_NAME_do_all();
test_wolfSSL_CTX_use_certificate_file();
AssertIntEQ(test_wolfSSL_CTX_use_certificate_buffer(), WOLFSSL_SUCCESS);
test_wolfSSL_CTX_use_PrivateKey_file();
test_wolfSSL_CTX_load_verify_locations();
test_wolfSSL_CertManagerCheckOCSPResponse();
test_wolfSSL_CertManagerLoadCABuffer();
test_wolfSSL_CertManagerGetCerts();
test_wolfSSL_CertManagerSetVerify();
test_wolfSSL_CertManagerNameConstraint();
test_wolfSSL_CertManagerNameConstraint2();
test_wolfSSL_CertManagerNameConstraint3();
test_wolfSSL_CertManagerNameConstraint4();
test_wolfSSL_CertManagerNameConstraint5();
test_wolfSSL_CertManagerCRL();
test_wolfSSL_CTX_load_verify_locations_ex();
test_wolfSSL_CTX_load_verify_buffer_ex();
test_wolfSSL_CTX_load_verify_chain_buffer_format();
test_wolfSSL_CTX_add1_chain_cert();
test_wolfSSL_CTX_use_certificate_chain_file_format();
test_wolfSSL_CTX_trust_peer_cert();
test_wolfSSL_CTX_SetTmpDH_file();
test_wolfSSL_CTX_SetTmpDH_buffer();
test_wolfSSL_CTX_SetMinMaxDhKey_Sz();
test_wolfSSL_CTX_der_load_verify_locations();
test_wolfSSL_CTX_enable_disable();
test_wolfSSL_CTX_ticket_API();
test_server_wolfSSL_new();
test_client_wolfSSL_new();
test_wolfSSL_SetTmpDH_file();
test_wolfSSL_SetTmpDH_buffer();
test_wolfSSL_SetMinMaxDhKey_Sz();
test_SetTmpEC_DHE_Sz();
test_wolfSSL_CTX_get0_privatekey();
test_wolfSSL_dtls_set_mtu();
#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
defined(HAVE_IO_TESTS_DEPENDENCIES)
test_wolfSSL_read_write();
#if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13)
test_wolfSSL_reuse_WOLFSSLobj();
#endif
test_wolfSSL_CTX_verifyDepth_ServerClient();
test_wolfSSL_dtls_export();
test_wolfSSL_tls_export();
#endif
AssertIntEQ(test_wolfSSL_SetMinVersion(), WOLFSSL_SUCCESS);
AssertIntEQ(test_wolfSSL_CTX_SetMinVersion(), WOLFSSL_SUCCESS);
/* TLS extensions tests */
#ifdef HAVE_IO_TESTS_DEPENDENCIES
test_wolfSSL_UseSNI();
#endif
test_wolfSSL_UseTrustedCA();
test_wolfSSL_UseMaxFragment();
test_wolfSSL_UseTruncatedHMAC();
test_wolfSSL_UseSupportedCurve();
test_wolfSSL_UseALPN();
test_wolfSSL_DisableExtendedMasterSecret();
test_wolfSSL_wolfSSL_UseSecureRenegotiation();
/* X509 tests */
test_wolfSSL_X509_NAME_get_entry();
test_wolfSSL_PKCS12();
test_wolfSSL_no_password_cb();
test_wolfSSL_PKCS8();
test_wolfSSL_PKCS8_ED25519();
test_wolfSSL_PKCS8_ED448();
test_wolfSSL_PKCS5();
test_wolfSSL_URI();
test_wolfSSL_TBS();
test_wolfSSL_X509_verify();
test_wolfSSL_X509_TLS_version();
test_wc_PemToDer();
test_wc_AllocDer();
test_wc_CertPemToDer();
test_wc_PubKeyPemToDer();
test_wc_PemPubKeyToDer();
test_wc_GetPubKeyDerFromCert();
/*OCSP Stapling. */
AssertIntEQ(test_wolfSSL_UseOCSPStapling(), WOLFSSL_SUCCESS);
AssertIntEQ(test_wolfSSL_UseOCSPStaplingV2(), WOLFSSL_SUCCESS);
/* Multicast */
test_wolfSSL_mcast();
/* compatibility tests */
test_wolfSSL_lhash();
test_wolfSSL_X509_NAME();
test_wolfSSL_X509_NAME_hash();
#ifndef NO_BIO
test_wolfSSL_X509_INFO_multiple_info();
test_wolfSSL_X509_INFO();
#endif
test_wolfSSL_X509_subject_name_hash();
test_wolfSSL_X509_issuer_name_hash();
test_wolfSSL_X509_check_host();
test_wolfSSL_X509_check_email();
test_wolfSSL_DES();
test_wolfSSL_certs();
test_wolfSSL_X509_check_private_key();
test_wolfSSL_ASN1_TIME_print();
test_wolfSSL_ASN1_UTCTIME_print();
test_wolfSSL_ASN1_TIME_diff();
test_wolfSSL_ASN1_GENERALIZEDTIME_free();
test_wolfSSL_private_keys();
test_wolfSSL_PEM_read_PrivateKey();
test_wolfSSL_PEM_PrivateKey();
#ifndef NO_BIO
test_wolfSSL_PEM_bio_RSAKey();
test_wolfSSL_PEM_bio_DSAKey();
test_wolfSSL_PEM_bio_ECKey();
test_wolfSSL_PEM_RSAPrivateKey();
test_wolfSSL_PEM_PUBKEY();
#endif
test_DSA_do_sign_verify();
test_wolfSSL_tmp_dh();
test_wolfSSL_ctrl();
test_wolfSSL_EVP_MD_size();
test_wolfSSL_EVP_MD_pkey_type();
test_wolfSSL_EVP_Digest();
test_wolfSSL_EVP_Digest_all();
test_wolfSSL_EVP_PKEY_new_mac_key();
test_wolfSSL_EVP_MD_hmac_signing();
test_wolfSSL_EVP_MD_rsa_signing();
test_wolfSSL_EVP_MD_ecc_signing();
test_wolfSSL_EVP_PKEY_print_public();
test_wolfSSL_EVP_ENCODE_CTX_new();
test_wolfSSL_EVP_ENCODE_CTX_free();
test_wolfSSL_EVP_EncodeInit();
test_wolfSSL_EVP_EncodeUpdate();
test_wolfSSL_EVP_EncodeFinal();
test_wolfSSL_EVP_DecodeInit();
test_wolfSSL_EVP_DecodeUpdate();
test_wolfSSL_EVP_DecodeFinal();
test_wolfSSL_CTX_add_extra_chain_cert();
#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
test_wolfSSL_ERR_peek_last_error_line();
#endif
#ifndef NO_BIO
test_wolfSSL_ERR_print_errors_cb();
AssertFalse(test_wolfSSL_GetLoggingCb());
AssertFalse(test_WOLFSSL_ERROR_MSG());
AssertFalse(test_wc_ERR_remove_state());
AssertFalse(test_wc_ERR_print_errors_fp());
#endif
test_wolfSSL_set_options();
test_wolfSSL_sk_SSL_CIPHER();
test_wolfSSL_set1_curves_list();
test_wolfSSL_set1_sigalgs_list();
test_wolfSSL_PKCS7_certs();
test_wolfSSL_X509_STORE_CTX();
test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup();
test_wolfSSL_X509_STORE_CTX_get0_current_issuer();
test_wolfSSL_msgCb();
test_wolfSSL_either_side();
test_wolfSSL_DTLS_either_side();
test_generate_cookie();
test_wolfSSL_X509_STORE_set_flags();
test_wolfSSL_X509_LOOKUP_load_file();
test_wolfSSL_X509_Name_canon();
test_wolfSSL_X509_LOOKUP_ctrl_file();
test_wolfSSL_X509_LOOKUP_ctrl_hash_dir();
test_wolfSSL_X509_NID();
test_wolfSSL_X509_STORE_CTX_set_time();
test_wolfSSL_get0_param();
test_wolfSSL_X509_VERIFY_PARAM_set1_host();
test_wolfSSL_X509_VERIFY_PARAM_set1_ip();
test_wolfSSL_X509_STORE_CTX_get0_store();
test_wolfSSL_X509_STORE();
test_wolfSSL_X509_STORE_load_locations();
test_X509_STORE_get0_objects();
test_wolfSSL_X509_load_crl_file();
test_wolfSSL_BN();
test_wolfSSL_CTX_get0_set1_param();
#ifndef NO_BIO
test_wolfSSL_PEM_read_bio();
test_wolfSSL_BIO();
#endif
test_wolfSSL_ASN1_STRING();
test_wolfSSL_ASN1_BIT_STRING();
test_wolfSSL_a2i_ASN1_INTEGER();
test_wolfSSL_a2i_IPADDRESS();
test_wolfSSL_X509();
test_wolfSSL_X509_VERIFY_PARAM();
test_wolfSSL_X509_sign();
test_wolfSSL_X509_sign2();
test_wolfSSL_X509_get0_tbs_sigalg();
test_wolfSSL_X509_ALGOR_get0();
#if defined(OPENSSL_EXTRA) && defined(HAVE_IO_TESTS_DEPENDENCIES)
test_wolfSSL_check_domain();
#endif
test_wolfSSL_X509_get_X509_PUBKEY();
test_wolfSSL_X509_PUBKEY_RSA();
test_wolfSSL_X509_PUBKEY_EC();
test_wolfSSL_X509_PUBKEY_DSA();
test_wolfSSL_RAND();
test_wolfSSL_BUF();
test_wolfSSL_set_tlsext_status_type();
test_wolfSSL_ASN1_TIME_adj();
test_wolfSSL_ASN1_TIME_to_tm();
test_wolfSSL_X509_cmp_time();
test_wolfSSL_X509_time_adj();
test_wolfSSL_CTX_set_client_CA_list();
test_wolfSSL_CTX_add_client_CA();
test_wolfSSL_CTX_set_srp_username();
test_wolfSSL_CTX_set_srp_password();
test_wolfSSL_CTX_set_keylog_callback();
test_wolfSSL_CTX_get_keylog_callback();
test_wolfSSL_Tls12_Key_Logging_test();
test_wolfSSL_Tls13_Key_Logging_test();
test_wolfSSL_Tls13_postauth();
test_wolfSSL_CTX_set_ecdh_auto();
test_wolfSSL_set_minmax_proto_version();
test_wolfSSL_THREADID_hash();
test_wolfSSL_RAND_set_rand_method();
test_wolfSSL_RAND_bytes();
test_wolfSSL_BN_rand();
test_wolfSSL_pseudo_rand();
test_wolfSSL_PKCS8_Compat();
test_wolfSSL_PKCS8_d2i();
test_error_queue_per_thread();
test_wolfSSL_ERR_put_error();
#ifndef NO_BIO
test_wolfSSL_ERR_print_errors();
#endif
test_wolfSSL_HMAC();
test_wolfSSL_CMAC();
test_wolfSSL_OBJ();
test_wolfSSL_i2a_ASN1_OBJECT();
test_wolfSSL_OBJ_cmp();
test_wolfSSL_OBJ_txt2nid();
test_wolfSSL_OBJ_txt2obj();
test_wolfSSL_i2t_ASN1_OBJECT();
test_wolfSSL_PEM_write_bio_X509();
test_wolfSSL_X509_NAME_ENTRY();
test_wolfSSL_X509_set_name();
test_wolfSSL_X509_set_notAfter();
test_wolfSSL_X509_set_notBefore();
test_wolfSSL_X509_set_version();
#ifndef NO_BIO
test_wolfSSL_BIO_gets();
test_wolfSSL_BIO_puts();
test_wolfSSL_BIO_dump();
test_wolfSSL_BIO_should_retry();
test_wolfSSL_d2i_PUBKEY();
test_wolfSSL_BIO_write();
test_wolfSSL_BIO_connect();
test_wolfSSL_BIO_accept();
test_wolfSSL_BIO_printf();
test_wolfSSL_BIO_f_md();
test_wolfSSL_BIO_up_ref();
#endif
test_wolfSSL_cert_cb();
test_wolfSSL_SESSION();
test_wolfSSL_ticket_keys();
test_wolfSSL_DES_ecb_encrypt();
test_wolfSSL_sk_GENERAL_NAME();
test_wolfSSL_GENERAL_NAME_print();
test_wolfSSL_sk_DIST_POINT();
test_wolfSSL_MD4();
test_wolfSSL_RSA();
test_wolfSSL_RSA_DER();
test_wolfSSL_RSA_get0_key();
test_wolfSSL_RSA_meth();
test_wolfSSL_verify_mode();
test_wolfSSL_verify_depth();
test_wolfSSL_HMAC_CTX();
test_wolfSSL_msg_callback();
test_wolfSSL_SHA();
test_wolfSSL_DH_1536_prime();
test_wolfSSL_DH_get_2048_256();
test_wolfSSL_PEM_write_DHparams();
test_wolfSSL_PEM_read_DHparams();
test_wolfSSL_AES_ecb_encrypt();
test_wolfSSL_MD5();
test_wolfSSL_MD5_Transform();
test_wolfSSL_SHA_Transform();
test_wolfSSL_SHA256();
test_wolfSSL_SHA256_Transform();
test_wolfSSL_SHA224();
test_wolfSSL_SHA512_Transform();
test_wolfSSL_X509_get_serialNumber();
test_wolfSSL_X509_CRL();
test_wolfSSL_d2i_X509_REQ();
test_wolfSSL_PEM_read_X509();
test_wolfSSL_PEM_read();
#ifndef NO_BIO
test_wolfSSL_PEM_X509_INFO_read_bio();
test_wolfSSL_PEM_read_bio_ECPKParameters();
#endif
test_wolfSSL_X509_STORE_get1_certs();
test_wolfSSL_X509_NAME_ENTRY_get_object();
test_wolfSSL_OpenSSL_add_all_algorithms();
test_wolfSSL_OPENSSL_hexstr2buf();
test_wolfSSL_ASN1_STRING_print_ex();
test_wolfSSL_ASN1_TIME_to_generalizedtime();
test_wolfSSL_ASN1_INTEGER_get_set();
test_wolfSSL_d2i_ASN1_INTEGER();
test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS();
test_wolfSSL_i2c_ASN1_INTEGER();
test_wolfSSL_X509_check_ca();
test_wolfSSL_X509_check_ip_asc();
test_wolfSSL_DC_cert();
test_wolfSSL_DES_ncbc();
test_wolfSSL_AES_cbc_encrypt();
test_wolfSSL_CRYPTO_cts128();
test_wolfssl_EVP_aes_gcm_AAD_2_parts();
test_wolfssl_EVP_aes_gcm();
test_wolfSSL_PKEY_up_ref();
test_wolfSSL_EVP_Cipher_extra();
test_wolfSSL_d2i_and_i2d_PublicKey();
test_wolfSSL_d2i_and_i2d_DSAparams();
test_wolfSSL_i2d_PrivateKey();
test_wolfSSL_OCSP_id_get0_info();
test_wolfSSL_i2d_OCSP_CERTID();
test_wolfSSL_OCSP_id_cmp();
test_wolfSSL_OCSP_SINGLERESP_get0_id();
test_wolfSSL_OCSP_single_get0_status();
test_wolfSSL_OCSP_resp_count();
test_wolfSSL_OCSP_resp_get0();
test_wolfSSL_EVP_PKEY_derive();
test_wolfSSL_EVP_PBE_scrypt();
#ifndef NO_RSA
test_wolfSSL_RSA_padding_add_PKCS1_PSS();
#endif
test_wolfSSL_RSA_sign_sha3();
test_CONF_modules_xxx();
test_CRYPTO_set_dynlock_xxx();
test_CRYPTO_THREADID_xxx();
test_ENGINE_cleanup();
test_wolfSSL_EC_KEY_set_group();
#if defined(OPENSSL_ALL)
test_wolfSSL_X509_PUBKEY_get();
test_wolfSSL_sk_CIPHER_description();
test_wolfSSL_get_ciphers_compat();
test_wolfSSL_d2i_DHparams();
test_wolfSSL_i2d_DHparams();
test_wolfSSL_ASN1_STRING_to_UTF8();
test_wolfSSL_ASN1_UNIVERSALSTRING_to_string();
test_wolfSSL_EC_KEY_dup();
test_wolfSSL_EVP_PKEY_set1_get1_DSA();
test_wolfSSL_DSA_SIG();
test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY();
test_wolfSSL_EVP_PKEY_set1_get1_DH();
test_wolfSSL_CTX_ctrl();
test_wolfSSL_DH_check();
test_wolfSSL_EVP_PKEY_assign();
test_wolfSSL_EVP_PKEY_base_id();
test_wolfSSL_EVP_PKEY_id();
test_wolfSSL_EVP_PKEY_paramgen();
test_wolfSSL_EVP_PKEY_keygen();
test_wolfSSL_EVP_PKEY_keygen_init();
test_wolfSSL_EVP_PKEY_missing_parameters();
test_wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits();
test_wolfSSL_EVP_CIPHER_CTX_iv_length();
test_wolfSSL_EVP_CIPHER_CTX_key_length();
test_wolfSSL_EVP_CIPHER_CTX_set_key_length();
test_wolfSSL_EVP_CIPHER_CTX_set_iv();
test_wolfSSL_EVP_PKEY_CTX_new_id();
test_wolfSSL_EVP_rc4();
test_wolfSSL_EVP_enc_null();
test_wolfSSL_EVP_rc2_cbc();
test_wolfSSL_EVP_mdc2();
test_wolfSSL_EVP_md4();
test_wolfSSL_EVP_aes_256_gcm();
test_wolfSSL_EVP_aes_192_gcm();
test_wolfSSL_EVP_ripemd160();
test_wolfSSL_EVP_get_digestbynid();
test_wolfSSL_EVP_MD_nid();
test_wolfSSL_EVP_PKEY_get0_EC_KEY();
test_wolfSSL_EVP_X_STATE();
test_wolfSSL_EVP_X_STATE_LEN();
test_wolfSSL_EVP_CIPHER_block_size();
test_wolfSSL_EVP_CIPHER_iv_length();
test_wolfSSL_EVP_SignInit_ex();
test_wolfSSL_EVP_DigestFinal_ex();
test_wolfSSL_EVP_PKEY_assign_DH();
test_wolfSSL_EVP_BytesToKey();
test_wolfSSL_EVP_PKEY_param_check();
test_wolfSSL_QT_EVP_PKEY_CTX_free();
test_IncCtr();
test_wolfSSL_OBJ_ln();
test_wolfSSL_OBJ_sn();
test_wolfSSL_TXT_DB();
test_wolfSSL_NCONF();
#endif /* OPENSSL_ALL */
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA)
AssertIntEQ(test_wolfSSL_CTX_use_certificate_ASN1(), WOLFSSL_SUCCESS);
#ifndef NO_BIO
test_wolfSSL_d2i_PrivateKeys_bio();
#endif
#endif /* OPENSSL_ALL || WOLFSSL_ASIO */
test_wolfSSL_X509_CA_num();
test_wolfSSL_X509_get_version();
#ifndef NO_BIO
test_wolfSSL_X509_print();
test_wolfSSL_BIO_get_len();
#endif
test_wolfSSL_RSA_verify();
test_wolfSSL_X509V3_EXT_get();
test_wolfSSL_X509V3_EXT_nconf();
test_wolfSSL_X509V3_EXT();
test_wolfSSL_X509_get_extension_flags();
test_wolfSSL_X509_get_ext();
test_wolfSSL_X509_get_ext_by_NID();
test_wolfSSL_X509_get_ext_subj_alt_name();
test_wolfSSL_X509_get_ext_count();
test_wolfSSL_X509_EXTENSION_new();
test_wolfSSL_X509_EXTENSION_get_object();
test_wolfSSL_X509_EXTENSION_get_data();
test_wolfSSL_X509_EXTENSION_get_critical();
test_wolfSSL_X509V3_EXT_print();
test_wolfSSL_X509_cmp();
#ifndef NO_BIO
test_wolfSSL_RSA_print();
test_wolfSSL_ASN1_STRING_print();
#endif
test_wolfSSL_ASN1_get_object();
test_openssl_generate_key_and_cert();
test_wolfSSL_EC_get_builtin_curves();
test_wolfSSL_CRYPTO_memcmp();
test_wolfSSL_read_detect_TCP_disconnect();
/* test the no op functions for compatibility */
test_no_op_functions();
/* OpenSSL EVP_PKEY API tests */
test_EVP_PKEY_rsa();
test_wolfSSL_EVP_PKEY_encrypt();
test_wolfSSL_EVP_PKEY_sign();
test_EVP_PKEY_ec();
test_EVP_PKEY_cmp();
/* OpenSSL error API tests */
test_ERR_load_crypto_strings();
/* OpenSSL sk_X509 API test */
test_sk_X509();
/* OpenSSL sk_X509_CRL API test */
test_sk_X509_CRL();
/* OpenSSL X509 API test */
test_X509_get_signature_nid();
/* OpenSSL X509 REQ API test */
test_X509_REQ();
/* OpenSSL PKCS7 API test */
test_wolfssl_PKCS7();
test_wolfSSL_PKCS7_SIGNED_new();
#ifndef NO_BIO
test_wolfSSL_PEM_write_bio_PKCS7();
#ifdef HAVE_SMIME
test_wolfSSL_SMIME_read_PKCS7();
#endif
#endif
/* wolfCrypt ASN tests */
test_wc_CreateEncryptedPKCS8Key();
test_wc_GetPkcs8TraditionalOffset();
test_wc_SetSubjectRaw();
test_wc_GetSubjectRaw();
test_wc_SetIssuerRaw();
test_wc_SetIssueBuffer();
test_wc_SetSubjectKeyId();
test_wc_SetSubject();
test_CheckCertSignature();
test_wc_ParseCert();
/* wolfCrypt ECC tests */
test_wc_ecc_get_curve_size_from_name();
test_wc_ecc_get_curve_id_from_name();
test_wc_ecc_get_curve_id_from_params();
#ifdef WOLFSSL_TLS13
/* TLS v1.3 API tests */
test_tls13_apis();
#endif
#if !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
!defined(WOLFSSL_NO_CLIENT_AUTH))
/* Use the Cert Manager(CM) API to generate the error ASN_SIG_CONFIRM_E */
/* Bad certificate signature tests */
AssertIntEQ(test_EccSigFailure_cm(), ASN_SIG_CONFIRM_E);
AssertIntEQ(test_RsaSigFailure_cm(), ASN_SIG_CONFIRM_E);
#endif /* NO_CERTS */
#if defined(HAVE_PK_CALLBACKS) && (!defined(WOLFSSL_NO_TLS12) || \
!defined(NO_OLD_TLS))
/* public key callback tests */
test_DhCallbacks();
#endif
#if defined(HAVE_KEYING_MATERIAL) && defined(HAVE_IO_TESTS_DEPENDENCIES)
test_export_keying_material();
#endif /* HAVE_KEYING_MATERIAL */
test_wolfSSL_CTX_get_min_proto_version();
test_wolfSSL_security_level();
test_wolfSSL_SSL_in_init();
test_wolfSSL_EC_curve();
test_wolfSSL_CTX_set_timeout();
test_wolfSSL_OpenSSL_version();
test_wolfSSL_set_psk_use_session_callback();
test_CONF_CTX_FILE();
test_CONF_CTX_CMDLINE();
test_wolfSSL_CRYPTO_get_ex_new_index();
test_wolfSSL_DH();
/*wolfcrypt */
printf("\n-----------------wolfcrypt unit tests------------------\n");
AssertFalse(test_wolfCrypt_Init());
AssertFalse(test_wc_InitMd5());
AssertFalse(test_wc_Md5Update());
AssertFalse(test_wc_Md5Final());
AssertFalse(test_wc_InitSha());
AssertFalse(test_wc_ShaUpdate());
AssertFalse(test_wc_ShaFinal());
AssertFalse(test_wc_InitSha256());
AssertFalse(test_wc_Sha256Update());
AssertFalse(test_wc_Sha256Final());
AssertFalse(test_wc_Sha256FinalRaw());
AssertFalse(test_wc_Sha256GetFlags());
AssertFalse(test_wc_Sha256Free());
AssertFalse(test_wc_Sha256GetHash());
AssertFalse(test_wc_Sha256Copy());
AssertFalse(test_wc_InitSha512());
AssertFalse(test_wc_Sha512Update());
AssertFalse(test_wc_Sha512Final());
AssertFalse(test_wc_Sha512GetFlags());
AssertFalse(test_wc_Sha512FinalRaw());
AssertFalse(test_wc_Sha512Free());
AssertFalse(test_wc_Sha512GetHash());
AssertFalse(test_wc_Sha512Copy());
AssertFalse(test_wc_InitSha512_224());
AssertFalse(test_wc_Sha512_224Update());
AssertFalse(test_wc_Sha512_224Final());
AssertFalse(test_wc_Sha512_224GetFlags());
AssertFalse(test_wc_Sha512_224FinalRaw());
AssertFalse(test_wc_Sha512_224Free());
AssertFalse(test_wc_Sha512_224GetHash());
AssertFalse(test_wc_Sha512_224Copy());
AssertFalse(test_wc_InitSha512_256());
AssertFalse(test_wc_Sha512_256Update());
AssertFalse(test_wc_Sha512_256Final());
AssertFalse(test_wc_Sha512_256GetFlags());
AssertFalse(test_wc_Sha512_256FinalRaw());
AssertFalse(test_wc_Sha512_256Free());
AssertFalse(test_wc_Sha512_256GetHash());
AssertFalse(test_wc_Sha512_256Copy());
AssertFalse(test_wc_InitSha384());
AssertFalse(test_wc_Sha384Update());
AssertFalse(test_wc_Sha384Final());
AssertFalse(test_wc_Sha384GetFlags());
AssertFalse(test_wc_Sha384FinalRaw());
AssertFalse(test_wc_Sha384Free());
AssertFalse(test_wc_Sha384GetHash());
AssertFalse(test_wc_Sha384Copy());
AssertFalse(test_wc_InitSha224());
AssertFalse(test_wc_Sha224Update());
AssertFalse(test_wc_Sha224Final());
AssertFalse(test_wc_Sha224SetFlags());
AssertFalse(test_wc_Sha224GetFlags());
AssertFalse(test_wc_Sha224Free());
AssertFalse(test_wc_Sha224GetHash());
AssertFalse(test_wc_Sha224Copy());
AssertFalse(test_wc_InitBlake2b());
AssertFalse(test_wc_InitBlake2b_WithKey());
AssertFalse(test_wc_InitBlake2s_WithKey());
AssertFalse(test_wc_InitRipeMd());
AssertFalse(test_wc_RipeMdUpdate());
AssertFalse(test_wc_RipeMdFinal());
AssertIntEQ(test_wc_InitSha3(), 0);
AssertIntEQ(testing_wc_Sha3_Update(), 0);
AssertIntEQ(test_wc_Sha3_224_Final(), 0);
AssertIntEQ(test_wc_Sha3_256_Final(), 0);
AssertIntEQ(test_wc_Sha3_384_Final(), 0);
AssertIntEQ(test_wc_Sha3_512_Final(), 0);
AssertIntEQ(test_wc_Sha3_224_Copy(), 0);
AssertIntEQ(test_wc_Sha3_256_Copy(), 0);
AssertIntEQ(test_wc_Sha3_384_Copy(), 0);
AssertIntEQ(test_wc_Sha3_512_Copy(), 0);
AssertIntEQ(test_wc_Sha3_GetFlags(), 0);
AssertIntEQ(test_wc_InitShake256(), 0);
AssertIntEQ(testing_wc_Shake256_Update(), 0);
AssertIntEQ(test_wc_Shake256_Final(), 0);
AssertIntEQ(test_wc_Shake256_Copy(), 0);
AssertIntEQ(test_wc_Shake256Hash(), 0);
AssertFalse(test_wc_Md5HmacSetKey());
AssertFalse(test_wc_Md5HmacUpdate());
AssertFalse(test_wc_Md5HmacFinal());
AssertFalse(test_wc_ShaHmacSetKey());
AssertFalse(test_wc_ShaHmacUpdate());
AssertFalse(test_wc_ShaHmacFinal());
AssertFalse(test_wc_Sha224HmacSetKey());
AssertFalse(test_wc_Sha224HmacUpdate());
AssertFalse(test_wc_Sha224HmacFinal());
AssertFalse(test_wc_Sha256HmacSetKey());
AssertFalse(test_wc_Sha256HmacUpdate());
AssertFalse(test_wc_Sha256HmacFinal());
AssertFalse(test_wc_Sha384HmacSetKey());
AssertFalse(test_wc_Sha384HmacUpdate());
AssertFalse(test_wc_Sha384HmacFinal());
AssertIntEQ(test_wc_HashInit(), 0);
AssertIntEQ(test_wc_HashSetFlags(), 0);
AssertIntEQ(test_wc_HashGetFlags(), 0);
AssertIntEQ(test_wc_InitCmac(), 0);
AssertIntEQ(test_wc_CmacUpdate(), 0);
AssertIntEQ(test_wc_CmacFinal(), 0);
AssertIntEQ(test_wc_AesCmacGenerate(), 0);
AssertIntEQ(test_wc_AesGcmStream(), 0);
AssertIntEQ(test_wc_Des3_SetIV(), 0);
AssertIntEQ(test_wc_Des3_SetKey(), 0);
AssertIntEQ(test_wc_Des3_CbcEncryptDecrypt(), 0);
AssertIntEQ(test_wc_Des3_CbcEncryptDecryptWithKey(), 0);
AssertIntEQ(test_wc_Des3_EcbEncrypt(), 0);
AssertIntEQ(test_wc_Chacha_SetKey(), 0);
AssertIntEQ(test_wc_Chacha_Process(), 0);
AssertIntEQ(test_wc_ChaCha20Poly1305_aead(), 0);
AssertIntEQ(test_wc_Poly1305SetKey(), 0);
AssertIntEQ(test_wc_CamelliaSetKey(), 0);
AssertIntEQ(test_wc_CamelliaSetIV(), 0);
AssertIntEQ(test_wc_CamelliaEncryptDecryptDirect(), 0);
AssertIntEQ(test_wc_CamelliaCbcEncryptDecrypt(), 0);
AssertIntEQ(test_wc_Arc4SetKey(), 0);
AssertIntEQ(test_wc_Arc4Process(), 0);
AssertIntEQ(test_wc_Rc2SetKey(), 0);
AssertIntEQ(test_wc_Rc2SetIV(), 0);
AssertIntEQ(test_wc_Rc2EcbEncryptDecrypt(), 0);
AssertIntEQ(test_wc_Rc2CbcEncryptDecrypt(), 0);
AssertIntEQ(test_wc_AesSetKey(), 0);
AssertIntEQ(test_wc_AesSetIV(), 0);
AssertIntEQ(test_wc_AesCbcEncryptDecrypt(), 0);
AssertIntEQ(test_wc_AesCtrEncryptDecrypt(), 0);
AssertIntEQ(test_wc_AesGcmSetKey(), 0);
AssertIntEQ(test_wc_AesGcmEncryptDecrypt(), 0);
AssertIntEQ(test_wc_GmacSetKey(), 0);
AssertIntEQ(test_wc_GmacUpdate(), 0);
AssertIntEQ(test_wc_InitRsaKey(), 0);
AssertIntEQ(test_wc_RsaPrivateKeyDecode(), 0);
AssertIntEQ(test_wc_RsaPublicKeyDecode(), 0);
AssertIntEQ(test_wc_RsaPublicKeyDecodeRaw(), 0);
AssertIntEQ(test_wc_MakeRsaKey(), 0);
AssertIntEQ(test_wc_SetKeyUsage (), 0);
AssertIntEQ(test_wc_CheckProbablePrime (), 0);
AssertIntEQ(test_wc_RsaPSS_Verify (), 0);
AssertIntEQ(test_wc_RsaPSS_VerifyCheck (), 0);
AssertIntEQ(test_wc_RsaPSS_VerifyCheckInline (), 0);
AssertIntEQ(test_wc_SetMutexCb(), 0);
AssertIntEQ(test_wc_LockMutex_ex(), 0);
AssertIntEQ(test_wc_RsaKeyToDer(), 0);
AssertIntEQ(test_wc_RsaKeyToPublicDer(), 0);
AssertIntEQ(test_wc_RsaPublicEncryptDecrypt(), 0);
AssertIntEQ(test_wc_RsaPublicEncryptDecrypt_ex(), 0);
AssertIntEQ(test_wc_RsaEncryptSize(), 0);
AssertIntEQ(test_wc_RsaSSL_SignVerify(), 0);
AssertIntEQ(test_wc_RsaFlattenPublicKey(), 0);
AssertIntEQ(test_RsaDecryptBoundsCheck(), 0);
AssertIntEQ(test_wc_AesCcmSetKey(), 0);
AssertIntEQ(test_wc_AesCcmEncryptDecrypt(), 0);
AssertIntEQ(test_wc_InitDsaKey(), 0);
AssertIntEQ(test_wc_DsaSignVerify(), 0);
AssertIntEQ(test_wc_DsaPublicPrivateKeyDecode(), 0);
AssertIntEQ(test_wc_MakeDsaKey(), 0);
AssertIntEQ(test_wc_DsaKeyToDer(), 0);
AssertIntEQ(test_wc_DsaKeyToPublicDer(), 0);
AssertIntEQ(test_wc_DsaImportParamsRaw(), 0);
AssertIntEQ(test_wc_DsaImportParamsRawCheck(), 0);
AssertIntEQ(test_wc_DsaExportParamsRaw(), 0);
AssertIntEQ(test_wc_DsaExportKeyRaw(), 0);
AssertIntEQ(test_wc_SignatureGetSize_ecc(), 0);
AssertIntEQ(test_wc_SignatureGetSize_rsa(), 0);
wolfCrypt_Cleanup();
#ifdef OPENSSL_EXTRA
/*wolfSSL_EVP_get_cipherbynid test*/
test_wolfSSL_EVP_get_cipherbynid();
test_wolfSSL_EVP_CIPHER_CTX();
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
test_wolfSSL_EC();
#endif
test_wolfSSL_ECDSA_SIG();
test_ECDSA_size_sign();
test_ED25519();
test_ED448();
test_EC_i2d();
#endif
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && \
!defined(HAVE_SELFTEST) && \
!(defined(HAVE_FIPS) || defined(HAVE_FIPS_VERSION))
test_wc_ecc_get_curve_id_from_dp_params();
#endif
#ifdef HAVE_HASHDRBG
#ifdef TEST_RESEED_INTERVAL
AssertIntEQ(test_wc_RNG_GenerateBlock_Reseed(), 0);
#endif
AssertIntEQ(test_wc_RNG_GenerateBlock(), 0);
#endif
AssertIntEQ(test_get_rand_digit(), 0);
AssertIntEQ(test_get_digit_count(), 0);
AssertIntEQ(test_mp_cond_copy(), 0);
AssertIntEQ(test_mp_rand(), 0);
AssertIntEQ(test_get_digit(), 0);
AssertIntEQ(test_wc_export_int(), 0);
AssertIntEQ(test_wc_InitRngNonce(), 0);
AssertIntEQ(test_wc_InitRngNonce_ex(), 0);
AssertIntEQ(test_wc_ed25519_make_key(), 0);
AssertIntEQ(test_wc_ed25519_init(), 0);
AssertIntEQ(test_wc_ed25519_sign_msg(), 0);
AssertIntEQ(test_wc_ed25519_import_public(), 0);
AssertIntEQ(test_wc_ed25519_import_private_key(), 0);
AssertIntEQ(test_wc_ed25519_export(), 0);
AssertIntEQ(test_wc_ed25519_size(), 0);
AssertIntEQ(test_wc_ed25519_exportKey(), 0);
AssertIntEQ(test_wc_Ed25519PublicKeyToDer(), 0);
AssertIntEQ(test_wc_curve25519_init(), 0);
AssertIntEQ(test_wc_curve25519_size(), 0);
AssertIntEQ(test_wc_curve25519_export_key_raw(), 0);
AssertIntEQ(test_wc_curve25519_export_key_raw_ex(), 0);
AssertIntEQ(test_wc_curve25519_size (), 0);
AssertIntEQ(test_wc_curve25519_make_key (), 0);
AssertIntEQ(test_wc_curve25519_shared_secret_ex (), 0);
AssertIntEQ(test_wc_curve25519_make_pub (), 0);
AssertIntEQ(test_wc_curve25519_export_public_ex (), 0);
AssertIntEQ(test_wc_curve25519_export_private_raw_ex (), 0);
AssertIntEQ(test_wc_curve25519_import_private_raw_ex (), 0);
AssertIntEQ(test_wc_curve25519_import_private (), 0);
AssertIntEQ(test_wc_ed448_make_key(), 0);
AssertIntEQ(test_wc_ed448_init(), 0);
AssertIntEQ(test_wc_ed448_sign_msg(), 0);
AssertIntEQ(test_wc_ed448_import_public(), 0);
AssertIntEQ(test_wc_ed448_import_private_key(), 0);
AssertIntEQ(test_wc_ed448_export(), 0);
AssertIntEQ(test_wc_ed448_size(), 0);
AssertIntEQ(test_wc_ed448_exportKey(), 0);
AssertIntEQ(test_wc_Ed448PublicKeyToDer(), 0);
AssertIntEQ(test_wc_curve448_make_key (), 0);
AssertIntEQ(test_wc_curve448_shared_secret_ex (), 0);
AssertIntEQ(test_wc_curve448_export_public_ex (), 0);
AssertIntEQ(test_wc_curve448_export_private_raw_ex (), 0);
AssertIntEQ(test_wc_curve448_export_key_raw (), 0);
AssertIntEQ(test_wc_curve448_import_private_raw_ex (), 0);
AssertIntEQ(test_wc_curve448_import_private (), 0);
AssertIntEQ(test_wc_curve448_init(), 0);
AssertIntEQ(test_wc_curve448_size (), 0);
AssertIntEQ(test_wc_ecc_make_key(), 0);
AssertIntEQ(test_wc_ecc_init(), 0);
AssertIntEQ(test_wc_ecc_check_key(), 0);
AssertIntEQ(test_wc_ecc_get_generator(), 0);
AssertIntEQ(test_wc_ecc_size(), 0);
test_wc_ecc_params();
AssertIntEQ(test_wc_ecc_signVerify_hash(), 0);
PRIVATE_KEY_UNLOCK();
AssertIntEQ(test_wc_ecc_shared_secret(), 0);
AssertIntEQ(test_wc_ecc_export_x963(), 0);
PRIVATE_KEY_LOCK();
AssertIntEQ(test_wc_ecc_export_x963_ex(), 0);
AssertIntEQ(test_wc_ecc_import_x963(), 0);
AssertIntEQ(ecc_import_private_key(), 0);
AssertIntEQ(test_wc_ecc_export_private_only(), 0);
AssertIntEQ(test_wc_ecc_rs_to_sig(), 0);
AssertIntEQ(test_wc_ecc_import_raw(), 0);
AssertIntEQ(test_wc_ecc_import_unsigned(), 0);
AssertIntEQ(test_wc_ecc_sig_size(), 0);
AssertIntEQ(test_wc_ecc_ctx_new(), 0);
AssertIntEQ(test_wc_ecc_ctx_reset(), 0);
AssertIntEQ(test_wc_ecc_ctx_set_peer_salt(), 0);
AssertIntEQ(test_wc_ecc_ctx_set_info(), 0);
AssertIntEQ(test_wc_ecc_encryptDecrypt(), 0);
AssertIntEQ(test_wc_ecc_del_point(), 0);
AssertIntEQ(test_wc_ecc_pointFns(), 0);
AssertIntEQ(test_wc_ecc_shared_secret_ssh(), 0);
AssertIntEQ(test_wc_ecc_verify_hash_ex(), 0);
AssertIntEQ(test_wc_ecc_mulmod(), 0);
AssertIntEQ(test_wc_ecc_is_valid_idx(), 0);
AssertIntEQ(test_wc_ecc_get_curve_id_from_oid(), 0);
AssertIntEQ(test_wc_ecc_sig_size_calc(), 0);
AssertIntEQ(test_ToTraditional(), 0);
AssertIntEQ(test_wc_EccPrivateKeyToDer(), 0);
AssertIntEQ(test_wc_DhPublicKeyDecode(), 0);
AssertIntEQ(test_wc_Ed25519KeyToDer(), 0);
AssertIntEQ(test_wc_Ed25519PrivateKeyToDer(), 0);
AssertIntEQ(test_wc_Ed448KeyToDer(), 0);
AssertIntEQ(test_wc_Ed448PrivateKeyToDer(), 0);
AssertIntEQ(test_wc_SetAuthKeyIdFromPublicKey_ex(), 0);
AssertIntEQ(test_wc_SetSubjectBuffer(), 0);
AssertIntEQ(test_wc_SetSubjectKeyIdFromPublicKey_ex(), 0);
test_wc_PKCS7_New();
test_wc_PKCS7_Init();
test_wc_PKCS7_InitWithCert();
test_wc_PKCS7_EncodeData();
test_wc_PKCS7_EncodeSignedData();
test_wc_PKCS7_EncodeSignedData_ex();
test_wc_PKCS7_VerifySignedData();
test_wc_PKCS7_EncodeDecodeEnvelopedData();
test_wc_PKCS7_EncodeEncryptedData();
test_wc_PKCS7_Degenerate();
test_wc_PKCS7_BER();
test_PKCS7_signed_enveloped();
test_wc_PKCS7_NoDefaultSignedAttribs();
test_wc_PKCS7_SetOriEncryptCtx();
test_wc_PKCS7_SetOriDecryptCtx();
test_wc_PKCS7_DecodeCompressedData();
test_wc_i2d_PKCS12();
test_wolfSSL_CTX_LoadCRL();
test_openssl_FIPS_drbg();
test_wc_CryptoCb();
test_wolfSSL_CTX_StaticMemory();
test_wolfSSL_FIPS_mode();
AssertIntEQ(test_ForceZero(), 0);
AssertIntEQ(test_wolfSSL_Cleanup(), WOLFSSL_SUCCESS);
#if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \
!defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
!defined(WOLFSSL_NO_CLIENT_AUTH))
AssertIntEQ(test_various_pathlen_chains(), WOLFSSL_SUCCESS);
#endif
/* If at some point a stub get implemented this test should fail indicating
* a need to implement a new test case
*/
test_stubs_are_stubs();
#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) \
&& (defined(NO_MAIN_DRIVER) || defined(HAVE_STACK_SIZE))
wc_ecc_fp_free(); /* free per thread cache */
#endif
wolfSSL_Cleanup();
(void)devId;
printf(" End API Tests\n");
}
Reference in New Issue View Git Blame Copy Permalink